Re: Tor daemon is unable to connect to the Tor network

On 2023-03-12 09:53 AM, Stuart Henderson wrote: > I don't think the problem you're seeing is related to login.conf but a > few comments on that, > > ... > > I suggest removing login.conf.db (it is not created by default) and not > using cap_mkdb, to avoid any problems with the db file getting out

Tor daemon is unable to connect to the Tor network

Hey @misc, Here’s a brief rundown of what I’ve been dealing with: * tor(1) works flawlessly on my GNU/Linux machine with the exact same torrc configuration file, yet it fails miserably on my 64-bit netbook (amd64) running -current branch of OpenBSD 7.2 * Raised the value of

OpenBGDP IPv6 ignoring set localpref parameter

tually getting a connection and sending me route updates. Here is an example: V fdff:feed:c0de::/48 :: 20 0 4242423914 4242420585 4242422980 210074 64719 65043 4242420138 i Any ideas? Thanks, Matt

Re: Using OpenBSD as an L2TP client with A ISP

* Stuart Henderson [2021-10-26 11:35:06]: > On 2021-10-26, Matt Dainty wrote: > > I'm currently using OpenBSD with an Andrews & Arnold vDSL connection so I > > have > > a pppoe(4) interface, etc. and this works for IPv4 & IPv6. > > > > The problem

Using OpenBSD as an L2TP client with A ISP

sn't do IPv6. Is that still the case? Thanks Matt

Trying to disable acpitz

I'm trying to install OpenBSD 7.0 on a Dell Wyse 3040 (Intel Atom x86_64, eMMC). Rebooting after the install hangs at the line: acpitz on acpi0 Using boot -c results in the usb keyboard input not working at the UKC> prompt. I can disable acpitz on a kernel running in a virtualmachine and copy

Re: WireGuard host crashes roughly every week

Thanks so much Matt! It works! I've reenabled PersistantKeepalive overnight and mbufs are staying low. The failed handshakes are still occurring, "ifconfig wg0 debug" filled my dmesg with hundreds of lines like: > wg0: Handshake for peer 10 did not complete after 5 seconds, re

Re: WireGuard host crashes roughly every week

On Tue, 3 Aug 2021 13:02:15 -0500 "Matt P." wrote: > Hi Stuart! > > Your advice lead me to discover, the issue happens only with the > "PersistantKeepalive = 25" option I had enabled on each wg-quick > peer. Looks like you could recreate it by making a few

Re: WireGuard host crashes roughly every week

configured to forward the traffic: > # wireguard > # open wireguard port > pass in on $ext_if proto udp from any to any port $wg_port > # allow communication between wireguard peers > pass on $wg_if > # allow clients connected to wg0 to tunnel their outside world traffic > pa

Re: WireGuard host crashes roughly every week

bling the wg startup. When I start the box I have very few mbufs (around 50) like on the other machine. Once I start wireguard manually it begins climbing again, though the number is nowhere near the "27836 mbufs in use" like when it loads at boot. When I stop wireguard (with wg-quick,

WireGuard host crashes roughly every week

on the Pi and started on the x64 box. I'm a newbie at systems administration, and don't know where to go from here. There's no kernel panics to send, and I didn't see anything in the log files about the crash. What should I do? --Matt

Re: Why 16 year old zlib 1.2.3 in OpenBSD 6.9 released May 2021 please?

On Thu, Jun 24, 2021 at 10:41 PM Sebastien Marie wrote: > On Thu, Jun 24, 2021 at 08:04:37PM -0600, Matt Dowle wrote: > > > > > It is NOT 16 years old. You keep saying that. There is a different > > development > > process involved here which has upsides a

Re: Why 16 year old zlib 1.2.3 in OpenBSD 6.9 released May 2021 please?

