[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: tarsnap-keygen: Error registering with server (too many network failures)

tarsnap-users@tarsnap.com
Thanks everyone for your prompt and very helpful suggestions.  I was
able to identify the issue, and have now successfully generated a key.

For the benefit of someone who experiences the same problem in the
future and stumbles on this thread, here is what I did:

1. Ping v1-0-0-server.tarsnap.com, per Colin Percival's suggestion:

    # ping v1-0-0-server.tarsnap.com
    PING v1-0-0-server.tarsnap.com (75.101.135.185) 56(84) bytes of data.

No response.

2. Briefly turn off firewall, per John@commonpeople.uk's suggestion:

    # sudo ufw disable
    Firewall stopped and disabled on system startup
    # ping v1-0-0-server.tarsnap.com
    PING v1-0-0-server.tarsnap.com (75.101.135.185) 56(84) bytes of data.
    (no response)
    # sudo ufw enable
    Firewall is active and enabled on system startup

Don't forget the last bit, else you may be exposing yourself to
intruders.

3. Try step (1) from an off-campus network.  Voila!  Key generation
works too.

Conclusion: our campus firewall is blocking port 9279.  Also, the
default Ubuntu 14.04 firewall appears to allow all outgoing traffic,
so I didn't need to do anything special with the firewall to get
tarsnap-keygen to work off-campus.

Cheers,
John Noll


On Fri, Apr 15, 2016 at 06:12:27AM -0700, jerry wrote:
> On 04/15/2016 06:02, John wrote:
> >On 04/15/2016 01:43 PM, tarsnap wrote:
> >>On Thu, 14 Apr 2016 21:23:06 +0100
> >>John <john@commonpeople.uk> wrote:
> >>
> >>>
> >>>1. You could test whether your firewall is the issue by disabling it
> >>>entirely,
> >>
> >>That is a bad advise in general, and a very bad advise for a
> >>'truly paranoid' who is using tarsnap for a good reason.
> 
> *** You could use firewall logging.  My firewall is a monstrous
> shell script
> that logs every single rejected or dropped packet.  When something
> doesn't
> work, I just inspect the logs.  Syslog has logic to reject repeated log
> entries, which keeps the logs to a sane size.
> 
>                        - Jerry Kaidor
> 
> 
> 
> >>
> >>I most seriously advise against doing this as it could set you back to
> >>the safety level of Dropbox and the likes.
> >>My advise would be to read the firewall rules and check that way
> >>whether or not the tarsnap servers are blocked or not.
> >>
> >>joe
> >
> >You did selectively trim out the bit of code where I turned the
> >firewall back on within a second of turning it off, Joe. What you
> >write may well be right as regards paranoia, but I didn't suggest
> >leaving the firewall off. It would be off for the duration of the
> >keygen process and no longer, and it would immediately and
> >unambiguously show whether it was the firewall on the server which was
> >preventing the connection.
> >
> >John.
>