Re: [CentOS] SSD disk and SMART errors
On 04/01/2016 06:55 PM, Miguel Medalha wrote: Two days ago I installed a brand new SSDNow E50 series (Enterprise) disk on a server. I intend to move the OS there. I just did the physical install and copied a few files to and from it just to see if it was OK. I left it there, waiting for an opportunity to configure it to do real work. Now I have looked at it with smartctl -a and it gives me the following info: 198 Offline_Uncorrectable 0x0010 120 120 000Old_age Offline - 75479755259904 Just look at the number under "198 Offline_Uncorrectable". Is this normal for this type of disk? Is smartctl misinterpreting the disk's features? The disk has been there essentially doing nothing and it presents such enormous numbers of errors. Why? That raw parameter is holding something other than a raw count, and smartctl doesn't know how to interpret the high-order bits. 75479755259904 = 0x44a6 -- Bob Nichols "NOSPAM" is really part of my email address. Do NOT delete it. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] SSD disk and SMART errors
Two days ago I installed a brand new SSDNow E50 series (Enterprise) disk on a server. I intend to move the OS there. I just did the physical install and copied a few files to and from it just to see if it was OK. I left it there, waiting for an opportunity to configure it to do real work. Now I have looked at it with smartctl -a and it gives me the following info: 1 Raw_Read_Error_Rate 0x0033 104 104 050Pre-fail Always - 9127078 5 Reallocated_Sector_Ct 0x0033 100 100 003Pre-fail Always - 0 9 Power_On_Hours 0x0032 100 100 000Old_age Always - 55 (241 12 0) 12 Power_Cycle_Count 0x0032 100 100 000Old_age Always - 7 13 Read_Soft_Error_Rate0x0032 104 104 000Old_age Always - 9127078 100 Unknown_Attribute 0x0032 000 000 000Old_age Always - 4 170 Unknown_Attribute 0x0032 000 000 000Old_age Always - 8480 171 Unknown_Attribute 0x000a 100 100 000Old_age Always - 0 172 Unknown_Attribute 0x0032 100 100 000Old_age Always - 0 174 Unknown_Attribute 0x0030 000 000 000Old_age Offline - 6 177 Wear_Leveling_Count 0x 000 000 000Old_age Offline - 0 181 Program_Fail_Cnt_Total 0x000a 100 100 000Old_age Always - 0 182 Erase_Fail_Count_Total 0x0032 100 100 000Old_age Always - 0 184 End-to-End_Error0x0032 100 100 090Old_age Always - 0 187 Reported_Uncorrect 0x0012 100 100 000Old_age Always - 0 194 Temperature_Celsius 0x0022 028 033 000Old_age Always - 28 (Min/Max 20/33) 195 Hardware_ECC_Recovered 0x001c 120 120 000Old_age Offline - 9127078 196 Reallocated_Event_Count 0x0033 100 100 003Pre-fail Always - 0 198 Offline_Uncorrectable 0x0010 120 120 000Old_age Offline - 75479755259904 199 UDMA_CRC_Error_Count0x0032 200 200 000Old_age Always - 0 201 Unknown_SSD_Attribute 0x001c 120 120 000Old_age Offline - 9127078 204 Soft_ECC_Correction 0x001c 120 120 000Old_age Offline - 9127078 230 Unknown_SSD_Attribute 0x0013 100 100 000Pre-fail Always - 0 231 Temperature_Celsius 0x 100 100 011Old_age Offline - 0 232 Available_Reservd_Space 0x0032 000 000 000Old_age Always - 33 233 Media_Wearout_Indicator 0x0032 000 000 000Old_age Always - 6 234 Unknown_Attribute 0x0032 000 000 000Old_age Always - 7 235 Unknown_Attribute 0x0033 100 100 002Pre-fail Always - 0 241 Total_LBAs_Written 0x0032 000 000 000Old_age Always - 7 242 Total_LBAs_Read 0x0032 000 000 000Old_age Always - 5 Just look at the number under "198 Offline_Uncorrectable". Is this normal for this type of disk? Is smartctl misinterpreting the disk's features? The disk has been there essentially doing nothing and it presents such enormous numbers of errors. Why? This is under CentOS 7 (1511). ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Is there a way to detect/validate DHCP static IP assignment?
Wow, it works perfectly! all solved. Thanks. -- David On Thursday, March 31, 2016 11:46 AM, David Copperfieldwrote: Hi tris, Many thanks, I'll give the perl script a try shortly Best,David On Thursday, March 31, 2016 6:00 AM, Tris Hoar wrote: On 30/03/2016 18:08, David Copperfield wrote: > Hi, > We have tens of networks(VLANs) in data center with a central Linux DHCP >server. each network has their router to do the DHCP relay. So, the DHCP >server's configuration files has tens 'subnet' statements. > Because PXE booting is standard in whole data center, there are also > thousands of static MAC-IP mapping 'host' statements in dhcp configuration. > The big challenge with a central dhcp server is how to detect typo in the > thousands of MAC-IP 'host' statements? -- a single char/digit typo here will > fail a PXE booting or download wrong post-installation snippets. > > Is there a tool to validate all 'host' statements from another Linux box? > > I tried nagios check-dhcp plugin, with a series of real MAC addresses(for > hosts in other different networks). Surprisingly, the IP address came back > were not the static IP addresses in 'host' statement, but dynamic addresses > in the pool defined for this particular network (where I ran check-dhcp from). > check_dhcp was run with the following arguments: > > /usr/lib64/nagios/plugins/check_dhcp --verbose --server= > --interface=eth0 --mac= --unicast > remove --unicast doesn't help but just see more DHCP replys. > Interestingly, with a same MAC address, and the above same command, from two > Centos boxes on different network there will be different dynamic IPs! > instead the static IP defined with 'host' statement. > > So, how can we validate static IP assignment? Thanks. > Best,David, > Hi David, You need to use check_dhcp_relayed.pl (https://github.com/timb07/check_dhcp_relayed) if you wish to test for a reservation outside of the servers subnet, otherwise the DHCP server will assume you are on the local range and issue from that subnet. Also as an FYI Forman (http://theforeman.org) can do things like building VM's and Physical servers and integrates with DHCP to create static DHCP reservations for PXE booting servers which should eliminate typos. Tris * This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify postmas...@bgfl.org The views expressed within this email are those of the individual, and not necessarily those of the organisation * ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] RHEL 5 EOL
On 04/01/2016 03:57 AM, Tris Hoar wrote: Hi List, As an FYI Red Hat have announced the 1 year EOL notice for RHEL 5. Anyone still using CentOS 5 would do well to start planning on upgrading to 6 or 7. Tris I would recommend 7 unless you have an application that just won't run on it. And then, I would to find a way. CentOS 7 really is a beautiful distribution, I switched all my CentOS 5 and 6 servers to it once I had been using it for a few weeks. Yeah yeah systemd but systemd isn't that hard to get use to. -- -=- Sent my from my laptop, may not be able to respond timely ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Libreswan PEM format
