gress.
> >
> > Nevertheless, writing egress or $ext_If, what difference does it really
> > make? You're just repeating a different word. Lol
> >
> > On Sun, Apr 28, 2024, 12:08 PM Radek wrote:
> >
> >> > change $lan_if to $int_if, change (egress
t_if from $int_if:network to any nat-to $ext_carpif
It seems it should work fine as well but it doesn't:
match out log on egress from $int_if:network to any nat-to $ext_carpif
On Thu, 25 Apr 2024 13:53:32 -0700
obs...@loopw.com wrote:
>
>
> > On Apr 25, 2024, at 10:36 AM, Rad
nderlying interface, not the carp.
>
> I'd change:
>
> ext_if=em0
> int_if=vlan2
> ext_carpIf=carp0
>
> match out on $ext_if inet from 10.0.2.0/24 to any nat-to $ext_carpIf
>
>
>
>
>
>
> On Wed, Apr 24, 2024, 4:50 PM Radek wrote:
>
&
10.0.2.201 18:03:73:b4:fa:c1 UHLc 011815 -18 carp2
10.0.2.254 00:00:5e:00:01:02 UHLl 0 36 - 1 carp2
10.0.2.255 10.0.2.254 UHb04 - 1 carp2
[snip]
Radek
rts/textproc/ripgrep
(/usr/ports/infrastructure/mk/bsd.port.mk:2600 'install':
@lock=ripgrep-13.0.0p3; export _LOCKS_...)
test73#
> or try the binary at https://junkpile.org/rg
This binary causes code dumps too.
On Mon, 5 Jun 2023 12:43:53 - (UTC)
Stuart Henderson wrote:
> On 2023-
seem to behave that way, but bash will trace inside
> functions. Try calling the script with 'bash -x' and hopefully you
> can pinpoint which binary called by main() is crashing.
>
> -Andrew
>
Radek
gularly monitors this
> list.
>
> I've contacted him before at his email address and he was very prompt in
> reply.
>
> 73
> diana
> KI5PGJ
>
> On May 30, 2023 8:05:04 AM MDT, Radek wrote:
> >Hello and sorry for the late reply,
> >
> >> D
Hello Stuart,
> What is the name of the core dump file?
Actually there isn't any .core file.
test73# find / -name '*.core'
test73#
On Tue, 30 May 2023 14:41:37 - (UTC)
Stuart Henderson wrote:
> On 2023-05-30, Radek wrote:
> > Hello and sorry for the late reply,
> >
&g
0
uhub1 at usb1 configuration 1 interface 0 "AMD OHCI root hub" rev 1.00/1.00
addr 1
vscsi0 at root
scsibus1 at vscsi0: 256 targets
softraid0 at root
scsibus2 at softraid0: 256 targets
root on wd0a (660c82c04771c00d.a) swap on wd0b dump on wd0b
On Thu, 25 May 2023 18:17:49 - (UTC)
instruction (core dumped)
pf-badhost:
IPv4 addresses in table: 0
Radek
doing the IP of the host you want to go to?
>
> It will look silly but maybe it works?
>
> Aka
> !route add 10.1.111.11 10.1.111.11
>
> That worked on my attempt even without sleeping
>
> See if that helps.
>
>
>
>
> On Thu, 9 Feb 2023, 22:59 Radek,
p before vr3 so that is why your route adding in the
> hostname.vr0 is wrong.
>
> Cheers
>
> On Thu, 9 Feb 2023, 01:36 Radek, wrote:
>
> > Hello Bradley,
> > thank you, your setup works the way I need.
> >
> > I can't deal with adding the static route perma
So route add 10.1.111.11/32 10.1.111.1
>
> Then you can redistribute your /32
>
>
>
> router-id 10.109.3.15
> redistribute 10.1.111.11/32
>
> area 0.0.0.0 {
> interface vr0
> }
>
>
>
> On Tue, 7 Feb 2023, 02:46 Radek, wrote:
>
> > Hello,
&
my iPhone
>
> > On 5 Feb 2023, at 21:15, Radek wrote:
> >
> > Hello Diederik, hello Tom,
> > this is a simple lab/testing configuration, that's why there is no
> > "passive" and other...
> > The purpose of this configuration is to allow access to certa
$ ospfctl show fib
flags: * = valid, O = OSPF, C = Connected, S = Static
Flags Prio Destination Nexthop
*S8 0.0.0.0/010.109.3.254
*O 32 10.1.111.0/2410.109.3.15
Any clues?
On Sat, 4 Feb 2023 23:16:57 +
Tom Smyth wrote:
> Hi Radek,
>
> it
0.0.0.0 {
interface vr0
interface vr3
}
Thanks,
Radek
On Tue, 30 Nov 2021 22:31:11 +0100
Łukasz Moskała wrote:
> W dniu 30.11.2021 o 16:07, Radek pisze:
> > On Tue, 30 Nov 2021 10:04:30 +0100
> > Łukasz Moskała wrote:
> >
> >>
> >>
> >> Dnia 30 listopada 2021 09:45:15 CET, Radek napisał/a:
>
from 10.4.26.0/24 to 10.43.0.0/16
pass quick from 10.43.0.0/16 to 10.4.26.0/24
--
Radek
On Tue, 30 Nov 2021 10:04:30 +0100
Łukasz Moskała wrote:
>
>
> Dnia 30 listopada 2021 09:45:15 CET, Radek napisał/a:
> >On Mon, 29 Nov 2021 11:19:28 +0100
> >Łukasz Moskała wrote:
> >
> >> W dniu 28.11.2021 o 18:07, Radek pisze:
> >> > Hello,
On Mon, 29 Nov 2021 11:19:28 +0100
Łukasz Moskała wrote:
> W dniu 28.11.2021 o 18:07, Radek pisze:
> > Hello,
> > following the official guide [1] and few others webites I finally installed
> > my first Ruby on Rails/Puma web app... and it passed the local test by
> &
"Connection" value "close"
match response header remove "Server"
}
relay "http" {
listen on $egress port http
protocol "http"
forward to port $httpd_port
}
relay "https" {
listen on $egress port https tls
protocol "https&quo
On Wed, 17 Nov 2021 22:28:50 +0100
Radek wrote:
> On Wed, 17 Nov 2021 17:33:25 - (UTC)
> Stuart Henderson wrote:
>
> > On 2021-11-17, Radek wrote:
> > > On Wed, 17 Nov 2021 11:22:42 +0100
> > > Denis Fondras wrote:
> > >
> > >> L
On Wed, 17 Nov 2021 17:33:25 - (UTC)
Stuart Henderson wrote:
> On 2021-11-17, Radek wrote:
> > On Wed, 17 Nov 2021 11:22:42 +0100
> > Denis Fondras wrote:
> >
> >> Le Wed, Nov 17, 2021 at 05:03:42AM +0100, Radek a écrit :
> >> >
> &g
On Wed, 17 Nov 2021 17:48:44 +0100
Łukasz Moskała wrote:
>
>
> Dnia 17 listopada 2021 16:39:07 CET, Radek napisał/a:
> >On Wed, 17 Nov 2021 11:22:42 +0100
> >Denis Fondras wrote:
> >
> >> Le Wed, Nov 17, 2021 at 05:03:42AM +0100, Radek a écrit :
> >
On Wed, 17 Nov 2021 11:22:42 +0100
Denis Fondras wrote:
> Le Wed, Nov 17, 2021 at 05:03:42AM +0100, Radek a écrit :
> >
> > How can I restore the vendor's MAC address?
> > It is 6.8/amd64.
> >
>
> Check dmesg, it will give you the original MAC address, the
.
How can I restore the vendor's MAC address?
It is 6.8/amd64.
--
Radek
Hello Werner,
thank you for your installation details. I'll give it a try in a few days.
On Thu, 11 Nov 2021 23:57:02 +0800
Werner Boninsegna wrote:
> Hello Radek,
>
> I am running Redmine on OpenBSD 6.8 and I just followed the installation
> instructions posted on the Redmin
.
On Wed, 10 Nov 2021 20:00:39 +0100
Michael Hekeler wrote:
> Am 09.11.21 17:56 schrieb Radek:
> > Hi @misc,
> > Does anyone successfully run redmine[1] on OpenBSD?
> > I'd like to install redmine on 7.0/amd64 with httpd and postgresql. I've
> > never done it before so
. https://www.redmine.org/boards/2/topics/496
3. https://web.archive.org/web/20160406041905/http://www.iwebdev.it/blog/?p=229
Thank you!
--
Radek
Sorry for the late reply, adding ":framed-ip-netmask=255.255.255.0:" doesn't
solve the problem. Tested on Win10.
On Mon, 22 Feb 2021 14:55:52 +0900 (JST)
YASUOKA Masahiko wrote:
> Hi,
>
> On Sun, 21 Feb 2021 19:18:48 +0100
> Radek wrote:
> >> The interface
move it to the top of your rule set,
> so the traffic that matches this one, does not get evaluated for the rest of
> your rules.
True, thanks for the hint!
On Sat, 17 Jul 2021 10:25:37 -0600
Rosen Iliev wrote:
> Hello Radek,
>
> Your
>
> - block out on vlan received
on vlan1003 inet from vlan1002:network to vlan1003:network
block out on vlan received-on vlan
Any other pf tweeks and suggestion would be appreciated.
On Tue, 13 Jul 2021 12:25:32 +0200
Claudio Jeker wrote:
> On Tue, Jul 13, 2021 at 11:34:28AM +0200, Radek wrote:
> > Hello,
> > I'm
Hello,
I'm going to build a router with +40 vlans.
I need to block access from every vlan to each other (and then enable traffic
between certain vlans as needed).
How can I do this? Is there any one liner pf block rule to do this?
--
Radek
Update.
My conf seems to work as expected, but it took a few hours for APs to find the
controller. Since then even new APs find the controlles in a few minutes.
Controller: Alcatel-Lucent OmniVista 2500
APs: OAW-AP1321-RW
Thanks for your help!
On Mon, 10 May 2021 15:30:01 +0200
Radek wrote
10.109.3.254;
range 10.109.3.201 10.109.3.220;
#option option-138 10.109.3.100;
option option-138 A:6D:3:64;
host [...]
On Thu, 6 May 2021 11:45:43 +0200
Denis Fondras wrote:
> Le Thu, May 06, 2021 at 10:48:55AM +0200, Radek a écrit :
> > Hello,
> > I want to use dhcpd server t
*option capwap* to /etc/dhcpd.conf
option capwap code 138 = ip-address; #Custom Option capwap
option capwap 192.168.1.110; #WLAN-Controller-IP
I can't find the capwap option in dhcp-options(5) i OpenBSD.
How can I do what I need using other options/configuration?
Thanks!
--
Radek
o wrote:
> Hello,
>
> On Sat, 20 Feb 2021 21:14:24 +0100
> Radek wrote:
> > I have a router with VPN server (npppd). LAN net is 10.109.3.0/24, gw
> > 10.109.3.254, the VPN net is 10.109.4.0/24, gw 10.109.4.254.
> > If the client is conencted to VPN all cli
d
OpenBSD 6.8 (GENERIC.MP) #4: Mon Jan 11 10:35:56 MST 2021
r...@syspatch-68-amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
--
Radek
ing 66.102.1.27...
> Connected to gmail-smtp-in.l.google.com.
> Escape character is '^]'.
> 220 mx.google.com ESMTP k2si3832128wrm.242 - gsmtpquit
> 221 2.0.0 closing
> connection k2si3832128wrm.242 - gsmtp
> Connection closed by foreign host.
>
>
--
Radek
Forward.
Begin forwarded message:
Date: Thu, 21 Jan 2021 16:32:55 +0100
From: Radek
To: Allan Streib
Subject: Re: How to request a specific IP address from DHCP server
> Can you configure a permanent IP address in the client configuration
> (hostname.if file) that is outside the
/db/dhcpd.leases (instead of the my_addrees) and DHCPD can give my_address
to other client. Am I rigth?
On Wed, 20 Jan 2021 09:38:13 +0100
Marco Scholz wrote:
> On Tue, Jan 19, 2021 at 08:56:39PM +0100, Radek wrote:
> > I can't manage to request a specific IP address from DHCP ser
nected to the network.
> configuration changes at the server end.
Nobody touches the server end.
