Re: 5.7 upgrade question
Yeah, i read faq as well, but english is not my native lang so from time to time i just cant clearly understand what something means and prefer to ask it. Ty for help! I appreciate it so much. 2015-04-23 10:42 GMT-04:00 Raf Czlonka rczlo...@gmail.com: On Thu, Apr 23, 2015 at 03:27:15PM BST, Joseph Oficre wrote: Oh, i got it, ty for advices, friends! Im pretty new in openbsd, so that kind of questions can appear from me. Please do your homework before asking a question[0]. OpenBSD has excellent documentation - start with manual pages[1] and FAQ[2] So, if i want to run snapshots...how offten do u guys update ur previous one to newer? I just dont want to update my system every few days, ones in month would be nice tho... Provided there are no obvious bugs and you're not planning on installing any ports or packages, there's nothing stopping you from doing so - always check Following -current[3] beforehand. [0] http://www.openbsd.org/mail.html [1] http://www.openbsd.org/cgi-bin/man.cgi [2] http://www.openbsd.org/faq/ [3] http://www.openbsd.org/faq/current.html Raf
Re: 5.7 upgrade question
On Thu, Apr 23, 2015 at 03:27:15PM BST, Joseph Oficre wrote: Oh, i got it, ty for advices, friends! Im pretty new in openbsd, so that kind of questions can appear from me. Please do your homework before asking a question[0]. OpenBSD has excellent documentation - start with manual pages[1] and FAQ[2] So, if i want to run snapshots...how offten do u guys update ur previous one to newer? I just dont want to update my system every few days, ones in month would be nice tho... Provided there are no obvious bugs and you're not planning on installing any ports or packages, there's nothing stopping you from doing so - always check Following -current[3] beforehand. [0] http://www.openbsd.org/mail.html [1] http://www.openbsd.org/cgi-bin/man.cgi [2] http://www.openbsd.org/faq/ [3] http://www.openbsd.org/faq/current.html Raf
Auto-configuring clients + Xauth for ipsec (isakmpd) road warrior VPN
I am trying to provide a road warrior ipsec vpn solution using isakmpd. (The router already runs three site-to-site ipsec channels via isakmpd already.) Now able to create the channel using a psk and a static ip on the client side (no authentication other than the psk). Now I would like to auto-configure the clients (ike config pull) and allow for Mutual psk + xauth authentication. Having no any clue on how to do this ... hours of googling does not yield much useful stuff for me. Would you guys help me sort this out? Any input greatly appreciated. Yassen
Re: 5.7 upgrade question
Oh, i got it, ty for advices, friends! Im pretty new in openbsd, so that kind of questions can appear from me. So, if i want to run snapshots...how offten do u guys update ur previous one to newer? I just dont want to update my system every few days, ones in month would be nice tho... 2015-04-23 10:03 GMT-04:00 David Dahlberg david.dahlb...@fkie.fraunhofer.de : Am Donnerstag, den 23.04.2015, 09:51 -0400 schrieb Joseph Oficre: As i see http://www.openbsd.org/faq/upgrade57.html 5.7 upgrade guide is ready. So if i want to upgrade from my 5.6 release i should use bsd.rd from latest snapshot. Where did you read that, I did /not/ find this in the upgrade guide. So, can i swap it to 5.7 release package tree after may 1 without getting troubles? (cuz i dont want to update snapshots offten) Not at al. Snapshots are based on -current and thus /newer/ than the upcoming 5.7-release. If you want to follow -release or -stable, please wait until May or until you received your CD set. -- David Dahlberg Fraunhofer FKIE, Dept. Communication Systems (KOM) | Tel: +49-228-9435-845 Fraunhoferstr. 20, 53343 Wachtberg, Germany| Fax: +49-228-856277
Re: 5.7 upgrade question
On Thu, 23 Apr 2015 10:49:49 -0400 Joseph Oficre wrote: Yeah, i read faq as well, but english is not my native lang so from time to time i just cant clearly understand what something means and prefer to ask it. Ty for help! I appreciate it so much. 2015-04-23 10:42 GMT-04:00 Raf Czlonka rczlo...@gmail.com: On Thu, Apr 23, 2015 at 03:27:15PM BST, Joseph Oficre wrote: Oh, i got it, ty for advices, friends! Im pretty new in openbsd, so that kind of questions can appear from me. Please do your homework before asking a question[0]. OpenBSD has excellent documentation - start with manual pages[1] and FAQ[2] So, if i want to run snapshots...how offten do u guys update ur previous one to newer? I just dont want to update my system every few days, ones in month would be nice tho... You decide, possibly based on wanting a new package due to a feature upgrade such as STARTTLS in spamd or a security update. Do you know that http://stable.mtier.org provide updates for stable (5.7 when it comes out)?
