Arrite, fellow OpenBSDers, here’s the skinny:
I have native IPv6 from Comcast (one of the few good things about Comcast, but
I digress). I was assigned a /56 block as you will see below.
I have a three-legged firewall running OpenBSD 6.1. I have static IPv4 and
IPv6 addresses configured on th
There's many example configs online, one example like yours is at
https://www.reddit.com/r/openbsd/comments/3qb2c4/some_observations_about_relayd/
On Thu, Jun 29, 2017 at 4:40 PM, Manuel Giraud wrote:
> Hi,
>
> I'd like to setup a http reverse proxy where http://foo.org/someapp is
> forwarded
On 29/06/2017 12:06, Visa Hankala wrote:
> On Tue, Jun 27, 2017 at 07:57:42PM +0100, Joe Holden wrote:
>> It looks like setting the mtu on cnmac interfaces doesn't quite work as
>> expected, whatever the mtu is set to the upper limit appears to be 1510
>> as although it will transmit frames of any
> From: Ted Unangst
> Sent: Wednesday, June 28, 2017 8:50 PM
>
> i'm afraid i won't make a very good ipmi maintainer, but i think i applied the
> patch in the right spot.
Cool, thanks; much appreciated.
> From: Theo de Raadt
> Sent: Wednesday, June 28, 2017 8:41 PM
>
> If you want it working, you will need to get it fixed. On all
> machines, so that we can renable it.
I definitely don't want to be one of those entitled people demanding work
from developers without providing anything that you tr
Hi everyone,
few words to let you know that I recently opened up an OpenBSD meetUP
group at Quebec city. If anyone of you wants to join us you are very
welcome.
We would like to schedule the first meeting in July.
Here the link to the group: https://www.meetup.com/Quebec-OpenBSD-Meetup/
Greeti
Hi,
I'd like to setup a http reverse proxy where http://foo.org/someapp is
forwarded to 127.0.0.1:8081 and http://foo.org/* is forwarded to
somewhere else.
AFAIU, it is not possible with httpd(8) so I'm trying to do this with
relayd(8). There is an example in httpfiler protocol in
/etc/examples/r
Hi folks,
I have a problem with routes learnt from BGP vpnv4 not being inserted into
the FIB I'd expect. A tcpdump on the OpenBSD box shows we are receiving
the prefixes (from a Cisco) with the labels intact. The MPE interface is
configured in rdomain 1 with MPLS label 200. The loopback interf
I know I'm venturing of topic but I can't resist.
I'll go for OpenBSD with IPSec any day. Only last week OpenVPN had a security
fallout:
https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenVPN243
One of these exploits even has a high probability of being remotely exploitable.
unsubscribe misc
On Tue, Jun 27, 2017 at 07:57:42PM +0100, Joe Holden wrote:
> It looks like setting the mtu on cnmac interfaces doesn't quite work as
> expected, whatever the mtu is set to the upper limit appears to be 1510
> as although it will transmit frames of any arbitary size (e.g 2000
> bytes), the reply ne
On Thu, 29 Jun 2017 12:32:01 +0200
Luescher Claude wrote:
> Why are you using ipsec in the 21th century:
Because it is in OpenBSD base. Because, at least on OpenBSD, it
integrates great with the rest of networking ecosystem (carp, sasync,
ospf, pf etc.) Because it pays my bills for more than a d
My two-cents:
* IPsec hardware crypto is supported for a lot more platforms than OpenVPN
out of the box, so IPsec uses to be noticeably faster. i.e, and UBNT
Edgerouter Lite will give me about 20Mbps over OpenVPN vs almost 1Gbps
(line rate) over IPsec.
* IPsec code in OpenBSD is audited, OpenVPN i
Am 29.06.2017 12:32 schrieb Luescher Claude:
Why are you using ipsec in the 21th century:
https://serverfault.com/questions/202917/openvpn-vs-ipsec-pros-and-cons-what-to-use
just a week after four CVEs (incl RCE) in openvpn? Great.
--
pb
Why are you using ipsec in the 21th century:
https://serverfault.com/questions/202917/openvpn-vs-ipsec-pros-and-cons-what-to-use
I see no pros here just cons unless you need to setup a vpn with some
crappy old device which should be just switched out with an obsd box
anyway :)
On 2017-06-29
On 29 June 2017, Liviu Daia wrote:
[...]
> On the server:
>
> # iked -d
> ikev2_recv: IKE_SA_INIT request from initiator 89.136.163.27:500 to
> x.y.z.t:500 policy 'sb1' id 0, 510 bytes
> ikev2_msg_send: IKE_SA_INIT response from x.y.z.t:500 to 89.136.163.27:500
> msgid 0, 471 bytes
> ikev2_
On 28 June 2017, Rupert Gallagher wrote:
> You need a server-signed certificate.
Ok, let me redo this from scratch:
(1) On the server:
ikectl ca vpn create
ikectl ca vpn install
ikectl ca vpn certificate x.y.z.t create
ikectl ca vpn certificate x.y.z.t instal
17 matches
Mail list logo
