On Wed, Oct 21, 2020 at 10:08:09AM +0200, csszep wrote:
> Hi!
>
> This is 6.8-current.
>
> After i issued ikectl reset sa, then ikectl show sa shows garbage and
> after few second iked crash.
Hi,
thanks for the report!
The reason seems to be that 'reset sa' fails to clean up the dstid list.
Co
On Thu, Oct 29, 2020 at 02:55:17PM +0100, Mark Kettenis wrote:
> > Date: Wed, 28 Oct 2020 23:54:40 -0400
> > From: George Koehler
> >
> > >Synopsis: linux/io.h changes broke radeondrm RV350 macppc
> > >Category: powerpc
> > >Environment:
> > System : OpenBSD 6.8
> > Details : O
Hi Yuichiro,
Thanks for the report. Putting the url in quotes should
solve your problem:
set ocsp "http://example.com";
- Tobias
On Wed, Nov 11, 2020 at 09:52:17AM +0900, 内藤 祐一郎 wrote:
> Hi.
>
> I have tried to set ocsp URL for iked(8),
> but it fails by syntax error.
>
> For example, writin
On Thu, Jan 16, 2020 at 09:55:55AM +0100, csszep wrote:
> Hi!
>
> Some more information:
>
> If i add "rightsendcert=never" to the strongswan config, it works with PSK.
>
> This is good workaround for Strongswan, but the same problem exist with
> Cisco ASA vs Iked, but in Cisco ASA there is no "
Thank you for the detailed report!
Fix committed.
On Sat, Dec 04, 2021 at 06:50:54PM +0100, Stefan Sperling wrote:
> On Sat, Dec 04, 2021 at 10:37:53AM -0600, Scott Cheloha wrote:
> > Hit a witness panic during boot yesterday. Can't repro, have never
> > seen it before. The photo is a mess (ask if you want it) but the
> > backtrace is:
> >
> >
Unfortunately as it turns out segfaulting is a common iked reaction to
invalid configurations (at least for invalid transforms), so what you found
is a rather systematic problem (and has been on my list of things to fix for
some time).
As to why those with [ESP only] trigger this behaviour:
[ESP o
> If that's already on your list, feel free to beat me to it ;-)
Sure, if you will test it for me. Here's a fix for the segfault.
It seems the initial mistake was that yyerror() does not exit.
Instead one has to use YYERROR (or err() as the check above does).
I opted for YYERROR, but i don't thin
> yes, this is ok benno@
Thanks, added!
> Yes, please. `YYERROR' is the common idiom after `yyerror()' if you
> want to fail hard.
Good to hear! Below is what I would propose to add to the man page to make
the [ESP only] a little clearer. Do you think this would be helpful?
Index: iked.conf.5
==
> > +Transform followed by [IKE only] can only be used with the
> I'd do `.Dq [IKE only]' or rather `.Bq IKE only'.
Thanks, added with the brackets changed to `.Bq'!
On Sun, Aug 06, 2023 at 07:55:40AM +0200, Anton Lindqvist wrote:
> On Sat, Aug 05, 2023 at 10:08:53PM +0200, xavie...@mailoo.org wrote:
> > Hi,
> >
> > I run a 2G/100G virtual machine at openbsd.amsterdam freshly upgraded
> > from stable to the latest snapshot and I've figured out the panic
> > by
Hi,
it looks like we have a bug in handling the new 13.5 firmware.
Unfortunately I think the official Asahi installer no longer let's
you pick a firmware version by hand so it will always give you 13.5
if your macos installation is up-to-date.
I am hosting my own version of the installer here:
ht
On Sun, Jun 20, 2021 at 07:24:14PM +0200, Matthias Schmidt wrote:
> >Synopsis:double fault while using IPSec
> >Environment:
> System : OpenBSD 6.9
> Details : OpenBSD 6.9-current (GENERIC.MP) #82: Sat Jun 19 07:05:12
> MDT 2021
>
> dera...@amd64.op
On Wed, Jul 07, 2021 at 12:11:36PM +0800, Vladimir Nikishkin wrote:
> I had a very similar problem with the kernel panic.
>
> I had the following iked.conf
>
> ikev2 "ike-2021-07-02" passive esp \
> from any to 10.0.3.0/24 \
> local egress peer any \
> eap "mschap-v2" \
>
On Fri, Oct 11, 2024 at 02:48:52PM GMT, Claudio Miranda wrote:
> Duly noted, thank you!
>
> Cheers,
> Claudio Miranda
>
> On Fri, Oct 11, 2024 at 2:32 PM Theo de Raadt wrote:
> >
> > Snaps contain a diff which fixes another machine. There is some effort
> > to find a solution which fixes it, bu
On Thu, Dec 26, 2024 at 04:29:30PM +, Stuart Henderson wrote:
> On 2024/12/26 10:47, William Rusnack wrote:
> > >Synopsis: The iked(8) daemon currently requires root privileges even when
> > >run with -n (configtest mode), which only validates the configuration file
> > >syntax. This prevent
On Thu, Dec 26, 2024 at 04:33:22PM +, Stuart Henderson wrote:
> On 2024/12/26 10:50, William Rusnack wrote:
> > >Synopsis: When printing the parsed policy iked erroneously prints config
> > >when it should print request.
> > >Category: bin
> > >Description:
> > The below example iked.con
On Sat, Jan 04, 2025 at 04:40:50PM GMT, William Rusnack wrote:
> Synopsis: iked.conf(5) needs clearer documentation about which configuration
> payload options are supported when receiving configurations and their system
> effects.
> Description:
> The documentation of configuration payload
19 matches
Mail list logo
