Re: Supermicro X11SSL-F freezes probing USB 3
On Wed, Mar 30, 2016 at 03:34:25PM -0400, Sonic wrote: > Ahha! Who would have thought... com0 was the ticket. Thanks much! Sweet, glad to hear you got it working. Usually the IPMI SOL comes after the physical serial ports, I've never seen it be the first one. But hey, it's Dell :). Maybe now that 5.9 is out (a month early, nice, just in time for my new box) one of the devs will have time to take a look at the skylake usb 3 issues.
Re: Supermicro X11SSL-F freezes probing USB 3
On Tue, Mar 29, 2016 at 10:46:15PM -0400, Sonic wrote: > The IPMI is part of Dell's iDRAC stuff and the only thing I've found [...] > may be the iDRAC license level as well, anything above the "basic" > level, providing a limited feature set, requires purchasing a license Eeew. We've got some HP gear that requires an extra cost license to make the remote kvm gui head work past the bootloader which is ridiculous (but technically, I don't think remote kvm is part of the base IPMI standard), but the IPMI SOL serial port??? That's just crazy. I've never used Dell and never will for servers; desktops/notebooks, sure, but servers? Nah. Sun gear was pretty good until Oracle killed them off, we used IBM for a while until they sold it off to Lenovo and policy wouldn't let us buy from a non-US company (like the gear itself doesn't come from China anyway). Right now we're using HP at my dayjob and it's working out ok. I pretty much use supermicro for personal gear and sidejobs, it's generally good stuff. At least my IPMI SOL port works :). Good luck :).
Re: OT: True hardware UNIX terminal
On Mar 30, 2016 4:29 PM, "Mihai Popescu" wrote: > > I can see now why our keyboards are using Ctrl key, PgUp, PgDn, or why > the serial port is so close programmed using terminal terminology. > > Thank you and please excuse me for the OT. > I still have IBM 122-key keyboards lying around from working in government buildings and ripping out old terminals. Quite an education, as was this thread!
Re: Syntax error in pf rules
Hi there, >--- jub...@fastmail.com wrote: > >From: Jubjub Jenkins >To: Adam Smith >Cc: misc@openbsd.org >Subject: Re: Syntax error in pf rules >Date: Wed, 30 Mar 2016 11:25:12 -0700 > > >The list owners are fascist anarchists and deem your "democracy" as >bourgeois. It's good to know that and that you're one of the fascists raving and demonstrating against poor Syrian refugees from war-torn Syria who are trying to find refuge in Europe. People in the Linux community have warned me that there are far-right people with extremist views hiding within the OpenBSD community. I won't be surprised if you subscribe to the views of Greece's "Golden Dawn", Netherlands' "Partij voor de Vrijheid" and Germany's "Pegida" and Moreover your writing strongly indicates you're an Islamophobe as well. In the meantime, please continue to be pro-fascist, anti-democratic and Islamophobic in whatever you do. http://www.DCpages.com
Re: Syntax error in pf rules
> I know. Do you have proof that I hadn't put in my minimum effort > before jumping to conclusions? Please stop picking fights with people. The best approach is to leave the list.
Re: Syntax error in pf rules
Are you the owner of misc@openbsd.org? Who was trying to pick fights with me first? Have you investigated? I feel sad for you and your OpenBSD project. Since its inception how much has the OpenBSD community grown? How much funds are there presently in your coffers? In comparison FreeBSD has millions of fans and its foundation has received millions in donations from its members. >--- dera...@cvs.openbsd.org wrote: > >From: Theo de Raadt >To: ken...@dcemail.com >cc: "Raf Czlonka" , marko.cu...@mimar.rs, misc@openbsd.org >Subject: Re: Syntax error in pf rules >Date: Wed, 30 Mar 2016 20:39:57 -0600 > >> I know. Do you have proof that I hadn't put in my minimum effort >> before jumping to conclusions? >> >Please stop picking fights with people. > >The best approach is to leave the list. http://www.DCpages.com
Re: OpenBSD misc
Hi Jubjub Jenkins, That's your name, isn't it? Or it's just a pseudonym behind which you hide all your hatred towards humanity? If you're the person in charge of misc@openbsd.org, just ban me from posting to it. Adam >--- jub...@fastmail.com wrote: > >From: Jubjub Jenkins >To: ken...@dcemail.com >Subject: OpenBSD misc >Date: Wed, 30 Mar 2016 10:48:14 -0700 > >Hi there, > >Please stop posting to the OpenBSD-misc list. > >Thank you, > >JJ http://www.DCpages.com
Re: Syntax error in pf rules
>--- rczlo...@gmail.com wrote: > >From: Raf Czlonka >To: Adam Smith >Cc: Marko Cupać , misc@openbsd.org >Subject: Re: Syntax error in pf rules >Date: Wed, 30 Mar 2016 20:10:37 +0100 > > > >Well, OpenBSD mailing lists have their own netiquette[0] so it would >be nice if one did one's homework before posting such basic questions. Do you've proof that I hadn't done my homework before posting basic questions? >Documentation (manual pages[1] and the FAQ[2]) is there for a reason >and people work hard to write it all down and keep it up to date. I couldn't find the answers to that particular question that I had asked in the manual pages and the FAQ. >Minimum effort is a requirement. I know. Do you have proof that I hadn't put in my minimum effort before jumping to conclusions? Regards. Adam http://www.DCpages.com
Re: L2TP/IPSec via npppd won't work with Android 6.0.1
Thank you! I will try this. I have confirmed it wasn't due to last year's OpenBSD 5.7 to 5.8 upgrade as I built a VM with 5.7 using same settings and get exactly the same behavior. This was triple confirmed by being able to connect with iOS on an iPhone, Windows 10, Chromebook (with md5 hmacs only) and even a tablet running an older version of Android. Here is the link to the bug if anyone is interested. But I will try the workaround offered by Yasuoka. In the mean time, I have confirmed there is a Google Android bug reported (by many people) confirming this is actually an issue with Android not OpenBSD (or the myriad other VPN routers listed in the bug report). Though I very much appreciate understanding the underlying reason as like Mattieu said, tweaking ipsec.conf for 3 days yielded no solution. https://code.google.com/p/android/issues/detail?id=196939 Thanks again! Sly On 03/30/2016 02:18 AM, YASUOKA Masahiko wrote: > On Tue, 29 Mar 2016 11:37:14 +0200 > Mattieu Baptiste wrote: >> On Tue, Mar 29, 2016 at 5:43 AM, Sly Midnight wrote: >>> I don't mean to bring up an old thread, but I was wondering if anyone >>> else was experiencing issues with OpenBSD 5.8 and Android 6.0.1 >>> (preferably the version on the Nexus line of devices) connecting to >>> ipsec/l2tp. >>> >>> I had this working late last year some time and hadn't used it in a few >>> months. When I went to use it again a few days ago it didn't work at >>> all. After rebooting my phone and even trying it on my tablet that >>> coincidentally runs the exact same version of stock Android 6.0.1, it >>> too didn't work there. >> I have the very same problem. >> To me, It's caused by some Android updates. I saw this since 6.0, but >> some security updates near 5.1.1 seems to trigger the same behavior. >> I've tried to tweak ipsec.conf like you without luck. Unfortunately, I >> did not have the time to dig further... > My colleague and I also hit this issue. > > This issue is caused by Android, it sends ESP packets with wrong > padding size when SHA2-256 is selected for HMAC. It seems that > Android is using an old ietf draft for SHA2-256, but OpenBSD is using > RFC 4868. > > When the issue occurs, > > XXX packets with bad payload size or padding received > > counter in "netstat -sp esp" will be incremented. > > We can force using MD5 or SHA for HMAC to workaround this issue. To > do this, put the text below to /etc/isakmpd/isakmpd.policy and remove > "-K" from isakmpd_flags. > > Authorizer: "POLICY" > Comment: This is test > Licensees: "passphrase:PASSPHRASE" > conditions: app_domain == "IPsec policy" && doi == "ipsec" && esp_present > == "yes" && (esp_auth_alg == "hmac-md5" || esp_auth_alg == "hmac-sha") -> > "true"; > > --yasuoka
Re: OT: True hardware UNIX terminal
On 16-03-30 03:07 AM, Sean Kamath wrote: Still using a Wyse (50?) on my Ultrasparc 80. In college, we had these weird DEC PC’s that we used as VT100 compatible terminals. That would either have been a DEC Rainbow, which was a hybrid-dual-processor 8088/Z80 machine that ran MS/DOS, CP/M *and* had a full-blown VT220 emulator in ROM, or a VT180 "Robin" which was basically a (Z80-based) VT102/VT103 with enough memory (i.e. 64k) to run CP/M off the attached floppy drives. I had a Rainbow, which is in *many* ways an architecturally fascinating machine, during the late '80s/early '90s as my primary PC. I also had a Northern Telecom Displayphone, and then later a DisplayPhone II, for those of you with a perverse bent for terminal history. Of course, I'm also the author of at least five termcap(5)/terminfo(5) entries, some of which have not yet been superseded by better definitions in the ncurses master list... so naturally I had some really f*ing weird terminals at various points in my life. I wish I could remember what the name was of the "portable" terminal I once had - off-white (of course), looked like a Buck Rogers spaceship (pointy cylinder) in profile, and the entire front two inches of it unsnapped to become the keyboard kind of like an Osborne... -Adam
Re: OT: True hardware UNIX terminal
Thank you all for the answers. I can say I got the idea of what a terminal was back then. Reading all your posts and searching again on web using the mentioned keywords move away any if not all of my confusions about "terminals". I can see now why our keyboards are using Ctrl key, PgUp, PgDn, or why the serial port is so close programmed using terminal terminology. Thank you and please excuse me for the OT.
Re: Mouse click problems with firefox and firefox-esr
Le 2016-03-30 20:23, Nick a écrit : Hello, I have tried both firefox and firefox-esr in both OpenBSD 5.8 and 5.9 and can say that there are issues with the mouse not picking up 10-15% of my clicks, sometimes having to click a good 3 times or more for it to actually work correctly! When I select and drag text, it can randomly un-select it as if I have let go of the mouse and clicked elsewhere.. Just all sorts of stangeness. I never have a problem with moving the mouse cursor though. To say it's a nuisance is a bit of an understatement as I am now having to use chromium - which I detest, being a keen avoider of any google pish. For extra info, I am using XFCE. Does anyone have this issue? What is going on? Thanks Hello, I can't reproduce this issue on my systems and I have never seen something of this kind. Do you experience problem with both left and right clicks ? Is it only on links ? Can you try firefox in safe mode ? How do you start xfce ? Instead of Chrome you can also use Xombrero while you figure out about your click problem. Kind regards Solène
Re: faq12.html
> From: "Nick Holland" > To: "misc" > Sent: Wednesday, March 30, 2016 12:14:23 PM > Subject: Re: faq12.html > On 03/30/16 08:49, Theo Buehler wrote: > >> -The Zaurus has very little current available on its USB port, so many > >> +The Zaurus has very little currently available on its USB port, so many > > electrical current? > both what is there and "electrical current" are/would be precisely > correct, but "power" might be a more understood word. > Nick. I must admit that was a bit of helicopter editing on my part, so it caught me off guard. Changing "little" to "low" would solve any ambiguity. I am embarrassed to say that I studied electrical circuits way back when...
Re: Syntax error in pf rules
On 30/03/16 17:05, Adam Smith wrote: Hi Marko In the rule below: vpnip="{72.201.193.25,84.211.50.249,77.90.247.88,118.157.115.10,218.147.117.236}" a. Must there be a space each before and after the = sign? b. Must there be a space after the opening curly bracket and before the first IP address? c. Must there be a space after the comma and before the next IP address? d. Must there be a space after the last IP address and before the closing curly bracket? Thanks in advance for your clarification. Regards. Adam You can always test your config before applying it. So, very easy to check it yourself. pfctl -nf /etc/pf.conf man pf G
Re: faq12.html
On 03/30/16 08:49, Theo Buehler wrote: -The Zaurus has very little current available on its USB port, so many +The Zaurus has very little currently available on its USB port, so many electrical current? both what is there and "electrical current" are/would be precisely correct, but "power" might be a more understood word. Nick.
Mouse click problems with firefox and firefox-esr
Hello, I have tried both firefox and firefox-esr in both OpenBSD 5.8 and 5.9 and can say that there are issues with the mouse not picking up 10-15% of my clicks, sometimes having to click a good 3 times or more for it to actually work correctly! When I select and drag text, it can randomly un-select it as if I have let go of the mouse and clicked elsewhere.. Just all sorts of stangeness. I never have a problem with moving the mouse cursor though. To say it's a nuisance is a bit of an understatement as I am now having to use chromium - which I detest, being a keen avoider of any google pish. For extra info, I am using XFCE. Does anyone have this issue? What is going on? Thanks
Re: Supermicro X11SSL-F freezes probing USB 3
On Tue, Mar 29, 2016 at 5:55 PM, Stuart Henderson wrote: > Make sure it's set to stop redirecting after boot in BIOS, then when > you hit the boot-loader, you should be able to 'stty com0 ' and > 'set tty com0'. Ahha! Who would have thought... com0 was the ticket. Thanks much! Chris
Re: Syntax error in pf rules
On Wed, Mar 30, 2016 at 04:47:03PM BST, Adam Smith wrote: > Hi Marko > > Thank you for your detailed clarification. I really benefited from it. > > >--- marko.cu...@mimar.rs wrote: > > > >From: Marko Cupać > >To: "Adam Smith" > >Cc: > >Subject: Re: Syntax error in pf rules > >Date: Wed, 30 Mar 2016 16:53:38 +0200 > > > > > > > >There. I hope by posting this I didn't turn openbsd's misc@ into > >askubuntu :) > > Does it matter if misc@openbsd.org is an askubuntu of sorts? > > I hope the person(s) in charge of this mailing list believes in > democracy and freedom of speech and expression, provided that > questions asked in the list pertain to OpenBSD and how to use it. > > If people here are offended because they find my questions to be > noobish, elementary, etc...they are welcome to press the "Delete" > key to trash it. Hi Adam, Well, OpenBSD mailing lists have their own netiquette[0] so it would be nice if one did one's homework before posting such basic questions. Documentation (manual pages[1] and the FAQ[2]) is there for a reason and people work hard to write it all down and keep it up to date. Minimum effort is a requirement. > Just so you know when I graduated from high school back in the > early 70s, the personal computer, the pager or beeper, mobile or > cell phone, internet, smartphones, Microsoft Windows, Mac OS, Linux, > OpenBSD weren't invented yet. And in those days computing or IT > wasn't taught in the high school curriculum. Being an "old-timer" is not excuse for being a bit lazy ;^) > Regards. > > Adam > http://www.DCpages.com Regards, Raf [0] http://www.openbsd.org/mail.html [1] http://man.openbsd.org/ [2] http://www.openbsd.org/faq/
Re: Socklog on OpenBSD -current
On 3/29/16 5:42 PM, Stuart Henderson wrote: > On 2016-03-29, Jeff Ross wrote: >> Greetings all! >> >> I've been away from OpenBSD for a while and for sure I've missed more >> than a few things. Just updated a firewall in anticipation of upgrading >> my server but there are things that have changed. >> >> What has me puzzled now is the change to syslogd. For literally years >> I've run socklog from ports to replace the stock syslog with no problems >> but now it simply doesn't work on 5.9 -current. >> >> My former installations of socklog all listen to /dev/log but when I >> couldn't get anything to work listening there I switched to listening to >> 0.0.0.0:514 but still no joy. >> >> If anyone out there is using socklog, or possibly any alternative to >> syslog, I'd sure appreciate a clue by four to get socklog running again. > OpenBSD's syslog functions now use sendsyslog(2) which doesn't use > /dev/log sockets any more. > > Here is where syslogd was modified to do things this way: > http://anoncvs.spacehopper.org/openbsd-src/commit/?id=c40e16771993e74275857863c928d7f9cffe3699 > - it's probably not all that complex to convert other logging daemons, > but afaik nobody has yet felt the need to do this for any of the > alternative log daemons in ports. > > If you don't want to write code and want to stick with socklog, > the easiest way is probably a minimal syslogd(8) setup that > forwards everything via UDP. > Hi Stuart, Could you please clarify something to me? I am running a centralized logging server using syslog-ng from the ports. The way I read your e-mail is that I will no longer be able to log messages using syslog-ng from the local host but the port will continue to work as expected. Would I be able to run syslogd for the local host and syslog-ng for remote hosts simultaneously? IIRC I saw people posting on misc who were doing that in the past but I think when I played with it syslog-ng didn't want to start until I turned off syslogd. How suitable is syslogd from the base as a centralized logging server. I know that it supports TCP and TLS now but does it play well with rsyslog or syslog-ng? I have bunch of Linux servers to log. Thanks, Predrag
Re: Syntax error in pf rules
On Wed, Mar 30, 2016, at 08:47 AM, Adam Smith wrote: > Does it matter if misc@openbsd.org is an askubuntu of sorts? > Yes, first off you have to understand that Ubuntu is geared towards the retard market that is why most of their userbase are refereed to as "Ubuntards". As such, askubuntu is for people that don't want to learn or read manuals they simply just want to be spoonfed answers from anonymous drones. Ubuntu's "dad" actually escaped into space to avoid all the 'tards asking questions about video cards and such. There is no askubuntu in space. This mailing list is for users who actually try to figure things out on their own so they can provide useful information and help, not just "Oh Ah-dumb, you forgot to do this!!!" > I hope the person(s) in charge of this mailing list believes in democracy > and freedom of speech and expression, provided that questions asked in > the list pertain to OpenBSD and how to use it. The list owners are fascist anarchists and deem your "democracy" as bourgeois. > If people here are offended because they find my questions to be noobish, > elementary, etc...they are welcome to press the "Delete" key to trash it. We are offended because you think you can just dump a bunch of silly questions on us in the hope that we'll just answer 'em for ya instead of you reading the manuals or trying to figure it out on your own. > Just so you know when I graduated from high school back in the early 70s, > the personal computer, the pager or beeper, mobile or cell phone, > internet, smartphones, Microsoft Windows, Mac OS, Linux, OpenBSD weren't > invented yet. And in those days computing or IT wasn't taught in the high > school curriculum. No one cares, and this is not a good excuse for not trying. When I was young there were no computers so I had to program in raw electricity. I would keep the stack inside a bag of potatoes (they were called starch beans then) and the heap on a blackboard but of course, no one cares about that here. Yours in Christ, JJ
Re: Syntax error in pf rules
Hi Marko In the rule below: vpnip="{72.201.193.25,84.211.50.249,77.90.247.88,118.157.115.10,218.147.117.236}" a. Must there be a space each before and after the = sign? b. Must there be a space after the opening curly bracket and before the first IP address? c. Must there be a space after the comma and before the next IP address? d. Must there be a space after the last IP address and before the closing curly bracket? Thanks in advance for your clarification. Regards. Adam >--- marko.cu...@mimar.rs wrote: > >From: Marko Cupać >To: misc@openbsd.org >Cc: >Subject: Re: Syntax error in pf rules >Date: Wed, 30 Mar 2016 10:02:40 +0200 > > >As a side note, commas in pf macros appear to be optional. I prefer not >to have them - they don't make rules more readable while consuming >character space. http://www.DCpages.com
Re: Rails and OpenSSL root certs
Thank you so much! Murk On Wed, Mar 30, 2016 at 6:02 PM, joshua stein wrote: > On Wed, 30 Mar 2016 at 17:34:16 +0200, Murk Fletcher wrote: > > Anybody here using http://rails-assets.org (to simplify JavaScript > assets > > in Rails) and know how to prevent the following error? > > > > Simply renaming "https" to "http" makes no difference. > > > > % bundle install > > Fetching source index from https://rails-assets.tenex.tech/ > > Retrying source fetch due to error (2/3): > > Bundler::Fetcher::CertificateFailureError Could not verify the SSL > > certificate for https://rails-assets.tenex.tech/. > > It looks like that site is using Let's Encrypt, and LE's > cross-signing root was added to /etc/ssl/cert.pem 9 months ago. > You could just fetch an updated version and install it there, which > Ruby is looking at. > > > http://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/src/lib/libcrypto/cert.pem?rev=1.11&content-type=text/plain
Re: Rails and OpenSSL root certs
On Wed, 30 Mar 2016 at 17:34:16 +0200, Murk Fletcher wrote: > Anybody here using http://rails-assets.org (to simplify JavaScript assets > in Rails) and know how to prevent the following error? > > Simply renaming "https" to "http" makes no difference. > > % bundle install > Fetching source index from https://rails-assets.tenex.tech/ > Retrying source fetch due to error (2/3): > Bundler::Fetcher::CertificateFailureError Could not verify the SSL > certificate for https://rails-assets.tenex.tech/. It looks like that site is using Let's Encrypt, and LE's cross-signing root was added to /etc/ssl/cert.pem 9 months ago. You could just fetch an updated version and install it there, which Ruby is looking at. http://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/src/lib/libcrypto/cert.pem?rev=1.11&content-type=text/plain
Re: Socklog on OpenBSD -current
On 3/29/16 5:42 PM, Stuart Henderson wrote: On 2016-03-29, Jeff Ross wrote: Greetings all! I've been away from OpenBSD for a while and for sure I've missed more than a few things. Just updated a firewall in anticipation of upgrading my server but there are things that have changed. What has me puzzled now is the change to syslogd. For literally years I've run socklog from ports to replace the stock syslog with no problems but now it simply doesn't work on 5.9 -current. My former installations of socklog all listen to /dev/log but when I couldn't get anything to work listening there I switched to listening to 0.0.0.0:514 but still no joy. If anyone out there is using socklog, or possibly any alternative to syslog, I'd sure appreciate a clue by four to get socklog running again. OpenBSD's syslog functions now use sendsyslog(2) which doesn't use /dev/log sockets any more. Here is where syslogd was modified to do things this way: http://anoncvs.spacehopper.org/openbsd-src/commit/?id=c40e16771993e74275857863c928d7f9cffe3699 - it's probably not all that complex to convert other logging daemons, but afaik nobody has yet felt the need to do this for any of the alternative log daemons in ports. If you don't want to write code and want to stick with socklog, the easiest way is probably a minimal syslogd(8) setup that forwards everything via UDP. Thank you, Stuart! As always, you've been very helpful. For now I'll stick to forwarding and play with the code as time permits. Jeff
Re: Syntax error in pf rules
Hi Marko Thank you for your detailed clarification. I really benefited from it. >--- marko.cu...@mimar.rs wrote: > >From: Marko Cupać >To: "Adam Smith" >Cc: >Subject: Re: Syntax error in pf rules >Date: Wed, 30 Mar 2016 16:53:38 +0200 > > > >There. I hope by posting this I didn't turn openbsd's misc@ into >askubuntu :) Does it matter if misc@openbsd.org is an askubuntu of sorts? I hope the person(s) in charge of this mailing list believes in democracy and freedom of speech and expression, provided that questions asked in the list pertain to OpenBSD and how to use it. If people here are offended because they find my questions to be noobish, elementary, etc...they are welcome to press the "Delete" key to trash it. Just so you know when I graduated from high school back in the early 70s, the personal computer, the pager or beeper, mobile or cell phone, internet, smartphones, Microsoft Windows, Mac OS, Linux, OpenBSD weren't invented yet. And in those days computing or IT wasn't taught in the high school curriculum. Regards. Adam http://www.DCpages.com
Rails and OpenSSL root certs
