Hi,
Not sure if anyone else here is using SNMP for obtaining VXLAN(4) adapter
throughput but after some testing (clamping with PF queues), I have
discovered that throughput on VXLAN interfaces via SNMP are reporting
exactly double the data throughput than what is measured either through
iperf or p
On Fri, 17 Aug 2018 at 11:48, David Gwynne wrote:
> On Thu, Aug 16, 2018 at 10:51:25AM +1000, Jason Tubnor wrote:
>
> >
> > Am I missing something here or could it be a potential bug in the VXLAN
> > code in how it reports into snmpd?
>
> The vxlan driver counts so
I am preparing a bug report but just wanted to flag an issue that I
discovered after a 6.3 to 6.4 uplift of an iked(8) endpoint.
We overlay vxlan(4) on top of iked(8) to provide seamless connectivity to
site offices. I have uplifted our test endpoint to 6.4 and discovered that
traffic had tanked,
Hi,
Based on man 5 iked.conf the following should setup technically 4 flows
(reversing and setting active on the corresponding peer):
/etc/iked.conf
ikev2 esp from 192.168.232.128 to 192.168.232.129 psk "HelloWorld"
ikev2 esp from 192.168.1.0/24 to 192.168.72.0/24 peer 192.168.232.129 psk
"Hello
On 3 October 2015 at 14:40, Jason Tubnor wrote:
> Hi,
>
>
> Here is the ipsecctl flows:
>
>
>
Sorry, I copied in the flows from the wrong server (testing all different
ways trying to get things to work). Here is the ipsecctl to match the
iked.conf listed:
# ipsecctl -sa
FL
On 3 October 2015 at 14:40, Jason Tubnor wrote:
> Hi,
>
> Based on man 5 iked.conf the following should setup technically 4 flows
> (reversing and setting active on the corresponding peer):
>
>
>
Solved!
Main gateway:
# cat /etc/iked.conf
ikev2 esp from 192.168.232.1
On 5 October 2015 at 22:00, Jason Tubnor wrote:
>
> Solved!
>
>
> I have attached a man 5 iked.conf patch that clears up an example used in
> the man page.
>
The gz diff was stripped by demime, here is the flat text patch file.
Cheers,
Jason.
[demime 1.01d removed
On 3 November 2015 at 03:14, Sébastien Morand wrote:
> Hi,
>
> I set up an ipsec VPN via iked.
>
>
>
> The point is that the server has to know my home network (192.168.100.0/24
> ).
> How to make it works wherever my laptop is?
>
> I tried with config address options but can't make it work.
>
On 19 October 2015 at 21:49, igyht wrote:
> I am testing iked on OpenBSD phobos 5.7 GENERIC#738 i386, I think there is
> keep-alive problem when use with NAT-T,
> detailed configurations are:
>
>
>
> http://daemonforums.org/showthread.php?t=9446
>
>
>
> I think, iked & nat-t need some kind of "ke
Hi All,
Can anyone verify (based on my diagram below) if they have had success with
queuing IKEv2 return traffic from the "Server". I have been able to use
IKEv2 based tagging and doing it (as described in iked.conf(5)) when NAT-T
isn't used and when traffic is 'pass out' from the IKEv2 "Client",
On 4 November 2015 at 07:31, Alan Corey wrote:
> Anybody have good experiences with any of the currently available
> 4G/LTE modems that start around $30 on eBay, mostly by Huawei? I
> won't have a real internet connection for at least a year. Right now
>
You might want to see if the chipset yo
On 4 November 2015 at 13:09, Glenn Faustino
wrote:
> I notice that under queueing section of the pf.conf man page the total
> child queues bandwidth exceed what's defined in the parent. rootq was
> defined with 100M bandwidth and the child queues defined http 60M, mail
> 10M, ssh 20M and std 20M
Hi,
We are planning for migration from ripd to ospf, however both protocols
will need to work together as the migration rolls through.
I was looking at the 'redistribute rtlabel' option, even after digging into
the code, it is unclear how this would work to bring other dynamic routes
on the same
On Sat, 28 Nov 2020 at 11:14, Sebastian Benoit wrote:
> Hi,
>
>
>
> route add -label FOOBAR 172.16.1.0/24 172.16.2.5
> route show -label FOOBAR
>
> I am only aware of these mechanisms to set labels on routes added by
> routing daemons:
>
> bgpd (rtlabel keyword in filter "set")
>
I have a vpn from a Windows machine to a network behind an OpenBSD router. It
was working fine until I upgraded the router to 6.9 (amd64).
The VPN is still coming up fine, but the traffic is blocked somehow. Using
tcpdump on the interface protected by the router (vlan0 in my case), I see the
Try -D snap
Cheers
Sent from my iPhone
> On 9 Mar 2024, at 6:31 pm, ofthecentury wrote:
>
> I had a similar problem this week, for amd64.
> The 'packages/amd64' folder on the OpenBSD
> mirrors for 7.5 snapshot is also empty. So I
> just manually set PKG_PATH to 7.4 packages
> folder for the t
From: owner-m...@openbsd.org on behalf of Jeff Roach
Sent: Monday, 23 January 2023 9:08 PM
To: misc@openbsd.org
Subject: Panic in 7.2 and snapshots at boot due to acpi bios error
Hi! Really love OpenBSD and would like to get it working on my Samsung
Galaxy Book Flex2 Alpha. NP730QDA-KA
Hi,
Just picked up a typo in in the
http://ftp.openbsd.org/pub/OpenBSD/patches/6.0/common/006_iked.patch.sig
errata file. While there is a patch below, it will need to be re-issued
with an updated signify signature.
