Michael Rash
Michael Rash
Sorry for the delayed response. Indeed, fwknop is compatible with pf on FreeBSD. That is, fwknop doesn't really care about whether it is running on FreeBSD or OpenBSD - it...
I think a good guide for what to implement is Jonathan's work to integrate fwknop into the OpenWRT project. I'm not sure of the latest status of this, but I...
This can be implemented without changing the SPA packet format by using a server-side directive. At least this could be an option to easily offer the feature, and there is...
@oneru Yes, that is a good point. I suspect this won't solve the problem completely (or even "mostly") in such environments. But, perhaps opening a service to any IP and...
Although having the IP assigned to the network adapter would be useful as an option, I'm not sure a routable IP would necessary imply no NAT / load balancing /...
Thanks for the suggestion. This is definitely a good idea. One option to accomplish this would be to extend the fwknop client to accept the entire ~/.fwknoprc file via stdin...
It looks like Jonathan's implementation is doing whitelisting: https://github.com/oneru/fwknop/commit/828fbdd1bb8fe2ba4070b422db7683d16448ad90
@oneru For pull requests, it is usually better to just have a single pull request associated with a particular feature just to maintain separation. But, it doesn't really matter too...
We should decide what to do with this for 2.6.10.
Indeed, that would be a great application of this feature.