Re: Grouping windows in CWM

2021-05-21 Thread Jonathan Drews
On Fri, May 21, 2021 at 07:00:13PM -0600, Jonathan Drews wrote: > Hi Folks: > > I am looking for a tutorial on grouping xterms in CWM. I Never mind. I found a good tutorial: Getting started with cwm https://undeadly.org/cgi?action=article&sid=20090502141551 I just have to figure out some other

Grouping windows in CWM

2021-05-21 Thread Jonathan Drews
Hi Folks: I am looking for a tutorial on grouping xterms in CWM. I undestand how to group one set of xterms using CM-g and CM-a. How do I do it if I have two sets of xterms? How would I designate a group "A" and group "B". I looked at the man page for cwm and read the section in Michael Lucas' "a

Bugs running 6.9-CURRENT on MacBook Pro Touchbar 2017

2021-05-21 Thread Joel Carnat
Hi, I went back on testing OpenBSD on my MacBookPro14,3. I just installed 6.9-CURRENT and here's a list of non-working stuff. - keyboard and touchpad don't work. I have to use a USB keyboard/mouse. internal keyboard does work in the boot loader. but stops working after the kernel is loaded. -

Re: Relayd TLS inspection and SNI

2021-05-21 Thread BS Daemon
Perhaps I will try squid or HaProxy. I was unaware I could filter by User_Agent in squid.   It may be appropriate to update the relevant documentation if the support is not possible:   *** relayd.conf.8.orig  Fri May 21 13:19:06 2021 --- relayd.conf.8   Fri May 21 13:23:09 2021 **

Re: Relayd TLS inspection and SNI

2021-05-21 Thread Stuart Henderson
On 2021-05-21, Martin wrote: > Hi, > > MITM is an ancient attack technique and it is not a good idea because it > breaks original cert chain. So client (application) will see that cert is > different on its end. Most people and apps reject connection to a resource > with fake cert which you're

Usage of .note.openbsd.ident

2021-05-21 Thread George Brown
It seems this ELF note was used for the now dead compat_linux feature. Aside from compat systems in other operating systems that may wish to identify OpenBSD binaries does this note have any other active uses?

Re: IKEv2: CHILD_SA is not created

2021-05-21 Thread Денис Давыдов
Ok, thanks for the clarification! On Fri, May 21, 2021 at 12:30 PM csszep wrote: > Hi! > > Not only Cisco ASA. Checkpoint, Fortinet, Juniper only support single set > of subnets per CHILD_SA too. > > https://wiki.strongswan.org/projects/strongswan/wiki/Checkpoint > https://wiki.strongswan.org/pr

Re: pf: antispoof with dynamic IP address?

2021-05-21 Thread Peter N. M. Hansteen
On Fri, May 21, 2021 at 05:32:32AM +, Mogens Jensen wrote: > The antispoof directive will expand to two block rules with IP address > of the interface, so I would think that with a dynamic IP, the interface > should be surrounded in parentheses like this: > > antispoof for (wi0) quoting pf.co

Re: Relayd TLS inspection and SNI

2021-05-21 Thread Martin
Hi, MITM is an ancient attack technique and it is not a good idea because it breaks original cert chain. So client (application) will see that cert is different on its end. Most people and apps reject connection to a resource with fake cert which you're going to send to them. But you can use S

pf: antispoof with dynamic IP address?

2021-05-21 Thread Mogens Jensen
The antispoof directive will expand to two block rules with IP address of the interface, so I would think that with a dynamic IP, the interface should be surrounded in parentheses like this: antispoof for (wi0) But this seems to be wrong, as I have not read any guide or FAQ that does this, e.g. t

Re: IKEv2: CHILD_SA is not created

2021-05-21 Thread csszep
Hi! Not only Cisco ASA. Checkpoint, Fortinet, Juniper only support single set of subnets per CHILD_SA too. https://wiki.strongswan.org/projects/strongswan/wiki/Checkpoint https://wiki.strongswan.org/projects/strongswan/wiki/Fortinet https://wiki.strongswan.org/projects/strongswan/wiki/Juniper htt

Re: IKEv2: CHILD_SA is not created

2021-05-21 Thread Денис Давыдов
It turns out that the Cisco ASA has a bug CSCue42170 with open status that prevents multiple traffic selectors from being supported in one child SA in IKEv2. For more information: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCue42170/?reffering_site=dumpcr Known affected releases: 8.6(1), 9.1(

Re: Relayd TLS inspection and SNI

2021-05-21 Thread Stuart Henderson
On 2021-05-18, BS Daemon wrote: >I like using the base OpenBSD utilities, and was > wondering if I'm doing something wrong, if relayd could be made to > support SNI for man-in-the-middle, or if there is an alternative > tool for doing this which would work. I can't help with relay