Re: Replace sendmail with qmail?
Matthew Dempsky schrieb: Is there any interest in replacing sendmail with it to remove another component from the src/gnu/ hierarchy? No. In ports yes, in base no. I don't see any advantage switching from sendmail to qmail. ...and yes, i know qmail. It was the first mailserver i get in touch with and used it for several years. But after qmail and (later) postfix, i'm nowadays using sendmail as prefered server. -- Ralph
Re: OpenBSD-Entwickler wollten kritische Lu:cke kleinreden
Lars Hansson wrote: And for the majority of the worlds population that doesn't speak German this says exactly what? http://www.heise-security.co.uk/news/86757
Re: OpenBSD isakmpd connectivity problem (or misunderstanding?)
Tonnerre LOMBARD schrieb: Salut, I have a problem with direct connection of two servers using IPsec. The IKE key exchange always comes up, but then it seems that both the routing and the encryption go entirely wrong. The host exchange their internal addresses (10.16.1.1 and 10.1.1.1) as ID tokens for phase 2. However, if I try to ping 10.16.1.1 from 10.1.1.1, the packets go out the external interface - unencrypted. You realy do a ping -I 10.1.1.1 10.16.1.1 or only a ping 10.16.1.1? You must have the 10.1.1.1 as source ip. A normal ping on the gateway ueses the external ip as source! If, however, I replace the ID tokens with the corresponding IP subnets (10.16.0.0/16 and 10.1.0.0/16), I get an even more weird effect: * 10.16.0.0/16 can communicate with 10.1.0.0/16 just fine * 10.1.0.0/16 can communicate with 10.16.0.0/16 just as well * 10.16.1.1 can not reach 10.1.0.0/16, however, people in 10.1.0.0/16 can connect to 10.16.1.1 just fine * 10.1.1.1 can not reach 10.16.0.0/16, however, people in 10.16.0.0/16 can connect to 10.1.1.1 just fine Sound like the same problem :) Ralph
Re: OpenBSD isakmpd connectivity problem (or misunderstanding?)
Tonnerre LOMBARD wrote: You must have the 10.1.1.1 as source ip. A normal ping on the gateway ueses the external ip as source! Yes, this one works so far. However, how would one configure this statically? Is there any way other than route add -host 10.1.1.1 10.16.1.1 ? I know no way of configure this as a default. And I dont think the route will do what you want. But most tools have a option to set the address to bind. (i.e. ssh -b address; ping -I address) Most applications like named, sendmail, apache have also a configuration option to select the bind address. Maybe another way is setting up a second tunnel to encrypt the traffic between the two outside interfaces of your gatways. Ralph
Re: OpenBSD isakmpd connectivity problem (or misunderstanding?)
I wrote: Maybe another way is setting up a second tunnel to encrypt the traffic between the two outside interfaces of your gatways. If you are using 4.0 then it is worth reading the manpage of ipsec.onf(5). It has greatly improved since 3.9 and there is almost no need to use isakmpd.conf/isakmpd.policy. In your case, maybe a: ike esp from ourside-gw1 to outside-gw2 ike esp from 10.16.0.0/16 to 10.1.0.0/16 peer outside-gw2 in the first gatways ipsec.conf and a corresponding configuration on the second gatway will do the work. Ralph -- --- Ralph Gessner PGP: RSA:0xAEB9DC31 S/MIME: [EMAIL PROTECTED] DSS:0x566405B9 http://www.shryke.de/ca[EMAIL PROTECTED] --
Re: OpenBSD 4.0 sparc64
Ikmal Ahmad schrieb: Hi all, Based on http://www.openbsd.org.my/sparc64.html, seem that OpenBSD can install on Sun Blade 100/150 machine. I have this problem when do disk installation on Blade 100. Below is the error. ok boot disk /bsd Boot device: /[EMAIL PROTECTED],0/[EMAIL PROTECTED]/[EMAIL PROTECTED],0 File and args: /bsd ERROR: Last Trap: Fast Data Access MMU Miss Looks like there is nothing usefull on your disk... What do you mean with disk installation? Booting for an installation FROM a disk? Then copy miniroot40.fs with dd(1) to the disk. (http://www.openbsd.org/sparc64.html#install) Or better(usually a Blade 100 has a cdrom drive) boot from cdrom. To get a boot-cd, you can buy a CD-Set (preferred) or take cd40.iso from a ftp-server. Ralph
Re: Problem when apply 001_httpd.patch
Maverick wrote: Hi i am trying to apply the 001 patch What i have done is cd /usr/src patch -p0 001_httpd.patch and i come back to me as: [SNIP] It's the same procedure on 4.0 as it was on 3.9 and it will still be in 4.1. You ask the the same question on 11/29/06 in Applying patch? regarding the sendmail patch for 3.9. Extract the sources to /usr/src, patch the source and rebuild. Do yourself a favor and read the FAQ! http://www.openbsd.org/faq/faq10.html#Patches Ralph