Hello

I downloaded/configure/installed fwknop 2.0 on openbsd 4.9

 

I modified the fwknopd.conf:

PCAP_INTF               bge0;

PCAP_FILTER             udp dst portrange 10000-65535;

MAX_SPA_PACKET_AGE      300;

PF_EXPIRE_INTERVAL      120;

 

I added to access.conf:

SOURCE: ANY;

OPEN_PORTS: tcp/22;

REQUIRE_USERNAME: myname;

FW_ACCESS_TIMEOUT: 120;

KEY: secret;

 

And, finally, added an anchor to pf.conf:

anchor fwknop

 

Reloaded (and even rebooted) the rules with pfctl.

 

The anchor is present;  “pfctl –s all” reveals:  ‘anchor "fwknop" all’ in the list of “FILTER RULES”.

 

However, trying “fwknopd –v –f” gives:

 

Starting fwknopd

Using Digest Cache: '/usr/local/var/run/fwknop/digest.cache' (entry count = 0)

Warning: the fwknop anchor is not active in the pf policy

 

And the fwknopd process dies.

 

So, what did I miss?

 

Any help would be appreciated.

 

Thanks

 

Bye - ted