Re: OpenBSD does not initiate ipsec connection

2012-10-27 Thread Erwin Schliske
question. Is this a know behaviour, that isakmpd switches to passive if sasyncd is enabled? Or is this a bug? Thanks. Erwin Am 02.10.2012 um 11:01 schrieb Janne Johansson : > 2012/10/1 Erwin Schliske : >> Hello, >> >> I've set up an OpenBSD box as vpn gateway. The tun

Re: OpenBSD does not initiate ipsec connection

2012-10-27 Thread Erwin Schliske
>> But now I have figured out what I have to change to bring up the tunnels >> after loading the config with ipsecctl. >> >> I have to disable sasyncd, which if enabled causes to start isakmpd with >> parameter S. If isakmpd starts without this parameter the tunnels come up >> and work smoothly

Re: OpenBSD does not initiate ipsec connection

2012-11-03 Thread Erwin Schliske
behaviour, that isakmpd switches to passive > if sasyncd is enabled? Or is this a bug? > > > Thanks. > > Erwin > > Am 02.10.2012 um 11:01 schrieb Janne Johansson : > >> 2012/10/1 Erwin Schliske : >>> Hello, >>> >>> I've set u

Re: xfsdump INTERRUPT

2012-11-20 Thread Erwin Schliske
Hi, >> mkdir /mnt/fap >> mkdir /mnt/hr20 >> mount -t xfs -o rtdev=/dev/sda3 /dev/sda2 /mnt/fap >> mount -t xfs -o rtdev=/dev/sdb3 /dev/sdb2 /mnt/fap You mount both devices to the same destination /mnt/fap Regards, Erwin

Ipsec + NAT of multiple subnets

2015-05-08 Thread Erwin Schliske
Hello, I have one question regarding ipsec with NAT. With one customer I have to setup a site2site vpn. To avoid address conflicts I'd use NAT. Because multiple of our subnets have to use the tunnel, I have this config in ipsec.conf: ike esp from {192.168.10.0/24 (192.168.1.0/24),192.168.10.0/24

Re: Ipsec + NAT of multiple subnets

2015-05-08 Thread Erwin Schliske
I've found this listpost: http://marc.info/?l=openbsd-misc&m=130951991404687&w=2 I will ask b...@openbsd.org if it is possible to put this feature on the roadmap. Regards, Erwin 2015-05-08 9:28 GMT+02:00 Erwin Schliske : > Hello, > > I have one question regarding ipsec

Multiple srcnat for one src in ipsec.conf

2014-03-14 Thread Erwin Schliske
Hello, I've one question. Is it possible to configure two or more srcnat values for one tunnel? I've to hide two of our subnets behind one subnet in a tunnel to a customer. Example: ike esp from 10.30.172.32/29 (10.77.3.0/24,172.30.0.0/16) to 10.78.1.0/24 Is this possible? Thanks. Regards

OpenBSD does not initiate ipsec connection

2012-10-01 Thread Erwin Schliske
Hello, I've set up an OpenBSD box as vpn gateway. The tunnel I have to establish is with a Cisco ASA 5505, which is not under my administration. Here is the ipsec.conf ike esp from { 172.30.77.0/24, 10.70.0.0/24, 10.83.0.0/24, 10.77.4.0/24 } to { 172.16.70.0/24, 172.16.71.0/24, 172.16.72.0/24 }

Re: OpenBSD does not initiate ipsec connection

2012-10-01 Thread Erwin Schliske
> can you tell, how did you get this greate > debug log? You can start isakmpd with the parameter -L Then isakmpd logs in tcpdump format to /var/run/isakmpd.pcap. See the filecontents with tcpdump -n -vs 1440 -r /var/run/isakmpd.pcap Erwin