With tcp, the default is pretty much always in the same subnet as at
least one interface of any given host. One can do things with VPN, and
gif's and gre's etc which can work around some oddball situations.
however.
if there is a local router that you use to get to your 'default'
gateway, I
On 9/10/16 12:54 PM, Theo de Raadt wrote:
On Sat, Sep 10, 2016 at 06:52:39PM +0300, Consus wrote:
On 03:09 Mon 05 Sep, Theo de Raadt wrote:
OpenBSD 6.0 GENERIC.MP#0 amd64
My fstab entry looks like :
10.10.10.10:/srv/share /mnt/ops_test nfs defaults,noexec,nosuid,nodev,auto 0 0
However:
$
I run OpenVPN on a pair of carped up gateways
What are you trying to achieve with this very odd sounding config.
There may be a more straightforward way to get there.
Adam Wysocki wrote:
Hi,
I have an OpenVPN server running on OpenBSD. I use tunX interface in tap
mode (as far as I know,
I had this happen once before in the long long ago.
I wound up creating a new nfs server with an export of the same name.
The client was then able to dismount.
Certainly a PITA, a reboot though cause for self loathing may be simpler.
If you mount from fstab in the future make sure you soft
Todd C. Miller wrote:
On Thu, 02 Apr 2015 16:38:29 -0400, Steve Litt wrote:
What happens to OpenBSD when Secure Boot becomes manditory?
Please read those articles again, Secure Boot is *not* mandatory
for Windows 10. The major change is that for Windows 8 Microsoft
*required* hardware
Sigh, its sad when a project with that much potential has no goals.
Hopefully its just a phase.
Daniel Dyla wrote:
I'm not sure where this sort of thing is supposed to be reported but the
Project Goals link on libressl.org (http://libressl.org/goals.html) is
giving me a 404 error.
Seems pretty easy to make donations.
Send money. Don't want a CD? OK, Send money.
The documentation is already provided, the FAQ is an excellent codicil
to the man pages. No need for a PDF really.
There is a clear need for money.
Demonstrate your willingness and interest to contribute by ...
No Theo I don't think understand, if you accept the patch then you will
be more like Ubuntu and other MODERN operating systems.
Why put everything in a single easily readable file, when you can split
it up in to multiple directories.
Which reminds me when are you going to ditch /etc for a
.
- (and does the gain of the change worth the work of the change)
PS:
If you install a software that require recurrent task it should be done
with a user with specific priviledge , so set up a crontab for this user.
Geez don't you have a TLS server to patch !
On Tue, Apr 8, 2014 at 4:59 PM, Dag Richards
Block of spruce with 2 rj45 ports.
Its new and will stop all unwanted traffic, you can put OpenBSD right on
top of it.
Low power, easy to maintain.
Theophile Envt wrote:
Gigabyte GA-C1037UN-EU motherboard ? 2 Lan fanless...
2014-02-01 Adam s...@my-balls.com:
Any suggestions for the
On 1/31/14 11:59 AM, Holger Glaess wrote:
Am 31.01.2014 20:44, schrieb Matt M:
This may not be the most appropriate place to ask, but I figured a lot of
you are using Cisco on your networks.
I am beginning to study for the CCNA and I want to purchase at least one
Cisco router and a switch for
I have a suggestion for every one of us that has mailed in an idea in
response to a solicitaion for money...
Send money.
Just do it right now, write a cheque. Send it, send it now.
Do that a couple of times a year.
Buy a cd twice a year, get at least one t-shirt with each order.
Were we told
Theo de Raadt wrote:
On 2013-10-30, Aaron Mason simplersolut...@gmail.com wrote:
Is the fan functioning? If so, have you tried opening up the laptop
and re-applying thermal grease to the CPU? If the laptop has a few
years under its belt, the old grease could have perished.
While this might
Andy wrote:
Hi,
Could anyone point me in the right direction on how to have a script be
executed whenever a CARP failover or preempt event occurs?
Need to write a script to send an event message into our monitoring
systems so we can see when a change has occurred.
