Hi!
I thought I could copy the same static server definition block and only
change a unique macro definition at the top of each server. But this is
not working:
##
# from httpd.conf
##
# [...]
# macro definition
certroot="/etc/ssl/httpd"
do
I definitely agree to qmail
It was a learning curve for me in the late 90's to get it going on Redhat,
after that Mandrake and Slackware with finally settling down on FreeBSD and
OpenBSD
Sadly, there are some concerns about the aging code with various patches
available to compensate, but I have
Sadly you are not in the EU or that would cost google 500K
-Original Message-
From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of
Michael Ayres
Sent: 19 September 2018 14:48
To: Chris Bennett
Cc: misc@openbsd.org
Subject: Re: Google abruptly accessed photos on memor
Hi!
I'm working on a project with a large number of highly customized
OpenBSD6.3 based appliances.
On each of these machines VMWare reports VMWare tools to be "installed
and ready". However, when I try to actually do something like shutdown,
reboot or sleep, there simply is no reaction. The machi
> Le 25 septembre 2018 18:22:57 GMT+02:00, Torsten a écrit :
>> Hi!
>>
>> I'm working on a project with a large number of highly customized
>> OpenBSD6.3 based appliances.
>>
>> On each of these machines VMWare reports VMWare tools to be "installed
>
Hi
You need a smtpd server which is native to BSD and supports auth backends
Have a look here
https://www.fehcom.de/sqmail/sqmail.html
I use it with dovecot with mysql auth backend, sqlmail basically calls a
dovadmin socket to authenticate, so no need for mysql as long as you can
login to dovecot
HI
As far as I can tell, WiFi is nominal speed, not designated speed
Another dominating factors for that would be USB connection type, hardware bus
connections, motherboard design, direct processor lanes to where
Wifi is what it is, never as good as hard wired 100mb/1000mb or even 10gb
connectio
Sorry
Still connected to USB, I looked it up before replying
It looks more like a hardware design issue of the device it is connected to
plus many other issues related to the “Dongle” itself.
T
From: Joel Carnat
Sent: 28 September 2020 00:21
To: Torsten
Cc: misc@openbsd.org
Hi!
man httpd.conf says:
[tls option]
"Set the TLS configuration for the server."
I assumed that "the server" would mean that every (virtual) server can
have its own tls options (and certificates). Otherwise it would have
said "Set the TLS configuration for httpd and all virtual servers."
Is tha
Hi
I'm, running OpenBSD 5.8, npppd, mpath and have tried the same on 5.7 and 5.3.
npppd is works fine and clients can connect using windows pptp client.
The Client has the pptp connection set as default gateway and can access the
internet through the vpn gateway
but cannot access the LAN network.
.
I know I'm missing something in my config but can't find it.
Thanks
torsten
-Original Message-----
From: torsten [mailto:tors...@cnc-london.net]
Sent: 16 December 2015 23:21
To: 'misc@openbsd.org'
Subject: npppd pppx0 VPN Client can access wan but cannot access lan
Hi
On Sat, 19 Dec 2015 01:11:40 -
"torsten" wrote:
> I'm, running OpenBSD 5.8, npppd, mpath and have tried the same on 5.7 and
5.3.
> npppd is works fine and clients can connect using windows pptp client.
> The Client has the pptp connection set as default gateway and ca
> I'm, running OpenBSD 5.8, npppd, mpath and have tried the same on 5.7 and
5.3.
> npppd is works fine and clients can connect using windows pptp client.
> The Client has the pptp connection set as default gateway and can
> access the internet through the vpn gateway but cannot access the LAN
netw
A quick question, how do these boards with Intel atom CPU's cope with gigabit
traffic and sslVPN. I love the look of them.
I use the Supermicro Intel i3/E3 midi boards with add-on NIC's at the moment
>oh thank u very much, I think it's exactly what I am looking for.
2015-12-22 20:05 GMT+00:00 J
work and sometimes with
the kids who a hooked on CBBC
and I've setup dynDNS and PPTP/sslVPN. It's easy to use from ipads and
windoze /other mac clients.
I found PPTP give the leased problems and CPU overheads on both ends while
ignoring the flaws in encryption.
Regards
Torsten
> -Original Message-
> From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf
> Of OpenBSD
> Sent: 08 November 2017 15:44
> To: misc@openbsd.org
> Subject: Suppessing logging of arp movement messages
>
> hello all,
>
> I have finally build an internet gateway with OpenBSD
NO,
Just download ipmiview from SM and use the build in viewer and all is OK
The power can still be managed with the web site.
IPMI vire requires java.exe on your PC but rund independently of any browser
T
-Original Message-
From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] O
I wonder how it is in reality for most *BSD users due to
1. hide processes run by other users
2. disable reading kernel messaging buffers...
