OpenBSD Tangoe tips tricks

From Igor personal wiki
Jump to: navigation, search

Login to the FW

ssh to node1 or node2 of FW 

sudo -i

and enter your password

Adding new LB record:

List of ip associated with FW: 

ifconfig -A

If IP already in this list -> we can edit LB configuration.

LB configuration is: 

vi /etc/relayd.conf

to add new LB configuration you need to add to the file records like: 

relay EXTERNAL-IP_PORT {
        listen on EXTERNAL-IP port PORT
        protocol tcp_relay
        forward to INTERNAL-IP port PORT
}

replace EXTERNAL-IP, INTERNAL-IP, PORT with appropriate values

Save config.

Check syntax: 

relayd -nf /etc/relayd.conf

If syntax is OK. Load new configuration: 

relayctl reload

Check new running configuration: 

relayctl sh relay

Adding new record on FW to allow traffic to pass and be Loadbalanced.

FW config 

vi /etc/pf.conf

Find in config file section called RelayD and subsection related to subnet, which IP you going to add. 

#-------------------------------------
#  Relayd
#-------------------------------------

# Subnet 184.107.110.0/24

After that add record like: 

pass quick on $IF_ext inet proto tcp from any to EXTERNAL-IP  port {PORT1, PORT2, PORT3}

or 

pass quick on $IF_ext inet proto tcp from any to EXTERNAL-IP  port PORT

Save config file. Check syntax:

pfctl -nf /etc/pf.conf

if syntax ok. Reload FW:

pfctl -f /etc/pf.conf

DO THE SAME ON NODE2


Check VPN status 

ipsecctl -sa  - list of ipsec SA established for each tunnel (each network to network pair)



ping -I 172.20.0.252 10.6.5.5 - ping other side of the tunnel
Retrieved from "http://wiki.it-security.ca/404.html"