On 2025-07-27, Omar Polo wrote:
> Florian Obser wrote:
>> RFC 4291 2.1:
>>All interfaces are required to have at least one Link-Local unicast
>>address
>
> thanks for the pointer! Now my question becomes how to add such address
> to a wg(4) device however.
there's no need for this to ge
On 2025-07-27, Omar Polo wrote:
> Hello,
>
> I'm moving my first baby steps in ipv6 land and I'm a bit confused about
> routing. I'm trying to build a vpn on wireguard, but only the ipv4 part
> of it it's working. I suspect there's an issue in how I'
On Mon, Jul 28, 2025, 02:38 Claudio Jeker wrote:
> On Sun, Jul 27, 2025 at 11:51:25PM +0200, Omar Polo wrote:
> > Florian Obser wrote:
> > > RFC 4291 2.1:
> > >All interfaces are required to have at least one Link-Local unicast
> > >address
> >
> > thanks for the pointer! Now my questio
On Mon, Jul 28, 2025 at 08:41:40AM +0200, Florian Obser wrote:
> On 2025-07-28 07:25 +02, Claudio Jeker wrote:
> > On Sun, Jul 27, 2025 at 11:51:25PM +0200, Omar Polo wrote:
> >> Florian Obser wrote:
> >> > RFC 4291 2.1:
> >> >All interfaces are required to have at least one Link-Local unicas
On 2025-07-28 07:25 +02, Claudio Jeker wrote:
> On Sun, Jul 27, 2025 at 11:51:25PM +0200, Omar Polo wrote:
>> Florian Obser wrote:
>> > RFC 4291 2.1:
>> >All interfaces are required to have at least one Link-Local unicast
>> >address
>>
>> thanks for the pointer! Now my question becomes
On Sun, Jul 27, 2025 at 11:51:25PM +0200, Omar Polo wrote:
> Florian Obser wrote:
> > RFC 4291 2.1:
> >All interfaces are required to have at least one Link-Local unicast
> >address
>
> thanks for the pointer! Now my question becomes how to add such address
> to a wg(4) device however.
>
Florian Obser wrote:
> RFC 4291 2.1:
>All interfaces are required to have at least one Link-Local unicast
>address
thanks for the pointer! Now my question becomes how to add such address
to a wg(4) device however.
I've tried with a (dumb, but here's all i know) `inet6 autoconf' on the
w
onfused about
> routing. I'm trying to build a vpn on wireguard, but only the ipv4 part
> of it it's working. I suspect there's an issue in how I'm configuring
> the client, but I'm not sure how to debug.
>
> My setup is as follows. On the vps i have a /48:
>
Hello,
I'm moving my first baby steps in ipv6 land and I'm a bit confused about
routing. I'm trying to build a vpn on wireguard, but only the ipv4 part
of it it's working. I suspect there's an issue in how I'm configuring
the client, but I'm not sure how to
Yes. I followed all the steps in pkg-readmes.
The following is the ipsec.conf I set.
===
$ cat /etc/strongswan/ipsec.conf
# ipsec.conf - strongSwan IPsec configuration file
# basic configuration
config setup
# strictcrlpolicy=yes
# uniqueids = no
# Add conn
On 2025-04-20, 나홍연 wrote:
> Hello, my name is Na Hongyeon and I live in Korea.
> When I connect using MSCHAP-V2 for EAP authentication with StrongSwan,
> it says that it was successful, but when I ping test it, there is no
> actual connection.
StrongSwan isn't really well tested on OpenBSD (and
Hello, my name is Na Hongyeon and I live in Korea.
When I connect using MSCHAP-V2 for EAP authentication with StrongSwan,
it says that it was successful, but when I ping test it, there is no
actual connection.
Below is the output from the command "ipsec up Leo-CoreaVPN-C".
I was wondering if th
Hello misc
I have a problem with ikev2 pf rules, could someone help please?:
Server pf recommend at openbsd web:
pass in log on $ext_if proto udp from 198.51.100.1 to 192.0.2.1 port
{isakmp, ipsec-nat-t} tag IKED
pass in log on $ext_if proto esp from 198.51.100.1 to 192.0.2.1 tag IKED
Clients:
pa
My understanding is that the host doesn't have an routable connection from
rdomain 0 to rdomain 1. wg1 and lo1 are specific to that rdomain, and sshd
is 'attached' to rdomain 0.
