OpenBSD as L2TP client

Hi A client asked me to setup a low cost router to connect to the Internet. His current Internet connection requires his router to connect to the ISP using L2TP protocol. I've looked through the archives and ports tree for a similar posting, but found none... Is anyone using OpenBSD as an L2TP

def/(ip-option)

Hi I've setup a new firewall and I'm getting the following line in PF's log ... Jan 31 08:14:34 X OPF: Jan 31 15:17:40.495167 rule def/(ip-option) pass in on em3: 172.16.1.59 224.0.0.22: igmp-2 [v2] (DF) [tos 0xc0] [ttl 1] What does def/(ip-option) mean and why does it get passed?

snort on openbsd with PF

Hi When snort on the external interface of an OpenBSD firewall, which scenario will be the one happening: 1. Snort captures all incoming traffic before it reaches PF (there's also NAT on the external interface). 2. Snort captures and analyzes only traffic that the firewall let through on

Re: snort on openbsd with PF

Hi I apologize for not first RTFMing before asking. Section 4.4 of the Snort FAQ clearly states that scenario 1 is the one that will be ... -- TIA Paolo On 2/8/10 3:18 PM, Paolo Supino wrote: Hi When snort on the external interface of an OpenBSD firewall, which scenario will be the one

Re: ports install problem

dorian.buett...@gmx.dewrote: Paolo Supino schrieb: Hi I'm trying to install php5-core from /usr/ports/www/php5/core ... When I run `make install` I get the following output: # cd ports/www/php5/core/ # make install === Checking files for php5-core-5.2.10 Fetch http://us2.php.net/distributions

ports install problem

Hi I'm trying to install php5-core from /usr/ports/www/php5/core ... When I run `make install` I get the following output: # cd ports/www/php5/core/ # make install === Checking files for php5-core-5.2.10 Fetch http://us2.php.net/distributions/php-5.2.10.tar.gz php-5.2.10.tar.gz 100%

PF logging into a file

Hi I've often used the command tcpdump -n -e -ttt -i pflog0 to view PF log in real time. I've decided to try and use it in order to log in real time PF through syslog. The solution described in the PF FAQ to log to syslog works in time intervals, which doesn't meet my needs in my current

Re: PF logging into a file

Hi Vadim pflogd is writing the A small detail I forgot to mention: I need the log to be in text (readable) format. pflogd write pcap format files, which isn't suitable for me ... -- TIA Paolo On 1/24/10 2:17 PM, Vadim Agarkov wrote: 24.01.2010 13:36, Paolo Supino P?P8QP5Q: Hi

Re: PF logging into a file [solved]

[facility.level]. This makes me wonder: is there a difference in the command line switches given to tcpdump (I tried using -l, but it didn't work in my attempts)? -- TIA Paolo On 1/24/10 2:17 PM, Vadim Agarkov wrote: 24.01.2010 13:36, Paolo Supino P?P8QP5Q: Hi I've often used

dual booting on iBook

Hi I have a Macintosh iBook G4 and I was wondering weather it's possible to dual boot it (like in the I386 world)? TIA Paolo

routing question

Hi I have a firewall that also acts as a VPN peer for 2 VPNs. One of the VPNs is IPSEC that connects between the main office and a branch office. The second VPN is OpenVPN that connects windows based road warriors to the branch office. I want to enable employees that connect to the branch's

Re: routing question

. TIA Paolo David Newman wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 9/3/07 2:15 PM, Paolo Supino wrote: Hi I have a firewall that also acts as a VPN peer for 2 VPNs. One of the VPNs is IPSEC that connects between the main office and a branch office. The second VPN is OpenVPN

Re: routing question

not a firewalling issue in either the main or branch offices as the same type of traffic (ping in this case) worked fine from a desktop in the branch office. TIA Paolo David Newman wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 9/3/07 3:28 PM, Paolo Supino wrote: Hi David It's true

Re: routing question

: On Mon, 03 Sep 2007 17:15:02 -0400, Paolo Supino wrote: Hi I have a firewall that also acts as a VPN peer for 2 VPNs. One of the VPNs is IPSEC that connects between the main office and a branch office. The second VPN is OpenVPN that connects windows based road warriors to the branch office. I

Re: routing question (solved)

Paolo RW wrote: On Mon, 03 Sep 2007 20:26:14 -0400, Paolo Supino wrote: Hi RW Except for the branch VPN to the main office subnet (line# 3) I have the other IPSEC rules: peer to peer, 2 subnets to 1 subnet (and vice versa on the main office VPN peer). Why do I need to setup a tunnel between

trying to compile frickin pptp proxy

Hi I'm trying to compile frickin pptp proxy on an OpenBSD 4.1 system. The compilation fails with the following errors: g++ -Wall -g -O2 -I/home/paolo/src/frickin/include -L/home/paolo/src/frickin/lib -o frickin2 main.o logger.o configuration.o session.o listener.o entity.o server.o client.o

