On 2023-07-26, Lyndon Nerenberg (VE7TFX/VE6BBM) wrote:
> I need to set up an ipsec tunnel between a couple of ip6 networks,
> but I only have an ip4 path between the two gateways. I don't want
> any ip4 traffic inside the ipsec tunnel, so I'm a bit puzzled about
> how to set this up. Once I
I have an L2 tunnel ( eoip ) going across IPsec tunnel, I'm routing ip4 across
it.
You could try the same with ipv6.
diana
KI5PGJ
On July 25, 2023 8:07:16 PM MDT, "Lyndon Nerenberg (VE7TFX/VE6BBM)"
wrote:
>I need to set up an ipsec tunnel between a couple of ip6 networks,
>but I only have
I need to set up an ipsec tunnel between a couple of ip6 networks,
but I only have an ip4 path between the two gateways. I don't want
any ip4 traffic inside the ipsec tunnel, so I'm a bit puzzled about
how to set this up. Once I have the end-points up, can I just point
the ip6 traffic and routes
Stuart Henderson wrote:
> On 2023-07-25, Kevin wrote:
> > Regarding the Zenbleed vulnerability itself, none of our AMD hosts are
> > known to be vulnerable at this time as they are all running Milan and
> > later CPUs.
>
> rather than going with "none are known to be vulnerable" they should
>
Kevin wrote:
> Would this be worth putting a ticket into Vultr to get them to make
> appropriate
> updates on their side?
You are the customer.
On 2023-07-25, Kevin wrote:
> Regarding the Zenbleed vulnerability itself, none of our AMD hosts are
> known to be vulnerable at this time as they are all running Milan and
> later CPUs.
rather than going with "none are known to be vulnerable" they should
probably run the PoC program themselves
On 2023-07-25, Marcus MERIGHI wrote:
> Hello,
>
> steve.shock...@shockley.net (Steven Shockley), 2023.07.25 (Tue) 16:34 (CEST):
>> I have a machine with two ATA drives in a softraid mirror. For the Zen
>> patch, do I run installboot on just sd2 (the softraid volume) or also sd0
>> and sd1 (the
On 2023-07-25, Zack Newman wrote:
> On 7/25/23 06:03, Stuart Henderson wrote:
>> 217.169.18.56 is a network address (mask it out against the netmask,
>> the remaining "host bits" are all zeroes), you cannot use this (or the
>> broadcast address) as a host address
>
> I am sure you were not trying
On 2023/07/25 21:24, Johannes Thyssen Tishman wrote:
> Hi Stuart,
>
> > > 1. Could there be negative consequences of not running fw_update or
> > > installboot before reboot?
> >
> > It means that you don't get the microcode updates, if any are available
> > for your cpu.
>
> Until I run
Hi Stuart,
> > 1. Could there be negative consequences of not running fw_update or
> > installboot before reboot?
>
> It means that you don't get the microcode updates, if any are available
> for your cpu.
Until I run fw_update, installboot and reboot again right? To put it
differently, is the
>
> > Just applied the fix to the first affected AMD machine and all is well
> > again.
> >
> > Would this be worth putting a ticket into Vultr to get them to make
> > appropriate updates on their side?
>
> Yes (but I see you already did)
>
Here's the reply I got from Vultr about this:
Thank
Hello,
steve.shock...@shockley.net (Steven Shockley), 2023.07.25 (Tue) 16:34 (CEST):
> I have a machine with two ATA drives in a softraid mirror. For the Zen
> patch, do I run installboot on just sd2 (the softraid volume) or also sd0
> and sd1 (the physical disks)? Thanks.
# installboot -v
On Tue, Jul 25, 2023 at 10:42:25AM -0700, Kevin wrote:
> On Tue, Jul 25, 2023 at 7:42 AM Theo de Raadt wrote:
>
> > It seems some of the smaller hypervisor companies didn't get the memo,
> > and they are blocking the msr write to to set the chicken bit.
> >
> > They block it by raising an
I made a ticket with Vultr I believe they already know about it!
I just fucking love you guys.
Thank you.
Just applied the fix to the first affected AMD machine and all is well
again.
Would this be worth putting a ticket into Vultr to get them to make
appropriate updates on their side?
On Tue, Jul 25, 2023 at 06:08:00PM +0200, Karel Lucas wrote:
>
> Dear all,
>
> For a fresh install of openBSD, I want to mount an SD card or a USB stick on
> an existing openBSD install, but don't know which device name to use. Maybe
> someone can help me out?
>
You can check the device name
On Tue, Jul 25, 2023 at 7:42 AM Theo de Raadt wrote:
> It seems some of the smaller hypervisor companies didn't get the memo,
> and they are blocking the msr write to to set the chicken bit.
>
> They block it by raising an exception.
> They should IGNORE that bit if they allow setting it.
>
> I
Everything is working after the newest patch! Thank you all!
On 7/25/23 11:18 AM, Jag Talon wrote:
I ran into the same issue with the "2048.00 MB AMD High Performance, 2
vCPU" on my end. Fortunately I had a snapshot and I was able to roll
back.
Here's my dmesg output if that's helpful:
On Tue, 25 Jul 2023 18:08:00 +0200
Karel Lucas wrote:
> Dear all,
>
> For a fresh install of openBSD, I want to mount an SD card or a USB
> stick on an existing openBSD install, but don't know which device
> name to use. Maybe someone can help me out?
