# openvpn and openssl problem

## xtlosx

hey guys, i am having this problem with OpenVPN.

```

Apr 26 22:05:02 gretch openvpn[29290]: OpenVPN 2.0.6 i686-pc-linux-gnu [SSL] [LZO] [EPOLL] buil

t on Apr 26 2006

Apr 26 22:05:02 gretch openvpn[29290]: WARNING: you are using user/group/chroot without persist

-key/persist-tun -- this may cause restarts to fail

Apr 26 22:05:02 gretch openvpn[29290]: Cipher algorithm 'BF-CBC' not found (OpenSSL)

Apr 26 22:05:02 gretch openvpn[29290]: Exiting

```

i searched around for a bit, some people said it was a problem with openssl 0.9.7.i.. so as some other said, unmerge openssl, re emerge and it worked for them, tried that, doesn't work.....

output of

```

gretch dynomyte-lssu # strings /usr/lib/libcrypto.so.0.9.7 | grep BF

BF_set_key

BF_encrypt

BF_version

BF_options

BF_ecb_encrypt

BF_decrypt

BF_cbc_encrypt

BF_cfb64_encrypt

BF_ofb64_encrypt

BF-CBC

BF-ECB

BF-CFB

BF-OFB

BFUa.X

```

what is wrong?

----------

## UberLord

What is the output of "openvpn --show-ciphers"

----------

## xtlosx

```

gretch tom # openvpn --show-ciphers

The following ciphers and cipher modes are available

for use with OpenVPN.  Each cipher shown below may be

used as a parameter to the --cipher option.  The default

key size is shown as well as whether or not it can be

changed with the --keysize directive.  Using a CBC mode

is recommended.

DES-CBC 64 bit default key (fixed)

IDEA-CBC 128 bit default key (fixed)

RC2-CBC 128 bit default key (variable)

DES-EDE3-CBC 192 bit default key (fixed)

AES-128-CBC 128 bit default key (fixed)

AES-192-CBC 192 bit default key (fixed)

AES-256-CBC 256 bit default key (fixed)

gretch tom #

```

that's what i get.....

----------

## UberLord

I have to confess, I have no idea why this happens.

It is related to how your openssl is installed though, as changing the installed version does seem to affect openvpn with blowfish.

----------

## xtlosx

so what would you reccomend i do.... i heard of some people unmerging 0.9.7i and going down to like 0.9.7e and installing it from source.... am we able to merge an older version of openssl through emerge?  like the last releases. This was the first version of openssl that was installed on this machine as it's less than a month old... .. or maybe i should just unmerge, and install 0.9.7e from source??  Would it be a clean install if i did that, or would it gum up portage if i was to go about doing that..

thanks!

Any ideas?

----------

## UberLord

 *xtlosx wrote:*   

> Any ideas?

 

I've given you my ideas

You can emerge specific versions like so

emerge -1 "=dev-libs/openssl-0.9.7i"

----------

## odborg

I tried the following three times, with succes every time. Before that i could not get it to work (tried 5 times with MAKEOPTS="-j5" in make.conf) .

```
MAKEOPTS="-j1" emerge openssl 
```

Hopes it helps. I've reported this as bug #138484

----------

## l3u

Same Problem here -- your workaround worked here, too.

----------

## odborg

To help resolve this bug: please report the succes of 

```
MAKEOPTS="-j1" emerge openssl
```

 here:

https://bugs.gentoo.org/show_bug.cgi?id=138484

----------

