I'm trying to set up autokey/IFF on our servers here. I was able to get things going between two (peer) servers yesterday with little difficulty. But adding the third server has proved problematic. One side reports:
ind assID status conf reach auth condition last_event cnt =========================================================== 8 3051 e071 yes yes ok reject IP error 7 The other side thinks: ind assID status conf reach auth condition last_event cnt =========================================================== 1 19604 c000 yes yes bad reject "IP error" is not defined anywhere -- it's not in the Wiki, it's not in the RFC, and while the code defines a manifest constant EVNT_PEERIPERR, it's not actually *used* anywhere in the daemon so I can't even find where it gets set. All three servers have their own individual "trusted" certificates and a common IFFpar file (using the same, trivial password). -GAWollman -- Garrett A. Wollman | As the Constitution endures, persons in every [EMAIL PROTECTED] | generation can invoke its principles in their own Opinions not those | search for greater freedom. of MIT or CSAIL. | - A. Kennedy, Lawrence v. Texas, 539 U.S. 558 (2003) _______________________________________________ questions mailing list [email protected] https://lists.ntp.isc.org/mailman/listinfo/questions
