Any experiences with OpenBSD and Dell HBA355i (and/or Dell R350)

As per subject really, does anyone on-list have experience with the Dell HBA355i controller and/or Dell350 ? I might have the chance to get my hands on an R350 which ideally I'd like to use with OpenBSD and so wanted to reach out the community to find out if there is anything I should be aware

Re: BGP Router Hardware Suggestions

2 Jul 2023, 22:58 by z...@philomathiclife.com: >  As a result, there is not much to "negotiate" > anyway. In summary if 10GSFP+Cu is acceptable, then you shouldn't worry > about the API not working on OpenBSD. > For the record, "API not working" is not exclusively about mediaopt settings. 

Re: BGP Router Hardware Suggestions

29 Jun 2023, 23:57 by lyn...@orthanc.ca: > We are about to discover the joys of upstream BGP routing :-P The > current plan is to use a pair of OpenBSD+bgpd hosts as the routers. > > Each host will require 4x10gig ports (SFP+). One of those links > (to AWS) will be close to saturated, along

Re: OpenBSD 7.3 ixl SIOCSIFMEDIA: Operation not supported

29 Jun 2023, 15:58 by z...@philomathiclife.com: > Just checked again, and my memory did not betray me: I am unable to set > the media let alone media options. It is likely the API being too new. > ixl(4) does state that one should flash their card with "the most recent > (stable) firmware",

Re: OpenBSD 7.3 ixl SIOCSIFMEDIA: Operation not supported

29 Jun 2023, 07:26 by stu.li...@spacehopper.org: > On 2023-06-28, Rachel Roch wrote: > >> Sadly the other side of the link is beyond my control, different company.  >> I'll certainly ask if they can turn on autonegotiation. >> > > autonegotiation isn't really

Re: OpenBSD 7.3 ixl SIOCSIFMEDIA: Operation not supported

28 Jun 2023, 19:35 by z...@philomathiclife.com: > On 6/28/23 14:03, Rachel Roch wrote: > >> Running "doas ifconfig ixl3 media 10GbaseLR" gives me "SIOCSIFMEDIA: >> Operation not supported" and I'm not sure why. >> > > I don't have time

OpenBSD 7.3 ixl SIOCSIFMEDIA: Operation not supported

Running "doas ifconfig ixl3 media 10GbaseLR" gives me "SIOCSIFMEDIA: Operation not supported" and I'm not sure why. I'm also not sure why "ifconfig ixl sff" shows no transceiver data even if there are FlexOptix transiceivers in two of the slots and I have confirmed that the card in question is

SSHD - Authorized_keys file format : relative validity, possible ?

According to the docs, "exprity-time="timespec" needs to be an absolute date/time,  and canot be relative. Am I misunderstanding this ? Or perhaps there is an alternative way to do what I want to achieve, namely to enforce maximum validity of a user's cert being presented to the server (i.e.

Re: Is CRONTAB(5) random really random ?

5 Jan 2023, 18:24 by purushar...@gmx.com: > Namaste Rachel, Theo(s), > >> Sent: Thursday, January 05, 2023 at 5:50 PM >> From: "Theo de Raadt" >> To: "Theo Buehler" >> Cc: "Rachel Roch" , "Misc" >> Subject: Re: Is

Is CRONTAB(5) random really random ?

According to the docs : > A random value (within the legal range) may be obtained by usingthe ‘~’ > character in a field. However I've been running release versions of OpenBSD with the following definition: ~ ~ ~ * * /my/task/goes/here && /usr/bin/logger -t foo

Cannot select media or mediaopt for HotLava Tambora 40G2S ( Intel 82599)

I have a HotLava Tambora 40G2S card which is Intel 82599 chipset. OpenBSD (7.2) detects this as ix: ix0 at pci2 dev 0 function 0 "Intel 82599" rev 0x01, msix, 4 queues ix1 at pci2 dev 0 function 1 "Intel 82599" rev 0x01, msix, 4 queues However I cannot seem to control media or mediaopt ? doas

Re: What determines source IP of traffic from OpenBSD box ?

28 Feb 2021, 11:28 by s...@spacehopper.org: > On 2021/02/28 11:46, Rachel Roch wrote: > >> Thank you all for the suggestions, I am currently testing a few of them. >> >> Incase it makes any difference, the underlying problem I have is I have two >> firewalls

Re: What determines source IP of traffic from OpenBSD box ?

2021, 15:34 by s...@spacehopper.org: > On 2021-02-26, Daniel Jakots wrote: > >> On Fri, 26 Feb 2021 11:53:40 +0100 (CET), Rachel Roch >> > > wrote: > >>> Let's say I'm running "pkg_add -u" on a OpenBSD-based router with >>> mul

What determines source IP of traffic from OpenBSD box ?

Hi Let's say I'm running "pkg_add -u" on a OpenBSD-based router with multiple interfaces. What determines the source IP ? Building on that, there is no "source interface" flag for pkg_add like there is for ping and certain others.  Is there a way for me to configure a default interface for

Re: man netstart(8) OpenBSD-6.8

> an updated diff for this just got committed. > jmc > Thank you all.  For myself and on behalf of future devoted man page readers, very much appreciated that such a key man page has been brought up to date. rr

Re: man netstart(8) OpenBSD-6.8

ne look forward to you adding your entry into the netstart man page > for community review. > > Sent with ProtonMail Secure Email. > > ‐‐‐ Original Message ‐‐‐ > On Sunday, 25 October 2020 09:42, Rachel Roch wrote: > >> 25 Oct 2020, 01:25 by dera...@openbsd

Re: man netstart(8) OpenBSD-6.8

25 Oct 2020, 01:25 by dera...@openbsd.org: > Rachel Roch wrote: > >> Is it just me or is the man entry for netstart(8) missing a reference to >> wg(4) ? >> > > ... and 300 other network interfaces. > > In otherwords, no, it should not be there. > OK

man netstart(8) OpenBSD-6.8

Hi Is it just me or is the man entry for netstart(8) missing a reference to wg(4) ? Rachel

Re: South American mirrors?

One of the CDNs would seem the obvious answer to your problem. Or have you already tried them ? Addresses are : Fastly (CDN) https://cdn.openbsd.org/pub/OpenBSD/ Cloudflare (CDN) https://cloudflare.cdn.openbsd.org/pub/OpenBSD/ Verizon Digital Media Services (CDN)

rad(8) and carp - anything I ought to know ?

Hi, I'm sure many here have been down this road before me.  So to save me many hours of tears and frustration, I have a simple question. Say I was hoping to use rad(8) in conjunction with carp, any tales from the battlefield (a.k.a. config tips, things to be aware of etc.). Thanks ! Rachel

Re: sysupgrade to 6.6 failed at comp66.tgz

> This topic has been beat to death. deraadt@ and other have made it clear that > if you do not install all the sets, you are running an unsupported > configuration. It has been stated that if people keep bitching, they're just > going to merge the release sets into one set. > > I like the

Re: sysupgrade to 6.6 failed at comp66.tgz

>> - maybe sysupgrade needs to be patched to avoid this issue? >> > > Probably not. sysupgrade has assumptions baked in to it which have > evidently been rendered invalid either by another tool or by the > person using them. That tool is where the patch most likely ought > to be directed. > >

bgpd not exporting default route

Hi, I'm probably being completely dumb here, but I'm adding an additional perimiter router to my network which is running OpenBSD 6.6. My current perimiter is a 6.4 instance (soon to be upgraded !) which talks BGP to internal firewalls. The config below works perfectly on 6.4, but on 6.6, the

Re: Sonos and OpenBSD PF - anyone on-list with experience ?

Thanks all for your ideas.  I'll spend a little time on it over the next few days and see how far I can get. 22 Nov 2019, 16:34 by s...@spacehopper.org: > On 2019-11-22, Peter N. M. Hansteen wrote: > >> On Fri, Nov 22, 2019 at 12:56:51PM +0100, Rachel Roch wrote: >> &

Re: Sonos and OpenBSD PF - anyone on-list with experience ?

round the > uPNP requirement ? > > > > > > > > On Fri, 22 Nov 2019 at 11:26, Rachel Roch wrote: > >> >> Hi, >> >> Refuse to use Sonos myself, but am helping (or trying to) out a friend who >> has a Sonos try to get things working wtih OpenBSD PF. >&

Sonos and OpenBSD PF - anyone on-list with experience ?

Hi, Refuse to use Sonos myself, but am helping (or trying to) out a friend who has a Sonos try to get things working wtih OpenBSD PF. I've simplified their PF rulese to a simple swiss cheese (i.e. stateful NAT'd allow any out to any). Everything else they care to run on their network is

ifstated.conf advice needed

Hi, I'm looking for a bit of help on how to write a sensible and safe (i.e. avoid race conditions) ifstated.conf. I have a scenario where I have a LACP trunk and on top of the trunk, I have four carp interfaces. So: trunk1 => carp0–3 Now, obviously I know I can monitor up/down on trunk1. But

Re: pfsync on VLAN - supported ?

14 Nov 2019, 11:21 by liste...@wernig.net: > On 14.11.2019 11:30, Rachel Roch wrote: > >>>> Does this mean Bad Things (TM) will happen if I try to use a dedicated >>>> vlan interface for pfsync ? >>>> > I have had pfsync running happily over

Re: pfsync on VLAN - supported ?

13 Nov 2019, 20:21 by ch...@nmedia.net: > Rachel Roch [rr...@tutanota.de] wrote: > >> Hi, >> >> Both the man page and FAQ (https://www.openbsd.org/faq/pf/carp.html) >> <https://www.openbsd.org/faq/pf/carp.html> talk about "physical interface&

pfsync on VLAN - supported ?

Hi, Both the man page and FAQ (https://www.openbsd.org/faq/pf/carp.html) talk about "physical interface" in relation to the syncdev parameter. Does this mean Bad Things (TM) will happen if I try to use a dedicated vlan interface for pfsync ? Thanks

bgpctl sho ri nei terse output vs man page discrepancy

Hi, Hopefully I'm not missing something silly here but I've read the paragraph in the man page and it only lists 15 variables: "The printed numbers are the sent and received open, sent and received notifications, sent and received updates, sent and received keepalives, and sent and received

Re: Prometheus node_exporter on OpenBSD - anyone managed ?

Sep 20, 2019, 15:57 by k...@plek.org: >> On Sep 20, 2019, at 01:38, Rachel Roch >> >> Regarding the other gmake suggestion, that possibility occurred to me after >> sending yesterday's email, but I guess I would have to edit various source >> files to make sure

Re: Prometheus node_exporter on OpenBSD - anyone managed ?

the build with 'gmake'. >> >> >> If you don't already have gmake installed: >> >> >> # pkg_add gmake >> > > Or just do `pkg_add node_exporter`. While prometheus does not provide > a pre-compiled binary OpenBSD does. > >> On Thu, Se

Prometheus node_exporter on OpenBSD - anyone managed ?

Hi, The official Prometheus github repo (https://github.com/prometheus/node_exporter) appears to suggest in multiple places that node_exporter is capable of working on OpenBSD. But although they provide pre-compiled binaries for multiple platforms

Re: NSD & Unbound refusing to bind to IPv6 when anycast flag set ?

> RFC3513 says this: > > o An anycast address must not be used as the source address of > an IPv6 packet. > > o An anycast address must not be assigned to an IPv6 host, that > is, it may be assigned to an IPv6 router only. > > And to help ensure this, the kernel denies binding to an address

NSD & Unbound refusing to bind to IPv6 when anycast flag set ?

I'm still learning IPv6 intricacies, so forgive me if this is a silly question. When I have interfaces set in the standard manner, e.g.: inet6 2001:DB8:beef::1 128 up NSD and Unbound will bind to that address without problem. However if I add the anycast flag: inet6 2001:DB8:beef::1 128

PKCS11 on OpenBSD 6.5 ?

Hi, To save me hours of Googling followed by hours of console bashing I thought perhaps someone here who's "been there, done that, got the T-shirt" can point me in the right direction. So far I've got: • A USB HSM • OpenSC installed (from package) and working (i.e. no problems using

nat-to random : A couple of questions

Hi, I've read the delightful manual but its a little terse in this area, so I hope some knowledgeable soul can enlighten me: 1) Looking at tcpdumps, I've noticed (on 6.5 have no prior experience with nat-to random to compare against) that 'random' seems to operate more like 'round-robin' 

Re: Code of Conduct location

Apr 28, 2019, 9:16 AM by cho...@jtan.com : > Strahil Nikolov writes: > >> Hello All, >> >> can someone point me to the link of the OpenBSD code of Conduct ? >> > > I believe OpenBSD's code of conduct can be summed up as "if you are the > type of person who needs a code of

Re: Down on em fibre doesn't kill Layer 1 ?

Apr 18, 2019, 10:41 AM by s...@spacehopper.org: > On 2019-04-16, Rachel Roch <> rr...@tutanota.de <mailto:rr...@tutanota.de>> > > wrote: > >> Hi, >> >> Is it expected behaviour that ifconfig emX down on a fibre interface doesn't >> kill the l

Down on em fibre doesn't kill Layer 1 ?

Hi, Is it expected behaviour that ifconfig emX down on a fibre interface doesn't kill the laser on a GBIC ? Rachel

Re: Viewing SFP diagnostic data in OpenBSD ?

