;
>Regards, Lars.
I think that some time ago there was the same question here on misc@, and if I
remember correctly the workaround was to allow VLAN tagging on virtual
interface, then use VLANs on VM with only one interface.
--
Łukasz Moskała
k to udp) while vlc
does not?
AFAIK linux's NFS server uses TCP by default (at least on archlinux,
according to man 8 nfsd) so this could explain why it worked when server
was on fedora.
Hope this helps
Regards,
--
Łukasz Moskała
dge tap0 on both ends to physical
interface
Regards
--
Łukasz Moskała
(or http and https).
Then I'd ask ISP whether I'm paying for access to internet or for access
to websites. And VPN on port 443/TCP would solve that problem.
Regards
--
Łukasz Moskała
>
>Austin
>
>
Hi,
Near end of boot process you can see "relinking to create unique kernel".
Modifying kernel changes modification date and checksum.
If you want to learn more about this feature, it's called KARL.
--
Łukasz Moskała
file?
- does unbound use unveil(2), and if so, is it configured to be able
to access this file?
--
Łukasz Moskała
other directory (with hardlinks so it doesn't
take as much space), then updating that copy, getting list of updated
files, then check each file if it's modified locally in original repo?
This could be a good starting point, even if it's not ideal solution.
I belive rsync had option to use hardlinks instead of copying.
--
Łukasz Moskała
Dnia Tue, Jun 28, 2022 at 11:36:55AM +0200, Christer Solskogen napisał(a):
> On Tue, Jun 28, 2022 at 10:44 AM Stuart Henderson
> wrote:
>
> >
> > It makes no sense to set your own address as the default gateway?
> >
> >
> It would *if* backup didn't respond to the carp IP. But it does, so no it
Dnia Tue, Jun 28, 2022 at 10:03:25AM +0200, Christer Solskogen napisał(a):
> On Tue, Jun 28, 2022 at 9:52 AM Łukasz Moskała wrote:
>
> > Run tcpdump on master, ping on backup. If you see pings in tcpdump, then
> > master is responding.
> > If not, backup is responding t
If not, backup is responding to itself.
--
Łukasz Moskała
upports openbsd could also be a
good solution.
--
Łukasz Moskała
W dniu 15.06.2022 o 13:05, Łukasz Moskała pisze:
Aside from doing clean install, maybe you can find a mirror somewhere
that still has those files.
Looks like this mirror still has 6.7:
http://dk.archive.ubuntu.com/OpenBSD/
--
Łukasz Moskała
ERNV[1]} == '-beta' ]]; then
NEXT_VERSION=${_KERNV[0]}
else
NEXT_VERSION=$(echo ${_KERNV[0]} + 0.1 | bc)
fi
So you could comment those 5 lines and put NEXT_VERSION=6.8
Again, doing this may be a bad idea.
Best regards
--
Łukasz Moskała
have http here.
> Invalid command arguments: Invalid domain name"
This would also confirm that.
Let us know if this fixes it, or if it was badly pasted to email client.
Kind regards
--
Łukasz Moskała
to do "reboot" on windows then boot to linux.
This was in 2016 or 2017 I think, I can't test if that's still the case
because I no longer have windows installed. I also can't remember if
this was on old motherboard (realtek NIC) or new motherboard (intel NIC)
--
Łukasz Moskała
oblems like that.
I'd suggest using diffrent prefixes.
Kind regards,
--
Łukasz Moskała
get multiple IPs from your ISP.
You could use ipv6, if both server and client(s) are in ipv6-enabled networks.
If using ipsec is not a requirement, you could use openvpn or wireguard instead.
Hope this helps,
--
Łukasz Moskała
Dnia Tue, Mar 29, 2022 at 05:31:56AM +0300, Mihai Popescu napisał(a):
> > Pure access points are just network bridges ...
>
> Most AP I encountered were linux based with web servers for
> configuration access.
> Do you know if there is an AP model with minimal firmware to do that bridging?
> If so
1 irq 12
> >> pckbd0 at pckbc0 (kbd slot)
> >> wskbd0 at pckbd0: console keyboard, using wsdisplay0
> >> pms0 at pckbc0 (aux slot)
> >> wsmouse0 at pms0 mux 0
> >> pcppi0 at isa0 port 0x61
> >> spkr0 at pcppi0
> >> dt: 445 probes
> >> uhidev0 at uhub0 port 5 configuration 1 interface 0 "QEMU QEMU USB Tablet"
> >> rev 2.00/0.00 addr 2
> >> uhidev0: iclass 3/0
> >> ums0 at uhidev0: 3 buttons, Z dir
> >> wsmouse1 at ums0 mux 0
> >> vscsi0 at root
> >> scsibus4 at vscsi0: 256 targets
> >> softraid0 at root
> >> scsibus5 at softraid0: 256 targets
> >> sd3 at scsibus5 targ 1 lun 0:
> >> sd3: 39056MB, 512 bytes/sector, 79987043 sectors
> >> softraid0: volume sd3 is roaming, it used to be sd2, updating metadata
> >> root on sd3a (3aa1953775dc1966.a) swap on sd3b dump on sd3b
> >> fd0 at fdc0 drive 1: density unknown
> >> sd4 at scsibus5 targ 2 lun 0:
> >> sd4: 511993MB, 512 bytes/sector, 1048561958 sectors
> >> softraid0: volume sd4 is roaming, it used to be sd3, updating metadata
> >> softraid0: roaming device sd1a -> sd2a
> >> sd5 at scsibus5 targ 3 lun 0:
> >> sd5: 1023994MB, 512 bytes/sector, 2097140573 sectors
> >
>
Dovecot has mechanism to do realtime master-master replication between two
servers (probably uses dsync under the hood, but I didn't check).
I'm using it to create high availability, in case one of my mail servers goes
down second one works normally (I just need to point my imap/smtp clients to
working one)
https://wiki.dovecot.org/Replication
--
Łukasz Moskała
c, just to prevent me from
setting up a VPN. This is just for convenience.
Cheers and TIA
Zé
Hi,
I'd just check both SSID and BSSID and call it good enough, to be honest.
In this case, if I understand correctly, to spoof it, somebody would
have to know your wifi password, otherwise yo
Dnia Mon, Mar 21, 2022 at 08:22:36PM -0700, Eric Thomas napisał(a):
> Hello,
>
> I'd like to learn about secure networking (PKI, x509 certs, DNS, IPS, etc.)
> and generally
> harden my home network using OpenBSD. Can I use OpenBSD services AND have
> it act as a desktop workstation on the same mac
re0 add bge0 blocknonip re0 blocknonip em0
I don't know if it's typo in email, but you got em0 here
Is bridge0 actually up? Start by trying ifconfig bridge0 up
Does tcpdump -ni bridge0 show anything?
Also, please post full output of ifconfig
Best regards
--
Łukasz Moskała
t70.img to hdd, plug hdd in, boot from it, install to same hdd you
booted from. You may need to create boot.conf in miniroot70.img to use serial
instead of non-existent vga if "boot>" prompt does not show up to do that at
boot time.
- plug hdd to another computer, install openbsd to it, move hdd to watchguard.
The second way I found here:
https://www.reddit.com/r/PFSENSE/comments/rce3i6/howto_pfsense_252_on_watchguard_xtm_5/
Let us know how it goes.
--
Łukasz Moskała
should be safe to
switch to http instead of https.
But I'd recommend trying to fix https problem first.
Regards,
--
Łukasz Moskała
Dnia Thu, Mar 03, 2022 at 03:46:12PM +1100, Jason F napisał(a):
> Hi Łukasz,
>
> Thank you for your reply.
>
> I have corrected the system dat
TLS handshake failure: ocsp verify failed: ocsp response not current
This would indicate that system time is invalid.
Regards,
--
Łukasz Moskała
050, 32bpp
wsdisplay0 at radeondrm0 mux 1: console (std, vt100 emulation), using wskbd0
wskbd1: connecting to wsdisplay0
wskbd2: connecting to wsdisplay0
wsdisplay0: screen 1-5 added (std, vt100 emulation)
Try iperf or iperf3 to eliminate possible disk bottlenecks.
Test from LAN to LAN, then from LAN to WAN, for example with public
iperf servers: https://iperf.fr/iperf-servers.php
Check if network connection is full-duplex, try replacing network cables.
--
Łukasz Moskała
Dnia 16 lutego 2022 12:25:25 CET, Lourens napisał/a:
>On 2/16/22 12:59, Łukasz Moskała wrote:
>> Hi,
>>
>> Did you ran dd recently? If you specify non-existent output disk in
>> dd, it'll create file in /dev, then write to it, filling up space.
>>
>>
show you which directories take up most space.
--
Łukasz Moskała
W dniu 15.02.2022 o 10:19, Carlos Lopez pisze:
On 15 Feb 2022, at 10:16, Łukasz Moskała wrote:
Dnia 15 lutego 2022 10:13:57 CET, Carlos Lopez napisał/a:
Hi all,
I am trying to configure multiple Wireguard road-warriors config using this
simple config in /etc/hostname.wg0
wgkey Ls1Os9
SD 6.9 fully updated …. On the other side, is it possible to
>assign different wiper keys to every client?
>
>Many thanks for your help
>
I think it's wgaip not vgaip
--
Łukasz Moskała
d even use something like cloudflare to hide your IP - then
your service will share IP with probably hundreds of other (unrelated)
services, so IP will not tell attacker anything.
Thanks!
Mike
--
Łukasz Moskała
W dniu 6.02.2022 o 18:04, Mike Fischer pisze:
Hi Łukasz,
Am 06.02.2022 um 12:08 schrieb Łukasz Moskała :
W dniu 6.02.2022 o 05:28, Mike Fischer pisze:
OpenBSD 7.0 stable amf64
My host has two ethernet interfaces, em0 and em1.
Note: The host is a VM with two virtual interfaces.
Both
4, second with
prefix /128), then remove em1 - I'm 99% sure this will solve your problem.
Best regards
--
Łukasz Moskała
W dniu 2.02.2022 o 06:42, Steve Williams pisze:
3. What is a popular reasonable quality wifi usb adapter that people use?
https://www.openbsd.org/arm64.html says that:
"bwfm(4) on Raspberry Pi 3/4/400 and Pinebook Pro"
So it appears that built-in wifi is supported.
--
Łukasz Moskała
and whatever listen on bridge0
Alternatively, change em2 IP address to be in other subnet than em1, for
example 192.168.20.1/24
--
Łukasz Moskała
VPN on STATIC, and connect to it from DYNAMIC. Then, entire
traffic from DYNAMIC goes via STATIC, and you can DNAT any port you want.
Maybe this is not exactly what you are looking for, but I think it's the
simplest way.
Kind regards
--
Łukasz Moskała
W dniu 30.11.2021 o 16:07, Radek pisze:
On Tue, 30 Nov 2021 10:04:30 +0100
Łukasz Moskała wrote:
Dnia 30 listopada 2021 09:45:15 CET, Radek napisał/a:
On Mon, 29 Nov 2021 11:19:28 +0100
Łukasz Moskała wrote:
W dniu 28.11.2021 o 18:07, Radek pisze:
Hello,
following the official guide
this traffic in pf (which you did), you need to
enable IP forwarding.
--
Łukasz Moskała
Dnia 30 listopada 2021 09:45:15 CET, Radek napisał/a:
>On Mon, 29 Nov 2021 11:19:28 +0100
>Łukasz Moskała wrote:
>
>> W dniu 28.11.2021 o 18:07, Radek pisze:
>> > Hello,
>> > following the official guide [1] and few others webites I finally
>> > ins
ge my system the correct way?
>The wrong number was observed on arm64 (bc -l) and amd64 (CGI).
>
>Best Regards,
>-peter
>
>From what I know, in C, sin takes input in radians.
Most likely bc does the same, and then xcalc probably automatically converts
input to radians before passing it to sin().
Kind regards
--
Łukasz Moskała
int of passing http via relayd?
Now, going back to your issue,why do you have
>forward to port $httpd_port
in relay "https" ?
It looks like relayd may put those requests to httpd, which will
redirect them to https.
So, I'd start looking at httpd and puma logs, to check to which daemon
the requests are actually being sent to.
And, if i'm wrong, and requests are going to puma (or whatever is
listening on 3001), then most likely puma is trying to redirect users to
https. Possibly because of this line:
>config.force_ssl = true
Also, in this case you may try setting header x-forwarded-proto to
https, but I don't know if puma will actually use it.
Let us know if that worked.
Kind regards,
--
Łukasz Moskała
t;Thanks
>-S
>
httpd is chrooted to /var/www, so your gunicorn server should listen in
/var/www/run/gunicorn.sock instead of /run/gunicorn.sock, if you specify
/run/gunicorn.sock in httpd.conf
--
Łukasz Moskała
bsd, but I
didn't use them with openbsd so maybe someone else can say more.
I didn't have problems with broadcom nics.
If I were you, I'd go with raspberry pi 4 and USB modem, since rpi4 also
has built in wifi, which IIRC is supported in AP mode on openbsd.
Kind regards
--
Łukasz Moskała
ing to unblock it.
Kind regards
--
Łukasz Moskała
Dnia 17 listopada 2021 23:58:21 CET, Stuart Henderson
napisał/a:
>On 2021-11-17, Łukasz Moskała wrote:
>>
>>
>> Dnia 17 listopada 2021 23:13:19 CET, u...@mailo.com napisał/a:
>>>Questions recap:
>>>1. Is it `OpenBSD` tools' fault or is it the HDD&#
7;s tools or the hard disk or what?
>Since it is a newly bought HDD, should I apply for warranty?
>2. Having set `boundend` manually, should I expect a robust operation,
>or might that nuisance pop up later on and interfere?
>
>Thanks
>
>
Are you using MBR or GPT?
MBR has 2TiB size limit, so it kind of sounds like your issue. If that's the
case, you have to reinstall on GPT.
Kind regards
--
Łukasz Moskała
like
your network card decided to write new_MAC to it's EEPROM chip (where it's
usually stored).
Out of curiosity, does linux or any other OS show new_MAC or vendor's MAC?
--
Łukasz Moskała
and
disable hyperthreading, your load may drop to about 0.8.
How much cpu usage graphs do you see in htop?
Kind regards
--
Łukasz Moskała
, I should have clarified - I meant it works on Linux.
I know it's openbsd mailing list, but I think it's better to use linux, than
propriertary IP camera.
--
Łukasz Moskała
sing-ffmpeg
But at this point raspberry pi is more open source and there's good
chance that you can use it for something else, when you are done with
your timelapse.
Kind regards,
--
Łukasz Moskała
AND RESET THE DATE!
gpio0 at bcmgpio0: 54 pins
mue0 at uhub2 port 1 configuration 1 interface 0 "Standard Microsystems
LAN7800" rev 2.10/3.00 addr 5
mue0: LAN7800, address b8:27:eb:f7:0c:25
ukphy0 at mue0 phy 1: Generic IEEE 802.3u media interface, rev. 2: OUI
0x0001f0, model 0x0013
bwfm0: address b8:27:eb:a2:59:70
Hi,
/bin/sh -x /home/jross/sync_to_odroidn2.sh
cat ./sync_to_ordoidn2.sh
Looks like you have typo in file name to me :) odroid in first, ordoid
in second.
--
Łukasz Moskała
ng bge0, since
otherwise "stupid devices" will not know the packet's return path.
Kind regards,
--
Łukasz Moskała
/bin/" {
>block drop
>}
>location match "/kb/inc/" {
>block drop
> }
> location match "/kb/vendor/" {
>block drop
>}
>}
>
I think that since httpd is chrooted, so your symlink has to be relative, and
point to directory inside chroot.
Also, why are you using symlink?
Kind regards,
--
Łukasz Moskała
Dnia Tue, Nov 02, 2021 at 09:13:55AM +, John Gould napisał(a):
> Hi everyone,
>
> I have this error trying to install sparc64 on to a Sun t5120 via cd
> written with install70.iso
>
> Enter #. to return to ALOM.
>
>
> {0} ok boot cdrom
>
>
>
> SPARC Enterprise T5120, No Keyboard
>
> Cop
54 matches
Mail list logo