Hi! Anybody here using http://rails-assets.org (to simplify JavaScript assets in Rails) and know how to prevent the following error? Simply renaming "https" to "http" makes no difference. % bundle install Fetching source index from https://rails-assets.tenex.tech/ Retrying source fetch due to error (2/3): Bundler::Fetcher::CertificateFailureError Could not verify the SSL certificate for https://rails-assets.tenex.tech/. There is a chance you are experiencing a man-in-the-middle attack, but most likely your system doesn't have the CA certificates needed for verification. For information about OpenSSL certificates, see bit.ly/ruby-ssl. To connect without using SSL, edit your Gemfile sources and change 'https' to 'http'. Retrying source fetch due to error (3/3): Bundler::Fetcher::CertificateFailureError Could not verify the SSL certificate for https://rails-assets.tenex.tech/. There is a chance you are experiencing a man-in-the-middle attack, but most likely your system doesn't have the CA certificates needed for verification. For information about OpenSSL certificates, see bit.ly/ruby-ssl. To connect without using SSL, edit your Gemfile sources and change 'https' to 'http'. Could not verify the SSL certificate for https://rails-assets.tenex.tech/. There is a chance you are experiencing a man-in-the-middle attack, but most likely your system doesn't have the CA certificates needed for verification. For information about OpenSSL certificates, see bit.ly/ruby-ssl. To connect without using SSL, edit your Gemfile sources and change 'https' to 'http'. In FreeBSD I can `pkg install ca_root_nss`, but what about OpenBSD? Many thanks! Murk
Re: Syntax error in pf rules
On Wed, 30 Mar 2016 07:05:56 -0700 "Adam Smith" wrote: > Hi Marko > > In the rule below: > > vpnip="{72.201.193.25,84.211.50.249,77.90.247.88,118.157.115.10,218.147.117.2 36}" > > > a. Must there be a space each before and after the = sign? > b. Must there be a space after the opening curly bracket and before > the first IP address? c. Must there be a space after the comma and > before the next IP address? d. Must there be a space after the last > IP address and before the closing curly bracket? Adam, all those are easy to test, but as I still remember lack of confidence back in time when I was setting it up for the first time, but also warm atmosphere and helpfulness of misc@ list back in a day, here you go: a. Spaces are not required before and after the = sign, but I usually do the alignment using spaces for the purpose of readability, such as: users = "{ 192.0.2.1 192.0.2.2 192.0.2.3 }" developers = "{ 192.0.2.1 192.0.2.2 192.0.2.3 }" ldap = "{ 389 636 3268 3269 }" b. Spaces are not mandatory after the curly bracket and first ip address, but I prefer to have them for the purpose of readability, as in example above. c. Spaces after commas, before next ip addresses are not mandatory. However, I prefer to ditch commas entirely, separating ip addresses only with spaces as in example above. d. Not mandatory, but nice to have IMHO. Finally, `pfctl -nf' is your friend for testing ruleset before applying it. In case you typed something incorrectly, it will spill syntax error along with bad line numbers. If you are comfortable with vi, you can jump to offending line by typing `:' (eg. `:55') in command (default) mode. If not, you can paste complete ruleset into editor you are comfortable with, which has line numbering (my favourite is xfce's mousepad) and double-check offending line. Once you have zero output of `pfctl -nf', load the ruleset with `pfctl -f'. There. I hope by posting this I didn't turn openbsd's misc@ into askubuntu :) -- Before enlightenment - chop wood, draw water. After enlightenment - chop wood, draw water. Marko Cupać https://www.mimar.rs/
Re: faq12.html
> From: "Theo Buehler" > To: "misc" > Sent: Wednesday, March 30, 2016 8:50:20 AM > Subject: Re: faq12.html > > -The Zaurus has very little current available on its USB port, so many > > +The Zaurus has very little currently available on its USB port, so many > electrical current? > > USB devices will not work if they are directly attached to it. > > You will need to use a powered USB hub to run these devices. Yes, my mistake. Sorry for the noise.
Re: faq12.html
On Wed, Mar 30, 2016 at 8:41 AM, Rob Pierce wrote: > For your consideration. Looks to me like the original was talking about current, as in amperes; as evidenced by the subsequent sentence about the need for a powered USB hub to run devices that don't work when directly attached. I don't think your change is correct. > > Index: faq12.html > === > RCS file: /cvs/www/faq/faq12.html,v > retrieving revision 1.125 > diff -u -p -r1.125 faq12.html > --- faq12.html 29 Mar 2016 01:27:39 - 1.125 > +++ faq12.html 30 Mar 2016 12:30:48 - > @@ -662,7 +662,7 @@ on SIMH page. > > 12.7.1 - USB devices aren't working properly > > -The Zaurus has very little current available on its USB port, so many > +The Zaurus has very little currently available on its USB port, so many > USB devices will not work if they are directly attached to it. > You will need to use a powered USB hub to run these devices.
