Re: How to use randon outgoing network aliases?

Le 3/12/24 à 15:40, Stuart Henderson a écrit : On 2024-03-12, Joel Carnat wrote: Hi, I have a server with a single NIC but several IPs configured: # cat /etc/hostname.vio0 inet 192.0.2.10 255.255.255.0 inet alias 192.0.2.11 255.255.255.0 inet alias 192.0.2.12 255.255.255.0 The default

How to use randon outgoing network aliases?

Hi, I have a server with a single NIC but several IPs configured: # cat /etc/hostname.vio0 inet 192.0.2.10 255.255.255.0 inet alias 192.0.2.11 255.255.255.0 inet alias 192.0.2.12 255.255.255.0 The default gateway is set to 192.0.2.1 in /etc/mygate. I would like outgoing network traffic to

Re: relayd fallback when using tag/tagged

Le 2/15/24 à 10:33, Michael Hekeler a écrit : Hello, I'm trying to configure relayd(8) to use tags, to allow legit host names only and modify HTTP headers, and fallback. But I can't have it working properly. I don't understand exactly what you want to achieve. Do you want: A. Requests with

Re: relayd fallback when using tag/tagged

Le 13/02/2024 à 10:07, Manuel Giraud a écrit : Joel Carnat writes: Hello, I'm trying to configure relayd(8) to use tags, to allow legit host names only and modify HTTP headers, and fallback. But I can't have it working properly. Using such a configuration: #-8<--- table { 192.0.

Re: relayd fallback when using tag/tagged

.0] GET Le 13/02/2024 à 04:29, l...@trungnguyen.me a écrit : Hi On February 13, 2024 12:20:26 AM UTC, Joel Carnat wrote: Hello, I'm trying to configure relayd(8) to use tags, to allow legit host names only and modify HTTP headers, and fallback. But I can't have it working p

relayd fallback when using tag/tagged

Hello, I'm trying to configure relayd(8) to use tags, to allow legit host names only and modify HTTP headers, and fallback. But I can't have it working properly. Using such a configuration: #-8<--- table { 192.0.2.4 } table { 192.0.2.7} http protocol www { block match request

Re: Donations

> Le 26 oct. 2023 à 16:38, Ingo Schwarze a écrit : > > The advice is extremely simple: > > If you can, donate directly to the OpenBSD project because that means > 1. the donation can be used for any purpose, including all purposes >that can be funded by the foundation and some that can't

Require host-name from DHCP clients

Hi, Because of Apple Private Address feature, my static IP allocations based on MAC address (hardware ethernet) doesn't work anymore. Looking at dhcpd.leases, some devices provide a client-hostname value ; but not every one. Is there a dhcpd.conf configuration parameter that forces DHCP clients

Usage of pf(4) with tap(4) and veb(4)

Hi, I'd like confirm I understood how pf works in a mixed veb/vport/tap environment. I'm using OpenBSD 7.3/amd64 (if that matters). I have a physical host that runs services (relayd, httpd...) the "classical" way and also provides VM using vmd. I have a couple of public IPs that are either

Re: access rdomain0 localhost from rdomainN

On Mon, May 15, 2023 at 10:21:55AM -, Stuart Henderson wrote: > > I think your options are 1) run a second copy (I suggest symlinking > rc.d/unbound -> e.g. rc.d/unbound1, and setting unbound1_rtable=1), > or 2) leak the traffic between tables using a PF rule, I have this > on my laptop: >

Re: access rdomain0 localhost from rdomainN

On Sun, May 14, 2023 at 10:32:15PM -0600, Zack Newman wrote: > On 2023-05-14, Joel Carnat wrote: > > I have unbound listening on lo0 (127.0.0.1, rdomain0) and resolv.conf > > configured with "nameserver 127.0.0.1". > > You can also have unbound(8)

access rdomain0 localhost from rdomainN

Hi, I have configured rdomain 1 and bound daemons (httpd and relayd) to it. They work as expected but I still have issues with DNS resolving on localhost. I have unbound listening on lo0 (127.0.0.1, rdomain0) and resolv.conf configured with "nameserver 127.0.0.1". When I try to use it

Re: hardware

> Le 18 avr. 2023 à 11:30, Stuart Henderson a écrit > : > > On 2023-04-18, Mischa wrote: >>> On 2023-04-17 23:37, Mike Larkin wrote: >>> On Mon, Apr 17, 2023 at 02:21:14PM -0600, Theo de Raadt wrote: Gustavo Rios wrote: > What is the best supported servers by OpenBSD ?

