Permalink
Commits on Aug 18, 2012
  1. fwknop-2.0.2 release

    mrash committed Aug 18, 2012
  2. Better --resolve-url handling

    mrash committed Aug 18, 2012
    Chop any trailing '/' char, be more careful about handling incoming large HTTP
    responses, print the HTTP request and response in --verbose --verbose mode.
Commits on Aug 17, 2012
  1. todo.org notes update

    mrash committed Aug 17, 2012
Commits on Aug 16, 2012
  1. [client] Added cipherdyne.com backup check in -R mode.

    mrash committed Aug 16, 2012
    Added backup check against a cipherdyne.com 'myip' cgi instance in -R mode if
    the normal check against cipherdyne.org fails.
  2. added 'Pragma: no-cache' header

    mrash committed Aug 16, 2012
Commits on Aug 15, 2012
  1. added extras/myip/myip.c

    mrash committed Aug 15, 2012
  2. todo.org notes update

    mrash committed Aug 15, 2012
  3. Added the extras/myip/ directory for client IP resolution code

    mrash committed Aug 15, 2012
    The myip.c file is deployed at http://www.cipherdyne.org/cgi-bin/myip
    for fwknop client IP resolution.
Commits on Aug 14, 2012
  1. [server] Preserve any existing config files in /etc/fwknop/

    mrash committed Aug 14, 2012
    Updated the 'make install' step to not overwrite any existing config files in
    /etc/fwknop/ and instead install new copies from the source tree at
    /etc/fwknop/fwknopd.conf.inst and /etc/fwknop/access.conf.inst
Commits on Aug 12, 2012
  1. [server] 'make install' permissions fix

    mrash committed Aug 12, 2012
    Set restrictive permissions on /etc/fwknop/ directory and /etc/fwknop/* files.
    Current default permissions on /etc/fwknop/ and /etc/fwknop/* are too lax.
  2. [server] iptables 'comment' match check

    mrash committed Aug 12, 2012
    Implemented a new check to ensure that the iptables 'comment' match exists to
    ensure the proper environment for fwknopd operations.  This check is controlled
    by the new ENABLE_IPT_COMMENT_CHECK variable, and was suggested by Hank
    Leininger.
  3. todo update

    mrash committed Aug 12, 2012
  4. Added todo.org org mode file

    mrash committed Aug 12, 2012
    The todo.org mode file was built with vim and the VimOrganizer project:
    
    https://github.com/hsitz/VimOrganizer
Commits on Aug 11, 2012
  1. [server] Added GPG_ALLOW_NO_PW variable and associated test suite sup…

    mrash committed Aug 11, 2012
    …port
    
    For GPG mode, added a new access.conf variable "GPG_ALLOW_NO_PW" to make it
    possible to leverage a server-side GPG key pair that has no associated
    password.  This comes in handy when a system requires the user to leverage
    gpg-agent / pinentry which can present a problem in automated environments as
    required by the fwknopd server.  Now, it might seem like a problem to remove
    the passphrase from a GPG key pair, but it's important to note that simply
    doing this is little worse than storing the passphrase in the clear on disk
    anyway in the access.conf file.  Further, this link help provides additional
    detail:
    
    http://www.gnupg.org/faq/GnuPG-FAQ.html#how-can-i-use-gnupg-in-an-automated-environment
  2. [server] Added FLUSH_IPFW_AT_INIT and FLUSH_IPFW_AT_EXIT

    mrash committed Aug 11, 2012
    Added FLUSH_IPFW_AT_INIT and FLUSH_IPFW_AT_EXIT for ipfw firewalls to emulate
    the corresponding functionality that is implemented for iptables firewalls.
    
    Bug fix for ipfw firewalls to ensure that if the ipfw expire set is zero, then
    do not disable this set whenever the FLUSH_IPFW* variables are enabled.
    
    These changes were suggested by Jonathan Schulz.
Commits on Aug 9, 2012
Commits on Aug 5, 2012
  1. minor whitespace update

    mrash committed Aug 5, 2012
Commits on Aug 4, 2012
  1. bumped version to 2.0.2-pre1

    mrash committed Aug 4, 2012
  2. [client] -R http recv() read until close (Jonathan Schulz)

    mrash committed Aug 4, 2012
    Applied patch from Jonathan Schulz to ensure that the fwknop client reads all
    data from a remote webserver when resolving the client IP address in -R mode.
    Jonathan indicated that some webservers would transfer HTTP headers and data
    separately, and a single recv() would therefore fail to get the necessary IP
    information.
Commits on Aug 2, 2012
  1. added Jonathan Schulz

    mrash committed Aug 2, 2012