Den tors 14 mars 2019 kl 21:51 skrev Zhi-Qiang Lei :
> Mine is resolved by applying a smaller max-mss in pf and disabling ipcomp.
> Only disabling ipcomp didn’t work.
>
> > On Thu, Dec 20, 2018 at 6:54 PM Theodore Wynnychenko
> wrote:
> >> Then, I took the advice above, and disable ipcomp on the
Mine is resolved by applying a smaller max-mss in pf and disabling ipcomp. Only
disabling ipcomp didn’t work.
> On Mar 15, 2019, at 3:15 AM, Andrew Daugherity
> wrote:
>
> On Thu, Dec 20, 2018 at 6:54 PM Theodore Wynnychenko
> wrote:
>> Then, I took the advice above, and disable ipcomp on th
On Thu, Dec 20, 2018 at 6:54 PM Theodore Wynnychenko wrote:
> Then, I took the advice above, and disable ipcomp on the tunnel, and, BAHM,
> https (and imaps) were working without an issue from openbsd, Windows 7, and
> Macs!
>
> Just to be sure, I updated this am to the 12/19 amd64 snapshot.
>
>
> -Original Message-
> From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf
> Of William Ahern
> Sent: Monday, December 17, 2018 1:11 PM
> To: Theodore Wynnychenko
> Cc: misc@openbsd.org
> Subject: Re: TLS suddenly not working o
On Sat, Dec 15, 2018 at 06:18:39PM -0600, Theodore Wynnychenko wrote:
> On the local gateway:
>
> 17:37:00.199269 (authentic,confidential): SPI 0x7b90f84c: 172.30.1.20.20692 >
> 172.30.6.201.443: S 3823001077:3823001077(0) win 16384 1460,nop,nop,sackOK,nop,wscale 6,nop,nop,timestamp 48604571 0
Hello again:
I updated my iked endpoints to the most recent (12/14/18) amd64 snapshot today,
and am still having problems with secure connections.
So, today, I am just looking at the gateway machines.
The iked vpn tunnel gets established without an issue.
# ipsecctl -s all
FLOWS:
flow esp
is as something like "pf and iked instability on
>> recent snapshots," but don’t know if doing so would break the mailing list
>> thread, exiso, I left the subject unchanged...
>>
>>> -----Original Message-
>>> From: Theodore Wynnychenko [mailto:t..
Message-
>> From: Theodore Wynnychenko [mailto:t...@uchicago.edu]
>> Sent: Saturday, December 08, 2018 4:03 PM
>> To: misc@openbsd.org
>> Cc: 'Rachel Roch'
>> Subject: RE: TLS suddenly not working over IKED site-to-site
>>
>>>
> .
>
ago.edu]
> Sent: Saturday, December 08, 2018 4:03 PM
> To: misc@openbsd.org
> Cc: 'Rachel Roch'
> Subject: RE: TLS suddenly not working over IKED site-to-site
>
> >
.
.
.
> I now find I can no longer connect to with TLS/SSL over the iked tunnel
> (the o
>
> > Rachel,
> >
> > As a first step, try using s_client to connect to a TLS service and
> see what comes back:
> >
> > $ openssl s_client -connect : -showcerts
> >
> > There are more possible options on s_client to debug more deeply but
> this is a good start.
> >
> >
> > --Paul
> >
> On Dec 3, 2018, at 12:18 PM, Rachel Roch wrote:
>
> I hope someone here can shed light on an infuriating problem I’ve spent a
> week trying to resolve without luck.
>
> The problem concerns an IKED site-to-site VPN on OpenBSD 6.3 (both endpoints
> fully syspatched).
>
> The VPN worked abs
> Rachel,
>
> As a first step, try using s_client to connect to a TLS service and see what
> comes back:
>
> $ openssl s_client -connect : -showcerts
>
> There are more possible options on s_client to debug more deeply but this is
> a good start.
>
>
> --Paul
>
In answer to the above. Testing
> -Original Message-
> From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf
> Of Rachel Roch
> Sent: Monday, December 03, 2018 11:19 AM
> To: misc@openbsd.org
> Subject: TLS suddenly not working over IKED site-to-site
>
> I hope someone h
>
> Hello,
> This appears to be the same thing I have been having issues with and
> mentioned in a post to misc last week ("Untable ssl connections over ikev2
> VPN") - (yes, typo intact - it should be "unstable").
>
> I have tried adding a "max-mss 1300" directive into pf.conf (i.e.: "match
I hope someone here can shed light on an infuriating problem I’ve spent a week
trying to resolve without luck.
The problem concerns an IKED site-to-site VPN on OpenBSD 6.3 (both endpoints
fully syspatched).
The VPN worked absolutely perfectly until it suddenly started behaving
strangely. Seri
15 matches
Mail list logo
