You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
But when I send the packet it seems to be signed with the subkey because I get
the following error in syslog
Jan 26 19:40:38 hostname fwknopd[18306]: (stanza #1) SPA Packet from IP: myip received with access source match
Jan 26 19:40:38 hostname fwknopd[18306]: [myip] (stanza #1) Incoming SPA data signed by 'F17FFF6D' (fingerprint 'YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYF17FFF6D').
Jan 26 19:40:38 hostname fwknopd[18306]: [myip] (stanza #1) Incoming SPA packet signed by ID: F17FFF6D, but that ID is not in the GPG_REMOTE_ID list.
It doesn't work even if I set the access.conf section as:
I'm doing an ansible role to install and configure fwknop and it generates the
gpg keys, so it's not easy (without ugly messy shell instruction) to extract
the string that works from the original.
gpg correctly recognizes the key, and the subkey with XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX52019803, so there are two questions:
Shouldn't fwknop recognize the subkey with the key?
Shouldn't fwknop recognize a key with the long format?
Thank you
The text was updated successfully, but these errors were encountered:
Hello, I was also affected by the issue. While on the side of the user the fix is trivial (once you know that the long format misinterpretation is the reason why fwknop does not accepts your SPAs!), it is not evident what the problem may be when it surfaces. I'm in doubt whether it's correct to always truncate the fingerprint.
Hi, fwknop-server doesn't recognize the specified access gpg key.
The client gpg key is the following:
The server
access.conf
has this section:But when I send the packet it seems to be signed with the subkey because I get
the following error in syslog
It doesn't work even if I set the
access.conf
section as:The only way it works is setting it this way
I'm doing an ansible role to install and configure fwknop and it generates the
gpg keys, so it's not easy (without ugly messy
shell
instruction) to extractthe string that works from the original.
gpg
correctly recognizes the key, and the subkey with XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX52019803, so there are two questions:Thank you
The text was updated successfully, but these errors were encountered: