Yeah, it's also much easier to spoof // Sebastien
> On 2 Jun 2015, at 5:29 pm, Rabin Yasharzadehe <[email protected]> wrote: > > >> On Tue, Jun 2, 2015 at 4:57 PM, Jonathan Bennett <[email protected]> >> wrote: >>> On Tue, Jun 2, 2015 at 8:03 AM Michael Rash <[email protected]> wrote: >>>> On Tue, Jun 2, 2015 at 5:20 AM, Rabin Yasharzadehe <[email protected]> >>>> wrote: >>>> >>>>> On Tue, Jun 2, 2015 at 5:05 AM, Jonathan Bennett <[email protected]> >>>>> wrote: >>>>> I strongly want to implement the juicessh plugin stuff. It will take >>>>> time, but it'll get there. >>>> >>>> >>>> Looking forward to it. >>>> >>>>> One last note: the web site that was used for ip address lookup was >>>>> painfully slow. The new app doesn't do the lookup until a knock is >>>>> sent that uses "resolve ip", but I was often waiting 60 seconds or >>>>> longer for that lookup to finish. After looking a bit, I decided to >>>>> use http://whatismyip.akamai.com. It is *much* quicker to respond. I >>>>> might add an option to select which site to use in the future. It >>>>> seems that there should be a better way to get the public IP, but I >>>>> have yet to work out what that would be. Depending on a 3rd party web >>>>> site seems less than ideal, but again, I have no alternative yet. >>>> >>>> >>>> On my PC I use DNS query to resolve my external IP using opendns servers >>>> >>>> # dig myip.opendns.com @resolver1.opendns.com +short >>>> # or over tcp >>>> # dig myip.opendns.com @resolver1.opendns.com +short +tcp >>> >>> This might be good to add to the fwknop client since OpenDNS will have far >>> faster responses than the cipherdyne.org server ever could, although some >>> users prefer to resolve via SSL. Still, it would be good to have this as an >>> option. >> >> Oh wow, that is ridiculously fast. I will see how difficult this is to make >> work. This also seems like an inherently better method than using an http >> lookup. > > Resolving IP over udp is much faster and lighter in resource, > Because you skip the 3 way hand sake you have with a tcp connection > and you don't have to open a ssl connection for a https connection. > > but it also less reliable :) > > -- > Rabin > ------------------------------------------------------------------------------ > _______________________________________________ > Fwknop-discuss mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/fwknop-discuss
------------------------------------------------------------------------------
_______________________________________________ Fwknop-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fwknop-discuss
