Re: bgpd, announce to ibgp from 2 routers, prefixes only show up from 1

2021-11-29 Thread Sebastian Benoit
Stuart Henderson(s...@spacehopper.org) on 2021.11.13 00:11:08 +: > I have a pair of -current routers running bgpd (let's call them rtr-a > and rtr-b) on a subnet which also has some vpn gateways and firewalls. > > These routers provide a carp address which the vpn gateways are using > as

Re: dhcpleased: interface "stalls" during Renewing

2021-11-14 Thread Sebastian Benoit
Peter Gorsuch(gorsu...@cfw.com) on 2021.11.13 08:25:00 -0500: > Hi All, > > As [Renewing] begins and during the renewing cycle (as I view > configuration with dhcpleasectl -l fxp0) about halfway through the > ISP'one hour dhcp lease, the external interface seems to become "stalled". > >

Re: dhcpleased(8) not renewing leases

2021-11-05 Thread Sebastian Benoit
Eike Lantzsch ZP6CGE(zp6...@gmx.net) on 2021.11.04 18:07:57 -0300: > On Mittwoch, 3. November 2021 14:41:08 -03 Zack Newman wrote: > > dhcpleased(8) is unable to renew DHCP leases from my ISP, > > Xfinity/Comcast. This in turn is causing leases to expire leading to > > IPv4 drops that last between

Re: pf and tap interfaces

2021-10-31 Thread Sebastian Benoit
tech-lists(tech-li...@zyxst.net) on 2021.10.31 15:10:57 +: > Hello misc@ > > Generically, can OpenBSD [7.0] apply rules to *just* the ethernet > interface, ignoring the bridge and tap interfaces? Can it do this > natively or is a VLAN required as well? Or something else? > > I'm asking this

Re: Dhcp client configuration in 7.0

2021-10-30 Thread Sebastian Benoit
t into the email. send that email as a reply to this thread. Thanks, Benno > > On 30 Oct 2021, at 21:00, Sebastian Benoit wrote: > > > > ???Z?? Loff(zel...@zeloff.org) on 2021.10.29 18:30:29 +0100: > >>> On Fri, Oct 29, 2021 at 03:37:56PM +0300, Samarul Meu wrote: >

Re: Dhcp client configuration in 7.0

2021-10-30 Thread Sebastian Benoit
Z?? Loff(zel...@zeloff.org) on 2021.10.29 18:30:29 +0100: > On Fri, Oct 29, 2021 at 03:37:56PM +0300, Samarul Meu wrote: > > Hello to you all! > > > > Prior to 7.0 I was using this line in /etc/dhclient.conf > > supersede domain-name-servers 127.0.0.1; > > so that I do not get the DNS from the

Re: httpd(8) - Internal Server error (500) on invalid request

2021-10-23 Thread Sebastian Benoit
Matthias Pressfreund(m...@fn.de) on 2021.10.23 17:16:18 +0200: > On 2021-10-21 16:38, Sebastian Benoit wrote: > > > > This diff makes httpd return "505 HTTP Version Not Supported" > > for < 0.9 and > 1.9 http versions. Anything from 1.1 to 1.9 is > >

Re: httpd(8) - Internal Server error (500) on invalid request

2021-10-21 Thread Sebastian Benoit
Claudio Jeker(cje...@diehard.n-r-g.com) on 2021.10.21 17:19:02 +0200: > > + version = http_version_num(desc->http_version); > > I woud prefer if this code would store the version not in > desc->http_version until after the strdup(). The way these strdup work is > just wonky.

Re: httpd(8) - Internal Server error (500) on invalid request

2021-10-21 Thread Sebastian Benoit
J. K.(openbsd.l...@krottmayer.com) on 2021.10.21 14:10:16 +0200: > Another question, to httpd(8). Tried the following query. > Used an invalid HTTP Version number (typo). > > $ telnet 10.42.42.183 80 > [Shortened] > GET / HTTP/1.2 > [content] > > httpd provide here the site. Without checking the

Re: httpd(8) - Internal Server error (500) on invalid request

2021-10-21 Thread Sebastian Benoit
J. K.(openbsd.l...@krottmayer.com) on 2021.10.21 11:55:47 +0200: > Hi, > > I don't know if this is a real issue from OpenBSD's httpd(8). > Tried some requests to httpd(8) for the purpose of education. > > Simple tried the following request: > > $ telnet 10.42.42.183 80 > Trying 10.42.42.183...

Re: Base httpd authentication against RADIUS server?

2021-10-21 Thread Sebastian Benoit
Federico Giannici(giann...@neomedia.it) on 2021.10.20 08:09:54 +0200: > From the man page It seems that httpd in base can authenticate only > against a standard passwd file. Is there no way (apart from modifying > source and recompiling) to authenticate with something else, like a > RADIUS

OpenBSD Errata: September 30, 2021 (libressl)

2021-09-30 Thread Sebastian Benoit
An errata patch for LibreSSL has been released for OpenBSD 6.8 and OpenBSD 6.9. Compensate for the expiry of the DST Root X3 certificate. The use of an unnecessary expired certificate in certificate chains can cause validation errors. Binary updates for the amd64, i386 and arm64 platform are

