Hello everyone
Just wanted to check my sanity after so many days. I have ikev2 setup working
for windows machine for a long time using the following. So, to repeat this
works, it connects fine.
ikev2 passive esp \
from 0.0.0.0/0 to 10.0.5.0/24 \
peer any local 50.247.187.177 \
...@fkie.fraunhofer.de]
Sent: Tuesday, October 17, 2017 3:30 AM
To: Justin Mayes
Subject: Re: [misc] "switching console to com0"
Am Dienstag, den 17.10.2017, 04:03 +0000 schrieb Justin Mayes:
> Greetings all - what does one do when during the install you set the
> default console to c
Greetings all - what does one do when during the install you set the default
console to com0 and now your serial cable is not working? I cannot login to set
the default console back to use the keyboard and monitor. Instead of the boot
prompt where I can normally change settings and/or enter sing
Hello all -
I was also recently trying to do a simple ipsec/l2tp vpn. I found that it works
fine for everything except my android 5.1.1 device. The odd thing is that when
I watch the log and/or isakmpd output I can see it connect fine, authenticate
to l2tp and so on then it immediately disconn
oblem in cases like mine where the other end of the vpn gives you a
take it leave it config.
-Original Message-
From: Adam Van Ymeren [mailto:adam.v...@gmail.com]
Sent: Monday, June 1, 2015 2:16 PM
To: Justin Mayes
Cc: misc@openbsd.org
Subject: Re: NATing out enc0 traffic
Thanks for posti
sd.org] On Behalf Of
Justin Mayes
Sent: Friday, May 29, 2015 11:10 AM
To: misc@openbsd.org
Subject: Re: NATing out enc0 traffic
I think I am understanding this better after some more reading. My ipsec tunnel
just connects the two subnets and when my nat traffic returns from the internet
it does not
route like pptp or
l2tp which is what npppd is for. I do not have access to configure the amazon
side of the vpn for pptp or l2tp so I do not think this is not going to be
possible. That seems odd. I assumed this would be a common setup
-Original Message-
From: Justin Mayes
Sent
and has no route for that. I need it to
go back through enc0.
J
-Original Message-
From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of
Justin Mayes
Sent: Wednesday, May 27, 2015 2:47 PM
To: misc@openbsd.org
Subject: NATing out enc0 traffic
Greetings everyone
I
Greetings everyone
I am playing with amazon virtual private clouds (VPC). I have set a few up. I
have no issues connecting ipsec from openbsd <-> amazon VPC. All of these
VPCs so far have their own internet connection going out from amazon that
works fine.
[OpenBSD][VPC]
etter. Thanks for the tip tho James, its good
advice.
J
-Original Message-
From: James A. Peltier [mailto:jpelt...@sfu.ca]
Sent: Monday, October 20, 2014 5:34 PM
To: Justin Mayes
Cc: misc@openbsd.org
Subject: Re: Making tftp download large files from tftpd
- Original Message
Here is my diff to change the data type of the block variable so tftp can
handle tftpd block rollover when transferring large files.
May not be that useful but I'm just using something trivial (pun intended) to
learn the procedure.
J
From: Justin Mayes
Sent: Monday, October 20, 2014 9:26
>On the contrary: it_will_ make it impossible for people to know what
> _we_ are doing. This is not one system I'm talking about: it's
> countless independent VPNs. No one person in the world will ever know
> what_we_ are doing.
'countless independent VPNs' + 'a one-time pre-shared key' = bi
I will spare you all the backstory but I found that tftp could not download
files over 32 mb by default from tftpd. I know you can pass blocksize to tftpd
to handle much larger files but I was originally working with a client where
this wasn't possible. Tftp protocol has 2 bytes for block number wh
, October 10, 2014 4:56 PM
To: misc@openbsd.org
Subject: Re: Route-to with a dynamic 'next hop'
On 2014-10-09, Justin Mayes wrote:
> Ok I got it working. Here is what I did
>
> Enabled multipath routing (sysctl)
> Added the relayd anchor to pf.conf
> Created a relayd.co
[mailto:owner-m...@openbsd.org] On Behalf Of
Justin Mayes
Sent: Thursday, October 9, 2014 9:05 AM
To: grazzol...@gmail.com; misc@openbsd.org
Subject: Re: Route-to with a dynamic 'next hop'
My understanding of route-to is that if the destination is not on same network
as the 'route-to&#
al Message-
From: Giancarlo Razzolini [mailto:grazzol...@gmail.com]
Sent: Thursday, October 9, 2014 8:52 AM
To: Justin Mayes; misc@openbsd.org
Subject: Re: Route-to with a dynamic 'next hop'
On 09-10-2014 10:16, Justin Mayes wrote:
> I did notice the problem with only detecting
...@gmail.com]
Sent: Thursday, October 9, 2014 7:26 AM
To: Justin Mayes; misc@openbsd.org
Subject: Re: Route-to with a dynamic 'next hop'
On 09-10-2014 02:58, Justin Mayes wrote:
> Ok I got it working. Here is what I did
>
> Enabled multipath routing (sysctl)
> Added the relayd anchor
I have 2 internet connections. One of them is static IP, one is dynamic. I
want to use both of them on my gateway. From the man pages and other docs I
see the use of route-to in the pf.conf including the 'next-hop' that it
requires. This is easy enough. Problem is that the next hop is hard coded IP
l show summary' showed it as down and then default
route to it was removed automatically. Awesomeness.
-Original Message-
From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of
Justin Mayes
Sent: Wednesday, October 8, 2014 10:56 PM
To: misc@openbsd.org
Subject: Re: Route-to
I just watched Reyk's youtube. I'm going with relayd. I can see the 'routers'
section in the man page for relayd to do what I want.
http://www.youtube.com/watch?v=JtMxGslqGbM
-Original Message-
From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Beh
Greetings all -
I have 2 internet connections. One of them is static IP, one is dynamic. I
want to use both of them on my gateway. From the man pages and other docs I
see the use of route-to in the pf.conf including the 'next-hop' that it
requires. This is easy enough. Problem is that the next hop
ot; I used
the snort -k none option and now snort is alerting also. Just an FYI in case
this is at all related to your work. I have run snort a lot in the past but
never on OpenBSD so I don't know if that's normal or not.
Justin
-Original Message-
From: Justin Mayes
Sent: Thur
This works. Thank you very much. I'll let you know if I run into any issues
but I am able to run snort inline now along with NAT.
Justin
-Original Message-
From: Lawrence Teo [mailto:l...@openbsd.org]
Sent: Wednesday, March 06, 2013 8:55 AM
To: Justin Mayes
Cc: misc@openbs
FYI
This patch has corrected my issues with snort inline and NAT
http://marc.info/?l=openbsd-tech&m=136245826921904&w=2
-Original Message-
From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of
Justin Mayes
Sent: Wednesday, December 19, 2012 3:10 PM
nuary 08, 2013 6:44 AM
To: Justin Mayes
Cc: misc@openbsd.org
Subject: Re: Kernel Debugging
On 17:04 Mon 07 Jan , Justin Mayes wrote:
> I got this. I had 2 com ports on this old target desktop and when I
> switched the serial cable to the right one, it worked. I have working
> DDB kernel
...@openbsd.org] On Behalf Of
Justin Mayes
Sent: Monday, January 07, 2013 2:35 PM
To: misc@openbsd.org
Subject: Re: Kernel Debugging
So now that I got ddb working good I went back and built kernel with KGDB
options per the 'man KGDB' page. I followed the other steps and I have a
null modem cable
not break into debugger on the
target system. Now that current kernel builds with KGDB option, is anyone
using it?
Justin
-Original Message-
From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of
Justin Mayes
Sent: Monday, December 24, 2012 11:07 AM
To: Philip Guenthe
Your right. I can view that struct also. The other structs I tried must have
been out of scope. Thanks for your help Philip.
J
-Original Message-
From: Philip Guenther [mailto:guent...@gmail.com]
Sent: Sunday, December 23, 2012 6:51 PM
To: Justin Mayes
Cc: misc@openbsd.org
Subject: Re
I was looking into kernel debug options and found that trying to build a
kernel with kgdb option enabled fails. Anyone using the kgdb setup? I can
use ddb it's just painful to have to manually walk structures to examine
values. I have moved on to plan B which was to build with option DDB_STRUCT
an
Another update in case there is any interest in running divert-packet along
with NATing. I ditched snort and wrote a little divert program based on the
man page to test easier. I can now see that with nat as well as
divert-packet on egress rule on external interface the packet will get
NATed and go
I read someone mention 'man style' the other day and I'm glad I did. It's
not a standard of any kind but it helped me understand OpenBSD source
better. Seems like a lot of it conforms to most of these rules if not all.
Justin Mayes
Infrastructure Solution Architect
Career E
[mailto:owner-m...@openbsd.org] On Behalf Of
Justin Mayes
Sent: Saturday, November 24, 2012 2:21 PM
To: misc@openbsd.org
Subject: snort inline
Anyone running snort 2.9.3.1p0 in inline / IPS mode with 5.2 cuurent? From
what I read it's possible with pf divert functionality.
This is what I'm doing f
8 TOS:0x20 ID:64655 IpLen:20 DgmLen:84
Type:0 Code:0 ID:52297 Seq:2 ECHO REPLY
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
Client @ 192.168.1.32 never sees reply. Any comments or suggestions?
Justin Mayes
[demime 1.01d removed an attachment of type ap
Check out http://soekris.com/. I have a low end one and it works great.
Little costly though.
Justin Mayes
-Original Message-
From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of
Chris McGee
Sent: Thursday, November 15, 2012 3:48 PM
To: misc@openbsd.org
Subject
competing with each other or Linux for
that matter.
Justin Mayes
-Original Message-
From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of
Robin Björklin
Sent: Monday, November 12, 2012 2:38 PM
To: us...@dragonflybsd.org; netbsd-us...@netbsd.org;
freebsd-c...@freebsd.org
35 matches
Mail list logo