I haven't used ifstated
Seems like it would be pretty straightforward to NAT, no?
/--existing servers /28
EVIL - lie agreed upon [Puffy]
\-new servers on RFC 1918
Would need to know more to make better recommendations.
On
Maximo Pech wrote:
It's incredible for me that OpenBSD, an operating system that claims to
have integrated cryptography (yes I know that the cryptography is on the
core OS layers) doesn't have in the base system a tool like gnupg, and
even more incredible, that there isn't a single production
Theo de Raadt wrote:
On Mon, Jul 16, 2012 at 08:45:30PM +0200, [BG-Consulting] Elmar Bschorer wrote:
What do you mean with ss20?
Actually a good question. At least for those old enough to remember the
Soviet era SS-20 intermediate-range ballistic nucelar missiles.
I'd like one of those too.
Shot in the dark here new to OSPF myself
Have you tried adding vlan208 interface on R1 to OSPF config on R1?
On 8/13/11 11:39 AM, Shohrukh Shoyoqubov wrote:
Hi,
I have the following set-up:
|R2other routers
|
ISPR1
|
|R3other routers
There is a static default route on R1
On 8/13/11 12:54 PM, Shohrukh Shoyoqubov wrote:
On 08/14/2011 12:19 AM, Dag Richards wrote:
Shot in the dark here new to OSPF myself
Have you tried adding vlan208 interface on R1 to OSPF config on R1?
R1 has no vlan208 interface configured. R1 uses trunk0 to connect to
access mode switch
Super Biscuit wrote:
Did they get the licensing, approval, or letter?
missing the point
I recently had a problem that looked similar.
I would try to bring up the tunnels configured in ipsec.conf.
No Phase 2
A dump on the external iface revealed that we were sending Phase 1
initiation. Their end was configured for a different encryption scheme,
than ours ( even though we had
Running 4.3 GENERIC#698 i386
I have a VPN with a vendor using a I think he said it was a Sonic Wall
FW. We are able to get Phase 1 associations up and happy. But Phase 2
never seems to start, at least not from my side.
If he sends traffic from his side then his device makes a phase 2
Hey Jason, been trying to get a hold of you.
Are we still doing business?
I have been actively maintaining a firewall cluster and a VPN cluster of
BSD system since 3.5. I have upgraded each system from a factory boot cd
every 6 - 8 months. I have never had any problems due the to upgrade
not once. I run a 4000 PC network in a 24x7 Health Care environment.
There is
Put an ip address on em0.
FRLinux wrote:
Hello,
I am trying to replicate some traffic from a Cisco 6500 onto an
OpenBSD 4.5 vanilla machine. I have two NICs, rl0 which is the
administration interface and em0 which I hope to use for the ethernet
tap. So far, my cisco replicates traffic
configure: error:
ar program not found. Please fix your PATH to include the directory in
which ar resides, or set AR in the environment with the full path to ar.
*** Error code 1
The likely solution is listed in the error message.
dark knight neo wrote:
Hello everyone,
I'm trying
I don't think it is possible to help you with limited information you
have provided.
Lets see some sort of description of your network topology, and the out
put of netstat -rn and and an ifconfig -A of your OBSD router.
My initial guess on why adding the route to the OBSD router failed to
journey-...@shaw.ca wrote:
I have two locations each using OpenBSD 4.5 for their gateways with the two
subnets connected using IPSEC.
I have an application that requires IPX/SPX between the two locations. Is
this feasible?
The two internal subnets are 192.168.0.x and 192.168.1.x but they can
HP DL360G5 we have 5 of these that we use with 4 port bge cards
as vpn servers and firewall.
Running or have run 4.3 4.4 4.5
HW Raid controller
I like the lights out management cards on the older ones ( G3 ) better
as they just give you a screen scrape console. The G5 does something
Anybody currently running BSD diskless workstations?
Expository text below.
