[patch] Consistency in FAQ

[Elias Diem]

Hi

There's an inconsistency in the FAQ. CVS should be in lower 
letters.

Greetings
Elias


Index: faq/faq5.html
===
RCS file: /cvs/www/faq/faq5.html,v
retrieving revision 1.206
diff -u -r1.206 faq5.html
--- faq/faq5.html   1 Dec 2014 09:49:47 -   1.206
+++ faq/faq5.html   1 Apr 2015 07:27:42 -
@@ -408,7 +408,7 @@
 
 p
 The
-a 
href=http://www.openbsd.org/cgi-bin/man.cgi?query=cvsamp;sektion=1;CVS(1)/a
+a 
href=http://www.openbsd.org/cgi-bin/man.cgi?query=cvsamp;sektion=1;cvs(1)/a
 command has many options, some of them are ibrequired/b/i to
 checkout and update a useful tree.
 Other commands can cause a broken tree.

strange problem with GRE (protocol 47)

[Berislav Purgar]

Hello

I have strange problem wiht GRE protocol on openbsd 5.5 (amd64) that act
only as firewall (no VPN server on them)  for my small local network.
Problem is that sometime VPN connection works and i make connection but for
some strange reason sometime VPN connection does not work. tcpdump shows
that protocol 47 is unrechable (on firewall) but for some reason if i
reload pf rules it works for some time. when VPN connection works if i try
to made new one on new computer it does not work ( protocol 47 unrechable
error ).

gre is allowed in sysctl .. i think that pf.conf rules are OK . any
suggestion what to try ?

pf.conf is in attachment

[demime 1.01d removed an attachment of type application/octet-stream which had 
a name of pf.conf]

Re: How to launch Pulseaudio?

[David Coppa]

On Wed, Apr 1, 2015 at 6:37 AM, Dmitry Orlov dmitry.sen...@gmail.com wrote:
 Hi
 Point me please how to launch Pulseaudio. In /etc/rc.d I don't see script to
 run pulseaudio :)

With an XDG compliant DE/WM, it should start automatically.

Otherwise, put a:

/usr/local/bin/start-pulseaudio-x11

into your $HOME/.xinitrc

 Dmitry Orlov

Ciao!
David

Re: strange problem with GRE (protocol 47)

[cosmo]

There 's a bug with the GRE , when there's already a connection existing
, you try another new connection thru the OpenBSD box to the same VPN
Server (GRE Protocol), it would not regard it as a old one , so
OpenBSD would deny the new connection . 

this bug have been always there , could anybody have any idea about it ?

在 ，Berislav Purgar 写道：
 Hello
 
 I have strange problem wiht GRE protocol on openbsd 5.5 (amd64) that act
 only as firewall (no VPN server on them) for my small local network.
 Problem is that sometime VPN connection works and i make connection but for
 some strange reason sometime VPN connection does not work. tcpdump shows
 that protocol 47 is unrechable (on firewall) but for some reason if i
 reload pf rules it works for some time. when VPN connection works if i try
 to made new one on new computer it does not work ( protocol 47 unrechable
 error ).
 
 gre is allowed in sysctl .. i think that pf.conf rules are OK . any
 suggestion what to try ?
 
 pf.conf is in attachment
 
 [demime 1.01d removed an attachment of type application/octet-stream
 which had a name of pf.conf]

Tips tricks about using mysql under OpenBSD

[C.L. Martinez]

Hi all,

 In the following weeks, I need to install a syslog collector server 
using mysql as a backend to store all logs (and I would like to use 
OpenBSD 5.7 to accomplish that).


 I expect +/- 5k-6k EPS from our servers (unix, linux, windows). As a 
syslog process I will use syslog-ng or rsyslog. But my question is about 
using mysql under OpenBSD.


 Due to the log volume, I will need to do, probably, some type of 
tuning in mysql side.


 Somebody uses mysql in production environments with a respectable 
amount of inserts under OpenBSD? Tips  tricks about what options to use 
under fstab where mysql stores all data, memory limits, etc?


Thanks.

Re: [patch] Consistency in FAQ

[Nick Holland]

On 04/01/15 03:37, Elias Diem wrote:
 Index: faq/faq5.html
 ===
 RCS file: /cvs/www/faq/faq5.html,v
 retrieving revision 1.206
 diff -u -r1.206 faq5.html
 --- faq/faq5.html 1 Dec 2014 09:49:47 -   1.206
 +++ faq/faq5.html 1 Apr 2015 07:27:42 -
 @@ -408,7 +408,7 @@
  
  p
  The
 -a 
 href=http://www.openbsd.org/cgi-bin/man.cgi?query=cvsamp;sektion=1;CVS(1)/a
 +a 
 href=http://www.openbsd.org/cgi-bin/man.cgi?query=cvsamp;sektion=1;cvs(1)/a
  command has many options, some of them are ibrequired/b/i to
  checkout and update a useful tree.
  Other commands can cause a broken tree.

Yep, I'd agree with that.  Committed, thanks!

Nick.

Re: strange problem with GRE (protocol 47)

[Berislav Purgar]

There 's a bug with the GRE , when there's already a connection existing ,
you try another new connection thru the OpenBSD box to the same VPN Server
(GRE Protocol), it would not regard it as a old one , so OpenBSD would
deny the new connection . this bug have been always there , could anybody
have any idea about it ?



Tnx for info.. but i have problem that with no reason ( no previous vpn
connection or active one) sometime it works and vpn connection is made and
sometimes u got protocol 47 unrechable ?!

Beri

Re: l2pt traffic forwarding

[mxb]

You done the routing on the client side?
Client, after connecting to L2TP, should know how to reach your internal 
network there web3 lives.

//mxb

 On 31 mar 2015, at 23:17, Predrag Punosevac punoseva...@gmail.com wrote:
 
 Hi Misc,
 
 Thanks to sevral kind fox I got L2PT server to work like a charm on 5.7.
 I will post my configuration files in day or two as I am working on the
 very tight deadline.
 
 I am facing now another probably trivial problem.
 
 I would like L2PT server to serve as a web gateway to one of my
 websites.
 
 
 Namely I have something like this
 
 Internet  Firewall/L2PT/Nginx  insecure web using Nginx proxy 
    insecure web2 using Nginx proxy
   sec web3 only available to L2PT
 
 
 I have problem getting web3 to be available to L2PT folks. Was trying 
 to rdr the incomming traffic on vpn interfece tun0 address 10.0.0.1 to
 a host behind firewall on my private lan. It didn't work.
 
 I am tried to use nginx as proxy as declaring 10.0.0.1 to be the
 interface and redireting to virtual host but all I get is for nginx to
 push that traffic to one of the hosts web and web2 which use the same
 port but different non vpn address (the same physical interface with
 tun0)
 
 The only thing I have not done is using enc0 interface? Can somebody
 point me in the general direction how to solve this problem.
 
 Most Kind Regards,
 Predrag Punosevac

a few questions to httpd

[Markus Rosjat]

Hi there,

since 5.7 will not have a apache or a nginx as  out of the box webserver 
it would be nice to know something about the new httpd. I try to 
google arround but I only found man pages. So I try to get some answers 
here.


 Is there some kind of documentation out there?
 If not
   - does it support chroot
   - can you define virtual host and does it support SNI

I could guess of more but I think thats the most important stuff for me 
right now :)


So if some of the insiders could shed some light on the subject would be 
cool


Regards

--
Markus Rosjatfon: +49 351 8107223mail: ros...@ghweb.de

G+H Webservice GbR Gorzolla, Herrmann
Königsbrücker Str. 70, 01099 Dresden

http://www.ghweb.de
fon: +49 351 8107220   fax: +49 351 8107227

Bitte prüfen Sie, ob diese Mail wirklich ausgedruckt werden muss! Before you 
print it, think about your responsibility and commitment to the ENVIRONMENT

Re: a few questions to httpd

[Markus Rosjat]

Okay I found some pdf (damn if you can't google it the right way ...)

so I think I just solved this myself but if someone with experience in 
setting it up likes to give hints

I'll gladly take tehm :)

Regards

Markus

Am 01.04.2015 um 16:32 schrieb Markus Rosjat:

Hi there,

since 5.7 will not have a apache or a nginx as  out of the box 
webserver it would be nice to know something about the new httpd. I 
try to google arround but I only found man pages. So I try to get some 
answers here.


 Is there some kind of documentation out there?
 If not
   - does it support chroot
   - can you define virtual host and does it support SNI

I could guess of more but I think thats the most important stuff for 
me right now :)


So if some of the insiders could shed some light on the subject would 
be cool


Regards



--
Markus Rosjatfon: +49 351 8107223mail: ros...@ghweb.de

G+H Webservice GbR Gorzolla, Herrmann
Königsbrücker Str. 70, 01099 Dresden

http://www.ghweb.de
fon: +49 351 8107220   fax: +49 351 8107227

Bitte prüfen Sie, ob diese Mail wirklich ausgedruckt werden muss! Before you 
print it, think about your responsibility and commitment to the ENVIRONMENT

Re: a few questions to httpd

[Peter J. Philipp]

On Wed, Apr 01, 2015 at 05:21:47PM +0200, Markus Rosjat wrote:
 I'm a german , extremly lazy and a dummy by default (ask arround you'll 
 see )
 but like my previous mail said I just found a pdf that provides most of 
 the answers I have ;)

I'm a german too, but ask around we've been upgraded, we're europeans now!
Before Europe didn't want anything to do with us, but we got friends in the
inner circle, just ask Greece! *still smiling from openbsd april 1st jokes*

-peter

Re: a few questions to httpd

[Alexander Hall]

On April 1, 2015 4:32:43 PM GMT+02:00, Markus Rosjat ros...@ghweb.de wrote:
Hi there,

since 5.7 will not have a apache or a nginx as  out of the box
webserver 
it would be nice to know something about the new httpd. I try to 
google arround but I only found man pages. So I try to get some answers

here.

It didn't occur to you to actually read said man pages? Some, if not all, of 
your questions might be answered right there... ;-) 

/Alexander 


  Is there some kind of documentation out there?
  If not
- does it support chroot
- can you define virtual host and does it support SNI

I could guess of more but I think thats the most important stuff for me

right now :)

So if some of the insiders could shed some light on the subject would
be 
cool

Regards

Re: a few questions to httpd

[Markus Rosjat]

Am 01.04.2015 um 17:34 schrieb Peter J. Philipp:

On Wed, Apr 01, 2015 at 05:21:47PM +0200, Markus Rosjat wrote:

I'm a german , extremly lazy and a dummy by default (ask arround you'll
see )
but like my previous mail said I just found a pdf that provides most of
the answers I have ;)

I'm a german too, but ask around we've been upgraded, we're europeans now!

and that's your opinion (okay a worse big bang theory ref )  :-P

Before Europe didn't want anything to do with us, but we got friends in the
inner circle, just ask Greece! *still smiling from openbsd april 1st jokes*

that's not going to happen someone has to be the sugardaddy for the EU :)


-peter

okay hope this was all german enough so I stop being the evil german an 
just looking forward to 05/2015


--
Markus Rosjatfon: +49 351 8107223mail: ros...@ghweb.de

G+H Webservice GbR Gorzolla, Herrmann
Königsbrücker Str. 70, 01099 Dresden

http://www.ghweb.de
fon: +49 351 8107220   fax: +49 351 8107227

Bitte prüfen Sie, ob diese Mail wirklich ausgedruckt werden muss! Before you 
print it, think about your responsibility and commitment to the ENVIRONMENT

Re: a few questions to httpd

[Markus Rosjat]

Am 01.04.2015 um 16:51 schrieb Alexander Hall:

On April 1, 2015 4:32:43 PM GMT+02:00, Markus Rosjat ros...@ghweb.de wrote:

Hi there,

since 5.7 will not have a apache or a nginx as  out of the box
webserver
it would be nice to know something about the new httpd. I try to
google arround but I only found man pages. So I try to get some answers

here.

It didn't occur to you to actually read said man pages? Some, if not all, of 
your questions might be answered right there... ;-)

/Alexander
I'm a german , extremly lazy and a dummy by default (ask arround you'll 
see )
but like my previous mail said I just found a pdf that provides most of 
the answers I have ;)



  Is there some kind of documentation out there?
  If not
- does it support chroot
- can you define virtual host and does it support SNI

I could guess of more but I think thats the most important stuff for me

right now :)

So if some of the insiders could shed some light on the subject would
be
cool

Regards


--
Markus Rosjatfon: +49 351 8107223mail: ros...@ghweb.de

G+H Webservice GbR Gorzolla, Herrmann
Königsbrücker Str. 70, 01099 Dresden

http://www.ghweb.de
fon: +49 351 8107220   fax: +49 351 8107227

Bitte prüfen Sie, ob diese Mail wirklich ausgedruckt werden muss! Before you 
print it, think about your responsibility and commitment to the ENVIRONMENT

Re: Can someone with current do :

[sven falempin]

On Wed, Apr 1, 2015 at 8:30 PM, sven falempin sven.falem...@gmail.com
wrote:

 ping 8.8.88.

 (probably fixed by then, it crash here but i am far from current)


and the problem is with some static routes so do not even bother.

Sorry.

-- 
-
() ascii ribbon campaign - against html e-mail
/\

Re: differences between pk_add -u and building from source at stable

[John Merriam]

On 4/1/2015 4:16 PM, Joel Rees wrote:

Should there be a difference if I haven't botched the source tree for
/usr/ports at some point?

 firefox --version

tells me

 Mozilla Firefox 31.0

(It also gives a warning about size mismatch in a couple of c++ libraries
and says I should relink the program, which is part of the message it sends
to the console every time I run it. I'vd been ignoring that message.)

And

 pkg_add -u firefox

just talks to itself, then says

 quirks-2.9 signed on 2014-08-02T11:06:132

but

 cd /usr/ports/www/firefox-esr
 make -n

tells me

 lock=firefox-esr-31.5.3


Hello.  I had similar issues figuring this out when I started using 
OpenBSD again recently.


If you are running -stable, the packages available from pkg_add are 
-release packages.  From what others have said, the -release packages 
usually do not receive updates.


To use -stable packages (which do receive updates via CVS), you must use 
ports and compile them from the ports tree.


Obviously this is subject to change at any time but as far as I know 
that is still the situation.


I don't mind using ports instead of packages myself.  But, I haven't 
tried OpenBSD on the desktop yet (routers/firewalls and servers so far). 
 Compiling huge stuff that updates often like Firefox could be kind of 
a pain I would guess.


--

John Merriam

Secure PDF viewer

[Eric Furman]

I sometimes have to deal with PDF files (ugh) and all
I need is the ability to view and print them, nothing
fancy. With security in mind I would like to get opinions
on the best one to use.
Thanks.

Can someone with current do :

[sven falempin]

ping 8.8.88.

(probably fixed by then, it crash here but i am far from current)

Thank you.

-- 
-
() ascii ribbon campaign - against html e-mail
/\

Re: differences between pk_add -u and building from source at stable

[dan mclaughlin]

On Thu, 2 Apr 2015 05:16:25 +0900 Joel Rees joel.r...@gmail.com wrote:
 Should there be a difference if I haven't botched the source tree for
 /usr/ports at some point?
 
 firefox --version
 
 tells me
 
 Mozilla Firefox 31.0
 
 (It also gives a warning about size mismatch in a couple of c++ libraries
 and says I should relink the program, which is part of the message it sends
 to the console every time I run it. I'vd been ignoring that message.)
 
 And
 
 pkg_add -u firefox
 
 just talks to itself, then says
 
 quirks-2.9 signed on 2014-08-02T11:06:132
 
 but
 
 cd /usr/ports/www/firefox-esr
 make -n
 
 tells me
 
 lock=firefox-esr-31.5.3
 
 Without the -n, it would try to install firefox 31.5.3, but break on lack
 of disk space for installing gcc 4.8.3. I installed gcc-4.8.3 from
 packages, but the make process didn't see that, and still tried to install
 it again. (gcc --version from the command line says 4.2.1.)

for the package you need to check the patch version as well. whenever there
is a change in the patches that the ports build system applies, it changes.

if you want the version that the port build will produce do:

$ (cd /usr/ports/lang/gcc/4.8/  make _print-packagename)
gcc-4.8.4p2

if you have gcc-4.8.4p1 that is considered a different package version.

to get the installed one:
$ pkg_info -I gcc
gcc-4.8.4p2 GNU compiler collection: core C compiler

there are alot of options for make that are in bsd.port.mk(5) (although the
one i used above is technically an internal make command). you also might
have better luck asking these questions on ports@ in the future.

 
 I've grabbed some space on another disk, changed /etc/fstab to mount those
 partitions and rebuilt src and xenocara in nice roomy partitions there.
 (Man, putting the src tree on a separate disk sure speeds cvs updates and
 builds up like crazy!) /usr/ports is just sitting there after a cvs up to
 stable (-rOPENBSD_5_6).
 
 And I'm hesitating before building firefox from source again.
 
 Joel Rees
 
 Computer memory is just fancy paper,
 CPUs just fancy pens.
 All is a stream of text
 flowing from the past into the future.

OpenBSD.org gets SANCTIONED .RU

[Constantine A. Murenin]

Dear misc and advocacy,

It has come to my attention that OpenBSD.org has been sanctioned today.

It has been sanctioned in the category of best desktop OS.

Some other sites sanctioned together with OpenBSD.org are 
FreeBSD.org for serving, 
NetBSD.org for powering toasters and 
nginx.org for an engine with an X (not sure what that means, anyone?).


http://We.Are.Sanctioned.RU/

Everyone, thanks for all the fish, and keep up the good work!

And feel free to nominate other web-sites with #SanctionedRU.  
I'm thinking perhaps lobste.rs is next!


Cheers,
Constantine.

Re: l2pt traffic forwarding

[Predrag Punosevac]

mxb m...@alumni.chalmers.se wrote:

 
 You done the routing on the client side?
 Client, after connecting to L2TP, should know how to reach your internal 
 network there web3 lives.
 

Thanks Maxim!!! I got things to work. I have now fully functional web
server accessible only via L2PT on the same physical IP address and the
same port as another public web server.

I would like to thank you (L2PT howto and Undeadly article), Brian S.
Vangsgaard (L2PT howto), and Marko Cupac (PTPP howto which works like a
charm and was really useful for debugging). Of course big thanks to
all OpenBSD developers who put long hours into amazing IPsec layer and
npppd daemon.

Predrag

P.S. Does anyone feel updating Maxim Bourmistrov undeadly article?

http://undeadly.org/cgi?action=articlesid=20120427125048

I could write up summary of what you have essentially sent me and my own
experience getting it to work but you guys really deserv all the credit.


 //mxb
 
  On 31 mar 2015, at 23:17, Predrag Punosevac punoseva...@gmail.com wrote:
  
  Hi Misc,
  
  Thanks to sevral kind fox I got L2PT server to work like a charm on 5.7.
  I will post my configuration files in day or two as I am working on the
  very tight deadline.
  
  I am facing now another probably trivial problem.
  
  I would like L2PT server to serve as a web gateway to one of my
  websites.
  
  
  Namely I have something like this
  
  Internet  Firewall/L2PT/Nginx  insecure web using Nginx proxy 
 insecure web2 using Nginx proxy
  sec web3 only available to L2PT
  
  
  I have problem getting web3 to be available to L2PT folks. Was trying 
  to rdr the incomming traffic on vpn interfece tun0 address 10.0.0.1 to
  a host behind firewall on my private lan. It didn't work.
  
  I am tried to use nginx as proxy as declaring 10.0.0.1 to be the
  interface and redireting to virtual host but all I get is for nginx to
  push that traffic to one of the hosts web and web2 which use the same
  port but different non vpn address (the same physical interface with
  tun0)
  
  The only thing I have not done is using enc0 interface? Can somebody
  point me in the general direction how to solve this problem.
  
  Most Kind Regards,
  Predrag Punosevac

INSTALLING XFCE

[cray cray]

hello...
when i'm trying to run the following command pkg_add -Iv xfce and installing
the depedencies
i get an error on xfce-4.10:gnome-icon-theme-3.8.2

vm_fault (0xd5ecc880, 0xa8, 0, 1) - e
kernel: page fault trap, code=0
stopped at uvm_pagecmp+0x19: movl 0x24(%eax), %ecx
ddb{0}

anyone knows how can i solve this problem?
thanks in advanced..

differences between pk_add -u and building from source at stable

[Joel Rees]

Should there be a difference if I haven't botched the source tree for
/usr/ports at some point?

firefox --version

tells me

Mozilla Firefox 31.0

(It also gives a warning about size mismatch in a couple of c++ libraries
and says I should relink the program, which is part of the message it sends
to the console every time I run it. I'vd been ignoring that message.)

And

pkg_add -u firefox

just talks to itself, then says

quirks-2.9 signed on 2014-08-02T11:06:132

but

cd /usr/ports/www/firefox-esr
make -n

tells me

lock=firefox-esr-31.5.3

Without the -n, it would try to install firefox 31.5.3, but break on lack
of disk space for installing gcc 4.8.3. I installed gcc-4.8.3 from
packages, but the make process didn't see that, and still tried to install
it again. (gcc --version from the command line says 4.2.1.)

I've grabbed some space on another disk, changed /etc/fstab to mount those
partitions and rebuilt src and xenocara in nice roomy partitions there.
(Man, putting the src tree on a separate disk sure speeds cvs updates and
builds up like crazy!) /usr/ports is just sitting there after a cvs up to
stable (-rOPENBSD_5_6).

And I'm hesitating before building firefox from source again.

Joel Rees

Computer memory is just fancy paper,
CPUs just fancy pens.
All is a stream of text
flowing from the past into the future.