SCTP AUTH may be disabled in kernel

Question

SCTP AUTH may be disabled in kernel

ValeriyKr opened this issue 5 years ago · comments

I've followed all the README steps, but got the next error:

$ LD_LIBRARY_PATH=/opt/openssl/lib ./dtls_sctp_echo 
139858668435264:error:20091002:BIO routines:BIO_new_dgram_sctp:system lib:crypto/bio/bss_dgram.c:844:Ensure SCTP AUTH chunks are enabled in kernel

As pointed here: openssl/openssl#8582 (comment), this message shows that SCTP AUTH chuncks are disabled in the kernel.

I suggest to add to README recommendation to check that /proc/sys/net/sctp/auth_enable contains 1. Otherwise, to run

sysctl -w net.sctp.auth_enable=1

as root.

Felix Weinrank commented 5 years ago

Okay! :)

Valeriy Kireev · Answer 1 · Mon Oct 14 2019 17:25:04 GMT+0800 (China Standard Time)

Forgot to mention, i'm using Debian 10.1, linux kernel 4.19.0, OpenSSL 1.1.1e-dev (branch OpenSSL_1_1_1-stable form github), if it matters.

Felix Weinrank · Answer 2 · Mon Oct 14 2019 17:25:07 GMT+0800 (China Standard Time)

Hi Valeriy,

the setting you mentioned is already present in the README:

In addition to a loaded SCTP module, Linux requires SCTP AUTH support.

$ modprobe sctp
$ sysctl -w net.sctp.auth_enable=1

The only difference ist hat we don't explicitly advise to run this as root.

Felix

Valeriy Kireev · Answer 3 · Mon Oct 14 2019 17:28:24 GMT+0800 (China Standard Time)

Hello, Felix.

I'm very sorry for my carelessness. Didn't see the line after modprobe. Think, the issue can be closed.