On Sat, Dec 14, 2024 at 02:07:13PM +1000, David Gwynne wrote:
> On Thu, Dec 12, 2024 at 06:01:37PM -0400, Christopher Sean Hilton wrote:
> > Hi,
> >
> > I'm trying to setup a pair of OpenBSD machines to handle their respective
> > home networks and
> > crea
but I'm clearly missing some which may be really obvious. As an
aside, In a VPN
situation like this, how does the kernel make decisions about where the packets
pass
through?
Thanks!
--
Chris
__o "All I was trying to do was get home from work.&quo
the NIC and my switch,
things got
much better.
Thank you again
-- Chris
--
Chris
__o "All I was trying to do was get home from work."
_`\<,_ -Rosa Parks
___(*)/_(*).___o..___..o...ooO..._____
Christopher Sean Hilton
On Tue, Aug 29, 2023 at 08:53:14AM -, Stuart Henderson wrote:
> On 2023-08-28, Christopher Sean Hilton wrote:
> > I'd be fine with
> > dhcpleased if I can set an option to ask the dhcp server for a
> > specific l
On Mon, Aug 28, 2023 at 04:50:37PM +0200, Otto Moerbeek wrote:
> On Mon, Aug 28, 2023 at 10:33:23AM -0400, Christopher Sean Hilton wrote:
>
> > On Mon, Aug 28, 2023 at 07:41:19AM +0200, Otto Moerbeek wrote:
> > > On Sun, Aug 27, 2023 at 08:40:44PM -0400, Christop
On Mon, Aug 28, 2023 at 07:41:19AM +0200, Otto Moerbeek wrote:
> On Sun, Aug 27, 2023 at 08:40:44PM -0400, Christopher Sean Hilton wrote:
>
[ ...snip... ]
> > I can solve my problems in one of two ways. If I can boot with serial
> > consoles by setting them up in /etc/boot.
eems to have other ideas and I
understand that this is *my* problem.
I'll tak any suggestions here.
--
Chris
__o "All I was trying to do was get home from work."
_`\<,_ -Rosa Parks
___(*)/_(*).___o____..___..o...____ooO..._
C
s. I just upgraded my firewall from OpenBSD 7.0 to 7.3 and the
improvements are awesome.
Thanks again!
--
Chris
__o "All I was trying to do was get home from work."
_`\<,_ -Rosa Parks
___(*)/_(*).___o____..___..o...____ooO..._
Chri
On Sat, Jul 24, 2021 at 10:24:28AM -, Stuart Henderson wrote:
> On 2021-07-23, Christopher Sean Hilton wrote:
> > On Fri, Jul 23, 2021 at 11:19:35AM -0400, Chris Hilton wrote:
[ ...snip... ]
> >
> > Answering my own question, it looks like the Xeon D is intels newes
"All I was trying to do was get home from work."
_`\<,_ -Rosa Parks
___(*)/_(*)_
Christopher Sean Hilton[chris/at/vindaloo/dot/com]
"All I was trying to do was get home from work."
_`\<,_ -Rosa Parks
___(*)/_(*)_________
Christopher Sean Hilton[chris/at/vindaloo/dot/com]
"All I was trying to do was get home from work."
_`\<,_ -Rosa Parks
___(*)/_(*)_
Christopher Sean Hilton[chris/at/vindaloo/dot/com]
All I was trying to do was get home from work."
_`\<,_ -Rosa Parks
___(*)/_(*).___o..___..o...ooO..._____
Christopher Sean Hilton[chris/at/vindaloo/dot/com]
lling one of the many ports/packages designed to
manage and restart daemons mentioned above.
--
Chris
__o "All I was trying to do was get home from work."
_`\<,_ -Rosa Parks
___(*)/_(*)_
Christopher Sean Hilton[chris/at/vindaloo/dot/com]
Your Lan IP is: x.x.x.x / Your outside IP is: y.y.y.y and
then an exit button. Then I would enable VNC.
