Re: new queueing subsystem

I think he did answer your question, if you read between the lines.. A session cannot be 'pushed' to max! It needs to demand the bandwidth in the first place. Try reading this; http://trash.net/~kaber/hfsc/SIGCOM97.pdf This along side /many/ other Internet pages allowed us to fully implement

Re: Ivy Bridge-EP Xeon (E5-2637v2) and Intel C602 Patsburg-A Chipset support

Hi, sadly OpenBSD does not boot with the latest Ivy Bridge EP (E5-2637v2) with 'Power Technology' in the supermicro BIOS set to 'Max Performance', on both 5.4 release and the snapshot dated Nov 3rd; [demime 1.01d removed an attachment of type image/jpeg which had a name of image.jpeg] If I reset

Re: carp+pfsync+relayd question

Hi, as a complete guess (not used relayd yet let alone DSR) a 502 sounds like an error return from nginx/apache etc. could be a direct server return issue causing the TCP three way handshake to not be completing properly between the endpoints, even though a 502 is usually server side issue.. I'd

Re: carp+pfsync+relayd question

In fact thinking about it if think that is a relayd issue somewhere and not pf at all.. Sent from my iPhone On 14 Nov 2013, at 19:37, Leonardo Santagostini lsantagost...@gmail.com wrote: Well well well there is one thing its ocurring that i cant figure out. im getting some relay site3

Re: How to segregate forwarded and firewall-generated traffic in pf?

Fantastic! Thanks Camiel :) Sent from my iPhone On 18 Dec 2013, at 21:32, Camiel Dobbelaar c...@sentia.nl wrote: On 18/12/13 14:50, Maxim Khitrov wrote: On Wed, Dec 18, 2013 at 8:42 AM, Camiel Dobbelaar c...@sentia.nl wrote: On 18/12/13 13:53, Maxim Khitrov wrote: When writing outbound

Re: DNS resolver retries configurable? (or: Anything to make DNS resolves always work!)

Maybe try configuring bind (read the manuals and online docs) and setting resolv.conf to 127.0.0.1 would be a good start. OpenBSD's resolv logic won't be 'fixed' unless you want to change the code.. Sent from my iPhone On 19 Dec 2013, at 22:36, Mikael mikael.tr...@gmail.com wrote: Seems

Re: ospfd and L2VPN routes

Hi, it's not a good idea to distribute /32 routes around your routing domain as it will make convergence times longer and adds unnecessary load to the other routers. OSPF and other routing daemons like summary routes. I'm guessing you've assigned a 'unique' /24 network for the VPN clients which

Re: IPSec Packet Loss Help

Hi, haven't read your original email but if my assumptions about your setup are correct is the VPN tunnel dropping every now and then? I had a similar issue with 4 OBSD firewalls (2 at each end), all running isakmpd and sasyncd to keep the SAs in sync between a pair. With the tunnels

Re: upgrades no longer allow ftp for sets

Couldn't agree more! :) Andy Sent from my iPhone On 29 Mar 2014, at 09:10, Eric Oyen eric.o...@gmail.com wrote: geez! there are better technologies out here. SUre, if a technology works for 20 years, then go with it. However, there are loads faster ways (and a lot more secure too). Why

Re: OpenBGPd - iBGP next-hop translation using IGP (OSPF)

On further thought, using option 1 and randomising the next hop used wouldn't provide a very good distribution of load as it would be on a per network route basis and not on a per IP basing like proper multipath. Would also be costly in route look ups etc. So looks like we would need to use

Re: Virtual firewalls with OpenBSD and PF

Hi Wiesław, Definitely support your desire to try to add more structure to your PF writing! :) We use git to version control PF and many other files (over 60 files across an OBSD system now come to think of it). For PF, I wouldn't recommend using anchors as I *think* their slower and

Re: Virtual firewalls with OpenBSD and PF

On 20 Apr 2014, at 19:24, Henning Brauer lists-open...@bsws.de wrote: * Andy Lemin a...@brandwatch.com [2014-04-09 00:14]: For PF, I wouldn't recommend using anchors as I *think* their slower where on earth are people getting this ridiculous ideas from? Can't remember. Thanks

Re: 5.5 pf priority

Hi Henning, Thanks for your reply. We agree it's an edge case but would have an impact, albeit small. So taking your work as truth and good judgement as best as any human can (which I do), should we all just strip all our 'prio's if we use queues? I don't want things in my PF which aren't

Re: Donations to OpenBSD

We know... ;) Sent from my iPhone On 14 Aug 2014, at 16:14, Nicolai nicolai-om...@chocolatine.org wrote: On Thu, Aug 14, 2014 at 07:16:41AM +0100, Bernte wrote: Could you please just clarify: I have money and I want that to go to the OpenBSD project. I would like as much as possible to

Re: Donations to OpenBSD

Hahaha, lol!! Yes peter :) Sent from my iPhone On 14 Aug 2014, at 10:17, Peter Hessler phess...@theapt.org wrote: options: 1) cash in envelope, put into mail 2) bank cheque in envelope, put in mail 3) suck it up, and stop caring about the middle man's cut 4) bank transfers (also: see

Re: OpenBSD 5.5: question regarding pf syntax

On 28 Sep 2014, at 05:00, System Administrator ad...@bitwise.net wrote: On 27 Sep 2014 at 18:50, Andrew Lester wrote: Hey guys, I have what I hope is a simple syntax question for pf rules. I have not been able to find any example of this online or in the man pages. I suspect it is

Re: carp not reverting to master

Please excuse typos, sent from my phone On 15 Oct 2014, at 19:13, Marko Cupać marko.cu...@mimar.rs wrote: On Thu, 02 Oct 2014 18:02:23 +0100 Andy a...@brandwatch.com wrote: Hi Try setting the advskew to a number greater than 200 and less then 254. This seems to be the most stable.

Re: carp not reverting to master

Please excuse typos, sent from my phone On 15 Oct 2014, at 19:13, Marko Cupać marko.cu...@mimar.rs wrote: On Thu, 02 Oct 2014 18:02:23 +0100 Andy a...@brandwatch.com wrote: Hi Try setting the advskew to a number greater than 200 and less then 254. This seems to be the most stable.

GRE tunnel through IPSec tunnel

Hi guys, I’m a bit confused (easily done) as to how I would configure a GRE tunnel through an IPSec tunnel? I have *many* subnets at each site, and I have a full mesh of IPSec tunnels between each site, for each and every subnet at each site.. Urghhh! :_( Its over 100 tunnels now.. If I were

Using percentages in the new queuing syntax

Hi, Hopefully this is just a quick question and I'm missing something here, but it seems that we can no longer use percentages in our PF child queues. For example; This:- altq on $if_trunk bandwidth 4294Mb hfsc queue { _local, _wan } oldqueue _local on $if_trunk bandwidth 4100Mb priority 4

Re: Using percentages in the new queuing syntax

...@spacehopper.org wrote: In gmane.os.openbsd.misc, Andy Lemin wrote: Hopefully this is just a quick question and I'm missing something here, but it seems that we can no longer use percentages in our PF child queues. It hasn't been implemented for the queue rewrite yet. That said

Re: Using percentages in the new queuing syntax

percentages take from their parent etc.. Cheers, Andy. On 24 Feb 2015, at 15:26, Andy Lemin a...@brandwatch.com wrote: Hi, Hopefully this is just a quick question and I'm missing something here, but it seems that we can no longer use percentages in our PF child queues. For example; This:- altq

Re: missing snmp OID's

Hi Stuart, Thanks for this. However I think I'm still missing something.. Sorry ;) On 24 Apr 2015, at 00:37, Stuart Henderson s...@spacehopper.org wrote: On 2015-04-23, andy a...@brandwatch.com wrote: Hi, This should be a simple one ;) I have configured and started snmpd, and then used

Re: PF Packet Flow Diagram

Haha, Oops! thanks Doug.. Here it is instead.. http://s12.postimg.org/i4pggq465/Open_BSDPFPacket_Flow.jpg http://s12.postimg.org/i4pggq465/Open_BSDPFPacket_Flow.jpg Cheers, Andy. On 23 Jun 2015, at 14:13, Doug Hogan d...@acyclic.org wrote: On Tue, Jun 23, 2015 at 11:56:17AM +0100, Andy

Re: pf nat and routing question

Hi, We do exactly the same thing for our wifi network. Users on wifi can *only* use public IP addresses. The solution is easy, you just have to consider where you do your nat'ing; You can't do bin-at, so you will need nat-to and rdr-to rules to make it work. E.g. The following line translates

Re: PF Packet Flow Diagram

Hi, On 25 Jun 2015, at 10:31, Jiri B ji...@devio.us wrote: On Thu, Jun 25, 2015 at 10:15:08AM +0100, Andy Lemin wrote: Surprised I've not had any replies for this? http://s12.postimg.org/i4pggq465/Open_BSDPFPacket_Flow.jpg http://s12.postimg.org/i4pggq465/Open_BSDPFPacket_Flow.jpg I

Re: pf nat and routing question

On 25 Jun 2015, at 15:46, Marko Cupać marko.cu...@mimar.rs wrote: On Wed, 24 Jun 2015 08:17:15 -0400 Michel Blais mic...@targointernet.com wrote: The solution seem his explain on this link ‎http://www.openbsd.org/faq/pf/rdr.html#reflect On Thu, 25 Jun 2015 14:50:42 +0100 Andy Lemin

Re: PF Packet Flow Diagram

quickly re-do it. I can't believe nothing has changed in 5 years (I think thats when the original I saw was dated). Anyway, I try and message Henning directly and get his thoughts, and I'll post back here once its got his approval. Cheers, Andy. On 23 Jun 2015, at 14:27, Andy Lemin

Re: HA / load balancing / fail-over using CARP

Hi, You can already do active-active CARP with OpenBSD. I believe it hashes by the MAC address (the MAC hash dictates which firewall responds to an ARP for the gateway IP). However you may have issues with states and state synchronisation depending on the pps and firewall hardware performance,

Re: HA / load balancing / fail-over using CARP

in active-backup mode for now. Doesn't mean you should't try active-active out (in a lab).. But if you're only talking 500mbps, stick with steady and stable ;) Romain From: Andy Lemin [mailto:a...@brandwatch.com] Sent: mardi 23 juin 2015 11:25 To: Romain FABBRI Cc: Aviolat Romain; 'misc

PF Packet Flow Diagram

Hi, I was updating an old copy of the PF flow diagram I had lying around and thought I'd post here quickly for comments / additions / corrections? Would be nice to update this and make it comprehensive as possible. [demime 1.01d removed an attachment of type application/pdf which had a name of

64 Queue Sizes in OpenBSD 5.8

Hi, Is their any news whether we'll have 64bit PF queue sizes soon? Our link between our Primary and DR DCs needs more than 4.2Gbps, but we cannot shape traffic above this due to the 32bit queues. Simply we need to impose shaping to ensure the CDR is not breached. We really need to upgrade the

Re: PF Packet Flow Diagram

this second box also append this extra info to the state that was created at the previous step (Packet Filtering)? I haven't added this yet.. On Thu, Jun 25, 2015 at 10:15:08AM +0100, Andy Lemin wrote: Surprised I've not had any replies for this? http://s12.postimg.org/i4pggq465

Re: pf changes port on udp nat-to and rdr-to reply packets (RTP stream)

Because of this "Remember that static-port means you can't have two machines behind the same NAT using the same source port and destination.", you should instead probably use "binat-to" as a good practice. This will help force you to not be able to accidentally reuse the same public IP for

Possible SNMPD Bug - IF-MIB::ifInDiscards (and maybe ifOutDiscards) report the same value for every single interface :(

Hi list :) We have noticed our monitoring systems are reporting and alerting the wrong data for OpenBSD Interface Discards since adding all the OpenBSD firewalls to our new Monitoring system. And we have proven that it is SNMPD which is returning the same value for every single interface with;

5.9 is the best release yet, very excited for 6.0 - but worried some things will be missing that will ruin the fanfare

Not to say previous releases haven't been as great (they all are), but I must say that 5.9 really does feel like a huge step towards a massive milestone (well done), and 6.0 will hopefully be the release that kills the GIANT lock for OpenBSD as a firewall. So really thank you.. For ourselves,

Re: is 'set prio' in pf unidirectional or bidirectional?

Peter is quite right, to add some examples to his suggestion; tcpdump -nettti pflog0 <- Shows only dropped packets tcpdump -nettti em0 <- Shows all packets on the interface, including ToS values and VLAN ID etc. tcpdump -nettti vlanX <- Shows only packets on the VLAN without the extra info. Sure

Re: is 'set prio' in pf unidirectional or bidirectional?

HP switches, you cannot modify this DiffServ <-> CoS mapping. So the suggestion at the bottom is just to set a ToS that HP switches will prioritise.. Have fun, all the best. Andy Lemin On Wed, Jun 15, 2016 at 8:18 PM, Andy Lemin <a...@brandwatch.com> wrote: > Peter is quite rig

64 Queue Size, ARC routing, MP Networking, OpenBSD 5.9

Hi everyone, Just a couple very quick 5.9 questions; 1) Will 5.9 have a 64bit integer for the queue sizes, or are we still limited to ~4294M? 2) When 5.9 comes out, will the new ARC routing table be enabled by default? If not can we turn it on without building from source? 3) Does anyone know

Re: 64 Queue Size, ARC routing, MP Networking, OpenBSD 5.9

created at the previous step (Packet Filtering)? Thanks everyone, Andy. On Sun, Feb 7, 2016 at 9:06 PM, Stuart Henderson <s...@spacehopper.org> wrote: > On 2016-02-07, Andy Lemin <a...@brandwatch.com> wrote: > > Hi everyone, > > > > Just a couple very quick 5.9 que

Re: 64 Queue Size, ARC routing, MP Networking, OpenBSD 5.9

Cappuccio wrote: > > Andy Lemin [a...@brandwatch.com] wrote: > > > > > > >ART not ARC. It's not enabled by default, you'll need to build > > > a new kernel to use it. > > > > > > Any clues how to enable "ART" when building? ;) > >

Re: hostname.carp - CARP Bootup Woes Correct layout / format for >=5.9 - man page for hostname.carp

tart INIT->Backup (without a Master flap), and no errors are seen in dmesg. This is not obvious after working with the ifconfig commands, and there is no man so I hope this helps some people :) Cheers, All the best, Andy. On Wed, May 18, 2016 at 11:24 AM, Andy Lemin <a...@brandwatch.com> wr

hostname.carp - CARP Bootup Woes Correct layout / format for >=5.9 - man page for hostname.carp

Hi Misc, Since 5.9 (maybe earlier), we noticed that our CARP interfaces no longer behave as before, don't initialise properly on boot up, and throw errors at boot. I know there has been lots of changes, especially IPv6. So hopefully this is a simple question and I'm just being stupid, and unable

Re: hostname.carp - CARP Bootup Woes Correct layout / format for >=5.9 - man page for hostname.carp

e 2 advskew 10 carppeer 10.255.12.3 pass testpass vhid 212 inet 10.255.12.1 255.255.255.0 10.255.12.255 inet6 2a00:77e0:255:12::1 64 inet6 eui64 description "4D_CDC_VPLS" Cheers, Andy. On Tue, May 17, 2016 at 5:37 PM, Martin Pieuchot <m...@openbsd.org> wrote: > On 17/05/16(T

Output Errors on VLAN interfaces

Hi guys, Has anyone else seen issues with "output errors" occurring on only VLAN interfaces since upgrading to 5.9? (and after using openup to get latest kernel). It does not happen on all VLAN interfaces, only ones under load. The underlying trunk does not report any Rx or Tx errors at all.

OSPFD, setting point-to-point

Hi, Does anyone know if it is possible to set an ethernet crossover cable between two OpenBSD firewalls running OpenOSPFD as point-to-point? OpenOSPFD recognises GRE's as point-to-point so the logic is there for handling a point-to-point adjacency, but cannot see how to set this on the ethernet

Re: OSPFD, setting point-to-point

ethernet p2p link. This causes local traffic to briefly traverse another remote router via the GRE's for a moment, whilst waiting for the local adjacency via the ethernet cable to finish their election etc. Thanks, Andy. On Mon, Aug 8, 2016 at 5:12 PM, Andy Lemin <a...@brandwatch.com> wrote:

SNMPD Source Address Issues

Hi, TLDR; Is there a way of fixing the "source address" that SNMPD should use? We are having issues with reply snmpd packets sourcing from the egress interface and not the loopback interface which the poll request was sent to :( We have many GRE tunnels and various routes which traffic can

Re: Output Errors on VLAN interfaces

I have the code open, I am also going to have another go at trying to find the missing 64bit counter/range check etc for the HFSC queue size tomorrow (if I dont get dragged onto anything else). Thanks for your time and help guys, Kind regards, Andy Lemin On Tue, Aug 9, 2016 at 2:48 AM, Chris Cap

Fan Speed - Supermicro

Hi, I know this is probably a simple question, but we have searched, found very little, and tried various things to no effect. We have a Supermicro server running OpenBSD which is _screaming_ loud due to fan noise. BIOS is latest and power mode is "Balanced" (during POST it is nice and quiet

