Re: IPsec over PPPoE

2023-08-23 Thread Tobias Heider
On Wed, Aug 23, 2023 at 08:03:34AM +0200, Jiri Navratil wrote:
> Hello,
> 
> Thank you for quick and helpful replies.
> 
> Adding line
> 
> set skip on enc0  
> 
> to pf.conf enabled traffic between my sites.
> 
> I see in https://www.openbsd.org/faq/faq17.html
> 
> "Traffic between them should appear after decapsulation on the enc0
> interface, and can be filtered as such." and next line works with VPN
> tag, but there are no lines "pass in ... tag VPN" in pf.conf before this
> part. Shall that be added to FAQ? I expect, that switch from "set skip on
> enc0" to "pass in ... tag VPN" will be better in my case.
> 
> If someone with IPsec experiences will propose changes to FAQ17, then I
> also noted:
> 
> In "road warrior" part, there is "We'll assume the public IP for the
> client is 203.0.113.2.", but the example uses "any".

I think any is the better choice here. This would allow other clients
to connect to the same server (if they have a valid key) which is probably
what most people want.

> 
> I think, that word "daemon" is better then "server" here: 
> 
> The ikectl(8) utility is used to control the server,

Agree

> 
> I want to extend my IKEv2 Site-to-site VPN with road warrior
> configuration. If the road warrior part will include few lines about,
> how to extend responder to handle both site-to-site and road warrior, it
> will be very helpful.

Are you thinking of an example with multiple "ikev2 ..." blocks or a comment
mentioning that you can have multiple of those in the same config file?
Because that is technically all you need.

> 
> Thank you OpenBSD for IPsec and thank you for your support to let me
> configure it.
> 
> BR,
> Jiří
> 
> -- 
> Jiri Navratil, https://nocloud.cz
> 



Change userland core dump location

2023-08-23 Thread Johannes Thyssen Tishman
Hi everyone,

is there a way to configure a location to store userland core dumps?
I'd like to store them in /tmp to keep them available only until
the next reboot. This way I can avoid having core dumps, that
sometimes I don't even know about, scattered all over my home
directory.

I've read about 'sysctl kern.nosuidcoredump' in sysctl(8), but I
believe files stored under /var/crash/${program} are persistent
after reboots, right? Also, I know I can disable them from
/etc/login.conf, but I'd prefer to keep them at least until the
next reboot just in case.

I'm sure that there must be a reason for why OpenBSD defaults to
dumping core files like it does, so please let me know if what I'm
asking is a bad idea. I would really appreciate it.

Thank you.

Kind regards,
Johannes



Re: Dokuwiki

2023-08-23 Thread Mike Fischer


> Am 23.08.2023 um 19:16 schrieb latin...@vcn.bc.ca:

> I found the error, it is not OpenBSD, the first page after installation is
> in English, but if i change language to es, the link does not go to the
> wiki; it goes to the information web page.
> 
> Thanks.

Too little information to follow that. But I’m glad your initial issue seems to 
be fixed.


@Stuart:

> Am 23.08.2023 um 13:37 schrieb Stuart Henderson :
> 
> That would be a bug in the port, I'll fix it.

Thanks. I just verified that this issue exists in dokuwiki-2022.07.31ap0 and in 
dokuwiki-2023.04.04 in snapshots.

If you are touching this port, snapshots contains dokuwiki-2023.04.04, but 
Dokuwiki 2023-04-04a has been released a while ago.


Mike



Re: Dokuwiki

2023-08-23 Thread prx
See also https://www.dokuwiki.org/install:openbsd

Le 23 août 2023 19:16:27 GMT+02:00, latin...@vcn.bc.ca a écrit :
>>
>>> Am 23.08.2023 um 00:45 schrieb latin...@vcn.bc.ca:
>>>
>>> Hello
>>>
>>> I have installed dokuwiki on OBSD 7.3, but i can not run install.php
>>> from
>>> my Browser.
>>>
>>> php 8.1 is running.
>>>
>>> Permissions after installation:
>>>
>>> ls -la /var/www/dokuwiki/
>>> total 240
>>> drwxr-xr-x   8 root  daemon512 Aug 22 22:20 .
>>> drwxr-xr-x  13 root  daemon512 Aug 22 09:32 ..
>>> -rw-r--r--   1 root  daemon   1688 Aug 22 22:20 .htaccess
>>> -rw-r--r--   1 root  bin  1688 Sep  3  2022 .htaccess.dist
>>> -rw-r--r--   1 root  bin 18092 Sep  3  2022 COPYING
>>> -rw-r--r--   1 root  bin   308 Sep  3  2022 README
>>> -rw-r--r--   1 root  bin   918 Sep  3  2022 SECURITY.md
>>> -rw-r--r--   1 root  bin19 Sep  3  2022 VERSION
>>> drwxr-xr-x   2 root  daemon512 Aug 22 22:20 bin
>>> -rw-r--r--   1 root  bin  1356 Sep  3  2022 composer.json
>>> -rw-r--r--   1 root  bin 22553 Sep  3  2022 composer.lock
>>> drwxr-xr-x   2 www   daemon512 Aug 22 22:20 conf
>>> drwxr-xr-x  13 www   daemon512 Aug 22 22:20 data
>>> -rw-r--r--   1 root  bin  3644 Sep  3  2022 doku.php
>>> -rw-r--r--   1 root  bin 20010 Sep  3  2022 feed.php
>>> drwxr-xr-x  22 root  daemon   1536 Aug 22 22:20 inc
>>> -rw-r--r--   1 root  bin  2537 Sep  3  2022 index.php
>>> -rwxr-xr-x   1 root  bin 20741 Sep  3  2022 install.php
>>> drwxr-xr-x   8 root  daemon512 Aug 22 22:20 lib
>>> drwxr-xr-x  11 root  daemon512 Aug 22 22:20 vendor
>>>
>>> Browser message:
>>>
>>> DokuWiki Setup Error
>>>
>>> The logdir ('log') at ./data/log is not found, isn't accessible or
>>> writable. You should check your config and permission settings. Or maybe
>>> you want to run the installer?
>>>
>>>
>>> What could be wrong please?
>>
>> For DokuWiki to be able to run the install.php script the web browser (or
>> more precisely PHP as running from the web browser) needs to have certain
>> permissions.
>>
>> Generally the web browser (and PHP) will run as user www. So in order for
>> the ./data/log directory to be used permissions need to allow the creation
>> files and directories therein. The default package install currently does
>> this however:
>>  2 drwxr-xr-x   2 root  daemon512 Jul 26 00:52 log/
>>
>> Just chown www ./data/log and it should work.
>>
>> See also: https://www.dokuwiki.org/install:permissions
>>
>> HTH
>> Mike
>>
>
>I found the error, it is not OpenBSD, the first page after installation is
>in English, but if i change language to es, the link does not go to the
>wiki; it goes to the information web page.
>
>Thanks.
>



Re: heck of a long time

2023-08-23 Thread Evan Silberman
I would be sad if “heck of a long time” were not on the homepage anymore. It’s 
a good phrase!



Re: heck of a long time

2023-08-23 Thread Luke A. Call
On 2023-08-23 18:06:47+0200, Peter N. M. Hansteen  wrote:
> On Wed, Aug 23, 2023 at 01:41:31PM +0200, Peter J. Philipp wrote:
> > If this is a sensitive topic I apologize ahead of time.
> > I'm wondering... can we have a change in the OpenBSD front page (to say):
> > "Only two remote holes in the default install, in more than 26 years!"
> 
> So a less maintenance intensive version might be
> "Only two remote holes in the default install, in more than a quarter 
> century!"
> Then again, this is entirely up to those who maintain the website.

Or simply, "...since 1995!" (or 1996, whatever it should be).

I find that impressive, and practically zero maintenance.



Re: heck of a long time

2023-08-23 Thread chohag
Peter N. M. Hansteen writes:
> On Wed, Aug 23, 2023 at 01:41:31PM +0200, Peter J. Philipp wrote:
> > 
> > If this is a sensitive topic I apologize ahead of time.
> > 
> > I'm wondering... can we have a change in the OpenBSD front page (to say):
> > 
> > "Only two remote holes in the default install, in more than 26 years!"
>
> With a value that specific (26 years) there might be nagging for updates 
> every two releases (once per year).

Minimal maintenance version:

Only two remote holes in its long history ... so far.

