new rust-libtls crates

Hi, a bit off-topic, but a Rust-LibreSSL crossover: It seems that many people have written Rust crates for libtls. And most (or all) of them haven't been updated for years. I talked to the owner of libtls and libtls-sys and he assigned ownership of his libtls crates to me. Yesterday I

Re: OpenBSD on VMware ESXi

On Wed, May 22, 2019 at 01:43:35PM +0200, Janne Johansson wrote: > Den ons 22 maj 2019 kl 12:52 skrev Roderick : > > > Hallo! > > As far as I read in WWW, OpenBSD do run on VMware ESXi out of the box. > > What does run better on amd64 virtual machine? i386 or amd64? > > Are there reasons to

Re: relayd without pf?

> Am 14.05.2019 um 23:06 schrieb Adam Thompson : > >> On 2019-05-14 15:42, Adam Thompson wrote: >> OK, I'm pretty sure this is a dumb question, but... >> Does relayd work properly, or at all with pf disabled? (in 6.5-RELEASE) > > > I have partially answered my own question. That last

Re: Got hits Job offering in the mail

I’ve got it as well from a different random recruiter and it was addressed to the wrong name. I doubt that Apple is doing such unprofessional recruiting - It looks like some scam. Reyk > Am 02.05.2019 um 16:56 schrieb Dan Shechter : > > Got approached by a head hunter. > > If anyone in the

Re: Viewing SFP diagnostic data in OpenBSD ?

On Wed, Apr 10, 2019 at 12:11:34PM +0100, Stuart Henderson wrote: > On 2019/04/10 12:43, Reyk Floeter wrote: > > I have an em(4) with SFP in my FTTH gateway, a Lanner LEB-6032. I'd > > be happy to test any em(4) diff for it. > > > > I had to get a special SFP that

Re: Viewing SFP diagnostic data in OpenBSD ?

On Mon, Apr 08, 2019 at 02:25:28PM +1000, David Gwynne wrote: > > > > On 6 Apr 2019, at 01:54, Rachel Roch wrote: > > > > > > > > > > Apr 2, 2019, 11:19 PM by da...@gwynne.id.au: > > > >> > >> > >>> On 3 Apr 2019, at 04:52, Stuart Henderson <>> s...@spacehopper.org > >>>

Re: Broken links on http://www.openiked.org/

Thanks, I’m afk this weekend but I’ll take care afterwards. Reyk > Am 05.04.2019 um 19:24 schrieb Alex Naumov : > > Hey, > > it seems openiked.org is not maintained well. > 1. Copyright is just until 2015. > 2. There are some broken links on it: links to "CD's" and "Posters". > 3. Old

Re: QEMU + snapshots - pvclock0: unstable result on stable clock

Hi, thanks for the report. We’re going to disable pvclock until I found a solution. It seems that old KVMs or KVM on old CPUs report stable support incorrectly. Do you have a dmesg? Reyk > Am 03.12.2018 um 09:26 schrieb Zach Nedwich : > > Hi all, > > I'm running OpenBSD snapshots on QEMU

Re: rying to get meta-data configured for cloud-image VMM instances

https://www.openbsd.org/faq/current.html#r20180613b I can respond in more details when I’m back online later this week. Reyk > Am 16.07.2018 um 20:29 schrieb Ax0n : > > On Mon, Jul 16, 2018 at 4:56 AM, Rickard von Essen < > rickard.von.es...@gmail.com> wrote: > >> It looks like cloud-init in

Re: Rewards of Up to $500,000 Offered for OpenBSD Zero-Days (and other dist.)

Are you advertising this crap on our list? I hope somebody steps up and donates $500,000 to the OpenBSD foundation instead. > Am 30.06.2018 um 23:11 schrieb Szekeres Dani : > > Just read: > >

Re: add HISTORY to ldap.1

OK reyk@ (please send diffs to tech@ not misc@) > Am 03.07.2018 um 21:20 schrieb Rob Pierce : > > Ok? > > Index: ldap.1 > === > RCS file: /cvs/src/usr.bin/ldap/ldap.1,v > retrieving revision 1.7 > diff -u -p -r1.7 ldap.1 > ---

Re: sgtty.h

On Mon, Jun 11, 2018 at 05:05:02PM +0200, Pau wrote: > Hello: > > I am trying to compile a very old piece of software, supermongo, on -current. > > The first complain I get from gmake is that > > get1char.c:26:14: fatal error: 'sgtty.h' file not found > #include > ^ >

Re: attach chroot-jail to switchd(8) ?

