it works
perfect if you add a little portability patch to fix some paths
/var/lib => /var/db . Is this possible to import dibbler in ports tree
for next OpenBSD release, or if you get some time to have a DHCPv6/PD
OpenBSD tool (with custom options :D) ?
Thanks for reading
--
Best regards,
Loï
cp-client) &
authentication (option 90, https://www.ietf.org/rfc/rfc3118.txt). I
didn't found those options.
I haven't tested wide-dhcpv6, didn't know about it, i will test it.
--
Best regards,
Loïc BLOT,
UNIX systems, security and network engineer
http://www.unix-experience.fr
Le sam
Hi Franck,
Thanks it works perfect with your feedback :) I can now remove isc-
dhcp-client and use the native dhclient !
Now i need to have a good Ipv6 native option (or pkg option) if there
is something which works as good as dibbler
--
Best regards,
Loïc BLOT,
UNIX systems, security and
Openbsd and openbgpd are working Like a charm With CISCO and alcatel routers.
With openbsd routing daemon you can also backup the ospf configurations and
create différent versions. Also the debug is simpler
Loic Blot
Le 16 mai 2013 à 17:45, mxb a écrit :
> Quagga might have more features (whic
e much appreciated.
>
> cheers,
> dlg
>
> On 05/05/2013, at 4:11 AM, Loïc Blot wrote:
>
> > Hello misc.
> > On thursay i have upgraded one of our BGP border routers to OpenBSD 5.3,
> > and i was pleased to get the BCM5720 working. I have added it to
> >
connected on another switch (before i thought it's a cisco 2960
communication problem, but it seem not, i'm on a dell powerconnect
6224).
Why break doesn't have effect on com1 ?
--
Best regards,
Loïc BLOT, Engineering
UNIX Systems, Security and Networks
http://www.unix-experience.fr
Loïc BLOT, Engineering
UNIX Systems, Security and Networks
http://www.unix-experience.fr
Le mercredi 22 mai 2013 à 11:03 +0200, Loïc Blot a écrit :
> Ok, i have another new to this problem.
>
> I have unplugged the external BCM5720 card, and now there is only the
> motherboard BCM572
. For now i have
em0-1 and bge0,2-3 in trunks
(http://www.hostingpics.net/viewer.php?id=705980photo.jpg )
At this time system works but there is some system freezes for 10-15sec
and after it comes back.
Any ideas ?
--
Best regards,
Loïc BLOT, Engineering
UNIX Systems, Security and Networks
+ struct kroute_filter*kroute_filter;
+
+ LIST_FOREACH(kroute_filter, &conf->kroute_filter_list, entry) {
+ printf("kroute-ignore-insert %s prefixlen %u",
+
inet_ntoa(kroute_filter->prefix),kroute_filter->prefixlen);
+
Hello rob,
i'm using squid since 3.1 on OpenBSD 5.2 with compiled sources (squid
3.2.5-9 and 3.3.4 at this time). I don't use an IP but the http_port
3129 as my configuration suggests:
http_port 3128
http_port 3129 intercept
And i have those rule in my PF
pass in quick proto tcp to { 10.X.1.1 10
Hello Rob,
mine is a forward proxy, it's used by my clients to go to all websites
(except blacklisted by squidguard).
--
Best regards,
Loïc BLOT,
UNIX systems, security and network expert
http://www.unix-experience.fr
Le dimanche 02 juin 2013 à 12:33 -0700, Rob Sheldon a écrit :
> On 2013-
Hi
Sorry for the double, but i have forgotten the kroute.c in my diff, then
i cannot work :)
Have a nice day
--- old/usr.sbin/ospfd/kroute.c 2011-11-15 05:17:46.0 +0100
+++ OpenBSD/usr.sbin/ospfd/kroute.c 2013-05-31 22:37:59.434032287 +0200
@@ -1,6 +1,7 @@
-/* $OpenBSD: kroute.c,v
er on
the production:
kern.nfiles=4701.
Thanks for advance. If you need more details please tell me.
