External IP resolution via '-R' (or '--resolve-ip-http') is now done via SSL by default. The IP resolution URL is now 'https://www.cipherdyne.org/cgi-gin/myip', and a warning is generated in '-R' mode whenever a non-HTTPS URL is specified (it is safer just to use the default). The fwknop client leverages 'wget' for this operation since that is cleaner than having fwknop link against an SSL library.
21 lines
811 B
Plaintext
21 lines
811 B
Plaintext
[default]
|
|
ACCESS tcp/22
|
|
SPA_SERVER 127.0.0.1
|
|
ALLOW_IP resolve
|
|
USE_HMAC Y
|
|
HMAC_DIGEST_TYPE sha256
|
|
KEY_BASE64 wzNP62oPPgEc+kXDPQLHPOayQBuNbYUTPP+QrErNDmg=
|
|
HMAC_KEY_BASE64 Yh+xizBnl6FotC5ec7FanVGClRMlsOAPh2u6eovnerfBVKwaVKzjGoblFMHMc593TNyi0dWn4opLoTIV9q/ttg==
|
|
DIGEST_TYPE sha256
|
|
SPA_SERVER_PROTO udp
|
|
SPA_SERVER_PORT 62201
|
|
SPOOF_USER mbrtest
|
|
VERBOSE Y
|
|
TIME_OFFSET -1s
|
|
ENCRYPTION_MODE CBC
|
|
USE_GPG N
|
|
USE_GPG_AGENT N
|
|
RESOLVE_IP_HTTPS Y
|
|
HTTP_USER_AGENT FwknopTestSuite/2.6
|
|
RESOLVE_URL https://www.cipherdyne.org/cgi-bin/myip
|