On Wed, Jun 30, 2010 at 10:47 AM
<fwknopmail.20.miller_2555@spamgourmet.com>wrote:
>
>
> On Sat, Jun 19, 2010 at 1:57 PM,
> Michael Rash <michael.rash@gm...>wrote:
> > We'll get the beta release posted as soon as we can.
>
> Great Michael! I'm looking forward to the release. Meanwhile, I've compiled perl (v. 5.10.1) and fwknop (v. 1.9.12 rev. 1533) into an initrd image for Fedora 13. I have some intermittent issues, though. On occasion, fwknopd will not create the
> FWKNOP_INPUT chain and related rule in the INPUT chain upon start (or restart) of the daemon. I attempted a fwknopd --Kill and re-initializing, but didn't see anything reported to stderr that would cause a problem (even when issuing with the
> verbose flag set). I've starting digging through the code to see what the problem may be, but thought I'd post here to see if this symptom has arisen before and whether a simple configuration fix exists (I didn't see anything on a search of the maillist
> archive or google). I also tried re-compiling the ChainMgr perl module.
>
> Thanks for any thoughts!
> Wil

D'oh - apologies - this issue was addressed in the thread entitled "[Fwknop-discuss] No fwknop chains in my iptables." I do not know how I missed it. If it helps anyone, `fwknopd --debug` revealed that the SPA packet timestamp used to age the packet exceeded the maximum time differential permitted by the fwknop daemon (which is really odd, since I was running both Fedora-based Linux systems in a virtual environment on the same host, so the timestamps should match on the order of milliseconds). In any case, fwknop is running properly -- it is an excellent tool!

Best -
Will