Re: Moving filesystems around

[Jay Hart]

> Hello,
>
> jh...@kevla.org (Jay Hart), 2018.07.25 (Wed) 21:31 (CEST):
>> Running a stock 6.3 machine. I just bought a new server and hope to
>> move this drive over, but think I need to move two partitions around
>> at get more space.
>
> I'm not sure you need to...
> My /usr is just 895M. Yours is fuller because you have /usr/local on the
> same slice?
> If so, I'd consider this the problem.
> You'd have slices left after your wd0i[1], but is there unassigned
> space left on the disk?
> If so, I'd create a new slice and put /usr/local there.
>
> More info would have been helpful, show output of mount(8) and df(1),
> disklabel, fdisk, dmesg, perhaps?
>
> [1] what, a wd(4)?! ;-)
>
> Marcus
>

Actually, I have a separate /usr/local partition, just didn't mention it.

Your post got me thinking (as did some of the others). I've been upgrading this 
box since 5.6 or
so and maybe its time to wipe it and start fresh on the new box. Just copy over 
my config files
after I'm done.

Since I just follow stable releases, I don't bother downloading the source code 
and building
patches, so /usr should stay small and clean with syspatch and sysclean, unless 
I'm very wrong
about how they work.

Jay

>> I have one drive installed, with about 6 partitions.
>>
>> /var is a 6.3G partition (wd0e) using 50M of space
>> /usr is a 2.0G partition (wd0f) using 1.6G of space
>>
>> Last partition number is wd0i.
>>
>> What would the recommended procedure to use to swap these two partitions?
>

Re: How to implement CARP master/backup with IPv6 RAs from OpenBSD firewall pair?

[Martin Gignac]

The way the setup is currently done is with an external connection to
a single ISP. For both IPv4 and IPv6 on the external side the
configuration is all static address assignment, with a single default
route towards the ISP and the ISP has a single static route (well, one
route for IPv4 and one for IPv6) for the delegated IPv4 and IPv6
ranges we were assigned that points towards the IPv4 and IPv6 CARP
VIPs I've configured on the external side. So from an ISP-to-me point
of view it's very simple and it works. I do not run any IPv6 routing
advertisements on that external side since everything is configured
statically.

My question and concern is really from an internal perspective. That
being said, I realized I was doing it wrong when I read your "get you
RA-daemon to advertise on that CARP interface". I was configuring
/etc/rad.conf with "interface em1", when I now realize I should have
put "interface carp0" instead. With this change the RA daemon now
sends a single advertisement for the CARP interface's link-local
address, which is what I wanted all along.

Thanks!
-Martin
On Thu, Jul 26, 2018 at 6:11 PM Henrik Dige Semark  wrote:
>
> For a IPv6 only setup I would put a IPv6 anycast address on your
> interface on both servers and then announce that in you RA, and use OSPF
> between the servers if they are connected to two different
> upstream-providers.
>
> But if you are dependent on a CARP IPv4 and tunneling setup on the
> outside for your IPv6 connectivity, so that only one of the servers is
> able to route traffic at a time, you would have to put your IPv6 address
> as a alias on a CARP for the inside and get you RA-daemon to advertise
> on that CARP interface, then it would stop sending on the interface in
> backup-state.
>
> Med Venlig Hilsen / Best Regards
> Henrik Dige Semark
>
> On 2018-07-26 22:57, Martin Gignac wrote:
> > Hi,
> >
> > How does one implement a redundant OpenBSD firewall pair with IPv6?
> >
> > With IPv4 I would use CARP to have one of the boxes be the
> > master/active while the other one is backup/standby. But with IPv6 I
> > want to use Router Advertisements so that hosts on the internal
> > network can use SLAAC for IPv6 address autoconfiguration. Therefore
> > hosts will receive RAs from both OpenBSD boxes and set both as
> > possible default GWs in their routing table.
> >
> > In that case, how do I get the internal hosts to send all traffic to
> > the "primary" firewall? I've configured the CARP interface on the box
> > with IPv6, but the RAs are still sent from both boxes (master and
> > backup) so the RA-configured hosts don't end up using the IPv6 CARP
> > VIP at all and I seem to end up with possible asymmetric firewall
> > flows.
> >
> > Thanks,
> > -Martin
> >
>
>

Re: ruby-passenger failed to build on OpenBSD/loongson

[Xiyue Deng]

Hi,

I had some problems when building www/ruby-passenger a few months back
and mailed ports@ but got no reply.  So I thought I might get better
luck on misc@.  To avoid posting the build log twice, please refer to my
previous email[1] for the attachment.  The original email is at the end.
Please let me know if more information is needed.

Thanks.

[1] https://marc.info/?l=openbsd-ports=152359916007397=2

On Sat, Apr 14, 2018 at 04:16:33PM -0700, manp...@gmail.com wrote:
> Hi,
> 
> On 4/12/18 10:58 PM, manp...@gmail.com wrote:
> > Dear ports maintainer,
> > 
> > When building nginx, one of its dependencies ruby-passenger failed to
> > build due to dwarf version mismatch. The most relevant line is below:
> > 
> > /usr/bin/ld: Dwarf Error: found dwarf version '0', this reader only
> > handles version 2 information.
> > 
> > The detailed build log is in attachment. Let me know if more information
> > is required.
> > 
> > Thanks.
> 
> I've further checked dwarf information for all the .o and .a files using
> readelf and all of them reported dwarf version 2. Could this be an ld issue?
> 
> The command I used for each file (e.g.
> buildout/common/libpassenger_common/LoggingKit.o, one of the files to link):
> 
> $ readelf --debug-dump=info buildout/common/libpassenger_common/LoggingKit.o
> | grep -A 2 "Compilation Unit" | grep "Version:"


signature.asc
Description: PGP signature

Re: How to implement CARP master/backup with IPv6 RAs from OpenBSD firewall pair?

[Henrik Dige Semark]

For a IPv6 only setup I would put a IPv6 anycast address on your
interface on both servers and then announce that in you RA, and use OSPF
between the servers if they are connected to two different
upstream-providers.

But if you are dependent on a CARP IPv4 and tunneling setup on the
outside for your IPv6 connectivity, so that only one of the servers is
able to route traffic at a time, you would have to put your IPv6 address
as a alias on a CARP for the inside and get you RA-daemon to advertise
on that CARP interface, then it would stop sending on the interface in
backup-state.

Med Venlig Hilsen / Best Regards
Henrik Dige Semark

On 2018-07-26 22:57, Martin Gignac wrote:
> Hi,
>
> How does one implement a redundant OpenBSD firewall pair with IPv6?
>
> With IPv4 I would use CARP to have one of the boxes be the
> master/active while the other one is backup/standby. But with IPv6 I
> want to use Router Advertisements so that hosts on the internal
> network can use SLAAC for IPv6 address autoconfiguration. Therefore
> hosts will receive RAs from both OpenBSD boxes and set both as
> possible default GWs in their routing table.
>
> In that case, how do I get the internal hosts to send all traffic to
> the "primary" firewall? I've configured the CARP interface on the box
> with IPv6, but the RAs are still sent from both boxes (master and
> backup) so the RA-configured hosts don't end up using the IPv6 CARP
> VIP at all and I seem to end up with possible asymmetric firewall
> flows.
>
> Thanks,
> -Martin
>

Is BCM4360 802.11ac (on MacBook Air 6.1) supported?

[MiKi]

Hi,

I installed OpenBSD 6.3 in a MacBook Air 6.1 everything works fine but 
except the wireless card.


It have a Broadcom BCM4360 802.11ac (rev3) card, the device is showed on 
dmesg but left undetected as a device in ifconfig, I take a look on 
bwi(4) and this exact model wasn't listed.


I also checked the new driver bwfm(4) that seems a newer driver for 
Broadcom AC cards, but it haven't any listing.


Also I have nothing pending to install with fw_update

So, is this card definitely unsupported? if not, can someone give me 
some pointers to get it work?


Thanks in advance

---
Miki S.

How to implement CARP master/backup with IPv6 RAs from OpenBSD firewall pair?

[Martin Gignac]

Hi,

How does one implement a redundant OpenBSD firewall pair with IPv6?

With IPv4 I would use CARP to have one of the boxes be the
master/active while the other one is backup/standby. But with IPv6 I
want to use Router Advertisements so that hosts on the internal
network can use SLAAC for IPv6 address autoconfiguration. Therefore
hosts will receive RAs from both OpenBSD boxes and set both as
possible default GWs in their routing table.

In that case, how do I get the internal hosts to send all traffic to
the "primary" firewall? I've configured the CARP interface on the box
with IPv6, but the RAs are still sent from both boxes (master and
backup) so the RA-configured hosts don't end up using the IPv6 CARP
VIP at all and I seem to end up with possible asymmetric firewall
flows.

Thanks,
-Martin

Re: Moving filesystems around

[Kenneth Gober]

On Wed, Jul 25, 2018 at 3:32 PM Jay Hart  wrote:
> /var is a 6.3G partition (wd0e) using 50M of space
> /usr is a 2.0G partition (wd0f) using 1.6G of space
>
> What would the recommended procedure to use to swap these two partitions?

I wouldn't swap them exactly, rather I would make a /usr/local (and
perhaps other file systems as well) so that /usr doesn't need to be
very large to begin with.

The general procedure I would follow is:

1. boot bsd.rd
2. mount your /dev/wd0e on /mnt
3. dump /mnt to a file (or to tape if you prefer). you may first need
to mount another file system to store the dumpfile.
4. unmount /mnt, use disklabel to delete the 'e' partition from wd0,
then recreate it with a smaller size
5. use newfs to build an empty file system on your new smaller wd0e partition
6. mount /dev/wd0e on /mnt again and restore the contents from the
dump file you made in step 3.
7. reboot your system normally.

You should then have a big chunk of unused space that you can use to
make one or more new file systems for things like /usr/local, etc.  If
you want to shrink /usr the procedure is similar, just with 'f'
instead of 'e'.

Consult the man pages for dump(8) and restore(8) for more information
about how to use these commands.  You will probably want to use dump
with the -a option, and you will probably want to use restore with the
-r option.

-ken

Prepárate para mejorar tu desempeño en el sector

[Agenda de Cursos]

Calendario Bimestral.



Reciba atención personalizada en whatsapp aquí 

Pulse sobre la fecha para obtener toda la información o 
llámenos al 
01-800-333-77-26 
o 
552 186 03 84
 y un ejecutivo le atenderá.
  Diseño y Mantenimiento para Plantas de Alimentos



31 JULIO CD-MXCómo Abrir un Hotel Boutique
  


31 JULIO CDMX 
  
Marketing para Restaurantes y Bares



2 AGOSTO CDMX

Fundamentos Técnicos de la Elaboración de 
Cerveza



3 AGOSTO CDMX

Cómo Organizar y Dirigir un Restaurante



6 AGOSTO CDMX

Distintivo "H" para Establecimientos de 
Alimentos y Bebidas



7 AGOSTO CDMX

Fondos Disponibles para la Industria Alimentaria y el campo mexicano 2018-2019
  


10 AGOSTO GDL   



24 AGOSTO CDMX
Cómo Evitar y Prevenir Riesgos Laborales en la 
Agricultura




9 AGOSTO GDL   


Dominando al Dragón: Cómo hacer Negocios con 
China



10 AGOSTO CDMX
Monitoreo Microbiológico del Ambiente en Plantas de Alimentos
  


10 AGOSTO CDMX
Cultivo y producción de tomate en invernadero



10 AGOSTO CDMX
Cultivo de Hortalizas en Invernadero
  


10 AGOSTO CDMX


24 AGOSTO CDMXLa Agricultura y los Cambios Climáticos
  


10 AGOSTO CDMX
Cómo Administrar y Mejorar una Microcerveceria



13 AGOSTO CDMX
Limpieza y Desinfección para Plantas de 
Alimentos



17 AGOSTO CDMX

 

Re: Moving filesystems around

[Marcus MERIGHI]

Hello, 

jh...@kevla.org (Jay Hart), 2018.07.25 (Wed) 21:31 (CEST):
> Running a stock 6.3 machine. I just bought a new server and hope to
> move this drive over, but think I need to move two partitions around
> at get more space.

I'm not sure you need to...
My /usr is just 895M. Yours is fuller because you have /usr/local on the
same slice? 
If so, I'd consider this the problem. 
You'd have slices left after your wd0i[1], but is there unassigned
space left on the disk? 
If so, I'd create a new slice and put /usr/local there.

More info would have been helpful, show output of mount(8) and df(1),
disklabel, fdisk, dmesg, perhaps?

[1] what, a wd(4)?! ;-)

Marcus

> I have one drive installed, with about 6 partitions.
> 
> /var is a 6.3G partition (wd0e) using 50M of space
> /usr is a 2.0G partition (wd0f) using 1.6G of space
> 
> Last partition number is wd0i.
> 
> What would the recommended procedure to use to swap these two partitions?

Re: Probelm when building QGIS

[tao]

If there is any alternatives of QGIS I can use in OpenBSD, please tell me.

Thanks in advance.

Tao  



--
Sent from: http://openbsd-archive.7691.n7.nabble.com/openbsd-user-misc-f3.html

Re: Re : pf - NAT not working after systemboot

[edgar]

You could try disabling pf in rc.conf then enable it in your hostname.ppoe0.
On Jul 26, 2018 6:34 AM, gro...@grompf.net wrote:
>
> Hello,
>
> For example : Try to add an anchor in your main pf.conf and populate it
> using a secondary pf-pppoe.conf file which will be loaded at the end of
> your hostname.pppoe0.
>
> Regards,
> Eric.

Re: Probelm when building QGIS

[tao]

Hi, Solene

Thank you for your reply.

I followed the instructions in QGIS github to build it.
https://github.com/qgis/QGIS/blob/master/INSTALL

Steps:
  1. $ cd $QGIS_SOURCE
  2. $ mkdir build
  3. $ cd build
  4. $ ccmake ..
(make WITH_QWTPOLAR=OFF  and  leave others default)

The error mentioned in the earliest post occurred during Step 4.
"/home/tao/Software/qgis/qgis-2.18.22/resources/function_help/json/rea "
I could not find the above file in source folder or build folder.

If I could build from source, I have to find alternatives of QGIS.
But there seems no other GIS desktops in OpenBSD packages.

PS:I re-posted this message because I forget to quote in my last reply.
 Forgive my mistake.




Solene Rapenne wrote
> tao 

> uponmyword@

>  wrote:
>> Hello,
>> 
>> I am in OpenBSD6.3. QGIS 2.18.17 in packages can not render style just
>> like
>> things in
>> http://openbsd-archive.7691.n7.nabble.com/qgis-bug-since-last-security-update-under-stable-td339707.html
>> 
>> So, I am trying to build QGIS 2.18.17 from source.
>> Succeeded to ccmake the source. But get error when make.
>> Here is the message:
>> 
>> tao$ make 
>> [  0%] Built target version
>> make: don't know how to make
>> /home/tao/Software/qgis/qgis-2.18.22/resources/function_help/json/rea
>> (prerequisite of: src/core/qgsexpression_texts.cpp)
>> Stop in .
>> *** Error 2 in . (CMakeFiles/Makefile2:1165
>> 'src/core/CMakeFiles/qgis_core.dir/all')
>> *** Error 1 in /home/tao/Software/qgis/build-2.18.22 (Makefile:163 'all')
>> 
>> 
>> Tried to find the file mentioned above
>> "/home/tao/Software/qgis/qgis-2.18.22/resources/function_help/json/rea ",
>> but could not find anything.
>> 
>> Anyone has an idea?
>> 
>> 
>> 
>> 
>> --
>> Sent from:
>> http://openbsd-archive.7691.n7.nabble.com/openbsd-user-misc-f3.html
> 
> qgis uses cmake





--
Sent from: http://openbsd-archive.7691.n7.nabble.com/openbsd-user-misc-f3.html

Re: Probelm when building QGIS

[Rashad Kanavath]

On Thu, Jul 26, 2018 at 12:36 AM tao  wrote:

> Hello,
>
> I am in OpenBSD6.3. QGIS 2.18.17 in packages can not render style just like
> things in
>
> http://openbsd-archive.7691.n7.nabble.com/qgis-bug-since-last-security-update-under-stable-td339707.html
>
> So, I am trying to build QGIS 2.18.17 from source.
> Succeeded to ccmake the source. But get error when make.
> Here is the message:
>
> tao$ make
> [  0%] Built target version
> make: don't know how to make
> /home/tao/Software/qgis/qgis-2.18.22/resources/function_help/json/rea
> (prerequisite of: src/core/qgsexpression_texts.cpp)
> Stop in .
> *** Error 2 in . (CMakeFiles/Makefile2:1165
> 'src/core/CMakeFiles/qgis_core.dir/all')
> *** Error 1 in /home/tao/Software/qgis/build-2.18.22 (Makefile:163 'all')
>
>
> Tried to find the file mentioned above
> "/home/tao/Software/qgis/qgis-2.18.22/resources/function_help/json/rea ",
> but could not find anything.
>
> Anyone has an idea?
>

could you try gmake instead of make?
make != gmake (unless you simlink or alias it)

>
>
>
>
> --
> Sent from:
> http://openbsd-archive.7691.n7.nabble.com/openbsd-user-misc-f3.html
>
>

-- 
Regards,
   Rashad

Re : pf - NAT not working after systemboot

[gro...@grompf.net]

Hello,

For example : Try to add an anchor in your main pf.conf and populate it
using a secondary pf-pppoe.conf file which will be loaded at the end of
your hostname.pppoe0.

Regards,
Eric.

Re: pf - NAT not working after systemboot

[Julien Steinhauser]

> But how can I address this ?
> The system should come up by itself without any manual interaction.

Just a workaround but adding pfctl -f /etc/pf.conf to /etc/rc.local
might help.

Re: pf - NAT not working after systemboot

[Thomas Huber]

Hi Solene,

thanks, thats something I had also in mind.

But how can I address this ?
The system should come up by itself without any manual interaction.

--mirac


On Thu, 26 Jul 2018 at 12:07, Solene Rapenne  wrote:
>
> Thomas Huber  wrote:
> > Hi misc,
> >
> > my current pf setup works fine but I face the problem, that NAT does not
> > work directly after system boot. Only when a do a
> >
> > # pfctl -f /etc/pf.conf
> >
> > after the booting things a working correctly.
> > Note: I don´t make any changes to pf.conf.
> >
> > Anybody any idea?
> >
> > General Setup:
> > Hardware: PCengines APU2c4
> > 2x vlan(4): vlan32 (private) vlan64 (wifi-guests)
> > 2x pppoe(4):  ADSL-uplink.
> >
> > Thanks!
> >
> > Here is the pf.conf:
> >
> > table  { 0.0.0.0/8 10.0.0.0/8 127.0.0.0/8 169.254.0.0/16 \
> >172.16.0.0/12 192.0.0.0/24 192.0.2.0/24 224.0.0.0/3 \
> >192.168.0.0/16 198.18.0.0/15 198.51.100.0/24\
> >203.0.113.0/24 }
> > set block-policy drop
> > set skip on lo0
> > match in all scrub (no-df random-id max-mss 1440)
> > match out on pppoe0 from vlan:network nat-to (pppoe0)
> > match out on pppoe1 from vlan:network nat-to (pppoe1)
> > block in quick on pppoe from  to any
> > block return out quick on pppoe from any to 
> > block all
> > pass out quick inet
> >
> > pass out on vlan to vlan:network
> > pass in quick on vlan from vlan:network to vlan
> >
> > pass in on vlan route-to {(pppoe0 pppoe0:network), (pppoe1
pppoe1:network)}
> > least-states sticky-address
> > pass in on vlan proto tcp to port https route-to {(pppoe0
pppoe0:network),
> > (pppoe1 pppoe1:network)} source-hash
> >
> > block return in on vlan from vlan64:network to vlan32:network
> > block return in on vlan inet proto tcp from any to any port 25
> > pass in on egress inet proto icmp all
> > pass in on egress inet proto tcp from any to (egress) port ssh
>
>
> I think it's due to pppoe0 not initialized when pf starts. Same thing
> happens using tun0 from OpenVPN for example.

Re: pf - NAT not working after systemboot

[Solene Rapenne]

Thomas Huber  wrote:
> Hi misc,
> 
> my current pf setup works fine but I face the problem, that NAT does not
> work directly after system boot. Only when a do a
> 
> # pfctl -f /etc/pf.conf
> 
> after the booting things a working correctly.
> Note: I don´t make any changes to pf.conf.
> 
> Anybody any idea?
> 
> General Setup:
> Hardware: PCengines APU2c4
> 2x vlan(4): vlan32 (private) vlan64 (wifi-guests)
> 2x pppoe(4):  ADSL-uplink.
> 
> Thanks!
> 
> Here is the pf.conf:
> 
> table  { 0.0.0.0/8 10.0.0.0/8 127.0.0.0/8 169.254.0.0/16 \
>172.16.0.0/12 192.0.0.0/24 192.0.2.0/24 224.0.0.0/3 \
>192.168.0.0/16 198.18.0.0/15 198.51.100.0/24\
>203.0.113.0/24 }
> set block-policy drop
> set skip on lo0
> match in all scrub (no-df random-id max-mss 1440)
> match out on pppoe0 from vlan:network nat-to (pppoe0)
> match out on pppoe1 from vlan:network nat-to (pppoe1)
> block in quick on pppoe from  to any
> block return out quick on pppoe from any to 
> block all
> pass out quick inet
> 
> pass out on vlan to vlan:network
> pass in quick on vlan from vlan:network to vlan
> 
> pass in on vlan route-to {(pppoe0 pppoe0:network), (pppoe1 pppoe1:network)}
> least-states sticky-address
> pass in on vlan proto tcp to port https route-to {(pppoe0 pppoe0:network),
> (pppoe1 pppoe1:network)} source-hash
> 
> block return in on vlan from vlan64:network to vlan32:network
> block return in on vlan inet proto tcp from any to any port 25
> pass in on egress inet proto icmp all
> pass in on egress inet proto tcp from any to (egress) port ssh


I think it's due to pppoe0 not initialized when pf starts. Same thing
happens using tun0 from OpenVPN for example.

pf - NAT not working after systemboot

[Thomas Huber]

Hi misc,

my current pf setup works fine but I face the problem, that NAT does not
work directly after system boot. Only when a do a

# pfctl -f /etc/pf.conf

after the booting things a working correctly.
Note: I don´t make any changes to pf.conf.

Anybody any idea?

General Setup:
Hardware: PCengines APU2c4
2x vlan(4): vlan32 (private) vlan64 (wifi-guests)
2x pppoe(4):  ADSL-uplink.

Thanks!

Here is the pf.conf:

table  { 0.0.0.0/8 10.0.0.0/8 127.0.0.0/8 169.254.0.0/16 \
   172.16.0.0/12 192.0.0.0/24 192.0.2.0/24 224.0.0.0/3 \
   192.168.0.0/16 198.18.0.0/15 198.51.100.0/24\
   203.0.113.0/24 }
set block-policy drop
set skip on lo0
match in all scrub (no-df random-id max-mss 1440)
match out on pppoe0 from vlan:network nat-to (pppoe0)
match out on pppoe1 from vlan:network nat-to (pppoe1)
block in quick on pppoe from  to any
block return out quick on pppoe from any to 
block all
pass out quick inet

pass out on vlan to vlan:network
pass in quick on vlan from vlan:network to vlan

pass in on vlan route-to {(pppoe0 pppoe0:network), (pppoe1 pppoe1:network)}
least-states sticky-address
pass in on vlan proto tcp to port https route-to {(pppoe0 pppoe0:network),
(pppoe1 pppoe1:network)} source-hash

block return in on vlan from vlan64:network to vlan32:network
block return in on vlan inet proto tcp from any to any port 25
pass in on egress inet proto icmp all
pass in on egress inet proto tcp from any to (egress) port ssh

Re: Best way to serve files to Windows?

[Kevin Chadwick]

On Wed, 25 Jul 2018 23:20:47 -0400


> sshfs
> 
> This is the Windows client which works well for my lab members who
> like to use Windows.
> 
> https://www.nsoftware.com/netdrive/sftp/

Not sure if explorer integration is planned by Microsoft but if you
want speed in place of convenience then the OpenSSH native command line
tools introduced in Windows 1803 are the fastest. Much faster than
winscp and significantly faster than Windows subsystem for linux
versions, atleast on a client with AES-NI and server without.