On Tue, 19 Jan 2021 21:05:21 +
Peter Kay wrote:
> On Tue, 19 Jan 2021 at 20:57, Radek wrote:
> >
> > Hi,
> > I can't manage to request a specific IP address from
/etc/netstart vr0
vr0: 192.168.1.103 lease accepted from 192.168.1.1 (b0:48:7a:a5:86:15)
$ dhclient -v vr0
vr0: DHCPREQUEST to 255.255.255.255
vr0: DHCPACK from 192.168.1.1 (b0:48:7a:a5:86:15)
vr0: 192.168.1.103 lease accepted from 192.168.1.1 (b0:48:7a:a5:86:15)
Thanks for any help.
--
Radek
ssing IPsec protection
>0 dropped due to full socket buffers
>609 delivered
>236 datagrams output
>354 missed PCB cache
>
> I started looking into this problem.
>
> On Thu, 7 Jan 2021 09:45:07 +0100
> radek wrote:
> > Hi,
s there?
It is directly connected do X.Y.Z.13, no NAT.
On Thu, 07 Jan 2021 16:27:57 +0900 (JST)
YASUOKA Masahiko wrote:
> Hi,
>
> On Wed, 6 Jan 2021 21:33:49 +0100
> Radek wrote:
> > I have a box with relatively fresh install of 68/amd64, fully
> > syspatched. There is
20:53:44 fw-u npppd[82720]: ppp id=1 layer=mppe logtype=Opened
our=128bit,stateless peer=128bit,stateless
Jan 6 20:53:44 fw-u npppd[82720]: ppp id=1 layer=base Using pipex=yes
--
Radek
ns wrote:
> On Tue, Nov 24, 2020 at 9:27 PM Radek wrote:
>
> > Hi,
> > is it possible to install Firebird Server in OpenBSD? I can't find any
> > info about that anywhere.
> > Thanks!
>
>
> Assuming you mean the SQL database, when last I
Hi,
is it possible to install Firebird Server in OpenBSD? I can't find any info
about that anywhere.
Thanks!
--
Radek
> This is ain't the 90's man everyone can afford to have 2-3 or more PCs at
> home
But sometimes you have to be outside the home.
[1] https://www.metatrader4.com/
Cheers!
--
Radek
rcctl restart iked
fi
fi
sleep 32
done
You can trim the sleep time as you need but remember to give some time to
restart/renegotiation/resync...
I hope it helps.
--
Radek
On Wed, 1 Apr 2020 08:50:41 - (UTC)
Stuart Henderson wrote:
> On 2020-04-01, Radek wrote:
> > Hi @misc,
> > is there any equivalent of "npppctl sessions all/brief" for iked(8)?
> > How can I get the list of currently connected roadwarriors? They use CA.
&g
Hi @misc,
is there any equivalent of "npppctl sessions all/brief" for iked(8)?
How can I get the list of currently connected roadwarriors? They use CA.
"ipsecctl -sa" shows IPs only, but I need to know who is who.
--
Radek
dwitdh they just get it with higher priority and my
boxes always can use *the rest*. If there is a quiet it the network my boxes
can use the whole highway.
On Thu, 2 Jan 2020 17:57:19 +0100
fRANz wrote:
> On Thu, Jan 2, 2020 at 3:51 PM radek wrote:
>
> > I tried to do it by "
p from to (egress:0)
set prio (6, 7) keep state
pass in quick on egress proto udp from to (egress:0) port {500,
4500} set prio (6, 7) keep state
pass in on egress proto udp from any to (egress:0) port {isakmp,ipsec-nat-t}
set prio (6,7) keep state
pass in on egress proto {ah,esp} set prio (6,7) keep state
block return in on ! lo0 proto tcp to port 6000:6010
--
Radek
Hello Philip,
This box has installed the newest BIOS firmware.
Following your suggestion I sent a bug report to b...@openbsd.org
https://marc.info/?l=openbsd-bugs=157747038309405=2
On Mon, 23 Dec 2019 08:25:13 -0800
Philip Guenther wrote:
> On Mon, Dec 23, 2019 at 5:10 AM Radek wr
82281c40, count: 0
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb>
--
Radek
6.
