DeforaNetworks/fwknop
3
0
Fork 0
Code Releases Activity
1,467 Commits 15 Branches 0 Tags
08e5c9252cba9367f1122f834bf79f499ea4e050
Commit Graph

115 Commits

Author SHA1 Message Date
Michael Rash
551b243007 (Marek Wrzosek) Update docs to reflect random 'digits' use instead of 'bytes' 
Suggested doc update to fwknop man pages to accurately describe the usage
of digits instead of bytes for SPA random data.  About 53 bits of entropy
are actually used, although this is in addition to the 64-bit random salt
in for key derivation used by PBKDF1 in Rjindael CBC mode.
 2014-01-02 20:47:41 -05:00
Michael Rash
92cdb47ff7 [server] added FORCE_MASQUERADE to fwknopd(8) man page, closes #101 
This commit completes the addition of generalized NAT (both DNAT and
SNAT) capabilities to access.conf stanzas.
 2013-12-14 15:44:39 -05:00
Michael Rash
e0114e60c2 [server] Added FORCE_SNAT to access.conf stanzas. 
Added FORCE_SNAT to the access.conf file so that per-access stanza SNAT
criteria can be specified for SPA access.
 2013-12-04 21:52:07 -05:00
Michael Rash
eb7914d45c minor ChangeLog update for --stanza-list 2013-08-08 21:37:44 -04:00
Franck Joncourt
80528e21f6 * Updated fwknop manpage to mention the new --stanza-list. 2013-07-30 21:45:24 +02:00
Michael Rash
fc39de607c minor man page update to move --syslog-enable to the server man page 2013-07-29 00:06:52 -04:00
Franck Joncourt
f1cee780d2 Merge remote-tracking branch 'upstream/master' 2013-07-28 22:11:16 +02:00
Franck Joncourt
1977973020 * Allow messages to be sent to syslog even if the foreground mode is invoked. 2013-07-28 22:07:14 +02:00
Michael Rash
a009ebfde2 [client] minor man page update to state that -a is more secure than -R 2013-07-09 23:21:12 -04:00
Michael Rash
a792e8bf4e minor man page documentation updates (added twitter reference) 2013-06-30 15:55:01 -04:00
Michael Rash
8ed088051e [libfko] fix a few 'Overfull \hbox' errors in libfko .pdf generation 2013-06-29 10:39:07 -04:00
Michael Rash
37b624ac8b bump version to 2.5, minor fwknopd -S exit status update 
This commit bumps the fwknop version to 2.5 and sets the libfko version to 2.0 to
signal incompatibility with older libfko versions.  Backwards compatibility is
maintained in SPA packet construction, but function prototypes in libfko-2.0 are
no longer compatible with older versions.