switchd is already privsep‘ed with a chroot jail. But I don’t quite understand what you mean. > Am 23.05.2018 um 10:35 schrieb Thomas Huber : > > Hi all, > > I´m just tinkering a little bit and try to mimic some "containerization" on > OpenBSD with chroot. Is it somehow

Re: Please Advise on licencing

Hi, the license is your choice ;-) But we use ISC for new code in OpenBSD and I also use for all other open source code these days. See: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/share/misc/license.template?rev=1.3=text/x-cvsweb-markup http://www.openbsd.org/goals.html And:

Re: OpenBSD as Open Networking OS

Yes, I'm very interested in this but there is no "open" hardware. As Mischa mentioned, all of the platforms need vendor drivers and AFAIK all of them are gigantic and non-free *. OpenFlow is an alternative to control switches in a standard way without direct access to the switch chipsets, but it

Re: dhcrelay broken after Apr 5

> On 05.07.2017, at 11:50, Kapetanakis Giannis <bil...@edu.physics.uoc.gr> > wrote: > > On 05/07/17 12:45, Reyk Floeter wrote: >> >>> On 05.07.2017, at 11:41, Kapetanakis Giannis <bil...@edu.physics.uoc.gr> >>> wrote: >>> >>&g

Re: dhcrelay broken after Apr 5

> On 05.07.2017, at 11:41, Kapetanakis Giannis <bil...@edu.physics.uoc.gr> > wrote: > > On 04/07/17 19:09, Reyk Floeter wrote: >> Could you try again with the attached diff? It doesn't change >> behavior but it adds some chatty logging when a packet is rejec

Re: dhcrelay broken after Apr 5

Hi, On Tue, Jul 04, 2017 at 02:41:30PM +0300, Kapetanakis Giannis wrote: > Hi, > > Just upgraded a set of my firewalls that also do dhcrelay to -current. > > The program stopped working ok. Some dhcp requests where being forwarded some > not. > > tcpdump was showing the request on internal

Re: Can I use OpenBSD in a virtual machine, for example, VirtualBox?

On Mon, Jul 03, 2017 at 02:36:20PM -0400, J Doe wrote: > > >> On 27 Jun 2017 10:45 am, "Stuart Henderson" wrote: > >> > >>> On 2017-06-26, Josh Stephens wrote: > >>> I could be wrong when I say this but the only gotcha that you will run > >> into > >>>

Re: /usr/sbin/httpd and chunked transfer encoding

Hi, you cannot disable it and this Android client is broken. "A recipient MUST be able to parse and decode the chunked transfer coding." https://tools.ietf.org/html/rfc7230#section-4.1 Reyk > Am 08.05.2017 um 03:06 schrieb johnw : > > Hi, After installed

Re: DHCP in vmm guest

> On 04.05.2017, at 16:13, Jiri B <ji...@devio.us> wrote: > > On Thu, May 04, 2017 at 03:49:27PM +0200, Reyk Floeter wrote: >> So you have the VM interface and the host interface on a bridge: >> dhclient on the host "steals" all DHCP packets via BPF. >

Re: DHCP in vmm guest

So you have the VM interface and the host interface on a bridge: dhclient on the host "steals" all DHCP packets via BPF. Try to pkill dhclient on the host and the VM should be able to get DHCP. There is currently no solution for that, it is the way our dhclient works, you can try to run the VM

Re: pledge for sockets

> Am 26.04.2017 um 13:38 schrieb Luke Small : > > Pledge will presumably have per process (including fork()ed process) **path > limitations on rpath rpath and wpath calls, why not limitations on inet and > unix? We usually want to isolate our network speakers from the

Re: tinc on openBSD?

On Thu, Apr 27, 2017 at 07:51:18AM +0200, Harald Dunkel wrote: > Hi folks, > > AFAICS tinc is included in the packages for 6.1, but surely > that doesn't mean its safe to use without looking. > > Are there security concerns against running tinc on an OpenBSD > gateway as an alternative to IPsec

Re: Arch and vmd

On Wed, Apr 26, 2017 at 11:15:57AM -0700, Mike Larkin wrote: > On Wed, Apr 26, 2017 at 06:47:17PM +0200, Karl Pettersson wrote: > > Arch Linux works well as a vmd guest. Some notes about my experiences > > installing the system: > > > > * The Arch installation can be started from the serial

Re: spamd and outlook.com

On Fri, Apr 21, 2017 at 01:52:05PM +0200, Boudewijn Dijkstra wrote: > Op Fri, 21 Apr 2017 12:16:31 +0200 schreef Reyk Floeter <r...@openbsd.org>: > > On Fri, Apr 21, 2017 at 11:59:20AM +0200, Peter N. M. Hansteen wrote: > > > On Fri, Apr 21, 2017 at 11:25:14AM +0

Re: spamd and outlook.com

https://home.nuug.no/~peter/nospamd > I use the attached script to fetch the SPF entries recursively, in a plain text format that can be fed into pfctl. outlook.com gives me 82 networks. Reyk ---snip--- #!/usr/bin/perl # Copyright (c) 2016 Reyk Floeter <r...@openbsd.org> # # Permission to u

Re: iked/IKEv2 issue with 6.1

On Thu, Apr 20, 2017 at 04:03:38PM -0400, Igor V. Gubenko wrote: > Hello everyone, > > OpenIKED just doesn't seem to like me much. > > I managed to get it working around 5.8 but from upgrade to upgrade I > encountered different issues. > > I have 3 tunnels using IKEv2. 2 are using a PSK, and 1

Re: OpenBSD httpd and HTTP/2

On Fri, Mar 31, 2017 at 09:14:10AM +0200, Marina Ala wrote: > Hello! > > When will the httpd have HTTP/2 support in OpenBSD? > > Endpoints, webservers and the devices/networs between the two points would > greatly benefit from HTTP/2. > > Faster and less traffic. > > Thanks. > Isn't

Re: UEFI and Hyper-v

On Mon, Mar 27, 2017 at 10:46:00AM +0200, Reyk Floeter wrote: > btw. Is there any reason or benefit to use Gen 2? AFAIK, it is only > for Windows for secure boot etc. I think Gen 1 is fine for OpenBSD, > you even have the hvn(4) and the hyperv(4) drivers now. Even the > latest machi

Re: UEFI and Hyper-v

Hi, I tried it once with a custom ISO but didn't get any further than the OpenBSD UEFI boot loader. At this point, it couldn't find the disk so I couldn't get to boot OpenBSD. But this was in the early stages of our UEFI support. So we seem to miss some EFI drivers for Hyper-V Gen 2. If you

Re: Running OpenBSD on Hypervisor

> Am 08.03.2017 um 07:22 schrieb Phil Eaton : > > I have OpenBSD (and FreeBSD) running on Linode VMs (on a KVM host) and it > works well enough. I'm more than hazy on the details, but the issue as far > as I'm aware is that OpenBSD does not yet have full support for virtio.

Re: Running OpenBSD on Hypervisor

Hi, what exactly is your question? Nowadays OpenBSD runs by default on: - OpenBSD vmm - Xen (HVM modes) - Hyper-V - VMware - KVM - VirtualBox - bhyve - qemu (also aarch64 and others) - sun4v logical domains - ... We have PV drivers for all of them in GENERIC. Reyk > Am 08.03.2017 um 07:07

Re: From SHA1 to SHA256 in dhcpd sync

> On 27.02.2017, at 16:10, Theo de Raadt wrote: > >>> >>> A patch to get away from SHA1 in dhcpd >>> >> >> HMAC-SHA1 is not affected by the published collision, but I'm not >> against switching the sync protocol to SHA2. Performance also doesn't >> matter that much here as

Re: From SHA1 to SHA256 in dhcpd sync

On Sat, Feb 25, 2017 at 04:15:07PM +0100, Denis Fondras wrote: > Hi, > > A patch to get away from SHA1 in dhcpd > HMAC-SHA1 is not affected by the published collision, but I'm not against switching the sync protocol to SHA2. Performance also doesn't matter that much here as the typical sync

Re: http 408 messages in httpd logs

> Am 14.02.2017 um 11:27 schrieb trondd : > >> On Tue, February 14, 2017 1:48 pm, Walter Alejandro Iglesias wrote: >> Starting from Feb 11 my httpd logs are filled with 408 messages: >> >> roquesor.com 79.xxx.150.xx4 - - [14/Feb/2017:15:48:32 +0100] "GET / >> HTTP/1.1" 200

Re: http 408 messages in httpd logs

> Am 14.02.2017 um 10:48 schrieb Walter Alejandro Iglesias : > > Starting from Feb 11 my httpd logs are filled with 408 messages: > > roquesor.com 79.xxx.150.xx4 - - [14/Feb/2017:15:48:32 +0100] "GET / HTTP/1.1" 200 2535 > roquesor.com 79.xxx.150.xx4 - - [14/Feb/2017:15:48:32

