[patch] Consistency in FAQ
Hi There's an inconsistency in the FAQ. CVS should be in lower letters. Greetings Elias Index: faq/faq5.html === RCS file: /cvs/www/faq/faq5.html,v retrieving revision 1.206 diff -u -r1.206 faq5.html --- faq/faq5.html 1 Dec 2014 09:49:47 - 1.206 +++ faq/faq5.html 1 Apr 2015 07:27:42 - @@ -408,7 +408,7 @@ p The -a href=http://www.openbsd.org/cgi-bin/man.cgi?query=cvsamp;sektion=1;CVS(1)/a +a href=http://www.openbsd.org/cgi-bin/man.cgi?query=cvsamp;sektion=1;cvs(1)/a command has many options, some of them are ibrequired/b/i to checkout and update a useful tree. Other commands can cause a broken tree.
strange problem with GRE (protocol 47)
Hello I have strange problem wiht GRE protocol on openbsd 5.5 (amd64) that act only as firewall (no VPN server on them) for my small local network. Problem is that sometime VPN connection works and i make connection but for some strange reason sometime VPN connection does not work. tcpdump shows that protocol 47 is unrechable (on firewall) but for some reason if i reload pf rules it works for some time. when VPN connection works if i try to made new one on new computer it does not work ( protocol 47 unrechable error ). gre is allowed in sysctl .. i think that pf.conf rules are OK . any suggestion what to try ? pf.conf is in attachment [demime 1.01d removed an attachment of type application/octet-stream which had a name of pf.conf]
Re: How to launch Pulseaudio?
On Wed, Apr 1, 2015 at 6:37 AM, Dmitry Orlov dmitry.sen...@gmail.com wrote: Hi Point me please how to launch Pulseaudio. In /etc/rc.d I don't see script to run pulseaudio :) With an XDG compliant DE/WM, it should start automatically. Otherwise, put a: /usr/local/bin/start-pulseaudio-x11 into your $HOME/.xinitrc Dmitry Orlov Ciao! David
Re: strange problem with GRE (protocol 47)
There 's a bug with the GRE , when there's already a connection existing , you try another new connection thru the OpenBSD box to the same VPN Server (GRE Protocol), it would not regard it as a old one , so OpenBSD would deny the new connection . this bug have been always there , could anybody have any idea about it ? å¨ ï¼Berislav Purgar åéï¼ Hello I have strange problem wiht GRE protocol on openbsd 5.5 (amd64) that act only as firewall (no VPN server on them) for my small local network. Problem is that sometime VPN connection works and i make connection but for some strange reason sometime VPN connection does not work. tcpdump shows that protocol 47 is unrechable (on firewall) but for some reason if i reload pf rules it works for some time. when VPN connection works if i try to made new one on new computer it does not work ( protocol 47 unrechable error ). gre is allowed in sysctl .. i think that pf.conf rules are OK . any suggestion what to try ? pf.conf is in attachment [demime 1.01d removed an attachment of type application/octet-stream which had a name of pf.conf]
Tips tricks about using mysql under OpenBSD
Hi all, In the following weeks, I need to install a syslog collector server using mysql as a backend to store all logs (and I would like to use OpenBSD 5.7 to accomplish that). I expect +/- 5k-6k EPS from our servers (unix, linux, windows). As a syslog process I will use syslog-ng or rsyslog. But my question is about using mysql under OpenBSD. Due to the log volume, I will need to do, probably, some type of tuning in mysql side. Somebody uses mysql in production environments with a respectable amount of inserts under OpenBSD? Tips tricks about what options to use under fstab where mysql stores all data, memory limits, etc? Thanks.
Re: [patch] Consistency in FAQ
On 04/01/15 03:37, Elias Diem wrote: Index: faq/faq5.html === RCS file: /cvs/www/faq/faq5.html,v retrieving revision 1.206 diff -u -r1.206 faq5.html --- faq/faq5.html 1 Dec 2014 09:49:47 - 1.206 +++ faq/faq5.html 1 Apr 2015 07:27:42 - @@ -408,7 +408,7 @@ p The -a href=http://www.openbsd.org/cgi-bin/man.cgi?query=cvsamp;sektion=1;CVS(1)/a +a href=http://www.openbsd.org/cgi-bin/man.cgi?query=cvsamp;sektion=1;cvs(1)/a command has many options, some of them are ibrequired/b/i to checkout and update a useful tree. Other commands can cause a broken tree. Yep, I'd agree with that. Committed, thanks! Nick.
Re: strange problem with GRE (protocol 47)
There 's a bug with the GRE , when there's already a connection existing , you try another new connection thru the OpenBSD box to the same VPN Server (GRE Protocol), it would not regard it as a old one , so OpenBSD would deny the new connection . this bug have been always there , could anybody have any idea about it ? Tnx for info.. but i have problem that with no reason ( no previous vpn connection or active one) sometime it works and vpn connection is made and sometimes u got protocol 47 unrechable ?! Beri
Re: l2pt traffic forwarding
You done the routing on the client side? Client, after connecting to L2TP, should know how to reach your internal network there web3 lives. //mxb On 31 mar 2015, at 23:17, Predrag Punosevac punoseva...@gmail.com wrote: Hi Misc, Thanks to sevral kind fox I got L2PT server to work like a charm on 5.7. I will post my configuration files in day or two as I am working on the very tight deadline. I am facing now another probably trivial problem. I would like L2PT server to serve as a web gateway to one of my websites. Namely I have something like this Internet Firewall/L2PT/Nginx insecure web using Nginx proxy insecure web2 using Nginx proxy sec web3 only available to L2PT I have problem getting web3 to be available to L2PT folks. Was trying to rdr the incomming traffic on vpn interfece tun0 address 10.0.0.1 to a host behind firewall on my private lan. It didn't work. I am tried to use nginx as proxy as declaring 10.0.0.1 to be the interface and redireting to virtual host but all I get is for nginx to push that traffic to one of the hosts web and web2 which use the same port but different non vpn address (the same physical interface with tun0) The only thing I have not done is using enc0 interface? Can somebody point me in the general direction how to solve this problem. Most Kind Regards, Predrag Punosevac
a few questions to httpd
Hi there, since 5.7 will not have a apache or a nginx as out of the box webserver it would be nice to know something about the new httpd. I try to google arround but I only found man pages. So I try to get some answers here. Is there some kind of documentation out there? If not - does it support chroot - can you define virtual host and does it support SNI I could guess of more but I think thats the most important stuff for me right now :) So if some of the insiders could shed some light on the subject would be cool Regards -- Markus Rosjatfon: +49 351 8107223mail: ros...@ghweb.de G+H Webservice GbR Gorzolla, Herrmann Königsbrücker Str. 70, 01099 Dresden http://www.ghweb.de fon: +49 351 8107220 fax: +49 351 8107227 Bitte prüfen Sie, ob diese Mail wirklich ausgedruckt werden muss! Before you print it, think about your responsibility and commitment to the ENVIRONMENT
Re: a few questions to httpd
Okay I found some pdf (damn if you can't google it the right way ...) so I think I just solved this myself but if someone with experience in setting it up likes to give hints I'll gladly take tehm :) Regards Markus Am 01.04.2015 um 16:32 schrieb Markus Rosjat: Hi there, since 5.7 will not have a apache or a nginx as out of the box webserver it would be nice to know something about the new httpd. I try to google arround but I only found man pages. So I try to get some answers here. Is there some kind of documentation out there? If not - does it support chroot - can you define virtual host and does it support SNI I could guess of more but I think thats the most important stuff for me right now :) So if some of the insiders could shed some light on the subject would be cool Regards -- Markus Rosjatfon: +49 351 8107223mail: ros...@ghweb.de G+H Webservice GbR Gorzolla, Herrmann Königsbrücker Str. 70, 01099 Dresden http://www.ghweb.de fon: +49 351 8107220 fax: +49 351 8107227 Bitte prüfen Sie, ob diese Mail wirklich ausgedruckt werden muss! Before you print it, think about your responsibility and commitment to the ENVIRONMENT
Re: a few questions to httpd
On Wed, Apr 01, 2015 at 05:21:47PM +0200, Markus Rosjat wrote: I'm a german , extremly lazy and a dummy by default (ask arround you'll see ) but like my previous mail said I just found a pdf that provides most of the answers I have ;) I'm a german too, but ask around we've been upgraded, we're europeans now! Before Europe didn't want anything to do with us, but we got friends in the inner circle, just ask Greece! *still smiling from openbsd april 1st jokes* -peter
Re: a few questions to httpd
On April 1, 2015 4:32:43 PM GMT+02:00, Markus Rosjat ros...@ghweb.de wrote: Hi there, since 5.7 will not have a apache or a nginx as out of the box webserver it would be nice to know something about the new httpd. I try to google arround but I only found man pages. So I try to get some answers here. It didn't occur to you to actually read said man pages? Some, if not all, of your questions might be answered right there... ;-) /Alexander Is there some kind of documentation out there? If not - does it support chroot - can you define virtual host and does it support SNI I could guess of more but I think thats the most important stuff for me right now :) So if some of the insiders could shed some light on the subject would be cool Regards
Re: a few questions to httpd
Am 01.04.2015 um 17:34 schrieb Peter J. Philipp: On Wed, Apr 01, 2015 at 05:21:47PM +0200, Markus Rosjat wrote: I'm a german , extremly lazy and a dummy by default (ask arround you'll see ) but like my previous mail said I just found a pdf that provides most of the answers I have ;) I'm a german too, but ask around we've been upgraded, we're europeans now! and that's your opinion (okay a worse big bang theory ref ) :-P Before Europe didn't want anything to do with us, but we got friends in the inner circle, just ask Greece! *still smiling from openbsd april 1st jokes* that's not going to happen someone has to be the sugardaddy for the EU :) -peter okay hope this was all german enough so I stop being the evil german an just looking forward to 05/2015 -- Markus Rosjatfon: +49 351 8107223mail: ros...@ghweb.de G+H Webservice GbR Gorzolla, Herrmann Königsbrücker Str. 70, 01099 Dresden http://www.ghweb.de fon: +49 351 8107220 fax: +49 351 8107227 Bitte prüfen Sie, ob diese Mail wirklich ausgedruckt werden muss! Before you print it, think about your responsibility and commitment to the ENVIRONMENT
Re: a few questions to httpd
Am 01.04.2015 um 16:51 schrieb Alexander Hall: On April 1, 2015 4:32:43 PM GMT+02:00, Markus Rosjat ros...@ghweb.de wrote: Hi there, since 5.7 will not have a apache or a nginx as out of the box webserver it would be nice to know something about the new httpd. I try to google arround but I only found man pages. So I try to get some answers here. It didn't occur to you to actually read said man pages? Some, if not all, of your questions might be answered right there... ;-) /Alexander I'm a german , extremly lazy and a dummy by default (ask arround you'll see ) but like my previous mail said I just found a pdf that provides most of the answers I have ;) Is there some kind of documentation out there? If not - does it support chroot - can you define virtual host and does it support SNI I could guess of more but I think thats the most important stuff for me right now :) So if some of the insiders could shed some light on the subject would be cool Regards -- Markus Rosjatfon: +49 351 8107223mail: ros...@ghweb.de G+H Webservice GbR Gorzolla, Herrmann Königsbrücker Str. 70, 01099 Dresden http://www.ghweb.de fon: +49 351 8107220 fax: +49 351 8107227 Bitte prüfen Sie, ob diese Mail wirklich ausgedruckt werden muss! Before you print it, think about your responsibility and commitment to the ENVIRONMENT
