Re: pppoe (kernel) works but doesn't

[georgek]

Sorry for bothering you,
I had to go tcpdump the entire network "conversation" between linux and bsd
in order to find out that I had miss type my username...

Thank you for your reply Pierre nevertheless :)

P.S. This topic can be deleted



--
View this message in context: 
http://openbsd-archive.7691.n7.nabble.com/pppoe-kernel-works-but-doesn-t-tp292491p292510.html
Sent from the openbsd user - misc mailing list archive at Nabble.com.

WAPBL?

[Martijn Rijkeboer]

Hi,

Just out of curiosity, what has happend with WAPBL? There were some patches
floating around on tech@ in the last months of 2015, but then it became
quiet. I'm not complaining just curious.

Kind regards,


Martijn Rijkeboer

Re: Mail : MRA MDA LDA e-mail processors in OpenBSD

[Lampshade]

>I don't know what "MRA" means, but for fetching:

According to Wikipedia's "Email agent" there are:

Mail user agent (MUA)
Mail submission agent (MSA)
Mail access agent (MAA)
Mail transfer agent (MTA)
Mail delivery agent (MDA)
Mail retrieval agent (MRA)

Re: HTTPS Only 3.1 (Detailed Analysis, Browser Security, Open Source, Python)

[Kevin Chadwick]

> On Thu, 24 Mar 2016, Kevin Chadwick  wrote:
> > BTW, only allowing Javascript to come from the primary domain over SSL
> > would be a far saner idea, but lets see you get that past Google,
> > facebook and all the other tracking sites?  
> 
> It's possible with content security policy[1][2], but completely
> optional and up to the webmaster (custom header sent by the server).
> Google etc are actually pushing for it.
> 
> [1]: https://en.wikipedia.org/wiki/Content_Security_Policy
> [2]: https://developer.mozilla.org/en-US/docs/Web/Security/CSP

Please, you think that says anything about Google, it doesn't even say
anything about a few Google developers? Google generally works in teams
of four by the way apparently.

Yes I have that enabled on my sites as there is NO javascript at all
but that is next to useless as my sites aren't problem sites.

The noscript extension for firefox appears to increase firefox's
startup use of memory by more than the xombrero browser uses on startup!

Here's a question or two. Why can you not clear any content on browser
shutdown on chrome but can in comodos version called chromodo.

Why are the chrome javascript controls next to useless and hitting
enable has no effect on video sites that try to ensure adverts have
been run?

I could throw in why google are adverse to firewalls but that would
open up more trolling.

I have nothing against Google btw but some of their software design
decisions are as bad as Apples engineering.

Anyway, non of this has anything to do with OpenBSD as I doubt libressl
and it's CA ability would be the chosen solution to any OpenBSD
security problems when there is OpenSSH available and many of the
developers meet regularly enough. So I assume the developers would
agree that it would be good if https everywhere nonsense wasn't brought
up on this list again please.

-- 

KISSIS - Keep It Simple So It's Securable

Re: Tcpdump on pflow0 failed, understanding (or not) the pflow0 pseudo device

[Kapetanakis Giannis]

On 26/03/16 17:02, Eike Lantzsch wrote:

Hi:

For learning purposes I want to set up collecting NetFlow data from my small
office router (5.8 release on a PC-Engines Alix 2D13 device).
I'm trying to follow
http://bsdly.blogspot.ca/2014/02/yes-you-too-can-be-evil-network.html
and I have Peter N. M. Hansteen's fine Book of PF (3) at hand - chapter 9
"Collecting NetFlow Data with pflow(4)".
However I seem to have a hard time to understand some details.

I set up
/etc/pf.conf
# options:
set state-defaults pflow

and
/etc/hostname.pflow0

and get this:

# ifconfig pflow0
pflow0: flags=41 mtu 1448
 priority: 0
 pflow: sender: 192.168.12.1 receiver: 192.168.12.31:9995 version: 10
 groups: pflow

192.168.12 is my internal small network. I plan to set up a collector on
192.168.12.31, which is an OpenBSD-vm on my work station.
(Did I get this right? Or should I use the address which I get from my ISP as
a souce address?)

