> On Feb 19, 2014, at 4:34 PM, Michael Rash <[email protected]> wrote:
>
>
>
>> On Wed, Feb 19, 2014 at 3:56 PM, Kevin Layer <[email protected]> wrote:
>> >> Max has updated the Android client to the latest 2.6.0 release - HMAC
>> >> keys are now supported:
>> >>
>> >> https://play.google.com/store/apps/details?id=com.max2idea.android.fwknop2&hl=en
>> >>
>> >> Gerry Reno also contributed significantly to this release by updating
>> >> it to be compatible with Android-4.4.
>>
>> Michael and Max, thanks for doing this.
>>
>> I'm not sure, so I thought I'd ask. I use a config like this from
>> Linux to access hosts behind a fwknop 2.0.4 enabled firewall:
>>
>> [default]
>> ALLOW_IP source
>>
>> [masssh]
>> SPA_SERVER foo.example.com
>> ACCESS tcp/12345
>> NAT_ACCESS 192.168.0.32,22
>>
>>
>> Will the new Android client be able to handle that? I installed and
>> ran it, but it wasn't clear to me how I'd handle the NAT_ACCESS
>> options this site needs.
>
> Hi Kevin,
>
> The Android client doesn't support NAT modes directly, but you can still
> accomplish this by using the "FORCE_NAT" variable in the appropriate stanza
> in the /etc/fwknop/access.conf file:
>
> FORCE_NAT: 192.168.0.32 22;
>
> You will need to also set ENABLE_IPT_FORWARDING to "Y" in the
> /etc/fwknop/fwknopd.conf file.
>
> The only difference between this and having the Android client support NAT
> modes is that the IP to which you will be granted access on the internal
> network must be known to you up front when you define the access.conf stanza
> (this only presents a problem if you have multiple internal systems that you
> want to reach in which case you would need multiple stanzas each with its own
> key).
>
> With the above configuration, just use the Android client as you normally
> would. The SSH connection will be transparently NAT'd through to the
> internal SSH server.
Sorry, thinking about this a bit further, I forgot that the new Android client
is built against latest libfko code, and unfortunately it doesn't have an
option to support the legacy encryption mode. I'm hoping to get this added,
but not sure when it will happen. Any chance you could upgrade to any release
after 2.5? If so, the server would support SPA packets from the Android client.
Thanks,
Mike
> Thanks,
>
> --Mike
>
>
>>
>> Thanks.
>>
>> Kevin
>
>
>
> --
> Michael Rash | Founder
> http://www.cipherdyne.org/
> Key fingerprint = 53EA 13EA 472E 3771 894F AC69 95D8 5D6B A742 839F
> ------------------------------------------------------------------------------
> Managing the Performance of Cloud-Based Applications
> Take advantage of what the Cloud has to offer - Avoid Common Pitfalls.
> Read the Whitepaper.
> http://pubads.g.doubleclick.net/gampad/clk?id=121054471&iu=/4140/ostg.clktrk
> _______________________________________________
> Fwknop-discuss mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/fwknop-discuss
------------------------------------------------------------------------------
Managing the Performance of Cloud-Based Applications
Take advantage of what the Cloud has to offer - Avoid Common Pitfalls.
Read the Whitepaper.
http://pubads.g.doubleclick.net/gampad/clk?id=121054471&iu=/4140/ostg.clktrk
_______________________________________________
Fwknop-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fwknop-discuss
