Hello,
I noticed that the README file for unbound in -current still mentions
version 1.9.4 while -current version is 1.9.6.
===
RCS file: /cvs/src/usr.sbin/unbound/README,v
retrieving revision 1.4
diff -u -p -r1.4 README
--- README
Hello,
This is a short patch to let acme-client accept ECDSA keys now that
letsencrypt accepts signing certificates with those keys. This
functionality is present in certbot, so it might be a good idea to let
acme-client accept that too.
The key needs to be generated manually
i.e.: openssl ec
Hello,
The man page for openssh 7.7 for Ciphers specifications mentions:
The default is:
chacha20-poly1...@openssh.com,
aes128-ctr,aes192-ctr,aes256-ctr,
aes128-...@openssh.com,aes256-...@openssh.com,
aes128-cbc,aes192-cbc,aes256-cbc
However, ssh doesn't use the last line in that list:
$ ssh -
Hello,
Shouldn't /etc/malloc.conf be in /etc/changelist? You would most likely
want to know if it appears or is changed, and you probably don't want
sysclean package to suggest you to remove it either.
What do you think?
Regards
smime.p7s
Description: S/MIME Cryptographic Signature
On 10/10/2017 04:35 PM, Renaud Allard wrote:
> Hello,
>
> Since the upgrade to OpenBSD 6.2 (from 6.1). One of my tunnels is not
> working anymore (it was working on 6.1)
> There are 2 things which differ from the other (working) ones:
> Both hosts are natted, and one host i
Hello,
Since the upgrade to OpenBSD 6.2 (from 6.1). One of my tunnels is not
working anymore (it was working on 6.1)
There are 2 things which differ from the other (working) ones:
Both hosts are natted, and one host is i386 (instead of amd64).
I can see packets leaving the source server and enter
On 09/28/2017 06:34 AM, Philip Guenther wrote:
> On Wed, 27 Sep 2017, Theodore Wynnychenko wrote:
> ...
>> Thank you for the information. I removed the “noexec” flag from fstab
>> and the error has disappeared.
>>
>> But, I am also surprised by the requirement that /tmp _not_ be mounted
>> noexe
Hello,
I noticed in my logs things like this.
May 1 03:00:02 isildur openssl: vfprintf %s NULL in "%s %2d
%02d:%02d:%02d%.*s %d%s"
It comes down to this command to fetch ocsp response:
openssl ocsp -respout ocsp.der -no_nonce -issuer chain.pem -cert
cert.pem -url http://ocsp.int-x3.letsencry
On 03/05/17 16:52, Christer Solskogen wrote:
On May 3, 2017 15:34, "Renaud Allard" <mailto:ren...@allard.it>> wrote:
Hello,
Since I installed all the new patches with syspatch I get this in
the logs:
May 3 15:30:22 isildur dhcpd[79314]: pf pipe closed
Hello,
Since I installed all the new patches with syspatch I get this in the logs:
May 3 15:30:22 isildur dhcpd[79314]: pf pipe closed
May 3 15:30:22 isildur dhcpd[79314]: pf pipe error: Broken pipe
May 3 15:30:22 isildur dhcpd[11508]: pf pipe error: Broken pipe
May 3 15:30:22 isildur dhcpd[79
On 22/12/2016 18:07, Артур Истомин wrote:
I see messages about mmap W^X violation when trying to use Node.js
dmesg | grep violation
node(7370): mmap W^X violation
node(55720): mmap W^X violation
Even with wxallowed, the kernel still logs the violations. That doesn't
mean it blocks them.
Hello,
I have found some grammar errors in s_client.c in libressl
Index: usr.bin/openssl/s_client.c
===
RCS file: /cvs/src/usr.bin/openssl/s_client.c,v
retrieving revision 1.28
diff -u -p -r1.28 s_client.c
--- usr.bin/openssl/s_clien
Hello,
I am running 6.0 and each time I try to run sa-update, I get the
following error:
Argument "1.38_01" isn't numeric in numeric lt (<) at
/usr/libdata/perl5/IO/Socket/IP.pm line 847
line 847 is:if( $IO::Socket::VERSION < 1.35 ) {
And IO::Socket is part of base
Best Regards
[demime 1.0
On 03/25/2016 04:27 PM, Sly Midnight wrote:
> Hello,
>
> I don't mean to bring up an old thread, but I was wondering if anyone
> else was experiencing issues with OpenBSD 5.8 and Android 6.0.1
> (preferably the version on the Nexus line of devices) connecting to
> ipsec/l2tp.