However
# tcpdump -nettti pflow0
tcpdump: Failed to open bpf device for pflow0: Device not configured

In /dev/ I got bpf0 up to bpf9

I did not set up a collector right now - just wanted to see if I get any
NetFlow data.

What did I miss setting up the pflow pseudo-device?


Try
tcpdump -i vr0 host 192.168.12.31 and port 9995
if vr0 is the interface to 192.168.1.31

G

Re: Mail : MRA MDA LDA e-mail processors in OpenBSD

[Marcus MERIGHI]

lampsh...@poczta.fm (Lampshade), 2016.03.26 (Sat) 12:35 (CET):
> I am casual OpenBSD user. I use it on laptop. I don't have servers and
> do *not* want to create my own mail service. I use what crowd uses:
> I have Yahoo, Gmail, Yandex mail accounts.
> 
> I would like to use mutt and shell scripts for mail notification etc.
> To accomplish this I want to have local copy of mail in 
> Maildir format. 
> What MRA do you use for that? Getmail, fetchmail or something else?

I don't know what "MRA" means, but for fetching:

fdm is a simple, lightweight replacement for mail fetch, filter and
delivery programs such as fetchmail and procmail. It can fetch using
POP3 or IMAP (with SSL) or from stdin, and deliver to a pipe, file,
maildir, mbox or SMTP server, based on regexps.
Maintainer: Nicholas Marriott 

If you want to sync:

OfflineIMAP is  a  tool  to   simplify   your   e-mail  reading.   With
OfflineIMAP,  you  can  read  the same mailbox from multiple computers.
You get a current copy of your messages on each computer,  and  changes
you make one place will be visible on all other systems.  For instance,
you can delete a message on your home  computer,  and  it  will  appear
deleted  on  your work computer as well.  OfflineIMAP is also useful if
you want to use a mail reader that does not have IMAP support, has poor
IMAP support, or does not provide disconnected operation.

Both are in ports/packages, both work for me(tm). 

> Is there something in OpenBSD's base for that?

Don't think so. 

> I would also like to do some things with mail for example
> get rid off attachments for mail in one account and do reverse,
> opposite on the other account: just backup attachments saving them
> in normal file names with appropriate extensins in file names,
> not inside other Maildir messages.
> To accomplish this I think, but I am not sure, I need MDA such as
> procmail or maildrop or something similar.
> What do you use? I want something quite secure and not much
> complicated. It does *not* need to be feature rich.
> Bonus points for software in OpenBSD's base.

I'd be interested to hear how long it has taken you from the current
status to "mission accomplished". About 20 years on my part...  
without "mission accomplished". 

Bye, Marcus

> !DSPAM:56f673f982709906019753!

Tcpdump on pflow0 failed, understanding (or not) the pflow0 pseudo device

[Eike Lantzsch]

Hi:

For learning purposes I want to set up collecting NetFlow data from my small
office router (5.8 release on a PC-Engines Alix 2D13 device).
I'm trying to follow
http://bsdly.blogspot.ca/2014/02/yes-you-too-can-be-evil-network.html
and I have Peter N. M. Hansteen's fine Book of PF (3) at hand - chapter 9
"Collecting NetFlow Data with pflow(4)".
However I seem to have a hard time to understand some details.

I set up
/etc/pf.conf
# options:
set state-defaults pflow

and
/etc/hostname.pflow0

and get this:

# ifconfig pflow0
pflow0: flags=41 mtu 1448
priority: 0
pflow: sender: 192.168.12.1 receiver: 192.168.12.31:9995 version: 10
groups: pflow

192.168.12 is my internal small network. I plan to set up a collector on
192.168.12.31, which is an OpenBSD-vm on my work station.
(Did I get this right? Or should I use the address which I get from my ISP as
a souce address?)

However
# tcpdump -nettti pflow0
tcpdump: Failed to open bpf device for pflow0: Device not configured

In /dev/ I got bpf0 up to bpf9

I did not set up a collector right now - just wanted to see if I get any
NetFlow data.

What did I miss setting up the pflow pseudo-device?

