Startup troubles
Teddy Hogeborn
teddy at recompile.se
Tue Jun 5 19:24:54 CEST 2012
Dick Middleton <dick at fouter.net> writes:
> > Jun 3 16:55:20 hagrid <28>Mandos [28204]: WARNING: Handshake
> > failed: An algorithm that is not enabled was negotiated.
>
> > All I know is no password is returned. It just sits and waits.
> >
> > Looking at debug client is reporting:
> > Mandos plugin mandos-client: *** GnuTLS Handshake failed ***
> > GnuTLS error: A TLS packet with unexpected length was received.
>
> I tried generating RSA keys instead of the default DSA keys and it
> works now.
Right. That definitely points to GnuTLS having problems. Can the
gnutls-cli command connect to a running gnutls-serv? Does gnutls-serv
handle the --priority "SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP" option?
If not - then this is a GnuTLS problem, not ours.
Might you have altered the priority string of the Mandos server in
mandos.conf?
> I still get the
>
> Mandos plugin mandos-client: scandir: No such file or directory
>
> on the client but I guess that's unrelated. Is it due to
> /etc/mandos/plugin.d directory being empty?
You shouldn't get the error while booting, only when running the Mandos
client outside the initramfs environment. (The directory it tries to
scan is the network hook directory, which it won't find outside the
initramfs environment.)
/Teddy Hogeborn
--
The Mandos Project
http://www.recompile.se/mandos
More information about the Mandos-Dev
mailing list