Re: Dhcpleased feature request.

On Tue, Aug 29, 2023 at 08:53:14AM -, Stuart Henderson wrote: > On 2023-08-28, Christopher Sean Hilton wrote: > > I'd be fine with > > dhcpleased if I can set an option to ask the dhcp server for a > > specif

Re: Both serial and pc consoles on Super Micro A1SRi-2758F machine

On Mon, Aug 28, 2023 at 04:50:37PM +0200, Otto Moerbeek wrote: > On Mon, Aug 28, 2023 at 10:33:23AM -0400, Christopher Sean Hilton wrote: > > > On Mon, Aug 28, 2023 at 07:41:19AM +0200, Otto Moerbeek wrote: > > > On Sun, Aug 27, 2023 at 08:40:44PM -0400, Christop

Re: Both serial and pc consoles on Super Micro A1SRi-2758F machine

On Mon, Aug 28, 2023 at 07:41:19AM +0200, Otto Moerbeek wrote: > On Sun, Aug 27, 2023 at 08:40:44PM -0400, Christopher Sean Hilton wrote: > [ ...snip... ] > > I can solve my problems in one of two ways. If I can boot with serial > > consoles by setting them up in /etc/boot.

Both serial and pc consoles on Super Micro A1SRi-2758F machine

understand that this is *my* problem. I'll tak any suggestions here. -- Chris __o "All I was trying to do was get home from work." _`\<,_ -Rosa Parks ___(*)/_(*).___o..___..o...ooO..._____ Christopher Sean Hilton

Dhcpleased feature request.

OpenBSD 7.0 to 7.3 and the improvements are awesome. Thanks again! -- Chris __o "All I was trying to do was get home from work." _`\<,_ -Rosa Parks ___(*)/_(*).___o..___..o...ooO..._____ Christopher Sean Hilton

Resolved - Was: Performance tuning PF.

On Sat, Jul 24, 2021 at 10:24:28AM -, Stuart Henderson wrote: > On 2021-07-23, Christopher Sean Hilton wrote: > > On Fri, Jul 23, 2021 at 11:19:35AM -0400, Chris Hilton wrote: [ ...snip... ] > > > > Answering my own question, it looks like the Xeon D is intels newes

Re: Performance tuning PF.

rying to do was get home from work." _`\<,_ -Rosa Parks ___(*)/_(*)_____ Christopher Sean Hilton[chris/at/vindaloo/dot/com]

Re: Performance tuning PF.

was trying to do was get home from work." _`\<,_ -Rosa Parks ___(*)/_(*)_________ Christopher Sean Hilton[chris/at/vindaloo/dot/com]

Re: Performance tuning PF.

ing to do was get home from work." _`\<,_ -Rosa Parks ___(*)/_(*)_____ Christopher Sean Hilton[chris/at/vindaloo/dot/com]

Performance tuning PF.

s get home from work." _`\<,_ -Rosa Parks ___(*)/_(*).___o..___..o...ooO..._____ Christopher Sean Hilton[chris/at/vindaloo/dot/com]

Re: FreeBSD daemon(8)-like command for OpenBSD

ts/packages designed to manage and restart daemons mentioned above. -- Chris __o "All I was trying to do was get home from work." _`\<,_ -Rosa Parks ___(*)/_(*)_____ Christopher Sean Hilton[chris/at/vindaloo/dot/com]

Re: How do you do "family remote support"?

.y.y and then an exit button. Then I would enable VNC. -- Chris __o "All I was trying to do was get home from work." _`\<,_ -Rosa Parks ___(*)/_(*).___o..___..o...ooO..._ Christopher Sean Hilton[chris/at/vindaloo/dot/com]

Policy question regarding OpenBSD -STABLE and ports.

_ Christopher Sean Hilton[chris/at/vindaloo/dot/com]

Solved -- Was: Isakmpd Cert question.

