Re: OpenIKED: IPv4 traffic over IPv6 tunnel

On 2019-11-14, Pulz, Joerg wrote: > > IKEv2 tunnel using OpenIKED between the external IPv6 addresses of both sites. > IPv4 networks of Site-A should be able to communicate with the IPv4 > network of Site-B and the other way round through the IKEv2 tunnel. > > > The actual state: > > The IKEv2 t

Re: pfsync on VLAN - supported ?

On 2019-11-13, Chris Cappuccio wrote: > Rachel Roch [rr...@tutanota.de] wrote: >> Hi, >> >> Both the man page and FAQ (https://www.openbsd.org/faq/pf/carp.html) >> talk about "physical interface" >> in relation to the syncdev parameter. >> >> Does thi

Re: [OpenIKED] Network traffic over VPN site-to-site tunnel stalls few times a day

On 2019-11-13, radek wrote: > After upgrading my two endpoints to i386/6.6 it started to work flawlessly. > There wasn't even one IKED restart within first two days of running. > Thank you Patrick, Stuart and everyone involved in making IKED work as > expected. I really appreciate it. Thanks fo

Re: teco, and Re: vi in ramdisk?

On 2019-11-15, gwes wrote: > Still not huge. I don't know what the current upper limit for > programs in the install medium is. As this is a totally irrelevant > thread, I suspect that squashing teco into the single install > executable would only raise it 250K because it uses only very > vanilla

Re: heavy CPU consumption and laggy/stuttering video on thinkpad x230

On 2019-11-16, David Trudgian wrote: > I have also set the following systcl values: > > # shared memory limits (browsers, etc.) > # max shared memory pages (*4096=8GB) > kern.shminfo.shmall=20971552 > # max shared memory segment size (2GiB) > kern.shminfo.shmmax=2147483647 >

Re: 'machine/cdefs.h' file not found when installing nokogiri gem

On 2019-11-16, mabi wrote: > Hi, > > I am trying to install the nokogiri Ruby gem using "gem install nokogiri" and > have the ruby-2.5.5 package from ports for that purpose installed. > > Unfortunately it does not want to install complaining that the > 'machine/cdefs.h' header file can not be fo

Re: Best Practices for growing disk partitions on a server

On 2019-11-17, Lev Lazinskiy wrote: > Hi folks, > > I am new to openBSD, so forgive me if I am missing something obvious. > > I recently installed openBSD on a server using the auto-partition layout > during installation and am quickly starting to run out of disk space. > > I have read the sect

Re: 'machine/cdefs.h' file not found when installing nokogiri gem

On 2019-11-16, mabi wrote: > ‐‐‐ Original Message ‐‐‐ > On Saturday, November 16, 2019 2:38 PM, Stuart Henderson > wrote: > >> For native extensions, it's really best to install from packages. >> >> pkg_add ruby25-nokogiri > > Thanks for the t

Re: Iked/unbound ~ more info.

On 2019-11-18, Dale C. wrote: > "Since all traffic goes through the VPN, including traffic targeted at > localhost, it might be necessary to exclude this traffic from the > flows to ensure connections to services running locally (such as a > local resolver) reach the right target. This can be achi

Re: Iked/unbound ~ more info.

On 2019-11-19, Dale C. wrote: > I don't know how unbound will be aware of iked couple/decouple, so I > wonder how I'd specify "as appropriate" in this case short of a DNS > failover from the remote side using forward-zones in unbound. It won't be aware unless you tell it. But if you're scripting

Re: pkg_info -Q bug?

On 2019-11-19, Marc Espie wrote: > On Tue, Nov 19, 2019 at 12:13:37PM +0200, Dumitru Moldovan wrote: >> On Mon, Nov 18, 2019 at 11:15:05AM +0100, Antonio Bibiano wrote: >> > Hello, >> > I just wanted to add to this thread that I incurred in the same >> > issue on a fresh 6.6 installation. >> > I a

Re: Best Practices for growing disk partitions on a server

On 2019-11-19, Steve Litt wrote: > In OpenBSD is there such a thing as a bind mount like they have in > Linux? No. The closest is probably "mount from 127.0.0.1 over NFS".

