>Synopsis: sasyncd.conf parse error - "no shared key specified"
>Category: user
>Environment:
System : OpenBSD 6.4
Details : OpenBSD 6.4 (GENERIC.MP) #7: Thu Feb 28 18:56:25 CET 2019
[email protected]:/usr/src/sys/arch/amd64/compile/GENERIC.MP
Architecture: OpenBSD.amd64
Machine : amd64
>Description:
Having an sasyncd.conf with the specific order of:
(1) peer (one or more)
(2) # a comment line, immediately followed by
(3) a blank line
(4) sharedkey
Causes this error:
config: no shared key specified, cannot continue
>How-To-Repeat:
Using the example sasyncd.conf, uncomment all its directives to make it valid:
root@obsd-amd64:~# sed -e 's/^#\([a-z]\)/\1/'
/etc/examples/sasyncd.conf > /tmp/sasyncd.conf
root@obsd-amd64:~# sasyncd -n -c /tmp/sasyncd.conf
configuration OK
Now, comment out the last 'peer' setting and it fails:
root@obsd-amd64:~# sed -i -e 's/\(.*10\.0\.0\.4\)/#\1/' /tmp/sasyncd.conf
root@obsd-amd64:~# sasyncd -n -c /tmp/sasyncd.conf
config: no shared key specified, cannot continue
Alternatively, leave the peer lines alone and insert a blank line
between the comment "# Shared AES key..." and the "sharedkey 0x..."
line and it will fail in the same way. However, add -dvv and we see a
slight difference:
root@obsd-amd64:~# sasyncd -ndvv -c /tmp/sasyncd.conf
config: add peer 10.0.0.2
config: add peer 10.0.0.3
config: add peer 10.0.0.4
config: interface carp1
config: no shared key specified, cannot continue
In the "comment out peer 10.0.0.4" scenario, two lines are not printed:
root@obsd-amd64:~# sasyncd -ndvv -c /tmp/sasyncd.conf
config: add peer 10.0.0.2
config: add peer 10.0.0.3
config: no shared key specified, cannot continue
Through further testing with -dvv and reordering the file, it seems
that having a comment followed by a blank line anywhere after a peer
directive causes the rest of the file to be ignored; it's just that
sharedkey is the first thing it will complain about. Comments
followed by blank lines _before_ any peer lines are fine.
>Fix:
Unknown.
Workaround: don't have a comment followed by a blank line between
after any "peer" settings in your sasyncd.conf, which apparently
causes the rest of the file to be ignored. Verify that the output of
sasyncd -ndvv matches what you expect.
I only encountered this by happening to comment out the last peer in
the list, which was followed by a blank line. (I wasn't sure -- and
still am not, even after RTFMing several times -- whether or not to
include the server's own IP address in the list of peers. If so, you
could use the same config file on all peers...)