On Sun, 10 Nov 2019 15:00:58 +0100
Radek wrote:
> My new box has the same /etc/myname.
>
> I copied:
> /etc/iked/ca/ca.crt
> /etc/iked/certs/1.2.3.4.crt
> /etc/iked/crls/ca.crl
> /etc/ssl/vpn/*
>
> What did I do wrong/miss?
>
> Windows shows error 13826: Fail
On Sun, 22 Sep 2019 17:11:20 +0200
Radek wrote:
> Thank you Stuart.
> I can't touch/upgrade these routers, but I have a bunch of Soekris/net5501
> that I can use for testing -current. Unfortunately, they are i386. I hope the
> arch doesn't matter in this case.
> I'll try -current
-11-10, Radek wrote:
> > Hi Stuart,
> > I have played around with copying them across but no luck (I get error
> > 13801 in win7). I don't know what I'm doing wrong.
> >
> > Do I need to set the same hostname (/etc/myname) in new box to make old
> > certs work
should be copied/edited
(/etc/ssl/vpn/ /etc/iked/) to make rdk.6501.rac working in new box?
On Fri, 8 Nov 2019 11:59:56 - (UTC)
Stuart Henderson wrote:
> On 2019-11-08, radek wrote:
> > Hello,
> >
> > I'm going to replace 6.5 router with new 6.6 box. Is it necessary
is journey.
--
Radek
? Nobody else
reports having the same issue here...
On Fri, 20 Sep 2019 16:55:02 - (UTC)
Stuart Henderson wrote:
> On 2019-09-20, radek wrote:
> > Hello Patrick,
> > I am sorry for the late reply.
> >
> > I have replaced my ALIX/Soekris production routers with APU1C
blem still occurs.
On the other side the ISP redirects all DNS requests to its own DNS.
Any idea?
On Sun, 25 Aug 2019 20:28:27 -0500
Patrick Dohman wrote:
> Radek
> In my opinion upstream DNS & UDP issues can cause interrupts with some ISP's.
> I also believe that defining specific proto
storage or virtualization.
> The OpenBSD O.S includes all the user-land tools such as ping & top in
> addition to a standardized precompiled kernel.
> Regards
> Patrick
> .
> >
> >
> > On Thu, 22 Aug 2019 19:12:55 -0500
> > Patrick Dohman wrote:
> >
> &
5 280 279 1 2 0 80
In use 5679K, total allocated 6336K; utilization 89.6%
On Thu, 22 Aug 2019 19:12:55 -0500
Patrick Dohman wrote:
> Radek
>
> I’ve found that fast networking is actually CPU & memory intensive.
> Pentium 4 and Xeon's are increasin
n CMOS layout
On Mon, 19 Aug 2019 18:17:48 -0500
Patrick Dohman wrote:
> Do you consider memory an issue?
> What is the speed of your memory?
> Unix load average can occasionally be deceiving.
> What make of Ethernets are you running?
> Regards
> Patrick
>
> > On Aug 19
ever been an issue?
> Regards
> Patrick
>
> > On Aug 18, 2019, at 1:03 PM, Radek wrote:
> >
> > Hello,
> >
> > I have two testing gateways (6.5/i386) with site-to-side VPN between its
> > LANs (OpenIKED).
> > Both gws are fully syspatched, have publi
] ; then
mon=`ping -c 3 -w 1 the_other_side_WAN_IP | grep packets | awk -F " " '{print
$4}'`
wan=`ping -c 3 -w 1 8.8.8.8 | grep packets | awk -F " " '{print $4}'`
if [ "${mon}" -gt 0 ] && [ "${wan}" -gt 0 ] ; then
echo vpn: ${vpn}, mon: ${mon}, wan: ${wan} | mail -s "no ping through
VPN RACTEST-MON! restartng iked!" em...@example.com
rcctl restart iked
fi
fi
sleep 32
done
--
Radek
zation.
> They will eventually resync on their own, but it takes several
> minutes.
