Re: What should I do with a remote AIX machine if I accidentally chmod /usr/bin/ksh?

[Mehma Sarja]

On 8/30/11 6:15 PM, Marcos Ariel Laufer wrote:

I didn't mean evangelizing, but you never know who might be a future
donator, after all OpenBSD needs donations

Donor, not donator.

Mehma

ftpd server

[fqui nonez]

Hello

I have a ftpd server box, OBSD-4.9, and pflog shows:

Aug 29 10:11:03.520900 rule 3/(match) pass in on rl0:
190.87.195.241.2732  192.168.5.2.21: S 2008995709:2008995709(0) win
65535 mss 1452,nop,nop,sackOK
Aug 29 10:15:52.825409 rule 3/(match) pass in on rl0:
190.87.195.241.3190  192.168.5.2.21: S 409025537:409025537(0) win
65535 mss 1452,nop,nop,sackOK
Aug 29 10:27:40.085461 rule 1/(match) block out on rl0: 192.168.5.2.21
 190.87.195.241.2732: FP 2719210498:2719210554(56) ack 2008995823 win
17424 (DF) [tos 0x10]
Aug 29 10:28:44.085510 rule 1/(match) block out on rl0: 192.168.5.2.21
 190.87.195.241.2732: FP 0:56(56) ack 1 win 17424 [tos 0x10]
Aug 29 10:29:48.085560 rule 1/(match) block out on rl0: 192.168.5.2.21
 190.87.195.241.2732: FP 0:56(56) ack 1 win 17424 (DF) [tos 0x10]
Aug 29 10:30:52.085653 rule 1/(match) block out on rl0: 192.168.5.2.21
 190.87.195.241.2732: FP 0:56(56) ack 1 win 17424 [tos 0x10]
Aug 29 10:31:56.085655 rule 1/(match) block out on rl0: 192.168.5.2.21
 190.87.195.241.2732: FP 0:56(56) ack 1 win 17424 (DF) [tos 0x10]
Aug 29 10:32:29.475695 rule 1/(match) block out on rl0: 192.168.5.2.21
 190.87.195.241.3190: FP 2719185758:2719185814(56) ack 409025651 win
17424 [tos 0x10]
Aug 29 10:33:00.085705 rule 1/(match) block out on rl0: 192.168.5.2.21
 190.87.195.241.2732: FP 0:56(56) ack 1 win 17424 [tos 0x10]
Aug 29 10:33:33.475738 rule 1/(match) block out on rl0: 192.168.5.2.21
 190.87.195.241.3190: FP 0:56(56) ack 1 win 17424 (DF) [tos 0x10]
Aug 29 10:34:04.085762 rule 1/(match) block out on rl0: 192.168.5.2.21
 190.87.195.241.2732: FP 0:56(56) ack 1 win 17424 (DF) [tos 0x10]
Aug 29 10:34:37.475788 rule 1/(match) block out on rl0: 192.168.5.2.21
 190.87.195.241.3190: FP 0:56(56) ack 1 win 17424 [tos 0x10]
Aug 29 10:35:08.085806 rule 1/(match) block out on rl0: 192.168.5.2.21
 190.87.195.241.2732: R 57:57(0) ack 1 win 0 (DF) [tos 0x10]
Aug 29 10:35:41.475843 rule 1/(match) block out on rl0: 192.168.5.2.21
 190.87.195.241.3190: FP 0:56(56) ack 1 win 17424 (DF) [tos 0x10]
Aug 29 10:36:45.475901 rule 1/(match) block out on rl0: 192.168.5.2.21
 190.87.195.241.3190: FP 0:56(56) ack 1 win 17424 [tos 0x10]
Aug 29 10:37:49.475947 rule 1/(match) block out on rl0: 192.168.5.2.21
 190.87.195.241.3190: FP 0:56(56) ack 1 win 17424 (DF) [tos 0x10]
Aug 29 10:38:53.476001 rule 1/(match) block out on rl0: 192.168.5.2.21
 190.87.195.241.3190: FP 0:56(56) ack 1 win 17424 [tos 0x10]
Aug 29 10:39:57.476044 rule 1/(match) block out on rl0: 192.168.5.2.21
 190.87.195.241.3190: R 57:57(0) ack 1 win 0 [tos 0x10]

pf rules are:

set skip on lo
block in log all
block out log all
pass out log quick on rl0
pass in log quick on rl0 proto tcp from any to port {20 21 22}
antispoof quick log for rl0
pass# to establish keep-state

It look for me, that somebody send code over port 21, then ftpd
respond over port 21, and pf stops sftp!
I have seen that normal behaviour of ftpd is logged on random ports;
as effect of ftp_proxy.

Is it happening something weird here?

Thanks so much.

Re: ftpd server

[matteo filippetto]

2011/8/31 fqui nonez fquinon...@gmail.com:
 Hello

 I have a ftpd server box, OBSD-4.9, and pflog shows:

 Aug 29 10:11:03.520900 rule 3/(match) pass in on rl0:
 190.87.195.241.2732  192.168.5.2.21: S 2008995709:2008995709(0) win
 65535 mss 1452,nop,nop,sackOK
 Aug 29 10:15:52.825409 rule 3/(match) pass in on rl0:
 190.87.195.241.3190  192.168.5.2.21: S 409025537:409025537(0) win
 65535 mss 1452,nop,nop,sackOK
 Aug 29 10:27:40.085461 rule 1/(match) block out on rl0: 192.168.5.2.21
 190.87.195.241.2732: FP 2719210498:2719210554(56) ack 2008995823 win
 17424 (DF) [tos 0x10]
 Aug 29 10:28:44.085510 rule 1/(match) block out on rl0: 192.168.5.2.21
 190.87.195.241.2732: FP 0:56(56) ack 1 win 17424 [tos 0x10]
 Aug 29 10:29:48.085560 rule 1/(match) block out on rl0: 192.168.5.2.21
 190.87.195.241.2732: FP 0:56(56) ack 1 win 17424 (DF) [tos 0x10]
 Aug 29 10:30:52.085653 rule 1/(match) block out on rl0: 192.168.5.2.21
 190.87.195.241.2732: FP 0:56(56) ack 1 win 17424 [tos 0x10]
 Aug 29 10:31:56.085655 rule 1/(match) block out on rl0: 192.168.5.2.21
 190.87.195.241.2732: FP 0:56(56) ack 1 win 17424 (DF) [tos 0x10]
 Aug 29 10:32:29.475695 rule 1/(match) block out on rl0: 192.168.5.2.21
 190.87.195.241.3190: FP 2719185758:2719185814(56) ack 409025651 win
 17424 [tos 0x10]
 Aug 29 10:33:00.085705 rule 1/(match) block out on rl0: 192.168.5.2.21
 190.87.195.241.2732: FP 0:56(56) ack 1 win 17424 [tos 0x10]
 Aug 29 10:33:33.475738 rule 1/(match) block out on rl0: 192.168.5.2.21
 190.87.195.241.3190: FP 0:56(56) ack 1 win 17424 (DF) [tos 0x10]
 Aug 29 10:34:04.085762 rule 1/(match) block out on rl0: 192.168.5.2.21
 190.87.195.241.2732: FP 0:56(56) ack 1 win 17424 (DF) [tos 0x10]
 Aug 29 10:34:37.475788 rule 1/(match) block out on rl0: 192.168.5.2.21
 190.87.195.241.3190: FP 0:56(56) ack 1 win 17424 [tos 0x10]
 Aug 29 10:35:08.085806 rule 1/(match) block out on rl0: 192.168.5.2.21
 190.87.195.241.2732: R 57:57(0) ack 1 win 0 (DF) [tos 0x10]
 Aug 29 10:35:41.475843 rule 1/(match) block out on rl0: 192.168.5.2.21
 190.87.195.241.3190: FP 0:56(56) ack 1 win 17424 (DF) [tos 0x10]
 Aug 29 10:36:45.475901 rule 1/(match) block out on rl0: 192.168.5.2.21
 190.87.195.241.3190: FP 0:56(56) ack 1 win 17424 [tos 0x10]
 Aug 29 10:37:49.475947 rule 1/(match) block out on rl0: 192.168.5.2.21
 190.87.195.241.3190: FP 0:56(56) ack 1 win 17424 (DF) [tos 0x10]
 Aug 29 10:38:53.476001 rule 1/(match) block out on rl0: 192.168.5.2.21
 190.87.195.241.3190: FP 0:56(56) ack 1 win 17424 [tos 0x10]
 Aug 29 10:39:57.476044 rule 1/(match) block out on rl0: 192.168.5.2.21
 190.87.195.241.3190: R 57:57(0) ack 1 win 0 [tos 0x10]

 pf rules are:

 set skip on lo
 block in log all
 block out log all
 pass out log quick on rl0
 pass in log quick on rl0 proto tcp from any to port {20 21 22}
 antispoof quick log for rl0
 pass B  B  B  B  B  B # to establish keep-state

Hi,

please read how the ftp protocol works and which port should be enable in/out
from your server

http://slacksite.com/other/ftp.html
http://www.freesoft.org/CIE/Topics/69.htm

Regards

--
Matteo Filippetto
http://www.op83.eu

Re: bgpctl shiw rib out displaying incorrect information

[Peter van Oord van der Vlies]

flags destination  gateway  lpref   med aspath origin
AI*
10.0.1.0/24  172.29.1.200   100 0 i
current1#

What is
incorrect on this ?

