Hello,
I noticed that the README file for unbound in -current still mentions
version 1.9.4 while -current version is 1.9.6.
===
RCS file: /cvs/src/usr.sbin/unbound/README,v
retrieving revision 1.4
diff -u -p -r1.4 README
---
Hello,
This is a short patch to let acme-client accept ECDSA keys now that
letsencrypt accepts signing certificates with those keys. This
functionality is present in certbot, so it might be a good idea to let
acme-client accept that too.
The key needs to be generated manually
i.e.: openssl
Hello,
The man page for openssh 7.7 for Ciphers specifications mentions:
The default is:
chacha20-poly1...@openssh.com,
aes128-ctr,aes192-ctr,aes256-ctr,
aes128-...@openssh.com,aes256-...@openssh.com,
aes128-cbc,aes192-cbc,aes256-cbc
However, ssh doesn't use the last line in that list:
$ ssh
Hello,
Shouldn't /etc/malloc.conf be in /etc/changelist? You would most likely
want to know if it appears or is changed, and you probably don't want
sysclean package to suggest you to remove it either.
What do you think?
Regards
smime.p7s
Description: S/MIME Cryptographic Signature
On 10/10/2017 04:35 PM, Renaud Allard wrote:
> Hello,
>
> Since the upgrade to OpenBSD 6.2 (from 6.1). One of my tunnels is not
> working anymore (it was working on 6.1)
> There are 2 things which differ from the other (working) ones:
> Both hosts are natted, and one hos
Hello,
Since the upgrade to OpenBSD 6.2 (from 6.1). One of my tunnels is not
working anymore (it was working on 6.1)
There are 2 things which differ from the other (working) ones:
Both hosts are natted, and one host is i386 (instead of amd64).
I can see packets leaving the source server and
On 09/28/2017 06:34 AM, Philip Guenther wrote:
> On Wed, 27 Sep 2017, Theodore Wynnychenko wrote:
> ...
>> Thank you for the information. I removed the “noexec” flag from fstab
>> and the error has disappeared.
>>
>> But, I am also surprised by the requirement that /tmp _not_ be mounted
>>
Hello,
I noticed in my logs things like this.
May 1 03:00:02 isildur openssl: vfprintf %s NULL in "%s %2d
%02d:%02d:%02d%.*s %d%s"
It comes down to this command to fetch ocsp response:
openssl ocsp -respout ocsp.der -no_nonce -issuer chain.pem -cert
cert.pem -url
On 03/05/17 16:52, Christer Solskogen wrote:
On May 3, 2017 15:34, "Renaud Allard" <ren...@allard.it
<mailto:ren...@allard.it>> wrote:
Hello,
Since I installed all the new patches with syspatch I get this in
the logs:
May 3 15:30:22 isildur dhcpd[
Hello,
Since I installed all the new patches with syspatch I get this in the logs:
May 3 15:30:22 isildur dhcpd[79314]: pf pipe closed
May 3 15:30:22 isildur dhcpd[79314]: pf pipe error: Broken pipe
May 3 15:30:22 isildur dhcpd[11508]: pf pipe error: Broken pipe
May 3 15:30:22 isildur
On 22/12/2016 18:07, Артур Истомин wrote:
I see messages about mmap W^X violation when trying to use Node.js
dmesg | grep violation
node(7370): mmap W^X violation
node(55720): mmap W^X violation
Even with wxallowed, the kernel still logs the violations. That doesn't
mean it blocks them.
Hello,
I have found some grammar errors in s_client.c in libressl
Index: usr.bin/openssl/s_client.c
===
RCS file: /cvs/src/usr.bin/openssl/s_client.c,v
retrieving revision 1.28
diff -u -p -r1.28 s_client.c
---
Hello,
I am running 6.0 and each time I try to run sa-update, I get the
following error:
Argument "1.38_01" isn't numeric in numeric lt (<) at
/usr/libdata/perl5/IO/Socket/IP.pm line 847
line 847 is:if( $IO::Socket::VERSION < 1.35 ) {
And IO::Socket is part of base
Best Regards
[demime
On 03/25/2016 04:27 PM, Sly Midnight wrote:
> Hello,
>
> I don't mean to bring up an old thread, but I was wondering if anyone
> else was experiencing issues with OpenBSD 5.8 and Android 6.0.1
> (preferably the version on the Nexus line of devices) connecting to
> ipsec/l2tp.
