OpenSMTPD on OpenBSD 5.9
I'm trying to replace Postfix with OpenSMTPD and I'm having a battle. I don't seem to be able to get the clues to match the hardware and the configure recipes that I need. The most up to date I can find breaks at the second stanza and I can guess that the instructions for configuring for PF are for OpenBSD 5.6 means that I should find a up to date have clue set. Does anyone have pointer to a rescue? Rod/ (who doesn't want to revert to Postfix..) *** NOTE *** Please DO NOT CC me. I subscribed to the list. Mail to the sender address that does not originate at the list server is tarpitted. The reply-to: address is provided for those who feel compelled to reply off list. Thankyou. Rod/ --- This life is not the real thing. It is not even in Beta. If it was, then OpenBSD would already have a man page for it.
Fw: new (again) support entries for BackWatcher, Inc.
Hi, I sent in the following request to be re-added to the "OpenBSD Support and Consulting" page a little over a week ago. What's the ETA on this sort of thing these days? Also, please apply s/Dragonfly/DragonFly/g to it. :) Thanks, --Kyle Begin forwarded message: Date: Thu, 31 Mar 2016 01:41:44 -0700 From: Kyle Amon To: misc@openbsd.org Subject: new (again) support entries for BackWatcher, Inc. Hello, After many years "in the wilderness," I'm hanging "the shingle" back up, as it were. Therefore, please re-add my "OpenBSD Support and Consulting" listing to both the USA and Canada sections as follows... USA... 0 C USA P Florida T Bradenton Z 34203-7305 O BackWatcher, Inc. I Kyle Amon A 3819 Garden Lakes Terrace M i...@backwatcher.com U http://www.backwatcher.com/ B +1-425-584-UNIX N While specialising in security, BackWatcher handles installation and configuration, systems integration, performance tuning, disaster recovery, network architecture, programming and general systems administration of OpenBSD, NetBSD, FreeBSD, Dragonfly BSD, Linux and many commercial UNIX flavors. Canada... 0 C Canada P British Columbia T Campbell River Z V9W 5T5 O BackWatcher, Inc. I Kyle Amon A 413-1434 Ironwood Street M i...@backwatcher.ca U http://www.backwatcher.ca/ B +1-778-819-UNIX N While specialising in security, BackWatcher handles installation and configuration, systems integration, performance tuning, disaster recovery, network architecture, programming and general systems administration of OpenBSD, NetBSD, FreeBSD, Dragonfly BSD, Linux and many commercial UNIX flavors. Thanks and Best Regards, Kyle -- CA +1-778-819-UNIX BackWatcher, Inc. US +1-425-584-UNIX Information Security SIPS am...@backwatcher.comwww.backwatcher.ca INUM +883-5100-0990-1657 | ISN UNIX*1917 | C*NET 1-731-UNIX GPG ed25519/F57091DBD60FBBB8 [ed25519/D60FBBB8] 985C 5B61 4ACE C89A 0DEE ECCD F570 91DB D60F BBB8 OTR E1A46361 9FD0D801 0132D21A FE2E96BE 39E3F069 : xmpp am...@backwatcher.com 5AB3E0B8 31F6ADB4 9A7D2FC2 A8235281 5776701E : silc silcnet [demime 1.01d removed an attachment of type application/pgp-signature]
Re: Recording computer sound.
Whoops. I didn't look at the mailing list name, and thought I was reading at a Linux mailing list. Perhaps that's why the OpenBSD form of the command didn't work on Void Linux :-) SteveT Steve Litt April 2016 featured book: Rapid Learning for the 21st Century http://www.troubleshooters.com/rl21 On Fri, 8 Apr 2016 21:02:49 -0400 Steve Litt wrote: > Yes. Inquiring minds want to know. When I perform the following > command: > > aucat -v 127 -f rsnd/0 -h wav -o junk.wav > > junk.wav is a WAV file with no sound. Changing the device to default > changes nothing, nor does leaving out the -f parameter entirely, and > if I change it to rsnd/1, snd/0, snd/1, midi/0, rmidi/0, aucat aborts > saying "couldn't open audio device". > > If anyone knows the secret sauce, please let me know. I was playing a > Youtube song, easily listenable on my speakers, while I did the aucat > commands. > > Thanks, > > SteveT > > Steve Litt > April 2016 featured book: Rapid Learning for the 21st Century > http://www.troubleshooters.com/rl21 > > > > On Fri, 8 Apr 2016 20:01:16 -0300 > "Henrique N. Lengler" wrote: > > > But what device should I specify? > > > > Please give full answers. > > > > On Sat, Apr 09, 2016 at 12:46:53AM +0200, ropers wrote: > > > You mean with aucat(1)? > > > > > > On 9 April 2016 at 00:09, Henrique N. Lengler > > > wrote: > > > > > > > Hi, > > > > > > > > Is there a way to record the sound playing on my speakers? > > > > Like duplicating it and saving on my computer everything that > > > > goes out to the > > > > speaker. > > > > > > > > I would like to to this to record some screencast. > > > > > > > > Any way of doing this? > > > > > > > > Thanks; > > > > > > > > -- > > > > Regards > > > > > > > > Henrique N. Lengler
Re: pureftpd virtual users TLS
On 04/07/16 16:06, Teno Deuter wrote: Hi, installed the chrooted version of pureftpd on a 5.9 AMD64 setting and face following issues: 1. TLS with system users works fine but not for the virtual ones! Only plain ftp! 2. seems that the service doesn't always refer to the 'pure-ftpd.conf'! To be more specific.I did define the path of 'pureftpd.pdb' in the configuration file but if I don't use the '-lpuredb' switch in the daemon flags doesn't find it. Also, uncommenting : AltLog w3c:/var/log/pureftpd.log doesn't have any effect either. That file never gets created! Thank you for your support. sorry didn't answer all questions with the patch. for logging look in /var/log/xferlog and /var/log/messages
Re: Recording computer sound.
Yes. Inquiring minds want to know. When I perform the following command: aucat -v 127 -f rsnd/0 -h wav -o junk.wav junk.wav is a WAV file with no sound. Changing the device to default changes nothing, nor does leaving out the -f parameter entirely, and if I change it to rsnd/1, snd/0, snd/1, midi/0, rmidi/0, aucat aborts saying "couldn't open audio device". If anyone knows the secret sauce, please let me know. I was playing a Youtube song, easily listenable on my speakers, while I did the aucat commands. Thanks, SteveT Steve Litt April 2016 featured book: Rapid Learning for the 21st Century http://www.troubleshooters.com/rl21 On Fri, 8 Apr 2016 20:01:16 -0300 "Henrique N. Lengler" wrote: > But what device should I specify? > > Please give full answers. > > On Sat, Apr 09, 2016 at 12:46:53AM +0200, ropers wrote: > > You mean with aucat(1)? > > > > On 9 April 2016 at 00:09, Henrique N. Lengler > > wrote: > > > > > Hi, > > > > > > Is there a way to record the sound playing on my speakers? > > > Like duplicating it and saving on my computer everything that > > > goes out to the > > > speaker. > > > > > > I would like to to this to record some screencast. > > > > > > Any way of doing this? > > > > > > Thanks; > > > > > > -- > > > Regards > > > > > > Henrique N. Lengler
Re: Recording computer sound.
Is this helpful? http://man.openbsd.org/OpenBSD-current/man7/sndio.7#DEVICE_NAMES On 9 April 2016 at 01:01, Henrique N. Lengler wrote: > But what device should I specify? > > Please give full answers. > > On Sat, Apr 09, 2016 at 12:46:53AM +0200, ropers wrote: > > You mean with aucat(1)? > > > > On 9 April 2016 at 00:09, Henrique N. Lengler < > henriquel...@openmailbox.org> > > wrote: > > > > > Hi, > > > > > > Is there a way to record the sound playing on my speakers? > > > Like duplicating it and saving on my computer everything that goes out > to > > > the > > > speaker. > > > > > > I would like to to this to record some screencast. > > > > > > Any way of doing this? > > > > > > Thanks; > > > > > > -- > > > Regards > > > > > > Henrique N. Lengler
Re: Recording computer sound.
Oh, scratch that. I was getting confused myself. I think it's actually just /dev/audio but I better shut up and don't say it because I'm not on an OpenBSD box now. Sorry for the noise. On 9 April 2016 at 02:19, ropers wrote: > Is this helpful? > http://man.openbsd.org/OpenBSD-current/man7/sndio.7#DEVICE_NAMES > > On 9 April 2016 at 01:01, Henrique N. Lengler < > henriquel...@openmailbox.org> wrote: > >> But what device should I specify? >> >> Please give full answers. >> >> On Sat, Apr 09, 2016 at 12:46:53AM +0200, ropers wrote: >> > You mean with aucat(1)? >> > >> > On 9 April 2016 at 00:09, Henrique N. Lengler < >> henriquel...@openmailbox.org> >> > wrote: >> > >> > > Hi, >> > > >> > > Is there a way to record the sound playing on my speakers? >> > > Like duplicating it and saving on my computer everything that goes >> out to >> > > the >> > > speaker. >> > > >> > > I would like to to this to record some screencast. >> > > >> > > Any way of doing this? >> > > >> > > Thanks; >> > > >> > > -- >> > > Regards >> > > >> > > Henrique N. Lengler
Re: pureftpd virtual users TLS
On 04/07/16 16:06, Teno Deuter wrote: Hi, installed the chrooted version of pureftpd on a 5.9 AMD64 setting and face following issues: 1. TLS with system users works fine but not for the virtual ones! Only plain ftp! 2. seems that the service doesn't always refer to the 'pure-ftpd.conf'! To be more specific.I did define the path of 'pureftpd.pdb' in the configuration file but if I don't use the '-lpuredb' switch in the daemon flags doesn't find it. Also, uncommenting : AltLog w3c:/var/log/pureftpd.log doesn't have any effect either. That file never gets created! Thank you for your support. I think its because support for virtual users isn't built in the port. This patch should do what you need. Index: Makefile === RCS file: /cvs/ports/net/pure-ftpd/Makefile,v retrieving revision 1.71 diff -u -p -u -r1.71 Makefile --- Makefile14 Oct 2015 10:01:55 -1.71 +++ Makefile9 Apr 2016 00:17:16 - @@ -28,7 +28,8 @@ CONFIGURE_ARGS+= --disable-pie \ --with-everything \ --with-paranoidmsg \ --with-rfc2640 \ - --with-tls + --with-tls \ + --with-puredb MODULES=converters/libiconv
Re: Recording computer sound.
But what device should I specify? Please give full answers. On Sat, Apr 09, 2016 at 12:46:53AM +0200, ropers wrote: > You mean with aucat(1)? > > On 9 April 2016 at 00:09, Henrique N. Lengler > wrote: > > > Hi, > > > > Is there a way to record the sound playing on my speakers? > > Like duplicating it and saving on my computer everything that goes out to > > the > > speaker. > > > > I would like to to this to record some screencast. > > > > Any way of doing this? > > > > Thanks; > > > > -- > > Regards > > > > Henrique N. Lengler
Re: Recording computer sound.
You mean with aucat(1)? On 9 April 2016 at 00:09, Henrique N. Lengler wrote: > Hi, > > Is there a way to record the sound playing on my speakers? > Like duplicating it and saving on my computer everything that goes out to > the > speaker. > > I would like to to this to record some screencast. > > Any way of doing this? > > Thanks; > > -- > Regards > > Henrique N. Lengler
MAC addresses on vmd guests
Hi, I was trying to test patches for vmm and uvm by Stefan Kempf. Everything works great and copies between the host and guest are faster with the patches but I noticed the following. Whenever I reboot the VMM host (running OpenBSD 5.9 -current from yesterday with custom kernel enabled with vmm0 at mainbus0) the guest OS (OpenBSD 5.9 -release) has a different MAC address for the same vio0 interface. Is this expected behavior? Reason for asking this is that if it is not expected behavior then probably I may be doing all this incorrectly and any feedback from my tests would just be a time waste for developers. So wanted to avoid that if possible. I am running dhcpd on the host and the lease file looks as follows. I only have one VM guest on this test system. builder.lab.foretell.ca$ cat /var/db/dhcpd.leases                              lease 192.168.1.33 {        starts 5 2016/04/08 21:09:17 UTC;        ends 6 2016/04/09 09:09:17 UTC;        hardware ethernet fe:e1:ba:d0:a6:73;        uid 01:fe:e1:ba:d0:a6:73; } lease 192.168.1.32 {        starts 5 2016/04/08 21:00:45 UTC;        ends 6 2016/04/09 09:00:45 UTC;        hardware ethernet fe:e1:ba:d0:40:32;        uid 01:fe:e1:ba:d0:40:32; } lease 192.168.1.34 {        starts 5 2016/04/08 21:11:55 UTC;        ends 6 2016/04/09 09:11:55 UTC;        hardware ethernet fe:e1:ba:d0:ee:a5;        uid 01:fe:e1:ba:d0:ee:a5; } lease 192.168.1.35 {        starts 5 2016/04/08 21:49:46 UTC;        ends 6 2016/04/09 09:49:46 UTC;        hardware ethernet fe:e1:ba:d0:98:23;        uid 01:fe:e1:ba:d0:98:23; } DMESG from VMM HOST OpenBSD 5.9-current (GENERIC.MP) #0: Fri Apr 8 13:59:37 CDT 2016    r...@builder.lab.foretell.ca:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 16806883328 (16028MB) avail mem = 16293249024 (15538MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xeb410 (106 entries) bios0: vendor American Megatrends Inc. version "0509" date 05/09/2012 bios0: ASUSTeK COMPUTER INC. P8H77-V LE acpi0 at bios0: rev 2 acpi0: sleep states S0 S1 S3 S4 S5 acpi0: tables DSDT FACP APIC MCFG HPET SSDT SSDT SSDT acpi0: wakeup devices UAR1(S4) PS2K(S4) PS2M(S4) P0P1(S4) PXSX(S4) RP01(S4) PXSX(S4) RP02(S4) PXSX(S4) RP03(S4) PXSX(S4) RP04(S4) PXSX(S4) BR10(S4) RP06(S4) PXSX(S4) [...] acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz, 3502.50 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,LONG,LAHF,PERF,ITSC,SENSOR,ARAT cpu0: 256KB 64b/line 8-way L2 cache cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges cpu0: apic clock running at 102MHz cpu0: mwait min=64, max=64, C-substates=0.2.1.1, IBE cpu1 at mainbus0: apid 2 (application processor) cpu1: Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz, 3502.00 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,LONG,LAHF,PERF,ITSC,SENSOR,ARAT cpu1: 256KB 64b/line 8-way L2 cache cpu1: smt 0, core 1, package 0 cpu2 at mainbus0: apid 4 (application processor) cpu2: Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz, 3502.00 MHz cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,LONG,LAHF,PERF,ITSC,SENSOR,ARAT cpu2: 256KB 64b/line 8-way L2 cache cpu2: smt 0, core 2, package 0 cpu3 at mainbus0: apid 6 (application processor) cpu3: Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz, 3502.00 MHz cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,LONG,LAHF,PERF,ITSC,SENSOR,ARAT cpu3: 256KB 64b/line 8-way L2 cache cpu3: smt 0, core 3, package 0 cpu4 at mainbus0: apid 1 (application processor) cpu4: Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz, 3502.00 MHz cpu4: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,LONG,LAHF,PERF,ITSC,SENSOR,ARAT cpu4: 256KB 64b/line 8-way L2 cache cpu4: smt 1, core 0, package 0 cpu5 at mainbus0: apid 3 (
Recording computer sound.
Hi, Is there a way to record the sound playing on my speakers? Like duplicating it and saving on my computer everything that goes out to the speaker. I would like to to this to record some screencast. Any way of doing this? Thanks; -- Regards Henrique N. Lengler
Re: recommendations for 10GBase Ethernet on OpenBSD
On 08/04/16 19:35, Joe Crivello wrote: Intel X520 cards seem to work nicely in our shop. x520 work fine for us too. G
Re: PKG_PATH - SOLVED
Thank you for that tip. On Fri, Apr 8, 2016 at 2:57 PM, Antoine Jacoutot wrote: > On Fri, Apr 08, 2016 at 09:16:13AM +0200, Peter Hessler wrote: >> On 2016 Apr 07 (Thu) at 22:56:42 +0200 (+0200), Teno Deuter wrote: >> :Hi, >> : >> :just installed a 5.9 AMD64 version and get issues with adding packages as a >> :regular system user. 'env' shows me the correct setting for PKG_PATH but >> :seems that the user environment isn't able to contact the source. >> : >> :As long as I change to 'root', everything works fine! >> : >> :Thank you for your support >> : >> >> You should put it into /etc/pkg.conf instead: >> >> """ >> installpath = http://ftp.hostserver.de/pub/OpenBSD/%c/packages/%a/ >> """ >> >> %c expands out into the version, and %a into the arch. > > I think nowadays you can do something like: > installpath = ftp.hostserver.de > > > -- > Antoine
