AR300M Cryptodev support? OpenVPN

Hey guys,

I’ve been trying to use the cryptodev lib for my vpn in my AR300M since this would make the encryption/decryption a lost fast, therefore the vpn speed would at least double.

Althought no sucess i can’t really understand why.

Is there hardware compatibility between the library and the hardware itself?

Wed Nov 22 16:47:22 2017 us=646096 OpenSSL error: cannot load engine ‘cryptodev’
Wed Nov 22 16:47:22 2017 us=646188 Exiting due to fatal error

Cryptodev is installed along with another packets:

opkg list-installed | grep kmod-crypto*

kmod-crypto-aead - 3.18.27-1
kmod-crypto-aes - 3.18.27-1
kmod-crypto-arc4 - 3.18.27-1
kmod-crypto-authenc - 3.18.27-1
kmod-crypto-core - 3.18.27-1
kmod-crypto-crc32c - 3.18.27-1
kmod-crypto-ecb - 3.18.27-1
kmod-crypto-hash - 3.18.27-1
kmod-crypto-hmac - 3.18.27-1
kmod-crypto-manager - 3.18.27-1
kmod-crypto-md5 - 3.18.27-1
kmod-crypto-null - 3.18.27-1
kmod-crypto-pcompress - 3.18.27-1
kmod-crypto-sha1 - 3.18.27-1
kmod-crypto-sha256 - 3.18.27-1
kmod-cryptodev - 3.18.27+1.7-ar71xx-2

openssl speed -engine cryptodev -evp aes-256-cbc

invalid engine “cryptodev”
2013017160:error:25066067:lib(37):func(102):reason(103):NA:0:filename(/usr/lib/engines/libcryptodev.so): File not found
2013017160:error:25070067:lib(37):func(112):reason(103):NA:0:
2013017160:error:260B6084:lib(38):func(182):reason(132):NA:0:
2013017160:error:2606A074:lib(38):func(106):reason(116):NA:0:id=cryptodev
2013017160:error:25066067:lib(37):func(102):reason(103):NA:0:filename(libcryptodev.so): File not found
2013017160:error:25070067:lib(37):func(112):reason(103):NA:0:
2013017160:error:260B6084:lib(38):func(182):reason(132):NA:0:
Doing aes-256-cbc for 3s on 16 size blocks: 1067174 aes-256-cbc’s in 2.94s
Doing aes-256-cbc for 3s on 64 size blocks: 299722 aes-256-cbc’s in 2.93s
Doing aes-256-cbc for 3s on 256 size blocks: 77276 aes-256-cbc’s in 2.94s
Doing aes-256-cbc for 3s on 1024 size blocks: 19690 aes-256-cbc’s in 2.96s

Why can’t openSSL load cryptodev guys?

Indeed lib is not on the right location, althought is installed, how do i change this?

it is located in /usr/lib/libcrypto.so.1.0.0, question is how to change this in openssl?

But i’m guessing it is actually hardware incompatibility?

It does seem that there’s not much information about this topic around, althought it is a very good asset for us, ovpn users, so if you guys can help me i would be thankfull.

Thanks.

I don’t think this chip support hardware Accelerator

Thanks alzhao.

Some info that you might consider usefull.

Device is sensitive against “Krack attack”.

You might want to consider porting to LEDE 17(they’ve patched it already, plus everything is up to date and stable) maybe?

Chaos Calmer is getting old and having a lot of troubles in the old version of openvpn and etc.

For the lede ovpn 2.4.4 is already available, for example.

I would test it with pleasure.

Actually we have patched our firmware against Krack and upgraded openvpn to 2.4.3.

 

 

 

Oops havent noticed the last update!

Sorry about that :smiley: thanks for the info