Re: Apache Killer - Does it affect OpenBSD's patched version of Apache?

[Jordi]

Hi all,

Is not so hard at it seems: http://www.openbsd.org/faq/faq1.html

Why is Apache included? It isn't needed by many people!
Because the developers want it.

Why isn't a newer version of Apache included?
The license on newer versions is unacceptable.

If you need/want another httpd, go to the ports and fetch what you want.
And shut up the noise please.

Re: bgpctl shiw rib out displaying incorrect information

[Patrick Lamaiziere]

Le Wed, 31 Aug 2011 07:19:15 +0200,
Tony Sarendal t...@polarcap.org a C)crit :

Hi,

 current1# cat /etc/bgpd.conf
 AS 65001
 network 10.0.1.0/24
 
 current1# bgpctl show rib nei 172.29.1.52 out
 flags: * = Valid,  = Selected, I = via IBGP, A = Announced
 origin: i = IGP, e = EGP, ? = Incomplete
 
 flags destination  gateway  lpref   med aspath origin
 AI*  10.0.1.0/24  172.29.1.200   100 0 i

So you announce (A) via IBGP (I) the route 10.0.1.0/24, looks good no?.

 current2# bgpctl show rib nei 172.29.1.51 in
 flags: * = Valid,  = Selected, I = via IBGP, A = Announced
 origin: i = IGP, e = EGP, ? = Incomplete
 
 flags destination  gateway  lpref   med aspath origin
 I*   10.0.1.0/24  172.29.1.51100 0 i

And you receive the route via IBGP (I), looks good too.

Where is the problem?

Regards.

Re: ftpd server

[Richard Toohey]

On 31/08/2011, at 7:16 PM, matteo filippetto wrote:

 2011/8/31 fqui nonez fquinon...@gmail.com:
 Hello

 I have a ftpd server box, OBSD-4.9, and pflog shows:

 Aug 29 10:11:03.520900 rule 3/(match) pass in on rl0:
 190.87.195.241.2732  192.168.5.2.21: S 2008995709:2008995709(0) win
 65535 mss 1452,nop,nop,sackOK
 Aug 29 10:15:52.825409 rule 3/(match) pass in on rl0:
 190.87.195.241.3190  192.168.5.2.21: S 409025537:409025537(0) win
 65535 mss 1452,nop,nop,sackOK
 Aug 29 10:27:40.085461 rule 1/(match) block out on rl0: 192.168.5.2.21
 190.87.195.241.2732: FP 2719210498:2719210554(56) ack 2008995823 win
 17424 (DF) [tos 0x10]
 Aug 29 10:28:44.085510 rule 1/(match) block out on rl0: 192.168.5.2.21
 190.87.195.241.2732: FP 0:56(56) ack 1 win 17424 [tos 0x10]
 Aug 29 10:29:48.085560 rule 1/(match) block out on rl0: 192.168.5.2.21
 190.87.195.241.2732: FP 0:56(56) ack 1 win 17424 (DF) [tos 0x10]
 Aug 29 10:30:52.085653 rule 1/(match) block out on rl0: 192.168.5.2.21
 190.87.195.241.2732: FP 0:56(56) ack 1 win 17424 [tos 0x10]
 Aug 29 10:31:56.085655 rule 1/(match) block out on rl0: 192.168.5.2.21
 190.87.195.241.2732: FP 0:56(56) ack 1 win 17424 (DF) [tos 0x10]
 Aug 29 10:32:29.475695 rule 1/(match) block out on rl0: 192.168.5.2.21
 190.87.195.241.3190: FP 2719185758:2719185814(56) ack 409025651 win
 17424 [tos 0x10]
 Aug 29 10:33:00.085705 rule 1/(match) block out on rl0: 192.168.5.2.21
 190.87.195.241.2732: FP 0:56(56) ack 1 win 17424 [tos 0x10]
 Aug 29 10:33:33.475738 rule 1/(match) block out on rl0: 192.168.5.2.21
 190.87.195.241.3190: FP 0:56(56) ack 1 win 17424 (DF) [tos 0x10]
 Aug 29 10:34:04.085762 rule 1/(match) block out on rl0: 192.168.5.2.21
 190.87.195.241.2732: FP 0:56(56) ack 1 win 17424 (DF) [tos 0x10]
 Aug 29 10:34:37.475788 rule 1/(match) block out on rl0: 192.168.5.2.21
 190.87.195.241.3190: FP 0:56(56) ack 1 win 17424 [tos 0x10]
 Aug 29 10:35:08.085806 rule 1/(match) block out on rl0: 192.168.5.2.21
 190.87.195.241.2732: R 57:57(0) ack 1 win 0 (DF) [tos 0x10]
 Aug 29 10:35:41.475843 rule 1/(match) block out on rl0: 192.168.5.2.21
 190.87.195.241.3190: FP 0:56(56) ack 1 win 17424 (DF) [tos 0x10]
 Aug 29 10:36:45.475901 rule 1/(match) block out on rl0: 192.168.5.2.21
 190.87.195.241.3190: FP 0:56(56) ack 1 win 17424 [tos 0x10]
 Aug 29 10:37:49.475947 rule 1/(match) block out on rl0: 192.168.5.2.21
 190.87.195.241.3190: FP 0:56(56) ack 1 win 17424 (DF) [tos 0x10]
 Aug 29 10:38:53.476001 rule 1/(match) block out on rl0: 192.168.5.2.21
 190.87.195.241.3190: FP 0:56(56) ack 1 win 17424 [tos 0x10]
 Aug 29 10:39:57.476044 rule 1/(match) block out on rl0: 192.168.5.2.21
 190.87.195.241.3190: R 57:57(0) ack 1 win 0 [tos 0x10]

 pf rules are:

 set skip on lo
 block in log all
 block out log all
 pass out log quick on rl0
 pass in log quick on rl0 proto tcp from any to port {20 21 22}
 antispoof quick log for rl0
 pass B  B  B  B  B  B # to establish keep-state

 Hi,

 please read how the ftp protocol works and which port should be enable
in/out
 from your server

 http://slacksite.com/other/ftp.html
 http://www.freesoft.org/CIE/Topics/69.htm


You may also find this useful:

http://home.nuug.no/~peter/pf/en/ftpproblem.html

 Regards

 --
 Matteo Filippetto
 http://www.op83.eu

Re: ftpd server

[Wesley M.]

