Need advice on “tcp proxy”
Hello misc! There is a good manual on OpenBSD faq about redirection and reflection, here it is: https://www.openbsd.org/faq/pf/rdr.html#tcpproxy I’m using nginx as tcp and udp proxy, but maybe there is another software, more suitable for this task? I need to redirect and reflect near 15 tcp ports and couple of udp. I know I can do this with only pf, but I switched to nginx intentionally, because this amount of ports made my pf config hard readable. Thank you in advance!
Re: Need advice on “tcp proxy”
On 02/03/2024 12:46, Kasak wrote: Hello misc! There is a good manual on OpenBSD faq about redirection and reflection, here it is: https://www.openbsd.org/faq/pf/rdr.html#tcpproxy I’m using nginx as tcp and udp proxy, but maybe there is another software, more suitable for this task? I need to redirect and reflect near 15 tcp ports and couple of udp. I know I can do this with only pf, but I switched to nginx intentionally, because this amount of ports made my pf config hard readable. Thank you in advance! You probably need relayd G
Pre-built images for embeded machines
Hello, Are there any plans for providing pre-built images to be used on embeded machines, like FreeBSD and NetBSD do? It would be nice to run OpenBSD directly from a SD card on the Raspberry Pi e.g. Regards, Martin
Re: Need advice on “tcp proxy”
> 3 марта 2024 г., в 00:46, Joel Wirāmu Pauling написал(а): > > ssh can work in tap VPN mode (ssh -w) and will tunnel udp fine ; I'm not > sure what you are trying to achieve but perhaps ssh tunnels might be an > option for your use case. You are probably better off setting up something > like wireguard, but in a pinch if the target and host already have ssh. > > https://wiki.archlinux.org/title/VPN_over_SSH > No, ssh tunnels is no-go for me. Remote hosts are windows, and they are mostly “wild” hosts. > > >> On Sun, 3 Mar 2024 at 07:26, Kasak wrote: >> >> >> >>> 2 марта 2024 г., в 21:05, Stuart Henderson >> написал(а): >>> >>> On 2024-03-02, Kasak wrote: Hello misc! There is a good manual on OpenBSD faq about redirection and >> reflection, here it is: https://www.openbsd.org/faq/pf/rdr.html#tcpproxy I’m using nginx as tcp and udp proxy, but maybe there is another >> software, more suitable for this task? I need to redirect and reflect near 15 tcp ports and couple of udp. I know I can do this with only pf, but I switched to nginx >> intentionally, because this amount of ports made my pf config hard readable. >>> >>> As far as TCP goes, haproxy is possibly a bit better suited. It >>> doesn't do UDP though (and unlikely to in a generic way, see >>> https://github.com/haproxy/haproxy/issues/62). >>> >>> Depending on which UDP protocols are used there might be better >>> alternatives though - for example if it's DNS then look at dnsdist. >>> UDP proxying in most cases needs to be protocol-aware. >>> >>> >> I’m afraid this is not dns, this is Rustdesk software and antivirus agent, >> and something else like this. >> Thank you anyway, I see there is not much options for me >> >>
Re: qwx0 / QCNFA765 Does 802.11g Only
On Sat, Mar 02, 2024 at 10:54:34PM -0500, Philippe Meunier wrote: > >Can you please show a beacon of this AP? > > > >One line from tcpdump this command while trying to associate to the AP should > >suffice: > > > > tcdump -n -i qwx0 -y IEEE802_11_RADIO -s 1500 -v wlan host > > 20:c0:47:bb:bc:4c > > > >I am looking for the field which lists the supported rates: > > > > ... rates 6M* 9M 12M* 18M 24M* 36M 48M 54M, ... > > > > Before, during, and after: > rates 6M* 9M 12M* 18M 24M* 36M 48M 54M, That looks fine. The AP can't be rejecting the client based on this standard basic rate set. So the rejection is likely indeed a way of saying "go away, you do not support 11n/11ac".
