vpn client configuration

Hi, I'm trying to connect Checkpoint VPN-1 using OpenBSD 3.8. Basic set up is as follows: Host-A -> Gateway-A -- <- Gateway-B <- Host-B Gateway-A: OpenBSD3.8 Gateway-B: Checkpoint VPN1 Aim: Establish connection to Host-B from Host-A. I've no control on Gateway-B and Host-B. First of all, I

Patch for www:upgrade66

pts. @@ -136,7 +136,7 @@ any post-release fixes. acme-client(1). https://man.openbsd.org/OpenBSD-6.6/acme-client.1";>acme-client(1) - has been updated to implement the recently published RFC 8555. Users + has been updated to implement the recently published RFC 8555. Users must change the api url in https://man.openbsd.org/OpenBSD-6.6/acme-client.5";> /etc/acme-client.conf from @@ -286,7 +286,7 @@ any post-release fixes. Remove files associated with client use of the X Font Service: rm -f /usr/X11R6/lib/pkgconfig/libfs.pc \ -/usr/X11R6/include/X11/fonts/FSlib.h +/usr/X11R6/include/X11/fonts/FSlib.h; rm -rf /usr/X11R6/share/doc/libFS -- ~ " Fully Basic System Distinguish Life! " ~ " Libre as a BSD " +=<<< Stephane HUC as PengouinBSD or CIOTBSD b...@stephane-huc.net

cwm on wayland

So they're putting a Wayland in our BSD. I've never used that before. Is a port of cwm planned?

Re: Firefox, Chrome, Libreoffice bogus syscall on -current

On Thu, Dec 28, 2023, at 00:41, Ax0n wrote: > I had been running #1471 since December 5th without issue, and this week > upgraded to the latest snapshot (#1567) after which some apps such as > Firefox won't run. They display "msyscall a8000 error" followed by a > core dump. dmesg(1) shows a bogus

Screenshotting using PrtScr in cwm?

So, this work for me in .cwmrc: bind-key 4-F11"bin/screenshot" It would make more sense to use the dedicated PrtScr key, but I can't work out what it's called; I've tried to brute force the name. Also, xev doesn't detect the keypress.

Re: Screenshotting using PrtScr in cwm?

On Sat, Feb 10, 2024, at 16:00, Christian Weisgerber wrote: > > It would make more sense to use the dedicated PrtScr key, but I > > can't work out what it's called; I've tried to brute force the name. > > Print Thanks. Not working unfortunately. > > Also, xev doesn't detect the keypress. >

Re: Screenshotting using PrtScr in cwm?

On Sat, Feb 10, 2024, at 17:24, Omar Polo wrote: > If xev doesn't report the keypress there's a chance something else has > bound that key. Double-check that you don't have other bind directives > in your cwmrc file and that no running application may have bound that > key. > > Running a test wit

Re: Screenshotting using PrtScr in cwm?

Here's someone who apparently had the same or similar problem on Arch Linux, and managed to solve it: https://unix.stackexchange.com/questions/669853/printscreen-key-not-registering-in-arch-linux Just changing the SysRq keycode doesn't work for me tho.

KeyTrap DNS vulnerability

“A single packet can exhaust the processing capacity of a vulnerable DNS server, effectively disabling the machine, by exploiting a 20-plus-year-old design flaw in the DNSSEC specification. https://www.theregister.com/2024/02/13/dnssec_vulnerability_internet/

Automatic OS updates

So I was curious, am I the only one using automatic OS updates in cron to keep the fish fresh and the bits dust free? I think I read somewhere that it's not recommended but I'm not running a server so it seems like a good idea to me. /etc/crontab: # Example of job definition: # .---

Re: Automatic OS updates

On Thu, Feb 15, 2024, at 21:52, Florian Obser wrote: > > 0 3 * * * root sysupgrade > > This will stop working at the next release. Assuming you want to run -current. Thanks, changed to 'sysupgrade -s'. > >30 3 * * * root pkg_add -u > > This will most likely run after package

Re: Automatic OS updates

On Fri, Feb 16, 2024, at 17:09, Jan Stary wrote: > And this saves you what, ten keystrokes a day? Yes, it felt silly typing the same things every day and waiting for the computer to update. (If an update takes 4 minutes per day to babysit, that's about 2 hours per month) On Fri, Feb 16, 2024, a

Re: Block HTTP requests from non-browser clients

st and I'm damn impressed by how smooth the BSD experience is.

