Re: Packages/libraries in disarray after sysupgrade

2021-05-14 Thread Stuart Henderson
On 2021-05-14, Marc Espie wrote: > On Thu, May 13, 2021 at 10:47:11PM +, tetrahe...@danwin1210.me wrote: >> After upgrading 6.8->6.9 (stable, not current) using sysupgrade, I am >> finding it not possible to install packages via pkg_add >> >> When I try to install something, I get a series

Re: Editing boot.conf to set tty to fb0 in miniroot69.img

2021-05-11 Thread Stuart Henderson
On 2021-05-11, Paul W. Rankin wrote: > Hello, > > I am trying to install OpenBSD on a Raspberry Pi 4B without the > assistance of the serial console. The Pi firmware is set to boot from > USB. I have arm64 miniroot69 on a USB and the system boots; I see the > "BOOT>" prompt, but my USB

Re: 'python3.8 setup.py install' gets 'ZIP does not support timestamps before 1980' at OpenBSD 6.9

2021-05-11 Thread Stuart Henderson
On 2021-05-10, Roger Marsh wrote: > After upgrading to OpenBSD 6.9 'ValueError: ZIP does not support timestamps > before 1980' exceptions started occuring when installing python packages by: > > 'python3.8 setup.py install --user' where the package was built by: > > 'python3.8 setup.py sdist

Re: Not possible to sysupgrade via snapshots right now?

2021-05-11 Thread Stuart Henderson
On 2021-05-09, Scott Vanderbilt wrote: > On 5/9/2021 4:04 AM, Stuart Henderson wrote: >> On 2021-05-08, Scott Vanderbilt wrote: >>> Apologies if this is a question to which there is an obvious answer, but >>> I could not find one in the sysupgrade man page,

Re: Not possible to sysupgrade via snapshots right now?

2021-05-09 Thread Stuart Henderson
On 2021-05-08, Scott Vanderbilt wrote: > Apologies if this is a question to which there is an obvious answer, but > I could not find one in the sysupgrade man page, in the FAQ, or by Googling. > > Is it not possible to do a sysupgrade from 6.9-current to latest using > snapshots at the moment?

Re: openssl cms -encrypt does not work with EC key/cert

2021-05-08 Thread Stuart Henderson
On 2021-05-08, Theodore Wynnychenko wrote: > > Hello again: > > I am re-posting this message with additional information.. > While I have no expectation that there will be any reply, I am hopeful there > may be. Confirmed, and it also fails with OpenSSL 1.0.2u, but succeeds with 1.1.1k. I think

Re: pf ipv6 source-routing 6.9

2021-05-08 Thread Stuart Henderson
On 2021-05-08, Bastien Durel wrote: > Le 08/05/2021 à 10:58, Stuart Henderson a écrit : >> On 2021-05-08, Bastien Durel wrote: >>> Le 07/05/2021 à 22:50, Stuart Henderson a écrit : >>>> On 2021-05-07, Bastien Durel wrote: >>>>> Hello, >>>&

Re: pf ipv6 source-routing 6.9

2021-05-08 Thread Stuart Henderson
On 2021-05-08, Bastien Durel wrote: > Le 07/05/2021 à 22:50, Stuart Henderson a écrit : >> On 2021-05-07, Bastien Durel wrote: >>> Hello, >>> >>> I have multiple ISPs plugged on my OpenBSD box, each one providing its >>> IPv6 address sp

Re: Openbsd 6.9 Default gateway

2021-05-08 Thread Stuart Henderson
On 2021-05-07, Irshad Sulaiman wrote: > Hi > How to set only one default gateway if I have multiple interface , one is > in DHCP and other in Static ip > I have set /etc/mygate 192.168.100.1 and hostname.em0 (DHCP) and > hostname.iwn0 (static 192.168.100.163 255.255.255.0) Sounds like

Re: pf ipv6 source-routing 6.9

2021-05-07 Thread Stuart Henderson
On 2021-05-07, Bastien Durel wrote: > Hello, > > I have multiple ISPs plugged on my OpenBSD box, each one providing its > IPv6 address space. > > I used to route outgoing streams with : > > net2_if = pppoe0 > ovh_v6_router = "(" $net2_if fe80::230:88ff:fe04:63c9 ")" > ovh_v6_prefix =

Re: bitcoind out of memory

2021-05-07 Thread Stuart Henderson
On 2021-05-07, yancy ribbens wrote: > I'm running 6.8 and trying to run bitcoind (C++), however, I continue to > receive a core dump while running the application (out of memory). The > dmesg file is below. Always surprises me when people are willing to run things like that as root.. > The

Re: fighting amplification attack --was: Re: pf: block drop not working

2021-05-07 Thread Stuart Henderson
for poor formatting. On 7 May 2021 09:54:58 Axel Rau wrote: Am 05.05.2021 um 16:20 schrieb Stuart Henderson : This is usually best dealt with in your DNS server software e.g. by using the rrl-* configuration in NSD, see nsd.conf(5), or "rate-limit" config section in BIND. Y

Re: Trying to understand/debug caldav vs. httpd issue

2021-05-07 Thread Stuart Henderson
On 2021-05-05, T. Ribbrock wrote: > Hi all, > > this may be a long shot, but I'm looking for someone who can give me a > few pointers (if this is better posted to another list, please let me > know as well). > > TL;DR: I am running into issues with a webdav/caldav client > connecting to a

Re: I can’t get veb/vport to work with vmd.

