dhcpcd[82953]: pppoe0: DHCPv6 REPLY: NoAddrsAvail
hi everyone
does the following error in */var/log/*{messages,daemon} indicate a problem
at my internet providers end of the line or one of my config files
dhcpcd[82953]: pppoe0: DHCPv6 REPLY: NoAddrsAvail
i have pd prefix addresses being assigned on my lan network but no nd
prefix address assigned to my egress interface on the firewall ?
dhcpcd.conf
ipv6only
noipv6rs
duid
persistent
option rapid_commit
require dhcp_server_identifier
slaac private
nohook resolv.conf, lookup-hostname
allowinterfaces em0 em1 tun0 pppoe0
script ""
interface pppoe0
ia_na 1
ia_pd 2 em0/0
ia_pd 3 em1/1
ia_pd 4 tun0/2
==
this is a section from /var/log/daemon after a restart of dhcpcd.
Oct 3 11:08:07 imhotep rad[70380]: engine exiting
Oct 3 11:08:07 imhotep rad[14635]: frontend exiting
Oct 3 11:08:07 imhotep rad[39834]: terminating
Oct 3 11:08:07 imhotep rad[18320]: startup
Oct 4 01:10:25 imhotep dhcpcd[82019]: received SIGTERM, stopping
Oct 4 01:10:25 imhotep dhcpcd[82019]: tun0: removing interface
Oct 4 01:10:25 imhotep dhcpcd[82019]: em0: removing interface
Oct 4 01:10:25 imhotep dhcpcd[82019]: pppoe0: removing interface
Oct 4 01:10:25 imhotep dhcpcd[82019]: dhcpcd exited
Oct 4 01:10:25 imhotep dhcpcd[82953]: tun0: unsupported interface type 83
Oct 4 01:10:25 imhotep dhcpcd[82953]: DUID
00:04:44:45:4c:4c:38:00:10:57:80:47:b9:c0:4f:57:32:4a
Oct 4 01:10:25 imhotep dhcpcd[82953]: em0: IAID 23:e3:c7:92
Oct 4 01:10:25 imhotep dhcpcd[82953]: pppoe0: IAID 00:00:00:06
Oct 4 01:10:25 imhotep dhcpcd[82953]: pppoe0: IA type 3 IAID 00:00:00:01
Oct 4 01:10:25 imhotep dhcpcd[82953]: pppoe0: IA type 25 IAID 00:00:00:02
Oct 4 01:10:25 imhotep dhcpcd[82953]: pppoe0: IA type 25 IAID 00:00:00:03
Oct 4 01:10:25 imhotep dhcpcd[82953]: pppoe0: IA type 25 IAID 00:00:00:04
Oct 4 01:10:25 imhotep dhcpcd[82953]: pppoe0: DHCPv6 REPLY: NoAddrsAvail
Oct 4 01:10:25 imhotep dhcpcd[82953]: pppoe0: rebinding prior DHCPv6 lease
Oct 4 01:10:25 imhotep dhcpcd[82953]: tun0: IAID 74:75:6e:30
Oct 4 01:10:26 imhotep dhcpcd[82953]: pppoe0: DHCPv6 REPLY: NoAddrsAvail
Oct 4 01:10:26 imhotep dhcpcd[82953]: pppoe0: REPLY6 received from
fe80::4afd:8eff:feaa:a4d1
Oct 4 01:10:26 imhotep dhcpcd[82953]: pppoe0: renew in 86400, rebind in
138240, expire in 259200 seconds
Oct 4 01:10:26 imhotep dhcpcd[82953]: lo0: adding reject route to
2a02:1234:658b::/48 via ::1
Oct 4 01:10:26 imhotep dhcpcd[82953]: pppoe0: delegated prefix
2a02:1234:658b::/48
Oct 4 01:10:26 imhotep dhcpcd[82953]: em0: adding address
2a02:1234:658b::1/48
Oct 4 01:10:26 imhotep dhcpcd[82953]: em0: changing route to
2a02:1234:658b::/48
Oct 4 01:10:26 imhotep dhcpcd[82953]: forked to background, child pid 6456
thanks shadrock
Re: Cloudflare mirror link broken & more
Anatoli wrote: > > looking at the number of bytes moved in the sessions is sufficient to > > determine which firmwares were selected and downloaded. > > Theo, I may be completely wrong here (please excuse my ignorance if it > is the case), but I see it this way: > > On a shared server (or one fronted by a CDN) on the same pool of IPs > there are lots of domains hosted (at cdn.openbsd.org right now there are > 140 domains of which 63 are wildcards and they are shuffled all the > time), they could have infinite amount of files. > > With ESNI there's no way to know which domain we are requesting, so we > could be downloading/requesting anything (files and dynamic content, > RTC, streaming) from hundreds of unrelated domains. > > On top of this, if we use HTTP/2 multiplexing and request all the > firmware binaries over the same connection, the exact size wouldn't be > known either. You can add additional obfuscations if needed, like > randomly mix-querying small files over the same multiplexed connection. > > I know tls1.3 is not there yet in LibreSSL and ESNI is at draft-04 at > this moment, but I'm not talking about an immediate fully-DPI-resistant > deployment. All CloudFlare hosted domains are with ESNI already for a > year [1] and ff has it in nightly. OpenSSL, Fastly, Apple and Google are > also working on it, there's a fairly good interop testing ground. The amazing thing about all those security buzzwords is they decrypt inside the servers of one company which operates under US legal doctrine. You are a very trustful believer. The internet is full of snakes, but the endpoint is paradise, there are no snakes at the endpoints.
