[CentOS] CentOS-7-x86_64-GenericCloud.raw very unusual format

2016-03-21 Thread Aliaksei Sheshka 
Hello!

Is anyone aware why CentOS-7-x86_64-GenericCloud.raw has such unusual format ?

root@test-srv:~# wget
http://cloud.centos.org/centos/7/images/CentOS-7-x86_64-GenericCloud.raw
--2016-03-21 13:16:31--
http://cloud.centos.org/centos/7/images/CentOS-7-x86_64-GenericCloud.raw
Resolving cloud.centos.org (cloud.centos.org)... 162.252.80.138
Connecting to cloud.centos.org
(cloud.centos.org)|162.252.80.138|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 374668382 (357M) [application/x-gzip]
Saving to: 'CentOS-7-x86_64-GenericCloud.raw'
CentOS-7-x86_64-GenericCloud.raw
100%[=>]
357.31M  12.9MB/sin 30s
2016-03-21 13:17:03 (11.9 MB/s) - 'CentOS-7-x86_64-GenericCloud.raw'
saved [374668382/374668382]

Download reports [application/x-gzip] for raw file

And indeed
root@test-srv:~# file CentOS-7-x86_64-GenericCloud.raw
CentOS-7-x86_64-GenericCloud.raw: gzip compressed data, last modified:
Sat Feb 27 02:14:37 2016, from Unix

Ok, lets uncompress:
root@test-srv:~# zcat -d CentOS-7-x86_64-GenericCloud.raw >
CentOS-7-x86_64-GenericCloud.a

And check again
root@test-srv:~# file CentOS-7-x86_64-GenericCloud.a
CentOS-7-x86_64-GenericCloud.a: POSIX tar archive (GNU)

Ok. it's a tar archive.

root@test-srv:~# tar -xf CentOS-7-x86_64-GenericCloud.a -v
CentOS-7-x86_64-GenericCloud-1602.raw

Now it's CentOS-7-x86_64-GenericCloud-1602.raw file which is indeed raw

What is the point to pack single raw file into the tar.gz and to name it raw ?
Or it's just a mistake ?

Thanks!
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS-7-x86_64-GenericCloud.raw very unusual format

2016-03-21 Thread Karanbir Singh 
On 21/03/16 14:34, Aliaksei Sheshka wrote:
> What is the point to pack single raw file into the tar.gz and to name it raw ?
> Or it's just a mistake ?
> 
> 

Johnny is looking at the cdn side of thigs, but effectively we will not
have a .raw - we will have a .raw.tar.gz file ( which will itself only
have a .raw file compressed inside it )


-- 
Karanbir Singh
+44-207-0999389 | http://www.karan.org/ | twitter.com/kbsingh
GnuPG Key : http://www.karan.org/publickey.asc
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] hosted VMs, VLANs, and firewalld

2016-03-21 Thread Gordon Messmer 

On 03/20/2016 08:51 PM, Devin Reade wrote:

In a CentOS 7 test HA cluster I'm building I want both traditional
services running on the cluster and VMs running on both nodes


On a purely subjective note: I think that's a bad design.  One of the 
primary benefits of virtualization and other containers is isolating the 
applications you run from the base OS.  Putting services other than 
virtualization into the system that runs virtualization just makes 
upgrade more difficult later.



A given VM will be assigned a single network interface, either in
the DMZ, on vlan2, or on vlan3.  Default routes for each of those
networks are essentially different gateways.


What do you mean by "essentially"?


  On the DMZ side, the physical interface is eno1 on which is layered
  bridge br0.

...

  On the other network side, the physical interface is enp1s0, on
  which is layered bridge br2, on which is layered VLAN devices
  enp1s0.2 and enp1s0.3.


That doesn't make any sense at all.  In what way are enp1s0.2 and 
enp1s0.3 layered on top of the bridge device?


Look at the output of "brctl show".  Are those two devices slaves of 
br2, like enp1s0 is?  If so, you're bridging the network segments.


You should have individual bridges for enp1s0, enp1s0.2 and enp1s0.3.  
If there were any IP addresses needed by the KVM hosts, those would be 
on the bridge devices, just like on br0.



VMs that are supposed to be on vlan2 and vlan3 are assigned
  either enp1s0.2 or enp1s0.3, respectively, as their underlying network
  device.


How?  Are you using macvtap for those?  I'd suggest sticking with one of 
either bridged networking or macvtap.



The 'dmz' zone contains br0, br2, eno1, enp1s0, enp1s0.2, and enp1s0.3.
It looks like default that firewall rules aren't applied to bridge
devices so we can ignore those.


Correct:
/usr/lib/sysctl.d/00-system.conf:# Disable netfilter on bridges.
/usr/lib/sysctl.d/00-system.conf:net.bridge.bridge-nf-call-ip6tables = 0
/usr/lib/sysctl.d/00-system.conf:net.bridge.bridge-nf-call-iptables = 0
/usr/lib/sysctl.d/00-system.conf:net.bridge.bridge-nf-call-arptables = 0


enp1s0 is an expected interface for
that zone.  Where it gets muddy is enp1s0, enp1s0.2 and enp1s0.3. Since
the host shouldn't have any IPs on those interfaces, what is the
relevence of having them in the DMZ zone or another zone?


Interfaces are part of some zone, whether an address is assigned or 
not.  In terms of implementation, that means that filtering is set up 
before addresses.  If you set up addresses and then filtering, there's a 
*very* brief window where traffic isn't filtered, and that is bad.



By having
them in the 'dmz' zone, does this mean that host firewall rules
will impact VMs?


Not unless you change the net.bridge.bridge-nf-call-* settings.


I understand that for bridging and vlans to work that I likely need
these forwardings active


No, you don't.  It's active because libvirtd defines a NAT network by 
default, and that one requires IP forwarding.



, but am I opening things up so that (for
example) a maliciously crafted packet seen on the enp1s0.2 interface
could jump onto the dmz subnet on eno1?


Not in the default firewalld rule set.


I have to admit, the firewall-config GUI seems more like it's oriented
to either the local machine or other machines behind NAT, rather than
a router.  (I don't want the host nodes generally acting as routers,
but how can I tell if they are doing so inadvertently?)


Examine the output of "iptables -L -nv" and check all of the ACCEPT rules.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] hosted VMs, VLANs, and firewalld

2016-03-21 Thread Dennis Jacobfeuerborn 
On 21.03.2016 16:57, Gordon Messmer wrote:
> On 03/20/2016 08:51 PM, Devin Reade wrote:
>> In a CentOS 7 test HA cluster I'm building I want both traditional
>> services running on the cluster and VMs running on both nodes
> 
> On a purely subjective note: I think that's a bad design.  One of the
> primary benefits of virtualization and other containers is isolating the
> applications you run from the base OS.  Putting services other than
> virtualization into the system that runs virtualization just makes
> upgrade more difficult later.
> 
>> A given VM will be assigned a single network interface, either in
>> the DMZ, on vlan2, or on vlan3.  Default routes for each of those
>> networks are essentially different gateways.
> 
> What do you mean by "essentially"?
> 
>>   On the DMZ side, the physical interface is eno1 on which is layered
>>   bridge br0.
> ...
>>   On the other network side, the physical interface is enp1s0, on
>>   which is layered bridge br2, on which is layered VLAN devices
>>   enp1s0.2 and enp1s0.3.
> 
> That doesn't make any sense at all.  In what way are enp1s0.2 and
> enp1s0.3 layered on top of the bridge device?
> 
> Look at the output of "brctl show".  Are those two devices slaves of
> br2, like enp1s0 is?  If so, you're bridging the network segments.
> 
> You should have individual bridges for enp1s0, enp1s0.2 and enp1s0.3. 
> If there were any IP addresses needed by the KVM hosts, those would be
> on the bridge devices, just like on br0.
> 

As a side node it is actually possible now to have one bridge to manage
multiple independent vlans. Unfortunately this is basically undocumented
(at least I can't find any decent documentation about this).
One user of this is Cumulus Linux:
https://support.cumulusnetworks.com/hc/en-us/articles/204909397-Comparing-Traditional-Bridge-Mode-to-VLAN-aware-Bridge-Mode

Apparently you can manage this with the "bridge" command. Here is what i
get on my Fedora 22 System:

0 dennis@nexus ~ $ bridge fdb
01:00:5e:00:00:01 dev enp4s0 self permanent
33:33:00:00:00:01 dev enp4s0 self permanent
33:33:ff:ef:69:e6 dev enp4s0 self permanent
01:00:5e:00:00:fb dev enp4s0 self permanent
01:00:5e:00:00:01 dev virbr0 self permanent
01:00:5e:00:00:fb dev virbr0 self permanent
52:54:00:d3:ca:6b dev virbr0-nic master virbr0 permanent
52:54:00:d3:ca:6b dev virbr0-nic vlan 1 master virbr0 permanent
01:00:5e:00:00:01 dev virbr1 self permanent
52:54:00:a6:af:5d dev virbr1-nic vlan 1 master virbr1 permanent
52:54:00:a6:af:5d dev virbr1-nic master virbr1 permanent
0 dennis@nexus ~ $ bridge vlan
portvlan ids
virbr0   1 PVID Egress Untagged

virbr0-nic   1 PVID Egress Untagged

virbr1   1 PVID Egress Untagged

virbr1-nic   1 PVID Egress Untagged

I'm not sure if the CentOS 7 kernel is recent enough to support this but
I thought I'd mention this anyway to make people aware that the "one
bridge per vlan" model is no longer the only one in existence.

