It was pointed out to me that the uploaded apk has a bug with allow ip. When a saved config specifies "allow ip", the knock is not sent at all. This has been fixed in my source, and I'll push this to my github soon. (hoping for tonight). The apk will be updated to an alpha 2 soonish. (or soon(tm), if you prefer.)
~Jonathan Bennett On Tue, Jun 2, 2015 at 11:50 AM, Sebastien J. <[email protected]> wrote: > Yeah, it's also much easier to spoof > > // Sebastien > > On 2 Jun 2015, at 5:29 pm, Rabin Yasharzadehe <[email protected]> wrote: > > > On Tue, Jun 2, 2015 at 4:57 PM, Jonathan Bennett <[email protected]> > wrote: >> >> On Tue, Jun 2, 2015 at 8:03 AM Michael Rash <[email protected]> >> wrote: >>> >>> On Tue, Jun 2, 2015 at 5:20 AM, Rabin Yasharzadehe <[email protected]> >>> wrote: >>>> >>>> >>>> On Tue, Jun 2, 2015 at 5:05 AM, Jonathan Bennett <[email protected]> >>>> wrote: >>>>> >>>>> I strongly want to implement the juicessh plugin stuff. It will take >>>>> time, but it'll get there. >>>> >>>> >>>> Looking forward to it. >>>> >>>>> >>>>> One last note: the web site that was used for ip address lookup was >>>>> painfully slow. The new app doesn't do the lookup until a knock is >>>>> sent that uses "resolve ip", but I was often waiting 60 seconds or >>>>> longer for that lookup to finish. After looking a bit, I decided to >>>>> use http://whatismyip.akamai.com. It is *much* quicker to respond. I >>>>> might add an option to select which site to use in the future. It >>>>> seems that there should be a better way to get the public IP, but I >>>>> have yet to work out what that would be. Depending on a 3rd party web >>>>> site seems less than ideal, but again, I have no alternative yet. >>>>> >>>> >>>> On my PC I use DNS query to resolve my external IP using opendns servers >>>> >>>> # dig myip.opendns.com @resolver1.opendns.com +short >>>> # or over tcp >>>> # dig myip.opendns.com @resolver1.opendns.com +short +tcp >>> >>> >>> This might be good to add to the fwknop client since OpenDNS will have >>> far faster responses than the cipherdyne.org server ever could, although >>> some users prefer to resolve via SSL. Still, it would be good to have this >>> as an option. >> >> Oh wow, that is ridiculously fast. I will see how difficult this is to >> make work. This also seems like an inherently better method than using an >> http lookup. > > > Resolving IP over udp is much faster and lighter in resource, > Because you skip the 3 way hand sake you have with a tcp connection > and you don't have to open a ssl connection for a https connection. > > but it also less reliable :) > > -- > Rabin > > ------------------------------------------------------------------------------ > > _______________________________________________ > Fwknop-discuss mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/fwknop-discuss ------------------------------------------------------------------------------ _______________________________________________ Fwknop-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fwknop-discuss
