Re: pkg_outdated: command not found
On Tue, Nov 19, 2024 at 01:45:37PM +0100, Marco van Hulten wrote: > Hi, > > packages(7) mentions pkg_outdated(1), but there is no such binary > tracked by pkg_mklocatedb(1): > > $ pkglocate pkg_outdated > man76:/usr/share/man/man1/pkg_outdated.1 > > But then I read again the DESCRIPTION in the man page and found out it > is in /usr/ports/infrastructure/bin/. I consider adding this to my > PATH. It's in the ports tree. ports/infrastructure/bin/pkg_outdated -- Antoine
Re: X230 random reboots
> Am I the only one experiencing this? Can it be a hardware issue? If I recall correctly, there is a verbose option for kernel booting or a debug kernel. I'm sorry but I cannot be more precise, I never used it. I remember it shows some extra details when booting. Maybe someone very familiar with this can present you more instructions. And be prepared to record all on video :-)
pkg_outdated: command not found
Hi, packages(7) mentions pkg_outdated(1), but there is no such binary tracked by pkg_mklocatedb(1): $ pkglocate pkg_outdated man76:/usr/share/man/man1/pkg_outdated.1 But then I read again the DESCRIPTION in the man page and found out it is in /usr/ports/infrastructure/bin/. I consider adding this to my PATH. This is all fine for me now, but many users don't have the ports tree and may be confused even longer than I was. I run OpenBSD 7.6 stable on one and yesterday's snapshot on another computer. ---Marco
Re: Folks anyone have success using sec(4) interfaces on Site to Site VPNs between OpenBSD and Fortinet ?
Hi Folks, Thanks for the suggestions... also I have run policy based ipsec between fortniet and openbsd and it seemed to work well... we just want to run dynamic routing so it is easier have tunnel endpoints so that we can use dynamic routing daemons... to fail over between vpn endpoints.. running Ikev2 and referencing the sec(4) interface in iked.conf seemed to work, myOpenBSD-IP = my local openbsd public ip fortinet-public-ip = public ip of the fortinet customer .. Tunnel address local (openbsd) 172.16.1.2 remote (fortninet-tunnelendpoint) 172.16.1.1 iked.conf --- ikev2 esp \ from any to any \ local myOpenBSD-IP peer fortinet-public-ip \ psk "Big-Secret!" \ iface sec1 ---end iked.conf ifconfig sec1 sec1: flags=8051 mtu 1280 description: ike2-site-site-VPN index 8 priority 0 llprio 3 groups: sec inet 172.16.1.2 --> 172.16.1.1 netmask 0x It works ok .. . feels a little magic :) thanks for wrtiting the sec(4) driver and the integration with iked... ipsec Much obliged... Tom Smyth On Tue, 19 Nov 2024 at 12:04, David Gwynne wrote: > > > > > On 19 Nov 2024, at 12:07, Tom Smyth wrote: > > > > Folks > > did anyone have success using sec(4) interfaces on Site to Site VPNs > > between OpenBSD and Fortinet ? I want to route via the sec interface > > rather than specify static policies in iked.conf > > no experience, sorry. if you've ever configured a policy based vpn between > openbsd and a fortinet, then it should be straightforward. > > > or should I be using gre(4) gif(4) or some other tunnel device to > > bring up an interface which I can put an ip address on and route over > > , > > > > any pointers would be really appreciated > > gre over ipsec is much more likely to work than gif. i'd argue sec would be > easier because you don't need to know the ips for the tunnel endpoints like > you do for gre (and gif). > > cheers, > dlg > > > > > thanks > > > > Tom Smyth > > > > > > -- > > Kindest regards, > > Tom Smyth. > > > -- Kindest regards, Tom Smyth.
Re: X230 random reboots
> Am I the only one experiencing this? Can it be a hardware issue? Some X230 are faulty, even with other OS, showing unpredictable behaviours at random times. I have already seen 2 of them, customers weren't happy, to say the least. Looks like you got one more of them. Throw it into trash.
Re: OpenVPN errors after sysupgrade to 7.6
Hi Steve, This is fixed in upstream (3.2.2). Check: https://github.com/OpenVPN/easy-rsa/commit/7df616ba1ed4add956d0353b68fce9d865f46c82 Best regards, Peter On 11/19/24 2:16 PM, Steve Fairhead wrote: Probably pilot error, again, but... Since the sysupgrade, I can no longer create or revoke OpenVPN keys. In both cases I get the following: ./easyrsa revoke old-user Easy-RSA error: Unsupported SSL library: 4 EasyRSA Version Information Version: 3.1.1 Generated: Thu Oct 13 06:37:48 CDT 2022 SSL Lib: LibreSSL 4.0.0 Git Commit: 2083fb29b512c5b2fccf65db8e5f89771fbf90f5 Source Repo: https://github.com/OpenVPN/easy-rsa Host: 3.1.1 | nix | OpenBSD | /bin/ksh | LibreSSL 4.0.0 Am I doing something wrong? I have upgraded all packages, but didn't see any changes to e.g. easy-rsa. Thanks, Steve
