On Thu, Nov 21, 2024 at 08:19:19PM +0100, Dan wrote:
>Problem arising immediately is that I'm not able to get crontab running
>properly for my local user and the system seems not getting any change
>to the cron tables defined below.
>
>cat /var/cron/tabs/myuser:
>
># /var/cron/tabs/myuser - myuse
On Tue, Jul 23, 2024 at 03:46:56PM +0100, Tom Smyth wrote:
>Folks,
>I wondering had anyone tried to make a syntax highlighting for pf.conf syntax,
>
>to help folks new to the pf.conf syntax in the editor of their choice...
>
>I was thinking that this approach might be lower hanging fruit rather
>t
On Tue, Apr 16, 2024 at 01:54:31AM +0200, Mike Fischer wrote:
>The location { … } block in the port 80 server is non-functional because all
>requests are redirected to HTTPS. Add a `pass` to make it functional. Note: If
>you do then you don’t need the corresponding location { … } block in the por
I started seeing an error where acme-client is not able to renew
Lets Encrypt certificates. I've tried on several different servers
but they all display the same error: "Error getting validation data"
Is anyone else seeing the same behavior?
Here are my configurations; these have been working fo
On Wed, Dec 20, 2023 at 12:23:31AM +0100, Karel Lucas wrote:
>Dear Mr. Henderson,
>
>From your answer I understand that to use the ntp daemon the interfaces still
>need an IP address. Unfortunately, a GPS unit is not available or desirable,
>so it seems to me that I will have to do it without a cal
On Tue, Oct 24, 2023 at 10:56:40PM +0200, Tobias Heider wrote:
>> > > ikev2 "LINUX-CLIENT_INET4_LAN" passive esp \
>> > > from 10.88.0.0/22 to 10.88.12.0/24 \
>> > > from 203.0.113.92 to 10.88.12.0/24 \
>> > > peer any local 203.0.113.92 \
>> > > ikesa enc aes-256-gcm-12 prf hmac-sha2-512 g
On Tue, Oct 24, 2023 at 03:06:41PM -0500, rea...@catastrophe.net wrote:
[..]
>$ uname -a
>OpenBSD openbsd-server 7.4 GENERIC#1336 amd64
>
>ikev2 "LINUX-CLIENT_INET4_LAN" passive esp \
> from 10.88.0.0/22 to 10.88.12.0/24 \
> from 203.0.113.92 to 10.88.12.0/24 \
> peer any local openbsd-server.ex
I have a small raspberry pi device that I'd like to connect to a 7.4
machine with iked(8) and PSK auth, to start. The rpi device is going
to be on a mobile network and behind a small NAT device.
I haven't had any problem with the following configurations between
two OpenBSD devices, but the rpi
On Sun, Oct 15, 2023 at 04:56:17PM -, Stuart Henderson wrote:
>On 2023-10-15, rea...@catastrophe.net wrote:
>> What is a better way to configure iked on site-obsd so that it does not
>> encapsulate local traffic on the 10.89.2.0/24 network? Obviously my
>> understanding is incorrect, so any he
On Sun, Oct 15, 2023 at 09:15:07AM -0500, rea...@catastrophe.net wrote:
[..]
Some numbers got transposed in this message. All the devices are truly on
10.99.2.0/24 (even when 10.89.2 was in the original email)
>site-obsd# ping -qc2 r1
>PING r1 (10.89.2.1): 56 data bytes
10.99.2.1
Greetings -
I have a hub that is terminating IPsec connections from various sites. One
site is running 7.3 and has downlinks to other routers on vlan2. When I try
and ping from the site-obsd (the OpenBSD machine at site) to the router,
there are no issues and that device is getting DHCP addresses
On Tue, Apr 25, 2023 at 03:07:19PM -0600, Ashlen wrote:
>rc_exec is a function, not a variable. rc.subr(8) demonstrates how to
>use it. This is what I meant for you to do:
>
>rc_start() {
>rc_exec "${daemon} ${daemon_flags_1}" && \
>rc_exec "${daemon} ${daemon_flags_2}"
>}
Whoops, my fault
On Tue, Apr 25, 2023 at 07:18:12PM -, Stuart Henderson wrote:
>On 2023-04-25, rea...@catastrophe.net wrote:
>> On Tue, Apr 25, 2023 at 08:32:35PM +0200, Antoine Jacoutot wrote:
[..]
