Re: supported Audio card with SPDIF input

2018-07-24 Thread Sterling Archer
Correction, it's an E17k. The E17 should work too, though.

On Wed, Jul 25, 2018 at 3:02 AM, Sterling Archer  wrote:
>  I have an FiiO E17 that works out of the box on OpenBSD, and it has
> coaxial spdif input.
>
> On Wed, Jul 25, 2018 at 12:54 AM, Diana Eichert  wrote:
>> ok, answered my own question by grep'ng within /usr/share/man/man4,
>> looks like azalia(4) systems.  Was hoping for something usb attached
>> but no such luck.
>>
>>
>>
>> On Tue, 24 Jul 2018, Diana Eichert wrote:
>>
>>> I'm trying to connect to an audio system that only has SPDIF output.
>>> I looked at man pages but nothing obvious regarding supported audio
>>> devices with SPDIF input support.
>>>
>>> Anyone have recommendations?  Or is it supported?
>>>
>>> thanks
>>>
>>> diana
>>>
>>>
>>>
>>
>
>
>
> --
> :wq!



-- 
:wq!



Re: supported Audio card with SPDIF input

2018-07-24 Thread Sterling Archer
 I have an FiiO E17 that works out of the box on OpenBSD, and it has
coaxial spdif input.

On Wed, Jul 25, 2018 at 12:54 AM, Diana Eichert  wrote:
> ok, answered my own question by grep'ng within /usr/share/man/man4,
> looks like azalia(4) systems.  Was hoping for something usb attached
> but no such luck.
>
>
>
> On Tue, 24 Jul 2018, Diana Eichert wrote:
>
>> I'm trying to connect to an audio system that only has SPDIF output.
>> I looked at man pages but nothing obvious regarding supported audio
>> devices with SPDIF input support.
>>
>> Anyone have recommendations?  Or is it supported?
>>
>> thanks
>>
>> diana
>>
>>
>>
>



-- 
:wq!



Re: 4-ports router under $150

2018-04-12 Thread Sterling Archer
On Thu, Apr 12, 2018 at 9:41 PM, Joel Wirāmu Pauling  wrote:
> Not that I am shitting on the e350 platform but;

E350 is the Bobcat CPU, the PC Engines APU devices all have a 4 core
Jaguar CPU, which is quite a lot more powerful.

-- 
:wq!



Re: Random bans and weird behavior by blakkheim on the IRC channel, lift please? Wondering what's up with this guy, expecting sufficient manners from IRC chat ops.

2018-01-29 Thread Sterling Archer
On Mon, Jan 29, 2018 at 6:31 PM,   wrote:
> Hi misc@,
>
> The operator "blakkheim" just banned me on the project's IRC channel, out of 
> a private passion or agenda rather than for any benefit of the channel.
>
> I did something apparently-unapprioriate previously on the channel, which was 
> to send a handful mass-highlights in October last year, and then two of them 
> about three weeks ago.
>
> I contacted blakkheim separately to discuss the matter recently and he 
> dismissed to communicate. Two other ops said they would not lift blakkheim's 
> ban, and I have not gotten any response from the channel founder Han.
>
> Now that enough time passed, I made the effort to get into the channel and 
> then clarify the issue by sending a clarification that I understand that 
> blakkheim is easily irritated and that I will pay additional consideration to 
> not highlight people as to not disturb blakkheim in particular, please see 
> the clarification I sent, quoted at the bottom here in this email.
>
> blakkheim was not pleased apparently and instead banned me again, maybe 
> because of the fact that I mentioned his nickname at all. In all cases I find 
> his ban abusive.
>
> blakkheim's mandate to ban people from OpenBSD chat, is to protect the chat 
> from influences that would be malign to the flow of the conversation or to 
> the content of conversation.
>
> Since I am not in that zone, I find his behavior presently to be abusive and 
> disrespectful, and this is emphasized by the fact that I am a (non-code) 
> project contributor.
>
> While I totally see that a certain harshness of character is great for other 
> things, I do not see blakkheim to be justified in his present conduct as a 
> chat op.
>
> I have not tracked what he has done on the IRC channel previously, does he 
> have a history of throwing people around?
>
> I would like to be reassured that the ban has been lifted and that I not will 
> be at risk of being aggressed by blakkheim quieting or banning when 
> participating in a normal way on the chat, so that I would need to go through 
> hoops to enjoy normal project chat participation, which should be a normal 
> given.
>
> Any clarification of lift of the ban by PM or otherwise will be much 
> appreciated.
>
> I am not accustomed to being pushed by an IRC chat operator to be so 
> aggressive that I need to invoke a lot of people and make public 
> clarifications. This altogether leads me to ask what's wrong with blakkheim.
>
> Thanks,
> Tinker
>
>  --
>
> Message I sent on the channel:
>
> To finish a previous ban issue:
>
> Soo, I have at least transitorily changed my nickname, to circumvent the ban 
> for mass-highlighting three people in two messages, that blakkheim attributed 
> to me about three weeks ago, and then did not want to revert.
>
> I did a mass-highlight in October prior to that, and also annoyed blakkheim 
> by being chattier than he likes, during 2016.
>
> I'll likely not irritate blakkheim by being chatty in the future, and I 
> understand that he and others are severely irritated by highlighting more 
> than two people, so I will generally not do that.
>
> I would have appreciated if blakkheim did not ban me and insist with keeping 
> me banned, also with respect to the hardware and time donations I did to the 
> project in 2016-2017, not super big but still making a difference, and also 
> the contributions I am doing this year.
>
> Anyhow, so sorry for the highlights. I intend to not highlight again.
>
> Now please stop banning or quieting me, banning well-intended project 
> contributors (albeit not in code) for non-offenses is not productive.
>
> And so now I hope that problem is out of this world, thanks.
>
> .


So, you got banned from an IRC channel.

Okay. I suggest you move on.

-- 
:wq!



Re: Re-compute bsd checksum

2018-01-16 Thread Sterling Archer
On Tue, Jan 16, 2018 at 9:08 PM, Thuban  wrote:
> I disabled `ulpt` in the kernel using `config` to use an USB-printer.
>
> Now, at reboot, I see "kernel relinking failed" message.
> How to recreate the new checksum? I can't igure out where to find this
> information.
>
> Any advice?
>
> Regards.
>
> --
> thuban

sha256 /bsd > /var/db/kernel.SHA256

-- 
:wq!



Re: OpenBSD and virtual machines

2018-01-08 Thread Sterling Archer
On Mon, Jan 8, 2018 at 9:07 PM, Consus  wrote:
> On 16:37 Mon 08 Jan, Galaxy Júpiter wrote:
>> Why OpenBSD now have their own native virtualisation layer?
>> Why Theo de Raadt changed your opinion about virtual machines?
>> What is the current opinion of Theo de Raadt about virtual machines?
>
> What does Theo de Raadt eat for breakfast?
>

Trolls.

-- 
:wq!



