.
//mxb
to get a faster CPU for hmac and preferably AES-NI CPU.
Else you have to accept the slow link.
//mxb
On Apr 3, 2012, at 4:31 PM, Tony Sarendal wrote:
On Tue, Apr 3, 2012 at 3:41 PM, Jonathan Gray j...@jsg.id.au wrote:
On Tue, Apr 03, 2012 at 03:09:37PM +0200, Tony Sarendal wrote:
When testing new boxes with Intel E3-1270 cpu I don't see AES on the
cpu's
in dmesg.
Does this mean that the
On 04/16/2012 09:35 PM, Kostas Zorbadelos wrote:
Hello all,
if this has been discussed in the past, forgive my asking and please
point me to the archives. I am interested in building a server VPN
solution for a sensitive corporate LAN. The use case is travelling,
roaming users who just want a
On Apr 24, 2012, at 11:07 PM, jinhitmanBarracuda wrote:
If you could write an article for undeadly (or only some short notes)
on how you did this, it would be much appreciated. I'm sure there are
lots of people besides me that are interested in this topic.
+1
--
*There is no place
On 04/25/2012 11:52 AM, Mihai Popescu wrote:
Hi,
Nice article about Paris. Can someone point out what text editors are
open in that picture?
I don't want to start the old war about editors, I'm just interested
what other options are ...
Thanks.
I think it is Window Manager and
On May 2, 2012, at 1:02 PM, Kapetanakis Giannis wrote:
On 02/05/12 12:27, Peter Hessler wrote:
No, that is not what that feature does.
When pfsync starts any sort of bulk update, it will increase the carp
demotion counter which makes it refuse MASTER. Only when the bulk
update finishes (or
On 05/10/2012 09:14 AM, Garry Dolley wrote:
On Tue, May 08, 2012 at 07:58:30PM -0400, Simon Perreault wrote:
On 2012-05-08 19:08, Per-Olov Sjvholm wrote:
It says em1: watchdog timeout -- resetting
aol
I saw the same on an amd64 VPS from arpnetworks.com. Network was not
functional. Backed
to those sites than openbsd.org.
//mxb
Hi misc@,
looks like '/etc/rc.d/dhcpd restart' does not handle restart of 'pf table
handler', then dhcpd is configured to track
abandoned IP.
Any one have a work around?
P.S.
This is a 5.2-current.
//mxb
Hi misc@,
I have a pair of 5.2-current in failover setup.
On both ext-iface and int-iface are CARP'd.
This setup servers mostly as a firewall for internal machines, but also
as a OSPF-router.
OSPF runs on top of GRE on top of IPSec.
I have /29 net for external and thus the rest of IP not used
Tried to add those values into plain old isakmpd.conf?
I run 5.2-current and have those values in isakmpd.conf. Never seen
those messages and all works fine.
On 09/17/2012 09:30 PM, Christoph Leser wrote:
After updating to 5.2 current, I noticed, that incoming phase-1 requests get
drop due to
Yes you can, but the real hw has to support it as well.
On 09/18/2012 02:34 AM, S. Scott wrote:
Is it possible to use non-standard (1500) MTU on a trunk(4)
pseudo-interface or on the real em(4) interfaces that comprise the
trunk0 interface, or on the VLANs carried therein. We'd like to use
about, or are there other values that
should be set?
Thanks.
-Ursprüngliche Nachricht-
Von: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] Im Auftrag von mxb
Gesendet: Dienstag, 18. September 2012 09:43
An: misc@openbsd.org
Betreff: Re: isakmpd lifetime trouble
/etc/hostname.em0:
up mtu 9000
/etc/hostname.em1
up mtu 9000
/etc/hostname.trunk0
trunkproto lacp trunkport em0 trunkport em1 10.10.10.10 netmask
255.255.255.0 -inet6 mtu 9000
mtu 9000 in hostname.trunk0 probably not needed as it will get its'
correct mtu from em0.
//mxb
On 09/18/2012 10:04
You probably get NO_PROPOSAL_CHOSEN error?
From the info you gave, looks like Cisco-sides tries to talk AES_CBC
but your local side talks 3DES_CBC in Phase 1.
//mxb
On 10/01/2012 09:21 PM, Erwin Schliske wrote:
Hello,
I've set up an OpenBSD box as vpn gateway. The tunnel I have to establish
Great!