> So feisty. Seriously? On Thu, Jun 24, 2021 at 8:33 PM Theo de Raadt wrote: > Matt Dowle wrote: > > > That's right. I don't understand. > > Could you explain it then, or point me to a document that explains what > > your development process is? > > Putti

Re: Why 16 year old zlib 1.2.3 in OpenBSD 6.9 released May 2021 please?

If that's what you do, whilst I understand that can make some sense to keep patching say 5 year old libraries, at some point it becomes too old and too risky. Matt On Thu, Jun 24, 2021 at 7:27 PM Theo de Raadt wrote: > Matt Dowle wrote: > > > Theo, > > > > > Instead, we

Re: Why 16 year old zlib 1.2.3 in OpenBSD 6.9 released May 2021 please?

year old version of a library such as zlib, however, seems too old to me: at that age it's starting to become unreasonable to expect other open-source maintainers such as myself to support. Best, Matt On Thu, Jun 24, 2021 at 3:46 PM Theo de Raadt wrote: > Dave Voutila wrote: > > > Theo de

Why 16 year old zlib 1.2.3 in OpenBSD 6.9 released May 2021 please?

Hi, Is it intentional or is there any good reason that OpenBSD 6.9 released May 2021 uses a 16 year old version of zlib (v1.2.3; July 2005)? The latest version v1.2.11 (Jan 2017) is 4 years old. Background here: https://github.com/Rdatatable/data.table/pull/5049 Best, Matt Maintainer

Re: 4G mini PCI-e modem support?

PCIe adapter so I'd prefer to just get a mini PCIe device and avoid the extra adapter. Are there any other umb(4)-compatible devices in a mini PCIe form factor I can look for that will work in Europe? Matt

Re: 6.8 - Difficulties getting Wireguard ipv6 working

rtunately, without more information it would be difficult to diagnose. Route tables from both ends would be a start. I would also suggest doing a tcpdump on wg interfaces on both ends to see where traffic is leaving/arriving. Cheers, Matt

Re: wg(4) listen on a specific interface / address

on port 53535 on the same rdomain): pass in on $wan proto udp to (self) \ port { 53, 123, 4500, 5060 } rdr-to 127.0.0.1 port 53535 Cheers, Matt [1] https://www.wireguard.com/#built-in-roaming [2] https://lists.zx2c4.com/pipermail/wireguard/2017-May/001280.html [3] https://lists.zx2c4.com/pipermail/wireguard/2018-June/003013.html

Re: wireguard listen in other rdomain?

ening on the same port. Perhaps there is a better solution than rdomains and pf redirections. Cheers, Matt

Re: Lenovo V130, boot failed with error "entry point at 0x1001000"

tianocore. Guess I'll submit a patch to reverse it since I don't have an Elitebook to test with? As a workaround, mount the efi partition and copy in boot64.efi from 6.6. -Matt Kunkel June 23, 2020 2:16 PM, "Sven Wolf" wrote: > Hi, > > also after the new installation of t

6.7 EFI boot failure on amd64 since 12/2019 commit (entry point at 0x1001000)

oot/ prior to 2019/12/12. I can provide a compiled binary if you reach out directly. If this msg belongs in bugs, I can send it there as well. There are other recent mentions of this problem on -misc. Thank you, Matt Kunkel

Re: Faking the same LAN over the Internet

I think as long as one side of the tunnel is not doing NAT then you would be okay. For a while I had an IPSEC VPN going between my cloud server and my home desktop so that I could access my home desktop remotely and it worked well. Although, I have never tried any layer two tunneling. Report back

Re: Faking the same LAN over the Internet

You could also consider using etherip(4). I think the etherip(4) interface might be more NAT tolerant but I am not really sure.

www.openbsd.org copyright notice

Just saw today that the copyright notice on the website is from 1996-2017. You guys might want to update it to 2018. :-) -Matt

Re: [patch] 6.3 relayd.conf(5) man page correction

, Mar 24, 2018 at 09:51:59AM -0400, Matt Schwartz wrote: Hi tech@, One small correction to relayd.conf(5). In the examples section for TLS acceleration, the configuration option match hash "sessid" results in a syntax error. Diff below. Thanks, Matt hi. i'm having trouble getting anyo

Re: Issues with relayd

ot;$TIMEOUT"     tcp { nodelay, sack, socket buffer 65536, backlog 128 }     tls { no tlsv1.0, ciphers HIGH }     tls no session tickets } relay ghost {     listen on vio0 port 443 tls     protocol https     forward to 127.0.0.1 port 2368 } On 4/7/2018 3:32 AM, Cla

Issues with relayd

of spurious TLS handshake errors that I can't pin down. I am running relayd with relayd -vv logging. Below is output from my relayd.log and dmesg. Thanks, Matt /var/log/relayd: Apr  5 23:45:43 panther relayd[94018]: startup Apr  5 23:46:08 panther relayd[43579]: relay_tls_transaction: session 1

Re: httpd howto redirect port 80 to 443 in vm

Why not use a .htaccess redirect? https://www.sslshopper.com/apache-redirect-http-to-https.html On Thu, Mar 1, 2018 at 7:18 AM Bryan Harris wrote: > Alternate?: go back to original config and change > > server "default" > > to > > server "example.com" > > And maybe an

Re: fsck: CANNOT READ: BLK 4235468160

I just saw you mentioned you are using the disk inside of virtualbox. Does this same thing happen if you use the disk natively? On Mon, Jan 8, 2018 at 8:52 AM Matt M <cmorrow...@gmail.com> wrote: > With disks, the blocks can change. There can be any number of reasons for > this, fro

Re: fsck: CANNOT READ: BLK 4235468160

With disks, the blocks can change. There can be any number of reasons for this, from the actual physical platters going bad to the read heads not functioning properly, or the memory on the disk going bad. SSD is a different story, in my experience when it begins to go the behavior becomes really

Re: Problems import ctypes in Python on 6.1

OK, I think I fixed this. Seems some un-marked dependancy needed updating. But forcing all packages to be updated with: pkg_add -D installed -u has cause python to start working again. -Matt > On 7 Aug 2017, at 14:19, Matt Hamilton <m...@quernus.co.uk> wrote: > > Hi All

Problems import ctypes in Python on 6.1

ev, wxallowed) /dev/sd0e on /var type ffs (local, noatime, nodev, nosuid) -Matt — Matt Hamilton Quernus m...@quernus.co.uk +44 117 325 3025 64 Easton Business Centre Felix Road, Easton Bristol, BS5 0HE Quernus Ltd is a company registered in England and Wales. Registered number: 09076246

Re: ETE - ETA

ETA is a sort of "universally" recognized and used form. To be technical, ETA and ETE would be synonymous in this case anyway. The time to wait till arrival (eta) would correspond exactly with the time it takes to complete the process (enroute). On Sun, Jan 22, 2017 at 8:30 AM jean-francois

OpenBGPD support for BGP-MPLS VPN with IPv6

Hi, Do any plans exist to implement the BGP-MPLS IP VPN extension for IPv6 VPN (RFC 4659) in OpenBGPD? Thanks, Matt

Re: openiked + rc.conf.local

On Sep 26, 2016, at 2:26 PM, Infoomatic wrote: >> Do you get any more output if you do "rcctl -f -d start iked"? > the output is: > doing _rc_parse_conf > doing _rc_quirks > iked_flags empty, using default >< > doing _rc_parse_conf /var/run/rc.d/iked > doing _rc_quirks >

iked config test hanging on 6.0

I've tried this on a few different systems now, one upgraded from 5.9 to 6.0 with the install CD, one a brand-new 6.0 install. The former is running as a hosted VM at Vultr, the latter a VMware Fusion machine. I'm not sure if this is a problem just in a virtual machine context, but I don't have

