Have you tried using cpio in passthrough mode? I've used CPIO on big
systems before with success, although admittedly not on OpenBSD ..
Matthias Bertschy wrote:
OpenBSD 3.7 - i386
Pentium 4 3GHz - 1GB RAM - 2GB swap
Hello list,
For the past 3 weeks, I have been working on a difficult problem:
Hi friends,
I am having a strange problem with a VPN that I've set up between an
OpenBSD 3.9 server and a Checkpoint VPN-1 device. I've pretty much
followed the guide at http://anubis.dweebsoft.com/HOWTO/isakmpd.html. I
have to admit that I don't know enough about ipsec / isakmp.
I do get so
May be a dumb question, but how do I look at traffic going over an IPSEC
tunnel, on one of the OpenBSD machines? I've tried tcpdump -i enc0 but
get nothing ..
That was it, thank you :) Its been one of those days :)
Jason Dixon wrote:
On Feb 8, 2007, at 5:15 PM, Tim Pushor wrote:
May be a dumb question, but how do I look at traffic going over an
IPSEC tunnel, on one of the OpenBSD machines? I've tried tcpdump -i
enc0 but get nothing ..
The
Hi all,
I'm getting to the point where I don't really know where to turn. I am
having a weird problem with an OpenBSD server/firewall that has a
permament IPSec tunnel to a checkpoint embedded security device. The
problem is, that half the time large packets can't get through. I've
trial and
have to figure out why Path MTU discovery isn't working, but
thats minor at this point.
I'd love to send you a pizza of your choice. Please drop me an email and
it'll be done. I'm serious. I'm SO relieved.
Thanks,
Tim
Darren Spruell wrote:
On 2/19/07, Tim Pushor
Hi friends,
I'm looking to add another IPSEC connection to my openbsd 3.9 firewall.
All examples I've seen are a single connection (phase 1). To support
multiple vpn's tunnels, is it as simple as adding additional lines under
[Phase 1] pointing to the new phase1 configuration block?
Thanks!
:
On Thu, Apr 12, 2007 at 11:25:49AM -0600, Tim Pushor wrote:
Hi friends,
I'm looking to add another IPSEC connection to my openbsd 3.9 firewall.
All examples I've seen are a single connection (phase 1). To support
multiple vpn's tunnels, is it as simple as adding additio
Hi friends,
I am trying to setup my first firewall w/failover via carp & pfsync. I
have it almost working, but am having a couple issues. I am hoping
someone will be able to help :)
First, before I enabled preemption I almost always had one machine being
master for one of the carp interface
iosity, why are there two CARP addresses between the
workstation and firewalls?
Kian
On 9/20/06, Tim Pushor <[EMAIL PROTECTED]> wrote:
Hi friends,
I am trying to setup my first firewall w/failover via carp & pfsync. I
have it almost working, but am having a couple issues. I am hopin
not when I pull the
plug on one.
Thanks again,
Tim
Tim Pushor wrote:
Hi friends,
I am trying to setup my first firewall w/failover via carp & pfsync. I
have it almost working, but am having a couple issues. I am hoping
someone will be able to help :)
First, before I enabled preemption I
Kian Mohageri wrote:
On 7/31/06, Tim Pushor <[EMAIL PROTECTED]> wrote:
Sorry to bump this thread, but I'd really like to know how to
troubleshoot something like this.
I'd suggest tcpdump'ing at the point when the connection fails, on the
pflog(4) interface of both
Hi All,
Not trying start a flame fest here (no, really). I am looking for
multiport cards that work well with OpenBSD. Searching around the
soekris cards seem to be a recommended solution.
I seem to get sporadic and/or not very timely responses from soekris. I
realize that they don't owe me
Jason Dixon wrote:
On Aug 1, 2006, at 2:48 PM, Tim Pushor wrote:
Can anyone recommend another 4 port 10/100 ethernet card that will
work well with OpenBSD 3.9?
I don't have any recommendations on 4 port cards. If you have a
switch that will support it, you should consider using VLANs
Hi Jason,
Jason Dixon wrote:
On Aug 1, 2006, at 3:13 PM, Tim Pushor wrote:
Jason Dixon wrote:
On Aug 1, 2006, at 2:48 PM, Tim Pushor wrote:
Can anyone recommend another 4 port 10/100 ethernet card that will
work well with OpenBSD 3.9?
I don't have any recommendations on 4 port cards
Stuart Henderson wrote:
The vlan idea makes a fair bit of sense - carp(4) over vlan(4)
over trunk(4) over $some_nic(4) or some other mix - but if this
is used for security be aware that your switch then becomes a
security device. Google will find more information, including
http://www.cisco.com/e
Jason Dixon wrote:
On Aug 1, 2006, at 5:23 PM, Tim Pushor wrote:
Stuart Henderson wrote:
The vlan idea makes a fair bit of sense - carp(4) over vlan(4)
over trunk(4) over $some_nic(4) or some other mix - but if this
is used for security be aware that your switch then becomes a
security device
Well, after playing a little with trunk(4), etherchannel, and carp I am
wondering something:
Trying to achieve both firewall redundancy (via carp) and ethernet
redundancy (via trunk(4)), would it be possible and (and maybe even
recommended) to have firewall-1 connected solely to switch-1 and
Hi Joachim,
Joachim Schipper wrote:
On Thu, Aug 03, 2006 at 02:26:40PM -0600, Tim Pushor wrote:
Well, after playing a little with trunk(4), etherchannel, and carp I am
wondering something:
Trying to achieve both firewall redundancy (via carp) and ethernet
redundancy (via trunk(4)), would
Hi Friends,
I am wondering anyone can think of why I shouldn't provide secondary DNS
services from a carp cluster of OpenBSD systems? I have an issue where
my primary DNS server is non-redundant, and trying to find a good place
for a secondary. I have a cluster of OpenBSD machines acting as a
Travers Buda wrote:
Hi Friends,
I am wondering anyone can think of why I shouldn't provide secondary
DNS services from a carp cluster of OpenBSD systems? I have an issue
where my primary DNS server is non-redundant, and trying to find a
good place for a secondary. I have a cluster of OpenBSD mac
Joachim Schipper wrote:
It will work, but as noted, there's no particular reason to do this;
redundancy is built into the DNS protocol.
Well, there is a reason since I need another box to act as a secondary ;-)
The only caveat I can think of is that running services on a firewall
weakens yo
Again, does anyone have any ideas? Can other people access ticketmaster
through their CARP'd NAT firewall?
Yeah it works fine over here. How about cranking PF's debugging and
watching syslog? pfctl -x loud
Tim
Steve Glaus wrote:
Ok, I gotcha, trunk just looked like a ready mad solution for what I
was trying to do... Could you tell me WHY it's not able to be used for
that and what it is for?
I've gone the pf route before to but it seems to add a lot of
complexity to my ruleset
trunk(4) is mainly
Steve Glaus wrote:
Tim Pushor wrote:
Steve Glaus wrote:
Ok, I gotcha, trunk just looked like a ready mad solution for what
I was trying to do... Could you tell me WHY it's not able to be used
for that and what it is for?
I've gone the pf route before to but it seems to ad
25 matches
Mail list logo