>
> I had this working
On 10/07/2015 04:51 PM, M Wheeler wrote:
CD's arrived today UK. Thanks again.
Arrived fine in Belgium too.
On 09/02/2015 09:07 AM, Renaud Allard wrote:
> Hello,
>
> I noticed some strange behavior from spamd in 5.7-stable.
> It has been started with '-5 -S 15 -s 1 -G6:24:864' but it seems to add
> to the whitelist every server which connects for the second time,
> independen
Hello,
I noticed some strange behavior from spamd in 5.7-stable.
It has been started with '-5 -S 15 -s 1 -G6:24:864' but it seems to add
to the whitelist every server which connects for the second time,
independently from the first parameter in -G.
Here is an example:
# zgrep 217.172.190.133
On 14/11/14 13:28, Jérémie Courrèges-Anglas wrote:
> Renaud Allard writes:
>
>> On 11/14/2014 10:12 AM, Jonathan Gray wrote:
>>>> Now openssl ciphers CHACHA20 works as intended
>>>> # openssl ciphers CHACHA20
>>>>
ECDHE-ECDSA-CHACHA20-POLY1305
On 11/14/2014 01:28 PM, Jérémie Courrèges-Anglas wrote:
Renaud Allard writes:
On 11/14/2014 10:12 AM, Jonathan Gray wrote:
Now openssl ciphers CHACHA20 works as intended
# openssl ciphers CHACHA20
ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305
This is
On 11/14/2014 10:12 AM, Jonathan Gray wrote:
Now openssl ciphers CHACHA20 works as intended
# openssl ciphers CHACHA20
ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305
This is already present in rev 1.68/-current
http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/l
Hello,
On 11/14/2014 09:04 AM, Renaud Allard wrote:
Hello,
I am trying this on 5.6-stable.
Is there a way to list all POLY1305/CHACHA20 based ciphers which are
enabled?
For example, if I try with RSA:
# openssl ciphers RSA
AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:AES128-GCM-SHA256:AES128
Hello,
I am trying this on 5.6-stable.
Is there a way to list all POLY1305/CHACHA20 based ciphers which are
enabled?
For example, if I try with RSA:
# openssl ciphers RSA
AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:IDEA-CBC-SHA:RC4-SHA:RC4-MD5:DES-CBC3
On 06/06/2014 12:47 PM, Eric Furman wrote:
>
> That's a valid opinion, but as I said, I doubt it.
> Vendors aren't stupid. With all that has happened lately,
> given a choice the switch will not take long.
>
>
>> Given a choice, perhaps. But some will stick with OpenSSL only because
>> they want th
On 06/06/2014 05:18 AM, Eric Furman wrote:
On Thu, Jun 5, 2014, at 08:36 PM, Giancarlo Razzolini wrote:
Em 05-06-2014 21:23, David Goldsmith escreveu:
Probably ipfilter
http://christopher-technicalmusings.blogspot.com/2009/03/switching-firewalls-from-ipf-to-pf-on.html
If it is indeed ipfi
On 01/14/2014 05:49 AM, Giancarlo Razzolini wrote:
Em 14-01-2014 01:11, Christopher Ahrens escreveu:
What I meant by bare-metal was if I should run a bunch of services on
the same installation of OpenBSD.
I've run in the same physical space issue with my company servers and
didn't think twic
Hello,
I just found out that spamd database breaks after upgrading to a
snapshot with the 64 bits time_t resulting in:
Aug 20 16:04:18 pippin spamd[26092]: scan of /var/db/spamd failed
Aug 20 16:05:18 pippin spamd[26092]: bogus entry in spamd database
As for the utmp and lastlog, a clear of th
On 04/02/2013 04:14 AM, Duncan Patton a Campbell wrote:
Howdy all?
I'm looking for the "right" way to start X on boot and run a default
display program, much like xdm but with no login.
Any pointers to similar would be greatly appreciated,
thanks,
Dhu
Isn't that what you want? This is obvi
Hello,
I have some network problems on a SunFire V240 (dual UltraSPARC-IIIi
(rev 2.4) @ 1280 MHz)
It is _not_ running MP kernel
I have had this problem on all versions since 4.4 (latest version at the
time of the install). It is currently running 5.0.
