epoptes-client failed to fetch certificate
I have installed epoptes in my computer with lubuntu 12.04 (named lubuntu-portable), installed epoptes-client in another computer, changed the line SERVER=server to SERVER=
# epoptes-client -c
I get :
connect: Connection timed out
connect:errn0=110
epoptes-client ERROR: Failed to fetch certifiacte from lubuntu-
Does anyone know what I should do ?
Olivier
Question information
- Language:
- English Edit question
- Status:
- Solved
- For:
- Epoptes Edit question
- Assignee:
- No assignee Edit question
- Solved by:
- Olivier Péault
- Solved:
- Last query:
- Last reply:
Revision history for this message
|
#1 |
First, try with epoptes-client -c <ip of lubuntu-portable>
If that doesn't work, go in lubuntu-portable, and run:
service epoptes restart
And paste any error messages here.
Revision history for this message
|
#2 |
Thanks for your reply.
I get the same error on the client :
# epoptes-client -c 192.168.1.33
connect: Connection timed out
connect:errn0=110
epoptes-client ERROR: Failed to fetch certificate from 192.168.1.33:789
On the "server":
# service epoptes restart
* Stopping the epoptes daemon [ OK ]
* Starting the epoptes daemon [ OK ]
Olivier
Revision history for this message
|
#3 |
On the server, verify that epoptes is listening on port 789:
$ sudo netstat -nap | grep :789
tcp 0 0 0.0.0.0:789 0.0.0.0:* LISTEN 2447/python
If it is, then check for firewall issues.
Can you ping the server from the client?
Revision history for this message
|
#4 |
Here are the results :
$ sudo netstat -nap | grep :789
tcp 0 0 0.0.0.0:789 0.0.0.0:* LISTEN 5807/python
tcp 0 0 192.168.1.33:789 192.168.1.34:38975 ESTABLISHED 5807/python
tcp 0 0 192.168.1.33:789 192.168.1.34:38974 ESTABLISHED 5807/python
tcp 0 0 192.168.1.33:789 192.168.1.34:38973 ESTABLISHED 5807/python
$ sudo ufw disable
Le pare-feu est arrêté et désactivé lors du démarrage du système
(More or less : The firewall is stopped and desactivated when system starts)
On the client
$ ping lubuntu-
works
Olivier
Revision history for this message
|
#5 |
Run the following commands, and paste their output here:
Server:
ls -lha /etc/epoptes
openssl s_client -connect localhost:789 < /dev/null | sed '/-----BEGIN CERTIFICATE-
Client:
openssl s_client -connect <ip of server>:789 < /dev/null | sed '/-----BEGIN CERTIFICATE-
Revision history for this message
|
#6 |
Server :
olivier@
total 24K
drwxr-xr-x 2 root root 4,0K juil. 2 15:04 .
drwxr-xr-x 146 root root 12K juil. 3 09:31 ..
-rw-r--r-- 1 root root 875 juil. 2 15:04 server.crt
-rw------- 1 root root 916 juil. 2 15:04 server.key
olivier@
depth=0 C = AU, ST = Some-State, O = Internet Widgits Pty Ltd
verify error:num=18:self signed certificate
verify return:1
depth=0 C = AU, ST = Some-State, O = Internet Widgits Pty Ltd
verify return:1
DONE
-----BEGIN CERTIFICATE-----
MIICWDCCAcGgAwI
BAYTAkFVMRMwEQY
aWRnaXRzIFB0eSB
MQswCQYDVQQGEwJ
ZXJuZXQgV2lkZ2l
gQDDIfoTFH0OExu
UKoc/EVA6Mk0BdG
fGetbVKDmrCKO1A
HQ4EFgQU5+
sZ0KsIvD4PQYX7w
onKstYUmxEVb4yJ
h/FWjJ5ZF41p/
qo9LzT6M47FdMiW
-----END CERTIFICATE-----
Client :
olivier@maths-5:~$ openssl s_client -connect 192.168.1.33:789 < /dev/null | sed '/-----BEGIN
CERTIFICATE-
depth=0 C = AU, ST = Some-State, O = Internet Widgits Pty Ltd
verify error:num=18:self signed certificate
verify return:1
depth=0 C = AU, ST = Some-State, O = Internet Widgits Pty Ltd
verify return:1
-----BEGIN CERTIFICATE-----
MIICWDCCAcGgAwI
BAYTAkFVMRMwEQY
aWRnaXRzIFB0eSB
MQswCQYDVQQGEwJ
ZXJuZXQgV2lkZ2l
gQDDIfoTFH0OExu
UKoc/EVA6Mk0BdG
fGetbVKDmrCKO1A
HQ4EFgQU5+
sZ0KsIvD4PQYX7w
onKstYUmxEVb4yJ
h/FWjJ5ZF41p/
qo9LzT6M47FdMiW
-----END CERTIFICATE-----
DONE
Revision history for this message
|
#7 |
It works now.
I have run the previous commands whitout understanding. Did they solve the problem ?
Anyway, thank you very much for your help.
--
Olivier
Revision history for this message
|
#8 |
No, the previous commands were just diagnostic, they didn't modify your installation at all. They're essentially what `epoptes-client -c` does, but without the "saving the server certificate to /etc/epoptes/
It probably was a networking problem, but I don't know what, since you said that your firewall was off.
If it's working now it means that `epoptes-client -c server` at some point succeeded in contacting your server.
Revision history for this message
|
#9 |
Thank you for the explanation.
I was just testing but the idea is to make it work for a classroom. If the same problem appears, can I solve it by copying the server.crt from the server to each client ?
Revision history for this message
|
#10 |
You can copy the certificate with scp or any other method you like, instead of using `epoptes-client -c`.
