Eystein,
Thanks for the tip. That works "kind of"... Here is what I had on my
server configs:
body server control
{
allowconnects => { "127.0.0.1" , "::1" , "10." };
allowallconnects => { "127.0.0.1" , "::1" , "10." };
trustkeysfrom => { "127.0.0.1" , "::1" , "10." };
...
When I added the ::ffff:<subnet>. as in ::ffff:10. I was able to get
self connect to the server socket. To test this further I added
another test network "without" putting in the ::ffff:<subnet>. and it
is answering. This is still a mystery as I don't disable IPv6 but I
also am not "using" it as the main tcp base I am still on ipv4 for
everything. Are there options or such that have been introduced? As of
eariler today I did not see anything posted in th change log for 3.1.4
but the 3.1.3 did not list anything which would effect which TCP
network should be used.
Follow on question: What does the ::ffff:<ipv4> actually mean? I
thought IPv4 compatablity was ::<ip> I am guessing this is true:
http://www.tcpipguide.com/free/t_IPv6IPv4AddressEmbedding-2.htm
So why does this happen here and not on 3.1.2 and below? All these
configs I have had working on 3.0.4 -> 3.1.2.
Any thoughts?
Regards,
Gusto
On Tue, Feb 1, 2011 at 10:46 AM, Eystein Måløy Stenberg
<eystein.stenb...@gmail.com> wrote:
> From the server, "Denying repeated connection from
> "::ffff:10.10.10.11" means that your client is trying to make two
> connections at the same time.
> If you want that to be allowed, see allowallconnects:
> http://www.cfengine.org/manuals/cf3-reference.html#allowallconnects-in-server
>
> --Eystein
>
> On Tue, Feb 1, 2011 at 3:41 PM, Gusto <gustofw...@gmail.com> wrote:
>> Hi Folks,
>>
>> I was wondering if anyone has built and run the new v3.1.4?
>>
>> I did today in my development policysrv2 host but I am seeing some
>> issues on key exchanges (protocol transaction reset). If some of you
>> recall this is the development env with the root-.pub issues on the
>> 3.1.2. Today I removed all keys and started fresh. This includes
>> removing all old /var/cfeninge/ppkeys/* /var/cfengine/*.db and
>> /var/cfengine/state/*. This should bring me back to a "fresh" env. I
>> started with my known working configs for update (known working on
>> 3.0.4/3.0.5/3.1.2). I was wondering if anyone could confirm/deny any
>> issues?
>>
>> Steps:
>> 1) cf-key - Generate localhost.pub localhost.priv
>> 2) copy the localhost.pub root-10.10.10.11.pub
>> 3) copy the localhost.priv root-10.10.10.11.priv
>> 4) Restart all daemon process (cf-server)
>> 5) running the cf-agent -KIv I see that I am denied access to the
>> running server (running on same host)
>>
>> Client side output:
>> ...
>> community> SET ifelapsed = 5
>> community> SET repository = /var/cfengine/repository
>> Protocol transaction broken off (1)
>> !!! System reports error for recv: "Connection reset by peer"
>> I: Report relates to a promise with handle "update_scripts"
>> I: Made in version 'not specified' of '/var/cfengine/inputs/update.cf'
>> near line 54
>> I: Comment: Update the base scripts directory for client
>>
>> !! Authentication dialogue with policysrv2.example.com failed
>> Unable to establish connection with policysrv2.example.com
>> -> No suitable server responded to hail
>> Promise (version not specified) belongs to bundle 'update' in file
>> '/var/cfengine/inputs/update.cf' near line 54
>> Comment: Update the base scripts directory for client
>> Protocol transaction broken off (1)
>> !!! System reports error for recv: "Connection reset by peer"
>> I: Report relates to a promise with handle "update_ppkeys"
>> I: Made in version 'not specified' of '/var/cfengine/inputs/update.cf'
>> near line 63
>> I: Comment: Update the base ppkeys directory for client
>> ...
>> Server side has:
>> Feb 1 09:10:19 policysrv2 cf-serverd[29870]: Denying repeated
>> connection from "::ffff:10.10.10.11"
>> Feb 1 09:10:19 policysrv2 community>[13706]: !! Authentication
>> dialogue with policysrv2.example.com failed
>> _______________________________________________
>> Help-cfengine mailing list
>> Help-cfengine@cfengine.org
>> https://cfengine.org/mailman/listinfo/help-cfengine
>>
>
_______________________________________________
Help-cfengine mailing list
Help-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/help-cfengine
