Re: Openbsd 6.9 Default gateway

Both in different Network , Just added route to hostname.if with -priority lower than other interface , it worked Thank you > On 08-May-2021, at 5:08 AM, Daniel Jakots wrote: > > On Sat, 8 May 2021 02:37:41 +0300, Irshad Sulaiman > wrote: > >> Thank you for the reply >> >> >>

Re: Openbsd 6.9 Default gateway

Thank you for the reply I could do by Delete and adding route with route command manually But is there any better way to do this > On 08-May-2021, at 2:28 AM, wrote: > >> How to set hostname.iwn0 as default gateway > > Probably there is a better solution. Maybe someon

Re: Openbsd 6.9 Default gateway

> How to set hostname.iwn0 as default gateway Probably there is a better solution. Maybe someone with more knowledge of netstart can help. I'd try my luck with pf and create a natting rule to check for traffic leaving em0 that's not - for example - 192.168.1.0/24: pass out on em0 from $int_net to

Can't compile php from ports

Hello, Does anyone knows why compiling php from ports systematically fails ? It's been since openbsd 6.8 that it acts this way /usr/ports/pobj/php-7.4.19/bin/install -c -m 644 /usr/ports/pobj/php-7.4.19/php-7.4.19/modules/opcache.so  /usr/ports/pobj/php-7.4.19/fake-amd64/usr/local/lib/php-7.4/mo

Openbsd 6.9 Default gateway

Hi How to set only one default gateway if I have multiple interface , one is in DHCP and other in Static ip I have set /etc/mygate 192.168.100.1 and hostname.em0 (DHCP) and hostname.iwn0 (static 192.168.100.163 255.255.255.0) But when I sh /etc/netstart it sets multiple gateway with follow

Re: Openbsd 6.9 Default gateway

On Sat, 8 May 2021 02:37:41 +0300, Irshad Sulaiman wrote: > Thank you for the reply > > > I could do by > Delete and adding route with route command manually > But is there any better way to do this If you used the same network both on wired and wireless, you could use a trun

Re: Extremely bizarre using sysupgrade from May 6 -current

Ha! Sorry for the noise. I needed to check a file from etc with the latest -current. I untarred base69.tgz in the _sysupgrade directory. Script choked on the existing wrong files. +1 for good work on sysupgrade! -1/2 for me not cleaning up! ROFL at myself, Chris Bennett

Extremely bizarre using sysupgrade from May 6 -current

I just ran sysupgrade -snk and got this: CX ~ # sysupgrade -snk Fetching from https://ftp.openbsd.org/pub/OpenBSD/snapshots/amd64/ SHA256.sig 100% |**

Re: pf ipv6 source-routing 6.9

On 2021-05-07, Bastien Durel wrote: > Hello, > > I have multiple ISPs plugged on my OpenBSD box, each one providing its > IPv6 address space. > > I used to route outgoing streams with : > > net2_if = pppoe0 > ovh_v6_router = "(" $net2_if fe80::230:88ff:fe04:63c9 ")" > ovh_v6_prefix = "2001:41d0:f

Re: bitcoind out of memory

On 2021-05-07, yancy ribbens wrote: > I'm running 6.8 and trying to run bitcoind (C++), however, I continue to > receive a core dump while running the application (out of memory). The > dmesg file is below. Always surprises me when people are willing to run things like that as root.. > The appl

pf ipv6 source-routing 6.9

Hello, I have multiple ISPs plugged on my OpenBSD box, each one providing its IPv6 address space. I used to route outgoing streams with : net2_if = pppoe0 ovh_v6_router = "(" $net2_if fe80::230:88ff:fe04:63c9 ")" ovh_v6_prefix = "2001:41d0:fe4b:ec00::0/56" table const { $ovh_v6_prefix, $free_v

bitcoind out of memory

I'm running 6.8 and trying to run bitcoind (C++), however, I continue to receive a core dump while running the application (out of memory). The dmesg file is below. The application is running as root and I've set datasize-max and datasize-cur to infinity in the login.conf daemon section as I susp

Re: Tor Relay log warning

On 5/5/2021 at 5:34 PM, "Theo Buehler" wrote: > >On Wed, May 05, 2021 at 08:06:09AM -0300, Matheus Coelho wrote: >> Hello List! >> >> I have a tor relay server and in version 6.9 of openbsd the log >started >> showing this message: >> >> tor_tls_finish_handshake: Bug: For some reason, wasV2Hand

Re: fighting amplification attack --was: Re: pf: block drop not working

No this is not possible. UDP is trivially spoofed (which is probably why you see the problem in the first place; the source IPs you see on the packets are the *victims* not the attacker). Doing this for UDP opens an easy DoS of your legitimate clients. -- Sent from a phone, apologies for poor

Re: IKEv2: CHILD_SA is not created

On Fri, May 07, 2021 at 12:17:35PM +0300, Денис Давыдов wrote: > Hello all, > > I can't understand why I got SA_INIT timeout: > May 5 13:18:54 crypto-gw2 iked[65530]: spi=0x73bcd531eb2e8899: sa_free: > SA_INIT timeout > > 1.1.1.1 (crypto-gw2) - my host > 7.7.7.7 - our isp provider (some of cisco

Re: fighting amplification attack --was: Re: pf: block drop not working

Hello Axel, Check out fastnetmon if you have SFLOW (Preferably ) or Netflow support on your switches /or routers facing external providers you can put pps per second thresholds on . but bear in mind if the amount of bandwdith being sent to your router exceeds capacity you need to send a BGP co

IKEv2: CHILD_SA is not created

Hello all, I can't understand why I got SA_INIT timeout: May 5 13:18:54 crypto-gw2 iked[65530]: spi=0x73bcd531eb2e8899: sa_free: SA_INIT timeout 1.1.1.1 (crypto-gw2) - my host 7.7.7.7 - our isp provider (some of cisco devices) /etc/iked.conf (on 1.1.1.1): ikev2 crypto-primary active esp \

Re: Trying to understand/debug caldav vs. httpd issue

On 2021-05-05, T. Ribbrock wrote: > Hi all, > > this may be a long shot, but I'm looking for someone who can give me a > few pointers (if this is better posted to another list, please let me > know as well). > > TL;DR: I am running into issues with a webdav/caldav client > connecting to a Nextclou

Re: fighting amplification attack --was: Re: pf: block drop not working

> Am 05.05.2021 um 16:20 schrieb Stuart Henderson >: > > This is usually best dealt with in your DNS server software e.g. by using > the rrl-* configuration in NSD, see nsd.conf(5), or "rate-limit" config > section in BIND. Yes, I have this in place now, but I try

Re: I can’t get veb/vport to work with vmd.

On 2021-05-06, Luke Small wrote: > I got it working. I have a pretty hefty amount of vether0 and > vether0:network in my pf.conf that I changed to vport0 and vport0:network. > > That fixed every single thing! > > I somehow completely forgot about all the vether0 pf rules which isolates > the the v

Re: DHCPd - option capwap (code 138)

On 2021-05-06, Radek wrote: > Hello, > I want to use dhcpd server to push Wireless Controller's IP address to the > APs. > > According to this: > http://systemnetworksecurity.blogspot.com/2013/02/adding-custom-options-in-isc-dhcpds.html > https://www.secuvera.de/blog/capwap-dhcp-option-138-auf-is