could some one please explain what is means that snapshots are
*always* actually releases?
In /usr/src/etc/Makefile, there used to be two targets to create
tarballs to share a system with someone else:
- make snapshot, which would create rough tarballs of various filesystem
locations
On Thu, 27 Jul 2006, Nick Guenther wrote:
Why does cat retain the -[etv], -[bn] and -[s] options? I am reading
the paper cited in cat's manpage and saw 'vis' mentioned. vis is in
base, and line numbering and stripping can be done with sed, so why
does cat have those options? Is for history,
I am a new user having just installed OpenBSD for the first time. I am
having trouble with my PCMCIA cards. I have 2 cards, both 3COM, and two
PCMCIA slots (TI-PCI1130, see dmesg below).
I am currently having two issues: system hangs in bios after reboot and
kernel panics when pcmcia card is
Nick Guenther [EMAIL PROTECTED] writes:
...
Anyway, I wasn't trying to fight about it, I'm just curious.
...
sed -n l has been around since forever or at least since v7.
Presumably before that folks used ed or od.
cat -v -e etc. have been around in *bsd since at least 4.1bsd.
I don't remember
On 28/07/06, Marcus Watts [EMAIL PROTECTED] wrote:
Nick Guenther [EMAIL PROTECTED] writes:
...
Anyway, I wasn't trying to fight about it, I'm just curious.
...
sed -n l has been around since forever or at least since v7.
Presumably before that folks used ed or od.
cat -v -e etc. have been
Hi there,
for the first time during my employment I have the
opportunity to introduce OpenBSD into a production of
the corporate environment as an VPN concentrator i.e.
remote access server. The problem is, all folks here
are very Linux biased and introducing OpenBSD for such
an important task is
Hi.
I'm looking for some gigabit netcards. And I was checking up on if the
Intel 82541PI is supported by OpenBSD.
Looking through the supported hardware for i386 page I found that
i82541 is supported in the gigabit section.
Looking in the em(4) manpage I found that a series of 82541's is
On 28 jul 2006, at 11.19, jeraklo wrote:
...
The network layout looks like following:
CLIENT (can have public IP or private IP)
| (private client IP assumes default gateway uses NAT)
|
|
INTERNET
|
|
NIC_0_FIREWALL_0 (public IP)
FIREWALL_0
NIC_1_FIREWALL_1 (public IP, subnet_A)
|
|
NIC_0
On 2006/07/28 13:19, Lasse Bach wrote:
Looking through the supported hardware for i386 page I found that
i82541 is supported in the gigabit section.
Looking in the em(4) manpage I found that a series of 82541's is
supported. But the PI is not listed.
I think it may be caught by the
On 7/28/06, Miod Vallat [EMAIL PROTECTED] wrote:
could some one please explain what is means that snapshots are
*always* actually releases?
In /usr/src/etc/Makefile, there used to be two targets to create
tarballs to share a system with someone else:
- make snapshot, which would create rough
On 28 jul 2006, at 14.09, jeraklo wrote:
So, you are saying that pf(4), ipsec(4), ipsecctl(8),
and maybe vpn(8) is all I need ? Do I have to make
That's a good start, yes. Plus it should be fairly easy to find
configuration examples for setups like this.
some special tweakings on the
On Fri, Jul 28, 2006 at 02:28:44PM +0200, H?kan Olsson wrote:
On 28 jul 2006, at 14.09, jeraklo wrote:
So, you are saying that pf(4), ipsec(4), ipsecctl(8),
and maybe vpn(8) is all I need ? Do I have to make
That's a good start, yes. Plus it should be fairly easy to find
configuration
On Fri, Jul 28, 2006 at 02:19:46AM -0700, jeraklo wrote:
Hi there,
for the first time during my employment I have the
opportunity to introduce OpenBSD into a production of
the corporate environment as an VPN concentrator i.e.
remote access server. The problem is, all folks here
are very
Original message
Date: Fri, 28 Jul 2006 14:28:44 +0200
From: Hekan Olsson [EMAIL PROTECTED]
Subject: Re: VPN help needed: OpenBSD in the corporate environment instead of
Linux
To: jeraklo [EMAIL PROTECTED]
Cc: misc@openbsd.org
On 28 jul 2006, at 14.09, jeraklo wrote:
So, you are
I just wanted to simplify the layout (it seems at the
end it went more complex, sorry), but two firewalls
are actually PIX firewall with several interfaces.
So, you are saying that pf(4), ipsec(4), ipsecctl(8),
and maybe vpn(8) is all I need ? Do I have to make
some special tweakings on the
On 7/28/06, Otto Moerbeek [EMAIL PROTECTED] wrote:
On Thu, 27 Jul 2006, Nick Guenther wrote:
Why does cat retain the -[etv], -[bn] and -[s] options?
Once you've added a flag to a command it's almost impossible to remove it
for compatibility reasons.
Thanks Otto. That's what I figured but I
On Jul 28, 2006, at 8:09 AM, jeraklo wrote:
I just wanted to simplify the layout (it seems at the
end it went more complex, sorry), but two firewalls
are actually PIX firewall with several interfaces.
So, you are saying that pf(4), ipsec(4), ipsecctl(8),
and maybe vpn(8) is all I need ? Do I
--- Joachim Schipper [EMAIL PROTECTED] wrote:
There is something in the archives about usable
IPsec clients for
Windows. The built-in one certainly isn't.
ok. good to know.
This shouldn't be too difficult. Start by installing
-current, which has
a very neat new configuration interface -
On Fri, 28 Jul 2006 06:30:13 -0700 (PDT)
jeraklo [EMAIL PROTECTED] wrote:
Alternately, for a more shiny, more
firewall-friendly, but less
efficient protocol and not quite as secure an
implemenation, try
OpenVPN. It runs on Windows, Mac OS X, and (most?)
POSIX-compliant
systems that
On 2006/07/28 06:30, jeraklo wrote:
sorry. got to go with the stable branch (3.9).
ipsec.conf(5) was added for 3.8, and improved between then and
-current. isakmpd.conf(5) is no longer present in -current, so it
makes sense to use ipsec.conf(5) right away.
OK but do OpenVPN connections survive
The proposed design will definitely be initially
tested in a lab. Not to worry about that part.
The major problem I have seen by now is that IPsec
have problems with NAT, while OpenVPN doesn't (but it
adds to latency - it is not a major concern in the
desired setup).
I would like to briefly
On Fri, Jul 28, 2006 at 06:30:13AM -0700, jeraklo wrote:
--- Joachim Schipper [EMAIL PROTECTED] wrote:
to the VPN box. The only real problem you are going
to run into is if
subnet C overlaps with a network the client is
already connected to,
actually, client connects to a public
On 7/27/06, Louis Bertrand [EMAIL PROTECTED] wrote:
If you do send something in, be polite. We're not a bunch of
raving loonies.
We're not? Damn!
Carlos.
--
nick grah windows just crashed again, unstable crap.
yukito Windows isn't unstable, it's just spontaneous.
Hello,
currently I have a problem with my server that makes ftp-proxy die
unexpectedly. I'm in the process of tracking this down, which is
likely something hardware related AFAIK.
In the mean time, I'd like to keep ftp-proxy running most of the time.
What do you guys use/recommend to watch if a
Hi:
I recently install OpenBSD in a Dell PowerEdge 1400sc, everything
works fine [like always] but I found 2 issues that I cant resolve.
Machine : Dell PowerEdge 1400 sc / 512MB / 34GB scsi disk / Intel 10/100
OS : OpenBSD 3.9
Kernel : GENERIC.MP
1. Even using halt -p the machine dont power
On Fri, Jul 28, 2006 at 07:09:17AM -0700, jeraklo wrote:
The proposed design will definitely be initially
tested in a lab. Not to worry about that part.
The major problem I have seen by now is that IPsec
have problems with NAT, while OpenVPN doesn't (but it
adds to latency - it is not a
Hi:
I recently install OpenBSD in a Dell PowerEdge 1400sc, everything
works fine [like always] but I found 2 issues that I cant resolve.
Machine : Dell PowerEdge 1400 sc / 512MB / 34GB scsi disk / Intel
10/100 OS : OpenBSD 3.9
Kernel : GENERIC.MP
1. Even using halt -p the machine dont
From: Marian Hettwer [mailto:[EMAIL PROTECTED]
OpenBSD is secure in many ways, but if the third party app has a
security flaw and released a bugfix, I'd like to see an
updated package
/ port too.
Otherwise I would need to compile the bugfixed version from source,
which doesn't make sense at
I've written some sort of rebuttal. It is not specific to OpenBSD, though.
http://lxer.com/module/forums/t/23230/
Regards,
Dominik
[demime 1.01d removed an attachment of type application/pgp-signature]
Hi Carlos,
What do you guys use/recommend to watch if a process dies and restart
it?
monit:
http://www.tildeslash.com/monit/
/usr/ports/sysutils/monit/
HTH... Nico
Word is, there is a flaw in IKEv1 that allows for an attacker to create IKE
sessions faster than previous attempts expire. The security research firm
who found the flaw only lists Cisco VPN devices as being vulnerable while
Cisco maintains that the flaw is in the IKE protocol itself.
Research
On 7/28/06, Carlos A. Carnero Delgado [EMAIL PROTECTED] wrote:
In the mean time, I'd like to keep ftp-proxy running most of the time.
What do you guys use/recommend to watch if a process dies and restart
it?
More to the root of the problem, have you turned on verbose debugging
output to see if
--- Joachim Schipper [EMAIL PROTECTED] wrote:
On Fri, Jul 28, 2006 at 07:09:17AM -0700, jeraklo
wrote:
The proposed design will definitely be initially
tested in a lab. Not to worry about that part.
The major problem I have seen by now is that IPsec
have problems with NAT, while
On Thu, Jul 27, 2006 at 10:33:04PM -0700, Paul Maurer wrote:
I am a new user having just installed OpenBSD for the first time. I am
having trouble with my PCMCIA cards. I have 2 cards, both 3COM, and two
PCMCIA slots (TI-PCI1130, see dmesg below).
I am currently having two issues: system
Christopher Snell wrote:
2) One of the downsides to running dhcpd on a pair of CARP boxes is
that there is no syncing of the leases file. So, if we have a /24
that has 240 machines, all using dynamic IPs, and the primary CARP box
fails, dhcpd on the backup box will have no knowledge of those
From: [EMAIL PROTECTED]
You *will* require the 'access network' to pass ESP,
500/UDP (IKE), and
4500/UDP (IPsec NAT-T), of course.
Regarding NAT-T, does it have to be enabled both in
clients and the VPN server ? If yes and if we're
talking about windows clients - does it come
Jason == Jason Dixon [EMAIL PROTECTED] writes:
Jason Everything you need is in the base install. With the recent changes to
Jason ipsecctl and ipsec.conf, there's no need to consider OpenVPN (except
perhaps
Jason on technical merits, which I believe it loses on).
Maybe not on getting it set
On Fri, Jul 28, 2006 at 10:38:49AM -0400, Carlos A. Carnero Delgado wrote:
In the mean time, I'd like to keep ftp-proxy running most of the time.
What do you guys use/recommend to watch if a process dies and restart
it?
