Re: Isakmpd and NAT-T

Hi, Ok working well now, actually I shouldn't have set up the srcid with my public_ip. Without this line (or this line containing private IP) it's working well. Regards, Sebastien On Sat, Mar 18, 2017 at 2:03 AM, Sébastien Morand wrote: > Hello Mike, > > "group none" in

Re: Isakmpd and NAT-T

Hello Mike, "group none" in phase 2 because of this in the documentation: << Possible values for auth, enc, and group are described below in CRYPTO TRANSFORMS. Perfect Forward Secrecy (PFS) is enabled unless group none is specified. >> And their documentation says: No PFS. As far as I

Re: Isakmpd and NAT-T

Hi Mike and everybody, Thank you Mike for your answer. There is nothing more like you said. Actually we succeed in phase 1 but not in phase 2. My client give me the following spec: Phase 1: SHA1 - 160 bits / DH 5 / Authentication with PSK / CIPHER : AES-256 / Lifetime 86400s Phase 2: Tunnel mode

Isakmpd and NAT-T

Hi, I'm trying to set up a NAT-T IPSec VPN with one of my client. Is this configuration ok on ipsec.conf for NAT-T? ike esp \ from 10.85.98.16/29 to {10.249.0.0/21} \ peer \ main auth hmac-sha1 enc aes-256 group modp1536 lifetime 86400 \ quick auth hmac-sha1 enc aes-256 group

VMM test

Hi Everybody, I would like to give a try to vmm. If I do so, which os can I expect to make it work? openbsd ok I guess. Linux? Windows? Thanks by advance, Sebastien

Re: Override NGROUPS_MAX

Hi, > Congratulations. You are no longer running OpenBSD. Your system > has a significant incompatibility, and now we cannot accept any > bug reports from you anymore. Any bug you hit might be due to that > change you made. You own the change. This is true, thanks for the reminder although

Re: Override NGROUPS_MAX

Hi, > I'm still giving a try recompiling with NGROUPS_MAX et KI_NGROUPS > modified on a test computer ;-). Then I'll install samba from ports. Test are concluant until there. I change NGROUPS_MAX and KI_NGROUPS to 1024 and compile all user land and packages required. Can connect to samba with 18

Re: Override NGROUPS_MAX

> No reasonable way. If you really need more than 16, better use another > OS. I'd like to avoid using an other OS. I'm still giving a try recompiling with NGROUPS_MAX et KI_NGROUPS modified on a test computer ;-). Then I'll install samba from ports. > As the net/samba port maintainer I

Re: Overide NGROUPS_MAX

On Tue, Jul 12, 2016 at 4:35 PM, Alexandre Ratchov <a...@caoua.org> wrote: > > On Tue, Jul 12, 2016 at 04:11:07PM +0000, Sébastien Morand wrote: > > Hi everybody, > > > > I'm implementing a samba share on OpenBSD 5.9 and I'm getting in trouble > > because of the

Overide NGROUPS_MAX

Hi everybody, I'm implementing a samba share on OpenBSD 5.9 and I'm getting in trouble because of the NGROUPS_MAX limitation to 16 groups per user. Is there any way to increase this value? For instance recompiling kernel with /usr/src/sys/sys/syslimits.h modified (NGROUPS_MAX to 32 or 64)? Using

Computer hangup : scsi_xfer pool exhausted!

Hi, I have a computer hanging up every 4/5 days. It's no more accessible by network and keyboard is not responding. The only message displayed in console log is "scsi_xfer pool exhausted!" which is documented by : /* * in this situation we should queue things waiting for an * xs and then give

Re: Xorg crash

I, Solved the problem by creating a xorg.conf file with the following: Section "Device" Identifier "Card0" Driver "intel" BusID "PCI:0:2:0" EndSection That's make me confortable to work, but when watching movie I can get some trouble (black screen in mplayer) and then the display has

Re: Xorg crash

I everybody, Xorg does not crash anymore for a few weeks, but I'm back in VESA mode for Intel 5500 HD (which is quite slow) when the intel driver was fully functionnal in october/november in the snapshots version. Anything I missed? dmesg and Xorg.0.log beelow: Dmesg:

VESA mode

Hi I'm using the snapshots version in my computer and for about 2 weeks now I'm stuck in VESA mode. I was working pretty well since 26th september for "Intel HD Graphics 5500" but not anymore, any information about this? Regards, Sebastien dmesg : OpenBSD 5.9-beta (GENERIC.MP) #1778: Wed Dec

Xorg crash

Hi, Since last update to snapshots, Xorg crash every 15/20 minutes. I got the following error message : [ 14956.727] (EE) Segmentation fault at address 0xe9f9407000 [ 14956.727] (EE) Fatal server error: [ 14956.727] (EE) Caught signal 11 (Segmentation fault). Server aborting [ 14956.727] (EE) [

Re: broadcast relay

> Hi, > > I'm trying to relay a broadcast message. > > I've tried the following in pf : > > pass in quick proto udp from any to vlan1:broadcast port 3121 rdr-to > vlan3:broadcast port 3121 > pass out quick on vlan3 from any to vlan3:broadcast nat-to vlan3 > > with no success any chance to do it

broadcast relay

Hi, I'm trying to relay a broadcast message. I've tried the following in pf : pass in quick proto udp from any to vlan1:broadcast port 3121 rdr-to vlan3:broadcast port 3121 pass out quick on vlan3 from any to vlan3:broadcast nat-to vlan3 with no success any chance to do it with pf? other

Re: ipsec via iked

> While not an endorsed FAQ or man page from the project, this: >> http://puffysecurity.com/wiki/openikedoffshore.html should give you a >> few tips on how to achieve this. The man page (iked.conf) and the >> references for pf within it should be enough to work it out. But from my >>

ipsec via iked

Hi, I set up an ipsec VPN via iked. on the server : distantnet="192.168.100.0/24" ikev2 passive ipcomp esp \ from 192.168.0.0/24 to $distantnet \ from 192.168.1.0/24 to $distantnet \ from 192.168.2.0/24 to $distantnet \ from 192.168.4.0/24 to $distantnet \

Re: Thinkpad E550

Hi, Yes wifi works fine, scan and eveything, no trouble with it when I switch to -current, it's really just the graphics card the point. On Mon, Jun 1, 2015 at 3:51 PM, Stefan Sperling s...@stsp.name wrote: On Mon, Jun 01, 2015 at 03:41:24PM +, Sébastien Morand wrote: Hi, I got a

Network redirection

Hi, I need help for this problem: (router1 and router2 are openbsd router, pc1 can be anything) pc1 --- | router1 (b1) - (b2) router2 (a2) - internet (a1) | --- internet I want