Re: Installing shellinabox on OpenBSD

2024 at 02:38:25PM -0500, Daniel Ouellet wrote: I am not sure why people say they can't have a safe ssh client for window... OP mentioned he cannot install software on the machine. This is pretty common issue if machine is managed by somebody else. Best regards, Chris Narkiewicz

Re: Firewall setup

On 4/16/24 10:27 AM, Karel Lucas wrote: First and most importantly, I would like to apologize to anyone who was disturbed by my conversation. It is not my intention to offend people. I may be curt, but that's not because it's in my character. In daily life I work with electronics and computer

Re: poor routing/nat performance

I have the APU 1 and here is what I get TEST_DATE TIME_ZONE DOWNLOAD_MEGABITS UPLOAD_MEGABITS 12/19/2022 11:52GMT 429.05 422.17 LATENCY_MS SERVER_NAME DISTANCE_MILES CONNECTION_MODE 3 Ashburn VA 0multi S

Re: poor routing/nat performance

With 7.2 on the APU 2 when I tested it was about 650 or so. I didn't send the info as it is not connected now. But either way, you can't get Gb speed on it no matter what. On 12/19/22 2:43 PM, Stuart Henderson wrote: On 2022-12-19, Daniel Ouellet wrote: OpenBSD 6.8 (GENERIC.MP) #

Re: A messed-up fresh install due to a careless user

If that's a new install, may as well just redo it. The install is really fast, so this way you are sure you have a clean system and NOT one that you may have problem down the road, specially if that's your first time. That's what I would do anyway. Compare to any other IS, the install for Op

OT: Running SOFTRAID on PCEngine APU2 via mPCIe to M.2 convertor board for NVME 2230 or 2242

Hi, Anyone ever was able to find a mPCIe to M.2 convertor board on Amazon that works for using M.2 NVME 2230 or 2242 drives or even M.2 SATA (NGFF) in the APU2 like this: https://github.com/TobleMiner/M.2-NVMe-SSD-to-miniPCIe-adapter Scroll to the end and see the picture of the drives inside

Re: RSS or Atom syndication for security advisories?

https://www.openbsd.org/faq/faq10.html#Patches Subscribe to the list and you will know it. On 5/21/23 7:34 AM, Xavier B. wrote: Hi, I just want to know if there is an RSS or Atom syndication advisories. I have several machines with several operaring system in them: GNU/Linux (alpine and arc

Re: RSS or Atom syndication for security advisories?

Not only you can subscribe to the list for the announcement for these patches, but you already have it on the front page of the OpenBSD Journal site as well. https://undeadly.org/cgi?action=front Look right column under: OpenBSD Errata So all you asked for is already there. Not sure how qui

Protectli VP2420 with Dasharo (coreboot+UEFI) v1.1.0 can't load any UEFI bsd.rd

Hi, I search the archive on this and saw many post on this including one from Marc Kettenis on October 30, 2020 in: $OpenBSD: conf.c,v 1.32 2020/10/30 19:39:00 kettenis Exp $ At the time looks like it fixed many issues, but now looks like it is back. Or may be just on my system with the new

OT: Thank you for a second to none documentation in OpenBSD!!!

Hi, I just wanted to take a moment to give you guys thanks big time! I guess I have been spoiled for the last 2+ decades using OpenBSD and always find what I need in the man pages and rarely needed to search the web for additional info. Even for a noob trying OpenBSD I realize how easy it is

Re: OpenBSD on Thinkpad X13s ARM-based laptop

there is a dmesg of one running current as well in the archive with what's working and not as well. All in the archive. On 6/2/23 6:55 AM, Alexander Hall wrote: Search the archives for "support of thinkpad arm". This was asked just this Tuesday. /Alexander On June 1, 2023 10:46:33 PM GMT+0

Re: OT: Running SOFTRAID on PCEngine APU2 via mPCIe to M.2 convertor board for NVME 2230 or 2242

Just a follow up on this for general interest. I got boards made in Hong Kong from the design done by Tobias Schramm generously made available on github. I received the board a few days ago, I ordered then the nvme 2230 to test and received it today and here we are. The following tests are d

Re: Compiling BOINC/Seti Home for OpenBSD 5.3 Sparc64

On 8/29/2013 4:15 PM, Alexey E. Suslikov wrote: > Christian Weisgerber mips.inka.de> writes: > >> Richard Thornton gmail.com> wrote: >> >>> My Sun Blade 100, has a fresh install of 5.3, and its very good, much >>> better than 5.1; XFCE is very stable and R is much better than prior >>> ports. y

Re: Alternate authentication source in OpenSMTPd

s alias and all available. Or may be it's use is for limited mailbox oppose to for every users in the password file? Best, Daniel On 9/25/13 4:15 AM, Daniel Ouellet wrote: > Hi, > > Is this still true from the man himself: > > "What is not yet possible is to use alternat

Alternate authentication source in OpenSMTPd

Hi, Is this still true from the man himself: "What is not yet possible is to use alternate authentication sources." http://marc.info/?l=openbsd-misc&m=129230912814295&w=2 I try any and every way I could think of without success. I thought that may be there was a way to do so using some kind of

Re: Alternate authentication source in OpenSMTPd

Thanks Gilles! I will test, but I sure can also wait for the 5.4 to be out as it is just around the corner anyway! Many thanks for the wonderful work! Daniel On 9/25/13 5:39 AM, Gilles Chehade wrote: > On Wed, Sep 25, 2013 at 04:15:01AM -0400, Daniel Ouellet wrote: >> Hi, >> &g

OT: SuperMicro X9SBAA-F with OpenBSD

Anyone every got their hands on one of SuperMicro 1U server with the X9SBAA-F board in it. I wish I could find a dmesg for it if that exists somewhere. If you have, how is the 1x Realtek RTL8201N PHY (dedicated IPMI)s working out for you? Looks like the IPMI is there via Nuvoton WPCM450 BMC, so

Re: bash for root?

OpenBSD prompts you for a shell name when booting into single-user mode. There's no need for precautions when using a dynamically-linked shell, as you can always just type "/bin/sh" when you need to boot into single-user mode and find yourself without your precious libraries. Good luck doing it

Re: Watching Videos via NFS - NFS is damn slow (too slow.)

Is there anything I could do to get more speed? Sure there is and we don't know what version you are running as you didn't provide a dmesg, but let say that in the last few months, if you have a quick look at marc you will see a pretty good amount of commit on the nfs code. http://marc.info

Re: Problems with ppp(8) to Verizon EVDO

Jason Dixon wrote: I have a Verizon USB720 dongle that shows up as ucom0. I intend to use it for connecting remotely with my X40. I'm having problems when packets exceed a certain size. When this happens, the return packets never make it back to my system. I can connect fine with ppp(8). I c

Re: Problems with ppp(8) to Verizon EVDO

Peter Varga wrote: when i had verizon dsl on a landline, the mtu had to be 1492 and it would work just fine. set mtu 1492 set mru 1492 Still is the case even if you use FiOS instead of DSL. http://www2.verizon.net/help/fios_settings/optimizer/ Daniel

Shouldn't loopback interface like hostname.lo1 show up in the bgpd fib table just like any other configured interfaces?

Hi, I am curious as to if this is really normal. I would say not, but may be I miss something, or miss understood something. All active and configured interfaces does show up in the fib table as they should and same for the standard loopback on as well as below: Loopback interface lo0 at 127

Re: Shouldn't loopback interface like hostname.lo1 show up in the bgpd fib table just like any other configured interfaces?

Claudio Jeker wrote: On Thu, Jan 29, 2009 at 02:57:09AM -0500, Daniel Ouellet wrote: Hi, I am curious as to if this is really normal. I would say not, but may be I miss something, or miss understood something. All active and configured interfaces does show up in the fib table as they

OT: Various compromise web informations source for new attack in progress in a timely fashion.

Hi, Anyone can provide me a list of may be 5 or more good sources of sites that actually would provide somewhat up to date informations of new compromise sources of attacks and possibly details as to how to remove them. I see regular new source of attacks and at time customers get compromise

Re: OT: Various compromise web informations source for new attack in progress in a timely fashion.

Marti Martinez wrote: The type of profile information you're describing sounds like stuff that snort is pretty good at identifying. As such, I'd suggest you look into snort's database of "attack" signatures and see if it provides a decent starting point for you. Thanks Marti, but the issue is

Re: usr.sbin/wake removal

Alexander Yurchenko wrote: On Mon, Feb 09, 2009 at 09:05:13PM +1300, Richard Toohey wrote: On 9/02/2009, at 6:31 PM, Thomas Pfaff wrote: I think this could use some explaining for those of us that are not intimately involved in development or have been around here for that long. Keeping it sm

Re: bgpd crashes on long AS-path

Jules Desforges wrote: I admin multipe openbgp servers for a handful of companies. On Monday (16th), I was notified that bgp had crashed on 4 out of the 8 machines. The bgpd crashed because it was being advertised a route with a long AS path (> 255). The incident was global, and more informatio

Re: bgpd crashes on long AS-path

Emilio Perea wrote: On Wed, Feb 18, 2009 at 03:38:11PM -0500, Daniel Ouellet wrote: May be, you should run current and there is yet an other fresh commit on the subject just done a few minutes ago: "clau...@cvs.openbsd.org 2009/02/18 13:30:36" http://marc.info/?l=ope

Re: IP aliases: how many in one server with OpenBSD 4.4? Is it possible to change the limit?

Alvaro Mantilla Gimenez wrote: # head /etc/hostname.em0 inet 69.31.124.136 255.255.255.248 NONE inet alias 69.31.124.137 255.255.255.248 For a start, shouldn't this one be > inet alias 69.31.124.137 255.255.255.255 ^^^ As explain in the man 5 hostname.if

Re: IP aliases: how many in one server with OpenBSD 4.4? Is it possible to change the limit?

Alvaro Mantilla Gimenez wrote: Which looks to me like the configuration on the server. Except this one: You have > inet alias 69.31.124.137 255.255.255.248 instead of > inet alias 69.31.124.137 255.255.255.255 See the mask here is /32, but you have a /29 instead in your config. Good luc

How to have multiple vlan passing through a bridge, not originate from it and allow to filter on each vlan on the bridge

Hi, I am hoping someone could give me a clue to solve an issue where I try to insert a bridge in between a cisco router and a cisco switch that are configure with vlan in between them. I reduce the test setup to a minimum and I can't find a way to do it yet. I am obviously missing something s

Re: How to have multiple vlan passing through a bridge, not originate from it and allow to filter on each vlan on the bridge

Hi Mike, That was an interesting idea. Didn't worked however. Mike Erdely wrote: On Sun, Feb 22, 2009 at 03:23:27AM -0500, Daniel Ouellet wrote: # cat hostname.dc0 inet 10.0.1.2 255.255.255.0 NONE media 100baseTX mediaopt full-duplex description Uplink # cat hostname.dc1 up

Re: How to have multiple vlan passing through a bridge, not originate from it and allow to filter on each vlan on the bridge

Stuart Henderson wrote: On 2009-02-22, Daniel Ouellet wrote: # cat /etc/hostname.vlan{2,1002} up vlan 2 vlandev dc0 up vlan 2 vlandev dc1 Here I assume here a typo and it would be Mike has it right. # cat /etc/hostname.vlan{2,1002} up vlan 2 vlandev dc0 up vlan 1002 vlandev dc1 As you

Re: Install 4.4 Sparc64 on SunFire V120

new_guy wrote: Hi guys. I'm helping a friend install 4.4 (Sparc64) on this SunFire V120 he got for free :) It's a very nice box with a working Solaris install. It boots the install.iso and proceeds to install, but when we get to the point of selecting a root disk... the only option we have is [d

Re: checkout src multiple times

Chris wrote: I have had to interrupt (^c) cvs -d$CVSROOT checkout -P src command about three times. I was wondering whether checking out src three times would overwrite the old files or ignore what's already on the disk and update files that are not there or do anything else? cvs will never red

Re: Install 4.4 Sparc64 on SunFire V120

The only issue I have, and it's been there for years is the CD-Rom give issues at time, so I just unplug them after the install and a very minor thing that really doesn't do much, but there is a off by one in the USB code somewhere that makes the kernel try to reinitialize the USB all the time

Go order your 4.5 CD

Hi Guys, Theo just open the pre-order. Go order your CD, T-Shirt, etc. How quickly can we crank up the orders here. The new puffy looks nice too. Look to me that may be we have a new disco puffy with the improvements on the audio in the system, but I could be wrong. That was my first guess

Re: Go order your 4.5 CD

Pierre Riteau wrote: On Thu, Mar 5, 2009 at 10:47 PM, Daniel Ouellet wrote: The new puffy looks nice too. Look to me that may be we have a new disco puffy with the improvements on the audio in the system, but I could be wrong. Disco puffy? Looks to me that you need to improve your geek

Re: Go order your 4.5 CD

Todd M. Boyer wrote: On 16:47, Thu 05 Mar 09, Daniel Ouellet wrote: Theo just open the pre-order. Go order your CD, T-Shirt, etc. 4.5 pre-order!!! I just ordered 4.4 (and 4.3) slow down and have a beer ;-) What do you mean slow down. (;> Many servers are upgraded already and more to c

Re: Go order your 4.5 CD

J.C. Roberts wrote: On Thu, 05 Mar 2009 16:47:05 -0500 Daniel Ouellet wrote: The new puffy looks nice too. Long Live The MCP! ummm... oh wait()! I hope you didn't intent to say puffy cut his teeth as a 'Microsoft Certified Professional' right? (;>

Re: Kernel Panic on 6th March i386 build

Insan Praja SW wrote: Hi, On Sat, 07 Mar 2009 03:17:57 +0700, FRLinux wrote: On Fri, Mar 6, 2009 at 7:12 PM, Insan Praja SW wrote: Hi Misc@, on a i386 kernel recent build (6th march), I got panic. It says: Hello, As far as I know, home built kernel is not supported, you need to try out a

Re: Kernel Panic on 6th March i386 build

Stefan Sperling wrote: On Fri, Mar 06, 2009 at 06:07:00PM -0500, Daniel Ouellet wrote: Insan Praja SW wrote: Hi, On Sat, 07 Mar 2009 03:17:57 +0700, FRLinux wrote: On Fri, Mar 6, 2009 at 7:12 PM, Insan Praja SW wrote: Hi Misc@, on a i386 kernel recent build (6th march), I got panic. It

Re: Kernel Panic on 6th March i386 build

dio and J.C., you are both right. Thanks for taking the time to straighted me up! I deserved that one fully. One only get better by learning from their mistakes and that's not the first I did for sure and I am sure it will not the last either. Best regards, Daniel Ouellet

Re: Kernel Panic on 6th March i386 build

Stefan Sperling wrote: On Sat, Mar 07, 2009 at 06:29:22PM -0500, Daniel Ouellet wrote: Claudio Jeker wrote: Fell free to disagree, that's fair. Sorry, I don't get it a non-developer tries to educate a developer about how kernel crashes should be reported? Sorry most of your stand

gem0 on Sun V120 goes dead in a few minutes with "gem0: device timeout" error on bsd 4.5, but works without issue on bsd.mp 4.5.

Hi, With the 4.5 kernel on Sun V120, the Ethernet interface will go dead after a few minutes. May be 5 to 15 minutes. No consistence yet that I can see. When this happened, all access to the server is gone and no ping reply as well. The only way is to log via the console and simply do: ifcon

Re: Nginx: filedescriptors, users and login.conf confusion

Matt wrote: If nginx is running as 'www' then you're building your own nginx rather than using the package? If so, then nginx is starting however you tell it, and without details it's impossible to say. It's installed through package and I use a startup as adviced in /etc/rc.local. However

Re: gem0 on Sun V120 goes dead in a few minutes with "gem0: device timeout" error on bsd 4.5, but works without issue on bsd.mp 4.5.

Daniel Ouellet wrote: Hi, With the 4.5 kernel on Sun V120, the Ethernet interface will go dead after a few minutes. May be 5 to 15 minutes. No consistence yet that I can see. When this happened, all access to the server is gone and no ping reply as well. The only way is to log via the

Re: strange load values

On Fri, Mar 13, 2009 at 4:13 PM, David Vasek wrote: It is wrong becasue the computed numbers can be different from what is written in the specification (the man pages). The computed load average can be high on an almost idle machine and vice-versa. As is described here: http://marc.info/?l=ope

Re: gem0 on Sun V120 goes dead in a few minutes with "gem0: device timeout" error on bsd 4.5, but works without issue on bsd.mp 4.5.

Hi, An update on this and a patch include at the end here. I would very much appreciated feedback on this and what the chances are to may be include this patch into the driver. I spent the last week tracking down why that new problem showed up and it happened to be looks like a hardware probl

Re: openbsd in virtualization

Hi... My boss ask how to move current obsd server to virtualiaztion ( such as openvz, vmare , etc ) . anyone in here sucsess moving obsd to Environment virtualization ( openvz , vmware etc ) , may be want share to me ? So obsd become guest OS ? ps: i'm so sory to ask this because Efficiency

Re: openbsd in virtualization

Pierre Riteau wrote: On Wed, Mar 18, 2009 at 05:45:17AM -0400, Daniel Ouellet wrote: - XEN I could be wrong here, but if my memory is somewhat intact, I think XEN is not playing to well with OpenBSD. There was worked done to port it to OpenBSD, I think it was two years ago, but I can&#

Re: openbsd in virtualization

- XEN I could be wrong here, but if my memory is somewhat intact, I think XEN is not playing to well with OpenBSD. There was worked done to port it to OpenBSD, I think it was two years ago, but I can't remember exactly, it's in the archive anyway and as far as I know, there wasn't to much go

Re: openbsd in virtualization

Daniel Ouellet wrote: - XEN I could be wrong here, but if my memory is somewhat intact, I think XEN is not playing to well with OpenBSD. There was worked done to port it to OpenBSD, I think it was two years ago, but I can't remember exactly, it's in the archive anyway and as far

Re: disabling drivers at runtime?

Sebastian Rother wrote: Is it possible to disable for example ehci at runtime? As far as I understand I can use config -e -f /bsd to modify the BSD kernel but the changes just get applied after a reboot. Is there any method to may disable a specific driver only at runtime? Lets say like ehci?

Re: disabling drivers at runtime?

Sebastian Rother wrote: Is it possible to disable for example ehci at runtime? As far as I understand I can use config -e -f /bsd to modify the BSD kernel but the changes just get applied after a reboot. And I forgot that point here too, sorry, my bad. Yes you would need to reboot to get the e

Re: disabling drivers at runtime?

Instead of exit, you type quit and it will save the changes, oppose to exit that do not. That method does not work! I tried it! Just FYI, in the FAQ it does saw in the first paragraph at the start of the second line "These changes will then take place on your next reboot.". So no it's not p

shrot abreviation of network in bgpd filter as in pf filter.

Hi, I wanted to confirmed that this is not just a side effect of a temporary possibility now that we can use both the following cases below. I am asking as this is clear in man 5 pf.conf, but there isn't any mention of it in man 5 bgpd.conf, however testing it does show as working. Just want

Re: I can't mount HDDs

Jose P.G wrote: I swear that i am not a troll. I don't understand anything, LOL, why have to be a troll? My questions are REAL, i haven't read the faq carefully, i only seek for help (more fast, i think). Start reading the FaQ from the top and read it all. It will serve you well. This is not L

Re: I can't mount HDDs

William Chivers wrote: Or, try FreeBSD. Like Linux is trying to beat Microsoft, FreeBSD tries to beat Linux and I am told (I do not have personal experience) that the FreeBSD community is more willing to answer newbie questions in their quest to conquer the world. Or even may be pcBSD. Looks

iked.conf insanity (passing traffic locally between two tunneled subnets)

Hi, I have two separate subnets (on different interfaces) on a router. I am trying to tunnel both subnets over the internet to another router on my network. I can tunnel one subnet easily and everything works as expected, but when I tunnel the 2nd subnet, then traffic from one local subnet is no l

Re: iked.conf insanity (passing traffic locally between two tunneled subnets)

> OpenBSD's implementation of ipsec doesn't use the routing table, if you > want that (unless you make code changes) you will need to use a > different tunnel interface (gif or others) and just use ipsec to protect > the gif traffic. The point is to keep the configuration simple and gif doesn't ma

Re: iked.conf insanity (passing traffic locally between two tunneled subnets)

> Maybe you misunderstood - I am just talking about a couple of lines in > ipsec.conf to setup the bypass flow, but still use iked for the > actual vpn connection. That's fair. May be I miss understood you, I thought that you recommended to actually switch to use the ipsec one instead. The setup

Re: iked.conf insanity (passing traffic locally between two tunneled subnets)

