IPSEC bridge and pf

Having a bit of a time trying to find some info on what I need to pass and on what interface ( i.e. gif0 ?). The IPSEC bridge works fine with pf disabled. Would like to use my current pf configuration and add the use of the IPSEC bridge to that set up. Thanks _

Filteringon an IPSEC bridge

Hello, I would like to know the way to filter on an IPSEC bridge. I would like to pass all trafic to and from each side of the bridge. I don't know which interfaces and protocols to use. I've looked all over, and seem to find minimal information on this. Sure could use a hand. Reg

Re: My hard-to-kill OpenBSD

> Date: Thu, 12 Apr 2007 08:48:26 -0700 (PDT) > From: Obiozor Okeke <[EMAIL PROTECTED]> > Subject: Re: My hard-to-kill OpenBSD > To: Rico Secada <[EMAIL PROTECTED]>, [EMAIL PROTECTED] > > I try to explain to my Linux friends just how > great a system OpenBSD really is and some people > just don'

ftp problems with OpenBSD 3.9

I may be beat up for asking this question, but I'll endure it if it leads to an answer. In the past, I've setup OpenBSD 3.8 ftpd servers that my users access using Microsoft web folders. Everything works fine. A user double clicks on the web folder and the contents of the ftp folder pops up

ipsecctl: Syntax error in config file: ipsec rules not loaded

Hello, While trying to set up an IPSEC Bridge based on the IPSEC instructions given on the BRCONFIG(8)man I keep getting this error on either side of the bridge. # ipsecctl -f /etc/ipsec.conf /etc/ipsec.conf: 3: syntax error ipsecctl: Syntax error in config file: ipsec rules not loaded This is

CD-tower vs. RAID server

I'm asking this here because I know you people know alot about computers. A friend of mine wants to share files with the world with the help of his networked CD-tower server. He would like a bit of saftey against hw crashes. The weakest hw link is the harddrive so he therefore proposed using his C

Root partition placement

I'd like to know if the placement of the root parition should be within the, for instance, first 504 MB of the slice or if it is the first 504 MB of the entire disk. Probably the former but just to be certain. Thanks!

login group for users should be?

When creating a user I am wondering what is recommended when assigning a login group to the user. There are to alternatives, giving the user unique login group (same as his name) or giving the user a general login group such as users. What do you recommend? Thanks.

How to patch a physically weak system & recommended use of sudo?

em to use sudo instead of su - when you want to do something that requires privileges. Why is this? What settings are you using for sudo? Thank you! Tim

Re: How to patch a physically weak system & recommended use of sudo?

I find this recommendation better than building a release and upgrading that way. Thank you. John Wright <[EMAIL PROTECTED]> skrev: On Thu, Aug 18, 2005 at 01:03:27PM +0200, Tim wrote: > Hello > > 1. I have a old computer that is slow and has little memory. But I want to &g

Anything in need of research?

Is there anything related to OpenBSD that would be worth investigating or researching?

CARP interface incorrectly comes up as INIT on boot

0xff00 broadcast 192.168.0.255 carp2: flags=8843 mtu 1500 carp: BACKUP carpdev dc0 vhid 6 advbase 1 advskew 100 inet 192.168.0.40 netmask 0xff00 broadcast 192.168.0.255 Tim

Re: CARP interface incorrectly comes up as INIT on boot

same physical interface in this case, yet it's only carp0 that experiences this behavior. Nevertheless, I will haul out tcpdump and see what's going on. To answer your question, no, pf is not running on these boxes. I also have two 3.7 CARP/pfsync firewalls that have never exhibited this behavior and they are on the same switch. Tim

Re: CARP interface incorrectly comes up as INIT on boot - PROBLEM IDENTIFIED

Tim timdarby.net> writes: > > I'm using CARP under 3.7 release version on two boxes that aren't firewalls, so > no pfsync involved and CARP configured as described in the FAQ. What I'm seeing > is that the box I've designated as BACKUP always boots

Re: CARP interface incorrectly comes up as INIT on boot - Workaround

Tim timdarby.net> writes: > > I'm using CARP under 3.7 release version on two boxes that aren't firewalls, so > no pfsync involved and CARP configured as described in the FAQ. What I'm seeing > is that the box I've designated as BACKUP always boots with carp0

Motherboard brands

Hello I read in an earlier thread some criticism of a brand I thought was reliable/quality with OpenBSD and in general: ASUS. So what motherboard brand can you rely on for a desktop then?

Re: Can't connect from StrongSWAN to OpenBSD's iked

e-server 192.168.1.254 \ >> config access-server 192.168.1.254 > > I’m using 4096 keys and modp4096 but AFAIK both the server and the > cliente support them. I’m not sure where to start troubleshooting the > problem and could use some help. > > Thanks in a

Re: Can't connect from StrongSWAN to OpenBSD's iked

. I plan to stay active on this topic, so watch that tech@ thread for more details. >> On 19/06/2017, at 05:07, Tim Stewart wrote: >> >> theblo...@gmail.com writes: >> >>> Hello, >>> >>> I’ve been trying to create an IPSec VPN in my OpenBSD

iked: NAT Detection and Child SA Rekeying

Hello misc@, I have discovered what may be an oversight in iked(8)'s NAT detection code, as well as traffic blocking after the first rekey of the Child SA when NAT has been detected by one of the IKE daemons. I have the following passive config on a host with a static IP (1.2.3.4): ikev2 "demo"

Re: "athn0: could not load firmware" for AR9271

smit path and 2 receiver paths (1T2R). I will reply with more details if I can better quantify the issues I'm having. -TimS -- Tim Stewart --- Mail: t...@stoo.org Matrix: @tim:stoo.org

iked support for IKEv2 Message Fragmentation (RFC 7383)

on such work. If not, perhaps someone that is familiar with the code could suggest an approach at a high level? Thanks for any advice, -TimS [1] Whenver I've asked, the reason is usually something about DDoS prevention. -- Tim Stewart --- Mail: t...@stoo.org M

Re: iked support for IKEv2 Message Fragmentation (RFC 7383)

Tim Stewart writes: > Hello misc@, > > My IKEv2 sessions are occasionally down due to transit networks dropping > UDP fragments for one reason or another[1]. It happens frequently > enough that I am considering implementing support for RFC 7383 in > iked. > > Before

Re: Running your own mail server

Ken, Putting all the OpenBSD evangelists to one side, there are two things to say. First, like me, you might use OpenBSD for many things. And like me, you might come to the conclusion that using OpenBSD for mail is not one of those things.Personally I prefer to use a decent Linux stack for my m

"Transit" BGPD not announcing learnt routes to neighbors

Hi, I'm working with something in a lab environment at the moment, testing out OpenBGPD to see if it can replace "something else" on an internal network. I have three OpenBSD instances (A <->B<->C), and whilst B is learning routes from C, it is not pushing them out to A, no matter how relaxed I

Re: "Transit" BGPD not announcing learnt routes to neighbors

> "announce all" is probably missing here, since the default in 6.3 was > "announce self" and so transit routes would be filtered. > Fabulous ! Thanks for that. I was somewhere along the right lines, but I was confused with talk in the docs of "announce all" being no-op which I took to mean "

Re: "Transit" BGPD not announcing learnt routes to neighbors

> I think you are mixing up 6.3 code with docs for -current, this was > changed mid-June: > https://marc.info/?l=openbsd-cvs&m=152888243922828&w=2 > > There have been big changes in bgpd since 6.3, there are now methods > to give a simpler/clearer configuration, and some big improvements in > per

IKED "not a valid authentication mode"

Unless I misunderstand the 6.3 docs, the following should be valid : childsa auth enc chacha20-poly1305 group curve25519 But i get an error "not a valid authentication mode".  If I comment out that line, my configuration validates OK. The same happens if I copy/paste one of the examples from the

Re: IKED "not a valid authentication mode"

> Note that this isn't commenting a line, this is commenting all lines > that come after it. The parser joins the line first and removes > comments afterwards, so the config above becomes > > ... group curve22519 #childsa enc aes-128 auth hmac-sha2-256 srcid ... > > and then everything after the #

IKED not sending packets ?

Hi, Thinking it might be something with my earlier config, I created a simple one-liner: ikev2 esp from 172.16.1.2 to 172.16.1.3 However iked does not appear to be sending out any packets ?  Which I thought would be the case in its default active mode ?  It seems to just load the config and t

Integration between CARP and BGPD ?

I've had a quick look through the man pages and am still a bit unclear, perhaps I'm just overthinking this ? Let's say I've got two perimeter "firewalls" running OpenBSD, talking BGP to upstream routers. On the "LAN" side I'm thinking about CARP, which is active/passive, and the devices on "LA

BGP over IKED, routes not being installed ?

I'm probably missing something silly, here's what I've got so far: 1/ Working VPN, I can ping between the BGP loopbacks on both sides ping -S 192.168.1.1 10.250.250.250 ping -S 10.250.250.250 192.168.1.1 2/ The BGP sessions come up 3/ "bgpctl sho ri" shows all routes.  But none of them have any

Re: BGP over IKED, routes not being installed ?

> sounds like a nexthop validation issue. What does`bgpctl show nexthop` gives > you? Do you have a route to them? It gives this : Flags: * = nexthop valid Nexthop Route Prio Gateway Iface 10.250.250.250 But surely I have a route if I can ping ? (As part of

Re: Integration between CARP and BGPD ?

On Wednesday, 12 September 2018 20:49, Stuart Henderson wrote: > On 2018-09-11, Tim Jones b631093f-779b-4d67-9ffe-5f6d5b1d3...@protonmail.ch > wrote: > > > I've had a quick look through the man pages and am still a bit unclear, > > perhaps I'm just overthinkin

Re: Running your own mail server

> Webmail isn't worth bothering with at all. Too complicated. Let me rephrase that for you. Webmail is easy. Open source webmail is all horrible stuff stuck in the last century. To make open source webmail look and behave like the is the complicated bit.

PF possibly causing weird SSL issues ?

Hi, I'm wracking my brains here.   I have just replaced with one based on OpenBSD 6.3 PF. Nothing else has changed on the network, just the firewall. Lots of "stuff" that used to work (e.g. various nightly pushes of data to "the cloud") have suddenly stopped working after the new firewall was

Re: PF possibly causing weird SSL issues ?

> Check the time and date. > And enable ntpd if you already haven't. Time and data are fine. NTP already runs extensively on this network, so setting it up on OpenBSD instances was a subconcious nobrainer. ;-)

Re: PF possibly causing weird SSL issues ?

> This feels like it might be an MTU related problem, especially likely > if the connection is going via pppoe or a tunnel - you may need "scrub > (max-mss ##)". > > The way Google's TLS server handshake is setup, it fits in pppoe without > fragmentation, most other sites do not this. > > Otherwi

Re: Google abruptly accessed photos on memory card and MUCH more without permission

> I travel frequently. Often outside of the US. I decided when in Mexico > that I could possibly lose the tiny notepad so I took photos of my > passwords on it. I did this on a Mexican phone and I have often used > these photos when I couldn't remember rarely used passwords and my > notepad wasn't

Re: PF possibly causing weird SSL issues ?

> This is a very bad advise you got. Syncookies should only be used in > exterme situations because the they do lose some of the additional > information that is part of the SYN packet. "syncookies always" is only > there for testing but should not be used in production. > Thank you Claudio. Me

Re: PF possibly causing weird SSL issues ?

> > Is there one OpenBSD BGP router or more, and is PF running there too? > (Basically check with tcpdump on various interfaces along the way that > the packets you expect to receive from the TLS server/s you're > connecting to aren't being dropped somewhere - if there are paths > to/from "the i

Re: PF possibly causing weird SSL issues ?

