> On 15 Feb 2022, at 13:58, Stuart Henderson wrote:
>
> On 2022-02-15, Carlos Lopez wrote:
>> But regarding the question to use different keys for every wg client?
>
> You have two options:
>
> 1. use the same 'server' key for all connections: use one wg interface
> on the server
>
> 2. us
On February 15, 2022 10:26:54 AM GMT+01:00, "Łukasz Moskała"
wrote:
>W dniu 15.02.2022 o 10:19, Carlos Lopez pisze:
>>
>>
>>> On 15 Feb 2022, at 10:16, Łukasz Moskała wrote:
>>>
>>>
>>>
>>> Dnia 15 lutego 2022 10:13:57 CET, Carlos Lopez
>>> napisał/a:
Hi all,
I am tryin
On 2022-02-15, Carlos Lopez wrote:
> But regarding the question to use different keys for every wg client?
You have two options:
1. use the same 'server' key for all connections: use one wg interface
on the server
2. use different 'server' keys for each connection: each will need to
have its ow
W dniu 15.02.2022 o 10:19, Carlos Lopez pisze:
On 15 Feb 2022, at 10:16, Łukasz Moskała wrote:
Dnia 15 lutego 2022 10:13:57 CET, Carlos Lopez napisał/a:
Hi all,
I am trying to configure multiple Wireguard road-warriors config using this
simple config in /etc/hostname.wg0
wgkey Ls1Os9/
> On 15 Feb 2022, at 10:16, Łukasz Moskała wrote:
>
>
>
> Dnia 15 lutego 2022 10:13:57 CET, Carlos Lopez napisał/a:
>> Hi all,
>>
>> I am trying to configure multiple Wireguard road-warriors config using this
>> simple config in /etc/hostname.wg0
>>
>> wgkey Ls1Os9/oE0kU5jJdFp1dLpzJhtL8W
Dnia 15 lutego 2022 10:13:57 CET, Carlos Lopez napisał/a:
>Hi all,
>
>I am trying to configure multiple Wireguard road-warriors config using this
>simple config in /etc/hostname.wg0
>
>wgkey Ls1Os9/oE0kU5jJdFp1dLpzJhtL8WIzzJ/G+7bzSEZk=
>wgport 8443
>wgpeer 2XLLj0O6jdtx+BNCt90m2pEyJS/M2kh6WaskF
Hi all,
I am trying to configure multiple Wireguard road-warriors config using this
simple config in /etc/hostname.wg0
wgkey Ls1Os9/oE0kU5jJdFp1dLpzJhtL8WIzzJ/G+7bzSEZk=
wgport 8443
wgpeer 2XLLj0O6jdtx+BNCt90m2pEyJS/M2kh6WaskFTz+n1A= vgaip 10.55.55.2/32 vgaip
10.55.55.3/32
inet 10.55.55.1/28
de
Hi. Sorry for extremely slow reply!
Did you add the return routes for your internal subnets into each of the
per-tun rdomains?
To test your tunnels are setup correctly;
Once you have the external interface in rdomain 0, and each VPN instance's
tun interface is bound to different rdomains etc
Trying to replicate same setup with pairs and different rdomains for each tun
and also external interface, after a packet goes through pair interfaces
it's just disapears.
Any ideas?
routing in rdomain is set like:
route -T add default tun
route -T add
--
Sent from: http://openbsd-arc
On 2019-03-13, Fedor Piecka wrote:
> I understood that ipsecctl and ipsec.conf are supposed to free the user
> from configuring keynotes manually.
That's not correct. ipsec.conf can take the place of isakmpd.conf in
some limited cases. It doesn't replace keynote in any way.
> Doesn't the parame
I understood that ipsecctl and ipsec.conf are supposed to free the user
from configuring keynotes manually. Doesn't the parameter "-K" of
isakmpd mean it won't read keynote policy at all?
man ipsec.conf:
The keying daemon, isakmpd(8), can be enabled to run at boot time
via the
isakmp
On 2019-03-13, Fedor Piecka wrote:
> Does anybody see any misconfiguration or misunderstanding on our side? Or
> is this a bug (IMHO a security bug) in OpenBSD IPsec implementation?
isakmpd: it is a misconfiguration (but an incredibly common one), you
should use a keynote policy to prevent this.
Hello
We've discovered a very weird behavior in OpenBSD IPsec.