Re: Server certs expired higher up the chain, imaps and https

2021-09-30 Thread Sebastian Benoit
Chris Bennett(cpb_m...@bennettconstruction.us) on 2021.09.30 10:02:17 -0700: > Hi, > > I'm getting that the certs are expired, but https works fine in Firefox, > including when looking at the full chain. > > > openssl s_client -servername mail.strengthcouragewisdom.rocks -connect >

Re: relayd, rsae_send_imsg: privenc poll timeout

2021-09-30 Thread Sebastian Benoit
Allan Streib(astr...@fastmail.fm) on 2021.09.28 17:40:58 -0400: > On Thu, Sep 16, 2021, at 6:43 PM, Allan Streib wrote: > > On Tue, Sep 14, 2021, at 5:09 PM, Allan Streib wrote: > > > Seen a few of these in my logs (OpenBSD 6.9 release amd64) > > > > > > Sep 14 02:12:05 relayd[78491]:

Re: Experience using httpd in production on busy machines?

2021-08-27 Thread Sebastian Benoit
Crystal Kolipe(kolip...@exoticsilicon.com) on 2021.08.27 01:40:15 -0300: > On Thu, Aug 26, 2021 at 11:46:15AM +0200, Stefan Sperling wrote: > > On Thu, Aug 26, 2021 at 06:20:08AM -0300, Crystal Kolipe wrote: > > > On Thu, Aug 26, 2021 at 02:47:40AM +, iio7 wrote: > > > > Any caveats to look

Re: Remove outdated /etc/examples/unwind.conf?

2021-07-24 Thread Sebastian Benoit
David Higgs(hig...@gmail.com) on 2021.07.24 14:05:04 -0400: > I wonder if there would be any benefit to a sysclean-like tool as part of a > standard upgrade/sysmerge that automatically deletes everything older than > the (supported) current and prior release? It would remove the need to > curate

Re: Performance tuning PF.

2021-07-22 Thread Sebastian Benoit
Christopher Sean Hilton(ch...@vindaloo.com) on 2021.07.21 14:20:58 -0400: > I have a packet filtering bridge running on PF and OpenBSD 6.8. My > hardware is a SuperMicro Atom D525 service with dual Intel Gigabit > Nics. I've added a second dual Intel card in a PCIe slot. I have used this

Re: DHCP non-issues

2021-07-20 Thread Sebastian Benoit
Paul de Weerd(we...@weirdnet.nl) on 2021.07.19 20:04:35 +0200: > On Mon, Jul 19, 2021 at 01:59:18PM +0200, Paul de Weerd wrote: > | So far, I've found NFS and syslogd to need configuration changes or > | /etc/hosts entries to ensure they start properly. > > As I was asked about this off-list, I

Re: carp backup and disconnecting ssh session

2021-05-24 Thread Sebastian Benoit
MJ J(mikedotjack...@gmail.com) on 2021.05.23 17:58:47 +0300: > Hi, > > I have a carp master and backup on a pair of one-armed Rapsberry Pi 4B > devices (router1 and router2) and when I ssh to the backup using the > carp IP as my gateway, it repeatedly throws me out after a few seconds > with the

Re: sndiod on by default (does it need to be ? )

2021-02-21 Thread Sebastian Benoit
Tom Smyth(tom.sm...@wirelessconnect.eu) on 2021.02.21 04:08:48 +: > Hello, > > I was wondering should sndiod (default) startup be determined based on > whether or not > it the install is a typical headless install (off) or an install for > a user machine with running X > > is there a

Re: phonetics on OpenBSD: IPA transcription

2021-01-08 Thread Sebastian Benoit
Mihai Popescu(mih...@gmail.com) on 2021.01.08 23:00:44 +0200: > > I mostly use macOS for that now [...] > > I think it's better to stay on that system only, and avoid spamming misc > with your cross-breeding experiments. Seriously now. He asked a perfectly valid question. If you don't know the

Re: Redistribution between ospfd and ripd

2020-11-27 Thread Sebastian Benoit
Hi, Jason Tubnor(ja...@tubnor.net) on 2020.11.25 15:52:19 +1100: > Hi, > > We are planning for migration from ripd to ospf, however both protocols > will need to work together as the migration rolls through. > > I was looking at the 'redistribute rtlabel' option, even after digging into > the

Re: Relayd Help Needed

2020-11-07 Thread Sebastian Benoit
Lari Huttunen(open...@huttu.net) on 2020.11.07 15:01:04 +: > On Sat, Nov 07, 2020 at 08:29:12AM +, Lari Huttunen wrote: > > Cheers! > > > In practice, what I'm struggling with is the: > > > > * ability to control the requests or responses by HTTP method, i.e. > >only allowing GET

Re: possible relayd.conf(5) documentation mistake regarding session tickets

2020-10-22 Thread Sebastian Benoit
Sebastian Benoit(benoit-li...@fb12.de) on 2020.10.21 21:26:00 +0200: > Ashlen(euryd...@riseup.net) on 2020.10.20 16:02:49 -0600: > > In relayd.conf(5), the tls section under PROTOCOLS states the following: > > > > no session tickets > > Disable TLS session t

Re: possible relayd.conf(5) documentation mistake regarding session tickets

2020-10-21 Thread Sebastian Benoit
Ashlen(euryd...@riseup.net) on 2020.10.20 16:02:49 -0600: > In relayd.conf(5), the tls section under PROTOCOLS states the following: > > no session tickets > Disable TLS session tickets. relayd(8) supports stateless TLS > session tickets (RFC 5077) to implement TLS session resumption.

