Re: [Help-gnunet] nsswitch not resolving VPN records

help-gnunet

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Help-gnunet] nsswitch not resolving VPN records

From:	Christian Grothoff
Subject:	Re: [Help-gnunet] nsswitch not resolving VPN records
Date:	Thu, 23 Feb 2017 23:08:44 +0100
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Icedove/45.6.0

Dear Ivan,

First of all, 0.10.1-4 is like 3+ years old, so I'm likely to have
forgotten about some of the 350+ issues we've fixed since.  Generally,
we right now recommend people (especially devs) to use the code from
Git, even though that's naturally somewhat unstable.  That said, I just
had reason to test the VPN resolution logic, and for me it works right
now (in Git master).

Anyway, about your specific problem: When the gnunet-service-gns gets a
'VPN' record and is expected to produce an 'A' (or 'AAAA') record, it
must talk to gnunet-service-vpn to obtain the IPv4/IPv6 address.  You
can do the same kind of operation using the 'gnunet-vpn' command-line
tool (specify info from VPN record, it should return the IP).  If
gnunet-service-vpn is

* not running (even though it should be started automatically),
* not working (i.e. interface not up, SUID gnunet-helper-vpn not
  properly installed)
* or somehow not accessible (access control policy on UNIX domain
  socket, iptables blocking TCP port, etc)

it will block/retry until VPN becomes available (which of course usually
means "never" in the 3 cases above).

To diagnose, you might try running 'gnunet-vpn' with the matching
information from the VPN record as the same user that executes
gnunet-service-gns.  If that works, eh, well, then I don't know and
would have to start debugging (but I don't debug 0.10.1 anymore).

Happy hacking!

Christian

On 02/22/2017 12:15 PM, Ivan Vilata-i-Balaguer wrote:
> Hi list,
> 
> While testing GNUnet, I've followed the user handbook to check the
> GNUnet VPN: <https://gnunet.org/first-steps-using-gnunet-vpn>.  I've
> found that, after configuring the Name Service Switch, configuring the
> exit and creating the GNS VPN record, the example ``www.gnu`` entry
> cannot be resolved (e.g. ``wget http://www.gnu/`` hangs indefinitely
> resolving).
> 
> I checked that ``getent ahosts gnunet.org`` works, but with ``www.gnu``
> it also hangs.  Then running ``gnunet-gns -u www.gnu`` also hangs.
> However, running ``gnunet-gns -u www.gnu -t VPN`` returns the result
> immediately.  If I create an A record instead, all the calls above
> succeed.
> 
> My ``hosts`` entry in ``/etc/nsswitch.conf`` is:
> 
>     hosts:  files gns [NOTFOUND=return] mdns4_minimal [NOTFOUND=return] dns 
> mdns4
> 
> I'm using Debian unstable's GNUnet package (version 0.10.1-4).
> 
> Do you have an idea of what may be going on?  Maybe there's some
> configuration in my system which causes problems with VPN records?
> 
> Thanks for your help!
>

signature.asc
Description: OpenPGP digital signature

[Prev in Thread]

Current Thread

[Next in Thread]

[Help-gnunet] nsswitch not resolving VPN records, Ivan Vilata-i-Balaguer, 2017/02/22
- Re: [Help-gnunet] nsswitch not resolving VPN records, Christian Grothoff <=
  - Re: [Help-gnunet] nsswitch not resolving VPN records, Ivan Vilata-i-Balaguer, 2017/02/24
    - Re: [Help-gnunet] nsswitch not resolving VPN records, Christian Grothoff, 2017/02/24

Prev by Date: Re: [Help-gnunet] Building a new censorship circumvention tool: what do we need to know?
Next by Date: Re: [Help-gnunet] Building a new censorship circumvention tool: what do we need to know?
Previous by thread: [Help-gnunet] nsswitch not resolving VPN records
Next by thread: Re: [Help-gnunet] nsswitch not resolving VPN records
Index(es):
- Date
- Thread