From nikolay.kostirya at i11.co Mon Dec 2 15:05:40 2019 From: nikolay.kostirya at i11.co (Nick Kostirya) Date: Mon, 2 Dec 2019 15:05:40 +0200 Subject: [freebsd] FreeBSD 12 and psm Message-ID: <20191202150540.47de688d@thinkpad> ??????. ?? FreeBSD 12 ?? ???????? ????????? ? ???????? (ThinkPad). ?? 11 ????????. ? ?? 12 ?????: > dmesg -a | grep psm psm0: failed to get status. psm0: irq 12 on atkbdc0 psm0: [GIANT-LOCKED] psm0: model Generic PS/2 mouse, device ID 0 psm0: failed to enable the device (doopen). Dec 2 08:53:35 thinkpad kernel: psm0: failed to enable the device (doopen). moused: unable to open /dev/psm0: Input/output error ????? ?? ?????, ??? ?????????? From vas at sibptus.ru Mon Dec 9 06:27:14 2019 From: vas at sibptus.ru (Victor Sudakov) Date: Mon, 9 Dec 2019 11:27:14 +0700 Subject: [freebsd] =?utf-8?b?0JLQvtC/0YDQvtGBINC/0L4gcGYg0Lgga2VlcCBzdGF0?= =?utf-8?q?e?= Message-ID: <20191209042714.GA79793@admin.sibptus.ru> ????????? ???????! ???? ?????? ?? pf ? states ? ???. ???????? ???????? ? freebsd-pf, ?? ??? ??? ???? ?? ????????, ??? ? ?? ?? ???????, ??????? ??????, ??? ??? ?????????? ????. ????? ??? ???? ??????? pf, ???????????????? ?????????? ???????????? ?? ??????? ?? ???? ??????: # DMZ 172.16.1.0/24 pass in on $dmz block in on $dmz from any to 192.168.0.0/16 # Inside 192.168.10.0/24 pass in on $inside ??????? ???? 172.16.1.10 ? ????? 192.168.10.3 ????? ???? ??????. ??? ????? ??????? state: root at fw:~ # pfctl -vvs state No ALTQ support in kernel ALTQ related functions disabled all icmp 172.16.1.10:62211 <- 192.168.10.3:62211 0:0 age 00:09:17, expires in 00:00:10, 531:0 pkts, 44604:0 bytes, rule 2 id: 000000005de8b503 creatorid: e8f0f0df root at fw:~ # ?????? ??????-?? ?????? ?? ???? (?????? ? 172.16.1.10 ?? 192.168.10.3) ??????? ?? ??????? "block in on $dmz from any to 192.168.0.0/16", ???? ? ??????, ??? ????????? state (???????? ????) ?????? ?? ?????????? ?????????? ?? ???????????? ??????? "block in on $dmz ..." ?????? ???? ?? ????????? state-policy=floating, ?.?. ?? ???? ??????????????? state ?? ???????? ? ?????????? ? ?????? ?????? ?????????? ???????? ?????? (echo reply ? 172.16.1.10 ?? 192.168.10.3). ?? ???. -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN 2:5005/49 at fidonet http://vas.tomsk.ru/ From vsasjason at gmail.com Mon Dec 9 09:25:23 2019 From: vsasjason at gmail.com (Anton Saietskii) Date: Mon, 9 Dec 2019 09:25:23 +0200 Subject: [freebsd] =?utf-8?b?0JLQvtC/0YDQvtGBINC/0L4gcGYg0Lgga2VlcCBzdGF0?= =?utf-8?q?e?= In-Reply-To: <20191209042714.GA79793@admin.sibptus.ru> References: <20191209042714.GA79793@admin.sibptus.ru> Message-ID: ??????, ??? ??-?? "the last matching rule wins" (?????? ?? man, pf ?? ?????????). On Mon, Dec 9, 2019, 06:27 Victor Sudakov wrote: > ????????? ???????! > > ???? ?????? ?? pf ? states ? ???. ???????? ???????? ? freebsd-pf, ?? ??? > ??? ???? ?? ????????, ??? ? ?? ?? ???????, ??????? ??????, ??? ??? > ?????????? ????. > > ????? ??? ???? ??????? pf, ???????????????? > > ?????????? ???????????? ?? ??????? ?? ???? ??????: > > # DMZ 172.16.1.0/24 > pass in on $dmz > block in on $dmz from any to 192.168.0.0/16 > # Inside 192.168.10.0/24 > pass in on $inside > > ??????? ???? 