athn0: device timeout (AR9271 USB 2.0 Wifi-key as hostap)

2017-01-23 Thread mabi
. I was told this would get better with 6.0 but I can't see any difference. Any ideas what's wrong? Below I post my hostname.athn0 and dmesg. Cheers, Mabi hostname.athn0: inet 172.16.20.1 255.255.255.0 mediaopt hostap nwid MYWLAN chan 11 wpakey removed dmesg: Jan 14 17:24:32 fw1 /bsd: OpenBSD 6.0

Re: athn0: device timeout (AR9271 USB 2.0 Wifi-key as hostap)

2017-01-24 Thread mabi
not have any PCI or miniPCI interfaces... Regards M. Original Message Subject: Re: athn0: device timeout (AR9271 USB 2.0 Wifi-key as hostap) Local Time: January 23, 2017 11:28 PM UTC Time: January 23, 2017 10:28 PM From: s...@stsp.name To: mabi <m...@protonmail.ch>

Re: opensmtpd-extras-[clamav|spamassassin] packages in 6.0

2016-10-12 Thread mabi
, 2016 9:27 PM From: m...@umaxx.net To: mabi <m...@protonmail.ch> misc@openbsd.org <misc@openbsd.org> > Am 10.10.2016 um 17:59 schrieb mabi <m...@protonmail.ch>: > > Hi, > > Just noticed that the OpenBSD 6.0 release does not include the opensmtpd-extras-clamav nor

Re: An AR9280 as an Access Point

2016-10-12 Thread mabi
I am using an Atheros AR9281 in a Soekris box with OpenBSD 5.9 as access point and I am quite disappointed with it. Often I get disconnected from the access point and all I can see on the OpenBSD side is tons of timeout messages in the kernel log such as: athn0: device timeout I hope for

opensmtpd-extras-[clamav|spamassassin] packages in 6.0

2016-10-10 Thread mabi
to these two packages? Regards, Mabi

Re: Looking for Xen blkfront driver xbf(4) tests

2016-12-11 Thread mabi
know/test or benchmarks you would like me to run? Keep in mind I am no dev but I am happy to help if it can make things progress with running OpenBSD even better on Xen. Cheers, Mabi OpenBSD 6.0-current (XBFTEST.MP) #0: Sat Dec 10 23:58:16 CET 2016 me@openbsds:/usr/src/sys/arch/amd64/compile/XBFTEST.M

Re: Looking for Xen blkfront driver xbf(4) tests

2016-12-18 Thread mabi
2016 7:46 PM From: m...@belopuhov.com To: mabi <m...@protonmail.ch> misc@openbsd.org <misc@openbsd.org> On Sun, Dec 11, 2016 at 05:09 -0500, mabi wrote: > Hi, > > Thanks for your efforts and making OpenBSD work even better on > Xen. I use Xen for all types of virtualization

Re: Topics for revised PF and networking tutorial

2017-04-07 Thread mabi
Dear Peter, May I suggest the following topic of interest: PF with VLAN interfaces (with LACP trunk interface behind) and CARP of course. Regards, M. Original Message Subject: Topics for revised PF and networking tutorial Local Time: April 1, 2017 10:52 AM UTC Time: April 1,

Re: OpenBSD as a non-routing access point

2017-04-08 Thread mabi
Earlier this week on this mailing list someone recommended the following product: https://www.olimex.com/Products/USB-Modules/USB-CAP/ I thought I will give it a try and ordered it... Original Message Subject: Re: OpenBSD as a non-routing access point Local Time: April 8,

Re: Dynamic IPv6

2017-07-08 Thread mabi
Hi Thomas, Not using Cox here but in a similar setup here I use the dhcpcd package just for getting IPv6 from the ISP with SLAAC and prefix delegation. You will need to configure your /etc/dhcpcd.conf file to something looking like that: noipv6rs ipv6only slaac private nohook resolv.conf

SNMP OID for free memory

2017-06-04 Thread mabi
-naumov/nagios-plugins/blob/master/check_snmp_openbsd.py) where the OID .1.3.6.1.4.1.11.2.3.1.1.7.0 is used for getting the free memory but when I do an snmpget on my OpenBSD box this OID is not available. Regards, Mabi A

DHCP server for IPv6

2017-06-18 Thread mabi
Hello, Does anyone have any recommendations on which package to use on OpenBSD 6.1 for a DHCP server for IPv6? AKFAIK the default dhcpd does not do IPv6. Regards, M.

isakmpd listen address

2017-05-25 Thread mabi
Hello, I can't seem to find an option in isakmpd in order to have it listen only on one interface or IP address respectively. Is there an option for that I am not aware of? I just saw the -p option but that's for the port number. Thanks, M.

