Skip to main content

Additional client IP addresses

Additional client IP addresses

A client may exhibit behaviour where multiple IP addresses are observed (or may be) as part of the authentication request. Situations such as:

  • Round-robin IP address assignment as part of CGNat masquerading, for stateless protocols
  • Varying source/client IP addresses for stateful (eg: SSH, RDP) protocols versus stateless (eg: HTTP/HTTPS or ports such as 443/tcp)

Another example may be where a Knocknoc Server is hosted and directly accessible via an internal (eg: RFC1918, 192.168.x) IP address, but you want certain ACLs to receive the external IP address - not just the internal address. 

Knocknoc has support for this within the ACL structure via the "Include additional IP addresses" option.

 

To enable this, the Admin setting must be enabled to collect any additional IP address information from the client user after they have logged in.

The additional IP addresses observed can then be added to the grant list, only if the option is enabled per ACL. This allows you to only expand the IP addresses for a particular ACL.

 

Back to top