Bug #15103
closed
Netgate Crypto ID missing in 23.09.01 after fresh firmware
0%
Description
Hello I noticed this after fresh firmware install on a SG-2100
The command '/usr/local/sbin/ping-auth -s > /etc/thoth/thothid 2>/dev/null' returned exit code '127', the output was ''
I can go back to a SSD with 23.05.01 and I still have a cryptoID
This can cause issues with VPNs
I have opened a TAC support ticket they sent fresh firmware and closed it, same issue occurs with 23.09.01
Files
| Screenshot 2023-12-18 at 2.13.40 PM.png (230 KB) Screenshot 2023-12-18 at 2.13.40 PM.png | 23.05.01 | ||
| Screenshot 2023-12-18 at 1.19.18 PM.png (192 KB) Screenshot 2023-12-18 at 1.19.18 PM.png | 23.09.01 id missing and gives errors | ||
| Screenshot 2023-12-18 at 2.25.15 PM.png (49 KB) Screenshot 2023-12-18 at 2.25.15 PM.png | shows ID in 23.05.01 | ||
| Screenshot 2023-12-18 at 4.59.00 PM.png (177 KB) Screenshot 2023-12-18 at 4.59.00 PM.png | |||
| Screenshot 2023-12-18 at 4.31.50 PM.png (393 KB) Screenshot 2023-12-18 at 4.31.50 PM.png | |||
| Screenshot 2023-12-19 at 8.13.16 PM.png (165 KB) Screenshot 2023-12-19 at 8.13.16 PM.png | |||
| Screenshot 2024-04-04 100905.png (28.1 KB) Screenshot 2024-04-04 100905.png | |||
| Screenshot 2024-04-04 101437.png (30 KB) Screenshot 2024-04-04 101437.png |
Updated by Steve Wheeler 11 months ago
- Status changed from New to Confirmed
- Affected Architecture SG-1100 added
Also see: https://redmine.netgate.com/issues/12636
The CryptoID is shown as expected if the /etc/thoth/thothid is populated. That file is populated by ping-auth which no longer exists which is why fresh installs show the error but upgrades do not.
Updated by Jonathan Lee 11 months ago
- File Screenshot 2023-12-18 at 4.59.00 PM.png Screenshot 2023-12-18 at 4.59.00 PM.png added
- File Screenshot 2023-12-18 at 4.31.50 PM.png Screenshot 2023-12-18 at 4.31.50 PM.png added
It still works the thorth folder is empty.
I fixed it by transferring the folder over from an older SSD
Updated by Jonathan Lee 11 months ago
ping-auth -s no longer populates it for you so its empty, how does this effect OpenVPN users?
Updated by Jonathan Lee 11 months ago
With 23.05.01
AES-GCM,ChaCha20-Poly1305,AES-ICM,AES-XTS,SHA1,SHA256,SHA384,SHA512
is shown for my model 2100 when IPsec-MB Crypto is activated much of the config.xml that is blocks of random information disappears when IPsec-MB Crypto is active.
Updated by Marcos M 11 months ago
- Status changed from Confirmed to Resolved
- Assignee set to Marcos M
- Target version set to 24.03
- Release Notes changed from Default to Force Exclusion
Thoth is no longer used - the error is from old code which has been cleaned up in dev snaps. This is being tracked with NG#12636.
Updated by Jeff Kuehl 10 months ago
I thought I would mention, I also have this issue in 23.09.1 that I just did a reinstall on. 23.09.1 is running on an HP thin client with AMD RX-427BB (x64) processor (HP t730).
The Dashboard shows AES + ChaCha Encryptions listed, but under OpenVPN server and clients it lists 'no hardware crypto acceleration'.
Updated by Jonathan Lee 8 months ago
- File Screenshot 2024-04-04 100905.png Screenshot 2024-04-04 100905.png added
- File Screenshot 2024-04-04 101437.png Screenshot 2024-04-04 101437.png added
In 24 the crypto acceleration does not list any counters when VPN is running also. I thought it was able to enable and offboard automatically. However, the counters do not reflect that it is used at all currently in arm 24.03.b.20240322.1708