Re: trying to compile frickin pptp proxy

Hi Lars I know about the limitation and their implications, but unfortunately I don't control the other peer and have to live with what I'm given. TIA Paolo Lars Noodin wrote: Paolo Supino wrote: I'm trying to compile frickin pptp proxy on an OpenBSD 4.1 system. You may want

Re: trying to compile frickin pptp proxy

Hi Thank you!!! I had the feeling that the problem is in the Makefile.OpenBSD, but didn't know how to fix it. Doing what you suggested below solved the problem and I'm now able to build frickin proxy. Now I have to make it work ... TIA Paolo Marmotic Marvel wrote: On Tue, 28 Aug 2007,

Re: openbsd instead of cisco vpn client

Hi Samuel Great, thank you for the information. I will take a look at it and try it :-) TIA Paolo Samuel Moqux wrote: 2007/8/27, Paolo Supino [EMAIL PROTECTED]: Hi I came across the following situation: there's network where several employees have access to a client of theirs

openbsd instead of cisco vpn client

Hi I came across the following situation: there's network where several employees have access to a client of theirs using Cisco VPN clients. To centralize and ease administration I want to put in place an OpenBSD box that will create a single VPN. The client is so bearucratic that by the time

sendmail SMTP auth

Hi I want to add SMTP auth to sendmail. Will it be easier for me to try and add the support to the source shipped by OpenBSD or to the source that I will download from sendmail.org? Other suggestions on setting up a mail server with SMTP auth are welcome. TIA Paolo

order

Hi Does anyone know how I can contact Austin@ except emails? My CDs and book have yet to arrive (preorderd on the day orders were opened) and I'm not getting any feedback/reaction via email :-( TIA Paolo

couple of questions

Hi I have a couple of questions: 1. I'm in the process of setting up OpenBSD firewall for a building's network. one of the NICs on the firewall will be a wifi PCI card. I need to buy the card for it and I want to buy a card from a company that helped OpenBSD. Which wifi (PCI) vendor gave

Re: couple of questions

family (see, for exemple, the recent thread initiated by Vincent GROSS on this list). For the second question the answer is yes. There is a very good support of IPSEC in OpenBSD :p. Regards, Maxime DERCHE Paolo Supino wrote: Hi I have a couple of questions: 1. I'm in the process of setting

Re: couple of questions

Hi Stuart Great, thanx :-) Read the manual page and it's exactly what I was looking for. TIA Paolo Stuart Henderson wrote: On 2007/05/06 15:41, Paolo Supino wrote: Is it possible to __tunnel Ethernet__ over IPSEC in OpenBSD? Yes, see gif(4)

Re: couple of questions

/05/06 15:41, Paolo Supino wrote: Is it possible to __tunnel Ethernet__ over IPSEC in OpenBSD? Yes, see gif(4) As I posted before, bridge over gif doesn't seem to work with 4.1 :(. At least all my attempts to do such a configuration failed. But, using openvpn in bridge mode :( works.

Re: using spamd to block outbound spam

will be in place I'll probably go with setting up rate limiting via sendmail, though I'd rather not run any servers on the firewall. TIA Paolo Kyle George wrote: On Fri, 13 Apr 2007, Paolo Supino wrote: The webapp does talk to a real mail server: on localhost (IIS6 SMTP service

Re: using spamd to block outbound spam

emails be a solutions? I will try to implement rate limiting. TIA Paolo Joachim Schipper wrote: On Fri, Apr 13, 2007 at 10:17:51PM -0400, Paolo Supino wrote: Hi Bob The webapp does talk to a real mail server: on localhost (IIS6 SMTP service). When a spammers abuses the webapp

Re: using spamd to block outbound spam

fix the problem completely, but I can put measures in place that will reduce the problem to an acceptable level. TIA Paolo Henning Brauer wrote: * Paolo Supino [EMAIL PROTECTED] [2007-04-14 16:43]: 1. Fixing the code is impossible :-( I already tried it, the developers keep saying

Re: using spamd to block outbound spam

else will come and reconnect it). The IP range 0.0.0.0/0 to 255.255.255.255/32 should cover it ;-) TIA Paolo Henning Brauer wrote: * Paolo Supino [EMAIL PROTECTED] [2007-04-14 17:53]: From the technical aspect, I agree with you. But non technical people don't see (or understand

Re: using spamd to block outbound spam

it in the IIS6 SMTP service (this isn't the place to discuss IIS6 SMTP configurations). TIA Paolo Vijay Sankar wrote: On Saturday 14 April 2007 10:06, Paolo Supino wrote: Hi Joachim I know that right now I'm mostly going at it in the wrong way but I have to fix it quickly and without

