Cannot get SPA fwnopd to open port using fwknop HMAC or PGP

I have a router I'm trying to setup for external use, but at the moment testing it I'm only using the private address ranges.

I'm trying to get fwnopd SPA "better-port-knocking" to work and instead of it working I'm getting the following error:

As for what I have installed:

OpenWrt 19.07.2 r10947-65030d81f3
Packages:

• luci-app-fwknopd git-20.115.52331-39a8290-1* package.
• fwknopd 2.6.10-3

fwknop client (on Linux Mint 17.2 x86)

• fwknop client 2.6.0, FKO protocol version 2.0.1

I followed the fwknop Quick Start, and I changed a few things like generating my own keys and using eth1 instead of eth0 for PCAP_INTF

I made sure in luci-app-fwknopd that Enable config overwrite is checked so that /var/etc/*.conf is used instead of /etc/fwknop/*.conf

Thu Apr 30 22:33:26 2020 daemon.info fwknopd[4464]: (stanza #1) SPA Packet from IP: 192.168.4.121 received with access source match
Thu Apr 30 22:33:26 2020 daemon.warn fwknopd[4464]: [192.168.4.121] (stanza #1) Error creating fko context: Args contain invalid data: FKO_ERROR_INVALID_DATA_HMAC_COMPAREFAIL

I went on Google and looked it up, and there just seems to be the same thread over and over regarding this...(things that other sites have indexed over and over) and here it is:

They seem to state something about fixing it in Ubuntu 20.04 but that isn't what I'm working with here.

After configuration I got the following config:

My resulting /var/etc/access.conf is:

SOURCE ANY
keytype Base 64 key
hkeytype Base 64 key
OPEN_PORTS tcp/33100,udp/33100
KEY_BASE64 <me-key>
HMAC_KEY_BASE64 <me-hmac-key>
REQUIRE_SOURCE_ADDRESS Y

/var/etc/access.conf

And my resulting /var/etc/fwknopd.conf

EXIT_AT_INTF_DOWN n
ENABLE_IPT_FORWARDING y
ENABLE_NAT_DNS y
PCAP_INTF eth1

/var/etc/fwknopd.conf

Any ideas?

I also tried this with the /etc/fwknop/*.conf with PGP instead of using luci-app-fwknopd, but instead I got a different message in the error logs:

Mon May 4 02:26:07 2020 daemon.warn fwknopd[17367]: [192.168.4.121] (stanza #1) Error setting GPG keyring path to /root/.gnupg/: Unsupported or unimplmented feature or function

I believe I've got this under control now.

I switched back to the luci-app-fwknopd configuration and now it's working but I don't know why!

I think I may have installed a dependency for PGP that made it work; but it doesn't make sense since I don't believe that I am using PGP encryption when I'm using the luci-app-fwknopd config (unless it uses it and I'm not aware of it)

As far as I can tell (from my diff of usr/lib/opkg/status) the following packages were installed, but I don't know which one did the trick (or if it maybe had something to do with the reboot (if anyone can clear that up))

Package: libgpg-error
Version: 1.36-3
Depends: libc
Status: install user installed
Architecture: mips_24kc
Installed-Time: 1588566872


Package: libmbedtls12
Version: 2.16.6-1
Depends: libc
Provides: libmbedtls
Status: install ok installed
Architecture: mips_24kc
Installed-Time: 1588550305
Auto-Installed: yes


Package: gnupg
Version: 1.4.23-1
Depends: libc, zlib, libncurses6, libreadline8
Status: install user installed
Architecture: mips_24kc
Installed-Time: 1588550278

Package: libreadline8
Version: 8.0-1
Depends: libc, libncursesw6
Provides: libreadline
Status: install ok installed
Architecture: mips_24kc
Installed-Time: 1588550277
Auto-Installed: yes

Package: gnupg-utils
Version: 1.4.23-1
Depends: libc, gnupg, libcurl4
Status: install user installed
Architecture: mips_24kc
Installed-Time: 1588550312

Package: libcurl4
Version: 7.66.0-2
Depends: libc, libmbedtls12, ca-bundle
Provides: libcurl
Status: install ok installed
Architecture: mips_24kc
Installed-Time: 1588550312
Auto-Installed: yes

Package: zlib
Version: 1.2.11-3
Depends: libc
Status: install ok installed
Architecture: mips_24kc
Installed-Time: 1588550274
Auto-Installed: yes

Package: ca-bundle
Version: 20190110-2
Depends: libc
Provides: ca-certs
Status: install ok installed
Architecture: all
Installed-Time: 1588550309
Auto-Installed: yes

usr/lib/opkg/status