Matthew



Re: Dokuwiki

2023-08-23 Thread latincom
>
>> Am 23.08.2023 um 00:45 schrieb latin...@vcn.bc.ca:
>>
>> Hello
>>
>> I have installed dokuwiki on OBSD 7.3, but i can not run install.php
>> from
>> my Browser.
>>
>> php 8.1 is running.
>>
>> Permissions after installation:
>>
>> ls -la /var/www/dokuwiki/
>> total 240
>> drwxr-xr-x   8 root  daemon512 Aug 22 22:20 .
>> drwxr-xr-x  13 root  daemon512 Aug 22 09:32 ..
>> -rw-r--r--   1 root  daemon   1688 Aug 22 22:20 .htaccess
>> -rw-r--r--   1 root  bin  1688 Sep  3  2022 .htaccess.dist
>> -rw-r--r--   1 root  bin 18092 Sep  3  2022 COPYING
>> -rw-r--r--   1 root  bin   308 Sep  3  2022 README
>> -rw-r--r--   1 root  bin   918 Sep  3  2022 SECURITY.md
>> -rw-r--r--   1 root  bin19 Sep  3  2022 VERSION
>> drwxr-xr-x   2 root  daemon512 Aug 22 22:20 bin
>> -rw-r--r--   1 root  bin  1356 Sep  3  2022 composer.json
>> -rw-r--r--   1 root  bin 22553 Sep  3  2022 composer.lock
>> drwxr-xr-x   2 www   daemon512 Aug 22 22:20 conf
>> drwxr-xr-x  13 www   daemon512 Aug 22 22:20 data
>> -rw-r--r--   1 root  bin  3644 Sep  3  2022 doku.php
>> -rw-r--r--   1 root  bin 20010 Sep  3  2022 feed.php
>> drwxr-xr-x  22 root  daemon   1536 Aug 22 22:20 inc
>> -rw-r--r--   1 root  bin  2537 Sep  3  2022 index.php
>> -rwxr-xr-x   1 root  bin 20741 Sep  3  2022 install.php
>> drwxr-xr-x   8 root  daemon512 Aug 22 22:20 lib
>> drwxr-xr-x  11 root  daemon512 Aug 22 22:20 vendor
>>
>> Browser message:
>>
>> DokuWiki Setup Error
>>
>> The logdir ('log') at ./data/log is not found, isn't accessible or
>> writable. You should check your config and permission settings. Or maybe
>> you want to run the installer?
>>
>>
>> What could be wrong please?
>
> For DokuWiki to be able to run the install.php script the web browser (or
> more precisely PHP as running from the web browser) needs to have certain
> permissions.
>
> Generally the web browser (and PHP) will run as user www. So in order for
> the ./data/log directory to be used permissions need to allow the creation
> files and directories therein. The default package install currently does
> this however:
>  2 drwxr-xr-x   2 root  daemon512 Jul 26 00:52 log/
>
> Just chown www ./data/log and it should work.
>
> See also: https://www.dokuwiki.org/install:permissions
>
> HTH
> Mike
>

I found the error, it is not OpenBSD, the first page after installation is
in English, but if i change language to es, the link does not go to the
wiki; it goes to the information web page.

Thanks.



Re: heck of a long time

2023-08-23 Thread Peter N. M. Hansteen
On Wed, Aug 23, 2023 at 01:41:31PM +0200, Peter J. Philipp wrote:
> 
> If this is a sensitive topic I apologize ahead of time.
> 
> I'm wondering... can we have a change in the OpenBSD front page (to say):
> 
> "Only two remote holes in the default install, in more than 26 years!"

With a value that specific (26 years) there might be nagging for updates 
every two releases (once per year).

So a less maintenance intensive version might be

"Only two remote holes in the default install, in more than a quarter century!"

Then again, this is entirely up to those who maintain the website.

All the best,
Peter 

-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/
"Remember to set the evil bit on all malicious network traffic"
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.



heck of a long time

2023-08-23 Thread Peter J. Philipp
Hi,

If this is a sensitive topic I apologize ahead of time.

I'm wondering... can we have a change in the OpenBSD front page (to say):

"Only two remote holes in the default install, in more than 26 years!"

I reason this with peter-math(tm)**

1. We switched to "heck of a long time" 14 years ago for the 4.5 Release.
2. We switched to "Only one remote hole.. in more than 10 years" on Sept. 26,
2006, which was 16 years ago.
(https://cvsweb.openbsd.org/cgi-bin/cvsweb/www/index.html.diff?r1=1.533&r2=1.534&f=h)

So by that reasoning.  16 years + more than 10 years == > 26 years.  Another
thing that could be done is to wait a year and say "No hole in the default 
install, in more than 15 years", (see [1])  This looks very good and may be 
worth waiting for.


Best Regards,
-peter


** prone to flaws, self-admittedly.

-- 
Over thirty years experience on Unix-like Operating Systems starting with QNX.



