Hi Franck,
Thanks it works perfect with your feedback :) I can now remove isc-
dhcp-client and use the native dhclient !
Now i need to have a good Ipv6 native option (or pkg option) if there
is something which works as good as dibbler
--
Best regards,
Loïc BLOT,
UNIX systems, security and
cp-client) &
authentication (option 90, https://www.ietf.org/rfc/rfc3118.txt). I
didn't found those options.
I haven't tested wide-dhcpv6, didn't know about it, i will test it.
--
Best regards,
Loïc BLOT,
UNIX systems, security and network engineer
http://www.unix-experience.fr
Le sam
it works
perfect if you add a little portability patch to fix some paths
/var/lib => /var/db . Is this possible to import dibbler in ports tree
for next OpenBSD release, or if you get some time to have a DHCPv6/PD
OpenBSD tool (with custom options :D) ?
Thanks for reading
--
Best regards,
Loï
Hello,
in the first example you don't specify proto tcp.
Regards,
Loïc Blot,
UNIX Systems, Network and Security Engineer
http://www.unix-experience.fr
27 février 2015 09:50 "Harald Dunkel" a écrit:
> Hi folks,
>
> /etc/services provides protocol information as wel
Hi Raimundo,
please use max directive:
queue root on alc0 bandwidth 600M, max 500M
--
Best regards,
Loïc BLOT, Engineering
UNIX Systems, Security and Network Engineer
http://www.unix-experience.fr
Le mardi 12 août 2014 à 02:11 -0300, Raimundo Santos a écrit :
> Hello misc!
>
> I
Hi Henning,
you are true, i found the problem 1 week ago, a "hidden" interface in my
3000 rules' pf.conf :)
--
Best regards,
Loïc BLOT, Engineering
UNIX Systems, Security and Network Engineer
http://www.unix-experience.fr
Le samedi 02 août 2014 à 12:17 +0200, Henning
eq "0" ]; then
/sbin/pfctl -f /etc/pf.conf
echo "PF Reloaded"
echo $SYNCTRACE > $SYNCTRACE_FILE
fi
else
echo "No PF modification"
fi
===
--
Best regards,
Loïc BLOT, Engineering
UNIX Syst
Erf...
i found the error.
An admin has configured a queue on a inexisting interface...
Maybe the pfctl tell us the interface doesn't exists ?
Sorry for the inconvenience
--
Best regards,
Loïc BLOT, Engineering
UNIX Systems, Security and Network Engineer
http://www.unix-experience.fr
,
Loïc BLOT, Engineering
UNIX Systems, Security and Network Engineer
http://www.unix-experience.fr
Le jeudi 24 juillet 2014 à 17:44 +0200, Loïc Blot a écrit :
> Hi David,
> in fact no, now the ruleset is empty and everything is allowed, erf.
> Now i have no choice, i need to reboot this
Hi David,
in fact no, now the ruleset is empty and everything is allowed, erf.
Now i have no choice, i need to reboot this critical router :(.
I think there is a bug somewhere, i'll try to found why this is
happening before rebooting (maybe a patch if i can)
--
Best regards,
Loïc
rev 2.00/0.00 addr 4
uhidev2: iclass 3/1
ums1 at uhidev2: 3 buttons, Z dir
wsmouse1 at ums1 mux 0
uhub4 at uhub1 port 1 "Intel Rate Matching Hub" rev 2.00/0.00 addr 2
uhidev3 at uhub4 port 2 configuration 1 interface 0 "Avocent Dell
03R874" rev 1.10/1.00 addr 3
uhidev3: iclass 3/
ted by some carp messages :p), i cannot reboot it at
this time, it's a BGP router and the redundancy is in maintenance.
Please also note i modified rules 2 hours ago and i wasn't affected by
this issue.
have you got an idea ?
Thanks in advance
--
Best regards,
Loïc BLOT, Engineering
Thanks for the precisions :).
And no problem i you laugh because of me :p
--
Best regards,
Loïc BLOT,
UNIX systems, security and network engineer
http://www.unix-experience.fr
Le mardi 08 juillet 2014 à 11:03 +0200, Henning Brauer a écrit :
> * InterNetX - Robert Garrett [2014-07-08
09:42]:
It's a very interesting diff.
