Hello!
I have a trunk0 interface on a router (#1) that is used for a singular
purpose -- to pass (IPsec protected) traffic for an IPIP tunnel (gif0) to
another router (#2). I have configured PF rules on router #1 that prevent
any other type of traffic from passing on trunk0. There are several
not filter on interface. Seems like it is
possibly a bug.
Joe
On Mon, Apr 30, 2018 at 12:31 PM, Joe Crivello <josephcrive...@gmail.com>
wrote:
> Hello --
>
> While configuring a new firewall, I noticed that pflog0 was showing that
> some ICMPv6 neighbor advertisement packets wer
Hello --
While configuring a new firewall, I noticed that pflog0 was showing that
some ICMPv6 neighbor advertisement packets were being blocked in on vlan51,
which is a sub-interface of vmx1 (a vmxnet3 interface using VGT). I added a
PF rule allowing this traffic to pass. However, even after
enBSD. I am also
troubled by the no error, no warning failure of mrouted on the system I
described above -- wouldn't even know where to start with that one.
Thanks in advance for any advice on this subject...
Joe Crivello
Q170
chipset with an Intel i7-6700TE CPU and I210 and I219 GbE controllers.
Thanks in advance for any responses...
Joe Crivello
> As far as I know, Halon cuts the number of IPSec tunnels on free version.
You're paying for ease of use and polish. Software developers aren't free.
> Can somebody please recommend me a firewall appliance that can run OpenBSD
and
> pf, and can be upgradeable to the latest version? It would be a great plus
if
> the appliance can also be configured as part of CARP firewall group.
http://securityrouter.org/
Great product.
Intel X520 cards seem to work nicely in our shop.
Does anyone have any experience with running OpenBSD on the Intel C61X or
C22X series chipsets? These chipsets are used frequently by Super Micro in
their newer line of very common and (relatively) affordable rack mountable
servers. In particular I am also curious if the SATA ports would be
Awesome! Thanks so much.
So C22X gets detected as an Intel 8 series chipset then (which makes
sense). We are initially thinking about using a couple of Super Micro
5018D-MR servers with Intel X520 cards as routers, so the lack of onboard
Ethernet support is not a problem for us. That said, if
First off, you seem to have set forth a design without first setting forth
it's objective. I suppose in this case it's pretty clear what your implied
objectives are, though.
Traditionally, executable or code signing is used to certify who compiled
a binary, and to prove that it wasn't tampered
To prevent (in theory) various attack vectors (e.g., physical access to
the disk while offline), you need to have the system in a trusted state.
Somebody has already thought this through, here is the result:
http://en.wikipedia.org/wiki/Unified_Extensible_Firmware_Interface#Secure_boot
Such
I was contacted directly by someone who wanted to suggest that I try gif(4)
instead. I have tried gif(4) in the past, but I ran into a lot of weirdness
when using it in combination with IPsec (on 5.6-stable). After I shared my
experience, he suggested that I send my synopsis to the list... so here
It looks like the gre(4) pseudo-device doesn't support GRE over IPv6:
# ifconfig gre1 tunnel fe80::1%vlan9 fe80::2%vlan9
ifconfig: SIOCSLIFPHYADDR: Address family not supported by protocol family
I believe this is at least within the realm of possibility, and it looks
like someone has done some
We also have a need for this in our environment.
We use transport mode IPSEC to protect gif(4) tunnels between our OpenBSD
routers at our remote sites, and we would also ideally like one of these
routers to act as a Win 7 road warrior IKEv2 gateway. We would just use
iked for both scenarios, but
routes from both routers; which was the root cause of the problem.
-Joe
-Original Message-
From: Joe Crivello [mailto:josephcrive...@gmail.com]
Sent: Monday, December 15, 2014 2:24 PM
Subject: Problem With Default Route Over IPSEC Site-To-Site Tunnel VPN
Hello,
I am having a problem
the default route over the IPSEC tunnel?
Thanks so much...!
Joe Crivello
17 matches
Mail list logo