![[malb]](http://www.informatik.uni-bremen.de/~malb/images/blog.png "back to main"){kind=small}
Two Remote Holes in 10 Years
Just a quick note: Upgrade your OpenBSD installations as soon as possible as OpenBSD just had its second remote hole in ten years. While this doubles the number of remote holes found in OpenBSD, two is still a pretty low number. Details are on Undeadly and in Theo de Raadt’s post on misc@openbsd.org.
Tue, 11. Oct 2005pf.conf for IPSec
As I needed approx 4 hours to figure it out even though it’s pretty simple. When playing
around with IPSec under OpenBSD (isakmpd) and your Security Association is finally established but you cannot ping around make sure you have
pass quick on enc0
in your pf.conf.
While you’re editing pf.conf you might want to add some scrubbing for your traffic as IPSec increases the MTU:
scrub on $ext_if all fragment reassemble random-id no-df max-mss 1440
You don’t really need reassemble, random-id and fragment.