For the VM to interact directly with the host, you would have to add pair
interfaces (see ifconfig man page) to route tr
> > add 'wgrtable 0' to hostname.wg1, and search for wgrtable in `man
> > ifconfig'. it
> > sets which rdomain the actual wireguard packets transit. the wireguard
> > network and interface will be isolated to rdomain 1 while the wireguard
> > packets
> > will traverse through rdomain 0.
> >
> > t
On 2025-02-28, B. Atticus Grobe wrote:
> On Thu Feb 27, 2025 at 4:35 PM CST, alpha beta wrote:
>
> add 'wgrtable 0' to hostname.wg1, and search for wgrtable in `man ifconfig'.
> it
> sets which rdomain the actual wireguard packets transit. the wireguard
> network and interface will be isolated to
the several LANs behind the peers. I don't necessarily
> trust all the peers, thus I would like to isolate the VPN inside an
> rdomain (say 1). The egress however, should stay on a different
> rdomain (say 0), where other services are running.
>
> From what I understand, pf ca
eers, thus I would like to isolate the VPN inside an
rdomain (say 1). The egress however, should stay on a different
rdomain (say 0), where other services are running.
>From what I understand, pf can connect the different rdomains, and
the way I find more intuitive is to declare my wg1 in rdo
On Fri, 7 Feb 2025 01:09:09 +0100
Odd Martin Baanrud wrote:
> Hello,
>
> I have got access to some static IP’s via VPN using WireGuard.
> The provider gave me config files for use with wg-quick(8) from the
> WireGuard-tools package. It works in linux.
> However, I want to tes
Odd Martin Baanrud wrote:
> I can of corse use wg-quick, but I don’t see how to run it via rc(8).
>
> Regards, Martin.
You can install wireguard-tools from ports as you mentioned. Then use
!command syntax in your hostname.if to shell out to wg-quick. E.g. your
/etc/hostname.wg0 contents could be
Check ifconfig(8) man page, there is section about wireguard and the available
options.
ifconfig.if does not list them
side note, they have to be in one line in hostname file.
G
On 07/02/2025 02:09, Odd Martin Baanrud wrote:
> Hello,
>
> I have got access to some static IP’s via
On Fri, 7 Feb 2025 01:09:09 +0100
Odd Martin Baanrud wrote:
> Hello,
>
> I have got access to some static IP*s via VPN using WireGuard.
> The provider gave me config files for use with wg-quick(8) from the
> WireGuard-tools package.
> It works in linux.
> However, I want t
On Fri, Feb 07, 2025 at 01:09:09AM +0100, Odd Martin Baanrud wrote:
> However, I want to test it wit OpenBSD’s integrated wg(4) driver.
Here is a jinja template from Ansible role that creates hostname.wg0 on some
machine
somewhere in my network:
inet {{ client_ipv4 }} {{ client_ipv4_netmask }}
i
Hello,
I have got access to some static IP’s via VPN using WireGuard.
The provider gave me config files for use with wg-quick(8) from the
WireGuard-tools package.
It works in linux.
However, I want to test it wit OpenBSD’s integrated wg(4) driver.
I’ve read the manual, but I can’t see which
On Sat, Dec 14, 2024 at 02:07:13PM +1000, David Gwynne wrote:
> On Thu, Dec 12, 2024 at 06:01:37PM -0400, Christopher Sean Hilton wrote:
> > Hi,
> >
> > I'm trying to setup a pair of OpenBSD machines to handle their respective
> > home networks and
> > crea
Hi Christopher
I have something similar working with a route based VPN.
A little bit of PF magic seems necessary also.
Route based VPN uses sec interfaces as VPN endpoints.
The endpoints are part of a /30 subnet.