The problem is: the system still runs fine
On 7/24/09 3:03 PM, Peter N. M. Hansteen wrote:
setting up a new spamd plus various content filtering at a client site
we were kind of baffled to see that apparently manually setting an
address to TRAPPED with spamdb, ie
spamdb -a -t 211.49.57.32
for some reason seems porous, in that messages r
Hi Stuart,
Stuart Henderson wrote:
> On 2009/06/11 21:26, Renaud Allard wrote:
>> Stuart Henderson wrote:
>>> On 2009-06-03, Renaud Allard wrote:
>>>> I have just bought a Fabia FX5621 board which has amongst others, two
>>>> Agere ET1310 interfaces. I
Stuart Henderson wrote:
> On 2009-06-03, Renaud Allard wrote:
>> I have just bought a Fabia FX5621 board which has amongst others, two
>> Agere ET1310 interfaces. I configured one interface and it negotiated
>> correctly with my switch at 1000mbps full duplex. However, I a
Hello,
I have just bought a Fabia FX5621 board which has amongst others, two
Agere ET1310 interfaces. I configured one interface and it negotiated
correctly with my switch at 1000mbps full duplex. However, I am not able
to ping the interface from anywhere else and I am not able to ping from
the in
Theo de Raadt wrote:
>> I am waiting smtpd though, but I doubt it will be able replace my exim
>> installations any time soon.
>
> The best part is that noone cares about that.
>
Well, in fact you do because you lost time posting this meaningless comment.
[demime 1.01d removed an attachment of
On 5/13/09 11:44 PM, Johan Beisser wrote:
> On Wed, May 13, 2009 at 2:38 PM, Renaud Allard wrote:
>
>> Sounds like you never tried exim, or at least v4. Currently, no other MTA
is
>> able to do what exim does. Its licence may not be the best one, but it is
>> able t
On 5/11/09 7:45 PM, Henning Brauer wrote:
exim is a piece of shit using the wrong design that sendmail abondoned
long ago.and wasn't it GPL or some other unfree license anyway?
postfix is not free.
but there is some rumor in usr.sbin/smtpd/ ...
Sounds like you never tried exim, or at least v4
Damien Miller wrote:
On Wed, 23 Jul 2008, Joel Dinel wrote:
On Wed, Jul 23, 2008 at 9:42 AM, Damien Miller<[EMAIL PROTECTED]> wrote:
I have just updated the patch, please try again once it has hit the
ftp server:
-rw-r--r-- 1 djm djm 6411 Jul 23 23:31 openbsd42_5.1.patch
-rw-r--r-- 1 djm
Damien Miller wrote:
> I have just updated the patch, please try again once it has hit the
> ftp server:
>
> -rw-r--r-- 1 djm djm 6411 Jul 23 23:31 openbsd42_5.1.patch
> -rw-r--r-- 1 djm djm 6144 Jul 23 23:31 openbsd43_5.1.patch
>
> SHA1 (openbsd42_5.1.patch) = 7ed266a177d09aa67b120b44522f9
Damien Miller wrote:
On Tue, 22 Jul 2008, Joel Dinel wrote:
To answer my own question, no sooner had I hit 'send' than I noticed the
patch number indicated 4.3. I have downloaded OpenSSH 5.0, the
appropriate 4.1 -> 5.0 patch and all is well.
Well I am getting the exact same compilation error
Hello,
I have a Sony VAIO SZ61XN with an integrated webcam but it doesn't seem
to work.
uvideo0 at uhub2 port 2 configuration 1 interface 0 "Ricoh product
0x183a" rev 2.00/1.00 addr 3
uvideo0: no default frame descriptor found!
You can find the complete dmesg at
http://www.llorien.org/Open
Hello,
I have two servers running OpenBSD 4.3-stable amd64, both sharing one IP
using CARP with load balancing using ip-stealth. (using "balancing ip"
without stealth just doesn't work at all and overloads the network)
# cat /etc/hostname.carp0
inet 206.251.244.96 255.255.255.0 NONE pass st
Urban Hillebrand wrote:
> On Mittwoch 23 Januar 2008 18:56:52 elpinguim wrote:
> [...]
>> Bob Beck's presentation on spamd & pf should provide some useful insight as
>> to how you could deploy a similar setup. I found the presentation(s) to be
>> quite helpful a few years ago.
>>
>> http://www.ual
Paul de Weerd wrote:
> Hi Renaud,
>
> On Mon, Dec 10, 2007 at 04:50:36PM +0100, Paul de Weerd wrote:
> | Have you actually seen these packets live on the wire ?