172.16.1.10 ? ????? 192.168.10.3 ????? ???? ??????. > ??? ????? ??????? state: > > root at fw:~ # pfctl -vvs state > No ALTQ support in kernel > ALTQ related functions disabled > all icmp 172.16.1.10:62211 <- 192.168.10.3:62211 0:0 > age 00:09:17, expires in 00:00:10, 531:0 pkts, 44604:0 bytes, rule 2 > id: 000000005de8b503 creatorid: e8f0f0df > root at fw:~ # > > ?????? ??????-?? ?????? ?? ???? (?????? ? 172.16.1.10 ?? 192.168.10.3) > ??????? ?? ??????? "block in on $dmz from any to 192.168.0.0/16", ???? > ? ??????, ??? ????????? state (???????? ????) ?????? ?? ?????????? > ?????????? ?? ???????????? ??????? "block in on $dmz ..." > > ?????? ???? > > ?? ????????? state-policy=floating, ?.?. ?? ???? ??????????????? state > ?? ???????? ? ?????????? ? ?????? ?????? ?????????? ???????? ?????? > (echo reply ? 172.16.1.10 ?? 192.168.10.3). ?? ???. > > -- > Victor Sudakov, VAS4-RIPE, VAS47-RIPN > 2:5005/49 at fidonet http://vas.tomsk.ru/ > _______________________________________________ > freebsd mailing list > freebsd at uafug.org.ua > http://mailman.uafug.org.ua/mailman/listinfo/freebsd > -------------- next part -------------- An HTML attachment was scrubbed... URL: From vas at sibptus.ru Mon Dec 9 10:04:40 2019 From: vas at sibptus.ru (Victor Sudakov) Date: Mon, 9 Dec 2019 15:04:40 +0700 Subject: [freebsd] =?utf-8?b?0JLQvtC/0YDQvtGBINC/0L4gcGYg0Lgga2VlcCBzdGF0?= =?utf-8?q?e?= In-Reply-To: References: <20191209042714.GA79793@admin.sibptus.ru> Message-ID: <20191209080440.GA84943@admin.sibptus.ru> Anton Saietskii wrote: > ??????, ??? ??-?? "the last matching rule wins" ??? ?????, ????????? ??? ??????? "block in on $dmz from any to 192.168.0.0/16", ??? ? ??????. ????? ? ???, ??? pf ??????? ???, ??? state ??????????????? *??* ??????, ? ???? state ???????? (? ?? ????????) - ?????? ?????? ????????????. > (?????? ?? man, pf ?? > ?????????). ????????? ?? ????, ??? ??????????. -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN 2:5005/49 at fidonet http://vas.tomsk.ru/ From vas at sibptus.ru Fri Dec 13 06:41:53 2019 From: vas at sibptus.ru (Victor Sudakov) Date: Fri, 13 Dec 2019 11:41:53 +0700 Subject: [freebsd] =?utf-8?b?0JLQvtC/0YDQvtGBINC/0L4gcGYg0Lgga2VlcCBzdGF0?= =?utf-8?q?e?= In-Reply-To: References: <20191209042714.GA79793@admin.sibptus.ru> Message-ID: <20191213044153.GA57449@admin.sibptus.ru> Anton Saietskii wrote: > > > > ?????????? ???????????? ?? ??????? ?? ???? ??????: > > > > # DMZ 172.16.1.0/24 > > pass in on $dmz > > block in on $dmz from any to 192.168.0.0/16 > > # Inside 192.168.10.0/24 > > pass in on $inside > > > > ??????? ???? 172.16.1.10 ? ????? 192.168.10.3 ????? ???? ??????. > > ??? ????? ??????? state: > > > > root at fw:~ # pfctl -vvs state > > No ALTQ support in kernel > > ALTQ related functions disabled > > all icmp 172.16.1.10:62211 <- 192.168.10.3:62211 0:0 > > age 00:09:17, expires in 00:00:10, 531:0 pkts, 44604:0 bytes, rule 2 > > id: 000000005de8b503 creatorid: e8f0f0df > > root at fw:~ # > > > > ?????? ??????-?? ?????? ?? ???? (?????? ? 172.16.1.10 ?? 192.168.10.3) > > ??????? ?? ??????? "block in on $dmz from any to 192.168.0.0/16", ???? > > ? ??????, ??? ????????? state (???????? ????) ?????? ?? ?????????? > > ?????????? ?? ???????????? ??????? "block in on $dmz ..." > > > > ?????? ???? > > > > ?? ????????? state-policy=floating, ?.?. ?? ???? ??????????????? state > > ?? ???????? ? ?????????? ? ?????? ?????? ?????????? ???????? ?????? > > (echo reply ? 172.16.1.10 ?? 192.168.10.3). ?? ???. ????? ???? ?????????? ????????? ???????????? ????????. ????? ????? ? ?????? ????????? Hauke Fath hf ?? spg.tu-darmstadt.de, ??????? ??? ????? ?? ???? ??????? ??? ???????? ? ipf ?? pf. ??????? ????. ????????? (state) ? pf ???????? ?? ???, ??? ? ipfw ??? ipf. ???? ???????? ? ipfw ????????? ???????????? ???????, ?? ? check-state ??? ????? ?????????? ?????? ? ????? ????????????, ?????? ? ????????. ? pf ?? ????????? ???? ??? state-policy=floating ???????? ???????????? ?? ?? ? ??????????, ?? ?? ? ??????????? ??????? (?.?. ??? ?? bidirectional). ?.?. ???? (??. ?????? ????) ???????? state ??? ???????????? "pass in on $inside", ???? state ?? ????????? ???????? ???????? ?????? ????? $dmz. ???? ????????? state ???????? "pass out on $dmz", ????? ???????? ?????? ???????. ?.?. ????? ?????? ?????? ????????? ???: # DMZ 172.16.1.0/24 pass in on $dmz block in on $dmz from any to 192.168.0.0/16 pass out on $dmz ???? ??? ??? ???? - ?? ?????? ??????. ?? ??? ??? ????? ? ???? (??? ??????? ? ????????????). ? ?????? ???????, ??? ?????? ?? reflective acl ? ?????. -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN 2:5005/49 at fidonet http://vas.tomsk.ru/ From vas at sibptus.ru Thu Dec 19 12:48:46 2019 From: vas at sibptus.ru (Victor Sudakov) Date: Thu, 19 Dec 2019 17:48:46 +0700 Subject: [freebsd] =?utf-8?b?0JLQvtC/0YDQvtGBINC/0L4gcGYg0Lgga2VlcCBzdGF0?= =?utf-8?q?e?= In-Reply-To: <20191213044153.GA57449@admin.sibptus.ru> References: <20191209042714.GA79793@admin.sibptus.ru> <20191213044153.GA57449@admin.sibptus.ru> Message-ID: <20191219104846.GA15623@admin.sibptus.ru> Victor Sudakov wrote: > ????? ???? ?????????? ????????? ???????????? ????????. ????? ????? ? ?????? > ????????? Hauke Fath hf ?? spg.tu-darmstadt.de, ??????? ??? ????? ?? ???? > ??????? ??? ???????? ? ipf ?? pf. > > ??????? ????. ????????? (state) ? pf ???????? ?? ???, ??? ? ipfw > ??? ipf. ???? ???????? ? ipfw ????????? ???????????? ???????, ?? ? > check-state ??? ????? ?????????? ?????? ? ????? ????????????, ?????? ? > ????????. > > ? pf ?? ????????? ???? ??? state-policy=floating ???????? ???????????? ?? > ?? ? ??????????, ?? ?? ? ??????????? ??????? (?.?. ??? ?? bidirectional). ?????? ?? ???????????? (? ????????? ??? ?? man pf): https://docs.oracle.com/cd/E37838_01/html/E60993/pfovw-rls.html#NWSECpfovw-passin -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN 2:5005/49 at fidonet http://vas.tomsk.ru/ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 455 bytes Desc: not available URL: From vas at sibptus.ru Sun Dec 22 15:17:49 2019 From: vas at sibptus.ru (Victor Sudakov) Date: Sun, 22 Dec 2019 20:17:49 +0700 Subject: [freebsd] =?utf-8?b?bXBkNS3RgdC10YDQstC10YAg0L3QtSDRg9GB0YLQsNC9?= =?utf-8?b?0LDQstC70LjQstCw0LXRgtGB0Y8gcHB0cCDRgdC+0LXQtNC40L0/P9C90Lg=?= =?utf-8?b?0LU=?= In-Reply-To: <9aeb6974-4c40-1440-694d-031d44b5ff19@grosbein.net> References: <466040df757d6ef07a90183aa0ffeef0.squirrel@mail.univ.kiev.ua> <007964c08b5ef876fb044e3e6863b249.squirrel@mail.univ.kiev.ua> <854d4f96-48f7-f580-6454-048675193368@grosbein.net> <9aeb6974-4c40-1440-694d-031d44b5ff19@grosbein.net> Message-ID: <20191222131749.GA15760@admin.sibptus.ru> Eugene Grosbein wrote: > > ? ???? ???? ?????? ? racoon ? ?????? ??? ????????????? ????? ??? ??, > ??? ??????, ?????? ?????? sainfo anonymous ??? ???? ????????? sainfo > ? ??????? local_id ? remote_id, ??? ??????? ? man racoon.conf ??? ?????? ????, ? ????? ???????. ???? ? ???? ? ipsec.conf ??? ???????? ??????? ??? ??????? L2TP ???????: spdadd x.x.x.x[any] y.y.y.y[1701] udp -P out ipsec esp/transport//require; spdadd y.y.y.y[1701] x.x.x.x[any] udp -P in ipsec esp/transport//require; ??? ???, ? racoon.conf ???? ????????? ??? ???????-?????????? sainfo ?????: sainfo address x.x.x.x [any] udp address y.y.y.y [1701] udp { ... } sainfo address y.y.y.y [1701] udp address x.x.x.x [any] udp { ... } ??? ?????????? ?????? ?? ???? -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN 2:5005/49 at fidonet http://vas.tomsk.ru/ -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 455 bytes Desc: not available URL: From eugen at grosbein.net Sun Dec 22 18:22:36 2019 From: eugen at grosbein.net (Eugene Grosbein) Date: Sun, 22 Dec 2019 23:22:36 +0700 Subject: [freebsd] =?utf-8?b?bXBkNS3RgdC10YDQstC10YAg0L3QtSDRg9GB0YLQsNC9?= =?utf-8?b?0LDQstC70LjQstCw0LXRgtGB0Y8gcHB0cCDRgdC+0LXQtNC40L0/P9C90Lg=?= =?utf-8?b?0LU=?= In-Reply-To: <20191222131749.GA15760@admin.sibptus.ru> References: <466040df757d6ef07a90183aa0ffeef0.squirrel@mail.univ.kiev.ua> <007964c08b5ef876fb044e3e6863b249.squirrel@mail.univ.kiev.ua> <854d4f96-48f7-f580-6454-048675193368@grosbein.net> <9aeb6974-4c40-1440-694d-031d44b5ff19@grosbein.net> <20191222131749.GA15760@admin.sibptus.ru> Message-ID: 22.12.2019 20:17, Victor Sudakov ?????: >> ? ???? ???? ?????? ? racoon ? ?????? ??? ????????????? ????? ??? ??, >> ??? ??????, ?????? ?????? sainfo anonymous ??? ???? ????????? sainfo >> ? ??????? local_id ? remote_id, ??? ??????? ? man racoon.conf > > ??? ?????? ????, ? ????? ???????. ???? ? ???? ? ipsec.conf ??? ???????? > ??????? ??? ??????? L2TP ???????: > > spdadd x.x.x.x[any] y.y.y.y[1701] udp -P out ipsec esp/transport//require; > spdadd y.y.y.y[1701] x.x.x.x[any] udp -P in ipsec esp/transport//require; > > ??? ???, ? racoon.conf ???? ????????? ??? ???????-?????????? sainfo ?????: > > sainfo address x.x.x.x [any] udp address y.y.y.y [1701] udp { ... } > sainfo address y.y.y.y [1701] udp address x.x.x.x [any] udp { ... } > > ??? ?????????? ?????? ?? ???? ????????? ??? ????????, ????? ???. From vas at sibptus.ru Mon Dec 23 04:56:27 2019 From: vas at sibptus.ru (Victor Sudakov) Date: Mon, 23 Dec 2019 09:56:27 +0700 Subject: [freebsd] =?utf-8?b?bXBkNS3RgdC10YDQstC10YAg0L3QtSDRg9GB0YLQsNC9?= =?utf-8?b?0LDQstC70LjQstCw0LXRgtGB0Y8gcHB0cCDRgdC+0LXQtNC40L0/P9C90Lg=?= =?utf-8?b?0LU=?= In-Reply-To: References: <466040df757d6ef07a90183aa0ffeef0.squirrel@mail.univ.kiev.ua> <007964c08b5ef876fb044e3e6863b249.squirrel@mail.univ.kiev.ua> <854d4f96-48f7-f580-6454-048675193368@grosbein.net> <9aeb6974-4c40-1440-694d-031d44b5ff19@grosbein.net> <20191222131749.GA15760@admin.sibptus.ru> Message-ID: <20191223025627.GA34157@admin.sibptus.ru> Eugene Grosbein wrote: > > >> ? ???? ???? ?????? ? racoon ? ?????? ??? ????????????? ????? ??? ??, > >> ??? ??????, ?????? ?????? sainfo anonymous ??? ???? ????????? sainfo > >> ? ??????? local_id ? remote_id, ??? ??????? ? man racoon.conf > > > > ??? ?????? ????, ? ????? ???????. ???? ? ???? ? ipsec.conf ??? ???????? > > ??????? ??? ??????? L2TP ???????: > > > > spdadd x.x.x.x[any] y.y.y.y[1701] udp -P out ipsec esp/transport//require; > > spdadd y.y.y.y[1701] x.x.x.x[any] udp -P in ipsec esp/transport//require; > > > > ??? ???, ? racoon.conf ???? ????????? ??? ???????-?????????? sainfo ?????: > > > > sainfo address x.x.x.x [any] udp address y.y.y.y [1701] udp { ... } > > sainfo address y.y.y.y [1701] udp address x.x.x.x [any] udp { ... } > > > > ??? ?????????? ?????? ?? ???? > > ????????? ??? ????????, ????? ???. ? /usr/local/share/examples/ipsec-tools/ ?????? ???? ?????? ???????????? sainfo ??? IPv4: sainfo address 203.178.141.209 any address 203.178.141.218 any {...} ? ????????? ? ??????? ???. ? ?? ???????, ???? ?????? sainfo ???? ????? ????????? ? remote ????? ? ??????? IP ??????: remote "vpngw" { remote_address 203.178.141.218; ... } ?? ??? ?? ???????? sainfo ? ????? ?? (?) remote ????? ??????????? ??????? -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN 2:5005/49 at fidonet http://vas.tomsk.ru/ From eugen at grosbein.net Mon Dec 23 05:27:37 2019 From: eugen at grosbein.net (Eugene Grosbein) Date: Mon, 23 Dec 2019 10:27:37 +0700 Subject: [freebsd] =?utf-8?b?bXBkNS3RgdC10YDQstC10YAg0L3QtSDRg9GB0YLQsNC9?= =?utf-8?b?0LDQstC70LjQstCw0LXRgtGB0Y8gcHB0cCDRgdC+0LXQtNC40L0/P9C90Lg=?= =?utf-8?b?0LU=?= In-Reply-To: <20191223025627.GA34157@admin.sibptus.ru> References: <466040df757d6ef07a90183aa0ffeef0.squirrel@mail.univ.kiev.ua> <007964c08b5ef876fb044e3e6863b249.squirrel@mail.univ.kiev.ua> <854d4f96-48f7-f580-6454-048675193368@grosbein.net> <9aeb6974-4c40-1440-694d-031d44b5ff19@grosbein.net> <20191222131749.GA15760@admin.sibptus.ru> <20191223025627.GA34157@admin.sibptus.ru> Message-ID: 23.12.2019 9:56, Victor Sudakov ?????: > Eugene Grosbein wrote: >> >>>> ? ???? ???? ?????? ? racoon ? ?????? ??? ????????????? ????? ??? ??, >>>> ??? ??????, ?????? ?????? sainfo anonymous ??? ???? ????????? sainfo >>>> ? ??????? local_id ? remote_id, ??? ??????? ? man racoon.conf >>> >>> ??? ?????? ????, ? ????? ???????. ???? ? ???? ? ipsec.conf ??? ???????? >>> ??????? ??? ??????? L2TP ???????: >>> >>> spdadd x.x.x.x[any] y.y.y.y[1701] udp -P out ipsec esp/transport//require; >>> spdadd y.y.y.y[1701] x.x.x.x[any] udp -P in ipsec esp/transport//require; >>> >>> ??? ???, ? racoon.conf ???? ????????? ??? ???????-?????????? sainfo ?????: >>> >>> sainfo address x.x.x.x [any] udp address y.y.y.y [1701] udp { ... } >>> sainfo address y.y.y.y [1701] udp address x.x.x.x [any] udp { ... } >>> >>> ??? ?????????? ?????? ?? ???? >> >> ????????? ??? ????????, ????? ???. > > ? /usr/local/share/examples/ipsec-tools/ ?????? ???? ?????? ???????????? > sainfo ??? IPv4: > > sainfo address 203.178.141.209 any address 203.178.141.218 any {...} > > ? ????????? ? ??????? ???. ? ?? ???????, ???? ?????? sainfo ???? ????? > ????????? ? remote ????? ? ??????? IP ??????: > > remote "vpngw" { > remote_address 203.178.141.218; > ... > } > > ?? ??? ?? ???????? sainfo ? ????? ?? (?) remote ????? ??????????? > ??????? ?? man racoon.conf: Remote Nodes Specifications ... ph1id number; An optional number to identify the remote proposal and to link it only with sainfos who have the same number. Defaults to 0. Sainfo Specifications ... remoteid number; Sainfos will only be used if their remoteid matches the ph1id of the remote section used for phase 1. Defaults to 0, which is also the default for ph1id. From vas at sibptus.ru Mon Dec 23 08:00:44 2019 From: vas at sibptus.ru (Victor Sudakov) Date: Mon, 23 Dec 2019 13:00:44 +0700 Subject: [freebsd] =?utf-8?b?bXBkNS3RgdC10YDQstC10YAg0L3QtSDRg9GB0YLQsNC9?= =?utf-8?b?0LDQstC70LjQstCw0LXRgtGB0Y8gcHB0cCDRgdC+0LXQtNC40L0/P9C90Lg=?= =?utf-8?b?0LU=?= In-Reply-To: References: <007964c08b5ef876fb044e3e6863b249.squirrel@mail.univ.kiev.ua> <854d4f96-48f7-f580-6454-048675193368@grosbein.net> <9aeb6974-4c40-1440-694d-031d44b5ff19@grosbein.net> <20191222131749.GA15760@admin.sibptus.ru> <20191223025627.GA34157@admin.sibptus.ru> Message-ID: <20191223060044.GA36435@admin.sibptus.ru> Eugene Grosbein wrote: > >> > >>>> ? ???? ???? ?????? ? racoon ? ?????? ??? ????????????? ????? ??? ??, > >>>> ??? ??????, ?????? ?????? sainfo anonymous ??? ???? ????????? sainfo > >>>> ? ??????? local_id ? remote_id, ??? ??????? ? man racoon.conf > >>> > >>> ??? ?????? ????, ? ????? ???????. ???? ? ???? ? ipsec.conf ??? ???????? > >>> ??????? ??? ??????? L2TP ???????: > >>> > >>> spdadd x.x.x.x[any] y.y.y.y[1701] udp -P out ipsec esp/transport//require; > >>> spdadd y.y.y.y[1701] x.x.x.x[any] udp -P in ipsec esp/transport//require; > >>> > >>> ??? ???, ? racoon.conf ???? ????????? ??? ???????-?????????? sainfo ?????: > >>> > >>> sainfo address x.x.x.x [any] udp address y.y.y.y [1701] udp { ... } > >>> sainfo address y.y.y.y [1701] udp address x.x.x.x [any] udp { ... } > >>> > >>> ??? ?????????? ?????? ?? ???? > >> > >> ????????? ??? ????????, ????? ???. > > > > ? /usr/local/share/examples/ipsec-tools/ ?????? ???? ?????? ???????????? > > sainfo ??? IPv4: > > > > sainfo address 203.178.141.209 any address 203.178.141.218 any {...} > > > > ? ????????? ? ??????? ???. ? ?? ???????, ???? ?????? sainfo ???? ????? > > ????????? ? remote ????? ? ??????? IP ??????: > > > > remote "vpngw" { > > remote_address 203.178.141.218; > > ... > > } > > > > ?? ??? ?? ???????? sainfo ? ????? ?? (?) remote ????? ??????????? > > ??????? > > ?? man racoon.conf: > > Remote Nodes Specifications > ... > ph1id number; > An optional number to identify the remote proposal and to > link it only with sainfos who have the same number. > Defaults to 0. > Sainfo Specifications > ... > remoteid number; > Sainfos will only be used if their remoteid matches the > ph1id of the remote section used for phase 1. Defaults > to 0, which is also the default for ph1id. IMHO ph1id ???????????? ??? ?????-?? ??????? ???????, ???? ?? ?????? ??????????? sainfo ???? ???????????? ????????? ????? ???????. ? ??? ?? man racoon.conf ???? ????? ?????? "optional". -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN 2:5005/49 at fidonet http://vas.tomsk.ru/ From eugen at grosbein.net Mon Dec 23 08:13:57 2019 From: eugen at grosbein.net (Eugene Grosbein) Date: Mon, 23 Dec 2019 13:13:57 +0700 Subject: [freebsd] =?utf-8?b?bXBkNS3RgdC10YDQstC10YAg0L3QtSDRg9GB0YLQsNC9?= =?utf-8?b?0LDQstC70LjQstCw0LXRgtGB0Y8gcHB0cCDRgdC+0LXQtNC40L0/P9C90Lg=?= =?utf-8?b?0LU=?= In-Reply-To: <20191223060044.GA36435@admin.sibptus.ru> References: <007964c08b5ef876fb044e3e6863b249.squirrel@mail.univ.kiev.ua> <854d4f96-48f7-f580-6454-048675193368@grosbein.net> <9aeb6974-4c40-1440-694d-031d44b5ff19@grosbein.net> <20191222131749.GA15760@admin.sibptus.ru> <20191223025627.GA34157@admin.sibptus.ru> <20191223060044.GA36435@admin.sibptus.ru> Message-ID: <5e6e51d7-8b18-2d7f-e253-a4f7204504a2@grosbein.net> 23.12.2019 13:00, Victor Sudakov ?????: >>> ?? ??? ?? ???????? sainfo ? ????? ?? (?) remote ????? ??????????? >>> ??????? >> >> ?? man racoon.conf: >> >> Remote Nodes Specifications >> ... >> ph1id number; >> An optional number to identify the remote proposal and to >> link it only with sainfos who have the same number. >> Defaults to 0. >> Sainfo Specifications >> ... >> remoteid number; >> Sainfos will only be used if their remoteid matches the >> ph1id of the remote section used for phase 1. Defaults >> to 0, which is also the default for ph1id. > > IMHO ph1id ???????????? ??? ?????-?? ??????? ???????, ???? ?? ?????? > ??????????? sainfo ???? ???????????? ????????? ????? ???????. ? ??? ?? > man racoon.conf ???? ????? ?????? "optional". ??? ??? ????? ?? ??????, ??? ????? ????????? sainfo ? remote.