adding a static IPv6 route with prefixlex != 64

Hi misc, (this is on 4.6-stable, -current has the same issue) I played around with our shiny new /32 and noticed that this is not working: $ sudo /sbin/route add -inet6 -prefixlen 48 2a00:15a8:6:: 2a00:15a8::3 $ route -n show -inet6 | fgrep 2a00:15a8::3 [...] 2a00:15a8:6::/64 2a00:15a8::3 UGS

matching ipv6 esp traffic

Hi, I'm trying to secure my wlan access point with ipsec. Apparently I cannot match ipv6 esp traffic. This is on 4.4 I build a simplified setup with qemu, ipsec-gw and ipsec-client: - ipsec-gw [r...@ipsec-gw:~]# cat /etc/ipsec.conf ike passive esp from 10.12.32.235 to 10.12.32.236

Re: Preferred method for tracking src with git?

On 06/04/12 21:52, Matthew Dempsky wrote: What's considered the current 'best practice' for following OpenBSD src with git? I'm interested in trying out git for managing my growing list of pending/WIP patches for the src tree, but there seem to be a bunch of options and I don't know if

pf: divert only incomming traffic

Hi, so we were used for a dns amplification attack. Some jackass thought it would be a good idea to send us ~50k qps with the DO flag set and type ANY. This would have resulted in ~750mbit/s outbound traffic. For all you masochists out there, this is the iptables rule I came up with: iptables

Re: OpenSSL handling intermediate certificates

On 08/23/12 20:05, Ted Unangst wrote: On Thu, Aug 23, 2012 at 13:12, Ryan Kirk wrote: One thing I've never understood is that if you're MITM'd, what good is a cert revocation going to do? The proxying individual can easily block access to the revocation lists, and your browser be none the

Re: OpenBGP - iBGP peers not announcing after 3 hops

On 02/04/2013 03:59 PM, Eduardo Meyer wrote: Hello, I am facing a strange behavior, I have the following scenario eBGP1-iBGP1-iBGP2-iBGP3-eBGP2 iBGP must be fully meshed, a session between iBGP1 and iBGP3 is missing.

Re: Upstream error: Nginx, slowcgi, and perl/cgi support.

On Tue, Jul 09, 2013 at 08:30:03PM +0300, BSD Kazakhstan wrote: Thinking of chroot(), I have even tried adding a copy of perl binary to: # ls -l /var/www/usr/bin/ -rwxr-xr-x 1 root daemon 10725 Jul 9 19:15 perl your perl is probably not statically linked, see

Re: Upstream error: Nginx, slowcgi, and perl/cgi support.

On Tue, Jul 09, 2013 at 09:18:40PM +0300, ?zg?r Kazan??? wrote: It's the base' perl, # perl -v This is perl 5, version 12, subversion 2 (v5.12.2 (*)) built for amd64-openbsd (with 10 registered patches, see perl -V for more detail) And using nginx with chroot-disabled, (-u) didn't help

Re: Upstream error: Nginx, slowcgi, and perl/cgi support.

On Tue, Jul 09, 2013 at 09:37:06PM +0300, ?zg?r Kazan??? wrote: And the browser side: 502 Bad Gateway (Actually the same error occurs when trying with any filenames (no matter exists or not) ended with .cgi. ... and the log probably says upstream prematurely closed FastCGI stdout. What

Re: 10GbE (Intel X540) performance on OpenBSD 5.3

On Wed, Aug 07, 2013 at 10:26:22AM -0400, Maxim Khitrov wrote: Hi all, I'm looking for performance measuring and tuning advice for 10 gigabit Ethernet. I have a pair of Lanner FW-8865 systems that will be used as firewalls for the local network. [...] The initial iperf runs couldn't go

Re: 10GbE (Intel X540) performance on OpenBSD 5.3

On Wed, Aug 07, 2013 at 12:57:55PM -0400, Maxim Khitrov wrote: On Wed, Aug 7, 2013 at 11:44 AM, Florian Obser flor...@narrans.de wrote: On Wed, Aug 07, 2013 at 10:26:22AM -0400, Maxim Khitrov wrote: [...] Increasing the MTU on both ix0 interfaces to 9000 gives me ~7.2 Gbps: you expect

Re: Join two overlapping subnets with two way NAT/BINAT

On 09/07/13 21:32, Simon Slaytor wrote: Hi Folks, I've been trying to wrap my head around a problem for a little while and I'm getting nowhere fast so thought I'd ask the experts: Due to a company take over I have two networks, NetA and NetB, that I need to link together for bi

Re: Bootparamd

On Thu, Sep 12, 2013 at 08:17:56PM +, hru...@gmail.com wrote: Miod Vallat m...@online.fr wrote: Thanks for the good tips! I think the bootparams swap file information will be used correctly (I remember seeing a fix in this area some time ago). It doesn't hurt anyway to mention it

Re: Best OpenBSD cloud hosting?

On Thu, Oct 10, 2013 at 09:15:34AM +0200, InterNetX - Robert Garrett wrote: I just want to know what a cloud is. http://xkcd.com/908/ -- I'm not entirely sure you are real.

Re: pflow and NAT

You want revision 1.30 of if_pflow.c export the original aka untranslated address in pflow ok florian@ henning@ ~ http://www.openbsd.org/cgi-bin/cvsweb/src/sys/net/if_pflow.c#rev1.30 (and by that I don't mean you should backport it to 5.2, upgrading to 5.4 will be much easier - alot has

Re: Questions about monitoring LAN traffic with openbsd/pf/pflog/pflow

On Thu, Mar 20, 2014 at 06:14:39PM -0300, Giancarlo Razzolini wrote: AFAIK, using anything beside proto 5 on pflow interfaces is broken, at least on OpenBSD 5.4. I know there were some recent work in this area that solves this issue. Nope, proto 9 was allways working. proto 10 had the problem

Re: sshd segfaults with incomplete /etc/hosts

On Tue, May 13, 2014 at 06:51:16AM +1000, Darren Tucker wrote: On Mon, May 12, 2014 at 04:39:57PM -0400, Darren Tucker wrote: Indeed. It looks like a bug in the libc resolver rather than sshd, though. I've been kinda busy recently so I haven't kept up with recent changes so I'm not sure

Re: sshd segfaults with incomplete /etc/hosts

On Mon, May 12, 2014 at 09:25:45PM +, Florian Obser wrote: On Tue, May 13, 2014 at 06:51:16AM +1000, Darren Tucker wrote: On Mon, May 12, 2014 at 04:39:57PM -0400, Darren Tucker wrote: Indeed. It looks like a bug in the libc resolver rather than sshd, though. I've been kinda

Re: nginx/slowcgi: cgi program keep running

On Sat, Aug 02, 2014 at 12:11:18PM +0200, S?bastien Marie wrote: Hi, I do some tests with a cgi program that go in infinite loop. In order to test it with nginx (-current GENERIC.MP#304), I started slowcgi to run the cgi program (and configured ngnix). The configuration is ok: the cgi

Re: running rtsold on obsd 5.6 while also forwarding ipv6 traffic?

On Wed, Nov 26, 2014 at 04:05:42PM -0500, Forman, Jeffrey wrote: Hi Misc, Long time listener, seldom caller. My problem statement: I run OpenBSD 5.6-stable on my fw/router. My ISP (Comcast in the US) provides native IPv6 support for all their customers. They provide a /128 address for

Re: free ipv6 KVM-based - cloudspin.me [was - Re: DigitalOcean's BSD debut is FreeBSD only]

On Sun, Dec 21, 2014 at 06:08:04PM -0500, Jiri B wrote: On Sun, Dec 21, 2014 at 01:54:50AM +, Some Developer wrote: Vultr already support OpenBSD on their servers (you upload the OpenBSD install ISO and install it yourself) and their servers cost the same as Digital Ocean.

smtpd(8): running as backup MX with +TAG addresses

Hi, so I want to run smtpd(8) as a backup MX and configure the list of valid email addresses so that the backup MX rejects invalid email addresses on accepting the message and not bounce the mail alter on when it tries to deliver to the primary mail server. Currently I have this: accept from any

Re: Example httpd.conf minor spelling mistake

commited, thanks! On Tue, Feb 03, 2015 at 07:19:48PM -0330, Michael wrote: Hi all, Just noticed a minor spelling mistake in the example httpd.conf. Regards, Michael diff -u /etc/examples/httpd.conf httpd.conf --- /etc/examples/httpd.confThu Jan 22 19:03:06 2015 +++ httpd.conf Tue

Re: gzip compression in httpd

On Sun, Feb 15, 2015 at 07:11:48PM -, Merci Brault wrote: Does the new httpd support gzip compression? No. -- I'm not entirely sure you are real.

Re: 5.6, IPv6: is autoconf set by default?

