Re: remote ssh login fail "Authenticator provider $SSH_SK_PROVIDER did not resolve" (macOS)

may be of interest, though not likely the same cause since you're hitting timeouts: https://marc.info/?t=17342023562&r=1&w=2 Andy

Re: accidentally overwritten wrong drive with DD, please help

Any work you do at recovery should be done on yet another copy of the same data so that you can keep one "master" copy around just in case. Some tools for recovering files can be found in packages like sleuthkit and testdisk. There may be others of which I'm unaware. Andy

Re: accidentally overwritten wrong drive with DD, please help

ition (or entire disk) if possible. Once you have that, make another copy of it and start using whatever tools you can to inspect the raw data to discover whether or not it is likely that you'll be able to recover anything from it. Andy

Re: mouse cursor no longer changes over hyperlinks in Firefox on OpenBSD 7.5

ding the older to firefox-127.0 (latest available for -stable), this config setting now works consistently for me with no additional configuration elsewhere in the filesystem. Andy

Re: mouse cursor no longer changes over hyperlinks in Firefox on OpenBSD 7.5

Thus said Hiltjo Posthuma on Tue, 11 Jun 2024 01:19:13 +0200: > iirc it can be worked around by setting in about:config: > > widget.gtk.legacy-cursors.enabled to true Madness! But it works. Thanks. Andy

mouse cursor no longer changes over hyperlinks in Firefox on OpenBSD 7.5

over other elements (like text entry) does work. It's just moving over links that no longer visibly changes the mouse cursor. Is this a problem isolated to Firefox? Is anyone aware of a change that would cause this and more to the point, how to recover the functionality? Thanks, Andy

Re: SSH Controlmaster holding devices

unmount later (or kill them first). Andy

Re: Proper way to set PATH environment with SSH non-interactive command

Thus said "Andy Bradford" on 04 Feb 2024 08:39:27 -0700: > But is there a file that I can modify that will cause the shell proper > to load some kind of environment setup also for non-interactive shells > started with -c? [For the archives] As it turns out, given that

Re: Proper way to set PATH environment with SSH non-interactive command

nows that their binary is found in a non-standard path, then the simplest thing is to specify the full path to the binary and leave the environment alone. Thanks, Andy

Re: Proper way to set PATH environment with SSH non-interactive command

erent path. Is this perhaps a bug? Maybe step 5 in LOGIN PROCESS is overwriting the PATH that was sent and received by the server? This is on OpenBSD 7.4. Thanks, Andy

Proper way to set PATH environment with SSH non-interactive command

eractive shells and there is no way to control the environment for non-interactive shells (from the remote side). Are these the only 2 options (PermitUserEnvironment or prepend the command with the environment) or is there something I'm missing from ksh(1)? Thanks, Andy

Re: qcad does not segfault when qtscript is compiled with -O0.

he association with qtscript and -O0 today. Thanks for the response. Andy

qcad does not segfault when qtscript is compiled with -O0.

what it's doing wrong? Is this perhaps a question for the QCad community? Thanks, Andy [1] https://marc.info/?l=openbsd-misc&m=166019212130315&w=2

Re: Default rdomain for CLI commands

more testing with my cronjobs to figure out why I had to add route -T0 exec to my crons, maybe I broke something in login.conf. As always, thanks for your time and comments everyone! Always appreciated Andy > On 24 Oct 2023, at 18:51, Claudio Jeker wrote: > > On Tue, Oct 24, 2023 at 0

Re: Default rdomain for CLI commands

routes, so now have to _always_ prefix with route -T0 exec (to support automated route changes etc). This must be unexpected behaviour to change dynamically like this? Thanks for your help, Andy. > On 24 Oct 2023, at 14:09, Lyndon Nerenberg (VE7TFX/VE6BBM) > wrote: > > Andy

Default rdomain for CLI commands

thoughts, Andy.

Re: Delay in starting xterm via ssh after upgrade from 7.3 to 7.4

g that is easily tested. You could also look through: http://www.openbsd.org/plus74.html See if any of the changes stand out as relevant and try to test them. Andy

Re: OpenBSD Wireguard implementation not copying ToS from inner to outer WG header

he longer the pipe / greater the BDP, the more noticeable it will be. Hope this helps, Andy.

Re: OpenBSD Wireguard implementation not copying ToS from inner to outer WG header

On 19 Sep 2023, at 20:07, Janne Johansson wrote:Den sön 17 sep. 2023 kl 09:19 skrev Andrew Lemin :Hi, I have been testing the Wireguard implementation on OpenBSD and noticed that the ToS field is not being copied from the inner unencrypted header to the outer Wireguard he

Re: PF queue bandwidth limited to 32bit value

> On 15 Sep 2023, at 18:54, Stuart Henderson wrote: > > On 2023/09/15 13:40, Andy Lemin wrote: >> Hi Stuart, >> >> Seeing as it seems like everyone is too busy, and my workaround >> (not queue some flows on interfaces with queue defined) seems of no >>

Re: PF queue bandwidth limited to 32bit value

Hi Stuart,Seeing as it seems like everyone is too busy, and my workaround (not queue some flows on interfaces with queue defined) seems of no interest, and my current hack to use queuing on Vlan interfaces is a very incomplete and restrictive workaround;Would you please be so kind as to provide me

Re: SCRIPT_FILENAME not set to index file.

Thus said "Andy Bradford" on 19 Aug 2023 08:44:23 -0600: > location "/books/*" { > fastcgi socket "/run/tcl.sock" > directory { index "index.tcl" } > } Responding to self for the archives in

SCRIPT_FILENAME not set to index file.

500 and the SCRIPT_FILENAME is again set to /vhosts/ssl/books. I suspect there's something missing in my reading of the man page. Thanks, Andy

Re: IPsec "road warrior" VPN not getting set up properly.

ally have anything of value to add, but... I'm not sure how NDP proxying and NAT are related at all. I seems to me that NDP proxying is more akin to proxy ARP than NAT: http://man.openbsd.org/arp#s Andy

qcad segfault on 7.1 amd64

quot;Generic USB2.0-CRW" rev 2.00/57.13 addr 3 umass0: using SCSI over Bulk-Only scsibus2 at umass0: 2 targets, initiator 0 sd2 at scsibus2 targ 1 lun 0: removable serial.0bda015392657120 vscsi0 at root scsibus3 at vscsi0: 256 targets softraid0 at root scsibus4 at softraid0: 256 targets root on sd0a (2efaa3fa93ca6a53.a) swap on sd0b dump on sd0b radeondrm0: KAVERI ### AML PARSE ERROR (0xf98): Undefined name: \\_SB_.ALIB error evaluating: \\_SB_.PCI0.VGA_.ATCS radeondrm0: 1920x1200, 32bpp wsdisplay0 at radeondrm0 mux 1: console (std, vt100 emulation), using wskbd0 wskbd1: connecting to wsdisplay0 wskbd2: connecting to wsdisplay0 wskbd3: connecting to wsdisplay0 wsdisplay0: screen 1-5 added (std, vt100 emulation) Thanks, Andy

secure.io domain

Would you consider selling this domain? -- Andy Booth Telephone: (+350) 5600-2587 Email: a...@booth.com Address: Booth.com, Ltd., Suite 4, 4 Giro's Passage, Gibraltar, GX11 1AA "Knowledge speaks, but wisdom listens." - Jimi Hendrix

problems with outbound load-balancing (PF sticky-address for destination IPs)

selection is done based on the “least utilised” path? Thanks for your time and consideration, Kindest regards Andy Sent from a teeny tiny keyboard, so please excuse typos.

Re: clock not set on boot

> From: "Theo de Raadt" > > ntpd is run by default, and magically will correct the time almost > immediately. > > Some significant effort went into this a few years ago. > > However, the kernel message will always be there. You can ignore it. > > Run ntpctl -s all, and you'll see the time has be

Re: No xenocara for ATI Radeon HD 2400 XT

rm0: 1680x1050, 32bpp wsdisplay0 at radeondrm0 mux 1: console (std, vt100 emulation), using wskbd0 wskbd1: connecting to wsdisplay0 wsdisplay0: screen 1-5 added (std, vt100 emulation) I wonder what the difference is between i386 and amd64... Thanks, Andy

Re: No xenocara for ATI Radeon HD 2400 XT

I guess for now I can reinstall with i386 unless there is something else that I should try for debugging. I can provide whatever is needed. Thanks, Andy

No xenocara for ATI Radeon HD 2400 XT

(0): initializing int10 [34.742] (EE) VESA(0): Cannot read int vect [34.742] (II) UnloadModule: "vesa" [34.742] (II) UnloadSubModule: "int10" [34.742] (II) Unloading int10 [34.742] (II) UnloadSubModule: "vbe" [34.742] (II) Unloading vbe [34.7

Re: Disable ftp in pkg_add syspatch sysupgrade

issues seems to have been resolved and now all packages are installing first time every time.. So I am not sure if this is just me or a 6.5 issue. Most likely the former ;) Kind regards, Andy. Sent from a teeny tiny keyboard, so please excuse typos > On 31 Oct 2019, at 01:47, Stuart Hender

Re: Disable ftp in pkg_add syspatch sysupgrade

).. So I think it was pretty fair for us to end up scratching our heads ;) Thanks, Andy. Sent from a teeny tiny keyboard, so please excuse typos > On 30 Oct 2019, at 15:54, Theo de Raadt wrote: > > Andrew Lemin wrote: > >> To me this seems unusual (was expecting 'curl&

Disable ftp in pkg_add syspatch sysupgrade

please stop using it for package management tools? :( I cannot update any of my OpenBSD servers which reside inside the firewall. Only the firewall itself get et updates because of the ftp dependence :( Thanks for your time. Andy. Sent from a teeny tiny keyboard, so please excuse typos

Re: Building Unbound with Python module support

fresh eyes the next day ;) All working now. You guys are heros. Thank you for the gentle nudges in the right direction. Kindest regards. Andy Lemin Sent from a teeny tiny keyboard, so please excuse typos > On 7 Aug 2019, at 09:01, Claudio Jeker wrote: > >> On Wed, Aug 07, 2019 a

Re: Building Unbound with Python module support

o tried --with-pythonmodule=/usr/local/lib/python2.7/site-packages Searching around shows others have found the exact same issue; https://nlnetlabs.nl/pipermail/unbound-users/2011-July/007371.html What do you think about this in context of OpenBSD? Thanks again for your time. Kind regards, Andy

Re: Building Unbound with Python module support

make this project native/portable so other users can use this project without having to rebuild Unbound? Thanks Andy. Sent from a teeny tiny keyboard, so please excuse typos > On 6 Aug 2019, at 19:36, Stuart Henderson wrote: > >> On 2019-08-06, Andy Lemin wrote: >> Hi guys

Re: Best 1Gbe NIC

Thanks for your comments guys. I’ve ordered some Intel NICs :) I just wanted to make sure I was getting the best offload capability, but I agree with you Claudio ;) Cheers, Andy. Sent from a teeny tiny keyboard, so please excuse typos > On 2 Aug 2019, at 19:09, Brian Brombacher wr

Building Unbound with Python module support

should be using a different source? Any initial thoughts? I’ll post exact errors as soon as I can. Thanks :) Andy. Sent from a teeny tiny keyboard, so please excuse typos

Re: Best 1Gbe NIC

Ahhh, thank you! I didn’t realise this had changed and now the drivers are written with full knowledge of the interface. So that would make Intel Server NICs (i350 for example) some of the best 1Gbe cards nowadays then? Thanks :) Andy Sent from a teeny tiny keyboard, so please excuse typos

Best 1Gbe NIC

disabled in the emX driver a while back as some functions where found to be insecure on die and so it was deemed safer to bring the logic back on CPU. So I’m looking for the best 1Gbe NIC that supports the most offloading/best driver support/performance etc. Thanks, Andy. PS; could we update

Re: DNS Race Condition on Boot

current fqdns in pf.conf can still go out of date (pf only resolves dns -> IP once during rule apply). So this solves that too. Cheers, Andy. Sent from a teeny tiny keyboard, so please excuse typos > On 4 Jul 2019, at 09:18, Otto Moerbeek wrote: > >> On Thu, Jul 04, 2019 at 0

DNS Race Condition on Boot

cleaner workaround? PS; Using an external DNS server in resolv.conf is not an option in this scenario. Cheers, Andy. Sent from a teeny tiny keyboard, so please excuse typos

ANN: pledge(1) security utility

rk interests you, by all means feel free to contact me privately, you probably won't find me on the lists. Cheerio, Andy.

