:
On Thu, Apr 12, 2007 at 11:25:49AM -0600, Tim Pushor wrote:
Hi friends,
I'm looking to add another IPSEC connection to my openbsd 3.9 firewall.
All examples I've seen are a single connection (phase 1). To support
multiple vpn's tunnels, is it as simple as adding additional lines under
Hi friends,
I'm looking to add another IPSEC connection to my openbsd 3.9 firewall.
All examples I've seen are a single connection (phase 1). To support
multiple vpn's tunnels, is it as simple as adding additional lines under
[Phase 1] pointing to the new phase1 configuration block?
Thanks!
to figure out why Path MTU discovery isn't working, but
thats minor at this point.
I'd love to send you a pizza of your choice. Please drop me an email and
it'll be done. I'm serious. I'm SO relieved.
Thanks,
Tim
Darren Spruell wrote:
On 2/19/07, Tim Pushor [EMAIL PROTECTED] wrote:
Hi all
Hi all,
I'm getting to the point where I don't really know where to turn. I am
having a weird problem with an OpenBSD server/firewall that has a
permament IPSec tunnel to a checkpoint embedded security device. The
problem is, that half the time large packets can't get through. I've
trial and
May be a dumb question, but how do I look at traffic going over an IPSEC
tunnel, on one of the OpenBSD machines? I've tried tcpdump -i enc0 but
get nothing ..
That was it, thank you :) Its been one of those days :)
Jason Dixon wrote:
On Feb 8, 2007, at 5:15 PM, Tim Pushor wrote:
May be a dumb question, but how do I look at traffic going over an
IPSEC tunnel, on one of the OpenBSD machines? I've tried tcpdump -i
enc0 but get nothing ..
The enc0
Hi friends,
I am having a strange problem with a VPN that I've set up between an
OpenBSD 3.9 server and a Checkpoint VPN-1 device. I've pretty much
followed the guide at http://anubis.dweebsoft.com/HOWTO/isakmpd.html. I
have to admit that I don't know enough about ipsec / isakmp.
I do get
Have you tried using cpio in passthrough mode? I've used CPIO on big
systems before with success, although admittedly not on OpenBSD ..
Matthias Bertschy wrote:
OpenBSD 3.7 - i386
Pentium 4 3GHz - 1GB RAM - 2GB swap
Hello list,
For the past 3 weeks, I have been working on a difficult
Steve Glaus wrote:
Ok, I gotcha, trunk just looked like a ready mad solution for what I
was trying to do... Could you tell me WHY it's not able to be used for
that and what it is for?
I've gone the pf route before to but it seems to add a lot of
complexity to my ruleset
trunk(4) is mainly
Steve Glaus wrote:
Tim Pushor wrote:
Steve Glaus wrote:
Ok, I gotcha, trunk just looked like a ready mad solution for what
I was trying to do... Could you tell me WHY it's not able to be used
for that and what it is for?
I've gone the pf route before to but it seems to add a lot
Again, does anyone have any ideas? Can other people access ticketmaster
through their CARP'd NAT firewall?
Yeah it works fine over here. How about cranking PF's debugging and
watching syslog? pfctl -x loud
Tim
Travers Buda wrote:
Hi Friends,
I am wondering anyone can think of why I shouldn't provide secondary
DNS services from a carp cluster of OpenBSD systems? I have an issue
where my primary DNS server is non-redundant, and trying to find a
good place for a secondary. I have a cluster of OpenBSD
Joachim Schipper wrote:
It will work, but as noted, there's no particular reason to do this;
redundancy is built into the DNS protocol.
Well, there is a reason since I need another box to act as a secondary ;-)
The only caveat I can think of is that running services on a firewall
weakens
Hi Joachim,
Joachim Schipper wrote:
On Thu, Aug 03, 2006 at 02:26:40PM -0600, Tim Pushor wrote:
Well, after playing a little with trunk(4), etherchannel, and carp I am
wondering something:
Trying to achieve both firewall redundancy (via carp) and ethernet
redundancy (via trunk(4)), would
Well, after playing a little with trunk(4), etherchannel, and carp I am
wondering something:
Trying to achieve both firewall redundancy (via carp) and ethernet
redundancy (via trunk(4)), would it be possible and (and maybe even
recommended) to have firewall-1 connected solely to switch-1 and
Jason Dixon wrote:
On Aug 1, 2006, at 2:48 PM, Tim Pushor wrote:
Can anyone recommend another 4 port 10/100 ethernet card that will
work well with OpenBSD 3.9?
I don't have any recommendations on 4 port cards. If you have a
switch that will support it, you should consider using VLANs
Hi Jason,
Jason Dixon wrote:
On Aug 1, 2006, at 3:13 PM, Tim Pushor wrote:
Jason Dixon wrote:
On Aug 1, 2006, at 2:48 PM, Tim Pushor wrote:
Can anyone recommend another 4 port 10/100 ethernet card that will
work well with OpenBSD 3.9?
I don't have any recommendations on 4 port cards
Stuart Henderson wrote:
The vlan idea makes a fair bit of sense - carp(4) over vlan(4)
over trunk(4) over $some_nic(4) or some other mix - but if this
is used for security be aware that your switch then becomes a
security device. Google will find more information, including
Jason Dixon wrote:
On Aug 1, 2006, at 5:23 PM, Tim Pushor wrote:
Stuart Henderson wrote:
The vlan idea makes a fair bit of sense - carp(4) over vlan(4)
over trunk(4) over $some_nic(4) or some other mix - but if this
is used for security be aware that your switch then becomes a
security device
pull the
plug on one.
Thanks again,
Tim
Tim Pushor wrote:
Hi friends,
I am trying to setup my first firewall w/failover via carp pfsync. I
have it almost working, but am having a couple issues. I am hoping
someone will be able to help :)
First, before I enabled preemption I almost always
Hi friends,
I am trying to setup my first firewall w/failover via carp pfsync. I
have it almost working, but am having a couple issues. I am hoping
someone will be able to help :)
First, before I enabled preemption I almost always had one machine being
master for one of the carp
between the
workstation and firewalls?
Kian
On 9/20/06, Tim Pushor [EMAIL PROTECTED] wrote:
Hi friends,
I am trying to setup my first firewall w/failover via carp pfsync. I
have it almost working, but am having a couple issues. I am hoping
someone will be able to help :)
First, before I enabled
22 matches
Mail list logo