We run isakmpd -K and use ipsecctl with ipsec.conf to set up our IPsec
tunnels. When our peer adds a new network to an existing configuration on
his router, our OpenBSD box accepts the network without our intervention,
SAs and
rdomain.
This allowed me to configure unique none-overlapping subnets on each of the
‘pair’ based p2p tunnels.
And that of course simplified the ‘route-to’ statement to just be a list of
different next-hops; one for each of the ‘pair’ interfaces in the default
rdomain, for each vpn (without
to add the following line to the
> bottom of your tun interface...
> (starting openvpn in rdomain2 )
>
> !/sbin/route -T 2 exec /usr/local/sbin/openvpn --config
> /etc/openvpn2.conf & /usr/bin/false
>
> we were using the L2 tunnels (not l3) ... but this worked pretty well for us
alse
we were using the L2 tunnels (not l3) ... but this worked pretty well for us
you I think you can use rcctl and set rtable also as described very well here
using symbolic links in /etc/rc.d/ you can create multiple openvpn
services, each with their own
settings...
I hope this helps
On
ags=8011 rdomain 2 mtu 1500
index 9 priority 0 llprio 3
groups: tun
status: down
# Start all SSL VPN tunnels (in unique VRF/rdomain's)
/usr/local/sbin/openvpn --config ./ch70.nordvpn.com.udp.ovpn --writepid
/var/run/openvpn.tun1.pid --dev tun1 &
/usr/local/sbin/
fw1# ifconfig
tun1
tun1: flags=8011 rdomain 1 mtu 1500
index 8 priority 0 llprio 3
groups: tun
status: down
fw1# ifconfig tun2
tun2: flags=8011 rdomain 2 mtu 1500
index 9 priority 0 llprio 3
groups: tun
status: down
# Start all SSL VPN tunnels
t; Local connection is a few hundred mbps..
>
> So I had the idea of running multiple openvpn tunnels to different servers,
> and load balancing outbound traffic across the tunnels.
>
> Sounds simple enough..
>
> However every vpn tunnel uses the same subnet and nexthop gw. Thi
conflicting tunnel in the
default rdomain (as the tunnel just won’t come up due to the address conflict).
I realise I could redesign it so that there is never a tunX in the default
rdomain, so that tunnels can be setup in the default and then moved over. But
this feels rather flawed/restricting and not
is maybe 10Mbits through one server.
>
> Local connection is a few hundred mbps..
>
> So I had the idea of running multiple openvpn tunnels to different servers,
> and load balancing outbound traffic across the tunnels.
>
> Sounds simple enough..
>
> However every vpn
multiple openvpn tunnels to different servers, and
load balancing outbound traffic across the tunnels.
Sounds simple enough..
However every vpn tunnel uses the same subnet and nexthop gw. This of course
won’t work with normal routing.
So my question:
How can I use rdomains or rtables with
ain incapabillities?
Best regards
Andre
Am 15.05.18 um 05:15 schrieb Philipp Buehler:
Hello Andre,
Am 14.05.2018 13:38 schrieb Andre Ruppert:
I got the tips from this 2013 undeadly.org article:
Managing Individual IPsec Tunnels On A Multi-Tunnel Gateway
https://undeadly.org/cgi?action=art
2013 undeadly.org article:
Managing Individual IPsec Tunnels On A Multi-Tunnel Gateway
https://undeadly.org/cgi?action=article&sid=20131125041429
Apparently I wrote that article, and I feel your pain :-)
2.) less /var/run/isakmpd.result
...
SA name: (Phase 1/Responder)
src: dst:
Flags 0
Hello Andre,
Am 14.05.2018 13:38 schrieb Andre Ruppert:
I got the tips from this 2013 undeadly.org article:
Managing Individual IPsec Tunnels On A Multi-Tunnel Gateway
https://undeadly.org/cgi?action=article&sid=20131125041429
Apparently I wrote that article, and I feel your pain :-)
perability works most like a charm and is a no-brainer in most cases.
I have only access to the OpenBSD peering gateways, but most other
brands belong to partners / customers.
Sometimes I first have problems with some of these peering boxes and
only partial tunnels came up (only phase 1 or
cases.
I have only access to the OpenBSD peering gateways, but most other
brands belong to partners / customers.
