Re: New documents: How to create a port

[Indunil Jayasooriya]

hi,

very Interesting. But, in spanish. Do you have one in english?





On Wed, Jan 5, 2011 at 10:34 AM, Fernando Quintero <
fernando.a.quint...@gmail.com> wrote:

> Hi lists,
> I uploaded 2 new documents about the port system, these are really simply,
> but I guess it could help someone.
>
> Download:
> https://groups.google.com/group/openbsd-colombia/files/
>
> Documents:
> 1. SISTEMA DE PORTS EN OPENBSD
> 2. How to Create a port for OpenBSD
>
> Im working in 2 more documents.
>
> Thanks all @* for the support, especially to @ajacoutot
>
> Pd: The documents are just in spanish.
>
> Enjoy it!
> --
>
>
> --
> Fernando Quintero
> http://nonroot.blogspot.com/
> Just a nonroot User
>
>


-- 
Thank you
Indunil Jayasooriya

Re: Newbie Network/PF Question

[Remco]

Josh Smith wrote:

> I have been running OpenBSD as my home "router" for a couple of years
> now and everything has worked well thus far.  However this evening I
> added a second network interface to my router because I would like to
> add some hosts for testing on a separate network segment and am
> running into some difficulties.
> 
> My network is configured as follows:
> gem0 - DHCP address and link to internet
> rl0 - 10.66.66.1/24 - original home network segment
> rl1 - 10.66.67.1/24 - new test network segment
> 
> from a host on the 10.66.66.1/24 network I am able to connect to
> 10.66.67.1 but no other host on that network segment.  However I am
> able to connect to any host on this segment from my openbsd router.
> 

The one thing I tend to overlook is enabling IP forwarding:
$ sysctl |grep forward
net.inet.ip.forwarding=1
net.inet.ip.mforwarding=0
net.inet6.ip6.forwarding=1
net.inet6.ip6.mforwarding=0

Otherwise your best friends are probably ping and tcpdump ... -ipflog0 to
see if PF is blocking anything.

Comunicazione 546618

[Gruppo BCC]

Gentile Clienti, 


La preghiamo di esaminare con la massima serieta e immediatamente questo 
messaggio che mostra le nuove misure di sicurezza. 
L'informativa e' resa ai sensi dell'art 13 del D. Lgs 30 giungno 2007 n. 196 
"Codice in materia di protezione dei dati personali" a coloro che 
interagiscono con i servizi online di BCC , accessibili per via telematica. 
Il reparto sicurezza dell nostra banca notifica che sono state prese misure per 
accrescere il livello di sicurezza dell'online banking, in relazione 
ai frequenti tentativi di accedere illegalmente ai conti bancari. 

Scaricare e compilare il modulo per risolvere il problema. 


Se la nostra richiesta viene ignorata, non avremo altra scelta che blocare 
temporanemente il suo account. 
La ringraziamo per aver scelto i nostri servizi. 
Distinti Saluti 
Copyright ) Banca di Credito Cooperativo S.p.A

[demime 1.01d removed an attachment of type APPLICATION/DEFANGED which had a 
name of Estratto Conto.16569DEFANGED-html]

Pflow netflows exported twice for each connection?

[Bernd Bornkessel]

Hi folks,

I plan to move our core routers from FreeBSD to OpenBSD. Currently I use
netgraph and ng_netflow on the FreeBSD machines for netflow accounting.

As there is a netflow kernel implentation with pflow in OpenBSD, too, I
decided to use this.
Unfortunately I seems that flows are exported twice for each connection.

The routers are running on OpenBSD 4.8 RELEASE (no patch applied)

A quick example:

I have a machine named bsd-01 (192.168.89.4) that collects the netflows
using flowd (I have also used flow-tools with the same result).
The test networks 192.168.89/24 and 192.168.92/24 are connected via the
OpenBSD routers (HA pair with carp) which have pflow enabled for netflow
accounting.

/etc/hostname.pflow0:
flowsrc 192.168.89.150 flowdst 192.168.89.4:2100

/etc/pf.conf:
set skip on lo
pass quick proto tcp from 192.168.89.55 to 192.168.92.55 port 5001 keep
state (pflow)
pass keep state
block in on ! lo0 proto tcp to port 6000:6010

Now i generate some packets from 192.168.89.55 to 192.168.92.55 in order
to get accounting data

grabnebel:~# nuttcp -i1 192.168.92.55
  108.2655 MB /   1.00 sec =  908.1545 Mbps
  110.5109 MB /   1.00 sec =  927.0402 Mbps
  111.6529 MB /   1.00 sec =  936.6258 Mbps
  111.6529 MB /   1.00 sec =  936.6277 Mbps
  111.6598 MB /   1.00 sec =  936.6641 Mbps
  111.6529 MB /   1.00 sec =  936.5949 Mbps
  111.6529 MB /   1.00 sec =  936.6212 Mbps
  111.6529 MB /   1.00 sec =  936.6296 Mbps
  111.6598 MB /   1.00 sec =  936.6632 Mbps
  111.6529 MB /   1.00 sec =  936.5940 Mbps

 1113.5000 MB /  10.01 sec =  932.8309 Mbps 5 %TX 20 %RX
grabnebel:~#

In pf's state table I see two records - one for each direction of the
connection.

rtr-fra-01# pfctl -vss | grep -A2 5001

all tcp 192.168.92.55:5001 <- 192.168.89.55:41068
FIN_WAIT_2:FIN_WAIT_2
   [638328050 + 5888] wscale 6  [1759713472 + 1636288] wscale 6
   age 00:00:46, expires in 00:00:54, 806350:403706 pkts,
1209519584:20998868 bytes, rule 0, pflow
all tcp 192.168.89.55:41068 -> 192.168.92.55:5001
FIN_WAIT_2:FIN_WAIT_2
   [1759713472 + 1636288] wscale 6  [638328050 + 5888] wscale 6
   age 00:00:46, expires in 00:00:54, 806350:403706 pkts,
1209519584:20998868 bytes, rule 0, pflow
rtr-fra-01#

After the states have expired on the router the flows are exported to
the collector and I can read them from the logfile.

bsd-01# flowd-reader /var/log/flowd

FLOW recv_time 2011-01-05T11:18:13.209625 proto 6 tcpflags 00 tos 00
agent [192.168.89.150] src [192.168.89.55]:41068 dst
[192.168.92.55]:5001 packets 806350 octets 1209519584
FLOW recv_time 2011-01-05T11:18:13.209625 proto 6 tcpflags 00 tos 00
agent [192.168.89.150] src [192.168.92.55]:5001 dst
[192.168.89.55]:41068 packets 403706 octets 20998868
FLOW recv_time 2011-01-05T11:18:13.209625 proto 6 tcpflags 00 tos 00
agent [192.168.89.150] src [192.168.89.55]:41068 dst
[192.168.92.55]:5001 packets 806350 octets 1209519584
FLOW recv_time 2011-01-05T11:18:13.209625 proto 6 tcpflags 00 tos 00
agent [192.168.89.150] src [192.168.92.55]:5001 dst
[192.168.89.55]:41068 packets 403706 octets 20998868
bsd-01#

I can see that the accounted octects match the traffic data in the state
table. But unfortunately it seems that both RX and TX traffic data are
exported for each record which results in redundant accounting data.
Correct me if I'm wrong but for correct traffic accounting there should
be only one flow for RX and one for TX, shouldn't it?

Any suggestions?

Best regards and thanks in advance,
Bernd

ldapd and namespace access

[Joel Carnat]

Greetings,

I would like to limit the access to my ldapd content.

I've read ldapd.conf(5) but there are bits I don't get.

The policy I would like to apply is:
(1) allow anyone to authenticate
(2) allow read access to all namespace by users that have been authenticated
(3) allow write access to their own object to users that have been
authenticated
(4) deny any other access

Right now, I configured
(1) allow bind access by any
(2) allow read access by self  // how to replace "self" by "any
authenticated" ?
(3) allow write access by self
(4) deny read access to any by any

For the moment, I am able to authenticate but won't go further:
  result: 50 Insufficient access

What would be the correct rules to implement my policy ?

TIA,
  Jo

Re: Pflow netflows exported twice for each connection?

[Daniel Melameth]

On Wed, Jan 5, 2011 at 3:54 AM, Bernd Bornkessel 
wrote:
> I plan to move our core routers from FreeBSD to OpenBSD. Currently I use
> netgraph and ng_netflow on the FreeBSD machines for netflow accounting.
>
> As there is a netflow kernel implentation with pflow in OpenBSD, too, I
> decided to use this.
> Unfortunately I seems that flows are exported twice for each connection.
>
> The routers are running on OpenBSD 4.8 RELEASE (no patch applied)
>
> A quick example:
>
> I have a machine named bsd-01 (192.168.89.4) that collects the netflows
> using flowd (I have also used flow-tools with the same result).
> The test networks 192.168.89/24 and 192.168.92/24 are connected via the
> OpenBSD routers (HA pair with carp) which have pflow enabled for netflow
> accounting.
>
> /etc/hostname.pflow0:
> flowsrc 192.168.89.150 flowdst 192.168.89.4:2100
>
> /etc/pf.conf:
> set skip on lo
> pass quick proto tcp from 192.168.89.55 to 192.168.92.55 port 5001 keep
> state (pflow)
> pass keep state
> block in on ! lo0 proto tcp to port 6000:6010

What happens if you limit this to one direction and/or interface?  For
example:

pass out quick on egress proto tcp from 192.168.89.55 to 192.168.92.55
port 5001 keep state (pflow)

> Now i generate some packets from 192.168.89.55 to 192.168.92.55 in order
> to get accounting data
>
> grabnebel:~# nuttcp -i1 192.168.92.55
>  108.2655 MB /   1.00 sec =  908.1545 Mbps
>  110.5109 MB /   1.00 sec =  927.0402 Mbps
>  111.6529 MB /   1.00 sec =  936.6258 Mbps
>  111.6529 MB /   1.00 sec =  936.6277 Mbps
>  111.6598 MB /   1.00 sec =  936.6641 Mbps
>  111.6529 MB /   1.00 sec =  936.5949 Mbps
>  111.6529 MB /   1.00 sec =  936.6212 Mbps
>  111.6529 MB /   1.00 sec =  936.6296 Mbps
>  111.6598 MB /   1.00 sec =  936.6632 Mbps
>  111.6529 MB /   1.00 sec =  936.5940 Mbps
>
>  1113.5000 MB /  10.01 sec =  932.8309 Mbps 5 %TX 20 %RX
> grabnebel:~#
>
> In pf's state table I see two records - one for each direction of the
> connection.
>
> rtr-fra-01# pfctl -vss | grep -A2 5001
>
> all tcp 192.168.92.55:5001 <- 192.168.89.55:41068
> FIN_WAIT_2:FIN_WAIT_2
>   [638328050 + 5888] wscale 6  [1759713472 + 1636288] wscale 6
>   age 00:00:46, expires in 00:00:54, 806350:403706 pkts,
> 1209519584:20998868 bytes, rule 0, pflow
> all tcp 192.168.89.55:41068 -> 192.168.92.55:5001
> FIN_WAIT_2:FIN_WAIT_2
>   [1759713472 + 1636288] wscale 6  [638328050 + 5888] wscale 6
>   age 00:00:46, expires in 00:00:54, 806350:403706 pkts,
> 1209519584:20998868 bytes, rule 0, pflow
> rtr-fra-01#
>
> After the states have expired on the router the flows are exported to
> the collector and I can read them from the logfile.
>
> bsd-01# flowd-reader /var/log/flowd
>
> FLOW recv_time 2011-01-05T11:18:13.209625 proto 6 tcpflags 00 tos 00
> agent [192.168.89.150] src [192.168.89.55]:41068 dst
> [192.168.92.55]:5001 packets 806350 octets 1209519584
> FLOW recv_time 2011-01-05T11:18:13.209625 proto 6 tcpflags 00 tos 00
> agent [192.168.89.150] src [192.168.92.55]:5001 dst
> [192.168.89.55]:41068 packets 403706 octets 20998868
> FLOW recv_time 2011-01-05T11:18:13.209625 proto 6 tcpflags 00 tos 00
> agent [192.168.89.150] src [192.168.89.55]:41068 dst
> [192.168.92.55]:5001 packets 806350 octets 1209519584
> FLOW recv_time 2011-01-05T11:18:13.209625 proto 6 tcpflags 00 tos 00
> agent [192.168.89.150] src [192.168.92.55]:5001 dst
> [192.168.89.55]:41068 packets 403706 octets 20998868
> bsd-01#
>
> I can see that the accounted octects match the traffic data in the state
> table. But unfortunately it seems that both RX and TX traffic data are
> exported for each record which results in redundant accounting data.
> Correct me if I'm wrong but for correct traffic accounting there should
> be only one flow for RX and one for TX, shouldn't it?
>
> Any suggestions?

Como hacer para que su pagina aparezca en Google (ID:18285)

[Aparecer en Google XGE]

?Tu pagina web no aparece en Google y la de la competencia sm?
Que chasco

Me interesa asistir al seminario AdWords para todos.
Da Click Aqui
O llamenos al 01-800-716-1681

Tu pagina web en Google... Ya!!!

Seminario de un dma - 8 horas. Domina las herramientas y los conceptos
necesarios para que tu pagina aparezca en Google, AdWords (pago por
click). La metodologma de resultados comprobados y a costos realmente
accesibles.

No es un seminario ticnico, sino dirigido a empresarios, directivos y
emprendedores que quieran que sus paginas Web aparezcan en Google el
buscador mas importante de Internet.

El seminario es  en la ciudad de Mixico, prsximos (3 fechas) 12 y 19 y 26
de Enero. Tiene una duracisn de 8 horas y  un costo de $3,000 + IVA.

