le rdomain? to
me that demonstrates how oversimplifying things ends up hurting
pretty quickly.
>
> Thanks again for your time and input.
>
> On Fri, Aug 1, 2025 at 9:33???AM David Gwynne wrote:
>
> > On Wed, Jul 30, 2025 at 12:10:02AM +, Andrew Dekker wrote:
> > &
On Wed, Jul 30, 2025 at 12:10:02AM +, Andrew Dekker wrote:
> To preface, please bear with me, my terminology may not be accurate but I'll
> try to describe what I've been struggling with this all week.
> I am using 7.7 as a router/firewall with multiple lan's
> I would like to have multiple eg
> On 5 Jul 2025, at 06:08, Geoff Steckel wrote:
>
> Can anyone point me at a reference/discussion for ipv6 server addressing?
>
> rad(8) & slaacd(8) work well for clients.
>
> I have OpenBSD servers with IPv4 addresses including local DNS for them.
> I would like to allow naive clients to co
quickly.
>
> Mark.
>
>
> On 6/24/25 07:54, David Gwynne wrote:
>> On 24/06/2025 16:39, Mark de Vries wrote:
>>> Will be the first time I apply a patch and compile BSD from source but will
>>> have a go. I suppose this is on the 'current' tree?
&g
On Mon, Jun 23, 2025 at 03:23:27PM +0100, Mark de Vries wrote:
> Greetings,
>
> I am also seeing increased latency and jitter using an Octeon system -
> Edgerouter 6p. It's the same issue for both OpenBSD 7.6 and 7.7. I don't see
> it on a amd64 machine with the same configuration.
>
> Attached i
On 24/06/2025 16:39, Mark de Vries wrote:
Will be the first time I apply a patch and compile BSD from source but
will have a go. I suppose this is on the 'current' tree?
it should apply to stable too. this code hasn't changed in a while.
Mark.
On 6/24/25 07:19, David Gw
> On 20 Jun 2025, at 23:14, Manuel Kuklinski wrote:
>
> Hi!
>
> Am Donnerstag 19 Juni 2025 um 10:48:53 +1000, schrieb David Gwynne 2,5K:
>> you should be able to use tcpdump on your box to see the packets
>> coming from the linux host. if you can find which inte
On Wed, Jun 18, 2025 at 09:09:00PM +0200, Manuel Kuklinski wrote:
> Hi!
>
> Am Mittwoch 18 Juni 2025 um 8:43:25 +1000, schrieb David Gwynne 3,1K:
> > the net.inet.gre.allow=1 enables gre processing for both ipv4 and
> > ipv6.
>
> O.K. - thank you for clarifying!
>
On Tue, Jun 17, 2025 at 08:09:01PM +0200, Manuel Kuklinski wrote:
> Hi!
>
> After banging my head over a problem (I can't seem to be able to
> successfully establish an IPv6 tunnel over IPv6 with gre(4)), I consulted
> chatgpt.com (I know, I know...). On there, the AI model states that
> gre(4) on
you might just need to ./MAKEDEV ttyU4 in /dev. there's only 4 (0 to 3) dev
entries for ucom devices by default, which look to be all taken by the quectel.
if you flip the ec25 to mbim mode and reboot then it should only take 3 ucom
slots. iirc you connect to interface 2 (cu -s 115200 -l /dev/cu
there's also veb(4) and tpmr(4). they're also bridges, but won't let
traffic from the network stack on the firewall onto the ports by
default. tpmr(4) is probably best for what you think you want to do here.
On 30/05/2025 00:02, Heinrich Rebehn wrote:
On 28. May 2025, at 23:03, Stuart Hender
> On 25 May 2025, at 07:23, Daniel Jakots wrote:
>
> On Sat, 24 May 2025 16:39:37 -0400, Daniel Jakots wrote:
>
>> vlan40: flags=8102 mtu 1500
>> lladdr 3c:97:0e:33:0b:1e
>> index 11 priority 0 llprio 3
>> encap: vnetid 40 parent em0 txprio packet rxprio outer
>> groups: vlan
>> media: Ether
> On 22 May 2025, at 06:39, Kirill A. Korinsky wrote:
>
> On Wed, 21 May 2025 22:04:14 +0200,
> Emiel Kollof wrote:
>>
>> Fabio Martins schreef op 2025-05-21 18:25:
>>> Bit off-topic, but I have sucessfully run other distros as well
>>> (Debian). Even Windows applications:
>>>
>>> OpenBSD -
On Fri, Apr 04, 2025 at 07:26:34AM +1000, Stuart Longland VK4MSL wrote:
> Hi all,
>
> I run OpenVPN for my virtual private networking as it's a workhorse I've
> gotten to know well over the years and is also one of the few that supports
> layer 2 networking (that is, forwarding Ethernet frames ove
On Mon, Mar 24, 2025 at 09:03:49AM -0600, Diana Eichert wrote:
> inline
>
> On Sun, Mar 23, 2025 at 10:30???PM Philipp Buehler
> wrote:
> >
> > Am 24.03.2025 00:24 schrieb Diana Eichert:
> > > Am I missing something or is this the only way to automatically bring
> > > up a pair(4) patch?
> > >
>
hey,
i know it's been a while since you posted this. hopefully you got
something working, but i have some notes here.
On Wed, Mar 05, 2025 at 04:23:52PM -0700, Devin Reade wrote:
> I have a use case where I have a subnet that is officially routed
> to Site1, but I would actually like to have host
dhcpd on a vport in veb works a lot better if you want to try migrating.
On Fri, 24 Jan 2025, 06:40 Aurelien Martin, <01aurel...@gmail.com> wrote:
> Hi all,
>
> My dhcpd serve on interface em3 (that send DHCP querry) instead of vether0
> I have a vether0 in a bridge0 where I have 3 interfaces
> N
On Thu, Dec 19, 2024 at 10:48:41PM +0100, Maurice Janssen wrote:
> On Thu, Dec 19, 2024 at 09:40:20AM +1000, David Gwynne wrote:
> >
> >> On 19 Dec 2024, at 08:20, David Gwynne wrote:
> >>
> >>> On 19 Dec 2024, at 02:17, Maurice Janssen wrote:
> >&g
> On 19 Dec 2024, at 08:20, David Gwynne wrote:
>
>
>
>> On 19 Dec 2024, at 02:17, Maurice Janssen wrote:
>>
>> On Wed, Dec 18, 2024 at 11:51:26AM +1000, David Gwynne wrote:
>>> Hey Maurice,
>>>
>>> bluhm@ just did a talk at eu
> On 19 Dec 2024, at 02:17, Maurice Janssen wrote:
>
> On Wed, Dec 18, 2024 at 11:51:26AM +1000, David Gwynne wrote:
>> Hey Maurice,
>>
>> bluhm@ just did a talk at eurobsdcon that might help you understand the
>> different points to look at. my tld
On Tue, Dec 17, 2024 at 06:31:36PM +0100, Maurice Janssen wrote:
> Hi,
>
> I have an NTP server behind an OpenBSD firewall / router and seeing some
> packet loss.?? The NTP server (Leontp 1200) should be able to handle the
> load easily, so I suspect the packet loss occurs at the firewall/router o
On Thu, Dec 12, 2024 at 06:01:37PM -0400, Christopher Sean Hilton wrote:
> Hi,
>
> I'm trying to setup a pair of OpenBSD machines to handle their respective
> home networks and
> create a IKEv2 VPN tunnel between them. If I call one side _home_ and one
> side _remote_ I
> think that defines thin
On Wed, Nov 27, 2024 at 09:14:19AM -0500, Brodey Dover wrote:
> Thanks. The MTU is auto negotiated to 1492. max-mss is 1440 in pf.
>
> I don't think OpenBSD has netisr or an equivalent since I don't see
> anything in the sysctl list, but it was implemented in FreeBSD and has
> allowed a number of
On Sun, Nov 24, 2024 at 05:55:12PM +, bsdbsdbsd1 wrote:
> OpenBSD needs an easily implementable killswitch for VPNs.
i'd argue it has one. or two. maybe more.
my preferred solution is to put the vpn protected traffic in a separate
rdomain to the vpn transport. for example, let's use wireguard
> On 19 Nov 2024, at 12:07, Tom Smyth wrote:
>
> Folks
> did anyone have success using sec(4) interfaces on Site to Site VPNs
> between OpenBSD and Fortinet ? I want to route via the sec interface
> rather than specify static policies in iked.conf
no experience, sorry. if you've ever configu
--> 172.16.1.1 netmask 0x
>
>
> It works ok .. . feels a little magic :)
you think it should be more complicated and fragile?
> thanks for wrtiting the sec(4) driver and the integration with iked... ipsec
>
> Much obliged...
>
> Tom Smyth
>
>
> On Tue
On Thu, Nov 07, 2024 at 05:06:34PM +0100, Marc Boisis wrote:
>
> Hello,
>
> In openBSD 7.3 and before we used tcpdump on pfsync0 to log NAT translation .
> Since 7.4 , tcpdump only show "16:57:17.115752 PFSYNCv69 len 1488"
>
> Have you got a solution to log NAT translation since OpenBSD 7.4 ?
On Sat, Sep 28, 2024 at 01:24:46PM -, Stuart Henderson wrote:
> On 2024-09-28, Nicolas Goy wrote:
> > On Fri Sep 27, 2024 at 5:45 AM CEST, David Gwynne wrote:
> >>
> >> using a /32 on each host with a single shared gateway ip for the
> >> subnet should w
On Thu, Sep 26, 2024 at 07:21:38PM +0200, Nicolas Goy wrote:
> Hello,
>
> I want to use OpenBSD as firewall for a configuration where every hosts is
> isolated.
cool.
> For example, let's say I have 1.0.0.0/24 subnet and 2000::/56 subnet.
>
> I want each host to have a single ip for ipv4, and a
7; active \
> from 192.168.4.0/30 to 192.168.4.0/30 \
> peer 192.168.3.111 \
> srcid server2.domain \
> iface sec0
>
> # cat /etc/hostname.sec0
> mtu 1446
> 192.168.4.2 192.168.4.1 netmask 0xfffc
> up
>
>
>
> I
is, 4789 for every outcoming packets.
>
> Do you think it's possible to optimize in this way?
yes, but there are more useful optimisations that are a higher priority
for me to do first. ecmp for vxlan in our stack isnt going to give you a
speed increase today.
>
>
> Il giorn
On Thu, Sep 19, 2024 at 10:05:37PM +0200, Luca Di Gregorio wrote:
> PublicIP1
> ---
> # cat /etc/hostname.vxlan3
> tunnel PublicIP1:4789 239.13.13.3
> parent gif0
> vnetid 13133
> tunnelttl 255
> mtu 1450
> up
>
> # cat /etc/hostname.gif0
> mtu 1480
> 10.13.11.2 10.13.11.1 netmask 255.255.
On Thu, Sep 19, 2024 at 09:48:15AM -0700, Bryan Vyhmeister wrote:
> On Wed, Sep 18, 2024 at 11:17:45AM +1000, David Gwynne wrote:
> > On Mon, Sep 16, 2024 at 09:57:18PM -0700, Bryan Vyhmeister wrote:
> > > On Tue, Sep 17, 2024 at 02:31:09PM +1000, David Gwynne wrote:
> >
On Thu, Sep 19, 2024 at 10:57:42PM +0200, Luca Di Gregorio wrote:
> I'm running 7.5, I see this alert:
>
> # ifconfig sec0 create
> # ifconfig sec0 tunnel 169.254.229.42/30 169.254.229.41
sorry, this should read:
# ifconfig sec0 inet 169.254.229.42/30 169.254.229.41
i just committed a fix to th
On Mon, Sep 16, 2024 at 09:57:18PM -0700, Bryan Vyhmeister wrote:
> On Tue, Sep 17, 2024 at 02:31:09PM +1000, David Gwynne wrote:
> >
> > On Mon, Sep 16, 2024 at 12:25:35PM -0700, Bryan Vyhmeister wrote:
> > > I am attempting to build a proof of concept of how to use vxla
On Mon, Sep 16, 2024 at 12:25:35PM -0700, Bryan Vyhmeister wrote:
> I am attempting to build a proof of concept of how to use vxlan(4) on OpenBSD
> in a fully meshed OSPF network with [wireless] links between sites under my
> full control so mtu is not an issue (mtu 1550 for vxlan0 and mtu 1600 o
> On 10 Aug 2024, at 18:18, 04-psyche.tot...@icloud.com wrote:
>
> Hi all,
>
> I am working on a wireguard network.
>
> I have a setup like this:
>
> serverA (10.0.0.0) => serverB (10.0.0.1) => serverC (10.0.0.2)
>
> - serverA connects to serverB with AllowedIPs = 0.0.0.0/0
> - serverB conn
which bit doesnt work? the "tunneldomain" command or actual packets moving?
sec transport is provided entirely by the ipsec stack, ie, you configure the
ipsec SAs associated with the interface to operate in a specific rdomain, sec
doesn't support configuration that with tunneldomain.
if you tcp
On Sun, Dec 03, 2023 at 06:02:03PM +0100, Jan Stary wrote:
> (please keep replies on the list)
>
> On Dec 03 12:08:08, kolip...@exoticsilicon.com wrote:
> > On Sun, Dec 03, 2023 at 02:35:11PM +0100, Jan Stary wrote:
> > > This is current/amd64 on a HP 260 G2 mini PC (dmesg below).
> > > Everything
> On 6 Oct 2023, at 01:50, David Higgs wrote:
>
> Logically, I wanted three hosts in the same broadcast domain (ISP CPE, IoT
> device, OpenBSD router), so tpmr(4) didn't seem appropriate - was I missing
> something?
No, you were right to reach for veb in your setup.
> On 5 Oct 2023, at 11:17, David Higgs wrote:
>
> On Tue, Oct 3, 2023 at 10:10 AM David Higgs wrote:
>
>> On Mon, Oct 2, 2023 at 9:26 AM David Higgs wrote:
>>
>>> On Sun, Oct 1, 2023 at 9:13 AM Zé Loff wrote:
>>>
On Sat, Sep 30, 2023 at 11:39:36AM -0400, David Higgs wrote:
> All
On Mon, Sep 18, 2023 at 12:47:52PM -, Stuart Henderson wrote:
> On 2023-09-17, Andrew Lemin wrote:
> > I have been testing the Wireguard implementation on OpenBSD and noticed
> > that the ToS field is not being copied from the inner unencrypted header to
> > the outer Wireguard header, resulti
> On 7 Sep 2023, at 08:00, Steven Shockley wrote:
>
> When running netstat -I [interface], what do the "fails" and "errs" columns
> mean? When my firewall is under network load, the output interface fails and
> total errs increases.
fails are the sum of qdrops and errs. qdrops are when the
On Thu, Aug 31, 2023 at 04:10:06PM +0200, Gabor LENCSE wrote:
> Dear David,
>
> Thank you very much for all the new information!
>
> I keep only those parts that I want to react.
>
> > > It is not a fundamental issue, but it seems to me that during my tests not
> > > only four but five CPU cores
me spare
> time) takes 5 minutes. This is a way too long overhead, if I need to do it
> between every single elementary steps (that is, the steps of the binary
> search) which are in the order of magnitude of 1 minute. :-(
5 minules of VALUE ADDING. pretty sure dell thinks you sho
On Mon, Aug 28, 2023 at 01:46:32PM +0200, Gabor LENCSE wrote:
> Hi Lyndon,
>
> Sorry for my late reply. Please see my answers inline.
>
> On 8/24/2023 11:13 PM, Lyndon Nerenberg (VE7TFX/VE6BBM) wrote:
> > Gabor LENCSE writes:
> >
> > > If you are interested, you can find the results in Tables 18
> On 11 Aug 2023, at 21:08, Marko Cupać wrote:
>
> Hi,
>
> I have star topology network where dozens of spokes communicate with
> other spokes through central hub over GRE tunnels protected with
> transport-mode ipsec.
>
> This worked great for years, but lately all the locations got bandwid
looks good to me after a quick read.
> On 23 Jun 2023, at 12:15, Amarendra Godbole
> wrote:
>
> I am planning to experiment with veb on my PC Engines apu2e4 board. It
> has three ports (em0, 1 and 2). Current configuration has em0 hooked
> up to cable modem, while em1 and em2 are internal LAN.
On Tue, May 30, 2023 at 06:07:32PM +0300, Nick Andersen wrote:
> Hi Folks,
hi.
>
> I am writing to seek assistance regarding an issue I am experiencing in
> trying to route my Personal Computer's network traffic to a TUN interface.
> My objective is to modify some of its content and subsequently
> On 31 May 2023, at 18:33, Claudio Jeker wrote:
>
> On Wed, May 31, 2023 at 08:35:45AM +1000, David Gwynne wrote:
>>
>>
>>> On 27 May 2023, at 21:40, Stuart Henderson
>>> wrote:
>>>
>>> On 2023-05-27, Valdrin MUJA wrote:
>>
> On 27 May 2023, at 21:40, Stuart Henderson wrote:
>
> On 2023-05-27, Valdrin MUJA wrote:
>>Does OpenBSD have routed based IPsec support?
>
> Not yet.
while you wait, it might be possible to configure a gif tunnel protected by
ipsec transport mode.
dlg
On Thu, May 25, 2023 at 02:11:29AM +0200, Joel Carnat wrote:
> Hi,
>
> I'd like confirm I understood how pf works in a mixed veb/vport/tap
> environment. I'm using OpenBSD 7.3/amd64 (if that matters).
>
> I have a physical host that runs services (relayd, httpd...) the "classical"
> way and also
> On 23 May 2023, at 17:40, Claudio Jeker wrote:
>
> On Tue, May 23, 2023 at 07:09:51AM -, Stuart Henderson wrote:
>> On 2023-05-23, David Gwynne wrote:
>>> On Sat, May 20, 2023 at 09:44:51AM +0200, Holger Glaess wrote:
>>>> hi
>>>>
20
> you are on farin as root
> /usr/src/sbin/ifconfig 165>./ifconfig mpe1
> mpe1: flags=51 rdomain 200 mtu 1500
> ??index 82 priority 0 llprio 3
> ??encap: txprio 0 rxprio packet
> ??mpls: label 200 rdomain 20
> ??groups: mpe
> ??inet 172.16
On Fri, May 19, 2023 at 04:44:38PM +0200, Holger Glaess wrote:
> hi
>
>
> if you do an "ifconfig mpeX" , will not show the configured tunneldomain.
>
> /etc 59>ifconfig mpe1
> mpe1: flags=51 rdomain 200 mtu 1500
> ??index 82 priority 0 llprio 3
> ??encap: txprio 0 rxprio packet
>
inside the kernel tags are given numeric identifiers, and these numbers are
used everywhere. the length of the tag name doesnt affect performance.
> On 21 Apr 2023, at 04:10, Cristian Danila wrote:
>
> Hello Misc,
>
> I have a technical question in regards to PF tags.
> I was always wondering
On Tue, Apr 18, 2023 at 07:51:08PM +, Samuel Jayden wrote:
> Hello,
> I have one veb interface in OpenBSD 7.2 and 5 ethernet ports are paired
> with this veb. As I understand from the ifconfig output, 4096 mac address
> cache values can be kept in this veb interface .
>
> ifconfig veb10
> veb1
> On 21 Mar 2023, at 05:05, Valdrin MUJA wrote:
>
> Hello folks,
>
> I have successfully configured the VPLS by following the instruction on
> https://pawa.lt/posts/2018/01/vpls-with-openbsd/.
> Everything worked like a charm.
>
> But when I tried to use veb(4) instead of bridge(4) , I got
On Sat, Mar 11, 2023 at 11:30:52AM +0100, lisper.drea...@tutanota.com wrote:
> Hi Misc,
> I'm trying to use alpine linux as a router/gateway to my OpneBSD machine.
> I can set up alpine linux with vmm and configure its network, no problem so
> far.
> I'd like my host network traffic to get in and
On Thu, Feb 09, 2023 at 11:44:56AM -, Stuart Henderson wrote:
> On 2023-02-08, Martin Kj??r J??rgensen wrote:
> >
> > When configuring the athn0 with no IP address, and adding the interface to a
> > bridge0 interface along with the em1 device and a vether0 device, clients
> > still connects fi
> On 25 Jan 2023, at 10:03, Martin Schröder wrote:
>
> Am Mi., 25. Jan. 2023 um 00:45 Uhr schrieb David Gwynne :
>> I think you can do this on OpenBSD with https://github.com/eait-itig/commarp
>> and just routing on em0. I don’t think any layer 2 things like bridge or ve
uses. Do you
have a definition of what you think it means before I say yes or no?
>
> On Tue, 24 Jan 2023 at 23:45, David Gwynne wrote:
>>
>> I think you can do this on OpenBSD with https://github.com/eait-itig/commarp
>> and just routing on em0. I don’t think any layer
I think you can do this on OpenBSD with https://github.com/eait-itig/commarp
and just routing on em0. I don’t think any layer 2 things like bridge or veb
are needed, and probably won’t work anyway because as Claudio said, they don’t
want to hairpin anyway.
That code doesn’t have any manpages un
> On 23 Jan 2023, at 05:42, Hrvoje Popovski wrote:
>
> On 22.1.2023. 12:45, David Gwynne wrote:
>>> hostname.veb1
>> description "LAN"
>>
>>> link1
>> you don't want to enable link1 unless you want pf to filter traffic on
>>
On Sat, Jan 21, 2023 at 03:41:56PM +0300, kasak wrote:
> Hello misc!
>
> I'm using bridge for integrating remote clients to my network with this
> simple config:
>
> $ cat /etc/hostname.bridge0
> add vether0
> add em1
> add tap1
> up
>
> I see in this commit that veb is supposed to replace bridg
On Sun, Jan 22, 2023 at 10:25:13AM +0100, Hrvoje Popovski wrote:
> On 22.1.2023. 3:27, Scott Colby wrote:
> > Hello,
> >
> > I am trying to set up a router with a fresh install of OpenBSD 7.2,
> > and I'm having a hard time grokking how to use veb.
> >
> > I have organized my network into 4 subne
> On 22 Jan 2023, at 10:44, David Gwynne wrote:
>
> On Sat, Jan 21, 2023 at 01:46:34PM -0800, patrick keshishian wrote:
>> On 1/20/23, David Gwynne wrote:
>>> On Fri, Jan 20, 2023 at 11:09:47AM -0800, patrick keshishian wrote:
>>>> Hello,
>>>&g
On Sat, Jan 21, 2023 at 01:46:34PM -0800, patrick keshishian wrote:
> On 1/20/23, David Gwynne wrote:
> > On Fri, Jan 20, 2023 at 11:09:47AM -0800, patrick keshishian wrote:
> >> Hello,
> >>
> >> I am trying get a new ISP setup working. The Router is
>
On Sat, Jan 21, 2023 at 01:32:18PM -0800, patrick keshishian wrote:
> On 1/20/23, Hrvoje Popovski wrote:
> > On 20.1.2023. 20:09, patrick keshishian wrote:
> >> Hello,
> >>
> >> I am trying get a new ISP setup working. The Router is
> >> causing some pain. There is a /28 public block assigned.
>
On Fri, Jan 20, 2023 at 11:09:47AM -0800, patrick keshishian wrote:
> Hello,
>
> I am trying get a new ISP setup working. The Router is
> causing some pain. There is a /28 public block assigned.
> The DSL router can't be configured in transparent bridge
> mode (they say). It holds on to one of
ch site, and I am planning to
> > tunnel tpmr through this - I guess that tpmr itself is not encrypted in any
> > way?
> >
> > Regards, Lars.
> >
> > On Fri, Dec 16, 2022 at 4:30 PM deich...@placebonol.com <
> > deich...@placebonol.com> wrote:
> >
> >> I've run L2 over an IPsec tunnel using egre (gre(4)) and bridge (bridge
> >> (4)) to connect systems in different locations together.
> >>
> >> This was done before David Gwynne created tpmr(4). I've been to lazy to
> >> reimplement my current configuration.
> >>
> >> 73
> >> diana
> >>
> >
dhcpd reads packets off the wire using BPF, which happens as packets come off
the network interface, but before the IP stack where pf runs.
> On 17 Dec 2022, at 22:40, Cristian Danila wrote:
>
> Good day!
> I finished setup an DHCP server and for some reason it seems DHCP
> server is ignoring P
On Fri, Dec 16, 2022 at 11:39:02AM +0100, Hrvoje Popovski wrote:
> On 16.12.2022. 11:33, Lars Bonnesen wrote:
> > We are about to migrate VM's from one datacenter to another and the VMware
> > L2VPN we are using for this is simply not stable for some reason that we
> > cannot figure out why.
> >
>
It looks like vport0 is down. Add "up" to hostname.vport0 and ifconfig
vport0 up.
On Thu, 12 May 2022 at 15:40, David Demelier wrote:
> Hello,
>
> I'm trying to setup vms using the wonderful vmd and private addresses
> on 10.0.0.0 range. Following the various entries in the FAQ (faq16) and
> the
> On 3 Apr 2022, at 21:46, Denis Fondras wrote:
>
> Hi,
>
> In vxlan(4) manual, we have :
>
> endpoint mode
> When configured without a tunnel destination address, vxlan operates as
> a bridge, but with learning disabled.
>
>
> The question is : is it possible to set tu
loopback interfaces are special and kind of end up representing an rdomain
inside the kernel, which is where this restriction comes from.
dlg
> On 2 Apr 2022, at 09:36, Tom Smyth wrote:
>
> Hello,
> I came across an issue that once a rdomain is set on a
> loopback interface
> you cant
On Wed, Mar 23, 2022 at 02:34:54PM -0400, Aner Perez wrote:
> On 3/22/22 00:37, David Gwynne wrote:
> > On Mon, Mar 21, 2022 at 04:37:59PM -0400, Aner Perez wrote:
> > > I noticed that if I put an "ifname" (or "on") in a fllter expression for
> > >
On Mon, Mar 21, 2022 at 04:37:59PM -0400, Aner Perez wrote:
> I noticed that if I put an "ifname" (or "on") in a fllter expression for
> tcpdump, it will show all traffic that has an ifname that *starts with* the
> name I provided.?? e.g.
>
> # tcpdump -n -l -e -ttt -i pflog0 ifname vlan1
>
> Wil
On Wed, Feb 23, 2022 at 04:55:05PM +, Laura Smith wrote:
> I've never had occasion to use bi-nat before and I'm struggling a little to
> wrap my head around the concept.
>
> The OpenBSD FAQ (https://www.openbsd.org/faq/pf/nat.html) gives the following
> example:
>
> "pass on tl0 from $web_s
> On 10 Feb 2022, at 18:55, Stuart Henderson wrote:
>
> Normally if you have two addresses on the same lan you'd configure them
> as aliases on the one interface, this seems a bit of a non-standard
> config.
If aggr/trunk to increase bandwidth makes sense, then you can think of
configuring mu
you've set the net.inet.gre.allow sysctl to 1, right?
> On 16 Jan 2022, at 17:05, Markus Wipp wrote:
>
> Hi David,
>
> First of all thank you so much taking the time for my question!
>
>> My first impression is that you're confusing where to apply policy to
>> the encapsulated traffic. "pass o
On Sat, Jan 15, 2022 at 08:10:44PM +0100, Markus Wipp wrote:
> Hi all,
>
> This is my first mail to an OpenBSD list, so I hope I chose the correct one.
>
> I???m trying to get a GRE tunnel in combination with pf working a few days now
> on my OpenBSD (OpenBSD 7.0 (GENERIC.MP) #232: Thu Sep 30 14
On Sun, Dec 26, 2021 at 07:46:01AM +, Simon Baker wrote:
> Hi,
>
> Struggling a bit debugging something, and hoping someone can point me in the
> right direction.
ok. after staring at this for a while im pretty sure it's an actual bug
rather than a misconfiguration.
> I???ve got 4 physical
Hi Irshad,
Assuming I understand your layout correctly, you should be able to use
hostname.if configurations files like the following:
$ cat hostname.em0:
up
$ cat hostname.vlan20
description "Trusted (L2+L3)"
vnetid 20 parent em0
inet aa.bb.cc.dd 255.255.255.0
up
$ cat hostname.vlan10:
descri
> On 11 May 2021, at 05:01, pas...@pascallen.nl wrote:
>
> Dear David,
>
> How do you start homeassistant after a reboot? Manually?
i have these scripts. the pexp in the rc script doesnt work, but i havent
needed it to yet.
apathy$ cat /etc/rc.d/hass
> On 10 May 2021, at 8:05 pm, Bastien Durel wrote:
>
> Le samedi 08 mai 2021 à 12:07 +0200, Bastien Durel a écrit :
>> Le 08/05/2021 à 11:56, Stuart Henderson a écrit :
> Does it work if you use the syntax suggested in the upgrade
> notes
> for the example with "pass in on pppoe1 r
fe:e1:ba:d3:17:a0 vport2 16 flags=0<>
ix#
dlg
>
> thanks
> Thomas
>
> On Mon, 10 May 2021 at 08:10, David Gwynne wrote:
> >
> > Hi Thomas,
> >
> > I'd give this a go with vport(4) interfaces instead of vether(4), and
> join them al
ive been running hass on openbsd for a while now, and just did a new
install on 6.9 for my boss on the weekend.
i set up a _hass user for it to run as, and gave it /opt/hass:
hass$ getent passwd _hass
_hass:*:2000:2000:Home Assistant:/opt/hass:/sbin/nologin
hass$ getent group 2000
_hass:*:2000
ha
Hi Thomas,
I'd give this a go with vport(4) interfaces instead of vether(4), and join them
all together at layer 2 by adding them to a single veb(4).
Cheers,
dlg
> On 10 May 2021, at 03:04, Thomas Huber wrote:
>
> Hi misc,
>
> I wanted to tinker with the cluster manager sysutils/nomad but
>
> On 9 Apr 2021, at 18:55, Martin wrote:
>
> Hello list,
>
> I have working IPv4 OpenBSD router. There are no problems with native IPv4
> and IPv6 traffic filtering/redirecting at all.
>
> Now stuck with filtering IPv4 traffic encapsulated in IPv6 tunnel using gif
> interface.
>
> IPv6 int
On Mon, Apr 05, 2021 at 09:51:53AM +0300, Hakan SARIMAN wrote:
> Hello Misc,
>
>
> I think divert-packet feature with NAT/NAPT is broken.
>
> I can not reach to web server when I use divert-packet with rdr-to.
>
> Is this a known bug or a new issue?
There's no other options? Just those two?
I
On Sun, Feb 28, 2021 at 01:17:01PM +0100, Rachel Roch wrote:
>
>
>
> 28 Feb 2021, 11:28 by s...@spacehopper.org:
>
> > On 2021/02/28 11:46, Rachel Roch wrote:
> >
> >> Thank you all for the suggestions, I am currently testing a few of them.
> >>
> >> Incase it makes any difference, the underlyi
> On 1 Feb 2021, at 6:02 pm, Bryan Stenson wrote:
>
> Hi all -
>
> I'm trying to setup a pair of ERL3 octeon routers in master/standby
> mode via carp/pfsync to route traffic from my internal lan to the
> internet. I've seen strange behavior wrt carp on these machines, so
> in an attempt to
On Tue, Dec 15, 2020 at 06:43:12PM -0500, Daniel Jakots wrote:
> On Tue, 15 Dec 2020 14:30:16 +1000, David Gwynne
> wrote:
>
> > Can you try tcpdump -p -veni em0 -D in and see if any LACP packets
> > appear to come in on the port? If not, can you remove the -p and see
>
> On 14 Dec 2020, at 08:40, Daniel Jakots wrote:
>
> On Sun, 13 Dec 2020 20:34:35 - (UTC), Stuart Henderson
> wrote:
>
>> On 2020-12-12, Daniel Jakots wrote:
>>> I've been using a LACP trunk on my apu (with the three em(4)). On
>>> top of which I have some vlans. I've been doing that fo
is the backup. i suggest using
an address like one in 169.254.x.y/16 so the carps can elect.
>
> Le 23/07/2020 à 03:15, David Gwynne a écrit :
>>> On 22 Jul 2020, at 22:59, Guy Godfroy wrote:
>>>
>>> Hello,
>>>
>>> So I read in 6.7 release no
> On 22 Jul 2020, at 22:59, Guy Godfroy wrote:
>
> Hello,
>
> So I read in 6.7 release note that it's finally possible to use dhclient on
> CARP interface. That's great news.
>
> However, I'm not sure how to use it on a hostname.if file. I tried to replace
> inet instruction directly with
> On 20 Jul 2020, at 05:30, Stuart Henderson wrote:
>
> On 2020-07-19, obs...@loopw.com wrote:
>>
>>> Is this normal?
>>
>> Checksum is OPTIONAL in UDP, not required. This is covered in RFC 768.
>
> For IPv4, anyway. It's required for v6.
Or is it?
https://tools.ietf.org/html/rfc6935
> On 14 May 2020, at 4:22 pm, mabi wrote:
>
> Hi Iain,
>
> ‐‐‐ Original Message ‐‐‐
> On Wednesday, May 13, 2020 7:55 PM, Iain R. Learmonth wrote:
>
>> More details are at:https://marc.info/?l=openbsd-cvs&m=156229058006706&w=2
>
> I actually already read that one after seeing the a
On Thu, Dec 19, 2019 at 01:59:30PM +0100, Hrvoje Popovski wrote:
> On 15.12.2019. 23:01, Hrvoje Popovski wrote:
> > On 15.12.2019. 12:45, Holger Glaess wrote:
> >> hi
> >>
> >>
> >> ?? runing version
> >>
> >>
> >> /etc 16>dmesg | more
> >> Copyright (c) 1982, 1986, 1989, 1991, 1993
> >> ??
1 - 100 of 318 matches
Mail list logo