--
Best regards,
Loïc BLOT,
UNIX systems, security and network expert
http://www.unix-experience.fr
i think:
Pass in on enc0 proto ipv6-icmp
Loic Blot
Le 7 juin 2013 à 19:29, Christopher Zimmermann a écrit :
> Hi,
>
> simple problem: how do I allow this package to pass?
>
> 18:59:44.768197 rule 0/(match) [uid 0, pid 1051] block in on enc0:
> 172.26.153.7 > 172.26.153.1: 2001:4dd0:fbdf:0:f
idev0: 8 variable keys, 6 key codes
wskbd0 at ukbd0 mux 1
wskbd0: connecting to wsdisplay0
uhidev1 at uhub3 port 1 configuration 1 interface 1 "Avocent
Keyboard/Mouse Function" rev 2.00/0.00 addr 4
uhidev1: iclass 3/1
ums0 at uhidev1: 3 buttons, Z dir
wsmouse0 at ums0 mux 0
uhidev2 at
Hello mike
You are blocking trafic after matching nat rule.
Because you don't use quick keyword, your PF match the first rule, and
next the second and next the third and to do third.
In your firewall configuration you block nothing and you nat nothing.
Better way is to write this:
set skip on l
Hi all
I have a strange issue (or i haven't read pfsync correctly but i don't
think this is the problem :D)
I'm using 2 OpenBSD as BGP+OSPF routers at the border of one site.
Those BGP routers are secure with strong PF in stateful mode, and the
stateful is working very well on each router. Becaus
Hi,
Thanks for your reply. I wasn't careful about this section.
If i understand i must add defer option to my WAN iface (or i'm wrong i
must add it to my vlan995 iface ?) ?
I will test it this morning, and i return back to misc :)
--
Best regards,
Loïc BLOT,
UNIX systems, security and network exp
Okay, defer is now enabled on pfsync interface (sorry for my last idea,
i haven't the man on me :) ).
It seems the problem isn't resolved.
The transfer starts but blocked at random time.
--
Best regards,
Loïc BLOT, Engineering
UNIX Systems, Security and Networks
http://www.unix-exp
--
Best regards,
Loïc BLOT, Engineering
UNIX Systems, Security and Networks
http://www.unix-experience.fr
Le mercredi 03 juillet 2013 à 12:47 +0200, mxb a écrit :
> How does your CARP setup looks like. On both machines?
> Can you send your ifconfig output?
>
> What is your environment/se
It's not possible to sync pf table without CARP ?
I must use it in some case, then those case will be fixed but the other
(OSPFd routing) may fail i think ?
--
Best regards,
Loïc BLOT, Engineering
UNIX Systems, Security and Networks
http://www.unix-experience.fr
Le mercredi 03 juillet
For me pf table is (sorry for the missing precisions) the pf state
stable for stateful operations
--
Best regards,
Loïc BLOT, Engineering
UNIX Systems, Security and Networks
http://www.unix-experience.fr
Le mercredi 03 juillet 2013 à 08:22 -0500, Mark Felder a écrit :
> On Wed, 03 Jul 2013
ual
IP is useless in this configuration, no ?
--
Best regards,
Loïc BLOT, Engineering
UNIX Systems, Security and Networks
http://www.unix-experience.fr
Le mercredi 03 juillet 2013 à 09:36 -0500, Mark Felder a écrit :
> On Wed, 03 Jul 2013 09:24:54 -0500, Loïc Blot
> wrote:
>
>
The connection is not done by my routers themselves but by DMZ servers
behind them !
--
Best regards,
Loïc BLOT, Engineering
UNIX Systems, Security and Networks
http://www.unix-experience.fr
Le mercredi 03 juillet 2013 à 17:32 +0200, mxb a écrit :
> States ARE synced.
> IPs are not th
Hello all,
thanks for this interesting debate about pf syncing.
To remember my initial question:
pfsync seems to sync states but not correctly on my BGP+OSPF routers.