Re: Using gzip-static with httpd location

Le 23/03/2023 à 22:22, Jared Harper a écrit : On Thursday, March 23rd, 2023 at 2:15 PM, Jordan Geoghegan wrote: On 3/9/23 17:31, Joel Carnat wrote: Hi, I just tried applying gzip compression on a simple test web site using httpd and the gzip-static option ; using OpenBSD 7.2/amd64. As I

Re: Using gzip-static with httpd location

Le 10/03/2023 à 16:41, Marcus MERIGHI a écrit : Hello, j...@carnat.net (Joel Carnat), 2023.03.10 (Fri) 02:31 (CET): I just tried applying gzip compression on a simple test web site using httpd and the gzip-static option ; using OpenBSD 7.2/amd64. As I understood the man page, gzip-static

Using gzip-static with httpd location

Hi, I just tried applying gzip compression on a simple test web site using httpd and the gzip-static option ; using OpenBSD 7.2/amd64. As I understood the man page, gzip-static is supposed to be used inside the server block ; like listen, errdocs or tls. But doing so does not seem to enable

devel/bamf bamfdaemon segmentation fault

Hi, On OpenBSD 7.2-current (snapshot from Jan 8th) with bamf-0.5.4p0 installed, bamfdaemon dies right away after launching. I start it from an xterm in an XFCE session. My user is in class staff and in groups wheel and operator. Everything works perfectly right ; except bamfdaemon. # ktrace

Re: Xorg freeze with ThinkPad A485 / ATI Radeon Vega

Le 03/12/2022 à 21:51, Adriano Barbosa a écrit : On Sat, Dec 03, 2022 at 06:01:38PM +0100, Joel Carnat wrote: Le 02/12/2022 à 10:21, Bodie a écrit : On Fri Dec 2, 2022 at 12:14 AM CET, Joel Carnat wrote: Hi, About once a week, Xorg freezes while I'm using my ThinkPad A485 with OpenBSD 7.2

Re: Xorg freeze with ThinkPad A485 / ATI Radeon Vega

Le 02/12/2022 à 10:21, Bodie a écrit : On Fri Dec 2, 2022 at 12:14 AM CET, Joel Carnat wrote: Hi, About once a week, Xorg freezes while I'm using my ThinkPad A485 with OpenBSD 7.2. I've tried switching the window manager (XFCE, Gnome, WindowMaker, cwm) but it still happens. I only have

Xorg freeze with ThinkPad A485 / ATI Radeon Vega

Hi, About once a week, Xorg freezes while I'm using my ThinkPad A485 with OpenBSD 7.2. I've tried switching the window manager (XFCE, Gnome, WindowMaker, cwm) but it still happens. I only have a few apps opened (Firefox ESR, a terminal, a file manager). Tonight, I had just rebooted the system

Re: rrdtool fails to install on 7.2 due to freetype.30.2 not found for cairo

Did you install x* packages? > Le 24 oct. 2022 à 05:12, Jim Anderson a écrit : > > Installed 7.2 and rrdtool will not install due to an error > installing freetype for cairo. > > # pkg_add rrdtool > quirks-6.42 signed on 2022-10-23T09:59:17Z > rrdtool-1.7.2p1:pcre-8.44: ok >

Question on using !!prog with syslogd(8)

Hello, I want to take actions when specific logs appear but still want to log them in a file (for further inspection). But "!!prog" does not work as I would expect. I've tested on 7.1 and 7.2/snapshots. When using '!!', only the first action is applied. I configured syslog.conf this way:

Issue with FDE and bootblocks on 7.2 snapshots ?

Hi, I’ve been trying to install my T460s from scratch (using FDE with UEFI boot and gpt disk configuration) using the 2022-09-13 snapshot. At the end of installation process, I keep getting « Failed to install bootblocks ». I tried a several times. Also tried a non-FDE installation (using UEFI

Re: Trouble using keepassxc-proxy with iridium/chromium

On Sun, 22 May 2022 19:27:19 +0200 Antoine Jacoutot wrote: > On Sun, May 22, 2022 at 07:17:49PM +0200, Joel Carnat wrote: > > Hello, > > > > From a brand new 7.1/amd64 installation, I'm trying to use > > keepassxc-proxy with Iridium. As I did for Firefox-ESR,

Trouble using keepassxc-proxy with iridium/chromium

Hello, >From a brand new 7.1/amd64 installation, I'm trying to use keepassxc-proxy with Iridium. As I did for Firefox-ESR, I added "/usr/local/bin/keepassxc-proxy rx" to /etc/iridium/unveil.main. But it never connects to the database. Using Firefox-ESR, it works ok. Using "iridium

Strange relayd(8) logs meaning?