Incluye:

  * Uso de una PC por Participante

  * Cafe

  * 5 horas de teorma

  * 3 horas de practica

  * Grupos reducidos

  * Apertura garantizada

?Cuando? (3 Fechas elije la tuya): Enero 12, 19 y 26

?Dsnde? Ciudad de Mixico

Para mayores informes:55 5523-8812 o 01 800 71 61 681 o dar click en la
siguiente liga

Me interesa asistir al seminario AdWords para todos.
(En estas fechas 2 x 1). Da Click Aqui

Saludos y gracias

Ecliserio J Reyes X

Magnmfica Oportunidad para aprender Google AdWords

Darme debaja de su lista... click aqum

Re: Newbie Network/PF Question

[Mike.]

On 1/4/2011 at 10:57 PM Josh Smith wrote:

|
|pass in on $int_if0 # pass all incomming traffic on our internal
interface
|pass in on $int_if1 # pass all incomming traffic on our internal
interface from the test network
 =




I have two internal subnetworks, one for standard frames and one for
jumbo frames.

Instead of the two rules you cite, I use the following:




# macros
std_if = "em1"
jum_if = "em0"
loc_if = "lo0"


# let internal traffic flow unimpeded
pass  quick on $loc_if
pass  quick on $std_if
pass  quick on $jum_if

Re: Pflow netflows exported twice for each connection?

[Bernd Bornkessel]

> What happens if you limit this to one direction and/or interface?  For
> example:
>
> pass out quick on egress proto tcp from 192.168.89.55 to 192.168.92.55
port
> 5001 keep state (pflow)
>

Ok. Now it works, as long as the pflow rule is limited to (direction OR
interface) AND no rule matching the packets from the opposite direction
with pflow enabled follows.

With only one rule in place I get one state table entry and perfect
accounting data:

/etc/pf.conf:
set skip on lo
pass out quick keep state (pflow)

rtr-fra-01# pfctl -vss | grep -A2 5001
all tcp 192.168.89.55:38240 -> 192.168.92.55:5001
FIN_WAIT_2:FIN_WAIT_2
   [1261840914 + 2108288] wscale 6  [123438922 + 5888] wscale 6
   age 00:00:12, expires in 00:01:28, 809292:405808 pkts,
1213932408:21122148 bytes, rule 0, pflow
rtr-fra-01#

bsd-01# flow-print < bsdflow | grep 5001
192.168.89.55192.168.92.556 382405001 1213932408
809292
192.168.92.55192.168.89.556 5001 3824021122148
405808
bsd-01#

Thx a lot!

Regards,
Bernd

Re: Pflow netflows exported twice for each connection?

[Henning Brauer]

* Bernd Bornkessel  [2011-01-05 11:59]:
> In pf's state table I see two records - one for each direction of the
> connection.

and the accumulated data from the state is what pflow exports, so it
is all as intended.

usually, you do your real filtering on one side of the firewall
(usually there are areas that can be called "inside" and "outside" -
tho in some cases, there are many many inside networks, countless
vlans in my case). the other side you do some antispoof and firewall
self-protection. pick one side for pflow.

-- 
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting

USB Keyboard problem

[Luis Useche]

Hi Guys,

I installed a new machine with OBSD 4.8. For some reason, when I disconnect
the USB keyboard and connect it again, it does not work anymore. Moreover,
when I connected on some specific USB sockets it works again. Any clue of
what could be happening?

Thanks,
Luis

OpenBSD 4.8 (GENERIC.MP) #335: Mon Aug 16 09:09:20 MDT 2010
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 3211264000 (3062MB)
avail mem = 3111964672 (2967MB)
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.6 @ 0xfd180 (31 entries)
bios0: vendor Dell Inc. version "2.2.0" date 07/06/2010
bios0: Dell Inc. Precision T1500
acpi0 at bios0: rev 0
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP APIC MCFG SLIC OEMB HPET SSDT
acpi0: wakeup devices P0P1(S4) P0P3(S4) P0P4(S4) P0P5(S4) P0P6(S4) BR1E(S4)
PS2K(S4) PS2M(S4) EUSB(S4) USB0(S4) USB1(S4) USB2(S4) USB3(S4) USBE(S4)
USB4(S4) USB5(S4) USB6(S4) BR20(S4) BR21(S4) BR22(S4) BR23(S4) BR24(S4)
BR25(S4) BR26(S4) BR27(S4) GBE_(S4) SLPB(S4)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i5 CPU 650 @ 3.20GHz, 3192.42 MHz
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,NXE,LONG
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: apic clock running at 133MHz
cpu1 at mainbus0: apid 4 (application processor)
cpu1: Intel(R) Core(TM) i5 CPU 650 @ 3.20GHz, 3192.00 MHz
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,NXE,LONG
cpu1: 256KB 64b/line 8-way L2 cache
cpu2 at mainbus0: apid 1 (application processor)
cpu2: Intel(R) Core(TM) i5 CPU 650 @ 3.20GHz, 3192.00 MHz
cpu2:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,NXE,LONG
cpu2: 256KB 64b/line 8-way L2 cache
cpu3 at mainbus0: apid 5 (application processor)
cpu3: Intel(R) Core(TM) i5 CPU 650 @ 3.20GHz, 3192.00 MHz
cpu3:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,NXE,LONG
cpu3: 256KB 64b/line 8-way L2 cache
ioapic0 at mainbus0: apid 6 pa 0xfec0, version 20, 24 pins
ioapic0: misconfigured as apic 1, remapped to apid 6
acpihpet0 at acpi0: 14318179 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 3 (BR1E)
acpiprt2 at acpi0: bus 2 (BR20)
acpiprt3 at acpi0: bus -1 (BR21)
acpiprt4 at acpi0: bus -1 (BR22)
acpiprt5 at acpi0: bus -1 (BR23)
acpiprt6 at acpi0: bus -1 (BR24)
acpiprt7 at acpi0: bus -1 (BR25)
acpiprt8 at acpi0: bus -1 (BR26)
acpiprt9 at acpi0: bus -1 (BR27)
acpicpu0 at acpi0: C3, C2, C1, PSS
acpicpu1 at acpi0: C3, C2, C1, PSS
acpicpu2 at acpi0: C3, C2, C1, PSS
acpicpu3 at acpi0: C3, C2, C1, PSS
acpibtn0 at acpi0: SLPB
acpibtn1 at acpi0: PWRB
cpu0: Enhanced SpeedStep 3192 MHz: speeds: 3201, 3200, 3067, 2933, 2800,
2667, 2533, 2400, 2267, 2133, 2000, 1867, 1733, 1600, 1467, 1333, 1200 MHz
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel Core Host" rev 0x18
ppb0 at pci0 dev 1 function 0 "Intel Core PCIE" rev 0x18: apic 6 int 16 (irq
10)
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 vendor "NVIDIA", unknown product 0x06fd rev
0xa1
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
"Intel 3400 MEI" rev 0x06 at pci0 dev 22 function 0 not configured
ehci0 at pci0 dev 26 function 0 "Intel 3400 USB" rev 0x06: apic 6 int 16
(irq 10)
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 "Intel EHCI root hub" rev 2.00/1.00 addr 1
azalia0 at pci0 dev 27 function 0 "Intel 3400 HD Audio" rev 0x06: apic 6 int
22 (irq 11)
azalia0: codecs: Realtek ALC662
audio0 at azalia0
ppb1 at pci0 dev 28 function 0 "Intel 3400 PCIE" rev 0x06: apic 6 int 17
(irq 5)
pci2 at ppb1 bus 2
bge0 at pci2 dev 0 function 0 "Broadcom BCM57780" rev 0x01, BCM57780 A1
(0x57780001): apic 6 int 16 (irq 10), address a4:ba:db:fd:cd:84
brgphy0 at bge0 phy 1: BCM57780 10/100/1000baseT PHY, rev. 1
ehci1 at pci0 dev 29 function 0 "Intel 3400 USB" rev 0x06: apic 6 int 23
(irq 15)
usb1 at ehci1: USB revision 2.0
uhub1 at usb1 "Intel EHCI root hub" rev 2.00/1.00 addr 1
ppb2 at pci0 dev 30 function 0 "Intel 82801BA Hub-to-PCI" rev 0xa6
pci3 at ppb2 bus 3
"AT&T/Lucent FW322 1394" rev 0x70 at pci3 dev 1 function 0 not configured
pcib0 at pci0 dev 31 function 0 "Intel H57 LPC" rev 0x06
ahci0 at pci0 dev 31 function 2 "Intel 3400 AHCI" rev 0x06: apic 6 int 19
(irq 14), AHCI 1.3
scsibus0 at ahci0: 32 targets
sd0 at scsibus0 targ 0 lun 0:  SCSI3 0/direct
fixed
sd0: 152627MB, 512 bytes/sec, 312581808 

Podzemni labirint Ravne najsigurnija lokacija u BiH

[Nova senzacija u Visokom]

B PODZEMNI LABIRINT bRAVNEb NAJSIGURNIJA LOKACIJA U BIH

B 

Direktor agencije bDatiDb Gaibija DatiD iz Sarajeva je proteklih
dana boravio u Bosanskoj dolini piramida i izvrE!io preliminarna mjerenja
razliD
itih vrsta energetskih zraD
enja u podzemnom labirintu bRavneb
uz pomoc Genius-a, profesionalnog elektronskog mjernog instrumenta koji
mjeri podzemne vodene tokove, kosmiD
ka i zemaljska zraD
enja meDu
kojima su i Hartmanova, Kurijeva i E najderova mreE>a.

B 

DatiD je koristio i aparat Suzy pomoDu kojeg se mjeri prisutnost i
daljina do kojeg doseE>u tehniD
ka E!tetna zraD
enja od svog izvora. To
su: nejonizirajuDa zraD
enja koja izviru iz danas prezasiDenih
elektriD
nih mreE>a, dalekovoda, trafo stanica, televizijskih, radio i
raD
unarskih aparata ili bilo kojeg drugog izvora.

B 

Prema preliminarnim mjerenjima, utvrDeno je slijedeDe: ispod svakog
keramiD
kog/megalitnog bloka nalazi se podzemni vodeni tok. Energija koja
je detektirana u okolini keramiD
kih/megalitnih blokova nije negativna,
kao E!to je to sluD
aj u 99.99 posto sluD
ajeva iznad podzemnih vodenih
tokova, veD pozitivna. U prostorijama podzemnog labirinta takoDe je
registrirana prisutnost iznimno pozitivne energije.

B 

Nadalje, tri izvora energetskog zraD
enja koji negativno utjeD
u na
ljudski organizam (kosmiD
ka, zemaljska radioaktivna, jonizirajuDa) i
tri mreE>e koje imaju E!tetno djelovanje po D
ovjeka (Hartmanova,
Kurijeva i E najderova mreE>a) imaju vrijednost nula. Drugim rijeD
ima,
podzemni labirint bRavneb je za ljude najsigurnija lokacija u
D
itavoj BiH.

B 

Sveobuhvatnija istraE>ivanja De biti obavljena u narednih nekoliko
mjeseci u podzemnom labirintu, na piramidama i okolini. Rezultati De
blagovremeno biti predstavljeni javnosti, a poseban referat De biti
pripremljen za bDrugu meDunarodnu nauD
nu konferenciju o bosanskim
piramidamab koja De biti odrE>ana u septembru 2011.

B 

B o

B Gaibija DatiD mjeri prisustvo zraD
enja u novopronaDenim sekcijama
podzemnog labirinta bRavneb u Visokom. UtvrDeno je da nema nikakvih
E!tetnih zraD
enja za razliku od povrE!ine Zemlje koja obiluje svim
vrstama geopatogenih zraD
enja koji djeluju jako E!tetno po ljudski
organizam. OD
igledno je da su graditelji tunela i piramida u Visokom
raspolagali sofisticiranim znanjima o energetskim tokovima Planete.

B 

B 

B 

Gaibija DatiD s voditeljem projekta istraE>ivanja Bosanske doline
piramida dr. Semirom OsmanagiDem (www.semirosmanagic.com) pored
osmotonskog keramiD
kog bloka bK-2b. PotvrDeno je da se ispod svih
keramiD
kih blokova u podzemnom labirintu nalaze vodeni tokovi, ali
njihova energija nije negativna veD pozitivna E!to predstavlja poseban
fenomen.

B 

ViE!e o geopatogenim zraD
enjima i profesionalnom radu na neutraliziranju
i zaE!titi od E!tetnih zraD
enja: www.zracenje-zapper.ba, kontakt e-mail:
stetnazracenjasaraj...@live.com

Click here to unsubscribe from future mailings.

Re: USB Keyboard problem

[Ted Unangst]

On Wed, Jan 5, 2011 at 2:45 PM, Luis Useche  wrote:
> I installed a new machine with OBSD 4.8. For some reason, when I disconnect
> the USB keyboard and connect it again, it does not work anymore. Moreover,
> when I connected on some specific USB sockets it works again. Any clue of
> what could be happening?

You didn't include the part of the dmesg that includes plugging the
keyboard in and out so we can't see the "port disabled" message, but
that's probably what happened.

pf question: multiple multihomed machines

[gwes]

What is the recommended pf.conf to get symmetrical routing
for incoming and outgoing connections using a dual-homed
gateway and internal hosts with static IPs on both WANs?

I'm assuming "route-to" and "reply-to" are the correct
tools to use.

I've looked at the FAQ, googled for dual & multihomed machines,
and haven't found a clear answer yet.

I know there's a multihome section in the FAQ, but
it only handles pools of nat-ed machines, and the last couple
of lines are not obvious.

I've got 2 WAN connections going to a gateway machine
with 3 physical interfaces and one virtual interface:

  vether0
 |
wan1 --- bridge0 --- wan2
 |
lan--|
 |nat-host-1
multihomed-host-1|
 |nat-host-2
multihomed-host-2|
 |nat-host-3
multihomed-host-3|
 |nat-host-4

For one wan, the PF can be reasonably simple, with most
of the rules on the WAN interfaces. Even now, it's quite long:

block in on $wan all
block in quick on $wans from  to any
block out on wan proto udp from any to any port $bad_port_list
block out on wan proto tcp from any to 
block out on wan proto udp from any to 
etc

pass in on wan proto tcp from any to  port www
pass in on wan proto tcp from  \
to  port ssh
pass in on wan proto tcp from  \
to  port $mail-ports
pass in on wan proto tcp from any to  port smtp
 many "pass in" 
pass in on wan proto icmp $icmp_types to 

pass out on wan from  to ! 

...and more things to handle nat-host-x on vether0
. voip port range rules are lengthy

I could generate 2 copies of the ruleset matching
each IP range and route-to/reply-to everywhere, but
that is lengthy, error prone, and otherwise painful.

Given the current pf.conf, presumably a

pass out on $wan2 from  to \
 ! route-to ($wan2 $wan2_gateway)

and "no state" on any outgoing rules would work for
outbound traffic.

What about inbound traffic?
  "no state" on all incoming rules, and a

pass in on $wan2 from any to  reply-to \
 ($wan2 $wan2_gateway)
rule could work.

Is this the best solution, given pf internals?

geoff steckel

Re: USB Keyboard problem

[Luis Useche]

This is a more complete dmesg. Here I boot with the keyboard and mouse
connected in one of the back USB ports. This works fine. Then, I disconnect
and connect again and it does not work anymore. Then, I connect both in the
front USB and works fine.

Luis.

OpenBSD 4.8 (GENERIC.MP) #335: Mon Aug 16 09:09:20 MDT 2010
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 3211264000 (3062MB)
avail mem = 3111964672 (2967MB)
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.6 @ 0xfd180 (31 entries)
bios0: vendor Dell Inc. version "2.2.0" date 07/06/2010
bios0: Dell Inc. Precision T1500
acpi0 at bios0: rev 0
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP APIC MCFG SLIC OEMB HPET SSDT
acpi0: wakeup devices P0P1(S4) P0P3(S4) P0P4(S4) P0P5(S4) P0P6(S4) BR1E(S4)
PS2K(S4) PS2M(S4) EUSB(S4) USB0(S4) USB1(S4) USB2(S4) USB3(S4) USBE(S4)
USB4(S4) USB5(S4) USB6(S4) BR20(S4) BR21(S4) BR22(S4) BR23(S4) BR24(S4)
BR25(S4) BR26(S4) BR27(S4) GBE_(S4) SLPB(S4)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i5 CPU 650 @ 3.20GHz, 3192.48 MHz
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,NXE,LONG
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: apic clock running at 132MHz
cpu1 at mainbus0: apid 4 (application processor)
cpu1: Intel(R) Core(TM) i5 CPU 650 @ 3.20GHz, 3192.00 MHz
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,NXE,LONG
cpu1: 256KB 64b/line 8-way L2 cache
cpu2 at mainbus0: apid 1 (application processor)
cpu2: Intel(R) Core(TM) i5 CPU 650 @ 3.20GHz, 3192.00 MHz
cpu2:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,NXE,LONG
cpu2: 256KB 64b/line 8-way L2 cache
cpu3 at mainbus0: apid 5 (application processor)
cpu3: Intel(R) Core(TM) i5 CPU 650 @ 3.20GHz, 3192.00 MHz
cpu3:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,NXE,LONG
cpu3: 256KB 64b/line 8-way L2 cache
ioapic0 at mainbus0: apid 6 pa 0xfec0, version 20, 24 pins
ioapic0: misconfigured as apic 1, remapped to apid 6
acpihpet0 at acpi0: 14318179 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 3 (BR1E)
acpiprt2 at acpi0: bus 2 (BR20)
acpiprt3 at acpi0: bus -1 (BR21)
acpiprt4 at acpi0: bus -1 (BR22)
acpiprt5 at acpi0: bus -1 (BR23)
acpiprt6 at acpi0: bus -1 (BR24)
acpiprt7 at acpi0: bus -1 (BR25)
acpiprt8 at acpi0: bus -1 (BR26)
acpiprt9 at acpi0: bus -1 (BR27)
acpicpu0 at acpi0: C3, C2, C1, PSS
acpicpu1 at acpi0: C3, C2, C1, PSS
acpicpu2 at acpi0: C3, C2, C1, PSS
acpicpu3 at acpi0: C3, C2, C1, PSS
acpibtn0 at acpi0: SLPB
acpibtn1 at acpi0: PWRB
cpu0: Enhanced SpeedStep 3192 MHz: speeds: 3201, 3200, 3067, 2933, 2800,
2667, 2533, 2400, 2267, 2133, 2000, 1867, 1733, 1600, 1467, 1333, 1200 MHz
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel Core Host" rev 0x18
ppb0 at pci0 dev 1 function 0 "Intel Core PCIE" rev 0x18: apic 6 int 16 (irq
10)
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 vendor "NVIDIA", unknown product 0x06fd rev
0xa1
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
"Intel 3400 MEI" rev 0x06 at pci0 dev 22 function 0 not configured
ehci0 at pci0 dev 26 function 0 "Intel 3400 USB" rev 0x06: apic 6 int 16
(irq 10)
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 "Intel EHCI root hub" rev 2.00/1.00 addr 1
azalia0 at pci0 dev 27 function 0 "Intel 3400 HD Audio" rev 0x06: apic 6 int
22 (irq 11)
azalia0: codecs: Realtek ALC662
audio0 at azalia0
ppb1 at pci0 dev 28 function 0 "Intel 3400 PCIE" rev 0x06: apic 6 int 17
(irq 5)
pci2 at ppb1 bus 2
bge0 at pci2 dev 0 function 0 "Broadcom BCM57780" rev 0x01, BCM57780 A1
(0x57780001): apic 6 int 16 (irq 10), address a4:ba:db:fd:cd:84
brgphy0 at bge0 phy 1: BCM57780 10/100/1000baseT PHY, rev. 1
ehci1 at pci0 dev 29 function 0 "Intel 3400 USB" rev 0x06: apic 6 int 23
(irq 15)
usb1 at ehci1: USB revision 2.0
uhub1 at usb1 "Intel EHCI root hub" rev 2.00/1.00 addr 1
ppb2 at pci0 dev 30 function 0 "Intel 82801BA Hub-to-PCI" rev 0xa6
pci3 at ppb2 bus 3
"AT&T/Lucent FW322 1394" rev 0x70 at pci3 dev 1 function 0 not configured
pcib0 at pci0 dev 31 function 0 "Intel H57 LPC" rev 0x06
ahci0 at pci0 dev 31 function 2 "Intel 3400 AHCI" rev 0x06: apic 6 int 19
(irq 14), AHCI 1.3
scsibus0 at ahci0: 32 targets
sd0 at scsibus0 targ 0 lun 0:  SCSI3 0/direct
fixed
sd0: 152627MB, 512 bytes/sec, 312581808 sec total
sd1 at s

VPNC - anyone still using it?