Because each BGP router is master/standby to 2 neighbors (full meshed
bgp) packets which are outgoing by one router can income by t
Hello,
I think it's route get -inet6
Like when you do route add -inet6 default
--
Best regards,
Loïc BLOT,
UNIX systems, security and network expert
http://www.unix-experience.fr
Le mercredi 31 juillet 2013 à 10:19 +0600, ÐлÑÑ Ð¨Ð¸Ð¿Ð¸Ñин a écrit
:
> Hello!
>
> # ping6 www.ripe.net
I approve Wesley,
if you use OpenBSD 5.3 you should use npppd it's simpler than poptop and
have nearly the same functionalities
--
Best regards,
Loïc BLOT,
UNIX systems, security and network expert
http://www.unix-experience.fr
Le lundi 05 août 2013 à 08:46 +0400, Wesley MOUEDINE ASSABY a éc
Hello @misc.
Today i'm working on automated deploy with PXE. I have successful found
and made automated PXE install on Debian with pxelinux.
I know OpenBSD have a pxe boot image to netinstall the system
http://www.cyberciti.biz/faq/openbsd-boot-install-using-pxe-preboot-execution
-environment/
I
Hello,
thanks for your reply Johan, but this is not why i want. site.tgz
contain a set of preconfigured files to deploy with other sets to deploy
similar machines.
My need is to install a clean OpenBSD with an automated mean:
The server boot in PXE and install OpenBSD, configure network, hostname,
Sorry if i misunderstood the goal of install.site.
I look at this, more clearly, to see if it's the solution i search.
--
Best regards,
Loïc BLOT,
UNIX systems, security and network expert
http://www.unix-experience.fr
Le lundi 12 août 2013 à 13:07 -0700, Johan Beisser a écrit :
> Please read
It's exactly that. Kickstart for Redhat and Preseed.cfg for Debian
--
Best regards,
Loïc BLOT,
UNIX systems, security and network expert
http://www.unix-experience.fr
Le lundi 12 août 2013 à 22:20 +0200, Francois Pussault a écrit :
> like kickstart for devil redhat ?
>
> > ---
Thanks for the precision James, you confirmed what i have understood.
I will search tomorrow.
--
Best regards,
Loïc BLOT,
UNIX systems, security and network expert
http://www.unix-experience.fr
Le lundi 12 août 2013 à 12:23 -0700, James A. Peltier a écrit :
> - Original Message -
> |
Hello Tito,
thanks to give me another time the FAQ, you think i have never read.
This boot process is okay for me but the problem is NOT the PXE boot
process. The problem is to automate the installation.
My OpenBSD pxeboot is chained after a pxelinux which already deserve
automated installed debian
S (special
TXT record ?) but it's not really automated because it doesn't resolve
the networking connection problem.
--
Best regards,
Loïc BLOT, Engineering
UNIX Systems, Security and Networks
http://www.unix-experience.fr
Le mardi 13 août 2013 à 13:09 +0200, Marian Hettwer
Hello Don,
I haven't any problem with iPXE (used on my libvirt/KVM hypervisor).
Yesterday i have booted on a pxelinux which chainload a OpenBSD
pxeboot.0 (because i have made a menu for tests to choose automated
debian install or OpenBSD.
I will look at Nick's word tonight, but i think it's one ve
Hello James,
you are right users may have choice.
I'm working to build a distrib for pxebooting (pxeboot + bsd.rd
generation). After i will try to implement those patches, which are very
interesting for OpenBSD
http://nbender.com/install.netboot/netboot.diff
I only think we musnt't download a scrip
Hello,
this evening i was writing pxe automated install modifications on
install.sh and install.sub when i found a bug in installer, when the
console speed is asked.
Original (5.3):
if [[ -n $CDEV ]]; then
_d=${CPROM:-$CDEV}
ask_yn "Change the default console to $_d
Hmm you are right, i think i'm tired :)
--
Best regards,
Loïc BLOT,
UNIX systems, security and network expert
http://www.unix-experience.fr
Le samedi 24 août 2013 à 23:03 +, Christian Weisgerber a écrit :
> Loïc BLOT wrote:
>
> > if [[ $resp == y ]]; then
> >
In fact i'm not tired, it's logical :)
Here is my patched question:
ask_which "speed" "should $_d use" \
"9600 19200 38400 57600 115200" $CSPEED $pxe_console_speed
Show:
[auto] instead if [9600] (auto is value of pxe_console_speed).
