I was able to successfully configure fwknop2 in my OpenWRT router following the instructions in the wiki. It was easier than I expected.
I have the android client and when I "knock" I'm able to SSH to the router during the following 60 seconds from the phone.
However, it seems fwknop2 only opens the firewall for the IP from which it received the "knock". Although I admit it is much more secure that way, I'd like the firewall to open for any IP.
The reason is simple: I'd like to use the android client to knock and open the firewall and then SSH from my laptop.
Any idea where can this be configured? I was looking into the config files and on-line user guide, but without success...
Although that would work, it's not my preferred option. Maybe I should have said that in the original post.
Anyway, I can be abroad using somebody else's laptop and just want to ssh to my router to check how things are. It would be much more handy to knock from my phone. I don't want the hassle of having to install fwknop2 everywhere and I'd like also to learn about configuration of fwknop.
Any other comment on this one?
I guess there are plenty of valid use cases where you shouldn't need to install the fwknop client on the device you are using to connect. At least we should be able to chose it, right?
Ex: I want to give temporary access to a certain server in my LAN to a friend (the router has the corresponding port re-directions).
I can run fwknopd from my mobile, with the specific profile. I don't want to share with him the total fwknopd configuration.
There should be a place (file) where the iptables command that fwknop2 issues is configured. Or would it be hardcoded in fwknop2?
If not hardcoded, I'd just need to slighlty change the command so it can accept connections from anywhere, rather than just from the IP where the SPA was sent.