in
reference to the firewall rule number or specific interface? Or does
it just have information specific to the packet itself (ie, src
address, dst address, sequence numbers etc)?
-Matt
p as we could do with some better
monitoring here.
-Matt
kern.nosuidcoredump sysctl to 2.
OK, great. I've done that on all 7 boxes:
4 x OpenBSD 5.1/amd64
2 x OpenBSD 5.0/i386
1 x OpenBSD 4.3/amd64
and tested it with SIGABRT and I get a core file. So now just to sit and
wait until it happens again.
Thanks!
-Matt
s a
ripple affect that something happens and that then causes a bgpd
process to die which then propagates more changes to iBGP peers
and they then sometimes die as well.
-Matt
CARP interface too (not an interface we are using ospfd on).
> >
> > -Matt
>
> There have been earlier reports of bgpd running out of mem or getting
> segfaults. In some cases that lead to fixing bugs. There might remain
> unsolved cases.
>
> Working with the developers is one w
Otto Moerbeek drijf.net> writes:
>
> On Tue, May 29, 2012 at 08:57:54AM +0000, Matt Hamilton wrote:
>
> > Hi all,
> >
> > More bgpd problems last night :( This happened last night on two of our
> > routers. One running an old version of OpenBSD (4.3) and
g full feeds. At the moment
we only have a few partial feeds from networks we peer with and everything
else goes out a default route.
I don't think it is a memory issue with the process itself, but the error
message seems to be more related to memory available to send the packet.
This is why I'm wondering if there is some sysctl or similar somewhere
I should be tweaking.
-Matt
route decision engine
terminated; signal 11
May 29 05:55:09 fw1 bgpd[21459]: fatal in SE: pipe write error: Broken
pipe
Thanks
-Matt
e. I see a few that have come in
from ospf it looks like. I think they have arisen due to these routers
all sitting on a particular admin network and hence each of them
are advertising a route to that admin network. I need to stop them
doing this and just keep one route in the table somehow.
-Matt
SWERN):
sending notification: Cease, administratively down
I don't know what is going on, but there is always that mpath error there
before it cuts out. I don't seem to be able to spot a pattern in the
timing, it just cuts out.
Any ideas? Anyone else seen this?
-Matt
p group *before* the carp interfaces are
brought up (is that even possible?) and then remove the demotion once
OSPF has stabalised. I don't see a nice clean place in the startup
process to do this though unless I hack /etc/netstart or similar which
I don't want to do.
Thanks,
-Matt
Matt Hamilton netsight.co.uk> writes:
>
> OK, this might just be my misunderstanding of OSPF, so just want to
> run this by you and see if it is a mistake on my behalf. Let me try
> and explain:
Nevermind... after battling this for several hours, I manage to work it
out 5 min
segment I don't see how I can set the cost. Even
if i could get the cost on vlan50 to take any effect (I've tried
different values to no joy) it would surely affect *all* routes to
that router, not just 192.168.111.0/24.
-Matt
h /etc/netstart carp119
# tcpdump -vni vlan119 proto carp
tcpdump: listening on vlan119, link-type EN10MB
^C
6 packets received by filter
0 packets dropped by kernel
-Matt
Stuart Henderson spacehopper.org> writes:
> I setup carp-on-vlan-on-trunk-on-bnx0/1 on an R210-II running 5.1
> the other day, no trouble. In this case they're webservers so I didn't
> set net.inet.ip.forwarding in sysctl.conf and i'm using ip balancing
> rather than simple carp failover.
OK, so
ospfd on these hosts, which also uses
multicast so it will be interesting to see if that now also fails due to
multicast being filtered out somewhere.
-Matt
Kapetanakis Giannis edu.physics.uoc.gr> writes:
>
> On 23/04/12 17:13, Matt Hamilton wrote:
> > So it appears there is somewhere a problem with multicast packets being
> > filtered out somewhere.
> >
> > This is all running with pfctl -d
> >
> > -Mat
tcpdump: listening on vlan119, link-type EN10MB
^C
0 packets received by filter
0 packets dropped by kernel
So it appears there is somewhere a problem with multicast packets being
filtered out somewhere.
This is all running with pfctl -d
-Matt
es.
