Re: DHCPd - option capwap (code 138)

2021-05-11 Thread Radek
Update. My conf seems to work as expected, but it took a few hours for APs to find the controller. Since then even new APs find the controlles in a few minutes. Controller: Alcatel-Lucent OmniVista 2500 APs: OAW-AP1321-RW Thanks for your help! On Mon, 10 May 2021 15:30:01 +0200 Radek wrote

Re: DHCPd - option capwap (code 138)

2021-05-10 Thread Radek
10.109.3.254; range 10.109.3.201 10.109.3.220; #option option-138 10.109.3.100; option option-138 A:6D:3:64; host [...] On Thu, 6 May 2021 11:45:43 +0200 Denis Fondras wrote: > Le Thu, May 06, 2021 at 10:48:55AM +0200, Radek a écrit : > > Hello, > > I want to use dhcpd server t

DHCPd - option capwap (code 138)

2021-05-06 Thread Radek
*option capwap* to /etc/dhcpd.conf option capwap code 138 = ip-address; #Custom Option capwap option capwap 192.168.1.110; #WLAN-Controller-IP I can't find the capwap option in dhcp-options(5) i OpenBSD. How can I do what I need using other options/configuration? Thanks! -- Radek

Fw: Re: npppd - changing clients' route table

2021-02-21 Thread Radek
o wrote: > Hello, > > On Sat, 20 Feb 2021 21:14:24 +0100 > Radek wrote: > > I have a router with VPN server (npppd). LAN net is 10.109.3.0/24, gw > > 10.109.3.254, the VPN net is 10.109.4.0/24, gw 10.109.4.254. > > If the client is conencted to VPN all cli

npppd - changing clients' route table

2021-02-20 Thread Radek
d OpenBSD 6.8 (GENERIC.MP) #4: Mon Jan 11 10:35:56 MST 2021 r...@syspatch-68-amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP -- Radek

Re: OpenSMTPD is not sending e-mail.

2021-01-28 Thread Radek
ing 66.102.1.27... > Connected to gmail-smtp-in.l.google.com. > Escape character is '^]'. > 220 mx.google.com ESMTP k2si3832128wrm.242 - gsmtpquit > 221 2.0.0 closing > connection k2si3832128wrm.242 - gsmtp > Connection closed by foreign host. > > -- Radek

Fw: Re: How to request a specific IP address from DHCP server

2021-01-22 Thread Radek
Forward. Begin forwarded message: Date: Thu, 21 Jan 2021 16:32:55 +0100 From: Radek To: Allan Streib Subject: Re: How to request a specific IP address from DHCP server > Can you configure a permanent IP address in the client configuration > (hostname.if file) that is outside the

Re: How to request a specific IP address from DHCP server

2021-01-22 Thread Radek
/db/dhcpd.leases (instead of the my_addrees) and DHCPD can give my_address to other client. Am I rigth? On Wed, 20 Jan 2021 09:38:13 +0100 Marco Scholz wrote: > On Tue, Jan 19, 2021 at 08:56:39PM +0100, Radek wrote: > > I can't manage to request a specific IP address from DHCP ser

Re: How to request a specific IP address from DHCP server

2021-01-19 Thread Radek
nected to the network. > configuration changes at the server end. Nobody touches the server end. On Tue, 19 Jan 2021 21:05:21 + Peter Kay wrote: > On Tue, 19 Jan 2021 at 20:57, Radek wrote: > > > > Hi, > > I can't manage to request a specific IP address from

How to request a specific IP address from DHCP server

2021-01-19 Thread Radek
/etc/netstart vr0 vr0: 192.168.1.103 lease accepted from 192.168.1.1 (b0:48:7a:a5:86:15) $ dhclient -v vr0 vr0: DHCPREQUEST to 255.255.255.255 vr0: DHCPACK from 192.168.1.1 (b0:48:7a:a5:86:15) vr0: 192.168.1.103 lease accepted from 192.168.1.1 (b0:48:7a:a5:86:15) Thanks for any help. -- Radek

Re: npppd - problem with simultaneous sessions

2021-01-08 Thread Radek
ssing IPsec protection >0 dropped due to full socket buffers >609 delivered >236 datagrams output >354 missed PCB cache > > I started looking into this problem. > > On Thu, 7 Jan 2021 09:45:07 +0100 > radek wrote: > > Hi,

