Dear fellow OpenBSD friends.
I'm setting up 2 FW's that should form a VPN tunnel securing the net behind
each FW - simple
NET x -> FW x -> WAN -> FW y -> NET y
I'm using ipsec.conf / ipsecctl. OpenBSD 5, pf is disabled.
On FW x
# cat /etc/ipsec.conf
Kevin Chadwick [ma1l1i...@yahoo.co.uk] wrote:
>
> I'm very careful with what I let the almost constantly full of exploits
> phone have access to (a network being as strong as it's weakest link).
>
There were rumors in the last 20 years of firmware being loaded on phones to
provide an anonymous,
On Wed, 22 Feb 2012 10:23:33 +0100
Raimo Niskanen wrote:
> Sorry, sftp,
When I looked, I couldn't find an open source sftp for Android but
andftp works well.
I'm very careful with what I let the almost constantly full of exploits
phone have access to (a network being as strong as it's weakest li
test
On Wed, Feb 22, 2012 at 05:05:28PM +0100, Mathieu BLANC wrote:
> Hello !
>
> I have an OSPF setup with 4 routers :
>
> INTERNET
> ||
> C1 C2
> ||
> O1 O2
> ||
> NE1 NE2
>
> C1 and C2 are Cisco Routers, O1 and O2 OpenBSD.
> OSPF is used between C1/C2/O1/O2
> NE1 is the network ma
Hello !
I have an OSPF setup with 4 routers :
INTERNET
||
C1 C2
||
O1 O2
||
NE1 NE2
C1 and C2 are Cisco Routers, O1 and O2 OpenBSD.
OSPF is used between C1/C2/O1/O2
NE1 is the network managed by O1, NE2 the network managed by O2.
C1 and C2 distribute a default route to O1/O2 (s
On 2/22/12 12:39 AM, Roger S. wrote:
On Tue, Feb 21, 2012 at 9:51 PM, Joachim Schipper
wrote:
Just the most obvious idea, since you mention that this sort-of-works if
you put "block drop in quick from !": does it handle
this load if you turn off pf, or only include one or two trivial rules?
H
On this (almost) current/i386,
strange things sometimes happen
when plugging things into USB ports.
The machine has 10 USB ports:
8 in the back, 2 in the front.
At the back, 5 ports are occupied with:
keyboard, mouse, disk, disk, printer.
Now, *sometimes* when I plug a sixth thing into a back po
> I just downloaded PaderSync SSH Trial and I think I will buy the
> full version.
I got it before it was a paid app whilst still in testing. It seems very
good and handles large keys well enough. The only objection I've got is the
menus and dialogs can be a bit wordy but it does seem to work fine
Does someone have experiens with OpenBSD and the above Laptop?
Does OpenBSD run there and support all devices (Wlan, Ethernet, etc)?
Thanks in advance for any hint!
Rodrigo
My followup mail was just about bufcachepercent. Auto-sizing socket
buffers is pointless on a firewall. Even if it were useful, if you are
running into resource starvation you want to *DECREASE* resource use
not increase it.
"aggressive" sets tcp.first to 30s. 2M SYNs per second * 30s = 60M states
On 2012-02-22, Stuart Henderson wrote:
> On 2012-02-21, Hassan Monfared wrote:
>> Hi,
>> have you tried to set some tuning options in pf.conf & sysctl.conf ?
>> eg:
>> for sysctl.conf:
>> net.inet.ip.ifq.maxlen=512 # Maximum allowed input queue length
>> (256*number of physical interfaces)
>>
On Wed, Feb 22, 2012 at 10:09:51AM +0100, Raimo Niskanen wrote:
:
>
> I just downloaded PaderSync SSH Trial and I think I will buy the
:
> keyboard, ...). It also claims to do scp...
Sorry, sftp, not scp.
>
> / Raimo
:
--
/ Raimo Niskanen, Erlang/OTP, Ericsson AB
I have used ConnectBot occasionally on an Xperia Neo. The screen
is very small and ConnectBot works best in portrait mode making
the characters even smaller. But it works.
I just downloaded PaderSync SSH Trial and I think I will buy the
full version. It has a semi transparent keyboard with easy
ac
* Gregory Edigarov [2012-02-22 09:08]:
> How about having something like "explain " command for bgpctl?
> If given it should pass the prefix through the bgp path selection
> algorithm showing WHY this or another path was selected.
> I mean one can always follow the 13 steps in the mind, but I woul
can people please stop suggesting to push random buttons they don't
understand?
this is a prime ewxample.
* Hassan Monfared [2012-02-22 00:22]:
> Hi,
> have you tried to set some tuning options in pf.conf & sysctl.conf ?
> eg:
> for sysctl.conf:
> net.inet.ip.ifq.maxlen=512 # Maximum allowed
On Tue, Feb 21, 2012 at 9:51 PM, Joachim Schipper
wrote:
> Just the most obvious idea, since you mention that this sort-of-works if
> you put "block drop in quick from !": does it handle
> this load if you turn off pf, or only include one or two trivial rules?
Did not try to turn off pf (I need i
On 2012-02-21, Hassan Monfared wrote:
> Hi,
> have you tried to set some tuning options in pf.conf & sysctl.conf ?
> eg:
> for sysctl.conf:
> net.inet.ip.ifq.maxlen=512 # Maximum allowed input queue length
> (256*number of physical interfaces)
> kern.bufcachepercent=90# Allow the kerne
Am Mittwoch, 22. Februar 2012, 08:36:49 schrieb Jan Stary:
> > $ sysctl net.inet.udp.{recvspace,sendspace}
> > net.inet.udp.recvspace=131072
> > net.inet.udp.sendspace=131072
>
> I don't think it's gonna help with handling a DDOS, anyway.
Especially not in this particular case. He drops UDP anywa
On 2012-02-21, Duncan Patton a Campbell wrote:
> read and weap. i did. when you do a cd install, it puts
> src (sys), and xenocara in /usr. that "primes" the src/sys
> tree. if you then _move_ those trees out of the way entirely,
> and do a cvs checkout of the whole tree, well that what *I* s
Hello misc@,
How about having something like "explain " command for bgpctl?
If given it should pass the prefix through the bgp path selection
algorithm showing WHY this or another path was selected.
I mean one can always follow the 13 steps in the mind, but I would
prefer having that done by machi
21 matches
Mail list logo
