Re: Global IPv4 with ARP and wireguard peers
Has anyone tried to get something like this to work?
A few years ago I did basically the same thing with the VPN function of
ssh using the tun(4) network pseudo-device. Let me check my notes...
It starts the same way:
1. Commenting out the public address in /etc/hostname.vio0
2. Create a /etc/hostname.tun0 with the public address. (And no route)
$ cat /etc/hostname.tun0
10.255.255.7 1.2.Public.IP netmask 255.255.255.255
3. But then it differs and goes to pf:
# $EDITOR /etc/pf.conf
...
ext_if = "vio0"
ext_ip = "1.2.Public.IP"
rdr_if = "tun0"
rdr_ip = "1.2.Public.IP"
rdr_ports = "{1234, 16882, 44666, 32872 }"
tcpudp = "{ tcp, udp }"
pass in on $ext_if proto $tcpudp from any to $ext_ip port $rdr_ports
rdr-to $rdr_ip
# pfctl -f /etc/pf.conf
# sysctl net.inet.ip.forwarding=1
# $EDITOR /etc/sysctl.conf
...
net.inet.ip.forwarding=1
And on the client site:
# $EDITOR /etc/hostname.tun0
1.2.Public.IP 10.255.255.7 netmask 255.255.255.255
!route add default 10.255.255.7
# $EDITOR /etc/hostname.re0
Remove the IPv4 default route. The tunnel runs over IPv6.
Change the numbers and device a little bit.
HTH
openrsync manpage error
Hi I have modified error in openrsync(1) manpage in Example section isn’t that ‘openrsync -t' instead of 'rsync -t ‘ And without --rsync-path= it gives an following error 'openrsync: error: unexpected end of file’ Apologize if Iam wrong Thanks Irshad Index: rsync.1 === RCS file: /cvs/src/usr.bin/rsync/rsync.1,v retrieving revision 1.24 diff -u -p -r1.24 rsync.1 --- rsync.1 31 Mar 2021 20:36:05 - 1.24 +++ rsync.1 13 May 2021 21:25:57 - @@ -234,7 +234,7 @@ with the local and .Pa ../src/baz : .Pp -.Dl % rsync -t ../src/bar ../src/baz host:dest +.Dl % openrsync -t --rsync-path=openrsync ../src/bar ../src/baz host:dest .Pp To update the out-of-date local files .Pa bar @@ -245,7 +245,7 @@ with the remote files and .Pa host:src/baz : .Pp -.Dl % rsync -t host:src/bar :src/baz \&. +.Dl % openrsync -t --rsync-path=openrsync host:src/bar :src/baz \&. .Pp To update the out-of-date local files .Pa ../dest/bar @@ -256,7 +256,7 @@ with and .Pa baz : .Pp -.Dl % rsync -t bar baz ../dest +.Dl % openrsync -t --rsync-path=openrsync bar baz ../dest .\" .Sh DIAGNOSTICS .Sh SEE ALSO .Xr ssh 1
Packages/libraries in disarray after sysupgrade
After upgrading 6.8->6.9 (stable, not current) using sysupgrade, I am finding it not possible to install packages via pkg_add When I try to install something, I get a series of errors like "dependency library name>: bad major" or ": minor is too small" I am assuming I need to be installing new packages with `pkg_add -U` to update the dependencies as needed. However, the manpage suggests this is not desirable. Is there a better way to do things?
Re: Packages/libraries in disarray after sysupgrade
On Thu, May 13, 2021 at 07:50:35PM -0500, Edgar Pettijohn wrote: > On Thu, May 13, 2021 at 10:47:11PM +, tetrahe...@danwin1210.me wrote: > > After upgrading 6.8->6.9 (stable, not current) using sysupgrade, I am > > finding it not possible to install packages via pkg_add > > > > When I try to install something, I get a series of errors like " > dependency library name>: bad major" or ": minor is too > > small" > > > > I am assuming I need to be installing new packages with `pkg_add -U` to > > update the dependencies as needed. However, the manpage suggests this is not > > desirable. > > > > Is there a better way to do things? > > > > I just ran into this myself. I'm guessing the packages are built with a > newer library. So I'm running sysupgrade again to see if they get > installed. I'll repost if that indeed solves my issue. > > edgar > Yep just completed a sysupgrade followed by pkg_add -u and i can now install new packages without errors. Probably the same will work for you. edgar
Re: Packages/libraries in disarray after sysupgrade
On Thu, May 13, 2021 at 10:47:11PM +, tetrahe...@danwin1210.me wrote: > After upgrading 6.8->6.9 (stable, not current) using sysupgrade, I am > finding it not possible to install packages via pkg_add > > When I try to install something, I get a series of errors like " dependency library name>: bad major" or ": minor is too > small" > > I am assuming I need to be installing new packages with `pkg_add -U` to > update the dependencies as needed. However, the manpage suggests this is not > desirable. > > Is there a better way to do things? > I just ran into this myself. I'm guessing the packages are built with a newer library. So I'm running sysupgrade again to see if they get installed. I'll repost if that indeed solves my issue. edgar
Re: Global IPv4 with ARP and wireguard peers
On 5/13/21 3:14 PM, Rafael Possamai wrote: Has anyone tried to get something like this to work? I dont get why it works for a while and then suddenly stops working!? Not with hacky ARP entries. I'd see if Frantech can get you a routed /30 or /29 with your main v4 address as next hop. It's essentially same thing with v6, they route a /48 to your v6 address after you set it to next hop in the routed subnet settings (and configure the VM with that v6 address). Yes, that would've been nice. But turns out that the problem is on OpenBSD's end, as the same configuration works on Alpine. Seems like openbsd.amsterdam has seen a similar issue - https://openbsd.amsterdam/known.html#Connectivity Their solution to ping the gateway works for my case too, which is a better solution than adding/deleting ips/arp entries. So it seems like this bug is still open. Hope this helps some other person who comes looking :D Aisha
Curious about errata patches
Hi everybody Just to know about errata patches : how openbsd developers Generates errata patches Like , I know (diff -upf ) generates diff How you ppl generate patches like below , is there any tool or scripts to do that OpenBSD 6.9 errata 001, May 4, 2021: vmd guests can trigger excessive log messages on the host by sending certain network packets. Apply by doing: signify -Vep /etc/signify/openbsd-69-base.pub -x 001_vmd.patch.sig \ -m - | (cd /usr/src && patch -p0)
Re: Global IPv4 with ARP and wireguard peers
>Has anyone tried to get something like this to work? >I dont get why it works for a while and then suddenly stops working!? Not with hacky ARP entries. I'd see if Frantech can get you a routed /30 or /29 with your main v4 address as next hop. It's essentially same thing with v6, they route a /48 to your v6 address after you set it to next hop in the routed subnet settings (and configure the VM with that v6 address).
Re: Curious about errata patches
Manually and carefully. Irshad Sulaiman wrote: > Hi everybody > > Just to know about errata patches : how openbsd developers Generates > errata patches > Like , I know (diff -upf ) generates diff > How you ppl generate patches like below , is there any tool or scripts to do > that > > OpenBSD 6.9 errata 001, May 4, 2021: > > vmd guests can trigger excessive log messages on the host by sending > certain network packets. > > Apply by doing: > signify -Vep /etc/signify/openbsd-69-base.pub -x 001_vmd.patch.sig \ > -m - | (cd /usr/src && patch -p0) >
Re: smptd - sslv3 alert handshake failure
Bjorn, have a look at this from the opensmtpd mailling list. https://www.mail-archive.com/misc@opensmtpd.org/msg05278.html The message from Eric has how to downgrade the smtpd listener to use all TLS and compatible ciphers. Regards. On 13/05/2021 07:31, Bjorn Ketelaars wrote: I have a smtpd config, which has been running for >1 year without a hitch until now. All outgoing mail is forwarded to a remote SMTP server using a config similar to an example in smtpd.conf(5). Forwarding is failing because of "handshake failed: error:1404B410:SSL routines:ST_CONNECT:sslv3 alert handshake failure" (see below for more information). I'm running current (amd64) with an update frequency of ~twice a week. This error started popping up this weekend - before the libssl/libtls/libcrypto bump. Error remains after the bump. $ cat /etc/mail/smtpd.conf table aliases file:/etc/mail/aliases table secrets file:/etc/mail/secrets listen on lo0 action "local" mbox alias action "relay" relay host smtp+tls://u...@smtp.ziggo.nl:587 auth match from local for local action "local" match from local for any action "relay" I bisected libssl/libtls/libcrypto (checked all changes of the last 2 months) without solving my issue. I also checked smtpd, and found that eric@'s work on moving smtpd to libtls [0] is related to my issue. Reverting smtpd to a version prior to March 5 fixes it for me. Best guess - probably a stupid one - is that the remote host changed something causing SNI related issues. Hints on how to further investigate the above are appreciated! [0] https://marc.info/?l=openbsd-cvs=161494786013059=2 debug: scheduler: scheduling evp:2b97a598686ca143 debug: scheduler: evp:2b97a598686ca143 scheduled (mta) debug: mta: querying smarthost for relay:... debug: mta: querying smarthost debug: mta: ... got smarthost for 2b97a598686ca143: smtp+tls://u...@smtp.ziggo.nl:587 debug: mta: received evp:2b97a598686ca143 for debug: mta: draining [relay:smtp.ziggo.nlort=587,smtp+tls,auth=secrets:ziggo,mx] refcount=1, ntask=1, nconnector=0, nconn=0 debug: mta: querying secret for [relay:smtp.ziggo.nlort=587,smtp+tls,auth=secrets:ziggo,mx]... debug: mta: querying MX for [relay:smtp.ziggo.nlort=587,smtp+tls,auth=secrets:ziggo,mx]... debug: mta: [relay:smtp.ziggo.nlort=587,smtp+tls,auth=secrets:ziggo,mx] waiting for MX secret debug: control -> client: pipe closed debug: clearing p=client, fd=11, pid=0 debug: mta: ... got secret for [relay:smtp.ziggo.nlort=587,smtp+tls,auth=secrets:ziggo,mx]: AGJrZXRAemlnZ28ubmwAREgmd2pQVyZkS3V3enA2a2wqKjM= debug: mta: draining [relay:smtp.ziggo.nlort=587,smtp+tls,auth=secrets:ziggo,mx] refcount=2, ntask=1, nconnector=0, nconn=0 debug: mta: [relay:smtp.ziggo.nlort=587,smtp+tls,auth=secrets:ziggo,mx] waiting for MX debug: MXs for domain smtp.ziggo.nl: 212.54.42.9 preference -1 debug: mta: ... got mx (0x4c260099920, smtp.ziggo.nl, [relay:smtp.ziggo.nlort=587,smtp+tls,auth=secrets:ziggo,mx]) debug: mta: draining [relay:smtp.ziggo.nlort=587,smtp+tls,auth=secrets:ziggo,mx] refcount=1, ntask=1, nconnector=0, nconn=0 debug: mta: querying source for [relay:smtp.ziggo.nlort=587,smtp+tls,auth=secrets:ziggo,mx]... debug: mta: ... got source for [relay:smtp.ziggo.nlort=587,smtp+tls,auth=secrets:ziggo,mx]: [] debug: mta: new [connector:[]->[relay:smtp.ziggo.nlort=587,smtp+tls,auth=secrets:ziggo,mx],0x1] debug: mta: connecting with [connector:[]->[relay:smtp.ziggo.nlort=587,smtp+tls,auth=secrets:ziggo,mx],0x0] debug: mta-routing: searching new route for [connector:[]->[relay:smtp.ziggo.nlort=587,smtp+tls,auth=secrets:ziggo,mx],0x0]... debug: mta-routing: selecting candidate route [] <-> 212.54.42.9 debug: mta-routing: spawning new connection on [] <-> 212.54.42.9 debug: mta: 0x4c2600b96d0: spawned for relay [relay:smtp.ziggo.nlort=587,smtp+tls,auth=secrets:ziggo,mx] debug: mta: connecting with [connector:[]->[relay:smtp.ziggo.nlort=587,smtp+tls,auth=secrets:ziggo,mx],0x0] debug: mta: cannot use [relay:smtp.ziggo.nlort=587,smtp+tls,auth=secrets:ziggo,mx] before 2s debug: mta-routing: no route available for [connector:[]->[relay:smtp.ziggo.nlort=587,smtp+tls,auth=secrets:ziggo,mx],0x0]: must wait a bit debug: mta: retrying to connect on [connector:[]->[relay:smtp.ziggo.nlort=587,smtp+tls,auth=secrets:ziggo,mx],0x0] in 2s... debug: mta: draining [relay:smtp.ziggo.nlort=587,smtp+tls,auth=secrets:ziggo,mx] refcount=3, ntask=1, nconnector=1, nconn=1 debug: mta: scheduling relay [relay:smtp.ziggo.nlort=587,smtp+tls,auth=secrets:ziggo,mx] in 1s... 9483c6637b224554 mta connecting address=smtp+tls://212.54.42.9:587 host=smtp.mail.gtm.iss.as9143.net 9483c6637b224554 mta connected debug: mta: 0x4c2600b96d0: IO error: handshake failed: error:1404B410:SSL routines:ST_CONNECT:sslv3 alert handshake failure 9483c6637b224554 mta error reason=IO Error: handshake failed: error:1404B410:SSL routines:ST_CONNECT:sslv3 alert handshake failure debug: mta: 0x4c2600b96d0: session done ...
Re: VMM 6.9amd64 host video acceleration
By the way, While running Firefox on OpenBSD host I have repeatedly appearing console messages like below: ###!!! [Parent][MessageChannel] Error: (msgtype=0x6A0008,name=PMessagePort::Msg___delete__) Channel closing: too late to send/recv, messages will be lost ###!!! [Parent][RunMessage] Error: Channel closing: too late to send/recv, messages will be lost LibGl error: MESA-LOADER: failed to open radeonsi (search path /usr/X11R6/lib/modules/dri LibGl error: failed to load driver: radeonsi LibGl error: MESA-LOADER: failed to open swrast (search path /usr/X11R6/lib/modules/dri) LibGl error: failed to load driver: swrast Any advice is this normal or not? Martin ‐‐‐ Original Message ‐‐‐ On Wednesday, May 12, 2021 1:43 PM, Dave Voutila wrote: > Martin writes: > > > Hi list, > > Just wonder how to enable video acceleration on VMM guest's side (Debian) > > if it was possible. Maybe PCIe passthru should be present for that purpose? > > There is nothing to accelerate: vmd(8) doesn't emulate a display or > video device. vmm(4) doesn't support pass-through to host hardware > either. > > -dv
Re: smptd - sslv3 alert handshake failure
On Thu 13/05/2021 10:47, Nick Ryan wrote: > Bjorn, have a look at this from the opensmtpd mailling list. > > https://www.mail-archive.com/misc@opensmtpd.org/msg05278.html > > The message from Eric has how to downgrade the smtpd listener to use all TLS > and compatible ciphers. This helped immensely, thank you! Adding 'ciphers "compat"' fixed my problem. I should have known: $ openssl s_client -connect smtp.ziggo.nl:587 -starttls smtp ... SSL-Session: Protocol : TLSv1.2 Cipher: AES256-SHA256 ... According to my maillogs the above mentioned host would allow TLSv1.3:AEAD-CHACHA20-POLY1305-SHA256 until the time that I started experiencing problems. I can only guess why they switched.
Re: Disable Unveil
In this case I would copy the ppd file into ~/Downloads, which is permitted by unveil by default inside /etc/firefox/unveil.main: ~/Downloads rwc In th file selection dialog box it can be difficult to select a directory. If you are having trouble doing so type '/' and then you can enter the desired path, ex. ~/Downloads After having loaded the ppd file I delete it, and cups seems to continue working, I would have assumed that cups loads the file and stores the settings, not the file path, but I could be wrong. On Mon, May 10, 2021 at 02:02:30AM -0600, Jonathan Drews wrote: > Hello Folks: > > I am using OpenBSD 6.9 GENERIC.MP#473 amd64 > > I need to disable unveil so I can load files into Firefox from > other directories. I also cannot load my *.ppd when using my > webbrowser in root. In the past, I have configured CUPS with the > URL http://localhost:631. I need to be able to upload my *.ppd as > my laser printer is not in the list of Xerox printers . I used > this method in OpenBSD 6.8 and it worked fine. > > I read the man page for unveil but it only gives programming > instructions. How can I disable unveil? > > > Kind regards, > Jonathan >
smptd - sslv3 alert handshake failure
I have a smtpd config, which has been running for >1 year without a hitch until now. All outgoing mail is forwarded to a remote SMTP server using a config similar to an example in smtpd.conf(5). Forwarding is failing because of "handshake failed: error:1404B410:SSL routines:ST_CONNECT:sslv3 alert handshake failure" (see below for more information). I'm running current (amd64) with an update frequency of ~twice a week. This error started popping up this weekend - before the libssl/libtls/libcrypto bump. Error remains after the bump. $ cat /etc/mail/smtpd.conf table aliases file:/etc/mail/aliases table secrets file:/etc/mail/secrets listen on lo0 action "local" mbox alias action "relay" relay host smtp+tls://u...