OpenBSD as L2TP client

Hi A client asked me to setup a low cost router to connect to the Internet. His current Internet connection requires his router to connect to the ISP using L2TP protocol. I've looked through the archives and ports tree for a similar posting, but found none... Is anyone using OpenBSD as an L2TP

def/(ip-option)

Hi I've setup a new firewall and I'm getting the following line in PF's log ... Jan 31 08:14:34 X OPF: Jan 31 15:17:40.495167 rule def/(ip-option) pass in on em3: 172.16.1.59 > 224.0.0.22: igmp-2 [v2] (DF) [tos 0xc0] [ttl 1] What does def/(ip-option) mean and why does it get passed?

Re: snort on openbsd with PF

Hi I apologize for not first RTFMing before asking. Section 4.4 of the Snort FAQ clearly states that scenario 1 is the one that will be ... -- TIA Paolo On 2/8/10 3:18 PM, Paolo Supino wrote: Hi When snort on the external interface of an OpenBSD firewall, which scenario will be the one

snort on openbsd with PF

Hi When snort on the external interface of an OpenBSD firewall, which scenario will be the one happening: 1. Snort captures all incoming traffic before it reaches PF (there's also NAT on the external interface). 2. Snort captures and analyzes only traffic that the firewall let through on the

Re: ports install problem

: > Paolo Supino schrieb: > > Hi >> >> I'm trying to install php5-core from /usr/ports/www/php5/core ... When I >> run `make install` I get the following output: >> # cd ports/www/php5/core/ >> # make install >> ===> Checking files for php5-cor

ports install problem

Hi I'm trying to install php5-core from /usr/ports/www/php5/core ... When I run `make install` I get the following output: # cd ports/www/php5/core/ # make install ===> Checking files for php5-core-5.2.10 >> Fetch http://us2.php.net/distributions/php-5.2.10.tar.gz php-5.2.10.tar.gz 100% |**

Re: PF logging into a file [solved]

r -t pf -p [facility.level]. This makes me wonder: is there a difference in the command line switches given to tcpdump (I tried using -l, but it didn't work in my attempts)? -- TIA Paolo On 1/24/10 2:17 PM, Vadim Agarkov wrote: 24.01.2010 13:36, Paolo Supino P?P8QP5Q: Hi I&#x

Re: PF logging into a file

Hi Vadim pflogd is writing the A small detail I forgot to mention: I need the log to be in text (readable) format. pflogd write pcap format files, which isn't suitable for me ... -- TIA Paolo On 1/24/10 2:17 PM, Vadim Agarkov wrote: 24.01.2010 13:36, Paolo Supino P?P8QP5Q

PF logging into a file

Hi I've often used the command "tcpdump -n -e -ttt -i pflog0" to view PF log in real time. I've decided to try and use it in order to log in real time PF through syslog. The solution described in the PF FAQ to log to syslog works in time intervals, which doesn't meet my needs in my current

dual booting on iBook

Hi I have a Macintosh iBook G4 and I was wondering weather it's possible to dual boot it (like in the I386 world)? TIA Paolo

Re: routing question (solved)

Paolo RW wrote: On Mon, 03 Sep 2007 20:26:14 -0400, Paolo Supino wrote: Hi RW Except for the branch VPN to the main office subnet (line# 3) I have the other IPSEC rules: peer to peer, 2 subnets to 1 subnet (and vice versa on the main office VPN peer). Why do I need to setup a tunnel between

Re: routing question

Mon, 03 Sep 2007 17:15:02 -0400, Paolo Supino wrote: Hi I have a firewall that also acts as a VPN peer for 2 VPNs. One of the VPNs is IPSEC that connects between the main office and a branch office. The second VPN is OpenVPN that connects windows based road warriors to the branch office. I

Re: routing question

s not a firewalling issue in either the main or branch offices as the same type of traffic (ping in this case) worked fine from a desktop in the branch office. TIA Paolo David Newman wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 9/3/07 3:28 PM, Paolo Supino wrote: Hi David It&#

