Hi,
I am running OpenBSD 4.0 with carp+isakmpd+sasyncd+pf on 166MHz Pentium
boards. Everything is working well. There are 6 locations, all clustered (2
redundant firewalls).
When I fail one cluster the other one takes over with some packet loss. I see
the carp is doing its thing. Aft
Hi,
I have GW1 and GW2 redundant firewalls (isakmpd+pf+carp+sasyncd)
Is there a way to see which security associations are marked as "replaced" on
the backup GW?
"ipsecctl -s all -v -v" shows a lot but it does not seem to show that.
On the master (let's say GW1)
echo "S" > /v
Hi,
I have two firewalls using isakmpd+pf+sasyncd+carp (OpenBSD 4.0)
preempt is set to 0
At one end (machine names MAED11 and MAED12)
carp0 on external has 172.16.140.145 255.255.255.0 advbase 0 advskew 128 pass
gijane vhid 1
carp1 on external has 172.16.160.33 255.255.255.224 advbas
Hi,
I am using isakmpd+pf+sasyncd+carp to set a VPN network (OpenBSD 4.0)
Recently had a problem with carp...
Basically
ifconfig carp0 inet 172.16.140.1 255.255.255.0 advbase 1 ...
versus
ifconfig carp0 inet 172.16.140.1 netmask 255.255.255.0 advbase 1 ...
The simple
Hello,
This is used in a VPN network to bind the internal IP address and allow ntpd
running of firewalls to get the time from a time source in a different
protected subnet.
I've changed two files
ntp_io.c
cmd_args.c
in /usr/ports/net/ntp
See the diffs below. Hope they can
Hello,
I was wondering what is the best way to immediately use a newly received crl
that contains a revoked certificate...
Basically if I have 3 firewalls and one of them is compromised I will push a
new crl on the 2 uncorrupted firewalls.
The thing is that (even when I send them a
Thanks to Stuart Henderson.
On 2007/06/25 11:35, catalin visinescu wrote:
> I see that OpenBSD 3.7 isakmpd and OpenBSD 4.0 isakmpd do
> not establish security associations.
try -T (disable nat-t) on the 4.0 side. If it works, can you post
back to misc@ to get it in the ar
Hello,
I see that OpenBSD 3.7 isakmpd and OpenBSD 4.0 isakmpd do not establish
security associations. I get an INVALID-PAYLOAD-TYPE message. isakmpd 3.7 does
not seem to understand payload RESERVED.
Is there a way I can run isakmpd 4.0 downgraded or any other way to get the
two of th
catalin visinescu <[EMAIL PROTECTED]> wrote:
>>Hello,
>>
>>Intro:
>>I am using isakmpd+sasyncd+carp+pf+pfsync to have a redundant
>>firewall setup (OpenBSD 4.0). I have two firewall that carp-advertise at
the
>>same rate, and not preempt eac
Hello,
Intro:
I am using isakmpd+sasyncd+carp+pf+pfsync to have a redundant
firewall setup (OpenBSD 4.0). I have two firewall that carp-advertise at the
same rate, and not preempt each other. This works fine. isakmpd is using
x509 certificates to establish SAs. This is working fine. sasy
Hello,
Intro:
I am using isakmpd+sasyncd+carp+pf+pfsync to have a redundant firewall setup
(OpenBSD 4.0). I have two firewall that carp-advertise at the same rate, and
not preempt each other. Basically I don't care which firewall is master and
which is backup. This works fine. isak
11 matches
Mail list logo