ient) &
authentication (option 90, https://www.ietf.org/rfc/rfc3118.txt). I
didn't found those options.
I haven't tested wide-dhcpv6, didn't know about it, i will test it.
--
Best regards,
Loïc BLOT,
UNIX systems, security and network engineer
http://www.unix-experience.fr
Le samedi 28 novembre 2015
Hi Franck,
Thanks it works perfect with your feedback :) I can now remove isc-
dhcp-client and use the native dhclient !
Now i need to have a good Ipv6 native option (or pkg option) if there
is something which works as good as dibbler
--
Best regards,
Loïc BLOT,
UNIX systems, security
you add a little portability patch to fix some paths
/var/lib => /var/db . Is this possible to import dibbler in ports tree
for next OpenBSD release, or if you get some time to have a DHCPv6/PD
OpenBSD tool (with custom options :D) ?
Thanks for reading
--
Best regards,
Loïc BLOT,
UNIX system
Hello,
in the first example you don't specify proto tcp.
Regards,
Loïc Blot,
UNIX Systems, Network and Security Engineer
http://www.unix-experience.fr
27 février 2015 09:50 Harald Dunkel harald.dun...@aixigo.de a écrit:
Hi folks,
/etc/services provides protocol information as well, so I
Hi Raimundo,
please use max directive:
queue root on alc0 bandwidth 600M, max 500M
--
Best regards,
Loïc BLOT, Engineering
UNIX Systems, Security and Network Engineer
http://www.unix-experience.fr
Le mardi 12 août 2014 à 02:11 -0300, Raimundo Santos a écrit :
Hello misc!
I am
Hi Henning,
you are true, i found the problem 1 week ago, a hidden interface in my
3000 rules' pf.conf :)
--
Best regards,
Loïc BLOT, Engineering
UNIX Systems, Security and Network Engineer
http://www.unix-experience.fr
Le samedi 02 août 2014 à 12:17 +0200, Henning Brauer a écrit :
* Loïc
===
--
Best regards,
Loïc BLOT, Engineering
UNIX Systems, Security and Network Engineer
http://www.unix-experience.fr
Le lundi 28 juillet 2014 à 13:50 +0200, Peus, Christoph a écrit :
Hi all,
is there a standard or recommended way to keep the pf.conf on the CARP cluster
,
Loïc BLOT, Engineering
UNIX Systems, Security and Network Engineer
http://www.unix-experience.fr
Le jeudi 24 juillet 2014 à 17:44 +0200, Loïc Blot a écrit :
Hi David,
in fact no, now the ruleset is empty and everything is allowed, erf.
Now i have no choice, i need to reboot this critical
Erf...
i found the error.
An admin has configured a queue on a inexisting interface...
Maybe the pfctl tell us the interface doesn't exists ?
Sorry for the inconvenience
--
Best regards,
Loïc BLOT, Engineering
UNIX Systems, Security and Network Engineer
http://www.unix-experience.fr
Le
) swap on sd0b dump on sd0b
--
Best regards,
Loïc BLOT, Engineering
UNIX Systems, Security and Network Engineer
http://www.unix-experience.fr
Le mercredi 23 juillet 2014 à 22:36 -0700, Eric Lalonde a écrit :
I cannot give you the dmesg output of the machine because the uptime
(dmesg
Hi David,
in fact no, now the ruleset is empty and everything is allowed, erf.
Now i have no choice, i need to reboot this critical router :(.
I think there is a bug somewhere, i'll try to found why this is
happening before rebooting (maybe a patch if i can)
--
Best regards,
Loïc BLOT
messages :p), i cannot reboot it at
this time, it's a BGP router and the redundancy is in maintenance.
Please also note i modified rules 2 hours ago and i wasn't affected by
this issue.
have you got an idea ?
Thanks in advance
--
Best regards,
Loïc BLOT, Engineering
UNIX Systems, Security
Thanks for the precisions :).
And no problem i you laugh because of me :p
--
Best regards,
Loïc BLOT,
UNIX systems, security and network engineer
http://www.unix-experience.fr
Le mardi 08 juillet 2014 à 11:03 +0200, Henning Brauer a écrit :
* InterNetX - Robert Garrett
It's a very interesting diff.
If i have time i'll test it on -CURRENT on the two next weeks.
--
Best regards,
Loïc BLOT, Engineering
UNIX Systems, Security and Network Engineer
http://www.unix-experience.fr
Le jeudi 03 juillet 2014 à 11:35 -0500, patric conant a écrit :
This seems relevant
Hello,
i experienced some issues on Dell R210 boot when i use CD.
Use an external CD player i think this will resolve the problem (i got
problems with openbsd and freebsd after the bootloader too, and it's a
CD player problem).
--
Best regards,
Loïc BLOT, Engineering
UNIX Systems, Security
encap). PF is also scrubing the GRE packets (no-df
scrubing and frags are allowed)
What can i check to improve the GRE performance ?
Thanks in advance.
--
Best regards,
Loïc BLOT, Engineering
UNIX Systems, Security and Network Engineer
http://www.unix-experience.fr
Hello,
you are right, you need the both rules.
--
Best regards,
Loïc BLOT,
UNIX systems, security and network engineer
http://www.unix-experience.fr
Le mardi 18 mars 2014 à 15:19 -0300, Friedrich Locke a écrit :
Hi folks,
i am studying pf and a doubt arose!
Since my state policy if
, because inet6 was strange !
pfctl -t __automatic_d309aaac_1 -T show
2001:660:3bbb:::2
fe80::92b1:1cad:fe18:ea18
To resolve this problem i added inet keyword to my rule.
Is this normal ? Maybe a fix was required on pf parser?
Have a nice day
--
Best regards,
Loïc BLOT, Engineering
Thanks all, i will be careful in the future, and i don't forget to
precise inet keyword :)
--
Best regards,
Loïc BLOT, Engineering
UNIX Systems, Security and Network Engineer
http://www.unix-experience.fr
Le vendredi 28 février 2014 à 11:54 +0100, Mike Belopuhov a écrit :
On 28 February 2014
the bug ?
Thanks in advance.
--
Best regards,
Loïc BLOT, Engineering
UNIX Systems, Security and Network Engineer
http://www.unix-experience.fr
Hi all,
congrats to OpenBSD team, it seems the BCM5720 on Dell R320 is working
fine since the many recent changes on bge driver !
A testing R320 is running since 8 hours at 560MB up + 560MB down with
LACP trunks (on 5.3 LACP trunks with BCM freeze the server, and without,
freeze are there but
Hi,
i'm trying to replace and remove my ADSL box with a Alix 2d13 runs very
well on it and with athn, congrats !)
I would test to plug RJ11 cable (from my ADSL line, behind the ADSL
filter) to the RJ45 plug but it seems this doesn't work (no carrier).
Is this possible ? If yes, how can i do it ?
Hi,
thanks for you replies, i'll try a ADSL 2+ bridge modem later.
Sorry noah but i'm not familiar with DSL techs, i prefer LAN tech it's
simpler. I thought modern RJ45 network cards can understand the
RJ11/ADSL protocol but this is wrong.
Good evening !
--
Best regards,
Loïc BLOT,
UNIX systems,
Hello @misc
since 1 week i have a strange issue on one of my dual stack routers. The
router doesn't answer on icmp6 on one of its interfaces. (but on all
others, i works very well)
tcpdump -nni vlan851
00:08:07.204986 2001:660::ff::2:1 2001:660::ff::2:2: icmp6:
neighbor sol: who has
Hem bad copy paste, here is the end of previous message:
pcidump:
Domain /dev/pci0:
0:0:0: Intel E5 Host
0:1:0: Intel E5 PCIE
0:3:0: Intel E5 PCIE
0:5:0: Intel E5 Address Map
0:5:2: Intel E5 Error Reporting
0:17:0: Intel C600 Virtual PCIE
0:22:0: Intel C600 MEI
0:22:1: Intel C600 MEI
Hi,
I use PF on some OpenBSD BGP+OSPF routers on Renater (IPv4 + IPv6), it
works like a charm.
Why this question ?
pf rule are simple:
pass in quick proto tcp from $bgp_neighbor_1 to $self_peering_1 port 179
pass out quick proto tcp from $self_peering_1 to $bgp_neighbor_1 port
179
--
Best
Hi Antoine.
I also have a hang problem when i use a cold stop on libvirt. No problem
on VMWare ESX when i click on the shutdown button.
On libvirt, when i click on this button the VM hang and then i need to
kill the VM.
(Archlinux kernel 3.11, but the problem was also present before. OpenBSD
5.3
Hello Stefan,
at home, i blocked facebook by creating an empty DNS zone facebook.com
on my local bind server. It works like a charm.
--
Best regards,
Loïc BLOT,
UNIX systems, security and network engineer
http://www.unix-experience.fr
Le samedi 19 octobre 2013 Ã 00:27 +0200, Stefan Wollny a
I have no problem on multiple couples of R320, except the BCM5720 which
cause my OpenBSD to freeze. Waiting for 5.4 improvements :)
--
Best regards,
Loïc BLOT,
UNIX systems, security and network engineer
http://www.unix-experience.fr
Le jeudi 10 octobre 2013 Ã 20:54 -0700, Chris Cappuccio a
Hello.
Stuart i have 8 OpenBSD routers with em(4) and OpenBSD 5.2 (MSI
enabled). It seems some of our SMTP(s) connections (with attachments)
are unstable but it's very very random (~1/500). Other protocols are
more stable but a little slower due to errors.
Here are my stats on Intel i350 servers
Hello,
today i was configuring pfsync on a dual routers (BGP on WAN and CARP on
LAN). Before i run in a stateless mode and it works like a charm.
Now with pfsync state are synchronized but late, then client must launch
2 or 3 TCP connections and when it works it's very slow.
I also have tried
Hmmm
I solved it by removing 'in' from pass in quick ...
But my PF are configured with the first default rule: pass out all and
there isn't any block out rule... Is this a normal situation ?
On another router (which also do NAT), i use only pass in and pass out
for NAT, and all PF is stateful.
Is
Hmm, to precise the last message
after the the: pass out all
There is only:
block return out log quick on { $interco_polytech_v4 $interco_hec_v4 }
inet from nonwanv4
block return out log quick on { $interco_polytech_v6 $interco_hec_v6 }
inet6 from nonwanv6
and no other out related rule.
nonwanv4
Hello Stuart,
thanks for your precisions.
I have tried to download a big matlab.deb on our repositories and it
works like a charm (3GB file). By removing 'in' i also notice a little
more reactivity on the network and the latency.
Now i'll wait tomorrow when my 500 users goes to work to see if
Thanks for your replies :)
--
Best regards,
Loïc BLOT,
UNIX systems, security and network engineer
http://www.unix-experience.fr
Le vendredi 04 octobre 2013 à 22:27 -0700, Sean Kamath a écrit :
On Oct 4, 2013, at 3:11 PM, Comète com...@daknet.org wrote:
Yes, we use a lot of ALIX 2D13 as
Hello,
I also looked at ALIX board since a long time.
Is there anybody using Alix 2d13 with OpenBSD ?
Thanks in advance.
--
Best regards,
Loïc BLOT,
UNIX systems, security and network engineer
http://www.unix-experience.fr
Le vendredi 04 octobre 2013 à 15:05 +0200, Jan Stary a écrit :
On
:24.019083 192.168.106.38.411 192.168.238.121.56641: FP
2921:4273(1352) ack 74 win 46 (DF)
10:08:24.034793 192.168.238.121.56641 192.168.106.38.411: . ack 1 win
365 (DF)
A part of the TCP transaction disappear and i don't know why.
Have you got ideas ???
--
Best regards,
Loïc BLOT,
UNIX systems
-nodes 8, table-entries 60 }
match in scrub (no-df)
block in log all
pass out all
...
pass in quick inet from toip_area_v4 to toip_area_v4 scrub (no-df)
no state
Is something wrong ?
--
Best regards,
Loïc BLOT,
UNIX systems, security and network expert
http://www.unix-experience.fr
Hmm, this problem has similar issues like i got on bge (BCM5720) with
OpenBSD 5.3. I hope the many bge fixes on 5.4 -current will fix it.
--
Best regards,
Loïc BLOT,
UNIX systems, security and network expert
http://www.unix-experience.fr
Le lundi 02 septembre 2013 Ã 07:59 -0400, Kenneth R
Hello Andy,
here is on of my working configuration (OpenBSD 5.2)
inet 194.199.X.28 255.255.255.240 NONE
inet6 2001:660:abcd:1234::1:1 64
description CARP server
carpdev vlan603 vhid 62 advskew 1 carppeer 194.199.X.29 pass x
--
Best regards,
Loïc BLOT, Engineering
UNIX Systems, Security
Hello,
it's 5.3 related in fact :). In 5.2 i havent any problem at this time, i
have 10 OpenBSD on Dell R320 with em cards. Maybe 5.4 will fix our
problems.
--
Best regards,
Loïc BLOT,
UNIX systems, security and network expert
http://www.unix-experience.fr
Le mardi 27 août 2013 à 18:06
Hello,
this evening i was writing pxe automated install modifications on
install.sh and install.sub when i found a bug in installer, when the
console speed is asked.
Original (5.3):
if [[ -n $CDEV ]]; then
_d=${CPROM:-$CDEV}
ask_yn Change the default console to
Hmm you are right, i think i'm tired :)
--
Best regards,
Loïc BLOT,
UNIX systems, security and network expert
http://www.unix-experience.fr
Le samedi 24 août 2013 à 23:03 +, Christian Weisgerber a écrit :
Loïc BLOT loic.b...@unix-experience.fr wrote:
if [[ $resp ==
In fact i'm not tired, it's logical :)
Here is my patched question:
ask_which speed should $_d use \
9600 19200 38400 57600 115200 $CSPEED $pxe_console_speed
Show:
[auto] instead if [9600] (auto is value of pxe_console_speed).
If i do a echo speed: $CSPEED before ask_which, CSPEED is empty
Hello Tito,
thanks to give me another time the FAQ, you think i have never read.
This boot process is okay for me but the problem is NOT the PXE boot
process. The problem is to automate the installation.
My OpenBSD pxeboot is chained after a pxelinux which already deserve
automated installed
TXT record ?) but it's not really automated because it doesn't resolve
the networking connection problem.
--
Best regards,
Loïc BLOT, Engineering
UNIX Systems, Security and Networks
http://www.unix-experience.fr
Le mardi 13 août 2013 à 13:09 +0200, Marian Hettwer a écrit :
Hi loic,
Sorry
Hello Don,
I haven't any problem with iPXE (used on my libvirt/KVM hypervisor).
Yesterday i have booted on a pxelinux which chainload a OpenBSD
pxeboot.0 (because i have made a menu for tests to choose automated
debian install or OpenBSD.
I will look at Nick's word tonight, but i think it's one
Hello James,
you are right users may have choice.
I'm working to build a distrib for pxebooting (pxeboot + bsd.rd
generation). After i will try to implement those patches, which are very
interesting for OpenBSD
http://nbender.com/install.netboot/netboot.diff
I only think we musnt't download a
Hello @misc.
Today i'm working on automated deploy with PXE. I have successful found
and made automated PXE install on Debian with pxelinux.
I know OpenBSD have a pxe boot image to netinstall the system
http://www.cyberciti.biz/faq/openbsd-boot-install-using-pxe-preboot-execution
-environment/
Hello,
thanks for your reply Johan, but this is not why i want. site.tgz
contain a set of preconfigured files to deploy with other sets to deploy
similar machines.
My need is to install a clean OpenBSD with an automated mean:
The server boot in PXE and install OpenBSD, configure network,
Sorry if i misunderstood the goal of install.site.
I look at this, more clearly, to see if it's the solution i search.
--
Best regards,
Loïc BLOT,
UNIX systems, security and network expert
http://www.unix-experience.fr
Le lundi 12 août 2013 à 13:07 -0700, Johan Beisser a écrit :
Please read
It's exactly that. Kickstart for Redhat and Preseed.cfg for Debian
--
Best regards,
Loïc BLOT,
UNIX systems, security and network expert
http://www.unix-experience.fr
Le lundi 12 août 2013 à 22:20 +0200, Francois Pussault a écrit :
like kickstart for devil redhat ?
Thanks for the precision James, you confirmed what i have understood.
I will search tomorrow.
--
Best regards,
Loïc BLOT,
UNIX systems, security and network expert
http://www.unix-experience.fr
Le lundi 12 août 2013 à 12:23 -0700, James A. Peltier a écrit :
- Original Message -
|
I approve Wesley,
if you use OpenBSD 5.3 you should use npppd it's simpler than poptop and
have nearly the same functionalities
--
Best regards,
Loïc BLOT,
UNIX systems, security and network expert
http://www.unix-experience.fr
Le lundi 05 août 2013 à 08:46 +0400, Wesley MOUEDINE ASSABY a
Hello,
I think it's route get -inet6 route
Like when you do route add -inet6 default route
--
Best regards,
Loïc BLOT,
UNIX systems, security and network expert
http://www.unix-experience.fr
Le mercredi 31 juillet 2013 à 10:19 +0600, ÐлÑÑ Ð¨Ð¸Ð¿Ð¸Ñин a écrit
:
Hello!
# ping6
Hello all,
thanks for this interesting debate about pf syncing.
To remember my initial question:
pfsync seems to sync states but not correctly on my BGP+OSPF routers.
Because each BGP router is master/standby to 2 neighbors (full meshed
bgp) packets which are outgoing by one router can income by
Hi,
Thanks for your reply. I wasn't careful about this section.
If i understand i must add defer option to my WAN iface (or i'm wrong i
must add it to my vlan995 iface ?) ?
I will test it this morning, and i return back to misc :)
--
Best regards,
Loïc BLOT,
UNIX systems, security and network
Okay, defer is now enabled on pfsync interface (sorry for my last idea,
i haven't the man on me :) ).
It seems the problem isn't resolved.
The transfer starts but blocked at random time.
--
Best regards,
Loïc BLOT, Engineering
UNIX Systems, Security and Networks
http://www.unix-experience.fr
--
Best regards,
Loïc BLOT, Engineering
UNIX Systems, Security and Networks
http://www.unix-experience.fr
Le mercredi 03 juillet 2013 à 12:47 +0200, mxb a écrit :
How does your CARP setup looks like. On both machines?
Can you send your ifconfig output?
What is your environment/setup for this 2
It's not possible to sync pf table without CARP ?
I must use it in some case, then those case will be fixed but the other
(OSPFd routing) may fail i think ?
--
Best regards,
Loïc BLOT, Engineering
UNIX Systems, Security and Networks
http://www.unix-experience.fr
Le mercredi 03 juillet 2013
For me pf table is (sorry for the missing precisions) the pf state
stable for stateful operations
--
Best regards,
Loïc BLOT, Engineering
UNIX Systems, Security and Networks
http://www.unix-experience.fr
Le mercredi 03 juillet 2013 à 08:22 -0500, Mark Felder a écrit :
On Wed, 03 Jul 2013 07
in this configuration, no ?
--
Best regards,
Loïc BLOT, Engineering
UNIX Systems, Security and Networks
http://www.unix-experience.fr
Le mercredi 03 juillet 2013 à 09:36 -0500, Mark Felder a écrit :
On Wed, 03 Jul 2013 09:24:54 -0500, Loïc Blot
loic.b...@unix-experience.fr wrote:
For me pf
The connection is not done by my routers themselves but by DMZ servers
behind them !
--
Best regards,
Loïc BLOT, Engineering
UNIX Systems, Security and Networks
http://www.unix-experience.fr
Le mercredi 03 juillet 2013 à 17:32 +0200, mxb a écrit :
States ARE synced.
IPs are not the same
Hi all
I have a strange issue (or i haven't read pfsync correctly but i don't
think this is the problem :D)
I'm using 2 OpenBSD as BGP+OSPF routers at the border of one site.
Those BGP routers are secure with strong PF in stateful mode, and the
stateful is working very well on each router.
Hello mike
You are blocking trafic after matching nat rule.
Because you don't use quick keyword, your PF match the first rule, and
next the second and next the third and to do third.
In your firewall configuration you block nothing and you nat nothing.
Better way is to write this:
set skip on
dir
wsmouse1 at ums1 mux 0
uhub4 at uhub1 port 1 Intel Rate Matching Hub rev 2.00/0.00 addr 2
vscsi0 at root
scsibus2 at vscsi0: 256 targets
softraid0 at root
scsibus3 at softraid0: 256 targets
--
Best regards,
Loïc BLOT, Engineering
UNIX Systems, Security and Networks
http://www.unix
:
kern.nfiles=4701.
Thanks for advance. If you need more details please tell me.
--
Best regards,
Loïc BLOT,
UNIX systems, security and network expert
http://www.unix-experience.fr
i think:
Pass in on enc0 proto ipv6-icmp
Loic Blot
Le 7 juin 2013 à 19:29, Christopher Zimmermann madro...@gmerlin.de a écrit :
Hi,
simple problem: how do I allow this package to pass?
18:59:44.768197 rule 0/(match) [uid 0, pid 1051] block in on enc0:
172.26.153.7 172.26.153.1:
Hi
Sorry for the double, but i have forgotten the kroute.c in my diff, then
i cannot work :)
Have a nice day
--- old/usr.sbin/ospfd/kroute.c 2011-11-15 05:17:46.0 +0100
+++ OpenBSD/usr.sbin/ospfd/kroute.c 2013-05-31 22:37:59.434032287 +0200
@@ -1,6 +1,7 @@
-/* $OpenBSD:
Hello rob,
i'm using squid since 3.1 on OpenBSD 5.2 with compiled sources (squid
3.2.5-9 and 3.3.4 at this time). I don't use an IP but the http_port
3129 as my configuration suggests:
http_port 3128
http_port 3129 intercept
And i have those rule in my PF
pass in quick proto tcp to { 10.X.1.1
Hello Rob,
mine is a forward proxy, it's used by my clients to go to all websites
(except blacklisted by squidguard).
--
Best regards,
Loïc BLOT,
UNIX systems, security and network expert
http://www.unix-experience.fr
Le dimanche 02 juin 2013 à 12:33 -0700, Rob Sheldon a écrit :
On
;
=
Have a nice day !
--
Best regards,
Loïc BLOT,
UNIX systems, security and network expert
http://www.unix-experience.fr
Le mercredi 01 mai 2013 à 23:45 +0200, Loïc BLOT a écrit :
My border routers obtain a default route in fact, and OSPF must
redistribute this route to LAN Routers. Here
:11 AM, Loïc Blot loic.b...@unix-experience.fr wrote:
Hello misc.
On thursay i have upgraded one of our BGP border routers to OpenBSD 5.3,
and i was pleased to get the BCM5720 working. I have added it to
existing LACP trunk for LAN (2 LACP, 2 ports on WAN 4 on LAN now
connected on another switch (before i thought it's a cisco 2960
communication problem, but it seem not, i'm on a dell powerconnect
6224).
Why break doesn't have effect on com1 ?
--
Best regards,
Loïc BLOT, Engineering
UNIX Systems, Security and Networks
http://www.unix-experience.fr
Le lundi 06 mai
BLOT, Engineering
UNIX Systems, Security and Networks
http://www.unix-experience.fr
Le mercredi 22 mai 2013 à 11:03 +0200, Loïc Blot a écrit :
Ok, i have another new to this problem.
