I am looking at implementing a portknocking solution with the user guide provided for the fwknop package in the official wiki. I am able to send udp datagrams from my android device using the fwknop2 app and see they are coming in on my openwrt device on the correct port, but the android device is sending them with ipv6 addressing. In the fwknop configuration I can only specify a single interface to listen on, i chose the wan interface hoping it would cover ipv4 as well as ipv6. Turns out it does not. Strangely, i cannot make my phone use ipv4 instead of ipv6. Do you know whether there is fork or a new package that supports port knocking with ipv6?
Port knocking is not secure, a VPN is - and is easy to install these days. E.g. wireguard stays totally silent, unless you have the correct secure key, in a way it's a successor to mere port knocking.
1 Like
I am running wireguard, but opening the wireguard port only for a specific ip address is definitely more secure than having that port open all the time for any host, that’s why I am looking into it.
It's not.
Having the correct wireguard key as authentication is multiple orders of magnitude more secure than even the most complex port knocking sequence.
1 Like