If I remove the vlan part and just have the carp interface on top of
bnx0 then I see carp packets on bnx0
with tcpdump as I'd expect. So clearly there is a serious bug
somewhere about sending carp packets over
vlan interfaces. :(
-Matt
4 0
0
0 00 0 011 04 0
0
0 00 0 010 04 0
0
0 00 0 018 03 0
0
As you can see no packets are going out.
-Matt
ssue (I've read a few reports before that it was, and
wanted to remove it from the mix).
-Matt
M5709" rev 0x20: apic 0 int 17
bnx2 at pci2 dev 0 function 0 "Broadcom BCM5716" rev 0x20: apic 0 int 16
bnx3 at pci2 dev 0 function 1 "Broadcom BCM5716" rev 0x20: apic 0 int 17
-Matt
CPUID; using exception 16
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
fd0 at fdc0 drive 0: density unknown
fd1 at fdc0 drive 1: density unknown
mtrr: Pentium Pro MTRR support
vscsi0 at root
scsibus0 at vscsi0: 256 targets
softraid0 at root
scsibus1 at softraid0: 256 targets
root on wd0a swap on wd0b dump on wd0b
-Matt
no effect. I also tried removing IPv6 from the interface
as
someone suggested, but that didn't help either it seems.
-Matt
On Fri, Jan 27, 2012 at 09:30:46PM +1100, Joel Sing wrote:
> From bioctl(8):
>
> CAVEATS
> Use of the CRYPTO & RAID 4/5 disciplines are currently considered
> experimental.
>
> (I probably should remove CRYPTO from that list though, since it is now
> pretty
> stable :)
Yeah, I apolo
the highest
advskew. This is the same on the inside carp interface too.
Any ideas?
-Matt
Been playing with 5.1-beta (Jan. 21 build) in the interests of seeing
what I need to get together to set up my next system. I was hoping to
do it with three drives, booting from a softraid RAID 5 volume.
When installed and rebooted, all works OK. What I've been running into
are panics when tryin
googled but could not find anything. Does this mean that my system has
been compromised on the /tmp directory? I have the /tmp directory set to
1777. If this is me being stupid, please be gentle as I am learning
security.
Thanks,
Matt
The classic answer. Wont just work so why are you even using this software
because of the security risk... I still run openbsd at the house but for
anything,that actually pays the bills WE USE ANYTHING BUT.Intel mpi?
Openmpi? Etc.
If you are going,to use webmin shit run it on linux or freebs
That was my concern exactly. That I would be unable to put the OS of my
choice on hardware that I bought. This is precisely why I don't own an iPad
or iPhone - I want ownership of what I bought. What good is a full on
desktop computer with the inability to disable secure boot other than for
tho
Absolute rubbish! You want to uninstall OpenBSD, go ahead, it's your risk and
loss.
To: misc@openbsd.org
Sent: Saturday,
October 1, 2011 5:49 PM
Subject: Why I uninstalled OpenBSDb&
http://www.trollaxor.com/2011/10/why-i-uninstalled-openbsd.html
Has anyone been following Microsoft's recent attempts to muscle OEMs into
using the secureboot feature of UEFI or is this just a load of media hot air?
Are there any plans for OpenBSD to support UEFI?
Thanks
Is it possible to use npppd as an L2TP client or in a configuration where both
vpn endpoints are OpenBSD based? Thank you in advance.
I think you have to enable NAT Traversal in your ipsec.conf file. Check the
man page on that one. You could try this but I am not sure it will work.
ike passive from any (public-ip) to any ..
I don't know how adventurous you feel, but as long as the the old gear
supports L2TP pass through, you could consider trying npppd. Although, it
requires some preparation work like adding PIPEX to the generic kernel and
building npppd from the source code. Another option is to investigate using
O
This is also entirely possible with Squid. You could simply use basic
authentication so that you can keep an open wireless access point and people
would have to authenticate in order to surf the web or do anything. Create a
temporary account for each customer and add an expiration time?
To:
mis
Why would you run that shit on a laptop? Have you no life? Or glutton for
punishment?
Re,
Mb
On Sep 3, 2011 6:32 PM, "Steve" wrote:
> Sorry, I had removed OpenBSD from the hard disk due to the shutdown
> problems. Here are the dmesg, pcidump -v and atactl sd0 identify from a
> UBS stick instal
Call IBM support. You will have 10 technicians onsite in a week.
MB
On Aug 30, 2011 8:17 AM, "lancebaynes87" wrote:
> Are there any solutions?
>
> I can't SSH to it anymore, because it asks for password.
>
> Does anybody knows a solution for this problem??
>
> Thank you in anticipiation.
>
>
>
h
Can one of th PF developers weigh in?
Is there anything more that I can do to help? E.g. formally list a
bug report, provide additional detail, act as tester, etc?
On 8/25/11, Kevin Chadwick wrote:
> On Thu, 25 Aug 2011 20:10:12 + (UTC)
> Stuart Henderson wrote:
>
>> Yes these are from the
d the VM).
Matt
On Mon, Aug 22, 2011 at 5:09 PM, Matt Van Mater wrote:
> Hi All,
>
> See my configuration at the bottom of this email. I am looking into why my
> pflog has these ambiguous entries that show source and destination as all
> zeros e.g. 0.0.0.0.0 > 0.0.0.0.0.
>
36) ack 1 win 256 (DF)
Aug 17 16:03:31.815571 rule 2/(match) pass out on em0: 0.0.0.0.0 >
0.0.0.0.0: . ack 93472891 win 2190 (DF) [tos 0x10]
Aug 17 16:04:31.929505 rule 2/(match) pass in on em0: 0.0.0.0.0 > 0.0.0.0.0:
P 144:180(36) ack 1 win 256 (DF)
Thanks,
Matt
I don't see anything really wrong with your configuration. When I used
userland PPP, I had the mtu and mru set to 1492 but you took a known working
configuration from a previous setup. Is there a good reason why you couldn't
use kernel PPP? It is really easy:
cat /etc/hostname.pppoe0:
inet 0.0.
OpenLDAP itself does not automatically increment the uid. You might look into
using ypldap but if you don't want to do that, you would have to script your
own tool.
To: misc@openbsd.org
Sent:
Sunday, May 29, 2011 12:22 PM
Subject: OpenBSD + OpenLDAP
Dear list us
Hello list:
Purely for curiosity, is it possible to enable mpls on a tun(4) interface?
Thanks,
Matt
Hello all:
Purely for curiosity, is is possible to enable mpls on the tun(4) interface?
Thanks,
Matt
I have to agree with Theo and I was honestly shocked at your initial email.
You don't bite the hand that is trying to help nor do you bite the hand that
is giving you something for free.
Sent: Wednesday, May 25, 2011 3:22 PM
Subject: Re: ospfd/ospf6d causing denial of service(?)
Theo, come on
Have you tried doing the following:
sysctl net.inet.ip.forwarding=1
This effectively turns OpenBSD into a router. If you also need to handle, IPV6
traffic:
syscttl net.inet6.ip6.forwarding=1
To make this consistent across reboots, edit the sysctl.conf file.
You might try playing with some of OpenBSD's virtual routing capabilities. You
could create a couple of VLANs and test out some of the BGP/MPLS VPN
capabilities within the VLANs.
To: misc@openbsd.org
Sent: Sun, May 15, 2011 9:48:36 AM
Subject: Things to do wi
Are the speed results on Windows more representative of the bandwidth of your
connection? If the Windows results are slow when compared to the total
available bandwidth, I would go out on a limb and state that a network card
might be bad. Have you tried different ethernet cards?
Matt
Have
I use kvm/qemu on a Debian Squeeze box to virtualize all of my OpenBSD stuff
and
it works extremely well (my only wish is that OpenBSD could support Dom0 or the
kvm/qemu equivalent). If you decide to go this route, you need to make certain
to disable MPBIOS after installing OpenBSD on a guest
I am using kernel pppoe and I would like to know if it is possible to add the
pppoe0 interface to a bridge? If so, how do I do it? Do I need to set a link0
flag?
Thanks
nBSD further ahead of the game.
Already, the npppd work is fantastic!
