Metoo. I couldn't grab the screen output yet, but AFAICS the trace
looks the same as in Don's EMail. I could reproduce this on
2 machines. Both work fine with 4.2 (amd64).
Hardware is a Tyan Tomcat H1000S main board, Dual-Core Opteron
(1.8 GHz), 2 GByte RAM.
I could reproduce it with /bsd and
PS: Disabling ACPI in the bios didn't work for me. But if I disable
acpi in UKC, then the kernel boots fine (AFAICS).
Surely just a workaround.
Regards
Harri
Hi folks,
I haven't seen this mentioned on the mailing list, and
the man page doesn't tell, either, so hopefully it is
allowed to ask:
Does pciide support hot-swapping hard disks? (I've got a
ServerWorks HT-1000 SATA2 controller and the appropriate
disks.)
Regards
Harri
Maybe VirtualBox-OSE is an option? It explicitly mentions OpenBSD on the
list of supported guests: http://www.virtualbox.org/wiki/Guest_OSes .
Good luck
Harri
GVG GVG wrote:
Dear group,
I would like to assign more than 1 static IPs on the same NIC in order to
bind more than one services on port 443! Is that possible?
I used 'alias' for that but didn't work! Once I bind a service on port 443
for the first static IP then this port is also 'taken' for
I know the man page for openssl is huge, but the man page for
isakmpd has some nice description about how to setup a local
CA. Maybe this helps as a starting point?
Good luck
Harri
Paul Irofti wrote:
Do the CLI SIP Phone! I wanted to code that for so long, but the SIP
protocol and its friends tend to go so far as time just wasn't enough.
But it would be pretty cool to have that.
http://www.pjsip.org/pjsua.htm ?
Regards
Harri
Hi folks,
I am trying to setup an IPsec connection between OpenBSD
and WindowsXP (NCP IPsec client). ipsec.conf is just a
single line:
ike passive esp from 192.168.5.1 to 192.168.1.249
(192.168.1.249 is the Windows PC.)
Phase I seems to work, but in Phase II isakmpd complains:
Jun
Hi Prabhu,
I do get a connection for
ike passive esp from 192.168.5.0/31 to 192.168.1.249
but not for
ike passive esp from 192.168.5.1 to 192.168.1.249
(192.168.1.249 is the remote Windows laptop running NCP IPsec client.)
So I doubt that this is a problem of aes vs 3des.
Mitja Muenih wrote:
It is not a problem within isakmpd, it will accept IPV4_ADDR_SUBNET of size
/32.
As I already explained to you in a private mail, ipsecctl will export both
192.168.1.249 and 192.168.1.249/32 into IPV4_ADDR=192.168.1.249 while your
windows client is sending IPV4_ADDR_SUBNET
PS: If I don't define any remote networks in NCP client, then it tries
to send all ip traffic via esp to the OpenBSD gateway, but isakmpd
whoes:
responder_recv_HASH_SA_NONCE: peer proposed invalid phase 2 IDs: initiator id
c0a801f9: 192.168.1.249, responder id /: 0.0.0.0/0.0.0.0
Hi folks,
Tinyca allows to export a chain of CA certificates within
one file, but it took me quite some time to recognize that
isakmpd can't handle this. Or can it?
Regards
Harri
Hi folks,
I've got a configuration issue with Raidframe: Our
gateway/firewall runs a raid1 for the system disk.
No swap partition.
Recently one of the raid disks (wd0) showed some
problem:
Aug 2 17:22:35 fw01 /bsd: wd0(pciide0:0:0): timeout
Aug 2 17:53:52 fw01 /bsd: type: ata
Aug 2
Ariane van der Steldt wrote:
Your best bet is to replace the disk. 30 minutes wait time seems a bit
odd though. I have a similar situation where one disk is having
problems, requiring the disk to restart, but that only takes approx. a
minute. You can mark the disk as bad and replace it before
nothingness wrote:
Presumably this was after a reboot? If so, the trick is to move the
'raidctl -P all' line from /etc/rc to /etc/rc.local and add a '' so it
runs as a background process.
