Re: cisco vpn gateway
On Monday 19 February 2007 14:27, atstake atstake wrote: I been given this Cisco VPN Client software version 4.8 where a vpnclient.ini file needs to be imported and authentication is done via username and password to a Cisco VPN gateway which (after authentication) drops me off to the internal network. Does anyone know if it is at all possible to use OpenBSD's isakpmd or anything else to authenticate to the Cisco VPN gateway instead of using Cisco VPN Client software version 4.8 on Windows XP? Thanks. You can try vpnc, which is in the ports tree: $ cd /usr/ports make search key=vpn ... ... Port: vpnc-0.3.3p1 Path: security/vpnc Info: client for Cisco 3000 VPN concentrators Maint: The OpenBSD ports mailing-list ports@openbsd.org Index: security net L-deps: gcrypt.=12:libgcrypt-=1.2:security/libgcrypt B-deps: :devel/gmake R-deps: Archs: any Steffen
Re: fping systrace
On Saturday 02 September 2006 12:14, Julien TOUCHE wrote: [cut] i don't get it ??? native-getuid: permit as root doesn't work in a systrace policy You should try true then permit as root $ sudo /bin/systrace -a -c 556:556 /usr/local/sbin/fping localhost syntax error /etc/systrace/usr_local_sbin_fping:24: syntax error. Segmentation fault and same for adding a return code to permit. nobody with systrace privilege evelation and fping ? The following policy works for me: Policy: /usr/local/sbin/fping, Emulation: native native-geteuid: true then permit as root native-getuid: true then permit as root native-socket: sockdom eq AF_INET and socktype eq SOCK_RAW then permit as root native-issetugid: permit native-mprotect: prot eq PROT_READ then permit native-mmap: prot eq PROT_READ|PROT_WRITE then permit native-fsread: filename eq /var/run/ld.so.hints then permit native-fstat: permit native-mmap: prot eq PROT_READ then permit native-close: permit native-fsread: filename eq /usr/lib/libc.so.39.2 then permit native-read: permit native-mmap: prot eq PROT_NONE then permit native-mmap: prot eq PROT_READ|PROT_EXEC then permit native-mprotect: prot eq PROT_READ|PROT_WRITE then permit native-mprotect: prot eq PROT_READ|PROT_WRITE|PROT_EXEC then permit native-mprotect: prot eq PROT_READ|PROT_EXEC then permit native-munmap: permit native-sigprocmask: permit native-__sysctl: permit native-fsread: filename eq /etc/protocols then permit native-fsread: filename eq /etc/malloc.conf then permit native-seteuid: uid eq 0 and uname eq root then permit native-setuid: uid eq 0 and uname eq root then permit native-getpid: permit native-sigaction: permit native-gettimeofday: permit native-sendto: sockaddr match inet-*:0 then permit native-select: permit native-recvfrom: permit native-ioctl: permit native-write: permit native-exit: permit