Thanks,
Matt
I think I see what is happening here. You have the prefix wrong. Try using
/64
Sent from Yahoo! Mail on Android
f UHLc 10 -4 em0
206.125.169.98 52:54:00:27:26:22 UHLc 00- 4 lo0
224/4 127.0.0.1 URS00 33160 8 lo0
Thank you again,
Matt
Thank you for all of the help. I am effectively giving up on doing it this
way. OpenVPN seems to have facilities to make it easier to achieve what I want
to do. I appreciate all of the time and effort spent.
On Wed, 2011-04-13 at 07:34 -0700, Matt S wrote:
> Hi Claudiu:
>
>
&g
You might consider a creative solution with Dead Peer Detection. Per
ipsec.conf(4), you enable Dead Peer Detection by using an ike dynamic statement.
Heya
On Thu, Apr 14, 2011 at 3:09 AM, Scott McEachern wrote:
> On 04/13/11 09:38, Randal L. Schwartz wrote:
>
>
172.16.254.2 A.B.C.D.E
My setup is using a GRE tunnel. I have the GRE Tunnel endpoints configured on
/30 subnet. There might be a gap in my understanding.
Thank you again,
Matt
On 12 April 2011 23:53, Matt S wrote:
> Hello @misc:
>
> I am up against a stumper. I have a Site-to-Site
00:0d:65:ab:c8:bf UHLc 10 - 4 em0
matthew-schwartz.c 52:54:00:27:26:22 UHLc 00 - 4 lo0
BASE-ADDRESS.MCAST localhost URS00 33160 8 lo0
On Tue, 2011-04-12 at 19:53 -0700, Matt S wrote:
> Hello @misc:
>
> I am u
$me dstid $mypeer \
psk $mypsk
cat /etc/hostname.gre0:
inet 172.16.254.2 255.255.255.252 172.16.254.1
tunnel E.F.G.H A.B.C.D
!route add -net 10.40.60 -netmask 255.255.255.0 172.16.254.1
Firewall disabled for now - nothing other than sshd and isakmpd are running.
Thanks,
Matt
o gre from any
block log quick from
pass inet proto icmp all icmp-type {echoreq, unreach}
pass in on tun0 inet proto tcp from any to any port ssh keep state (max-src-conn
6, max-src-conn-rate 3/1, overload flush global) rdr-to 10.40.60.1
pass on em0 from to any
Penned by Matt S on 20110411 16:59.0
eed to specifically allow GRE traffic?
Thanks,
Matt
On 04/11/11 23:34, Matt S wrote:
> Hello Everyone:
>
> I am using 4.8 RELEASE. Given the following pf.conf, would anyone be able to
> tell me why gre0 is not being skipped?
>
> set skip on lo
> set skip on gre0
> se
DOH! I was following a how-to that showed two separate statements for set skip
on. Works great now! My apologies for the stupid question.
On Mon, Apr 11, 2011 at 2:34 PM, Matt S wrote:
> Hello Everyone:
>
> I am using 4.8 RELEASE. Given the following pf.conf, would anyone be able
Sorry, I forgot to mention that 10.40.65.0 is the remote network trying to
connect to this machine over the GRE tunnel
From: Matt S
To: misc@openbsd.org
Sent: Mon, April 11, 2011 2:34:58 PM
Subject: pf: set skip option
Hello Everyone:
I am using 4.8 RELEASE
.64.1 from 10.40.60.1 to set a state. Any help that you can provide
would be appreciated.
Thanks,
Matt
Hello All:
I have been following npppd and PIPEX with some excitement, especially the
support for L2TP. Do you know if npppd will be ready for OpenBSD 4.9 RELEASE
and enabled in the build?
Thanks very much,
Matt
Hello All:
I am thinking of purchasing a Dell i1018 netbook and was wondering if anyone
else uses it with OpenBSD 4.8. If so, I would really appreciate a copy of
the dmesg output. Dell is being a pain about providing specifics to me.
Thanks,
Matt
finalizing our attendee list as we speak, If interested please
visit our website or contact us at 1-866.704.7268 to register/ reserve
seating, if you have not already done so.
Additional discounts are available for groups that would like to
participate in this interactive workshop.
Thanks,
Matt Devine
Hi,
Emailed dev but think the mail was stripped because of attachments.