Re: Fan Speed - Supermicro

Surprised this is the default, but it is a server... Cheers, Andy. On Mon, Nov 21, 2016 at 2:10 PM, Delan Azabani <de...@azabani.com> wrote: > At 19:11, Andy Lemin <a...@brandwatch.com> wrote: > > but we cannot figure out how to control the fan speed at all. > > Every board in the X9D

Re: Libressl issue verifying self-signed certs with tls-auth and Openvpn

Hi Stuart and Joel, Just to confirm for others reading, you are very correct. And patch 014_libcrypto has fixed this :) So just run syspatch (or openup) and you'll be working again. Thanks for the commits ;) PS; good to hear from you again Stuart! Long time.. I'm on this email now rather

Re: Libressl issue verifying self-signed certs with tls-auth and Openvpn

c.. However notice that openvpn is still linking to 2.5.2. > > It would be great if someone would be kind enough to confirm if this CVE is > indeed the same issue, and if 2.5.4 includes the relevant fixes for it? > > And if yes, a gentle nudge as to how to get openvpn to link to t

Re: van Sprundel

t 12:56:26PM +, Andy Lemin wrote: >> Really, did he actually post any real vulnerabilities to OpenBSD! >> >> This article has to be govt propaganda.. >> >> https://www.csoonline.com/article/3250653/open-source-tools/is-the-bsd-os-dying-some-security-researchers-th

van Sprundel

Really, did he actually post any real vulnerabilities to OpenBSD! This article has to be govt propaganda.. https://www.csoonline.com/article/3250653/open-source-tools/is-the-bsd-os-dying-some-security-researchers-think-so.amp.html I was laughing with tears when I read this.. OpenBSD is the

Re: PF Outbound traffic Load Balancing over multiple tun/openvpn interfaces/tunnels

Hi Andreas, Thanks for your reply. Sorry I should have been more clear. I know that rdomains are the correct method with overlapping addressing. The challenge is that I cannot figure out how to get openvpn to initialise it’s resulting tunX interface directly into the correct rdomain? You

Re: PF Outbound traffic Load Balancing over multiple tun/openvpn interfaces/tunnels

Hi, So for completeness, I did some more testing with your suggestions. First I tried using different nexthop’s in each of the interface-nexthop pairs in the route-to pool (as the next hop doesn’t really matter with p2p interfaces). And it did start to work! :) But after some more testing it

Re: DNS Race Condition on Boot

9:14:19AM +0100, Andy Lemin wrote: >> >> Hi guys, >> >> Is anyone else aware of the Unbound and PF race condition that exists when >> FQDNs are used in pf.conf with a local Unbound server? > > Yes, it's an obvious one isn't it? > >> >>

DNS Race Condition on Boot

Hi guys, Is anyone else aware of the Unbound and PF race condition that exists when FQDNs are used in pf.conf with a local Unbound server? The issue occurs when pf starts before unbound, but where pf fails to start as it cannot resolve some DNS names.. and so unbound also fails to work when it

Re: Building Unbound with Python module support

from a teeny tiny keyboard, so please excuse typos > On 7 Aug 2019, at 00:03, Andy Lemin wrote: > > Hi Stuart, > > Thanks for your reply. > > So I put in some leg work to set myself up so I could build a new release > base system, and went digging. > > And I foun

Re: Building Unbound with Python module support

with fresh eyes the next day ;) All working now. You guys are heros. Thank you for the gentle nudges in the right direction. Kindest regards. Andy Lemin Sent from a teeny tiny keyboard, so please excuse typos > On 7 Aug 2019, at 09:01, Claudio Jeker wrote: > >> On Wed, Aug 07, 2019 a

Re: Best 1Gbe NIC

> On 2 Aug 2019, at 09:52, Jonathan Gray wrote: > >> On Fri, Aug 02, 2019 at 09:19:09AM +0100, Andy Lemin wrote: >> Hi list, >> >> I know this is a rather classic question, but I have searched a lot on this >> again recently, and I just cannot find a

Best 1Gbe NIC

Hi list, I know this is a rather classic question, but I have searched a lot on this again recently, and I just cannot find any conclusive up to date information? I am looking to buy the best 1Gbe NIC possible for OpenBSD and the only official comments I can find relate to 3COM for ISA, or

Re: Best 1Gbe NIC

ote: > > I find cheap PCI-Express and PCI-X em(4) cards suffice for my needs. 990-992 > Mbps with tcpbench. > > >>> On Aug 2, 2019, at 11:26 AM, Claudio Jeker wrote: >>> >>> On Fri, Aug 02, 2019 at 12:28:58PM +0100, Andy Lemin wrote: >>> Ahhh,

Building Unbound with Python module support

Hi guys, I’m just after some general advice as I feel like I’m doing something wrong, and having to hack around too much for what I believe should be simple. I am developing a simple Python plugin for Unbound, and the default Unbound install on OpenBSD sadly wasn’t built with

Re: Building Unbound with Python module support

this project native/portable so other users can use this project without having to rebuild Unbound? Thanks Andy. Sent from a teeny tiny keyboard, so please excuse typos > On 6 Aug 2019, at 19:36, Stuart Henderson wrote: > >> On 2019-08-06, Andy Lemin wrote: >> Hi guys, >>

Re: Disable ftp in pkg_add syspatch sysupgrade

For completeness, I discovered I was having issues with downloading the sources for the sysupgrade command on my edge firewall also! So it was not limited to internet servers as first thought. Since upgrading the 6.6 (had to run sysupgrade 4 times to get it to complete the downloads), the

Re: Disable ftp in pkg_add syspatch sysupgrade

Hahaha Thanks Theo, that made me smile. But you have answered my question perfectly, albeit in a round about way. Indeed it doesn’t matter what it is called, and would be clearer with a generic name, as we got caught out by a program calling another program with colliding name. For example,

Disable ftp in pkg_add syspatch sysupgrade

Hi guys, Does anyone know if it is possible to completely disable ftp in the package management utilities; pkg_add, syspatch, sysupgrade etc? My PKG_PATH references http:// urls, as does /etc/install. But I cannot stop these tools trying to use ftp which does not work! :( Every time I try and

problems with outbound load-balancing (PF sticky-address for destination IPs)

Hi smart people :) The current implementation of ‘sticky-address‘ relates only to a sticky source IP. https://www.openbsd.org/faq/pf/pools.html This is used for inbound server load balancing, by ensuring that all socket connections from the same client/user/IP on the internet goes to the same

Re: PF queue bandwidth limited to 32bit value

> On 15 Sep 2023, at 18:54, Stuart Henderson wrote: > > On 2023/09/15 13:40, Andy Lemin wrote: >> Hi Stuart, >> >> Seeing as it seems like everyone is too busy, and my workaround >> (not queue some flows on interfaces with queue defined) seems of no

Re: PF queue bandwidth limited to 32bit value

Hi Stuart,Seeing as it seems like everyone is too busy, and my workaround (not queue some flows on interfaces with queue defined) seems of no interest, and my current hack to use queuing on Vlan interfaces is a very incomplete and restrictive workaround;Would you please be so kind as to provide me

Re: Default rdomain for CLI commands

8:39:33AM -, Stuart Henderson wrote: >>> On 2023-10-24, Andy Lemin wrote: >>> Hi all, >>> >>> Just a quick question. >>> >>> I have multiple rdomains. My outside rdomain (rdomain 0) has a single >>> default route to my ISP. And my

Re: OpenBSD Wireguard implementation not copying ToS from inner to outer WG header

> On 29 Sep 2023, at 00:09, Sonic wrote: > >  > Hopefully not as dumb of a question as I suspect it might be. > Does the generic... > = > match out on $ext_if inet proto tcp from ($ext_if) set prio (3, 7) > match in on $ext_if inet proto tcp to ($ext_if) set prio (3, 7) > = >

Re: OpenBSD Wireguard implementation not copying ToS from inner to outer WG header

On 19 Sep 2023, at 20:07, Janne Johansson wrote:Den sön 17 sep. 2023 kl 09:19 skrev Andrew Lemin :Hi, I have been testing the Wireguard implementation on OpenBSD and noticed that the ToS field is not being copied from the inner unencrypted header to the outer Wireguard

Re: Default rdomain for CLI commands

routes, so now have to _always_ prefix with route -T0 exec (to support automated route changes etc). This must be unexpected behaviour to change dynamically like this? Thanks for your help, Andy. > On 24 Oct 2023, at 14:09, Lyndon Nerenberg (VE7TFX/VE6BBM) > wrote: > > Andy

Default rdomain for CLI commands

Hi all, Just a quick question. I have multiple rdomains. My outside rdomain (rdomain 0) has a single default route to my ISP. And my internal rdomain 9 has multiple default routes pointing to various pairX interfaces for some funky routing stuff. Everything works beautifully, however, every