If i have time i'll test it on -CURRENT on the two next weeks.
--
Best regards,
Loïc BLOT, Engineering
UNIX Systems, Security and Network Engineer
http://www.unix-experience.fr
Le jeudi 03 juillet 2014 à 11:35 -0500, patric conant a écrit :
&g
Hello,
i experienced some issues on Dell R210 boot when i use CD.
Use an external CD player i think this will resolve the problem (i got
problems with openbsd and freebsd after the bootloader too, and it's a
CD player problem).
--
Best regards,
Loïc BLOT, Engineering
UNIX Systems, Securit
e GRE encap). PF is also scrubing the GRE packets (no-df
scrubing and frags are allowed)
What can i check to improve the GRE performance ?
Thanks in advance.
--
Best regards,
Loïc BLOT, Engineering
UNIX Systems, Security and Network Engineer
http://www.unix-experience.fr
Hello,
you are right, you need the both rules.
--
Best regards,
Loïc BLOT,
UNIX systems, security and network engineer
http://www.unix-experience.fr
Le mardi 18 mars 2014 à 15:19 -0300, Friedrich Locke a écrit :
> Hi folks,
>
> i am studying pf and a doubt arose!
>
> Since my state policy if
Thanks all, i will be careful in the future, and i don't forget to
precise "inet" keyword :)
--
Best regards,
Loïc BLOT, Engineering
UNIX Systems, Security and Network Engineer
http://www.unix-experience.fr
Le vendredi 28 février 2014 à 11:54 +0100, Mike Belopuhov a écrit :
&
net6 was strange !
pfctl -t __automatic_d309aaac_1 -T show
2001:660:3bbb:::2
fe80::92b1:1cad:fe18:ea18
To resolve this problem i added inet keyword to my rule.
Is this normal ? Maybe a fix was required on pf parser?
Have a nice day
--
Best regards,
Loïc BLOT, Engineering
UNIX Syste
uot;Avocent
Keyboard/Mouse Function" rev 2.00/0.00 addr 5
uhidev2: iclass 3/1
ukbd1 at uhidev2: 8 variable keys, 6 key codes
wskbd1 at ukbd1 mux 1
wskbd1: connecting to wsdisplay0
uhidev3 at uhub3 port 1 configuration 1 interface 1 "Avocent
Keyboard/Mouse Function" rev 2.00/0.00 addr 5
uhidev3: iclass 3/1
ums1 at uhidev3: 3 buttons, Z dir
wsmouse1 at ums1 mux 0
uhidev4 at uhub3 port 1 configuration 1 interface 2 "Avocent
Keyboard/Mouse Function" rev 2.00/0.00 addr 5
uhidev4: iclass 3/1
ums2 at uhidev4: 3 buttons, Z dir
wsmouse2 at ums2 mux 0
uhub4 at uhub1 port 1 "Intel Rate Matching Hub" rev 2.00/0.00 addr 2
vscsi0 at root
scsibus3 at vscsi0: 256 targets
softraid0 at root
scsibus4 at softraid0: 256 targets
root on sd0a (c3d13a6a4ff0f34c.a) swap on sd0b dump on sd0b
How can i help you to resolve or can i fix the bug ?
Thanks in advance.
--
Best regards,
Loïc BLOT, Engineering
UNIX Systems, Security and Network Engineer
http://www.unix-experience.fr
Hi all,
congrats to OpenBSD team, it seems the BCM5720 on Dell R320 is working
fine since the many recent changes on bge driver !
A testing R320 is running since 8 hours at 560MB up + 560MB down with
LACP trunks (on 5.3 LACP trunks with BCM freeze the server, and without,
freeze are there but less
Hi,
thanks for you replies, i'll try a ADSL 2+ bridge modem later.
Sorry noah but i'm not familiar with DSL techs, i prefer LAN tech it's
simpler. I thought modern RJ45 network cards can understand the
RJ11/ADSL protocol but this is wrong.
Good evening !
--
Best regards,
Loïc BLOT,
UNIX systems, s
Hi,
i'm trying to replace and remove my ADSL box with a Alix 2d13 runs very
well on it and with athn, congrats !)