Hi,

You will find your solution here : http://www.openbsd.org/faq/pf/ftp.html

Best regards,

Wesley MOUEDINE ASSABY
http://mouedine.net/ruleset49.aspx



On Tue, 30 Aug 2011 23:38:41 -0700, fqui nonez fquinon...@gmail.com
wrote:
 Hello
 
 I have a ftpd server box, OBSD-4.9, and pflog shows:
 
 Aug 29 10:11:03.520900 rule 3/(match) pass in on rl0:
 190.87.195.241.2732  192.168.5.2.21: S 2008995709:2008995709(0) win
 65535 mss 1452,nop,nop,sackOK
 Aug 29 10:15:52.825409 rule 3/(match) pass in on rl0:
 190.87.195.241.3190  192.168.5.2.21: S 409025537:409025537(0) win
 65535 mss 1452,nop,nop,sackOK
 Aug 29 10:27:40.085461 rule 1/(match) block out on rl0: 192.168.5.2.21
 190.87.195.241.2732: FP 2719210498:2719210554(56) ack 2008995823 win
 17424 (DF) [tos 0x10]
 Aug 29 10:28:44.085510 rule 1/(match) block out on rl0: 192.168.5.2.21
 190.87.195.241.2732: FP 0:56(56) ack 1 win 17424 [tos 0x10]
 Aug 29 10:29:48.085560 rule 1/(match) block out on rl0: 192.168.5.2.21
 190.87.195.241.2732: FP 0:56(56) ack 1 win 17424 (DF) [tos 0x10]
 Aug 29 10:30:52.085653 rule 1/(match) block out on rl0: 192.168.5.2.21
 190.87.195.241.2732: FP 0:56(56) ack 1 win 17424 [tos 0x10]
 Aug 29 10:31:56.085655 rule 1/(match) block out on rl0: 192.168.5.2.21
 190.87.195.241.2732: FP 0:56(56) ack 1 win 17424 (DF) [tos 0x10]
 Aug 29 10:32:29.475695 rule 1/(match) block out on rl0: 192.168.5.2.21
 190.87.195.241.3190: FP 2719185758:2719185814(56) ack 409025651 win
 17424 [tos 0x10]
 Aug 29 10:33:00.085705 rule 1/(match) block out on rl0: 192.168.5.2.21
 190.87.195.241.2732: FP 0:56(56) ack 1 win 17424 [tos 0x10]
 Aug 29 10:33:33.475738 rule 1/(match) block out on rl0: 192.168.5.2.21
 190.87.195.241.3190: FP 0:56(56) ack 1 win 17424 (DF) [tos 0x10]
 Aug 29 10:34:04.085762 rule 1/(match) block out on rl0: 192.168.5.2.21
 190.87.195.241.2732: FP 0:56(56) ack 1 win 17424 (DF) [tos 0x10]
 Aug 29 10:34:37.475788 rule 1/(match) block out on rl0: 192.168.5.2.21
 190.87.195.241.3190: FP 0:56(56) ack 1 win 17424 [tos 0x10]
 Aug 29 10:35:08.085806 rule 1/(match) block out on rl0: 192.168.5.2.21
 190.87.195.241.2732: R 57:57(0) ack 1 win 0 (DF) [tos 0x10]
 Aug 29 10:35:41.475843 rule 1/(match) block out on rl0: 192.168.5.2.21
 190.87.195.241.3190: FP 0:56(56) ack 1 win 17424 (DF) [tos 0x10]
 Aug 29 10:36:45.475901 rule 1/(match) block out on rl0: 192.168.5.2.21
 190.87.195.241.3190: FP 0:56(56) ack 1 win 17424 [tos 0x10]
 Aug 29 10:37:49.475947 rule 1/(match) block out on rl0: 192.168.5.2.21
 190.87.195.241.3190: FP 0:56(56) ack 1 win 17424 (DF) [tos 0x10]
 Aug 29 10:38:53.476001 rule 1/(match) block out on rl0: 192.168.5.2.21
 190.87.195.241.3190: FP 0:56(56) ack 1 win 17424 [tos 0x10]
 Aug 29 10:39:57.476044 rule 1/(match) block out on rl0: 192.168.5.2.21
 190.87.195.241.3190: R 57:57(0) ack 1 win 0 [tos 0x10]
 
 pf rules are:
 
 set skip on lo
 block in log all
 block out log all
 pass out log quick on rl0
 pass in log quick on rl0 proto tcp from any to port {20 21 22}
 antispoof quick log for rl0
 pass  # to establish keep-state
 
 It look for me, that somebody send code over port 21, then ftpd
 respond over port 21, and pf stops sftp!
 I have seen that normal behaviour of ftpd is logged on random ports;
 as effect of ftp_proxy.
 
 Is it happening something weird here?
 
 Thanks so much.

Re: bgpctl shiw rib out displaying incorrect information

[Tony Sarendal]

On Wed, Aug 31, 2011 at 9:51 AM, Patrick Lamaiziere
patf...@davenulle.orgwrote:

 Le Wed, 31 Aug 2011 07:19:15 +0200,
 Tony Sarendal t...@polarcap.org a icrit :

 Hi,

  current1# cat /etc/bgpd.conf
  AS 65001
  network 10.0.1.0/24
 
  current1# bgpctl show rib nei 172.29.1.52 out
  flags: * = Valid,  = Selected, I = via IBGP, A = Announced
  origin: i = IGP, e = EGP, ? = Incomplete
 
  flags destination  gateway  lpref   med aspath origin
  AI*  10.0.1.0/24  172.29.1.200   100 0 i

 So you announce (A) via IBGP (I) the route 10.0.1.0/24, looks good no?.

  current2# bgpctl show rib nei 172.29.1.51 in
  flags: * = Valid,  = Selected, I = via IBGP, A = Announced
  origin: i = IGP, e = EGP, ? = Incomplete
 
  flags destination  gateway  lpref   med aspath origin
  I*   10.0.1.0/24  172.29.1.51100 0 i

 And you receive the route via IBGP (I), looks good too.

 Where is the problem?


Sender says next hop = 172.29.1.100, receiver says .51.
show rib out in this case shows incorrect nexthop.

Regards Tony

Re: bgpctl shiw rib out displaying incorrect information

[Andre Keller]

Hi

Am 31.08.2011 10:23, schrieb Tony Sarendal:
 Sender says next hop = 172.29.1.100, receiver says .51.
 show rib out in this case shows incorrect nexthop.

Well thats kind of the point of having set nexthop self in the config...

Re: bgpctl shiw rib out displaying incorrect information

[Tony Sarendal]

On Wed, Aug 31, 2011 at 11:01 AM, Andre Keller a...@list.ak.cx wrote:

 Hi

 Am 31.08.2011 10:23, schrieb Tony Sarendal:
  Sender says next hop = 172.29.1.100, receiver says .51.
  show rib out in this case shows incorrect nexthop.

 Well thats kind of the point of having set nexthop self in the config...


You are missing the point, completely.
bgpctl show rib out displays incorrect information.

Regards Tony

Re: Quad-Gigabit 1U mini-itx board recommendations?

[Johan Linnér]

Henrique Antsnio Evaristo skrev 2011-08-30 09:08:

Humm, nice ... I was interested in knowing the power consumption of that setup.
Do you have any possibility to provide that ?
Thanks.

Best regards,
Henrique



We're using 1U chassis:
http://mini-itx.com/store/?c=33#p3809

Around 45-50W under normal load with the built-in power supply (250W) 
and an IDE flash drive.


There's a new version of the 1U chassis with a 80 PLUS-certified power 
supply:

http://mini-itx.com/store/?c=33#C2-RACK-V2

/Johan

static IP

[igor denisov]

Cannot configure internet with static IP address

hostname.fc0

inet IP mask

and nothing works. They gave me login and password, may be this is the 
case?



--
igor denisov.

vpn with a win7 workstation

[Wesley M.]

Hi 

What is the best way to build a vpn between an OpenBSD 4.9 gateway
and a Win7 workstation ? 

Thank you very much for your advices. 

All the
best, 

Wesley M.

IP address

[igor denisov]

Lot of thanks to all who tried to help denisovigor1...@rambler.ru. I
should read the FAQ first, problem is solved.

Especial�zate e ins�rtate en el mercado laboral con un click

[Cursos en M�xico]

Si no puede ver este anuncio, haga click aqum

Especialmzate e insirtate en el mercado laboral con un click

Cursos en Mixico

Cursos en Mixico

Cursos en Mixico

Cursos en Mixico

Cursos en Mixico

Cursos en Mixico

Cursos en Mixico

Cursos en Mixico

Para mayor informacisn, llene sus datos haciendo click aqum [IMAGE]

Logo de Direct Publiweb

Registre gratuitamente a un amigo.
Remuivase aqum.
Emarketing - Paginas Web - Presentaciones Interactivas

-- --

Re: vpn with a win7 workstation

[Zak Elep]

On Wed, Aug 31, 2011 at 6:30 PM, Wesley M. open...@e-solutions.re wrote:
 What is the best way to build a vpn between an OpenBSD 4.9 gateway
 and a Win7 workstation ?

I got this working here on our network, both for Win7 and Ubuntu
clients going to an OpenBSD gateway.

On the gateway, have /etc/ipsec.conf say something like

# roadwarrior
ike passive esp from any to gateway.ip.address peer any psk
your-rand0m-password-here
ike passive esp from gateway.ip.address to any psk your-rand0m-password-here

And on your Win7 client, get Shrew VPN[0] and add a configuration with
the following auth:

Phase 1:
  - Exchange type: main
  - DH Exchange: group 2
  - Cipher algorithm: aes
  - Cipher key length: 256 Bits
  - Hash algorithm: sha1

Phase 2:
  - Transform length: aes
  - Transform key length: 256 Bits
  - HMAC algorithm: sha1
  - PFS Exchange: group 2
  - Compression algorithm: deflate

Policy:
  - add a topology entry that matches your internal network

[0]  http://www.shrew.net/download/vpn

--
Zak B. Elep || orangeandbronze.com
1486 7957 454D E529 E4F1  F75E 5787 B1FD FA53 851D

Re: vpn with a win7 workstation

[Wesley M.]

