On Fri, Oct 10, 2014 at 7:31 PM, Ian Grant <[email protected]> wrote: > I want to try to implement some form of concealed port knocking in > OpenBSD, along the lines of [Julian] Kirsch:
Thanks to everyone that replied. You know who you aren't :-) Several people said I should look at adding (to pf) a new IOCTL and a pre-handshake TCP state with the PSK for given source and a new timeout for expiring PSKs. Then ordinary packet re-writes will do the re-routing. So that's what I'm doing. Someone also pointed out that all the VPN encryption key-management could be handled by iked. A lot of this awesome stuff in here is all new to me, it was 3.x that I last seriously used. I'm even more impressed with OpenBSD than I thought I was. More comments would be gratefully received. Also, can anyone lend me a hundred dollars, for ever? I will be literally on the streets (again!) in a few days otherwise. Thanks again Ian