I would use daemontools[1] or runit[2]. There's also freedt in ports,
On Jul 28, 2006, at 2:17 PM, Randal L. Schwartz wrote:
Jason == Jason Dixon [EMAIL PROTECTED] writes:
Jason Everything you need is in the base install. With the recent
changes to
Jason ipsecctl and ipsec.conf, there's no need to consider
OpenVPN (except perhaps
Jason on technical
Stuart Henderson wrote:
On 2006/07/28 06:30, jeraklo wrote:
sorry. got to go with the stable branch (3.9).
disadvantages:-
openvpn is more complicated to install on OpenBSD than ipsec
lots of security fixes
Not on the client side, I think you'll find OpenVPN much easier to
configure as
Bryan Irvine wrote:
I can't wait to see what goodies you've been holding back for the
4.0release. ;)
Hold back?
Congrats on the momentum, and thanks for the good work.
Thanks. :)
--
[100~Plax]sb16i0A2172656B63616820636420726568746F6E61207473754A[dZ1!=b]salax
On 2006/07/28 15:57, Steven Surdock wrote:
openvpn is more complicated to install on OpenBSD than ipsec
Not on the client side, I think you'll find OpenVPN much easier to
configure as well. OpenVPN is trivially easy to install using the
packages on OBSD.
I do use both so I realise that
On Fri, Jul 28, 2006 at 09:29:59AM -0700, jeraklo wrote:
Regarding NAT-T, does it have to be enabled both in
clients and the VPN server ? If yes and if we're
talking about windows clients - does it come bundled
with some external IPsec client or does it have to be
enabled in the windows
Hello,
I have a pair of OpenBSD 3.9 firewalls (using pf and carp) attached
to a network with a Windows server cluster on it. The Windows cluster
moves a shared IP address between nodes using the MAC address of the
actual cluster node, not a common virtual MAC address like pf uses.
When
On 2006-07-28 15:35:05, Mark Zimmerman wrote:
On Thu, Jul 27, 2006 at 10:33:04PM -0700, Paul Maurer wrote:
I am a new user having just installed OpenBSD for the first time. I
am
having trouble with my PCMCIA cards. I have 2 cards, both 3COM, and
two
PCMCIA slots (TI-PCI1130, see dmesg
On Fri, Jul 28, 2006 at 03:57:02PM -0400, Steven Surdock wrote:
Stuart Henderson wrote:
On 2006/07/28 06:30, jeraklo wrote:
sorry. got to go with the stable branch (3.9).
disadvantages:-
openvpn is more complicated to install on OpenBSD than ipsec
lots of security fixes
Not on
On Fri, Jul 28, 2006 at 09:32:09AM -0700, Spruell, Darren-Perot wrote:
Word is, there is a flaw in IKEv1 that allows for an attacker to create IKE
sessions faster than previous attempts expire. The security research firm
who found the flaw only lists Cisco VPN devices as being vulnerable while
I have written a perl script that parses the output from bioctl and
returns it in a format that Nagios can use.
check_bioctl is avaliable here:
http://openbsd.somedomain.net/nagios/check_bioctl-1.3.tar.gz
It is useful to me, and so I thought it might be useful to someone else.
I wrote this
andrew fresh wrote:
I have written a perl script that parses the output from bioctl and
returns it in a format that Nagios can use.
Sweet :-)
check_bioctl is avaliable here:
http://openbsd.somedomain.net/nagios/check_bioctl-1.3.tar.gz
It is useful to me, and so I thought it might be
andrew fresh wrote:
I have written a perl script that parses the output from bioctl and
returns it in a format that Nagios can use.
Sweet :-)
check_bioctl is avaliable here:
http://openbsd.somedomain.net/nagios/check_bioctl-1.3.tar.gz
It is useful to me, and so I thought it might be
Hi
I have some problem on the ipsecadm setting as i ping from 172.16.22.2
to 10.150.17.2 i cant get reply from 10.150.17.2 but i can get replay as
i tcpdump on the WAN interface at 1.1.1.1 and 2.2.2.2 but untill 2.2.2.2
interface it ihas the replay but without the encap. It means when the
packet
51 matches
Mail list logo