Re: pf in 4.0 not honoring nat rule with table for vlan tagged interface

behave as if using a physical interface? 2. Why the workaround above to get pf working with the vlan tagged interface? Bug in pf? -- albert chin ([EMAIL PROTECTED]) l8* -lava (Brian A. Seklecki - Pittsburgh, PA, USA) http://www.spiritual-machines.org/ Guilty

CARP interface state change logging patch

transition from: %s - to: %s, carp_states[sc-sc_state], carp_states[state])); if (sc-sc_state == state) return; l8* -lava (Brian A. Seklecki - Pittsburgh, PA, USA) http://www.spiritual-machines.org/ Guilty? Yeah. But he knows it. I mean

Re: [Nagiosplug-devel] nagios check_carp for OpenBSD carp(4)

, 2006-12-15 at 19:15 -0500, Brian A. Seklecki wrote: Thoughts? Strategies? Ideas? --- IMPORTANT: This message contains confidential information and is intended only for the individual named. If the reader of this message is not an intended recipient (or the individual responsible

Re: max number of connections through the firewall

of? Will the firewall run into other problems before it runs out of memory? Will NAT use memory in the scenario described above? -- Florin Andrei http://florin.myip.org/ l8* -lava (Brian A. Seklecki - Pittsburgh, PA, USA) http://www.spiritual-machines.org/ Guilty? Yeah. But he knows

Re: OBSD 4.1 drops to ddb with cdd0: error 22 on component 0 (and 1 (mirror))

This is the expected behavior for a failure on a CCD component. Try cutting the SATA cable to a live system some time; watch the kernel panic there as well. Suddenly it cant stat() / or read/write from swap. You're playing with fire with CCD anyway: RAID0. The stuff in 4.1 wasn't touched for

Re: Kernel MINIROOTSIZE 8192 = No Boot

and has a quick one-line fix such as this. (only to get a you're not running GENERIC response) I know there are people out there running embedded environments who were testing 4.1 during -current. ~BAS -- Brian A. Seklecki [EMAIL PROTECTED] Collaborative Fusion, Inc. IMPORTANT: This message

Re: vlan configuration: off-topic

maybe and *BSD vlan(1) wont transmit VLAN 1 as tagged (per spec) Correct -- Thank you. I misspoke. It _will_ transmit it tagged as VLAN1 (if vlan1 interface is defined), but whether the receiving VLAN1 interface on the PowerConnect can ever receive is anyone's guess. I suppose it

Re: vlan configuration: off-topic

On Sun, 2008-01-20 at 00:11 +, Mike wrote: Hey Brian, I read your post about removing dell switches from your network. Just curious which models are you referring to? PowerConnect 27xx Managed Entry-Level. Everything else is a re-branded Cisco with a crippled ISO version. ~BAS

Re: Remote syslog

syslog-ng + transport mode IPSec (or tunnel, if you have infrastructure on either end). use pf(4) to ensure that only IPSec peers can write. ~BAS On Tue, 2008-02-19 at 21:42 -0700, Steve B wrote: and whether you are doing it over SSH or IPSEC? I have looked at various

Re: Projector/external monitor not working on OpenBSD 4.2-current on Thinkpad X60

read the man page i810(4): Option MonitorLayout anystr Allow different monitor configurations. e.g. CRT,LFP will configure a CRT on Pipe A and an LFP on Pipe B. Regardless of the primary headsb pipe it is always configured as PIPEA,PIPEB.

Re: libc.so.39.3

It would be in the base.tgz in release 3.9 You may have upgraded and an old binary may be linked against the old version. Try making a symlink. On Sat, 2008-02-23 at 14:07 -0500, Jay Hart wrote: On base OpenBSD 4.2. What package should I install to get the above library? Thanks, Jay

Re: libc.so.39.3

On Sat, 2008-02-23 at 12:30 -0700, Theo de Raadt wrote: No, do not make a symbolic link. Right, for the record and mail archives, a symlink would only be a temp solution and is not guaranteed (likely even) to solve the problem. Obviously, Jay is not working on in a production environment,

Re: Watching the prgress of dd if=drive1 of=drive2

On Sat, 2008-02-23 at 12:15 -0800, Jon wrote: I'm using dd to clone a drive. How can I watch the progress of this or see the transfer rate in real time? http://www.openbsd.org/cgi-bin/cvsweb/src/bin/dd/dd.c?rev=1.15content-type=text/x-cvsweb-markup main(int argc, char *argv[])

