netopeer2
netopeer2 copied to clipboard
Published
20 hours ago •
CESNET
CESNET
Changing TLS port in netopeer2
Hi,
We establish a TLS connection using the provided files in this project.
2022-03-07 07:58:02,202 (PowerLogger.java:328) DEBUG : <rpc message-id="3" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<edit-config>
<target>
<running/>
</target>
<config>
<netconf-server xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-server">
<listen>
<endpoint>
<name>default-tls</name>
<tls>
<tcp-server-parameters>
<local-address>0.0.0.0</local-address>
<keepalives>
<idle-time>1</idle-time>
<max-probes>10</max-probes>
<probe-interval>5</probe-interval>
</keepalives>
</tcp-server-parameters>
<tls-server-parameters>
<server-identity>
<keystore-reference>
<asymmetric-key>serverkey</asymmetric-key>
<certificate>servercert</certificate>
</keystore-reference>
</server-identity>
<client-authentication>
<required/>
<ca-certs>cacerts</ca-certs>
<client-certs>clientcerts</client-certs>
<cert-maps>
<cert-to-name>
<id>1</id>
<fingerprint>02:E9:38:1F:F6:8B:62:DE:0A:0B:C5:03:81:A8:03:49:A0:00:7F:8B:F3</fingerprint>
<map-type xmlns:x509c2n="urn:ietf:params:xml:ns:yang:ietf-x509-cert-to-name">x509c2n:specified</map-type>
<name>tls-test</name>
</cert-to-name>
</cert-maps>
</client-authentication>
</tls-server-parameters>
</tls>
</endpoint>
</listen>
</netconf-server>
</config>
</edit-config>
</rpc>
]]>]]>
2022-03-07 07:58:02,329 (Slf4jLogConsumer.java:71) INFO : STDERR: [INF]: LY: Resolving unresolved data nodes and their constraints...
2022-03-07 07:58:02,330 (Slf4jLogConsumer.java:71) INFO : STDERR: [INF]: LY: All data nodes and constraints resolved.
2022-03-07 07:58:02,330 (Slf4jLogConsumer.java:71) INFO : STDERR: [INF]: LY: Resolving unresolved data nodes and their constraints...
2022-03-07 07:58:02,330 (Slf4jLogConsumer.java:71) INFO : STDERR: [INF]: LY: All data nodes and constraints resolved.
2022-03-07 07:58:02,331 (Slf4jLogConsumer.java:71) INFO : STDERR: [INF]: SR: Published event "rpc" "/ietf-netconf:edit-config" with ID 3 priority 0 for 1 subscribers.
2022-03-07 07:58:02,331 (Slf4jLogConsumer.java:71) INFO : STDERR: [INF]: SR: Processing "/ietf-netconf:edit-config" "rpc" event with ID 3 priority 0 (remaining 1 subscribers).
2022-03-07 07:58:02,331 (PowerLogger.java:338) DEBUG : The reply is <rpc-reply message-id="3" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"><ok/></rpc-reply>
2022-03-07 07:58:02,332 (Slf4jLogConsumer.java:71) INFO : STDERR: [INF]: NP: edit-config error-option "stop-on-error" not supported, rollback-on-error will be performed.
2022-03-07 07:58:02,332 (Slf4jLogConsumer.java:71) INFO : STDERR: [INF]: LY: Resolving unresolved data nodes and their constraints...
2022-03-07 07:58:02,332 (Slf4jLogConsumer.java:71) INFO : STDERR: [INF]: LY: All data nodes and constraints resolved.
2022-03-07 07:58:02,332 (Slf4jLogConsumer.java:71) INFO : STDERR: [INF]: SR: Published event "done" "ietf-netconf-server" with ID 1 priority 0 for 22 subscribers.
2022-03-07 07:58:02,333 (Slf4jLogConsumer.java:71) INFO : STDERR: [INF]: LY: Resolving unresolved data nodes and their constraints...
2022-03-07 07:58:02,333 (Slf4jLogConsumer.java:71) INFO : STDERR: [INF]: LY: There is no leafref "/ietf-keystore:keystore/ietf-keystore:asymmetric-keys/ietf-keystore:asymmetric-key/ietf-keystore:name" with the value "serverkey", but it is not required.
