Re: OpenBSD isakmpd and pf vs Cisco PIX or ASA

2008-04-11 Thread José Costa
Hello, Is there any documentation about those tweaks for tcp performance? and what about irq thingy? On Thu, Nov 8, 2007 at 2:34 AM, Prabhu Gurumurthy [EMAIL PROTECTED] wrote: Brian A Seklecki (Mobile) wrote: On Mon, 2007-11-05 at 07:23 +0100, Martin Toft wrote: On Mon, Nov 05, 2007 at

Re: hoststated with multiple virtual hosts

2007-10-04 Thread José Costa
My scenario is this: ifconfig sis0 10.0.0.1 netmask 255.255.255.0 ifconfig carp0 10.0.0.10 netmask 255.255.255.0 vhid 1 ifconfig carp1 10.0.0.20 netmask 255.255.255.0 vhid 2 (two carp interfaces because I can't have carp with 2 or more IP addresses) ifconfig sis1 172.16.0.1 netmask 255.255.255.0

hoststated with multiple virtual hosts

2007-10-03 Thread José Costa
Hello, Is it possible to configure hoststated.conf with IPs in a table { ip1, ip2} and virtual host table ... ?

Re: IPSec

2007-09-05 Thread José Costa
I think that the patch works but I can't ping from the 10.0.0.0/24 network to 10.0.1.0/24. I can ping from ISA to 10.0.0.1 (another VM connected), to 10.0.0.50 (loopback1) and 10.0.0.254 (inside if). From OBSD, I can ping from 10.0.0.254 (ping -I 10.0.0.254) to 10.0.1.254 and (ping -I 10.0.0.50)

Re: IPSec

2007-09-05 Thread José Costa
Oh, and the tunnel is only activated when ISA network tries to access OBSD network. In the other way doesn't work. On 9/5/07, JosC) Costa [EMAIL PROTECTED] wrote: I think that the patch works but I can't ping from the 10.0.0.0/24 network to 10.0.1.0/24. I can ping from ISA to 10.0.0.1

Re: IPSec

2007-09-03 Thread José Costa
Hello, Yeah, i bet it works beautifully with OBSD tunnels but I'm trying to create a tunnel between OBSD and ISA Server 2006 on VMWare Server. Sep 3 13:49:55 obsd1 isakmpd[1074]: dropped message from 172.26.10.83 port 500 due to notification type NO_PROPOSAL_CHOSEN Sep 3 13:49:55 obsd1

Re: IPSec

2007-09-03 Thread José Costa
How can I solve this? Any docs about it? Debugging? On 9/3/07, Hans-Joerg Hoexer [EMAIL PROTECTED] wrote: Hi, On Mon, Sep 03, 2007 at 12:59:48PM +0100, JosC) Costa wrote: Sep 3 13:49:55 obsd1 isakmpd[1074]: dropped message from 172.26.10.83 port 500 due to notification type

Re: IPSec

2007-09-03 Thread José Costa
3des, sha1, PFS disabled. On 9/3/07, Hans-Joerg Hoexer [EMAIL PROTECTED] wrote: Hi, which transforms are configured on the ISA server for phase 2? On Mon, Sep 03, 2007 at 02:21:24PM +0100, JosC) Costa wrote: How can I solve this? Any docs about it? Debugging? On 9/3/07, Hans-Joerg

Re: IPSec

2007-09-03 Thread José Costa
Sep 3 15:05:16 obsd1 isakmpd[25239]: dropped message from 172.26.10.83 port 500 due to notification type NO_PROPOSAL_CHOSEN Sep 3 15:05:16 obsd1 isakmpd[25239]: responder_recv_HASH_SA_NONCE: KEY_EXCH payload without a group desc. attribute Sep 3 15:05:16 obsd1 isakmpd[25239]: dropped message

Re: IPSec

2007-09-03 Thread José Costa
Okay, I've altered the range from 10.0.0.1 to 10.0.0.255 - 10.0.0.0 to 10.0.0.255. FLOWS: flow esp in from 172.26.10.83 to 10.0.0.0/24 peer 172.26.10.83 srcid obsd1.my.domain dstid 172.26.10.83/32 type use flow esp out from 10.0.0.0/24 to 172.26.10.83 peer 172.26.10.83 srcid obsd1.my.domain dstid

Re: IPSec

2007-09-03 Thread José Costa
Attached. On 9/3/07, Hans-Joerg Hoexer [EMAIL PROTECTED] wrote: Hi, could you please run isakmpd with the -L (see isakmpd(8)) flag and could you provide we the generated pcap file? On Mon, Sep 03, 2007 at 04:17:22PM +0100, JosC) Costa wrote: Okay, I've altered the range from 10.0.0.1 to

IPSec

2007-08-31 Thread José Costa
Hello, Anyone knows a really good IPSec howto besides the man pages?