I wouldn't call 64Mb "small" for memory, it's tiny. Even 20 years ago 64
wasn't really enough. The introduction of kernel relinking on boot has
been noted since 6.5 (or was it 6.4?) to make tiny memory systems
obsolete. They simply can't cope. Theo has noted he has other projects
in the pipelin
On 2020-02-14, Peter Müller wrote:
> Hello openbsd-misc,
>
> during some flaws in OpenIKED, I am forced to use strongSwan as an IPsec
> client on an
> OpenBSD 6.6 machine. While establishing an IKE_SA works fine, installing
> policies for CHILD_SA
> fails (as expected):
>
>> unable to install IP
On 2/14/2020 11:21 AM, Fabio Martins wrote:
I am trying now only with the redirect to www.openbsd.org, if it works, I
am sure it can be adapted to my case.
Unfortunately still no success.
# pf.conf:
ext_if="xnf0"
match in log on $ext_if proto tcp from any to ($ext_if) port 8099 tag RDR \
r
I am trying now only with the redirect to www.openbsd.org, if it works, I
am sure it can be adapted to my case.
Unfortunately still no success.
# pf.conf:
ext_if="xnf0"
match in log on $ext_if proto tcp from any to ($ext_if) port 8099 tag RDR \
rdr-to 129.128.5.194 port 80
match out log on $
Hello openbsd-misc,
during some flaws in OpenIKED, I am forced to use strongSwan as an IPsec client
on an
OpenBSD 6.6 machine. While establishing an IKE_SA works fine, installing
policies for CHILD_SA
fails (as expected):
> unable to install IPsec policies (SPD) in kernel
> failed to establish
Hi Fabio (xará),
Apparently I achieved this with these rules:
--
pass out log on hvn0 inet proto tcp from any port 1024:65535 to 8.8.8.8
port = flags S/SA label "TESTE LISTA"
pass in on hvn0 inet proto tcp from any port 1024:65535 to 10.101.0.17 port
= 25 flags S/SA label "TESTE LISTA" tag TES
On Thu, Feb 13, 2020 at 01:31:43PM +0100, no@s...@mgedv.net wrote:
depends what you want to achieve, but my recommendation is booting from USB
and mount encrypted root from the HDD.
you can safely remove the usb key after root mount and all your configs/etc
files are used from the encrypted stora
On 2/14/2020 6:30 AM, Fabio Martins wrote:
Hi Nick,
Thanks. I applied both rules below, unfortunately I am still only hitting
rule number #1 (rdr-to). nat-to is never reached (added "log" on each to
test). I tried inverting the order, too, but no luck.
#1
match in on $ext_if proto tcp from
misc@
sharing a recent experience with OpenBSD 6.6 and old, low spec, low memory
devices.
remember the Toshiba Libretto? back in 2000, OpenBSD got some CPU time on
one of mine. sadly that Libretto is now dead, and with the current state of
affairs, it wont be able to run OpenBSD.
last weekend i
no@s...@mgedv.net(nos...@mgedv.net) on 2020.02.13 13:31:43 +0100:
> > > On Linux you can do the following:
> > > { [1MB unencrypted GRUB bootloader partition] [Rest of hard drive
> entirely encrypted] }
> ... which i would consider to be as insecure, as unencrypted root at all.
... which totaly de
Hi Nick,
Thanks. I applied both rules below, unfortunately I am still only hitting
rule number #1 (rdr-to). nat-to is never reached (added "log" on each to
test). I tried inverting the order, too, but no luck.
#1
match in on $ext_if proto tcp from to ($ext_if) port 25 \
rdr-to 200.200.200.200
11 matches
Mail list logo