Re: Do not give-up on marketing

2017-12-05 Thread Sterling Archer

> On 3 Dec 2017, at 08:46, Rupert Gallagher  wrote:
> 
> Finally, the truth behind the aggressive behaviour against me. Some of you 
> cannot read protonmail posts *because* you read the list through a mail 
> archive with a substandard implementation of mime encoding. Well, fuck you 
> and your mail archive. Upgrade, or die slowly.
> 
> Sent from ProtonMail Mobile
> 
>> On Sun, Dec 3, 2017 at 13:59, Stuart Henderson  wrote:
>> 
>> On 2017-12-03, Mihai Popescu wrote: >> Just filter @protonmail.com (I have 
>> it for message-id and in-reply-to), you'll have a more pleasant > 
>> misc@-reading experience. > > I use to read lists in marc.info. > It is a 
>> little bit off topic, but I dare to ask: what combination are > you using, 
>> like email client and misc@ configuration( i.e, daily > digest, individual 
>> emails, etc.)? > > I am sorry for the off topic. For most lists I just use 
>> mutt. For noisier ones like misc I use slrn (via news.gmane.org) as the 
>> filtering in usenet clients is a bit better. @gmail.com>

You've been told your email client
doesn't confirm to the netiquette of
this mailing list numerous times.
You obviously don't care, because
you keep using it, so if anyone's
being rude it's you.


Re: obligatory leaving letter

2017-11-29 Thread Sterling Archer
On Wed, Nov 29, 2017 at 12:17 AM, Jay Williams  wrote:
> As a new user to OpenBSD, who is trying to learn as much as I can, seeing a
> message like this is very disheartening. OpenBSD's security focus and passion
> for clean, minimal and secure code is something that the world definitely
> needs.
>
> Despite the worldwide trend, especially here in the USA, I hope we can find
> ways to get along and work together toward common goals, rather than be 
> divided
> against ourselves.
>
> Best of luck on your new endeavor!
>
> --
> Jay Williams
>
>> On Nov 28, 2017, at 4:43 PM, leo_...@volny.cz wrote:
>>
>> Haai,
>>
>> I think it's about time I write this.
>>
>> I am De Zeurkous. I used the nick 'schaafuit' (originally devised for a
>> prank elsewhere) in an attempt not to let past preconceptions (for those
>> who don't know, I have a somewhat bad history with the NetBSD project)
>> rule the present. The story about using my bf's e-mail address is true,
>> however; the only act of deception was the assumption of another nick.
>>
>> Despite ongoing personal problems (which are not at all relevant here),
>> I extended my UNIX experience considerably since 2007 (the year of the
>> NetBSD trouble). Things have settled considerably for me since then, so
>> I suggest that we let the past be the past and focus on what has been 
>> happening recently.
>>
>> I admit to having some troll blood in my veins. However, I have been
>> here to contribute to OpenBSD discussion and have found myself genuinely
>> distraught the many times it descended into outright flamage. If that
>> makes me too soft material for OpenBSD, as Theo at least once implied,
>> well, so be it.
>>
>> Now that is out of the way, I can get to the point.
>>
>> In all honesty, I have come to the sad conclusion that the various BSD
>> projects, with their leaders being full of entitlement, don't really
>> appreciate what UNIX is all about (nevermind that gnu weenies are even
>> worse in this regard).
>>
>> As dmr often pointed out (though perhaps not quite in the terms that I
>> will use here), UNIX is about community. I'd even argue that early UNIX
>> sites were like families, anticipating each other's needs and building
>> upon individual strenghts to achieve something that was not just
>> technically adequate, but something to be proud of. Unfortunately, I can
>> no longer verify this with dmr, but I'd imagine that UNIX did not just
>> feel familiar, but like something shared and even homely.
>>
>> Unfortunately, UNIX development seems to have become profoundly
>> seperated from UNIX use. Whether related or not, it also appears to have
>> become a bare battle of egos, something that is quite alien to me, and
>> to UNIX itself as well.
>>
>> I chose OpenBSD because of its somewhat desirable technical properties,
>> and I had hoped to be able to contribute. Alas, I am forced to concede
>> that for me this is not possible, as I appear to have quite different
>> goals (and a very different mindset) from its principal contributors,
>> despite my profound appreciation for the project's focus on security.
>>
>> Now, by this point, you might suspect that I have some alternative in
>> mind, and possibly in development; this is indeed the case. You might
>> also suspect that I'm going to plug it here; however, I won't.
>>
>> Since I have no particular desire to be a disruptive force to anyone,
>> I will leave you folks to your project.
>>
>> And me to mine =)
>>
>> Best of luck and greetings,
>>
>> Baai,
>>
>>--zeurkous.
>>
>> P.S.: attached is a main(3) header file and manual page, as a little...
>> 'going-away present'.
>>
>> --
>> Friggin' Machines!
>

I know I'm just adding to the fucking noise right now, but I for one
am just glad a trollish person's gone and there will be less noise
(hopefully) from now on. Until the next one shows up...

-- 
:wq!



Re: Image viewer alternative to eog

2017-11-25 Thread Sterling Archer
On Sat, Nov 25, 2017 at 10:11 PM, Ax0n  wrote:
> I use xloadimage from ports. Grok the man page. Several useful CLI flags.
>
> On Nov 25, 2017 3:06 PM, "x9p"  wrote:
>
>> Hi,
>>
>> Is there a good/safe and light image viewer? Was used to eog, but it has
>> too many "vfprintf %s NULL" in messages. gimp is too big and good for play
>> with images, In need of smth fast.
>>
>> cheers.
>>
>> x9p
>>
>>

You could try feh, it's in ports.

-- 
:wq!



Re: Bad network performance on apu2c4

2017-11-02 Thread Sterling Archer
On Fri, Nov 3, 2017 at 12:10 AM, Christer Solskogen
 wrote:
> On Thu, Nov 2, 2017 at 7:24 PM, Stuart Henderson 
> wrote:
>
>> Forwarding is kernel-only and should be faster than userland sending. So if
>> you're trying to determine performance when used for forwarding, you need
>> to
>> have other machine/s sending and receiving packets for the test
>
>
> The thing is the the uplink to my ISP is supposed to be 500Mbit/sec. But I
> only get around 400MB/s, which seems a bit low for a gigabit interface.
> Problem is not with the ISP, as I've tested with an old-ish laptop. (I even
> get a bit more than 500Mbit/s!)
> Perhaps current is using some extra debug-stuff that slows things down?

No, you'll get the same result with release or stable, or at least, I do,
using forwarding on an apu2c4.

You can check if you're dropping packets with sysctl net.inet.ip.ifq.drops
(and net.inet6.ip6.ifq.drops if you're using ipv6). If that returns
anything else
than 0, you can tweak net.inet.ip.ifq.maxlen and net.inet6.ip6.ifq.maxlen.
4096 seems to be a good value for me, I get around 460Mbps up and down
with that set.

-- 
:wq!



Re: Traffic filtering

2017-10-30 Thread Sterling Archer
I use these lists myself:

http://sysctl.org/cameleon/hosts
https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt
https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt
https://hosts-file.net/ad_servers.txt
https://mirror1.malwaredomains.com/files/justdomains
https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
https://zeustracker.abuse.ch/blocklist.php?download=domainblocklist
http://someonewhocares.org/hosts

I run them through a shell script that creates an unbound config file
that redirects the requests to a dedicated httpd that returns an
HTTP 204 for anything except images. Those get a 1x1 gif back.

The only issue I have is with sites that redirect links to a tracker,
but I can live with taht.