I'll push my management to place an order.
On 5 okt 2012, at 12:15, OpenBSD Europe m...@openbsdeurope.com wrote:
We will be making the shipment from Canada soon. If you would like your 5.2
on time we request the orders ASAP :-)
Thanks folks!
Any pics for the crowd? :)
On 12 okt 2012, at 16:08, Bob Beck b...@openbsd.org wrote:
new state of the art
data centre
by -32 to 0 (pfsync init)
carp: pfsync0 demoted group pfsync by -32 to 0 (pfsync init)
carp2: state transition: BACKUP - MASTER
carp3: state transition: BACKUP - MASTER
carp1: state transition: BACKUP - MASTER
//mxb
You should keep state, then pkts matching will also pass in/out.
On 13 okt 2012, at 17:19, Matt Morrow cmorrow...@gmail.com wrote:
pass in quick on $internal
pass out quick log on $external
+1
Done this by myself. Less hassle.
On 13 okt 2012, at 20:28, Bryan Irvine sparcta...@gmail.com wrote:
You will need some planning. Pf syntax changed quite a bit a couple
releases
back.
I'd consider backing up the files converting pf.conf to the new syntax and
doing a clean install of 5.2
Tried to play a bit with this setup?
Like, shutting down fw1 and see what happens?
Ping from client-side and tcpdump on both machines???
NO?! You should.
//mxb
On 15 okt 2012, at 11:33, Indunil Jayasooriya induni...@gmail.com wrote:
Hi list,
I configured CARP - Active/Active. ( Things work
I think this can be fixed by:
shell# cat /etc/isakmpd/isakmpd.conf
[General]
Listen-on= 1.2.3.4
I runs this setup in prod. It works. In my case 1.2.3.4 is a CARP:ed IP.
//mxb
On 19 okt 2012, at 20:10, Tyler Morgan tyl...@tradetech.net wrote:
isakmpd wants to use the IP from the real
I hope this ever can be updated or a real man page can show up.
I move from snap to snap and thus can not do it yet, until info is up2date.
Great work Yasuoka!
//maxim
On 26 okt 2012, at 18:49, Giovanni Bechis giova...@bigio.snb.it wrote:
YASUOKA Masahiko yasu...@yasuoka.net wrote:
Please
Hi misc@,
I have Dell R620 with PERC H310 with SSD attached to it.
However, geometry is not calculated thus I'm unable to install -current on it.
Any ideas how to solve this?
mfi0 at pci3 dev 0 function Symbios Logic MegaRAID SAS2008 rev: 0x03: apic 1
int 10
mfi0: PERC H310 Mini, firmware
Case closed.
I had to create a Virtual Disk and use it instead of using Physical Disk.
On 21 nov 2012, at 18:29, Otto Moerbeek o...@drijf.net wrote:
On Wed, Nov 21, 2012 at 05:31:39PM +0100, mxb wrote:
Hi misc@,
I have Dell R620 with PERC H310 with SSD attached to it.
However, geometry
Yes, it's not working.
I might have mixed up with fbsd.
My bad, sorry
//mxb
On 23 nov 2012, at 15:33, Janne Johansson icepic...@gmail.com wrote:
Can you show the output of ifconfig trunk0 after you have run this?
And uname -a since a moderately recent -current wont allow mtus 1500
when I
It's just a disk.
sd0 at scsibus0 targ 0 lun 0: ATA, INTEL SSDSA2CT04, 4PC1 SCSI3 0/direct
fixed naa.500151795956a9d6
sd0: 38166MB, 512 bytes/sector, 78165360 sectors, thin
On 17 dec 2012, at 09:32, Mayuresh Kathe mayur...@wolfman.devio.us wrote:
hello,
i'm running 5.2 (amd64) on my
Original by author?
Well rimed :)
On 21 dec 2012, at 17:22, Mayuresh Kathe mayur...@wolfman.devio.us wrote:
demons galore,
of the microsoft lore,
lurking in windows disks,
lying near my hard disks,
drawing my attention,
giving me too much tension,
how do i purge,
this crazy scourge?
:)
A good one!
Nice writing, Nick.
