Just a really arb squirrel check.... the Arch Linux time is synchronised right?
I k ow it’s obvious but had to check. Regards Sean Sent from my iPhone > On 9 Apr 2018, at 17:47, David Klann <dkl...@grunch.org> wrote: > > Greetings! > > I am a longtime user of fwknop (thanks for your work Michael!), and I > have run into a problem that has been vexing me for several months. > > I have two servers into which I log in via SSH after authorizing with > fwknop from two clients. Authorization from the Ubuntu client (Client 1) > works as expected. Authorization from the Arch Linux-based client > (Client 2) fails with both servers. > > I have compared the contents of the SPA packets at the clients and at > the servers, and they appear to arrive correctly at the servers (using > verbose fwknop(1) output and tcpdump). > > Can anyone help with troubleshooting pointers? I'm happy to provide more > details as needed. > > Thanks! > > ~David Klann > > > Here are some version and configuration details: > > - Server 1: Current gentoo, net-firewall/fwknop version 2.6.9-r1 > > fwknopd --version > fwknopd server 2.6.9, compiled for firewall bin: /sbin/iptables > > - Server 2: Ubuntu 16.04, fwknop-server 2.6.0-2.2 > > sudo fwknopd --version > fwknopd server 2.6.0 > > SPA authorization from Client 1 works with both of these servers. SPA > authorization from Client 2 *fails* with both servers. Details: > > - Client 1 (working): Ubuntu 17.10, fwknop-client 2.6.9-1build1 > > fwknop --version > fwknop client 2.6.9, FKO protocol version 3.0.0 > > - Client 2 (not working): current Arch Linux, community/fwknop 2.6.9-4 > > fwknop --version > fwknop client 2.6.9, FKO protocol version 2.0.2 > > Client and server configurations are at the following pastebins: > - client 1 .fwknoprc: https://pastebin.com/eNL4Fskp > - client 2 .fwknoprc: https://pastebin.com/tN5ryw83 > - server 1 fwknopd.conf: https://pastebin.com/UgiXHXMV > - server 1 access.conf: https://pastebin.com/Jakk07gj > - server 2 fwknopd.conf: https://pastebin.com/inxC1S6G > - server 2 access.conf: https://pastebin.com/NGRTJqW5 > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > Fwknop-discuss mailing list > Fwknop-discuss@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/fwknop-discuss ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Fwknop-discuss mailing list Fwknop-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fwknop-discuss
