Re: PC Engines APU platform EOL

is anyone aware of such a nice little device with low power consumption and ECC memory? The alternatives mentioned so far just offer normal RAM options...

Re: BSD and kubernetes

Kubernetes' philosophy quite contradicts to OpenBSDs. Also, Kubernetes builds upon Linux technologies. Porting that stuff alone to OpenBSD would mean a great deal of work, and again does not really fit OpenBSDs developers ideas. The resources of OpenBSD is just a tiny fraction of that of

Re: IKEV2 two devices can connect but only one can make traffic

On 12.04.22 15:26, Łukasz Moskała wrote: I remember talking with network engineer at one company I used to work at. We used fortigate firewalls, and I asked why are we using SSLVPN instead of ipsec-based vpn, as both were supported. He said something along the lines of "ipsec does not work

Re: OpenBSD benchmarks

imho benchmarking only makes sense for your scenario, so I recommend benchmarking the ruleset you intend to use on that device. Also: what are you benchmarking against, and what is your setup (nat, bridge etc.)? On 04.04.22 21:50, Nicolas Goy wrote: Hello, I'd like to make some 10gbit/s

Re: Question about cryptography software compatibility on OpenBSD

I agree with Janne. Almost always it is more of a compliance topic than a technical topic. I did work for where we provided crypto/digital signature stuff to government and institutions I won't name, and e.g. the constraint for choosing an operating system for a platform was almost always

Re: Large Filesystem

On 28.11.20 05:51, Nick Holland wrote: > I've heard that from a lot of people. > And yet, those same people, when pressed, will tell you that a ZFS-equipped > system will crash much more often than simpler file systems. That's one > heck of a real penalty to pay for a theoretical advantage. > >

Re: How many IPs can I block before taking a performance hit?

We have ~30,000 entries in our table blocking networks and single ip addresses, all in all at the moment exactly 169,471,974 hosts being blocked. No idea what your criteria is for "performance impact", but we have no issues. On 12.08.20 14:11, Alan McKay wrote: > Hey folks, > > This is one that

Re: A concerning commit which breaks compatibility

this is probably due to the recent social discussion about the black lives matter movement. engineers around the world show their support to this movement against racism by various measurs, e.g. adjusting their code of conduct/rules etc. In many cases, "blacklist" should not relate to something

Re: HD OpenBSD Artwork

that's aweseome! Thanks! On 16.07.20 15:43, Ben Jahmine wrote: >> Is there somewhere to get higher resolution OpenBSD artwork? >> >> I see the stuff on the website, and it's great, but on my 8k screen it's >> kind of like a postage stamp in the middle. >> >> Do higher Res copies exist

Re: how to mount phone?

also: you can use the app termux if you want some nice terminal programs ... I rsync all my files from my phone to my computer. On 14.07.20 13:11, Abel Abraham Camarillo Ojeda wrote: > On Tue, Jul 14, 2020 at 5:07 AM Jan Stary wrote: > >> On Jul 13 14:39:35, justinkm...@gmail.com wrote: >>>

Re: How do I set up a Wi-Fi access point (using APU2)?

it seems you skipped the firewall part of the document you were referring, you need NAT connections. On 05.06.20 18:50, Richard Ulmer wrote: > Hi, > I got myself an APU2E2 and am trying to set it up as a router. To learn > how to do this I'm mostly following the "Building a Router" FAQ [1]. For

Re: Article OpenBSD: Not Free Not Fuctional and Definetly Not Secure and BSD, the truth blog

I just don't get it why some people put so much energy into bashing a free product instead of just ignoring it if they really hate it. The time would have been better spent on supporting/improving OpenBSD or another project. On 28.05.20 13:20, Ian Darwin wrote: > On Thu, May 28, 2020 at

Re: upgrade 6.6 -> 6.7

the shutdown because the system is trying to boot /bsd.upgrade again which of course vanished. (so use /bsd in vm.conf again and start the vm) So for manual upgrade editing the boot config in grub menu is simple, if you do automated upgrades going via the vm.conf stuff might be preferable.

upgrade 6.6 -> 6.7

Hi, just for info: Upgrading from 6.6 to 6.7 worked without flaws on my OpenBSD VMs on Linux/KVM and FreeBSD/bhyve hypervisors! 6.7 feels faster and snappier! Thanks to you all for your hard work! Regards, infoomatic

wireguard on i386

, infoomatic

Re: multihomed routing issue

what exactly are you trying to achieve, or: why not use azure firewall? On 26.04.20 17:27, 4642 wrote: > Hi, I have created a OpenBSD 6.6 VM in the Azures cloud that I plan to use as > a Firewall, I had planned on using carp but I can't get it working in Azure > so I think I can use an

Re: Reduce attack surface - Tomcat and guacamole...

some questions do arise: 1.) is the device which you intend to use under your control? 2.) how would you like to access systems in your home network as for me I have a VPN service on my server so I can access all my systems from a device I own when I am on the road. This saves me from

Re: openbsd.org down?

not reachable for days now in Austria, Germany, Czech Republic On 13.04.20 11:01, SP2L Tom wrote: > Greetings. > > > It was and it is still up > At least, I can reach OpenBSD site. > > > Best regards. > Tom > > W 13 kwietnia 2020 10:23:18 Sebastien Marie napisał: > >> On Mon, Apr 13, 2020 at

Re: Does Intel driver supports Intel g31?

I suggest you read on the documentation instead of throwing one-line questions to the mailing list. The documentation is excellent, just look for the information you need. https://man.openbsd.org/ https://openports.se/ On 11.04.20 15:58, Nikita Stepanov wrote: > Does Intel driver supports

Re: Can openbsd run Linux binaries?

No. But a lot of the software you might know from Linux is available via ports and packages. On 11.04.20 11:57, Nikita Stepanov wrote: > Can openbsd run Linux binaries?

Re: secure MTA (was: news from ...)

On 09.04.20 11:55, Rudolf Leitgeb wrote: > As soon as your server does anything useful, it will > present an attack vector to the outside world, and one needs to > be aware of it. > just to add to your argument: your server does not even have to do anything ... the interface driver or just the

Re: Hosting a CDN question

varnish does not bring down the network latency if users are sitting on the other end of the world... On 17.03.20 08:48, Wayne Oliver wrote: On 2020/03/16 12:26, Flipchan wrote: Hey all, My company needs to put up a cdn for fast hosting of javascript, images and css for websites, and then i

Re: do i need to configure mkinitcpio.conf for my md array ?

what do you want to achieve? If you want to access the array from OpenBSD then I see no possibility with this configuration. If you want a dual-boot system I suggest you configure the 4-disk raid in OpenBSD and in arch linux you could use a VM and use hardware passthrough to access the data.

Re: OpenBSD's extremely poor network/disk performance?

just out of curiosity: did you do the FreeBSD test on ZFS with compression enabled? Am 09.01.20 um 15:22 schrieb Hamd: Joe, are you a joke? Please stop insulting me, this is not my/your_personal_fancy_forum. This will be my last post here in misc. Default setups, no config. changes. Just

Re: OpenBSD's extremely poor network/disk performance?

1.) OpenBSD never stated that ultimate performance is their goal, but clean maintainable code is, and thus in case of a compromise the developers will choose clean code over performance. 2.) to quote Breandan Gregg: "All benchmarks are wrong until proven otherwise" 3.) It's 2020 and you quote a

Re: Traffic prioritization inside VPN

I can recommend using queues in pf ... very simple and effective. https://man.openbsd.org/pf.conf#QUEUEING Am 02.01.20 um 15:12 schrieb radek: Hello, I have the following scenario: [box_rac][fw_rac] <--iked site-to-site--> [fw_krz]--[box_krz] [box_rac] pulls (rsync) "big data" from

Re: off-topic

here is another version: https://github.com/notqmail/notqmail I switched to postfix long time ago, never looked back. Am 30.12.19 um 14:09 schrieb Gustavo Rios: Is qmail dead ? Does anyone here use openbsd with qmail+ldap ?

Re: crash of OpenBSD 6.3 -stable (amd64 MP kernel) - unswapping kills connections

thats good news, thanks Philip for the info! In the meantime I disabled swap (as well as ntopng) on my firewalls - this is of course not needed on a firewall and was just a left-over from the initial default install. regards,infoomatic Gesendet: Freitag, 27. April 2018 um 13:50 Uhr Von: "P

Re: crash of OpenBSD 6.3 -stable (amd64 MP kernel) - unswapping kills connections

does not handle any tcp/ip or icmp connections any more until the swap space is fully freed (which, in my case when ntopng used 3 out of 4GB swap, lastet for nearly 20 minutes). IMHO, unswapping a process should not influence network connectivity that much. Regards, infoomatic > Gesen

Re: crash of OpenBSD 6.3 -stable (amd64 MP kernel) - unswapping kills connections

have now disabled ntopng. I kindly ask the devs to take a look at this! If you need a testsetup for this or if I can do anything, just contact me. Regards, infoomatic > Gesendet: Mittwoch, 25. April 2018 um 15:25 Uhr > Von: Infoomatic <infooma...@gmx.at> > An: misc

crash of OpenBSD 6.3 -stable (amd64 MP kernel)

re to look for a bug. Any tipps how to deal with this matter in the future? TIA and regards, infoomatic [1] OpenBSD 6.3 (GENERIC.MP) #107: Sat Mar 24 14:21:59 MDT 2018 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 4238319616 (4041MB) avail mem = 41027952

Re: Performance issues as KVM guest?

12. Januar 2018 um 12:48 Uhr > Von: "Stefan Fritsch" <s...@sfritsch.de> > An: Infoomatic <infooma...@gmx.at> > Cc: misc@openbsd.org > Betreff: Re: Performance issues as KVM guest? > > Hi, I don't see this issue on my Debian system, but please try two thin

Re: Performance issues as KVM guest?

Same problem here. While we did have significant differences in cpu usage between FreeBSD and OpenBSD (basic OS without configuration: FreeBSD ~ 33min CPU time, OpenBSD ~ 474min CPU time - both started at the same time), with the latest kernel patches for Ubuntu 17.04 (our test environments all

Microsoft VPN - multiple users behind OpenBSD Firewall

e.g. "multiple pptp pass-through on pf" from 2007 and others about 10 years back. Whats the current state of this? Do I really need a proxy like poptop? thanks in advance, infoomatic

Re: OpenBSD 6.1/i386 hangs on reboot

I have tried the latest snapshot and ... thanks for fixing this! reboot and shutdown are now working again on my 16 year old notebook! > Gesendet: Freitag, 12. Mai 2017 um 22:06 Uhr > Von: Infoomatic <infooma...@gmx.at> > An: "OpenBSD Misc" <misc@openbsd.org> &g

OpenBSD fuzzy testing

Hi, As nowadays I read quite a lot of projects being fuzzy tested or vulnerabilities detected by fuzzy testing, I am quite curious: what is the status of OpenBSD kernel/base system concerning fuzzy testing? Is there a plan on using the Google fuzzer? thanks regards, infoomatic

Re: bridge/vether0 not working - BUG?

...") , it now ignores also /etc/mygate. Adding "ifconfig vether0 inet alias XXX netmask XXX" and "route add default XXX" to /etc/rc.local was the workaround, however, I think this is not expected behaviour. regards,  infoomatic > Gesendet: Dienstag, 09. Mai 2

Re: OpenBSD 6.1/i386 iwi0 problems

> iwi(4) was entirely broken since the WPA security patch for 6.0. > I made it work again for 6.1 but also saw these firmware errors occasionally. > But I thought these errors were already present in 6.0 and before. It looks > like that's not the case, and there is even more left to fix... OK,

OpenBSD 6.1/i386 hangs on reboot

I wanted to try to resolve the issue I just posted and tried to reboot, however the machine hangs and shows: syncing disks... done ehci0: reset timeout rebooting... even pushing the power button long does not switch off the machin, I have to unplug the powersupply and remove the battery.

OpenBSD 6.1/i386 iwi0 problems

hi, I upgraded my old notebook to 6.1. However, I am experiencing hickups with wifi (no problems with 6.0) some lines in dmesg: iwi0 at pci1 dev 13 function 0 "Intel PRO/Wireless 2200BG" rev 0x05: irq 11, address 00: . iwi0: fatal firmware error iwi0: timeout waiting for master iwi0: fatal

Re: bridge/vether0 not working - BUG?