My favorite:
'course, most people are not thinking about the long-term health of the
company, but the short-term what can I stuff on my resume on my way out
the door before this blows up
//mxb
On 23 dec 2012, at 04:43, Nick Holland n...@holland
Any practical usage for this kind of hardware?
I don't see it. Maybe someone can explain it to me?
Sure, probably fun to port an OS other than GNU/Linux,
but what kind of duties OpenBSD ev. will do on it?
//mxb
On 30 dec 2012, at 23:00, Anders Arnholm and...@arnholm.se wrote:
Johan Beisser
Excuse me, but isn't it a sadomasochism to run all those stuff on this kind of
hardware?
On 31 dec 2012, at 01:45, Live user nots...@live.com wrote:
On 31/12/2012 1:32, Johan Ryberg wrote:
DNS, dhcp, firewall on a stick, vpn terminator.
Sure, it would be more easy if it had 2 interfaces
Because I don't see it handle pressure…..
Sure arcade and siri proxy are fun, but x86-based hw for those same tasks is
probably out there….
On 31 dec 2012, at 11:49, Brad Smith b...@comstyle.com wrote:
- Original message -
Excuse me, but isn't it a sadomasochism to run all those
) there is high-end x86-based hw just
waiting for the right man
with time to step in and get its drivers fixed.
And I'm not even talking about soon to be materialized ARM-based server
machines in pipe…..
//mxb
On 31 dec 2012, at 11:56, Brad Smith b...@comstyle.com wrote:
- Original message
USB2ETH will be Achilles' heel with this hw, as soon as you start pushing
pkts.
On 31 dec 2012, at 13:45, Loïc BLOT loic.b...@unix-experience.fr wrote:
That's the cheapest solution for homing firewall
Exactly!
Toys are known to not hold now a days, unless it is a expensive toy.
Even those has a questionable quality.
On 31 dec 2012, at 14:49, Mikkel C. Simonsen m...@post5.tele.dk wrote:
The Raspberry Pi is a nice toy, but it's still just a toy - in my opinion.
For in base dhcpd you should read manual for dhcpd.conf.
Else you can invoke it with some debug/verbose flag in order to get some output
regarding what it likes/dislikes in your dhcpd.conf.
On 31 dec 2012, at 16:19, Chris Smith obsd_m...@chrissmith.org wrote:
Maybe it's a problem due to
Hi misc@,
I'v got yet another panic.
This time, after applying Martin Pelikans' diff, catched a pointer.
However, machine never drops to ddb, even sysctl.conf says it should.
panic: mxt_enter: locking against myself, 0x80a2d540
kernel: privileged instruction fault trap, code=0
kernel:
48 for (; (*to = *from) != '\0'; ++from, ++to);
49 return(save);
50 }
(gdb) info locals
No locals.
(gdb) q
#
//mxb
I just was able to reproduce this with up to date kernel.
On 1 jan 2013, at 19:11, mxb m...@alumni.chalmers.se wrote:
Hi misc@,
I'v got yet another panic.
This time, after applying Martin Pelikans' diff, catched a pointer.
However, machine never drops to ddb, even sysctl.conf says
Yes, this sounds familiar.
On 2 jan 2013, at 14:37, Mark Felder f...@feld.me wrote:
Didn't the CARP protocol change between these releases? I don't think it's
compatible. I'm sure someone else will chime in with the details, but I
believe I remember reading this on the list.
I think if you put District, the you should change Oblast to Province.
//максим
On 2 jan 2013, at 23:47, jr...@openvistas.net wrote:
--- usr.bin/calendar/calendars/calendar.birthday Sun Oct 16 09:09:27 2011
+++ usr.bin/calendar/calendars/calendar.birthday.new Wed Jan 2 15:41:39 2013
Sorry for the noise. I think I'v found the problem.
On 1 jan 2013, at 23:54, mxb m...@alumni.chalmers.se wrote:
I just was able to reproduce this with up to date kernel.
On 1 jan 2013, at 19:11, mxb m...@alumni.chalmers.se wrote:
Hi misc@,
I'v got yet another panic.
This time
on external and internal sides of fw2.
CARP for internal network on fw1.
Side note is that I noticed drastic speed drop just before system goes in panic.
Normally I have decent speed between two networks, e.g. transfers from clients
on network2 to client on network1.
Any ideas?