Re: Automatic OS updates

st and I'm damn impressed by how smooth the BSD experience is.

Re: Block HTTP requests from non-browser clients

Sorry I posted to the wrong thread. Please disregard.

alternative method for "gtar --delete"

Does misc@ have an alternative method for "gtar --delete"? I'm making siteXX.tgz's for multiple sites. There is a directory that is shared between all sites. Then, each site may have a directory of files to append to the archive. I'd also like to be able to remove files from the yet to be zipped

Re: alternative method for "gtar --delete"

ly sure what you mean by "on a per site basis" in > this context, can you elaborate please, especially if the above > solution is not what you need. > > On Fri, Nov 18, 2016 at 10:20 AM, BSD wrote: > > Does misc@ have an alternative method for "gtar --delete"? S

Re: alternative method for "gtar --delete"

e: > > # rm /tmp/siteXX-omit.lst > > Hope this helps > > On Sat, Nov 19, 2016 at 3:44 AM, BSD wrote: > > On Fri, 18 Nov 2016 14:07:45 +1100 > > Aaron Mason wrote: > > > >> It's a bit long winded, but here's a possibility: >

Re: SPARC minimum hardware specification

On Thu, 16 Jul 2015 21:09:30 +0300 Mihai Popescu wrote: > Hello, > > I never used a SPARC machine but I recall there are some people on the > list doing this. > > What are the minimum requirements for a "decent" SPARC machine? I mean > by that a machine who is able to run OpenBSD as a desktop.

Re: network bandwith with em(4)

On 02/22/11 11:19, Mark Nipper wrote: On 22 Feb 2011, Patrick Lamaiziere wrote: The problem is that we don't get more than ~320 Mbits/s of bandwith beetween the internal networks and internet (gigabit). Have you already looked at: --- https://calomel.org/network_performance.html Henn

Re: bandwidth problem

On 03/16/11 12:30, R0me0 *** wrote: Hello misc, I have a network with wireless and bridge mode on AP's. I put IP address on both sides and ping it normally. On left side have a notebook with windows vista and smb share and on right side have other notebook with same configuration. When I try c

Re: Vmail perm

On 04/08/11 05:00, Gianluca D'Auri Muscelli wrote: Hi, i cant read my /var/vmail/mysitre.org/gdrm perms vmail vmail Siti mutt i can read email but i can't send: permission denied Anyone say why??? Tks vvm o#? Da iPhone I can not find the part of the email where you describe your system and

Which netbook for OpenBSD

Hi. I'm planning to buy a netbook and I wonder which one is the best choice for running OpenBSD? Any sugestion? Thanks -- Rafal Brodewicz

Re: Broadcom BCM4322 wifi support?

On 09/09/10 19:28, James Hozier wrote: Since Broadcom has released their sources for drivers, will I be able to get support for my BCM4322 wireless card for OpenBSD? The BCM4322 chipset ID was removed from bwi(4) a while back: http://marc.info/?l=openbsd-cvs&m=122116715708453&w=2 It would be so

Re: FBI And OpenBSD...

On 12/15/10 16:17, Randy Wrench wrote: http://www.phoronix.com/scan.php?page=news_item&px=ODkxMw Government organizations, whether they be from the United States, the European Union, or anywhere else for that matter, contributing to open-source projects is not new. Heck, Security Enhanced Linu

Re: set nano as deafult when editing crontab

On 12/23/10 15:48, Orestes Leal R. wrote: I want to edit the crontab with nano but by default vi it's invoked when I do 'crontab -e' What is wrong with mg? -luis

Re: Moving from Bird to OpenBGPD

On 7/14/19 12:52 AM, Denis Fondras wrote: On Sat, Jul 13, 2019 at 09:44:28PM -0700, BSD user wrote: Hello, My apologies for sending this email multiple times. I was so mortified by Tutanota's awful text formatting that I created a new mail account that supported IMAP so that I could

