If you are running 3.8 or 3.9..
1. man ipsec.conf
2. man ipsecctl
else
man vpn
man isakmpd.conf
and of course google...
Cheers,
_Raju
On 5/2/06, IMS <[EMAIL PROTECTED]> wrote:
Hi all,
I'm planning to make VPN tunnel over PF..
But now I have no idea about that thing..
Does anyone has in
Hi,
plannig VPN over PF? PF is only Firewall. You should look vpn(8) and ipsec(4).
Peter Matulis's Ipsec
article(http://www2.papamike.ca:8082/tutorials/pub/obsd_ipsec.html) is
for you.
On 5/2/06, IMS <[EMAIL PROTECTED]> wrote:
Hi all,
I'm planning to make VPN tunnel over PF..
But now I have
you definitely want to read the FAQ and at very least ..
isakmpd (8) - ISAKMP/Oakley a.k.a. IKE key management daemon
isakmpd.conf (5) - configuration file for isakmpd
isakmpd.policy (5) - policy configuration file for isakmpd
ipsec (4) - IP Security Protocol
ipsecadm (8) - interface to set up IP
Hi all,
I'm planning to make VPN tunnel over PF..
But now I have no idea about that thing..
Does anyone has information or article about
that thing?
Thanks so much..
Mark
Site1 --> Firewall1 --> Internet --> Firewall2 --> Site2
(Private IP)
On 05/02/2006 08:04:14 AM, Ed White wrote:
On Tuesday 02 May 2006 14:24, Terje Elde wrote:
> If you drop the ACKs, there'll be a retransmit anyway. So only
thing
> you'd really change is that the TCP packet would arrive a little bit
> sooner, which could make a minor (probably not noticeable)
d
On 05/02/2006 02:22:33 AM, Lars Hansson wrote:
The majority of users/developers has a separate firewall and then
"download
queing" is just a matter of doing it on the inside interface.
To be fair, this only works if you've a single "inside interface".
Karl <[EMAIL PROTECTED]>
Free Software:
> I'll summarize again for you. pick one:
>
> 1) submit a diff
> 2) pay a developer to do it
> 3) get over it
Get over what? This is a suggestion, a feature request.
As Travis H. said:
> Well that's a way of looking at it. Alternately, some coders may wake
> up one day and wonder what they should
Hi everyone,
I'm running scp command from linux box to openbsd3.8 (general).
Connection is E1 link.
I'm using the following pf configuratioin:
e1int="w0"
altq on $e1int cbq bandwidth 2Mb queue { e1que }
queue e1que bandwidth 1Mb priority 0 cbq ( default )
pass out quick on $e1int keep state queue
On Tuesday 02 May 2006 14:24, Terje Elde wrote:
> If you drop the ACKs, there'll be a retransmit anyway. So only thing
> you'd really change is that the TCP packet would arrive a little bit
> sooner, which could make a minor (probably not noticeable) difference
> for interactive stuff, such as SSH
Ed White wrote:
How does it sound?
Sounds like a lot of work for (next to) nothing.
If you drop the ACKs, there'll be a retransmit anyway. So only thing
you'd really change is that the TCP packet would arrive a little bit
sooner, which could make a minor (probably not noticeable) differe
On Tue, 02 May 2006 09:15:17 +0200, jared r r spiegel <[EMAIL PROTECTED]
> =
wrote:
>
> just to be clear, you're definately not confusing b with B, right?
>
> eg, when altq/cbq is 4Mb, 'pfctl -vvsq' is saying Kb/s and not Mb/s =
?
>
> not to say it is the cause, but in the case of testing/
Hello,
in January I had an idea to shape download bandwidth, and I exchanged some
emails with various developers (Mike Frantzen, for example).
People asks how to limit *download* bandwith without dropping packets already
passed via the pipe to the firewall itself. The point is limiting the data
On Tue, May 02, 2006 at 02:32:31AM -0700, [EMAIL PROTECTED] wrote:
> I'm not demanding anyone do anything, I'm not trolling, I just want to
> get this acknowledged as an area for potential development. Why
> everyone's so resistant to this is beyond me. That this is the only
> extra feature I'd li
What if your firewall box has ssh access on the external interface and
you want to make sure no-one accessing sshd can hog up the bandwidth;
you can't do this with pf.
What if you're using OpenBSD as a desktop computer, you might want to
allow certain applications different bandwidth allowances; yo
* [EMAIL PROTECTED] <[EMAIL PROTECTED]> [2006-05-01 02:50]:
> I don't think time spent developing PF or ALTQ could be better spent
> developing something other than download queueing.
it's nice that you think so.
now, let me tell you some news: it does not matter what you think.
what matters is wh
[EMAIL PROTECTED] writes:
> it's good to hear from someone who isn't pretending to be a/speak for
> the developers.
Kestas, several core PF developers have responded to your original
message and various follow-ups, essentially trying to elicit some sort
of fact-based reasoning why this feature sh
On Tuesday 02 May 2006 09:29, [EMAIL PROTECTED] wrote:
>Why the resistance?
>The other two major firewalls iptables and IPFW can do
> it, why can't PF?
Because it's not deemed a really urgent, or even wanted, feature, obviously.
The majority of users/developers has a separate firewall and then "d
On Mon, May 01, 2006 at 08:26:37PM -0400, jared r r spiegel wrote:
> my5addrs="1.2.0.1 1.2.0.2 1.2.0.3 1.2.0.4 1.2.0.5"
>
> nat on $ext -> { $my5addrs }
>
> i've never dealt personally with multiple egress IPs, but that
> syntax passes the parser
Yes, that should work. pf will automatically
On Sat, Apr 29, 2006 at 09:49:18AM +, Michal Soltys wrote:
>
> But
>
> If I change altq line and set bandwidth to something smaller - like 10Mb
> - problems show up. Throughput on ftp drops brutally to around 150 - 250 Kb
>
> Also if I use for example cbq in the following way (regardles
> Firewalls should firewall, not serve services.
Why not? This isn't a corporate HQ where the box comes under heavy
load, it's my home firewall/gateway/file server/development box;
there's no reason it can't perform all those roles (other than pf being
unable to shape download traffic).
> I'm sure
Thanks Travis, it's good to hear from someone who isn't pretending to
be a/speak for the developers.
Kestas
21 matches
Mail list logo