Re: ifconfig down but routing still tries to use the interface's routes
I see what you're saying, but this is a router not a server. It's my job to stop the routing loop. That shorter prefix might actually work. This isn't how it works on other routers I've used. Why remove the UP flag from the route then? Older versions of OpenBSD would still announce the connected route via BGP even though the interface was down. I haven't tested this lately. On Fri, Apr 8, 2016 at 11:15 AM, Stuart Henderson wrote: > On 2016/04/08 10:05, Doran Mori wrote: > > Could you give an example of how that it could cause a routing loop? > > Say you have a directly connected /27 on an interface, and a covering > /22, or a default route or something. > > If the interface holding that /27 goes down (for example the switch > fails, or somebody unplugs the cable, etc), in most setups you won't > be able to reach it. Host unreachable / net unreachable. > > If you "fall back" to a shorter prefix or especially to a default > route, in many setups, the router that you send it to will send it > right back to you, causing a loop. Consider the case where you > take a local interface down. Normally you want the traffic to be > dropped, not sent to a transit provider. > > Considering phessler's suggestion, which I haven't tested but makes > sense, if you would usually have another route to the *same prefix* > i.e. the /27 from somewhere else (bgp, ospf, static route) then > that should be used. > > > I'm used to the world of actual routers where the related routes from > > an interface get removed from the FIB when it goes down. The kernel > > already removes the UP flag. I don't understand why that's still a > > valid route? > > > > On Fri, Apr 8, 2016 at 1:53 AM, Stuart Henderson > > wrote: > > > > On 2016-04-07, Doran Mori wrote: > > > Running 5.9. > > > > > > I have x.x.141.0/25 that's directly connected. With x.x.141.0/24 > > reachable > > > via bgp. > > > > > > # route -n get x.x.141.13 > > >route to: x.x.141.13 > > > destination: x.x.141.0 > > >mask: 255.255.255.128 > > > interface: em3 > > > if address: x.x.141.112 > > >priority: 4 (connected) > > > flags: > > > > > > # ifconfig em3 down > > > jawaka# route -n get x.x.141.13 > > >route to: x.x.141.13 > > > destination: 66.117.141.0 > > >mask: 255.255.255.128 > > > interface: em3 > > > if address: x.x.141.112 > > >priority: 4 (connected) > > > flags: > > > > > > I see the UP flag is removed but it has no effect. > > > > > > # ping x.x.141.13 > > > PING x.x.141.13 (x.x.141.13): 56 data bytes > > > ping: sendto: Network is down > > > > > > I would expect this route to be used instead: > > > # route -n get x.x.141.0/24 > > >route to: x.x.141.0 > > > destination: x.x.141.0 > > >mask: 255.255.255.0 > > > gateway: x.x.144.154 > > > interface: em2 > > > if address: x.x.144.153 > > >priority: 48 (bgp) > > > flags: > > > > > > I searched the archives but didn't see this specific case > > mentioned. Can > > > someone enlighten me? > > > > That is how things normally work. > > > > Sometimes the behaviour you want would be useful (especially for > > machines that move between wired and wireless connectivity) but in > > other > > cases (e.g. the usual case with a bgp router) it would be > > undesirable as > > it would cause a routing loop, so there's no one-size-fits-all > > answer. > > > > I'm not sure if there is any way to manipulate the route entry to > > do > > what you want. If there is, it's non-obvious at least!
