I have a vpn from a Windows machine to a network behind an OpenBSD router. It
was working fine until I upgraded the router to 6.9 (amd64).
The VPN is still coming up fine, but the traffic is blocked somehow. Using
tcpdump on the interface protected by the router (vlan0 in my case), I see the
On Sat, 28 Nov 2020 at 11:14, Sebastian Benoit wrote:
> route add -label FOOBAR 172.16.1.0/24 172.16.2.5
> route show -label FOOBAR
> I am only aware of these mechanisms to set labels on routes added by
> routing daemons:
> bgpd (rtlabel keyword in filter "set")
We are planning for migration from ripd to ospf, however both protocols
will need to work together as the migration rolls through.
I was looking at the 'redistribute rtlabel' option, even after digging into
the code, it is unclear how this would work to bring other dynamic routes
on the same
I am preparing a bug report but just wanted to flag an issue that I
discovered after a 6.3 to 6.4 uplift of an iked(8) endpoint.
We overlay vxlan(4) on top of iked(8) to provide seamless connectivity to
site offices. I have uplifted our test endpoint to 6.4 and discovered that
On Fri, 17 Aug 2018 at 11:48, David Gwynne wrote:
> On Thu, Aug 16, 2018 at 10:51:25AM +1000, Jason Tubnor wrote:
> > Am I missing something here or could it be a potential bug in the VXLAN
> > code in how it reports into snmpd?
> The vxlan driver counts so
Not sure if anyone else here is using SNMP for obtaining VXLAN(4) adapter
throughput but after some testing (clamping with PF queues), I have
discovered that throughput on VXLAN interfaces via SNMP are reporting
exactly double the data throughput than what is measured either through
On 8 April 2017 at 07:41, Mihai Popescu wrote:
> I don;t want to offend you folks, but I'm curious and I will ask: is
> this BSDCon so useful? Does it pay the efforts?
> If someone has time and knowledge to do a PF tutorial he/she can do it
> and post. Do you need the Con?
On 5 April 2017 at 13:07, Theo de Raadt wrote:
> > cpu0: Intel(R) Xeon(R) CPU E5-1620 v3 @ 3.50GHz, 3491.87 MHz
> > cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,
Without hijacking this thread completely, but touching on some of the
elements discussed above (and I think these are great inclusions for the
We have implemented a variety of queues to manage our internet links and
ikev2 VPNs tunnels to remote offices. We have also done something
Just wondering if anyone else is seeing the same issue I am booting a
6.1-snapshot in bhyve? In preparation for the 6.1 pending release, I have
tried to spin up 6.1-snap to iron out any issues in bhyve but I don't get
very far into the installation process:
Copyright (c) 1982, 1986,
Just picked up a typo in in the
errata file. While there is a patch below, it will need to be re-issued
with an updated signify signature.
--- 006_iked.patch.sig.orig Sun Sep 18 12:05:38 2016
On 4 November 2015 at 07:31, Alan Corey wrote:
> Anybody have good experiences with any of the currently available
> 4G/LTE modems that start around $30 on eBay, mostly by Huawei? I
> won't have a real internet connection for at least a year. Right now
You might want to
On 4 November 2015 at 13:09, Glenn Faustino
> I notice that under queueing section of the pf.conf man page the total
> child queues bandwidth exceed what's defined in the parent. rootq was
> defined with 100M bandwidth and the child queues defined http 60M, mail
On 3 November 2015 at 03:14, SÃ©bastien Morand wrote:
> I set up an ipsec VPN via iked.
> The point is that the server has to know my home network (192.168.100.0/24
> How to make it works wherever my laptop is?
> I tried with config address options but
On 19 October 2015 at 21:49, igyht wrote:
> I am testing iked on OpenBSD phobos 5.7 GENERIC#738 i386, I think there is
> keep-alive problem when use with NAT-T,
> detailed configurations are:
> I think, iked &
Can anyone verify (based on my diagram below) if they have had success with
queuing IKEv2 return traffic from the "Server". I have been able to use
IKEv2 based tagging and doing it (as described in iked.conf(5)) when NAT-T
isn't used and when traffic is 'pass out' from the IKEv2
On 5 October 2015 at 22:00, Jason Tubnor <ja...@tubnor.net> wrote:
> I have attached a man 5 iked.conf patch that clears up an example used in
> the man page.
The gz diff was stripped by demime, here is the flat text patch file.
On 3 October 2015 at 14:40, Jason Tubnor <ja...@tubnor.net> wrote:
> Based on man 5 iked.conf the following should setup technically 4 flows
> (reversing and setting active on the corresponding peer):
# cat /etc/iked.conf
On 3 October 2015 at 14:40, Jason Tubnor <ja...@tubnor.net> wrote:
> Here is the ipsecctl flows:
Sorry, I copied in the flows from the wrong server (testing all different
ways trying to get things to work). Here is the ipsecctl to match the
Based on man 5 iked.conf the following should setup technically 4 flows
(reversing and setting active on the corresponding peer):
ikev2 esp from 192.168.232.128 to 192.168.232.129 psk "HelloWorld"
ikev2 esp from 192.168.1.0/24 to 192.168.72.0/24 peer 192.168.232.129 psk
As Okan stated, your 5.6 man page is still correct for 5.7. It is
only of issue when you move to 5.8-Release in November.
- -current and 5.8, use/will use divert-to
(Can't give you a link to the online pf.conf
On 25 November 2014 at 18:58, David Vasek va...@fido.cz wrote:
did not look neither efficient, nor healthy. Try dd if=/dev/zero
of=/dev/rsd1c bs=1m while watching systat/iostat at the same time. Is it
still the case?
So here are the findings. The test is virtualised but below is the
With crypto being deprecated (and possibly removed in future versions
- depending on dev direction) from vnconfig, would the following be
assumed one way of providing an encrypted container?
To create 200MB encrypted container:
sudo dd if=/dev/zero of=/var/encrypt/container.encrypt bs=1m
I was just testing upgrades prior to the 5.6 release and noticed items
in the rc.conf.local were being ignored. A bit of digging, I noticed,
rc.subr had some changes and more importantly there were quite a few
changes to rc.conf.
Cutting to the chase, replacing rc.conf from the upgraded 5.5
Forgot to reply-all yesterday (only sent to Charles) to keep the
thread in-sync with the rest of the conversation (don't nuke me for
stating the obvious + added the rtadvd/route6d)
On 20 August 2014 13:40, Charles Musser cmus...@sonic.net wrote:
ifconfig gif0 tunnel 126.96.36.199 188.8.131.52
On 2 June 2014 10:23, Ted Unangst t...@tedunangst.com wrote:
Part of the deprecation / migration process is identifying the weird
ways people use vnd and finding solutions for them. But as we've seen,
people never move forward without the occasional push.
So the most appropriate way to use
Have you checked the SHA256 sig with the iso? They can be found here:
If you don't have an OpenBSD installation already running to use the sha256
command, you can pick up tools over on sourceforge
Mail list logo