There was no reboot involved. Before this event the machine was
running for weeks, and it is still
Ariane van der Steldt wrote:
On Thu, Aug 07, 2008 at 11:41:59AM +0200, Harald Dunkel wrote:
Ariane van der Steldt wrote:
Your best bet is to replace the disk. 30 minutes wait time seems a bit
odd though. I have a similar situation where one disk is having
problems, requiring the disk
Stuart Henderson wrote:
With IDE (Integrated Drive Electronics), the controller is *on the
drive*. A failing drive/controller can do all sorts of nasty things
to the host system.
So you mean I should not use IDE disks (PATA or SATA), because
Raidframe cannot support a failsafe operation
Hi Nick,
I highly appreciate your detailed report about your experiences
with RAID systems. That was cool. Surely I don't expect any
miracles from RAID anymore.
The current plan is to move to a ramdisk based system to get rid
of disk access afap, and to use carp to setup a fallback host.
Hi Ryan,
These links might help:
http://www.kernel-panic.it/openbsd/vpn/vpn3.html#vpn-3.4
http://www.openbsd.org/cgi-bin/man.cgi?query=enc
Good luck
Harri
Marco Fretz wrote:
Bridges are layer 2, carp is layer 3 (it shares IP addresses). So carp
can not handle this by its nature I think. Just place the both bridges
in your LAN and you have your fail-over solution.
Packet Filter still does stateful inspection, even in bridging mode,
AFAIK. So
Check the pfsync man page about how pfsync and carp are related
in a failover scenario.
Henning Brauer wrote:
* Harald Dunkel [EMAIL PROTECTED] [2008-08-20 09:43]:
Marco Fretz wrote:
Bridges are layer 2, carp is layer 3 (it shares IP addresses). So carp
can not handle this by its nature I
Hi folks,
Question: How can I make sure that em2 doesn't become em0
if my dual-port NIC dies? This would be fatal for my firewall
setup. At least the antispoof rules _must_ be bound to the
network devices.
Of course I could buy different hardware for the external and
internal network
Hi Jared,
jared r r spiegel wrote:
On Fri, Aug 22, 2008 at 04:16:38PM +0200, Harald Dunkel wrote:
Hi folks,
Question: How can I make sure that em2 doesn't become em0
if my dual-port NIC dies? This would be fatal for my firewall
setup. At least the antispoof rules _must_ be bound
PS: Below is the code, if anybody is interested. Should be run
before /etc/netstart. To use it you should create a file
/etc/ifconfig.xx:xx:xx:xx:xx:xx
for each network device (xx:xx:xx:xx:xx:xx is the MAC
address). Each line is run with
ifconfig if $line
Here is a sample
===
Henning Brauer wrote:
* Harald Dunkel [EMAIL PROTECTED] [2008-08-22 16:33]:
Question: How can I make sure that em2 doesn't become em0
if my dual-port NIC dies?
[EMAIL PROTECTED] $ dmesg | grep '^em0'
em0 at pci5 dev 0 function 0 Intel PRO/1000 PT (80003ES2) rev 0x01:
apic 2 int 18 (irq 11
Hi folks,
Are the more recent 3ware raid controllers supported, e.g.
the 3Ware 9650SE series? Its not mentioned on the compatibility
list or in the current man page, but maybe (hopefully) it is out
of date?
