Hey all,
I've been trying to see if it's possible to setup SSH based vpn's
using user accounts on the remote end. While I don't think it says
anywhere explicitly that it's _not_ possible, I haven't found any
references so far of people doing it successfully ;-)
I've gone over the mailing list
Hey all,
I've got a CARP rig running as a firewall pair, and I use preemption
to make sure only one host is master of all links at any given time.
However just now I saw a situation where a single carp interface had
gone to BACKUP and passed across to the other host, while all other
carp
Hi all,
I've been wondering how to deal with this particular issue for quite
some time now, and I can't find any references to the right way(TM)
to handle it.
I always prefer to run automated tasks as limited privilege users on
my OpenBSD hosts - such as tasks that pull files across from other
Henning Brauer wrote:
* Ronnie Garcia [EMAIL PROTECTED] [2007-06-06 13:04]:
Henning Brauer a icrit :
* nate [EMAIL PROTECTED] [2007-06-05 21:44]:
I built 3 OpenBSD 3.6(?) servers in mid 2005 with these cards, and
was able to get a peak throughput of about 520Mbps in bridged mode
(pf
Matt Rowley wrote:
best simulation is recording your real-world traffic using tcpdump and
then use tcpreplay. but that is tricky too.
Henning has something in saying that most of the tools aren't great,
in the end all benchmarks are artificial in some measure. Replaying
traffic is equally
Henning Brauer wrote:
* Dave Harrison [EMAIL PROTECTED] [2007-05-21 08:26]:
Henning Brauer wrote:
* Uv Pzaf [EMAIL PROTECTED] [2007-05-20 23:12]:
I wonder why OpenBSD packages (i.e. openldap-server-2.3.24.tgz) still
uses ldbm as database backend especially since the OpenLDAP folks
Henning Brauer wrote:
* Uv Pzaf [EMAIL PROTECTED] [2007-05-20 23:12]:
I wonder why OpenBSD packages (i.e. openldap-server-2.3.24.tgz) still
uses ldbm as database backend especially since the OpenLDAP folks are
stating that this is no good any more:
Stefan Beke wrote:
Hello Nico,
thanks for quick reply.
Does dovecot actually run under this login class?
I did modify login.conf
# cap_mkdb /etc/login.conf
than kill -HUP _dovecot_PID
I hope that's enough to run it under dovecot class. How do I find out?
If you perform a `ps aux` you
Stefan Beke wrote:
If you perform a `ps aux` you will see what user dovecot is running as,
that's the user whose class you want to check.
[EMAIL PROTECTED] ~ $sudo ps waxu | grep dovecot
root 26251 0.0 0.2 620 912 ?? Ss15Jan07
0:55.12/usr/local/sbin/dovecot
_dovecot 13219
Hey guys,
I've looked at the web front end for the cvs tree and looking in
ports/lang/python/ with the filter of OPENBSD_4_0 and 2.5 seems to be in there.
http://www.openbsd.org/cgi-bin/cvsweb/ports/lang/python/?only_with_tag=OPENBSD_4_0
But when I do a `cvs checkout -rOPENBSD_4_0 ports`
I
Hi all,
I'm looking at the set optimization policies for PF, and while it's clear that
there are varying levels of aggression towards expiring state entries, I can't
find exact numbers of what those levels represent.
I assume they're based on a time and/or traffic metric ??
My current policy is
Hi all,
I'm searching high and low for some documentation on setting up a PPPoA link
(yes, it's for the UK and it's definitely PPPoA _not_ PPPoE) under OpenBSD and
drawing a blank. The FAQ says that it seems to be possible, but the ppp man
page doesn't seem to have any references, and all my
Stuart Henderson wrote:
On 2006/04/09 17:43, Dave Harrison wrote:
I'm searching high and low for some documentation on setting up a PPPoA link
(yes, it's for the UK and it's definitely PPPoA _not_ PPPoE) under OpenBSD
in-tree: ueagle(4)
otherwise: iirc there are some USB Speedtouch drivers
Hi all,
I've got a machine sitting behind a NAT box, and another machine with a public
IP.
X.X.X.X -- NAT Y.Y.Y.Y === Z.Z.Z.Z
I want to establish a nat-t IPsec vpn between X.X.X.X and Z.Z.Z.Z
But I'm having a problem where X.X.X.X tries to contact Z.Z.Z.Z on port 500 and
never goes over
Hi all,
I've been trying to get interface groups going on a machine and have met with a
possibly interesting problem.
I have declared an interface to be part of a group, and that group shows up
correctly if I `ifconfig foogroup` or `pfctl -s Interfaces`
I have a setup where I have one VPN come
Hi all,
I'm updating my PF rules to include an anchor for my manual routing rules (using
route-to) which can then be updated by ifstated when it notices that one of my
links has fallen over.
As the documentation says, macros are not visible in anchors. Which means that
my (growing and rather
Hi all,
Here's my problem, I have a remote machine that has two links, one is
high bandwidth but has bad latency, the other has low bandwidth but good
latency.
I need two VPN tunnels running between these machines, but one over each
link as below. The reasons why are due to the traffic I need
Stuart Henderson wrote:
--On 14 October 2005 08:32 +1000, Dave Harrison wrote:
Here's my problem, I have a remote machine that has two links, one is
high bandwidth but has bad latency, the other has low bandwidth but
good latency.
pf.conf(5), look at 'route-to' and 'reply-to'. Use PF
Hi all,
I have two links, a rather costly one, and a cheap high bandwidth one.
I prefer to use the cheap one whenever possible, but if it goes down I
want to fail over onto the expensive one.
This rule (from the PF FAQ) will let me round-robin my outgoing
connections :
pass in on $int_if
Hi all,
I've been googling around for a couple of days now, and there is little
consensus on how to solve the 'sftp no shell access' problem. I've
found references to people that are using patched versions of OpenSSH (a
solution I think begs for problems to occur) to facilitate chroot-ing
users
Hi,
I'm interested to know if anyone has a better solution (or has a
solution to my existing question) for the following situation.
I have a remote login box that also functions as a local login box.
Users connect to the machine over the local network to run X apps, they
can also connect to it
Hi all,
I've been looking through all the upgrade notes etc and I can't see that
any major changes have occurred in the ppp daemon, nor the pppoe
translator that would cause me problems. However since I upgraded to
3.7 (from 3.4) I've been unable to connect to my ADSL providor.
My ppp.conf
Hi all,
I've been looking through all the upgrade notes etc and I can't see that
any major changes have occurred in the ppp daemon, nor the pppoe
translator that would cause me problems. However since I upgraded to
3.7 (from 3.4) I've been unable to connect to my ADSL providor.
My ppp.conf is
I just upgraded my firewall to 3.7, but I've found my VPN is now not
working. I keep seeing NAT detected messages, but both machines have
real IPs so it doesn't make sense. The client machine is a 3.6 install,
and the server machine was a 3.4 machine which I used the media CD to
upgrade. I've
Stephen Marley wrote:
On Sun, Jun 19, 2005 at 01:34:06PM +1000, Dave Harrison wrote:
I just upgraded my firewall to 3.7, but I've found my VPN is now not
working. I keep seeing NAT detected messages, but both machines have
real IPs so it doesn't make sense. The client machine is a 3.6
25 matches
Mail list logo