Re: One of the CARP interfaces stopped sending ARP replies on OpenBSD 6.0

2016-12-06 Thread Rafał Błaszczyk
W dniu 06.12.2016 o 14:40, Martin Pieuchot pisze: On 06/12/16(Tue) 13:48, Rafał Błaszczyk wrote: At first I would like to say hello and greet everyone as this is my first post here. I am having strange issues with one of the CARP interfaces. I have two OpenBSD boxes (fw1, fw2) running as HA

Re: autoupgrade without all sets

2016-12-06 Thread Alexander Hall
On December 6, 2016 1:10:47 PM GMT+01:00, Stuart Henderson wrote: >On 2016-12-06, Erling Westenvik wrote: >> On Tue, Dec 06, 2016 at 12:27:33AM -0800, jungle boogie wrote: >>> Reading the autoinstall page for openbsd, I don't see how I can

Re: autoupgrade without all sets

2016-12-06 Thread jungle Boogie
Hi Stuart, Erling, Alexander, On 6 December 2016 at 04:10, Stuart Henderson wrote: > On 2016-12-06, Erling Westenvik wrote: >> On Tue, Dec 06, 2016 at 12:27:33AM -0800, jungle boogie wrote: >>> Reading the autoinstall page for openbsd, I don't

Re: IPSEC from behind NAT stage 2 failure

2016-12-06 Thread Florian Ermisch
Am 6. Dezember 2016 23:38:31 MEZ, schrieb Damian McGuckin : > On Tue, 6 Dec 2016, Robert Szasz wrote: > > > I'll try it, but that would be a problem if I have to add the local > > address for any machine that wants to connect. I assume there is a > way > > to work through

Re: One of the CARP interfaces stopped sending ARP replies on OpenBSD 6.0

2016-12-06 Thread Rafał Błaszczyk
After incorporating routing into carp1 device configuration fw2 booted with ARP entry for carp1. I need to test it a little more but that could solve the case. I don't know how it was working in 5.8. Yes, that was it. Setting the routing in physical device configuration (vio1) to

Re: Can not read NTPd timedelta from NMEA device by sysctl hw.sensors.nmea0

2016-12-06 Thread Chris Cappuccio
Mihai Popescu [mih...@gmail.com] wrote: > | # ldattach -s 9600 nmea /dev/cuaU2 > > Did you try with /dev/cua00, /dev/cua01, ... > > I think /dev/cuaXX means XX are numbers. if he's using a USB adapter, cuaU2 could be correct, if he has two other usb serial adapters plugged in at least

Re: Can not read NTPd timedelta from NMEA device by sysctl hw.sensors.nmea0

2016-12-06 Thread Mihai Popescu
| # ldattach -s 9600 nmea /dev/cuaU2 Did you try with /dev/cua00, /dev/cua01, ... I think /dev/cuaXX means XX are numbers.

Re: LibC openBSD affected ?

2016-12-06 Thread Todd C. Miller
On Tue, 06 Dec 2016 20:40:47 +, carlos albino garcia grijalba wrote: > its openbsd affected by http://tinyurl.com/js2vd28 ? Yes, the same code is present in OpenBSD. - todd

Re: One of the CARP interfaces stopped sending ARP replies on OpenBSD 6.0

2016-12-06 Thread Rafał Błaszczyk
W dniu 06.12.2016 o 14:40, Martin Pieuchot pisze: On 06/12/16(Tue) 13:48, Rafał Błaszczyk wrote: At first I would like to say hello and greet everyone as this is my first post here. I am having strange issues with one of the CARP interfaces. I have two OpenBSD boxes (fw1, fw2) running as HA

Re: One of the CARP interfaces stopped sending ARP replies on OpenBSD 6.0

2016-12-06 Thread Rafał Błaszczyk
On 06.12.2016 14:10, Stefan Sperling wrote: Does 'ifconfig vio1 down' followed by 'ifconfig vio1 up' restore ARP? This is likely the CARP/ARP regression recently fixed in -current which is fixed by the following patch. See http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys/net/route.c revisions

Re: IPSEC from behind NAT stage 2 failure

2016-12-06 Thread Damian McGuckin
On Tue, 6 Dec 2016, Robert Szasz wrote: I'll try it, but that would be a problem if I have to add the local address for any machine that wants to connect. I assume there is a way to work through NAT because picked up nat-t and works for phase 1. I was hoping I had just missed a parameter in

autoupgrade without all sets

2016-12-06 Thread jungle boogie
Hi All, Reading the autoinstall page for openbsd, I don't see how I can select what packages are installed. Does that mean all packages will be installed and subsequent upgrades will also download and install all packages? http://man.openbsd.org/OpenBSD-current/man8/autoinstall.8 Thanks,

Re: autoupgrade without all sets

2016-12-06 Thread Erling Westenvik
On Tue, Dec 06, 2016 at 12:27:33AM -0800, jungle boogie wrote: > Reading the autoinstall page for openbsd, I don't see how I can select what > packages are installed. Does that mean all packages will be installed and > subsequent upgrades will also download and install all packages? When

Re: IPSEC from behind NAT stage 2 failure

2016-12-06 Thread Florian Ermisch
Hi Robert, Am 6. Dezember 2016 03:05:34 MEZ, schrieb Robert Szasz : > I'm trying to set up an L2TP/IPSEC tunnel for roaming windows users to > > tunnel in to our office network. > > I'm testing with the following setup > > Win10 ->obsd5.9(firewall doing

Re: IPSEC from behind NAT stage 2 failure

2016-12-06 Thread Florian Ermisch
Am 6. Dezember 2016 10:04:34 MEZ, schrieb Florian Ermisch : > Hi Robert, > > Am 6. Dezember 2016 03:05:34 MEZ, schrieb Robert Szasz > : > > I'm trying to set up an L2TP/IPSEC tunnel for roaming windows users > to > > > > tunnel in to our

Re: One of the CARP interfaces stopped sending ARP replies on OpenBSD 6.0

2016-12-06 Thread Stefan Sperling
On Tue, Dec 06, 2016 at 01:48:27PM +0100, Rafał Błaszczyk wrote: > One of CARP interfaces stopped responding on ARP requests on CARP IP - it's > carp1 > > running on physical dev vio1 which is also running pfsync on top. > What I've already checked: > > - ifconfig down and up on carp1 does not

Re: One of the CARP interfaces stopped sending ARP replies on OpenBSD 6.0

2016-12-06 Thread Martin Pieuchot
On 06/12/16(Tue) 13:48, Rafał Błaszczyk wrote: > At first I would like to say hello and greet everyone as this is my first > post here. > > I am having strange issues with one of the CARP interfaces. > > I have two OpenBSD boxes (fw1, fw2) running as HA firewalls with CARP > interfaces in each

Re: autoupgrade without all sets

2016-12-06 Thread Stuart Henderson
On 2016-12-06, Erling Westenvik wrote: > On Tue, Dec 06, 2016 at 12:27:33AM -0800, jungle boogie wrote: >> Reading the autoinstall page for openbsd, I don't see how I can select what >> packages are installed. Does that mean all packages will be installed and >>

Re: IPSEC from behind NAT stage 2 failure

2016-12-06 Thread Robert Szasz
I'll try it, but that would be a problem if I have to add the local address for any machine that wants to connect. I assume there is a way to work through NAT because picked up nat-t and works for phase 1. I was hoping I had just missed a parameter in the ipsec.conf to get phase 2 working.

One of the CARP interfaces stopped sending ARP replies on OpenBSD 6.0

2016-12-06 Thread Rafał Błaszczyk
At first I would like to say hello and greet everyone as this is my first post here. I am having strange issues with one of the CARP interfaces. I have two OpenBSD boxes (fw1, fw2) running as HA firewalls with CARP interfaces in each VLAN. Both boxes are running on two Linux KVM (Proxmox

LibC openBSD affected ?

2016-12-06 Thread carlos albino garcia grijalba
its openbsd affected by http://tinyurl.com/js2vd28 ? Vulnerability Note VU#548487 - BSD libc contains a buffer overflow vulnerability tinyurl.com The BSD libc library is vulnerable to a classic buffer overflow.

Re: One of the CARP interfaces stopped sending ARP replies on OpenBSD 6.0

2016-12-06 Thread Rafał Błaszczyk
How does your /etc/hostname.carp1 look like? passwords masked (it's the same unique password on both nodes): fw1: inet 10.24.5.1 255.255.255.0 10.24.5.255 vhid 55 carpdev vio1 pass fw2: inet 10.24.5.1 255.255.255.0 10.24.5.255 vhid 55 carpdev vio1 pass advskew 128 I was wondering if the