Client and Gateway Modules for Software Defined Perimeter (SDP)
Clone or download
Pull request Compare This branch is 54 commits ahead, 382 commits behind mrash:master.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
android this Android client has been deprecated in favor of Jonathan Bennett'… Jun 11, 2015
client Make sure to validate peer's certificate against the CA cert. Jul 23, 2018
common Improve sdp com message protocol Feb 27, 2017
doc [server] (Vlad Glagolev) Add client timeouts to command open/close cy… Nov 13, 2015
extras [extras] add build support for Google's UndefinedBehaviorSanitizer Dec 10, 2015
iphone fix header non-ascii chars, and introduce test suite support for dete… Mar 14, 2014
lib Make sure to validate peer's certificate against the CA cert. Jul 23, 2018
m4 Added gpgme autoconf m4 macro to fix an undefined AM_PATH_GPGME error May 13, 2013
perl Add service list to gate Nov 29, 2016
python Improve sdp com message protocol Feb 27, 2017
server Make sure to validate peer's certificate against the CA cert. Jul 23, 2018
test Correct sdp id service permission check Apr 25, 2017
win32 bump version to 2.6.7 (getting close to 2.6.7-pre1) Jul 16, 2015
.gitignore add .DS_Store files to .gitignore Aug 28, 2015
AUTHORS fix header non-ascii chars, and introduce test suite support for dete… Mar 14, 2014
COPYING Total re-arrangement for autoconf/automake implementation. Dec 21, 2008
CREDITS [server] (Vlad Glagolev) Add client timeouts to command open/close cy… Nov 13, 2015
ChangeLog add libfko fko_set_username() crash ChangeLog message Dec 5, 2015
ChangeLog.git changes since 2.6.6 Aug 25, 2015
INSTALL Make sure to validate peer's certificate against the CA cert. Jul 23, 2018
Makefile.am Add server's ctrl client conf and fwknoprc files to install process Jan 12, 2017
NEWS clarified NEWS file to state that fwknop is distributed under the GPL v2 Jul 10, 2013
README fixed README paths Jul 19, 2014
README.md Update README to discuss SDP Apr 18, 2017
VERSION bump version to 2.6.7 (getting close to 2.6.7-pre1) Jul 16, 2015
Waverley Labs OpenSDP Installation and Configuration.pdf Add the SDP installation instructions Apr 18, 2017
autogen.sh Added gpgme autoconf m4 macro to fix an undefined AM_PATH_GPGME error May 13, 2013
configure.ac Fixes for OS X environment Aug 24, 2016
fwknop.spec rpm 2.6.7 release note Aug 25, 2015

README.md

fwknop - Software Defined Perimeter Client and Gateway Components

Description

This project is an open source implementation of the client and gateway components for a Software Defined Perimeter (SDP). This code has been tested on *nix type systems only.

For more information on SDP, see the following sites:

http://www.waverleylabs.com/services/software-defined-perimeter/

https://cloudsecurityalliance.org/group/software-defined-perimeter/

Introduction

This project is a fork of the fwknop project. fwknop originally implemented an authorization scheme known as Single Packet Authorization (SPA) for strong service concealment. Because SPA later became the basis for SDP, fwknop was forked and built upon to implement the additional features required to create an SDP system. The only component of SDP not included in this repo is the controller, which is also freely available at:

https://github.com/WaverleyLabs/SDPcontroller

Tutorial

A manual for installation and configuration of SDP can be found here:

Waverley Labs OpenSDP Installation and Configuration.pdf (in the root folder of this project)

A comprehensive tutorial on SPA (and how fwknop used to work) can be found here:

http://www.cipherdyne.org/fwknop/docs/fwknop-tutorial.html

License

The fwknop project is released as open source software under the terms of the GNU General Public License (GPL v2).

Building fwknop

This distribution uses GNU autoconf for setting up the build. Please see the INSTALL file for the general basics on using autoconf.

There are some "configure" options that are specific to fwknop. They are (extracted from ./configure --help):

  --disable-client        Do not build the fwknop client component. The
                          default is to build the client.
  --disable-server        Do not build the fwknop server component. The
                          default is to build the server.
  --with-gpgme            support for gpg encryption using libgpgme
                          [default=check]
  --with-gpgme-prefix=PFX prefix where GPGME is installed (optional)
  --with-gpg=/path/to/gpg Specify path to the gpg executable that gpgme will
                          use [default=check path]
  --with-firewalld=/path/to/firewalld
                          Specify path to the firewalld executable
                          [default=check path]
  --with-iptables=/path/to/iptables
                          Specify path to the iptables executable
                          [default=check path]
  --with-ipfw=/path/to/ipfw
                          Specify path to the ipfw executable [default=check
                          path]
  --with-pf=/path/to/pfctl
                          Specify path to the pf executable [default=check
                          path]
  --with-ipf=/path/to/ipf Specify path to the ipf executable [default=check
                          path]

Examples:

./configure --disable-client --with-firewalld=/bin/firewall-cmd
./configure --disable-client --with-iptables=/sbin/iptables --with-firewalld=no