Re: isakmpd listen address

2017-05-25 Thread mabi
Thanks so much I was looking at the wrong place and was expecting it to be a parameter... Original Message Subject: Re: isakmpd listen address Local Time: May 25, 2017 9:06 PM UTC Time: May 25, 2017 7:06 PM From: hrv...@srce.hr To: misc@openbsd.org On 25.5.2017. 20:46, mabi

Re: SNMP OID for free memory

2017-06-06 Thread mabi
not exist so I wonder where he got that OID from... Regards, M. Original Message Subject: Re: SNMP OID for free memory Local Time: June 5, 2017 9:46 AM UTC Time: June 5, 2017 7:46 AM From: s...@spacehopper.org To: misc@openbsd.org On 2017-06-04, mabi <m...@protonmail.ch> wrote

/etc/mygate equivalent for IPv6?

2017-06-06 Thread mabi
Hi, What is the "standard" approach for adding an IPv6 default gateway to an OpenBSD 6.1 machine analog to the /etc/mygate file for an IPv4 default route? There are no /etc/mygate6 file and as such for now I manually run: route -n add -inet6 default Regards, Mabi

Re: /etc/mygate equivalent for IPv6?

2017-06-06 Thread mabi
equivalent for IPv6? Local Time: June 6, 2017 9:50 PM UTC Time: June 6, 2017 7:50 PM From: knight@gmail.com To: Janne Johansson <icepic...@gmail.com> mabi <m...@protonmail.ch>, openbsd-misc <misc@openbsd.org> for example: fe80::1%carp0 :) 2017-06-06 16:48 GMT-03:00 Janne

relayd TLS load balancer for multiple websites

2017-09-28 Thread mabi
practice to setup a relayd TLS load balancer for a different websites/webapps/domains and can't find much documentation about this specific case. Note here that I will be using the acme-client for all of the domains. Thanks for your input. Best, Mabi

Re: relayd TLS load balancer for multiple websites

2017-09-28 Thread mabi
ber 28, 2017 1:02 PM > From: mcmer-open...@tor.at > To: mabi <m...@protonmail.ch> > openbsd-misc <misc@openbsd.org> > > m...@protonmail.ch (mabi), 2017.09.28 (Thu) 13:32 (CEST): >> I was wondering if it is possible to use relayd as load balancer with >> TLS t

Re: relayd TLS load balancer for multiple websites

2017-09-28 Thread mabi
cer for multiple websites > Local Time: September 28, 2017 2:21 PM > UTC Time: September 28, 2017 12:21 PM > From: bryanlhar...@gmail.com > To: mabi <m...@protonmail.ch> > openbsd-misc <misc@openbsd.org> > > Here is what I did, which I learned from the httpd &

Re: Fail2Ban filter for OpenSMTPD

2017-08-23 Thread mabi
following entry: > > [opensmtpd] > enabled = yes > port = smtp > logpath = /var/log/mail.log > > Any ideas? I am running Debian 9 as OS. > > Regards, > Mabi > >> Original Message >> Subject: Re: Fail2Ban filter for OpenSMTPD >> Loc

Re: Fail2Ban filter for OpenSMTPD

2017-08-23 Thread mabi
add this IP address to be blocked by iptables. Maybe my jail.conf entry for that filter is wrong, I currently added the following entry: [opensmtpd] enabled = yes port = smtp logpath = /var/log/mail.log Any ideas? I am running Debian 9 as OS. Regards, Mabi > Original Mess

Atheros AR9300

2017-11-15 Thread mabi
is the following: "Atheros AR9300" rev 0x01 at pci4 dev 0 function 0 not configured Is my conclusion here correct? or am I just missing a non-free firmware (though I ran the fw_update command already). Best regards, Mabi

