Mandos + CentOS 6

[Teddy Hogeborn]

"Nathanael d. Noblet" <nathanael at gnat.ca> writes:

> I have good news! I have a centos 6 machine using dracut and mandos
> fully functional. At least it has been able to reboot unattended
> multiple times. I've tested both dhcp and static ip address
> assignment.
>
> Then the bad news. I started working on getting a Fedora 20 VM to do
> the same. This is where I run into the odd problem that mandos running
> on different versions of RPM based machines have issues.
>
> I thought this was solved previously by changing the priority string
> on the server.

I still think this is the best bet to get it working.

> However that doesn't seem to work. There is something else going
> on. To test I installed the mandos-server and client on the one F20
> vm. From a terminal if I have the client contact the local server it
> gets the password back. If I have it contact the Centos 6 server it
> never gets a response. The server spits out an error about a "TLS
> packet with unexpected length was received".

Yeah, that's the GnuTLS standard message for "something unexpected
happened and I'm not going to tell you what it is".

> Any thoughts on how to debug this?  Once I have this working I'll post
> the needed bits for a Centos/RHEL client and a Fedora/systemd client.

Use the "gnutls-cli" and "gnutls-serv" commands to debug straight GnuTLS
without any Mandos complications.  Note that the Mandos server should
run the gnutls-cli command, and the Mandos client should run the
gnutls-serv command, and you'll therefore have to connect from the
Mandos server system to the Mandos client system using the gnutls-cli
and gnutls-serv tools.

/Teddy Hogeborn

-- 
The Mandos Project
http://www.recompile.se/mandos
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 489 bytes
Desc: not available
URL: <http://mail.recompile.se/pipermail/mandos-dev/attachments/20140403/bde8e810/attachment.sig>