An addition: A similar error occurs if only use encryption and no authentication:
$ nbd-client
localhost /dev/nbd1 -N export -n -x
Negotiation: ..Error: Read failed: Connection reset by peer
E: received invalid negotiation magic 11567081237618425856
(expected 1100100111001001)
Hello,
I am currently trying to setup nbd-server/nbd-client with TLS authentication, but I ran into some difficult error messages. If this is the wrong list for support, please feel free to redirect me.
I use one system (Debian 10) for both nbd-server and nbd-client for debugging, but want to move to separate hosts later. I used the following nbd-server config file:
[generic]
user = root
group = root
includedir = /etc/nbd-server/conf.d
allowlist = true
# TLS setup
force_tls = true
cacertfile = /etc/nbd-server/certificates/ca.cert.pem
certfile = /etc/nbd-server/certificates/server.cert.pem
keyfile = /etc/nbd-server/certificates/server.key.pem
[export]
exportname = /dev/system/nixos
flush = true
I created the certificates as follows:
$ openssl genrsa -des3 -out ca.key 4096
$ openssl req -new -x509 -days 36500 -key ca.key -out ca.cert.pem
$ openssl genrsa -out server.key 4096
$ openssl req -new -key server.key -out server.csr
$ openssl x509 -req -days 36500 -in server.csr -CA ca.cert.pem -CAkey ca.key -CAcreateserial -out server.crt
$ openssl genrsa -out client.key.pem 4096
$ openssl req -new -key -client.key.pem -out client.csr
$ openssl x509 -req -in client.csr -CA ca.cert.pem -CAkey ca.key -CAcreateserial -days 36500 -sha512 -out clien
t.cert.pem
And use the following command for testing the connection:
$ nbd-client -l localhost -certfile /etc/nbd-server/certificates/client.cert.
pem -keyfile /etc/nbd-server/certificates/client.key.pem -cacertfile /etc/nbd-server/certificates/ca.cert.pem -n
Negotiation: ..
Error: Reading magic from server: Connection reset by peer
Exiting.
Thereby, the server log says this:
Jul 16 14:21:28 mini systemd[1]: Started LSB: Network Block Device server.
Jul 16 14:21:30 mini nbd_server[26099]: Spawned a child process
Jul 16 14:21:30 mini nbd_server[26099]: Child exited with 1
Not that informative... Can someone of you spot the problem in my configuration?
Remarks: If I set force_tls = False and do not use the certificates with nbd-client, it works fine. However, I need TLS encryption for my use case.
Thank you and kind regards,
Turakar