Re: faq12.html
In this case 'current' is referring to amperage. The existing use is correct. On 2016 Mar 30 (Wed) at 08:41:41 -0400 (-0400), Rob Pierce wrote: :For your consideration. : :Index: faq12.html :=== :RCS file: /cvs/www/faq/faq12.html,v :retrieving revision 1.125 :diff -u -p -r1.125 faq12.html :--- faq12.html 29 Mar 2016 01:27:39 - 1.125 :+++ faq12.html 30 Mar 2016 12:30:48 - :@@ -662,7 +662,7 @@ on SIMH page. : : 12.7.1 - USB devices aren't working properly : :-The Zaurus has very little current available on its USB port, so many :+The Zaurus has very little currently available on its USB port, so many : USB devices will not work if they are directly attached to it. : You will need to use a powered USB hub to run these devices. : -- Fortune's Office Door Sign of the Week: Incorrigible punster -- Do not incorrige.
Re: faq12.html
> -The Zaurus has very little current available on its USB port, so many > +The Zaurus has very little currently available on its USB port, so many electrical current? > USB devices will not work if they are directly attached to it. > You will need to use a powered USB hub to run these devices.
Re: faq12.html
-The Zaurus has very little current available on its USB port, so many +The Zaurus has very little currently available on its USB port, so many Actually it is current: Low amps.
Re: faq12.html
On Wed, 30 Mar 2016, Rob Pierce wrote: > For your consideration. > > Index: faq12.html > === > RCS file: /cvs/www/faq/faq12.html,v > retrieving revision 1.125 > diff -u -p -r1.125 faq12.html > --- faq12.html29 Mar 2016 01:27:39 - 1.125 > +++ faq12.html30 Mar 2016 12:30:48 - > @@ -662,7 +662,7 @@ on SIMH page. > > 12.7.1 - USB devices aren't working properly > > -The Zaurus has very little current available on its USB port, so many > +The Zaurus has very little currently available on its USB port, so many > USB devices will not work if they are directly attached to it. > You will need to use a powered USB hub to run these devices. "current" as in electricity.
FAQ - part 6.2.2 notice about dhcp/rtsol and mygate
Hello, I think it will be good to add notice from mygate man page to FAQ about default gateway configuration. Here is diff: Index: faq6.html === RCS file: /cvs/www/faq/faq6.html,v retrieving revision 1.361 diff -u -p -r1.361 faq6.html --- faq6.html 29 Mar 2016 01:27:39 - 1.361 +++ faq6.html 30 Mar 2016 12:20:17 - @@ -291,6 +291,12 @@ You can't assume things like the resolve In other words, it had better be an IP address or something that is defined in the /etc/hosts file. + +/etc/mygate is processed after all interfaces have been configured. If +any http://man.openbsd.org/?query=hostname.if";>hostname.if(5) files contain "dhcp" directives, IPv4 entries in +/etc/mygate will be ignored. If they contain "rtsol" directives, IPv6 +entries will be ignored. + 6.2.3 - DNS Resolution DNS resolution is controlled by the file
faq12.html
For your consideration. Index: faq12.html === RCS file: /cvs/www/faq/faq12.html,v retrieving revision 1.125 diff -u -p -r1.125 faq12.html --- faq12.html 29 Mar 2016 01:27:39 - 1.125 +++ faq12.html 30 Mar 2016 12:30:48 - @@ -662,7 +662,7 @@ on SIMH page. 12.7.1 - USB devices aren't working properly -The Zaurus has very little current available on its USB port, so many +The Zaurus has very little currently available on its USB port, so many USB devices will not work if they are directly attached to it. You will need to use a powered USB hub to run these devices.
Re: sasyncd fails to start on system boot
Applying the patch has solved the issue. Thx a lot! - Original Message - > From: "Otto Moerbeek" > To: "Bornkessel, Bernd" > Cc: misc@openbsd.org > Sent: Wednesday, March 30, 2016 7:58:48 AM > Subject: Re: sasyncd fails to start on system boot > On Wed, Mar 30, 2016 at 07:52:01AM +0200, Bornkessel, Bernd wrote: > >> Thank you for your response. >> Currently I'm running 5.8-stable. > > The fix wasn't commited to -stable, > > In 5.8-stabke you could apply the fix below, > > http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/sasyncd/carp.c.diff?r1=1.13&r2=1.14&f=h > > But 5.9 would be better. It is out since yesterday > > -Otto
Re: OT: True hardware UNIX terminal
Sent from my WIKO PULP 4G Le 30 mars 2016 10:07, Sean Kamath a écrit : > > Still using a Wyse (50?) on my Ultrasparc 80. > > In college, we had these weird DEC PC’s that we used as VT100 compatible > terminals. > > There were so many. The VT100 was the prototype what XTerm emulated. > > Sean > > > On Mar 29, 2016, at 5:18 AM, Nick Holland > wrote: > > Some things to search for: > > * DEC VT100 (a terminal that still influcences the standards today) > > * DEC VT52 (a terminal with an easier to understand command set) > > * ADM3A (a terminal that was old when the DEC vt100 came out) > > * DECwriter (printing terminal. DECwriter II was a beautiful machine) > > * TI Silent 700 ("home oriented" printing terminal. At the time, in the > > US, it was illegal to attach non-telephone company equipment to the > > telephone company's phone lines...) > > * ASCII (the non-IBM standard character coding system) > > * EBCDIC (the IBM standard) > > * ASR33 (one of the earliest printing terminals. And why we use > > "TTY" today in the Unix world! If you wonder why unix commands are so > > short, imagine typing on this...) > > * Tektronix 4010 (In case you thought terminals were dull and graphics > > free...and I suspect a LOT of people who have been rolling their eyes at > > everything I've said up to now will have their eyes bug out a bit when > > they figure out how these things work) > > > > Anything more than that (and probably a lot less than that), probably > > best to ask me off list. :) (and yes, I've glossed over and simplified > > a few things here) > > > > Nick. > You may have also a look at the ncd 88k terminal which was also a very common terminal. Wikipedia has a small article about this at "X terminal". Éric
Re: OT: True hardware UNIX terminal
Still using a Wyse (50?) on my Ultrasparc 80. In college, we had these weird DEC PC’s that we used as VT100 compatible terminals. There were so many. The VT100 was the prototype what XTerm emulated. Sean > On Mar 29, 2016, at 5:18 AM, Nick Holland wrote: > Some things to search for: > * DEC VT100 (a terminal that still influcences the standards today) > * DEC VT52 (a terminal with an easier to understand command set) > * ADM3A (a terminal that was old when the DEC vt100 came out) > * DECwriter (printing terminal. DECwriter II was a beautiful machine) > * TI Silent 700 ("home oriented" printing terminal. At the time, in the > US, it was illegal to attach non-telephone company equipment to the > telephone company's phone lines...) > * ASCII (the non-IBM standard character coding system) > * EBCDIC (the IBM standard) > * ASR33 (one of the earliest printing terminals. And why we use > "TTY" today in the Unix world! If you wonder why unix commands are so > short, imagine typing on this...) > * Tektronix 4010 (In case you thought terminals were dull and graphics > free...and I suspect a LOT of people who have been rolling their eyes at > everything I've said up to now will have their eyes bug out a bit when > they figure out how these things work) > > Anything more than that (and probably a lot less than that), probably > best to ask me off list. :) (and yes, I've glossed over and simplified > a few things here) > > Nick.
Re: Syntax error in pf rules
On Tue, 29 Mar 2016 08:45:11 -0700 "Adam Smith" wrote: > Hi guys > > I have a syntax error in my pf rules. I hope you can help me fix it. > > Thanks. > > Adam > > > > -snippet of my pf rules- > > #This is where I change or add different IP addresses of VPN gateways > > vpnip="77.90.247.88, 112.119.192.26, 85.95.253.145, 31.210.111.78, > 66.85.14.205, 54.201.110.154" > > > > #Below is the rule that OpenBSD tells me there's a syntax error > > pass out quick on $wan proto tcp from any to $vpnip port 443 keep > state > > -end of snippet- > http://www.DCpages.com > As a side note, commas in pf macros appear to be optional. I prefer not to have them - they don't make rules more readable while consuming character space. -- Before enlightenment - chop wood, draw water. After enlightenment - chop wood, draw water. Marko Cupać https://www.mimar.rs/
Re: L2TP/IPSec via npppd won't work with Android 6.0.1
On Wed, Mar 30, 2016 at 8:18 AM, YASUOKA Masahiko wrote: > On Tue, 29 Mar 2016 11:37:14 +0200 > Mattieu Baptiste wrote: >> On Tue, Mar 29, 2016 at 5:43 AM, Sly Midnight wrote: >>> I don't mean to bring up an old thread, but I was wondering if anyone >>> else was experiencing issues with OpenBSD 5.8 and Android 6.0.1 >>> (preferably the version on the Nexus line of devices) connecting to >>> ipsec/l2tp. >>> >>> I had this working late last year some time and hadn't used it in a few >>> months. When I went to use it again a few days ago it didn't work at >>> all. After rebooting my phone and even trying it on my tablet that >>> coincidentally runs the exact same version of stock Android 6.0.1, it >>> too didn't work there. >> >> I have the very same problem. >> To me, It's caused by some Android updates. I saw this since 6.0, but >> some security updates near 5.1.1 seems to trigger the same behavior. >> I've tried to tweak ipsec.conf like you without luck. Unfortunately, I >> did not have the time to dig further... > > My colleague and I also hit this issue. [...] > We can force using MD5 or SHA for HMAC to workaround this issue. To > do this, put the text below to /etc/isakmpd/isakmpd.policy and remove > "-K" from isakmpd_flags. > > Authorizer: "POLICY" > Comment: This is test > Licensees: "passphrase:PASSPHRASE" > conditions: app_domain == "IPsec policy" && doi == "ipsec" && esp_present > == "yes" && (esp_auth_alg == "hmac-md5" || esp_auth_alg == "hmac-sha") -> > "true"; Thank you, it works flawlessly with that change. -- Mattieu Baptiste "/earth is 102% full ... please delete anyone you can."