gt; >
> > Thanks,
> >
> > /jl
>
> Hello,
>
> I would recommend samba. You can also try using NFS, I've heard that
> windows can mount NFS shares.
>
> About the security thing, I don't know if the protocol used by samba is
> secure between clients, but you can still run a VPN between your openbsd
> box and the Windows client to allow connecting to the samba share
> securely.
>
> regards
>
--
radek
_free_proposals: free 0x7fcc4080
config_free_proposals: free 0x7fcc4580
config_free_proposals: free 0x825a0a00
Then I get 809 Error.
On Wed, 7 Feb 2018 22:01:16 +0100
Radek wrote:
> Hi again,
>
> I'm still trying to make it work for roadwarriors.
> VPN server has IP address A.B.9.73
R_RANGE protoid 0 length 16 startport 0 endport 65535
ikev2_pld_ts: start 1.2.3.119 end 1.2.3.119
ikev2_pld_payloads: decrypted payload TSr nextpayload NONE critical 0x00 length
24
ikev2_pld_ts: count 1 length 16
ikev2_pld_ts: type IPV4_ADDR_RANGE protoid 0 length 16 startport 0 endport 65535
ikev2_
cookie: 64755be010cd32d2-> msgid: len: 510
18:45:41.927874 A.B.C.77.500 > 1.2.3.119.500: isakmp v2.0 exchange IKE_SA_INIT
cookie: 64755be010cd32d2->2a0fe33c6b9afff8 msgid: len: 471
Thanks!
On Mon, 5 Nov 2018 09:27:25 +0100
Kim Zeitler
it is
not any Router/FW problem.
On Tue, 6 Nov 2018 07:48:37 +0100
Kim Zeitler wrote:
> Good morning Radek,
>
> I have a suspicion ...
>
> > For (1), (2) and (3) VPN is working just fine with Win7_warrior and
> > puffy_warrior if they are connecting from A.B.C.0/23 (it
get private IP from dhcp server. Then I
move to public A.B.C.77/23 editing /etc/hostname, mygate, resolv.conf. Maybe I
missed something in network conf that is important for OpenIKED?
Any idea?
On Tue, 6 Nov 2018 11:21:52 +0100
Radek wrote:
> Hello Kim,
>
> > My question was co
On Wed, 7 Nov 2018 12:17:09 +0100
Radek wrote:
> Yesterday I tried this scenario:
>
> Win7_warrior - 192.168.x.x, NAT, GW: 1.2.3.119
> VPN_L2TP (Mikrotik) - A.B.C.75/23, not NATed
> VPN_IKEv2 - A.B.C.77/23, not NATed
>
> I connected Win7_warrior to VPN_L2TP and then to V
also welcomed.
Thanks!
--
radek
e main pool of
> memory anyway).
It does not matter to me. 8MB is OK for OS installation. I am not gonna use X,
serial console and ssh is all I need.
On Thu, 22 Nov 2018 12:01:36 -0800
Misc User wrote:
> On 11/22/2018 6:13 AM, Stuart Henderson wrote:
> > On 2018-11-22, Radek wrote:
> &g
Hi @misc,
is there any equivalent of "npppctl sessions all/brief" for iked(8)?
How can I get the list of currently connected roadwarriors? They use CA.
"ipsecctl -sa" shows IPs only, but I need to know who is who.
--
Radek
On Wed, 1 Apr 2020 08:50:41 - (UTC)
Stuart Henderson wrote:
> On 2020-04-01, Radek wrote:
> > Hi @misc,
> > is there any equivalent of "npppctl sessions all/brief" for iked(8)?
> > How can I get the list of currently connected roadwarriors? They use CA.
&g
rtng iked!" em...@example.com
rcctl restart iked
fi
fi
sleep 32
done
You can trim the sleep time as you need but remember to give some time to
restart/renegotiation/resync...
I hope it helps.
--
Radek
crash for few years...
> This is ain't the 90's man everyone can afford to have 2-3 or more PCs at
> home
But sometimes you have to be outside the home.
[1] https://www.metatrader4.com/
Cheers!
--
Radek
ot; -eq 0 ] ; then
mon=`ping -c 3 -w 1 the_other_side_WAN_IP | grep packets | awk -F " " '{print
$4}'`
wan=`ping -c 3 -w 1 8.8.8.8 | grep packets | awk -F " " '{print $4}'`
if [ "${mon}" -gt 0 ] && [ "${wan}" -gt 0 ] ; then
echo vpn: ${vpn}, mon: ${mon}, wan: ${wan} | mail -s "no ping through
VPN RACTEST-MON! restartng iked!" em...@example.com
rcctl restart iked
fi
fi
sleep 32
done
--
Radek
ever been an issue?
