Hi,
I've been a very happy user of fwknopd for a while. However recently I
lost my router settings (running fwknopd on Asus-Merlin firmware through
entware) so I cannot remember what I did to make it work. Maybe this is
a quick question, any ideas/comments are greatly appreciated. My problem
is that now, it seems like the fwknop-daemon does not run in "local
time" as my router does and I don't know what to do about this problem.
Here's a few lines from my syslog file:
/
//Jul 12 06:06:06 dropbear[6233]: Password auth succeeded for 'wrt54g'
from 192.168.1.100:44072 //
//Jul 12 04:25:32 fwknopd[30727]: Got SIGTERM. Exiting... //
//Jul 12 04:25:41 fwknopd[8766]: Using Digest Cache:
'/opt/var/fwknop/digest.cache' (entry count = 7) //
//Jul 12 04:42:49 fwknopd[8766]: [212.27.20.5] (stanza #1) Error
creating fko context: Args contain invalid data:
FKO_ERROR_INVALID_DATA_HMAC_COMPAREFAIL //
//Jul 12 04:42:49 fwknopd[8766]: [212.27.20.5] (stanza #2) SPA data time
difference is too great (7215 seconds). //
//Jul 12 04:44:16 fwknopd[8766]: [212.27.20.5] (stanza #1) Error
creating fko context: Args contain invalid data:
FKO_ERROR_INVALID_DATA_HMAC_COMPAREFAIL /
Notice that on July 12th (today) I log in a 06:06 in the morning. Then I
kill fwknopd (because several "SPA data time difference is too great
(7215 seconds)"-messages). You'll notice that the next line is 2 hours
ahead - so the actual time when I killed fwknopd was likely 06:25 hours,
but fwknopd logs this as 04:25 hours... I don't remember I've had this
problem earlier, but I've been very please with fwknopd before and have
had the time-difference check to something as low as 5 minutes, with
great success.
Also, about this line: "Jul 12 04:42:49 fwknopd[8766]: [212.27.20.5]
(stanza #1) Error creating fko context: Args contain invalid data:
FKO_ERROR_INVALID_DATA_HMAC_COMPAREFAIL" I think the reason was that I
had a very long comment line (with preceding "#") and I think I've
solved the problem by making the 1 long comment-line into several
shorter lines. At least this is what I get now:
/Jul 12 07:24:59 dnsmasq-dhcp[504]: not giving name localhost to the
DHCP lease of 192.168.1.201 because the name exists in /etc/hosts with
address 127.0.0.1//
//Jul 12 05:27:52 fwknopd[8766]: Got SIGTERM. Exiting...//
//Jul 12 07:30:35 dropbear[17010]: Password auth succeeded for 'wrt54g'
from 192.168.1.100:46050//
//wrt54g@router:/tmp# date//
//Wed Jul 12 07:30:47 DST 2017/
Again, notice the time is actually 07:24 - but fwknopd thinks the time
is 05:27 - and I logged in at 07:30... Now, I believe I didn't change my
config-settings - is it possible to get a few clues/ideas about the
cause (or the solution) of this problem? I can also show my complete
config files, but I'm thinking that maybe (hopefully) this description
is enough for someone to tell me where I should take a closer look...
I hope for a few helpful comments - I'm a very big fan of this fwknopd
project (in comparison to e.g. port knocking), thanks for any
hints/comments/suggestions/ideas!
Sincerely,
Martin
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Fwknop-discuss mailing list
Fwknop-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fwknop-discuss