We have been working on SunRay-Windows_virtual_desktop pilot here at my
office for a while. The tech seems pretty workable. Leaving aside any
question of personal taste, we use windows desktops and will continue
Jason Dixon wrote:
On Thu, May 21, 2009 at 08:05:52AM -0700, Obiozor Okeke wrote:
Well I should have mentioned that the ESXi is also running a Windows server VM
for a custom app that requires it. So the idea was to have one box running
ESXi and reduce hardware costs.
If you want to upgrade from 4.4 to 4.5
Boot off the 4.5 install image and perform an upgrade.
If you wish to compile things for your 4.5, do that after you are
running 4.5.
I don't think in general they will help you do what it looks like you
are trying to do.
Rosen Nedialkov wrote:
Hi
As a rule I generally don't post in response to community discussions as
I am essentially nobody here. This time however I just have to ask
...Theo?
Why on Earth do you keep doing this?
How the hell do you put up with all of this ... crap?
I am sure there are still companies that would pay
On 3/9/09 2:05 AM, J.C. Roberts wrote:
On Sun, 8 Mar 2009 16:01:57 -0700 Hilco Wijbenga
hilco.wijbe...@gmail.com wrote:
I have pf running on my firewall box and I'm experiencing some strange
behaviour. After several hours (this may even be 24 hours) of
functioning normally, pf seems to reload
I thought the prize was you got the software?
I assume that your company will send say 10% of that saved cash to the
project now to ensure continued development and maintenance ?
;)
On 1/26/09 9:32 AM, uday wrote:
I just wanted thank the developers and contributors of Relayd. It's a
wonderful load balancer, very well written GOOD
Try setting your nat line to look something more like .
nat on $ext_if from 10.100.100.0/24 to any - ($public_ip)
or
nat on $ext_if from 10.100.100.0/24 to any - ($ext_if)
As long as pf is enabled AND your traffic actually matches the nat rule
nat happens.
what do see when you:
Is possible
You need to specify the netmask of your vlan interfaces
cat out one of your hostname.vlan?? and show us
one of mine looks like
inet 10.120.6.102 255.255.255.0 NONE vlan 6 vlandev em0
On 1/26/09 10:42 AM, Denis Souza wrote:
Friends,
I'm using OpenBSD 4.1 with a VLAN with 2 IPs
Peter N. M. Hansteen wrote:
Denis Doroshenko [EMAIL PROTECTED] writes:
what keeps you from writing a script that would be called
from the end of /etc/netstart; the script would check whether the
initialized network interfaces match those described by a
predefined table? in case of failure it
Are you using preshared keys?
Your policy seems to imply that you are, but you do not seem to have
your passphrases in the correct place.
I think the line should be more like this
Licensees: passphrase:properpasswd || passphrase:otherproperpasswd
Though the debug output does imply that it
Lars NoodC)n wrote:
Matt Bettinger wrote:
Yes. I have a buddy who works with it and Cache`(Multi-Value DB I
believe) on VMS in Houston Medical Center. They manage their
prescriptions with it. He also makes very good $$ but talk about
getting pigeon holed. There is a port Maverick on Freebsd ,
Ted Unangst wrote:
If it were actually usable from a shell, it'd be interesting. If I'm
already running a graphical interbrowser, it's because I want
graphical interwebs.
Exactly.
Mark Zimmerman wrote:
On Wed, Jun 04, 2008 at 09:46:26AM -0700, Dag Richards wrote:
Ted Unangst wrote:
If it were actually usable from a shell, it'd be interesting. If I'm
already running a graphical interbrowser, it's because I want
graphical interwebs.
Exactly.
So, can you launch
Understand that I am not (quite) reporting a panic without a ps and trace.
I had kernel panic this weekend on my standby vpn firewall, this is the
third time this has happened in the last 300 days or so, always with the
same panic.
I run with ddb.log=1
I ran ps and trace expecting the output
Josh Grosse wrote:
On Mon, 14 Apr 2008 08:57:55 -0700, Dag Richards wrote
Then I performed a boot dump, I have
drwxrwx--- 2 root wheel 512 Apr 14 07:53 ./
drwxr-xr-x 25 root wheel 512 Aug 28 2007 ../
-rw--- 1 root wheel 2 Apr 14 07:51 bounds
-rw
I have one of the cards from an Ultra 10, not sure which one.
