On Sun, Sep 18, 2005 at 10:34:30AM +0100, ed wrote:
> Steve B <[EMAIL PROTECTED]> wrote:
>
> > I'm a little confused on the topic of running Bind on OBSD. I've read
> > the Secure Architectures book, some material at
> > http://www.aei.ca/~pmatulis/pub/obsd_pf.html and a few other places.
o'rei
On Mon, Sep 19, 2005 at 10:30:29AM +0200, Henning Brauer wrote:
>
> the peer is broken and needs to be fixed.
>
> your only workaround is to not send any capability it does not grok.
> this is guesswork. you might want to try to not announce v4 unicast
> capabilities.
that did it.
---
4801a
On Mon, Sep 19, 2005 at 03:13:33PM -0300, Vinicius Pavanelli Vianna wrote:
>
> I tried to disable pf (pfctl -d) and it continues to loss packets
<...>
> The count on in and out are different because the pf is blocking some
> packets
(?)
those seem to contradict one another., just a typo?
>
On Tue, Sep 20, 2005 at 01:16:19AM +0100, Stuart Henderson wrote:
>
> You can only queue outgoing traffic with altq, not incoming.
>
> You can sometimes achieve the same effect by queuing outgoing traffic
> on a different interface (e.g. to queue internet->LAN bandwidth, queue
> on the LAN inte
On Mon, Sep 19, 2005 at 08:59:48PM +0200, -f wrote:
> hmm, on Mon, Sep 19, 2005 at 10:01:58AM -0600, j knight said that
> > > i was thinking of making another rule, just below this one:
> > >
> > > block in
> > > block in log from any to $ext_if
> >
> > Another alternative:
> >
> > block in quic
On Tue, Sep 20, 2005 at 02:11:44PM +0200, frantisek holop wrote:
> hmm, on Mon, Sep 19, 2005 at 06:33:16PM -0600, jared r r spiegel said that
> >
> > what is the noise exactly?
looks like TCP:6346 and UDP:1434 covers about half of that.
if you're always doing flags S/
On Fri, Sep 23, 2005 at 11:40:36AM -0700, John Marten wrote:
> "input_userauth_request: ivalid user somename"
> "Failed password for invalid user somename"
haven't read the entire thread yet, so doubtless this has
come up, but i use:
--
e = sis2
tablepersist
trying to debug some crappy script of mine, noticed what seems
to be an instance of setting xtrace changing the way the
script runs. -current snapshots from openbsd.rt.fm on sep.22
OpenBSD 3.8-current (GENERIC) #152: Thu Sep 22 13:31:38 MDT 2005
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/
On Mon, Sep 26, 2005 at 07:31:23PM +0100, Stuart Henderson wrote:
>
> The inbound traffic creates state associated with the queue, which is
> then used by the return traffic.
for a very simple example of this point, imagine that these
your only rules, and that, of course, you have a valid al
On Sat, Oct 01, 2005 at 08:50:13AM -0500, Travis H. wrote:
>
> Yeah, I neglected stateful matching. I should have said that every
> packet that has to run the gauntlet of rules, has to run all of them.
> Subsequent reading of the PF FAQ confirms that there's no deep
> evaluation-reordering magic
On Sat, Oct 01, 2005 at 04:43:40AM -0500, Travis H. wrote:
>
> Ah, but the matching engine doesn't have to traverse the whole rule
> list that way. Unless pf is doing something really tricky, every
> packet will have to traverse every firewall rule without use of
> quicks. On a complicated, busy
On Wed, Oct 05, 2005 at 12:07:01PM -0400, Chris Smith wrote:
> Regarding the altq implementation in pf:
>
> Is altq effective with all types of protocols/traffic, such as ah, esp,
> gre, etc.?
?
altq is as effective as your understanding of it and your implementation.
being that it is
On Wed, Oct 05, 2005 at 01:20:57AM +, [EMAIL PROTECTED] wrote:
> Having trouble brining up a tunnel.
a nice compromise between debug output and too much info, i've
found thus far is:
-dDA=0 -D2=50 -D5=50 -D7=50 -D8=40 -D9=30
> Though never seems to move on to phase 2 see snip 2
<...>
On Thu, Oct 13, 2005 at 04:07:00PM -0600, Theo de Raadt wrote:
> > Even though the card is detected, I'm not seeing any boost in
> > IPsec performance.
>
> > Cpu is a Geode1100 - doing 10Mb/s IPsec has it maxed out :)
>
> The cpu is unable to feed the crypto card fast enough.
>
> You would think
On Thu, Oct 13, 2005 at 11:15:51AM -0400, Andrew Atrens wrote:
>
> Not sure what these 'errno 209's are about either :('
i think i saw those in 3.7 and didn't have them affect anything
i was doing adversely, at least noticably so...
they aren't showing in 3.8/oct.2 ( or sep27 )
> # ipseca
On Thu, Oct 13, 2005 at 10:36:27PM -0500, Josh Webb wrote:
>
> from client1:
> Reply from 192.168.1.1: Destination host unreachable.
>
> from client2:
> Reply from 192.168.3.1: Destination host unreachable.
>
> I'm sure it's some detail I'm missing, but I'm stumped.
sudo sysctl -w net.inet.ip
On Thu, Oct 13, 2005 at 10:36:27PM -0500, Josh Webb wrote:
>
> I'm sure it's some detail I'm missing, but I'm stumped.
if it's not the sysctl, can gateway1 ping client2 || gateway2 ping client1 ?
or client1 ping 192.168.2.1 || client2 ping 192.168.2.2 ?
On Fri, Oct 14, 2005 at 04:31:36AM -0500, Josh Webb wrote:
>
> I know I should send stuff about the man pages to "hshoexer@", but is
> that @openbsd.org, @cvs.openbsd.org, or what?
someone will correct me if this is the wrong way, but can
also do a sendbug(1) and submit your diff to the manp
On Fri, Oct 14, 2005 at 07:59:00AM +0200, Alessandro Coppelli wrote:
> Hi to all.
>
> Question :
>
> Is it possible to make a bridge with box OBSD that it to do traffic
> shaping ?
>
> In the 6.9 FAQ tthere is a "Filtering on a bridge", but there is the
> possibility of
>
> "Tra
On Mon, Oct 17, 2005 at 01:37:58AM -0200, Marcos Vinicius Buzo wrote:
> Hello, I am trying to find out some docs about HFSC scheduler and PF, but I
> did not found it anywhere, in the pf.conf man page and PF Users Guide there
> are no examples that cover HFSC usage, only PRIQ and CBQ.
> Does anybod
On Tue, Oct 18, 2005 at 05:56:32PM -0400, STeve Andre' wrote:
> On Tuesday 18 October 2005 17:32, OpenBSD Admin wrote:
> >
> > So where does one post questions *after* having read the FAQ etc
in misc@, ports@, or [EMAIL PROTECTED]
tho' posting questions that could be answered by the self with
holy hell this OS f'ckin rocks.
so i waste a day and a half because i forgot to
do a 'dnssec-enable yes;' in named.conf, totally my fault.
after i turn that on and setup named and my keys/zones
right ( or unbreak them, after the day and a half of barking
up the wrong tree... ), i fin
On Thu, Nov 03, 2005 at 04:31:56PM -0800, Michael Favinsky wrote:
> I just installed 3.8 on a server that never had OpenBSD on it. Whenever I
> reboot, I get a warning that / wasn't unmounted properly. This is followed
> by an fsck of / and bootup goes on as normal. All other filesystems are
> clea
On Thu, Nov 03, 2005 at 06:13:22PM -0700, jared r r spiegel wrote:
> On Thu, Nov 03, 2005 at 04:31:56PM -0800, Michael Favinsky wrote:
> > I've tried reboot, halt, even sync sync sync reboot. The bootup sequence
> > still shows that / wasn't unmounted properly.
