FYI, Hakan tells me this isn't possible now, but might be someday.
Sean Knox wrote:
[I didn't get much response on the openbsd-ipsec list, so I'm reposting
here]
I'm having problems allowing roadwarrior connections from aggressive and
main mode clients to connect isakmpd at the same time
[I didn't get much response on the openbsd-ipsec list, so I'm reposting
here]
I'm having problems allowing roadwarrior connections from aggressive and
main mode clients to connect isakmpd at the same time. At the moment,
I can only allow one, either main mode or aggressive by specifying a
Greg Mortensen wrote:
On Wed, 24 Aug 2005, Sean Knox wrote:
On the other end, there is a log showing the T1 disconnecting and
attempting to reconnect about 15 minutes prior to the above messages.
One machine is running a 3.8-beta snapshot from 8-16-05 and the other
is running a 3.7 snapshot
jeff wrote:
Sean Knox wrote:
tcpdump logs and pf.conf snipped
The only people who can help is your ISP. Talk to them and hopefully
they can trace the attack upstream.
I once added this to pf.conf to mitigate a DDoS. It appeared to have
worked, but it may have been a placebo effect
tcpdump logs and pf.conf snipped
The only people who can help is your ISP. Talk to them and hopefully
they can trace the attack upstream.
sk
(posted a similar message originally on the IPSec list; thought I'd post
here too)
Hey all-
I almost have a working VPN between isakmpd and a Netscreen box-- things
fail at phase 2 as the peers enter quick mode.
64.81.74.226 = isakmpd
206.14.210.146 = netscreen
00:28:11.947907
away at
this in the meantime (and possibly bugging Juniper for more info).
sk
On Wed, Jul 27, 2005 at 01:35:34AM -0700, Sean Knox wrote:
(posted a similar message originally on the IPSec list; thought I'd post
here too)
Hey all-
I almost have a working VPN between isakmpd
Sometime this morning, our openbsd firewall/VPN server entered a state
where it stopped forwarding encrypted traffic over the enc0 interface. Incoming
roadwarrior connections establish tunnels fine, but nothing is sent over
enc0. There have been no isakmpd or pf configuration changes. There's
Lars Hansson wrote:
On Wed, 29 Jun 2005 19:16:08 +0200
Frederic BRET [EMAIL PROTECTED] wrote:
So the conclusion may be that the BSD hardwares are limited by the
ability of their OS to manage interrupts properly...
What do you think about this ?
I've put 750mpbs between 2 OpenBSD boxes
C. L. Martinez wrote:
Hi all,
Please this is very urgent for me. Where I can find configuration
docs about to configure isakmpd with x509 certificates and DHCP over
IPSec for OpenBSD??
DHCP over IPSec isn't supported. Virtual IPs with IKE Mode config works
well, though.
sk
(please do not write me off list)
C. L. Martinez wrote:
Ok, but if i would like use windows ipsec native client. How can I
assign virtual ip???
Or somebody knows any free vpn client taht works with virtual ip and
x509 certs???
AFAIK, the windows native client does not support virtual IPs. I'm
Frederic BRET wrote:
Hi all,
This is my first post to this list. I'm trying to understand why our
OpenBSD PF router is not able to cope correctly with needed gigabit
speeds
On our gigabit firewall, I've found that it's able to forward traffic at
~920 Mb/s (69.2% interrupt,
Melameth, Daniel D. wrote:
I don't know if this will help, but you might also want to look into
piloting -current's idle loop fix.
I'm in a similar situation (and similar hardware, em(4) cards in
particular) as the OP. I'm running firewalls with June 3 snapshots, but
I'm push 16k+18k pps at
on these Intel boxes.
