Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Commits on Aug 18, 2012
  1. fwknop-2.0.2 release

    authored
  2. Better --resolve-url handling

    authored
    Chop any trailing '/' char, be more careful about handling incoming large HTTP
    responses, print the HTTP request and response in --verbose --verbose mode.
Commits on Aug 17, 2012
  1. todo.org notes update

    authored
Commits on Aug 16, 2012
  1. [client] Added cipherdyne.com backup check in -R mode.

    authored
    Added backup check against a cipherdyne.com 'myip' cgi instance in -R mode if
    the normal check against cipherdyne.org fails.
  2. added 'Pragma: no-cache' header

    authored
Commits on Aug 15, 2012
  1. added extras/myip/myip.c

    authored
  2. todo.org notes update

    authored
  3. Added the extras/myip/ directory for client IP resolution code

    authored
    The myip.c file is deployed at http://www.cipherdyne.org/cgi-bin/myip
    for fwknop client IP resolution.
Commits on Aug 14, 2012
  1. [server] Preserve any existing config files in /etc/fwknop/

    authored
    Updated the 'make install' step to not overwrite any existing config files in
    /etc/fwknop/ and instead install new copies from the source tree at
    /etc/fwknop/fwknopd.conf.inst and /etc/fwknop/access.conf.inst
Commits on Aug 12, 2012
  1. [server] 'make install' permissions fix

    authored
    Set restrictive permissions on /etc/fwknop/ directory and /etc/fwknop/* files.
    Current default permissions on /etc/fwknop/ and /etc/fwknop/* are too lax.
  2. [server] iptables 'comment' match check

    authored
    Implemented a new check to ensure that the iptables 'comment' match exists to
    ensure the proper environment for fwknopd operations.  This check is controlled
    by the new ENABLE_IPT_COMMENT_CHECK variable, and was suggested by Hank
    Leininger.
  3. todo update

    authored
  4. Added todo.org org mode file

    authored
    The todo.org mode file was built with vim and the VimOrganizer project:
    
    https://github.com/hsitz/VimOrganizer
Commits on Aug 11, 2012
  1. [server] Added GPG_ALLOW_NO_PW variable and associated test suite sup…

    authored
    …port
    
    For GPG mode, added a new access.conf variable "GPG_ALLOW_NO_PW" to make it
    possible to leverage a server-side GPG key pair that has no associated
    password.  This comes in handy when a system requires the user to leverage
    gpg-agent / pinentry which can present a problem in automated environments as
    required by the fwknopd server.  Now, it might seem like a problem to remove
    the passphrase from a GPG key pair, but it's important to note that simply
    doing this is little worse than storing the passphrase in the clear on disk
    anyway in the access.conf file.  Further, this link help provides additional
    detail:
    
    http://www.gnupg.org/faq/GnuPG-FAQ.html#how-can-i-use-gnupg-in-an-automated-environment
  2. [server] Added FLUSH_IPFW_AT_INIT and FLUSH_IPFW_AT_EXIT

    authored
    Added FLUSH_IPFW_AT_INIT and FLUSH_IPFW_AT_EXIT for ipfw firewalls to emulate
    the corresponding functionality that is implemented for iptables firewalls.
    
    Bug fix for ipfw firewalls to ensure that if the ipfw expire set is zero, then
    do not disable this set whenever the FLUSH_IPFW* variables are enabled.
    
    These changes were suggested by Jonathan Schulz.
Commits on Aug 9, 2012
Commits on Aug 5, 2012
  1. minor whitespace update

    authored
Commits on Aug 4, 2012
  1. bumped version to 2.0.2-pre1

    authored
  2. [client] -R http recv() read until close (Jonathan Schulz)

    authored
    Applied patch from Jonathan Schulz to ensure that the fwknop client reads all
    data from a remote webserver when resolving the client IP address in -R mode.
    Jonathan indicated that some webservers would transfer HTTP headers and data
    separately, and a single recv() would therefore fail to get the necessary IP
    information.
Commits on Aug 2, 2012
  1. added Jonathan Schulz

    authored
Something went wrong with that request. Please try again.