On 2024-05-30, Radek wrote:
> Thank you all for your replies.
>
> Actually, I did not know that providing seamless switching VPN solutions is
> so problematic. If it can't be done in a simple way, then it doesn't have to
> be seamless at any cost. Users will manually reconnect to this VPN when
4-05-29, Vitaliy Makkoveev wrote:
> > He wants replication. This means both wireguard "servers" know the client
> > state. No client reconnection at failure, no delay, seamless migration
> > from failed node to the backup. Something like sasyncd(8), but for
> > npp
On 2024-05-29, Vitaliy Makkoveev wrote:
> He wants replication. This means both wireguard "servers" know the client
> state. No client reconnection at failure, no delay, seamless migration
> from failed node to the backup. Something like sasyncd(8), but for
> npppd(8) or wg(
> On 29 May 2024, at 18:50, Hrvoje Popovski wrote:
>
> On 29.5.2024. 12:48, Radek wrote:
>> Thank you, that explains everything.
>> Does wireguard support replication? Will it work properly in my CARP setup?
>>
>
>
> why not use iked as vpn solution ? i'm not sure but i think that iked is
oth wireguard "servers" know the client
state. No client reconnection at failure, no delay, seamless migration
from failed node to the backup. Something like sasyncd(8), but for
npppd(8) or wg(4).
> root@pc-hrvoje:~# ping 10.2.0.1
> PING 10.2.0.1 (10.2.0.1) 56(84) bytes of data.
> 64 by
> On May 29, 2024, at 3:48 AM, Radek wrote:
>
> Thank you, that explains everything.
> Does wireguard support replication? Will it work properly in my CARP setup?
wireguard doesn’t have “state” per se. it remembers the last address a key was
associated with. In the event of a failover, if
On 29.5.2024. 12:48, Radek wrote:
> Thank you, that explains everything.
> Does wireguard support replication? Will it work properly in my CARP setup?
>
Hi,
I have wg listen on carp interface for redundancy and it's working
without admins or clients needs to do anything when primary carp
firewa
On 2024/05/29 18:08, Vitaliy Makkoveev wrote:
> On Wed, May 29, 2024 at 01:23:47PM -, Stuart Henderson wrote:
> > On 2024-05-29, Vitaliy Makkoveev wrote:
> > > On Wed, May 29, 2024 at 12:48:41PM +0200, Radek wrote:
> > >> Thank you, that explains everything.
> > >> Does wireguard support repl
On Wed, May 29, 2024 at 01:23:47PM -, Stuart Henderson wrote:
> On 2024-05-29, Vitaliy Makkoveev wrote:
> > On Wed, May 29, 2024 at 12:48:41PM +0200, Radek wrote:
> >> Thank you, that explains everything.
> >> Does wireguard support replication? Will it work properly in my CARP setup?
> >>
>
On 2024-05-29, Vitaliy Makkoveev wrote:
> On Wed, May 29, 2024 at 12:48:41PM +0200, Radek wrote:
>> Thank you, that explains everything.
>> Does wireguard support replication? Will it work properly in my CARP setup?
>>
>
> No for both questions. However, wireguard allows to create complicated
>
ould have multiple associated
peers on "client" side too.
> Radek
>
> On Mon, 27 May 2024 21:00:40 +0300
> Vitaliy Makkoveev wrote:
>
> > npppd does not support replication
> >
> > > On 27 May 2024, at 19:58, Radek wrote:
> > >
> &g
Thank you, that explains everything.
Does wireguard support replication? Will it work properly in my CARP setup?
Radek
On Mon, 27 May 2024 21:00:40 +0300
Vitaliy Makkoveev wrote:
> npppd does not support replication
>
> > On 27 May 2024, at 19:58, Radek wrote:
> >
> &g
npppd does not support replication
> On 27 May 2024, at 19:58, Radek wrote:
>
> Hello,
> I have two redundant firewalls with CARP: [krz75-MAS]<->[krz75-SLA]. I'm
> trying to set up redundant IPSEC VPN on it.
>
> - CARP + pfsync is working as expected -
isakmpd is running with "-S -K" on both nodes
- IPSEC/npppd is working as expected on [krz75-MAS] - client can connect to VPN
node
- IPSEC/npppd is working as expected on [krz75-SLA] (when running as master) -
client can connect to VPN node
Problem to solve:
When I perform the switcho
On 2021-09-12, Radek wrote:
> Sorry for the late reply, adding ":framed-ip-netmask=255.255.255.0:" doesn't
> solve the problem. Tested on Win10.
framed-ip-netmask controls addition of the route on the npppd machine,
not the client. You only use it if you have multiple add
rface which terminate the tunnel has "192.168.4.254".
> >> Right?
> > Do you mean the other end of the tunnel? It is 10.109.4.254
> > interface pppx0 address 10.109.4.254 ipcp IPCP
>
> Sorry, "192.168.4.244" should have been "10.109.4.254".
&g
>
> Also what I said
> >> It's for CHAP or MSCHAPv1. If MD5 is selected for PPP CHAP, the
> >> challenge length for CHAP is 16 octet. The challenge for MSCHAPv1 is
> >> also 8 octet, but npppd doesn't support MSCHAv1 anyway. So 24 must be
> >&
>> challenge length for CHAP is 16 octet. The challenge for MSCHAPv1 is
>> also 8 octet, but npppd doesn't support MSCHAv1 anyway. So 24 must be
>> enough for RFC 2661.
is false. Length of callenge is "independent of the hash algorithm".
In RFC 1994 (PPP CHAP):
gt; > work-around, so misc it is.
> >
> > This is done with OpenBSD 6.8-stable, syspatch 001 through 012 installed.
> > We considered trying -current, but noticed no activity in the npppd tree
> > that might make a difference.
> >
> > 'old' and 'n
ork-around, so misc it is.
>
> This is done with OpenBSD 6.8-stable, syspatch 001 through 012 installed.
> We considered trying -current, but noticed no activity in the npppd tree
> that might make a difference.
>
> 'old' and 'new' equipment types from upstream
01 through 012 installed.
We considered trying -current, but noticed no activity in the npppd tree
that might make a difference.
'old' and 'new' equipment types from upstream are both Juniper, though
unsure of exact models. Old should be Juniper ERX of some type, new
I only
4" should have been "10.109.4.254".
>> How about if you configure the npppd-users
>>
>> rdk:
>> :password=pasword:\
>> :framed-ip-address=10.109.4.254:\
>> :framed-ip-netmask=255.255.255.0:
>>
>> The server (npppd) will conf
Hello,
> The interface which terminate the tunnel has "192.168.4.254".
> Right?
Do you mean the other end of the tunnel? It is 10.109.4.254
interface pppx0 address 10.109.4.254 ipcp IPCP
> How about if you configure the npppd-users
>
> rdk:
> :password=pasw
Hello,
On Sat, 20 Feb 2021 21:14:24 +0100
Radek wrote:
> I have a router with VPN server (npppd). LAN net is 10.109.3.0/24, gw
> 10.109.3.254, the VPN net is 10.109.4.0/24, gw 10.109.4.254.
> If the client is conencted to VPN all client's traffic to 10.0.0.0/8 goes via
Hi,
I have a router with VPN server (npppd). LAN net is 10.109.3.0/24, gw
10.109.3.254, the VPN net is 10.109.4.0/24, gw 10.109.4.254.
If the client is conencted to VPN all client's traffic to 10.0.0.0/8 goes via
10.109.4.254
client> route print
Network Destination Netmask
; Hi,
> >
> >> It seems that only last person can use the tunnel. This reminds me
> >> problems through NAT.
> > True. Can it be caused by wrong PF rules?
> >
> >> Both sessions seem to be connected from A.B.C.D. Are the clients
> >> behind a NA
lients
behind a NAT?
Yes, both client are behind the same router/NAT.
I have a 66/i386 box running npppd on producion and my two clients
can be connected the same time flawlessly.
How about the npppd side? Does the client directly connect to
> tunnel L2TP protocol l2tp {
> listen o
66/i386 box running npppd on producion and my two clients can be
connected the same time flawlessly.
> How about the npppd side? Does the client directly connect to
>
> > tunnel L2TP protocol l2tp {
> > listen on X.Y.Z.13
> > }
>
> X.Y.Z.13 ? Or a NAT i
Hi,
On Wed, 6 Jan 2021 21:33:49 +0100
Radek wrote:
I have a box with relatively fresh install of 68/amd64, fully
syspatched. There is a npppd server running on it. The problem is
that I can have only one nppp session at one time. If the second
vpn user connects the box, the first nppp
Hi @misc,
I have a box with relatively fresh install of 68/amd64, fully syspatched. There
is a npppd server running on it. The problem is that I can have only one nppp
session at one time. If the second vpn user connects the box, the first nppp
session hangs/drops. I probably have missed
On Mon, 17 Aug 2020 00:36:35 +0300
Vitaliy Makkoveev wrote:
> Hello Marko.
>
> Can I propose you to try upcoming 6.8? We moved pppac(4) and pppx(4)
> output processing out of kernel lock. pppx(4) output is still
> serialised by netlock, but I hope we'll made it per-cpu before 6.8
> release.
>
>
m 6.6 to 6.7, and (sys)patched
>>> it to 017_dix. Everything works great except my npppd setup. It
>>> starts fine, but upon connecting over pptp I get the following
>>> records in log:
>>> (...)
>>> Aug 4 15:48:48 nat2 npppd[66557]: ppp id=0 layer=bas
> > On 4 Aug 2020, at 17:04, Marko Cupać wrote:
> >
> > Hi,
> >
> > I have recently upgraded (actually installed from scratch and copied
> > config files) one of my firewalls from 6.6 to 6.7, and (sys)patched
> > it to 017_dix. Everything works great
Hi,
I have recently upgraded (actually installed from scratch and copied
config files) one of my firewalls from 6.6 to 6.7, and (sys)patched it
to 017_dix. Everything works great except my npppd setup. It starts
fine, but upon connecting over pptp I get the following records in log:
Aug 4 15:48
> On 4 Aug 2020, at 17:04, Marko Cupać wrote:
>
> Hi,
>
> I have recently upgraded (actually installed from scratch and copied
> config files) one of my firewalls from 6.6 to 6.7, and (sys)patched it
> to 017_dix. Everything works great except my npppd setup. It st
Hi,
I just updated my system from 6.6 (old current) to 6.7 (current) which
went through fine.
I realized that the npppd setup I had stopped working. Something that
threw me off in the man pages was the lingering reference to the old tun
interface which has since been reworked to pppac
t; You have pipex(4) disabled. Is it still hangs with disabled
> > > > pipex(4)? As I discovered
> > > > (https://marc.info/?t=15852997681&r=1&w=2), npppd with pipex(4)
> > > > enabled and non-NULL "idle-timeout" option will crash kernel.
c.info/?t=15852997681&r=1&w=2), npppd with pipex(4)
> enabled and non-NULL "idle-timeout" option will crash kernel. You
> can disable this option in yout npppd.conf an reenable pipex(4).
> Looks like crashes should gone.
And don't use pppac(4) with pipex enabled, use pppx(4)
On Mon, 30 Mar 2020 14:33:46 +0300
Vitaliy Makkoveev wrote:
> On Mon, Mar 30, 2020 at 02:28:08PM +0300, Vitaliy Makkoveev wrote:
> > You have pipex(4) disabled. Is it still hangs with disabled
> > pipex(4)? As I discovered
> > (https://marc.info/?t=15852997681&r=1
On Mon, Mar 30, 2020 at 02:28:08PM +0300, Vitaliy Makkoveev wrote:
> You have pipex(4) disabled. Is it still hangs with disabled pipex(4)?
> As I discovered (https://marc.info/?t=15852997681&r=1&w=2), npppd
> with pipex(4) enabled and non-NULL "idle-timeout" option w
On Mon, Mar 30, 2020 at 12:47:13PM +0200, Marko Cupać wrote:
> On Sat, 28 Mar 2020 01:46:41 +0300
> Vitaliy Makkoveev wrote:
>
> > Can you try latest snapshot?
>
> Unfortunately, the box that runs npppd is the most important machine on
> my network (GRE/IPsec hub for mul
On Sat, 28 Mar 2020 01:46:41 +0300
Vitaliy Makkoveev wrote:
> Can you try latest snapshot?
Unfortunately, the box that runs npppd is the most important machine on
my network (GRE/IPsec hub for multiple branch offices), I can't take the
risk.
> Can you share your npppd.conf?
Be
can do to avoid future hangs?
>
> I got another hang, this time killing npppd process crashed complete OS
> (sorry for photo, I don't have serial console set up):
>
> https://oblak.mimar.rs/index.php/s/Cc9J745jH93RK6j
>
> At the time when npppd wouldn't accept
On Tue, 24 Mar 2020 09:34:09 +0100
Marko Cupać wrote:
> On Tue, 24 Mar 2020 07:13:27 +1000
> Stuart Longland wrote:
>
> > On 23/3/20 10:26 pm, Marko Cupać wrote:
> > > Anything I can do to avoid future hangs?
I got another hang, this time killing npppd process crashe
-promotion on link below, but I think it's a
win-win situation - I get eternal fame and glory on the Internet, and
list readers get copy/paste howto set up npppd pptp server with RADIUS
authentication. Could come handy in this "end of days" situation where
everyone works rem
On 23/3/20 10:26 pm, Marko Cupać wrote:
> Anything I can do to avoid future hangs?
Whilst probably not the answer you're looking for: moving away from PPTP
would be a good start.
The MSCHAPv2 authentication used in PPTP is vulnerable to dictionary
attacks and the RC4 cipher used in MPPE (the secu
Hi,
my npppd pptp server has recently got increase from ~20 to >200
concurrent users. So far it worked flawlessly for years, but before few
minutes it become unresponsive.
It stopped logging at one point (I have log redirected to its own file,
/var/log/npppd). npppctl also hanged, return
do not disagree.
I just need to move an existing NPPPD to behind a firewall in the short
term that serves several iPads and Windows PCs. Once I have the move done,
I want to move expand to IKEv2. I was also under the impression that IKEv2
was faster.
The IPsec side should be ok as long as
>> There are ways to make even Windows clients use actual crypto with IPsec if
>> needed, though last I checked it could not be done from the GUI but required
>> powershell commands. (I don't have a URL handy, sorry, but this information
>> wasn't very hard to find when I needed it.)
>
> Thanks. I
he IPsec layer. Check debug logs from isakmpd, check ipsectl -sa, etc.
OK.
I suspect getting IPsec SAs going with both peers behind NAT is tricky.
I agree.
See my subsequent post where I replaced 'egress' above with the external
IP (of the subsequently NAT'd npppd server). Closer. But not quite there.
Thanks - Damian
p modp2048 \
psk "MYSECRET"
and restarted isakmpd and reloaded ipsec.conf.
On the inside of the NPPPD server, the only errors I get are
isakmpd[46608]: attribute_unacceptable: GROUP_DESCRIPTION: got ECP_384,
expected MODP_2048
isakmpd[46608]: attribute_unacceptable: GROUP_DES
ck ipsectl -sa, etc.
I suspect getting IPsec SAs going with both peers behind NAT is tricky.
I believe it should be possile in theory but I cannot confirm whether our
implementation can do this easily. It will certainly involve UDP traffic
since AH/ESP cannot pass through NAT.
If your IPsec SAs already
I have a L2TP NPPPD server machine with IP $L2TP sitting behind an OpenBSD
firewall, say FIRET. 'T' for temporary because it will move. $L2TP is an
externally routable IP. $Ext, the external interface of FIRET, allows
traffic into $L2TP. A snippet of pf.conf is
begin snippet
h them soon.
--
View this message in context:
http://openbsd-archive.7691.n7.nabble.com/npppd-and-vpn-connections-on-the-same-network-tp260921p321119.html
Sent from the openbsd user - misc mailing list archive at Nabble.com.
slate from internal to External NET
> >> pass out on em0 inet from em1:network to any nat-to (em0)
> >
> > You're using NAT when passing out on em0 here, and...
> >
> >> external = em0
> >
> >> pass out quick on $external from 10.0.0.103/32
gt;
> You're using NAT when passing out on em0 here, and...
>
>> external = em0
>
>> pass out quick on $external from 10.0.0.103/32 to any
>
> ... my guess is that you're missing 'nat-to ($external)' here ^
>
Thanks - is there a way to exclude the np
On Thu, Nov 03, 2016 at 03:17:40PM -0400, Marina Brown wrote:
> Hi All:
>
> I have been trying to create an nppp connection across my property -
> about 100M for one of my friends who lives here. He wants less security
> than i like behind my firewall. I have not been able to get OpenBSD to
> rout
-a
OpenBSD bernie.mesh.local 6.0 GENERIC.MP#2319 amd64
-
# $OpenBSD: npppd.conf,v 1.2 2014/03/22 04:32:39 yasuoka Exp $
# sample npppd configuration file. see npppd.conf(5)
tunnel L2TP protocol l2tp
tunnel PPTP protocol pptp
tunnel PPPOE protocol pppoe {
listen on interface
Hi,
I have two active/passive CARPed boxes of 5.9 with latest errata patches
which serve as NAT firewalls, but also as pptp servers, which
authenticate users from Microsoft's implementation of radius server
(NPS).
In last two weeks, I had three occurrences of npppd going down. Last
Hi Renaud and the lists,
Did you tried to use iked/ikev2 for android (+5.x) client?
I checked my note3 is support ikev2 psk/rsa,
I want to setup my home OpenBSD router act as vpn/nat router for my note3,
Thanks.
Renaud Allard allard.it> writes:
>
>
> I can't get android to connect with modp >
th "hmac-sha2-256" enc "aes-256" group "modp1024" \
>> quick auth "hmac-sha2-s256" enc "aes-256" group "modp1024" \
>> psk "redacted"
> It creates an IPSEC SA and flow as shown by ipsecctl -s all, but
Thank you!
I will try this.
I have confirmed it wasn't due to last year's OpenBSD 5.7 to 5.8 upgrade
as I built a VM with 5.7 using same settings and get exactly the same
behavior. This was triple confirmed by being able to connect with iOS
on an iPhone, Windows 10, Chromebook (with md5 hmacs on
On Wed, Mar 30, 2016 at 8:18 AM, YASUOKA Masahiko wrote:
> On Tue, 29 Mar 2016 11:37:14 +0200
> Mattieu Baptiste wrote:
>> On Tue, Mar 29, 2016 at 5:43 AM, Sly Midnight wrote:
>>> I don't mean to bring up an old thread, but I was wondering if anyone
>>> else was experiencing issues with OpenBSD
On Tue, 29 Mar 2016 11:37:14 +0200
Mattieu Baptiste wrote:
> On Tue, Mar 29, 2016 at 5:43 AM, Sly Midnight wrote:
>> I don't mean to bring up an old thread, but I was wondering if anyone
>> else was experiencing issues with OpenBSD 5.8 and Android 6.0.1
>> (preferably the version on the Nexus lin
On Tue, Mar 29, 2016 at 5:43 AM, Sly Midnight wrote:
> Hello,
>
> I don't mean to bring up an old thread, but I was wondering if anyone
> else was experiencing issues with OpenBSD 5.8 and Android 6.0.1
> (preferably the version on the Nexus line of devices) connecting to
> ipsec/l2tp.
>
> I had th
uot;aes-256" group "modp1024" \
> psk "redacted"
It creates an IPSEC SA and flow as shown by ipsecctl -s all, but npppd
never sees a connection attempt and tcpdumping enc0 shows no traffic and
ultimately the connection fails.
If I modify it to hmac-md5, aes,
quot;aes-256" group "modp1024" \
> psk "redacted"
It creates an IPSEC SA and flow as shown by ipsecctl -s all, but npppd
never sees a connection attempt and tcpdumping enc0 shows no traffic and
ultimately the connection fails.
If I modify it to hmac-md5, aes, modp
;' didn't make a chage.(after `ipsecctl -f /etc/ipsec.conf`)
Hi,
the following config worked for me when I was using it (with npppd)
last year (dumped it since I couldn't find a way to use it with iOS
and Android at the same time):
/etc/ipsec.conf
public_ip = "x.y.z.a&quo
Hi,
On Mon, 22 Feb 2016 00:26:11 +0800
Jiahao Dai wrote:
> I am a new openBSD user and I found it's extramly difficult to setup a
> L2TP/IPSec(IKEv1) Road Warrior server to getting work with Android devices.
>
> I followed the tutorial here Configuring L2TP Over IPSec on OpenBSD for Mac
> OS X
>
Hi, everyone:
I am a new openBSD user and I found it's extramly difficult to setup a
L2TP/IPSec(IKEv1) Road Warrior server to getting work with Android devices.
I followed the tutorial here Configuring L2TP Over IPSec on OpenBSD for Mac
OS X
Clients [1], deployed on fresh openBSD 5.8 and found ou
> I'm, running OpenBSD 5.8, npppd, mpath and have tried the same on 5.7 and
5.3.
> npppd is works fine and clients can connect using windows pptp client.
> The Client has the pptp connection set as default gateway and can
> access the internet through the vpn gateway but cann
On Sat, 19 Dec 2015 01:11:40 -
"torsten" wrote:
> I'm, running OpenBSD 5.8, npppd, mpath and have tried the same on 5.7 and
5.3.
> npppd is works fine and clients can connect using windows pptp client.
> The Client has the pptp connection set as default gateway and ca
Hi,
On Sat, 19 Dec 2015 01:11:40 -
"torsten" wrote:
> I'm, running OpenBSD 5.8, npppd, mpath and have tried the same on 5.7 and 5.3.
> npppd is works fine and clients can connect using windows pptp client.
> The Client has the pptp connection set as default ga
Hi
Is there anyone who can help to resolve the problem i have with pppx, tun and
tap using npppd and openVPN not forwarding traffic to ingress but egress works
fine.
It was my first post to the list and if there is any info or further details
required just ask, I would appreciate any help or hints
Hi
I'm, running OpenBSD 5.8, npppd, mpath and have tried the same on 5.7 and 5.3.
npppd is works fine and clients can connect using windows pptp client.
The Client has the pptp connection set as default gateway and can access the
internet through the vpn gateway
but cannot access the LAN ne
Hi Imre
Thanks for your reply. I successfully translated your wiki. Your notes
were very helpful. Manually adding an entry for proxy arp does seem to
make the VPN work.
Is this really the best solution for this issue though ? I would have to
add an arp entry for every IP assigned by npppd
Hi!
I must apologize i didt read thru your text attentiatively but i
believe it is because of arp. Although i am just an user of npppd i run
it already for some time and i think it works very well. Here are my
notes, see if there are some use for them, hope Google translates it,
http
I'm adding more functionality to my firewall (OpenBSD 5.7) and have been
trying to configure PPTP VPN access for my Windows users. I have got npppd
running using the config below and can successfully authenticate and
establish a connection.
I am able to connect to the VPN from a windows P
Hi,
I have a l2tp/IPsec VPN working on OpenBSD 5.6 with npppd. I have a
couple of questions about npppd
1) How come it's not possible to the address assigned to a CARP
interface on the OpenBSD host
Here's what's logged when I try to connect using the IP address
assigned to the CAR
d customer service requests, on another hand I am reading man
> pages for npppd and ipsec on 5.7 and Giovanni's slides from two years
> ago
>
> http://www.slideshare.net/GiovanniBechis/npppd-easy-vpn-with-openbsd
>
> for the talk he gave at BSDCan IIRC. I don't need to u
ith Windows, Mac, Linux and OpenBSD clients connecting.
> >
> > Very easy to configure (linux being the exception :p).
> >
> > You only need to change npppd.conf, npppd-users and ipsec.conf and you
> are
> > in business.
> >
> > I wrote an up-to-da
t;
>
> It is.
>
> Is anybody running similar setup in production? Any caveats? Any other
>> advises before I take a plunge.
>>
>
> Yes I am, with Windows, Mac, Linux and OpenBSD clients connecting.
>
> Very easy to configure (linux being the exception :p).
>
>
with Windows, Mac, Linux and OpenBSD clients connecting.
Very easy to configure (linux being the exception :p).
You only need to change npppd.conf, npppd-users and ipsec.conf and you
are in business.
I wrote an up-to-date guide on how to do it, let me know if you want a
copy.
Caveats... yes
am not a Windows uses but it seems that it should be trivial
to setup client side
https://www.hideipvpn.com/2010/03/howto-windows-7-ipsecl2tp-vpn-setup-tutorial/
and avoid customer service requests, on another hand I am reading man
pages for npppd and ipsec on 5.7 and Giovanni's slides fro
Hi,
i looking for a simple setup for npppd/ipsec for road warriors.
We have some clients (road warriors) with dynamic ip-adresses
connecting to a gateway by L2TP (macosx/ios/windows).
Client (road warriors) --> GATEWAY --> Internet
I just looking for a simple configuration for our open
Hi!
I have used very basic npppd setup for some years and it works for me
alright, thanks! (From Windows 7 workstations.)
It seems now i need to set up more complicated configuration. Say that
firewall has three network interfaces
re0 - public internet
re1 - internal network one
On Mon, 1 Dec 2014 11:38:31 -0500
trondd wrote:
> I had this set up for an Android and an OSX client. Ignore the networks
> part and configure the connections for the end points. I took the npppd
> assigned IPs out of my DHCP range.
I think I misunderstood your question. You want to
I had this set up for an Android and an OSX client. Ignore the networks
part and configure the connections for the end points. I took the npppd
assigned IPs out of my DHCP range.
My problems, though:
Needed a specific npppd config for each client. Username, assigned IP,
whatever else goes
Yes. But there is a bug with Windows clients. See
http://marc.info/?l=openbsd-misc&m=141627574522930&w=2
On Mon, 1 Dec 2014 12:42:41 +0100
Christer Solskogen wrote:
> Hi!
>
> Is it possible to setup npppd so that the clients are on the same
> network as the local netwo
Hi!
Is it possible to setup npppd so that the clients are on the same
network as the local network behind the router/firewall?
The only setups I've seen have the clients on a seperate network.
--
chs
, 2014, at 5:51 PM, mishve...@rambler.ru wrote:
I have OpenBSD 5.4 amd64. I install npppd and configure IPSec(l2tp +
password).
LAN 192.168.1.1/255.255.255.0
WAN(ISP NET; Connect by MAC ddress) 10.0.0.1/255.0.0.0
ISP GET ME GLOBAL IP SERVER1-Openbsd - 1.2.3.4
WIN 2003 SERVER2 IP - 9.8.7.6
WIN
On Oct 4, 2014, at 5:51 PM, mishve...@rambler.ru wrote:
> I have OpenBSD 5.4 amd64. I install npppd and configure IPSec(l2tp +
> password).
>
> LAN 192.168.1.1/255.255.255.0
>
> WAN(ISP NET; Connect by MAC ddress) 10.0.0.1/255.0.0.0
>
> ISP GET ME GLOBAL IP SERVER1-Op
I’m running a L2TP server using npppd on OpenBSD 5.5. Is it possible to run
both PPTP and L2TP using npppd?
I tried to append a tunnel for pptp in default configuration then my L2TP could
not work.
Best regards
On Mon, 15 Sep 2014 20:22:25 +0200
Jens Hansen wrote:
> Thank you for your response. I've investegated a little further, I see the
> following in /var/log/messages on the l2tp npppd server:
> l2tpd ctrl=1 timeout waiting ack for hello packets.
> l2tpd ctrl=1 call=28732 logtype=P
Thank you for your response. I've investegated a little further, I see the
following in /var/log/messages on the l2tp npppd server:
l2tpd ctrl=1 timeout waiting ack for hello packets.
l2tpd ctrl=1 call=28732 logtype=PPPUnbind
The client reports that the tunnel went down.. does this indidac
Hi,
On Sun, 7 Sep 2014 21:00:31 +0200
Jens Hansen wrote:
> I can successfully connect to my opensbsd 5.5. isakmpd / npppd IPSEC L2TP
> vpn setup.
> But (not knowing too much about netwoking) i think i'm having a mtu
> problem. I can do low volume traffic fine, but transmit
Hello list.
I can successfully connect to my opensbsd 5.5. isakmpd / npppd IPSEC L2TP
vpn setup.
But (not knowing too much about netwoking) i think i'm having a mtu
problem. I can do low volume traffic fine, but transmitting larger files
stalls. I've tried as per suggested by others
> On 08/03/14 14:42, Stuart Henderson wrote:
> > On 2014-08-03, Scott McEachern wrote:
> >> I'd really like to upgrade to 5.6/-current, but for my connection to
> >> work, I either have to abandon some features (MLPPP) with kernel-mode
> >> pppoe, or go
On 08/03/14 14:42, Stuart Henderson wrote:
On 2014-08-03, Scott McEachern wrote:
I'd really like to upgrade to 5.6/-current, but for my connection to
work, I either have to abandon some features (MLPPP) with kernel-mode
pppoe, or go with something completely new, like npppd.
Not curr
On 2014-08-03, Scott McEachern wrote:
> I'd really like to upgrade to 5.6/-current, but for my connection to
> work, I either have to abandon some features (MLPPP) with kernel-mode
> pppoe, or go with something completely new, like npppd.
Not currently possible, npppd is server
1 - 100 of 227 matches
Mail list logo