I have unplugged the external BCM5720 card, and now there is only the
motherboard BCM5720 + the Intel Pro 1000
. For now i have
em0-1 and bge0,2-3 in trunks
(http://www.hostingpics.net/viewer.php?id=705980photo.jpg )
At this time system works but there is some system freezes for 10-15sec
and after it comes back.
Any ideas ?
--
Best regards,
Loïc BLOT, Engineering
UNIX Systems, Security and Networks
http
Openbsd and openbgpd are working Like a charm With CISCO and alcatel routers.
With openbsd routing daemon you can also backup the ospf configurations and
create différent versions. Also the debug is simpler
Loic Blot
Le 16 mai 2013 à 17:45, mxb m...@alumni.chalmers.se a écrit :
Quagga might
to implement filtering if you tell me how
to do it.
--
Cordialement,
Loïc BLOT,
Expertise en Systèmes UNIX, Sécurité et Réseaux
http://www.unix-experience.fr
Le jeudi 09 mai 2013 à 14:50 +0200, Claudio Jeker a écrit :
On Wed, May 01, 2013 at 11:45:04PM +0200, Loïc BLOT wrote:
My border routers
Thanks for the précision, i will test your issue to verify if my bcm5720 issue
is linked With yours
Loic Blot
Le 10 mai 2013 à 14:12, David Imhoff dimhoff_de...@xs4all.nl a écrit :
Hi,
I'm having problems with a 4-ports BCM5719C based PCI-E network card
and the 2-ports BCM5720 network
No it's a dell r320 Then a 64bit cpu then amd64 architecture :)
Loic Blot
Le 8 mai 2013 à 23:54, Joerg Goltermann j...@osn.de a écrit :
Hi,
On 04.05.2013 20:11, Loïc Blot wrote:
Today, i want to upgrade exactly same model (Dell R320 with PCI Intel
CARD and BCM5720 on motherbroad plus PCI
Hello Stuart, ok for the console, (i would tell i use keyboard and
screen on the server directly, sorry for the mistake :s).
I can't test this week, because of production (and then i have shutted
down the server because he interfers with the CARP master and take the
hand whereas he mustn't...)
Can
.
if you could get a trace to verify, that would be much appreciated.
cheers,
dlg
On 05/05/2013, at 4:11 AM, Loïc Blot loic.b...@unix-experience.fr wrote:
Hello misc.
On thursay i have upgraded one of our BGP border routers to OpenBSD 5.3,
and i was pleased to get the BCM5720 working. I have
A little more precision,
my server have network, but some times he looses also network for 1
second and CARP goes to master on this backup servers and generate
instability. I think there is a problem somewhere, but i don't know why.
To compare, i have two Dell R320 with BCM5720 and EM, on works
BCM + LACP + CARP isn't a good idea
but i haven't any choice :s
Thanks for advance.
--
Best regards,
Loïc BLOT, Engineering
UNIX Systems, Security and Networks
http://www.unix-experience.fr
Hello all,
to begin, thanks to OpenBSD team contributors for this very good
release.
I have a question about ospfd. Why ospfd doesn't have capabitilities to
filter some routes, or filter by sources ? (ok by source can be filtered
by PF, but if i want to refuse routes from specific hosts, or some
Hello all,
to begin, thanks to OpenBSD team contributors for this very good
release.
I have a question about ospfd. Why ospfd doesn't have capabitilities to
filter some routes, or filter by sources ? (ok by source can be filtered
by PF, but if i want to refuse routes from specific hosts, or some
OK for the tree, but refuse to insert routes in the kernel is useful.
It would be a great function to refuse inserting kernel routes from some
routers.
--
Best regards,
Loïc BLOT,
UNIX systems, security and network expert
http://www.unix-experience.fr
Le mercredi 01 mai 2013 Ã 20:56 +0300,
In fact, this isn't really an interarea problem but a inter protocol
problem.
Next month i'll have two border routers which are connecter to MAN by
BGP. In my LAN and on my tunnels i'm in a LAN backbone area.