Ok, thank you a lot for your replay.
Have you ever try to use ikev2 ? using iked and so win7 have ikev2
support.
I tried to use it (iked) but no success... :(
If you can take a eye on it.

Cheers,

Wesley M.

On Wed, 31 Aug 2011 19:07:49 +0800, Zak Elep
zak.e...@orangeandbronze.com wrote:
 On Wed, Aug 31, 2011 at 6:30 PM, Wesley M. open...@e-solutions.re
wrote:
 What is the best way to build a vpn between an OpenBSD 4.9 gateway
 and a Win7 workstation ?
 
 I got this working here on our network, both for Win7 and Ubuntu
 clients going to an OpenBSD gateway.
 
 On the gateway, have /etc/ipsec.conf say something like
 
 # roadwarrior
 ike passive esp from any to gateway.ip.address peer any psk
 your-rand0m-password-here
 ike passive esp from gateway.ip.address to any psk
 your-rand0m-password-here
 
 And on your Win7 client, get Shrew VPN[0] and add a configuration with
 the following auth:
 
 Phase 1:
   - Exchange type: main
   - DH Exchange: group 2
   - Cipher algorithm: aes
   - Cipher key length: 256 Bits
   - Hash algorithm: sha1
 
 Phase 2:
   - Transform length: aes
   - Transform key length: 256 Bits
   - HMAC algorithm: sha1
   - PFS Exchange: group 2
   - Compression algorithm: deflate
 
 Policy:
   - add a topology entry that matches your internal network
 
 [0]  http://www.shrew.net/download/vpn

Re: Building xxxterm and chromium

[Marco Peereboom]

That sounds more like crappy DNS or filtered Internet.  I can't speak
for chromium but webkit likes = 256 files = 16384 stack.  Adsuck can
go a long way making the surfing experience better too.  BTW you can't
update things willy nilly, you have to do pretty much all of it at once.

On Tue, Aug 30, 2011 at 11:37:18PM -0500, Bryan wrote:
 I am using the latest build of OpenBSD/amd64 (dated Aug 30).
 
 I have been using Chrome recently, as it appeared to be a little more
 stable (the 12.x was anyway).  The only annoying issue is that often,
 I will try to surf to a page, and the browser just sits there, and
 spins and spins and spins.  The site isn't down, it just acts like it
 doesn't know what to do 'sending request' is all I get, if that.
 
 Tonight, I built  13.0.782.215, but as pkg_tools is trying to create
 the package, I receive the following error:
 
 Error: Libraries in packing-lists in the ports tree
 and libraries from installed packages don't match.
 
 And it appeared that 'nss' and 'nspr' were not checked to see if they
 are updated.  So I built them manually.  No problem.  Now, when I
 start chrome, my homepage comes up, but I can't do anything else.  No
 other sites will load, not yahoo.com, fark.com, gmail, etc.  These
 sites are not down, and I can't tell why chrome just refuses to
 function.  Sometimes, I can fix it by hitting refresh a few times on
 the current page.
 
 building xxxterm, first gnutls received the above error, looking for
 an updated 'hogweed' and 'nettle', I did a bit of hunting, and found
 libnettle, and built it.  Then I built gnutls, and then xxxterm.
 
 I got them built, but shouldn't the build look for these issues, and
 'update' to the later version?  My mk.conf isn't pulling packages, and
 I'm using a -current from less than two hours ago...
 
 If there is any other info I can provide, please ask.  my current
 ulimit values, and dmesg are below.
 
 Bryan
 
 P.S.  Wouldn't you know, after I installed chrome, and rebooted, the
 above issue has gone away... for now...  well, it's better than
 Firefox...
 
 ulimit -a
 # ulimit -a
 time(cpu-seconds)unlimited
 file(blocks) unlimited
 coredump(blocks) unlimited
 data(kbytes) 8388608
 stack(kbytes)8192
 lockedmem(kbytes)2700382
 memory(kbytes)   8089788
 nofiles(descriptors) 128
 processes1310
 root@laptop-openbsd /usr/ports/www/xxxterm
 # exit
 brakeb@laptop-openbsd ~
 $ ulimit -a
 time(cpu-seconds)unlimited
 file(blocks) unlimited
 coredump(blocks) unlimited
 data(kbytes) 2097152
 stack(kbytes)4096
 lockedmem(kbytes)2700382
 memory(kbytes)   8089788
 nofiles(descriptors) 256
 processes256
 
 
 
 dmesg:
 
 
 OpenBSD 5.0-current (GENERIC.MP) #78: Tue Aug 30 22:00:22 CDT 2011
 root@laptop-openbsd:/usr/src/sys/arch/amd64/compile/GENERIC.MP
 real mem = 8538869760 (8143MB)
 avail mem = 8297443328 (7913MB)
 mainbus0 at root
 bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xf6530 (57 entries)
 bios0: vendor Dell Inc. version A24 date 08/19/2010
 bios0: Dell Inc. Latitude E6500
 acpi0 at bios0: rev 2
 acpi0: sleep states S0 S3 S4 S5
 acpi0: tables DSDT FACP HPET DMAR APIC ASF! MCFG SLIC SSDT
 acpi0: wakeup devices PCI0(S4) PCIE(S4) USB1(S0) USB2(S0) USB3(S0)
 USB4(S0) USB5(S0) USB6(S0) EHC2(S0) EHCI(S0) AZ
 AL(S3) RP01(S4) RP02(S4) RP03(S4) RP04(S3) RP05(S3) RP06(S5) LID_(S3) PBTN(S4)
 acpitimer0 at acpi0: 3579545 Hz, 24 bits
 acpihpet0 at acpi0: 14318179 Hz
 acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
 cpu0 at mainbus0: apid 0 (boot processor)
 cpu0: Intel(R) Core(TM)2 Duo CPU P8800 @ 2.66GHz, 2660.36 MHz
 cpu0: 
 FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,
 HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,XSAVE,NXE,LONG
 cpu0: 3MB 64b/line 8-way L2 cache
 cpu0: apic clock running at 266MHz
 cpu1 at mainbus0: apid 1 (application processor)
 cpu1: Intel(R) Core(TM)2 Duo CPU P8800 @ 2.66GHz, 2660.00 MHz
 cpu1: 
 FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,
 HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,XSAVE,NXE,LONG
 cpu1: 3MB 64b/line 8-way L2 cache
 ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins
 ioapic0: misconfigured as apic 0, remapped to apid 2
 acpimcfg0 at acpi0 addr 0xf800, bus 0-63
 acpiprt0 at acpi0: bus 3 (PCIE)
 acpiprt1 at acpi0: bus -1 (AGP_)
 acpiprt2 at acpi0: bus 11 (RP01)
 acpiprt3 at acpi0: bus 12 (RP02)
 acpiprt4 at acpi0: bus 13 (RP03)
 acpiprt5 at acpi0: bus 14 (RP04)
 acpiprt6 at acpi0: bus -1 (RP05)
 acpiprt7 at acpi0: bus -1 (RP06)
 acpiprt8 at acpi0: bus 0 (PCI0)
 acpiec0 at acpi0
 acpicpu0 at acpi0: C3, C2, C1, PSS
 acpicpu1 at acpi0: C3, C2, C1, PSS
 acpitz0 at acpi0: critical temperature is 107 degC
 acpibtn0 at acpi0: LID_
 acpibtn1 at acpi0: PBTN
 acpibtn2 at acpi0: SBTN
 acpiac0 at acpi0: AC unit 

Re: static IP

[Stefan N]

First, check the syntax refering to hostname.if(5) openbsd manual guide

Did you configure it during installation process or after installation process 
was done?

What do you mean by giving you login and password?
Which user did you use to configure IP address? Did you login as root or as 
another user and use sudo to configure it? 





From: igor denisov denisovigor1...@rambler.ru
To: misc@openbsd.org
Sent: Wednesday, August 31, 2011 6:04 PM
Subject: static IP

Cannot configure internet with static IP address

hostname.fc0

inet IP mask

and nothing works. They gave me login and password, may be this is the case?