Re: Cloudflare mirror link broken & more
Anatoli wrote: > > looking at the number of bytes moved in the sessions is sufficient to > > determine which firmwares were selected and downloaded. > > Theo, I may be completely wrong here (please excuse my ignorance if it > is the case), but I see it this way: > > On a shared server (or one fronted by a CDN) firmware.openbsd.org is not a CDN, it is a DNS name pointing a handful of hosts, so everything else you wrote is irrelevant. I'm not sure why you bothered. > My question was about why not to cloud-front-with-https (like > cdn.openbsd.org is) the firmware sub-domain too (or > cdn.firmware.openbsd.org). Just my 2-cents-IMO :) Because we don't. End of story.
Re: Cloudflare mirror link broken & more
> looking at the number of bytes moved in the sessions is sufficient to > determine which firmwares were selected and downloaded. Theo, I may be completely wrong here (please excuse my ignorance if it is the case), but I see it this way: On a shared server (or one fronted by a CDN) on the same pool of IPs there are lots of domains hosted (at cdn.openbsd.org right now there are 140 domains of which 63 are wildcards and they are shuffled all the time), they could have infinite amount of files. With ESNI there's no way to know which domain we are requesting, so we could be downloading/requesting anything (files and dynamic content, RTC, streaming) from hundreds of unrelated domains. On top of this, if we use HTTP/2 multiplexing and request all the firmware binaries over the same connection, the exact size wouldn't be known either. You can add additional obfuscations if needed, like randomly mix-querying small files over the same multiplexed connection. I know tls1.3 is not there yet in LibreSSL and ESNI is at draft-04 at this moment, but I'm not talking about an immediate fully-DPI-resistant deployment. All CloudFlare hosted domains are with ESNI already for a year [1] and ff has it in nightly. OpenSSL, Fastly, Apple and Google are also working on it, there's a fairly good interop testing ground. My question was about why not to cloud-front-with-https (like cdn.openbsd.org is) the firmware sub-domain too (or cdn.firmware.openbsd.org). Just my 2-cents-IMO :) Regards, Anatoli [1] https://blog.cloudflare.com/encrypted-sni/ On 7/10/19 15:38, Theo de Raadt wrote: > Anatoli wrote: > >> And thank you for your detailed explanation about the certs for firmware >> sub-domain. Just wanted to say that IMO there's actually one thing that >> it would solve: the privacy of the requests, i.e. we wouldn't be leaking >> info about our devices with proprietary fw to anyone listening on the >> wires. But I see it's a considerable effort to set it up. I already know >> whom to contact to collaborate with the infrastructure. > > oh really, https solves that?? > > Sorry to burst your bubble, but looking at the number of bytes moved in > the sessions is sufficient to determine which firmwares were selected > and downloaded. >
bgpctl(8) community question
[OpenBSD 6.5-STABLE, up to date] When using bgpctl(8), I'm able to do almost everything I need, but I'm having trouble figuring out how to do one thing: How do I show routes that do NOT have a community (or ext-community, or large-community) attribute? The best I can come up with so far is a fairly ugly AWK script that buffers the detailed route output, then emits it if it doesn't see a Communities: line. Am I missing a better way? Thanks, -Adam N.B. manually looking through N sets of DFZ route tables isn't going to happen, I need a mostly-automatic solution.
