[Csync2] csync2 cannot reach each other using second NIC
Nils Stöckmann
demetec at nstck.de
Thu Sep 6 11:06:19 CEST 2012
Am Thu, 6 Sep 2012 10:38:11 +0200
Lars Ellenberg <lars.ellenberg at linbit.com> schrieb:
> > What wonders me most is that the nossl directive is ignored.
> > Ignoring the certificate is most probably because the SSL certificate is
> > matched against the address, not against the hostname (which feels
> > somewhat senseless to me).
>
> I'm not sure what and when, exactly, is matched against the nossl patterns.
> But the config statement is "nossl from-pattern to-pattern",
> and "from" is probably always the node name, not the outgoing IP used.
> So maybe an (additional?)
> nossl leihnix* 172.31*;
> does that?
>
> You could add a few -v, or use gdb to find out...
I'll try that on next wednesday, I'm scheduled to do other things at the
moment, but I'll report what happened.
> > Any experience on how to make it work via IP or interface name?
> > If not, Lars' workaround isn't too bad :)
>
> That is not a workaround at all.
> It is the intended usage.
>
> Though I admit it may be unclear from the wording in the paper
> ("interfacename").
> If you read the full paper, you'll see it talks about "interface DNS
> name", which is meant to say the *resolvable* name you give the IP on
> that interface.
>
> Patches to improve the wording in the paper gladly accepted ;-)
>
> Thanks,
> Lars
>
> _______________________________________________
> Csync2 mailing list
> Csync2 at lists.linbit.com
> http://lists.linbit.com/mailman/listinfo/csync2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.linbit.com/pipermail/csync2/attachments/20120906/7b615ded/attachment.pgp>
More information about the Csync2
mailing list