Re: IPsec over PPPoE
On Wed, Aug 23, 2023 at 08:03:34AM +0200, Jiri Navratil wrote: > Hello, > > Thank you for quick and helpful replies. > > Adding line > > set skip on enc0 > > to pf.conf enabled traffic between my sites. > > I see in https://www.openbsd.org/faq/faq17.html > > "Traffic between them should appear after decapsulation on the enc0 > interface, and can be filtered as such." and next line works with VPN > tag, but there are no lines "pass in ... tag VPN" in pf.conf before this > part. Shall that be added to FAQ? I expect, that switch from "set skip on > enc0" to "pass in ... tag VPN" will be better in my case. > > If someone with IPsec experiences will propose changes to FAQ17, then I > also noted: > > In "road warrior" part, there is "We'll assume the public IP for the > client is 203.0.113.2.", but the example uses "any". I think any is the better choice here. This would allow other clients to connect to the same server (if they have a valid key) which is probably what most people want. > > I think, that word "daemon" is better then "server" here: > > The ikectl(8) utility is used to control the server, Agree > > I want to extend my IKEv2 Site-to-site VPN with road warrior > configuration. If the road warrior part will include few lines about, > how to extend responder to handle both site-to-site and road warrior, it > will be very helpful. Are you thinking of an example with multiple "ikev2 ..." blocks or a comment mentioning that you can have multiple of those in the same config file? Because that is technically all you need. > > Thank you OpenBSD for IPsec and thank you for your support to let me > configure it. > > BR, > Jiří > > -- > Jiri Navratil, https://nocloud.cz >
Change userland core dump location
Hi everyone, is there a way to configure a location to store userland core dumps? I'd like to store them in /tmp to keep them available only until the next reboot. This way I can avoid having core dumps, that sometimes I don't even know about, scattered all over my home directory. I've read about 'sysctl kern.nosuidcoredump' in sysctl(8), but I believe files stored under /var/crash/${program} are persistent after reboots, right? Also, I know I can disable them from /etc/login.conf, but I'd prefer to keep them at least until the next reboot just in case. I'm sure that there must be a reason for why OpenBSD defaults to dumping core files like it does, so please let me know if what I'm asking is a bad idea. I would really appreciate it. Thank you. Kind regards, Johannes
Re: Dokuwiki
> Am 23.08.2023 um 19:16 schrieb latin...@vcn.bc.ca: > I found the error, it is not OpenBSD, the first page after installation is > in English, but if i change language to es, the link does not go to the > wiki; it goes to the information web page. > > Thanks. Too little information to follow that. But I’m glad your initial issue seems to be fixed. @Stuart: > Am 23.08.2023 um 13:37 schrieb Stuart Henderson : > > That would be a bug in the port, I'll fix it. Thanks. I just verified that this issue exists in dokuwiki-2022.07.31ap0 and in dokuwiki-2023.04.04 in snapshots. If you are touching this port, snapshots contains dokuwiki-2023.04.04, but Dokuwiki 2023-04-04a has been released a while ago. Mike
Re: Dokuwiki