NTP issue on Lanner FW-7526B

2017-12-08 Thread mabi
reports: 4/4 peers valid, constraint offset -85442s, clock unsynced, clock offset is -85378257.156ms Any ideas what could be wrong here? I use the default ntp.conf file delivered with OpenBSD 6.2. In case I pasted below the dmesg output. Regards, Mabi OpenBSD 6.2 (GENERIC.MP) #0: Thu Oct 12 19

Re: NTP issue on Lanner FW-7526B

2017-12-08 Thread mabi
m.net >To: misc@openbsd.org > >It is adjusting the time, but your clock is way off, so it try to do it > slowly as to not mess any logs, but if you want to adjust it al at once > and don't care about that for now > > rdate -n4 pool.ntp.org > > Simple. > > > > On 12/8/

vmm/vmd with Linux guest

2018-04-29 Thread mabi
er why a VM is stuck? And by the way a big applause to those working on vmm/vmd for your great effort! Regards, Mabi

acpidump at bootup blocking for 5 minutes

2017-10-23 Thread mabi
/rc boot file I could find out that the acpidump takes 5 minutes to run. So I just commented the following lines out to boot up faster: if [[ -x /usr/sbin/acpidump ]]; then acpidump -o /var/db/acpi/ fi Regards, Mabi

pfstat package dependencies missing on 6.3 amd64

2018-04-16 Thread mabi
-2.2.5p0 resolve to png-1.6.34 jpeg-1.5.3v0 tiff-4.0.9 libiconv-1.14p3 libwebp-0.6.1p0 Full dependency tree is tiff-4.0.9 giflib-5.1.4 libwebp-0.6.1p0 libiconv-1.14p3 png-1.6.34 jpeg-1.5.3v0 Can't install pfstat-2.5p2: can't resolve gd-2.2.5p0 Extracted 12048693 from 12052934 Best regards, Mabi

Re: pfstat package dependencies missing on 6.3 amd64

2018-04-16 Thread mabi
Sorry my bad these are actually system libraries and not packages missing. Indeed I do not have X tgz packages installed yet. ​​ ‐‐‐ Original Message ‐‐‐ On April 16, 2018 3:48 PM, mabi <m...@protonmail.ch> wrote: > ​​ > > Hello, > > It looks like some

Listen-on parameter in iked.conf

2018-04-15 Thread mabi
Hello, I just moved from isakmpd to iked and could not find the parameter name in iked.conf in order to tell iked on which IP it should listen. With isakmpd.conf I would use the following: [General] Listen-on= 123.123.123.123 Is there any equivalent with iked? Regards, Mabi ​​

aesni/crypto related kernel panic on 6.3

2018-04-16 Thread mabi
of the firewall corresponding to the kernel panic message above. I can't send now the dmesg of the remote firewall as I need to go on-site first. Please let me know if I should send any log files or other details. Regards, Mabi OpenBSD 6.3 (GENERIC.MP) #107: Sat Mar 24 14:21:59 MDT 2018 dera...@amd64

Re: Listen-on parameter in iked.conf

2018-04-16 Thread mabi
On April 16, 2018 9:05 AM, Stuart Henderson wrote: > There is not, but the main place this is needed is for setting the > > "from" address for outgoing packets. isakmpd uses the "default" address > > for this, which is often wrong on a multihomed system so it's necessary

Dell PowerEdge R410 not booting 6.4

2018-10-25 Thread mabi
Any idea what that could be? This server is from around 2011 and has two Intel E5620 CPUs. I already tried disabling hyperthreading, booting single user mode (boot -s), booting the boot.sp image but so far no luck... Regards, Mabi

Re: Dell PowerEdge R410 not booting 6.4

2018-10-25 Thread mabi
the very first line of the boot pricess if I am not mistaken. ‐‐‐ Original Message ‐‐‐ On Thursday, October 25, 2018 7:57 PM, diego righi wrote: > did you make only one big a slice? > try to put the i386 bootloader ;) > > On Thu, Oct 25, 2018, 18:20 mabi m...@protonmai

reorder_kernel: kernel relinking failed

2019-01-16 Thread mabi
(Makefile:985 'newbsd': @echo ld -T ld.script -X --warn-common -nopie -o newbsd '${SYSTEM_HE...) Anyone has an idea what it could be? My VM has only 1 GB of memory, maybe that's not enough? Regards, Mabi

