Re: Intl I350 Network Card Not Found

2020-09-17 Thread Daniel Ouellet
Hi Brandon, The key point here for the answer provided to iyou was "Firmware" not "driver" Two different things. Driver for Linux for example is use to allow the network stack of Linux to use the card based on what the actual card support. Firmware is what actually run on the flash of the card

Re: pf.conf parser/lint

2020-09-04 Thread Daniel Ouellet
> We provide over FIVE ways to identify ports without using the hardware > driver names, but hey... this discussion is about the theory you can > check overall behaviour of a system by ignoring the important parts. I always put a description and group field in my hostname config so that it allow

Re: Microsoft's war on plain text email in open source

2020-08-26 Thread Daniel Ouellet
On 8/26/20 3:08 PM, Chris Bennett wrote: > On Wed, Aug 26, 2020 at 12:28:00PM -0500, Mike Hammett wrote: >> Text-only was great in 1985. >> >> > > And it's still pretty badass in 2020. > I really love the way company networks are brought down by a little > helpful Javascript in an HTML email. I

Adding more syspatch platform.

2020-08-11 Thread Daniel Ouellet
Just a general question as I got to really love syspatch and sysupgrade to the point that oppose to before, now my platforms are pretty much always up to date and patch in just a few days after patches are release or even in some cases the same day. To add more platform, I guess that mean man

Re: Any idea/suggestion for old Cisco router to be use running OpenBSD current for WG?

2020-06-23 Thread Daniel Ouellet
gt; > Regards, > > Kaya > > On Tue, Jun 23, 2020 at 5:03 PM Daniel Ouellet wrote: >> >> Hi, >> >> This might be a bit weird question, but I saw the wireguard being put in >> the kernel in the last few days and I am very existed abut it oppose to >>

Re: Any idea/suggestion for old Cisco router to be use running OpenBSD current for WG?

2020-06-23 Thread Daniel Ouellet
out issue, and have dozens of ER4 and > ER-Lite devices out in the wild. > > If you're looking for non-x86 routing solutions, then the Edgerouter is > one of the best bets. > > Regards, > > Jordan > > On 2020-06-23 09:01, Daniel Ouellet wrote: >> Hi, >&g

Any idea/suggestion for old Cisco router to be use running OpenBSD current for WG?

2020-06-23 Thread Daniel Ouellet
Hi, This might be a bit weird question, but I saw the wireguard being put in the kernel in the last few days and I am very existed abut it oppose to use the package on it and even today there was more on it. Many thanks for this!!! I also know there was effort and some Cisco router can run

Re: Correct subnet mask for alias IPs?

2020-06-19 Thread Daniel Ouellet
On 6/19/20 7:15 AM, Robert wrote: > Hi, > > I want to configure multiple alias IPs on the same interface and in the same > subnet. > (reason: hosting services with dedicated DNS names and IPs) > > inet 10.0.0.1 255.255.255.0 > inet alias 10.0.0.2 255.255.255.0 > inet alias 10.0.0.3

Re: IKEv2 difference with 6.7

2020-06-17 Thread Daniel Ouellet
Hi Tobias, > So the error message is probably in the other side's logs but here is > a guess: 5.6 doesn't know curve25519. > > Try adding the following to your iked.conf: > > ikesa group modp2048 Many thanks!!! That was the issue and you saved me from pulling what I have left of hairs.

Re: IKEv2 difference with 6.7

2020-06-16 Thread Daniel Ouellet
Hi, > What I see is that the initial message is received but ignored, so this > side here probably runs into some kind of error. > To find out what exactly causes this, a more verbose log would help. > You could manually start iked with -dvv and share the log for an > incoming IKE_SA_INIT request

Re: IKEv2 difference with 6.7

2020-06-16 Thread Daniel Ouellet
> The retransmits tell us that the peer doesn't answer. Or, to be more > precise, it doesn't receive *any* message from the peer. Can you have > a look at the peer's logs? Does the peer see these packets but chooses > not to reply? Is the peer also an OpenBSD? 6.6? 6.7? Not a big deal, but

Re: IKEv2 difference with 6.7

2020-06-16 Thread Daniel Ouellet
On 6/16/20 1:35 PM, Patrick Wildt wrote: > On Tue, Jun 16, 2020 at 01:09:32PM -0400, Daniel Ouellet wrote: >> Hi Tobias, >> >> I put below the full configuration and the flows as well with the 6.6 >> binary and switch to the 6.7 binary without any other changes as

Re: IKEv2 difference with 6.7

2020-06-16 Thread Daniel Ouellet
I do a lots of work from home and I need to keep the family happy too. (;) On 6/16/20 6:09 AM, Tobias Heider wrote: > Hi Daniel, > > On Mon, Jun 15, 2020 at 08:04:43PM -0400, Daniel Ouellet wrote: >>> Probably related to the following change documented in >>> https://www