Sometimes I first have problems with some of these peering boxes and
only partial tunnels came up (only phase 1 or - more bad - phase 1 only
partial).
Then I check the logs and
On 10/10/2017 04:35 PM, Renaud Allard wrote:
> Hello,
>
> Since the upgrade to OpenBSD 6.2 (from 6.1). One of my tunnels is not
> working anymore (it was working on 6.1)
> There are 2 things which differ from the other (working) ones:
> Both hosts are natted, and one host i
Hello,
Since the upgrade to OpenBSD 6.2 (from 6.1). One of my tunnels is not
working anymore (it was working on 6.1)
There are 2 things which differ from the other (working) ones:
Both hosts are natted, and one host is i386 (instead of amd64).
I can see packets leaving the source server and
Hi Stuart,
Rising openfiles-cur does not change anything.
Best Regards
M.K.
-- Wiadomość oryginalna --
*Temat: *Re: isakmpd dies quietly with over 100 tunnels
*Nadawca: *Stuart Henderson
*Adresat: *misc@openbsd.org
*Data: *30.05.2017 11:55
On 2017-05-28, Michał Koc wrote:
Hi all
On 2017-05-28, Michał Koc wrote:
> Hi all,
>
> I'm running 6.0/amd64 inside KVM/Quemu with over 100 ipsec tunnels.
>
> Everything was running just fine when the number of tunnels was lower.
> But as we have been setting up more and more tunnels we suddenly run on
&g
On 2017-05-29, Alexis VACHETTE wrote:
> I didn't think it was isakmpd related back then.
> Maybe a configuration issue on my end or the partner's.
If isakmpd crashes, there is a bug in isakmpd. No network input should
cause that to happen.
t /usr/src/sbin/isakmpd/isakmpd.c:533
(gdb)
Best regards
M.K.
-- Wiadomość oryginalna --
*Temat: *Re: isakmpd dies quietly with over 100 tunnels
*Nadawca: *Michał Koc
*Adresat: *Alexis VACHETTE , Theo de Raadt
, Florian Ermisch
*Kopia: *misc@openbsd.org
*Data: *29.05.2017 11:39
Hi all,
we are set
Hi all,
we are setting up a test environment, will be back soon with the traces.
Best Regards
M.K.
-- Wiadomość oryginalna --
*Temat: *Re: isakmpd dies quietly with over 100 tunnels
*Nadawca: *Alexis VACHETTE
*Adresat: *Theo de Raadt , Florian Ermisch
*Kopia: *, Michał Koc
*Data
I didn't think it was isakmpd related back then.
Maybe a configuration issue on my end or the partner's.
But sure we need to post traces.
Nonetheless OpenBSD is an amazing piece of software, so thank you !
Regards,
Alexis.
On 29/05/2017 11:14, Theo de Raadt wrote:
Great thing is you all have
Great thing is you all have source code, and can run the same
debuggers live in your key-happy situations, and then generate traces
to expose the problem so that someone can help you.
But, yet, that doesn't happen. Strange isn't it?
I won't be able to test with the setup at work
but I got a little VPS running 6.1 I could use
(and update to -STABLE if necessary).
We probably won't get to over 100 tunnels but
I've seen the problem with ~8 tunnels.
The question would be if this problem would
even show up in a
Hi Michał,
I'm having same issue without 100 ipsec tunnels and dedicated hardware.
Unfortunately it's a production environment so I can't really
troubleshooting this issue to track down the culprit.
Anyway maybe it's not related to your issue.
Regards,
Alexis.
On 28/0
Hi all,
I'm running 6.0/amd64 inside KVM/Quemu with over 100 ipsec tunnels.
Everything was running just fine when the number of tunnels was lower.
But as we have been setting up more and more tunnels we suddenly run on
problems.
The isakmpd deaemon keeps dying quietly. Probably I'
27:19 MDT 2013
t...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
This broke my isakmpd-tunnels between boxes with recent snapshot, but NOT
between boxes with old/new.
No configuration changes to pf.conf/ipsec.conf/isakmpd.conf, just new kernel
and userland.
Also, this broke tu
Hi,
Can anyone shed some light on this?
Thanks.
