gt; > On 20 Nov 2024, at 11:15, Tom Smyth wrote:
> >
> > Hi Folks,
> > Thanks for the suggestions... also I have run policy based ipsec
> > between fortniet and openbsd and it seemed to work well...
> > we just want to run dynamic routing so it is easier have tu
priority 0 llprio 3
groups: sec
inet 172.16.1.2 --> 172.16.1.1 netmask 0x
It works ok .. . feels a little magic :)
thanks for wrtiting the sec(4) driver and the integration with iked... ipsec
Much obliged...
Tom Smyth
On Tue, 19 Nov 2024 at 12:04, David Gwynne wrote:
an ip address on and route over
,
any pointers would be really appreciated
thanks
Tom Smyth
--
Kindest regards,
Tom Smyth.
32 0 2529286504
> 98156 0
> vlan0 150004:3f:72:b8:bf:0a 2324523408 0 994911784
> 3752 0
> vlan0 1500 10.90/1610.90.0.102324523408 0 994911784
> 3752 0
> vlan1 150040:a6:b7:3d:ac:60 1725034503 0 1757650331
> 92484 0
> vlan1 1500 10.1/16 10.1.0.2501725034503 0 1757650331
> 92484 0
> vlan10 1500bc:97:e1:d8:55:b0 841039615 0 1905162366
> 31036 0
>
>
> Thanks for your help.
> Marc
>
>
>
--
Kindest regards,
Tom Smyth.
submitted comprehensive bug reports
and or fixes and Pull requests ... it is really appreciated...
If you have encountered a problem in nsh recently we would like to tackle
it in the upcoming release
Thanks again
Tom Smyth.
irq 12
pckbd0 at pckbc0 (kbd slot)
wskbd0 at pckbd0 mux 1
pms0 at pckbc0 (aux slot)
wsmouse0 at pms0 mux 0
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
vmm0 at mainbus0: VMX/EPT (using slow L1TF mitigation)
uhidev0 at uhub1 port 1 configuration 1 interface 0 "QEMU QEMU USB Tablet"
rev 2.00/0.00 addr 2
uhidev0: iclass 3/0
ums0 at uhidev0: 3 buttons, Z dir
wsmouse1 at ums0 mux 0
vscsi0 at root
scsibus3 at vscsi0: 256 targets
softraid0 at root
scsibus4 at softraid0: 256 targets
root on sd0a (f6d6d0484f41c115.a) swap on sd0b dump on sd0b
--
Kindest regards,
Tom Smyth.
--
Kindest regards,
Tom Smyth.
...
Thanks again
Tom Smyth.
Jeker wrote:
>
> On Tue, Jul 23, 2024 at 08:51:19AM +0100, Tom Smyth wrote:
> > Folks,
> >
> > As an ISP we often have to manage wans for customers where we don't
> > have access to customers firewalls, and the customers expect full
> > sized frames / packets
erformance is not brilliant , so I'm hopping
there is a kernel driver device that would allow
I was wondering if anyone else ran into this issue and resolved it
with an existing device driver in OpenBSD...
Thanks
--
Kindest regards,
Tom Smyth.
Hi Jan sorry for the late reply,
Thanks for your comments and questions ,
Replies are in line
On Wed, 17 Jul 2024 at 13:12, Jan Stary wrote:
>
> On Jul 10 17:05:55, tom.sm...@wirelessconnect.eu wrote:
> > Hi Jan
> > thanks for your Reply and feedback,
> > please find my replies in line ,
> >
>
669180 - 3 em1
> 104.167.241.2108a:2c:1c:4a:15:f4 UHLc 0 1412439 - 3 em1
> 104.167.241.21100:25:90:5a:2d:92 UHLl 0 766416 - 1 em1
> 104.167.241.255104.167.241.211UHb0 449707 - 1 em1
> 127/8 127.0.0.1 UGRS 00 32768 8 lo0
> 127.0.0.1 127.0.0.1 UHhl 2 1707666 32768 1 lo0
>
> --
> jrmu
> IRCNow (https://ircnow.org)
>
--
Kindest regards,
Tom Smyth.
Hi Stuart I heard that no swap stops dumps in the event of a panic
On Wed, 10 Jul 2024 at 21:46, Stuart Henderson
wrote:
>
> On 2024-07-10, Tom Smyth wrote:
> > I don't include a swap partition on the routers in the field as I
> > don't want them swapping to disk,
sue (in my deployment scenario)
Thanks
Tom Smyth
On Wed, 10 Jul 2024 at 18:39, Kirill A. Korinsky wrote:
>
> On Wed, 10 Jul 2024 17:40:17 +0100,
> Tom Smyth wrote:
> >
> > swap /tmp mfs rw,nosuid,noexec,nodev,-s=262144 0 0
> > swap /var/log mfs rw,nosuid,noexec,nodev,-s=
mfs (asynchronous, local, noexec, nosuid,
size=32768 512-blocks)
Thanks again
On Wed, 10 Jul 2024 at 17:07, Tom Smyth wrote:
>
> Hi Kirill,
> Ill give sync a go ... and see how it impacts performance...
> thanks for the suggestion,
>
> On Wed, 10 Jul 2024 at 16:30, Kirill
Hi Kirill,
Ill give sync a go ... and see how it impacts performance...
thanks for the suggestion,
On Wed, 10 Jul 2024 at 16:30, Kirill A. Korinsky wrote:
>
> On Wed, 10 Jul 2024 14:44:28 +0100,
> Tom Smyth wrote:
> >
> > #cat /etc/fstab
> >
> > ff0023511d131f
etc .
>
> > ###
> > This seems to solve problems with upgrades and package updates,
basically if the partition was not synced with a copy on shutdown you
would lose the updated files ...
>
> What problem?
>
> Jan
>
--
Kindest regards,
Tom Smyth.
?
Any thoughts / feedback welcome
Thanks
Tom Smyth
On Sun, 15 Mar 2020 at 15:26, Maurice McCarthy wrote:
>
> There is a discussion about sofdeps here
> http://openbsd-archive.7691.n7.nabble.com/What-are-the-disadvantages-of-soft-updates-td264283.html
>
--
Kindest regards,
Tom Smyth.
removal code in place...
so more memory used but then interactive commands cannot tax the box
too much when asking what are all the blackhole routes, reject routes
host routes / arp entries ?
Thanks
Tom Smyth
On Tue, 25 Jun 2024 at 10:00, Claudio Jeker wrote:
>
> On Tue, Jun 25, 2024 at
Thanks Stuart,
Ill take a look at how the prefix searches are done ... and see if I
can re-use that for route(8) if people think that it would be useful
to have in route(8)
Thanks again,
Tom Smyth
On Tue, 25 Jun 2024 at 09:39, Stuart Henderson
wrote:
>
> On 2024-06-24, Tom Smyth
Im missing,
would I be better off improving route(8) rather than stringing
commands together for NSH ?
comment and feedback welcome
--
Kindest regards,
Tom Smyth.
Folks
if any of you are using nsh on OpenBSD and
you have any feedback likes or dislikes would be glad to hear of them, I
will try to incorporate any feedback in the course on nsh in BSDCan or in
the manual page for nsh
Thanks
--
Kindest regards,
Tom Smyth.
issue. ?
Im running OpenBSD 7.4 Stable on amd 64
I have upgraded to OpenBSD 7.5 snapshot and updated the Fastnetmon package
Thanks
Tom Smyth
On Fri, 23 Feb 2024 10:49:05 -0700
Ian Timothy wrote:
> > On Feb 23, 2024, at 10:33, Tom wrote:
> >
> > command `ssh user@fe80::262:bff::@em0` works just fine.
> >
> > `ssh -J user9001@jumpserver user@fe80::262:bff::%em0`
>
> Don’t know
Hi list!
Could you please guide me how to use link-local addresses with jumphost?
I have a server 'X' with a link local IPv6 address of
fe80::262:bff::
that IP is reachable from the server 'jumpserver' via interface em0,
command `ssh user@fe80::262:bff::@em0` works just fine.
Ho
Thanks for that...
Ill setup a test system so ... Thanks
On Thu, 13 Apr 2023 at 07:33, Stuart Henderson
wrote:
>
> On 2023-04-12, Tom Smyth wrote:
> > does anyone have experience on running coverity on OpenBSD ...
> > Im trying to scan a port im maintaining at the minute...
Folks,
does anyone have experience on running coverity on OpenBSD ...
Im trying to scan a port im maintaining at the minute...
there does not seem to be binaries for coverity for OpenBSD
Tjanks
--
Kindest regards,
Tom Smyth.
your ospf area in your ospfd.conf file
Note when you redistribute a static address it will appear as an
external route in the
The link state advertisements from the router ... (it wont be an intra
area route) which can affect the route metric during the route
selection process...
Thanks
Tom Smyth
afer not to) - smokeping_fcgi
> > > does not chroot.
> > >
> > >
> > Hmm, I did this on the basis of a post by you (5/11/20) in response to Tom
> > (5/10/20) which I interpreted as needing several files moved into www
> > "jail."
>
t; > You shouldn't need that bit (and it is safer not to) - smokeping_fcgi
> > does not chroot.
> >
> >
> Hmm, I did this on the basis of a post by you (5/11/20) in response to Tom
> (5/10/20) which I interpreted as needing several files moved into www "jail."
Folks,
just on this changing the binary /usr/sbin/dig... to /usr/bin/dig and
going from 7.2 to 7.3 massive drop in latency of queries in a local
dns server in the same datacentre ...
just thought it would be useful ... before and after smoke graph below
On Tue, 7 Mar 2023 at 14:30, Tom Smyth
is way faster ... for the user interface... ... Ill let you know if
there are any negative impact on the graphs ...
Thanks
Tom Smyth
On Wed, 8 Mar 2023 at 15:21, Tom Smyth wrote:
>
> Hello
> I found that RRDCached helps with the gaps in the graphs... (write
> i/o burst smoothi
4:16, Stuart Henderson wrote:
>
> On 2023/03/07 14:38, Tom Smyth wrote:
> > the config below seems to get rrdcached working with httpd in OpenBSD. ...
>
> Thanks, I've added this to the pkg-readme.
>
> > the loading of the smokeping detailed graphs still takes a whi
SmokePing of Wireless Connect Ltd. \
This Tool Shows the latency of the \
Wireless Connectnetwork.
alerts =
Sustained_5%_loss,Sudden_10%_Loss,Sporadic_Loss,Latency_Over_50ms,Offline_at_startup
#####config-sniped#
smoke1# rcctl ls started
cron
dhcpleas
0 1264K 1956K idle kqread0:00 0.00% ntpd
30532 root 20 1716K 2164K idle kqread0:00 0.00% smtpd
On Tue, 7 Mar 2023 at 08:36, Stuart Henderson wrote:
> On 2023/03/07 07:10, Tom Smyth wrote:
> > I m running smokeping fcgi and rrdcached ontop of OpenbSD, to smok
Hi Peter,
Thanks for that ... you are 100% correct... I was caught off guard with
that thanks ...
I Think I need to go through my upgrades ... for more RmFiles... :/
Thanks it worked just fine...
Much Obliged,
Tom Smyth
On Tue, 7 Mar 2023 at 12:48, Peter Hessler wrote:
> On 2023
1.00/1.00 addr 1
isa0 at pcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5 irq 1 irq 12
pckbd0 at pckbc0 (kbd slot)
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pms0 at pckbc0 (aux slot)
wsmouse0 at pms0 mux 0
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
vmm0 at mainbus0: VMX/EPT (using slow L1TF mitigation)
vscsi0 at root
scsibus3 at vscsi0: 256 targets
softraid0 at root
scsibus4 at softraid0: 256 targets
root on sd0a (59cdf031e4c1fe67.a) swap on sd0b dump on sd0b
smoke1# uname -va
OpenBSD smoke1server.com 7.3 GENERIC.MP#1094 amd64
--
Kindest regards,
Tom Smyth.
ol Shows the latency of the \
Wireless Connectnetwork.
alerts =
Sustained_5%_loss,Sudden_10%_Loss,Sporadic_Loss,Latency_Over_50ms,Offline_at_startup
#config-sniped#########
smoke1# rcctl ls started
cron
dhcpleased
httpd
ntpd
pflogd
resolvd
rrdcached
smokeping
smokeping_fcgi
smtpd
sshd
syslogd
--
Kindest regards,
Tom Smyth.
t
> id=5
> 12 0.26551410.10.2.1 ? 10.10.2.10 RADIUS 161
> Access-Challenge id=5
> 13 0.266328 10.10.2.10 ? 10.10.2.1RADIUS 191 Access-Request
> id=6
> 14 0.28460710.10.2.1 ? 10.10.2.10 RADIUS 226 Access-Accept id=6
>
> Question: How to avoid altering fragment_size to get this working ?
>
> Some clients could not be set so easily like phones.
>
> Thank you.
>
> Mikhael.
>
>
--
Kindest regards,
Tom Smyth.
this issue (of network
timeouts for certain applications
I hope this helps,
Tom Smyths
On Mon, 6 Feb 2023 at 15:41, Riccardo Mottola
wrote:
> Hi,
>
> Rodrigo Readi wrote:
> > Can someone recommend a lightweight Browser that support javascript?
>
> "Lightweight" i
t;
> $ cat /etc/hostname.vr3
> inet 10.1.111.1 255.255.255.0
>
> $ cat /etc/ospfd.conf
> router-id 10.109.3.15
> redistribute connected
>
> area 0.0.0.0 {
> interface vr0
> interface vr3
> }
>
> Thanks,
> Radek
>
>
--
Kindest regards,
Tom Smyth.
(ususally ) moan about it
watch your mac address table size and your hardware capacity on your
switch...with this stuff... (know your switch hardware capacity and specs)
i hope ths helps...
On Wed, 25 Jan 2023 at 15:14, Cristian Danila wrote:
> Thank you so much Tom and David for giving me id
minimising broadcast waste of bandwidth (on large
wireless access networks)
On Tue, 24 Jan 2023 at 23:53, David Gwynne wrote:
>
>
> > On 25 Jan 2023, at 09:47, Tom Smyth
> wrote:
> >
> > Hi David is that like a local proxy arp type setup (on typical
> > netwo
ARP for. eg:
>
> $ cat /etc/commarp.conf
> interface em0 {
> allow 192.168.1.16 - 192.168.1.254
> }
>
> There’s no point rewriting ARP requests for the IP your router is using on
> that subnet, or carp addresses on that subnet, etc.
>
>
> > On 24 Jan 2023,
t; P.S.: Anyone using RAID5 with SSD drives? How is the write speed there?
>
> Best wishes,
> Atanas
>
--
Kindest regards,
Tom Smyth.
helps...
On Tue, 24 Jan 2023 at 12:24, Claudio Jeker wrote:
>
> On Tue, Jan 24, 2023 at 11:43:08AM +0000, Tom Smyth wrote:
> > Hello Cristian,
> > if you want to filter on layer 2 ... you would need to use Bridge
> > have a look at man ifconfig(8)
> > bridge filt
it but I miss a
> starting point and I would
> really appreciate any hint.
>
> Kind regards,
> Claudiu
>
--
Kindest regards,
Tom Smyth.
> expecting some kind of issue, but when I told him they were dc(4)s,
> he was disappointed and said, "Well, of course those will work".
>
> I had a machine for a while with something like ten or
> eleven em(4)s in it, I had fired it up, don't recall seeing any
> problems with it identifying all the ports (in fact, iirc, it found
> a port on the MoBo that was not extended to the outside). Again,
> no issue, but after staring at the power hungry box for many years
> and never doing anything with it, it finally got recycled. Again,
> that was many releases ago...so not sure how it applies today.
>
> Current FW box is a old citrix appliance with a six port NIC and two
> onboard ports, for eight em(4)s.
>
> Nick.
>
--
Kindest regards,
Tom Smyth.
D host (vmx)
>
> I am asking because I am running an OpenBSD on a VMware host but apparently
> OpenBSD can only see 8 of them.
>
> Can I raise the limit somehow?
>
> Regards, Lars.
--
Kindest regards,
Tom Smyth.
P and that BiDI sfp works on mikrotik
> RB5009UG+S+IN and cisco 2960 switch. On aruba 2540 (allow unsupported
> transceiver), ibm switch and openbsd ix(4) it won't work.
>
> I've ordered few BiDi sfp from fs.com and maybe my ISP will lend me
> MaxLink sfp so I could test them in lab.
>
> Thank you Stuart for information ...
>
--
Kindest regards,
Tom Smyth.
prefixes to your upstream peers...
man bgpd.conf will show any other syntax that may be depreciated... (
I have nevever set the softreconfig I *think* it is now a default ...
I hope this helps,
Tom Smyth
On Mon, 19 Dec 2022 at 11:59, Toni Mueller wrote:
>
>
> Hi,
>
> I am tryin
want to decend into
plugging a propietary solution ...
I hope this helps
Tom Smyth
On Mon, 12 Dec 2022 at 22:35, Stuart Henderson
wrote:
>
> On 2022-12-12, c0ry wrote:
> > Hey folks,
> >
> > I noticed this line in the VMM FAQ (
> > https://www.openbsd.org/faq/faq16
Mon, 28 Nov 2022 at 21:46, Tom Smyth
wrote:
> Hello, Folks,
>
> Im reviewing our filesystem setup for OpenBSD CPEs that we deploy in the
> field
>
> in order to minimise the impact of Power Outages / Customer interference
> on the boxes,
> we install a 4G root partition
/dev/MAKEDEV /persist-fs/dev/
cd /persist-fs/dev/
/persist-fs/dev/MAKEDEV all
any feedback welcome, are there other folders that could be heavily written
to ?
is there shortcommings I have ommited swap (because of flash and ssd wear
concerns)
I hope this helps...
Tom Smyth
--
Kindest regards
t; https://www.pcengines.ch/wle200nx.htm
>
> If you would build today an accesspoint, on hardware with miniPCI, what
> would you choose, for OpenBSD?
>
> --
> Regards,
> Mikolaj
>
>
--
Kindest regards,
Tom Smyth.
yeah 0.0.0.0/32 ,( legacy broadcast address is a valid address and would be
included in very verbose explicit rules blocking traffic from invalid src
addresses ( for example)
hope this helps
On Fri 11 Nov 2022, 20:23 3, wrote:
> a very clever man once said that God does not play dice.. and he w
passowrds listed on a card , and ask
the user to enter password X ?
Thanks,
Tom Smyth
On Wed, 2 Nov 2022 at 02:14, Stuart Henderson
wrote:
> If anyone's got any good suggestions on how to do VPNs with 2FA
> on an OpenBSD gateway for non-technical users to access (iOS, Android
Hi Jesse,
you can check out https://www.openbsd.org/want.html perhaps there is an
overlap between developers requirements and what you have surplus,
it is a voluntary project so consider donating some hardware to the
developers according to that list,
Hope this helps,
Tom Smyth
On Fri, 7
howdy Steve...
on newer versions of openBSD open SMTPD
legacy tls versions / ciphers are disabled by default...
there is an option to allow legact tls versions ( i cant remember the
option off hand but man smtpd.conf and search for tls you should find it
handy enough...( this caught me out on an up
gt; > > the entire USB stick before expecting it to actually work. Nothing to
> > > do with the T5500.
>
> I am puzzled: how exactly is a zero filled USB stick
> less panicky than another USB stick?
>
>
--
Kindest regards,
Tom Smyth.
separate card or i/o
module to the onboard sata ...
Hope this helps
On Wed, 7 Sept 2022 at 12:19, Erling Westenvik
wrote:
> On Wed, Sep 07, 2022 at 11:41:49AM +0100, Tom Smyth wrote:
> > hi
> >
> > i would check bios / firmware settings
> >
> > try disabling memory
hi
i would check bios / firmware settings
try disabling memory mapped i/o in bios
check processor settings enable vt-d disable hyper threading ensure execute
disable is enabled
update the bios as it will update cpu microcode ...
dell alow you to select the emulation of sata
ahci vs raid vs
has an idea, please let me know.
>
> Best regards
> Florian
>
>
--
Kindest regards,
Tom Smyth.
valid..
I hope this helps,
Tom Smyth
On Wed, 13 Jul 2022 at 02:38, Tobias Fiebig <
tob...@reads-this-mailinglist.com> wrote:
> Heho,
> I am running OpenBGPd (on 7.1+binpatches), and have some tunnel links
> between hosts and up/downstreams over wg tunnels.
>
> I am basically
hi Adriano
can you just restart httpd with
rcctl restart httpd
did your ip addresses on external interface change ?
what are the loadef firewall rules
Thanks
Tom Smyth
On Thu 23 Jun 2022, 00:05 Adriano Barbosa, wrote:
> Hi.
>
> My httpd was working perfectly for the last 32
Hello Folks Im in Brussles for the evening if anyone wants to meet up
--
Kindest regards,
Tom Smyth.
es do not perform
> in the circus
>
--
Kindest regards,
Tom Smyth.
unnels or full packets in tunnels (layer3) )
the benefit of being able to send the full packet over the fragmented
tunnel does not in any way increase perf...
and the TCP MSS clamping gives the best throughput (in my experience) ...
Thanks again,
Tom Smyth
On Sun 15 May 2022, 21:02 Stuart Hende
ace)
the Router on the VPN wont sent a Fragment needed IP message to the
client because the MTU of the Tunnel was not exceeded
(but the MTU on the underlay was exceeded)
I hope the clarifications helps and that im right or at least that I
learn something new :)
Thanks
Tom Smyth
On Sun,
x27;s not something
> i have knowledge of
>
> - "more information in pf.conf": yes there is information in pf.conf on
> mtu, mss, and nat, including the syntax for using them. again, why
> wouldn;t we point people there?
>
> i'm happy to try and rework the text if you think it can be improved.
>
> jmc
>
--
Kindest regards,
Tom Smyth.
Hello all,
Thanks for the feedback it is really helpful to have peoples
experiences in the wild to
help feed into the training course content. and certainly better than
just my humble experience
I really appreciate all of your feedback.
Thanks again folks,
Tom Smyth
Tom Smyth
On Fri, 13 May
regards,
Tom Smyth.
balanced
I hope this helps,
( and thanks for your patience with my previous impulsive (albeit
trying to help) replies earlier
Tom Smyth
On Fri, 15 Apr 2022 at 11:12, Stuart Henderson
wrote:
>
> On 2022-04-14, Stefan Sperling wrote:
> > On Thu, Apr 14, 2022 at 09:26:41PM -, Stuart Hen
preemption timer on the
Proxmox Host
Sorry for bombing the list on this one ...
On Thu, 14 Apr 2022 at 22:54, Tom Smyth wrote:
>
> Stuart,
> sorry I wasnt entirely clear in my last email
>
> 1) you can try the /sys/module/kvm_intel/parameters/preemption_timer
>
> if the s
I have an Intel based Proxmox 7.1 being built pre-Production Ill have
a go with it... Tomorrow and let you know
On Thu, 14 Apr 2022 at 22:54, Tom Smyth wrote:
>
> Stuart,
> sorry I wasnt entirely clear in my last email
>
> 1) you can try the /sys/module/kvm_intel/parameters/p
Kernel sorted it
On Thu, 14 Apr 2022 at 22:45, Tom Smyth wrote:
>
> Stuart
>
> is your host on an Intel System ?
>
> I had an awful time with Proxmox 5.0 and 5.1
>
> with clock drift and console freezes
>
> can you try to disable the following feature in the Proxm
6 irq 6 drq 2
> pckbc0 at isa0 port 0x60/5 irq 1 irq 12
> pckbd0 at pckbc0 (kbd slot)
> wskbd0 at pckbd0: console keyboard, using wsdisplay0
> pms0 at pckbc0 (aux slot)
> wsmouse0 at pms0 mux 0
> pcppi0 at isa0 port 0x61
> spkr0 at pcppi0
> usb0 at uhci0: USB revision 1.0
> uhub0 at usb0 configuration 1 interface 0 "Intel UHCI root hub" rev 1.00/1.00
> addr 1
> uhidev0 at uhub0 port 1 configuration 1 interface 0 "QEMU QEMU USB Tablet"
> rev 2.00/0.00 addr 2
> uhidev0: iclass 3/0
> ums0 at uhidev0: 3 buttons, Z dir
> wsmouse1 at ums0 mux 0
> vscsi0 at root
> scsibus3 at vscsi0: 256 targets
> softraid0 at root
> scsibus4 at softraid0: 256 targets
> root on sd0a (cf14a346fbf0559d.a) swap on sd0b dump on sd0b
> fd0 at fdc0 drive 1: density unknown
>
>
>
--
Kindest regards,
Tom Smyth.
Steve,
if you like books ...
Peter Hansteen has written a book the book of pf
which I have read and would recommend
https://nostarch.com/pf3
and if you are interested in firewalls ingeneral and comparing features
On Thu, 7 Apr 2022 at 10:40, Tom Smyth wrote:
>
> Hi Steve,
> Im goin
Openbsd you are running ...
man pfctl or man pf.conf will help you ...
if you need a intro to the intro ...
https://openbsdjumpstart.org by Wesley is pretty cool and gets you
started on OpenBSD and PF
Hope this helps,
Tom Smyth
On Thu, 7 Apr 2022 at 10:28, Brodey Dover wrote:
>
> To be
rsion:/usr/src/lib/libssl/tls13_lib.c:150:
> lost connection after STARTTLS from mout.web.de
>
> Can anybody with more knowledge of libressl and it's error messages tell by
> this error what is wrong?
>
> Best regards,
> Stephan
>
--
Kindest regards,
Tom Smyth.
Hey David thanks for reply makes more sens to me now ... Thanks again...
Tom Smyth
On Sat, 2 Apr 2022 at 04:11, David Gwynne wrote:
>
> loopback interfaces are special and kind of end up representing an rdomain
> inside the kernel, which is where this restriction comes from.
>
&g
: Operation not permitted
tobsd# ifconfig
--
Kindest regards,
Tom Smyth.
>
> Am i missing something, or is this a bug? If the latter, is this email
> sufficient to get it looked at, or i would need to report it more
> formally?
>
> Thanks,
> ITwrx
>
>
--
Kindest regards,
Tom Smyth.
need to disable all the
> dangerous functions, you can hardly use PHP. And then.. its on the PHP
> level, sooo. But maybe every little bit counts?
>
> Anyway, what are you guys doing if you're running PHP in production on
> OpenBSD? Besides from NOT running PHP in production at all.
>
> Kindest regards.
>
> --
> Sent with Tutanota, the secure & ad-free mailbox.
>
--
Kindest regards,
Tom Smyth.
Hello all, just following up on this as a call out to anyone who use nsh
or have used it in the past,
if you have any feedback / suggestions I would really appreciate that,
Thanks
Tom Smyth
On Sun, 18 Apr 2021 at 13:31, Tom Smyth
wrote:
> Hello,
>
> If anyone has used shells/nsh
ect
invalid recipients up front with a message of your choosing:
filter validuser phase rcpt-to match !rcpt-to \
reject "550 5.1.1 Mailbox does not exist"
and then include that filter in the chain for the exchanger listener.
HTH,
Tom
>
>
> Configurations are below; than
is pf allowing tcp port53 as well as udp port53 ?
On Wed 19 Jan 2022, 11:46 Laura Smith,
wrote:
> Hi
>
> OpenBSD NSD slave is driving me nuts with the following message in the
> logs "Could not tcp connect to X Operation timed out".
>
> The answer sounds obvious, but I can:
>
> - Ping the IP
> -
i think u need to do as root or configure doas to perform privleged
operation...
On Thu 13 Jan 2022, 17:26 Rob Whitlock, wrote:
> Attempting to extract xenocara.tar.gz while avoiding root proviliges as
> described here https://www.openbsd.org/faq/faq5.html#wsrc, I ran into an
> error, shown b
is awesome ...
Tom Smyth
On Wed, 5 Jan 2022 at 16:09, Sean McBride wrote:
> Hi all,
>
> (Newbie and first time poster, please be gentle :))
>
> I'm trying to set up spamd, and I think I'm having trouble with pf. So
> I tried to add a very basic test rule. I adde
again, Really appreciate your
Tom Smyth
On Wed, 22 Dec 2021 at 11:26, Stuart Henderson
wrote:
> On 2021-12-22, Dirk Coetzee wrote:
> > Hi Tom,
> >
> > I would recommend debugging using "unbound-control stats_noreset" and
> referencing the unbound conf
THanks Dirk Ill give that a go
Cheers,
Tom Smyth
On Wed, 22 Dec 2021 at 00:30, Dirk Coetzee wrote:
> Hi Tom,
>
> I would recommend debugging using "unbound-control stats_noreset" and
> referencing the unbound configuration documentation at
> https://www.nlnetlabs
Sorry forgot to say running OpenBSD on an amd64, and hosted in a KVM
environment,
Thanks
Tom Smyth
On Tue, 21 Dec 2021 at 21:15, Tom Smyth
wrote:
> Recommendations on Buffer Space for Busy Unbound Resolver Service for a
> network serving a 3000, customers
>
> Thanks
>
Recommendations on Buffer Space for Busy Unbound Resolver Service for a
network serving a 3000, customers
Thanks
--
Kindest regards,
Tom Smyth.
thanks
--
Kindest regards,
Tom Smyth.
13.9.2021. 12:58, Tom Smyth wrote:
> > Hi Hrvoje,
> >
> > is 10.90.0.0/24 <http://10.90.0.0/24> local to your firewall, and if I
> > understand your rule,
> > ike esp from 10.90.0.0/24 <http://10.90.0.0/24> to anyyou are
> saying
> > encryp
ld someone please point me in the right direction on what to look and
> configure?
>
> Thank you ..
>
>
--
Kindest regards,
Tom Smyth.
e forwarder address you might be able to statically configure
> > it, if not then you could modify vpnc-script to have it update the
> > address in unwind.conf and reload it.
>
> Thanks, this works somewhat:
>
> forwarder { $ip1 $ip2 }
> force accept bogus forwarder { $i
Am 2021-07-14 13:01, schrieb Stefan Sperling:
If the demote count never drops then perhaps pfsync traffic isn't
passing
properly?
tcpdump on pfsync device shows me PFSYNCv6 traffic all the time
as well comparing the results of "pfctl -s state" on both
systems shows no differences. The same set
but why? If I reboot the other node, the system become MASTER.
That is because the other system stops sending carp announcements
when you reboot it. This is unrelated to the demote counter. The demote
counter only matters as long as another carp MASTER remains visible.
A forced failover like
Am 2021-07-13 18:12, schrieb Jorge Peixoto:
Tom,
Assuming the fw cluster is properly set up, I guess because PF rule
states is unsync.
As times goes by, states gets synchronized.
JP
system as
expected.
This ar physical machines. I try to simulate this on vmware, but there
is everything fine. Both system starting with demote count 0.
I would appreciate any hint to understand this.
Tom
1 - 100 of 753 matches
Mail list logo