Once the VPN tunnel between the sec endpoints is established, sending
traffic
On Thu, Dec 12, 2024 at 06:01:37PM -0400, Christopher Sean Hilton wrote:
> Hi,
>
> I'm trying to setup a pair of OpenBSD machines to handle their respective
> home networks and
> create a IKEv2 VPN tunnel between them. If I call one side _home_ and one
> side _remote_
Hi,
I'm trying to setup a pair of OpenBSD machines to handle their respective home
networks and
create a IKEv2 VPN tunnel between them. If I call one side _home_ and one side
_remote_ I
think that defines things. The main function of the tunnel is to allow stuff on
the _remote_
netwo
Best regards
John Scofield
Sent with [Proton Mail](https://proton.me/mail/home) secure email.
--- Forwarded Message ---
From: hahahahacker2009
Date: On Monday, November 25th, 2024 at 1:32 PM
Subject: Re: VPN killswitch
To: bsdbsdbsd1
> Vào 1:10, Th 2, 25 thg 11, 2024 bsdbsdbsd1
On Mon, Nov 25, 2024 at 07:59:09PM +1000, David Gwynne wrote:
> On Sun, Nov 24, 2024 at 05:55:12PM +, bsdbsdbsd1 wrote:
> > OpenBSD needs an easily implementable killswitch for VPNs.
>
> i'd argue it has one. or two. maybe more.
>
> my preferred solution is to put
On Sun, Nov 24, 2024 at 05:55:12PM +, bsdbsdbsd1 wrote:
> OpenBSD needs an easily implementable killswitch for VPNs.
i'd argue it has one. or two. maybe more.
my preferred solution is to put the vpn protected traffic in a separate
rdomain to the vpn transport. for example, l
Hello,
You could do this via PF, block all traffic (in and out) on any other
traffic than the vpn interface.
Then allow traffic out on the physical interface ONLY to the
IP(s)/port(s) of the VPN.
This is what I do currently for always on VPN, I am sure there is a
better way, but it works.
Take
On Sun, 24 Nov 2024 18:55:12 +0100,
bsdbsdbsd1 wrote:
>
> OpenBSD needs an easily implementable killswitch for VPNs.
>
Do you mean something like that Solène did here?
https://dataswamp.org/~solene/2021-10-09-openbsd-wireguard-exit.html
--
wbr, Kirill
OpenBSD needs an easily implementable killswitch for VPNs.
Best regards
John Scofield
Hello List,
First of all I would like to say a big FU for the nazi reddit moderators who
delete posts from the /r/OpenBSD in 5 minutes tops get a f life or get fkd.
I tried to make some new use case for OpenBSD 7.6 like replacing some of my old
Debian OpenVPN servers with it.
The results were
Hello List,
First of all I would like to say a big FU for the nazi reddit moderators who
delete posts from the /r/OpenBSD in 5 minutes tops get a f life or get fkd.
I tried to make some new use case for OpenBSD 7.6 like replacing some of my old
Debian OpenVPN servers with it.
The results were
On Tue, Aug 13, 2024 at 10:42:51PM -0400, Daniel Ouellet wrote:
> Hi,
>
> I just tried to setup iked vpn as I did many times before by coping keys
> from
>
> /etc/iked/local.pub
>
> between systems and it doesn't work anymore.
>
> Looking at the keys, they ar
Hi,
I just tried to setup iked vpn as I did many times before by coping keys
from
/etc/iked/local.pub
between systems and it doesn't work anymore.
Looking at the keys, they are now a different type.
On all system before 7.5, the keys in
/etc/isakmpd/local.pub
and
/etc/iked/loca
gt; > have access to customers firewalls, and the customers expect full
> > > sized frames / packets across the wan,
> > > the issue is when we used 3rd party networks with constrained MTUs,
> > > while we can adjust TCP MSS if we control the network devices putting
>
across the wan,
> > the issue is when we used 3rd party networks with constrained MTUs,
> > while we can adjust TCP MSS if we control the network devices putting
> > packets across the VPN, this is not always possible,
> >
> > IP fragmentation (sometimes) works bu
used 3rd party networks with constrained MTUs,
> while we can adjust TCP MSS if we control the network devices putting
> packets across the VPN, this is not always possible,
>
> IP fragmentation (sometimes) works but it breaks load balancing
> (hashes of IP fragments do not match
l the network devices putting
packets across the VPN, this is not always possible,
IP fragmentation (sometimes) works but it breaks load balancing
(hashes of IP fragments do not match the hashes for original packet
being sent. but sometimes is not good enough.
