Configurator.c: Timed out waiting for a response
In some scenario cjdns could fail at starting up with the following cryptic messages:
1428440513 DEBUG AdminClient.c:333 Connecting to [127.0.0.1:11234] 1428440513 DEBUG UDPAddrIface.c:294 Bound to address [0.0.0.0:58063] 1428440518 CRITICAL Configurator.c:96 Failed to make function call [Timed out waiting for a response], error: [ping] 1428440518 CRITICAL Configurator.c:56 enable Log_LEVEL=KEYS to see message content. 1428440523 CRITICAL Configurator.c:68 Failed to stop the core. 1428440523 CRITICAL Configurator.c:70 Aborting.
cjdns is configured via the admin interface, listening by default on
However, there are some machine configurations where the firewall has a default
policy different from ACCEPT for the INPUT chain and there's an exception for
loopback interface missing. Checking with
iptables -t filter -L (as root)
should output something like:
Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination
The above output is the default configuration of the firewall, with everything allowed, your own could be configured in many different ways. However, you have to check your INPUT chain policy, if it's REJECT or DROP that could be causing the problem above.
There are a couple of solutions to this issue.
ACCEPT everything on INPUT
Piece of cake: just run
iptables -t filter -P INPUT ACCEPT.
Add an exception for loopback traffic
This solution is more complex, but allows you to retain your full firewall
functionality while allowing cjdns at the same time.
You have to allow both inbound and outbound traffic on the loopback interface,
lo. That name is the one which is going to be used in the
following code snippet.
iptables -t filter -I INPUT -i lo -j ACCEPT iptables -t filter -I INPUT -o lo -j ACCEPT
Ok, I cheated. The rules are really simple: just ACCEPT everything from (
-o) loopback interface (
lo) on chain
Maybe not so simple really...
... and now you can't peer
Just adding an exception for
lo is not enough if you want to peer via UDP and
you didn't load the conntrack module. Load it or add an exception for the port
used by the UDPInterface.
Or just use the first solution.