rpki-client help... Solved!

Hello friends,

I am trying to use the rpki-client without success...


# pkg search rpki

Code:
rpki-client-6.7.p1             Resource Public Key Infrastructure (RPKI) implementation from OpenBSD


# pkg install rpki-client



# ls /usr/local/etc/rpki/

Code:
afrinic.tal     apnic.tal       lacnic.tal      ripe.tal


# cat /usr/local/etc/rpki/lacnic.tal


Code:
rsync://repository.lacnic.net/rpki/lacnic/rta-lacnic-rpki.cer

MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqZEzhYK0+PtDOPfub/KR
c3MeWx3neXx4/wbnJWGbNAtbYqXg3uU5J4HFzPgk/VIppgSKAhlO0H60DRP48by9
gr5/yDHu2KXhOmnMg46sYsUIpfgtBS9+VtrqWziJfb+pkGtuOWeTnj6zBmBNZKK+
5AlMCW1WPhrylIcB+XSZx8tk9GS/3SMQ+YfMVwwAyYjsex14Uzto4GjONALE5oh1
M3+glRQduD6vzSwOD+WahMbc9vCOTED+2McLHRKgNaQf0YJ9a1jG9oJIvDkKXEqd
fqDRktwyoD74cV57bW3tBAexB7GglITbInyQAsmdngtfg2LUMrcROHHP86QPZINj
DQIDAQAB


# rpki-client -v -t /usr/local/etc/rpki/lacnic.tal

Code:
rpki-client: repository.lacnic.net/rpki: pulling from network
rpki-client: period stats: 1 pending repos
rpki-client: period stats: 1 pending entries
[...]
rsync: [Receiver] failed to connect to repository.lacnic.net (2001:13c7:7002:4128::137): Operation timed out (60)
rsync: [Receiver] failed to connect to repository.lacnic.net (2001:13c7:7002:4128::185): Operation timed out (60)
rsync: [Receiver] failed to connect to repository.lacnic.net (2001:13c7:7002:4128::136): Operation timed out (60)
rsync: [Receiver] failed to connect to repository.lacnic.net (200.3.14.136): Operation timed out (60)
rsync: [Receiver] failed to connect to repository.lacnic.net (200.3.14.185): Operation timed out (60)
rsync: [Receiver] failed to connect to repository.lacnic.net (200.3.14.137): Operation timed out (60)
rsync error: error in socket IO (code 10) at clientserver.c(137) [Receiver=3.2.3]
rpki-client: rsync rsync://repository.lacnic.net/rpki failed
rpki-client: repository.lacnic.net/rpki: loaded from cache
rpki-client: repository.lacnic.net/rpki/lacnic/rta-lacnic-rpki.cer: No such file or directory
rpki-client: all files parsed: generating output
rpki-client: Route Origin Authorizations: 0 (0 failed parse, 0 invalid)
rpki-client: Certificates: 1 (1 failed parse, 0 invalid)
rpki-client: Trust Anchor Locators: 1
rpki-client: Manifests: 0 (0 failed parse, 0 stale)
rpki-client: Certificate revocation lists: 0
rpki-client: Repositories: 1
rpki-client: VRP Entries: 0 (0 unique)


# cat /var/db/rpki-client/openbgpd

Code:
# Generated on host freebsd.example.com at Mon Sep 28 22:48:58 UTC 2020
# Processing time 450 seconds (0 seconds user, 0 seconds system)
# Route Origin Authorizations: 0 (0 failed parse, 0 invalid)
# Certificates: 1 (1 failed parse, 0 invalid)
# Trust Anchor Locators: 1 (lacnic.tal)
# Manifests: 0 (0 failed parse, 0 stale)
# Certificate revocation lists: 0
# Repositories: 1
# VRP Entries: 0 (0 unique)
roa-set {
}

SOLUTION :)

I finally found the problem...
rpki-client uses rsync and it requires being able to go out to TCP port 873
I opened it in the firewall and it already worked perfect.

I publish the post in case someone else has a similar problem.

Thank you for the attention!
 
Back
Top