Re: Managing PF logs

2020-08-07 Thread pierre1.bardou
Hello, 

I use logstash with an input like this :

input {
  pipe {
type => "pflog"
command => "doas /usr/sbin/tcpdump -l -v -n -n -e -s 160 -tt -i pflog0"
  }
}

--
Cordialement,
Pierre BARDOU

-Message d'origine-
De : owner-m...@openbsd.org  De la part de Peter N. M. 
Hansteen
Envoyé : vendredi 7 août 2020 13:10
À : misc@openbsd.org
Objet : Re: Managing PF logs

On Fri, Aug 07, 2020 at 10:29:32AM +, Carlos Lopez wrote:
> Hi all,
> 
>  I am thinking about how could be the best option to inject PF logs in 
> Elasticsearch (or any similar platform). If I am not wrong, some years ago 
> there is an option using a shell wrapper to store all pf logs in ASCII format 
> and redirect all of them to a central syslog server (published in PF FAQ). 
> More or less it is what I am looking for.
> 
>  But maybe exists another best option in nowadays. Any ideas? Tips?

As Tom said, it is possible to use tcpdump to convert to text, then forward to 
syslog.
The example from the old PF tutorial 
https://home.nuug.no/~peter/pf/newest/log2syslog.html
should still work.

All the best,

--
Peter N. M. Hansteen, member of the first RFC 1149 implementation team 
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ "Remember 
to set the evil bit on all malicious network traffic"
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.


_

Ce message et ses pieces jointes peuvent contenir des informations 
confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce 
message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages 
electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou 
falsifie. Merci.

This message and its attachments may contain confidential or privileged 
information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete 
this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been 
modified, changed or falsified.
Thank you.



Re: Home NAS

2019-11-15 Thread pierre1.bardou
Hello,

I tried a home NAS with ZFS, then BTRFS. Those filesystems needs tons of RAM 
(~1 GB of RAM by TB of disk), preferably ECC.
I found it very expensive for home usage, so I wouldn't recommend it.
Recovy systems were also inexistent at the time (no btrfsck), I don't know if 
it has improved since.

I ended with LVM : cheap to implement and very easy to extend. I am very happy 
with it.

--
Cordialement,
Pierre BARDOU

-Message d'origine-
De : owner-m...@openbsd.org  De la part de Rafael 
Possamai
Envoyé : vendredi 15 novembre 2019 14:35
À : Jan Betlach 
Cc : misc@openbsd.org
Objet : Re: Home NAS

My experience with ZFS (FreeNAS for the most part) is that it becomes more 
"expensive" to expand your pool after the fact (for a couple of different 
reasons, see below), but if 5TB is all you're ever going to need in this 
specific case, I think you should be fine and can take advantage of ZFS 
features like you said.

I have sources for this at home (a couple of articles and link to a forum 
thread), but these are saved on my desktop at home. Just let me know and I'll 
share them with you later.

On Thu, Nov 14, 2019, 8:27 AM Jan Betlach  wrote:

>
> Hi guys,
>
> I am setting up a home NAS for five users. Total amount of data stored 
> on NAS will not exceed 5 TB.
> Clients are Macs and OpenBSD machines, so that SSHFS works fine from 
> both (no need for NFS or Samba).
> I am much more familiar and comfortable with OpenBSD than with FreeBSD.
> My dilema while stating the above is as follows:
>
> Will the OpenBSD’s UFS stable and reliable enough for intended 
> purpose? NAS will consist of just one encrypted drive, regularly 
> backed to hardware RAID encrypted two-disks drive via rsync.
>
> Should I byte the bullet and build the NAS on FreeBSD taking advantage 
> of ZFS, snapshots, replications, etc? Or is this an overkill?
>
> BTW my most important data is also backed off-site.
>
> Thank you in advance for your comments.
>
> Jan
>
>

_

Ce message et ses pieces jointes peuvent contenir des informations 
confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce 
message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages 
electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou 
falsifie. Merci.

This message and its attachments may contain confidential or privileged 
information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete 
this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been 
modified, changed or falsified.
Thank you.



Re: Do OpenBSD developers approve Isotop?

2019-10-14 Thread pierre1.bardou
Hello,

It seems there is a man/FAQ in english :
https://3hg.fr/Isos/isotop/isotop.man.html


--
Cordialement,
Pierre BARDOU

-Message d'origine-
De : owner-m...@openbsd.org  De la part de Stuart 
Longland Envoyé : lundi 14 octobre 2019 07:57 À : misc@openbsd.org Objet : Re: 
Do OpenBSD developers approve Isotop?

On 14/10/19 11:31 am, Clark Block wrote:
> Do OpenBSD developers approve Isotop?
> 
> If not, why OpenBSD developers don't approve Isotop?

Is there an English translation for those of us who don't speak French?
--
Stuart Longland (aka Redhatter, VK4MSL)

I haven't lost my mind...
   ...it's backed up on a tape somewhere.


_

Ce message et ses pieces jointes peuvent contenir des informations 
confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce 
message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages 
electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou 
falsifie. Merci.

This message and its attachments may contain confidential or privileged 
information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete 
this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been 
modified, changed or falsified.
Thank you.



Re: Iked and PKCS7

2019-09-09 Thread pierre1.bardou
Hello,

You can convert it to PEM format using openssl pkcs7.

--
Cordialement,
Pierre BARDOU

-Message d'origine-
De : owner-m...@openbsd.org  De la part de Tristan Pilat
Envoyé : lundi 9 septembre 2019 10:03
À : misc@openbsd.org
Objet : Iked and PKCS7

Hello all,

It's the first time I'm trying to set up a site-to-site IKEv2 VPN with a non 
OpenBSD device at the other side. I've been asked to provide a CSR,  then they 
sent me a PKCS7 certificate in return.

Is there any way to install this kind of certificate with iked? If so, how do I 
proceed?

Thank you for your help.

Cheers,
-- 
Tristan


_

Ce message et ses pieces jointes peuvent contenir des informations 
confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce 
message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages 
electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou 
falsifie. Merci.

This message and its attachments may contain confidential or privileged 
information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete 
this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been 
modified, changed or falsified.
Thank you.



IPsec performance regression between 6.3 and 6.4

2019-07-17 Thread pierre1.bardou
Hello,

I'm currently doing some IPsec performance testing between OpenBSD 6.3 and 6.5.
Dmesg and ipsec.conf is below for information.

Testing with iperf3 and 1500B packets, throughput drops around 1/3, from 919 
Mbps to 623 Mbps.
I also tried 6.4, which has similar perfomance to 6.5.
I went through plus64.html without finding a change that could explain this.


Could someone explain me what caused such a performance drop ?
Is there any solutions or plans to get the original performance back ?

Thank you


root@bsdWAN ~ # cat /etc/ipsec.conf
# Conf transport
ike esp transport proto gre \
  from 192.168.3.254 to 192.168.3.1 peer 192.168.3.1 \
  main auth hmac-sha2-256 enc aes-256 group modp1024 lifetime 86400 \
  quick auth hmac-sha2-256 enc aes-256 group modp1024 lifetime 28800 \
  psk "mekmitasdigoat"

root@bsdWAN ~ # dmesg
OpenBSD 6.5 (GENERIC.MP) #2: Tue May 14 10:19:35 UTC 2019
root@openbsd65.local:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 8395776000 (8006MB)
avail mem = 8131694592 (7754MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.8 @ 0x8ef68000 (45 entries)
bios0: vendor Dell Inc. version "1.4.5" date 08/09/2016
bios0: Dell Inc. PowerEdge R330
acpi0 at bios0: rev 2
acpi0: sleep states S0 S5
acpi0: tables DSDT FACP BOOT SSDT SLIC HPET LPIT APIC MCFG WDAT SSDT DBGP DBG2 
SSDT SSDT SSDT SSDT SSDT SSDT PRAD HEST BERT ERST EINJ DMAR FPDT
acpi0: wakeup devices PEGP(S0) PEG0(S0) PEGP(S0) PEG1(S0) PEGP(S0) PEG2(S0) 
XHC_(S0) XDCI(S0) PXSX(S0) RP01(S0) PXSX(S0) RP02(S0) PXSX(S0) RP03(S0) 
PXSX(S0) RP04(S0) [...]
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpihpet0 at acpi0: 2399 Hz
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Xeon(R) CPU E3-1220 v5 @ 3.00GHz, 3293.54 MHz, 06-5e-03
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 24MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1, IBE
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Xeon(R) CPU E3-1220 v5 @ 3.00GHz, 3292.34 MHz, 06-5e-03
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN
cpu1: 256KB 64b/line 8-way L2 cache
cpu1: smt 0, core 1, package 0
cpu2 at mainbus0: apid 4 (application processor)
cpu2: Intel(R) Xeon(R) CPU E3-1220 v5 @ 3.00GHz, 3292.34 MHz, 06-5e-03
cpu2: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN
cpu2: 256KB 64b/line 8-way L2 cache
cpu2: smt 0, core 2, package 0
cpu3 at mainbus0: apid 6 (application processor)
cpu3: Intel(R) Xeon(R) CPU E3-1220 v5 @ 3.00GHz, 3292.34 MHz, 06-5e-03
cpu3: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN
cpu3: 256KB 64b/line 8-way L2 cache
cpu3: smt 0, core 3, package 0
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins
acpimcfg0 at acpi0
acpimcfg0: addr 0xe000, bus 0-255
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt0: no apic found for irq 32
acpiprt0: no apic found for irq 33
acpiprt0: no apic found for irq 34
acpiprt1 at acpi0: bus 1 (PEG0)
acpiprt2 at acpi0: bus 2 (PEG1)
acpiprt3 at acpi0: bus 3 (PEG2)
acpiprt4 at acpi0: bus -1 (RP01)
acpiprt5 at acpi0: bus -1 (RP02)
acpiprt6 at acpi0: bus -1 (RP03)
acpiprt7 at acpi0: bus -1 (RP04)
acpiprt8 at