This is what happens on my relatively current
OpenBSD bbb.stare.cz 6.5 GENERIC#0 armv7(BeagleBone Black)
OpenBSD ppc.stare.cz 6.5 GENERIC#0 macppc (an old MacMini)
#include
#include
#include
int
main()
{
long l;
double d = INT_MAX;
l = lrint(d);
p
On May 10 18:45:49, h...@stare.cz wrote:
> > > > > malloc() warning: unknown char in MALLOC_OPTIONS
> >
> > if it's only some programs, then it's because those are older programs.
>
> Yes they are. I will get back after they recompile. Thanks.
Indeed, after recompiling the ports (it was on
On May 10 12:29:16, t...@tedunangst.com wrote:
> hans wrote:
> > On May 10 18:02:12, o...@drijf.net wrote:
> > > hans schreef op 10 mei 2016 17:12:23 CEST:
> > > >I started using the wonderfull malloc.conf,
> > > >setting it to CFGJPRSU. This works on
On May 10 18:02:12, o...@drijf.net wrote:
> hans schreef op 10 mei 2016 17:12:23 CEST:
> >I started using the wonderfull malloc.conf,
> >setting it to CFGJPRSU. This works on amd64 and macppc and i386,
> >but on a freshly upgraded current/armv7 (a BeagleBone Black),
&g
I started using the wonderfull malloc.conf,
setting it to CFGJPRSU. This works on amd64 and macppc and i386,
but on a freshly upgraded current/armv7 (a BeagleBone Black),
some programs report
malloc() warning: unknown char in MALLOC_OPTIONS
Each of the flags is documented in the malloc.co
On May 01 18:14:33, nicholas.marri...@gmail.com wrote:
> Jan, please make sure you are running -current (build and install tmux
> from CVS HEAD) and if the problem still exists run this
I have the HEAD tmux now.
> tmux -vvvLtest -f/dev/null new
Strangely, with this line, I don't see the problem;
shouldn't make
> the difference, or should it?
I don't think it should.
> schwarze@isnote $ setxkbmap -query
> rules: base
> model: pc105
> layout: us
> options:compose:ralt,altwin:left_meta_win
> schwarze@isnote $ locale
In the last snapshot, it seems, tmux does not do UTF8 input correctly,
while xterm is fine. This used to work with the ~/.xsession below.
When typing non-ascii in xterm or in a vim-in-an-xterm
ot a mutt-in-an-xterm, thay appear OK. When in a tmux window,
they look like garbage.
Interestingly, if
I have this Belkin card (model F5D8010)
which reports on current/amd64 as
unknown vendor 0x17cb product 0x0001 (class network subclass ethernet, rev
0x01) at cardbus1 dev 0 function 0 not configured
but does not show up as an interface.
What can I do to help make it supported?
Jan
On Mar 16 20:58:59, alan01...@gmail.com wrote:
> I don't have enough room in / to have my htdocs there so I want to
> move it to /usr/htdocs. This is in 5.7. No problem I thought, I've
> had to do it before. So my /etc/httpd.conf looks like this:
>
> chroot "/usr/htdocs"
Why din't you use he s
On Mar 16 22:04:19, alan01...@gmail.com wrote:
> Bingo. /usr does it. One clue I guess was that it was logging into
> /usr/logs. With Apache at least the chroot dir wasn't the same as the
> document root.
With default httpd, it also isn't.
> And you don't want the logs dir readable through the
It seems zdump(8) just displays GMT for zones which do not exist.
Is that intended?
Jan
$ zdump Canada/* Canada/Toronto
Canada/Atlantic Tue Mar 15 05:22:21 2016 ADT
Canada/CentralTue Mar 15 03:22:21 2016 CDT
Canada/East-Saskatchewan Tue Mar 15 02:22:21 2016 C
Two bits seem unclear in spamd.conf(5),
at least to a non-native speaker.
# Strings follow getcap(3) convention escapes, other than you
# can have a bare colon (:) inside a quoted string and it
# will deal with it.
"Other that _that_ you can have a bare colon"?
# Lists specified with the :
On Mar 12 17:25:45, rob...@peichaer.org wrote:
> On Sat, Mar 12, 2016 at 05:49:32PM +0100, hans wrote:
> > On Mar 12 16:36:37, rob...@peichaer.org wrote:
> > > On Sat, Mar 12, 2016 at 04:57:04PM +0100, hans wrote:
> > > > Has the attitude towards /etc/hosts change
On Mar 12 16:36:37, rob...@peichaer.org wrote:
> On Sat, Mar 12, 2016 at 04:57:04PM +0100, hans wrote:
> > Has the attitude towards /etc/hosts changed again?
> > After a fresh install of current/i386,
> >
> > 127.0.0.1 localhost
> > ::1
Has the attitude towards /etc/hosts changed again?
After a fresh install of current/i386,
127.0.0.1 localhost
::1 localhost
192.168.22.4www.stare.cz www
The first two I would expect.
The last one was assigned to me via DHCP during install;
I am changi
Hello,
Firejail secures* the everyday apps that a user uses on an example
Desktop machine: Firefox, transmission, etc.:
https://firejail.wordpress.com/ Is there any alternatives on OpenBSD for
Firejail? Or could it be ported? *The sandbox is lightweight, the
overhead is low. There are no complicate
This is what cron said to me on a current/macppc,
when incidentally, the machine was just (re)booting:
On Dec 28 12:00:01, root wrote:
> approval failed for hans
Dec 28 12:00:04 www syslogd: exiting on signal 15
Dec 28 12:00:53 www syslogd: start
Dec 28 12:00:53 www /bsd: syncing disks... d
On Thu, Mar 05, 2009 at 02:32:36PM -0700, Cameron Schaus wrote:
> I recently configured an IPSEC tunnel between OpenBSD 4.4 machine and a Cisco
> gateway. I had trouble during the key exchange because I had configured DH
> group 2. The Cisco sent a proposal for DH group 5 with a lifetime of 780
B!Tengo nueva direcciC3n de correo!Ahora puedes escribirme
a:hans.b...@yahoo.com.co
- PP0Q P0P4QP5Q Q
P;P5P:QQP>P=P=P>P9 P?P>QQQ P2QP8P3QP0P;P0 PQ P>P1Q P5P9 QQPP;P;.P!P(P, PP2QQQP0P;P8P8 P2 QP5QP8 PP=QP5QP=P5Q
P;P>QP5QP5Q. P-P1P8P;P5Q P=P>PP=QQ QP8QP;P>P< 17
Hi,
On Mon, Jan 19, 2009 at 04:56:25PM +0100, Christoph Leser wrote:
>
> I noticed that the cisco end of a VPN I configured on my openBSD sends a
> DELETE message after a certain amount of idle time.
Which SAs get deleted? isakmp, ipsec or both?
HJ.
Support for specifying aes key sizes was added february 2008, thus 4.2
does not provide this.
On Wed, Nov 12, 2008 at 03:17:17PM +, Joe Warren-Meeks wrote:
> On Wed, Nov 12, 2008 at 02:35:35PM +0100, Claer wrote:
>
> Hey there,
>
> OK, so I've switched to ipsec.conf and it is alot easier!
>
er to send the routes received in the communities (yes
they all contain the same routes) to every peer on the RS, except for those
with AS 7547 and 8392.
Was also wondering why you have that prepend rule in #5 while transparent-as
is configured?
Regards,
Hans
On Wed, Oct 29, 2008 at 12:08 PM, Cla
Hi Misc,
I am trying to make OpenBGPD work as a route-server for a little hobby
project I am working on.
As it's very hard to find configuration examples for this usage on the web i
have to turn here.
What I am trying to achieve:
- A route-server acting as a transparent route distributor.
- Cont
On Mon, Nov 19, 2007 at 12:26:16PM +0100, Mitja Mu?eni? wrote:
> As far as I can tell, currently in ipsec.conf there is no way to use AES
> with KEY_LENGHT=256. Is anybody working on adding this? Otherwise I might
> try it when the time permits.
>
> I'm thinking that isakmpd should first learn ab
g the door adds to your freedom, don't you think so?
Hans
Hi,
could you try the attached diff, please?
Index: message.c
===
RCS file: /cvs/src/sbin/isakmpd/message.c,v
retrieving revision 1.126
diff -u -p -r1.126 message.c
--- message.c 2 Jun 2007 01:29:11 - 1.126
+++ message.c
Just use a recent snapshot. Support for names instead of ip addresses has
been added, mh, at least a year ago.
HJ.
On Tue, Sep 04, 2007 at 12:32:55PM +0200, * VLGroup Forums wrote:
> Hello everyone,
>
> I have several VPN tunnels between OBSD 3.8 systems (LAN to LAN via
> VPN). These all have f
Hi,
On Mon, Sep 03, 2007 at 03:11:35PM +0100, Josi Costa wrote:
> Sep 3 15:05:16 obsd1 isakmpd[25239]: dropped message from
> 172.26.10.83 port 500 due to notification type NO_PROPOSAL_CHOSEN
> Sep 3 15:05:16 obsd1 isakmpd[25239]: responder_recv_HASH_SA_NONCE:
> KEY_EXCH payload without a group
On Mon, Sep 03, 2007 at 02:45:46PM +0100, Josi Costa wrote:
> 3des, sha1, PFS disabled.
ok, then enable pfs, use modp1024
Hi,
which transforms are configured on the ISA server for phase 2?
On Mon, Sep 03, 2007 at 02:21:24PM +0100, Josi Costa wrote:
> How can I solve this? Any docs about it? Debugging?
>
> On 9/3/07, Hans-Joerg Hoexer <[EMAIL PROTECTED]> wrote:
> > Hi,
> >
> > O
Hi,
On Mon, Sep 03, 2007 at 12:59:48PM +0100, Josi Costa wrote:
>
> Sep 3 13:49:55 obsd1 isakmpd[1074]: dropped message from 172.26.10.83
> port 500 due to notification type NO_PROPOSAL_CHOSEN
> Sep 3 13:49:55 obsd1 isakmpd[1074]: responder_recv_HASH_SA_NONCE:
> KEY_EXCH payload without a group
On Thu, Aug 16, 2007 at 06:43:34PM -0700, Steve B wrote:
> I made a few changes and did some more testing this evening.
>
> 1. I changed the /etc/ipsec.conf to bring it in line with the Greenbow
> default transforms that Hans-Joerg recommened.
>
> # cat /etc/ipsec.conf
> i
, Aug 15, 2007 at 10:37:59PM +0200, Hans-Joerg Hoexer wrote:
> > On Mon, Aug 13, 2007 at 01:30:11AM +0300, Sergey Prysiazhnyi wrote:
> > > ike dynamic from any to any \
> > > main auth hmac-sha1 enc aes group modp1024 \
> > > quick auth hmac-sha1 enc ae
And I should mention, that in the "any to any" case you can not use -K and
you have to specify an isakmpd.policy file.
On Wed, Aug 15, 2007 at 10:37:59PM +0200, Hans-Joerg Hoexer wrote:
> On Mon, Aug 13, 2007 at 01:30:11AM +0300, Sergey Prysiazhnyi wrote:
> > ike dyna
On Mon, Aug 13, 2007 at 01:30:11AM +0300, Sergey Prysiazhnyi wrote:
> ike dynamic from any to any \
> main auth hmac-sha1 enc aes group modp1024 \
> quick auth hmac-sha1 enc aes psk secret
>
> ; ike passive, ike passive esp, ike esp, etc - no results.
On the openbsd gateway you nee
On Thu, Aug 09, 2007 at 02:22:31AM +0200, James Lepthien wrote:
> Hi,
>
> I have set up a vpn from my OpenBSD Box (4.1-current) to our company
> WatchGuard X700. My problem is that the re-keying
> isn't always working and my tunnel does not come up if I send traffic to
> the destination network.
On Thu, Aug 02, 2007 at 10:23:59PM +0200, Sven Ulland wrote:
>
> I'm very (that's putting it mildly) interested in the issues with 4.0
> that you mention. Would you be able to shed some more light on which
> issues they were, or point me to references? It would be most
> interesting.
I'm not sure,
Hi,
On Thu, Aug 02, 2007 at 09:23:59PM +0200, Sven Ulland wrote:
> I am running OpenBSD 4.0 on amd64, and I'm seeing that isakmpd builds
> up a large amount of redundant phase 1 tunnels for one of our peers.
> It will only report these when prompted with 'echo r > \
> isakmpd.fifo', it's not shown
Hi,
On Thu, Jul 26, 2007 at 10:04:31AM +0200, [EMAIL PROTECTED] wrote:
> Hi,
>
> I am using ipsecctl and /etc/ipsec.conf to create an IPSec tunnel to a
> WatchGuard Firebox X700 in my company. It works fine, but the
> re-keying always makes some trouble, it does not always work. My
> questi
Hi,
the Subject Alternative Name of your certificate will be used as phase 2
IDs, ie. that's what is sent. If you want to use the Subject Canonical
Name, you have to additionlly provide an isakmpd.policy file and you have
to run isakmpd without the "-K" option. See isakpmd.policy(5).
On Fri, Ju
Hi,
On Thu, Jul 12, 2007 at 05:38:47PM -0800, eric wrote:
> I have an OpenBSD 4.1 (OpenBSD 4.1 GENERIC#1435 i386) acting
> as a PPPoE NAT router & firewall to my ISP. I'd like to replace my OS
> X 10.4 Server IPSEC VPN with the OpenBSD system. My "road warrior"
> clients are all OS X 10.4.1
Hi all!!
I have got hold of a "Highpoint RocketRAID 1740" SATA disk controller.
Is there anyone out there thats got a driver for it?
/Hasse
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
Hi,
please check the errata page for 3.7 [1], patch 6 solves this issue [2].
[1] http://www.openbsd.org/errata37.html.
[2] ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.7/common/006_nat-t.patch
HJ.
On Mon, Jun 25, 2007 at 11:35:19AM -0400, catalin visinescu wrote:
> Hello,
>
> I see that Op
On Mon, May 28, 2007 at 07:02:39PM +0930, Damon McMahon wrote:
> Greetings,
>
> How would I specify that blowfish, AES and 3DES should be accepted -
> in that order - in ipsec.conf(5) to configure isakmpd(8)?
this is not supported by ipsec.conf(5).
>
> In the deprecated isakmpd.conf(5) for Ma
yes, that's possible. See brconfig(8) for instructions.
On Sun, May 06, 2007 at 10:07:42PM +0200, Joachim Schipper wrote:
> On Sun, May 06, 2007 at 02:56:14PM -0400, Paolo Supino wrote:
...
> > 2. I have another project where I'm expanding a network to an adjacent
> > building and I can't run ca
nother relevant ISPEC
> configuration?
yes.
>
> Anyone?
>
> Thanks,
> Tim
>
> Hans-Joerg Hoexer wrote:
> >On Thu, Apr 12, 2007 at 11:25:49AM -0600, Tim Pushor wrote:
> >
> >>Hi friends,
> >>
> >>I'm looking to add another IP
On Sun, Apr 15, 2007 at 05:26:11PM +0200, Markus Wernig wrote:
>
> /etc/rc.conf.local
> ipsec=YES
> isakmpd_flags="-K -f /var/run/isakmpd.fifo"
why the -f ...? isakmpd takes care of the fifo itself. You only need
"-K", nothing else.
On Thu, Apr 12, 2007 at 11:25:49AM -0600, Tim Pushor wrote:
> Hi friends,
>
> I'm looking to add another IPSEC connection to my openbsd 3.9 firewall.
> All examples I've seen are a single connection (phase 1). To support
> multiple vpn's tunnels, is it as simple as adding additional lines under
On Wed, Apr 11, 2007 at 01:28:28PM -0600, Roy Kim wrote:
> I'm trying to setup an ipsec tunnel between an openbsd and a windows
> box using X.509 certificates. Phase 1 gets successfully negotiated but
> then things crap out at step 1 of phase 2 and I don't have a clue
> what's wrong. Any thoughts?
Hi,
On Fri, Feb 23, 2007 at 12:09:27AM +, Stuart Henderson wrote:
>
> @0 C set [Phase 1]:Default=peer-default force
> C set [peer-default]:Phase=1 force
> C set [peer-default]:Authentication=2 force
> C set [peer-default]:Configuration=mm-default force
> C set [peer-default]:ID=me.mylan.n
more correct diff:
Index: ike.c
===
RCS file: /cvs/src/sbin/ipsecctl/ike.c,v
retrieving revision 1.54
diff -u -p -r1.54 ike.c
--- ike.c 24 Nov 2006 08:07:18 - 1.54
+++ ike.c 24 Nov 2006 10:46:19 -
@@ -38,17 +3
Hi,
On Fri, Nov 24, 2006 at 09:45:45AM +, Brian Candler wrote:
> I'm trying to set up multiple transport mode SAs between an OpenBSD 4.0 box
> and a Cisco 7301 running IOS [ultimate reason is to load test multiple L2TP
> over IPSEC tunnels].
>
> Each SA is between the same two IP endpoints bu
your tunnel is between 193.189.180.192/28 and 193.189.180.208/28
On Thu, Nov 23, 2006 at 01:10:13PM +0100, Mitja wrote:
> ...
> OpenBSD1
> # ipsecctl -s all
> FLOWS:
> flow esp in from 193.189.180.208/28 to 193.189.180.192/28 peer
> 172.16.16.6 type require
> flow esp out from 193.189.180.192/28 t
Daniel Ouellet wrote:
So, I would like to trapit everything that is not from these 5 emails.
Beware that people make mistakes. Someone could just make a
typing error in one of these 5 addresses and you end up blocking
a legitimate mail server..
H.
Hi,
could you please provide a pcap of such an exchange?
Thanks,
HJ.
On Wed, Oct 18, 2006 at 11:57:53AM +0200, Mitja Mu?eni? wrote:
>
> Just a quick question if anybody has had the same problem, or contrary, if
> anybody has a success story with SEF. I'm trying to establish an IPsec
> tunnel bet
Hi,
On Wed, Oct 11, 2006 at 02:17:42PM -0700, Prabhu Gurumurthy wrote:
>
> pgurumur-vm-openbsd (OpenBSD): [~/working/networking/docs]
> 10.200.0.46: [579]$ cat ipsec.conf
> remote_gw = "192.168.0.1"
> remote_net = "{ 10.0.100.0/22, 10.0.2/24 }"
> local_net = "{ 172.16.18.0/26 }
>
> ike esp from
On Thu, Oct 12, 2006 at 10:07:27AM +0200, viq wrote:
>...
> Now, there are two caveats to this I didn't yet figure out how to solve.
> 1) VPN-B must be able to resolve vpn-b.my.domain to the address of
> it's egress interface, otherwise the traffic won't get encapsulated.
> Right now I was doing th
Woodchuck skrev:
On Wed, 27 Sep 2006, Hans Almqvist wrote:
Hi all!
I am trying to install Spamassaassin from the ports tree on an OpenBSD 3.9
system.
I have removed /usr/ports an downloaded a fresh copy starting from scratch.
I did one prior run with make which of course gave the same
Hi all!
I am trying to install Spamassaassin from the ports tree on an OpenBSD
3.9 system.
I have removed /usr/ports an downloaded a fresh copy starting from scratch.
I did one prior run with make which of course gave the same result.
I get the fallowing: *Error in package*:
==
ery logfile to /etc/newsyslog.conf is one way, but hard to
> maintain. Is Apache's own rotatelogs program the way to go?
I prefer to use cronolog.
It's in ports.
Hans
> dmesg:
> rl0 at pci0 dev 8 function 0 "Realtek 8139" rev 0x10: irq 11, address
> 00:48:54:65:39:5a
> rlphy0 at rl0 phy 0: RTL internal PHY
rl0 at pci1 dev 10 function 0 "Realtek 8139" rev 0x10: irq 11, address
00:10:a7:0b:16:ed
rlphy0 at rl0 phy 0: RTL internal PHY
Greetings,
Hans
please provide all information.
On Tue, Sep 05, 2006 at 02:50:12PM -0400, John Ruff wrote:
> I'm trying implement a IPSec/VPN tunnel and phase-II of the IKE
> negotiation is failing with the following errors seen from 'isakmpd -
> dKL -D A=90':
>
> 110340.763012 Default pf_key_v2_get_spi: GETS
what ipsec software is running on the clients? What does your
ipsec.conf on the firewall look like?
On Sat, Sep 02, 2006 at 04:01:51PM -0400, Axton Grams wrote:
> Hoping someone can point me in the right direction to get isakmpd working.
>
> The scenario:
> - the router drops all traffic directe
kspittles since 1998!
> http://www.playr.co.uk/sudoku/
> http://weblog.vanhegan.net/
>
>
man uuencode
it's in the examples.
Kind regards,
Hans
On Tue, Aug 08, 2006 at 08:23:39PM +0200, Floroiu, John Williams wrote:
>
> does sasyncd enable the IPsec failover gateways to also share the ISAKMP SA
> (so that DPD exchanges can proceed despite failures)? the ISAKMP SA is not
> explicitly mentioned in the help page (and is actually distinct fro
fails : v=88 m=03 b=01 read_data
I'm guessing that one of the disks is broken, but how can I found out which
one? And is the data still stored correctly, or does this mean the database
will be corrupt?
Below you will (hopefully) find all relevant information.
Thanks,
Hans
[EMAIL PROT
Hi,
On Wed, Aug 16, 2006 at 09:46:18AM -0400, Stefan wrote:
> Hans-Joerg Hoexer wrote:
> > this is on -current?
>
> Sorry, I should have mentioned it. It's 3.9 release.
setting the group was added post 3.9.
this is on -current?
On Tue, Aug 15, 2006 at 10:46:37PM -0400, Stefan wrote:
> Can someone explain why this is giving a syntax error?
>
>
> ike esp from 10.0.0.0/24 to 10.1.0.0/24 peer (remote IP CIDR) \
> main auth hmac-md5 enc 3des group modp1024 \
Hi,
On Thu, Aug 10, 2006 at 12:04:08AM -0400, Steve Glaus wrote:
> ...
> One glaring difference that I can see is that when I connect to the
> DLINK I use a passive connection and isakpmd sits and listens for
> incoming connections. Could this be a lifetime issue? Tech support at
> the other en
On Fri, Jul 28, 2006 at 09:32:09AM -0700, Spruell, Darren-Perot wrote:
> Word is, there is a flaw in IKEv1 that allows for an attacker to create IKE
> sessions faster than previous attempts expire. The security research firm
> who found the flaw only lists Cisco VPN devices as being vulnerable whil
On Fri, Jul 28, 2006 at 03:57:02PM -0400, Steven Surdock wrote:
> Stuart Henderson wrote:
> > On 2006/07/28 06:30, jeraklo wrote:
> >> sorry. got to go with the stable branch (3.9).
> >
> > disadvantages:-
> >
> > openvpn is more complicated to install on OpenBSD than ipsec
> > lots of security f
On Wed, Jul 05, 2006 at 11:10:43AM -0600, Stephen Bosch wrote:
> Does tcpdump work on enc0?
>
> -Stephen-
>
yes:
<[EMAIL PROTECTED]:1>$ sudo tcpdump -n -i enc0
Password:
tcpdump: WARNING: enc0: no IPv4 address assigned
tcpdump: listening on enc0, link-type ENC
19:32:49.036465 (authentic,confiden
isakmpd is only allowed to write to files in the /var/run directory.
I've updated the manpage accordingly.
On Wed, Jun 28, 2006 at 04:37:16PM -0600, Stephen Bosch wrote:
> Hi:
>
> Running OpenBSD 3.8, I cannot get isakmpd to write to a capture file.
>
> Here is my mount output:
>
> /dev/wd0a on
On Wed, Jun 28, 2006 at 06:38:42PM +0200, Thomas Bvrnert wrote:
> with the vpn1411 crypto card i get only
>
> 700 - 720 KB/s
> CPU 30%
>
> by the way the driver of the crypto card is buggy. i have
> a lot of cards here removed in the last year. i got several
> hangs. h
On Thu, Jun 22, 2006 at 10:22:08AM -0700, Joe wrote:
> Dries Schellekens wrote:
> >Bihlmaier Andreas wrote:
> >
> >>>As I say earlier, the hardware is working, but the performance
> >>>bottleneck is elsewhere (presumably kernel crypto framework).
>
> I'm interested in purchasing one of these boar
Hi,
On Tue, Jun 13, 2006 at 04:10:08PM -0700, Spruell, Darren-Perot wrote:
>
> To follow that further, is it currently possible to do this kind of
> road-warrior setup using ipsecctl/ipsec.conf? Doesn't it require aggressive
> mode do to the unknown nature of the peer IP?
since c2k6 it almost is
Hi all!
Is there anyone out there using this controller successfully with
OpenBSD ?
In other word's : Is it supported by this OS ?
/Hans Almqvist
On Thu, May 04, 2006 at 12:31:28PM -0500, Nathan Johnson wrote:
...
> The problem is when I try to ping any machine from network A to
> 192.168.51.0/24 (gateway B's internal network) besides the gateway
> itsself (192.168.51.1), ping doesn't work.
what does "doesn't" work mean? Do you see the icm
On Thu, Apr 20, 2006 at 02:11:36PM +0100, Constantine A. Murenin wrote:
> Hi,
>
> I have an OpenBSD (file-)server at a remote location on the internet
> that is around 137ms away from an OS X 10.4 laptop.
>
> Is there a way to securely mount OpenBSD's filesystems from OS X in
> such a setting?
c
On Wed, Apr 05, 2006 at 05:13:36PM +1000, Karl Kopp wrote:
>
> Firstly, I thought I could just use /etc/ipsec.conf (right?) and a
> line like this:
>
> ike esp from 10.1.1.0/24 to 202.1.1.0/24 peer 202.1.1.30 main auth
> hmac-md5 enc 3des psk shhhSecret
this looks correct.
Additionally to the d
On Wed, Apr 05, 2006 at 11:27:03AM +0200, Ingbert Zan wrote:
>
> Does anybody know how to distinguish between the two flows?
you can't.
> Of course it would be possible to NAT the two 10/8 networks
> on Box 1 and 2.
do that.
root.
Excuse my question - I don't want to attack our loved project but does
that mean that we've got a second remote hole? Don't kick my ass.
By default sendmail only listens on the local interface.
Hans
Hi,
On Fri, Mar 31, 2006 at 11:01:03AM +0200, Stefan Sczekalla-Waldschmidt wrote:
>
> Some days ago one certain vpn-tunnel started failing for an
> unpredictable time of some minutes up to an hour.
> ( mostly just less than 5 minutes). All other site-link-tunnels stay up
> and running.
>
> a lon
On Mon, Mar 27, 2006 at 03:37:42AM -0500, Christopher Thorpe wrote:
> dmesg says:
> hifn0 at pci0 dev 14 function 0 "Hifn 7955/7954" rev 0x00: LZS 3DES ARC4
> MD5 SHA1 RNG AES PK, 32KB dram, irq 11
>
> The drivers support modular exponentiation, but I'm having trouble
> finding documentation o
On Wed, Mar 22, 2006 at 11:30:40PM +0100, Lukas Drbohlav wrote:
>
> with this in x509v3.cnf
> # default settings
> CERTUFQDN = "what i have to give there ??!!"
the UFQDN, eg. "[EMAIL PROTECTED]". Please take a look at isakmpd(8),
where this is explained using FQDN. UFQDN is simila
Hi,
On Tue, Mar 21, 2006 at 07:27:45PM +1100, Rod Whitworth wrote:
>
> Total mention in the manpage:
> srcid
>This optional parameter defines a FQDN that will be used by
>isakmpd(8) as the identity of the local peer.
>
> dstid
>Similar to srcid, th
he archives for more information.
Good luck,
Hans
Can you show me the output of "ipsecctl -nvf ..." on both machines.
HJ.
On Wed, Feb 22, 2006 at 01:08:39PM -0500, Adam wrote:
> I am trying to setup a simple vpn between two networks using ipsecctl.
> One side is running 3.8 release, the other 3.8 stable. On both sides I
> have copied over /etc/
yes, these cards have issues. The only advice I can give is to set
kern.usercrypto=0. I tried to debug this several times, but I did
not find a test case that produces this issue reliably.
On Mon, Jan 30, 2006 at 04:46:49PM -0600, Sean Cody wrote:
> I have been having issues lately with the HiFn
On Wed, Jan 18, 2006 at 11:20:55AM +0100, Joachim Schipper wrote:
>
> Each will work; OpenVPN is slightly easier to set up, but IPsec will
> likely offer better performance.
Forget about openvpn, there's no need to fiddle around with third
party stuff.
Just make sure to take a look at vpn(8). I
Hi,
On Fri, Dec 23, 2005 at 11:58:14AM -0500, Will H. Backman wrote:
>
> Reducing the enckey to 160 bits worked. Interesting to note that if a
> key is too short, you get a nice warning that the key is too short and
> must be 160 bits long. If a key is too long, you don't get a warning,
> ju
the defaults are hmac-sha2-256 and aesctr which uses a 160 bit key.
On Wed, Dec 21, 2005 at 03:25:26PM -0500, Will H. Backman wrote:
> OpenBSD 3.8 release.
> I'm getting the same errors as this thread:
> http://archives.neohapsis.com/archives/openbsd/2005-11/1980.html
> I'm trying to use as many d
On Sun, Dec 18, 2005 at 06:58:22PM +0100, Lukasz Sztachanski wrote:
> ipsecadm(8) isn't new ;) Probably ipsecctl isn't `mature' enough to
> handle such setup. Imho, you'll have to use isakmpd- actually web is
> full of tutorials and examples of isakmpd configurtion; plus, it's very
> flexible and c
Hi,
On Fri, Dec 16, 2005 at 09:48:06AM +, Gordon Ross wrote:
> I'm trying to setup an isakmpd VPN using x509 keys between two OpenBSD
> 3.8 boxes.
>
> To start with, I followed the instructions at
> http://www.openbsdsupport.org/vpn-ipsec.html to setup an initial VPN
> using pre-shared secret
Olivier Mehani wrote:
On Fri, 09 Dec 2005 13:12:14 +0100
Hans van Leeuwen <[EMAIL PROTECTED]> wrote:
CustomLog "|/usr/local/sbin/cronolog -l /var/www/logs/access-hanz.nl
/var/www/logs/old/access-hanz.nl.%Y%m%d" combined
But you are not using the default chrooted
Olivier Mehani wrote:
On Fri, 09 Dec 2005 11:11:23 +0100
Hans van Leeuwen <[EMAIL PROTECTED]> wrote:
Could you please share your preferred methods to rotate the
/var/www/logs/, ?
I had the same problem, and solved it by using cronolog.
From my httpd.conf:
CustomLog "
nz.nl
/var/www/logs/old/access-hanz.nl.%Y%m%d" combined
Hans
yes, you can. You need to encrypt traffic from/to your laptop to
0.0.0.0/0. So instead of using your gw address, use 0.0.0.0/0.
HJ.
On Thu, Dec 01, 2005 at 08:00:38AM +0100, raff wrote:
> Hi,
> I have wireless connection between my machine and router/gateway.
> I can set up ipsec connection bet
On Wed, Nov 30, 2005 at 03:58:07PM +0100, martin wrote:
...
> [Phase 1]
> 10.10.10.9= ISAKMP-peer-ignition
>
> [Phase 2]
> Connections=IPsec-ignition-soekris
this should be a passive connection. Otherwise isakmpd will try
to keep this connection up and when this fails it
1 - 100 of 137 matches
Mail list logo