Re: reorder_kernel: kernel relinking failed

2019-01-16 Thread mabi
‐‐‐ Original Message ‐‐‐ On Wednesday, January 16, 2019 11:48 PM, Mike Larkin wrote: > Looks like your /usr/share/relink/kernel/GENERIC.MP/*.o files got trashed > somehow? Or perhaps you ran out of space? So in the GENERIC directory there are 1311 *.o files, exactly the same amount as

Re: reorder_kernel: kernel relinking failed

2019-01-17 Thread mabi
‐‐‐ Original Message ‐‐‐ On Thursday, January 17, 2019 8:28 AM, mabi wrote: > As this system is new I might just re-install the VM today and keep you > posted. Strange, I just re-installed the VM and now there are no relinking issues anymore. Maybe something went wrong

Re: VMs as real hosts on the same network

2018-12-07 Thread mabi
‐‐‐ Original Message ‐‐‐ On Friday, December 7, 2018 12:57 PM, Martin Sukany wrote: > could you post here your /etc/pf.conf rules? Sure, it's actually the default OpenBSD 6.4 one as you can see below: # $OpenBSD: pf.conf,v 1.55 2017/12/03 20:40:04 sthen Exp $ # # See pf.conf(5)

VMs as real hosts on the same network

2018-12-07 Thread mabi
from the installation) Any ideas what I might be doing wrong or forgetting? Regards, Mabi

Re: VMs as real hosts on the same network

2018-12-07 Thread mabi
‐‐‐ Original Message ‐‐‐ On Friday, December 7, 2018 11:43 AM, Mischa wrote: > It might be as easy as adding: up > > cat /etc/hostname.bridge6 > > == > > add vlan6 > up > > By default the bridge interface is not brought up. > You can also run: ifconfig bridge6 up

Re: VMs as real hosts on the same network

2018-12-07 Thread mabi
‐‐‐ Original Message ‐‐‐ On Friday, December 7, 2018 12:40 PM, Mischa wrote: > The VLAN does require an IP address as far as I am aware. Thanks that worked. I now have network connectivity on my public VM VLAN. I saw that adding an IP to my VLAN interface automatically set the trunk

short receive (0/4) from nfs server log messages

2019-01-04 Thread mabi
it really mean? That NFS share is mounted through my /etc/fstab as such: nfsserver:/data/files /mnt nfs rw,nodev,nosuid,tcp,nordirplus 0 0 Regards, Mabi

Re: em interface fails to enter promiscuous mode when bridging on vlan interfaces

2019-02-21 Thread mabi
d-misc=154904432526324=2 Cheers, Mabi

Turn off athn0

2019-02-18 Thread mabi
need any other commands in order to switch it completely off? Regards, Mabi

Re: Turn off athn0

2019-02-18 Thread mabi
‐‐‐ Original Message ‐‐‐ On Monday, February 18, 2019 8:31 PM, Stefan Sperling wrote: > Yes, putting the interface down will disable radio. Thanks Stefan for your answer, always so helpful and efficient ;-)

100% intr CPU state in OpenBSD 6.4 VM

2019-01-24 Thread mabi
that the time in the VM is more accurate: kern.timecounter.hardware=tsc So my question here would be if this 100% interrupt usage is normal under an OpenBSD VM? or is there something I might be doing wrong? Below I pasted the "dmesg" output of my VM. Let me know if more details are r

VMs loosing network connectivity for a few minutes on a daily basis

2019-02-01 Thread mabi
ups: tap status: active Last note, the host and VMs are all patched up to 013_unveil. I hope I could provide here all the relevant details, if there is anything else I should add I would be happy to provide with more info. Best regards, Mabi

Re: 100% intr CPU state in OpenBSD 6.4 VM

2019-01-24 Thread mabi
‐‐‐ Original Message ‐‐‐ On Thursday, January 24, 2019 5:35 PM, Mike Larkin wrote: > I believe this to be an accounting error and has been discussed on the lists > several times. > Sorry about that, now that you mention I remember also reading something on the list about that but could

Re: VMs loosing network connectivity for a few minutes on a daily basis

2019-02-04 Thread mabi
? and would it be safe to disable it for a test? Regards, Mabi ‐‐‐ Original Message ‐‐‐ On Friday, February 1, 2019 7:02 PM, mabi wrote: > Hello, > > I am testing VMM/VMD on OpenBSD 6.4 with OpenBSD 6.4 virtual machines but > noticed that maybe around 2 times per day

Re: IPsec bandwidth perf on APU4C4

2019-06-11 Thread mabi
‐‐‐ Original Message ‐‐‐ On Monday, June 10, 2019 7:09 PM, Christian Weisgerber wrote: > No "auth". AES-GCM is an authenticated encryption algorithm, i.e., > it handles both encryption and authentication at the same time. > Specifying an additional "auth" algorithm doesn't make sense.

Re: IPsec bandwidth perf on APU4C4

2019-06-11 Thread mabi
ikev2 active esp from $local_ip to $remote_ip local $local_ip peer $remote_ip childsa enc aes-128-gcm srcid $local_ip dstid $remote_ip ikev2 active esp from $local_network to $remote_network local $local_ip peer $remote_ip childsa enc aes-128-gcm srcid $local_ip dstid $remote_ip Cheers, Mabi

Re: IPsec bandwidth perf on APU4C4

2019-06-13 Thread mabi
‐‐‐ Original Message ‐‐‐ On Wednesday, June 12, 2019 10:26 PM, Stuart Henderson wrote: > If you're on an old BIOS revision for the APU (more than a couple of > months old), try updating, they have enabled "core performance boost" > which increases speed of a single core if the others

Re: IPsec bandwidth perf on APU4C4

2019-06-12 Thread mabi
‐‐‐ Original Message ‐‐‐ On Wednesday, June 12, 2019 11:34 AM, Daniel Gracia wrote: > Those look like reasonable numbers for the given scenario. Improving > your IPsec bandwidth would take more horsepower than an APU box. > Improving site-to-site encrypted VPN speed, asuming two APU

Re: IPsec bandwidth perf on APU4C4

2019-06-10 Thread mabi
‐‐‐ Original Message ‐‐‐ On Monday, June 10, 2019 4:49 PM, Christian Weisgerber wrote: > It helps to understand that the authentication algorithm can require > as much or more CPU than the encryption. HMAC-SHA2 is expensive. > On hardware that has AES-NI support, like the APU2 family,

Re: IPsec bandwidth perf on APU4C4

2019-06-19 Thread mabi
‐‐‐ Original Message ‐‐‐ On Thursday, June 13, 2019 10:46 PM, Stuart Henderson wrote: > 4.9.0.6 does have it enabled by default. I'm not sure about the 4.0.x releases > and don't want to reboot mine to check now either :) Finally managed to reboot my firewall box and so I can confirm

IPsec bandwidth perf on APU4C4

2019-06-10 Thread mabi
was thinking for example of changing the encryption cipher to aes-128 instead of aes-256 and maybe blowfish? What would you recommend? Anything else I should be looking at? maybe like a hardware crypto accellerator miniPCI card compatible with the APU4 and OpenBSD? Cheers, Mabi

Re: IPsec bandwidth perf on APU4C4

2019-06-10 Thread mabi
‐‐‐ Original Message ‐‐‐ On Monday, June 10, 2019 6:00 PM, Christian Weisgerber wrote: > enc aes-128-gcm etc. That part for the "enc" parameter makes sense to me but what about the "auth" parameter? Would you keep the default hmac-sha2-256? or which combination with the "enc

Re: IPsec bandwidth perf on APU4C4

2019-06-10 Thread mabi
‐‐‐ Original Message ‐‐‐ On Monday, June 10, 2019 7:09 PM, Christian Weisgerber wrote: > No "auth". AES-GCM is an authenticated encryption algorithm, i.e., > it handles both encryption and authentication at the same time. > Specifying an additional "auth" algorithm doesn't make sense.

