Thank you, that did the trick,
now when i run the knock from the Android app i can unlock the port,
but i see this error message in the log file,
(stanza #1) Error creating fko context: Args contain invalid data:
> FKO_ERROR_INVALID_DATA_HMAC_COMPAREFAIL
>
--
Rabin
On Sun, Jun 8, 2014 at 4:50 PM, Michael Rash <[email protected]> wrote:
>
> On Sun, Jun 8, 2014 at 8:24 AM, Rabin Yasharzadehe <[email protected]>
> wrote:
>
>> Hello List,
>>
>>
> Hello Rabin,
>
>
>> I'm sorry in advance it this is not the right place to ask this question.
>>
>> - I have setup fwknop on my server,
>> - And created the keys based on the "Basic Outline" documentation,
>>
>>> [spaclient]$ fwknop -A tcp/22 -a 1.1.1.1 -D myserver.mydomain.my --key-gen
>>> --use-hmac --save-rc-stanza
>>>
>>>
>>>
>>> [+] Wrote Rijndael and HMAC keys to rc file: /home/myuser/.fwknoprc
>>>
>>> and now i have this section on my .fwknoprc
>>
>> file,
>>
>> [myserver.mydomain.my]
>>> ACCESS tcp/22
>>> SPA_SERVER myserver.mydomain.my
>>> KEY_BASE64 some-long-string
>>> HMAC_KEY_BASE64 some-lonnger-string
>>> USE_HMAC Y
>>> RESOLVE_IP_HTTP Y
>>>
>>
>> when connecting from my laptop with,
>>
>> fwknop -n myserver.mydomain.my --verbose ; sleep 2 ; mosh
>>> myserver.mydomain.my
>>
>>
>> It works, and i am able to connect to my server,
>>
>> but i don't know what to fill in the "Rijndael Key" field in the Android
>> app,
>> I tried to copy "KEY_BASE64" to it, but it didn't work, i get the message
>>
>> Error: Error generating SPA
>>> data: Invalid key length
>>>
>>
>>
>>
> Unfortunately the Android client does not support base64-encoded Rijndael
> or HMAC keys. To get things working with the current Android client, you
> will need to use non-base64 keys. So, on the fwknopd server side, use the
> following variables (note the lack of the _BASE64 suffix):
>
> KEY <some ascii printable string>
> HMAC_KEY <another ascii printable string>
>
> It is likely that the base64-decoded version of the current base64-encoded
> keys are not printable strings, so the keys will need to be changed (i.e.
> using the decoded versions manually won't work). Make the same change in
> your ~/.fwknoprc file and then test with the client. Another option is to
> just add a new stanza to the /etc/fwknop/access.conf file with the new keys
> just for Android clients, and then you can continue to use the existing
> keys in your ~/.fwknoprc file at the same time.
>
> I've added a new issue in github to track this, and I hope to get it fixed
> for the next release:
>
> https://github.com/mrash/fwknop/issues/119
>
> Thanks,
>
> --Mike
>
>
>
>
>>
>> --
>> Rabin
>>
>>
>> ------------------------------------------------------------------------------
>> Learn Graph Databases - Download FREE O'Reilly Book
>> "Graph Databases" is the definitive new guide to graph databases and their
>> applications. Written by three acclaimed leaders in the field,
>> this first edition is now available. Download your free book today!
>> http://p.sf.net/sfu/NeoTech
>> _______________________________________________
>> Fwknop-discuss mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/fwknop-discuss
>>
>>
>
>
> --
> Michael Rash | Founder
> http://www.cipherdyne.org/
> Key fingerprint = 53EA 13EA 472E 3771 894F AC69 95D8 5D6B A742 839F
>
------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and their
applications. Written by three acclaimed leaders in the field,
this first edition is now available. Download your free book today!
http://p.sf.net/sfu/NeoTech
_______________________________________________
Fwknop-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fwknop-discuss