I would test to plug RJ11 cable (from my ADSL line, behind the ADSL
filter) to the RJ45 plug but it seems this doesn't work (no carrier).
Is this possible ? If yes, how can i do it ?
El
Hem bad copy paste, here is the end of previous message:
pcidump:
Domain /dev/pci0:
0:0:0: Intel E5 Host
0:1:0: Intel E5 PCIE
0:3:0: Intel E5 PCIE
0:5:0: Intel E5 Address Map
0:5:2: Intel E5 Error Reporting
0:17:0: Intel C600 Virtual PCIE
0:22:0: Intel C600 MEI
0:22:1: Intel C600 MEI
0:26
Hello @misc
since 1 week i have a strange issue on one of my dual stack routers. The
router doesn't answer on icmp6 on one of its interfaces. (but on all
others, i works very well)
tcpdump -nni vlan851
00:08:07.204986 2001:660::ff::2:1 > 2001:660::ff::2:2: icmp6:
neighbor sol: who has 2001
Hi,
I use PF on some OpenBSD BGP+OSPF routers on Renater (IPv4 + IPv6), it
works like a charm.
Why this question ?
pf rule are simple:
pass in quick proto tcp from $bgp_neighbor_1 to $self_peering_1 port 179
pass out quick proto tcp from $self_peering_1 to $bgp_neighbor_1 port
179
--
Best regar
Hi Antoine.
I also have a hang problem when i use a cold stop on libvirt. No problem
on VMWare ESX when i click on the "shutdown button".
On libvirt, when i click on this button the VM hang and then i need to
kill the VM.
(Archlinux kernel 3.11, but the problem was also present before. OpenBSD
5.
Hello Stefan,
at home, i blocked facebook by creating an empty DNS zone "facebook.com"
on my local bind server. It works like a charm.
--
Best regards,
Loïc BLOT,
UNIX systems, security and network engineer
http://www.unix-experience.fr
Le samedi 19 octobre 2013 Ã 00:27 +0200, Stefan Wollny a
I have no problem on multiple couples of R320, except the BCM5720 which
cause my OpenBSD to freeze. Waiting for 5.4 improvements :)
--
Best regards,
Loïc BLOT,
UNIX systems, security and network engineer
http://www.unix-experience.fr
Le jeudi 10 octobre 2013 à 20:54 -0700, Chris Cappuccio a é
Hello Stuart,
thanks for your precisions.
I have tried to download a big matlab.deb on our repositories and it
works like a charm (3GB file). By removing 'in' i also notice a little
more reactivity on the network and the latency.
Now i'll wait tomorrow when my 500 users goes to work to see if route
Hmm, to precise the last message
after the the: pass out all
There is only:
block return out log quick on { $interco_polytech_v4 $interco_hec_v4 }
inet from
block return out log quick on { $interco_polytech_v6 $interco_hec_v6 }
inet6 from
and no other out related rule.
and contain my private I
Hmmm
I solved it by removing 'in' from pass in quick <...>
But my PF are configured with the first default rule: pass out all and
there isn't any block out rule... Is this a normal situation ?
On another router (which also do NAT), i use only pass in and pass out
for NAT, and all PF is stateful.
I
Hello,
today i was configuring pfsync on a dual routers (BGP on WAN and CARP on
LAN). Before i run in a stateless mode and it works like a charm.
Now with pfsync state are synchronized but late, then client must launch
2 or 3 TCP connections and when it works it's very slow.
I also have tried def
Hello.
Stuart i have 8 OpenBSD routers with em(4) and OpenBSD 5.2 (MSI
enabled). It seems some of our SMTP(s) connections (with attachments)
are unstable but it's very very random (~1/500). Other protocols are
more stable but a little slower due to errors.
Here are my stats on Intel i350 servers
Thanks for your replies :)
--
Best regards,
Loïc BLOT,
UNIX systems, security and network engineer
http://www.unix-experience.fr
Le vendredi 04 octobre 2013 à 22:27 -0700, Sean Kamath a écrit :
> On Oct 4, 2013, at 3:11 PM, Comète wrote:
>
> > Yes, we use a lot of ALIX 2D13 as routers on ma
Hello,
I also looked at ALIX board since a long time.