2021-05-07 Thread Stuart Henderson
On 2021-05-06, Luke Small wrote: > I got it working. I have a pretty hefty amount of vether0 and > vether0:network in my pf.conf that I changed to vport0 and vport0:network. > > That fixed every single thing! > > I somehow completely forgot about all the vether0 pf rules which isolates > the the

Re: DHCPd - option capwap (code 138)

2021-05-07 Thread Stuart Henderson
On 2021-05-06, Radek wrote: > Hello, > I want to use dhcpd server to push Wireless Controller's IP address to the > APs. > > According to this: > http://systemnetworksecurity.blogspot.com/2013/02/adding-custom-options-in-isc-dhcpds.html >

Re: Errors extracting ports and xenocara tarballs

2021-05-06 Thread Stuart Henderson
On 2021-05-06, Chris Zakelj wrote: > I'm getting an odd error trying to extract these two tarballs from > 6.9-RELEASE on a clean install. I'm probably missing something obvious > but don't know what. Starting with > https://www.openbsd.org/faq/faq5.html, I log in on the console, edit my >

Re: fighting amplification attack --was: Re: pf: block drop not working

2021-05-05 Thread Stuart Henderson
On 2021-05-05, Axel Rau wrote: >> >> check the table name … > > But even with the correct table name I had to flush states to get it working. That is expected. A state lookup is done before parsing the ruleset. You can try clearing states with pfctl -k but there are some issues, it doesn't

Re: isakmpd ignoring authentication metod

2021-05-05 Thread Stuart Henderson
On 2021-05-04, Giacomo Marconi wrote: > Hi all > > I have some openbsd boxes as vpn endpoint to a Palo Alto Pa-820. > > In my last VPN config (unsing 6.8) I see in the logs that isakmpd is > expexting RSA_SIG as authentication method, while in ipsec.conf I set the psk > value. This usually

Re: Q: dmesg: dt: 443 probes

2021-05-04 Thread Stuart Henderson
On 2021-05-04, Why 42? The lists account. wrote: > > On Mon, May 03, 2021 at 12:59:27AM +0200, Patrick Wildt wrote: >> > ... >> > But when I do (as root): "sysctl kern.allowdt=1" it returns this error: >> > sysctl: kern.allowdt: Operation not permitted >> >> Similarly to kern.allowkmem, you can

Re: chroot x11 via Xephyr

2021-05-04 Thread Stuart Henderson
On 2021-05-03, u/Rogu3_AI wrote: > Hi, I have successfully populated a chroot with 69 filesets. You can > refer to https://www.reddit.com/r/openbsd/comments/n2k475/chroot_help/ > to know what I'm talking about. My question is after successfully > entering my chroot environment how can I forward

Re: Can I do 4-26 snapshot to 6.9-stable safely?

2021-05-02 Thread Stuart Henderson
On 2021-05-02, jpeg bild wrote: > worked fine for me, its basically just reinstalling but with the same > configuration as your last install "not supported" does not mean "_won't_ work", it means "if you try this and break things, we aren't going to try and change anything to accommodate you,

Re: Can I do 4-26 snapshot to 6.9-stable safely?

2021-05-02 Thread Stuart Henderson
On 2021-05-02, Luke Small wrote: > I have a simple network setup of google fiber with a modem/router at > 196.168.1.1 which the default pf.conf should work instead of my pretty > complicated (for a home network) pf.conf . I have no clue why the bsd.rd > doesn’t work anymore…unless the

Re: BGP circular routing

2021-04-29 Thread Stuart Henderson
On 2021-04-29, Marko Cupać wrote: > I guess this is not related to bgpd, but I hope there are skilled > network admins here who can give me advice. > > I have a problem with circular routing on a site which talks BGP with > two upstream providers, with traffic to site which has static default >

Re: .profile not being loaded (ksh) when opening shell in X

2021-04-27 Thread Stuart Henderson
On 2021-04-26, tetrahe...@danwin1210.me wrote: > I have some custom additions to my $PATH. They're defined in ~/.profile > and they are correctly loaded when I log in from a text console. > > When I log in to X (cwm) and open a terminal window, $PATH does not > contain the entries. > > I tried

Re: PPPoE mtu overwrites/ignores

2021-04-26 Thread Stuart Henderson
On 2021-04-25, Valdrin MUJA wrote: > As a grumpy person, I didn't believe at them and quickly installed npppd into > another computer and used it as pppoe-server but nothing changed. (I've set > mru as 1550 at npppd.conf) npppd isn't a valid test as it does not support RFC 4638.

