Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Is this project abandoned? #344

Open
silversword411 opened this issue Oct 1, 2022 · 6 comments
Open

Is this project abandoned? #344

silversword411 opened this issue Oct 1, 2022 · 6 comments

Comments

@silversword411
Copy link

Unaccepted PRs going back 6 years
No commits in 2 years

@jp-bennett
Copy link
Collaborator

It's essentially retired. Wireguard ticks a lot of the design requirements that fwknop had. And the project runners have mostly moved on to other things.

p-linnane pushed a commit to Homebrew/homebrew-core that referenced this issue Apr 11, 2023
Does not build on Ventura
Declared abandoned in mrash/fwknop#344 (comment)
0 downloads in the last 30 days
@franzinc
Copy link

@jp-bennett I'm curious about the statement Wireguard ticks a lot of the design requirements that fwknop had. Can you elaborate on that? I've been a user of fwknop for a long time and I've only read about Wireguard (docs, articles). I can't see how it's a replacement for what fwknop provides. Thanks.

@2push4more
Copy link

@jp-bennett I'm curious about the statement Wireguard ticks a lot of the design requirements that fwknop had. Can you elaborate on that? I've been a user of fwknop for a long time and I've only read about Wireguard (docs, articles). I can't see how it's a replacement for what fwknop provides. Thanks.

I, too, share the same curiosity.

From my understanding, fwknop serves as an implementation of Single Packet Authorization (SPA), while WireGuard is primarily recognized as a comprehensive VPN solution. In the case of using fwknop to open an SSH port, the SSH connection itself acts as the encrypted tunnel, rendering the need for an additional encrypted tunnel from WireGuard unnecessary. In essence, fwknop provides a means to dynamically and automatically open ports, whereas WireGuard establishes encrypted tunnels.

Additionally, fwknop allows for a manual security layer by prompting users for a password, while WireGuard utilizes automatic asymmetric cryptography.

Considering the above, it would be unfortunate to witness the disappearance of fwknop, as I am unaware of any other comparable SPA solution. Although it is possible to configure tools like iptables and nmap for traditional port knocking, fwknop with its SPA approach represents the next-generation, more secure iteration of this concept.

If WireGuard does indeed have the capability to serve as a similar SPA solution, I would greatly appreciate any assistance in understanding this aspect more thoroughly.

Thank you in advance for your insights.

@mrash
Copy link
Owner

mrash commented May 23, 2023 via email

@e40
Copy link
Contributor

e40 commented May 23, 2023

@mrash Mike, so glad to hear this!! I think fwknop is awesome software and I'm glad it will continue to be available and supported!

@jp-bennett
Copy link
Collaborator

@jp-bennett I'm curious about the statement Wireguard ticks a lot of the design requirements that fwknop had. Can you elaborate on that? I've been a user of fwknop for a long time and I've only read about Wireguard (docs, articles). I can't see how it's a replacement for what fwknop provides. Thanks.

Sure. First off, I'm only speaking for myself. Glad to see @mrash still around. Been a long time, hope all is well.

So, the big thing that fwknop brings to the table is being able to send a cryptographically secure request to a remote server in a single packet, without a TCP port open and listening, etc. And my use case was always to use that request to open a port and connect SSH or another service. As Michael points out, Wireguard also has the single packet cryptography stuff figured out, in that each packet by itself is signed and encrypted in a way that stands alone and is secure. (So much so that I've mulled over how one might add an SPA payload directly inside a Wireguard encrypted packet.) Wireguard ignores unsigned traffic, so it's not detectable in a network scan. And it's way lighter than the old OpenVPN binaries and libraries, so Wireguard trivially builds in to a router or server.

That's obviously not the only trick that Fwknop can do, but it's the trick I used the most.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

6 participants