I've just done a tcpdump. About to look at it myself, but maybe eyes on list will spot the issue (if any) quicker than my tired eyes. 198.51.100.167 is me (RFC5737 obfuscated) 52.216.65.232 is amazon (I used the IP to rule out any possible DNS issues even though I've triple checked the DNS is wo

Re: Certificate authority software

‐‐‐ Original Message ‐‐‐ On Friday, September 21, 2018 1:21 PM, Gregory Edigarov wrote: > Hello, list. > > I need to setup a CA for intranet. I have some (rather not very > positive) experience with ejbca. > before I will set it up, I want to take a look at alternatives, and so i > nee

Re: Which really small, portable and lightweight system/device is usable running OpenBSD?

> Can confirm, typing on mine currently. Have to use an external wifi adapter, > but most everything else works just fine. It's a little on the slow side, but > it does well enough for daily computing. Out of interest, did you find a OpenBSD friendly USB-C WIFI adapter or are you using an adap

Re: want.html: Unifi wifi gear for interop debugging

‐‐‐ Original Message ‐‐‐ On Saturday, October 6, 2018 9:21 AM, Marcus MERIGHI wrote: > Dear all, > > not everyone is reading want.html every day, therefore I wanted to hint > at: https://www.openbsd.org/want.html > > stsp@wifi is asking for gear and we should deliver :-) > > "Ubiquity Un

Re: want.html: Unifi wifi gear for interop debugging

> That's the nature of a donation: it comes with > no strings attached for the party receiving. Evidently you have not heard of restricted funds. If a donor gives on a restricted funds basis (happens all the time), then its black and white, either (a) return the funds or (b) abide by the restric

Re: want.html: Unifi wifi gear for interop debugging

I think the point I'm making here is it should be worthwhile to send the kit. Unifi access points are so cheap, that second-hand ones "lying around" are not likely to be worth the cost and effort to ship internationally (or even nationally in the case of some postal systems). Something like a 1

Re: want.html: Unifi wifi gear for interop debugging

> Thank you for handling the logistics so I don't have to do that > on top of everything else I'm doing. > I am looking forward to receiving your shipment. Oh right, and the rest of us don't have day-jobs, plus other commitments outside of working hours ? >From now on, I'll take a simple stance

Re: want.html: Unifi wifi gear for interop debugging

‐‐‐ Original Message ‐‐‐ On Saturday, October 6, 2018 6:00 PM, Jacqueline Jolicoeur wrote: > > Oh right, and the rest of us don't have day-jobs, plus other > > commitments outside of working hours ? > > That must be hard for you. You feel you want more time in your life. > > > If you wan

Re: Traffic inspection with relayd

or them or inspect what they're doing on the devices or in the source code instead. The downside is that you can't monitor all of them in one place, but it might be your only option. Tim On Wed, Apr 15, 2020 at 2:31 PM Cornelius Jubjub wrote: > > Hello all, > > First of

minor tcpdump.8 inconsistency

minor inconsistency diff --git a/tcpdump.8 b/tcpdump.8 index ce16951..8c2cf33 100644 --- a/tcpdump.8 +++ b/tcpdump.8 @@ -1257,7 +1257,7 @@ end of this connection. .Ar window is the number of bytes of receive buffer space available at the other end of this connection. -.Ar urg +.Ar urgent indic

Re: Detecting DoH using PF

f the setting is turned on in its preferences. For what it's worth, the OpenBSD port of Firefox disables DoH by default. Tim

Re: X security claims in FAQ considering Xorg setuid root binary (was: Slightly OT, .. 5.5 Nagios)

Op 28-09-15 om 23:29 schreef Philip Guenther: On Mon, Sep 28, 2015 at 1:31 PM, L. V. Lammert wrote: ... X has never been installed on this box, .. why now? http://www.openbsd.org/faq/faq4.html#FilesNeededX From the FAQ: "By itself, installing X on a system does not change the risk of exte

Re: mini itx from intel

Op 03-10-15 om 02:45 schreef Brian Conway: FYI- My 2820 won't boot reliably headless without an HDMI dummy plug attached (such as my NUC 5CPYH won't boot either without an hdmi cable attached.

recompile packages to include base / libressl errata?

t with IMAP over tls. Furthermore, is ldd and the knowledge if a package uses tls enough to determine if a package has to be recompiled or not? If so, am I correct to conclude that postfix does not have to be recompiled because it dynamically links libssl.so.32.0 and libcrypto.so.32.0? -Tim

Re: httpd - conditional redirects

ess != myIpAddress) { // output the maintenance page } else { // load the normal app } Hopefully you can figure out something that will work for your situation. Tim

Pausing/Freezing issues with Protectli FW4B

p being used. Any pointers where I can investigate next would be appreciated. Tim [0] https://marc.info/?l=openbsd-misc&m=159166807203817&w=2 [1] https://marc.info/?l=openbsd-misc&m=159764612717042&w=2 --- ping 64 bytes from 10.0.0.1: icmp_seq=0 ttl=255 time=0.640 ms 64 bytes from

Re: Pausing/Freezing issues with Protectli FW4B

On Fri, Aug 11, 2023 at 5:56 PM Stuart Henderson wrote: > > On 2023-08-11, Tim Baumgard wrote: > > I'm having an issue with my Protectli FW4B that's become more of a > > problem lately. Essentially, it's the same thing that this person [0] > > encountere

man.openbsd.org timing out via HTTP & HTTPS

Not much to add to the subject. For a couple days now, I've tried connecting via HTTP & HTTPS from various points around the internet and they all time out. Sounds like something hung or accidentally lost power and needs a nudge. Thanks! -tkc

Re: From the military propaganda department

deserve neither liberty nor safety." > Trees need iron. Blood serves fine. Ask Thomas Jefferson ... > Good on you for taking an hour out of your life. Give me something > more than a hypothesis of how bad things are happening that might be > violations and how people that I care about are affected on the > ground > ... > Get arrested or GTFO ... > > I'm not Armorican. I read your constitution and your bill of rights > and study your law and your country. > I've stood up to LEO here. Describe your experience. > Light on the hill. Get the fuck up there. > > Fantastic points, I'd love to hear more, from both sides. --Tim

Re: PF Executive Summary

uck making stick drawings :) > I don't know if it is exactly what you are looking for, but you could potentially use PFW. Though it is currently not an actively developed product. http://www.allard.nu/pfw/ Tim

Re: Unfortunate dot was ... missing

recover without much trouble. All the device nodes in /dev are created with the MAKEDEV script. To recreate them, all you need to do is copy the MAKEDEV script back into the /dev directory and run the following command. # sh MAKEDEV all Tim Donahue

Re: PF and CLamAV "Integration" - how to do it?

V for scanning. I found this email on to configure PF to pass the traffic to squid. http://marc.info/?l=squid-users&m=120938897115089&w=2 Tim Donahue

Re: openbsd in virtualization

4.5-beta to run under XenServer, it would install and start booting but would lock up during the boot. If anyone knows how to solve this, I would love to hear what you did. Tim

Re: openbsd in virtualization

he limiting factor to how many you can have running will probably be how much memory you are limited to in your laptop. [1] - http://mln.sourceforge.net/ [2] - http://ovirt.org/ [3] - http://openqrm.com/ Tim Donahue

Re: openbsd in virtualization

dt...@drizzle.com wrote: > Tim Donahue wrote: > >> I run OpenBSD under VMware Server and ESXi. (Both are free) It is >> fairly stable and the performance isn't bad. I would recommend you use >> the "Other Linux (64-bit)" profile so you can get access

Re: Is anyone able to use certificates with openbsd iked/ikev2 and Apple iOS (iphone)?

the iPad successfully connected. Can you try applying that patch and see if it resolves your issue? If it also works for you, I'll reply on that thread and see if anyone wants to opine on the patch. -TimS -- Tim Stewart t...@stoo.org

Re: Is anyone able to use certificates with openbsd iked/ikev2 and Apple iOS (iphone)?

o yours. I'll do another round of testing and be more explicit about the crypto transforms, and will reply here with the results. Thanks for the link! -TimS >> On Apr 4, 2019, at 20:08, Tim Stewart wrote: >> >> Hi Ted, >> >> On 6/2/18 12:26 PM, Theodore Wynnych

Re: Blind OpenBSD users

(sorry, out of thread; copying from the marc.info post so References/In-Reply-To aren't set) > I am looking to understand / enhance the OpenBSD experience for > blind users. While not blind, I occasionally attempt to do some screenless testing with accessibility-tech on OpenBSD, FreeBSD, and Linu

Re: can't find fstab entry ?

I've vast amounts of inability but I get on with OpenBSD just fine. But then I take time to read OpenBSD's excellent documentation - FAQs and man pages, etc. Gratefully Tim H

Re: Unified BSD?

don't need a "unified" BSD; BSD is already unified in the ways that matter. Open source and meritocracy see to that. Tim -- Tim Larson Software Engineer [Proxibid]<http://www.proxibid.com/> e: tim.lar...@proxibid.com p: 877-505-7770 d: 402-505-7770 This email and any fil

Re: add a daemon user

On Tuesday 29 Jan 2013 21:06:11 Wesley M.A. wrote: > To add a "daemon user" like for example _nginx : > > useradd -L daemon -d /var/empty -s /sbin/nologin -g =uid _nginx > > Is this enough ? Is there a '-L' option?

Re: add a daemon user

On Tuesday 29 Jan 2013 21:52:46 Alexander Hall wrote: > On 01/29/13 18:23, Tim Hoddy wrote: > > On Tuesday 29 Jan 2013 21:06:11 Wesley M.A. wrote: > >> To add a "daemon user" like for example _nginx : > >> > >> useradd -L daemon -d /var/empty -s /

How can I turn off the LCD console backlight on an iMac?

Is there any way of turning off an iMac's LCD console backlight, with OpenBSD 5.2 running on an iMac (2006)? (The video card died so the machine is running as a server in console mode, and I don't want the backlight to burn out.) If this were a PowerPC Mac, OpenBSD/macppc could do it, with ws

Netatalk (Apple Filing Protocol) daemon replies "Something wrong with the volume's CNID DB"

I'm having a problem using Apple Filing Protocol (AFP) services provided by netatalk on OpenBSD, from an OS X Mountain Lion client. I have OpenBSD 5.2 running on an old iMac, with the netatalk-2.2.3p0 package. I made no changes to the default configuration beyond editing /etc/netatalk/afpd.conf to

Re: Netatalk (Apple Filing Protocol) daemon replies "Something wrong with the volume's CNID DB"

On May 1, 2013 5:54:32 AM EDT, Yoshihisa Matsushita said: > From: Tim Leonard > Subject: Netatalk (Apple Filing Protocol) daemon replies "Something wrong > with the volume's CNID DB" > Date: Tue, 30 Apr 2013 22:36:40 -0400 > >> I'm having a problem u

syslogd doesn't daemonize without inet6 since 5.7

I've upgraded some 5.6 boxes to 5.7 and found out that syslogd doesn't start in daemon mode if there is no inet6 address configured (i.e. "-inet6" in hostname.*). Starting syslogd either in the foreground with -d or binding on inet only with -4 makes it start again. -Tim

chacha20 cipher_algbits is 0

.2 with cipher ECDHE-RSA-CHACHA20-POLY1305 (256/0 bits)". I'm wondering what the 0 part in 256/0 bits mean. I've read it's "the number of bits actually used" vs. "the number of bits the algorithm is based on", but this sounds confusing to me. Can someone maybe clarify? Thanks, Tim