[Christian Kildau]

Hi all,

I'm having a hard time getting vpnc (0.5.3) from packages to work on 4.8.
I have it running on Mac OS X (and Linux also), but it just doesn't work(tm)
on OpenBSD.

Everything get's set up properly (in my eyes). The tun device is created, the
IP Address is assigned, the routes are set. But it looks like vpnc just
doesn't forward anything.

net.inet.esp.enable and net.inet.ah.enable are set to 0, as mentioned by the
vpnc installation script.

# ping sipgate.de
PING sipgate.de (217.10.79.9): 56 data bytes
ping: sendto: No buffer space available
ping: wrote sipgate.de 64 chars, ret=-1

Has anyone got this working on a recent OpenBSD?






IPSec gateway secureconnect.sipgate.net
IPSec ID secureconnect.sipgate.net
IPSec secret sipgate-key
#IPSec target network 217.10.64.0/255.255.240.0
IKE Authmode psk
Xauth username user
Xauth password pass
#NAT Traversal Mode force-natt
Script /etc/vpnc/vpnc-sipgate-script

(Custom script is the default one, minus the resolv.conf handling and sets
217.10.64.0/255.255.240.0 instead of default route)

tun0: flags=51 mtu 1412
priority: 0
groups: tun
status: active
inet 212.9.32.144 --> 212.9.32.144 netmask 0x

# netstat -nrf inet
Routing tables

Internet:
DestinationGatewayFlags   Refs  Use   Mtu  Prio Iface
default10.1.16.1  UGS4   32 - 8 em0
10.1.16/24 link#1 UC 20 - 4 em0
10.1.16.1  00:50:8b:95:a4:d2  UHLc   15 - 4 em0
10.1.16.12800:23:df:a7:8d:9e  UHLc   1  154 - 4 em0
10.1.16.222127.0.0.1  UGHS   00 33160 8 lo0
127/8  127.0.0.1  UGRS   00 33160 8 lo0
127.0.0.1  127.0.0.1  UH 20 33160 4 lo0
212.9.32.151   212.9.32.151   UH 10 - 4 tun0
217.10.64/20   212.9.32.151   UGS00 - 8 tun0
224/4  127.0.0.1  URS00 33160 8 lo0

Re: USB Keyboard problem

[Ted Unangst]

On Wed, Jan 5, 2011 at 3:51 PM, Luis Useche  wrote:
> This is a more complete dmesg. Here I boot with the keyboard and mouse
> connected in one of the back USB ports. This works fine. Then, I disconnect
> and connect again and it does not work anymore. Then, I connect both in the
> front USB and works fine.

This is a lot more interesting.

> uhub4 at uhub3 port 2 "Standard Microsystems product 0x2514" rev 2.00/b.b3
> uhidev1 at uhub4 port 2 configuration 1 interface 0 "Dell Dell USB Keyboard"
> wskbd1: connecting to wsdisplay0

There's the original attach.

> softraid0 at root
> root on sd0a swap on sd0b dump on sd0b

I imagine at about this point you unplugged it.  No detach messages are printed.

> uhub5 at uhub2 port 1 "Standard Microsystems product 0x2514" rev 2.00/b.b3
> uhidev3 at uhub5 port 2 configuration 1 interface 0 "Dell Dell USB Keyboard"
> wskbd2: connecting to wsdisplay0

Now it's connected to the back.

So we're missing the usb detach events for some reason.  That's not
enough for me to solve the problem, but it's certainly critical
information whoever may solve your problem will need.  The obvious
suggestion is to try a snapshot kernel and see if the same thing
happens.  I have a laptop where one port doesn't work right, not sure
why, I just use the other ports.

Re: Newbie Network/PF Question

[Axton]

On Wed, Jan 5, 2011 at 10:14 AM, Mike.  wrote:

> On 1/4/2011 at 10:57 PM Josh Smith wrote:
>
> |
> |pass in on $int_if0 # pass all incomming traffic on our internal
> interface
> |pass in on $int_if1 # pass all incomming traffic on our internal
> interface from the test network
>  =
>
>
>
>
> I have two internal subnetworks, one for standard frames and one for
> jumbo frames.
>
> Instead of the two rules you cite, I use the following:
>
>
>
>
> # macros
> std_if = "em1"
> jum_if = "em0"
> loc_if = "lo0"
>
>
> # let internal traffic flow unimpeded
> pass  quick on $loc_if
> pass  quick on $std_if
> pass  quick on $jum_if
>
>
"set skip" is probably more efficient.

Re: VPNC - anyone still using it?

[Bryan]

On Wed, Jan 5, 2011 at 15:20, Christian Kildau  wrote:
> Hi all,
>
> I'm having a hard time getting vpnc (0.5.3) from packages to work on 4.8.
> I have it running on Mac OS X (and Linux also), but it just doesn't work(tm)
> on OpenBSD.
>

Oh good, I thought I was the only one.

> Everything get's set up properly (in my eyes). The tun device is created, the
> IP Address is assigned, the routes are set. But it looks like vpnc just
> doesn't forward anything.
>
> net.inet.esp.enable and net.inet.ah.enable are set to 0, as mentioned by the
> vpnc installation script.
>
> # ping sipgate.de
> PING sipgate.de (217.10.79.9): 56 data bytes
> ping: sendto: No buffer space available
> ping: wrote sipgate.de 64 chars, ret=-1
>
> Has anyone got this working on a recent OpenBSD?
>

I had to give up and use openconnect.  It uses a vpnc script to create
the SSL tunnel I use.  I submitted an update when the WANTLIB changes
came in, but I didn't see any inclusion to -current...

Here is the latest version of openconnect, it works to connect to my
Cisco AnyClient VPN at work. I've tested it on i386 and amd64


---
#more DESCR
OpenConnect is a client for Cisco's AnyConnect SSL VPN, which is
supported by the ASA5500 Series, by IOS 12.4(9)T or later on Cisco
SR500, 870, 880, 1800, 2800, 3800, 7200 Series and Cisco 7301 Routers,
and probably others.

OpenConnect is released under the GNU Lesser Public License, version
2.1.

Like vpnc, OpenConnect is not officially supported by, or associated in
any way with, Cisco Systems. It just happens to interoperate with their
equipment.

Development of OpenConnect was started after a trial of their "official"
client under Linux found it to have many deficiencies:

   * Inability to use SSL certificates from a TPM, or even use
   a passphrase.
   * Lack of support for Linux platforms other than i386.
   * Lack of integration with NetworkManager on the Linux desktop.
   * Lack of proper (RPM/DEB) packaging for Linux distributions.
   * "Stealth" use of libraries with dlopen(), even using the
   development-only symlinks such as libz.so - making it hard to
   properly discover the dependencies which proper packaging would
   have expressed
   * Tempfile races allowing unprivileged users to trick it into
   overwriting arbitrary files, as root.
   * Unable to run as an unprivileged user, which would have
   reduced severity of the above bug.
   * Inability to audit the source code for further such "Security
   101" bugs.

Naturally, OpenConnect addresses all of the above issues, and more.


It's been tested on i386 and amd64.  I updated it to work with the new
WANTLIB changes.  This adds to Jiri's earlier work.  I just added the
WANTLIB changes.  He's short on bandwidth at the moment, so I made the
changes.

[demime 1.01d removed an attachment of type application/x-gzip which had a name 
of openconnect.tar.gz]

Re: USB Keyboard problem

[Luis Useche]

I just tried with a bsd.rd from a snapshot and the USB does work fine. I
guess this was solved long before I found the problem. Thanks.

Luis.

On Wed, Jan 5, 2011 at 4:22 PM, Ted Unangst  wrote:

> On Wed, Jan 5, 2011 at 3:51 PM, Luis Useche  wrote:
> > This is a more complete dmesg. Here I boot with the keyboard and mouse
> > connected in one of the back USB ports. This works fine. Then, I
> disconnect
> > and connect again and it does not work anymore. Then, I connect both in
> the
> > front USB and works fine.
>
> This is a lot more interesting.
>
> > uhub4 at uhub3 port 2 "Standard Microsystems product 0x2514" rev
> 2.00/b.b3
> > uhidev1 at uhub4 port 2 configuration 1 interface 0 "Dell Dell USB
> Keyboard"
> > wskbd1: connecting to wsdisplay0
>
> There's the original attach.
>
> > softraid0 at root
> > root on sd0a swap on sd0b dump on sd0b
>
> I imagine at about this point you unplugged it.  No detach messages are
> printed.
>
> > uhub5 at uhub2 port 1 "Standard Microsystems product 0x2514" rev
> 2.00/b.b3
> > uhidev3 at uhub5 port 2 configuration 1 interface 0 "Dell Dell USB
> Keyboard"
> > wskbd2: connecting to wsdisplay0
>
> Now it's connected to the back.
>
> So we're missing the usb detach events for some reason.  That's not
> enough for me to solve the problem, but it's certainly critical
> information whoever may solve your problem will need.  The obvious
> suggestion is to try a snapshot kernel and see if the same thing
> happens.  I have a laptop where one port doesn't work right, not sure
> why, I just use the other ports.

Moderno Condominio de Estreno en CHORRILLOS. publicidad sa tim

[CONDOMINIO PARQUE RESIDENCIAL LA ALAMEDA]

[demime 1.01d removed an attachment of type image/jpeg which had a name of 
requeridora.jpg]

[demime 1.01d removed an attachment of type image/jpeg which had a name of 
siberiana.jpg]

[demime 1.01d removed an attachment of type image/jpeg which had a name of 
fcariocinetico.jpg]

[demime 1.01d removed an attachment of type image/jpeg which had a name of 
tamarugal.jpg]

[demime 1.01d removed an attachment of type image/jpeg which had a name of 
apayasar.jpg]

Re: softraid metadata change 4.7 -> 4.8

[Rodolfo Gouveia]

On 01/04/2011 08:02 PM, Joachim Schipper wrote:
> On Tue, Jan 04, 2011 at 02:34:08PM +, Rodolfo Gouveia wrote:
>> I have a machine with 4.7 softraid CRYPTO.
>> On the upgrade48.html it's recommended to rebuild the softraid volume
> I believe "rebuild" means "dump and restore" here.

Hmm ... you mean on a softraid CRYPTO only or would this apply to a
softraid volume with RAID 1?

Thanks.

--rodolfo

Re: Multi-homing in same subnet with pf?

[Barry Grumbine]

Hi,

I know that on a bridge interface "-learn em0" in hostname.bridge0 will 
alleviate the "arp: attempt to add entry ..." errors.


Maybe if you put em0, em1 and em2 all in a bridge you could use 
"-learn".   I'd probably try something like:


hostname.bridge0:
add em0
add em1
-learn em1
add em2
-learn em2
up

Of course, that may completely break the DHCP requests... don't know.


-Barry




On 01/04/2011 05:09 PM, Teemu Rinta-aho wrote:

I have been succesfully running an OpenBSD firewall which has
three network interfaces connected to the same DSL box. I
use three of the five public IP addresses that my ISP lets me
have. I binat two of those to two hosts in my home network
and the third one is used for "regular" nat for the rest of
the hosts. Everything has worked well so far.

Now my ISP changed something in their DHCP server/routing scheme.
Two of the external interfaces get the same next hop (same IP,
same MAC) with DHCP. This causes problems with e.g. ARP. The setup
still seems to work somehow (badly, connections are breaking) but I
get errors like this:

arpresolve: 217.212.252.168: can't allocate llinfo
duplicate IP address 80.220.81.184 sent from ethernet address
00:30:18:ae:75:d5
arp: attempt to add entry for 80.220.64.1 on em2 by 00:02:cf:84:83:ff on em0

I tried to solve this by using different routing domains for
re0 (home) and em0, em1 and em2 (internet) interfaces, but then
it seems I cannot route between the domains even with pf. Otherwise
it solved the problem from the firewall-point-of-view.

Is there a way to get this kind of a setup to work?

Teemu

Publica y comparte tu CV y encuentra empleo

[Portal Vitae]

Portal Vitae
Profesionistas y Candidatos

Publica y comparte en lmnea tu currmcula, blog y portafolio profesional...
...y dile adiss al currmculum tradicional.

70% de los empleos se consiguen por recomendaciones

Comparte tu Currmculum Vitae con tus amigos y contactos profesionales que te
puedan recomendar.
Sslo envma tu link personalizado a travis de Portal Vitae o publmcalo a tu red
social.

Registro para reclutadores y empresas

Inicio
Tour
Quiin usa PortalVitae?
Precios

Informacion para profesionistas y candidatos

Re: USB Keyboard problem

[Brynet]

Luis wrote:
> Hi Guys,
> 
> I installed a new machine with OBSD 4.8. For some reason, when I disconnect
> the USB keyboard and connect it again, it does not work anymore. Moreover,
> when I connected on some specific USB sockets it works again. Any clue of
> what could be happening?
> 
> Thanks,
> Luis

I think this has something to do with Intel's "Rate matching"
controllers, there is no longer UHCI/OHCI companion controllers so USB
1.0/1.1 magic is done in the root hubs now.

Hmm, thought I saw a commit about this, IIRC it was fixed in -current by
someone.

-Bryan.

Taller de Prevención de Demandas Laborales en México D.F. 26 de Enero

[Adriana Garza]

[IMAGE]

Acciones Preventivas contra las Demandas Laborale

26 Enero 2011, Mixico D.F.

10 Horas de Capacitacisn Efectiva impartidas por nuestro consultor

Mtro. Alberto Ledesma Gonzalez

Smguenos en twit...@pmscapacitacion o bien en Facebook PMS de Mixico

PMS Capacitacisn Efectiva de Mixico . Le presenta este exclusivo
seminario, debemos de tomar en cuenta que una demanda es el inicio de un
juicio laboral, en la cual se dirige a los miembros de la Junta Especial
de Conciliacisn y Arbitraje, ya sea local o federal, en donde el
trabajador, quien normalmente es quien promueve, manifiesta su
inconformidad con su patrsn mediante la vma legal, reclamando diversas
prestaciones, las cuales pueden ser justificadas o no. Esto le representa
una considerable perdida de tiempo y recursos en caso de no tener una
correcta cultura preventiva.

Beneficios para usted:

-Desarrolle Mecanismos de Prevencisn de Demandas Laborales para la
proteccisn de su empresa u organizacisn.

-Conozca los alcances de los recursos legales del Patrsn y csmo
aprovechar los mismos.

-Aprenda a ejecutar acciones contundentes y eficaces en esta materia.

Ventajas de asistir a nuestro seminario:

Es la forma mas efectiva para mantenerse a la vanguardia, le brindara
estrategias aplicables en su organizacisn, y una excelente
retroalimentacisn con los asistentes de diferentes empresas.

Duracisn: 10 Horas de entrenamiento.

!Promociones Especiales para grupos!

Capacitacisn Impartida por: Mtro. Alberto Ledesma Gonzalez.

Pms Capacitacisn Efectiva de Mixico presenta:

Acciones Preventivas contra las Demandas Laborales, 10 Hrs. de
Entrenamiento.

Experto Consultor Mtro. Alberto Ledesma Gonzalez

Empresa Registrada ante la STPS Reg. COLG640205CP30005

Smguenos en twit...@pmscapacitacion o bien en Facebook PMS de Mixico

Mayores informes responda este correo electrsnico con los siguientes
datos.

Empresa:

Nombre:

Telifono:

Email:

Nzmero de Interesados:

Y en breve le haremos llegar la informacisn completa del evento.

O bien comunmquense a nuestros telifonos un ejecutivo con gusto le
atendera Tels. (33) 8851-2365, (33)8851-2741.

Copyright (C) 2010, PMS Capacitacisn Efectiva de Mixico S.C. Derechos
Reservados. PMS de Mixico, El logo de PMS de Mixico son marcas
registradas.

ADVERTENCIA PMS de Mixico no cuenta con alianzas estratigicas de ningzn
tipo dentro de la Republica Mexicana. NO SE DEJE ENGAQAR - DIGA NO A LA
PIRATERIA. Todos los logotipos, marcas comerciales e imagenes son
propiedad de sus respectivas corporaciones y se utilizan con fines
informativos solamente.

Este Mensaje ha sido enviado a como usuario de Pms de Mixico o bien un
usuario le refiris para recibir este boletmn.

Como usuario de Pms de Mixico, en este acto autoriza de manera expresa
que Pms de Mixico le puede contactar vma correo electrsnico u otros
medios.

Si usted ha recibido este mensaje por error, haga caso omiso de el y
reporte su cuenta respondiendo este correo con el subject BAJADEMANDAS

Unsubscribe to this mailing list, reply a blank message with the subject
UNSUBSCRIBE BAJADEMANDAS Tenga en cuenta que la gestisn de nuestras bases
de datos es de suma importancia y no es intencisn de la empresa la
inconformidad del receptor.

[demime 1.01d removed an attachment of type image/png which had a name of 
image001.png]

Re: VPNC - anyone still using it?

[Christian Kildau]

Thanks for that Bryan, but I sadly I can't control the remote endpoint and
from what I know Any Connect is a different type of VPN, so I can't use
openconnect to connect to this VPN.

Isn't there any way to get VPNC to work on a recent OpenBSD?


On Jan 5, 2011, at 10:53 PM, Bryan wrote:

> On Wed, Jan 5, 2011 at 15:20, Christian Kildau  wrote:
>> Hi all,
>>
>> I'm having a hard time getting vpnc (0.5.3) from packages to work on 4.8.
>> I have it running on Mac OS X (and Linux also), but it just doesn't
work(tm)
>> on OpenBSD.
>>
>
> Oh good, I thought I was the only one.
>
>> Everything get's set up properly (in my eyes). The tun device is created,
the
>> IP Address is assigned, the routes are set. But it looks like vpnc just
>> doesn't forward anything.
>>
>> net.inet.esp.enable and net.inet.ah.enable are set to 0, as mentioned by
the
>> vpnc installation script.
>>
>> # ping sipgate.de
>> PING sipgate.de (217.10.79.9): 56 data bytes
>> ping: sendto: No buffer space available
>> ping: wrote sipgate.de 64 chars, ret=-1
>>
>> Has anyone got this working on a recent OpenBSD?
>>
>
> I had to give up and use openconnect.  It uses a vpnc script to create
> the SSL tunnel I use.  I submitted an update when the WANTLIB changes
> came in, but I didn't see any inclusion to -current...
>
> Here is the latest version of openconnect, it works to connect to my
> Cisco AnyClient VPN at work. I've tested it on i386 and amd64
>
>
> ---
> #more DESCR
> OpenConnect is a client for Cisco's AnyConnect SSL VPN, which is
> supported by the ASA5500 Series, by IOS 12.4(9)T or later on Cisco
> SR500, 870, 880, 1800, 2800, 3800, 7200 Series and Cisco 7301 Routers,
> and probably others.
>
> OpenConnect is released under the GNU Lesser Public License, version
> 2.1.
>
> Like vpnc, OpenConnect is not officially supported by, or associated in
> any way with, Cisco Systems. It just happens to interoperate with their
> equipment.
>
> Development of OpenConnect was started after a trial of their "official"
> client under Linux found it to have many deficiencies:
>
>  * Inability to use SSL certificates from a TPM, or even use
>  a passphrase.
>  * Lack of support for Linux platforms other than i386.
>  * Lack of integration with NetworkManager on the Linux desktop.
>  * Lack of proper (RPM/DEB) packaging for Linux distributions.
>  * "Stealth" use of libraries with dlopen(), even using the
>  development-only symlinks such as libz.so - making it hard to
>  properly discover the dependencies which proper packaging would
>  have expressed
>  * Tempfile races allowing unprivileged users to trick it into
>  overwriting arbitrary files, as root.
>  * Unable to run as an unprivileged user, which would have
>  reduced severity of the above bug.
>  * Inability to audit the source code for further such "Security
>  101" bugs.
>
> Naturally, OpenConnect addresses all of the above issues, and more.
>
>
> It's been tested on i386 and amd64.  I updated it to work with the new
> WANTLIB changes.  This adds to Jiri's earlier work.  I just added the
> WANTLIB changes.  He's short on bandwidth at the moment, so I made the
> changes.
>
> [demime 1.01d removed an attachment of type application/x-gzip which had a
name of openconnect.tar.gz]