How to test BGP fail Over
Hi All, We have openbgpd running having peered with 2 ISP's. I am trying to test the failover with one of the ISP. To test this, I changed bgpd.conf file to comment the entry for one of the ISP and reloaded conf file and behaves as expected. I think I can also use bgpctl command to bring down one of the ISP's and test. But what is the best way to test like when a real outage happens. Do I need to contact the ISP to make the peer down ? Regards, Nagarjun
Re: Gigabyte-range /dev, for whatever reason
Peter N. M. Hansteen wrote: > This is probably a one-off (actually two, but more about that later) that > will only ever bite me and never be heard of againg, but I have to ask: > > What could cause your /dev/, which is normally in the kilobytes in size, to > swell to *gigabyte* range? i think you want to look at ls -lrS /dev
Expired certificate on lists.openbsd.org
Self-explanatory. I went to approve my post to bugs@ and got this. Looks like it lapsed earlier this week. http://imgur.com/QzYSjS8
Re: alternative method for "gtar --delete"
It's a bit long winded, but here's a possibility: # cd / # tar zcpvf siteXX.tgz /share/* /siteX/* # tar ztf siteXX.tgz | grep '^/share' | xargs rm -f Though I'm not entirely sure what you mean by "on a per site basis" in this context, can you elaborate please, especially if the above solution is not what you need. On Fri, Nov 18, 2016 at 10:20 AM, BSD wrote: > Does misc@ have an alternative method for "gtar --delete"? > > I'm making siteXX.tgz's for multiple sites. There is a directory that > is shared between all sites. Then, each site may have a directory of > files to append to the archive. > > I'd also like to be able to remove files from the yet to be zipped > archive that come from the shared directory on a per site basis. Just > looking to stay within base if possible. > > Example files: > /share/etc/pf.conf > /share/etc/vi.exrc > /share/usr/X11R6/lib/X11/fonts/TTF/Collection/... > /site1/append/install.conf > /site1/omit/X11R6/lib/X11/fonts/TTF/Collection/... > > Any advise in my methods or scheme in general would be appreciated! > > All the best, > > Keith Larsen > CPS Coatings > -- Aaron Mason - Programmer, open source addict I've taken my software vows - for beta or for worse
alternative method for "gtar --delete"
Does misc@ have an alternative method for "gtar --delete"? I'm making siteXX.tgz's for multiple sites. There is a directory that is shared between all sites. Then, each site may have a directory of files to append to the archive. I'd also like to be able to remove files from the yet to be zipped archive that come from the shared directory on a per site basis. Just looking to stay within base if possible. Example files: /share/etc/pf.conf /share/etc/vi.exrc /share/usr/X11R6/lib/X11/fonts/TTF/Collection/... /site1/append/install.conf /site1/omit/X11R6/lib/X11/fonts/TTF/Collection/... Any advise in my methods or scheme in general would be appreciated! All the best, Keith Larsen CPS Coatings
Re: maybe move texinfo from base in the ports?
On 18/11/16 02:47, Андрей Болконский wrote: > IMHO, texinfo isn't need in most cases, is GPL software and legacy > version > > Use man, like! If I was to speculate why it's in the base, it'd be for some GNU software that's part of the base image such as `gcc`. -- Stuart Longland (aka Redhatter, VK4MSL) I haven't lost my mind... ...it's backed up on a tape somewhere.
Install to MacBookPro mid 2007 fails
Hello misc, I try to install OpenBSD on my Apple MacBook Pro mid 2007 (or MacBookPro3,1) for some time now with different -release and the latest -snapshot versions with no success. The bootloader shows up and tries to launch bsd.rd: probing: pc0 mem [572K 64K 3053M 13M 60K 24K 76K 1024M] disk: hd0 hd1* hd2* >>OpenBSD/amd64 BOOTX64 3.30 boot> cannot boot hd0a:/etc/random.seed: No such file or directory booting hd0a:/bsd: 3356852+1412368+2413568+0+598016=0x76d238 entry point at 0xf001000 [7205c766, 3404, 24448b12, f4c0a304] After printing this lines it takes several seconds and then it reboots. FreeBSD-11 is booting well on this device so I attached the dmesg output from there, maybe it is helpful. Thanks in advance Thomas Copyright (c) 1992-2016 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD is a registered trademark of The FreeBSD Foundation. FreeBSD 11.0-RELEASE-p1 #0 r306420: Thu Sep 29 01:43:23 UTC 2016 r...@releng2.nyi.freebsd.org:/usr/obj/usr/src/sys/GENERIC amd64 FreeBSD clang version 3.8.0 (tags/RELEASE_380/final 262564) (based on LLVM 3.8.0) VT(efifb): resolution 1440x900 CPU: Intel(R) Core(TM)2 Duo CPU T7500 @ 2.20GHz (2194.55-MHz K8-class CPU) Origin="GenuineIntel" Id=0x6fa Family=0x6 Model=0xf Stepping=10 Features=0xbfebfbff Features2=0xe3bd AMD Features=0x20100800 AMD Features2=0x1 VT-x: HLT,PAUSE TSC: P-state invariant, performance statistics real memory = 4294967296 (4096 MB) avail memory = 4087091200 (3897 MB) Event timer "LAPIC" quality 400 ACPI APIC Table: FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs FreeBSD/SMP: 1 package(s) x 2 core(s) random: unblocking device. ioapic0: Changing APIC ID to 1 ioapic0 irqs 0-23 on motherboard random: entropy device external interface kbd0 at kbdmux0 netmap: loaded module module_register_init: MOD_LOAD (vesa, 0x8101c950, 0) error 19 cryptosoft0: on motherboard acpi0: on motherboard acpi_ec0: port 0x62,0x66 on acpi0 acpi0: Power Button (fixed) hpet0: iomem 0xfed0-0xfed003ff irq 0,8 on acpi0 Timecounter "HPET" frequency 14318180 Hz quality 950 Event timer "HPET" frequency 14318180 Hz quality 450 Event timer "HPET1" frequency 14318180 Hz quality 440 Event timer "HPET2" frequency 14318180 Hz quality 440 cpu0: on acpi0 cpu1: on acpi0 atrtc0: port 0x70-0x77 on acpi0 atrtc0: Warning: Couldn't map I/O. Event timer "RTC" frequency 32768 Hz quality 0 attimer0: port 0x40-0x43,0x50-0x53 on acpi0 Timecounter "i8254" frequency 1193182 Hz quality 0 Event timer "i8254" frequency 1193182 Hz quality 100 Timecounter "ACPI-fast" frequency 3579545 Hz quality 900 acpi_timer0: <24-bit timer at 3.579545MHz> port 0x408-0x40b on acpi0 acpi_acad0: on acpi0 acpi_lid0: on acpi0 acpi_button0: on acpi0 acpi_button1: on acpi0 pcib0: port 0xcf8-0xcff on acpi0 pcib0: _OSC returned error 0x10 pcib0: could not evaluate _ADR - AE_NOT_FOUND pci0: on pcib0 CPU0: local APIC error 0x80 CPU0: local APIC error 0x80 CPU0: local APIC error 0x80 CPU0: local APIC error 0x80 CPU0: local APIC error 0x80 CPU0: local APIC error 0x80 pcib1: at device 1.0 on pci0 pcib1: [GIANT-LOCKED] pci1: on pcib1 vgapci0: port 0x5000-0x507f mem 0xd200-0xd2ff,0xc000-0xcfff,0xd000-0xd1ff at device 0.0 on pci1 uhci0: port 0x60c0-0x60df at device 26.0 on pci0 uhci0: LegSup = 0x3000 usbus0 on uhci0 uhci1: port 0x60a0-0x60bf at device 26.1 on pci0 usbus1 on uhci1 ehci0: mem 0xdb504c00-0xdb504fff at device 26.7 on pci0 usbus2: EHCI version 1.0 usbus2 on ehci0 hdac0: mem 0xdb50-0xdb503fff at device 27.0 on pci0 pcib2: at device 28.0 on pci0 pcib2: [GIANT-LOCKED] pcib3: at device 28.2 on pci0 pcib3: [GIANT-LOCKED] pcib4: at device 28.4 on pci0 pcib4: [GIANT-LOCKED] pci2: on pcib4 ath0: mem 