>
> I re-read your original mail, and it turns out you have seen these
> packets on the wire. Sorry for the too-quick-answer ;P
No prob
Peter N. M. Hansteen wrote:
> Renaud Allard <[EMAIL PROTECTED]> writes:
>
>> I just noticed that spamd is trying to send ack packets from 127.0.0.1 to
>> the IP
>> of the sender when it hits the greytrap IP. I don't feel this is wanted
>> behavior. H
Hello,
I am running OpenBSD 4.2-stable
I just noticed that spamd is trying to send ack packets from 127.0.0.1 to the IP
of the sender when it hits the greytrap IP. I don't feel this is wanted
behavior. Has anymone any idea of why it is doing so? It doesn't seem to be due
to the "set skip on lo" as
Adrian Fisher wrote:
> I want to use it for a mixture of web-hosting, virtual servers, etc. but
> also for running a new online game. I want to ensure (as much as is
> possible) that a system fails for whatever reason the workload running on it
> is automatically redistributed across the remaining
Adrian Fisher wrote:
> Hello there,
>
> Does OpenBSD support virtualisation where multiple computers operate as one
> single virtual system rather than just one system running as multiple
> virtual systems? I am thinking of buying a series of blade systems which I
> want to run as one single syst
Marc Balmer wrote:
> Renaud Allard wrote:
>
>> I just have two Dell servers having broadcom netXtreme NICs with tcp
>> offload
>> engine activated (and locked on on) in the bios.
>> I tried to use these servers to do an smtp gateway with spamd. When I
>> activ
Hello,
I just have two Dell servers having broadcom netXtreme NICs with tcp offload
engine activated (and locked on on) in the bios.
I tried to use these servers to do an smtp gateway with spamd. When I activated
spamd, connecting to port 25 worked but nothing more. After scanning with
tcpdump, I
Hello,
I have two machines running OpenBSD 4.2-beta (GENERIC) #338, but this
happened with 4.1-stable as well.
The machines have 8 gigabit interfaces and are only doing routing/nat
with pfsync and carp. It seems that after about 15 days, all memory is
consumed and no resources are available. The m
John Nietzsche wrote:
> Dear gentleman,
>
> i am trying to install openbsd 4.1 on dell poweredge 2900. Everything
> from turnning on the machine to cd booting was ok, but when i get to
> the point of installing it (that part when i am given the options:
> Upgrade, Install and Shell? ) its usb keyb
luccio01 wrote:
> Hello,
>
> I am trying to use an adaptec 2410sa raid sata card on Openbsd 4.1.
> But my card seems not to be recognized.
> In dmesg she does not appear.
>
> A have tried to boot with kernel on cd41.iso cdrom and with kernel installed
> in floppyB41.fs.
> But the results are rath
Hello,
I have two machines running OpenBSD-current (OpenBSD 4.1-current
(GENERIC) #238: Mon Jun 4 20:03:24 MDT 2007) and I also got this on the
same machines running 4.1-stable.
There are 5 carp interfaces and I will only describe one but the
behaviour is the same.
The machine puff1 has:
inet 1
Vijay Sankar wrote:
>
> There are different exim packages for OpenBSD. You could do a
>
> pkg_add -v
> ftp://ftp.ca.openbsd.org/pub/OpenBSD/4.1/packages/i386/exim-4.66.tgz
>
> (assuming you are using 4.1 on i386 etc.) or use other exim packages
> that support mysql, postgresql, ldap and so
Renaud Allard wrote:
Renaud Allard wrote:
Hello,
I have a gateway running 4.1-current with an ipsec configuration like
this one:
ike passive esp from 172.20.0.0/24 to 172.16.22.0/24 srcid eriador.org
dstid erathia.be
ike passive esp from 172.20.0.0/24 to 192.168.0.0/24 srcid eriador.org
Renaud Allard wrote:
Hello,
I have a gateway running 4.1-current with an ipsec configuration like
this one:
ike passive esp from 172.20.0.0/24 to 172.16.22.0/24 srcid eriador.org
dstid erathia.be
ike passive esp from 172.20.0.0/24 to 192.168.0.0/24 srcid eriador.org
dstid gaye.be
Both
Hello,
I have a gateway running 4.1-current with an ipsec configuration like
this one:
ike passive esp from 172.20.0.0/24 to 172.16.22.0/24 srcid eriador.org
dstid erathia.be
ike passive esp from 172.20.0.0/24 to 192.168.0.0/24 srcid eriador.org
dstid gaye.be
Both remote peers have dynamic
Timo Schoeler wrote:
>>> www.openbsd.org also seems to be having problems. I get a 403 Forbidden
>>> error whenever I try to access it.
