search

bstansell / conserver

Logged, multi-user access to device consoles
https://www.conserver.com/
BSD 3-Clause "New" or "Revised" License
129 stars 38 forks source link

building w/ --with-ipv6 changes access behavior #48

Closed dannf closed 3 years ago

dannf commented 4 years ago

We upgraded our conserver-server from 8.2.1 to 8.2.4 using the Debian packages and found that previously permitted clients were now refused access:

$ console myhost
10.2.3.4: access from your host refused

I found that the important difference between these two wasn't the source itself, but rather that Debian enabled --with-ipv6 for 8.2.4. Rebuilding 8.2.4 w/o --with-ipv6 restored the previous behavior, allowing clients the impacted clients to connect once again.

Our access block looks like this (with specific IPs/subnets modified for obfuscation):

access * {
       trusted 127.0.0.1,10.2.3.4,10.5.6.0/18,10.6.7.0/18;
       allowed 127.0.0.1,10.2.3.4,10.5.6.0/18,10.6.7.0/18;
}

Tested clients were in one of the /18 networks.