Re: chacha20 cipher_algbits is 0

ts = SSL_CIPHER_get_bits(cipher, &cipher_algbits); > > If LibreSSL returns 0 for algbits, that's an artifact of their > implementation. -Tim * http://marc.info/?l=postfix-users&m=143251444523619&w=2

Re: openntpd portable sync fails

Op 29-05-15 om 20:05 schreef Theo de Raadt: Just a quick question, why is S in sensors uppercase? Is that not to confuse it with status? % ntpctl usage: ntpctl -s all | peers | Sensors | status yes... while on the topic. I didn't find an explanation of the header in ntpctl(8). I'm curious

Re: openntpd portable sync fails

Op 29-05-15 om 20:05 schreef Theo de Raadt: Just a quick question, why is S in sensors uppercase? Is that not to confuse it with status? % ntpctl usage: ntpctl -s all | peers | Sensors | status yes... whoops, should have read a bit better. trustlevel and stratum it is.

ifconfig.if rtsol autoconf diff

Had some trouble this morning in configuring inet6 on a new laptop. Finally figured out that rtsol is dropped and that the functionality is moved to the kernel. Diff for hostname.if(5) included. Someone might want to replace the "rtsol" keyword in the installer as well. Index: hostname.if.5 ==

Re: ifconfig.if rtsol autoconf diff

Op 06-06-15 om 13:24 schreef Florian Obser: On Fri, Jun 05, 2015 at 03:41:22PM +0200, Tim Kuijsten wrote: Had some trouble this morning in configuring inet6 on a new laptop. What problems did you encounter? inet6 autoconf or rtsol in hostname.if are supposed to work exactly the same. Mmm, I

cert.pem 400 after updating stable 5.7

Every time I update my 5.7 systems by following stable the permissions of /etc/ssl/cert.pem are set to 400. Noticed this because OpenSMTPD stopped sending mail since it can not verify ssl connections: TempFail, "stat=Network error on destination MXs". Cheers, -Tim

Re: cert.pem 400 after updating stable 5.7

Op 13-08-15 om 14:59 schreef Tim Kuijsten: Every time I update my 5.7 systems by following stable the permissions of /etc/ssl/cert.pem are set to 400. Noticed this because OpenSMTPD stopped sending mail since it can not verify ssl connections: TempFail, "stat=Network error on destinatio

Re: NSA transition to quantum resistant algorithms

Op 15-08-15 om 21:14 schreef Devin Reade: Interesting background info, including recommended minimum key sizes during the interim: I find it interesting that symmetric ciphers like 256 bit AES are probably quantum resistant[0],

dmesg Intel NUC5CPYH

tl;dr no network, dmesg for 5.7 release, 5.8 current mp and sp included. With 5.7 release a dhcp response is received, but no other addresses than the one that is assigned to the machine can be pinged (the dhcp server is in the arp cache, but no ping reply is received from it). with 5.8 no d

Re: dmesg Intel NUC5CPYH

Op 04-09-15 om 21:01 schreef Ted Unangst: Tim Kuijsten wrote: tl;dr no network, dmesg for 5.7 release, 5.8 current mp and sp included. With 5.7 release a dhcp response is received, but no other addresses than the one that is assigned to the machine can be pinged (the dhcp server is in the arp

Re: dmesg Intel NUC NUC5CPYH

Op 04-09-15 om 21:06 schreef Tim Kuijsten: Op 04-09-15 om 21:01 schreef Ted Unangst: Tim Kuijsten wrote: tl;dr no network, dmesg for 5.7 release, 5.8 current mp and sp included. With 5.7 release a dhcp response is received, but no other addresses than the one that is assigned to the machine

Re: Cheap hardware for router, perhaps fileserver?