--
Chris
__o "All I was trying to do was get home from work."
_`\<,_ -Rosa Parks
___(*)/_(*).___o..___..o...ooO..._
Christopher Sean Hilton[chris/at/vindaloo/dot/com]
____
Christopher Sean Hilton[chris/at/vindaloo/dot/com]
On Tue, Feb 07, 2017 at 01:30:13PM -0500, Christopher Sean Hilton wrote:
> On Tue, Feb 07, 2017 at 11:23:29AM -0500, Christopher Sean Hilton wrote:
> > I'm using isakmpd to manage an ipsec VPN between OpenBSD 5.8 <-> OpenBSD
> > 6.0. This also manages a VPN between
On Tue, Feb 07, 2017 at 11:23:29AM -0500, Christopher Sean Hilton wrote:
> I'm using isakmpd to manage an ipsec VPN between OpenBSD 5.8 <-> OpenBSD
> 6.0. This also manages a VPN between Mac OS X/ IPsecuritas and OpenBSD 6.0.
>
Some more information on this and possibly a re
How hard is it to transition from an isakmpd managed IPsec VPN to iked
managment? I have a certificate based isakmpd solution that works. It
is mainly just a matter of rsyncing the directories and using a little
editor magic on the ipsec.conf file to create iked.conf?
Thanks in advance,
-- Chris
I'm using isakmpd to manage an ipsec VPN between OpenBSD 5.8 <-> OpenBSD
6.0. This also manages a VPN between Mac OS X/ IPsecuritas and OpenBSD 6.0.
The example describes a situation where you have one self signed root
certificate located in /etc/isakmpd/ca/root.crt and otherside::client.crt from
On Wed, Mar 09, 2016 at 02:45:36PM -0700, Daniel Melameth wrote:
> On Wed, Mar 9, 2016 at 10:58 AM, Christopher Sean Hilton
> wrote:
> > I'm using queuing to alleviate bufferbloat and make my son's gaming
> > performance better. I'm on an asymetric cablemodem c
ng to do was get home from work."
_`\<,_ -Rosa Parks
___(*)/_(*).___o..___..o...ooO..._
Christopher Sean Hilton[chris/at/vindaloo/dot/com]
[demime 1.01d removed an attachment of type application/pgp-signature which had
a name of signature.asc]
0.015s = 50 packets
I used 48 because I'm keen on multiples of 16.
Have you tried anything like this?
--
Chris
__o "All I was trying to do was get home from work."
_`\<,_ -Rosa Parks
___(*)/_(*).___o____..___..o...____oo
I was trying to do was get home from work."
_`\<,_ -Rosa Parks
___(*)/_(*).___o____..___..o...____ooO..._
Christopher Sean Hilton[chris/at/vindaloo/dot/com]
at-to ($ext_if)
That won't be perfect because I do static-port nat for some things but
I think I can arrange it.
Thanks again!
--
Chris
__o "All I was trying to do was get home from work."
_`\<,_ -Rosa Parks
___(*)/_(*).___o____..__
I'm seeing something very strange when I try to debug queues on
pf. I'm simply trying to view queue activity on the net using either:
# pfctl -vvsq
or
# systat queue
I'm trying to assign all udp traffic from my iPad to a priority queue
with a ruleset in pf like this:
...
m
On Wed, Mar 02, 2016 at 10:46:08PM +1000, David Gwynne wrote:
> > On 2 Mar 2016, at 1:51 AM, Christopher Sean Hilton
> > wrote:
> >
> > I would like to apply queueing to packets traversing a gif tunnel. I'd
> > like to know what works better, Tagging outbou
_.___o..___..o...ooO..._____
Christopher Sean Hilton[chris/at/vindaloo/dot/com]
[demime 1.01d removed an attachment of type application/pgp-signature which had
a name of signature.asc]
e
work.