Re: w o w

2021-04-24 Thread Stuart Henderson
On 2021-04-24, ben wrote: > I apologize for my language, I shouldn't have stooped to Olive's level and > sent > that to the mailing list. > > However I believe that if Olive thinks they have the right to berate this > mailing list on how selfish we are then we have a right to tell them off for

Re: mistype on https://www.openbsd.org/events.html

2021-04-23 Thread Stuart Henderson
On 2021-04-23, Olive Power wrote: > what is the "openbse" on events.html https://www.openbsd.org/events.html https://www.openbsd.org/tshirts.html#5

Re: is the april 19 iso on planetunix official

2021-04-23 Thread Stuart Henderson
On 2021-04-23, Olive Power wrote: > obviously this cdn is on https://www.openbsd.org/ftp.html > https://mirror.planetunix.net/pub/OpenBSD/6.9/ > i install it and find it signed and build by draat@ not the release@ build > machine > interesting to see a current version go into a release cdn

Re: Release schedule/general product engineering

2021-04-23 Thread Stuart Henderson
On 2021-04-22, Andrew Grillet wrote: > I also can no longer find architecture-specific change logs (to see if > work has been > done that might affect Sparc64 installs, and make things different from when I > installed 6.8 on this hardware last time). These are often separated out per-arch in

Re: default Offset to 1MB boundaries for improved SSD (and Raid Virtual Disk) partition alignment

2021-04-21 Thread Stuart Henderson
On 2021-04-21, Kent Watsen wrote: > - When ZFS is told to use the SSD, it starts the partition > on sector 256 (not the default sector 34) to ensure good > SSD NAND alignment. The OS doesn't get all that close to the NAND layer with typical computer component SSD drives,

Re: sndio: way to play and record from different devices?

2021-04-19 Thread Stuart Henderson
On 2021-04-19, Ax0n wrote: > I have a nice microphone attached to a USB sound device, but I'd like to > rely on my computer's built-in line out for speakers from the same program > (e.g. Audacity, Firefox). It feels like sndio might have some way to let > programs use snd/0.play and snd/1.rec, or

Re: WireGuard, keepalive time doubled?

2021-04-15 Thread Stuart Henderson
On 2021-04-14, Jan Johansson wrote: > Hello! > > I was experimenting with wireguard keepalive and noticed that > keepalive packets seems to be sent on double the time that I have > set which I find a bit unintuitive. FWIW I'm using wgpka 75 with one peer in one place, and wgpka 50 with several

Re: Technical Documentation - CARP

2021-04-13 Thread Stuart Henderson
On 2021-04-13, Janne Johansson wrote: > Den tis 13 apr. 2021 kl 10:29 skrev jannick Weiss : >> Hello,my name is Jannick Weiss and i am currently in the process of taking >> my education as a datatechnician. As part of my education i have to do a >> presentation on a self-elected subject and i

Re: Upgrade to 6.8 issues

2021-04-12 Thread Stuart Henderson
On 2021-04-11, Jeff Ross wrote: > Hi all, > > Just upgraded to 6.8 from 6.3 (yes, I know...) and now find a few of the > websites I'm hosting are no longer connecting to postgres because pear > DB is apparently no longer in ports.  Fortunately so far they all appear > to be *my* websites so no

Re: Small/Mini 10Gbe Router Recommendation

2021-04-08 Thread Stuart Henderson
On 2021-04-07, Daniel Melameth wrote: > Looking to finally part with my legacy OpenBSD router and upgrade to > something that can push more than 2Gbps out of a single port. Since > my switching equipment is still only 1Gbe, I also want something that > has, at least, two Gbe ports. > > Any

Re: ifconfig problem with >10 wireguard peers

2021-04-07 Thread Stuart Henderson
On 2021-04-07, Harald Dunkel wrote: > Hi folks, > > apparently ifconfig (openbsd 6.8) shows only 10 wireguard peers > for wg0, even if hostname.wg0 defines 12 peers. This is pretty > painful. > > Do you think it would be possible to increase this limitation to > (lets say) 253? I don't see that

Re: relayd and EC tls - key size 832 is not supported

2021-04-06 Thread Stuart Henderson
On 2021-04-06, Chris Narkiewicz wrote: > TLS certificate has been generated using easyrsa, and it uses EC algo > with secp384r1 curve. > > When I start relayd, it complains about unsupported key size: > > ca_engine_init: using RSA privsep engine > ... > ssl_ctx_fake_private_key: key size 832 not

Re: acme-client, error 21 at 0 depth lookup:unable to verify the first certificate

2021-04-03 Thread Stuart Henderson
On 2021-04-03, open...@crw.name wrote: > Yeah, like that but Google was no help. > > Am 03.04.2021 19:10, schrieb Florian Obser: >> https://xkcd.com/979/ >> > > But if you follow-up with information about what the problem was and how you fixed it, then it might be helpful for someone who comes

Re: Iked windows client using certificates?