> Maybe you misunderstood - I am just talking about a couple of lines in > ipsec.conf to setup the bypass flow, but still use iked for the > actual vpn connection. I should have added that may not be the best idea but I was/am trying rdomain for this, (having the bypass in rdomain 1 as an idea) no

Re: iked.conf insanity (passing traffic locally between two tunneled subnets)

> Can someone point out an example of this gif+ipsec setup somewhere ? > > I failed at finding any GIF ref when looking IPSEC+OPENBSD, also man > ipsec does not list gif, only enc. This is dated obviously and for full disclosure I didn't try it, so look at it as such. https://undeadly.org/cgi?ac

Re: iked.conf insanity (passing traffic locally between two tunneled subnets)

> You don't actually even need an ipsec.conf file, you could just do > > $ echo 'flow from 192.0.2.1/32 to 192.0.2.2/32 type bypass' | doas ipsecctl > -vf - That would actually be a very simple solution and I would sure love it! But testing doesn't show that as being the case. packets are still

Re: iked.conf insanity (passing traffic locally between two tunneled subnets)

uellet.us dstid FQDN/tunnel.realconnect.com type require flow esp out from ::/0 to ::/0 type deny On 1/16/19 5:36 PM, Daniel Ouellet wrote: >> You don't actually even need an ipsec.conf file, you could just do >> >> $ echo 'flow from 192.0.2.1/32 to 192.0.2.2/32 type b

Re: Code of Conduct location

On 4/28/19 9:33 AM, Rachel Roch wrote: > Apr 28, 2019, 9:16 AM by cho...@jtan.com : > >> Strahil Nikolov writes: >> >>> Hello All, >>> >>> can someone point me to the link of the OpenBSD code of Conduct ? >>> >> >> I believe OpenBSD's code of conduct can be summed up as "if

Sun V100 with >127Gb drives on 6.0 supported and working now?

A quick question on this as I only notice this in the last few days by accident actually, and I want to know if that's real or not. I always used to re-install, but only rename my partition, not redoing them. However I changed my auto-install as well and in the proceed forgot to NOT partition abov

Re: Sun V100 with >127Gb drives on 6.0 supported and working now?

On 9/7/16 4:55 PM, Michael Plura wrote: > On Wed, 7 Sep 2016 12:31:58 -0400 > Daniel Ouellet wrote: > >> A quick question on this as I only notice this in the last few days by >> accident actually, and I want to know if that's real or not. >> ... >> and

Re: Sun V100 with >127Gb drives on 6.0 supported and working now?

On 9/7/16 12:31 PM, Daniel Ouellet wrote: > I always used to re-install, but only rename my partition, not redoing > them. However I changed my auto-install as well and in the proceed > forgot to NOT partition above 127Gb or to be exact 268,435,440 block of > 512 bytes as in the pas

Just a quick thank you for all and every devs of OpenBSD!

This may be obvious to some, but I just wanted to take some time to say thanks for the 6.0 release and all previous one. So many improvements in the last few releases, it is really more fun to use at each new one! Some features as simple as the auto partitioning configurable, makes maintenance and

New FAQ14 on Installing to a mirror

Hi, No problem all works, but I would love to clarify below to be sure I don;t do something wrong as the old and new FAQ14 changed in that aspect and I don't see a reason for the changes. In the new FaQ14 revised version here: http://www.openbsd.org/faq/faq14.html#softraid I wonder if there is

Re: New FAQ14 on Installing to a mirror

> fixed these two things and hope i got all your questions. You did many thanks! I thought I had it right, but as age advance, verifying facts is a good things! (: Daniel

Re: Looking for a way to deal with unwanted HTTP requests using mod_perl

> I don't think bruteforce will be helpful in my case. I do occasionally > get bruteforce attacks, but not very often. > What I usually get are identical attacks of a certain set of variations > of URLs from one IP address. A little later the same thing from another > IP, then another, etc. > > One

Re: Looking for a way to deal with unwanted HTTP requests using mod_perl

On 9/29/16 7:20 PM, Murk Fletcher wrote: > There's Kickstarter's Rack::Attack if you're willing to "upgrade" to ie. > Ruby on Rails: > > https://github.com/kickstarter/rack-attack > > I find this quite nice along with those pf bruteforce tables mentioned > earlier. Sure I guess you can, but pers

Disable memory bank via sysctl, LOM or other on Sun V100?