UNIX Fare well
The puffer fish is also known as blowfish or the toadfish that inhabits warmer waters around the globe. It is identified by its uncanny ability to adapt and defend itself against larger predators. The Puffer fish have a unique ability to inflate its body by sipping water or air causing it to become rounder. Another defense that a puffer fish use is its tiny sharp thorns that exude outside when the puffer fish is inflated. Some puffer fish are known for their poison that is hazardous even to the health of humans. But Puffer fish are a favorite part of the Japanese cuisine, though their poison is greater than that of cyanide, the Japanese love to it eat, especially the liver where a huge concentration of poison is common. Japanese can consume Fugu (puffer fish) at around 10,000 tons a year. When this creature appeared to you, it is telling you to have the courage to defend yourself. It is a sign that small movements can affect anyone, though they might not show it. There is a chance that you are being bullied by the people surrounding you, and the puffer fish is telling you that you have the capacity to defend yourself and the armament to protect you from any dangers. If you need some assistance regarding your low grades, a puffer fish can provide you with it, Puffer fish also indicates knowledge because of its domain, this creature can help you relax and focus on the things that you need to do. Consequently, because of its habitat, this animal is also associated with healings, people who have so much trouble in their minds can call this creature’s help to heal them and rejuvenate their stamina to go on with life. This fish is also a representation that you want to be loved despite of your short comings, you want them to understand that everybody has flaws and no one can be a perfect fit for someone, but once they give you a chance you will stay with them for as long as they want you. Look at a puffer fish, despite of its poison; it is a favorite part f the diet of Koreans and Japanese people. When you want to create a smoother relationship with your loved ones, call on this fish, there is a probability that you had a misunderstanding with your family and you want to patch thing up. Never worry because these things are just temporary and you will soon found a common ground that will bring your past relationship back. A puffer fish can be hazardous, some of the marine animals that have a taste of this fish, end up in an unfortunate ways, but if we take a deeper look at this animal, even its liver that is full of neurotoxins can taste better than the most expensive meat. Puffer fish shows up as a spirit guide when... You need strength to stand up for yourself. You require some assistance to achieve knowledge. You want to be loved despite of the flaws you have. You want a harmonious relationship with the people around you. You need some healings. Call on Puffer fish as a spirit guide when... You are being bullied You want an improvement of school grades Someone wants to be accepted for what he is. You need to patch things up with the people who are close to you. You need to distress. Sylvain sur K9 mail Android mails by spamgourmet.com
Re: Cloudflare mirror link broken & more
Anatoli wrote: > And thank you for your detailed explanation about the certs for firmware > sub-domain. Just wanted to say that IMO there's actually one thing that > it would solve: the privacy of the requests, i.e. we wouldn't be leaking > info about our devices with proprietary fw to anyone listening on the > wires. But I see it's a considerable effort to set it up. I already know > whom to contact to collaborate with the infrastructure. oh really, https solves that?? Sorry to burst your bubble, but looking at the number of bytes moved in the sessions is sufficient to determine which firmwares were selected and downloaded.
Re: Cloudflare mirror link broken & more
Hi Stuart, Sorry for late reply. Upon Theo's request I provided job@ with the needed info and the issues were triaged and fixed. cdn.openbsd.org now works fine. And the location of files at cloudflare.cdn.openbsd.org is correct again too. BTW, > Is https://openbsd.c3sl.ufpr.br/pub/OpenBSD/ any better for you? This mirror works well from Brazil, but very slow from Argentina as the route goes via Miami when it already reaches Brazil (hop 8 is at Brazil, then it goes to Miami, then back to Brazil :) Telecom Italia Sparkle (aka seabone.net) is the main backbone provider for Argentina but they have (there are) some issues with intl routing in Brazil. traceroute to sagres.c3sl.ufpr.br (200.236.31.1), 64 hops max, 40 byte packets 1 192.168.0.1 (192.168.0.1) 1.585 ms 6.74 ms 10.435 ms 2 * * * 3 * * * 4 * * * 5 * * 132-208-88-200.fibertel.com.ar (200.88.208.132) 107.303 ms 6 185.70.203.32 (185.70.203.32) 77.977 ms host63.181-96-120.telecom.net.ar (181.96.120.63) 112.473 ms 185.70.203.32 (185.70.203.32) 59.782 ms 7 185.70.203.32 (185.70.203.32) 99.471 ms * * 8 ntt-verio.sanpaolo8.spa.seabone.net (149.3.181.65) 41.224 ms * 40.239 ms 9 unknown.r20.miamfl02.us.bb.gin.ntt.net (129.250.2.196) 170.192 ms 194.816 ms ntt-verio.sanpaolo8.spa.seabone.net (149.3.181.65) 49.554 ms 10 unknown.r20.miamfl02.us.bb.gin.ntt.net (129.250.2.196) 175.984 ms 176.301 ms 174.46 ms 11 ae-8.r05.miamfl02.us.bb.gin.ntt.net (129.250.3.150) 183.177 ms ae-2.a01.miamfl02.us.bb.gin.ntt.net (129.250.3.167) 182.203 ms ae-3.a01.miamfl02.us.bb.gin.ntt.net (129.250.3.208) 181.342 ms 12 xe-0-0-26-2.a01.miamfl02.us.ce.gin.ntt.net (129.250.202.94) 181.301 ms ae-3.a01.miamfl02.us.bb.gin.ntt.net (129.250.3.208) 177.877 ms ae-2.a01.miamfl02.us.bb.gin.ntt.net (129.250.3.167) 185.902 ms 13 xe-0-0-26-2.a01.miamfl02.us.ce.gin.ntt.net (129.250.202.94) 181.56 ms 201.18 ms 181.97 ms 14 * * * 15 * * * 16 p2-v103-araucaria-lapa.pop-pr.rnp.br (200.238.139.10) 257.613 ms * 323.722 ms 17 p2-v103-araucaria-lapa.pop-pr.rnp.br (200.238.139.10) 343.196 ms 474.198 ms 200.17.202.62 (200.17.202.62) 974.067 ms 18 200.17.202.62 (200.17.202.62) 259.173 ms sagres.c3sl.ufpr.br (200.236.31.1) 257.664 ms 200.17.202.62 (200.17.202.62) 256.431 ms And thank you for your detailed explanation about the certs for firmware sub-domain. Just wanted to say that IMO there's actually one thing that it would solve: the privacy of the requests, i.e. we wouldn't be leaking info about our devices with proprietary fw to anyone listening on the wires. But I see it's a considerable effort to set it up. I already know whom to contact to collaborate with the infrastructure. Regards, Anatoli On 25/9/19 15:26, Stuart Henderson wrote: > On 2019-09-24, Anatoli wrote: >> Hi All, >> >> I see for some time that the link to Cloudflare CDN is broken. >> https://www.openbsd.org/ftp.html says it is >> https://cloudflare.cdn.openbsd.org/pub/OpenBSD/ but it gives 404. >> >> It looks like Cloudflare removed /pub/ and renamed to lowercase OpenBSD >> so the link that works is https://cloudflare.cdn.openbsd.org/openbsd/. > > That would be due to the origin server which the cloudflare CDN is pointed at. > (The CDNs aren't "real" content servers, they are just caching proxies). > If this is still happening, please show the output from > ftp -o- https://cloudflare.cdn.openbsd.org/pub/OpenBSD/ and > ftp -o- https://cloudflare.cdn.openbsd.org/openbsd/ so we can get > a better idea which origin server it's using etc. > >> Also, the Fastly (CDN) mirror frequently (like half the times) gives >> connection errors, at least using it from Latin America. The IPs I get >> from different LA countries are 151.101.2.217 (Brazil) & 151.101.218.217 >> (Argentina). ftp.openbsd.org works always so when I get errors with >> Fastly, I switch to it and it works well (but slowly), or to Cloudflare >> which works well too and it's fast (at the modified URL). > > Is https://openbsd.c3sl.ufpr.br/pub/OpenBSD/ any better for you? > >> The Fastly errors are of the form "connection closed at byte xxx", "ftp: >> connect: operation timed out \n signify: gzheader truncated", something >> like "no valid ip address found" and similar. Probably