If i do a echo "speed: $CSPEED" before ask_which, CSPEED is
Hello,
it's 5.3 related in fact :). In 5.2 i havent any problem at this time, i
have 10 OpenBSD on Dell R320 with em cards. Maybe 5.4 will fix our
problems.
--
Best regards,
Loïc BLOT,
UNIX systems, security and network expert
http://www.unix-experience.fr
Le mardi 27 août 2013 à 18:06 +0100,
Hello Andy,
here is on of my working configuration (OpenBSD 5.2)
inet 194.199.X.28 255.255.255.240 NONE
inet6 2001:660:abcd:1234::1:1 64
description "CARP server"
carpdev vlan603 vhid 62 advskew 1 carppeer 194.199.X.29 pass x
--
Best regards,
Loïc BLOT, Engineering
UNIX Systems
Hmm, this problem has similar issues like i got on bge (BCM5720) with
OpenBSD 5.3. I hope the many bge fixes on 5.4 -current will fix it.
--
Best regards,
Loïc BLOT,
UNIX systems, security and network expert
http://www.unix-experience.fr
Le lundi 02 septembre 2013 Ã 07:59 -0400, Kenneth R Weste
.56641: FP
2921:4273(1352) ack 74 win 46 (DF)
10:08:24.034793 192.168.238.121.56641 > 192.168.106.38.411: . ack 1 win
365 (DF)
A part of the TCP transaction disappear and i don't know why.
Have you got ideas ???
--
Best regards,
Loïc BLOT,
UNIX systems, security and network expert
http://www.unix-experience.fr
, src-nodes 8, table-entries 60 }
match in scrub (no-df)
block in log all
pass out all
<...>
pass in quick inet from to scrub (no-df)
no state
Is something wrong ?
--
Best regards,
Loïc BLOT,
UNIX systems, security and network expert
http://www.unix-experience.fr
Le
Hello,
I also looked at ALIX board since a long time.
Is there anybody using Alix 2d13 with OpenBSD ?
Thanks in advance.
--
Best regards,
Loïc BLOT,
UNIX systems, security and network engineer
http://www.unix-experience.fr
Le vendredi 04 octobre 2013 à 15:05 +0200, Jan Stary a écrit :
> On O
Thanks for your replies :)
--
Best regards,
Loïc BLOT,
UNIX systems, security and network engineer
http://www.unix-experience.fr
Le vendredi 04 octobre 2013 à 22:27 -0700, Sean Kamath a écrit :
> On Oct 4, 2013, at 3:11 PM, Comète wrote:
>
> > Yes, we use a lot of ALIX 2D13 as routers on ma
Hello.
Stuart i have 8 OpenBSD routers with em(4) and OpenBSD 5.2 (MSI
enabled). It seems some of our SMTP(s) connections (with attachments)
are unstable but it's very very random (~1/500). Other protocols are
more stable but a little slower due to errors.
Here are my stats on Intel i350 servers
Hello,
today i was configuring pfsync on a dual routers (BGP on WAN and CARP on
LAN). Before i run in a stateless mode and it works like a charm.
Now with pfsync state are synchronized but late, then client must launch
2 or 3 TCP connections and when it works it's very slow.
I also have tried def
Hmmm
I solved it by removing 'in' from pass in quick <...>
But my PF are configured with the first default rule: pass out all and
there isn't any block out rule... Is this a normal situation ?
On another router (which also do NAT), i use only pass in and pass out
for NAT, and all PF is stateful.
I
Hmm, to precise the last message
after the the: pass out all
There is only:
block return out log quick on { $interco_polytech_v4 $interco_hec_v4 }
inet from
block return out log quick on { $interco_polytech_v6 $interco_hec_v6 }
inet6 from
and no other out related rule.
and contain my private I
Hello Stuart,
thanks for your precisions.