Re: routing question

ng problems between the 2 VPNs. TIA Paolo David Newman wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 9/3/07 2:15 PM, Paolo Supino wrote: Hi I have a firewall that also acts as a VPN peer for 2 VPNs. One of the VPNs is IPSEC that connects between the main office and a branch off

routing question

Hi I have a firewall that also acts as a VPN peer for 2 VPNs. One of the VPNs is IPSEC that connects between the main office and a branch office. The second VPN is OpenVPN that connects windows based road warriors to the branch office. I want to enable employees that connect to the branch's Open

Re: openbsd instead of cisco vpn client

Hi Samuel Great, thank you for the information. I will take a look at it and try it :-) TIA Paolo Samuel Moqux wrote: 2007/8/27, Paolo Supino <[EMAIL PROTECTED]>: Hi I came across the following situation: there's network where several employees have access to a clien

Re: trying to compile frickin pptp proxy

Hi Thank you!!! I had the feeling that the problem is in the Makefile.OpenBSD, but didn't know how to fix it. Doing what you suggested below solved the problem and I'm now able to build frickin proxy. Now I have to make it work ... TIA Paolo Marmotic Marvel wrote: On Tue, 28 Aug 2007, Ma

Re: trying to compile frickin pptp proxy

Hi Lars I know about the limitation and their implications, but unfortunately I don't control the other peer and have to live with what I'm given. TIA Paolo Lars Noodin wrote: Paolo Supino wrote: I'm trying to compile frickin pptp proxy on an OpenBSD 4.1 system.

trying to compile frickin pptp proxy

Hi I'm trying to compile frickin pptp proxy on an OpenBSD 4.1 system. The compilation fails with the following errors: g++ -Wall -g -O2 -I/home/paolo/src/frickin/include -L/home/paolo/src/frickin/lib -o frickin2 main.o logger.o configuration.o session.o listener.o entity.o server.o client.o ca

openbsd instead of cisco vpn client

Hi I came across the following situation: there's network where several employees have access to a client of theirs using Cisco VPN clients. To centralize and ease administration I want to put in place an OpenBSD box that will create a single VPN. The client is so bearucratic that by the time th

sendmail SMTP auth

Hi I want to add SMTP auth to sendmail. Will it be easier for me to try and add the support to the source shipped by OpenBSD or to the source that I will download from sendmail.org? Other suggestions on setting up a mail server with SMTP auth are welcome. TIA Paolo

order

Hi Does anyone know how I can contact Austin@ except emails? My CDs and book have yet to arrive (preorderd on the day orders were opened) and I'm not getting any feedback/reaction via email :-( TIA Paolo

Re: couple of questions

/05/06 15:41, Paolo Supino wrote: Is it possible to __tunnel Ethernet__ over IPSEC in OpenBSD? Yes, see gif(4) As I posted before, bridge over gif doesn't seem to work with 4.1 :(. At least all my attempts to do such a configuration failed. But, using openvpn in bridge mode :( works.

Re: couple of questions

Hi Stuart Great, thanx :-) Read the manual page and it's exactly what I was looking for. TIA Paolo Stuart Henderson wrote: On 2007/05/06 15:41, Paolo Supino wrote: Is it possible to __tunnel Ethernet__ over IPSEC in OpenBSD? Yes, see gif(4)

Re: couple of questions

psets family (see, for exemple, the recent thread initiated by Vincent GROSS on this list). For the second question the answer is yes. There is a very good support of IPSEC in OpenBSD :p. Regards, Maxime DERCHE Paolo Supino wrote: Hi I have a couple of questions: 1. I'm in the process

couple of questions

Hi I have a couple of questions: 1. I'm in the process of setting up OpenBSD firewall for a building's network. one of the NICs on the firewall will be a wifi PCI card. I need to buy the card for it and I want to buy a card from a company that helped OpenBSD. Which wifi (PCI) vendor gave the

