fwknop

Release Notes: On the server side, this release adds a chain_exists() check to SPA rule creation so that if any of the fwknop chains are deleted out from under fwknopd, they will be recreated on the fly. It adds new SPA packet fuzzing capability to the test suite to assist in validation of SPA operations. It adds upstart config for systems running the upstart daemon. An OpenBSD ndbm/gdbm usage bugfix. ICMP type/code client command line arguments have been added for when SPA packets are sent over ICMP.

Release Notes: Several DoS/code execution vulnerabilities for malicious fwknop clients that manage to get past the authentication stage (so such clients must possess a valid encryption key) have been fixed. Permissions and ownership checks have been added to all files consumed by the fwknop client and server. RPM builds have been fixed by including the $(DESTDIR) prefix for uninstall-local and install-exec-hook stages in Makefile.am.

Release Notes: Better handling of GnuPG for SPA packet decryption on the server side (accounts for no passphrase gpg keys when gpg-agent or pinentry are otherwise required). A bugfix in SPA packet replay detection code. A check for the existence of the iptables 'comment' match when the serve is deployed on Linux. Several other bugfixes.

Release Notes: This is the production release of the fwknop C rewrite. It brings Single Packet Authorization to three different Open Source firewalls (iptables, ipfw, and pf), embedded systems, and mobile devices. The fwknopd server runs on Linux, Mac OS X, FreeBSD, and OpenBSD. The client runs on all of these platforms as well as Android, the iPhone, and Cygwin under Windows. In addition, the client is portable, and can be compiled as a native Windows binary.

Release Notes: This release adds OpenBSD PF support, adds a new FORCE_NAT mode to transparently force authenticated connections to specified internal systems, adds a comprehensive test suite, and adds the ability to automatically expire SPA keys. Several memory handling bugfixes were made.