It was alive back when the system was, I will check the model no,
tonight ( GMT + 8 ).
If you can use the card, I would be happy to ship it to any one that
needs it.
And how many times have I tried to pawn of this Enterprise 450
Sewan wrote:
Hi,
I have an apache-php website running on windows server 2003 port 80, i have
correct rdr rules that pointing my web server, i can view website inside my
LAN, but i can't view page outside of my network. I've checked all dns- ip
settings, everything's fine but problem continues.
[EMAIL PROTECTED] wrote:
On Jan 7, 2008 9:00 AM, Josh Grosse [EMAIL PROTECTED] wrote:
On Mon, 7 Jan 2008 13:39:01 +0100, Targus Neoprene wrote
Hi,
in my flat I can see a lot of open connection points. They do not
require a password and, in principle, I can log in every time... but
they seem
Josh wrote:
Hello, A quick question.
I have a pair of 4.1 boxes acting as firewalls using carp/pfsync etc.
The primary has advskew 0, the backup has advskew 100. I have
net.inet.carp.preempt=1 on both.
So anyway, I was downloading some 4.2 install binaries onto the backup
fw, and I noticed
n0g0013 wrote:
On 31.10-11:12, Nick Guenther wrote:
[ ... ]
and i would suggest that the severe and prevelant attitude toward the
possibilty of poor patches or under-educated actions is the most
significant barrier to encouraging new/young developers.
Well that's the point of it; or at least,
Amarendra Godbole wrote:
On 10/7/07, stan [EMAIL PROTECTED] wrote:
I have a new laptop that I would like to set up to have 4 different OS's
on. The OS's I would like to install are:
OpenBSD
FreeBSD
Linux
Windows (XP r Vista)
Is it possible to do this on the one disk. I do have enough space,
Patrick Hemmen wrote:
Hello all,
I have two OpenBSD machines for a redundancy VPN-Gateway. They use
carp to share one IP-Address and sasyncd to synchronize SAs and SPDs.
I setup a ipsec-tunnel in /etc/ipsec.conf. The tunnel isn't
established and the error PAYLOAD_MALFORMED appears in the logs.
Hannah Schroeter wrote:
Hi!
On Mon, Oct 01, 2007 at 10:50:05AM -0400, Nick Guenther wrote:
[...]
To explain this more fully with the party line: the project supports
itself via donations and selling CDs of releases. If you create DVDs
to distribute you are hurting the project by
Marian Hettwer wrote:
Hi All,
I'm using a Soekris box with OpenBSD 4.0 (sorry *g*) on my home soekris box.
Actual setup is one interface with a cable modem connected for internet use.
The cable modem provider talks dhcp, so no pppoe magic involved.
Now I do have an old second DSL provider
Theo de Raadt wrote:
Theo de Raadt wrote:
Theo de Raadt wrote:
snip
Decreasing CD sales means the margins have to be adjusted. More of
you are relying on our FTP services, and also donating less.
snip
Hey Theo just a quick suggestion to increase the cash donations:
Why aren't the
James Hartley wrote:
The manpage for scp(1) mentions the -B option for running scp in batch
mode, but no further details. How can scp be run without prompting
for a password?
Thanks.
passwordless rsa key?
Nico Meijer wrote:
Hi all,
I have a new carp setup that somehow just won't work.
The two machines are Jetway mini-itx J7F4 machines, dual Gb LAN. dmesg
below.
So if each system sees only its own carp traffic it makes sense that
each would consider themselves master. I assume that the
I think you will find that since carp is communicated with multicast
that your rules are not behaving as you think.
They are allowing the outbound transmissions, but since you are not
establishing tcp sessions the keep state does not do what you want.
Try explicitly allowing in protocol carp
would allow CARP on the
pfsync (and loopback) interface.
GTG
Dag Richards [EMAIL PROTECTED] 07/19/07 4:55 PM
I think you will find that since carp is communicated with multicast
that your rules are not behaving as you think.
