On Mar 28, 2013, Kevin Hilton wrote: > I can't seem to get the random port option working. I'm using 2.0.4 both > on server and client (both linux). > > My client syntax is the following: > fwknop -r -A tcp/2223 -R -D xxxx.com
That client command line syntax looks good. > On the server, my fwknopd.conf file has the following: > > ENABLE_PCAP_PROMISC Y; > > # Define the filter used for PCAP modes; we default to udp port 62201. > # However, if an fwknop client uses the --rand-port option to send the > # SPA packet over a random port, then this variable should be updated to > # something like "udp dst portrange 10000-65535;". > # Default is "udp port 62201". > # > #PCAP_FILTER udp port 62201; > PCAP_FILTER udp dst portrange 10000-65535; > > I restarted the fwknop daemon and still couldn't connect when using the -r > option from the client. > > Is their something I'm missing? > Do I need to set pcap into promiscuous mode? You don't need promiscuous mode if you have an IP assigned to the interface where fwknopd is sniffing (and that is where you are sending the SPA packet). I've seen cases where older libpcap libraries don't understand the 'portrange' BPF stuff - just for testing, can you set the PCAP_FILTER to just 'udp' and give it a try? I just ran the fwknop-2.0.4 test suite, and the "[Rijndael SPA] [client+server] random SPA port (tcp/22 ssh)" does appear to work. Thanks, --Mike ------------------------------------------------------------------------------ Own the Future-Intel(R) Level Up Game Demo Contest 2013 Rise to greatness in Intel's independent game demo contest. Compete for recognition, cash, and the chance to get your game on Steam. $5K grand prize plus 10 genre and skill prizes. Submit your demo by 6/6/13. http://altfarm.mediaplex.com/ad/ck/12124-176961-30367-2 _______________________________________________ Fwknop-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fwknop-discuss