Apr 8, 2019, 5:25 AM by da...@gwynne.id.au: > > >> On 6 Apr 2019, at 01:54, Rachel Roch <>> rr...@tutanota.de >> <mailto:rr...@tutanota.de>>> > wrote: >> >> >> >> >> Apr 2, 2019, 11:19 PM by >> da...@gwynne.id.au <m

Re: bgpd between two 6.4 boxes. IPv6 flapping, IPv4 rock solid

Mar 30, 2019, 11:10 AM by s...@spacehopper.org: > On 2019-03-29, Rachel Roch <> rr...@tutanota.de <mailto:rr...@tutanota.de>> > > wrote: > >> Hi, >> >> Has anyone encountered this before ? >> >> Neighbor    AS    Msg

Viewing SFP diagnostic data in OpenBSD ?

Hi, Hopefully I'm just searching the man pages wrong but I can't seem to find any hints as to how I can view SFP diagnostics in OpenBSD (i.e. light power etc.) Perhaps someone could kindly point me in the right direction ? Rachel

Re: bgpd between two 6.4 boxes. IPv6 flapping, IPv4 rock solid

29 Mar 2019, 18:57 by rr...@tutanota.de: > Hi, > > Has anyone encountered this before ? > > Neighbor    AS    MsgRcvd    MsgSent  OutQ Up/Down  State/PrfRcvd > EXT-V6-R2   65515 50 40 0 00:02:55 Active > EXT-V4-R2   65515 38 37 0

bgpd between two 6.4 boxes. IPv6 flapping, IPv4 rock solid

Hi, Has anyone encountered this before ? Neighbor    AS    MsgRcvd    MsgSent  OutQ Up/Down  State/PrfRcvd EXT-V6-R2   65515 50 40 0 00:02:55 Active EXT-V4-R2   65515 38 37 0 00:27:42  1 After approx just over 2 minutes, the V6

Re: How to overrule bioctl "chunk already in use"

29 Mar 2019, 02:42 by n...@holland-consulting.net: > On 3/28/19 10:29 AM, Rachel Roch wrote: > >> Hi, >> >> I've been following the instructions here >> https://www.openbsd.org/faq/faq14.html >> <https://www.openbsd.org/faq/faq14.html> >> <&

How to overrule bioctl "chunk already in use"

Hi, I've been following the instructions here https://www.openbsd.org/faq/faq14.html to setup softraid. Unfortunately I somehow messed up the original attempt through my own stupidity. So I've been trying to go through the steps again.  However nothing

Re: Current thinking on OpenBSD "router" "firewall" role separation ?

Mar 3, 2019, 11:34 AM by s...@spacehopper.org: > On 2019-03-02, Rachel Roch <> rr...@tutanota.de <mailto:rr...@tutanota.de>> > > wrote: > >> Hi, >> >> I would be interested to find out the community's view on whether separating >> "route

Current thinking on OpenBSD "router" "firewall" role separation ?

Hi, I would be interested to find out the community's view on whether separating "router" and "firewall" roles is still a good thing or whether developments in recent iterations of OpenBSD would permit aggregation whilst maintaining integrity and security ? If you forgive my attempt at ASCII

Any experiences with recent single-socket Dell machines (i.e. R230/R330/R340)

Hi, Subject line says it all really, I'm looking to hear of people's experiences with recent models of Dell single-socket machines (i.e. R230/R330/R340 - especially the newest R340, obviously!). I'm looking for a decent machine with enterprisey features (i.e. hotswap PSU + drives,

Experiences with single mode fibre on OpenBSD ?

Hi, I see the man pages mention the odd SM fibre NIC, which is a good start. However I could do with some real-world feedback from people in terms of the SM NICs they're using and any other experiences with SM on OpenBSD. Thanks ! Rachel

Re: TLS suddenly not working over IKED site-to-site

> Rachel, > > As a first step, try using s_client to connect to a TLS service and see what > comes back: > > $ openssl s_client -connect : -showcerts > > There are more possible options on s_client to debug more deeply but this is > a good start. > > > --Paul > In answer to the above.

Re: TLS suddenly not working over IKED site-to-site

> > Hello, > This appears to be the same thing I have been having issues with and > mentioned in a post to misc last week ("Untable ssl connections over ikev2 > VPN") - (yes, typo intact - it should be "unstable"). > > I have tried adding a "max-mss 1300" directive into pf.conf (i.e.: "match

TLS suddenly not working over IKED site-to-site

I hope someone here can shed light on an infuriating problem I’ve spent a week trying to resolve without luck. The problem concerns an IKED site-to-site VPN on OpenBSD 6.3 (both endpoints fully syspatched). The VPN worked absolutely perfectly until it suddenly started behaving strangely.