tinez
From: Adriano Barbosa
Sent: 08 October 2024 15:26
To: Carlos Lopez; misc@openbsd.org
Subject: Re: OpenBSD 7.5 crash under RHEL9 kvm host host
Hi.
I used to run OpenBSD vms using libvirt on Debian and NixOS for quite long
time using both pc and q35 without any pr
Hi all,
Some idea? Same occurs with 7.6 release. It is very strange because using q35
for OpenBSD kvm guests it was working without problems until release 7.5.
Best regards,
C. L. Martinez
From: Carlos Lopez
Sent: 14 September 2024 12:00
To: misc
Hi all,
I am trying to install an OpenBSD 7.5 vm under RHEL9 kvm host but installation
crash. Installer crash immediately after detects CPU. I am using Q35 definition
for this virtual machine. Changing to PC all seems to work.
Do I need to reconfigure some virtio devices in guest definition or
Hi all,
https://blog.apnic.net/2024/02/02/towards-ssh3-how-http-3-improves-secure-shells/
Uhmm ... ssh over http/3? What do you think about it?
Best regards,
C. L. Martinez
> On 15 Feb 2022, at 13:58, Stuart Henderson wrote:
>
> On 2022-02-15, Carlos Lopez wrote:
>> But regarding the question to use different keys for every wg client?
>
> You have two options:
>
> 1. use the same 'server' key for all connections: use on
> On 15 Feb 2022, at 10:16, Łukasz Moskała wrote:
>
>
>
> Dnia 15 lutego 2022 10:13:57 CET, Carlos Lopez napisał/a:
>> Hi all,
>>
>> I am trying to configure multiple Wireguard road-warriors config using this
>> simple config i
Hi all,
I am trying to configure multiple Wireguard road-warriors config using this
simple config in /etc/hostname.wg0
wgkey Ls1Os9/oE0kU5jJdFp1dLpzJhtL8WIzzJ/G+7bzSEZk=
wgport 8443
wgpeer 2XLLj0O6jdtx+BNCt90m2pEyJS/M2kh6WaskFTz+n1A= vgaip 10.55.55.2/32 vgaip
10.55.55.3/32
inet 10.55.55.1/28
de
and then fall back to
>> the table defined in the main ruleset, if there is one. This is
>> similar to C rules for variable scope. It is possible to create
>> distinct tables with the same name in the global ruleset and in an
>> anchor, but this is often bad design and a warning will b
Hi all,
I have a strange issue when I use a pf table inside an anchor. Error returned
is:
pfctl: warning: table already defined in anchor "pub-network/_2”
Table is defined in global pf.conf file. In pf.conf I have defined
some anchors by interface, like this:
# Group of rules for public net
Hi all,
I have exported "CC=/usr/bin/clang" in the shell and now Suricata compiles ok.
Many thanks to all for your help.
On 27/1/21, 14:45, "owner-m...@openbsd.org on behalf of Carlos Lopez"
wrote:
HI Stuart,
Many thanks for your help. I have tried to compile
HI Stuart,
Many thanks for your help. I have tried to compile using
"--with-clang=/usr/bin/clang" flag but same error appears...
On 27/1/21, 13:49, "owner-m...@openbsd.org on behalf of Stuart Henderson"
wrote:
On 2021-01-27, Carlos Lopez wrote:
> Hi all,
> On 27. Jan 2021, at 13:31, Carlos Lopez wrote:
>
> Hi all,
>
> I am trying to compile suricata 6.0.1 with some custom options and the
following error is returned:
>
> hecking for strlcat... yes
> checking for special C compiler op
Hi all,
I am trying to compile suricata 6.0.1 with some custom options and the
following error is returned:
hecking for strlcat... yes
checking for special C compiler options needed for large files... no
checking for _FILE_OFFSET_BITS value needed for large files... no
checking host os... instal
On 12/01/2021 18:58, Carlos Lopez wrote:
> Thanks Gianni, but about what interface ? KVM bridges? In theory, MAC
spoofing is avoided using this option:
>
> bridge.ageing-time: 300
>
> On 12/1/21, 17:47, "owner-m...@openbsd.org on
r disabled on that interface.
G
On 12/01/2021 15:30, Carlos Lopez wrote:
> Hi David and misc@,
>
> Sorry to disturb with this.I have realized several tests this morning
with two OpenBSD 6.8 carp'ed firewalls (fully patched) as kvm guests and result
is the s
config under OpenBSD 6.7 (pf rules and carp config),
works like a charm. Arrived to this point I am confused.
Any idea? Do you use some specific config for the kvm bridges? Mybe is a
problem with multicast?
Many thanks for your help in advance.
On 11/1/21, 17:01, "owner-b...@openbsd.org on beha
Hi all,
Does anyone know of a valid option to connect an OpenBSD host as a roadwarrior
to a Fortinet SSL-VPN gateway? Using VPN-SSL ...
Regards,
C. L. Martinez
Ok, done. I have already sent the bug report.
On 21/10/2020, 11:11, "Uwe Werler" wrote:
On 21 Oct 07:12, Carlos Lopez wrote:
> Hi all,
>
> Before upgrade from OpenBSD 6.7 to OpenBSD 6.8, my pair firewalls was
using carp in IP balance mode without problems
Hi all,
Before upgrade from OpenBSD 6.7 to OpenBSD 6.8, my pair firewalls was using
carp in IP balance mode without problems from several months. These firewalls
are installed in a RHEL 8.2 (fully patched) KVM host.
After upgrading to OpenBSD 6.8, carp ip balance mode doesn’t works. I have
tes
--
Cordialement,
Pierre BARDOU
-Message d'origine-
De : owner-m...@openbsd.org De la part de Peter N.
M. Hansteen
Envoyé : vendredi 7 août 2020 13:10
À : misc@openbsd.org
Objet : Re: Managing PF logs
On Fri, Aug 07, 2020 at 10:29:32AM +, Carlos L
Hi all,
I am thinking about how could be the best option to inject PF logs in
Elasticsearch (or any similar platform). If I am not wrong, some years ago
there is an option using a shell wrapper to store all pf logs in ASCII format
and redirect all of them to a central syslog server (published
pool.ntp.org
1 10 2 3005s 3154s 1.199ms19.994ms 0.321ms
On 25/05/2020, 10:20, "Otto Moerbeek" wrote:
On Mon, May 25, 2020 at 07:53:47AM +0000, Carlos Lopez wrote:
> Hi all,
>
> After upgrading four kvm guests to OpenBSD 6.7, I see the following
Hi all,
After upgrading four kvm guests to OpenBSD 6.7, I see the following messages
when these guests starts:
WARNING: clock gained 2 days
WARNING: CHECK AND RESET THE DATE!
All four guests are fully patched. Dmesg output:
OpenBSD 6.7 (GENERIC) #1: Sat May 16 16:07:20 MDT 2020
r...@sysp
Hi all,
After upgrade my two OpenBSD carp’ed fws to 6.7, I am seeing a lot of “failed
state lookup/inserts” statistics.
On firewall A:
pfsync:
5487 packets received (IPv4)
0 packets received (IPv6)
0 packets discarded for bad interface
0 packets
Hi all another time,
Problem is solved ... I had made a mistake: I had disabled the nic offloading
options for this guest. By enabling them again, everything works.
Many thanks.
On 20/05/2020, 09:34, "Carlos Lopez" wrote:
Hi all,
I just set up an OpenBSD 6.7 kvm g
Hi all,
I just set up an OpenBSD 6.7 kvm guest on an RHEL8.2 server and selected q35
instead of pc as a machine type. Everything seems to be working fine, except
for the network interfaces (virtio interfaces). They don't work.
On the other hand, if I modify q35 by pc, everything works correct
Thanks Edgar … Nop, it is not a typo 😊
--
Regards,
C. L. Martinez
From: "ed...@pettijohn-web.com"
Date: Monday, 16 March 2020 at 17:16
To: Carlos Lopez
Cc: "misc@openbsd.org"
Subject: Re: What is the difference between these anchor rules
On Mar 16, 2020 11:07 AM, Carl
Hi all,
I am trying to accomplish several different tests using anchors rules under an
OpenBSD 6.6 host. But I am seeing a strange behavior depending how I configure
them. For example:
This rule works:
anchor inet from $laptop_admin label "Allow access from $srcaddr via SSH" {
anchor p
Thanks Stuart. This is a KVM virtual machine with all offloads settings
disabled for the guest ... I will try to enable and see how it goes ...
--
Regards,
C. L. Martinez
On 15/03/2020, 17:41, "owner-m...@openbsd.org on behalf of Stuart Henderson"
wrote:
On 2020-03-15, Ca
Sorry, my mistake. I have only one match rule configured as:
match in all scrub (no-df max-mss 1440 random-id)
--
Regards,
C. L. Martinez
On 15/03/2020, 13:33, "Carlos Lopez" wrote:
Good morning,
I've been seeing a lot of "bad ip cksum" error mess
Good morning,
I've been seeing a lot of "bad ip cksum" error messages in my OpenBSD’s Tor
gateway, like these:
Mar 15 12:27:03.113986 rule 2._5.1/(match) [uid 0, pid 71416] pass in on vio0:
[orig src 172.22.55.4:49964, dst 172.217.19.142:443] 172.22.55.4.49964 >
127.0.0.1.9040: SWE 3285379865
, one host can connect to the
other (ping, ssh and so on). Maybe it is a bug with Zeek ...
--
Regards,
C. L. Martinez
On 08/03/2020, 10:42, "owner-m...@openbsd.org on behalf of Carlos Lopez"
wrote:
Hi Monah,
Yes, zeekctl deploy works without problem. If I launch severa
00:25
To: Carlos Lopez
Cc: "misc@openbsd.org"
Subject: Re: Compiling Zeek 3.0.2 returns an error at final stage
>From the server if you curl a website, in zeek log current folder do you see a
>http.log file, and after changing the interface did you zeekctl deploy.
Thanks
Monah
Thanks Monah … But this is not the problem … interface configuration is correct
…
--
Regards,
C. L. Martinez
From: Monah Baki
Date: Saturday, 7 March 2020 at 23:30
To: Carlos Lopez
Cc: "misc@openbsd.org"
Subject: Re: Compiling Zeek 3.0.2 returns an error at final stage
Hi Carl
ot;owner-m...@openbsd.org on behalf of Stuart Henderson"
wrote:
On 2020-03-07, Carlos Lopez wrote:
> Hi all,
>
> I am trying to install Zeek 3.0.2 under OpenBSD 6.6 amd64 fully patched
but compilation returns me the following error:
>
> [ 97%] Building C
Hi all,
I am trying to install Zeek 3.0.2 under OpenBSD 6.6 amd64 fully patched but
compilation returns me the following error:
[ 97%] Building C object src/CMakeFiles/zeek.dir/nb_dns.c.o
[ 97%] Linking CXX executable zeek
ld: error: unable to find library -llibbinpac.so.VERSION
c++: error: lin
On 24/09/2019 12:26, Erling Westenvik wrote:
> On Tue, Sep 24, 2019 at 08:11:00AM +0000, Carlos Lopez wrote:
>> When I try to configure multiple search DNS suffixes in dhcpd.conf, I
>> am receiving the following error:
>>
>> /etc/dhcpd.conf line 21:
&
Regards,
C. L. Martinez
On 24/09/2019 10:22, Rudolf Leitgeb wrote:
> Could this be a case of missing semicolon at the end ?
>
Thanks Rudolf, but not ... My complete config is:
subnet 172.22.55.0 netmask 255.255.255.224 {
option routers 172.22.55.30;
range 172.22.55.17 172.22.
Hi all,
When I try to configure multiple search DNS suffixes in dhcpd.conf, I
am receiving the following error:
/etc/dhcpd.conf line 21:
option domain-search "custom.domain.org"
^
fatal in dhcpd: Configuration file errors encountered
According to man page:
option dom
On 19/05/2019 14:16, Ville Valkonen wrote:
> On Sun, 19 May 2019 at 12.14, Carlos Lopez <mailto:clo...@outlook.com>> wrote:
>
> Hi all,
>
> Yesterday, I have upgraded my home OpenBSD's fws from 6.4 to 6.5.
> All
> seems to work ok execpt
Hi all,
Yesterday, I have upgraded my home OpenBSD's fws from 6.4 to 6.5. All
seems to work ok execpt with route-to rules. The following rules have
been working smoothly in previous versions:
pass in quick inet proto tcp from to
port = 80 flags S/SA keep state (if-bound) label
"Force acce
On 02/11/2018 18:18, Theo de Raadt wrote:
> Carlos Lopez wrote:
>
>> Applying syspatch today, returns me the following warning:
>>
>> root@obsd-fw-per01:~# syspatch
>> ln: /usr/X11R6/bin/X: No such file or directory
>>
>> I guess it's an
Hi all,
Applying syspatch today, returns me the following warning:
root@obsd-fw-per01:~# syspatch
ln: /usr/X11R6/bin/X: No such file or directory
I guess it's an expected error since I don't have X11 installed. Correct?
--
Regards,
C.L. Martinez
Many thanks to all for your explanations, as always.
Regards,
C. L. Martinez
From: owner-m...@openbsd.org on behalf of Kevin
Chadwick
Sent: 13 September 2018 17:39
To: misc@openbsd.org
Subject: Re: OT: Firmware encryption hacked?
On Thu, 13 Sep 2018 10:
Uhmm … Reality?
https://techcrunch.com/2018/09/12/security-flaw-in-nearly-all-modern-pcs-and-macs-leaks-encrypted-data/?guccounter=1
Can we consider a risk to encrypt at OS level also?
45 matches
Mail list logo