2021-04-02 Thread Stuart Henderson
On 2021-04-01, Justin Mayes wrote: > Hello everyone > > Just wanted to check my sanity after so many days. I have ikev2 setup working > for windows machine for a long time using the following. So, to repeat this > works, it connects fine. > > ikev2 passive esp \ > from 0.0.0.0/0 to

Re: Gigenet Mirror x*69.tgz Failing to Verify Sets

2021-03-31 Thread Stuart Henderson
On 2021-03-30, Charlie Burnett wrote: > Hi, > Currently the gigenet mirror is failing to verify for all four X packages > on snapshot. They verify fine when I point it towards cdn.openbsd.org, but > this is the case for both when trying to install from both bsd.rd and an > install iso. This is in

Re: [Ver3.6/3.9] Old version need help

2021-03-30 Thread Stuart Henderson
On 2021-03-30, cclai wrote: > Hello, > > I'm Hachi, > Our company’s server uses the 3.6 and 3.9 version of the system, > Used for more than ten years, > and there is a need to reinstall at present. > > I have tried the file installation on FTP and failed. >> Russia (Moscow)

Re: The case of the phantom reboot

2021-03-28 Thread Stuart Henderson
On 2021-03-28, David Newman wrote: > On 3/28/21 4:58 AM, Kristjan Komloši wrote: > >> On 3/27/21 10:27 PM, David Newman wrote: >>> OpenBSD 6.8 GENERIC#5 i386 >>> >>> One of my systems rebooted at 03:01 local time today. I've seen kernel >>> panics and bad hardware but I've never seen OpenBSD

Re: cgit about-filter in chroot (httpd + slowcgi)

2021-03-28 Thread Stuart Henderson
On 2021-03-28, Kristaps Dzonsons wrote: $ cat < my-cgit-filter.c #include int main(void) { execl("/bin/lowdown", "lowdown", NULL); return 1; } EOF So essentially all this is doing is stripping off the command line arguments. $ cc

Re: Layer2 Tunneling Over pppoe(4)

2021-03-27 Thread Stuart Henderson
On 2021-03-27, Valdrin Muja wrote: > Can we set up egre(4), etherip(4) or vxlan(4) tunnel over pppoe ? Yes, but watch out for MTU problems especially if you have pppoe on one endpoint and ethernet at the other. See pppoe(4) about RFC 4638, if your provider supports this it may be useful. If not

Re: Go programs only using one CPU core

2021-03-26 Thread Stuart Henderson
Hm, the boot messages have been pushed out by USB reattachments, but ncpuonline suggests it should work. Please try top -H rather than htop. PID TID PRI NICE SIZE RES STATE WAIT TIMECPU COMMAND 24659 276986 640 103M 2988K onproc/2 - 1:06 96.00%

Re: Go programs only using one CPU core

2021-03-26 Thread Stuart Henderson
On 2021-03-26, Richard Ulmer wrote: > Hi, > it seems to me like Go (from the lang/go port) does not utilize more > than one CPU core on OpenBSD. Let's take this program, which may be run > with `go run main.go`: > > package main > func main() { > go work() >

Re: Adding accessibility for blind and low vision individuals to OpenBSD?

2021-03-25 Thread Stuart Henderson
It wouldn't provide full keyboard handling and > all that, but it would at least speak the prompts. The problem is that > I have no idea how well that'd work. > > On 3/25/21, Stuart Henderson wrote: > > On 2021-03-23, Ethin Probst wrote: > >> Apologies if this is unnecess

Re: blacklistd analogue

2021-03-25 Thread Stuart Henderson
On 2021-03-25, Kapetanakis Giannis wrote: > How about a distributed setup? Not on OpenBSD yet but there is "crowdsec"

Re: Adding accessibility for blind and low vision individuals to OpenBSD?

2021-03-25 Thread Stuart Henderson
On 2021-03-23, Ethin Probst wrote: > Apologies if this is unnecessary sending of this, but I sent this to > the tech OpenBSD mailing list (which might've not been the right list) > so I'm re-sending it to this one just in case. (It might've gotten > lost too.) The original email is below: It did

Re: blacklistd analogue

2021-03-24 Thread Stuart Henderson
On 2021-03-24, jeanpierre wrote: > Does there exist an OpenBSD analogue for FreeBSD's blacklistd daemon? > > For the sake of completeness: blacklistd is a daemon that, using pf > anchors, blocks connections from abusive hosts to parctiular services > (e.g. sshd) until they start behaving

Re: aggr+vlan lost packets

2021-03-23 Thread Stuart Henderson
On 2021-03-22, Szél Gábor wrote: > Dear List! > > We make some tests, i think this is intel em driver (82571EB) bug! > > * if i move aggr0 from em devices to bnx devices, everything will be fine! > (only change trunkport from em to bnx) > * if i change intel network card to other intel

Re: HP microsever gen 10 AMD x3216

2021-03-20 Thread Stuart Henderson
On 2021-03-20, Kihaguru Gathura wrote: > Hello, > > OpenBSD 6.8 amd64 iso installation hangs @ > > _ > _ > _ > isa0 at mainbus0 > pckbc0 at isa0 port 0x60/5 irq 1 irq 12 > _ > > > Any lead on this? > > Thanks, > > Kihaguru > Does it help to "boot -c" and "disable pckbc"?