>
>So let's ignore this ls -l red herring, which cannot have worked
>in 7.2 either (I think you might have meant
On Tue, Apr 25, 2023 at 01:06:35PM -0600, Ashlen wrote:
>On 2023-04-25 10:45, rea...@catastrophe.net wrote:
>> After upgrading to 7.3 autossh is failing using the following rc script
>> in /etc/rc.d/autossh. It looks like maybe switching to $daemon_user is
>> not happening to find the correct ssh
On Tue, Apr 25, 2023 at 08:32:35PM +0200, Antoine Jacoutot wrote:
>On Tue, Apr 25, 2023 at 01:16:22PM -0500, rea...@catastrophe.net wrote:
>> On Tue, Apr 25, 2023 at 08:09:46PM +0200, Antoine Jacoutot wrote:
>> >On Tue, Apr 25, 2023 at 12:41:41PM -0500, rea...@catastrophe.net wrote:
>> >> On Tue, A
On Tue, Apr 25, 2023 at 08:09:46PM +0200, Antoine Jacoutot wrote:
>On Tue, Apr 25, 2023 at 12:41:41PM -0500, rea...@catastrophe.net wrote:
>> On Tue, Apr 25, 2023 at 12:03:51PM -0500, rea...@catastrophe.net wrote:
>> >On Tue, Apr 25, 2023 at 10:45:21AM -0500, rea...@catastrophe.net wrote:
>> >> [..
On Tue, Apr 25, 2023 at 12:03:51PM -0500, rea...@catastrophe.net wrote:
>On Tue, Apr 25, 2023 at 10:45:21AM -0500, rea...@catastrophe.net wrote:
>> [..]
>> [ some bad paste ]
>
>Just a clarification: the rc script in /etc/rc.d/autossh actually looks like
>
>#!/bin/ksh
># start autossh tunnel
># req
On Tue, Apr 25, 2023 at 10:45:21AM -0500, rea...@catastrophe.net wrote:
> [..]
> [ some bad paste ]
Just a clarification: the rc script in /etc/rc.d/autossh actually looks like
#!/bin/ksh
# start autossh tunnel
# requires remoteuser user with $HOME/.ssh/config and keys
daemon="/usr/local/bin/aut
After upgrading to 7.3 autossh is failing using the following rc script
in /etc/rc.d/autossh. It looks like maybe switching to $daemon_user is
not happening to find the correct ssh config stanzas? Thanks in advance
for any help.
## Startup configuration
#!/bin/ksh
# start autossh tunnel
# requi
On Wed, Apr 12, 2023 at 04:04:54PM +0200, Mike Fischer wrote:
[..]
>Did you actually test the challenge?
>Place a small text file into the challenge dir:
># echo 'Test' > /var/www/acme/test
>
>The use something like curl to see what happens when you try to access this
>file:
>curl --head --url 'ht
I started having some problems with cert renewal using acme-client after
upgrading to 7.3 (not really sure 7.3 has anything to do with the following,
however). I've verified that nothing has changed and that httpd is listening
correctly, etc.
When I run acme-client and watch for any changes to
/v
I'm running 7.2 with an iwm(4) controller connected to a 2.4Ghz network.
Every few days the device loses connectivity and can't rejoin the network
without a reboot.
/var/log/messages shows this:
iwm0: hw rev 0x140, fw ver 17.3216344376.0, address 80:19:34:ab:ab:ab
iwm0: device timeout
iwm0: ac
I was having some issues starting up autossh to multiple destinations using
a rc.d script. The following configuration works connecting an OpenBSD
machine to two remote endpoints for remote forwarding back to sshd on the
local machine.
There's likely a better way to do this, but this has been test
On Wed, Apr 06, 2022 at 06:44:33PM +0200, Antoine Jacoutot wrote:
>On Wed, Apr 06, 2022 at 10:39:04AM -0500, rea...@catastrophe.net wrote:
>> I have redis configured to start with rspamd. The configuration is default
>> with no changes after the port install. Redis has been failing to start and
>>
I have redis configured to start with rspamd. The configuration is default
with no changes after the port install. Redis has been failing to start and
doesn't give much information back when running with `--loglevel verbose'.
I'm able to run redis-server as root, but starting up with `rcctl start
The setup is two gateways with IPsec channels setup in tunnel mode
to bridge networks 10.255.255.0/24 and 10.254.255.0/24. Traffic from
server-east:enc0 does not match a SA in place when trying to connect to
httpd on server-west.
Setup in ASCII art:
em0:203.0.113.50 -~-~- ipsec tunnel -~-~-~- vi
On Wed, Mar 23, 2022 at 02:10:03PM +0100, Tobias Heider wrote:
>On Mon, Mar 21, 2022 at 01:04:28PM -0500, rea...@catastrophe.net wrote:
>> I have two openbsd machines configured to connect their respective
>> downstream networks over ipsec. When I try to generate traffic (ping)
>> from server-west'
On Tue, Mar 22, 2022 at 09:56:49AM -0500, rea...@catastrophe.net wrote:
>Rules on both sides are:
>
># server-east
>--
>pass in proto udp from any to self port { isakmp, ipsec-nat-t } keep state
>pass out proto udp from any to any port { isakmp, ipsec-nat-t } keep state
>
>pass in p
On Tue, Mar 22, 2022 at 02:38:15AM +, Philipp Buehler wrote:
>Am 21.03.2022 19:04 schrieb rea...@catastrophe.net:
>> The flows look correct in the SA table on server-west and traffic leaves
>> on
>> enc0, hits vio0 on server-east as ESP traffic, but then is dropped.
>> Again,
>> only when I als
On Tue, Mar 01, 2022 at 09:17:08PM -0600, Andrew Daugherity wrote:
>On Wed, Feb 23, 2022 at 10:10 PM wrote:
>>
>> I honestly have no idea where the logs would even be stored or what
>> the daemon runs as under MacOS 12.2.1 (Monterey).
>
>I don't have a Monterey system handy, but at least under mac
On Mon, Mar 21, 2022 at 01:04:28PM -0500, rea...@catastrophe.net wrote:
[..]
>SAD:
>esp tunnel from 203.0.113.50 to 100.64.1 spi 0x54e00602 enc aes-128-gcm
>esp tunnel from 100.64.1 to 203.0.113.50 spi 0xcb8f2ddb enc aes-128-gcm
This flow should be:
esp tunnel from 203.0.113.50 to 100.64.1.92 spi
I have two openbsd machines configured to connect their respective
downstream networks over ipsec. When I try to generate traffic (ping)
from server-west's enc0 interface (10.255.255.1) to server-east's enc0
interface (10.254.255.1), traffic is sent out the corresponding
SA but is never seen on ser
On Wed, Mar 16, 2022 at 10:11:50AM +0100, Stefan Sperling wrote:
>Looks like a firwmare or driver issue to me.
>
>Sorry, without having a reproducible test case in front of me, there
>is nothing I could do fix this from afar.
I mean, in fact it's 100% reproducible.
>You could try moving the AP to
On Tue, Mar 15, 2022 at 05:19:34PM +0100, Stefan Sperling wrote:
>On Tue, Mar 15, 2022 at 09:09:57AM -0500, rea...@catastrophe.net wrote:
[..]
>> # ifconfig iwm0 mediaopt monitor mode 11n
>> # ifconfig iwm0 chan 132
>> # ifconfig iwm0 up
[..]
>
>> Next I'll try join the network using the 5Ghz ssid
On Tue, Mar 15, 2022 at 01:08:38AM +0100, i...@tutanota.com wrote:
>Do you believe that OpenBSD has less attack vectors? I fail to see
>that. If I install a basic Debian, just as an example, with only the
>base system, there is nothing running to attack. If I install NGINX on
>OpenBSD and on Debian
On Tue, Mar 15, 2022 at 02:15:41PM +0100, Stefan Sperling wrote:
>On Tue, Mar 15, 2022 at 08:02:07AM -0500, rea...@catastrophe.net wrote:
>> Unfortunately it appears as though I've run into it. Is there any recourse
>> to provide more useful debugging information to find the issue?
>
>I already gav
On Mon, Mar 14, 2022 at 11:37:15PM +0100, Stefan Sperling wrote:
>On Mon, Mar 14, 2022 at 05:16:32PM -0500, rea...@catastrophe.net wrote:
>> Trying to manually monitor channel 132, I get an error, SIOCS80211CHANNEL.
>>
[..]
>> # ifconfig iwm0 chan 132
>> ifconfig: SIOCS80211CHANNEL: Invalid argume
On Mon, Mar 14, 2022 at 10:34:04PM +0100, Stefan Sperling wrote:
>On Mon, Mar 14, 2022 at 04:07:33PM -0500, rea...@catastrophe.net wrote:
>> Just sitting around doing nothing I'm seeing 30% loss to my next hop.
>>
>> # ifconfig iwm0
>> iwm0: flags=808843 mtu 1500
>> lladdr 80:19:34:ab:ab:ab
>
On Mon, Mar 14, 2022 at 09:42:37PM +0100, Stefan Sperling wrote:
>On Mon, Mar 14, 2022 at 03:05:00PM -0500, rea...@catastrophe.net wrote:
>> On Mon, Mar 14, 2022 at 08:58:01PM +0100, Stefan Sperling wrote:
>> >On Mon, Mar 14, 2022 at 02:34:29PM -0500, rea...@catastrophe.net wrote:
>> >> Well, even
On Mon, Mar 14, 2022 at 08:58:01PM +0100, Stefan Sperling wrote:
>On Mon, Mar 14, 2022 at 02:34:29PM -0500, rea...@catastrophe.net wrote:
>> Well, even after adding iwm0 I notice high latency and packet loss anywhere
>> from 15-50%. This occurs randomly when the device is either 2m, 10m, or 30m
>>
On Mon, Mar 14, 2022 at 10:34:23AM -0500, rea...@catastrophe.net wrote:
>On Mon, Mar 14, 2022 at 12:43:57AM -, Stuart Henderson wrote:
>>On 2022-03-14, rea...@catastrophe.net wrote:
>If not, consider hunting down a mini PCIe iwm(4) 7260 card, or an
>M.2 AX200 iwx(4) card with an adapte
On Mon, Mar 14, 2022 at 12:43:57AM -, Stuart Henderson wrote:
>On 2022-03-14, rea...@catastrophe.net wrote:
If not, consider hunting down a mini PCIe iwm(4) 7260 card, or an
M.2 AX200 iwx(4) card with an adapter from M.2 to mini PCIe.
Both would need compatible pigtails and antenna
On Fri, Mar 11, 2022 at 02:41:05PM -0600, rea...@catastrophe.net wrote:
>On Fri, Mar 11, 2022 at 09:01:41PM +0100, Stefan Sperling wrote:
>>On Fri, Mar 11, 2022 at 10:57:56AM -0600, rea...@catastrophe.net wrote:
>>> I'm using a Panda Express USB WiFi dongle on a PC Engines apu4 machine.
>>
>>This i
On Fri, Mar 11, 2022 at 09:01:41PM +0100, Stefan Sperling wrote:
>On Fri, Mar 11, 2022 at 10:57:56AM -0600, rea...@catastrophe.net wrote:
>> I'm using a Panda Express USB WiFi dongle on a PC Engines apu4 machine.
>
>This is a strange choice on an APU. Such dongles are really a last
>resort, they te
I'm using a Panda Express USB WiFi dongle on a PC Engines apu4 machine.
Basic SSH sessions to the device run decent, but when any sort of data
transfer is done to the device (even serving back pfstat images from the
device's local httpd), I notice high latency.
# ifconfig run0
run0:
flags=a48843
On Mon, Feb 21, 2022 at 01:33:12PM +, n8dandy wrote:
>Hello there,
>
>First of all, I would like to thank people involved with iked. It works
>flawlessly, especially with Apple devices. Thanks for your work. In the
>near future, I plan to allow around 330 people to use this service. Do you
>kn
On Wed, Feb 23, 2022 at 09:57:30PM +0100, Tobias Heider wrote:
>On Mon, Feb 21, 2022 at 09:12:27AM -0600, rea...@catastrophe.net wrote:
>> On Mon, Feb 21, 2022 at 02:55:39PM +0100, Tobias Heider wrote:
>> >On Sat, Feb 19, 2022 at 12:28:15AM -0600, rea...@catastrophe.net wrote:
>> >> IKE is failing
On Mon, Feb 21, 2022 at 02:55:39PM +0100, Tobias Heider wrote:
>On Sat, Feb 19, 2022 at 12:28:15AM -0600, rea...@catastrophe.net wrote:
>> IKE is failing when I connect using a simple password defined in
>> /etc/iked.conf. I'm connecting from a native Mac client...is
>> mschap-v2 on MacOS broken o
IKE is failing when I connect using a simple password defined in
/etc/iked.conf. I'm connecting from a native Mac client...is
mschap-v2 on MacOS broken or are my configs wrong? Thanks in advance.
Working configuration and logs:
/etc/iked.conf - works with psk
ike
49 matches
Mail list logo