On Thu, Jan 08, 2015 at 09:53:10AM -0500, Sly Midnight wrote: I am replying to this as I too would like some clarification as to the difference between the two options {eui64|autoconf} for enabling the old IPv6 behavior. in ifconfig(8) we have: -inet6 Disable inet6(4) on the

Re: httpd and Server Side Includes

On Fri, Mar 06, 2015 at 07:13:13PM +, Peter Fraser wrote: The web sites that are involved make heavy use of Server Side Includes which the new httpd does not yet have any support. I wouldn't hold my breath. I'm fairly certain that we won't implement it. In particular the web sites use

Re: ifconfig.if rtsol autoconf diff

On Fri, Jun 05, 2015 at 03:41:22PM +0200, Tim Kuijsten wrote: Had some trouble this morning in configuring inet6 on a new laptop. What problems did you encounter? inet6 autoconf or rtsol in hostname.if are supposed to work exactly the same. Finally figured out that rtsol is dropped and that

Re: Web2py running on openbsd 5.7 with new httpd server

On Tue, Jun 09, 2015 at 09:44:45PM -0600, Alvaro Mantilla Gimenez wrote: Hi, I would like to know if anyone have web2py running on OpenBSD 5.7 using new httpd server. I've started web2py with fcgihandler and tried a simple configuration with no luck (probably wrong, that's why I am

Re: How does it work, shell_exec and exec of php-fpm in OpenBSD 5.6?

On 01/06/15 18:49, Okupandolared wrote: Hi, I have an web form. I need send of webform to script bash webform.html -- PHP proces -- create.sh create.sh #!/bin/ksh # Create user echo hi!! your pass $1 crypted=$(echo -n $1 | smtpctl encrypt ) maildir=$3/$2/ echo -e $2@$3

Re: SOHO IPv6 router problems

On Tue, Jun 30, 2015 at 08:27:03PM +0200, Patrik Lundin wrote: This is where possibly unexpected things start happening. Our first note is that no default route is appearing for IPv6: yes, that was an artifact of moving the sending of router solicitations from rtsol(8) to the kernel. rtsol(8)

Re: SOHO IPv6 router problems

On Wed, Jul 01, 2015 at 04:47:25PM +0200, Patrik Lundin wrote: On Wed, Jul 01, 2015 at 08:59:55AM +, Florian Obser wrote: yes, that was an artifact of moving the sending of router solicitations from rtsol(8) to the kernel. rtsol(8) flat out refused to do anything with forwarding

Re: NSD/Unbound clarifications

On Mon, Nov 23, 2015 at 04:27:08PM +0100, Alessandro Baggi wrote: > I've configured unbound for a small network. What is "maximum > capacity" of Unbound? Is suitable for big networks? What was the maximum capacity of bind? Was it suitable for big networks? How did you find out? -- I'm not

Re: Fw: Re: https://undeadly.org

It is usually not considered polite to forward private mails to mailing lists. -- I'm not entirely sure you are real.

Looking for replacement of thinkpad x201

I need some help since I'm terrible with hardware... So my x201 main hacking laptop is getting old and benno@ is always mocking me for the amount of gaffer and stickers that are holding it together. Long story short, I'm in the market for a new thinkpad. Yes it has to be a thinkpad. I require

Re: merge ping6(8) into ping(8)

[moving to misc, as this thread is missing diffs] On Sun, Sep 18, 2016 at 09:38:49AM +0300, Mikhail wrote: > On Sun, Sep 18, 2016 at 12:11 AM, Theo de Raadt wrote: > >> > this does 2 things: > >> > [...] > >> > >> I may recall what I have sent to you in private email,

Re: Setting rtable 0 from >1 with ping et al

On Thu, Mar 16, 2017 at 07:59:44PM +, Joe Holden wrote: > On 09/03/2017 23:35, Joe Holden wrote: > >On 09/03/2017 23:02, Joe Holden wrote: > >>Hi, > >> > >>So - it seems that pledge will deny a change of rtable to 0 when using > >>level SOL_SOCKET and the current rtable is >0, so eg if you're

Re: IPv6 autoconf

On Fri, Jul 28, 2017 at 06:29:12PM -0700, Thomas Smith wrote: > One question??? > > What would be necessary to bake this functionality into OpenBSD base? IPv6 > is pretty ubiquitous nowadays???most ISPs support it, most cloud providers > support it???it seems common enough that much of this

Re: DNSSEC solution

On Tue, Aug 15, 2017 at 09:03:26AM +0200, Thuban wrote: > Hi > since we have nsd and unbound included in base, I was wondering what > tool you use to deal with DNSSEC and sign your zone ? > I use zkt, but your advices would be nice. > > Regards > -- > thuban I use powerdns from ports as a

Re: slaacd.sock

On Tue, Aug 22, 2017 at 01:56:10PM +0200, Christer Solskogen wrote: > Running the latest snapshot (amd64) I see that slaacd.sock is in /dev, > while documentation says that is should be in /var/run. What is correct? Friend Computer is of course right. Just fixed the man page. Thanks! -- I'm not

Re: slaacd.sock

On Tue, Aug 22, 2017 at 08:06:08PM +0200, Christer Solskogen wrote: > On Tue, Aug 22, 2017 at 4:01 PM, Florian Obser <flor...@openbsd.org> wrote: > > > On Tue, Aug 22, 2017 at 01:56:10PM +0200, Christer Solskogen wrote: > > > Running the latest snapshot (amd64) I see

Re: 6.2 starts nsd before slaacd binds ipv6 address

On Mon, Oct 09, 2017 at 06:31:06PM +, lists+m...@ggp2.com wrote: > Hello all - > > I don't feel this warrants a bug report, but nevertheless feel that this > behavior is inconsistent with the way dhclient works. I have a vultr there is a school of thought that says dhclient should not delay

Re: [PATCH] Off-by-one bug in httpd, ldapd, relayd, smtpd, switchd and ypldap

On Sun, Aug 27, 2017 at 07:18:55PM -0500, Kris Katterjohn wrote: > On Mon, Aug 21, 2017 at 09:04:33AM +0200, Gilles Chehade wrote: > > On Sat, Aug 19, 2017 at 04:20:31PM -0500, Kris Katterjohn wrote: > > > On Fri, Aug 18, 2017 at 09:24:33AM -0700, Chris Cappuccio wrote: > > > > This looks correct.

Re: reiser4fs in openbsd

reply-to: misc could you all please fix your email client to not strip diffs when posting to tech@? thanks zfs is already there: https://marc.info/?l=openbsd-cvs=136482823110105=2 On Fri, Aug 25, 2017 at 05:39:11PM +0200, Philipp Buehler wrote: > Am 25.08.2017 17:35 schrieb Daniil Berendeev: >

Re: TRIM on SSD

On Wed, Dec 06, 2017 at 08:15:57AM +, Rupert Gallagher wrote: > I know well that article, because it is several years old with no updates. > > Those working on ffs should do what they are supposed to do. Lack of money? > Setup a stickers sale or a kickstarter, get the money and just fucking

Re: rtadvd bug ?

Be careful not to break dhcpv6-pd. I suspect the problem is actually in make_prefix() in config.c which unconditionally sets onlink and autoconf. I stared at this for some time but can't figure out how to fix this. RFC 4861 has this which I don't think rtadvd is implementing correctly:

Re: virtual colocation? Amazon/cloud?

On Fri, Jun 15, 2018 at 08:09:40AM +1000, Stuart Longland wrote: > On 15/06/18 06:50, Steve Fairhead wrote: > > I gather Amazon are not quite there yet re OpenBSD virtual machines. Can > > anyone here provide a cluebat as to prospects or alternatives? I don't > > want to move away from OpenBSD -

Re: acme-client new cert error

On Sat, May 26, 2018 at 09:14:35AM -0700, Scott Vanderbilt wrote: > On 5/26/2018 4:54 AM, Stuart Henderson wrote: > > > aeneas.datagenic.com doesn't respond on port 80. (And if I can't > > fetch it, letsencrypt's checkers are also unlikely to be able to). > > > > Firewall issue? > > Oh, FFS. >

Re: Wondering if any of my hardware is working on -current

On Wed, Feb 07, 2018 at 09:03:09PM -0800, Chris Bennett wrote: > OpenBSD 6.2 (GENERIC.MP) #2: Sun Dec 10 21:14:42 CET 2017 > > r...@syspatch-62-amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP > real mem = 3774021632 (3599MB) > avail mem = 3652612096 (3483MB) the ram will

Re: Creating your individual git mirrors of OpenBSD

On Wed, Dec 27, 2017 at 11:33:14PM +, Dinesh Thirumurthy wrote: > Hi, > > If you wanted your personal git mirrors of OpenBSD, then you can do it with: > > https://github.com/hakrtech/repogen/repogen.sh > > This will generate git repos of OpenBSD's source, xenocara, ports and www. > > You

Re: OpenBSD 6.2 (up2date with syspatch) - HANGING

On Thu, Dec 21, 2017 at 09:20:16PM +, Maxim Bourmistrov wrote: > > I had to bypass relayd to roll prod stable. > Down to apache. Taking care of http and https. > By redirect. > Now this setup (if I can call it) is stable. > > . > > P.S. > Looks like we have to move forward from here. Buy

call for testing: rad(8) - a rtadvd(8) replacement

During g2k18 I commited rad(8). The latest amd64 and i386 snapshots should contain it with enough features to replace rtadvd(8). If you are using rtadvd(8) I'd appreciate if you could switch to rad(8) and report back if any features are missing. The plan is to unhook rtadvd(8) from the build

Re: cgi issues

On Sun, Jul 08, 2018 at 07:53:41AM -0500, Edgar Pettijohn III wrote: > I am playing around with cgi written in c. I am getting what seems like a > weird error though. I'm starting off with a very basic program: > > #include > > int > main(void) > { >     fprintf(stdout, >   

Re: cgi issues

On Sun, Jul 08, 2018 at 08:30:29AM -0500, Edgar Pettijohn III wrote: > > > On 07/08/18 08:09, Florian Obser wrote: > > On Sun, Jul 08, 2018 at 07:53:41AM -0500, Edgar Pettijohn III wrote: > > > I am playing around with cgi written in c. I am getting what seems like a

Re: nsd question

On Tue, Sep 11, 2018 at 04:12:48PM +0200, Peter J. Philipp wrote: > Hi, > > I wasn't going to ask, but the book I have (alternative dns servers - jpm) is > somewhat outdated on nsd. > > If I'm correct, in order to pull the zones to disk on a slave nsd setup, one > has to manually or crontab

Re: httpd / acme-client confusion

this works for me: server "tlakh.xyz" { listen on 0.0.0.0 tls port 443 listen on :: tls port 443 tls certificate "/etc/ssl/tlakh.xyz.crt" tls key "/etc/ssl/private/tlakh.xyz.key" hsts location "/shop.6.html" { block return 402

Re: IPv6 problem after 6.3 upgrade

On Tue, Apr 03, 2018 at 04:05:44PM +0200, Leo Unglaub wrote: > Hey, > > > see "IPv6 broken on Hetzner.de vServer OpenBSD 6.3 / amd64" on bugs@ > > > > I'm pretty sure hetzner sets a static route to your link local address for > > the /64 they assign to you. > > > > Since the the link local

Re: IPv6 problem after 6.3 upgrade

On Tue, Apr 03, 2018 at 03:43:07PM +0200, Paul de Weerd wrote: > On Tue, Apr 03, 2018 at 03:23:19PM +0200, Miles wrote: > | > | Am 03.04.2018 um 14:56 schrieb Leo Unglaub: > | > Hello, > | > i have a IPv6 problem since i upgraded to 6.3. I cannot reach other > | > > | /etc/hostname.vio0 > | >>

Re: iridium-browser + unveil

On Thu, Nov 08, 2018 at 10:52:11AM +0200, Dumitru Moldovan wrote: > On Thu, 8 Nov 2018 09:03:51 +0100, Stefan Wollny wrote: > > > > I changed the 'exec' command in /usr/local/bin/iridium like so: > > - LANG=${_l} exec "/usr/local/iridium/iridium" "${@}" > > + LANG=${_l} exec

Re: iridium-browser + unveil

On Thu, Nov 08, 2018 at 09:45:38AM +0100, Stefan Wollny wrote: > Am 08.11.18 um 09:03 schrieb Stefan Wollny: > > Hi there, > > > > just a little nit with the iridium-browser unveiled: > > > > I changed the 'exec' command in /usr/local/bin/iridium like so: > > - LANG=${_l} exec

Re: Munin node over IPv6

On Thu, Nov 08, 2018 at 12:21:58PM +0100, Solene Rapenne wrote: > Alarig Le Lay wrote: > > Hi, > > > > I would like to pull my munin node over IPv6, but the process is only > > listening on IPv4. > > > > guinch# grep '^host' /etc/munin/munin-node.conf > > host * > > guinch# netstat -af inet |

Re: Permission on virtual user password file [dovecot+smtpd]

On Tue, Nov 13, 2018 at 07:38:04PM +0100, Thuban wrote: > Hi, > I use dovecot and smtpd on my personal mail server. > They both share the same password file. > > I works very well, but I'm concerned about permissions on this file : > > -rw-r--r-- 1 root wheel passwd > > It's world

Re: The Dark Side of the ForSSHe - OpenSSH malwares

On Thu, Dec 13, 2018 at 09:25:25AM +0100, Kollar Arpad wrote: > Any creative hints to defend against these kind of threats? Your system has been compromised. The attacker is able to replace binaries, you have lost. If your package manager can still tell you that the sshd binary has been replaced

Re: The Dark Side of the ForSSHe - OpenSSH malwares

On Thu, Dec 13, 2018 at 10:02:45AM +0100, Otto Moerbeek wrote: > On Thu, Dec 13, 2018 at 09:50:31AM +0100, Florian Obser wrote: > > > On Thu, Dec 13, 2018 at 09:25:25AM +0100, Kollar Arpad wrote: > > > Any creative hints to defend against these kind of threats? > >

Re: sh /etc/netstart interface counter intuitive behaviour with multiple inet aliases 6.4 and 6.3

One possible workaround is putting -inet as the first line in /etc/hostname.vio4 It will nuke all v4 addresses and re-add them. Depending on your usecase this might work for you or it might melt down your whole network ;) On Thu, Dec 06, 2018 at 10:49:01PM +, Tom Smyth wrote: > Hello, > >

Re: httpd option max body size is ignored for subdomain

On Sun, Feb 03, 2019 at 03:43:20PM +, Chris Narkiewicz wrote: > Hi, > > I'm trying to configure Nextcloud on a subdomain. My config has 2 > vhosts and connection max request body is not respected for my subdomain. this has been fixed in current. Wild guess, you are on 6.4? This diff should

Re: Reboot and re-link (fwd) Maxim Bourmistrov: Re: Reboot and re-link

On Thu, Jun 20, 2019 at 10:47:49PM +0200, mathijs wrote: > this makes misc@ so much more amusing It really doesn't. We are not here to have manure tossed at us for the audience's amusement. Everytime something like this happens it takes time away from hacking on OpenBSD. It doesn't matter that

Re: How do I publish default router preferences using rad?

imsg)); > >memcpy(, imsg.data, sizeof(verbose)); > >log_setverbose(verbose); > >break; > > @@ -754,6 +754,7 @@ config_new_empty(void) > >xconf->ra_options.cur_hl = 0; > >xconf->ra_options.m_flag = 0; > >x

Re: Package -stable updates

On Thu, Aug 29, 2019 at 09:39:40AM +0300, Consus wrote: > On 19:59 Wed 28 Aug, Steven Shockley wrote: > > So, many thanks to everyone who put together the new -stable updates for > > packages. Is there a command I can put in the crontab that will only > > output if there are updates? Similar to

Re: IPv6 problems

On Sun, Aug 18, 2019 at 07:36:55PM +0200, list wrote: > Hi, > > The output of slaacctl show interface vio0 ist the following: > > # slaacctl show interface vio0 > > slaacctl: connect: /dev/slaacd.sock: Connection refused > > This is not how it is supposed to be i guess. it would be

Re: handling snapshot installation in production environment

This will only work if you stop upgrading snapshots long before 6.6 is announced. Otherwise you will be on 6.6-current by November 1st and -r will wait for 6.7. On September 2, 2019 1:15:26 PM GMT+02:00, Ian Darwin wrote: >> The sysupgrade tool is a nice way to install the newest snapshot,

Re: acme-client no longer usable on -stable?

On Thu, Sep 12, 2019 at 12:42:58PM +0200, Henry Jensen wrote: > Greetings, > > A tweet[0]from @romanzolotarev confused some people, including me. > > Basically he says, that if you wish co continue to use acme-client you > have to upgrade to -current, because of the switch to ACME v02 API and >

Re: How can I remove sets installed by sysupgrade?

On Tue, Sep 17, 2019 at 09:43:20AM +0200, Marc Espie wrote: > I'm a bit surprised nobody looked at instrumenting what sets are actually > installed on a machine during install/manual upgrade and cloning that > into sysupgrade to avoid this kind of surprise... > Yeah, I think sysupgrade was a

Re: How do I publish default router preferences using rad?

On Tue, Aug 06, 2019 at 11:17:04PM +0200, Sebastian Benoit wrote: > Caleb(enlightened.des...@gmail.com) on 2019.08.06 08:05:48 -0700: > > How do I publish default router preferences as defined in RFC 4191 > > (https://tools.ietf.org/html/rfc4191) using rad in OpenBSD 6.5? > > I've read the

Re: acme-client issue with domain w/ alternative name

On Tue, Oct 22, 2019 at 09:56:57AM +0100, Daniel Winters wrote: > Good morning, > > > Today acme-client renewed all but 2 of my domains; the two that have > > "alternative names" in the certificates. I cannot get it to renew > > those two. This is on amd64 on 6.6-current, updated today. > > I

Re: 6.6 pflow IPFIX removed?

The ifconfig option parser is... special. You must set flowdst as well as pflowproto. On 4 March 2020 14:02:18 CET, Kapetanakis Giannis wrote: >Hi, > >Is IPFIX removed  from pflow in 6.6? > ># ifconfig pflow0 pflowproto 10 >ifconfig: SIOCSETPFLOW: Can't assign requested address > >pflow(4)

Re: sysupgrade woes on beaglebone black

On Fri, Jan 10, 2020 at 10:06:41AM +0100, Jan Stary wrote: > It seems it's the SD card that is slow (the machine > is a BeagleBone Black) - will try with a faster one. > > It seems I am missing out on >

Re: But there is Fossil...

On Sat, Jan 04, 2020 at 04:59:40PM +, go...@disroot.org wrote: > I never read Please stop wasting our time then. Thanks, Florian -- I'm not entirely sure you are real.

Re: OpenBSD's extremely poor network/disk performance?

On Tue, Jan 07, 2020 at 05:35:13PM +0300, Hamd wrote: > It's 2020 and it's -still- sad to see OpenBSD -still- has the > lowest/poorest (general/overall) performance ever: Thank you for your kind and encouraging words. I will get right on fixing these issues for you. -- I'm not entirely sure you

Re: memmem

On Tue, Apr 14, 2020 at 06:52:21AM +, Roderick wrote: > Is that not a little too primitive? I thought so, too. No context, no explanation just a one-liner. -- I'm not entirely sure you are real.

Re: OpenBSD insecurity rumors from isopenbsdsecu.re

Please leave, optionally seek professional help and never come back. -- I'm not entirely sure you are real.

Re: acme client failing [SOLVED]

A common problem. :( I finally got around to improve acme-client's error reporting, it should be better in -current and 6.8 On 23 May 2020 21:28:23 CEST, Teno Deuter wrote: >On Sat, May 23, 2020 at 8:22 PM Stuart Henderson >wrote: >> >> On 2020-05-23, Teno Deuter wrote: >> > acme-client:

Re: bgpd config advice needed

On Tue, Aug 25, 2020 at 09:48:04AM -, Stuart Henderson wrote: > > Guesses can be made, but a quick email might get a more accurate > answer :) "Hi, I see you are padding your announcements at $IX and we > are seeing you from other peers with the same path length, would you > prefer we send to

Re: OpenDNSSEC signer engine: Bus error: How to get debug information?

On Tue, Sep 22, 2020 at 04:08:16PM +0200, Why 42? The lists account. wrote: > > On Tue, Sep 22, 2020 at 07:12:47AM -, Stuart Henderson wrote: > > Sounds like they are trapping sigbus themselves but the handler isn't > > giving useful information. > > > > Try just running it under gdb: > >

Re: sysupgrade confused by additional disk?

On Mon, May 25, 2020 at 12:26:43PM -0400, Nick Holland wrote: > While OpenBSD itself is great about using duids, those are defined in > the 'a' partition of the boot disk..which is usually the first disk. But > in your case, the "first disk" doesn't include the 'a' partitionand the > /etc/fstab

Re: Is altroot a sysupgrade foe?

On Sun, Sep 20, 2020 at 01:19:17AM -0400, Predrag Punosevac wrote: > > Hi Misc, > > For number of years I had a very simple scheme to backup my OpenBSD > infrastructure servers running critical network services for our small > university lab. Namely, I would put a low profile usb flash drive and

Re: unwind, is it possible to prevent validation failures?

On Wed, Aug 05, 2020 at 07:19:29AM +0200, Peter J. Philipp wrote: > Hi, > > Aug 5 07:09:55 beta unwind[1703]: startup > Aug 5 07:09:59 beta unwind[62921]: validation failure > . A IN>: no DNSSEC records from 192.168.177.1 for DS internal.centroid.eu. > while > building chain of trust > >

Re: Sysupgrade fails with "cannot create SHA256.sig: Permission denied"

Wild guess, /home is an nfs mount or mounted read-only? That's not going to work unfortunately. On 17 June 2020 22:23:13 CEST, "Raymond, David" wrote: >I am trying to upgrade a bunch of machines from 6.6 to 6.7 using >sysupgrade and I get the message > >/usr/sbin/sysupgrade[136]: cannot create

Re: httpd location statement

I think the only way is to repeat the location statement for each extension :/ You can leave out the socket since that's the default On 10 December 2020 18:24:20 CET, Alexey Vatchenko wrote: >Hello! > >I’m migrating from ancient server with OpenBSD’s apache1 to 6.8 >OpenBSD’s httpd. >In my

Re: Impact of 002_icmp6.patch

On Fri, Oct 30, 2020 at 11:58:41AM +0100, Martin Schröder wrote: > Am Fr., 30. Okt. 2020 um 11:54 Uhr schrieb Denis Fondras > : > > Please, fix your tweet. The default install answer for IPv6 is 'none'. > > This borders on "switch off v6 for security reasons", which would be just > wrong.

Re: Website - Missing kstat man page

On 3 January 2021 15:25:13 CET, Ingo Schwarze wrote: >Hi, > >Daniel Jakots wrote on Sat, Jan 02, 2021 at 11:19:07PM -0500: >> On Sat, 2 Jan 2021 22:57:06 -0500, wrote: > >>> I came across a broken link during some pre-install research. >>> >>> While browsing URL

Re: nc(1) fails the tls handshake when destination ends with a full stop

On 2021-05-30 19:55 +02, Theo Buehler wrote: > On Sun, May 30, 2021 at 01:43:54PM -0400, Daniel Jakots wrote: >> On Sun, 30 May 2021 17:45:22 +0200, Theo Buehler >> wrote: >> >> > Unsure. If people really think this is useful and necessary, I can be >> > convinced. It's easy enough to do. And

Re: acme-client, error 21 at 0 depth lookup:unable to verify the first certificate

https://xkcd.com/979/ On Sat, Apr 03, 2021 at 05:43:36PM +0200, open...@crw.name wrote: > Self solved. > > Am 02.04.2021 14:02, schrieb open...@crw.name: > > Hello, I need some help to configure my acme-client the right way. > > > > Obtain certificates itself works using OpenBSD -current #434

Re: sysupgrade failure logs

What are the permissions on the bsd.upgrade that's left behind? If they are still +x then your issue is with the boot loader, maybe that boot.conf otto suggested. If they are -x then the boot loader started the install kernel but something went wrong. On 14 February 2021 18:02:07 CET, Judah

Re: dhcpleased with option dhcp-client-identifier

On 2021-08-18 12:48 UTC, Olivier Cherrier wrote: > Hi, > > I have a DHCP setup using dhcp-client-identifier option. > > On the DHCP server side, i use something similar to this: > ---8< /etc/dhcpd.conf > host rex { > option dhcp-client-identifier "rex"; >

Re: xterm not opening on latest snapshot?

mkdir ~/.cache should get you get going again until xterm is fixed. On 6 September 2021 08:41:38 CEST, henkjan gersen wrote: >That indeed gives much more output, but not sure it gives more clarity >as it ends with this: > >-- >69930 xterm CALL mprotect(0xf4aab8c6000,0x1000,0x3) >69930 xterm RET

Re: NSD exit status 11 on 7.0

On 2021-10-20 07:55 +02, Otto Moerbeek wrote: > On Wed, Oct 20, 2021 at 07:47:30AM +0200, Mischa wrote: > >> Unfortunately our joy was short lived. This morning I noticed a lot of >> Oct 20 07:44:15 name1 nsd[80814]: server 76410 died unexpectedly with status >> 11, restarting >> >> It looks

Re: How does bsd.upgrade work?

On 2021-10-18 14:38 UTC, tetrahe...@danwin1210.me wrote: > On Fri, Oct 15, 2021 at 10:14:56PM +, tetrahe...@danwin1210.me wrote: >>My setup is a little bit unusual, and I'm trying to understand why >>`uname -a` is still reporting 6.9 after I successfully booted >>bsd.upgrade and saw the

Re: Unwind does not seem to query forwarders it is pointed to

On 2021-12-06 13:49 +03, Maksim Rodin wrote: > Hello > I have the following unwind.conf: > ``` > cat /etc/unwind.conf > fwd1=192.168.1.150 > fwd2=192.168.1.1 > forwarder { $fwd1 $fwd2 } > preference forwarder > ``` > and an automatically generated resolv.conf: > ``` > cat /etc/resolv.conf >

Re: route advertisement question

On 2021-12-26 19:43 UTC, mgra...@brainfat.net wrote: > So my question is, is this expected behavior? When the router advertisement > does not have a router and > thus sets the router lifetime to 0 (as it should), should slaacd ignore > advertisement? Or should > it still configure an IP

Re: Upgrade to 7.0

Here we go again... On 23 November 2021 21:00:18 CET, "pas...@pascallen.nl" wrote: >I'm trying to upgrade to 7.0 but it fails. >The upgrade quide shows: > Check available disk space in /usr. Verify that the /usr partition > has a size of at least 1.1G. With less space the upgrade may fail

  1   2   >