Re: OpenBSD 6.0, httpd chroot & nfs

Hi, On Tue, Feb 14, 2017 at 07:24:17AM -0700, Steve Williams wrote: > Hi, > > I have a web based application (Gallery 3) on one web server with a > fairly large number of photos. > > I have nfs mounted that folder onto a new APU2 system with OpenBSD 6.0 > on it. >

Re: relayd send/expect syntax

On Tue, Feb 07, 2017 at 05:04:18PM -0500, Michael W. Lucas wrote: > host 104.236.197.233, check send expect (9020ms,tcp read timeout), state > unknown -> down, availability 0.00% The send/expect code looses its error because of its async nature - it goes like: 1. "we got data, let's verify it"

Re: PC-Engines apu2c4 install reboot loop :(

On Tue, Jan 10, 2017 at 03:26:01PM -0700, Scott Seekamp wrote: > Also, are you setting the serial port of the loader: > > stty pc0 115200 You don't need this line, the tty will be switched to com0. > stty com0 115200 > set tty com0 > I think this will solve the problem. The APU2 doesn't

Re: relayd[66834]: relayd: socketpair: Too many open files

dmesg please > Am 03.01.2017 um 22:16 schrieb Kevin : > > Hey gang, > > So I'm putting a new firewall in place and have run into issues with > getting relayd to start using: > > # /etc/rc.d/relayd start > > When I try starting it like that inevitably I get: > >

Re: vmm use only one core but 100%

> # dmesg > OpenBSD 6.0-stable (DEV.MP) #1: Thu Dec 15 22:11:22 CET 2016 Use -current (a snapshot) or wait until 6.1 - 100% CPU was normal in 6.0's vmm busy loop. Reyk

Re: vmm use only one core but 100%

The 100% CPU has been fixed a while ago. You should at least show a dmesg of the host. > > Hi, > > I run VMM end it uses only a single core but 100%. What I do bad? > > > my /etc/vm.conf > #-- >

Re: bgplg httpd "ping: socket: Permission denied"

On Wed, Dec 14, 2016 at 03:14:51PM +0100, Jeremie Courreges-Anglas wrote: > Reyk Floeter <r...@openbsd.org> writes: > > > On Tue, Dec 13, 2016 at 02:03:37PM -0500, Michael W. Lucas wrote: > >> On Tue, Dec 13, 2016 at 02:21:51AM +0100, Jeremie Courreges-Anglas wrot

Re: bgplg httpd "ping: socket: Permission denied"

On Tue, Dec 13, 2016 at 02:03:37PM -0500, Michael W. Lucas wrote: > On Tue, Dec 13, 2016 at 02:21:51AM +0100, Jeremie Courreges-Anglas wrote: > > "Michael W. Lucas" writes: > > > > > Hi, > > > > Hi, > > > > > Running the 12/12 snapshot, amd64. > > > > > > I'm setting

Re: Setting MAC address of vm in vm.conf with lladdr

On Sun, Dec 04, 2016 at 09:55:32AM -0600, Eric Brown wrote: > Dear List, > > I am using the current snapshot (Dec 3 as of this post), and I am trying > to set the MAC address of a vm host in vm.conf. > > However, the MAC address reported by ifconfig -a seems to change with > each restart. The

Re: Setting MAC address of vm in vm.conf with lladdr

Hi, you are second person who repots this since Friday, I will check tomorrow if lladdr in vm.conf got broken. The config looks OK. Reyk > Am 04.12.2016 um 16:55 schrieb Eric Brown : > > Dear List, > > I am using the current snapshot (Dec 3 as of this post), and I am

Re: IPv6 Setup not working on Hetzner server

Hi, > On 02.12.2016, at 12:55, Leo Unglaub wrote: > > Hey friends, > i have the exact same problem as Heiko had more than one year ago here > on this mailinglist. See > http://marc.info/?l=openbsd-misc=143231965324314=2 > > Sadly his temporary solution does not work for me

Re: How should vmm hosts access the internet?

> Am 13.10.2016 um 16:18 schrieb Dimitris Papastamos : > >> On Thu, Oct 13, 2016 at 03:43:54PM +0200, Stefan Sperling wrote: >>> On Thu, Oct 13, 2016 at 02:23:20PM +0100, Edd Barrett wrote: >>> Hi, >>> >>> Since vmm is now enabled, I thought I would have a play. >>> >>> So far so

Re: System monitor in base?

