Hello misc,
I'm having problems with two IPsec tunnels from two different peers
behind the same NAT, to the same responder. All hosts are running
OpenBSD 4.1, including the NAT:ing gateway. One peer can connect just
fine, but when the other tries to establish a tunnel (with a different
tunneled
On 8/17/07, stuart van Zee [EMAIL PROTECTED] wrote:
(snip original message)
Ok... my IPSEC foo is really not all that powerful so if anyone out there
finds me to be completely wrong, please point and laugh, but here is the
problem you are having as far as I understand it.
IPSec does not
through NAT gateways.
http://www.faqs.org/rfcs/rfc3948.html
http://publib.boulder.ibm.com/iseries/v5r2/ic2924/index.htm?info/rzaja/rzajaudpencap.htm
Michael
Martin Hedenfalk wrote:
Hello misc,
I'm having problems with two IPsec tunnels from two different peers
behind the same NAT
On 8/23/07, Christoph Leser [EMAIL PROTECTED] wrote:
Hello,
I tried ( and failed ) to set up an IPSEC Tunnel to a LANCOM VPN Router in a
somewhat special constellation:
main mode is ok
quick mode negotiated successfully and established the following flow:
# ipsecctl -s flow
flow esp in
Hello list,
Is anyone working on getting the gpio pins supported on the PCEngines
ALIX boards?
I'd like to be able to control the LEDs using gpioctl, just like on
the WRAP.
-martin
Hello all,
I have two questions:
1) What is the state of sasyncd in 3.8? (I'm currently running stable
without any patches). The only hint that there would be known bugs or
that sasyncd would be incomplete is this email:
http://archives.neohapsis.com/archives/openbsd/2005-10/1804.html.
2)
Hello misc,
I'm trying to delete individual tunnels with ipsecctl:
This is on the 4.1 snapshots from April 6.
# uname -a
OpenBSD localhost 4.1 GENERIC#1466 i386
First I delete the flows:
# ipsecctl -sf
flow esp in from 10.0.0.0/29 to 0.0.0.0/0 peer 192.168.5.12 srcid
[EMAIL PROTECTED] dstid
On 4/13/07, Claer [EMAIL PROTECTED] wrote:
On Thu, Apr 12 2007 at 19:14, Martin Hedenfalk wrote:
Hello misc,
Hello,
I'm trying to delete individual tunnels with ipsecctl:
This is on the 4.1 snapshots from April 6.
[...]
Then I try to delete the SAs:
# ipsecctl -ss
esp tunnel from
On 4/15/07, Bryan Vyhmeister [EMAIL PROTECTED] wrote:
On Apr 13, 2007, at 8:46 PM, Vijay Sankar wrote:
OpenBSD's sendmail, dovecot, and hastymail is a great solution, in my
opinion, for large or small networks. It allows you to support a
variety of clients very easily and with excellent
Hello list,
I've been bitten by a race condition in spamd. I've got a low-prio MX
configured as an MX trap with spamd -M:
bzero.se. 900 IN MX 10 mx.bzero.se.
bzero.se. 900 IN MX 99 mxtrap.bzero.se.
In the log below, a re-attempt at
3 feb 2008 kl. 11.33 skrev Markus Wernig:
Rephrasing: Is it possible to have multiple nat-t clients behind the
same NAT address connect to the same OBSD ipsec gateway? How?
Hi,
Yes it's possible, but isakmpd deletes all SAs from the same IP
address on an initial contact message.
I
Hi,
The real MTA is not involved here. What's important is that spamd
with the
low priority MX address active must see all the greylist changes for a
higher priority MX host for the same domains, either by being synchro-
nised with it, or by receiving the connections itself. (from the man
On 3/16/06, Steven S [EMAIL PROTECTED] wrote:
Are these messages normal for a carped pair of firewalls running isakmpd
with sasyncd (3.8-stable)?
This happened to me until I changed the default lifetimes in
isakmpd.conf. I have a road-runner setup, so exchanges are always
initiated by the
?
Thanks in advance
Martin Hedenfalk
Hello list,
I have a problem with an IPsec peer. My OpenBSD 4.1 responder (obsd in
the tcpdump below) doesn't reply to pings in the tunnel. The initiator
is an OpenBSD 4.1 appliance (not GENERIC kernel, but I don't think
that's the problem). There are two NATed hosts behind the peer-gw,
Hi,
We're trying to install OpenBSD on a HP ProLiant DL385 G5. But as
shown in the dmesg below, the RAID controller (HP Smart Array P400) is
not detected. According to the ciss(4) man page it should be supported.
Has anyone got OpenBSD to install on such a machine?
-martin
4 jun 2008 kl. 14.19 skrev Martin Hedenfalk:
Hi,
We're trying to install OpenBSD on a HP ProLiant DL385 G5. But as
shown in the dmesg below, the RAID controller (HP Smart Array P400)
is not detected. According to the ciss(4) man page it should be
supported.
Has anyone got OpenBSD
On 12/10/06, Otto Moerbeek [EMAIL PROTECTED] wrote:
On Sun, 10 Dec 2006, Alexander Farber wrote:
Hello Martin and others,
On 12/6/06, Martin Hedenfalk [EMAIL PROTECTED] wrote:
On 12/2/06, Alexander Farber [EMAIL PROTECTED] wrote:
IMHO it would be better, if ESC-p and ESC-n wouldn't
and implement it myself.
TIA
Martin Hedenfalk
On 1/17/07, Lars Hansson [EMAIL PROTECTED] wrote:
On Wednesday 17 January 2007 17:15, Martin Hedenfalk wrote:
Is there a nullconsole in OpenBSD, similar to the nullconsole in FreeBSD?
Not that I know but you could always set it to a non-existant tty (com1?), I
guess.
But that's not the problem
On 1/17/07, Lars Hansson [EMAIL PROTECTED] wrote:
On Wednesday 17 January 2007 19:39, Martin Hedenfalk wrote:
If it was possible to set the default console to nullconsole, ie
discarding all console I/O, what other part of the system would write
(directly) to pc0?
The BIOS messages
27 maj 2011 kl. 14.55 skrev Joel Carnat:
Hi,
Is there a way to tell ldapd(8) to write it's PID in /var/run ?
No. You can use 'pgrep ldapd' instead.
.martin
TIA,
Jo
13 nov 2009 kl. 15.35 skrev elias r.:
Hey out there!
I started thinking about improving my C-programming knowledge,
especially towards OpenBSD (and unix in general) -programming as
well as secure programming.
Does anyone have a hint which resources are worth reading (e.g.
which books
13 sep 2010 kl. 09.30 skrev Wilhelm:
Hi all,
I try to use ypldap with a userbase 1 entries. It stops (with
error!) after 1000 entries, because the ldap server is ADS and has a
page limit of 1000 entries.
So the question is: is there a newer ypldap that can handle paged results?
2 nov 2010 kl. 03.08 skrev Hugo Osvaldo Barrera:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
http://www.openbsd.org/cgi-bin/man.cgi?query=ldapd
Caveats says: ldapd does not fully work yet.
Is this outdated? Is there any place I can find out exactly what
DOESN'T work?
ldapd is not
3 nov 2010 kl. 18.19 skrev Ted Unangst:
Am I missing something, or is there no documentation for the schema
files? man ldapd.conf tells me I can include additional schema files
via the schema keyword, but nothing tells me what to put in those
files.
The syntax for schema definitions is
15 nov 2010 kl. 00.01 skrev Joel Carnat:
-Message initial-
@:Joel Carnat j...@carnat.net;
Cc: misc@openbsd.org;
De: Philip Guenther guent...@gmail.com
Envoyi: dim. 14-11-2010 02:25
Sujet:Re: ldapd and self-signed certificate
On Sat, Nov 13, 2010 at 12:02 PM,
2 dec 2010 kl. 00.36 skrev Keith:
I am trying to setup LDAPD but keep running into 'Base DN' issues. My
coluege managed to get OpenLDAP working on a linux server but as LDAPD is now
available for OBSD I am keen to switch to ldap servers before we start to
populate our directory. I've managed to
5 jan 2011 kl. 13.59 skrev Joel Carnat:
Greetings,
I would like to limit the access to my ldapd content.
I've read ldapd.conf(5) but there are bits I don't get.
The policy I would like to apply is:
(1) allow anyone to authenticate
(2) allow read access to all namespace by users that have
tor 2011-01-20 klockan 14:31 + skrev Timothy Legge:
Hello list!
I hope this message finds you all well.
Ive been spending some time today trying to figure out how to get NFS
working under OpenBSD with the shiny new LDAPD daemon.
As far as I can tell, I have LDAPD working as
15 aug 2012 kl. 01:20 skrev Joel Carnat j...@carnat.net:
Hi,
I've setup some RRDtool magic to graph ldapd(8) metrics (OpenBSD 5.1/i386).
Using `ldapctl stats`, I was expecting:
requests = search requests + bind requests + modify requests
But after a few ldapsearch/ldapadd/ldapdelete
11 dec 2012 kl. 11:40 skrev Joel Carnat j...@carnat.net:
Hello,
I want to achieve a Master / Slave replication with OpenBSD's shipped
ldapd(8).
Are there any native features to synchronize both instances (like openldap's
syncrepl) or do I have to script a bunch of
32 matches
Mail list logo