Date: Wed, 16 Jan 2019 18:33:36 +0100 From: =?UTF-8?B?VMSzbA==?= Coosemans <tijl@FreeBSD.org> To: "O. Hartmann" <ohartmann@walstatt.org> Cc: freebsd-current <freebsd-current@freebsd.org> Subject: Re: CUPS: [Client 1] Unable to encrypt connection: An illegal parameter has been received. Message-ID: <20190116183336.6aa7bdde@kalimero.tijl.coosemans.org> In-Reply-To: <20190116152328.3edb2f74@freyja.lan101.bundesimmobilien.intern> References: <20190116152328.3edb2f74@freyja.lan101.bundesimmobilien.intern>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 16 Jan 2019 15:23:40 +0100 "O. Hartmann" <ohartmann@walstatt.org> wrote: > We have an experimental IPV6 network and within this network, FreebSD CURRENT > (r343087) is acting as a CUPS print server, while a bunch FreeBSD 12-STABLE > boxes are CUPS clients. > > The setup, so far, worked with IPv4. Introducing IPv6 addresses on both server > and host results in the error > > [Client 1] Unable to encrypt connection: An illegal parameter has been received. > > In file cups/client.conf we address the appropriate printer via > > ipps://xxx.xxx.xxx.xxx/printers/printer_name (IPv4 of the CUPS server host) > > This works fine. > > But ipps://[XXXX:XXXX:XXXX::XXXX]/printers/printer_name (IPv6 of the CUPS > server host) doesn't work and results in the error on the server as shown above. > > I fiddled also around with the SSLOption parameter in client.conf and parallel, > to match requiremets, in cups/cupsd.conf of the server host - with no effect. > > On the server side, it seems that all the documents I could pick up from > cups.org or Apple do not specify any IPv6 address in an "Allow from" statement: > everything seems to be stuck with IPv4. While the cupsd.conf SSLListen option > is for IPv6 > > SSLListen [fd01:dead:beef::affe]:631 > > which works, I get an error when trying to put anything IPv6-similar with the > convention with the brackets "[" and "]" in a "Allow from" option in the > sections where I need to restrict access. An IPv6 without "[" and "]" seems to > be accepted - but when coemmnting out ANY IPv4 address and leaving only IPV6 in > the "Allow from " statement, no remote connection is allowed. > > This drives me nuts. Since the aim will be to have a printing facility within a > IPv6 only network, I feel a bit lost. > > Does anyone have had similar problems? cupsd.conf(5) does mention "Allow [ipv6-address]" in the section: DIRECTIVES VALID WITHIN LOCATION AND LIMIT SECTIONS With client.conf you can configure libcups so it talks to a remote CUPS server instead of the local one. This has been deprecated for years so I suspect there hasn't been any development on it and that it simply doesn't support IPv6. What you're supposed to do instead is run a cupsd on the client and add the print server as a network printer (using your ipps URI). When you have to choose the make of the printer choose Raw so you don't need a PPD and cupsd will forward the job to the server without doing any filtering. You can set this up on one client and then copy the cups configuration in /usr/local/etc/cups to the other clients. Running a local cupsd allows clients to queue print jobs when the print server is down. Alternatively you can let the print server announce the printer via Bonjour/Avahi (Browsing on in cupsd.conf) and run cups-browsed from print/cups-filters on the clients which will then detect the print server and add a raw print queue automatically. This can be convenient for laptops that move between networks.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20190116183336.6aa7bdde>