>
> I had this
On 10/07/2015 04:51 PM, M Wheeler wrote:
CD's arrived today UK. Thanks again.
Arrived fine in Belgium too.
Hello,
I noticed some strange behavior from spamd in 5.7-stable.
It has been started with '-5 -S 15 -s 1 -G6:24:864' but it seems to add
to the whitelist every server which connects for the second time,
independently from the first parameter in -G.
Here is an example:
# zgrep 217.172.190.133
On 09/02/2015 09:07 AM, Renaud Allard wrote:
> Hello,
>
> I noticed some strange behavior from spamd in 5.7-stable.
> It has been started with '-5 -S 15 -s 1 -G6:24:864' but it seems to add
> to the whitelist every server which connects for the second time,
> independently from t
Hello,
I am trying this on 5.6-stable.
Is there a way to list all POLY1305/CHACHA20 based ciphers which are
enabled?
For example, if I try with RSA:
# openssl ciphers RSA
Hello,
On 11/14/2014 09:04 AM, Renaud Allard wrote:
Hello,
I am trying this on 5.6-stable.
Is there a way to list all POLY1305/CHACHA20 based ciphers which are
enabled?
For example, if I try with RSA:
# openssl ciphers RSA
AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:AES128-GCM-SHA256:AES128
On 11/14/2014 10:12 AM, Jonathan Gray wrote:
Now openssl ciphers CHACHA20 works as intended
# openssl ciphers CHACHA20
ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305
This is already present in rev 1.68/-current
On 11/14/2014 01:28 PM, Jérémie Courrèges-Anglas wrote:
Renaud Allard ren...@allard.it writes:
On 11/14/2014 10:12 AM, Jonathan Gray wrote:
Now openssl ciphers CHACHA20 works as intended
# openssl ciphers CHACHA20
ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20
On 14/11/14 13:28, Jérémie Courrèges-Anglas wrote:
Renaud Allard ren...@allard.it writes:
On 11/14/2014 10:12 AM, Jonathan Gray wrote:
Now openssl ciphers CHACHA20 works as intended
# openssl ciphers CHACHA20
ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-PO
On 06/06/2014 05:18 AM, Eric Furman wrote:
On Thu, Jun 5, 2014, at 08:36 PM, Giancarlo Razzolini wrote:
Em 05-06-2014 21:23, David Goldsmith escreveu:
Probably ipfilter
http://christopher-technicalmusings.blogspot.com/2009/03/switching-firewalls-from-ipf-to-pf-on.html
If it is indeed
On 06/06/2014 12:47 PM, Eric Furman wrote:
That's a valid opinion, but as I said, I doubt it.
Vendors aren't stupid. With all that has happened lately,
given a choice the switch will not take long.
Given a choice, perhaps. But some will stick with OpenSSL only because
they want the money
On 01/14/2014 05:49 AM, Giancarlo Razzolini wrote:
Em 14-01-2014 01:11, Christopher Ahrens escreveu:
What I meant by bare-metal was if I should run a bunch of services on
the same installation of OpenBSD.
I've run in the same physical space issue with my company servers and
didn't think
Hello,
I just found out that spamd database breaks after upgrading to a
snapshot with the 64 bits time_t resulting in:
Aug 20 16:04:18 pippin spamd[26092]: scan of /var/db/spamd failed
Aug 20 16:05:18 pippin spamd[26092]: bogus entry in spamd database
As for the utmp and lastlog, a clear of
On 04/02/2013 04:14 AM, Duncan Patton a Campbell wrote:
Howdy all?
I'm looking for the right way to start X on boot and run a default
display program, much like xdm but with no login.
Any pointers to similar would be greatly appreciated,
thanks,
Dhu
Isn't that what you want? This is
Hello,
I have some network problems on a SunFire V240 (dual UltraSPARC-IIIi
(rev 2.4) @ 1280 MHz)
It is _not_ running MP kernel
I have had this problem on all versions since 4.4 (latest version at the
time of the install). It is currently running 5.0.
The problem is: the system still runs
On 7/24/09 3:03 PM, Peter N. M. Hansteen wrote:
setting up a new spamd plus various content filtering at a client site
we were kind of baffled to see that apparently manually setting an
address to TRAPPED with spamdb, ie
spamdb -a -t 211.49.57.32
for some reason seems porous, in that messages
Hi Stuart,
Stuart Henderson wrote:
On 2009/06/11 21:26, Renaud Allard wrote:
Stuart Henderson wrote:
On 2009-06-03, Renaud Allard ren...@allard.it wrote:
I have just bought a Fabia FX5621 board which has amongst others, two
Agere ET1310 interfaces. I configured one interface
Stuart Henderson wrote:
On 2009-06-03, Renaud Allard ren...@allard.it wrote:
I have just bought a Fabia FX5621 board which has amongst others, two
Agere ET1310 interfaces. I configured one interface and it negotiated
correctly with my switch at 1000mbps full duplex. However, I am not able
Hello,
I have just bought a Fabia FX5621 board which has amongst others, two
Agere ET1310 interfaces. I configured one interface and it negotiated
correctly with my switch at 1000mbps full duplex. However, I am not able
to ping the interface from anywhere else and I am not able to ping from
the
On 5/11/09 7:45 PM, Henning Brauer wrote:
exim is a piece of shit using the wrong design that sendmail abondoned
long ago.and wasn't it GPL or some other unfree license anyway?
postfix is not free.
but there is some rumor in usr.sbin/smtpd/ ...
Sounds like you never tried exim, or at least
On 5/13/09 11:44 PM, Johan Beisser wrote:
On Wed, May 13, 2009 at 2:38 PM, Renaud Allardren...@allard.it wrote:
Sounds like you never tried exim, or at least v4. Currently, no other MTA
is
able to do what exim does. Its licence may not be the best one, but it is
able to do more than any
Theo de Raadt wrote:
I am waiting smtpd though, but I doubt it will be able replace my exim
installations any time soon.
The best part is that noone cares about that.
Well, in fact you do because you lost time posting this meaningless comment.
[demime 1.01d removed an attachment of type
Damien Miller wrote:
On Tue, 22 Jul 2008, Joel Dinel wrote:
To answer my own question, no sooner had I hit 'send' than I noticed the
patch number indicated 4.3. I have downloaded OpenSSH 5.0, the
appropriate 4.1 - 5.0 patch and all is well.
Well I am getting the exact same compilation error
Damien Miller wrote:
I have just updated the patch, please try again once it has hit the
ftp server:
-rw-r--r-- 1 djm djm 6411 Jul 23 23:31 openbsd42_5.1.patch
-rw-r--r-- 1 djm djm 6144 Jul 23 23:31 openbsd43_5.1.patch
SHA1 (openbsd42_5.1.patch) =
Damien Miller wrote:
On Wed, 23 Jul 2008, Joel Dinel wrote:
On Wed, Jul 23, 2008 at 9:42 AM, Damien Miller[EMAIL PROTECTED] wrote:
I have just updated the patch, please try again once it has hit the
ftp server:
-rw-r--r-- 1 djm djm 6411 Jul 23 23:31 openbsd42_5.1.patch
-rw-r--r-- 1 djm
Hello,
I have a Sony VAIO SZ61XN with an integrated webcam but it doesn't seem
to work.
uvideo0 at uhub2 port 2 configuration 1 interface 0 Ricoh product
0x183a rev 2.00/1.00 addr 3
uvideo0: no default frame descriptor found!
You can find the complete dmesg at
Hello,
I have two servers running OpenBSD 4.3-stable amd64, both sharing one IP
using CARP with load balancing using ip-stealth. (using balancing ip
without stealth just doesn't work at all and overloads the network)
# cat /etc/hostname.carp0
inet 206.251.244.96 255.255.255.0 NONE pass
Urban Hillebrand wrote:
On Mittwoch 23 Januar 2008 18:56:52 elpinguim wrote:
[...]
