Re: OpenVPN in rdomain 1 error

Hello, We also tried to set up openVPN in non default rdomain, without success. -- Cordialement, Pierre BARDOU -Message d'origine- De : Denis Envoyé : jeudi 13 décembre 2018 13:02 À : Misc Objet : OpenVPN in rdomain 1 error Trying to run OpenVPN in rdomain 1 by command # sh

Re: Weird routing problem on simple CARP setup

That makes sense. Thanks for your advices. -- Cordialement, Pierre BARDOU -Message d'origine- De : Stuart Henderson Envoyé : mercredi 11 juillet 2018 23:24 À : misc@openbsd.org Objet : Re: Weird routing problem on simple CARP setup On 2018-07-11, Tom Smyth wrote: > Hi Pierre, > >

Re: Weird routing problem on simple CARP setup

interface. I upgraded to 6.3 and it also works. Thank you for your help -- Cordialement, Pierre BARDOU -Message d'origine- De : Stefan Sperling Envoyé : mardi 3 juillet 2018 13:33 À : BARDOU Pierre Cc : misc@openbsd.org Objet : Re: Weird routing problem on simple CARP setup On Wed, Jun 27

Weird routing problem on simple CARP setup

Hello, I have a strange problem with OpenBSD 6.2, which looks like a bug. Steps to reproduce : * sh /etc/netstart -> everything works. Routing table : root@fw-t-wan-chut01:~ # netstat -rnf inet

Re: Queuing faster than 4 Gbps

90321717 25617 enc0 trunk0 vlan3202 vlan3203 vlan4027 carp1 carp2 carp3 carp4 pfsync0 pflog0 -- Cordialement, Pierre BARDOU -Message d'origine- De : BARDOU Pierre Envoyé : mardi 27 février 2018 13:52 À : misc@openbsd.org Objet : RE: Queuing faster than 4 Gbps Hello, I

Re: Queuing faster than 4 Gbps

addr 2 uhidev1: iclass 3/1 ums0 at uhidev1: 3 buttons wsmouse0 at ums0 mux 0 vscsi0 at root scsibus2 at vscsi0: 256 targets softraid0 at root scsibus3 at softraid0: 256 targets root on sd0a (e4426d30edab0280.a) swap on sd0b dump on sd0b -- Cordialement, Pierre BARDOU -Message d'origine---

Queuing faster than 4 Gbps

Hello, I'm trying to use queuing on a 10 Gbps interface. I remind of a conversation on tech@ or misc@ which was about queuing values being stored in a UINT which prevented configuring values > 4 Gbps. I can't find it in the mailing list archive logs though. Wasn't the discussion about using

IPsec (isakmpd) in rdomain non zero needs default route

Hello, I don't know if I should post this to misc@ or bugs@... If this is the wrong list tell me I'll file a proper bug report. I need to add a default route in rdomain 1 to be able to use the tunnels created by isakmpd. That is a bit weird, routes should be injected by isakmpd. Here is my

Re: Read sysctl from file

: yes with_items: "{{ sysctl }}" Vars : sysctl: - name: "net.inet.ip.forwarding" value: 1 - name: "net.inet.carp.preempt" value: 1 -- Cordialement, Pierre BARDOU -Message d'origine- De : Theo de Raadt [mailto:dera...@openbsd.org] Envoyé : jeudi 20

Read sysctl from file

Hello, Is there a way to make sysctl re-read its conf file, or even another file, like sysctl -p does on linux systems ? Supporting this option would be nice, as it is used by the sysctl module of ansible. -- Cordialement, Pierre BARDOU

Re: OpenBSD on HPE DL20 G9

avril 2017 09:13 À : BARDOU Pierre <bardo...@mipih.fr> Cc : misc@openbsd.org Objet : Re: OpenBSD on HPE DL20 G9 hi, From: BARDOU Pierre <bardo...@mipih.fr> Subject: OpenBSD on HPE DL20 G9 Date: Mon, 10 Oct 2016 15:12:04 + > I have a brand new HPE DL20 G9, on which I am trying

Re: Monitoring relayd via SNMP

 : samedi 11 mars 2017 15:23 À : BARDOU Pierre <bardo...@mipih.fr>; misc@openbsd.org Objet : Re: Monitoring relayd via SNMP Hello Pierre, I don't use relayd but for some of my needs with snmp, I retrieve the statistics through a script that is executed everytime I poll a specific OID. It

Re: Monitoring relayd via SNMP

I found nothing to implement the relayd MIB in the SNMPD source code apart from the traps part. So it seems this is still a WIP. Anyone could confirm that ? -- Cordialement, Pierre BARDOU -Message d'origine- De : BARDOU Pierre Envoyé : lundi 6 mars 2017 16:46 À : misc@openbsd.org Objet

Monitoring relayd via SNMP

Hello, I am trying to monitor relayd through snmpd(8). It seems that a MIB exists : http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/share/snmp/OPENBSD-RELAYD-MIB.tx t?rev=1.3=text/x-cvsweb-markup But SNMPwalking these OIDs doesn't work. snmpctl show mib doesn't show them either. I tried to setup

Relayd and rdomains

Hello, Is there a solution tu use relayd (redirect mode) on multiple rdomains on the same host ? I had two ideas, but none of them work : * launch relayd in the default rdomain -> rules are injected with "on rdomain 0", so they do not match on other rdomains * launch one relayd instance by

Re: 350MHz IBM Intel Pentium II runs 5.9 fine

It is quite stable also :) I love this OS... Congrats to the team for all the good work. This router is used for etherip, and works flawlessly for more than 5 years now (and counting). # uptime 5:59PM up 1890 days, 1:02, 1 user, load averages: 0.17, 0.11, 0.09 # cat /var/run/dmesg.boot OpenBSD

Re: 4th nic for pcengines apu2

Hi, I am planning to try DL320e G8 v2, in the same price range of the DL20 G9. If you have a few weeks I should be able to tell you if it works. For the APU, I would go with a manageable switch and VLAN. -- Cordialement, Pierre BARDOU -Message d'origine- De : Marko Cupać

Re: OpenBSD on HPE DL20 G9

Envoyé : lundi 10 octobre 2016 17:45 À : BARDOU Pierre <bardo...@mipih.fr> Cc : misc@openbsd.org Objet : Re: OpenBSD on HPE DL20 G9 Can't you enable serial console redirection with the built-in iLO? That should make it easier to get the boot messages in legacy mode. - todd

OpenBSD on HPE DL20 G9

Hello, I have a brand new HPE DL20 G9, on which I am trying to boot OpenBSD (version 6.0). 1s try : UEFI. The boot loader does its work, and then the screen remains blank. I can't see any line with blue background. I tried to see what happend via console, but there is no serial port on these

Re: ratble and rdomain support on dhcpd and openvpn

Hi, OpenVPN does not support rdomains and probably never will, as it is OpenBSD-specific. I had some success by running it in the default rdomain an then dispatching the clients in different rdomains via PF. But this was for server mode. Maybe you can do something like that for the client, like

Re: syslog-ng+ELK

Hello, I use ELK for all my system/firewall logs. It gathers linux, windows, ASA, pflog and all appliances syslogs very well, despite the high number of messages (actually more than 1 000 000 000/week). You can configure logstah filtering to suit your needs. Kibana interface is very efficient,

Announce NAT pools via OSPF

Hello, Il would like to announce the NAT pools used by my firewalls to my backbone using OSPF. Let's say my real network is connected to vmx0. It's address is A/24 and is NATed to N/24. My backbone is reached through vmx1. So I configured a route on the firewall , destination N/24, gateway

Re: rdomain with BGP dynamic route

Hello, I think this is what I tried a while ago, which is not possible. Cf http://openbsd-archive.7691.n7.nabble.com/Multi-VRF-bgpd-no-MPLS-td248639.html Bgpd.conf(5) says : Currently the routing table must belong to the default routing domain -- Cordialement, Pierre BARDOU -Message

