waverleylabs / sdpcontroller Goto Github PK
View Code? Open in Web Editor NEWControl Module for Software Defined Perimeter (SDP)
License: GNU General Public License v3.0
Control Module for Software Defined Perimeter (SDP)
License: GNU General Public License v3.0
I'm setting this up in a lab, and I've run into an issue at step 12 in the readme. When executing genCredentials.js, it errors out with the following, implying that there is a credential error with the user "sdp_controller@localhost". As you can see, I am not prompted for an ID or PW. I've attempted to read the js file but am unable to see what password the script may be trying to use to access the sdp database. Can you provide any insight into the credentials in the script so I can match them in the database? Thank you.
user@SDPGW1:/SDPcontroller$ node ./genCredentials.js 101
Preparing to generate credentials for SDP ID 101
Error connecting to database: Error: ER_ACCESS_DENIED_ERROR: Access denied for user 'sdp_controller'@'localhost' (using password: YES)
user@SDPGW1:/SDPcontroller$
cc@cc-virtua l-machine :~/SDPcontrollerS node .1 sdpcontroller .js
tls common. js:135
c.context.setCert(cert);
Error : error : 0909006C : PEM routines: get name: no start line
at object. createSecureContext (_ tls_ common. js:135:17 )
at new Server (_ tls_ wrap. js:873:27)
at object.createServer (_ tls_ wrap.js:919:10)
at startServer ( /home /cc /SDPcontroller /sdpController .js:195:22)
at startDbPool ( /home /cc/SDPcontroller /sdpController .jS:164:5)
at checkDbPassword ( /home/cc /SDPcontroller / sdpController . js:115:9)
at startController ( /home/cc/SDPcontroller /sdpController.js:83:9)
at credentialMaker . init ( /home/cc /SDPcontroller / sdpCr edentialMaker . js:38:5)at object . <anonymous> ( /home /cc /SDPcontroller /sdpController . js:79:19)
at Module._ compile ( internal/modules/cjs/loader . js:778:30)
Hi,
I have installed this SDPcontroller in my machine, I see that while creating certificates it is asking for sdpid for both controller & client. I was able to connect to first client.
To connect to a second client I only generated client certificates with different sdpid and pasted in the client machine but I'm not able to connect to controller from second client. I'm getting an error as SSL handshake failed.
Is there any solution for this?Thank you.
I have two questions about key and certification.
Regarding key:
I am aware there are two configuration files for client and server (ref: installation manual):
for client "SAMPLE_sdp_ctrl_client.conf" and ".fwknoprc"
for server "gate_sdp_ctrl_client.conf" and "fwknopd.conf"
What should I put in
SPA_ENCRYPTION_KEY and SPA_HMAC_KEY in "SAMPLE_sdp_ctrl_client.conf" (client side)
SPA_ENCRYPTION_KEY and SPA_HMAC_KEY in "gate_sdp_ctrl_client.conf" (gateway server side)
I generated "client.key", "clinet.crt", "client.csr" and "server.key", "server.crt", "server.csr" by node ./genCredentials.js <SDPID>
. Should I use information from these?
or data from "ca.crt" and "ca.key"? (in this case client and server will have the same value)
Regarding certification (and also key):
What should I put
KEY_FILE and CERT_FILE in "gate_sdp_ctrl.conf" (gateway server side)
example in the file indicated "client.key". Should be "server.key", right?:
(ref 1 and 2)
Client couldn't gain access to a protected service. Here is current status:
isi@isi-radio:~$ fwknop -n service_gate
[-] file: /home/isi/.fwknoprc permissions should only be user read/write (0600, -rw-------)
[-] file: /home/isi/.fwknoprc permissions should only be user read/write (0600, -rw-------)
(sdp_com.c:423) Setting CA cert for peer cert verification.
(sdp_com.c:622) Starting connection attempt 1
(sdp_com.c:329) Socket connect failed
(sdp_com.c:656) Connection attempt 1 failed, 2 attempts remaining
(sdp_com.c:668) Waiting 5 seconds until retry
(sdp_com.c:622) Starting connection attempt 2
(sdp_com.c:329) Socket connect failed
(sdp_com.c:656) Connection attempt 2 failed, 1 attempt remaining
(sdp_com.c:668) Waiting 10 seconds until retry
(sdp_com.c:622) Starting connection attempt 3
(sdp_com.c:329) Socket connect failed
(sdp_com.c:656) Connection attempt 3 failed, 0 attempts remaining
(sdp_com.c:661) Too many failed connection attempts. Exiting now
(sdp_ctrl_client.c:1562) SDP Control Client Exiting
SDP ctrl client returned error code: 32778
isi@isi-radio:~$
To run Software Defined Perimeter software, I followed these steps (ref: installation manual):
(1) Run controller
isi@isi-wave:~/project/SoDeTaNII/SDPcontroller$ node ./sdpController.js
(1) Tool imported
(2) Checked configurations
SDP Controller running at port 5000
No open connections found that need to be removed.
