Re: [Fwknop-discuss] Mac OSX client not working?
Brought to you by:
mbr
Menu
▾
▴
Re: [Fwknop-discuss] Mac OSX client not working?
|
From: Michael R. <mb...@ci...> - 2007-09-06 05:19:17
|
On Sep 06, 2007, Michael Rash wrote: > Hi Richard - > > Comments inline: > > On Sep 05, 2007, Richard Crane wrote: > > > I am having trouble with the client on an Intel Mac - it appears to > > work in the default SPA mode but the encrypted packet fails to > > decrypt on the server ( have tried two installations on Suse) -- they > > can each function as servers for each other. > > > > Can I supply more information to help debug this? the server > > results runnning in debug is: > > > > # [+] Received packet (150 bytes) > > [+] Received data: U2FsdGVkX1/MowaDeg5eJk9odXA59BqBpQrJlLB2rMF360/1/ > > jEwBGU > > +0psTx8NXDWs7tVsCfeZbKUo78mAJMFTGbNOQj6O76c2yEUyBJSpneMUaTm5uSazIeaVva/v > > +XNtO8UL4QS6PrtO4r5cqkA > > [+] Packet from 172.20.7.1 matched SOURCE: ANY in /etc/fwknop/ > > access.conf > > [+] Attempting Rijndael decrypt... > > [+] Decrypted message: > > NANA<NANANANAHNANANANANANANANAgY8NArNANANANANANANANArNANANANANANANASNANA > > NANA6NANANANA<NANANANANANAFNANANA NANANAJ[NANANANANANANANA8NANANANA6NANA > > This is most likely a result of a bug in the Crypt::Rijndael perl > module when the SPA packet is created on a 32-bit system and sent to the > fwknopd server running on a 64-bit system (or vice versa). It looks as > though this bug has been fixed in recent versions of the Crypt::Rindael > module, so this will be included with the next release of fwknop. In > the meantime, you can probably get things working if you upgrade > Crypt::Rijndael by downloading the latest version from CPAN, and then > installing like so after unpacking the module tarball: > > $ cd Crypt-Rijndael-1.04 > $ perl Makefile.PL PREFIX=/usr/lib/fwknop LIB=/usr/lib/fwknop > $ make > $ su > Password: > # make install > > Please note that I have not tested the 1.04 version of the module yet, > but it should work. Oh, and I forgot to mention that using the GnuPG method of authenticating should always work (it doesn't rely on the Crypt::Rijndael module). -- Michael Rash http://www.cipherdyne.org/ Key fingerprint = 53EA 13EA 472E 3771 894F AC69 95D8 5D6B A742 839F |