Re: Need advice on “tcp proxy”
ssh can work in tap VPN mode (ssh -w) and will tunnel udp fine ; I'm not sure what you are trying to achieve but perhaps ssh tunnels might be an option for your use case. You are probably better off setting up something like wireguard, but in a pinch if the target and host already have ssh. https://wiki.archlinux.org/title/VPN_over_SSH On Sun, 3 Mar 2024 at 07:26, Kasak wrote: > > > > 2 марта 2024 г., в 21:05, Stuart Henderson > написал(а): > > > > On 2024-03-02, Kasak wrote: > >> Hello misc! There is a good manual on OpenBSD faq about redirection and > reflection, here it is: https://www.openbsd.org/faq/pf/rdr.html#tcpproxy > >> > >> I’m using nginx as tcp and udp proxy, but maybe there is another > software, more suitable for this task? > >> I need to redirect and reflect near 15 tcp ports and couple of udp. > >> I know I can do this with only pf, but I switched to nginx > intentionally, because this amount of ports made my pf config hard readable. > > > > As far as TCP goes, haproxy is possibly a bit better suited. It > > doesn't do UDP though (and unlikely to in a generic way, see > > https://github.com/haproxy/haproxy/issues/62). > > > > Depending on which UDP protocols are used there might be better > > alternatives though - for example if it's DNS then look at dnsdist. > > UDP proxying in most cases needs to be protocol-aware. > > > > > I’m afraid this is not dns, this is Rustdesk software and antivirus agent, > and something else like this. > Thank you anyway, I see there is not much options for me > >
Re: Need advice on “tcp proxy”
On 2024-03-02, Kasak wrote: > Hello misc! There is a good manual on OpenBSD faq about redirection and > reflection, here it is: https://www.openbsd.org/faq/pf/rdr.html#tcpproxy > > I’m using nginx as tcp and udp proxy, but maybe there is another software, > more suitable for this task? > I need to redirect and reflect near 15 tcp ports and couple of udp. > I know I can do this with only pf, but I switched to nginx intentionally, > because this amount of ports made my pf config hard readable. As far as TCP goes, haproxy is possibly a bit better suited. It doesn't do UDP though (and unlikely to in a generic way, see https://github.com/haproxy/haproxy/issues/62). Depending on which UDP protocols are used there might be better alternatives though - for example if it's DNS then look at dnsdist. UDP proxying in most cases needs to be protocol-aware.
Re: Need advice on “tcp proxy”
> 2 марта 2024 г., в 21:05, Stuart Henderson > написал(а): > > On 2024-03-02, Kasak wrote: >> Hello misc! There is a good manual on OpenBSD faq about redirection and >> reflection, here it is: https://www.openbsd.org/faq/pf/rdr.html#tcpproxy >> >> I’m using nginx as tcp and udp proxy, but maybe there is another software, >> more suitable for this task? >> I need to redirect and reflect near 15 tcp ports and couple of udp. >> I know I can do this with only pf, but I switched to nginx intentionally, >> because this amount of ports made my pf config hard readable. > > As far as TCP goes, haproxy is possibly a bit better suited. It > doesn't do UDP though (and unlikely to in a generic way, see > https://github.com/haproxy/haproxy/issues/62). > > Depending on which UDP protocols are used there might be better > alternatives though - for example if it's DNS then look at dnsdist. > UDP proxying in most cases needs to be protocol-aware. > > I’m afraid this is not dns, this is Rustdesk software and antivirus agent, and something else like this. Thank you anyway, I see there is not much options for me
Re: Pre-built images for embeded machines
Odd Martin Baanrud wrote: > Are there any plans for providing pre-built images to be used on embeded > machines, like FreeBSD and NetBSD do? > It would be nice to run OpenBSD directly from a SD card on the Raspberry Pi > e.g. I'm not interested in building additional images which will be used incorrectly, but the biggest factor is the additional build time (on every snapshot), which will increase arm64 build time. It might be easy, but it is wrong.
Re: how to external encrypted drive that supports OpenBSD and FreeBSD?