Re: Moving from Bird to OpenBGPD

On 7/14/19 12:38 PM, Rudy Baker wrote: It's sad how hostile this mailing list is that you need to beg forgiveness for using a different email client because you may have triggered some of these people. 🙄 I'm not too concerned. I'm grateful for the fact that the OpenBSD community has high st

Re: Moving from Bird to OpenBGPD

On 7/14/19 11:24 PM, Claudio Jeker wrote: On Sun, Jul 14, 2019 at 07:28:29PM -0700, BSD user wrote: On 7/14/19 12:52 AM, Denis Fondras wrote: On Sat, Jul 13, 2019 at 09:44:28PM -0700, BSD user wrote: Hello, My apologies for sending this email multiple times. I was so mortified by

Re: Postscript printer recommendations

On 7/16/19 4:13 AM, Jonathan Drews wrote: On Tue, Jul 16, 2019 at 08:06:20AM +, Roderick wrote: At this point, I am going to look for another printer that is more OpenBSD friendly. My Desjet 6940 is pretty old and the cartridges cost a lot (> USD $120.00) Kind regards, Jonathan I may

Re: Postscript printer recommendations

On 7/16/19 11:03 AM, Jonathan Drews wrote: On Tue, Jul 16, 2019 at 10:36:03AM -0700, BSD user wrote: On 7/16/19 4:13 AM, Jonathan Drews wrote: On Tue, Jul 16, 2019 at 08:06:20AM +, Roderick wrote: At this point, I am going to look for another printer that is more OpenBSD friendly. My

Upstream error: Nginx, slowcgi, and perl/cgi support.

Hello everyone. I'm having troubles of setting cgi/perl support for Nginx, on OpenBSD 5.3. I get "502 Bad Gateway" on the browser when I type /cgi-bin/test.cgi - which is a simple "Hello World" cgi file, doesn't work with my setup. The error.log says: [error] 29912#0: *6 upstream prematurely clo

Re: pppoe server

On 08.03-11:13, Lo?=?VAI DC!niel wrote: [ ... ] > I wish to experiment setting up a PPPoE server (AC) on OpenBSD 4.4. > Although I've read the pppoe(8) man page and googled around, it is not > clear for me how to set up such configuration. man sppp

Re: ssh tunneling

On 01.04-17:21, Jay Jesus Amorin wrote: [ ... ] > I have a firewall rule that allow ssh from computer-1 to computer-2 and deny > ssh from computer-2 to computer-1. > > is it possible to a tunnel *ssh **myu...@computer-2* > *'svn update svn+ssh://u...@computer-1/svn/data > /home/myuser' *and use th

Re: Donations (was, sadly, European orders)

On 02.04-09:49, Alf Schlichting wrote: [ ... ] > as far as i am concerned (and most likely the majority of OpenBSD > users) there is no need for you to justify yourself (or any other > developer) in public. > The product (OpenBSD) speeks for itself. +1

Moving from Bird to OpenBGPD

Hello, My apologies for sending this email multiple times. I was so mortified by Tutanota's awful text formatting that I created a new mail account that supported IMAP so that I could load it up in Thunderbird with text only mode enabled. Once again, my apologies for my rookie mistake choosing

Re: Thinkpad x220i hangs after a few days of uptime

Well, thanks for your replies so far. I am currently trying to repeat the problem but it didn't happen the last four days (apmd is running). @Ville alkonen: what applications do you use? I have quite a few big ones (chrome, firefox, xombrero, eclipse, java). I suspect that one of those programs is

Re: BSD User Group in Spain | Grupo de Usuarios de BSD en Espanya.

> Hi, Im from Asturias (north of Spain) Im newbie on OpenBSD. But I have a friend who helps me (debug...@gmail). But still like to participate. Greetings

Re: Samsung HD License Issue

On 04.05-08:17, Jochem Kossen wrote: [ ... ] > > today i bought a Samsung Laptop Drive, 160GB, Model Number is HM160HC. > > It came in a anti-static plastic bag together with a little leaflet. > > Usually i don't read those, but today i did, and came across the > > following paragraph: > > >

OpenBSD server with samba and openldap

Dear misc@ readers, I'm planning to set up a OpenBSD 4.5 based server serving a local network with Windows XP based client computers. There's no mention of this in the OpenBSD faq, but I found a nice guide that seems to be pretty recent and up-to-date. http://www.kernel-panic.it/openbsd/pdc/pdc4.h

Re: OpenBSD server with samba and openldap

On Thu, May 14, 2009 at 11:11 AM, Pedro Almeida wrote: > > This was probably true by the time of this document write, but hopefully > things change over time. > Please take a look at ypldap(8). I think it solves the problem you refer. > > There are some small issues, but I bet they are being worke

Re: OpenBSD kernel janitors

On 31.10-08:40, Theo de Raadt wrote: [ ... ] > > Yeah, right. [ ... ] > I don't understand. Is newbies learning new things a waste to you? Do > you think they won't really learn anything unless the patch is > approved? Or will the patches not be subject to peer review? Or are > you worried at

Re: OpenBSD kernel janitors

On 31.10-08:20, Theo de Raadt wrote: [ ... ] > They don't need a list. They could already have started coding. Yet > we see how few people actually do start coding. Instead, they choose > to write in english... on the counter-side we appear to have people who can code but are unable to communic

Re: PPD vs printer driver question

On 10.11-17:01, Predrag Punosevac wrote: [ ... ] > >PPD files are post script description files that act as a drivers for > >post script printers. This seems clear to me. no. they simply describe the functions available on the printer. this allows the interface to display those printer options t

Re: Printing with apsfilter

On 11.11-06:51, Girish Venkatachalam wrote: [ ... ] > Now I only know what you people seem to be saying about PPD files and > drivers. I have never used CUPS either. > > However long ago I have read that postscript is a PCL - printer command > language. > > And most printers these days support pr

pf max-src-conn states

two questions relating to the above 1. trying to use 'max-src-conn 1' to limit service to one connection per host (with overload table) but when i disconnect and re-reconnect i get blocked. should this state expire when correctly closed, allowing a second connection, or is the timeout needed

Re: HUAWEI not recognized properly (3 modem)

On 11.12-16:11, Stuart Henderson wrote: > On 2007/12/11 16:13, Markus Bergkvist wrote: > > I borrowed a HUAWEI modem just to see how it is recognized. > > With umass enabled it is recognized as a CD. Disabling umass and it is > > found as ugen. > > From this thread http://marc.info/?l=openbsd-misc

Re: no 4.2-stable package updates??

On 12.12-16:25, [EMAIL PROTECTED] wrote: > I tried using pkgsrc-2007Q3 but it sucks. Updating userland in > production environment with pkgsrc on a non-NetBSD platform is a > nightmare. i'm working on this. will post when significant progress has been made. in my opinion having a working pkgsrc

4.2 patchset for PR#5563

need an education here. created a patchset for this problem and i'm about to test that against 4.2 GENERIC and have a couple of questions 1. are the results generally intersting? should i post them somewhere (assuming tests go right) assuming above is yes 2. ha

Re: 4.2 patchset for PR#5563/#5704

On 17.01-22:14, [EMAIL PROTECTED] wrote: > need an education here. created a patchset for this problem and i'm > about to test that against 4.2 GENERIC and have a couple of questions > > 1. are the results generally intersting? should i post > them somewhere (assuming tests go ri

Re: IPSec tunnel problem

On 01.03-00:39, Alexey Vatchenko wrote: [ ... ] > No, i don't use same network address for two networks. then you need to alter you settings to specify the actual networks that you're using. for example, you could define the remote network to be 192.168.123.123/32 and then route everything for 19

cvs comparisons [ot]

been setting up a repository of various development stuff and finding subversion to be horrifically slow and very hard on resources. struggling to find actual comparisons with CVS (lots of opinions and statements about SVN tagging and branching being "better") but hoping someone here could help wit

Re: OpenBSD firewalls as virtual machine ?

On 22.09-02:06, Luca Corti wrote: [ ... ] > > > We are talking about OpenBSD here, and support for VRF is not there. > > That may change faster then you expect > > These are great news. If the implementation will allow to assign > interfaces to different VRFs it would solve the virtual router/fire

Re: OBSD's perspective on SELinux

On 22.09-16:21, Douglas A. Tutty wrote: [ ... ] > > exercise for the reader: find somebody using SELinux. ask them to > > describe their policy over the phone. then repeat it back to them. > > did you get it right? > > [ ... ] In other words, since debian packages, by policy, must > "just

Re: OBSD's perspective on SELinux

On 24.09-10:25, Jason Dixon wrote: [ ... ] > > What I'm trying to say is that all the services I listed before make > > their own little SELinux layer with appropriate policy built into > > them. Better than SELinux though is that the monitor is enabled by > > default and generally can't be turned

Re: OBSD's perspective on SELinux

On 24.09-11:49, Can E. Acar wrote: [ ... ] > > The guy can be some stupid binary software with an "if(uid!=root) bail();" > > People running arbitrary binary software requiring root on their systems > deserve what they get. You can not work around this stupidity by ANY policy. that is not the cas

Re: OBSD's perspective on SELinux

On 24.09-13:48, Darren Spruell wrote: [ ... ] > Oh, that sounds like a recipe for success. > > - Run _arbitrary_ _binary_ application on system. Intend to use policy > wrapper to restrict to allowed operations. exactly, if the application cannot run within the defined policies it will not be allo

Re: OBSD's perspective on SELinux

On 24.09-14:28, Luke Bakken wrote: [ ... ] > Intelligent sysadmins know every setuid binary on their system. > Unintelligent ones get owned. you'll forgive me if this does not sound "intelligent" to me. a consiencous sysadmin looks at the requirements and picks the best tools to match. in the va

Re: The Atheros story in much fewer words

> but it allows some users to not have the freedoms you claim to defend. think you'll struggle to find people here who claim to defend freedom. personally, i'm a believer and practitioner, i leave the "defending" to the mis-guided and the hypocrites.

Re: Loading PF after pppoe

On 27.09-08:59, Amit Finkler wrote: > I now use the in-kernel pppoe and pf, but on boot pf loads itself before the > networking is up. > > How does one cause the networking to be up before the pf rules? i tend to load a basic ruleset during boot and then either overwrite it or update it with alte

Re: OpenBSD sticker considered cool by a layman

On 30.09-10:03, Anton Karpov wrote: [ ... ] > The same here. I have wireframe puffy on the back of my car. VERY > attractive: of course, if you were _really_ security conscious you would have cropped the license plate no ;-)

Re: To whom can I direct email for artwork use permission pls?

On 02.10-09:56, Marcus Andree wrote: > Theo is the copyright holder of the CD directory structure used by the > install CDs. > If someone wanna sell a CD (or DVD) legally, s/he will have to: > > - get a written permission from Theo or > - code an entirely new installation procedure i find this

Re: OpenBSD sticker considered cool by a layman

On 02.10-15:43, ?ke Nordin wrote: [ ... ] > > >http://papers.ssrn.com/sol3/papers.cfm?abstract_id=998565 > > > > "Cool" link... Information about an article about privacy, and for > > downloading it you need javascript and whatever more... (I didn't manage > > to get the full text). > > Not to men

Re: To whom can I direct email for artwork use permission pls?

On 02.10-11:46, Bob Beck wrote: > > (though i have to confess, i haven't made a donation since i upgraded > > my gateway to 4.1 ... i have an excuse !!! and it was only last week. > > and i will) > > And this is exactly the problem. Look, you guys can quibble > all you want about "awww, we

Hoststated & check https; what am I missing?

Greetings list, Long story short, we're moving from some alteon AD3's to openbsd, and in support of that effort I've constructed a small testing environment including two carp'd openbsd boxes running hoststated, and a single webserver sitting behind them. The problem is that I can't seem to get h

Re: Limit number of login sessions

e? if not then i'd suggest you create a BSD auth module for processing the login sessions and add a 'login-max' capability.

load balanced carp and local routes

Greetings list. I have a set of four load-balanced carp servers. Here are there hostname.carp files: box1: inet 10.104.72.0 255.255.224.0 NONE carpdev em0 balancing ip-stealth carpnodes 1:0,2:100,3:100,4:100 box2: inet 10.104.72.0 255.255.224.0 NONE carpdev em0 balancing ip-stealth carpnodes 1:1

Re: timezone issue

On 10.04-11:06, Jordi Espasa Clofent wrote: [ ... ] > [EMAIL PROTECTED] [~] [10:59:59] > $ date -u > Thu Apr 10 09:00:01 UTC 2008 presumably the prompt is showing local time which is UTC +2 (+1 for CET and +1 for summer time). so all is well. as for the sysmon output you'll probably find (but i

Re: UPDATE: mozilla-firefox-3.0

On 17.07-10:26, Jason Dixon wrote: [ ... ] > I don't have any customers that use Java for client-side image > rendering, so I can't speak as to how it would compare. I suspect that > Java wouldn't be as efficient as flash for passing instructions to the > client, but that's just a hunch. performa

[patch] Huawei E1750 support

Hi, I got E1750 with O2 and noticed it's not working with -current. Here is the little patch, that should do the trick. Without this patch, device shows up as a sdX (just the flash part of device, and /dev/cuaU0 is not set up) Cheers, Jurij Index: dev/usb/umsm.c =

Re[2]: [patch] Huawei E1750 support

> 20 P8QP;Q 2011, 23:00 P>Q David Coppa : > > On Wed, Jul 20, 2011 at 8:34 PM, bsd user wrote: > > > Hi, > > > I got E1750 with O2 and noticed it's not working with -current. Here is > > > the > > little patch, that should do the trick. > &

Ports problem

Hi all! I have an Ibm Thinkpad r50e. I install OpenBSD, configure the X, install fluxbox and other applications with pkg_add but when I try to install unrar (its not in the pkg_add) unsing the ports the compilation fail. I try to compilate other ports and fails again. I download the ports from the

Re: Authpf and more than 992 users

On Thu, Nov 19, 2009 at 7:43 PM, Aaron Mason wrote: > On Thu, Nov 19, 2009 at 7:57 PM, Joachim Schipper > wrote: >> On Wed, Nov 18, 2009 at 12:55:03PM -0700, Bob Beck wrote: >>> 2009/11/18 Janusz Gumkowski : >>> >> Is it at all possible to have more than 992 simultaneous authpf users ? >>> >> >>>

Re: Why I Love Open Source - NSA helped with Windows 7 development

On Fri, Nov 20, 2009 at 3:19 AM, patrick keshishian wrote: > On Thu, Nov 19, 2009 at 11:40 PM, Felipe Alfaro Solana > wrote: >> On Fri, Nov 20, 2009 at 12:43 AM, Obiozor Okeke >> wrote: >> >>> From Network World: >>> >>> NSA helped with Windows 7 development >>> Privacy expert voices 'backdoor'

Re: Defending OpenBSD Performance

On 14.09-20:43, Nick Holland wrote: > [ ... ] > Speed matters. Almost as much as some things, and nowhere near as > much as others. beautifully specific and vague, i'd challenge anyone to sum up benchmarking better. if that's not a quote, it is now; i'm writing it down and sticking it to my wall

machdep.allowaperture=1 setting is safer?

Hello All I have a Intel Core2Duo desktop (dmesg attached below) running fully patched i386 4.6 GENERIC.MP. xdriinfo and glxinfo o/p doesn't change whether machdep.allowaperture is set to 1 or 2. And X is fully functional/stable in both cases as it has been for the past 6 months (with 4.5-stable

Re: machdep.allowaperture=1 setting is safer?

> BTW, does anyone know if any other (X?) programs require '2', and in > which cases? mplayer? I have been running mplayer, xine and openarena without any problems with value 1 for more than 6 months. Yours Srikant.

Re: Package dependencies size estimate script

Jan Stary wrote: > cat /var/db/pkg/$PACKAGE/+REQUIRING | xargs pkg_info -s Thats just the first level of dependencies. What about the dependencies of the dependencies, and so on? It is a tree structure. Recursion is needed if you want to know the 'real collateral damage' :) Srikant.

Re: Package dependencies size estimate script

Jan Stary wrote: > dir=/var/db/pkg/$pkg Since you use the above mechanism to read the package list, your script only works for already installed packages. Srikant.

Re: Multicast Routing issues with OpenBSD

On 9.11.2022 12.39 PM, Barbaros Bilek wrote: Hi again, I've added this route : ''route add 239.0.1.2/32 172.16.1.1'' But nothing changed. Is OpenBSD capable of multicast routing? Am I doing a wrong configuration? Any thoughts? Thanks in advance. On Tue, Nov 8, 2022 at 6:28 PM Barbaros Bilek