--
igor denisov.

Re: Building xxxterm and chromium

[Bryan]

On Wed, Aug 31, 2011 at 06:23, Marco Peereboom sl...@peereboom.us wrote:
 That sounds more like crappy DNS or filtered Internet.  I can't speak
 for chromium but webkit likes = 256 files = 16384 stack.  Adsuck can
 go a long way making the surfing experience better too.  BTW you can't
 update things willy nilly, you have to do pretty much all of it at once.


My Internet is ATT U-verse, so you may be right about the crappy DNS. I
will try changing it to OpenDNS or Google's DNS and see if that helps...

I only updated nss and nspr because the build process for chrome didn't.
Shouldn't the build process have checked for the newer version and built it?

I haven't tried xxxterm. I really tried to build xxxterm because I couldn't
get chrome to work, and was wanting to send an e-mail to the list. If it's
better than firefox and chrome, and has fine controls of cookies/javascript
natively or through plugins, I'll give it a serious try...

I usually do an update on a regular basis (2-3 times a week). pkg_add -vvui
-F update -F updatedepends and that does whatever updates I regularly use (
I try to shy away from building things like LibreOffice and java)

But for things like qemu, and chrome, I usually use the ones in ports... I
pull src, xenocara, and ports at the same time. Did a build to update to 30
August, then ran 'pkg_add -u', then went and built Chrome, since the 12.x
didn't get updated from the build.

That was the only reason I got the error. Should I have uninstalled the 12.x
chrome, then ran 'make install', vice 'make update'?

Re: Building xxxterm and chromium

[Antoine Jacoutot]

On Wed, 31 Aug 2011, Bryan wrote:

 On Wed, Aug 31, 2011 at 06:23, Marco Peereboom sl...@peereboom.us wrote:
  That sounds more like crappy DNS or filtered Internet.  I can't speak
  for chromium but webkit likes = 256 files = 16384 stack.  Adsuck can
  go a long way making the surfing experience better too.  BTW you can't
  update things willy nilly, you have to do pretty much all of it at once.
 
 
 My Internet is ATT U-verse, so you may be right about the crappy DNS. I
 will try changing it to OpenDNS or Google's DNS and see if that helps...
 
 I only updated nss and nspr because the build process for chrome didn't.
 Shouldn't the build process have checked for the newer version and built it?

Your issue comes from something else (pkg_create(1)). Current chrome 
builds fine with the older version of nss/nspr afaik. Next time, try:

make PKG_CREATE_NO_CHECKS=Yes package

Also use ports@ next time for these kind of questions.

-- 
Antoine

Re: Building xxxterm and chromium

[Marco Peereboom]

On Wed, Aug 31, 2011 at 08:32:23AM -0500, Bryan wrote:
 On Wed, Aug 31, 2011 at 06:23, Marco Peereboom sl...@peereboom.us wrote:
  That sounds more like crappy DNS or filtered Internet.  I can't speak
  for chromium but webkit likes = 256 files = 16384 stack.  Adsuck can
  go a long way making the surfing experience better too.  BTW you can't
  update things willy nilly, you have to do pretty much all of it at once.
 
 
 My Internet is ATT U-verse, so you may be right about the crappy DNS. I
 will try changing it to OpenDNS or Google's DNS and see if that helps...
 
 I only updated nss and nspr because the build process for chrome didn't.
 Shouldn't the build process have checked for the newer version and built it?
 
 I haven't tried xxxterm. I really tried to build xxxterm because I couldn't
 get chrome to work, and was wanting to send an e-mail to the list. If it's
 better than firefox and chrome, and has fine controls of cookies/javascript
 natively or through plugins, I'll give it a serious try...

No plugins but it offers fine grained JS and cookie control.  Here is
the man page:
https://opensource.conformal.com/cgi-bin/man-cgi?xxxterm

 
 I usually do an update on a regular basis (2-3 times a week). pkg_add -vvui
 -F update -F updatedepends and that does whatever updates I regularly use (
 I try to shy away from building things like LibreOffice and java)
 
 But for things like qemu, and chrome, I usually use the ones in ports... I
 pull src, xenocara, and ports at the same time. Did a build to update to 30
 August, then ran 'pkg_add -u', then went and built Chrome, since the 12.x
 didn't get updated from the build.
 
 That was the only reason I got the error. Should I have uninstalled the 12.x
 chrome, then ran 'make install', vice 'make update'?

Re: What should I do with a remote AIX machine if I accidentally chmod 644-ed the /usr/bin/ksh?

[Stefan Johnson]

On Wed, Aug 31, 2011 at 12:02 AM, Tomas Bodzar tomas.bod...@gmail.comwrote:

 On Mon, Aug 29, 2011 at 11:23 PM, lancebaynes87 lancebayne...@zoho.com
 wrote:
  Are there any solutions?
 
  B I can't SSH to it anymore, because it asks for password.
 
  B Does anybody knows a solution for this problem??


If you have a NIM server, you could see about pushing the ksh file from it.
That should
reinstall the ksh binary with the appropriate permissions.

Re: OT:Re: Apache Killer - Does it affect OpenBSD's patched version of Apache?

[swilly]

On Tue, Aug 30, 2011 at 19:51, frantisek holop min...@obiit.org wrote:
 why would i _not_ use another free alternative with a spotless security
 record, that has small, isolated processes communicating with each other
 in chroot, outputting very nice logs, having human readable
 configuration with fantastic documentation and as an added bonus an
 amazing mailing list where the author himself helps you out in difficult
 situations?

http://www.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/smtpd/

It seems that none of the other daemons were a good fit. Cue OpenSMTPd.

Re: OT:Re: Apache Killer - Does it affect OpenBSD's patched version of Apache?

[Gilles Chehade]

On Wed, Aug 31, 2011 at 10:11:52AM -0400, swilly wrote:
 On Tue, Aug 30, 2011 at 19:51, frantisek holop min...@obiit.org wrote:
  why would i _not_ use another free alternative with a spotless security
  record, that has small, isolated processes communicating with each other
  in chroot, outputting very nice logs, having human readable
  configuration with fantastic documentation and as an added bonus an
  amazing mailing list where the author himself helps you out in difficult
  situations?
 
 http://www.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/smtpd/
 
 It seems that none of the other daemons were a good fit. Cue OpenSMTPd.
 

I think he was mentionning Postfix.

http://kerneltrap.org/mailarchive/openbsd-misc/2008/11/10/4051954

Gilles

-- 
Gilles Chehade

http://www.poolp.org/http://u.poolp.org/~gilles/

Re: bgpctl shiw rib out displaying incorrect information

[Josh Hoppes]

Why are you using set nexthop self and then trying to change that
with the filter allow quick to 172.29.1.52 set nexthop 172.29.1.200.
If you don't want your nexthop to be yourself don't tell bgpd to do
that.

On Wed, Aug 31, 2011 at 4:08 AM, Tony Sarendal t...@polarcap.org wrote:
 On Wed, Aug 31, 2011 at 11:01 AM, Andre Keller a...@list.ak.cx wrote:

 Hi

 Am 31.08.2011 10:23, schrieb Tony Sarendal:
  Sender says next hop = 172.29.1.100, receiver says .51.
  show rib out in this case shows incorrect nexthop.

 Well thats kind of the point of having set nexthop self in the config...


 You are missing the point, completely.
 bgpctl show rib out displays incorrect information.

 Regards Tony

Re: OT:Re: Apache Killer - Does it affect OpenBSD's patched version of Apache?

[frantisek holop]

hmm, on Wed, Aug 31, 2011 at 04:23:18PM +0200, Gilles Chehade said that
 http://kerneltrap.org/mailarchive/openbsd-misc/2008/11/10/4051954

a mail you will probably never forgive me :]

good luck with the project :]

-f
-- 
i know someone with the exact same name!  really?  who?

Re: OT:Re: Apache Killer - Does it affect OpenBSD's patched version of Apache?

[Gilles Chehade]

On Wed, Aug 31, 2011 at 04:32:14PM +0200, frantisek holop wrote:
 hmm, on Wed, Aug 31, 2011 at 04:23:18PM +0200, Gilles Chehade said that
  http://kerneltrap.org/mailarchive/openbsd-misc/2008/11/10/4051954
 
 a mail you will probably never forgive me :]
 

Not at all, I just recalled that rant because your name is uncommon enough :-)


 good luck with the project :]
 

Thanks

Gilles


-- 
Gilles Chehade

http://www.poolp.org/http://u.poolp.org/~gilles/

Re: bgpctl shiw rib out displaying incorrect information

[Tony Sarendal]

On Wed, Aug 31, 2011 at 4:24 PM, Josh Hoppes josh.hop...@gmail.com wrote:

 Why are you using set nexthop self and then trying to change that
 with the filter allow quick to 172.29.1.52 set nexthop 172.29.1.200.
 If you don't want your nexthop to be yourself don't tell bgpd to do
 that.


To show a bug in bgpctl/bgpd (or where ever it may be).
Dont you want to be able to trust the information bgpctl gives you ?

Regards Tony

Re: Quad-Gigabit 1U mini-itx board recommendations?

[Paul Suh]

On Aug 30, 2011, at 3:08 AM, Henrique Antsnio Evaristo wrote:

 Humm, nice ... I was interested in knowing the power consumption of that
setup.
 Do you have any possibility to provide that ?
 Thanks.

 Best regards,
 Henrique

Henrique,

I will be in a position to post on power consumption of my current setup in a
couple of weeks, when we transition to a new power distribution unit.

http://mitxpc.com/proddetail.asp?prod=ER1UX7SPEHD525FIO

This is booted from CF with an additional two Gig-E ports from a SuperMicro
PCIe card. I would expect power consumption to be similar for each side.


--Paul

[demime 1.01d removed an attachment of type application/pkcs7-signature which 
had a name of smime.p7s]

Re: Quad-Gigabit 1U mini-itx board recommendations?

[Paul Suh]

On Aug 30, 2011, at 3:18 AM, Paul de Weerd wrote:

 Are you putting two boards in one case for redundancy / high
 availability ?  So that, when one fails the other can ... be taken
 down too to fix the first one ?

Paul,

As far as I can tell. The two sides are fully independent of each other. As
long as the cabling is long enough to slide out the case, each side can be
worked on without affecting the other.


--Paul

[demime 1.01d removed an attachment of type application/pkcs7-signature which 
had a name of smime.p7s]

Re: Quad-Gigabit 1U mini-itx board recommendations?

[Paul Suh]

On Aug 30, 2011, at 2:03 AM, Johan Linner wrote:

 We're running OpenBSD 4.9 on:
 http://www.mini-itx.com/store/?c=47#jnc92-330
 
 with Jetway 3x Gigabit LAN Motherboard Modules:
 http://www.mini-itx.com/store/?c=34#modules
 
 Works great.

Johan,

Thanks for the info! 


--Paul

[demime 1.01d removed an attachment of type application/pkcs7-signature which 
had a name of smime.p7s]

Re: Quad-Gigabit 1U mini-itx board recommendations?

[Paul Suh]

On Aug 30, 2011, at 9:47 AM, Stuart Henderson wrote:

 On 2011-08-29, Paul Suh pl...@goodeast.com wrote:
 I'm looking for a mini-ITX motherboard with at least 4 x Gig-E ports. I
would
 like to fit two of them into a 1U, dual mini-ITX case to have a
CARP/SASYNC
 pair with connections to external, internal, and DMZ zones.

 http://www.casetronic.com/product_d.php?id=16

 I strongly recommend against that type of chassis for two redundant
firewalls,
 I think it's better to use two short depth boxes back-to-back (with ports
on
 the front, like supermicro 503L-200), or some type of chassis where you can
at
 least swap the PSUs without taking both machines down.

 If the hardware requirements were lower something like the Yawarra cases
for
 PCEngines alix boards aren't bad (two in a single 1U case, but they can be
 removed independently) but that's not going to be good for 4x1Gb.

Stuart,

Thanks, I know that two short cases back-to-back would be better (in fact I
have a very nice single short depth case in there right now), but other
equipment on the other side makes that setup infeasible. Space is kinda tight
and I don't want to have to start paying for a whole other rack. Because it's
a data center with multiple machines behind the routers I really want
something that can support ~500 Gbps so that we can use the full speed that we
are paying for.


--Paul

[demime 1.01d removed an attachment of type application/pkcs7-signature which 
had a name of smime.p7s]

Re: Quad-Gigabit 1U mini-itx board recommendations?

[Martin Schröder]

2011/8/31 Paul Suh pl...@goodeast.com:
 a data center with multiple machines behind the routers I really want
 something that can support ~500 Gbps so that we can use the full speed that we

500 _G_bps? Please tell us when you've found something that can handle that. :-)

Best
   Martin

Re: Quad-Gigabit 1U mini-itx board recommendations?

[Paul Suh]

On Aug 30, 2011, at 2:34 AM, Martin Schrvder wrote:

 2011/8/30 Paul Suh pl...@goodeast.com:
 I'm looking for a mini-ITX motherboard with at least 4 x Gig-E ports. I
would

 Not a board, but full computers:

http://www.lannerinc.com/Embedded_Computing/All-Purpose_Box_Computers/LEC-212
6

http://www.lannerinc.com/Embedded_Computing/All-Purpose_Box_Computers/LEC-202
6

http://www.lannerinc.com/x86_Network_Appliances/x86_Desktop_Appliances/FW-753
0

http://www.lannerinc.com/x86_Network_Appliances/x86_Desktop_Appliances/FW-753
5

Martin,

These look very interesting, but I haven't been able to locate where to buy
any of them on a small scale. Do you know of a good distributor for them?


--Paul

[demime 1.01d removed an attachment of type application/pkcs7-signature which 
had a name of smime.p7s]

Re: What should I do with a remote AIX machine if I accidentally chmod /usr/bin/ksh?

[kn]

Is the server far away from you? The only way to properly fixx this issue is to 
boot in single mode!

--Original Message--

From: Marcos Ariel Laufer

Sender: owner-m...@openbsd.org

To: Abel Abraham Camarillo Ojeda

Cc: Lars Hansson

Cc: misc@openbsd.org

Subject: Re: What should I do with a remote AIX machine if I accidentally 
chmod /usr/bin/ksh?

Sent: Aug 31, 2011 05:15



Abel Abraham Camarillo Ojeda wrote:

 On Tue, Aug 30, 2011 at 6:41 PM, Marcos Ariel Laufer

 mar...@ipversion4.com wrote:

   

 .. and , maybe, just maybe, the help he gets could be the 'miracle' he

 needs to consider OpenBSD his OS of choice..





 



 The miracle he needs to be _converted_, because he will think that here are a

 bunch of guys with nothing to do.



 We don't need to go there evangelizing.





   

I didn't mean evangelizing, but you never know who might be a future 

donator, after all OpenBSD needs donations







Sent from my BlackBerry. wireless device

Re: Building xxxterm and chromium

[frantisek holop]

hmm, on Wed, Aug 31, 2011 at 08:32:23AM -0500, Bryan said that
 On Wed, Aug 31, 2011 at 06:23, Marco Peereboom sl...@peereboom.us wrote:
  That sounds more like crappy DNS or filtered Internet.  I can't speak
  for chromium but webkit likes = 256 files = 16384 stack.  Adsuck can
  go a long way making the surfing experience better too.  BTW you can't
  update things willy nilly, you have to do pretty much all of it at once.
 
 
 My Internet is ATT U-verse, so you may be right about the crappy DNS. I
 will try changing it to OpenDNS or Google's DNS and see if that helps...

give pdnsd a try.  one realises how slow dns can be without a nice cache.

-f
-- 
history repeats itself because nobody listens.

Re: Building xxxterm and chromium

[Marco Peereboom]

On Wed, Aug 31, 2011 at 06:32:20PM +0200, frantisek holop wrote:
 hmm, on Wed, Aug 31, 2011 at 08:32:23AM -0500, Bryan said that
  On Wed, Aug 31, 2011 at 06:23, Marco Peereboom sl...@peereboom.us wrote:
   That sounds more like crappy DNS or filtered Internet.  I can't speak
   for chromium but webkit likes = 256 files = 16384 stack.  Adsuck can
   go a long way making the surfing experience better too.  BTW you can't
   update things willy nilly, you have to do pretty much all of it at once.
  
  
  My Internet is ATT U-verse, so you may be right about the crappy DNS. I
  will try changing it to OpenDNS or Google's DNS and see if that helps...
 
 give pdnsd a try.  one realises how slow dns can be without a nice cache.

adsuck!

 
 -f
 -- 
 history repeats itself because nobody listens.

Re: Building xxxterm and chromium

[frantisek holop]

hmm, on Wed, Aug 31, 2011 at 11:43:28AM -0500, Marco Peereboom said that
   My Internet is ATT U-verse, so you may be right about the crappy DNS. I
   will try changing it to OpenDNS or Google's DNS and see if that helps...
  
  give pdnsd a try.  one realises how slow dns can be without a nice cache.
 
 adsuck!

sure, one can use adsuck with pdnsd as well :]

adsuck(1):

 All non-spoofed responses are cached for the duration of the provided DNS
 TTL (Time To Live).  The cache will be purged when adsuck receives a HUP
 or USR1 signal.  See the SIGNALS section for more details.


does All non-spoofed responses include negatives (nxdomains)?

also, is the cache written to disk (for surviving reboots)?

-f
-- 
sharp wits, like sharp knives, often cut their owner.

My thoughts on OpenBSD - is advocacy working ?

[Daniel Villarreal]

I was posting to advoc...@openbsd.org, but only SPAM seems to function on
that list?

http://youcanlinux.wordpress.com/my-thoughts-on-openbsd/

31 Aug 2011

I was driving home Sunday and there was a Lamborghini Diablo VT driving
nearby. I caught up to it and it made an unusual soundb. very distinctive,
quite unlike anything Ibve ever heard beforeb it was smooth and yet it
wasnbt anything youbd think to ever expect from a plain automobile. It was
a
raspy sound, a beckoning sound. I first pondered how much the fine motorcar
might have cost, then I thought, it must cost a lot to keep that motor
finely tuned. I thought about the quality and attention-to-detail that the
Italian workers put into making this fine motorcar.

I thought I had damaged my dual-core system about a month ago, at least. It
wouldnbt start up and I tried pushing the power button and no luck. I
decided to buy very inexpensive testing equipment. I didnbt like the idea
of
waiting for it to arrive, but it finally did. I had never done this before,
and imagine my surprise when the power supply started up! I connected it all
back together and was glad I hadnbt re-tasked the hard drive and thrown
away
my partimage backup files. So i was updating Fedora and it crashed, for the
second time, after an update. I think of the uncompromising quality of that
fine Italian motorcar and I think of a similar attention-to-detail of
OpenBSD. Yeah, so what if i drive an old beat-up car, it works great for me
and never has to be rebooted and it does what I expect, it gets me from one
place to another. I want reliability and quality from an OS. Itbs not
really
all that valid to compare that Lamborghini motorcar with the OpenBSD
operating system, except to say that in both cases I think the
uncompromising commitment to quality and attention-to-detail shine through,
Although one canbt convert a Ford car to a Lamborghini motorcar, you can
transform your computer to a high-performance machine. You can download
OpenBSD for free, and although you arenbt required to spend the $50 to buy
a
CD set, if you consider that it goes to defray operating and development
costs, itbs a drop in the bucket compared to a tune-up for a Lamborghini,
and isnbt it important to keep your computer running at peak efficiency ?

Regards,
Daniel Villarreal

http://youcanlinux.org/

Re: Thanks a lot to all devs of OpenBSD

[Loganaden Velvindron]

Why not ? Sure it's easier to control a group if it's small.

You can also delegate authority to experienced people
for different areas. This is currently done in openbsd.

The BSD community is very small compared to Linux. As an example,
in Mauritius, there are 2 BSD users (Mac OS X doesn't count :-)).
I know around 40 local Linux users. 

Since it's so small, users can't expect developers to be
able to shoulder all the responsibilities. Aside from donations/
buying CDs, we have to run -current and test patches that
developers would like to push into the next release, even if
we don't know programming. A well-tested diff has very few
chances of causing regressions that could end up in a release.

That's a _HUGE_ way to help developers.


On Sun, Aug 28, 2011 at 02:52:19PM -0500, J Sisson wrote:
 On Sun, Aug 28, 2011 at 2:43 PM, Loganaden Velvindron 
 logana...@devio.uswrote:
 
  If other BSDs worked this way, they would have been
  successful in attracting a larger userbase. They
  have the means to do it with their larger developer
  community.
 
  This begs the question of whether or not their developer community
 would be as large if they held higher standards...

Re: Thanks a lot to all devs of OpenBSD

[Loganaden Velvindron]

On Sun, Aug 28, 2011 at 10:31:15PM +0200, ropers wrote:
  On Sun, Aug 28, 2011 at 2:43 PM, Loganaden Velvindron wrote:
  If other BSDs worked this way, they would have been
  successful in attracting a larger userbase. They
  have the means to do it with their larger developer
  community.
 
 On 28 August 2011 21:52, J Sisson wrote:
  This begs the question of whether or not their developer community
  would be as large if they held higher standards...
 
 Moreover, it also begets another question:
 If FreeBSD and NetBSD really adopted the values and practices of
 OpenBSD, then what would be their raison d'?tre, given that OpenBSD
 already exists?


Having a rock-solid -current doesn't mean the src will be the same.

The BSDs have some diverging technical goals, and this reflects in
their commit activity.

This would certainly help them to identify bugs early in their 
release cycle.
 
 (Incidentally, it occurs to me that the previously quoted War and
 Peace^W^W^W link
 http://lists.freebsd.org/pipermail/freebsd-arch/2011-August/011412.html
 (which I didn't read in its entirety) is basically an attempt to
 marshal people into making FreeBSD adopt the values and practices of
 Linux)

There's no way this could happen right now. FreeBSD doesn't have
the huge commercial backing of IBM/Oracle/HP/$GIANT_LINUX_VENDOR.

The vast majority of BSD developers are doing this in their spare
time. One differentiating factor is the quality. It's well known
that BSDs are ``more technical correct.'' 

They can only consolidate their userbase by putting
up quality releases that would make it hard for users to move
to Linux.

OpenBGPD: high CPU with huge routing tables

[kevin brintnall]

Hi,

I've looked for a mailing list for OpenBGPD but come up empty.  If there's
a better place to report this, please let me know.

I'm using OpenBGPD as a fairly large route collector.  In total, about 75
neighbors announcing ~21 million prefixes.  This is
openbgpd-4.9.20110612_1 running on FreeBSD (latest from ports collection).

# bgpctl show ip bgp memory
RDE memory statistics
456227 IPv4 unicast network entries using 17.4M of memory
912454 rib entries using 55.7M of memory
  42436670 prefix entries using 2.5G of memory
   3270891 BGP path attribute entries using 374M of memory
102926 BGP AS-PATH attribute entries using 4.6M of memory,
   and holding 3270891 references
 10722 BGP attributes entries using 419K of memory
   and holding 9317049 references
 10721 BGP attributes using 123K of memory
RIB using 3.0G of memory

I find that during start-up, the CPU of the route decision engine
process is steady between 90-100%.  During this time, bgpctl hangs.
This lasts at least 45 minutes.

I believe most of the CPU is spent in path_lookup(), traversing the
linked list in pathtable.path_hashtbl[].  I think a suitable fix would be
to increase the hash table sizes (rde.c:152):

u_int32_t   peerhashsize = 64;
u_int32_t   pathhashsize = 1024;
u_int32_t   attrhashsize = 512;
u_int32_t   nexthophashsize = 64;

It seems like it would also make sense to have these variables exposed to
the user somehow.  Maybe optional config knobs like this:

hashsize peer 64
hashsize path 1024
hashsize attr 512
hashsize nexthop 64

In addition, we could use the hash as an easy check for inequality.  This
would optimize the check for path_compare() where we only care about
equality.  There are a couple cases like this:

-if (peer == asp-peer  path_compare(aspath, asp) == 0)
+if (peer == asp-peer  path_equal(aspath, asp))

int path_equal(struct rde_aspath *a, struct rde_aspath *b)
{
if (a-hash != b-hash)
return 0;
else
return path_compare(a, b) == 0;
}

This change should probably be coupled with a better hash calculation.

Finally, I was surprised to see double the prefix entry count.  I carry
21M routes (add up the last column of bgpctl show).  Yet, the output
above shows 42M prefix entries.  I do not modify the prefixes at all; my
rule set contains only deny to any; allow from any.

Thoughts?

Thanks for OpenBGPD!