Because of the priority of OSPF and the default route redistribution,
the default route
My border routers obtain a default route in fact, and OSPF must
redistribute this route to LAN Routers. Here is a scheme
|-- R1 site 1 R3 Site 1
| BGP AS 650XX | OSPF a3|
|-- R2 site 1 R4 Site 1
|
Hi stuart,
i agree, but that means i must use area 0 on LAN ifaces. And if i have
another area on that iface (my extented LAN area), i can't use backbone
area.
Now, i have replaced area 12 with area 0, but the problem also persists.
--
Best regards,
Loïc BLOT, Engineering
UNIX Systems, Security
A.B.C.D
no redistribute default
auth-md 1 pwd1
area 12 {
auth-type crypt
auth-md-keyid 1
interface trunk0
interface trunk1 { passive }
interface vlan994 { passive }
}
Has anyone an idea ? i'm stucked :s.
Thanks for advance
--
Best regards,
Loïc BLOT
Hi Robert and misc@openbsd,
thanks for your reply, but if i don't want to connect area 12 on area
0 ? My area 12 is reserved for LAN to LAN only, i don't want to publish
its routes on the backbone area and backbone area is not in stub mode.
Also, I thought about stub areas to not publish routes.
Hello misc,
i am installing a WAN router under openbsd but i have a strange problem
with OSPF and OpenBSD.
I use two OSPF areas. One area is stub and the other isn't (and i have
tryied to stub it too).
We can say area 1 is stub area and area 5 is LAN area.
When the router learn routes from area 1
,
Loïc BLOT, Engineering
UNIX Systems, Security and Networks
http://www.unix-experience.fr
Le vendredi 01 mars 2013 à 19:34 +, Stuart Henderson a écrit :
On 2013/03/01 20:16, Loïc BLOT wrote:
Thanks for the reply Stuart, but:
- It's a test network, with an offline switch
- only the two
:
attribute_unacceptable: ENCRYPTION_ALGORITHM: got AES_CBC, expected
3DES_CBC
My ipsec.conf is very simple for now:
on host A
ike esp transport from 10.0.0.1 to 10.0.0.2
and on host B
ike esp transport from 10.0.0.2 to 10.0.0.1
Any idea ?
Thanks for advance
--
Best regards,
Loïc BLOT
Thanks for the reply Stuart, but:
- It's a test network, with an offline switch
- only the two routers are on the switch, with the good VLAN connected
by one LACP trunk (for each device)
- isakmp negotation is from the expected hosts
- the certificate are default certificates, generated by OpenBSD
I confirm dynamic dns updates works with OpenBSD named, but you must
replace OpenBSD dhcpd with isc-dhcpd from packages, failover and dynamic
dns updates works with it
--
Best regards,
Loïc BLOT, UNIX systems, security and network expert
http://www.unix-experience.fr
Le dimanche 03 février
Also look at: http://www.openbsd.org/plus.html
--
Best regards,
Loïc BLOT, UNIX systems, security and network expert
http://www.unix-experience.fr
Le samedi 02 février 2013 à 18:08 -0500, bofh a écrit :
On Sat, Feb 2, 2013 at 6:02 PM, bofh goodb...@gmail.com wrote:
On Sat, Feb 2, 2013
Hi !
There is no problem as i Know and use
Loic Blot
Le 15 janv. 2013 à 12:50, R0me0 *** knight@gmail.com a écrit :
Hello misc,
I've a OpenBSD 5.1 in production and I will put another OpenBSD 5.2 and
then configure CARP.
will I have some compatibility issue ?
Thanks in advanced
i agree with Marc, don't be paranoid :s you use OpenBSD as a desktop
it's a great thing (personnaly i run Linux, because of driver supports).
--
Cordialement,
Loïc BLOT, UNIX systems, security and network expert
http://www.unix-experience.fr
Le mardi 08 janvier 2013 Ã 20:24 +0100, Marc Espie
1 - 100 of 118 matches
Mail list logo