Re: IKEv2 difference with 6.7

2020-06-15 Thread Daniel Ouellet
> Probably related to the following change documented in > https://www.openbsd.org/faq/upgrade67.html: > > iked(8)/isakmpd(8). The type of incoming ipsec(4) flows installed by iked(8) > or > isakmpd(8) was changed from "use" to "require". This means unencrypted traffic > matching the flows will

Re: IKEv2 difference with 6.7

2020-06-15 Thread Daniel Ouellet
On 6/15/20 8:04 PM, Daniel Ouellet wrote: >> Probably related to the following change documented in >> https://www.openbsd.org/faq/upgrade67.html: >> >> iked(8)/isakmpd(8). The type of incoming ipsec(4) flows installed by iked(8) >> or >> isakmpd(8) was changed

Re: pf table for all publicly routable ipv4 addresses

2020-05-04 Thread Daniel Ouellet
Just a question and a thought may be. I am not sure why having this pass valid table oppose to block. The reason is that if you pass all valid IP's then some service you want to block, don't you have to add more rules to do that oppose to only allow incoming from service you want? Look to me

Re: Certain size packets not passing through a L2 over L3 IPsec tunnel

2019-10-10 Thread Daniel Ouellet
On 10/10/19 4:25 PM, Russell Sutherland wrote: > I've set up a L2overL3 tunnel using the template as found in "man etherip". I > am running OpenBSD 5.9, which I believe is the first version to support the > etherip interface. > > I find the bridge/tunnel does not pass a small range of specific

Re: Incoming connection via VLAN

2019-09-02 Thread Daniel Ouellet
It's hard trying to help you as. Vlan syntax changed from the upgrade or 6.1 to 6.2 and the pf queuing changed from 6.3 to 6.4. So looks like you skip a few version and no where did you provide any details on your configuration. So I would suggest to go and read either the man page or look at

Re: What is you motivational to use OpenBSD

2019-08-28 Thread Daniel Ouellet
On 8/28/19 10:32 AM, Mohamed salah wrote: > I wanna put something in discussion, what's your motivational to use > OPENBSD what not other bsd's what not gnu/Linux, if something doesn't work > fine on openbsd and you love this os so much what will do? - Simplicity. - Clean - Lean and Slim - Work

Re: Max Speed: configuration in smnpd.conf for display in mrtg

2019-08-28 Thread Daniel Ouellet
On 8/28/19 5:44 AM, Stuart Henderson wrote: > On 2019-08-26, Daniel Ouellet wrote: >> Thanks Stuart, >> >> I guess I had the right oid before, but the fact that is doesn't allow >> the replacement always give me a fail at restart, I assume I wasn't >> u

Re: Max Speed: configuration in smnpd.conf for display in mrtg

2019-08-25 Thread Daniel Ouellet
customers are added or removed, it was a lot simpler to do it in the actual router then trying to always go back and over write the final configuration or mrtg each time. Daniel On 8/23/19 12:12 PM, Stuart Henderson wrote: > On 2019-08-22, Daniel Ouellet wrote: >> Hi, >> >> Wonder

Max Speed: configuration in smnpd.conf for display in mrtg

2019-08-22 Thread Daniel Ouellet
Hi, Wonder if anyone would know the answer for this. I try to figure out what is the entry needed in the snmpd.conf for the specific display that would show in mrtg when the scan is done. In short the display as Max Speed: 1000.0 Mbits/s to be display as for example Max Speed:

Re: Code of Conduct location

2019-04-28 Thread Daniel Ouellet
On 4/28/19 9:33 AM, Rachel Roch wrote: > Apr 28, 2019, 9:16 AM by cho...@jtan.com : > >> Strahil Nikolov writes: >> >>> Hello All, >>> >>> can someone point me to the link of the OpenBSD code of Conduct ? >>> >> >> I believe OpenBSD's code of conduct can be summed up as

Re: iked.conf insanity (passing traffic locally between two tunneled subnets)

2019-01-16 Thread Daniel Ouellet
/tunnel.realconnect.com type require flow esp out from ::/0 to ::/0 type deny On 1/16/19 5:36 PM, Daniel Ouellet wrote: >> You don't actually even need an ipsec.conf file, you could just do >> >> $ echo 'flow from 192.0.2.1/32 to 192.0.2.2/32 type bypass' | doas ipsecctl >&g

Re: iked.conf insanity (passing traffic locally between two tunneled subnets)

2019-01-16 Thread Daniel Ouellet
> You don't actually even need an ipsec.conf file, you could just do > > $ echo 'flow from 192.0.2.1/32 to 192.0.2.2/32 type bypass' | doas ipsecctl > -vf - That would actually be a very simple solution and I would sure love it! But testing doesn't show that as being the case. packets are

Re: iked.conf insanity (passing traffic locally between two tunneled subnets)

2019-01-16 Thread Daniel Ouellet
> Can someone point out an example of this gif+ipsec setup somewhere ? > > I failed at finding any GIF ref when looking IPSEC+OPENBSD, also man > ipsec does not list gif, only enc. This is dated obviously and for full disclosure I didn't try it, so look at it as such.

Re: iked.conf insanity (passing traffic locally between two tunneled subnets)

2019-01-16 Thread Daniel Ouellet
> Maybe you misunderstood - I am just talking about a couple of lines in > ipsec.conf to setup the bypass flow, but still use iked for the > actual vpn connection. I should have added that may not be the best idea but I was/am trying rdomain for this, (having the bypass in rdomain 1 as an idea)

Re: iked.conf insanity (passing traffic locally between two tunneled subnets)

2019-01-16 Thread Daniel Ouellet
> Maybe you misunderstood - I am just talking about a couple of lines in > ipsec.conf to setup the bypass flow, but still use iked for the > actual vpn connection. That's fair. May be I miss understood you, I thought that you recommended to actually switch to use the ipsec one instead. The setup

Re: iked.conf insanity (passing traffic locally between two tunneled subnets)

2019-01-10 Thread Daniel Ouellet
> OpenBSD's implementation of ipsec doesn't use the routing table, if you > want that (unless you make code changes) you will need to use a > different tunnel interface (gif or others) and just use ipsec to protect > the gif traffic. The point is to keep the configuration simple and gif doesn't

iked.conf insanity (passing traffic locally between two tunneled subnets)

2019-01-09 Thread Daniel Ouellet
Hi, I have two separate subnets (on different interfaces) on a router. I am trying to tunnel both subnets over the internet to another router on my network. I can tunnel one subnet easily and everything works as expected, but when I tunnel the 2nd subnet, then traffic from one local subnet is no

Re: [OpenIKED] Is it impossible to differentiate the policies by dstid?

2018-11-06 Thread Daniel Ouellet
The source ID does default yes, but I have a tunnel gateway for multiple VPN and I HAD to specify the dstid on the passive side as well or ONLY the last rule was picked up for the 0.0.0.0/0 of some of them as an example for all the traffic flowing via the VPN. Any overlapping routes where not

Re: want.html: Unifi wifi gear for interop debugging

2018-10-06 Thread Daniel Ouellet
On 10/6/18 11:48 AM, Tim Jones wrote: >> Thank you for handling the logistics so I don't have to do that >> on top of everything else I'm doing. >> I am looking forward to receiving your shipment. > > > Oh right, and the rest of us don't have day-jobs, plus other commitments > outside of

Re: "no route to host" from pkg_add

2018-08-10 Thread Daniel Ouellet
. https://tools.ietf.org/html/rfc6177 But that is still even crazy specially when you see users using NAT64 on IPv6... Anyway, back to my rock and I hope it help you address your assignment anyway. Daniel On 8/10/18 10:38 PM, Daniel Ouellet wrote: > Hi, > > I am not sure you got t

Re: "no route to host" from pkg_add

2018-08-10 Thread Daniel Ouellet
Hi, I am not sure you got that right. If you are an ISP the minimum assignment is /32 and you assigned /48 to end company and /56 to users. If you asked me that's a wasted, but that's what they suggest. For end users, a /64 would be plenty if you asked me and /56 for company would be plenty as

Re: "no route to host" from pkg_add

2018-08-10 Thread Daniel Ouellet
On 8/10/18 10:38 PM, Daniel Ouellet wrote: > Hi, > > I am not sure you got that right. > > If you are an ISP the minimum assignment is /32 and you assigned /48 to > end company and /56 to users. > > If you asked me that's a wasted, but that's what they suggest. &

Re: Daily insecurity output on valid users using key with valid shell and without password.

2018-07-01 Thread Daniel Ouellet
Hi Stuart, The counting to 13 was actually a sarcastic joke. (: But thanks never the less. Daniel On 7/1/18 5:54 PM, Stuart Henderson wrote: > On 2018-07-01, Daniel Ouellet wrote: >> Ha the old man page. >> >> Not good to read to quickly. (: >> >> Sorry for

Re: Daily insecurity output on valid users using key with valid shell and without password.

2018-07-01 Thread Daniel Ouellet
, conventionally have 13 asterisks in the password field. On 7/1/18 2:44 PM, Remco wrote: > Op 07/01/18 om 19:22 schreef Daniel Ouellet: >> I find this annoying and sometime I over look this because I always get >> the example: >> >> == >> Running sec

Daily insecurity output on valid users using key with valid shell and without password.

2018-07-01 Thread Daniel Ouellet
I find this annoying and sometime I over look this because I always get the example: == Running security(8): Checking the /etc/master.passwd file: Login share is off but still has a valid shell and alternate access files in home directory are still readable. Login xxx is off

Re: OT: Temperature sensors suggestions?

2018-05-18 Thread Daniel Ouellet
Pr1me wrote: > I roll SHT31-Ds through ESP8266s via I2C. Of course, there is programming > involved. > Good hardware though, if that's what you're looking for. > > On Fri, May 18, 2018 at 2:42 PM, Daniel Ouellet <dan...@presscom.net> wrote: > >> Does anyone have a decen

OT: Temperature sensors suggestions?

2018-05-18 Thread Daniel Ouellet
Does anyone have a decent temperature sensors that can connect to an OpenBSD server and be reliable and give any decent reading via either USB or Serial port or even stand alone via Ethernet? I asked because yes I can use the sensors on some servers, but I got a pretty expensive router blowing up

Re: Date of yesterday

2018-04-09 Thread Daniel Ouellet
On 4/9/18 4:36 PM, Stephane HUC "PengouinBSD" wrote: > what? > > please, explain-me! EDT EST for example. Some days are even 82800 long. Some time zone even have 1/2 hour if these still exists, so the would be 84600 or 88200.

Re: Date of yesterday

2018-04-09 Thread Daniel Ouellet
Here to confuse you even more, there is time zone that have 30 minutes and even 45 minutes differences. https://www.timeanddate.com/time/time-zones-interesting.html Have fun. On 4/9/18 4:44 PM, Daniel Ouellet wrote: > On 4/9/18 4:36 PM, Stephane HUC "PengouinBSD" wrote: >>

Re: OpenBSD Foundation on HTTPS

2018-02-06 Thread Daniel Ouellet
Come on guys. If you actually donate and click on any links there you would see it bring you to a secure page. No need to have this one https type really there isn't any information you enter on it... I guess the sand is way more think some places then others Must be nice beaches there and

Re: Community-driven OpenBSD tutorials wiki?

2018-01-04 Thread Daniel Ouellet
On 1/4/18 11:46 AM, Marcus MERIGHI wrote: > andreasthu...@gmail.com (Andreas Thulin), 2018.01.04 (Thu) 15:17 (CET): >> Thought I'd create an OpenBSD wiki somewhere, where anyone (especially > >> existing tutorials become outdated, and was thinking that a wiki would >> make updates easier. > >

Re: NTP issue on Lanner FW-7526B

2017-12-08 Thread Daniel Ouellet
It is adjusting the time, but your clock is way off, so it try to do it slowly as to not mess any logs, but if you want to adjust it al at once and don't care about that for now rdate -n4 pool.ntp.org Simple. On 12/8/17 9:58 AM, mabi wrote: > Hi, > > I have a new Lanner FW-7526B firewall

Re: EdgeRouter Lite VS Alix2D3

2017-12-04 Thread Daniel Ouellet
On 12/4/17 12:12 PM, Daniel Ouellet wrote: > On 12/4/17 8:49 AM, Ivo Chutkin wrote: >> Hello list, >> >> When I read OpenBSD could run on EdgeRouter Lite, I give it a try (now >> with 6.2 current as of 28.11.2017). >> I expected closer performance to Alix, but ERL

Re: EdgeRouter Lite VS Alix2D3

2017-12-04 Thread Daniel Ouellet
On 12/4/17 8:49 AM, Ivo Chutkin wrote: > Hello list, > > When I read OpenBSD could run on EdgeRouter Lite, I give it a try (now > with 6.2 current as of 28.11.2017). > I expected closer performance to Alix, but ERL even do not respond on > console in reasonable times, for example, it takes 10-15

Re: Lanner NCA-4010D

2017-11-30 Thread Daniel Ouellet
s/network-appliances/x86-desktop-network-appliances/nca-1510 > > Besides, how did you buy them? > > Sent from ProtonMail Mobile > > On Fri, Dec 1, 2017 at 05:24, Daniel Ouellet <dan...@presscom.net> wrote: > >> Just for the records as I know I was lo

Lanner FW-8759A

2017-11-30 Thread Daniel Ouellet
OpenBSD 6.2 (GENERIC.MP) #0: Thu Oct 12 19:53:18 CEST 2017 r...@syspatch-62-amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 17104031744 (16311MB) avail mem = 16578637824 (15810MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS

Lanner FW-7573B

2017-11-30 Thread Daniel Ouellet
OpenBSD 6.2 (GENERIC.MP) #0: Thu Oct 12 19:53:18 CEST 2017 r...@syspatch-62-amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 17149325312 (16354MB) avail mem = 16622563328 (15852MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS

Lanner NCA-5510A

2017-11-30 Thread Daniel Ouellet
OpenBSD 6.2 (GENERIC.MP) #0: Thu Oct 12 19:53:18 CEST 2017 r...@syspatch-62-amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 68589015040 (65411MB) avail mem = 66503278592 (63422MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS

Lanner NCA-5210B

2017-11-30 Thread Daniel Ouellet
OpenBSD 6.2 (GENERIC.MP) #0: Thu Oct 12 19:53:18 CEST 2017 r...@syspatch-62-amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 3428722 (32698MB) avail mem = 33241083904 (31701MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS

Lanner NCA-4010D

2017-11-30 Thread Daniel Ouellet
Just for the records as I know I was looking to find a dmesg for them and see if that would run OpenBSD before taking the chance to get them and it might be of interest to others as well. Here it goes with 4 more to come all run well so far. More update later after I test them as routers and

Re: CoDel Flows

2017-10-12 Thread Daniel Ouellet
> Also, the pf.conf man page says the default qlimit is 1024, but, if I > don't specify a qlimit, pfctl –vsq shows a qlength of 50 when I was > expecting it to be 1024. What am I missing? Why would you want to have a pool of 1024 oppose to the default of 50 slots for your queue? You will

SoC Intel Xeon D-1518 & D-1548

2017-09-09 Thread Daniel Ouellet
Hi, Is there anyone that know of have one of the Intel Xeon D-1548 SoC that works on OpenBSD? I know the D-1518 does, I find the DMESG in the archive, but I can't find anything at all on the D-1548. Any clue. Here is the D-1518 https://marc.info/?l=openbsd-misc=146236157518744=2 I am asking

Re: Qubes-OS is "fake" security

2017-05-12 Thread Daniel Ouellet
May I suggest you go read the FAQ before you spread misinformation. Qubes doesn't use KVM, it's built on Xen, and calling it just a GUI is like calling OpenBSD just a bunch of masturbating monkeys. > On May 12, 2017, at 2:37 PM, flipchan wrote: > > Qubes os is just linux

Disable memory bank via sysctl, LOM or other on Sun V100?

2016-12-02 Thread Daniel Ouellet
Hi, Is there a way to make the kernel think a full bank of memory is in use by any chance on a Sun V100? I have what appear to be a bad memory in it and the server crash however it is on a remote server that I will not be able to get physically to for a week if lucky. I wonder if there is a way

Re: Looking for a way to deal with unwanted HTTP requests using mod_perl

2016-09-29 Thread Daniel Ouellet
On 9/29/16 7:20 PM, Murk Fletcher wrote: > There's Kickstarter's Rack::Attack if you're willing to "upgrade" to ie. > Ruby on Rails: > > https://github.com/kickstarter/rack-attack > > I find this quite nice along with those pf bruteforce tables mentioned > earlier. Sure I guess you can, but

Re: Looking for a way to deal with unwanted HTTP requests using mod_perl

2016-09-29 Thread Daniel Ouellet
> I don't think bruteforce will be helpful in my case. I do occasionally > get bruteforce attacks, but not very often. > What I usually get are identical attacks of a certain set of variations > of URLs from one IP address. A little later the same thing from another > IP, then another, etc. > >

Re: New FAQ14 on Installing to a mirror

2016-09-21 Thread Daniel Ouellet
> fixed these two things and hope i got all your questions. You did many thanks! I thought I had it right, but as age advance, verifying facts is a good things! (: Daniel

New FAQ14 on Installing to a mirror

2016-09-21 Thread Daniel Ouellet
Hi, No problem all works, but I would love to clarify below to be sure I don;t do something wrong as the old and new FAQ14 changed in that aspect and I don't see a reason for the changes. In the new FaQ14 revised version here: http://www.openbsd.org/faq/faq14.html#softraid I wonder if there is

Just a quick thank you for all and every devs of OpenBSD!

2016-09-16 Thread Daniel Ouellet
This may be obvious to some, but I just wanted to take some time to say thanks for the 6.0 release and all previous one. So many improvements in the last few releases, it is really more fun to use at each new one! Some features as simple as the auto partitioning configurable, makes maintenance

Re: Sun V100 with >127Gb drives on 6.0 supported and working now?

2016-09-09 Thread Daniel Ouellet
On 9/7/16 12:31 PM, Daniel Ouellet wrote: > I always used to re-install, but only rename my partition, not redoing > them. However I changed my auto-install as well and in the proceed > forgot to NOT partition above 127Gb or to be exact 268,435,440 block of > 512 bytes as in the pas

Re: Sun V100 with >127Gb drives on 6.0 supported and working now?