Hi, Is there a way to make the kernel think a full bank of memory is in use by any chance on a Sun V100? I have what appear to be a bad memory in it and the server crash however it is on a remote server that I will not be able to get physically to for a week if lucky. I wonder if there is a way to

Re: Contributing

> I'm not sure how I formed the opinion openbsdsupport.org was blessed > (probably someone's forum post somewhere) so thanks for the correction. It never been blessed, it is a social experiment to prove a recurring point that it doesn't work. Many talked a bout it, none actually do the work. Dan

Re: Contributing

On 11/16/14 12:50 AM, Ingo Schwarze wrote: > Hi Andrew, > > andrew fabbro wrote on Sat, Nov 15, 2014 at 04:34:35PM -0800: > >> What about writing tutorials/articles? It's been a recuring talked before and just do not work. > That is most definitely *not* a job for beginners. > Writing good tuto

OT: netatalk 2.2.5 package on OpenBSD 5.6 with private/public ssh-key setup

I am trying to get the netatalk package to use ssh-key login oppose to the uams_dhx2.so. But for two days I am loosing what ever hairs I have left. I know the afp is not as popular then the samba setup but it is so much smaller and faster that I would prefer using it from apple computer to share s

iked (IKEv2) setup help on the simplest testing setup

Hi, I am really at a lost here I can't figure out what I am doing wrong. I will admit up front I never setup IPsec before so I am very frustrated to say just that! 5 days reading so much stuff on google, and example,s but most are with ikev1 anyway and the previous version. My final goal is to se

Re: iked (IKEv2) setup help on the simplest testing setup

I guess it would help if I had the iked.conf mode set to 0600 instead of 0644 and if I had one side in active mode. (:> Always the simplest things make you waste so much time and frustration... Not a request, but may be a small note in iked.conf for the stupid one like me that create the configur

Re: iked (IKEv2) setup help on the simplest testing setup

Also, just for the records. The exact same setup on 5.6 do not work. So I wasn't totally crazy. The flow is establish only on one server. So, may be that might help someone else until 5.7 is out. current works, 5.6 do not in my test setup anyway as previously in this tread. So, back to current

Re: iked (IKEv2) setup help on the simplest testing setup

On 12/30/14 4:49 AM, Stuart Henderson wrote: > On 2014-12-28, Daniel Ouellet wrote: >> When all is done it will be ospf over vether over gif tunnel > > Does vether give any benefit here? I think that you should just be able > to route the addresses over the gif interface witho

How to segregate peer policy in a dynamically changing IP peers ikev2 setup.

Is there a way to actually have iked accept connection from dynamically changing peers IP address using their dns name for example like this: ikev2 esp from 66.63.5.250 to tunnel.ouellet.us ikev2 esp from 10.0.0.0/24 to 172.16.2.0/24 peer tunnel.ouellet.us Yes you can have ikev2 esp from 66.63.5

iked using policy with any are rejected, but works with 0.0.0.0/0

Hi, Am I really doing something illegal by trying to use 'any' instead of 0.0.0.0/0 in iked.conf as shown possible in the man page? For some reason policy in iked.conf using 'any' are rejected but accepted if 0.0.0.0/0 is use instead. with this in iked -d output pfkey_flow: unsupported address

Re: ntpd.drift values?

On 1/12/15 11:30 AM, Christian Weisgerber wrote: > I'm interested in what values people have in their /var/db/ntpd.drift > files. > > To prevent a deluge: Looking over my own machines, I see that most > values are Xe-05, with a few Xe-04 and Xe-06. So that's the common > range, I don't care about

Re: OpenBSD 5.5 ISAKMPD

Just go to 5.6 or even better to current that is almost 5.7 now and use ikev2 instead. Much simpler to use. At a minimum just give it a trial for fun if you like. You may fall in love with it. (:> 4.8 is so old that I am not sure anyone will care to answer it, or even remember if they had issue

Re: OpenBSD 5.5 ISAKMPD

On 1/19/15 3:19 AM, Stuart Henderson wrote: > On 2015-01-17, Daniel Ouellet wrote: >> Just go to 5.6 or even better to current that is almost 5.7 now and use >> ikev2 instead. > > This might add confusion though, ikev2 (iked) isn't compatible with v1, > and I