2022-03-07 07:58:02,333 (Slf4jLogConsumer.java:71) INFO : STDERR: [INF]: LY: There is no leafref "/ietf-keystore:keystore/ietf-keystore:asymmetric-keys/ietf-keystore:asymmetric-key[ietf-keystore:name = current()/../asymmetric-key]/ietf-keystore:certificates/ietf-keystore:certificate/ietf-keystore:name" with the value "servercert", but it is not required.
2022-03-07 07:58:02,333 (Slf4jLogConsumer.java:71) INFO : STDERR: [INF]: LY: There is no leafref "/ietf-truststore:truststore/ietf-truststore:certificates/ietf-truststore:name" with the value "cacerts", but it is not required.
2022-03-07 07:58:02,334 (Slf4jLogConsumer.java:71) INFO : STDERR: [INF]: LY: There is no leafref "/ietf-truststore:truststore/ietf-truststore:certificates/ietf-truststore:name" with the value "clientcerts", but it is not required.
2022-03-07 07:58:02,334 (Slf4jLogConsumer.java:71) INFO : STDERR: [INF]: LY: All data nodes and constraints resolved.
2022-03-07 07:58:02,334 (Slf4jLogConsumer.java:71) INFO : STDERR: [INF]: SR: Processing "ietf-netconf-server" "done" event with ID 1 priority 0 (remaining 22 subscribers).
**2022-03-07 07:58:02,334 (Slf4jLogConsumer.java:71) INFO : STDERR: [INF]: LN: Listening on 0.0.0.0:6513 for TLS connections.**
Then we change the port using:
2022-03-07 07:58:21,307 (PowerLogger.java:328) DEBUG : <rpc message-id="6" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<edit-config>
<target>
<running/>
</target>
<default-operation>merge</default-operation>
<error-option>stop-on-error</error-option>
<config>
<netconf-server xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-server">
<listen>
<endpoint>
<name>default-tls</name>
<tls>
<tcp-server-parameters>
<local-port>6555</local-port>
</tcp-server-parameters>
</tls>
</endpoint>
</listen>
</netconf-server>
</config>
</edit-config>
</rpc>
]]>]]>
2022-03-07 07:58:21,345 (Slf4jLogConsumer.java:71) INFO : STDERR: [INF]: LY: Resolving unresolved data nodes and their constraints...
2022-03-07 07:58:21,345 (Slf4jLogConsumer.java:71) INFO : STDERR: [INF]: LY: All data nodes and constraints resolved.
2022-03-07 07:58:21,346 (Slf4jLogConsumer.java:71) INFO : STDERR: [INF]: LY: Resolving unresolved data nodes and their constraints...
2022-03-07 07:58:21,346 (Slf4jLogConsumer.java:71) INFO : STDERR: [INF]: LY: All data nodes and constraints resolved.
2022-03-07 07:58:21,346 (Slf4jLogConsumer.java:71) INFO : STDERR: [INF]: SR: Published event "rpc" "/ietf-netconf:edit-config" with ID 4 priority 0 for 1 subscribers.
2022-03-07 07:58:21,347 (Slf4jLogConsumer.java:71) INFO : STDERR: [INF]: SR: Processing "/ietf-netconf:edit-config" "rpc" event with ID 4 priority 0 (remaining 1 subscribers).
2022-03-07 07:58:21,347 (Slf4jLogConsumer.java:71) INFO : STDERR: [INF]: NP: edit-config error-option "stop-on-error" not supported, rollback-on-error will be performed.
2022-03-07 07:58:21,347 (Slf4jLogConsumer.java:71) INFO : STDERR: [INF]: LY: Resolving unresolved data nodes and their constraints...
2022-03-07 07:58:21,347 (Slf4jLogConsumer.java:71) INFO : STDERR: [INF]: LY: All data nodes and constraints resolved.
2022-03-07 07:58:21,348 (Slf4jLogConsumer.java:71) INFO : STDERR: [INF]: SR: Published event "done" "ietf-netconf-server" with ID 2 priority 0 for 22 subscribers.
2022-03-07 07:58:21,348 (Slf4jLogConsumer.java:71) INFO : STDERR: [INF]: SR: Processing "ietf-netconf-server" "done" event with ID 2 priority 0 (remaining 22 subscribers).
**2022-03-07 07:58:21,348 (Slf4jLogConsumer.java:71) INFO : STDERR: [INF]: LN: Listening on 0.0.0.0:6555 for TLS connections.**
2022-03-07 07:58:21,349 (Slf4jLogConsumer.java:71) INFO : STDERR: [INF]: SR: Successful processing of "done" event with ID 2 priority 0 (remaining 0 subscribers).
2022-03-07 07:58:21,349 (Slf4jLogConsumer.java:71) INFO : STDERR: [INF]: SR: Successful processing of "rpc" event with ID 4 priority 0 (remaining 0 subscribers).
2022-03-07 07:58:21,350 (Slf4jLogConsumer.java:71) INFO : STDERR: [INF]: SR: Event "rpc" with ID 4 priority 0 succeeded.
2022-03-07 07:58:21,350 (Slf4jLogConsumer.java:71) INFO : STDERR: [INF]: NP: Session 2: thread 0 event new RPC.
2022-03-07 07:58:21,430 (PowerLogger.java:338) DEBUG : The reply is <rpc-reply message-id="6" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"><ok/></rpc-reply>
We use the same client and when we send keepAlive connection still responds.
2022-03-07 07:58:42,263 (PowerLogger.java:328) DEBUG : <rpc message-id="7" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<get>
<filter type="subtree"/>
</get>
</rpc>
]]>]]>
2022-03-07 07:58:42,277 (Slf4jLogConsumer.java:71) INFO : STDERR: [INF]: LY: Resolving unresolved data nodes and their constraints...
2022-03-07 07:58:42,278 (Slf4jLogConsumer.java:71) INFO : STDERR: [INF]: LY: All data nodes and constraints resolved.
2022-03-07 07:58:42,278 (Slf4jLogConsumer.java:71) INFO : STDERR: [INF]: LY: Resolving unresolved data nodes and their constraints...
2022-03-07 07:58:42,278 (Slf4jLogConsumer.java:71) INFO : STDERR: [INF]: LY: All data nodes and constraints resolved.
2022-03-07 07:58:42,278 (Slf4jLogConsumer.java:71) INFO : STDERR: [INF]: SR: Published event "rpc" "/ietf-netconf:get" with ID 2 priority 0 for 1 subscribers.
2022-03-07 07:58:42,278 (Slf4jLogConsumer.java:71) INFO : STDERR: [INF]: SR: Processing "/ietf-netconf:get" "rpc" event with ID 2 priority 0 (remaining 1 subscribers).
2022-03-07 07:58:42,278 (Slf4jLogConsumer.java:71) INFO : STDERR: [INF]: SR: Successful processing of "rpc" event with ID 2 priority 0 (remaining 0 subscribers).
2022-03-07 07:58:42,278 (Slf4jLogConsumer.java:71) INFO : STDERR: [INF]: SR: Event "rpc" with ID 2 priority 0 succeeded.
2022-03-07 07:58:42,279 (Slf4jLogConsumer.java:71) INFO : STDERR: [INF]: LY: Resolving unresolved data nodes and their constraints...
2022-03-07 07:58:42,279 (Slf4jLogConsumer.java:71) INFO : STDERR: [INF]: LY: All data nodes and constraints resolved.
2022-03-07 07:58:42,279 (Slf4jLogConsumer.java:71) INFO : STDERR: [INF]: NP: Session 2: thread 0 event new RPC.
2022-03-07 07:58:42,287 (PowerLogger.java:328) DEBUG : <rpc-reply message-id="7" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"><data xmlns="urn:ietf:params:xml:ns:netconf:base:1.0"></data></rpc-reply>
Q1: Should not connection be lost for client connected on port, 6513? Q2: Should we not see anything in log that connection is lost for on this port?
br,
//mike
Q1: Why? You have changed the listening port, any established connections (on the previous port) can and probably should continue to work normally. Q2: No, since it is not lost.
