OpenBSD Customer Gateway to Amazon VPC

I found the following thread on this issue from 2010: http://comments.gmane.org/gmane.os.openbsd.misc/168129 Amazon still only supports route-based VPNs, but they have removed the requirement for BGP and instead allow for static routes. I was able to get a tunnel working without using BGP based o

Re: USB hubs

I can confirm this all is true, but due to USB power being the way it is YMMV. I use hubs regularly for host attachment and for standalone charging. The hub in my desktop monitor is intentionally disconnected from the host in order to provide charging, but it doesn't always work. A main thing is t

Re: SSI

I initially thought this thread was about Social Security Insurance, but instead it is about something like SGI UV.

Re: happy alix user ?

On Thu, Sep 27, 2012 at 2:10 PM, Michel Blais wrote: > Same with LEI technologie, the're division in Canada. Good catch. I now remember that was the actual entity I dealt with, not Lanner. Started with the main Lanner sales office for NA, but they directed me to LEI in Canada. From then on it was

Re: happy alix user ?

Definitely OT, but I second the FW-7535. Good gear and Lanner is easy to work with direct even for small projects.

Re: CARP and transit network to ISP

I have set up a pair of gateways for a similar scenario where the provider gave me /30 and an ethernet jack instead of providing a router on-premises. This is what I did: -Configured an interface on each machine to come up with no IP. -Configured a carpdev to use the no IP interface on each machin

Re: Load balancing and fail-over

> On Wed, May 16, 2012 at 9:40 AM, Indunil Jayasooriya > wrote: >> If yes, How to ping external internet host when that link is DOWN? I find >> it difficult? >> >> I tried it with below commands >> >> >> ping -I WAN1_if_ip www.google.lk >> >> ping -I WAN2_if_ip www.google.lk >> >> >> Some times i

Re: Song copyright

Shucks! I was working on a baby mulching machine that was going to play the song while it operates. http://www.monkey.org/openbsd/archive/source-changes/0105/msg01243.html

Re: IPSec isakmpd pre shared interoperability with Fortigate VPN

Does look like the line, but is the OpenBSD ipsec VPN new to you? If it is I suggest building one between two OpenBSD machines and testing to see how you can break/change things from the defaults in the man pages. Doing that really made a difference for me after completely flopping on the first try

Re: Intel ICH9R compatibility with OpenBSD

> Hello Axton, thanks for your reply. > I do not want use RAID, I just need S-ATA > to connect HDD and install system on it. You will be fine. I have Dell gear here that includes the Intel Matrix RAID ICH, and it doesn't have an issue with OpenBSD. The controller checks for a RAID pair at startup

Re: My OpenBSD 5.0 installation experience (long rant)

It really is amazing how much the install is genuinely loved on OpenBSD. I think there are other distributions out there where the installer is liked or even praised, but I would describe my feelings and what I see here as love. It is always a pleasure when I have the chance to show someone the ins

Re: My OpenBSD 5.0 installation experience (long rant)

I am absolutely intrigued by this story despite my better judgement. You were able to cook your own full OpenBSD installer on a USB stick with GRUB instead of downloading an ISO or using PXE, but you failed disk setup in the installer? It really would be interesting to see if you can read just http

Re: Problem filtering CARP in PF

In the spirit of K.I.S.S. I use: pass quick proto carp Since that should match the number on 4 and 6 packets. > Your block rule had "inet" so you were probably blocking IPv4 only. But > because of the send errors (due to pf blocking) fw1 started to demote > itself.

Re: CD/DVD CDROM support

I found USB is easy with a thumbdrive big enough to hold the files, or there is pxe which is probably easier if you can control the DHCP on the network. My manual process for thumbdrive involved: Assume thumb is empty, otherwise insert to system and run. Also make sure you know the dev name from i

Re: IPSEC Site-to-Site not routing packages

I can confirm this. Spent way too much time in my VMWare lab on this until I thought to add a default route to the host-only interfaces I was running the tunnel on. All you need is default route and it will work. I have found that "fleshed out" config for networking on OpenBSD is a sure way to clea

Re: network throughput tool suggestion

On Tue, Feb 14, 2012 at 3:13 PM, Christiano F. Haesbaert wrote: > On 14 February 2012 17:59, Mihai Popescu wrote: >> Hi, >> >> I need to test a commercial router for throughtput and I decided to >> put it between 2 OpenBSD systems running network benchmark software. >> Looking on openports.se I f

Re: [PF] bug in port range.

For those of us playing the CS home game. Is this an example of left-to right evaluation? My thought on this was that the value 81 isn't greater than 82 and isn't less than 80, so the rule doesn't match.

Re: problem running named in non 0 rdomain

On Sun, Jan 1, 2012 at 5:40 PM, Stuart Henderson wrote: > I'm pretty sure the child will be inheriting the rdomain from the process > which forked it. > I can offer the anecdote that when I ran sshd using the route -exec wrapper my child session would exist in whatever rdomain was hosting the da

Re: strange tcp rst with rdomain

at 3:28 PM, Russell Garrison wrote: > I have found that I need to add something like: > > !route -T 2 exec /usr/sbin/sshd > > To the pertinent hostname.if file to make sure sshd is listening in > addtional routing tables, but I do not know if this is best. > > On Mon, Dec

Re: strange tcp rst with rdomain

I have found that I need to add something like: !route -T 2 exec /usr/sbin/sshd To the pertinent hostname.if file to make sure sshd is listening in addtional routing tables, but I do not know if this is best. On Mon, Dec 19, 2011 at 1:02 PM, PP;QQ P(P8P?P8QP8P= wrote: > Hello. > > I'm runni

Re: OT: some news here

Wonderful news Eric! Good to know opportunities like these exist. Happy Holidays and good luck with the program.

Re: using ssh to forward the install console

On Wed, Dec 7, 2011 at 2:47 PM, Eric Oyen wrote: > hello group. > > I have an interesting (and fairly technical) question. > > the question is: how can I forward the install screen via ssh to another > machine on my network? I ask this because I didn't see any specific > instructions that applied.

Re: correct netmask on carp interfaces

On Thu, Nov 24, 2011 at 2:40 PM, Henning Brauer wrote: > if your carpdev has an IP and the IP(s) on the carp interface are in > the same subnet, is it best to have the real netmask on the carpdev > and all-ones netmasks on the carp interface, for the case where you're > carp slave. > > and the rul

Re: correct netmask on carp interfaces

I had some experience with this and found another thread where the best thing to do for your routing is to have only one /(32-n) mask and then all /32 for any given subnet and rdomain combination on a system. I have set up my system accordingly and my advice is to set your carp primary IP to the pr

hostname.if routing question

I am having trouble figuring out how I should configure a physical interface and a carp virtual interface where the carp IP will serve as a default route for hosts on the network and also hold some aliases for server re-directs. From what I have seen the routes built at startup "home" the route for

problem connecting to verizon.net

I discovered an odd issue once I upgraded my OpenBSD pf firewall/router that manifested itself by preventing my email server from sending to verizon.net customers. The strange thing was that mail was going out to other domains. I figured out that I did something odd in my ruleset and fixed it, so n