... d like them to be able to safely browse sites from Internet cafes and such. On 8/18/07, Steve B wrote: > > I finally have some SUCCESS to report!!!!! I changed the ipsec.con file > ...

openbsd-misc - Steve B - Aug 21 2007 - 00:07

... it is not very secure and I've tried PoPToP but it does not seem to like being used for this purpose. Before I embark on setting up OpenVPN I was wondering if there were any other methods to encrypt my traffic that I had not thought of? Steve

openbsd-misc - Steve B - Jun 14 2007 - 22:04

... ## Pass SSH traffic ## pass in log on $ext_if inet proto tcp from any to any port = ssh flags S/SA keep state (source-track rule, max-src-conn 10, max-src-conn-rate 5/60, overload flush global, if-bound, sr c.track 60) Steve

openbsd-misc - Steve B - Jun 28 2007 - 00:54

... to start clearing the table via Cron. Currently I just do it manually about once a week or so. I've read the man page for pf.confbut did not see how I could block them for a set period of time. Could someone elaborate on how this is done? Steve

openbsd-misc - Steve B - Jul 2 2007 - 15:20

... mini PCI to PCI adapters. I thought I'd go buy a mini PCI card that was hostap compatible but they are a bit harder to find than I thought. Can anyone recommend a vendor that carries mini PCI cards that support hostap mode under OpenBSD? Steve

openbsd-misc - Steve B - Sep 17 2007 - 17:15

... of you here who are doing it, could you comment on whether you are using Syslog-NG or something else, and whether you are doing it over SSH or IPSEC? I have looked at various articles around the net but would like some first hand comments. Steve

openbsd-misc - Steve B - Feb 20 2008 - 00:42

Who would I contact, or how would I go about hiring a PF developer or guru to help me debug/improve my pf.conf rules? Steve

openbsd-misc - Steve B - Aug 7 2008 - 00:25

Is anyone running OpenBSD on one of these boards? The supported platform page does not list either the chipset or the CPU so I'm guesing it is not supported at this time. Steve

openbsd-misc - Steve B - Sep 26 2008 - 22:24

... measured: 0.0 packets/s, 0 b/s ] queue stream on fxp0 priority 12 ... measured: 0.0 packets/s, 0 b/s ] queue web on fxp0 priority ... : 0.0 packets/s, 0 b/s ] queue email on fxp0 priority ... : 0.0 packets/s, 0 b/s ] queue tcp_ack on fxp0 priority ...

openbsd-misc - Steve B - May 15 2008 - 01:15

... : no compatible proposal found Log out put from "ipsecctl -m" # ipsecctl -m (full IP partial obscured for security. A/B for source and X/Y for dest) sadb_getspi: satype esp vers 2 len 10 seq 5 pid 29253 address_src: 64.119.aa.bbb ...

openbsd-misc - Steve B - Aug 14 2007 - 00:00

... not work? ################ Macros ################################### ### Interfaces ### ext_if ="fxp0" wire_if="fxp1" ### Global Variables ### ext_ip ="a.b.c.d" wire_network ="192.168.1.0/24" wire_gw ="192.168.1.1/32" ...

openbsd-misc - Steve B - Sep 22 2008 - 01:18

I do some volunteer work for a local non-profit and we have a need to put a VPN in place for those who travel. I've been looking at PPTP, OpenVPN and IPSEC and decided to try IPSEC. After reading the various man pages and Google I came across www.

openbsd-misc - Steve B - Aug 9 2007 - 01:48

I made a few changes and did some more testing this evening. 1. I changed the /etc/ipsec.conf to bring it in line with the Greenbow default transforms that Hans-Joerg recommened. # cat /etc/ipsec.conf ike dynamic esp tunnel from any to 192.168.1.0

openbsd-misc - Steve B - Aug 16 2007 - 21:43

Following the advice from Hans-Joerg and Markus I changed the ipsec.con file back to the default transforms sent by Greenbow, ran ipsecctl -f /eetc/ipsec.conf, changed the permissions on the policy file and started isakmpd without the "-K". Greenbow

openbsd-misc - Steve B - Aug 18 2007 - 16:32

I finally have some SUCCESS to report!!!!! I changed the ipsec.con file back to the one that I got to work on Phase 1, but appeared to be hanging on Phase 2, ran ipsecctl -f /etc/ipsec.conf and started isakmpd without the "-K". Greenbow now reports

openbsd-misc - Steve B - Aug 18 2007 - 16:44

Has anyone seen a manufacturer that sells an appliance style chassis? I'd like to slim down my current 4U/OBSD box to a 1U form factor using a VIA C7 board. Ideally I'd like to have a chassis that has the Ethernet ports on the front, along with a

openbsd-misc - Steve B - Dec 24 2007 - 17:59

I have one of these, http://calpc.com/catalog/mid_tower.html, and its quite beefy.

openbsd-misc - Steve B - Feb 11 2008 - 15:37

Terrific! Thanks to all who responded.

openbsd-misc - Steve B - Feb 21 2008 - 22:56

FWIW - my employer uses a lot of Mikrotik stuff for various needs. I bought one of their 532 boards along with an SR5 wireless card and just made a simple wireless bridge to my OBSD box at home. Simple, effective, not cheap but better quality than some

openbsd-misc - Steve B - Mar 17 2008 - 17:57

Sometime ago I had run EmBSD on a little P100 and it served me nicely. Since its disappearance from the landscape I've been using a stock OpenBSD install on my home machine. However, I recently acquired a nice little Jetway board with a PicoPSU and the

openbsd-misc - Steve B - May 11 2008 - 21:13