'Re: [Fwknop-discuss] Android client updated in Google Play'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       fwknop-discuss
Subject:    Re: [Fwknop-discuss] Android client updated in Google Play
From:       Michael Rash <mbr () cipherdyne ! org>
Date:       2014-02-22 5:21:14
Message-ID: 74CCB391-716E-48B8-A064-D220AE3D8BBD () cipherdyne ! org
[Download RAW message or body]

[Attachment #2 (--Apple-Mail-235C7344-ECC4-447F-ACC8-4A4A75BAF5FF)]


> On Feb 19, 2014, at 4:34 PM, Michael Rash <michael.rash@gmail.com> wrote:
> 
> 
> 
> > On Wed, Feb 19, 2014 at 3:56 PM, Kevin Layer <layer@known.net> wrote:
> > > > Max has updated the Android client to the latest 2.6.0 release - HMAC
> > > > keys are now supported:
> > > > 
> > > > https://play.google.com/store/apps/details?id=com.max2idea.android.fwknop2&hl=en
> > > >  
> > > > Gerry Reno also contributed significantly to this release by updating
> > > > it to be compatible with Android-4.4.
> > 
> > Michael and Max, thanks for doing this.
> > 
> > I'm not sure, so I thought I'd ask.  I use a config like this from
> > Linux to access hosts behind a fwknop 2.0.4 enabled firewall:
> > 
> > [default]
> > ALLOW_IP            source
> > 
> > [masssh]
> > SPA_SERVER          foo.example.com
> > ACCESS              tcp/12345
> > NAT_ACCESS          192.168.0.32,22
> > 
> > 
> > Will the new Android client be able to handle that?  I installed and
> > ran it, but it wasn't clear to me how I'd handle the NAT_ACCESS
> > options this site needs.
> 
> Hi Kevin,
> 
> The Android client doesn't support NAT modes directly, but you can still accomplish \
> this by using the "FORCE_NAT" variable in the appropriate stanza in the \
> /etc/fwknop/access.conf file: 
> FORCE_NAT: 192.168.0.32 22;
> 
> You will need to also set ENABLE_IPT_FORWARDING to "Y" in the \
> /etc/fwknop/fwknopd.conf file. 
> The only difference between this and having the Android client support NAT modes is \
> that the IP to which you will be granted access on the internal network must be \
> known to you up front when you define the access.conf stanza (this only presents a \
> problem if you have multiple internal systems that you want to reach in which case \
> you would need multiple stanzas each with its own key). 
> With the above configuration, just use the Android client as you normally would.  \
> The SSH connection will be transparently NAT'd through to the internal SSH server.

Sorry, thinking about this a bit further, I forgot that the new Android client is \
built against latest libfko code, and unfortunately it doesn't have an option to \
support the legacy encryption mode.  I'm hoping to get this added, but not sure when \
it will happen.  Any chance you could upgrade to any release after 2.5?  If so, the \
server would support SPA packets from the Android client.

Thanks,

Mike


> Thanks,
> 
> --Mike
> 
> 
> > 
> > Thanks.
> > 
> > Kevin
> 
> 
> 
> -- 
> Michael Rash | Founder
> http://www.cipherdyne.org/
> Key fingerprint = 53EA 13EA 472E 3771 894F  AC69 95D8 5D6B A742 839F
> ------------------------------------------------------------------------------
> Managing the Performance of Cloud-Based Applications
> Take advantage of what the Cloud has to offer - Avoid Common Pitfalls.
> Read the Whitepaper.
> http://pubads.g.doubleclick.net/gampad/clk?id=121054471&iu=/4140/ostg.clktrk
> _______________________________________________
> Fwknop-discuss mailing list
> Fwknop-discuss@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/fwknop-discuss


[Attachment #5 (text/html)]

<html><head><meta http-equiv="content-type" content="text/html; \
charset=utf-8"></head><body dir="auto"><div><br></div><div><br>On Feb 19, 2014, at \
4:34 PM, Michael Rash &lt;<a \
href="mailto:michael.rash@gmail.com">michael.rash@gmail.com</a>&gt; \
wrote:<br><br></div><blockquote type="cite"><div><div dir="ltr"><br><div \
class="gmail_extra"><br>On Wed, Feb 19, 2014 at 3:56 PM, Kevin Layer <span \
dir="ltr">&lt;<a href="mailto:layer@known.net" \
target="_blank">layer@known.net</a>&gt;</span> wrote:<br><div class="gmail_quote"> \
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid \
rgb(204,204,204);padding-left:1ex"><div class=""><div class="h5">&gt;&gt; Max has \
updated the Android client to the latest 2.6.0 release - HMAC<br>