Re: How to setup date on startup with ntpd on OpenBSD 6.6

On 2019-11-21, dmitry.sensei wrote: > Hi! > > Since "-s" key had been deleted how I can setup time on startup? > In both 6.6 and -current, the normal case is to use "constraints" which are queried over HTTPS with special logic to handle incorrect clocks (the TLS certificate date is checked based

Re: sysupgrade to 6.6 failed at comp66.tgz

On 2019-11-22, mabi wrote: > Hi, > > I just tried out sysupgrade on one of my OpenBSD 6.5 servers in order to > upgrade automatically to 6.6 but unfortunately it failed at the comp66.tgz > and rebooted (upgrade log below). > > It looks like I am now running a half-upgraded hybrid OpenBSD 6.5/6.6

Re: Sonos and OpenBSD PF - anyone on-list with experience ?

On 2019-11-22, Rachel Roch wrote: > Refuse to use Sonos myself, but am helping (or trying to) out a friend who > has a Sonos try to get things working wtih OpenBSD PF. > > I've simplified their PF rulese to a simple swiss cheese (i.e. stateful NAT'd > allow any out to any). What exactly are you

Re: Sonos and OpenBSD PF - anyone on-list with experience ?

On 2019-11-22, Peter N. M. Hansteen wrote: > On Fri, Nov 22, 2019 at 12:56:51PM +0100, Rachel Roch wrote: > >> They sent me the following long email, it does mention inbound access but >> seems like a bit of a generic answer if all those ports really need to be >> opened inbound via PAT ?  I'v

Re: No WAF detected

On 2019-11-22, Kihaguru Gathura wrote: > Hi, > > htbridge (https://www.immuniweb.com/websec/) no longer detects WAF on one of > my > web servers configured with OpenBSD-httpd and PF on same machine; > sample of pf.conf configuration as follows. PF isn't a web application firewall (WAF). > Which

Re: Turn off Swap on boot disk

On 2019-11-22, gwes wrote: > First, why is your workload causing swapping? That hasn't been > a good idea since the beginning of computing. Even if the main workload is OK, relinking the kernel (reorder_kernel) causes swapping on smaller-memory systems. > I've never seen an Alix so this may be i

Re: Router with WAN subnet - dedicated IP per Host

On 2019-11-25, Henry Jensen wrote: > Hi, > > my ISP provides me with a /29 subnet, including 5 usable public IPv4 > addresses. > > Until now my router uses only one of this public IPs (11.22.33.40), > with port forwarding of port 443 to an host in a DMZ(192.168.1.0/24) > like this: > > pass in on

Re: Router with WAN subnet - dedicated IP per Host

On 2019-11-26, Henry Jensen wrote: > On Tue, 26 Nov 2019 12:27:16 - (UTC) > Stuart Henderson wrote: > >> > 192.168.1.2 < rdr-to/nat-to > 11.22.33.40 >> > 192.168.1.3 < rdr-to/nat-to > 11.22.33.41 >> > >> > I plan to give the outgoin

Re: su: invalid user name (NULL) - during OpenBSD 6.6-current booting.

On 2019-12-03, dmitry.sensei wrote: > Hi! > > su: invalid user name (NULL) - during OpenBSD 6.6-current booting. Broken diff in snapshots. Rebuild libc from a source checkout, or copy an older libc from another machine if you have one, or wait for a new snap.

Re: Softdep and noatime

On 2019-12-02, Steve Litt wrote: > I mount everything noatime because I don't care at all about access > time, I care about modification time. Access time can be useful in forensics and debugging ("when was program X last used? when was this file last opened?") but often you won't know until afte

Re: Softdep and noatime

On 2019-11-30, Raymond, David wrote: > I am switching to OpenBSD from Linux and I have questions about the > use of softdep and noatime in mounting disks. I have a variety of > systems with a mix of SSDs and rotating disks. > > Softdep seems to have some advantages in speeding file access, but it

Re: No WAF detected

On 2019/12/05 00:17, Kihaguru Gathura wrote: > > > > On Wed, Dec 4, 2019 at 11:58 PM Kihaguru Gathura wrote: > > > > >> Which is a better way to implement a WAF on OpenBSD using the base > utilities? > > > > relayd configured in certain ways might be considered as a

Re: Can't select files to upload in a browsers

On 2019-12-06, dmitry.sensei wrote: > Firefox and Chromium browser, in the file selection window for upload, > does not show the contents of directories other than the Downloads > directory > > > OpenBSD 6.6-current > OpenBSD 6.6 GENERIC.MP#509 amd64 > > openbox-3.6.1p7 small, fast & usable wi

Re: i386 syspatch65-021_libcaut breaks bash and zsh

On 2019-12-06, Christian Gut wrote: > Hi List, > > after installing syspatch65-021_libcaut on a i386 machine, bash and zsh > installed from ports are broken: > > $ bash > bash:bash: undefined symbol '__divdi3' > ld.so: bash: lazy binding failed! > Killed > > is this a known issue or am I doing s

Re: Virtual machine and dhcp

On 2019-12-07, Atanas Vladimirov wrote: > Bridge0 is my primary lan network where the VMs are connected and the > only interface that is configured with dhclient is em0 which is not part > of any bridge. The dhclient caveat doesn't apply to you then. > And in /etc/pf.conf > > ``` > set skip

Re: Strong Host Model in OpenBSD network stack

On 2019-12-10, Bastian Kanbach wrote: > Good evening all, > > following up on the previous discussions, I noticed that the network > stack changed recently [1] (limited to cases when packet forwarding is > enabled). > > What's the idea behind it, as it seemed to be unlikely that this default > wou

Re: password-less user (without bothering security(8))?

On 2019-12-10, Adam Thompson wrote: > Is there a way to placate security(8) that I'm just not seeing? Or is > my goal fundamentally misguided for some reason I'm not seeing? The Philipp is right, * in master.passwd's crypted password field. > user in this case is semi-trusted (e.

Re: Can't select files to upload in a browsers

On 2019-12-10, dmitry.sensei wrote: > Can I setup unveil for browsers by usergroups or login classes? Due to the slightly unusual way Firefox deals with the config files (searches in /etc/firefox and then falls back to files in /usr/local/lib) you might be able to partially do what you want by ma

Re: dig(1) and nslookup(1) broken in -current

On 2019-12-18, Dieter Rauschenberger wrote: > Hi misc, > > $ dig openbsd.org > Abort trap (core dumped) > > $ tail -f /var/www/messages > Dec 18 17:57:07 ws /bsd: dig[96895]: pledge "dns", syscall 28 > > $ nslookup openbsd.org > Abort trap (core dumped) > > $ tail -f /var/www/messages > Dec 18 17

Re: OpenBSD pf - redirect all DNS queries to local DNS server

On 2019-12-19, Anthony O' Brien wrote: > Long time reader, first time writing in... > >> The big question: Is there any DOC for OpenBSD about this? What pf rules >> needed to redirect any DNS server (ex.: 8.8.8.8 or 1.1.1.1) requests to > the >> DNS server running on the ROUTER, coming from the CL

Re: Following patch or stable branch on Octeon

On 2019-12-21, Predrag Punosevac wrote: > I run bunch of EdgeRouter Lite in production and I just scored > EdgeRouter 4. I was wondering what people do to keep their ER machines > patched or even possibly following stable? Shamefully I have to admit > that up until now I just run release on ER Li

Re: Why isn't ChallengeResponseAuthentication NO in sshd_config?

On 2019-12-23, Jan Betlach wrote: > > Isn’t it commented out by default? # The strategy used for options in the default sshd_config shipped with # OpenSSH is to specify options with their default value where # possible, but leave them commented. >> nobody about the $subject? :) >> >> Why isn't C

Re: Raspberry Pi question

On 2019-12-22, Stuart Longland wrote: > On 23/12/19 4:03 am, Strahil Nikolov wrote: >> did anyone try to install openBSD on Raspberry Pi 4B ? >> I know it's not supported , but maybe it does work :) Some of the devices on rpi4 don't yet have driver support. Notably: - ethernet - PCIE (the USB c

Re: Raspberry Pi question

On 2019-12-24, Stuart Henderson wrote: > On 2019-12-22, Stuart Longland wrote: >> On 23/12/19 4:03 am, Strahil Nikolov wrote: >>> did anyone try to install openBSD on Raspberry Pi 4B ? >>> I know it's not supported , but maybe it does work :) > > Some of the

Re: Fun play with egrep, sed and awk

On 2019-12-26, goleo . wrote: > I was wondering how much space distfiles on "ftp" take, so because > I couldn't see that in my web browser clearly, I downloaded the page > https://ftp.openbsd.org/pub/OpenBSD/distfiles/ as distfiles.txt btw, there are files in subdirectories as well (another 35GB

Re: relayd(8) Tables and pfctl -T

On 2019-12-26, Thomas Huber wrote: > I just tried to get a little deeper into load-balancing and try > to use relayd(8) in a dynamic (translate to microservices) environment > where I´l like to add and remove hosts on the fly. > After some reading I thought I should use tables for this purpose. >

Re: sending mail from wordpress

On 2020-01-02, Edgar Pettijohn wrote: > I'm having trouble getting mail to go through wordpress. Confogure it to send by SMTP instead. (I don't use wordpress and can't help tell you exactly how, but it's definitely possible - search for e.g. "wordpress smtp authentication"). > The mail() functio

Re: Hardware for Access Point on OpenBSD

On 2020-01-01, List wrote: > Hi *, > I am currently building a home router based upon OpenBSD. > I therefore need some kind of WIFI Hardware. This piece of hardware > needs to be connected over usb. > Do you have any suggestions or recommendations ? As far as I can see > it's pretty hard to fi

Re: LCP keepalive timeout for PPPOE

On 2020-01-03, jrmu wrote: > Greetings, > > I am getting LCP keepalive timeout errors when setting up a PPPOE > connection to a fiber optic line. I am attempting this on > BeagleBone Black running OpenBSD 6.6 GENERIC armv7. > > I have two interfaces which I set up as follows: > > # cat /etc/host

Re: Riello IPG 800 USB Driver and NUT

On 2020-01-03, Marcos Madeira | Secure Networks wrote: > Hello misc, > > I am looking to use several Riello UPSs of model IPG 800 DE with OpenBSD > through the nut port. These UPSs also go by the name iPlug. This is a > compact UPS with only a single USB-B connector for connectivity as is > usual

Re: httpd with multiple php-fpm pools in separate chroots

On 2020-01-04, Nazar Zhuk wrote: > I get SCRIPT_FILENAME passed from httpd relative to httpd chroot > (/site1/htdocs/... ) and PHP being chrooted into /var/www/site1 needs > that to be relative to it's own chroot (/htdocs/...). httpd is a bit inflexible (intentionally, I think). Can you work ar

Re: But there is Fossil...

On 2020/01/05 00:33, go...@disroot.org wrote: > January 5, 2020 2:24 AM, "Roderick" wrote: > > > On Sun, 5 Jan 2020, go...@disroot.org wrote: > > > >> so I don't understand what's wrong with FreeBSD and OpenBSD. > > > > I do not see a problem in CVS. > > Sure, but I started this thread because

Re: httpd with multiple php-fpm pools in separate chroots

On 2020/01/05 07:43, Nazar Zhuk wrote: > On 2020-01-04 09:21, Stuart Henderson wrote: > > On 2020-01-04, Nazar Zhuk wrote: > > > I get SCRIPT_FILENAME passed from httpd relative to httpd chroot > > > (/site1/htdocs/... ) and PHP being chrooted into /var/www/site1 need

Re: Automated OS builds?

On 2020-01-05, Marc Espie wrote: > On Sun, Jan 05, 2020 at 06:08:55PM +, Paul Suh wrote: >> On Jan 5, 2020, at 12:43 PM, Morten Gade Liebach wrote: >> > >> > Read release(8), then write a script runs through the described process. >> >> I can do that, and will if I have to, but if someone h

Re: sysupgrade fails

On 2020-01-05, Christer Solskogen wrote: > Hi! > > On one(out of two!) of my APUs sysupgrade fails, and I'm having trouble > understanding why. > This is what happens: > > Available disks are: sd0. > Which disk is the root disk? ('?' for details) [sd0] sd0 > Checking root filesystem (fsck -fp /dev

Re: LCP keepalive timeout for PPPOE

On 2020-01-05, Tom Murphy wrote: > On 2020-01-03, jrmu wrote: >> inet 0.0.0.0 255.255.255.255 NONE \ >> pppoedev cpsw0 authproto pap \ >> authname '12345...@isp.net' authkey 'abcd1234' up >> dest 0.0.0.1 >> #inet6 eui64 >> !/sbin/route add default -ifp pppoe0 0.0.0.1 >> #!/sbin/route add -inet6 d

Re: OpenBSD VM on ESXi: uvn_flush: obj=0xfffffd813ee78298, offset=0x33f000. error during pageout.

On 2020-01-05, Jurjen Oskam wrote: > On Thu, Oct 31, 2019 at 08:01:25AM -0000, Stuart Henderson wrote: > >> On 2019-10-30, Jurjen Oskam wrote: >> > >> > All snapshots I tried up to and including this point did not show the >> > problem: >> > Open

Re: dhcpd and unbound on a small LAN

On 2020-01-06, Raymond, David wrote: > I found unbound hard to use so I went back to dnsmasq (a package on > OpenBSD), which I had used previously on linux. Trivial configuration > and it works like a charm in providing DNS service for local and > remote systems behind a NAT firewall. (It gets lo

Re: How to set up default permission and group

On 2020-01-18, Mik J wrote: > Hello, > I want one for one of my user this behavior.Each time he creates a file it > needs to have permission/owner of rw-rw myuser www > This user is executing a php script that creates a file and I want that file > to be read/write access by the user wwwI don

Re: dig -p 5353 foo.bar core dumped

On 2020-01-21, Dieter Rauschenberger wrote: > Hi misc, > > on my intranet i have unbound and nsd running, both on the same > machine. unbount is listening on port 53, nsd is listening on port > 5353 on 127.0.0.1. If i run > > dig @127.0.0.1 -p 53 foo.bar > > everything is fine. But if I want to qu

Re: less --no-init and multiline $PS1

On 2020-01-21, Bodie wrote: > > Here I am thinking what can be so useful to see after each command run > on multiple lines of PS1... Some people put the path on a separate line to avoid annoying shell behaviour when they're in a deep path..

Re: Suricata from packages

On 2020-01-18, Eric Zylstra wrote: > > >> On Jan 18, 2020, at 6:42 AM, Antoine Jacoutot wrote: >> >> On Fri, Jan 17, 2020 at 11:24:22PM -0600, Eric Zylstra wrote: >>> OpenBSD 6.6 Generic.MP amd64 >>> Stable. >>> >>> I installed suricata using pkg_add. Having trouble with starting it. pkg_add

Re: Suricata from packages

On 2020/01/21 15:40, Eric Zylstra wrote: > > > > On Jan 21, 2020, at 1:45 PM, Stuart Henderson wrote: > > > > On 2020-01-18, Eric Zylstra wrote: > >> > >> > >>> On Jan 18, 2020, at 6:42 AM, Antoine Jacoutot > >>> wrote: &

Re: Suricata from packages

On 2020-01-21, b2...@zonbie.net wrote: > To START suricata in live mode - > Do this (as root): > > #suricata -v -c /etc/suricata/suricata.yaml -i em0 & Well, that's one way. Or you can use the OS mechanisms. > To STOP suricata: pgrep suricata and kill -9 the pid returned. Why pgrep then kill wh

Re: DNS lookups on a different port for testing?

On 2020-01-22, Claus Assmann wrote: > The functional tests for sendmail use ldns-testns as DNS server > which provides specific test data and error behaviours. > It runs on a port > 1024 to avoid requiring root access. > There's code in sendmail to set the IP and port for a NS: > _res.nsadd

Re: rate limit echo request

On 2020-01-23, myml...@gmx.com wrote: > Hi, > > I'm just wondering if there is a way to rate limit icmp echo request. > i.e. pings. > > I tried the following rule but it errors out with "syntax error" > > pass in quick on em1 inet proto icmp from 192.168.0.23  to 192.168.1.2 > icmp-type  echoreq (

Re: pfctl -T expire

On 2020-01-24, myml...@gmx.com wrote: > Hi All, > > Thanks to Jesper and Stuart, i'm using max-pkt-rate not! > > I'm also using max-src-conn-rate and overload in conjunction with authpf > and I'm worried that potentially valid traffic may get blocked. > > I'm wondering if it's a condoned/accepted/

Re: OpenBSD 6.0: PPPOE with vlan configure problem

On 2020-01-25, Peter Wong wrote: > Dear All, > I'm trying to setup openbsd as router but could not get any internet > connection. > I need to set my external interface to vnetid 500. Below is my > configuration: > > /etc/hostname.vlan500 > -inet vnetid 500 parent fxp0 up > > /etc/hostname.pppoe0 >

Re: Error: Can't open display: ssvnc-viewer (vncviewer) local connection to QEMU host with -vnc option enabled

On 2020-01-24, Denis wrote: > Trying to connect to QEMU 4.1.0 with VNC server enabled by > $ doas vncviewer -rawlocal 127.0.0.1:0 For the love of cthulhu don't run that crap as root. > All the time receive 'Error: Can't open display' by vncviewer > (ssvnc-viewer package installed on OpenBSD 6.6)

Re: Question about marketability of OpenBSD Laptops

On 2020-01-26, Chris Bennett wrote: > As far as your seemingly brilliant idea, it won't work. > > Try this. Put OpenBSD on a USB stick. Then try to get ANYONE to boot it > on their laptop/desktop. I gave up after about 25 tries over the years. > > Next, try this. Give away a few laptops with OpenB

Re: pkg_add: how to specify both flavor and branch

On 2020-01-25, Thomas L. wrote: > Hello, > > `pkg_add gnupg` is ambiguous since there is both > gnupg-1.4.23p3-card-ldap, gnupg-1.4.23p3 and gnupg-2.2.12p0, but neither > `pkg_add gnupg%2.2`, `pkg_add gnupg--%2.2` nor `pkg_add gnupg%2.2--` > work. So how do i specify the exact package in this case

Re: certificate verification error

There's been a hackathon this past week, libressl has seen some major changes. If the problem persists on a fully up-to-date snapshot then write a mail to bugs@ with as much information about how to reproduce it as possible - sample config files etc would make it easier. (In the case of fetchmail,

Re: How did it happen?

On 2020-01-29, Oriol Demaria wrote: > I understand that root might be required to open privileged ports, but then > how commands are run as root when you exploit opensmtpd vulnerability? For a clue: ls -l /var/mail How are those messages delivered to those files with those permissions? > In c

Re: chrome with multiple profiles possible?

On 2020-01-29, Allan Streib wrote: > Per the man page I have tried to launch chrome with an alternate data > directory hoping to achieve separate profiles. > > $ chrome --user-data-dir=~/.config/chromium_a > > > [75336:1591778608:0129/114259.294272:ERROR:process_singleton_posix.cc(280)]

Re: bridge with unexpected ping forwarding

On 2020-01-31, PJ wrote: > I have a router-to-be with 4 NICs, on which ip-forwarding is not yet > enabled (and with OpenBSD 6.6). > > One IF has an IP on one network segment and the three other IFs are > bridged together, with one of the three having an IP on another network > segment. > > When I

Re: Support for ath10k QCA988x devices

-17 Thom Lauret wrote >> 802.11n is not yet supported in OpenBSD. This is outdated. > On 2015-09-23 Stuart Henderson wrote >> > http://www.pcengines.ch/wle600vx.htm >> >> This is a QCA9882 from the 802.11ac range, on Linux this uses the >> Ath10k driver. Not yet supp

Re: .forward MDA fails, "mail.local: may only be run by the superuser"

misc@ is really not the right place for bug reports. Use bugs@, or opensmtpd has its own lists: https://opensmtpd.org/list.html On 2020-02-01, Andreas Kusalananda Kähäri wrote: > Hi, > > With the latest snapshot on amd64 (6.6 GENERIC.MP#627), using a "|"-line > in one's ~/.forward makes delivery

Re: updating calibre port

On 2020-02-01, aisha wrote: > Hi all, > > I had a request for updating the calibre port to the newer versions as > I am running a small calibre library server. > > Thanks a lot! > It's not likely to happen anytime soon. Updating to new calibre, including all the required dependencies (which i

Re: Stuck on remote rsync with BackupPC and openrsync

On 2020-02-01, Fabian wrote: > Hi, > > I have been trying to get BackupPC 3.3.2 running on a Debian 10/Buster > server to back up my OpenBSD 6.6 router. It works fine with the GNU > rsync port on the OpenBSD box but when I try to use the native > openrsync instead, it just seems to not get started

Re: rspamd stop rc script doesn't work in OpenBSD 6.6

On 2020-02-09, aisha wrote: > You need to use pkill -9 to kill rspamd, which i think should be added > to the stop part of the rspamd daemon. > > At least this is what I have been using, any other methods would be nice > to know. Something wedges in rspamd in the version in 6.6 when you signal

Re: Missing files on mirror

On 2020-02-08, Mihai Popescu wrote: > Hello, > > I am using ftp2.eu.openbsd.org as a mirror for installing snapshots. Some > files are reported as not found, like nspr-2.4, but they are present on > ftp.openbsd.org. > What could be wrong, a file sync failure? > > Thank you. > ftp2.eu seems a bit

Re: strange dmesg

On 2020-02-10, Janne Johansson wrote: > Den lör 8 feb. 2020 kl 11:31 skrev : > >> Hi, >> I have some strange output from dmesg, what could be ? >> At the follwoing link I've posted some screenshots: >> https://postimg.cc/gallery/1o4wsaw74/ >> > > dmesg is contained in a memory buffer with (hopeful

Re: strange dmesg

On 2020/02/10 13:11, whistlez...@riseup.net wrote: > On Mon, Feb 10, 2020 at 09:45:06AM -0000, Stuart Henderson wrote: > > On 2020-02-10, Janne Johansson wrote: > > > Den lör 8 feb. 2020 kl 11:31 skrev : > > > > > >> Hi, > > >> I have some stran

Re: IPsec and MTU / fragmentation

On 2020-02-10, Paul de Weerd wrote: >and I've told > them to either stop filering ICMPv6 Packet Too Large errors or > restrict the MSS to a lower value on their end (as they said they were > doing) to fix this for all their users. AFAIK some

Re: IPsec and MTU / fragmentation

On 2020-02-11, Simen Stavdal wrote: > tunnel will be able to fragment all incoming ip before sending it into the > ipsec, which will not fragment for you. > The clients will not have to change, nor any other protocol that sends ip > via the double-tunnel.> > > If a client and a server set up a new

Re: using first alias as masquerading ip on pf.conf

On 2020-02-12, Sebastian Benoit wrote: > Paul de Weerd(we...@weirdnet.nl) on 2020.02.12 12:46:02 +0100: >> On Wed, Feb 12, 2020 at 12:09:12PM +0100, Federico Donati wrote: >> | Hi all, >> | >> | I have a couple of firewalls with carp configured and I need them to >> | reach the Internet even when

Re: Packages for 6.6 mips64el missing from cdn.openbsd.org

On 2020-02-12, Xiyue Deng wrote: > --=-=-= > Content-Type: text/plain > > Xiyue Deng writes: > >> Hi, >> >> It looks like cdn.openbsd.org[1] doesn't sync the 6.6 packages for mips64el >> from ftp.openbsd.org[2]. >> >> [1] http://cdn.openbsd.org/pub/OpenBSD/6.6/packages/ >> [2] http://ftp.openbsd.

Re: strongSwan cannot install IPsec policies on OpenBSD

On 2020-02-14, Peter Müller wrote: > Hello openbsd-misc, > > during some flaws in OpenIKED, I am forced to use strongSwan as an IPsec > client on an > OpenBSD 6.6 machine. While establishing an IKE_SA works fine, installing > policies for CHILD_SA > fails (as expected): > >> unable to install IP

Re: strongSwan cannot install IPsec policies on OpenBSD

On 2020/02/16 18:25, Peter Müller wrote: > Hello Stuart, > > thanks for your quick reply. > > > > On 2020-02-14, Peter Müller wrote: > >> Hello openbsd-misc, > >> > >> during some flaws in OpenIKED, I am forced to use strongSwan as an IPsec > >> client on an > >> OpenBSD 6.6 machine. While est

Re: Old thread, but wondering if any updates?

On 2020-02-19, myml...@gmx.com wrote: > I posted this way back in 2017 but i'm wondering if anything has changed... > > https://marc.info/?l=openbsd-misc&m=149613307021262&w=2 > > Is the 16Tb restriction been removed for full disk encryption? The only thing that changed is that the failure is now

Re: strongSwan cannot install IPsec policies on OpenBSD

On 2020-02-20, Peter Müller wrote: > Hello openbsd-misc, > > is anybody out there running strongSwan as an IPsec client for a net-to-net > connection > on an OpenBSD machine? > > If so, I would be very grateful to know which steps are necessary in order to > successfully > route traffic through

Re: Server 5 SSD/best practice

On 2020-02-21, Nick Holland wrote: > On 2020-02-20 11:22, Oliver Marugg wrote: >> Hi >> >> I’ve got a Supermicro 5028D desktop server with 5 identical SATA SSDs, >> there is no HBA no RAID card in. The purpose of the server is intended >> as web/smtp and some vmm vms (os plus /home & /var sto

Re: Openiked site

On 2020-02-21, 赵斌 wrote: > Hello misc list > openiked site:https://www.openiked.org/ can not access for long time.Will > be fix it or not?Thank you > No idea, but it is still available at https://www.openbsd.org/openiked/

Re: Purging a wifi connection

On 2020-02-21, Raymond, David wrote: > I have a problem when I have two wifi services available, say, a hotel > wifi and my cellphone hotspot. Suppose I put the hotel wifi in my > hostname.xxx file and run sh /etc/netstart and I don't like the > results. Removing the hotel wifi from the hostname

Re: What TERM fixes Emacs?

On 2020-02-25, Emilia wrote: > It is impossible to use Emacs on OpenBSD Terminal (no X). > > Look at this screenshots: > > On Linux / macOs -- this same version of Emacs and org-mode would > display this file with colors etc. > > OpenBSD can't even show the mode line. > > How do I fix this?