Bob Beck's presentation on spamd pf should provide some useful insight as
to how you could deploy a similar setup. I found the presentation(s) to be
quite helpful a few years ago.
Hello,
I am running OpenBSD 4.2-stable
I just noticed that spamd is trying to send ack packets from 127.0.0.1 to the IP
of the sender when it hits the greytrap IP. I don't feel this is wanted
behavior. Has anymone any idea of why it is doing so? It doesn't seem to be due
to the set skip on lo as
Peter N. M. Hansteen wrote:
Renaud Allard [EMAIL PROTECTED] writes:
I just noticed that spamd is trying to send ack packets from 127.0.0.1 to
the IP
of the sender when it hits the greytrap IP. I don't feel this is wanted
behavior. Has anymone any idea of why it is doing so?
ACK packets
Paul de Weerd wrote:
Hi Renaud,
On Mon, Dec 10, 2007 at 04:50:36PM +0100, Paul de Weerd wrote:
| Have you actually seen these packets live on the wire ?
I re-read your original mail, and it turns out you have seen these
packets on the wire. Sorry for the too-quick-answer ;P
No problem.
Adrian Fisher wrote:
Hello there,
Does OpenBSD support virtualisation where multiple computers operate as one
single virtual system rather than just one system running as multiple
virtual systems? I am thinking of buying a series of blade systems which I
want to run as one single system to
Hello,
I just have two Dell servers having broadcom netXtreme NICs with tcp offload
engine activated (and locked on on) in the bios.
I tried to use these servers to do an smtp gateway with spamd. When I activated
spamd, connecting to port 25 worked but nothing more. After scanning with
tcpdump, I
Hello,
I have two machines running OpenBSD 4.2-beta (GENERIC) #338, but this
happened with 4.1-stable as well.
The machines have 8 gigabit interfaces and are only doing routing/nat
with pfsync and carp. It seems that after about 15 days, all memory is
consumed and no resources are available. The
John Nietzsche wrote:
Dear gentleman,
i am trying to install openbsd 4.1 on dell poweredge 2900. Everything
from turnning on the machine to cd booting was ok, but when i get to
the point of installing it (that part when i am given the options:
Upgrade, Install and Shell? ) its usb keyboard
luccio01 wrote:
Hello,
I am trying to use an adaptec 2410sa raid sata card on Openbsd 4.1.
But my card seems not to be recognized.
In dmesg she does not appear.
A have tried to boot with kernel on cd41.iso cdrom and with kernel installed
in floppyB41.fs.
But the results are rather the
Hello,
I have two machines running OpenBSD-current (OpenBSD 4.1-current
(GENERIC) #238: Mon Jun 4 20:03:24 MDT 2007) and I also got this on the
same machines running 4.1-stable.
There are 5 carp interfaces and I will only describe one but the
behaviour is the same.
The machine puff1 has:
inet
Vijay Sankar wrote:
There are different exim packages for OpenBSD. You could do a
pkg_add -v
ftp://ftp.ca.openbsd.org/pub/OpenBSD/4.1/packages/i386/exim-4.66.tgz
(assuming you are using 4.1 on i386 etc.) or use other exim packages
that support mysql, postgresql, ldap and so on.
Hello,
I have a gateway running 4.1-current with an ipsec configuration like
this one:
ike passive esp from 172.20.0.0/24 to 172.16.22.0/24 srcid eriador.org
dstid erathia.be
ike passive esp from 172.20.0.0/24 to 192.168.0.0/24 srcid eriador.org
dstid gaye.be
Both remote peers have
Renaud Allard wrote:
Hello,
I have a gateway running 4.1-current with an ipsec configuration like
this one:
ike passive esp from 172.20.0.0/24 to 172.16.22.0/24 srcid eriador.org
dstid erathia.be
ike passive esp from 172.20.0.0/24 to 192.168.0.0/24 srcid eriador.org
dstid gaye.be
Both
Renaud Allard wrote:
Renaud Allard wrote:
Hello,
I have a gateway running 4.1-current with an ipsec configuration like
this one:
ike passive esp from 172.20.0.0/24 to 172.16.22.0/24 srcid eriador.org
dstid erathia.be
ike passive esp from 172.20.0.0/24 to 192.168.0.0/24 srcid eriador.org
Gordon Ross wrote:
On 24 May 2007 at 08:44, in message [EMAIL PROTECTED],
Michael
[EMAIL PROTECTED] wrote:
Hi,
since noone seems to either read the mail sysjail and networking
because it is to long or got no clue either I'd like to shorten the
question.