0xd730-0xd730 at device 0.0 on pci2 ath0: [HT] enabling HT modes ath0: [HT] RTS aggregates limited to 8 KiB ath0: [HT] 2 RX streams; 2 TX streams ath0: AR5418 mac 12.10 RF5133 phy 8.1 ath0: 2GHz radio: 0x; 5GHz radio: 0x00c0 pcib5: at device 28.5 on pci0 pcib5: [GIANT-LOCKED] pci3: on pcib5 mskc0: port 0x3000-0x30ff mem 0xd720-0xd7203fff at device 0.0 on pci3 msk0: on mskc0 msk0: Using defaults for TSO: 65518/35/2048 msk0: Ethernet address: 00:1b:63:9f:dc:af miibus0: on msk0 e1000phy0: PHY 0 on miibus0 e1000phy0: none, 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseT, 1000baseT-master, 1000baseT-FDX, 1000baseT-FDX-master, auto, auto-flow uhci2: port 0x6080-0x609f at device 29.0 on pci0 usbus3 on uhci2 uhci3: port 0x6060-0x607f at device 29.1 on pci0 usbus4 on uhci3 uhci4: port 0x6040-0x605f at device 29.2 on pci0 usbus5 on uhci4 ehci1: mem 0xdb504800-0xdb504bff at device 29.7 on pci0 usbus6: EHCI version 1.0 usbus6 on ehci1 pcib6: at device 30.0 on pci0 pci4: on pcib6 pci4: at device 3.0 (no driver attached) isab0: at device 31.0 on pci0 isa0: on isab0
Re: Gigabyte-range /dev, for whatever reason
On Fri, Nov 18, 2016 at 05:56:20AM +1000, Stuart Longland wrote: > On 18/11/16 05:51, Peter N. M. Hansteen wrote: > > This is probably a one-off (actually two, but more about that later) that > will only ever bite me and never be heard of againg, but I have to ask: > > > > What could cause your /dev/, which is normally in the kilobytes in size, to > swell to *gigabyte* range? > > Very stupid question, but your /dev/null wouldn't have been replaced by > a plain file would it? > > (Yes, I had that happen to me by accident once.) Not stupid at all to my mind, but [Thu Nov 17 20:58:34] peter@skapet:~$ ls -l /dev/null crw-rw-rw- 1 root wheel2, 2 Nov 17 20:58 /dev/null so that does not seem to be the problem. however [Thu Nov 17 21:00:39] peter@skapet:~$ doas ls -lS /dev/ | head total 2301984 -rw-r--r-- 1 root wheel 1178386432 Oct 27 2015 sd0 -r-xr-xr-x 1 root wheel11584 Nov 17 07:36 MAKEDEV dr-xr-xr-x 2 root wheel 1024 Nov 17 18:01 fd lrwxr-xr-x 1 root wheel9 Aug 1 2014 audioctl -> audioctl0 lrwxr-xr-x 1 root wheel6 Aug 1 2014 audio -> audio0 lrwxr-xr-x 1 root wheel6 Aug 1 2014 mixer -> mixer0 lrwxr-xr-x 1 root wheel6 Aug 1 2014 radio -> radio0 lrwxr-xr-x 1 root wheel6 Aug 1 2014 sound -> sound0 lrwxr-xr-x 1 root wheel6 Aug 1 2014 video -> video0 [Thu Nov 17 21:00:49] peter@skapet:~$ and [Thu Nov 17 21:01:34] peter@skapet:~$ file /dev/sd0 /dev/sd0: ISO 9660 CD-ROM filesystem data 'Ubuntu 15.10 amd64 ' (bootable) x86 boot sector; partition 2: ID=0xef, starthead 254, startsector 2279532, 4544 sectors so a device had indeed been replaced by a regular file. Simple PEBKAC caused this then. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: Gigabyte-range /dev, for whatever reason
On 18/11/16 05:51, Peter N. M. Hansteen wrote: > This is probably a one-off (actually two, but more about that later) that will only ever bite me and never be heard of againg, but I have to ask: > > What could cause your /dev/, which is normally in the kilobytes in size, to swell to *gigabyte* range? Very stupid question, but your /dev/null wouldn't have been replaced by a plain file would it? (Yes, I had that happen to me by accident once.) -- Stuart Longland (aka Redhatter, VK4MSL) I haven't lost my mind... ...it's backed up on a tape somewhere. [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Gigabyte-range /dev, for whatever reason
This is probably a one-off (actually two, but more about that later) that will only ever bite me and never be heard of againg, but I have to ask: What could cause your /dev/, which is normally in the kilobytes in size, to swell to *gigabyte* range? The reason I ask is that when I was attempting to upgrade my laptop to the latest amd64 snapshot, the upgrade failed due to a full root file system. I thought that to be distinctly odd, because the file system layout is very close to the default with a gigabyte for root, to wit: [Thu Nov 17 20:03:37] peter@elke:~$ df -h Filesystem SizeUsed Avail Capacity Mounted on /dev/sd1a 1005M103M852M11%/ /dev/sd1d 3.9G 18.6M3.7G 0%/tmp /dev/sd1f 100G554M 94.8G 1%/usr /dev/sd1h 29.5G6.1G 22.0G22%/usr/local /dev/sd1j 3.2G2.0K3.0G 0%/usr/obj /dev/sd1i 21.6G2.0K 20.6G 0%/usr/src /dev/sd1g 1005M2.0K955M 0%/usr/x11R6 /dev/sd1e 27.8G 39.5M 26.4G 0%/var /dev/sd0d 950G370G532G41%/home as we see the world after a successful reinstall, including packages. But before that reinstall, the root file system was indeed full, and /dev consumed more that 900 megabytes (the exact number is lost but take my word for it). Even stranger, another machine here (this one running recent i386 snapshots) shows this: [Thu Nov 17 20:09:11] peter@skapet:~$ doas du -hs /* 4.0K/altroot 5.4M/bin 88.0K /boot 10.4M /bsd 6.9M/bsd.rd 10.4M /bsd.sp 1.1G/dev 8.3M/etc note the size of /dev here. This one has a larger root file system so no immediate danger of filling to capacity yet. The only common denominator here I can think of is that both machines have suffered kernel panics with subsequent fsck on boot recently. In the case of this last one the panic was almost certainly due to a RAM chip failing, with fsck interrupted due to panic when hitting that bad RAM, and so forth. Even after the hardware had been swapped out, that machine was seriously sick in other ways. Anyway, this last machine has gone only through OS and packages upgrade after the panic, so most likely more evidence is preserved here than in the elke case. The sane way forward is of course to reinstall and get on with life, but a part of me still wonders how this could have happened on two systems at roughly the same time. If any devs are interested, I'll probably let the last box run for a few days more before doing any major surgery (assuming nothing else weird happens). -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: OpenBSD 6.0 amd64 Release --> pkg_add returns error when running as Virtualbox guest
On Nov 17, 2016 18:12, "Andre Ruppert" wrote: > > Hello to the list, > > this morning I stumbled about a "pkg_add" problem when running OpenBSD > 6.0 amd64 Release on an actual Virtualbox release. Doesn't matter which > host platform (I tried Mac OS Sierra and Windows 10 and 7). > > Virtualbox settings: > 5GB hardisk > 512 MB RAM > tested two network card settings: virtio-net and Intel 1000 Pro desktop > tested NATed and bridged settings. > > Version: OpenBSD 6.0 (GENERIC) #2148: Tue Jul 26 12:55:20 MDT 2016 > > for example: (used a local mirror) > > # pkg_add wget > quirks-2.241 signed on 2016-07-26T16:56:10Z > wget-1.18:libunistring-0.9.6p0: ok > Fatal error: Ustar > [ http://ftp.halifax.rwth-aachen.de/openbsd/6.0/packages/amd64/libidn-1.32p1.t > gz][share/emacs/site-lisp/idna.el]: > Premature end of archive > Adjusting sha for /usr/local/share/emacs/site-lisp/pkg.VkQ6RBfrzy from > DF8Nwh8xhTWpgYsivuBL7K8CMpbPKojbQJsyD0Paplk= to > 47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU= > Fatal error: Installation of libidn-1.32p1 failed, partial installation > recorded as partial-libidn-1.32p1 > at /usr/libdata/perl5/OpenBSD/PkgAdd.pm line 817. > > -- doesn't depend on mirror > -- doesn't depend on guest RAM settings > -- doesn't depend on guest network card settings > -- doesn't depend on acceleration settings in Virtualbox (well, I think > so...) > > ...and