al. Check the docs
on what to allow in PF. "tcpdump" the egress interface (and/or pflog0)
to check whether you have anything going to /dev/null.
---
Igor V. Gubenko
System Engineer
On 2018-02-15 09:14, Joel Carnat wrote:
> Hi,
>
> My FTTH home-box provides IKEv2 server suppo
I have an issue using certs as well, though I am not 100% sure whether
it has to do with a CA cert chain (why did you come to this
conclusion?). Do you have a config and a debug trace to share?
---
Igor V. Gubenko
System Engineer
On 2018-02-21 20:14, Stuart Henderson wrote:
> Has any
This indeed does help. Moved the policy to be the first.
Thank you,
- Igor
On 2017-06-06 05:56, Zé Loff wrote:
> On Mon, Jun 05, 2017 at 07:50:01PM -0400, Igor V. Gubenko wrote:
>
>> Hello all,
>>
>> I am continuing my assault on iked :)
>>
Hello all,
I am continuing my assault on iked :)
Here is a perfectly working configuration that uses PSK's:
###
local_ip = "A.B.1.153"
local_net = "172.16.0.0/20"
ikev2 "KBweb" \
passive ipcomp esp \
from $local_net to 10.33.33.0/27 \
local $local_ip \
Hello,
I have two OpenBSD 6.1-stable boxes in a CARP cluster. There are 3 carp
interfaces -
carp0 = Internal network (with its own separate ISP)
carp1 = Comcast
carp2 = Verizon
The interfaces are using 3 separate routing domains (the routing tables
below omit entries not of interest):
##
Thanks again. The connections are all working.
On 4/20/17 8:54 PM, Igor V. Gubenko wrote:
> Thank you, the patch appears to work. I haven't fully tested
> connecting/establishing connections, so I'll send another update.
>
> Prior to the patch, iked also complained about l
Thank you, the patch appears to work. I haven't fully tested
connecting/establishing connections, so I'll send another update.
Prior to the patch, iked also complained about lack of public keys for
PSK connections 1 and 2 (in /etc/iked/pubkeys/fqdn/)
It doesn't mind them being absent anymore thoug
Hello everyone,
OpenIKED just doesn't seem to like me much.
I managed to get it working around 5.8 but from upgrade to upgrade I
encountered different issues.
I have 3 tunnels using IKEv2. 2 are using a PSK, and 1 is using cert/RSA
auth.
They were working fine on 6.0. However the same configura
NE
>
> fw2 hostname.carp0: inet alias 8.8.8.10 255.255.255.255. NONE
> fw2 hostname.bnx0: inet alias 8.8.8.12 255.255.255.255 NONE
>
> is that right ?
>
>
> 2017-02-28 15:07 GMT+01:00 Igor V. Gubenko <mailto:i...@gubenko.com>>:
>
> It's not completely c
It's not completely clear -
4) - is the IP 10.1.1.2 on a separate interface? What did you configure
carp2 on?
Can you restate your question and/or describe how you want the traffic
to flow, as well as your network topology?
- Igor
On 2/27/17 6:07 AM, Frank White wrote:
> hi,
> I have 2 firewal
10 matches
Mail list logo
