[prev in list] [next in list] [prev in thread] [next in thread]
List: fwknop-discuss
Subject: Re: [Fwknop-discuss] Android client updated in Google Play
From: Michael Rash <mbr () cipherdyne ! org>
Date: 2014-02-22 5:21:14
Message-ID: 74CCB391-716E-48B8-A064-D220AE3D8BBD () cipherdyne ! org
[Download RAW message or body]
[Attachment #2 (--Apple-Mail-235C7344-ECC4-447F-ACC8-4A4A75BAF5FF)]
> On Feb 19, 2014, at 4:34 PM, Michael Rash <michael.rash@gmail.com> wrote:
>
>
>
> > On Wed, Feb 19, 2014 at 3:56 PM, Kevin Layer <layer@known.net> wrote:
> > > > Max has updated the Android client to the latest 2.6.0 release - HMAC
> > > > keys are now supported:
> > > >
> > > > https://play.google.com/store/apps/details?id=com.max2idea.android.fwknop2&hl=en
> > > >
> > > > Gerry Reno also contributed significantly to this release by updating
> > > > it to be compatible with Android-4.4.
> >
> > Michael and Max, thanks for doing this.
> >
> > I'm not sure, so I thought I'd ask. I use a config like this from
> > Linux to access hosts behind a fwknop 2.0.4 enabled firewall:
> >
> > [default]
> > ALLOW_IP source
> >
> > [masssh]
> > SPA_SERVER foo.example.com
> > ACCESS tcp/12345
> > NAT_ACCESS 192.168.0.32,22
> >
> >
> > Will the new Android client be able to handle that? I installed and
> > ran it, but it wasn't clear to me how I'd handle the NAT_ACCESS
> > options this site needs.
>
> Hi Kevin,
>
> The Android client doesn't support NAT modes directly, but you can still accomplish \
> this by using the "FORCE_NAT" variable in the appropriate stanza in the \
> /etc/fwknop/access.conf file:
> FORCE_NAT: 192.168.0.32 22;
>
> You will need to also set ENABLE_IPT_FORWARDING to "Y" in the \
> /etc/fwknop/fwknopd.conf file.
> The only difference between this and having the Android client support NAT modes is \
> that the IP to which you will be granted access on the internal network must be \
> known to you up front when you define the access.conf stanza (this only presents a \
> problem if you have multiple internal systems that you want to reach in which case \
> you would need multiple stanzas each with its own key).
> With the above configuration, just use the Android client as you normally would. \
> The SSH connection will be transparently NAT'd through to the internal SSH server.
Sorry, thinking about this a bit further, I forgot that the new Android client is \
built against latest libfko code, and unfortunately it doesn't have an option to \
support the legacy encryption mode. I'm hoping to get this added, but not sure when \
it will happen. Any chance you could upgrade to any release after 2.5? If so, the \
server would support SPA packets from the Android client.
Thanks,
Mike
> Thanks,
>
> --Mike
>
>
> >
> > Thanks.
> >
> > Kevin
>
>
>
> --
> Michael Rash | Founder
> http://www.cipherdyne.org/
> Key fingerprint = 53EA 13EA 472E 3771 894F AC69 95D8 5D6B A742 839F
> ------------------------------------------------------------------------------
> Managing the Performance of Cloud-Based Applications
> Take advantage of what the Cloud has to offer - Avoid Common Pitfalls.
> Read the Whitepaper.