Possible solutions which we have seen
On 2024-05-30, Radek wrote:
> Thank you all for your replies.
>
> Actually, I did not know that providing seamless switching VPN solutions is
> so problematic. If it can't be done in a simple way, then it doesn't have to
> be seamless at any cost. Users will manually r
Thank you all for your replies.
Actually, I did not know that providing seamless switching VPN solutions is so
problematic. If it can't be done in a simple way, then it doesn't have to be
seamless at any cost. Users will manually reconnect to this VPN when CARP does
switchover and
On 2024-05-29, Vitaliy Makkoveev wrote:
> He wants replication. This means both wireguard "servers" know the client
> state. No client reconnection at failure, no delay, seamless migration
> from failed node to the backup. Something like sasyncd(8), but for
> npppd(8) or wg(4).
wireguard doesn't
> On 29 May 2024, at 18:50, Hrvoje Popovski wrote:
>
> On 29.5.2024. 12:48, Radek wrote:
>> Thank you, that explains everything.
>> Does wireguard support replication? Will it work properly in my CARP setup?
>>
>
>
> why not use iked as vpn solution ? i
terface for redundancy and it's working
> without admins or clients needs to do anything when primary carp
> firewall shuts down or even reboot. People will notice something
> happened but wg vpn would start to work after cca 20 seconds.
>
He wants replication. This means b
> On May 29, 2024, at 3:48 AM, Radek wrote:
>
> Thank you, that explains everything.
> Does wireguard support replication? Will it work properly in my CARP setup?
wireguard doesn’t have “state” per se. it remembers the last address a key was
associated with. In the event of a failover, if
n primary carp
firewall shuts down or even reboot. People will notice something
happened but wg vpn would start to work after cca 20 seconds.
root@pc-hrvoje:~# ping 10.2.0.1
PING 10.2.0.1 (10.2.0.1) 56(84) bytes of data.
64 bytes from 10.2.0.1: icmp_seq=1 ttl=254 time=1.46 ms
64 bytes from 10.2.0.1: icmp
On 2024/05/29 18:08, Vitaliy Makkoveev wrote:
> On Wed, May 29, 2024 at 01:23:47PM -, Stuart Henderson wrote:
> > On 2024-05-29, Vitaliy Makkoveev wrote:
> > > On Wed, May 29, 2024 at 12:48:41PM +0200, Radek wrote:
> > >> Thank you, that explains everything.
> > >> Does wireguard support repl
On Wed, May 29, 2024 at 01:23:47PM -, Stuart Henderson wrote:
> On 2024-05-29, Vitaliy Makkoveev wrote:
> > On Wed, May 29, 2024 at 12:48:41PM +0200, Radek wrote:
> >> Thank you, that explains everything.
> >> Does wireguard support replication? Will it work properly in my CARP setup?
> >>
>
On 2024-05-29, Vitaliy Makkoveev wrote:
> On Wed, May 29, 2024 at 12:48:41PM +0200, Radek wrote:
>> Thank you, that explains everything.
>> Does wireguard support replication? Will it work properly in my CARP setup?
>>
>
> No for both questions. However, wireguard allows to create complicated
>
t; > Hello,
> > > I have two redundant firewalls with CARP: [krz75-MAS]<->[krz75-SLA]. I'm
> > > trying to set up redundant IPSEC VPN on it.
> > >
> > > - CARP + pfsync is working as expected - ca 1-2 pings lost at switchover.
> > > - sasync
t; Hello,
> > I have two redundant firewalls with CARP: [krz75-MAS]<->[krz75-SLA]. I'm
> > trying to set up redundant IPSEC VPN on it.
> >
> > - CARP + pfsync is working as expected - ca 1-2 pings lost at switchover.
> > - sasyncd seems to work as expected
npppd does not support replication
> On 27 May 2024, at 19:58, Radek wrote:
>
> Hello,
> I have two redundant firewalls with CARP: [krz75-MAS]<->[krz75-SLA]. I'm
> trying to set up redundant IPSEC VPN on it.
>
> - CARP + pfsync is working as expected -
Hello,
I have two redundant firewalls with CARP: [krz75-MAS]<->[krz75-SLA]. I'm trying
to set up redundant IPSEC VPN on it.