Hello, I have relayd(8) in front of nginx(8) to render a local Nextcloud instance. From time to time, the Nextcloud client fails saying "Host not found" which has no sense. The whole workstation still accesses the network and can resolve anything. relayd(8) listens on em1 IP and uses http

Values from wsconsctl(8) and xbacklight(1) may differ

Hello, I have just noticed that depending on how you change the display brightness on my ThinkPad, values may differ wether I query using wsconsctl(8) and xbacklight(1). Here's what I have observed: # doas wsconsctl display.brightness ; xbacklight -get display.brightness=25.11% 25.00 #

Re: Either intel nor glamor drivers do not work for Samsung NC215S

Hi, This GMA 3150 may be the same I had on my Dell Inspiron Mini 10. It’s be ages since it has not been booted but I recall this card to be really specific ; hear not being compatible with standard intel driver. Looking at my archives

Re: Edimax EW-7612UAN V2 appears as "generic" Realtek WLAN Adapter

Le 25/01/2022 à 01:32, Jonathan Gray a écrit : On Tue, Jan 25, 2022 at 01:08:16AM +0100, Joel Carnat wrote: Hello, Because my Internet Box has just died, I plugged a spare Edimax EW-7612UAN V2 on my OpenBSD 7.0 router and connected it to my iPhone WiFi connection sharing. I've tested

Edimax EW-7612UAN V2 appears as "generic" Realtek WLAN Adapter

Hello, Because my Internet Box has just died, I plugged a spare Edimax EW-7612UAN V2 on my OpenBSD 7.0 router and connected it to my iPhone WiFi connection sharing. I've tested it for a few hours with Video-on-Demand, email etc and it works without issues. The thing is it seems to be

Re: Using Connection:keep-alive with relayd

creases > > the networking overhead, but puts all the load on a single back-end > > server. > > Closing the connection with every request increases the networking > > overhead but > > spreads it between all of the servers in the farm. Test your application > > with

Using Connection:keep-alive with relayd

Hi, I have noticed that relayd(8) sends a "Connection: close" HTTP header even if the backend server has sent a "Connection: keep-alive" HTTP header. Here's my configuration: # cat /etc/httpd.conf server "default" { listen on * port 80 location * { root

Re: relayd and snmp agentx

On Sat, Nov 06, 2021 at 09:24:47AM +0100, Martijn van Duren wrote: > On Fri, 2021-11-05 at 15:59 +, Stuart Henderson wrote: > > On 2021-11-05, Joel Carnat wrote: > > > Hello, > > > > > > I read in relayd.conf(5) that there is an SNMP agentx feature.

relayd and snmp agentx

Hello, I read in relayd.conf(5) that there is an SNMP agentx feature. And there is an OPENBSD-RELAYD-MIB.txt file in 7.0 /usr/share/snmp/mibs directory. But in snmpd.conf(5), I couldn't found any reference for subagent or agentx. Reading the sources logs, I understood that agentx was removed

Multiple SSID when operating in Host AP mode?

Hello, Is it possible (as of OpenBSD 7.0/amd64) to configure a bwfm (Broadcom BCM4356) device in hostap mode and publish several nwid ; from that single device? The idea would be to have several SSIDs with different configurations ; as some IoT devices don't support "greater" network than 11g

start_timeout not found on sysupgrade

Hi, I have just upgraded from 7.0-beta Sep 5 snapshot to Sep 7. During the process, I noticed the following error message: Welcome to the OpenBSD/amd64 7.0 installation program. /autoinstall[2697]: start_timeout: not found Performing non-interactive upgrade. The upgrade process went ok

Run a command on "last day of month"

Hello, I would like to run a command on "the last day of each month". From what I understood reading the crontab(5) manpage, the simplest way would be setting day-of-month to "28-31". But this would mean running the command 4 times for months that have 31 days. Is there a simpler/better way

Re: Using relayd as a reverse proxy for multiple local servers

Hi, In my testings, using « listen on * port https tls » doesn’t work either. What I did is replace the « * » with the IP address where I want relayd to listen to. And as my gateway has several interfaces, I created a relay section for each single interface I wanted relayd to bind to. Regards,

Bugs running 6.9-CURRENT on MacBook Pro Touchbar 2017

Hi, I went back on testing OpenBSD on my MacBookPro14,3. I just installed 6.9-CURRENT and here's a list of non-working stuff. - keyboard and touchpad don't work. I have to use a USB keyboard/mouse. internal keyboard does work in the boot loader. but stops working after the kernel is loaded.

