Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Updated fwknop documentation.

  • Loading branch information...
commit 4b6318138746b851dc07bf00556f5d99364cceac 1 parent b6bd8a8
@fjoncourt fjoncourt authored
Showing with 34 additions and 1 deletion.
  1. +1 −1  client/config_init.c
  2. +33 −0 doc/fwknop.man.asciidoc
View
2  client/config_init.c
@@ -1697,7 +1697,7 @@ usage(void)
" --no-save-args Do not save fwknop command line args to the\n"
" $HOME/fwknop.run file\n"
" --rc-file Specify path to the fwknop rc file (default\n"
- " is $HOME/.fwknoprc\n"
+ " is $HOME/.fwknoprc)\n"
" --save-rc-stanza Save command line arguments to the\n"
" $HOME/.fwknoprc stanza specified with the\n"
" -n option.\n"
View
33 doc/fwknop.man.asciidoc
@@ -117,6 +117,10 @@ GENERAL OPTIONS
Instruct the *fwknop* client to write a newly created SPA packet out
to the specified file so that it can be examined off-line.
+*-b, --save-packet-append*::
+ Append the generated packet data to the file specified with the -B
+ option.
+
*-G, --get-key*='<file>'::
Load an encryption key/password from the specified file. The key file
contains a line for each destination hostname or IP address, a colon
@@ -125,6 +129,21 @@ GENERAL OPTIONS
Also note: though this is a convenience, have a file on your system with
cleartext passwords is not a good idea and is not recommended.
+*--key-rijndael*='<key>'::
+ Specify the Rijndael key. Since the password is visible to utilities
+ (like 'ps' under Unix) this form should only be used where security is
+ not important.
+
+*--key-base64-rijndael*='<key>'::
+ Specify the base64 encoded Rijndael key. Since the password is visible
+ to utilities (like 'ps' under Unix) this form should only be used where
+ security is not important.
+
+*--key-base64-hmac*='<key>'::
+ Specify the base64 encoded HMAC key. Since the password is visible to
+ utilities (like 'ps' under Unix) this form should only be used where
+ security is not important.
+
*-l, --last-cmd*::
Execute *fwknop* with the command-line arguments from the previous
invocation (if any). The previous arguments are parsed out of the
@@ -138,6 +157,13 @@ GENERAL OPTIONS
FWKNOPRC FILE below for a list of the valid configuration directives in
the '.fwknoprc' file.
+*--rc-file*='<file>'::
+ Specify path to the fwknop rc file (default is $HOME/.fwknoprc).
+
+*--save-rc-stanza*='<stanza name>'::
+ Save command line arguments to the $HOME/.fwknoprc stanza specified with
+ the -n option.
+
*--show-last*::
Display the last command-line arguments used by *fwknop*.
@@ -212,6 +238,10 @@ SPA OPTIONS
server side via the ENCRYPTION_MODE variable. In general, it is
recommended to not use this argument and just use the default.
+*--hmac-digest-type*='<digest>'::
+ Set the HMAC digest algorithm (default is sha256). Options are md5, sha1,
+ sha256, sha384, or sha512.
+
*-N, --nat-access*='<internalIP:forwardPort>'::
The *fwknopd* server offers the ability to provide SPA access through
an iptables firewall to an internal service by interfacing with the
@@ -303,6 +333,9 @@ SPA OPTIONS
The permit-address options *-s*, *-R* and *-a* are mutually
exclusive.
+*-S, --source-port*='<port>'::
+ Set the source port for outgoing SPA packet.
+
*--time-offset-plus*='<time>'::
By default, the *fwknopd* daemon on the server side enforces time
synchronization between the clocks running on client and server
Please sign in to comment.
Something went wrong with that request. Please try again.