To echo the other replies, I highly suggest OpenVPN as well.
Both isakmpd and openvpn recommend using digital certs to control
access.
Openvpn also has the auth-user-pass-verify switch which calls a
script/app to do additional authentication. Think poor-man's 2-phase
authentication: have
Granted I'm running 3.6 but I have a setup very similar to you.
The external NATs of the servers are not in the natpool30 (1.2.3.0/30)
network.
In my experience, any protocols where the server will generate a
separate connection back to the client (like ftp) will not work with NAT
pools.
#Port
When using 3com NICs (aka xl's) in a trunk, the trunk interface will not
be defined after a system reboot.
I'm thinking this is because the /etc/netstart script considers trunk
interfaces to be normal/real interfaces vs. a virtual interface that
need to created until after all real interfaces are
Under the Tables section in the pf.conf(5) man page, it is indicated
that tables can be created with a valid interface group. I'm taking
this to mean I can do the following:
table all-of-my-vlans { vlan }
or better yet:
table outside { egress }
but when loading up the ruleset or even trying
: DS-1 integrated Yamaha OPL3
mpu at yds0 not configured
mpu at yds0 not configured
mpu at yds0 not configured
mpu at yds0 not configured
On Fri, 2005-10-07 at 14:30 -0600, Ryan Puckett wrote:
Under the Tables section in the pf.conf(5) man page, it is indicated
that tables can be created
I did it by specifying each net-to-net connection. I need to look at
the new 3.8 Ipsec tools to see if I can clean this up.
Another example (and the one I initially referenced) can be found
in /usr/share/ipsec/isakmpd/VPN-3way-template.conf .
(isakmpd via OBSD 3.6):
[Phase 1]
1.2.3.4=
6 matches
Mail list logo
