一:帮助文档
安装教程:https://blog.csdn.net/majipeng19950610/article/details/84788479
服务端配置参数:http://www.cipherdyne.org/fwknop/docs/manpages/fwknop.html
二: centos7安装fwknop
1>服务端安装
1.安装包下载
依赖: yum install openssl texinfo libtool libpcap-devel
wget http://www.cipherdyne.org/fwknop/download/fwknop-2.6.8.tar.gz
2.解压
3.tar -zvxf fwknop-2.6.8.tar.gz
4.配置
yum install libpcap
yum install libpcap-devel
yum -y install gcc
yum install curl curl-devel
./configure –prefix=/usr –sysconfdir=/etc –disable-client
5.构建并安装
make
make install
6.检查服务是否成功
which fwknopd
7.查看版本
fwknopd -V
2>配置
<1> 服务端
1.fwknopd.conf 配置
进入 /etc/fwknop/目录并打开fwknopd.conf
#网卡名称
PCAP_INTF ens33;
2.access.conf配置
[root@192 fwknop]# vim access.conf
SOURCE ANY
OPEN_PORTS tcp/22,tcp/993 #对应client端的配置写上这是成功后要打开的端口
EQUIRE_SOURCE_ADDRESS Y
#客户端的
KEY_BASE64 5yh+COwxKKqGx95DWFOMK6gB7UoiBiFDYiU4xjqiuuo=
#客户端的
HMAC_KEY_BASE64 In6u7xtEFegk+uyezVNqml/lm4yOEgJNBeAXBX0bdQK10nT7wxR04bIbVsy3d6oHMSjOnw6M1efwooNmUJ2UJw==
FW_ACCESS_TIMEOUT 20 #有效时间20秒
<2> 客户端
1.生成验证信息
fwknop -A tcp/22,tcp/993 -a 你的本地client地址192.168.1.102 -D 你的本地server地址192.168.1.102 –key-gen –use-hmac –save-rc-stanza
2.网卡配置
[root@192 fwknop]# vim ~/.fwknoprc
[172.16.30.43]
SPA_SERVER_PORT 62201
SPA_SERVER_PROTO UDP
ALLOW_IP 172.16.30.42
ACCESS udp/8099
SPA_SERVER 172.16.30.43
KEY_BASE64 5yh+COwxKKqGx95DWFOMK6gB7UoiBiFDYiU4xjqiuuo=
HMAC_KEY_BASE64 In6u7xtEFegk+uyezVNqml/lm4yOEgJNBeAXBX0bdQK10nT7wxR04bIbVsy3d6oHMSjOnw6M1efwooNmUJ2UJw==
USE_HMAC Y