Re: 1U / 2 Computers? For redundant FW pair

there is 23 model that are twin model in 1U: http://www.supermicro.com/products/nfo/1UTwin.cfm But they share the power supply. May be that's what you didn't like. On 1/21/15 7:31 AM, Alan McKay wrote: > I know that Supermicro has some interesting side-by-sides starting at > 2U, but I'm not awa

Why anyone in their right mind would like to use NAT64

Hi, Just saw a few questions and patch for NAT64 on misc and tech@ and I am really questioning the reason to be fore NAT64 and why anyone in their right mind would actually want to use this? NAT always makes connectivity less efficient anyway and was really designed to alleviated the lack of

bgpd send corrupt AS path message to peer in router server used at Equinix Ashburn

Hi, I am hoping that I may be able to somehow reach the consultant that support the router server at Equinix in Ashburn VA here, or may be someone else can provide me a bit more details as to how I could possibly find more details or history on this problem. There is a dual setup at Equinix

Re: bgpd send corrupt AS path message to peer in router server used at Equinix Ashburn

On 11/15/12 1:58 AM, Claudio Jeker wrote: On Wed, Nov 14, 2012 at 04:57:17PM -0500, Daniel Ouellet wrote: Hi, I am hoping that I may be able to somehow reach the consultant that support the router server at Equinix in Ashburn VA here, or may be someone else can provide me a bit more details as

Re: bgpd send corrupt AS path message to peer in router server used at Equinix Ashburn

On 11/15/12 12:49 PM, Stuart Henderson wrote: On 2012-11-15, Daniel Ouellet wrote: On 11/15/12 1:58 AM, Claudio Jeker wrote: Why is your router unhappy about this AS path? This is a valid 4-byte AS_PATH. Could it be that for some strange reason one side thinks that 4-byte AS are enabled and

Re: bgpd send corrupt AS path message to peer in router server used at Equinix Ashburn

On 11/15/12 3:38 PM, Stuart Henderson wrote: On 2012-11-15, Daniel Ouellet wrote: A more complete answer provided in private, but here is an extract and as you can see, I have peers that I have the session where I advertise supporting the 4 bytes, and they do not support it as shown, so I do

Re: Shell for PF

Hi, I own an ISP and I see no problem using OpenBSD, or Cisco as routers and I have no problem with the configuration of PF. I kind of find it much simpler then Cisco. Definitely better man page for sure! (:> Just know, you don't need every single features of PF to have a great router. PF does of

Re: EIGRP implementation?

Interesting. Cisco discontinued IGRP starting with IOS 12.2(13)T and 12.2(R1s4)S. And many years ago it was recommended to me my the Cisco SmartNet people to switch form EIGRP to may be ISIS or OSPF back then as it was possible that Cisco discontinue EIGRP as well. May be they are desperate to lo

Re: MacBook Pro

Here is his dmesg for that MacBook. This was on 4.7 and it only got much better by now. He did run it on newer version as well, much better. So it does work. http://marc.info/?l=openbsd-misc&m=126946934114741&w=2 No clue as of 5.3 obviously, but I can only assume that it is much better as it w

Re: OpenBGPd Route Server

On 4/15/15 3:37 PM, Hrvoje Popovski wrote: > On 15.4.2015. 19:45, Mike Hammett wrote: >> What do you have $my_ip4_net and $my_ip6_net set to? I assume the IPv4 and >> IPv6 blocks that the IX is using? > > yes, that's IX network.. > You could add as well the 192/24 filter also from RFC's as wel

Re: offtopic: political correctness

Man, No one have any kind of sense of humor these days!!! OpenBSD mailing list is not really for the faint of hart, why should any books for OpenBSD be any different! Just switch to any politically correct Linux flavors and move on... At a minimum he wrote a book to try to help users, I am sure

Re: OpenBSD on AMD Embedded G-Series T40E APU?

On 3/7/16 1:55 PM, Theo de Raadt wrote: >> On 3/7/16 12:43 PM, Noth wrote: >>> On 03/07/16 02:04, Theo de Raadt wrote: > Hey folks, > > The website does not seem to have a lot of info on what CPUs are > supported. I'm looking at this box for a home firewall with OpenBSD > >

<    1   2   3   4   5   6   7   8   9   10   >