Re: Conundrum with pf
On Mon, Aug 20, 2018 at 09:21:54PM +, Walt wrote: > I don't really remember for sure from the last time I did a fresh install, > but I think that /etc/sysctl.conf isn't there by default -- if you need it, > you have to create it yourself. > > Walt > Having done multiple fresh installs over the last few months as I got my home network in shape, I can confirm that /etc/sysct.conf is not present by default and needs to be created manually if needed. -- Jon Tabor tab...@obsolete.site http://obsolete.site 'There is a saying: There is no such thing as overkill. There is only “Open fire!” and “Reloading!”' ― John Ringo, The Hot Gate
Re: Need an advice: Raspberry Pi3 B+ or Pine64 ROCK64
On Sun, Aug 26, 2018 at 01:33:27PM +0200, Mohamed Fouad wrote: > Hi Carlos, i have a similar requirement and i am considering testing a > banana pi router at this moment. > > I'm currently using a Banana Pro as my home router/firewall. I experienced a bunch of packet loss on the internal port (dwge). I'm currently running both LAN and WAN interfaces via USB dongles (ure and axe devices that I had around). It does fine for my needs, but my pipe is only a 50Mbit up/down, which it handles fine. That said, I'm looking at alternatives, simply because I want the Banana Pro back as a board to tinker with, rather than having it full-time as necessary device. -- Jon Tabor tab...@obsolete.site http://obsolete.site 'There is a saying: There is no such thing as overkill. There is only “Open fire!” and “Reloading!”' ― John Ringo, The Hot Gate
Re: Selling things through the mailing list allowed? I have compatible THIN CLIENTS for Firewall / Router appliance use Available
On Thu, Aug 30, 2018 at 07:40:55PM +, Daniel Corbe wrote: > > > On 8/30/2018 15:27:23, ed...@pettijohn-web.com wrote: > > > > > https://marc.info/?l=openbsd-ports&m=141634350915839&w=2 > > > Hmm.. > > $ procmail -v > procmail v3.22 2001/09/10 > Copyright (c) 1990-2001, Stephen R. van den Berg > Copyright (c) 1997-2001, Philip A. Guenther > > > Okay. > > Well, thanks. I'm now in the midst of an existential crisis for not > knowing a critical piece of my mailer chain was last updated in 2001. I no > longer believeI'm qualified to speak on topics of technology. I might try > driving trucks for a living. At least then I don't have to think. > > Yep, right there with ya. So, ah...what's everyone using for mail filtering these days? Spamassassin? ClamAV? Something else entirely? -- Jon Tabor tab...@obsolete.site http://obsolete.site 'There is a saying: There is no such thing as overkill. There is only “Open fire!” and “Reloading!”' ― John Ringo, The Hot Gate
Re: OpenBSD alternatives to Pi-Hole
On Fri, Jun 12, 2020 at 04:33:08PM -0700, Jordan Geoghegan wrote: > > > On 2020-06-12 14:01, George wrote: > > > > On 2020-06-12 3:41 p.m., Maurice McCarthy wrote: > > > You could have a look at > > > https://www.geoghegan.ca/unbound-adblock.html and > > > https://www.geoghegan.ca/pfbadhost.html > > > > Simply great! Will definitely try these out. > > > > Merci! > > > > George > > > > Hey there, > > I'm the author of those scripts. In response to concerns about > heavyness/memory use of DNS blocklists: unbound-adblock is pretty light on > memory (~30MB of RAM usage) as we serve NXDOMAIN responses instead of > redirecting to 0.0.0.0 etc. By doing this we save a massive amount of memory > that would otherwise be spent mapping each domain to a black hole address. I > run unbound-adblock on many Edgerouter Lites and havent had any issues. > > Regards, > > Jordan Geoghegan I'm using these scripts (or a version of them; I've had them in for a while), and it's using NXDOMAIN which loads way faster and uses a lot less memory. I also slightly tweaked the script I have to include a whitelist file, as my wife keeps finding sites that simply won't work properly. It simply calls sed to remove lines from the unbound-adhosts.conf file Works great. I also set up pf to redirect all DNS queries to my local instance of unbound, so you can't easily bypass it (unless you use DNS over HTTPS). Jon Tabor tab...@obsolete.site
Re: Home NAS
I'm running a small home NAS on OpenBSD, in a very similar configuration as your intended configuration, right down to the rsync backup scripts. It's worked very well so far, though I've only had it in place for a bit over a year. I chose OpenBSD over FreeBSD due to being far more comfortable with OpenBSD than FreeBSD, and my desire to run my favorite OS in a meaningful way. I say go for it, and (like all systems) make sure your backups are good (that means test them periodically). -- Jon Tabor tab...@obsolete.site "I desire peace. I also *require* freedom. Not only for myself, but for Earth. If it can be achieved through peaceful ends, wonderful. War is waste. However, the only thing worse than war is the loss of liberty." -John Ringo, _The Hot Gate_
Re: tmux redrawing issues after switch to 6.4
On Tue, Jan 08, 2019 at 11:25:36PM +0100, T. Ribbrock wrote: > Hi all, > > last week, I finally got round to re-install my home server with OpenBSD > 6.4 (was still on 5.6 - don't ask...). Everything is running smoothly > (and I was quite impressed by all the improvements made - just took me > quite some time to go through all the new docs... ;-) ). > > I just have one remaining problem that I have not been able to find a > solution for: tmux. I've been using tmux under OpenBSD 5.6 extensively > (usually via ssh) and never had any issues with it. However, with > OpenBSD 6.4 and its version of tmux, tmux now fails to redraw the screen > properly when paging through files in some applications via ssh. It > works in vi, but in vim and less, lots of characters from previous pages > remain on the screen. Interestingly, it only happens when paging or > jumping (e.g. search) - not when scrolling line by line. > > I've been searching around for quite some time and found several old > message "on the net" about similar issues, but have not found a > solution. Has anybody maybe some pointers for me how to investigate/solve > this? > > Thanks in advance, > > Thomas > What's your TERM variable set to? I've seen/read about issues if TERM is set to something like xterm-256color. You might try changing it to screen-256color and see if the problem goes away. -- Jon Tabor | tab...@obsolete.site | http://obsolete.site "Once in a while you get shown the light In the strangest of places if you look at it right."
Re: RS-232 serial to ethernet
I have one of these, but I really only use it to connect the old VIC-20 to BBS systems. It works alright, but it's a bit funky in it's implementation. As others have said, it's completely plaintext; everything is sent in the clear. You'd be telnetting (not ssh) into it. How much do you trust your network? Aside from that, it should work, though I'm not sure how robust it'd be under long-term usage. You can find versions without the case on eBay for about $10USD, and at that price it's basically disposable. Pick one up and try it out. Jon tab...@obsolete.site On Apr 8, 2019, at 09:07, "LÉVAI Dániel" wrote: Hi misc@! I was wondering if I could use some budget solution to access my OpenBSD machine via its serial console over the network, and I stumbled upon this piece of hardware: [1] [2] [3] (the same device "USR-TCP232-302", I'm just not sure which one will be up at the time someone looks at them) It basically should be able convert the serial port to TCP/IP networking. Is this something anyone else has used before -- or if you know something similar, I'm really interested! Thanks, Dani [1] - https://www.aliexpress.com/item/Q18041-USR-TCP232-302-Tiny-Size-Serial-RS232-to-Ethernet-TCP-IP-Server-Module-Ethernet-Converter/32683105763.html [2] - https://www.aliexpress.com/item/USR-TCP232-302-Tiny-Size-Serial-RS232-to-Ethernet-TCP-IP-Server-Module-Ethernet-Converter-Support/32899179930.html [3] - https://www.aliexpress.com/item/Q18041-USR-TCP232-302-Tiny-Size-Serial-RS232-to-Ethernet-TCP-IP-Server-Module-Ethernet-Converter/32685599659.html On Apr 8, 2019, 09:07, at 09:07, "LÉVAI Dániel" wrote: >Hi misc@! > >I was wondering if I could use some budget solution to access my >OpenBSD >machine via its serial console over the network, and I stumbled upon >this piece of hardware: [1] [2] [3] (the same device "USR-TCP232-302", >I'm just not sure which one will be up at the time someone looks at >them) > >It basically should be able convert the serial port to TCP/IP >networking. Is this something anyone else has used before -- or if you >know something similar, I'm really interested! > > >Thanks, >Dani > >[1] - >https://www.aliexpress.com/item/Q18041-USR-TCP232-302-Tiny-Size-Serial-RS232-to-Ethernet-TCP-IP-Server-Module-Ethernet-Converter/32683105763.html >[2] - >https://www.aliexpress.com/item/USR-TCP232-302-Tiny-Size-Serial-RS232-to-Ethernet-TCP-IP-Server-Module-Ethernet-Converter-Support/32899179930.html >[3] - >https://www.aliexpress.com/item/Q18041-USR-TCP232-302-Tiny-Size-Serial-RS232-to-Ethernet-TCP-IP-Server-Module-Ethernet-Converter/32685599659.html > >-- >LÉVAI Dániel >PGP key ID = 0x83B63A8F >Key fingerprint = DBEC C66B A47A DFA2 792D 650C C69B BE4C 83B6 3A8F
tap interfaces not automatically joining bridge on vmm start
Good day everyone,
I recently ran through the process of updating my ancient vmm host server from
7.2 all the way up to 7.7 (stepping through each version using sysupgrade).
Everything went extremely well, with the exception of one issue: previously
when I started a vmm guest, the tap interface (tap0, tap1, etc) automatically
added itself to the bridge (bridge0) so the guests could communicate on the
network, but now they no longer do. I have to manually add them using
ifconfig bridge0 add tap0
every time I start/restart a vmm guest.
Any thoughts on why that would be? Here's my vm.conf; not sure what else would
be in play here, so let me know if there are other configuration files I should
show.
vm.conf:
socket owner taborj:taborj
switch "bridge" {
interface bridge0
}
vm "athos" {
memory 10G
enable
disk /mnt/sd1a/vmware/athos.qcow2
disk /mnt/sd1a/vmware/athos_usr.qcow2
interface { switch "bridge" }
}
vm "porthos" {
memory 512M
enable
disk /mnt/sd1a/vmware/porthos.qcow2
disk /mnt/sd1a/vmware/porthos2.qcow2
interface { switch "bridge" }
}
Thanks,
--
Jon Tabor
tab...@obsolete.site
Re: tap interfaces not automatically joining bridge on vmm start
July 9, 2025 at 5:56 PM, "Mike Larkin" mailto:mlar...@nested.page?to=%22Mike%20Larkin%22%20%3Cmlarkin%40nested.page%3E
> wrote:
>
> On Wed, Jul 09, 2025 at 02:42:44PM +, Jon Tabor wrote:
>
> >
> > Good day everyone,
> >
> > I recently ran through the process of updating my ancient vmm host server
> > from 7.2 all the way up to 7.7 (stepping through each version using
> > sysupgrade). Everything went extremely well, with the exception of one
> > issue: previously when I started a vmm guest, the tap interface (tap0,
> > tap1, etc) automatically added itself to the bridge (bridge0) so the guests
> > could communicate on the network, but now they no longer do. I have to
> > manually add them using
> >
> > ifconfig bridge0 add tap0
> >
> > every time I start/restart a vmm guest.
> >
> > Any thoughts on why that would be? Here's my vm.conf; not sure what else
> > would be in play here, so let me know if there are other configuration
> > files I should show.
> >
> > vm.conf:
> >
> > socket owner taborj:taborj
> >
> > switch "bridge" {
> > interface bridge0
> > }
> >
> > vm "athos" {
> > memory 10G
> > enable
> > disk /mnt/sd1a/vmware/athos.qcow2
> > disk /mnt/sd1a/vmware/athos_usr.qcow2
> > interface { switch "bridge" }
> > }
> >
> > vm "porthos" {
> > memory 512M
> > enable
> > disk /mnt/sd1a/vmware/porthos.qcow2
> > disk /mnt/sd1a/vmware/porthos2.qcow2
> > interface { switch "bridge" }
> > }
> >
> > Thanks,
> > --
> > Jon Tabor
> > tab...@obsolete.site mailto:tab...@obsolete.site
> >
> I had similar weird problems with bridge(4) long ago and switched to veb(4) at
> the suggestion of some of the other devs. I just toss all the tapN into the
> veb at boot (/etc/hostname.veb0), that way I don't need to worry about them
> not getting added later.
>
> -ml
>
That's a good suggestion, I'll look into it. I've seen a few other places
mention using veb instead of bridge, but I didn't really dive into why.
Thanks,
--
Jon Tabor
tab...@obsolete.site mailto:tab...@obsolete.site