3. disable kernel messaging debugging by unprivileged users
And some other tweeks
What surprises me is the "panic" publication of this because of already k
sd.org] On Behalf
> Of torsten
> Sent: 05 January 2018 00:59
> To: 'Rupert Gallagher'; 'Daniel Wilkins'; 'Allan Streib'
> Cc: 'Alceu R. de Freitas Jr.'; misc@openbsd.org
> Subject: Re: Kernel memory leaking on Intel CPUs?
>
> I wonder
Hi!
On my OpenBSD 6.2 syslogd is listening to port 514, even though it is
not started with "-r" (to receive remote syslog messages). It does not
actually seem to log anything if I send something to port 514 UDP,
however, I want the machine to be invisible when someone is probing for
open ports. I
>> On my OpenBSD 6.2 syslogd is listening to port 514
>> [...]
>> prevent syslogd from opening that port in the first place?
> If [...] no logging rules exist to send to a remote
> host the socket is closed per default since 6.2. Perhaps you are logging
> to a remote host?
Thank you for you answe
> it is your test methodology that is broken
Well, I said "I want the machine to be invisible", so I don't think
there is anything wrong with me testing which ports are open and
checking what I can do (besides pf) to close them.
Anyway, thanks for your help!
Cheers!
Hi!
In short:
I am trying to use installboot to make a new harddrive bootable that
should contain a custom OpenBSD installation, however, when trying to
boot from that new hd I always get "No O/S".
Detailed:
I successfully set up a standard OpenBSD6.3 (machine A) on sd0 using
install.iso. Using
I spent another three hours on this and now I've come to a point where
at least my kernel boots.
> Hi!
>
> In short:
> I am trying to use installboot to make a new harddrive bootable that
> should contain a custom OpenBSD installation, however, when trying to
> boot from that new hd I always ge
Hi Radek
I had a lot of problems such as overheating, and much shorter lifespan of
batteries with cheaper brands.
I'm not a fan of branded overprices but I need my server to run 24/7
We had some cyberpower for workstations and 2 started leaking battery acid
after 8 months
R
-Original Messa
Hi Steve
Try to add below to your pf.conf
table persist
pass in on $ext_if inet proto tcp from any to $ext_if port 1194 \
(max-src-conn 10, max-src-conn-rate 30/5, \
overload flush global)
T
-Original Message-
From: owner-m...@openbsd.org [mailto:owner-m...@openbs
Hi!
Problem description:
In a customers network more than 2k clients connect to a server and
perform https requests. When in the morning more and more clients become
active, the number of connections rises until more and more clients fail
to connect to the server. The reason appears to be packet l
> Check with pfctl -si if you reach a limit
Thanks, will do.
Marc Peters also suggested to check pf state limit, upon digging into
that I found
https://serverascode.com/2011/09/12/openbsd-pf-set-limit-states.html
and therefore added
set limit states 20
to pf.conf.
HI
A much simpler option Is D.J. Bernstein's tcpserver in combination with
daemontools
I use it for all sorts of things including IP black listing into pf's tables
The packages are in the ports system
T
-Original Message-
From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On
Hi!
I am trying to use fastcgi in OpenBSD 5.7 httpd but keep getting "500
Internal Server Error".
httpd.conf:
##
ext_addr="*"
server "www.domain.com" {
listen on $ext_addr tls port 443
tls dhe "auto"
connection { max requ
Paul,
thank you so much for taking the time to write such detailed answer.
> script needs to be able to create a file in its
> /run directory
Thanks to your hints I might have been able to narrow it down a bit, but
I'm still not there.
The "fastcgi" directive from httpd.conf defaults to /run/s
Paul,
thanks a lot again!
I got something working but I don't have the time today to do further
tests. Just wanted you to know that thanks to your help (and the help of
another friend of mine who brought me OpenBSD 13 years ago) I think I
know what my mistake was and what needed to be done.
I'll
Hi!
Will httpd in OpenBSD 5.8 support client certificates for
authentication? It was announced (see
http://www.openbsd.org/papers/httpd-slides-asiabsdcon2015.pdf) but I
http://www.openbsd.org/58.html does not mention it.
T.
Hi!
OpenBSD 5.7, httpd, slowcgi
upload.pl CGI:
# [...]
$CGI::POST_MAX = 1024 * 1024 * 20; #20MB
# [...]
But when I try to upload a file I get "413 Payload Too Large" if the
file is larger than 1MB.
Help will be appreciated!
T.
> Check the httpd.conf(5) man page for "max request body", which defaults to 1M.
Thx, got it.
> | Will httpd in OpenBSD 5.8 support client certificates
> At least not until LibreSSL's libtls supports it. See
> https://github.com/reyk/httpd/issues/23
Thanks for the hint! For my purpose Client Cert authentication is
mandatory and therefore I'm desperate. But now I have hope!