Re: ifconfig down but routing still tries to use the interface's routes
On 2016/04/08 10:05, Doran Mori wrote: > Could you give an example of how that it could cause a routing loop? Say you have a directly connected /27 on an interface, and a covering /22, or a default route or something. If the interface holding that /27 goes down (for example the switch fails, or somebody unplugs the cable, etc), in most setups you won't be able to reach it. Host unreachable / net unreachable. If you "fall back" to a shorter prefix or especially to a default route, in many setups, the router that you send it to will send it right back to you, causing a loop. Consider the case where you take a local interface down. Normally you want the traffic to be dropped, not sent to a transit provider. Considering phessler's suggestion, which I haven't tested but makes sense, if you would usually have another route to the *same prefix* i.e. the /27 from somewhere else (bgp, ospf, static route) then that should be used. > I'm used to the world of actual routers where the related routes from > an interface get removed from the FIB when it goes down. The kernel > already removes the UP flag. I don't understand why that's still a > valid route? > > On Fri, Apr 8, 2016 at 1:53 AM, Stuart Henderson > wrote: > > On 2016-04-07, Doran Mori wrote: > > Running 5.9. > > > > I have x.x.141.0/25 that's directly connected. With x.x.141.0/24 > reachable > > via bgp. > > > > # route -n get x.x.141.13 > > route to: x.x.141.13 > > destination: x.x.141.0 > > mask: 255.255.255.128 > > interface: em3 > > if address: x.x.141.112 > > priority: 4 (connected) > > flags: > > > > # ifconfig em3 down > > jawaka# route -n get x.x.141.13 > > route to: x.x.141.13 > > destination: 66.117.141.0 > > mask: 255.255.255.128 > > interface: em3 > > if address: x.x.141.112 > > priority: 4 (connected) > > flags: > > > > I see the UP flag is removed but it has no effect. > > > > # ping x.x.141.13 > > PING x.x.141.13 (x.x.141.13): 56 data bytes > > ping: sendto: Network is down > > > > I would expect this route to be used instead: > > # route -n get x.x.141.0/24 > > route to: x.x.141.0 > > destination: x.x.141.0 > > mask: 255.255.255.0 > > gateway: x.x.144.154 > > interface: em2 > > if address: x.x.144.153 > > priority: 48 (bgp) > > flags: > > > > I searched the archives but didn't see this specific case > mentioned. Can > > someone enlighten me? > > That is how things normally work. > > Sometimes the behaviour you want would be useful (especially for > machines that move between wired and wireless connectivity) but in > other > cases (e.g. the usual case with a bgp router) it would be > undesirable as > it would cause a routing loop, so there's no one-size-fits-all > answer. > > I'm not sure if there is any way to manipulate the route entry to > do > what you want. If there is, it's non-obvious at least!
Re: pf from self user _rebound to port 53 and rebound in front of unbound
Kevin Chadwick writes: > I know rebound is not meant for this and see it's benefits for clients > and even maybe in front of unbound. > > However after noticing rebound and the undeadly thread I played with PF > to see if I could enforce all DNS requests to have come from rebound. > > The best I have managed so far without syntax errors is along the > lines of: > > block log quick proto udp from user !=_rebound > > which is sometimes not usable or doesn't quite achieve the goal? > > So is it possible to use something like: > > pass out on $ext_if from self user _rebound to $dns_srv port 53? Something like pass out ... proto udp from any to any port 53 user = _rebound same for tcp. -- jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE
Re: recommendations for 10GBase Ethernet on OpenBSD
On 8.4.2016. 16:22, Steiner Peter wrote: > hello, > > i'm looking for recommendations for 10GBase SFP+ network adapters, > anyone has experience with 10G Ethernet on OpenBSD? > > i found dual SFP+ PCIe devices with the following drivers: > ix - Intel 82598/82599/X540 PCI Express 10Gb Ethernet device > ixgb - Intel PRO/10GbE 10Gb Ethernet device > myx - Myricom Myri-10G PCI Express 10Gb Ethernet device > oce - Emulex OneConnect 10Gb Ethernet device i would go with ix 82955 or x520 http://undeadly.org/cgi?action=article&sid=20160302155046
Re: recommendations for 10GBase Ethernet on OpenBSD
Intel X520 cards seem to work nicely in our shop.