Or you could use ext2fs, which is rw supported both on OpenBSD and FreeBSD, and is much more suitable than VFAT from a UNIX standpoint. FUSE is very slow on OpenBSD. Cheers, Noth On 01/03/2024 18:16, Stefan Kreutz wrote: Depending on your needs, you could use a FUSE-based solution like encfs. There are numerous alternatives such as gocryptfs, or ecryptfs but AFAIK they don't work with OpenBSD's FUSE implementation. Rclone supports encrypted remotes. Without FUSE you'd need to copy files manually, though. You could also have a look at VeraCrypt. On Fri, Mar 01, 2024 at 04:50:01PM -, beecdadd...@danwin1210.de wrote: hi list do you have any recommendation? internet can't find my answer drive is external usb and it has to be encrypted.. something that can also supports freeBSD is what I need fast solution is fat32, but how do I encrypt it? freebsd doesn't have softraid or bioctl
Re: Need advice on “tcp proxy”
> 2 марта 2024 г., в 19:17, Kapetanakis Giannis > написал(а): > > On 02/03/2024 16:50, Kasak wrote: >> 2 марта 2024 г., в 15:21, Kapetanakis Giannis написал(а): >>> >>> On 02/03/2024 12:46, Kasak wrote: Hello misc! There is a good manual on OpenBSD faq about redirection and reflection, here it is: https://www.openbsd.org/faq/pf/rdr.html#tcpproxy I’m using nginx as tcp and udp proxy, but maybe there is another software, more suitable for this task? I need to redirect and reflect near 15 tcp ports and couple of udp. I know I can do this with only pf, but I switched to nginx intentionally, because this amount of ports made my pf config hard readable. Thank you in advance! >>> You probably need relayd >>> >>> G >>> >> That was my first idea, but unfortunately relayd does not support udp. Or >> I’m wrong? > > I'm load balancing DNS UDP and TCP traffic quite fine with relayd redirects. > > Under the hood, relayd redirects do pf rdr-to but you also have checks for > backend servers. > > I'm not using relays which is full proxy, where the load balancer opens a new > connection to the backend server. > > G > Can I ask you last question before I ruin my setup? :) redirects do reflection? I mean, can local network hosts (lan hosts) use external address?
wsmouse, synaptics, xorg.conf, and Touchpad versus Touchscreen
Hi, I have a Thinkpad T14g3 (dmesg below), which has both a touchpad and a touchscreen (and also the red knob thing but I don't care about that one). When I start Xorg with no xorg.conf, I get the following in the logs (see at the end of this message for the complete logs); [...] [ 13275.950] (II) config/wscons: checking input device /dev/wskbd [ 13275.950] (II) wskbd: using layout us [ 13275.950] (II) LoadModule: "kbd" [ 13275.951] (II) Loading /usr/X11R6/lib/modules/input/kbd_drv.so [ 13275.951] (II) Module kbd: vendor="X.Org Foundation" [ 13275.951]compiled for 1.21.1.11, module version = 2.0.0 [ 13275.951]Module class: X.Org XInput Driver [ 13275.951]ABI class: X.Org XInput driver, version 24.4 [ 13275.951] (II) Using input driver 'kbd' for '/dev/wskbd' [ 13275.951] (**) /dev/wskbd: always reports core events [ 13275.951] (**) /dev/wskbd: always reports core events [ 13275.951] (**) Option "Protocol" "standard" [ 13275.951] (**) Option "XkbRules" "base" [ 13275.951] (**) Option "XkbModel" "pc105" [ 13275.951] (**) Option "XkbLayout" "us" [ 13275.951] (II) XINPUT: Adding extended input device "/dev/wskbd" (type: KEYBOARD, id 6) [ 13276.170] (II) config/wscons: checking input device /dev/wsmouse0 [ 13276.170] (II) LoadModule: "ws" [ 13276.172] (II) Loading /usr/X11R6/lib/modules/input/ws_drv.so [ 13276.172] (II) Module ws: vendor="X.Org Foundation" [ 13276.172]compiled for 1.21.1.11, module version = 1.3.0 [ 13276.172]Module class: X.Org XInput Driver [ 13276.172]ABI class: X.Org XInput driver, version 24.4 [ 13276.172] (II) Using input driver 'ws' for '/dev/wsmouse0' [ 13276.172] (**) /dev/wsmouse0: always reports core events [ 13276.172] (II) ws: /dev/wsmouse0: debuglevel 0 [ 13276.172] (**) Option "Device" "/dev/wsmouse0" [ 13276.172] (**) ws: /dev/wsmouse0: ZAxisMapping: buttons 4 and 5 [ 13276.172] (**) ws: /dev/wsmouse0: WAxisMapping: buttons 6 and 7 [ 13276.172] (**) ws: /dev/wsmouse0: associated screen: 0 [ 13276.390] (**) ws: /dev/wsmouse0: device will work in raw mode [ 13276.390] (II) ws: /dev/wsmouse0: minimum x position: 0 [ 13276.390] (II) ws: /dev/wsmouse0: maximum x position: 3168 [ 13276.390] (II) ws: /dev/wsmouse0: minimum y position: 0 [ 13276.390] (II) ws: /dev/wsmouse0: maximum y position: 1968 [ 13276.390] (==) ws: /dev/wsmouse0: Buttons: 7 [ 13276.391] (**) ws: /dev/wsmouse0: YAxisMapping: buttons 4 and 5 [ 13276.391] (II) XINPUT: Adding extended input device "/dev/wsmouse0" (type: TOUCHSCREEN, id 7) [ 13276.610] (**) /dev/wsmouse0: (accel) keeping acceleration scheme 1 [ 13276.610] (**) /dev/wsmouse0: (accel) acceleration profile 0 [ 13276.610] (**) /dev/wsmouse0: (accel) acceleration factor: 2.000 [ 13276.610] (**) /dev/wsmouse0: (accel) acceleration threshold: 4 [ 13276.610] (II) config/wscons: checking input device /dev/wsmouse [ 13276.610] (II) Using input driver 'ws' for '/dev/wsmouse' [ 13276.611] (**) /dev/wsmouse: always reports core events [ 13276.611] (II) ws: /dev/wsmouse: debuglevel 0 [ 13276.611] (**) Option "Device" "/dev/wsmouse" [ 13276.611] (**) ws: /dev/wsmouse: ZAxisMapping: buttons 4 and 5 [ 13276.611] (**) ws: /dev/wsmouse: WAxisMapping: buttons 6 and 7 [ 13276.611] (**) ws: /dev/wsmouse: associated screen: 0 [ 13276.892] (II) ws: /dev/wsmouse: minimum x position: 0 [ 13276.892] (II) ws: /dev/wsmouse: maximum x position: 1919 [ 13276.892] (II) ws: /dev/wsmouse: minimum y position: 0 [ 13276.892] (II) ws: /dev/wsmouse: maximum y position: 1199 [ 13276.892] (==) ws: /dev/wsmouse: Buttons: 7 [ 13276.896] (**) ws: /dev/wsmouse: YAxisMapping: buttons 4 and 5 [ 13276.896] (II) XINPUT: Adding extended input device "/dev/wsmouse" (type: MOUSE, id 8) [ 13277.172] (**) /dev/wsmouse: (accel) keeping acceleration scheme 1 [ 13277.172] (**) /dev/wsmouse: (accel) acceleration profile 0 [ 13277.172] (**) /dev/wsmouse: (accel) acceleration factor: 2.000 [ 13277.172] (**) /dev/wsmouse: (accel) acceleration threshold: 4 [ 13277.222] (II) modeset(0): Disabling kernel dirty updates, not required. Note how there's a keyboard and a touchscreen and a mouse but no touchpad. The touchpad does in fact work perfectly, and so does the touchscreen and the red knob thing, although I have no idea how that happens. My problem is that I would like to use the synaptics driver for the touchpad (for things like coasting). So I created the following xorg.conf: Section "InputClass" Identifier "wsmouse touchpad" Driver "synaptics" MatchIsTouchpad "on" EndSection which ends up doing absolutely nothing because MatchIsTouchpad does not match anything. Next I tried to use MatchIsTouchscreen instead, which did match, and did load the synaptics driver, but then I got a "Synaptics driver unable to detect protocol" error, the synaptics driver got immediately unloaded by Xorg, and the mouse ended up no working at all. Next I looked at the output of wsconsctl: # wsconsctl | egrep -i mouse wsconsctl: Use explicit arg to view keyboard.map.
Re: wsmouse, synaptics, xorg.conf, and Touchpad versus Touchscreen
First, did you try to disable AutoAddDevices before any change? Section "ServerFlags" Option "AutoAddDevices" "off" -Dan Philippe Meunier wrote: > Hi, > > I have a Thinkpad T14g3 (dmesg below), which has both a touchpad and a > touchscreen (and also the red knob thing but I don't care about that > one). > > When I start Xorg with no xorg.conf, I get the following in the logs > (see at the end of this message for the complete logs); > > [...] > Automatically adding devices [ 13275.735] (==) > Automatically enabling devices [ 13275.735] (==) Not automatically > adding GPU devices [ 13275.735] (==) Automatically binding GPU devices