//mxb
On 3 jan
/amd64/compile/GENERIC.MP
On 3 jan 2013, at 20:15, mxb m...@alumni.chalmers.se wrote:
Now, after several tests I can state that problem is there.
I made sure that /usr/src is clean and up to date (I had Hennings diffs on
test).
The stock -current kernel crashes with this behavior, eg. panic
Try it out by yourself on VMWare ESX.
Setups I'm aware of require a stack of two switches, then this will work fine.
On 3 jan 2013, at 21:46, Friedrich Locke friedrich.lo...@gmail.com wrote:
Hi folks!
What happens if i have a trunk(loadbalance) interface setted for 2 physical
interfaces
- MASTER
carp4: state transition: BACKUP - MASTER
carp1: state transition: BACKUP - MASTER
On 3 jan 2013, at 20:48, mxb m...@alumni.chalmers.se wrote:
Here is an older kernel which seems to die the same way.
I actually can not see mtx_enter-loop, but I trigger crash the same way.
Remote console via
Hi,
this is what I get then I compile -current with
makeoptions DEBUG=-g # compile full symbol table
makeoptions PROF=-pg # build profiled kernel
ld -Ttext 0x801001e0 -e start --warn-common -nopie -X -o bsd
${SYSTEM_HEAD} vers.o ${OBJS}
smc93cx6.o(.text+0x12): In
bsd.gdb just freezes and tells nothing at all.
after 5min of waiting for it to drop into ddb, I made power cycle.
On 3 jan 2013, at 22:31, mxb m...@alumni.chalmers.se wrote:
Now, the -current SP kernel, while triggering, has a better speed and dies a
bit later with:
kernel: type
scp from within internal network (network2) does not trigger this panic, eg.
client_on_network2# scp fw2.int_ip:/bsd .
On 3 jan 2013, at 20:15, mxb m...@alumni.chalmers.se wrote:
client does 'scp fw2.network2_ip:/bsd .' - results in panic.
client does 'scp fw2.public_ip:/bsd .' - all fine.
Users normally send diffs with applied ID's to tech@.
Else you can wait until someone else does this for you.
You might want to send your dmesg to dmesg(at)openbsd.org, then someone else
will take a look at it. :)
Regards,
Maxim
On 4 jan 2013, at 19:01, Mike Williams ob...@eandem.co.uk wrote:
TO_HQ
!/sbin/ifconfig gre0 inet 10.10.3.1 10.10.0.3 netmask 255.255.255.255 -inet6
link0 up
The only way(seems to be) to fix this is to
/etc/rc.d/ospfd stop
sh /etc/netstart gre0
/etc/rc.d/ospfd start
//mxb
I'd start isakmpd in foreground mode(read verbose mode) and see what it prints
out, while iPad tries to connect to it.
On 15 jan 2013, at 20:35, Ted Wynnychenko ted@comcast.net wrote:
Hello
This may be off topic, since I don't think it's an openbsd issue, but
(honestly) I have run out
Take a step back and ever disable PF or put pass keep state (e.g. simple
rules) and see if you can reproduce this problem.
//mxb
On 14 jan 2013, at 21:38, Атанас Владимиров don.na...@gmail.com wrote:
Hi,
Today I upgraded to 11.01.2013 snapshot and I'm still get the same error.
I have
Those panics seems to be related to GRE.
I switched from using gre to gif and was unable to reproduce this panic.
On 4 jan 2013, at 00:01, mxb m...@alumni.chalmers.se wrote:
scp from within internal network (network2) does not trigger this panic,
eg.
client_on_network2# scp fw2.int_ip:/bsd
Yasuoka forgot to commit his fix.
I have it working.
//maxim
On 30 jan 2013, at 11:54, Robert Blacquiere open...@blacquiere.nl wrote:
Hi,
I run in to a issue using npppd with radius. It look to me the parsing
of radius port info is not working.
I have: authentication section:
vmnet2 works fine too.
On 5 feb 2013, at 16:14, Reyk Floeter r...@openbsd.org wrote:
On Tue, Feb 05, 2013 at 07:19:02AM -0500, Nick Holland wrote:
Take a physical machine, disk image it, drop it on vmware, boot single
user, mount root partition, rename hostname.whatever0 to hostname.em0,
I think this is on TODO-list. This is why npppd considered to be not ready
and thus not linked to build.
