Bug#764258: mandos-client loops forever waiting for server
Private correspondence with the initial bug reporter has determined that this bug is a duplicate of bug #764034, so this bug has been merged with that one. /Teddy Hogeborn -- The Mandos Project http://www.recompile.se/mandos pgpEOSBL58R1i.pgp Description: PGP signature
Bug#764258: mandos-client loops forever waiting for server
Package: mandos-client Version: 1.6.9-1 Severity: grave Justification: renders package unusable Hello, mandos-client stopped working after having updated to mandos-client 1.6.9-1. Running the client as described in READE.Debian.gz, with --debug enabled shows that the client actually seems to communicate with the server, but then shows the following debug messages: Mandos plugin mandos-client: Check current_server if we should run it, or wait Mandos plugin mandos-client: Blocking for 1 ms It then waits for 10 seconds, talks with the server again, shows the same waiting message again and thus loops around forever. The mandos-monitor on the server never says that the client received its secret, though. The server runs 1.6.9-1 , as well. I can provide detailed logs if you need those, I'm hesitant to post those here, as they might contain private key data. Regards, C. Dominik Bódi -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 3.17.0-monster-1 (SMP w/8 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages mandos-client depends on: ii adduser3.113+nmu3 ii cryptsetup 2:1.6.6-1 ii dpkg-dev 1.17.16 ii gnupg 1.4.18-4 ii initramfs-tools0.118 ii libavahi-common3 0.6.31-4 ii libavahi-core7 0.6.31-4 ii libc6 2.19-11 ii libgnutls-deb0-28 3.3.8-2 ii libgpgme11 1.5.1-6 Versions of packages mandos-client recommends: pn ssh none mandos-client suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#764258: mandos-client loops forever waiting for server
C. Dominik Bódi dominik.b...@gmx.de writes: mandos-client stopped working after having updated to mandos-client 1.6.9-1. Running the client as described in READE.Debian.gz, with --debug enabled shows that the client actually seems to communicate with the server, but then shows the following debug messages: Mandos plugin mandos-client: Check current_server if we should run it, or wait Mandos plugin mandos-client: Blocking for 1 ms It then waits for 10 seconds, talks with the server again, shows the same waiting message again and thus loops around forever. The mandos-monitor on the server never says that the client received its secret, though. The server runs 1.6.9-1 , as well. I think I know what the problem is. The server and client do not run the same release of Debian, right? Does the mandos-client --debug output include this? Mandos plugin mandos-client: *** GnuTLS Handshake failed *** GnuTLS error: An unknown public key algorithm was encountered. As we wrote in the release announcement for Mandos 1.6.9[1], Debian is transitioning from one major version of GnuTLS to a newer one[2][3], and the GnuTLS versions are *not* compatible when used in the way Mandos uses them. Therefore, Mandos running on Debian jessie/unstable/sid *cannot* give or receive passwords to or from Debian wheezy/stable, even if the Mandos is backported to be the same version. Unfortunately, we cannot do anything about this. The way we heard it, this is essentially an unavoidable incompatible change in GnuTLS, and we'll all just have to hold our breaths until we emerge on the other side of the transition. If this is *not* the problem, please give some more details. Specifically, you could run mandos-monitor on the server and see if any log messages show up when the client connects. 1) http://mail.recompile.se/pipermail/mandos-dev/2014-October/000305.html 2) https://release.debian.org/transitions/html/gnutls28.html 3) https://wiki.debian.org/gnutls3 /Teddy Hogeborn -- The Mandos Project http://www.recompile.se/mandos -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