2016-09-08 Thread Daniel Ouellet
On 9/7/16 4:55 PM, Michael Plura wrote: > On Wed, 7 Sep 2016 12:31:58 -0400 > Daniel Ouellet <dan...@presscom.net> wrote: > >> A quick question on this as I only notice this in the last few days by >> accident actually, and I want to know if that's real or not. &g

Sun V100 with >127Gb drives on 6.0 supported and working now?

2016-09-07 Thread Daniel Ouellet
A quick question on this as I only notice this in the last few days by accident actually, and I want to know if that's real or not. I always used to re-install, but only rename my partition, not redoing them. However I changed my auto-install as well and in the proceed forgot to NOT partition

Re: OpenBSD 6.0 release and errata60.html

2016-09-01 Thread Daniel Ouellet
On 9/1/16 2:59 PM, R0me0 *** wrote: > Hello misc, > > I have a little doubt > > Today was a Official Release of 6.0 > > This release already include errata60.html patches or I need to apply ? Yes you need to apply the patch. The release was done long ago already it was release to the public

Re: DMARC and misc@ (and likely other OpenBSD lists)

2016-08-26 Thread Daniel Ouellet
On 8/26/16 8:11 PM, li...@wrant.com wrote: >> But my question for sure that I am not sure of the answer is if you have >> emails that happened to have multiple DKIM signature added to the header >> along the way. > > Why would you have these, if email is not getting changed after sending? >

Re: DMARC and misc@ (and likely other OpenBSD lists)

2016-08-26 Thread Daniel Ouellet
On 8/26/16 5:37 PM, li...@wrant.com wrote: > Fri, 26 Aug 2016 15:36:16 -0400 Daniel Ouellet <dan...@presscom.net> >> On 2016-08-26, Peter N. M. Hansteen <pe...@bsdly.net> wrote: >> >>> The only downside is, the traditional forwarding that mailing lists do >

Re: DMARC and misc@ (and likely other OpenBSD lists)

2016-08-26 Thread Daniel Ouellet
On 2016-08-26, Peter N. M. Hansteen wrote: > The only downside is, the traditional forwarding that mailing lists do > *also* triggers the DMARC dark magic, and there is a significant risk > that messages sent with senders in DMARC domains via the mailing list > to recipients

Re: Fwd: DigitalOcean and OpenBSD

2016-08-24 Thread Daniel Ouellet
On 8/24/16 2:18 PM, Troy Frericks wrote: > -- Forwarded message -- > From: Troy Frericks <troy.freri...@gmail.com> > Date: Wed, Aug 24, 2016 at 1:17 PM > Subject: Re: DigitalOcean and OpenBSD > To: Daniel Ouellet <dan...@presscom.net> >

Re: DigitalOcean and OpenBSD

2016-08-24 Thread Daniel Ouellet
On 8/24/16 12:24 PM, R0me0 *** wrote: > Ok, here is a reply for you and all other motherfuckers that think and > answer like you. Love you too. But note that someone wanted to help you. Quote: "A dmesg would be nice. And maybe a less snarky attitude." As I said we have no clue what you run,

Re: DigitalOcean and OpenBSD

2016-08-24 Thread Daniel Ouellet
On 8/24/16 10:52 AM, R0me0 *** wrote: > Just asked if someone already faced this issue after a simple reboot > > # reboot > > Do you need a draw ? > > KIND Regards, OK here is an answer as good as your question. Not so far. My son use Digital Ocean, only because they are cheap and he put up

Re: Installer overwrites partition table

2016-08-24 Thread Daniel Ouellet
On 8/24/16 7:15 AM, Bertram Scharpf wrote: > Hi, Hi, I don't write much on misc@ anymore because of emails like yours. But this time I fell I had too. I am not a OpenBSD dev, but I fell your insults as well I am sure. > first of all, I am an experienced OS installer and I did a > heck of

Re: Quick APU2 review

2016-04-15 Thread Daniel Ouellet
> That's nice. I don't have a ferrari, I have a rather basic truck. > > You are off topic. Sorry Theo, He asked for "real world through put?" I provided some to be helpful.

Re: Quick APU2 review

2016-04-15 Thread Daniel Ouellet
I don't have the APU2C4, I have the APU1C4 and I can push 80Mb/sec of IPSec on it, way more obviously when I don't do the IPSec. My setup use ikedv2 from Rek@ When I reach the 80Mb/sec, well it reach the full CPU utilization. When I do NAT only the CPU cores ( I have only 2 on that APU1) are

Re: date not respect for 5.8 and 5.9

2016-03-31 Thread Daniel Ouellet
On 3/31/16 4:58 AM, Max Power wrote: > Hi guys! > Why the release 5.8 and 5.9 did not comply with the canonical date > of the 1th November and of the 1th May? > > Thanks in advance for your reply. Because Buffy swim upstream with the salmons this year in the cold rivers of Canada and felt he

Re: OpenBSD on AMD Embedded G-Series T40E APU?