See also https://www.dokuwiki.org/install:openbsd Le 23 août 2023 19:16:27 GMT+02:00, latin...@vcn.bc.ca a écrit : >> >>> Am 23.08.2023 um 00:45 schrieb latin...@vcn.bc.ca: >>> >>> Hello >>> >>> I have installed dokuwiki on OBSD 7.3, but i can not run install.php >>> from >>> my Browser. >>> >>> php 8.1 is running. >>> >>> Permissions after installation: >>> >>> ls -la /var/www/dokuwiki/ >>> total 240 >>> drwxr-xr-x 8 root daemon512 Aug 22 22:20 . >>> drwxr-xr-x 13 root daemon512 Aug 22 09:32 .. >>> -rw-r--r-- 1 root daemon 1688 Aug 22 22:20 .htaccess >>> -rw-r--r-- 1 root bin 1688 Sep 3 2022 .htaccess.dist >>> -rw-r--r-- 1 root bin 18092 Sep 3 2022 COPYING >>> -rw-r--r-- 1 root bin 308 Sep 3 2022 README >>> -rw-r--r-- 1 root bin 918 Sep 3 2022 SECURITY.md >>> -rw-r--r-- 1 root bin19 Sep 3 2022 VERSION >>> drwxr-xr-x 2 root daemon512 Aug 22 22:20 bin >>> -rw-r--r-- 1 root bin 1356 Sep 3 2022 composer.json >>> -rw-r--r-- 1 root bin 22553 Sep 3 2022 composer.lock >>> drwxr-xr-x 2 www daemon512 Aug 22 22:20 conf >>> drwxr-xr-x 13 www daemon512 Aug 22 22:20 data >>> -rw-r--r-- 1 root bin 3644 Sep 3 2022 doku.php >>> -rw-r--r-- 1 root bin 20010 Sep 3 2022 feed.php >>> drwxr-xr-x 22 root daemon 1536 Aug 22 22:20 inc >>> -rw-r--r-- 1 root bin 2537 Sep 3 2022 index.php >>> -rwxr-xr-x 1 root bin 20741 Sep 3 2022 install.php >>> drwxr-xr-x 8 root daemon512 Aug 22 22:20 lib >>> drwxr-xr-x 11 root daemon512 Aug 22 22:20 vendor >>> >>> Browser message: >>> >>> DokuWiki Setup Error >>> >>> The logdir ('log') at ./data/log is not found, isn't accessible or >>> writable. You should check your config and permission settings. Or maybe >>> you want to run the installer? >>> >>> >>> What could be wrong please? >> >> For DokuWiki to be able to run the install.php script the web browser (or >> more precisely PHP as running from the web browser) needs to have certain >> permissions. >> >> Generally the web browser (and PHP) will run as user www. So in order for >> the ./data/log directory to be used permissions need to allow the creation >> files and directories therein. The default package install currently does >> this however: >> 2 drwxr-xr-x 2 root daemon512 Jul 26 00:52 log/ >> >> Just chown www ./data/log and it should work. >> >> See also: https://www.dokuwiki.org/install:permissions >> >> HTH >> Mike >> > >I found the error, it is not OpenBSD, the first page after installation is >in English, but if i change language to es, the link does not go to the >wiki; it goes to the information web page. > >Thanks. >
Re: heck of a long time
I would be sad if “heck of a long time” were not on the homepage anymore. It’s a good phrase!
Re: heck of a long time
On 2023-08-23 18:06:47+0200, Peter N. M. Hansteen wrote: > On Wed, Aug 23, 2023 at 01:41:31PM +0200, Peter J. Philipp wrote: > > If this is a sensitive topic I apologize ahead of time. > > I'm wondering... can we have a change in the OpenBSD front page (to say): > > "Only two remote holes in the default install, in more than 26 years!" > > So a less maintenance intensive version might be > "Only two remote holes in the default install, in more than a quarter > century!" > Then again, this is entirely up to those who maintain the website. Or simply, "...since 1995!" (or 1996, whatever it should be). I find that impressive, and practically zero maintenance.
