promiscuous mode
Hello all, I've looked over the ifconfig man page and can't find a way to set a specific interface to PROMISC mode on 4.4, for example: vr0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 Here's another example of that this possible: sis0: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST mtu 1500 Is there a way to set the flags to PROMISC for an interface? A good reference would work. Ciao for now,
Re: promiscuous mode
Thanks, tcpdump does it alright, but I'd like to have promiscuous mode on without running tcpdump in the background if possible. (I'll take this as a learning moment otherwise.) I'm trying to use the first vr[0-3] interfaces like an L2 switch in this case. -Original Message- From: Ted Unangst ted.unan...@gmail.com Sent: May 19, 2009 3:18 PM To: Fortunato fortunato.montre...@earthlink.net Cc: misc@openbsd.org Subject: Re: promiscuous mode On Tue, May 19, 2009 at 2:51 PM, Fortunato fortunato.montre...@earthlink.net wrote: Hello all, I've looked over the ifconfig man page and can't find a way to set a specific interface to PROMISC mode on 4.4, for example: ifconfig can't be used to set an interface to promiscuous. You can use something like tcpdump.
Re: promiscuous mode
Grazie, For some reason when I put all the vr interfaces in the bridge at first, there was no forwarding. (I did not verify nor know about the PROMISC settings at the time.) After much tinkering, it works and brconfig does set the interfaces on PROMISC. Thanks to all, -Original Message- From: Matthew Dempsky matt...@dempsky.org Sent: May 19, 2009 4:21 PM To: Fortunato fortunato.montre...@earthlink.net Cc: misc@openbsd.org Subject: Re: promiscuous mode On Tue, May 19, 2009 at 1:03 PM, Fortunato fortunato.montre...@earthlink.net wrote: Thanks, tcpdump does it alright, but I'd like to have promiscuous mode on without running tcpdump in the background if possible. The interfaces are put into promiscuous mode automatically when there's something that needs them to be. Otherwise, it's a waste of CPU time to receive packets that the network stack is simply going to otherwise discard. I'm trying to use the first vr[0-3] interfaces like an L2 switch in this case. It sounds like you want to setup a bridge(4). Check the bridgename.if and brconfig man pages.
Re: Help with PKG_PATH=
Newbie slap to head - D'OH! I'm gonna have to memorize the standard package: http://www.openbsd.org/faq/faq1.html#Included Dankeschoen... -Original Message- From: Mike Erdely m...@erdelynet.com Sent: May 14, 2009 1:59 PM To: Fortunato fortunato.montre...@earthlink.net Cc: misc@openbsd.org Subject: Re: Help with PKG_PATH= On Thu, May 14, 2009 at 01:39:13PM -0700, Fortunato wrote: # pwd /root/Desktop # ls -l openbgpd-4.4.1.tgz -rw-r--r-- 1 root wheel 163070 May 13 18:08 openbgpd-4.4.1.tgz # export PKG_PATH=/root/Desktop # pkg_add openbgpd-4.4.1.tgz Can't find openbgpd-4.4.1.tgz /usr/sbin/pkg_add: openbgpd-4.4.1.tgz:Fatal error openbgpd is not a package. It's included in the base operating system (assuming you're running OpenBSD). $ which bgpd /usr/sbin/bgpd -ME
Re: vstr string library
If I knew enough on how to port stongSwan, I would - but I'm not a developer much less a C programmer. (make is like sominex to me) hearsay Andreas Steffen from strongSwan mentioned that support for printf hooks (%N, %H, etc.) is required, and since BSD doesn't do this - the vstr string library is required instead. Either way, the strongSwan team is busy porting strongSwan to *BSD. Rumour is that the current svn version could possibly work with FreeBSD but they are still trying to solve some problems with OpenBSD. /hearsay Ciao, -Original Message- From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of Stuart Henderson Sent: Tuesday, May 05, 2009 3:45 AM To: misc@openbsd.org Subject: Re: vstr string library On 2009-05-05, Fortunato fortunato.montre...@earthlink.net wrote: Thanks. I tried to compile the strongSwan source and came to screeching halt on this error message. checking for main in -lvstr... no configure: error: Vstr string library not found Just as an FYI, this is to test some IKEv2 features. Looks like you can use glibc instead. Are you planning on porting it to work with our ipsec stack?
configuration of switch ports
Hello misc, Could someone point me towards the conf file (or docs) that sets up ports as switch ports? Thanks,
vstr string library
Hello, Could someone please let me know if the vstr string library is available under a specific OpenBSD lib package? Tks
Re: vstr string library
Thanks. I tried to compile the strongSwan source and came to screeching halt on this error message. checking for main in -lvstr... no configure: error: Vstr string library not found Just as an FYI, this is to test some IKEv2 features. Ciao, -Original Message- From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of Stuart Henderson Sent: Monday, May 04, 2009 4:04 PM To: misc@openbsd.org Subject: Re: vstr string library On 2009-05-04, Fortunato fortunato.montre...@earthlink.net wrote: Hello, Could someone please let me know if the vstr string library is available under a specific OpenBSD lib package? Tks Not at the moment. The most likely reason it would be added is if there's some other software that somebody is particularly interested in that requires it.
Re: AH+ESP and IPv6
Hello again, I was hoping to avoid a discussion on the merits of AH versus ESP. ESP does provide authentication but in the context of of integrity check value for the IPv6 payload not the IPv6 header. Additionally from what I've read ESP authentication optional, therefore my follow up question is, Is there a way to turn off optional ESP authentication in OpenBSD? But back to my original question. One of the requirements we have is to use both AH and ESP. Is there a way to this in OpenBSD? We got another OSs to use both AH and ESP, but I'd personally like to get OpenBSD involved in a more the heterogeneous testbed. Cheers, -Original Message- From: t...@fries.net Sent: Jan 2, 2009 11:36 AM To: Felipe Alfaro Solana felipe.alf...@gmail.com Cc: fortunato.montre...@earthlink.net, misc@openbsd.org Subject: Re: AH+ESP and IPv6 If ESP does not decrypt, the payload is invalid. Adding AH adds no further functionality other than to thwart any attempts at NAT. -- Todd Fries .. t...@fries.net _ | \ 1.636.410.0632 (voice) | Free Daemon Consulting, LLC \ 1.405.227.9094 (voice) | http://FreeDaemonConsulting.com \ 1.866.792.3418 (FAX) | ..in support of free software solutions. \ 250797 (FWD) | \ \\ 37E7 D3EB 74D0 8D66 A68D B866 0326 204E 3F42 004A http://todd.fries.net/pgp.txt Penned by Felipe Alfaro Solana on 20090102 20:29.56, we have: | On Fri, Jan 2, 2009 at 7:52 PM, Todd T. Fries t...@fries.net wrote: | | The other answer is, ESP provides AH, therefore AH is deprecated. | | | What do you mean? That OpenBSD's implementation of ESP automatically uses AH | too? (payload inside AH inside ESP?) Because ESP only provides | authentication for the payload only but not for the IP header. That's why AH | is useful. | | Unless you really really want to play with AH to verify it works and such | (which the below suggests it does not) ... | -- | Todd Fries .. t...@fries.net | | _ | | \ 1.636.410.0632 (voice) | | Free Daemon Consulting, LLC \ 1.405.227.9094 (voice) | | http://FreeDaemonConsulting.com \ 1.866.792.3418 (FAX) | | ..in support of free software solutions. \ 250797 (FWD) | | \ | \\ | | 37E7 D3EB 74D0 8D66 A68D B866 0326 204E 3F42 004A | http://todd.fries.net/pgp.txt | | Penned by Felipe Alfaro Solana on 20090102 17:38.51, we have: | | On Tue, Dec 30, 2008 at 9:29 PM, fortunato.montre...@earthlink.net | wrote: | | | | I'm trying to use both AH and ESP to setup IPsec using Transport mode | | between two IPv6 OpenBSD 4.4 hosts. | | | | So far it worked for AH Transport mode or ESP Transport mode but I | don't | | quite know how to do both AH and ESP. Any ideas? | | | | Here's a snippet from /etc/ipsec.conf : | | | | ike esp transport from 2001::10 to 2001::5 psk secret | | | | The tried the following (and vice versa - ah vice esp). | | | | ike esp transport from 2001::10 to 2001::5 psk secret | | flow ah from 2001::10 to 2001::5 | | | | I'm not sure either. | | | | Since you can apply ESP then AH, or apply AH and then ESP (depending on | | what's more important for you, the digital signature or the encryption) | it's | | not obvious to me how to do it. | | | | -- | | http://www.felipe-alfaro.org/blog/disclaimer/ | | | | | -- | http://www.felipe-alfaro.org/blog/disclaimer/
AH+ESP and IPv6
I'm trying to use both AH and ESP to setup IPsec using Transport mode between two IPv6 OpenBSD 4.4 hosts. So far it worked for AH Transport mode or ESP Transport mode but I don't quite know how to do both AH and ESP. Any ideas? Here's a snippet from /etc/ipsec.conf : ike esp transport from 2001::10 to 2001::5 psk secret The tried the following (and vice versa - ah vice esp). ike esp transport from 2001::10 to 2001::5 psk secret flow ah from 2001::10 to 2001::5