Re: periodic network access failure when accessing nextcloud via relayd

On Thu, Apr 01, 2021 at 01:47:11PM -0600, Ashlen wrote: > On 21/03/31 23:50, Joel Carnat wrote: > > Hello, > > > > I have Nextcloud 21 running with php-7.4, httpd(8) and relayd(8). > > On my laptop, a script regularly runs nextcloudcmd to synchonize the files >

periodic network access failure when accessing nextcloud via relayd

Hello, I have Nextcloud 21 running with php-7.4, httpd(8) and relayd(8). On my laptop, a script regularly runs nextcloudcmd to synchonize the files with the nextcloud instance. And quite often, nextcloudcmd returns such error: 03-31 23:28:56:089 [ info nextcloud.sync.networkjob.lscol ]:

Huawei E3372 loops detaching

Hi, I got a Huawei E3372 LTE USB Stick and plugged it on my T460s running OpenBSD 6.8-stable/amd64. I tried all 3 USB ports and they all act the same way : the stick loops attaching/detaching forever. I also tried current (OpenBSD 6.8-current (GENERIC.MP) #308: Wed Feb 3 20:49:28 MST 2021)

Re: Issues with Teclast F7 Plus

On Fri, 2020-12-25 at 00:34 -0500, James Hastings wrote: > On 13 Dec 2020, 13:27:48 +0000, Joel Carnat wrote: > > Hello, > > > > I just got a Teclast F7 Plus laptop and installed OpenBSD 6.8- > > current on > > it. Most things works except apm and touchpad &g

Issues with Teclast F7 Plus

Hello, I just got a Teclast F7 Plus laptop and installed OpenBSD 6.8-current on it. Most things works except apm and touchpad. Using zzz or ZZZ, it seems suspend/hibernation start but are never achieved. The backlight keyboard and power led are still on. On Linux, keyboard goes black and

dhcpd and pf table with fixed-address

Hello, I have linked dhcpd(8) and pf(4) using -A, -C and -L dhcpd flags. It seems dhcpd only adds IP for dynamic leases and not for leases configured using fixed-address. Is this expected or is there something I misconfigured? Thanks, Jo PS: configuration extracts rc.conf.local:

Re: Issues with TP-Link UE300

Mbits/sec sender [ 5] 0.00-10.13 sec 618 MBytes 512 Mbits/sec receiver Thank you very much. On Mon, Sep 28, 2020 at 10:30:16AM +0800, Kevin Lo wrote: > On Sun, Sep 27, 2020 at 11:43:13PM +0200, Joel Carnat wrote: > > > > Hi, > > > > I have p

Re: Issues with TP-Link UE300

-Original Message- > From: owner-m...@openbsd.org On Behalf Of Joel Carnat > Sent: 27 September 2020 22:43 > To: misc@openbsd.org > Subject: Issues with TP-Link UE300 > > Hi, > > I have plugged a TP-Link UE300 on my ThinkPad X260 running OpenBSD -snapshot >

Issues with TP-Link UE300

Hi, I have plugged a TP-Link UE300 on my ThinkPad X260 running OpenBSD -snapshot and it seems I can't get more than 100Mbps. The dongle attaches and get an IP address. But the speed seems limited. Same behaviour when attached to the USB3 port of my APU4D4 (running 6.7). When plugged in a MacBook

Re: match two conditions in relayd(8)

On Mon, Jan 27, 2020 at 09:22:40PM +0100, Sebastian Benoit wrote: > Joel Carnat(j...@carnat.net) on 2020.01.27 18:21:43 +0100: > > Hi, > > > > I'm setting up an HTTP(S) Reverse Proxy with relayd(8). > > > > I have one listener with multiple FQDN allowed.

match two conditions in relayd(8)

Hi, I'm setting up an HTTP(S) Reverse Proxy with relayd(8). I have one listener with multiple FQDN allowed. But I also have a common path that must be treated separately. As for now, I have: http protocol "https" { match request header "Host" value "one.domain.local" forward to match

snmpd(8) custom OID names

Hello, I have set custom OIDs in my snmpd.conf(5). When I walk or get those values, using snmp(1) or snmpget(1), the "name" parameters is not listed. I only get values described as OPENBSD-BASE-MIB::localTest.* Is there a straight way to get the configured names from snmp clients? Or do I have

How to specify "device" option in vm.conf to always boot PXE

Hi, I need a VM to always boot from the network. I could do it using vmctl(8): # doas vmctl start test -c -B net -b /bsd -n vswitch0 (...) PXE boot MAC address fe:e1:bb:d1:c5:d8, interface vio0 nfs_boot: using interface vio0, with revarp & bootparams But I can't find the syntax to be used in

Re: relayd shows ssh sessions as idle

On Mon, Jun 17, 2019 at 11:56:08PM +0200, Sebastian Benoit wrote: > Joel Carnat(j...@carnat.net) on 2019.06.12 16:10:25 +0200: > > Hi, > > > > I have configured relayd(8) on my vmd(8) host so that I can connect to > > the running VMs using SSH. > > > >

relayd shows ssh sessions as idle

Hi, I have configured relayd(8) on my vmd(8) host so that I can connect to the running VMs using SSH. Using relayctl(8), I can see that those sessions have the same value for age and idle ; even when something happens in the SSH sessions. Is this expected or an error in my relayd.conf ?

Re: productivity/khard (or python) seem slow

On Sat 18/05 19:15, Strahil wrote: > I run vanilla openBSD 6.5 on oVirt (KVM) with gluster as storage and it seems > OK for my needs but I never used khard. > What kind of slowness do you experience? > Maybe I can run some tests and see if the situation is the same on KVM. > Well, it takes

Re: productivity/khard (or python) seem slow

On Sat 18/05 11:39, David Mimms wrote: > On 2019.05.17 11:41, Paco Esteban wrote: > > On Thu, 16 May 2019, Joel Carnat wrote: > > > > > On Thu 16/05 08:55, Paco Esteban wrote: > > > > Can't say about your VM. On my desktop: > > > > > >

Re: productivity/khard (or python) seem slow

On Thu 16/05 08:55, Paco Esteban wrote: > Hi Joel, > > On Wed, 15 May 2019, Joel Carnat wrote: > > > Hello, > > > > I've just setup vdirsync and khard to sync my addressbook from > > nextcloud. It works but querying the local vcf is damm slow. I also >

productivity/khard (or python) seem slow

Hello, I've just setup vdirsync and khard to sync my addressbook from nextcloud. It works but querying the local vcf is damm slow. I also noticed that ranger felt a bit slow to start but thought it was the software ; so I switched to nnn. # time (khard list | wc -l) 112 0m07.10s real

Re: Running php cli when php-fpm uses chroot

On Fri 12/04 15:37, Éric Jacquot wrote: > Hi, > > Le Friday 12 April 2019 à 11:53 +0200, Joel Carnat a écrit : > > Hi, > > > > Is there a better way to handle chroot environnement when running php > > scripts from the cli? > > > > According to

Running php cli when php-fpm uses chroot

Hi, When php-fpm is configured to use chroot, it seems the php(1) cli still tries to work unchrooted. So when running maintenance php scripts (like occ from Nextcloud), errors raises for not finding resources (like mysql socket etc). I couldn't find a option for the php(1) command to "run as

Re: influxdb goes "panic:runtime error: index out of range"

On Mon 08/04 09:00, Daniel Jakots wrote: > On Mon, 8 Apr 2019 13:58:27 +0200, Joel Carnat wrote: > > > On a fresh influxdb instance in an OpenBSD VM: same issue. On a > > fresh influxdb instance in a Linux Ubuntu VM: the error disappears and > > the query gets the corre

influxdb goes "panic:runtime error: index out of range"

Hi, On InfluxDB, I'm getting "panic:runtime error: index out of range" every time I run the "SHOW TAG VALUES FROM unbound WITH KEY = clientip WHERE sysName =~ /$hostname/" query from Grafana. And I also get it using the influx shell. I've tried various things, like giving more resources (via

Re: Touchpad - how to enable two-finger scrolling

Hi, On Sun 31/03 03:56, Brogan wrote: > Hello, > > I recently installed OpenBSD 6.4 on a Dell Latitude 6430u and am trying to > get touchpad two-finger scrolling working in X11. As far as I can tell the > touchpad is being loaded via wsmouse but I'm not sure how or where to > properly