> Regards
> Patrick
>
> > On Aug 18, 2019, at 1:03 PM, Radek wrote:
> >
> > Hello,
> >
> > I have two testing gateways (6.5/i386) with site-to-side VPN between its
> > LANs (OpenIKED).
> > Both gws are fully syspatched, have publi
OS layout
On Mon, 19 Aug 2019 18:17:48 -0500
Patrick Dohman wrote:
> Do you consider memory an issue?
> What is the speed of your memory?
> Unix load average can occasionally be deceiving.
> What make of Ethernets are you running?
> Regards
> Patrick
>
> > On Aug 19, 20
05 280 279 1 2 0 80
In use 5679K, total allocated 6336K; utilization 89.6%
On Thu, 22 Aug 2019 19:12:55 -0500
Patrick Dohman wrote:
> Radek
>
> I’ve found that fast networking is actually CPU & memory intensive.
> Pentium 4 and Xeon's are
ge or virtualization.
> The OpenBSD O.S includes all the user-land tools such as ping & top in
> addition to a standardized precompiled kernel.
> Regards
> Patrick
> .
> >
> >
> > On Thu, 22 Aug 2019 19:12:55 -0500
> > Patrick Dohman wrote:
> >
> &
1 and 1.0.0.1 my problem still occurs.
On the other side the ISP redirects all DNS requests to its own DNS.
Any idea?
On Sun, 25 Aug 2019 20:28:27 -0500
Patrick Dohman wrote:
> Radek
> In my opinion upstream DNS & UDP issues can cause interrupts with some ISP's.
> I also believe tha
s kind of iked issue? Nobody else
reports having the same issue here...
On Fri, 20 Sep 2019 16:55:02 - (UTC)
Stuart Henderson wrote:
> On 2019-09-20, radek wrote:
> > Hello Patrick,
> > I am sorry for the late reply.
> >
> > I have replaced my ALIX/Soekris productio
on this journey.
--
Radek
ctly files should be copied/edited
(/etc/ssl/vpn/ /etc/iked/) to make rdk.6501.rac working in new box?
On Fri, 8 Nov 2019 11:59:56 - (UTC)
Stuart Henderson wrote:
> On 2019-11-08, radek wrote:
> > Hello,
> >
> > I'm going to replace 6.5 router with new 6.6 box.
-11-10, Radek wrote:
> > Hi Stuart,
> > I have played around with copying them across but no luck (I get error
> > 13801 in win7). I don't know what I'm doing wrong.
> >
> > Do I need to set the same hostname (/etc/myname) in new box to make old
> >
5 94
On Sun, 22 Sep 2019 17:11:20 +0200
Radek wrote:
> Thank you Stuart.
> I can't touch/upgrade these routers, but I have a bunch of Soekris/net5501
> that I can use for testing -current. Unfortunately, they are i386. I hope the
> arch doesn't matter in this case.
> I&#
6/i386.
On Sun, 10 Nov 2019 15:00:58 +0100
Radek wrote:
> My new box has the same /etc/myname.
>
> I copied:
> /etc/iked/ca/ca.crt
> /etc/iked/certs/1.2.3.4.crt
> /etc/iked/crls/ca.crl
> /etc/ssl/vpn/*
>
> What did I do wrong/miss?
>
> Windows shows error 13826:
e frame: 0x82281c40, count: 0
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports. Insufficient info makes it difficult to find and fix bugs.
ddb>
--
Radek
Hello Philip,
This box has installed the newest BIOS firmware.
Following your suggestion I sent a bug report to b...@openbsd.org
https://marc.info/?l=openbsd-bugs&m=157747038309405&w=2
On Mon, 23 Dec 2019 08:25:13 -0800
Philip Guenther wrote:
> On Mon, Dec 23, 2019 at 5:10 AM R
to esp from to (egress:0)
set prio (6, 7) keep state
pass in quick on egress proto udp from to (egress:0) port {500,
4500} set prio (6, 7) keep state
pass in on egress proto udp from any to (egress:0) port {isakmp,ipsec-nat-t}
set prio (6,7) keep state
pass in on egress proto {ah,esp} set prio (6,7) keep state
block return in on ! lo0 proto tcp to port 6000:6010
--
Radek
dwitdh they just get it with higher priority and my
boxes always can use *the rest*. If there is a quiet it the network my boxes
can use the whole highway.
On Thu, 2 Jan 2020 17:57:19 +0100
fRANz wrote:
> On Thu, Jan 2, 2020 at 3:51 PM radek wrote:
>
> > I tried to do it by "ca
54 255.255.255.0 NONE description "LAN75"
group trust
[root@@serv75/home/rdk:]cat /etc/hostname.enc0
up
[root@@serv75/home/rdk:]cat /etc/rc.conf.local
iked_flags=YES
ntpd_flags="-s"
dhcpd_flags="vr1 vr2 vr3"
[root@@serv75/home/rdk:]cat /etc/sysctl.conf
net.inet.ip.forwarding=1
net.inet.ipcomp.enable=1
net.inet.esp.enable=1
--
radek
ytes
config_free_proposals: free 0x8134e000
Generating and installing certificate for E.F.G.H doesn't make any change.
On Sat, 27 Jan 2018 19:55:46 +0100
Radek wrote:
> Hello,
>
> I have configured OpenIKED Site-to-Site VPN between two gateways:
> serv73 - OBSD6.1, IP A.B.C.7
c/mail/aliases
listen on lo0
accept for local alias #deliver to mbox
accept from local for any relay as user+al...@gmail.com
Thanks for help!
--
radek
Hi,
is it possible to install Firebird Server in OpenBSD? I can't find any info
about that anywhere.
Thanks!
--
Radek
y Evans wrote:
> On Tue, Nov 24, 2020 at 9:27 PM Radek wrote:
>
> > Hi,
> > is it possible to install Firebird Server in OpenBSD? I can't find any
> > info about that anywhere.
> > Thanks!
>
>
> Assuming you mean the SQL database, w
an 6 20:53:44 fw-u npppd[82720]: ppp id=1 layer=mppe logtype=Opened
our=128bit,stateless peer=128bit,stateless
Jan 6 20:53:44 fw-u npppd[82720]: ppp id=1 layer=base Using pipex=yes
--
Radek
s there?
It is directly connected do X.Y.Z.13, no NAT.
On Thu, 07 Jan 2021 16:27:57 +0900 (JST)
YASUOKA Masahiko wrote:
> Hi,
>
> On Wed, 6 Jan 2021 21:33:49 +0100
> Radek wrote:
> > I have a box with relatively fresh install of 68/amd64, fully
> > syspatched. There is
to missing IPsec protection
>0 dropped due to full socket buffers
>609 delivered
>236 datagrams output
>354 missed PCB cache
>
> I started looking into this problem.
>
> On Thu, 7 Jan 2021 09:45:07 +0100
> radek wrote:
> >
68.1.104;
$ sh /etc/netstart vr0
vr0: 192.168.1.103 lease accepted from 192.168.1.1 (b0:48:7a:a5:86:15)
$ dhclient -v vr0
vr0: DHCPREQUEST to 255.255.255.255
vr0: DHCPACK from 192.168.1.1 (b0:48:7a:a5:86:15)
vr0: 192.168.1.103 lease accepted from 192.168.1.1 (b0:48:7a:a5:86:15)
Thanks for any help.
--
Radek
is
permanently connected to the network.
> configuration changes at the server end.
Nobody touches the server end.
On Tue, 19 Jan 2021 21:05:21 +
Peter Kay wrote:
> On Tue, 19 Jan 2021 at 20:57, Radek wrote:
> >
> > Hi,
> > I can't manage to request a s
ess is in
/var/db/dhcpd.leases (instead of the my_addrees) and DHCPD can give my_address
to other client. Am I rigth?
On Wed, 20 Jan 2021 09:38:13 +0100
Marco Scholz wrote:
> On Tue, Jan 19, 2021 at 08:56:39PM +0100, Radek wrote:
> > I can't manage to request a specific IP addr
Forward.
Begin forwarded message:
Date: Thu, 21 Jan 2021 16:32:55 +0100
From: Radek
To: Allan Streib
Subject: Re: How to request a specific IP address from DHCP server
> Can you configure a permanent IP address in the client configuration
> (hostname.if file) that is outside the rang
com 25
> Trying 66.102.1.27...
> Connected to gmail-smtp-in.l.google.com.
> Escape character is '^]'.
> 220 mx.google.com ESMTP k2si3832128wrm.242 - gsmtpquit
> 221 2.0.0 closing
> connection k2si3832128wrm.242 - gsmtp
> Connection closed by foreign host.
>
>
--
Radek
| head
OpenBSD 6.8 (GENERIC.MP) #4: Mon Jan 11 10:35:56 MST 2021
r...@syspatch-68-amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
--
Radek
KA Masahiko wrote:
> Hello,
>
> On Sat, 20 Feb 2021 21:14:24 +0100
> Radek wrote:
> > I have a router with VPN server (npppd). LAN net is 10.109.3.0/24, gw
> > 10.109.3.254, the VPN net is 10.109.4.0/24, gw 10.109.4.254.
> > If the client is conencted to V
o add *option capwap* to /etc/dhcpd.conf
option capwap code 138 = ip-address; #Custom Option capwap
option capwap 192.168.1.110; #WLAN-Controller-IP
I can't find the capwap option in dhcp-options(5) i OpenBSD.
How can I do what I need using other options/configuration?
Thanks!
--
Radek
uters 10.109.3.254;
range 10.109.3.201 10.109.3.220;
#option option-138 10.109.3.100;
option option-138 A:6D:3:64;
host [...]
On Thu, 6 May 2021 11:45:43 +0200
Denis Fondras wrote:
> Le Thu, May 06, 2021 at 10:48:55AM +0200, Radek a écrit :
> > Hello,
> > I want to use dhcpd ser
Update.
My conf seems to work as expected, but it took a few hours for APs to find the
controller. Since then even new APs find the controlles in a few minutes.
Controller: Alcatel-Lucent OmniVista 2500
APs: OAW-AP1321-RW
Thanks for your help!
On Mon, 10 May 2021 15:30:01 +0200
Radek wrote
Hello,
I'm going to build a router with +40 vlans.
I need to block access from every vlan to each other (and then enable traffic
between certain vlans as needed).
How can I do this? Is there any one liner pf block rule to do this?
--
Radek
ck on vlan1003 inet from vlan1002:network to vlan1003:network
block out on vlan received-on vlan
Any other pf tweeks and suggestion would be appreciated.
On Tue, 13 Jul 2021 12:25:32 +0200
Claudio Jeker wrote:
> On Tue, Jul 13, 2021 at 11:34:28AM +0200, Radek wrote:
> > Hello,
> >
-19 carp2
10.0.2.201 18:03:73:b4:fa:c1 UHLc 011815 -18 carp2
10.0.2.254 00:00:5e:00:01:02 UHLl 0 36 - 1 carp2
10.0.2.255 10.0.2.254 UHb04 - 1 carp2
[snip]
Radek
r to the underlying interface, not the carp.
>
> I'd change:
>
> ext_if=em0
> int_if=vlan2
> ext_carpIf=carp0
>
> match out on $ext_if inet from 10.0.2.0/24 to any nat-to $ext_carpIf
>
>
>
>
>
>
> On Wed, Apr 24, 2024, 4:50 PM Radek
t_if from $int_if:network to any nat-to $ext_carpif
It seems it should work fine as well but it doesn't:
match out log on egress from $int_if:network to any nat-to $ext_carpif
On Thu, 25 Apr 2024 13:53:32 -0700
obs...@loopw.com wrote:
>
>
> > On Apr 25, 2024, at 10:36 AM
might not be classifying itself as egress.
> >
> > Nevertheless, writing egress or $ext_If, what difference does it really
> > make? You're just repeating a different word. Lol
> >
> > On Sun, Apr 28, 2024, 12:08 PM Radek wrote:
> >
> >> &
0.0.0.0 {
interface vr0
interface vr3
}
Thanks,
Radek
109.3.15".
$ ospfctl show fib
flags: * = valid, O = OSPF, C = Connected, S = Static
Flags Prio Destination Nexthop
*S8 0.0.0.0/010.109.3.254
*O 32 10.1.111.0/2410.109.3.15
Any clues?
On Sat, 4 Feb 2023 23:16:57 +
Tom Smyth wrote:
> Hi Radek,
>
Phone
>
> > On 5 Feb 2023, at 21:15, Radek wrote:
> >
> > Hello Diederik, hello Tom,
> > this is a simple lab/testing configuration, that's why there is no
> > "passive" and other...
> > The purpose of this configuration is to allow access to
> So route add 10.1.111.11/32 10.1.111.1
>
> Then you can redistribute your /32
>
>
>
> router-id 10.109.3.15
> redistribute 10.1.111.11/32
>
> area 0.0.0.0 {
> interface vr0
> }
>
>
>
> On Tue, 7 Feb 2023, 02:46 Radek, wrote:
>
> > Hel
be up before vr3 so that is why your route adding in the
> hostname.vr0 is wrong.
>
> Cheers
>
> On Thu, 9 Feb 2023, 01:36 Radek, wrote:
>
> > Hello Bradley,
> > thank you, your setup works the way I need.
> >
> > I can't deal with adding the static r
ng the IP of the host you want to go to?
>
> It will look silly but maybe it works?
>
> Aka
> !route add 10.1.111.11 10.1.111.11
>
> That worked on my attempt even without sleeping
>
> See if that helps.
>
>
>
>
> On Thu, 9 Feb 2023, 22:59 Radek, w
instruction (core dumped)
pf-badhost:
IPv4 addresses in table: 0
Radek
on 1.0
uhub1 at usb1 configuration 1 interface 0 "AMD OHCI root hub" rev 1.00/1.00
addr 1
vscsi0 at root
scsibus1 at vscsi0: 256 targets
softraid0 at root
scsibus2 at softraid0: 256 targets
root on wd0a (660c82c04771c00d.a) swap on wd0b dump on wd0b
On Thu, 25 May 2023 18:17:49 -
st "hope" he regularly monitors this
> list.
>
> I've contacted him before at his email address and he was very prompt in
> reply.
>
> 73
> diana
> KI5PGJ
>
> On May 30, 2023 8:05:04 AM MDT, Radek wrote:
> >Hello and sorry for the late re
Hello Stuart,
> What is the name of the core dump file?
Actually there isn't any .core file.
test73# find / -name '*.core'
test73#
On Tue, 30 May 2023 14:41:37 - (UTC)
Stuart Henderson wrote:
> On 2023-05-30, Radek wrote:
> > Hello and sorry for the late repl
oth sh and ksh seem to behave that way, but bash will trace inside
> functions. Try calling the script with 'bash -x' and hopefully you
> can pinpoint which binary called by main() is crashing.
>
> -Andrew
>
Radek
ports/textproc/ripgrep &&...)
*** Error 2 in /usr/ports/textproc/ripgrep
(/usr/ports/infrastructure/mk/bsd.port.mk:2600 'install':
@lock=ripgrep-13.0.0p3; export _LOCKS_...)
test73#
> or try the binary at https://junkpile.org/rg
This binary causes code dumps too.
On Mon, 5
d a
history log.
Thanks for help,
Radek
N with RADIUS - it's in my TODO list.
Thanks!
On Tue, 13 Aug 2013 07:33:20 -0500
Vijay Sankar wrote:
> Quoting Radek :
>
> > Hi @misc,
> >
> > I can't find any way/option to log npppd sessions on a VPN gateway.
> > What I need to log:
> > - username
> &
|
| +---+192.168.2.1| 172.16.2.254/24---|
| ++
|
|+192.168.3.254/24
Thanks!
On Thu, 8 Nov 2018 14:04:23 +0100
Radek wrote:
> I've been playing around with netcat.
> I noticed that the netcat process on my VPN_server does not show any "
; ..
> > >>
> > >>
> > >> But I can't reach internet from A through B.
> > >>
> > >> Here is the pf.conf on B (at least a small part of it)
> > >>
> > >> pass out on egress \
> > >> from any to any tagged IKED \
> > >> nat-to (egress)
> > >>
> > >>
> > >
> > > I'm still stuck at the same point.
> > > Can someone give me an example of a working configuration natting ot
> > > Internet?
> >
> > I used this,
> >
> > pass in on enc0 inet from $some_net
> > pass out quick on egress inet received-on enc0 nat-to $some_address
> >
> > Also I don't remember what you've already said you checked, but
> > make sure you have sysctl net.inet.ip.forwarding=1.
> >
>
> Thank you.
> Yes, I do have ip.forwarding=1.
>
> I'm confused how to replace "$some_address". Isn't it "(egress)" ?
>
> Regards.
>
--
radek
address 10.0.1.0/24 \
config netmask 255.255.255.0 \
config name-server 8.8.8.8
On Fri, 30 Nov 2018 15:06:28 +0100
Radek wrote:
> Hello,
>
> Thank all of you for your time and your help in this matter!
> I think that the ISP of A.B.C.0/23 is filtering/blocking some certificates.