Re: openbsd router hardware

On Sun, 2008-03-02 at 09:04 +0100, Joerg Zinke wrote: This will be my first VIA Board, will see how it works... That's great news. I run some VIA -- not at all bad. But they've still got a long way to go before they re-earn the community's trust. A decade of problems doesn't just go away

Re: openbsd router hardware

On Wed, 2008-03-05 at 09:55 -0800, Joe wrote: Perhaps you got a bad board in your past? I've had 10 years of bad VIA chipsets (pciide(4), etc.) Anyone who has been on the lists for a few years knows the same old story. Results 1-10 of about 3,170 for bsd VIA ATA dma error ~BAS

Re: PF and application level firewall

-- Brian A. Seklecki [EMAIL PROTECTED] Collaborative Fusion, Inc. IMPORTANT: This message contains confidential information and is intended only for the individual named. If the reader of this message is not an intended recipient (or the individual responsible for the delivery of this message

Re: Vlan tagging and Carp

On Wed, 2008-03-26 at 09:32 -0400, G 0kita wrote: Hello all! I'm having some trouble with getting an OpenBSD box to properly tag packets via 802.1Q. I'm setting up an OpenBSD4.2 router pulling data off a trunk port on a Cisco 2960 switch. I can see the packets traverse the stack upwards but

Re: Vlan tagging and Carp

On Wed, 2008-03-26 at 10:01 -0400, G 0kita wrote: --- Nah, a /29 is the smallest WAN space you can use for a CARP - CARP (or HSRP/VRRP) Ethernet WAN transport. If you have that budget and business need, then you can afford the hardware and IP space. Remember, you can always use _RFC1918 private

Re: configuration tweaks for CF-based systems?

one month of Blockbuster Total Access, No Cost. http://tc.deals.yahoo.com/tc/blockbuster/text5.com -- Brian A. Seklecki [EMAIL PROTECTED] Collaborative Fusion, Inc.

Re: Sendmail security problem

On Fri, 24 Mar 2006, Joachim Schipper wrote: On Fri, Mar 24, 2006 at 02:14:50PM +, Stuart Henderson wrote: On 2006/03/24 14:12, Alexander Bochmann wrote: ...on Thu, Mar 23, 2006 at 12:22:37PM +0100, Anthony Howe wrote: P gnu/usr.sbin/sendmail/libsm/refill.c P

Re: Microsoft SP1 RPC traffic (Active Directory issues)

On Thu, 20 Apr 2006, James Mackinnon wrote: Good day everyone Recently, I installed SP1 on some domain controllers and ran into an issue where microsoft changed rpc data with SP1 and firewalls such as microsofts own ISA server as well as checkpoint have started to randomly block this data.

Re: Panic: biodone already

On Thu, 20 Apr 2006, Pedro Martelletto wrote: The raid(4) codebase is old, unmaintained, and known to have issues. That's one of the reasons it's not in the stock kernel. Oh I thought the OpenBSD team was silently discouraging people from the practice of using software RAID. :} That

Override errno EBUSY on rd(4) device after boot in mount(2)?

Is there any way to override the flag on a device that permits it from being mounted twice?MNT_FORCE isn't it. I've got an embedded environment I'm setting up where I want to transfer the root (/) file system from an rd(4) to an MFS. To do this, I have to add some customizations to copy() in

Re: 3.7: weird IP address problem

On Mon, 24 Apr 2006, Toni Mueller wrote: Hello, I have a box that once had two IP addresses on one interface. I deconfigured one of them using ifconfig -alias. I'd rather not reboot only to make a change in IP numbers effective... Check netstat -rn and arp -an for hangers-on lingering

Re: isakmpd - DPD stops working

On Fri, 21 Apr 2006, Mitja Mu?eni? wrote: I'm debbuging something weird here. Before I put together a full and sanitized error report, just a quick question: is anybody else seeing DPD to just stop working after a couple of hours, or is it just me my setup? I have some pre-3.9 -current (mid

Re: Tape drive DLT VS160

On Mon, 24 Apr 2006, Planck wrote: Hello. I have tape drive Quantum DLT VS160 (part of dmesg bellow) connected to Adaptec AHA-2940. Everything work fine, but i dont know how to enable hardware compresion on that drive. There aren't any jumpers on enclosure, and mt(1) or st(4) dont say anytging

Re: 3.7: weird IP address problem

On Mon, 24 Apr 2006, Toni Mueller wrote: Hello, I have a box that once had two IP addresses on one interface. I deconfigured one of them using ifconfig -alias. Now, when I want to use any (?) program on that box to go over this interface, it wants to use the addresses which is no longer

Alter root FS device after boot?

All: Would it be hypothetical possible to change the device mounted as (/) after the system has booted (possibly during the bootstrapping phase)? This of course overriding the checks in src/sys/kern/sys_vfs* ~BAS

Re: Alter root FS device after boot?

you can't ever unount the first / mount after init starts, because that would mean revoking init's vnode. Yes after disabling the kernel checks I've tried to do this and it seems to cause a complete halt of the system. If only I could bypass the check that disallows a device from becoming

Building bsd.rd in cdrom39.fs with RAIDFrame

RAIDFrame enabled OpenBSD systems, or use your .ISO with your DRAC card via remote media. l8* -lava (Brian A. Seklecki - Pittsburgh, PA, USA) http://www.spiritual-machines.org/ ...from back in the heady days when helpdesk meant nothing, diskquota meant everything, and lives could

Re: Building bsd.rd in cdrom39.fs with RAIDFrame

} clean ${MAKE} depend exec ${MAKE} notes: -- On Fri, 8 Sep 2006, Brian A. Seklecki wrote: One of the big problems with RAIDFrame support absence in GENERIC is that it's also lacking in RAMDISK and RAMDISK_CD. This prevents RAIDFrame users from doing binary updates off boot media. This can

carp(4) debugging

/backup election process. Certainly a way to log events (interfaces, etc.) and the resulting actions taken by the code would be useful in mission critical environments. Anything beats tcpdump 'proto carp' and making guesses from there. TIA, -lava (Brian A. Seklecki - Pittsburgh, PA

Re: carp(4) debugging

of max states (set limit states 20, etc.) ~BAS On Wed, 11 Oct 2006, Ryan McBride wrote: On Tue, Oct 10, 2006 at 05:50:50PM -0400, Brian A. Seklecki wrote: Certainly a way to log events (interfaces, etc.) and the resulting actions taken by the code would be useful in mission critical

Re: ports question

and so the screen just keeps right on trucking and you don't have time to read it. Is there some command or somewhere you can go to see what the message was? --Bryan l8* -lava (Brian A. Seklecki - Pittsburgh, PA, USA) http://www.spiritual-machines.org/ ...from back

Re: nagios monitoring of a remote openntp service

; [EMAIL PROTECTED]:12$ /usr/local/libexec/nagios/check_ntp_time -H ntp NTP OK: Offset -0.002711469308 secs|offset=-0.002711s; 60.00;120.00; so, it can work. -- Brian A. Seklecki [EMAIL PROTECTED] Collaborative Fusion, Inc.

Re: snmpd

at the top of my priority list. -- Brian A. Seklecki [EMAIL PROTECTED] Collaborative Fusion, Inc.

Re: snmpd

] [host] UCD-DISKIO-MIB::diskIOTable The sensor stuff should be committed into the Ports version of Net-SNMP by now. I can get it committed to Pkgsrc if not. Its just not been at the top of my priority list. -- Brian A. Seklecki Collaborative Fusion, Inc

sshd_config(5) PermitRootLogin yes

Am I reading this right? http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/sshd_config?rev=1.80content-type=text/x-cvsweb-markup I dont have a fresh install anywhere -- but I want to say that it doesnt default to PermitRootLogin yes after the install. I remember that I filed PRs with

Re: sshd_config(5) PermitRootLogin yes

On Thu, 10 Jul 2008, Brynet wrote: The keyword here is *default*. Say you installed OpenBSD on a soekris, it's nice having root enabled temporarily. That way you can login at a later time, create a lesser privledged account, On Soekris, does the first boot console access not function

Re: sshd_config(5) PermitRootLogin yes

afterboot(8) covers this Works for me, I guess. =/ ~BAS http://www.openbsd.org/cgi-bin/man.cgi?query=afterbootapropos=0sektion=0ma npath=OpenBSD+Currentarch=i386format=html