On Fri, Sep 02, 2016 at 05:02:07PM -0700, Aioi Yuuko wrote: > Sorry, I was vague in my original email: What I meant was, I'm aware that > there are ways of getting it off the command line; I'm mostly curious about > getting it on my desktop so it's easy to glance at. Would my best bet be >

Re: How to turn off disk elevator

> On 13.07.2016, at 13:07, Mike Belopuhov wrote: > > On Wed, Jul 13, 2016 at 12:48 +0200, Peter N. M. Hansteen wrote: >> On Wed, Jul 13, 2016 at 12:39:14PM +0200, Christian Rner wrote: Hello, you should use virtio drivers for the disk in KVM. >>> >>> I already use

Re: can't run multiple instances of httpd, flags not visible in processes

On Wed, Jan 27, 2016 at 01:49:30PM +0100, Antoine Jacoutot wrote: > On Wed, Jan 27, 2016 at 12:30:08PM +0100, Reyk Floeter wrote: > > On Wed, Jan 27, 2016 at 06:12:22AM -0500, Jiri B wrote: > > > Hi, > > > > > > I can't run multiple instances of httpd via rc.d

Re: can't run multiple instances of httpd, flags not visible in processes

> On 27.01.2016, at 23:31, Stuart Henderson <s...@spacehopper.org> wrote: > > On 2016-01-27, Antoine Jacoutot <ajacou...@bsdfrog.org> wrote: >> On Wed, Jan 27, 2016 at 12:30:08PM +0100, Reyk Floeter wrote: >>> On Wed, Jan 27, 2016 at 06:12:22AM -0500, Jiri B w

Re: can't run multiple instances of httpd, flags not visible in processes

On Wed, Jan 27, 2016 at 06:12:22AM -0500, Jiri B wrote: > Hi, > > I can't run multiple instances of httpd via rc.d as I can't distinguish > between httpd instances. ps aux never show flags passed to httpd. > > Could httpd be extended to show flags like sshd does it? > > root 15681 0.0 0.1

Re: Building AMI for AWS EC2

On Thu, Jan 21, 2016 at 07:36:01AM +0100, Antoine Jacoutot wrote: > > There are a couple public AMIs available, but I'm curious as to how they are > > built. It'd be pretty cool to be able to build a given snapshot into an AMI, > > rather than be dependent on whomever is creating the public ones.

Re: Building AMI for AWS EC2

On Wed, Jan 20, 2016 at 08:56:25PM -0800, Jonathon Sisson wrote: > On Wed, Jan 20, 2016 at 02:51:21PM -0800, Simon McFarlane wrote: > > Hi all, > > > > Now that the Xen guest stuff is getting some love, I think it would be fun > > to toy around with OpenBSD on EC2 (particularly because of EBS --

Re: vmm(4) status?

On Wed, Jan 20, 2016 at 05:44:36PM +0100, Christian Weisgerber wrote: > I was wondering about the status of OpenBSD's vmm(4) hypervisor. > Is it ready for some limited use, say, testing a port in an i386 > VM on an amd64 host? > > (TL;DR: nope.) > > There's little information, so I decided to

Re: OpenBSD on GitHub

On Sun, Aug 05, 2012 at 05:35:47PM -0400, Kenneth R Westerback wrote: > On Sun, Aug 05, 2012 at 03:00:04PM -0400, Ted Unangst wrote: > > On Sun, Aug 05, 2012 at 10:46, Darrin Chandler wrote: > > > On Sat, Aug 04, 2012 at 07:05:38PM +0200, Marc Espie wrote: > > >> Well, git just has a different set

Re: bridge fails to broadcast ARP from gif tunnel

On Tue, Dec 01, 2015 at 10:07:12AM +0100, Kazuya GODA wrote: > Hi, > > It seems to bridge doesn't forward broadcast/multicast frames from gif. > This pathc will fix this problem, so would you try it? > > Thanks, > > - Goda > that matches the behaviour of -r1.239 before the enqueue changes.

Re: OpenBSD 5.8 on VMware 5.5

Hi, On Tue, Dec 01, 2015 at 01:50:57PM -0200, Felipe Gomes wrote: > I've been trying to search for more information on OpenBSD as a VMWare > guest, but I wasn't able to find much... and the information is pretty much > outdated. > > What are the recommendations for OpenBSD 5.8 (amd64) as a guest

Re: TLS intercepting proxy [MitM]

On Tue, Nov 24, 2015 at 01:05:34AM +0100, Stefan Wollny wrote: > Am 11/23/15 um 23:41 schrieb Lampshade: > >Hello, > >I would like to use privoxy to scrub/delete > >some informations in application layer (HTTP) going out from my PC. > >Problem is that a lot of connections are secured with TLS, so