> I
.201 netmask 0xfffc broadcast 10.134.91.203
> >>> inet 10.134.91.205 netmask 0xfffc broadcast 10.134.91.207
> >>> inet 10.134.91.209 netmask 0xfffc broadcast 10.134.91.211
> >>> inet 10.134.91.213 netmask 0xfffc broadcast 10.134.91.215
> >>> inet 10.134.91.217 netmask 0xfffc broadcast 10.134.91.219
> >>> inet 10.134.91.221 netmask 0xfffc broadcast 10.134.91.223
> >>> inet 10.134.91.225 netmask 0xfffc broadcast 10.134.91.227
> >>> inet 10.134.91.229 netmask 0xfffc broadcast 10.134.91.231
> >>> inet 10.134.91.233 netmask 0xfffc broadcast 10.134.91.235
> >>> inet 10.134.91.237 netmask 0xfffc broadcast 10.134.91.239
> >>> inet 10.134.91.241 netmask 0xfffc broadcast 10.134.91.243
> >>> inet 10.134.91.245 netmask 0xfffc broadcast 10.134.91.247
> >>>
> >>> This behaviour is counter intuitive as it is different to sh
> >>> /etc/netstart
> >>> behaviour on the configuration of inet addresses
> >>> im wondiring is this a feature or a bug ... or me misunderstanding the
> >>> use of netstart script to reset / reload the configuration of an interface
> >>>
> >>> Thanks
> >>>
> >>> Tom Smyth
> >>>
> >>
> >> --
> >> I'm not entirely sure you are real.
> >
> >
> >
>
--
radek
oming...
Many thanks!
On Fri, 7 Dec 2018 20:20:21 +0100
Radek wrote:
> Hello,
>
> I am still almost in the same point.
> If I want to reach my GW88_LAN I have to check "use default gateway on remote
> network" box (Windows roadwarrior), but this option makes me reachi
cheaper alternatives.
Thanks!
--
radek
consumption device that can shutdown my home
OpenBSD router when the power is loss.
I would like not to use 230V device fot that purpose, which consumes more power
when compare to 12V devices.
On Tue, 18 Dec 2018 20:19:20 +0100
Juan Francisco Cantero Hurtado wrote:
> On Mon, Dec 17, 2018
dom-id)
match out on egress from lan:network to any nat-to egress
block log all
pass in on egress proto udp from any to any port {isakmp,ipsec-nat-t}
pass in on egress proto {ah,esp}
pass out on egress
pass on lan
On Wed, 12 Dec 2018 21:45:25 +0100
Radek wrote:
> Hello again,
>
&g
Thanks for your hints, Stuart.
I hope to get one OpenUPS soon and give it a try.
On Sun, 23 Dec 2018 12:13:12 + (UTC)
Stuart Henderson wrote:
> On 2018-12-19, Radek wrote:
> > Thank you for all your comprehensive technical references. I just wanted to
> > know if there is
Any help appreciated!
On Fri, 28 Dec 2018 10:41:22 +0100
Radek wrote:
> Hello,
>
> finally I solved my problem as follows:
> 1. Uncheck "use default gateway on remote network" in warrior (Windows)
> 2. Create route192.bat file: route add 192.168.2.0 mask 255.255.255
e to start the ncat processes at
> boot and run an hourly script to do a pfctl -T expire 86400 to
> keep the table clean of old attackers.
>
> Shodan isn't the only scanner out there, so there is no point in just
> blocking it. And I figure if someone is trying to connect to unused
> ports on my system, they probably aren't up to any good. If you aren't
> aware that my machine isn't legitimately listening on 22 or 23, or 443,
> I don't want to talk to you.
>
> I usually just run on port 22 and move sshd to a different port, that
> seems to stop >95% of attackers.
>
>
--
radek
something?
$ locale
LANG=
LC_COLLATE="C"
LC_CTYPE="C"
LC_MONETARY="C"
LC_NUMERIC="C"
LC_TIME="C"
LC_MESSAGES="C"
LC_ALL=
Any help appreciated. Thanks!
--
radek
lish
interfaces are not obligatorily needed.
On Tue, 8 Jan 2019 17:29:22 +0200
Dumitru Moldovan wrote:
> On Tue, Jan 08, 2019 at 02:52:21PM +, Radek wrote:
> >Hello,
> >
> >I'm trying to set Polish locales in my new desktop (6.4/amd64, xenodm,
> >WindowMaker).
&
>
>
> I wrote a little daemon to do what we're looking for. It listens on
> specified ports, accepts the connection and executes a script so you can
> either use something like logger or pfctl, etc to do what you want with
> the address it connected from. If anyone wants to play with it let me
> know and I'll send you the tarball.
>
> Edgar
>
--
radek
Sorry, I haven't tried it yet. I'll do it ASAP.
On Tue, 15 Jan 2019 21:05:32 -0600
ed...@pettijohn-web.com wrote:
> On Sun, Jan 13, 2019 at 01:39:13PM -0600, ed...@pettijohn-web.com wrote:
> > On Sun, Jan 13, 2019 at 08:04:32PM +0100, Radek wrote:
> > > Hi,
> >
ver know what that might
> > bring.
>
> There's a commit from just after 5.2 which is relevant to some
> packet forwarding setups, which might be of interest..
>
> http://www.openbsd.org/cgi-bin/cvsweb/src/sys/netinet/ip_input.c?r1=1.197;f=h#rev1.197
>
--
radek
sendbug data if you actually want to help.
>
> Have you tried your NC on the loopback as a reference ?
> is the HEADER compression activated ?
On Fri, 18 Jan 2019 09:28:45 -0500
sven falempin wrote:
> On Fri, Jan 18, 2019 at 8:58 AM Radek wrote:
>
> > I have configured S
516.66
23.49514.80
30.79594.94
37.45583.15
34.16621.32
31.54653.58
31.40659.72
33.00667.91
40.15753.08
34.54738.35
32.15639.13
35.11621.26
34.78733.43
34.59728.21
On Fri, 18 Jan 2019 18:25:11 +0100
Radek wrote
till, your test is
> good enough to show that things are much slower with IPsec enabled.
True. I use LAN machine on the one side in my netcat tests, but I don't have
any on the other side, so I have to use router.
On Mon, 21 Jan 2019 13:52:41 + (UTC)
Stuart Henderson wrote:
> On
pshot. Already fixed in -current.
> >
> > Indeed. Out of curiosity, what was it? I couldn't find anything under
> > http://www.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/lpr/
> > that would break and fix this.
> >
>
> Remote printing with lpd was broken from January 20 to February 7.
>
> usr.sbin/lpr/lpd/printjob.c (broken by r1.50, fixed by r1.52)
>
> Thanks,
> Jeremy
>
--
radek
Thank you Stuart.
If I use /usr/local/bin/lpr printing works as expected.
$ grep Kyocera /etc/xpdfrc
psFile "|/usr/local/bin/lpr -P Kyocera_Mita_FS-6020"
On Wed, 23 Jan 2019 14:33:15 - (UTC)
Stuart Henderson wrote:
> On 2019-01-23, Radek wrote:
> >
0 10.10.10.255
> >I can also ping 10.10.10.1.
> >
> >Why vlan0 not linked vio0(parent) without create bridge?
> >
> >Is this normal? AM I miss understand vlan?
> >
> >(eg: I also tried on real machine with hostname.em0 card, same result)
> >
> >Thanks.
> >
> >
> >
> >
> >
> >Key fingerprint: CDB3 6C62 254B C088 1E5D DD32 182C 97DB CF2C 80AC
>
>
> Key fingerprint: CDB3 6C62 254B C088 1E5D DD32 182C 97DB CF2C 80AC
--
radek
ha2-256 enc aes-256
esp tunnel from 240.240.10.70 to 240.240.10.69 spi 0x4b96dca8 auth
hmac-sha2-256 enc aes-256
esp tunnel from 240.240.10.69 to 240.240.10.70 spi 0x62c0615a auth
hmac-sha2-256 enc aes-256
esp tunnel from 240.240.10.69 to 240.240.10.70 spi 0x97cc9e5f auth
hmac-sha2-256 enc aes-256
remoteLAN_machine# cat /etc/pf.conf | grep "^[^#;]"
set skip on {lo, enc}
match in all scrub (no-df random-id)
match out all scrub (no-df random-id)
pass all
--
radek
lose synchronization.
> They will eventually resync on their own, but it takes several
> minutes.
>
> --
> Christian "naddy" Weisgerber na...@mips.inka.de
>
--
Radek
0.8.22):
4.domain.com
5.domain.com
6.domain.com
How can I make it work?
Any help appreciated.
--
radek
default ><
doing _rc_read_runfile
doing rc_check
relayd
doing rc_pre
configuration OK
doing rc_start
doing _rc_wait start
doing rc_check
doing _rc_write_runfile
(ok)
On Fri, 30 Sep 2016 07:26:22 -0400
Josh Grosse wrote:
> On Fri, Sep 30, 2016 at 11:42:11AM +0200, Radek wrote:
> &
tps://6.domain) started to show
the content of 1.domain.com
If I changed the order of "forward" websites (https://1.domain,
https://2.domain, https://3.domain) started to show content of 4.domain.com
relay relay_tls {
listen on 127.0.0.1 port 8443 tls
protocol "web_tl
0x000c: BIST: 00 Header Type: 00 Latency Timer: 00 Cache Line Size: 00
0x0010: BAR io addr: 0xdf00/0x0020
0x0014: BAR empty ()
0x0018: BAR empty ()
0x001c: BAR empty ()
0x0020: BAR empty ()
0x0024: BAR empty ()
0x0028: Cardbus CIS:
0x002c: Subsystem Vendor ID: 1409 Product ID: 4025
0x0030: Expansion ROM Base Address:
0x0038:
0x003c: Interrupt Pin: 01 Line: 0c Min Gnt: 00 Max Lat: 00
--
radek
You probably need to set that up.
