On Mar 09, 2009, Agile Aspect wrote:
> Hi - I'd like to grant access to both OpenVPN and SSH.
> In fwknop, there's an entry
> OPEN_PORTS: tcp/22;
> I presume I can change it to
> OPEN_PORTS: tcp/22, udp/1194;
> where the last entry udp/1194 is for OpenVPN - correct?
Yes, you can make that change in access.conf, and then on the fwknop
command line you would need to use "-A tcp/22,udp/1194" when you want
access to both ports. If you only use "-A tcp/22", then just that port
will be opened.
> And how about access.conf - do I need to duplicate the enclosed
> 4 lines for each protocol (since they may not be connecting from
> the same source?)
> SOURCE: ANY;
> OPEN_PORTS: tcp/22; ### for ssh (change for access to other services)
> KEY: __CHANGEME__;
> FW_ACCESS_TIMEOUT: 30;
Do you mean that you want one IP to generate the SPA packet, and the
firewall would be opened for port 22 for some IP, and udp port 1194
would be opened a completely different IP? If so, fwknop does not
really support that in the same SOURCE stanza in the access.conf file.
You can use the -a argument on the fwknop command line to encode which
IP should be allowed through, but only that one IP will apply to each
Btw, I've added a "multi-port" test to the test suite for the upcoming
fwknop-1.9.11 release. Here is the -pre5 release that has this if you
want to try it:
Key fingerprint: E2EF 0C8A 5AA9 654C 4763 B50F 37AC E946 7F51 8271
> Article. VI. Clause 3 of the constitution of the United States states:
> "The Senators and Representatives before mentioned, and the Members of
> the several State Legislatures, and all executive and judicial Officers,
> both of the United States and of the several States, shall be bound by
> Oath or Affirmation, to support this Constitution; but no religious Test
> shall ever be required as a Qualification to any Office or public Trust
> under the United States."
> Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA
> -OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise
> -Strategies to boost innovation and cut costs with open source participation
> -Receive a $600 discount off the registration fee with the source code: SFAD
> Fwknop-discuss mailing list