configuring ipsec.conf with ipcomp seem to be difficult then I thought.
I enable ipcomp
# sysctl -a | grep ipcomp
net.inet.ipcomp.enable=1
ipcomp is enabled on both gateways. Here is ipsec.conf:
flow ipcomp from 10.10.10.0/24 to 10.10.2.0/24 \
peer 192.168.1.57
ike esp from
I see the following error in my firewall log:
client limit (100) reached, refusing connection from xx.xxx.x.26 (this
IP is on the firewall interface facing the public)
proxy cannot connect to server xx.xxx.x.48: No route to host
Thanks,
_Motty
Thank you for your suggestion,
I already have connections to peers using isakmpd, am afraid to bring
those connections down to switch over to ipsec.
On 07/11/2015 05:02 PM, carlos albino garcia grijalba wrote:
use ipsec.conf the new configuration are simple i have connections
from cisco
Hello,
I have a gateway machine OpenBSD 5.5 that won't not initiate connection
to peer. The one way to establish VPN tunnel is if peer ping IP in my
subnet.
in pf.conf
IpsecClients={ 173.16.2.20/32, 139.19.10.51/32 }
IpsecHosts={ 192.16.38.24/27 }
# IPSec VPN tunnel
pass in on $OUTSIDE
running the command route show does not get the full internet routing
table as I should. However, if I run bgpctl show rib I get the full
routing table. Router is routing packets fine, however, I am concern
that something may be wrong.
any explanation as to why this is happening?
# bgpctl
trying to send a community string to our neighbor here is my configuration:
# ISP peer 1 announcements only#
neighbor 19.25.16.13 {
remote-as 7X32
descr level1
announce all
set community 7X32:100
tcp md5sig password passwd2
}
here is
Hello,
My company is getting another Internet connection, our new ISP ask that
we setup bgp to peer with one of their router to receive updates and
peer to another router to broadcast our routes. ISP gave us the
following setup example:
My questions is how would this setup be done in OpenBSD
Hello All,
I'm trying to setup IPSec Tunnel using the following parameters.
Phase 1
exchange encryption: AES256
Data Integrity: SHA256
DH: group 20
Agressive Mode
phase 2
encryption: AESGCM256
HASH: SHA384
I can't find examples to configure isakmpd.conf using parameters above.
[fw2-main-mode]
5.4+ don’t even use it any more.
Br
//mxb
On 16 jan 2015, at 21:22, Motty Cruz motty.c...@gmail.com wrote:
Hello All,
I'm trying to setup IPSec Tunnel using the following parameters.
Phase 1
exchange encryption: AES256
Data Integrity: SHA256
DH: group 20
Agressive Mode
phase 2
encryption
Hello all,
I am searching for hardware to build a router with OpenBSD. I have found
mixed signals as to fastest system with i386 or 64bit. I know in the
past i386 OpenBSD used to perform a lot better than 64bit system.
Any suggestions!
Thanks,
Motty
wrote:
Greetings Motty Cruz,
In general, you could achieve performance by configuring your kernel
according to your hardware. You can use dmesg(8) and 'GENERIC' kernel
configuration as a guide for your hardware.
Sometimes i386 will run faster than 64 bit (see
http://www.openbsd.org/amd64.html
Hello, how to reload configuration without restarting isakmpd?
Thanks,
Thank you all,
I used this command.
ps aux
kill 29309
kill 7908
ps aux
isakmpd -S
sasyncd
Thanks,
On Fri, Jul 25, 2014 at 8:29 AM, Reyk Floeter r...@openbsd.org wrote:
On Fri, Jul 25, 2014 at 08:17:15AM -0700, motty cruz wrote:
Hello, how to reload configuration without restarting
13 matches
Mail list logo
