On Mon, Aug 07, 2023 at 05:36:27PM +0200, Tobias Heider wrote:
> On Mon, Aug 07, 2023 at 02:22:23PM +1000, David Gwynne wrote:
> > tobhe@ wrote the iked bits, so he'll commit them when he's ready.
> >
> > your config looks pretty much the same as mine except you specify a lot
> > more stuff around
On Mon, Aug 07, 2023 at 02:22:23PM +1000, David Gwynne wrote:
> tobhe@ wrote the iked bits, so he'll commit them when he's ready.
>
> your config looks pretty much the same as mine except you specify a lot
> more stuff around lifetimes and crypto than i do. maybe try without "tunnel
> esp"?
>
> d
tobhe@ wrote the iked bits, so he'll commit them when he's ready.
your config looks pretty much the same as mine except you specify a lot
more stuff around lifetimes and crypto than i do. maybe try without "tunnel
esp"?
dlg
On Sat, 5 Aug 2023 at 07:38, Bryce Chidester wrote:
> This is very exc
nice catch. you should be able to commit this now, ok by me.
cheers,
dlg
On Sun, 9 Jul 2023 at 04:52, GODA Kazuya wrote:
> Hi,
>
> I tested it between OpenBSD and a router that is based on NetBSD.
> It seems to work well (I only tested using static routing).
>
> I found a minor issue that outgo
i'll fix this before i enable sec(4) in GENERIC. thanks for reading it.
cheers,
dlg
On Tue, 4 Jul 2023 at 20:04, Vitaliy Makkoveev wrote:
> On Tue, Jul 04, 2023 at 03:26:30PM +1000, David Gwynne wrote:
> > tl;dr: this adds sec(4) p2p ip interfaces. Traffic in and out of these
> > interfaces is
This is very exciting! Lack of support for route-based IPsec VPNs in
OpenBSD has been a major bummer. I'm hopeful this work will eventually
make it into OpenBSD.
I did some basic testing of this patch with an AWS site-to-site VPN
(it was convenient) and it seems to work well. "ifconfig secX down"
Hi,
I tested it between OpenBSD and a router that is based on NetBSD.
It seems to work well (I only tested using static routing).
I found a minor issue that outgoing traffic doesn't appear in tcpdump.
It's because it's missing bpf_mtap so this patch can fix it.
diff --git a/sys/net/if_sec.c b/s
On Tue, Jul 04, 2023 at 03:26:30PM +1000, David Gwynne wrote:
> tl;dr: this adds sec(4) p2p ip interfaces. Traffic in and out of these
> interfaces is protected by IPsec security associations (SAs), but
> there's no flows (security policy database (SPD) entries) associated
> with these SAs. The pol
tl;dr: this adds sec(4) p2p ip interfaces. Traffic in and out of these
interfaces is protected by IPsec security associations (SAs), but
there's no flows (security policy database (SPD) entries) associated
with these SAs. The policy for using the sec(4) interfaces and their
SAs is route-based inste