it's a faulty or >> overloaded server serving some LA countries? > > Or a slow link between the CDN and the origin server, or maybe some other > reasons. Personally I would normally only regard the CDNs as a fallback > option if other ways to fetch the files are not working well .. > >> And right now I'm getting an invalid cert error for >> https://firmware.openbsd.org. It resolves to 145.238.209.46 >> (pond.obspm.bsdfrog.org) and 94.142.244.34. The certificate is only >> valid for the following names: distfiles.bsdfrog.org, emma-en-quete.com, >> ftp.fr.openbsd.org, pond.obspm.bsdfrog.org, pond.stats.bsdfrog.org, >> portroach.openbsd.org, www.emma-en-quete.com. Not sure if it's a >> configuration error of some mirror server or something else. >>
Re: Multi media keys on wired USB keyboard not responding
Erling, :) can happen to anyone. I supposed there was something like this going on as if usbhidctl shows the keys, there's basically no way for usbhidaction not to work for some internal issue as uhid devices are sort of character pseudo-devices and you can even read some keypress events with doas cat /dev/uhid0 | od -x (or even without od). The only thing usbhidaction does is it checks at init for descriptor pages to see whether all the requested keys are defined (could be ignored with -i) and starts listening for keypress events on the specified uhid instance. My next suggestion would have been to play with -v and -d args to usbhidaction, but you figured it out yourself. With respect to the PrintScreen button, I was experiencing the same and I almost have a fix for it. If you search the archive for my email titled "HID keyboard + usbhidctl weirdness" you'll see I was reporting the same issues, but I went further and started to mess with the kernel XD. The issue is basically the scancode for keypress is masked in one of the mapping tables in keyboard drivers. I already figured the table for wscons, had to find it for X. I'll send you a diff to test when ready. Meanwhile, could you please send me the output from usbdevs -v and lsusb -v (pkg_add usbutils) that corresponds to your keyboard device (there could be more than one entry at different addresses – you can see which devices correspond to your keyboard by running tail -f /var/log/messages while you unplug and plug it again)? Regards, Anatoli On 5/10/19 21:06, Erling Westenvik wrote: > Stupid me. The keyboard is working! For some reason I don't yet > understand, the usbhidaction(1) config file I created was set to "dos" > by vim(1) early in the process. Perhaps I copied in something I found on > the web. Anyway; hidden ^M's prevented mixerctl command executions, and > moreover; when Anatoli suggested I echo values into a dumpfile > /tmp/uhid_debug, I touch(1)ed that file before proceding, but then > usbhidaction created /tmp/uhid_debug^M instead and put its things in > there while I was busy looking at "tail -f /tmp/uhid_debug)".. > After changing filetype to "unix" everything works as expected. (Except > for my Print Screen key, but that was not covered by my OP anyway.) > > Sorry for the noise! (..?! Curiously enough I discovered the "hidden" > debug file while testing noice(1)..) > > Regards, > > Erling > > On Fri, Oct 04, 2019 at 04:39:18PM +0200, Erling Westenvik wrote: >> On Thu, Oct 03, 2019 at 03:08:54PM -0300, Anatoli wrote: >>> Hi Erling, >> Hi Anatoli, sorry for the late reply. Your answer somehow ended up in >> in Gmail spam. >> >>> Your problem is probably with the page name. Check it with usbhidctl -r >>> -f /dev/uhid0 (the value you're interested in is what is shown for >>> "Collection page"). >> >> $ usbhidctl -r -f /dev/uhid0 >> Report descriptor: >> Collection page=Consumer usage=Consumer_Control >> Input size=16 count=1 Array page=Consumer usage=Unassigned..0x03ff, >> logical range 0..1023 >> Input size=8 count=1 Array page=Keyboard usage=No_Event..0x00ff, logical >> range 0..255 >> Input size=1 count=1 page=Microsoft usage=0xfe03, logical range 0..1 >> Input size=1 count=1 page=Microsoft usage=0xfe04, logical range 0..1 >> Input size=5 count=1 page=Microsoft usage=0xff05, logical range 0..31 >> Input size=8 count=1 page=Microsoft usage=0xff02, logical range 0..255 >> End collection >> Total input size 7 bytes >> Total output size 0 bytes >> Total feature size 0 bytes >>> >>> Also, it's probably required for the actions to go on new lines in the >>> action config. >> >> They do in my config. I just joined the lines in my original email >> before sending. For no really good reason I admit. >> >>>And for dubugging I'd use something like `echo 1 >> >>> /tmp/uhid_debug` so you know that it's working, e.g.: >>> Consumer:Volume_Decrement 1 >>> echo 1 >> /tmp/uhid_debug >> >> Absolutely no output. It's like the keys don't exist no matter what I >> try. Are there ways to test for keyboard input at a lower level – like >> in single user mode, before the USB driver potentially gets clogged by >> other devices/processes? >> >>> On the other hand, I'm working on a new driver that would make all this >>> usbhid* operations unnecessary, the keys would work natively. >> >> I'm looking forward to that! Please feel free to contact me for testing >> diffs. >> >> Regards, >> Erling >> >>> >>> Regards, >>> Anatoli >>> >>> On 2/10/19 09:54, Erling Westenvik wrote: Hi, I am unable to get the four multimedia keys (Play/Pause, Volume Decrement/Increment, Mute) on my old'ish USB Microsoft Wired Keyboard 600 to respond. I have tried to do my homework by reading man pages, like usbhidaction(1) and usbhidctl(1), and I've been looking at how-tos on the net [1], but to no prevail and I've decided to reach out to misc@ for guidance. dmesg(1) below [2]. This is what
IKEv2 OpenBSD client using X.509 Certificate Authentication
Hi guys, I'm trying to set up a IKEv2 VPN using X.509 Certificate Authentication with iked(8). In the Virtual Private Networks (VPN) section of the FAQ there no section about setting up this with an OpenBSD client. Is there anybody here who's done that before? In trying the achieve this, I first had to give a CSR to the other part so I used ikectl(8) to generate a ca and a certificate. To do so I followed the steps at the bottom of the ikectl(8) man page and I did this: # ikectl ca example create # ikectl ca example certificate 198.51.100.1 create # ikectl ca example certificate 198.51.100.2 create I then gave them the CSR file corresponding to the 198.51.100.2 certificate. In return, they gave me a X.509 certificate like the following: $ cat example.pem subject=/C=FR/O=XXX/OU=0002 479766842/OU=X/CN=XXX issuer=/C=FR/O=X/OU=0002 120061023/CN=XX -BEGIN CERTIFICATE- -END CERTIFICATE- subject=/C=FR/O=XXX/OU=0002 120061023/CN=X issuer=/CN=XXX-ROOT/OU=0002 120061023/O=/C=FR -BEGIN CERTIFICATE- -END CERTIFICATE- subject=/CN=XXX-ROOT/OU=0002 120061023/O=X/C=FR issuer=/CN=XXX-ROOT/OU=0002 120061023/O=/C=FR -BEGIN CERTIFICATE- -END CERTIFICATE- I don't really know how to use that certificate with iked(8). My configuration file look pretty much like this: local_ip="198.51.100.1" local_network="192.0.2.0/24 " remote_ip="198.51.100.2" remote_network="203.0.113.0/24" ikev2 'example' active esp \ from $local_network to $remote_network \ local $local_ip peer $remote_ip \ ikesa auth hmac-sha1 enc aes-256 prf hmac-sha2-256 group modp1536 \ childsa auth hmac-sha1 enc aes-256 group modp1536 \ ikelifetime 86400 lifetime 28800 \ dstid 198.51.100.2 What file do the directives srcid and dstid match to? I don't get how iked(8) make use of the certificates in that case. I made sure to have the following 2 files: # cat /etc/iked/private/198.51.100.2.key -BEGIN RSA PRIVATE KEY- XXX -END RSA PRIVATE KEY- # cat /etc/iked/certs/198.51.100.2.crt subject=/C=FR/O=XXX/OU=0002 479766842/OU=X/CN=XXX issuer=/C=FR/O=X/OU=0002 120061023/CN=XX -BEGIN CERTIFICATE- -END CERTIFICATE- subject=/C=FR/O=XXX/OU=0002 120061023/CN=X issuer=/CN=XXX-ROOT/OU=0002 120061023/O=/C=FR -BEGIN CERTIFICATE- -END CERTIFICATE- subject=/CN=XXX-ROOT/OU=0002 120061023/O=X/C=FR issuer=/CN=XXX-ROOT/OU=0002 120061023/O=/C=FR -BEGIN CERTIFICATE- -END CERTIFICATE- But I get an error : config_setkeys: failed to open private key: No such file or directory parent: parent_configure: failed to send keys I'm pretty sure I'm completely wrong here and I would be really grateful if anybody could explain to me what are the steps to take here. Thank you! -- Tristan
