Re: Is privilege separated TLS protocol handling of interest ?

> Remco wrote: > > The idea is to run the TLS protocol in different processes (tls_client, > > kex helper) by impersonal users. > > > > All TLS/crypto code lives in those processes, the user's application > > doesn't know about TLS/crypto and does not need to be linked against it. > > This

"send_packet: No route to host" during DHCP request renewal

Greetings, I recently built up a router based on OBSD 6.0; axe0 is the i/f connected to the ADSL modem, and it obtains its address from my ISP through DHCP: [snip] root@egeo:[~]> cat /etc/hostname.axe0 # Internet connection # Pubblic address obtained

Re: Is privilege separated TLS protocol handling of interest ?

Remco wrote: > The idea is to run the TLS protocol in different processes (tls_client, > kex helper) by impersonal users. > > All TLS/crypto code lives in those processes, the user's application > doesn't know about TLS/crypto and does not need to be linked against it. This doesn't sound very

Re: Hardware recommendations for compact 1U firewall

On Tue, Jan 10, 2017 at 12:58 PM, Paul Suh wrote: >> On Dec 16, 2016, at 8:32 PM, Predrag Punosevac > wrote: >> >> This is my favorite Ebay seller and they have lots of nice network >> equipment for home, small, and large business. >> >>

Re: Hardware recommendations for compact 1U firewall

> On Dec 16, 2016, at 8:32 PM, Predrag Punosevac wrote: > > This is my favorite Ebay seller and they have lots of nice network > equipment for home, small, and large business. > > http://stores.ebay.com/MITXPC/ +1 for MITXPC. I've purchased several systems from them over

non-PAP in radiusd

Hello friends, I noticed in the radiusd.conf man page that the bsdauth module only supports PAP: "It only supports PAP, password based authentication." Is there a specific reason as to why CHAP isn't implemented? I am assuming it is due to time / interest constraints but perhaps the quality of

Re: Hardware recommendations for compact 1U firewall

To answer some of my own questions, and after wise guidance from the list, I have noticed that all our firewall hardware using 'vr' ethernet ports hit a wall somewhere between 65Mbps->69Mbps. This is the case with the Geodes in a net5501 and various VIA x86 CPUs in VIA embedded systems, I am

Re: Hardware recommendations for compact 1U firewall

On Tue, Jan 10, 2017 at 1:32 AM, Stuart Henderson wrote: > Aaron Mason wrote: >> >> Torn between a Barracuda web filter or a Portwell CAR 3000. The latter >> >> is more expensive but supports 10Gbit, whereas the Barracuda may only >> >> have 10/100. Both Core2Duo based,

Re: [RESOLVED] Re: 6.0 sppp does not answer PPPoE-Discovery code offer

On 2017-01-09, Axel Rau wrote: >> It seems that sppp does not work with vlan pseudi device. > > Anybody fixing that? I'm not running any right now, but I was fairly recently and it worked then. Is your ISP one of those silly ones that requires the priority in the 802.1q

support update

# Marshall M. Midden # Consultant # 9792 Hemlock Lane North # Maple Grove, Minnesota 55369 # Email: marshallmid...@yahoo.com # URL: http://www.umn.edu/~m4/ # Used OpenBSD for many years. In 2001, implemented embedded no-MMU mips port (with # speciality driver help) including fork(). [Not a

Is privilege separated TLS protocol handling of interest ?

I'm a bit reluctant here because I don't know what I'm getting myself into and I don't really want to spend more time on this than I already do. Anyway, a couple of years ago I wondered what TLS was all about and I tried to understand it by writing code to do TLS as a hobby project. Trying

[RESOLVED] Re: 6.0 sppp does not answer PPPoE-Discovery code offer

Updating the firmware of the Vigor130 box from 3.7.9_m7 to 3.7.9.4_m7 solved the problem. > . . . > It seems that sppp does not work with vlan pseudi device. Anybody fixing that? Axel --- PGP-Key:29E99DD6 ☀ computing @ chaos claudius

Re: Non-free firmware without asking the user

Op 09-01-17 om 10:05 schreef Stefan Sperling: > On Mon, Jan 09, 2017 at 01:39:41AM +0100, Martin Hanson wrote: >> On Sun, 8 Jan 2017, Stefan Sperling wrote: >> The above policy applies to the base system code. It does not apply to ports and packages of third party software, i.e.

Re: https for pkg_add?

On Mon, 09 Jan 2017, Stuart Henderson wrote: > Performance won't be ideal though, there's no pipelining or session > resumption - it needs to do a full TLS negotiation for each package > fetched (note that pkg_add -u fetches at least the start of the tgz > for *every*

Re: spamd and network whitelisting

Op Tue, 20 Dec 2016 12:31:05 +0100 schreef Clint Pachl : [...] grep "^GREY" | tr "|" "\t" | [...] I've learned to do all parsing of /var/db/spamd via the interface as the envelope-from sometimes contains a "|" (pipe) character. -- Gemaakt met Opera's e-mailprogramma:

Re: Hardware recommendations for compact 1U firewall

Aaron Mason wrote: > >> Torn between a Barracuda web filter or a Portwell CAR 3000. The latter > >> is more expensive but supports 10Gbit, whereas the Barracuda may only > >> have 10/100. Both Core2Duo based, could probably upgrade to a > >> Core2Quad or a Xeon with a 771->775 adapter. btw, I

Re: https for pkg_add?

On 2017-01-06, Antoine Jacoutot wrote: > On Thu, Jan 05, 2017 at 06:50:38PM -0800, jungle boogie wrote: >> Hi All, >> >> With all the recent changes to supporting https on the various mirrors, does >> that mean https may also be used with the PKG_PATH variable? > > Yes.

[patch] Enable support for Subpixel Antialiasing / LCD Filter

TL;DR: This patch allows users to use subpixel antialiasing/lcd filter on openbsd, like on FreeBSD/most Linux distributions. It does not change the defaults. For full use, see my other patch at [7]. Dear all, this patch enables subpixel rendering, which is disabled by default in freetype (due

Re: NET_LOCK on current

On Mon, Jan 09, 2017 at 11:22:37AM +0200, Kapetanakis Giannis wrote: > Hi, > > I'd like to ask if the NET_LOCK patches have been committed in the current tree or a separate tree? > > best regards, > > G > This was on current. mpi@ made the introductory NET_LOCK commits on the 19th of December and

NET_LOCK on current

Hi, I'd like to ask if the NET_LOCK patches have been committed in the current tree or a separate tree? best regards, G

Re: Using "Pretty" permalinks with httpd in wordpress

On 06.01.17 15:42, Atanas Vladimirov wrote: On 06.01.2017 13:35, Jiri B wrote: On Fri, Jan 06, 2017 at 01:32:10PM +0200, Atanas Vladimirov wrote: Hi, I can't figure it out. Is it possible to use Wordpress with OpenBSD httpd and configure both for "Pretty" permalinks. Does anyone have a

Re: Can I run OpenBSD on an ASUS RT-AC88U?

On Sun, Jan 08, 2017 at 04:38:43PM +, Andreas Thulin wrote: > Hi! > > Aplogies in advance if this post comes out as tremendously stupid - I'm not > very experienced. No worries. > I bought an ASUS RT-AC88U wireless router. Performance is great, but I lack > the configurability I'm used to

Can I run OpenBSD on an ASUS RT-AC88U?

Hi! Aplogies in advance if this post comes out as tremendously stupid - I'm not very experienced. I bought an ASUS RT-AC88U wireless router. Performance is great, but I lack the configurability I'm used to from working with on other boxes. Started out exploring options for making it a NAS by

Re: 6.0 sppp does not answer PPPoE-Discovery code offer

> Am 07.01.2017 um 20:01 schrieb Axel Rau : > > Hi, > > while trying to switch my Vigor130 to pppoe pass through and let my > OpenBSD firewall handle the pppoe stuff, I get: Turning on debug shows: Jan 8 17:48:05 gw1 /bsd: pppoe0 (8863) state=1, session=0x0 output ->

Re: Funding for Skylake support

Guys, what about to look and/or contact http://www.openbsdfoundation.org/index.html and discuss matter with them? On Mon, Jan 9, 2017 at 1:55 AM, Peter Membrey wrote: > Hi, > > I'd also be willing to put funds up front so that good test hardware can be purchased to do the

Re: Non-free firmware without asking the user

On Mon, Jan 09, 2017 at 01:39:41AM +0100, Martin Hanson wrote: > On Sun, 8 Jan 2017, Stefan Sperling wrote: > > >> The above policy applies to the base system code. > >> It does not apply to ports and packages of third party software, i.e. > >> anything > >> listed by pkg_info. > > > Perhaps the