On Sun, Jun 8, 2014 at 11:46 AM, Rabin Yasharzadehe <rabin@isoc.org.il> wrote:
On Sun, Jun 8, 2014 at 6:22 PM, Michael Rash <michael.rash@gmail.com> wrote:
now when i run the knock from the Android app i can unlock the port,
but i see this error message in the log file,

(stanza #1) Error creating fko context: Args contain invalid data: FKO_ERROR_INVALID_DATA_HMAC_COMPAREFAIL

 

Do you now have two stanzas in access.conf?  I.e. one with base64 keys and the other without?
 That HMAC error would mean that the port should not be opened unless you are gaining access via a second stanza

​yes i see now, i created more rules/keys and test it again, fwknop will log each stanza check until it find a match,
so if i have 20 users, i can have up to 19 error messages like the above.

Maybe you should consider to write these messages at a lower error level (like debug maybe?)


Sure, good point, and easily done.

Thanks,

--Mike

 


Thank you again for your help,

--
Rabin



--
Michael Rash | Founder
http://www.cipherdyne.org/
Key fingerprint = 53EA 13EA 472E 3771 894F  AC69 95D8 5D6B A742 839F