09 at 22:07:25 -0300, James Mackinnon
wrote:
I need to setup redundant VPN's between these locations without the use
of
BGP.
I have used sasync in the past, pfsync etc however, I have not tried to
setup
a VPN where 2 ISPs are used without the ISPs setup with BGP. Because
BGP
convergan
Hi All
Here is my situation and I am hoping for a little guidance on this one
I have 2 locations, both with 2 fiber internet connections
I need to setup redundant VPN's between these locations without the use of
BGP.
So, my setup would be something like this
Location A
Firewall 1
Connection t
Hi All
Just a little question on something I'm working on
I have say 50 accounts on a box.
40 of which I want the users to connect from "ANY" IP address
10 of which I want the users to only be allowed to connect from a specific IP
address that is assigned to them.
Is there a feature to control
with pf enabled and using a pass out keep state
from the BSD box, make sure it can hit the internet. this will remove it as
being an interface issue to start.
The NAT setup and the rules, based on the testing rules, should allow this
to work at this point, if it is not, go back to square 1 a
make sure you have IP forwarding setup in your /etc/sysctl.conf
Nat is pretty easy in pf once forwarding is setup
nat on $EXTERNALINTERFACE inet from $INTERNELNETWORK to any ->
$EXTERNALINTERFACE
where $EXTERNALINTERFACE and $INTERNALNETWORK is your interface settings.
James
- Origina
Hi all
I am trying to get authpf up and running but am having an issue
I have the users shell set as authpf but on login I am getting
-authpf: non-interactive session connection for authpf
Any suggestions?
James
--
James Mackinnon
President
Hi All
I am trying to read-only the system but having a seperate location rw
In order to do this, I want to re-locate the user account files so accounts
can still be added when in read-only mode.
I have tried doing ln -s /confs/passwd /etc/passwd etc.. but when I try to
create an account it fail
yes
block out quick on $external from any to 123.123.100.0/24 for example.
Of course, the / equiv will need to be that of the size of the segment you
are blocking on
Enjoy
- Original Message -
From: "Jim M" <[EMAIL PROTECTED]>
To:
Sent: Saturday, May 26, 2007 7:54 PM
Subject: pf bl
Sorry, yes, I flipped it now to use b mode, same result still unfortunally.
thoughts in that mode?
- Original Message -
From: "Michael" <[EMAIL PROTECTED]>
To: "James Mackinnon" <[EMAIL PROTECTED]>;
Sent: Wednesday, May 16, 2007 4:27 PM
Subject: Re:
some suggestions on where I am going wrong on this. from
what I have searched and read on, openBSD as an AP should be very straight
forward but i'm not seeing it broadcast out.
I'm running OpenBSD 4.0 on a soekris 4801
Thanks
James Mackinnon
This was likely answered before. I went hunting and seemed to not find a solid
answer, thus, after the time of looking, I figured I need to take the moment
to ask
I have a quad Xeon 700 Dell 6450 with 4 146gig scsi drives connected to a perc
2/dc controller.
The drives are setup properly, I can r
as we are
building a custom management system for custom purposes.
Thanks
James Mackinnon
the non-tunneled link
James
- Original Message -
From: "Bryan Irvine" <[EMAIL PROTECTED]>
To: "James Mackinnon" <[EMAIL PROTECTED]>
Cc:
Sent: Thursday, February 08, 2007 5:45 PM
Subject: Re: poptop config question
On 2/8/07, James Mackinnon <
Brian, if using windows PPTP setup, remove the Use remote networks gateway
checkmark so that everything you do doesn't go through the Poptop box
including web.
You will however require the use remote network gateway if the side you are
connecting has multiple networks routed in other locations
Sorry,
On server 2 this is what hostname.em1 would be
Hostname.em1 (internal interface)
Ip is 10.50.50.2
Says I'm running
OpenBSD 4.0-current (GENERIC) #1149:
Thanks again
James
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of James Mackinnon
Hi all
I have 2 Openbsd 4.0 systems running
I have the systems plugged into a gigabit (4 port intel server adapter)
management switch (external interface)
I then have the 2 systems plugged together via the pfsync on a 100mb
intel card
Carp is working fine, pf is working fine.