Re: OpenBSD 6.8 Relase Time

2020-10-18 Thread Sebastian Benoit
Valdrin Muja(valdrinm...@protonmail.com) on 2020.10.16 13:52:14 +: > Hi Misc, > > I'm looking forward to OpenBSD 6.8 release. > > On OpenBSD 6.8 page, `Released Oct XXX` is writing.. > > https://www.openbsd.org/68.html > > When will it be released? today.

Re: bgpd path selection seems broken at now

2020-10-15 Thread Sebastian Benoit
Hi, I think it would help if you could send your configuration file, or at least the bgpctl commands that show the problem. Also please send a dmesg so we know what version you are running. Thanks, Benno Bars Bars(tutbara...@gmail.com) on 2020.10.12 15:10:11 +0300: > To be more clear i mean

Re: rtables and kernel routes

2020-08-21 Thread Sebastian Benoit
Claudio Jeker(cje...@diehard.n-r-g.com) on 2020.08.21 09:04:09 +0200: > On Fri, Aug 21, 2020 at 08:45:36AM +0200, open...@kene.nu wrote: > > Hello, > > > > I am seeing rather strange, or maybe expected, behaviour. I utilise > > rtables to send internal traffic towards the internet via a default >

Re: Adding more syspatch platform.

2020-08-13 Thread Sebastian Benoit
Jordan Geoghegan(jor...@geoghegan.ca) on 2020.08.12 10:32:21 -0700: > > > On 2020-08-12 02:08, Stuart Henderson wrote: > >The only proxy we have for "what is really used" is dmesg submissions. > >Since 6.7 release: > > > >amd6462 > >i386 5 > >arm643 > >macppc 2 > >octeon

Re: dhclient on carp

2020-07-22 Thread Sebastian Benoit
Guy Godfroy(guy.godf...@gugod.fr) on 2020.07.22 14:59:53 +0200: > Hello, > > So I read in 6.7 release note that it's finally possible to use dhclient > on CARP interface. That's great news. > > However, I'm not sure how to use it on a hostname.if file. I tried to > replace inet instruction

Re: Issue with relayd and redirections

2020-07-10 Thread Sebastian Benoit
Gabri Tofano(ga...@tofanos.com) on 2020.07.07 15:38:17 -0400: > When using redirections, no listening ports are open (I guess due to > relayd using pf nat rules) correct > and I'm unable to reach both backend servers. show the output of "relayctl sh sum".

Re: relayd multiple listen on same redirect

2020-07-03 Thread Sebastian Benoit
Kapetanakis Giannis(bil...@edu.physics.uoc.gr) on 2020.07.03 10:31:18 +0300: > Hi, > > My setup in relayd is like this: > > redirect radius { >listen on $radius_addr udp port radius interface $ext_if >pftag RELAYD_radius >sticky-address >forward to mode least-states check icmp

Re: pfsync and rule specific state timeouts

2020-06-13 Thread Sebastian Benoit
Paul B. Henson(hen...@acm.org) on 2020.06.07 15:23:16 -0700: > On 6/5/2020 11:15 PM, obs...@loopw.com wrote: > > >1) ???egress??? can be used to reference the external nic in a rule, > >instead of having a specific IP. Egress is defined as the nic with > >the default route. pass in quick log on

Re: Could somebody please put unveil() in ftp(1)?

2020-05-29 Thread Sebastian Benoit
Luke Small(lukensm...@gmail.com) on 2020.05.29 08:30:05 -0500: > You mention a lot of files that need to be read, but a program like pkg_add > can make it the _pkgfetch (57) user which has no directory and I???m guessing > not in interactive mode. At the very least, in noninteractive mode you >

Re: DNS and rdomains

2020-05-28 Thread Sebastian Benoit
Hi, James(ja...@jmp-e.com) on 2020.05.28 11:12:29 +0100: > Thanks. Your solution works but is not ideal for my situation. The > reason it's not ideal is that one of the rdomains gets its nameserver > from DHCP and I don't think unbound can read this information. > > For example, In the case of a

Re: FAQ/Multimedia: Burning CDs and DVDs

2020-05-25 Thread Sebastian Benoit
Stefan Wollny(stefan.wol...@web.de) on 2020.05.24 22:59:57 +0200: > Hi there! > > > I just noticed that the sections on burning CDs and DVDs are no longer > present in OpenBSD's FAQ related to multimedia. > > Is this intentional? probably yes > I didn't see anything on this on tech@ or

Re: Why isn't src included with OpenBSD? (documentation)

2020-05-20 Thread Sebastian Benoit
Andras Farkas(deepbluemist...@gmail.com) on 2020.05.18 13:07:36 -0400: > Not sure whether to post this on misc@ or tech@, so trying misc@ first: > > Why isn't src included on OpenBSD, perhaps as an install fileset? > Lots of documentation is unavailable outside of the /usr/src tree. [...] > This

Re: pf table for all publicly routable ipv4 addresses

2020-05-04 Thread Sebastian Benoit
Marko Cupa??(marko.cu...@mimar.rs) on 2020.05.04 22:42:50 +0200: > I thought I could do such table like this: > > table {0.0.0.0/0 \ > !0.0.0.0/8 \ > ... >!224.0.0.0/3 } > > ...but