> http://pubads.g.doubleclick.net/gampad/clk?id=121054471&iu=/4140/ostg.clktrk
> _______________________________________________
> Fwknop-discuss mailing list
> Fwknop-discuss@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/fwknop-discuss
[Attachment #5 (text/html)]
<html><head><meta http-equiv="content-type" content="text/html; \
charset=utf-8"></head><body dir="auto"><div><br></div><div><br>On Feb 19, 2014, at \
4:34 PM, Michael Rash <<a \
href="mailto:michael.rash@gmail.com">michael.rash@gmail.com</a>> \
wrote:<br><br></div><blockquote type="cite"><div><div dir="ltr"><br><div \
class="gmail_extra"><br>On Wed, Feb 19, 2014 at 3:56 PM, Kevin Layer <span \
dir="ltr"><<a href="mailto:layer@known.net" \
target="_blank">layer@known.net</a>></span> wrote:<br><div class="gmail_quote"> \
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid \
rgb(204,204,204);padding-left:1ex"><div class=""><div class="h5">>> Max has \
updated the Android client to the latest 2.6.0 release - HMAC<br>
>> keys are now supported:<br>
>><br>
>> <a href="https://play.google.com/store/apps/details?id=com.max2idea.android.fwknop2&hl=en" \
target="_blank">https://play.google.com/store/apps/details?id=com.max2idea.android.fwknop2&hl=en</a><br>
>><br>
>> Gerry Reno also contributed significantly to this release by updating<br>
>> it to be compatible with Android-4.4.<br>
<br>
</div></div>Michael and Max, thanks for doing this.<br>
<br>
I'm not sure, so I thought I'd ask. I use a config like this from<br>
Linux to access hosts behind a fwknop 2.0.4 enabled firewall:<br>
<br>
[default]<br>
ALLOW_IP source<br>
<br>
[masssh]<br>
SPA_SERVER <a href="http://foo.example.com" \
target="_blank">foo.example.com</a><br> ACCESS \
tcp/12345<br> NAT_ACCESS \
192.168.0.32,22<br> <br>
<br>
Will the new Android client be able to handle that? I installed and<br>
ran it, but it wasn't clear to me how I'd handle the NAT_ACCESS<br>
options this site needs.<br></blockquote><div><br></div><div>Hi \
Kevin,<br><br></div><div>The Android client doesn't support NAT modes directly, but \
you can still accomplish this by using the "FORCE_NAT" variable in the appropriate \
stanza in the /etc/fwknop/access.conf file:<br> <br>FORCE_NAT: 192.168.0.32 \
22;<br><br></div><div>You will need to also set ENABLE_IPT_FORWARDING to "Y" in the \
/etc/fwknop/fwknopd.conf file.<br><br></div><div>The only difference between this and \
having the Android client support NAT modes is that the IP to which you will be \
granted access on the internal network must be known to you up front when you define \
the access.conf stanza (this only presents a problem if you have multiple internal \
systems that you want to reach in which case you would need multiple stanzas each \
with its own key).<br> <br></div><div>With the above configuration, just use the \
Android client as you normally would. The SSH connection will be transparently \
NAT'd through to the internal SSH \
server.</div></div></div></div></div></blockquote><div><br></div>Sorry, thinking \
about this a bit further, I forgot that the new Android client is built against \
latest libfko code, and unfortunately it doesn't have an option to support the legacy \
encryption mode. I'm hoping to get this added, but not sure when it will \
happen. Any chance you could upgrade to any release after 2.5? If so, the \
server would support SPA packets from the Android \
client.<div><br></div><div>Thanks,</div><div><br></div><div>Mike<br><div><br></div><div><br></div><div><blockquote \
type="cite"><div><div dir="ltr"><div class="gmail_extra"><div \
class="gmail_quote"><div>Thanks,<br> \
<br></div><div>--Mike<br><br></div><div> <br></div><blockquote \
class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid \
rgb(204,204,204);padding-left:1ex"> <br>
Thanks.<br>
<span class=""><font color="#888888"><br>
Kevin<br>
</font></span></blockquote></div><br><br clear="all"><br>-- <br>Michael Rash | \
Founder<br><a href="http://www.cipherdyne.org/">http://www.cipherdyne.org/</a><br>Key \
fingerprint = 53EA 13EA 472E 3771 894F AC69 95D8 5D6B A742 839F </div></div>
</div></blockquote><blockquote \
type="cite"><div><span>------------------------------------------------------------------------------</span><br><span>Managing \
the Performance of Cloud-Based Applications</span><br><span>Take advantage of what \
the Cloud has to offer - Avoid Common Pitfalls.</span><br><span>Read the \
Whitepaper.</span><br><span><a \
href="http://pubads.g.doubleclick.net/gampad/clk?id=121054471&iu=/4140/ostg.clktrk \
">http://pubads.g.doubleclick.net/gampad/clk?id=121054471&iu=/4140/ostg.clktrk</a></span></div></blockquote><blockquote \
type="cite"><div><span>_______________________________________________</span><br><span>Fwknop-discuss \
mailing list</span><br><span><a \
href="mailto:Fwknop-discuss@lists.sourceforge.net">Fwknop-discuss@lists.sourceforge.net</a></span><br><span><a \
href="https://lists.sourceforge.net/lists/listinfo/fwknop-discuss">https://lists.sourc \
eforge.net/lists/listinfo/fwknop-discuss</a></span><br></div></blockquote></div></div></body></html>
------------------------------------------------------------------------------
Managing the Performance of Cloud-Based Applications
Take advantage of what the Cloud has to offer - Avoid Common Pitfalls.
Read the Whitepaper.
http://pubads.g.doubleclick.net/gampad/clk?id=121054471&iu=/4140/ostg.clktrk
_______________________________________________
Fwknop-discuss mailing list
Fwknop-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fwknop-discuss
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic