Bug#681580: fwknop-client: does not work with fwknop-server 1.9.12-3 in Debian 5.0
Hi, I can reproduce the problem. With fwknop-client 1.9.12 I can handle a key with more than 16 chars but not with the 2.0.0rc2. I will check against 2.0.1. Regards, -- Franck -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#681580: fwknop-client: does not work with fwknop-server 1.9.12-3 in Debian 5.0
Package: fwknop-client Version: 2.0.0rc2-2 Followup-For: Bug #681580 Hm, your response got me thinking. Thanks btw! I did some more digging and it turns out shortening my pre-shared key to at most 16 characters does the trick and fwknop works again. The original passphrase was several characters longer. In the log file /var/log/fwknop/errs/fwknopd.warn i see this message Mon Jul 23 21:46:30 2012 fwknopd v1.9.12 (file rev: 1533) pid: 76537 Premature end of base64 data at /usr/sbin/fwknopd line 1944 Might be unrelated though. Could you try this with your setup, too? Thanks --lars -- System Information: Debian Release: wheezy/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-3-amd64 (SMP w/8 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages fwknop-client depends on: ii libc62.13-33 ii libfko0 2.0.0rc2-2 fwknop-client recommends no packages. fwknop-client suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#681580: fwknop-client: does not work with fwknop-server 1.9.12-3 in Debian 5.0
Le 14/07/2012 15:12, Lars Wilke a écrit : Hi, Hi, i have an older Debian 5.0.10 system with fwknop-server 1.9.12-3 running. Prior to the upgrade of the fwknop-client everything worked fine. Now with the new C client in testing the combo of this fwknop server and client does not work. On the server nothing changed and the client is called like this: fwknop -A tcp/22 --server-portport -Dhost -s the packet is generated and the fwknop server sees the package and reports (when started with --debug) Fri Jul 13 00:21:14 2012 [-] Digest alg mis-match. Fri Jul 13 00:21:14 2012 [-] Key mis-match or broken message checksum for SOURCE ANY (# 2 in access.conf) Fri Jul 13 00:21:14 2012 [-] Decrypted message does not conform to a valid SPA packet. Any ideas what could be wrong, especially since upstream claims the new client is compatible with the perl server. I gave it a try and it works for me :( I used a fwknop-server (1.9.12-2 on squeeze) and a fwknop-client (2.0.0rc2-2 on sid) with a Rijndael block cipher. Jul 17 21:39:52 svr-linux5 fwknopd: received valid Rijndael encrypted packet from: 192.168.10.194, remote user: franck, client version: 1.9.12 (SOURCE line num: 26) Jul 17 21:39:52 svr-linux5 fwknopd: add FWKNOP_INPUT 192.168.10.194 - 0.0.0.0/0(tcp/22) ACCEPT rule 30 sec May I have your fwknopd.conf file to restart my server with your settings and give it another try? Regards, -- Franck -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#681580: fwknop-client: does not work with fwknop-server 1.9.12-3 in Debian 5.0
Le 14/07/2012 15:12, Lars Wilke a écrit : Hi, Hi, i have an older Debian 5.0.10 system with fwknop-server 1.9.12-3 running. Prior to the upgrade of the fwknop-client everything worked fine. Now with the new C client in testing the combo of this fwknop server and client does not work. On the server nothing changed and the client is called like this: fwknop -A tcp/22 --server-port port -D host -s I check that and let you know. Regards, -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#681580: fwknop-client: does not work with fwknop-server 1.9.12-3 in Debian 5.0
Package: fwknop-client Version: 2.0.0rc2-2 Severity: normal Hi, i have an older Debian 5.0.10 system with fwknop-server 1.9.12-3 running. Prior to the upgrade of the fwknop-client everything worked fine. Now with the new C client in testing the combo of this fwknop server and client does not work. On the server nothing changed and the client is called like this: fwknop -A tcp/22 --server-port port -D host -s the packet is generated and the fwknop server sees the package and reports (when started with --debug) Fri Jul 13 00:21:14 2012 [-] Digest alg mis-match. Fri Jul 13 00:21:14 2012 [-] Key mis-match or broken message checksum for SOURCE ANY (# 2 in access.conf) Fri Jul 13 00:21:14 2012 [-] Decrypted message does not conform to a valid SPA packet. Any ideas what could be wrong, especially since upstream claims the new client is compatible with the perl server. thanks and kind regards --lars -- System Information: Debian Release: wheezy/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-3-amd64 (SMP w/8 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages fwknop-client depends on: ii libc62.13-33 ii libfko0 2.0.0rc2-2 fwknop-client recommends no packages. fwknop-client suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