Re: using spamd to block outbound spam

f doing it in the IIS6 SMTP service (this isn't the place to discuss IIS6 SMTP configurations). TIA Paolo Vijay Sankar wrote: On Saturday 14 April 2007 10:06, Paolo Supino wrote: Hi Joachim I know that right now I'm mostly going at it in the wrong way but I have to fix it

Re: using spamd to block outbound spam

t fired and someone else will come and reconnect it). The IP range 0.0.0.0/0 to 255.255.255.255/32 should cover it ;-) TIA Paolo Henning Brauer wrote: * Paolo Supino <[EMAIL PROTECTED]> [2007-04-14 17:53]: From the technical aspect, I agree with you. But non technical people

Re: using spamd to block outbound spam

can't fix the problem completely, but I can put measures in place that will reduce the problem to an acceptable level. TIA Paolo Henning Brauer wrote: * Paolo Supino <[EMAIL PROTECTED]> [2007-04-14 16:43]: 1. Fixing the code is impossible :-( I already tried it, the develop

Re: using spamd to block outbound spam

sendmail + procmail to filter emails be a solutions? I will try to implement rate limiting. TIA Paolo Joachim Schipper wrote: On Fri, Apr 13, 2007 at 10:17:51PM -0400, Paolo Supino wrote: Hi Bob The webapp does talk to a real mail server: on localhost (IIS6 SMTP service). When a

Re: using spamd to block outbound spam

3. Once the OpenBSD firewall will be in place I'll probably go with setting up rate limiting via sendmail, though I'd rather not run any servers on the firewall. TIA Paolo Kyle George wrote: On Fri, 13 Apr 2007, Paolo Supino wrote: The webapp does talk to a real

Re: using spamd to block outbound spam

ly valid emails). TIA Paolo Bob Beck wrote: * Paolo Supino <[EMAIL PROTECTED]> [2007-04-12 22:12]: Hi I have the following problem: I host a group of windows servers that run a webapp using IIS6 ASP technology. The webapp was written and is maintained by a small private company

using spamd to block outbound spam

Hi I have the following problem: I host a group of windows servers that run a webapp using IIS6 ASP technology. The webapp was written and is maintained by a small private company that develops custom webapps for companies. One of the services the webapp does is send out emails (nothing ama

snortsam compilation problem

Hi I'm trying to compile snortsam (2.50 and 2.52) on OpenBSD 4.0 and I get the following compilation problems: gcc -O2 -DOpenBSD -DBSD -c ssp_pf.c ssp_pf.c: In function `PFBlock': ssp_pf.c:705: error: storage size of `t_rule' isn't known ssp_pf.c:794: error: invalid application of `sizeof' to

Dell 2950

Hi Is anyone running OpenBSD on the new Dell PowerEdge 2950 servers, what is the level of support for the integrated hardware? -- TIA Paolo Supino IT Manager Integrated Document Solutions Cell: (786) 282-1480 Tel: (954) 484-0969 Fax: (954) 484-8491 http://www.idssite.com

Re: CPU selection

g two of the machines and CARPing them, for redundancy and load balancing (not that you will likely really need that). Also consider putting some extra cash down on a hw raid controller, and 2 scsi disks for each machine, and run raid 1 on them, for even more failover safety. Alec Paolo Supino

Re: CPU selection

Hi K Kadow The NIDS would be snort. TIA Paolo K Kadow wrote: On 11/2/06, Paolo Supino <[EMAIL PROTECTED]> wrote: I'm in the process of configuring a Dell PowerEdge 860 as firewall and I debating what kind of CPU to get for the firewall for an office of about 50 people,

CPU selection

Hi I'm in the process of configuring a Dell PowerEdge 860 as firewall and I debating what kind of CPU to get for the firewall for an office of about 50 people, 20MB metro ethernet, and 15 lightly used Internet servers: FTP, web, DNS, email, NTP, etc ... In addition for the computer being a f

one letter

Hi After reading the replies to my routerboard 44 question I reached the conclusion that I have no choice but buy the Intel quad NIC (my boss will hate me ;-)). I've started collecting quotes this morning, but I was only able to get quotes for the PWLA8494GT card and not for the PWLA8494MT ca

Mikrotik's routerboard 44

Hi I'm in the process of building firewall (Obviously it will run OpenBSD) and I need to put in a quad NIC card. There's Intel Quad card that I had a success with in the past but is expensive as hell. I found a company called Mikrotik that makes a Quad NIC card and I'm looking for success/fa

Re: OpenBSD <-> Cisco IPSEC

The Cisco they have is a 3745 concentrator. The encryption algorithm is 3DES. Hash algorithm is SHA1. DH group 2 (for phase 1) and phase 2 is esp-3des esp-sha-hmac. TIA Paolo Matthew Closson wrote: On Fri, 10 Mar 2006, Paolo Supino wrote: Hi I need to setup an IPSEC VPN between 2 l

Re: OpenBSD <-> Cisco IPSEC

TIA Paolo Diana Eichert wrote: On Fri, 10 Mar 2006, Paolo Supino wrote: Hi I need to setup an IPSEC VPN between 2 locations. 1 location runs Cisco gear (out of my control) and the other runs OpenBSD (my decision). I've never setup a VPN between Cisco and OpenBSD before (I did betwe

OpenBSD <-> Cisco IPSEC

Hi I need to setup an IPSEC VPN between 2 locations. 1 location runs Cisco gear (out of my control) and the other runs OpenBSD (my decision). I've never setup a VPN between Cisco and OpenBSD before (I did between Cisco to Cisco and OpenBSD to OpenBSD) and I was wondering if there are any pit

Re: OpenBGP on firewall

enough hardware that will keep the load (ball park numbers will do ;-))? TIA Paolo Henning Brauer wrote: * Paolo Supino <[EMAIL PROTECTED]> [2006-02-16 19:54]: I started working for a company that its production site is running 2 PIX firewalls with no VRRP (to save cost on lic

OpenBGP on firewall

Hi I started working for a company that its production site is running 2 PIX firewalls with no VRRP (to save cost on licensing, duh). I offered and they approved to replace them with 2 OpenBSD and CARP. In front of the FW there is a Cisco 7200 router doing BGP. I offered to remove the router

Re: writing to /var/log/ftpd

the name of the file TIA Paolo Joel Dinel wrote: On 02/06/06 at 11:03, Paolo Supino wrote: Hi Is it possible to have normal people's ftp file transfers to /var/log/ftpd? syslog.conf states that ftp stuff is logged to /var/log/xferlog. Just change that to /var/log/ftpd, -HUP

writing to /var/log/ftpd

Hi Is it possible to have normal people's ftp file transfers to /var/log/ftpd? TIA Paolo

Re: OpenBSD, Samba and active directory

about OpenBSD 3.5 and older version Samba so I don't know how relevant it is (hense the email). Paolo Thomas Bvrnert wrote: not on openbsd, but i think you need heimdal and not the krb5 Thomas On Mon, 2006-01-30 at 14:16 -0500, Paolo Supino wrote: Hi I'm trying to compile S

OpenBSD, Samba and active directory

Hi I'm trying to compile Samba 3.0.21a on OpenBSD 3.8 with active directory enabled and when I run the configure script it fails to find libkrb5. Has anyone recently tried to compile Samba with Active Directory support enabled? TIA Paolo

ste(4) driver

Hi A couple of months ago brad sent me a patch for the ste(4) driver. I downloaded a snapshot that had the patch already in it. Unfortunately the driver still caused problems: it didn't crash the kernel, but it failed to initialize ports to 2-4 :-( I tried to contact brad a few times, but he

[Off Topic] metawire.org

Hi Does anyone knoe what happened to metawire.org? TIA Paolo