Broadcom BCM4356, bwfm0: could not read io type

Hi, I took my working 6.5-BETA disk out of a ThinkPad X230i and pluggued it in a ThinkPad X260. The system boots ok and I can get an X session. But the wireless card doesn't seem to work. # dmesg bwfm0 at pci2 dev 0 function 0 "Broadcom BCM4356" rev 0x02: msi bwfm_pci_intr: handle MB data

Re: FDE with keydrive imponderabilities

Hi, I wonder if you’re not using fdisk for an MBR setup and disklabel for GPT. Why won’t you use 64 as the starting offset of the RAID partition ? -- Envoyé de mon iPhone > Le 22 mars 2019 à 23:26, Normen Wohner a écrit : > > I thought you might be able to help me with a setup concerning >

Re: How to monitor class usage/limits?

On Fri 15/03 15:47, Stuart Henderson wrote: > On 2019-03-14, Joel Carnat wrote: > > Hi, > > > > The Internet is full of "OpenBSD desktop works better when rising > > datasize/maxproc/openfiles/stacksize in login.conf". One thing I can't > > manage

How to monitor class usage/limits?

Hi, The Internet is full of "OpenBSD desktop works better when rising datasize/maxproc/openfiles/stacksize in login.conf". One thing I can't manage to find is how you can monitor those values? I'm Ok to set arbitrary recommended values depending on system configuration and general usecases (like

Are there real mountpoints for gvfs/gio shares ?

Hi, I was looking at mounting CIFS shares. OpenBSD is the "client" machine. CIFS a published by a remote NAS. Using XFCE and Thunar, everything works well. But when I try to access the mountpoints from the console, I just can't find them. Things like "gio mount smb://", "gio mount -l" and

Re: ldap search fails with Let's Encrypt certificate

Le 05/11/2018 17:07, Stuart Henderson a écrit : On 2018/11/05 17:02, Joel Carnat wrote: Le 05/11/2018 16:38, Stuart Henderson a écrit : > On 2018-11-05, Joel Carnat wrote: > > Le 05/11/2018 13:48, Stuart Henderson a écrit : > > > On 2018-11-05, Joel Carnat

Re: ldap search fails with Let's Encrypt certificate

Le 05/11/2018 16:38, Stuart Henderson a écrit : On 2018-11-05, Joel Carnat wrote: Le 05/11/2018 13:48, Stuart Henderson a écrit : On 2018-11-05, Joel Carnat wrote: Hi, I'm using ldap(1) to query a remote Synology Directory Server (OpenLDAP 2.4.x). Unfortunately, it fails saying: TLS

Re: ldap search fails with Let's Encrypt certificate

Le 05/11/2018 13:48, Stuart Henderson a écrit : On 2018-11-05, Joel Carnat wrote: Hi, I'm using ldap(1) to query a remote Synology Directory Server (OpenLDAP 2.4.x). Unfortunately, it fails saying: TLS failed: handshake failed: error:14004410:SSL routines:CONNECT_CR_SRVR_HELLO:sslv3

ldap search fails with Let's Encrypt certificate

Hi, I'm using ldap(1) to query a remote Synology Directory Server (OpenLDAP 2.4.x). Unfortunately, it fails saying: TLS failed: handshake failed: error:14004410:SSL routines:CONNECT_CR_SRVR_HELLO:sslv3 alert handshake failure ldap: LDAP connection failed When I use the OpenLDAP

Inconsistent stats between snmpd(8) and pfctl(8) ?

Hi, On OpenBSD 6.3/amd64, I'm using snmpd(8) to gather pf(4) statistics. It seems that some stats are not coherent. For example, on egress and vio0 interfaces. Asking snmpd(8), I get : OPENBSD-PF-MIB::pfIfDescr.3 = STRING: "egress" OPENBSD-PF-MIB::pfIfDescr.12 = STRING: "vio0"

Re: net-snmpd extend and doas : a tty is required

> Le 12 avr. 2018 à 21:10, Stuart Henderson <s...@spacehopper.org> a écrit : > > On 2018-04-12, Joel Carnat <j...@carnat.net <mailto:j...@carnat.net>> wrote: >> Hi, >> >> I want net-snmpd to run a script via the extend directive. >> This scri

net-snmpd extend and doas : a tty is required

Hi, I want net-snmpd to run a script via the extend directive. This script has to run a command using doas to get temporary root permission. The script is run on snmpcmd call but the doas command returns: doas: a tty is required Is there a way to run doas from net-snmpd ? I already have doas