On Mon, Oct 30, 2017 at 9:50 PM,   wrote:
> Hi,
> I'm new to this area, but I would like to filter some traffic.
> The goal is to keep people secure while web browsing, not to censure.
> And also enable better privacy, mainly stop "malware" and
> tracking/ads as restrictively as possible.
>
> I have 3 questions, in case someone here has the time to answer me:
>
> 1. What layers I should be filtering? Direct IP drop using pf,
> DNS drop with NSD/Unbound server, layer 7 with relayd, etc.
>
> 2. If the right approach is blacklisting domains, then what list
> do OpenBSD users recommend to use? People seem to be using these
> two, but I would like to know the opinion from OpenBSD users:
> http://www.malware-domains.com/files/
> https://hosts-file.net/?s=Download
>
> 3. There's any well designed tool that I can automatically update
> these lists (using pledge and signify, for example), or a simple shell
> script is enough?
>
>
> Any advice is welcome.
>



-- 
:wq!



Re: Guess what today is

2017-10-18 Thread Sterling Archer
Happy birthday, thanks Theo, all the devs, past and present,
and everyone who mailed in a dmesg after upgrading (hint).

On Wed, Oct 18, 2017 at 7:21 PM, Matthew Graybosch
 wrote:
> On Wed, 18 Oct 2017 09:01:15 -0200
> "x9p"  wrote:
>
>> Happy birthday and good f*cking amazing work.
>
> Damn right. I might be a johnny-come-lately desktop OpenBSD user, but I
> won't go back to Linux except under duress.
>
> Even my wife likes it; she just doesn't know it's OpenBSD. =^.^=
>
> --
> Matthew Graybosch
> https://matthewgraybosch.com
>
> "If you didn't want me to say 'both', you should have used XOR."
>



-- 
:wq!



Re: "switching console to com0"

2017-10-17 Thread Sterling Archer
On Tue, Oct 17, 2017 at 2:02 PM, Nick Holland
 wrote:
> On 10/17/17 00:03, Justin Mayes wrote:
>> Greetings all - what does one do when during the install you set the
>> default console to com0 and now your serial cable is not working?

Buy a new serial cable?


-- 
:wq!



Re: amd64 OpenBSD 6.2 doesn't see hard disks when controller in RAID mode

2017-10-11 Thread Sterling Archer
On Wed, Oct 11, 2017 at 11:18 PM, Rostislav Krasny  wrote:
> On Wed, Oct 11, 2017 at 7:01 PM, Stuart Henderson  
> wrote:
>> On 2017-10-11, Rostislav Krasny  wrote:
>>> On Wed, Oct 11, 2017 at 6:28 AM, Eric Furman  
>>> wrote:
 On Tue, Oct 10, 2017, at 04:29 PM, Rostislav Krasny wrote:
> I think it's worth to be supported. The RAID mode of storage
> controller seems to be a default BIOS configuration in all modern
> desktop computers. I think most desktop users don't configure any real
> RAID and continue to use their disks as separate devices. If at least
> this RAID configuration is supported it would be a great progress.

 I disagree, but that's just my opinion.
 And just because something is "a default BIOS configuration in all
 modern desktop computers" doesn't mean it's a good thing.
>>>
>>> Most desktop users don't change BIOS settings. They just try a
>>> software and if it doesn't work they usually throw it away and
>>> consider that software as bad or broken. In case of dual-boot they
>>> also depend on the previously installed OS. In case of already
>>> installed Windows changing the storage controller mode in BIOS from
>>> RAID to AHCI leads to BSoD. After all not supporting a common BIOS
>>> configuration leads to loss of users.
>>>
>>> What is not good in RAID mode without actual RAID array, except the
>>> fact OpenBSD doesn't run on it?
>>
>> What is not good is when you do have a RAID array, the controller is
>> in RAID mode, but OpenBSD doesn't understand the metadata, so it corrupts
>> data on the disk.
>
> This is not the case. Can you identify RAID mode without RAID array
> and for now support only this? That could be a good compromise.
>
>> This is a difficult area. We don't want to corrupt data, but then some
>> BIOS don't allow this option to be changed at all, and on others BIOS
>> only offer a choice between IDE and (unsupported) RAID, even though
>> it's an AHCI controller.
>
> Yet another reason to support RAID mode without RAID array.
>
>> I don't think we (developers) are particularly bothered about users
>> who can't be bothered to change an existing BIOS setting.
>
> Even if they can it could be too late, as in my case with Windows.
> This is lose-lose situation. You just lose users and popularity.
>

FWIW, you can change the SATA emulation mode to AHCI in the
HP setup utility, and making windows not BSoD when you switch
the controller from RAID mode to AHCI is also trivially easy.

-- 
:wq!



Re: l2tp and openbsd 6.1

2017-10-06 Thread Sterling Archer
On Fri, Oct 6, 2017 at 5:25 PM, Charles Amstutz
 wrote:
> Should've also mentioned this oddity:
>
> So, if the firewall rules are uncommented (where I get the below error)
>
> no IP address found for pppx:network
> /etc/pf.conf:102: could not parse host specification no IP address found for 
> pppx:network
> /etc/pf.conf:103: could not parse host specification no IP address found for 
> pppx:network
> /etc/pf.conf:106: could not parse host specification
>
>
> And reboot, I can't connect. However, if I comment out those lines and then 
> save/reload then uncomment,  I can connect just fine.
>
>
>
>
> -Original Message-
> From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of 
> Charles Amstutz
> Sent: Friday, October 6, 2017 10:04 AM
> To: 'misc@openbsd.org' 
> Subject: Re: l2tp and openbsd 6.1
>
> Hello Noth,
>
>
> "Try pppx instead of pppx0, it'll work in pf.conf, including as a macro."
>
> I did!! I found another article that talked about the group.  After reading 
> this: 
> http://frankgroeneveld.nl/2015/08/16/configuring-l2tp-over-ipsec-on-openbsd-for-mac-os-x-clients/
>
> However,  I still get this error if I try to reload the firewall and no vpn 
> client is established (thus the pppx group or pppx0 interface doesn't exist 
> yet)... this is the same if I use pppx or pppx0
>
>
> no IP address found for pppx:network
> /etc/pf.conf:102: could not parse host specification no IP address found for 
> pppx:network
> /etc/pf.conf:103: could not parse host specification no IP address found for 
> pppx:network
> /etc/pf.conf:106: could not parse host specification
>
> If I remove :network,  the same errors:
>
> no IP address found for pppx
> /etc/pf.conf:102: could not parse host specification no IP address found for 
> pppx
> /etc/pf.conf:103: could not parse host specification no IP address found for 
> pppx
> /etc/pf.conf:106: could not parse host specification
>
>
> However,  if I comment out those lines, connect, then uncomment out the 
> lines, things work as they should (it appears)
>
> It also seems as if I can't connect if I have those lines uncommented after a 
> reboot.
>
> Many strange things.
>
> Thanks for the help everyone, I'm going to continue to research.


You can't use :network for interface groups like pppx.
If you want to filter on IP or subnet, why don't you just type the actual IP
or subnet in pf.conf?


-- 
:wq!



Re: l2tp and openbsd 6.1

2017-10-02 Thread Sterling Archer
On Mon, Oct 2, 2017 at 10:03 PM, Charles Amstutz
 wrote:
> Hello everyone,
>
> I'm new to this list and l2tp/openbsd (but do have working UNIX/Linux 
> knowledge).  After searching the previous forum posts (and the internet) I 
> have found a lot of information on l2tp ipsec.conf connection strings. 
> However, I can't get android to connect. I keep getting IKE negotiation 
> failed errors.
>
> I've looked at sites such as:
>
> http://bluepilltech.blogspot.com/2017/02/openbsd-l2tp-over-ipsec-android-601-ios.html
> https://www.authbsd.com/blog/?p=20
> http://daemonforums.org/showthread.php?t=10326
> https://rzemieniecki.wordpress.com/2014/05/28/debugging-ipsec-on-openbsd-invalid_cookie/
> https://man.openbsd.org/npppd.conf.5
> https://blog.gordonturner.com/2016/12/10/openbsd-6-0-vpn-endpoint-for-ios-and-osx/
> https://marc.info/?l=openbsd-misc=145922338026396=2
> https://marc.info/?l=openbsd-misc=145614573528471=2
> https://www.mail-archive.com/misc@openbsd.org/msg145747.html
> ... etc
>
>
> I can get IOS to connect, but I can't get android 7 to connect.  I've read 
> that android has bugs with the vpn client in 6.x and 7.x (not sure if it is 
> fixed in 8 or not). However, what is confusing is it connections just fine
> To my windows l2tp server.  Bug tracker: 
> https://issuetracker.google.com/issues/37074640#c35
>
>
> My goal: Setup openbsd to work with IOS/android/windows/whatever.
>
> My questions.
>
>
> 1)  Can you have more than one ike line in ipsec.conf? from my 
> presumption of looking at sites on the internet, you can, however, I am not 
> sure.
>
> https://www.authbsd.com/blog/?p=20 makes it seem like you can, unless it is 
> just two examples
>
>
> 2)  Every time I read a site that says, "this configuration worked for me 
> on android", it doesn't work for me. I presume it is my lack of 
> understanding, though, I'm not ruling out the possible android bug.
>
>
> I appreciate any help.
>
>
>
> Here is my ipsec.conf (this allows IOS to connect)
>
> public_ip = "x.x.x.x"
>
>
>
> ike passive esp transport \
>
>   proto udp from $public_ip to any port 1701 \
>
>   main auth "hmac-sha1" enc "aes" group modp1024\
>
>   quick auth "hmac-sha1" enc "aes" \
>
>   psk "PSK-GOES-HERE"
>
> Here is my npppd.conf
>
>
>
> authentication LOCAL type local {
>
> users-file "/etc/npppd/npppd-users"
>
> }
>
>
>
> tunnel L2TP protocol l2tp {
>
> listen on 0.0.0.0
>
> listen on ::
>
> }
>
>
>
> ipcp IPCP {
>
> pool-address 10.0.0.101-10.0.0.254
>
> dns-servers x.x.x.x
>
> }
>
>
>
> # use pppx(4) interface.  use an interface per a ppp session.
>
> interface pppx0 address 10.0.0.1 ipcp IPCP
>
> bind tunnel from L2TP authenticated by LOCAL to pppx0

I'm able to connect using a similar setup, but using aes-256 instead of
aes as encoding in ipsec.conf.

-- 
:wq!



Re: IPv6 autoconf

2017-07-28 Thread Sterling Archer
Hey, glad you got it working :)

On Sat, Jul 29, 2017 at 3:29 AM, Thomas Smith
 wrote:
> On July 28, 2017 at 3:37:18 PM, Hamza Sheikh (fehr...@codeghar.com) wrote:
>
> I went through the process of creating an OpenBSD-based gateway for my
> home network (IPv4 and IPv6). Learned a lot and documented my setup in
> a blog post[0]. Maybe it can help troubleshoot your IPv6 setup. Pay
> special attention to these sections: (a) cnmac0; (b) dhcp6c; (c) The
> "Wrong" Config.
>
> [0] http://codeghar.com/blog/openbsd-network-gateway-on-edgerouter-lite.html
>
>
> I had been trying wide-dhcpv6—even with no firewall rules enabled, it erred
> out—“no route to host” and some other info. I expected that this had to do
> with `rtsol` or `inet6 autoconf` not working properly in hostname.em0—but
> according to your blog post, it was likely a misconfiguration on my part.
>
> After Mr Archer’s post, instead of giving dhcpcd a shot I tried
> isc-dhcp-client—firewall off, it immediately pulled down an ip6 address
> from Cox. After making some adjustments to the firewall, it could pull down
> one with it enabled as well. Still have a few things to work out now, but
> this is a great start!
>
> Thanks for the input guys!
>
> One question…
>
> What would be necessary to bake this functionality into OpenBSD base? IPv6
> is pretty ubiquitous nowadays—most ISPs support it, most cloud providers
> support it—it seems common enough that much of this functionality should
> just work.
>
> I know that “common enough” isn’t a good reason to implement features or
> functionality, it just seems like a core capability that should be present.
>
> When I was researching how to set this up, I found many different ways to
> do so—some of the information was clearly dated, others not so much. It
> would be great to have just configure this via hostname.em0 (or whichever
> interface) and have it work.
>
> I’m fairly new to OpenBSD but if there’s something I can do to help with
> this, I’m happy to do so if it's within my skillset.



Re: IPv6 autoconf

2017-07-28 Thread Sterling Archer
I switched from wide-dhcp to dhcpcd after reading recommendations
on this mailing list, and I don't regret it. Setup is just as easy, and the
code is more actively maintained.

On Sat, Jul 29, 2017 at 12:37 AM, Hamza Sheikh  wrote:
> I went through the process of creating an OpenBSD-based gateway for my
> home network (IPv4 and IPv6). Learned a lot and documented my setup in
> a blog post[0]. Maybe it can help troubleshoot your IPv6 setup. Pay
> special attention to these sections: (a) cnmac0; (b) dhcp6c; (c) The
> "Wrong" Config.
>
> [0] http://codeghar.com/blog/openbsd-network-gateway-on-edgerouter-lite.html
>



Re: Recommendation on OpenBSD host

2017-07-25 Thread Sterling Archer
You could check if www.1984.is supports OpenBSD. You should be aware
that most traffic to and from Iceland passes throught the UK, by the
way.

On Wed, Jul 26, 2017 at 3:01 AM,   wrote:
> Hey list. I need a server to host a very simple website.
> I've been looking for a OpenBSD host that offers 'full' control
> over the machine though SSH. Anyone has recommendations?
> My needs: simple low traffic httpd(8) website (no javascript),
> even a Core2Duo, 2GB of RAM and a HDD with space to install
> base system (without Xenocara, of course) would be enough.
> I can't do it on some random laptop because I need it to be
> anonymous (it will have sensitive journalistic information[*]).
> Ideally that accept cryptocoins (dashcoin or plain bitcoin) and
> from a country like Romania or Iceland, because of their historic
> free-speech protection (again, *ideally*).
> I see the people from Libreboot have a project to build a host,
> but I don't think they support OpenBSD yet and I think they never
> will... because of Stallmanism BS ("closed firmware == blob").
>
>
> Regards.
>
>
>
> ps. Yes, I've searched the marc.info archive.
> ps2. please don't reply directly to this mail, but to the list.
>
> [*] nothing illegal, btw, it will just possibly make some political
> people very angry.
>



Re: PF packets being blocked...why?