They are allowing the outbound transmissions, but since you
Daniel Ouellet wrote:
Toni Mueller wrote:
Hi Mark,
On Tue, 29.05.2007 at 14:13:06 +0100, mark reardon
[EMAIL PROTECTED] wrote:
I just got a x2100 M2 from Sun yesterday on a 60 day trial and am having
trouble setting the MTU on one of the bge NICs. Just some initial
findings.
Not a big
I have two bsd firewall / routers that have a vpn between them ...
sometimes. They have a late May build of 4.0 386, they have been
working well until a few days ago, and we of course all swear that
nothing was changed... they just started failing.
I left last night with tunnels up and
Have you looked in /var/log/messages for messages?
have you run isakmpd in the foreground with debugging enabled?
isakmpd -d -DA=2
Wilson Liu wrote:
I am currently building an OpenBSD 4.1 firewall and setting VPN as
well.
I've changed isakmpd_flag=NO to isakmpd_flags=# for normal
[EMAIL PROTECTED] wrote:
I have a redundant firewall setup with carp interfaces on both sides of the
firewall. I have a mirror of this setup in a 2nd location. Now im a little
confused on how to set up the VPN. Do I use 1) the physical interfaces
between the peers or 2) do I use the carp
SPI's propagated from the active server to the
second.
off to lunch now, if this does not clear things up sufficiently you
should consider posting ifconfigs, sassync.conf isakmpd.conf and maybe
some dumps ...
maybe one of the smart people will help us then,.
Thanks.
On 5/2/07, *Dag
Dummy Dummy wrote:
On 4/30/07, Stuart Henderson [EMAIL PROTECTED] wrote:
Check you have a PF rule to pass carp traffic on that interface.
N.B. applications using bpf, like tcpdump, see the packets *before* PF.
Yes, PF rules was the cause. I had a bunch of carp/pfsync rules there were
at
I have had this problem before where two systems each claim to be
master on only one of the shared subnets. My problem was one system had
an alias on the carp iface that the other did not. Do an ifconfig of
the physical ifaces and the carp iface on each box, so it shows all the
configured
Caveat -- bge? ospf? eh I only know them at the executive brief level.
carp, stp, static routing I know well enough.
So call router one primary
traffic is coming routes are all up everything is good.
Switch 1 dies, carp switches master over to router 2 bge2.
If you had carp inside
Matiss Miglans wrote:
Hi good people !
I need to make connection from server witch is in LAN1 to server witch
is in LAN3.
And I need to make another connection from that same server witch is in
LAN3 to that same server witch is in LAN1.
There is 3 different company Ethernets, and I need to
A quick read of the faq shows the pass keyword causes a bypass all
filtering ...so don't use it if you want your filters to be applied .
Bruce Bauer wrote:
Using OpenBSD 4.0
Using binat for the first time in the real world
Questions:
binat pass on fxp0 from $server_int to any - $server_ext
Do your firewalls forward ip 4?
sysctl net.inet.ip.forwarding=1
Jack Bates wrote:
If you can help, please feel free to CC: me directly:
[EMAIL PROTECTED]
My partner-in-crime and I are having some trouble getting a LAN-to-LAN VPN
working with OpenBSD-4.0-stable isakmpd. Both firewalls have a
Camiel Dobbelaar wrote:
Make sure your addresses are in sync... number of addresses and the
netmask are different.
On Wed, 14 Mar 2007, Dag Richards wrote:
inet 10.120.10.50 netmask 0xff00 broadcast 10.120.10.255
inet 10.120.10.50 netmask 0xff00 broadcast
Since reporting this problem I have tried running both systems on one
switch, and performed a kernel and userland build from stable.
The behavior is unchanged in both cases.
help? Am I really that stupid? This was working on 3.9
Dag Richards wrote:
Two systems running 4.0 GENERIC#1107 i386
Two systems running 4.0 GENERIC#1107 i386 on bge drivers.
They are being used as vpn servers
They are each jacked to their own cisco 2950. The switches are connected
with to each other xover cables. Each host can see the others carp
traffic, pf is configured to quick pass carp traffic. both
Joel Knight wrote:
--- Quoting Dag Richards on 2007/03/12 at 18:50 -0700:
Two systems running 4.0 GENERIC#1107 i386 on bge drivers.
They are being used as vpn servers
They are each jacked to their own cisco 2950. The switches are connected
with to each other xover cables. Each host can see
Stuart Henderson wrote:
On 2007/03/12 18:50, Dag Richards wrote:
insists on being master. I can ifconfig the desired slave to backup
state but after a couple of seconds it pops back to master.
how do you tell the state, ifconfig(8)? if so, try
yes precisely
http://www.openbsd.org/cgi
Tim Pushor wrote:
May be a dumb question, but how do I look at traffic going over an IPSEC
tunnel, on one of the OpenBSD machines? I've tried tcpdump -i enc0 but
get nothing ..
That is exactly what you do. Remember you can not use filters on it, no
tcpdump -i enc0 host wakkawakka
if plain
Toni Mueller wrote:
Hi Dag,
On Thu, 01.02.2007 at 08:37:01 -0800, Dag Richards [EMAIL PROTECTED] wrote:
locations. Yesterday I needed to add a tunnel, there was no
/var/run/isakmpd.fifo ... odd says I. isakmpd had been running since mid
The fifo was recreated, I could use it to control
Brian A. Seklecki wrote:
Hello Brian,
Not quite sure what you mean with pstree...don't know the
command and no 'man pstree' on my 3.8 system..?
It's in the psmisc/ package
Note that I no problems logging into the system while on the local
network
(doing this
via a PC that I remotely
[EMAIL PROTECTED] wrote:
Hi,
Does anyone have any experience with this HW on OpenBSD. I can't find
specifics on the NICs used on Suns webpage. What are they and are they
well supported? This seems like the perfect package for my purposes.
Regards,
Edvard
There has been a fair amount of
I have a little production vpn server with 28 tunnels to various
locations. Yesterday I needed to add a tunnel, there was no
/var/run/isakmpd.fifo ... odd says I. isakmpd had been running since mid
Septembe, so I justed edited the config file and hupped the controlling
process.
The fifo was
Um in case it *might* be useful information I am using OBSD 3.9 i386
though I can remember exactly when I built userland it is not the stock
from dist CD version.
Dag Richards wrote:
I have a little production vpn server with 28 tunnels to various
locations. Yesterday I needed to add a tunnel
Toni Mueller wrote:
Hi,
On Thu, 04.01.2007 at 22:18:58 -0800, Dag Richards [EMAIL PROTECTED] wrote:
You can use raidframe to do software raid, though I at least have not
been able to do an upgrade of a system with its root slices on a
raidframe disk.
in theory, this should work
Stephen Schaff wrote:
I'm thinking about buying the Sun x2100 M2 for OpenBSD 4.0. I've
purchased one for a client that's running linux. I set it up but don't
admin it. I don't use linux, but I really like the hardware. I want to
do RAID1 with it, which the motherboard supports. However,
smith wrote:
Blocking icmp violates RFC rules which means in a nutshell weird things will
happen on your network.
Buda says :
Amen... obey RFC 1122.
RFC compliance is almost always a good reason to do something.
So I have learned something I apparently should already have known.
i.e.
Jason Dixon wrote:
On Dec 17, 2006, at 2:51 PM, carlopmart wrote:
Philip Guenther wrote:
On 12/17/06, carlopmart [EMAIL PROTECTED] wrote:
Somebody knows if exists some option to put on rc.conf file like
FreeBSD does with ipv6_enable=NO option to disable IPv6 support on
OpenBSD 4.0?
Jason Dixon wrote:
On Dec 17, 2006, at 6:28 PM, Dag Richards wrote:
Jason Dixon wrote:
Your security staff is clueless. I bet they like to block icmp
echo- request too.
Erm, I am don't think I am clueless, often a sign of cluelessness I
am sure ... However. I block inbound icmp, well
Reyk Floeter wrote:
On Fri, Nov 03, 2006 at 12:35:55AM +, Paul Civati wrote:
My understanding is, if you want to support the simple connection
of Windows clients, using the built-in VPN connector (eg. control
panel - network - make new connection - VPN - L2TP), the
server side needs:
Andreas Bihlmaier wrote:
On Mon, Nov 06, 2006 at 09:49:07AM -0700, Darrin Chandler wrote:
Greg Mortensen wrote:
On Sun, 5 Nov 2006, Darrin Chandler wrote:
Can you say what the irrelevant i386 machine is? Lots of difference
between a 90MHz PentiumI and a 3GHz Opteron, and I'd like to know
martin g wrote:
Hello all
Aprox. 2 weeks ago i posted a question titled web browsing to this list. It
was about how to setup NAT on my gateway so intranet computers can
access Internet.
The current situation is:
I have a obsd3.9 box connected to internet using ppp.conf, on the inside i
Johan Hedin wrote:
Hi
I need help with our IPSEC setup. We have an internal net
192.168.1.0/24. We have IPSEC to a customer on net 10.92.0.0/16.
However, they already used the 192.168.1.0 net, so the IPSEC tunnel is
to 10.84.230.0/28. I have set up 10.84.230.1 on the internal network
I have a pair of Sunfire x2100's I am trying to configure as vpn
routers to bridge between two Data Centres.
isakmpd - easy working
bridging - also easy
bridging over ipsec tunnel - surprisingly easy as well
The problem I am having is the one part that I
_assumed_ would be the easiest.
I can
I have a pair of Sunfire x2100's I am trying to configure as vpn
routers to bridge between two Data Centres.
isakmpd - easy working
bridging - also easy
bridging over ipsec tunnel - surprisingly easy as well
The problem I am having is the one part that I
_assumed_ would be the easiest.
I can
Kyle George wrote:
On Mon, 30 Oct 2006, Dag Richards wrote:
I can not seem to get more that ~43 megabytes per second through
the bge cards on these boxes. This is the unencrypted speed
with the cards attached by x-over cable or on a 2950 switch with only
these two boxes attached.
[snip]
Any
Sven Ingebrigt Ulland wrote:
We are about to deploy some fairly critical VPN functionality in our
network, and for that purpose we're considering using OpenBSD with
isakmp/ipsec. We've had a test setup running for some time now with
no problems, but I'm interested in hearing about your long-term
holger glaess wrote:
hi
i hope this list is the right one for my question .
i look for an funktion to limit the login by name AND ip range.
example.
root login ALLOW from www.xxx.yyy.zzz
deny from all
myname login ALLOW from all
deny from www.xxx.yyy.zzz
if there exist an feature /
Yes you can do that but, why gre tunnels instead of ipsec?
Gustavo Rios wrote:
I would like to configure a virtual network on multiple physical
location. So, i am seeking if it could be possible using gre tunnels.
Local private address address will be 10/8 and the gre network of
tunnels should
I am running two clusters using carp for network failover.
I use rsync every 15 minutes for the simple webapp which issues
x509 certs. A script runs on each node to check if it is
master if so it makes a crl, if not it pulls the directory hierarchy
from the master.
The other cluster does the
Nick Holland wrote:
knitti wrote:
On 8/7/06, Jens Mayer [EMAIL PROTECTED] wrote:
While the networking part can be handled by carp, I'm collecting
ideas on how
to keep the local file systems in synch - especially for ftp users
and the
mailinglist archives. The synchronization will be done
Webmaster Elaconta wrote:
I'm not looking forward to addressing the router to a different subnet
(and i know that would solve the problem) because our Internet-facing
servers are connected directly to that router in DMZ fashion (the router
forwards ports to them). The firewall is also connected
Stephen Bosch wrote:
Imagine the following scenario:
You have two VPN endpoints. One is an OpenBSD system running isakmpd and
pf, the other is a VPN concentrator from some vendor.
The OpenBSD already has other VPNs set up, all using the same internal
network. Renumbering isn't going to
1 - 100 of 128 matches
Mail list logo