//mxb
On 17 feb 2013, at 16:32, Stuart McMurray kd5...@gmail.com wrote:
Hi all,
I'm having a bit of trouble getting l2tp working from behind a firewall.
Here's the setup:
OpenBSD
What about 5.2? Same issues?
//mxb
On 7 mar 2013, at 11:36, lilit-aibolit lilit-aibo...@mail.ru wrote:
On 11/09/2011 10:27 PM, Jussi Peltola wrote:
You can ignore the clueless parts in my previous message :)
I can set up remote access to one of these machines if needed.
This made
Yes, it's much better.
I currently have several 5.2-current (post 5.2-rel ) machines with em(4)
without any problems regarding em(4).
5.0 is EOL.
On 7 mar 2013, at 13:09, Kenneth R Westerback kwesterb...@rogers.com wrote:
On Thu, Mar 07, 2013 at 12:10:08PM +0100, mxb wrote:
What about 5.2
interface trunk0 { metric 5 }
#LAN
interface carp1 { passive }
# ANYCAST
interface lo1 { metric 5 }
}
pfsync0: flags=41UP,RUNNING mtu 1500
priority: 0
pfsync: syncdev: trunk0 maxupd: 128 defer: on
groups: carp pfsync
//mxb
Looks like multicast packets never show up on gif.
I see those packets on enc0 on both sides.
However, on one side they never show up on gif!
Any ideas?
The problematic side has currently set skip on enc0 and pass all on gif
in pf.conf .
Both sides run OpenBSD 5.3.
//mxb
On 28 mar 2013
The solution seems to be is to run on top of vether(4).
On 3 apr 2013, at 22:54, mxb m...@alumni.chalmers.se wrote:
Looks like multicast packets never show up on gif.
I see those packets on enc0 on both sides.
However, on one side they never show up on gif!
Any ideas?
The problematic
traffic - it's all OK.
Any ideas?
//mxb
script
/etc/check_web.sh
forward to web_fallback port $int_httpport mode least-states check
http / code 200
}
pfctl -a 'relayd/*' -sr reports only rules for default main pool (webpool)
Any thoughts?
//mxb
not a sound of any slow queries because of segfaulted BIND-slave.
//mxb
On 19 apr 2013, at 16:36, Kostas Zorbadelos kzo...@otenet.gr wrote:
Hello all,
quite a few months ago I had evaluated OpenBSD for a large scale anycast
DNS resolving setup:
http://marc.info/?l=openbsd-miscm=133828399728289w=2
From mine point of view, OpenBSD is a stable OS (even some aged snapshots).
I don't put any performance pressure on it. I just want services to be STABLE.
If I want STABLE, I replace Linux or any other with OpenBSD.
//mxb
On 19 apr 2013, at 20:22, Kostas Zorbadelos kzo...@otenet.gr wrote:
mxb
for
your turn (or you solve it other way by yourself).
If you want it right - you have to do it yourself.
P.S.S.
No offense. It's just how it works in real world - you DO it yourself or you
don't.
//mxb
On 19 apr 2013, at 21:57, Kostas Zorbadelos kzo...@otenet.gr wrote:
mxb m...@alumni.chalmers.se
might be up, but his does not means that we are ready to accept
any clients yet
//mxb
On 16 apr 2013, at 19:50, mxb m...@alumni.chalmers.se wrote:
Hello list,
I currently have active-active CARP of two nodes with relayd and relayd(pf)
stops forwarding packets if I do a large file download
Have you tried to use jumbo frames (MTU 9000) on both client and server?
(If it is possible in your environment).
//mxb
On 22 apr 2013, at 14:46, Mattieu Baptiste mattie...@gmail.com wrote:
Hi,
I'm currently trying to access files from my OpenBSD -current/amd64
workstation on a NAS under
…..
srcid $local_gw
//mxb
On 24 apr 2013, at 20:33, R0me0 *** knight@gmail.com wrote:
Hello misc,
A couple of days, I'm fighting with OpenBSD+Ipsec+sasyncd.
I searching at google and misc, read the man pages and I do a review of
configurations many times to do work something that apparently
Then there is also a question regarding how quick your CARP will fail over, eg.
what is your advskew on the backup node?
On 24 apr 2013, at 22:30, mxb m...@alumni.chalmers.se wrote:
I'd start by looking at sasyncd and if it actually works.
If it works 'netstat -rn' should show flows
Why don't you run npppd directly on OBSD FW (192.168.21.233) ?
On 25 apr 2013, at 09:49, Bastien Ceriani bastien.ceri...@bulkypix.com wrote:
Hello,
I'm currently discovering NPPPD daemon and L2TP\Ipsec VPN.
My VPN server is in a DMZ an run with OpenBSD 5.3.
Client (192.168.1.137) -
.
On 25 apr 2013, at 13:16, R0me0 *** knight@gmail.com wrote:
mxb - my em's not have any ip only inside hostname.emX up
my advskew is 100 on backup node
2013/4/24 mxb m...@alumni.chalmers.se
Then there is also a question regarding how quick your CARP will fail over,
eg. what is your
2013, at 14:36, Bastien Ceriani bastien.ceri...@bulkypix.com
wrote:
Hi,
My boss asked me to do like that.
But VPN requests will not decrease router performances ?
On Thu, Apr 25, 2013 at 11:54 AM, mxb m...@alumni.chalmers.se wrote:
Why don't you run npppd directly on OBSD FW (192.168.21.233) ?
This might be the case, but man page does not states so :)
On 25 apr 2013, at 14:42, R0me0 *** knight@gmail.com wrote:
I think that this is not needed :)
2013/4/25 mxb m...@alumni.chalmers.se
According to the carp(4):
Assume that host A is the preferred master and 192.168.1.x/24
instead, anchor is not created.
relayctl does not displays this relay in 'relayctl sh su'.
'relayd -n' tells that config is OK.
The question is if this is a normal behavior or is this a bug?
//mxb
.
//mxb
Quagga might have more features (which you probably don't need at all),
but I find it difficult to work with than OpenOSPFD.
1. Configuration in at least two files
2. In order to reload config or to check out state you have to telnet to
quagga. E.g. no ospfctl
//mxb
On 16 maj 2013, at 17:16
Not sure HOW you bought it,
but if you buy from official places - you get what you paid for.
I have.
//mxb
On 17 maj 2013, at 19:42, Salim Shaw salims...@vfemail.net wrote:
Perhaps someone could direct me to the appropriate person to answer
questions regarding my unfulfilled order request
Try openbsdeurope.com next time. I already got mine. Last week.
//mxb
On 21 maj 2013, at 19:26, Peter J. Philipp p...@centroid.eu wrote:
I ordered my CD through a german bookstore that is listed at
www.openbsd.org/orders.html. Only it's now the 21st of May and my computers
have all been
Tried to tag pkts on $int_if ? Eg
match in on $if_int from ($if_int:network) to $pbx_net tag PBX
//mxb
On 11 jun 2013, at 14:38, Rogier Krieger rkrie...@gmail.com wrote:
A kind soul (thank you) suggested I add the following to my ruleset:
pass quick on enc0 proto ipencap
Unfortunately
.
On 11 jun 2013, at 15:37, Rogier Krieger rkrie...@gmail.com wrote:
On Tue, Jun 11, 2013 at 3:26 PM, mxb m...@alumni.chalmers.se wrote:
Tried to tag pkts on $int_if ? Eg
match in on $if_int from ($if_int:network) to $pbx_net tag PBX
Yes and that works. But shouldn't it already
Can you, please, send output from netstat -m , pfctl -si and pfctl -sm.
On 10 jun 2013, at 23:20, Jason Wong wong.jaso...@yahoo.com wrote:
Been having some strange issues with a system recently upgraded to 5.3.
Previously this computer was running OpenBSD 5.1, and was rock solid with
close to
From: mxb m...@alumni.chalmers.se
To: Jason Wong wong.jaso...@yahoo.com
Cc: misc@openbsd.org misc@openbsd.org
Sent: Tuesday, June 11, 2013 4:40 PM
Subject: Re: intermittent network failures with openbsd 5.3
Can you, please, send output from netstat -m , pfctl -si and pfctl
-sm.
On 10 jun
I strongly recommend to read this
http://undeadly.org/cgi?action=articlesid=20060927091645
On 11 jun 2013, at 23:27, mxb m...@alumni.chalmers.se wrote:
Now, you see:
current entries 9980
but
stateshard limit1
You machine was unable to insert
I benefit from it as well :)
Using vether with ospfd on top of it is fare more stable than using gre or
plain gif.