But the same 789 port is used for the client <=> server communication, so if the networking problem appears again, the clients won't be able to connect to the server even if they have the certificate.
If that happens again, try the client openssl command above. If that works, `epoptes-client -c server` should work too, otherwise it's an epoptes bug (but I don't think that's likely). If that doesn't work, it's a networking issue. Check again the firewall, your iptables etc.
Revision history for this message
|
#12 |
Hello.
I have similar problem.
Client and server are both on Kubuntu in local network.
On client:
sudo epoptes-client -c
connect: Connection timed out
connect:errno=110
epoptes-client ERROR: Failed to fetch certificate from server:789
- the same with sudo epoptes-client -c 192.168.1.4
I did:
sudo service epoptes restart
sudo ufw disable
on both
On server:
sudo netstat -nap | grep :789
[sudo] password for norbert:
tcp 0 0 0.0.0.0:789 0.0.0.0:* LISTEN 2942/python
tcp 0 1 192.168.1.4:55060 192.168.1.3:789 SYN_SENT 2678/socat
ls -lha /etc/epoptes
razem 24K
drwxr-xr-x 2 root root 4,0K lis 29 19:16 .
drwxr-xr-x 149 root root 12K gru 5 13:08 ..
-rw-r--r-- 1 root root 875 lis 29 23:07 server.crt
-rw------- 1 root root 916 lis 29 23:07 server.key
openssl s_client -connect localhost:789 < /dev/null | sed '/-----BEGIN CERTIFICATE-
depth=0 C = AU, ST = Some-State, O = Internet Widgits Pty Ltd
verify error:num=18:self signed certificate
verify return:1
depth=0 C = AU, ST = Some-State, O = Internet Widgits Pty Ltd
verify return:1
DONE
-----BEGIN CERTIFICATE-----
MIICWDCCAcGgAwI
[...]
sTbhgcefw95mRdc
gSxUqHOagjnfOK5
A/Aine6fvLeqN5e
vXSCal8zeFhZ52J
-----END CERTIFICATE-----
On client:
ping to server works
openssl s_client -connect 192.168.1.4:789 < /dev/null | sed '/-----BEGIN CERTIFICATE-
connect: Connection timed out
connect:errno=110
How can I get connection?
Revision history for this message
|
#13 |
I think it's a firewall issue, even if it isn't UFW.
You could come to IRC for live help (find it in the epoptes help menu).
Some things to try:
* From the client: socat - ssl:192.
* Manually copy /etc/epoptes/
* Try to contact some other server port, e.g. ssh or whatever other service you have installed.
Revision history for this message
|
#14 |
Thanks.
I'm closer.
Actually it was firewall issue, I solve it with firestarter. It was on list of blocked connections.
Now on client:
sudo epoptes-client -c
depth=0 C = AU, ST = Some-State, O = Internet Widgits Pty Ltd
verify error:num=18:self signed certificate
verify return:1
depth=0 C = AU, ST = Some-State, O = Internet Widgits Pty Ltd
verify return:1
DONE
Successfully fetched certificate from server:789
openssl s_client -connect 192.168.1.4:789 < /dev/null | sed '/-----BEGIN CERTIFICATE-
depth=0 C = AU, ST = Some-State, O = Internet Widgits Pty Ltd
verify error:num=18:self signed certificate
verify return:1
depth=0 C = AU, ST = Some-State, O = Internet Widgits Pty Ltd
verify return:1
-----BEGIN CERTIFICATE-----
MIICWDCCAcGgAwI
BAYTAkFVMRMwEQY
[...]
vXSCal8zeFhZ52J
-----END CERTIFICATE-----
DONE
On server:
sudo netstat -nap | grep :789
[sudo] password for norbert:
tcp 0 0 0.0.0.0:789 0.0.0.0:* LISTEN 6114/python
ls -lha /etc/epoptes
razem 24K
drwxr-xr-x 2 root root 4,0K lis 29 19:16 .
drwxr-xr-x 149 root root 12K gru 6 10:29 ..
-rw-r--r-- 1 root root 875 lis 29 23:07 server.crt
-rw------- 1 root root 916 lis 29 23:07 server.key
openssl s_client -connect localhost:789 < /dev/null | sed '/-----BEGIN CERTIFICATE-
depth=0 C = AU, ST = Some-State, O = Internet Widgits Pty Ltd
verify error:num=18:self signed certificate
verify return:1
depth=0 C = AU, ST = Some-State, O = Internet Widgits Pty Ltd
verify return:1
DONE
-----BEGIN CERTIFICATE-----
MIICWDCCAcGgAwI
[...]
gSxUqHOagjnfOK5
A/Aine6fvLeqN5e
vXSCal8zeFhZ52J
-----END CERTIFICATE-----
On both:
sudo service epoptes restart
But when I run on server:
epoptes
Got clients: None
It doesn't see client.
Revision history for this message
|
#15 |
OK
sudo service epoptes restart was not enough in my case - full reboot was needed on both machines.
Revision history for this message
|
#16 |
And now my purpose is to have one client on computer outside local network, which could be monitored by some of two servers [in my local network, at the moment they work as a server nad client], depends on situation.
At the beggining I'd like to make reversed connection in local network. Client should become server, and server - client.
Is that possible?
I got:
sudo epoptes-client -c
140283224655520
epoptes-client ERROR: Failed to fetch certificate from 192.168.1.3:789
Revision history for this message
|
#17 |
Hi Norbert,
epoptes-client can only connect to a single server, it can't be monitored from 2 servers simultaneously.
For the remote <=> local network issue, please open another question, and make sure that you have port forwarding in your router set up correctly for port 789.
Revision history for this message
|
#18 |
i have some problem, but i use pinet
can you help me mr.alkisg