The Book of PF states:
"With at least one pflow device configured [1] and at least one rule in your
pf.conf that generates data for export via the pflow device [2], you’re
almost
finished setting up the sensor. You may still need to add a rule [3], however,
that allows the UDP data to flow from the IP address you specified as the flow
data source to the collector’s IP address and target port at the flow
destination."

[1] "one pflow device configured" did I understand correctly that this is done
by
/etc/hostname.pflow0
flowsrc 181.40.100.8 flowdst 192.168.12.31:9995
pflowproto 10
?

[2] "and at least one rule in your pf.conf that generates data for export via
the pflow device" does this mean that
set state-defaults pflow
in /etc/pf.conf
is enough or do I still need to add one pass rule with "keep state (pflow)"?

[3] "add a rule, however, that allows the UDP data to flow from the IP address
you specified as the flow data source to the collector’s IP address and
target
port at the flow destination"
I'm not quite getting this. Isn't it done if I allow UDP packets in general to
flow out of my internal interface into my network?

Thank you for your time.
Eike

pfctl -sr:
block return all
block return in quick on vr0 inet from <__automatic_ca3abafe_0> to any
block return out quick on vr0 inet from any to <__automatic_ca3abafe_1>
block return log (all, to pflog1) quick from  to any
block return log (all, to pflog1) quick from  to any
pass inet proto tcp from any to 192.168.12.0/25 port = 53 flags S/SA keep
state
(source-track rule, max-src-con
n 60, max-src-conn-rate 10/10, overload  flush global, src.track
10)
pass inet proto tcp from any to 192.168.12.0/25 port = 123 flags S/SA keep
state (source-track rule, max-src-co
nn 60, max-src-conn-rate 10/10, overload  flush global, src.track
10)
pass inet proto tcp from any to 192.168.12.0/25 port = 113 flags S/SA keep
state (source-track rule, max-src-co
nn 60, max-src-conn-rate 10/10, overload  flush global, src.track
10)
pass inet proto tcp from any to 192.168.12.0/25 port = 2244 flags S/SA keep
state (source-track rule, max-src-c
onn 60, max-src-conn-rate 10/10, overload  flush global, src.track
10)
pass inet proto tcp from any to 192.168.12.0/25 port = 5198 flags S/SA keep
state (source-track rule, max-src-c
onn 60, max-src-conn-rate 10/10, overload  flush global, src.track
10)
pass inet proto tcp from any to 192.168.12.0/25 port = 5199 flags S/SA keep
state (source-track rule, max-src-c
onn 60, max-src-conn-rate 10/10, overload  flush global, src.track
10)
block return in on ! lo0 proto tcp from any to any port 6000:6010
anchor "ftp-proxy/*" all
pass in quick on vether0 inet proto tcp from any to any port = 21 flags S/SA
keep state (pflow) divert-to 127.0
.0.1 port 8021
pass out inet proto tcp from 127.0.0.1 to any port = 21 flags S/SA keep state
(pflow)
match in all scrub (no-df max-mss 1440)
match out on egress inet from ! (egress:network) to any nat-to (egress:0)
round-robin
block return in log all
pass out quick all flags S/SA keep state (pflow)
block drop in log quick on ! lo inet6 from ::1 to any
block drop in log quick on ! lo inet from 127.0.0.0/8 to any
block drop in log quick inet from 127.0.0.1 to any
block drop in log quick on ! vether0 inet from 192.168.12.0/25 to any
block drop in log quick inet from 192.168.12.1 to any
block drop in log quick on lo0 inet6 from fe80::1 to any
block drop in log quick inet6 from ::1 to any
pass in log on egress inet proto tcp from any to (egress) port = 53 flags S/SA
keep state (pflow)
pass in log on egress inet proto tcp from any to (egress) port = 123 flags
S/SA
keep state (pflow)
pass in log on egress inet proto tcp from any to (egress) port = 113 flags
S/SA
keep state (pflow)
pass in log on egress inet proto tcp from any to (egress) port = 

Re: pppoe (kernel) works but doesn't

[George Kourvoulis]

Sorry for bothering you,
I had to go tcpdump the entire network "conversation" between linux and bsd
in order to find out that I had miss type my username...

Thank you for your reply Pierre nevertheless :)

P.S. This topic can be deleted

On Sat, Mar 26, 2016 at 1:34 PM, Pierre Emeriaud <
petrus.lt+open...@gmail.com> wrote:

> Hi George,
>
> > pppoe0: flags=8855 mtu
> 1492
> > priority: 0
> > dev: em0 state: session
> > sid: 0x1d1e PADI retries: 0 PADR retries: 0 time: 00:13:01
> > sppp: phase network authproto pap authname "user"
> > groups: pppoe egress
> > status: active
> > inet 10.0.128.0 --> 83.235.1.86 netmask 0x
>
>
> > Despite the fact that everything seems to work OK, I can only ping
> > 83.235.1.86 and nothing else. I tried pinging 8.8.8.8 or my ISP's DNS
> > servers but for some reason this is not possible.
>
> Are you sure you're not hitting some kind of walled garden? Or is the
> private address from your ESX setup?
>
> If your ISP is indeed OTE, PAP seems fine as per
> http://ipv6.ote.gr/?page_id=74=en, but you could try CHAP just in
> case.
>
> -pierre

[solved] pkg_add broken (current/amd64)

[Heiko]

I did it.

but I only had _pkduntar (?).
After doing again, it works.
Thank you very much for fast help.

Cheers
Heiko

Am 26.03.2016 um 13:54 schrieb Andreas Zeilmeier:
> Hi Heiko,
> 
> did you run sysmerge(8) after upgrading?
> This will add the users/groups _pkgfetch and _pkguntar.
> bd09c6fmxoq2...@intermezzo.net
> Cheers
> 
> Andi
> 
> On 26.03.2016 13:33, Heiko wrote:
>> Hello together,
>>
>> pkg_add is broken on my current amd64 since snapshot march 24.
>>
>> I get this:
>>
>> # pkg_add -ui
>> Error from http://ftp.openbsd.org/pub/OpenBSD/snapshots/packages/amd64/
>> Can't locate object method "fatal" via package
>> "OpenBSD::PackageRepository::HTTP" at
>> /usr/libdata/perl5/OpenBSD/PackageRepository.pm line 592.
>>
>>
>> The corresponding code:
>>
>> -- snip ---
>> sub drop_privileges_and_setup_env
>> {
>> my $state = shift;
>> my $user = '_pkgfetch';
>> # we can't cache anything, we happen after the fork,.
>> # right before exec
>> if (my (undef, undef, $uid, $gid) = getpwnam($user)) {
>> $( = $gid;
>> $) = "$gid $gid";
>> $< = $uid;
>> $> = $uid;
>> } else {
>>   $state->fatal("Couldn't change identity: can't find #1", $user);
>> }
>> --- snip --
>>
>> When I remark the "fatal" in line 592, I can update. But how can I fix
>> it correctly?
>>
>>
>> I did not find any change notes in:
>> http://www.openbsd.org/faq/current.html
>>
>> Thank you in advance for your feedback.
>>
>> /Heiko

pppoe (kernel) authentication works but no internet

[georgek]

Hi,

1) I have set kernel pppoe with the following options (I have only one NIC
directly connected to my dsl modem) :

# cat /etc/hostname.pppoe0
inet 0.0.0.0 255.255.255.255 NONE \
pppoedev em0 authproto pap \
authname 'user' authkey 'pass' up
dest 0.0.0.1
!/sbin/route add default -ifp pppoe0 0.0.0.1

2) authentication and remote/local IP seem to acquired fine (ifconfig output
follows)

pppoe0: flags=8855 mtu 1492
priority: 0
dev: em0 state: session
sid: 0x1d1e PADI retries: 0 PADR retries: 0 time: 00:13:01
sppp: phase network authproto pap authname "user"
groups: pppoe egress
status: active
inet 10.0.128.0 --> 83.235.1.86 netmask 0x

3) default route is set correctly
Internet:
DestinationGatewayFlags   Refs  Use   Mtu  Prio
Iface
default83.235.1.86UGS0   68 - 8
pppoe0
10.0.128.0 10.0.128.0 UHl00 - 1 lo0
83.235.1.8610.0.128.0 UH 00 - 8
pppoe0
127/8  127.0.0.1  UGRS   00 32768 8 lo0
127.0.0.1  127.0.0.1  UHl10 32768 1 lo0
192.168.1/24   192.168.1.2UC 20 - 8 em0
192.168.1.200:50:56:bd:6e:be  UHLl   00 - 1 lo0
192.168.1.4d8:cb:8a:3c:25:60  UHLc   215928 - 8 em0
192.168.1.100  00:0c:29:61:90:5c  UHLc   0   10 - 8 em0
192.168.1.255  192.168.1.2UHb00 - 1 em0
224/4  127.0.0.1  URS00 32768 8 lo0

4) LCP communication seems to be OK:
pppoe0: lcp output 
pppoe0 (8864) state=3, session=0x1d1e output -> 00:90:1a:41:fa:4b, len=16
pppoe0: lcp input(opened): 


Despite the fact that everything seems to work OK, I can only ping
83.235.1.86 and nothing else. I tried pinging 8.8.8.8 or my ISP's DNS
servers but for some reason this is not possible.

I am on OpenBSD 5.8 running under esxi 6.
Any ideas?

Thank you for your time,
George



--
View this message in context: 
http://openbsd-archive.7691.n7.nabble.com/pppoe-kernel-authentication-works-but-no-internet-tp292480.html
Sent from the openbsd user - misc mailing list archive at Nabble.com.

Re: pkg_add broken (current/amd64)

[Daniel Jakots]

On Sat, 26 Mar 2016 13:33:46 +0100, Heiko
 wrote:

> When I remark the "fatal" in line 592, I can update. But how can I fix
> it correctly?

It looks like you didn't run sysmerge(8). Did you?


Cheers,
Daniel

Re: pkg_add broken (current/amd64)

[Andreas Zeilmeier]

Hi Heiko,

did you run sysmerge(8) after upgrading?
This will add the users/groups _pkgfetch and _pkguntar.

Cheers

Andi

On 26.03.2016 13:33, Heiko wrote:

Hello together,

pkg_add is broken on my current amd64 since snapshot march 24.

I get this:

# pkg_add -ui
Error from http://ftp.openbsd.org/pub/OpenBSD/snapshots/packages/amd64/
Can't locate object method "fatal" via package
"OpenBSD::PackageRepository::HTTP" at
/usr/libdata/perl5/OpenBSD/PackageRepository.pm line 592.


The corresponding code:

-- snip ---
sub drop_privileges_and_setup_env
{
my $state = shift;
my $user = '_pkgfetch';
# we can't cache anything, we happen after the fork,.
# right before exec
if (my (undef, undef, $uid, $gid) = getpwnam($user)) {
$( = $gid;
$) = "$gid $gid";
$< = $uid;
$> = $uid;
} else {
  $state->fatal("Couldn't change identity: can't find #1", $user);
}
--- snip --

When I remark the "fatal" in line 592, I can update. But how can I fix
it correctly?


I did not find any change notes in: http://www.openbsd.org/faq/current.html

Thank you in advance for your feedback.

/Heiko

pkg_add broken (current/amd64)

[Heiko]

Hello together,

pkg_add is broken on my current amd64 since snapshot march 24.

I get this:

# pkg_add -ui
Error from http://ftp.openbsd.org/pub/OpenBSD/snapshots/packages/amd64/
Can't locate object method "fatal" via package
"OpenBSD::PackageRepository::HTTP" at
/usr/libdata/perl5/OpenBSD/PackageRepository.pm line 592.


The corresponding code:

-- snip ---
sub drop_privileges_and_setup_env
{
my $state = shift;
my $user = '_pkgfetch';
# we can't cache anything, we happen after the fork,.
# right before exec
if (my (undef, undef, $uid, $gid) = getpwnam($user)) {
$( = $gid;
$) = "$gid $gid";
$< = $uid;
$> = $uid;
} else {
  $state->fatal("Couldn't change identity: can't find #1", $user);
}
--- snip --

When I remark the "fatal" in line 592, I can update. But how can I fix
it correctly?


I did not find any change notes in: http://www.openbsd.org/faq/current.html

Thank you in advance for your feedback.

/Heiko

Mail : MRA MDA LDA e-mail processors in OpenBSD

[Lampshade]

Hello,
I am casual OpenBSD user. I use it on laptop. I don't have servers and do
*not* want to create my own mail service. I use what crowd uses:
I have Yahoo, Gmail, Yandex mail accounts.

I would like to use mutt and shell scripts for mail notification etc.
To accomplish this I want to have local copy of mail in 
Maildir format. 
What MRA do you use for that? Getmail, fetchmail or something else?
Is there something in OpenBSD's base for that?

I would also like to do some things with mail for example
get rid off attachments for mail in one account and do reverse,
opposite on the other account: just backup attachments saving them
in normal file names with appropriate extensins in file names,
not inside other Maildir messages.
To accomplish this I think, but I am not sure, I need MDA such as
procmail or maildrop or something similar.
What do you use? I want something quite secure and not much
complicated. It does *not* need to be feature rich.
Bonus points for software in OpenBSD's base.

Re: pppoe (kernel) works but doesn't

[Pierre Emeriaud]

Hi George,

> pppoe0: flags=8855 mtu 1492
> priority: 0
> dev: em0 state: session
> sid: 0x1d1e PADI retries: 0 PADR retries: 0 time: 00:13:01
> sppp: phase network authproto pap authname "user"
> groups: pppoe egress
> status: active
> inet 10.0.128.0 --> 83.235.1.86 netmask 0x


> Despite the fact that everything seems to work OK, I can only ping
> 83.235.1.86 and nothing else. I tried pinging 8.8.8.8 or my ISP's DNS
> servers but for some reason this is not possible.

Are you sure you're not hitting some kind of walled garden? Or is the
private address from your ESX setup?

If your ISP is indeed OTE, PAP seems fine as per
http://ipv6.ote.gr/?page_id=74=en, but you could try CHAP just in
case.

-pierre

Re: Relayd TLS client mode CA verification

[Lampshade]

I have reported problem to bugs mailing list.
Thanks for checking that and response.

Re: RS232 Mini PCI Express Serial Card

[Stuart Henderson]

On 2016-03-25,   wrote:
> Hello,
>
> Can anyone confirm this device works with OpenBSD 5.8 or higher:
>
> https://www.startech.com/Cards-Adapters/Serial-Cards-Adapters/2-Port-RS232-Mini-PCI-Express-Serial-Card-16950-UART~MPEX2S952
>
> I do not have one to test, so before purchasing I thought I would ask about
> it or experience with something like it.

There is a device entry in puc(4) for it, but I'm not sure if we got the
uart speeds working right with the Oxford Semi native PCIE uart that
this device uses, the clocking is based on PCIE and is at a frequency
that is very different to other puc(4) devices and doesn't fit well
with the way we encode them. That said, I was able to get a similar
chip working, just the serial ports ran at the wrong speed (iirc it was
halved or doubled compared to the speed requested)..

> Would utilize it for the main console.

This is fiddly with puc(4) devices in general - you need to identify the
base address with pcidump and feed it to 'machine comaddr' in boot.conf
and hope it doesn't change (which it may do especially if you add/remove
other devices).

pppoe (kernel) works but doesn't

[George Kourvoulis]

Hi,

1) I have set kernel pppoe with the following options (I have only one NIC
directly connected to my dsl modem) :

# cat /etc/hostname.pppoe0
inet 0.0.0.0 255.255.255.255 NONE \
pppoedev em0 authproto pap \
authname 'user' authkey 'pass' up
dest 0.0.0.1
!/sbin/route add default -ifp pppoe0 0.0.0.1

2) authentication and remote/local IP seem to acquired fine (ifconfig
output follows)

pppoe0: flags=8855 mtu 1492
priority: 0
dev: em0 state: session
sid: 0x1d1e PADI retries: 0 PADR retries: 0 time: 00:13:01
sppp: phase network authproto pap authname "user"
groups: pppoe egress
status: active
inet 10.0.128.0 --> 83.235.1.86 netmask 0x

3) default route is set correctly
Internet:
DestinationGatewayFlags   Refs  Use   Mtu  Prio
Iface
default83.235.1.86UGS0   68 - 8
pppoe0
10.0.128.0 10.0.128.0 UHl00 - 1 lo0
83.235.1.8610.0.128.0 UH 00 - 8
pppoe0
127/8  127.0.0.1  UGRS   00 32768 8 lo0
127.0.0.1  127.0.0.1  UHl10 32768 1 lo0
192.168.1/24   192.168.1.2UC 20 - 8 em0
192.168.1.200:50:56:bd:6e:be  UHLl   00 - 1 lo0
192.168.1.4d8:cb:8a:3c:25:60  UHLc   215928 - 8 em0
192.168.1.100  00:0c:29:61:90:5c  UHLc   0   10 - 8 em0
192.168.1.255  192.168.1.2UHb00 - 1 em0
224/4  127.0.0.1  URS00 32768 8 lo0

4) LCP communication seems to be OK:
pppoe0: lcp output 
pppoe0 (8864) state=3, session=0x1d1e output -> 00:90:1a:41:fa:4b, len=16
pppoe0: lcp input(opened): 

5) my pf.conf
set skip on lo
match on pppoe0 scrub (max-mss 1440)
pass all


Despite the fact that everything seems to work OK, I can only ping
83.235.1.86 and nothing else. I tried pinging 8.8.8.8 or my ISP's DNS
servers but for some reason this is not possible.

I am on OpenBSD 5.8 running under esxi 6.
Any ideas?

Thank you for your time,
George

Re: Gogs PostgreSQL

[Yuki Izumi]

I had everything in /var/git owned by the ‘git’ user, then the following
rc.d file was sufficient:

#!/bin/sh

daemon="/var/git/go/src/github.com/gogits/gogs/gogs web &"
daemon_user="git"

. /etc/rc.d/rc.subr

pexp="/var/git/go/src/github.com/gogits/gogs/gogs web"
rc_reload=NO

rc_cmd $1


> On 2016-03-25, at 20:18, Markus Hennecke
 wrote:
>
> Am 25.03.2016 um 02:45 schrieb Predrag Punosevac:
>> Hi Misc,
>>
>> Is anybody running Gogs
>>
>> https://gogs.io/
>>
>> in production on OpenBSD using PostgreSQL as a backend. Any chance to
>> share the installation/configuration notes with me?
>>
>> Predrag
>>
> Just compile it using the documentation. You don't have to set $GOROOT.
OpenBSD has the go files in the path already under /usr/local/bin
>
> I mimiced the binary tar balls and copied all the files in there to my
installation location.
> The directories public, scripts and templates and the README and LICENSE
files plus the gogs binary.
>
> You want to setup up a git user account if that is not already available.
Set it up with a valid shell so that only public key authentication is allowed
and let gogs handle all the SSH keys. In that way no user will get a login
shell when connecting via SSH.
>
> Setup a user and database in postgresql, I did that with user and database
name gogs.
> Make the gogs user the owner of the gogs database and set a password.
> Then on the installation page enter the username, password and database name
and you should be set. Gogs will create all tables in the database during
install.
>
> Gogs listens on 0.0.0.0 by default, so I added the entry HTTP_ADDR=
127.0.0.1 in the server section of the app.ini file and setup nginx to be a
reverse proxy -> location /gogs/ { proxy_pass http://127.0.0.1:3000/; },
remember to adjust the ROOT_URL entry to match the nginx configuration.
>
> I wrote a litte rc.d script to start it using nohup, it has to be run as the
git user account:
> #! /bin/sh
>
> user="git"
> daemon="/home/${user}/gogs/gogs"
> daemon_flags="web"
>
> . /etc/rc.d/rc.subr
>
> rc_reload=NO
>
> rc_check() {
>pkill -0 -f "${daemon} ${daemon_flags}"
> }
>
> rc_stop() {
>pkill -f "${daemon} ${daemon_flags}"
> }
>
> rc_start() {
>nohup su -l -c daemon ${user} -c "${daemon} ${daemon_flags}"
>/dev/null 2>&1 &
> }
>
> rc_cmd $1
>
>
> HTH
> Markus