build from HEAD yields "fwknop: fko_set_spa_message: Error 100 - Invalid allow IP address in the SPA message data"
e40 opened this issue · comments
and the knocking does not happen.
I reset by to the HEAD before the activity today and fwknop
works for me. This is my config, in case it's now invalid:
[default]
ALLOW_IP source
[gremlin]
SPA_SERVER gremlinssh.foo.com
ACCESS tcp/64208
NAT_ACCESS XX.YY.ZZ.77,22
SPOOF_USER foobar
Found the the commit that introduced the regression and reverted it. What I thought was an innocuous change broke the decode/dcrypt processing of the SPA packet.
…-Damien
On 1/27/24 4:30 PM, e40 ***@***.***> wrote:
and the knocking does not happen.
I reset by to the HEAD before the activity today and |fwknop| works for
me. This is my config, in case it's now invalid:
|[default] ALLOW_IP source [gremlin] SPA_SERVER gremlinssh.foo.com
ACCESS tcp/64208 NAT_ACCESS XX.YY.ZZ.77,22 SPOOF_USER foobar |
—
Reply to this email directly, view it on GitHub
<#363>, or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAGRNJD5HSLFLENHHZZUHLTYQVWYVAVCNFSM6AAAAABCNUKLG6VHI2DSMVQWIX3LMV43ASLTON2WKOZSGEYDGOBRHE4DANI>.
You are receiving this because you are subscribed to this thread.Message
ID: ***@***.***>
Sorry about that. I guess I didn't test it fully. My bad.
It is curious how the seemingly dead code impacted things.