Hi all
i have two Openbsd box Running Like Below one As Firewall and Another one As
VMM
With two VLAN's
OPENBSD_FIREWALL
IoT_AP (VLAN10) . -VLAN10
|--OpenWRT-em0---| ---pf --em1--Internet
I’m setting up on 6.9-release a (for now) IPv4-only firewall with multiple
public addresses and multiple subnets behind it, and have a couple of questions
related to connections originating from the firewall itself to which I haven’t
found definitive answers.
When not overridden (for example,
On Sun, 30 May 2021 19:55:42 +0200, Theo Buehler
wrote:
> On Sun, May 30, 2021 at 01:43:54PM -0400, Daniel Jakots wrote:
> > On Sun, 30 May 2021 17:45:22 +0200, Theo Buehler
> > wrote:
> >
> > > Unsure. If people really think this is useful and necessary, I
> > > can be convinced. It's easy
On Sun, May 30, 2021 at 01:43:54PM -0400, Daniel Jakots wrote:
> On Sun, 30 May 2021 17:45:22 +0200, Theo Buehler
> wrote:
>
> > Unsure. If people really think this is useful and necessary, I can be
> > convinced. It's easy enough to do. And you're right, curl strips the
> > trailing dot after
On Sun, 30 May 2021 17:45:22 +0200, Theo Buehler
wrote:
> Unsure. If people really think this is useful and necessary, I can be
> convinced. It's easy enough to do. And you're right, curl strips the
> trailing dot after resolving a host name for SNI and HTTP host header.
Given the current error
I should mention, as I did in a thread months ago, there are extensive
example configurations available in '/etc/examples'. Yours would be
'/etc/examples/relayd.conf', which illustrates several typical use
cases.
Also, in future you might want to post the entirety of your
configuration files.
Jean-Pierre de Villiers writes:
> Apologies yes, my error. I forgot I divert traffic using pf to my
> relayd listener.
Ok, I will look into this too.
> I've never seen/used a wildcard listen address in relayd before but I'm
> guessing that, in your case, a listener is created for each ip on
On Sun, May 30, 2021 at 02:31:55PM -, Stuart Henderson wrote:
> On 2021-05-30, Theo Buehler wrote:
> > On Sat, May 29, 2021 at 10:37:18PM -0400, Daniel Jakots wrote:
> >> Hi,
> >>
> >> $ nc -zvc openbsd.org 443 # works as expected
> >> Connection to openbsd.org (129.128.5.194) 443 port
On 2021-05-30, Theo Buehler wrote:
> On Sat, May 29, 2021 at 10:37:18PM -0400, Daniel Jakots wrote:
>> Hi,
>>
>> $ nc -zvc openbsd.org 443 # works as expected
>> Connection to openbsd.org (129.128.5.194) 443 port [tcp/https] succeeded!
>> TLS handshake negotiated TLSv1.3/AEAD-AES256-GCM-SHA384
On Fri, May 28, 2021 at 11:56:54AM +, Leclerc, Sebastien wrote:
> >It looks like 'keep state (if-bound)' iked.conf(5) is not present or being
> >respected on the return traffic to the VPN device/firewall from your
> >internal network. ICMP traffic is coming into the VPN device >encrypted,
On 5/29/21 11:18 PM, Allan Streib wrote:
Heinrich Rebehn writes:
I noticed that OpenBSD 6.8 switched to using less(1) for the
manager. While this seems to offer many new useful options, I really
dislike the clrscreen upon exit.
Have a look at -X argument to less(1):
-X | --no-init
> "sloppy" seems to fix the issue. I will do more tests this week before
> declaring
> victory :)
>
> Thank you Chris.
>
Get somme ;)
Regards
Patrick
On Sat, May 29, 2021 at 10:37:18PM -0400, Daniel Jakots wrote:
> Hi,
>
> $ nc -zvc openbsd.org 443 # works as expected
> Connection to openbsd.org (129.128.5.194) 443 port [tcp/https] succeeded!
> TLS handshake negotiated TLSv1.3/AEAD-AES256-GCM-SHA384 with host openbsd.org
> [...]
>
> $ nc -zvc
Le Fri, May 28, 2021 at 03:30:58PM -0700, Chris Cappuccio a écrit :
> You might try "set state-defaults pflow, sloppy", also in some scenarios you
> might need "set state-policy floating"
>
> If "sloppy" fixes it, there may be some bugs to hunt.
>
"sloppy" seems to fix the issue. I will do more
> On 29. May 2021, at 23:08, Leon Fischer wrote:
>
>> From: Heinrich Rebehn
>> Date: Sat, 29 May 2021 21:37:40 +0200
>>
>> Hi all,
>>
>> I noticed that OpenBSD 6.8 switched to using less(1) for the manager. While
>> this seems to offer many new useful options, I really dislike the
15 matches
Mail list logo