I haven't tried tuning the em(4) driver yet nor am I sure it's needed at
this point. Does anyone have some guidelines and/or tuning values they use?
thanks,
sk
Sean Knox wrote:
Bill Marquette wrote:
On 6/2/05, Sean Knox [EMAIL PROTECTED] wrote:
Hey Bill-
Is IRQ
Tony Sarendal wrote:
On Tuesday 07 June 2005 20:17, Sean Knox wrote:
I installed the NIC to the shared PCI slot and it has helped, but not as
much as I expected. Now that all NICs are sharing an IRQ, interrupt
usage has dropped from ~90% to ~70%. I'm pushing about 25 kb/s
across two NICs
Tony Sarendal wrote:
Nope-- it's a Supermicro 6023P-8
(http://supermicro.com/products/system/2U/6023/SYS-6023P-8.cfm). Intel
Xeon 2.4, 533mhz bus, onboard dual Intel 82546EB gige nics, 133mhz
PCI-X, etc. etc. I'm running a snapshot from June 3 and as far as I can
tell, apm is not enabled (did a
Jason Dixon wrote:
Hmm. might be possible to do a typo in such a way that with DNS, it
might resolve to an address, and without, it is an error. Probably
wouldn't work as desired, but that may have been unnoticed. Or maybe I
shouldn't speculate when over-tired.
Not a bad idea, but nothing
Bill Marquette wrote:
On 6/2/05, Sean Knox [EMAIL PROTECTED] wrote:
Hey Bill-
Is IRQ sharing done in BIOS? I'm using 2 onboard em(4) NICs and a dual
port em(4) on a Supermicro 6023P-8:
This was all done in BIOS on HP DL380's.
The Supermicro BIOS (forgot the brand offhand) doesn't allow
animal.
-bob
* Sean Knox [EMAIL PROTECTED] [2005-06-01 18:57]:
Marco Peereboom wrote:
I remember that there was a boo boo in the bge interrupt handler.
beck@ found it and I believe krw@ fixed it. If you can you should try
something newer, like -current or whenever brad
Bill Marquette wrote:
I saw a pretty significant performance boost on some of my IDS boxen
by putting the NICs on the same IRQ. There was also a tuning article
written quite some time ago (no idea about it's current day relevance)
that suggested the same. The IDS boxen have em(4) cards in
Bruce Marriner wrote:
I am trying to setup an OpenBSD OpenBSD VPN Tunnel to connect two
remote offices together. I looked around on Google for a how-to or some
documentation. It seems the OpenBSD documentation is blank (due to no
support). And all the how-to's on the Internet seem
Marco Peereboom wrote:
I remember that there was a boo boo in the bge interrupt handler.
beck@ found it and I believe krw@ fixed it. If you can you should try
something newer, like -current or whenever brad@ the latest releases
3.7 errata that includes the idle loop fix.
Does this
wang fei wrote:
i tried ifconfig xxx:1 inet xxx.xxx.xxx.xxxwhich worked at linux, but
it doesn't work.
As you're no doubt discovering, OpenBSD is not linux. man ifconfig and
read about IP aliases.
hint: ifconfig fxp0 alias x.x.x.x
cheers,
Sean
L. V. Lammert wrote:
An associated mentioned that they were having decent OS compatility
(Linux) with SuperMicro machines. Has anyone tried them? They seem to be
pretty cost effective for the h/w capability.
I like SuperMicro boxes. We have about a hundred as webservers, mail
servers,
Sean Knox wrote:
Does anyone know if OpenSWAN's
IKECFG works? (linux IPSEC client) Recent versions say there is
experimental support.
I managed to get virtual IPs with OpenSWAN 2.3.0 working. Here's my
ipsec.conf for posterity:
# /etc/ipsec.conf - FreeS/WAN IPsec configuration file
# RCSID $Id
Sean Knox wrote:
Is anyone using IKE mode config successfully with isakmpd? I'm trying to
set my VPN Tracker client (Mac IPSec software) to obtain an IP via
IKECFG but one end isn't handling things correctly.
OK, time to reply to myself again. I was missing an option under the
Identifiers tab
Toni Mueller wrote:
Hi,
On Sun, 15.05.2005 at 21:42:53 -0700, Sean Knox [EMAIL PROTECTED] wrote:
Is anyone using IKE mode config successfully with isakmpd? I'm trying to
yes, I have no problems with it (using it for all roaming users).
Thanks Tony.--that gave me some more confidence to try again
27 matches
Mail list logo