Hello, Today I've noticed something strange on my Cfengine3 systems.
Running FreeBSD with jails, Cfengine policy server is running inside a jail. Issue appears when running cf-agent(8) on the host machine, where the cfengine 3 policy server jails is running as well. When the host runs cf-agent(8) it connects to the policy server using the policy server IP address, and then cfengine policy server refuses the connection because of wrong ppkey. Example scenario: [FreeBSD host] -> 10.1.1.1 [Cfengine policy server / Jail - running the above host] -> 10.1.100.100 [FreeBSD host] runs cf-agent(8) and then connects to the [policy server], but [policy server] sees the connection is coming from 10.1.100.100 and then refuses the connection due to wrong ppkey (not the key of 10.1.1.1) When running cf-agent from another host system with multiple virtual interfaces (cfengine policy server is not running on that host) all works fine -> the connection between the agent and server is established using the right IP address of the host, so the problem is only when running an agent on a host where your policy server is as well. Any ideas why this might be happening? Regards, Marin -- Marin Atanasov Nikolov dnaeon AT gmail DOT com daemon AT unix-heaven DOT org http://www.unix-heaven.org/ _______________________________________________ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