> >
On Thu, Dec 01, 2005 at 05:36:24PM +0200, turha turha wrote:
> Hi!
>
> I'm trying to find out if it's possible to get multiple IP's using DHCP to a
> single NIC.
without knowing what the specifics of the DHCP-situation on the ISP's
end is, perhaps a safe assumption is that you're going to nee
On Fri, Dec 02, 2005 at 06:45:09PM -0500, Chris Zakelj wrote:
> Johan P. Lindstrvm wrote:
>
> >Is there a need /desire for it?
i've got a small desire
> as they sit around doing absolutely nothing practically
> 24/7, and I think contributing to the science projects represented is a
> worthwhil
On Wed, Jan 04, 2006 at 08:44:19PM -0600, Jim Mays wrote:
> I found a very strang line in my /etc/hosts file. The line says
>
> ::1 localhost.cimsolve.com localhost
>
> This line is followed by a normal line
>
> 127.0.0.1 localhost.cimsolve.com localhost
>
> How did the first line get there, b
On Mon, Jan 02, 2006 at 08:17:43PM -0600, Jim Mays wrote:
>
> resolv.conf file:
>
> search hsd1.tx.comcast.net.
> nameserver 68.87.85.98
> nameserver 68.87.69.146
> looklup file bind
if that is a paste-o and not a type-o, that might be attributable to
a little bit of suckage. ( looklup != l
On Sat, Jan 14, 2006 at 09:20:34AM -0400, James Mackinnon wrote:
>
> I have checked the logs and there is nothing, Isakmpd just stops running. The
> pid file is still in /var/run and when I try to hup it, it tells me that the
> pid does not exist, thus, Its going and its going fast.
eg, it star
On Thu, Feb 02, 2006 at 06:08:52PM -0500, Jose Fragoso wrote:
>
> yppasswd: pam_chauthtok(): error in service module
>
> and the change fails. Now if I instead use the following command:
>
> yppasswd -h `ypwhich`
>
> It works immediatelly.
>
> With an OpenBSD client, it always work.
>
>
On Thu, Feb 02, 2006 at 09:48:55AM -0500, Wade, Daniel wrote:
> pkg_info -D packagename
> Will show you the install messages
also look for a pkg/MESSAGE file in the port dir, if you
have the port dir (since we're talking about java in this
case, i will assume you do have the port dir), oth
On Fri, Feb 03, 2006 at 09:02:06PM +, Denny White wrote:
> since installing the Voodoo
> card. Here's the current output of sysctl hw.sensors:
>
> hw.sensors.0=lm0, VCORE_A, volts_dc, 1.73 V
> hw.sensors.1=lm0, VCORE_B, volts_dc, 1.74 V
> hw.sensors.2=lm0, +3.3V, volts_dc, 3.26 V
> hw.sensors.
On Sat, Feb 11, 2006 at 05:17:29PM -0500, Nick Guenther wrote:
> Yeah, it does that. I don't know why, I assume historical reasons, and
> I would like to learn from someone here who does know. Use backspace
> instead.
>
> On 2/11/06, Martin Schrvder <[EMAIL PROTECTED]> wrote:
> > Hi,
> > on my fre
On Fri, Feb 10, 2006 at 05:51:41PM -0500, Mitch Parker wrote:
>
> I'm going to second this, even though I don't work at an ISP (however, I do
> work with large amounts of syslog data).
>
> If you want to keep things organized, it's better to keep the syslog files
> organized by service.
i woul
On Sat, Feb 11, 2006 at 08:07:30PM +0200, Danny wrote:
>
> I would like to know if OpenBSD will be able to recognise and access
> the SanDisk ImageMateR 12-in-1 Reader/Writer SDDR-89.
>
> More info on this piece of hardware can be found here:
> http://www.sandisk.com/Products/Item(1145)-SDDR-89-S
On Mon, Feb 13, 2006 at 07:55:25AM -0600, Travis H. wrote:
>
> The soekris site says the vpn1401 is fully supported in the latest
> release of OpenBSD.
