Hey all,
I've been trying to see if it's possible to setup SSH based vpn's
using user accounts on the remote end. While I don't think it says
anywhere explicitly that it's _not_ possible, I haven't found any
references so far of people doing it successfully ;-)
I've gone over the mailing list se
Hey all,
I've got a CARP rig running as a firewall pair, and I use preemption
to make sure only one host is master of all links at any given time.
However just now I saw a situation where a single carp interface had
gone to BACKUP and passed across to the other host, while all other
carp interface
Hi all,
I've been wondering how to deal with this particular issue for quite
some time now, and I can't find any references to "the right way"(TM)
to handle it.
I always prefer to run automated tasks as limited privilege users on
my OpenBSD hosts - such as tasks that pull files across from other
Matt Rowley wrote:
>>> best "simulation" is recording your real-world traffic using tcpdump and
>>> then use tcpreplay. but that is tricky too.
>> Henning has something in saying that most of the tools aren't great,
>> in the end all benchmarks are artificial in some measure. Replaying
>> traffic
Henning Brauer wrote:
> * Ronnie Garcia <[EMAIL PROTECTED]> [2007-06-06 13:04]:
>> Henning Brauer a icrit :
>>> * nate <[EMAIL PROTECTED]> [2007-06-05 21:44]:
I built 3 OpenBSD 3.6(?) servers in mid 2005 with these cards, and
was able to get a peak throughput of about 520Mbps in bridged m
Henning Brauer wrote:
> * Dave Harrison <[EMAIL PROTECTED]> [2007-05-21 08:26]:
>> Henning Brauer wrote:
>>> * Uv Pzaf <[EMAIL PROTECTED]> [2007-05-20 23:12]:
>>>> I wonder why OpenBSD packages (i.e. openldap-server-2.3.24.tgz) still
>>>> uses
Henning Brauer wrote:
> * Uv Pzaf <[EMAIL PROTECTED]> [2007-05-20 23:12]:
>> I wonder why OpenBSD packages (i.e. openldap-server-2.3.24.tgz) still
>> uses ldbm as database backend especially since the OpenLDAP folks are
>> stating that this is no good any more:
>> (http://www.openldap.org/faq/data/
Stefan Beke wrote:
>> If you perform a `ps aux` you will see what user dovecot is running as,
>> that's the user whose class you want to check.
>
> [EMAIL PROTECTED] ~ $sudo ps waxu | grep dovecot
> root 26251 0.0 0.2 620 912 ?? Ss15Jan07
> 0:55.12/usr/local/sbin/dovecot
> _dovecot
Stefan Beke wrote:
> Hello Nico,
>
> thanks for quick reply.
>
> Does dovecot actually run under this login class?
> I did modify login.conf
> # cap_mkdb /etc/login.conf
> than kill -HUP "_dovecot_PID"
>
> I hope that's enough to run it under dovecot class. How do I find out?
If you perform a `
Hey guys,
I've looked at the web front end for the cvs tree and looking in
ports/lang/python/ with the filter of OPENBSD_4_0 and 2.5 seems to be in there.
http://www.openbsd.org/cgi-bin/cvsweb/ports/lang/python/?only_with_tag=OPENBSD_4_0
But when I do a `cvs checkout -rOPENBSD_4_0 ports`
I don'
Hi all,
I'm looking at the "set optimization" policies for PF, and while it's clear that
there are varying levels of aggression towards expiring state entries, I can't
find exact numbers of what those levels represent.
I assume they're based on a time and/or traffic metric ??
My current policy i
Dave Harrison wrote:
> Hi all,
>
> I've got a machine sitting behind a NAT box, and another machine with a
> public IP.
>
> X.X.X.X -- NAT Y.Y.Y.Y === Z.Z.Z.Z
>
> I want to establish a nat-t IPsec vpn between X.X.X.X and Z.Z.Z.Z
>
> But I'm having
Hi all,
I've got a machine sitting behind a NAT box, and another machine with a public
IP.