Bert
On Tue, May 22, 2012 at 10:37 AM, Bert Smith
wrote:
> Hi,
>
> I am trying to set up a Layer 3 MPLS VPN (RFC 4364) with GRE tunnels
> between PEs (RFC 4797) instead of an MPLS backbone. I have followed the
> instructions in th
Hi,
I am trying to set up a Layer 3 MPLS VPN (RFC 4364) with GRE tunnels
between PEs (RFC 4797) instead of an MPLS backbone. I have followed the
instructions in the "Demystifying MPLS" paper (
http://2011.eurobsdcon.org/papers/jeker/MPLS.pdf), and on the following
mailing list p
Hi,
I am trying to set up a Layer 3 MPLS VPN (RFC 4364) with GRE tunnels
between PEs (RFC 4797) instead of an MPLS backbone. I have followed the
instructions in the "Demystifying MPLS" paper (
http://2011.eurobsdcon.org/papers/jeker/MPLS.pdf), and on the following
mailing list p
- Original Message -
> From: "Jeff Simmons"
> To: misc@openbsd.org
> Sent: Monday, March 12, 2012 8:27:51 PM
> Subject: Failover VPN tunnels
>
> I've got a setup with a central VPN gateway running a couple dozen
> IPSEC
> tunnels to remote location
I've got a setup with a central VPN gateway running a couple dozen IPSEC
tunnels to remote locations. All the gateways are running current, and use
very simple ipsec.conf entries to set things up. Works beautifully.
ISPs are another matter. At two of the remotes, service is 'flaky&#
Misc --
Can anyone size hardware that would be required for a IPSec head-end
terminating 1 tunnels. The total bandwidth across all the tunnels is
about 2mb/s. Is this something that can be done on a single server or is some
type of cluster needed. Can this be made to be redundant
So a few releases ago, I found that if I had OpenVPN running on an
OpenBSD box as a hub, and I did a large transfer from one client to
another, the OpenBSD box would occasionally kernel panic - something
about mbufs, I can pull the kernel stack traces up if desired. The
hosting company said they s
Op 3-7-2011 6:32, John Tate schreef:
Well is it possible I give away /4's? Not much in one but I can broker an
unusually fast tunnel for some.
On Sun, Jul 3, 2011 at 4:32 AM, Randal L. Schwartzwrote:
heh! only off by 58 bits. :)
--
Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +
Well is it possible I give away /4's? Not much in one but I can broker an
unusually fast tunnel for some.
On Sun, Jul 3, 2011 at 4:32 AM, Randal L. Schwartz wrote:
> heh! only off by 58 bits. :)
> --
> Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777
> 0095
> http://www.st
> "John" == John Tate writes:
John> I have a OpenBSD 4.7 VPS with 64 proper IPv6 addresses. What I
John> wanted to do is provide like other services an IPv6 address to
John> clients. I was wondering what software I would need to learn to do
John> this.
That's a pretty clueless ISP. They sho
Misc,
I have a OpenBSD 4.7 VPS with 64 proper IPv6 addresses. What I wanted to do
is provide like other services an IPv6 address to clients. I was wondering
what software I would need to learn to do this.
John Tate
--
Website: http://johntate.org
Facebook: http://facebook.com/john.n.tate
John
On 2011-06-29, Matthew Dempsky wrote:
> On Mon, Jun 20, 2011 at 12:58 PM, Russell Sutherland
> wrote:
>> Or is there an easier way to do this?
>
> Maybe one gif(4) tunnel and then three vlan(4)s on top of that?
You need to get the traffic into vlans somehow - I thought about
suggesting this but h
On Mon, Jun 20, 2011 at 12:58 PM, Russell Sutherland
wrote:
> Or is there an easier way to do this?
Maybe one gif(4) tunnel and then three vlan(4)s on top of that?
You'll need multiple addresses, gif(4) tunnels, and bridges for this.
If you only have 1 external address you may be able to create aliases with
rfc1918 addresses on lo1 to use as the gif endpoints and carry these in
an IPsec tunnel.
On 2011-06-20, Russell Sutherland wrote:
> I am t
I am trying to create multiple L2 over L3 tunnels using OpenBSD. The man
page for gif(4), the generic tunnel interface, gives excellent instructions
for creating _one_ bridge over a wide area network to join two remote LANs.
I have tried to extend this idea by bridging two other LANs over the
thing we have in common is multiple subnets,
I wonder if this is a factor...
(and this setup has always been post-4.4 On 2011-05-02, Jakob
Alvermark
wrote:
Hi,
I am getting some strange problems with IPSEC tunnels.
There are 5 sites connected using IPSEC tunnels, which used to work
perf
through
OpenBSD VPN Tunnels does not work...using RDP in XP SP3 (accros the same
VPN tunnel) does
On 2011-05-23, * VLGroup Forums wrote:
>
> So, in short ` a remote location, with a Windows 2008 R2 server,
> connecting to it from a different location, with a XP SP3 machine
> works fin
On 2011-05-23, * VLGroup Forums wrote:
>
> So, in short ` a remote location, with a Windows 2008 R2 server, connecting to
> it from a different location, with a XP SP3 machine works fine (RDP), from the
> same different location with a Windows 7 RDP it does not.
I think RDP is a red herring, I e
Hello,
Been using OpenBSD boxes for VPN tunnels between sites for some 5 years now.
Works like a charm (using OpenBSD 3.8 boxesI know I know, but upgrading
25+ boxes around the globe is low on the prio-list J)
Starting to use more and more W2008R2 Servers on those locations and I
rt Henderson wrote:
>>>>>
>>>>>> I see something similar which I've been trying to track down but not
>>>>>> really succeeding. The thing we have in common is multiple subnets,
>>>>>> I wonder if this is a factor...
>>>>>>
>>>>> really succeeding. The thing we have in common is multiple subnets,
>>>>> I wonder if this is a factor...
>>>>>
>>>>>
>>>>> (and this setup has always been post-4.4 On 2011-05-02, Jakob Alvermark
wrote:
>>>&g
On 2011-05-03, Steven Surdock wrote:
> I see nearly identical results between two hosts running 4.8-stable. I
> believe it started after upgrading to 4.8. I see nothing in the logs
> during the outage. I have two tunnels, inside <-> inside and inside <->
> outside.
I see nearly identical results between two hosts running 4.8-stable. I
believe it started after upgrading to 4.8. I see nothing in the logs
during the outage. I have two tunnels, inside <-> inside and inside <->
outside. I can see the outage via gaps in Cacti graphs. To help me
05-02, Jakob
Alvermark wrote:
Hi,
I am getting some strange problems with IPSEC tunnels.
There are 5 sites connected using IPSEC tunnels, which used to
work perfectly,
but since upgrading to 4.8 (from 4.4),
tunnels started failing, seemly at random intervals.
To investigate I set up two machin
I am getting some strange problems with IPSEC tunnels.
There are 5 sites connected using IPSEC tunnels, which used to work perfectly,
but since upgrading to 4.8 (from 4.4),
tunnels started failing, seemly at random intervals.
To investigate I set up two machines in the lab and they exhibit the same
beh
On Mon, May 2, 2011 at 7:28 AM, Jakob Alvermark
wrote:
> tunnels started failing, seemly at random intervals.
Similar problem here with -current.
Log entries like:
Apr 25 01:07:33 hostname isakmpd[995]: message_recv: invalid cookie(s)
77081dce1d157
ways been post-4.4
>> On 2011-05-02, Jakob Alvermark wrote:
>>> Hi,
>>>
>>> I am getting some strange problems with IPSEC tunnels.
>>> There are 5 sites connected using IPSEC tunnels, which used to work
>>> perfectly,
>>> but since upgrading
down but not
> really succeeding. The thing we have in common is multiple subnets,
> I wonder if this is a factor...
>
>
> (and this setup has always been post-4.4
> On 2011-05-02, Jakob Alvermark wrote:
> > Hi,
> >
> > I am getting some strange problems with IP
Stuart Henderson(s...@spacehopper.org) on 2011.05.02 13:30:34 +:
> I see something similar which I've been trying to track down but not
> really succeeding. The thing we have in common is multiple subnets,
> I wonder if this is a factor...
I have seen this too, two times in 3 weeks, with 7 sub
range problems with IPSEC tunnels.
> There are 5 sites connected using IPSEC tunnels, which used to work perfectly,
> but since upgrading to 4.8 (from 4.4),
> tunnels started failing, seemly at random intervals.
> To investigate I set up two machines in the lab and they exhibit the
Hi,
I am getting some strange problems with IPSEC tunnels.
There are 5 sites connected using IPSEC tunnels, which used to work perfectly,
but since upgrading to 4.8 (from 4.4),
tunnels started failing, seemly at random intervals.
To investigate I set up two machines in the lab and they exhibit
On 2011-03-01, Claer wrote:
> On Tue, Mar 01 2011 at 30:03, Steve wrote:
>
>> Hi all,
>>
>> We have a high speed Internet link at a primary site that has had some
>> stability issues. We would like to set up an adsl link as a backup to
>> maintain
>> t
On Tue, Mar 01 2011 at 30:03, Steve wrote:
> Hi all,
>
> We have a high speed Internet link at a primary site that has had some
> stability issues. We would like to set up an adsl link as a backup to maintain
> the ipsec tunnels to the secondary sites if we have further issues.
Hi all,
We have a high speed Internet link at a primary site that has had some
stability issues. We would like to set up an adsl link as a backup to maintain
the ipsec tunnels to the secondary sites if we have further issues.
Currently clients at site B talk to servers at site A through Tunnel
Never Mind, I found out the answer was yes. and yes it does work well..
Mark
On Fri, Oct 15, 2010 at 8:53 AM, Mark Romer wrote:
> Hello Misc,
> I was wondering if this was possible. I have our main site with a openbsd
> 4.7 system running ipsec in passive mode listening for connections.
Hello Misc,
I was wondering if this was possible. I have our main site with a openbsd
4.7 system running ipsec in passive mode listening for connections. We
currently have 1 other remote building. I have another openbsd 4.7 system
there connecting to the system here. Which all works great, I am
ehalf Of
Stuart Henderson
Sent: Sunday, January 17, 2010 2:11 PM
To: misc@openbsd.org
Subject: Re: Route traffic between two IPSEC tunnels
Take a look at OUTGOING NETWORK ADDRESS TRANSLATION in ipsec.conf(5).
On 2010-01-16, Mihajlo Manojlov wrote:
> Hello everybody,
>
> is there any way
Take a look at OUTGOING NETWORK ADDRESS TRANSLATION in ipsec.conf(5).
On 2010-01-16, Mihajlo Manojlov wrote:
> Hello everybody,
>
> is there any way to route traffic between two ipsec tunnels, like in this
> example:
>
> Lan1---|Router1|--Wan1---|INTERNET|---Wan2-
Hello everybody,
is there any way to route traffic between two ipsec tunnels, like in this
example:
Lan1---|Router1|--Wan1---|INTERNET|---Wan2---|Router2|---Lan2
|
Wan3
On 2009-11-04, Dag Richards wrote:
> Running 4.3 GENERIC#698 i386
>
> I have a VPN with a vendor using a I think he said it was a Sonic Wall
> FW. We are able to get Phase 1 associations up and happy. But Phase 2
> never seems to start, at least not from my side.
>
> If he sends traffic from h
Running 4.3 GENERIC#698 i386
I have a VPN with a vendor using a I think he said it was a Sonic Wall
FW. We are able to get Phase 1 associations up and happy. But Phase 2
never seems to start, at least not from my side.
If he sends traffic from his side then his device makes a phase 2
propo
Hi List
I have several Soekris OpenBSD boxes running a mix of 4.3, 4.4 and 4.5
all connecting multiple subnets together on a central server running
OpenBSD 4.5 (this server is a Dell Poweredge 860).
Most of the routers work, but some of them drop the routes to one of my
subnets. This happens to
Hi,
On Tue, 30.06.2009 at 11:15:21 +0200, u...@o3si.de wrote:
> I try to use an OpenBSD firewall with two ADSL links connected (dynamic
> addresses!) to the internet. Now I want to establish two IPSec tunnels over
> each link to a central VPN gateway (OpenBSD too).
>
> Is it p
On Tue, 2009-06-30 at 11:15 +0200, u...@o3si.de wrote:
> Is it possible to load balance / failover the traffic over IPSec? If
> so,
> should I use GIF for load balancing / routing?
That's what Cisco DMVPN is, as far as I can tell. Was just reading
about it.
You're talking a
Hi @misc,
maybe someone can give me some hints ;-)
I try to use an OpenBSD firewall with two ADSL links connected (dynamic
addresses!) to the internet. Now I want to establish two IPSec tunnels over
each link to a central VPN gateway (OpenBSD too).