a little bit strange: > _sometimes_ pkg_add works with small packages: > > > example 2a (same as ex 1): > > # pkg_add ipcalc > quirks-2.241 signed on 2016-07-26T16:56:10Z > Fatal error: Ustar > [ http://ftp.halifax.rwth-aachen.de/openbsd/6.0/packages/amd64/ipcalc-1.4p0.tg > z][bin/ipcalc]: > Premature end of archive > Adjusting sha for /usr/local/bin/pkg.F5nNSjqcJf from > Htiq8Hrei0yMn/IWm+Y9dXTq3pZeZyBrbbv98+o9eoA= to > 47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU= > Fatal error: Installation of ipcalc-1.4p0 failed, partial installation > recorded as partial-ipcalc-1.4p0 > at /usr/libdata/perl5/OpenBSD/PkgAdd.pm line 817. > > > example 2b: > > # rm -R /var/db/pk/partial-* > # pkg_add ipcalc > quirks-2.241 signed on 2016-07-26T16:56:10Z > ipcalc-1.4p0: ok > > > > Building packages from ports works fine (apparently) > > > Any hints to look further? > Anyone who had similar problems? > > Every hint is welcome, I'm clueless... ;-) > > best regards > Andre Ruppert > > [demime 1.01d removed an attachment of type application/pkcs7-signature which had a name of smime.p7s] > Try use bridge mode instead of NAT. I had the exact same problem on Windows 10 as a host. -- chs
OpenBSD 6.0 amd64 Release --> pkg_add returns error when running as Virtualbox guest
Hello to the list, this morning I stumbled about a "pkg_add" problem when running OpenBSD 6.0 amd64 Release on an actual Virtualbox release. Doesn't matter which host platform (I tried Mac OS Sierra and Windows 10 and 7). Virtualbox settings: 5GB hardisk 512 MB RAM tested two network card settings: virtio-net and Intel 1000 Pro desktop tested NATed and bridged settings. Version: OpenBSD 6.0 (GENERIC) #2148: Tue Jul 26 12:55:20 MDT 2016 for example: (used a local mirror) # pkg_add wget quirks-2.241 signed on 2016-07-26T16:56:10Z wget-1.18:libunistring-0.9.6p0: ok Fatal error: Ustar [http://ftp.halifax.rwth-aachen.de/openbsd/6.0/packages/amd64/libidn-1.32p1.t gz][share/emacs/site-lisp/idna.el]: Premature end of archive Adjusting sha for /usr/local/share/emacs/site-lisp/pkg.VkQ6RBfrzy from DF8Nwh8xhTWpgYsivuBL7K8CMpbPKojbQJsyD0Paplk= to 47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU= Fatal error: Installation of libidn-1.32p1 failed, partial installation recorded as partial-libidn-1.32p1 at /usr/libdata/perl5/OpenBSD/PkgAdd.pm line 817. -- doesn't depend on mirror -- doesn't depend on guest RAM settings -- doesn't depend on guest network card settings -- doesn't depend on acceleration settings in Virtualbox (well, I think so...) ...and a little bit strange: _sometimes_ pkg_add works with small packages: example 2a (same as ex 1): # pkg_add ipcalc quirks-2.241 signed on 2016-07-26T16:56:10Z Fatal error: Ustar [http://ftp.halifax.rwth-aachen.de/openbsd/6.0/packages/amd64/ipcalc-1.4p0.tg z][bin/ipcalc]: Premature end of archive Adjusting sha for /usr/local/bin/pkg.F5nNSjqcJf from Htiq8Hrei0yMn/IWm+Y9dXTq3pZeZyBrbbv98+o9eoA= to 47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU= Fatal error: Installation of ipcalc-1.4p0 failed, partial installation recorded as partial-ipcalc-1.4p0 at /usr/libdata/perl5/OpenBSD/PkgAdd.pm line 817. example 2b: # rm -R /var/db/pk/partial-* # pkg_add ipcalc quirks-2.241 signed on 2016-07-26T16:56:10Z ipcalc-1.4p0: ok Building packages from ports works fine (apparently) Any hints to look further? Anyone who had similar problems? Every hint is welcome, I'm clueless... ;-) best regards Andre Ruppert [demime 1.01d removed an attachment of type application/pkcs7-signature which had a name of smime.p7s]
maybe move texinfo from base in the ports?
IMHO, texinfo isn't need in most cases, is GPL software and legacy version Use man, like!