2017-06-27 Thread Sterling Archer
On Tue, Jun 27, 2017 at 11:50 AM, Stuart Henderson  wrote:
> On 2017-06-26, Steve Williams  wrote:
>> Hi,
>>
>> New install of OpenBSD 6.1 on apu2.  Love the little box.
>>
>> I have em0 as the connection to the Internet and I bridged em1 and em2
>> together on 192.168.123.0.
>>
>> I've been using OpenBSD since the 2.7 days, but have never run NAT so
>> this is my first foray into that world.  I have followed the FAQ on
>> "building a router" almost vebatim.  It's working fine, but I am seeing
>> some packets blocked with no effect on browsing behind the OpenBSD box.
>
> bridge interactions with PF can be a bit non-obvious, I'd skip that part
> (and vether etc) until you're happy with the rest unless you absolutely
> need it..
>

I don't know what's causing the packets to be dropped, but I'm pretty sure
it's not bridge-related, because I see the exact same thing on my firewall,
and I don't bridge any devices.



Re: openvpn multihome on OpenBSD?

2017-06-17 Thread Sterling Archer
On Sat, Jun 17, 2017 at 3:41 PM, Harald Dunkel  wrote:
> Hi folks,
>
> AFAICS the openvpn 2.4.2 man page recommends a "multihome" feature
> for dual stack setups, but I can't make it work on OpenBSD (the
> openvpn server) in this case.
>
> The logfile on the client shows
>
> Sat Jun 17 15:13:40 2017 OpenVPN 2.4.2 x86_64-pc-linux-gnu [SSL (OpenSSL)] 
> [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jun 17 2017
> Sat Jun 17 15:13:40 2017 library versions: OpenSSL 1.0.2l  25 May 2017, LZO 
> 2.08
> Enter Private Key Password: **
> Sat Jun 17 15:13:43 2017 WARNING: No server certificate verification method 
> has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
> Sat Jun 17 15:13:43 2017 NOTE: the current --script-security setting may 
> allow this configuration to call user-defined scripts
> Sat Jun 17 15:13:43 2017 WARNING: this configuration may cache passwords in 
> memory -- use the auth-nocache option to prevent this
> Sat Jun 17 15:13:43 2017 TCP/UDP: Preserving recently used remote address: 
> [AF_INET6]2001:db80:13b0:::60:1195
> Sat Jun 17 15:13:43 2017 Socket Buffers: R=[212992->212992] S=[212992->212992]
> Sat Jun 17 15:13:43 2017 setsockopt(IPV6_V6ONLY=0)
> Sat Jun 17 15:13:43 2017 UDP link local (bound): [AF_INET6][undef]:1194
> Sat Jun 17 15:13:43 2017 UDP link remote: 
> [AF_INET6]2001:db80:13b0:::60:1195
> Sat Jun 17 15:13:44 2017 TCP/UDP: Incoming packet rejected from 
> [AF_INET6]:::5.145.xx.yy:1194[10], expected peer address: 
> [AF_INET6]2001:db80:13b0:::60:1195 (allow this incoming source 
> address/port by removing --remote or adding --float)
> Sat Jun 17 15:13:44 2017 or from peer address: [AF_INET]5.145.xx.yy:1195
> Sat Jun 17 15:13:48 2017 TCP/UDP: Incoming packet rejected from 
> [AF_INET6]:::5.145.xx.yy:1194[10], expected peer address: 
> [AF_INET6]2001:db80:13b0:::60:1195 (allow this incoming source 
> address/port by removing --remote or adding --float)
> Sat Jun 17 15:13:48 2017 or from peer address: [AF_INET]5.145.xx.yy:1195
> Sat Jun 17 15:13:51 2017 TCP/UDP: Incoming packet rejected from 
> [AF_INET6]:::5.145.xx.yy:1194[10], expected peer address: 
> [AF_INET6]2001:db80:13b0:::60:1195 (allow this incoming source 
> address/port by removing --remote or adding --float)
> Sat Jun 17 15:13:51 2017 or from peer address: [AF_INET]5.145.xx.yy:1195
> Sat Jun 17 15:13:54 2017 TCP/UDP: Incoming packet rejected from 
> [AF_INET6]:::5.145.xx.yy:1194[10], expected peer address: 
> [AF_INET6]2001:db80:13b0:::60:1195 (allow this incoming source 
> address/port by removing --remote or adding --float)
> Sat Jun 17 15:13:54 2017 or from peer address: [AF_INET]5.145.xx.yy:1195
> Sat Jun 17 15:13:56 2017 event_wait : Interrupted system call (code=4)
> Sat Jun 17 15:13:56 2017 SIGINT[hard,] received, process exiting
>
>
> Please note the weird IPv6 addresses ":::5.145.xx.yy". 5.145.xx.yy
> is the OpenBSD server's IPv4 address, but it is not running IPv4 over
> IPv6. 
>
> I tried the most recent openvpn in stable, of course. Every helpful
> comment is highly appreciated
> Harri
>
>

Hey Harri,

Those are ipv4-mapped ipv6 addresses (RFC 4291,
https://tools.ietf.org/html/rfc4291).


Sterling



Re: SSO solution in ports?

2017-05-27 Thread Sterling Archer
On Sat, May 27, 2017 at 9:01 PM, Friedrich Locke
 wrote:
> I go for ldap + sasl + kerberos. It is perfect, at least to me.
>
> Em 16/07/2009 11:52, John Almberg escreveu:
>>
>> I am trying to build a set of web applications that are accessed through
>> a web portal that uses a Single Sign On (SSO) solution. Problem is,
>> there are MANY competing SSO solutions. Since building the client side
>> of the SSO system is more than enough for me, I was wondering if there
>> are any SSO servers in ports that I can just install and use? A CAS
>> solution would be the best, but I'll look at anything.
>>
>> Any tips or ideas, much appreciated.
>>
>> -- John
>>
>> ___
>> freebsd-questi...@freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
>> To unsubscribe, send any mail to
>> "freebsd-questions-unsubscr...@freebsd.org"
>> .
>>
>

Not sure if troll or just stupid.



Re: syspatch61-005: Unable to access bsd.sp

2017-05-08 Thread Sterling Archer
On Tue, May 9, 2017 at 2:40 AM, Michael Hendricks  wrote:

> I installed 6.1 on a new machine. A few days ago, I installed syspatches
> 1-4 without trouble.  Today while applying patch 5, I got an error because
> /bsd.sp was absent.  If I "cp /bsd /bsd.sp" the patch applies fine.
> Anyway, sometime after applying patch 4, I realized that I'd been running
> an SP kernel, so I added "set image bsd.mp" to /etc/boot.conf  I don't
> think I ever deleted /bsd.sp after installation.  I thought I'd mention the
> error message in case any of this is unexpected behavior.
>
> $ sysctl kern.version hw.ncpufound
> kern.version=OpenBSD 6.1 (GENERIC.MP) #2: Tue May  2 12:58:57 CEST 2017
> rob...@syspatch-61-amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/
> GENERIC.MP
>
> hw.ncpufound=4
>
> $ ls -l /bsd*
> -rwxr-xr-x  1 root  wheel  10684150 May  8 20:09 /bsd
> -rw-r--r--  1 root  wheel  10756231 May  4 12:57 /bsd.mp
> -rw-r--r--  1 root  wheel   9431142 Apr 20 13:20 /bsd.rd
> -rwxr-xr-x  1 root  wheel  10684150 May  8 20:09 /bsd.syspatch61
>
> $ syspatch -l
> 001_dhcpd
> 002_vmmfpu
> 003_libressl
> 004_softraid_concat
>
> $ doas syspatch
> Get/Verify syspatch61-005_pf_src_...
> Installing patch 005_pf_src_tracking
> tar: Unable to access bsd.sp: No such file or directory
> tar: WARNING! These file names were not selected:
> bsd.sp
> Failed to create rollback patch 005_pf_src_tracking
>
> $ doas cp /bsd /bsd.sp
>
> $ doas syspatch
> Get/Verify syspatch61-005_pf_src_...
> Installing patch 005_pf_src_tracking
> Get/Verify syspatch61-006_libssl.tgz
> Installing patch 006_libssl
>
> $ syspatch -l
> 001_dhcpd
> 002_vmmfpu
> 003_libressl
> 004_softraid_concat
> 005_pf_src_tracking
> 006_libssl
>

