> The standard way to install crypto is to go with the "(S)hell" option at boot.
>
> In the MBR days it would be "fdisk -i sd0", now should be with the GPT option
> on so "fdisk -ig sd0".
>
> Doing this, importantly, no "EFI Sys" partition is created.
# dd if=/dev/zero of=/dev/sd0c bs=1m count=
Hello,
> I am aware of fuser and fstat but these seem to only give me inodes.
You can use
# find /foo -inum 123
to search for the corresponding file.
Hi,
> I'm looking for a way to see which processes are listening
> on incoming tcp/udp connections.
fstat | grep internet
> Second, how can I verify what process is listening on ports
> 5022,8806 and 21164?
fstat | grep -e ":5022" -e ":8806" -e "21164"
Hi,
> Now i would like to shrink it somehow, what’s the best and safest way to do
> it… ?
Like the FAQ says, make a backup of the key with
# dd bs=8192 skip=1 if=/dev/rsd1a of=backup-keydisk.img
Verify that backup-keydisk.img start with the string "marcCRAM".
Reformat sd1 or whatever to your l
> But the second (far more important) point I want to make is please *THINK
> TWICE* if "running your own mail server" is something you are planning to do
> on your home internet connection.
For all intents and purposes, sending emails from a private internet
connection directly to the receiving
Am 09.09.2018 um 15:36 schrieb flipchan:
> Randomly jumping into this thread , does anyone have a quick and easy way to
> do auto matical responses to certain aliases in opensmtpd?
>
Not with OpenSMTPD, but with Dovecot's Sieve
https://wiki2.dovecot.org/Pigeonhole/Sieve/Examples#Vacation_auto
Hello,
for a shell script I needed the uptime in seconds. I came up with the
following. I'm just wondering, is there an one-liner that does the same
thing?
# Inspired by https://unix.stackexchange.com/a/270454
uptime=`ps -o etime= -p 1`
uptd=`echo $uptime | grep '-' | awk -F "-" '{print $1}'`
$ echo $(( $(date +%s) - $(sysctl -n kern.boottime) ))
221493
Cool! Thank you
Am 26.04.2020 um 19:15 schrieb Philip Munts:
I'm trying to send email from OpenBSD 6.6 via GoDaddy's
smtp.secureserver.net. Unfortunately my GoDaddy SMTP username is
"p...@munts.net" which doesn't seem to be a legal username for OpenBSD's
smtpd. I've tried every escaping mechanism for the @ c
Am 27.06.2020 um 13:32 schrieb Ruslanas Gžibovskis:
ok, cause I found it on openbsd.org/tshirt or shth like that.
is there a way, how to get openbsd tshirts, or just get it on aliexpress
with images of openbsd?
I don't know why https://www.openbsdstore.com/ is offline at the moment,
but it is
Hello,
My hostname.vio0 looks like this:
dhcp
inet6 alias 64
You most likely need to add a route. Add something like this to your
hostname file:
!route add -inet6 default fe80::1%vio0
Just in case you have the same problem. For whatever reason, after a
reboot, I have to do this in o
https://marc.info/?l=openbsd-announce&m=156577865917831&w=2
> We are pleased to announce that we now also provide selected binary
> packages for the most recent release. These are built from the -stable
> ports tree which receives security and a few other important fixes:
Thank you!
That is real
I have taken a look at the website of my hosting provider.
My IPv6 gateway would be fe80::1.
When trying to add the route manually i get "network unreachable".
https://marc.info/?l=openbsd-misc&m=156572276103920&w=2
SCNR
In this thread I didn't understand what you update.
You said you run STABLE? So you update ports? ...or using m:tier?? ...?
Can somebody please tell me what are those "-stable updates for
packages"?
http://cdn.openbsd.org/pub/OpenBSD/6.5/packages-stable/amd64/
updated binary packages (with secu
Hello list,
I created an autoinstall bsd.rd (containing auto_install.conf and
disklabel.conf) and a siteXX.tgz.
For example with the tool isomaster I can manually edit the
install66.iso and add bsd.rd and site66.tgz to the directory 6.6/amd64.
This modified ISO can be booted from real and vi
Am 17.11.2019 um 19:51 schrieb cho...@jtan.com:
Thomas Bohl writes:
Now I want to go the extra step and automate the modification of the
installXX.iso.
I have put an insane amount of work into exactly this, also with
an eye to portably directing the process to other operating systems
and
ll CD" -P "Copyright (c) 2019 Theo de Raadt,
The OpenBSD project" -p "Thomas Bohl " -V "Unofficial
OpenBSD/amd64 6.6 CD" -b 6.6/amd64/cdbr -c 6.6/amd64/boot.catalog cd2
But another use for daemon(8) is for its ability to detach the child
process from the controlling terminal
If it is about a rc.d script, you can add
rc_bg=YES
to it.
Am 12.10.2015 um 09:33 schrieb Holger Glaess:
> some trouble due the setup i have was to setup the default gw
> by mygate. ( for reboot )
>
> this is not possible depend on the cable setup with the dhcp client.
You don't really need mygate.
> netstart don´t care about rdomain in the case .
> you
Hello,
when copying files from one harddisk to another, which are both
connected via the same SATA3 ASMedia ASM1061 controller, there
eventually will be a kernel panic on my setup. It's reproducible, but
the timing is different on each run of cp -R.
Copying files to a harddisk on the Intel control
Hello,
I updated from 5.8-stabel to current today. (First just an update, than
because of the problem a fresh installation.) On 5.8-stabel I had a
working softraid boot setup with a USB-Stick as keydisk.
Now, if the keydisk is plugged in, the machine resets over and over
again. Unfortunately ther
Am 26.12.2015 um 23:18 schrieb Alexander Hall:
> On Sat, Dec 26, 2015 at 10:41:34PM +0100, Thomas Bohl wrote:
>> Hello,
>>
>> I updated from 5.8-stabel to current today. (First just an update, than
>> because of the problem a fresh installation.) On 5.8-stabel I had
I tried EFI for a change. Same panic there:
# time cp -R /mnt/BackupDisk/Tag.0/a/b/c/* /home/c
panic: kernel diagnostic assertin "(cmd & AHCI_PREG_CMD_CR) == 0"
failed: files "../../../../dev/ic/ahci.c", line 2513
wsdisplay_switch2: not switching
Stopped at Debugger+0x9: leave
TIDPID
For the archive:
I changed the cabling.
RW disk on SATA3_A1
RO disk on SATA3_A2
(Instead of the other way around.)
Now no more kernel panic.
> Are there any workarounds for me using the old DES password hashes, or do we
> need to 'passwd ' for hundreds of users?
>
You could give John the Ripper a try.
Hi,
wgport 53
Unbound is configured to only listen on the loopback interface, so that
shouldn't be interfering...
But it does
https://www.mail-archive.com/misc@openbsd.org/msg175837.html
Hey guys. I'm trying to install OpenBSD on a laptop, but the UEFI boot
manager doesn't see the DVD.
Have you tried it with Secure Boot disabled?
Hello,
Does sysupgrade leave any kind of logging behind which could help me to
pinpoint why it is failing on one system while working on another
apparently identical system?
You should get emails:
Subject: hostname upgrade response file
Subject: hostname upgrade log
Subject: hostname rc.sysm
Has anyone tried to get something like this to work?
A few years ago I did basically the same thing with the VPN function of
ssh using the tun(4) network pseudo-device. Let me check my notes...
It starts the same way:
1. Commenting out the public address in /etc/hostname.vio0
2. Create a /et
Am 23.05.2021 um 12:32 schrieb flipchan:
Yeah, it was all working until I upgraded to 6.8, can someone else that
is running opensmtpd with dkim send me their smtpd.conf? I assume I have
written some rule wrong, not sure where doe
The config is all over the place. There is the rspamd filter a
what is wrong? client side iked.conf:
ikev2 'roadwarrior' active esp \
from dynamic to any \
peer 45.77.223.7 \
srcid roadwarrior \
dstid server1.domain \
request address any \
iface lo1
# iked -dv
/etc/iked.conf: 43: invalid iface
lo1 m
Questions about cert for roadwarrior and more? Why 192.168.1.79? i was
expecting 10.0.5.x please.
Why did you expect that?
spi=0xc166e8f236679cc9: recv IKE_SA_INIT res 0 peer 45.77.223.7:500 local
192.168.1.79:500, 255 bytes, policy 'roadwarrior'
192.168.1.79 is your local IP, which is on t
Hello,
I want to integrate a remote OpenBSD 7.2 machine into my local network.
So it will be reachable via a local IPv4 address like 192.168.0.206. My
local router and IPSec server is a LANCOM 1781EW+.
The setup works already, but only if iked uses IPv4 and not IPv6. (I
have a working IPv6 s
Hello,
I wanted to try that out by running the same `disable amdgpu` command in
UKC, but neither the built-in keyboard nor my external keyboard work in
UKC mode.
Is there an alternative way of disabling amdgpu when my keyboards don't
work? Perhaps I can echo to some config file during the `b
# cat /etc/iked.conf
ikev2 "rathaus" active esp \
from 192.168.0.0/24 to any \
from dynamic to 192.168.0.0/24 \
peer vpn.example.com \
srcid o2@rathaus \
psk "will-change-to-certs-if-testing-is-finished" \
request address any \
iface lo1
I discovered that
peer
Now dkimsign is failing and i have not been able to repair it, could
somebody please help?
# smtpd -d
info: OpenSMTPD 7.0.0 starting
dkimsign: Can't open key file (/etc/mail/dkim/agroena.org.private.key):
Permission denied
warn: lost processor: dkimsign exited abnormally
Exiting
# doas -u _dkims
# openssl genrsa -out /etc/mail/dkim/agroena.org.private.key 2048
and
# chown _dkimsign:_dkimsign /etc/mail/dkim/agroena.org.private.key
# chmod 440 /etc/mail/dkim/agroena.org.private.key
Hello everyone.I'm planning to use OpenIKEv2 not just for VPN tunnel, but also
to give client Internet access through that tunnel (none other for that
client). Is it possible? Do I need additional config options or will default
gateway become available on the system once connected to VPN?
Yes
Hello,
I suppose there is some argument that we should support hostname.MAC
files
Maybe a function in netstart right before vifscreate could be enough to
achieve this? I creates this diff, against stable for now though, as a test.
Create a /etc/hostname.MAC file like you would create a /etc
mac2dev() {
# This got long
ifconfig | while IFS= read _line; do
if [[ "$_line" = [a-z]!(\ *):* ]]; then
_dev=${_line%%:*}
elif [[ "$_line" = *lladdr*$1* && $_dev != vlan* ]]; then
echo $_dev
Hello,
I have several OpenBSD 7.2 connected to a commercial VPN-Router (LANCOM
1781EW+) using iked. It works, except every time the Child SA
negotiation starts, iked answers NO_PROPOSAL_CHOSEN to the router. Which
leads to closed connections and a new IKE SA negotiation.
I don't understand th
Thanks for your responses.
Try adding some non-modp2048 options. Maybe look at the SA installed
from the initial negotiation (ipsecctl -vvsa) for ideas.
I think this is the right answer. The log tells you what the other side sent:
spi=0x0a131729beeb819a: ikev2_log_proposal: ESP #1 ENCR=AES_CB
But the VPN-Router has a IKE-I-General-failure 0x21ff. All of the sudden
it's a problem that I only want to route specific networks?! IPSec is so
exhausting.
I got it working. The trick is to have iked send the CREATE_CHILD_SA
request / initiate the rekeying first. Either by having lower
ikel
Hello,
ikev2 "vpn" passive esp \
from dynamic to 185.21.22.23/32 \
local egress peer any \
ikesa enc aes-256 prf hmac-sha2-256 auth hmac-sha2-256 group
modp2048 \
childsa enc aes-256 auth hmac-sha2-256 group modp2048 \
srcid 185.21.22.23 \
Am 15.04.2023 um 16:14 schrieb Lorenzo Torres:
Hello, I've run the dd command to wipe the data of an SD card:dd if=/dev/zero
of=/dev/rsdb1c bs=1MAfter quite some time it crashed saying that the /
filesystem is full and even after a reboot the same happens. Now I can't even
run xorg because the
Hi
In a server with an encrypted root - server boots with key in USB stick,
not passphrase.
Can I remove the USB stick with the key, after the server is up and
running?
Yes
Will I have any problems doing that?
No. Though not at the moment, I used such a setup for years. Only
inserting
Am 29.11.2014 um 13:20 schrieb frantisek holop:
i think i should clarify this a bit:
they show perfect in midnight commander, not in shell.
$ touch »´ÁÉǑÄ«
$ ls
??
# ls | cat
Will display the characters right.
Not entirely sure why though.
Is your SSID hidden? I had the same problem on 5.6-stable when the SSID
was hidden. Thankfully I could change the AP behaviour. No more problems
since. hth
Am 05.01.2015 um 11:30 schrieb Clemens Goessnitzer:
Hello everyone,
I am running -current as of end-Decemberish. I am using a Ralink c
Hello List,
my vServer hosting provider states the IPv6 default gateway as fe80::1.
To get IPv6 traffic flowing it's necessary to ping fe80::1 fist.
For now I help myself with the following line in crontab
@reboot sleep 10 && ping6 -c 10 fe80::1\%vio0 > /dev/null
It doesn't feel right though. I
Am 29.01.2015 um 11:44 schrieb Martin Pieuchot:
# ping6 -vc 4 heise.de
PING6(56=40+8+8 bytes) 2a03:4000:6:f0::47:e --> 2a02:2e0:3fe:1001:302::
32 bytes from 2a03:4000:6::1: Neighbor Advertisement
Could you tcpdump ICMP6 packets on vio0 at this moment? I wonder if a
wrong target address can be
...
# ping6 -vc 4 heise.de
PING6(56=40+8+8 bytes) 2a03:4000:6:f0::47:e --> 2a02:2e0:3fe:1001:302::
32 bytes from fe80::5e5e:ab00:6603:66c0%vio0: Neighbor Solicitation
16 bytes from 2a02:2e0:3fe:1001:302::, icmp_seq=0 hlim=60
dst=2a03:4000:6:f0::47:e%1 time=369.406 ms
16 bytes from 2a02:2e0:3fe:1
Am 03.03.2015 um 17:58 schrieb Ted Unangst:
As a shortcut, filtering out just esc will prevent most terminal damage? I'm
not sure what other characters can do, though... I vageuly recall that the
intersection of utf-8 and xterm controls is unknowable.
poc diff:
Index: util.c
===
Hello,
Am 16.05.2015 um 01:07 schrieb jungle Boogie:
I want to upload a file automatically with a cron job so I'm using the -b flag.
% sftp jungle@host
Connected to host.
sftp> cd home/jungle
sftp> put file_*.csv
Uploading file_foo2015-05-15.csv to /usr/home/jungle/file_foo2015-05-15.csv
fil
Hello,
Am 22.05.2015 um 20:33 schrieb Heiko Zimmermann:
I have a server at Hetzner, but IPv6 is not working. IPv4 is all fine.
A dedicated or a virtual server? One needs fe80::1%re0 the other
2a01:4f8:160:::1%re0 as the default gateway.
http://wiki.hetzner.de/index.php/Zusaetzliche_IP-Ad
Am 22.05.2015 um 21:54 schrieb Heiko Zimmermann:
> Hello Thomas,
>
> Am 22.05.2015 um 21:38 schrieb Thomas Bohl:> A dedicated or a virtual
> server? One needs fe80::1%re0 the other
>> 2a01:4f8:160:::1%re0 as the default gateway.
>> http://wiki.hetzner.de/index.php/
Am 22.05.2015 um 23:55 schrieb Heiko Zimmermann:
# route delete -inet6 default
# route add -inet6 default fe80::1%re0
It worked one time until reboot.
That is a problem I have too:
http://marc.info/?l=openbsd-misc&m=142249632125559&w=2
You first need to ping fe80::1%re0 in order to get it in
Hello,
Am 23.05.2015 um 04:49 schrieb Tuyosi Takesima:
# telnet a.mydns.jp 143
Trying 192.168.100.101...
Connected to a.mydns.jp.
Escape character is '^]'.
Connection closed by foreign host.
~
What is the output of
# tail -f /var/log/maillog
when you try to co
Am 24.05.2015 um 08:29 schrieb Tuyosi Takesima:
2)
telnet a.mydns.jp 143
Trying 192.168.100.101...
Connected to a.mydns.jp.
Escape character is '^]'. --->no errot
The "* OK ... Dovecot ready."-Message is still missing.
(BUT after this what should i do ?)
http://en.wikipedia.org/wiki/Inte
TL;DR: dmesg at the bottom. The machine works great. Thank you developers.
Hello,
I thought sharing a few data of my new laptop "Schenker S405" could
interest someone.
OpenBSD 5.8 (GENERIC.MP) #1235: Mon Aug 10 06:54:34 MDT 2015
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.
Hi,
> root@poseidon:[~]> newfs sd1a
> newfs: wtfs: write error on block 160086527: No such file or directory
Does it work when you make the partition smaller than 160086527?
Hello List,
I installed 5.5-current, both with i386 and amd64, on a ASRock
AD2550-ITX mainboard [1] which has a Intel Dual-Core Atom D2550 CPU on
board.
On the i386 version sysctl shows the MIB name hw.setperf and therefore
it's possible to throttle the CPU down. The amd64 version on the other
ha
Am 30.04.2014 05:23, schrieb Jonathan Gray:
On Tue, Apr 29, 2014 at 10:22:29PM +0200, Thomas Bohl wrote:
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Atom(TM) CPU D2550 @ 1.86GHz, 1867.07 MHz
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS
Am 01.05.2014 03:56, schrieb Jonathan Gray:
It wouldn't hurt to check with md5 -tt and/or a power meter
to see if there is actually a difference between
hw.setperf=0 and hw.setperf=100.
hw.setperf=100
16.5 Watt
# md5 -tt
MD5 time trial. Processing 10 1-byte blocks...
Digest = 766a2b
Am 01.05.2014 05:51, schrieb Thomas Bohl:
Am 01.05.2014 03:56, schrieb Jonathan Gray:
It wouldn't hurt to check with md5 -tt and/or a power meter
to see if there is actually a difference between
hw.setperf=0 and hw.setperf=100.
hw.setperf=100
16.5 Watt
# md5 -tt
MD5 time trial. Proce
Hello,
I'm using ULAs for my local IPv6 networks. The hosts have internet
access via the router doing NPTv6.
After around 20 to 24 hours of uptime the OpenBSD hosts (three in total)
are no longer able to reach the IPv6 internet. A restart of the affected
hosts usually helps. In rare cases a
be I should let slaacd run in the foreground till IPv6 stops working
and see if that give out clues.
Jason.
Sent from my iPhone
On 23 Jun 2024, at 2:27 AM, Thomas Bohl wrote:
Hello,
I'm using ULAs for my local IPv6 networks. The hosts have internet access via
the router doing NPTv
^C
79 packets received by filter
0 packets dropped by kernel
Strange
On 23 Jun 2024, at 2:27 AM, Thomas Bohl
wrote:
Hello,
I'm using ULAs for my local IPv6 networks. The hosts have internet
access via the router doing NPTv6.
After around 20 to 24 hours of uptime the OpenBSD hosts
Am 23.06.2024 um 19:05 schrieb Crystal Kolipe:
On Sun, Jun 23, 2024 at 06:42:10PM +0200, Thomas Bohl wrote:
(The log-output is indistinguishable from when it is working.) Yet I don't
see them arriving with tcpdump:
# tcpdump -n -i vio0 ip6
tcpdump: listening on vio0, link-type EN10MB
Am 23.06.2024 um 19:50 schrieb Thomas Bohl:
The router doesn't have a valid NDP entry. It has a NDP entry for an
address ifconfig says is deprecated. If I force the use of this
deprecated address with "ping -I" the response are received.
I have to verify if it always stops if
Am 02.09.2024 um 22:21 schrieb Chris Ross:
I’m trying to move from a static IPv6 network to a dynamic allocation from an
ISP. The hard part is that some of my hosts have secondary addresses for
specific services to use. I need to find a way to listen to router adverts
but then manually add an a
Am 14.10.2024 um 17:47 schrieb Chris Ross:
On 2024-09-10 19:20:13, Thomas Bohl wrote:
I used https://aloof.de/f/IPv6Aliases-en.sh for many years.
HTH
Apologies that I missed this earlier, Thomas. I took a look at this now,
and it does do very much what I want. I have been trying to find
71 matches
Mail list logo
