Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SPA data time difference is too great #321

Open
yuleihua opened this issue Nov 12, 2020 · 1 comment
Open

SPA data time difference is too great #321

yuleihua opened this issue Nov 12, 2020 · 1 comment

Comments

@yuleihua
Copy link

The client and server is the same timestamp, i do not know why is "SPA data time difference is too great"?

client:
[ifts@localhost ~]$ fwknop -n 192.168.208.151 --verbose
SPA Field Values:

Random Value: 7569830465032922
Username: ifts
Timestamp: 1605159678
FKO Version: 3.0.0
Message Type: 1 (Access msg)
Message String: 192.168.208.168,tcp/22
Nat Access:
Server Auth:
Client Timeout: 0
Digest Type: 3 (SHA256)
HMAC Type: 3 (SHA256)
Encryption Type: 1 (Rijndael)
Encryption Mode: 2 (CBC)
Encoded Data: 7569830465032922:aWZ0cw:1605159678:3.0.0:1:MTkyLjE2OC4yMDguMTY4LHRjcC8yMg
SPA Data Digest: ZD8ln5jeEZ5qWWJt6JK8EsdTROJ4qg4fA5Bl29Y0rvU
HMAC: U2aGp4lYOn8D3hbptOxAJhpJ/cn9x/I4JBr0K3tArGY
Final SPA Data: 8sl+oz3MYr6HI6cmf3FPqbdml/74HG1xaBJpSDnAqd+XZzOe4CFsxPbj5opExnycsiR+pbIaL8DE8bbzcHU4g/lAuMKfCB+GNEOgkqY2Mzis/N3nUbr0I
monZxrncfsaY/n/mJBsGwuKLDGd21yWdWatNL9NE6/OU19NbYvxqhssHx53W5G5NvU2aGp4lYOn8D3hbptOxAJhpJ/cn9x/I4JBr0K3tArGY
Generating SPA packet:
protocol: udp
source port:
destination port: 62201
IP/host: 192.168.208.151
send_spa_packet: bytes sent: 225
[ifts@localhost ~]$ date
Thu Nov 12 13:46:16 CST 2020

server:
Random Value: 7569830465032922
Username: ifts
Timestamp: 1605159678
FKO Version: 3.0.0
Message Type: 1 (Access msg)
Message String: 192.168.208.168,tcp/22
Nat Access:
Server Auth:
Client Timeout: 0
Digest Type: 3 (SHA256)
HMAC Type: 3 (SHA256)
Encryption Type: 1 (Rijndael)
Encryption Mode: 2 (CBC)
Encoded Data: 7569830465032922:aWZ0cw:1605159678:3.0.0:1:MTkyLjE2OC4yMDguMTY4LHRjcC8yMg
SPA Data Digest: ZD8ln5jeEZ5qWWJt6JK8EsdTROJ4qg4fA5Bl29Y0rvU
HMAC: U2aGp4lYOn8D3hbptOxAJhpJ/cn9x/I4JBr0K3tArGY
Final SPA Data: 8sl+oz3MYr6HI6cmf3FPqbdml/74HG1xaBJpSDnAqd+XZzOe4CFsxPbj5opExnycsiR+pbIaL8DE8bbzcHU4g/lAuMKfCB+GNEOgkqY2Mzis/N3nUbr0ImonZxrncfsaY/n/mJBsGwuKLDGd21yWdWatNL9NE6/OU19NbYvxqhssHx53W5G5Nv

[192.168.208.168] (stanza #1) SPA data time difference is too great (1458 seconds).

ifts@stone:~$ date
Thu Nov 12 14:10:03 CST 2020
@hlein
Copy link
Contributor

hlein commented Jan 13, 2021

The client and server is the same timestamp, i do not know why is "SPA data time difference is too great"?

I suspect they are both just telling you about a timestamp was embedded in the client request packet?

If you look at the date outputs you pasted:

[ifts@localhost ~]$ date
Thu Nov 12 13:46:16 CST 2020

ifts@stone:~$ date
Thu Nov 12 14:10:03 CST 2020

Those are indeed quite different, and fwknopd is doing the right thing.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@hlein @yuleihua