> Are there security concerns against running tinc on an OpenBSD
> gateway as an alternative to IPsec and openvpn in a +50 road
> warriors setup? What is your impression of this tool in daily
> usage? Which VPN solution would you prefer?
I'm using tinc 1.1pre14 (not the port) with hostname.if in t
Hello misc@,
I'm trying to use a Dell R210 II server, remotely hosted at online.net
(LT 1701.3 model). Installation was done from a qemu on a live
"rescue" linux with both 6.1 and current as of 20170705.
When it boots, it crashes at some point, and when it does the idrac
(on a port shared with e
2017-07-06 0:06 GMT+02:00 Mihai Popescu :
> http://marc.info/?t=14986422261&r=1&w=2
Thanks Mihai, I've read that thread already. I don't care about ipmi
readings from the OS. I just want my server to boot correctly. The
thing that rings a bell however is the "hardware ipmi watchdog", which
2017-07-06 15:07 GMT+02:00 Dimitris Papastamos :
> I think one of the NICs is shared and when OpenBSD boots up and
> enumerates them, it also resets the NIC which upsets idrac. You
> can probably figure out which NIC is shared and hack the kernel
> to skip enumerating it.
> Someone had the sam
Le sam. 8 sept. 2018 à 13:40, Jay Hart a écrit :
> -ifconfig -A from the router--
> re1: flags=8843 mtu 1500
> lladdr 00:22:4d:d1:48:d5
> inet netmask 0xff00 broadcast
Some CPEs have hardcoded as management ip address,
Le sam. 8 sept. 2018 à 18:06, Jay Hart a écrit :
> > Le sam. 8 sept. 2018 à 13:40, Jay Hart a écrit :
> >> -ifconfig -A from the router--
> >> re1: flags=8843 mtu 1500
> >> lladdr 00:22:4d:d1:48:d5
> >> inet netmask 0xff00 broadcast 192.168.1.
Le mer. 12 sept. 2018 à 19:09, Tim Jones
a écrit :
> 2/ The BGP sessions come up
> 3/ "bgpctl sho ri" shows all routes. But none of them have any flags, not
> even the *=valid flag.
> 4/ Setting "nexthop qualify via default" gets the valid & select flags, but
> doing a traceroute sees the
Hello misc,
I'm currently advertising my prefix with "network $mynet", so as
redistributing connected networks with "network (inet6) connected".
However, loopback prefixes are not announced.
They are seen as local instead of connected:
$ route -n get 2001:db8:3cc:10:1000::1/128
route to: 2001
Le lun. 29 oct. 2018 à 14:43, Pierre Emeriaud
a écrit :
> Is there a good way to redistribute those local prefixes? like what
> "network local" would do.
denis@ informed me about the recently introduced "network inet6
priority 1", I guess that could fit with some appropriate filtering.
Le lun. 29 oct. 2018 à 22:04, Claudio Jeker a écrit :
> Another option is to set the rtlabel on the interface and then use network
> rtlabel to redistribute it.
I tried that, but it's refused by bgpd parser:
$ doas bgpd -n
/etc/bgpd.conf:39: syntax error
$ doas nl -ba -nln /etc/bgpd.conf | gre
Le lun. 29 oct. 2018 à 22:26, Pierre Emeriaud
a écrit :
> Le lun. 29 oct. 2018 à 22:04, Claudio Jeker a
> écrit :
> >
> > Another option is to set the rtlabel on the interface and then use network
> > rtlabel to redistribute it.
> I tried that, but it
Le lun. 29 oct. 2018 à 22:44, Claudio Jeker a écrit :
> This is a problem of the parser. Use "42" with the quotes to make the
> number a string. Or use a non-digit label (as you figured out already).
Thanks Claudio, this is a handy workaround.
Hi misc@
What is the current canonical way to tweak source address selection?
I have a bgp multi-homed router, and while answers do use the correct
source address, host-generated traffic uses the outgoing interface IP
$ route -n get
route to:
Le jeu. 28 mai 2020 à 16:09, Theo de Raadt a écrit :
> A few tools have options like -s, but it is a problem.
> I'm also frustrated by this solution, and working on a better method.
thanks for acknowledging this issue Theo.
Just wanted to check if I hadn't missed anything obvious.
Le jeu. 28 mai 2020 à 17:19, Denis Fondras a écrit :
> I have a pf.conf with :
> pass out on $if_ix from $ip_ix to !$subnet_ix nat-to $ip_router
> Not a definitve solution but does the work on a low-traffic bgp router :/
Thanks Denis, this is what I'm currently doing, but this is more a
Try this:
$ cat /etc/hostname.vio0
!route add -link -iface vio0
The "gateway" to should show as its mac address.
Le mer. 24 juin 2020 à 13:01, Stuart Henderson a écrit :
> On 2020-06-23, Daniel Ouellet wrote:
> > OpenBSD does run on some old Cisco routers, it's been done before. Sure
> > it's not officially supported nor does it support all the various
> > interfaces but it's known to work on some.
Not a
Howdy misc@,
I have a fairly complicated setup with lots of interfaces, a couple of
rdomains etc.
I'd like wireguard to listen only on an IP address, not all. But if my
understanding of ifconfig(8) is correct, this doesn't seem possible
wgport port
Set the UDP port that t
Le ven. 16 août 2019 à 12:34, Tor Houghton a écrit :
> Is there a way to get this information without using 'strings' and 'grep'?
$ doas what /bsd
OpenBSD 6.5-current (GENERIC.MP) #158: Tue Jul 30 15:25:51 MDT 2019
$ what /home/_sysupgrade/bsd*
OpenBSD 6.6
Le mer. 28 août 2019 à 16:38, Mohamed salah
a écrit :
> I wanna put something in discussion, what's your motivational to use
> OPENBSD what not other bsd's what not gnu/Linux, if something doesn't work
> fine on openbsd and you love this os so much what will do?
Almost everything I need is in b
Le mar. 10 déc. 2019 à 16:52, Adam Thompson a écrit :
> Is there a way to placate security(8) that I'm just not seeing? Or is
> my goal fundamentally misguided for some reason I'm not seeing? The
> user in this case is semi-trusted (e.g. yes, we'll let you login using
> an unprivileged account
2017-11-08 17:01 GMT+01:00 Mark Carroll :
> I am looking to expand my spamd.conf's blacklisting and I now see that
> some providers prefer one to rsync their blacklist rather than simply
> fetching it and more others make their lists queryable by DNS only.
> Is there a "good" OpenBSD way to do it
2018-03-24 23:22 GMT+01:00 Lyndon Nerenberg :
> By far the easiest way to do this is to connect a switch to the door that
> opens/closes as the door opens/closes. This assumes that when you say "the
> door moves" you really meant "is opened or closed".
> Whether the switch is normally open or
Hi Brian
Le mar. 27 oct. 2020 à 23:07, Brian Brombacher a écrit :
> I wonder if multiple ports, 5053, 5153 (and so on) redirected using pf rdr-to
> rules may work? That way you can setup rules like first IP + port 53
> redirect to 5053, second IP + 53 redirect to 5153?
> May be worth a sho
Le mar. 27 oct. 2020 à 23:46, j...@snoopy.net.nz a écrit :
> Hi Pierre,
> The error may indicate that port 53 on is already used by another
> service. This appears to be confirmed by your netstat example. This is
> probably a dns service.
Thanks Joe. This is indeed a dns daemo
Le jeu. 29 oct. 2020 à 00:09, Brian Brombacher a écrit :
> Scratch that, use the ifconfig wgrtable option to specify separate routing
> domains for the port 53. This lets you initiate many. You still need to
> deal with getting the IP pointing at the right routing domain now.
I'm already us
Le jeu. 29 oct. 2020 à 01:20, Theo de Raadt a écrit :
> I believe you are running into the restriction that we don't allow an
> INADDR_ANY:port binding to be done after a ipaddr:port binding has been
> done. It must be done beforehands.
Sorry Theo, maybe things got lost in translation, but if
Le jeu. 29 oct. 2020 à 16:40, Theo de Raadt a écrit :
> > Is there a reason why wg needs such a large bind?
> I don't know why wg does that, because I haven't looked at the code.
> Your configuration is definately pushing the limits.
Allright many thanks Theo. Maybe Jason can chime in on this
Le jeu. 29 oct. 2020 à 18:00, Brian Brombacher a écrit :
> Then there’s a misconfiguration, wg driver bug, or the driver documentation
> is wrong in ifconfig about wgrtable.
> Routing domains are where you can specify multiple conflicting port binds and
> be fine, INADDR_ANY included.
Le jeu. 29 oct. 2020 à 21:03, Stuart Henderson a écrit :
> Which DNS server do you have bound on 53?
> > Is there a reason why wg needs such a large bind?
> Unless/until it gets an option to bind to a specific IP that's all it
> can sanely do. It would definitely be useful IMO.
Le jeu. 29 oct. 2020 à 21:17, Theo de Raadt a écrit :
> Or, don't try to overlay stuff onto a single port. Look, we can tell
> what is going on here, you want to tunnel over the least-filtered port
> on the internet, but if you do that trying to use that port for another
> thing is quite a prob
Le mar. 8 déc. 2020 à 19:46, Salvatore Cuzzilla
a écrit :
> do you know if it's possible to see some statistics about the
> committers? like for example number of commits per committer.
There's at least http://www.oxide.org/cvs/index.html
Le jeu. 25 mars 2021 à 19:45, Kapetanakis Giannis
a écrit :
> How about a distributed setup?
> Has anyone thought of a way getting IPs from various servers (say linux
> & fail2ban) to the central OpenBSD (pf) firewall?
I send all my logs to a centralised syslog which runs fail2ban, and
Le mar. 24 oct. 2023 à 03:24, Andy Lemin a écrit :
> How do I set/override the default rdomain for system level CLI commands?
You can do that at ssh level. From sshd_config(5):
Specifies an explicit routing domain that is applied after
authentication has
Le mar. 2 avr. 2019 à 23:00, Henry Bonath a écrit :
> Hello,
> Does anyone have any suggestions as to how to add the current rtable to the
> $PS1 prompt?
> I tend to flip back and forth between routing domains and tend to lose track
> of which rdomain I am currently using.
> I've been attemp
Works ootb:
- touchpad, trackpoint
- sound
- video
- suspend
- hibernate
- webcam ("5986:2113 Acer, Inc" / SunplusIT Inc Integrated Camera)
- wireless after running fw_update
- vga out via usb-c dongles
- 03f0:274a Hewlett-Packard "HP USB-C to VGA Adapter"
- 2109:0100 VIA Technologies Inc "
2016-12-17 4:59 GMT+01:00 Nick Holland :
> heh. Little secret: if you look in many data centers, you will find
> lots of 1U boxes with various titles -- security appliances, load
> balancing devices, etc. A lot of them, under the covers, are just PCs.
> And a lot of data centers have 'em rottin
Index: radiusd.conf.5
RCS file: /cvs/src/usr.sbin/radiusd/radiusd.conf.5,v
retrieving revision 1.7
diff -u -p -r1.7 radiusd.conf.5
--- radiusd.conf.5 26 Oct 2015 06:44:40 - 1.7
+++ radiusd.conf.5 13 Mar 2017 20:5
2017-04-09 16:33 GMT+02:00 Edgar Pettijohn :
> On 04/09/17 04:45, Florian Ermisch wrote:
>> Hi Edgar,
>> check the MTU on your tunnel device.
>> You can give it a try with
>>doas ifconfig gif0 MTU 1400
> Unfortunantly that didn't do it. I think I'll just wait until my ISP offers
> it.
Hi George,
> pppoe0: flags=8855 mtu 1492
> priority: 0
> dev: em0 state: session
> sid: 0x1d1e PADI retries: 0 PADR retries: 0 time: 00:13:01
> sppp: phase network authproto pap authname "user"
> groups: pppoe egress
> status: active
> inet 1
2016-07-12 7:41 GMT+02:00 Difan Zhao :
> So I have been playing with rdomain and I am able to get dhcp and openvpn
> working but with some hacking. I am seeking a proper way to do this.
rcctl(8) is the way to go:
# rcctl set dhcpd rtable 200
# rcctl get dhcpd
2016-07-13 1:37 GMT+02:00 Difan Zhao :
> Thank you Chris! I come from the Cisco world with a little Linux experience
> but It does make sense to me. It looks like I could run two DHCP processes
> this way.
> However the problem is that I still can't set the rtable.. Also tried the
> "rdomain"
Hello misc@,
I'd like to set up bgpd with multiple routing tables, a la vrf-lite
(ie without mpls and mp-bgp).
What works:
- peering within a rtable/rdomain
- receiving the routes
What doesn't work:
- nexthop is never "validated"
-> routes are never installed in fib
Configuration is pretty s
Hi Pierre,
> I tried to do a similar setup. I tried different configuration without
> success.
Yup, I saw your post on misc@ a few days ago when I was looking for
some pointers.
> Then I found this in the manpage : "Currently the routing table must belong
> to the default routing domain and ne
44 matches
Mail list logo