On 2021-05-18, BS Daemon wrote:
>I like using the base OpenBSD utilities, and was
> wondering if I'm doing something wrong, if relayd could be made to
> support SNI for man-in-the-middle, or if there is an alternative
> tool for doing this which would work.
I can't help with
Hi!
Not only Cisco ASA. Checkpoint, Fortinet, Juniper only support single set
of subnets per CHILD_SA too.
https://wiki.strongswan.org/projects/strongswan/wiki/Checkpoint
https://wiki.strongswan.org/projects/strongswan/wiki/Fortinet
https://wiki.strongswan.org/projects/strongswan/wiki/Juniper
It turns out that the Cisco ASA has a bug CSCue42170 with open status that
prevents multiple traffic selectors from being supported in one child SA in
IKEv2.
For more information:
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCue42170/?reffering_site=dumpcr
Known affected releases: 8.6(1),
The antispoof directive will expand to two block rules with IP address
of the interface, so I would think that with a dynamic IP, the interface
should be surrounded in parentheses like this:
antispoof for (wi0)
But this seems to be wrong, as I have not read any guide or FAQ that
does this, e.g.
Ok, thanks for the clarification!
On Fri, May 21, 2021 at 12:30 PM csszep wrote:
> Hi!
>
> Not only Cisco ASA. Checkpoint, Fortinet, Juniper only support single set
> of subnets per CHILD_SA too.
>
> https://wiki.strongswan.org/projects/strongswan/wiki/Checkpoint
>
On Fri, May 21, 2021 at 05:32:32AM +, Mogens Jensen wrote:
> The antispoof directive will expand to two block rules with IP address
> of the interface, so I would think that with a dynamic IP, the interface
> should be surrounded in parentheses like this:
>
> antispoof for (wi0)
quoting
Hi,
MITM is an ancient attack technique and it is not a good idea because it breaks
original cert chain. So client (application) will see that cert is different on
its end. Most people and apps reject connection to a resource with fake cert
which you're going to send to them.
But you can use
It seems this ELF note was used for the now dead compat_linux feature.
Aside from compat systems in other operating systems that may wish to
identify OpenBSD binaries does this note have any other active uses?
Perhaps I will try squid or HaProxy. I was unaware I could filter by User_Agent
in squid.
It may be appropriate to update the relevant documentation if the support is
not possible:
*** relayd.conf.8.orig Fri May 21 13:19:06 2021
--- relayd.conf.8 Fri May 21 13:23:09 2021
On 2021-05-21, Martin wrote:
> Hi,
>
> MITM is an ancient attack technique and it is not a good idea because it
> breaks original cert chain. So client (application) will see that cert is
> different on its end. Most people and apps reject connection to a resource
> with fake cert which you're
Hi,
I went back on testing OpenBSD on my MacBookPro14,3.
I just installed 6.9-CURRENT and here's a list of non-working stuff.
- keyboard and touchpad don't work. I have to use a USB keyboard/mouse.
internal keyboard does work in the boot loader. but stops working
after the kernel is loaded.
Hi Folks:
I am looking for a tutorial on grouping xterms in CWM. I
undestand how to group one set of xterms using CM-g and CM-a. How
do I do it if I have two sets of xterms? How would I designate a
group "A" and group "B". I looked at the man page for cwm and read
the section in Michael Lucas'
On Fri, May 21, 2021 at 07:00:13PM -0600, Jonathan Drews wrote:
> Hi Folks:
>
> I am looking for a tutorial on grouping xterms in CWM. I
Never mind. I found a good tutorial:
Getting started with cwm
https://undeadly.org/cgi?action=article=20090502141551
I just have to figure out some other
13 matches
Mail list logo