2016-03-07 Thread Daniel Ouellet
On 3/7/16 12:43 PM, Noth wrote: > On 03/07/16 02:04, Theo de Raadt wrote: >>> Hey folks, >>> >>> The website does not seem to have a lot of info on what CPUs are >>> supported. I'm looking at this box for a home firewall with OpenBSD >>> >>>

Re: OpenBSD on AMD Embedded G-Series T40E APU?

2016-03-07 Thread Daniel Ouellet
On 3/7/16 1:55 PM, Theo de Raadt wrote: >> On 3/7/16 12:43 PM, Noth wrote: >>> On 03/07/16 02:04, Theo de Raadt wrote: > Hey folks, > > The website does not seem to have a lot of info on what CPUs are > supported. I'm looking at this box for a home firewall with OpenBSD >

Re: LibreNMS chroot issues

2015-12-27 Thread Daniel Ouellet
> I was wondering if anybody tried running LibreNMS with httpd from the > base and even more fundamentally does httpd from the base support > "unsecure" mode. I read up and down httpd several times but I didn't see > anything about insecure mode. Yes, "unsecure mode" is call Linux. Or FreeBSD

Any idea for table replacement configuration in iked.con

2015-12-19 Thread Daniel Ouellet
I am trying to find a more efficient way then creating a long list of policy in iked.conf that would be in in pf using table, but there isn;'t any table in iked.conf. As a simple example if I had this in pf table { 172.16.0.0/16, !172.16.1.0/24, 172.16.1.100 } would match all the /16, but not

Re: IKEDv2 lost tunnel. How to reproduce at will, effects and work around.

2015-12-15 Thread Daniel Ouellet
with NAT-T will show up, just somewhat less frequently, but still present. Above so far, none. Best, Daniel On 12/11/15 8:51 PM, Daniel Ouellet wrote: > I sure hope this will help. > > ***Setup*** > Two server on 5.8. Establish VPN with IKEDv2. One side active, one side > passiv

Re: Can't build kernel GENERIC.MP on Dell Inspiron E1045

2015-12-15 Thread Daniel Ouellet
On 12/15/15 5:10 PM, Jack J. Woehr wrote: > Just installed 5.8 on an old Dell laptop, cvs'ed src -rOPENBSD_5_8 then > config'ed and tried to build GENERIC.MP: > Any tips? This has to be something silly ... Sure, use snapshots! You can get one already done every single day if you want...

Re: syscall 5 "cpath" continues with octeon

2015-12-13 Thread Daniel Ouellet
Sorry about that by the way. The file is big, 156494156 Dec 13 02:40 Octeon-Install.mov On 12/13/15 2:58 AM, Daniel Ouellet wrote: > Hi, > > I thought about your problem and as i can't figure out what may be going > on, I thought a picture would be worth a thousands words and as

Re: syscall 5 "cpath" continues with octeon

2015-12-13 Thread Daniel Ouellet
Hi, I thought about your problem and as i can't figure out what may be going on, I thought a picture would be worth a thousands words and as my English is not as good as I wish, I did a video instead. Not sure how many words that would be worth, but what ever, I am sure it would be way better

Re: letsencrypt && https && openbsd.org = https://www.openbsd.org/

2015-12-13 Thread Daniel Ouellet
> Secondly, this whole thread should have ended long ago. So why you keep it going then. Let it die please

Re: syscall 5 "cpath" continues with octeon

2015-12-12 Thread Daniel Ouellet
I am really not sure what problem you are facing for sure. I did a few times form scratch and every time it goes without any problems what so ever and I really don't see where your cpath can come from at all. And I see no pledge issue what so ever either. Are you sure that you are actually

Re: syscall 5 "cpath" continues with octeon

2015-12-12 Thread Daniel Ouellet
Worst case, delete all partitions (EXCEPT the first one, the FAT one) and use only one, install, test and then redo as you see fit. You can mount your FAT partition and access it right? You do have the bsd.rd file on that FAT partition right? May be your fat partition conflict with one of the

IKEDv2 lost tunnel. How to reproduce at will, effects and work around.

