Re: Etnernal & infernal browser woes

On Fri, April 28, 2017 10:17 am, Fred wrote: > I have to agree with David - here I used chrome on a daily basis with a > minimum of two chrome windows with at least 4 tabs in each I don't want to get into the conversation, but I thought this was funny. I am a heavy tabs user. I currently have fi

Re: Etnernal & infernal browser woes

On Sat, April 29, 2017 6:07 pm, Mihai Popescu wrote: > Do not forget to use (activate) uBlock Origin too, there is in Add-Ons > for Firefox. > > Teh guy with 134 opened tabs at once in firefox was funny. How many > monitors is firefox windows spreading across? > > Thanks. > It's tabs. You only ne

Re: DHCP in vmm guest

On Thu, May 4, 2017 8:51 am, Francois Stephany wrote: > Hi, > > I'm new to OpenBSD and I'm trying a simple setup where a VMM guest has > access to the network via tap and bridge. The host uses a wired connection > and gets its network address with DHCP. > > Here's my /etc/vm.conf: > > switch "vms_s

Re: /usr/sbin/httpd and chunked transfer encoding

On Mon, May 8, 2017 5:22 pm, r...@tamos.net wrote: > On Mon, 08 May 2017 18:45 +0800, johnw wrote: >> Both tried and not work. > > Yeah, you might be waiting for a while. According to the following, > both projects have this as an open issue but haven't been able to commit > resources to it. In t

Re: siteXX.tgz with /home/user/.ssh/authorized_keys results in empty file

On Mon, May 29, 2017 5:47 pm, Erling Westenvik wrote: > everything is okay. > > What is going on? Why is the process extracting siteXX.tgz > treating /mnt/home/user/.ssh different than /mnt/root/.ssh? > > *continues scratching head* > > Cheers. > Erling. > You didn't really explain the failure ca

Re: siteXX.tgz with /home/user/.ssh/authorized_keys results in empty file

Site is installed last *of the sets*, not the last thing that happens. And the user is created after the sets are extracted, also. The *.site scripts are run nearly last (close enough, that it doesn't matter).

Re: Openbsd 6.1 and Current Console Freezes and lockup Proxmox PVE5.0

On Tue, July 18, 2017 8:14 pm, Tom Smyth wrote: > Apologies... > Incomplete Mail ... was feeling Trigger happy and now im certainly > feeling uncomfortably dumb :) > > proper bug report to come tomorrow, > Its a long story... :/ > Thanks > When you do come back, mention if this is new with Proxmox

Re: Best way to monitor battery status on laptop

On Wed, July 26, 2017 8:11 pm, Carlos Cardenas wrote: > Howdy. > > Been using my toughbook with OpenBSD more and more and one of the things > that I seem to be missing is simple battery status (percent remaining, > if it's being charged, etc...) in my tmux(1) or wmii(1) session. > > Using sysctl(1)

Re: vio(4) tap(4) question

On Mon, August 28, 2017 6:03 pm, Bryan Harris wrote: > > pass on { vether0 tap0 tap1 tap2 tap3 tap4 tap5 tap6 tap7 tap8 tap9 } > > Thanks all. > > V/r, > Bryan > Can't you just use the interface group 'tap'? pass on { vether0 tap }

Re: Open /dev/mem file failed when running as a root priviledge

On Mon, September 11, 2017 8:58 pm, Nan Xiao wrote: > Hi all, > > Greetings from me! > > I want to run dmidecode (https://github.com/mirror/dmidecode) on OpenBSD > 6.1, but executing it will report following errors: > > # ./dmidecode > # dmidecode 3.1 > Scanning /dev/mem for entry point. > /dev/mem

Re: relayd https relay

On Wed, September 20, 2017 8:10 am, Bryan Harris wrote: > I don't think you can know the host header unless you decrypt the https > using a certificate. It seems that idea would require SNI but I don't > know > if they have SNI in relayd/httpd. (I could be wrong about that.) > httpd has SNI, rel

Re: OpenBSD router / firewall / gateway device

On Tue, September 19, 2017 10:25 pm, Usexy Nerd wrote: > https://beagleboard.org/x15 > > > What is BeagleBoard-X15? > > BeagleBoard-X15 is the top performing, mainline Linux enabled, > power-usersâ** > dream board with a core tailored for

Re: relayd https relay

On Thu, September 21, 2017 3:49 am, rosjat wrote: > Hi, > > so I added the with tls keywords to the relay and my webserver gets > request now but from my relayhost and this is making the way back quiet > hard :( > > so I added the X Headers for Forwarded-For and Forwarded-By but it still > leaves t

Re: relayd https relay

#x27;ca file', the imsg was not chunked and if the file is too big, relayd will fail to start the relay. Take the CA cert that signed the web server certificates and put that into a file and reference that file like 'ca file "/etc/ssl/webca.pem"' > Am 21.09.2017 um

Re: log up or down interface end change physical address

On Thu, September 21, 2017 9:29 am, Krzysztof Strzeszewski wrote: > Hi, > > How to log up or down (connect or not connect cable) interface end > change physical address on OpenBSD? > > > -- > Regards, > Krzysztof Strzeszewski > ifstated(8) and some scripts?

Re: Install process: couple of comments

On Wed, October 18, 2017 6:15 pm, Limaunion wrote: > On 10/17/2017 05:44 PM, Stuart Henderson wrote: >> On 2017-10-16, Limaunion wrote: >>> Hi! Last friday I upgraded my ALIX system from 6.0 to 6.2 using the PXE >>> boot method. In previous years I used an internal FTP server to perform >>> the up

Re: attach chroot-jail to switchd(8) ?

On Wed, May 23, 2018 4:35 am, Thomas Huber wrote: > Hi all, > > I´m just tinkering a little bit and try to mimic some "containerization" > on > OpenBSD with chroot. Is it somehow possible to attach a chrooted > envirionment to swtichd(8) ? > > Thanks > Thomas > OpenBSD's chroot is not like a Linu

Re: attach chroot-jail to switchd(8) ?

On Thu, May 24, 2018 1:28 pm, Claudio Jeker wrote: > On Thu, May 24, 2018 at 09:22:32AM -0400, trondd wrote: >> On Wed, May 23, 2018 4:35 am, Thomas Huber wrote: >> > Hi all, >> > >> > IÃ*´m just tinkering a little bit and try to mimic some >> "con

Re: dump/restore and crontab(5)

On Mon, July 2, 2018 8:14 am, Ed Ahlsen-Girard wrote: > Having clobbered my crontab (5) file in error (-r and -e are close) I > merrily went to my level 0 dump to restore it. It's present on the dump > (which is to file) but the restored file is zero bytes. > > Should I have run those dumps manuall

Re: dump/restore and crontab(5)

On Mon, July 2, 2018 10:26 am, Ed Ahlsen-Girard wrote: > On Mon, 2 Jul 2018 09:25:37 -0400 > "trondd" wrote: > >> On Mon, July 2, 2018 8:14 am, Ed Ahlsen-Girard wrote: >> [...] >> >> I'd have to look later to see if my dumps are coreectly grabbing

Re: Let's Encrypt Error with cgit, httpd, acme-client

On Wed, August 22, 2018 1:23 pm, Parikh, Samir wrote: > flipchan wrote on 22/08/18 01:19: >> Try removing all keys in the ssl directory aswell as >> /etc/acme/letsencrypt-privkey.pem > > Thank you for your suggestion! I tried that and still received a similar > error: > > # acme-client -vAD git.exa

Re: Let's Encrypt Error with cgit, httpd, acme-client

On Sun, August 26, 2018 4:40 pm, Parikh, Samir wrote: > > I guess my only remaining question is how did you know I needed to make > this change? I know the OpenBSD documentation is really good but I'm > still fascinated how people manage to sort things like this out. Maybe > it's just pure experi

Re: httpd and cgi

On Thu, October 4, 2018 12:54 pm, Kihaguru Gathura wrote: > Hi, > > For the following httpd setup, cgi scripts give a 403 Page not found > on browser. However after removing the line: > > location "/*" { > authenticate "Staff Only" with "/htpasswds" > } > > c

Re: acme-client memory setup failure

On Sat, October 27, 2018 6:19 am, ì*°ë*½ ì*°ë*½ wrote: > Dear misc, > > I am getting an error saying "ssl verify memory setup failure" whenever > I try to renew existing certificates on a host -- Openbsd 6.3, httpd, > acme-client. > Recently there were changes in a few configurations, including net

Re: acme-client memory setup failure

On October 28, 2018 12:09:02 AM EDT, "연락 연락" wrote: >Thank you indeed for your reply, trondd. >Yes, I added certificate(s) to cert.pem, probably more than one time so >far. >But the size looks not much bigger than normal one that I see from >another host. >s

Re: smtpd new "relay as" syntax?

On October 31, 2018 5:31:44 PM EDT, "Paul B. Henson" wrote: >I just upgraded to OpenBSD 6.4, and I'm trying to figure out how to do >this with the new syntax: > >accept from local for any relay via smtp://smtp.domain.com as >"@domain.com" > >This would rewrite the outbound message to masquerade

Re: Severe clock problems with OpenBSD VM on OpenBSD Host

On Sat, November 3, 2018 7:10 pm, Stefan Arentz wrote: > Hi everyone, > > I am having an issue where an OpenBSD VM running on vmd is having > serious clock skew issues. > > I am relatively new to OpenBSD, so I am not sure how to properly debug > this. What I hope is that I can provide a good amount

Re: mail doesn't read mail from /var/mail/root

On November 8, 2018 1:39:13 AM CST, ivp...@eml.cc wrote: >Hello, > >I must be missing something obvious, but since installing 6.4-current >(on a few versions in a row), I can't get mail to read /var/mail/root. > >After logging in, I see: > >>---< >OpenBSD 6.4-current (GENERIC.MP) #425: Sun N

Re: Cannot mount install.fs disk image to create custom auto_install.conf based USB flash drive

On Sun, November 11, 2018 4:28 pm, Andrew Lemin wrote: > > 4b) Mount new vnd1c device (this is where I'm stuck) > > ** Here is where I get lost. All the guides refer only to using > install.iso (whos 'a:' and 'c:' partitions are ISO9660 filetypes - for CD > based installs), but I need to use th

Re: httpd - bypass tls misconfig different ciphers, ecdhe

On Sat, August 15, 2020 7:13 pm, hisacro wrote: > I'm on -current, httpd throws tls misconfig error when different > cipher or ecdhe used but it's bypassed by listen statment. > > server "domain.tld" { > listen on * tls port 443 > log style combined > hsts > { > subdomains >

Re: httpd - bypass tls misconfig different ciphers, ecdhe

On Sun, August 16, 2020 1:49 am, hisacro wrote: > Aug 16, 2020, 7:50 AM by tro...@kagu-tsuchi.com: > >>>On Sat, Aug 15, 2020 at 04:13:51PM -0700, hisacro wrote: >> >>> $ doas httpd -nv >>> server "sub.domain.tld": tls configuration mismatch on same >>> address/port >>> >>> instead of defining same

Re: httpd - bypass tls misconfig different ciphers, ecdhe

On Sun, August 16, 2020 1:23 pm, hisacro wrote: > Aug 16, 2020, 11:44 AM by tro...@kagu-tsuchi.com: > >> Because it's not the same IP and port anymore. You can only have one >> thing listening on an ip+port > > I got a working httpd config with same IP and same Port > > server "domain.tld" { >

Re: httpd - bypass tls misconfig different ciphers, ecdhe

On Sun, August 16, 2020 3:20 pm, hisacro wrote: > On Sun, Aug 16, 2020 at 02:34:27PM -0400, trondd wrote: > >> Oh, I see what you're doing. BOTH listen lines are active in the second >> server block. When you connect to port 443 with that config, which TLS >> set

Re: httpd - bypass tls misconfig different ciphers, ecdhe

On Wed, August 19, 2020 3:33 am, Hisacro Root wrote: > On Tue, Aug 18, 2020 at 09:28:18PM -0400, trondd wrote: >> The bug here is in how additional listen lines interact with the >> remaining >> configuration. The first listen line in a server block gets the tls >>

Re: email attachments in firefox

On Fri, August 21, 2020 5:24 pm, Jan Stary wrote: > On Aug 21 18:06:59, falsif...@falsifian.org wrote: >> On 2020-08-21 16:51, Raymond, David wrote: >> > I noticed that trying to load an attachment to Gmail in Firefox leads >> > to a basically empty menu for selecting the file to be loaded? What >

Re: Can I boot without GPU ("headless")?

On Sun, August 30, 2020 7:12 am, Henry W. Peterson wrote: > If I write at the boot prompt "set timeout 5" and then "set tty pc0" it > waits indefinitely for new commands (as expected). > > I was asking if there is a way to start a new timeout or instantly boot > the kernel after the console switchi

Re: Having trouble enabling TLSv1.3 on httpd(8)

On Thu, September 3, 2020 2:18 pm, Parker Ellertson wrote: > According to my understanding of the manpages (specifically > httpd.conf(5) and tls_config_set_protocols(3)), setting up TLSv1.3 > should be just as easy as adding: > > tls { > protocols "TLS_PROTOCOL_TLSv1_3" >

Re: Can't cron sct.

On Tue, October 27, 2020 11:10 am, avv. Nicola Dell'Uomo wrote: > Hi, > > maybe I'm missing something trivial, but I can't figure out how to cron > sct(1) > > My user cron config works and cron log reports sct was executed, but > screen temp doesn't change ... > > Here's my user crontab: > > #Â
Â
Â

Re: relayd: "listen on egress" only listens to IPv4 and not IPv6

On Thu, August 29, 2019 8:55 am, Muhammad Kaisar Arkhan wrote: > Hi Tom, > >> listen on 2a03:6000:9106::50f7:f07a:d1cc port 443 tls > > I've tried this before, it just results in this: > > /etc/relayd.conf:33: cannot load certificates for relay https2:443 > > I'm not sure why it does this despite

Re: vpn.rebehn.net upgrade log

On Mon, October 28, 2019 6:37 pm, Heinrich Rebehn wrote: > Hello list, > > After upgrading a OpenBSD host running 6.5 to 6.6 using sysupgrade(8), I > received the email below. > It suggests that the upgrade has been aborted upon failure to upgrade > comp66.tgz. This set was not part of the initial

Re: checksums after reboot

On Fri Feb 7, 2020 at 2:40 PM, Justin Muir wrote: > Hello all, > > > Posting here for the first time! Using OBSD as daily laptop OS. Trying > to > be a little more security conscious these days by keeping checksums on > system files with mtree. Did a reboot and several files were changed > includi

Re: Private cloud hosting recommendations

On Fri, October 9, 2015 1:57 pm, MartÃn Ferco wrote: > Thanks for all your input! > > I'm not particularly concerned about price -- if they are as expensive as > AWS (paying around $150/mo per instance there), I'd be OK as well. If they > are cheaper, the better, but I want quality and service as a

Re: Private cloud hosting recommendations

On Fri, October 9, 2015 4:34 pm, MartÃn Ferco wrote: > I can consider that as well, but I'd like to not depend on someone > inserting CDs or something like that for installing the OS for example > and, > also, I'd like to have the possibility of having our private network > connected via VPN to our

Re: Question about core dumps and swap space.

On Mon, October 19, 2015 8:01 pm, Joel Rees wrote: > > I have lots of core dumps sitting around. I have not seen any the size > of physical memory. Nothing close. Even firefox doesn't leave that > much of a dump when it bombs. > > Hmm. Xombrero, from when I was playing with that, left a coredump of

Re: make release error on 5.8

On Tue, October 20, 2015 11:02 am, Joe S wrote: > > since the FAQ didnâ**t mention the need to do this separately. > Sure it does. 5.3.5 describes building userland and 5.4, about building the release, references it several times. "the above build process" "build...then make a release" "The rel

Re: ipsec via iked

> I do have read the puffysecurity website Did you? I struggled with this for a while, too, and found the puffysecurity example, when followed, works. > > For example, the laptop is connected to internet through a network > 192.168.100.0/24 (ip 192.168.100.37) > > The working configuration is (u

Re: OBSD 5.8 and console

On Sun, November 22, 2015 11:13 am, Alessandro Baggi wrote: > Hi list, > I've an APU1D where I want install OpenBSD 5.8 amd64. The only option > that I have is install from console. > > I've downloaded install58.fs and modified /etc/boot.conf adding: > set tty com0 > (saved) > > During boot it reco

[PATCH] pledge x11/wmii (and other ports?)

I haven't seen much discussion about applying pledge to ports, so I thought I'd find out how people feel about it. I chose to start with x11/wmii because a) It's no longer officially developed so (other than updating the port to the last release) it's not going to change. b) I might be the only on

Re: release and patch/errata info in (easily) machine readable format?

On Sat, December 5, 2015 2:20 pm, openbsd-m...@clark-communications.com wrote: > I mostly follow -stable, and have scripts/tools that enable me to > (re)build > stable from source with minimal human intervention. > > To further automate this process, it would be helpful to have the current > releas

Re: release and patch/errata info in (easily) machine readable format?

On Sat, December 5, 2015 4:08 pm, openbsd-m...@clark-communications.com wrote: > Yes, if I end up writing a scraper, I will very likely obtain the html > pages > from the www directory of my local CVS mirror, rather than making http > requests > of the OpenBSD website. > > Another nice piece of dat

Re: release and patch/errata info in (easily) machine readable format?

On Sat, December 5, 2015 4:08 pm, openbsd-m...@clark-communications.com wrote: > Yes, if I end up writing a scraper, I will very likely obtain the html > pages > from the www directory of my local CVS mirror, rather than making http > requests > of the OpenBSD website. > > Another nice piece of dat

Re: NOT POSSIBLE: Fully encrypted system with keydisk

On Thu, December 10, 2015 6:35 pm, Stefan Wollny wrote: > YES: I did 'disklabel -E sd0' and 'disklabel -E sd1' accordingly, setting every partition to type RAID How many partitions are you making on sd0? For FDE, typically you make one partition of type RAID filling the disk (or your desired Open

Re: security(8) mailbox check question

On Sat, January 23, 2016 1:29 pm, Adam Wolk wrote: > Hi misc@ > > I'm using OpenSMTPD setup according to [1]. OpenBSD's security(8) keeps > complaining on the way I setup my maildir on the host. > > TL;DR: why u+x on users maildir is considered a bad practice? > > Running security(8): > > Checking

Re: Making and using a release

On Sun, January 31, 2016 7:04 am, Mark Carroll wrote: > http://www.openbsd.org/faq/faq5.html#Release tells me at the end that, > >> ... if updating a machine to a new -stable, simply unpack the tar >> files in the root directory of the target machine. > > Am I right to worry that this approach woul

Re: Sorry for the n00b question but I could use some education on relayd

On Thu, November 2, 2017 2:17 pm, Bryan C. Everly wrote: > Hi misc@, > > I have a use case where I'm using OpenBSD 6.2 as my router/firewall > and there are several websites that sit behind it on separate servers > (let's call them http://one.com, http://two.com and http://three.com > > I'd like to

Re: Streamlining disklabel...

On Sat, November 4, 2017 5:09 pm, Implausibility wrote: > Again, the interactive editor is way too many steps, too many > opportunities for screw-ups, and does nothing to streamline the process of > adding a new disk for me. > > So this is what I've come up with... > > fdisk -i sd1 > echo "/disk2

Re: pf not redirecting DNS queries

On Mon, November 6, 2017 8:50 pm, Scott Bennett wrote: > I have an APU2 running 6.2, acting as pf NAT gateway, DHCP server, and > DNS cache (unbound) for my internal LAN. > > I've attempted to make all DNS queries redirect to the APU2, as many > examples have illustrated, so that they can be forwar

Re: Keeping up to date with ports and putting ports/pobj on wxallowed filesystem

On Thu, November 9, 2017 4:54 pm, Jeff wrote: > On Thu, 9 Nov 2017 22:06:43 +0100 > "Christoph R. Murauer" wrote: > >> If I understood your question correct ... >> >> > Running: OpenBSD6.2-release >> > >> > Goal: To run a secure and functional web server. >> > (the server is currently up and runni

Re: trouble while building a release

On Wed, January 3, 2018 1:07 pm, Etienne wrote: > Hello list, > > I'm a bit confused. I believe I have correctly applied the instructions > in release(8), but I hit this error when running "make release" in > paragraph 4, on unmodified sources: > > # cd /usr/src/etc && make release > [â*¦] > sh /us

Re: Probable mistake in PF tagging example ruleset order

On Wed, January 10, 2018 2:44 pm, Aham Brahmasmi wrote: > Hi, > > I am trying to learn and understand the pf tagging mechanism. I was > wondering whether my understanding of the order in the example at > https://www.openbsd.org/faq/pf/tagging.html is correct. If it is, then > there might be a mista

Re: Writing "ones" instead of "zeroes" when wiping disk

On Thu, January 11, 2018 5:12 pm, worik wrote: > On 12/01/18 11:09, Jan Stary wrote: >> On Jan 11 14:45:21, andreasthu...@gmail.com wrote: >>> in order to achieve paranoid disk-wiping? >> Ones are not nearly as secure as zeros. >> > Why not?Â
Is it not arbitrary? > A 1 is too narrow to fully cove

Re: http_proxy for rc.firsttime after Upgrade

On Fri, January 19, 2018 4:29 am, Raimo Niskanen wrote: > Hello list! > > I have some machines behind a squid proxy and have set the http_proxy and > ftp_proxy environment variables both in /etc/profile and in > /etc/login.conf > for the default login class. This works well. > > But after an upgra

Re: http_proxy for rc.firsttime after Upgrade

On Mon, January 22, 2018 2:36 am, Raimo Niskanen wrote: > On Fri, Jan 19, 2018 at 10:47:15AM -0500, trondd wrote: >> On Fri, January 19, 2018 4:29 am, Raimo Niskanen wrote: >> > Hello list! >> > >> > I have some machines behind a squid proxy and have set

Re: iwm errors with new snapshot

On Tue, January 23, 2018 2:09 pm, Stefan Sperling wrote: > On Tue, Jan 23, 2018 at 11:50:28AM -0600, Vijay Sankar wrote: >> Over the weekend, I was trying to do some tests requested in tech@ >> (inteldrm). I downloaded the latest snapshot but had problems with iwm >> firmware on my laptops (X1 Carb

Re: Kernel panic with openbsd 6.2

On Mon, January 22, 2018 10:47 am, Mik J wrote: > Hello Stuart, > For me it takes just a few days... > I have a crash every 3/4 days maybe (2 crashes so far) and my server does > not handle load. > Yes I read your reports this morning, although you wrote that there was a > combination with snmpd, I

Re: Kernel panic with openbsd 6.2

On Thu, January 25, 2018 4:29 am, Maxim Bourmistrov wrote: > As Stuart mentioned, em(4) on top of e1000 proven to be more stable. > Even under higher load. > Vmx starting to misbehave under high load, resulting for ex. with unstable > CARP setup. > > //mxb > >> 25 jan.

Re: SWAP should always be inside crypto softRAID, right? (For OS crash dump data to be encrypted.)

On Thu, February 8, 2018 1:49 pm, Tinker wrote: > Hi misc@, > > I looked through previous discussions on whether a SWAP partition > should be inside or outside the RAID partition when making a crypto > softraid. > > The only argument I stumbled into was that it should be outside because > swap is e

Re: Upgrade 6.1->6.2 fails with "id 0 on/: file system full"

On Tue, February 20, 2018 8:34 am, Nicolas Schmidt wrote: > Hey, > > it's me again, still trying to upgrade to 6.2. > > After choosing to skip verification and continue the upgrade process, I > now immediately get the following error: > > Installing bsd0% | > id 0 on /:

Re: Loop problem in sending mail to root

On Mon, March 5, 2018 1:05 pm, Chris Bennett wrote: > I cannot get mail to reach root from /etc/daily for example. > Not sure what I have setup wrong. > also both femail-chroot and sendmail-mini-chroot fail > femail: socket: Connection refused > /var/www/bin/sendmail_mini: connect: Connection refus

Re: Loop problem in sending mail to root

On Mon, March 5, 2018 2:45 pm, Chris Bennett wrote: > That did the trick. > For the future, page 2 'Trace subsystem': https://www.bsdcan.org/2016/schedule/attachments/378_smtpd_cheatsheet.pdf You can see which rule gets matched.

Re: Opensmtpd authentication error

On Tue, March 6, 2018 1:48 pm, flipchan wrote: > Hello, > im trying to create a mail server and i keep getting opensmtpd > authentication fail > > > i tried using neomutt and regular mutt, but no success > > > tail -f /var/log/maillog > Mar 6 18:15:37 mail dovecot: imap-login: Login: user=, > meth

Re: Opensmtpd authentication error

On Wed, March 7, 2018 10:06 am, flipchan wrote: > smtpctl encrypt mypassword > > Then syntax > user:password ? > > On March 6, 2018 9:46:26 PM UTC, trondd wrote: >>On Tue, March 6, 2018 1:48 pm, flipchan wrote: >>> Hello, >>> im trying to create

Re: stop syslogd from opening port 514 UDP

On Fri, March 16, 2018 6:42 am, Torsten wrote: > I know I could use PF as a workaround Really? I wouldn't consider blocking incomming connections to unused ports by default to be a workaround, but a necessity.

Re: pflogd write /var/run/mypflogdinstance.pid?

Stuart Henderson wrote: > On 2020-12-07, Harald Dunkel wrote: > > About the PIDs: Maybe a systctl like > > > > kernel.pid_max = 4194303 > > > > known from other OSes could help to reduce the risk for PID conflicts. > > This doesn't help if you actually want reliability, rather than just > "

Re: pflogd write /var/run/mypflogdinstance.pid?

>> On 2020-12-13, Harald Dunkel wrote: > On 12/13/20 7:10 PM, Theo de Raadt wrote: >> >> And I'm suggesting the arguments should look like this: >> >> pflogd: [priv] -s 160 -i pflog0 -f /var/log/pflog (pflogd) >> pflogd: [running] -s 160 -i pflog0 -f /var/log/pflog (pflogd) >> >> That mi

Re: tc= in remote(5) example

On Thu, February 18, 2021 11:38 am, Jan Stary wrote: > /etc/examples/remote contains the following stanzas: > > unixhost:\ > :br#9600: > > cua00|For i386,macppc:\ > :dv=/dev/cua00:tc=unixhost: > > cuaa|For sparc:\ > :dv=/dev/cuaa:tc=unixho

Re: Not possible to sysupgrade via snapshots right now?

On Sat, May 8, 2021 7:58 pm, Scott Vanderbilt wrote: > Apologies if this is a question to which there is an obvious answer, but > I could not find one in the sysupgrade man page, What is sysupgrade trying to do? What do you want it to do? No? Read it again. It's not that long.

Re: Not possible to sysupgrade via snapshots right now?

On Sat, May 8, 2021 9:04 pm, trondd wrote: > On Sat, May 8, 2021 7:58 pm, Scott Vanderbilt wrote: >> Apologies if this is a question to which there is an obvious answer, but >> I could not find one in the sysupgrade man page, > > What is sysupgrade trying to do? What do you

Re: Not possible to sysupgrade via snapshots right now?

On Sat, May 8, 2021 9:19 pm, Scott Vanderbilt wrote: > On 5/8/2021 6:04 PM, trondd wrote: >> On Sat, May 8, 2021 7:58 pm, Scott Vanderbilt wrote: >>> Apologies if this is a question to which there is an obvious answer, >>> but >>> I could not find one in th

Re: How to set a HTTP proxy for sysupgrade

On Wed, June 30, 2021 5:28 am, Raimo Niskanen wrote: > Hello list! > > I just upgraded one of our lab machines from 6.8 to 6.9 > (amd64), and our lab environment is closed to the Internet, > so using an HTTP proxy is required to reach out. > > I have set http_proxy, ftp_proxy and https_proxy in > /

Re: How to set a HTTP proxy for sysupgrade

On Thu, July 1, 2021 4:25 am, Raimo Niskanen wrote: > On Wed, Jun 30, 2021 at 09:23:15PM -0400, trondd wrote: >> >> I simply echo the export statements of the proxy environment variables >> to >> /etc/rc.firstime before reboot. The installer will always append to the &

Re: Core Dev?

On Tue, December 4, 2018 6:50 am, Ahmad Bilal wrote: > > @Marc: Thanks for the information, but based on what you said, what would > you consider as 'official' then? Just curious. > Let go of this concept. These are your systems. You're the only official. If you want to build an AMI for AWS, yo

Re: procmail and new grammar in smtpd.conf

On Wed, December 5, 2018 6:22 am, Eda Sky wrote: > > the original rule is > > accept from any for domain "example.com" alias deliver to mda > "/usr/local/bin/procmail -f -" > > I do not know how to write new rules. > Everything I'm trying to do ends with syntax error. > What have you tried?

Re: relayd: Layer 7 proxy: forward failed

On Thu, December 6, 2018 12:04 pm, Leo Unglaub wrote: > Hi, > i am trying to use relayd as an outbound proxy. I am following the > manual page and also the book "Httpd and Relayd Mastery". I did this on > the latest release 6.4 and also on the latest snapshot to make sure this > was not already fix

Re: apu2 em0/dhclient problems

On Sun, January 27, 2019 12:44 pm, Edgar Pettijohn wrote: > I'm trying to replace my dieing soekris box with an apu2 dmesg below. > However, I can't seem to get em0 to connect to my isp. It will work > when connecting to the soekris box though. So I don't think its the > interface that is the probl

Re: Use xenodm like startx?

On Wed, January 30, 2019 8:02 pm, John Ankarström wrote: > Hi, > > I just got OpenBSD installed on my new laptop, and so far, it works great. > But since I applied the latest X11 patch, I can no longer use startx to > launch X11, unless I do it as root, which probably isnâ**t a good idea. > Seems

Re: Use xenodm like startx?

On Thu, January 31, 2019 7:35 am, Bruno Flueckiger wrote: > > Add the following line to /etc/X11/xenodm/xenodm-config: > > DisplayManager.*.terminateServer: true > > Cheers, > Bruno > That doesn't work how you think it does. It does shut down the X server after quitting a window manager but t

Re: Use xenodm like startx?

On Thu, January 31, 2019 5:57 am, John Ankarström wrote: > >> Only thing I never figured out is how to make X and xenodm shutdown when >> I >> exit my window manager. > > This too makes me feel like xenodm is far too complex for what I want. > It's not an issue of complexity. It's a different to

Re: Activating second crypted (or other raid) device

On Sun, May 5, 2019 3:57 pm, cho...@jtan.com wrote: > Thomas Frohwein writes: >> On Sun, May 05, 2019 at 08:57:55PM +0300, cho...@jtan.com wrote: >> [...] >> > Currently after every upgrade I patch /etc/rc to run /etc/rc.blockdev >> > (containing bioctl -cC -p /etc/sd0.key -l sd0a softraid0) before

Re: Duplicity & /etc/daily.local

On Mon, May 20, 2019 5:50 pm, Noth wrote: > Hi misc@, > > > Â
I'm trying to run daily backups to a sftp server for various VMs and > devices on my network, and want to use /etc/daily.local for this. I'm > calling this script from the daily.local file: > > env 'GNUPG="/usr/local/bin/gpg" PASSPHRAS

Re: xenocara build on fresh install

On Sat, September 10, 2016 4:14 pm, Stephen Trotter wrote: > hi, I am just curious if the defaults (namely the disk sizes) are supposed > to be sufficient for building xenocara after a fresh install. > > i attempted to do so following release(8) and it ended unsuccessfully due > to the drive/filesy

Re: Looking for a way to deal with unwanted HTTP requests using mod_perl

On Wed, September 28, 2016 1:20 pm, Chris Bennett wrote: > > Right now I am using a simple script from the error log to block > permanently any requests from that IP using OpenBSD pf. > > That simply doesn't work well enough anymore due to the time lag between > 20+ requests at once getting to the

Re: Is using relayd to block unwanted HTTP requests, with only having one server a good idea?

On Sat, October 1, 2016 12:00 pm, Chris Bennett wrote: > I like what I see in the FILTER RULES of relayd. > I just want to be able to add new filters as needed when seen in http > error_log. > But I only have one server. And I use SSL for two sites. And multiple > virtual hosts on each IP. > Would

Re: Multiple web servers behind NAT

On Wed, October 5, 2016 8:43 am, Radek wrote: > Yes, my servers share the same ext IP. > It is 5.9. I am trying to configure relayd. I commented out previous > "rdr-to" rules from /etc/pf.conf and added as below. > 10.0.30.101, 10.0.30.201 - it is not a mistake - ( 10.0.8.11, 10.0.8.22 > was just a

Re: Multiple web servers behind NAT

On Mon, October 10, 2016 6:01 am, Radek wrote: > > The second thing to do is enabling wesites' SSL/TLS certs. > Each website has its own certificate on its server. I suppose that I have > to configure man-in-the-middle "TLS inspecion" mode to enable TLS > connection using these certs again. > Am I

Re: Multiple web servers behind NAT

On Wed, October 12, 2016 1:38 am, Florian Ermisch wrote: > > So relayd doesn't support SNI yet? > Not that SNI and having a cert for each > site on the relay covers the usecase but > httpd does support SNI, right? > > Regards, Florian > I think you are correct. I think SNI was added to libtls and

Re: An AR9280 as an Access Point

On Tue, October 11, 2016 12:04 pm, physkets wrote: > Hello! > > I'd asked a related question on the OpenBSD subreddit, and someone > pointed me here. Hope this is appropriate. > https://www.reddit.com/r/openbsd/comments/56lzhu/which_wifi_card_to_make_an_access_point > > Does anyone know how good a

Re: relayd.conf error

On Sat, October 15, 2016 10:47 am, Ali H. Fardan wrote: > Hey misc@, I'm having issues with relayd.conf. this is the error I get > when I try to run relayd: > > > # rcctl -df start relayd > doing _rc_parse_conf > doing _rc_quirks > relayd_flags empty, using default >< > doing _rc_parse_conf /var/ru

Re: vmm: panic: root filesystem has size 0

On Thu, November 3, 2016 3:45 pm, Patrik Lundin wrote: > Hello, > > I am trying to start a VMM guest based on the example commands in vmctl(8) > without luck. The guest is panicking like so: > === > panic: root filesystem has size 0 > === > > Here are the commands I use: > === > # vmctl create disk

Re: Oddness with pkg_add

On Thu, November 3, 2016 9:07 pm, Chris Huxtable wrote: > Same as before unfortunately. > > # pkg_add -v nano > Error from http://ftp.openbsd.org/pub/OpenBSD/6.0/packages/amd64/ > ftp: ftp.openbsd.org: no address associated with name > http://ftp.openbsd.org/pub/OpenBSD/6.0/packages/amd64/ is e

  1   2   3   >