-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello fwknop list,
I'm a new user of fwknop with GPG authentication on Debian. I first heard about it during Michael's presentation at The Last HOPE and kept the idea in the reptile brain for the right time. I've put together a Xen virtual hosting environment based on the packages in Debian Stable (Squeeze). It works great! Except for one mysterious problem. I'm connecting to the host OS, which is supported by an ethernet bridge (xenbr1) between the physical interface (eth1) and the domU virtual interfaces (vif1.n). xenbr1 is assigned an IP address. fwknopd listens on xenbr1 in pcap mode. I configured fwknopd successfully and sent a successful SPA packet to the IP of xenbr1. The firewall rule was added to allow access and I could SSH properly as expected. I went home and tried to connect from there, which was successful. Two days have passed and I've verified the server hasn't been rebooted nor has anyone else used SPA to connect to the SSH port. Strangely, I can no longer get the SPA packet to open the SSH port. I've confirmed this with nmap. Despite authenticating as before, I cannot connect. I have a few hypothesis I will test tomorrow when I'm in front of a local console but I would appreciate any special advice to operate fwknopd reliably on a Linux ethernet bridge. Thanks for your help, Ele -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJOYC1aAAoJEAJXVNHGZu/O0mkH/2H5W6XkXDJuwA4H0naYDC1E hoY38oHiGe7tP65mWy0fxM5y7lzeODRJJGlIjpnGHg11CVbu0wPuLUPFXh3iUmWr mAxcj0G879lIL0qp/KQ84AafW2FH5RrO8PFNAG1DDTHeqZ/aISGllYA8Ty7UuBFK gghhP4toCFVPRNK1Z1CylqkWP8tP0waqXp8PNvqmSB0z4ch31uJD9ljHDdn8TXgC Fxs7lWGqarXvwjYBKeJazYumPkgkCJ6cS9fkP1PGETEhP92B+PibUDV+RQPxrEv/ J2PO0aMb8U6bQ8X4X/VbleM0nOqx9+ctLmIYkIDuqm9Y6GCwd1p7P9Mm8rRmMO4= =Cp26 -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ Special Offer -- Download ArcSight Logger for FREE! Finally, a world-class log management solution at an even better price-free! And you'll get a free "Love Thy Logs" t-shirt when you download Logger. Secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsisghtdev2dev _______________________________________________ Fwknop-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fwknop-discuss