Re: Can someone with current do :
On Wed, Apr 1, 2015 at 8:30 PM, sven falempin sven.falem...@gmail.com wrote: ping 8.8.88. (probably fixed by then, it crash here but i am far from current) and the problem is with some static routes so do not even bother. Sorry. -- - () ascii ribbon campaign - against html e-mail /\
Re: differences between pk_add -u and building from source at stable
On 4/1/2015 4:16 PM, Joel Rees wrote: Should there be a difference if I haven't botched the source tree for /usr/ports at some point? firefox --version tells me Mozilla Firefox 31.0 (It also gives a warning about size mismatch in a couple of c++ libraries and says I should relink the program, which is part of the message it sends to the console every time I run it. I'vd been ignoring that message.) And pkg_add -u firefox just talks to itself, then says quirks-2.9 signed on 2014-08-02T11:06:132 but cd /usr/ports/www/firefox-esr make -n tells me lock=firefox-esr-31.5.3 Hello. I had similar issues figuring this out when I started using OpenBSD again recently. If you are running -stable, the packages available from pkg_add are -release packages. From what others have said, the -release packages usually do not receive updates. To use -stable packages (which do receive updates via CVS), you must use ports and compile them from the ports tree. Obviously this is subject to change at any time but as far as I know that is still the situation. I don't mind using ports instead of packages myself. But, I haven't tried OpenBSD on the desktop yet (routers/firewalls and servers so far). Compiling huge stuff that updates often like Firefox could be kind of a pain I would guess. -- John Merriam
Secure PDF viewer
I sometimes have to deal with PDF files (ugh) and all I need is the ability to view and print them, nothing fancy. With security in mind I would like to get opinions on the best one to use. Thanks.
Can someone with current do :
ping 8.8.88. (probably fixed by then, it crash here but i am far from current) Thank you. -- - () ascii ribbon campaign - against html e-mail /\
Re: differences between pk_add -u and building from source at stable
On Thu, 2 Apr 2015 05:16:25 +0900 Joel Rees joel.r...@gmail.com wrote: Should there be a difference if I haven't botched the source tree for /usr/ports at some point? firefox --version tells me Mozilla Firefox 31.0 (It also gives a warning about size mismatch in a couple of c++ libraries and says I should relink the program, which is part of the message it sends to the console every time I run it. I'vd been ignoring that message.) And pkg_add -u firefox just talks to itself, then says quirks-2.9 signed on 2014-08-02T11:06:132 but cd /usr/ports/www/firefox-esr make -n tells me lock=firefox-esr-31.5.3 Without the -n, it would try to install firefox 31.5.3, but break on lack of disk space for installing gcc 4.8.3. I installed gcc-4.8.3 from packages, but the make process didn't see that, and still tried to install it again. (gcc --version from the command line says 4.2.1.) for the package you need to check the patch version as well. whenever there is a change in the patches that the ports build system applies, it changes. if you want the version that the port build will produce do: $ (cd /usr/ports/lang/gcc/4.8/ make _print-packagename) gcc-4.8.4p2 if you have gcc-4.8.4p1 that is considered a different package version. to get the installed one: $ pkg_info -I gcc gcc-4.8.4p2 GNU compiler collection: core C compiler there are alot of options for make that are in bsd.port.mk(5) (although the one i used above is technically an internal make command). you also might have better luck asking these questions on ports@ in the future. I've grabbed some space on another disk, changed /etc/fstab to mount those partitions and rebuilt src and xenocara in nice roomy partitions there. (Man, putting the src tree on a separate disk sure speeds cvs updates and builds up like crazy!) /usr/ports is just sitting there after a cvs up to stable (-rOPENBSD_5_6). And I'm hesitating before building firefox from source again. Joel Rees Computer memory is just fancy paper, CPUs just fancy pens. All is a stream of text flowing from the past into the future.
