Some starting documents

Zenny garbytrash at gmail.com
Sun Dec 2 22:06:39 CET 2012 

1) On mandos-server VM A, I am getting the following error:

"2012-12-02T22:03:17.346685: Checker for client gw1.domain.tld
(command "fping -q -- 192\.168\.53\.161") failed with exit code 1"

I even changed the host in /etc/mandos/clients.conf from alias to IP
with the same results.

2) On mandos-client VM B, I am getting the error as stated below:

"Mandos plugin mados-client: connect: Cannot assign requested address"

3) No iptables were configured, even flushed the iptables with 'iptables -L'

??

/zenny


On 12/2/12, Zenny <garbytrash at gmail.com> wrote:
> BTW, I forgot to mention that I get 'A checker has failed!' error in
> VM A (mandos-server) when I check with mandos-monitor command.
>
> I enabled all  and get the following output:
>
> # mandos-ctl -e --all
> # mandos-ctl
> Name             Enabled Timeout  Last Successful Check
> gw1.domain.tld Yes     00:05:00
>
> Is it something helpful to debug? Thanks!
>
> On 12/2/12, Zenny <garbytrash at gmail.com> wrote:
>> And there is no firewall involved between these machines, because I
>> have not configured any. No firewall configured at all at the moment.
>>
>> # iptables -L
>> Chain INPUT (policy ACCEPT)
>> target     prot opt source               destination
>>
>> Chain FORWARD (policy ACCEPT)
>> target     prot opt source               destination
>>
>> Chain OUTPUT (policy ACCEPT)
>> target     prot opt source               destination
>>
>> On 12/2/12, Zenny <garbytrash at gmail.com> wrote:
>>> Dear Teddy and Dick:
>>>
>>> I tried also with a completely new debian squeeze installation with
>>> dm-crypt and LUKS which has the following in the fstab:
>>>
>>> # <file system> <mount point>   <type>  <options>       <dump>  <pass>
>>> proc            /proc           proc    defaults        0       0
>>> /dev/mapper/gw0-root /               ext3    errors=remount-ro 0       1
>>> # /boot was on /dev/sda1 during installation
>>> UUID=22c1e040-0527-4845-b14d-3db74829167f /boot           ext2
>>> defaults        0       2
>>> /dev/mapper/gw0-home /home           ext3    defaults        0       2
>>> /dev/mapper/gw0-tmp /tmp            ext3    defaults        0       2
>>> /dev/mapper/gw0-usr /usr            ext3    defaults        0       2
>>> /dev/mapper/gw0-var /var            ext3    defaults        0       2
>>> /dev/mapper/gw0-swap_1 none            swap    sw              0       0
>>> /dev/scd0       /media/cdrom0   udf,iso9660 user,noauto     0       0
>>>
>>> This time the installation on the mandor-client in the machine works
>>> and still executing:
>>>
>>> #/usr/lib/mandos/plugins.d/mandos-client \
>>>> --pubkey=/etc/keys/mandos/pubkey.txt \
>>>> --seckey=/etc/keys/mandos/seckey.txt; echo
>>>
>>> Does not give any output even after eons of time.
>>>
>>> What I did was:
>>>
>>> 1) Installed a completely new instance of debian squeeze using guided
>>> installation with encryption in two VMs,
>>> 2) then installed mandos-server in VM A and mandos-client in VM B.
>>> 3) Generated the client info (mandos-keygen --password) in VM B
>>> (mandos-client) and pasted that in /etc/mandos/clients.conf of VM A
>>> (mandos server)
>>> 4) Restarted mandos server in A and rebooted VM B to check whether it
>>> can fetch information from server A to boot.
>>> 5) Executed the above command to echo the password, but no output.
>>>
>>> There is nothing I could see where I can see the debug command,