Re: radeondrm failure on amd64 but not on i386?

Art Lenovo USB Optical Mouse" rev 2.00/1.00 addr 2 uhidev2: iclass 3/1 ums0 at uhidev2: 3 buttons, Z dir wsmouse0 at ums0 mux 0 vscsi0 at root scsibus6 at vscsi0: 256 targets softraid0 at root scsibus7 at softraid0: 256 targets root on sd5a (f2d5da28e9d59e44.a) swap on sd5b dump on sd5b initializing kernel modesetting (RV610 0x1002:0x94C1 0x1028:0x0D02). drm:pid0:r600_init *ERROR* Expecting atombios for R600 GPU drm:pid0:radeondrm_attachhook *ERROR* Fatal error during GPU init [TTM] Memory type 2 has not been initialized drm0 detached radeondrm0 detached vga1 at pci1 dev 0 function 0 "ATI Radeon HD 2400 XT" rev 0x00 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation), using wskbd0 wskbd1: connecting to wsdisplay0 wsdisplay0: screen 1-5 added (80x25, vt100 emulation) wsmouse0 detached ums0 detached uhidev2 detached Thanks, Andy -- TAI64 timestamp: 40005c1a6251

Re: radeondrm failure on amd64 but not on i386?

additional information. Another alternative, if you can, is to use i386 instead of amd64. I found that on i386 it does correctly detect the ATOM BIOS. Andy -- TAI64 timestamp: 40005c1431b9

Re: PF Outbound traffic Load Balancing over multiple tun/openvpn interfaces/tunnels

not needed within rdomain 1 and 2. >>>> >>>> >>>> # Finally ensure '/etc/pf.conf' contains something like; >>>> if_ext = "em0" >>>> if_int = "em1" >>>> >>>> #CDR = 80 Down/20 Up >>>> queue out_ext on $if_ext flows 1024 bandwidth 18M max 19M qlimit 1024 >>>> default >>>> queue out_tun1 on tun1 flows 1024 bandwidth 17M max 18M qlimit 1024 default >>>> queue out_tun2 on tun2 flows 1024 bandwidth 17M max 18M qlimit 1024 default >>>> queue out_int on $if_srx flows 1024 bandwidth 74M max 78M qlimit 1024 >>>> default >>>> >>>> #MTU = 1500 >>>> match proto tcp all scrub (no-df max-mss 1460) set prio (2,5) >>>> match proto udp all scrub (no-df max-mss 1472) set prio (2,5) >>>> match proto icmp all scrub (no-df max-mss 1472) set prio 7 >>>> >>>> #NAT all outbound traffic >>>> match out on $if_ext from any to any nat-to ($if_ext) >>>> match out on tun1 from any to any nat-to (tun1) rtable 1 >>>> match out on tun2 from any to any nat-to (tun2) rtable 2 >>>> >>>> #Allow outbound traffic on egress for vpn tunnel setup etc >>>> pass out quick on { $if_ext } from self to any set prio (3,6) >>>> >>>> #Load balance outbound traffic from internal network across tun1 and tun2 - >>>> THIS IS NOT WORKING - IT ONLY USES FIRST TUNNEL >>>> pass in quick on { $if_int } to any route-to { (tun1 10.8.8.1), (tun2 >>>> 10.8.8.1) } round-robin set prio (3,6) >>>> >>>> #Allow outbound traffic over vpn tunnels >>>> pass out quick on tun1 to any set prio (3,6) >>>> pass out quick on tun2 to any set prio (3,6) >>>> >>>> >>>> # Verify which tunnels are being used >>>> systat ifstat >>>> >>>> *This command shows that all the traffic is only flowing over the first >>>> tun1 interface, and the second tun2 is never ever used.* >>>> >>>> >>>> # NB; I have tried with and without 'set state-policy if-bound'. >>>> >>>> I have tried all the load balancing policies; round-robin, random, >>>> least-states and source-hash >>>> >>>> If I change the 'route-to' pool to "{ (tun2 10.8.8.1), (tun1 10.8.8.1) }", >>>> then only tun2 is used instead.. :( >>>> >>>> So 'route-to' seems to only use the first tunnel in the pool. >>>> >>>> Any advice on what is going wrong here. I am wondering if I am falling >>>> victim to some processing-order issue with PF, or if this is a real bug? >>>> >>>> Thanks, Andy. >

Re: radeondrm failure on amd64 but not on i386?

system, the card is also in a PCIe slot. By the way, it is possible to workaround the problem to some extent by just adding to sysctl.conf: machdep.allowaperture=2 X will then start up, but it won't be using the firmware. Andy -- TAI64 timestamp: 40005bfeb246

Re: radeondrm failure on amd64 but not on i386?

A", 4)) { rdev->is_atom_bios = true; } else { rdev->is_atom_bios = false; } I suppose additional debug might involve writing the entire contents of rdev->bios to a file and then hexdump it? Andy -- TAI64 timestamp: 40005bfb8e86

Re: radeondrm failure on amd64 but not on i386?

ead_bios_from_vram false radeon_read_bios false radeon_read_disabled_bios true radeondrm0: 1680x1050, 32bpp wsdisplay0 at radeondrm0 mux 1: console (std, vt100 emulation), using wskbd0 Thanks, Andy -- TAI64 timestamp: 40005bf2d8c2

Re: radeondrm failure on amd64 but not on i386?

m0 detached Thanks, Andy -- TAI64 timestamp: 40005bf24e83

radeondrm failure on amd64 but not on i386?

ure=5 uhidev2 at uhub3 port 1 configuration 1 interface 0 "PixArt Lenovo USB Optical Mouse" rev 2.00/1.00 addr 2 uhidev2: iclass 3/1 ums0 at uhidev2: 3 buttons, Z dir wsmouse0 at ums0 mux 0 vscsi0 at root scsibus6 at vscsi0: 256 targets softraid0 at root scsibus7 at softraid0: 256 targets root on sd5a (4958bd885e4c2829.a) swap on sd5b dump on sd5b initializing kernel modesetting (RV610 0x1002:0x94C1 0x1028:0x0D02). radeondrm0: 1680x1050, 32bpp wsdisplay0 at radeondrm0 mux 1: console (std, vt100 emulation), using wskbd0 wskbd1: connecting to wsdisplay0 wsdisplay0: screen 1-5 added (std, vt100 emulation) Thanks, Andy -- TAI64 timestamp: 40005bee4499

Re: PF Outbound traffic Load Balancing over multiple tun/openvpn interfaces/tunnels

the proper way of doing things? I would like to script the management of these tunnels, and so if there was a way of setting up the tunnel in its own rdomain directly that would be a lot more robust :) Thanks for your time. Andy. Sent from a teeny tiny keyboard, so please excuse typos. >

Re: Viewport for man.openbsd.org -- readability on phones

display, not stretched. > Text is fine, paragraphs are scaled ok, not even a simple problem. Font is > fine. > > [1] https://man.openbsd.org/ > > I can second that. It looks perfect on iPhone using Safari. --Andy

Re: NFS keeps crashing

here. But if you are serious about this and want to attract developers' attention then please become familiar with sendbug(1). http://www.openbsd.org/report.html --Andy

Re: van Sprundel

allegation to cite so many vulnerabilities as still being unfixed today? Is this true? Thanks for your reply :) A Sent from a teeny tiny keyboard, so please excuse typos > On 28 Jan 2018, at 14:11, Hiltjo Posthuma wrote: > >> On Sun, Jan 28, 2018 at 12:56:26PM +, Andy

van Sprundel

Really, did he actually post any real vulnerabilities to OpenBSD! This article has to be govt propaganda.. https://www.csoonline.com/article/3250653/open-source-tools/is-the-bsd-os-dying-some-security-researchers-think-so.amp.html I was laughing with tears when I read this.. OpenBSD is the only

Re: protonmail.com broken on OpenBSD 6.2-Stable with Firefox

> From: r...@protonmail.com > > Try this... > > javascript.options.asmjs: true > > Sent from ProtonMail Mobile Changing the value from true to false resolved the issue for me. Thank you for that.

Re: protonmail.com broken on OpenBSD 6.2-Stable with Firefox

t changed? > > Firefox version went from 52 -> 56 in 6.1 -> 6.2. > > You might peruse the release notes for those firefox releases. > > Allan I disagree about it it working in 6.1. protonmail hasn't worked for me using Firefox since 5.8 or 5.9. At one point the ESR worked but not the main version. Cheers Andy

Re: Libressl issue verifying self-signed certs with tls-auth and Openvpn

ow rather than andy@brandwatch, it's been a while since I've been around the lists. I knew I could rely on you amazing peeps. Take care, happy summer. Andy Sent from a teeny tiny keyboard, so please excuse typos > On 3 Jul 2017, at 16:51, Joel Sing wrote: > >> On Tuesday 20

Re: Libressl issue verifying self-signed certs with tls-auth and Openvpn

t openvpn is still linking to 2.5.2. > > It would be great if someone would be kind enough to confirm if this CVE is > indeed the same issue, and if 2.5.4 includes the relevant fixes for it? > > And if yes, a gentle nudge as to how to get openvpn to link to the 2.5.4 > install? > > Thanks for your time. > Kind regards, Andy Lemin > > > > Sent from a teeny tiny keyboard, so please excuse typos

Watch out for bad options in /var/run/rc.d/$daemon

sure if this is a bug. How often does a command line option get repurposed for something else? At any rate, I wanted to give a heads up to anyone else who might end up with a daemon which refuses to restart, even after the options have been corrected. Andy -- TAI64 timestamp: 4000586c8fd2

Re: Making sense of ktrace

and remove the -s: $ head -1 conf-cc cc -O2 -g $ head -1 conf-ld cc $ Then recompile and try again (e.g. get a new core file and run gdb again). Andy -- TAI64 timestamp: 4000583654c6

Re: Fan Speed - Supermicro

his is the default, but it is a server... Cheers, Andy. On Mon, Nov 21, 2016 at 2:10 PM, Delan Azabani wrote: > At 19:11, Andy Lemin wrote: > > but we cannot figure out how to control the fan speed at all. > > Every board in the X9DRW series should have a BMC with IPMI, and this >

Fan Speed - Supermicro

we cannot even force it to slow down at the moment. Thanks, Andy. DMESG; root@bsd1:~# dmesg OpenBSD 6.0 (GENERIC.MP) #2: Mon Oct 17 10:22:47 CEST 2016 r...@stable-60-amd64.mtier.org: /binpatchng/work-binpatch60-amd64/src/sys/arch/amd64/compile/GENERIC.MP real mem = 34307653632 (32718MB)

Re: SNMPD Source Address Issues

Sent from a teeny tiny keyboard, so please excuse typos > On 23 Sep 2016, at 20:24, Jeremie Courreges-Anglas wrote: > > Andy Lemin writes: > >> Hi, >> >> TLDR; Is there a way of fixing the "source address" that SNMPD should use? >> >> >&

Re: Output Errors on VLAN interfaces

st I have the code open, I am also going to have another go at trying to find the missing 64bit counter/range check etc for the HFSC queue size tomorrow (if I dont get dragged onto anything else). Thanks for your time and help guys, Kind regards, Andy Lemin On Tue, Aug 9, 2016 at 2:48 AM, Ch

SNMPD Source Address Issues

out the loopback interface and so the traps are dropped. Cheers, Andy.

Re: OSPFD, setting point-to-point

local ethernet p2p link. This causes local traffic to briefly traverse another remote router via the GRE's for a moment, whilst waiting for the local adjacency via the ethernet cable to finish their election etc. Thanks, Andy. On Mon, Aug 8, 2016 at 5:12 PM, Andy Lemin wrote: > Hi, &g

OSPFD, setting point-to-point

ernet port? Thanks, Andy.

Output Errors on VLAN interfaces

should not have an error on output (input errors, yes, definitely possible). But if the packet was/is in error, why is it transmitting it at all, or not being dropped before the output stage? Thanks, Andy.

Re: How to handle different sections with new man.conf?

SS." True enough. My attempts at retaining prior behavior are certainly not ``noticeable demand.' :-) I'll toy around with shell aliases and see where that goes. Thanks for looking at it. Andy -- TAI64 timestamp: 4000577dd304

How to handle different sections with new man.conf?

n as the section, but that only seems to display the first match of tcl8.5 and does not allow further granularity (as far as I can tell). Have I missed something in the man pages, or what am I doing wrong? Thanks, Andy -- TAI64 timestamp: 4000576f0095

Re: is 'set prio' in pf unidirectional or bidirectional?

many HP switches, you cannot modify this DiffServ <-> CoS mapping. So the suggestion at the bottom is just to set a ToS that HP switches will prioritise.. Have fun, all the best. Andy Lemin On Wed, Jun 15, 2016 at 8:18 PM, Andy Lemin wrote: > Peter is quite right, to add some e

Re: is 'set prio' in pf unidirectional or bidirectional?

state (no-sync) set (prio 7, tos ef) pass quick on { $if_pfsync_dev } proto pfsync keep state (no-sync) set (prio 7, tos ef) Kind regards, Andy. On Wed, Jun 15, 2016 at 11:02 AM, Peter N. M. Hansteen wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > This is one of

Re: pf changes port on udp nat-to and rdr-to reply packets (RTP stream)

registrations alive; set timeout { udp.first 1200, udp.single 600, udp.multiple 1800 } Cheers, Andy. On Thu, Jun 9, 2016 at 11:40 PM, Stuart Henderson wrote: > On 2016-06-09, Markus Wernig wrote: > > On 06/09/2016 08:03 PM, Bryan Vyhmeister wrote: > >> On Thu, Jun 9, 2016, at

5.9 is the best release yet, very excited for 6.0 - but worried some things will be missing that will ruin the fanfare

s percentages of the parent queue. Just wishing, nothing else ;) Humbly yours, Andy.

Possible SNMPD Bug - IF-MIB::ifInDiscards (and maybe ifOutDiscards) report the same value for every single interface :(

Discarded packets etc, even globally? (Buffer full, Queue Drops, Unknown VLAN etc..). Example from our monitoring; ​ As always, Humbly thank you for your time and great efforts :) Cheers, Andy. [demime 1.01d removed an attachment of type image/png which had a name of OpenBSD Packet Discards.png]

Re: hostname.carp - CARP Bootup Woes Correct layout / format for >=5.9 - man page for hostname.carp

->Backup (without a Master flap), and no errors are seen in dmesg. This is not obvious after working with the ifconfig commands, and there is no man so I hope this helps some people :) Cheers, All the best, Andy. On Wed, May 18, 2016 at 11:24 AM, Andy Lemin wrote: > Hi Martin, > >

Re: hostname.carp - CARP Bootup Woes Correct layout / format for >=5.9 - man page for hostname.carp

dvbase 2 advskew 10 carppeer 10.255.12.3 pass testpass vhid 212 inet 10.255.12.1 255.255.255.0 10.255.12.255 inet6 2a00:77e0:255:12::1 64 inet6 eui64 description "4D_CDC_VPLS" Cheers, Andy. On Tue, May 17, 2016 at 5:37 PM, Martin Pieuchot wrote: > On 17/05/16(Tue) 16:37, Andy Lemin

hostname.carp - CARP Bootup Woes Correct layout / format for >=5.9 - man page for hostname.carp

update our MIBs? Or if it is legit, what circumstances would a CARP interface see errors or discards? Thank you kindly in advanced for your time and thoughts. Cheers, Andy. NB; We have been running CARP without problems since OpenBSD 4.9. We have read; http://www.openbsd.org/faq/upgrade59.html, upgra

Re: OT: Looking for email host with qmail like minus-addressing for custom domain

...@gmail.com, then necessarily my friend jean-pierre cannot also have jean-pie...@gmail.com. Bummer. Andy -- TAI64 timestamp: 400056d916f3

Re: OT: Looking for email host with qmail like minus-addressing for custom domain

systems it is typical for the email address to not even remotely resemble a local username. Thanks, Andy -- TAI64 timestamp: 400056d912b2

Re: OT: Looking for email host with qmail like minus-addressing for custom domain

his as necessarily an argument for or against - vs + Andy -- TAI64 timestamp: 400056d8a13e

Re: Industrial use of line printers, does/would your company/organization use them with our lpd?

Thus said Chris Cappuccio on Thu, 18 Feb 2016 17:09:38 -0800: > aren't there plenty of simple pre-processor scripts that people are > using with lp to turn whatever into some output for simple dumb > printers? CUPS is so annoying and stupid, it's not even funny Perha

Re: Industrial use of line printers, does/would your company/organization use them with our lpd?

tries to solve but without the simplicity of :if: Anyway, just some musings. Is there anyone else out there using lpr/lpd/lprm from base? Maybe I'm the only one? Thanks, Andy -- TAI64 timestamp: 400056c556b3

Re: 64 Queue Size, ARC routing, MP Networking, OpenBSD 5.9

Thanks guys :) As always I will report back on testing results. I have a lot of DR traffic (multiple TB's daily) I can push through this to see how it fairs.. Thanks Andy. On Tue, Feb 9, 2016 at 4:33 PM, Stuart Henderson wrote: > On 2016/02/09 08:22, Chris Cappuccio wrote: > >

Re: 64 Queue Size, ARC routing, MP Networking, OpenBSD 5.9

ot;state exists" path merge into that step. I'll bow to your knowledge if you tell me this is correct, but isn't the state created *after* the nat-to/rdr-to etc is applied as the state stores both the inside IP and the outside IP etc? Or does this second box also append this extra in

64 Queue Size, ARC routing, MP Networking, OpenBSD 5.9

hh). I REALLY don't want to have to walk away from OpenBSD in my current job :_( Cheers, Andy. Thanks everyone, and good luck on these big changes..

Re: letsencrypt && https && openbsd.org = https://www.openbsd.org/

there was an extra CD in the shipment by The OpenBSD Store, apparently because there were problems with first stamping of the CD. Hopefully signify will protect in this case. Andy -- TAI64 timestamp: 4000566c62a4

Re: letsencrypt && https && openbsd.org = https://www.openbsd.org/

s also SNI, all of which is transmitted in the plain. If one wants privacy on a website then more is required than just HTTPS. Andy -- TAI64 timestamp: 4000566a5669

Re: random.seed question

en? Thanks, Andy -- TAI64 timestamp: 400056575beb

Re: LPR/LPD does not run filters

as of OpenBSD 5.3 filters worked just find with the standard lpd. I cannot say for newer versions as I have not yet upgraded, but I don't know why it should cease to work. Andy -- TAI64 timestamp: 4000562d5f56

64 Queue Sizes in OpenBSD 5.8

e the CDR to 6Gbps, but the penalties for taking our 95% percentile above the CDR are very expensive. Cheers, Andy.

Re: Maybe OT: OpenSSH connection failure unless verbose

Thus said Quartz on Sat, 01 Aug 2015 19:00:56 -0400: > good day: > "ssh user@server" = works just like it should What about "ssh -v user@server" on a good day? And more specifically, if you run ssh -v on both a good day and a bad day, what does diff between the two out

Re: Audio Boost for Sndio

that you would just copy/paste the result of running the command and report that in an email. For example: $ mixerctl -v record.adc-0:1=255 record.adc-0:1: 120,120 -> 248,248 Thanks, Andy -- TAI64 timestamp: 400055a14376

Re: PF Packet Flow Diagram

n't the state created after the nat-to and rdr-to is applied as the state stores both the inside IP and the outside IP etc. Of does this second box also append this extra info to the state that was created at the previous step (Packet Filtering)? I haven't added this yet.. > > &

Re: pf nat and routing question

> On 25 Jun 2015, at 15:46, Marko Cupać wrote: > > On Wed, 24 Jun 2015 08:17:15 -0400 > Michel Blais wrote: > >> The solution seem his explain on this link >> >> ‎http://www.openbsd.org/faq/pf/rdr.html#reflect > > On Thu, 25 Jun 2015 14:50:42 +0100 >

Re: pf nat and routing question

Hi, We do exactly the same thing for our wifi network. Users on wifi can *only* use public IP addresses. The solution is easy, you just have to consider where you do your nat'ing; You can't do bin-at, so you will need nat-to and rdr-to rules to make it work. E.g. The following line translates t

Re: PF Packet Flow Diagram

Hi, > On 25 Jun 2015, at 10:31, Jiri B wrote: > > On Thu, Jun 25, 2015 at 10:15:08AM +0100, Andy Lemin wrote: >> Surprised I've not had any replies for this? >> http://s12.postimg.org/i4pggq465/Open_BSDPFPacket_Flow.jpg >> <http://s12.postimg.org/i4pggq465

  1   2   3   4   5   >