We have some racks of appro AMD blade servers that have been
decommissioned and are set to be disposed of. I got ok to donate some
or all.These were used in energy HPC environment for seismic data
processing. Email offl
The Grant Training Center
Professional Grant Development Workshop
Master the techniques of writing superior and winning proposals
Proposal Writing I: February 2 - 4, 2011
To be held at:
University of British Columbia
Vancouver, B.C.
Sponsored by: The Grant Training Center
Online at: Grant
hing and/or comprehension skills are lacking, could you send
a link this way?
Thanks,
Matt
A friend and I are both on dynamic IP residential broadband
connections. We both use OpenBSD boxes as edge devices.
We were wondering if it were possible to create an ipsec tunnel between
us, even though we both have dynamic public IPs.
The documentation I've read seems to suggest that at least
On Mon, Nov 1, 2010 at 6:10 AM, Jan Stary wrote:
> This is a good one again. Thanks!
>
>
Yeah! even fwd it to a couple of buddies not on the list. Surely
much more important things to talk about like why NFS is so fucking
slow on openbsd?
talk with IPsec devices that
use IPsec tunnel mode."
FSVO "usually"?
If this isn't currently possible, where would one start modifying code
given there's isakmpd(8), ipsecctl(8), and now iked(8) on the horizon?
Thanks
Matt
[1] http://www.faqs.org/rfcs/rfc3884.html
>> Any reason why you can't just use https and webserver?
No, not really, apart from the overhead / possible security problems of
code layers.
Is there any specific webbased solution you'd recommend on https ?
Quite possibly more of a 'which software' question:
I am looking for a way to have two parties share documents securely
through an OpenBSD server.
User A can not look into directory B but is allowed in dir C, that sort
of thing. Sharing occurs through untrusted / changing networks.
Obviously
On Wed, Aug 11, 2010 at 10:39 AM, Andres Genovez
wrote:
> 2010/8/11 Matt Bettinger :
>> I am looking for recommendations on an pci wireless (b/g) card that
>> will do hostap and wpa. I checked out the HCL and noticed the Zonet
>> 1600 is supported by ral
>>
>
I am looking for recommendations on an pci wireless (b/g) card that
will do hostap and wpa. I checked out the HCL and noticed the Zonet
1600 is supported by ral
http://www.openbsd.org/cgi-bin/man.cgi?query=ral&apropos=0&sektion=0&manpath=OpenBSD+Current&arch=i386&format=html
I couldn't find an 16
like for
each user to authenticate with their own certificate. I always do best with
examples so anyone that could provide one, it would be greatly appreciated.
I managed to get IPSEC working between two branch offices based on the man
page example.
Thank you in advance,
Matt
from any to any
pass in on $ip6if inet6 proto icmp6 icmp6-type {echoreq,unreach}
pass in on $ip6if inet6 proto tcp from any to $host port $tcp_services
pass in on $ip6if inet6 proto udp from any to $host port $tcp_services
Thank you,
Matt
ot a performance problem, but a misconfiguration one.
>
>> -Original Message-
>> From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of
> Matt
>> S
>> Sent: Wednesday, July 14, 2010 10:16 PM
>> To: misc@openbsd.org
>> Subject: kern
inet 0.0.0.0 255.255.255.255 NONE pppoedev bge0 authproto pap authname
"" authkey "" up
dest 0.0.0.1
!/sbin/route add default 0.0.0.1
Thank you,
Matt
Thank you everyone. I cannot believe I forgot to set up that static route
from the DSL modem back to the 10.40.60.0 network. Works like a charm. Next
comes ipv6!
On Jul 9, 2010, at 2:31 PM, Jussi Peltola wrote:
> On Fri, Jul 09, 2010 at 02:19:42PM -0700, Matt S wrote:
>> Given the
r out .
Thanks,
Matt
e. I have tried adding a host route to the
pptp server address but this still did not work. My guess is that I need a
policy route somewhere??
Thanks,
Matt
as we speak, if interested please
visit our website or contact us at 1-866.704.7268 to register/ reserve
seating.
Additional discounts are available for groups that would like to
participate in this interactive workshop.
Thanks,
Matt Devine
Grant Training Center
You received this e-mail due to
Claudio, Thank you for clarifying that. I somehow missed that tidbit.
