1. 编译
wget http://www.cipherdyne.org/fwknop/download/fwknop-2.6.10.tar.gztar -zvxf fwknop-2.6.10.tar.gzcd fwknop-2.6.10# 准备依赖yum install openssl texinfo libtool libpcap-devel# 配置./configure --prefix=/usr --sysconfdir=/etc --disable-client LIBS=-lpthreadmake报错:WARNING: ‘aclocal-1.14’ is missing on your system.autoreconf -ivfmake & make installwhich fwknopd# vim /etc/fwknop/fwknopd.confPCAP_INTF ens256;VPP_TELNET_IP 172.16.1.100;VPP_TELNET_PORT 5002;WORKER_CNT 8;ENABLE_BACKUP N;BACKUP_VIP 172.16.1.77;BACKUP_PEER_IP 172.16.1.102;BACKUP_PEER_MAC 00:0c:29:09:95:17;# vim /etc/fwknop/access.confSOURCE ANYREQUIRE_USERNAME bobOPEN_PORTS udp/4567,tcp/50152,tcp/22REQUIRE_SOURCE_ADDRESS YKEY_BASE64 p54XnkUGdXQwoyP1Ip6fja9+y+4EPYrBXx/BgCDd5JM=HMAC_KEY_BASE64 p54XnkUGdXQwoyP1Ip6fja9+y+4EPYrBXx/BgCDd5JP7bFKcnMJeGN8W0zLk49PsHSbQkhkujfc46luXh5mPgQ==FW_ACCESS_TIMEOUT 60SOURCE ANYREQUIRE_USERNAME bobOPEN_PORTS udp/4567REQUIRE_SOURCE_ADDRESS YKEY_BASE64 p54XnkUGdXQwoyP1Ip6fja9+y+4EPYrBXx/BgCDd5JM=HMAC_KEY_BASE64 p54XnkUGdXQwoyP1Ip6fja9+y+4EPYrBXx/BgCDd5JP7bFKcnMJeGN8W0zLk49PsHSbQkhkujfc46luXh5mPgQ==FW_ACCESS_TIMEOUT 30
2. 服务器
# 启动fwknopd# 关闭fwknopd -Kkill -9 `pidof fwknopd`# 查看fwknopd --fw-list
3. 客户端
3.1 发起spa
# 生成配置fwknop -A udp/4567 -a 172.16.1.98 -D 172.16.1.99 --key-gen --use-hmac --save-rc-stanza# 发起spafwknop -n 172.16.1.99 -U bob \--key-base64-rijndael p54XnkUGdXQwoyP1Ip6fja9+y+4EPYrBXx/BgCDd5JM= \--key-base64-hmac p54XnkUGdXQwoyP1Ip6fja9+y+4EPYrBXx/BgCDd5JP7bFKcnMJeGN8W0zLk49PsHSbQkhkujfc46luXh5mPgQ== \-a 172.16.1.98
3.2 扫描服务器
# 扫描tcpnmap 172.16.1.100 -p50152nmap 172.16.1.100 -p22# 扫描udpnmap 172.16.1.100 -sU -p 4567
若有收获,就点个赞吧
0 人点赞
