Project

General

Profile

Actions

Bug #15103

closed

Netgate Crypto ID missing in 23.09.01 after fresh firmware

Added by Jonathan Lee 12 months ago. Updated 8 months ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Cryptographic Modules
Target version:
Start date:
Due date:
% Done:

0%

Estimated time:
Release Notes:
Force Exclusion
Affected Plus Version:
23.09.1
Affected Architecture:
SG-1100, SG-2100

Description

Hello I noticed this after fresh firmware install on a SG-2100

The command '/usr/local/sbin/ping-auth -s > /etc/thoth/thothid 2>/dev/null' returned exit code '127', the output was ''

I can go back to a SSD with 23.05.01 and I still have a cryptoID

https://forum.netgate.com/topic/184893/the-command-usr-local-sbin-ping-auth-s-etc-thoth-thothid-2-dev-null-returned-exit-code-127-the-output-was/

This can cause issues with VPNs

I have opened a TAC support ticket they sent fresh firmware and closed it, same issue occurs with 23.09.01


Files

Screenshot 2023-12-18 at 2.13.40 PM.png (230 KB) Screenshot 2023-12-18 at 2.13.40 PM.png 23.05.01 Jonathan Lee, 12/18/2023 10:37 PM
Screenshot 2023-12-18 at 1.19.18 PM.png (192 KB) Screenshot 2023-12-18 at 1.19.18 PM.png 23.09.01 id missing and gives errors Jonathan Lee, 12/18/2023 10:37 PM
Screenshot 2023-12-18 at 2.25.15 PM.png (49 KB) Screenshot 2023-12-18 at 2.25.15 PM.png shows ID in 23.05.01 Jonathan Lee, 12/18/2023 10:38 PM
Screenshot 2023-12-18 at 4.59.00 PM.png (177 KB) Screenshot 2023-12-18 at 4.59.00 PM.png Jonathan Lee, 12/19/2023 01:16 AM
Screenshot 2023-12-18 at 4.31.50 PM.png (393 KB) Screenshot 2023-12-18 at 4.31.50 PM.png Jonathan Lee, 12/19/2023 01:17 AM
Screenshot 2023-12-19 at 8.13.16 PM.png (165 KB) Screenshot 2023-12-19 at 8.13.16 PM.png Jonathan Lee, 12/20/2023 04:14 AM
Screenshot 2024-04-04 100905.png (28.1 KB) Screenshot 2024-04-04 100905.png Jonathan Lee, 04/04/2024 05:52 PM
Screenshot 2024-04-04 101437.png (30 KB) Screenshot 2024-04-04 101437.png Jonathan Lee, 04/04/2024 05:52 PM
Actions #1

Updated by Steve Wheeler 12 months ago

  • Status changed from New to Confirmed
  • Affected Architecture SG-1100 added

Also see: https://redmine.netgate.com/issues/12636

The CryptoID is shown as expected if the /etc/thoth/thothid is populated. That file is populated by ping-auth which no longer exists which is why fresh installs show the error but upgrades do not.

Actions #2

Updated by Jonathan Lee 12 months ago

It still works the thorth folder is empty.

I fixed it by transferring the folder over from an older SSD

Actions #3

Updated by Jonathan Lee 12 months ago

ping-auth -s no longer populates it for you so its empty, how does this effect OpenVPN users?

Actions #4

Updated by Jonathan Lee 12 months ago

With 23.05.01

AES-GCM,ChaCha20-Poly1305,AES-ICM,AES-XTS,SHA1,SHA256,SHA384,SHA512

is shown for my model 2100 when IPsec-MB Crypto is activated much of the config.xml that is blocks of random information disappears when IPsec-MB Crypto is active.

Actions #5

Updated by Marcos M 12 months ago

  • Status changed from Confirmed to Resolved
  • Assignee set to Marcos M
  • Target version set to 24.03
  • Release Notes changed from Default to Force Exclusion

Thoth is no longer used - the error is from old code which has been cleaned up in dev snaps. This is being tracked with NG#12636.

Actions #6

Updated by Jeff Kuehl 11 months ago

I thought I would mention, I also have this issue in 23.09.1 that I just did a reinstall on. 23.09.1 is running on an HP thin client with AMD RX-427BB (x64) processor (HP t730).
The Dashboard shows AES + ChaCha Encryptions listed, but under OpenVPN server and clients it lists 'no hardware crypto acceleration'.

Actions #7

Updated by Jonathan Lee 8 months ago

In 24 the crypto acceleration does not list any counters when VPN is running also. I thought it was able to enable and offboard automatically. However, the counters do not reflect that it is used at all currently in arm 24.03.b.20240322.1708

Actions

Also available in: Atom PDF