routing problem

2011-09-28 Thread Wesley M. 
Hi, 

I have at work: 
TS Server : 10.100.1.100 his gateway is 10.100.1.254 (router for private
network)
Firewall : 10.100.1.250 (OpenBSD 4.9, ADSL : sis0, Lan (10.100.1.0/24)
:sis2 

On the firewall, i can ping 10.100.1.100 and telnet 10.100.1.100 3389 -
OK

When i am at home, i connect to firewall using thegreenbow vpn is ok, i
can ping 10.100.1.250, use ssh on the firewall, but i can't ping
10.100.1.100 and can't use rdp on this address. 

my pf rules: 
...
set skip on {lo,enc0} 
pass out on sis2 inet proto tcp from $remote to 10.100.1.100 port 3389 
pass out inet proto icmp all icmp-type echoreq
...

Any idea ?
thank you very much.
Wesley

Fw: MANPOWER SUPPLIER

2011-09-28 Thread kisa zahra 
 
IMDAD  KHAN
KATHMANDU , NEPAL
MOBILE.009779721319713
- Forwarded Message -
From: kisa zahra kisaza...@yahoo.com
To:
sada...@sadafco.com sada...@sadafco.com; sa...@mapsearch.com
sa...@mapsearch.com; q...@mapsearch.com q...@mapsearch.com;
ki...@kipco.com ki...@kipco.com; ugb...@ugbbah.com ugb...@ugbbah.com;
jkb...@go.com.jo jkb...@go.com.jo; i...@burgan.com.kw
i...@burgan.com.kw; i...@energycorporateafrica.com
i...@energycorporateafrica.com; tib1@planet.in tib1@planet.in;
i...@kamconline.com i...@kamconline.com; i...@itins.com
i...@itins.com; kcl...@kuwaitclearing.com kcl...@kuwaitclearing.com;
tmsrepri...@permissionsgroup.com tmsrepri...@permissionsgroup.com;
misc@openbsd.org misc@openbsd.org; recr...@eim.ae recr...@eim.ae;
webmas...@neohapsis.com webmas...@neohapsis.com; h...@neohapsis.com
h...@neohapsis.com; i...@jcdinfo.com i...@jcdinfo.com
Sent: Thursday, 23
June 2011 8:44 PM
Subject: Fw: MANPOWER   SUPPLIER


 
IMDAD  KHAN
KATHMANDU ,
NEPAL
MOBILE.009779721319713

- Forwarded Message -
From: kisa zahra kisaza...@yahoo.com
To: sada...@sadafco.com;
sa...@mapsearch.com; q...@mapsearch.com; ki...@kipco.com; ugb...@ugbbah.com;
jkb...@go.com.jo; i...@burgan.com.kw; i...@energycorporateafrica.com;
tib1@planet.in; i...@kamconline.com; i...@itins.com;
kcl...@kuwaitclearing.com; tmsrepri...@permissionsgroup.com; misc@openbsd.org;
recr...@eim.ae; webmas...@neohapsis.com; h...@neohapsis.com; i...@jcdinfo.com
Sent: Saturday, 19 February 2011 3:36 PM
Subject: MANPOWER   SUPPLIER

DEAR 
SIR
BEST   REGARDS
WER THE  LEADING  MANPOWER  SUPPLIER  IN  KATHMANDU
, NEPAL . WE  
SUPPLY  NEPALI  SKILL  N  UNSKILLED  WORKERS  TO  GULF  N 
MIDDLEEAST  CONTRIES.
MUCH  MORE  DETAILS  IF  U  PROVIDE  US  A  CHANCE  TO 
SERVE  U  BETTER.
LOOKING  FORWARD.
THANX.
IMDAD  KHAN
KATHMANDU , NEPAL

Re: routing problem

2011-09-28 Thread Nick Holland 
On 09/28/11 03:13, Wesley M. wrote:
 Hi, 
 
 I have at work: 
 TS Server : 10.100.1.100 his gateway is 10.100.1.254 (router for private
 network)

bzzt.  Bad.
(I'm guessing that's a windows terminal server)

 Firewall : 10.100.1.250 (OpenBSD 4.9, ADSL : sis0, Lan (10.100.1.0/24)
 :sis2 
 
 On the firewall, i can ping 10.100.1.100 and telnet 10.100.1.100 3389 -
 OK

right. no gateway involved.