Thanks
--
Chris
__o "All I was trying to do was get home from work."
_`\<,_ -Rosa Parks
___(*)/_(*).___o..___..o...ooO..._
Christopher Sean Hilton[chris/at/vindaloo/dot/com]
On Fri, Feb 19, 2016 at 11:36:04AM +, Stuart Henderson wrote:
> On 2016-02-18, Christopher Sean Hilton wrote:
> > My box cannot resolve the name "ike-v1.example.com" until
> > after isc_named is started which happens way late in the bootup
>
> Tha
_o "All I was trying to do was get home from work."
_`\<,_ -Rosa Parks
___(*)/_(*).___o____..___..o...ooO..._
Christopher Sean Hilton[chris/at/vindaloo/dot/com]
On Wed, Dec 02, 2015 at 07:22:27PM +, Stuart Henderson wrote:
> On 2015-12-02, Christopher Sean Hilton wrote:
> >
> > Thanks for any information,
>
> I made a start at a port, I was going to use it for something but it
> didn't happen in the end so I left it
b build this morning at I=417 ports. As far as I'm
concerned that's off the chain. I'm trying to decide between figuring
out who the big players are in my dependency chain or just going with
editors/emacs,no_x11 and using tramp and or git when I want bells and
whistles emacs.
--
Ch
I'm trying to dpb to maintain a small set of packages for a handfull
of OpenBSD boxes that I run. These boxes will all be single purpose
servers of some type or another. Many of them will run with limited
disk space and memory on Soekris hardware. What resources do I want on
my dpb/build box to mak
On Wed, Dec 02, 2015 at 03:53:46PM +0100, Marko CupaÄ wrote:
> On Tue, 1 Dec 2015 23:49:37 + (UTC)
> Stuart Henderson wrote:
>
> > Neither isakmpd nor iked tracks DNS changes.
>
> This is good to know, thank you for the information.
>
> > On the central side use "passive" not "dynamic". Remov
On Wed, Dec 02, 2015 at 09:19:25PM +, Pedro Tender wrote:
>You have a port http://ports.su/sysutils/supervisor
>
Thanks for the tip, that's exactly what I'm looking for!! I also
wanted to say thanks for the input. I understand what you are saying
and when I run into version incompatiblity
On Wed, Dec 02, 2015 at 09:16:05PM +0100, Kamil CholewiÅski wrote:
> Everything boils down to whether you'd like to run more than one app on
> your box.
>
> > While I love pip and virtualenv in development, I don't understand the
> > advantage they offer over the system package manager on a produc
On Wed, Dec 02, 2015 at 07:54:48PM +, Pedro Tender wrote:
> If you have multiple apps in production with different versions of packages
> that break compatibility then you'll be in a world of pain.
I do see that advantage.
> You also have supervisor to make it rc-able.
pip/virtualenv include
ime startup costs serving django applications and tuning it is a bear.
--
Chris
__o "All I was trying to do was get home from work."
_`\<,_ -Rosa Parks
___(*)/_(*).___o..___..o...____ooO..._
Christopher Sean Hilton[chris/at/vindaloo/dot/com]
*)____.___o____..___..o...ooO..._
Christopher Sean Hilton[chris/at/vindaloo/dot/com]
share with the project. But if uwsgi is excluding because of
security issues then building a port would be silly.
Thanks for any information,
--
Chris
__o "All I was trying to do was get home from work."
_`\<,_ -Rosa Parks
___(*)/_(*).___o..___..o..
ound to the local nsd.
That's probably answers more than you wanted. But I could see this
combination of nsd and unbound being popular among people looking for
a lighter weight alternative to bind.
--
Chris
__o "All I was trying to do was get home from work."
_`\&
t;All I was trying to do was get home from work."
_`\<,_ -Rosa Parks
___(*)/_(*).___o..___..o...ooO..._
Christopher Sean Hilton[chris/at/vindaloo/dot/com]
[demime 1.01d removed an attachment of type application/pgp-signature]
g to do was get home from work."
_`\<,_ -Rosa Parks
___(*)/_(*).___o..___..o...ooO..._____
Christopher Sean Hilton[chris/at/vindaloo/dot/com]
[demime 1.01d removed an attachment of type application/pgp-signature]
I have isakmpd running quite well with certificates. I'm now trying to do
something that may or may not be simple.
