User / Password Based Authentication Is the service available?

[Trytoz]

I am very sorry, because my English is poor, so the content of this article is from the translation software.

------

My server and client system is Centos 7.6 Compiled and installed using the source code from 3.0 Stable Release The compilation and installation process went very smoothly and no errors were found so far

------

I refer to the instructions in doc/Authentication.md as well as the code. The following configuration was built on the server side.

[root@AuaycnPpWB n2n-3.0]# cat aaconf.conf

-p 7655
-a 172.16.0.0-172.32.255.0/24
-v
-F N2N_NN_A
-c aasupernode_list.conf

[root@AuaycnPpWB n2n-3.0]# cat aasupernode_list.conf

mynetwork
netleo
* logan nHWum+r42k1qDXdIeH-WFKeylK5UyLStRzxofRNAgpG
ntop[0-1][0-9]

[root@AuaycnPpWB n2n-3.0]# supernode aaconf.conf

31/May/2022 02:51:29 [supernode.c:268] the network range for community ip address service is '172.16.0.0...172.32.255.0/24'
31/May/2022 02:51:29 [sn_utils.c:400] added allowed community 'st' [total: 1]
31/May/2022 02:51:29 [sn_utils.c:406] WARNING: bad net/bit format 'of' for community '�', ignoring; see comments inside community.list file
31/May/2022 02:51:29 [sn_utils.c:414] WARNING: bad network 'of/0' in 'of' for community 'st', ignoring
31/May/2022 02:51:29 [sn_utils.c:419] WARNING: bad prefix '0' in 'of' for community 'st', ignoring
31/May/2022 02:51:29 [sn_utils.c:1295] assigned sub-network 172.29.67.0/24 to community 'st'
31/May/2022 02:51:29 [sn_utils.c:400] added allowed community 'mynetwork' [total: 2]
31/May/2022 02:51:29 [sn_utils.c:1295] assigned sub-network 172.26.148.0/24 to community 'mynetwork'
31/May/2022 02:51:29 [sn_utils.c:400] added allowed community 'netleo' [total: 3]
31/May/2022 02:51:29 [sn_utils.c:1295] assigned sub-network 172.26.204.0/24 to community 'netleo'
31/May/2022 02:51:29 [sn_utils.c:345] added user 'logan' with public key 'nHWum+r42k1qDXdIeH-WFKeylK5UyLStRzxofRNAgpG' to community 'netleo'
31/May/2022 02:51:29 [sn_utils.c:375] added regular expression for allowed communities 'ntop[0-1][0-9]'
31/May/2022 02:51:29 [sn_utils.c:445] loaded 3 fixed-name communities from aasupernode_list.conf
31/May/2022 02:51:29 [sn_utils.c:448] loaded 1 regular expressions for community name matching from aasupernode_list.conf
31/May/2022 02:51:29 [sn_utils.c:120] started shared secrets calculation for edge authentication
31/May/2022 02:51:29 [sn_utils.c:136] calculated shared secrets for edge authentication
31/May/2022 02:51:29 [sn_utils.c:145] calculating dynamic keys

So far, the server side is working fine. When I do not use Username - password method for authentication (link mynetwork) community, the client can link normally and assign virtual IP.

------

On the client side, I use the following configuration

-c netleo
-l 23.224.121.171:7655
-I logan
-J 007
-A5
-k mySecretKey
-P opIyaWhWjKLJSNOHNpKnGmelhHWRqkmY5pAx7lbDHp4
-vvvvv

But he can't link to the server side, here are the logs

[root@QJS8vII2IP n2n-3.0]# edge edge.conf 
31/May/2022 02:55:28 [edge_utils.c:3774] adding supernode = 23.224.121.171:7655
31/May/2022 02:55:28 [edge.c:1062] using username and password for edge authentication
31/May/2022 02:55:28 [edge.c:1074] enabling header encryption for edge authentication
31/May/2022 02:55:28 [edge.c:1085] starting n2n edge 3.0.0 May 31 2022 02:24:42
31/May/2022 02:55:28 [edge.c:1091] using compression: none.
31/May/2022 02:55:28 [edge.c:1092] using Speck cipher.
31/May/2022 02:55:28 [edge_utils.c:392] number of supernodes in the list: 1
31/May/2022 02:55:28 [edge_utils.c:394] supernode 0 => 23.224.121.171:7655
31/May/2022 02:55:28 [transform_speck.c:138] setup_speck_key completed
31/May/2022 02:55:28 [edge_utils.c:427] Header encryption is enabled.
31/May/2022 02:55:28 [edge_utils.c:483] successfully created resolver thread
31/May/2022 02:55:28 [edge.c:1122] automatically assign IP address by supernode
31/May/2022 02:55:28 [edge.c:1134] skip PING to supernode
31/May/2022 02:55:28 [edge_utils.c:312] PMTU discovery disabled
31/May/2022 02:55:28 [edge_utils.c:1262] send REGISTER_SUPER to [23.224.121.171:7655]
31/May/2022 02:55:28 [edge_utils.c:1040] sent=127 to 
31/May/2022 02:55:28 [edge.c:1194] send REGISTER_SUPER to supernode [23.224.121.171:7655] asking for IP address
31/May/2022 02:55:31 [edge.c:1217] REGISTER_SUPER_ACK timeout
31/May/2022 02:55:31 [edge_utils.c:1262] send REGISTER_SUPER to [23.224.121.171:7655]
31/May/2022 02:55:31 [edge_utils.c:1040] sent=127 to 
31/May/2022 02:55:31 [edge.c:1194] send REGISTER_SUPER to supernode [23.224.121.171:7655] asking for IP address

I've tried many times, but I still can't find where the error is, so I hope you can help me. Thanks!

[Logan007]

Hello,

thank you for your detailed description. I see that you use the -P ...DHp4 parameter from the example.

But if your federation name is N2N_NN_A, the corresponding public federation key (to be provided to the edges with -P) should be Y93Jn9AONIZWaeqekna2CJIOLZEejhU29dXFeeQLQJC – you can use tools/n2n-keygen -F N2N_NN_A to calculate the public key.

Let us know if it helps!

[Trytoz]

Hello,

thank you for your detailed description. I see that you use the -P ...DHp4 parameter from the example.

But if your federation name is N2N_NN_A, the corresponding public federation key (to be privoded to the edges with -P) should be Y93Jn9AONIZWaeqekna2CJIOLZEejhU29dXFeeQLQJC – you can use tools/n2n-keygen -F N2N_NN_A to calculate the public key.

Let us know if it helps!

Thank you for your reply, we may sometimes be poor in the middle. I will retest it and reply to you tomorrow.

[Trytoz]

Hello,

thank you for your detailed description. I see that you use the -P ...DHp4 parameter from the example.

But if your federation name is N2N_NN_A, the corresponding public federation key (to be provided to the edges with -P) should be Y93Jn9AONIZWaeqekna2CJIOLZEejhU29dXFeeQLQJC – you can use tools/n2n-keygen -F N2N_NN_A to calculate the public key.

Let us know if it helps!

Here is the feedback, thank you very much for your help, the test has now passed and it is indeed the -P parameter that is causing the inability to connect to the server.