Re: OpenBSD as an IKEv2 IPsec client with L/P authent

Hi, Le 22/02/2018 09:35, Stuart Henderson a écrit : On 2018-02-22, Igor V. Gubenko wrote: I am far from an expert; having issues myself at the moment, but maybe if we get all of the iked experimenters together, we can figure it out :) This definitely isn't going to work,

OpenBSD as an IKEv2 IPsec client with L/P authent

Hi, My FTTH home-box provides IKEv2 server support. I connected my iPhone, via 3G, to it. I can now access my internal home-LAN. So I know it works. I want to do the same with an OpenBSD server hosted in "the Cloud" ; in transport mode as far as I understood the docs. I've struggled with

Re: iPhone tethering ?

The iPhone can be configured as a wireless AP. Then OpenBSD can connect to it and gain access to the Wild Wild World. -- Envoyé de mon iPhone > Le 23 oct. 2017 à 07:58, SFM a écrit : > > Hi everyone ! > > Does iPhone tethering work with OpenBSD? In other words, is

Re: rsa 4096 or ed25519 for ssh keys ?

Le 16/10/2017 19:46, Mike Coddington a écrit : On Mon, Oct 16, 2017 at 05:29:34PM +0200, Joel Carnat wrote: Hi, If both server and client are ed25519 compatible. When generating (user) SSH keys, is it recommended to use ed25519 rather than rsa 4096bits? AFAIK, either would be fine. I

rsa 4096 or ed25519 for ssh keys ?

Hi, If both server and client are ed25519 compatible. When generating (user) SSH keys, is it recommended to use ed25519 rather than rsa 4096bits? Thank you.

Re: softraid crypto seem really slower than plain ffs

Hello, I was really annoyed by the numbers I got. So I did the testings again. Using a brand new VM. Being really careful on what I was doing and writing it down after each command run. I did the testings using 6.1 and 6.2-current, in case there were some changes. There weren't. First of

softraid crypto seem really slower than plain ffs

Hi, Initially comparing I/O speed between FreeBSD/ZFS/GELI and OpenBSD/FFS/CRYPTO, I noticed that there were a huge difference between plain and encrypted filesystem using OpenBSD. I ran the test on a 1 vCore/1GB RAM Vultr VPS, running OpenBSD 6.2-beta. I had / configured in plain FFS and

i386 or amd64 from small Cloud instance ?

Hi, My Cloud instances are always small (1 ou 2 vCPU, far less than 4GB of RAM). From what I saw, all the ports I need are available in i386 and amd64. Every Cloud provider I checked are using KVM hypervisor. Regarding OS and ports performance, does it make sense to use i386 rather than

OpenBSD on XPS M1330, sound and HTML video issues

Hi, I have installed OpenBSD 5.7/amd64 on my "old" Dell XPS M1330. Everything seem right except sound, only working with headphones and not internal speakers, and HTML5 videos, being very choppy (things like YouTube videos). I've read about those issues but couldn't solve them from what I

Re: Windows Server on Qemu

Le 13 août 2015 à 08:41, Mike Larkin mlar...@azathoth.net a écrit : On Wed, Aug 12, 2015 at 06:40:33PM -0700, Mike Larkin wrote: On Wed, Aug 12, 2015 at 10:00:49PM +0200, Joel Carnat wrote: Hi, Anyone here succeeded in having Windows Server 2008/2008R2/2012/2012R2 run in qemu-2.2.0

Windows Server on Qemu

Hi, Anyone here succeeded in having Windows Server 2008/2008R2/2012/2012R2 run in qemu-2.2.0 (OpenBSD 5.7/amd64) ? Mine keeps going BSOD on installation. Most of documentation I found was Linux-centric so I may miss some OpenBSD trick. TIA, Jo

Which tools to monitor traffic and alert ?

