Hi folks,
I have a question about pfsync protocol in a master-backup firewall
configuration (OpenBSD 6.3 and 6.4):
If I reboot (let's say) the backup host, will it receive the whole
set of state information again, when it gets back online?
Hopefully I am not too blind to see, but pfsync(4) doesn
Hi folks,
On 2/1/19 1:00 PM, Sebastian Benoit wrote:
Janne Johansson(icepic...@gmail.com) on 2019.02.01 12:49:53 +0100:
Yes, it will get a full dump since it has zero pre-existing knowledge of
the current situation regarding states.
I think carp will delay itself until the sync is done, so i
Hi folks,
does it work, OpenBSD on a 12" Macbook 2017? I tried Linux once,
but keyboard and trackpad were not working, so I kept MacOS.
Looking on Google I found just Macbook Airs and Pros. Hopefully
I wasn't too blind to see.
Every helpful comment is highly appreciated
Harri
There is a suspicious message
dev/ksyms: Symbol table not valid.
Next it seems that one CPU is offline somehow. ???
chester# sysctl -a | grep -i cpu
kern.ccpu=1948
hw.ncpu=1
hw.cpuspeed=500
hw.ncpufound=2
hw.ncpuonline=1
Regards
Harri
---
Hi Tobias,
On 4/25/19 7:45 PM, Tobias Ulmer wrote:
> On Thu, Apr 25, 2019 at 06:14:04PM +0200, Harald Dunkel wrote:
>>
>> Next it seems that one CPU is offline somehow. ???
>>
>> chester# sysctl -a | grep -i cpu
>> kern.ccpu=1948
>>
Hi folks,
after the upgrade to 6.5 rc.firsttime was lucky to send me an EMail:
Path to firmware: http://firmware.openbsd.org/firmware/6.5/
Installing: inteldrm-firmware intel-firmware vmm-firmware rtwn-firmware
http://firmware.openbsd.org/firmware/6.5/: ftp: firmware.openbsd.org: no
address asso
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 09/04/16 04:35, STeve Andre' wrote:
> On 09/03/16 11:32, Harald Dunkel wrote:
>> On 09/03/16 12:40, Ted Unangst wrote:
>>> there's some repo surgery in progress. it should be fixed eventually.
>>>
>>
Hi folks,
I am using an openbsd (5.9) box as gateway/firewall to the
internet. ISP is Deutsche Telekom. In between is a Vigor 130
VDSL2 modem, configured to PPPoE passthrough. The PPPoE
connection is initiated on the openbsd box.
Problem: https via the tunnel gets stuck for some sites, e.g.
https
Hi Peter,
On 09/13/2016 12:13 PM, Peter J. Philipp wrote:
>
> can try this:
>
> T-Online uses vlan tag 7, IP-TV uses vlan tag 8. So it depends on your
> plan I guess? I'd appreciate if someone told me if this information is
> outdated but I'm probably going to have to ask in february again
> a
Hi Daniel,
On 09/13/2016 12:00 PM, Daniel Gillen wrote:
>
> I had a similar problem. In my case it had to do with Path MTU issues.
>
> This site f.ex.: http://test-ipv6.com/ will check for that.
>
> The solution for me was to switch to "jumbo" frames below the pppoe
> device (1508 bytes if I re
Hi Markus,
On 09/13/2016 12:42 PM, Markus Hennecke wrote:
>>
>> I use the same VDSL modem with Deutsche Telekom and can reach
>> https://telekom.de/
>> The only MTU related setting in pf.conf seems to be this:
>>
>> ext_if = pppoe0
>> match in on $ext_if all scrub (no-df max-mss 1440)
>>
>> It is
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi Markus,
On 09/13/16 13:07, Harald Dunkel wrote:
> Hi Markus,
>
> On 09/13/2016 12:42 PM, Markus Hennecke wrote:
>>
>> Damn. Of course without this line it won't work:
>>
>> match out on $ext_if al
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi folks,
On 09/13/2016 02:58 PM, Stuart Henderson wrote:
>
> See "MTU/MSS ISSUES" in pppoe(4).
>
indeed, its documented, but its also a little bit misleading.
Reading the man page I had the first impression that modifying
the mtu and max-mss are
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi Stuart,
On 09/16/16 14:08, Stuart Henderson wrote:
> On 2016-09-14, Harald Dunkel wrote:
>>
>> AFAIU setting the max-mss affects TCP traffic only (e.g. HTTPS). It defines
>> the maximum payload block size on sending and
On 10/29/16 22:00, Stuart Henderson wrote:
>
> No, you won't able able to. I don't think this card is supported at all
> (and those 3ware cards which are supported, don't support management on
> OpenBSD).
>
Since 3ware was bought by LSI, and LSI was bought by Avago I wonder
if the newer Avago RA
Hi folks,
I am running a carp environment on my gateway. Due to lack
of routable IPv4 addresses the em0 interface provides IPv6
only, the carp0 interface defines both IPv4 and IPv6 addresses.
The internal interfaces em1 and carp1 provide both IPv4 and
IPv6.
ntpd works fine on the master, but on t
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi folks,
zabbix_agent.conf in zabbix-agent-3.0.3 (amd64) appears to be
broken: After the upgrade from 5.9 to 6.0 I found a shared object
instead of a config file in /etc.
# file /etc/zabbix/zabbix_agent.conf
/etc/zabbix/zabbix_agent.conf: ELF 64-b
Hi folks,
I am running spamd for greylisting on my MTA for several
years. I also know how to use spamd for blacklist-only mode
and how to configure pf.conf accordingly (even though I never
tried).
But spamd's blacklisting (without "-b") lacks proper documen-
tation. spamd-setup(8) says that it se
On 01/16/17 13:58, Boudewijn Dijkstra wrote:
> Op Mon, 16 Jan 2017 11:08:06 +0100 schreef Harald Dunkel
> :
>>
>> But spamd's blacklisting (without "-b") lacks proper documen-
>> tation. spamd-setup(8) says that it sends blacklist data to
>> spamd
Hi folks,
I spent way too much time on a table defined twice by
accident in my pf.conf file. Do you think it would be
possible to throw a warning if there are 2 table
definitions with the same name?
Probably
table
:
:
table const persist { 172.22.32.0/24 200
Hi folks,
I am using pppoe on OpenBSD 6.0 stable to setup a connection
to Deutsche Telekom (VDSL). Problem: Usually it takes 3 or 4
minutes to establish the connection. Is this as expected?
See below for the hostname.??? files. Using the default mtu
doesn't make a difference.
Any helpful commen
On 04/02/17 11:46, Kapfhammer, Stefan wrote:
> Harald, could you please post
> the full output of 'ifconfig pppoe0'?
> After successful established connection.
>
> Of course without credentials :)
>
Sure:
# ifconfig pppoe0
pppoe0: flags=8851 mtu 1500
index 6 priority 0 llprio 3
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi folks,
On 04/02/17 11:48, Bryan Linton wrote:
> On 2017-04-02 10:47:41, Konstantin Schukraft wrote:
>
> "man 4 pppoe" explains this better than I could. To wit:
>
> 8<---
>
> KERNEL OPTIONS A pppoe enabled kernel will
Hi Stuart,
On 04/02/17 12:42, Stuart Henderson wrote:
>
> Problem is that the pppoedev ethernet interface comes down too soon and
> the pppoe disconnect message can't be sent. A fix for this was being
> discussed but late for 6.1. "ifconfig pppoe0 down" in rc.shutdown should
> help that situation
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi folks,
AFAICT adding 2 lines to hostname.pppoe0 (as shown in the man
page) doesn't give you a full featured IPv6 subnet yet. Is there
some support for IPV6CP (RFC 5072) in OpenBSD?
Google mentioned some "dhcp6c", but its not in 6.0, is it?
Any
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi folks,
would it be possible to adjust the column size for the IPv6 output
of "netstat -r", similar to "netstat -nr"? Its pretty much useless,
if the interface identifier is cut off. The usual workaround
"netstat -r | cat" doesn't work, either.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi Sterling,
On 04/12/17 01:20, Sterling Archer wrote:
> Hello everyone.
>
> After upgrading to 6.1 about an hour ago, I noticed that I didn't have an
> IPv6 connection anymore.
>
> I use dhcpcd over a pppoe session, which worked fine in 6.0-stab
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi folks,
is it just me, or is the new dnsmasq unresponsive?
dig @127.0.0.1 heise.de A +short
gets stuck. Moving back to the old dnsmasq provided for 6.0
there is no such problem.
dnsmasq.conf:
server=8.8.4.4
Every helpful comm
Hi folks,
AFAICS there is no way to build a release without upgrading
the base system first, i.e. you have to have root privileges.
To keep things simple, I wonder if it would be possible to use
these privileges to avoid the noperm partition?
Regards
Harri
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 04/14/17 09:21, Theo de Raadt wrote:
>> AFAICS there is no way to build a release without upgrading the base system
>> first, i.e. you have to have root privileges.
>>
>> To keep things simple, I wonder if it would be possible to use these
>> p
Hi folks,
Since I don't get a static IPv6 prefix from Deutsche Telekom, but
a different prefix on every new pppoe connection, I have to rely
upon some lookup service for pf.conf.
pf.conf(5) doesn't mention dynamic IP addresses at all (except
for its own interfaces), so I wonder what is best pract
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 04/15/17 23:39, Stuart Henderson wrote:
>
> It's the same version of dnsmasq. The thing that changed is that we now have
> IP_SENDSRCADDR.
>
> Needs fixing, but you can use -z on the dnsmasq command line as a workaround
> for now.
>
Seems to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi Florian,
sorry to say, but you missed the point. The IP address of
*another* host inside my LAN changes, e.g. a mail server,
a http proxy, etc. The interface identifier of each host is
surely stable. The prefix is not. Using the old prefix in
pf.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi folks,
AFAIR IPv6 addresses have a lifetime and some other attributes.
Is there some way to show? "sysctl -a", "ifconfig -a" and netstat
don't.
Probably I am just missing the right command. Every helpful hint
is highly appreciated.
Harri
-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 04/18/17 17:05, Stuart Henderson wrote:
>
> Mine is in the pkg-readme.
>
>
A pkg-readme? Is this included in the binary package?
# find / -iname \*readme\* -print | grep -i dhcp
# echo $?
1
Regards
Harri
-BEGIN PGP SIGNATURE-
iQEz
> On Apr 19, 2017, at 10:43, Eric Huiban wrote:
>
> Hi,
>
> Give a try to ifconfig as regarde privacy policy lifetime : pltime & vltime
> if i'm still right. You can also preset this two counters using the same
> command.
??? Sorry, but I don't understand this first sentence.
I would like t
On 04/19/17 15:38, Dimitris Papastamos wrote:
>
> You don't seem to have any autoconfigured addresses.
> Try ifconfig vether0 inet6 autoconf first.
>
Here is the output of ifconfig on my gateway:
# ifconfig re1
re1: flags=8843 mtu 1500
lladdr 80:ee:73:95:c1:0d
index 3 priority 0
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi Florian,
On 04/20/17 12:45, Florian Ermisch wrote:
> Hi Harri,
>
> until someone in the know replies you could take a look at the DHCPv6 traffic
> to see if a lifetime is included in the replies (and maybe keep them handy
> for a dev to look a
Hi folks,
Would it be possible for "pfctl -f" to search include files relative to
the including file instead of the cwd, similar to #include "myheader.h"
in C?
This would help to check the syntax before putting the new pf files
into place.
Sample: Using
include "pf_customers.conf"
in m
Hi folks,
pfctl can give me an extended list of tables showing interface
group names, "self", etc. Sample:
# pfctl -g -sT
egress
egress:0
extern
extern:network
intern:network
nospamd
self
spamd-white
unroutable
How c
On 12/28/14 13:51, Maxim Khitrov wrote:
>
> These tables are under the hidden "_pf" anchor:
>
> pfctl -a _pf -t extern -T show
>
Thats cool. Where did you find this? Searching on openbsd.org
for "_pf" revealed only
http://www.openbsd.org/papers/ven05-henning/mgp00011.txt .
This is surely somet
On 12/28/14 15:35, Harald Dunkel wrote:
>
> Thats cool. Where did you find this? Searching on openbsd.org
> for "_pf" revealed only
> http://www.openbsd.org/papers/ven05-henning/mgp00011.txt .
> This is surely something that should go to the man page or to
> the
Hi folks,
AFAICS the old net.inet6.ip6.accept_rtadv was replaced with a
local "autoconf" flag for each interface. I wonder if autoconf
is set or cleared by default, if inet6 is configured for the
network interfaces and if net.inet6.ip6.forwarding is enabled?
Every helpful comment is highly apprec
On 12/30/14 18:26, Henrik Friedrichsen wrote:
>
> It certainly doesn't seem to be enabled by default as I just had to
> enable it to get an IPv6 assigned. This was on -CURRENt, though.
>
My concern is about accepting foreign routing advertisements on a
gateway.
Regards
Harri
On 01/07/15 23:38, Sebastian Benoit wrote:
>
> autoconf is only enabled if you do
>
> ifconfig inet6 autoconf
>
> otherwise, RAs will be ignored.
>
Thanx very much. I would suggest to mention the default in
ifconfig(8).
Regards
Harri
Hi folks,
Following OpenBSD 5.6 stable, what is the recommended
procedure to upgrade libressl to the most recent stable
version?
Regards
Harri
On 01/29/15 11:43, Maurice McCarthy wrote:
>
> As the operating system and applications are tightly integrated that may be a
> bad idea. More likely it is better to upgrade to current. I'd think you would
> be on your own if you compile from source for stable - and code is changing
> quickly.
>
Hi Maurice,
On 01/29/15 15:01, Maurice McCarthy wrote:
> Harald,
>
> Thinking about it Libressl is not in 5.6 at all. There is only Openssl.
> The easiest way to keep stable up to date is to install the openup script
> from mtier.
> https://stable.mtier.org/
>
Thanx very much for your recommen
Hi folks,
/etc/services provides protocol information as well, so I wonder
if a pf line like
pass in from any to (self) port telnet
could be read as
pass in proto tcp from any to (self) port 23
?
Currently (5.6 stable) there is an error message, e.g.
/etc/pf_gate5.co
On Fri, 27 Feb 2015 09:22:21 +
"Loïc Blot" wrote:
> Hello,
> in the first example you don't specify proto tcp.
>
Thats the point. /etc/services says
telnet 23/tcp
so pf could figure this out on its own.
Regards
Harri
On Fri, 27 Feb 2015 12:46:19 +
skin...@britvault.co.uk (Craig Skinner) wrote:
>
> $ awk '/^domain/ { print $2 }' /etc/services
> 53/tcp
> 53/udp
>
> Now what? Both? Either? First? Last? Random?
>
Both.
[demime 1.01d removed an attachment of type application/pgp-signature which had
a name of
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 03/01/15 10:48, Stuart Henderson wrote:
>
> It would be *possible* to modify pfctl's parser to handle this. The question
> is whether it's worth the time to implement it and extra complexity. Note
> that it would need to handle splitting the ru
Hi folks,
IKEv1 in a carp environment using sasyncd:
If I flush all flows and SAs and load a different ipsec.conf,
then the new flows and SAs are not established :-(. AFAIU
sasyncd saw no reason to activate the master isakmpd again,
since there was no failover on the watched carp interface.
Th
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi folks,
building userland of the new stable branch failed with
# rm -rf /usr/obj/* && cd /usr/src && make obj && cd /usr/src/etc && env
DESTDIR=/ make distrib-dirs && cd /usr/src && make build
:
:
touch /tmp/_etcdir.kw0UXjXwDD/usr/share/sysmerge
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 03/14/15 12:54, Steven McDonald wrote:
>
> /var/tmp was replaced with a symlink to /tmp between 5.6 and 5.7. Compiling
> from source isn't a supported way to upgrade from one to the other; this is
> well documented in the FAQ:
>
> http://www.o
On Sat, 14 Mar 2015 20:25:49 + (UTC)
Stuart Henderson wrote:
> On 2015-03-14, Harald Dunkel wrote:
> >
> > Agreed. But release(8) doesn't make any assumptions about
> > the base system, AFAICS. Using 5.6 stable to checkout and
> > build OPENBSD_5_7_BASE a
Hi folks,
stable built fine, but make install failed with
:
cc -Werror -Wall -Wimplicit-function-declaration -Wno-main -Wno-uninitialized
-Wframe-larger-than=2047 -mcmodel=kernel -mno-red-zone -mno-sse2 -mno-sse
-mno-3dnow -mno-mmx -msoft-float -fno-omit-frame-pointer -fno-builtin-printf
-
Hi Theo,
On 05/27/15 15:37, Theo Buehler wrote:
>
> To fix your machine, either use the cp and mv commands as above or
> simply issuing
>
> # cp bsd /bsd
>
> would be enough since `/bsd' isn't in the way.
>
The point is that "make install" didn't, because it expected
a previous /bsd in the de
Hi Shaun,
On 05/28/15 01:48, Shaun Reiger wrote:
> Hello Misc I'm looking at purchasing a Lenovo T450s as my main laptop, but
> I wanted to find out if anyone has hit any major roadblocks using obsd 5.7
> with this model. I know this is a fairly new machine and support is always
> hit and miss, bu
Hi Brendan,
On 05/28/15 15:00, Brendan Desmond wrote:
> On 2015-05-28, Harald Dunkel wrote:
>>
>> I have a T440s. Battery life and fan noise are excellent
>> (using Linux, though).
>>
>
> I have the same or similar machine (only says "T440", no "
Hi Holger,
You might want to use something like this in your
/etc/rc.local:
pf=/etc/pf.local.conf
if pfctl -nf ${pf}; then
pfctl -f ${pf}
fi
This would make the regular /etc/pf.conf a fallback, if
pf.local.conf doesn't load.
Just a suggestion, of course.
On 08/28/15 16:53, Lars wrote:
>
> There is a barebone system from Shuttle DS437 that fits your requirements. I
> don't know it so I can not tell if it works as workstation.
>
I am using the DS437 as a firewall, network tunnel, spam filter and
internal DNS/DHCP server at home. Performance is fi
On 09/03/16 12:40, Ted Unangst wrote:
> Teno Deuter wrote:
>> installed a fresh 6.0 AMD64 and tried to build 'stable' from source.
>>
>> Here is what I did as 'root' (as described in:
>> http://www.openbsd.org/stable.html):
>>
>> export CVSROOT=anon...@anoncvs1.ca.openbsd.org:/cvs
>> cd /usr; cvs c
Hi folks,
I haven't found it mentioned here yet, so I wonder if somebody
could share his experiences in running openBSD on a Shuttle DS81
(Intel DH82H81 chipset, Haswell i3 or i5). Is the hardware "too new"
for openBSD 5.5?
Every helpful comment is highly appreciated.
Harri
Hi folks,
I'm running openBSD (the "current" version of 2 days ago) on a
Shuttle DS437. No XWindow support. Problem: If I boot it without
a monitor connected, then there is no screen output later.
How can I avoid the reboot to make the screen working?
The DS437 is supposed to become a headless f
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 09/22/14 13:23, Jonathan Gray wrote:
>
> What video outputs does the machine have? Can you connect the display via a
> different one? Given the invalid EDID warning in your dmesg you may want to
> try a different display.
It has a DVI and a
On 09/23/14 15:48, Alexander Hall wrote:
> On September 23, 2014 3:00:41 PM CEST, openda...@hushmail.com wrote:
>> Hi,
>>
>> Expanding on the whole
>> http://en.wikipedia.org/wiki/Convention_over_configuration thing --
>> why aren't there any sane PKG_PATH defaults? Ie.:
>>
>> release=$(uname -r)
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 09/24/14 07:51, Jonathan Gray wrote:
>
> Perhaps there is ghost crt output involved, could you try the following patch?
>
[snip]
No improvement, unfortunately :-(.
Regards
Harri
iQEcBAEBCAAGBQJUIpMAAAoJEAqeKp5m04HL7AcH/2MuWG0vu44q/KTwbyfBKzs
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi Ingo,
On 09/24/14 11:29, Ingo Schwarze wrote:
> Hi,
>
> Harald Dunkel wrote on Wed, Sep 24, 2014 at 07:14:21AM +0200:
>
>> This is something that could be added to /etc/examples. See the attachment
>> suggesting a fi
On 09/24/14 12:51, Jonathan Gray wrote:
> Add "option DRMDEBUG" to your kernel config and build a new kernel,
> then mail me the resulting dmesg off list.
>
Attached.
> Connecting a display via a digital output should normally trigger a
> hotplug event via an interrupt and set everything up. O
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi folks,
Google didn't tell if this has been discussed before, so I wonder
if you have considered moving from CVS to git?
Regards
Harri
iQEcBAEBCAAGBQJUIrkOAAoJEAqeKp5m04HLvlsIAIDoqDnsNUmEvLNMjZ2+g6Sl
gne1/JBU0e9s3KFdfq4XCrQCFsMROvZmXMi1aJUrVhuqx
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 09/24/14 14:35, Gilles Chehade wrote:
>
> no, this was never discussed before and google doesn't know about it:
>
> http://www.lmgtfy.com/?q=openbsd+git
>
> 2nd link.
>
Ah, I see. I had google search set to "Past year" from another search.
Th
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 09/24/14 14:51, Theo de Raadt wrote:
>> Hi folks,
>>
>> Google didn't tell if this has been discussed before, so I wonder if you
>> have considered moving from CVS to git?
>
> Don't often see a troll opening with such a big lie.
>
My recommen
Hi folks,
I've setup a pppoe connection to my ISP (Deutsche Telekom),
following pppoe(4). Problem:
At boot time the connection is not setup immediately.
"ifconfig -A" shows just
re0: flags=28843 mtu
1500
lladdr 80:ee:73:95:c1:0c
priority: 0
Hi Pieter,
On 09/29/14 10:54, Pieter Verberne wrote:
> On 2014-09-26 18:52, Harald Dunkel wrote:
>>
>> It takes 2 or 3 minutes till the connection is established.
> I have seen very similar things on Soekris. Also hostname.pppoe0 seems to be
> picky
> about the syntax. W
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi folks,
Pf question about parentheses around "self": Does "(self)"
work similar to "(egress)"? pf.conf(5) describes parentheses
around interface names and interface groups, but "self" is
not mentioned:
address= ( interface-name | interfac
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi folks,
On 10/07/14 05:12, Giancarlo Razzolini wrote:
> On 04-10-2014 11:06, Peter N. M. Hansteen wrote:
>> The parentheses denote potentially dynamic addresses, and IIRC the main
>> difference is that with parentheses the list will be expanded I
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 10/08/14 21:44, Henning Brauer wrote:
> * Harald Dunkel [2014-10-07 13:46]:
>> A related question: I wonder how well "(self)" and "(group)" perform,
>> compared to tables listing IP addresses? Is (self) eva
Hi folks,
I've got 2 NA570 (a network appliance from Axiomtek). Problem:
OpenBSD 5.6 installs fine, but this seems to poison the
installation target disk somehow. It doesn't boot. :-(
I have to overwrite the MBR just to make the BIOS work again.
Or I have to use a 4GB CF card for booting.
Surely
Hi folks,
How is the current install56.iso in pub/OpenBSD/snapshots/amd64/ on
the mirrors related to the shipped 5.6 CDs?
Regards
Harri
On 10/27/14 19:44, Theo de Raadt wrote:
>> How is the current install56.iso in pub/OpenBSD/snapshots/amd64/ on
>> the mirrors related to the shipped 5.6 CDs?
>
> From the ftp site:
>
> -rw-r--r-- 1 root wheel 58741116 Oct 27 01:42 base56.tgz
>
> That is around 11 hours ago. Probably a bi
On 10/27/14 20:19, Theo de Raadt wrote:
>
> Major differences.
>
> The snapshot code is -current. That includes commits from only a few
> hours earlier. From time to time, it also contains changes which are
> not yet commited.
>
If I got you correctly the current "install56.iso" from the
snap
Hi David,
On 10/27/14 20:20, David Vasek wrote:
>
> This quite recent thread comes to mind:
> http://marc.info/?t=13988430601&r=1&w=2
>
> Are your symptoms similar? AMI BIOS versions dated close to each other, maybe.
>
That looks *very* close to the problem I have with the
Axiomtek NA570.
On 10/28/14 09:02, Richard Toohey wrote:
> You get your asbestos pants on, and I'll get myself some popcorn.
>
I didn't mean any offense.
Thanx for the heads-up
Harri
Hi Oliver,
On 10/28/14 14:23, Oliver Peter wrote:
>
> If the difference between release and snapshot is too confusing for
> you, you should probably just stay with release. If you need releases
> on time you should order a CD set next time.
>
Of course I understand that there is a difference b
On 10/28/14 09:08, Harald Dunkel wrote:
>
> That looks *very* close to the problem I have with the
> Axiomtek NA570. I will forward a pointer to this thread
> to the manufacturer. Stay tuned.
>
The vendor has sent me a BIOS update. Problem solved.
Regards
Harri
Hi folks,
Deutsche Telekom gives me a new /56 prefix for my internal net and
a new /64 prefix for the external connection on every reboot of my
modem. The old internal prefix is not routed anymore. Question is,
how can I tell pf to use the new prefix?
There are a few constants in my pf.conf file
On 8/5/21 11:13 AM, Bastien Durel wrote:
Since then, I put the mount points directories immutable (before mount)
fremen# mkdir /tmp/foo
fremen# chflags schg /tmp/foo
fremen# touch /tmp/foo/bar
touch: /tmp/foo/bar: Operation not permitted
fremen# ls -loa /tmp/foo
total 8
drwxr-xr-x 2 root whe
Hi folks,
if I turn on debugging for wg0, then I get a lot of lines
in /var/log/messages like
:
Oct 20 10:23:50 wggate /bsd: wg0: Handshake for peer 5 did not complete after 5
seconds, retrying (try 11)
Oct 20 10:23:51 wggate /bsd: wg0: Receiving keepalive packet from peer 8
Oct 20 10:23:55 wgg
Hi folks,
my pf.conf contains
table persist file "/etc/mail/spamd-white"
I understand that I can add and delete hosts from the table manually
later, but on very large tables this is pretty painful. There is a high
risk that the table has just been flushed and is not up-to-date yet,
On 2021-10-28 12:06:24, Zé Loff wrote:
From the man page:
For the add, delete, replace, and test commands, the list of
addresses can be specified either directly on the command
line and/or in an unformatted text file, using the -f flag.
So:
pfctl -t spamd-white -T add -f
Hi folks,
since syspatch 70-006_x509 and a reboot IKEv2 between 2 OpenBSD clusters
(2 hosts on each end, carp interface, passive by default, managed via
sasyncd) appears to be broken. /var/log/messages says
Dec 12 21:40:28 gate5a iked[57676]: spi=0x5a7c2732b4b355e6:
ikev2_dispatch_cert: peer ce
it might come back.
Regards
Harri
On 2021-12-13 20:28:11, Tobias Heider wrote:
On Sun, Dec 12, 2021 at 10:01:20PM +0100, Harald Dunkel wrote:
Hi folks,
since syspatch 70-006_x509 and a reboot IKEv2 between 2 OpenBSD clusters
(2 hosts on each end, carp interface, passive by default, managed via
On 2022-01-14 10:42:56, Harald Dunkel wrote:
Hi folks,
trying to upgrade the installed packages I get
# pkg_add -u
https://cdn.openbsd.org/pub/OpenBSD/7.0/packages-stable/amd64/: TLS connect
failure: failed to open CA file '/etc/ssl/cert.pem': Permission denied
https://cdn.openb
Hi folks,
trying to upgrade the installed packages I get
# pkg_add -u
https://cdn.openbsd.org/pub/OpenBSD/7.0/packages-stable/amd64/: TLS connect
failure: failed to open CA file '/etc/ssl/cert.pem': Permission denied
https://cdn.openbsd.org/pub/OpenBSD/7.0/packages/amd64/: TLS connect failure
On 2022-01-17 18:02:25, Marc Espie wrote:
Lol.
cert.pem only contains public certificates. Insisting on only root being
able to read it means you are going to run code as root which doesn't require
it. That seems way more unreasonable than your original assumption.
I am not arguing about the
I highly appreciate the carefulness, but the error message doesn't
indicate a user "_pkgfetch", nor is it mentioned on pkg_add(1).
Please reconsider my suggestion made on 2022-01-14:
> In general, if there is a permission problem due to file system
> access bits, then it would be wise to include
Hi folks,
something on my gateway (7.0) is hiding disk space, AFAICS:
# du -hs /
3.4G/
# df -h /
Filesystem SizeUsed Avail Capacity Mounted on
/dev/sd0a 31.5G5.6G 24.3G19%/
How can I find out which process is eating up dis
On 2022-03-18 16:36:18, Janne Johansson wrote:
Den fre 18 mars 2022 kl 16:29 skrev Harald Dunkel :
How can I find out which process is eating up disk space, without
killing it, of course?
fstat(8) can help,
# fstat | sort -n -k 9
to get the largest open file at the bottom, third column is
Hi folks,
I would like to upgrade to OpenBSD beta on a Zotac O-series PC. I found
the snapshots directory, but the upgrade71 document appears to be missing.
Do you think it could be included into the snapshots directory, next to
the INSTALL.amd64 file, for example? It could encourage more people
101 - 200 of 260 matches
Mail list logo
