On Sun, Jun 8, 2014 at 8:24 AM, Rabin Yasharzadehe <[email protected]>
wrote:
> Hello List,
>
>
Hello Rabin,
> I'm sorry in advance it this is not the right place to ask this question.
>
> - I have setup fwknop on my server,
> - And created the keys based on the "Basic Outline" documentation,
>
>> [spaclient]$ fwknop -A tcp/22 -a 1.1.1.1 -D myserver.mydomain.my --key-gen
>> --use-hmac --save-rc-stanza
>>
>> [+] Wrote Rijndael and HMAC keys to rc file: /home/myuser/.fwknoprc
>>
>> and now i have this section on my .fwknoprc
>
> file,
>
> [myserver.mydomain.my]
>> ACCESS tcp/22
>> SPA_SERVER myserver.mydomain.my
>> KEY_BASE64 some-long-string
>> HMAC_KEY_BASE64 some-lonnger-string
>> USE_HMAC Y
>> RESOLVE_IP_HTTP Y
>>
>
> when connecting from my laptop with,
>
> fwknop -n myserver.mydomain.my --verbose ; sleep 2 ; mosh
>> myserver.mydomain.my
>
>
> It works, and i am able to connect to my server,
>
> but i don't know what to fill in the "Rijndael Key" field in the Android
> app,
> I tried to copy "KEY_BASE64" to it, but it didn't work, i get the message
>
> Error: Error generating SPA
>> data: Invalid key length
>>
>
>
>
Unfortunately the Android client does not support base64-encoded Rijndael
or HMAC keys. To get things working with the current Android client, you
will need to use non-base64 keys. So, on the fwknopd server side, use the
following variables (note the lack of the _BASE64 suffix):
KEY <some ascii printable string>
HMAC_KEY <another ascii printable string>
It is likely that the base64-decoded version of the current base64-encoded
keys are not printable strings, so the keys will need to be changed (i.e.
using the decoded versions manually won't work). Make the same change in
your ~/.fwknoprc file and then test with the client. Another option is to
just add a new stanza to the /etc/fwknop/access.conf file with the new keys
just for Android clients, and then you can continue to use the existing
keys in your ~/.fwknoprc file at the same time.
I've added a new issue in github to track this, and I hope to get it fixed
for the next release:
https://github.com/mrash/fwknop/issues/119
Thanks,
--Mike
>
> --
> Rabin
>
>
> ------------------------------------------------------------------------------
> Learn Graph Databases - Download FREE O'Reilly Book
> "Graph Databases" is the definitive new guide to graph databases and their
> applications. Written by three acclaimed leaders in the field,
> this first edition is now available. Download your free book today!
> http://p.sf.net/sfu/NeoTech
> _______________________________________________
> Fwknop-discuss mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/fwknop-discuss
>
>
--
Michael Rash | Founder
http://www.cipherdyne.org/
Key fingerprint = 53EA 13EA 472E 3771 894F AC69 95D8 5D6B A742 839F
------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/NeoTech
_______________________________________________
Fwknop-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fwknop-discuss