recommendations for 10GBase Ethernet on OpenBSD
hello, i'm looking for recommendations for 10GBase SFP+ network adapters, anyone has experience with 10G Ethernet on OpenBSD? i found dual SFP+ PCIe devices with the following drivers: ix - Intel 82598/82599/X540 PCI Express 10Gb Ethernet device ixgb - Intel PRO/10GbE 10Gb Ethernet device myx - Myricom Myri-10G PCI Express 10Gb Ethernet device oce - Emulex OneConnect 10Gb Ethernet device cards found at my retailers: Intel X520-DA2 E10G42BTDA Intel X710-DA2 X710DA2 IBM X710 for IBM System x 81Y3520 Lenovo 49Y7960 Lenovo 90Y6456 HP 560SFP+ 665249-B21 btw. I'll use IBM (Lenovo) X3550M5 (and maybe HP ProLiant DL360p) Pizza-Boxes and Extreme Networks 670 (and also HP 5900AF) switches so the Extreme Network SFP+ modules should be compatible to the NIC thanx in advance for any field reports greetings from Austria -Peter
Re: PKG_PATH
On Fri, Apr 08, 2016 at 09:16:13AM +0200, Peter Hessler wrote: > On 2016 Apr 07 (Thu) at 22:56:42 +0200 (+0200), Teno Deuter wrote: > :Hi, > : > :just installed a 5.9 AMD64 version and get issues with adding packages as a > :regular system user. 'env' shows me the correct setting for PKG_PATH but > :seems that the user environment isn't able to contact the source. > : > :As long as I change to 'root', everything works fine! > : > :Thank you for your support > : > > You should put it into /etc/pkg.conf instead: > > """ > installpath = http://ftp.hostserver.de/pub/OpenBSD/%c/packages/%a/ > """ > > %c expands out into the version, and %a into the arch. I think nowadays you can do something like: installpath = ftp.hostserver.de -- Antoine
Re: Roundrobin Trunking on 5.8
> > Obvious question, but: did you go 5.6 -> 5.8 or 5.6 -> 5.7 -> 5.8? > > 5.6 -> 5.8 but followed the upgrade guides for both and ran sysmerge > once? > > for the emailed bug report for the separate issue I said upgraded but > it was a new install. So either this is fixed in 5.9 \O/ or I didn't notice the lack of UP on the trunk port. As it was coming UP on bootup before the upgrade to 5.8 then I *guess* I can be forgiven if that was? the only issue, I forget if I had tried marking it UP or not <_< So Thanks or Sorry for the noise, whichever it should be, haha -- KISSIS - Keep It Simple So It's Securable
pf from self user _rebound to port 53 and rebound in front of unbound
I know rebound is not meant for this and see it's benefits for clients and even maybe in front of unbound. However after noticing rebound and the undeadly thread I played with PF to see if I could enforce all DNS requests to have come from rebound. The best I have managed so far without syntax errors is along the lines of: block log quick proto udp from user !=_rebound which is sometimes not usable or doesn't quite achieve the goal? So is it possible to use something like: pass out on $ext_if from self user _rebound to $dns_srv port 53? Thanks -- KISSIS - Keep It Simple So It's Securable
Re: ifconfig down but routing still tries to use the interface's routes
On 2016 Apr 08 (Fri) at 08:53:45 + (+), Stuart Henderson wrote: :On 2016-04-07, Doran Mori wrote: :> Running 5.9. :> :> I have x.x.141.0/25 that's directly connected. With x.x.141.0/24 reachable :> via bgp. :> :> # route -n get x.x.141.13 :>route to: x.x.141.13 :> destination: x.x.141.0 :>mask: 255.255.255.128 :> interface: em3 :> if address: x.x.141.112 :>priority: 4 (connected) :> flags: :> :> # ifconfig em3 down :> jawaka# route -n get x.x.141.13 :>route to: x.x.141.13 :> destination: 66.117.141.0 :>mask: 255.255.255.128 :> interface: em3 :> if address: x.x.141.112 :>priority: 4 (connected) :> flags: :> :> I see the UP flag is removed but it has no effect. :> :> # ping x.x.141.13 :> PING x.x.141.13 (x.x.141.13): 56 data bytes :> ping: sendto: Network is down :> :> I would expect this route to be used instead: :> # route -n get x.x.141.0/24 :>route to: x.x.141.0 :> destination: x.x.141.0 :>mask: 255.255.255.0 :> gateway: x.x.144.154 :> interface: em2 :> if address: x.x.144.153 :>priority: 48 (bgp) :> flags: :> :> I searched the archives but didn't see this specific case mentioned. Can :> someone enlighten me? : :That is how things normally work. : :Sometimes the behaviour you want would be useful (especially for :machines that move between wired and wireless connectivity) but in other :cases (e.g. the usual case with a bgp router) it would be undesirable as :it would cause a routing loop, so there's no one-size-fits-all answer. : :I'm not sure if there is any way to manipulate the route entry to do :what you want. If there is, it's non-obvious at least! : You can add a "backup" route of an equal prefix length. In such a case, the backup route will take over. -- Pushing 40 is exercise enough.
Re: ifconfig down but routing still tries to use the interface's routes
On 2016-04-07, Doran Mori wrote: > Running 5.9. > > I have x.x.141.0/25 that's directly connected. With x.x.141.0/24 reachable > via bgp. > > # route -n get x.x.141.13 >route to: x.x.141.13 > destination: x.x.141.0 >mask: 255.255.255.128 > interface: em3 > if address: x.x.141.112 >priority: 4 (connected) > flags: > > # ifconfig em3 down > jawaka# route -n get x.x.141.13 >route to: x.x.141.13 > destination: 66.117.141.0 >mask: 255.255.255.128 > interface: em3 > if address: x.x.141.112 >priority: 4 (connected) > flags: > > I see the UP flag is removed but it has no effect. > > # ping x.x.141.13 > PING x.x.141.13 (x.x.141.13): 56 data bytes > ping: sendto: Network is down > > I would expect this route to be used instead: > # route -n get x.x.141.0/24 >route to: x.x.141.0 > destination: x.x.141.0 >mask: 255.255.255.0 > gateway: x.x.144.154 > interface: em2 > if address: x.x.144.153 >priority: 48 (bgp) > flags: > > I searched the archives but didn't see this specific case mentioned. Can > someone enlighten me? That is how things normally work. Sometimes the behaviour you want would be useful (especially for machines that move between wired and wireless connectivity) but in other cases (e.g. the usual case with a bgp router) it would be undesirable as it would cause a routing loop, so there's no one-size-fits-all answer. I'm not sure if there is any way to manipulate the route entry to do what you want. If there is, it's non-obvious at least!
Re: bsd.rd fails to boot up on libreboot x200: how to find out why?
On 2016-04-07, silent_wande...@openmailbox.org wrote: > I have a Thinkpad X200 laptop with libreboot 20150518 (latest stable > release). > > Libreboot is basically coreboot + grub2 without bios services and with > no text console. and without CPU microcode updates that may fix important, maybe security- related, bugs. > But if I try to load /bsd (is it a kernel at all? seems to be gzip > archive with some elf) or /5.9/amd64/bsd.rd kernels, they do not boot > up. After several seconds the machine reboots without any messages on > the screen at all and grub menu reappears. It's just a gzipped kernel, the normal boot loader supports these directly. You could try gunzipping it and see if you get further but the lack of text console probably won't help you. > Is it possible at all to use USB serial port as console? No. > Do I have any feasible options to get serial console to this laptop? Unlikely. > I think that if I unpack bsd.rd and edit /etc/ttys it might help, but I > did not find any information about bsd.rd structure, such as supposed > offset of embedded image, its format and so on. > > elfrdsetroot(8) is mentioned in man rd, but http://man.openbsd.org does > not have a manpage for it. It doesn't mention it with a manpage section number, just as "the elfrdsetroot tool" - it can be built like this: cd /usr/src/distrib/common && \ cc -o rdsetroot elf32.c elf64.c elfrdsetroot.c rdsetroot -x /path/to/bsd.rd /tmp/ramdisk.image vnconfig vnd0 /tmp/ramdisk.image mount /dev/vnd0a /mnt ... umount /mnt vnconfig -u vnd0 rdsetroot /path/to/bsd.rd /tmp/ramdisk.image /etc/ttys only helps when multi-user, it doesn't affect kernel console or single-user mode. But in the "..." stage you can create /mnt/auto_install.conf to run the installer (or auto_upgrade.conf for the updater), see autoinstall(8), which may get you somewhere.
Re: NAT66 with temporary address
On 2016-04-03, Steven Mestdagh wrote: > I was trying to use NAT66, from some internal subnets to my IPv6 > internet address, using the following line with 5.9 release. > > match out on $intout inet6 from !(egress:network) to any nat-to ($intout:0) > > The last part expands to the link local address of the interface, which > is the first address but not really useful for NAT. > I would like it to use the relevant temporary address set by autoconf. > Is there a way to specify this? Maybe we would need additional modifiers for > it? There isn't a way to specify this, but I think it's a bug that :0 expands to a link-local address at all..
Re: PKG_PATH
On 2016 Apr 07 (Thu) at 22:56:42 +0200 (+0200), Teno Deuter wrote: :Hi, : :just installed a 5.9 AMD64 version and get issues with adding packages as a :regular system user. 'env' shows me the correct setting for PKG_PATH but :seems that the user environment isn't able to contact the source. : :As long as I change to 'root', everything works fine! : :Thank you for your support : You should put it into /etc/pkg.conf instead: """ installpath = http://ftp.hostserver.de/pub/OpenBSD/%c/packages/%a/ """ %c expands out into the version, and %a into the arch. -- Any sufficiently advanced technology is indistinguishable from a rigged demo.