I have tried to download a big matlab.deb on our repositories and it
works like a charm (3GB file). By removing 'in' i also notice a little
more reactivity on the network and the latency.
Now i'll wait tomorrow when my 500 users goes to work to see if route
I have no problem on multiple couples of R320, except the BCM5720 which
cause my OpenBSD to freeze. Waiting for 5.4 improvements :)
--
Best regards,
Loïc BLOT,
UNIX systems, security and network engineer
http://www.unix-experience.fr
Le jeudi 10 octobre 2013 à 20:54 -0700, Chris Cappuccio a é
Hello Stefan,
at home, i blocked facebook by creating an empty DNS zone "facebook.com"
on my local bind server. It works like a charm.
--
Best regards,
Loïc BLOT,
UNIX systems, security and network engineer
http://www.unix-experience.fr
Le samedi 19 octobre 2013 Ã 00:27 +0200, Stefan Wollny a
Hi Antoine.
I also have a hang problem when i use a cold stop on libvirt. No problem
on VMWare ESX when i click on the "shutdown button".
On libvirt, when i click on this button the VM hang and then i need to
kill the VM.
(Archlinux kernel 3.11, but the problem was also present before. OpenBSD
5.
Hi,
I use PF on some OpenBSD BGP+OSPF routers on Renater (IPv4 + IPv6), it
works like a charm.
Why this question ?
pf rule are simple:
pass in quick proto tcp from $bgp_neighbor_1 to $self_peering_1 port 179
pass out quick proto tcp from $self_peering_1 to $bgp_neighbor_1 port
179
--
Best regar
Hello @misc
since 1 week i have a strange issue on one of my dual stack routers. The
router doesn't answer on icmp6 on one of its interfaces. (but on all
others, i works very well)
tcpdump -nni vlan851
00:08:07.204986 2001:660::ff::2:1 > 2001:660::ff::2:2: icmp6:
neighbor sol: who has 2001
Hem bad copy paste, here is the end of previous message:
pcidump:
Domain /dev/pci0:
0:0:0: Intel E5 Host
0:1:0: Intel E5 PCIE
0:3:0: Intel E5 PCIE
0:5:0: Intel E5 Address Map
0:5:2: Intel E5 Error Reporting
0:17:0: Intel C600 Virtual PCIE
0:22:0: Intel C600 MEI
0:22:1: Intel C600 MEI
0:26
Hi,
i'm trying to replace and remove my ADSL box with a Alix 2d13 runs very
well on it and with athn, congrats !)
I would test to plug RJ11 cable (from my ADSL line, behind the ADSL
filter) to the RJ45 plug but it seems this doesn't work (no carrier).
Is this possible ? If yes, how can i do it ?
El
Hi,
thanks for you replies, i'll try a ADSL 2+ bridge modem later.
Sorry noah but i'm not familiar with DSL techs, i prefer LAN tech it's
simpler. I thought modern RJ45 network cards can understand the
RJ11/ADSL protocol but this is wrong.
Good evening !
--
Best regards,
Loïc BLOT,
UNIX systems, s
Hi all,
congrats to OpenBSD team, it seems the BCM5720 on Dell R320 is working
fine since the many recent changes on bge driver !
A testing R320 is running since 8 hours at 560MB up + 560MB down with
LACP trunks (on 5.3 LACP trunks with BCM freeze the server, and without,
freeze are there but less
Hello,
in the first example you don't specify proto tcp.
Regards,
Loïc Blot,
UNIX Systems, Network and Security Engineer
http://www.unix-experience.fr
27 février 2015 09:50 "Harald Dunkel" a écrit:
> Hi folks,
>
> /etc/services provides protocol information as wel
Hi all,
i have bought 2 new dell R320 serveurs to replace my old dell 1650
servers (7 years old). The problem is network card (unfortunately the
machines will be routers/gateways).
