On Tue, Jul 29, 2014 at 02:41:36PM +0100, Andy wrote:
> Puppet is definatly a sledge hammer approach, but if you have lots of
> firewalls its great.
Not to mention, you can use it for your other non-firewall systems as
well.
> Another nice example of an appropriate application is that by using
>
On Thu, Jul 31, 2014 at 05:54:48PM -0300, Giancarlo Razzolini wrote:
> On 31-07-2014 14:47, Zach Leslie wrote:
> > I'm a Puppet user for more than just firewall systems, which allows
> > me
> > to take a given node, say another server, and insert its IP into a
>
> > Configuration management tools, like Puppet, can quickly abstract
> > knowledge of a particular technology away from the user and isolate
> > understanding for said technology to a smaller group of people with
> > those skills. This is the nature of technology, though, is it not?
> > Abstracti
> However, I don't know how it is seen by the system and if it would
> show up as a drive. Anyone in here is using a smart card to decrypt
> volumes at boot?
You could use a YubiKey with a static long password to unlock the boot
volume.
--
Zach
[demime 1.01d removed an attachment of type applica
> > >Are there any YubiKey-like devices that can contain many static
> > >password, not one like YubiKey?
> >
> > Not sure it helps, but mine contains two...
>
> It helps! I need one for login password and second for firefox's password
> manager. Which model do you use?
All yubikeys have the two s
Are systems behind the firewall able to route to and reach the remote
network? I just built out an environment to do this last week using carp,
and some of the trouble I had was that we could route through the device,
but packets that originated from the router were not able to make it
through. E
On Mon, Feb 10, 2014 at 07:58:39PM +0100, Aurelien Martin wrote:
> > net.inet.icmp.rediraccept=1 # 1=Accept ICMP redirects
>
> Good to know this feature :)
>
> > Are systems behind the firewall able to route to and reach the remote
> network?
>
> Yes all is working.
>
> > we could route th
I've recently deployed a set of OpenBSD firewalls and nearing a time
when they need to go production, but I've got an issue that I can't nail
down.
I've got a pair of OpenBSD 5.4 systems running on Soekris 6501 at each
location, for a total of four firewalls. Each pair is running the
sasycnd, pfs
> OpenBSD 5.4 GENERIC#37 amd64
I've just booted the MP kernel on all four systems just to test and I am
still seeing the behaviour. I can prompt the packet loss by generating
load on the CPU. Running Puppet on the machines drives up the CPU usage
considerably, at which point my remote session ha
On Wed, Mar 05, 2014 at 11:05:11PM -0600, Amit Kulkarni wrote:
> > If PF information is needed, I can provide and obscure, but I didn't
> > expect it to be
> > the issue.
> >
>
> i am no expert on this. but if it is a packet loss issue, you need to post
> the obscured pf.conf
Fair point. I've no
On Thu, Mar 06, 2014 at 08:16:34PM +, Andy Lemin wrote:
> Hi, haven't read your original email but if my assumptions about your setup
> are correct is the VPN tunnel dropping every now and then?
Thats correct. Daemons start up quick, negotiations happen, and then
periodically the tunnel is j
On Fri, Mar 07, 2014 at 04:35:45PM +, Andy wrote:
> Hi
>
> On Thu 06 Mar 2014 23:03:58 GMT, Zach Leslie wrote:
> >On Thu, Mar 06, 2014 at 08:16:34PM +, Andy Lemin wrote:
> >>Hi, haven't read your original email but if my assumptions about your setup
>
> I had to disable monitoring of the internal interfaces of both remote
> firewalls, as it killed the VPN when you ping'ed the backup firewall. The
> packets get there, but the reply is sent back directly from the backup and
> not via the master.
>
> To fix that I added a NAT rule, and could then
> Hope this helps,
Thanks, Andy. Once I removed the routes for the remote network point to
the internal carp interface, everything works like I expect. Super
stable. Thanks for your time. I'll mess with the NAT for monitoring
soonish and see if I can get that working.
--
Zach
14 matches
Mail list logo
