Connection problems

[Teddy Hogeborn]

Erich Eckner <mandos at eckner.net> writes:

> I finally got around setting up my first mandos server-client pair. So
> far, I have a server running on raspian and a client running on arch
> linux in the same network. For debug-purposes, I'm starting the server
> regularly via systemd and running /usr/lib/mandos/plugin-runner
> manually on the client.

/usr/lib/mandos/plugin-runner is not meant to be run manually in the
regular (i.e. non-initrd) file system.  For a suitable command line to
run for test purposes, see
/usr/share/doc/mandos-client/README.Debian.gz.

> Interestingly, this only works "somewhat":
>
> * The server reports the client as up and running (so the checker
>   works).
>
> * The plugin-runner command hangs, and never returns (so it does not
>   successfully connect to the server), but:
>
> * If I restart the server (`systemctl restart mandos`), the
>   (still-running) plugin-runner gets its passphrase and succeeds (and
>   also the server correctly logs, that it handed out the secret).
>
> Question: What am I doing wrong / where should I start debugging? Or
> is this intended behaviour, and the server will not hand out secrets
> to a still-running client?

The first step in debugging is to run mandos-monitor, and watch what it
sees on the server when a client requests a password.  But I think that
the primary problem for you is that you are running plugin-runner in an
environment it was never meant to run in.  Try running the command
documented in /usr/share/doc/mandos-client/README.Debian.gz instead.

/Teddy Hogeborn

-- 
The Mandos Project
https://www.recompile.se/mandos
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 861 bytes
Desc: not available
URL: <http://mail.recompile.se/pipermail/mandos-dev/attachments/20240909/8e76d6e7/attachment.sig>