Re: using spamd to block outbound spam

). TIA Paolo Bob Beck wrote: * Paolo Supino [EMAIL PROTECTED] [2007-04-12 22:12]: Hi I have the following problem: I host a group of windows servers that run a webapp using IIS6 ASP technology. The webapp was written and is maintained by a small private company that develops custom

using spamd to block outbound spam

Hi I have the following problem: I host a group of windows servers that run a webapp using IIS6 ASP technology. The webapp was written and is maintained by a small private company that develops custom webapps for companies. One of the services the webapp does is send out emails (nothing

snortsam compilation problem

Hi I'm trying to compile snortsam (2.50 and 2.52) on OpenBSD 4.0 and I get the following compilation problems: gcc -O2 -DOpenBSD -DBSD -c ssp_pf.c ssp_pf.c: In function `PFBlock': ssp_pf.c:705: error: storage size of `t_rule' isn't known ssp_pf.c:794: error: invalid application of `sizeof'

Dell 2950

Hi Is anyone running OpenBSD on the new Dell PowerEdge 2950 servers, what is the level of support for the integrated hardware? -- TIA Paolo Supino IT Manager Integrated Document Solutions Cell: (786) 282-1480 Tel: (954) 484-0969 Fax: (954) 484-8491 http://www.idssite.com

CPU selection

Hi I'm in the process of configuring a Dell PowerEdge 860 as firewall and I debating what kind of CPU to get for the firewall for an office of about 50 people, 20MB metro ethernet, and 15 lightly used Internet servers: FTP, web, DNS, email, NTP, etc ... In addition for the computer being a

Re: CPU selection

Hi K Kadow The NIDS would be snort. TIA Paolo K Kadow wrote: On 11/2/06, Paolo Supino [EMAIL PROTECTED] wrote: I'm in the process of configuring a Dell PowerEdge 860 as firewall and I debating what kind of CPU to get for the firewall for an office of about 50 people, 20MB metro

Re: CPU selection

of the machines and CARPing them, for redundancy and load balancing (not that you will likely really need that). Also consider putting some extra cash down on a hw raid controller, and 2 scsi disks for each machine, and run raid 1 on them, for even more failover safety. Alec Paolo Supino wrote

one letter

Hi After reading the replies to my routerboard 44 question I reached the conclusion that I have no choice but buy the Intel quad NIC (my boss will hate me ;-)). I've started collecting quotes this morning, but I was only able to get quotes for the PWLA8494GT card and not for the PWLA8494MT

Mikrotik's routerboard 44

Hi I'm in the process of building firewall (Obviously it will run OpenBSD) and I need to put in a quad NIC card. There's Intel Quad card that I had a success with in the past but is expensive as hell. I found a company called Mikrotik that makes a Quad NIC card and I'm looking for

OpenBSD - Cisco IPSEC

Hi I need to setup an IPSEC VPN between 2 locations. 1 location runs Cisco gear (out of my control) and the other runs OpenBSD (my decision). I've never setup a VPN between Cisco and OpenBSD before (I did between Cisco to Cisco and OpenBSD to OpenBSD) and I was wondering if there are any

Re: OpenBSD - Cisco IPSEC

: On Fri, 10 Mar 2006, Paolo Supino wrote: Hi I need to setup an IPSEC VPN between 2 locations. 1 location runs Cisco gear (out of my control) and the other runs OpenBSD (my decision). I've never setup a VPN between Cisco and OpenBSD before (I did between Cisco to Cisco and OpenBSD to OpenBSD

Re: OpenBSD - Cisco IPSEC

is a 3745 concentrator. The encryption algorithm is 3DES. Hash algorithm is SHA1. DH group 2 (for phase 1) and phase 2 is esp-3des esp-sha-hmac. TIA Paolo Matthew Closson wrote: On Fri, 10 Mar 2006, Paolo Supino wrote: Hi I need to setup an IPSEC VPN between 2 locations. 1 location

OpenBGP on firewall

Hi I started working for a company that its production site is running 2 PIX firewalls with no VRRP (to save cost on licensing, duh). I offered and they approved to replace them with 2 OpenBSD and CARP. In front of the FW there is a Cisco 7200 router doing BGP. I offered to remove the

writing to /var/log/ftpd

Hi Is it possible to have normal people's ftp file transfers to /var/log/ftpd? TIA Paolo

Re: writing to /var/log/ftpd

of the file TIA Paolo Joel Dinel wrote: On 02/06/06 at 11:03, Paolo Supino wrote: Hi Is it possible to have normal people's ftp file transfers to /var/log/ftpd? syslog.conf states that ftp stuff is logged to /var/log/xferlog. Just change that to /var/log/ftpd, -HUP inetd (or your ftpd

Re: OpenBSD, Samba and active directory

OpenBSD 3.5 and older version Samba so I don't know how relevant it is (hense the email). Paolo Thomas Bvrnert wrote: not on openbsd, but i think you need heimdal and not the krb5 Thomas On Mon, 2006-01-30 at 14:16 -0500, Paolo Supino wrote: Hi I'm trying to compile Samba 3.0.21a

ste(4) driver

Hi A couple of months ago brad sent me a patch for the ste(4) driver. I downloaded a snapshot that had the patch already in it. Unfortunately the driver still caused problems: it didn't crash the kernel, but it failed to initialize ports to 2-4 :-( I tried to contact brad a few times, but