On Nov 18, 2013, at 6:09 AM, Michael Rash <[email protected]> wrote:
> On Nov 18, 2013, Blair Zajac wrote: > >> >> On Nov 18, 2013, at 6:01 AM, Michael Rash <[email protected]> wrote: >> >>> On Nov 17, 2013, Blair Zajac wrote: >>> >>>> >>>> On Nov 17, 2013, at 7:47 PM, Michael Rash <[email protected]> wrote: >>>> >>>>> On Nov 17, 2013, Blair Zajac wrote: >>>>> >>>>>> >>>>>> On Nov 17, 2013, at 2:37 PM, Blair Zajac <[email protected]> wrote: >>>>>> >>>>>>> >>>>>>> On Nov 17, 2013, at 1:00 PM, Blair Zajac <[email protected]> wrote: >>>>>>> >>>>>>>> Hello Michael, >>>>>>>> >>>>>>>> I got a new MacBook Pro running Mavericks (10.9) and tried to install >>>>>>>> fwknop 2.5.1 today. Below is the build output. >>>>>>>> >>>>>>>> One error appears to be due to a compile failure for: >>>>>>>> >>>>>>>> #include <string.h> >>>>>>>> >>>>>>>> size_t strlcat(char *dst, const char *src, size_t siz); >>>>>>>> >>>>>>>> int main() >>>>>>>> { >>>>>>>> return 0; >>>>>>>> } >>>>>>>> >>>>>>>> >>>>>>>> I?m thinking we?ll need to have autoconf check if the declaration >>>>>>>> exists and if it doesn't exist then define it. >>>>>>> >>>>>>> I checked out your git repo and see its fixed in master. >>>>>>> >>>>>>> If you could cut a 2.5.2 release then I could use that for MacPorts. >>>>>> >>>>>> Trying master at fwknop-2.5.1-91-gc019a43 I am unable get the server to >>>>>> recognize the client: >>>>>> >>>>>> Nov 17 14:57:56 orca4 fwknopd[1456]: (stanza #1) SPA Packet from IP: >>>>>> 1.2.3.4 received with >>>>>> access source match >>>>>> Nov 17 14:57:56 orca4 fwknopd[1456]: (stanza #1) Error creating fko >>>>>> context: Decryption failed or decrypted data is invalid >>>>>> Nov 17 14:57:56 orca4 fwknopd[1456]: (stanza #2) SPA Packet from IP: >>>>>> 1.2.3.4 received with access source match >>>>>> Nov 17 14:57:56 orca4 fwknopd[1456]: (stanza #2) Error creating fko >>>>>> context: Decryption failed or decrypted data is invalid >>>>>> >>>>>> >>>>>> It does work from my ancient PPC system ;) >>>>>> >>>>>> >>>>>> Nov 17 14:59:25 orca4 fwknopd[1456]: (stanza #1) SPA Packet from IP: >>>>>> 1.2.3.4 received with access source match >>>>>> Nov 17 14:59:25 orca4 fwknopd[1456]: 'filter' table 'FWKNOP_INPUT' chain >>>>>> exists >>>>>> Nov 17 14:59:25 orca4 fwknopd[1456]: Added Rule to FWKNOP_INPUT for >>>>>> 1.2.3.4, tcp/22 expires at 1384729195 >>>>> >>>>> Ok. Just for clarity, does the access.conf stanza have "ENCRYPTION_MODE >>>>> legacy" set? If so, then on the client command line you'll need to add >>>>> '-M legacy?. >>>> >>>> No, I don?t. >>>> >>>> SOURCE: ANY; >>>> KEY: example; >>>> REQUIRE_SOURCE_ADDRESS: Y; >>>> FW_ACCESS_TIMEOUT: 30; >>>> OPEN_PORTS: tcp/22; >>>> >>>> >>>> I?m just saying that nothing has changed on my server and my older clients >>>> but the fwknop on 10.9 isn?t able to log in using the same Mac >>> >>> Ok. Tim Heckman suggested creating a 2.5.1-1 release that just contains >>> the autoconf fix and nothing else so that 2.5.1 can build on Mac OS X >>> 10.9 (and before 2.5.2 is available). I've done this using github's release >>> feature, and it is available here: >> >> Thanks. Can you do a dotted release instead of a dashed one, i.e. 2.5.1.1? >> That?s more compatible with versioning . > > Sure, will do. I noticed that the release names are not consistent, the new one doesn’t have the leading ‘fwknop-‘, if that matters… > https://github.com/mrash/fwknop/releases >>> >>> I've also started adding OS X 10.9 compatibility tests like this: >>> >>> https://github.com/mrash/fwknop/commit/a6f030412f6d9866cb13c2701521e7c433c2b074 >>> >>> The above runs fine on Ubuntu and FreeBSD systems under the test suite, >>> so SPA packets from the fwknop client on 10.9 will work properly against >>> fwknopd on those systems. More tests will be added as well. >>> >>> I'd like to try to reproduce what you are seeing - nothing on the >>> crypto side or the SPA packet format has changed since 2.5. Thinking... >>> so, client=2.5.2 (git master code) vs. server=2.5.1 on PPC in your >>> setup? >> >> Server is ubuntu 2.0.4 for all cases. Client on PPC 10.5 works while client >> on 10.9 doesn?t work. Yes, that?s why this is odd. > > Ah, ok, are you adding the '-M legacy' command line argument to the 10.9 > client? That is necessary to build SPA packets that are compatible with > pre-2.5 versions of the server. Ahh, that was it. I must have copied my Bash aliases from my Linux server which has an old port knocking alias instead of from my old laptop which had it corrected. Thanks for the quick help on all issues, it’s all working again! Blair ------------------------------------------------------------------------------ DreamFactory - Open Source REST & JSON Services for HTML5 & Native Apps OAuth, Users, Roles, SQL, NoSQL, BLOB Storage and External API Access Free app hosting. Or install the open source package on any LAMP server. Sign up and see examples for AngularJS, jQuery, Sencha Touch and Native! http://pubads.g.doubleclick.net/gampad/clk?id=63469471&iu=/4140/ostg.clktrk _______________________________________________ Fwknop-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fwknop-discuss