Re: sshd_config(5) PermitRootLogin yes

the rationel why the rest of the projects changed it. ~~BAS On Thu, Jul 10, 2008 at 10:35:06AM -0400, Brian A. Seklecki wrote: Am I reading this right? http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/sshd_config?rev=1.80content-type=text/x-cvsweb-markup I dont have a fresh install

Re: sshd_config(5) PermitRootLogin yes

types worry because they don't really understand security. On Thu, Jul 10, 2008 at 01:38:22PM -0400, Brian A. Seklecki wrote: On Thu, 10 Jul 2008, Marco Peereboom wrote: Of course it is enabled by default. Why do I want a box that is freshly installed and unreachable? No -- I just find

Re: contact info for PC Weasel?

On Wed, 2008-08-06 at 13:58 -0700, Chris Cappuccio wrote: spend your money on a motherboard with serial console. like a supermicro board or something. you'll be happier. No offense but: No. No you wont. Unless you have IPMI or something like Dell's DRAC (4, not 5 -- 5 sux big time). The

OpenBSD 4.0/i386 w/ raid(4) ISO (-stable w/ RAIDFrame)

SHA1: b7e33764ab96e1a2db0d125d07e9628367680858 Size: 175331328 -- Brian A. Seklecki [EMAIL PROTECTED] Collaborative Fusion, Inc. Subject: If you please: OpenBSD 4.0/i386 ISO (-stable w/ RAIDFrame) From: Brian A. Seklecki [EMAIL PROTECTED] To: [EMAIL PROTECTED] Organization: Collaborative Fusion, Inc

Re: OpenBSD 4.0/i386 w/ raid(4) ISO (-stable w/ RAIDFrame)

On Wed, 13 Dec 2006, Brian A. Seklecki wrote: All: BTW, it is far from optimal, but the following BRE works: DKDEVS=$(scan_dmesg ${MDDKDEVS:-/^\(rai\)*[sw]*d[0-9][0-9]* /s/ .*//p}) ...because saying: may contain one \(rai\)* or more, but not either, and (or?)... may contain one of either

Re: openbsd 4.0 snmpd core dumps with vlan interface number higher as 9

vlan10 it works again. the core dump is here http://www.tbits.org/snmpd.core.gz Have everyone an idea ? Thx Thomas l8* -lava (Brian A. Seklecki - Pittsburgh, PA, USA) http://www.spiritual-machines.org/ ...from back in the heady days when helpdesk meant nothing, diskquota

Master ${SKIPDIR} manifest

Is anyone maintaining a ${SKIPDIR} manifest? A master list of source directories, organized logically by subsystem? Something to match the variety of make.conf(5)/mk.conf(5) knobs in other systems? l8* -lava (Brian A. Seklecki - Pittsburgh, PA, USA) http

Re: searching a good MRTG/SNMP configuration

move all those reports to its www-chroot. If I need to I'll create one myself, but after fiddeling around with it for a couple of hours I thought about the reinvention of the wheel and its waste of time. Regards, ahb -- PONEDELXNIK, 5 FEWRALQ 2007 G. 10:45:05 (MSK) l8* -lava (Brian

Re: External 250Gb USB Disk with three FAT32 partitions, device not configured

with are the device of the external usb box that runs ok) is Device not configured. A lot of thanks -- Angel Sancho Alvarez l8* -lava (Brian A. Seklecki - Pittsburgh, PA, USA) http://www.spiritual-machines.org/ ...from back in the heady days when helpdesk meant nothing

Re: Speedtouch modem and PPPoA

On Mon, 5 Feb 2007, Luca wrote: Hi all, I installed for the first time the Speedtouch 330, compiled the source code (http://speedtouch.sourceforge.net/index.php?/index.en.html), installed the firmware...launched the script...it takes about 10 minutes to bring up the tun0 interface and get a

mk.conf(5) note about ${SKIPDIR}

* -lava (Brian A. Seklecki - Pittsburgh, PA, USA) http://www.spiritual-machines.org/

Re: SSH client (putty) hangs after name/password login

I tried the above (see link) but still it won't work... Does the privsep sshd(8) process spawn on the server? Does that spawn a login shell of the associated user? pstree(8) will show. Also, fire up debugging levels? #LogLevel INFO - DEBUG, DEBUG1, DEBUG3 etc. ~BAS help !

Re: SSH client (putty) hangs after name/password login

Hello Brian, Not quite sure what you mean with pstree...don't know the command and no 'man pstree' on my 3.8 system..? It's in the psmisc/ package Note that I no problems logging into the system while on the local network (doing this via a PC that I remotely manage). When I do a SSH session

Re: SSH client (putty) hangs after name/password login

On Tue, 6 Feb 2007, forums wrote: Hello, That was my first guess as well...For that reason I set the option UseDNS NO Yea. When DNS times occur, the login process never completes. In fact, before the prompt appears the timeour occurs. AS

Master ${SKIPDIR} manifest (fwd)

) attempt reduces build sizes: # du -hs /usr/obj/ /usr/destdir /usr/releasedir/ 475M/usr/obj/ 243M/usr/destdir 104M/usr/releasedir/ (Down from the usual 850m+ obj/, etc.) ~BAS -- Forwarded message -- Date: Mon, 5 Feb 2007 01:06:07 -0500 (EST) From: Brian A. Seklecki [EMAIL

Re: Mbufs tunning

On Fri, 2007-03-16 at 18:30 -0300, Gustavo Rios wrote: Dear gentleman, when i execute some command on my server box, i got a complain about not enough buffer available. For instance. $ rusers rusers: can't send broadcast packet: No buffer space available $ netstat(8) -m gives some

Re: sshd configure howto

From an architecture standpoint, It wouldn't be within the mandate of sshd(8) anyway. You'd accomplish this using some userland resource quota enforcement policy (max number of processes, max instances of a shell). Hell you could do it in /etc/profile or ~/.cshrc I don't know of one OTTMH,

Re: isakmpd

with lots of known-good-working isakmpd(8) / isakmpd.conf(5) examples. ~BAS I think i have seen some sample config before but i cant seem to find any now.. Any help would be appreciated.. /Daniel -- Brian A. Seklecki [EMAIL PROTECTED] Collaborative Fusion, Inc. IMPORTANT: This message

Re: recommendation for router (COMMELL)

What *would* you recommend? In addition to the listed duties, I am looking for stability, For a mail server appliance, Axiomtek units are the only way to fly. Try the NA-820. We've been nothing but pleased, and of all the cheap Award/AMI BIOS's, theirs has been the best performing so far,

Re: LDAP and OpenBSD

On Fri, 2008-10-10 at 19:52 +0200, raven wrote: I'm thinking how my users into an ldap db can login into my openbsd One would need NSS_LDAP and PAM_LDAP, which requires PAM and NSS infrastructure in-tree. Likely you'd want to sponsor development for something like that. ~BAS -- Brian

Re: PF Queue on a GROUP of nics?

On Mon, 2008-10-06 at 16:39 +1100, Sunnz wrote: Is it possible? Say I have a few nics of the same group... dc0 dc1 dc2 dc3... which all belong to a group dc. Sunnz Do you mean a shared queue where downstream bandwidth from a single upstream interface is proportionally divided into two

Advanced Queuing: Host-Only Stateful Inspection and Queues

[Long Message Disclaimer] All: I was just looking over Peter Hansteen's PF book -- It's a great reference, but the coverage on QUEUING is limited (6 pages of ~150). I was hoping to find an answer to a question there-in, that I had back in 2006 when I filed system/4574 -- but with behind me, I

Re: Can't SSH into CARP'd system from the outside

On Mon, 2008-10-20 at 14:19 -0700, Vivek Ayer wrote: So far, I can't ssh into the carp from the outside, can't ntp from the Try: % sudo tcpdump -ttt -e -vvv -n -i pflog0 -s 1024 -- Brian A. Seklecki [EMAIL PROTECTED] Collaborative Fusion, Inc. IMPORTANT: This message contains

Re: 4.3-stable panics on a Soekris net-5501

Today I was dumping files from a wd0 disk to a mountpoint on sd0 disk (external USB). I accidently unplugged the power cable of sd0 disk and That is generally considered the proper / pragmatic behavior. FreeBSD Foundation is sponsoring development to change this behavior to to some sort of