Re: npppd - problem with simultaneous sessions

2021-01-07 Thread radek
s there? It is directly connected do X.Y.Z.13, no NAT. On Thu, 07 Jan 2021 16:27:57 +0900 (JST) YASUOKA Masahiko wrote: > Hi, > > On Wed, 6 Jan 2021 21:33:49 +0100 > Radek wrote: > > I have a box with relatively fresh install of 68/amd64, fully > > syspatched. There is

npppd - problem with simultaneous sessions

2021-01-06 Thread Radek
20:53:44 fw-u npppd[82720]: ppp id=1 layer=mppe logtype=Opened our=128bit,stateless peer=128bit,stateless Jan 6 20:53:44 fw-u npppd[82720]: ppp id=1 layer=base Using pipex=yes -- Radek

Re: OpenBSD + Firebird Server

2020-11-25 Thread Radek
ns wrote: > On Tue, Nov 24, 2020 at 9:27 PM Radek wrote: > > > Hi, > > is it possible to install Firebird Server in OpenBSD? I can't find any > > info about that anywhere. > > Thanks! > > > Assuming you mean the SQL database, when last I

OpenBSD + Firebird Server

2020-11-24 Thread Radek
Hi, is it possible to install Firebird Server in OpenBSD? I can't find any info about that anywhere. Thanks! -- Radek

Re: Wine for OpenBSD?

2020-04-12 Thread Radek
> This is ain't the 90's man everyone can afford to have 2-3 or more PCs at > home But sometimes you have to be outside the home. [1] https://www.metatrader4.com/ Cheers! -- Radek

Re: Ajust or set OpenIKED renegotiation timeout manually if remote ISP reset connections

2020-04-03 Thread Radek
rcctl restart iked fi fi sleep 32 done You can trim the sleep time as you need but remember to give some time to restart/renegotiation/resync... I hope it helps. -- Radek

Re: [OpenIKED] current session list

2020-04-01 Thread Radek
On Wed, 1 Apr 2020 08:50:41 - (UTC) Stuart Henderson wrote: > On 2020-04-01, Radek wrote: > > Hi @misc, > > is there any equivalent of "npppctl sessions all/brief" for iked(8)? > > How can I get the list of currently connected roadwarriors? They use CA. &g

[OpenIKED] current session list

2020-04-01 Thread Radek
Hi @misc, is there any equivalent of "npppctl sessions all/brief" for iked(8)? How can I get the list of currently connected roadwarriors? They use CA. "ipsecctl -sa" shows IPs only, but I need to know who is who. -- Radek

Re: Traffic prioritization inside VPN

2020-01-02 Thread Radek
dwitdh they just get it with higher priority and my boxes always can use *the rest*. If there is a quiet it the network my boxes can use the whole highway. On Thu, 2 Jan 2020 17:57:19 +0100 fRANz wrote: > On Thu, Jan 2, 2020 at 3:51 PM radek wrote: > > > I tried to do it by "

Traffic prioritization inside VPN

2020-01-02 Thread radek
p from to (egress:0) set prio (6, 7) keep state pass in quick on egress proto udp from to (egress:0) port {500, 4500} set prio (6, 7) keep state pass in on egress proto udp from any to (egress:0) port {isakmp,ipsec-nat-t} set prio (6,7) keep state pass in on egress proto {ah,esp} set prio (6,7) keep state block return in on ! lo0 proto tcp to port 6000:6010 -- Radek

Re: Disabling ACPI permanently

2019-12-27 Thread Radek
Hello Philip, This box has installed the newest BIOS firmware. Following your suggestion I sent a bug report to b...@openbsd.org https://marc.info/?l=openbsd-bugs=157747038309405=2 On Mon, 23 Dec 2019 08:25:13 -0800 Philip Guenther wrote: > On Mon, Dec 23, 2019 at 5:10 AM Radek wr

Disabling ACPI permanently

2019-12-23 Thread Radek
82281c40, count: 0 https://www.openbsd.org/ddb.html describes the minimum info required in bug reports. Insufficient info makes it difficult to find and fix bugs. ddb> -- Radek

Re: Moving IKED certificates between routers

2019-11-17 Thread Radek
6. On Sun, 10 Nov 2019 15:00:58 +0100 Radek wrote: > My new box has the same /etc/myname. > > I copied: > /etc/iked/ca/ca.crt > /etc/iked/certs/1.2.3.4.crt > /etc/iked/crls/ca.crl > /etc/ssl/vpn/* > > What did I do wrong/miss? > > Windows shows error 13826: Fail

Re: [OpenIKED] Network traffic over VPN site-to-site tunnel stalls few times a day

2019-11-13 Thread radek
On Sun, 22 Sep 2019 17:11:20 +0200 Radek wrote: > Thank you Stuart. > I can't touch/upgrade these routers, but I have a bunch of Soekris/net5501 > that I can use for testing -current. Unfortunately, they are i386. I hope the > arch doesn't matter in this case. > I'll try -current

