Mandos + CentOS 6

Nathanael d. Noblet nathanael at gnat.ca
Wed Apr 2 17:03:34 CEST 2014 

Sorry for the top post.

I have good news! I have a centos 6 machine using dracut and mandos
fully functional. At least it has been able to reboot unattended
multiple times. I've tested both dhcp and static ip address assignment. 

Then the bad news. I started working on getting a Fedora 20 VM to do the
same. This is where I run into the odd problem that mandos running on
different versions of RPM based machines have issues. 

I thought this was solved previously by changing the priority string on
the server. However that doesn't seem to work. There is something else
going on. To test I installed the mandos-server and client on the one
F20 vm. From a terminal if I have the client contact the local server it
gets the password back. If I have it contact the Centos 6 server it
never gets a response. The server spits out an error about a "TLS packet
with unexpected length was received". Any thoughts on how to debug this?
Once I have this working I'll post the needed bits for a Centos/RHEL
client and a Fedora/systemd client.

-- 
Nathanael


On Tue, 2014-04-01 at 22:14 +0200, Teddy Hogeborn wrote:
> "Nathanael d. Noblet" <nathanael at gnat.ca> writes:
> 
> >   So I tried to let mandos client bring up the interface, which it
> > sort of does, however I have no idea how any of the interfaces are
> > configured (dhcp vs static address) or how to specify to the
> > mandos-client what I would like. I looked through the source and
> > didn't really see anything in there. So basically I'm wondering does
> > the mandos client handle assigning an IP address, routes etc?
> 
> No.  If needed, this is the role of the so-called "network hooks" - see
> the manual page mandos-client(8mandos), and look in the directory
> /usr/share/doc/mandos-client/examples/network-hooks.d for some examples
> of network hooks.  However, normally, *no* network address is needed,
> since we use the automatically assigned link-local IPv6 address, and
> *no* route is needed, since we only look for Mandos servers on the local
> network.  No network hooks are installed by default - they are a feature
> for those who have non-standard needs.
> 
> > If so how can I tell it what I want? Also are the facilities
> > mandos-client uses debian based and thus may not work in another
> > environment?
> 
> The Mandos client itself does not configure any addresses, routes or
> interface options.  The example network hooks should not, I think,
> depend on anything Debian-specific, but if they do, they are only
> *examples*, and meant to be customized for individual needs.
> 
> /Teddy Hogeborn
> 
> _______________________________________________
> Mandos-Dev mailing list
> Mandos-Dev at recompile.se
> https://mail.recompile.se/cgi-bin/mailman/listinfo/mandos-dev

More information about the Mandos-Dev mailing list