Regards
Harri
png";
google_ad_width = 160;
google_ad_height = 600;
google_ad_format = "160x600_as";
google_ad_channel = "8427791634";
google_color_border = "FF";
google_color_bg = "FF";
google_color_link = "006792";
google_color_url = "006792";
png";
google_ad_width = 160;
google_ad_height = 600;
google_ad_format = "160x600_as";
google_ad_channel = "8427791634";
google_color_border = "FF";
google_color_bg = "FF";
google_color_link = "006792";
google_color_url = "006792";
png";
google_ad_width = 160;
google_ad_height = 600;
google_ad_format = "160x600_as";
google_ad_channel = "8427791634";
google_color_border = "FF";
google_color_bg = "FF";
google_color_link = "006792";
google_color_url = "006792";
png";
google_ad_width = 160;
google_ad_height = 600;
google_ad_format = "160x600_as";
google_ad_channel = "8427791634";
google_color_border = "FF";
google_color_bg = "FF";
google_color_link = "006792";
google_color_url = "006792";
Hi folks,
Short question: Is there some magic in /etc/boot.conf I could
use to reset the terminal before booting?
Here is the problem:
AFAICS the BIOS in my Supermicro board switches to black chars
on a black background before disabling console redirection and
handing off control to the OpenBSD
Hi folks,
Harald Dunkel wrote:
Question: How can I make sure that em2 doesn't become em0
if my dual-port NIC dies? This would be fatal for my firewall
setup. At least the antispoof rules _must_ be bound to the
network devices.
Sorry to wake this thread up again, but this problem
Peter N. M. Hansteen wrote:
Harald Dunkel [EMAIL PROTECTED] writes:
Sorry to wake this thread up again, but this problem is a severe
security risk. IMHO it is unacceptable that a hardware failure on
one NIC of a firewall can put the whole network at risk, just because
the mapping between
Jussi Peltola wrote:
I see no problem in setting interface groups based on mac address.
You should be able to hack a suitable script to do that in a few
minutes.
AFAICS brconfig does not support group names.
Regards
Harri
Hi Theo,
Theo de Raadt wrote:
This appears to be a fairly simple change. Does it sound reasonable to
people with more knowledge of OpenBSD networking?
No, it is not reasonble. You are inventing problems at a very high
level just because some very low level pci-related bug is making some
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi folks,
I tried todays installer CD of 4.7. Installation went fine, except
for one problem: It failed to initialize the 1.4 TByte data partition,
and on the first reboot it complained about a file system problem and
entered single user mode.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 03/11/10 21:18, Tomas Bodzar wrote:
No one canceled RTFM and UTFG
http://www.openbsd.org/faq/faq14.html#LargeDrive
I am not talking about the boot partition, but about a data partition
set up at install time.
Not to mention that OpenBSD is
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 03/11/10 22:49, Stuart Henderson wrote:
On 2010-03-11, Harald Dunkel ha...@darkharri.de wrote:
I am not talking about the boot partition, but about a data partition
set up at install time.
Not to mention that OpenBSD is so easy to install
Hi folks,
pf.conf(5) says
In the example below, packets bound for one specific server, as well as
those generated by the sysadmins are not proxied; all other connections
are.
match in on $int_if proto { tcp, udp } from any to any port 80 \
rdr-to 127.0.0.1
On 01/18/11 19:06, Henning Brauer wrote:
Harald Dunkel wrote on Tue, Jan 18, 2011 at 04:41:39PM +0100:
pf.conf(5) says
In the example below, packets bound for one specific server, as well as
those generated by the sysadmins are not proxied; all other connections
Hi folks,
In the example for the rdr-to and nat-to combination in
the pf FAQs it seems that the http traffic is redirected
back through the incoming interface:
pass in on $int_if proto tcp from $int_net to $ext_if port 80 \
rdr-to $server
pass out on $int_if proto tcp to $server port 80 \
Hi folks,
are the rdr-to and nat-to options in pass rules as sticky
as for match rules?
Sample:
pass in on $ext_if from any to 1.2.3.0/24 port 80 tag MYTAG rdr-to $host_a
pass in on $ext_if from any to 1.2.3.42 port 80
AFAIU traffic to 1.2.3.42 port 80 would be tagged with MYTAG.
Would it be
On 01/20/11 12:39, Henning Brauer wrote:
* Harald Dunkel harald.dun...@aixigo.de [2011-01-20 11:55]:
Of course I checked the man page, but it didn't tell.
blasphemia. of course it does.
match
The packet is matched. This mechanism is used to provide fine
Hi Wes,
On 01/20/11 12:27, OpenBSD Geek wrote:
Hi,
I use OpenBSD 4.7, and so Sendmail MTA 8.14.3
I enabled TLS using good manpages : starttls. It's ok.
But now, i want to enable AUTH for smtp.
How can i achieve that ?
Thank you very much.
Maybe this helps:
Hi folks,
Problem: For rotating pflog log files I need the PID
of the appropriate pflogd. For 4.3 I could rely
upon pflogd -p pflogd4.pid, but for 4.8 the -p
is not allowed anymore :-(. The man page still points
to newsyslog, but thats all.
Of course this can be solved by messing around
with
On 01/27/11 14:01, Otto Moerbeek wrote:
-p is prone to race conditions.
A race condition on writing a pid file in main()?
It would be very interesting to get more details
about this.
Regards
Harri
On 01/27/11 15:37, Otto Moerbeek wrote:
in genreal, when things go wrong, a pid file might remain. That file
does not reflect the pid of a pflogd daemon. You might be sending a
HUP to the wrong process. A race condition occurs when pflogd is
restarted, and in the meantime a process reads the
Hi folks,
If I add antispoof quick for self to my pf.conf to enable
antispoofing on all interfaces, then I get these additional
rules:
block drop in quick on ! self inet from __automatic_3df3184e_0 to any
block drop in quick on ! self inet6 from ::1 to any
block drop in quick inet6 from ::1 to
Hi folks,
from a previous thread on this list I learned that
keep state (no-sync) should be added to all rules
concerning either a local service or local client
running on the gateway itself.
Esp. when you do nat this becomes pretty error-prone.
Its easy to forget.
AFAICS something like
Hi folks,
my IP provider doesn't support IPv6 yet. What is the
recommended Packet Filter setup on an OpenBSD 4.8 gateway
for this scenario? How do I make sure in pf that this
ICMPv6 Neighbor solitication thing works correctly?
Do I have to handle the ipv6-where and ipv6-here
icmp types (IPv4!) as
Hi Paul,
On 02/10/11 11:22, Paul de Weerd wrote:
Hi Harald,
What are you trying to achieve ? You mention your provider doesn't
support IPv6 yet but want to make sure neighbour sollicitation works ?
Why do you want to support neighbour discovery when your ISP doesn't
do IPv6 ?
Sorry,
Hi folks,
what would be the correct way to define network aliases
on a carp interface? Currently I have the code below, but
I see some packet filter problems around route-to that
might be related to a misconfigured carp interface.
em1:
inet 172.12.96.5 255.255.252.0 NONE
inet alias
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi Henning,
On 02/17/11 17:37, Henning Brauer wrote:
your way to configure aliases is correct, however, the masks are not.
you are screwing up routing. you want an all-ones netmask on each and
every IP address except one per subnet. alas you
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 02/17/11 23:13, Daniel Ouellet wrote:
Think about it that way may be.
You want an alias IP's, not an alias subnet, so how do you enter a single IP?
With a /32 subnet.
Actually I _do_ want to have alias subnets, as written before:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi folks,
On 02/18/11 03:43, Dan Harnett wrote:
IMHO, it would be better to use a new carp device for each alias. The
routes will be created and destroyed properly with the status change of
each carp device.
I tried this together with
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi folks,
How comes that all group names set in /etc/hostname.tun0 get lost
(except for tun, as it seems), if using OpenVPN on this interface?
What would you suggest to keep the defined group names?
Any helpful comment would be highly appreciated.
If you are looking for some GUI to manage keys and
certificates, then you should consider TinyCA . Its
in the packages.
To setup OpenVPN (including all that certificate stuff)
this page might help:
http://www.kernel-panic.it/openbsd/vpn/index.html
Good luck
Harri
I cannot speak for OpenBSD here, but for Linux a core dump of gcc
was an indication for bad RAM, i.e. a hardware problem.
Regards
Harri
Hi folks,
I am evaluating smartmontools-5.37p0 on OpenBSD 4.3. During
the short Smart selftest for the first disk the machine died.
After a reset the machine booted fine (without smartd), but
smartctl -a shows me for /dev/sd0c:
:
SMART Self-test log structure revision number 1
Num
PS: This is reproducible. There was no message, crash dump, etc.
on the console.
Regards
Harri
Hi folks,
I haven't found it mentioned here yet, so I wonder if somebody
could share his experiences in running openBSD on a Shuttle DS81
(Intel DH82H81 chipset, Haswell i3 or i5). Is the hardware too new
for openBSD 5.5?
Every helpful comment is highly appreciated.
Harri
Hi folks,
I'm running openBSD (the current version of 2 days ago) on a
Shuttle DS437. No XWindow support. Problem: If I boot it without
a monitor connected, then there is no screen output later.
How can I avoid the reboot to make the screen working?
The DS437 is supposed to become a headless
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 09/22/14 13:23, Jonathan Gray wrote:
What video outputs does the machine have? Can you connect the display via a
different one? Given the invalid EDID warning in your dmesg you may want to
try a different display.
It has a DVI and a
On 09/23/14 15:48, Alexander Hall wrote:
On September 23, 2014 3:00:41 PM CEST, openda...@hushmail.com wrote:
Hi,
Expanding on the whole
http://en.wikipedia.org/wiki/Convention_over_configuration thing --
why aren't there any sane PKG_PATH defaults? Ie.:
release=$(uname -r)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 09/24/14 07:51, Jonathan Gray wrote:
Perhaps there is ghost crt output involved, could you try the following patch?
[snip]
No improvement, unfortunately :-(.
Regards
Harri
iQEcBAEBCAAGBQJUIpMAAAoJEAqeKp5m04HL7AcH/2MuWG0vu44q/KTwbyfBKzsb
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi Ingo,
On 09/24/14 11:29, Ingo Schwarze wrote:
Hi,
Harald Dunkel wrote on Wed, Sep 24, 2014 at 07:14:21AM +0200:
This is something that could be added to /etc/examples. See the attachment
suggesting a first version.
I hate
On 09/24/14 12:51, Jonathan Gray wrote:
Add option DRMDEBUG to your kernel config and build a new kernel,
then mail me the resulting dmesg off list.
Attached.
Connecting a display via a digital output should normally trigger a
hotplug event via an interrupt and set everything up. Outputs
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi folks,
Google didn't tell if this has been discussed before, so I wonder
if you have considered moving from CVS to git?
Regards
Harri
iQEcBAEBCAAGBQJUIrkOAAoJEAqeKp5m04HLvlsIAIDoqDnsNUmEvLNMjZ2+g6Sl
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 09/24/14 14:35, Gilles Chehade wrote:
no, this was never discussed before and google doesn't know about it:
http://www.lmgtfy.com/?q=openbsd+git
2nd link.
Ah, I see. I had google search set to Past year from another search.
Thanx
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 09/24/14 14:51, Theo de Raadt wrote:
Hi folks,
Google didn't tell if this has been discussed before, so I wonder if you
have considered moving from CVS to git?
Don't often see a troll opening with such a big lie.
My recommendation to
Hi folks,
I've setup a pppoe connection to my ISP (Deutsche Telekom),
following pppoe(4). Problem:
At boot time the connection is not setup immediately.
ifconfig -A shows just
re0: flags=28843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,NOINET6 mtu
1500
lladdr
Hi Pieter,
On 09/29/14 10:54, Pieter Verberne wrote:
On 2014-09-26 18:52, Harald Dunkel wrote:
It takes 2 or 3 minutes till the connection is established.
