[Question] Configuration for Client and Gateway Server (Client Not Gain Access) #7
Description
Question
I have two questions about key and certification.
Regarding key:
I am aware there are two configuration files for client and server (ref: installation manual):
for client "SAMPLE_sdp_ctrl_client.conf" and ".fwknoprc"
for server "gate_sdp_ctrl_client.conf" and "fwknopd.conf"
What should I put in
SPA_ENCRYPTION_KEY and SPA_HMAC_KEY in "SAMPLE_sdp_ctrl_client.conf" (client side)
SPA_ENCRYPTION_KEY and SPA_HMAC_KEY in "gate_sdp_ctrl_client.conf" (gateway server side)
I generated "client.key", "clinet.crt", "client.csr" and "server.key", "server.crt", "server.csr" by node ./genCredentials.js <SDPID>. Should I use information from these?
or data from "ca.crt" and "ca.key"? (in this case client and server will have the same value)
Regarding certification (and also key):
What should I put
KEY_FILE and CERT_FILE in "gate_sdp_ctrl.conf" (gateway server side)
example in the file indicated "client.key". Should be "server.key", right?:
(ref 1 and 2)
Situation
Client couldn't gain access to a protected service. Here is current status:
isi@isi-radio:~$ fwknop -n service_gate
[-] file: /home/isi/.fwknoprc permissions should only be user read/write (0600, -rw-------)
[-] file: /home/isi/.fwknoprc permissions should only be user read/write (0600, -rw-------)
(sdp_com.c:423) Setting CA cert for peer cert verification.
(sdp_com.c:622) Starting connection attempt 1
(sdp_com.c:329) Socket connect failed
(sdp_com.c:656) Connection attempt 1 failed, 2 attempts remaining
(sdp_com.c:668) Waiting 5 seconds until retry
(sdp_com.c:622) Starting connection attempt 2
(sdp_com.c:329) Socket connect failed
(sdp_com.c:656) Connection attempt 2 failed, 1 attempt remaining
(sdp_com.c:668) Waiting 10 seconds until retry
(sdp_com.c:622) Starting connection attempt 3
(sdp_com.c:329) Socket connect failed
(sdp_com.c:656) Connection attempt 3 failed, 0 attempts remaining
(sdp_com.c:661) Too many failed connection attempts. Exiting now
(sdp_ctrl_client.c:1562) SDP Control Client Exiting
SDP ctrl client returned error code: 32778
isi@isi-radio:~$
To run Software Defined Perimeter software, I followed these steps (ref: installation manual):
(1) Run controller
isi@isi-wave:~/project/SoDeTaNII/SDPcontroller$ node ./sdpController.js
(1) Tool imported
(2) Checked configurations
SDP Controller running at port 5000
No open connections found that need to be removed.
(2) Run gateway server
isi@isi-radio:~$ fwknopd
[-] file: /etc/fwknop/fwknopd.conf permissions should only be user read/write (0600, -rw-------)
[-] file: /etc/fwknop/fwknopd.conf (owner: 0) not owned by current effective user id: 1000
(3) Run client
isi@isi-radio:~$ fwknop -n service_gate...and I have above error.
Please, let me know correct parameter or if I miss anything.