>
> --
> Christian "naddy" Weisgerber na...@mips.inka.de
>
--
Radek
esp tunnel from 240.240.10.70 to 240.240.10.69 spi 0x4b96dca8 auth
hmac-sha2-256 enc aes-256
esp tunnel from 240.240.10.69 to 240.240.10.70 spi 0x62c0615a auth
hmac-sha2-256 enc aes-256
esp tunnel from 240.240.10.69 to 240.240.10.70 spi 0x97cc9e5f auth
hmac-sha2-256 enc aes-256
remoteLAN_machine# cat /etc/pf.conf | grep "^[^#;]"
set skip on {lo, enc}
match in all scrub (no-df random-id)
match out all scrub (no-df random-id)
pass all
--
radek
10.10.255
> >I can also ping 10.10.10.1.
> >
> >Why vlan0 not linked vio0(parent) without create bridge?
> >
> >Is this normal? AM I miss understand vlan?
> >
> >(eg: I also tried on real machine with hostname.em0 card, same result)
> >
> >Thanks.
> >
> >
> >
> >
> >
> >Key fingerprint: CDB3 6C62 254B C088 1E5D DD32 182C 97DB CF2C 80AC
>
>
> Key fingerprint: CDB3 6C62 254B C088 1E5D DD32 182C 97DB CF2C 80AC
--
radek
Thank you Stuart.
If I use /usr/local/bin/lpr printing works as expected.
$ grep Kyocera /etc/xpdfrc
psFile "|/usr/local/bin/lpr -P Kyocera_Mita_FS-6020"
On Wed, 23 Jan 2019 14:33:15 - (UTC)
Stuart Henderson wrote:
> On 2019-01-23, Radek wrote:
> >
ready fixed in -current.
> >
> > Indeed. Out of curiosity, what was it? I couldn't find anything under
> > http://www.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/lpr/
> > that would break and fix this.
> >
>
> Remote printing with lpd was broken from January 20 to February 7.
>
> usr.sbin/lpr/lpd/printjob.c (broken by r1.50, fixed by r1.52)
>
> Thanks,
> Jeremy
>
--
radek
nough to show that things are much slower with IPsec enabled.
True. I use LAN machine on the one side in my netcat tests, but I don't have
any on the other side, so I have to use router.
On Mon, 21 Jan 2019 13:52:41 + (UTC)
Stuart Henderson wrote:
> On 2019-01-21, Radek wrote:
> &
516.66
23.49514.80
30.79594.94
37.45583.15
34.16621.32
31.54653.58
31.40659.72
33.00667.91
40.15753.08
34.54738.35
32.15639.13
35.11621.26
34.78733.43
34.59728.21
On Fri, 18 Jan 2019 18:25:11 +0100
Ra
ug data if you actually want to help.
>
> Have you tried your NC on the loopback as a reference ?
> is the HEADER compression activated ?
On Fri, 18 Jan 2019 09:28:45 -0500
sven falempin wrote:
> On Fri, Jan 18, 2019 at 8:58 AM Radek wrote:
>
> > I have configured Site-t
ver know what that might
> > bring.
>
> There's a commit from just after 5.2 which is relevant to some
> packet forwarding setups, which might be of interest..
>
> http://www.openbsd.org/cgi-bin/cvsweb/src/sys/netinet/ip_input.c?r1=1.197;f=h#rev1.197
>
--
radek
Sorry, I haven't tried it yet. I'll do it ASAP.
On Tue, 15 Jan 2019 21:05:32 -0600
ed...@pettijohn-web.com wrote:
> On Sun, Jan 13, 2019 at 01:39:13PM -0600, ed...@pettijohn-web.com wrote:
> > On Sun, Jan 13, 2019 at 08:04:32PM +0100, Radek wrote:
> > > Hi,
> > >
aemon to do what we're looking for. It listens on
> specified ports, accepts the connection and executes a script so you can
> either use something like logger or pfctl, etc to do what you want with
> the address it connected from. If anyone wants to play with it let me
> know and I'll send you the tarball.
>
> Edgar
>
--
radek
Polish
interfaces are not obligatorily needed.
On Tue, 8 Jan 2019 17:29:22 +0200
Dumitru Moldovan wrote:
> On Tue, Jan 08, 2019 at 02:52:21PM +, Radek wrote:
> >Hello,
> >
> >I'm trying to set Polish locales in my new desktop (6.4/amd64, xenodm,
> >WindowMaker).