>>
>> try http://openbsd.org/
>
> this is a mirror; using it does not fix www :)
>
>
http://www.openbsd.org/4.1_packages/i386.html works though.
Gordon Ross wrote:
On 24 May 2007 at 08:44, in message <[EMAIL PROTECTED]>,
> Michael
> <[EMAIL PROTECTED]> wrote:
>> Hi,
>>
>> since noone seems to either read the mail "sysjail and networking"
>> because it is to long or got no clue either I'd like to shorten the
>> question.
>>
>> Is it pos
Chris Tankersley wrote:
> I'm trying to set up a new server running on an old Dell Poweredge 2500
> which contains a Dell PERC 3/Di Adaptec-based RAID controller running
> RAID 5 on three disks. When the install boots up it comes along and says
> that it does not detect any disks to install to. I d
Henning Brauer wrote:
>
> rfc 2821 specifically forbids this behaviour.
>
Not really.
- If the verb is initially accepted and the 354 reply issued, the
DATA command should fail only if the mail transaction was
incomplete ~snip~ or if the server determines that the
messag
Henning Brauer wrote:
>
> err, wait, are you giving a 4xx in reply to DATA?
> that is invalid.
>
The response to the DATA command is 354 as it should. But at the end of
the DATA phase, a 451 is returned.
--
01010010011001010110111001110111010101100100
01010110110001101100011101110
Bob Beck wrote:
>
> I have definately seen issues here with other implemntations,
> because the 4XX code given, the XX's matter... Have you seen
> this with OpenBSD spamd? (As opposed to something else..)
I have seen this with 451 errors, not on spamd but with the exact same
error code a
Bob Beck wrote:
>> just deduced from trial and error. Also greylisting should happen at
>> RCPT TO, and probably not at DATA as there are some widely used MTAs
>> that are buggy and choke when a 4xx error is sent in the DATA phase.
>
> I've been running this at DATA for months, and not seen
Bob Beck wrote:
>
>> just deduced from trial and error. Also greylisting should happen at
>> RCPT TO, and probably not at DATA as there are some widely used MTAs
>> that are buggy and choke when a 4xx error is sent in the DATA phase.
>
> I've been running this at DATA for months, and not se
Darth Lists wrote:
> Unfortunately, this little MS-behaviour is very likely to be the "last
> straw" that gets our greylisting turned off here.
> Despite my logs that prove that greylisting has removed over 95% of
> incoming spam before spamassassin has to deal with it, the fact that
> some legiti
Bob Beck wrote:
>
> Any automated test I've ever set up for open relay, (and I run
> them) as well as any sane ones I ever see test for open relay by
> actually relaying a message not looking at the smtp dialoge.
>
> You're making much ado over nothing and spreading FUD -
> the test
Bob Beck wrote:
>
> Any automated test I've ever set up for open relay, (and I run
> them) as well as any sane ones I ever see test for open relay by
> actually relaying a message not looking at the smtp dialoge.
>
> You're making much ado over nothing and spreading FUD -
> the teste
Stuart Henderson wrote:
> On 2007/05/22 17:12, Renaud Allard wrote:
>> I have only seen this when the 4xx error is sent at DATA time, not when
>> sent at RCPT TO.
>>
>>> How about: --i-dont-want-to-receive-mail-from-people-using-exchange-2003
>>> and --i-dont
Stuart Henderson wrote:
> On 2007/05/22 15:50, Renaud Allard wrote:
>> Stuart Henderson wrote:
>
> You wouldn't need spamd on the address of a send-only instance..
> (if mail's only submitted on 587/465 or from known address ranges, it
> could just RST port 25 t
Stuart Henderson wrote:
>
> They are broken then... Workaround: use different mailer instances on
> different IP addresses for incoming and outgoing mail (this is often a
> good idea anyway).
This workaround only works if the checker connects to your MX, not to
the host sending the mail. I know t
Peter N. M. Hansteen wrote:
> Renaud Allard <[EMAIL PROTECTED]> writes:
>
>> Indeed, but it could cause you to get blacklisted by some automated
>> checkers, which is clearly something you don't want. I know this kind of
>> checker is not accurate, but some loc
Peter N. M. Hansteen wrote:
> Renaud Allard <[EMAIL PROTECTED]> writes:
>
>> I just used dnsstuff to test one of my domain names and it showed me
>> (the first time only) that my server is an openrelay, which is obviously
>> not true. This is due to the default b
Hello,
I just used dnsstuff to test one of my domain names and it showed me
(the first time only) that my server is an openrelay, which is obviously
not true. This is due to the default behaviour of spamd of accepting
everything, even when a spamd.alloweddomains file is present. I think
this could
Renaud Allard wrote:
> Markus Friedl wrote:
>> On Fri, Apr 13, 2007 at 12:03:18PM +0200, Renaud Allard wrote:
>>> It's just quite annoying that the man page for brconfig says that the
>>> bridge over gif should work and it does not.
>> well, it did work befo
x0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pccom0: console
pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
biomask fb45 netmask ff65 ttymask ffe7
pctr: user-level cycle counter enabled
dkcsum: wd0 matches BIOS dri
Diana Eichert wrote:
> On Tue, 15 May 2007, Renaud Allard wrote:
>
>> No nothing showed in the logs. And I don't understand why such a
>> performance difference between routing and bridging.
>>
>>
>> Marco Peereboom wrote:
>>> Possibly interrup
No nothing showed in the logs. And I don't understand why such a
performance difference between routing and bridging.
Marco Peereboom wrote:
> Possibly interrupt issues. Where them dmesg'?
>
> On Tue, May 15, 2007 at 07:04:47PM +0200, Renaud Allard wrote:
>> He
Hello,
I just had the opportunity to test some Fluke network equipment, notably
one which is able to throughput test gigabit networks.
I installed a Nexcom NSA1086 with OpenBSD 4.1-stable and did some tests.
The NSA1086 units are equipped with a Pentium IV 3.2Ghz (hyperthreading
disabled), and 1G
[EMAIL PROTECTED] wrote:
> Hi
>
> I am setting up a new OpenBSD machine in which I want to chroot users. I don't
> want to use any of the patching solutions to OpenSSH but want to implement a
> real system chroot solution so any user, who is chrooted, is jailed even if he
> logs in manually.
>
>
Douglas Allan Tutty wrote:
> On Sun, May 06, 2007 at 09:49:18PM +0300, [EMAIL PROTECTED] wrote:
>> On Sun, May 06, 2007 at 07:51:14PM +0200, Sebastian Rother wrote:
>>> doesn`t know about a "delete" Command and disklabel so far shows just
>>> the OpenBSD (4th) partition.
>> Set their type to 0 with
Stuart Henderson wrote:
> On 2007/05/06 15:41, Paolo Supino wrote:
>> Is it possible to __tunnel Ethernet__ over IPSEC in OpenBSD?
>
> Yes, see gif(4)
>
>
As I posted before, bridge over gif doesn't seem to work with 4.1 :(. At
least all my attempts to do such a configuration failed.
But, usin
kintaro oe wrote:
> By the way guys, this is the diagram that I want to implement:
>
>PF/Firewall/NAT
> |-|
> isp1>|xl0|
> |
Frank Denis wrote:
> Hello,
>
> I currently have a remote server with a trivial network setup:
>
> [Server 10.0.0.1]-[NAT router 10.0.0.30 - external IP 1]-ADSL
>
> A second ADSL line and router have just been added. Unfortunately I
> have no
> control over the routers. Both routers
Rico Secada wrote:
> Hi
>
> Before I testrun this http://paradigma.pt/~gngs/sshjail/ does anyone
> already know if this patch would work with OpenSSH on OpenBSD > 3.9?
>
> Best regards
>
> Rico
>
>
Honestly, you should have a look at sysjail (http://sysjail.bsd.lv)
which is probably a better
Markus Wernig wrote:
> Renaud Allard wrote:
>
>> Maybe also try on both firewalls:
>>
>> cd /etc/isakmpd && ln -s private/local.pub .
>>
>> Then restart isakmpd and reload the rules.
>>
>
> Hi
>
> Tried that as well ... still no go
Markus Wernig wrote:
> Renaud Allard wrote:
>
>> Did you verify that isakmpd is running?