Re: Bridge and blocknonip

On Sat, Nov 21, 2015 at 04:22:51PM +0100, Momtchil Momtchev wrote: > Hello, > > Sorry for what may appear to be a strange question, but shouldn't there > be a check against IFBIF_BLOCKNONIP in bridge_output() in > sys/net/if_bridge.c? > Why? bridge_output() is used for packets that are

Re: Iked, ca_getreq: no valid local certificate found

Copy ikeca.cnf from the ipsecctl source tree to /etc/ssl/ and retry. http://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/src/usr.sbin/ikectl/ikeca .cnf The openssl.cnf version broke and we somehow didn't install ikeca.cnf by default. Reyk > On 05.11.2015, at 08:28, Toyam Cox

Re: Ntpd(8) in current: server (IP numerical) not used

I tested and verified your fix, thanks! OK reyk@ On Sat, Oct 31, 2015 at 02:00:08PM +0100, Christian Weisgerber wrote: > Gerald Hanuer: > > > Ntpd(8) in current: server ("IP numerical") not being used, FQDN works. > > > > ### Works as expected. > > server time1.google.com > > > > ###

Re: OS X 10.11 'El Capitan' IKEv2

On Sun, Aug 16, 2015 at 11:28:24PM +0300, Or Elimelech wrote: > Hello misc, > > Has anyone connected successfully between the new OS X ikev2 impl. To an > OpenBSD box? > > Thanks in advance. > I got the official update and I successfully connected from El Capitan to OSX. I did it without

Re: httpd client certificate authentication in OpenBSD5.8

On 25.08.2015, at 15:10, Torsten tmp...@4ss.de wrote: | Will httpd in OpenBSD 5.8 support client certificates At least not until LibreSSL's libtls supports it. See https://github.com/reyk/httpd/issues/23 Thanks for the hint! For my purpose Client Cert authentication is mandatory and

Re: iked rsa pki configuration

On Wed, Aug 19, 2015 at 03:50:47PM +0200, Sebastien Marie wrote: On Wed, Aug 19, 2015 at 10:33:54AM +0200, Reyk Floeter wrote: In this case, LibreSSL was Theo who unintentionally broke ikectl. I attached a diff that generates new .cnf files by expanding the variables in the source

Re: iked rsa pki configuration

On Wed, Aug 19, 2015 at 02:04:47PM +1000, Jonathan Gray wrote: On Tue, Aug 18, 2015 at 09:22:14PM +0200, Reyk Floeter wrote: On Tue, Aug 18, 2015 at 02:26:29PM +, Jona Joachim wrote: Hi, I'm currently trying to setup a road warrior IKEv2 IPSEC tunnel between two OpenBSD boxes

Re: iked rsa pki configuration

On Tue, Aug 18, 2015 at 02:26:29PM +, Jona Joachim wrote: Hi, I'm currently trying to setup a road warrior IKEv2 IPSEC tunnel between two OpenBSD boxes running a recent amd64 snapshot. The client is behing a NAT. The setup works with a PSK but I cannot make it work with RSA certificates.

Re: OS X 10.11 'El Capitan' IKEv2

On Sun, Aug 16, 2015 at 11:28:24PM +0300, Or Elimelech wrote: Hello misc, Has anyone connected successfully between the new OS X ikev2 impl. To an OpenBSD box? No, we don't have the beta. Reyk

Re: Microsoft Now OpenBSD Foundation Gold Contributor

On Wed, Jul 08, 2015 at 10:12:44AM -0400, Kenneth R Westerback wrote: The OpenBSD Foundation is happy to announce that Microsoft has made a significant financial donation to the Foundation. This donation is in recognition of the role of the Foundation in supporting the OpenSSH project. This

Re: panic during boot of 5.7 in de(4) running in Hyper-V

On Tue, Jun 23, 2015 at 09:08:25PM -0600, Theo de Raadt wrote: I looked into this last year but lost interest. It seems like the DMA buffer is being placed past the UVM constraint for DMA ( eg 4GB). A configuration buffer is in the softc. It should be allocated to be dma-reachable.