You're running into the problem mentioned in this thread:
http://marc.info/?l=openbsd-misc=149377325003324=2

Best thing to do is to revert all syspatches, then reapply them
as described here:
http://marc.info/?l=openbsd-tech=149384240928126=2
You might want to check that your mirror is up to date before doing that.

After you've successfully patched everything, you should be running kernel
"OpenBSD 6.1 (GENERIC.MP) #4: Sat May  6 09:33:37 CEST 2017".


Re: IPv6, sshd, and latest patches?

2017-05-07 Thread Sterling Archer
On Mon, May 8, 2017 at 2:48 AM, Sterling Archer <deb...@gmail.com> wrote:

> On Mon, May 8, 2017 at 1:58 AM, Eric Johnson <eri...@colossus.gruver.net>
> wrote:
>
>>
>>
>> Has anyone else had problems with sshd and IPv6 after applying the latest
>> patches?  It seems to me that the patches disabled the use of IPv6 for
>> ssh.
>>
>> When I try to set the IPv6 address I want it to listen to in sshd_config,
>> sshd fails with the following message:
>>
>> bad addr or host: 2001:1890:1263:a14:: (no address associated with name)
>>
>> Using the default sshd_config, ssh is only listening on IPv4 addresses.
>>
>> Eric Johnson
>>
>>
> It's working here, fully patched 6.1 system.
> To make sure it's not because of the :: inet6 address, I tested this, where
> 2001:: is the /48 my ISP delegates to me:
>
> # doas ifconfig em1 inet6 2001::::
> # doas rcctl restart sshd
> sshd (ok)
> sshd (ok)
> # telnet 2001::::
>

That's telnet 2001:::: 22, of course.


> Trying 2001::::...
> Connected to 2001::::.
> Escape character is '^]'.
> SSH-2.0-OpenSSH_7.5
>
>
>


Re: IPv6, sshd, and latest patches?

2017-05-07 Thread Sterling Archer
On Mon, May 8, 2017 at 1:58 AM, Eric Johnson 
wrote:

>
>
> Has anyone else had problems with sshd and IPv6 after applying the latest
> patches?  It seems to me that the patches disabled the use of IPv6 for
> ssh.
>
> When I try to set the IPv6 address I want it to listen to in sshd_config,
> sshd fails with the following message:
>
> bad addr or host: 2001:1890:1263:a14:: (no address associated with name)
>
> Using the default sshd_config, ssh is only listening on IPv4 addresses.
>
> Eric Johnson
>
>
It's working here, fully patched 6.1 system.
To make sure it's not because of the :: inet6 address, I tested this, where
2001:: is the /48 my ISP delegates to me:

# doas ifconfig em1 inet6 2001::::
# doas rcctl restart sshd
sshd (ok)
sshd (ok)
# telnet 2001::::
Trying 2001::::...
Connected to 2001::::.
Escape character is '^]'.
SSH-2.0-OpenSSH_7.5


Re: Official OpenBSD 6.1 CD !

2017-05-03 Thread Sterling Archer
On Wed, May 3, 2017 at 10:33 PM, Bob Beck  wrote:

> So.  There *Is* an official OpenBSD 6.1 CD
>
> Just One.
>
> If you are interested, please bid on ebay :
>
> http://www.ebay.com/itm/The-only-Official-OpenBSD-6-1-CD-
> set-to-be-made-For-auction-for-the-project-/252910718452?
> hash=item3ae2a74df4:g:SJQAAOSwrhBZBqkd
>
> (It's a pretty cool little CD set!)
>

Fantastic idea, I hope you raise a lot of money selling it.


Re: Etnernal & infernal browser woes

2017-04-29 Thread Sterling Archer
On Sun, Apr 30, 2017 at 12:07 AM, Mihai Popescu  wrote:

> Do you know a method like this to disable kernel panic screen, too?
> Also something for hidding the dmesg scroll on boot will be nice.
>
> Maybe something to show a nice picture with a text like "sit back and
> relax while your OS is loading ..." - the last three points must be
> some kind of animation.
> Oh, and the text can be changed with more optimistic ones "life is
> beautiful today...", etc.
>


Yes, not wanting pretty much useless 2GB+ core dumps from an application
that
often crashes is exactly the same as those other things.


Re: Partition Input/output error

2017-04-17 Thread Sterling Archer
On Mon, Apr 17, 2017 at 8:54 PM, Evgeniy Sudyr 
wrote:

> Yes, sorry my bad
> # dd if=/dev/rsd1a of=/dev/null bs=1m count=1000
> 1000+0 records in
> 1000+0 records out
> 1048576000 bytes transferred in 6.088 secs (172228383 bytes/sec)
>
> Unfortunately this not solves mount problem.
>
> Also tried mount to other mount point:
>
> # mount
> /dev/sd0a on / type ffs (local)
> /dev/sd1a on /tmp/1 type ffs (local)
>
> # ls -lah /tmp/1
> ls: /tmp/1: Input/output error
>
> --
> Evgeniy
>
>
>
> --
> --
> With regards,
> Eugene Sudyr
>


The disklabel on the drive doesn't seem right to me:

># disklabel sd1
...
>16 partitions:
>#size   offset  fstype [fsize bsize   cpg]
>  a:   34359787520  4.2BSD   8192 65536 1 # /open
>  c:   34359787520  unused


The offset for both a and c is 0.

I would try re-initialising the drive with fdisk and creating a new
disklabel.


Re: Partition Input/output error

2017-04-17 Thread Sterling Archer
On Mon, Apr 17, 2017 at 4:22 PM, Evgeniy Sudyr 
wrote:

snip

# dd if=/dev/sd1a  of=/dev/null bs=1m
> dd: /dev/sd1a: Input/output error
> 0+0 records in
> 0+0 records out
> 0 bytes transferred in 0.012 secs (0 bytes/sec)
>
>
Use /dev/rsd1a



Re: Adding default IPv6 route fails on 6.1

2017-04-12 Thread Sterling Archer
On Wed, Apr 12, 2017 at 9:59 AM, Dimitris Papastamos  wrote:

> Try this instead:
>
> !/sbin/route add -inet6 default -ifp pppoe0 fe80::%pppoe0
>

That did the trick, dhcpcd is receiving router advertisments from
my ISP now. Thanks, Dimitris.