Op 20-09-15 om 11:23 schreef Mark Carroll: even to the level of Intel NUCs which look pretty good if their hardware is solid. I've recently installed an Intel NUC NUC5CPYH to be used as a quiet low power sftp file server. Support for the nic is recently added and the machine works perfect fo

Re: Upgrade to 5.9 full disk encryption

On 15 April 2016 23:04:45 BST, Bryan Everly wrote: >Boot the installer. Exit to the shell. Then do: > >bioctl -c C -l /dev/sd0a softraid0 > >(Substitute for your actual device that is the softraid container). >You will be promoted for your password. > >Watch for the console message telling you wha

Packet loss on traffic flowing between VLANs

eply 24:6e:96:04:1b:d8 24:6e:96:04:1c:84 0800 98: 10.95.0.5 > 10.95.1.50: icmp: echo request (DF) 24:6e:96:04:1c:84 00:00:5e:00:01:65 0800 98: 10.95.1.50 > 10.95.0.5: icmp: echo reply ^C 1975 packets received by filter 0 packets dropped by kernel Any help would be greatly appreciated. This is causing massive slow downs for all traffic flowing thru this firewall. Thank you for your time. -Tim

Re: Packet loss on traffic flowing between VLANs

Hi Evgeniy, Thank you for your reply. The states hard limit was the problem. The default limit is quite low :) -- Tim Korn Network Ninja On Thu, Jun 2, 2016 at 3:48 AM, Evgeniy Sudyr wrote: > Tim, > > from your problem description I can suggest you to check if you are not

s/specifies to/specifies how to/ in elf.5

Index: elf.5 === RCS file: /cvs/src/share/man/man5/elf.5,v retrieving revision 1.27 diff -u -p -r1.27 elf.5 --- elf.5 10 Sep 2015 17:55:21 - 1.27 +++ elf.5 7 Sep 2016 00:35:29 - @@ -147,7 +147,7 @@ typedef str

Leafpad: Sometimes Undo currupted document

Hello. This is OpenBSD4.9, but I believe latest Leafpad still has this problem. $ pkg_info leafpadInformation for inst:leafpad-0.8.17p4 Sometimes Undo currupted document, and this was shown in xterm. > (leafpad:5025): GLib-GObject-WARNING **: gsignal.c:2354: handler `238' of instance `0x7df450d8'

hw.sensors for arc no longer works with 5.0?

I have a number of servers with almost identical hardware (Supermicro MB, Areca 1210 or 1220 RAID card). These span from OpenBSD 4.5 to 5.0. In anything before 5.0, I am able to monitor the RAID status via snmp at OPENBSD-SENSORS-MIB::sensorStatus. The 5.0 boxes are returning unknown status (and

Re: hw.sensors for arc no longer works with 5.0?

On Wed, 1 Feb 2012 12:44:43 -0800 Tim Howe wrote: > [...] > In anything before 5.0, I am able to monitor the RAID status via snmp > at OPENBSD-SENSORS-MIB::sensorStatus. The 5.0 boxes are returning > unknown status (and the device IOD has changed from 3 to 46). > > sysctl r

Re: Apache box behind Openbsd

, I have several apache servers behind PF firewalls with no issues. If this doesn't work, please post a dmesg and your pf ruleset so that we actually have the information we need to help you out. -- Tim Donahue This mess

OpenBSD 4.2 dhcpd(8)

Hello all, Does anyone know which version of ISC DHCP that OpenBSD 4.2 uses for dhcpd(8)? I wasn't able to find any clue on the webpage or associated documentation. It feels a lot like a 2.x release based on the options available, but I just want to make sure. Thanks. -- -TimS Tim St

Re: OpenBSD 4.2 dhcpd(8)

e. >From the first sentence of `man dhcpd' on a brand-new OpenBSD 4.2 installation: , | The Internet Software Consortium DHCP Server, dhcpd, implements the | Dynamic Host Configuration Protocol (DHCP) and the Internet | Bootstrap Protocol (BOOTP). ` I'm not assuming that they just dr

Re: OpenBSD 4.2 dhcpd(8)

l make sure and check cvsweb next time before bothering the list. -- -TimS Tim Stewart Lead UNIX Systems Administrator Ciena Corporation Alpharetta, GA, USA [EMAIL PROTECTED]

  1   2   3   >