On Wed, Apr 22, 2015 at 3:45 PM, Robert Watson <[email protected]>
wrote:
> commented out HMAC key and added ENCRYPTION_MODE legacy to access.conf,
> still unable to connect..
>
> Apr 22 05:54:58 server.ourhome.net fwknopd[13458]: (stanza #1) SPA Packet
> from IP: 192.168.1.10 received with access source match
> Apr 22 05:54:58 server.ourhome.net fwknopd[13458]: SPA Packet:
> '+wvjPe0xiLs/XerTQYlfJgHAIbTlqqB1C9KvAgZ+g3mwQzGzBWsTDXr7u2Ch2+rzBgvl30gUiPXIUy0Gb74gGhInQ/aRbsNtWkfUygl/kkQBk0S0N9c5b
> Apr 22 05:54:58 server.ourhome.net fwknopd[13458]: [192.168.1.10] (stanza
> #1) Error creating fko context: Decryption failed or decrypted data is
> invalid
>
One thing I just remembered - the Morpheus client had a bug where it wasn't
able to properly resolve your IP with the "Resolve External IP" feature. If
you use that, and the IP resolution fails, it still builds an SPA packet
but with a NULL IP. This is detected and rejected by fwknopd. So, can you
try without using that feature? Just point your browser to whatismyip.com
(or to the fwknop IP resolution service here:
https://www.cipherdyne.org/cgi-bin/myip) and then type this IP manually
into the Morpheus "Allow IP" text box, and then have it send the SPA packet?
Thanks,
--Mike
>
>
> On Tue, Apr 21, 2015 at 4:42 PM, Michael Rash <[email protected]>
> wrote:
>
>>
>> On Tue, Apr 21, 2015 at 11:30 AM, Robert Watson <[email protected]>
>> wrote:
>>
>>> I'm unable to connect to the fwknop server using either Reindahl or
>>> GnuPG using the windows client fwknop or the Morpheus UI. The windows
>>> fwknop client hasn't been updated for years. The server log captures the
>>> packet but then the packet can't be processed. Does anyone have a working
>>> configuration using a windows client. I think this may be a problem with
>>> HMAC encryption on the client side but haven't seen any guides on the HMAC
>>> encryption for the client.
>>> <http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual->
>>>
>>
>> The Morpheus UI is certainly way old (and development hasn't progressed
>> on a UI replacement), but you can get things working by making sure that on
>> the fwknopd server there is:
>>
>> 1) No HMAC key defined in the /etc/fwknop/access.conf file - this is
>> because the Morpheus client does not support an HMAC
>> 2) Set "ENCRYPTION_MODE legacy" in /etc/fwknop/access.conf.
>>
>> In terms of guides, the is some material on backwards compatibility here,
>> but I should probably extend it:
>>
>>
>> http://www.cipherdyne.org/fwknop/docs/fwknop-tutorial.html#backwards-compatibility
>>
>> Thanks,
>>
>> --Mike
>>
>>
>> ------------------------------------------------------------------------------
>> BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
>> Develop your own process in accordance with the BPMN 2 standard
>> Learn Process modeling best practices with Bonita BPM through live
>> exercises
>> http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual-
>> event?utm_
>> source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
>> _______________________________________________
>> Fwknop-discuss mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/fwknop-discuss
>>
>>
>
>
> ------------------------------------------------------------------------------
> BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
> Develop your own process in accordance with the BPMN 2 standard
> Learn Process modeling best practices with Bonita BPM through live
> exercises
> http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual-
> event?utm_
> source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
> _______________________________________________
> Fwknop-discuss mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/fwknop-discuss
>
>
--
Michael Rash | Founder
http://www.cipherdyne.org/
Key fingerprint = 53EA 13EA 472E 3771 894F AC69 95D8 5D6B A742 839F
------------------------------------------------------------------------------
BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
Develop your own process in accordance with the BPMN 2 standard
Learn Process modeling best practices with Bonita BPM through live exercises
http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_
source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
_______________________________________________
Fwknop-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fwknop-discuss
