Hi,
I'm evaluating DSR with route to redirection on relayd on two carped boxes (kvm
VMs) with current.
Don't jump on me... The project is for a high volume download (http/ftp/rsync)
server (mostly mirror/isos, including OpenBSD) and it would be nice if the
streams are not get passed back throu
Following current on vlan change from vlan to vnetid,
this is in quite some time now right?
I see this
https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys/net/if_vlan.c?rev=1.161&content-type=text/x-cvsweb-markup
which is Fri Apr 15 04:29:59 2016
Apparently the old configuration vlan N vlandev
s
Hi,
I've got this today after applying Jul 2 snapshot
sha256: cannot open /var/db/kernel.SHA256: No such file or directory
sha256: /bsd does not exist in /var/db/kernel.SHA256
upgrade was "without the install kernel"
https://www.openbsd.org/faq/upgrade61.html#NoInstKern
G
On 03/07/17 12:45, Paul de Weerd wrote:
> On Mon, Jul 03, 2017 at 11:52:09AM +0300, Kapetanakis Giannis wrote:
> | Hi,
> |
> | I've got this today after applying Jul 2 snapshot
> |
> | sha256: cannot open /var/db/kernel.SHA256: No such file or directory
> | sha256: /bsd
Hi,
Just upgraded a set of my firewalls that also do dhcrelay to -current.
The program stopped working ok. Some dhcp requests where being forwarded some
not.
tcpdump was showing the request on internal interface but I couldn't see the
request being forwarded on the external interface.
For some
On 04/07/17 19:09, Reyk Floeter wrote:
> First of all, please send a proper bug reports to bugs@, not misc.
> "It used to work but now it doesn't" is not very helpful.
>
> Could you share your actual configuration or, even better, provide a
> simplified way to reproduce your problem? rzalamena, m
On 04/07/17 19:09, Reyk Floeter wrote:
> Could you try again with the attached diff? It doesn't change
> behavior but it adds some chatty logging when a packet is rejected.
> Maybe it helps to find the issue.
>
> Reyk
I've send the bug report as detailed as I could.
In a few words, applying you
On 05/07/17 12:45, Reyk Floeter wrote:
>
>> On 05.07.2017, at 11:41, Kapetanakis Giannis
>> wrote:
>>
>> On 04/07/17 19:09, Reyk Floeter wrote:
>>> Could you try again with the attached diff? It doesn't change
>>> behavior but it adds some chat
On 07/07/17 15:35, Per-Olov Sjöholm wrote:
> Hi
>
> I have config like this on an internal interface since 5 year back in time
> that together with my VLAN enabled Cisco and Zyxel switches route traffic
> around in my network. I run OpenBSD 6.0 AMD64 at the moment.
>
> cat /etc/hostname.em0
>
On 14/07/17 02:50, if...@airmail.cc wrote:
> Hi,
> I have recently read about WireGuard Protocol and it seems really
> interesting. Here's a description (from wireguard.io):
It's interesting indeed.
In advance in their roadmap they say:
"Eventually we'll work with OpenBSD to produce a component f
On 20/07/17 18:48, Consus wrote:
On 07:08 Thu 20 Jul, Kai Wetlesen wrote:
Because it's a nice way to apply configuration changes made to
/etc/sysctl.conf without restarting the whole server?
Systemctl doesn't offer hot reload unless the controlled daemon offers
the capability in the first place
On 12/09/17 03:58, Nan Xiao wrote:
> Hi all,
>
> Greetings from me!
>
> I want to run dmidecode (https://github.com/mirror/dmidecode) on OpenBSD
> 6.1, but executing it will report following errors:
I also need the output of dmidecode and I do the following in by boxes:
/etc/rc.securelevel:
if
I got this panic today after ping -R
I don't run pfsync
# ping -R www.google.com
panic: kernel diagnostic assertion "m0->m_flags & M_PKTHDR" failed: file
"/usr/src/sys/kern/uipc_mbuf.c", line 1344splassert: pfsync_update_state: want
1 have 256
pStopped at db_enter+0x5: popq%rbp
T
On 20/09/17 19:25, Visa Hankala wrote:
On Wed, Sep 20, 2017 at 02:26:56PM +0300, Kapetanakis Giannis wrote:
I got this panic today after ping -R
I don't run pfsync
# ping -R www.google.com
panic: kernel diagnostic assertion "m0->m_flags & M_PKTHDR" failed: file
"/u
As it seems, WPA2 should be considered broken
[1] https://www.krackattacks.com/
[2]
https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt
according to [1] OpenBSD has silently released a patch
G
On 17/10/17 13:27, Christoph R. Murauer wrote:
> See https://marc.info/?l=openbsd-misc&m=150814941311682&w=2
>
> Use the search box for the mailing list - saves you time.
thanks, didn't follow that.
G
On 25/04/18 13:22, Jan Vlach wrote:
> Hello misc,
>
> has anybody Dell PowerEdge R430 or E440 running with OpenBSD? Is the
> hardware supported?
>
> I can't really get the exact chipsets from vendor to cross check with
> drivers in OpenBSD and I can't find dmesg or mention anywhere. (Checked
> d
On 09/05/18 13:36, Stuart Henderson wrote:
> On 2018/05/09 12:06, Jan Vlach wrote:
>> Hello Mirrors discuss list,
>>
>> it seems that ftp2.eu.openbsd.org is missing syspatches 6 and 7 in
>> https://ftp2.eu.openbsd.org/pub/OpenBSD/syspatch/6.3/amd64
>>
>> Latest snapshot in /pub/OpenBSD/snapshots/a
On 08/06/18 02:51, justina colmena wrote:
> On June 7, 2018 3:27:30 PM AKDT, Johannes Krottmayer wrote:
> " ... it is our intent that anyone be able to use these images to represent
> OpenBSD in a positive light -- but do not make profit from them "
>
> The no-profit clause is new. Sounds l
On 07/06/18 20:04, Kollar Arpad wrote:
> Hello,
>
> http://www.drdobbs.com/halted-firewalls/199101324
>
> What do you think of it? :) any similar feature in OpenBSD? :D
you might be interested in securelevel(7)
G
Hi,
I'm trying to evaluate a new setup with 4 routers. This test setup is on VMs
with Jun/7 snapshot.
|--- R2 ---
R1 |--- R4
|--- R3 ---
See here for better view: https://imgur.com/a/ddyEQPb
R2, R3, R4 are on a shared network and do ospf
R2, R3 have a static default route to R1 (-p
On 19/06/18 19:47, Stuart Henderson wrote:
On 2018-06-19, Leo Unglaub wrote:
i have searched the list archive and found some similar reports but none
of them found a solution for the problem. (at least not the threads i
have found)
I run some OpenBSD 6.3 instances in a virtual environment. The
On 20/06/18 17:03, Leo Unglaub wrote:
Hey,
thank you very much for the link. I have forwarded it to the support
staff at the datacenter. I hope they apply it very quickly. I let you
know if this fixes the problem.
Thanks and greetings
Leo
On 06/19/18 21:21, Kapetanakis Giannis wrote:
They
Thanks for the latest changes on ospfd/ospf6d especially for 'depend on' for v6
While you're there can you please also see if you can add the following change.
I've tried to make a diff but failed.
bgpd provides fib-priority to set the routing priority which is useful.
Would you please add it als
On 13/09/18 16:25, Allan Streib wrote:
> I need to set up DHCP for several VLANs. The server has 1 physical
> interface (bnx1) available for this.
>
> My naive thought is I create the vlans with bnx1 as the "parent", e.g.
>
> /etc/hostname.vlan101:
> inet 172.16.101.253 255.255.255.0 NONE parent
On 19/10/18 21:01, Shawn Southern wrote:
> So apparently this works... I was expecting relayd to listen on those ports,
> but I'm guessing that since it hooks through pf, that's not necessary.
>
> -Original Message-
> From: owner-m...@openbsd.org On Behalf Of Shawn
> Southern
> Sent: Oc
Hi,
after upgrading one of my bind (cache resolver) machines to 6.4 (release) I'm
getting these errors quite often:
Nov 16 15:55:14 server named[30616]: client: warning: client @0x6591da02440
xxx.xxx.xxx.xxx#39702 (a1928.d.akamai.net): error sending response: would block
https://kb.isc.org/doc
On 19/11/2018 12:30, Stuart Henderson wrote:
> On 2018-11-16, Kapetanakis Giannis wrote:
>> Hi,
>>
>> after upgrading one of my bind (cache resolver) machines to 6.4 (release)
>> I'm getting these errors quite often:
>>
>> Nov 16 15:55:14
On 20/05/2020 11:23, Henrik Krysteli Semark wrote:
> Did the same on my edge firewalls two days ago, with sysupgrade.
>
> It just works flawlessly!
>
+1
G
On 28/05/2020 07:16, Quantum Robin wrote:
Hi,
While surfing on the Google to learn more about OpenBSD, I encountered this
one: "OpenBSD: Not Free Not Fuctional and Definetly Not Secure (
https://aboutthebsds.wordpress.com/2013/01/25/20/)
Is the author telling the truth? Or just yet another anti
Hi,
I'm trying to update a Fujitsu RX200 S6 server from 6.6->6.7 and I'm having
problems.
via sysupgrade boot of upgrade kernel stops (no hung, no ddb) at
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
com0: console
pckbc0 at isa0 port 0x60/5 irq 1 irq 12
pcppi0 at isa0 port 0x61
Wit
iide1: using apic 0 int 17 for native-PCI interrupt
atapiscsi0 at pciide1 channel 1 drive 0
scsibus3 at atapiscsi0: 2 targets
cd0 at scsibus3 targ 0 lun 0: removable
cd0(pciide1:1:0): using PIO mode 4, Ultra-DMA mode 5
usb2 at uhci0: USB revision 1.0
uhub2 at usb2 configuration 1 interface 0 "Int
On 10/06/2020 12:03, Valdrin MUJA wrote:
> Hi Misc,
>
> I want to disable OpenBSD Login prompt at startup -and also after logging
> out-. Because I want to run my external program instead of ksh. There is an
> login prompt also in my program and I want to use it.
>
> I updated the /etc/ttys ;
>
>
On 10/06/2020 12:52, Valdrin MUJA wrote:
> Sorry for lack of information,
>
> Firstly, my program is a kind of interactive shell which has own login
> prompt. What I want to do is run my program on startup and do not use OpenBSD
> login prompt.
>
> When I use "chsh", firstly OpenBSD Login Prompt
Hi,
My setup in relayd is like this:
redirect radius {
listen on $radius_addr udp port radius interface $ext_if
pftag RELAYD_radius
sticky-address
forward to mode least-states check icmp demote carp
}
redirect radacct {
listen on $radius_addr udp port radacct interface $ext_if
On 04/07/2020 14:59, Brian Brombacher wrote:
On Jul 3, 2020, at 3:34 AM, Kapetanakis Giannis
wrote:
Hi,
My setup in relayd is like this:
redirect radius {
listen on $radius_addr udp port radius interface $ext_if
pftag RELAYD_radius
sticky-address
forward to mode least-states check
On 25/07/2020 11:28, Martin wrote:
Hi,
Sometimes dedicated VMs need fixed (the same) IP address assigned by dhcpd
every run. I don't know how to achieve this by dhcpd configured. Every VM
reboot it gets different IP. OpenBSD guests changes their IPs even without
reboot, right in runtime.
For
I've managed to track this a little bit further.
Boot stop and waits until I connect to the server's java console on the iRMC.
Upon connect, even with wrong username/password virtual keyboard is attached
and boot continues. There seems to be some kind of infinite loop...
I've checked various op
Hi,
Today I found out that I was able to disable/enable hosts by name instead of id
:)
It would be nice if it worked when a host is mentioned in multiple
redirects/tables (ie different ports):
Id Type Name Avlblty Status
3 redirect mx-smt
On 23/10/2019 19:14, Predrag Punosevac wrote:
> Hi Misc,
>
> I just upgraded a LDAP server from 6.5 to 6.6 running authorization and
> authentication services for a 100 some member university research group.
> It appears TLS handshake is broken. This worked perfectly on 6.5 and
> earlier.
>
> titan
On 15/12/2019 21:57, Denis Fondras wrote:
Hi,
I have this setup :
em3: flags=8843 mtu 1500
lladdr
index 4 priority 0 llprio 3
media: Ethernet autoselect (1000baseSX full-duplex)
status: active
inet6 fe80::aa9:b803:8a7a:ca72%em3 prefixlen 64 scopeid 0
Hi,
Is IPFIX removed from pflow in 6.6?
# ifconfig pflow0 pflowproto 10
ifconfig: SIOCSETPFLOW: Can't assign requested address
pflow(4) still mentions it.
regards,
Giannis
On 04/03/2020 18:35, Florian Obser wrote:
> The ifconfig option parser is... special.
> You must set flowdst as well as pflowproto.
my bad.
the problem was the src IP which was changed and the change wasn't reflected in
the hostname.pflow0
sorry for the noise
G
On 05/10/15 14:35, David Coppa wrote:
On Mon, Oct 5, 2015 at 1:18 PM, C.L. Martinez wrote:
Hi all,
I have installed an openbsd vm to works as a hostap for tablets and
smartphones (android and iOS).
All it is working ok: pf, hostapd and dhcpd server. All tablets and
smartphones that I have
On 05/10/15 16:26, laudarch wrote:
I made a custom implementation and a diff to authpf, will share that
later just in case anyone wants it.
I hope this helps you, it pretty simple
http://bastienceriani.fr/?p=70
That's nice, but how do you log-out inactive users/IPs?
There is no such option in
On 06/10/15 01:04, Abel Abraham Camarillo Ojeda wrote:
That's nice, but how do you log-out inactive users/IPs?
There is no such option in pf
a) expire after a certain amount of time and/or
pfctl -t loggedusers -T expire 3600 # expire after one hour,
regardless of activity
you're right on this.
On 08/10/15 23:17, Predrag Punosevac wrote:
Somebody will correct me if I am wrong but the way that Authpf works (I
have configured it in the past) is to load a new set of PF rules after
successful ssh login. My understanding is that by default the traffic
remains unencrypted unless we use more P
Hi,
Is there a problem with table counters and NAT? I don't have any
counters at all.
I have a table which has counters enabled
# pfctl -sT -v|grep nat_users
--a-r-C nat_users
I also have pf rules that reference this table.
@100 pass out quick on vlan123 inet proto tcp from port >
1023 to
On 20/11/15 15:12, Martin Pieuchot wrote:
I just committed a revert to 1.305 keeping the API changes needed for
the driver to build.
This should bring your stability back, please let us know if that's not
the case.
I'm sorry for your troubles.
Hi,
I've upgraded yesterday to Dec 6 snapshot an
On 08/12/15 19:39, Chris Cappuccio wrote:
Kapetanakis Giannis [bil...@edu.physics.uoc.gr] wrote:
On 20/11/15 15:12, Martin Pieuchot wrote:
I just committed a revert to 1.305 keeping the API changes needed for
the driver to build.
This should bring your stability back, please let us know if
On 08/12/15 21:47, Kapetanakis Giannis wrote:
The event happened only once and it's network recovered after a few
seconds. no reboot.
G
Well that didn't last long.
Today I found the server hanged at ddb after a new watchdog timeout on em0.
Keyboard was not working so I could n
On 09/12/15 15:13, Friedrich Locke wrote:
What is/are the alternative(ies) for kerberos on openbsd ? (Since is was
removed from the distribution).
Thanks.
Don't know if you can compile it, but the commit-remove msg is all time
classic :)
http://marc.info/?l=openbsd-cvs&m=139816103911227&w=2
On 09/12/15 10:42, Kapetanakis Giannis wrote:
On 08/12/15 21:47, Kapetanakis Giannis wrote:
The event happened only once and it's network recovered after a few
seconds. no reboot.
G
Well that didn't last long.
Today I found the server hanged at ddb after a new watchdog timeo
On 15/12/15 18:07, Alessandro Baggi wrote:
Hi list,
I've a firewall on an apu1D running OpenBSD.
Today during a simple management, I've noticed that the system is up
since 1 day and 23 hours. Running "cat authlog" I see that the last
two logged session are:
Dec 2 at 12 and today.
Running "las
Hi,
Problem is still here with Dec 16 snapshot.
Dec 17 13:08:20 server /bsd: OpenBSD 5.8-current (GENERIC.MP) #1494: Wed
Dec 16 12:13:03 MST 2015
Dec 17 13:08:20 server /bsd:
dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC.MP
Dec 17 13:08:20 server /bsd: cpu0: Intel(R) Pentium(
Hi,
Is there a quick way to find the exact states or state number created by
a specific rule(s) without parsing the whole state table (pfctl -ss -vv)?
I've tried loading the rules I'm concerned about in a separate anchor
but that didn't work
pfctl -a foo -ss
thanks
G
On 11/01/16 13:27, Stuart Henderson wrote:
On 2016-01-11, Kapetanakis Giannis wrote:
Hi,
Is there a quick way to find the exact states or state number created by
a specific rule(s) without parsing the whole state table (pfctl -ss -vv)?
I've tried loading the rules I'm concerned
Hi,
I'm constantly seeing this on my pf router.
rule 61/(ip-option) pass in on $ext_if: $ext_gw > 224.0.0.1: igmp query
[tos 0xc0] [ttl 1]
Rule 61 is:
@61 pass quick inet proto igmp from $ext_if:network to 224.0.0.1 keep
state (no-sync)
tcpdump on $ext_if shows:
$ext_gw > 224.0.0.1: igmp qu
On 21/01/16 12:40, Stefan Sperling wrote:
On Thu, Jan 21, 2016 at 12:27:06PM +0200, Kapetanakis Giannis wrote:
Hi,
I'm constantly seeing this on my pf router.
rule 61/(ip-option) pass in on $ext_if: $ext_gw > 224.0.0.1: igmp query [tos
0xc0] [ttl 1]
Rule 61 is:
@61 pass quick inet pr
On 21/01/16 13:15, Stuart Henderson wrote:
See pf.conf(5) "allow-opts".
thanx Stuart :)
that did the trick
G
On 10/02/16 09:45, Marc Peters wrote:
Hi list,
for my laptop, i created a trunk(4) interface with em0 and iwn0 as
members. IPv6 is provided on a separate vlan for now. Without trunking
the interfaces, the vlan interface comes up and everything's working fine:
~ $ sudo /bin/sh /etc/netstart vla
Hi,
I have a carped firewall which is using dhcrelay to forward dhcp
requests to another carped dhcp server.
After upgrade to Feb 4 snapshot I'm seeing these in my logs:
Feb 8 21:00:04 dhcrelay: send_packet: No buffer space available
Feb 9 16:47:02 dhcrelay: send_packet: No buffer space a
On 12/02/16 18:56, Stuart Henderson wrote:
On 2016-02-12, Kapetanakis Giannis wrote:
Hi,
I have a carped firewall which is using dhcrelay to forward dhcp
requests to another carped dhcp server.
After upgrade to Feb 4 snapshot I'm seeing these in my logs:
What version were you running b
On 12/02/16 18:56, Stuart Henderson wrote:
On 2016-02-12, Kapetanakis Giannis wrote:
Hi,
I have a carped firewall which is using dhcrelay to forward dhcp
requests to another carped dhcp server.
After upgrade to Feb 4 snapshot I'm seeing these in my logs:
What version were you running b
On 18/02/16 13:22, Peter Hessler wrote:
On 2016 Feb 18 (Thu) at 12:25:07 +0200 (+0200), Kapetanakis Giannis wrote:
:On 12/02/16 18:56, Stuart Henderson wrote:
:>On 2016-02-12, Kapetanakis Giannis wrote:
:>>Hi,
:>>
:>>I have a carped firewall which is using dhcrelay to for
On 18/02/16 15:52, Kapetanakis Giannis wrote:
On 18/02/16 13:22, Peter Hessler wrote:
How many bpf devices do you have? You may need to create more.
I have 20 bpf devices, 27 vlan interfaces, 27 carp interfaces, 17
dhcrelay processes.
wasn't there a message when bpf devides were
On 20/02/16 13:52, Stuart Henderson wrote:
Are the carp interfaces "up" (i.e. master) when you see these messages?
Yes always.
On both firewalls I have net.inet.carp.log=3 and I haven't logged any
carp up/down - MASTER/BACKUP transition messages.
On the other hand, on backup firewall I just
On 03/11/17 15:27, Jacob Leifman wrote:
>> KexAlgorithms +diffie-hellman-group1-sha1
>> Ciphers +aes128-cbc
>>
>> Regards
>>
>
> Hi,
>
> Not quite, I have the converse problem -- using the modern ssh client and
> being unable to connect to an older embedded ssh server. But your solution
> indica
On 22/12/17 17:36, Stuart Henderson wrote:
> The important part is the data itself.
> ...
> IMHO if anything is going to happen with this it's going to come
> from someone who just gets on and does it. Maybe someone who just
> throws a spreadsheet or something together to keep track of
> tech@/bug
On 23/12/17 12:24, Stuart Henderson wrote:
Forwarded? No way! Same for bugs@ as tech@. It needs manual work to
triage, identify what is a bug, follow up with the reporter to make
sure the report is accurate and has enough information to be useful.
Same whatever the entry point is. If reporters ca
Hi,
Has anyone tested newer i7 vs Xeon E5 performance comparison on forwarding?
All tests I've seen (mainly by Hrvoje Popovski) are on Xeon cpus.
I know that things are a moving target with UNLOCKing taking place but it would
be interesting to share any results if there are available.
regards,
On 10/01/18 20:55, Aham Brahmasmi wrote:
> Hi,
>
> What is the correct bitmask for the 224.0.0.0 Martian table entry in
> pf.conf?
>
> There are two bitmasks in two links on this page -
> http://www.team-cymru.org/bogon-reference-http.html. /3 in the The Text
> Bogon List, Aggregated and /4 in IP
Hi,
I've discovered something that looks like a bug in nat translation with
least-states or round-robin
Instead of using the nat-pool is uses wrong IPs
# pfctl -sr -R0
pass out log quick on vlan123 inet from xx.xx.xx.xx to 188.113.88.193 flags
S/SA tagged from_internal nat-to xx.xx.yy.24/29 le
On 23/01/18 11:08, Kapetanakis Giannis wrote:
> Hi,
>
> I've discovered something that looks like a bug in nat translation with
> least-states or round-robin
>
> Instead of using the nat-pool is uses wrong IPs
>
> # pfctl -sr -R0
> pass out log quick on
On 23/01/18 11:54, Kapetanakis Giannis wrote:
> On 23/01/18 11:08, Kapetanakis Giannis wrote:
>> Hi,
>>
>> I've discovered something that looks like a bug in nat translation with
>> least-states or round-robin
>>
>> Instead of using the nat-pool is uses
On 09/03/18 15:11, Denis wrote:
> By reading this article
> blog.rapid7.com/2013/07/02/a-penetration-testers-guide-to-ipmi/ my hair
> raised.
>
> How to OpenBSD security withstands against IPMI holed solution from top
> hardware vendors?
>
> Best ways to prevent potential risks for OpenBSD over
Hi,
I'm designing a new setup with relayd and multiple pools. I'm using redirects
with forward.
The problem I have is that all the real server as in the same VLAN.
In advance the servers in one pool need to access the servers in another pool,
through the load balancer, thus having a problem wit
On 19/03/18 13:51, Mischa wrote:
> Hi Giannis,
>
> From my experience dealing with a lot of load balancers in my time, and also
> working for different vendors, the easiest is to use source-nat.
> This is just configuration on the relayd itself without making "major"
> changes in the rest of the
On 16/04/18 18:40, Claudio Jeker wrote:
really depends on the KVM/linux version
Don't forget to set "options kvm-intel preemption_timer=0" for modprobe on
newer linux kernels. After that it seems to work nicely.
This module option (according to lists) is about timing issues with kvm
and o
On 17/04/18 10:28, Daniel Santos wrote:
> On 2018-04-16 23:00, Claudio Jeker wrote:
>> On Mon, Apr 16, 2018 at 11:10:46PM +0300, Kapetanakis Giannis wrote:
>>> On 16/04/18 18:40, Claudio Jeker wrote:
>>> >
>>> >>really depends on the KVM/linux version
On 17/04/18 02:06, jungle Boogie wrote:
> Hi All,
>
> I have a very simple carp setup - basically I want ssh access if the
> master goes offline.
> In theory, this are functioning correctly. In practice, it seems the
> backup is taking over way too often - the backup takes over way too
> often, ev
Hi,
since more and more of my servers have been migrated to OpenBSD :) and I'm
getting a bit lazy,
I want to upgrade some of my 6.2 snapshots to 6.3 release and use syspatch for
upgrading them in the future.
What was the date of code lock/freeze so I can safely put 6.3 on top?
Thanks,
G
On 19/04/18 13:54, Sebastian Benoit wrote:
> Kapetanakis Giannis(bil...@edu.physics.uoc.gr) on 2018.04.19 13:37:24 +0300:
>> Hi,
>>
>> since more and more of my servers have been migrated to OpenBSD :) and I'm
>> getting a bit lazy, I want to upgrade some of my 6.2
On 19/04/18 23:46, Sebastian Benoit wrote:
> Correct. And between Mar 14 and Mar 24, there is i believe nothing (like rm
> commands etc) in the upgrade63.html that you need to do, just do the update
> and run sysmerge and syspatch and pkg_add -u.
Thanks for the answers.
Last question: What's the
Hi,
After upgrading to 6.8-release I can no longer connect to my ldap server with
openldap and SSL/TLS.
I'm using a self signed root CA to sign LDAP server's certificate.
/etc/openldap/ldap.conf has:
TLS_CACERTDIR /etc/openldap/cacerts
TLS_REQCERT demand
# /usr/local/bin/ldapsearch -d9 -x (open
eeBSD.
And yes, no additional setting seem to help this.
With kindest regards,
Kostya Berger
On Tuesday, 22 December 2020, 17:52:48 GMT+3, Kapetanakis Giannis
wrote:
Hi,
After upgrading to 6.8-release I can no longer connect to my ldap
server with openldap and SSL/TLS.
I'm using
On 23/12/2020 03:53, Stuart Henderson wrote:
On 2020-12-22, Kapetanakis Giannis wrote:
Hi,
After upgrading to 6.8-release I can no longer connect to my ldap server with
openldap and SSL/TLS.
I'm using a self signed root CA to sign LDAP server's certificate.
/etc/openldap/lda
Hi,
I've changed today my config from broadcast to p2p for both ipv4 and ipv6.
In ospf6d I get this quite often:
Dec 29 17:39:00 ospf6d[40695]: send_packet: error sending packet on interface
vlanX: Network is unreachable
Dec 29 17:39:00 ospf6d[40695]: send_ls_update: Network is unreachable
deb
On 12/01/2021 10:25, Stuart Henderson wrote:
> On 2021-01-12, Masato Asou wrote:
>> Hi,
>>
>> From: Salvatore Cuzzilla
>> Date: Mon, 11 Jan 2021 17:40:21 +0100
>>
>>> I'm having some troubles with compiling the latest version of pmacct
>>> (https://github.com/pmacct/pmacct) on obsd6.8 .
>>>
>>> I
Has anyone seen this before?
I'm experiencing disk stalls while doing sysupgrade.
OpenBSD 6.7 -> 6.8, which is a test VM running on KVM RHEL7/RHEL8.
VM storage is LVM on top of 10Gbps iSCSI with multipath.
Disk and network are on virtio.
Installation is fine (iso image stored locally on node).
Check that you have mac spoofing filter disabled on that interface.
G
On 12/01/2021 15:30, Carlos Lopez wrote:
Hi David and misc@,
Sorry to disturb with this.I have realized several tests this morning with two
OpenBSD 6.8 carp'ed firewalls (fully patched) as kvm guests and result is the
same
On 12/01/2021 18:58, Carlos Lopez wrote:
Thanks Gianni, but about what interface ? KVM bridges? In theory, MAC spoofing
is avoided using this option:
bridge.ageing-time: 300
On 12/1/21, 17:47, "owner-m...@openbsd.org on behalf of Kapetanakis Giannis"
wrote:
On 29/01/2021 23:32, Bastien Durel wrote:
Le 29/01/2021 à 17:44, Olivier Cherrier a écrit :
Hi,
I'm trying to setup OSPF on a working Wireguard VPN using 6.8 amd64
machines. This is what I get:
# ospfd -dvvv
id = "172.26.1.1"
startup
kr_init: priority filter enabled
orig_rtr_lsa: area 0.0.
On 30/01/2021 10:50, Bastien Durel wrote:
Hello,
IFAIK, wgaip is not routing, using wgaip 0.0.0.0/0 does not add a
default route on interface.
Regards,
Cool.
At least on linux it adds routes by default, which is not always desirable.
Although reading the manual now, there is an option to
On 02/02/2021 05:18, Jordan Geoghegan wrote:
Hello,
I had a question about using relayd with pfsync.
I have a small gateway/load-balancer set up with relayd, carp and pfsync plus
BGPd for IP failover, and everything is working great. I was pleasantly
surprised at how easy it was to get pfsync
How about a distributed setup?
Has anyone thought of a way getting IPs from various servers (say linux
& fail2ban) to the central OpenBSD (pf) firewall?
Ideally with history in order to punish more the frequent abusers.
I had plans on looking to bgp to distribute the IPs around but maybe
the
On 18/07/2023 23:59, Stuart Henderson wrote:
> PF's state-tracking options are only for TCP. (Blocking an IP
> based on number of connections from easily spoofed UDP is a good
> way to let third parties prevent your machine from communicating
> with IPs that may well get in the way i.e. trigger a "
On 19/07/2023 13:31, Stuart Henderson wrote:
> On 2023-07-19, Kapetanakis Giannis wrote:
>> Maybe even better, can it run under relayd (redirect) on top of carp?
> That's just rdr-to behind the scenes, no problem with that, though if
> you want to do per IP rate lim
On 08/10/2023 04:00, Courtney wrote:
> Ultimately, I want to serve a handful of services on 80/443 that are
> easily accessible internally and externally, and I don't want to have
> unencrypted traffic between relayd and my server for the services that
> are passing sessions and such.
Then don't
If you're looking for a mirror to install/update
ftp.cc.uoc.gr runs on both IPv4/IPv6 and is listed in official mirrors.
http://ftp.cc.uoc.gr/mirrors/OpenBSD/
G
On 23/10/2023 08:58, Armin Jenewein wrote:
> No idea what you perceive here as a "rant", my apologies if that seemed
> like one to you
1 - 100 of 419 matches
Mail list logo
