'Re: [Fwknop-discuss] Cannot port unlock after 2.0.3 server upgrade'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       fwknop-discuss
Subject:    Re: [Fwknop-discuss] Cannot port unlock after 2.0.3 server upgrade
From:       Michael Rash <mbr () cipherdyne ! org>
Date:       2013-02-01 2:24:46
Message-ID: 20130201022446.GA4683 () cipherdyne ! org
[Download RAW message or body]

On Jan 01, 2013, Blair Zajac wrote:

> Hello,

Hello Blair,

Sorry for the delay in getting this posted to the list.

> Using fwknop client from MacPorts and connecting to a newly upgraded 
> Ubuntu Quantal system (which went from 1.9.12 to 2.0.3) the client 
> cannot log in.  I built a 2.0.4 client on the Mac and it was able to log 
> in with the new client using the same ~/.fwknoprc file which suggests 
> that there's a compatibility issue.
> 
> Jan  1 15:57:11 foo fwknopd[13211]: (stanza #1) SPA Packet from IP: 
> 108.0.197.17 received with access source match
> Jan  1 15:57:11 foo fwknopd[13211]: (stanza #1) Error creating fko 
> context: Decryption failed or decrypted data is invalid
> Jan  1 15:57:11 foo fwknopd[13211]: (stanza #2) SPA Packet from IP: 
> 108.0.197.17 received with access source match
> Jan  1 15:57:11 foo fwknopd[13211]: (stanza #2) Error creating fko 
> context: Decryption failed or decrypted data is invalid
> 
> I'm using only a simple KEY, if that makes a difference.

Just to confirm, this implies that a 1.9.12 client cannot create a
compatible SPA packet that a 2.0.3 server will accept, correct?  If you
still want to use the perl client, one possibility to fixing this might
be to install the perl FKO module along with libfko from the fwknop
sources.  This way, perl will be creating SPA data through the same
library that the C client uses.  The old perl code is not maintained, so
it hasn't been examined for compatibility in a long while.  There are
backwards compatibility tests though in the 2.0.4 release for all
previous releases of the fwknop C code:

# ./test-fwknop.pl --list | grep compatibility
[Rijndael SPA] [client->server backwards compatibility] v2.0
[Rijndael SPA] [client->server backwards compatibility] v2.0.1
[Rijndael SPA] [client->server backwards compatibility] v2.0.2
[Rijndael SPA] [client->server backwards compatibility] v2.0.3
[Rijndael SPA] [Android compatibility] v4.1.2

Thanks,

--Mike


> Thanks,
> Blair
> 
> ------------------------------------------------------------------------------
> Everyone hates slow websites. So do we.
> Make your web apps faster with AppDynamics
> Download AppDynamics Lite for free today:
> http://p.sf.net/sfu/appdyn_d2d_jan
> _______________________________________________
> Fwknop-discuss mailing list
> Fwknop-discuss@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/fwknop-discuss

------------------------------------------------------------------------------
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_jan
_______________________________________________
Fwknop-discuss mailing list
Fwknop-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fwknop-discuss
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic