On 13/11/2020 17.58, Nicholas Capo wrote: > On Fri, 2020-11-13 at 16:46 +0100, Sune Mølgaard wrote: >> Hiya, >> >> I am looking towards deploying WireGuard as my primary VPN >> connection, >> and wonder a bit if the various clients (Android, wg-quick, whatever >> there is for macOS, iOS and Windows), could be made to include the >> possibility of calling external programs upon (re-)connections, in my >> case specifically for port knocking, but possibly useful for other >> purposes as well? >> >> In the cases of Android and iOS, I am a bit unsure about interaction >> with other apps, so maybe, to begin with, just built-in port knocking >> capabilities could be considered. >> >> Any thoughts? >> > > In my experence there isn't really a case where the client gets > disconnected (like a crash) and then needs to reconnect. > For me the client always stays enabled, but if there is a problem at > the remote end then packets don't go anywhere. > > In other words the traffic might get dropped by the remote (feels like > no traffic *at all*), but I've never seen a situation where I was > accedentially sending unencrypted traffic. > > Nicholas > > >
Hi Nicholas, Well, my worry was that if I used port knocking, then, since I also use fail2ban on the server, the client (phone specifically), would change IP-addresses, need to knock, or else get banned. But if I understand Jason correctly (thank you, Jason), even if we employ port knocking for a few other things, if we keep the WG port open, it will actually look closed, unless one actually has a legitimate client and client config. Is that understanding correct? -- Real programmers don't comment... What was hard to write should be hard to read.
