Hello All, I am already implemented the fwknop successfully in both suse and debian servers. Both are remote linux box. Special thanks to Michael for his suggestions which always shown me the right track. I may be permitted to asks some questions to clear some doubts regarding fwknop.
issue with whatismyip.com ( Could not extract external IP from http://www.whatismyip.org/ ) ====================================================== -R or -w with --debug; fwknop ( version 1.9.11) reports as below ``````````````````````````````````````````````````` ad...@linux-12ml:~> fwknop -A tcp/22 -R --debug --User-agent Fwknop/1.9.11 -k 192.168.1.3 ; ssh [email protected] [+] import_perl_modules(): The @INC array: /usr/lib/fwknop /usr/lib/fwknop/. /usr/lib/fwknop/x86_64-linux-thread-multi /usr/lib/perl5/5.10.0/x86_64-linux-thread-multi /usr/lib/perl5/5.10.0 /usr/lib/perl5/site_perl/5.10.0/x86_64-linux-thread-multi /usr/lib/perl5/site_perl/5.10.0 /usr/lib/perl5/vendor_perl/5.10.0/x86_64-linux-thread-multi /usr/lib/perl5/vendor_perl/5.10.0 /usr/lib/perl5/vendor_perl . [+] Term::ReadKey::VERSION 2.30 [+] ***DEBUG*** Starting fwknop client (SPA mode)... Resolving external IP via: http://www.whatismyip.org/ [+] Web server data from: http://www.whatismyip.org/ [*] Could not extract external IP from http://www.whatismyip.org/ ````````````````````````` But if I straight forward visit http://www.whatismyip.org/ I get the IP. I have then no problem to connect the fwknop server with that IP ``````````````````````` ad...@linux-12ml:~> fwknop -A tcp/22 -a 121.247.128.171 -k 192.168.1.3 ; ssh [email protected] [+] Starting fwknop client (SPA mode)... [+] Enter an encryption key. This key must match a key in the file /etc/fwknop/access.conf on the remote system. Encryption Key: ````````````````````````````````` Issue with dynamic IP of fwknop server ====================================== What to do with those servers having dynamic IP address and pointed with a domain from dydns.org or myip.com ? Issue with psad ============ both fwknop and psad control iptable. Can we have both psad and fwknop working in a same box ? >From theory they should but I don't know if they really co-exists. Issue with multiple fwknop client ========================= Please bear with me, I am not very clear about GnuPG technology. Say one more admin needs access to the fwknop server. Hope giving my client key which I use to communicate with the fwknop server will solve the problem. That admin should place that key in his keyring and communicate with that key. Hope I am in the right track. ------------------------------------------------------------------------------ _______________________________________________ Fwknop-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fwknop-discuss
