Hello list,
Hopefully not too much of a newbie question.
[SERVER A] <-> [SWITCH] <-> [SERVER B]
ospf.conf A :
router-id 172.16.0.177
redistribute connected
area 0.0.0.0 {
interface lo1 {passive}
interface vlan10 {passive}
interface bge0
}
ospf.conf B :
router-id 172.16.0.178
redistribute conne
Solved. The cause was overlapping lo1 and physical interface IPs.
Despite having a working OSPF setup and no PF config, I'm seeing
socket errors in the logs when attempting to establish an IBGP
session to lo1 on another machine.
# ospfctl sh ne
ID Pri StateDeadTime Address Iface
Uptime
172.16.101.169 100 FULL/BCKUP 00:00:13
>First try without "tcp md5sig" and enable it only when it is
>working.
>But I guess your problem is that the other side is expecting the
>connection to come from a different IP than the one selected by
>the route
>lookup. In that case set "local-address 172.16.101.170" in the
>iBGP group.
>
>Se
Hello List,
Have a working OSPF / BGP test setup going between two machines,
with BGP using the loopback of the other machine as the endpoint.
I now would like to go one step further and implement PF with
pfsync over IPSec as I don't have any spare ethernet ports.
The problem is that I've trie
>Aren't you looking for this ? :
> r...@fw ~ # cat /etc/isakmpd/isakmpd.conf
\
>Claer
I was so focused on trying to make ipsec.conf work that I did not
realise other options such as iaskmpd.conf might be worth
investigating. Combined with the fact that I'm s
Actually, thinking about this again, I see from "netstat -an" that
isakmpd listens on all ports by default. Therefore needing to
specify in isakmpd.conf should be unnecessary, no ?
The precise errors I am seeing at present are :
Default rsa_sig_decode_hash: no public key found
Default dropped
> Here is the configuration I used between 2 peers
> ike esp tunnel \
Interesting. Thanks for that, and for your help.
I now seem to be able to get a flow going but not traffic (e.g.
with the below I cannot ping).
I'm sure I'm missing something obvious, but I think I need that
second pair
Hello List,
Back in the 2006 list archives, Claudio Jeker said "Welcome in the
OSPF hell".
I just can't figure out how to solve a "nbr_adj_timer: failed to
form adjacency with .." problem. I thought I cracked it the other
day, but the solution I found the other day (removing overlapping
sub
Hello list,
I'm looking to explicitly disable IPv6 on interfaces where it is
not used. This includes link local addresses.
However, this :
# cat /etc/hostname.em0
description "Some Port"
media 1000baseT
inet
>you can also pass extra options after "up"
>
>up -inet6
>
>>
Interesting. Well, I've already had one reply telling me to RTFM,
so perhaps I missed that little gem amongst all the text to be
enjoyed !
>> Please try this diff.
>>
>
>or this...
>
ack. done. worked. thanks again.
>Please try this diff.
>
>Index: netstart
>===
>
>RCS file: /cvs/src/etc/netstart,v
>retrieving revision 1.129
>diff -u -p -r1.129 netstart
>--- netstart 12 Jan 2010 07:43:41 - 1.129
>+++ netstart 14 Jun 2010 11:27:47 -000
Hi,
Could someone please clarify whether this is an expected behaviour
on 4.7 ?
I copy pasted a working config from a machine with bge interfaces
onto one with em interfaces (changing macro references where
necessary, of course !) and find that VLAN interfaces do not
inherit their parent band
Hello List,
I'm sure I'm missing something fairly obvious but don't know where
to start.
First, forgive my ASCII art :
[BSD A] <--> [PEER A]
^
|
v
[BSD B] <--> [PEER B]
The following works OK :
- eBGP
- iBGP
- Routing to and from machines behind the BSD boxes
- Pinging internet routes learn
> maybe pf related ? did you try to disable it ?
Yes, no effect as far as I recall.
I did a diff on both PF configs, they are pretty much exactly the
same apart from obvious things like interface names and IP
addresses.
>You did not provide too much detail so its hard to guess.
Yes, sorry, a
>> Somebody knows if this problem only happends on Intel
X58/5500/5600
chipsets ? Did somebody tried the i386 version of OpenBSD 4.7 ?
I am running 4.7 i386 release (+ errata patches) on a Intel 5500
platform with the following Intel NIC. Seems to be behaving itself
so far.
(Sorry no dmes
Thank you for the messages regarding /var/run/dmesg.boot. I bow
to your combined superior wisdoms !
Hope this is of assistance : ;-)
OpenBSD 4.7 (GENERIC.MP) #0: Sat Jan 10 10:10:10 GMT 2010
r...@example.com:/usr/src/sys/arch/i386/compile/GENERIC.MP
cpu0: Intel(R) Xeon(R) CPU E5502 @ 1
Hi,
Is it possible to launch the second restricted control socket
without having to pkill bgpd first ?
I tried running "bgpd -r" without pkill first and that did not have
the desired effect, it simply tried to relaunch conections to any
configured peers rather than simply start up the second s
>Yes, because you're invoking a second instance of the daemon. All
>else
>flows from that; upon my quick inspection of the bgpctl man page
>doesn't
>seem to indicate that you can fire up the restricted socket during
>runtime.
>
>Magic 8 ball says the judicious use of pkill and bgpd_flags="-r
>/
Hello List,
Are there optimisations that should be done when writing filters in
bgpd.conf for the benefit of the bgpd engine ?
For example :
- Lets say I'm filtering out private AS numbers. Because there is
currently no way to define ranges, I've got a number of lines as
below. The length
>don't bother. filters will change dramatically, any day now.
>well, the "any day now" part is true for some time already...
Thanks for the swift answer regarding the BGPd's positive future
improvements. Keep up the great work on BGPD (and indeed OpenBSD
in general) both excellent pieces o
Hi,
Not sure if this is expected behavior, but I recently decided to
switch to UTC on a OpenBSD 4.7 box that happened to have BGPD
running.
Re-linked localtime and ran rdate.
Noticed in the logs that BGPD was still logging away under the old
time setup and needed to be killed and restarted to
ack. Thanks Paul.
Hello,
Have you tried a filter based config for your prepends ?
Hi,
Probably a very silly question, but I just need to confirm my
understanding.
When pulling stats off a VLAN interface, do the in/out figures
reflect the traffic values flowing to/from the attached subnet (my
understanding), or do they also include traffic figures flowing
to/from other inte
Hi,
Could someone in the know confirm whether it is multiple announce
statements in bgpd.conf are considered a "legal" syntax by bgpd.
Upon a recent config audit, I noticed I had the following two lines
applied to an iBGP group section :
announce all
announce none
It appeared to do no harm, an
Thanks Henning.
>>the last one wins
Hello List,
Apologies for the potentially newbie question, but I am having
difficulty why the above error has been cropping up in my logs.
The server has been idle since its setup with no traffic flowing
through it (I've got SNMP monitoring to back-up that statement)
apart from my occasional
Hi,
At the moment, in my bgpd.conf, I've got the following amongst my
import filters :
# Set communities (AS64515)
match from group "AS64515" community 64516:* set community delete
64516:*
match from group "AS64515" set {community 64516:2,community
64516:64515}
Basically the goal is to :
(1)
cat /var/run/dmesg.boot
> A friend of mine has old Asus A3F and I have found a very
interesting
> bug in dmesg. When I type dmesg I don't get regular dmesg output.
It
> starts in the middle of regular dmesg output and then it prints
it 2
> more times.
30 matches
Mail list logo
