I recently setup a fwknopd deployment using GPG keys for a client of
mine and their particular use case has persuaded me to set the TIMEOUT
variables (FW_ACCESS_TIMEOUT and MAX_FW_TIMEOUT) to 7 days. I
understand that it's likely not recommended to allow clients to be
authorized for that long at a time however I understand the risks and am
interested in using that timeout value.
When I set the variables to 7 days in seconds (604800) I get the
following error in syslog on the server side:
(stanza #1) Error creating fko context: Args contain invalid data:
FKO_ERROR_INVALID_DATA_DECODE_TIMEOUT_DECODEFAIL
I've tried changing the variables to various settings and I was able to
determine the upper limit is 65536.
With that said, is there a way to increase this? Not much of a coder
but my guess would be how the variable type is defined/stored that
limits it to 65536 (16bit).
Here are the details related to the deployment in case they are needed:
Server: Ubuntu 20.04 LTS
Kernel: 5.4.0-42-generic #46-Ubuntu SMP Fri Jul 10 00:24:02 UTC 2020
x86_64 x86_64 x86_64 GNU/Linux
Installed fwknopd and related dependency versions (direct from Ubuntu repo)
fwknop-server 2.6.10-8 amd64
libfko3:amd64 2.6.10-8 amd64
libpcap0.8:amd64 1.9.1-3 amd64
The client is running Windows 10 Pro using the 'fwknop-gui' application,
version 1.3
--
Anthony Yarbrough
_______________________________________________
Fwknop-discuss mailing list
Fwknop-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fwknop-discuss