This commit also returns non-zero exit status under 'fwknopd --status' if there
is no existing fwknopd process.  This is better than always exiting with a zero
status regardless of whether fwknopd is already running or not, and adds a level
of scriptability to --status usage.  This change was suggested by George Herlin.
 2013-06-27 21:21:10 -04:00
Michael Rash
6b132862fd [client] minor man page backwards compatibility wording tweak 2013-06-20 22:12:29 -04:00
Michael Rash
e3a2289d70 [client] man page update to include GPG_SIGNING_PW synonym for KEY variable in GPG mode 2013-06-19 23:37:19 -04:00
Michael Rash
13173343ee [client] add GPG_ALLOW_NO_SIGNING_PW and --gpg-no-signing-pw 
This change brings similar functionality to the client as the GPG_ALLOW_NO_PW
keyword in the server access.conf file.  Although this option is less likely
to be used than the analogous server functionality, it stands to reason that
the client should offer this feature.  The test suite has also been updated to
not use the --get-key option for the 'no password' GPG tests.
 2013-06-18 22:51:22 -04:00
Michael Rash
afbf6d51c0 [client] minor man page backwards compatibility update to include better examples 2013-06-16 08:27:29 -04:00
Michael Rash
a3e06966b5 [client] minor man page wording update for backwards compatibility section 2013-06-10 21:14:09 -04:00
Michael Rash
46dadecf5a [client] minor man page tweak to use rc VERBOSE bool value (which is the default now) 2013-06-09 16:00:46 -04:00
Michael Rash
dbfa2579a7 [client] minor man page tweak 2013-06-09 15:57:16 -04:00
Franck Joncourt
e515ba45fe Merge remote-tracking branch 'upstream/master' 
Conflicts:
	client/fwknop.8.in
 2013-06-05 21:47:41 +02:00
Franck Joncourt
7dec26852a Updated fwknop manpage to document both the use of stdin and fd commands. 2013-06-05 21:38:26 +02:00
Michael Rash
7c4beabea0 a few HMAC doc updates to the libfko.texi file 2013-06-03 21:45:29 -04:00
Michael Rash
2874205d05 started on libfko.texi function prototype and FKO error code documentation updates 2013-06-02 14:50:37 -04:00
Michael Rash
1b41e606a7 Added backwards compatibility section to the client man page 
Added backwards compatibility section and new material on a 'quick start'
subsection for the EXAMPLES section.
 2013-06-02 13:51:25 -04:00
Michael Rash
b95292ef90 added fwknopd man page blurb for the ENABLE_PCAP_ANY_DIRECTION variable 2013-06-01 22:10:32 -04:00
Michael Rash
9b2cd9e2e5 [client] allow -D to be used in --save-rc-stanza mode if -n is not given 
This change simplifies the fwknop client usage by allowing the -D argument to
be used as the stanza name if -n is not also specified in --save-rc-stanza
mode.
 2013-05-31 23:01:47 -04:00
Michael Rash
32a6d05cdb added HMAC digests section to libfko info doc 2013-05-31 22:47:06 -04:00
Michael Rash
1e77535068 minor documentation updates 2013-05-30 22:26:09 -04:00
Michael Rash
3bc28305c3 minor client man page wording update 2013-05-22 21:20:42 -04:00
Michael Rash
cfbbac2654 man page updates - access.conf section now includes variable guidance 2013-05-21 22:10:13 -04:00
Michael Rash
dc2ff2119c [client] finished documenting client command line options via the man page 2013-05-19 15:50:16 -04:00
Franck Joncourt
3e16d6694c Fixed gpl2.0.texi to make it build. 
The @appendixsubsec entries are substituted by @appendixsec entries.
 2013-05-19 17:14:35 +02:00
Michael Rash
96bbf7e61a [client] bug fix to separate out --named-config vs. --no-save-args command line args 2013-05-18 22:36:13 -04:00
Michael Rash
ebe1aec542 continued man page updates in preparation for the 2.5 release 2013-05-17 23:05:58 -04:00
Michael Rash
2c8469e95e [client] man page update for GPG key signing material 2013-05-15 21:17:39 -04:00
Michael Rash
a6f9f1d9ec [client] completed fwknop client man page rc variable documentation 2013-05-15 20:59:29 -04:00
Michael Rash
e1a7011bf3 [docs] fwknop client man page update for HMAC material 2013-05-14 23:22:03 -04:00
Franck Joncourt
a9a143a85d Merge remote-tracking branch 'upstream/master' 2013-05-06 11:52:35 +02:00
Michael Rash
eb143db9a7 [client] added --get-hmac-key to mirror --get-key, closes #68 2013-05-05 21:54:07 -04:00
Franck Joncourt
ea8a9419ed Added force-stanza to the client documentation. 2013-05-05 22:00:02 +02:00
Michael Rash
f0036f7f22 [client] set HMAC mode whenever any HMAC option is given, add --key-hmac arg 2013-04-20 11:12:04 -04:00
Michael Rash
98d5b6d8a0 added 'legacy' initialization vector text to man pages 2013-04-02 07:47:20 -04:00
Franck Joncourt
4b63181387 Updated fwknop documentation. 2013-03-20 22:31:58 +01:00
Michael Rash
ff285961e8 Added --save-args-file and --no-save-args text to fwknop man page 2013-02-15 07:58:49 -05:00
Michael Rash
47ea800889 merged in fwknop-2.0.4 changes 2013-01-18 17:25:16 -05:00
Michael Rash
66ad134708 [server] Added '--pcap-file <file>' option 
Added a new '--pcap-file <file>' option to allow pcap files to
be processed directly by fwknopd instead of sniffing an interface.  This
feature is mostly intended for debugging purposes.
 2012-11-08 21:33:23 -05:00
Michael Rash
e4751d1c20 added icmp type/code blurb 2012-10-11 23:40:04 -04:00
Michael Rash
229a36625b Better IP spoofing support (udpraw and icmp) 
- [client] Added '-P udpraw' to allow the client to send SPA packets over
  UDP with a spoofed source IP address.  This is in addition to the
  original 'tcpraw' and 'icmp' protocols that also support a spoofed
  source IP.
- [server] Bug fix to accept SPA packets over ICMP if the fwknop client
  is executed with '-P icmp' and the user has the required privileges.
 2012-10-03 22:56:10 -04:00
Michael Rash
2aff47c7a2 minor fwknopd man page fixes 2012-10-01 22:49:45 -04:00
Michael Rash
96609e280c added mbr@cipherdyne.org to bug email list 2012-09-24 21:33:41 -04:00