(2) Run gateway server
isi@isi-radio:~$ fwknopd
[-] file: /etc/fwknop/fwknopd.conf permissions should only be user read/write (0600, -rw-------)
[-] file: /etc/fwknop/fwknopd.conf (owner: 0) not owned by current effective user id: 1000
(3) Run client
isi@isi-radio:~$ fwknop -n service_gate
...and I have above error.
Please, let me know correct parameter or if I miss anything.
Dear,
I have a problem writing data in the open_connection and closed_connection tables.
At no point do not write me the arguments in the table. SDP Gateway and SDP Client are successfully authenticated and are taking new keys from SDP Controller, only the refresh_trigger table is filled in, but there are no more detailed information except that a change has been made to a table.
These tables are written with data: sdpid, sdpid_service, service, and service_gateway.
I also additionally filled in these tables with reference points: controller, gateway, gateway_controller and user but I have not received any changes and can be written to the open_connection and closed_connection tables.
Best regards,
Goce Joncheski
Setup:
Issue
[root@sdp SDPcontroller]# node ./sdpController.js
prompt: Enter certificate authority key password: *****************
prompt: Enter server key password: *****************
prompt: Enter database password: *****************
readline.js:1154
throw err;
^
Error: error:0909006C:PEM routines:get_name:no start line
at Object.createSecureContext (_tls_common.js:129:17)
at Server.setSecureContext (_tls_wrap.js:1323:27)
at new Server (_tls_wrap.js:1181:8)
at Object.createServer (_tls_wrap.js:1224:10)
at startServer (/opt/SDPcontroller/sdpController.js:195:22)
at startDbPool (/opt/SDPcontroller/sdpController.js:164:5)
at /opt/SDPcontroller/sdpController.js:137:17
at /opt/SDPcontroller/node_modules/prompt/lib/prompt.js:358:32
at /opt/SDPcontroller/node_modules/async/lib/async.js:154:25
at assembler (/opt/SDPcontroller/node_modules/prompt/lib/prompt.js:355:9) {
library: 'PEM routines',
function: 'get_name',
reason: 'no start line',
code: 'ERR_OSSL_PEM_NO_START_LINE'
}
Config file
module.exports = {
// print debug statements
'debug': false,
'serverPort': 5000,
'maxConnections': 100,
// milliseconds, 0 indicates no timeout
// this is controller's way of noticing a lost connection
'socketTimeout': 30000,
// false indicates the server should disconnect
// after a successful credential update
'keepClientsConnected': true,
// allow legacy access request type
// Legacy access request means the SPA packet specifies
// the port to open along with detailed NAT instructions
// if applicable. This mode is not secure because the
// client can be NAT'ed to anywhere it requests if NAT
// is enabled.
'allowLegacyAccessRequests': false,
// can create these using ./setup/create-certs.sh
'serverCert': './certs/server.crt',
'serverKey': './certs/server.key',
// to be prompted for a password, set this field
// to a null string using '' (that's 2 single quotes
// with no spaces between)
'serverKeyPassword': '',
'serverKeyPasswordRequired': true,
// can create these using ./setup/create-certs.sh
'caCert': './certs/ca.crt',
'caKey': './certs/ca.key',
// to be prompted for a password, delete this field or
// set it to a null string using '' (that's 2 single
// quotes with no spaces between)
'caKeyPassword': '',
'caKeyPasswordRequired': true,
// how many days new certificates should be good for
'daysToExpiration': 31,
// SPA encryption key length in bytes, range is 64 to 256
'encryptionKeyLen': 256,
// SPA HMAC key length in bytes, range is 4 to 128
'hmacKeyLen': 128,
// database options
'dbHost': 'localhost',
'dbUser': 'root',
'dbPasswordRequired': true,
// to be prompted for a password, delete this field or
// set it to a null string using '' (that's 2 single
// quotes with no spaces between)
'dbPassword': '',
'dbName': 'sdp',
// if any of these are exceeded, the controller
// disconnects from the client
'maxDataTransmitTries': 3,
'maxCredentialMakerTries': 3,
'maxBadMessages': 3,
// retry interval (milliseconds) for database failures
'databaseRetryInterval': 5000,
'databaseMaxRetries': 5,
// interval (milliseconds) to check database for changes
// that require sending updates to gateways
'databaseMonitorInterval': 3000,
};
I'm not sure whether I missed something or not, but I have no idea what's going on here. Some assistance is appreciated in advance.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.