On 02/01/2017 10:21 PM, Yury Shefer wrote:
Your behind-NAT IPsec client should use external IP (78.111.187.234) as IKE
identifier (IDi/initiator id) to be able to establish the SA. IMHO, the
better option for your remote clients would be a use of different ID type
like ID_RFC822_ADDR.
Thanks f
On 2017-02-02 10:27, Tinker wrote:
..
My motivation here for wanting the boot code on the USB stick, is that
I trust the USB stick more than my harddrive.
Motivation:
What I meant to say here is that I like the notion of the harddrive as
unsecure by definition, so that I only will trust its c
Hi!
I would like to have my system set up as follows:
* My USB memory card contains the boot code (MBR etc.) and the softraid
crypto keydisk partition.
And maybe the kernel.
* My HDD contains the root filesystem in a crypto softraid. (And no
boot code!)
How do I make this so?
The a
On Mon, Jan 30, 2017 at 11:46:32AM +, Stuart Henderson wrote:
> > I'm surprised that I get logging in pflog even I have *no* 'log'
> > in my pf.conf.
> >
> > # pfctl -vvsr -R 14
> > @14 pass all flags S/SA
> > [ Evaluations: 30082 Packets: 569255Bytes: 365488723 States: 23
> >]
Two physical machines with a bunch of vlans and carp interfaces with pfsync. I
have a script that pushes pf.conf to the machines and runs pfctl -f
/etc/pf.conf on them. One of the invocations killed both of them and left a
crash dump.
I’m mostly wondering if this is a known issue or not. If not, I
Your behind-NAT IPsec client should use external IP (78.111.187.234) as IKE
identifier (IDi/initiator id) to be able to establish the SA. IMHO, the
better option for your remote clients would be a use of different ID type
like ID_RFC822_ADDR.
On Wed, Feb 1, 2017 at 4:19 AM, lilit-aibolit wrote:
On 12/06/2016 11:04 AM, Florian Ermisch wrote:
And I guess that's the problem: the client
goes "hi I'm 10.1.1.58 and I'd like to
connect" and isakmpd doesn't know no
10.1.1.58. IKEv1 is very picky about those
things: When it doesn't expect an ID no
peer presenting one will be allowed to
connect A
On Wed, Feb 01, 2017 at 05:09:43PM +0200, Lars Noodén wrote:
> On 02/01/2017 05:06 PM, Erling Westenvik wrote:
> > On Wed, Feb 01, 2017 at 03:58:51PM +0100, Manuel Giraud wrote:
> >> Erling Westenvik writes:
> >>
> >>> However, I got inspired and when I disabled pf (pfctl -d) I got full
> >>> cont
On Wed, Feb 01, 2017 at 03:58:51PM +0100, Manuel Giraud wrote:
> Erling Westenvik writes:
>
> > However, I got inspired and when I disabled pf (pfctl -d) I got full
> > contact! (But -- when I turned pf back on (pfctl -e) I lost the one
> > connection I had... Now I have to wait 48 minutes for the
Erling Westenvik writes:
> However, I got inspired and when I disabled pf (pfctl -d) I got full
> contact! (But -- when I turned pf back on (pfctl -e) I lost the one
> connection I had... Now I have to wait 48 minutes for the server to
> reboot. Not much more to do now except for crossing my fing
On Wed, Feb 01, 2017 at 04:26:15PM +0200, lilit-aibolit wrote:
> On 02/01/2017 03:41 PM, Erling Westenvik wrote:
> > I have an OpenBSD 5.9 server at a colocation. It stopped accepting new
> > connections (ping, ssh, http, whatever) yesterday night but fortunately
> > I had one ssh session open from
On Wed, Feb 01, 2017 at 08:32:44AM -0500, ji...@devio.us wrote:
> On Wed, Feb 01, 2017 at 01:33:54PM +0100, Stefan Sperling wrote:
> > On Wed, Feb 01, 2017 at 04:12:26AM -0500, Jiri B wrote:
> > > Should have kernel automatically create 'sd4' for degraded RAID 1
> > > but it does not?
> >
> > I be
On Wed, Feb 01, 2017 at 08:32:44AM -0500, Jiri B wrote:
> On Wed, Feb 01, 2017 at 01:33:54PM +0100, Stefan Sperling wrote:
> > On Wed, Feb 01, 2017 at 04:12:26AM -0500, Jiri B wrote:
> > > Should have kernel automatically create 'sd4' for degraded RAID 1
> > > but it does not?
> >
> > I believe it
I have an OpenBSD 5.9 server at a colocation. It stopped accepting new
connections (ping, ssh, http, whatever) yesterday night but fortunately
I had one ssh session open from my workstation from which I can still
access it. Funny thing is that the server has full access OUT to the
internet. I can o
On Wed, Feb 01, 2017 at 01:33:54PM +0100, Stefan Sperling wrote:
> On Wed, Feb 01, 2017 at 04:12:26AM -0500, Jiri B wrote:
> > Should have kernel automatically create 'sd4' for degraded RAID 1
> > but it does not?
>
> I believe it will auto assemble if the disk is present at boot time.
^^ This do
On Wed, Feb 01, 2017 at 04:12:26AM -0500, Jiri B wrote:
> Should have kernel automatically create 'sd4' for degraded RAID 1
> but it does not?
I believe it will auto assemble if the disk is present at boot time.
But not when you hotplug the disk.
On Tue, Jan 31, 2017 at 11:55:21PM +0100, Stefan Sperling wrote:
> On Tue, Jan 31, 2017 at 05:23:10PM -0500, Jiri B wrote:
> > I have a disk which used to be boot disk of a degraded RAID 1 (softraid).
> > The second disk is totally gone.
> >
> > I don't want to use this disk as RAID 1 disk anymore
17 matches
Mail list logo