Re: heck of a long time
Peter N. M. Hansteen writes: > On Wed, Aug 23, 2023 at 01:41:31PM +0200, Peter J. Philipp wrote: > > > > If this is a sensitive topic I apologize ahead of time. > > > > I'm wondering... can we have a change in the OpenBSD front page (to say): > > > > "Only two remote holes in the default install, in more than 26 years!" > > With a value that specific (26 years) there might be nagging for updates > every two releases (once per year). Minimal maintenance version: Only two remote holes in its long history ... so far. Matthew
Re: Dokuwiki
> >> Am 23.08.2023 um 00:45 schrieb latin...@vcn.bc.ca: >> >> Hello >> >> I have installed dokuwiki on OBSD 7.3, but i can not run install.php >> from >> my Browser. >> >> php 8.1 is running. >> >> Permissions after installation: >> >> ls -la /var/www/dokuwiki/ >> total 240 >> drwxr-xr-x 8 root daemon512 Aug 22 22:20 . >> drwxr-xr-x 13 root daemon512 Aug 22 09:32 .. >> -rw-r--r-- 1 root daemon 1688 Aug 22 22:20 .htaccess >> -rw-r--r-- 1 root bin 1688 Sep 3 2022 .htaccess.dist >> -rw-r--r-- 1 root bin 18092 Sep 3 2022 COPYING >> -rw-r--r-- 1 root bin 308 Sep 3 2022 README >> -rw-r--r-- 1 root bin 918 Sep 3 2022 SECURITY.md >> -rw-r--r-- 1 root bin19 Sep 3 2022 VERSION >> drwxr-xr-x 2 root daemon512 Aug 22 22:20 bin >> -rw-r--r-- 1 root bin 1356 Sep 3 2022 composer.json >> -rw-r--r-- 1 root bin 22553 Sep 3 2022 composer.lock >> drwxr-xr-x 2 www daemon512 Aug 22 22:20 conf >> drwxr-xr-x 13 www daemon512 Aug 22 22:20 data >> -rw-r--r-- 1 root bin 3644 Sep 3 2022 doku.php >> -rw-r--r-- 1 root bin 20010 Sep 3 2022 feed.php >> drwxr-xr-x 22 root daemon 1536 Aug 22 22:20 inc >> -rw-r--r-- 1 root bin 2537 Sep 3 2022 index.php >> -rwxr-xr-x 1 root bin 20741 Sep 3 2022 install.php >> drwxr-xr-x 8 root daemon512 Aug 22 22:20 lib >> drwxr-xr-x 11 root daemon512 Aug 22 22:20 vendor >> >> Browser message: >> >> DokuWiki Setup Error >> >> The logdir ('log') at ./data/log is not found, isn't accessible or >> writable. You should check your config and permission settings. Or maybe >> you want to run the installer? >> >> >> What could be wrong please? > > For DokuWiki to be able to run the install.php script the web browser (or > more precisely PHP as running from the web browser) needs to have certain > permissions. > > Generally the web browser (and PHP) will run as user www. So in order for > the ./data/log directory to be used permissions need to allow the creation > files and directories therein. The default package install currently does > this however: > 2 drwxr-xr-x 2 root daemon512 Jul 26 00:52 log/ > > Just chown www ./data/log and it should work. > > See also: https://www.dokuwiki.org/install:permissions > > HTH > Mike > I found the error, it is not OpenBSD, the first page after installation is in English, but if i change language to es, the link does not go to the wiki; it goes to the information web page. Thanks.
Re: heck of a long time
On Wed, Aug 23, 2023 at 01:41:31PM +0200, Peter J. Philipp wrote: > > If this is a sensitive topic I apologize ahead of time. > > I'm wondering... can we have a change in the OpenBSD front page (to say): > > "Only two remote holes in the default install, in more than 26 years!" With a value that specific (26 years) there might be nagging for updates every two releases (once per year). So a less maintenance intensive version might be "Only two remote holes in the default install, in more than a quarter century!" Then again, this is entirely up to those who maintain the website. All the best, Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
heck of a long time
Hi, If this is a sensitive topic I apologize ahead of time. I'm wondering... can we have a change in the OpenBSD front page (to say): "Only two remote holes in the default install, in more than 26 years!" I reason this with peter-math(tm)** 1. We switched to "heck of a long time" 14 years ago for the 4.5 Release. 2. We switched to "Only one remote hole.. in more than 10 years" on Sept. 26, 2006, which was 16 years ago. (https://cvsweb.openbsd.org/cgi-bin/cvsweb/www/index.html.diff?r1=1.533&r2=1.534&f=h) So by that reasoning. 16 years + more than 10 years == > 26 years. Another thing that could be done is to wait a year and say "No hole in the default install, in more than 15 years", (see [1]) This looks very good and may be worth waiting for. Best Regards, -peter ** prone to flaws, self-admittedly. -- Over thirty years experience on Unix-like Operating Systems starting with QNX.