> >
&
LANG=
LC_COLLATE="C"
LC_CTYPE="C"
LC_MONETARY="C"
LC_NUMERIC="C"
LC_TIME="C"
LC_MESSAGES="C"
LC_ALL=
Any help appreciated. Thanks!
--
radek
es at
> boot and run an hourly script to do a pfctl -T expire 86400 to
> keep the table clean of old attackers.
>
> Shodan isn't the only scanner out there, so there is no point in just
> blocking it. And I figure if someone is trying to connect to unused
> ports on my system, they probably aren't up to any good. If you aren't
> aware that my machine isn't legitimately listening on 22 or 23, or 443,
> I don't want to talk to you.
>
> I usually just run on port 22 and move sshd to a different port, that
> seems to stop >95% of attackers.
>
>
--
radek
Any help appreciated!
On Fri, 28 Dec 2018 10:41:22 +0100
Radek wrote:
> Hello,
>
> finally I solved my problem as follows:
> 1. Uncheck "use default gateway on remote network" in warrior (Windows)
> 2. Create route192.bat file: route add 192.168.2.0 mask 255.255.255
Thanks for your hints, Stuart.
I hope to get one OpenUPS soon and give it a try.
On Sun, 23 Dec 2018 12:13:12 + (UTC)
Stuart Henderson wrote:
> On 2018-12-19, Radek wrote:
> > Thank you for all your comprehensive technical references. I just wanted to
> > know if there is
d)
match out on egress from lan:network to any nat-to egress
block log all
pass in on egress proto udp from any to any port {isakmp,ipsec-nat-t}
pass in on egress proto {ah,esp}
pass out on egress
pass on lan
On Wed, 12 Dec 2018 21:45:25 +0100
Radek wrote:
> Hello again,
>
> I
ower consumption device that can shutdown my home
OpenBSD router when the power is loss.
I would like not to use 230V device fot that purpose, which consumes more power
when compare to 12V devices.
On Tue, 18 Dec 2018 20:19:20 +0100
Juan Francisco Cantero Hurtado wrote:
> On Mon, Dec 17, 2018
cheaper alternatives.
Thanks!
--
radek
...
Many thanks!
On Fri, 7 Dec 2018 20:20:21 +0100
Radek wrote:
> Hello,
>
> I am still almost in the same point.
> If I want to reach my GW88_LAN I have to check "use default gateway on remote
> network" box (Windows roadwarrior), but this option makes me reaching th
ast 10.134.91.203
> >>> inet 10.134.91.205 netmask 0xfffc broadcast 10.134.91.207
> >>> inet 10.134.91.209 netmask 0xfffc broadcast 10.134.91.211
> >>> inet 10.134.91.213 netmask 0xfffc broadcast 10.134.91.215
> >>> inet 10.134.91.217 netmask 0xfffc broadcast 10.134.91.219
> >>> inet 10.134.91.221 netmask 0xfffc broadcast 10.134.91.223
> >>> inet 10.134.91.225 netmask 0xfffc broadcast 10.134.91.227
> >>> inet 10.134.91.229 netmask 0xfffc broadcast 10.134.91.231
> >>> inet 10.134.91.233 netmask 0xfffc broadcast 10.134.91.235
> >>> inet 10.134.91.237 netmask 0xfffc broadcast 10.134.91.239
> >>> inet 10.134.91.241 netmask 0xfffc broadcast 10.134.91.243
> >>> inet 10.134.91.245 netmask 0xfffc broadcast 10.134.91.247
> >>>
> >>> This behaviour is counter intuitive as it is different to sh
> >>> /etc/netstart
> >>> behaviour on the configuration of inet addresses
> >>> im wondiring is this a feature or a bug ... or me misunderstanding the
> >>> use of netstart script to reset / reload the configuration of an interface
> >>>
> >>> Thanks
> >>>
> >>> Tom Smyth
> >>>
> >>
> >> --
> >> I'm not entirely sure you are real.
> >
> >
> >
>
--
radek
ess 10.0.1.0/24 \
config netmask 255.255.255.0 \
config name-server 8.8.8.8
On Fri, 30 Nov 2018 15:06:28 +0100
Radek wrote:
> Hello,
>
> Thank all of you for your time and your help in this matter!
> I think that the ISP of A.B.C.0/23 is filtering/blocking some certificates.
> I have
> > >>
> > >> But I can't reach internet from A through B.
> > >>
> > >> Here is the pf.conf on B (at least a small part of it)
> > >>
> > >> pass out on egress \
> > >> from any to any tagged IKED \
> > >> nat-to (egress)
> > >>
> > >>
> > >
> > > I'm still stuck at the same point.
> > > Can someone give me an example of a working configuration natting ot
> > > Internet?
> >
> > I used this,
> >
> > pass in on enc0 inet from $some_net
> > pass out quick on egress inet received-on enc0 nat-to $some_address
> >
> > Also I don't remember what you've already said you checked, but
> > make sure you have sysctl net.inet.ip.forwarding=1.
> >
>
> Thank you.
> Yes, I do have ip.forwarding=1.
>
> I'm confused how to replace "$some_address". Isn't it "(egress)" ?
>
> Regards.
>
--
radek
|
| +---+192.168.2.1| 172.16.2.254/24---|
| ++
|
|+192.168.3.254/24
Thanks!
On Thu, 8 Nov 2018 14:04:23 +0100
Radek wrote:
> I've been playing around with netcat.
> I noticed that the netcat process on my VPN_server does not show any "X&quo
main pool of
> memory anyway).
It does not matter to me. 8MB is OK for OS installation. I am not gonna use X,
serial console and ssh is all I need.
On Thu, 22 Nov 2018 12:01:36 -0800
Misc User wrote:
> On 11/22/2018 6:13 AM, Stuart Henderson wrote:
> > On 2018-11-22, Radek wrote:
> >>
is also welcomed.
Thanks!
--
radek
On Wed, 7 Nov 2018 12:17:09 +0100
Radek wrote:
> Yesterday I tried this scenario:
>
> Win7_warrior - 192.168.x.x, NAT, GW: 1.2.3.119
> VPN_L2TP (Mikrotik) - A.B.C.75/23, not NATed
> VPN_IKEv2 - A.B.C.77/23, not NATed
>
> I connected Win7_warrior to VPN_L2TP and then to VPN_IK
and get private IP from dhcp server. Then I
move to public A.B.C.77/23 editing /etc/hostname, mygate, resolv.conf. Maybe I
missed something in network conf that is important for OpenIKED?
Any idea?
On Tue, 6 Nov 2018 11:21:52 +0100
Radek wrote:
> Hello Kim,
>
> > My question wa
t any Router/FW problem.
On Tue, 6 Nov 2018 07:48:37 +0100
Kim Zeitler wrote:
> Good morning Radek,
>
> I have a suspicion ...
>
> > For (1), (2) and (3) VPN is working just fine with Win7_warrior and
> > puffy_warrior if they are connecting from A.B.C.0/23 (it does not
cookie: 64755be010cd32d2-> msgid: len: 510
18:45:41.927874 A.B.C.77.500 > 1.2.3.119.500: isakmp v2.0 exchange IKE_SA_INIT
cookie: 64755be010cd32d2->2a0fe33c6b9afff8 msgid: len: 471
Thanks!
On Mon, 5 Nov 2018 09:27:25 +0100
Kim Zeitler wrote
5535
ikev2_pld_ts: start 172.16.0.0 end 172.16.0.255
ikev2_msg_send: IKE_AUTH request from 1.2.3.119:500 to A.B.C.77:500 msgid 1,
1600 bytes
ikev2_init_ike_sa: "home" is already active
$ ipsecctl -sa
FLOWS:
flow esp out from ::/0 to ::/0 type deny
SAD:
I really do not know what I am doi
: free 0x7fcc4080
config_free_proposals: free 0x7fcc4580
config_free_proposals: free 0x825a0a00
Then I get 809 Error.
On Wed, 7 Feb 2018 22:01:16 +0100
Radek wrote:
> Hi again,
>
> I'm still trying to make it work for roadwarriors.
> VPN server has IP address A.B.9.73/23. It is OpenBSD6.
1 - 100 of 121 matches
Mail list logo