I allow all
Hi all
I have checkpoint NG running on 1 system (retiring next weekend) but
right now, it seems that the tunnels between it and my BSD 4.0 firewalls
drops on key renewal or something.
I am running isakmpd with -T flag and the other BSD firewalls I run do
not drop the connection at all
I am
, yes, there is a noticiable change from bsd
3.5/3.6 and 3.9 for this. Likely a change in 3.7 or 3.8 as well.
There might be other ways to handle this, but this is the only one that I used
with success.
Good luck
James Mackinnon
Devantec Solutions
From: [EMAIL PROT
We have been using OBSD VPN tunnels for a while now, since 3.5
We still have a handful of 3.5 systems running and have no issues.
We have approx 35 locations running all the time and the tunnels just
work.
We also have them connecting to our datacenter which, unfortunally we
have not had time ye
ons
On Jun 28, 2006, at 6:16 AM, Joachim Schipper wrote:
On Tue, Jun 27, 2006 at 04:15:58PM -0300, James Mackinnon wrote:
Hey all
I'm here setting up a nice little setup with 2 3.9 OBSD boxes using
pfsync and
it works great.
I'm now at the point to create tunnels to other s
did googlin in hopes to find a dry step by step on it.
If anyone has done this, can they share a step by step.
I'm hoping to save some time and then I can do some detailed testing and put
this into my network when all is done.
Anyhow, any input would be great.
Thanks
James Mackinnon
Nevermind, found my answer.
Hint to self, Check the Darn hardware support list first.
James
- Original Message -
From: James Mackinnon
To: misc@openbsd.org
Sent: Friday, May 19, 2006 11:51 AM
Subject: High-Performance Network Cards?
Hey everyone
I'm looking at upgr
Hey everyone
I'm looking at upgrading my Environment to 2 firewalls using carp and such.
I have a bunch of segments (5) internally + the pfsync connection
I do alot of data transfers on the backend, which would likely be best managed
with gigabit cards, the front end, will be connected to 2 cisc
What do the client systems run?
if they are on windows 2000/2003 Domain, use a GPO and block them as
untrusted.
Just a thought because what you want is done above PF
James
- Original Message -
From: "tony sarendal" <[EMAIL PROTECTED]>
To: "misc"
Sent: Friday, April 21, 2006 7:46 A
Also, rebooting the DC's seems to address the issue for a while as
well.
Thanks again for everything OpenBSD:)
James Mackinnon
ostings I can so I might
have missed some.
James Mackinnon
Devantec Solutions
- Original Message -
From: "Theo de Raadt" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Cc:
Sent: Thursday, March 23, 2006 7:02 PM
Subject: Re: openbsd and the money -solutions
I did no
I actually believe I might have found it
This Exchange server has load balanced nics (intel proset) and it seems that
it keeps updating the arp entries on the firewall to the non-balanced mac
address thus dropping the connections.
I noticied it in the log files of the firewall after I took it
e PF
rule base is approx 11 pages, the ISAKMPD file is just huge with 200 tunnels
being created.
James
- Original Message -
From: "Steven S" <[EMAIL PROTECTED]>
To: "'James Mackinnon'" <[EMAIL PROTECTED]>;
Sent: Tuesday, January 17, 2006 12
This is a second issue that I had today with my final BSD firewall rollout in
my main center.
This issue was with exchange
All branches have VPN tunnels back to central location and the firewall rules
have a pass quick over the VPN tunnels
On the main location I have a
pass quick log inet from
Hey all
As part of my rollout today to Openbsd in my datacenter, I had a little
problem, well not entirely little
Here is the layout
8 TS boxes
ip config
192.168.0.20
192.168.0.21
192.168.0.22
192.168.0.23
192.168.0.24
192.168.0.25
192.168.0.26
192.168.0.27
They have a Load Balance IP of 192.1
l.
James
- Original Message -
From: "jared r r spiegel" <[EMAIL PROTECTED]>
To:
Sent: Saturday, January 14, 2006 5:07 PM
Subject: Re: isakmpd fails without warning
On Sat, Jan 14, 2006 at 09:20:34AM -0400, James Mackinnon wrote:
I have checked the logs and there is n
m Schipper" <[EMAIL PROTECTED]>
To:
Sent: Saturday, January 14, 2006 10:30 AM
Subject: Re: isakmpd fails without warning
On Sat, Jan 14, 2006 at 09:20:34AM -0400, James Mackinnon wrote:
Hello everyone
I have a 2 central locations which have multiple interfaces (4) and have
tunn
to
pass in quick on $vpn proto ipencap all
as soon as I restart isakmpd because it shutdown when it tried to reneg and
couldn't it works fine again for a while
Thanks
james
- Original Message -
From: "James Mackinnon" <[EMAIL PROTECTED]>
To:
Sent: Saturday, Jan
Hello everyone
I have a 2 central locations which have multiple interfaces (4) and have
tunnels for each of these interfaces to 34 other locations.. this comes out to
approx 198 tunnels on each of these 2 systems.
My other locations only have 1 interface, they all tunnel to each other and to
thes
3.100-150 and didn't add this segment to
any interface and it works fine, but I don't want to use another segment as
that means I would have to create another tunnel between 34 firewalls to all
this connection to go across.
Thanks again
James Mackinnon
Hey everyone
I am hoping I am posting this to the correct list
I am running an AMD 2200+ w/ 512mb of ram and all intel pro cards in my main
location.
I have 14 other locations connecting back to this 1 location and each location
creates 3 tunnels to this system as I have
3 internal network segme
o
see.
Works very good to date and I'm happy with it, only thing I need now is
to know what I can use to join all my pflog files together for
each firewall as right now, I have a different one every hour for each
firewall.
Just wanted to toss a thanks out to Jason Dixon on Hatchet, works
gre
FILE CONTENT IS
##
# PPTPD CONFIG #
# Remote Net Access #
# By: James Mackinnon #
# On: June 29th 2005#
##
speed 11500
option /etc/ppp/options.pptpd
localip 192.168.0.254
remoteip 192.168.0.235-236
/etc/ppp/options
rights are 640
owned b
IPaudit and IPaudit-web work well for this.
On 10/19/2005, "Jason Dixon" <[EMAIL PROTECTED]> wrote:
>On Oct 19, 2005, at 3:17 PM, Francisco Josi Nina Rente wrote:
>
>> Greetings,
>>
>> I have this situation.
>> My ISP limit the amount of traffic that which user can use per month.
>> I need to l
Good day everyone
In my battles to centralize my PF and other logs with a secure means I
have decided to dump syslog because well, it couldn't handle the data
loads without dropping data and I can't be loosing logs.
I also don't want to install 3rd party software on my systems where
possible as I
;> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
>Of
>> James Mackinnon
>> Sent: Tuesday, September 20, 2005 9:43 AM
>> To: misc@openbsd.org
>> Subject: PFLogging to Syslog
>>
>> Good day everyone
>>
>> I have 20+ OpenBSD firewalls
s the tcpdump command could fail, thus my logging fail
Thoughts?
James
On 9/20/2005, "Roy Morris" <[EMAIL PROTECTED]> wrote:
>James Mackinnon wrote:
>
>>Good day everyone
>>
>>I have 20+ OpenBSD firewalls setup across Canada and I wanted to bring
>>the
Good day everyone
I have 20+ OpenBSD firewalls setup across Canada and I wanted to bring
the logs to a central server so I can make them web enabled so I can
view them in a web app
In the past, I used checkpoint, I like pf much better but the logging
system to checkpoint was nice
I have followed
currently rolling it out as our security
system of choice for a large company with national branches across North
America but this limitation is going to result in alot of the same data
across seperate files. If someone has any info they could supply me on
this, it would be great.
Thanks Again
James Mackinnon
44 matches
Mail list logo
