Re: PF log entry

On 05/28/2014 04:10 PM, Philip Guenther wrote: > On Tue, May 27, 2014 at 7:12 PM, Stan Gammons > wrote: > > Using tcpdump -n -ttt -r /var/log/pflog I have a log entry with > [len16 161. What is len16 > > If something in tcpdump output isn't described by t

Re: Authentication with LDAP on OpenBSD

Matthew Weigel wrote: > On 05/27/2014 10:50 PM, Predrag Punosevac wrote: > > > and edited /etc/ypldap.conf as: > > > > # $OpenBSD: ypldap.conf,v 1.4 2012/04/30 12:16:43 ajacoutot Exp $ > > > > domain "autonlab.org" > > interval60 > > provide map "passwd.byname" > > provide

SSL certs and xombrero again but with a third party twist

Using xombrero in cert_warn mode with a ca file I get a yellow bar which means untrusted on ewf.companieshouse.gov.uk but firefox shows a green bar OpenSSL output at the bottom. I figured OK so the pem bundles differ and I am not too surprised where companies house is concerned. mk-ca-bundle.p

Re: PF log entry

On Tue, May 27, 2014 at 7:12 PM, Stan Gammons wrote: > Using tcpdump -n -ttt -r /var/log/pflog I have a log entry with > [len16 is len16 If something in tcpdump output isn't described by the manpage, you'll need to check the source and see what the code generating it didn't like. In this case,

Re: debugging vio issue?

On Wed, May 28, 2014 at 11:37:54AM -0700, Philip Guenther wrote: >On Wed, May 28, 2014 at 11:26 AM, Adam Thompson ><[1]athom...@athompso.net> wrote: > > Don't have a good answer for you, but I have similar problems with > vio(4). > Switching to e1000 on the KVM side solved m

Re: problem between postfix and Courier authdaemond

On Tue, May 27, 2014 at 09:30:15PM +0200, Mika wrote: > Hi, > > i habe a little problem with authdaemond. > > > > cat /var/log/maillog > May 27 21:12:30 2-2-2-2 postfix/smtps/smtpd[6446]: Anonymous TLS > connection established from 1-1-1-1-di.dum.di[1.1.1.1]: TLSv1 with > cipher ECDHE-RSA-AES128

Re: pf+voip

> > Does pf have specific rules for voip, no > >may be example of working pf_rule with voip? I use a hardware phone (Linksys SPA 901), a software SIP client (CSipSimple) on an Android, and pjsua on OpenBSD, all behind OpenBSD NAT. In pf.conf I let "udp port sip" and "tcp port sip" in, and anyth

Re: 5.5 pf priority

* Marko Cupać [2014-05-28 18:12]: > On Wed, 28 May 2014 14:12:42 +0200 > Henning Brauer wrote: > > > prio is ignored when bandwidth shaping is on. > > > > priority in ALTQ-HFSC was an illusion really. > > Hi Henning, > > knowing your role in pf development, I take your answer as > authoritati

Re: debugging vio issue?

On Wed May 28 2014 11:37, Philip Guenther wrote: > On Wed, May 28, 2014 at 11:26 AM, Adam Thompson wrote: > > > Don't have a good answer for you, but I have similar problems with vio(4). > > Switching to e1000 on the KVM side solved my random hangs completely. Same behaviour with RHEV 3.3. > The

npppd security

Hi, I'm running 5.5 release, all patches applied. I have a few questions about npppd running in combination with isakmpd. If npppd tunnel listen address can't be changed and l2tp-ipsec-require isn't supported, then how is one supposed to secure the npppd service from dictionary attacks fro

Re: debugging vio issue?

Em 28-05-2014 15:26, Adam Thompson escreveu: > Don't have a good answer for you, but I have similar problems with vio(4). > Switching to e1000 on the KVM side solved my random hangs completely. > -Adam I don't run current, but I have a 5.5-stable firewall that works perfectly using vio(4). But, I'm

Re: debugging vio issue?

On Wed, May 28, 2014 at 11:26 AM, Adam Thompson wrote: > Don't have a good answer for you, but I have similar problems with vio(4). > Switching to e1000 on the KVM side solved my random hangs completely. > The vio(4) manpage mentions Setting flags to 0x02 disables the RingEventIndex feature.

Re: debugging vio issue?

Don't have a good answer for you, but I have similar problems with vio(4). Switching to e1000 on the KVM side solved my random hangs completely. -Adam -- Sent from my Android device with K-9 Mail. Please excuse my brevity.

Re: 5.5 pf priority

Em 28-05-2014 13:12, Marko Cupać escreveu: > On Wed, 28 May 2014 14:12:42 +0200 > Henning Brauer wrote: > >> prio is ignored when bandwidth shaping is on. >> >> priority in ALTQ-HFSC was an illusion really. > Hi Henning, > > knowing your role in pf development, I take your answer as > authoritativ

Re: debugging vio issue?

We've seen this exact issue on 5.3 and 5.4 in the same scenario (KVM VM) and I was actually going to pose the same question you did after testing 5.5 later today. Our VMs are running as routers in an openstack cluster and it appeared to us that it was a lack of activity that caused the network fai

debugging vio issue?

Hi, I have a 5.5/amd64 KVM VM running Ansible. Most of the time, it works great. It's running the amd64 snapshot dated 27 May, from ftp3.usa.openbsd.org. When I attempt to use the squid proxy to download large files from the Internet, however, I occasionally get stalls. This is most easily repro

Re: pipex and npppd syslog

On Tue, 27 May 2014 20:03:54 +0200 Marko Cupać wrote: > I have relatively busy npppd pptp server, and it logs a lot of output > into /var/log/messages. > > How can I move npppd and pipex log messages into separate file? As far as syslog.conf(5), you can use !!npppd for that purpose. Currently n

Re: 5.5 pf priority

On Wed, 28 May 2014 14:12:42 +0200 Henning Brauer wrote: > prio is ignored when bandwidth shaping is on. > > priority in ALTQ-HFSC was an illusion really. Hi Henning, knowing your role in pf development, I take your answer as authoritative. However, this would imply that pf.conf(5) has mislea

Re: Run 'n' play missing home-based package manager for OpenBSD

>> Users can compile and run whatever they want in their home directories, >> and any other directory they can write to. There is no need for root >> privileges. >>> On a multi-user production system this is unattractive from this system administrator's point of view. On a single-user

Re: Authentication with LDAP on OpenBSD

On Wed, May 28, 2014 at 2:39 PM, Matthew Weigel wrote: > On 05/27/2014 10:50 PM, Predrag Punosevac wrote: > >> and edited /etc/ypldap.conf as: >> >> # $OpenBSD: ypldap.conf,v 1.4 2012/04/30 12:16:43 ajacoutot Exp $ >> >> domain "autonlab.org" >> interval60 >> provide map "pass

Re: 5.5 pf priority

Em 28-05-2014 09:12, Henning Brauer escreveu: > * Marko Cupać [2014-05-28 10:15]: >> I have a number of 5.4 firewalls which rely on ALTQ with HFSC for >> packet queueing. I'd like to upgrade to 5.5, but I'm confused with new >> queueing mechanism. If I understand well, in 5.5 order of queues has >

Re: pf+voip

Hi! Don't miss RTP protocol : pass proto tcp to port >< 20001 Alex On 05/27/2014 07:46 PM, Dmitry Petrakoff wrote: Sorry, that was exactly I meant ( OT probably ): The first issue with late hang-up most likely means, that calee hung up and his UAC sent SIP BYE within existing

Re: Authentication with LDAP on OpenBSD

On 05/27/2014 10:50 PM, Predrag Punosevac wrote: and edited /etc/ypldap.conf as: # $OpenBSD: ypldap.conf,v 1.4 2012/04/30 12:16:43 ajacoutot Exp $ domain "autonlab.org" interval60 provide map "passwd.byname" provide map "passwd.byuid" provide map "group.byname" pro

Re: sudo -u & environment help

FYI;- The sudo users mailing list quickly said the 3 issues I identified are known bugs, which have been fixed in newer sudo versions. http://www.sudo.ws/sudo/stable.html "The current stable release of sudo is 1.8.10p3" $ sudo -V Sudo version 1.7.2p8 $ uname -a OpenBSD teak.britvault.co.uk 5.4 G

Re: 5.5 pf priority

* Marko Cupać [2014-05-28 10:15]: > I have a number of 5.4 firewalls which rely on ALTQ with HFSC for > packet queueing. I'd like to upgrade to 5.5, but I'm confused with new > queueing mechanism. If I understand well, in 5.5 order of queues has > nothing to do with priority, only with bandwidth a

Re: Shuttle DS81 and openBSD 5.5?

On 2014-05-28, Harald Dunkel wrote: > I haven't found it mentioned here yet, so I wonder if somebody > could share his experiences in running openBSD on a Shuttle DS81 > (Intel DH82H81 chipset, Haswell i3 or i5). Is the hardware "too new" > for openBSD 5.5? I wouldn't hesitate to buy it. The

Re: [Bulk] Re: slow qemu openbsd

previously on this list Kevin Chadwick contributed: > So I'm hoping I can boot OpenBSD with qemu or Windows or Linux > under multiboot or alternatively boot xenserver or something off a usb > and select 2 or more of the multiboots to run concurrently. > > Any input as to if this is possible with

Re: problem between postfix and Courier authdaemond

On Tue, May 27, 2014 at 09:30:15PM +0200, Mika wrote: > Hi, > > i habe a little problem with authdaemond. > > > > cat /var/log/maillog > May 27 21:12:30 2-2-2-2 postfix/smtps/smtpd[6446]: Anonymous TLS > connection established from 1-1-1-1-di.dum.di[1.1.1.1]: TLSv1 with > cipher ECDHE-RSA-AES128

Re: Shuttle DS81 and openBSD 5.5?

ha...@afaics.de (Harald Dunkel), 2014.05.28 (Wed) 09:48 (CEST): > I haven't found it mentioned here yet, so I wonder if somebody > could share his experiences in running openBSD on a Shuttle DS81 > (Intel DH82H81 chipset, Haswell i3 or i5). Is the hardware "too new" > for openBSD 5.5? The DS47

Shuttle DS81 and openBSD 5.5?

Hi folks, I haven't found it mentioned here yet, so I wonder if somebody could share his experiences in running openBSD on a Shuttle DS81 (Intel DH82H81 chipset, Haswell i3 or i5). Is the hardware "too new" for openBSD 5.5? Every helpful comment is highly appreciated. Harri

Re: 5.5 pf priority

On Wed, 28 May 2014, Marko Cupać wrote: > Hi, > > I have a number of 5.4 firewalls which rely on ALTQ with HFSC for > packet queueing. I'd like to upgrade to 5.5, but I'm confused with new > queueing mechanism. If I understand well, in 5.5 order of queues has > nothing to do with priority, only w

5.5 pf priority

Hi, I have a number of 5.4 firewalls which rely on ALTQ with HFSC for packet queueing. I'd like to upgrade to 5.5, but I'm confused with new queueing mechanism. If I understand well, in 5.5 order of queues has nothing to do with priority, only with bandwidth allocation (as opposed to ALTQ + HFSC o