PF monitoring

Hello, I'm looking for performance indicators to be warned if my PF firewall is about to be overwhelmed. I heard about congestion in pfctl -si, net.inet.ip.ifq.drops and kern.netlivelocks. I searched the man pages pfctl(8) and sysctl(3), but I didn't found a clear explanation of what these

Re: openbgpd rdomain/rtable (vrf-lite)

Hello, I tried to do a similar setup. I tried different configuration without success. Then I found this in the manpage : Currently the routing table must belong to the default routing domain and nexthop verification happens on table 0. So I think OpenBGPD is not (yet ?) able to do this. --

Re: openbgpd rdomain/rtable (vrf-lite)

1 septembre 2014 14:35 À : BARDOU Pierre Cc : misc@openbsd.org Objet : Re: openbgpd rdomain/rtable (vrf-lite) Hi Pierre, I tried to do a similar setup. I tried different configuration without success. Yup, I saw your post on misc@ a few days ago when I was looking for some pointers

Re: Pflow granularity

d'origine- De : Andy [mailto:a...@brandwatch.com] Envoyé : lundi 2 juin 2014 18:01 À : BARDOU Pierre Cc : misc@openbsd.org Objet : Re: Pflow granularity I think you might have to try softflowd instead of the built-in sflowd.. These guys had the same problem and moved to softflowd to allow

Pflow granularity

Hello, I sat up NetFlow reporting on a PF firewall, but there seems to be a flaw in the implementation : only global statistics about the flow are given (start time, end time, IP/port source, IP/port dest, bits in both ways, ...). So as an example if somebody establishes an sftp connexion,

Re: Multi-VRF bgpd (no MPLS)

, as my C skills are far below what is needed to do that ? -- Cordialement, Pierre BARDOU -Message d'origine- De : BARDOU Pierre Envoyé : lundi 19 mai 2014 11:30 À : misc@openbsd.org Objet : Multi-VRF bgpd (no MPLS) Hello, I'm trying to prevent my boss from buying an ASA 5585-X to use

Multi-VRF bgpd (no MPLS)

Hello, I'm trying to prevent my boss from buying an ASA 5585-X to use an OpenBSD box instead. NAT on ASA is such a pain... The use would be a WAN firewall, routing for sites with potentially identical IP ranges. Overlapping IP ranges are translated by the firewall so that from the point of

Re: OpenBSD ipsec performance on modern HW

De : Evgeniy Sudyr [mailto:eject.in...@gmail.com] Envoyé : dimanche 21 juillet 2013 13:17 À : BARDOU Pierre Cc : misc@openbsd.org Objet : Re: OpenBSD ipsec performance on modern HW All, during my tests I seen that CPU on all cores and memory usage was very low. Just interesting if there are any

Re: OpenBSD ipsec performance on modern HW

Hello, I did some testing with AES-NI enabled CPU. You can find them in the list archives, here : http://old.nabble.com/Re%3A-ipsec-tunnel-speeds-p34080479.html Upgrading CPU number is useless (if I have well understood how it works) : IPsec only runs on the first core. -- Cordialement, Pierre

Re: PF sync doesn't not work very well

Hello, I don't know if this may help you, but I have a working BGP setup with two routers active/active. I don't use pfsync, but keep state (sloppy). This is less secure according to pf.conf(5), but that's not really a concern for me as those routers are not my border firewalls... But maybe I

Re: Running OpenBSD on Raspberry Pi

in this thread), no problem. I'll stick on OpenBSD at work, and play with linux at home. -- Cordialement, Pierre BARDOU De : Andres Genovez [mailto:andresgeno...@gmail.com] Envoyé : mercredi 9 janvier 2013 21:21 À : Gene Cc : BARDOU Pierre; misc@openbsd.org Objet : Re: Running OpenBSD on Raspberry Pi

Re: Running OpenBSD on Raspberry Pi

Hello, I would be very interested by an OpenBSD port too. Usage : home router with firewall, DNS and DHCP. I am looking into FreeBSD and NetBSD ports, but I would prefer to have the latest PF and OpenSSH versions... plus I am more used to OpenBSD and I like using it :-) If somebody knows X86