Cheers!
--- 006_iked.patch.sig.orig Sun Sep 18 12:05:38 2016
+++ 006_iked.
Hi,
Just wondering if anyone else is seeing the same issue I am booting a
6.1-snapshot in bhyve? In preparation for the 6.1 pending release, I have
tried to spin up 6.1-snap to iron out any issues in bhyve but I don't get
very far into the installation process:
Copyright (c) 1982, 1986, 19
Without hijacking this thread completely, but touching on some of the
elements discussed above (and I think these are great inclusions for the
tutorial).
We have implemented a variety of queues to manage our internet links and
ikev2 VPNs tunnels to remote offices. We have also done something simi
On 5 April 2017 at 13:07, Theo de Raadt wrote:
>
> > cpu0: Intel(R) Xeon(R) CPU E5-1620 v3 @ 3.50GHz, 3491.87 MHz
> > cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,
> CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SS,HTT,PBE,SSE3,
> PCLMUL,DTES64,DS-CPL,SSSE3,SDBG,FMA3,CX16,xTPR,PCID,DC
On 8 April 2017 at 07:41, Mihai Popescu wrote:
> I don;t want to offend you folks, but I'm curious and I will ask: is
> this BSDCon so useful? Does it pay the efforts?
>
> If someone has time and knowledge to do a PF tutorial he/she can do it
> and post. Do you need the Con?
>
>
I'm traveling 170
With crypto being deprecated (and possibly removed in future versions
- depending on dev direction) from vnconfig, would the following be
assumed one way of providing an encrypted container?
To create 200MB encrypted container:
sudo dd if=/dev/zero of=/var/encrypt/container.encrypt bs=1m count=20
On 25 November 2014 at 18:58, David Vasek wrote:
> did not look neither efficient, nor healthy. Try dd if=/dev/zero
> of=/dev/rsd1c bs=1m while watching systat/iostat at the same time. Is it
> still the case?
So here are the findings. The test is virtualised but below is the
baseline into a vn
As Okan stated, your 5.6 man page is still correct for 5.7. It is
only of issue when you move to 5.8-Release in November.
http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man5/pf.conf.5?query=pf%2econf
<- -current and 5.8, use/will use divert-to
(Can't give you a link to the online pf.conf
On 2 June 2014 10:23, Ted Unangst wrote:
>
> Part of the deprecation / migration process is identifying the weird
> ways people use vnd and finding solutions for them. But as we've seen,
> people never move forward without the occasional push.
>
So the most appropriate way to use vnd(4) as an en
Forgot to reply-all yesterday (only sent to Charles) to keep the
thread in-sync with the rest of the conversation (don't nuke me for
stating the obvious + added the rtadvd/route6d)
On 20 August 2014 13:40, Charles Musser wrote:
> ifconfig gif0 tunnel 50.1.94.112 72.52.104.74
> ifconfig gif0 inet
Hi,
I was just testing upgrades prior to the 5.6 release and noticed items
in the rc.conf.local were being ignored. A bit of digging, I noticed,
rc.subr had some changes and more importantly there were quite a few
changes to rc.conf.
Cutting to the chase, replacing rc.conf from the upgraded 5.5
Sorry for the non-inline text.
OpenBSD makes this super simple and it is well documented. The flow is to bring
up your physical interface and then use that as a parent for your pseudo vlan
interface.
man ifconfig
Move down to the VLAN section and it is well described to provide you with the
o
Add to hostname.vlan101 as well:
autoconf
up
Remove dhcp/autoconf from hostname.em0 but make sure there is an ‘up’ in there.
If you are using a macro like $ext_if in pf, just change from em0 to vlan101
and all your external interface rules will work like they did before.
Cheers
Sent from my
Sorry for top post.
Are you doing any filtering of ICMP6 with PF? I assume your router is also
doing rad to hand out slaac to clients?
Jason.
Sent from my iPhone
> On 23 Jun 2024, at 2:27 AM, Thomas Bohl wrote:
>
> Hello,
>
> I'm using ULAs for my local IPv6 networks. The hosts have inter
Hi Johan,
Have you checked the SHA256 sig with the iso? They can be found here:
http://ftp.openbsd.org/pub/OpenBSD/5.0//SHA256
If you don't have an OpenBSD installation already running to use the sha256
command, you can pick up tools over on sourceforge
http://md5deep.sourceforge.net/ that can h
On 12/10/2024 5:43 am, Jurjen Oskam wrote:
Back when using dhcpcd, hostname.em1 just contained a single line
"autoconf". dhcpcd was able to get a /128 using router solicitations,
configure that address on the external interface, and then get a
prefix to configure the other interfaces:
int
On 18/1/25 21:11, louise9...@gmail.com wrote:
Questions:
1. About your match out egress findings, would you recommend I use the
actual WAN interface instead of egress? For instance match out igc0?
Best to use (egress:0) for this in the event that your ISP rolls your IP
address without tel
On 18/1/25 21:11, louise9...@gmail.com wrote:
Questions:
1. About your match out egress findings, would you recommend I use the
actual WAN interface instead of egress? For instance match out igc0?
Best to use (egress:0) for this in the event that your ISP rolls your IP
address without tel
On 15/1/25 03:16, louise9...@gmail.com wrote:
I have built a router and it seems as if no matter what I try I can
never seem to understand how to get NAT Type Open on the Xbox series
S/X devices . I have one example on my pf.conf where I have tried to
use port forwarding according to the ope
36 matches
Mail list logo