Re: the balance between OpenBSD and life

On Sat, May 28, 2016 at 7:31 AM Teng Zhang wrote: > I can't adjust the time for OpenBSD and my life appropriately. Could you > please share your experience with me about how you adjust your time between > OpenBSD and your life. > thanks for any reply. > > If OpenBSD is

Re: bioctl disk encryption

Okay, I wasn't screaming - cheering on a great operating system, most definitely. I'll dig into the source code a bit to see what I can learn. On Apr 9, 2016 9:12 PM, "Jiri B" wrote: > > On Sat, Apr 09, 2016 at 08:18:11PM -0400, Matt Schwartz wrote: > > I really lik

bioctl disk encryption

I really like the bioctl full disk encryption feature. I would love to see it extended to support multiple users/passkeys. I once worked with a commercial full disk encryption product that allowed this and could even be managed over a network. Coming up with a solution to manage encryption keys

BGP MPLS VPN Question

wrong? Do I need to create a separate routing domain for the third site, another mpe interface with different MPLS label, and create static routes between the rdomains? Thank you again, Matt

Re: ipsec ipcomp howto - OpenBSD 5.7

ipcomp has not been implemented in ipsec/isakmpd. I've gotten it to work quite well with iked. iked is the key management daemon for IKEv2. On Thu, Mar 17, 2016 at 6:00 PM, Motty Cruz wrote: > configuring ipsec.conf with ipcomp seem to be difficult then I thought. I > enable ipcomp > # sysctl -a

Re: openbsd.org, openssh.com server(s) down

Seems like there might be an outage. I cannot reach either openbsd.org or openssh.com. On Mar 15, 2016 9:32 AM, "Rudolf Sykora" wrote: > > Hello, > > is it only I who cannot connect to either > of openbsd.org and openssh.com, or > is the server down? > > Thanks > Ruda

bgpd not importing routes from rdomain 1

anything. Thanks again for your time and attention, Matt #bgpctl show fib table 1 flags: * = valid, B = BGP, C = Connected, S = Static, D = Dynamic N = BGP Nexthop reachable via this route r = reject route, b = blackhole route flags prio destination gateway #bgpctl show

Re: bgpd network connected

the default. Frustrating because I'm so close to getting BGP MPLS VPN to work. Of course it still could be me but I've looked at this 6 ways to Saturday and I'm at a loss. > On Mar 9, 2016 6:00 AM, "Tony Sarendal" wrote: > > > > > > > 2016-03-08 15:38 GMT+01:00 Matt Schwa

Re: BGPD not adding routes

Yes, it does make some sense. I'm going to have to take a deeper dive into understanding routing domains and virtual routing tables. I noticed a good article on packetmischief.ca which seems to provide a good overview. Thanks again for your help. Matt On Mar 8, 2016 2:17 AM, "Claudio

Re: bgpd network connected

I did not even know it was broken? On Mar 8, 2016 1:26 AM, "Tony Sarendal" wrote: > > Is there any chance of getting "network inet connected" fixed to 5.9 ? > > Regards Tony

Re: BGPD not adding routes

? Thanks for helping me with my understanding gaps. Matt

BGPD not adding routes

network inet connected } group ibgp { announce IPv4 unicast announce IPv4 vpn remote-as 65001 depend on mpe0 local-address 10.254.254.2 neighbor 10.254.254.1 { descr PE1 } } Thanks much, Matt

Re: 5.8: uvideo has support for Logitech QuickCam Pro 5000 but ugen0 attaches instead

On 15/01/16 05:44 AM, Martin Pieuchot wrote: Could you test the diff? Does it work? I haven't had a chance but I will as soon as I can. Thanks! Matt

Re: 5.8: uvideo has support for Logitech QuickCam Pro 5000 but ugen0 attaches instead

On 05/01/16 05:10 AM, Martin Pieuchot wrote: On 03/01/16(Sun) 23:18, Matt Adams wrote: Hi, I noted that uvideo has support for the Logitech QuickCam Pro 5000 - a piece of hardware that I have. However, ugen appears to attach to this device instead of allowing the special firmware (installed