Re: ipsec tunnel speeds

Hello, I am just doing some IPsec performance tests on shiny new DL 380 G8 (CPU is Intel(R) Xeon(R) CPU E5-2643 @ 3.30GHz). Here is the setup : Two Optiplex - HP DL380 G8 - HP DL 380 G8 - Two Optiplex Intel Gb NIC in every computer All running 5.2-beta amd64 compiled

Re: bnx[01] - trunk0 - vlan119 - carp119 problem

Hello, I have dozens of CARP interfaces over VLAN interfaces over LACP trunk interfaces over physical EM/BGE/BNX. Carp is in multicast mode, multicast routing is disabled. Works like a charm with various OpenBSD versions since 4.4 to 5.0. I can give you my hostname.if if that helps... --

Re: Daily digest, Issue 2282 (37 messages)

Hello, The firewall redirects inbound SMTP to spamd box (let's say its address is 192.168.0.10). Then the spamd box redirects non-spam traffic to the qmail box while doing NAT to 192.168.0.10 (to avoid asymmetrical routing). Should work like a charm. Outgoing mail will go through the default

Hardware for 1Gbps IPsec

Hello, I'm looking for hardware capable of doing 1bgps IPsec, under OpenBSD of course. Do you think it is possible with a brand new high end server and their new instructions (AES/NI and/or AVX) ? Or would a crypto card be necessary ? If yes, do you have a brand/model to recommend ? In the

Re: Quad-Gigabit 1U mini-itx board recommendations?

Hello, I think the Soekris net6501 has two great advantages : * power consumption : their atom E6XX is between 3,3w and 7w TDP, which is much lower than the 35w of the Pentium G620T. The complete board is said to use under 10w. * the user programmable FPGA, which might be used (I guess) as a

Re: Load balancing incoming trafic with BGP

: mardi 29 juin 2010 14:47 @ : misc@openbsd.org Objet : Re: Load balancing incoming trafic with BGP On 2010-06-29, BARDOU Pierre bardo...@mipih.fr wrote: Hello, I tried to follow your advices, and I set : network 1.1.1.0/24 network 1.1.1.0/25 set prepend-self 5 hmm, I meant that you should

Re: Load balancing incoming trafic with BGP

:13 @ : misc@openbsd.org Objet : Re: Load balancing incoming trafic with BGP On 2010-06-29, BARDOU Pierre bardo...@mipih.fr wrote: Hello, I did this on router A : network 217.109.108.0/24 network 217.109.108.128/25 neigbor... allow from any match to any prefix 217.109.108.128/25 set

Re: Load balancing incoming trafic with BGP

... Many thanks for the help -- Cordialement, Pierre BARDOU -Message d'origine- De : Stuart Henderson [mailto:s...@spacehopper.org] Envoyi : samedi 26 juin 2010 12:18 @ : misc@openbsd.org Objet : Re: Load balancing incoming trafic with BGP On 2010-06-25, BARDOU Pierre bardo...@mipih.fr

Re: Load balancing incoming trafic with BGP

i Everything is fine :) Many, many thanks for your help. -- Cordialement, Pierre BARDOU -Message d'origine- DeB : rh...@hushmail.com [mailto:rh...@hushmail.com] EnvoyC)B : mardi 29 juin 2010 13:30 CB : misc@openbsd.org CcB : BARDOU Pierre ObjetB : Re: Load

Load balancing incoming trafic with BGP

Hello, I have issues trying to setup this : ISP AISP B || Router ARouter B Main site --- Backup site 1.1.1.0/25 1.1.1.128/25 I'd like that connections to the main site flow through ISP A, to the backup site flow through

Re: Hardware for a PF box

Hello, I'll try to answer every suggestion... I'm going to buy brand new HP servers, DL360 G5 or DL165 G7. So the choice for CPU is between AMD Opteron 24xx or Intel Xeon 55xx. I've read that a PIII would be sufficient : I have performance issues actually, running on a Xeon 2.8GHz

Re: Hardware for a PF box

bandwidth) * 2x72 Gb SAS drives on raid1 * GENERIC.MP kernel -- Cordialement, Pierre BARDOU -Message d'origine- DeB : BARDOU Pierre EnvoyC)B : mardi 11 mai 2010 15:40 CB : 'misc@openbsd.org' ObjetB : RE: Hardware for a PF box Hello, I'll try to answer every suggestion

Hardware for a PF box

Hello, I'm going to buy hardware to create 4 PF/relayd/openVPN boxes (2 active, 2 passive). I have an average of 500 new connections/s, 40k states and 40kpps in PF, 20 remote concurrent accesses on OpenVPN. What CPU would you recommend between Intel and AMD ? Since PF is mono threaded, I think

LACP problem

Hello, I use an LACP trunk on my openBSD firewall since 4.5 It worked during more than a year, but since I upgraded to 4.6 the trunk went down two times. I cant do anything to fix it except reboot the firewall. The switch is a HP Procurve 8412zl. I tried a workaround, to test it I did on my

Re: LACP problem

11:00:17 fw-intra-slave /bsd: root on sd0a swap on sd0b dump on sd0b -- Cordialement, Pierre BARDOU De : Iqigo Ortiz de Urbina [mailto:tarom...@gmail.com] Envoyi : mardi 22 dicembre 2009 12:45 @ : BARDOU Pierre Objet : Re: LACP problem On Tue, Dec 22, 2009 at 11:22 AM, BARDOU Pierre

Packets to IPsec blackholed ?

Hello, I had a working ipsec tunnel this morning : Dec 04 09:30:35.086117 rule 375/(match) pass in on vlan100: 10.80.2.135.4685 10.96.37.1.23: S 2120140262:2120140262(0) win 64512 mss 1460,nop,nop,sackOK (DF) Dec 04 09:30:35.086154 rule 28/(match) pass out on enc0: 10.80.2.135.4685

Disk occupation problem

Hello, I have a strange problem with disk occupation. Df says my disk is nearly full (25G occupied), but when I do a du sh on the mountpoint it says only 10M used !? I had the same problem a few days ago on 4.5-stable ; I upgraded to 4.6-stable and it happens again. Some logs : # du -sh /var/

Re: Disk occupation problem

[mailto:richardtoo...@paradise.net.nz] Envoyi : lundi 9 novembre 2009 09:21 @ : BARDOU Pierre Cc : misc@openbsd.org Objet : Re: Disk occupation problem On 9/11/2009, at 9:11 PM, BARDOU Pierre wrote: Hello, I have a strange problem with disk occupation. Df says my disk is nearly full (25G occupied), but when

Re: Disk occupation problem

-Message d'origine- De : Otto Moerbeek [mailto:o...@drijf.net] Envoyi : lundi 9 novembre 2009 09:55 @ : BARDOU Pierre Cc : Richard Toohey; misc@openbsd.org Objet : Re: Disk occupation problem On Mon, Nov 09, 2009 at 09:43:24AM +0100, BARDOU Pierre wrote: Hello, I didn't delete anything

Re: New functionnality for authpf

d'origine- De : Vadim Zhukov [mailto:persg...@gmail.com] EnvoyC) : mardi 13 octobre 2009 18:09 C : BARDOU Pierre Cc : misc@openbsd.org Objet : Re: New functionnality for authpf On 13 October 2009 P3. 18:53:07 BARDOU Pierre wrote: Hello, Id need a new functionnality in authpf It would

New functionnality for authpf

Hello, Id need a new functionnality in authpf It would be nice to do group based rules instead of user based rules. I made this using a script used as shell for the user, which lists the groups of the user, and add them to a table named like the group using pfctl and sudo. I can give it

Re: CARP problem : slave rioting

Hello, I found the cause of the problem : the CARP interface vas configured with a /24 mask on the master, and a /25 mask on the slaves. With coherent masks everything works like a charm now. -- Cordialement, Pierre BARDOU -Message d'origine- De : BARDOU Pierre Envoyi : lundi 29 juin

Re: CARP problem : slave rioting

!? I have run out of ideas about the cause of the problem. -- Cordialement, Pierre BARDOU -Message d'origine- De : uday [mailto:umoorjani@gmail.com] Envoyi : vendredi 26 juin 2009 21:17 @ : BARDOU Pierre Cc : misc@openbsd.org Objet : Re: CARP problem : slave rioting Pierre, If I'm

