determine boot device after boot

hello, is it possible to determine the boot device after the kernel has loaded? i did'nt find any variable (with sysctl or an entry in logs) which contains this information. i want to boot from any device like floppy, cd etc. and the root will be a ramdisk. after boot i want to read some

Re: read-only storage media

hi matt, what is with an usb stick? that's my approach. regards uwe Is there any kind of storage media that can be set as read-only, and only reset to read and write by physical access? I'm thinking about something like the (seemingly ancient) 3.5 floppy disks that had that little

howto determine boot device?

hi, is it possible to determine, after the kernel has loaded, from which device it has booted? regards uwe -- 5 GB Mailbox, 50 FreeSMS http://www.gmx.net/de/go/promail +++ GMX - die erste Adresse f|r Mail, Message, More +++

Re: pf - queue filter directive sticky?

Am Tue, 30 Sep 2008 10:53:05 +0200 schrieb [EMAIL PROTECTED]: Am Mon, 29 Sep 2008 15:29:08 -0400 schrieb (private) HKS [EMAIL PROTECTED]: If the following two rules apply to a given packet in the order shown, will the packet be queued? pass in on $int_if from 10.0.0.1 queue tens

Re: CARP multicast and ADSL bridge

Am Thu, 09 Oct 2008 19:45:01 -0700 schrieb Brian [EMAIL PROTECTED]: Hello, After much reading of man pages, FAQs and googling, I have come up against a dead end. I have a dual redundant CARP setup on 2 sparc64 boxes running 4.3, with an Ovislink OV303 ADSL bridge for internet connectivity.

Re: LDAP and OpenBSD

Am Fri, 10 Oct 2008 19:52:10 +0200 schrieb raven [EMAIL PROTECTED]: Hi misc :) I'm thinking how my users into an ldap db can login into my openbsd machine as users. I try to use google but no clue at all. Thanks guys :) Francesco Hello Francesco, there's a solution ;-). I've gotten my

Re: LDAP and OpenBSD

starting applying configuration connecting to directories trying directory: $IP starting directory update starting directory update updates are over, cleaning up trees now flattening trees pushing line: anonymous:*:4:3:ldap:0:/home/anonymous:/bin/ksh pushing line: uwerler:*:1000:1000:ldap:12011:0:Uwe

Re: LDAP and OpenBSD

Ok, it's quite late tonight - after some beer: # vipw ^G i +:* :wq # vi /etc/group ^G i +:*:: :wq # You've done.

Fw: LDAP and OpenBSD

On Sat, 11 Oct 2008, Uwe Werler wrote: SNIP 2. Add a line to /etc/rc.conf ypldap_flags= 3. Add lines to /etc/rc.local: or more appropriately /ect/rc.conf.local otherwise your local changes could get overwritten on a future upgrade. Hello Diana, You are right

Re: perl and openbsd

Am Wed, 15 Oct 2008 09:28:06 +0200 (CEST) schrieb Holger Glaess [EMAIL PROTECTED]: hi which option i have to change that perl is able to ge more memory resoruces ? i an script that works on linux complete well but under openbsd , he start and then perl stop to work an left the memory.

Re: LDAP and OpenBSD

Am Thu, 23 Oct 2008 01:02:18 +1100 schrieb Gavin Norman [EMAIL PROTECTED]: I attempted the steps based on your experience with ypldap. I downloaded a snapshot 2 days ago and setup a fresh install on a virtual machine. However I get the following after running ypldap: # ypldap -dv

Re: Can't get relayd to work for DNS + problem with relayctl reload

...@mipih.fr -- Mit freundlichen Gruessen Uwe Werler OB3SI Open Source Software Solution Integration Hosterwitzer Str. 15 D-01259 Dresden Fon +49 351 41722902 http://www.o3si.de mailto:i...@o3si.de Sitz des Unternehmens: 01259 Dresden Der Austausch von Nachrichten mit OB3SI via E-Mail dient

rtable and pf

Hello list, I have an OpenBSD box with 4.5 connected to two carriers, to one per dhcp and to the other static configured. Now I tried to change my rule set from route-to/reply-to syntax to rtable usage. Up to now I added my static configured gateway with route add default $GW -mpath so the

Re: What does your environment look like?