Re: 5.8: Cannot communicate with iDrac6 once OpenBSD boots (Broadcom BCM5709 via bnx)

Thank you for the explanation (Stuart) and helpful patch (Ted). I will try something like that until I have the opportunity to upgrade to iDrac6 Enterprise (dedicated NIC). Cheers, Matt

5.8: uvideo has support for Logitech QuickCam Pro 5000 but ugen0 attaches instead

supported? -bash-4.3$ ls -l /dev/video* lrwxr-xr-x 1 root wheel 6 Dec 24 00:09 /dev/video -> video0 crw-rw-rw- 1 root wheel 44, 0 Dec 24 00:09 /dev/video0 crw-rw-rw- 1 root wheel 44, 1 Dec 24 00:09 /dev/video1 Thanks, Matt -- usbdevs -v below Controller /dev/usb0:

5.8: Cannot communicate with iDrac6 once OpenBSD boots (Broadcom BCM5709 via bnx)

configuration once OpenBSD launches. It would be great if I could keep bnx1, bnx2 and bnx3 accessible to OpenBSD. Thanks, Matt -- dmesg below OpenBSD 5.8 (GENERIC.MP) #1236: Sun Aug 16 02:31:04 MDT 2015 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 25739890688

Re: FreeBSD or OpenBSD for my (server/router) purposes? (Total n00b)

ompare a few hundred dollars worth of x86 kit occupying about 8 litres of space and quietly sipping a few tens of watts of power to even the most entry level iSeries or zSeries? I think this shows just how far off the mark this thread has come. -Matt — Matt Hamilton Quernus m...@quernus.co.uk

Re: FreeBSD or OpenBSD for my (server/router) purposes? (Total n00b)

very nice blend of security, manageability and convenience for my use-case. YMMV. > I know lots of people are doing the same. Anyways, good luck with it > long term. Thanks! I’m blogging about how it is turning out. So far seems to be working pretty nicely. -Matt — Matt Hamilton Quernus m...@quernus.co.uk +44 117 325 3025 49b Easton Business Centre Felix Road, Easton Bristol, BS5 0HE Quernus Ltd is a company registered in England and Wales. Registered number: 09076246

Re: FreeBSD or OpenBSD for my (server/router) purposes? (Total n00b)

ted to the net. Whether or not it contains an OpenBSD VM in it as a guest doesn’t (IMHO) significantly affect it’s security. -Matt — Matt Hamilton Quernus m...@quernus.co.uk <mailto:m...@quernus.co.uk> +44 117 325 3025 49b Easton Business Centre Felix Road, Easton Bristol, BS5 0HE Quernus

Re: FreeBSD or OpenBSD for my (server/router) purposes? (Total n00b)

software to achieve my end goals. This thread started with someone who is starting to learn and wanted to know which OS, OpenBSD or FreeBSD would be best for their requirements. I don’t feel putting forward an idea that you could run OpenBSD as a VM and have both is so unreasonable. -Matt — Matt Hamilto

Re: FreeBSD or OpenBSD for my (server/router) purposes? (Total n00b)

C tunnel termination than FreeBSD can offer out of the box. -Matt — Matt Hamilton Quernus m...@quernus.co.uk +44 117 325 3025 49b Easton Business Centre Felix Road, Easton Bristol, BS5 0HE Quernus Ltd is a company registered in England and Wales. Registered number: 09076246

