Installing a snapshot to a USB key using bsd.rd

Hi This is my first post here, I appreciate how much work you all do, please be gentle. :-) Could someone please tell me how to install the latest snapshot, or point me at some instructions that work? I tried the following: 1. Download bsd.rd and SHA256.sig from

Re: Flow Tools

On Fri, Mar 16, 2018 at 7:07 PM Stuart Henderson wrote: > On 2018/03/16 18:54, Michael Price wrote: > > On a 6.2 box with 6.2 ports and diff applied I get this. Let me know if > I'm doing something > > silly - usually use packages. > > > > > > ===> Verifying specs: bz2 c

Re: Flow Tools

On 2018/03/16 18:54, Michael Price wrote: > On a 6.2 box with 6.2 ports and diff applied I get this. Let me know if I'm > doing something > silly - usually use packages. > > > ===>  Verifying specs:  bz2 c z ft bz2 c z  X11 Xext Xrender cairo expat ffi > fontconfig > freetype glib-2.0

Re: Flow Tools

On a 6.2 box with 6.2 ports and diff applied I get this. Let me know if I'm doing something silly - usually use packages. ===> Verifying specs: bz2 c z ft bz2 c z X11 Xext Xrender cairo expat ffi fontconfig freetype glib-2.0 gobject-2.0 graphite2 gthread-2.0 harfbuzz iconv intl lzma m nfdump

Re: OT strange nsd behavior

It should be, here is the result: ~ # nsd-checkzone proprevod.com /var/nsd/zones/master/clients/proprevod.com zone proprevod.com is ok and nsd-checkconf does not return errors. I am lost here... On 16.3.2018 г. 21:35 ч., Stephane HUC "PengouinBSD" wrote: Are you sure your zonefile is really

Re: OT strange nsd behavior

Are you sure your zonefile is really good? Have you tested with nsd-checkzone tool? idem for your nsd config with nsd-checkconf tool? Le 03/16/18 à 18:55, Ivo Chutkin a écrit : > Hi to all there, > > I am running authoritative dns servers on 5.9 and nsd. > > I add new domain but I got these

Re: Flow Tools

It will be a bit before I am at a machine to build ports. Only have access to virtual machines running small instances right now. I would be happy to test it tonight though. Michael On Fri, Mar 16, 2018 at 12:34 PM Stuart Henderson wrote: > On 2018-03-16, Michael Price

OT strange nsd behavior

Hi to all there, I am running authoritative dns servers on 5.9 and nsd. I add new domain but I got these errors: Mar 16 19:29:16 dns11 nsd[7480]: master/clients/proprevod.com:9: SOA record with invalid domain name Mar 16 19:29:16 dns11 nsd[7480]: master/clients/proprevod.com:11: out of zone

gARP not being sent on vxlan interface

H all, I have the following setup: 2 OpenBSD 6.2 (let's say cluster A) and 2 OpenBSD 5.8 (cluster B) I have a carp interface on both clusters that is reachable through both through dynamic routing. Then, I have a vxlan that is built with tunnel source and destination through both carp

Re: please ignore -- final test ?????? in posts

niya wrote: > > > On 16/03/2018 12:51, Larry Hynes wrote: > > Hi > > > > niya wrote: > >> if anybody does read this post > >> > >> i'm trying to narrow down why i'm getting rows of ?? > >> > >> when i cut and paste information from the

Re: httpd / acme-client confusion

On 2018-03-16, Michael Hekeler wrote: >> Hi, >> >> thanks for the samples I will give it a try but wondering why >> acme-client still works even httpd is not serving any kind of >> location for a challenge exchange? > > acme_client(1) is only working if a file could be

Re: httpd / acme-client confusion

> Hi, > > thanks for the samples I will give it a try but wondering why > acme-client still works even httpd is not serving any kind of > location for a challenge exchange? acme_client(1) is only working if a file could be created within a directory accessible by a locally-run web server. >

Re: Flow Tools

On 2018-03-16, Michael Price wrote: > It seems nfdump in ports is a bit behind the latest version though. 1.6.15 > in particular fixed a few security issues in nfcapd. > > Is sthen still the contact person for the port? I suppose I could submit a > patch. Oh, it moved so

kernel panicing - linux sysrq capability

Hi, IIUC we can panic kernel via writting to 'ddb.trigger' and if we have 'ddb.panic=0' it would reboot. But IIUC we are not not able to control what would happen during this kernel panic in non-interactive mode, am I right? I am asking because I'm working on porting corosync/pacemaker[1] - HA

Re: stop syslogd from opening port 514 UDP

> Am 16.03.2018 um 11:42 schrieb Torsten: > > Hi! > > > > On my OpenBSD 6.2 syslogd is listening to port 514, even though it is > > not started with "-r" (to receive remote syslog messages). It does not > > actually seem to log anything if I send something to port 514 UDP, > > however, I want the

Re: stop syslogd from opening port 514 UDP

Am 16.03.2018 um 11:42 schrieb Torsten: > Hi! > > On my OpenBSD 6.2 syslogd is listening to port 514, even though it is > not started with "-r" (to receive remote syslog messages). It does not > actually seem to log anything if I send something to port 514 UDP, > however, I want the machine to be

Re: stop syslogd from opening port 514 UDP

On Fri, March 16, 2018 6:42 am, Torsten wrote: > I know I could use PF as a workaround Really? I wouldn't consider blocking incomming connections to unused ports by default to be a workaround, but a necessity.

Re: Flow Tools

It seems nfdump in ports is a bit behind the latest version though. 1.6.15 in particular fixed a few security issues in nfcapd. Is sthen still the contact person for the port? I suppose I could submit a patch. Michael On Wed, Mar 14, 2018 at 6:41 PM Diana Eichert wrote: >

Re: please ignore -- final test ?????? in posts

On 16/03/2018 12:51, Larry Hynes wrote: Hi niya wrote: if anybody does read this post i'm trying to narrow down why i'm getting rows of ?? when i cut and paste information from the console to my mail client i use thunderbird to compose my mail #test VM

Re: IPsec/ISAKMP-trouble after Upgrade 6.0 --> 6.1 --> 6.2 amd64 : ISAKMPD: got AES_CBC, expected 3DES_CBC

2018-03-16 12:26 GMT+01:00 Andre Ruppert : > Hello @misc, > > after a nightly release upgrade of our VPN-Gateway(s) from 6.0 via 6.1 to > 6.2 (amd64) I noticed some trouble with my VPN connections. > Almost always when you get "expected 3DES" it means "the confs are not

Re: Minor user space issues

On Mar 16, 2018 2:33 AM, Janne Johansson wrote: > > 2018-03-16 6:04 GMT+01:00 Z Ero : > > > Hello, > > > > Two quick questions that may be basic but I never learned to solve yet > > since they are not necessary for my work. Solving them would just

IPsec/ISAKMP-trouble after Upgrade 6.0 --> 6.1 --> 6.2 amd64 : ISAKMPD: got AES_CBC, expected 3DES_CBC

Hello @misc, after a nightly release upgrade of our VPN-Gateway(s) from 6.0 via 6.1 to 6.2 (amd64) I noticed some trouble with my VPN connections. Scenario: - a CARPed OpenBSD VPN gateway with sasyncd (master and backup) - a bunch of customer VPN client gateways (several brands -> Sophos,

please ignore -- final test ?????? in posts

if anybody does read this post i'm trying to narrow down why i'm getting rows of ?? when i cut and paste information from the console to my mail client i use thunderbird to compose my mail #test VM vm "base-vm" {     boot "/bsd"     enable     owner alarm    

stop syslogd from opening port 514 UDP

Hi! On my OpenBSD 6.2 syslogd is listening to port 514, even though it is not started with "-r" (to receive remote syslog messages). It does not actually seem to log anything if I send something to port 514 UDP, however, I want the machine to be invisible when someone is probing for open ports. I

Re: httpd / acme-client confusion

Hi, thanks for the samples I will give it a try but wondering why acme-client still works even httpd is not serving any kind of location for a challenge exchange? Like I said I stoped httpd intirely and still got a new certificate with acme-client. But if it works as expected after a apply

Re: httpd / acme-client confusion

this works for me: server "tlakh.xyz" { listen on 0.0.0.0 tls port 443 listen on :: tls port 443 tls certificate "/etc/ssl/tlakh.xyz.crt" tls key "/etc/ssl/private/tlakh.xyz.key" hsts location "/shop.6.html" { block return 402

Re: Minor user space issues

2018-03-16 6:04 GMT+01:00 Z Ero : > Hello, > > Two quick questions that may be basic but I never learned to solve yet > since they are not necessary for my work. Solving them would just make > my user experience a little better. > > 1. Is there a way to eliminate core

Re: Lenovo X61 (notebook not tablet) does not return from sleep

> If the adapter is ejected before closing the laptop lid there is no > problem waking from sleep. But is a minor inconvenience to eject the > adapter. Would it be possible to patch the kernel some how to make it > think the adapter is ejected before entering sleep? It does that. The problem is