Hi, I run several standard services (Web, Mail, DNS, …) and have configured Munin to graph traffic and see what happened. I was wondering what was the usual OpenBSD way for proactive/real-time traffic monitoring and alerting. That is, which software to use that would, for example, read HTTPD

Re: sogo, httpd(8) and the rewrite need

Le 15 juin 2015 à 01:16, Reyk Floeter r...@openbsd.org a écrit : On 14.06.2015, at 18:08, Joel Carnat j...@carnat.net wrote: Hi, I was going to install SOGo on OpenBSD 5.7 using the native httpd(8). In the readme, there are configuration examples for nginx and apache-httpd-openbsd

sogo, httpd(8) and the rewrite need

Hi, I was going to install SOGo on OpenBSD 5.7 using the native httpd(8). In the readme, there are configuration examples for nginx and apache-httpd-openbsd. Nothing for the new httpd. There are rewrite/redirect features that I can’t figure out how to setup with httpd(8). nginx example:

index.php not loading on obsd 5.6

Hi, I just installed 5.6 amd64 on a virtual machine. I installed php-fpm-5.5.14 and launched the daemon. I configured httpd as such : # egrep -v '^$|^#' /etc/httpd.conf ext_addr=egress server default { listen on $ext_addr port 80

Native ldapd and ldappasswd

Hi, I am configuring native ldapd (OBSD 5.4) for users authentication. But it seems I can't use ldappasswd to modify a userPassword. Here's how the object is configured: # ldapsearch -H ldap://localhost -D cn=admin,dc=local -w vierge -b dc=local cn=email (...) # email, users, local dn:

Generate hashed rootpw for native ldapd

Hi, I want to generate a hashed rootpw for native ldapd (on OBSD 5.4). I've tried various things like `echo secret | sha256` but I can't authenticate. If possible, I'd like not to install openldap-server just to get slappasswd. What is the (native) way to generate the SSHA hashed format for

Re: Generate hashed rootpw for native ldapd

-base64 | awk '{print {SHA}$0}' {SHA}ZLvhLmLU88dUQwzfUgsq6IV8ZRE= # slappasswd -h {SHA} -s passphrase {SHA}YhAnRDQFLyD8uD4dD0kiBPyxGIQ= Using the string generated with slappasswd works. Other two don't :( Le 21 févr. 2014 à 13:18, Marcus MERIGHI mcmer-open...@tor.at a écrit : j...@carnat.net (Joel

Re: Generate hashed rootpw for native ldapd

21, 2014 at 6:31 AM, Joel Carnat j...@carnat.net wrote: Hum, I tried it but it doesn't work. I have a slappasswd else where to test. And here's what I get : # print passphrase | openssl dgst -sha1 -binary | openssl enc -base64 | awk '{print {SHA}$0}' {SHA}ZLvhLmLU88dUQwzfUgsq6IV8ZRE= # echo

snmpd, oid and scripts

Hi, I wanted to get rid of net-snmp and use the shipped snmpd(8). I have OpenBSD boxes running various services (DNS, Web, Mail...) and have scripts providing service stats using the extend/exec net-snmp feature. I read about the oid feature of snmpd(8) but it seems it can only publish fixed

Re: ldapd and The Diffie Hellman prime sent by the server is not acceptable

: ... = Hope that sheds some light on this problem.. P.S. I CC'ed ldapd developers in order to have some hope this might be fixed one day.. --- thanks, VA On 2011-01-21 19:21, Joel Carnat wrote: Hello, On a Ubuntu Linux 8.04 machine, I can't query my OpenBSD 4.9

Re: ldapd and The Diffie Hellman prime sent by the server is not acceptable

Built on source tree from 5.2: it works! Gotta switch back to SSL :)) Thank you. Jo Le 28 janv. 2013 à 12:31, Gilles Chehade gil...@poolp.org a écrit : On Mon, Jan 28, 2013 at 12:28:58PM +0100, Joel Carnat wrote: Hi, I wasn't aware of any diffs. With time, the OpenBSD (ldapd

Replication option for ldapd(8)

Hello, I want to achieve a Master / Slave replication with OpenBSD's shipped ldapd(8). Are there any native features to synchronize both instances (like openldap's syncrepl) or do I have to script a bunch of (ldapsearch/ldapadd)|scp ? TIA, Jo

Re: The ultimate OpenBSD email server

Le 19 août 2012 à 14:15, Stuart Henderson a écrit : On 2012-08-16, Joel Carnat j...@carnat.net wrote: - roundcube and suhosin don't play well together ; there is no general problem with roundcube and suhosin playing together, you just have to follow the documentation about disabling session

Re: The ultimate OpenBSD email server

Le 15 août 2012 à 16:16, L. V. Lammert a écrit : On Wed, 15 Aug 2012, Mikkel Bang wrote: But with so many people recommending so many different tools, it gets hard to come to a conclusion. Looks like I'm finally arriving at this though: postfix (postfix-anti-UCE.txt) + dspam - what do you

  1   2   >