Re: [smartos-discuss] softether vpn

2018-02-02 Thread H. William Welliver III
Building a new platform image using a fork of smartos-live that uncomments the option for unfiltered promisc seems to solve the problem. A bit of a complicated solution to the problem (I guess I am tying myself to a lifetime of smartos compilations) but it works and seems less of a hack than

Re: [smartos-discuss] softether vpn

2018-01-30 Thread H. William Welliver III
And my final followup: It appears that "allow_unfiltered_promisc" is silently ignored for non-kvm zone brands (ref /usr/lib/brand/joyent/statechange). Is there a particular reason for that? I understand that it's a powerful and dangerous option, but it's already relatively difficult to enable.

Re: [smartos-discuss] softether vpn

2018-01-29 Thread H. William Welliver III
Hi Jason, Thanks for the tip about libdlpi… the existing approach seems a little brittle so I’ll have a look at this. As for the vnic protection flags, I’ve definitely been able to save the “allow_unflitered_promisc” option using vmadm, but it doesn’t seem to take effect, despite being

Re: [smartos-discuss] softether vpn

2018-01-29 Thread Jason King
os.org> Date: January 29, 2018 at 5:33:15 PM To: smartos-discuss@lists.smartos.org <smartos-discuss@lists.smartos.org> <smartos-discuss@lists.smartos.org> Subject: Re: [smartos-discuss] softether vpn Good afternoon all, I've come to a temporary solution to the problem I'v

Re: [smartos-discuss] softether vpn

2018-01-29 Thread H. William Welliver III
Good afternoon all, I've come to a temporary solution to the problem I've been having with softether: First, softether uses DLPI to access the network, and there are 2 ways to do attach to an interface. One involves opening the root node of a network device (like /dev/bnx) and then attaching

Re: [smartos-discuss] softether vpn

2018-01-28 Thread H. William Welliver III
Yes, I assumed that was necessary, however I’ve confirmed that the interface is running without protections (as shown below). The vpn server logs indicate that it’s trying to fetch an address using DHCP, but I don’t see any DHCP packets going out the interface. Is there something special about

Re: [smartos-discuss] softether vpn

2018-01-27 Thread Daniel Carosone
You probably need to allow IP or Mac spoofing by the zone in question. See the relevant properties in vmadm manpage On 28 Jan. 2018 12:26, "H. William Welliver III" wrote: > Just a further clarification: things work against physical nics in the > global zone but not

Re: [smartos-discuss] softether vpn

2018-01-27 Thread H. William Welliver III
Just a further clarification: things work against physical nics in the global zone but not against a vnic; I’ve verified that all of the protections are disabled on the vnic but to no avail. > On Jan 27, 2018, at 7:31 PM, H. William Welliver III > wrote: > > Just a

[smartos-discuss] softether vpn

2018-01-10 Thread H. William Welliver III
Good evening, all: I have a physical server running the SoftEther VPN as a remote access device, and I’ve been trying to migrate it onto a zone without much success. I was wondering if anyone has had any luck using it. I’ve found a little material online suggesting that it’s possible, but I’ve

[smartos-discuss] softether vpn

2018-01-10 Thread H. William Welliver III
Good evening, all: I have a physical server running the SoftEther VPN as a remote access device, and I’ve been trying to migrate it onto a zone without much success. I was wondering if anyone has had any luck using it. I’ve found a little material online suggesting that it’s possible, but I’ve