Re: Sendmail on OpenBSD 6.0
Quoting Damian McGuckin : > Is anybody using this configuration, i.e. not OpenSMTPD? > > Regards - Damian > > Pacific Engineering Systems International, 277-279 Broadway, Glebe NSW > 2037 > Ph:+61-2-8571-0847 .. Fx:+61-2-9692-9623 | unsolicited email not wanted > hereViews & opinions here are mine and not those of any past or present > employer Saw your message in the OpenSMTPd list about having problems with sendmail. I am not using sendmail on 6.0 at the moment but used it last year following all the instructions within /usr/local/share/doc/pkg-readmes. Are you having problems after running sendmail-enable? Vijay -- Vijay Sankar, M.Eng., P.Eng. ForeTell Technologies Limited vsan...@foretell.ca
Re: Removal of old libraries
Thu, 17 Nov 2016 00:11:36 -0700 Clint Pachl > You're absolutely right Anton. After rereading what I wrote, I see I got > a little out of line. > > Thanks, > Clint Hi Clint, To be fair I am a one strict in course of thought fellow, so I know very well when and why you're solid with this. This is right for you, please also allow me to thank everyone in OpenBSD for providing an upgrade path as the Time optimisation tool. I am, therefore, only writing it for me. I would be glad to read your next posts regarding backup-restore advice. Yet please allow room for the convergent comb tools to exist gracefully. What I see as most helpful is troubleshooting, and improving procedures. Kind regards, Anton > li...@wrant.com wrote on 11/16/16 16:47: > > Tue, 15 Nov 2016 00:29:56 -0700 Clint Pachl > > [...] > >> This sounds like someone who is not confident in their backup/restore > >> procedure, if one even exists. I think you need to worry more about that > >> than me saving a few megabytes with my upgrade process. > > Hi Clint, > > > > You need not worry at all. That is other people's data on their own sites. > > > >> Like I mentioned a couple times in the thread, I have "level 0" dumps; > >> that's consistency. I would not classify that as "nothing." There is a > >> reason why restore(8) and ftp(1) are included on bsd.rd. > > Whatever.. Nobody cares much about what you have. We system operators care > > about the choices, and options the operating system, and tool kits provide.. > > > >> Oh yeah, and before you know it your crufty libc.so.84.2 is 2 years old > >> and full of security vulnerabilities. Thank god your users can still use > >> it and you don't have to bother them with a recompile. > > That is a system policy depending from site to site, you need not police it. > > > >> I thought the philosophy of the project is to move forward for the sake > >> of proactive security and correctness, not to rely on buggy legacy code > >> because it's convenient and lazy. > > You think too much. There is no such thing as philosophy of the project and > > this kind of over-hyped black and white thinking is... obsolete and useless. > > There are many upgrade and maintain choices, don't try to sell bibles here.. > > > > Kind regards, > > Anton
Re: Microsoft announced it is joining The Linux Foundation
Guys, Responding to any of their emails feeds the troll. ignore them. On 11/16/2016 09:29 PM, Riccardo Mottola wrote: > Hi, > > SOUL_OF_ROOT 55 wrote: >> Can this be? Microsoft announced it is joining The Linux Foundation > > > this is "misc" but still OpenBSD misc. > > Riccardo
iked: ca: ca_reset: reload: Permission denied
Hi all, I'm trying to set up iked. I've created a ca with ikectl ca "vpn" create , installed it (ikectl ca "vpn" install) and created a certificate for the server to begin with "ikectl ca vpn certificate "foo.example.com" create/install". However, when I try to start iked -dvv, I see the following output: ca_privkey_serialize: type RSA_KEY length 1191 ca_pubkey_serialize: type RSA_KEY length 270 ikev2 "vpn" passive espca: ca_reset: reload: Permission denied proto tcpikev2 exiting, pid 1301 from 10.0.0.0/8 port 23 to 20.0.0.0/8 port 40 from 192.168.1.1 port 23 to 192.168.2.2 port 40 local any peer any ikesa enc 3des prf hmac-sha2-256,hmac-sha1 auth hmac-sha1 group modp1024 childsa enc aes-128 auth hmac-sha1 srcid host.example.com dstid 192.168.0.254 lifetime 10800 bytes 536870912 psk 0x /etc/iked.conf: loaded 1 configuration rules lost child: ca exited abnormally control exiting, pid 39459 parent terminating It seems to happen at line 147 in iked's ca.c, where ca_reload is called which doesn't return 0 (https://github.com/reyk/openiked/blob/master/iked/ca.c). I suspect in ca_reload, on line 548 it tries to open the CA directory and that returns -1, which would explain why I don't see more log messages. But why? Any help or pointers much appreciated. Rubin!
Sendmail on OpenBSD 6.0
Is anybody using this configuration, i.e. not OpenSMTPD? Regards - Damian Pacific Engineering Systems International, 277-279 Broadway, Glebe NSW 2037 Ph:+61-2-8571-0847 .. Fx:+61-2-9692-9623 | unsolicited email not wanted here Views & opinions here are mine and not those of any past or present employer