missing snmp OID's
Hi, This should be a simple one ;) I have configured and started snmpd, and then used snmpwalk (snmpwalk -v2c -c public 127.0.0.1:161 .) to walk the oid tree, and the only branch I see is OPENBSD-PF-MIB. Tested on 5.6. I don't seem to see any output for OPENBSD-BASE-MIB.txt, OPENBSD-CARP-MIB.txt, OPENBSD-MEM-MIB.txt, OPENBSD-RELAYD-MIB (pending 5.7), and OPENBSD-SENSORS-MIB.txt. What do we need to do to enable these? Or is snmpwalk just missing them? I'm being dumb? Cheers, Andy.
httpd.conf error_page Equivalent
In nginx, for one of my servers, I would redirect a 404 by doing the following: error_page 404 /; In httpd on 5.7-stable, I'm uncertain how to do this. I tried the following, but this appears to only work with 3xx codes: block return 404 / Assuming this is possible with httpd, how can I redirect a 404? Thanks.
Re: Auto-configuring clients + Xauth for ipsec (isakmpd) road warrior VPN
On 2015-04-23, Yassen Damyanov yassen_...@yahoo.com wrote: I am trying to provide a road warrior ipsec vpn solution using isakmpd. (The router already runs three site-to-site ipsec channels via isakmpd already.) Now able to create the channel using a psk and a static ip on the client side (no authentication other than the psk). Now I would like to auto-configure the clients (ike config pull) and allow for Mutual psk + xauth authentication. Having no any clue on how to do this ... hours of googling does not yield much useful stuff for me. Would you guys help me sort this out? Any input greatly appreciated. Yassen OpenBSD isakmpd does not support xauth. There is user authentication available in IKEv2 (iked), but this is a different protocol, and you can't run it alongside isakmpd on the same machine.
Re: missing snmp OID's
On 2015-04-23, andy a...@brandwatch.com wrote: Hi, This should be a simple one ;) I have configured and started snmpd, and then used snmpwalk (snmpwalk -v2c -c public 127.0.0.1:161 .) to walk the oid tree, and the only branch I see is OPENBSD-PF-MIB. Tested on 5.6. I don't seem to see any output for OPENBSD-BASE-MIB.txt, OPENBSD-CARP-MIB.txt, OPENBSD-MEM-MIB.txt, OPENBSD-RELAYD-MIB (pending 5.7), and OPENBSD-SENSORS-MIB.txt. What do we need to do to enable these? Or is snmpwalk just missing them? I'm being dumb? Cheers, Andy. You need to start the walk from a suitable location. If no OID argument is present, snmpwalk will search the subtree rooted at SNMPv2-SMI::mib-2 (including any MIB object values from other MIB modules, that are defined as lying within this subtree). The following examples assume that you have the OpenBSD MIBs loaded (these are setup by default in the net-snmp package, but you'll need to add them yourself if querying from another OS). $ snmpwalk -v2c -c public localhost SNMPv2-MIB::sysORID SNMPv2-MIB::sysORID.1 = OID: SNMPv2-SMI::mib-2 SNMPv2-MIB::sysORID.2 = OID: IP-MIB::ip SNMPv2-MIB::sysORID.3 = OID: IP-FORWARD-MIB::ipForward SNMPv2-MIB::sysORID.4 = OID: SNMPv2-MIB::snmp SNMPv2-MIB::sysORID.5 = OID: BRIDGE-MIB::dot1dBridge SNMPv2-MIB::sysORID.6 = OID: HOST-RESOURCES-MIB::host SNMPv2-MIB::sysORID.7 = OID: IF-MIB::ifMIB SNMPv2-MIB::sysORID.8 = OID: SNMPv2-SMI::enterprises.2021.13.15 SNMPv2-MIB::sysORID.9 = OID: OPENBSD-BASE-MIB::pfMIBObjects SNMPv2-MIB::sysORID.10 = OID: OPENBSD-BASE-MIB::sensorsMIBObjects SNMPv2-MIB::sysORID.11 = OID: OPENBSD-BASE-MIB::memMIBObjects SNMPv2-MIB::sysORID.12 = OID: OPENBSD-BASE-MIB::carpMIBObjects SNMPv2-MIB::sysORID.13 = OID: SNMPv2-SMI::snmpModules.10.2.1 SNMPv2-MIB::sysORID.14 = OID: SNMPv2-SMI::snmpModules.15.1.1 $ snmpwalk -v2c -c public localhost OPENBSD-BASE-MIB::carpMIBObjects OPENBSD-CARP-MIB::carpAllow.0 = INTEGER: true(1) OPENBSD-CARP-MIB::carpPreempt.0 = INTEGER: 0 OPENBSD-CARP-MIB::carpLog.0 = INTEGER: false(2) OPENBSD-CARP-MIB::carpIfNumber.0 = INTEGER: 0 OPENBSD-CARP-MIB::carpIpPktsRecv.0 = Counter64: 0 OPENBSD-CARP-MIB::carpIp6PktsRecv.0 = Counter64: 0 OPENBSD-CARP-MIB::carpPktDiscardsForBadInterface.0 = Counter64: 0 OPENBSD-CARP-MIB::carpPktDiscardsForWrongTtl.0 = Counter64: 0 OPENBSD-CARP-MIB::carpPktShorterThanHeader.0 = Counter64: 0 OPENBSD-CARP-MIB::carpPktDiscardsForBadChecksum.0 = Counter64: 0 OPENBSD-CARP-MIB::carpPktDiscardsForBadVersion.0 = Counter64: 0 OPENBSD-CARP-MIB::carpPktDiscardsForTooShort.0 = Counter64: 0 OPENBSD-CARP-MIB::carpPktDiscardsForBadAuth.0 = Counter64: 0 OPENBSD-CARP-MIB::carpPktDiscardsForBadVhid.0 = Counter64: 0 OPENBSD-CARP-MIB::carpPktDiscardsForBadAddressList.0 = Counter64: 0 OPENBSD-CARP-MIB::carpIpPktsSent.0 = Counter64: 0 OPENBSD-CARP-MIB::carpIp6PktsSent.0 = Counter64: 0 OPENBSD-CARP-MIB::carpNoMemory.0 = Counter64: 0 OPENBSD-CARP-MIB::carpTransitionsToMaster.0 = Counter64: 0 You can use iso.org.dod.internet.private.enterprises.openBSD to show all of the vendor OIDs. And you can use snmpctl rather than Net-SNMP; e.g. $ snmpctl walk sym oid iso.org.dod.internet.private.enterprises.openBSD | head openBSD.pfMIBObjects.pfInfo.pfRunning.0=1 openBSD.pfMIBObjects.pfInfo.pfRuntime.0=74529800 openBSD.pfMIBObjects.pfInfo.pfDebug.0=3 openBSD.pfMIBObjects.pfInfo.pfHostid.0=0xb438d4c7 openBSD.pfMIBObjects.pfCounters.pfCntMatch.0=1662286 openBSD.pfMIBObjects.pfCounters.pfCntBadOffset.0=0 openBSD.pfMIBObjects.pfCounters.pfCntFragment.0=3 openBSD.pfMIBObjects.pfCounters.pfCntShort.0=2 openBSD.pfMIBObjects.pfCounters.pfCntNormalize.0=0 openBSD.pfMIBObjects.pfCounters.pfCntMemory.0=0 AFAIK the relayd support is only so that relayd can send traps, I don't think it provides anything that you can query.
Re: 5.7 upgrade question
If you are new to OpenBSD you should probably avoid running -current until you are much more familiar with everything. On Thu, Apr 23, 2015, at 10:49 AM, Joseph Oficre wrote: Yeah, i read faq as well, but english is not my native lang so from time to time i just cant clearly understand what something means and prefer to ask it. Ty for help! I appreciate it so much. 2015-04-23 10:42 GMT-04:00 Raf Czlonka rczlo...@gmail.com: On Thu, Apr 23, 2015 at 03:27:15PM BST, Joseph Oficre wrote: Oh, i got it, ty for advices, friends! Im pretty new in openbsd, so that kind of questions can appear from me. Please do your homework before asking a question[0]. OpenBSD has excellent documentation - start with manual pages[1] and FAQ[2] So, if i want to run snapshots...how offten do u guys update ur previous one to newer? I just dont want to update my system every few days, ones in month would be nice tho... Provided there are no obvious bugs and you're not planning on installing any ports or packages, there's nothing stopping you from doing so - always check Following -current[3] beforehand. [0] http://www.openbsd.org/mail.html [1] http://www.openbsd.org/cgi-bin/man.cgi [2] http://www.openbsd.org/faq/ [3] http://www.openbsd.org/faq/current.html Raf
5.7 upgrade question
Hi @misc! As i see http://www.openbsd.org/faq/upgrade57.html 5.7 upgrade guide is ready. So if i want to upgrade from my 5.6 release i should use bsd.rd from latest snapshot. It means that i need to change my packages path to snapshot one, right? So, can i swap it to 5.7 release package tree after may 1 without getting troubles? (cuz i dont want to update snapshots offten)
Re: 5.7 upgrade question
On Apr 23, 2015 4:52 PM, Joseph Oficre seran...@gmail.com wrote: Hi @misc! As i see http://www.openbsd.org/faq/upgrade57.html 5.7 upgrade guide is ready. So if i want to upgrade from my 5.6 release i should use bsd.rd from latest snapshot. It means that i need to change my packages path to snapshot one, right? So, can i swap it to 5.7 release package tree after may 1 without getting troubles? (cuz i dont want to update snapshots offten) Hi, short answer: wait until 1st of May. Regards, Ville
Re: 5.7 upgrade question
Am Donnerstag, den 23.04.2015, 09:51 -0400 schrieb Joseph Oficre: As i see http://www.openbsd.org/faq/upgrade57.html 5.7 upgrade guide is ready. So if i want to upgrade from my 5.6 release i should use bsd.rd from latest snapshot. Where did you read that, I did /not/ find this in the upgrade guide. So, can i swap it to 5.7 release package tree after may 1 without getting troubles? (cuz i dont want to update snapshots offten) Not at al. Snapshots are based on -current and thus /newer/ than the upcoming 5.7-release. If you want to follow -release or -stable, please wait until May or until you received your CD set. -- David Dahlberg Fraunhofer FKIE, Dept. Communication Systems (KOM) | Tel: +49-228-9435-845 Fraunhoferstr. 20, 53343 Wachtberg, Germany| Fax: +49-228-856277
Re: 5.7 upgrade question
On Thu, Apr 23, 2015 at 09:51:13AM -0400 or thereabouts, Joseph Oficre wrote: Hi @misc! As i see http://www.openbsd.org/faq/upgrade57.html 5.7 upgrade guide is ready. So if i want to upgrade from my 5.6 release i should use bsd.rd from latest snapshot. It means that i need to change my packages path to snapshot one, right? So, can i swap it to 5.7 release package tree after may 1 without getting troubles? (cuz i dont want to update snapshots offten) No. It will take a while for the ports and mirrors to upgrade.
Re: 5.7 upgrade question
On Thu, Apr 23, 2015 at 02:51:13PM BST, Joseph Oficre wrote: Hi @misc! Hi Joseph, As i see http://www.openbsd.org/faq/upgrade57.html 5.7 upgrade guide is ready. So if i want to upgrade from my 5.6 release i should use bsd.rd from latest snapshot. It means that i need to change my packages path to snapshot one, right? No, latest snapshot != 5.7. 5.7 has been built nearly two months ago. Current snapshots are what will eventually become 5.8. So, can i swap it to 5.7 release package tree after may 1 without getting troubles? (cuz i dont want to update snapshots offten) Wrong again - ports tree has also been frozen a while back. You'll need to wait until 5.7 appears on a mirror near you. Regards, Raf
Re: headless glass console looses colours on reboot
On 2015-04-20 Mon 11:18 AM |, Craig Skinner wrote: OK folks, Same results on a 3rd box with 5.6 release. Here's info on what various termcap entries produce: $ grep ^ttyC /etc/ttys | grep on$ ttyC0 /usr/libexec/getty std.9600 vt220 on ttyC1 /usr/libexec/getty std.9600 pccon on ttyC2 /usr/libexec/getty std.9600 pcvt25-coloron ttyC3 /usr/libexec/getty std.9600 wsvt25m on .--. |console has colours | | when monitor connected: | .---+---+-|-+| | tty | printenv TERM | tput colors | before boot | after boot | |---|---|-|-|| | ttyC0 | vt220 | -1 | no | no | |---|---|-|-|| | ttyC1 | pccon | 8 | yes | no | |---|---|-|-|| | ttyC2 | pcvt25-color | 8 | yes | no | |---|---|-|-|| | ttyC3 | wsvt25m | 8 | yes | no | '---+---+-+-+' Is there something in the boot process that enables console colours if a monitor is connected? Is the kernel behaviour different on boot with/without a monitor present? Cheers. -- I'd rather have a bottle in front of me than a frontal lobotomy.
Re: headless glass console looses colours on reboot
On 04/23/15 04:34, Craig Skinner wrote: ... Is there something in the boot process that enables console colours if a monitor is connected? on some video cards, yes. I haven't seen this in a while (and I'm trusting my memory more than I should), but on some older systems, back in the day of monochrome VGA monitors, the monochrome monitor only connected to the green video line. If the card saw no load on the red and blue lines, it would assume a monochrome monitor, and operate in monochrome mode only. I do recall having soldered a few 75ohm resistors in a mechanical KVM switch box to persuade the video card that there really was a monitor attached when there wasn't. No idea if that could be reset in software. And it's been a loong time since I've seen (or noticed?) this behavior, so I suspect it isn't a common issue now. To be honest, I can't say if it is due to modern video cards being different, modern KVM boxes being smarter, the almost complete elimination of monochrome monitors, or the fact that when I run text, I don't care about color. Is the kernel behaviour different on boot with/without a monitor present? On new DRM capable cards, yes. And, looking at your dmesg ... oh wait, you haven't provided us one. Nick.