On Tue, Jun 22, 2010 at 9:11 PM, Claudio Jeker wrote:
> On Tue, Jun 22, 2010 at 08:05:31PM -0700, Matt S wrote:
> > I apologize in advance if this subject has been addressed but I was
> unable
> > to turn
tun(4)? Is there any reason why I could not, say, perform IPSEC encryption
over a tun(4) tunnel?
Thank you in advance,
Matt
The Grant Training Center
Professional Grant Development Workshop
Master the techniques of writing superior and winning proposals
Proposal Writing I: July 12 - 14, 2010
To be held at:
University of British Columbia
Vancouver, B.C.
Sponsored by: The Grant Training Center
Online at: Grant T
That is unfortunate. I emailed theo if they could use some origin
350s but got no response. They have been recycled yesterday. I do
have sgi memory etc if needed.
Sent from my iPhone
On May 19, 2010, at 2:39 AM, syuu wrote:
Hi,
Does anyone can bring SGI Origin 350 to c2k10?
I'm planni
Why not use racoon? It is part of OSX base install and works.
Sent from my iPhone
On Apr 26, 2010, at 12:28 PM, Kapetanakis Giannis > wrote:
On 26/04/10 18:42, Bryan Irvine wrote:
On Fri, Apr 23, 2010 at 11:13 AM, jul wrote:
I use poptop (ports) with great success on built-in mac VPN cl
On Fri, Apr 2, 2010 at 1:06 PM, FRLinux wrote:
> On Fri, Apr 2, 2010 at 5:03 AM, Corey wrote:
>> I saw them, yes. Soekris Engineering says the net5501 itself draws 20W
> max.
>> My power supply is rated for 40W. I doubt that little miniPCI card draws
>> 20 watts.
>
> Yes, but how many amps?
>
re to
share how?
Any other pointers are appreciated too!
Thank you,
Matt
[1] http://php-fpm.org
[2] http://php-fpm.org/downloads/php-5.2.13-fpm-0.5.13.diff.gz
27;t cry
foul about reporting information back to the mothership like that. (I
couldn't find any inside MARC anyway when searching for installer-related
posts).
Thanks for taking the time, I appreciate the effort.
Matt
I have been installing OpenBSD 4.6 inside a VMWare ESXi 4.0 virtual machine
and ran into a strange behavior I can't explain... it seems to cache my
installation options between totally unrelated virtual machines. The
process goes like this:
I create a new 'Typical' virtual machine, select 'Other'
Had same issues with net 5501-70. I use a psu from a linksys wifi ap
and it is rock solid now.
Sent from my iPhone
On Feb 13, 2010, at 11:05 AM, daniel wrote:
I've been using a Net 4501 for several years now (since at least
OpenBSD 3.8) with no problems. I've recently added a mini-PCI
W
> but what is your point? that people should just be able to guess at
> commands and the system should do whatever the user is thinking it will
> do?
>
f...@trout:~> lame
If 'lame' is not a typo you can use command-not-found to lookup the
package that contains it, like this:
cnf lame
f...@t
On Sun, Jan 17, 2010 at 5:53 PM, Marco Peereboom wrote:
> It's crazy what a teenager around the house causes...
>
> It keeps him out of trouble...
>
> On Sun, Jan 17, 2010 at 03:28:49PM -0800, James Hozier wrote:
>> To be honest, I'd be a little worried if you didn't
>>
You might want to look at
of creating an SA between just the tunnel endpoints, it
was successfully negotiated but the packets just get dropped by the remote
end.
I'll post on Amazon's forums and see if there's any plan to support the
RFC3884 style way of doing this.
Cheers
Matt
ecause the
from+to tuple is identical so I'm configuring the same tunnel twice just with
a different peer and key. As long as the routing decides to use the tunnel
that is configured between the second peer, everything works, I can ping and
SSH to my EC2 instance, but if it switches to the
On Dec 15, 2009, at 6:22 PM, "Rod Whitworth"
wrote:
On Tue, 15 Dec 2009 23:35:32 + (UTC), Christian Weisgerber wrote:
I'm sure that original CF card would *eventually* fail if I kept
it in
service long enough...
Or some other hardware component. Or more likely, the whole system
bec
101 - 200 of 414 matches
Mail list logo