Is there anybody using Alix 2d13 with OpenBSD ?
Thanks in advance.
--
Best regards,
Loïc BLOT,
UNIX systems, security and network engineer
http://www.unix-experience.fr
Le vendredi 04 octobre 2013 à 15:05 +0200, Jan Stary a écrit :
> On O
, src-nodes 8, table-entries 60 }
match in scrub (no-df)
block in log all
pass out all
<...>
pass in quick inet from to scrub (no-df)
no state
Is something wrong ?
--
Best regards,
Loïc BLOT,
UNIX systems, security and network expert
http://www.unix-experience.fr
Le
.56641: FP
2921:4273(1352) ack 74 win 46 (DF)
10:08:24.034793 192.168.238.121.56641 > 192.168.106.38.411: . ack 1 win
365 (DF)
A part of the TCP transaction disappear and i don't know why.
Have you got ideas ???
--
Best regards,
Loïc BLOT,
UNIX systems, security and network expert
http://www.unix-experience.fr
Hmm, this problem has similar issues like i got on bge (BCM5720) with
OpenBSD 5.3. I hope the many bge fixes on 5.4 -current will fix it.
--
Best regards,
Loïc BLOT,
UNIX systems, security and network expert
http://www.unix-experience.fr
Le lundi 02 septembre 2013 Ã 07:59 -0400, Kenneth R Weste
Hello Andy,
here is on of my working configuration (OpenBSD 5.2)
inet 194.199.X.28 255.255.255.240 NONE
inet6 2001:660:abcd:1234::1:1 64
description "CARP server"
carpdev vlan603 vhid 62 advskew 1 carppeer 194.199.X.29 pass x
--
Best regards,
Loïc BLOT, Engineering
UNIX Systems
Hello,
it's 5.3 related in fact :). In 5.2 i havent any problem at this time, i
have 10 OpenBSD on Dell R320 with em cards. Maybe 5.4 will fix our
problems.
--
Best regards,
Loïc BLOT,
UNIX systems, security and network expert
http://www.unix-experience.fr
Le mardi 27 août 2013 à 18:06 +0100,
In fact i'm not tired, it's logical :)
Here is my patched question:
ask_which "speed" "should $_d use" \
"9600 19200 38400 57600 115200" $CSPEED $pxe_console_speed
Show:
[auto] instead if [9600] (auto is value of pxe_console_speed).
If i do a echo "speed: $CSPEED" before ask_which, CSPEED is
Hmm you are right, i think i'm tired :)
--
Best regards,
Loïc BLOT,
UNIX systems, security and network expert
http://www.unix-experience.fr
Le samedi 24 août 2013 à 23:03 +, Christian Weisgerber a écrit :
> Loïc BLOT wrote:
>
> > if [[ $resp == y ]]; then
> >
Hello,
this evening i was writing pxe automated install modifications on
install.sh and install.sub when i found a bug in installer, when the
console speed is asked.
Original (5.3):
if [[ -n $CDEV ]]; then
_d=${CPROM:-$CDEV}
ask_yn "Change the default console to $_d
Hello James,
you are right users may have choice.
I'm working to build a distrib for pxebooting (pxeboot + bsd.rd
generation). After i will try to implement those patches, which are very
interesting for OpenBSD
http://nbender.com/install.netboot/netboot.diff
I only think we musnt't download a scrip
Hello Don,
I haven't any problem with iPXE (used on my libvirt/KVM hypervisor).
Yesterday i have booted on a pxelinux which chainload a OpenBSD
pxeboot.0 (because i have made a menu for tests to choose automated
debian install or OpenBSD.
I will look at Nick's word tonight, but i think it's one ve
S (special
TXT record ?) but it's not really automated because it doesn't resolve
the networking connection problem.
--
Best regards,
Loïc BLOT, Engineering
UNIX Systems, Security and Networks
http://www.unix-experience.fr
Le mardi 13 août 2013 à 13:09 +0200, Marian Hettwer
Hello Tito,
thanks to give me another time the FAQ, you think i have never read.
This boot process is okay for me but the problem is NOT the PXE boot
process. The problem is to automate the installation.
My OpenBSD pxeboot is chained after a pxelinux which already deserve
automated installed debian
Thanks for the precision James, you confirmed what i have understood.
I will search tomorrow.
--
Best regards,
Loïc BLOT,
UNIX systems, security and network expert
http://www.unix-experience.fr
Le lundi 12 août 2013 à 12:23 -0700, James A. Peltier a écrit :
> - Original Message -
> |
It's exactly that. Kickstart for Redhat and Preseed.cfg for Debian
--
Best regards,
Loïc BLOT,
UNIX systems, security and network expert
http://www.unix-experience.fr
Le lundi 12 août 2013 à 22:20 +0200, Francois Pussault a écrit :
> like kickstart for devil redhat ?
>
> > ---
Sorry if i misunderstood the goal of install.site.
I look at this, more clearly, to see if it's the solution i search.
--
Best regards,
Loïc BLOT,
UNIX systems, security and network expert
http://www.unix-experience.fr
Le lundi 12 août 2013 à 13:07 -0700, Johan Beisser a écrit :
> Please read
Hello,
thanks for your reply Johan, but this is not why i want. site.tgz
contain a set of preconfigured files to deploy with other sets to deploy
similar machines.
My need is to install a clean OpenBSD with an automated mean:
The server boot in PXE and install OpenBSD, configure network, hostname,
Hello @misc.
Today i'm working on automated deploy with PXE. I have successful found
and made automated PXE install on Debian with pxelinux.
I know OpenBSD have a pxe boot image to netinstall the system
http://www.cyberciti.biz/faq/openbsd-boot-install-using-pxe-preboot-execution
-environment/
I
I approve Wesley,
if you use OpenBSD 5.3 you should use npppd it's simpler than poptop and
have nearly the same functionalities
--
Best regards,
Loïc BLOT,
UNIX systems, security and network expert
http://www.unix-experience.fr
Le lundi 05 août 2013 à 08:46 +0400, Wesley MOUEDINE ASSABY a éc
Hello,
I think it's route get -inet6
Like when you do route add -inet6 default
--
Best regards,
Loïc BLOT,
UNIX systems, security and network expert
http://www.unix-experience.fr
Le mercredi 31 juillet 2013 à 10:19 +0600, ÐлÑÑ Ð¨Ð¸Ð¿Ð¸Ñин a écrit
:
> Hello!
>
> # ping6 www.ripe.net
Hello all,
thanks for this interesting debate about pf syncing.
To remember my initial question:
pfsync seems to sync states but not correctly on my BGP+OSPF routers.
Because each BGP router is master/standby to 2 neighbors (full meshed
bgp) packets which are outgoing by one router can income by t
The connection is not done by my routers themselves but by DMZ servers
behind them !
--
Best regards,
Loïc BLOT, Engineering
UNIX Systems, Security and Networks
http://www.unix-experience.fr
Le mercredi 03 juillet 2013 à 17:32 +0200, mxb a écrit :
> States ARE synced.
> IPs are not th
ual
IP is useless in this configuration, no ?
--
Best regards,
Loïc BLOT, Engineering
UNIX Systems, Security and Networks
http://www.unix-experience.fr
Le mercredi 03 juillet 2013 à 09:36 -0500, Mark Felder a écrit :
> On Wed, 03 Jul 2013 09:24:54 -0500, Loïc Blot
> wrote:
>
>
For me pf table is (sorry for the missing precisions) the pf state
stable for stateful operations
--
Best regards,
Loïc BLOT, Engineering
UNIX Systems, Security and Networks
http://www.unix-experience.fr
Le mercredi 03 juillet 2013 à 08:22 -0500, Mark Felder a écrit :
> On Wed, 03 Jul 2013
It's not possible to sync pf table without CARP ?
I must use it in some case, then those case will be fixed but the other
(OSPFd routing) may fail i think ?
--
Best regards,
Loïc BLOT, Engineering
UNIX Systems, Security and Networks
http://www.unix-experience.fr
Le mercredi 03 juillet
--
Best regards,
Loïc BLOT, Engineering
UNIX Systems, Security and Networks
http://www.unix-experience.fr
Le mercredi 03 juillet 2013 à 12:47 +0200, mxb a écrit :
> How does your CARP setup looks like. On both machines?
> Can you send your ifconfig output?
>
> What is your environment/se
Okay, defer is now enabled on pfsync interface (sorry for my last idea,
i haven't the man on me :) ).
It seems the problem isn't resolved.
The transfer starts but blocked at random time.
--
Best regards,
Loïc BLOT, Engineering
UNIX Systems, Security and Networks
http://www.unix-exp
Hi,
Thanks for your reply. I wasn't careful about this section.
If i understand i must add defer option to my WAN iface (or i'm wrong i
must add it to my vlan995 iface ?) ?
I will test it this morning, and i return back to misc :)
--
Best regards,
Loïc BLOT,
UNIX systems, security and network exp
Hi all
I have a strange issue (or i haven't read pfsync correctly but i don't
think this is the problem :D)
I'm using 2 OpenBSD as BGP+OSPF routers at the border of one site.
Those BGP routers are secure with strong PF in stateful mode, and the
stateful is working very well on each router. Becaus
Hello mike
You are blocking trafic after matching nat rule.
Because you don't use quick keyword, your PF match the first rule, and
next the second and next the third and to do third.
In your firewall configuration you block nothing and you nat nothing.
Better way is to write this:
set skip on l
idev0: 8 variable keys, 6 key codes
wskbd0 at ukbd0 mux 1
wskbd0: connecting to wsdisplay0
uhidev1 at uhub3 port 1 configuration 1 interface 1 "Avocent
Keyboard/Mouse Function" rev 2.00/0.00 addr 4
uhidev1: iclass 3/1
ums0 at uhidev1: 3 buttons, Z dir
wsmouse0 at ums0 mux 0
uhidev2 at
i think:
Pass in on enc0 proto ipv6-icmp
Loic Blot
Le 7 juin 2013 à 19:29, Christopher Zimmermann a écrit :
> Hi,
>
> simple problem: how do I allow this package to pass?
>
> 18:59:44.768197 rule 0/(match) [uid 0, pid 1051] block in on enc0:
> 172.26.153.7 > 172.26.153.1: 2001:4dd0:fbdf:0:f
er on
the production:
kern.nfiles=4701.
Thanks for advance. If you need more details please tell me.
--
Best regards,
Loïc BLOT,
UNIX systems, security and network expert
http://www.unix-experience.fr
Hi
Sorry for the double, but i have forgotten the kroute.c in my diff, then
i cannot work :)
Have a nice day
--- old/usr.sbin/ospfd/kroute.c 2011-11-15 05:17:46.0 +0100
+++ OpenBSD/usr.sbin/ospfd/kroute.c 2013-05-31 22:37:59.434032287 +0200
@@ -1,6 +1,7 @@
-/* $OpenBSD: kroute.c,v
Hello Rob,
mine is a forward proxy, it's used by my clients to go to all websites
(except blacklisted by squidguard).
--
Best regards,
Loïc BLOT,
UNIX systems, security and network expert
http://www.unix-experience.fr
Le dimanche 02 juin 2013 à 12:33 -0700, Rob Sheldon a écrit :
> On 2013-
Hello rob,
i'm using squid since 3.1 on OpenBSD 5.2 with compiled sources (squid
3.2.5-9 and 3.3.4 at this time). I don't use an IP but the http_port
3129 as my configuration suggests:
http_port 3128
http_port 3129 intercept
And i have those rule in my PF
pass in quick proto tcp to { 10.X.1.1 10
+ struct kroute_filter*kroute_filter;
+
+ LIST_FOREACH(kroute_filter, &conf->kroute_filter_list, entry) {
+ printf("kroute-ignore-insert %s prefixlen %u",
+
inet_ntoa(kroute_filter->prefix),kroute_filter->prefixlen);
+
. For now i have
em0-1 and bge0,2-3 in trunks
(http://www.hostingpics.net/viewer.php?id=705980photo.jpg )
At this time system works but there is some system freezes for 10-15sec
and after it comes back.
Any ideas ?
--
Best regards,
Loïc BLOT, Engineering
UNIX Systems, Security and Networks
Loïc BLOT, Engineering
UNIX Systems, Security and Networks
http://www.unix-experience.fr
Le mercredi 22 mai 2013 à 11:03 +0200, Loïc Blot a écrit :
> Ok, i have another new to this problem.
>
> I have unplugged the external BCM5720 card, and now there is only the
> motherboard BCM572
connected on another switch (before i thought it's a cisco 2960
communication problem, but it seem not, i'm on a dell powerconnect
6224).
Why break doesn't have effect on com1 ?
--
Best regards,
Loïc BLOT, Engineering
UNIX Systems, Security and Networks
http://www.unix-experience.fr
e much appreciated.
>
> cheers,
> dlg
>
> On 05/05/2013, at 4:11 AM, Loïc Blot wrote:
>
> > Hello misc.
> > On thursay i have upgraded one of our BGP border routers to OpenBSD 5.3,
> > and i was pleased to get the BCM5720 working. I have added it to
> >
Openbsd and openbgpd are working Like a charm With CISCO and alcatel routers.
With openbsd routing daemon you can also backup the ospf configurations and
create différent versions. Also the debug is simpler
Loic Blot
Le 16 mai 2013 à 17:45, mxb a écrit :
> Quagga might have more features (whic
Thanks for the précision, i will test your issue to verify if my bcm5720 issue
is linked With yours
Loic Blot
Le 10 mai 2013 à 14:12, David Imhoff a écrit :
> Hi,
>
> I'm having problems with a 4-ports BCM5719C based PCI-E network card
> and the 2-ports BCM5720 network interfaces build into a
elp you to implement filtering if you tell me how
to do it.
--
Cordialement,
Loïc BLOT,
Expertise en Systèmes UNIX, Sécurité et Réseaux
http://www.unix-experience.fr
Le jeudi 09 mai 2013 à 14:50 +0200, Claudio Jeker a écrit :
> On Wed, May 01, 2013 at 11:45:04PM +0200, Loïc BLOT wrote:
> >
No it's a dell r320 Then a 64bit cpu then amd64 architecture :)
Loic Blot
Le 8 mai 2013 à 23:54, Joerg Goltermann a écrit :
> Hi,
>
> On 04.05.2013 20:11, Loïc Blot wrote:
>> Today, i want to upgrade exactly same model (Dell R320 with PCI Intel
>> CARD and BCM57
Hello Stuart, ok for the console, (i would tell i use keyboard and
screen on the server directly, sorry for the mistake :s).
I can't test this week, because of production (and then i have shutted
down the server because he interfers with the CARP master and take the
hand whereas he mustn't...)
Can
A little more precision,
my server have network, but some times he looses also network for 1
second and CARP goes to master on this backup servers and generate
instability. I think there is a problem somewhere, but i don't know why.
To compare, i have two Dell R320 with BCM5720 and EM, on works per
lt or responsibility.
>
> if you could get a trace to verify, that would be much appreciated.
>
> cheers,
> dlg
>
> On 05/05/2013, at 4:11 AM, Loïc Blot wrote:
>
>> Hello misc.
>> On thursay i have upgraded one of our BGP border routers to OpenBSD 5.3,
>> a
ndling or maybe BCM + LACP + CARP isn't a good idea
but i haven't any choice :s
Thanks for advance.
--
Best regards,
Loïc BLOT, Engineering
UNIX Systems, Security and Networks
http://www.unix-experience.fr
My border routers obtain a default route in fact, and OSPF must
redistribute this route to LAN Routers. Here is a scheme
|-- R1 site 1 R3 Site 1
| BGP AS 650XX | OSPF a3|
|-- R2 site 1 R4 Site 1
|
In fact, this isn't really an interarea problem but a inter protocol
problem.
Next month i'll have two border routers which are connecter to MAN by
BGP. In my LAN and on my tunnels i'm in a "LAN backbone" area.
Because of the priority of OSPF and the default route redistribution,
the default rout
OK for the tree, but refuse to insert routes in the kernel is useful.
It would be a great function to refuse inserting kernel routes from some
routers.
--
Best regards,
Loïc BLOT,
UNIX systems, security and network expert
http://www.unix-experience.fr
Le mercredi 01 mai 2013 Ã 20:56 +0300, Da
Hello all,
to begin, thanks to OpenBSD team & contributors for this very good
release.
