Skip to content
/ fwknop Public
forked from mrash/fwknop

Client and Gateway Modules for Software Defined Perimeter (SDP)

License

GPL-2.0 license
88 stars 234 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

WaverleyLabs/fwknop

37 Branches37 Tags
This branch is 61 commits ahead of, 442 commits behind mrash/fwknop:master.

Folders and files

NameName
Last commit message
Last commit date

Latest commit

author
Daniel Bailey
[#178665617] Fix ctrl client timeout for connection failure
Jun 24, 2021
db2f4d0 · Jun 24, 2021

History

2,316 Commits
android
android
Jun 11, 2015
client
client
Jun 24, 2021
common
common
Dec 17, 2020
doc
doc
Nov 13, 2015
extras
extras
Dec 10, 2015
iphone
iphone
Mar 14, 2014
lib
lib
Jun 24, 2021
m4
m4
May 13, 2013
perl
perl
Nov 29, 2016
python
python
Feb 27, 2017
server
server
Jun 24, 2021
test
test
Apr 25, 2017
win32
win32
Jul 16, 2015
.gitignore
.gitignore
Dec 17, 2020
AUTHORS
AUTHORS
Mar 14, 2014
COPYING
COPYING
Dec 21, 2008
CREDITS
CREDITS
Nov 13, 2015
ChangeLog
ChangeLog
Dec 5, 2015
ChangeLog.git
ChangeLog.git
Aug 25, 2015
INSTALL
INSTALL
Dec 17, 2020
Makefile.am
Makefile.am
Jan 12, 2017
NEWS
NEWS
Jul 10, 2013
README
README
Jul 19, 2014
README.md
README.md
Apr 18, 2017
VERSION
VERSION
Jul 16, 2015
Waverley Labs OpenSDP Installation and Configuration.docx
Waverley Labs OpenSDP Installation and Configuration.docx
Dec 17, 2020
Waverley Labs OpenSDP Installation and Configuration.pdf
Waverley Labs OpenSDP Installation and Configuration.pdf
Dec 17, 2020
autogen.sh
autogen.sh
May 13, 2013
configure.ac
configure.ac
Sep 14, 2020
fwknop.spec
fwknop.spec
Aug 25, 2015

Repository files navigation

fwknop - Software Defined Perimeter Client and Gateway Components

Description

This project is an open source implementation of the client and gateway components for a Software Defined Perimeter (SDP). This code has been tested on *nix type systems only.

For more information on SDP, see the following sites:

http://www.waverleylabs.com/services/software-defined-perimeter/

https://cloudsecurityalliance.org/group/software-defined-perimeter/

Introduction

This project is a fork of the fwknop project. fwknop originally implemented an authorization scheme known as Single Packet Authorization (SPA) for strong service concealment. Because SPA later became the basis for SDP, fwknop was forked and built upon to implement the additional features required to create an SDP system. The only component of SDP not included in this repo is the controller, which is also freely available at:

https://github.com/WaverleyLabs/SDPcontroller

Tutorial

A manual for installation and configuration of SDP can be found here:

Waverley Labs OpenSDP Installation and Configuration.pdf (in the root folder of this project)

A comprehensive tutorial on SPA (and how fwknop used to work) can be found here:

http://www.cipherdyne.org/fwknop/docs/fwknop-tutorial.html

License

The fwknop project is released as open source software under the terms of the GNU General Public License (GPL v2).

Building fwknop

This distribution uses GNU autoconf for setting up the build. Please see the INSTALL file for the general basics on using autoconf.

There are some "configure" options that are specific to fwknop. They are (extracted from ./configure --help):

  --disable-client        Do not build the fwknop client component. The
                          default is to build the client.
  --disable-server        Do not build the fwknop server component. The
                          default is to build the server.
  --with-gpgme            support for gpg encryption using libgpgme
                          [default=check]
  --with-gpgme-prefix=PFX prefix where GPGME is installed (optional)
  --with-gpg=/path/to/gpg Specify path to the gpg executable that gpgme will
                          use [default=check path]
  --with-firewalld=/path/to/firewalld
                          Specify path to the firewalld executable
                          [default=check path]
  --with-iptables=/path/to/iptables
                          Specify path to the iptables executable
                          [default=check path]
  --with-ipfw=/path/to/ipfw
                          Specify path to the ipfw executable [default=check
                          path]
  --with-pf=/path/to/pfctl
                          Specify path to the pf executable [default=check
                          path]
  --with-ipf=/path/to/ipf Specify path to the ipf executable [default=check
                          path]

Examples:

./configure --disable-client --with-firewalld=/bin/firewall-cmd
./configure --disable-client --with-iptables=/sbin/iptables --with-firewalld=no

About

Client and Gateway Modules for Software Defined Perimeter (SDP)

Resources

Readme

License

GPL-2.0 license
Activity
Custom properties

Stars

88 stars

Watchers

15 watching

Forks

51 forks
Report repository

Releases

37 tags

Packages

No packages published

Languages

  • Perl 48.9%
  • C 40.1%
  • Roff 3.0%
  • XS 1.5%
  • Python 1.2%
  • 1C Enterprise 1.1%
  • Other 4.2%