2015-12-11 Thread Daniel Ouellet
I sure hope this will help. ***Setup*** Two server on 5.8. Establish VPN with IKEDv2. One side active, one side passive. Use rsa keys, or pass phrase if you like. Active side: # cat /etc/iked.conf ikev2 Ouellet active from re0 to 66.63.5.250 from 66.63.50.16/28 to 0.0.0.0/0 peer 66.63.5.250

When iked re-key, leave ghost behind

2015-12-11 Thread Daniel Ouellet
One question. Is it the only way to re-key the iked process when it reach it's 3 hours usage and/or the 500 Mb data exchange to restart a new process? Isn't it possible to kill the old one then that is not use anymore and stop having some routing problem that may be cause by it. I collect a HUGE

Interaction seen between dhcp renewal and iked session forcing it to try to switch to NAT-T and die form then on.

2015-12-09 Thread Daniel Ouellet
Sorry for the long details here. It may be relevant or related to some comment I have seen in regards to DHCP client killing traffic in the last few days on tech@ I have seen and that may be it might be useful. If not just ignore as i am still digging why iked session are unstable long term.

Ikedv2 proper usage questions.

2015-12-08 Thread Daniel Ouellet
I have a few questions that I really need to clarify fro myself and I would very much appreciate some input. Reason is that I am having problem to keep the session up for a long time and just doing /etc/rc.d/iked stop and the start on the client side will bring the session back up, even if I see

bsd.rd on Octeon ubnt_e200 doesn't fully boot

2015-12-05 Thread Daniel Ouellet
Not the end of the world, I was trying to see if I could boot OpenBSD on this version of the EdgeRouter Pro from Ubiquiti. I try the latest Octeon available just in case. I am still trying, but start to run out of idea and i do need to get some sleep now. Anyone have a possible Idea as what I

Re: Octeon snapshots

2015-12-05 Thread Daniel Ouellet
:20 AM, Peter Kay wrote: > > > On 5 December 2015 09:36:29 GMT+00:00, Daniel Ouellet <dan...@presscom.net> > wrote: >> On 11/13/15 12:02 PM, Daniel Ouellet wrote: >> To the kind sole. >> >> Not sure who did the new current updated release, but many thank

Re: Octeon snapshots

2015-12-05 Thread Daniel Ouellet
On 12/5/15 8:01 PM, jungle Boogie wrote: > On 5 December 2015 at 01:36, Daniel Ouellet <dan...@presscom.net> wrote: >> I very much appreciate it. > > > I appreciate this too, but I can't complete the install. I tried an > update and now an install. > > L

Re: bsd.rd on Octeon ubnt_e200 doesn't fully boot

2015-12-05 Thread Daniel Ouellet
e read and understood the Ubiquiti License Agreement (available in the Web UI at, by default, http://192.168.1.1) and agree to be bound by its terms. ubnt login: On 12/5/15 6:18 PM, Daniel Ouellet wrote: > I got a little bit more now. Not much, but still some progress I guess, > or not.

Re: bsd.rd on Octeon ubnt_e200 doesn't fully boot

2015-12-05 Thread Daniel Ouellet
1 at softraid0: 256 targets root device: On 12/5/15 2:56 PM, Janne Johansson wrote: > My ERL would not run SMP if coremask was 0x1 (ie, use only one cpu) so I > setenv:ed the bootmask to add coremask=0x3 so that the bsd.mp would find > both cores, otherwise it bombed while probing for

Re: Octeon snapshots

2015-12-05 Thread Daniel Ouellet
On 11/13/15 12:02 PM, Daniel Ouellet wrote: > I saw a commit today on this platform. The last snapshot is almost a > month old. > > 10/18/15 2:19:00 AM. > > Just wonder if the snapshot might get some love. > > If not, totally fine, just wonder. > > I may j

Re: bsd.rd on Octeon ubnt_e200 doesn't fully boot

2015-12-05 Thread Daniel Ouellet
On 12/5/15 8:55 AM, Ted Unangst wrote: > Daniel Ouellet wrote: >> Not the end of the world, I was trying to see if I could boot OpenBSD on >> this version of the EdgeRouter Pro from Ubiquiti. I try the latest >> Octeon available just in case. > >> panic: pool_do_

Fwd: CVS: cvs.openbsd.org: src

2015-11-30 Thread Daniel Ouellet
Even removed the table password? NO way anymore to have difference password for emails then the system password without smtp-extra install? I can understand may be sqlite and ldap, but as a base system having different password from the system was and is very useful and I do it on all systems.

Re: A branded USB stick as an alternative to the CD set?

2015-11-30 Thread Daniel Ouellet
On 11/30/15 8:43 PM, Theo de Raadt wrote: >> On Nov 30, 2015, at 2:34 PM, Theo de Raadt wrote: >>> >>> These days the CD revenue is about what a cashier at a store makes. > > Uncertain of the veracity of this site, > >

  1   2   3   4   5   6   7   8   9   10   >