Transport Mode ipsec(4) and inet6(4) gre(4) (WAS: isakmpd + gre crashing)

, Brian A. Seklecki wrote: But as soon as I start an scp from Perspex to Soekris, Perspex reboots after a few hundred kb. Unfortunately, Perspex is in a datacenter and I do not have console access to it to see what the heck is happening at that exact moment. I don't recall. But for the record

Re: Transport Mode ipsec(4) and inet6(4) gre(4)

I haven't looked if we have support, but gre(4) w/ ipv6 address and stf(4) seem to be best options out there for secure v6 tunnels. That sounds... bizarre. According to ipv6book.ca, M. Blanchet. It's a good read, except OpenBSD/NetBSD are neglected (probably becase of the stf(4)/6to4(4)

Re: logging smtp connections

On Sat, 2009-05-02 at 05:06 -0500, Robson Caetano wrote: Hi I would like to log From:, To: and Subject: fields of every SMTP connection to my internal SMTP server that is passed by the openbsd firewall. You're better off doing that within your MTA. Courier has a Big Brother feature:

Re: unable to redirect port 443 from the internet to an internal server

On Wed, 2009-06-10 at 09:24 -0700, Journey Man wrote: Yet another rule that redirects port 1443 to port 443 works: Try tcpdump: % sudo tcpdump -i $ext_if 'port 443' Then try to re-create the TCP socket from a 3rd party remote host. See if the syn packet comes in. If not, then your ISP could

Re: Multiple IPSec-tunnels and load balancing

On Tue, 2009-06-30 at 11:15 +0200, u...@o3si.de wrote: Is it possible to load balance / failover the traffic over IPSec? If so, should I use GIF for load balancing / routing? That's what Cisco DMVPN is, as far as I can tell. Was just reading about it. You're talking about GRE tunnels to two

Re: LaCie

On Tue, 2009-08-04 at 13:53 -0300, Marcos Laufer wrote: Hello, has anyone had any experience with LaCie Raid and Storage very Feng shui ~BAS I'm the kind of Mac-using sociopath that looks at an external NAS and asks: 'What kind of RAID array defines me as a person?'

Re: cell card on vaio p

On Fri, 2009-10-30 at 12:01 -0700, Lawrence-Sporkton wrote: I believe its the Gobi 1000 or Gobi UNDP-1 which appear to be the same device Very odd. This is a CDMA/3G/GSM/EVDO modem? Normally they show up as PCMICIA, USB, or PCI Serial devices. A lot of times the PCMCIA ones present a USB

Re: Starting a Radius / Nas in openbsd

On Fri, 2009-10-30 at 22:08 +0100, C. Diego Raffaelli A. wrote: Any idea? Am i right using OpenBSD and trying to use Radius and/or NAS?? RADIUS Authentication and RADIUS Accounting are what you want, but that's off-topic for this list. Look in ports for RADIUS servers. Good luck. ~BAS

Re: Server trouble shooting

Since I can't connect successfully via ssh is there anything else I could be doing remotely? ...you could be researching a Lights-out-Management solution for your server (Dell DRAC, Sun LOM). Best all-around solution is a PC-Weasel (realweasel.com) connected to the system next to it (Or a

Re: OpenBSD 4.2 hardware recommendation

On Sat, 3 Nov 2007, Martin Schrvder wrote: You don't need one computer with two discs and two psus; instead get two systems and use carp to get HA. Also 2GB for a firewall is overkill. Spend the money on the NICs instead. If he's going to be doing local processing of pcap(4) data into some

Re: OpenBSD 4.2 hardware recommendation

If he's going to be doing local processing of pcap(4) data into some pcap(3), of course, is what I meant :}

Re: OS not seeing all RAM (1GiB less)

On Mon, 2007-11-12 at 22:40 -0500, C Thala wrote: What would cause an 4.1 machine running on a Dell PowerEdge 1950 to see only 3,220,439,040 bytes of RAM as opposed to the 4GB that it really has (confirmed by BIOS)? A little something-something called PAE. You're probably running 4.1/i386?

Re: snmpd on current

On Wed, 21 Nov 2007, Insan Praja SW wrote: Date: Wed, 21 Nov 2007 18:45:47 +0700 From: Insan Praja SW [EMAIL PROTECTED] To: misc@openbsd.org misc@openbsd.org Subject: snmpd on current Hi all, I'm currently running 4.2-current and installing net-snmp-5.4.1 from ports (updated). Something is

Re: Site-to-site IPSec VPN between OpenBSD and Cisco PIX 515E

On Thu, 22 Nov 2007, Shohrukh Shoyoqubov wrote: Date: Thu, 22 Nov 2007 09:46:54 +0500 From: Shohrukh Shoyoqubov [EMAIL PROTECTED] To: misc@openbsd.org Subject: Re: Site-to-site IPSec VPN between OpenBSD and Cisco PIX 515E From which machine do I have to do ping -I A.B.C.D E.F.G.H pf has

Update RAIDFrame-Enabled ISO for 4.2

Updated diff, ISO image, build instructions. http://people.collaborativefusion.com/~seklecki/obsd_wRAIDFrame.html Note: There's a small problem with my regex in install.sub that prevents scanning of RAIDFrame boot lines in dmesg.boot. The work-around from the bsd.rd shell is to: $ export

Re: VPN Concentrator

On Fri, 30 Nov 2007, Khalid Schofield wrote: Hi, I'd like to make a VPN Concentrator using openbsd. I want users to be able to authenticate using usernames and passwords and to either nat the users or give them an ip from our main dhcp server via a bridge. That's a tall order. In Cisco-land

Re: pflog filling up /var mount every 2-3 days!

On Fri, 30 Nov 2007, Jake Conk wrote: Hello, I have my /var partitioned out to be 150mb which I thought was a You're probably getting a lot of log hits on a default block log all at the end of your rules. You can prevent a lot of crud by doing block quicks w/o log statements for the

Re: no 4.2-stable package updates??

ports. Personnaly, I use -current (base+packages) everywhere. But this is just me. -- Brian A. Seklecki [EMAIL PROTECTED] Collaborative Fusion, Inc. IMPORTANT: This message contains confidential information and is intended only for the individual named. If the reader of this message

Re: no 4.2-stable package updates??

critical patches, and those should be pulled into 4.2-stable. Unfortunately, it isn't that easy. Some updates imply updates of depending ports (e.g. poppler and evince), which may imply further updates of dependencies. So you'll end up with -current -- more or less, including more

Re: Had a strange problem with CARP preemption

On Thu, 2007-12-20 at 15:31 +1100, Dave Harrison wrote: Because carp doesn't log it's state changes etc, I've been writing the Over Christmas, I may backport the FreeBSD carp(4) logging improvements and submit them with kernel/5512. ~BAS

Re: Trouble Installing OpenBSD 4.2 stable

On Fri, 2007-12-28 at 17:16 -0600, Alan Hamlett wrote: Currently running OpenBSD i386 3.8 with one 20GB IDE drive at wd0a and one 250gb IDE drive all partitioned for bsd. Trying to install OpenBSD i386 4.2 from install42.iso by trading the 250gb drive for a cd-rom drive. I keep getting

sudo 1.6.9p20 patch in OPENBSD_4_3 and OPENBSD_4_4

All: Do we want to slip this into presently supported branches containing 1.6.9p17? It's a quick patch: http://www.sudo.ws/cgi-bin/cvsweb/sudo/parse.c.diff?r1=1.160.2.21r2=1.160.2.22only_with_tag=SUDO_1_6_9 I tested it on -rOPENBSD_4_3. Just be sure to nuke the version string. $ more

Re: ipsec(4) routing for a branch offices

PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian A. Seklecki Sent: Thursday, October 18, 2007 2:02 AM To: misc@openbsd.org Subject: ipsec(4) routing for a branch offices On a variety of 3rd party platforms, I often establish an SA between two IPSec devices with a /16 of RFC 1918

CEF / MLS (WAS: Re: em(4) - IFCAP_VLAN_MTU IFCAP_VLAN_HWTAGGING ?)

