Re: reverse proxy with relayd(8) (but not nginx)

2017-06-29 Thread Alistair Meney
There's many example configs online, one example like yours is at https://www.reddit.com/r/openbsd/comments/3qb2c4/some_observations_about_relayd/ On Thu, Jun 29, 2017 at 4:40 PM, Manuel Giraud wrote: > Hi, > > I'd like to setup a http reverse proxy where

Re: Jumbo frames on Octeon

2017-06-29 Thread Joe Holden
On 29/06/2017 12:06, Visa Hankala wrote: > On Tue, Jun 27, 2017 at 07:57:42PM +0100, Joe Holden wrote: >> It looks like setting the mtu on cnmac interfaces doesn't quite work as >> expected, whatever the mtu is set to the upper limit appears to be 1510 >> as although it will transmit frames of any

Re: ipmi driver broken

2017-06-29 Thread Paul B. Henson
> From: Ted Unangst > Sent: Wednesday, June 28, 2017 8:50 PM > > i'm afraid i won't make a very good ipmi maintainer, but i think i applied the > patch in the right spot. Cool, thanks; much appreciated.

Re: ipmi driver broken

2017-06-29 Thread Paul B. Henson
> From: Theo de Raadt > Sent: Wednesday, June 28, 2017 8:41 PM > > If you want it working, you will need to get it fixed. On all > machines, so that we can renable it. I definitely don't want to be one of those entitled people demanding work from developers without providing anything that you

New OpenBSD meetUP group at Quebec city

2017-06-29 Thread Franck Rupin
Hi everyone, few words to let you know that I recently opened up an OpenBSD meetUP group at Quebec city. If anyone of you wants to join us you are very welcome. We would like to schedule the first meeting in July. Here the link to the group: https://www.meetup.com/Quebec-OpenBSD-Meetup/

reverse proxy with relayd(8) (but not nginx)

2017-06-29 Thread Manuel Giraud
Hi, I'd like to setup a http reverse proxy where http://foo.org/someapp is forwarded to 127.0.0.1:8081 and http://foo.org/* is forwarded to somewhere else. AFAIU, it is not possible with httpd(8) so I'm trying to do this with relayd(8). There is an example in httpfiler protocol in

BGP vpnv4 prefixes in RIB, not in FIB

2017-06-29 Thread brad hendrickse
Hi folks, I have a problem with routes learnt from BGP vpnv4 not being inserted into the FIB I'd expect. A tcpdump on the OpenBSD box shows we are receiving the prefixes (from a Cisco) with the labels intact. The MPE interface is configured in rdomain 1 with MPLS label 200. The loopback

Re: OpenBSD IPSec setup

2017-06-29 Thread Jasper Siepkes
I know I'm venturing of topic but I can't resist. I'll go for OpenBSD with IPSec any day. Only last week OpenVPN had a security fallout: https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenVPN243 One of these exploits even has a high probability of being remotely exploitable.

[no subject]

2017-06-29 Thread John Ireland
unsubscribe misc

Re: Jumbo frames on Octeon

2017-06-29 Thread Visa Hankala
On Tue, Jun 27, 2017 at 07:57:42PM +0100, Joe Holden wrote: > It looks like setting the mtu on cnmac interfaces doesn't quite work as > expected, whatever the mtu is set to the upper limit appears to be 1510 > as although it will transmit frames of any arbitary size (e.g 2000 > bytes), the reply

Re: OpenBSD IPSec setup

2017-06-29 Thread Marko Cupać
On Thu, 29 Jun 2017 12:32:01 +0200 Luescher Claude wrote: > Why are you using ipsec in the 21th century: Because it is in OpenBSD base. Because, at least on OpenBSD, it integrates great with the rest of networking ecosystem (carp, sasync, ospf, pf etc.) Because it pays my

Re: OpenBSD IPSec setup

2017-06-29 Thread Daniel Gracia
My two-cents: * IPsec hardware crypto is supported for a lot more platforms than OpenVPN out of the box, so IPsec uses to be noticeably faster. i.e, and UBNT Edgerouter Lite will give me about 20Mbps over OpenVPN vs almost 1Gbps (line rate) over IPsec. * IPsec code in OpenBSD is audited, OpenVPN

Re: OpenBSD IPSec setup

2017-06-29 Thread Philipp Buehler
Am 29.06.2017 12:32 schrieb Luescher Claude: Why are you using ipsec in the 21th century: https://serverfault.com/questions/202917/openvpn-vs-ipsec-pros-and-cons-what-to-use just a week after four CVEs (incl RCE) in openvpn? Great. -- pb

Re: OpenBSD IPSec setup

2017-06-29 Thread Luescher Claude
Why are you using ipsec in the 21th century: https://serverfault.com/questions/202917/openvpn-vs-ipsec-pros-and-cons-what-to-use I see no pros here just cons unless you need to setup a vpn with some crappy old device which should be just switched out with an obsd box anyway :) On 2017-06-29

Re: OpenBSD IPSec setup

2017-06-29 Thread Liviu Daia
On 29 June 2017, Liviu Daia wrote: [...] > On the server: > > # iked -d > ikev2_recv: IKE_SA_INIT request from initiator 89.136.163.27:500 to > x.y.z.t:500 policy 'sb1' id 0, 510 bytes > ikev2_msg_send: IKE_SA_INIT response from x.y.z.t:500 to 89.136.163.27:500 >

Re: OpenBSD IPSec setup

2017-06-29 Thread Liviu Daia
On 28 June 2017, Rupert Gallagher wrote: > You need a server-signed certificate. Ok, let me redo this from scratch: (1) On the server: ikectl ca vpn create ikectl ca vpn install ikectl ca vpn certificate x.y.z.t create ikectl ca vpn