Re: [Fwknop-discuss] Problems with fwknop
Brought to you by:
mbr
From: Franck J. <fra...@dt...> - 2008-10-14 23:00:37
|
Hi, [...] > I installed some more Debian packages, (crypt perl module) and now at least > all tests run again. But this means that Francks debian packages miss > important dependencies, otherwise these additional debian packages would have > been installed automatically. Already replied. I will package the new pre-release for fwknop and add it to the Dthconnex repository. You did not ask last time. > I restored to the state where Francks package was installed, and run the test > suite. Then i applied your patch again and run the test suite again. Both > results are attached, hope the mail is not too large. On Debian Sid, running the 1.9.9-pre2 release, the test suite runs fine. Adding the previous patch to the ChainMgr.pm file, it fails on test 13 - "Deleting all fwknopd iptables chains". > The tests seem to be successful, but the problem still remains: my login > attempts are rejected: > ssh: connect to host xxxxx port 47280: Connection refused I have tried to slow down iptables by adding a large number of rules: [code] iptables -L -v -n | wc -l 12997 [/code] Twice the test suite run fine. However I have been able to get the following message in debug mode [quote] [-] add_ip_rule() returned 0 Wed Oct 15 00:45:57 2008 iptables: Resource temporarily unavailable [/quote] I need to do more tests quietly since I am a bit lost with all I have tried. > I do think there are some > members on this list that have limited bandwidth, so I think it would > probably be better to send the test suite results to me in separate > emails, but keep the discussion of the results here on the list. If > people are interested in seeing the test suite results I could post them > on cipherdyne.org. What do people think about this? That would be interesting to have them available. > I've made some progress toward the next -pre release. See the following > link for example: > > http://trac.cipherdyne.org/trac/fwknop/changeset/1301 Nice. > I expect to finish the next pre release by tomorrow evening. This one > will include updated IPTables::ChainMgr and IPTables::Parse modules that > allow delays between iptables commands to be configurable, and also > offer all three of waitpid(), popen(), and system() styles of execution. > The test suite has been updated (per the commit above) to add tests for > each of these methods for executing iptables, and it also now collects > any running fwknop or iptables processes if the fwknopd alarm expires. > This should provide a better window for viewing what is going on with > your system. I may also need to try and replicate your environment by > running Debian under VMware with a similar set of installed packages, > but I'm hoping we can solve this issue without attempting this since > it's hard to replicate things correctly. If that could help you, I use a chroot for Etch to build the packages, and both the git and the debian repository are available to help debugging. Regards, -- Franck Joncourt http://debian.org - http://smhteam.info/wiki/ Fingerprint : C10E D1D0 EF70 0A2A CACF 9A3C C490 534E 75C0 89FE |