I tried to backport FreeBSD 9.1 RC3 driver, which works, but not totally
succesful (card recognized, link negotiation
Hello all,
Thanks stuart for this link, if we add this the card is recognized by
the kernel, but does'nt work.
You must import more source code from FreeBSD 9.3RC3 because PHY is not
properly recognized.
Moreover some other code paths aren't followed when you add only the mii
code, because you need
Hello to OpenBSD users,
i have a little problem, i think it's linked with PF, but i have no
proofs. System is OpenBSD 5.1 but OpenBSD 5.2 get the same things (with
different card, 5.1 uses bnx and 5.2 use em)
I have a router with squid proxy, named and isc-dhcpd. The problem is,
sometimes i get "n
Here is my rules (without macro & table definitions which are before,
sensible rules are hidden, but are in the same template as shown rules
and same place)
##
## Options
##
set skip on lo0
set block-policy drop
set limit { states 5, frags 2, src-nodes 4, table-entries
60 }
##
#
Hi Joel,
You can mix several architectures, that's not a problem for firewall and
routers, IP is OS arch independant.
The thing you must consider is packet processing. Some architectures are
fast to process for packets than other (with equivalent perfs on paper).
If you doesn't need low latency, yo
Hello to OpenBSD Community.
I am testing OSPF + BGP dynamic routing.
I'm happy to see OSPF learn BGP learnt routes natively. I have a problem
with my default route.
As you see Pala1 (one of the two main router) learn default route from
14.14.14.1 (which is my simulated backbone router). OSPF mus
You need one common VHID for each virtual IP, Stuart said all fixes you
need. CARP protocol identify nodes by VHID.
--
Cordialement,
Loïc BLOT, UNIX systems, security and network expert
http://www.unix-experience.fr
Le lundi 17 décembre 2012 à 22:36 +, Stuart Henderson a écrit :
> On 2
Hello,
i got this problem with squid in the past. My problem was squid freeze
all system when i restart him for 5 minutes when it's high loaded. The
only solution i got at this moment was to kill -9 squid on restart, no
freeze occurs.
After those events, i try a new approach, i saw squid and moreov
Hello,
there is a little mistake on french FAQ here:
http://www.openbsd.org/faq/fr/faq14.html
We read:
Vous utilisez le système et finissez par avoir pus de 504Mo de données
dessus.
and we must read
Vous utilisez le système et finissez par avoir plus de 504Mo de données
dessus.
Have a nice d
It's a shame not to port OpenBSD on a Raspberry PI. I would like to a
make a cheap firewall router box at home with this.
The network card and the CPU is as better as an ISP box but it's more
flexible.
That's the cheapest solution for homing firewall, and we can add an USB
wireless tool to get Wi
Hello,
Since this morning is get a high uptime value for server load, but the
server does nothing. It's our CARP backup gateway for our clients, and
it stays in backup mode since few month.
The CPU does nothing special, the gateway is waiting failover, the
memory isn't used (3G/16G Ram), and disk
Thanks for your answer, it's sendmail which is waiting disk and forks
himself... strange because i don't use sendmail, even if it was default
activated
--
Best regards,
Loïc BLOT, Engineering
UNIX Systems, Security and Networks
http://www.unix-experience.fr
Le jeudi 03 janvier 2013 Ã 15:38
Hello,
since OpenBSD 5.2 i have a problem with NMAP:
Starting Nmap 6.01 ( http://nmap.org ) at 2013-01-04 11:47 CET
route_dst_generic: Failed to obtain system routes: getsysroutes_dnet:
sysroutes_dnet_find_interfaces() failed
If i disable PF the problem isn't present.
Do you have an idea ?