X.X.X.X -- NAT Y.Y.Y.Y === Z.Z.Z.Z
I want to establish a nat-t IPsec vpn between X.X.X.X and Z.Z.Z.Z
But I'm having a problem where X.X.X.X tries to contact Z.Z.Z.Z on port 500 and
never goes over to
Stuart Henderson wrote:
> On 2006/04/09 17:43, Dave Harrison wrote:
>> I'm searching high and low for some documentation on setting up a PPPoA link
>> (yes, it's for the UK and it's definitely PPPoA _not_ PPPoE) under OpenBSD
>
> in-tree: ueagle(4)
> otherw
Hi all,
I'm searching high and low for some documentation on setting up a PPPoA link
(yes, it's for the UK and it's definitely PPPoA _not_ PPPoE) under OpenBSD and
drawing a blank. The FAQ says that it seems to be possible, but the ppp man
page doesn't seem to have any references, and all my goog
Hi all,
I've been trying to get interface groups going on a machine and have met with a
possibly interesting problem.
I have declared an interface to be part of a group, and that group shows up
correctly if I `ifconfig foogroup` or `pfctl -s Interfaces`
I have a setup where I have one VPN come i
Hi all,
I'm updating my PF rules to include an anchor for my manual routing rules (using
route-to) which can then be updated by ifstated when it notices that one of my
links has fallen over.
As the documentation says, macros are not visible in anchors. Which means that
my (growing and rather ext
Stuart Henderson wrote:
> --On 14 October 2005 08:32 +1000, Dave Harrison wrote:
>
>> Here's my problem, I have a remote machine that has two links, one is
>> high bandwidth but has bad latency, the other has low bandwidth but
>> good latency.
>
> pf.conf(5
Hi all,
Here's my problem, I have a remote machine that has two links, one is
high bandwidth but has bad latency, the other has low bandwidth but good
latency.
I need two VPN tunnels running between these machines, but one over each
link as below. The reasons why are due to the traffic I need to
Hi all,
I have two links, a rather costly one, and a cheap high bandwidth one.
I prefer to use the cheap one whenever possible, but if it goes down I
want to fail over onto the expensive one.
This rule (from the PF FAQ) will let me round-robin my outgoing
connections :
pass in on $int_if route-t
Hi all,
I've been googling around for a couple of days now, and there is little
consensus on how to solve the 'sftp & no shell access' problem. I've
found references to people that are using patched versions of OpenSSH (a
solution I think begs for problems to occur) to facilitate chroot-ing
users
I don't seem to receive a copy of the mail I sent to misc@ via the list.
I have the "selfcopy" option enabled for all the lists I'm subscribed
to, and my account isn't catching those mails as spam etc.
Any ideas ?
Hi,
I'm interested to know if anyone has a better solution (or has a
solution to my existing question) for the following situation.
I have a remote login box that also functions as a local login box.
Users connect to the machine over the local network to run X apps, they
can also connect to it re
Hi all,
I've been looking through all the upgrade notes etc and I can't see that
any major changes have occurred in the ppp daemon, nor the pppoe
translator that would cause me problems. However since I upgraded to
3.7 (from 3.4) I've been unable to connect to my ADSL providor.
My ppp.conf is t
Hi all,
I've been looking through all the upgrade notes etc and I can't see that
any major changes have occurred in the ppp daemon, nor the pppoe
translator that would cause me problems. However since I upgraded to
3.7 (from 3.4) I've been unable to connect to my ADSL providor.
My ppp.conf
Stephen Marley wrote:
On Sun, Jun 19, 2005 at 01:34:06PM +1000, Dave Harrison wrote:
I just upgraded my firewall to 3.7, but I've found my VPN is now not
working. I keep seeing "NAT detected" messages, but both machines have
real IPs so it doesn't make sense. The cli
I just upgraded my firewall to 3.7, but I've found my VPN is now not
working. I keep seeing "NAT detected" messages, but both machines have
real IPs so it doesn't make sense. The client machine is a 3.6 install,
and the server machine was a 3.4 machine which I used the media CD to
upgrade. I've
27 matches
Mail list logo