I did :) I'm all for an easy life. I got a very similar error instead of but no connection has been authorized with policy RSASIG+IKEV1_ALLOW I got but no connection has been authorized with policy PSK+IKEV1_ALLOW I did read somewhere though errors are re herrings which is helpful. Thanks On 1 April 2016 at 18:39, Eero Volotinenwrote: > IPSec is very complex with certificates. try first with PSK authentication > and then with certificates > > -- > Eero > > 2016-04-01 20:21 GMT+03:00 Glenn Pierce : > >> I generated according to the docs . Which produced >> my server.secrets as below >> >> used the command >> >> ipsec newhostkey --configdir /etc/ipsec.d --output >> /etc/ipsec.d/www.example.com.secrets >> >> >> : RSA { >> # RSA 3328 bits ***.**.net Fri Apr 1 15:39:32 2016 >> # for signatures only, UNSAFE FOR ENCRYPTION >> >> #pubkey=0sAQPs3gZ6GBRJSoy/6RxrL/cMv0JnYEKR/SYmXUCVlkBFNi2D7VJsa17ffvmBUjLLD6/T72M31JvlPhkSzK/YSPpoh8hNtSB4IDlD2WGks+hYlnQ4ZSOaj5LHFRFochUVQAiSWgx4OnvI9cYrj+rDZL/0vtGeLDJiLeTSj3DLfWCi2DG/LzZ1ukQMQCETMb6vZ9YcC21iQUNxEHLVJlTSltVdpyWnWfKvoQ9K3NFiVVsXZ0+puQCHWJqp1OQtesaSCQNzeUgjmhm5W+kVzQ1NkeCz6Me0iQEIzH+b6gdJrjRzgwhU1ZRXfthP4QiIANh9C9uI2VGj1tM05qXm2Ps9KZiholyQSKmjZNXU1RBzQdc2T09WsGRBPFprH8k3nN2MpWkWj1Tljawx7uRoCWtH0UkOhe04kPzZ4M5CHplNEM7fO05DraRt7F99oN2cYuRHCzLD53QwdS8ptw3G1FCiSK7+v3klE0zemBToknFAT5Oy5XiHILLkNccjXmJ12eyw1qUX/jM7r+COGQQfefYbv8fokxJy+dSB2JmPqOT05ssvMw== >> Modulus: >> >> 0xecde067a1814494a8cbfe91c6b2ff70cbf4267604291fd26265d4095964045362d83ed526c6b5edf7ef9815232cb0fafd3ef6337d49be53e1912ccafd848fa6887c84db52078203943d961a4b3e85896743865239a8f92c71511687215154008925a0c783a7bc8f5c62b8feac364bff4bed19e2c32622de4d28f70cb7d60a2d831bf2f3675ba440c40211331beaf67d61c0b6d624143711072d52654d296d55da725a759f2afa10f4adcd162555b17674fa9b90087589aa9d4e42d7ac6920903737948239a19b95be915cd0d4d91e0b3e8c7b4890108cc7f9bea0749ae3473830854d594577ed84fe1088800d87d0bdb88d951a3d6d334e6a5e6d8fb3d2998a1a25c9048a9a364d5d4d5107341d7364f4f56b064413c5a6b1fc9379cdd8ca569168f54e58dac31eee468096b47d1490e85ed3890fcd9e0ce421e994d10cedf3b4e43ada46dec5f7da0dd9c62e4470b32c3e77430752f29b70dc6d450a248aefebf7925134cde9814e89271404f93b2e5788720b2e435c7235e6275d9ecb0d6a517fe333bafe08e19041f79f61bbfc7e8931272f9d481d8998fa8e4f4e6cb2f33 >> PublicExponent: 0x03 >> # everything after this point is CKA_ID in hex format - not >> the real values >> PrivateExponent: 0x3d2c8bd4f34e4a395a5f57dd3d2211c8cbb82514 >> Prime1: 0x3d2c8bd4f34e4a395a5f57dd3d2211c8cbb82514 >> Prime2: 0x3d2c8bd4f34e4a395a5f57dd3d2211c8cbb82514 >> Exponent1: 0x3d2c8bd4f34e4a395a5f57dd3d2211c8cbb82514 >> Exponent2: 0x3d2c8bd4f34e4a395a5f57dd3d2211c8cbb82514 >> Coefficient: 0x3d2c8bd4f34e4a395a5f57dd3d2211c8cbb82514 >> CKAIDNSS: 0x3d2c8bd4f34e4a395a5f57dd3d2211c8cbb82514 >> } >> # do not change the indenting of that "}" >> >> On 1 April 2016 at 18:04, Eero Volotinen wrote: >> > You must define connection address and key in ipsec.secrets. >> > >> > -- >> > Eero >> > >> > >> > 2016-04-01 19:38 GMT+03:00 Glenn Pierce : >> > >> >> Just trying to follow the instructions here >> >> >> >> >> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Security_Guide/sec-Securing_Virtual_Private_Networks.html >> >> >> >> I don't think I am doing anything special. >> >> >> >> At the point where there is some communication going on >> >> >> >> Getting this error >> >> >> >> packet from *:1024: received Vendor ID payload [Cisco-Unity] >> >> Apr 01 17:33:44 carneab4.memset.net pluto[15986]: packet from >> >> ***:1024: received Vendor ID payload [Dead Peer Detection] >> >> Apr 01 17:33:44 carneab4.memset.net pluto[15986]: packet from *** >> >> :1024: initial Main Mode message received on :500 but no >> >> connection has been authorized with policy RSASIG+IKEV1_ALLOW >> >> >> >> The errors are so vague. >> >> Not sure what the problem is now >> >> >> >> >> >> >> >> My conf >> >> >> >> >> >> >> >> conn tunnel >> >> #phase2alg=aes256-sha1;modp1024 >> >> keyexchange=ike >> >> #ike=aes256-sha1;modp1024 >> >> left=192.168.1.122 >> >> leftnexthop=81.129.247.152 # My ISP assigned external ip adresss >> >> (I am testing at home) >> >> >> >> >> leftrsasigkey=0sAQPs3gZ6GBRJSoy/6RxrL/cMv0JnYEKR/SYmXUCVlkBFNi2D7VJsa17ffvmBUjLLD6/T72M31JvlPhkSzK/YSPpoh8hNtSB4IDlD2WGks+hYlnQ4ZSOaj5LHFRFochUVQAiSWgx4OnvI9cYrj+rDZL/0vtGeLDJiLeTSj3DLfWCi2DG/LzZ1ukQMQCETMb6vZ9YcC21iQUNxEHLVJlTSltVdpyWnWfKvoQ9K3NFiVVsXZ0+puQCHWJqp1OQtesaSCQNzeUgjmhm5W+kVzQ1NkeCz6Me0iQEIzH+b6gdJrjRzgwhU1ZRXfthP4QiIANh9C9uI2VGj1tM05qXm2Ps9KZiholyQSKmjZNXU1RBzQdc2T09WsGRBPFprH8k3nN2MpWkWj1Tljawx7uRoCWtH0UkOhe04kPzZ4M5CHplNEM7fO05DraRt7F99oN2cYuRHCzLD53QwdS8ptw3G1FCiSK7+v3klE0zemBToknFAT5Oy5XiHILLkNccjXmJ12eyw1qUX/jM7r+COGQQfefYbv8fokxJy+dSB2JmPqOT05ssvMw== >> >>
Re: [CentOS] Libreswan PEM format
IPSec is very complex with certificates. try first with PSK authentication and then with certificates -- Eero 2016-04-01 20:21 GMT+03:00 Glenn Pierce: > I generated according to the docs . Which produced > my server.secrets as below > > used the command > > ipsec newhostkey --configdir /etc/ipsec.d --output > /etc/ipsec.d/www.example.com.secrets > > > : RSA { > # RSA 3328 bits ***.**.net Fri Apr 1 15:39:32 2016 > # for signatures only, UNSAFE FOR ENCRYPTION > > #pubkey=0sAQPs3gZ6GBRJSoy/6RxrL/cMv0JnYEKR/SYmXUCVlkBFNi2D7VJsa17ffvmBUjLLD6/T72M31JvlPhkSzK/YSPpoh8hNtSB4IDlD2WGks+hYlnQ4ZSOaj5LHFRFochUVQAiSWgx4OnvI9cYrj+rDZL/0vtGeLDJiLeTSj3DLfWCi2DG/LzZ1ukQMQCETMb6vZ9YcC21iQUNxEHLVJlTSltVdpyWnWfKvoQ9K3NFiVVsXZ0+puQCHWJqp1OQtesaSCQNzeUgjmhm5W+kVzQ1NkeCz6Me0iQEIzH+b6gdJrjRzgwhU1ZRXfthP4QiIANh9C9uI2VGj1tM05qXm2Ps9KZiholyQSKmjZNXU1RBzQdc2T09WsGRBPFprH8k3nN2MpWkWj1Tljawx7uRoCWtH0UkOhe04kPzZ4M5CHplNEM7fO05DraRt7F99oN2cYuRHCzLD53QwdS8ptw3G1FCiSK7+v3klE0zemBToknFAT5Oy5XiHILLkNccjXmJ12eyw1qUX/jM7r+COGQQfefYbv8fokxJy+dSB2JmPqOT05ssvMw== > Modulus: > > 0xecde067a1814494a8cbfe91c6b2ff70cbf4267604291fd26265d4095964045362d83ed526c6b5edf7ef9815232cb0fafd3ef6337d49be53e1912ccafd848fa6887c84db52078203943d961a4b3e85896743865239a8f92c71511687215154008925a0c783a7bc8f5c62b8feac364bff4bed19e2c32622de4d28f70cb7d60a2d831bf2f3675ba440c40211331beaf67d61c0b6d624143711072d52654d296d55da725a759f2afa10f4adcd162555b17674fa9b90087589aa9d4e42d7ac6920903737948239a19b95be915cd0d4d91e0b3e8c7b4890108cc7f9bea0749ae3473830854d594577ed84fe1088800d87d0bdb88d951a3d6d334e6a5e6d8fb3d2998a1a25c9048a9a364d5d4d5107341d7364f4f56b064413c5a6b1fc9379cdd8ca569168f54e58dac31eee468096b47d1490e85ed3890fcd9e0ce421e994d10cedf3b4e43ada46dec5f7da0dd9c62e4470b32c3e77430752f29b70dc6d450a248aefebf7925134cde9814e89271404f93b2e5788720b2e435c7235e6275d9ecb0d6a517fe333bafe08e19041f79f61bbfc7e8931272f9d481d8998fa8e4f4e6cb2f33 > PublicExponent: 0x03 > # everything after this point is CKA_ID in hex format - not > the real values > PrivateExponent: 0x3d2c8bd4f34e4a395a5f57dd3d2211c8cbb82514 > Prime1: 0x3d2c8bd4f34e4a395a5f57dd3d2211c8cbb82514 > Prime2: 0x3d2c8bd4f34e4a395a5f57dd3d2211c8cbb82514 > Exponent1: 0x3d2c8bd4f34e4a395a5f57dd3d2211c8cbb82514 > Exponent2: 0x3d2c8bd4f34e4a395a5f57dd3d2211c8cbb82514 > Coefficient: 0x3d2c8bd4f34e4a395a5f57dd3d2211c8cbb82514 > CKAIDNSS: 0x3d2c8bd4f34e4a395a5f57dd3d2211c8cbb82514 > } > # do not change the indenting of that "}" > > On 1 April 2016 at 18:04, Eero Volotinen wrote: > > You must define connection address and key in ipsec.secrets. > > > > -- > > Eero > > > > > > 2016-04-01 19:38 GMT+03:00 Glenn Pierce : > > > >> Just trying to follow the instructions here > >> > >> > https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Security_Guide/sec-Securing_Virtual_Private_Networks.html > >> > >> I don't think I am doing anything special. > >> > >> At the point where there is some communication going on > >> > >> Getting this error > >> > >> packet from *:1024: received Vendor ID payload [Cisco-Unity] > >> Apr 01 17:33:44 carneab4.memset.net pluto[15986]: packet from > >> ***:1024: received Vendor ID payload [Dead Peer Detection] > >> Apr 01 17:33:44 carneab4.memset.net pluto[15986]: packet from *** > >> :1024: initial Main Mode message received on :500 but no > >> connection has been authorized with policy RSASIG+IKEV1_ALLOW > >> > >> The errors are so vague. > >> Not sure what the problem is now > >> > >> > >> > >> My conf > >> > >> > >> > >> conn tunnel > >> #phase2alg=aes256-sha1;modp1024 > >> keyexchange=ike > >> #ike=aes256-sha1;modp1024 > >> left=192.168.1.122 > >> leftnexthop=81.129.247.152 # My ISP assigned external ip adresss > >> (I am testing at home) > >> > >> > leftrsasigkey=0sAQPs3gZ6GBRJSoy/6RxrL/cMv0JnYEKR/SYmXUCVlkBFNi2D7VJsa17ffvmBUjLLD6/T72M31JvlPhkSzK/YSPpoh8hNtSB4IDlD2WGks+hYlnQ4ZSOaj5LHFRFochUVQAiSWgx4OnvI9cYrj+rDZL/0vtGeLDJiLeTSj3DLfWCi2DG/LzZ1ukQMQCETMb6vZ9YcC21iQUNxEHLVJlTSltVdpyWnWfKvoQ9K3NFiVVsXZ0+puQCHWJqp1OQtesaSCQNzeUgjmhm5W+kVzQ1NkeCz6Me0iQEIzH+b6gdJrjRzgwhU1ZRXfthP4QiIANh9C9uI2VGj1tM05qXm2Ps9KZiholyQSKmjZNXU1RBzQdc2T09WsGRBPFprH8k3nN2MpWkWj1Tljawx7uRoCWtH0UkOhe04kPzZ4M5CHplNEM7fO05DraRt7F99oN2cYuRHCzLD53QwdS8ptw3G1FCiSK7+v3klE0zemBToknFAT5Oy5XiHILLkNccjXmJ12eyw1qUX/jM7r+COGQQfefYbv8fokxJy+dSB2JmPqOT05ssvMw== > >> right=89.200.134.211 > >> > >> >
Re: [CentOS] Libreswan PEM format
I generated according to the docs . Which produced my server.secrets as below used the command ipsec newhostkey --configdir /etc/ipsec.d --output /etc/ipsec.d/www.example.com.secrets : RSA { # RSA 3328 bits ***.**.net Fri Apr 1 15:39:32 2016 # for signatures only, UNSAFE FOR ENCRYPTION #pubkey=0sAQPs3gZ6GBRJSoy/6RxrL/cMv0JnYEKR/SYmXUCVlkBFNi2D7VJsa17ffvmBUjLLD6/T72M31JvlPhkSzK/YSPpoh8hNtSB4IDlD2WGks+hYlnQ4ZSOaj5LHFRFochUVQAiSWgx4OnvI9cYrj+rDZL/0vtGeLDJiLeTSj3DLfWCi2DG/LzZ1ukQMQCETMb6vZ9YcC21iQUNxEHLVJlTSltVdpyWnWfKvoQ9K3NFiVVsXZ0+puQCHWJqp1OQtesaSCQNzeUgjmhm5W+kVzQ1NkeCz6Me0iQEIzH+b6gdJrjRzgwhU1ZRXfthP4QiIANh9C9uI2VGj1tM05qXm2Ps9KZiholyQSKmjZNXU1RBzQdc2T09WsGRBPFprH8k3nN2MpWkWj1Tljawx7uRoCWtH0UkOhe04kPzZ4M5CHplNEM7fO05DraRt7F99oN2cYuRHCzLD53QwdS8ptw3G1FCiSK7+v3klE0zemBToknFAT5Oy5XiHILLkNccjXmJ12eyw1qUX/jM7r+COGQQfefYbv8fokxJy+dSB2JmPqOT05ssvMw== Modulus: 0xecde067a1814494a8cbfe91c6b2ff70cbf4267604291fd26265d4095964045362d83ed526c6b5edf7ef9815232cb0fafd3ef6337d49be53e1912ccafd848fa6887c84db52078203943d961a4b3e85896743865239a8f92c71511687215154008925a0c783a7bc8f5c62b8feac364bff4bed19e2c32622de4d28f70cb7d60a2d831bf2f3675ba440c40211331beaf67d61c0b6d624143711072d52654d296d55da725a759f2afa10f4adcd162555b17674fa9b90087589aa9d4e42d7ac6920903737948239a19b95be915cd0d4d91e0b3e8c7b4890108cc7f9bea0749ae3473830854d594577ed84fe1088800d87d0bdb88d951a3d6d334e6a5e6d8fb3d2998a1a25c9048a9a364d5d4d5107341d7364f4f56b064413c5a6b1fc9379cdd8ca569168f54e58dac31eee468096b47d1490e85ed3890fcd9e0ce421e994d10cedf3b4e43ada46dec5f7da0dd9c62e4470b32c3e77430752f29b70dc6d450a248aefebf7925134cde9814e89271404f93b2e5788720b2e435c7235e6275d9ecb0d6a517fe333bafe08e19041f79f61bbfc7e8931272f9d481d8998fa8e4f4e6cb2f33 PublicExponent: 0x03 # everything after this point is CKA_ID in hex format - not the real values PrivateExponent: 0x3d2c8bd4f34e4a395a5f57dd3d2211c8cbb82514 Prime1: 0x3d2c8bd4f34e4a395a5f57dd3d2211c8cbb82514 Prime2: 0x3d2c8bd4f34e4a395a5f57dd3d2211c8cbb82514 Exponent1: 0x3d2c8bd4f34e4a395a5f57dd3d2211c8cbb82514 Exponent2: 0x3d2c8bd4f34e4a395a5f57dd3d2211c8cbb82514 Coefficient: 0x3d2c8bd4f34e4a395a5f57dd3d2211c8cbb82514 CKAIDNSS: 0x3d2c8bd4f34e4a395a5f57dd3d2211c8cbb82514 } # do not change the indenting of that "}" On 1 April 2016 at 18:04, Eero Volotinenwrote: > You must define connection address and key in ipsec.secrets. > > -- > Eero > > > 2016-04-01 19:38 GMT+03:00 Glenn Pierce : > >> Just trying to follow the instructions here >> >> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Security_Guide/sec-Securing_Virtual_Private_Networks.html >> >> I don't think I am doing anything special. >> >> At the point where there is some communication going on >> >> Getting this error >> >> packet from *:1024: received Vendor ID payload [Cisco-Unity] >> Apr 01 17:33:44 carneab4.memset.net pluto[15986]: packet from >> ***:1024: received Vendor ID payload [Dead Peer Detection] >> Apr 01 17:33:44 carneab4.memset.net pluto[15986]: packet from *** >> :1024: initial Main Mode message received on :500 but no >> connection has been authorized with policy RSASIG+IKEV1_ALLOW >> >> The errors are so vague. >> Not sure what the problem is now >> >> >> >> My conf >> >> >> >> conn tunnel >> #phase2alg=aes256-sha1;modp1024 >> keyexchange=ike >> #ike=aes256-sha1;modp1024 >> left=192.168.1.122 >> leftnexthop=81.129.247.152 # My ISP assigned external ip adresss >> (I am testing at home) >> >> leftrsasigkey=0sAQPs3gZ6GBRJSoy/6RxrL/cMv0JnYEKR/SYmXUCVlkBFNi2D7VJsa17ffvmBUjLLD6/T72M31JvlPhkSzK/YSPpoh8hNtSB4IDlD2WGks+hYlnQ4ZSOaj5LHFRFochUVQAiSWgx4OnvI9cYrj+rDZL/0vtGeLDJiLeTSj3DLfWCi2DG/LzZ1ukQMQCETMb6vZ9YcC21iQUNxEHLVJlTSltVdpyWnWfKvoQ9K3NFiVVsXZ0+puQCHWJqp1OQtesaSCQNzeUgjmhm5W+kVzQ1NkeCz6Me0iQEIzH+b6gdJrjRzgwhU1ZRXfthP4QiIANh9C9uI2VGj1tM05qXm2Ps9KZiholyQSKmjZNXU1RBzQdc2T09WsGRBPFprH8k3nN2MpWkWj1Tljawx7uRoCWtH0UkOhe04kPzZ4M5CHplNEM7fO05DraRt7F99oN2cYuRHCzLD53QwdS8ptw3G1FCiSK7+v3klE0zemBToknFAT5Oy5XiHILLkNccjXmJ12eyw1qUX/jM7r+COGQQfefYbv8fokxJy+dSB2JmPqOT05ssvMw== >> right=89.200.134.211 >> >> rightrsasigkey=0sAQPs3gZ6GBRJSoy/6RxrL/cMv0JnYEKR/SYmXUCVlkBFNi2D7VJsa17ffvmBUjLLD6/T72M31JvlPhkSzK/YSPpoh8hNtSB4IDlD2WGks+hYlnQ4ZSOaj5LHFRFochUVQAiSWgx4OnvI9cYrj+rDZL/0vtGeLDJiLeTSj3DLfWCi2DG/LzZ1ukQMQCETMb6vZ9YcC21iQUNxEHLVJlTSltVdpyWnWfKvoQ9K3NFiVVsXZ0+puQCHWJqp1OQtesaSCQNzeUgjmhm5W+kVzQ1NkeCz6Me0iQEIzH+b6gdJrjRzgwhU1ZRXfthP4QiIANh9C9uI2VGj1tM05qXm2Ps9KZiholyQSKmjZNXU1RBzQdc2T09WsGRBPFprH8k3nN2MpWkWj1Tljawx7uRoCWtH0UkOhe04kPzZ4M5CHplNEM7fO05DraRt7F99oN2cYuRHCzLD53QwdS8ptw3G1FCiSK7+v3klE0zemBToknFAT5Oy5XiHILLkNccjXmJ12eyw1qUX/jM7r+COGQQfefYbv8fokxJy+dSB2JmPqOT05ssvMw== >> authby=secret|rsasig >> # load and initiate automatically >> auto=start >> >> conn site1 >> also=tunnel >> leftsubnet=10.0.128.0/22 >>
Re: [CentOS] Libreswan PEM format
You must define connection address and key in ipsec.secrets. -- Eero 2016-04-01 19:38 GMT+03:00 Glenn Pierce: > Just trying to follow the instructions here > > https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Security_Guide/sec-Securing_Virtual_Private_Networks.html > > I don't think I am doing anything special. > > At the point where there is some communication going on > > Getting this error > > packet from *:1024: received Vendor ID payload [Cisco-Unity] > Apr 01 17:33:44 carneab4.memset.net pluto[15986]: packet from > ***:1024: received Vendor ID payload [Dead Peer Detection] > Apr 01 17:33:44 carneab4.memset.net pluto[15986]: packet from *** > :1024: initial Main Mode message received on :500 but no > connection has been authorized with policy RSASIG+IKEV1_ALLOW > > The errors are so vague. > Not sure what the problem is now > > > > My conf > > > > conn tunnel > #phase2alg=aes256-sha1;modp1024 > keyexchange=ike > #ike=aes256-sha1;modp1024 > left=192.168.1.122 > leftnexthop=81.129.247.152 # My ISP assigned external ip adresss > (I am testing at home) > > leftrsasigkey=0sAQPs3gZ6GBRJSoy/6RxrL/cMv0JnYEKR/SYmXUCVlkBFNi2D7VJsa17ffvmBUjLLD6/T72M31JvlPhkSzK/YSPpoh8hNtSB4IDlD2WGks+hYlnQ4ZSOaj5LHFRFochUVQAiSWgx4OnvI9cYrj+rDZL/0vtGeLDJiLeTSj3DLfWCi2DG/LzZ1ukQMQCETMb6vZ9YcC21iQUNxEHLVJlTSltVdpyWnWfKvoQ9K3NFiVVsXZ0+puQCHWJqp1OQtesaSCQNzeUgjmhm5W+kVzQ1NkeCz6Me0iQEIzH+b6gdJrjRzgwhU1ZRXfthP4QiIANh9C9uI2VGj1tM05qXm2Ps9KZiholyQSKmjZNXU1RBzQdc2T09WsGRBPFprH8k3nN2MpWkWj1Tljawx7uRoCWtH0UkOhe04kPzZ4M5CHplNEM7fO05DraRt7F99oN2cYuRHCzLD53QwdS8ptw3G1FCiSK7+v3klE0zemBToknFAT5Oy5XiHILLkNccjXmJ12eyw1qUX/jM7r+COGQQfefYbv8fokxJy+dSB2JmPqOT05ssvMw== > right=89.200.134.211 > > rightrsasigkey=0sAQPs3gZ6GBRJSoy/6RxrL/cMv0JnYEKR/SYmXUCVlkBFNi2D7VJsa17ffvmBUjLLD6/T72M31JvlPhkSzK/YSPpoh8hNtSB4IDlD2WGks+hYlnQ4ZSOaj5LHFRFochUVQAiSWgx4OnvI9cYrj+rDZL/0vtGeLDJiLeTSj3DLfWCi2DG/LzZ1ukQMQCETMb6vZ9YcC21iQUNxEHLVJlTSltVdpyWnWfKvoQ9K3NFiVVsXZ0+puQCHWJqp1OQtesaSCQNzeUgjmhm5W+kVzQ1NkeCz6Me0iQEIzH+b6gdJrjRzgwhU1ZRXfthP4QiIANh9C9uI2VGj1tM05qXm2Ps9KZiholyQSKmjZNXU1RBzQdc2T09WsGRBPFprH8k3nN2MpWkWj1Tljawx7uRoCWtH0UkOhe04kPzZ4M5CHplNEM7fO05DraRt7F99oN2cYuRHCzLD53QwdS8ptw3G1FCiSK7+v3klE0zemBToknFAT5Oy5XiHILLkNccjXmJ12eyw1qUX/jM7r+COGQQfefYbv8fokxJy+dSB2JmPqOT05ssvMw== > authby=secret|rsasig > # load and initiate automatically > auto=start > > conn site1 > also=tunnel > leftsubnet=10.0.128.0/22 > rightsubnet=192.168.1.222/32 > > conn site2 > also=tunnel > > > > > > > > > On 1 April 2016 at 15:58, Eero Volotinen wrote: > > So you are using pkcs12 on centos: > > > > https://www.sslshopper.com/article-most-common-openssl-commands.html > > -- > > Eero > > > > 2016-04-01 17:44 GMT+03:00 Glenn Pierce : > > > >> Sorry but I have looked for over two days. Trying every command I could > >> find. > >> > >> There is obviously a misunderstanding somewhere. > >> > >> After generating a key pair with > >> ipsec newhostkey --configdir /etc/ipsec.d --output > /etc/ipsec.d/my.secrets > >> > >> I exported to a file with > >> ipsec showhostkey --ipseckey > file > >> > >> The man pages says > >> ipsec showhostkey outputs in ipsec.conf(5) format, > >> > >> Ie > >> > >> > >> ***.server.net.INIPSECKEY 10 0 2 . > >> > >> > AQPs3gZ6GBRJSoy/6RxrL/cMv0JnYEKR/SYmXUCVlkBFNi2D7VJsa17ffvmBUjLLD6/T72M31JvlPhkSzK/YSPpoh8hNtSB4IDlD2WGks+hYlnQ4ZSOaj5LHFRFochUVQAiSWgx4OnvI9cYrj+rDZL/0vtGeLDJiLeTSj3DLfWCi2DG/LzZ1ukQMQCETMb6vZ9YcC21iQUNxEHLVJlTSltVdpyWnWfKvoQ9K3NFiVVsXZ0+puQCHWJqp1OQtesaSCQNzeUgjmhm5W+kVzQ1NkeCz6Me0iQEIzH+b6gdJrjRzgwhU1ZRXfthP4QiIANh9C9uI2VGj1tM05qXm2Ps9KZiholyQSKmjZNXU1RBzQdc2T09WsGRBPFprH8k3nN2MpWkWj1Tljawx7uRoCWtH0UkOhe04kPzZ4M5CHplNEM7fO05DraRt7F99oN2cYuRHCzLD53QwdS8ptw3G1FCiSK7+v3klE0zemBToknFAT5Oy5XiHILLkNccjXmJ12eyw1qUX/jM7r+COGQQfefYbv8fokxJy+dSB2JmPqOT05ssvMw== > >> > >> > >> is this the format openssl is meant to beable to convert ? or is the > >> an intermediate step I am missing as like I said not command I found > >> seems to work. > >> > >> > >> On 1 April 2016 at 14:35, Eero Volotinen wrote: > >> > It works, try googling for openssl pem conversion > >> > 1.4.2016 4.32 ip. "Glenn Pierce" kirjoitti: > >> > > >> >> I have tried > >> >> openssl rsa -in bicester_left.pub -outform pem > bicester_left.pem > >> >> > >> >> I get > >> >> unable to load Private Key > >> >> 140372295030648:error:0906D06C:PEM routines:PEM_read_bio:no start > >> >> line:pem_lib.c:701:Expecting: ANY PRIVATE KEY > >> >> > >> >> > >> >> > >> >> On 1 April 2016 at 13:59, Eero Volotinen > wrote: > >> >> > You can do any kind of format conversions with openssl commandline > >> >> client. > >> >> > > >> >> > Eero > >> >> > 1.4.2016 3.56 ip. "Glenn Pierce" > kirjoitti: > >> >> > > >> >> >> Hi I am trying to setup a libreswan vpn
Re: [CentOS] Libreswan PEM format
Just trying to follow the instructions here https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Security_Guide/sec-Securing_Virtual_Private_Networks.html I don't think I am doing anything special. At the point where there is some communication going on Getting this error packet from *:1024: received Vendor ID payload [Cisco-Unity] Apr 01 17:33:44 carneab4.memset.net pluto[15986]: packet from ***:1024: received Vendor ID payload [Dead Peer Detection] Apr 01 17:33:44 carneab4.memset.net pluto[15986]: packet from *** :1024: initial Main Mode message received on :500 but no connection has been authorized with policy RSASIG+IKEV1_ALLOW The errors are so vague. Not sure what the problem is now My conf conn tunnel #phase2alg=aes256-sha1;modp1024 keyexchange=ike #ike=aes256-sha1;modp1024 left=192.168.1.122 leftnexthop=81.129.247.152 # My ISP assigned external ip adresss (I am testing at home) leftrsasigkey=0sAQPs3gZ6GBRJSoy/6RxrL/cMv0JnYEKR/SYmXUCVlkBFNi2D7VJsa17ffvmBUjLLD6/T72M31JvlPhkSzK/YSPpoh8hNtSB4IDlD2WGks+hYlnQ4ZSOaj5LHFRFochUVQAiSWgx4OnvI9cYrj+rDZL/0vtGeLDJiLeTSj3DLfWCi2DG/LzZ1ukQMQCETMb6vZ9YcC21iQUNxEHLVJlTSltVdpyWnWfKvoQ9K3NFiVVsXZ0+puQCHWJqp1OQtesaSCQNzeUgjmhm5W+kVzQ1NkeCz6Me0iQEIzH+b6gdJrjRzgwhU1ZRXfthP4QiIANh9C9uI2VGj1tM05qXm2Ps9KZiholyQSKmjZNXU1RBzQdc2T09WsGRBPFprH8k3nN2MpWkWj1Tljawx7uRoCWtH0UkOhe04kPzZ4M5CHplNEM7fO05DraRt7F99oN2cYuRHCzLD53QwdS8ptw3G1FCiSK7+v3klE0zemBToknFAT5Oy5XiHILLkNccjXmJ12eyw1qUX/jM7r+COGQQfefYbv8fokxJy+dSB2JmPqOT05ssvMw== right=89.200.134.211 rightrsasigkey=0sAQPs3gZ6GBRJSoy/6RxrL/cMv0JnYEKR/SYmXUCVlkBFNi2D7VJsa17ffvmBUjLLD6/T72M31JvlPhkSzK/YSPpoh8hNtSB4IDlD2WGks+hYlnQ4ZSOaj5LHFRFochUVQAiSWgx4OnvI9cYrj+rDZL/0vtGeLDJiLeTSj3DLfWCi2DG/LzZ1ukQMQCETMb6vZ9YcC21iQUNxEHLVJlTSltVdpyWnWfKvoQ9K3NFiVVsXZ0+puQCHWJqp1OQtesaSCQNzeUgjmhm5W+kVzQ1NkeCz6Me0iQEIzH+b6gdJrjRzgwhU1ZRXfthP4QiIANh9C9uI2VGj1tM05qXm2Ps9KZiholyQSKmjZNXU1RBzQdc2T09WsGRBPFprH8k3nN2MpWkWj1Tljawx7uRoCWtH0UkOhe04kPzZ4M5CHplNEM7fO05DraRt7F99oN2cYuRHCzLD53QwdS8ptw3G1FCiSK7+v3klE0zemBToknFAT5Oy5XiHILLkNccjXmJ12eyw1qUX/jM7r+COGQQfefYbv8fokxJy+dSB2JmPqOT05ssvMw== authby=secret|rsasig # load and initiate automatically auto=start conn site1 also=tunnel leftsubnet=10.0.128.0/22 rightsubnet=192.168.1.222/32 conn site2 also=tunnel On 1 April 2016 at 15:58, Eero Volotinenwrote: > So you are using pkcs12 on centos: > > https://www.sslshopper.com/article-most-common-openssl-commands.html > -- > Eero > > 2016-04-01 17:44 GMT+03:00 Glenn Pierce : > >> Sorry but I have looked for over two days. Trying every command I could >> find. >> >> There is obviously a misunderstanding somewhere. >> >> After generating a key pair with >> ipsec newhostkey --configdir /etc/ipsec.d --output /etc/ipsec.d/my.secrets >> >> I exported to a file with >> ipsec showhostkey --ipseckey > file >> >> The man pages says >> ipsec showhostkey outputs in ipsec.conf(5) format, >> >> Ie >> >> >> ***.server.net.INIPSECKEY 10 0 2 . >> >> AQPs3gZ6GBRJSoy/6RxrL/cMv0JnYEKR/SYmXUCVlkBFNi2D7VJsa17ffvmBUjLLD6/T72M31JvlPhkSzK/YSPpoh8hNtSB4IDlD2WGks+hYlnQ4ZSOaj5LHFRFochUVQAiSWgx4OnvI9cYrj+rDZL/0vtGeLDJiLeTSj3DLfWCi2DG/LzZ1ukQMQCETMb6vZ9YcC21iQUNxEHLVJlTSltVdpyWnWfKvoQ9K3NFiVVsXZ0+puQCHWJqp1OQtesaSCQNzeUgjmhm5W+kVzQ1NkeCz6Me0iQEIzH+b6gdJrjRzgwhU1ZRXfthP4QiIANh9C9uI2VGj1tM05qXm2Ps9KZiholyQSKmjZNXU1RBzQdc2T09WsGRBPFprH8k3nN2MpWkWj1Tljawx7uRoCWtH0UkOhe04kPzZ4M5CHplNEM7fO05DraRt7F99oN2cYuRHCzLD53QwdS8ptw3G1FCiSK7+v3klE0zemBToknFAT5Oy5XiHILLkNccjXmJ12eyw1qUX/jM7r+COGQQfefYbv8fokxJy+dSB2JmPqOT05ssvMw== >> >> >> is this the format openssl is meant to beable to convert ? or is the >> an intermediate step I am missing as like I said not command I found >> seems to work. >> >> >> On 1 April 2016 at 14:35, Eero Volotinen wrote: >> > It works, try googling for openssl pem conversion >> > 1.4.2016 4.32 ip. "Glenn Pierce" kirjoitti: >> > >> >> I have tried >> >> openssl rsa -in bicester_left.pub -outform pem > bicester_left.pem >> >> >> >> I get >> >> unable to load Private Key >> >> 140372295030648:error:0906D06C:PEM routines:PEM_read_bio:no start >> >> line:pem_lib.c:701:Expecting: ANY PRIVATE KEY >> >> >> >> >> >> >> >> On 1 April 2016 at 13:59, Eero Volotinen wrote: >> >> > You can do any kind of format conversions with openssl commandline >> >> client. >> >> > >> >> > Eero >> >> > 1.4.2016 3.56 ip. "Glenn Pierce" kirjoitti: >> >> > >> >> >> Hi I am trying to setup a libreswan vpn between centos 7 and a >> Mikrotik >> >> >> router. >> >> >> >> >> >> I am try to get the keys working. My problem is the Mikrotik router >> >> >> wants the key in PEM format >> >> >> >> >> >> How do I export the keys generated with ipsec newhostkey >> >> >> into PEM format ? >> >> >> >> >> >> >> >> >> Thanks >> >> >>
Re: [CentOS] Libreswan PEM format
I just removed the name. I will be regenerating again. To be honest if an attacker to get this to work I would buy then a drink :) On 1 April 2016 at 17:01, Gordon Messmerwrote: > On 04/01/2016 07:44 AM, Glenn Pierce wrote: >> >> Ie >> ***.server.net.INIPSECKEY 10 0 2 . > > > Was that a key that you generated as an example, or your actual VPN key? > The fact that you obscured part of it makes me think it might be the latter, > but if that's the case, you really should generate a new key for your > server. The part you obscured isn't the sensitive part. > > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Libreswan PEM format
On 04/01/2016 07:44 AM, Glenn Pierce wrote: Ie ***.server.net.INIPSECKEY 10 0 2 . Was that a key that you generated as an example, or your actual VPN key? The fact that you obscured part of it makes me think it might be the latter, but if that's the case, you really should generate a new key for your server. The part you obscured isn't the sensitive part. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Libreswan PEM format
Typical I think I just did it . I downloaded a perl script to do it at https://git.dn42.us/ryan/pubkey-converter/raw/master/pubkey-converter.pl First I did ipsec showhostkey --right > right.pub I then edited the file to remove the ipsec key = line Then I converted with perl pubkey-converter.pl -p < right.pub > /home/glenn/right.pub On 1 April 2016 at 15:44, Glenn Piercewrote: > Sorry but I have looked for over two days. Trying every command I could find. > > There is obviously a misunderstanding somewhere. > > After generating a key pair with > ipsec newhostkey --configdir /etc/ipsec.d --output /etc/ipsec.d/my.secrets > > I exported to a file with > ipsec showhostkey --ipseckey > file > > The man pages says > ipsec showhostkey outputs in ipsec.conf(5) format, > > Ie > > > ***.server.net.INIPSECKEY 10 0 2 . > AQPs3gZ6GBRJSoy/6RxrL/cMv0JnYEKR/SYmXUCVlkBFNi2D7VJsa17ffvmBUjLLD6/T72M31JvlPhkSzK/YSPpoh8hNtSB4IDlD2WGks+hYlnQ4ZSOaj5LHFRFochUVQAiSWgx4OnvI9cYrj+rDZL/0vtGeLDJiLeTSj3DLfWCi2DG/LzZ1ukQMQCETMb6vZ9YcC21iQUNxEHLVJlTSltVdpyWnWfKvoQ9K3NFiVVsXZ0+puQCHWJqp1OQtesaSCQNzeUgjmhm5W+kVzQ1NkeCz6Me0iQEIzH+b6gdJrjRzgwhU1ZRXfthP4QiIANh9C9uI2VGj1tM05qXm2Ps9KZiholyQSKmjZNXU1RBzQdc2T09WsGRBPFprH8k3nN2MpWkWj1Tljawx7uRoCWtH0UkOhe04kPzZ4M5CHplNEM7fO05DraRt7F99oN2cYuRHCzLD53QwdS8ptw3G1FCiSK7+v3klE0zemBToknFAT5Oy5XiHILLkNccjXmJ12eyw1qUX/jM7r+COGQQfefYbv8fokxJy+dSB2JmPqOT05ssvMw== > > > is this the format openssl is meant to beable to convert ? or is the > an intermediate step I am missing as like I said not command I found > seems to work. > > > On 1 April 2016 at 14:35, Eero Volotinen wrote: >> It works, try googling for openssl pem conversion >> 1.4.2016 4.32 ip. "Glenn Pierce" kirjoitti: >> >>> I have tried >>> openssl rsa -in bicester_left.pub -outform pem > bicester_left.pem >>> >>> I get >>> unable to load Private Key >>> 140372295030648:error:0906D06C:PEM routines:PEM_read_bio:no start >>> line:pem_lib.c:701:Expecting: ANY PRIVATE KEY >>> >>> >>> >>> On 1 April 2016 at 13:59, Eero Volotinen wrote: >>> > You can do any kind of format conversions with openssl commandline >>> client. >>> > >>> > Eero >>> > 1.4.2016 3.56 ip. "Glenn Pierce" kirjoitti: >>> > >>> >> Hi I am trying to setup a libreswan vpn between centos 7 and a Mikrotik >>> >> router. >>> >> >>> >> I am try to get the keys working. My problem is the Mikrotik router >>> >> wants the key in PEM format >>> >> >>> >> How do I export the keys generated with ipsec newhostkey >>> >> into PEM format ? >>> >> >>> >> >>> >> Thanks >>> >> ___ >>> >> CentOS mailing list >>> >> CentOS@centos.org >>> >> https://lists.centos.org/mailman/listinfo/centos >>> >> >>> > ___ >>> > CentOS mailing list >>> > CentOS@centos.org >>> > https://lists.centos.org/mailman/listinfo/centos >>> ___ >>> CentOS mailing list >>> CentOS@centos.org >>> https://lists.centos.org/mailman/listinfo/centos >>> >> ___ >> CentOS mailing list >> CentOS@centos.org >> https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Libreswan PEM format
So you are using pkcs12 on centos: https://www.sslshopper.com/article-most-common-openssl-commands.html -- Eero 2016-04-01 17:44 GMT+03:00 Glenn Pierce: > Sorry but I have looked for over two days. Trying every command I could > find. > > There is obviously a misunderstanding somewhere. > > After generating a key pair with > ipsec newhostkey --configdir /etc/ipsec.d --output /etc/ipsec.d/my.secrets > > I exported to a file with > ipsec showhostkey --ipseckey > file > > The man pages says > ipsec showhostkey outputs in ipsec.conf(5) format, > > Ie > > > ***.server.net.INIPSECKEY 10 0 2 . > > AQPs3gZ6GBRJSoy/6RxrL/cMv0JnYEKR/SYmXUCVlkBFNi2D7VJsa17ffvmBUjLLD6/T72M31JvlPhkSzK/YSPpoh8hNtSB4IDlD2WGks+hYlnQ4ZSOaj5LHFRFochUVQAiSWgx4OnvI9cYrj+rDZL/0vtGeLDJiLeTSj3DLfWCi2DG/LzZ1ukQMQCETMb6vZ9YcC21iQUNxEHLVJlTSltVdpyWnWfKvoQ9K3NFiVVsXZ0+puQCHWJqp1OQtesaSCQNzeUgjmhm5W+kVzQ1NkeCz6Me0iQEIzH+b6gdJrjRzgwhU1ZRXfthP4QiIANh9C9uI2VGj1tM05qXm2Ps9KZiholyQSKmjZNXU1RBzQdc2T09WsGRBPFprH8k3nN2MpWkWj1Tljawx7uRoCWtH0UkOhe04kPzZ4M5CHplNEM7fO05DraRt7F99oN2cYuRHCzLD53QwdS8ptw3G1FCiSK7+v3klE0zemBToknFAT5Oy5XiHILLkNccjXmJ12eyw1qUX/jM7r+COGQQfefYbv8fokxJy+dSB2JmPqOT05ssvMw== > > > is this the format openssl is meant to beable to convert ? or is the > an intermediate step I am missing as like I said not command I found > seems to work. > > > On 1 April 2016 at 14:35, Eero Volotinen wrote: > > It works, try googling for openssl pem conversion > > 1.4.2016 4.32 ip. "Glenn Pierce" kirjoitti: > > > >> I have tried > >> openssl rsa -in bicester_left.pub -outform pem > bicester_left.pem > >> > >> I get > >> unable to load Private Key > >> 140372295030648:error:0906D06C:PEM routines:PEM_read_bio:no start > >> line:pem_lib.c:701:Expecting: ANY PRIVATE KEY > >> > >> > >> > >> On 1 April 2016 at 13:59, Eero Volotinen wrote: > >> > You can do any kind of format conversions with openssl commandline > >> client. > >> > > >> > Eero > >> > 1.4.2016 3.56 ip. "Glenn Pierce" kirjoitti: > >> > > >> >> Hi I am trying to setup a libreswan vpn between centos 7 and a > Mikrotik > >> >> router. > >> >> > >> >> I am try to get the keys working. My problem is the Mikrotik router > >> >> wants the key in PEM format > >> >> > >> >> How do I export the keys generated with ipsec newhostkey > >> >> into PEM format ? > >> >> > >> >> > >> >> Thanks > >> >> ___ > >> >> CentOS mailing list > >> >> CentOS@centos.org > >> >> https://lists.centos.org/mailman/listinfo/centos > >> >> > >> > ___ > >> > CentOS mailing list > >> > CentOS@centos.org > >> > https://lists.centos.org/mailman/listinfo/centos > >> ___ > >> CentOS mailing list > >> CentOS@centos.org > >> https://lists.centos.org/mailman/listinfo/centos > >> > > ___ > > CentOS mailing list > > CentOS@centos.org > > https://lists.centos.org/mailman/listinfo/centos > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Libreswan PEM format
Sorry but I have looked for over two days. Trying every command I could find. There is obviously a misunderstanding somewhere. After generating a key pair with ipsec newhostkey --configdir /etc/ipsec.d --output /etc/ipsec.d/my.secrets I exported to a file with ipsec showhostkey --ipseckey > file The man pages says ipsec showhostkey outputs in ipsec.conf(5) format, Ie ***.server.net.INIPSECKEY 10 0 2 . AQPs3gZ6GBRJSoy/6RxrL/cMv0JnYEKR/SYmXUCVlkBFNi2D7VJsa17ffvmBUjLLD6/T72M31JvlPhkSzK/YSPpoh8hNtSB4IDlD2WGks+hYlnQ4ZSOaj5LHFRFochUVQAiSWgx4OnvI9cYrj+rDZL/0vtGeLDJiLeTSj3DLfWCi2DG/LzZ1ukQMQCETMb6vZ9YcC21iQUNxEHLVJlTSltVdpyWnWfKvoQ9K3NFiVVsXZ0+puQCHWJqp1OQtesaSCQNzeUgjmhm5W+kVzQ1NkeCz6Me0iQEIzH+b6gdJrjRzgwhU1ZRXfthP4QiIANh9C9uI2VGj1tM05qXm2Ps9KZiholyQSKmjZNXU1RBzQdc2T09WsGRBPFprH8k3nN2MpWkWj1Tljawx7uRoCWtH0UkOhe04kPzZ4M5CHplNEM7fO05DraRt7F99oN2cYuRHCzLD53QwdS8ptw3G1FCiSK7+v3klE0zemBToknFAT5Oy5XiHILLkNccjXmJ12eyw1qUX/jM7r+COGQQfefYbv8fokxJy+dSB2JmPqOT05ssvMw== is this the format openssl is meant to beable to convert ? or is the an intermediate step I am missing as like I said not command I found seems to work. On 1 April 2016 at 14:35, Eero Volotinenwrote: > It works, try googling for openssl pem conversion > 1.4.2016 4.32 ip. "Glenn Pierce" kirjoitti: > >> I have tried >> openssl rsa -in bicester_left.pub -outform pem > bicester_left.pem >> >> I get >> unable to load Private Key >> 140372295030648:error:0906D06C:PEM routines:PEM_read_bio:no start >> line:pem_lib.c:701:Expecting: ANY PRIVATE KEY >> >> >> >> On 1 April 2016 at 13:59, Eero Volotinen wrote: >> > You can do any kind of format conversions with openssl commandline >> client. >> > >> > Eero >> > 1.4.2016 3.56 ip. "Glenn Pierce" kirjoitti: >> > >> >> Hi I am trying to setup a libreswan vpn between centos 7 and a Mikrotik >> >> router. >> >> >> >> I am try to get the keys working. My problem is the Mikrotik router >> >> wants the key in PEM format >> >> >> >> How do I export the keys generated with ipsec newhostkey >> >> into PEM format ? >> >> >> >> >> >> Thanks >> >> ___ >> >> CentOS mailing list >> >> CentOS@centos.org >> >> https://lists.centos.org/mailman/listinfo/centos >> >> >> > ___ >> > CentOS mailing list >> > CentOS@centos.org >> > https://lists.centos.org/mailman/listinfo/centos >> ___ >> CentOS mailing list >> CentOS@centos.org >> https://lists.centos.org/mailman/listinfo/centos >> > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Libreswan PEM format
It works, try googling for openssl pem conversion 1.4.2016 4.32 ip. "Glenn Pierce"kirjoitti: > I have tried > openssl rsa -in bicester_left.pub -outform pem > bicester_left.pem > > I get > unable to load Private Key > 140372295030648:error:0906D06C:PEM routines:PEM_read_bio:no start > line:pem_lib.c:701:Expecting: ANY PRIVATE KEY > > > > On 1 April 2016 at 13:59, Eero Volotinen wrote: > > You can do any kind of format conversions with openssl commandline > client. > > > > Eero > > 1.4.2016 3.56 ip. "Glenn Pierce" kirjoitti: > > > >> Hi I am trying to setup a libreswan vpn between centos 7 and a Mikrotik > >> router. > >> > >> I am try to get the keys working. My problem is the Mikrotik router > >> wants the key in PEM format > >> > >> How do I export the keys generated with ipsec newhostkey > >> into PEM format ? > >> > >> > >> Thanks > >> ___ > >> CentOS mailing list > >> CentOS@centos.org > >> https://lists.centos.org/mailman/listinfo/centos > >> > > ___ > > CentOS mailing list > > CentOS@centos.org > > https://lists.centos.org/mailman/listinfo/centos > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Libreswan PEM format
I have tried openssl rsa -in bicester_left.pub -outform pem > bicester_left.pem I get unable to load Private Key 140372295030648:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:701:Expecting: ANY PRIVATE KEY On 1 April 2016 at 13:59, Eero Volotinenwrote: > You can do any kind of format conversions with openssl commandline client. > > Eero > 1.4.2016 3.56 ip. "Glenn Pierce" kirjoitti: > >> Hi I am trying to setup a libreswan vpn between centos 7 and a Mikrotik >> router. >> >> I am try to get the keys working. My problem is the Mikrotik router >> wants the key in PEM format >> >> How do I export the keys generated with ipsec newhostkey >> into PEM format ? >> >> >> Thanks >> ___ >> CentOS mailing list >> CentOS@centos.org >> https://lists.centos.org/mailman/listinfo/centos >> > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS-announce] Announcing release for Developer Toolset 4 on CentOS Linux 6 x86_64 SCL
I am pleased to announce the immediate availability of Developer Toolset 4 on CentOS Linux 6 x86_64, delivered via a Software Collection (SCL) built by the SCLo Special Interest Group (https://wiki.centos.org/SpecialInterestGroup/SCLo). QuickStart -- You can get started in three easy steps: $ sudo yum install centos-release-scl $ sudo yum install devtoolset-4-toolchain $ scl enable devtoolset-4 bash At this point you should be able to use gcc and other tools just as a normal application. Examples of commands run might be: $ gcc hello.c $ sudo yum install devtoolset-4-valgrind $ valgrind ./a.out $ gdb ./a.out In order to view the individual components included in this collection, including additional development tools, you can run: $ sudo yum list devtoolset-4\* About Software Collections -- Software Collections give you the power to build, install, and use multiple versions of software on the same system, without affecting system-wide installed packages. Each collection is delivered as a group of RPMs, with the grouping being done using the name of the collection as a prefix of all packages that are part of the software collection. The collection devtoolset-4 delivers version 5.2.1 of the GNU Compiler Collection, GNU Debugger, and other development, debugging, and performance monitoring tools as RPMs. The SCLo SIG in CentOS -- The Software Collections SIG group is an open community group co-ordinating the development of the SCL technology, and helping curate a reference set of collections. In addition to the Developer Toolset collection being released here, we also build and deliver databases, web servers, and language stacks including multiple versions of PostgreSQL, MariaDB, Apache HTTP Server, NodeJS, Ruby, Python and others. Software Collections SIG release was announced at https://lists.centos.org/pipermail/centos-announce/2015-October/021446.html You can learn more about Software Collections concepts at: http://softwarecollections.org You can find information on the SIG at https://wiki.centos.org/SpecialInterestGroup/SCLo ; this includes howto get involved and help with the effort. We meet every second Wednesday at 16:00 UTC in #centos-devel (ref: https://www.centos.org/community/calendar), for an informal open forum open to anyone who might have comments, concerns or wants to get started with SCL's in CentOS. Enjoy! Honza SCLo SIG member ___ CentOS-announce mailing list CentOS-announce@centos.org https://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] Notice of Service Outage and followup LON1/UK Facility
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 == What happened == On Wednesday February 24th, at 6pm UTC time, the DC hosting some of the CentOS equipments used for various roles had suffered from multiple electricity power outages. The facility was completely dark for just under 2 hrs, and we were able to start recovering services by 8pm UTC. By midnight we had most services restored, by 2:00AM UTC Feb 25th we had all services restored. That meant that the machines in those racks were running on batteries (ups in the racks) but finally went down in an uncontrolled way due to lack ot communication with that UPS. Subsequent on Monday March 14th, we suffered another power outage in the racks, this time due to a overload on the rack power circuits. == Services that were impacted == - severity critical : mirrorlist.centos.org node (IPv6) went down (while multiple mirrorlist.centos.org nodes for IPv4 nodes were still online). That means that machines with only IPV6 connectivity couldn't get yum to work to retrieve the list of nearest mirrors. - severity medium : Our main buildservices queue management services were down; note: this did not impact our ability to build, test and deliver updates. - severity medium : www.centos.org and www.centos.org/forums weren't reachable through IPv6 : at the moment, those services are natively reachable through IPv4, but proxied through nodes in that DC for IPv6 users. Most tested browsers were falling back to IPv4 during that period - severity medium : CentOS DevCloud (https://wiki.centos.org/DevCloud) : that means that CentOS Developers weren't able to instantiate new CentOS test VMs for their work, but also weren't able to reach the existing ones. - severity low : several publicly facing small services like http://planet.centos.org , http://seven.centos.org (not critical and could be restored quickly to other VMs elsewhere) - severity low : the server leading the armv7hl builds for the Plague build farm was also offline, meaning no armhfp build during that timeframe (but not updates were to be built, so mitigated issue) = Followup actions and notes Over the years, the baseline recovery model we've used and tried to enforce is one of 'restore in place', take a downtime hit if needed - and ensure we have service continuity for the user facing components ( the mirrorlist service, the centos update and content distribution services). For other resources, like the main website etc, we ensure there are good backups available in multiple places, usable to restore services should there be a need. This model has worked well for us over the years, and we've had very little, if any, service outages that had a user impact. The restore in place/restore outside HA also meant we were able to better utilise the exclusively sponsored machines we rely on. However, as the project grows, with a lot more infrastructure being consolidated into a few locations for non CDN services, our exposure to service downtime has dramatically increased. Its clear that we need to expand the scope of where we backup to, how we backup, how we anticipate failure and our ability to restore services in a timely manner should there be facilities outages. In the coming weeks, we are going to undertake a deep dive into our Infrastructure design and delivery and try to first come up with a consolidated set of risks we need to manage against, and then work towards reducing the risk, spreading the availability as needed. Our backend storage platform for the DevCloud and persistent storage for other nodes in the facility is run from a distributed, replicated Gluster setup. Inspite of the sudden loss of power, in a production environment with hundreds of running VMs and dozens of running data jobs, we were able to trivially recover our entire data set with minimum data loss. Some of the running VMs inside the DevCloud did see local filesystem issues, but we dont think that was a backing storage issue. This event has dramatically increased out confidence in the gluster technology stack and we will certainly be looking at extending deployments for it internally. == Comments about hosting facility == Their Status post about this http://status.uk2.net/2016/02/24/london-power-outage/ We have multiple racks at this facility, and have a long standing relationship with them going back to late Summer 2012. Over this period we have had a near perfect uptime record for our equipment there. And above all we have been consistently impressed with the speed of and the knowledgeable support we've recieved at the DC. In many cases, how the facility reacts to outage defines the real service value - and in this case, we can only commend the fantastic support we had through the outage hours. We do however feel there could be better monitoring and reporting of some of the facilities information and will be working with them to improve in those regards. Fabian Arrotin and Karanbir Singh The CentOS Project
Re: [CentOS] Libreswan PEM format
You can do any kind of format conversions with openssl commandline client. Eero 1.4.2016 3.56 ip. "Glenn Pierce"kirjoitti: > Hi I am trying to setup a libreswan vpn between centos 7 and a Mikrotik > router. > > I am try to get the keys working. My problem is the Mikrotik router > wants the key in PEM format > > How do I export the keys generated with ipsec newhostkey > into PEM format ? > > > Thanks > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Libreswan PEM format
Hi I am trying to setup a libreswan vpn between centos 7 and a Mikrotik router. I am try to get the keys working. My problem is the Mikrotik router wants the key in PEM format How do I export the keys generated with ipsec newhostkey into PEM format ? Thanks ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] Centos7: Mount problem (Unit mnt-bk\x2dbenvet\x2d01.mount is bound to inactive unit dev-disk-by\x2dlabel-bk\x2dbenvet\x2d01.device. Stopping, too.
On a server Centos 7.2 I insert my 1Tb usb disk and run sudo mount LABEL=bk-benvet-01 /mnt/bk-benvet-01 the command seem to work but nothing is mounted Into log I see this issue: > apr 01 13:49:06 s-virt.dom.loc kernel: XFS (sdb1): Mounting V4 Filesystem > apr 01 13:49:06 s-virt.dom.loc kernel: XFS (sdb1): Ending clean mount > apr 01 13:49:06 s-virt.dom.loc systemd[1]: Unit mnt-bk\x2dbenvet\x2d01.mount > is bound to inactive unit dev-disk-by\x2dlabel-bk\x2dbenvet\x2d01.device. > Stopping, too. > apr 01 13:49:06 s-virt.dom.loc systemd[1]: Unmounting /mnt/bk-benvet-01... > apr 01 13:49:06 s-virt.dom.loc kernel: XFS (sdb1): Unmounting Filesystem > apr 01 13:49:06 s-virt.dom.loc systemd[1]: Unmounted /mnt/bk-benvet-01. I have try this: > [root@s-virt ~]# systemctl start > dev-disk-by\x2dlabel-bk\x2dbenvet\x2d01.device > Job for dev-disk-byx2dlabel-bkx2dbenvetx2d01.device timed out. > [root@s-virt ~]# systemctl status > dev-disk-by\x2dlabel-bk\x2dbenvet\x2d01.device > ● dev-disk-byx2dlabel-bkx2dbenvetx2d01.device > Loaded: loaded > Active: inactive (dead) > > apr 01 13:52:36 s-virt.vettorello.loc systemd[1]: Job > dev-disk-byx2dlabel-bkx2dbenvetx2d01.device/start timed out. > apr 01 13:52:36 s-virt.vettorello.loc systemd[1]: Timed out waiting for > device dev-disk-byx2dlabel-bkx2dbenvetx2d...ice. > apr 01 13:52:36 s-virt.vettorello.loc systemd[1]: Job > dev-disk-byx2dlabel-bkx2dbenvetx2d01.device/start failed wi...ut'. > Hint: Some lines were ellipsized, use -l to show in full. > [root@s-virt ~]# systemctl status > dev-disk-by\x2dlabel-bk\x2dbenvet\x2d01.device -l > ● dev-disk-byx2dlabel-bkx2dbenvetx2d01.device > Loaded: loaded > Active: inactive (dead) But nothing is changed How to resolve this problem? Many thanks -- Dario Lesca (inviato dal mio Linux Fedora 23 Workstation) ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] CentOS-announce Digest, Vol 134, Issue 1
Send CentOS-announce mailing list submissions to centos-annou...@centos.org To subscribe or unsubscribe via the World Wide Web, visit https://lists.centos.org/mailman/listinfo/centos-announce or, via email, send a message with subject or body 'help' to centos-announce-requ...@centos.org You can reach the person managing the list at centos-announce-ow...@centos.org When replying, please edit your Subject line so it is more specific than "Re: Contents of CentOS-announce digest..." Today's Topics: 1. CESA-2016:0534 Moderate CentOS 7 mariadb Security Update (Johnny Hughes) 2. CEBA-2016:0535 CentOS 7 cronie BugFix Update (Johnny Hughes) 3. CEBA-2016:0553 CentOS 7 vsftpd BugFix Update (Johnny Hughes) 4. CEBA-2016:0529 CentOS 7 device-mapper-multipath BugFix Update (Johnny Hughes) 5. CEBA-2016:0530 CentOS 7 openldap BugFix Update (Johnny Hughes) 6. CEBA-2016:0556 CentOS 7 resource-agents BugFixUpdate (Johnny Hughes) 7. CEBA-2016:0541 CentOS 7 sanlock BugFix Update (Johnny Hughes) 8. CEBA-2016:0552 CentOS 7 sssd BugFix Update (Johnny Hughes) 9. CESA-2016:0532 Moderate CentOS 7 krb5 SecurityUpdate (Johnny Hughes) 10. CEBA-2016:0545 CentOS 7 tuned BugFix Update (Johnny Hughes) 11. CEBA-2016:0544 CentOS 7 libteam BugFix Update (Johnny Hughes) 12. CEBA-2016:0542 CentOS 7 kdelibs BugFix Update (Johnny Hughes) 13. CEBA-2016:0543 CentOS 7 tigervnc BugFix Update (Johnny Hughes) 14. CEBA-2016:0181 CentOS 7 systemd BugFix Update (Johnny Hughes) 15. CEBA-2016:0555 CentOS 7 libvirt BugFix Update (Johnny Hughes) 16. CEBA-2016:0550 CentOS 7 389-ds-base BugFix Update (Johnny Hughes) 17. CEBA-2016:0548 CentOS 7 sudo BugFix Update (Johnny Hughes) 18. CEBA-2016:0557 CentOS 7 quota BugFix Update (Johnny Hughes) 19. CEBA-2016:0546 CentOS 7 ImageMagick BugFix Update (Johnny Hughes) 20. CEBA-2016:0533 CentOS 7 util-linux BugFix Update (Johnny Hughes) 21. CEBA-2016:0526 CentOS 7 initscripts BugFix Update (Johnny Hughes) 22. CEBA-2016:0551 CentOS 7 kernel BugFix Update (Johnny Hughes) 23. CEBA-2016:0547 CentOS 7 NetworkManager BugFix Update (Johnny Hughes) -- Message: 1 Date: Thu, 31 Mar 2016 20:53:35 + From: Johnny HughesTo: centos-annou...@centos.org Subject: [CentOS-announce] CESA-2016:0534 Moderate CentOS 7 mariadb SecurityUpdate Message-ID: <20160331205335.ga39...@n04.lon1.karan.org> Content-Type: text/plain; charset=us-ascii CentOS Errata and Security Advisory 2016:0534 Moderate Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-0534.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: c01db8b118b3e59621a66e96500394af902549b75fe14e65e322d592b2c0ef04 mariadb-5.5.47-1.el7_2.x86_64.rpm a01e21102e496b2fd0f43a2a42e3a52fbe6be3ff9a1f9735af6ba33e8f62271a mariadb-bench-5.5.47-1.el7_2.x86_64.rpm 4bd9e39cca84b859b56c987e406f56059de07184c3282794712ee22be50d36be mariadb-devel-5.5.47-1.el7_2.i686.rpm 9d6c6b54ec4ad6840e276b3577eef03b2d87a2877a5a79de4865b74a2636ab06 mariadb-devel-5.5.47-1.el7_2.x86_64.rpm d0692319b0a84a16ed8bbec7259a5fa4c4c8be40f3c3e6767f07e1b628a3cd08 mariadb-embedded-5.5.47-1.el7_2.i686.rpm 7b8ac0c33a44eb597e71a4516e9c1300c0d8cbf2c014d1a9de7d08b4c562793a mariadb-embedded-5.5.47-1.el7_2.x86_64.rpm 0d173b25265cdc3fe078dc6ba4d03a34f8dcd355fc02146b7ab6bedf3d4e5930 mariadb-embedded-devel-5.5.47-1.el7_2.i686.rpm f865617ecb03fab6ee3a3b4b7dd8f214136dd571d410e291c5e34c4e69bde36f mariadb-embedded-devel-5.5.47-1.el7_2.x86_64.rpm a65118325f134af83f6e3d6c8b8f319b735158fa82a7ee01403cc33f81c66b0c mariadb-libs-5.5.47-1.el7_2.i686.rpm b18a582dc3bb5423ac7ac36ee8a3df75c647df69fec361b207db1b3c59695bbb mariadb-libs-5.5.47-1.el7_2.x86_64.rpm fca7d47e6e4a7839f2a319589b09e2140fc5e3c87dc9fd41457d5cbe9e0b48bb mariadb-server-5.5.47-1.el7_2.x86_64.rpm 8264196ee234079505c8cbdbc477acbbcdd60de30fe897e6daf99d72e1b00ede mariadb-test-5.5.47-1.el7_2.x86_64.rpm Source: 6c526f0c743b13e33d8c5a47778b71ca2447244d4d7d844f993e7fd64180b44a mariadb-5.5.47-1.el7_2.src.rpm -- Johnny Hughes CentOS Project { http://www.centos.org/ } irc: hughesjr, #cen...@irc.freenode.net Twitter: @JohnnyCentOS -- Message: 2 Date: Thu, 31 Mar 2016 20:53:52 + From: Johnny Hughes To: centos-annou...@centos.org Subject: [CentOS-announce] CEBA-2016:0535 CentOS 7 cronie BugFix Update Message-ID: <20160331205352.ga39...@n04.lon1.karan.org> Content-Type: text/plain; charset=us-ascii CentOS Errata and Bugfix Advisory 2016:0535 Upstream details at : https://rhn.redhat.com/errata/RHBA-2016-0535.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64:
[CentOS] RHEL 5 EOL
Hi List, As an FYI Red Hat have announced the 1 year EOL notice for RHEL 5. Anyone still using CentOS 5 would do well to start planning on upgrading to 6 or 7. Tris * This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify postmas...@bgfl.org The views expressed within this email are those of the individual, and not necessarily those of the organisation * ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] test - please ignore
___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 7 in HP Blade BL620c Gen 7
On 03/29/2016 05:51 AM, ☼ Francis wrote: > Anyone running CentOS 7 here in HP Blade BL620c Gen 7 when I use the live > DVD the network card can detect and I can use without issue however when I > install the CentOS 7 with Server GUI. The network card can no longer > detect. I tried to google the driver for this hardware machine but No luck. > > The liveCD might be using a newer kernel and your install DVD may have on older one without the correct driver. What is the kernel when you complete the install? Use the command: uname -r The current latest kernel in an installer is: 3.10.0-327.10.1.el7 If yours is older than that, maybe try a newer spin of the install DVD .. or install a kernel upgrade from the latest DVD. You can download the current latest install DVD here: http://buildlogs.centos.org/rolling/7/isos/x86_64/CentOS-7-x86_64-DVD-1603-01.iso Thanks, Johnny Hughes signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos