2

I have a fresh install of Arch Linux on a RaspberryPi model B. I'm setting up OpenVPN and using easy-rsa to generate initial keys and certificates. All went fine until I ran ./build-dh. It is now 24 hours later and the script is still running.

I have previously configured OpenVPN on other devices and the same RaspberryPi, but under Raspbian. And I don't remember this command ever taking so long. Last time I used 2048 bit key and it took about an hour. Now I'm trying with a 4096 bit key and it's been more than a day.

Does anyone have any previous experience with this? How do I check if it's just not executing in a loop?

This is the script I'm using:

#!/bin/sh

# Build Diffie-Hellman parameters for the server side
# of an SSL/TLS connection.

if [ -d $KEY_DIR ] && [ $KEY_SIZE ]; then
    $OPENSSL dhparam -out ${KEY_DIR}/dh${KEY_SIZE}.pem ${KEY_SIZE}
else
    echo 'Please source the vars script first (i.e. "source ./vars")'
    echo 'Make sure you have edited it to reflect your configuration.'
fi

Here is my top output, openssl is at ~67%:

openssl sitting at 67%

Thanks.

Turns out it's a property of the algorithm to search for the so called strong primes and thus increases the computation requirements quite a bit. Solution came from my other ticket here.

Community
  • 1
kgizdov
  • 853
  • 1
  • 7
  • 6
  • Welcome to StackOverflow! Good question. Can you paste the script, or link to it here? Also, some output from the command `top` to show usage might be helpful. –  Jul 27 '15 at 21:01
  • @kdbanman The script can be found [here](http://ix.io/jYa) and output from `top` is [here](http://i.imgur.com/0OSWm0W.png). – kgizdov Jul 28 '15 at 07:35

1 Answers1

1

Maybe it is starving for entropy. Try to see how many bit it has in the pool

cat /proc/sys/kernel/random/entropy_avail

If it has indeed not enough bits it is often enough to smash on your keyboard or start a network operation. If it still cannot gather enough try with haveged

dfogni
  • 111
  • 1
  • The available bits hang around 1800-2000. I read around a bit and it turns out the RaspberryPi has a [hardware random number generator](http://archlinuxarm.org/forum/viewtopic.php?f=31&t=4993) - bcm2708. However, the commands suggested on that page and the [ones](https://wiki.archlinux.org/index.php/Raspberry_Pi#Hardware_random_number_generator) in the Arch Wiki do not seem to work. When I install `rng-tools`, `systemctl` does not recognise the rngd service. Furthermore, it seems `haveged` seems to be installed by default, but does not seem to read the HWRNG. I am stuck. – kgizdov Jul 28 '15 at 07:43
  • I managed to setup rngd and the HWRNG. And now I guess I have to wait and see if it fixes my issue... – kgizdov Jul 28 '15 at 07:58
  • No, this did not fix my issue. It is still running. – kgizdov Jul 28 '15 at 13:26