 When i am at home, i connect to firewall using thegreenbow vpn is ok, i
 can ping 10.100.1.250, use ssh on the firewall, but i can't ping
 10.100.1.100 and can't use rdp on this address. 
 
 my pf rules: 
 ...
 set skip on {lo,enc0} 
 pass out on sis2 inet proto tcp from $remote to 10.100.1.100 port 3389 
 pass out inet proto icmp all icmp-type echoreq
 ...

because your packets come from your machine, through your firewall, to
the TS Server, but they are still off-network packets. When it
responds to an off-network address, it routes them to the gateway
machine...which is 10.100.1.254, not the firewall.

Fixes: 1) fix the default gateway on the TS Server machine, add a custom
route for whatever that private network thingie is.
2) instead of your VPN, use an SSH tunnel to your firewall, then
redirect 3389 to the TS Server.  This way, your remote desktop session
is between the gateway and the firewall, which are both on the same subnet.

Nick.

Re: routing problem

2011-09-28 Thread pavel pocheptsov 
what settings on client/home side?
B ipconfig /all, route print..etc


28 QP5P=QQP1QQ 2011, 11:18 PQ Wesley M. open...@e-solutions.re:
 
 
  
  
Hi, 

I have at work: 
TS Server : 10.100.1.100 his gateway is 10.100.1.254 (router for private
network)
Firewall : 10.100.1.250 (OpenBSD 4.9, ADSL : sis0, Lan (10.100.1.0/24)
:sis2 

On the firewall, i can ping 10.100.1.100 and telnet 10.100.1.100 3389 -
OK

When i am at home, i connect to firewall using thegreenbow vpn is ok, i
can ping 10.100.1.250, use ssh on the firewall, but i can't ping
10.100.1.100 and can't use rdp on this address. 

my pf rules: 
...
set skip on {lo,enc0} 
pass out on sis2 inet proto tcp from $remote to 10.100.1.100 port 3389 
pass out inet proto icmp all icmp-type echoreq
...

Any idea ?
thank you very much.
Wesley

Re: routing problem

2011-09-28 Thread Wesley M. 
On Wed, 28 Sep 2011 06:49:59 -0400, Nick Holland
n...@holland-consulting.net wrote:
 On 09/28/11 03:13, Wesley M. wrote:
 Hi, 
 
 I have at work: 
 TS Server : 10.100.1.100 his gateway is 10.100.1.254 (router for
private
 network)
 
 bzzt.  Bad.
 (I'm guessing that's a windows terminal server)
Yes, it is (RDS, Windows 2008 R2)

 Firewall : 10.100.1.250 (OpenBSD 4.9, ADSL : sis0, Lan (10.100.1.0/24)
 :sis2 
 
 On the firewall, i can ping 10.100.1.100 and telnet 10.100.1.100 3389
-
 OK
 
 right. no gateway involved.
Yes, it doesn't need the gateway : 10.100.1.254

 
 When i am at home, i connect to firewall using thegreenbow vpn is ok,
i
 can ping 10.100.1.250, use ssh on the firewall, but i can't ping
 10.100.1.100 and can't use rdp on this address. 
 
 my pf rules: 
 ...
 set skip on {lo,enc0} 
 pass out on sis2 inet proto tcp from $remote to 10.100.1.100 port 3389 
 pass out inet proto icmp all icmp-type echoreq
 ...
 

To resume :

INTERNET---sis0---ADSL_ROUTER---OpenBSD_PF---sis1---LAN---TS_server,ISP_router

On the LAN side :
There's the TS SERVER and the ISP ROUTER (need it to connect the 4 others
locations)

 
 Fixes: 1) fix the default gateway on the TS Server machine, add a custom
 route for whatever that private network thingie is.

I can't change the gateway, because the others locations (there are 4)
won't connect on TS.


 2) instead of your VPN, use an SSH tunnel to your firewall, then
 redirect 3389 to the TS Server.  This way, your remote desktop session
 is between the gateway and the firewall, which are both on the same
subnet.

Seem's a good solution. But there's no other way to connect TS using VPN ?


 
 Nick.

Re: routing problem

2011-09-28 Thread Wesley M. 
The VPN is between a fictif ip address(gives by the_green_bow) to
10.100.1.0/24

Using VPN, i can ping 10.100.1.250 and use also ssh on the box but pings
doesn't work for  : 10.100.1.100, and 10.100.1.254.

On the OpenBSD SIDE : ipsec.conf 

ike dynamic from 10.100.1.0/24 to any \
main auth hmac-sha1 enc aes-256 group modp1024 \
quick auth hmac-sha1 enc aes-256 psk demokey


On Wed, 28 Sep 2011 15:05:52 +0400, pavel pocheptsov
lilit-aibo...@mail.ru wrote:
 what settings on client/home side?
 B ipconfig /all, route print..etc
 
 
 28 QP5P=QQP1QQ 2011, 11:18 PQ Wesley M.
open...@e-solutions.re:
  
  
   
   
 Hi, 
 
 I have at work: 
 TS Server : 10.100.1.100 his gateway is 10.100.1.254 (router for private
 network)
 Firewall : 10.100.1.250 (OpenBSD 4.9, ADSL : sis0, Lan (10.100.1.0/24)
 :sis2 
 
 On the firewall, i can ping 10.100.1.100 and telnet 10.100.1.100 3389 -
 OK
 
 When i am at home, i connect to firewall using thegreenbow vpn is ok,
i
 can ping 10.100.1.250, use ssh on the firewall, but i can't ping
 10.100.1.100 and can't use rdp on this address. 
 
 my pf rules: 
 ...
 set skip on {lo,enc0} 
 pass out on sis2 inet proto tcp from $remote to 10.100.1.100 port 3389 
 pass out inet proto icmp all icmp-type echoreq
 ...
 
 Any idea ?
 thank you very much.
 Wesley

Re: routing problem

2011-09-28 Thread Stuart Henderson 
On 2011-09-28, Nick Holland n...@holland-consulting.net wrote:
 On 09/28/11 03:13, Wesley M. wrote:
 Hi, 
 
 I have at work: 
 TS Server : 10.100.1.100 his gateway is 10.100.1.254 (router for private
 network)

 bzzt.  Bad.
 (I'm guessing that's a windows terminal server)

 Firewall : 10.100.1.250 (OpenBSD 4.9, ADSL : sis0, Lan (10.100.1.0/24)
 :sis2 
 
 On the firewall, i can ping 10.100.1.100 and telnet 10.100.1.100 3389 -
 OK

 right. no gateway involved.

 When i am at home, i connect to firewall using thegreenbow vpn is ok, i
 can ping 10.100.1.250, use ssh on the firewall, but i can't ping
 10.100.1.100 and can't use rdp on this address. 
 
 my pf rules: 
 ...
 set skip on {lo,enc0} 
 pass out on sis2 inet proto tcp from $remote to 10.100.1.100 port 3389 
 pass out inet proto icmp all icmp-type echoreq
 ...

 because your packets come from your machine, through your firewall, to
 the TS Server, but they are still off-network packets. When it
 responds to an off-network address, it routes them to the gateway
 machine...which is 10.100.1.254, not the firewall.

 Fixes: 1) fix the default gateway on the TS Server machine, add a custom
 route for whatever that private network thingie is.
 2) instead of your VPN, use an SSH tunnel to your firewall, then
 redirect 3389 to the TS Server.  This way, your remote desktop session
 is between the gateway and the firewall, which are both on the same subnet.

or 3) nat the vpn traffic..

Re: routing problem

2011-09-28 Thread Stuart Henderson 
On 2011-09-28, Wesley M. open...@e-solutions.re wrote:
 Fixes: 1) fix the default gateway on the TS Server machine, add a custom
 route for whatever that private network thingie is.

 I can't change the gateway, because the others locations (there are 4)
 won't connect on TS.

You could add a custom static route for the private network behind the
IPsec gateway, though.

ipsec: failure after upgrade

2011-09-28 Thread Toni Mueller 
Hi,

I have

  lan1 -- gw1 --- internet --- gw2 -- lan2


The setup has been working for years. Now I upgraded one side to 4.9,
while the other - so far - is still at 4.6 (I know... :( ).

After that, no connection gets established anymore:


1.2.3.4: OpenBSD 4.6
4.3.2.1: OpenBSD 4.9


13:18:25.029033 1.2.3.4.isakmp  4.3.2.1.isakmp: [udp sum ok] isakmp v1.0 
exchange ID_PROT
cookie: 767f6d9ce0fa3890- msgid:  len: 184
payload: SA len: 56 DOI: 1(IPSEC) situation: IDENTITY_ONLY 
payload: PROPOSAL len: 44 proposal: 1 proto: ISAKMP spisz: 0 
xforms: 1
payload: TRANSFORM len: 36
transform: 0 ID: ISAKMP
attribute ENCRYPTION_ALGORITHM = AES_CBC
attribute HASH_ALGORITHM = SHA
attribute AUTHENTICATION_METHOD = RSA_SIG
attribute GROUP_DESCRIPTION = MODP_1024
attribute LIFE_TYPE = SECONDS
attribute LIFE_DURATION = 3600
attribute KEY_LENGTH = 128
payload: VENDOR len: 20 (supports OpenBSD-4.0)
payload: VENDOR len: 20 (supports v2 NAT-T, 
draft-ietf-ipsec-nat-t-ike-02)
payload: VENDOR len: 20 (supports v3 NAT-T, 
draft-ietf-ipsec-nat-t-ike-03)
payload: VENDOR len: 20 (supports NAT-T, RFC 3947)
payload: VENDOR len: 20 (supports DPD v1.0) (ttl 63, id 42430, len 212)
13:18:25.035893 4.3.2.1.isakmp  1.2.3.4.isakmp: [udp sum ok] isakmp v1.0 
exchange ID_PROT
cookie: 767f6d9ce0fa3890-7779887f9d620aeb msgid:  len: 184
payload: SA len: 56 DOI: 1(IPSEC) situation: IDENTITY_ONLY 
payload: PROPOSAL len: 44 proposal: 1 proto: ISAKMP spisz: 0 
xforms: 1
payload: TRANSFORM len: 36
transform: 0 ID: ISAKMP
attribute ENCRYPTION_ALGORITHM = AES_CBC
attribute HASH_ALGORITHM = SHA
attribute AUTHENTICATION_METHOD = RSA_SIG
attribute GROUP_DESCRIPTION = MODP_1024
attribute LIFE_TYPE = SECONDS
attribute LIFE_DURATION = 3600
attribute KEY_LENGTH = 128
payload: VENDOR len: 20 (supports OpenBSD-4.0)
payload: VENDOR len: 20 (supports v2 NAT-T, 
draft-ietf-ipsec-nat-t-ike-02)
payload: VENDOR len: 20 (supports v3 NAT-T, 
draft-ietf-ipsec-nat-t-ike-03)
payload: VENDOR len: 20 (supports NAT-T, RFC 3947)
payload: VENDOR len: 20 (supports DPD v1.0) (ttl 64, id 42377, len 212)
13:15:45.230823 1.2.3.4.isakmp  4.3.2.1.isakmp: [udp sum ok] isakmp v1.0 
exchange ID_PROT
cookie: 8d07fcf0a2492be7-915168361b6b77c1 msgid:  len: 228
payload: KEY_EXCH len: 132
payload: NONCE len: 20
payload: NAT-D len: 24
payload: NAT-D len: 24 (ttl 63, id 43396, len 256)
13:15:45.246177 4.3.2.1.isakmp  1.2.3.4.isakmp: [udp sum ok] isakmp v1.0 
exchange ID_PROT
cookie: 8d07fcf0a2492be7-915168361b6b77c1 msgid:  len: 228
payload: KEY_EXCH len: 132
payload: NONCE len: 20
payload: NAT-D len: 24
payload: NAT-D len: 24 (ttl 64, id 4863, len 256)
13:15:45.457272 1.2.3.4.isakmp  4.3.2.1.isakmp: [udp sum ok] isakmp v1.0 
exchange ID_PROT encrypted
cookie: 8d07fcf0a2492be7-915168361b6b77c1 msgid:  len: 1292 
(ttl 63, id 44981, len 1320)
13:15:52.479525 1.2.3.4.isakmp  4.3.2.1.isakmp: [udp sum ok] isakmp v1.0 
exchange ID_PROT encrypted
cookie: 8d07fcf0a2492be7-915168361b6b77c1 msgid:  len: 1292 
(ttl 63, id 43438, len 1320)
13:16:01.501279 1.2.3.4.isakmp  4.3.2.1.isakmp: [udp sum ok] isakmp v1.0 
exchange ID_PROT encrypted
cookie: 8d07fcf0a2492be7-915168361b6b77c1 msgid:  len: 1292 
(ttl 63, id 54363, len 1320)
13:16:12.516937 1.2.3.4.isakmp  4.3.2.1.isakmp: [udp sum ok] isakmp v1.0 
exchange ID_PROT encrypted
cookie: 8d07fcf0a2492be7-915168361b6b77c1 msgid:  len: 1292 
(ttl 63, id 19766, len 1320)
13:16:25.537550 1.2.3.4.isakmp  4.3.2.1.isakmp: [udp sum ok] isakmp v1.0 
exchange ID_PROT encrypted
cookie: 8d07fcf0a2492be7-915168361b6b77c1 msgid:  len: 1292 
(ttl 63, id 36623, len 1320)



As you can see, there is no SHA2 problem present (see 47.html).

Switching the phase2 hash to ripemd didn't help.


Any ideas about what to do?


The reason for not yet upgrading everything is that road warriors (NCP)
are stopped dead in much the same way like shown above, when running
against 4.9 (but not if they work against lower versions of OpenBSD,
including 4.8). If I could verify that they'll work, I'd uprade rather
sooner than later.



Kind regards,
--Toni++

Re[2]: routing problem

2011-09-28 Thread pavel pocheptsov 
28 QP5P=QQP1QQ 2011, 15:28 PQ Wesley M. open...@e-solutions.re:
 The VPN is between a fictif ip address(gives by the_green_bow) to
 10.100.1.0/24
 
 Using VPN, i can ping 10.100.1.250 and use also ssh on the box but pings
 doesn't work for  : 10.100.1.100, and 10.100.1.254.
 
 On the OpenBSD SIDE : ipsec.conf
 
 ike dynamic from 10.100.1.0/24 to any \
 main auth hmac-sha1 enc aes-256 group modp1024 \
 quick auth hmac-sha1 enc aes-256 psk demokey
 
maybe add to ipsec.conf from any to 10.100..
on remote side route add 10.100.1.0 mask 255.255.255.0 
IP_addres_of_your_vpn_gateway(not real gateway)

Re: no home no shell accounts

2011-09-28 Thread David Walker 
Hi Stefan.

On 28/09/2011, Stefan Johnson tigerphoenixdra...@gmail.com wrote:
 Please disregard my last... gmail sent the email before I was finished
 composing it.

I figured as much.

 Using false for your shell is okay for ftp.  It is not for ssh/sftp.

I kind of expect that SSH (the shell) either passes commands directly
to the sftp-server or the sftp-server is enough of a shell to take
over (in the same way that ftpd has enough vocabulary) ...
In that sense it wouldn't seem useful to have another shell in play.

I'm not saying you're wrong but unless I get something definitive
(e.g. a man page) I'll test it anyway.

  Match User sftpuser
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
ChrootDirectory /home/sftpuser

 Where the user is named sftpuser and the home directory for the user is
 /home/sftpuser.

Yeah I got that bit worked out and I've got the forwarding commands globally.


 Hope this helped.
 Stefan Johnson


Absolutely.

Best wishes.

Re: routing problem

2011-09-28 Thread Wesley M. 
On Wed, 28 Sep 2011 15:42:05 +0400, pavel pocheptsov
lilit-aibo...@mail.ru wrote:
 28 QP5P=QQP1QQ 2011, 15:28 PQ Wesley M.
open...@e-solutions.re:
 The VPN is between a fictif ip address(gives by the_green_bow) to
 10.100.1.0/24
 
 Using VPN, i can ping 10.100.1.250 and use also ssh on the box but
pings
 doesn't work for  : 10.100.1.100, and 10.100.1.254.
 
 On the OpenBSD SIDE : ipsec.conf
 
 ike dynamic from 10.100.1.0/24 to any \
 main auth hmac-sha1 enc aes-256 group modp1024 \
 quick auth hmac-sha1 enc aes-256 psk demokey
 
 maybe add to ipsec.conf from any to 10.100..

I don't think that it will solve my mistake. Because VPN works, and ready
to 10.100.1.0/24
The problem is that the server 10.100.1.100 has a different gateway
(10.100.1.254)

 on remote side route add 10.100.1.0 mask 255.255.255.0
 IP_addres_of_your_vpn_gateway(not real gateway)
it doesn't work. :-(

Re: no home no shell accounts

2011-09-28 Thread Stefan Johnson 
On Wed, Sep 28, 2011 at 7:10 AM, David Walker davidianwal...@gmail.comwrote:

 Hi Stefan.

 On 28/09/2011, Stefan Johnson tigerphoenixdra...@gmail.com wrote:
  Please disregard my last... gmail sent the email before I was finished
  composing it.

 I figured as much.

  Using false for your shell is okay for ftp.  It is not for ssh/sftp.

 I kind of expect that SSH (the shell) either passes commands directly
 to the sftp-server or the sftp-server is enough of a shell to take
 over (in the same way that ftpd has enough vocabulary) ...
 In that sense it wouldn't seem useful to have another shell in play.


SSH isn't a shell.  It is a protocol.  In much the same sense as FTP is not
a shell but a protocol.
FTP is designed with file transfers in mind, and therefore handles file I/O
without the need of
a shell process to set up an environment, etc.  SSH (and by extension, SFTP)
need a valid shell
to do that for you.  I've seen an implementation of SSH that allows for
/bin/false for sftp, but unless
something changed and I missed it, OpenSSH does not.




 I'm not saying you're wrong but unless I get something definitive
 (e.g. a man page) I'll test it anyway.

   Match User sftpuser
 X11Forwarding no
 AllowTcpForwarding no
 ForceCommand internal-sftp
 ChrootDirectory /home/sftpuser
 
  Where the user is named sftpuser and the home directory for the user is
  /home/sftpuser.

 Yeah I got that bit worked out and I've got the forwarding commands
 globally.


If you intend to use logging, check the tail end of the man page for
sftp-server as well.
There is a blurb about needing to set something up for syslog in there.

Good luck!

Stefan Johnson

Re: kernel panic: inteldrm

2011-09-28 Thread Owain Ainsworth 
On Tue, Sep 27, 2011 at 01:24:36PM +0400, Alexei Malinin wrote:
 Hello.
 
 Can anybody comment this kernel panic event?

I will look into it.

What were you doing at the time? This is pure 4.9 yes?

-0-
-- 
It is now pitch dark.  If you proceed, you will likely fall into a pit.

Re: kernel panic: inteldrm

2011-09-28 Thread Alexei Malinin 
Owain Ainsworth wrote:
 On Tue, Sep 27, 2011 at 01:24:36PM +0400, Alexei Malinin wrote:
 Hello.

 Can anybody comment this kernel panic event?

 I will look into it.

 What were you doing at the time?

rdesktop was running, I moved cursor from rdesktop window
to seamonkey window, after that all hung, I switched to other
virtual console, then I switched back to X and after
that computer rebooted

 This is pure 4.9 yes?

yes


-- 
Alexei Malinin

Amerikan Kültür Derneği Dil Okullarının 1.5 Milyon Öğrencisi MyKelime.com'u Seçti

2011-09-28 Thread MyKelime.com 
Bu maili MyKelime.com'un kayD1tlD1 bir kullanD1cD1sD1 olduDunuz iC'in
almaktasD1nD1z.
Maili okumakta sD1kD1ntD1 C'ekiyorsanD1z lCtfen tD1klayD1nD1z.

[IMAGE]

[IMAGE]
===

[IMAGE]

[IMAGE]

[IMAGE]

[IMAGE]

[IMAGE]

[IMAGE]

Merhaba; Sn. ***  ***

AdD1nD1z ve soyadD1nD1z bu mesajD1n MyKelime.com'dan geldiDine emin
olmanD1z iC'in yazD1lmD1EtD1r.

Amerikan KCltCr DerneDi Dil OkullarD1nD1n 1.5 Milyon CDrencisi
MyKelime.com'u SeC'ti
===

[IMAGE]

[IMAGE]

Bu mesaj size MyKelime.com tarafD1ndan gC6nderilmiEtir. MyKelime.com'u
kullandD1DD1nD1z iC'in teEekkCrler.

[IMAGE]

MyKelime.com'dan eposta almak istemiyorsanD1z lCtfen tD1klayD1nD1z.

Copyright B) 2004 TCm haklarD1 saklD1dD1r.

[IMAGE]

Re: kernel panic: inteldrm

2011-09-28 Thread Tomas Bodzar 
2011/9/28 Alexei Malinin alexei.mali...@mail.ru:
 Owain Ainsworth wrote:
 On Tue, Sep 27, 2011 at 01:24:36PM +0400, Alexei Malinin wrote:
 Hello.

 Can anybody comment this kernel panic event?

 I will look into it.

 What were you doing at the time?

 rdesktop was running, I moved cursor from rdesktop window
 to seamonkey window, after that all hung, I switched to other
 virtual console, then I switched back to X and after
 that computer rebooted

My colleague has quite similar issues on about month old current.

3533124.077] (WW) checkDevMem: failed to open /dev/xf86 and /dev/mem
  (Operation not permitted)
  Check that you have set 'machdep.allowaperture=1'
  in /etc/sysctl.conf and reboot your machine
  refer to xf86(4) for details
[3533124.077]   linear framebuffer access unavailable
[3533124.098] (--) Using wscons driver on /dev/ttyC4 in pcvt
compatibility mode (version 3.32)
[3533125.109]
Fatal server error:
[3533125.109] xf86OpenConsole: VT_SETMODE VT_PROCESS failed
[3533125.109]
Please consult the The X.Org Foundation support
   at http://wiki.x.org
for help.
[3533125.109] Please also check the log file at /var/log/Xorg.1.log
for additional information.
[3533125.109]
$

machdep.allowaperture is set to 2 and permissions looks fine. What's
interesting is that there are messages in console about some issue in
Seamonkey (sorry don't have them in hand right now). Before they start
appearing in console cursor in X changes to vertical line about 3cm
in size which is shaking and in couple of seconds whole machine just
freeze. Sometimes it's possible to avoid that behaviour with quick
switch to text console, but not always.

There's Gnome2 and other packages installed. Right now I can't provide
more. Probably I will be able next week when machine will be upgraded
to real current and I will check if problem is still in place.



 This is pure 4.9 yes?

 yes


 --
 Alexei Malinin

Re: no home no shell accounts

2011-09-28 Thread Stefan Johnson 
I stand corrected.  Here is the procedure for setting up sftp-only with
/usr/bin/false as the shell:

Create your user with the appropriate shell:
useradd -m -s /usr/bin/false -d /home/anonsftp anonsftp
(Note that you might want to set up your own login class for it instead, or
add other details)

Change the ownership of /home/anonsftp to root:
chown root /home/anonsftp

Modify the sshd_config for a Match User block that is appropriate:
Match User anonsftp
 X11Forwarding no
 AllowTcpForwarding no
 ForceCommand internal-sftp
 ChrootDirectory /home/anonftp

If you need logging, again review the section in the man page on that.

Sorry for the bad information earlier.

Stefan Johnson

dead link to damiens iwn0 package

2011-09-28 Thread Matthias Pfeifer 
Hello List

I just installed OpenBSD 4.9 on my x61s.

The iwn manpage refers to 
http://damien.bergamini.free.fr/packages/openbsd/iwn-firmware-5.6.tgz
to get the firmware. 

Well, the Website seems in trouble.

Is there another place where i can get those files?


Thank you!

Re: dead link to damiens iwn0 package

2011-09-28 Thread Andreas Hämmerle 
On 09/28/11 17:52, Matthias Pfeifer wrote:
 The iwn manpage refers to 
 http://damien.bergamini.free.fr/packages/openbsd/iwn-firmware-5.6.tgz
 to get the firmware. 
 
 Well, the Website seems in trouble.
 
 Is there another place where i can get those files?

yepp, you can get the firmware from
http://firmware.openbsd.org/firmware/

Cheers,
Andreas

Re: -current userland not building

2011-09-28 Thread Chris Smith 
On Fri, Sep 23, 2011 at 11:34 AM, Amit Kulkarni amitk...@gmail.com wrote:
 Yes, it happens when you start out. Look Nick added this because of you :-)
 http://www.openbsd.org/faq/current.html#20110919

Thank you Nick :)

However, I just realized that:
http://www.openbsd.org/faq/current.html#20110919

is not the same as:
http://openbsd.org/faq/current.html#20110919

The site at http://openbsd.org is not in sync with http://www.openbsd.org/.

Chris

Re: ipsec: failure after upgrade [SOLVED]

2011-09-28 Thread Toni Mueller 
Hi,

I solved the site-site part of it. It turned out to be a typo somewhere.

  :(

But the mobile issue is still open.