- CARP + pfsync is working as expected - ca 1-2 pings lost at switchover.
- sasyncd seems to work as expected - flows and SADs are replicated between
nodes
-
Hi,
I think this is because all your traffic is just routing through your
current default gateway which is your router. Try adding a route to the vpn
server to route through your physical router. Then change your default
gateway to the vpn interface.
doas route add (doas route add xx.xx.xx.xx
If you want to route all traffic over the VPN. You need to configure
your default gateway to correctly.
On 2024-05-09 14:16, Sadeep Madurange wrote:
Hello,
I am trying to use the openvpn client. I have a .ovpn file I got from
my
vpn provider. I installed the openvpn package and ran the
Can you explain what you are trying to accomplish with a VPN?
On May 9, 2024 7:16:38 AM MDT, Sadeep Madurange wrote:
>Hello,
>
>I am trying to use the openvpn client. I have a .ovpn file I got from my
>vpn provider. I installed the openvpn package and ran the openvpn client
>usin
Hello,
I am trying to use the openvpn client. I have a .ovpn file I got from my
vpn provider. I installed the openvpn package and ran the openvpn client
using the following command:
$ doas openvpn --config client.ovpn --auth-user-pass auth.txt
Above command appears to succeed. ifconfig shows
Hello,
I am trying to use the openvpn client. I have a .ovpn file I got from my
vpn provider. I installed the openvpn package and ran the openvpn client
using the following command:
$ doas openvpn --config client.ovpn --auth-user-pass auth.txt
Above command appears to succeed. ifconfig shows
On Mon, Apr 29, 2024 at 01:47:45AM +0200, Odd Martin Baanrud said:
I’m planning to set up a VPN on my router with iked(8).
The first goal is to have my Macbook and iPhone connected, both to route the
traffic thrugh my router at home, and to get access to the services running on
a machine
Hello,
I’m planning to set up a VPN on my router with iked(8).
The first goal is to have my Macbook and iPhone connected, both to route the
traffic thrugh my router at home, and to get access to the services running on
a machine behind the router.
I’ve read the VPN section in the FAQ, and I
(Sorry, I just realized I replied to just your email address, replying
again to the mailing list this time.)
On 2023年08月16日 10:05, Stuart Henderson wrote:
> wireguard-tools is not required, everything you need for wg(4) is in
> the base OS.
Oh, I didn't know that.
In that case, valid point.
> Af
gt; 10.0.8.3) to port 22/80 on the internet, not just to the machine running
> PF. If this is what you want, that's ok, if not then you.may want "self"
> instead of "any".
>
> > On Mon, Aug 14, 2023 at 7:35 AM lain. wrote:
> >>
> >> On 2023年08
ou want, that's ok, if not then you.may want "self"
instead of "any".
> On Mon, Aug 14, 2023 at 7:35 AM lain. wrote:
>>
>> On 2023年08月13日 12:17, Stuart Henderson wrote:
>> > >
>> > > https://www.vultr.com/docs/install-wireguard-vpn
On Mon, Aug 14, 2023 at 05:54:55PM +0530, SOUBHEEK NATH said:
2. Please have a look at the configuration I have implemented.
pass in quick on wg0 proto tcp from 10.0.8.3/32 to any port {22 80}
block in on wg0 proto tcp from any to any port {22 80}
block in quick on bwfm0 proto tcp f
eciate the time and effort you dedicated to this. Thank you so
much.
--
Soubheek Nath
Fifth Estate
Kolkata, India
soubheekn...@gmail.com
On Mon, Aug 14, 2023 at 7:35 AM lain. wrote:
>
> On 2023年08月13日 12:17, Stuart Henderson wrote:
> > >https://www.vultr.com/docs/install-wireguard-v
On 2023年08月13日 12:17, Stuart Henderson wrote:
> >https://www.vultr.com/docs/install-wireguard-vpn-server-on-openbsd-7-0/
>
> what a mess of things from the base OS and unneeded third-party tools.
>
List of tools:
wireguard-tools (required), nano (vim would have been enough),
>devices are connected to it.