Re: ipsec tunnel over IPv6

::1 2001:41c8:11a:5::1 traceroute6 to 2001:41c8:11a:5::1 (2001:41c8:11a:5::1) from 2001:470:1f1d:301::1, 64 hops max, 60 byte packets 1 2001:41c8:11a:5::1 (2001:41c8:11a:5::1) 32.884 ms 32.795 ms 32.316 ms # -Matt > On 23 Sep 2015, at 22:31, Matt Hamilton <m...@quernus.co.uk> wrot

ipsec tunnel over IPv6

fic on the external interface. Traceroute6 also shows all intermediate hops, i.e. no tunnel. Is it because, being IPv6, the networks on each end can route to each other (as opposed to on IPv4 normally they are RFC1918 networks) so OpenBSD send the packets the ‘easy’ route? -Matt — Matt Hamilton Quernu

route6d issues

fic at all. Any ideas what to check next? -Matt — Matt Hamilton Quernus m...@quernus.co.uk +44 117 325 3025 49b Easton Business Centre Felix Road, Easton Bristol, BS5 0HE Quernus Ltd is a company registered in England and Wales. Registered number: 09076246

How to lookup ICMP nat addresses with pf ioctl DIOCNATLOOK

nl.sport = ICMP type nl.dport = ICMP code and nl.sport = ICMP code nl.dport = ICMP type In all cases, ioctl(pffd, DIOCNATLOOK, nl) returns -1. Thanks. Matt

Re: My computer suddenly turned itself off.

Sudden power offs are often indicative of heat issues, especially on laptops. Does it power right back on and stay on for a long time? If not I would suspect heat. If it does stay on, it may be a power management bug, a bad power source or possibly a failing power supply in the machine. If it

Re: OpenBSD embedded? (was: OpenBSD 5.6-current on ASUS Chromebox)

typical ports allocations on the VLAN switch: 1 - OpenBSD device 2 - DSL/Cable modem (upstream) 3 - LAN 4 - Wireless access point Thoughts? Matt

Re: TCP checksum problems with NAT (maybe vlans/tun)

this? Is getting the tun interface to calculate the checksums the way to go? -Matt

TCP checksum problems with NAT (maybe vlans/tun)

would put the correct checksum back on. But as it is instead being sent down a tun interface that it is not getting corrected at all. Does this sound like a likely hypothesis to anyone who knows the changes that were made? -Matt

Re: TCP checksum problems with NAT (maybe vlans/tun)

Matt Hamilton matth at netsight.co.uk writes: Hi All, I just been upgrading a router from OpenBSD 5.1 to 5.4 and hit a big problem Doh! I meant 5.5, not 5.4. Digging about it looks like the following change by Henning may shed some light: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src

PF queuing max bandwidth

While trying to upgrade a pf ruleset from 5.4 to 5.5 and make use of the new queuing system, I'm running into an issue where the traffic isn't getting throttled to what I set for a max on a given queue. Below is the old ruleset that works well under 5.4: altq on trunk0 bandwidth 9.70Mb hfsc

Re: 5.5 CDs arriving

On Apr 30, 2014, at 12:56 PM, Dave Anderson d...@daveanderson.com wrote: Just got mine, near Boston, Mass. Mine arrived in Grand Rapids, MI yesterday. My thanks to everyone involved. And mine as well! [demime 1.01d removed an attachment of type application/pgp-signature which had a name of

Oerrs on vlan interfaces

advice would be appreciated on what else to look for that is causing these errors. Regards, Matt Additional info if it helps: # netstat -sn   ip:         461996032 total packets received         21 bad header checksums         0 with size smaller than minimum         0 with data size data length

Re: Upgrade path from 4.1?

Your best option would be to backup data and configs, and reinstall fresh. There are so many releases between 4.1 and 5.4 that you're going to spend a lot of time just to get to -current or -stable 5.4, while you're still gonna have to modify config files that have changes since 4.1 that it

Cisco routers

This may not be the most appropriate place to ask, but I figured a lot of you are using Cisco on your networks. I am beginning to study for the CCNA and I want to purchase at least one Cisco router and a switch for a home lab. I don't want to spend a lot of money unnecessarily, and have been

PF port forwarding issue

I am using PF on 5.4-stable to NAT and firewall my network, but I can't get port forwarding to work. All requests end up at the OpenBSD box and go no further. For instance, I opened port 22 in PF to forward to a Centos box, but ssh on the openbsd box still takes the request. Port 80 isn't working

Re: Is my 5.4 CD ok?

There isn't any reason all the packages couldn't fit on a cd. Most are just a few bytes to a few kb, and a small number are into a few MB. Browsing the package list (for i386), it looks like the largest one might be 4mb. You should set your pkg path to the cd if you want to install from there,

Re: Virtualize or bare-metal?

I personally wouldn't advise using a single bare-metal machine just for dhcp, a separate one for dns, a separate one for sendmail etc. Seems like a huge waste of resources to me. My opinion is that you would fare better, as was suggested earlier, to use some of the other bare-metal machines for

Re: VPN Between OpenBSD and iOS

mxb, I tried that and I'm getting the same results. Any other ideas? What does your npppd.conf look like? Thanks, Matt On Fri, Jan 3, 2014 at 8:03 AM, mxb m...@alumni.chalmers.se wrote: I successfully connected my iOS 7.0.4 to an OpenBSD 5.4 (this is pre-release). My ipsec.conf for L2TP

Re: VPN Between OpenBSD and iOS

Yasuoka, I tried that just now and it doesn't seem to make a difference. Thanks, Matt On Mon, Dec 30, 2013 at 7:34 PM, YASUOKA Masahiko yasu...@yasuoka.netwrote: Hi, On Sun, 29 Dec 2013 20:58:03 -0500 Matt Carlson obsda0...@mpcarlson.com wrote: # grep -v ^# /etc/ipsec.conf ike

Re: VPN Between OpenBSD and iOS

} interface pppx0 address 10.0.0.1 ipcp IPCP bind tunnel from L2TP_ipv4 authenticated by LOCAL to pppx0 Thanks, Matt On Mon, Dec 30, 2013 at 4:10 PM, Jeff Goettsch j...@primal.ucdavis.eduwrote: What does your npppd.conf look like? -- Jeff Goettsch Agricultural and Resource Economics http

VPN Between OpenBSD and iOS

a couple IP addresses and FQDNs (e.g. 10.a.b.c) and I removed some line from /var/log/messages and replaced them with snip, since this is already fairly long. I welcome any suggestions/recommendations. Thanks, Matt # uname -a OpenBSD carbon.my.domain 5.4 GENERIC#37 i386 # cat /etc/rc.conf.local ipsec

Setting relayd outbound source address/using existing NAT rules

is failed over to the peer firewall those sessions in the state table are preserved. With squid I found that this can be accomplished by using the tcp_outgoing_address attribute to force the traffic to be sourced from a given address. Any help/advice would be appreciated. Regards, Matt

Re: pflow packets before state expires

it ended and the state expired. At which point the entire data transferred during that state's life was counted as if it happened now. -Matt

pflow packets before state expires

knew of a way. Thanks -Matt

Re: pf and apache

...@bradfords.orgwrote: Thus said Matt Morrow on Thu, 28 Feb 2013 23:07:30 -0600: Apache is running on a slackware box. I can access apache just fine internally by using the ip address of that server (192.168.1.70), but if I access the ip of the openbsd box (192.168.1.60) I just get

Re: pf and apache

-on $int_if nat-to $int_if W dniu 01.03.2013 06:07, Matt Morrow pisze: I have pf running on an openbsd box handling port forwarding. All ports seem to forward ok except for port 80. Apache is running on a slackware box. I can access apache just fine internally by using the ip address

Re: Security and ignorance from the major ISPs

I have to agree on all these points. PF is the absolute best firewall I've used on any platform. Not only is it the simplest to configure but it has superior logging facilities. I'd much rather not have any ISP tell me what traffic I can or cannot receive. If you do that, say goodbye to open