Re: VLAN syntax in hostname.vlanxxx

2020-04-29 Thread Sebastian Benoit
Lars Bonnesen(lars.bonne...@gmail.com) on 2020.04.29 21:58:27 +0200: > In earlier obsd versions I have been having success with this in > hostname.vlan703 > inet 172.18.11.9 255.255.255.252 NONE vlandev em5 description VLAN703 > > On an obsd 6.6, I use the vmx device, but the syntax: > inet

Re: Ospfd default route query

2020-04-27 Thread Sebastian Benoit
Richard Chivers(r.chiv...@zengenti.com) on 2020.04.27 19:26:08 +0100: > Hi, > > That makes a lot of sense thanks, and appears to have solved the problem, > we had a route added through our loopback interface in production" > "!/sbin/route add -reject default 127.0.0.1" > > Is that the

Re: Full disk encryption including /boot, excluding bootloader?

2020-02-14 Thread Sebastian Benoit
no@s...@mgedv.net(nos...@mgedv.net) on 2020.02.13 13:31:43 +0100: > > > On Linux you can do the following: > > > { [1MB unencrypted GRUB bootloader partition] [Rest of hard drive > entirely encrypted] } > ... which i would consider to be as insecure, as unencrypted root at all. ... which totaly

Re: using first alias as masquerading ip on pf.conf

2020-02-12 Thread Sebastian Benoit
Paul de Weerd(we...@weirdnet.nl) on 2020.02.12 12:46:02 +0100: > On Wed, Feb 12, 2020 at 12:09:12PM +0100, Federico Donati wrote: > | Hi all, > | > | I have a couple of firewalls with carp configured and I need them to > | reach the Internet even when they are in BACKUP state. > | I'm managing pf

Re: openbsd.org - certain https URLs downgraded to http in redirection

2020-02-12 Thread Sebastian Benoit
Aham Brahmasmi(aham.brahma...@gmx.com) on 2020.02.12 10:34:55 +0100: > Namaste misc, > > Overview: > Certain https URLs on openbsd.org get downgraded to http in redirection. > > Steps: > When navigating to https://www.openbsd.org/cgi-bin/man.cgi [1] from a > browser, one ends up on

Re: match two conditions in relayd(8)

2020-01-27 Thread Sebastian Benoit
Joel Carnat(j...@carnat.net) on 2020.01.27 18:21:43 +0100: > Hi, > > I'm setting up an HTTP(S) Reverse Proxy with relayd(8). > > I have one listener with multiple FQDN allowed. > But I also have a common path that must be treated separately. > > As for now, I have: > http protocol "https" { >

Re: pflog flooded with igmp queries

2020-01-01 Thread Sebastian Benoit
Sonic(sonicsm...@gmail.com) on 2020.01.01 12:33:30 -0500: > The pflogs on my firewall and on a new system I'm installing (-current > with pretty much a default pf.conf) are flooded with igmp query > entries. Neither system has a log rule for such action. > > Ex: >

Re: thank you for 6.6 and bsd.rd

2019-12-23 Thread Sebastian Benoit
Roderick(hru...@gmail.com) on 2019.12.21 19:50:03 +: > > On Thu, 19 Dec 2019, Theo de Raadt wrote: > > > for 6.5 onwards, all you had to was type > > > > sysmerge > > sysupgrade > > I read somewhere that something like this was coming for 6.6, but > I remember that I followed the

Re: acme-client issue with domain w/ alternative name [Solved]

2019-10-25 Thread Sebastian Benoit
Daniel Winters(daniel.wint...@tydirium.org) on 2019.10.24 10:53:22 +0100: > For the archives: > > With the help of Florian and Ian we managed to find the error in the > setup: One of the alternative names in acme-client.conf had no A record > in DNS anymore (it was removed a few days prior). > >

Re: WLAN disconnects after a while

2019-09-23 Thread Sebastian Benoit
Roderick(hru...@gmail.com) on 2019.09.23 19:45:06 +: > > I still have this problem: > > https://marc.info/?t=15148946743=1=2 > > Now tested with other AP (FritzBox). > > I am the only one? As stsp@ said, its hard to debug like this. Today a fix was okayed for a problem that sounds

Re: relayd: "listen on egress" only listens to IPv4 and not IPv6

2019-09-17 Thread Sebastian Benoit
Hi, did you manage to test the diff? /Benno Sebastian Benoit(benoit-li...@fb12.de) on 2019.09.01 17:05:34 +0200: > Sebastian Benoit(benoit-li...@fb12.de) on 2019.09.01 16:44:37 +0200: > > Muhammad Kaisar Arkhan(h...@yukiisbo.red) on 2019.08.29 14:55:03 +0200: > > > Hi Tom, >

Re: Iked and PKCS7

2019-09-10 Thread Sebastian Benoit
Tristan Pilat(cont...@tristanpilat.com) on 2019.09.09 10:02:32 +0200: > Hello all, > > It's the first time I'm trying to set up a site-to-site IKEv2 VPN with a > non OpenBSD device at the other side. I've been asked to provide a CSR, > then they sent me a PKCS7 certificate in return. > > Is

Re: KARL sometimes renderring computer unbootable

2019-09-07 Thread Sebastian Benoit
cho...@jtan.com(cho...@jtan.com) on 2019.09.07 06:49:34 +0100: > Occasionally after a power loss some computers, especially virtual > machines for obvious reasons, are no longer able to boot. The bootloader > reads the kernel, one of the two spins for a bit and then the computer > returns to the