Is it possible to create virtual
Timo Schoeler wrote:
www.openbsd.org also seems to be having problems. I get a 403 Forbidden
error whenever I try to access it.
try http://openbsd.org/
this is a mirror; using it does not fix www :)
http://www.openbsd.org/4.1_packages/i386.html works though.
Henning Brauer wrote:
err, wait, are you giving a 4xx in reply to DATA?
that is invalid.
The response to the DATA command is 354 as it should. But at the end of
the DATA phase, a 451 is returned.
--
01010010011001010110111001110111010101100100
Chris Tankersley wrote:
I'm trying to set up a new server running on an old Dell Poweredge 2500
which contains a Dell PERC 3/Di Adaptec-based RAID controller running
RAID 5 on three disks. When the install boots up it comes along and says
that it does not detect any disks to install to. I dug
Hello,
I just used dnsstuff to test one of my domain names and it showed me
(the first time only) that my server is an openrelay, which is obviously
not true. This is due to the default behaviour of spamd of accepting
everything, even when a spamd.alloweddomains file is present. I think
this
Peter N. M. Hansteen wrote:
Renaud Allard [EMAIL PROTECTED] writes:
I just used dnsstuff to test one of my domain names and it showed me
(the first time only) that my server is an openrelay, which is obviously
not true. This is due to the default behaviour of spamd of accepting
everything
Peter N. M. Hansteen wrote:
Renaud Allard [EMAIL PROTECTED] writes:
Indeed, but it could cause you to get blacklisted by some automated
checkers, which is clearly something you don't want. I know this kind of
checker is not accurate, but some local checkers will do it that way and
you
Stuart Henderson wrote:
They are broken then... Workaround: use different mailer instances on
different IP addresses for incoming and outgoing mail (this is often a
good idea anyway).
This workaround only works if the checker connects to your MX, not to
the host sending the mail. I know they
Stuart Henderson wrote:
On 2007/05/22 15:50, Renaud Allard wrote:
Stuart Henderson wrote:
You wouldn't need spamd on the address of a send-only instance..
(if mail's only submitted on 587/465 or from known address ranges, it
could just RST port 25 to the rest of the world).
Good point
Stuart Henderson wrote:
On 2007/05/22 17:12, Renaud Allard wrote:
I have only seen this when the 4xx error is sent at DATA time, not when
sent at RCPT TO.
How about: --i-dont-want-to-receive-mail-from-people-using-exchange-2003
and --i-dont-want-to-receive-mail-from-people-using-callout
Bob Beck wrote:
Any automated test I've ever set up for open relay, (and I run
them) as well as any sane ones I ever see test for open relay by
actually relaying a message not looking at the smtp dialoge.
You're making much ado over nothing and spreading FUD -
the tester you
Bob Beck wrote:
Any automated test I've ever set up for open relay, (and I run
them) as well as any sane ones I ever see test for open relay by
actually relaying a message not looking at the smtp dialoge.
You're making much ado over nothing and spreading FUD -
the tester you
Darth Lists wrote:
Unfortunately, this little MS-behaviour is very likely to be the last
straw that gets our greylisting turned off here.
Despite my logs that prove that greylisting has removed over 95% of
incoming spam before spamassassin has to deal with it, the fact that
some legitimate
Bob Beck wrote:
just deduced from trial and error. Also greylisting should happen at
RCPT TO, and probably not at DATA as there are some widely used MTAs
that are buggy and choke when a 4xx error is sent in the DATA phase.
I've been running this at DATA for months, and not seen any
Bob Beck wrote:
I have definately seen issues here with other implemntations,
because the 4XX code given, the XX's matter... Have you seen
this with OpenBSD spamd? (As opposed to something else..)