I have a question about ospfd. Why ospfd doesn't have capabitilities to
filter some routes, or filter by sources ? (ok by source can be filtered
by PF, but if i want to refuse routes from specific hosts, or some
Hello all,
to begin, thanks to OpenBSD team & contributors for this very good
release.
I have a question about ospfd. Why ospfd doesn't have capabitilities to
filter some routes, or filter by sources ? (ok by source can be filtered
by PF, but if i want to refuse routes from specific hosts, or some
Hi stuart,
i agree, but that means i must use area 0 on LAN ifaces. And if i have
another area on that iface (my extented LAN area), i can't use backbone
area.
Now, i have replaced area 12 with area 0, but the problem also persists.
--
Best regards,
Loïc BLOT, Engineering
UNIX Systems, Sec
Hi Robert and misc@openbsd,
thanks for your reply, but if i don't want to connect area 12 on area
0 ? My area 12 is reserved for LAN to LAN only, i don't want to publish
its routes on the backbone area and backbone area is not in stub mode.
Also, I thought about stub areas to not publish routes.
AN router
router-id A.B.C.D
no redistribute default
auth-md 1 "pwd1"
area 12 {
auth-type crypt
auth-md-keyid 1
interface trunk0
interface trunk1 { passive }
interface vlan994 { passive }
}
Has anyone an idea ? i'm stucked :s.
Thanks for adv
Hello misc,
i am installing a WAN router under openbsd but i have a strange problem
with OSPF and OpenBSD.
I use two OSPF areas. One area is stub and the other isn't (and i have
tryied to stub it too).
We can say area 1 is stub area and area 5 is LAN area.
When the router learn routes from area 1
gards,
Loïc BLOT, Engineering
UNIX Systems, Security and Networks
http://www.unix-experience.fr
Le vendredi 01 mars 2013 à 19:34 +, Stuart Henderson a écrit :
> On 2013/03/01 20:16, Loïc BLOT wrote:
> > Thanks for the reply Stuart, but:
> > - It's a test network, with an offl
Thanks for the reply Stuart, but:
- It's a test network, with an offline switch
- only the two routers are on the switch, with the good VLAN connected
by one LACP trunk (for each device)
- isakmp negotation is from the expected hosts
- the certificate are default certificates, generated by OpenBSD
s the following:
attribute_unacceptable: ENCRYPTION_ALGORITHM: got AES_CBC, expected
3DES_CBC
My ipsec.conf is very simple for now:
on host A
ike esp transport from 10.0.0.1 to 10.0.0.2
and on host B
ike esp transport from 10.0.0.2 to 10.0.0.1
Any idea ?
Thanks for advance
--
Best regar
I confirm dynamic dns updates works with OpenBSD named, but you must
replace OpenBSD dhcpd with isc-dhcpd from packages, failover and dynamic
dns updates works with it
--
Best regards,
Loïc BLOT, UNIX systems, security and network expert
http://www.unix-experience.fr
Le dimanche 03 février 20
Also look at: http://www.openbsd.org/plus.html
--
Best regards,
Loïc BLOT, UNIX systems, security and network expert
http://www.unix-experience.fr
Le samedi 02 février 2013 à 18:08 -0500, bofh a écrit :
> On Sat, Feb 2, 2013 at 6:02 PM, bofh wrote:
> > On Sat, Feb 2, 2013 at 6:00 PM, Gil
Hi !
There is no problem as i Know and use
Loic Blot
Le 15 janv. 2013 à 12:50, "R0me0 ***" a écrit :
> Hello misc,
>
> I've a OpenBSD 5.1 in production and I will put another OpenBSD 5.2 and
> then configure CARP.
> will I have some compatibility issue ?
>
> Thanks in advanced
if i'm not mistaken, it's Berkeley Packet Filter.
I must do the same issue for dhcpd when i use many vlan interfaces and
PF :)
--
Cordialement,
Loïc BLOT, UNIX systems, security and network expert
http://www.unix-experience.fr
Le mardi 08 janvier 2013 à 20:39 +0100, Ulrich Drolshagen a écrit
1 - 100 of 118 matches
Mail list logo