More 'color' ;-)
proxmox iso's do, and they also include zfs on root as an option,
but they require gui bits to install from what I can tell.
https://www.proxmox.com/en/downloads
Penned by Carlos Cardenas on 20180823 8:45.44, we have:
| On Thu, Aug 23, 2018 at 12:43:17PM +0200, Martijn van
elta0=-7127.806752 secs, OK, Mon Feb 27 11:02:53.434
and this in ntpctl output:
sensor
wt gd st next poll offset correction
vmmci0
1 1 08s 15s 81357.122ms 0.000ms
suggests to me that the time passed to the guest is used as a timedelta sensor
using the native ntpd, n
Penned by dikshie on 20131208 19:50.21, we have:
| On Mon, Dec 9, 2013 at 7:00 AM, Claudio Jeker cje...@diehard.n-r-g.com
wrote:
| Check with tcpdump if the packets go out and to the right place.
| Maybe try to figure out if they arrive at the destination to figure out
| where they get lost.
|
Penned by andy on 20130904 15:21.22, we have:
| Hi, one last question.
|
| I am reading through lots of examples and documentation on OpenBSD and v6
| and most seem to refer to adding the v6 address to /etc/hostname.X as an
| 'alias', e.g.;
| inet 10.0.0.1 255.255.255.0
| inet6 alias
Penned by Andy on 20130829 9:57.29, we have:
| Hi everyone,
|
| I'm hoping someone can help me as I'm not having much luck with adding
| IPv6 to the mix of our already working IPv4 setup.
|
| What should /etc/hostname.carpX look like for an IPv6 setup? Is this
| correct;?
|
| inet 10.0.10.1
Penned by Andy on 20130704 9:25.40, we have:
| On Thu 04 Jul 2013 15:22:55 BST, Anders Berggren wrote:
| I'd rather not have to create extra tunnels or define VPN policies with
subnets which have prefixes wider than the internal LANs.
| That leaves mangling, but I cannot see how I would do the
I'm hoping someone out there knows more than my google searching skills.
I'm looking for a small (phone or slightly larger sized) computer that will
run OpenBSD, has audio and wifi supported, and has a decentish battery life.
I want to couple it with a mifi with verizon to do VoIP and IM and
Penned by Patrik Lundin on 20130507 16:02.25, we have:
| On Tue, May 07, 2013 at 09:16:25PM +0200, Stefan Bagdohn wrote:
| Wasn't this check introduced as mitigation of CVE-2008-2476 five years ago?
| E.g. http://ftp.openbsd.org/pub/OpenBSD/patches/4.4/common/001_ndp.patch
|
|
| Maby
Penned by Jan Stary on 20121017 10:46.55, we have:
| This is current/i386 on an IBM Thinkpad T40.
|
| It comes with an ipw(4) wifi interface, which works fine. Anyway,
| the ipw(4) seems to be one of the substantial battery eaters. So
| I would like to not use the interface when running on
Penned by Claudio Jeker on 20120831 9:27.50, we have:
| On Fri, Aug 31, 2012 at 09:22:06AM +, Stuart Henderson wrote:
| On 2012-08-31, Remi Locherer remi.loche...@relo.ch wrote:
| I rented a server from Hetzner where I installed OpenBSD 5.1. Hetzner also
| provides IPv6 but somehow with
Penned by Michael Mercier on 20120812 12:03.16, we have:
| Hello,
|
| I am seeing a behavior in pf that I don't understand.
|
| # uname -mrvp
| 5.0 GENERIC#36 sparc64 SUNW,UltraSPARC-IIIi (rev 2.4) @ 1062 MHz
|
| When I have the following configured:
|
| (not complete configuration)
|
|
Penned by Matt S on 20110411 16:59.09, we have:
| Okay, I did that but apparently I spoke too soon as a tcpdump reveals packets
| are still being blocked. Here is an example from a tcpdump on the pflog0
| interface:
|
| Apr 11 14:57:43.943764 rule 1/(match) block in on tun0: 172.16.254.2
|
Have you tried ping6 -n ff02::2%re0 ? Does anyone respond? Try using
the respond(ers) as your IPv6 default gateway.
Link local is best for IPv6 gateways for various reasons, if your upstream
isn't picky (unlike he.net tunnels, for example).
Penned by Moritz Grimm on 20110313 6:43.32, we have:
dhclient(8) on OpenBSD only supports IPv4, by design.
wide-dhcpv6 exists in the ports tree, that is the available option
for you if you want to use dhcpv6 and IPv6 today.
Penned by johnw on 20110301 7:50.28, we have:
| I search google, and all howto is assert isp not support ipv6 and use
|
SEE ALSO
resolv.conf(5)
Search for 'family'
I suspect you want:
family inet6 inet4
I run with this myself.
Penned by Michael W. Lucas on 20110127 12:41.05, we have:
| Hi,
|
| My desktop, running the January amd64 snapshot, has a ipv6 tunnel via
| he.net. It seems that my
This will be corrected as new snaps go out. Building differently
didn't produce the same result as before, go figgure.
Penned by MERIGHI Marcus on 20110119 5:20.13, we have:
| hello all,
|
| just noticed that the SHA file is missing the checksums for the x*49.tgz
| files.
|
| bye,
|
|
Penned by Stuart Henderson on 20100614 12:28.46, we have:
| On 2010-06-14, rh...@hushmail.com rh...@hushmail.com wrote:
| Hello list,
|
| I'm looking to explicitly disable IPv6 on interfaces where it is
| not used. This includes link local addresses.
|
| However, this :
|
| # cat
Try s/hmac-sha2-256/hmac-sha1/ until you have updated all your firewalls.
Also try seeing http://www.openbsd.org/faq/current.html#20100110 ..
Penned by Toni Mueller on 20100317 17:55.34, we have:
| Hi,
|
| I've installed the latest snapshot, with kernel bsd.mp#488, on a
| machine that has
This might be a better option, no custom kernel..
http://undeadly.org/cgi?action=articlesid=20080724184757
Penned by Andris K?d?r on 20100310 18:59.06, we have:
| Hello,
|
| I try to build an ipv6-only network behind an OpenBSD box and
| I am having problems with faith.
|
| 'ifconfig -C'
You need a tun(4) device per qemu '-net tap' argument, sometimes multiple per
qemu instance, sometimes none per qemu instance..
Thanks,
Penned by Rogier Krieger on 20100202 16:51.31, we have:
| On Tue, Feb 2, 2010 at 15:27, Matthias Pfeifer m...@finance-circle.de wrote:
| [...] Then the
You can chroot internal-sftp but not external.
Penned by Denis Doroshenko on 20100108 16:50.31, we have:
| hi,
|
| is there any benefits of using internal-sftp over
| /usr/libexec/sftp-server (which is being used with default
| sshd_config)? sshd_config(5) says:
|
| For file
.
Penned by Denis Doroshenko on 20100108 18:31.28, we have:
| On 1/8/10, Todd T. Fries t...@fries.net wrote:
| You can chroot internal-sftp but not external.
|
| well i chrooted external no prob, just put insude the chroot what ldd
| /usr/libexec/sftp-server and i found out that the only thing, which
Penned by Joakim Aronius on 20091215 8:47.29, we have:
| * Todd T. Fries (t...@fries.net) wrote:
| Must is there, granted. For IPSec tunnels encapsulating IPv6 inside IPv4,
| there are tricky problems that were looked at during n2k9 but not solved
| that prevent the proper icmp6 too big
Penned by Bob Beck on 20091214 13:43.50, we have:
|
| Current qemu releases (more recent than in the ports tree) do not run on
| OpenBSD (have not been able to solve this yet *sigh*) so the above person
has
| Linux running natively and OpenBSD inside a newer qemu. ?Originally it was
| kvm
Penned by Henning Brauer on 20091213 20:57.07, we have:
| * Sam Watkins s...@nipl.net [2009-12-13 20:45]:
| I have been playing with qemu and finally found out how to get
| networking going for OpenBSD and NetBSD guests. If you are
| interested, please check out my qemu page. It shows my
Must is there, granted. For IPSec tunnels encapsulating IPv6 inside IPv4,
there are tricky problems that were looked at during n2k9 but not solved
that prevent the proper icmp6 too big message from being sent with the
proper source address to match the VPN config so it might make it back
to the
Penned by Jonas Thambert on 20091210 9:39.33, we have:
| Like a month ago we got a complain from a user that our website
| was unreachable over IPv6. We have 2x Native Ipv6 transits. The user
| had bought IPv6 from an ISP thay uses tunneling to deliver it
| to the organization. After some packet
Penned by Henry Sieff on 20091210 12:24.37, we have:
| On Thu, Dec 10, 2009 at 11:44 AM, FRLinux frli...@gmail.com wrote:
| On Thu, Dec 10, 2009 at 2:03 PM, Tomas Bodzar tomas.bod...@gmail.com
wrote:
| http://www.openbsd.org/books.html#book3
|
| Thanks for that, was unaware of that book. Just
Penned by Corey on 20091206 13:52.42, we have:
| I'll don the Nomex here and say that rather than turning IPv6 off,
| I just block it with pf. I don't know if that is what the OP wants,
| but it is relatively simple to do (as opposed to twiddling things in
| the kernel) and it keeps me from
Penned by Dope Ice Apollyon the Third on 20091204 10:43.03, we have:
| On Fri, Dec 4, 2009 at 10:20 AM, Luis Useche use...@gmail.com wrote:
| On Fri, Dec 4, 2009 at 12:07 AM, Ted Unangst ted.unan...@gmail.com wrote:
| On Thu, Dec 3, 2009 at 11:47 PM, Dope Ice Apollyon the Third
|
Penned by Ted Unangst on 20091204 16:30.57, we have:
| On Fri, Dec 4, 2009 at 1:34 PM, Todd T. Fries t...@fries.net wrote:
| Unfortunately qemu has aio support.
|
| Does it really need it? I cooked up a basic userland implementation
| using pthreads last night.
They provide compatibility
Penned by Justin Smith on 20091104 15:45.33, we have:
| Theo wrote:
|
| For the record, this particular problem was resolved in OpenBSD a
| while back, in 2008.
|
| Nice, but:
|
| Since 2.6.23, it has been possible to prevent applications from
| mapping low pages (to prevent null pointer
Penned by Thomas Schoeller on 20090902 21:50.14, we have:
| hello,
|
| i'm trying to make a ipv4 over ipv6 tunnel, but ifconfig tells me:
|
| ifconfig: error in parsing address string: temporary failure in name
| resolution
|
| when i'm issueing:
|
| ifconfig gif0 tunnel XX:XX:XX:0:0:0:0:1
Penned by Stuart Henderson on 20090828 8:51.04, we have:
| On 2009-08-28, Ian Chard ian.ch...@sers.ox.ac.uk wrote:
| On 27/08/09 13:44, Schvberle Daniel wrote:
| Hi,
|
| I'm using OpenBSD 4.5-stable, and I'm trying to configure RADIUS
| authentication. What I want is for the system to try
Not sure what unix you're running, over here, uid_t is 32bit.
Penned by Robert on 20090827 20:52.31, we have:
| On Thu, 27 Aug 2009 13:23:18 -0400
| Morris, Roy rmor...@internetsecure.com wrote:
|
| G'day,
| I searched around but couldn't find a simple answer to this
| question. I want to
Try TERM=xterm-color
Penned by Pieter Verberne on 20090617 22:39.56, we have:
| Hi,
|
| When I run mutt (or tmux/colorls -G/etc) from xterm, I have fancy
| colors=] But when I run:
|
| $ xterm -e mutt
|
| I don't have colors =[ (I'm running dwm and I want xterm to start tmux
| automaticly)
|
If you use the kernel mode pppoe, you can ifconfig add them as an
alias to the interface, you might be able to do the same to the tun
interface, see if it works...
You are showing your roots, tun0:0 and tun0:1 are Linux naming
conventions, here in OpenBSD we just add addresses to the device
sane-project.org is in the ports tree for scanning as a backend,
and is the de facto scanning support project for all of unix. You
won't find anything usb related different between any of the unixes
here.
Penned by Joe Gidi on 20090520 17:31.26, we have:
| Christopher Intemann wrote:
|
| Hi,
|
When dealing with web based submission, the best thing I have found is
to make sure the web based submission adds its own headers like what it
is and where the user came from and such so when diagnosing the problem
one can easily block based on that information. If there is an account
involved,
I believe you want:
$ sudo route add -inet6 -net -blackhole 2607:f2f8:: -prefixlen 32 ::1
--
Todd Fries .. t...@fries.net
_
| \ 1.636.410.0632 (voice)
| Free Daemon Consulting, LLC \
To clarify. IPv6 nfs support does exist in the wild, just not for OpenBSD,
yet.
--
Todd Fries .. t...@fries.net
_
| \ 1.636.410.0632 (voice)
| Free Daemon Consulting, LLC \ 1.405.227.9094
You cannot get internet access on a backup carp interface, period.
I have seen what you see before, and it comes from not starting things
up in proper order manually, i.e. configuring a system, and not
rebooting it after it was configured so that boot time configs get
processed in proper order.
The other answer is, ESP provides AH, therefore AH is deprecated.
Unless you really really want to play with AH to verify it works and such
(which the below suggests it does not) ...
--
Todd Fries .. t...@fries.net
_
|
There are power savings for 802.11 that OpenBSD does not support; this is
entirely independent from saving battery via cpu clocking and it is also
entirely independent from saving battery via adjusting the transmit power
of the radio. The power savings for 802.11 actually put the radio to sleep
You should try current. I have these very chipsets on a board I have, and
the IDE support works great for PATA drives, haven't plugged in any SATA
drives I will admit, mind showing a dmesg so we can get an idea of how
old a kernel you are running/
It was suggested to me the SIS 190 is such a
As mentioned in another post to this list recently I use IPv6 to secure
my tunnels when roaming to get pre-allocated IPv6 on my laptop..
Look for 'totd' in the subject and I think you'll see some useful examples.
Thanks,
--
Todd Fries .. t...@fries.net
Try:
pkg_delete -n /var/db/pkg/*
Look for any lines mentioning failes are missing or files have the wrong
hash. For example, I added a '.' to README.OpenBSD in qemu:
$ pkg_delete -n qemu
/usr/sbin/pkg_delete should be run as root
Pretending to delete qemu-0.9.1p4
Problem:
If you have a package that somewhere down the line has requirements for
libraries only provided by xbase, well, you're going to need xbase. If
you're concerned about security, you can always un-setuid the bin/ dir,
but you really do need xbase for packages that require freetype shared
libs. It's
Penned by Stephan A. Rickauer on 20081216 16:14.32, we have:
| I started playing with ipv6. It feels like back in the early 90's, when
| I had to learn how 'the Internet' works ;)
Yes, I recall sitting in a basement with friends around that time, deciding
with enough parts and computers we would
tried
bioctl -h softraid0
lately?
--
Todd Fries .. t...@fries.net
_
| \ 1.636.410.0632 (voice)
| Free Daemon Consulting, LLC \ 1.405.227.9094 (voice)
|
Ironically, IPv6 cannot solve this scenario either, since by definition
using ipv6 tends to require a tunnel which would naturally fall to the
carped pair which would have the same constraints as the v4 side with
regards to sending to/from the internet, yes?
If you presume native v6, however,
You've stumbled on a missing feature for v6 support in pf.
Nothing is available at present to solve this correctly.
You could do something that defies reason like 'block in inet' instead of
'block in' but .. the bottom line is, 'pf' only has support for reassembling
IPv4 fragments, not IPv6.
, we have:
| On Fri, Dec 05, 2008 at 12:43:33PM -0600, Todd T. Fries wrote:
|
| Theory suggests that PMTUD should handle things such that fragments do not
| appear, but encapsulation and tunneling via IPSec tend to generate them
| anyway..
|
| Are we not breaking PMUTD by silently dropping
Just out of curiosity, humor me, run qemu as root with the following added
options:
-net nic,vlan=0 -net tap,vlan=0
I've observed that at some point user mode networking has started segv'ed on
amd64 when running any qemu guest, and am sorry to report I have not yet
tracked down the
I think you might want to check to see if the file exists not just if the
asprintf succeeds..
But yes I do agree this is useful functionality that I've tested quite
thoroughly...
Index: authpf.c
===
RCS file:
Did you read the pf suggestions via pppoe(4) ? ATT tends to use pppoe(4)..
--
Todd Fries .. [EMAIL PROTECTED]
_
| \ 1.636.410.0632 (voice)
| Free Daemon Consulting, LLC \ 1.405.227.9094
Hey guys,
I think I know what J.C. Roberts is looking for, but alas it is hard to find.
I also purchased one of these vga - svideo cables, and it truly is just
that, some form of converter from vga to s-video with no logic inside.
So, you have to have the perfect sync on the vga side to make
The mirrors are taking a bit to get caught up. You want to look for snaps
dated June 2, 17:00 or later .. another way to verify the newer ati driver
is included is if mach64_drv.so is in xbase44.tgz.
Thanks,
--
Todd Fries .. [EMAIL PROTECTED]
_
|
the mount command is clearly destined to fail unless you add
another line with network=10.0.1 or you change the mask to
mask=255.255.0.0
--
Todd Fries .. [EMAIL PROTECTED]
_
| \ 1.636.410.0632 (voice)
|
Henning,
I think you need to realize what you are saying is misleading at best.
The v6 diff permits you to start listening on v6 _only_ if you specify
a Listen directive that contains a v6 address, including but not
limited to, a wildcard v6 address: :: .
The v6 diff changes the misleading *:80
isakmpd does not do the crypto processing of the actual IPSec tunnels, it
only does the ike negotiations.
Presuming you want to use aes-128, `openssl speed aes' shows that a 1ghz
system that is running 'vi' to type this message is capable of (at the
lowest end) 27mbyte per second.
I think you
Uh, why do we need to defer to courts and seek legal funds and feed the
sharks er lawyers just to comprehend what the two words without
modification?
As I explained to a friend of mine minutes ago ..
adding GPL to BSD is sad to the BSD people (we can't use the GPL code then)
adding GPL and
IPv6 is supported with IPsec. Be aware that pf does not do IPv6 fragment
reassembly yet, so there are some cases where tunneling traffic inside
IPv6 IPsec connections has issues until you change the mtu to the remote
gateway to compensate.
I use IPSec over both IPv4 and IPv6 every week.
On
I'm looking and probably just blind but haven't found any complete systems
using the via c7 esther chipset. Specifically I'm looking for rsa
accelleration.
I suspect I'm not the only one looking and interested.
Thanks,
--
Todd Fries .. [EMAIL PROTECTED]
I definately agree with those previously stating that not all php code
supports php5 yet.
phpBB.com states 'running phpBB 2.0.x with PHP5 is not supported'
.. though there is evidence in their changelogs that they are working on
support for php5.
This is definately not the only codebase in the
On Tuesday 20 June 2006 21:00, Clint Pachl wrote:
Is IP compression/ipcomp flows implemented in ipsecctl(8)? I am trying
to perform encryption (enc) and compression (ipcomp) between two
OBSD3.9 hosts.
IPcomp is known broken for at least two years, perhaps longer. Do not use it.
I've been told that this is in the archives, but I couldn't find it, so I
re-invented it and am presenting it here for anyone else who may find
themselves in a similarly frustrating situation.
The problem is that 1and1 hosting choses to have any root servers
setup with `ip subnet zero'. That's a
New X snaps with a 'dlopen X server' diff are heading out to the mirrors
today and tomorrow as they get built.
I have put this into snapshots to get wide testing before Matthieu
commits this diff. When you test, simply verify your X server starts
and operates normally.
When you do this
68 matches
Mail list logo