search

mrash / fwknop

Single Packet Authorization > Port Knocking
http://www.cipherdyne.org/fwknop/
GNU General Public License v2.0
1.1k stars 229 forks source link

Error creating fko context: Args contain invalid data: FKO_ERROR_INVALID_DATA_HMAC_COMPAREFAIL #291

Closed yourheroonly closed 5 years ago

yourheroonly commented 5 years ago

hello My English is not good ,sorry my client send request to server [client] [fwknopserver] SDP_ID 1234 ALLOW_IP 192.168.X.X ACCESS tcp/22,tcp/4432 SPA_SERVER 192.168.X.X KEY_BASE64 [Long string] HMAC_KEY_BASE64 [Long string] USE_HMAC Y

[server access.config] SOURCE ANY OPEN_PORTS tcp/22, tcp/993 REQUIRE_USERNAME root EQUIRE_SOURCE_ADDRESS Y KEY_BASE64 pEqiZHloPXCmGY8zeBxnRJLRfPzLSEJS941hT9KN+vA= HMAC_KEY_BASE64 +G0r2D6hpRcAXFmFVz2KbJYlfEymaVOXwrZtcrJQAXgAKySSbUG0eAiK+KBr21IueB3BakoMCxXlFwqsie9FZQ==

check server log:Dec 7 17:36:08 192 fwknopd[60293]: (stanza #1) SPA Packet from IP: 192.168.1.3 received with access source match Dec 7 17:36:08 192 fwknopd[60293]: [192.168.1.3] (stanza #1) Error creating fko context: Args contain invalid data: FKO_ERROR_INVALID_DATA_HMAC_COMPAREFAIL

I'm sorry to bother you

DWDuq commented 5 years ago

I'm having the exact same problem. I'm running fwknop on a router running OpenWRT. I installed the fwknop app on my android phone and everything works fine. Then I also installed the fwknop client and GUI (version 2.6.9) on my computer running Ubuntu 18.04 using apt and put in the exact same settings as are on the phone but it doesn't work and the router's logs report the same error as given above.

I also tried downloading the source code to run the tests but after a successful configure I get the following error while running the tests: ~/Desktop/fwknop-2.6.9/test$ sudo ./test-fwknop.pl --enable-all Subroutine main::getcwd redefined at ./test-fwknop.pl line 15. Can't locate tests/configure_args.pl in @INC (@INC contains: /etc/perl /usr/local/lib/x86_64-linux-gnu/perl/5.26.1 /usr/local/share/perl/5.26.1 /usr/lib/x86_64-linux-gnu/perl5/5.26 /usr/share/perl5 /usr/lib/x86_64-linux-gnu/perl/5.26 /usr/share/perl/5.26 /usr/local/lib/site_perl /usr/lib/x86_64-linux-gnu/perl-base) at ./test-fwknop.pl line 8547.

Appreciate what you've done with fwknop and really wish I could get it working on my computer.

yourheroonly commented 5 years ago

Hello

  1. I have no problem with fwknop version 2.6.8, but when I download the latest source code make with git and try knocking on the door, there will be a problem 2.My system environment is centos7 Sorry, my English is poor
RiaanBurger commented 5 years ago

@DWDuq I'm also stuck around here though not entirely sure it is exactly the same problem.

At least I can help you or anyone else who come across this issue regarding the tests (the failure of which led me here too).

Add your current path (in the test folder) before running the tests:

export PERL5LIB=$(pwd)
./test-fwknop.pl --enable-all
jp-bennett commented 5 years ago

Broadly speaking, "FKO_ERROR_INVALID_DATA_HMAC_COMPAREFAIL" means that the HMAC signature of an incoming packet doesn't match the one configured in the daemon. This usually means a configuration error on either the client or server.

RiaanBurger commented 5 years ago

Thank you @jp-bennett I'm definitely not in the right thread. Stuck in a rather ambitious (for me) Ansible role to orchestrate with gpg and just not getting decryption on the Ubuntu 18.04 hosts. Still all local:

syslog

Jun 13 05:21:29 u18s01 fwknopd[23839]: (stanza #1) SPA Packet from IP: 192.168.1.101 received with access source match
Jun 13 05:21:29 u18s01 fwknopd[23839]: [192.168.1.101] (stanza #1) Error creating fko context: Decryption operation failed
Jun 13 05:21:29 u18s01 fwknopd[23839]: [192.168.1.101] (stanza #1) - GPG ERROR: No data

Manual gpg encrypt/decrypt of test files do work. Going to drop gpg for another configuration try of fwknop before leaving fwknop for Ubuntu 20.04 if that still doesn't work.