'Re: [Fwknop-discuss] Seeking Troubleshooting Help'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       fwknop-discuss
Subject:    Re: [Fwknop-discuss] Seeking Troubleshooting Help
From:       David Klann <dxklann () riseup ! net>
Date:       2013-08-13 12:50:31
Message-ID: 20130813075031.07e817ce () fritz ! lan
[Download RAW message or body]

[Attachment #2 (multipart/signed)]


Hello Michael (and List),

I finally swiped the cobwebs from my memory and configured GPG with the
proper keys and signatures. fwknop is working now! Thanks for the
assistance!

For future readers of this mailing list looking for hints on troubles: make
sure all GPG keys are signed on both sides of the connection (clients and
server). See previous messages in this thread, and the thorough
documentation at
http://www.cipherdyne.org/fwknop/docs/fwknop-tutorial.html#fwknop-gpg
for all the details.

Now on to configuring multiple client keys ...

Thanks!

  ~David

  

On Mon, 12 Aug 2013 08:43:43 -0400 you corralled some electrons and wrote:

> On Aug 11, 2013, David Klann wrote:
> 
> > Hi Michael,
> > 
> > Thanks for the quick response!
> > 
> > My experimentation so far is consistent with your assessment of my
> > situation. The recipient key is 4096 bits. I'll need to create a shorter
> > key.
> > 
> > The confusing thing to me is that the other systems from which I'm
> > creating and sending the SPA packets is working (same public key for the
> > remote user, same destination host, etc., etc. I am sure there is something
> > that's different, I simply have not stumbled on what it is.
> > 
> > I concur with Radi in the related post. Documentation with hints would be
> > helpful in diagnosing problems like this. Count me in for helping with
> > that.
> 
> Additional test suite support for these scenarios is coming up.  Glad
> that both you and Radi have made progress.
> 
> --Mike
> 
> 
> > Thanks again for your help!
> > 
> > Best regards,
> > 
> >   ~David
> > 
> > On Sun, 11 Aug 2013 14:23:24 -0400 you corralled some electrons and wrote:
> > 
> > > > ...
> > > Cool, that is the latest commit on github.  This includes Hank
> > > Leininger's patch for better libfko error codes, and the
> > > FKO_ERROR_INVALID_DATA_ENCRYPT_GPG_RESULT_MSGLEN_VALIDFAIL error is
> > > quite instructive.  It is being called as follows:
> > > 
> > > https://github.com/mrash/fwknop/blob/master/lib/fko_encryption.c#L399
> > > 
> > > That error code is only returned when is_valid_encoded_msg_len() fails,
> > > and in this case that is because the encrypted SPA payload coming back
> > > from gpg is longer than 1500 bytes.
> > > 
> > > I'd say there are couple of things to try:
> > > 
> > > - Add the line "compress-level 9" to your ~/.gnupg/options file.
> > >   Assuming that gpg-agent picks this up, then I think it will apply to
> > >   SPA packets that are encrypted via libgpgme (used by fwknop).  The
> > >   server side might need this option added too - not sure about that.
> > > - Add "DIGEST_TYPE    md5" to your ~/.fwknoprc file under the [default]
> > >   stanza section (towards the top).  Even though md5 is not secure, you
> > >   are still using gpg which should eliminate this as a problem although
> > >   I'd still recommend using an HMAC since libgpgme functions aren't even
> > >   executed unless the HMAC check passes.
> > > ...
> > > 
> > > If the suggestions don't work above, then you may need to reduce your
> > > gpg key sizes.
> > > 
> > > Thanks,
> > > 
> > > --Mike
> 
> 
> 
> > ------------------------------------------------------------------------------
> > Get 100% visibility into Java/.NET code with AppDynamics Lite!
> > It's a free troubleshooting tool designed for production.
> > Get down to code-level detail for bottlenecks, with <2% overhead. 
> > Download for free and get started troubleshooting in minutes. 
> > http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk
> 
> > _______________________________________________
> > Fwknop-discuss mailing list
> > Fwknop-discuss@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/fwknop-discuss
> 
> 
> ------------------------------------------------------------------------------
> Get 100% visibility into Java/.NET code with AppDynamics Lite!
> It's a free troubleshooting tool designed for production.
> Get down to code-level detail for bottlenecks, with <2% overhead. 
> Download for free and get started troubleshooting in minutes. 
> http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk
> _______________________________________________
> Fwknop-discuss mailing list
> Fwknop-discuss@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/fwknop-discuss

["signature.asc" (application/pgp-signature)]

------------------------------------------------------------------------------
Get 100% visibility into Java/.NET code with AppDynamics Lite!
It's a free troubleshooting tool designed for production.
Get down to code-level detail for bottlenecks, with <2% overhead. 
Download for free and get started troubleshooting in minutes. 
http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk

_______________________________________________
Fwknop-discuss mailing list
Fwknop-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fwknop-discuss


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic