Re: Dual boot with 2 openbsd
Am Mi., 17. Juli 2024 um 00:18 Uhr schrieb <04-psyche.tot...@icloud.com>: > Does this idea make sense? No. You'll have to keep both systems up-to-date. Learn how to do backups and how to restore. Best Martin
Re: vi: How to display German umlauts?
Am Sa., 13. Juli 2024 um 13:58 Uhr schrieb : > Am 2024-07-11 05:25, schrieb ropers: > > They were all just the chars in some 256-character charset. However, > > you're prolly not in Kansas, and they're not identical in most > > Unicode formats anymore. > > Sorry, but I don't understand the meaning of "However, you're > [probably] not in Kansas". I assume it's https://en.wiktionary.org/wiki/not_in_Kansas_anymore Best Martin
Rate limit the httpd web server for signup requests
I already do some rate limiting with stateful tracking options for PF, which works really great for the stuff I use it for. I also use block lists of known bad IP addresses etc. But what useful methods exists that prevent spamming a HTML signup form from stuffing the database with useless signups? Naturally the accounts that haven't been validated one way or another gets deleted, but the initial signup is a problem as thousands upon thousands of requests are stored before deletion. I have tried blocking by IP, but this is difficult as the IP changes faster than it can be blocked. The User Agent is spoofed with random garbage. Honey pot empty hidden fields gets detected and ignored. Randomly generated form IDs that gets submitted and validated using a session cookie also doesn't work as the cookie is just stored and then send along. A simple CAPTCHA reduces some of the irrelevant noise, but the more sophisticated bots solves the CAPTCHA. Using Cloudflare's or Google's CAPTCHA is frowned upon by the real users, which I fully understand. So I was wondering, if some other clever method can reduce the noise?
Re: VLAN-tagging - follow-up
> What type of upstream device is em0 connected to? Is it a simple modem, > (e.g. an ONT) or a router of some sort? It turned out that the device in the other end needed to be replaced. > Going a bit deeper, to explain my questions above: > 802.1Q VLANs are basically a tag that gets attached to a packet's > header. And it is perfectly possible for both types of packets to > coexist in the same "wire". Some of them might be tagged, some of them > might not. > > When you create a VLAN interface with a physical interface as its parent > (like your vlan101 on em0) you are telling the kernel "pick up all > packets that arrive on this interface and that have this specific tag, > and bring them to me", for incoming traffic, and "take any packet I am > sending out of this interface and attach this VLAN tag to it". > > Sidenote: this can be replicated many times, so you can have multiple > VLANs being handled by different interfaces, with different IPs on > different subnets, etc, all sharing the same wire, while being > segregated (hence the name "virtual LANs"). > > As I said above, tagged and untagged traffic can coexist, and all > untagged packets will still be routed through the physical interface > (em0). > > Routers and some switches can add/remove tags from packets (e.g. you can > tell a switch to do something like "Get all vlan101 traffic from port 1, > strip the tag, and send it out on port 8, untagged. Also, get all > incoming untagged traffic from port 8, and tag it with vlan101", etc). > > > Try bringing both interfaces down, remove their IP addresses (ifconfig > em0 -inet), run: > > tcpdump -ti em0 port \(66 or 67\) > > on a terminal and then bring both interfaces up on a different terminal > and see what comes up. > > As I said above, tagged and untagged traffic coexist on the physical > interface, so VLAN tagged traffic (i.e. packets that you will get on the > vlan101 interface) will show up in lines starting with > > 802.1Q vid 101 pri 1 ... > > and untagged traffic (i.e. packets that will show up on em0) won't have > that. > > > If you are getting an IP on em0, then my guess is that one of two > things might be happening: > > - there is a DHCP server upstream that is OK with getting untagged > traffic, and so your em0 is getting configured through it > > - your upstream device is getting tagged traffic from your ISP, > stripping its tags and sending it to em0 untagged (and the other way > round, for your outgoing traffic). Thank you very very much for this detailed and very useful explanation!
VLAN-tagging - follow-up
Are you supposed to "bridge" the vlan with the physical interface? I have: $ cat /etc/hostname.em0 up $ cat /etc/hostname.vlan101 vnetid 101 parent em0 inet autoconf up In /etc/pf.conf I have replaced em0 with vlan101 for ext_if. I get "No route to host" if I try to ping something, etc. But if add: $ cat /etc/hostname.bridge0 add vlan101 add em0 up Then it works. Was the bridge part missed in the previous emails about how to use VLAN-tagging or am I missing something?
Recommendations for 2.5G NIC
I am about to upgrade a network from 1G to 2.5G and a couple of boxes needs new NICs. Any recommendations for NICs with good driver support on OpenBSD? It would be nice it the cards also run well on FreeBSD and Linux, if you happen to know that, as a couple of boxes on the network run that and I can perhaps stick to the same card, but it's not a requirement. Thanks in advance.
Re: VLAN-tagging, how?
Thank you all very much for the setup examples, very helpful!
Re: VLAN-tagging, how?
Would this be adequate? /etc/hostname.vlan101 vlandev em0 vnetid 101 em0 is the physical interface connected to the fiber box, it is then setup to get an IP via DHCP. Does vlan101 need to be addressed in PF in any way or are the rules which currently work for em0 enough? > Sorry for the non-inline text. > > OpenBSD makes this super simple and it is well documented. The flow is to > bring up your physical interface and then use that as a parent for your > pseudo vlan interface. > > man ifconfig > > Move down to the VLAN section and it is well described to provide you with > the options you need. > > Any clarification just yell out. Cheers. > > Sent from my iPhone > > > On 31 May 2024, at 8:15 AM, Martin i...@protonmail.com wrote: > > > > I am currently using a home made router with OpenBSD which is connected > > directly to my ISP's fiber router. The OpenBSD router is setup with a > > fixed IP on the WAN port and I do internal NAT etc. > > > > In about a month a new ISP is going to provide internet via the fiber > > and they are changing the equipment. > > > > What they have told me is that in order to use my own router, the > > router has to support VLAN tagging. > > > > The statement I got was: > > > > "We send traffic out on VLAN 100 so your router needs to be tagged to > > 100. Then all it has to do is to get an IP via DHCP." > > > > I have not done any VLAN stuff before and I am unsure exactly how to do > > this. > > > > Is this possible and how exactly is that done? > > > > Thanks.
VLAN-tagging, how?
I am currently using a home made router with OpenBSD which is connected directly to my ISP's fiber router. The OpenBSD router is setup with a fixed IP on the WAN port and I do internal NAT etc. In about a month a new ISP is going to provide internet via the fiber and they are changing the equipment. What they have told me is that in order to use my own router, the router has to support VLAN tagging. The statement I got was: "We send traffic out on VLAN 100 so your router needs to be tagged to 100. Then all it has to do is to get an IP via DHCP." I have not done any VLAN stuff before and I am unsure exactly how to do this. Is this possible and how exactly is that done? Thanks.
Re: Favorite configuration and system replication tools?
Am So., 12. Mai 2024 um 21:18 Uhr schrieb Walter Alejandro Iglesias : > On Sun May 12 20:58:43 2024 Andreas Kähäri wrote > > With rsync(1): > > > > rsync -n -aim --delete-excluded \ > > --include-from=list \ > > --include='*/' \ > > --exclude='*' \ > > source/ target > > > > I don't understand what your command does exactly. And this is surely man rsync --include=PATTERN This option is a simplified form of the --filter option that specifies an include rule and does not allow the full rule-parsing syntax of normal filter rules. This is equivalent to specifying -f'+ PATTERN'. See the FILTER RULES section for detailed information on this option. --include-from=FILE This option is related to the --include option, but it specifies a FILE that contains include patterns (one per line). Blank lines in the file are ignored, as are whole-line comments that start with ';' or '#' (filename rules that contain those characters are unaffected). If a line begins with "- " (dash, space) or "+ " (plus, space), then the type of rule is being explicitly specified as an exclude or an include (respectively). Any rules without such a prefix are taken to be an include. If a line consists of just "!", then the current filter rules are cleared before adding any further rules. If FILE is '-', the list will be read from standard input. Coming back to the topic of this thread: I'm curious that nobody has mentioned ansible/puppet/salt/... yet. Best Martin
Favorite configuration and system replication tools?
Hello, I was wondering which programs you use for replicating/copying/syncing environments/configs on your openbsd systems with between your desktops (home or work) and laptops? Example programs for this could be syncthing, stow, chezmoi, etc. Do you also maintain installeded/removed packages in some standard way across systems so that you have reasonable consistent systems to work on? All thoughts are welcome.
Re: Hardware recommendation for small form factor, noiseless, server
On Mon, May 06, 2024 at 09:03:17PM +0100, James Johnson wrote: > Hi all, > > can anyone please advise on what computer I can purchase with the following \ > requirements: > - fully supports OpenBSD > - no noise > - good quality wifi > - small form factor preferably > - processor does not need to be fast (no highly intensive compute load) > - low RAM need > - needs 1 TB of hard drive at least > - will be used only remotely, for basic and low-intensity server-type > applications \ > (no desktop use) > - under $500 > > Thanks! > James The recommendation on the OpenBSD Router Guide site works really well: https://openbsdrouterguide.net/#the-hardware There are several different models.
VPN with iked(8)
Hello, I’m planning to set up a VPN on my router with iked(8). The first goal is to have my Macbook and iPhone connected, both to route the traffic thrugh my router at home, and to get access to the services running on a machine behind the router. I’ve read the VPN section in the FAQ, and I understand how it works, but all the different methods for such a setup is confusing me. In my case, I guess X.509 is the way to go regarding authentication. The FAQ tells how to create the nececery stuff, so that’s ok. But what kind of domain to use for the file names? Both clients have a hostname within my internal .lan domain. Can I use that, or should I create CNAMEs in one of my public domains, pointing to the VPN server’s hostname? Is it something in the config example I need to change? Can the created client X.509 bundle be used directly on iPhone and Mac? Regarding PF: Now I have a general match rule for NAT, which NAT’s traffic from all NICs. Is it enough to do NAT for the VPN traffic, or do I need to implement a separate rule for that purpose? Regards, Martin
Re: Getting "Boot error" after replacing a disk in softraid [SOLVED]
> Hello, > > Remember softraid isn't the same as hw raid and I will always chose hw over > soft this includes zfs. > > Chris I am sorry, but what relevance does your personal preferences have to anything regarding this issue? FWIW, I have seen more than one example of some really crappy hardware raid controllers that I wouldn't hesitate a split second to replace with ZFS.
Re: Getting "Boot error" after replacing a disk in softraid [SOLVED]
> On Thu, Apr 25, 2024 at 09:12:47AM +0200, Stefan Sperling wrote: > > > I checked, the softraid manual page already has an example installboot > > invocation in EXAMPLES, which should be clear enough. > > > Regardless, I've tweaked the wording a bit. Hopefully more clear now. Indeed :) Thank you very much!
Re: Getting "Boot error" after replacing a disk in softraid [SOLVED]
I eventually found out what was going on. The FreeBSD boot problem was not related at all. Long story short and for future reference, installboot needs to be run on the softraid volume, NOT on the physical disk. And this has to be repeated after a softraid volume rebuild in order for the new disk to be bootable too. This cannot be done from the boot media, but one can boot from media and then mount the softraid with the working disk and then chroot into that and run 'installboot sd2' (or whatever device name the softraid volume has). This was not obvious to me. Perhaps because with GRUB one has to install the bootloader and boot code on each single disk in a mdadm volume and not on the volume itself.
Re: Getting "Boot error" after replacing a disk in softraid
> RAID replicates the data in the RAIDed area, yes? > > Do you have some reason to believe that the boot information (MBR, etc) is > _inside_ the RAID area, because I do not believe that. Really feels like > installboot needs to be run on this drive to, uh, install the proper boot > info. > > Philip Guenther installboot has been run.
Re: Getting "Boot error" after replacing a disk in softraid
> FWIW, my current desktop which is a Dell OptiPlex 745 is booting off an SSD. > > joji@surya$ dmesg | grep -iE "optiplex|Samsung" > bios0: Dell Inc. OptiPlex 745 > wd0 at pciide0 channel 0 drive 0: > > > joji@surya$ uname -a > OpenBSD surya 7.5 GENERIC.MP#82 amd64 > > Don't know if your OptiPlex 980 is newer than mine. I find it strange that this isn't working, but I have tried just going for a standard OpenBSD install and also tested a standard FreeBSD install on two different SSDs - ignoring my original softraid setup, but no matter what I do, it just will not boot with either BSDs on either of those disks on this machine. I have tried placing each disk in each different SATA plug, also just to eliminate an issue with a specific SATA port, but it's the same result, no matter what port is set to boot from. I wiped the disks, installed Devuan Linux with GRUB on the same pair of disks, just to test, and it boots fine from either disk. So, for the moment I have given up running OpenBSD on SSDs on this box.
Re: Getting "Boot error" after replacing a disk in softraid
Turns out this machine, for some reason, simply cannot boot of SSDs with neither OpenBSD or FreeBSD on the box. Only spinning drives work. It's an old Dell Inc. OptiPlex 980. I suspect there is some issue with the BIOS of the machine and the BSD bootloaders as Linux with GRUB works on SSDs.
Pre-built images for embeded machines
Hello, Are there any plans for providing pre-built images to be used on embeded machines, like FreeBSD and NetBSD do? It would be nice to run OpenBSD directly from a SD card on the Raspberry Pi e.g. Regards, Martin
Re: No dhcp renewal of IP
Hello Luis, Do you have pf enabled on the router, and block all incomming traffic by default? If so, you need to permit the dhcp server to give response to your client, with a rule like this: pass in quick on ure0 inet proto udp from port 67 to port 68 Regards, Martin
Re: How to check Health Information of SMART on an NVME disk?
Am Do., 15. Feb. 2024 um 18:35 Uhr schrieb Mikolaj Kucharski : > > === START OF READ SMART DATA SECTION === > > Current Drive Temperature: 0 C > > Drive Trip Temperature:0 C > > > > Read defect list: asked for grown list but didn't get it > > Error Counter logging not supported > > > > Device does not support Self Test logging The smartmontools wiki declares support for NVME as experimental and says "Currently OpenBSD NVMe driver does not provide NVMe pass-through functionality" https://www.smartmontools.org/wiki/NVMe_Support#SmartmontoolsNVMesupport1 Best Martin
Re: /var/unbound/db/root.key not world-readable, unbound fails to start
Am So., 10. Dez. 2023 um 02:48 Uhr schrieb Todd C. Miller : > By default, /etc/login.conf has umask set to 022. Is it more > restrictive on your system? Ah, yes. Mine is set to 077. That would explain me being unable to start it via sudo. And when I rebooted after a failed restart the permissions were probably kept, so the next reboot didn't magically fix it. :-( I added Defaults umask_override Defaults umask=0022 to /etc/sudoers Thanks! Best Martin
/var/unbound/db/root.key not world-readable, unbound fails to start
Hi,
after the last erratas I rebooted my 7.4 and unbound failed to start because
unbound: [65439:0] error: unable to open /db/root.key for reading:
Permission denied
unbound: [65439:0] error: error reading auto-trust-anchor-file:
/var/unbound/db/root.key
unbound: [65439:0] error: validator: error in trustanchors config
unbound: [65439:0] error: validator: could not apply configuration settings.
unbound: [65439:0] error: module init for module validator failed
unbound: [65439:0] fatal error: failed to setup modules
And yes:
> l /var/unbound/db/root.key
-rw--- 1 root _unbound 758 Dec 10 02:16 /var/unbound/db/root.key
I patched rc.unbound to do a chmod a+r:
rc_pre() {
if grep '^[[:space:]]*auto-trust-anchor-file:' \
/var/unbound/etc/unbound.conf > /dev/null 2>&1; then
/usr/sbin/unbound-anchor -v
chmod a+r /var/unbound/db/root.key
fi
/usr/sbin/unbound-checkconf || return 1
}
And now unbound starts again.
Any idea what caused this?
Best
Martin
OpenBSD 7.4 (GENERIC.MP) #2: Fri Dec 8 15:39:04 MST 2023
r...@syspatch-74-amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 4261076992 (4063MB)
avail mem = 4112216064 (3921MB)
random: good seed from bootblocks
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xdffb7020 (7 entries)
bios0: vendor coreboot version "88a4f96" date 03/11/2016
bios0: PC Engines apu2
acpi0 at bios0: ACPI 4.0
acpi0: sleep states S0 S1 S2 S3 S4 S5
acpi0: tables DSDT FACP SSDT APIC HEST SSDT SSDT HPET
acpi0: wakeup devices PWRB(S4) PBR4(S4) PBR5(S4) PBR6(S4) PBR7(S4) PBR8(S4)
UOH1(S3) UOH3(S3) UOH5(S3) XHC0(S4)
acpitimer0 at acpi0: 3579545 Hz, 32 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: AMD GX-412TC SOC, 998.18 MHz, 16-30-01, patch 07030105
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,TOPEXT,DBKP,PERFTSC,PCTRL3,HWPSTATE,ITSC,BMI1,XSAVEOPT
cpu0: 32KB 64b/line 8-way D-cache, 32KB 64b/line 2-way I-cache, 2MB 64b/line
16-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 99MHz
cpu0: mwait min=64, max=64, IBE
cpu1 at mainbus0: apid 1 (application processor)
cpu1: AMD GX-412TC SOC, 998.21 MHz, 16-30-01, patch 07030105
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,TOPEXT,DBKP,PERFTSC,PCTRL3,HWPSTATE,ITSC,BMI1,XSAVEOPT
cpu1: 32KB 64b/line 8-way D-cache, 32KB 64b/line 2-way I-cache, 2MB 64b/line
16-way L2 cache
cpu1: smt 0, core 1, package 0
cpu2 at mainbus0: apid 2 (application processor)
cpu2: AMD GX-412TC SOC, 998.24 MHz, 16-30-01, patch 07030105
cpu2:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,TOPEXT,DBKP,PERFTSC,PCTRL3,HWPSTATE,ITSC,BMI1,XSAVEOPT
cpu2: 32KB 64b/line 8-way D-cache, 32KB 64b/line 2-way I-cache, 2MB 64b/line
16-way L2 cache
cpu2: smt 0, core 2, package 0
cpu3 at mainbus0: apid 3 (application processor)
cpu3: AMD GX-412TC SOC, 998.35 MHz, 16-30-01, patch 07030105
cpu3:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,TOPEXT,DBKP,PERFTSC,PCTRL3,HWPSTATE,ITSC,BMI1,XSAVEOPT
cpu3: 32KB 64b/line 8-way D-cache, 32KB 64b/line 2-way I-cache, 2MB 64b/line
16-way L2 cache
cpu3: smt 0, core 3, package 0
ioapic0 at mainbus0: apid 4 pa 0xfec0, version 21, 24 pins
ioapic1 at mainbus0: apid 5 pa 0xfec2, version 21, 32 pins, remapped
acpihpet0 at acpi0: 14318180 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (PBR4)
acpiprt2 at acpi0: bus 1 (PBR5)
acpiprt3 at acpi0: bus 2 (PBR6)
acpiprt4 at acpi0: bus 3 (PBR7)
acpiprt5 at acpi0: bus -1 (PBR8)
acpibtn0 at acpi0: PWRB(wakeup)
acpipci0 at acpi0 PCI0: 0x 0x0011 0x0001
acpicmos0 at acpi0
com0 at acpi0 COM1 addr 0x3f8/0x8 irq 4: ns16550a, 16 byte fifo
com0: console
acpicpu0 at acpi0: C2(0@400 io@0x1771), C1(@1 halt!), PSS
acpicpu1 at acpi0: C2(0@400 io@0x1771), C1(@1 halt!), PSS
acpicpu2 at acpi0: C2(0@400 io@0x1771), C1(@1 halt!), PSS
acpicpu3 at
Re: Upgrading from 7.3 to 7.4 with sysupgrade
Hello Jan, Thanks for the tip. The upgrade went smoothly. I ran “sysupgrade -n”, deleted the game set and the X sets and rebooted. Perhaps sysupgrade should be enhanced, so one could either choose which sets should be upgraded, or even beter, the tool could figure out which sets are installed, and upgrade just those. Regards, Martin.
Upgrading from 7.3 to 7.4 with sysupgrade
Hello, I’m planning to upgrade my router from 7.3 to 7.4 using sysupgrade, but I’ve one concern. Some time ago, I upgraded a RPi4 from 7.2 to 7.3, and X got installed, even though it wasn’t before the upgrade. I thaught sysupgrade only upgraded the installed sets. How does it work on 7.3? On my router, I have base, comp and man installed, and I don’t want the X sets on that machine. Regards, Martin
Re: mount softdep — does it improve the situation for unexpected shutdowns?
Am So., 5. Nov. 2023 um 19:33 Uhr schrieb Mike Fischer : > However the default /etc/fstab does not make use of it. >From the 7.4 release notes: -- Make the softdep mount(8) option a no-op. Softdep was a significant impediment to improving the vfs layer. -- Methinks the man page could mention that. Best Martin
ftp.openbsd.org: tlsv1 alert protocol version
Hi, downloading the latest patches on 7.4 fails with > curl --verbose > https://ftp.openbsd.org/pub/OpenBSD/patches/7.4/common/001_xserver.patch.sig * Trying [2620:3d:c000:178::81]:443... * Connected to ftp.openbsd.org (2620:3d:c000:178::81) port 443 * ALPN: curl offers h2,http/1.1 * TLSv1.3 (OUT), TLS handshake, Client hello (1): * CAfile: /etc/ssl/cert.pem * CApath: none * LibreSSL/3.8.2: error:1400442E:SSL routines:CONNECT_CR_SRVR_HELLO:tlsv1 alert protocol version * Closing connection curl: (35) LibreSSL/3.8.2: error:1400442E:SSL routines:CONNECT_CR_SRVR_HELLO:tlsv1 alert protocol version Best Martin
Re: AAAA entry for openbsd.org
Am Mo., 23. Okt. 2023 um 17:14 Uhr schrieb Theo de Raadt : > Martin Schröder wrote: > > > Am Mo., 23. Okt. 2023 um 16:54 Uhr schrieb Theo de Raadt > > : > > > So many, many words demanding that I configure my networks for ipv6. > > > > "is there any reason openbsd.org still has no entry at the end of > > 2023?" > > > > So the reason is "Theo doesn't want to configure his networks for v6"? > > Martin, what is the reason for your response? I'm using OpenBSD, I've configured my network for v6 and I think the question is valid and hasn't received an answer. And I would accept a simple "yes" as an answer from you. Best Martin
Re: AAAA entry for openbsd.org
Am Mo., 23. Okt. 2023 um 16:54 Uhr schrieb Theo de Raadt : > So many, many words demanding that I configure my networks for ipv6. "is there any reason openbsd.org still has no entry at the end of 2023?" So the reason is "Theo doesn't want to configure his networks for v6"? Best Martin
Re: how to startx with kde?
Am Sa., 22. Juli 2023 um 23:15 Uhr schrieb Greg Thomas
:
> Have you read:
>
> https://www.openbsd.org/faq/faq11.html
Where does that mention KDE?
Best
Martin
P.S.: Please learn to quote
Re: ntpd and ppm
Am Di., 4. Juli 2023 um 23:20 Uhr schrieb J Doe : > I checked: man ntpd and: man 2 adjfreq, and while: man 2 adjfreq > mentions the same unit - "ppm" - it doesn't explain what that means. > > What does "ppm" stand for ? microseconds per second.
Re: Problem with WireGuard on OpenBSD 7.3
Hello Andre, Thanks for all the good input and links. I should be able to get a working setup now. As far as I understand, I can use the keys generated with the wg tools, instead of those generated by openssl. They look very simular to me. Am I right? Regarding pf, should the udp port I choose for tunnelling be re-directed to the wg IP, or just be open on the external interface? Regards, Martin.
Getting braille support into OpenBSD with BRLTTY
Hello, I’m blind, and therefor I’m using a refreshable braille display. In Linux, support is provided by the BRLTTY daemon. It doesn’t work under *BSD, and as far as I understand, it has to do with the way the console driver is providing data. However, it could run within a screen session. In fact, OpenBSD has a port of BRLTTY for that purpose, but it’s a very old version, which wouldn’t work with todays hardware. My question is, can someone take a look at BRLTTY, and see if it’s possible to get it work natively with *BSD? Perhaps things has changed in the last couple of years, so it is possible to get it working without having to use screen. If it’s possible, it would be nice if it could be integrated into the OpenBSD base system, and made available in the installer as well. That way, a braille user can install OpenBSD without sighted help. Just to keep things clear, a braille user can of course access a OpenBSD system using braille, either via a serial console or ssh, from a linux machine. The homepage for BRLTTY is: http://www.brltty.com Thanks! Regards, Martin
Re: PC Engines APU platform EOL
> Don't know if this collides with the 'network plumbing' point > but this is what I know eg... in Europe, Germany and you can start > from eg... here: So far, the best I can find are those unusual but generally functional boards that are more or less AliExpress Specials, or for a slightly higher price point, the public retail versions of Lanner Electronics' network appliances, a few of which are known to be OEM partner systems for mid-high range systems from vendors such as Juniper Networks. Said machines can be purchased from their online retail channel called "Whitebox Solutions". I have been looking at their systems for a while now as a potential base for a networking venture and between their OEM business and their wide variations in to-order specs for selling more or less plain jane x86-64 systems with PCIe-attached Intel Ethernet adaptors in a funky line-card format, they seem quite approachable for high-throughput, small-batch hardware for systems running modern open-source network operating systems. Troy Martin | Head of Development Araxes Networks W: www.araxes.net | E: t...@araxes.net T: 778-819-2801 | C: 604-690-5885
Re: Problem with WireGuard on OpenBSD 7.3
Hello Stuart, Thanks for a detailed and good explenation! I choosed the WireGuard-tools solution, because I understood how it works, and it is easy to configure. I’ve read a bit in the wg(4) manual, and I get confused of how things actually works. Is it possible to use wireguard-tools’s private/public key e.g? If not, is the actual configuration using the included tools easy to do? I’m blind, so reading lots of documentation, when not knowing what to look for, can be pritty time consuming. So, if it is an easy way to set up a wireguard-tools style vpn using tools from the base system, please let me know. Regarding pf, thanks for good advice regarding how to use NAT rules. Regards, Martin.
Re: Problem with WireGuard on OpenBSD 7.3
Hello, Ok, now I finally got it running. I decided to bring up the wg interface using hostname.wg0, and start WireGuard from /etc/rc.local. This machine also acts as the router for my lan/wlan, so I already have a “match out” rule to enable NAT for those interfaces in pf. Will this rule also do NAT from the wg if? The rule is: “match out on egress inet from !egress nat-to (egress) I have also added a pass in rule for external connections. “pass in quick inet proto udp to $wg_port” I have a default block policy, so I guess I’ll need to open for traffic in both directions on the wg interface? I have a server running behind the router. Will I be able to access it from the VPN with this setup, or do I need to implement rules for that purpoce? Regards, Martin
Problem with WireGuard on OpenBSD 7.3
Hello, I’m configuring a WireGuard server on an OpenBSD 7.3 machine, using this howto: https://ianix.com/wireguard/openbsd-howto.html I don’t get the wg0 interface up. The hostname.wg0 contains: inet 10.0.6.1 0xfgffgf00 NONE up !/usrlocal/bin/wg setconf wg0 /etc/wireguard/wg0.conf And when I try to bring wg0 up with /etc/netstart, I get the following: # sh /etc/netstart wg0 ifconfig: !/usr/local/bin/wg: bad value Accourding to hostname.if(5), !-commands must work in single-user mode, if they should be executed. If this is the case, why is ‘wg’ in /usr/local/bin? Regards, Martin
Re: A messed-up fresh install due to a careless user
Hello Brian, I forgot to say that my site set did include the already prepared pf.conf, but not rc.conf.local, where pf was set to be disabled. As the result, pf started with rules for nat/firewall, not the default ones. And that created the “problem”. Martin
Re: A messed-up fresh install due to a careless user
Hello Steve, Yes, off course one should have a firewall. That was why I installed OpenBSD on the actual machine in the first place. I prepared it when it was on the LAN only, and then moved it into production. And now it works perfectely. But the firewall needed to be disabled while the machine was on the LAN only. Regarding braille, I hope *BSD gets native support for braille displaies some day. The software (brltty) compiles, but it doesn’t get any output from the console. I guess this has to do with the console driver itself, not outputting data the way brltty needs. OpenBSD has a port of brltty which can be run in “screen”, but the version is really out-dated. Regards, Martin
OpenBSD/i386 7.3 on a Macbook 2006
Hello, I’ve installed OpenBSD/i386 7.3 on a Macbook 2006. It works, but the fan is running at maximum all the time. Is there anything I can do to optimize the system for such machines? Here’s the output from dmesg and “sysctl hw.sensors”: http://paste.debian.net/1278825/ Regards, Martin
Re: A messed-up fresh install due to a careless user
Hello Stefan, Thanks for the clear-up. And now, it works! When I created the site set, I forgot to add /etc/rc.conf.local, where pf was set to be disabled. The reason was, as you see, pf. :-) So a simple “pfctl -d” solved the “problem”. Good to know that the fault actually wasn’t a careless user who installed the system, but rather a careless user who forgot to add a simple file to a tar archive. :-) Regards, Martin
Re: A messed-up fresh install due to a careless user
Hello Daniel, The problem is, as I told, that I’m blind. I don’t have a screen at home, and it’s not easy to bring it to someone who has. All went just fine until it was time to reboot. So if someone could tell me what is missing, I guess it should work to get in the missing files from another install of the same version. (7.3) Regards, Martin
A messed-up fresh install due to a careless user
Hello, I’m blind, and got sighted help to install OpenBSD on the machine which should become a new router. Unfortunately, I was stupid enough to detach the USB stick I booted from, before I was to hit R for the reboot. The result was that the last selection disappeared due to the detach message from the kernel, and I didn’t manage to get it back. The only way I thaught could be used for reboot was to hit ctrl+Z, and then type reboot. And it “worked”. When I connected the machine to the LAN afterwords, I didn’t get contact. After trying a few things, I finally got an IP on it, with the correct hostname. (I connected a keyboard, logged in as root, and configured one of the interfaces with ifconfig $if autoconf.) I’ve good expereince doing so without braille. So the machine got an IP, but still no contact, either with ping or ssh. I then realized that mandatory files has not been written, including the hostname.if file for the NIC used durring install. And I guess others too. :-) Which files are actually written when rebooting the corret way? I’ve OpenBSD 7.3 installed on both a arm64 and a i386 machine. Can I use the missing files from one of those? I should be able to copy them to a USB stick, and mount it and get the files in place without sighted help. And the network interface can be configured with dhcp for now. As soon as the machine is on the lan, I’ll ssh into it from a linux machine with a braille display. Regards, Martin PS: I’ve now learned that one should reboot _BEFORE_ detaching any external device when the installer is still running. :-)
PC Engines APU platform EOL
https://www.pcengines.ch/eol.htm The end is near for APUs :-( Best Martin
Re: 7.3: speetest doesn't work
Am So., 16. Apr. 2023 um 15:49 Uhr schrieb Stuart Henderson : > At this point I think you might be better served by dumping the > package list, uninstalling them all, and reinstalling with 022 umask. > > Borrowing the old instructions from the 5.5 time_t flag day release > notes, this also keeps the "auto installed" / "manually installed" > markers (so that pkg_delete -a still behaves how you want): > > pkg_info -mq >/root/pkg_list_manual > pkg_info -q >/root/pkg_list_full > pkg_delete -X /var/db/pkg/*-firmware-[0-9]* > pkg_add -z -l /root/pkg_list_manual > pkg_add -za -l /root/pkg_list_full Thanks, that helped. Best Martin
Re: 7.3: speetest doesn't work
Am So., 16. Apr. 2023 um 15:38 Uhr schrieb Stuart Henderson : > So let's also add "newly created directories" to the list of things > where umask messes up pkg_add ;) In this case, it will be > /usr/local/lib/python3.10/encodings/ Probably more. In the end I did sudo chmod -R go+rX /usr/local/lib/python3.10/ as sudo chmod -R go+rX /usr/local/lib/python3.10/encodings/ wasn't enough. :-( Best Martin
7.3: outdated mandoc.db lacks mutt(1) entry, run makewhatis /usr/local/man
Hi,
after upgrading to 7.3 man is somehow confused:
> man mutt
man: /usr/local/man/mandoc.db: Permission denied
man: outdated mandoc.db lacks mutt(1) entry, run makewhatis /usr/local/m
Neither
makewhatis /usr/local/man
nor
sudo makewhatis /usr/local/man
helps. :-(
How to fix?