>
> Yes. It runs as follows:
>
> 11967 ?? Is 0:00.05 isakmpd: monitor [priv] (isakmpd)
> 18753 ?? I 0:01.40 isakmpd -S -K -f /var/run/isakmpd.fifo
>
>
-S is u
Markus Wernig wrote:
> Renaud Allard wrote:
>
>> It seems you just forgot to load your rules.
>> Just add "ipsecctl -f /etc/ipsec.conf" in the rc.local of both your
>> firewalls and everything should just work fine.
>
>
> Hi
>
> I've
Markus Wernig wrote:
> Renaud Allard wrote:
>
>> It seems you just forgot to load your rules.
>> Just add "ipsecctl -f /etc/ipsec.conf" in the rc.local of both your
>> firewalls and everything should just work fine.
>
>
> Hi
>
> I've
Markus Wernig wrote:
> Hello all
>
> I am trying a - what I think is - simple ipsec setup. The point is to
> ipsec-encrypt all traffic between a pair of firewalls (gateA and gateB,
> both OBSD 4.0), in order to send pfsync traffic over the encrypted link.
> Although having read through ipsec, ips
Wijnand Wiersma wrote:
Or even more important: how is the song?
Wijnand
Excellent. Arabic style :) About magic caves and words :)
Rafael Sadowski wrote:
Have you a digital camera? Can you make photos of the box/cds?
Rafael
On Fri, 13 Apr 2007 11:10:26 +0200
Paul de Weerd <[EMAIL PROTECTED]> wrote:
It's in ! It looks very very very cool ;)
Thanks Wim for such an incredibly speedy delivery !
Now, on to upgrade my machin
Markus Friedl wrote:
> On Fri, Apr 13, 2007 at 12:03:18PM +0200, Renaud Allard wrote:
>> It's just quite annoying that the man page for brconfig says that the
>> bridge over gif should work and it does not.
>
> well, it did work before and should work in 4.1
>
I will make pics of it as soon as I am back home to get the CDs, like I
did for 4.0.
Rafael Sadowski wrote:
> Have you a digital camera? Can you make photos of the box/cds?
>
> Rafael
>
> On Fri, 13 Apr 2007 11:10:26 +0200
> Paul de Weerd <[EMAIL PROTECTED]> wrote:
>
>> It's in ! It looks very
Well, it works with openvpn now, I just forgot to add "dev-type tap" in
the config file.
It's just quite annoying that the man page for brconfig says that the
bridge over gif should work and it does not.
Renaud Allard wrote:
> Also, if I use openvpn with a tun0 (link0) inste
Also, if I use openvpn with a tun0 (link0) instead of gif, packets pass
trough the tunnel. Although there are still some other problems because
the broadcast for arp seems to change from ff:ff:ff:ff:ff:ff to
0:0:0:2:ff:ff.
Renaud Allard wrote:
> It should be noted that when I put an ip on e
Sjoerd Oostdijck wrote:
> -Original message-
> From: Renaud Allard <[EMAIL PROTECTED]>
> Sent: Fri 04/13/07 09:11:47
> To: Renaud Allard <[EMAIL PROTECTED]>;
> CC: [EMAIL PROTECTED];
> Subject: Re: Bridge over gif on 4.1
>> It should be noted that whe
It should be noted that when I put an ip on each sis1 interface, they
can ping each other through the if tunnel. Only the arp packets from the
lan don't seem to pass. Is this a bug or am I missing something?
Renaud Allard wrote:
> When sniffing on gif0 (tcpdump -ttt -n -e -i gif0), I ge
more. Has someone any idea on why I don't see the packets?
I tried setting the gif0 mtu to 1500 in case this could be a mtu
problem, but I still get the same thing. ARP broadcasts don't seem to
pass through the tunnel.
Renaud Allard wrote:
> Hello,
>
> I hav
Hello,
I have a setup like this:
***
router1
hostname.gif0: up tunnel 172.17.0.170 195.16.12.50
hostname.sis0: inet 172.17.0.170 255.255.0.0 NONE
hostname.sis1: up
bridgename.bridge0: add gif0
add sis1
up
ipsec.conf: ike esp
Renaud Allard wrote:
> Hello,
>
> In the changelog from 4.0 to 4.1, I read:
> # In pf.conf(5), make 'flags S/SA keep state' the implicit default for
> filter rules.
>
> Does this only apply to tcp (as suggested by the flags) or to all
> protocols? Also, is
1 - 100 of 102 matches
Mail list logo
