ikev2 and a win7 road warrior host

Hi, I'm trying to have this 192.168.0.0/24--lan--5.1GW--egress--INTERNET--win7rw working. Gw : (OpenBSD 5.1) hostname vpn.X.net lan have 192.168.0.51/24 egress have a static ip address : aa.bb.cc.dd lan, egress are groups to easily manage PF. win7rw : Host Windows7 Road

Re: ikev2 and a win7 road warrior host

Have a look at the discussion between me and Mike Belopuhov that took place not so long ago here... We have covered most of the troubles that you might have met following the man pages. 22.05.2012 10:14, Wesley P=P0P?P8Q
P0P;: Hi, I'm trying to have this

Re: ikev2 and a win7 road warrior host

I already read your posts ;-) and also man pages (ikectl, iked.conf and iked) But now it is for a road warrior configuration. I don't understand these parts : Parts that i don't understand, if someone can help me on : -For server, i need a certificate server for vpn.X.net ? or aa.bb.cc.dd ?

Re: Upgrading OpenBSD

2012/5/22 Richards, Toby toby.richa...@slo.courts.ca.gov: Outstanding point. The thing is this: With MS PHP is clearly distinct from the OS. I go get it from php.org. With BSD I must rely on the package system. Or you download it and compile it yourself, so the word must up there is clearly

Re: Upgrading OpenBSD

On Mon, May 21, 2012, at 06:43 PM, Richards, Toby wrote: While my question involves other BSD's as well as Linux systems, I am SNIP a bunch of garbage Respectfully Submitted, Why do trolls always sign off this way? :) Or they open with,I don't want to start a fight, but

Re: Load balancing and fail-over

good :) hopefully I have given you enough clues to work the rest out for yourself, this is much better for you as you get a better understanding so it will be easier for you to diagnose any problems you run into later. The script I wrote worked as expected. (i.e - Fialover happened ,

disklabel error in softraid crypto volume after updating to 5.0/5.1

Hi all, I was running 4.9 on this server and finally got it updated to 5.0 and right after to 5.1. But security(8) now gives me this: disklabel: partition a: partition extends past end of unit sd1 is a softraid crypto volume and running disklabel I can see the problem: # disklabel sd1

Re: Disk not configured after VM crash

Hi Chris! Good guess! But when I recreated the a partition (as Ted Unangst suggested) I defined an offset of 63 so I bet that somehow the raw c disk was so corrupted that scan_ffs wasn't able to find any disklabel. I used this incident to learn and try some disaster recovery techniques with

Re: disklabel error in softraid crypto volume after updating to 5.0/5.1

On 05/22/2012 01:43 AM, Rodolfo Gouveia wrote: Hi all, I was running 4.9 on this server and finally got it updated to 5.0 and right after to 5.1. But security(8) now gives me this: disklabel: partition a: partition extends past end of unit sd1 is a softraid crypto volume and running

Re: disklabel error in softraid crypto volume after updating to 5.0/5.1

On Tue, May 22, 2012 at 09:43:52AM +0100, Rodolfo Gouveia wrote: Hi all, I was running 4.9 on this server and finally got it updated to 5.0 and right after to 5.1. But security(8) now gives me this: disklabel: partition a: partition extends past end of unit sd1 is a softraid crypto

Re: Upgrading OpenBSD

On Mon, May 21, 2012 at 07:20:14PM -0700, Richards, Toby wrote: Will pkg_add -ui upgrade between major releases, such as php 5.2.x = 5.3.x? When I upgraded OpenBSD 4.9 = 5.0, there was a huge issue because it supported both PHP 5.2.x AND 5.3.x. I'd have loved to seamlessly upgraded to 5.3.x,

petites annonces gratuites

LE-26-07.FR Petites annonces gratuites en Drome, Ardjche et dipartements voisins LE-26-07 a la particulariti d'jtre un site de petites annonces prhs de chez vous Diposez gratuitement vos annonces que

Re: ikev2 and a win7 road warrior host

Certificates are now accepted. iked -dvv give me : ... ikev2_dispatch_cert: AUTH type 1 len 256 sa_stateflags: 0x08 - 0x0c auth,sa (required 0x0f cert,valid,auth,sa) ikev2_dispatch_cert: peer certificate is valid sa_stateflags: 0x0c - 0x0e valid,auth,sa (required 0x0f cert,valid,auth,sa)

Re: BGP keeps quitting of its own accord

Claudio Jeker cjeker at diehard.n-r-g.com writes: The dispatch_rtmsg[change] mpath route not found is a fatal error (bgpd quits because of this). The problem seems to be a multipath route that is changed but bgpd can not find the route in its own table and freaks out. I have not seen this

Re: Upgrading OpenBSD

On Mon, May 21, 2012 at 08:45:56PM -0700, Richards, Toby wrote: Okay, let's compare upgrading OpenBSD 4.9 + Nginx + PHP 5.2.x to OpenBSD 5.0 + Nginx + PHP 5.3.x vice upgrading Windows 2003 + IIS 6 + ASPDotNet 3.5 to Windows 2008 + IIS 7.0 + ASPDotNet 4.0. In my experience, the MicroEvil

Re: Upgrading OpenBSD

On Mon, 2012-05-21 at 20:46 -0700, Richards, Toby wrote: With BSD I must rely on the package system. Funny, all this time I thought OpenBSD came with a compiler... WMG

Re: Upgrading OpenBSD

On Mon, May 21, 2012 at 08:46:18PM -0700, Richards, Toby wrote: Outstanding point. The thing is this: With MS PHP is clearly distinct from the OS. I go get it from php.org. With BSD I must rely on the package system. Aha. So the BSD's make it too easy for you to get correct versions of your

Re: Unbound

On 2012-05-21, Geoff Steckel g...@oat.com wrote: On 05/20/2012 10:49 PM, Nick Holland wrote: On 05/20/12 17:49, David Diggles wrote: Ok, I am interested in opinions on why one should migrate from BIND to unbound? 1) It is unlikely there will be any more updates to BIND9 in OpenBSD base

lenovo x120e does not wake after zzz

Hi all, Just installed a new snapshot: kern.version=OpenBSD 5.1-current (GENERIC.MP) #296: Sun May 20 10:41:35 MDT 2012 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP I was previous running an i386 (SP) snapshot from around March 24th. There were no issues with sleep

Re: ikev2 and a win7 road warrior host

Working iked.conf that runs without a problem: ikev2 win7 quick passive esp inet proto udp \ from $local_net to $client_net local local.endpoint.net peer remote.endpoint.net \ srcid local.endpoint.IP.address \ dstid remote endpoint's certificate distinguished name \

Re: Upgrading OpenBSD

-Ursprungligt meddelande- Fren: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] Fvr Eric Furman Skickat: den 22 maj 2012 07:50 Till: Richards, Toby; OpenBSD Misc Dmne: Re: Upgrading OpenBSD On Mon, May 21, 2012, at 06:43 PM, Richards, Toby wrote: While my question involves other

Re: ikev2 and a win7 road warrior host

22.05.2012 17:23, Pavel Shvagirev P=P0P?P8Q
P0P;: peer.endpoint.net - is an initiator side (win7 machine). Win7's cert must be issued to that IP. I mean remote.endpoint.net here Two more notes: 1. Win7 connection shoud be set up to the openbsd's IP address, not the FQDN. (the first tab in the

Re: lenovo x120e does not wake after zzz

On Tue, May 22, 2012 at 6:18 AM, patrick keshishian pkesh...@gmail.com wrote: Hi all, Just installed a new snapshot: kern.version=OpenBSD 5.1-current (GENERIC.MP) #296: Sun May 20 10:41:35 MDT 2012 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP I was previous

Re: lenovo x120e does not wake after zzz

On 22 May 2012 10:28, patrick keshishian pkesh...@gmail.com wrote: On Tue, May 22, 2012 at 6:18 AM, patrick keshishian pkesh...@gmail.com wrote: Hi all, Just installed a new snapshot: kern.version=OpenBSD 5.1-current (GENERIC.MP) #296: Sun May 20 10:41:35 MDT 2012

Re: Upgrading OpenBSD

On 21.05.2012 23:55, Mehma Sarja wrote: On 5/21/12 9:34 PM, Matthew Weigel wrote: On 21.05.2012 22:45, Richards, Toby wrote: Granted: I do hold an MCSE certification, but I don't need it. The upgrade just works. Well... despite occasional BSOD's ;) I admit this kind of made me chuckle:

Re: Upgrading OpenBSD

Wow, it looks like I've really touched a nerve here. I've got over 50 replies this morning. I really didn't mean to start a holy war here, and it does look like I have some more research and training to do. I apologize if I've come off as abrasive or disrupted the list in any way. With all

Re: Upgrading OpenBSD

On Tue, 22 May 2012 08:59:28 -0500, Matthew Weigel uni...@idempot.net wrote: To be clear, they are probably different people; it just amused me. Conspiracy Theory: He called it MicroEvil so when you Google his name and Microsoft an OpenBSD thread doesn't show up which is not really going

Re: lenovo x120e does not wake after zzz

Can you try the following diff ? The identifycpu diff caused a problem on acpi resume but it was fixed, this reverts the whole thing. Index: identcpu.c === RCS file: /cvs/src/sys/arch/amd64/amd64/identcpu.c,v retrieving revision

Un Club d'achats réservé aux Professionnels

Programme Reacute;gional Bonjour, Contrairement agrave; nombre de vos confregrave;res et collegrave;gues, vous ne semblez pas encore en profiter. C'est pourquoi il me paraissait utile de vous rappeler que toutes les personnes exerccedil;ant dans votre secteur d'activiteacute; peuvent

Re: Upgrading OpenBSD

That's not me. That guy works for Microsoft. Please notice my e-mail address. I work for the State of California. -Toby -Original Message- From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of Matthew Weigel Sent: Tuesday, May 22, 2012 6:59 AM To:

MPLS VPN with GRE tunnels between PEs

Hi, I am trying to set up a Layer 3 MPLS VPN (RFC 4364) with GRE tunnels between PEs (RFC 4797) instead of an MPLS backbone. I have followed the instructions in the Demystifying MPLS paper ( http://2011.eurobsdcon.org/papers/jeker/MPLS.pdf), and on the following mailing list posts:

Re: lenovo x120e does not wake after zzz

On Tue, May 22, 2012 at 7:06 AM, Christiano F. Haesbaert haesba...@openbsd.org wrote: Can you try the following diff ? Did not fix the problem. The March snapshot I was running was an SP kernel. The HDD came out of a laptop with a single core; the MP kernel was never installed for me to try it,

Re: ikev2 and a win7 road warrior host

First thank you very much for your time and reply. I appreciate. Therefore win7 is a road warrior host so dynamic address. so the iked.conf become : ikev2 win7 passive esp \ from 192.168.0.0/24 to 10.10.10.0/24 local aa.bb.cc.dd peer any \ srcid aa.bb.cc.dd \ config address 10.10.10.7

Re: Upgrading OpenBSD

On 2012-05-22, Richards, Toby toby.richa...@slo.courts.ca.gov wrote: Will pkg_add -ui upgrade between major releases, such as php 5.2.x = 5.3.x? When I upgraded OpenBSD 4.9 = 5.0, there was a huge issue because it supported both PHP 5.2.x AND 5.3.x. I'd have loved to seamlessly upgraded to

Re: ikev2 and a win7 road warrior host

It works !!! ;-) Just doing below. -- Wesley Le 22 mai 2012 ` 19:29, Wesley MOUEDINE ASSABY a icrit : First thank you very much for your time and reply. I appreciate. Therefore win7 is a road warrior host so dynamic address. so the iked.conf become : ikev2 win7 passive esp \ from

Re: Upgrading OpenBSD

On 2012-05-22, Alan Corey alan01...@gmail.com wrote: Dump/restore can work remarkably like Symantek/Norton Ghost in this situation. Get one machine as flawless as possible, then do a dump onto a spare hard drive. Burn it to a DVD if you like. Then restore onto your target machines. I

Re: disklabel error in softraid crypto volume after updating to 5.0/5.1

On Tuesday 22 May 2012, Rodolfo Gouveia wrote: Hi all, I was running 4.9 on this server and finally got it updated to 5.0 and right after to 5.1. But security(8) now gives me this: disklabel: partition a: partition extends past end of unit sd1 is a softraid crypto volume and running

Re: Upgrading OpenBSD

On Mon, May 21, 2012 at 06:43:19PM -0700, Richards, Toby wrote: While my question involves other BSD's as well as Linux systems, I am asking this here because OpenBSD's philosophy is the most attractive to me. I've got about 50 servers to manage. OpenBSD does have an Upgrade option, but

Re: Upgrading OpenBSD

On Mon, May 21, 2012 at 11:01:59PM -0400, Kenneth R Westerback wrote: There are various automated install tools out there too, but not (yet) officially part of the release. Does it mean something is being prepared? If so, can that be xml based like autoyast? LOL : jirib

Re: bgpd Route Distinguisher problem

Thanks, will have a look at it again. On 21 May 2012, at 9:58 PM, Claudio Jeker wrote: On Mon, May 21, 2012 at 02:58:50PM +0200, Hendrik Meyburgh wrote: Hi, I have a problem where the default install of 5.1 does not import routes into the rdomain solely based on the community but it uses

Re: Watchdog timeout reset in 5.1 on intel nic:s

On 19 maj 2012, at 20:09, Per-Olov Sjvholm wrote: On 19 maj 2012, at 17:58, Garry Dolley gdol...@arpnetworks.com wrote: On Sat, May 19, 2012 at 04:40:08PM +0200, Per-Olov SjC6holm wrote: On 19 maj 2012, at 08:11, Garry Dolley gdol...@arpnetworks.com wrote: On Sat, May 19, 2012 at

Re: Upgrading OpenBSD

On Tue, May 22, 2012 at 03:00:55PM -0400, Jiri B wrote: On Mon, May 21, 2012 at 11:01:59PM -0400, Kenneth R Westerback wrote: There are various automated install tools out there too, but not (yet) officially part of the release. Does it mean something is being prepared? If so, can that

屈臣氏（Watsons Water）南中国区销售主管讲授-bouk

ie.d8;g.!2e$)1e$e:eh.-g;h%--ed=f i ie.g2h1ei ce9-h.-f6-i4c2012e945f26-27f%f71-e3c
6f2-3f%d8 -f57c
6f9-10f%e-d:, ce9-h.-e/9-h1!cf;g;gc
ie.f;gc
e :eg;gc
ie.g;gc
d8;g.!ie.c
ee$h+ffgie.g2h1c ce

La Ley de Adquisiciones y su Nuevo Reglamento en CD. DE MEXICO - 24 de Mayo

CURSO TALLER La Ley de Adquisiciones, Arrendamientos y Servicios del Sector Publico y su Nuevo Reglamento Duracion: (1 dia) 10 hrs. Inversion por persona: $4,750 pesos mas IVA INTRODUCCION: Con motivo de las reformas, a la Ley de Adquisiciones, Arrendamientos y Servicios del Sector Pzblico,

upgrade: 3-way sysmerge a possibility?

I'm afraid I must be very dense or make very unusual configuration changes since sysmerge-ing my systems takes at absolute minimum two hours each and the gateway and major servers take more. It is true that some of that time is spent preserving changes to configuration files for various installed