Re: npppd ipsec port 500 INVALID_MESSAGE_ID

[Швецов Михаил]

Thanks for your guide.
But my truble is:
1. isp lan - i get IP by dhclient(ip + default route + dns)
2. I have global ip, but this is not working. In ifconfig i cant see my 
global ip.(((


How setup /etc/ipsec.conf with dhclient with global IP???

04.10.2014 18:54, Zhi-Qiang Lei пишет:

On Oct 4, 2014, at 5:51 PM, mishve...@rambler.ru wrote:


I have OpenBSD 5.4 amd64. I install npppd and configure IPSec(l2tp +
password).

LAN 192.168.1.1/255.255.255.0

WAN(ISP NET; Connect by MAC ddress) 10.0.0.1/255.0.0.0

ISP GET ME GLOBAL IP SERVER1-Openbsd - 1.2.3.4

WIN 2003 SERVER2 IP - 9.8.7.6

WIN 2003 SERVER3 IP - 192.168.1.100

When server boot

# cat /etc/hostname.em0

inet 192.168.1.1 255.255.255.0

# ifconfig em0

em0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500

priority: 0

media: Ethernet autoselect (100baseTX full-duplex,rxpause,txpause)

status: active

inet 192.168.1.1 netmask 0xff00 broadcast 192.168.1.255

# cat /etc/hostname.re0

dhcp

# ifconfig re0

re0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500

priority: 0

groups: egress

media: Ethernet autoselect (100baseTX full-duplex,rxpause,txpause)

status: active

inet 10.200.81.220 netmask 0xf000 broadcast 10.200.95.255

# route show

Routing tables

Internet:

Destination Gateway Flags Refs Use Mtu Prio Iface

default 10.200.80.1 UGS 6 1439 - 8 re0

10.200.80/20 link#2 UC 1 0 - 4 re0

10.200.80.1 28:6e:d4:6e:0a:e1 UHLc 1 0 - 4 re0

10.200.81.220 localhost UGS 0 0 33144 8 lo0

loopback localhost UGRS 0 0 33144 8 lo0

localhost localhost UH 2 35 33144 4 lo0

192.168.1/24 link#1 UC 2 0 - 4 em0

192.168.1.67 00:1a:13:18:b3:7c UHLc 0 0 - 4 em0

192.168.1.255 link#1 UHLc 3 43 - 4 em0

BASE-ADDRESS.MCAST localhost URS 0 0 33144 8 lo0

# cat /etc/resolv.conf

# Generated by re0 dhclient

search smilenet.ru

nameserver 10.0.1.24

nameserver 10.0.1.13

 From LAN i connect win server 192.168.1.100 to 192.168.1.1.

 From internet i can't connect win server 9.8.7.6 to 1.2.3.4

# cat /etc/ipsec.conf

ike passive esp transport proto udp from 192.168.1.1 to 192.168.1.100 port
1701
main auth hmac-sha1 enc 3des group modp2048 quick auth hmac-sha1 enc
3des
psk pass

ike passive esp transport proto udp from 10.200.81.220 to 9.8.7.6 port 1701
main
auth hmac-sha1 enc 3des group modp2048 quick auth hmac-sha1 enc 3des
psk
pass

ike passive esp transport proto udp from 1.2.3.4 to 9.8.7.6 port 1701 main
auth
hmac-sha1 enc 3des group modp2048 quick auth hmac-sha1 enc 3des psk
pass

# tail /var/log/daemon

isakmpd: message_recv: invalid message id

isakmpd: dropped message from 9.8.7.6 port 500 due to notification type
INVALID_MESSAGE_ID

Please help me connect server2 9.8.7.6 to 1.2.3.4


L2TP over IPsec on OpenBSD 5.5 is very easy for me, you may read my guide.

http://siegfried.github.io/unix/openbsd/vpn/ipsec/l2tp/2014/09/29/l2tp-over-ipsec-vpn-on-openbsd-5-5/

pf+voip

[Швецов Михаил]

Does pf have specific rules for voip, may be example of working pf_rule 
with voip?


Because for «standart rules» i have problems with voip.

set skip on lo

match out on pppoe0 from { em1:network } nat-to (pppoe0)

block

pass out

pass in on { em1 }

- after hanging up, the line near 3 minutes still busy (may be keep 
state set to no state in rules)


- badly hear person on the phone (quiet)

slow qemu openbsd

[Швецов Михаил]

Maybe I'm doing something wrong. Please help me.

I install openbsd 5.5 i386 and qemu-1.7.0 from packages.

qemu-img create -f qcow2 /vm/qcow2.img 10G

qemu-system-i386 -name qcow2 -nodefaults -m 512 -hda /mnt/ qcow2.img 
-cdrom /obraz/install55.iso -net nic -net 
tap,ifname=tun1,script=no,downscript=no -boot once=d -display 
vnc=0.0.0.0:1 -monitor vc -vga cirrus

qemu-img create -f raw /vm/raw.img 10G

qemu-system-i386 -name raw -nodefaults -m 512 -hda /mnt/raw.img -cdrom 
/obraz/install55.iso -net nic -net 
tap,ifname=tun2,script=no,downscript=no -boot once=d -display 
vnc=0.0.0.0:2 -monitor vc -vga cirrus

QCOW2 works slower RAW, and RAW works slower host machine. I think that 
disc is the weakest link.

I try set -hda /dev/rwd3c (disk itself – not system(wd0)) – but nothing 
changed.

What I may do to work VM QEMU faster???