Commell == Liantec
Same boards, same company, just a marketing change. Liantec is the name
they want to brand/market.
I also use Liantec. If you are in Europe, contact Wim and he'll hook
you up. Though, I'm sure he'll ship worldwide.
-mtu
On Fri, Jun 01, 2007 at 09:31:56AM -0600, Diana Eiche
Hi Ben,
You may have to open up udpencap on the OpenBSD VPN gateway.
pass in quick on $ext_if inet proto udp from port { 500 4500 } to
$ext_if port { 500 4500 }
pass out quick on $ext_if inet proto udp from $ext_if port { 500 4500 } to
port { 500 4500 }
Also, I am assuming that you're using
If you replaced the Switch with the OpenBSD Firewall below,
then your routing issues will go away. It'll require work
on your end but after all is said and done, you won't need
to change anything or even rely on the hosts for their ability
or inability to understand advanced routing or any dhcp o
No, this is not what I was asking for. Of course, we can block
by OS but what I wanted to know was, how did Steve determine that
Linux hosts were causing him grief on the Netserver running 3.6 ?
I should have been clearer. Sorry about that. Thanks nevertheless.
Mark T. Uemura
OpenBSD Suppo
> 3.6 on a HP Netserver.
Steve,
Can you let me know what model that was?
I've used and still use LC2000R going as far back as 2.9 without any
issues. If it was an LC2000, then I might be able to test this.
> On the Netserver I blocked Linux OS from accessing ssh port with PF as I
> exclusiv
> I still haven't resolved the problems on this machine. I had to have
I'm sure that you're frustrated at this point not knowing how to resolve
this issue and having to do it remotely at that :(
If everything else is working at this point and you have pf enabled
as you should, then it's a matter
> it is more productive to make the .conf simpler, and
> not more complex. more complex usually ends up in
Great advice.
> the 'Address' line within an is to be
> interpreted as optional, so these seem to be two
If I'm not mistaken, it's *optional* for
Passive-connections=IPsec-
> isakmpd.conf on one side:
...
[Phase 2]
-Connections= IPsec-clients,CONN-VPNPrueba2
+Passive-connections= IPsec-clients,CONN-VPNPrueba2
Try making this one change the isakmpd.conf on the VPN-peer
that the clients will be connecting to.
Mark T. Uemura
OpenBSD Support Japan Inc.
w
Hi Brandon,
> Mark, thanks for the help. I was able to figure it out and the problem
> I was having was because I had a rdr rule that was a little too global
> and was overriding the defaults of the rules I had to rdr to a specific
> host. If you look at my authpf.rules you'll see that I don't s
Now I understand why you guys need an rdr rule. I'm port forwarding
my RDC connections through ssh. This eliminates the need for rdr.
However, if you don't port forward, then I can see why the rdr rule
is needed.
I assumed too much before in my previous post. Sorry for that.
If you're allowing
> like to be able to log in to their machine. I've tried setting up
> specific rules that rdr to their machines to no avail. Here are some
> things I've tried:
I'm not quite sure why you are using the rdr rule? I've got the
same requirements as you have described above but no need for rdr.
I
> However, if I am on the the firewall machines themselves, I can ping
> machines on the remote end, but service connection fails.
Steve is right. You have not setup flows in your isakmpd.conf to allow
for this.
> Are there additional rules I need to put into pf for this type of
> connectivity?
xperience
the myriad of benefits gained by integrating OpenBSD into corporate IT
Infrastructures. Of course, smaller companies would benefit just as much
and would probably appreciate the savings even more so. I'm just here
spreading the word :)
Thanks once again.
Cheers,
Mark Uemura
O
le.
Thanks to the developers, documentors and supporters
that are equally passionate about OpenBSD and Security.
I'm just having fun and enjoying the ride :)
Cheers,
Mark Uemura
OpenBSD Support Japan Inc.
www.openbsd-support.com
P.S. Thanks Theo!
't
> going to want to hear about how you pulled machines out of the trash and
> now the business depends on them, even if they're 4x redundant.
Good point. Most of the people in attendance at the talk commented
positively on this very point. They were quite impressed with what
could be done using OpenBSD and more so when I showed them what could
be done using those very little commell boxes that I used in the demo :)
> Slide 3: The first two paragraphs only preach to the converted. Maybe
> add a fourth bullet point, "Your competitors are probably saving money
> using it", depending on your audience.
Excellent suggestion. Thanks for that.
Once again, thanks for your comments and your time :)
Cheers,
Mark Uemura
OpenBSD Support Japan Inc.
www.openbsd-support.com
Hi All,
I recently gave a talk that may interest some. I hope
that it could be used by anyone presenting the merits
of OpenBSD and related Projects as a business case for
the corporate world. The slides can be used by anyone
in any manner that would best benefit the Project.
I've updated our co
> like to know if anybody got a ralink-card working in hostap-mode.
I had a ralink mini-pci working in hostap mode and running dhcpd
using this snapshot.
OpenBSD 3.7-current (GENERIC) #134: Sun May 22 01:41:01 MDT 2005
$ sudo ifconfig ral0 media autoselect mediaopt hostap nwid mywap
The intere
> 1) Can anyone recommend some good reference materials on this subject?
I assume that you have a copy of Richard Stevens
"TCP/IP Illustrated Volume 1", I suggest that you go to
section 11.5 (pages 148-156) and get it from the guru himself.
If you need more information, then get a copy of
"F
On Wed, May 11, 2005 at 12:29:12PM -0400, Constantine A. Murenin wrote:
> Doing some flirting with Diana on a public mailing list? :-)
I hope that it doesn't look that way as my wife and kids would be terribly
disappointed ;) I'm just happy get some good advice :)
Cheers,
Mark T. Uemura
Open
On Wed, May 11, 2005 at 04:05:22PM -0500, Ryan Corder wrote:
> I was wondering where you purchased your Commel board/box from? Did
> you get it straight from Commel or are they a purely OEM shop and you
> have to get it via a third party? I noticed order numbers on their
> page, but no where
On Wed, May 11, 2005 at 08:30:23AM -0500, Daniel Hamlin wrote:
> Have you done any throughput testing on the Commell? I'm considering
> using it as a firewall/router for a 45Mb connection.
As you can see from the trivial test below, I'm able to get 80+ Mb/s
through the Commell firewall. However
> I purchased the Commell board in a case designed for it, there is an
> access panel for the CF socket. The PCI slot becomes unusable in the
> case. The board I purchased also uses the Intel NIC's for 3/100M & 1/1G
> NICs. We purchased these to evaluate using the bozes with OpenBSD PF and
> pff
> > http://www.commell-sys.com/Product/IPC/EMB-564.htm
> I have one of these. "Good" serial BIOS is a relative term. No PC BIOS
> based system have very good serial consoles.
Since you have one, how does it compare with the Soekris or Nexcom?
I value your opinion. I've not had any experience
> Any other recommendations?
Here's another alternative that you may want to look into.
http://www.commell-sys.com/Product/IPC/EMB-564.htm
It's also has a fairly good Serial BIOS.
Cheers,
Mark T. Uemura
OpenBSD Support Japan Inc.
www.openbsd-support.com
Tel: +81-(0)3-3715-3032
24 matches
Mail list logo