Re: Moving IKED certificates between routers

2019-11-10 Thread Radek
-11-10, Radek wrote: > > Hi Stuart, > > I have played around with copying them across but no luck (I get error > > 13801 in win7). I don't know what I'm doing wrong. > > > > Do I need to set the same hostname (/etc/myname) in new box to make old > > certs work

Re: Moving IKED certificates between routers

2019-11-10 Thread Radek
should be copied/edited (/etc/ssl/vpn/ /etc/iked/) to make rdk.6501.rac working in new box? On Fri, 8 Nov 2019 11:59:56 - (UTC) Stuart Henderson wrote: > On 2019-11-08, radek wrote: > > Hello, > > > > I'm going to replace 6.5 router with new 6.6 box. Is it necessary

Moving IKED certificates between routers

2019-11-08 Thread radek
is journey. -- Radek

Re: [OpenIKED] Network traffic over VPN site-to-site tunnel stalls few times a day

2019-09-22 Thread Radek
? Nobody else reports having the same issue here... On Fri, 20 Sep 2019 16:55:02 - (UTC) Stuart Henderson wrote: > On 2019-09-20, radek wrote: > > Hello Patrick, > > I am sorry for the late reply. > > > > I have replaced my ALIX/Soekris production routers with APU1C

Re: [OpenIKED] Network traffic over VPN site-to-site tunnel stalls few times a day

2019-09-20 Thread radek
blem still occurs. On the other side the ISP redirects all DNS requests to its own DNS. Any idea? On Sun, 25 Aug 2019 20:28:27 -0500 Patrick Dohman wrote: > Radek > In my opinion upstream DNS & UDP issues can cause interrupts with some ISP's. > I also believe that defining specific proto

Re: [OpenIKED] Network traffic over VPN site-to-site tunnel stalls few times a day

2019-08-25 Thread Radek
storage or virtualization. > The OpenBSD O.S includes all the user-land tools such as ping & top in > addition to a standardized precompiled kernel. > Regards > Patrick > . > > > > > > On Thu, 22 Aug 2019 19:12:55 -0500 > > Patrick Dohman wrote: > > > &

Re: [OpenIKED] Network traffic over VPN site-to-site tunnel stalls few times a day

2019-08-23 Thread radek
5 280 279 1 2 0 80 In use 5679K, total allocated 6336K; utilization 89.6% On Thu, 22 Aug 2019 19:12:55 -0500 Patrick Dohman wrote: > Radek > > I’ve found that fast networking is actually CPU & memory intensive. > Pentium 4 and Xeon's are increasin

Re: [OpenIKED] Network traffic over VPN site-to-site tunnel stalls few times a day

2019-08-20 Thread radek
n CMOS layout On Mon, 19 Aug 2019 18:17:48 -0500 Patrick Dohman wrote: > Do you consider memory an issue? > What is the speed of your memory? > Unix load average can occasionally be deceiving. > What make of Ethernets are you running? > Regards > Patrick > > > On Aug 19

Re: [OpenIKED] Network traffic over VPN site-to-site tunnel stalls few times a day

2019-08-19 Thread radek
ever been an issue? > Regards > Patrick > > > On Aug 18, 2019, at 1:03 PM, Radek wrote: > > > > Hello, > > > > I have two testing gateways (6.5/i386) with site-to-side VPN between its > > LANs (OpenIKED). > > Both gws are fully syspatched, have publi

[OpenIKED] Network traffic over VPN site-to-site tunnel stalls few times a day

2019-08-18 Thread Radek
] ; then mon=`ping -c 3 -w 1 the_other_side_WAN_IP | grep packets | awk -F " " '{print $4}'` wan=`ping -c 3 -w 1 8.8.8.8 | grep packets | awk -F " " '{print $4}'` if [ "${mon}" -gt 0 ] && [ "${wan}" -gt 0 ] ; then echo vpn: ${vpn}, mon: ${mon}, wan: ${wan} | mail -s "no ping through VPN RACTEST-MON! restartng iked!" em...@example.com rcctl restart iked fi fi sleep 32 done -- Radek

Re: low bandwidth results with IPSEC enabled between two PC Engines APU2C2

2019-05-05 Thread Radek
zation. > They will eventually resync on their own, but it takes several > minutes. > > -- > Christian "naddy" Weisgerber na...@mips.inka.de > -- Radek

problem with site-to-site VPN between local machine and remote LAN (OpenIKED)

2019-03-09 Thread Radek
esp tunnel from 240.240.10.70 to 240.240.10.69 spi 0x4b96dca8 auth hmac-sha2-256 enc aes-256 esp tunnel from 240.240.10.69 to 240.240.10.70 spi 0x62c0615a auth hmac-sha2-256 enc aes-256 esp tunnel from 240.240.10.69 to 240.240.10.70 spi 0x97cc9e5f auth hmac-sha2-256 enc aes-256 remoteLAN_machine# cat /etc/pf.conf | grep "^[^#;]" set skip on {lo, enc} match in all scrub (no-df random-id) match out all scrub (no-df random-id) pass all -- radek

Re: vlan problem

2019-01-28 Thread Radek
10.10.255 > >I can also ping 10.10.10.1. > > > >Why vlan0 not linked vio0(parent) without create bridge? > > > >Is this normal? AM I miss understand vlan? > > > >(eg: I also tried on real machine with hostname.em0 card, same result) > > > >Thanks. > > > > > > > > > > > >Key fingerprint: CDB3 6C62 254B C088 1E5D DD32 182C 97DB CF2C 80AC > > > Key fingerprint: CDB3 6C62 254B C088 1E5D DD32 182C 97DB CF2C 80AC -- radek

Re: Printing problem

2019-01-25 Thread Radek
Thank you Stuart. If I use /usr/local/bin/lpr printing works as expected. $ grep Kyocera /etc/xpdfrc psFile "|/usr/local/bin/lpr -P Kyocera_Mita_FS-6020" On Wed, 23 Jan 2019 14:33:15 - (UTC) Stuart Henderson wrote: > On 2019-01-23, Radek wrote: > >

Re: Printing problem

2019-01-23 Thread Radek
ready fixed in -current. > > > > Indeed. Out of curiosity, what was it? I couldn't find anything under > > http://www.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/lpr/ > > that would break and fix this. > > > > Remote printing with lpd was broken from January 20 to February 7. > > usr.sbin/lpr/lpd/printjob.c (broken by r1.50, fixed by r1.52) > > Thanks, > Jeremy > -- radek

Re: Slow VPN Performance

2019-01-21 Thread Radek
nough to show that things are much slower with IPsec enabled. True. I use LAN machine on the one side in my netcat tests, but I don't have any on the other side, so I have to use router. On Mon, 21 Jan 2019 13:52:41 + (UTC) Stuart Henderson wrote: > On 2019-01-21, Radek wrote: > &

Re: Slow VPN Performance

2019-01-21 Thread Radek
516.66 23.49514.80 30.79594.94 37.45583.15 34.16621.32 31.54653.58 31.40659.72 33.00667.91 40.15753.08 34.54738.35 32.15639.13 35.11621.26 34.78733.43 34.59728.21 On Fri, 18 Jan 2019 18:25:11 +0100 Ra

Re: Slow VPN Performance

2019-01-18 Thread Radek
ug data if you actually want to help. > > Have you tried your NC on the loopback as a reference ? > is the HEADER compression activated ? On Fri, 18 Jan 2019 09:28:45 -0500 sven falempin wrote: > On Fri, Jan 18, 2019 at 8:58 AM Radek wrote: > > > I have configured Site-t

Re: Slow VPN Performance

2019-01-18 Thread Radek
ver know what that might > > bring. > > There's a commit from just after 5.2 which is relevant to some > packet forwarding setups, which might be of interest.. > > http://www.openbsd.org/cgi-bin/cvsweb/src/sys/netinet/ip_input.c?r1=1.197;f=h#rev1.197 > -- radek

Re: Blocking "shodan.io" - What are my options?

2019-01-18 Thread Radek
Sorry, I haven't tried it yet. I'll do it ASAP. On Tue, 15 Jan 2019 21:05:32 -0600 ed...@pettijohn-web.com wrote: > On Sun, Jan 13, 2019 at 01:39:13PM -0600, ed...@pettijohn-web.com wrote: > > On Sun, Jan 13, 2019 at 08:04:32PM +0100, Radek wrote: > > > Hi, > > >

Re: Blocking "shodan.io" - What are my options?

2019-01-13 Thread Radek
aemon to do what we're looking for. It listens on > specified ports, accepts the connection and executes a script so you can > either use something like logger or pfctl, etc to do what you want with > the address it connected from. If anyone wants to play with it let me > know and I'll send you the tarball. > > Edgar > -- radek

Re: Polish localization

2019-01-09 Thread Radek
Polish interfaces are not obligatorily needed. On Tue, 8 Jan 2019 17:29:22 +0200 Dumitru Moldovan wrote: > On Tue, Jan 08, 2019 at 02:52:21PM +, Radek wrote: > >Hello, > > > >I'm trying to set Polish locales in my new desktop (6.4/amd64, xenodm, > >WindowMaker). > > &

Polish localization

2019-01-08 Thread Radek
LANG= LC_COLLATE="C" LC_CTYPE="C" LC_MONETARY="C" LC_NUMERIC="C" LC_TIME="C" LC_MESSAGES="C" LC_ALL= Any help appreciated. Thanks! -- radek

Re: Blocking "shodan.io" - What are my options?

2019-01-03 Thread Radek
es at > boot and run an hourly script to do a pfctl -T expire 86400 to > keep the table clean of old attackers. > > Shodan isn't the only scanner out there, so there is no point in just > blocking it. And I figure if someone is trying to connect to unused > ports on my system, they probably aren't up to any good. If you aren't > aware that my machine isn't legitimately listening on 22 or 23, or 443, > I don't want to talk to you. > > I usually just run on port 22 and move sshd to a different port, that > seems to stop >95% of attackers. > > -- radek

Re: ikev2 and road warriors setup

2018-12-28 Thread Radek
Any help appreciated! On Fri, 28 Dec 2018 10:41:22 +0100 Radek wrote: > Hello, > > finally I solved my problem as follows: > 1. Uncheck "use default gateway on remote network" in warrior (Windows) > 2. Create route192.bat file: route add 192.168.2.0 mask 255.255.255

Re: Cheaper alternatives for APC UPS

2018-12-28 Thread Radek
Thanks for your hints, Stuart. I hope to get one OpenUPS soon and give it a try. On Sun, 23 Dec 2018 12:13:12 + (UTC) Stuart Henderson wrote: > On 2018-12-19, Radek wrote: > > Thank you for all your comprehensive technical references. I just wanted to > > know if there is

Re: ikev2 and road warriors setup

2018-12-28 Thread Radek
d) match out on egress from lan:network to any nat-to egress block log all pass in on egress proto udp from any to any port {isakmp,ipsec-nat-t} pass in on egress proto {ah,esp} pass out on egress pass on lan On Wed, 12 Dec 2018 21:45:25 +0100 Radek wrote: > Hello again, > > I

Re: Cheaper alternatives for APC UPS

2018-12-19 Thread Radek
ower consumption device that can shutdown my home OpenBSD router when the power is loss. I would like not to use 230V device fot that purpose, which consumes more power when compare to 12V devices. On Tue, 18 Dec 2018 20:19:20 +0100 Juan Francisco Cantero Hurtado wrote: > On Mon, Dec 17, 2018

Cheaper alternatives for APC UPS

2018-12-17 Thread Radek
cheaper alternatives. Thanks! -- radek

Re: ikev2 and road warriors setup

2018-12-12 Thread Radek
... Many thanks! On Fri, 7 Dec 2018 20:20:21 +0100 Radek wrote: > Hello, > > I am still almost in the same point. > If I want to reach my GW88_LAN I have to check "use default gateway on remote > network" box (Windows roadwarrior), but this option makes me reaching th

Re: sh /etc/netstart interface counter intuitive behaviour with multiple inet aliases 6.4 and 6.3

2018-12-07 Thread Radek
ast 10.134.91.203 > >>> inet 10.134.91.205 netmask 0xfffc broadcast 10.134.91.207 > >>> inet 10.134.91.209 netmask 0xfffc broadcast 10.134.91.211 > >>> inet 10.134.91.213 netmask 0xfffc broadcast 10.134.91.215 > >>> inet 10.134.91.217 netmask 0xfffc broadcast 10.134.91.219 > >>> inet 10.134.91.221 netmask 0xfffc broadcast 10.134.91.223 > >>> inet 10.134.91.225 netmask 0xfffc broadcast 10.134.91.227 > >>> inet 10.134.91.229 netmask 0xfffc broadcast 10.134.91.231 > >>> inet 10.134.91.233 netmask 0xfffc broadcast 10.134.91.235 > >>> inet 10.134.91.237 netmask 0xfffc broadcast 10.134.91.239 > >>> inet 10.134.91.241 netmask 0xfffc broadcast 10.134.91.243 > >>> inet 10.134.91.245 netmask 0xfffc broadcast 10.134.91.247 > >>> > >>> This behaviour is counter intuitive as it is different to sh > >>> /etc/netstart > >>> behaviour on the configuration of inet addresses > >>> im wondiring is this a feature or a bug ... or me misunderstanding the > >>> use of netstart script to reset / reload the configuration of an interface > >>> > >>> Thanks > >>> > >>> Tom Smyth > >>> > >> > >> -- > >> I'm not entirely sure you are real. > > > > > > > -- radek

Re: ikev2 and road warriors setup

2018-12-07 Thread Radek
ess 10.0.1.0/24 \ config netmask 255.255.255.0 \ config name-server 8.8.8.8 On Fri, 30 Nov 2018 15:06:28 +0100 Radek wrote: > Hello, > > Thank all of you for your time and your help in this matter! > I think that the ISP of A.B.C.0/23 is filtering/blocking some certificates. > I have

Re: iked : pf.conf rule for outgoing traffic

2018-12-07 Thread Radek
> > >> > > >> But I can't reach internet from A through B. > > >> > > >> Here is the pf.conf on B (at least a small part of it) > > >> > > >> pass out on egress \ > > >> from any to any tagged IKED \ > > >> nat-to (egress) > > >> > > >> > > > > > > I'm still stuck at the same point. > > > Can someone give me an example of a working configuration natting ot > > > Internet? > > > > I used this, > > > > pass in on enc0 inet from $some_net > > pass out quick on egress inet received-on enc0 nat-to $some_address > > > > Also I don't remember what you've already said you checked, but > > make sure you have sysctl net.inet.ip.forwarding=1. > > > > Thank you. > Yes, I do have ip.forwarding=1. > > I'm confused how to replace "$some_address". Isn't it "(egress)" ? > > Regards. > -- radek

Re: ikev2 and road warriors setup

2018-11-30 Thread Radek
| | +---+192.168.2.1| 172.16.2.254/24---| | ++ | |+192.168.3.254/24 Thanks! On Thu, 8 Nov 2018 14:04:23 +0100 Radek wrote: > I've been playing around with netcat. > I noticed that the netcat process on my VPN_server does not show any "X&quo

Re: Supermicro X7SPA-HF D510 and OpenBSD

2018-11-23 Thread Radek
main pool of > memory anyway). It does not matter to me. 8MB is OK for OS installation. I am not gonna use X, serial console and ssh is all I need. On Thu, 22 Nov 2018 12:01:36 -0800 Misc User wrote: > On 11/22/2018 6:13 AM, Stuart Henderson wrote: > > On 2018-11-22, Radek wrote: > >>

Supermicro X7SPA-HF D510 and OpenBSD

2018-11-22 Thread Radek
is also welcomed. Thanks! -- radek

Re: ikev2 and road warriors setup

2018-11-08 Thread Radek
On Wed, 7 Nov 2018 12:17:09 +0100 Radek wrote: > Yesterday I tried this scenario: > > Win7_warrior - 192.168.x.x, NAT, GW: 1.2.3.119 > VPN_L2TP (Mikrotik) - A.B.C.75/23, not NATed > VPN_IKEv2 - A.B.C.77/23, not NATed > > I connected Win7_warrior to VPN_L2TP and then to VPN_IK

Re: ikev2 and road warriors setup

2018-11-07 Thread Radek
and get private IP from dhcp server. Then I move to public A.B.C.77/23 editing /etc/hostname, mygate, resolv.conf. Maybe I missed something in network conf that is important for OpenIKED? Any idea? On Tue, 6 Nov 2018 11:21:52 +0100 Radek wrote: > Hello Kim, > > > My question wa

Re: ikev2 and road warriors setup

2018-11-06 Thread Radek
t any Router/FW problem. On Tue, 6 Nov 2018 07:48:37 +0100 Kim Zeitler wrote: > Good morning Radek, > > I have a suspicion ... > > > For (1), (2) and (3) VPN is working just fine with Win7_warrior and > > puffy_warrior if they are connecting from A.B.C.0/23 (it does not

Fw: Re: ikev2 and road warriors setup

2018-11-05 Thread Radek
cookie: 64755be010cd32d2-> msgid: len: 510 18:45:41.927874 A.B.C.77.500 > 1.2.3.119.500: isakmp v2.0 exchange IKE_SA_INIT cookie: 64755be010cd32d2->2a0fe33c6b9afff8 msgid: len: 471 Thanks! On Mon, 5 Nov 2018 09:27:25 +0100 Kim Zeitler wrote

Re: ikev2 and road warriors setup

2018-11-02 Thread Radek
5535 ikev2_pld_ts: start 172.16.0.0 end 172.16.0.255 ikev2_msg_send: IKE_AUTH request from 1.2.3.119:500 to A.B.C.77:500 msgid 1, 1600 bytes ikev2_init_ike_sa: "home" is already active $ ipsecctl -sa FLOWS: flow esp out from ::/0 to ::/0 type deny SAD: I really do not know what I am doi

Re: ikev2 and road warriors setup

2018-10-28 Thread Radek
: free 0x7fcc4080 config_free_proposals: free 0x7fcc4580 config_free_proposals: free 0x825a0a00 Then I get 809 Error. On Wed, 7 Feb 2018 22:01:16 +0100 Radek wrote: > Hi again, > > I'm still trying to make it work for roadwarriors. > VPN server has IP address A.B.9.73/23. It is OpenBSD6.

Re: Best way to serve files to Windows?

2018-07-18 Thread Radek
; > /jl > > Hello, > > I would recommend samba. You can also try using NFS, I've heard that > windows can mount NFS shares. > > About the security thing, I don't know if the protocol used by samba is > secure between clients, but you can still run a VPN between your openbsd > box and the Windows client to allow connecting to the samba share > securely. > > regards > -- radek

[6.2] Forwarding root mails to user+al...@gmail.com

2018-03-24 Thread Radek
l/aliases listen on lo0 accept for local alias #deliver to mbox accept from local for any relay as user+al...@gmail.com Thanks for help! -- radek

Re: ikev2 and road warriors setup

2018-02-07 Thread Radek
posals: free 0x8134e000 Generating and installing certificate for E.F.G.H doesn't make any change. On Sat, 27 Jan 2018 19:55:46 +0100 Radek <alee...@gmail.com> wrote: > Hello, > > I have configured OpenIKED Site-to-Site VPN between two gateways: > serv73 - OBSD6

ikev2 and road warriors setup

2018-01-27 Thread Radek
up trust [root@@serv75/home/rdk:]cat /etc/hostname.enc0 up [root@@serv75/home/rdk:]cat /etc/rc.conf.local iked_flags=YES ntpd_flags="-s" dhcpd_flags="vr1 vr2 vr3" [root@@serv75/home/rdk:]cat /etc/sysctl.conf net.inet.ip.forwarding=1 net.inet.ipcomp.enable=1 net.inet.esp.enable=1 -- radek

Re: Multiple web servers behind NAT

2016-10-10 Thread Radek
/6.domain) started to show the content of 1.domain.com If I changed the order of "forward" websites (https://1.domain, https://2.domain, https://3.domain) started to show content of 4.domain.com relay relay_tls { listen on 127.0.0.1 port 8443 tls protocol "

Re: Multiple web servers behind NAT

2016-10-05 Thread Radek
default >< doing _rc_read_runfile doing rc_check relayd doing rc_pre configuration OK doing rc_start doing _rc_wait start doing rc_check doing _rc_write_runfile (ok) On Fri, 30 Sep 2016 07:26:22 -0400 Josh Grosse <j...@jggimi.homeip.net> wrote: > On Fri, Sep 30, 2016 at

Multiple web servers behind NAT

2016-09-30 Thread Radek
0.8.22): 4.domain.com 5.domain.com 6.domain.com How can I make it work? Any help appreciated. -- radek

Re: Unable to open UPS device. [apcupsd]

2016-07-22 Thread Radek
6 17:10:45 +0300 "Kirill Bychkov" <ki...@linklevel.net> wrote: > On Thu, July 14, 2016 15:56, Radek wrote: > > Hi, > > I can not set up apcupsd to work with USB. Any help appreciated. > > > [...] > > > > #dmesg > [...] > > uhidev0 at u

Unable to open UPS device. [apcupsd]

2016-07-14 Thread Radek
pckbd0 at pckbc0 (kbd slot) wskbd0 at pckbd0: console keyboard, using wsdisplay0 pcppi0 at isa0 port 0x61 spkr0 at pcppi0 wbsio0 at isa0 port 0x2e/2: W83627HF rev 0x41 lm1 at wbsio0 port 0x290/8: W83627HF npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 uhidev0 at uhub2 port 1 configuration 1 interface 0 "American Power Conversion Smart-UPS 2200 FW:UPS 09.3 / ID=18" rev 2.00/1.06 addr 2 uhidev0: iclass 3/0, 146 report ids upd0 at uhidev0 vscsi0 at root scsibus2 at vscsi0: 256 targets softraid0 at root scsibus3 at softraid0: 256 targets root on wd0a (e8a3ba715d004629.a) swap on wd0b dump on wd0b upd0 detached uhidev0 detached uhidev0 at uhub1 port 2 configuration 1 interface 0 "American Power Conversion Smart-UPS 2200 FW:UPS 09.3 / ID=18" rev 2.00/1.06 addr 2 uhidev0: iclass 3/0, 146 report ids upd0 at uhidev0 -- radek

Re: VLAN in 5.9 - NAT problem

2016-04-21 Thread Radek
VLAN-PRAC" All vlan* interfaces have trunk0's MAC now (all the same). Hope it is not a problem. On Tue, 19 Apr 2016 15:27:21 +0200 Radek <alee...@gmail.com> wrote: > Thanks for all your replies. > > > I think dhcpd.interfaces is a relic? For the longest time I've simply &g

Re: VLAN in 5.9 - NAT problem

2016-04-19 Thread Radek
AC97" rev 0x02: apic 1 int > 17, ICH5 AC97 > ac97: codec id 0x434d4983 (C-Media Electronics CMI9761A+) > audio0 at auich0 > usb1 at uhci0: USB revision 1.0 > uhub1 at usb1 "Intel UHCI root hub" rev 1.00/1.00 addr 1 > usb2 at uhci1: USB revision 1.0 > uhub

VLAN in 5.9 - NAT problem

2016-04-18 Thread Radek
t 0x3f8/8 irq 4: ns16550a, 16 byte fifo pckbc0 at isa0 port 0x60/5 irq 1 irq 12 pckbd0 at pckbc0 (kbd slot) wskbd0 at pckbd0: console keyboard, using wsdisplay0 pcppi0 at isa0 port 0x61 spkr0 at pcppi0 wbsio0 at isa0 port 0x2e/2: W83627HF rev 0x41 lm1 at wbsio0 port 0x290/8: W83627HF npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 vscsi0 at root scsibus2 at vscsi0: 256 targets softraid0 at root scsibus3 at softraid0: 256 targets root on wd0a (e8a3ba715d004629.a) swap on wd0b dump on wd0b -- radek

Re: Serial console on Sunix 40XX (PCI)

2015-02-18 Thread Radek
need to set that up. Also, the bootloader may not understand the 16750. -ml On Mon, Feb 16, 2015 at 10:50:35AM +0100, Radek wrote: I'm trying to setup a serial console. My RS-232 is an old PCIcard. I tried this way: boot set tty com4 /etc/ttys: tty00 /usr/libexec/getty

Serial console on Sunix 40XX (PCI)

2015-02-16 Thread Radek
0x003c: Interrupt Pin: 01 Line: 0c Min Gnt: 00 Max Lat: 00 -- radek

[5.5] 007_sendmail.patch.sig - a little fix

2014-08-26 Thread Radek
http://ftp.openbsd.org/pub/OpenBSD/patches/5.5/common/007_sendmail.patch.sig And then rebuild and install sendmail: - cd gnu/usr.sbin/sendmail + cd /usr/src/gnu/usr.sbin/sendmail make obj make depend make -- ax

npppd sessions log

2013-08-13 Thread Radek
for help, Radek

Re: npppd sessions log

2013-08-13 Thread Radek
in my TODO list. Thanks! On Tue, 13 Aug 2013 07:33:20 -0500 Vijay Sankar vsan...@foretell.ca wrote: Quoting Radek alee...@gmail.com: Hi @misc, I can't find any way/option to log npppd sessions on a VPN gateway. What I need to log: - username - user's source_IP - user's

Which traffic goes over default class

2007-01-16 Thread Bc. Radek Krejca
Hello, I have cbq based altq in pf.conf and I neet to find out which traffic goes over default queue. Is it possible? queue dflt_rl0 bandwidth 128Kb cbq(default) -- Regards, Bc. Radek Krejca [EMAIL PROTECTED] http://www.ceskedomeny.cz http://www.skdomeny.com http

C programm for led blink on lpt

2006-01-21 Thread Bc. Radek Krejca
.o(.text+0x81): In function `main': : undefined reference to `ioperm' collect2: ld returned 1 exit status -- Regards, Bc. Radek Krejca [EMAIL PROTECTED] http://www.ceskedomeny.cz http://www.skdomeny.com http://www.starnet.cz

packet loss over nat

2005-08-01 Thread Bc. Radek Krejca
rootdev=0x0 rrootdev=0x300 rawdev=0x302 -- Regards, Bc. Radek Krejca [EMAIL PROTECTED] http://www.ceskedomeny.cz http://www.skdomeny.com http://www.starnet.cz

Re: packet loss over nat

2005-08-01 Thread Bc. Radek Krejca
Hi, thank you for response. It was my idea too but pfctl -ss shows about 1 lines. Where I got better information about ports over nat? Thank you Radek 1. srpna 2005, 23:02:15, jste napsal(a): SKQ On Mon, 2005-08-01 at 21:21 +0200, Bc. Radek Krejca wrote: I have problem