-- 
 kevin brintnall
 Network Engineer, CenturyLink

Social Technologies, este 30 de Septiembre

[Ing. Amanda Lozano]

[IMAGE]
WSI, Pms de Mixico  Adsmedia presentan:
Congreso Nacional Internet Marketing Evolution
Presentando las tematicas y tendencias mas innovadoras que le permitan
desarrollar una estrategia de MKT Digital apropiada a su necesidad.
Presentacisn Exclusiva: 30 de Septiembre Ciudad de Mixico
Traemos los mejores eventos para usted, conozca los beneficios de
capacitarse con los mejores!
Empresa Registrada ante la STPS Reg. COLG640205CP30005
Smguenos en Twitter@pmscapacitacion o bien en Facebook PMS de Mixico

!Solicite Mayores Informes! Por favor responda este e-mail con los datos
siguientes.
Empresa:
Nombre:
Telifono:
Email:
Nzmero de Interesados:
En breve recibira la informacisn completa de este inigualable evento.
Comunmquese a los telifonos y con gusto uno de nuestros ejecutivos le
atendera.
Telifonos: (0133) 8851-2365, (0133) 8851-2741, (0133) 1568-4647.

Copyright (C) 2011, PMS Capacitacisn Efectiva de Mixico  S.C. Derechos
Reservados. PMS de Mixico, El logo de PMS de Mixico son marcas
registradas. ADVERTENCIA PMS de Mixico no cuenta con alianzas
estratigicas de ningzn tipo dentro de la Republica Mexicana. NO SE DEJE
ENGAQAR - DIGA NO A LA PIRATERIA. Todos los logotipos, marcas comerciales
e imagenes son propiedad de sus respectivas corporaciones y se utilizan
con fines informativos solamente.

Este Mensaje ha sido enviado a misc@openbsd.org  /spancomo usuario de
Pms de Mixico o bien un usuario le refiris para recibir este boletmn.
Como usuario de Pms de Mixico, en este acto autoriza de manera expresa
que Pms de Mixico le puede contactar vma correo electrsnico u otros
medios.
Si usted ha recibido este mensaje por error, haga caso omiso de el y
reporte su cuenta respondiendo este correo con el subject BAJAMKT
Unsubscribe to this mailing list, reply a blank message with the subject
UNSUBSCRIBE BAJAMKT
Tenga en cuenta que la gestisn de nuestras bases de datos es de suma
importancia y no es intencisn de la empresa la inconformidad del
receptor.

[demime 1.01d removed an attachment of type image/jpeg which had a name of 
imageevo002.jpg]

Areca alarm silencing with bioctl

[Tim Howe]

I have Areca 1210 and 1220 RAID Controllers in a number of OpenBSD
servers.

The arc man page says arc supports alarm control and monitoring of
volumes configured on the controllers via the bio(4) interface and the
bioctl(8) utility.

However, when I try to silence an alarm, I get the following:

# bioctl -a s arc0   
bioctl: BIOCALARM: Operation not permitted

One thought I had was that the card's bios has a password that needs to
be entered for certain functions.  Is this required here?  If so, how?
Am I doing something else wrong?

--TimH


OpenBSD 4.9 (GENERIC.MP) #819: Wed Mar  2 06:57:49 MST 2011
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 2145255424 (2045MB)
avail mem = 2074124288 (1978MB)
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.51 @ 0x7feea000 (33 entries)
bios0: vendor Phoenix Technologies LTD version 6.00 date 08/27/2007
bios0: Supermicro PDSML
acpi0 at bios0: rev 0
acpi0: sleep states S0 S1 S4 S5
acpi0: tables DSDT FACP MCFG APIC BOOT SPCR SSDT
acpi0: wakeup devices DEV1(S5) EXP1(S5) EXP5(S5) EXP6(S5) PCIB(S5) KBC0(S1) 
MSE0(S1) COM1(S5) COM2(S5) USB1(S4) USB2(S4) USB3(S4) USB4(S4) EUSB(S4)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimcfg0 at acpi0 addr 0xf000, bus 0-14
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Pentium(R) Dual CPU E2180 @ 2.00GHz, 1995.25 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,EST,TM2,SSSE3,CX16,xTPR,PDCM,NXE,LONG
cpu0: 1MB 64b/line 4-way L2 cache
cpu0: apic clock running at 199MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Pentium(R) Dual CPU E2180 @ 2.00GHz, 1995.00 MHz
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,EST,TM2,SSSE3,CX16,xTPR,PDCM,NXE,LONG
cpu1: 1MB 64b/line 4-way L2 cache
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 1 (DEV1)
acpiprt2 at acpi0: bus 9 (EXP1)
acpiprt3 at acpi0: bus 13 (EXP5)
acpiprt4 at acpi0: bus 14 (EXP6)
acpiprt5 at acpi0: bus 15 (PCIB)
acpicpu0 at acpi0
acpicpu1 at acpi0
acpibtn0 at acpi0: PWRB
ipmi at mainbus0 not configured
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 Intel E7230 Host rev 0xc0
ppb0 at pci0 dev 1 function 0 Intel E7230 PCIE rev 0xc0: apic 2 int 16 (irq 7)
pci1 at ppb0 bus 1
ppb1 at pci1 dev 0 function 0 Intel IOP333 PCIE-PCIX rev 0x00
pci2 at ppb1 bus 2
arc0 at pci2 dev 14 function 0 Areca ARC-1220 rev 0x00: apic 2 int 18 (irq 5)
arc0: 8 ports, 256MB SDRAM, firmware V1.49 2010-12-02
scsibus0 at arc0: 16 targets
sd0 at scsibus0 targ 0 lun 0: Areca, ARC-1220-VOL#00, R001 SCSI3 0/direct 
fixed
sd0: 1430511MB, 512 bytes/sec, 2929686528 sec total
ppb2 at pci1 dev 0 function 2 Intel IOP333 PCIE-PCIX rev 0x00
pci3 at ppb2 bus 3
ppb3 at pci0 dev 28 function 0 Intel 82801GB PCIE rev 0x01: apic 2 int 17 
(irq 11)
pci4 at ppb3 bus 9
ppb4 at pci0 dev 28 function 4 Intel 82801G PCIE rev 0x01: apic 2 int 17 (irq 
11)
pci5 at ppb4 bus 13
em0 at pci5 dev 0 function 0 Intel PRO/1000MT (82573E) rev 0x03: apic 2 int 
16 (irq 7), address 00:30:48:9b:10:80
ppb5 at pci0 dev 28 function 5 Intel 82801G PCIE rev 0x01: apic 2 int 16 (irq 
7)
pci6 at ppb5 bus 14
em1 at pci6 dev 0 function 0 Intel PRO/1000MT (82573L) rev 0x00: apic 2 int 
17 (irq 11), address 00:30:48:9b:10:81
uhci0 at pci0 dev 29 function 0 Intel 82801GB USB rev 0x01: apic 2 int 23 
(irq 10)
uhci1 at pci0 dev 29 function 1 Intel 82801GB USB rev 0x01: apic 2 int 19 
(irq 11)
uhci2 at pci0 dev 29 function 2 Intel 82801GB USB rev 0x01: apic 2 int 18 
(irq 5)
uhci3 at pci0 dev 29 function 3 Intel 82801GB USB rev 0x01: apic 2 int 16 
(irq 7)
ehci0 at pci0 dev 29 function 7 Intel 82801GB USB rev 0x01: apic 2 int 23 
(irq 10)
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1
ppb6 at pci0 dev 30 function 0 Intel 82801BA Hub-to-PCI rev 0xe1
pci7 at ppb6 bus 15
vga1 at pci7 dev 0 function 0 XGI Technology Volari Z7 rev 0x00
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
pcib0 at pci0 dev 31 function 0 Intel 82801GB LPC rev 0x01
pciide0 at pci0 dev 31 function 1 Intel 82801GB IDE rev 0x01: DMA, channel 0 
configured to compatibility, channel 1 configured to compatibility
pciide0: channel 0 disabled (no drives)
pciide0: channel 1 disabled (no drives)
ichiic0 at pci0 dev 31 function 3 Intel 82801GB SMBus rev 0x01: apic 2 int 19 
(irq 11)
iic0 at ichiic0
lm1 at iic0 addr 0x2d: W83627HF
wbng0 at iic0 addr 0x2f: w83793g
spdmem0 at iic0 addr 0x50: 1GB DDR2 SDRAM ECC PC2-5300CL5
spdmem1 at iic0 addr 0x52: 1GB DDR2 SDRAM ECC PC2-5300CL5
usb1 at uhci0: USB revision 1.0
uhub1 at usb1 Intel UHCI root hub rev 1.00/1.00 addr 1
usb2 at uhci1: USB revision 1.0
uhub2 at usb2 Intel UHCI 

baja de peso ya con achieva

[Achieva Mexico]

Conozca el nuevo sitio de Achieva hablenos a nuestras oficinas en
Monterrey o visite la zona de contacto y pregunte todas sus dudas

Si no puedes ver las imagenes pulsa (mostrar imagenes)