Re: Adding default IPv6 route fails on 6.1

2017-04-12 Thread Sterling Archer
On Wed, Apr 12, 2017 at 8:50 AM, Stefan Sperling <s...@stsp.name> wrote:

> On Wed, Apr 12, 2017 at 01:20:20AM +0200, Sterling Archer wrote:
> > Hello everyone.
> >
> > After upgrading to 6.1 about an hour ago, I noticed that I didn't have an
> > IPv6 connection
> > anymore.
> >
> > I use dhcpcd over a pppoe session, which worked fine in 6.0-stable. The
> > problem seems to
> > be a failure to add a default inet6 route on the pppoe device. I see this
> > error in the dmesg
> > console log:
> >
> > "add net default: gateway fe80::: No route to host"
> >
> > Did I miss something in the changelog, or is this a bug?
> >
> >
> > Here's the contents of my hostname.pppoe0:
> >
> > [sven@puffy ~]$ cat /etc/hostname.pppoe0
> > description "pppoe session over vlan6"
> > inet 0.0.0.0 255.255.255.255 NONE mtu 1500 \
> > pppoedev vlan6 authproto pap \
> > authname 'kennyloggins' authkey 'dangerzone!'
> > dest 0.0.0.1
> > inet6 eui64
> > !/sbin/route add default -ifp pppoe 0.0.0.1
> > !/sbin/route add -inet6 default -ifp pppoe0 fe80::
> >
>
> Can you add a default route manually once the pppoe session is up or
> does that not work either?
>

Sorry, I should have mentioned that, it fails when you attempt to
manually add it too.



Adding default IPv6 route fails on 6.1

2017-04-11 Thread Sterling Archer
Hello everyone.

After upgrading to 6.1 about an hour ago, I noticed that I didn't have an
IPv6 connection
anymore.

I use dhcpcd over a pppoe session, which worked fine in 6.0-stable. The
problem seems to
be a failure to add a default inet6 route on the pppoe device. I see this
error in the dmesg
console log:

"add net default: gateway fe80::: No route to host"

Did I miss something in the changelog, or is this a bug?


Here's the contents of my hostname.pppoe0:

[sven@puffy ~]$ cat /etc/hostname.pppoe0
description "pppoe session over vlan6"
inet 0.0.0.0 255.255.255.255 NONE mtu 1500 \
pppoedev vlan6 authproto pap \
authname 'kennyloggins' authkey 'dangerzone!'
dest 0.0.0.1
inet6 eui64
!/sbin/route add default -ifp pppoe 0.0.0.1
!/sbin/route add -inet6 default -ifp pppoe0 fe80::



Re: Topics for revised PF and networking tutorial

2017-04-05 Thread Sterling Archer
On Sat, Apr 1, 2017 at 10:52 AM, Peter N. M. Hansteen 
wrote:

> Hi,
>
> I thought I'd like to give you a heads up that there will be a "PF and
> networking" tutorial at BSDCan 2017 in Ottawa this June.
>
> The session will however not be the Nth rerun of the old one, we're
> starting from scratch this time, and were looking for input on what to
> include.
>
> Do you have questions on PF and related matters, or are there specific
> topics you would like to see covered?
>
> We want to hear from you, either contact us directly at the reply-to
> address use the list.
>
> --
> Peter N. M. Hansteen, member of the first RFC 1149 implementation team
> http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
> "Remember to set the evil bit on all malicious network traffic"
> delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
>
>
Seconding (thirding?) ipv6. Relayd would be nice too, maybe in the section
about pf anchors.



Re: how is IPv6 over pppoe supposed to work?

2017-04-03 Thread Sterling Archer
On Mon, Apr 3, 2017 at 6:21 PM, Harald Dunkel  wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Hi folks,
>
> AFAICT adding 2 lines to hostname.pppoe0 (as shown in the man
> page) doesn't give you a full featured IPv6 subnet yet. Is there
> some support for IPV6CP (RFC 5072) in OpenBSD?
>
> Google mentioned some "dhcp6c", but its not in 6.0, is it?
>
>
> Any insightful comment is highly appreciated
> Harri
> -BEGIN PGP SIGNATURE-
>
> iQEzBAEBCAAdFiEEH2V614LbR/u1O+a1Cp4qnmbTgcsFAljidqQACgkQCp4qnmbT
> gcs1Ggf8DGPd2GswDflaoQK6CJdVPxK/Qr5Z6SARj1/nUaZmPUn+GQIcRv1E9ZfN
> eBd0JkAsu2h+dC9JOifF97HHwgVLa+7kRFVqxIHna25ImNRa3R74rcLTGPdU6daV
> I4NsbaSefqJky0cTsBrEIO5HclR2g+mQNKvJ4CpjDXYue5Ri7wvSqBdXl/ewZCZD
> BMHH1Zrp7tQcumkM6FHKmkkANSLwE9kfmYcn69Y566hKgjuHX7zYiPiPw2cO9SNc
> qI33jjQKQw0VSVWdHyYVJUF0TBOHW4G+TAhiK0mpizY5Z19hL+Ex3g1aAsI2UH2c
> GkMcymBD2AbxKRVUxYQK7Irp1h94Vg==
> =xleU
> -END PGP SIGNATURE-
>
>
Install wide-dhcpv6 from ports.



Re: Running OpenBSD on Hypervisor

2017-03-08 Thread Sterling Archer
On Wed, Mar 8, 2017 at 4:07 PM, Markus Rosjat  wrote:

> Hi there,
>
> just like to get opinions or examples of OpenBSd as guest on a hypervisor.
> I had it running on a VMware Host but since the free version is missing
> quiet a lot features I was wondering where to look at. I also tried Hyper-V
> from MS and this looks qiet ok. So if the "virtual" guys like to share
> there expericence it would be nice. Im open for every thing so KVM or BHive
> are points Ive looked at but haven't tried for now.
>
> thanks for the input
>
> regards
> --
> Markus Rosjatfon: +49 351 8107223mail: ros...@ghweb.de
>
> G+H Webservice GbR Gorzolla, Herrmann
> Königsbrücker Str. 70, 01099 Dresden
>
> http://www.ghweb.de
> fon: +49 351 8107220   fax: +49 351 8107227
>
> Bitte prüfen Sie, ob diese Mail wirklich ausgedruckt werden muss! Before
> you print it, think about your responsibility and commitment to the
> ENVIRONMENT
>
>
Running 6.0 stable as a build host on a KVM VM here, virtio for disks and
NIC.
Had a few problems with keyboard input in the virt-manager console, but
since
I mostly ssh to the VM, I can live with that.
Virtio for disks and NIC worked in 6.0 release too.

Here's the dmesg:

OpenBSD 6.0-stable (GENERIC.MP) #1: Sun Feb 26 01:19:55 CET 2017
me@obsd60vm:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 4278030336 (4079MB)
avail mem = 4143902720 (3951MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xf69c0 (10 entries)
bios0: vendor SeaBIOS version "1.9.3-1.fc25" date 04/01/2014
bios0: QEMU Standard PC (i440FX + PIIX, 1996)
acpi0 at bios0: rev 0
acpi0: sleep states S5
acpi0: tables DSDT FACP APIC
acpi0: wakeup devices
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel Core Processor (Haswell, no TSX), 3500.48 MHz
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,MMX,FXSR,SSE,SSE2,SS,HTT,SS
E3,PCLMUL,VMX,SSSE3,FMA3,CX16,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE
,AES,XSAVE,AVX,F16C,RDRAND,HV,NXE,P
AGE1GB,LONG,LAHF,ABM,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,ARAT
cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB
64b/line 16-way L2 cache
cpu0: ITLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped
cpu0: DTLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 999MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel Core Processor (Haswell, no TSX), 3500.10 MHz
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,MMX,FXSR,SSE,SSE2,SS,HTT,SS
E3,PCLMUL,VMX,SSSE3,FMA3,CX16,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE
,AES,XSAVE,AVX,F16C,RDRAND,HV,NXE,P
AGE1GB,LONG,LAHF,ABM,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,ARAT
cpu1: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB
64b/line 16-way L2 cache
cpu1: ITLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped
cpu1: DTLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped
cpu1: smt 0, core 1, package 0
cpu2 at mainbus0: apid 2 (application processor)
cpu2: Intel Core Processor (Haswell, no TSX), 3500.10 MHz
cpu2:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,MMX,FXSR,SSE,SSE2,SS,HTT,SS
E3,PCLMUL,VMX,SSSE3,FMA3,CX16,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE
,AES,XSAVE,AVX,F16C,RDRAND,HV,NXE,P
AGE1GB,LONG,LAHF,ABM,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,ARAT
cpu2: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB
64b/line 16-way L2 cache
cpu2: ITLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped
cpu2: DTLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped
cpu2: smt 0, core 2, package 0
cpu3 at mainbus0: apid 3 (application processor)
cpu3: Intel Core Processor (Haswell, no TSX), 3503.92 MHz
cpu3:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,MMX,FXSR,SSE,SSE2,SS,HTT,SS
E3,PCLMUL,VMX,SSSE3,FMA3,CX16,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE
,AES,XSAVE,AVX,F16C,RDRAND,HV,NXE,P
AGE1GB,LONG,LAHF,ABM,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,ARAT
cpu3: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB
64b/line 16-way L2 cache
cpu3: ITLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped
cpu3: DTLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped
cpu3: smt 0, core 3, package 0
ioapic0 at mainbus0: apid 0 pa 0xfec0, version 11, 24 pins
acpiprt0 at acpi0: bus 0 (PCI0)
acpicpu0 at acpi0: C1(@1 halt!)
acpicpu1 at acpi0: C1(@1 halt!)
acpicpu2 at acpi0: C1(@1 halt!)
acpicpu3 at acpi0: C1(@1 halt!)
"ACPI0006" at acpi0 not configured
"PNP0303" at acpi0 not configured
"PNP0F13" at acpi0 not configured
"PNP0700" at acpi0 not configured
"PNP0501" at acpi0 not configured

Re: strange packets

2017-03-07 Thread Sterling Archer
On Tue, Mar 7, 2017 at 4:50 PM, Frank White  wrote:

> Hi, I have a new openbsd firewall but I have one strange problem... it is
> really slow for surfing internet.
> I have discovered that if I use squid as proxy (installed on the firewall)
> the internet speed is ok. If I don't use squid the browsing is very very
> slow... also if I ping google from a client I loose 25% of packets... if I
> ping google from the fw I dont lose any packets. Using tcpdump on the
> egress IF I see that the packets from the lan client go out but I don't
> receive any reply... I mean the 25% of packets..
> My lan has 150 users... and the firewall is a cluster with 2 nodes and 2 GB
> ram each..
> it worked fine from the born.. about 2 or 3 weeks ago.
> I changed the pf.conf with an old one ... for old I mean 10 days ago... but
> nothing was changed.
> Any help ?
>
>
Can't really help when you don't tell us anything relevant about your setup.
Maybe you should post the contents of relevant configuration files?
pf.conf, hostname.if files, etc.



Re: serial port expansion card

2017-03-03 Thread Sterling Archer
On Fri, Mar 3, 2017 at 8:54 AM, Jan Stary  wrote:

> On Mar 03 08:46:11, h...@stare.cz wrote:
> > This is current/amd64 (dmesg below). I got me this
> > https://www.alza.cz/EN/axago-pcea-s2-d277216.htm
> > to have two extra serial ports to connect to my ALIXes.
> > It shows up in dmesg as
> >
> >   puc0 at pci2 dev 0 function 0 "NetMos Nm9922" rev 0x00: ports: 1 com
> >   com4 at puc0 port 0 apic 2 int 16: st16650, 32 byte fifo
> >   puc1 at pci2 dev 0 function 1 "NetMos Nm9922" rev 0x00: ports: 1 com
> >   com5 at puc1 port 0 apic 2 int 17: st16650, 32 byte fifo
>
> Hm, puc(4) says
>
>   The current design of this driver keeps any com ports on these
>   cards from easily being used as console.  Of course, because boards with
>   those are PCI boards, they also suffer from dynamic address
>   assignment, which also means that they can't easily be used as console.
>
> What do people use as a serial port expansion then
> to connect to the ALIX serial console?
>
> Jan
>
>
I recently bought a cheap USB com port adapter which works fine.
It shows up as ucom0 in dmesg, and uses the /dev/ttyU0 device.

I ordered it here https://www.apu-board.de/produkte/digitus-da-70156.html
in case you're interested.



Re: OT? - ownCloud vs NextCloud

2017-02-23 Thread Sterling Archer
Nextcloud isn't just a fork, the founder and most of the engineering team
left owncloud to start nextcloud. You can read more about it here:
http://www.techrepublic.com/article/owncloud-founder-has-forked-their-product-into-nextcloud/

Like Devin, I'm also using owncloud at the moment, though not on openbsd
right now,
and in the process of moving to nextcloud.
If anyone needs help testing a port of nextcloud, I'd be more than willing
to help.
If that could lead to me (and others) running it on OpenBSD, that would be
terrific.

SB

On Fri, Feb 24, 2017 at 12:26 AM, nacredata  wrote:

> Owncloud is a longer running project, next cloud is the fork, so probably
> there is a package just because it came first. I did see something on a
> list I
> don't remember which one not very long ago at all about someone working on
> the
> next part of the package.
>
> I have been running on cloud on openBSD since version eight, currently on
> 9.0.4, and have also installed a test installation of next cloud from
> source.
> It's just PHP files, it worked fine. We are looking to transition to next
> cloud, as we have had some frustration and getting the community to engage
> with projects we were contributing, difficult to get feedback seems
> unlikely
> to get something integrated and help maintaining it.
>
>
> devin
> --
> contact info: http://nacredata.com/devin
>
>
>
> > On Feb 23, 2017, at 17:57, Steve Williams  com>
> wrote:
> >
> > Hi,
> >
> > I was going to install the ownCloud package in my OpenBSD server, but
> then
> wondered about Nextcloud.  I was surprised there's no Nextcloud package.
> >
> > Does anyone know what the status of the 2 projects are in general?  (the
> non-OpenBSD specific questioN).
> >
> > Is there some reason there's no Nextcloud port other than no-one has done
> one?  (yes, this is a reason, but I'm wondering license, politics, etc).
> >
> > From the reading I was able to do, it seems like Nextcloud might be a
> smarter investment of time to install than ownCloud.
> >
> > Thoughts?
> >
> > Thanks,
> > Steve Williams