@smtp.ziggo.nl:587 auth match from local for local action "local" match from local for any action "relay" I bisected libssl/libtls/libcrypto (checked all changes of the last 2 months) without solving my issue. I also checked smtpd, and found that eric@'s work on moving smtpd to libtls [0] is related to my issue. Reverting smtpd to a version prior to March 5 fixes it for me. Best guess - probably a stupid one - is that the remote host changed something causing SNI related issues. Hints on how to further investigate the above are appreciated! [0] https://marc.info/?l=openbsd-cvs=161494786013059=2 debug: scheduler: scheduling evp:2b97a598686ca143 debug: scheduler: evp:2b97a598686ca143 scheduled (mta) debug: mta: querying smarthost for relay:... debug: mta: querying smarthost debug: mta: ... got smarthost for 2b97a598686ca143: smtp+tls://u...@smtp.ziggo.nl:587 debug: mta: received evp:2b97a598686ca143 for debug: mta: draining [relay:smtp.ziggo.nlort=587,smtp+tls,auth=secrets:ziggo,mx] refcount=1, ntask=1, nconnector=0, nconn=0 debug: mta: querying secret for [relay:smtp.ziggo.nlort=587,smtp+tls,auth=secrets:ziggo,mx]... debug: mta: querying MX for [relay:smtp.ziggo.nlort=587,smtp+tls,auth=secrets:ziggo,mx]... debug: mta: [relay:smtp.ziggo.nlort=587,smtp+tls,auth=secrets:ziggo,mx] waiting for MX secret debug: control -> client: pipe closed debug: clearing p=client, fd=11, pid=0 debug: mta: ... got secret for [relay:smtp.ziggo.nlort=587,smtp+tls,auth=secrets:ziggo,mx]: AGJrZXRAemlnZ28ubmwAREgmd2pQVyZkS3V3enA2a2wqKjM= debug: mta: draining [relay:smtp.ziggo.nlort=587,smtp+tls,auth=secrets:ziggo,mx] refcount=2, ntask=1, nconnector=0, nconn=0 debug: mta: [relay:smtp.ziggo.nlort=587,smtp+tls,auth=secrets:ziggo,mx] waiting for MX debug: MXs for domain smtp.ziggo.nl: 212.54.42.9 preference -1 debug: mta: ... got mx (0x4c260099920, smtp.ziggo.nl, [relay:smtp.ziggo.nlort=587,smtp+tls,auth=secrets:ziggo,mx]) debug: mta: draining [relay:smtp.ziggo.nlort=587,smtp+tls,auth=secrets:ziggo,mx] refcount=1, ntask=1, nconnector=0, nconn=0 debug: mta: querying source for [relay:smtp.ziggo.nlort=587,smtp+tls,auth=secrets:ziggo,mx]... debug: mta: ... got source for [relay:smtp.ziggo.nlort=587,smtp+tls,auth=secrets:ziggo,mx]: [] debug: mta: new [connector:[]->[relay:smtp.ziggo.nlort=587,smtp+tls,auth=secrets:ziggo,mx],0x1] debug: mta: connecting with [connector:[]->[relay:smtp.ziggo.nlort=587,smtp+tls,auth=secrets:ziggo,mx],0x0] debug: mta-routing: searching new route for [connector:[]->[relay:smtp.ziggo.nlort=587,smtp+tls,auth=secrets:ziggo,mx],0x0]... debug: mta-routing: selecting candidate route [] <-> 212.54.42.9 debug: mta-routing: spawning new connection on [] <-> 212.54.42.9 debug: mta: 0x4c2600b96d0: spawned for relay [relay:smtp.ziggo.nlort=587,smtp+tls,auth=secrets:ziggo,mx] debug: mta: connecting with [connector:[]->[relay:smtp.ziggo.nlort=587,smtp+tls,auth=secrets:ziggo,mx],0x0] debug: mta: cannot use [relay:smtp.ziggo.nlort=587,smtp+tls,auth=secrets:ziggo,mx] before 2s debug: mta-routing: no route available for [connector:[]->[relay:smtp.ziggo.nlort=587,smtp+tls,auth=secrets:ziggo,mx],0x0]: must wait a bit debug: mta: retrying to connect on [connector:[]->[relay:smtp.ziggo.nlort=587,smtp+tls,auth=secrets:ziggo,mx],0x0] in 2s... debug: mta: draining [relay:smtp.ziggo.nlort=587,smtp+tls,auth=secrets:ziggo,mx] refcount=3, ntask=1, nconnector=1, nconn=1 debug: mta: scheduling relay [relay:smtp.ziggo.nlort=587,smtp+tls,auth=secrets:ziggo,mx] in 1s... 9483c6637b224554 mta connecting address=smtp+tls://212.54.42.9:587 host=smtp.mail.gtm.iss.as9143.net 9483c6637b224554 mta connected debug: mta: 0x4c2600b96d0: IO error: handshake failed: error:1404B410:SSL routines:ST_CONNECT:sslv3 alert handshake failure 9483c6637b224554 mta error reason=IO Error: handshake failed: error:1404B410:SSL routines:ST_CONNECT:sslv3 alert handshake failure debug: mta: 0x4c2600b96d0: session done ...