> 4. The wireless router is currently using its default settings to
>assign IP addresses to three other devices that are connected to it.
>You are correct, with this setup and pf rule, the wireguard VPN
>server is accessible from within
q and use https://man.openbsd.org/pf.conf
instead.
>https://www.vultr.com/docs/install-wireguard-vpn-server-on-openbsd-7-0/
what a mess of things from the base OS and unneeded third-party tools.
> On Sun, Aug 13, 2023 at 7:04 AM lain. wrote:
>>
>> I failed to come up with reas
default settings and three other
devices are connected to it.
4. The wireless router is currently using its default settings to
assign IP addresses to three other devices that are connected to it.
You are correct, with this setup and pf rule, the wireguard VPN
server is accessible from
ause
> requirements change depending on these details.
> If you're using a dynamic IP, and both your server and clienbts are
> within the same network, there's a good chance that this setup is
> unnecessary, given that using a WireGuard VPN makes sense if the server
> is
od chance that this setup is
unnecessary, given that using a WireGuard VPN makes sense if the server
is remote and normally accessible from the outside, and you want to make
it only accessible from the inside.
As for your WireGuard config, you might want to add the Address to your
"[Interf
Dear OpenBSD Mailing List Community,
I hope this email finds you well. I am writing to seek your expertise
and guidance regarding a Wireguard VPN configuration and pf rules on my
OpenBSD 7.3 system. I have successfully set up a Wireguard VPN using
the provided interface configuration, and the VPN
o update their routing tables to do exactly
> what you want them to do. NAT, on the other hand, rewrites addresses
> and ports so the packet you send out isn't the packet the other end
> receives. And I'm not saying that people shouldn't use NAT for IPv4.
> I just think th
e a huge number of addresses in a /64, but really a /64
> is what providers are expected to assign where they would assign an
> individual address for IPv4.
>
> For a situation where you'd have a couple of addresses with v4,
> with v6 it's really normal to have a /56 or /48
I'm sure this is obvious to people, but just in case it is not:
I pay $25/month for my VPS, and I think I could bring that down to $10
or $15 if I wanted. My VPS routes me a /48 IPv6 network...
I clearly meant "My VPS _provider_ routes me...".
: one for "normal" peers where they connect to this
VPN server via WireGuard software (e.g., the Android app) and another
for my server/router at home which subsequently gets routed a /56 IPv6
block and the whole /29 IPv4 block. Bam. Finito. No BGP, no problem. I
get to stay within the cozy co
On 2023-07-10, Anthony Coulter wrote:
> 2. I abandon my quest to get NDP proxying added to iked and instead ask
>if we can add a "rtlabel" keyword to iked.conf to make it easier for
>me to write a separate process that monitors the routing table to
>detect when the tunnel gets set up.
et you send out isn't the packet the other end
receives. And I'm not saying that people shouldn't use NAT for IPv4.
I just think that in the IPv6 case, if getting more subnets isn't an
easy affair, NDP proxying is a less-intrusive hack to get your VPN
client's traffic routed p
Thus said Anthony Coulter on Thu, 06 Jul 2023 21:52:54 -0400:
> I would also suggest comparing the "hackiness" of NDP proxying to the
> hackiness of NAT, which is how we solve this same problem in IPv4.
I realize I'm coming in late to this discussion, and may not actually
have anything of val
when I typed it. The
point is that configuring all those subnets and static routes is an
awful lot of extra work when all I want to do is set up a VPN proxy.
> why when people are looking for dhcpv6 software do they always find that
> unmaintained-for-years run-the-whole-lot-as-root wide-dhc
Yeah, I don't have the interest to get into it about this; but I find
it (informally) inconsistent to take an ideological stance against NAT
and not have a similar stance against NDP proxying. Networking is a lot
cleaner when it can be reasoned about with a rudimentary grasp of graph
theory where
ing one other bit..
