Building a new platform image using a fork of smartos-live that uncomments the
option for unfiltered promisc seems to solve the problem. A bit of a
complicated solution to the problem (I guess I am tying myself to a lifetime of
smartos compilations) but it works and seems less of a hack than
And my final followup:
It appears that "allow_unfiltered_promisc" is silently ignored for non-kvm zone
brands (ref /usr/lib/brand/joyent/statechange). Is there a particular reason
for that? I understand that it's a powerful and dangerous option, but it's
already relatively difficult to enable.
Hi Jason,
Thanks for the tip about libdlpi… the existing approach seems a little brittle
so I’ll have a look at this.
As for the vnic protection flags, I’ve definitely been able to save the
“allow_unflitered_promisc” option using vmadm, but it doesn’t seem to take
effect, despite being
os.org>
Date: January 29, 2018 at 5:33:15 PM
To: smartos-discuss@lists.smartos.org <smartos-discuss@lists.smartos.org>
<smartos-discuss@lists.smartos.org>
Subject: Re: [smartos-discuss] softether vpn
Good afternoon all,
I've come to a temporary solution to the problem I'v
Good afternoon all,
I've come to a temporary solution to the problem I've been having with
softether:
First, softether uses DLPI to access the network, and there are 2 ways to do
attach to an interface. One involves opening the root node of a network device
(like /dev/bnx) and then attaching
Yes, I assumed that was necessary, however I’ve confirmed that the interface is
running without protections (as shown below). The vpn server logs indicate that
it’s trying to fetch an address using DHCP, but I don’t see any DHCP packets
going out the interface. Is there something special about
You probably need to allow IP or Mac spoofing by the zone in question. See
the relevant properties in vmadm manpage
On 28 Jan. 2018 12:26, "H. William Welliver III"
wrote:
> Just a further clarification: things work against physical nics in the
> global zone but not
Just a further clarification: things work against physical nics in the global
zone but not against a vnic; I’ve verified that all of the protections are
disabled on the vnic but to no avail.
> On Jan 27, 2018, at 7:31 PM, H. William Welliver III
> wrote:
>
> Just a
Good evening, all:
I have a physical server running the SoftEther VPN as a remote access device,
and I’ve been trying to migrate it onto a zone without much success. I was
wondering if anyone has had any luck using it. I’ve found a little material
online suggesting that it’s possible, but I’ve
Good evening, all:
I have a physical server running the SoftEther VPN as a remote access device,
and I’ve been trying to migrate it onto a zone without much success. I was
wondering if anyone has had any luck using it. I’ve found a little material
online suggesting that it’s possible, but I’ve
10 matches
Mail list logo