I have seen very similar things on Soekris. Also hostname.pppoe0 seems to be
picky
about the syntax. Where you can just [enter
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi folks,
Pf question about parentheses around self: Does (self)
work similar to (egress)? pf.conf(5) describes parentheses
around interface names and interface groups, but self is
not mentioned:
address= ( interface-name | interface-group
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi folks,
On 10/07/14 05:12, Giancarlo Razzolini wrote:
On 04-10-2014 11:06, Peter N. M. Hansteen wrote:
The parentheses denote potentially dynamic addresses, and IIRC the main
difference is that with parentheses the list will be expanded IIRC
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 10/08/14 21:44, Henning Brauer wrote:
* Harald Dunkel ha...@afaics.de [2014-10-07 13:46]:
A related question: I wonder how well (self) and (group) perform,
compared to tables listing IP addresses? Is (self) evaluated every time for
each
Hi folks,
I've got 2 NA570 (a network appliance from Axiomtek). Problem:
OpenBSD 5.6 installs fine, but this seems to poison the
installation target disk somehow. It doesn't boot. :-(
I have to overwrite the MBR just to make the BIOS work again.
Or I have to use a 4GB CF card for booting.
Hi folks,
How is the current install56.iso in pub/OpenBSD/snapshots/amd64/ on
the mirrors related to the shipped 5.6 CDs?
Regards
Harri
On 10/27/14 19:44, Theo de Raadt wrote:
How is the current install56.iso in pub/OpenBSD/snapshots/amd64/ on
the mirrors related to the shipped 5.6 CDs?
From the ftp site:
-rw-r--r-- 1 root wheel 58741116 Oct 27 01:42 base56.tgz
That is around 11 hours ago. Probably a bit newer
On 10/27/14 20:19, Theo de Raadt wrote:
Major differences.
The snapshot code is -current. That includes commits from only a few
hours earlier. From time to time, it also contains changes which are
not yet commited.
If I got you correctly the current install56.iso from the
snapshots
Hi David,
On 10/27/14 20:20, David Vasek wrote:
This quite recent thread comes to mind:
http://marc.info/?t=13988430601r=1w=2
Are your symptoms similar? AMI BIOS versions dated close to each other, maybe.
That looks *very* close to the problem I have with the
Axiomtek NA570. I will
On 10/28/14 09:02, Richard Toohey wrote:
You get your asbestos pants on, and I'll get myself some popcorn.
I didn't mean any offense.
Thanx for the heads-up
Harri
Hi Oliver,
On 10/28/14 14:23, Oliver Peter wrote:
If the difference between release and snapshot is too confusing for
you, you should probably just stay with release. If you need releases
on time you should order a CD set next time.
Of course I understand that there is a difference
On 10/28/14 09:08, Harald Dunkel wrote:
That looks *very* close to the problem I have with the
Axiomtek NA570. I will forward a pointer to this thread
to the manufacturer. Stay tuned.
The vendor has sent me a BIOS update. Problem solved.
Regards
Harri
Hi folks,
Would it be possible for pfctl -f to search include files relative to
the including file instead of the cwd, similar to #include myheader.h
in C?
This would help to check the syntax before putting the new pf files
into place.
Sample: Using
include pf_customers.conf
in my
Hi folks,
pfctl can give me an extended list of tables showing interface
group names, self, etc. Sample:
# pfctl -g -sT
egress
egress:0
extern
extern:network
intern:network
nospamd
self
spamd-white
unroutable
How
On 12/28/14 13:51, Maxim Khitrov wrote:
These tables are under the hidden _pf anchor:
pfctl -a _pf -t extern -T show
Thats cool. Where did you find this? Searching on openbsd.org
for _pf revealed only
http://www.openbsd.org/papers/ven05-henning/mgp00011.txt .
This is surely something
On 12/28/14 15:35, Harald Dunkel wrote:
Thats cool. Where did you find this? Searching on openbsd.org
for _pf revealed only
http://www.openbsd.org/papers/ven05-henning/mgp00011.txt .
This is surely something that should go to the man page or to
the FAQs for pf.
PS: Another important
Hi folks,
AFAICS the old net.inet6.ip6.accept_rtadv was replaced with a
local autoconf flag for each interface. I wonder if autoconf
is set or cleared by default, if inet6 is configured for the
network interfaces and if net.inet6.ip6.forwarding is enabled?
Every helpful comment is highly
On 12/30/14 18:26, Henrik Friedrichsen wrote:
It certainly doesn't seem to be enabled by default as I just had to
enable it to get an IPv6 assigned. This was on -CURRENt, though.
My concern is about accepting foreign routing advertisements on a
gateway.
Regards
Harri
Hi folks,
Following OpenBSD 5.6 stable, what is the recommended
procedure to upgrade libressl to the most recent stable
version?
Regards
Harri
On 01/29/15 11:43, Maurice McCarthy wrote:
As the operating system and applications are tightly integrated that may be a
bad idea. More likely it is better to upgrade to current. I'd think you would
be on your own if you compile from source for stable - and code is changing
quickly.
Hi Maurice,
On 01/29/15 15:01, Maurice McCarthy wrote:
Harald,
Thinking about it Libressl is not in 5.6 at all. There is only Openssl.
The easiest way to keep stable up to date is to install the openup script
from mtier.
https://stable.mtier.org/
Thanx very much for your
On 01/07/15 23:38, Sebastian Benoit wrote:
autoconf is only enabled if you do
ifconfig if inet6 autoconf
otherwise, RAs will be ignored.
Thanx very much. I would suggest to mention the default in
ifconfig(8).
Regards
Harri
On Sat, 14 Mar 2015 20:25:49 + (UTC)
Stuart Henderson s...@spacehopper.org wrote:
On 2015-03-14, Harald Dunkel ha...@afaics.de wrote:
Agreed. But release(8) doesn't make any assumptions about
the base system, AFAICS. Using 5.6 stable to checkout and
build OPENBSD_5_7_BASE appears
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi folks,
building userland of the new stable branch failed with
# rm -rf /usr/obj/* cd /usr/src make obj cd /usr/src/etc env
DESTDIR=/ make distrib-dirs cd /usr/src make build
:
:
touch /tmp/_etcdir.kw0UXjXwDD/usr/share/sysmerge/etcsum
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 03/14/15 12:54, Steven McDonald wrote:
/var/tmp was replaced with a symlink to /tmp between 5.6 and 5.7. Compiling
from source isn't a supported way to upgrade from one to the other; this is
well documented in the FAQ:
Hi folks,
IKEv1 in a carp environment using sasyncd:
If I flush all flows and SAs and load a different ipsec.conf,
then the new flows and SAs are not established :-(. AFAIU
sasyncd saw no reason to activate the master isakmpd again,
since there was no failover on the watched carp interface.
On Fri, 27 Feb 2015 12:46:19 +
skin...@britvault.co.uk (Craig Skinner) wrote:
$ awk '/^domain/ { print $2 }' /etc/services
53/tcp
53/udp
Now what? Both? Either? First? Last? Random?
Both.
[demime 1.01d removed an attachment of type application/pgp-signature which had
a name of
Hi folks,
/etc/services provides protocol information as well, so I wonder
if a pf line like
pass in from any to (self) port telnet
could be read as
pass in proto tcp from any to (self) port 23
?
Currently (5.6 stable) there is an error message, e.g.
On Fri, 27 Feb 2015 09:22:21 +
Loïc Blot loic.b...@unix-experience.fr wrote:
Hello,
in the first example you don't specify proto tcp.
Thats the point. /etc/services says
telnet 23/tcp
so pf could figure this out on its own.
Regards
Harri
1 - 100 of 260 matches
Mail list logo