Re: openbsd.org - certain https URLs downgraded to http in redirection

On 2020-02-25, Nick Holland wrote: > Sorry, took a look at this a while back when I didn't have time to > fully work through it...and then forgot about it. ;-/ > > On 2020-02-12 04:34, Aham Brahmasmi wrote: >> Namaste misc, >> >> Overview: >> Certain https URLs on openbsd.org get downgraded to ht

Re: What TERM fixes Emacs?

On 2020/02/25 07:19, Emilia wrote: > Stuart, > > Apologies for breaking netiquette w/ sending images. > > > > Could you please point me to what "pccon" is? I found references to pccon in > pcvt - but it is > unclear to me how I can use pcvt either. > > > Thank you! pccon is the termcap(5)

Re: Determining which patches a snapshot contains

On 2020-02-25, Jonathan Schleifer wrote: > Fair enough - I can understand you don't want to give any guarantees for > snapshots. > > I guess it's fair to assume that snapshots are only built from full commits > and not partial commits? In this case then, I guess I should be fine. Snapshots can

Re: How to make unveiled-Firefox as default browser ?

On 2020-02-27, dmitry.sensei wrote: > Hi! > > How to make unveiled-Firefox as default browser ? > xterm > $firefox > > xterm output Guessing but something along these lines: - see the pkg-readme about copying files to override pledge defaults - edit at least unveil.main, maybe unveil.content:

Re: PPTP NAT passthrough

On 2020-02-26, Edgar Pettijohn wrote: > This appears to be actively maintained. > > https://sourceforge.net/projects/pptpclient/ Gábor is looking a proxy / "nat helper" not a client. > On 02/25/20 12:15, Szél Gábor wrote: >> Dear @misc >> >> Our customer need more parallel outgoing PPTP session.

Re: What TERM fixes Emacs?

On 2020-02-27, Stuart Longland wrote: > On 26/2/20 9:46 pm, Marc Espie wrote: >> (these days, new OS versions will all use the same termcap source, so you're >> probably safe on anything released over the past 5 years) People with a need to connect to older OS (from the text console rather than X

Re: upgrade i386 kernel to amd64

On 2020-03-02, Justin Muir wrote: > Hello all, > > Running GENERIC i386 kernel on on a 64-bit amd machine. Just wondering > whether an upgrade amd64 is warranted. Any opinions? Generally yes, unless you are low on memory. > If so, just upgrade system? Re-compile kernel? Other options? Do NOT tr

Re: Web documentation available offline by default?

On 2020-03-02, Peter N. M. Hansteen wrote: > I was thinking of the probably quite unlikely event that somebody who wants > this > comes up with an actually reproducible way that could be turned into an > otherwise > unremarkable make target. >From experience with other generated files: it wo

Re: Having PF enabled breaks up rsync (and scp) over ssh connections

On 2020-03-03, Chris Cappuccio wrote: > Jyri Hovila [Turvamies.fi] [jyri.hov...@turvamies.fi] wrote: >> Hello everyone! >> >> Now here's a mysterious one -- I've been working on this for weeks and still >> have no clue what's causing it. >> >> "client_loop: send disconnect: Broken pipe >> >> A

Re: Having PF enabled breaks up rsync (and scp) over ssh connections

On 2020/03/06 18:53, Jyri Hovila [Turvamies.fi] wrote: > Hi! > > > Look at pfctl -ss -v. Do you have "wscale" values printed for most > > TCP connections? > > There's wscale for all the active connections, at least at the moment. > > > If not then you are likely creating state on intermediate >

Re: Compiling Zeek 3.0.2 returns an error at final stage

On 2020-03-07, Carlos Lopez wrote: > Hi all, > > I am trying to install Zeek 3.0.2 under OpenBSD 6.6 amd64 fully patched but > compilation returns me the following error: > > [ 97%] Building C object src/CMakeFiles/zeek.dir/nb_dns.c.o > [ 97%] Linking CXX executable zeek > ld: error: unable to f

Re: FreeBSD or OpenBSD for my (server/router) purposes? (Total n00b)

On 2015-09-27, Quernus wrote: > > I actually run OpenBSD in a VM on FreeBSD using bhyve which gives me the best > of both worlds. This has an impact on security, of course.

Re: OpenBSD official reference book ( like FreeBSD handbook / NetBSD Guide )

On 2015-09-27, Adam wrote: > What I like about the https://www.freebsd.org/doc/handbook/ is that > you can toggle between [ Split HTML / Single HTML ]. The Single HTML you > can download and read on your Kindle or other e-reader device, offline, > as compared to having to buy a separate computer f

<    3   4   5   6   7   8   9   10   11   12   >