Mandos-client doesn't discover server, only explicit connection works

Tue Jul 29 13:58:24 CEST 2014

Hi,

I have set up two virtual machines to test mandos on Fedora 20. I have
SELinux disabled and also no firewall (iptables has no rules, and
default policy set to ACCEPT).

The mandos client can succesfully retrieve its secret when I explicitly
tell it to connect to the mandos-server, like so:

# /usr/lib64/mandos/plugins.d/mandos-client -s
/etc/mandos/keys/seckey.txt -p /etc/mandos/keys/pubkey.txt -c
192.168.4.240:49980

However, without the -c option, mandos-client cannot find the server.
They are both running in the same virtual network, both in the same
192.168.4.0/24 subnet, and can freely communicate.

Debug output is like this:

# /usr/lib64/mandos/plugins.d/mandos-client -s
/etc/mandos/keys/seckey.txt -p /etc/mandos/keys/pubkey.txt --debug
Mandos plugin mandos-client: Network hook directory
"/lib/mandos/network-hooks.d" not found
Mandos plugin mandos-client: Interface "ens3" is good
Mandos plugin mandos-client: Rejecting loopback interface "lo"
Mandos plugin mandos-client: Will use interface "ens3"
Mandos plugin mandos-client: Interface "ens3" is already up; good
Mandos plugin mandos-client: No interfaces were brought up
Mandos plugin mandos-client: Using only interface "ens3"
Mandos plugin mandos-client: Initializing GnuTLS
Mandos plugin mandos-client: Attempting to use OpenPGP public key
/etc/mandos/keys/pubkey.txt and secret key /etc/mandos/keys/seckey.txt
as GnuTLS credentials
Mandos plugin mandos-client: GnuTLS: armor filter: decode
Mandos plugin mandos-client: GnuTLS: ASSERT: stream.c:1035
Mandos plugin mandos-client: GnuTLS: free armor filter
Mandos plugin mandos-client: GnuTLS: armor filter: decode
Mandos plugin mandos-client: GnuTLS: ASSERT: stream.c:1035
Mandos plugin mandos-client: GnuTLS: free armor filter
Mandos plugin mandos-client: GnuTLS: ASSERT: pgp.c:172
Mandos plugin mandos-client: GnuTLS: ASSERT: stream.c:1035
Mandos plugin mandos-client: GnuTLS: ASSERT: privkey.c:1251
Mandos plugin mandos-client: GnuTLS: ASSERT: privkey.c:1251
Mandos plugin mandos-client: GnuTLS: ASSERT: pgp.c:172
Mandos plugin mandos-client: GnuTLS: ASSERT: pgp.c:1617
Mandos plugin mandos-client: GnuTLS: ASSERT: pgp.c:1617
Mandos plugin mandos-client: GnuTLS: ASSERT: privkey.c:1251
Mandos plugin mandos-client: GnuTLS: Generating group of prime of 1024
bits and format of 2wq+1. q_size=160 bits
Mandos plugin mandos-client: GnuTLS: Found prime w of 863 bits. Will
look for q of 160 bits...
Mandos plugin mandos-client: GnuTLS: Found prime q of 158 bits. Looking
for generator...
Mandos plugin mandos-client: GnuTLS: Found generator g of 1021 bits
Mandos plugin mandos-client: GnuTLS: Prime n is 1021 bits
Mandos plugin mandos-client: Tempdir /run/tmp/mandosMT1ZXA did not work,
trying /tmp/mandosXXXXXX
Mandos plugin mandos-client: Initializing GPGME
Joining mDNS multicast group on interface ens3.IPv6 with address
fe80::5054:ff:fea6:9855.
New relevant interface ens3.IPv6 for mDNS.
Joining mDNS multicast group on interface ens3.IPv4 with address
192.168.4.168.
New relevant interface ens3.IPv4 for mDNS.
Network interface enumeration completed.
Mandos plugin mandos-client: Starting Avahi loop search
Mandos plugin mandos-client: Wait until first server is found. No timeout!
Mandos plugin mandos-client: No Mandos server found, still searching...
Mandos plugin mandos-client: Wait until first server is found. No timeout!
Mandos plugin mandos-client: Wait until first server is found. No timeout!
Mandos plugin mandos-client: Wait until first server is found. No timeout!
Mandos plugin mandos-client: Wait until first server is found. No timeout!
Mandos plugin mandos-client: Wait until first server is found. No timeout!
Mandos plugin mandos-client: Wait until first server is found. No timeout!
Mandos plugin mandos-client: Wait until first server is found. No timeout!

This just keeps going on. What can I do to debug this?

I am using avahi-0.6.31-21.fc20.x86_64, and mandos is version 1.6.7.

Thanks,

Erik.