Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Question] Configuration for Client and Gateway Server (Client Not Gain Access) #7

Open
cloudlakecho opened this issue Sep 8, 2022 · 0 comments
Open

[Question] Configuration for Client and Gateway Server (Client Not Gain Access) #7

cloudlakecho opened this issue Sep 8, 2022 · 0 comments

Comments

@cloudlakecho
Copy link

Question

I have two questions about key and certification.

Regarding key:
   I am aware there are two configuration files for client and server (ref: installation manual):
   for client "SAMPLE_sdp_ctrl_client.conf" and ".fwknoprc"
   for server "gate_sdp_ctrl_client.conf" and "fwknopd.conf"

   What should I put in
   SPA_ENCRYPTION_KEY and SPA_HMAC_KEY in "SAMPLE_sdp_ctrl_client.conf" (client side)
   SPA_ENCRYPTION_KEY and SPA_HMAC_KEY in "gate_sdp_ctrl_client.conf" (gateway server side)
      I generated "client.key", "clinet.crt", "client.csr" and "server.key", "server.crt", "server.csr" by node ./genCredentials.js <SDPID>. Should I use information from these?
or data from "ca.crt" and "ca.key"? (in this case client and server will have the same value)

Regarding certification (and also key):
   What should I put
   KEY_FILE and CERT_FILE in "gate_sdp_ctrl.conf" (gateway server side)
      example in the file indicated "client.key". Should be "server.key", right?:
      (ref 1 and 2)

Situation

Client couldn't gain access to a protected service. Here is current status:

isi@isi-radio:~$ fwknop -n service_gate
[-] file: /home/isi/.fwknoprc permissions should only be user read/write (0600, -rw-------)
[-] file: /home/isi/.fwknoprc permissions should only be user read/write (0600, -rw-------)
(sdp_com.c:423) Setting CA cert for peer cert verification.
(sdp_com.c:622) Starting connection attempt 1
(sdp_com.c:329) Socket connect failed
(sdp_com.c:656) Connection attempt 1 failed, 2 attempts remaining
(sdp_com.c:668) Waiting 5 seconds until retry
(sdp_com.c:622) Starting connection attempt 2
(sdp_com.c:329) Socket connect failed
(sdp_com.c:656) Connection attempt 2 failed, 1 attempt remaining
(sdp_com.c:668) Waiting 10 seconds until retry
(sdp_com.c:622) Starting connection attempt 3
(sdp_com.c:329) Socket connect failed
(sdp_com.c:656) Connection attempt 3 failed, 0 attempts remaining
(sdp_com.c:661) Too many failed connection attempts. Exiting now
(sdp_ctrl_client.c:1562) SDP Control Client Exiting
SDP ctrl client returned error code: 32778
isi@isi-radio:~$

To run Software Defined Perimeter software, I followed these steps (ref: installation manual):

   (1) Run controller

isi@isi-wave:~/project/SoDeTaNII/SDPcontroller$ node ./sdpController.js 
(1) Tool imported
(2) Checked configurations
SDP Controller running at port 5000
No open connections found that need to be removed.

(2) Run gateway server

isi@isi-radio:~$ fwknopd
[-] file: /etc/fwknop/fwknopd.conf permissions should only be user read/write (0600, -rw-------)
[-] file: /etc/fwknop/fwknopd.conf (owner: 0) not owned by current effective user id: 1000

(3) Run client
isi@isi-radio:~$ fwknop -n service_gate...and I have above error.

Please, let me know correct parameter or if I miss anything.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@cloudlakecho