similar to: ssh-vpn linux<->openbsd

Dear list, I am having a problem with openvpn. I have the following arrangement, running two instances of openvpn on "home fw". I want to protect my WLAN in back of the home fw and that works fine. I can see "Peer connection initiated with 192.168.1.3:5000" in daemon.log on homefw. Nothing gets initiated with officefw, nor can I ping the other end of the tunnel at officefw.

I have a setup with two Internet providers. One circuit (net0 == eth1) is used primarily for employees and tunnels to other sites. The other (net1 == eth2) is for the production machines that customers access. Everythung works in teh sense that packets get to where they are sent (mostly) but I recently I had a sniffer on the system and noticed a problem I cannot solve. traffic coming in

Hi all, I have succesfully joined together three LANs using OpenVPN over Linux (Debian) gateways at the 'exit' of each one of these LANs. The VPN seems to be OK, as I can ping network hosts from one LAN to another using their private IP addresses with no problem at all. However network browsing through the VPN is not working. The network diagram for my setup is at

Hi folks, I have three network cards on my Slackware box and eth0 and eth1 are for two Internet connections. They have imq0 and imq1. All traffic shaping works fine. Internal eth2 does no traffic shaping. But recently I have put two OpenVPN tunnels (tun devices) and both work via eth0. So my question is - how to shape the traffic on these tun0 and tun1 devices? Thanks Remus

Friends-- I'm stumped! Cannot get mount.cifs to work over a tun connection. How would you trouble-shoot this? 1. It cannot be openvpn causing the problem: I can ping across the connection both directions on all machines. 2. It cannot be samba causing the problem: I can mount.cifs the smb shares on the lan (using the identical credentials file) without any issue. 3. Have iptables

Hi! Can I create the unnumbered GRE tunnel with iproute2 utility? Can someone provide me a link/howto/example_config how to do it? The topology is one tunnel between two linux boxes: -- eth1-|__|-eth0 <-------------> eth0-|__|-eth1 -- I''m trying now with: ip tu add tun1 mode gre local loc.IP remote rem.IP ttl 255 dev eth0 ip addr add tun1 0.0.0.0 ip link set tun1 up but it

We''ve just upgraded to a new firewall machine, and a new version of Shorewall. We''re now on 2.04; previous version was 1.3.9b (!). So I''m pretty sure whatever problems we''re having are related to the big version jump. We''re using config files that exactly match our old (working) configuration (IOW, these are things which _were_ working on the old

On 11/06/19 11:49, Rowland penny via samba wrote: > On 11/06/2019 11:38, Sebastian Arcus via samba wrote: >> >> On 11/06/19 11:07, Rowland penny via samba wrote: >>> On 11/06/2019 10:34, Sebastian Arcus via samba wrote: >>>> I've just upgraded a Samba AD server to 4.10.2 a few weeks ago from >>>> 4.x (I'm afraid I'm not sure the exact

Is there a way to get rid of all the routes in a routing table ? This is more or less what I do: route add 146.64.80.0/24 192.168.0.100 route add 146.141.0.0 -interface tun1 route add 146.182.0.0 -interface tun1 route add 146.230.0.0 -interface tun1 netstat -rn inet 146.64.80.0/24 192.168.0.100 UGS 0 0 sis0 146.141.0.0/16 tun1 US 0

On Fri, Dec 12, 2014 at 02:21:08AM -0500, md at rpzdesign.com wrote: > Oops, I got it to work only after putting the WAN on port 656 so it > did not interfere with port 655 for the LAN. You should not need to have two tinc daemons just because you have a WAN and a LAN interface. By default (ie, if you don't specify BindToAddress and/or BindToInterface), tinc listens on all interfaces,

Will this (in theory) work, or have I been around too much magic smoke that has escaped from fried equipment??? I have a system with two different internet connections. One connection is a WISP via an external bridging radio (ethernet to proprietary wireless back haul). The other connection is PPPoE ADSL via the local phone company. (I think) I am wanting to use equal cost multi path

Hi, i've got this problem with my jail and i'm abolutly lost as in the why of it. I previously posted this on comp.unix.bsd.freebsd.misc but i was advised to send here I was unable to find help on google :( To resume quick, when i'm in a jail, netstat doesn't work properly. Hopefully i have provided sufficient information for anyone willing to help me :p First of all, my system :

My intention is to set up tinc so that I can connect from home to an office network. All CPUs are running MacOs X, 10.2.8 or 10.3.5. I have read the tinc manual, tincd.8 and tinc.conf.5. However, I am still unclear about a few issues. First and foremost, how to I setup the VPN interfaces on the hosts, on MacOs X? Which file do I have to alter and what is the exact syntax on Os X to setup

If an ssh server receives a tun/tap tunnel request and sets up the tunnel concerned, as far as I can see there is currently no way for the server to configure the tunnel in a manner dependent upon (e.g) the key used to set up the ssh session. Whilst an id based on the key can be passed to the ssh child process, where the tunnel is dynamically allocated, its tunnel name is lost. This patch

On 11/06/19 13:29, Rowland penny via samba wrote: > On 11/06/2019 13:13, Sebastian Arcus via samba wrote: >> >> On 11/06/19 11:49, Rowland penny via samba wrote: >>> On 11/06/2019 11:38, Sebastian Arcus via samba wrote: >>>> >>>> On 11/06/19 11:07, Rowland penny via samba wrote: >>>>> On 11/06/2019 10:34, Sebastian Arcus via samba

Hi, Does anyone here have experience running Tinc on NixOS? I'm trying to run Tinc on a NixOS machine, using the similar configuration i had for Ubuntu. My home subnet is 192.168.1.0/24 and my work is 10.16.0.0/24. However, unlike ubuntu, when I start tincd on nixos, and try to 'ifconfig $INTERFACE 192.168.1.10 netmask 255.255.255.0' in my tinc-up, I loose network access on the box

I'm working from modified 5.0p1 codebase. What I'm looking for is a mechanism to limit the number of simultaneous connections on a per-user/IP basis. That is, disallow multiple simultaneous logins/authentication of the same user from different IP addresses. e.g.: fred from 10.1.1.1 - accept fred from 10.1.1.2 -- reject while fred is still connected from 10.1.1.1 fred from 10.1.1.1 - OK

https://bugzilla.mindrot.org/show_bug.cgi?id=2592 Bug ID: 2592 Summary: -R bind_address not working, always bind 0.0.0.0 Product: Portable OpenSSH Version: 7.2p1 Hardware: amd64 OS: Linux Status: NEW Severity: normal Priority: P5 Component: sshd Assignee: unassigned-bugs at

I see support in shorewall for the KAME-tools, how about strongswan ? I have setup shorewall 3.4.4 and strongswan 4.1.3, making this my vpn-gateway for the subnet behind it. # Shorewall version 3.4 - Zones File #ZONE TYPE OPTIONS IN OUT # OPTIONS OPTIONS fw firewall fil ipsec mode=tunnel mss=1400 net ipv4

[192.168.0.0/24 Lan] v [Shorewall box ''Curtain'', 192.168.0.254, DHCP to ISP, and a OpenVPN tunnel 10.4.0.2] v [Internet] v [Shorewall box ''statler'' 130.241.25.165, and an OpenVPN tunnel 10.4.0.1] Now, i have set a rule on statler ACCEPT vpn $FW tcp smtp and i have as below. root@statler:/etc/shorewall# cat zones | grep -v ^# net Net Internet