Re: what happened to the encap address_family
Tank You for the authoritative answer, so we will have to get used to the, let say new, ipsecctl output. Also good to know that monitoring tools have to look some elsewhere to see VPN and routing is up :) Instead of waking 12 people at 1:00 AM :) Anyway, in my opinion this king of exercises are healthy :) Than we can have a beer at 8:00 AM and have working day behind LOL Good news that OpenBSD is following best practices - as always :) Seriously - good job as always - users have to adapt - evolution or death Best regards and good luck Micha³ Koc -- Wiadomo¶æ oryginalna -- *Temat: *Re: what happened to the encap address_family *Nadawca: *Theo de Raadt dera...@cvs.openbsd.org *Adresat: *Micha³ Koc m...@dclog.pl *Kopia: *Fred open...@crowsons.com, Boris Goldberg bo...@twopoint.com, misc@openbsd.org *Data: *2015-05-16 01:04 Let me repeat myself: anyone CAPABLE to answer (and understand the question) ? I really admire and appreciate your (misc) commitment. netstat was largely rewritten to not use kvm snooping. It now only gets information from the kernel via sysctl. The result is that it does not race against the kernel in uncomfortable ways, shows atomic data, and loses a setgid bit. A few pieces of functionality went away. I believe ipsecctl will show you what you need. -- Micha³ Koc Head of System Development Mobile: +48 886 566 357 E-mail: m...@dclog.pl WWW:http://www.dclog.pl/ perl -e 'for($i=0;$i16;){push@b,\e[.($i3).;.($i++%8+30).m#}for($C=15;--$C-15;print\n){for($c=-51;++$c25;print$b[--$k%16]){for($k=$z=$Z=0;$t=$z**2-$Z**2+$c/25,$Z=2*$z*$Z+$C/10,++$k113$t**2+$Z**2=10;$z=$t){}}}print\e[0m' *DCLOG Sp. z o.o.* 03-934 Warszawa, ul. W±chocka 1M NIP 1132851126, REGON 145879741 KRS 401936 S±d Rejonowy dla m. st. Warszawa, XIII Wydz. Gospodarczy Kapita³ zak³adowy spó³ki: 75.000 z³ op³acony w ca³o¶ci Informacja ta jest poufna i mo¿e zawieraæ materia³y objête prawem autorskim. Ostrzegamy, i¿ kopiowanie lub dystrybucja tej wiadomo¶ci s± dozwolone tylko przez adresata. Je¶li nie s± Pañstwo adresatami tej informacji, prosimy o szybkie poinformowanie o tym nadawcy poczt± elektroniczn± lub telefonicznie pod nr +48 886 566 357 i skasowanie wiadomo¶ci.
Re: what happened to the encap address_family
On 05/15/15 21:13, Michał Koc wrote: Hello misc, anyone capable to answer ? Best regards MichaÅ‚ Koc -- Wiadomość oryginalna -- *Temat: *what happened to the encap address_family *Nadawca: *Boris Goldberg bo...@twopoint.com *Adresat: *misc@openbsd.org *Data: *2015-05-14 18:14 Hello misc, The encap address_family isn't in the netstat man page anymore (BTW, there is no 5.7 section at www.openbsd.org/cgi-bin/man.cgi, just current). The netstat -nrf encap gives an error, the netstat -nr doesn't have the Encap section. Don't see anything about netstat nor about encap at http://www.openbsd.org/57.html, the google also didn't help. How do I check VPN related routing besides ipsecctl -s flow (which isn't exactly the strait way) ? do you mean: man 4 enc as in: port:fred ~ ifconfig enc enc0: flags=0 priority: 0 groups: enc status: active
Re: what happened to the encap address_family
Hi misc, Let me repeat myself: anyone CAPABLE to answer (and understand the question) ? I really admire and appreciate your (misc) commitment. Best regards MichaÅ Koc -- WiadomoÅÄ oryginalna -- *Temat: *Re: what happened to the encap address_family *Nadawca: *Fred open...@crowsons.com *Adresat: *MichaÅ Koc m...@dclog.pl, Boris Goldberg bo...@twopoint.com, misc@openbsd.org *Data: *2015-05-16 00:25 On 05/15/15 21:13, MichaÅ Koc wrote: Hello misc, anyone capable to answer ? Best regards Michaà â Koc -- Wiadomoà âºÃâ¡ oryginalna -- *Temat: *what happened to the encap address_family *Nadawca: *Boris Goldberg bo...@twopoint.com *Adresat: *misc@openbsd.org *Data: *2015-05-14 18:14 Hello misc, The encap address_family isn't in the netstat man page anymore (BTW, there is no 5.7 section at www.openbsd.org/cgi-bin/man.cgi, just current). The netstat -nrf encap gives an error, the netstat -nr doesn't have the Encap section. Don't see anything about netstat nor about encap at http://www.openbsd.org/57.html, the google also didn't help. How do I check VPN related routing besides ipsecctl -s flow (which isn't exactly the strait way) ? do you mean: man 4 enc as in: port:fred ~ ifconfig enc enc0: flags=0 priority: 0 groups: enc status: active -- MichaÅ Koc Head of System Development Mobile: +48 886 566 357 E-mail: m...@dclog.pl WWW:http://www.dclog.pl/ perl -e 'for($i=0;$i16;){push@b,\e[.($i3).;.($i++%8+30).m#}for($C=15;--$C-15;print\n){for($c=-51;++$c25;print$b[--$k%16]){for($k=$z=$Z=0;$t=$z**2-$Z**2+$c/25,$Z=2*$z*$Z+$C/10,++$k113$t**2+$Z**2=10;$z=$t){}}}print\e[0m' *DCLOG Sp. z o.o.* 03-934 Warszawa, ul. WÄ chocka 1M NIP 1132851126, REGON 145879741 KRS 401936 SÄ d Rejonowy dla m. st. Warszawa, XIII Wydz. Gospodarczy KapitaÅ zakÅadowy spóÅki: 75.000 zÅ opÅacony w caÅoÅci Informacja ta jest poufna i może zawieraÄ materiaÅy objÄte prawem autorskim. Ostrzegamy, iż kopiowanie lub dystrybucja tej wiadomoÅci sÄ dozwolone tylko przez adresata. JeÅli nie sÄ PaÅstwo adresatami tej informacji, prosimy o szybkie poinformowanie o tym nadawcy pocztÄ elektronicznÄ lub telefonicznie pod nr +48 886 566 357 i skasowanie wiadomoÅci.
Re: what happened to the encap address_family
Let me repeat myself: anyone CAPABLE to answer (and understand the question) ? I really admire and appreciate your (misc) commitment. netstat was largely rewritten to not use kvm snooping. It now only gets information from the kernel via sysctl. The result is that it does not race against the kernel in uncomfortable ways, shows atomic data, and loses a setgid bit. A few pieces of functionality went away. I believe ipsecctl will show you what you need.
Re: what happened to the encap address_family
On 2015-05-14, Boris Goldberg bo...@twopoint.com wrote: The encap address_family isn't in the netstat man page anymore. The netstat -nrf encap gives an error, the netstat -nr doesn't have the Encap section. Yes, this has been excised from netstat(1). How do I check VPN related routing besides ipsecctl -s flow (which isn't exactly the strait way) ? That's exactly the intended way. -- Christian naddy Weisgerber na...@mips.inka.de
Re: what happened to the encap address_family
Hello misc, anyone capable to answer ? Best regards MichaÅ Koc -- WiadomoÅÄ oryginalna -- *Temat: *what happened to the encap address_family *Nadawca: *Boris Goldberg bo...@twopoint.com *Adresat: *misc@openbsd.org *Data: *2015-05-14 18:14 Hello misc, The encap address_family isn't in the netstat man page anymore (BTW, there is no 5.7 section at www.openbsd.org/cgi-bin/man.cgi, just current). The netstat -nrf encap gives an error, the netstat -nr doesn't have the Encap section. Don't see anything about netstat nor about encap at http://www.openbsd.org/57.html, the google also didn't help. How do I check VPN related routing besides ipsecctl -s flow (which isn't exactly the strait way) ? -- MichaÅ Koc Head of System Development Mobile: +48 886 566 357 E-mail: m...@dclog.pl WWW:http://www.dclog.pl/ perl -e 'for($i=0;$i16;){push@b,\e[.($i3).;.($i++%8+30).m#}for($C=15;--$C-15;print\n){for($c=-51;++$c25;print$b[--$k%16]){for($k=$z=$Z=0;$t=$z**2-$Z**2+$c/25,$Z=2*$z*$Z+$C/10,++$k113$t**2+$Z**2=10;$z=$t){}}}print\e[0m' *DCLOG Sp. z o.o.* 03-934 Warszawa, ul. WÄ chocka 1M NIP 1132851126, REGON 145879741 KRS 401936 SÄ d Rejonowy dla m. st. Warszawa, XIII Wydz. Gospodarczy KapitaÅ zakÅadowy spóÅki: 75.000 zÅ opÅacony w caÅoÅci Informacja ta jest poufna i może zawieraÄ materiaÅy objÄte prawem autorskim. Ostrzegamy, iż kopiowanie lub dystrybucja tej wiadomoÅci sÄ dozwolone tylko przez adresata. JeÅli nie sÄ PaÅstwo adresatami tej informacji, prosimy o szybkie poinformowanie o tym nadawcy pocztÄ elektronicznÄ lub telefonicznie pod nr +48 886 566 357 i skasowanie wiadomoÅci.
what happened to the encap address_family
Hello misc, The encap address_family isn't in the netstat man page anymore (BTW, there is no 5.7 section at www.openbsd.org/cgi-bin/man.cgi, just current). The netstat -nrf encap gives an error, the netstat -nr doesn't have the Encap section. Don't see anything about netstat nor about encap at http://www.openbsd.org/57.html, the google also didn't help. How do I check VPN related routing besides ipsecctl -s flow (which isn't exactly the strait way) ? -- Best regards, Boris mailto:bo...@twopoint.com