Regards,
  Dennis


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] IPSec multiple VPN setups

2016-03-21 Thread Glenn Pierce 
Hi I hope someone can answer something I'm sure is quite basic.

I am following the instructions at
https://www.centos.org/docs/5/html/Deployment_Guide-en-US/ch-vpn.html
On setting up a VPN

The part I am having trouble with is when it show the
/etc/racoon/racoon.conf file.
But it doesn't say whay you have to do with this file.

When I bring up my connection

ifup bicester

I get
RTNETLINK answers: No such device

looking at /var/messages I see

ERROR: failed to bind to address 127.0.0.1[500] (Address already in use).
Mar 21 17:01:05  racoon: ERROR: failed to bind to address *.*.*.*[500]
(Address already in use).
Mar 21 17:01:05  racoon: ERROR: failed to bind to address *.*.*.*[500]
(Address already in use).
Mar 21 17:01:05  racoon: ERROR: failed to bind to address *.*.*.*[500]
(Address already in use).
Mar 21 17:01:05  racoon: ERROR: failed to bind to address ::1[500]
(Address already in use).
Mar 21 17:01:05  racoon: INFO: fe80::bcef:4fff:fe66:82ec%eth0[500]
used as isakmp port (fd=25)

There was an existing setup done long ago.

How can I setup more than one vpn connection (manually as this is a
headless server)
or is that not possible ?

Thanks for any pointers
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] IPSec multiple VPN setups

2016-03-21 Thread Eero Volotinen 
Yes you can. Please use newer version of centos and strong/openswan.

Eero
21.3.2016 7.05 ip. "Glenn Pierce"  kirjoitti:

> Hi I hope someone can answer something I'm sure is quite basic.
>
> I am following the instructions at
> https://www.centos.org/docs/5/html/Deployment_Guide-en-US/ch-vpn.html
> On setting up a VPN
>
> The part I am having trouble with is when it show the
> /etc/racoon/racoon.conf file.
> But it doesn't say whay you have to do with this file.
>
> When I bring up my connection
>
> ifup bicester
>
> I get
> RTNETLINK answers: No such device
>
> looking at /var/messages I see
>
> ERROR: failed to bind to address 127.0.0.1[500] (Address already in use).
> Mar 21 17:01:05  racoon: ERROR: failed to bind to address *.*.*.*[500]
> (Address already in use).
> Mar 21 17:01:05  racoon: ERROR: failed to bind to address *.*.*.*[500]
> (Address already in use).
> Mar 21 17:01:05  racoon: ERROR: failed to bind to address *.*.*.*[500]
> (Address already in use).
> Mar 21 17:01:05  racoon: ERROR: failed to bind to address ::1[500]
> (Address already in use).
> Mar 21 17:01:05  racoon: INFO: fe80::bcef:4fff:fe66:82ec%eth0[500]
> used as isakmp port (fd=25)
>
> There was an existing setup done long ago.
>
> How can I setup more than one vpn connection (manually as this is a
> headless server)
> or is that not possible ?
>
> Thanks for any pointers
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] IPSec multiple VPN setups

2016-03-21 Thread Mike - st257 
I second Eero's comment, use a new IPSec daemon.

Openswan was forked and became Libreswan. Paul, now a RH employee, was a
main developer for the Openswan project before he and others created the
Libreswan fork.
https://libreswan.org/

EL6 has Openswan
EL7 has Libreswan

Racoon isn't all that fun to work with.
If you have the option, ditch it and EL5 and move to a newer platform
(preferably EL7 with Libreswan).


On Mon, Mar 21, 2016 at 1:08 PM, Eero Volotinen 
wrote:

> Yes you can. Please use newer version of centos and strong/openswan.
>
> Eero
> 21.3.2016 7.05 ip. "Glenn Pierce"  kirjoitti:
>
> > Hi I hope someone can answer something I'm sure is quite basic.
> >
> > I am following the instructions at
> > https://www.centos.org/docs/5/html/Deployment_Guide-en-US/ch-vpn.html
> > On setting up a VPN
> >
> > The part I am having trouble with is when it show the
> > /etc/racoon/racoon.conf file.
> > But it doesn't say whay you have to do with this file.
> >
> > When I bring up my connection
> >
> > ifup bicester
> >
> > I get
> > RTNETLINK answers: No such device
> >
> > looking at /var/messages I see
> >
> > ERROR: failed to bind to address 127.0.0.1[500] (Address already in use).
> > Mar 21 17:01:05  racoon: ERROR: failed to bind to address *.*.*.*[500]
> > (Address already in use).
> > Mar 21 17:01:05  racoon: ERROR: failed to bind to address *.*.*.*[500]
> > (Address already in use).
> > Mar 21 17:01:05  racoon: ERROR: failed to bind to address *.*.*.*[500]
> > (Address already in use).
> > Mar 21 17:01:05  racoon: ERROR: failed to bind to address ::1[500]
> > (Address already in use).
> > Mar 21 17:01:05  racoon: INFO: fe80::bcef:4fff:fe66:82ec%eth0[500]
> > used as isakmp port (fd=25)
> >
> > There was an existing setup done long ago.
> >
> > How can I setup more than one vpn connection (manually as this is a
> > headless server)
> > or is that not possible ?
> >
> > Thanks for any pointers
> > ___
> > CentOS mailing list
> > CentOS@centos.org
> > https://lists.centos.org/mailman/listinfo/centos
> >
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>



-- 
---~~.~~---
Mike
//  SilverTip257  //
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] IPSec multiple VPN setups

2016-03-21 Thread Eero Volotinen 
And centos 5 is really soon end of life.

Eero
21.3.2016 7.18 ip. "Mike - st257"  kirjoitti:

> I second Eero's comment, use a new IPSec daemon.
>
> Openswan was forked and became Libreswan. Paul, now a RH employee, was a
> main developer for the Openswan project before he and others created the
> Libreswan fork.
> https://libreswan.org/
>
> EL6 has Openswan
> EL7 has Libreswan
>
> Racoon isn't all that fun to work with.
> If you have the option, ditch it and EL5 and move to a newer platform
> (preferably EL7 with Libreswan).
>
>
> On Mon, Mar 21, 2016 at 1:08 PM, Eero Volotinen 
> wrote:
>
> > Yes you can. Please use newer version of centos and strong/openswan.
> >
> > Eero
> > 21.3.2016 7.05 ip. "Glenn Pierce"  kirjoitti:
> >
> > > Hi I hope someone can answer something I'm sure is quite basic.
> > >
> > > I am following the instructions at
> > > https://www.centos.org/docs/5/html/Deployment_Guide-en-US/ch-vpn.html
> > > On setting up a VPN
> > >
> > > The part I am having trouble with is when it show the
> > > /etc/racoon/racoon.conf file.
> > > But it doesn't say whay you have to do with this file.
> > >
> > > When I bring up my connection
> > >
> > > ifup bicester
> > >
> > > I get
> > > RTNETLINK answers: No such device
> > >
> > > looking at /var/messages I see
> > >
> > > ERROR: failed to bind to address 127.0.0.1[500] (Address already in
> use).
> > > Mar 21 17:01:05  racoon: ERROR: failed to bind to address *.*.*.*[500]
> > > (Address already in use).
> > > Mar 21 17:01:05  racoon: ERROR: failed to bind to address *.*.*.*[500]
> > > (Address already in use).
> > > Mar 21 17:01:05  racoon: ERROR: failed to bind to address *.*.*.*[500]
> > > (Address already in use).
> > > Mar 21 17:01:05  racoon: ERROR: failed to bind to address ::1[500]
> > > (Address already in use).
> > > Mar 21 17:01:05  racoon: INFO: fe80::bcef:4fff:fe66:82ec%eth0[500]
> > > used as isakmp port (fd=25)
> > >
> > > There was an existing setup done long ago.
> > >
> > > How can I setup more than one vpn connection (manually as this is a
> > > headless server)
> > > or is that not possible ?
> > >
> > > Thanks for any pointers
> > > ___
> > > CentOS mailing list
> > > CentOS@centos.org
> > > https://lists.centos.org/mailman/listinfo/centos
> > >
> > ___
> > CentOS mailing list
> > CentOS@centos.org
> > https://lists.centos.org/mailman/listinfo/centos
> >
>
>
>
> --
> ---~~.~~---
> Mike
> //  SilverTip257  //
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] IPSec multiple VPN setups

2016-03-21 Thread Mike - st257 
On Mon, Mar 21, 2016 at 1:17 PM, Mike - st257 
wrote:

> I second Eero's comment, use a new IPSec daemon.
>
> Openswan was forked and became Libreswan. Paul, now a RH employee, was a
> main developer for the Openswan project before he and others created the
> Libreswan fork.
> https://libreswan.org/
>
> EL6 has Openswan
> EL7 has Libreswan
>
> Racoon isn't all that fun to work with.
> If you have the option, ditch it and EL5 and move to a newer platform
> (preferably EL7 with Libreswan).
>

There's an RPM spec file (though I've not used it) for building Openswan
for EL5.
https://github.com/xelerance/Openswan/tree/master/packaging/centos5

Additionally, here's some info but I advise against the Racoon IPSec daemon.
https://www.centos.org/docs/5/html/5.2/Deployment_Guide/sec-racoon-conf.html
https://wiki.debian.org/IPsec


>
>
> On Mon, Mar 21, 2016 at 1:08 PM, Eero Volotinen 
> wrote:
>
>> Yes you can. Please use newer version of centos and strong/openswan.
>>
>> Eero
>> 21.3.2016 7.05 ip. "Glenn Pierce"  kirjoitti:
>>
>> > Hi I hope someone can answer something I'm sure is quite basic.
>> >
>> > I am following the instructions at
>> > https://www.centos.org/docs/5/html/Deployment_Guide-en-US/ch-vpn.html
>> > On setting up a VPN
>> >
>> > The part I am having trouble with is when it show the
>> > /etc/racoon/racoon.conf file.
>> > But it doesn't say whay you have to do with this file.
>> >
>> > When I bring up my connection
>> >
>> > ifup bicester
>> >
>> > I get
>> > RTNETLINK answers: No such device
>> >
>> > looking at /var/messages I see
>> >
>> > ERROR: failed to bind to address 127.0.0.1[500] (Address already in
>> use).
>> > Mar 21 17:01:05  racoon: ERROR: failed to bind to address *.*.*.*[500]
>> > (Address already in use).
>> > Mar 21 17:01:05  racoon: ERROR: failed to bind to address *.*.*.*[500]
>> > (Address already in use).
>> > Mar 21 17:01:05  racoon: ERROR: failed to bind to address *.*.*.*[500]
>> > (Address already in use).
>> > Mar 21 17:01:05  racoon: ERROR: failed to bind to address ::1[500]
>> > (Address already in use).
>> > Mar 21 17:01:05  racoon: INFO: fe80::bcef:4fff:fe66:82ec%eth0[500]
>> > used as isakmp port (fd=25)
>> >
>> > There was an existing setup done long ago.
>> >
>> > How can I setup more than one vpn connection (manually as this is a
>> > headless server)
>> > or is that not possible ?
>> >
>> > Thanks for any pointers
>> > ___
>> > CentOS mailing list
>> > CentOS@centos.org
>> > https://lists.centos.org/mailman/listinfo/centos
>> >
>> ___
>> CentOS mailing list
>> CentOS@centos.org
>> https://lists.centos.org/mailman/listinfo/centos
>>
>
>
>
> --
> ---~~.~~---
> Mike
> //  SilverTip257  //
>



-- 
---~~.~~---
Mike
//  SilverTip257  //
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] IPSec multiple VPN setups

2016-03-21 Thread Eero Volotinen 
Centos 5 is still soon end of life. Using it as ipsec gateway is ..

Eero
21.3.2016 7.25 ip. "Mike - st257"  kirjoitti:

> On Mon, Mar 21, 2016 at 1:17 PM, Mike - st257 
> wrote:
>
> > I second Eero's comment, use a new IPSec daemon.
> >
> > Openswan was forked and became Libreswan. Paul, now a RH employee, was a
> > main developer for the Openswan project before he and others created the
> > Libreswan fork.
> > https://libreswan.org/
> >
> > EL6 has Openswan
> > EL7 has Libreswan
> >
> > Racoon isn't all that fun to work with.
> > If you have the option, ditch it and EL5 and move to a newer platform
> > (preferably EL7 with Libreswan).
> >
>
> There's an RPM spec file (though I've not used it) for building Openswan
> for EL5.
> https://github.com/xelerance/Openswan/tree/master/packaging/centos5
>
> Additionally, here's some info but I advise against the Racoon IPSec
> daemon.
>
> https://www.centos.org/docs/5/html/5.2/Deployment_Guide/sec-racoon-conf.html
> https://wiki.debian.org/IPsec
>
>
> >
> >
> > On Mon, Mar 21, 2016 at 1:08 PM, Eero Volotinen 
> > wrote:
> >
> >> Yes you can. Please use newer version of centos and strong/openswan.
> >>
> >> Eero
> >> 21.3.2016 7.05 ip. "Glenn Pierce"  kirjoitti:
> >>
> >> > Hi I hope someone can answer something I'm sure is quite basic.
> >> >
> >> > I am following the instructions at
> >> > https://www.centos.org/docs/5/html/Deployment_Guide-en-US/ch-vpn.html
> >> > On setting up a VPN
> >> >
> >> > The part I am having trouble with is when it show the
> >> > /etc/racoon/racoon.conf file.
> >> > But it doesn't say whay you have to do with this file.
> >> >
> >> > When I bring up my connection
> >> >
> >> > ifup bicester
> >> >
> >> > I get
> >> > RTNETLINK answers: No such device
> >> >
> >> > looking at /var/messages I see
> >> >
> >> > ERROR: failed to bind to address 127.0.0.1[500] (Address already in
> >> use).
> >> > Mar 21 17:01:05  racoon: ERROR: failed to bind to address *.*.*.*[500]
> >> > (Address already in use).
> >> > Mar 21 17:01:05  racoon: ERROR: failed to bind to address *.*.*.*[500]
> >> > (Address already in use).
> >> > Mar 21 17:01:05  racoon: ERROR: failed to bind to address *.*.*.*[500]
> >> > (Address already in use).
> >> > Mar 21 17:01:05  racoon: ERROR: failed to bind to address ::1[500]
> >> > (Address already in use).
> >> > Mar 21 17:01:05  racoon: INFO: fe80::bcef:4fff:fe66:82ec%eth0[500]
> >> > used as isakmp port (fd=25)
> >> >
> >> > There was an existing setup done long ago.
> >> >
> >> > How can I setup more than one vpn connection (manually as this is a
> >> > headless server)
> >> > or is that not possible ?
> >> >
> >> > Thanks for any pointers
> >> > ___
> >> > CentOS mailing list
> >> > CentOS@centos.org
> >> > https://lists.centos.org/mailman/listinfo/centos
> >> >
> >> ___
> >> CentOS mailing list
> >> CentOS@centos.org
> >> https://lists.centos.org/mailman/listinfo/centos
> >>
> >
> >
> >
> > --
> > ---~~.~~---
> > Mike
> > //  SilverTip257  //
> >
>
>
>
> --
> ---~~.~~---
> Mike
> //  SilverTip257  //
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] IPSec multiple VPN setups

2016-03-21 Thread Glenn Pierce 
Will ask my boss :) We are hosted on memset so not so easy to update

Thanks

On 21 March 2016 at 17:36, Eero Volotinen  wrote:
> Centos 5 is still soon end of life. Using it as ipsec gateway is ..
>
> Eero
> 21.3.2016 7.25 ip. "Mike - st257"  kirjoitti:
>
>> On Mon, Mar 21, 2016 at 1:17 PM, Mike - st257 
>> wrote:
>>
>> > I second Eero's comment, use a new IPSec daemon.
>> >
>> > Openswan was forked and became Libreswan. Paul, now a RH employee, was a
>> > main developer for the Openswan project before he and others created the
>> > Libreswan fork.
>> > https://libreswan.org/
>> >
>> > EL6 has Openswan
>> > EL7 has Libreswan
>> >
>> > Racoon isn't all that fun to work with.
>> > If you have the option, ditch it and EL5 and move to a newer platform
>> > (preferably EL7 with Libreswan).
>> >
>>
>> There's an RPM spec file (though I've not used it) for building Openswan
>> for EL5.
>> https://github.com/xelerance/Openswan/tree/master/packaging/centos5
>>
>> Additionally, here's some info but I advise against the Racoon IPSec
>> daemon.
>>
>> https://www.centos.org/docs/5/html/5.2/Deployment_Guide/sec-racoon-conf.html
>> https://wiki.debian.org/IPsec
>>
>>
>> >
>> >
>> > On Mon, Mar 21, 2016 at 1:08 PM, Eero Volotinen 
>> > wrote:
>> >
>> >> Yes you can. Please use newer version of centos and strong/openswan.
>> >>
>> >> Eero
>> >> 21.3.2016 7.05 ip. "Glenn Pierce"  kirjoitti:
>> >>
>> >> > Hi I hope someone can answer something I'm sure is quite basic.
>> >> >
>> >> > I am following the instructions at
>> >> > https://www.centos.org/docs/5/html/Deployment_Guide-en-US/ch-vpn.html
>> >> > On setting up a VPN
>> >> >
>> >> > The part I am having trouble with is when it show the
>> >> > /etc/racoon/racoon.conf file.
>> >> > But it doesn't say whay you have to do with this file.
>> >> >
>> >> > When I bring up my connection
>> >> >
>> >> > ifup bicester
>> >> >
>> >> > I get
>> >> > RTNETLINK answers: No such device
>> >> >
>> >> > looking at /var/messages I see
>> >> >
>> >> > ERROR: failed to bind to address 127.0.0.1[500] (Address already in
>> >> use).
>> >> > Mar 21 17:01:05  racoon: ERROR: failed to bind to address *.*.*.*[500]
>> >> > (Address already in use).
>> >> > Mar 21 17:01:05  racoon: ERROR: failed to bind to address *.*.*.*[500]
>> >> > (Address already in use).
>> >> > Mar 21 17:01:05  racoon: ERROR: failed to bind to address *.*.*.*[500]
>> >> > (Address already in use).
>> >> > Mar 21 17:01:05  racoon: ERROR: failed to bind to address ::1[500]
>> >> > (Address already in use).
>> >> > Mar 21 17:01:05  racoon: INFO: fe80::bcef:4fff:fe66:82ec%eth0[500]
>> >> > used as isakmp port (fd=25)
>> >> >
>> >> > There was an existing setup done long ago.
>> >> >
>> >> > How can I setup more than one vpn connection (manually as this is a
>> >> > headless server)
>> >> > or is that not possible ?
>> >> >
>> >> > Thanks for any pointers
>> >> > ___
>> >> > CentOS mailing list
>> >> > CentOS@centos.org
>> >> > https://lists.centos.org/mailman/listinfo/centos
>> >> >
>> >> ___
>> >> CentOS mailing list
>> >> CentOS@centos.org
>> >> https://lists.centos.org/mailman/listinfo/centos
>> >>
>> >
>> >
>> >
>> > --
>> > ---~~.~~---
>> > Mike
>> > //  SilverTip257  //
>> >
>>
>>
>>
>> --
>> ---~~.~~---
>> Mike
>> //  SilverTip257  //
>> ___
>> CentOS mailing list
>> CentOS@centos.org
>> https://lists.centos.org/mailman/listinfo/centos
>>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] IPSec multiple VPN setups

2016-03-21 Thread Eero Volotinen 
Err. Sounds like security nightmare.
21.3.2016 7.47 ip. "Glenn Pierce"  kirjoitti:

> Will ask my boss :) We are hosted on memset so not so easy to update
>
> Thanks
>
> On 21 March 2016 at 17:36, Eero Volotinen  wrote:
> > Centos 5 is still soon end of life. Using it as ipsec gateway is ..
> >
> > Eero
> > 21.3.2016 7.25 ip. "Mike - st257"  kirjoitti:
> >
> >> On Mon, Mar 21, 2016 at 1:17 PM, Mike - st257 
> >> wrote:
> >>
> >> > I second Eero's comment, use a new IPSec daemon.
> >> >
> >> > Openswan was forked and became Libreswan. Paul, now a RH employee,
> was a
> >> > main developer for the Openswan project before he and others created
> the
> >> > Libreswan fork.
> >> > https://libreswan.org/
> >> >
> >> > EL6 has Openswan
> >> > EL7 has Libreswan
> >> >
> >> > Racoon isn't all that fun to work with.
> >> > If you have the option, ditch it and EL5 and move to a newer platform
> >> > (preferably EL7 with Libreswan).
> >> >
> >>
> >> There's an RPM spec file (though I've not used it) for building Openswan
> >> for EL5.
> >> https://github.com/xelerance/Openswan/tree/master/packaging/centos5
> >>
> >> Additionally, here's some info but I advise against the Racoon IPSec
> >> daemon.
> >>
> >>
> https://www.centos.org/docs/5/html/5.2/Deployment_Guide/sec-racoon-conf.html
> >> https://wiki.debian.org/IPsec
> >>
> >>
> >> >
> >> >
> >> > On Mon, Mar 21, 2016 at 1:08 PM, Eero Volotinen <
> eero.voloti...@iki.fi>
> >> > wrote:
> >> >
> >> >> Yes you can. Please use newer version of centos and strong/openswan.
> >> >>
> >> >> Eero
> >> >> 21.3.2016 7.05 ip. "Glenn Pierce"  kirjoitti:
> >> >>
> >> >> > Hi I hope someone can answer something I'm sure is quite basic.
> >> >> >
> >> >> > I am following the instructions at
> >> >> >
> https://www.centos.org/docs/5/html/Deployment_Guide-en-US/ch-vpn.html
> >> >> > On setting up a VPN
> >> >> >
> >> >> > The part I am having trouble with is when it show the
> >> >> > /etc/racoon/racoon.conf file.
> >> >> > But it doesn't say whay you have to do with this file.
> >> >> >
> >> >> > When I bring up my connection
> >> >> >
> >> >> > ifup bicester
> >> >> >
> >> >> > I get
> >> >> > RTNETLINK answers: No such device
> >> >> >
> >> >> > looking at /var/messages I see
> >> >> >
> >> >> > ERROR: failed to bind to address 127.0.0.1[500] (Address already in
> >> >> use).
> >> >> > Mar 21 17:01:05  racoon: ERROR: failed to bind to address
> *.*.*.*[500]
> >> >> > (Address already in use).
> >> >> > Mar 21 17:01:05  racoon: ERROR: failed to bind to address
> *.*.*.*[500]
> >> >> > (Address already in use).
> >> >> > Mar 21 17:01:05  racoon: ERROR: failed to bind to address
> *.*.*.*[500]
> >> >> > (Address already in use).
> >> >> > Mar 21 17:01:05  racoon: ERROR: failed to bind to address ::1[500]
> >> >> > (Address already in use).
> >> >> > Mar 21 17:01:05  racoon: INFO: fe80::bcef:4fff:fe66:82ec%eth0[500]
> >> >> > used as isakmp port (fd=25)
> >> >> >
> >> >> > There was an existing setup done long ago.
> >> >> >
> >> >> > How can I setup more than one vpn connection (manually as this is a
> >> >> > headless server)
> >> >> > or is that not possible ?
> >> >> >
> >> >> > Thanks for any pointers
> >> >> > ___
> >> >> > CentOS mailing list
> >> >> > CentOS@centos.org
> >> >> > https://lists.centos.org/mailman/listinfo/centos
> >> >> >
> >> >> ___
> >> >> CentOS mailing list
> >> >> CentOS@centos.org
> >> >> https://lists.centos.org/mailman/listinfo/centos
> >> >>
> >> >
> >> >
> >> >
> >> > --
> >> > ---~~.~~---
> >> > Mike
> >> > //  SilverTip257  //
> >> >
> >>
> >>
> >>
> >> --
> >> ---~~.~~---
> >> Mike
> >> //  SilverTip257  //
> >> ___
> >> CentOS mailing list
> >> CentOS@centos.org
> >> https://lists.centos.org/mailman/listinfo/centos
> >>
> > ___
> > CentOS mailing list
> > CentOS@centos.org
> > https://lists.centos.org/mailman/listinfo/centos
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] IPSec multiple VPN setups

2016-03-21 Thread m . roth 
Glenn Pierce wrote:
> Will ask my boss :) We are hosted on memset so not so easy to update
>
> Thanks

Um, wait a minute: you're hosted? And they haven't pushed you to 6 years
ago? They haven't sent warnings that 5 was hitting eol?

Who are they, please? I want to make sure that if someone asks me about
hosting, I can add that to places they should avoid.

mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] IPSec multiple VPN setups

2016-03-21 Thread Eero Volotinen 
Memset.com ? In real world, rhel 5/centos 5 gets only critical security
patches.

Eero
21.3.2016 7.54 ip.  kirjoitti:

> Glenn Pierce wrote:
> > Will ask my boss :) We are hosted on memset so not so easy to update
> >
> > Thanks
>
> Um, wait a minute: you're hosted? And they haven't pushed you to 6 years
> ago? They haven't sent warnings that 5 was hitting eol?
>
> Who are they, please? I want to make sure that if someone asks me about
> hosting, I can add that to places they should avoid.
>
> mark
>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] IPSec multiple VPN setups

2016-03-21 Thread Glenn Pierce 
To be fair its not highly sensitive info we are dealing with.

-Original Message-
From: "Eero Volotinen" 
Sent: ‎21/‎03/‎2016 17:51
To: "CentOS mailing list" 
Subject: Re: [CentOS] IPSec multiple VPN setups

Err. Sounds like security nightmare.
21.3.2016 7.47 ip. "Glenn Pierce"  kirjoitti:

> Will ask my boss :) We are hosted on memset so not so easy to update
>
> Thanks
>
> On 21 March 2016 at 17:36, Eero Volotinen  wrote:
> > Centos 5 is still soon end of life. Using it as ipsec gateway is ..
> >
> > Eero
> > 21.3.2016 7.25 ip. "Mike - st257"  kirjoitti:
> >
> >> On Mon, Mar 21, 2016 at 1:17 PM, Mike - st257 
> >> wrote:
> >>
> >> > I second Eero's comment, use a new IPSec daemon.
> >> >
> >> > Openswan was forked and became Libreswan. Paul, now a RH employee,
> was a
> >> > main developer for the Openswan project before he and others created
> the
> >> > Libreswan fork.
> >> > https://libreswan.org/
> >> >
> >> > EL6 has Openswan
> >> > EL7 has Libreswan
> >> >
> >> > Racoon isn't all that fun to work with.
> >> > If you have the option, ditch it and EL5 and move to a newer platform
> >> > (preferably EL7 with Libreswan).
> >> >
> >>
> >> There's an RPM spec file (though I've not used it) for building Openswan
> >> for EL5.
> >> https://github.com/xelerance/Openswan/tree/master/packaging/centos5
> >>
> >> Additionally, here's some info but I advise against the Racoon IPSec
> >> daemon.
> >>
> >>
> https://www.centos.org/docs/5/html/5.2/Deployment_Guide/sec-racoon-conf.html
> >> https://wiki.debian.org/IPsec
> >>
> >>
> >> >
> >> >
> >> > On Mon, Mar 21, 2016 at 1:08 PM, Eero Volotinen <
> eero.voloti...@iki.fi>
> >> > wrote:
> >> >
> >> >> Yes you can. Please use newer version of centos and strong/openswan.
> >> >>
> >> >> Eero
> >> >> 21.3.2016 7.05 ip. "Glenn Pierce"  kirjoitti:
> >> >>
> >> >> > Hi I hope someone can answer something I'm sure is quite basic.
> >> >> >
> >> >> > I am following the instructions at
> >> >> >
> https://www.centos.org/docs/5/html/Deployment_Guide-en-US/ch-vpn.html
> >> >> > On setting up a VPN
> >> >> >
> >> >> > The part I am having trouble with is when it show the
> >> >> > /etc/racoon/racoon.conf file.
> >> >> > But it doesn't say whay you have to do with this file.
> >> >> >
> >> >> > When I bring up my connection
> >> >> >
> >> >> > ifup bicester
> >> >> >
> >> >> > I get
> >> >> > RTNETLINK answers: No such device
> >> >> >
> >> >> > looking at /var/messages I see
> >> >> >
> >> >> > ERROR: failed to bind to address 127.0.0.1[500] (Address already in
> >> >> use).
> >> >> > Mar 21 17:01:05  racoon: ERROR: failed to bind to address
> *.*.*.*[500]
> >> >> > (Address already in use).
> >> >> > Mar 21 17:01:05  racoon: ERROR: failed to bind to address
> *.*.*.*[500]
> >> >> > (Address already in use).
> >> >> > Mar 21 17:01:05  racoon: ERROR: failed to bind to address
> *.*.*.*[500]
> >> >> > (Address already in use).
> >> >> > Mar 21 17:01:05  racoon: ERROR: failed to bind to address ::1[500]
> >> >> > (Address already in use).
> >> >> > Mar 21 17:01:05  racoon: INFO: fe80::bcef:4fff:fe66:82ec%eth0[500]
> >> >> > used as isakmp port (fd=25)
> >> >> >
> >> >> > There was an existing setup done long ago.
> >> >> >
> >> >> > How can I setup more than one vpn connection (manually as this is a
> >> >> > headless server)
> >> >> > or is that not possible ?
> >> >> >
> >> >> > Thanks for any pointers
> >> >> > ___
> >> >> > CentOS mailing list
> >> >> > CentOS@centos.org
> >> >> > https://lists.centos.org/mailman/listinfo/centos
> >> >> >
> >> >> ___
> >> >> CentOS mailing list
> >> >> CentOS@centos.org
> >> >> https://lists.centos.org/mailman/listinfo/centos
> >> >>
> >> >
> >> >
> >> >
> >> > --
> >> > ---~~.~~---
> >> > Mike
> >> > //  SilverTip257  //
> >> >
> >>
> >>
> >>
> >> --
> >> ---~~.~~---
> >> Mike
> >> //  SilverTip257  //
> >> ___
> >> CentOS mailing list
> >> CentOS@centos.org
> >> https://lists.centos.org/mailman/listinfo/centos
> >>
> > ___
> > CentOS mailing list
> > CentOS@centos.org
> > https://lists.centos.org/mailman/listinfo/centos
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] IPSec multiple VPN setups

2016-03-21 Thread m . roth 
Glenn Pierce wrote:
> To be fair its not highly sensitive info we are dealing with.
>
That doesn't matter. Do you drive a car that's leaking oil, and the engine
check light has been on for months, and just put gas in, and not worry
about adding more oil, or going to a mechanic?

   mark

> -Original Message-
> From: "Eero Volotinen" 
> Sent: ‎21/‎03/‎2016 17:51
> To: "CentOS mailing list" 
> Subject: Re: [CentOS] IPSec multiple VPN setups
>
> Err. Sounds like security nightmare.
> 21.3.2016 7.47 ip. "Glenn Pierce"  kirjoitti:
>
>> Will ask my boss :) We are hosted on memset so not so easy to update
>>
>> Thanks
>>
>> On 21 March 2016 at 17:36, Eero Volotinen  wrote:
>> > Centos 5 is still soon end of life. Using it as ipsec gateway is ..
>> >
>> > Eero
>> > 21.3.2016 7.25 ip. "Mike - st257"  kirjoitti:
>> >
>> >> On Mon, Mar 21, 2016 at 1:17 PM, Mike - st257
>> 
>> >> wrote:
>> >>
>> >> > I second Eero's comment, use a new IPSec daemon.
>> >> >
>> >> > Openswan was forked and became Libreswan. Paul, now a RH employee,
>> was a
>> >> > main developer for the Openswan project before he and others
>> created
>> the
>> >> > Libreswan fork.
>> >> > https://libreswan.org/
>> >> >
>> >> > EL6 has Openswan
>> >> > EL7 has Libreswan
>> >> >
>> >> > Racoon isn't all that fun to work with.
>> >> > If you have the option, ditch it and EL5 and move to a newer
>> platform
>> >> > (preferably EL7 with Libreswan).
>> >> >
>> >>
>> >> There's an RPM spec file (though I've not used it) for building
>> Openswan
>> >> for EL5.
>> >> https://github.com/xelerance/Openswan/tree/master/packaging/centos5
>> >>
>> >> Additionally, here's some info but I advise against the Racoon IPSec
>> >> daemon.
>> >>
>> >>
>> https://www.centos.org/docs/5/html/5.2/Deployment_Guide/sec-racoon-conf.html
>> >> https://wiki.debian.org/IPsec
>> >>
>> >>
>> >> >
>> >> >
>> >> > On Mon, Mar 21, 2016 at 1:08 PM, Eero Volotinen <
>> eero.voloti...@iki.fi>
>> >> > wrote:
>> >> >
>> >> >> Yes you can. Please use newer version of centos and
>> strong/openswan.
>> >> >>
>> >> >> Eero
>> >> >> 21.3.2016 7.05 ip. "Glenn Pierce" 
>> kirjoitti:
>> >> >>
>> >> >> > Hi I hope someone can answer something I'm sure is quite basic.
>> >> >> >
>> >> >> > I am following the instructions at
>> >> >> >
>> https://www.centos.org/docs/5/html/Deployment_Guide-en-US/ch-vpn.html
>> >> >> > On setting up a VPN
>> >> >> >
>> >> >> > The part I am having trouble with is when it show the
>> >> >> > /etc/racoon/racoon.conf file.
>> >> >> > But it doesn't say whay you have to do with this file.
>> >> >> >
>> >> >> > When I bring up my connection
>> >> >> >
>> >> >> > ifup bicester
>> >> >> >
>> >> >> > I get
>> >> >> > RTNETLINK answers: No such device
>> >> >> >
>> >> >> > looking at /var/messages I see
>> >> >> >
>> >> >> > ERROR: failed to bind to address 127.0.0.1[500] (Address already
>> in
>> >> >> use).
>> >> >> > Mar 21 17:01:05  racoon: ERROR: failed to bind to address
>> *.*.*.*[500]
>> >> >> > (Address already in use).
>> >> >> > Mar 21 17:01:05  racoon: ERROR: failed to bind to address
>> *.*.*.*[500]
>> >> >> > (Address already in use).
>> >> >> > Mar 21 17:01:05  racoon: ERROR: failed to bind to address
>> *.*.*.*[500]
>> >> >> > (Address already in use).
>> >> >> > Mar 21 17:01:05  racoon: ERROR: failed to bind to address
>> ::1[500]
>> >> >> > (Address already in use).
>> >> >> > Mar 21 17:01:05  racoon: INFO:
>> fe80::bcef:4fff:fe66:82ec%eth0[500]
>> >> >> > used as isakmp port (fd=25)
>> >> >> >
>> >> >> > There was an existing setup done long ago.
>> >> >> >
>> >> >> > How can I setup more than one vpn connection (manually as this
>> is a
>> >> >> > headless server)
>> >> >> > or is that not possible ?
>> >> >> >
>> >> >> > Thanks for any pointers
>> >> >> > ___
>> >> >> > CentOS mailing list
>> >> >> > CentOS@centos.org
>> >> >> > https://lists.centos.org/mailman/listinfo/centos
>> >> >> >
>> >> >> ___
>> >> >> CentOS mailing list
>> >> >> CentOS@centos.org
>> >> >> https://lists.centos.org/mailman/listinfo/centos
>> >> >>
>> >> >
>> >> >
>> >> >
>> >> > --
>> >> > ---~~.~~---
>> >> > Mike
>> >> > //  SilverTip257  //
>> >> >
>> >>
>> >>
>> >>
>> >> --
>> >> ---~~.~~---
>> >> Mike
>> >> //  SilverTip257  //
>> >> ___
>> >> CentOS mailing list
>> >> CentOS@centos.org
>> >> https://lists.centos.org/mailman/listinfo/centos
>> >>
>> > ___
>> > CentOS mailing list
>> > CentOS@centos.org
>> > https://lists.centos.org/mailman/listinfo/centos
>> ___
>> CentOS mailing list
>> CentOS@centos.org
>> https://lists.centos.org/mailman/listinfo/centos
>>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
> ___
> Cen

Re: [CentOS] IPSec multiple VPN setups

2016-03-21 Thread Glenn Pierce 
I asked about upgrading once and got no reply. Does anyone have experience of 
having a hosted centos upgraded on a virtual server. Would you usually have to 
pay for a transition instance ?

-Original Message-
From: "Eero Volotinen" 
Sent: ‎21/‎03/‎2016 18:11
To: "CentOS mailing list" 
Subject: Re: [CentOS] IPSec multiple VPN setups

Memset.com ? In real world, rhel 5/centos 5 gets only critical security
patches.

Eero
21.3.2016 7.54 ip.  kirjoitti:

> Glenn Pierce wrote:
> > Will ask my boss :) We are hosted on memset so not so easy to update
> >
> > Thanks
>
> Um, wait a minute: you're hosted? And they haven't pushed you to 6 years
> ago? They haven't sent warnings that 5 was hitting eol?
>
> Who are they, please? I want to make sure that if someone asks me about
> hosting, I can add that to places they should avoid.
>
> mark
>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] IPSec multiple VPN setups

2016-03-21 Thread m . roth 
Glenn Pierce wrote:
> I asked about upgrading once and got no reply. Does anyone have experience
> of having a hosted centos upgraded on a virtual server. Would you usually
> have to pay for a transition instance ?
>
I pay for my own hosting (5-cent.us) at hostmonster. They've done
upgrades, and they announced it to *me*, and no, I didn't pay anything.
And I'm just a "consumer grade" - something like $6US/month.

I would expect *far* more for commercial hosting.

  mark

> -Original Message-
> From: "Eero Volotinen" 
> Sent: ‎21/‎03/‎2016 18:11
> To: "CentOS mailing list" 
> Subject: Re: [CentOS] IPSec multiple VPN setups
>
> Memset.com ? In real world, rhel 5/centos 5 gets only critical security
> patches.
>
> Eero
> 21.3.2016 7.54 ip.  kirjoitti:
>
>> Glenn Pierce wrote:
>> > Will ask my boss :) We are hosted on memset so not so easy to update
>> >
>> > Thanks
>>
>> Um, wait a minute: you're hosted? And they haven't pushed you to 6 years
>> ago? They haven't sent warnings that 5 was hitting eol?
>>
>> Who are they, please? I want to make sure that if someone asks me about
>> hosting, I can add that to places they should avoid.
>>
>> mark
>>
>> ___
>> CentOS mailing list
>> CentOS@centos.org
>> https://lists.centos.org/mailman/listinfo/centos
>>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] IPSec multiple VPN setups

2016-03-21 Thread Eero Volotinen 
err. upgrades?

You mean reinstall? As upgrading between major releases are not supported
in any way on centos / rhel and clones..

--
Eero

2016-03-21 20:33 GMT+02:00 :

> Glenn Pierce wrote:
> > I asked about upgrading once and got no reply. Does anyone have
> experience
> > of having a hosted centos upgraded on a virtual server. Would you usually
> > have to pay for a transition instance ?
> >
> I pay for my own hosting (5-cent.us) at hostmonster. They've done
> upgrades, and they announced it to *me*, and no, I didn't pay anything.
> And I'm just a "consumer grade" - something like $6US/month.
>
> I would expect *far* more for commercial hosting.
>
>   mark
>
> > -Original Message-
> > From: "Eero Volotinen" 
> > Sent: ‎21/‎03/‎2016 18:11
> > To: "CentOS mailing list" 
> > Subject: Re: [CentOS] IPSec multiple VPN setups
> >
> > Memset.com ? In real world, rhel 5/centos 5 gets only critical security
> > patches.
> >
> > Eero
> > 21.3.2016 7.54 ip.  kirjoitti:
> >
> >> Glenn Pierce wrote:
> >> > Will ask my boss :) We are hosted on memset so not so easy to update
> >> >
> >> > Thanks
> >>
> >> Um, wait a minute: you're hosted? And they haven't pushed you to 6 years
> >> ago? They haven't sent warnings that 5 was hitting eol?
> >>
> >> Who are they, please? I want to make sure that if someone asks me about
> >> hosting, I can add that to places they should avoid.
> >>
> >> mark
> >>
> >> ___
> >> CentOS mailing list
> >> CentOS@centos.org
> >> https://lists.centos.org/mailman/listinfo/centos
> >>
> > ___
> > CentOS mailing list
> > CentOS@centos.org
> > https://lists.centos.org/mailman/listinfo/centos
> > ___
> > CentOS mailing list
> > CentOS@centos.org
> > https://lists.centos.org/mailman/listinfo/centos
> >
>
>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] IPSec multiple VPN setups

2016-03-21 Thread Glenn Pierce 
Yes reinstall. I get you have to purchase a new instance for a time to move 
over. 

-Original Message-
From: "Eero Volotinen" 
Sent: ‎21/‎03/‎2016 18:38
To: "CentOS mailing list" 
Subject: Re: [CentOS] IPSec multiple VPN setups

err. upgrades?

You mean reinstall? As upgrading between major releases are not supported
in any way on centos / rhel and clones..

--
Eero

2016-03-21 20:33 GMT+02:00 :

> Glenn Pierce wrote:
> > I asked about upgrading once and got no reply. Does anyone have
> experience
> > of having a hosted centos upgraded on a virtual server. Would you usually
> > have to pay for a transition instance ?
> >
> I pay for my own hosting (5-cent.us) at hostmonster. They've done
> upgrades, and they announced it to *me*, and no, I didn't pay anything.
> And I'm just a "consumer grade" - something like $6US/month.
>
> I would expect *far* more for commercial hosting.
>
>   mark
>
> > -Original Message-
> > From: "Eero Volotinen" 
> > Sent: ‎21/‎03/‎2016 18:11
> > To: "CentOS mailing list" 
> > Subject: Re: [CentOS] IPSec multiple VPN setups
> >
> > Memset.com ? In real world, rhel 5/centos 5 gets only critical security
> > patches.
> >
> > Eero
> > 21.3.2016 7.54 ip.  kirjoitti:
> >
> >> Glenn Pierce wrote:
> >> > Will ask my boss :) We are hosted on memset so not so easy to update
> >> >
> >> > Thanks
> >>
> >> Um, wait a minute: you're hosted? And they haven't pushed you to 6 years
> >> ago? They haven't sent warnings that 5 was hitting eol?
> >>
> >> Who are they, please? I want to make sure that if someone asks me about
> >> hosting, I can add that to places they should avoid.
> >>
> >> mark
> >>
> >> ___
> >> CentOS mailing list
> >> CentOS@centos.org
> >> https://lists.centos.org/mailman/listinfo/centos
> >>
> > ___
> > CentOS mailing list
> > CentOS@centos.org
> > https://lists.centos.org/mailman/listinfo/centos
> > ___
> > CentOS mailing list
> > CentOS@centos.org
> > https://lists.centos.org/mailman/listinfo/centos
> >
>
>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] IPSec multiple VPN setups

2016-03-21 Thread m . roth 
Eero Volotinen wrote:
> err. upgrades?
>
> You mean reinstall? As upgrading between major releases are not supported
> in any way on centos / rhel and clones..
>
Of course. Now, I haven't looked recently, but I do vaguely remember them
telling me they were moving me to an upgraded system; my website runs perl
CGI, and that's about it, the rest is *all* straight HTML, so I doubt I
would have noticed much.

  mark
> --
> Eero
>
> 2016-03-21 20:33 GMT+02:00 :
>
>> Glenn Pierce wrote:
>> > I asked about upgrading once and got no reply. Does anyone have
>> experience
>> > of having a hosted centos upgraded on a virtual server. Would you
>> usually
>> > have to pay for a transition instance ?
>> >
>> I pay for my own hosting (5-cent.us) at hostmonster. They've done
>> upgrades, and they announced it to *me*, and no, I didn't pay anything.
>> And I'm just a "consumer grade" - something like $6US/month.
>>
>> I would expect *far* more for commercial hosting.
>>
>>   mark
>>
>> > -Original Message-
>> > From: "Eero Volotinen" 
>> > Sent: ‎21/‎03/‎2016 18:11
>> > To: "CentOS mailing list" 
>> > Subject: Re: [CentOS] IPSec multiple VPN setups
>> >
>> > Memset.com ? In real world, rhel 5/centos 5 gets only critical
>> security
>> > patches.
>> >
>> > Eero
>> > 21.3.2016 7.54 ip.  kirjoitti:
>> >
>> >> Glenn Pierce wrote:
>> >> > Will ask my boss :) We are hosted on memset so not so easy to
>> update
>> >> >
>> >> > Thanks
>> >>
>> >> Um, wait a minute: you're hosted? And they haven't pushed you to 6
>> years
>> >> ago? They haven't sent warnings that 5 was hitting eol?
>> >>
>> >> Who are they, please? I want to make sure that if someone asks me
>> about
>> >> hosting, I can add that to places they should avoid.
>> >>
>> >> mark
>> >>
>> >> ___
>> >> CentOS mailing list
>> >> CentOS@centos.org
>> >> https://lists.centos.org/mailman/listinfo/centos
>> >>
>> > ___
>> > CentOS mailing list
>> > CentOS@centos.org
>> > https://lists.centos.org/mailman/listinfo/centos
>> > ___
>> > CentOS mailing list
>> > CentOS@centos.org
>> > https://lists.centos.org/mailman/listinfo/centos
>> >
>>
>>
>> ___
>> CentOS mailing list
>> CentOS@centos.org
>> https://lists.centos.org/mailman/listinfo/centos
>>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] IPSec multiple VPN setups

2016-03-21 Thread m . roth 
Glenn Pierce wrote:
> Yes reinstall. I get you have to purchase a new instance for a time to
> move over.

I'd figure that they just move you to an instance that's already running a
newer version of the o/s, giving you time to test for breakage. I really
don't see them charging, except, possibly, for running in parallel during
testing.

   mark
>
> -Original Message-
> From: "Eero Volotinen" 
> Sent: ‎21/‎03/‎2016 18:38
> To: "CentOS mailing list" 
> Subject: Re: [CentOS] IPSec multiple VPN setups
>
> err. upgrades?
>
> You mean reinstall? As upgrading between major releases are not supported
> in any way on centos / rhel and clones..
>
> --
> Eero
>
> 2016-03-21 20:33 GMT+02:00 :
>
>> Glenn Pierce wrote:
>> > I asked about upgrading once and got no reply. Does anyone have
>> experience
>> > of having a hosted centos upgraded on a virtual server. Would you
>> usually
>> > have to pay for a transition instance ?
>> >
>> I pay for my own hosting (5-cent.us) at hostmonster. They've done
>> upgrades, and they announced it to *me*, and no, I didn't pay anything.
>> And I'm just a "consumer grade" - something like $6US/month.
>>
>> I would expect *far* more for commercial hosting.
>>
>>   mark
>>
>> > -Original Message-
>> > From: "Eero Volotinen" 
>> > Sent: ‎21/‎03/‎2016 18:11
>> > To: "CentOS mailing list" 
>> > Subject: Re: [CentOS] IPSec multiple VPN setups
>> >
>> > Memset.com ? In real world, rhel 5/centos 5 gets only critical
>> security
>> > patches.
>> >
>> > Eero
>> > 21.3.2016 7.54 ip.  kirjoitti:
>> >
>> >> Glenn Pierce wrote:
>> >> > Will ask my boss :) We are hosted on memset so not so easy to
>> update
>> >> >
>> >> > Thanks
>> >>
>> >> Um, wait a minute: you're hosted? And they haven't pushed you to 6
>> years
>> >> ago? They haven't sent warnings that 5 was hitting eol?
>> >>
>> >> Who are they, please? I want to make sure that if someone asks me
>> about
>> >> hosting, I can add that to places they should avoid.
>> >>
>> >> mark
>> >>
>> >> ___
>> >> CentOS mailing list
>> >> CentOS@centos.org
>> >> https://lists.centos.org/mailman/listinfo/centos
>> >>
>> > ___
>> > CentOS mailing list
>> > CentOS@centos.org
>> > https://lists.centos.org/mailman/listinfo/centos
>> > ___
>> > CentOS mailing list
>> > CentOS@centos.org
>> > https://lists.centos.org/mailman/listinfo/centos
>> >
>>
>>
>> ___
>> CentOS mailing list
>> CentOS@centos.org
>> https://lists.centos.org/mailman/listinfo/centos
>>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] IPSec multiple VPN setups

2016-03-21 Thread Glenn Pierce 
I'm Sur my boss will agree. Looks like I have a multi terra byte postgres move 
to look forward to. 
Thanks evryone

-Original Message-
From: "m.r...@5-cent.us" 
Sent: ‎21/‎03/‎2016 20:03
To: "CentOS mailing list" 
Subject: Re: [CentOS] IPSec multiple VPN setups

Glenn Pierce wrote:
> Yes reinstall. I get you have to purchase a new instance for a time to
> move over.

I'd figure that they just move you to an instance that's already running a
newer version of the o/s, giving you time to test for breakage. I really
don't see them charging, except, possibly, for running in parallel during
testing.

   mark
>
> -Original Message-
> From: "Eero Volotinen" 
> Sent: ‎21/‎03/‎2016 18:38
> To: "CentOS mailing list" 
> Subject: Re: [CentOS] IPSec multiple VPN setups
>
> err. upgrades?
>
> You mean reinstall? As upgrading between major releases are not supported
> in any way on centos / rhel and clones..
>
> --
> Eero
>
> 2016-03-21 20:33 GMT+02:00 :
>
>> Glenn Pierce wrote:
>> > I asked about upgrading once and got no reply. Does anyone have
>> experience
>> > of having a hosted centos upgraded on a virtual server. Would you
>> usually
>> > have to pay for a transition instance ?
>> >
>> I pay for my own hosting (5-cent.us) at hostmonster. They've done
>> upgrades, and they announced it to *me*, and no, I didn't pay anything.
>> And I'm just a "consumer grade" - something like $6US/month.
>>
>> I would expect *far* more for commercial hosting.
>>
>>   mark
>>
>> > -Original Message-
>> > From: "Eero Volotinen" 
>> > Sent: ‎21/‎03/‎2016 18:11
>> > To: "CentOS mailing list" 
>> > Subject: Re: [CentOS] IPSec multiple VPN setups
>> >
>> > Memset.com ? In real world, rhel 5/centos 5 gets only critical
>> security
>> > patches.
>> >
>> > Eero
>> > 21.3.2016 7.54 ip.  kirjoitti:
>> >
>> >> Glenn Pierce wrote:
>> >> > Will ask my boss :) We are hosted on memset so not so easy to
>> update
>> >> >
>> >> > Thanks
>> >>
>> >> Um, wait a minute: you're hosted? And they haven't pushed you to 6
>> years
>> >> ago? They haven't sent warnings that 5 was hitting eol?
>> >>
>> >> Who are they, please? I want to make sure that if someone asks me
>> about
>> >> hosting, I can add that to places they should avoid.
>> >>
>> >> mark
>> >>
>> >> ___
>> >> CentOS mailing list
>> >> CentOS@centos.org
>> >> https://lists.centos.org/mailman/listinfo/centos
>> >>
>> > ___
>> > CentOS mailing list
>> > CentOS@centos.org
>> > https://lists.centos.org/mailman/listinfo/centos
>> > ___
>> > CentOS mailing list
>> > CentOS@centos.org
>> > https://lists.centos.org/mailman/listinfo/centos
>> >
>>
>>
>> ___
>> CentOS mailing list
>> CentOS@centos.org
>> https://lists.centos.org/mailman/listinfo/centos
>>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] CentOS 7, systemd, nmcli, wifi, oh, my...

2016-03-21 Thread m . roth 
I've been googling, but haven't come up with a satisfactory answer to the
question of how I permanently turn off wifi on a workstation or server
(which are *all* hardwired).

I see I can turn wifi off... but I don't know that it's permanent.

mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 7, systemd, nmcli, wifi, oh, my...

2016-03-21 Thread John R Pierce 

On 3/21/2016 1:36 PM, m.r...@5-cent.us wrote:

I've been googling, but haven't come up with a satisfactory answer to the
question of how I permanently turn off wifi on a workstation or server
(which are*all*  hardwired).

I see I can turn wifi off... but I don't know that it's permanent.



wifi on a server?!?never ever seen such a thing.

and any wifi on a desktop workstation that I've ever seen has been on a 
pci-e card.


--
john r pierce, recycling bits in santa cruz

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 7, systemd, nmcli, wifi, oh, my...

2016-03-21 Thread m . roth 
John R Pierce wrote:
> On 3/21/2016 1:36 PM, m.r...@5-cent.us wrote:
>> I've been googling, but haven't come up with a satisfactory answer to
>> the question of how I permanently turn off wifi on a workstation or
>> server (which are*all*  hardwired).
>>
>> I see I can turn wifi off... but I don't know that it's permanent.
>
> wifi on a server?!?never ever seen such a thing.
>
> and any wifi on a desktop workstation that I've ever seen has been on a
> pci-e card.

No, not that *any* of them have it on, it's that NM is factory-set to try
to bring it up. Which is obviously annoying. Having to turn off
avahi-daemon is another of my annoyances.

mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] IPSec multiple VPN setups

2016-03-21 Thread Always Learning 

On Mon, 2016-03-21 at 18:23 +, Glenn Pierce wrote:

> I asked about upgrading once and got no reply. Does anyone have
>  experience of having a hosted centos upgraded on a virtual server.
>  Would you usually have to pay for a transition instance ?

I have several Centos VPSs in several countries around the world.
Naturally I don't have FTP preferring to use SSH, SCP, non-standard
ports and restricted to specific incoming individual IPs.

All run C 6.7 except one on C 5.11, which I am about to upgrade (its
difficult because so much is on that machine and I don't want any
downtime).

Dump your out-of-date C5. C6 is not very different. Everything I run on
C5 also runs smoothly on C6.



-- 
Regards,

Paul.
England, EU.  England's place is in the European Union.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] IPSec multiple VPN setups

2016-03-21 Thread Marcelo Ricardo Leitner 

Well, RHEL actually supports upgrading from 6 to 7 in some use cases.
If you have access, https://access.redhat.com/solutions/21964.
Not sure how that fits for CentOS though..

Em 21-03-2016 15:38, Eero Volotinen escreveu:

err. upgrades?

You mean reinstall? As upgrading between major releases are not supported
in any way on centos / rhel and clones..

--
Eero

2016-03-21 20:33 GMT+02:00 :


Glenn Pierce wrote:

I asked about upgrading once and got no reply. Does anyone have

experience

of having a hosted centos upgraded on a virtual server. Would you usually
have to pay for a transition instance ?


I pay for my own hosting (5-cent.us) at hostmonster. They've done
upgrades, and they announced it to *me*, and no, I didn't pay anything.
And I'm just a "consumer grade" - something like $6US/month.

I would expect *far* more for commercial hosting.

   mark


-Original Message-
From: "Eero Volotinen" 
Sent: ‎21/‎03/‎2016 18:11
To: "CentOS mailing list" 
Subject: Re: [CentOS] IPSec multiple VPN setups

Memset.com ? In real world, rhel 5/centos 5 gets only critical security
patches.

Eero
21.3.2016 7.54 ip.  kirjoitti:


Glenn Pierce wrote:

Will ask my boss :) We are hosted on memset so not so easy to update

Thanks


Um, wait a minute: you're hosted? And they haven't pushed you to 6 years
ago? They haven't sent warnings that 5 was hitting eol?

Who are they, please? I want to make sure that if someone asks me about
hosting, I can add that to places they should avoid.

 mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos




___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos



___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 7, systemd, nmcli, wifi, oh, my...

2016-03-21 Thread Gordon Messmer 

On 03/21/2016 01:36 PM, m.r...@5-cent.us wrote:

I've been googling, but haven't come up with a satisfactory answer to the
question of how I permanently turn off wifi on a workstation or server
(which are*all*  hardwired).


I know you've brought this up before, though I can't find any instance 
where you've specifically included the wifi related log entries.


However, on a quick look, I don't see any noise in any logs from CentOS 
7 hosts.  All of the hosts I've checked use NetworkManager, and 
NetworkManager-wifi is installed.  Have you considered that the noise in 
your logs is there *because* you're removing NetworkManager components?  
Maybe set up a test host with a default configuration, make changes 
individually and slowly, and try to determine at what point the log 
noise starts.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] IPSec multiple VPN setups

2016-03-21 Thread Leon Fauster 
Am 21.03.2016 um 18:17 schrieb Mike - st257 :
> I second Eero's comment, use a new IPSec daemon.
> 
> Openswan was forked and became Libreswan. Paul, now a RH employee, was a
> main developer for the Openswan project before he and others created the
> Libreswan fork.
> https://libreswan.org/
> 
> EL6 has Openswan
> EL7 has Libreswan
> 
> Racoon isn't all that fun to work with.
> If you have the option, ditch it and EL5 and move to a newer platform
> (preferably EL7 with Libreswan)


Libreswan will be in the next EL6 release ...

--
LF



___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS-7-x86_64-GenericCloud.raw very unusual format

2016-03-21 Thread Johnny Hughes 
On 03/21/2016 09:51 AM, Karanbir Singh wrote:
> On 21/03/16 14:34, Aliaksei Sheshka wrote:
>> What is the point to pack single raw file into the tar.gz and to name it raw 
>> ?
>> Or it's just a mistake ?
>>
>>
> 
> Johnny is looking at the cdn side of thigs, but effectively we will not
> have a .raw - we will have a .raw.tar.gz file ( which will itself only
> have a .raw file compressed inside it )
> 
> 

It looks as if using 'Multiple Views' in the apache setup means that you
can effectively download a file even leaving off the extension .. in
your case, it left off the tar.gz but allowed you to download that file
anyway.

We are looking at changing the apache configuration to prevent this type
of thing in the future.

As an example:

http://mirror.centos.org/centos/7/isos/x86_64/CentOS-7-x86_64-Everything-1511

that pulls down the .torrent file even though there is no .torrent

The bottom line is, please download the .raw.tar.gz file and not the
.raw file and we are working on the configs.



signature.asc
Description: OpenPGP digital signature
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] Unable to mount NetApp volume via smbfs on CentOS 6.6

2016-03-21 Thread Kenneth Wolcott 
Hi;

Unable to mount NetApp volume via smbfs on CentOS 6.6

I have been able to mount the NetApp via smbfs from a Mac but cannot
from CentOS 6.6

What I have in /etc/auto_smb on the Mac is:

/Volumes/build_dir -fstype=smbfs
://domain_name;account_name:password@machine_name/partition_name

What is the equivalent on CentOS 6.6?

I would be modifying /etc/fstab?

I don't see any examples (yet) in my searching that have a Windows
domain name specified in the fstab file.

How to do the mount directly from the command line?

My workaround now is to scp my build artifacts from the CentOS machine
to the NetApp via the samba mount on the Mac, but that's awkward.

Thanks,
Ken Wolcott
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS-7-x86_64-GenericCloud.raw very unusual format

2016-03-21 Thread Martinx - ジェームズ 
On 21 March 2016 at 11:51, Karanbir Singh  wrote:

> On 21/03/16 14:34, Aliaksei Sheshka wrote:
> > What is the point to pack single raw file into the tar.gz and to name it
> raw ?
> > Or it's just a mistake ?
> >
> >
>
> Johnny is looking at the cdn side of thigs, but effectively we will not
> have a .raw - we will have a .raw.tar.gz file ( which will itself only
> have a .raw file compressed inside it )
>
>
> --
> Karanbir Singh
> +44-207-0999389 | http://www.karan.org/ | twitter.com/kbsingh
> GnuPG Key : http://www.karan.org/publickey.asc
>
>
Why not a compressed qcow2?

Like: CentOS-7-x86_64-GenericCloud.qcow2c

This way, we can add it as-is to OpenStack Glance, that it will be
downloaded by demand, when required and, OpenStack Nova will automatically
uncompress the image for runtime.

Cheers!
Thiago
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] Postfix Installed by default on CentOS 7 Minimal

2016-03-21 Thread Igal @ Lucee.org 
Is there a reason that Postfix is installed and enabled by default on 
CentOS 7 minimal?


--

Igal Sapir
Lucee Core Developer
Lucee.org 

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] IPSec multiple VPN setups

2016-03-21 Thread Eero Volotinen 
Anyway, they both use compatible config files?

Eero
22.3.2016 12.23 ap. "Leon Fauster"  kirjoitti:

> Am 21.03.2016 um 18:17 schrieb Mike - st257 :
> > I second Eero's comment, use a new IPSec daemon.
> >
> > Openswan was forked and became Libreswan. Paul, now a RH employee, was a
> > main developer for the Openswan project before he and others created the
> > Libreswan fork.
> > https://libreswan.org/
> >
> > EL6 has Openswan
> > EL7 has Libreswan
> >
> > Racoon isn't all that fun to work with.
> > If you have the option, ditch it and EL5 and move to a newer platform
> > (preferably EL7 with Libreswan)
>
>
> Libreswan will be in the next EL6 release ...
>
> --
> LF
>
>
>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] hosted VMs, VLANs, and firewalld

2016-03-21 Thread Devin Reade 
--On Monday, March 21, 2016 08:57:59 AM -0700 Gordon Messmer
 wrote:

> On 03/20/2016 08:51 PM, Devin Reade wrote:
>> In a CentOS 7 test HA cluster I'm building I want both traditional
>> services running on the cluster and VMs running on both nodes
> 
> On a purely subjective note: I think that's a bad design.  One of the
> primary benefits of virtualization and other containers is isolating the
> applications you run from the base OS.  Putting services other than
> virtualization into the system that runs virtualization just makes
> upgrade more difficult later.

I understand.  In this case the primary role of these machines is
for a non-virtualized HA cluster.  Where the VMs enter the picture
is for a small number of services that I'd prefer to be isolated from
the DMZ, and in this case there is sensitivity to the physical machine
count.  I'm aware of how this affects upgrades, having been through
the cycle a few times. It is what it is. (But thanks.)

>> A given VM will be assigned a single network interface, either in
>> the DMZ, on vlan2, or on vlan3.  Default routes for each of those
>> networks are essentially different gateways.
> 
> What do you mean by "essentially"?

The default routes for the DMZ, vlan2, and vlan3 go to different
interfaces of the same (OpenBSD) firewall cluster, however from the
perspective of both the physical nodes and the VMs, they are
different default routes.  The firewall cluster itself is multihomed
on the upstream side, but again that is not visible to the nodes
and VMs.

The fact that both the cluster and the VMs are protected by the
OpenBSD firewalls is the reason that I'm primarily concerned with
vectors coming from the non-DMZ VMs onto the DMZ via the hosts.

>>   On the DMZ side, the physical interface is eno1 on which is layered
>>   bridge br0.
> ...
>>   On the other network side, the physical interface is enp1s0, on
>>   which is layered bridge br2, on which is layered VLAN devices
>>   enp1s0.2 and enp1s0.3.
> 
> That doesn't make any sense at all.  In what way are enp1s0.2 and
> enp1s0.3 layered on top of the bridge device?

No, it doesn't.  Brain fart on my part, too tired, too many noisy
distractions from kids, too many cosmic rays, or something :)

  br0 is layered on eno1
  br2 is layered on enp1s0.2.
  br3 is layered on enp1s0.3.

The non-DMZ VMs get connected to br2 and br3.

>> enp1s0 is an expected interface for
>> that zone.  Where it gets muddy is enp1s0, enp1s0.2 and enp1s0.3. Since
>> the host shouldn't have any IPs on those interfaces, what is the
>> relevence of having them in the DMZ zone or another zone?
> 
> Interfaces are part of some zone, whether an address is assigned or not.
> In terms of implementation, that means that filtering is set up before
> addresses.  If you set up addresses and then filtering, there's a *very*
> brief window where traffic isn't filtered, and that is bad.

However, in this case the host won't have addresses on (based on my above
correction) either br2 or br3.  It does sound, though, like having
enp1so, enp1s0.2, and enpe1s0.3 in the 'DMZ' zone means that filtering
rules on the host will affect inbound traffic to the VMs on br2 and
br3.

At least that question is easy to empirically verify, and if so, then
it would argue that the three enp1s0* interfaces should be in their 
own zone, presumably with a lenient rule set.

>> I understand that for bridging and vlans to work that I likely need
>> these forwardings active
> 
> No, you don't.  It's active because libvirtd defines a NAT network by
> default, and that one requires IP forwarding.

Ah.  That makes sense.  So in this case where I don't need a NAT
network in the libvirtd config, I should be able to eliminate it and
thus eliminate the forwarding sysctls.

Thanks for all of your feedback.

Devin

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] hosted VMs, VLANs, and firewalld

2016-03-21 Thread Gordon Messmer 

On 03/21/2016 10:18 PM, Devin Reade wrote:

However, in this case the host won't have addresses on (based on my above
correction) either br2 or br3.  It does sound, though, like having
enp1so, enp1s0.2, and enpe1s0.3 in the 'DMZ' zone means that filtering
rules on the host will affect inbound traffic to the VMs on br2 and
br3.


No, because:

/usr/lib/sysctl.d/00-system.conf:# Disable netfilter on bridges.
/usr/lib/sysctl.d/00-system.conf:net.bridge.bridge-nf-call-ip6tables = 0
/usr/lib/sysctl.d/00-system.conf:net.bridge.bridge-nf-call-iptables = 0
/usr/lib/sysctl.d/00-system.conf:net.bridge.bridge-nf-call-arptables = 0

(Unless you change the defaults)
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos