I see that snmpd.conf supports "read-write disabled", but this doesn't seem to
_completely_ disable the private community. If I set "read-write disabled" I
can still poll values using the 'private' community. Is this a bug or a
feature?
-Steve S.
I have a simple RAID1 configuration on wd0, wd1. I was in the process of
performing a rebuild on wd1, as it failed during some heavy reads. During the
rebuild wd0 went into a failure state. After some troubleshooting I decided to
reboot and now my RAID disk, sd1, is unavailable. Disks wd0 an
> -Original Message-
> From: Aaron Mason
> Sent: Monday, October 14, 2019 7:13 PM
> To: Steven Surdock
> Cc: misc@openbsd.org
> Subject: Re: Softraid data recovery
>
> On Tue, Oct 15, 2019 at 7:34 AM Steven Surdock net.com> wrote:
> >
> > I have a
> -Original Message-
> From: Karel Gardas
> Sent: Tuesday, October 15, 2019 5:31 AM
> To: Steven Surdock
> Cc: misc@openbsd.org
> Subject: Re: Softraid data recovery
>
>
>
> On 2019-10-15 04:26, Steven Surdock wrote:
> > I believe the disks are mo
> -Original Message-
> From: Karel Gardas
> Sent: Wednesday, October 16, 2019 11:26 AM
> To: Steven Surdock
> Cc: misc@openbsd.org
> Subject: Re: Softraid data recovery
>
> On 2019-10-15 13:44, Steven Surdock wrote:
> > Model Family: Western Digital B
> -Original Message-
> From: Aaron Mason
> Sent: Monday, October 14, 2019 7:13 PM
> To: Steven Surdock
> Cc: misc@openbsd.org
> Subject: Re: Softraid data recovery
>
> On Tue, Oct 15, 2019 at 7:34 AM Steven Surdock net.com> wrote:
> >
...
> >
I just fired up a 6.6/amd64 host that I will use to replace an existing
6.5/amd64 remote fileserver. I've been using Unison to synch files between
this remote server and a Windows fileserver. It seems with the bump to OCAML
4.09 Unison is throwing an error, "input_value: ill-formed message", w
I'm running a pair of unbound resolvers and am attempting to optimize
performance on them. This stemmed from noticing a couple of issues in the logs.
Dec 2 11:26:52 ns1 unbound: [54230:5] error: recvfrom 26 failed: Host is down
Dec 2 11:27:11 ns1 unbound: [54230:5] notice: sendto failed: Resou
.
-Original Message-
From: Steven Surdock
Sent: Monday, December 2, 2019 1:34 PM
To: misc@openbsd.org
Subject: unbound network optimizations
I'm running a pair of unbound resolvers and am attempting to optimize
performance on them. This stemmed from noticing a couple of issues in the
Followed this guide,
https://github.com/reyk/httpd/wiki/Running-ownCloud-with-httpd-on-OpenBSD, but
seeing these errors with the Android client:
server owncloud.example.com, client 1 (1 active), 192.168.0.21:38506 ->
192.168.1.8:443, buffer event error
server owncloud.example.com, client 2 (1 acti
I just ran syspatch on a 6.2/i386 host and the kernel did not change as it has
on my other patched machines. It appears that pub/OpenBSD/syspatch/6.2 was
updated on 12/10.
root@rad03 [/root]# syspatch -l
002_fktrace
003_mpls
root@rad03 [/root]# uname -a
OpenBSD cts-rad03.ctstelecom.com 6.2 GENE
.
Everything looks good now.
> -Original Message-
> From: Zbyszek Żółkiewski [mailto:zbys...@onefellow.com]
> Sent: Thursday, December 14, 2017 6:24 AM
> To: misc@openbsd.org
> Cc: Steven Surdock
> Subject: Re: syspatch not updating kernel
>
> Hi,
>
> perhaps th
I switched from trunk to aggr on a "OpenBSD 6.8 GENERIC.MP#5 amd64" and it
isn't load balancing across the two configured links. The remote side is a
Cisco ASR9k with the same configuration. Is that expected?
$ cat /etc/hostname.aggr0
trunkport bge0 trunkport bge1 description "BE2 to ASR9k"
i
> > On Apr 29, 2021, at 9:13 AM, Steven Surdock
> > wrote:
> >
> > I switched from trunk to aggr on a "OpenBSD 6.8 GENERIC.MP#5 amd64" and it
> > isn't load balancing across the two configured links. The remote side is a
> > Cisco A
Using an OBSD 7.4 VM on VMware as an NFS server on HOST02. It is primarily
used to store VMWare VM backups from HOST01, so VMWare is the NFS client. I'm
seeing transfers of about 1.2 MB/s.
SCP from HOST01 to OBSD VM (same filesystem) copies at 110 MB/s.
Iperf3 from a VM on HOST01 to OBSD
The client is VMWare ESXi, so my options are limited. I tried enabling jumbo
frames (used 9000) and this made very little difference.
-Original Message-
From: Zé Loff
Sent: Tuesday, December 5, 2023 10:12 AM
To: Steven Surdock
Cc: misc@openbsd.org
Subject: Re: NFS Server performance
Behalf Of Carsten Reith
Sent: Wednesday, December 6, 2023 11:41 AM
To: misc@openbsd.org
Subject: Re: NFS Server performance
[You don't often get email from carsten.re...@t-online.de. Learn why this is
important at https://aka.ms/LearnAboutSenderIdentification ]
Steven Surdock writes:
> Th
> -Original Message-
> From: j...@bitminer.ca
> Sent: Thursday, December 7, 2023 7:55 PM
>
> On Tue, Dec 05, 2023 at 02:06:44PM +, Steven Surdock wrote:
> >
> > Using an OBSD 7.4 VM on VMware as an NFS server on HOST02. It is
> > primarily use
I can't seem to burn CD's with my USB attached drive anymore. Audio
CD's seem to play, I can write using a different OS and mount CDs.
Possibly a change after upgrading to 4.4?
builder02$ sudo cdio -f cd1 tao OpenBSD-4.4-stable.iso
cdio: Can't determine media type
builder02$ dmesg |grep cd
cd0 a
> -Original Message-
> Subject: cdio: Can't determine media type
>
> I can't seem to burn CD's with my USB attached drive anymore. Audio
> CD's seem to play, I can write using a different OS and mount CDs.
> Possibly a change after upgrading to 4.4?
It was suggested that I try cdrecord.
Greetings, I'm trying to get ripd to announce a default route, but it
seems to not want to send any routes. I suspect the error is related to
the "error sending packet on interface fxp1: Host is down" message.
Here is some debug info. Any pointers would be appreciated. Thanks.
r...@pwbgp# /usr/
I set preempt on FW1 only.
-Steve S.
> -Original Message-
> From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of
> Mikel Lindsaar
> Sent: Tuesday, February 24, 2009 11:18 AM
> To: OpenBSD general usage list
> Subject: "heartbeating" Carp ?
>
> Hi all,
>
The package is unfortunately not fully functional in 4.4. I ended up
creating an unsupported package from the unsupported 5.4.2.1 port. I
believe there were other dependent packages to recompile, but it works
for me.
-Steve S.
> -Original Message-
> From: owner-m...@openbsd.org [mailto:
Greetings, I'm using ripd to distribute a default route, but I noticed
the "redistribute" command is more of an "originate". I'd like ripd to
distribute a default route, if one exists in the FIB. It seems to send
the default whether one exists in the FIB or not. Any suggestions?
Thanks.
-Steve
You sort of can on the outbond side by using the route-to option and using
multiple matching interface/gateways.
Route-to { if1 gw1, if1 gw1, if2 gw2 } round-robin...
This would prefer if1 over if2 for 2/3 the traffic.
Sorry if the syntax isn't quite right as I sent this from my phone. Als
I just upgrade from 5.5 to 5.6 on i386 and apcupsd won't recognize my UPS
plugged into a USB port. On 5.5 the UPS was attached to ugen0 but on 5.6 it
say uhidev0. Apcupsd mentions that the uhidev0 device type won't work. I see
that I can get some info from sensord (which is cool). Any sugges
It appears that my UPS has detached. Is there a programmatic way to reset a
USB port? I'm confident if I unplug the UPS and plug it back in it will
reattach, but I don't have physical access to the server. I'd prefer not to
reboot either. Thanks.
FROM DMESG
uhidev0 at uhub1 port 1 configu
I have two different APC units...
uhidev0 at uhub1 port 1 configuration 1 interface 0 "American Power Conversion
Smart-UPS 1500 FW:601.3.D USB FW:1.3" rev 1.10/0.06 addr 2
uhidev0: iclass 3/0, 54 report ids
upd0 at uhidev0
$ sysctl | grep upd
hw.sensors.upd0.indicator0=Off (Charging), OK
hw.senso
Using the package usmb to mount a share from a Windows 2008R2 server does not
seem reliable. FUSE/usmb dismounts the share after a while (less than 24
hours) with the following error:
Dec 30 01:30:07 fileshare /bsd: fuse: device close without umount
Usmb is not typically running afterwards. A
Just noticed that I'm having the same issue on 5.7/i386
NET-SNMP version 5.7.3
Error expanding HCInReceives to 64bits in ipSystemStatsTable.ipv4
Error expanding HCInDelivers to 64bits in ipSystemStatsTable.ipv4
Error expanding HCOutRequests to 64bits in ipSystemStatsTable.ipv4
-Steve S.
The broken SNMP on i386/5.7 is preventing me from upgrading. I tried i386/5.8
but I'm still seeing net-snmpd crash with the following error.
NET-SNMP version 5.7.3
Error expanding HCInReceives to 64bits in ipSystemStatsTable.ipv4
Error expanding HCInDelivers to 64bits in ipSystemStatsTa
] On Behalf Of
> Stuart Henderson
> Sent: Wednesday, August 5, 2015 5:58 AM
> To: misc@openbsd.org
> Subject: Re: SNMP on 5.7/5.8
>
> On 2015-08-04, Steven Surdock wrote:
> > The broken SNMP on i386/5.7 is preventing me from upgrading. I tried
> i386/5.8 but I'm s
I seem to be experiencing this as well, but I have no access to the client
side as it is a wireless camera. Is there anything that can be done on the
server side?
-Steve S.
As required for the upgrade I exported all my rrd's and they appear correct,
but when I performed a 'restore' on the upgraded 5.5 system the dates appeared
to become advanced by 136 years.
These are for Cacti and interestingly, cacti shows graphs for the old data, but
not for data collected aft
Cacti magically started showing the recent data, even though 'rrdtool dump'
shows dates that are quite wrong. I'm wondering nfsen breaking is related...
-Steve S.
-Original Message-
From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of
Steven Surdock
Anybody successfully using nfsen?
It was working on 5.4 (except for the portTracker plugin) and now under 5.5
the rrd's are not being updated. I uninstalled and re-initialized and still
no luck.
-Steve S.
> -Original Message-
> From: Josh Grosse [mailto:j...@jggimi.homeip.net]
> Sent: Friday, October 10, 2014 1:16 PM
> To: Steven Surdock
> Cc: misc@openbsd.org
> Subject: Re: nfsen on 5.5
>
> On Fri, Oct 10, 2014 at 04:52:18PM +, Steven Surdock wrote:
> &
> -Original Message-
> From: Stan Gammons [mailto:sg063...@gmail.com]
>
> On Oct 10, 2014 12:48 PM, "Steven Surdock"
> wrote:
> >
> > > -Original Message-
> > > From: Josh Grosse [mailto:j...@jggimi.homeip.net]
> > >
>
> -Original Message-
> From: Josh Grosse [mailto:j...@jggimi.homeip.net]
>
> On Fri, Oct 10, 2014 at 05:46:40PM +0000, Steven Surdock wrote:
>
> > Not chrooted. Flow records are being updated and stored correctly.
> > The RRD and associated PNGs aren't
> -Original Message-
> From: Stan Gammons [mailto:sg063...@gmail.com]
>
...
> > %sources = (
> > );
> > $low_water = 90;
> > $syslog_facility = 'local3';
> > @plugins = (
> > );
> > %PluginConf = (
> > );
> > $MAIL_FROM = 'ssud...@engineered-net.com';
> > $SMTP_SERVER = 'localhost';
> >
> -Original Message-
> From: Stan Gammons [mailto:sg063...@gmail.com]
>
> On Oct 10, 2014 12:48 PM, "Steven Surdock"
> wrote:
> >
> > > -Original Message-
> > > From: Josh Grosse [mailto:j...@jggimi.homeip.net]
> > >
>
> -Original Message-
> From: Stan Gammons [mailto:sg063...@gmail.com]
>
...
> Glad you got it going.
>
> I got rid of the unable to create graph messages, but I still have a
> couple of problems I haven't figured out. One being getting php to work
> with nginx? Does one need to use php-
I'm trying to follow -stable ports, but CVSWEB appears inconsistent.
If I look at ports/lang/php/5.4 for OPENBSD_5_5
(http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/lang/php/5.4/?only_with_tag=OPENBSD_5_5)
it shows the following:
Makefile 1.16.2.1 4 months jasper security update to ph
> -Original Message-
> From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf
Of
> Jim Razmus
> Sent: Thursday, April 09, 2009 7:58 AM
> To: misc@openbsd.org
> Subject: Re: WAN links failover
>
> * Yuri Spirin [090409 03:11]:
> > Hello, misc@
> >
> > I have OpenBSD internet
Yes. I think I posted this here before, but since I'm lazy at searching
the archives too, here is what I did (Using a recompiled kernel with
sys/altq/altq_hfsc.h set to support "#define HFSC_MAX_CLASSES 512" and
multiple external uplinks)
# cu** is the upload queue
# cd** is the download queue
..
Check for large packets, specifically UDP and port 88. Test by seeing
how big of pings you can get through using the -l option (assuming
you're pinging from the XP host.)
-Steve S.
> -Original Message-
> From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf
Of
> Yuriy A.
Re: VPN and shared directories in Win XP
>
> ICMP packets with size 32 ... 63600 bytes comes with 0% of loses.
Large
> packets (> 63600 bytes) have 25...75% of loses.
>
> ----- Original Message -
> From: "Steven Surdock"
> To: "Yuriy A. Dmitrishin" ;
>
> -Original Message-
> From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf
Of
> Maze, Jeffrey S.
> Sent: Thursday, May 28, 2009 1:35 PM
> To: misc@openbsd.org
> Subject: openBSD network issue (?)
>
> Hello,
> I've setup oBSD 4.5 and have installed Pound
> (http://ww
Greetings,
I'm looking at using a pair of OBSD systems to perform a couple of
functions,
+ ISP load balancing & failover (using NAT)
+ Site to Site IPSec termination (via ipsec)
+ Egress Bandwidth Management (via PF)
+ Web/HTML Detailed usage reporting (via ??)
I've done the first thr
See -stable fixes to 4.9. Otherwise consider upgrading 4.9->5.0.
-Steve S.
-Steve S.
-Original Message-
From: Georg Buschbeck [open...@thomas-daily.de]
Received: Tuesday, 20 Dec 2011, 2:35am
To: misc@openbsd.org [misc@openbsd.org]
Subject: IPSec VPN dropping packets from time to time
I ran OpenVPN on the loopback and did an rdr (back in the day). It has
worked for me.
http://marc.info/?l=openbsd-misc&m=119446553412564&w=2
-Steve S.
> -Original Message-
> From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf
> Of Dr.-Ing. Torsten Finke
> Sent: Wednes
Nick Golder wrote:
> I am trying to serve out OpenVPN (port 1194 UDP) through
> multiple external
I solved this problem by running OpenVPN on the loopback only and using
"rdr" and "
pass in on $if reply-to...) on the incoming traffic.
-Steve S.
Nick Golder wrote:
> On 2007-11-07 14:29 -0500, Steven Surdock wrote:
>> Nick Golder wrote stuff:
...
> Is this a PF bug?
[Shrug]. They way it _seemed_ to work (for me, when I implemented the
system back on 3.8 or 3.9, YMMV) was that "route-to/reply-to" caused the
packet
Siju George wrote:
> Hi,
>
> I got my second Internet connection yesterday.
> It is from the same provider and I have 2 static IPs now with the
> same gateway.
>
> I plan to use
>
> http://www.openbsd.org/faq/pf/pools.html#outgoing
>
> to load balance outgoing traffic from the LAN to the Internet.
knitti wrote:
> On 12/12/07, Raimo Niskanen <[EMAIL PROTECTED]> wrote:
>> On Wed, Dec 12, 2007 at 08:35:50AM +0100, Antoine Jacoutot wrote:
>>> On Tue, 11 Dec 2007, Joe wrote:
>>
>> Now, this will prevent me from upgrading to 4.2.
>>
>
> It isn't so that any pre-4.2-stable will be updated, so you
>
Michael Gale wrote:
> Hey,
>
> I have been asked if we can setup an IPSEC connection
> with a Checkpoint
> Sonicwall.
>
> Currently I have NO information on the remote end except that it is a
> Checkpoint Sonicwall :(
>
You're already starting with bad communication from the remote end.
http
Nick Holland wrote:
> Nicolas Letellier wrote:
>> Hello misc@,
...
> Let's say you plan on implementing a new machine today.
> Install -current.
> Really. In May, upgrade to the 4.3, and sit there for six months. In
> November, upgrade to 4.4. IF you are using some third party
> apps which have
Richard Daemon wrote:
> On Jan 31, 2008 8:36 PM, Sevan / Venture37
> <[EMAIL PROTECTED]> wrote:
>
>>
>> I definitely would be!
> I don't have my ISP that does PPPoE anymore, so I have no way to test
> it...
Carp on pppoe doesn't really make sense, unless I'm missing something.
For fun, I tried it
L. V. Lammert wrote:
> On Thu, 7 Feb 2008, Douglas A. Tutty wrote:
>
> In reality, you cannot run your own mail server at home. This would
> require:
>
> 1) DNS resolution for your domain name
> 2) Appropriate MX records
> 3) Valid REVERSE DNS for your IP
>
> #3 is usually the big factor for most I
Jay Hart wrote:
> Chris,
>
...
>
> I do receive emails from the machine, but they are not being
> delivered properly.
>
> Here is what I get when I receive one:
>
> Subject: Returned mail: see transcript for details
> From: "Mail Delivery Subsystem" <[EMAIL PROTECTED]>
> Date: Mon, February 11, 200
Fratiman Vladut wrote:
> I have an OpenBSD 4.3 router, act as load balancing server about two
> ISP's I follow example from http://www.openbsd.org/faq/pf/pools.html
> Everything work well, except connection to any ftp server.
> I try to use example from
> http://www.mail-archive.com/misc@openbsd.o
Fratiman Vladut wrote:
> I think, that is not very clear. Sorry for my english.
> I want to connect, behind my firewall, to an ftp server from
> internet. I don't have ftp server behind firewall.
Is ftpproxy running?
$ grep ftp /etc/rc.conf.local
ftpproxy_flags=""
I sorry. I'm a little slow, bu
Rami Sik wrote:
> I currently have PF in place with CARP, and quite happy with them. I
> need to implement application level firewalling in front of my apache
> servers as PCI requirement by the end of June this year. So, my
...
I've used pound (http://www.apsis.ch/pound/) successfully.
-Steve S
Fratiman Vladut wrote:
> Everything work well (except ftp), but i see with tcpdump,
> packets that
> outgoing on $ext_if1 from $ext_if2 and vice versa. Generally this are
> icmp request's. I don't understand why this happening because have
> last two
> rules (from
> web explanation), that prevent t
Steven Surdock wrote:
> Fratiman Vladut wrote:
>> Everything work well (except ftp), but i see with tcpdump,
...
> As for ftp-proxy, the _only_ way I can think of to LB proxied
> services (squid, ftp-proxy...) is to:
>A) Use -mpath (see man route)
>B) Run two proxi
John LR Dovale wrote:
...
> Here is an example:
> Lets say I wanted to FIX an IP to a specific modem for a
> client I would in
> my FreeBSD do the following
> # Client Name
> Class"CPE-ffaac7d3" {
> Match if option agent.remote-id= 0:0:ff:aa:c7:d3;
> }
>
> Then somewhere else in the file I set th
This list appears updated:
http://www.sdsc.edu/~jeff/spam/Blacklists_Compared.html
-Steve S.
J Moore wrote:
> I'm reviewing the DNSBLs I have in my sendmail configuration:
>
> * dnsbl.sorbs.net
> * bl.spamcop.net
> * sbl.spamhaus.org
> * cbl.abuseat.org
> * ipwhois.rfc-ignorant.org
>
> Is there a
Greetings, I recently converted from isakmpd.conf to ipsec.conf and I
seem to be having problem bringing up a second tunnel to a PIX. It
_appears_ that the OBSD side is trying to use the default hmac
(sha2_256) even though it is configured to use md5 for the second
tunnel. Oddly, the first tunnel
Prabhu Gurumurthy wrote:
> Steven Surdock wrote:
...
>
> I too have the same problem.
> I have a Lan 2 Lan tunnel with pfsync, carp, sasync and it
> works flawlessly with
> another OpenBSD system as the peer.
>
> I tried to enable OpenBSD to PIX tunnel (PIX 501, OS: 6.3(
Prabhu Gurumurthy wrote:
> Steven Surdock wrote:
>> Prabhu Gurumurthy wrote:
>>> Steven Surdock wrote:
>> ...
>
> Yes, thanks but that was a typo.. sorry for the confusion, still the
> tunnel does not come up.
>
What does your ACL "VPN_ACL" look li
Steven Surdock wrote:
> Greetings, I recently converted from isakmpd.conf to ipsec.conf and I
> seem to be having problem bringing up a second tunnel to a PIX. It
> _appears_ that the OBSD side is trying to use the default hmac
> (sha2_256) even though it is configured to use md5 fo
Stuart Henderson wrote:
> On 2007/04/24 15:49, Steven Surdock wrote:
>> Steven Surdock wrote:
...
>
> Are auth/encryption the same for both tunnels? I believe that may be
> necessary for main mode.
>
> You can check that ipsec.conf is being parsed how you expect wi
Can anyone provide some insight as to the correct configuration of a
sasyncd slave server with respect to /etc/rc.conf.local? For example,
is the following correct?
---
ntpd_flags= # enabled during install
sasyncd_flags=""# for normal use: ""
pf=YES
Prabhu Gurumurthy wrote:
> Steven Surdock wrote:
>> Can anyone provide some insight as to the correct configuration of a
>> sasyncd slave server with respect to /etc/rc.conf.local? For
>> example, is the following correct?
...
> Can you provide details of your /etc/sasyncd
I noticed that after building 4.1-stable my kernel does not say
"-stable". To make sure I grabbed the right source I tried again --
removing /usr/src and doing 'cvs checkout -P -rOPENBSD_4_1 src' from
rt.fm.
Errata appear to be applied but after building a kernel it says:
OpenBSD 4.1 (GENERIC) #
Stephan A. Rickauer wrote:
> quick question: My newly build 4.1-stable on i386 says in dmesg:
>
> OpenBSD 4.1 (GENERIC) #0: Thu May 3 14:29:53 CEST 2007
>
> [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
>
The fix was recently committed,
Changes by: [EMAIL PROTECTED] 2007/05/
Greetings,
I have an isakmpd process that's not letting go of old SADs. While it
doesn't seem to be causing issues with the tunnels, it is causing higher
than normal system utilization. It seems to be occurring on the tunnels
which have multiple subnets defined (e.g. VPNA and VPNB, but not VPNC)
Steven Surdock wrote:
> Greetings,
>
> I have an isakmpd process that's not letting go of old SADs. While it
> doesn't seem to be causing issues with the tunnels, it is
> causing higher
> than normal system utilization. It seems to be occurring on
> the tunnel
Bryan Irvine wrote:
> I've upgraded my firewall to 4.1 and all of the packages. Now squid
..
>
> Any ideas what I need to change on the new version of squid?
I ended up using /usr/local/share/examples/squid/squid.conf with a few
minor modifications.
Sounds a little like:
http://marc.info/?l=openbsd-misc&m=117915053113185&w=2
I was privately requested to try an upgrade to 4.1-stable. I have not
had the opportunity to do so and I seem to be having a little trouble
building 4.1-stable at the moment...
-Steve S.
Tobias Weisserth wrote:
> Is it possible to let carp0 have the alias definitions like this?
>
> #/etc/hostname.carp0
> inet 10.0.0.250 255.255.255.0 10.0.0.255 vhid 1 pass foo
> inet alias 10.0.0.2 255.255.255.0
> inet alias 10.0.0.3 255.255.255.0
> inet alias 10.0.0.4 255.255.255.0
>
> and remo
Jason Mader wrote:
> On two OpenBSD 4.1-stable systems, I get:
>
> isakmpd[31988]: message_recv: invalid cookie(s) 378fd1c537d22b16
> 38bf2f6699147070 isakmpd[31988]: dropped message from 128.164.144.144
> port 500 due to notification type INVALID_COOKIE
>
> isakmpd is running with the -K option, a
To perform integrated NTLM auth I believe you'll need winbind from samba
and windbind support for Squid. I'm not sure I understand the authpf
requirement.
http://marc.info/?l=openbsd-ports&m=119081356508513&w=2
-Steve S.
Ari Constancio wrote:
> Mark,
>
> Thanks for replying. I found some mater
Ari Constancio wrote:
> Hi again,
>
> Sorry if I'm not being clear.
>
> I need this box to be a firewall and a proxy server. Squid, as it
> seems, can use NTLM auth to get account info from AD. But what about
> pf?
>
> How can I authenticate users from AD to get through pf?
>
> Thanks,
> Ari Consta
Allen Theobald wrote:
> Greetings,
>
> I get transparent proxying with squid and pf.
>
> I get dansguardian and pf.
>
> What I don't get is squid, dansguardian, and pf.
>
> pf.conf fragment:
>
>int_if="gem0"
>ext_if="kue0"
>
># redirect to squid
>rdr on $int_if inet proto tcp
Giancarlo Razzolini wrote:
...
> my problem. My 2 ADSL had different downstream bandwidth. And, as i'm
> using round-robin, i don't know where the connection is going. I don't
> kndow how to implement altq in this especific situation. I
> was thinking
> in something like: one queue for "normal" tra
Lawrence Horvath wrote:
> On 6/22/06, L. V. Lammert <[EMAIL PROTECTED]> wrote:
>> At 11:13 PM 6/21/2006 -0700, Lawrence Horvath wrote:
...
>> Keep in mind also that redundancy is fine for outgoing traffic, but
>> to actually route incoming traffic you must also have an upstream
>> ISP(s) that can h
David Christiansen wrote:
...
> When I run tcpdump -i sis0 proto carp, I see the errant host
> advertising about three times per second, even though advbase=1 and
> advskew=100 (which
> shows up in the tcpdump output as well). The host that
> should be master
> (with advskew=0) is advertising as e
Stuart Henderson wrote:
> On 2006/07/28 06:30, jeraklo wrote:
>> sorry. got to go with the stable branch (3.9).
>
> disadvantages:-
>
> openvpn is more complicated to install on OpenBSD than ipsec
> lots of security fixes
Not on the client side, I think you'll find OpenVPN much easier to
configu
Greetings,
When attempting to update bind on a 3.9-stable machine I ran into a
slight error installing the man page for nslookup,
# cd /usr/src/usr.sbin/bind
# make
...
# make install
...
for m in dig.1 host.1 nslookup.8; do /usr/bin/install -c -m 644
/usr/src/usr.sbin/bind/bin/dig/$m /usr/man/
Steve,
I saw this exact same behavior on a couple of servers with a 4.3-stable
build from 7/28. Due to some differences in the way I built the -stable
release I decided to try again from scratch. The 8/4 build of bsd +
base43.tgz have been working fine. This seems to support the suggestion
that
Greetings,
I pooched an attempted upgrade of a 4.3 box to 4.4 which I remembered
was running the modified RAIDFrame kernel after installing the -release
kernel and rebooting -- whoops. I managed to recover the box, but it
won't mount the raid0a slice on root. I resurrected the raid0 slice,
reran
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of
> Josh Grosse
>
> Have you tried boot -a to see if you can select raid0a?
>
> It's not clear if you're back on the original 4.3 RAIDframe kernel or
not;
> if not, you need *both* of these lines in your ker
I've used the following for a while (naturally this assumes that the ISP
link is delivered via some shared medium and not a point-to-point link)
/etc/hostname.xxx0:
up description "to ISP"
/etc/hostname.carp0:
inet 192.168.1.2 255.255.255.252 192.168.1.3 vhid 1 carpdev xxx0
-Steve S.
> -Or
> -Original Message-
> >> -Original Message-
> >> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf
> >Of
> >> Rod Whitworth
> >> Sent: Tuesday, October 28, 2008 11:49 PM
> >> To: Miscellaneous OBSD
> >> Subject: Deploying carp with limited global IPs
> >>
> >> In preparin
It depends. http://kerneltrap.org/node/5607 gives part of the answer...
-Steve S.
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
> Of Karsten McMinn
> Sent: Friday, April 25, 2008 7:39 PM
> To: misc@openbsd.org
> Subject: Re: OpenBSD isakmpd and pf vs
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of
> Parvinder Bhasin
> I am completely stumped on this , how can I graph pf states etc with
> symon and symux? I do see my regular pf graph but how do i create
> graphs for pf states etc?
Here's the changes
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
..
> While rebuilding the binaries for 4.3-stable, I get this error:
>
> ===> usr.sbin/config
> make: don't know how to make mkmakefile.c. Stop in
/usr/src/usr.sbin/config.
> *** Error code 2
Same here.
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Edd
> Barrett
> Subject: Re: security fixes for packages
>
> On Tue, May 13, 2008 at 10:07 PM, Unix Fan <[EMAIL PROTECTED]> wrote:
> > The developers don't care about your security.
>
> I'm so s
Adam PAPAI wrote:
> Hutger H. said:
>> Hello Folks,
>>
>> I've got a question about OpenBSD 3.9 update ... I have a firewall
>> running 3.9 release and I'd like to know the best away to keep the
>> system updated, such as debian does using APT. Any suggestions?
>>
>
>
> 3. Compile your OpenBSD
1 - 100 of 130 matches
Mail list logo
