C. Dominik Bódi <dominik.b...@gmx.de> writes: > mandos-client stopped working after having updated to mandos-client > 1.6.9-1. > > Running the client as described in READE.Debian.gz, with --debug > enabled shows that the client actually seems to communicate with the > server, but then shows the following debug messages: > > Mandos plugin mandos-client: Check current_server if we should run it, or wait > Mandos plugin mandos-client: Blocking for 10000 ms > > It then waits for 10 seconds, talks with the server again, shows the > same "waiting" message again and thus loops around forever. > > The mandos-monitor on the server never says that the client "received > its secret", though. The server runs 1.6.9-1 , as well.
I think I know what the problem is. The server and client do not run the same release of Debian, right? Does the mandos-client --debug output include this? Mandos plugin mandos-client: *** GnuTLS Handshake failed *** GnuTLS error: An unknown public key algorithm was encountered. As we wrote in the release announcement for Mandos 1.6.9[1], Debian is transitioning from one major version of GnuTLS to a newer one[2][3], and the GnuTLS versions are *not* compatible when used in the way Mandos uses them. Therefore, Mandos running on Debian jessie/unstable/sid *cannot* give or receive passwords to or from Debian wheezy/stable, even if the Mandos is backported to be the same version. Unfortunately, we cannot do anything about this. The way we heard it, this is essentially an unavoidable incompatible change in GnuTLS, and we'll all just have to hold our breaths until we emerge on the other side of the transition. If this is *not* the problem, please give some more details. Specifically, you could run "mandos-monitor" on the server and see if any log messages show up when the client connects. 1) http://mail.recompile.se/pipermail/mandos-dev/2014-October/000305.html 2) https://release.debian.org/transitions/html/gnutls28.html 3) https://wiki.debian.org/gnutls3 /Teddy Hogeborn -- The Mandos Project http://www.recompile.se/mandos -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org