>
Hello,
a newbie trying to help a
On Mon, Jul 24, 2023 at 11:37:12PM -0700, Kevin wrote:
> After applying today's zenbleed patches and running fw_update and
> installboot -v sd0, ALL of our AMD servers running 7.3 at Vultr that
> were--as part of the patch process--rebooted are now dead in the water and
> won't boot.
>
I
An individual was kind enough to reach out and inform me that they
believe I should have not said "I am sure you were not trying to be
'technical'..." but instead "I am sure you were trying not to be
'technical'..." as the former sounded like I was suggesting Stuart was
giving bad advice by being
Dear all,
For a fresh install of openBSD, I want to mount an SD card or a USB
stick on an existing openBSD install, but don't know which device name
to use. Maybe someone can help me out?
I have a machine with two ATA drives in a softraid mirror. For the Zen
patch, do I run installboot on just sd2 (the softraid volume) or also
sd0 and sd1 (the physical disks)? Thanks.
On 7/25/23 06:03, Stuart Henderson wrote:
217.169.18.56 is a network address (mask it out against the netmask,
the remaining "host bits" are all zeroes), you cannot use this (or the
broadcast address) as a host address
I am sure you were not trying to be "technical"; but for people that
don't
I ran into the same issue with the "2048.00 MB AMD High Performance, 2
vCPU" on my end. Fortunately I had a snapshot and I was able to roll back.
Here's my dmesg output if that's helpful:
OpenBSD 7.3 (GENERIC.MP) #1125: Sat Mar 25 10:36:29 MDT 2023
Snapshots got that diff about 8 hours earlier.
> For what it’s worth, my Vultr VPS machine is running snapshots and updated
> without issue.
>
> Hope this helps as a clue!
>
> On Tue, Jul 25, 2023 at 10:45 AM Theo de Raadt wrote:
>
> > It seems some of the smaller hypervisor companies didn't
For what it’s worth, my Vultr VPS machine is running snapshots and updated
without issue.
Hope this helps as a clue!
On Tue, Jul 25, 2023 at 10:45 AM Theo de Raadt wrote:
> It seems some of the smaller hypervisor companies didn't get the memo,
> and they are blocking the msr write to to set
I've come across a somewhat older HUAWEI LTE Stick, it says
HUAWEI E3372h-320.
[full dmesg below]
umsm0 at uhub0 port 6 configuration 1 interface 0 "HUAWEI_MOBILE HUAWEI_MOBILE"
rev 2.00/1.02 addr 7
umsm0 detached
umsm0 at uhub0 port 6 configuration 1 interface 0 "HUAWEI_MOBILE HUAWEI_MOBILE"
It seems some of the smaller hypervisor companies didn't get the memo,
and they are blocking the msr write to to set the chicken bit.
They block it by raising an exception.
They should IGNORE that bit if they allow setting it.
I also have a strong suspicion some of them do not have the firmware
My unattended upgrade happend like that:
- I took up unbound
- sysupgrade
- 1st fw_update (this probbly is okay)
- reboot
- installation of the sets
- 2nd fw_update (this fails because unattended, local Unbound is down)
- reboot
- 3rd fw_update (this fails because unattended, local Unbound is
Thanks Steve,
Jul 25, 2023 14:41:53 Steve Litt :
> chattr -i resolv.conf && echo nameserver 8.8.8.8 >> resolv.conf && chattr +i
> resolv.conf
>
> I also don't understand why you start unbound manually instead of from
> computer initialization. It sounds like if unbound started before
>
Daniele B. said on Tue, 25 Jul 2023 11:29:09 +0200 (GMT+02:00)
>Hello Stuart, thanks for this one..
>
>Yes, I agree that the final solution could be only the replace my
>listed nameserver. But do you remember I was using also the unmutable
>flag on resolv.conf ? :D
chattr -i resolv.conf &&
On 2023-07-25, Johannes Thyssen Tishman wrote:
> Hi,
>
> I have a vps running OpenBSD 7.3 STABLE amd64 and I have a cronjob that runs
> once a day to install new errata patches (if available) and reboot after
> patching. With the last errata patches (amd firmware, wscons) I realized (too
> late)
Hello Stuart, thanks for this one..
Yes, I agree that the final solution could be only the replace my listed
nameserver.
But do you remember I was using also the unmutable flag
on resolv.conf ? :D
I do not want to awake the lions and indeed I'm much happy about
my *unbound system* but
Hi,
I have a vps running OpenBSD 7.3 STABLE amd64 and I have a cronjob that runs
once a day to install new errata patches (if available) and reboot after
patching. With the last errata patches (amd firmware, wscons) I realized (too
late) that I should've followed the steps described on the errata
On 2023-07-25, Daniele B. wrote:
>
> Hello,
>
> Just coming from my fresh upgrade to OpenBSD 7.3 and thanks again for
> it.. ;)
>
> No particular problem except my realization that with my settings
> (unbound started manually) fw_update goes to fail (all the three
> attempts) on each (unattended)
Hello,
Just coming from my fresh upgrade to OpenBSD 7.3 and thanks again for
it.. ;)
No particular problem except my realization that with my settings
(unbound started manually) fw_update goes to fail (all the three
attempts) on each (unattended) upgrade. If fw_update happens to be a
36 matches
Mail list logo
