Re: [Sks-devel] IPv4 vs. IPv6? -- Reconciliation attempt from unauthorized host, but host is authorized

[Arnold]

Hi Daniel,

On 11/27/2013 06:57 PM, Daniel Kahn Gillmor wrote:
> i'm running sks 1.1.4 on Debian GNU/Linux, wheezy, amd64 (x86_64)

same, but sks 1.1.3, on a virtual machine (kvm/qemu).

> Can anyone with a dual-stack machine (both IPv6 and IPv4) verify a
> successful connection from an IPv4-only peer in their recon logs?

Don't know if they are IPv4-only ;-)
My system is connected to (native) IPv6 (global address) and IPv4 (via NAT).

Here are some details of my settings and from my log. I guess you have in 
sksconf
something like :: or 0.0.0.0 instead of explicit addresses, especially for 
IPv6. I
found some remarks (of myself) in my conf file to use explicit addresses for 
IPv6.


# cat /proc/sys/net/ipv6/bindv6only
0

# netstat -l
tcp        0      0 pgpkeys.mallos.nl:11370 *:*                     LISTEN
tcp        0      0 localhost:hkp           *:*                     LISTEN
tcp        0      0 pgpkeys.mallos.nl:hkp   *:*                     LISTEN
...
tcp6       0      0 pgpkeys.mallos.nl:11370 [::]:*                  LISTEN
tcp6       0      0 localhost:hkp           [::]:*                  LISTEN
tcp6       0      0 pgpkeys.mallos.nl:hkp   [::]:*                  LISTEN

# cat /etc/sks/sksconf | grep "_address"
recon_address: 192.168.178.50 2001:980:53c0:1:46a:efff:fecf:701b
hkp_address: 127.0.0.1 ::1

# less recon.log
Beginning recon as server, client: <ADDR_INET [209.62.30.226]:51745>
...
Beginning recon as server, client: <ADDR_INET [2a00:1280:8000:2:1:8:0:1]:57649>
...
Recon partner: <ADDR_INET [209.62.30.226]:11370>
...
Recon partner: <ADDR_INET [2a00:1280:8000:2:1:8:0:1]:11370>

Etc.


Hope this helps!

Arnold