Good call Sean, and yes -- all four computers are running either ntpd or the systemd equivalent. Time is synchronized on all of them.
Thanks for your thought! ~David On 04/09/2018 12:16 PM, sean.gre...@gmail.com wrote: > Just a really arb squirrel check.... the Arch Linux time is synchronised > right? > > I k ow it’s obvious but had to check. > > Regards Sean > > Sent from my iPhone > >> On 9 Apr 2018, at 17:47, David Klann <dkl...@grunch.org> wrote: >> >> Greetings! >> >> I am a longtime user of fwknop (thanks for your work Michael!), and I >> have run into a problem that has been vexing me for several months. >> >> I have two servers into which I log in via SSH after authorizing with >> fwknop from two clients. Authorization from the Ubuntu client (Client 1) >> works as expected. Authorization from the Arch Linux-based client >> (Client 2) fails with both servers. >> >> I have compared the contents of the SPA packets at the clients and at >> the servers, and they appear to arrive correctly at the servers (using >> verbose fwknop(1) output and tcpdump). >> >> Can anyone help with troubleshooting pointers? I'm happy to provide more >> details as needed. >> >> Thanks! >> >> ~David Klann >> >> >> Here are some version and configuration details: >> >> - Server 1: Current gentoo, net-firewall/fwknop version 2.6.9-r1 >> >> fwknopd --version >> fwknopd server 2.6.9, compiled for firewall bin: /sbin/iptables >> >> - Server 2: Ubuntu 16.04, fwknop-server 2.6.0-2.2 >> >> sudo fwknopd --version >> fwknopd server 2.6.0 >> >> SPA authorization from Client 1 works with both of these servers. SPA >> authorization from Client 2 *fails* with both servers. Details: >> >> - Client 1 (working): Ubuntu 17.10, fwknop-client 2.6.9-1build1 >> >> fwknop --version >> fwknop client 2.6.9, FKO protocol version 3.0.0 >> >> - Client 2 (not working): current Arch Linux, community/fwknop 2.6.9-4 >> >> fwknop --version >> fwknop client 2.6.9, FKO protocol version 2.0.2 >> >> Client and server configurations are at the following pastebins: >> - client 1 .fwknoprc: https://pastebin.com/eNL4Fskp >> - client 2 .fwknoprc: https://pastebin.com/tN5ryw83 >> - server 1 fwknopd.conf: https://pastebin.com/UgiXHXMV >> - server 1 access.conf: https://pastebin.com/Jakk07gj >> - server 2 fwknopd.conf: https://pastebin.com/inxC1S6G >> - server 2 access.conf: https://pastebin.com/NGRTJqW5 >> >> >> ------------------------------------------------------------------------------ >> Check out the vibrant tech community on one of the world's most >> engaging tech sites, Slashdot.org! http://sdm.link/slashdot >> _______________________________________________ >> Fwknop-discuss mailing list >> Fwknop-discuss@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/fwknop-discuss
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Fwknop-discuss mailing list Fwknop-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fwknop-discuss