Re: qwx0 / QCNFA765 Does 802.11g Only
Stefan Sperling wrote: >qwx works fine on my 11ac AP in 11a mode. This driver does not yet >support 11n/11ac modes, and adding such support will require a big >chunk of further development time, it won't be ready for 7.5. Okay, thanks, good to know. >Does your AP have support for "legacy 11a/b/g" clients disabled somehow? >Some APs advertise such options for performance in their config and may >need to be disabled to make it work. I don't have control over the AP, my landlord does... I'll try to have a look. Otherwise I'll just stick with 11g until 11n/11ac is supported. >Can you please show a beacon of this AP? > >One line from tcpdump this command while trying to associate to the AP should >suffice: > > tcdump -n -i qwx0 -y IEEE802_11_RADIO -s 1500 -v wlan host 20:c0:47:bb:bc:4c > >I am looking for the field which lists the supported rates: > > ... rates 6M* 9M 12M* 18M 24M* 36M 48M 54M, ... > Before, during, and after: 22:21:27.027345 802.11 flags=0<>: beacon, caps=10421, ssid (Fios-RSXPW-5G), rates 6M* 9M 12M* 18M 24M* 36M 48M 54M, tim 0x0001, country 'US ', channel 36 limit 30dB, channel 40 limit 30dB, channel 44 limit 30dB, channel 48 limit 30dB, channel 52 limit 24dB, channel 56 limit 24dB, channel 60 limit 24dB, channel 64 limit 24dB, channel 100 limit 24dB, channel 104 limit 24dB, channel 108 limit 24dB, channel 112 limit 24dB, channel 116 limit 24dB, channel 132 limit 24dB, channel 136 limit 24dB, channel 140 limit 24dB, channel 144 limit 24dB, channel 149 limit 30dB, channel 153 limit 30dB, channel 157 limit 30dB, channel 161 limit 30dB, channel 165 limit 30dB, power constraint 0dB, tpcreport 0x1100, rsn=, 1 stations, 23% utilization, admission capacity 0us/s, 70:5 0x03, htcaps=<20/40MHz,LDPC,SGI@20MHz,SGI@40MHz,TXSTBC,RXSTBC 1 stream,A-MSDU 7935,A-MPDU max 65535,A-MPDU spacing 8.00us,RxMCS 0xff00>, htop=<40MHz chan 40:36,RIFS,htprot none,non-greenfield STA,basic MCS set 0x>, 127:8 0x04000840, vhtcaps=, vhtop=<80MHz chan,center chan 42,basic MCS set 0-7@1SS 0-7@2SS 0-7@3SS 0-7@4SS 0-7@5SS 0-7@6SS 0-7@7SS>, 195:4 0x02020202, vendor 0x0050f204104a000110104400010210470010a824e8f8fa487650a3b58fa9b1544952103c0001031049000600372a000120, vendor 0x0010180201001c, vendor 0x0050f2020101840003a427a442435e0062322f00 22:21:30.011040 802.11 flags=0<>: authentication request 22:21:30.013709 802.11 flags=0<>: authentication response 22:21:30.013714 802.11 flags=0<>: association request, caps=2001, ssid (Fios-RSXPW-5G), rates 6M* 9M 12M* 18M 24M* 36M 48M 54M, rsn= 22:21:30.015636 802.11 flags=8: association response 22:21:30.099538 802.11 flags=0<>: beacon, caps=10421, ssid (Fios-RSXPW-5G), rates 6M* 9M 12M* 18M 24M* 36M 48M 54M, tim 0x0001, country 'US ', channel 36 limit 30dB, channel 40 limit 30dB, channel 44 limit 30dB, channel 48 limit 30dB, channel 52 limit 24dB, channel 56 limit 24dB, channel 60 limit 24dB, channel 64 limit 24dB, channel 100 limit 24dB, channel 104 limit 24dB, channel 108 limit 24dB, channel 112 limit 24dB, channel 116 limit 24dB, channel 132 limit 24dB, channel 136 limit 24dB, channel 140 limit 24dB, channel 144 limit 24dB, channel 149 limit 30dB, channel 153 limit 30dB, channel 157 limit 30dB, channel 161 limit 30dB, channel 165 limit 30dB, power constraint 0dB, tpcreport 0x1100, rsn=, 1 stations, 20% utilization, admission capacity 0us/s, 70:5 0x03, htcaps=<20/40MHz,LDPC,SGI@20MHz,SGI@40MHz,TXSTBC,RXSTBC 1 stream,A-MSDU 7935,A-MPDU max 65535,A-MPDU spacing 8.00us,RxMCS 0xff00>, htop=<40MHz chan 40:36,RIFS,htprot none,non-greenfield STA,basic MCS set 0x>, 127:8 0x04000840, vhtcaps=, vhtop=<80MHz chan,center chan 42,basic MCS set 0-7@1SS 0-7@2SS 0-7@3SS 0-7@4SS 0-7@5SS 0-7@6SS 0-7@7SS>, 195:4 0x02020202, vendor 0x0050f204104a000110104400010210470010a824e8f8fa487650a3b58fa9b1544952103c0001031049000600372a000120, vendor 0x0010180201001c, vendor 0x0050f2020101840003a427a442435e0062322f00 Thanks for your help! Philippe