> I would also suggest comparing the "hackiness" of NDP proxying to the
> hackiness of NAT, which is how we solve this same problem in IPv4.
it might be how some people solve it for v4. others solve it in a non-hacky
way which is exactly the same as the non-ha
rite that tries to monitor routing state changes, and (2) both
of the responses to my routing question claim that the correct way to
connect a laptop to my VPN is to negotiate with my ISP to get a larger
subnet which just sounds bonkers when "ndp -s" solves the technical
problem so perfectl
s
which happen to be on the Ethernet link, then this is logically a layer
2 tunnel ("show me all the Ethernet traffic") and not a layer 3 tunnel
("show me everything with this IP address"), so it doesn't make sense
to bundle that with IP-level routing rules. So never mind
correctly think such allocations are
"wasteful" or what. IPv6 not only restores end-to-end communication the
way IPv4 initially started, but it is designed so that sites have many
_subnets_. This brings me to the next point.
You would like to rely on SLAAC for your VPN peers, but SLAA
On 2023-07-05, Anthony Coulter wrote:
> OK, I've sorted out my network issues server but it turns out that I
> was misinterpreting the tcpdump output on my VPS. When an external
> computer tries to ping my client's virtual IP address, the VPS's
> gateway router is *not* forwarding the pings to my
OK, I've sorted out my network issues server but it turns out that I
was misinterpreting the tcpdump output on my VPS. When an external
computer tries to ping my client's virtual IP address, the VPS's
gateway router is *not* forwarding the pings to my server where they
can be shoved into the IPsec
On July 5, 2023 4:35:30 AM GMT+03:00, Anthony Coulter
wrote:
>Short version:
>
>I'm trying to set up a "road warrior"-style VPN like the one described
>at https://www.openbsd.org/faq/faq17.html but I'm trying to use IPv6 so
>I can have globally-routable a
Short version:
I'm trying to set up a "road warrior"-style VPN like the one described
at https://www.openbsd.org/faq/faq17.html but I'm trying to use IPv6 so
I can have globally-routable addresses (so I'm not using NAT). So far
I've gotten the initiator and the
On Fri, Feb 17, 2023 at 11:28 AM Hrvoje Popovski wrote:
> On 17.2.2023. 18:29, Nicolas Goy wrote:
> > I know this question has been answered multiple times, but I wonder if
> > things changed with 7.2.
> >
> > Which NIC would provide the best performance with 10G physical layer
> > with open bsd?
On 2022-11-03, Odd Martin Baanrud wrote:
> Hello,
>
> I’m planning to set up a VPN.
> The problem is, I get confused about all the features and possibilities, so I
> really don’t know where to start.
>
> I’m running OpenBSD on my router, and a Debian-server behind it, provid
Probably the easiest way to accomplish your
task to run wireguard on your OpenBSD machine.
It has pretty well client software for windows, android, and so on...
Take a look at this tutorial (there are lots of different resources to be
googled)
https://www.vultr.com/docs/install-wireguard-vpn
On 11/2/22 21:02, Odd Martin Baanrud wrote:
> Hello,
>
> I’m planning to set up a VPN.
> The problem is, I get confused about all the features and possibilities, so I
> really don’t know where to start.
>
> I’m running OpenBSD on my router, and a Debian-server behind it,
Hello,
I’m planning to set up a VPN.
The problem is, I get confused about all the features and possibilities, so I
really don’t know where to start.
I’m running OpenBSD on my router, and a Debian-server behind it, providing
several public services, off course using nat/rdr with PF.
My first
On Thu, Oct 21, 2021 at 10:23:51AM +0200, Johann Belau wrote:
> Dear all,
>
> I am in desperate need of assistance for setting up an IKEv2 VPN tunnel to a
> remote LAN with OpenBSD as my VPN gateway.
>
> A short outline of what I'm trying to achieve:
>
> 1. I h
Dear all,
I am in desperate need of assistance for setting up an IKEv2 VPN tunnel to a
remote LAN with OpenBSD as my VPN gateway.
A short outline of what I'm trying to achieve:
1. I have a remote private LAN with Windows Servers and one OpenBSD gateway
(gateway has a public IP, the re
and make sure there is a route to Route to your Internal DNS servers
over the VPNs
Or
a policy that covers the DNS servers ip range if it is an Ipsec
policy based vpn
Hope this helps
On Tue, 20 Jul 2021 at 13:15, Timo Myyrä wrote:
>
> Stuart Henderson [2021-07-20, 11:24 +]:
>
&g
1 - 100 of 1384 matches
Mail list logo
