fwknop icon indicating copy to clipboard operation
fwknop copied to clipboard
verified publisher icon mrash

SPA data time difference is too great

Open yuleihua opened this issue 5 years ago • 1 comments

The client and server is the same timestamp, i do not know why is "SPA data time difference is too great"?

client: [ifts@localhost ~]$ fwknop -n 192.168.208.151 --verbose SPA Field Values:

Random Value: 7569830465032922 Username: ifts Timestamp: 1605159678 FKO Version: 3.0.0 Message Type: 1 (Access msg) Message String: 192.168.208.168,tcp/22 Nat Access: <NULL> Server Auth: <NULL> Client Timeout: 0 Digest Type: 3 (SHA256) HMAC Type: 3 (SHA256) Encryption Type: 1 (Rijndael) Encryption Mode: 2 (CBC) Encoded Data: 7569830465032922:aWZ0cw:1605159678:3.0.0:1:MTkyLjE2OC4yMDguMTY4LHRjcC8yMg SPA Data Digest: ZD8ln5jeEZ5qWWJt6JK8EsdTROJ4qg4fA5Bl29Y0rvU HMAC: U2aGp4lYOn8D3hbptOxAJhpJ/cn9x/I4JBr0K3tArGY Final SPA Data: 8sl+oz3MYr6HI6cmf3FPqbdml/74HG1xaBJpSDnAqd+XZzOe4CFsxPbj5opExnycsiR+pbIaL8DE8bbzcHU4g/lAuMKfCB+GNEOgkqY2Mzis/N3nUbr0I monZxrncfsaY/n/mJBsGwuKLDGd21yWdWatNL9NE6/OU19NbYvxqhssHx53W5G5NvU2aGp4lYOn8D3hbptOxAJhpJ/cn9x/I4JBr0K3tArGY Generating SPA packet: protocol: udp source port: <OS assigned> destination port: 62201 IP/host: 192.168.208.151 send_spa_packet: bytes sent: 225 [ifts@localhost ~]$ date Thu Nov 12 13:46:16 CST 2020

server: Random Value: 7569830465032922 Username: ifts Timestamp: 1605159678 FKO Version: 3.0.0 Message Type: 1 (Access msg) Message String: 192.168.208.168,tcp/22 Nat Access: <NULL> Server Auth: <NULL> Client Timeout: 0 Digest Type: 3 (SHA256) HMAC Type: 3 (SHA256) Encryption Type: 1 (Rijndael) Encryption Mode: 2 (CBC) Encoded Data: 7569830465032922:aWZ0cw:1605159678:3.0.0:1:MTkyLjE2OC4yMDguMTY4LHRjcC8yMg SPA Data Digest: ZD8ln5jeEZ5qWWJt6JK8EsdTROJ4qg4fA5Bl29Y0rvU HMAC: U2aGp4lYOn8D3hbptOxAJhpJ/cn9x/I4JBr0K3tArGY Final SPA Data: 8sl+oz3MYr6HI6cmf3FPqbdml/74HG1xaBJpSDnAqd+XZzOe4CFsxPbj5opExnycsiR+pbIaL8DE8bbzcHU4g/lAuMKfCB+GNEOgkqY2Mzis/N3nUbr0ImonZxrncfsaY/n/mJBsGwuKLDGd21yWdWatNL9NE6/OU19NbYvxqhssHx53W5G5Nv

[192.168.208.168] (stanza #1) SPA data time difference is too great (1458 seconds).

ifts@stone:~$ date Thu Nov 12 14:10:03 CST 2020

yuleihua avatar Nov 12 '20 06:11 yuleihua

The client and server is the same timestamp, i do not know why is "SPA data time difference is too great"?

I suspect they are both just telling you about a timestamp was embedded in the client request packet?

If you look at the date outputs you pasted:

[ifts@localhost ~]$ date Thu Nov 12 13:46:16 CST 2020

ifts@stone:~$ date Thu Nov 12 14:10:03 CST 2020

Those are indeed quite different, and fwknopd is doing the right thing.

hlein avatar Jan 13 '21 18:01 hlein