ith OpenIKED for my macOS and iOS
devices.
https://www.going-flying.com/blog/protecting-my-macos-and-ios-devices-with-an-openbsd-vpn.html
That being said, iked.conf(5) and iked(8) have most of what you need.
--Matt
--
Matthew Ernisse
m...@going-flying.com
https://www.going-flying.com/
u are using (likely amd64[2]
since you mention EFI) before you attempt the installation, they should
answer nearly all of your questions -- even the ones you don't know you
have yet.
[1] https://www.openbsd.org/faq/faq4.html
[2] https://ftp.openbsd.org/pub/OpenBSD/7.3/amd64/INSTALL.amd64
)
Check for host firewalls on both sides.
FreeBSD machine:
[ snip ]
media: Ethernet autoselect (100baseTX )
100/half is a bit odd these days, is this machine able to communicate to
other things on this ethernet link?
--
Matthew Ernisse
https://www.going-flying.com/
load page) makes the page seem
muddier -- the eye wanders and it's harder to tell how the information
is related than when there were borders.
--
Matthew Ernisse
https://www.going-flying.com/
On Fri, Aug 11, 2023 at 01:08:07PM +0200, Marko Cupać said:
Are there any commands I can run which would indicate ipsec traffic is
being throttled due to hardware being underspecced? top shows CPU is
more than 50% idle. netstat shows ~1 Ierrs / Ifail (no Oerrs /
Ifail) on interfaces that deal
On Sun, Aug 13, 2023 at 02:31:44AM +0200, Daniele B. said:
I found instead /usr/share/relink/kernel/GENERIC.MP (636M) that is good
to not have, eventually. Is it safe to move away or erase it?
Leave it alone.
Any other suggestion for my /usr cleaning campaign? ;D
You have sufficient free sp
On Sun, Aug 13, 2023 at 04:37:25AM +0200, Daniele B. said:
[ snip ]
- what about /usr/local/share/gir-1.0 (70M) ?
I gather you are not running the automatic layout presented to you from
the OpenBSD installer as it will create separate slices for /usr and
/usr/local.
You should probably re-in
On Mon, Aug 14, 2023 at 05:54:55PM +0530, SOUBHEEK NATH said:
2. Please have a look at the configuration I have implemented.
pass in quick on wg0 proto tcp from 10.0.8.3/32 to any port {22 80}
block in on wg0 proto tcp from any to any port {22 80}
block in quick on bwfm0 proto tcp f
On Sat, Aug 19, 2023 at 10:05:41AM +, whistlez said:
I honestly don't understand this hatred. I call it that because I refuse
to accept that you didn't understand the question. Volatility has no
plugin to interpret a ram dump on openbsd and so having only the dump is
totally useless. If you r
On Tue, Dec 19, 2023 at 04:27:14PM +0300, Maksim Rodin said:
Is there any tool in base which allows to get something like this?
I have over the years implemented this in shell several times, it's not
terribly difficult to convert dotted quad into an integer and then you
can work out your addres
On Fri, Jan 19, 2024 at 08:29:30PM +0200, Mark said:
So, any clue?
Seems fine now, at least for whichever node the CDN returned for me.
bakeneko@20:02:19 ~ >curl -s
https://cdn.openbsd.org/pub/OpenBSD/7.4/packages-stable/ | grep amd64
amd64/
17-Jan
On Mon, Apr 29, 2024 at 01:47:45AM +0200, Odd Martin Baanrud said:
I’m planning to set up a VPN on my router with iked(8).
The first goal is to have my Macbook and iPhone connected, both to route the
traffic thrugh my router at home, and to get access to the services running on
a machine behind
I have not tried ECDSA, however I've had iOS and macOS devices
running with iked since it came into OpenBSD using certificate auth
with RSA 2048 certs and a RSA 4096 CA.
I just recently wrote a blog post on it, it includes a general overview
of how I did it and a fragment of my .mobileconfig and i
th FQDN ids.