I have seen this with 451 errors, not on spamd but with the exact same
error code as
Renaud Allard wrote:
Markus Friedl wrote:
On Fri, Apr 13, 2007 at 12:03:18PM +0200, Renaud Allard wrote:
It's just quite annoying that the man page for brconfig says that the
bridge over gif should work and it does not.
well, it did work before and should work in 4.1
I know. But with 4.1
-level cycle counter enabled
dkcsum: wd0 matches BIOS drive 0x80
dkcsum: wd1 matches BIOS drive 0x81
root on wd0a
rootdev=0x0 rrootdev=0x300 rawdev=0x302
Marco Peereboom wrote:
Possibly interrupt issues. Where them dmesg'?
On Tue, May 15, 2007 at 07:04:47PM +0200, Renaud Allard wrote:
Hello
[EMAIL PROTECTED] wrote:
Hi
I am setting up a new OpenBSD machine in which I want to chroot users. I don't
want to use any of the patching solutions to OpenSSH but want to implement a
real system chroot solution so any user, who is chrooted, is jailed even if he
logs in manually.
I have
Hello,
I just had the opportunity to test some Fluke network equipment, notably
one which is able to throughput test gigabit networks.
I installed a Nexcom NSA1086 with OpenBSD 4.1-stable and did some tests.
The NSA1086 units are equipped with a Pentium IV 3.2Ghz (hyperthreading
disabled), and
No nothing showed in the logs. And I don't understand why such a
performance difference between routing and bridging.
Marco Peereboom wrote:
Possibly interrupt issues. Where them dmesg'?
On Tue, May 15, 2007 at 07:04:47PM +0200, Renaud Allard wrote:
Hello,
I just had the opportunity
Diana Eichert wrote:
On Tue, 15 May 2007, Renaud Allard wrote:
No nothing showed in the logs. And I don't understand why such a
performance difference between routing and bridging.
Marco Peereboom wrote:
Possibly interrupt issues. Where them dmesg'?
I believe Marco requested the dmesg
Stuart Henderson wrote:
On 2007/05/06 15:41, Paolo Supino wrote:
Is it possible to __tunnel Ethernet__ over IPSEC in OpenBSD?
Yes, see gif(4)
As I posted before, bridge over gif doesn't seem to work with 4.1 :(. At
least all my attempts to do such a configuration failed.
But, using
Douglas Allan Tutty wrote:
On Sun, May 06, 2007 at 09:49:18PM +0300, [EMAIL PROTECTED] wrote:
On Sun, May 06, 2007 at 07:51:14PM +0200, Sebastian Rother wrote:
doesn`t know about a delete Command and disklabel so far shows just
the OpenBSD (4th) partition.
Set their type to 0 with fdisk
kintaro oe wrote:
By the way guys, this is the diagram that I want to implement:
PF/Firewall/NAT
|-|
isp1|xl0|
|
Rico Secada wrote:
Hi
Before I testrun this http://paradigma.pt/~gngs/sshjail/ does anyone
already know if this patch would work with OpenSSH on OpenBSD 3.9?
Best regards
Rico
Honestly, you should have a look at sysjail (http://sysjail.bsd.lv)
which is probably a better and more
Wijnand Wiersma wrote:
Or even more important: how is the song?
Wijnand
Excellent. Arabic style :) About magic caves and words :)
Markus Wernig wrote:
Hello all
I am trying a - what I think is - simple ipsec setup. The point is to
ipsec-encrypt all traffic between a pair of firewalls (gateA and gateB,
both OBSD 4.0), in order to send pfsync traffic over the encrypted link.
Although having read through ipsec,
Markus Wernig wrote:
Renaud Allard wrote:
It seems you just forgot to load your rules.
Just add ipsecctl -f /etc/ipsec.conf in the rc.local of both your
firewalls and everything should just work fine.
Hi
I've tried to load the rules by hand with ipsecctl -f /etc/ipsec.conf
Markus Wernig wrote:
Renaud Allard wrote:
It seems you just forgot to load your rules.
Just add ipsecctl -f /etc/ipsec.conf in the rc.local of both your
firewalls and everything should just work fine.