Re: CARP problem : slave rioting

d'origine- De : uday [mailto:umoorjani@gmail.com] Envoyi : vendredi 26 juin 2009 12:21 @ : BARDOU Pierre Cc : misc@openbsd.org Objet : Re: CARP problem : slave rioting Can you post configuration files for the carp interfaces ? Nonviolence means avoiding not only external physical violence

CARP problem : slave rioting

Hello, I have a setup with 2 openBSD boxes used as firewall, redundancy is made using CARP. Each has 4 NIC : 1 for internet, 1 for pfsync, and the two last are used as a trunk, collecting all other VLANs. Master's advskew is 10, slave's is 50. All worked like a charm since nearly 2 years, but

PF performance problem

Hello, I have performance issues on a OpenBSD 4.4 firewall. CPU load is OK (always below 50%), but system load is always between 1 and 1.5, it may go up to 2 sometimes. I suspected an I/O problem on the HDD because of pflogd, so I shut it down and the system load is always as high. Could you

Re: PF performance problem

... -- Cordialement, Pierre BARDOU -Message d'origine- De : Richard Toohey [mailto:richardtoo...@paradise.net.nz] Envoyi : mercredi 3 juin 2009 12:50 @ : BARDOU Pierre Cc : misc@openbsd.org Objet : Re: PF performance problem On 3/06/2009, at 10:02 PM, BARDOU Pierre wrote: Hello, I have

Re: PF performance problem

Thanks everybody for the help. I will stop worrying about the system load and wait a noticeable performance problem before asking for help :) I set pfctl -x urgent, and now I'm waiting for something in /var/log/messages... -- Cordialement, Pierre BARDOU

RAM not detected on HP DL580 G4

Hello, I'm trying to set up an OpenBSD 4.5 amd64 on a HP ProLiant DL580 G4. It has 38 GB RAM, but only ~3 GB is detected. Is it possible to use all the RAM ? The dmesg : # dmesg OpenBSD 4.5 (GENERIC) #2052: Sat Feb 28 14:55:24 MST 2009

Re: Can't get relayd to work for DNS + problem with relayctl reload

logs says nothing. Will I be forced to pkill relayd and restart it each time ? -- Cordialement, Pierre BARDOU -Message d'origine- De : Nigel J. Taylor [mailto:njtay...@asterisk.demon.co.uk] Envoyi : mercredi 14 janvier 2009 02:22 @ : BARDOU Pierre Objet : Re: Can't get relayd to work for DNS

Re: Can't get relayd to work for DNS + problem with relayctl reload

Hi, I tried to send a bug report with sendbug(1), but I am not very familiar with it. I hope someone will notice... -- Cordialement, Pierre BARDOU De : uday [mailto:umoorjani@gmail.com] Envoyi : mercredi 14 janvier 2009 15:52 @ : BARDOU Pierre Cc : misc@openbsd.org; Nigel J. Taylor

Can't get relayd to work for DNS

Hello, I am trying to setup relayd for loadbalancing on my DNS servers. The problem is that relayd seems to handle only TCP connexions, UDP isn't taken into account. I found a known bug on openBSD 4.2, but I am using openBSD 4.4. I've tried the same setup with a relay, and still have the same

NAT + IPsec : strange pf error

Hello, I'm trying to setup a config like this : http://fixunix.com/bsd/87865-nat-ipsec-openbsd-pf-isakmpd.html So I created lo1, gave it an IP adress... and since then I can't compile my firewall script (which used to work like a charm since several months). I did no modifications to it, so I

Re: NAT + IPsec : strange pf error - link1 flag

I found something more precise about the error : it only occurs when I set the link1 flag on lo1. -- Cordialement, Pierre BARDOU -Message d'origine- De : BARDOU Pierre Envoyé : mardi 25 novembre 2008 11:51 À : misc@openbsd.org Objet : NAT + IPsec : strange pf error Hello, I'm

