Fwknop clients

I have a web server that I am able to reach using Fwknop. The client configuration works as expected on Ubuntu and CentOS.

Here is my client config:

[my.domain.name]
ACCESS tcp/443
ALLOW_IP 0.0.0.0
SPA_SERVER <my_domain>
KEY_BASE64 <my_key>
HMAC_KEY_BASE64 <my_key>
NAT_ACCESS 172.30.x.x,443
USE_HMAC Y
VERBOSE Y
RESOLVE_IP_HTTPS Y

From the command line I can run:
$fwknop -n my.domain.name --verbose

I am wondering how to make the Fwknop2 (Android) client work in the same way or if that is possible? Can anyone share some pointers? It doesn't seem like all the same options are available, but I could be wrong.

@jeremytourville, welcome to the community!

Where is the OpenWrt device in this setup?

1 Like

Thanks for the offer to assist! Fwknop is running on my router as the primary gateway device. I had missed an option available in a dropdown menu initially. I was able to get it working after creating a working config with a regular client on Centos 7. Once I had a working config in Centos it was pretty easy to figure out how to modify the Android client to act in the same way. For purposes of posterity and to hopefully help others here is the config that worked for me.

Set up a new config by clicking on the triple dots. Click the triple dots again and choose “capture qr”

Now scan the QR code from OpenWRT. The keys will be imported.

Nickname: Give it a name (It’s just a label to identify the config to you)

Server Address: <my_domain_name>

Server Port 62201

Protocol: UDP

Allow IP: Choose “Resolve IP” from the dropdown menu

Message Type: choose “NAT Access” from the dropdown menu

Access Ports: tcp/443

Firewall Timeout: Pick a reasonable number that will allow you enough time to open your web browser and establish a connection after sending the packet. I have mine set for 30 seconds.

Internal IP: 172.30.x.x

Internal Port: 443

Run External App: None

Click the triple dots again and save config.

Now highlight the new entry you just created and click on” send knock”. You should get a success message.

You only described a CentOS and Android device. Could you please explain in precise detail how/where the OpenWrt is involved here?

  • Is this the router you describe?
  • If so, can you show us the OpenWrt configs?

My issue is fixed. I can post the configs from the OpenWRT router running the fwknop daemon if you'd like. My point was about getting similar configs on the client though. I already had a working config on the OpenWRT device acting as the server. It is not my intent to sound snippy. I just want to provide clarification of my original question.

I'm glad you got it working. Your original post and question wasn't clear (hence asking where the OpenWrt was involved). As you never mentioned that there was a working config on the router and never shared that [working] config, I had no clue how to assist.

  • Actually, can you post the working and fixed config - and perhaps tell us what client device you were trying to generate a config for (you never mentioned it)?
  • If the Android, can you share the Play Store link to the app in question?

And again, welcome to the community!

:+1:

(Also be mindful, most people think that you need help with an OpenWrt device when seeking help in the OpenWrt forum.)

I wanted to follow up and say thanks! I knew posting about client config for an Android device was a long shot. It was my hope that someone had some exeperience with both the Android and a pc client such as Centos or Ubuntu.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.