Thanks in advance
Martin
Re: 7.3: speetest doesn't work
Am So., 16. Apr. 2023 um 14:56 Uhr schrieb lux : > > On Sun, 2023-04-16 at 14:41 +0200, Martin Schröder wrote: > > > > Fatal Python error: init_fs_encoding: failed to get the Python codec > > of the filesystem encoding > > Python runtime state: core initialized > > ModuleNotFoundError: No module named 'encodings' > > > > Is speedtest-cli installed via pkg_add? pkg_add > It looks like it was installed via pip or source package before the > upgrade. > > I think you should reinstall speedtest-cli or re-build. > sudo pkg_delete speedtest-cli speedtest-cli-2.1.4beta1: ok Read shared items: ok [20230416T15:04:12+0200(106/15)] ms@wyvern 1032:~ > speedtest-cli --secure -bash: /usr/local/bin/speedtest-cli: No such file or directory [20230416T15:04:25+0200(106/15)] ms@wyvern 1033:~ > sudo pkg_add speedtest-cli quirks-6.121 signed on 2023-04-15T20:15:19Z speedtest-cli-2.1.4beta1: ok [20230416T15:04:36+0200(106/15)] ms@wyvern 1034:~ > speedtest-cli --secure Could not find platform independent libraries Could not find platform dependent libraries Consider setting $PYTHONHOME to [:] Python path configuration: PYTHONHOME = (not set) PYTHONPATH = (not set) program name = '/usr/local/bin/python3.10' isolated = 0 environment = 1 user site = 1 import site = 1 sys._base_executable = '/usr/local/bin/python3.10' sys.base_prefix = '/usr/local' sys.base_exec_prefix = '/usr/local' sys.platlibdir = 'lib' sys.executable = '/usr/local/bin/python3.10' sys.prefix = '/usr/local' sys.exec_prefix = '/usr/local' sys.path = [ '/usr/local/lib/python310.zip', '/usr/local/lib/python3.10', '/usr/local/lib/lib-dynload', ] Fatal Python error: init_fs_encoding: failed to get the Python codec of the filesystem encoding Python runtime state: core initialized ModuleNotFoundError: No module named 'encodings' Current thread 0x0194a7b6c660 (most recent call first):
7.3: speetest doesn't work
Hi, after sysupgrade to 7.3 and pkg_add -u and reboot: > speedtest-cli --secure Could not find platform independent libraries Could not find platform dependent libraries Consider setting $PYTHONHOME to [:] Python path configuration: PYTHONHOME = (not set) PYTHONPATH = (not set) program name = '/usr/local/bin/python3.10' isolated = 0 environment = 1 user site = 1 import site = 1 sys._base_executable = '/usr/local/bin/python3.10' sys.base_prefix = '/usr/local' sys.base_exec_prefix = '/usr/local' sys.platlibdir = 'lib' sys.executable = '/usr/local/bin/python3.10' sys.prefix = '/usr/local' sys.exec_prefix = '/usr/local' sys.path = [ '/usr/local/lib/python310.zip', '/usr/local/lib/python3.10', '/usr/local/lib/lib-dynload', ] Fatal Python error: init_fs_encoding: failed to get the Python codec of the filesystem encoding Python runtime state: core initialized ModuleNotFoundError: No module named 'encodings' Current thread 0x0beeef85d660 (most recent call first): dmesg is at https://www.oneiros.de/privat/openbsd/dmesg73.txt Thanks in advance Martin
Re: All my Rust programs stop working on OpenBSD 7.3
Am Mo., 10. Apr. 2023 um 18:10 Uhr schrieb Sebastien Marie : > On Mon, Apr 10, 2023 at 11:49:50PM +0800, Siegfried Levin wrote: > > After I upgraded my OS from 7.2 to 7.3 with sysupgrade like 8 hours ago, > > all my programs written in Rust broke, including cargo installed with > > pkg_add on 7.2. I fixed Cargo by “pkg_add -u rust” and then recompiled some > > of my projects. Now they are having segment faults. Does anyone having the > > same error? > > you need to rebuild your locally built programs with rustc from 7.3. Sounds like something the upgrade guide should mention... Best Martin
Re: Creating a "multicast bridge"?
Am Do., 6. Apr. 2023 um 15:27 Uhr schrieb Why 42? The lists account. : > I'd like to create a "bridge" between two IP networks which will pass > only multicast info. / traffic. So it should only route FF00::/8? Best Martin
Re: athn on a bridge
On Wed, Feb 08 2023, Crystal Kolipe wrote: > On Wed, Feb 08, 2023 at 08:28:50PM +0100, Martin Kjr Jrgensen wrote: >> I'm experimenting with turning an OpenBSD 7.2 box into a wireless access >> point >> (hostap) using a athn, em, bridge, vether devices and dhcpd. > > You obviously enjoy pain :). He he, actually no :) I was just curious about it. > > Seriously, if this is for anything other than educational purposes, you'll > probably be disappointed with the results. The athn driver does support > hostap mode, but just like most other wifi cards on OpenBSD the support is > somewhat lacking. You won't get good performance out of it. That's what I gathered so far, but I could have been wrong or not up-to-date. There have been some work on the ieee80211(9) lately.
athn on a bridge
Hi, I'm experimenting with turning an OpenBSD 7.2 box into a wireless access point (hostap) using a athn, em, bridge, vether devices and dhcpd. Configuring the athn0 interface with IP, hostap and SSID works fine. Other clients connects to it and obtains IP over DHCP. When configuring the athn0 with no IP address, and adding the interface to a bridge0 interface along with the em1 device and a vether0 device, clients still connects fine to athn0 SSID but when clients ask for IP over DHCP, ethernet frames does not propagate to vether0 where the dhcpd listens. pf is disabled (pf=NO) dmesg: em1 at pci6 dev 0 function 0 "Intel 82574L" rev 0x00: msi, address 00:1b:21:3a:78:80 athn0 at pci16 dev 0 function 0 "Atheros AR928X" rev 0x01: apic 130 int 8 athn0: AR9280 rev 2 (2T2R), ROM rev 11, address 00:26:82:61:87:c9 ifconfig: em1: flags=8b43 mtu 1500 lladdr 00:1b:21:3a:78:80 index 2 priority 0 llprio 3 media: Ethernet autoselect (none) status: no carrier vether0: flags=8943 mtu 1500 lladdr fe:e1:ba:d0:cd:4a index 9 priority 0 llprio 3 groups: vether media: Ethernet autoselect status: active inet 192.168.1.1 netmask 0xff80 broadcast 192.168.1.127 athn0: flags=8943 mtu 1500 lladdr 00:26:82:61:87:c9 index 5 priority 4 llprio 3 groups: wlan media: IEEE802.11 autoselect mode 11g hostap status: active ieee80211: nwid TEST chan 2 bssid 00:26:82:61:87:c9 -58dBm wpakey wpaprotos wpa2 wpaakms psk wpaciphers ccmp wpagroupcipher ccmp bridge0: flags=0<> mtu 1500 index 8 llprio 3 groups: bridge priority 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp designated: id 00:00:00:00:00:00 priority 0 athn0 flags=3 port 5 ifpriority 0 ifcost 0 em1 flags=3 port 2 ifpriority 0 ifcost 0 vether0 flags=3 port 9 ifpriority 0 ifcost 0 Addresses (max cache: 100, timeout: 240): Have I configured something wrong or is a feature missing? /Martin
Re: OpenBSD as a transparent switch filter
Am Mi., 25. Jan. 2023 um 00:45 Uhr schrieb David Gwynne : > I think you can do this on OpenBSD with https://github.com/eait-itig/commarp > and just routing on em0. I don’t think any layer 2 things like bridge or veb > are needed, and probably won’t work anyway because as Claudio said, they > don’t want to hairpin anyway. But arp only works for vintage-ip. Best Martin
Re: Unbound fails to resolve some domains
Am Mi., 11. Jan. 2023 um 21:06 Uhr schrieb Rodrigo Readi : > It stopped to resolve some domains, for example qwant.com All fine here. > Any Idea what is happening? Not without some logs. Best Martin
Re: [SPAM?] Is CRONTAB(5) random really random ?
Am Do., 5. Jan. 2023 um 18:16 Uhr schrieb Rachel Roch : > Especially given three of my crontab fields are supposed to be random > (minute, hour, day-of-month) I would expect to see at least one of the three > to be different ?!? AFAIK there is only one random value and it's created at startup of the daemon. Best Martin
Re: Locking network card configuration
Hello Stuart, Can you recommend a USB 2 or 3 NIC which uses a different driver then ure,, with good performance? Does any of the known manufactures, Asus e.i, use a different chipset? Martin
Locking network card configuration
Hello, I have a Raspberry Pi 4 with 2 USB NIC’s attached. One via USB3 (ure0), and the other via USB2 (ure1). Since they are connected to different USB interfaces, I thaught they would get configured the same way on reboot. But that’s not the case. They became swapped on reboot. Is there a way to “lock” the configuration I want? So the USB3 NIC always become ure0, and the USB2 ure1. Regards, Martin
Re: 7.2: unbound(timeout) on startup
Am Do., 10. Nov. 2022 um 11:22 Uhr schrieb Stuart Henderson : > On 2022-11-09, Martin Schröder wrote: > > Am Do., 10. Nov. 2022 um 00:02 Uhr schrieb Martin Schröder > > : > >> This happens only on bootup of the machine... :-( > > > > I've tried hard to get any log messages for this, but failed so far. > > Neither setting a log file for unbound nor "unbound_flags=-d -d" > > produced any output. > > If you use dnssec validation, it's probably the rc-script trying > to fetch the anchor. I do, so it's very possible. Any idea how to get logging from there during bootup? Best Martin
Re: 7.2: unbound(timeout) on startup
Am Do., 10. Nov. 2022 um 00:25 Uhr schrieb Jan Stary : > With my current ISP, putting > > ifconfig pppoe0 down > > into rc.shutdown makes the subsequent boot faster with respect to pppoe. > I suspect it's waht you say: the session gets "terminated properly" > somehow; without it, it takes longer before the ISP assigns me > an address. That helped, thanks! > !while ! ifconfig pppoe0 | grep -F 185.63.96.79; do date ; sleep 10; done > > at the end oh hostname.pppoe makes sure services only start > after I have an address; and dmesg -s shows the waiting, if any. > (Of course, I know the address here - tweak as needed.) What happens when your pppoe doesn't come up? Best Martin
Re: 7.2: unbound(timeout) on startup
Am Do., 10. Nov. 2022 um 00:02 Uhr schrieb Martin Schröder : > This happens only on bootup of the machine... :-( I've tried hard to get any log messages for this, but failed so far. Neither setting a log file for unbound nor "unbound_flags=-d -d" produced any output. Best Martin
Re: 7.2: unbound(timeout) on startup
Am Mi., 9. Nov. 2022 um 23:51 Uhr schrieb Stuart Henderson : > On 2022-11-09, Jonathan Thornburg wrote: > The only times I've seen ISPs take more than a few seconds to do pppoe > (unless they're broken) are if they have an old session hanging around > from a reboot or crash where the previous session wasn't terminated > cleanly. This happens only on bootup of the machine... :-( Best Martin
Re: 7.2: unbound(timeout) on startup
Am Mi., 9. Nov. 2022 um 21:25 Uhr schrieb Jonathan Thornburg : > --- begin /etc/hostname.em0 --- > inet autoconf > --- end /etc/hostname.em0 --- Well, this is DTAG vDSL, so I have -- begin /etc/hostname.pppoe0 inet 0.0.0.0 255.255.255.255 NONE \ pppoedev vlan7 authproto pap \ authname foo authkey bar \ up dest 0.0.0.1 inet6 autoconf !/sbin/route add default -ifp pppoe0 0.0.0.1 !/sbin/route add -inet6 default -ifp pppoe0 fe80::%pppoe0 -- end /etc/hostname.pppoe0 -- begin /etc/hostname.vlan7 vnetid 7 parent em1 up -- end /etc/hostname.vlan7 -- begin /etc/hostname.em1 up -- end /etc/hostname.em1 And I have -- begin /etc/resolv.conf.tail lookup file bind family inet6 inet4 -- end /etc/resolv.conf.tail > Does the -d unbound flag give any useful output for you? More generally, > how are you starting unbound, i.e., what (if any) flags are you passing in > /etc/rc.conf.local? I have None. I suspect that pppoe is a bit slow at startup, so unbound somehow times out but has no problems once the network setup/the machine is stable. Best Martin
7.2: unbound(timeout) on startup
Hi, since upgrading my router to 7.1 unbound doesn't start up automatically anymore, instead it times out: starting early daemons: syslogd pflogd unbound(timeout) ntpd. It can be started successfully manually later. This setup worked with 7.0. System is an apu acting as a firewall/router for my home network; outside connectivity is German Telecom DSL via pppoe. dmesg: http://oneiros.de/privat/openbsd/dmesg.txt unbound.conf: http://oneiros.de/privat/openbsd/unbound.conf Any idea how to debug or fix this? Thanks in advance Martin
Is the "pf_rules" option gone?
Hello, Back in the days, 10 years or so, there was a rc.conf directive called “pf_rules”, which one could use to override the location of the config file for PF. I don’t see this option in the default rc.conf now. Is it still valid? If so, how could one set it in rc.conf.local with rcctl? Regards, Martin
VPN for a newbie
Hello, I’m planning to set up a VPN. The problem is, I get confused about all the features and possibilities, so I really don’t know where to start. I’m running OpenBSD on my router, and a Debian-server behind it, providing several public services, off course using nat/rdr with PF. My first goal is to get a setup where I can use my laptops etc to connect to my router/server at home, both for tunnelling, and accessing the services on my Debian machine. Then, I want to try a setup where 2 private networks connect to each other via internet. Where do I start? Which services need to run, and where? Is there a good starting point somewhere for my scenarios? Regards, Martin
Re: support update
On Mon, 31 Oct 2022 02:07:00 +0100 (CET) i...@tutanota.com wrote: > The entry under Denmark listed with a company name "Zen System" > doesn't exist. There no longer is such a company, and the URL > redirects to a completely different company that doesn't provide > any kind of OpenBSD service. This is correct. It is me that is listed as the contact person. Zen Systems was sold to Nianet, an Danish ISP 7 years ago. Two year later Globalconnect, another Danish ISP, acquired Nianet. I am pretty sure you can remove that entry. Best regards Martin
Re: support update
On Mon, 31 Oct 2022 02:07:00 +0100 (CET) i...@tutanota.com wrote: > The entry under Denmark listed with a company name "Zen System" > doesn't exist. There no longer is such a company, and the URL > redirects to a completely different company that doesn't provide > any kind of OpenBSD service. I am the one listed as the contact person in the support entry. Zen Systems was sold to Nianet, an Danish ISP 7 years ago. Two year later Globalconnect, another Danish ISP, acquired Nianet. It was finally closed in July 2021. Somewhere in time the old support entry was forgotten and no one asked for it to be deleted. I am pretty sure you can remove that entry. Best regards Martin
Raspberry Pi 4 as a wireless access point
Hello, I’ve configured a Raspberry Pi 4 as a router with OpenBSD 7.2, with great performance. The driver for the internal wireless NIC (bwfm) states that it can operate in AP mode. I got the card configured correctly, but it doesn’t broadcast the SSID. I can’t connect manually either. Here's /etc/hostname.bwfm0: gw$ cat /etc/hostname.bwfm0 mediaopt hostap nwid (...) wpakey (...) inet 10.0.12.1 255.255.255.0 And here's the output from ifconfig: gw$ sudo ifconfig bwfm0 bwfm0: flags=8843 mtu 1500 lladdr dc:a6:32:8d:61:16 index 4 priority 4 llprio 3 groups: wlan media: IEEE802.11 autoselect hostap (autoselect mode 11n hostap) status: active ieee80211: nwid (...) chan 2 bssid dc:a6:32:8d:61:16 wpakey wpaprotos wpa2 wpaakms psk wpaciphers ccmp wpagroupcipher ccmp inet 10.0.12.1 netmask 0xff00 broadcast 10.0.12.255 Do I need to configure hostapd(8) as well? If so, is there an example config out there for my situation? I’ve looked at the sample, and it seems too complex for my needs. Regards, Martin
Re: OpenBSD Nitrokey and GPG
I have tried using my NitroKey Pro 2 on my Openbsd 7.1 box using gpg-agent with an empty scdaemon.conf file. I get the same error if pcscd is not started. If started, I can run all gpg card commands. On Tue, Oct 18 2022, William White wrote: > I have a Nitrokey Start that I use to hold my private GPG key. It > works on Linux, but doesn't seem to work on OpenBSD. dmesg shows only > the following line when plugged in: > > ugen0 at uhub0 port 4 "Nitrokey Nitrokey Start" rev 2.00/2.00 addr 2 > > I have imported the public key (shows in gpg -k) but gpg -K does not > list the private key. gpg --card-status says > > gpg: selecting card failed: Operation not supported by device gpg: > OpenPGP card not available: Operation not supported by device > > Can anyone tell me for sure if it's supported or not? Or if I need to > do something else to get it recognized.
System freezes after execution of large script
Hello everyone, we are running 4 * Dell R430 for firewalling, NAT, accounting etc. for a student network (approx. 5.200 users). We use pf and authpf. Server 1 and 2 form a carp-cluster as well as server 2 und 3. All boxes come with identical hardware and software configuration. The only difference is, that cluster A runs 6.7 and cluster B openbsd 7.0. Every user (-> student) on the network has it's own individual login (directly doing ssh to one of the boxes) to open up a connection to the internet. The user database on server 1 und 2 carries approx 2.600 users, the user database on cluster B the other half. The creation and updating of user information is scripted. Most of the time we just need to update authpf.message to show traffic consumption to the students on login: echo "* UPD (183883)" echo "---\n\nWelcome to studNET!\n\nYou have a maximum of 600 GB traffic available per month.\nYou have already used 9.231 GB in the current month (calculated at 2022-08-08 21:02:07) [.] .\n\n---" >/etc/authpf/users/183883/authpf.message || error_handler echo "... authpf-file /etc/authpf/users/183883/authpf.message generated" if [ $USER_ERROR -eq 0 ] then echo "* UPD (183883|dummyuser, dummyuser) ... success" else echo "* UPD (183883| dummyuser, dummyuser) ... failed" fi This chunk of code is repeated maybe 2.000 times, generated twice a day to a script file and run by cron. *Problem* Maybe once a month server 3 or 4 crash - they just freeze. Sometimes a reboot helps but often it additionaly comes along with a corrupt user database (system wont start, user root not found). If this happens we manually have to recover a working master.passwd and apply pwd_mkdb. As the systems freeze there are no helping log entries or something similar. The only thing for sure is, that *when* it happens its always *after* the script ran and until now it never happend on server 1 or 2 (6.7). *Question* As the problem surely seems to be caused by the exectution of the script the question is why this happens? Heaavy IO or some bug with the hard disk driver? Does someone of you have a clue why the system crashes and even the user database gets corrupted in our setup?! Best regards, Martin Miethe
Verbose messages from pppoe(4)?
Hi, I'm using pppoe to connect to my provider via DSL on 7.1. Since yesterday my connection has been very flaky. Is there a way to get more information about the connection state changes etc.? Currently I only see the occasional /bsd: pppoe0: LCP keepalive timeout in /var/log/messages I tried the debug setting in/etc/hostname.pppoe0, but that gives much too much information. Thanks in advance Martin
Re: mv expected behavior?
Ignore the post. It was software I had installed in my home directory.
mv expected behavior?
I know the mv command is being asked to do the wrong thing. It tells me that in 7.0. Is it expected behavior for 7.1 versus 7.0 release? Using 7.1 with all patches and all packages up to date. mkdir A cd A mkdir B mv ~/A B mv: Abort trap (core dumped)
Re: How to track system changes?
Am Mo., 4. Apr. 2022 um 17:50 Uhr schrieb Ian Darwin : > Yes, in fact, *everyone* else is. /etc/changelist lists files that are > monitored. > You will get an email if they change, e.g., if a program surprisingly becomes > setuid. > > I imagine that this is documented someplace. man security man changelist Best Martin
Syspatch -R failed after upgrading to 7.0, possible LLVM error
Relinking to create unique kernel failed; after applying /var/db/kernel.SHA256 /bsd> and , this
is what my relink.log looks like:
(SHA256) /bsd: OK
LD="ld" sh makegap.sh 0x gapdummy.o
ld -T ld.script -X --warn-common -nopie -o newbsd ${SYSTEM_HEAD} vers.o
${OBJS}
LLVM ERROR: out of memory
PLEASE submit a bug report to https://bugs.llvm.org/ and include the
crash backtrace.
Stack dump:
0. Program arguments: ld -T ld.script -X --warn-common -nopie -o
newbsd locore0.o [1946 object files later...] swapgeneric.o
Abort trap (core dumped)
*** Error 134 in /usr/share/relink/kernel/GENERIC.MP (Makefile:1788
'newbsd': @echo ld -T ld.script -X --warn-common -nopie -o newbsd '${SYS...)
I would include recent dmesg output but it doesn't describe anything
useful and shows a different problem in itself: Several instances of
wsmouse0 detached
ums0 detached
uhidev0 detached
uhidev0 at uhub0 port 7 configuration 1 interface 0 "Logitech USB
Optical Mouse" rev 2.00/72.00 addr 2
uhidev0: iclass 3/1
ums0 at uhidev0: 3 buttons, Z dir
wsmouse0 at ums0 mux 0
on repeat.
And here's some sysctl output:
hw.machine=amd64
hw.model=Intel(R) Core(TM) i7-8700 CPU @ 3.20GHz
hw.ncpu=12
hw.byteorder=1234
hw.pagesize=4096
hw.disknames=sd0:c1ee24af7681944d,sd1:,sd2:af97cb0c91508e2d
hw.diskcount=3
...
hw.sensors.softraid0.drive0=online (sd2), OK
hw.cpuspeed=3192
hw.setperf=99
hw.vendor=CyberPowerPC
hw.product=C Series
hw.physmem=17071558656
hw.usermem=17071542272
hw.ncpufound=12
hw.allowpowerdown=1
hw.perfpolicy=manual
hw.smt=1
hw.ncpuonline=12
--
**/slrn is to pan as Purgatory is to Hell/**
OpenPGP_0xCB87D5427864E937.asc
Description: OpenPGP public key
OpenPGP_signature
Description: OpenPGP digital signature
Re: USB athn0 issue in AP mode (AR9280+AR7010) no DHCP leases to modern portable devices
Hi Stefan, Just to check the issue is present, I've done live debug of pf rules to confirm that DHCP traffic not blocked. It seems something wrong in obtaining IPv4 addresses from dhcpd. And problem lies outside pf I suppose. Martin ‐‐‐ Original Message ‐‐‐ On Saturday, October 23, 2021 8:55 AM, Stefan Sperling wrote: > On Fri, Oct 22, 2021 at 06:53:17PM +, Martin wrote: > > > Hi there! > > I have an issue with athn USB stick with modern wifi devices like Android > > phones etc. > > I've set up athn0 as previous athn miniPCI-e cards (/etc/hostname.athn0, > > /etc/dhcpd.conf, /etc/pf.conf). No IP address given by OpenBSD7.0amd64 > > host's DHCP for certain device once client has been connected to AP based > > on athn USB stick. > > Tested only with portable devices, not PCs currently. > > Looking forward to resolve this! > > Martin > > No idea, sorry.
Re: Sony UWA-BR100 patch to recognize AR9280+AR7010 Atheros based USB card
Patch has been updated to use correct files and tested on a live system. Please
add it to tree.
Thanks.
--- if_athn_usb.c.orig Thu Apr 15 21:25:44 2021
+++ if_athn_usb.c Thu Oct 21 18:58:08 2021
@@ -91,6 +91,8 @@
ATHN_USB_FLAG_AR7010 },
{{ USB_VENDOR_PANASONIC, USB_PRODUCT_PANASONIC_N5HBZ055 },
ATHN_USB_FLAG_AR7010 },
+ {{ USB_VENDOR_MELCO, USB_PRODUCT_MELCO_UWABR100 },
+ ATHN_USB_FLAG_AR7010 },
{{ USB_VENDOR_VIA, USB_PRODUCT_VIA_AR9271 }}
};
#define athn_usb_lookup(v, p) \
--- usbdevs.origWed Sep 1 01:55:56 2021
+++ usbdevs Sun Oct 24 17:03:13 2021
@@ -3079,6 +3079,7 @@
product MELCO WLIUCGNHP0x0158 WLI-UC-GNHP
product MELCO WLIUCGN 0x015d WLI-UC-GN
product MELCO WLIUCG301N 0x016f WLI-UC-G301N
+product MELCO UWABR100 0x017f SONY UWA-BR100
product MELCO WLIUCGNM 0x01a2 WLI-UC-GNM
product MELCO WLIUCGNM20x01ee WLI-UC-GNM2
‐‐‐ Original Message ‐‐‐
On Saturday, October 23, 2021 8:55 AM, Stefan Sperling wrote:
> On Fri, Oct 22, 2021 at 07:02:20PM +0000, Martin wrote:
>
> > Hi Stefan,
> > Dev. patches to implement into source tree to recognize automatically Sony
> > UWA-BR100 devices based on AR9280+AR7010.
>
> This patch is changing the wrong files.
> It should change the files 'usbdevs' and if_athn_usb.c only.
>
> usbdevs.h is a generated file, it should not be patched.
> It can be re-generated by running 'make' in the sys/dev/usb directory.
>
> > --- if_athn_usb.c.orig Tue Jun 8 15:29:31 2021
> > +++ if_athn_usb.c Tue Jun 8 15:34:11 2021
> > @@ -91,6 +91,8 @@
> > ATHN_USB_FLAG_AR7010 },
> > {{ USB_VENDOR_PANASONIC, USB_PRODUCT_PANASONIC_N5HBZ055 },
> > ATHN_USB_FLAG_AR7010 },
> >
> > - {{ USB_VENDOR_MELCO, USB_PRODUCT_MELCO_UWABR100 },
> > - ATHN_USB_FLAG_AR7010 },
> > {{ USB_VENDOR_VIA, USB_PRODUCT_VIA_AR9271 }}
> > };
> > #define athn_usb_lookup(v, p) \
> > --- usbdevs.h.orig Tue Jun 1 09:40:48 2021
> > +++ usbdevs.h Tue Jun 8 15:30:51 2021
> > @@ -3077,6 +3077,7 @@
> > #define USB_PRODUCT_MELCO_WLIUCGNHP 0x0158 /* WLI-UC-GNHP /
> > #define USB_PRODUCT_MELCO_WLIUCGN 0x015d / WLI-UC-GN /
> > #define USB_PRODUCT_MELCO_WLIUCG301N 0x016f / WLI-UC-G301N /
> > +#define USB_PRODUCT_MELCO_UWABR100 0x017f / SONY UWA-BR100 /
> > #define USB_PRODUCT_MELCO_WLIUCGNM 0x01a2 / WLI-UC-GNM /
> > #define USB_PRODUCT_MELCO_WLIUCGNM2 0x01ee / WLI-UC-GNM2 */Thanks for
> > your attention.
> > Martin
> >
Sony UWA-BR100 patch to recognize AR9280+AR7010 Atheros based USB card
Hi Stefan,
Dev. patches to implement into source tree to recognize automatically Sony
UWA-BR100 devices based on AR9280+AR7010.
--- if_athn_usb.c.orig Tue Jun 8 15:29:31 2021
+++ if_athn_usb.c Tue Jun 8 15:34:11 2021
@@ -91,6 +91,8 @@
ATHN_USB_FLAG_AR7010 },
{{ USB_VENDOR_PANASONIC, USB_PRODUCT_PANASONIC_N5HBZ055 },
ATHN_USB_FLAG_AR7010 },
+ {{ USB_VENDOR_MELCO, USB_PRODUCT_MELCO_UWABR100 },
+ ATHN_USB_FLAG_AR7010 },
{{ USB_VENDOR_VIA, USB_PRODUCT_VIA_AR9271 }}
};
#define athn_usb_lookup(v, p) \
--- usbdevs.h.orig Tue Jun 1 09:40:48 2021
+++ usbdevs.h Tue Jun 8 15:30:51 2021
@@ -3077,6 +3077,7 @@
#defineUSB_PRODUCT_MELCO_WLIUCGNHP 0x0158 /* WLI-UC-GNHP
*/
#defineUSB_PRODUCT_MELCO_WLIUCGN 0x015d /* WLI-UC-GN */
#defineUSB_PRODUCT_MELCO_WLIUCG301N0x016f /* WLI-UC-G301N
*/
+#defineUSB_PRODUCT_MELCO_UWABR100 0x017f /* SONY
UWA-BR100 */
#defineUSB_PRODUCT_MELCO_WLIUCGNM 0x01a2 /* WLI-UC-GNM */
#defineUSB_PRODUCT_MELCO_WLIUCGNM2 0x01ee /* WLI-UC-GNM2
*/
Thanks for your attention.
Martin
USB athn0 issue in AP mode (AR9280+AR7010) no DHCP leases to modern portable devices
Hi there! I have an issue with athn USB stick with modern wifi devices like Android phones etc. I've set up athn0 as previous athn miniPCI-e cards (/etc/hostname.athn0, /etc/dhcpd.conf, /etc/pf.conf). No IP address given by OpenBSD7.0amd64 host's DHCP for certain device once client has been connected to AP based on athn USB stick. Tested only with portable devices, not PCs currently. Looking forward to resolve this! Martin
amd64 7.0 release where can I find original (patched) gcc 4x?
Hi there! After upgrading from source, there is no gcc installed into appropriate location. It seems it was disabled Base-GCC on the amd64 architecture. Mutt require default gcc for some plugins, and some progs need it too. I have installed eggc (GCC 8x), but how to enable original OpenBSD patched GCC 4x as default compiler? Any suggestions can help! Martin
How to set apparently number of VCPUs in VMM
Hi there! In release notes it seems we can set more than one vCPU for guests running. The question is how to set it in vm.conf to achieve better performance for existed VMs? Martin
Re: dhcp issues
Hi,
I confirm that dhclient don't read(apply) /etc/dhclient.conf configuration
beginning from 6.9am64 and set in /etc/resolv.conf ISP search domain and
nameserver(s) even without any complex setup in name resolution:
$ cat /etc/resolv.conf
search domain.name
nameserver ISP.nameserver
nameserver 127.0.0.1
lookup file bind
$ cat /etc/dhclient.conf
timeout 30;
retry 1;
reboot 3;
select-timeout 0;
backoff-cutoff 2;
initial-interval 1;
interface "re1" {
send dhcpd-lease-time 3600;
supersede dhcp-server-identifier 255.255.255.255;
supersede domain-name-servers 127.0.0.1;
request
subnet-mask,
broadcast-address,
routers;
require
routers,
subnet-mask;
ignore
host-name,
domain-name,
domain-search,
domain-name-servers,
interface-mtu,
ntp-servers,
time-offset;
}
/etc/dhclient.conf explicitly set to ignore "domain-search,
domain-name-servers" from ISP but actually they both in first place of
/etc/resolv.conf and update every time once IP address is assigned.
>From my observations, the behavior of ignoring /etc/dhclient.conf parameters
>by dhclient appeared since 6.8amd64 was upgraded to 6.9amd64.
Hope this helps to find the issue.
Martin
‐‐‐ Original Message ‐‐‐
On Saturday, July 17, 2021 1:57 AM, Sonic wrote:
> Having some issues after a sysupgrade to the latest snapshot (of this
> writing) - OpenBSD 6.9-current (GENERIC.MP) #131.
>
> Seems the base change to dhcpleased/resolvd has presented some issues.
> Pf does not start on boot as it claims my dhcp interface has no
> address, however after logging in I can load pf and almost resume
> normal operations. Apparently the interface does get an IP address,
> but the start of pf doesn't wait for it.
> Almost, because my supersedes, etc. in /etc/dhclient.conf are
> completely ignored.
> The only workaround I found was to disable resolvd so I could manually
> propagate /etc/resolv.conf without it being overwritten.
Re: terraform aws, got a problem I did not expect
Finally built all the providers I need for GCP, AWS, and local from Go sources and put them in appropriate place to look by Terraform. Works like a charm with modern providers. It seems it isn't needed to put them into ports, but having builds for openbsd_amd64 in Terraform repo should be fine to download it automatically. Martin ‐‐‐ Original Message ‐‐‐ On Saturday, June 26, 2021 11:29 PM, jslee wrote: > On Sun, 27 Jun 2021, at 02:06, Gregory Edigarov wrote: > > > I remember that for earlier versions of terraform all providers were > > available as OpenBSD packages/ports, that is now changed. > > $ terraform init > > Initializing the backend... > > Initializing provider plugins... > > > > - Finding latest version of hashicorp/aws... > > Error: Incompatible provider version > > Provider registry.terraform.io/hashicorp/aws v3.47.0 does not have a > > package available for your current platform, openbsd_amd64. > > > > This is a very recent version of the AWS provider, which suggests to me that > you haven’t pinned your provider versions in the provider declarations. I > recommend doing that > > > How am I supposed to get providers ? May be a community have one that > > works under OpenBSD? > > It sounds like Hashicorp don’t provide binaries, so you’ll need to install a > Go toolchain and build them > > John
Re: go-1.16.2 out of memory when building Go written program
I've set ulimit -d 400 All builds have been done fine once changed. Martin Sent with ProtonMail Secure Email. ‐‐‐ Original Message ‐‐‐ On Wednesday, June 23, 2021 6:15 PM, Sven F. wrote: > On Wed, Jun 23, 2021 at 2:03 PM Martin martin...@protonmail.com wrote: > > > Hi list, > > I try to build terraform-provider-aws and terraform-provider-google. > > $ go build > > produces an error "out of memory" . > > May it be malloc related issue or how to fix it in other way? > > Thank you for answer in advance. > > Martin > > man login.conf > > - > > -- > > --- > > Knowing is not enough; we must apply. Willing is not enough; we must do
go-1.16.2 out of memory when building Go written program
Hi list, I try to build terraform-provider-aws and terraform-provider-google. $ go build produces an error "out of memory" . May it be malloc related issue or how to fix it in other way? Thank you for answer in advance. Martin
Re: vmctl start: vm command failed: Operation already in progress (no one VM run in the same time)
Hi Dave, You're right, name of VM is the same like in vm.conf. VM with different name starts correctly. But the message about 'operation already in progress' slightly confuses me. Martin ‐‐‐ Original Message ‐‐‐ On Tuesday, May 25, 2021 10:57 AM, Dave Voutila wrote: > Martin martin...@protonmail.com writes: > > > Try to start VM from previously (<6.9) working command as below: > > $ doas /usr/sbin/vmctl start -m 8G -c -n vmlan -d /path/to/vm.qcow2 vm > > Now I have trouble with it on 6.9amd64 with 1-5 patches installed. > > $ doas rcctl status vmd > > vmd(ok) > > command above returns: > > vmctl start: vm command failed: Operation already in progress > > Common cause of this is having the vm already defined in vm.conf. Run > vmd with verbose logging, ideally in the foreground, and please share > the output. > > > Even if "$ vmctl check" shows ALL machines are stopped > > if I stopped vmd I see proper error with non active vmd.sock > > $ doas rcctl stop vmd > > vmd(ok) > > vmctl: connect: /var/run/vmd.sock: connection refused
vmctl start: vm command failed: Operation already in progress (no one VM run in the same time)
Hi list, Try to start VM from previously (<6.9) working command as below: $ doas /usr/sbin/vmctl start -m 8G -c -n vmlan -d /path/to/vm.qcow2 vm Now I have trouble with it on 6.9amd64 with 1-5 patches installed. $ doas rcctl status vmd vmd(ok) command above returns: vmctl start: vm command failed: Operation already in progress Even if "$ vmctl check" shows ALL machines are stopped if I stopped vmd I see proper error with non active vmd.sock $ doas rcctl stop vmd vmd(ok) vmctl: connect: /var/run/vmd.sock: connection refused Any suggestions can help. Martin
Re: Relayd TLS inspection and SNI
Hi, MITM is an ancient attack technique and it is not a good idea because it breaks original cert chain. So client (application) will see that cert is different on its end. Most people and apps reject connection to a resource with fake cert which you're going to send to them. But you can use Squid for MITM as Stuart recommended, from my side HaProxy/Nginx can help you too to do this. For SNI Snort/Suricata can be useful but for TLS up to v1.2 only. Sniffing the traffic that way is a bad idea, most of services uses TLSv1.3 with encrypted SNI. So your work will disappear in months. Martin ‐‐‐ Original Message ‐‐‐ On Friday, May 21, 2021 7:08 AM, Stuart Henderson wrote: > On 2021-05-18, BS Daemon b...@post.com wrote: > > >I like using the base OpenBSD utilities, and was > > > > > > wondering if I'm doing something wrong, if relayd could be made to > > support SNI for man-in-the-middle, or if there is an alternative > > tool for doing this which would work. > > I can't help with relayd, but this does work with squid (and you can > filter on user-agent in ACLs).
Re: Increase optical mouse/Synaptics touchpad speed in X11/spectrwm
Hi, This command I'm looking for. Works great. Martin ‐‐‐ Original Message ‐‐‐ On Monday, May 17, 2021 7:44 PM, Jonathan Thornburg wrote: > In message https://marc.info/?l=openbsd-misc&m=162125055304096&w=1, > Martin asks how people adjust pointer > > speed on touchpads/mice/etc. > > I use 'xset': my .xinitrc contains the line > > xset m 1/4 > > -- > > -- "Jonathan Thornburg [remove -animal to reply]" > jth...@astro.indiana-zebra.edu > Dept of Astronomy & IUCSS, Indiana University, Bloomington, Indiana, USA > currently on the west coast of Canada > "There was of course no way of knowing whether you were being watched > at any given moment. How often, or on what system, the Thought Police > plugged in on any individual wire was guesswork. It was even conceivable > that they watched everybody all the time." -- George Orwell, "1984"
Re: Error making 002_libx11.patch.sig
Hi, According to https://www.openbsd.org/faq/faq5.html#Xbld you should set right permissions and owner to your /usr/xobj directory as: The object directory /usr/xobj should be empty and owned by build:wobj with mode 770. and make the patch 002 according to: # cd /usr/xenocara/lib/libX11 # make -f Makefile.bsd-wrapper obj # make -f Makefile.bsd-wrapper build Martin ‐‐‐ Original Message ‐‐‐ On Wednesday, May 19, 2021 1:42 AM, Theo de Raadt wrote: > You are not building using the correct procedure. > > Sorry, we don't have time to teach that. > > Please use the syspatches, or the snapshots, or learn to do full builds. > > The latter is fully documented in manual pages, and reaching for the > mailing list is inappropriate. > > Jonathan Drews jdr...@mail.com wrote: > > > OpenBSD 6.9 GENERIC.MP#473 amd64 > > Hi Folks: > > I am trying to patch Xenocara with 002_libx11.patch.sig. I first > > applied make -f Makefile.bsd-wrapper obj. Afterwards > > I get the following error message when I do make -f > > Makefile.bsd-wrapper build: > > checking that generated files are newer than configure... done > > configure: creating ./config.status > > config.status: creating Makefile > > config.status: creating include/Makefile > > rm: include/Makefile: Permission denied > > config.status: error: could not create include/Makefile > > *** Error 1 in . (/usr/X11R6/share/mk/bsd.xorg.mk:158 > > 'config.status') > > *** Error 2 in /usr/xenocara/lib/libX11 > > (/usr/X11R6/share/mk/bsd.xorg.mk:196 'build') > > my /usr/include has the following permissions > > jack# ls -lhd /usr/include/ > > drwxr-xr-x 32 root bin 3.0K May 1 20:24 /usr/include/ > > My xenocara directory has the following permissions > > jack# ls -lhd /usr/xenocara/ > > drwxr-xr-x 16 root wheel 512B Apr 17 16:16 /usr/xenocara/ > > Any ideas as to what I am doing wrong? > > Kind regards, > > Jonathan
Increase optical mouse/Synaptics touchpad speed in X11/spectrwm
Hi list, I've tried to speed up pointer by: xinput --set-prop 'USB MOUSE' 'CoordinateTransformation Matrix' 2 0 0 0 2 0 0 0 1.5 no effect. How do people adjust pointer speed on their touchpads and mouses? Martin
Re: VMM 6.9amd64 host video acceleration
Hi James, Yes, packages are in sync with 6.9/packages. The computer is relatively modern based on AMD Ryzen 4750U with integrated Radeon Graphics. Radeon uses http://firmware.openbsd.org/firmware/6.9/amdgpu-firmware-20201218.tgz from /etc/firmware/amdgpu So LibGL should load by MESA-LOADER: /usr/X11R6/lib/modules/dri without problems as I think. The firmware is actual and supports integrated Radeon since 6.9. Maybe somebody knows what can affect on LibGl? I can't determine root of the problem. Martin ‐‐‐ Original Message ‐‐‐ On Sunday, May 16, 2021 1:08 PM, James Cook wrote: > On Thu, May 13, 2021 at 10:00:11AM +, Martin wrote: > > > By the way, > > While running Firefox on OpenBSD host I have repeatedly appearing console > > messages like below: > > ###!!! [Parent][MessageChannel] Error: > > (msgtype=0x6A0008,name=PMessagePort::Msg___delete__) Channel closing: too > > late to send/recv, messages will be lost > > ###!!! [Parent][RunMessage] Error: Channel closing: too late to send/recv, > > messages will be lost > > LibGl error: MESA-LOADER: failed to open radeonsi (search path > > /usr/X11R6/lib/modules/dri > > LibGl error: failed to load driver: radeonsi > > LibGl error: MESA-LOADER: failed to open swrast (search path > > /usr/X11R6/lib/modules/dri) > > LibGl error: failed to load driver: swrast > > Any advice is this normal or not? > > Martin > > On my system at least, firefox tends to output some errrors on the > console. I think some involved "Channel closing". If it would help, I > can keep more careful track and report them to the list. > > The LibGl errors look less familiar. Stab in the dark: are your ports > and system in sync? (I always run pkg_add -u after upgrading to a new > snapshot.) > > > > James
Re: VMM 6.9amd64 host video acceleration
By the way, While running Firefox on OpenBSD host I have repeatedly appearing console messages like below: ###!!! [Parent][MessageChannel] Error: (msgtype=0x6A0008,name=PMessagePort::Msg___delete__) Channel closing: too late to send/recv, messages will be lost ###!!! [Parent][RunMessage] Error: Channel closing: too late to send/recv, messages will be lost LibGl error: MESA-LOADER: failed to open radeonsi (search path /usr/X11R6/lib/modules/dri LibGl error: failed to load driver: radeonsi LibGl error: MESA-LOADER: failed to open swrast (search path /usr/X11R6/lib/modules/dri) LibGl error: failed to load driver: swrast Any advice is this normal or not? Martin ‐‐‐ Original Message ‐‐‐ On Wednesday, May 12, 2021 1:43 PM, Dave Voutila wrote: > Martin writes: > > > Hi list, > > Just wonder how to enable video acceleration on VMM guest's side (Debian) > > if it was possible. Maybe PCIe passthru should be present for that purpose? > > There is nothing to accelerate: vmd(8) doesn't emulate a display or > video device. vmm(4) doesn't support pass-through to host hardware > either. > > -dv
Re: VMM 6.9amd64 host video acceleration
I use TigerVNC server on the Linux VM (Debian) plus dummy video driver and compiled vmm kernel modules for clock in sync and network... https://github.com/voutilad/virtio_vmmci https://github.com/voutilad/vmm_clock On the OpenBSD host TigerVNC viewer has been installed. Works absolutely amazing, like a physical computer. For completely headless system I'd prefer OpenBSD and Alpine on VM. It depends on goals. Martin ‐‐‐ Original Message ‐‐‐ On Wednesday, May 12, 2021 6:49 PM, David Anthony wrote: > Hi Martin, > > Do you have any notes on how to view Linux GUI apps running on OpenBSD VMM? > > For instance, say I wanted to develop code on Debian w/ Visual Studio > Code, and wanted to edit / view VS Code app from my host OpenBSD machine. > > Does that make sense? > > -David
Re: VMM 6.9amd64 host video acceleration
No Window'es or Linux'es on the hosts, just OpenBSD. Anyway, Debian works great on VMM, except the question's topic thing. Thank you for your attention) Martin ‐‐‐ Original Message ‐‐‐ On Wednesday, May 12, 2021 6:25 PM, Theo de Raadt wrote: > I am terribly sorry you aren't satisfied with what is possible in OpenBSD, > and will have to return to a Linux or Windows environment. > > Martin martin...@protonmail.com wrote: > > > Hi Theo, > > Sure, for online videos I'm using OpenBSD host with appropriate browser > > installed. Just wonder about VMM to move all 'potentially dangerous' things > > to a linux VM and remove any browsers from the host. > > Martin > > ‐‐‐ Original Message ‐‐‐ > > On Wednesday, May 12, 2021 6:07 PM, Theo de Raadt dera...@openbsd.org wrote: > > > > > Have you considered using a real computer? > > > Martin martin...@protonmail.com wrote: > > > > > > > Hi Dave, > > > > Can you recommend any way to see online videos without shuttering? > > > > Modern CPUs can't smoothly play it in software emulation, unfortunately. > > > > Martin > > > > ‐‐‐ Original Message ‐‐‐ > > > > On Wednesday, May 12, 2021 1:43 PM, Dave Voutila d...@sisu.io wrote: > > > > > > > > > Martin writes: > > > > > > > > > > > Hi list, > > > > > > Just wonder how to enable video acceleration on VMM guest's side > > > > > > (Debian) if it was possible. Maybe PCIe passthru should be present > > > > > > for that purpose? > > > > > > > > > > There is nothing to accelerate: vmd(8) doesn't emulate a display or > > > > > video device. vmm(4) doesn't support pass-through to host hardware > > > > > either. > > > > > -dv
Re: VMM 6.9amd64 host video acceleration
Hi Mike, Did it already as you replied. Thanks. Martin ‐‐‐ Original Message ‐‐‐ On Wednesday, May 12, 2021 6:20 PM, Mike Larkin wrote: > On Wed, May 12, 2021 at 06:06:14PM +0000, Martin wrote: > > > Hi Dave, > > Can you recommend any way to see online videos without shuttering? Modern > > CPUs can't smoothly play it in software emulation, unfortunately. > > pkg_add youtube-dl > > pkg_add firefox (or chrome, etc) > > What's the problem here? Are you trying to watch 8k 240Hz videos or something? > > > Martin > > ‐‐‐ Original Message ‐‐‐ > > On Wednesday, May 12, 2021 1:43 PM, Dave Voutila d...@sisu.io wrote: > > > > > Martin writes: > > > > > > > Hi list, > > > > Just wonder how to enable video acceleration on VMM guest's side > > > > (Debian) if it was possible. Maybe PCIe passthru should be present for > > > > that purpose? > > > > > > There is nothing to accelerate: vmd(8) doesn't emulate a display or > > > video device. vmm(4) doesn't support pass-through to host hardware > > > either. > > > -dv
Re: VMM 6.9amd64 host video acceleration
Hi Theo, Sure, for online videos I'm using OpenBSD host with appropriate browser installed. Just wonder about VMM to move all 'potentially dangerous' things to a linux VM and remove any browsers from the host. Martin ‐‐‐ Original Message ‐‐‐ On Wednesday, May 12, 2021 6:07 PM, Theo de Raadt wrote: > Have you considered using a real computer? > > Martin martin...@protonmail.com wrote: > > > Hi Dave, > > Can you recommend any way to see online videos without shuttering? Modern > > CPUs can't smoothly play it in software emulation, unfortunately. > > Martin > > ‐‐‐ Original Message ‐‐‐ > > On Wednesday, May 12, 2021 1:43 PM, Dave Voutila d...@sisu.io wrote: > > > > > Martin writes: > > > > > > > Hi list, > > > > Just wonder how to enable video acceleration on VMM guest's side > > > > (Debian) if it was possible. Maybe PCIe passthru should be present for > > > > that purpose? > > > > > > There is nothing to accelerate: vmd(8) doesn't emulate a display or > > > video device. vmm(4) doesn't support pass-through to host hardware > > > either. > > > -dv
Re: spamd IPv6 listener 6.9amd64
Hi Peter, Great book of PF. I've read it early in 2015, very useful. Since last updates all the incoming connections to my mail servers are IPv6, unfortunately. Just before the updates it was IPv4, so spamd has been used for all the incoming connections outside whitelists of known peers. Works like a charm. Now I'm looking forward to exchange spamd to rspamd (it has DKIM signing functionality) to replace spamd and dkimproxy which working in current configuration. Hope it can provide required functionality for IPv6 networks. Martin ‐‐‐ Original Message ‐‐‐ On Wednesday, May 12, 2021 4:47 PM, Peter Nicolai Mathias Hansteen wrote: > > 12. mai 2021 kl. 15:24 skrev Martin martin...@protonmail.com: > > > > Hi list, > > I can't find in spamd(8) how to enable IPv6 listener in addition to IPv4 > > one. > > Is it possible to set spamd(8) to listen on both IPv4 and IPv6? > > Unfortunately spamd is IPv4 only. > > Back in the day (2014ish?, about the time I was finishing up the 3rd ed of > The Book of PF) there was talk of and possibly even an ambition of making it > IPv6 capable. I remember discussing some of this with phessler at the time > and left the descriptions in the book somewhat vague on the matter, hoping to > get back to the issue soon. However I never saw code ready for testing. > > I was under the impression that one of the hurdles to overcome was to define > a sane version of greylisting to implement for IPv6 with its much larger set > of addresses. But there could easily have been other issues that affected the > effort. > > So until other news on the matter turns up, it is better to rdr-to port spamd > only for inet, not inet6. > > All the best, > Peter > > — > Peter N. M. Hansteen, member of the first RFC 1149 implementation team > http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ > "Remember to set the evil bit on all malicious network traffic" > delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