Problems with relayd

Hello, I have big trouble with relayd on openBSD 4.4 to loadbalance 2 squid proxies : * relayctl reload doesn't work. It just says command failed and nothing appears in relayd logs (relayd launched with relayd -d) I am testing right now, but when I will go in production to kill and restart relayd

Re: NAT + IPsec problem

Pierre Objet : Re: NAT + IPsec problem Le jeudi 06 novembre 2008 a 15:30, BARDOU Pierre ecrivait : Hello, Bonjour, I am trying to setup an IPsec connection. Here is the ipsec.conf : ike esp from 10.63.61.0/26 to 193.164.151.0/28 peer 193.164.151.35 \ main auth hmac-sha1 enc aes-256

Re: Problem with relayctl - OBSD 4.4

Hello, Here is the log for relayd -dv. When I try to relayctl reload I got a command failed and nothing in relayd output. # relayd -dv warning: macro 'squid_adh' not used warning: macro 'dns_adh' not used warning: macro 'dns1_ext' not used warning: macro 'dns2_ext' not used warning: macro

Problem with relayctl - OBSD 4.4

Hello, I have something which looks like a bug using relayctl on openBSD 4.4 : * My config file is correct according to relayd -n * I can launch relayd * I can't reload the config file using relayctl reload : it says command failed /var/log/daemon.log and /var/log/messages don't report anything

NAT + IPsec problem

Hello, I am trying to setup an IPsec connection. Here is the ipsec.conf : ike esp from 10.63.61.0/26 to 193.164.151.0/28 peer 193.164.151.35 \ main auth hmac-sha1 enc aes-256 \ quick auth hmac-sha1 enc aes-256 group modp1024 psk Tunnels go up well : flow esp in from

Re: OpenBGP load balancing between 2 ISP (multihoming)

BARDOU De : Frans Haarman [mailto:[EMAIL PROTECTED] Envoyé : mardi 7 octobre 2008 18:54 À : BARDOU Pierre Cc : misc@openbsd.org Objet : Re: OpenBGP load balancing between 2 ISP (multihoming) 2008/10/7 BARDOU Pierre [EMAIL PROTECTED] Hello

Re: OpenBGP load balancing between 2 ISP (multihoming)

config. -- Cordialement, Pierre BARDOU -Message d'origine- De : Mariusz Makowski [mailto:[EMAIL PROTECTED] Envoyi : mardi 7 octobre 2008 21:38 @ : Frans Haarman Cc : BARDOU Pierre; misc@openbsd.org Objet : Re: OpenBGP load balancing between 2 ISP (multihoming) Frans Haarman wrote: 2008/10

Re: OpenBGP load balancing between 2 ISP (multihoming)

: mercredi 8 octobre 2008 09:05 À : BARDOU Pierre Cc : Frans Haarman; misc@openbsd.org Objet : Re: OpenBGP load balancing between 2 ISP (multihoming) BARDOU Pierre wrote: Hello, I can load balance on the firewalls with pf , but the problem of that Solution is that there is no failover AFAIK

Re: OpenBGP load balancing between 2 ISP (multihoming)

multipath routes, and withdraw them when one link/router fails, I am running out of ideas... Someone has one ? Thanks -- Cordialement, Pierre BARDOU -Message d'origine- De : Mariusz Makowski [mailto:[EMAIL PROTECTED] Envoyé : mardi 7 octobre 2008 21:38 À : Frans Haarman Cc : BARDOU Pierre

Re: OpenBGP load balancing between 2 ISP (multihoming)

octobre 2008 10:56 À : BARDOU Pierre Cc : misc@openbsd.org Objet : Re: OpenBGP load balancing between 2 ISP (multihoming) ospf and bgp are designed to select the best possbile route and add that to the kernel routing table I think ;) I still think you could run 2 CARPs on both BGP routers

OpenBGP load balancing between 2 ISP (multihoming)

Hello, I am trying to set up a configuraion like this : +--- -+ +-+ | ISP1 | | ISP2 | Cisco | ROUTER | | ROUTER | | AS3215 | | AS12670 | +-+ +-+