I recently got around to try out fwknop and I must say it's really sweet!

One question popped up though:

I can't figure out what one would gain in security against a MITM attack using the resolving of ones public IP,
if one would be located behind a NAT'ing router? Somewhere in the documentation, there was a note
about an attacker being on the same private net, but what kind of configuration would
protect against that (except the obvious with using encrypted communication as usual).

As I am testing now, having two servers behind the same NAT firewall, one of them sends the SPA packet and both
of them can connect openVPN to the receiving openVPN server. Now this is ok because I want them to be able
to connect, but as I see it, it defeats the whole purpose of fwknop, as I can't trust the NAT'ed net.


En åt gången eller alla samtidigt? Få senaste nytt om dina vänner på en och samma plats.