>
> However, mine isn't autoprobing. What do I need to do to get it working?
i've had a 1401 working since, umm, maybe it's since 3.6 or
this should probably move to misc@; not pf-related, afaict.
On Mon, Feb 13, 2006 at 07:29:17AM -0600, Travis H. wrote:
>
> Basically I've got a remote node that is directly attached to an
> untrusted LAN (think metropolitan) and the firewall/gateway to the
> internet/VPN peer are the same machi
On Sat, Apr 30, 2005 at 02:02:29PM -0500, L. V. Lammert wrote:
> On Sat, 30 Apr 2005, RGA wrote:
> > Do you want to use *all* of wd0 for OpenBSD? [no] y
> >
> Depends if you want other OS installations.
if you want other OS installations (on that disk), would
it be better to answer 'n' to that
On Sun, May 01, 2005 at 10:09:17AM -0400, Monah Baki wrote:
> I'm certain I'm using the right cabling.
<...>
> But why would the system act like this in the first place?
probably has to do with the order the system finds the NICs.
the 'new' one you're putting in is found before the one yo
On Fri, May 06, 2005 at 01:35:12PM +0200, Didier Wiroth wrote:
> I've to disable pf to be able to make cvsup updates.
>
> Tcpdump on pflog0 does not show any blocked/dropped traffic.
are you actually having 'log' in every instance of
'block' action in pf.conf?
if disabling pf lets every
On Wed, May 11, 2005 at 02:47:05AM -0700, :.:.: ikmal :.:.: wrote:
> Hi all,
>
> I have problem with openbsd 3.7.
>
> Here was my method when doing cvs.
> cvs -d [EMAIL PROTECTED]:/cvs -q up
> -rOPENBSD_3_7 -P src
> # dmesg
> OpenBSD 3.7 (GENERIC) #0: Wed May 11 17:26:39 MYT 2005
> [EMAIL PR
On Wed, May 11, 2005 at 10:53:19PM +0200, Toni Mueller wrote:
> On Wed, 11.05.2005 at 19:14:21 +0200, Rogier Krieger <[EMAIL PROTECTED]>
> wrote:
> > On 5/11/05, Toni Mueller <[EMAIL PROTECTED]> wrote:
> > >
> > > uvm_fault(0x80890500, 0x1, 0, 1) -> e
> > > fatal page fault in supervi
On Mon, May 16, 2005 at 04:45:11PM -0700, andrew fresh wrote:
> OpenBSD Users:
>
> We have set up an site from which you can get OpenBSD Torrents.
>
> The site is http://openbsd.somedomain.net.
>
> The torrents are generated automatically on a server that is
> rsynced to ftp3.usa.openbsd.org eve
please excuse me if this is sounds asinine, but
i haven't figured out how to make it work and
am about ready to start throwing shit around the room.
192.168.7.17 and 192.168.7.18 are connected via
ethernet to a common switch with no fancy anything,
just a local LAN.
one is -curren
On Thu, May 19, 2005 at 10:02:57AM +0100, Stephen Marley wrote:
> Download a recent snapshot.
worked like a champ1 now they're swappin' underwear like
a healthy doctor-patient relationship!
jared
--
[ openbsd 3.7 GENERIC ( may 17 ) // i386 ]
i'd like to know if i'm parsing this right:
-[ isakmpd.policy(5) ]
When X509-based authentication is performed in Main Mode, any X509 cer-
tificates received from the remote IKE daemon are converted to very sim-
ple KeyNote credentials. The conversion is straightforward:
On Sun, May 22, 2005 at 06:00:14PM +0200, Wijnand Wiersma wrote:
>
> It really hurts my server performance every 15 minutes or so, and my
> statistics aren't very good either:
just a shot in the dark, but are you using apmd?
if so, try -a.
i had a hell of a time once debugging something th
On Mon, May 23, 2005 at 10:10:42AM -0700, Michael Favinsky wrote:
> Does OpenBGPd have something similar to Cisco's weight attribute? I looked
> at the man page and it doesn't seem to mention weight.
