On 4/9/2017 03:43, Michael Rash wrote: > > > On Sat, Apr 8, 2017 at 5:38 PM, Adam <a...@gmx.com > <mailto:a...@gmx.com>> wrote: > > Hi there. I'm trying to get fwknop working on Centos 7.3 for the first > time (I've used it on Ubuntu for years). > > The systemd log records the following: > > Apr 08 21:17:14 nextcloud fwknopd[1052]: Starting fwknopd > Apr 08 21:17:14 nextcloud systemd[1]: PID file > /var/run/fwknop/fwknopd.pid not readable (yet?) after start. > Apr 08 21:17:25 nextcloud fwknopd[1052]: Added jump rule from chain: > INPUT to chain: FWKNOP_INPUT > Apr 08 21:17:26 nextcloud fwknopd[1052]: Warning: Could not use the > 'comment' match > Apr 08 21:17:28 nextcloud systemd[1]: fwknopd.service never wrote its > PID file. Failing. > Apr 08 21:17:28 nextcloud systemd[1]: Failed to start The FireWall KNock > OPerator (fwknop). > Apr 08 21:17:28 nextcloud systemd[1]: Unit fwknopd.service entered > failed state. > Apr 08 21:17:28 nextcloud systemd[1]: fwknopd.service failed. > > > I'm NOT using firewalld which I believe may be where the problem lies > (and I really don't want to use it). I masked firewalld and removed the > firewalld references from the service file and now I have this: > > > Hello Adam, > > The problem appears to be the inability of fwknopd to see the 'comment' > match. Did you install the 'fwknop-server' package from the CentOS > package repositories? If so, to get things working and switch over to > iptables, I'd recommend installing the latest release of fwknop from > sources and compiling it with iptables support. Or just clone the latest > code and to the following: > > $ git clone https://github.com/mrash/fwknop fwknop.git > $ cd fwknop.git > $ ./autogen.sh > $ ./configure --with-iptables=/sbin/iptables --prefix=/usr > --sysconfdir=/etc --localstatedir=/run > $ make > $ sudo make install > > I think fwknopd should be functional after this. > > Thanks, > > --Mike >
Thanks Mike, that seems to have worked. I did need to observe the workaround on this page regarding the loading of libfko.so.3 and managed the firewall initiation with rc.local rather than systemd. A bit of a hack maybe but the "comment match" problem return if I had them both loading through systemd. Anyway it's up and running now. Thanks for your help. ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Fwknop-discuss mailing list Fwknop-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fwknop-discuss