> > > does it work when you put - inet alias X.X.X.Y 255.255.255.255 ? > > > > unfortunately not. It's the same effect as with 255.255.255.224: working > > locally on the subnet, but not when routing is involved. > > Thanks anyway for this idea! > > Guess I was to fast! After a few minutes it

Re: bridge/vether0 not working

> > does it work when you put - inet alias X.X.X.Y 255.255.255.255 ? > > unfortunately not. It's the same effect as with 255.255.255.224: working > locally on the subnet, but not when routing is involved. > Thanks anyway for this idea! Guess I was to fast! After a few minutes it was working

Re: bridge/vether0 not working

> Von: "Hrvoje Popovski" > > /etc/hostname.vether0: > > up media autoselect > > inet X.X.X.X 255.255.255.224 NONE > > inet alias X.X.X.Y 255.255.255.224 > > > does it work when you put - inet alias X.X.X.Y 255.255.255.255 ? unfortunately not. It's the same effect as with

bridge/vether0 not working

the alias statement), and then manually do a "ifconfig vether0 inet alias X.X.X.Y netmask 255.255.255.224" everything is fine and works as expected. I am curious in this matter, and would really appreciate someone sharing his/her knowlegde to enlight a newcomer, thanks! Kind regards, infoomatic

Re: I can't connect to openbsd.org in most cases.

I can confirm this for the https site > Gesendet: Dienstag, 04. April 2017 um 11:04 Uhr > Von: "Luke Small" > An: openbsd-misc > Betreff: I can't connect to openbsd.org in most cases. > > I have an openbsd vm on a windows 7 host, windows 7 asus, iPhone,

Re: Running OpenBSD on Hypervisor

Hi, I have not experienced any problems virtualizing OpenBSD with KVM, Xen, HyperV, VMware. I have done various performance tests over the years and found KVM to be the best performing, most stable platform for our environment. Those non-scientific tests simulated some of our typical workloads -

Re: increased load average

> Gesendet: Freitag, 03. März 2017 um 15:53 Uhr > This is known behaviour from current. > OK, thanks for the info. I have no problem with the load so far, just did not have an idea where it did come from since vmstat did not show anything unusual compared to running -stable.

increased load average

nt, the load average jumped from about 0.2 to 1.7. There hasn't been changes in our userbase (<10 users) or anything else, is this a known problem? I use the MP kernel. regards, infoomatic

Re: kernel panic in OpenBSD 6.0-stable

> At least two bugs leading to this panic have been fixed post 6.0. I'd > suggest you to upgrade to -current where it should work as expected. If > not, please send a new bug report to bugs@. Thanks a lot! This is awesome, you manage to fix bugs faster than I can report them ;-) I guess I

kernel panic in OpenBSD 6.0-stable

thing to support a dev to fix this problem. regards, infoomatic [1] https://postimg.org/image/5ogvhmc45/ [2] https://postimg.org/image/mmx6f1nxv/ [3] https://postimg.org/image/687wqsh8j/

openiked troubles during conn

Hello, I hope someone could point me in the right direction with my problem I am facing with openiked on a 64bit OpenBSD 6.0-stable. I want to connect two bridged firewalls, however, it seems the connection cannot be fully established. I tried with pf disabled but that did not change anything.

Re: openiked + rc.conf.local

> Do you get any more output if you do "rcctl -f -d start iked"? the output is: doing _rc_parse_conf doing _rc_quirks iked_flags empty, using default >< doing _rc_parse_conf /var/run/rc.d/iked doing _rc_quirks doing rc_check iked doing rc_pre configuration OK and then the terminal is blocked

Re: openiked + rc.conf.local

> On Mon, Sep 26, 2016 at 02:17:35PM +0200, Infoomatic wrote: > > also, the already running endpoint did not receive any packets. > > Nobody on this list can run ifconfig, route, and tcpdump on *your* box > to figure out where you're losing packets... this is not a connectivity

Re: openiked + rc.conf.local

> On Mon, Sep 26, 2016 at 01:56:20PM +0200, Infoomatic wrote: > > ipsec=YES in rc.conf.local does not change anything, and appending > > "ikelifetime 60" to iked.conf neither. > > ipsec=YES and /etc/ipsec.conf are for use with isakmpd. > > iked does not us

openiked + rc.conf.local

es of which the external one has the (simulated) external ip address and the internal interface has an internal ip addres, both only ipv4. The system is Openbsd 6.0 -stable including the patches until (and including) 006. I am quite sure this is just a minor detail I have overseen, however, I would really appreciate your help! Thanks! infoomatic