--Matt
--
Matthew Ernisse
m...@going-flying.com
http://www.going-flying.com/
On Sun, Jul 25, 2021 at 11:22:58PM -0500, Vincent Lee said:
> 2. Next, I tried adding a pf redirect on the VPS: pass in from any to
> $bar rdr-to 10.0.0.2
It sounds like you want binat-to. Checkout pf.conf(5).
--Matt
--
Matthew Ernisse
m...@going-flying.com
https://www.going-flying.com/
I have a iked(8) based VPN concentrator that terminates roadwarrior
connections from macOS and iOS devices. It connects back to my
broader infrastructure via a static flow with GRE running on top.
Starting with 6.9 I noticed that bringing up a roadwarrior tunnel would
drop the network completely (
On Mon, Oct 18, 2021 at 07:40:39PM -, Stuart Henderson said:
>
> Follow the 6.9 upgrade guide.
'to dynamic' did the trick. Thanks.
--Matt
Host
header which is mandatory in requests which and has been used for decades to
provide name based virtual hosting sharing an IP address.
https://datatracker.ietf.org/doc/html/rfc2616/#section-14.23
In practice DNS isn't even needed, an entry in your client's hosts(5) file
has been su
onf(5) (much less why you are allowing md5/3des). You should
probably run iked(8) with debugging cranked up and see what it says, I've found
it to always tell me why it is unhappy.
I have tunnels between OpenBSD 7.0, iOS/iPadOS 15.3.1, and MacOS 10.15.7.
--Matt
--
Matthew Ernisse
m...@going-flying.com
https://www.going-flying.com/
expected that one cannot assign the same wgaip blocks to more
than one peer simultaneously?
Thanks,
Matt
--
Matthew Ernisse
m...@going-flying.com
https://www.going-flying.com/
ngle
wg(4) iface pair for each connection instead of trying to multiplex in
this case. Seems like multiplexing only makes sense to connect a remote
host not a remote network.
Thanks,
--Matt
--
Matthew Ernisse
m...@going-flying.com
https://www.going-flying.com/
On Mon, Apr 04, 2022 at 01:07:49PM +0800, Tito Mari Francis Escaño said:
> I'm trying to develop web apps on OpenBSD but Github and even Bitbucket
> seems to think that only Windows and/or Linux are the platforms so I feel
> forced to use VS Code that runs only on those systems.
git(1) works just
On Mon, Apr 04, 2022 at 08:37:57PM +0100, Steve Fairhead said:
> To put it another way, what is the recommended way of upgrading a production
> system with patches applied (so -stable)?
Historically I used the manual method to upgrade releases but have been using
sysupgrade(8) since it became The
On Wed, May 08, 2024 at 12:25:43AM +0100, Jo MacMahon said:
I'm interested if anybody has solutions using just the base
system
I've had a set of functions in my .profile for about 15 years
that keeps large parts of my home directory available and in
sync across Linux, macOS and OpenBSD systems
On Thu, Nov 21, 2024 at 03:16:25PM -0700, Devin Reade said:
So my main question is whether there are compelling reasons to
be considering wireguard (or other options) over ipsec? I'm
guessing that assuming stability is good for both that the
respective approaches to dynamic IP changes may be a d
On Fri, Nov 15, 2024 at 12:10:13AM +0100, Anders Andersson said:
$TERM is "screen" on both instances, and I've tried manually changing
it to things like "xterm", "screen-256color" with no effect.
Where are you trying to change $TERM? Before I switched to tmux I used
screen in much the way you
On Thu, Jan 02, 2025 at 05:22:03AM +, Lloyd said:
Your /etc/hostname.wg0 file should contain a line such as the following at the
end:
!/usr/local/bin/wg setconf wg0 /etc/wireguard/wg0.conf
The ! specifies a shell command - see hostname.if(5)
You will need to install the wireguard-tools pa
On Mon, Mar 24, 2025 at 02:40:47PM +, otto.cooper said:
[ snip ]
Can we agree that /etc/myname can be safely and easily replaced with
/etc/hostname?
Assuming you ignore all the installed copies of OpenBSD and derivatives,
perhaps, however I'd caution against such a cavalier attitude. I'
28 matches
Mail list logo
