Hi,
Pfsync + ipsec setup IS broken.
Links:
http://marc.info/?l=openbsd-misc&m=143463803906528&w=2
Patch to manual page has been applied:
http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/share/man/man4/pfsync.4.diff?r1=1.32&r2=1.33
Please remove example of this setup:
"2. Use the ifconfig(8) syncp
W dniu 25.06.2015 o 12:19, Jason McIntyre pisze:
>>> Please fix this bug or remove this example from documentation.
>>> For me this setup is broken since 2011.
>>> http://marc.info/?l=openbsd-misc&m=130624207811609&w=2
>>>
>>> Nobody cares or nobody uses?
>>
>
> i've just committed something simi
W dniu 2015-06-18 o 17:30, Łukasz Czarniecki pisze:
>> It's still broken because as mentioned at the end of the thread you
>> linked IPsec state gets replicated to the peer and this is causing
>> the "replayed" packets you're seeing. The peer already has IPsec
> It's still broken because as mentioned at the end of the thread you
> linked IPsec state gets replicated to the peer and this is causing
> the "replayed" packets you're seeing. The peer already has IPsec state
> in memory (created by pfsync replication) which matches incoming IPsec
> packets dire
Hi,
I have the same problem described here:
http://openbsd-archive.7691.n7.nabble.com/pfsync-over-ipsec-is-broken-td257496.html#a257681
My system is 5.7 i386
I have keep state (no-sync) on all local terminated traffic (including
ipsec udp/esp) and set skip on enc in pf.conf.
I can see only out
Hi,
I am protecting IPv6 FTP server in my LAN with PF firewall.
I have two options:
1.
pass out inet6 proto tcp to {XXX:XXX::XXX:XX } port 21
pass out inet6 proto tcp to {XXX:XXX::XXX:XX } port > 1024
2.
anchor "ftp-proxy/*"
pass in inet6 proto tcp to XXX:XXX::XXX:XX port 21 divert-to ::1 port 8
W dniu 2012-01-09 18:58, Graham Allan pisze:
> Prepurchase check... I know the SAS 6/iR disk controller has been
> supported since OpenBSD 4.3 or but I saw some reports of write
> performance issues (due to disabling cache). Does it work ok in 5.0?
>
> Seems like my choices on the R310 are:
> onbo
W dniu 2011-10-20 20:11, sophia.ort...@googlemail.com pisze:
> But again, I insist in my first question: how I get that
> dhclient respect my resolv.conf and do not touch it?
chflags uchg /etc/resolv.conf
W dniu 2011-09-25 17:50, Pui Edylie pisze:
> Hi Everyone,
>
> I am trying to put a pair of OBSD box together to provide Syn, UDP and
> ICMP flood protection with pretty graphs.
>
> May I know if anyone has accomplished this?
Check this out:
Bakeca.it DDoS: How Evil Forces Have Been Defeated
ht
Hi
While testing pfsync over IPsec I have spotted a bug. While it is
documented in man pfsync that enc0 should be used as syncdev when using
pfsync over ipsec IMHO the system should not crash when the physical
interface is used.
This bug can be spotted on 4.8/i386, 4.9/i386 and Current/i386. I ha
Trying to compile 4.8-stable:
*1st attempt:*
uvm_fault(0xd0a05960, 0x8000, 0, 1) -> e
kernel: page fault trap, code=0
Stopped at pmap_page_remove+0xad: movl0x4(%esi),%eax
ddb>
More details in dmesg below.
*2nd attempt:*
cc -Werror -Wall -Wstrict-prototypes -Wmissing-prototypes -Wno-ma
With following Mike's suggestions it worked.
could you please change this line
if (mpii_req_cfg_page(sc, addr, 0, &hdr, 1, vpg, pagelen) != 0) {
to
if (mpii_req_cfg_page(sc, addr, MPII_PG_POLL, &hdr, 1, vpg,
pagelen) != 0) {
>>> and one more:
>>>
>>> this:
>>> if (mpi
On 18.02.2011 07:57, David Gwynne wrote:
> this diff implements the disk cache ioctl handling in mpii so sd(4)
> can drive the change rather than have mpii(4) whack everything.
> modelled on the same functionality in mpi(4) and mikeb's code...
>
> could someone test this please?
It freezes on my
On 17.02.2011 16:22, Mike Belopuhov wrote:
> Lukasz has tested the patch below and it works fine for him. I don't
> have the hardware myself, so I'm not going to push it for the release,
> but if someone thinks it's worth it, please speak up.
Here are some numbers:
4.8
# time tar xzf ./sys.tar.
W dniu 2/11/2011 8:20 PM, Rodolfo Gouveia pisze:
On Thu, Feb 10, 2011 at 09:49:43PM -0500, Nick Holland wrote:
Also, check to see if your RAID card has a battery for its cache, if it
doesn't, a lot of RAID controllers drop to non-cached writes, and often
seem to slow down way beyond what you'd e
On 11.02.2011 03:49, Nick Holland wrote:
> tip: use OpenBSD's resident ftp app, save a package:
> /tmp $ ftp http://ftp.spline.de/pub/OpenBSD/4.8/sys.tar.gz
:)
> i.e., "basically the same for all" Therefore, I'm ignoring all but the
> 4.9 GENERIC. I almost never complain about dmesgs being inc
Hi
I've bought a Dell R310 with H200 raid controller reported in dmesg as:
Symbios Logic SAS2008. It uses mpii driver and has two hard drives
configured in RAID 1.
I had a kernel crash while booting amd64-stable kernel.
System Event Log: E171F PCIe Fatal Error on Bus 0 Device 5 Function 0 -
it is
17 matches
Mail list logo