I wish to establish two tunnels between my ipsec central server on a static IP
two dynamic points on the internet. The first case is an openbsd box which
wants to connect a remote lan
On Aug 10, 2009, at 6:37 PM, Christopher Sean Hilton wrote:
I have a couple of questions regarding setting up ipsec.
I've read the "4 minutes" page and modified the older setup to work
with 2 OpenBSD 4.5 boxes. That's enough to get me going with an
IPsec tunnel by IP ad
I have a couple of questions regarding setting up ipsec.
I've read the "4 minutes" page and modified the older setup to work
with 2 OpenBSD 4.5 boxes. That's enough to get me going with an IPsec
tunnel by IP addresses but one side of my connection is a consumer
grade DSL line which wants to
Repost with conf file included:
I'm trying to track down a split horizon DNS issue. On initial startup
everything works great. Internal hosts can resolve names against my
complete zone and can resolve names for other internal hosts just
fine. External hosts get the abbreviated views that I'v
I'm trying to track down a split horizon DNS issue. On initial startup
everything works great. Internal hosts can resolve names against my
complete zone and can resolve names for other internal hosts just
fine. External hosts get the abbreviated views that I've setup. But
after a period of
Is anyone aware of an equivalent for the Soekris Net 5501-70. I'm
looking to prototype an OpenBSD border gateway that offers web proxy
capabilities through
squid cache but squid is a bit of a memory hog and I'd like to have
something with a Gig of RAM. Power footprint is a consideration which
I'm running OpenBSD as an IP less bridge between a DMZ and a protected
internet. The protection comes from using a set of pf rules on the
exterior interface of the bridge. My pf rules block all traffic on UDP/
67 and UDP/68 from traversing the bridge so I currently run two DHCP
servers, one
On Sat, May 24, 2008 at 08:03:53AM -0400, Nick Holland wrote:
> Johan SANCHEZ wrote:
> > On Fri, 23 May 2008 11:08:32 -0400
> > Christopher Sean Hilton <[EMAIL PROTECTED]> wrote:
> >
[ snip ]
> >
> > Can i ask what is the problem you are experiencing with
On May 23, 2008, at 11:06 AM, Christopher Sean Hilton wrote:
Hi,
I inherited an E450 from my old job. It booted Solaris just fine but
I was never able to get any of (Free|Net|Open)BSD to install on it.
I feel that this is probably more do to me than anything else. As
time has passed it&#
Hi,
I inherited an E450 from my old job. It booted Solaris just fine but I
was never able to get any of (Free|Net|Open)BSD to install on it. I
feel that this is probably more do to me than anything else. As time
has passed it's become pretty obvious between the problems with the
install a
Hi,
I'm trying to connect a Netgear FVS114 to my OpenBSD 4.2 machine. I
seem to be stuck getting the following three error lines when I use
isakmpd -K -d
205022.882116 Default attribute_unacceptable: AUTHENTICATION_METHOD:
got PRE_SHARED, expected RSA_SIG
205022.882456 Default message_ne
On Mar 31, 2008, at 8:53 PM, Jon Radel wrote:
Christopher Sean Hilton wrote:
On Mar 31, 2008, at 4:58 PM, Christopher Sean Hilton wrote:
Hi,
Just a followup. I figured that I might have better luck with this
configuration.
de0 - External interface to Internet
de1 - Internal
On Mar 31, 2008, at 4:58 PM, Christopher Sean Hilton wrote:
Hi,
Just a followup. I figured that I might have better luck with this
configuration.
de0 - External interface to Internet
de1 - Internal interface to DMZ
de2 - No IP interface to DMZ
de3 - No IP interface to
Hi,
My goal is to use OpenBSD to filter packets between my wireless
segment and my DMZ. I've protected my wireless with WEP but in the
long haul I'd like to be able to remove any authentication, WEP or WPA
from the wireless segment. My first question is this: This strategy
seemed to mak
58 matches
Mail list logo