Re: Dokuwiki

2023-08-23 Thread Stuart Henderson
On 2023-08-22, Mike Fischer  wrote:
>
>> Am 23.08.2023 um 00:45 schrieb latin...@vcn.bc.ca:
>> 
>> Hello
>> 
>> I have installed dokuwiki on OBSD 7.3, but i can not run install.php from
>> my Browser.
>> 
>> php 8.1 is running.
>> 
>> Permissions after installation:
>> 
>> ls -la /var/www/dokuwiki/
>> total 240
>> drwxr-xr-x   8 root  daemon512 Aug 22 22:20 .
>> drwxr-xr-x  13 root  daemon512 Aug 22 09:32 ..
>> -rw-r--r--   1 root  daemon   1688 Aug 22 22:20 .htaccess
>> -rw-r--r--   1 root  bin  1688 Sep  3  2022 .htaccess.dist
>> -rw-r--r--   1 root  bin 18092 Sep  3  2022 COPYING
>> -rw-r--r--   1 root  bin   308 Sep  3  2022 README
>> -rw-r--r--   1 root  bin   918 Sep  3  2022 SECURITY.md
>> -rw-r--r--   1 root  bin19 Sep  3  2022 VERSION
>> drwxr-xr-x   2 root  daemon512 Aug 22 22:20 bin
>> -rw-r--r--   1 root  bin  1356 Sep  3  2022 composer.json
>> -rw-r--r--   1 root  bin 22553 Sep  3  2022 composer.lock
>> drwxr-xr-x   2 www   daemon512 Aug 22 22:20 conf
>> drwxr-xr-x  13 www   daemon512 Aug 22 22:20 data
>> -rw-r--r--   1 root  bin  3644 Sep  3  2022 doku.php
>> -rw-r--r--   1 root  bin 20010 Sep  3  2022 feed.php
>> drwxr-xr-x  22 root  daemon   1536 Aug 22 22:20 inc
>> -rw-r--r--   1 root  bin  2537 Sep  3  2022 index.php
>> -rwxr-xr-x   1 root  bin 20741 Sep  3  2022 install.php
>> drwxr-xr-x   8 root  daemon512 Aug 22 22:20 lib
>> drwxr-xr-x  11 root  daemon512 Aug 22 22:20 vendor
>> 
>> Browser message:
>> 
>> DokuWiki Setup Error
>> 
>> The logdir ('log') at ./data/log is not found, isn't accessible or
>> writable. You should check your config and permission settings. Or maybe
>> you want to run the installer?
>> 
>> 
>> What could be wrong please?
>
> For DokuWiki to be able to run the install.php script the web browser (or 
> more precisely PHP as running from the web browser) needs to have certain 
> permissions.
>
> Generally the web browser (and PHP) will run as user www. So in order for the 
> ./data/log directory to be used permissions need to allow the creation files 
> and directories therein. The default package install currently does this 
> however:
>  2 drwxr-xr-x   2 root  daemon512 Jul 26 00:52 log/

That would be a bug in the port, I'll fix it.


> Just chown www ./data/log and it should work.
>
> See also: https://www.dokuwiki.org/install:permissions
>
> HTH
> Mike
>
>


-- 
Please keep replies on the mailing list.



Re: IPsec over PPPoE

2023-08-23 Thread Jiri Navratil
Hello,

Thank you for quick and helpful replies.

Adding line

set skip on enc0  

to pf.conf enabled traffic between my sites.

I see in https://www.openbsd.org/faq/faq17.html

"Traffic between them should appear after decapsulation on the enc0
interface, and can be filtered as such." and next line works with VPN
tag, but there are no lines "pass in ... tag VPN" in pf.conf before this
part. Shall that be added to FAQ? I expect, that switch from "set skip on
enc0" to "pass in ... tag VPN" will be better in my case.

If someone with IPsec experiences will propose changes to FAQ17, then I
also noted:

In "road warrior" part, there is "We'll assume the public IP for the
client is 203.0.113.2.", but the example uses "any".

I think, that word "daemon" is better then "server" here: 

The ikectl(8) utility is used to control the server,

I want to extend my IKEv2 Site-to-site VPN with road warrior
configuration. If the road warrior part will include few lines about,
how to extend responder to handle both site-to-site and road warrior, it
will be very helpful.

Thank you OpenBSD for IPsec and thank you for your support to let me
configure it.

BR,
Jiří

-- 
Jiri Navratil, https://nocloud.cz