Tha
Hello,
It's a simple nmap :
Nmap -p 1688 a.b.c.d -PN
Loic Blot
Le 4 janv. 2013 à 12:14, "Peter N. M. Hansteen" a écrit :
> On Fri, Jan 04, 2013 at 12:09:10PM +0100, Lo?c Blot wrote:
>> Hello,
>> since OpenBSD 5.2 i have a problem with NMAP:
>>
>> Starting Nmap 6.01 ( http://nmap.org ) at 2013
Hmmm strange but with
--
Best regards,
Loïc BLOT, Engineering
UNIX Systems, Security and Networks
http://www.unix-experience.fr
Le vendredi 04 janvier 2013 à 13:04 +0100, Loïc BLOT a écrit :
> Hello,
> It's a simple nmap :
> Nmap -p 1688 a.b.c.d -PN
>
> Loic Blot
>
> Le 4 janv. 2013
Strange but with
nmap -sT -p -PN it works.
--
Best regards,
Loïc BLOT, Engineering
UNIX Systems, Security and Networks
http://www.unix-experience.fr
Le vendredi 04 janvier 2013 à 13:04 +0100, Loïc BLOT a écrit :
> Hello,
> It's a simple nmap :
> Nmap -p 1688 a.b.c.d -PN
>
> Loic B
I got same problem with squid when squid exit normally (/etc/rc.d/squid
stop), when mass squid disk cache is written, there is a one min freeze
on the server. (OpenBSD 5.2). The problem was also here under OpenBSD
5.1. CPU is also OK (10% of a big xeon quad). But for me softdeps aren't
activated.
T
i agree with Marc, don't be paranoid :s you use OpenBSD as a desktop
it's a great thing (personnaly i run Linux, because of driver supports).
--
Cordialement,
Loïc BLOT, UNIX systems, security and network expert
http://www.unix-experience.fr
Le mardi 08 janvier 2013 Ã 20:24 +0100, Marc Espie a
if i'm not mistaken, it's Berkeley Packet Filter.
I must do the same issue for dhcpd when i use many vlan interfaces and
PF :)
--
Cordialement,
Loïc BLOT, UNIX systems, security and network expert
http://www.unix-experience.fr
Le mardi 08 janvier 2013 à 20:39 +0100, Ulrich Drolshagen a écrit
Hi !
There is no problem as i Know and use
Loic Blot
Le 15 janv. 2013 à 12:50, "R0me0 ***" a écrit :
> Hello misc,
>
> I've a OpenBSD 5.1 in production and I will put another OpenBSD 5.2 and
> then configure CARP.
> will I have some compatibility issue ?
>
> Thanks in advanced
Also look at: http://www.openbsd.org/plus.html
--
Best regards,
Loïc BLOT, UNIX systems, security and network expert
http://www.unix-experience.fr
Le samedi 02 février 2013 à 18:08 -0500, bofh a écrit :
> On Sat, Feb 2, 2013 at 6:02 PM, bofh wrote:
> > On Sat, Feb 2, 2013 at 6:00 PM, Gil
I confirm dynamic dns updates works with OpenBSD named, but you must
replace OpenBSD dhcpd with isc-dhcpd from packages, failover and dynamic
dns updates works with it
--
Best regards,
Loïc BLOT, UNIX systems, security and network expert
http://www.unix-experience.fr
Le dimanche 03 février 20
s the following:
attribute_unacceptable: ENCRYPTION_ALGORITHM: got AES_CBC, expected
3DES_CBC
My ipsec.conf is very simple for now:
on host A
ike esp transport from 10.0.0.1 to 10.0.0.2
and on host B
ike esp transport from 10.0.0.2 to 10.0.0.1
Any idea ?
Thanks for advance
--
Best regar
Thanks for the reply Stuart, but:
- It's a test network, with an offline switch
- only the two routers are on the switch, with the good VLAN connected
by one LACP trunk (for each device)
- isakmp negotation is from the expected hosts
- the certificate are default certificates, generated by OpenBSD
gards,
Loïc BLOT, Engineering
UNIX Systems, Security and Networks
http://www.unix-experience.fr
Le vendredi 01 mars 2013 à 19:34 +, Stuart Henderson a écrit :
> On 2013/03/01 20:16, Loïc BLOT wrote:
> > Thanks for the reply Stuart, but:
> > - It's a test network, with an offl
Hello misc,
i am installing a WAN router under openbsd but i have a strange problem
with OSPF and OpenBSD.