Kind regards,
--Toni++

ANZ Bank Update ©

2011-09-28 Thread ANZ Bank 
 - This mail is in HTML. Some elements may be ommited in plain text. -

Protection Alert
Customers are reminded that User Maintenance personal information requires
update.
Please proceed to ANZ Online Banking below for your
account
maintenance:
Proceed to ANZ Online Banking
ANZ
Online Banking
Security
..

Re: -current userland not building

2011-09-28 Thread Amit Kulkarni 
 The site at http://openbsd.org is not in sync with http://www.openbsd.org/.

yes they are different. its addressed already in the archives multiple times.

Re: -current userland not building

2011-09-28 Thread Chris Smith 
On Wed, Sep 28, 2011 at 3:00 PM, Amit Kulkarni amitk...@gmail.com wrote:
 The site at http://openbsd.org is not in sync with http://www.openbsd.org/.

 yes they are different. its addressed already in the archives multiple times.

Found a thread from 2007 where Theo states www.openbsd.org is a
mirror on a good network connection but is this still the case? Can
one have a mirror that is more up-to-date than the source?

Re: -current userland not building

2011-09-28 Thread Nick Holland 

On 09/28/2011 03:42 PM, Chris Smith wrote:

On Wed, Sep 28, 2011 at 3:00 PM, Amit Kulkarniamitk...@gmail.com  wrote:

The site at http://nowww.openbsd.org is not in sync with 
http://www.openbsd.org/.


yes they are different. its addressed already in the archives multiple times.


Found a thread from 2007 where Theo states www.openbsd.org is a
mirror on a good network connection but is this still the case? Can
one have a mirror that is more up-to-date than the source?


we like it that way.
quit using the site without the www's. :)

nowww.openbsd.org is not the source and never was (at least in the ten 
years I've been on the project).  It is hosted on the machine where 
OpenBSD development is stored, but the source is a CVS repository.  All 
mirrors we want you to use are cvs checkouts of the CVS www/ repo.  Most 
of them update automatically.  That one you are worrying about is 
updated manually for various reasons.  It helps discourage you from 
using it. :)


Nick.

Re: -current userland not building

2011-09-28 Thread Chris Smith 
On Wed, Sep 28, 2011 at 3:59 PM, Nick Holland
n...@holland-consulting.net wrote:
 quit using the site without the www's. :)

Yes, I've made a mental note to that effect and already edited my bookmarks.

 nowww.openbsd.org is not the source and never was (at least in the ten
 years I've been on the project).

That 'splains it :)

Thanks.

www.pears-gallery.com : SAISON 2

2011-09-28 Thread Pears gallery 
www.pears-gallery.com
SAISON 2

Nous venons de mettre en ligne la nouvelle version de notre site.

Au programme :

UN REFERENCEMENT DE QUALITE
12.000 visiteurs par mois
1er sur Google pour la recherche galerie art contemporain
3hme sur Google pour la recherche galerie d'art contemporain
6me sur Google pour la recherche art gallery


UN SITE OPTIMISE POUR LES ARTISTES
1 seule image ` tilicharger par oeuvre
une fonction ZOOM automatique sur vos oeuvres
le descriptif de vos oeuvres traduit en 8 langues
vos expositions sur Googlemap
la possibiliti de vendre directement vos oeuvres sans commission

UN ABONNEMENT SIMPLE
25% de riduction offert ` tous les Artistes professionnels (SIRET ou Maison
des Artistes)
Possibiliti de s'abonner sans engagement.
Paiement annuel possible.
Un code promo supplimentaire de 15% : DECOUVERTE

VENEZ NOUS SUIVRE SUR FACEBOOK



Si vous rencontrez des difficultis , merci de nous contacter :
cont...@pears-gallery.com, nous serons riactifs comme durant la premihre
annie.
N'hisitez pas ` promouvoir notre site, plus nous aurons d'abonnis, plus nous
pourrons amiliorer le site et organiser des ivinements.

Cordialement,

L'Equipe Pears Gallery
Sophie, Romain et David.


Unsubscribe

Problem with installing OpenBSD

2011-09-28 Thread Sales - OrangeWebsite.com 
Hey,

We are experiencing problem with installing OpenBSD on our VPS servers. We'd
hope you provided us some assistance how we could fix this. You can see our
VPS details here at http://www.orangewebsite.com/docs/vps.php.


Best greetings,
- Henry K. Johannes
Orangewebsite.com - 'Your solid business partner'