27 Pro
2020
27 Pro
'20
14:54
On Sun, 27 Dec 2020, at 05:34, libor.peltan wrote:
Hi Sadiq,
thank you for sharing your Knot issue with us.
You might try (temporary) lowering the log level from 'info' to 'debug'
on sekhmet, in order to see potential "ACL denied" message.
Anyway, I can see in your configuration files that you are using two
'remote' instances for one machine. This has probably nothing to do
with this issue, but it can cause different kinds of issues. Idiomatic
configuration should look like (for example):
remote:
- id: horus
address: [ 192.67.222.53@53, 2620:98:400a::53@53 ]
Let us know your next findings,
Thanks,
Libor
I figured the cause of the warning, it was a ACL related issue combined with Linux source
address selection.
horus was using a IPv4 address for notify that I had not put in the ACL on sekhmet so it
was getting a NOTAUTH.
I modified the ACL on sekhmet to include all the possible source addresses and that
resolved the warning:
address: [2620:98:400a::/48, 2607:f2f8:aaa0::/64, 192.67.222.0/24, 174.136.98.122]
horus was using 176.126.240.205 for the notify which wasn't in the ACL. I modified the
ACL on horus as well to include all of sekhmet's possible source addresses so this
issue doesn't happen in the future for the transfer.
address: [2620:98:400c::/48, 2a00:1098:84:22b::/64, 192.195.251.0/24, 176.126.240.205]
Regarding the two remote instances for one machine, I will fix that, for some reason I
thought I could not use two addresses for one remote. Probably me misunderstanding the
documentation :)
--
Sadiq Saif
https://bastetrix.com