i have current snapshot from may17 and it's in there.
could probably check the cvsweb for the
On Mon, May 23, 2005 at 06:37:16AM -0600, Diana Eichert wrote:
> I think one of the best things a new user of OpenBSD is to use and
> understand the port/package system. Otherwise we end up with whiner's
> saying "This Package or That Package Isn't Available". Then we end up
> sounding like Linu
On Tue, May 24, 2005 at 03:15:01PM -0700, Allie D. wrote:
> I have used djbdns since '02with no issues whatsoever. You'll love the
> data file structure compared with BIND.
or you'll hate it and find it wretched.
but at least his webpage is still up.
jared
--
[ openbsd 3.7 GENERIC (
in response to the 18x18ja.bdf out of memory issue while using
GNU cvs on the server, i've implemented support for opencvs to run
the cvs server also.
as it has always been, one can access GNU cvs on the server side with:
CVSROOT=anon...@openbsd.mirror.frontiernet.net:/cvs
and now one
On Mon, Jun 20, 2011 at 01:34:47PM +1000, Rod Whitworth wrote:
> On Sun, 19 Jun 2011 18:28:10 -0400, STeve Andre' wrote:
>
> >On 06/19/11 18:19, Rod Whitworth wrote:
> >> This popped up as the first file (in name order) when I went to see if
> >> there was a new bunch of pkgs to go with the instal
in 4.2/i386, number-only macros in ipsec.conf worked fine/parsed
OK, syntax-wise:
---
# cat test.conf
cat = "dog"
cow = $cat
cat = "1234abc"
cow = $cat
cat = "1234"
cow = $cat
# uname -msr; ipsecctl -nvvf ./test.conf
OpenBSD 4.2 i386
cat = "dog"
cow = "dog"
cat = "1234abc"
cow = "1234abc"
ca
for what it's worth, pfctl in -current parses this situation fine,
but ipsecctl does not:
# cat cow.conf
cow = 'moo'
moo = $cow
cow = '1234'
moo = $cow
cow = ' 1234 '
moo = $cow
cow = '12a34'
moo = $cow
# ipsecctl -nvf ./cow.conf
cow = "moo"
moo = "moo"
cow = "1234"
./cow.conf: 4: syntax erro
On Thu, Jul 22, 2010 at 08:05:55PM -0600, Theo de Raadt wrote:
> > i went on and tested '-nvf ./cow.conf' in each of:
> > bgpd, ldapd, ldpd, ospfd, relayd, ripd, snmpd, smtpd, ypldap.
> > they all errored out only exactly on lines 4 and 6
> >
> > m4(1) seems to parse the file fine though.
On Thu, Jul 22, 2010 at 07:43:55PM -0701, jared r r spiegel wrote:
> is this specific behaviour
> the way of the future or accidental?
if it helps answer that, ipsecctl/parse.y r1.126 (first ipsecctl/parse.y
of 4.2-current) is the first revision that all-number macros can't b
swinging the mirror to a new machine today; i'll post again
when it's complete.
--
jared
On Tue, Jul 27, 2010 at 03:08:03PM -0700, jared r r spiegel wrote:
> swinging the mirror to a new machine today; i'll post again
> when it's complete.
this is all set. things should be way faster now.
i had to juggle some IPs, so there might be some DNS
entries in TTL
i've been looking around for an optimal rsync upstream for
openbsd.mirror.frontiernet.net and it looks like
openbsd.mirrors.tds.net is optimal for me to use.
i'd like to run it by the maintainer of that site first for
clearance but don't know any contact info for them, so if
anyone has
On Wed, Sep 09, 2009 at 03:50:58PM -0400, Brynet wrote:
> http://openbsd.mirrors.tds.net/
> or
> http://mirrors.tds.net/
that has contact info, thank you
--
jared
201 - 260 of 260 matches
Mail list logo