OpenBSD.org gets SANCTIONED .RU
Dear misc and advocacy, It has come to my attention that OpenBSD.org has been sanctioned today. It has been sanctioned in the category of best desktop OS. Some other sites sanctioned together with OpenBSD.org are FreeBSD.org for serving, NetBSD.org for powering toasters and nginx.org for an engine with an X (not sure what that means, anyone?). http://We.Are.Sanctioned.RU/ Everyone, thanks for all the fish, and keep up the good work! And feel free to nominate other web-sites with #SanctionedRU. I'm thinking perhaps lobste.rs is next! Cheers, Constantine.
Re: l2pt traffic forwarding
mxb m...@alumni.chalmers.se wrote: You done the routing on the client side? Client, after connecting to L2TP, should know how to reach your internal network there web3 lives. Thanks Maxim!!! I got things to work. I have now fully functional web server accessible only via L2PT on the same physical IP address and the same port as another public web server. I would like to thank you (L2PT howto and Undeadly article), Brian S. Vangsgaard (L2PT howto), and Marko Cupac (PTPP howto which works like a charm and was really useful for debugging). Of course big thanks to all OpenBSD developers who put long hours into amazing IPsec layer and npppd daemon. Predrag P.S. Does anyone feel updating Maxim Bourmistrov undeadly article? http://undeadly.org/cgi?action=articlesid=20120427125048 I could write up summary of what you have essentially sent me and my own experience getting it to work but you guys really deserv all the credit. //mxb On 31 mar 2015, at 23:17, Predrag Punosevac punoseva...@gmail.com wrote: Hi Misc, Thanks to sevral kind fox I got L2PT server to work like a charm on 5.7. I will post my configuration files in day or two as I am working on the very tight deadline. I am facing now another probably trivial problem. I would like L2PT server to serve as a web gateway to one of my websites. Namely I have something like this Internet Firewall/L2PT/Nginx insecure web using Nginx proxy insecure web2 using Nginx proxy sec web3 only available to L2PT I have problem getting web3 to be available to L2PT folks. Was trying to rdr the incomming traffic on vpn interfece tun0 address 10.0.0.1 to a host behind firewall on my private lan. It didn't work. I am tried to use nginx as proxy as declaring 10.0.0.1 to be the interface and redireting to virtual host but all I get is for nginx to push that traffic to one of the hosts web and web2 which use the same port but different non vpn address (the same physical interface with tun0) The only thing I have not done is using enc0 interface? Can somebody point me in the general direction how to solve this problem. Most Kind Regards, Predrag Punosevac
INSTALLING XFCE
hello... when i'm trying to run the following command pkg_add -Iv xfce and installing the depedencies i get an error on xfce-4.10:gnome-icon-theme-3.8.2 vm_fault (0xd5ecc880, 0xa8, 0, 1) - e kernel: page fault trap, code=0 stopped at uvm_pagecmp+0x19: movl 0x24(%eax), %ecx ddb{0} anyone knows how can i solve this problem? thanks in advanced..
differences between pk_add -u and building from source at stable
Should there be a difference if I haven't botched the source tree for /usr/ports at some point? firefox --version tells me Mozilla Firefox 31.0 (It also gives a warning about size mismatch in a couple of c++ libraries and says I should relink the program, which is part of the message it sends to the console every time I run it. I'vd been ignoring that message.) And pkg_add -u firefox just talks to itself, then says quirks-2.9 signed on 2014-08-02T11:06:132 but cd /usr/ports/www/firefox-esr make -n tells me lock=firefox-esr-31.5.3 Without the -n, it would try to install firefox 31.5.3, but break on lack of disk space for installing gcc 4.8.3. I installed gcc-4.8.3 from packages, but the make process didn't see that, and still tried to install it again. (gcc --version from the command line says 4.2.1.) I've grabbed some space on another disk, changed /etc/fstab to mount those partitions and rebuilt src and xenocara in nice roomy partitions there. (Man, putting the src tree on a separate disk sure speeds cvs updates and builds up like crazy!) /usr/ports is just sitting there after a cvs up to stable (-rOPENBSD_5_6). And I'm hesitating before building firefox from source again. Joel Rees Computer memory is just fancy paper, CPUs just fancy pens. All is a stream of text flowing from the past into the future.