Hi
I've tried to load the rules by hand with ipsecctl -f /etc/ipsec.conf
Markus Wernig wrote:
Renaud Allard wrote:
Did you verify that isakmpd is running?
Yes. It runs as follows:
11967 ?? Is 0:00.05 isakmpd: monitor [priv] (isakmpd)
18753 ?? I 0:01.40 isakmpd -S -K -f /var/run/isakmpd.fifo
-S is used for redundant setups. Did you try
Markus Wernig wrote:
Renaud Allard wrote:
Maybe also try on both firewalls:
cd /etc/isakmpd ln -s private/local.pub .
Then restart isakmpd and reload the rules.
Hi
Tried that as well ... still no go.
I have disabled pf for setting the enc up. I suppose, that doesn't
matter, does
Sjoerd Oostdijck wrote:
-Original message-
From: Renaud Allard [EMAIL PROTECTED]
Sent: Fri 04/13/07 09:11:47
To: Renaud Allard [EMAIL PROTECTED];
CC: [EMAIL PROTECTED];
Subject: Re: Bridge over gif on 4.1
It should be noted that when I put an ip on each sis1 interface, they
can
Also, if I use openvpn with a tun0 (link0) instead of gif, packets pass
trough the tunnel. Although there are still some other problems because
the broadcast for arp seems to change from ff:ff:ff:ff:ff:ff to
0:0:0:2:ff:ff.
Renaud Allard wrote:
It should be noted that when I put an ip on each
Well, it works with openvpn now, I just forgot to add dev-type tap in
the config file.
It's just quite annoying that the man page for brconfig says that the
bridge over gif should work and it does not.
Renaud Allard wrote:
Also, if I use openvpn with a tun0 (link0) instead of gif, packets pass
I will make pics of it as soon as I am back home to get the CDs, like I
did for 4.0.
Rafael Sadowski wrote:
Have you a digital camera? Can you make photos of the box/cds?
Rafael
On Fri, 13 Apr 2007 11:10:26 +0200
Paul de Weerd [EMAIL PROTECTED] wrote:
It's in ! It looks very very very
Markus Friedl wrote:
On Fri, Apr 13, 2007 at 12:03:18PM +0200, Renaud Allard wrote:
It's just quite annoying that the man page for brconfig says that the
bridge over gif should work and it does not.
well, it did work before and should work in 4.1
I know. But with 4.1, it doesn't work
Rafael Sadowski wrote:
Have you a digital camera? Can you make photos of the box/cds?
Rafael
On Fri, 13 Apr 2007 11:10:26 +0200
Paul de Weerd [EMAIL PROTECTED] wrote:
It's in ! It looks very very very cool ;)
Thanks Wim for such an incredibly speedy delivery !
Now, on to upgrade my machine
Hello,
I have a setup like this:
***
router1
hostname.gif0: up tunnel 172.17.0.170 195.16.12.50
hostname.sis0: inet 172.17.0.170 255.255.0.0 NONE
hostname.sis1: up
bridgename.bridge0: add gif0
add sis1
up
ipsec.conf: ike
more. Has someone any idea on why I don't see the packets?
I tried setting the gif0 mtu to 1500 in case this could be a mtu
problem, but I still get the same thing. ARP broadcasts don't seem to
pass through the tunnel.
Renaud Allard wrote:
Hello,
I have a setup like
Hello,
In the changelog from 4.0 to 4.1, I read:
# In pf.conf(5), make 'flags S/SA keep state' the implicit default for
filter rules.
Does this only apply to tcp (as suggested by the flags) or to all
protocols? Also, is there a way to specify that there should be no state
kept?
I am trying to
Renaud Allard wrote:
Hello,
In the changelog from 4.0 to 4.1, I read:
# In pf.conf(5), make 'flags S/SA keep state' the implicit default for
filter rules.
Does this only apply to tcp (as suggested by the flags) or to all
protocols? Also, is there a way to specify that there should
Stephen Liu wrote:
Hi Jason,
Tks for your advice.
- snip -
Your best option is to download a copy of cd40.iso from one of the
FTP mirrors and boot up the install process. Choose the shell option
and run 'dmesg' to see if all of your hardware is supported (compare
against the
96 matches
Mail list logo
