Hi,
I've installed fwknop to test it.
It works perfectly when I use symetric encryption.
But when I use GnuPG keys, it doesn't work and I don't have any error in my
logs.
Here my access.conf file:
SOURCE: ANY;
OPEN_PORTS: tcp/22; ### for ssh (change for access to other services)
KEY: 12345678;
FW_ACCESS_TIMEOUT: 30;
GPG_HOME_DIR: /root/.gnupg;
GPG_DECRYPT_ID: server_key_id;
GPG_DECRYPT_PW: 12345678;
GPG_REMOTE_ID: client_key_id;
GPG_NO_OPTIONS: Y;
GPG_NO_REQUIRE_PREFIX: Y;
I put the 2 last variables just to test it but it doesn't work.
I've read the discuss of Francois Marier because my symptoms were the same.
I tried to fix it with Mike's advices but that problem persist.
I tried to use 1024 and 2048 bit keys.
Here's the end of fwknopd debug output:
Fri Feb 5 18:47:24 2010 [+] gpg key ID: client_key_id
Fri Feb 5 18:47:24 2010 GnuPG error messages:
Fri Feb 5 18:47:24 2010 gpg: encrypted with 2048-bit ELG-E key,
ID D3099EF0, created 2010-02-05
Fri Feb 5 18:47:24 2010 "admin (server_key_id) <[email protected]>"
Fri Feb 5 18:47:24 2010 gpg: Signature made Fri Feb 5 18:47:14
2010 CET using DSA key ID E3F6B14C
Fri Feb 5 18:47:24 2010 gpg: Good signature from "admin
(client_key_id) <[email protected]>"
Fri Feb 5 18:47:24 2010 gpg: WARNING: This key is not certified
with a trusted signature!
Fri Feb 5 18:47:24 2010 gpg: There is no indication that
the signature belongs to the owner.
Fri Feb 5 18:47:24 2010 Primary key fingerprint: ED7A E513 8AF6
7C73 97F7 7357 0CDD 8E54 E3F6 B14C
Fri Feb 5 18:47:24 2010 [-] GnuPG message not signed by any required key ID.
Fri Feb 5 18:47:24 2010 [+] Adding encoded 'Salted__' prefix
(U2FsdGVkX1) to incoming encoded SPA packet.
Fri Feb 5 18:47:24 2010 [+] base64_equals_padding() msg len: 1063
Fri Feb 5 18:47:24 2010 [+] Padding base64-encoded message with '='.
Fri Feb 5 18:47:24 2010 [+] decode_base64() against the following
data: U2FsdGVkX1IOAybrcADTCZ7wEAf/UpLt/l9QPMIbRZfuU5sfRK4MDRxal
m8a+aRhHtQh7k4VfMeCMWezvrV2qFoLceGMzCNmvdVpnIxcTkZdFH0w7wCj9t9HSKs9jeiG+jxXLhpWgeB3NR1269XDk8oS7nA3+pu3bFQSRaun
pd7tnQcinUaMiSiXOlkX/LFrEKE4S/VJvQVAp+oAuIE5AKUllJvzCqcU9+8KYxvE76ree07VHcsq/5sUvpxhif9JOVplU9TAZQZTLTCQx2g6GL6M53U
W6TaQZTMwk+KI2QWTZgPXFIkaGJAVTP+BpskM7h9q/1WOxf04bld4xeMvNG0O9ZFMeUHeoSkOTP+xTCQ4W9GQggf9EKdxVWvH5KnZd6rA
hEGbhJGDBsatz54mRbXrSD3fUBIgTQ1UexjW2E2iBUH+biVpfOO40vzn4vgCTEcQ8sBwe7J1QN/x1CG4m0xdChSYDzSfTOC6XSY4w03VZW3/yHKW
jmvDSs1sgEaV6y+qFNjchcWJMrnsYh/FaJhPU1+ssP4buAQSs87i9viN0wYM6+PmxLFfClsTupfVTVD1oGP42VRLJK35n0nVhTZJOzMUSh5vBcqxoz
HObRRyElHKaMtwDMvymAr9T74k43Vm6qpvjWKyMhbuKnHAS26MZw4BFtywWFyjD3HvaDi+Mr9gCeIYDudnY1xdOkzWD2Wem1J1pNLAQw
Gr743w6sQHZTM5QFF4YkoZmiZsXGQBSz5NgNKYH63fRrFm977j1WMHQR5GXx9Bjo06g5jnl6Fi3xP6mrxCL8Wkh0zNufomK7GVKcLYrR6Di8V9Cyr
sBQffJml6aqBFiCL/SxyDgqJuaRq2tP5OB9hN0jY2wS2VrOOF9m5yUG5D3uSRRkdEm8/7tsyTZxzbr53CCpk0UjR1WQcA4FPoDbcBjgVsnRTSn3Gdxw
kJy0BnHAhhIBYBpuOdMCZmmk/iclmWNuaDDE/bb+Etc3IBN61k76pRbuDsVcgEkc+Sg9pH2ZMAIA5JCk14klFrFsWl7h231xW8hDsGRg3ylIrZkLf
K5x0=
Fri Feb 5 18:47:24 2010 [-] base64-decoded data does not begin with 'Salted__'
Fri Feb 5 18:47:24 2010 [-] Failed decrypt for SOURCE block ANY
I forgot, I'm running 1.9.12 on my server (debian) and my client (ubuntu).
Thanks.
Alex
------------------------------------------------------------------------------
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
Fwknop-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fwknop-discuss