On Tue, Feb 07, 2017 at 01:30:13PM -0500, Christopher Sean Hilton wrote: > On Tue, Feb 07, 2017 at 11:23:29AM -0500, Christopher Sean Hilton wrote: > > I'm using isakmpd to manage an ipsec VPN between OpenBSD 5.8 <-> OpenBSD > > 6.0. This also manages a VPN between

Re: Isakmpd Cert question.

On Tue, Feb 07, 2017 at 11:23:29AM -0500, Christopher Sean Hilton wrote: > I'm using isakmpd to manage an ipsec VPN between OpenBSD 5.8 <-> OpenBSD > 6.0. This also manages a VPN between Mac OS X/ IPsecuritas and OpenBSD 6.0. > Some more information on this and possibly a real qu

Isakmpd vs iked

How hard is it to transition from an isakmpd managed IPsec VPN to iked managment? I have a certificate based isakmpd solution that works. It is mainly just a matter of rsyncing the directories and using a little editor magic on the ipsec.conf file to create iked.conf? Thanks in advance, -- Chris

Isakmpd Cert question.

I'm using isakmpd to manage an ipsec VPN between OpenBSD 5.8 <-> OpenBSD 6.0. This also manages a VPN between Mac OS X/ IPsecuritas and OpenBSD 6.0. The example describes a situation where you have one self signed root certificate located in /etc/isakmpd/ca/root.crt and otherside::client.crt from

Re: how to submit bug report regarding pf queueing?

On Wed, Mar 09, 2016 at 02:45:36PM -0700, Daniel Melameth wrote: > On Wed, Mar 9, 2016 at 10:58 AM, Christopher Sean Hilton > <ch...@vindaloo.com> wrote: > > I'm using queuing to alleviate bufferbloat and make my son's gaming > > performance better. I'm on an asymetric ca

Re: how to submit bug report regarding pf queueing?

sed 48 because I'm keen on multiples of 16. Have you tried anything like this? -- Chris __o "All I was trying to do was get home from work." _`\<,_ -Rosa Parks ___(*)/_(*).___o..___..o...ooO..._________ Chri

Re: how to submit bug report regarding pf queueing?

do was get home from work." _`\<,_ -Rosa Parks ___(*)/_(*).___o..___..o...____ooO..._____ Christopher Sean Hilton[chris/at/vindaloo/dot/com]

Re: Debugging queues on pf

That won't be perfect because I do static-port nat for some things but I think I can arrange it. Thanks again! -- Chris __o "All I was trying to do was get home from work." _`\<,_ -Rosa Parks ___(*)/_(*).___o..___..o...____ooO..

Debugging queues on pf

I'm seeing something very strange when I try to debug queues on pf. I'm simply trying to view queue activity on the net using either: # pfctl -vvsq or # systat queue I'm trying to assign all udp traffic from my iPad to a priority queue with a ruleset in pf like this: ...

Re: Gif tunnel / pf / queueing

On Wed, Mar 02, 2016 at 10:46:08PM +1000, David Gwynne wrote: > > On 2 Mar 2016, at 1:51 AM, Christopher Sean Hilton <ch...@vindaloo.com> > > wrote: > > > > I would like to apply queueing to packets traversing a gif tunnel. I'd > > like to know what wo

Gif tunnel / pf / queueing

o..___..o...ooO..._____ Christopher Sean Hilton[chris/at/vindaloo/dot/com] [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]

How does isakmpd determine which config stanza to use?

o "All I was trying to do was get home from work." _`\<,_ -Rosa Parks ___(*)/_(*).___o..___..o...ooO..._ Christopher Sean Hilton[chris/at/vindaloo/dot/com]

Re: IPsec config with dynamic IP.

On Fri, Feb 19, 2016 at 11:36:04AM +, Stuart Henderson wrote: > On 2016-02-18, Christopher Sean Hilton <ch...@vindaloo.com> wrote: > > My box cannot resolve the name "ike-v1.example.com" until > > after isc_named is started which happens way late in

IPsec config with dynamic IP.

was get home from work." _`\<,_ -Rosa Parks ___(*)/_(*).___o..___..o...ooO..._________ Christopher Sean Hilton[chris/at/vindaloo/dot/com]

Re: python uwsgi port/package

On Wed, Dec 02, 2015 at 07:22:27PM +, Stuart Henderson wrote: > On 2015-12-02, Christopher Sean Hilton <ch...@vindaloo.com> wrote: > > > > Thanks for any information, > > I made a start at a port, I was going to use it for something but it > didn't happen in the e

dpb build box performance suggestions.

I'm trying to dpb to maintain a small set of packages for a handfull of OpenBSD boxes that I run. These boxes will all be single purpose servers of some type or another. Many of them will run with limited disk space and memory on Soekris hardware. What resources do I want on my dpb/build box to

Re: dpb build box performance suggestions.

concerned that's off the chain. I'm trying to decide between figuring out who the big players are in my dependency chain or just going with editors/emacs,no_x11 and using tramp and or git when I want bells and whistles emacs. -- Chris __o "All I was trying to do was get home

Re: a little help with ipsec

On Wed, Dec 02, 2015 at 03:53:46PM +0100, Marko Cupać wrote: > On Tue, 1 Dec 2015 23:49:37 + (UTC) > Stuart Henderson wrote: > > > Neither isakmpd nor iked tracks DNS changes. > > This is good to know, thank you for the information. > > > On the central side use

Re: pf, anchors, and macros

.____ooO..._ Christopher Sean Hilton[chris/at/vindaloo/dot/com]

Re: python uwsgi port/package

rving django applications and tuning it is a bear. -- Chris __o "All I was trying to do was get home from work." _`\<,_ -Rosa Parks ___(*)/_(*).___o..___..o...ooO..._____ Christopher Sean Hilton[chris/at/vindaloo/dot/com]

python uwsgi port/package

is excluding because of security issues then building a port would be silly. Thanks for any information, -- Chris __o "All I was trying to do was get home from work." _`\<,_ -Rosa Parks ___(*)/_(*).___o..___..o...ooO..._____ Chr

Re: python uwsgi port/package

On Wed, Dec 02, 2015 at 07:54:48PM +, Pedro Tender wrote: > If you have multiple apps in production with different versions of packages > that break compatibility then you'll be in a world of pain. I do see that advantage. > You also have supervisor to make it rc-able. pip/virtualenv

Re: python uwsgi port/package

On Wed, Dec 02, 2015 at 09:19:25PM +, Pedro Tender wrote: >You have a port http://ports.su/sysutils/supervisor > Thanks for the tip, that's exactly what I'm looking for!! I also wanted to say thanks for the input. I understand what you are saying and when I run into version incompatiblity

Re: python uwsgi port/package

On Wed, Dec 02, 2015 at 09:16:05PM +0100, Kamil Cholewiński wrote: > Everything boils down to whether you'd like to run more than one app on > your box. > > > While I love pip and virtualenv in development, I don't understand the > > advantage they offer over the system package manager on a

Re: NSD/Unbound clarifications

ted. But I could see this combination of nsd and unbound being popular among people looking for a lighter weight alternative to bind. -- Chris __o "All I was trying to do was get home from work." _`\<,_ -Rosa Parks ___(*)/_(*).___o..___..o...

Re: OpenSMTPD/mail stuck in queue with incorrect relay

ing to do was get home from work." _`\<,_ -Rosa Parks ___(*)/_(*).___o..___..o...____ooO..._ Christopher Sean Hilton[chris/at/vindaloo/dot/com] [demime 1.01d removed an attachment of type application/pgp-signature]

OpenSMTPD/mail stuck in queue with incorrect relay

home from work." _`\<,_ -Rosa Parks ___(*)/_(*).___o..___..o...ooO..._____ Christopher Sean Hilton[chris/at/vindaloo/dot/com] [demime 1.01d removed an attachment of type application/pgp-signature]

IPSec head check question.

