Skip to main content

VPNs, internal addresses and access

You may want to limit the ability to access a Knoc, depending on where your user is logging in to Knocknoc from. 

For example, an internal subnet should only be opened up if the user is connecting from an internal IP address range, or if they are connected to a VPN and have an internal IP address. Knocknoc allows this through a Knoc option, with IP address ranges configured as either an allow-list, deny-list or RFC1918 set.

By default "Anywhere" is selected, however selecting RFC1918 will enable the Knoc only if the logging-in user has an IP within those ranges.Screenshot 2025-07-02 at 13.31.39.png

Alternatively, IP addresses can be entered in either an Allow or Deny list form.

Screenshot 2025-07-02 at 13.31.53.png

Only when the user is connecting from these addresses will the Knoc be enabled and perform the grant process.

When a Knoc is disabled, it will still be shown to the connecting user with a note to contact their administrator.

Screenshot 2025-07-02 at 13.33.11.png

Screenshot 2025-07-02 at 13.57.21.png