&gt;&gt; keys are now supported:<br>
&gt;&gt;<br>
&gt;&gt; <a href="https://play.google.com/store/apps/details?id=com.max2idea.android.fwknop2&amp;hl=en" \
target="_blank">https://play.google.com/store/apps/details?id=com.max2idea.android.fwknop2&amp;hl=en</a><br>
 &gt;&gt;<br>
&gt;&gt; Gerry Reno also contributed significantly to this release by updating<br>
&gt;&gt; it to be compatible with Android-4.4.<br>
<br>
</div></div>Michael and Max, thanks for doing this.<br>
<br>
I'm not sure, so I thought I'd ask. &nbsp;I use a config like this from<br>
Linux to access hosts behind a fwknop 2.0.4 enabled firewall:<br>
<br>
[default]<br>
ALLOW_IP &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;source<br>
<br>
[masssh]<br>
SPA_SERVER &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;<a href="http://foo.example.com" \
target="_blank">foo.example.com</a><br> ACCESS &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; \
&nbsp; &nbsp;tcp/12345<br> NAT_ACCESS &nbsp; &nbsp; &nbsp; &nbsp; \
&nbsp;192.168.0.32,22<br> <br>
<br>
Will the new Android client be able to handle that? &nbsp;I installed and<br>
ran it, but it wasn't clear to me how I'd handle the NAT_ACCESS<br>
options this site needs.<br></blockquote><div><br></div><div>Hi \
Kevin,<br><br></div><div>The Android client doesn't support NAT modes directly, but \
you can still accomplish this by using the "FORCE_NAT" variable in the appropriate \
stanza in the /etc/fwknop/access.conf file:<br> <br>FORCE_NAT: 192.168.0.32 \
22;<br><br></div><div>You will need to also set ENABLE_IPT_FORWARDING to "Y" in the \
/etc/fwknop/fwknopd.conf file.<br><br></div><div>The only difference between this and \
having the Android client support NAT modes is that the IP to which you will be \
granted access on the internal network must be known to you up front when you define \
the access.conf stanza (this only presents a problem if you have multiple internal \
systems that you want to reach in which case you would need multiple stanzas each \
with its own key).<br> <br></div><div>With the above configuration, just use the \
Android client as you normally would.&nbsp; The SSH connection will be transparently \
NAT'd through to the internal SSH \
server.</div></div></div></div></div></blockquote><div><br></div>Sorry, thinking \
about this a bit further, I forgot that the new Android client is built against \
latest libfko code, and unfortunately it doesn't have an option to support the legacy \
encryption mode. &nbsp;I'm hoping to get this added, but not sure when it will \
happen. &nbsp;Any chance you could upgrade to any release after 2.5? &nbsp;If so, the \
server would support SPA packets from the Android \
client.<div><br></div><div>Thanks,</div><div><br></div><div>Mike<br><div><br></div><div><br></div><div><blockquote \
type="cite"><div><div dir="ltr"><div class="gmail_extra"><div \
class="gmail_quote"><div>Thanks,<br> \
<br></div><div>--Mike<br><br></div><div>&nbsp;<br></div><blockquote \
class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid \
rgb(204,204,204);padding-left:1ex"> <br>
Thanks.<br>
<span class=""><font color="#888888"><br>
Kevin<br>
</font></span></blockquote></div><br><br clear="all"><br>-- <br>Michael Rash | \
Founder<br><a href="http://www.cipherdyne.org/">http://www.cipherdyne.org/</a><br>Key \
fingerprint = 53EA 13EA 472E 3771 894F&nbsp; AC69 95D8 5D6B A742 839F </div></div>
</div></blockquote><blockquote \
type="cite"><div><span>------------------------------------------------------------------------------</span><br><span>Managing \
the Performance of Cloud-Based Applications</span><br><span>Take advantage of what \
the Cloud has to offer - Avoid Common Pitfalls.</span><br><span>Read the \
Whitepaper.</span><br><span><a \
href="http://pubads.g.doubleclick.net/gampad/clk?id=121054471&amp;iu=/4140/ostg.clktrk \
">http://pubads.g.doubleclick.net/gampad/clk?id=121054471&amp;iu=/4140/ostg.clktrk</a></span></div></blockquote><blockquote \
type="cite"><div><span>_______________________________________________</span><br><span>Fwknop-discuss \
mailing list</span><br><span><a \
href="mailto:Fwknop-discuss@lists.sourceforge.net">Fwknop-discuss@lists.sourceforge.net</a></span><br><span><a \
href="https://lists.sourceforge.net/lists/listinfo/fwknop-discuss">https://lists.sourc \
eforge.net/lists/listinfo/fwknop-discuss</a></span><br></div></blockquote></div></div></body></html>




------------------------------------------------------------------------------
Managing the Performance of Cloud-Based Applications
Take advantage of what the Cloud has to offer - Avoid Common Pitfalls.
Read the Whitepaper.
http://pubads.g.doubleclick.net/gampad/clk?id=121054471&iu=/4140/ostg.clktrk

_______________________________________________
Fwknop-discuss mailing list
Fwknop-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fwknop-discuss


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic