Hi,
I do use an ipsec tunnel for routing local IPv4 traffic for years now
(/etc/rc.conf):
cloned_interfaces="ipsec0"
static_routes="tunnel0"
create_args_ipsec0="reqid 104"
ifconfig_ipsec0="inet 10.2.2.250 10.1.1.254 tunnel 1.2.3.4 10.20.30.40"
route_tunnel0="10.1.1.0/24
Andrey V. Elsukov wrote:
> ifconfig_ipsec0_ipv6="inet6 fd00:b:b:b::250 fd00:a:a:a::254 prefixlen 128"
Thanks, now do get the tunnel set (after adding the tunnel to your hint):
ifconfig_ipsec0="inet 10.2.2.250 10.1.1.254 tunnel 1.2.3.4 10.20.30.40"
ifconfig_ipsec0_ipv6="inet6 fd00:b:b:
Marek Zarychta wrote:
> W dniu 15.01.2024 o 15:35, Michael Grimm pisze:
>> route_tunnel0="fd00:a:a:a::/64 fd00:a:a:a::254"
> Please try:
> route_tunnel0="-6 -net fd00:a:a:a::/64 fd00:a:a:a::254"
Bingo! That did the trick:
Internet6:
Destin
Me wrote:
> On 15. Jan 2024, at 16:15, Michael Grimm wrote:
>
> Marek Zarychta wrote:
>> W dniu 15.01.2024 o 15:35, Michael Grimm pisze:
>
>>> route_tunnel0="fd00:a:a:a::/64 fd00:a:a:a::254"
>
>> Please try:
>> route_tunnel0="-6 -net
Hi
I do run an IPsec/racoon tunnel between two servers (11.1-STABLE #0 r326663).
Some days ago I did migrate one of my servers from bare metal to a public cloud
instance. Now I do observe weird performance issues from new to old server:
ifconfig (OLD server, bare metal):
ix0: flags=8843
Eugene Grosbein wrote:
> 10.12.2017 23:55, Michael Grimm wrote:
> "bad cksum 0" is pretty normal for traffic going out via interface supporting
> hardware checksum offload,
> so kernel skips computing checksum before passing packets to the NIC.
Ok, good to know.
> Yo
Eugene Grosbein wrote:
> 11.12.2017 2:54, Michael Grimm wrote:
>> *BUT* if I do boot with the default 1500 setting,
>> changing the MTU to e.g. 1450 and *immediately* back to 1500 manually,
>> I do not encounter any performance loss at all. Why?
>> Even when booting 1
Hi
[ I did recently migrate my servers from bare metal to cloud instances
(OpenStack at OVH) ]
[ FreeBSD 11.1-STABLE #0 r327055
]
My setup is as follows and didn't change for the last couple of years:
extIF0/pf/NAT <—> epairXa (
Kristof Provost wrote:
>
> On 21 Dec 2017, at 21:24, Michael Grimm wrote:
>> I do have to admit that I am lost here, and that I cannot think about what
>> is going wrong. The last download I did try at my old severs has been some
>> weeks ago. Ever since I did upgrade
Kristof Provost wrote
> On 21 Dec 2017, at 21:50, Michael Grimm wrote:
>> Kristof Provost wrote:
>>> Can you try turning off TSO? (`ifconfig $ifname -tso`)
>>>
>>> There have been issues with pf and TSO checksums, which looked a lot like
>>> th
> On 21. Dec 2017, at 22:48, Eugene Grosbein wrote:
>
> 22.12.2017 4:42, Michael Grimm wrote:
>
>> Well I prepared on of my webservers running at hostB/jailX to serve a sample
>> file for local downloading tests:
>>
>> 1) hostA wget from hostB/ja
Eugene Grosbein wrote:
> 22.12.2017 4:59, Michael Grimm wrote:
>>> Make sure and double check that your ESP packets do not get fragmented.
>>
>>
>> Hmm, I do not know how to achieve that. May the following tcpdump excerpts
>> answer your question, or d
Kristof Provost wrote:
> I run a very similar setup (although on CURRENT), and see no performance
> issues from my jails.
