diff --git a/openbsc/configure.ac b/openbsc/configure.ac
index fb6feb9b9..0af573af3 100644
--- a/openbsc/configure.ac
+++ b/openbsc/configure.ac
@@ -35,6 +35,7 @@ AC_ARG_ENABLE([nat], [AS_HELP_STRING([--enable-nat], [Build the BSC NAT. Require
     [osmo_ac_build_nat="$enableval"],[osmo_ac_build_nat="no"])
 if test "$osmo_ac_build_nat" = "yes" ; then
         PKG_CHECK_MODULES(LIBOSMOSCCP, libosmo-sccp >= 0.0.2)
+        PKG_CHECK_MODULES(LIBCRYPTO, libcrypto)
 fi
 AM_CONDITIONAL(BUILD_NAT, test "x$osmo_ac_build_nat" = "xyes")
 AC_SUBST(osmo_ac_build_nat)
diff --git a/openbsc/include/openbsc/bsc_nat.h b/openbsc/include/openbsc/bsc_nat.h
index 72773a981..3090eb045 100644
--- a/openbsc/include/openbsc/bsc_nat.h
+++ b/openbsc/include/openbsc/bsc_nat.h
@@ -307,9 +307,6 @@ struct bsc_nat {
 
 	/* control interface */
 	struct ctrl_handle *ctrl;
-
-	/* for random values */
-	int random_fd;
 };
 
 struct bsc_nat_ussd_con {
diff --git a/openbsc/src/osmo-bsc_nat/Makefile.am b/openbsc/src/osmo-bsc_nat/Makefile.am
index d96a3911f..4a6f74dea 100644
--- a/openbsc/src/osmo-bsc_nat/Makefile.am
+++ b/openbsc/src/osmo-bsc_nat/Makefile.am
@@ -1,5 +1,5 @@
 AM_CPPFLAGS = $(all_includes) -I$(top_srcdir)/include -I$(top_builddir)
-AM_CFLAGS=-Wall $(LIBOSMOCORE_CFLAGS) $(LIBOSMOGSM_CFLAGS) $(LIBOSMOVTY_CFLAGS) $(LIBOSMOCTRL_CFLAGS) $(LIBOSMOSCCP_CFLAGS) $(LIBOSMOABIS_CFLAGS) $(LIBOSMONETIF_CFLAGS) $(COVERAGE_CFLAGS)
+AM_CFLAGS=-Wall $(LIBOSMOCORE_CFLAGS) $(LIBOSMOGSM_CFLAGS) $(LIBOSMOVTY_CFLAGS) $(LIBOSMOCTRL_CFLAGS) $(LIBOSMOSCCP_CFLAGS) $(LIBOSMOABIS_CFLAGS) $(LIBOSMONETIF_CFLAGS) $(LIBCRYPTO_CFLAGS) $(COVERAGE_CFLAGS)
 AM_LDFLAGS = $(COVERAGE_LDFLAGS)
 
 bin_PROGRAMS = osmo-bsc_nat
@@ -16,4 +16,4 @@ osmo_bsc_nat_LDADD = \
 		$(top_builddir)/src/libfilter/libfilter.a \
 		-lrt $(LIBOSMOSCCP_LIBS) $(LIBOSMOCORE_LIBS) \
 		$(LIBOSMOGSM_LIBS) $(LIBOSMOVTY_LIBS) $(LIBOSMOCTRL_LIBS) \
-		$(LIBOSMOABIS_LIBS) $(LIBOSMONETIF_LIBS)
+		$(LIBOSMOABIS_LIBS) $(LIBOSMONETIF_LIBS) $(LIBCRYPTO_LIBS)
diff --git a/openbsc/src/osmo-bsc_nat/bsc_nat.c b/openbsc/src/osmo-bsc_nat/bsc_nat.c
index 581193e5a..1fc262df5 100644
--- a/openbsc/src/osmo-bsc_nat/bsc_nat.c
+++ b/openbsc/src/osmo-bsc_nat/bsc_nat.c
@@ -69,6 +69,8 @@
 
 #include <osmocom/abis/ipa.h>
 
+#include <openssl/rand.h>
+
 #include "../../bscconfig.h"
 
 #define SCCP_CLOSE_TIME 20
@@ -204,8 +206,7 @@ static void send_id_req(struct bsc_nat *nat, struct bsc_connection *bsc)
 		0x01, IPAC_IDTAG_SERNR,
 	};
 
-	int toread, rounds;
-	uint8_t *mrand, *randoff;
+	uint8_t *mrand;
 	uint8_t id_req[sizeof(s_id_req) + (2+16)];
 	uint8_t *buf = &id_req[sizeof(s_id_req)];
 
@@ -216,19 +217,10 @@ static void send_id_req(struct bsc_nat *nat, struct bsc_connection *bsc)
 	buf = v_put(buf, 0x11);
 	buf = v_put(buf, 0x23);
 	mrand = bsc->last_rand;
-	randoff = mrand;
-	memset(randoff, 0, 16);
 
-	for (toread = 16, rounds = 0; rounds < 5 && toread > 0; ++rounds) {
-		int rc = read(nat->random_fd, randoff, toread);
-		if (rc <= 0)
-			goto failed_random;
-		toread -= rc;
-		randoff += rc;
-	}
-
-	if (toread != 0)
+	if (RAND_bytes(mrand, 16) != 1)
 		goto failed_random;
+
 	memcpy(buf, mrand, 16);
 	buf += 16;
 
@@ -1628,12 +1620,6 @@ int main(int argc, char **argv)
 	/* We need to add mode-set for amr codecs */
 	nat->sdp_ensure_amr_mode_set = 1;
 
-	nat->random_fd = open("/dev/random", O_RDONLY);
-	if (nat->random_fd < 0) {
-		fprintf(stderr, "Failed to open /dev/urandom.\n");
-		return -5;
-	}
-
 	vty_info.copyright = openbsc_copyright;
 	vty_init(&vty_info);
 	logging_vty_add_cmds(&log_info);