On Sun, 3 Jan 2010 10:34:07 -0500 Anders Langworthy lagrang...@gmail.com wrote: On Sat, Jan 2, 2010 at 9:08 PM, Brynet bry...@gmail.com wrote: * Do you use one of the bundled window managers like cwm(1)/twm(1)/fvwm(1) or something else? I wasn't going to reply, but I couldn't believe that

Re: Maximizing File/Network I/O

* Iqigo Ortiz de Urbina tarom...@gmail.com [2010-01-05 11:24]: On Tue, Jan 5, 2010 at 9:13 AM, Tomas Bodzar tomas.bod...@gmail.com wrote: There is much more to do. You can find some ideas eg. here http://www.openbsd.org/papers/tuning-openbsd.ps . It's good idea to follow outputs of

Re: Ipsec tunnel between 2 sites with same network addressing

-Urspr|ngliche Nachricht- Von: open...@e-solutions.re Gesendet: Mo 15.02.2010 09:15 An: misc@openbsd.org; Betreff: Ipsec tunnel between 2 sites with same network addressing Hi, It is very simple to do a tunnel ipsec with 2 sites when they have different network addressing. But if

Re: PF and CLamAV Integration - how to do it?

Hi Sarah, try to make a search in ports tree for different kind of proxies: Port: havp-0.89 Path: www/havp Info: web proxy with antivirus filter Maint: Giovanni Bechis g.bec...@snb.it Index: www L-deps: clamav.=1::security/clamav B-deps: :devel/gmake R-deps: Archs: any For scanning

Re: F5 FirePass SSL VPN on OpenBSD

Hi Mikolaj, You can connect to F5 with a little bit perl and ppp. I know a perl script with does the magic with pppd and openssl s_client: http://devcentral.f5.com/SDK/sslvpn.public.pl.txt . But in OpenBSD there is no pty option in pppd - that's why it should converted to use ppp. Regards Uwe

Re: automaticaly mount/umount encrypted $HOME or ...

Hi Maxim, Choosing bash was a quick solution for executing the job after I'v logged out, e.g. how else do you umount and vnconfig -u? I'd like to use default ksh, but quick google-search gave me an answer - ksh can not exec after logout. Here I hope someone can point me to the right

Re: Internet Connection - Load Balancing and Failover

-Ursprüngliche Nachricht- An: OpenBSD-misc list misc@openbsd.org; Von:Imre Oolberg i...@auul.pri.ee Gesendet: Di 13.11.2012 09:05 Betreff:Re: Internet Connection - Load Balancing and Failover On 11/13/12 08:57, Tomas Bodzar wrote: On Mon, Nov 12, 2012 at 11:09 PM,

Kerberos disabled in SSH now?

Kerberos is disabled per default in SSH now? Revision 1.60: download - view: text, markup, annotated - select for diffs Wed Jun 19 05:27:06 2013 UTC (5 weeks, 5 days ago) by deraadt Branches: MAIN Diff to: previous 1.59: preferred, coloured Changes since revision 1.59: +2 -1 lines stop doing

Re: Empty MFS on root

Am 08.12.2015 16:03:14, schrieb Tati Chevron: > Currently, it's possible, (as root), to do something like: > > # mount_mfs -s 1g swap / > > which succeeds, and mounts the empty filesystem as the root filesystem. > > This makes the machine inoperable and requires a physical reset, without a

Re: relayd ssl interception and certificate subject

On 25. Nov 8:02:17, Stuart Henderson wrote: > On 2015-11-24, Uwe Werler <uwe.wer...@retiolum.eu> wrote: > > Hello, > > > > I'm just testing ssl interception and noticed the following problem. > > Sometimes the Subject/Subject Alternative Name of the cert is a

Re: authentication infra structure

On 09. Dec 17:25:14, Friedrich Locke wrote: > If you had about 10k users and 5k machine how would you manage > authenticating issues? Keep in mind that this is a very heterogenous > environment with ldap, ftp, smtp, pop3, traditional unix boxes etc > LDAP is Your friend. You can even

Re: Playing with rdomains and bridge on 5.8 and current

Take a look at pair(4). On 17. Dec 12:19:42, Claer wrote: > Hello, > > I'm trying a "strange" setup with rdomains, bridge and vether. As there is > something I don't understand, I'd like to know if the behavior is normal or if > it is an issue. This is not a production system, just

resize crypto raid

Hello list, is it currently possible to resize/increase a crypto raid anyhow? I tested it with a virtual disk image via vnconfig - created an image file, attached it via vnconfig, created a raid partition and configured a raid with crypto discipline. Later I increased the image and adopted the

Re: resize crypto raid

n you change just partition/disklabel > size, but I would not expect it. > > On Mon, Dec 21, 2015 at 10:49 PM, Uwe Werler <uwe.wer...@retiolum.eu> wrote: > > Hello Ted, > > > > this is exactly my problem - i can't change the disk boundaries at the > >

Re: resize crypto raid

Hello Ted, this is exactly my problem - i can't change the disk boundaries at the softraid disk. I tried it with saving the disklabel of softraid0/sd0 and editing manually - with no success. Any ideas? Regards Uwe On 21. Dec 16:05:28, Ted Unangst wrote: > Uwe Werler wrote: > > H

Re: Highest Speed Network Packet Generator?

tcpbench in base or iperf from ports. Ursprüngliche Nachricht Von: Mohammad BadieZadegan Datum:26.12.2015 09:15 (GMT+01:00) An: misc@openbsd.org Cc: Betreff: Highest Speed Network Packet Generator?

Re: LibreNMS chroot issues

Why not pointing the socket to chroot?  Von meinem Samsung Galaxy Smartphone gesendet. Ursprüngliche Nachricht Von: Ax0n Datum:27.12.2015 18:58 (GMT+01:00) An: cou...@gmail.com, punoseva...@gmail.com Cc: misc@openbsd.org Betreff: Re: LibreNMS chroot

Re: relayd ssl interception and certificate subject

Thank You very much for the explanation Stuart! I'll check this. On 25. Nov 8:02:17, Stuart Henderson wrote: > On 2015-11-24, Uwe Werler <uwe.wer...@retiolum.eu> wrote: > > Hello, > > > > I'm just testing ssl interception and noticed the following problem. > &

Re: TLS intercepting proxy [MitM]

Am 24.11.2015 14:52:58, schrieb Jiri B: > > With a little bit pf-magic this works like this: > > pass out log on $ext_if proto tcp to any port 443 route-to lo0 > > pass out log on > > $ext_if proto tcp to any port 443 user _relayd > > pass in log on lo0 proto tcp to > > any port 443 divert-to

relayd ssl interception and certificate subject

Hello, I'm just testing ssl interception and noticed the following problem. Sometimes the Subject/Subject Alternative Name of the cert is altered with a different name than the one the original cert has: The faked cert:

Re: TLS intercepting proxy [MitM]

Am 24.11.2015 14:17:41, schrieb Lampshade: > Ok, I know that relayd can decrypt traffic, then log, then encrypt. The thing is that I want to > send decrypted traffic to another process (privoxy), and then re-encrypt it. > I have also problem with Reyk's config because I can not divert outgoing

Re: PF and interface changing IP

pass in on pppoe0 inet proto tcp to (pppoe0) port ssh keep state Von meinem Samsung Gerät gesendet. Ursprüngliche Nachricht Von: Gabriele Tozzi Datum: 12.05.2016 09:45 (GMT+01:00) An: misc@openbsd.org Betreff: PF and interface changing IP

Re: openbsd vs freebsd NAT performance

On 16. Apr 5:10:56, bluesun08 wrote: > Hi, > > beside OpenBSD 5.8 i installed FreeBSD 10.3 on my router-pc. For routing i > use pf. > I noticed that the routing/NAT-performance is in FreeBSD noticeable higher > than in OpenBSD. I think that is due to the SMP-support of pf in FreeBSD. > > Is

ksh, PS1 and PWD

Hello list, maybe this can be done better (~/.kshrc): _pwd(){ local _len="25" local _sym="/<.." [[ ${PWD} == ${HOME}* ]] && { PWD="~${PWD#${HOME}}"; _sym="~${_sym#/}"; } [[ ${#PWD} -gt $_len ]] && { typeset -R"$_len" local _pwd=$PWD; PWD="${_sym}/${_pwd#*/}"; } print $PWD }

httpd rewrite

Hello guys, I try to move from nginx to httpd. But I have a problem with rewrite. I try to use this nginx-rule: rewrite ^/Microsoft-Server-ActiveSync?(.*)$ /tine20/index.php?frontend=activesync$1; with httpd: location "/Microsoft-Server-ActiveSync" {

Re: spreed server

Hi Stephen, did You get the spreed server built? -- View this message in context: http://openbsd-archive.7691.n7.nabble.com/spreed-server-tp300701p311543.html Sent from the openbsd user - misc mailing list archive at Nabble.com.

Re: APCu/Memcached/Redis - OwnCloud/Nextcloud memory caching - which OpenBSD package?

> make sure your SQL encoding is set to unicode/UTF8, I recently did a fresh > install and the encoding ended up as SQL_ASCII and performance was abysmal. > Switching to UTF-8 and performance was as expected. (this was with postgresql) Mmh, I checked my mysql settings and they are still utf8 - and

Re: APCu/Memcached/Redis - OwnCloud/Nextcloud memory caching - which OpenBSD package?

27. Februar 2017 17:09, "Florian Viehweger" schrieb: > Hey, > >> I use php56 and nginx from ports. Any other idea? > > try to upgrade to PHP 7. I've experienced a significant performance > improvement, albeit on Arch Linux. > > -- > greetings, > > Florian

Re: rdomain incompatible with NSD ? (OpenBSD 6)

You have to start nsd in rdomain 1. Von meinem Samsung Galaxy Smartphone gesendet. Ursprüngliche Nachricht Von: Bob Jones Datum: 03.09.16 20:13 (GMT+01:00) An: misc@openbsd.org Betreff: rdomain incompatible with NSD ? (OpenBSD

Re: DigitalOcean and OpenBSD

On 25. Aug 12:02:37, Daniel Winters wrote: > Hi, > > > Hetzner customer here. Hetzner doesn't support OpenBSD natively. The > > only instructions I could find are kind of dated, in German, seem to > > apply only to dedicated servers (as opposed to VMs), and overall look > > like a giant hack.

Re: tmux, option allow-rename off allows renaming

That's exactly the reason why I wrote this little wrapper script: https://github.com/uwerler/tmux_ssh Am 17. März 2017 12:12:52 MEZ schrieb "Andreas Kusalananda Kähäri" : >Hi, > >I'm doing some development on a Linux machine over SSH from a tmux >shell >session. >

Re: tinc on openBSD?

On 27. Apr 7:51:18, Harald Dunkel wrote: > Hi folks, > > AFAICS tinc is included in the packages for 6.1, but surely > that doesn't mean its safe to use without looking. > > Are there security concerns against running tinc on an OpenBSD > gateway as an alternative to IPsec and openvpn in a +50

Re: How did it happen?

Am 31. Januar 2020 18:48:51 GMT+00:00 schrieb gil...@poolp.org: >January 30, 2020 4:44 PM, gil...@poolp.org wrote: > >> It depends on your configuration, not all setups are vulnerable. >> >> I think I recall your name from the comments on my tutorial and this >is a >> setup that would not be

ksh complete_command for commands with "-" in name

Hi misc, I use heavily the feature to set command completion in ksh. Unfortunately this doesn't work for commands with "-" (like ssh-add, salt-call etc.) in command name because the parameter name for the array is invalid. Any idea to work around that or plans to allow at least "-" when

Re: ksh complete_command for commands with "-" in name

On 18 Jan 00:27, Andreas Kusalananda Kähäri wrote: > On Fri, Jan 17, 2020 at 10:41:30PM +0000, Uwe Werler wrote: > > On 17 Jan 22:32, Ottavio Caruso wrote: > > > On Fri, 17 Jan 2020 at 22:03, Uwe Werler wrote: > > > > > > > > Hi misc, > > >

Re: ksh complete_command for commands with "-" in name

On 17 Jan 22:32, Ottavio Caruso wrote: > On Fri, 17 Jan 2020 at 22:03, Uwe Werler wrote: > > > > Hi misc, > > > > I use heavily the feature to set command completion in ksh. Unfortunately > > this doesn't work for commands with "-" (like ssh-add,

Re: Troubleshooting pf congestion

Without seeing a rule set what should one say? Am 14. September 2020 15:19:46 GMT+00:00 schrieb Scott Reese : >Greetings: > >I am troubleshooting an issue: users complaining about network >performance. The firewall >is an OpenBSD 6.7 system with patches applied. I've traced the issue >and I'm

Re: iwm0: fatal firmware error on Dell Latitude E5570

On 24 Sep 12:24, Jan Stary wrote: > On Sep 24 11:36:24, h...@stare.cz wrote: > > This is 6.8-beta/amd64 on a Dell Latitude E5570 (dmesg below). > > iwm stopped working, saying > > > > iwm0: hw rev 0x200, fw ver 34.0.1, address e4:a4:71:40:21:08 > > iwm0: fatal firmware error > > iwm0:

Re: Web based document / spredsheet editor

On 22 Sep 15:37, Martin Sukany wrote: > Hi colleges, > > I need to set up some kind of collaborative environment (rich text > docjuments, basic tables) — request is „something like google docs“. > > As I’m almost working in shell I have to say that I’m little bit lost in this > area. > >

Re: ideas needed for password management

On 23 Sep 20:52, Hakan E. Duran wrote: > Dear all, > > I set up a simple mail server on OpenBSD on a VPS, based on OpenSMTP and > Dovecot. The users will be the Unix users on the VPS for simplicity. However, > I now have the problem of allowing users setting and modifying their own > passwords

Re: ideas needed for password management

On 24 Sep 10:55, Uwe Werler wrote: > On 23 Sep 20:52, Hakan E. Duran wrote: > > Dear all, > > > > I set up a simple mail server on OpenBSD on a VPS, based on OpenSMTP and > > Dovecot. The users will be the Unix users on the VPS for simplicity. > > However, I

Re: ssl/libssl certificate validation broken?

On 22 Oct 21:49, Rafael Possamai wrote: > >Hi Bob, it was in the middle of the night and I got quite kinda stressed > >because all services depending on our ldap proxy stopped working after the > >upgrade and it took me a while to figure the problem out. > > Perhaps this is unsolicited advice,

Re: ssl/libssl certificate validation broken?

On 22 Oct 22:59, Daniel Jakots wrote: > On Thu, 22 Oct 2020 21:49:20 -0500, "Rafael Possamai" > wrote: > > > >Hi Bob, it was in the middle of the night and I got quite kinda > > >stressed because all services depending on our ldap proxy stopped > > >working after the upgrade and it took me a

Re: Cleaning system's old ibraries/files after update to next -release or -current

On 14 Jul 15:44, Stuart Henderson wrote: > On 2020-07-14, Christian Weisgerber wrote: > > Old versions of libraries are innocuous. They will simply be > > ignored. > > Until you run out of disk space, which is fairly easy in /usr if you > installed a couple of releases ago and took the auto

ssl/libssl certificate validation broken?

Hi folks, before opening a bug report I'll ask here because I want to make sure that I have not missed something. With the upgrade to 6.8 my cert validation seems to be broken because the hashed certs in /etc/ssl/certs are not honored anymore. I usually stored our L1 and L2 ca certs in

Re: ssl/libssl certificate validation broken?

On 20 Oct 21:01, Uwe Werler wrote: > Hi folks, > > before opening a bug report I'll ask here because I want to make sure that I > have not missed something. > > With the upgrade to 6.8 my cert validation seems to be broken because the > hashed certs in /etc/ssl/certs are n

Re: CARP load balancing problems under KVM

On 21 Oct 07:12, Carlos Lopez wrote: > Hi all, > > Before upgrade from OpenBSD 6.7 to OpenBSD 6.8, my pair firewalls was using > carp in IP balance mode without problems from several months. These firewalls > are installed in a RHEL 8.2 (fully patched) KVM host. > > After upgrading to OpenBSD

Re: ssl/libssl certificate validation broken?

On 20 Oct 20:21, Bob Beck wrote: > On 20 Oct 21:01, Uwe Werler wrote: > > Hi folks, > > > > before opening a bug report I'll ask here because I want to make sure that I > > have not missed something. > > You should probably submit a real bug report instead of

Re: Sharing desktop with Jitsi and pledge

Not with jitsi but with Nextcloud Talk I got it working in Chrome. Am 29. Juni 2021 19:30:57 GMT+00:00 schrieb Jonathan Drews : >Hi Folks: > >I am running OpenBSD 6.9 GENERIC.MP#4 amd64 and have Jitsi working >well here on OpenBSD. The audio and video work fine. So do the typing >of comments in

Re: 2FA VPNs

On 02 Nov 02:05, Stuart Henderson wrote: > If anyone's got any good suggestions on how to do VPNs with 2FA > on an OpenBSD gateway for non-technical users to access (iOS, Android, > Windows clients) I'd love to hear them. > > I could bodge something together with openvpn and TOTP but it doesn't >

Re: cwm on wayland

Please keep woke bs out of technical development. Am 16. Dezember 2023 00:22:51 MEZ schrieb Anders Andersson : >On Fri, Dec 15, 2023 at 7:01 PM David Coppa wrote: >> >> On Fri, Dec 15, 2023 at 6:29 PM wrote: >> > >> > So they're putting a Wayland in our BSD. >> > >> > I've never used that

Re: relayd forward with tls

Take a look at the example in man relayd.conf. You have to set the X-header like: match header set "X-Forwarded-For" \value "$REMOTE_ADDR" match header set "X-Forwarded-By" \ value "$SERVER_ADDR:$SERVER_PORT" I could post an example when I'm back at my machine. Am