Re: Upgrading a CARP firewall cluster

2019-04-30 Thread mabi
‐‐‐ Original Message ‐‐‐ On Tuesday, April 30, 2019 11:20 AM, Igor Podlesny wrote: > CARP should be of no worries at all and PF state table's sync is > easily verified. > If after backup's upgrade-reboot it has roughly same amount of entries > you can safely demote master and repeat

Upgrading a CARP firewall cluster

2019-04-30 Thread mabi
? Cheers, Mabi

Upgrade procedure for VMM virtualization server

2019-05-06 Thread mabi
to double check. Best, Mabi

Re: Upgrade procedure for VMM virtualization server

2019-05-06 Thread mabi
‐‐‐ Original Message ‐‐‐ On Monday, May 6, 2019 1:32 PM, Solene Rapenne wrote: > There are no order. But I would upgrade the host, then the VM, this > requires only one downtime for the whole stack. Thanks for confirming, I will then do so.

Re: Upgrading a CARP firewall cluster

2019-05-03 Thread mabi
l in the default carp group, should I simply run the following command: $ ifconfig -g carp carpdemote 50 or what is your way of demoting the server before upgading it? Regards, Mabi

'machine/cdefs.h' file not found when installing nokogiri gem

2019-11-16 Thread mabi
s included on line 41 of /usr/include/sys/cdefs.h but is not present on my OpenBSD 6.5 system. Am I missing something here? I have pasted below the full error output from installing that gem if that is of any help. Best regards, Mabi $ gem install nokogiri Building native extensions. This could ta

Re: 'machine/cdefs.h' file not found when installing nokogiri gem

2019-11-16 Thread mabi
‐‐‐ Original Message ‐‐‐ On Saturday, November 16, 2019 2:38 PM, Stuart Henderson wrote: > For native extensions, it's really best to install from packages. > > pkg_add ruby25-nokogiri Thanks for the tip, I didn't think about that alternative. What puzzles me is that I managed to

sysupgrade to 6.6 failed at comp66.tgz

2019-11-22 Thread mabi
this issue? Best regards, Mabi *** output of upgrade log *** Terminal type? [vt220] vt220 Available disks are: sd0. Which disk is the root disk? ('?' for details) [sd0] sd0 Checking root filesystem (fsck -fp /dev/sd0a)... OK. Mounting root filesystem (mount -o ro /dev/sd0a /mnt)... OK. Force

Re: sysupgrade to 6.6 failed at comp66.tgz

2019-11-22 Thread mabi
‐‐‐ Original Message ‐‐‐ On Friday, November 22, 2019 11:45 AM, Stuart Henderson wrote: > A combination of things: > > - You didn't install the comp set before Thank you Stuart for your detailed mail. That's exactly it, I did not have comp65.tgz set installed as I just recently read

Re: Time jumping forward issue under OpenBSD 6.6 VMM

2020-03-03 Thread mabi
‐‐‐ Original Message ‐‐‐ On Tuesday, March 3, 2020 8:52 PM, Jordan Geoghegan wrote: > The clocks are basically broken on vmm. The pvclock stuff is definitely > an improvement, but it's still not there. There's still a ways to go > before we have proper, reasonably accurate clocks for vmm

Time jumping forward issue under OpenBSD 6.6 VMM

2020-03-03 Thread mabi
there is a time issue on that VM although I am running the default ntpd of OpenBSD 6.6 and I have added the following parameter into my /etc/sysctl.conf on that VM: kern.timecounter.hardware=tsc Is there anything else I can do to avoid this time issue in my VM? Best regards, Mabi

Re: Time jumping forward issue under OpenBSD 6.6 VMM

2020-03-03 Thread mabi
‐‐‐ Original Message ‐‐‐ On Tuesday, March 3, 2020 5:58 PM, Ian Gregory wrote: > I've had similar issues with timekeeping within guests of VMM, > although there are improvements in -current with the pvclock time > source. Since the fix below I now see occasional instances of the >

Can't install OpenBSD 6.6 on apu4d4

2020-02-05 Thread mabi
I missing something here? Regards, Mabi

Re: Can't install OpenBSD 6.6 on apu4d4

2020-02-05 Thread mabi
‐‐‐ Original Message ‐‐‐ On Thursday, February 6, 2020 8:25 AM, Mischa wrote: > Before you boot do at boot> do: > > stty com0 115200 > set tty com0 Thanks Mischa! I should have thought about that but I couldn't remember having done this with previous APU models and OpenBSD versions.

Re: OpenBSD VPS hoster with unlimited/limited nonfiltered traffic

2020-04-10 Thread mabi
‐‐‐ Original Message ‐‐‐ On Friday, April 10, 2020 12:59 PM, Dumitru Moldovan wrote: > Vultr is close to that. Last time I created a new VPS with them, I > think they filtered port 25, but it was no big deal to get rid of that. > > Still running 2 productions VMs on Vultr, they are

using aggr interface instead of trunk

2020-05-13 Thread mabi
is >correct? And last point because aggr is pretty new, is it already safe to use it for a production firewall? Best regards, Mabi

Re: using aggr interface instead of trunk

2020-05-14 Thread mabi
Hi Iain, ‐‐‐ Original Message ‐‐‐ On Wednesday, May 13, 2020 7:55 PM, Iain R. Learmonth wrote: > More details are at:https://marc.info/?l=openbsd-cvs=156229058006706=2 I actually already read that one after seeing the announcement on undeadly.org iirc ;) > Assuming you mean trunk,

msyscall error during boot

2020-07-09 Thread mabi
: dovecot postgresql php72_fpm netsnmpd. msyscall a35ee0ce000 a3000 error msyscall a35187dd000 a5000 error starting local daemons: cron. Thu Jul 9 08:07:15 CEST 2020 Any ideas where this could come from? and if it is bad? The VMD host itself also runs OpenBSD 6.7. Regards, Mabi

fw_update issue with colon in URL

2020-07-14 Thread mabi
URL which of course makes the URL invalid. Now how could this happen? and in which file do I fix that? Regards, Mabi

Re: msyscall error during boot

2020-07-10 Thread mabi
‐‐‐ Original Message ‐‐‐ On Friday, July 10, 2020 10:18 PM, Jurjen Oskam wrote: > Did you update your packages? I ran into the same issue when I forgot to > update > the packages after upgrading the system. Yes, I did run a "pkg_add -u". I have found more details and actually it is the

Re: fw_update issue with colon in URL

2020-07-16 Thread mabi
‐‐‐ Original Message ‐‐‐ On Wednesday, July 15, 2020 12:49 PM, Theo Buehler wrote: > One server had an incorrect config. This should be fixed now. Thanks for your notification, so I didn't go mad ;) I can confirm, it works like a charm. Thanks again for fixing!

Re: pf adaptive syncookie

2020-12-19 Thread mabi
‐‐‐ Original Message ‐‐‐ On Friday, December 18, 2020 6:13 PM, Stuart Henderson wrote: > And if it's anything like when I try it, you'll see some TCP connections > failing when it is active too. Not everything fails. but e.g. if I have > "set syncookies always" on a router, and run "ftp

pf adaptive syncookie

2020-12-18 Thread mabi
ries" in the state table? or does it compare it with the limit of maximum states I have defined in my pf.conf (value of "set limit states") ? Thank you in advance for any precisions. Regards, Mabi

Re: pf adaptive syncookie

2020-12-18 Thread mabi
‐‐‐ Original Message ‐‐‐ On Friday, December 18, 2020 10:48 AM, Stuart Henderson wrote: > It's something like "what % of max allowed states is half-open tcp". > Watch out as there are some bugs in this area, definitely thewith > accounting of half-open connections can be wildly off

Re: limit UDP connection rate with PF pass rule

2020-11-18 Thread mabi
‐‐‐ Original Message ‐‐‐ On Tuesday, November 17, 2020 11:50 PM, Stuart Henderson wrote: > These packets are most likely sent from spoofed source addresses. > > Assuming this is the case, the address you are seeing on the packets > would not be the attacker but the victim. That totally

limit UDP connection rate with PF pass rule

2020-11-17 Thread mabi
limit the rate of UDP connections with PF, am I right here? Regards, Mabi