In utter despair I did upgrade one server to CURRENT (#327076) today, but that
hasn't been successful :-(
Ok, right now I do know:
(#) there is *no* performance loss (TCP
Hi —
[ I am including freebsd...@freebsd.org now and removing
freebsd-j...@freebsd.org ]
[ Thread starts at
https://lists.freebsd.org/pipermail/freebsd-net/2017-December/049470.html ]
Eugene Grosbein wrote:
> Michael Grimm wrote:
>> Kristof Provost wrote:
>>
Bjoern A. Zeeb wrote:
>
> On 22 Dec 2017, at 20:30, Michael Grimm wrote:
>> Hi —
>>
>> [ I am including freebsd...@freebsd.org now and removing
>> freebsd-j...@freebsd.org ]
>> [ Thread starts at
>> https://lists.freebsd.org/piper
Hi,
let me come back to this issue I did report end of last year:
https://lists.freebsd.org/pipermail/freebsd-net/2017-December/049470.html
My setup:
vtnet/pf-NAT <—> epairXa (bridge0) epairXb <-> vnet jail
My observations regarding a sample download like "wget
https://download.freebs
Am 2019-02-22 11:31, schrieb Patrick M. Hausen:
[x-posted to freebsd-j...@freebsd.org]
The machine is an iocage jail host, all jails with VNET.
The problem is: network performance in the jails (not on the host!) is
abysmal
with the second setup. Not consistently so, everything *seems* to wor
Hi
On 22. Feb 2019, at 19:48, Patrick M. Hausen wrote:
> epair(4) interfaces added to the bridge
These are my number one suspects when it comes to performance loss within a
VNET jail compared to the host system.
> But I’ll fiddle with LRO nonetheless and report if that changes anything.
I'm
Hi,
I am currently stuck, somehow, and I do need your input. Thus, let me explain,
what I do want to achieve:
I do have two servers connected via an ipsec/tunnel ...
[A] dead:beef:1234:abcd::1 <—> dead:feed:abcd:1234::1 [B]
… which is sending all traffic destined for dead:beef:1234:abcd:
Julian Elischer wrote:
>
> On 27/12/2015 4:24 AM, Michael Grimm wrote:
>> I am currently stuck, somehow, and I do need your input. Thus, let me
>> explain, what I do want to achieve:
>>
>> I do have two servers connected via an ipsec/tunnel ...
>
Hi —
Is there a way to set the default outgoing IPv6 address of a network interface?
To my understanding the IPv6 address is used that is bound to the interface by
ifconfig_IFNAME_ipv6, right?
I need to route all my traffic to a remote server via an IPSEC tunnel (racoon)
that has a setkey.conf
Hi --
I am referring to the following (simplified) setup:
[hostA /ix0 / 2001:dead::1 / 1.2.3.4] <= IPsec tunnel => [hostB / ix0 /
2001:beef::10 / 10.20.30.40]
||
|
Michael Grimm wrote:
Nevermind, I solved my issue. I has been a minor typo with major consequences.
> Configuration (shown for hostA, only):
>
> setkey.conf
> # hostA hostB
> hostA hostB
>
Hi,
I am running 12.2-STABLE and VNET jails, one of which host a recent Dovecot
IMAP and a recent postfix SMTP server. Authentication is forced via TLS/SSL for
both services (ports 587 and 993). Setup is as follows:
extIF0/pf/NAT <—> epairXa (bridge0) epairXb <-> jail
A recent upgrade
Ronald Klop wrote:
> On Sun, 22 Nov 2020 14:37:33 +0100, Michael Grimm wrote:
>> P.S. How may I update a local svn copy and simultaneously omit commit 367740
>> from being applied, or how may I revert commit 367740, only?
>
>
> From the top of my head you can do somet
Hi -
Michael Grimm wrote:
> Well, now I am able to omit this commit, but I would love to know what is
> going on, and why this commit may break 'authentication/certificate
> exchange/what so ever' of IMAP and SMTP/submission clients running in a VNET
> jail ...
It just
ge to understand it.
Anyway, I just wanted to let you know.
Regards,
Michael
> On 22. Nov 2020, at 14:37, Michael Grimm wrote:
>
> Hi,
>
> I am running 12.2-STABLE and VNET jails, one of which host a recent Dovecot
> IMAP and a recent postfix SMTP server. Authentication is forced
27 matches
Mail list logo