On 12 jun 2013, at 11:17, Jiri B ji...@devio.us wrote:
vether(4) was developed for Theo's
needs to have better connection to his basement
either this message is acknowledged by another system, or a timeout has
expired. This behaviour is enabled with the defer parameter to
ifconfig(8).
…
Eg. defer: on, yours is off.
//mxb
On 2 jul 2013, at 21:54, Loïc BLOT loic.b...@unix-experience.fr wrote:
Hi all
I have
:)
--
Best regards,
Loc BLOT,
UNIX systems, security and network expert
http://www.unix-experience.fr
Le mercredi 03 juillet 2013 02:02 +0200, mxb a crit :
pfsync(4) explains this:
The pfsync interface will attempt to collapse multiple state updates
into
a single packet where
Sure it syncs, but
node1 has completely different IP addresses than node2(both external and
internal ??), if no CARP.
So storing states from node1, which passes/initiated connection to ftp.fr , on
node2 does not help.
In your case, you'd probably to decide to ever have MASTER-BACKUP or to have
States ARE synced.
IPs are not the same on node1 and node2 for external. The you initiated
connection to ftp.fr, you done it via node1 with its external IP. On node2
those packets will be DROPPED as those do not belong to external NIC on node2
(IP)
On 3 jul 2013, at 17:16, Loïc Blot
I use OSPFd on each OpenSBD firewall I deploy.
This way you get access to all machines on the remote LAN, including firewall
itself.
and you don't have to maintain routing manually.
//mxb
On 4 jul 2013, at 16:25, Andy a...@brandwatch.com wrote:
On Thu 04 Jul 2013 15:22:55 BST, Anders Berggren
take
simpler approach to donate my hw and test time.
But there are bug to be FIXED
//mxb
On 4 jul 2013, at 20:07, Henning Brauer lists-open...@bsws.de wrote:
* mxb m...@alumni.chalmers.se [2013-07-03 17:33]:
States ARE synced.
IPs are not the same on node1 and node2 for external. The you
You might want to pull in 5.4-current instead.
One you have is not that current any more. :)
On 7 aug 2013, at 16:26, Maxim Khitrov m...@mxcrypt.com wrote:
Hi all,
I'm looking for performance measuring and tuning advice for 10 gigabit
Ethernet. I have a pair of Lanner FW-8865 systems that
, then you'll have to
divide this number with 2(avrg. and not precise number).
So, per port on X540-T2, you have maximum 3Gbit/s. in theory, if both ports
used and have avrg. the same amount of traffic.
if not both - 6Gbit/s
Correct me if I'm wrong.
//mxb
On 9 aug 2013, at 03:35, John Jasen jja
Hello list,
how safe is it to rise limits in relayd.h?
#define RELAY_MAX_SESSIONS 1024
#define RELAY_MAXPROC 32
#define RELAY_MAXHOSTS 32
Discarded. :)
On 10 sep 2013, at 12:13, mxb m...@alumni.chalmers.se wrote:
Hello list,
how safe is it to rise limits in relayd.h?
#define RELAY_MAX_SESSIONS1024
#define RELAY_MAXPROC 32
#define RELAY_MAXHOSTS32
It is possible to achieve this via pf.conf.
Sorry, no example, as this was done long time ago and for testing only.
On 16 sep 2013, at 12:55, Christoph Leser le...@sup-logistik.de wrote:
Hello,
with ipsecctl I can configure outgoing address translation in ipsec.conf
like this:
As you can see, this setup works without any patch.
I tested to remove lo1 and see if routes to carped nets disappear. No luck.
Routes are there.
//mxb
On 24 sep 2013, at 11:08, Kapetanakis Giannis bil...@edu.physics.uoc.gr wrote:
On 24/09/13 12:02, Kapetanakis Giannis wrote:
Without this patch
As naddy@ answered this already for ipsec outgoing address translation
question on this list,
'ipsecctl -nv' is the right way to go.
//mxb
On 26 sep 2013, at 18:04, Daniel Polak dan...@sys.nl wrote:
On a computer running OpenBSD 5.3 system I am migrating from an isakmpd.conf
based
1 - 100 of 192 matches
Mail list logo