I have isakmpd running quite well with certificates. I'm now trying to do something that may or may not be simple. I wish to establish two tunnels between my ipsec central server on a static IP two dynamic points on the internet. The first case is an openbsd box which wants to connect a remote

Re: ipsec.conf ipsecctl isakmpd

On Aug 10, 2009, at 6:37 PM, Christopher Sean Hilton wrote: I have a couple of questions regarding setting up ipsec. I've read the 4 minutes page and modified the older setup to work with 2 OpenBSD 4.5 boxes. That's enough to get me going with an IPsec tunnel by IP addresses but one side

ipsec.conf ipsecctl isakmpd

I have a couple of questions regarding setting up ipsec. I've read the 4 minutes page and modified the older setup to work with 2 OpenBSD 4.5 boxes. That's enough to get me going with an IPsec tunnel by IP addresses but one side of my connection is a consumer grade DSL line which wants to

Split Horizon DNS issues....

I'm trying to track down a split horizon DNS issue. On initial startup everything works great. Internal hosts can resolve names against my complete zone and can resolve names for other internal hosts just fine. External hosts get the abbreviated views that I've setup. But after a period of

Re: Split Horizon DNS issues w/named.conf

Repost with conf file included: I'm trying to track down a split horizon DNS issue. On initial startup everything works great. Internal hosts can resolve names against my complete zone and can resolve names for other internal hosts just fine. External hosts get the abbreviated views that

Soekris equivalent

Is anyone aware of an equivalent for the Soekris Net 5501-70. I'm looking to prototype an OpenBSD border gateway that offers web proxy capabilities through squid cache but squid is a bit of a memory hog and I'd like to have something with a Gig of RAM. Power footprint is a consideration

dhcrelay question

I'm running OpenBSD as an IP less bridge between a DMZ and a protected internet. The protection comes from using a set of pf rules on the exterior interface of the bridge. My pf rules block all traffic on UDP/ 67 and UDP/68 from traversing the bridge so I currently run two DHCP servers, one

Re: E450 stuff

On Sat, May 24, 2008 at 08:03:53AM -0400, Nick Holland wrote: Johan SANCHEZ wrote: On Fri, 23 May 2008 11:08:32 -0400 Christopher Sean Hilton [EMAIL PROTECTED] wrote: [ snip ] Can i ask what is the problem you are experiencing with this ? what version of OBP are you using and what

E450 stuff

Hi, I inherited an E450 from my old job. It booted Solaris just fine but I was never able to get any of (Free|Net|Open)BSD to install on it. I feel that this is probably more do to me than anything else. As time has passed it's become pretty obvious between the problems with the install

Re: E450 stuff

On May 23, 2008, at 11:06 AM, Christopher Sean Hilton wrote: Hi, I inherited an E450 from my old job. It booted Solaris just fine but I was never able to get any of (Free|Net|Open)BSD to install on it. I feel that this is probably more do to me than anything else. As time has passed it's

OpenBSD 4.2 ipsecctl isakmpd netgear FVS114

Hi, I'm trying to connect a Netgear FVS114 to my OpenBSD 4.2 machine. I seem to be stuck getting the following three error lines when I use isakmpd -K -d 205022.882116 Default attribute_unacceptable: AUTHENTICATION_METHOD: got PRE_SHARED, expected RSA_SIG 205022.882456 Default

A pair of pf questions...

Hi, My goal is to use OpenBSD to filter packets between my wireless segment and my DMZ. I've protected my wireless with WEP but in the long haul I'd like to be able to remove any authentication, WEP or WPA from the wireless segment. My first question is this: This strategy seemed to

Re: A pair of pf questions...

On Mar 31, 2008, at 4:58 PM, Christopher Sean Hilton wrote: Hi, Just a followup. I figured that I might have better luck with this configuration. de0 - External interface to Internet de1 - Internal interface to DMZ de2 - No IP interface to DMZ de3 - No IP interface

Re: A pair of pf questions...

On Mar 31, 2008, at 8:53 PM, Jon Radel wrote: Christopher Sean Hilton wrote: On Mar 31, 2008, at 4:58 PM, Christopher Sean Hilton wrote: Hi, Just a followup. I figured that I might have better luck with this configuration. de0 - External interface to Internet de1 - Internal