Re: handling snapshot installation in production environment

2019-09-02 Thread Sebastian Benoit
Stuart Henderson(s...@spacehopper.org) on 2019.09.02 17:58:55 -: > On 2019-09-02, Marcus MERIGHI wrote: > > Hello Joerg, > > > > just passing on my user experience...: > > > > streckf...@dfn-cert.de (Joerg Streckfuss), 2019.09.02 (Mon) 10:15 (CEST): > >> Furthermore I'm not sure which

Re: relayd: "listen on egress" only listens to IPv4 and not IPv6

2019-09-01 Thread Sebastian Benoit
Sebastian Benoit(benoit-li...@fb12.de) on 2019.09.01 16:44:37 +0200: > Muhammad Kaisar Arkhan(h...@yukiisbo.red) on 2019.08.29 14:55:03 +0200: > > Hi Tom, > > > > > listen on 2a03:6000:9106::50f7:f07a:d1cc port 443 tls > > > > I've tried this before, it

Re: relayd: "listen on egress" only listens to IPv4 and not IPv6

2019-09-01 Thread Sebastian Benoit
Muhammad Kaisar Arkhan(h...@yukiisbo.red) on 2019.08.29 14:55:03 +0200: > Hi Tom, > > > listen on 2a03:6000:9106::50f7:f07a:d1cc port 443 tls > > I've tried this before, it just results in this: > > /etc/relayd.conf:33: cannot load certificates for relay https2:443 Your error says "for relay

Re: Re :dhcrelay

2019-08-28 Thread Sebastian Benoit
on the lan ? > > No, you would need to run > > > > dhcrelay -i iwn0 > > > > to do that. > > > > Subject: > > Re: dhcrelay > > From: > > Sebastian Benoit > > Date: > > 8/23/19, 10:12 PM > > > thank Sebastian > i have two

Re: unexpected behavior with static route inserted

2019-08-23 Thread Sebastian Benoit
Benjamin Girard(benjamin.gir...@kambi.com) on 2019.08.22 12:35:08 +: > Hi, > > > I have the following machine with two interfaces like this: > > root@fw:~ # cat /etc/hostname.vlan10 > vlan 10 vlandev vio0 shoudl be 'vnetid 10 parent vio0' > inet 10.0.0.1 255.255.255.0 NONE > up > >

Re: dhcrelay

2019-08-23 Thread Sebastian Benoit
shadrock uhuru(niyal...@gmail.com) on 2019.08.23 18:46:32 +0100: > hi eveyone > if i have a dhcp server in subnet A connected to interface em0 (lan) and > subnet B connected to interface iwn0 (wireless zone) on the router > with dhcrelay -i em0 running on the router should the wireless subnet be >

Re: openrsync out of memory

2019-08-19 Thread Sebastian Benoit
Olivier Antoine(olivier.anto...@gmail.com) on 2019.08.19 11:34:06 +0200: > Hi, > On i386: before patch: > $ dd if=/dev/urandom of=in bs=1M count=2k > $ openrsync --rsync-path=/usr/bin/openrsync -av in localhost:out > Transfer starting: 1 files > sender.c:551: error: in: mmap: Cannot allocate

Re: openrsync out of memory

2019-08-17 Thread Sebastian Benoit
Joe Davis(m...@jo.ie) on 2019.08.16 12:26:36 +0100: > By the looks of it, openrsync does attempt to map the entire file, from > usr.bin/rsync/uploader.c: > > mapsz = st.st_size; > map = mmap(NULL, mapsz, PROT_READ, MAP_SHARED, *fileinfd, 0); > > The likely reason for your out of memory

Re: How do I publish default router preferences using rad?

2019-08-06 Thread Sebastian Benoit
Caleb(enlightened.des...@gmail.com) on 2019.08.06 08:05:48 -0700: > How do I publish default router preferences as defined in RFC 4191 > (https://tools.ietf.org/html/rfc4191) using rad in OpenBSD 6.5? > I've read the friendly rad.conf man page > (https://man.openbsd.org/rad.conf.5) and scanned the

Re: Sysmerge

2019-07-09 Thread Sebastian Benoit
Jay Hart(jh...@kevla.org) on 2019.07.06 08:57:49 -0400: > > On Sat, Jul 06, 2019 at 11:56:32AM BST, Jay Hart wrote: > >> Good Morning, > >> > >> What is the simple way to have sysmerge "keep" all custom changes to the > >> config files, during a > >> system update from one stable release to the

Re: Route through different gateways depending on process

2019-06-27 Thread Sebastian Benoit
slackwaree(slackwa...@protonmail.com) on 2019.06.26 13:11:19 +: > Hello, > > Well this is not so simple as it looks but I have made success with > traceroute. > > route -T1 exec '/usr/sbin/traceroute' -n > route -T2 exec '/usr/sbin/traceroute' -n > route -T3 exec '/usr/sbin/traceroute' -n >

Re: relayd shows ssh sessions as idle

2019-06-17 Thread Sebastian Benoit
Joel Carnat(j...@carnat.net) on 2019.06.12 16:10:25 +0200: > Hi, > > I have configured relayd(8) on my vmd(8) host so that I can connect to > the running VMs using SSH. > > Using relayctl(8), I can see that those sessions have the same value for > age and idle ; even when something happens in