>>> because VM B cannot fetch the password from mandos-server in VM A,
>>> meaning I have to feed the encryption password manually to boot VM B.
>>>
>>> BTW, Teddy, the documentation is neither complete or verbose. It is
>>> wholly incomplete. At least I could have helped you to create a
>>> document, provided something works in my case. And it is not working
>>> at all? I am struggling for the last two days to make it work, yet no
>>> go! Maybe this is the reason there is little adoption of mandos is not
>>> so strong.
>>>
>>> I followed a longer solution for a similar solution (using a longer
>>> method with manual remote feeding of the key), but that is not what I
>>> am seeking rather something like mandos. But there is no luck that it
>>> worked.
>>>
>>> I wish...
>>>
>>> zenny
>>>
>>> On 12/2/12, Zenny <garbytrash at gmail.com> wrote:
>>>> Thanks Dick for information.
>>>>
>>>> About the first mandos server-client pair I meant the mandos server
>>>> which also tries to authenticate as client with each other, I
>>>> installed mandos sever and clients in both of them and copied the
>>>> output of 'mandos-keygen --passphrase' to the server's
>>>> /etc/mandos/clients.conf yet it does not authenticate, yet asks for
>>>> the passphrase in console?
>>>>
>>>> Tried to execute the following in the client console (as stated in
>>>> http://bzr.recompile.se/loggerhead/mandos/trunk/annotate/head:/debian/mandos-client.README.Debian),
>>>> but nothing happens even for hours.
>>>>
>>>> #/usr/lib/mandos/plugins.d/mandos-client \
>>>>> --pubkey=/etc/keys/mandos/pubkey.txt \
>>>>> --seckey=/etc/keys/mandos/seckey.txt; echo
>>>>
>>>> What did I miss? What other configuration changes that I need to make
>>>> to make it work?
>>>>
>>>> Thanks!
>>>>
>>>> On 12/1/12, Zenny <garbytrash at gmail.com> wrote:
>>>>> Hi again:
>>>>>
>>>>> I thoroughly read the documents in the site, yet I cannot figure out
>>>>> how to achieve this:
>>>>>
>>>>> 1) Two mandos servers-clients authenticating between each other which
>>>>> in turn provide authentication passwords to the local clients
>>>>>
>>>>> 2) The /boot is not partitioned, yet / and swap is encrypted over LVM
>>>>> (dm-crypt plus LUKS).
>>>>>
>>>>> I searched over the Net and could not figure out how to achieve this.
>>>>> Any pointers shall be appreciated.
>>>>>
>>>>> Regards
>>>>> zenny
>>>>>
>>>>> On 11/30/12, Zenny <garbytrash at gmail.com> wrote:
>>>>>> Hi:
>>>>>>
>>>>>> I happen to see your nice application just today and feel like
>>>>>> deploying. Unfortunately I am getting errors while installing
>>>>>> mados-client in embedded debian squeeze (voyage linux actually).
>>>>>>
>>>>>> 1) gpg: WARNING: some OpenPGP programs can't handle a DSA key with
>>>>>> this digest size
>>>>>>
>>>>>> I know of this error maybe it is run on a i386 machine.
>>>>>>
>>>>>> 2) cryptsetup: WARNING: could not determine root device from
>>>>>> /etc/fstab
>>>>>>
>>>>>> which looks like:
>>>>>> root at voyage:~# cat /etc/fstab
>>>>>> #/dev/hda1       /       ext2    defaults,noatime,rw     0       0
>>>>>> proc            /proc   proc    defaults                0       0
>>>>>> tmpfs 			/tmp 	tmpfs 	nosuid,nodev 			0 		0
>>>>>> #tmpfs           /rw     tmpfs   defaults,size=32M        0       0
>>>>>>
>>>>>>
>>>>>> Appreciate if there is any pointers! Is there any tutorials on how to
>>>>>> deploy mandos? FYI, I am trying to share keys between two mandos
>>>>>> servers. Thanks!
>>>>>>
>>>>>
>>>>
>>>
>>
>

More information about the Mandos-Dev mailing list