Michael,
Those changes have been made. The Luci interface is getting more polished,
too.
In regards to fwknop and --key-gen: What sources of randomness does
--key-gen use to generate keys? I could probably add a button to generate
the keys and populate the needed fields automagically, but routers can have
problems with sources of entropy. In theory, we could even have the router
autogen keys when the luci app is installed, but the entropy concern still
applies. Thoughts?
~Jonathan Bennett
On Sat, May 9, 2015 at 8:52 PM, Michael Rash <[email protected]> wrote:
>
>
> On Sat, May 9, 2015 at 3:43 PM, Jonathan Bennett <[email protected]>
> wrote:
>
>> Hello, all. I keep fwknop up to date in the OpenWrt project. I've
>> intended to improve the user friendliness of running fwknopd on a router
>> for a while now, and I've finally started work on it.
>>
>
> Hello Jonathan,
>
> Awesome - ease of use is definitely an aspect of the fwknop project that
> needs to be improved through efforts like yours.
>
>
>>
>> I pushed an update to 2.6.6 into openwrt just last night. I've put
>> together a new web based config, and done a pull request into the openwrt
>> project. it is waiting for critiques or to be pulled. Latest screengrab of
>> the work is here: http://http://incomsystems.biz/fwknop_interface.png
>>
>> It is still a bit rough, but it seems to be working well enough. You can
>> add as many access.conf stanzas as needed, and config options are not
>> limited to what I've baked in to the interface.
>>
>
> Excellent. Are other config options allowed through the "Add" box below
> the one for the encryption key? Just a quick suggestion - if you are
> looking to have a set of default config options, I think the ones you have
> (SOURCE, HMAC_KEY, and KEY) are good. For the two keys, it might be handy
> to accept base64-encoded versions (maybe if a box is checked?). This would
> allow for keys that are created with the client --key-gen mode. Also, it
> could be handy to have three additional options: OPEN_PORTS,
> FW_ACCESS_TIMEOUT and REQUIRE_SOURCE_ADDRESS. These are probably the most
> often customized options. Lastly, since this is for OpenWRT, I wonder if
> people will use any of the NAT modes?
>
> Thanks,
>
> --Mike
>
>
>
>> Any comments welcome.
>>
>> ~Jonathan Bennett
>>
>>
>> ------------------------------------------------------------------------------
>> One dashboard for servers and applications across Physical-Virtual-Cloud
>> Widest out-of-the-box monitoring support with 50+ applications
>> Performance metrics, stats and reports that give you Actionable Insights
>> Deep dive visibility with transaction tracing using APM Insight.
>> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
>> _______________________________________________
>> Fwknop-discuss mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/fwknop-discuss
>>
>>
>
>
>
> ------------------------------------------------------------------------------
> One dashboard for servers and applications across Physical-Virtual-Cloud
> Widest out-of-the-box monitoring support with 50+ applications
> Performance metrics, stats and reports that give you Actionable Insights
> Deep dive visibility with transaction tracing using APM Insight.
> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
> _______________________________________________
> Fwknop-discuss mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/fwknop-discuss
>
>
------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
Fwknop-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fwknop-discuss