Re: Dokuwiki
On 2023-08-22, Mike Fischer wrote: > >> Am 23.08.2023 um 00:45 schrieb latin...@vcn.bc.ca: >> >> Hello >> >> I have installed dokuwiki on OBSD 7.3, but i can not run install.php from >> my Browser. >> >> php 8.1 is running. >> >> Permissions after installation: >> >> ls -la /var/www/dokuwiki/ >> total 240 >> drwxr-xr-x 8 root daemon512 Aug 22 22:20 . >> drwxr-xr-x 13 root daemon512 Aug 22 09:32 .. >> -rw-r--r-- 1 root daemon 1688 Aug 22 22:20 .htaccess >> -rw-r--r-- 1 root bin 1688 Sep 3 2022 .htaccess.dist >> -rw-r--r-- 1 root bin 18092 Sep 3 2022 COPYING >> -rw-r--r-- 1 root bin 308 Sep 3 2022 README >> -rw-r--r-- 1 root bin 918 Sep 3 2022 SECURITY.md >> -rw-r--r-- 1 root bin19 Sep 3 2022 VERSION >> drwxr-xr-x 2 root daemon512 Aug 22 22:20 bin >> -rw-r--r-- 1 root bin 1356 Sep 3 2022 composer.json >> -rw-r--r-- 1 root bin 22553 Sep 3 2022 composer.lock >> drwxr-xr-x 2 www daemon512 Aug 22 22:20 conf >> drwxr-xr-x 13 www daemon512 Aug 22 22:20 data >> -rw-r--r-- 1 root bin 3644 Sep 3 2022 doku.php >> -rw-r--r-- 1 root bin 20010 Sep 3 2022 feed.php >> drwxr-xr-x 22 root daemon 1536 Aug 22 22:20 inc >> -rw-r--r-- 1 root bin 2537 Sep 3 2022 index.php >> -rwxr-xr-x 1 root bin 20741 Sep 3 2022 install.php >> drwxr-xr-x 8 root daemon512 Aug 22 22:20 lib >> drwxr-xr-x 11 root daemon512 Aug 22 22:20 vendor >> >> Browser message: >> >> DokuWiki Setup Error >> >> The logdir ('log') at ./data/log is not found, isn't accessible or >> writable. You should check your config and permission settings. Or maybe >> you want to run the installer? >> >> >> What could be wrong please? > > For DokuWiki to be able to run the install.php script the web browser (or > more precisely PHP as running from the web browser) needs to have certain > permissions. > > Generally the web browser (and PHP) will run as user www. So in order for the > ./data/log directory to be used permissions need to allow the creation files > and directories therein. The default package install currently does this > however: > 2 drwxr-xr-x 2 root daemon512 Jul 26 00:52 log/ That would be a bug in the port, I'll fix it. > Just chown www ./data/log and it should work. > > See also: https://www.dokuwiki.org/install:permissions > > HTH > Mike > > -- Please keep replies on the mailing list.
Re: IPsec over PPPoE
Hello, Thank you for quick and helpful replies. Adding line set skip on enc0 to pf.conf enabled traffic between my sites. I see in https://www.openbsd.org/faq/faq17.html "Traffic between them should appear after decapsulation on the enc0 interface, and can be filtered as such." and next line works with VPN tag, but there are no lines "pass in ... tag VPN" in pf.conf before this part. Shall that be added to FAQ? I expect, that switch from "set skip on enc0" to "pass in ... tag VPN" will be better in my case. If someone with IPsec experiences will propose changes to FAQ17, then I also noted: In "road warrior" part, there is "We'll assume the public IP for the client is 203.0.113.2.", but the example uses "any". I think, that word "daemon" is better then "server" here: The ikectl(8) utility is used to control the server, I want to extend my IKEv2 Site-to-site VPN with road warrior configuration. If the road warrior part will include few lines about, how to extend responder to handle both site-to-site and road warrior, it will be very helpful. Thank you OpenBSD for IPsec and thank you for your support to let me configure it. BR, Jiří -- Jiri Navratil, https://nocloud.cz