ISAKMPD | stopping, flushing, reloading

Stopping: If isamkmpd is running in the foreground, ctrl+c does not flush existing connections (SAD’s). Do a little ipsecctl -F kill -9 kills only the daemon, the connections stay alive. Use kill -TERM instead. Or use the isakmpd FIFO user interface: echo ‘Q’ > /var/run/isakmpd.fifo Reloading: kill -HUP or echo ‘R’ > /var/run/isakmpd.fifo

OpenBSD | isakmpd | Public key authentication

Prepare OpenBSD Prepare the network interfaces. Delete /etc/mygate when using dhcp. Create /etc/sysctl.conf. net.inet.esp.enable=1 # Enable the ESP IPsec protocol net.inet.ah.enable=1 # Enable the AH IPsec protocol net.inet.ip.forwarding=1 # Enable IP forwarding for the host. net.inet.ipcomp.enable=1 # Optional: compress IP datagrams Create /etc/rc.conf.local isakmpd_flags=”” # Avoid keynote(4) policy checking ipsec=YES # Load ipsec.conf(5) rules Some […]

OpenBSD 5.1 and earlier | Cloning a disk the easy way

#!/bin/sh DISKLABEL=$(which disklabel) FDISK=$(which fdisk) DUMP=$(which dump) RESTORE=$(which restore) NEWFS=$(which newfs) MOUNT=$(which mount) UMOUNT=$(which umount) DUMP=$(which dump) RESTORE=$(which restore) MNT=”/mnt” LABEL=”/tmp/label” if [ $# -lt 2 ]; then echo “usage: FROM TO” echo “example: wd0 wd1” exit fi SRC=$1 $DISKLABEL $SRC > /dev/null || exit TAR=$2 $DISKLABEL $TAR > /dev/null || exit #echo […]