>
> Also, the bootloader may not understand the 16750.
>
> -ml
>
>
> On Mon, Feb 16, 2015 at 10:50:35AM +0100, Radek wrote:
> > I'm trying to setup a serial console. My RS-232 is an old PCIcard.
> >
> > I tried this
o
pckbc0 at isa0 port 0x60/5 irq 1 irq 12
pckbd0 at pckbc0 (kbd slot)
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
wbsio0 at isa0 port 0x2e/2: W83627HF rev 0x41
lm1 at wbsio0 port 0x290/8: W83627HF
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
vscsi0 at root
scsibus2 at vscsi0: 256 targets
softraid0 at root
scsibus3 at softraid0: 256 targets
root on wd0a (e8a3ba715d004629.a) swap on wd0b dump on wd0b
--
radek
ac97: codec id 0x434d4983 (C-Media Electronics CMI9761A+)
> audio0 at auich0
> usb1 at uhci0: USB revision 1.0
> uhub1 at usb1 "Intel UHCI root hub" rev 1.00/1.00 addr 1
> usb2 at uhci1: USB revision 1.0
> uhub2 at usb2 "Intel UHCI root hub" rev 1.00/1.00 addr 1
> usb3 at uhci2: USB revision 1.0
> uhub3 at usb3 "Intel UHCI root hub" rev 1.00/1.00 addr 1
> usb4 at uhci3: USB revision 1.0
> uhub4 at usb4 "Intel UHCI root hub" rev 1.00/1.00 addr 1
> isa0 at ichpcib0
> isadma0 at isa0
> fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
> com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
> pckbc0 at isa0 port 0x60/5 irq 1 irq 12
> pckbd0 at pckbc0 (kbd slot)
> wskbd0 at pckbd0: console keyboard, using wsdisplay0
> pcppi0 at isa0 port 0x61
> spkr0 at pcppi0
> wbsio0 at isa0 port 0x2e/2: W83627HF rev 0x41
> lm1 at wbsio0 port 0x290/8: W83627HF
> npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
> vscsi0 at root
> scsibus2 at vscsi0: 256 targets
> softraid0 at root
> scsibus3 at softraid0: 256 targets
> root on wd0a (e8a3ba715d004629.a) swap on wd0b dump on wd0b
>
> --
> radek
--
radek
rface VLAN-PRAC"
All vlan* interfaces have trunk0's MAC now (all the same). Hope it is not a
problem.
On Tue, 19 Apr 2016 15:27:21 +0200
Radek wrote:
> Thanks for all your replies.
>
> > I think dhcpd.interfaces is a relic? For the longest time I've simply
> >
0/1.00 addr 1
isa0 at ichpcib0
isadma0 at isa0
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pckbc0 at isa0 port 0x60/5 irq 1 irq 12
pckbd0 at pckbc0 (kbd slot)
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
wbsio0 at isa0 port 0x2e/2: W83627HF rev 0x41
lm1 at wbsio0 port 0x290/8: W83627HF
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
uhidev0 at uhub2 port 1 configuration 1 interface 0 "American Power Conversion
Smart-UPS 2200 FW:UPS 09.3 / ID=18" rev 2.00/1.06 addr 2
uhidev0: iclass 3/0, 146 report ids
upd0 at uhidev0
vscsi0 at root
scsibus2 at vscsi0: 256 targets
softraid0 at root
scsibus3 at softraid0: 256 targets
root on wd0a (e8a3ba715d004629.a) swap on wd0b dump on wd0b
upd0 detached
uhidev0 detached
uhidev0 at uhub1 port 2 configuration 1 interface 0 "American Power Conversion
Smart-UPS 2200 FW:UPS 09.3 / ID=18" rev 2.00/1.06 addr 2
uhidev0: iclass 3/0, 146 report ids
upd0 at uhidev0
--
radek
1 - 100 of 125 matches
Mail list logo