Re: Q: pkg_add fails with: TLS handshake failure: ocsp verify failed: Undefined error ...

2021-03-19 Thread Stuart Henderson
In gmane.os.openbsd.misc, li...@y42.org wrote: > > Hi All, > > What would cause pkg_add -u to report this error? >> https://ftp.fau.de/pub/OpenBSD/snapshots/packages/amd64/: TLS handshake >> failure: ocsp verify failed: Undefined error: 0 >>

Re: Subadressing sieve

2021-03-13 Thread Stuart Henderson
On 2021-03-13, Petr Ročkai wrote: > Dear Pascal, > > On Fri, Mar 12, 2021 at 10:52:15PM +0100, Pascal Huisman wrote: >> I have sieve filtering setup threw lmtp to dovecot. Dovecot does the >> filtering. It works. But for the subaddressing it doesn't. > > I think you might need to set 'rcpt-to' in

Re: gold linker on OpenBSD

2021-03-12 Thread Stuart Henderson
On 2021-03-12, Riccardo Mottola wrote: > is the gold linker available for OpenBSD i386? No.

Re: pf firewall bridge0 vether0 blocks DHCP for bridge interfaces connected to Windows

2021-03-11 Thread Stuart Henderson
On 2021-03-11, da...@hajes.org wrote: > Thanks for info Claudio. > > Unfortunately, I have read only "Networking FAQ" > https://www.openbsd.org/faq/faq6.html and there is no info about it. > > It would be great to update this page for dummies because just very few > read reference manuals line

Re: 6.8 with gnome boots to xterm after upgrade

2021-03-10 Thread Stuart Henderson
On 2021-03-10, Sivan ! wrote: > Thank you. Please see inline: > > On Tue, 9 Mar 2021 at 13:03, Stuart Henderson wrote: >> >> On 2021-03-08, Sivan ! wrote: >> > Thank you. One unresolved issue. While running fetch, there was an >> > error pop up that said

Re: sometimes graphics is slow, with high Xorg CPU usage

2021-03-09 Thread Stuart Henderson
On 2021-03-09, Aaron Miller wrote: > For some time now, my -CURRENT system will occasionally get into a > state where graphics is slow to refresh and the Xorg uses ~50% of > CPU. I notice this in Firefox or GVim when repeatedly pressing > PgDn on a long site/file, and in Evolution (emails are

Re: Flatbed scanner stopped wording - permissions problem?

2021-03-08 Thread Stuart Henderson
On 2021-03-08, Duncan Patton a Campbell wrote: > > > this is what I use > > doas -u root scanimage --mode gray -x215 -y297 --resolution 300dpi -B > > fdsa.pnm > > which works with the perms asis. xsane only worked as root for me > (across multple platforms/revs) so it's always been something

Re: 6.8 with gnome boots to xterm after upgrade

2021-03-08 Thread Stuart Henderson
On 2021-03-08, Sivan ! wrote: > Thank you. One unresolved issue. While running fetch, there was an > error pop up that said /usr directory is out of space, though an > entire 250 GB nvme is for OpenBSD, almost with no user files, except > for the ports tree that was being downloaded b the fetch

Re: ikectl ca and subjectAltName for IKEv2 VPNs

2021-03-08 Thread Stuart Henderson
On 2021-03-04, David Newman wrote: > On 3/4/21 12:29 AM, Stuart Henderson wrote: > >> On 2021-03-04, David Newman wrote: >>> Apparently Apple iOS and iPadOS VPN clients now require a subjectAltName >>> in the client cert, not just the CN, to set up IKEv2 VPN tunnel

Re: IPv6 NDP Confusion with PF enabled

2021-03-08 Thread Stuart Henderson
On 2021-03-08, Antonino Sidoti wrote: > I am confused about how Neighbor Discovery is not working when the firewall > is on. Check your blocked packets. You already have "log" on mpst block rules, so look at either /var/log/pflog or live with tcpdump -e on the pflog0 interface.

Re: Flatbed scanner stopped wording - permissions problem?

2021-03-07 Thread Stuart Henderson
On 2021-03-07, Anthony Campbell wrote: > > Hello misc@: > > > My Epson Perfection 1650 has worked on -current for many months but in > the last 3 days attempts to scan with xsane say: "Failed to start > scanner: operation not supported". > > Scanimage -L shows the scanner is detected corectly. >

Re: 6.8 with gnome boots to xterm after upgrade

2021-03-04 Thread Stuart Henderson
On 2021-03-03, Sivan ! wrote: > After sysupgrade -s, during which there were two or more automatic > reboots, freebsd, upgraded to 6.9 booted after asking password for ssh key, > and started with xvterm console. Startx attempted to switch to gui, but > returned errors. > > Please advise. > >

Re: ikectl ca and subjectAltName for IKEv2 VPNs

2021-03-04 Thread Stuart Henderson
On 2021-03-04, David Newman wrote: > Apparently Apple iOS and iPadOS VPN clients now require a subjectAltName > in the client cert, not just the CN, to set up IKEv2 VPN tunnels.* The > subjectAltName can be the same as the CN; it just has to be present. Most IKE software has always needed this.

Re: relayd error: socket_rlimit: max open files 1024

2021-03-02 Thread Stuart Henderson
On 2021-03-02, Jean-Pierre de Villiers wrote: > The entry openfiles-cur=1024 is overriding the entry openfiles=1024. > Note that openfiles=value sets both openfiles-max=value and > openfiles-cur=value. > > The setting openfiles-max setting is the upper limit which can only be > changed by root

Re: OpenBSD 6.8 - softraid issue: "uvm_fault(0xffffffff821f5490, 0x40, 0, 1) -> e"

2021-03-02 Thread Stuart Henderson
On 2021/03/02 00:09, Mark Schneider wrote: > Hi, > > Thank you for your feeeback. > > Also OpenBSD 6.9beta snapshot is crashing when I setup RAID5 with three > "Samsung PRO 860 1TB" SSDs. > OpenBSD obsd69b.it-infra.org 6.9 GENERIC.MP#368 amd64 > > obsd69b# dmesg | grep  -i bios > bios0 at

Re: 4k sector disk on APU2 problems

2021-03-01 Thread Stuart Henderson
On 2021-03-01, Raimo Niskanen wrote: > Hi Misc! > > Unfortunately I do not have one clear question here, but I wonder if somebody > could shed som light on some problems I have encountered on my PC Engines > APU2. > > It runs OpenBSD 6.7 from a 32 GB mSATA SSD disk, and I would like to change >

Re: What determines source IP of traffic from OpenBSD box ?

2021-02-28 Thread Stuart Henderson
On 2021/02/28 11:46, Rachel Roch wrote: > Thank you all for the suggestions, I am currently testing a few of them. > > Incase it makes any difference, the underlying problem I have is I have two > firewalls with BGP upstreams, one acting as primary, one as standby.  So the > problem I am seeing

Re: can texlive package be installed ?

2021-02-27 Thread Stuart Henderson
On 2021-02-27, Shadrock Uhuru wrote: > system information. > OpenBSD 6.9 GENERIC.MP#343 amd64 > flavor: current > > when i try to install texlive, > all i get is :- > > doas pkg_add -v texlive_texmf-full > Update candidates: quirks-3.588 -> quirks-3.588 > quirks-3.588 signed on

Re: openssl/libressl s_client -crlf difference

2021-02-26 Thread Stuart Henderson
On 2021-02-26, Michael W. Lucas wrote: > Hi, > > Should LibreSSL and OpenSSL be strictly command line compatible? > > The reason I ask is: using OpenSSL, I can use openssl s_client to > connect to a site like so: > > $ openssl s_client -crlf www:443 > > LibreSSL requires I add the -connect > > $

Re: What determines source IP of traffic from OpenBSD box ?

2021-02-26 Thread Stuart Henderson
On 2021-02-26, Daniel Jakots wrote: > On Fri, 26 Feb 2021 11:53:40 +0100 (CET), Rachel Roch > wrote: > >> Let's say I'm running "pkg_add -u" on a OpenBSD-based router with >> multiple interfaces. >> >> What determines the source IP ? > > On -current there is > route [-T rtable] sourceaddr

Re: Bufferbloat, FQ-CoDel, and performance

2021-02-26 Thread Stuart Henderson
On 2021-02-26, Sven F. wrote: > On Thu, Feb 25, 2021 at 8:38 PM Steven Shockley > wrote: >> >> I can try it, but I don't think it'll help in my case: It's worth trying anyway I think. > Can the patch sys/net/pf.c r1.1096 be applied on 6.8 ? > or does it need some others files to be changed as

Re: Timeout when fetching AnonCVS

2021-02-25 Thread Stuart Henderson
On 2021-02-25, Emil Engler wrote: > Hello misc, > since Saturday I always get the following error message when > trying to obtain an initial CVS tree from the official server pointed > out in the anoncvs.html document. > > ssh: connect to host anoncvs.ca.openbsd.org port 22: Operation timed out >

Re: snapshot of today, pkg_add -u changed behaviour

2021-02-24 Thread Stuart Henderson
On 2021-02-24, Marcus MERIGHI wrote: > Hello! > > I just ugraded two machines to the snapshot of the day: > > OpenBSD 6.9-beta (GENERIC.MP) #357: Tue Feb 23 22:09:48 MST 2021 > dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP > > When I run pkg_add -u afterwards, it just

Re: OpenBSD: Failing to link custom libpng to custom libz, any thoughts how fix?

2021-02-24 Thread Stuart Henderson
On 2021-02-23, Bob wrote: > Hi, > > I am trying to make a custom build of libpng in my home directory, > using a libz build that I made in my home directory also. > > Both are latest version, libpng 1.6.37 same as OpenBSD's port >

Re: Bufferbloat, FQ-CoDel, and performance

2021-02-23 Thread Stuart Henderson
On 2021-02-23, Stuart Henderson wrote: > On 2021-02-23, Steven Shockley wrote: >> I have OpenBSD 6.8 running on a Dell R210-II acting as a >> firewall/router. To combat bufferbloat I tried implementing FQ-CoDel >> queueing. The WAN bandwidth is advertised as 940

Re: Bufferbloat, FQ-CoDel, and performance

2021-02-23 Thread Stuart Henderson
On 2021-02-23, Steven Shockley wrote: > I have OpenBSD 6.8 running on a Dell R210-II acting as a > firewall/router. To combat bufferbloat I tried implementing FQ-CoDel > queueing. The WAN bandwidth is advertised as 940 Mbit/sec down and 840 > Mbit/sec up. Flow queues are broken in 6.8 on

Re: OpenIKED and Strongswan

2021-02-22 Thread Stuart Henderson
On 2021-02-22, Riccardo Giuntoli wrote: > Ok I've got the same error on three different OpenBSD, tell me what error > do you want or if you want an access. It would be a good start to run iked in the foreground with iked -vvd and show the log from there.

Re: sndiod on by default (does it need to be ? )

2021-02-21 Thread Stuart Henderson
On 2021-02-21, Tom Smyth wrote: > my thinking is by having the service off by default would reduce the > default attack surface of the OS ? The attack surface is tiny. sndiod has a pair of processes each run as their own dedicated uid, one in a chroot jail containing no files and pledged to not

Re: pf on bridge interface not working

2021-02-21 Thread Stuart Henderson
On 2021-02-20, Eric Zylstra wrote: > -But- make one simple change to filter on the bridge0 interface-- > pf.conf: > > filtered = "{ bridge0 }" > not_filtered = "{ lo, dc0, em0, em1 }" > block log on $filtered > set skip on $not_filtered > > >> doas pfctl -f /etc/pf.conf > >> doas pfctl -sr > >

Re: Possible omission in cflags from pkg-config freeglut

2021-02-20 Thread Stuart Henderson
On 2021-02-19, Julian Smith wrote: > I'm wondering whether pkg-config might not be outputing correct flags > for freeglut. > > For example this programme: > > #include > int main(void) > { > return 0; > } > > - fails to build with: > cc `pkg-config --cflags --libs

Re: No advertisements from CARP master

2021-02-20 Thread Stuart Henderson
On 2021-02-20, Dev Op wrote: > Hello, collegues! > > In vlan2 I have 4 routers: rt1 (master) and rt2 (slave) grouped into VHID > 50 in terms of CARP; rt3 (master) and rt4 (slave) grouped into VHID 2. Why > don't I see carp advertisements from rt1? Instead, I see carp announcements > only from rt3

Re: Aspeed AST2400 integrated video supported?

2021-02-18 Thread Stuart Henderson
On 2021-02-18, Родин Максим wrote: > Hello > Is that type of video chip on server motherboard (Supermicro X11SSL) > supported? > > Yes

Re: 6.9-BETA Installer crash

2021-02-18 Thread Stuart Henderson
On 2021-02-18, Chris Zakelj wrote: > On 2/18/2021 12:26 PM, Chris Cappuccio wrote: >> Chris Zakelj [c.zak...@ieee.org] wrote: >>> Thought I'd try using the Dell and ARC-1200 combination with 6.9-BETA I >>> mentioned a couple months ago >>> (https://marc.info/?l=openbsd-misc=158259981320518), but

Re: Just to doublecheck, is softraid sandwhiching possible (FAQ says not)

2021-02-13 Thread Stuart Henderson
On 2021-02-13, Joseph Mayer wrote: > https://www.openbsd.org/faq/faq14.html#softraidFDE says: > > "Note that "stacking" softraid modes (mirrored drives and encryption, for > example) is not supported at this time." > > I had the impression that it's possible. Please feel free to > doubleconfirm

Re: Trouble with remote syslog over TLS

2021-02-13 Thread Stuart Henderson
On 2021-01-21, Seth Hanford wrote: > I'm trying unsuccessfully to create a central syslogd logging server between > two OpenBSD 6.8 hosts, but I can't see what I'm missing. > > My syslog server (logs.lan.ckure.com) has a certificate from my internal CA, > and that certificate's Root &

Re: Intel wifi ipw showing up but not working

2021-02-12 Thread Stuart Henderson
On 2021-02-12, Riccardo Mottola wrote: > The laptop has this network card: > > ipw0 at pci2 dev 4 function 0 "Intel PRO/Wireless 2100" rev 0x04: irq > 11, address 00:0c:f1:1f:b2:a0 Please send full dmesg, not an excerpt. > I installed the firmware with fw_update. I try to bring the interface

Re: pkg_add and an authenticating proxy

2021-02-11 Thread Stuart Henderson
On 2021-02-11, Stephan Mending wrote: > I'm a dork. I actually tried that but forgot to set "keepenv" in doas.conf. :| This is fairly recent, jca fixed ftp to do http over an authenticated proxy last year

Re: httpd, PHP7.4, phpIPAM, MariaDB

2021-02-10 Thread Stuart Henderson
On 2021/02/10 11:32, Jesse Barton wrote: > After fully reading the /usr/local/share/doc/pkg-readmes/php-7.4 readme I > found that  > there is a third party package called pecl-libsodium so I searched for that > in openports.se and > tried installing it > but had no luck. I also noticed there is

Re: httpd, PHP7.4, phpIPAM, MariaDB

2021-02-10 Thread Stuart Henderson
On 2021/02/10 09:35, Jesse Barton wrote: > Thanks Stuart that's super helpful I'm new to openbsd and must have > completely missed that > those readmes existed. I got everything working last night minus a SAML > integration I'm trying > to setup that says it requires php-mcrypt but I noticed

Re: Installation overwritten... Accidental disklabel and newfs

2021-02-10 Thread Stuart Henderson
On 2021-02-09, Ed Gray wrote: > I have backups and will probably not have lost anything important but I > just wondered if anyone had any suggestions as to whether this is fixable > and what steps to take before I give up and re-install? I followed a how-to > I found which suggested using

Re: httpd, PHP7.4, phpIPAM, MariaDB

2021-02-10 Thread Stuart Henderson
On 2021-02-09, Jesse Barton wrote: > Hey OpenBSD Community, > > I am working on getting phpIPAM setup on a OpenBSD system but so far i'm > running into an issue with connecting the php site to the database. > > I used parts of these documentation pages to get everything working. >

Re: IPv6 - Using 4G Wan

2021-02-08 Thread Stuart Henderson
On 2021-02-08, Antonino Sidoti wrote: > Hello, > > Can anyone confirm if they have a working IPv6 connection with a 4G service? > I cannot get my connection to work with IPv6. Happy to provide more > information if what I have provided below is not enough. I would like to get > a working IPv6

Re: Fwd: ikev2 active roadwarrior with openbsd

2021-02-08 Thread Stuart Henderson
>> On 2021-02-04, Riccardo Giuntoli wrote: >> > A ikev2 passive server in France that got: >> > >> > A CA >> > A server certificate for tls server >> > And a client certificate for tls client >> > >> > I export the CA in PEM format and put it on /etc/iked/ca >> > >> > Next I export the private

Re: acme-client error: unknown SAN entry

2021-02-07 Thread Stuart Henderson
On 2021-02-07, David Higgs wrote: > acme-client: /etc/ssl/primary.example.com.crt: unknown SAN entry: > alternate.example.com > acme-client: bad exit: revokeproc(55821): 1 > > (My real domain is legitimate, and not example.com.) > > I recently decommissioned one of the aliases for my servers,

Re: gdb issue

2021-02-05 Thread Stuart Henderson
On 2021-02-04, Anindya Mukherjee wrote: > I'm trying to debug the systat utility for learning purposes. I enabled > -g -O0 in the Makefile, and built it in /usr/src/usr.bin/systat. It > builds and runs fine. However, gdb cannot insert any breakspoints. I'm > on a very recent snapshot and

Re: ikev2 active roadwarrior with openbsd

2021-02-04 Thread Stuart Henderson
On 2021-02-04, Riccardo Giuntoli wrote: > Hello misc, how are you? > > I've got this scenario: > > A ikev2 passive server in France that got: > > A CA > A server certificate for tls server > And a client certificate for tls client > > I export the CA in PEM format and put it on /etc/iked/ca > >

Re: Cannot mount a LAN samba share with usmb

2021-02-03 Thread Stuart Henderson
On 2021-02-03, tilikoom wrote: > This is an OpenPGP/MIME signed message (RFC 4880 and 3156) > ---70f6a2a78cd3a92ae8289939c5051701 > Content-Type: > multipart/alternative;boundary=-f606deaeef98ebf2eaa6cb6012e96e31 > >

Re: pf queue on packets with state

2021-02-02 Thread Stuart Henderson
On 2021-02-02, michal.lyszc...@bofc.pl wrote: > --syjteu3hgkkj7xpe > Content-Type: text/plain; charset=us-ascii > Content-Disposition: inline > Content-Transfer-Encoding: 7bit > > Hi, I'm trying to setup queues on my LTE interface. This machine is firewall > machine with two interfaces: wan and

  1   2   3   4   5   6   7   8   9   10   >