VPNs, internal addresses and visibility

You may want to limit the ability to Knoc, depending on where your user is logging in to Knocknoc from. 

For example, an internal subnet should only be opened up if the user is connecting from an internal IP address range (in the case of IPv4 RFC1918 NAT), or if they are connected to a VPN.

Knocknoc allows this through a Knoc Option, with IP address ranges configured as either an allow-list, deny-list or RFC1918 set.

Only when the user is connecting from these addresses will the Knoc be enabled and perform the grant process.