I use two OSPF areas. One area is stub and the other isn't (and i have
tryied to stub it too).
We can say area 1 is stub area and area 5 is LAN area.
When the router learn routes from area 1
AN router
router-id A.B.C.D
no redistribute default
auth-md 1 "pwd1"
area 12 {
auth-type crypt
auth-md-keyid 1
interface trunk0
interface trunk1 { passive }
interface vlan994 { passive }
}
Has anyone an idea ? i'm stucked :s.
Thanks for adv
Hi Robert and misc@openbsd,
thanks for your reply, but if i don't want to connect area 12 on area
0 ? My area 12 is reserved for LAN to LAN only, i don't want to publish
its routes on the backbone area and backbone area is not in stub mode.
Also, I thought about stub areas to not publish routes.
Hi stuart,
i agree, but that means i must use area 0 on LAN ifaces. And if i have
another area on that iface (my extented LAN area), i can't use backbone
area.
Now, i have replaced area 12 with area 0, but the problem also persists.
--
Best regards,
Loïc BLOT, Engineering
UNIX Systems, Sec
Hello all,
to begin, thanks to OpenBSD team & contributors for this very good
release.
I have a question about ospfd. Why ospfd doesn't have capabitilities to
filter some routes, or filter by sources ? (ok by source can be filtered
by PF, but if i want to refuse routes from specific hosts, or some
Hello all,
to begin, thanks to OpenBSD team & contributors for this very good
release.
I have a question about ospfd. Why ospfd doesn't have capabitilities to
filter some routes, or filter by sources ? (ok by source can be filtered
by PF, but if i want to refuse routes from specific hosts, or some
OK for the tree, but refuse to insert routes in the kernel is useful.
It would be a great function to refuse inserting kernel routes from some
routers.
--
Best regards,
Loïc BLOT,
UNIX systems, security and network expert
http://www.unix-experience.fr
Le mercredi 01 mai 2013 Ã 20:56 +0300, Da
In fact, this isn't really an interarea problem but a inter protocol
problem.
Next month i'll have two border routers which are connecter to MAN by
BGP. In my LAN and on my tunnels i'm in a "LAN backbone" area.
Because of the priority of OSPF and the default route redistribution,
the default rout
My border routers obtain a default route in fact, and OSPF must
redistribute this route to LAN Routers. Here is a scheme
|-- R1 site 1 R3 Site 1
| BGP AS 650XX | OSPF a3|
|-- R2 site 1 R4 Site 1
|
ndling or maybe BCM + LACP + CARP isn't a good idea
but i haven't any choice :s
Thanks for advance.
--
Best regards,
Loïc BLOT, Engineering
UNIX Systems, Security and Networks
http://www.unix-experience.fr
lt or responsibility.
>
> if you could get a trace to verify, that would be much appreciated.
>
> cheers,
> dlg
>
> On 05/05/2013, at 4:11 AM, Loïc Blot wrote:
>
>> Hello misc.
>> On thursay i have upgraded one of our BGP border routers to OpenBSD 5.3,
>> a
A little more precision,
my server have network, but some times he looses also network for 1
second and CARP goes to master on this backup servers and generate
instability. I think there is a problem somewhere, but i don't know why.
To compare, i have two Dell R320 with BCM5720 and EM, on works per
Hello Stuart, ok for the console, (i would tell i use keyboard and
screen on the server directly, sorry for the mistake :s).
I can't test this week, because of production (and then i have shutted
down the server because he interfers with the CARP master and take the
hand whereas he mustn't...)
Can
No it's a dell r320 Then a 64bit cpu then amd64 architecture :)
Loic Blot
Le 8 mai 2013 à 23:54, Joerg Goltermann a écrit :
> Hi,
>
> On 04.05.2013 20:11, Loïc Blot wrote:
>> Today, i want to upgrade exactly same model (Dell R320 with PCI Intel
>> CARD and BCM57
1 - 100 of 118 matches
Mail list logo