On Mon, 2007-10-22 at 00:12 +0100, Tony Sarendal wrote: On 10/21/07, Henning Brauer [EMAIL PROTECTED] wrote: I'll throw this out there since its been something on my mind for a while: Hardware VLAN tagging, TOE offload, IP/UDP/TCP Checksum offload, interface polling are all ways to accelerate

Re: Installing the latest snapshot freezes on i386

On Tue, 2007-10-23 at 01:42 -0700, Reza Muhammad wrote: Hi all, I just recently purchased a brand new HP Pavilion G3035L Desktop PC (spec: http://www.anugrahpratama.com/product/21/1092/HP-Pavilion-G3035L-Desktop-PC). It's using Intel Core Duo processor. I tried to install OpenBSD's

Re: SUMMARY: Still unable to get Cyclades Z serial ports working with OpenBSD

On Thu, 2007-10-25 at 14:39 -0700, Don Jackson wrote: no channels at tached Well, no channels attached tells me its a hardware issue (cables`n`shit), or the software failing to properly probe the hardware. Does it work in another system under another platform (Linux LiveCD, etc.). I use

Re: CEF / MLS (WAS: Re: em(4) - IFCAP_VLAN_MTU IFCAP_VLAN_HWTAGGING ?)

On Mon, 2007-10-22 at 12:04 +0200, Henning Brauer wrote: * Claudio Jeker [EMAIL PROTECTED] [2007-10-22 08:17]: Fragment Reassembly does not happen in the forwarding plane, it happens on the end system. By doing flow based forwarding on the router you're no longer able to do all the

Re: Problem with MP on 4.2

first try to enable acpi and see what happens. Thanks. Enabling acpi did not make a difference, but then I disabled apm and it's working. Right -- all of the example ukc output shows how to enable acpi0 but no one ever shows how to disable apm0. ~BAS Abdul HTH, Stijn

Re: OpenBSD 4.2 RAIDFrame mirror

On Thu, 2007-10-25 at 10:50 +0200, Dominik Zalewski wrote: Dear All, I have a machine with two Maxtor 160GB hard disks. I've installed OpenBSD 4.2 on first one and I would like to use second one as a mirror. If you really want to kick as the dead horse, I can probably roll a 4.2 install

Re: vlan configuration: off-topic

On Fri, 2008-01-18 at 11:49 -0200, John Nietzsche wrote: Dear gentleman, i am starting with vlan topic right now. I am in need to get two dell powerconnect 2724 switches to implement 3 vlan. I know how to The Dee PC2724 cant move its mgmnt vlan from VLAN1, and *BSD vlan(1) wont transmit VLAN

Re: Watching the prgress of dd if=drive1 of=drive2

On Sat, 2008-02-23 at 12:15 -0800, Jon wrote: I'm using dd to clone a drive. How can I watch the progress of this or see the transfer rate in real time? It should accept SIGINFO (control+G) on most terminals. You may also be able to compile progress(1) ~BAS IMPORTANT: This message

Re: Thank you: Re: Watching the prgress of dd if=drive1 of=drive2

On Sat, 2008-02-23 at 13:46 -0800, Jon wrote: on some learning paths here. This mailing list is awesome. Thank you. just remember that when 4.3 CD pre-release-sales are announced :) IMPORTANT: This message contains confidential information and is intended only for the individual named. If

Re: openbsd router hardware

On Mon, 2007-12-24 at 13:29 +0100, Joerg Zinke wrote: Hi, I'm looking for hardware to install an openbsd based dsl-router. I already searched the list archives and looked at WRAP and Soekris, but it seems that they do not match my requirements: - fanless - as small as possible - Soekris

Re: Simple OBSD/Samba sharing/restart question

On Mon, 2008-03-31 at 12:36 -0400, Dan Brosemer wrote: But should you need to stop and start it, just kill off the [sn]mbd processes and fire them off manually. Use /etc/rc.local as your command line flag/switch reference point. ~BAS IMPORTANT: This message contains confidential

Re: make build fails for OPENBSD_4_4 on i386

On Fri, 2008-08-08 at 13:59 +0200, Miod Vallat wrote: Until the cd-rom are actually created and the release is announced, tags are Just trying to be helpful in reporting a build-problem during the releng cycle. If there's a better venue for such reports, lets have it :) ~BAS IMPORTANT:

Re: Routing issue with VPN tunnel

On Mon, 2008-12-15 at 00:06 +, Danial wrote: I don't like responding to my own thread but I really need help with this one, so I'll try to rephrase the question: Just about every userland utility has the ability to specify source transmit addresses (bind(4) function) If not, we can add it.

<    1   2   3   >