Is it possible to load balance / failover the
On 2008-11-21, Mikolaj Kucharski <[EMAIL PROTECTED]> wrote:
> On Fri, Nov 21, 2008 at 02:52:53PM +, Mikolaj Kucharski wrote:
>> Hi,
>>
>> Is it possible to have two or more subnets, each configured with the
>> same srcid, dstid and peer? Currently I cannot make it work. It works
>> only for th
192.168.1.0/24 \
192.168.2.0/24 \
192.168.3.0/24 \
} to any \
srcid net4511.example.com
Roadwariors don't need to change anything. They can have multiple
tunnels defined separetly.
> # roadwarior: /etc/ipsec.conf(5)
> ike dynamic esp tunnel \
>
Hi,
Is it possible to have two or more subnets, each configured with the
same srcid, dstid and peer? Currently I cannot make it work. It works
only for the first subnet in the roadwarior config file. Is is possible
at all, no matter what IPsec implementation I would like to use?
# router: /etc/i
On 2008-06-17, Russell Howe <[EMAIL PROTECTED]> wrote:
> I have a pair of firewall routers running OpenBSD (4.1 and 4.2 at
> present - need to get them updated) and I recently added an IPsec tunnel
> to their configurations, using ipsecctl and ipsec.conf complete with
> sasyncd.
>
> This works f
I have a pair of firewall routers running OpenBSD (4.1 and 4.2 at
present - need to get them updated) and I recently added an IPsec tunnel
to their configurations, using ipsecctl and ipsec.conf complete with
sasyncd.
This works fine, and the host which is master of the carp interface I've
tol
Hi,
Is it possible to have VPN tunnels which reach the same private networks ?
Basicly I want to reach all the networks without having to renumber
everything:
ike esp from 10.200.0.0/16 to 192.168.1.0/16 peer 1.2.3.4 tag IPSEC-ONE
ike esp from 10.200.0.0/16 to 192.168.1.0/16 peer 5.6.7.8 tag
On Mon, Apr 16, 2007 at 10:59:41AM -0600, Tim Pushor wrote:
> Thanks for the response.
>
> I should have been more clear. I am using isakmpd.conf and want to
> support multiple tunnels. Am I able to just add additional tunnels/lines
> under the [Phase 1] block that points to a
Thanks for the response.
I should have been more clear. I am using isakmpd.conf and want to
support multiple tunnels. Am I able to just add additional tunnels/lines
under the [Phase 1] block that points to another relevant ISPEC
configuration?
Anyone?
Thanks,
Tim
Hans-Joerg Hoexer wrote
On Thu, Apr 12, 2007 at 11:25:49AM -0600, Tim Pushor wrote:
> Hi friends,
>
> I'm looking to add another IPSEC connection to my openbsd 3.9 firewall.
> All examples I've seen are a single connection (phase 1). To support
> multiple vpn's tunnels, is it as simple as
Hi friends,
I'm looking to add another IPSEC connection to my openbsd 3.9 firewall.
All examples I've seen are a single connection (phase 1). To support
multiple vpn's tunnels, is it as simple as adding additional lines under
[Phase 1] pointing to the new phase1 configuration block?
Thanks!
hi all,
Actually we have five openbsd firewalls managed from a linux server
that acts a repository for firewall rules. Now we need to deploy vpn
tunnels between them and monitoring this tunnels.
My requeriments are:
- we need to know at what time clients connects to our infraestructure
Yes you can do that but, why gre tunnels instead of ipsec?
Gustavo Rios wrote:
I would like to configure a virtual network on multiple physical
location. So, i am seeking if it could be possible using gre tunnels.
Local private address address will be 10/8 and the gre network of
tunnels should
I would like to configure a virtual network on multiple physical
location. So, i am seeking if it could be possible using gre tunnels.
Local private address address will be 10/8 and the gre network of
tunnels should be 192.168.0.0/23.
It is possible?
Thanks in advance.
On Wed, Jul 26, 2006 at 12:19:18AM -0300, Gustavo Rios wrote:
| May some one point me a reference information on implementation
| tunnels with pf without security.
Not necesarilly better than gre(4), but you should also look into
gif(4), tun(4) and ppp(4)/ppp(8)/pppd(8)/pppoe(8). Last of all
On Wed, 26 Jul 2006, Gustavo Rios wrote:
> May some one point me a reference information on implementation
> tunnels with pf without security.
man 4 gre
man 4 gif
1 - 100 of 106 matches
Mail list logo