Re: Criteria for errata

2019-05-10 Thread Sebastian Benoit
Jeremy O'Brien(neut...@fastmail.com) on 2019.05.10 10:30:42 -0400: > On Fri, May 10, 2019, at 09:58, Jonathan Gray wrote: > > On Fri, May 10, 2019 at 09:14:00AM -0400, Ted Unangst wrote: > > > Jeremy O'Brien wrote: > > > > I've snagged the 6.5 xenocara.tar.gz, patched it with just that above > >

Re: post-6.5-upgrade bgpd(8) problem

2019-05-09 Thread Sebastian Benoit
Hi, Adam Thompson(athom...@athompso.net) on 2019.05.09 10:58:54 -0500: > I've upgraded my looking glass from 6.4 to 6.5, and an experiencing an > unexpected problem - routes learned from one (iBGP) peer are not being > automatically exported to other (eBGP) peers. > > I did not change

Re: May 7 snap broken, ld.so: ld: can't load library 'libc++.so.2.2'

2019-05-08 Thread Sebastian Benoit
Greg Steuck(g...@nest.cx) on 2019.05.07 19:23:03 -0700: > This is presumably already fixed by "Sync after libc++ bump", but in case > somebody else hits it... > > The amd64 snapshot with this signature: >

Re: Upgrading a CARP firewall cluster

2019-04-30 Thread Sebastian Benoit
mabi(m...@protonmail.ch) on 2019.04.30 08:21:43 +: > Hello, > > I have an OpenBSD 6.3 firewall cluster made out of two nodes (one master, one > backup) using CARP and pfsync. This cluster also makes use of trunk and vlan > interfaces. > > Now I would first like to upgrade the cluster to

Re: bgpd between two 6.4 boxes. IPv6 flapping, IPv4 rock solid

2019-04-03 Thread Sebastian Benoit
Stuart Henderson(s...@spacehopper.org) on 2019.04.03 16:22:26 -: > On 2019-04-02, Rachel Roch wrote: > > > > > > > > Mar 30, 2019, 11:10 AM by s...@spacehopper.org: > > > >> On 2019-03-29, Rachel Roch <> rr...@tutanota.de > >> > > wrote: > >> > >>> Hi, > >>> > >>>

Re: openbgpd; strip private ASNs from bgp updates

2019-03-29 Thread Sebastian Benoit
open...@kene.nu(open...@kene.nu) on 2019.03.29 08:36:26 +0100: > I forgot to add to my previous email. One thing that could be useful > in this case is to mimic the Cisco option "neighbor x.x.x.x > remove-private-as" which removes any private ASes from the path on any > updates to a peer. Just

Re: flowd or similiar in base

2019-03-28 Thread Sebastian Benoit
Hi, Heinz Kampmann(h.kampm...@web.de) on 2019.03.27 10:19:26 +0100: > > Hello misc, > > is there a chance that flowd or similar program > will be included in base in the foreseeable future? No. A note on mailing list questions like this: I usually would not comment a question like this - i

Re: openbgpd; strip private ASNs from bgp updates

2019-03-27 Thread Sebastian Benoit
open...@kene.nu(open...@kene.nu) on 2019.03.27 12:25:33 +0100: > Hello, > > That would unforunately affect all the prefixes announced to the edge > router from the internal router. I need it to be only prefixes > announced to my peering partners. > > /Oscar > > On Tue, Mar 26, 2019 at 3:50 PM

Re: httpd acme-client renew multiple domains

2019-03-23 Thread Sebastian Benoit
Geir Svalland(thorshamm...@outlook.com) on 2019.03.23 15:39:13 +: > Hello > mtp$ uname -a > OpenBSD smtp.thorshammare.org 6.4 GENERIC.MP#8 amd64 > > I'm hosting and serving multiple domains, 5 of them, using httpd. > The domains are declared in /etc/acme-client.conf, and in my initial > setup

Re: man httpd.conf option does not mention option blocks

2019-03-12 Thread Sebastian Benoit
Alfred Morgan(alf...@54.org) on 2019.03.12 01:24:40 -0500: > httpd uses the configuration processor that relayd uses so I was curious to > see how this block of sub options were explained in relayd.conf(5) and Good idea. But dont draw general conclusions from this please. The parsers are similar

Re: pppoe(4) and vlan(4)

2019-02-26 Thread Sebastian Benoit
Thomas Huber(miracu...@gmail.com) on 2019.02.26 14:22:33 +0100: > with chap the tcpdump looks like this: > > #tcpdump -nevvs1500 -i vlan0 > tcpdump: listening on vlan0, link-type EN10MB > 13:54:44.118903 00:0d:b9:43:43:b4 88:a2:5e:1e:52:88 8864 36: PPPoE-Session > code Session, version 1,

Re: emmc support on Ubiquiti Networks UniFi Security Gateway PRO-4

2019-02-25 Thread Sebastian Benoit
Diana Eichert(deich...@wrench.com) on 2019.02.24 13:42:34 -0700: > thanks everyone for their feedback. > > I ended up backing up internal emmc drive and disklabel > dd if=/dev/rsd1c of=emmc_4G_backup/factory_linux.img bs=8225280 count=481 > > next step is install on internal drive. > > New

Re: Getting traffic from rdomain X to talk to a daemon in default rdomain 0

2019-02-02 Thread Sebastian Benoit
AM GMT+10:00, Jiri B wrote: > >Thank you, that works fine. > > > > > >Jiri > > > > > >On Thu, Jan 31, 2019 at 11:26 PM Sebastian Benoit > > wrote: > >> > >> Jiri B(jiri...@gmail.com) on 2019.01.31 22:23:34 +0100: > >>

Re: is pfsync loosing data on reboot?

2019-02-01 Thread Sebastian Benoit
Janne Johansson(icepic...@gmail.com) on 2019.02.01 12:49:53 +0100: > Den fre 1 feb. 2019 kl 07:17 skrev Harald Dunkel : > > > Hi folks, > > I have a question about pfsync protocol in a master-backup firewall > > configuration (OpenBSD 6.3 and 6.4): > > If I reboot (let's say) the backup host,

Re: Getting traffic from rdomain X to talk to a daemon in default rdomain 0

2019-01-31 Thread Sebastian Benoit
Jiri B(jiri...@gmail.com) on 2019.01.31 22:23:34 +0100: > Hello, > > I'm trying to isolate an app running on OpenBSD on network level and thus I > have started > the app in a specific rdomain. > > I can successfully make traffic from the rdomain to reach Internet: > > pass out quick on rdomain

Re: Questions about Carp / PF / PFSync

2019-01-31 Thread Sebastian Benoit
Charles Amstutz(charl...@binary.net) on 2019.01.30 23:16:17 +: > Hello > > We are running into an issue with a lot of dropped packets where states are > failing to be created. We have noticed that it coincides with a fair amount > of congestion, around 10-15/s according to 'pfctl -si'. > >

Re: Cannot ping local IPv6 traffic on seperate lo1 interface

2019-01-29 Thread Sebastian Benoit
Mark(m...@zm.is) on 2019.01.28 20:24:36 +: > Hello everyone, > > I've set up another interface for local services, as I would like to > have internal firewall rules. Using lo0 is problematic as it's what > everything else uses. > > I can't, however, ping the IPv6 addresses I added: > # ping6

Re: BGP Redistribution question

2019-01-14 Thread Sebastian Benoit
and B you run OSPF. So B has to send A the information about how 192.168.2.2 is reachable through OSPF. add to ospfd.conf on B: either "redistribute connected" or area 0.0.0.0 { ... interface em0:192.168.2.1 { passive } ... } where em0 is the interface where you hav

Re: BGP Redistribution question

2019-01-14 Thread Sebastian Benoit
Hi, Simen Stavdal(sstav...@gmail.com) on 2019.01.14 21:29:43 +0100: > Hello, > > I have three routers connected in a chain. > A<->B<->C > > All routers have a host address as loopback 100 (192.168.5.x/32, A=1, B=2, > C=3). > The segments between the routers are 192.168.1.0/30 (AB) and

Re: OpenOSPFD (6.4) "depend on" feature forces "type 1"

2019-01-10 Thread Sebastian Benoit
Remi Locherer(remi.loche...@relo.ch) on 2019.01.10 21:18:58 +0100: > On Fri, Jan 11, 2019 at 12:06:09AM +0700, Igor Podlesny wrote: > > On Thu, 10 Jan 2019 at 21:11, Remi Locherer wrote: > > [...] > > > I can reproduce it. Interestingly it only sends out the wrong type when > > > the "depend on"

Re: Experiences with single mode fibre on OpenBSD ?

2019-01-02 Thread Sebastian Benoit
Rachel Roch(rr...@tutanota.de) on 2019.01.02 21:12:53 +0100: > Hi, > > I see the man pages mention the odd SM fibre NIC, which is a good start. > > However I could do with some real-world feedback from people in terms of > the SM NICs they're using and any other experiences with SM on OpenBSD.

Re: netstat *:* udp sockets

2018-12-17 Thread Sebastian Benoit
Sebastian Benoit(benoit-li...@fb12.de) on 2018.12.17 17:59:49 +0100: > Claudio Jeker(cje...@diehard.n-r-g.com) on 2018.12.17 08:25:07 +0100: > > On Sun, Dec 16, 2018 at 05:09:06PM -0500, Ted Unangst wrote: > > > Claudio Jeker wrote: > > > > On Fri, Dec 14, 2018 at

Re: netstat *:* udp sockets

2018-12-17 Thread Sebastian Benoit
Claudio Jeker(cje...@diehard.n-r-g.com) on 2018.12.17 08:25:07 +0100: > On Sun, Dec 16, 2018 at 05:09:06PM -0500, Ted Unangst wrote: > > Claudio Jeker wrote: > > > On Fri, Dec 14, 2018 at 01:26:25PM -0500, Ted Unangst wrote: > > > > Philip Guenther wrote: > > > > > And, perhaps more directly, how

Re: netstat *:* udp sockets

2018-12-14 Thread Sebastian Benoit
Ted Unangst(t...@tedunangst.com) on 2018.12.13 13:38:58 -0500: > netstat -an tells me I am listening to all the udp. > > Active Internet connections (including servers) > Proto Recv-Q Send-Q Local Address Foreign Address(state) > udp 0 0 *.*