Re: new computer

You do realize the typical life of a battery is about a year? The life of a battery, when it has reached its expected and standard life does not reflect the quality of a pc. At any rate, it's not my intention to debate the quality of a particular brand or OEM. But, I like to defend a product when

Re: new computer

Your comments about asus are strictly personal opinion. I've owned an Asus laptop for more than a year and it has been rock solid. I've knocked it onto the floor a couple of times, it has been banged around and it's still going strong. Also cheaper than a thinkpad. Buy a refurbished ThinkPad,

5.2 ospfd and carp

router fails then obviously the backup route is there in OSPF, but if for some reason there is a carp failover for other reasons and ospfd is still running on the backup router then the rest of the ospf neighbours don't know to use the route to the backup carp router (which is now master). -Matt

Re: pf and torrenting

*I am trying to get torrenting to work but I can't seem to get any packets to go through. Tcpdump shows attempted activity and nothing blocked,but the torrent client itself doesn't seem to be receiving anything from any torrent I have tried. The torrent client is using port 58846 From the

Re: openbsd host halted with unknown acpi event

On 10/31/2012 11:05 AM, Rares Aioanei wrote: On Wed, Oct 31, 2012 at 10:28:35AM +0400, Sergey Bronnikov wrote: Yesterday I have found an unpleasent bug in OpenBSD. I started two virtual machines in qemu with netbsd and building source inside each virtual machine. After about 10 min laptop

pf and torrenting

I am trying to get torrenting to work but I can't seem to get any packets to go through. Tcpdump shows attempted activity and nothing blocked,but the torrent client itself doesn't seem to be receiving anything from any torrent I have tried. The torrent client is using port 58846 From the

Upgrade to 5.2?

Yesterday I upgraded from 5.1-release to -current. Is there any need to upgrade to 5.2-release? Could this cause issues since -current is really newer than what's on the 5.2 media?

OpenBSD upgrade guide 5.2?

Does anyone know when the upgrade guides are usually posted? I know we're a couple of weeks away from the release, but I also thought I read that 5.2 cds had already been shipped to some locations, which would imply that it's pretty much ready for release? I figured I'd take some time to look over

OpenBSD 5.1 Raid 10

I cannot find anything anywhere to indicate whether softraid supports raid 10, and if so, how it is done. Can anyone shed any light? I'm working with 4 disks. I want to stripe the first 2, and mirror on the second set.

PF issues help plz

Ive setup my openbsd box as a router and everything works great except for 2 things: the openbsd box itself isn't routing for itself but all machines behind it work just fine with dns and routing. At the openbsd box, if I try to ping anything by dns, it will sit for about 10 minutes then error

Re: PF issues help plz

of the changes with raid in the kernel. On Sat, Oct 13, 2012 at 10:36 AM, Peter N. M. Hansteen pe...@bsdly.netwrote: Matt Morrow cmorrow...@gmail.com writes: Ive setup my openbsd box as a router and everything works great except for 2 things: the openbsd box itself isn't routing for itself

Re: PF issues help plz

Sweet, thanks much! Keep state resolved it. Thanks again everyone for looking. On Sat, Oct 13, 2012 at 10:45 AM, mxb m...@alumni.chalmers.se wrote: You should keep state, then pkts matching will also pass in/out. On 13 okt 2012, at 17:19, Matt Morrow cmorrow...@gmail.com wrote: pass

Re: Make build on powerpc 7455b: Executables are broken

On 10/05/12 03:16, Martin Pieuchot wrote: On 04/10/12(Thu) 22:44, matt wrote: I assume I or my hardware is doing something stupid and obvious. I've been trying to successfully build OpenBSD for the first time on a 2002 G4 (Mirror Drive Door) dual 1ghz. The RAM is new, and slightly faster than

Make build on powerpc 7455b: Executables are broken

not sure why my executables are aborting. It's still logged in if anyone has any ideas other than rm -rf /, which aborts :) Matt

  1   2   3   4   >