Re: sogo, httpd(8) and the rewrite need

On 14.06.2015, at 18:08, Joel Carnat j...@carnat.net wrote: Hi, I was going to install SOGo on OpenBSD 5.7 using the native httpd(8). In the readme, there are configuration examples for nginx and apache-httpd-openbsd. Nothing for the new httpd. There are rewrite/redirect features that I

Re: wscons, variants and X11

On Sat, May 30, 2015 at 09:30:56PM +0100, Sevan / Venture37 wrote: Hi, It seems that there is no X11 configuration needed for a US keyboard layout with Dvorak variant (us.dvorak) if wscons is already set for this layout. Adding a second variant (in this case swapctrlcaps) to config causes X11

Re: Httpd perfect forward secrecy

On Mon, May 18, 2015 at 07:43:26PM +0200, Martijn Rijkeboer wrote: Hi, I've just switched my webserver from 5.6/nginx to 5.7/httpd and was testing my TLS setup using SSL Labs[1]. The SSL Labs test indicates that my setup doesn't support forward secrecy. Is this not implemented in the 5.7

Re: relayd.conf man page question

On Fri, May 15, 2015 at 08:30:14PM +0100, Jason McIntyre wrote: On Wed, May 06, 2015 at 09:15:17PM +0200, Alex Greif wrote: Hi, while reading the relayd.conf man page, I found the following unclear paragraph: ... RELAYS listen on address [port port] [tls] ... If the port

Re: OpenBSD and 40G/100G ethernet cards

Hi, On 03.03.2015, at 23:09, Theron ZORBAS theronzor...@yahoo.com wrote: Hi, Is there any plan to support 40G/100G ethernet cards? You may see a vendor's product in this category at this link: http://www.mellanox.com/page/ethernet_cards_overview Thanks Theron if there is hardware

Re: Last snapshots won't install on VMWare ESXi or getting ether_output panic

Hi, I haven't seen such crashes. Can you provide more information incl. dmesg and .vmx file of the VM? Reyk On 25.02.2015, at 18:55, Romain FABBRI romain.fab...@alienconsulting.net wrote: On last snapshots I can't complete the install when installing as a guest VM in VMWare ESXi 5.5.

Re: gzip compression in httpd

On Mon, Feb 16, 2015 at 02:46:27AM +0600, �?�?�?�?�? �?�?�?омин wrote: On Sun, Feb 15, 2015 at 07:20:53PM +, Florian Obser wrote: On Sun, Feb 15, 2015 at 07:11:48PM -, Merci Brault wrote: Does the new httpd support gzip compression? No. Planned? No.

Re: Hannover BSD meetup

told them we don't know how many people - we announced it publically in the Internet ;) Ok, time to pack my stuff and to leave #s2k15 and Australia... Reyk On Thu, Jan 22, 2015 at 03:02:30PM +0100, Reyk Floeter wrote: Hi, we figured out that there are more BSD people in the Hannover area

Re: Hannover BSD meetup

I'm amazed about the feedback on twitter and misc; it will definitively happen. Thanks! And I'm sure that people in Munich can find others to have their own OpenBSD Haxn-und-Mass-Oktoberfest every now and then ;) Reyk On Thu, Jan 22, 2015 at 03:02:30PM +0100, Reyk Floeter wrote: Hi

Hannover BSD meetup

Hi, we figured out that there are more BSD people in the Hannover area, Germany, which seems to be a good reason to meet and get beer. We're not quite a user group, but let's give it a try. We're a few developers and users, mostly from OpenBSD but the other ones are welcome. We don't have a

Re: What are the disadvantages of soft updates?

On Thu, Jan 22, 2015 at 09:02:51AM -0500, Steve Shockley wrote: On 1/21/2015 5:50 AM, frantisek holop wrote: but in my experience it is not that hard to get a corrupted filesystem with softupdates and i had to stop using it. but i seem to attract panics and page faults. I've personally

Re: 500 httpd error with owncloud

Hi, On Sun, Dec 28, 2014 at 10:41:01AM +0100, Clemens Goessnitzer wrote: I installed the owncloud server from ports, and tried to get it running with the new httpd. Unfortunately, I get a 500 Internal Server Error once I log in. However, the login page is shown perfectly fine. Here is the

Re: 500 httpd error with owncloud

On Wed, Jan 07, 2015 at 06:03:23PM +0100, Stefan Sperling wrote: On Wed, Jan 07, 2015 at 05:53:24PM +0100, Reyk Floeter wrote: # First deny access to the specified files # (as a workaround, run 'mkdir -p 0 /var/www/forbidden' first) ^ mkdir -m

Re: PRG airport in misc

On Sun, Jan 04, 2015 at 12:08:44PM +0100, Jan Stary wrote: The PRG airport has been renamed in honor of Vaclav Havel quite some time ago. Jan Thanks, done. Index: airport === RCS file: /cvs/src/share/misc/airport,v

Re: httpd and ~user directories

On Sat, Jan 03, 2015 at 10:33:52PM +0100, Tor Houghton wrote: Hello, I'm wondering if there is a plan to add support for ~user style URL expansion to the new httpd. I've tried fudging it for 'someuser' by adding the following to the default server within /etc/httpd.conf, but to no avail:

Re: httpd: multiple addresses for one server

On Thu, Jan 01, 2015 at 11:54:46PM -0500, Geoff Steckel wrote: Is there any way todo the equivalent of: server an.example.com listen on 192.168.2.99 listen on 2001.fefe.1.1::99 ?? It appears that the code in parse.y explicitly forbids this and the data structures for a server

Re: httpd(8) - Update index docs to HTML5

Hi, On Thu, Jan 01, 2015 at 01:20:49AM -0600, James Jerkins wrote: Hello, Based on the W3c moving HTML5 to Recommendation status on October 28, 2014, (http://www.w3.org/2014/10/html5-rec.html.en) these two patches update the built-in index documents in httpd(8) to HTML5. Thanks for the

Re: Best way forward w.r.t. apache/nginx/httpd?

On Mon, Dec 29, 2014 at 10:41:26PM +, Stuart Henderson wrote: b) Migrate to nginx This seems to be the least interesting option - not only do I have to migrate now, but once more in the future, as nginx is also on the way out (so, the same developer attention caveat applies as

Re: OpenBSD projects

On Sat, Dec 27, 2014 at 07:32:06PM -0500, Predrag Punosevac wrote: I was too quick with my earlier message. I don't think anybody mentioned OpenBSD implementation of dhcp server and client. IIRC FreeBSD uses OpenBSD version of the client for its base installation. Traditionally FreeBSD

Re: OpenBSD projects

On Fri, Dec 26, 2014 at 09:42:18AM -0800, jungle Boogie wrote: Hello All, Here's a list of projects that I'm aware of that openBSD created. Is that correct? (p) is for portable. What else am I missing? openssh (p) opensmtpd (p) mandoc (p) openntpd (p) openbgpd libressl (p) openiked

Re: openhttpd

On Sat, Dec 20, 2014 at 08:33:00PM -0600, Edgar Pettijohn wrote: Is there a mailing list for openhttpd? Also all the links on openhttpd.net are broken. thanks I don't know what openhttpd.net is, but it is not related to us. The page is not even new. Reyk

Re: httpd

On Tue, Nov 18, 2014 at 02:20:40PM +0200, Gregory Edigarov wrote: Hi, While downloading a big file from httpd it eats somewhere from 77 to 100% or even 150% cpu. Do you have any more details? OK, you're running -current. But how big is your big file? What is your httpd configuration?

Re: httpd

On Tue, Nov 18, 2014 at 03:22:36PM +0100, Reyk Floeter wrote: On Tue, Nov 18, 2014 at 02:20:40PM +0200, Gregory Edigarov wrote: Hi, While downloading a big file from httpd it eats somewhere from 77 to 100% or even 150% cpu. Do you have any more details? OK, you're running -current

Re: IPv6 nonfunctional after upgrade from 5.5 to 5.6

Hi, can you show us the contents of your hostname.* and mygate files? What are the specific configuration steps? Reyk Am 03.11.2014 um 18:04 schrieb Sly Midnight slymidni...@yahoo.com: Hello everyone. I am new to this list but I am in need of some help. I have been running OpenBSD

Re: Netasq now named Stormshield Firewalls

Hi, Am 28.10.2014 um 21:55 schrieb Romain FABBRI romain.fab...@alienconsulting.net: I found something interesting today playing with a Netasq F150 (rebranded Stormshield firewall). The firewall OS (named ASQ) is based on the top of FreeBSD. When I looked at the internal text files

Re: how to debug iked failures?

On Tue, Aug 12, 2014 at 11:39:11AM +0200, Markus Wernig wrote: On 08/10/2014 03:09 PM, Reyk Floeter wrote: Just try to increase the number of vs to get more info, for example, iked -dvv or iked -dvvv to get packet dumps. Thanks for the hint. That brought some progress. I've now switched

Re: nginx in the default newsyslog.conf

Related issue: If you are running httpd, any attempt to signal nginx will be futile. For httpd, use the following command instead: pkill -USR1 -u root -U root -x httpd (or just pkill -USR1 httpd) Reyk

Re: how to debug iked failures?

On Tue, Aug 12, 2014 at 06:57:50PM +0200, Markus Wernig wrote: On 08/12/2014 05:39 PM, Markus Wernig wrote: But really, I think this is the problem: Aug 12 16:56:18 tunnel iked[22215]: ikev2_childsa_enable: loaded CHILD SA spi 0xcb320247 Aug 12 16:56:18 tunnel iked[22215]: pfkey_flow:

  1   2   3   4   >