Re: Pflow granularity

2018-12-06 Thread Sebastian Benoit
"set timeout pflowexport 60" for example > > Have anyone tried that ? > > Sebastian Benoit wrote: > however right now some people are working on something similar. > > Is the another solution? No, the other solution never happened. By all means, try the diff, maybe it still works. /Benno

Re: Redistributing between bgpd and ospfd

2018-10-28 Thread Sebastian Benoit
use that on their CE's. same there, use priority 28 /Benno > Thanks for everything that you do, and keep up the great work! > > On Mon, Oct 15, 2018 at 8:37 AM Claudio Jeker > wrote: > > > On Mon, Oct 15, 2018 at 02:48:31PM +0300, Gregory Edigarov wrote: > > >

Re: pf keep sate

2018-10-22 Thread Sebastian Benoit
Daniel Corbe(dco...@hammerfiber.com) on 2018.10.22 11:09:08 -0400: > at 10:04 AM, Fr??d??ric Goudal wrote: > > >- is there any reason to add keep state to a pass rule ? Only if you want to use one of the "Stateful Tracking Options" (see pf.conf(5)). For example, to add no-sync (dont send the

Re: relayd and radius

2018-10-21 Thread Sebastian Benoit
Shawn Southern(shawn.south...@entegrus.com) on 2018.10.19 18:01:41 +: > So apparently this works... I was expecting relayd to listen on those ports, > but I'm guessing that since it hooks through pf, that's not necessary. It only listens if you use "relay". If you use "redirect", it uses pf

Re: relayd smtp traffic

2018-10-19 Thread Sebastian Benoit
Markus Rosjat(ros...@ghweb.de) on 2018.10.19 13:20:46 +0200: > Hi all, > > once again a silly question (but maybe someone is willing to answer) > about relayd. Is it spossible to determine the domain of the recipient > and depending on this redirect the traffic to da specific server behind >

Re: Redistributing between bgpd and ospfd

2018-10-17 Thread Sebastian Benoit
open...@kene.nu(open...@kene.nu) on 2018.10.17 12:44:02 +0200: > Hello, > > On Tue, Oct 16, 2018 at 4:56 PM Sebastian Benoit wrote: > > > > Tommy Nevtelen(to...@nevtelen.com) on 2018.10.16 15:11:51 +0200: > > > On Tue, Oct 16, 2018 at 10:21:37AM +0200, Claudio Jeker

Re: Redistributing between bgpd and ospfd

2018-10-16 Thread Sebastian Benoit
Tommy Nevtelen(to...@nevtelen.com) on 2018.10.16 15:11:51 +0200: > On Tue, Oct 16, 2018 at 10:21:37AM +0200, Claudio Jeker wrote: > > On Tue, Oct 16, 2018 at 09:13:20AM +0200, open...@kene.nu wrote: > > > Hello, > > > > > > Only relying on OSPF hellos effectively makes it mimic BGP with its > > >

Re: Redistributing between bgpd and ospfd

2018-10-15 Thread Sebastian Benoit
open...@kene.nu(open...@kene.nu) on 2018.10.15 11:05:41 +0200: > Hello, > > I am trying to get bgpd and ospfd play nicely with route redistribution. > > So far the only way I have found that suits my need is to use > bgpd.conf network statements and rtlabels. > > So, to make ospfd learn route

Re: pkg_add + httpd...high latency on 6.4

2018-10-11 Thread Sebastian Benoit
Thanks for your report. I backed out the change since we are close to release. The real problem here will be revisited later. /Benno Mark Patruck(m...@wrapped.cx) on 2018.10.11 07:57:30 +0200: > - http or https doesn't matter > > - only pkg_add is affected, ftp download works > > - reverting

Re: Duplicate IP Address -> Spoof/Verizon???

2018-09-08 Thread Sebastian Benoit
Jay Hart(jh...@kevla.org) on 2018.09.08 12:06:03 -0400: > > Le sam. 8 sept. 2018 13:40, Jay Hart a crit : > >> -ifconfig -A from the router-- > >> re1: flags=8843 mtu 1500 > >> lladdr 00:22:4d:d1:48:d5 > >> inet 192.168.1.1 netmask 0xff00 broadcast

Re: Adding New Commands to BGP Looking Glass?

2018-07-24 Thread Sebastian Benoit
MonsieurFugu(aleks.mcallis...@gmail.com) on 2018.07.24 03:48:11 -0700: > > It is not clear whether you rebuilt bgplg or not. > > Also mtrace binary needs to be built statically. > > I restarted the console and used the following commands; > # /etc/rc.d/httpd start > # /etc/rc.d/bgpd start > But I

Re: mgre and bgpd

2018-07-04 Thread Sebastian Benoit
Hi, is this on -current? Please provide a dmesg. Also: are you saying that 'bgpctl sh fib' displays routes that 'netstat -rn' or 'route -n show' do not? /Benno Benjamin Girard(benjamin.gir...@kambi.com) on 2018.07.03 14:13:01 +: > Hi, > > So we are currently trying to set up one mgre

Re: rtadvd bug ?

2018-06-17 Thread Sebastian Benoit
Hi, Denis Fondras(open...@ledeuns.net) on 2018.06.17 21:45:37 +0200: > On Mon, Jun 11, 2018 at 10:13:36AM +0200, Bastien Durel wrote: > > Because it's lower than RTP_CONNECTED and I don't know what it is. The > > /* local address routes (must be the highest) */ comment makes me think > > it MAY

  1   2   >