On Sun, Dec 29, 2019 at 15:38:01 +1100, duluxoz wrote: > /usr/sbin/amssl --client --create-client-cert myclient --common > myclient --server myserver > > And received this output: > > Connecting to server... amssl: failed connect or ssl handshake: > No route to host,IO::Socket::IP configuration failed at > /usr/sbin/amssl line 180. > > Both server and client are Centos 7 freshly updated, and both are > using the latest amanda repository. Both servers can ping each other > via both (internal) DNS and direct IP Address.
I am not familiar with amssl and don't know how it works overall, but /usr/sbin/amssl [looking in v3.5.1] line 180 appears to be simply using the value passed in by the "--server" option on the command line as the host name for a network connection it tries to make. Normally the "No route to host" message would make me think the remote host is competely down, but if you are sure your client can ping the server using the host name given on the amsll command line, I suppose my next guess would be some sort of firewalling is causing an explicit "no route" ICMP message to come back to the client when it attempts to initiate that specific connection. Depending on the details of the firewall rules, you may be able to work around it by specifying an (allowed-by-the-firewall) port number using the "--port" command (on both the client and server side, presumably). (The default port used by amssl is 10081.) In any case I don't believe the "No route to host" message here is anything Amanda specific: at least based on looking at the code without actually trying to run anything, it appears to be the error message raised by the Perl IO::Socket::IP library when the Perl IO::Socket::SSL library is first trying to establish the network connection to the server, before any actual certificate-related processing can happen. Nathan ---------------------------------------------------------------------------- Nathan Stratton Treadway - natha...@ontko.com - Mid-Atlantic region Ray Ontko & Co. - Software consulting services - http://www.ontko.com/ GPG Key: http://www.ontko.com/~nathanst/gpg_key.txt ID: 1023D/ECFB6239 Key fingerprint = 6AD8 485E 20B9 5C71 231C 0C32 15F3 ADCD ECFB 6239