Hey, hadda check😀 Have you used the -B on the clients and compared the two generated SPA packets? (I think it’s still a valid flag to the command line client) I can’t check st the moment as there is a huge power outage in my area.
Regards Sean Sent from my iPhone > On 9 Apr 2018, at 18:25, David Klann <dkl...@grunch.org> wrote: > > Good call Sean, and yes -- all four computers are running either ntpd or > the systemd equivalent. Time is synchronized on all of them. > > Thanks for your thought! > > ~David > > >> On 04/09/2018 12:16 PM, sean.gre...@gmail.com wrote: >> Just a really arb squirrel check.... the Arch Linux time is synchronised >> right? >> >> I k ow it’s obvious but had to check. >> >> Regards Sean >> >> Sent from my iPhone >> >>> On 9 Apr 2018, at 17:47, David Klann <dkl...@grunch.org> wrote: >>> >>> Greetings! >>> >>> I am a longtime user of fwknop (thanks for your work Michael!), and I >>> have run into a problem that has been vexing me for several months. >>> >>> I have two servers into which I log in via SSH after authorizing with >>> fwknop from two clients. Authorization from the Ubuntu client (Client 1) >>> works as expected. Authorization from the Arch Linux-based client >>> (Client 2) fails with both servers. >>> >>> I have compared the contents of the SPA packets at the clients and at >>> the servers, and they appear to arrive correctly at the servers (using >>> verbose fwknop(1) output and tcpdump). >>> >>> Can anyone help with troubleshooting pointers? I'm happy to provide more >>> details as needed. >>> >>> Thanks! >>> >>> ~David Klann >>> >>> >>> Here are some version and configuration details: >>> >>> - Server 1: Current gentoo, net-firewall/fwknop version 2.6.9-r1 >>> >>> fwknopd --version >>> fwknopd server 2.6.9, compiled for firewall bin: /sbin/iptables >>> >>> - Server 2: Ubuntu 16.04, fwknop-server 2.6.0-2.2 >>> >>> sudo fwknopd --version >>> fwknopd server 2.6.0 >>> >>> SPA authorization from Client 1 works with both of these servers. SPA >>> authorization from Client 2 *fails* with both servers. Details: >>> >>> - Client 1 (working): Ubuntu 17.10, fwknop-client 2.6.9-1build1 >>> >>> fwknop --version >>> fwknop client 2.6.9, FKO protocol version 3.0.0 >>> >>> - Client 2 (not working): current Arch Linux, community/fwknop 2.6.9-4 >>> >>> fwknop --version >>> fwknop client 2.6.9, FKO protocol version 2.0.2 >>> >>> Client and server configurations are at the following pastebins: >>> - client 1 .fwknoprc: https://pastebin.com/eNL4Fskp >>> - client 2 .fwknoprc: https://pastebin.com/tN5ryw83 >>> - server 1 fwknopd.conf: https://pastebin.com/UgiXHXMV >>> - server 1 access.conf: https://pastebin.com/Jakk07gj >>> - server 2 fwknopd.conf: https://pastebin.com/inxC1S6G >>> - server 2 access.conf: https://pastebin.com/NGRTJqW5 >>> >>> >>> ------------------------------------------------------------------------------ >>> Check out the vibrant tech community on one of the world's most >>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot >>> _______________________________________________ >>> Fwknop-discuss mailing list >>> Fwknop-discuss@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/fwknop-discuss > ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Fwknop-discuss mailing list Fwknop-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fwknop-discuss
