Re: Bridging OpenVPN and LAN
On Sun, 5 Sep 2021 16:52:58 +0300 kasak wrote: > You should add ip pool for bridge in server config. > > like this: > > server-bridge 10.70.0.1 255.225.255.0 10.70.0.100 10.70.0.110 You should *only* do this if you have configured your DHCP server to _not_ hand out IP addresses in that range. The DHCP server can't actually tell what a "VPN client" is and what a local Ethernet client is, so it should work. Likely, it's a lack of a `server-bridge` statement (*without* IP address ranges given) that is likely confusing matters. -- Stuart Longland (aka Redhatter, VK4MSL) I haven't lost my mind... ...it's backed up on a tape somewhere.
Re: PC Engines apu4 network performance
On 2021-09-08, Paulo Manoel Mafra wrote: > Hello guys, > I've configured a pc engines apu4 with openbsd 6.9 and I verified the > network performance is around 550 mbit/s with pf and 700 mbit/s without. > > Is there any known issue for that poor performance ? > Running another OS on the same hardware I can reach some like 920 mbit/s. > > I've googled for this problem and it appears some messages from 2018. Sounds about right for OpenBSD on that hardware. -- Please keep replies on the mailing list.
Re: Recover partition table/FFS2 after overwrite?
On 2021-09-08, Thomas Windisch wrote: > I mangaged to restore my drive using > > #fdisk -iy > #disklabel -R > #fsck > > Thanks Geoff and David. > > After reinstalling OpenBSD everything seems so be running fine. > Almost. > > When I now run grep I get this: > > $ grep > warning: libc.so.96.0: minor version >= 1 expected, using it anyway > ld.so: grep: can't load library 'libz.so.6.0' > Killed > > I was previously running -current and I reinstalled -release 6.9. > It seems that grep is a remnant of the old install? How come? If you "downgrade" you will need to clean up newer libraries, things from packages, sometimes perl modules, etc. It is for this reason that this is really not a supported thing to do. -- Please keep replies on the mailing list.
Re: Are there any protection againts heisting the "shell builtin"s?
> On Sep 8, 2021, at 02:24, jim hook wrote: > ... > ex.: "unset cd" would help, but any solution in general? I alias ‘ls’ to my preferred args. Sometimes I don’t want those. In ksh, I just use \ls to not use the alias. I confirmed \cd will use the builtin (at least on ksh) with: $cd() { > echo hello > } $ cd /tmp hello $ \cd /tmp $ pwd /tmp
PC Engines apu4 network performance
Hello guys, I've configured a pc engines apu4 with openbsd 6.9 and I verified the network performance is around 550 mbit/s with pf and 700 mbit/s without. Is there any known issue for that poor performance ? Running another OS on the same hardware I can reach some like 920 mbit/s. I've googled for this problem and it appears some messages from 2018. Kind Regards, Paulo.
Re: Are there any protection againts heisting the "shell builtin"s?
> Date: Wed, 8 Sep 2021 11:24:18 +0200 > From: jim hook > Thinking of that home dirs could be on a shared storage, that can be > accessed by others and maliciously modify the ".profile", etc. files > of the targeted user. > > ex.: "unset cd" would help, but any solution in general? directory permissions. in code: for u in /home/* do chown "$u" "/home/$u" chmod go-w "/home/$u" which you should find is already the default.
Re: Are there any protection againts heisting the "shell builtin"s?
> Date: Wed, 8 Sep 2021 11:24:18 +0200 > From: jim hook > Thinking of that home dirs could be on a shared storage, that can be > accessed by others and maliciously modify the ".profile", etc. files > of the targeted user. > > ex.: "unset cd" would help, but any solution in general? > Date: Wed, 8 Sep 2021 19:41:46 +0959 > From: Reuben ua Bríġ > directory permissions. in code: > > for u in /home/* > do chown "$u" "/home/$u" > chmod go-w "/home/$u" > > which you should find is already the default. oops, wrong code. i meant cd /home for u in * do set -- "$u" "$u/.profile" chown "$u" "$@" chmod go-w "$@" done assuming you have the usual directory set-up. a more general solution would involve parsing /etc/passwd
Re: Are there any protection againts heisting the "shell builtin"s?
> Date: Wed, 8 Sep 2021 11:24:18 +0200 > From: jim hook > Thinking of that home dirs could be on a shared storage, that can be > accessed by others and maliciously modify the ".profile", etc. files > of the targeted user. > > ex.: "unset cd" would help, but any solution in general? > Date: Wed, 8 Sep 2021 19:41:46 +0959 > From: Reuben ua Bríġ > directory permissions. in code: > > for u in /home/* > do chown "$u" "/home/$u" > chmod go-w "/home/$u" > > which you should find is already the default. > Date: Wed, 8 Sep 2021 19:50:26 +1000 > From: Reuben ua Bríġ > oops, wrong code. i meant > > cd /home > for u in * > do set -- "$u" "$u/.profile" > chown "$u" "$@" > chmod go-w "$@" > done > > assuming you have the usual directory set-up. > a more general solution would involve parsing /etc/passwd except that in general you should never do anything as root to files under a directory owned by a user other than root, as that user could replace the file with a symbolic link to some other file, and trick you into modifying some important system file. secure ways of doing basic stuff in obsd are... convoluted.
Re: PC Engines apu4 network performance
Paolo, Your results match mine. I was never able to get my apu4 past about 600 Mb/s. I installed pfsense on my apu4 and was able to get speeds closer to 1 Gb/s so there does appear to be some bottleneck in openbsd which holds the hardware back. If I recall correctly the i210at hardware checksum offloading was not enabled in openbsd due to a hardware quirk/bug. It looks like the i210at still doesn’t do hardware checksums: https://github.com/openbsd/src/blob/2207c4325726fdc5c4bcd0011af0fdf7d3dab137/sys/dev/pci/if_em.c#L1209 I didn’t profile the system so the lack of hardware checksums may not be the bottleneck. Elias On Wed, Sep 8, 2021 at 9:52 AM Paulo Manoel Mafra wrote: > Hello guys, > I've configured a pc engines apu4 with openbsd 6.9 and I verified the > network performance is around 550 mbit/s with pf and 700 mbit/s without. > > Is there any known issue for that poor performance ? > Running another OS on the same hardware I can reach some like 920 mbit/s. > > I've googled for this problem and it appears some messages from 2018. > > Kind Regards, > Paulo. > >
Re: Recover partition table/FFS2 after overwrite?
I mangaged to restore my drive using #fdisk -iy #disklabel -R #fsck Thanks Geoff and David. After reinstalling OpenBSD everything seems so be running fine. Almost. When I now run grep I get this: $ grep warning: libc.so.96.0: minor version >= 1 expected, using it anyway ld.so: grep: can't load library 'libz.so.6.0' Killed I was previously running -current and I reinstalled -release 6.9. It seems that grep is a remnant of the old install? How come?
Re: Are there any protection againts heisting the "shell builtin"s?
On Wed, Sep 08, 2021 at 11:24:18AM +0200, jim hook wrote: > test$ cd > rmplayer > test$ > test$ type cd > cd is a function > test$ > test$ tail -4 .profile > cd() > { > echo rmplayer > } > test$ > test$ uname -mrs > OpenBSD 6.9 amd64 > test$ > > Thinking of that home dirs could be on a shared storage, that can be accessed > by others and maliciously modify the ".profile", etc. files of the targeted > user. > > ex.: "unset cd" would help, but any solution in general? If your $HOME is on a shared drive that can be written by others, then blocking people from redefining shell builtins would be like throwing deck chairs off the Titanic, i.e., you have no security whatsoever. The only general solution is to have your home directory under better control.
Re: Are there any protection againts heisting the "shell builtin"s?
Hi Jim, jim hook wrote on Wed, Sep 08, 2021 at 11:24:18AM +0200: > test$ cd > rmplayer > test$ > test$ type cd > cd is a function > test$ > test$ tail -4 .profile > cd() > { > echo rmplayer > } > test$ > test$ uname -mrs > OpenBSD 6.9 amd64 > test$ Those are useful features. I doubt you will find any Unix user who never used aliases or shell functions to modify the behaviour of system commands to better suit their personal taste. Even myself, though i dislike changing default configuration in general, currently have an alias in place that modifies the default behaviour of rm(1). From what i have heard, most OpenBSD developers use aliases or shell functions for several commands, not just for one. > Thinking of that home dirs could be on a shared storage, that can > be accessed by others and maliciously modify the ".profile", > etc. files of the targeted user. That is not an issue by any stretch of the imagination. If anyone else has write access to your home directory, you have already lost the game, and the number of ways how they own you is is next to unlimited. Yours, Ingo
Are there any protection againts heisting the "shell builtin"s?
test$ cd rmplayer test$ test$ type cd cd is a function test$ test$ tail -4 .profile cd() { echo rmplayer } test$ test$ uname -mrs OpenBSD 6.9 amd64 test$ Thinking of that home dirs could be on a shared storage, that can be accessed by others and maliciously modify the ".profile", etc. files of the targeted user. ex.: "unset cd" would help, but any solution in general? Thanks.