Reyk wrote: "O
Hi Atanas,
It looks like a link speed negotiation error.
can you set the link speed to 100MB/s and see what happens. I don't think it
is a driver or server hard ware issue but more and switch issue.
Have you tried another switch or hub
I use the same board in Servers and Gateways with FreeBSD and O
> -Original Message-
> From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of
> Atanas Vladimirov
> Sent: 04 March 2016 19:33
> To: misc@openbsd.org
> Subject: Re: Supermicro AOC-SG-I2 (two ports Intel 82575EB) hwfeatures
>
> On 04.03.2016 19:5
> -Original Message-
> From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of
Josh
> Grosse
> Sent: 12 March 2016 13:22
> To: misc@openbsd.org
> Subject: Re: Small FW boxes for CORP use (was: T40E APU?)
>
> On Sat, Mar 12, 2016 at 10:34:16AM +, Kapfhammer, Stefan wro
HI
I guess I put it clear, now comments are coming though which are excessive or
simply not necessary
A Yea or Nay will do, sometimes silence is a virtue
T
> -Original Message-
> From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf
> Of ludovic coues
> Sent: 04 June 2016
sole
reason of existence, of what we are doing.
Regards
Torsten
> -Original Message-
> From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf
> Of Gareth Nelson
> Sent: 04 June 2016 22:27
> To: OpenBSD general usage list
> Subject: META: Does this list have
I am setting up an embedded system that's supposed to run from RAMDISK
only. Therefore I create a ramdisk, copy everything into it and then
chroot. I encounter problems when accessing pcap-libs (or devices in
/dev generally) as soon as I actually chroot:
# ls -l /dev/bpf0
crw--- 1 root w
# tcpdump
tcpdump: Failed to open bpf device for fxp0: Device not configured
Is /tmp mounted "nodev"?
OK, thank you, that got me onto the right track, now I think I know what
the problem is: mount_mfs.
This is how I set up the ramdisk:
/sbin/mount_mfs -s 9 swap /mnt
Is there a way to
I'm setting up an embedded system from scratch with OpenBSD. The system
is VERY much stripped down to the absolute necessary files only.
I have troubles using cron:
in /etc/crontab I have:
---
SHELL=/bin/sh
PATH=/bin:/sbin:/usr/bin:/usr/sbin
HOME=/tmp/log
*/1 * *
I am setting up an embedded system that's supposed to run from RAMDISK
only.
You really should not do this. The RAMDISK kernel uses the
SMALL_KERNEL option, and this can have all sorts of unknown effects.
I appreciate you comment, but it seems I'm missing something or there's
a misunderstand
OK, thank you, that got me onto the right track, now I think I know what
the problem is: mount_mfs.
/sbin/mount_mfs -s 9 swap /mnt
Is there a way to have devices under that mountpoint?
Of course, just mknod(8) them (each time after creating the mfs),
Thanks everybody for your help. For wha
The system
is VERY much stripped down to the absolute necessary files only.
Then it's no longer OpenBSD
It can be discussed if an OS where I delete certain files cannot be
called by its original name anymore.
Anyway, I found that cron needs /etc/login.conf though that file is not
mentioned
Are you serious? You break things by removing an essential, documented
file and then complain?
It's obvious that I must be dumb. I wasn't smart enough to find out that
running a program by schedule (which cron does) _must_ have something to
do with the _login_ process, which login.conf is obv
If you start breaking stuff by removing files without the knowledge
how things work, you should expect harsh treatment from this list.
What's next, sombody complaining he cannot login because he removed
the passwd file?
Without any irony: I'm sorry if I didn't make things clear enough! The
pro
Yes, it is *totally* obvious if you actually know what you're doing.
Well, I didn't say I know exactly what I'm doing. If everybody always
knew exactly what they're doing, this ML would be obsolete, wouldn't it?
Thanks a lot for your explanations (no irony! I've learned from it!)!!!
That hel
> welcome to the "ignore" list of many developers. You aren't even
> following directions on how to hurt yourself properly without wasting
> people's time.
I always found that people waste my time when they write explanations
and tons of bla bla that does not have to do with the issue itself,
ins
> So why don't you show us the dmesg
> of the most recent kernel that worked for you?
Because I don't see what that has to do with the issue. I'm not looking
for that one line that's missing in my current config files. I'm not
hoping for someone to tell me that I should include line #5 and then it
> dmesg is the lazy way to get this info, the same info is written to
> /var/log/messages during boot. Are you saying your system is so
> stripped down you don't even log anything?
Yep. And because the only persistent memory is Flash (32MB, which
quickly dies if you permanently write to it), the
> Would you be able to use TFTP to try booting test kernels off a
> remote machine?
Nope. I try every attempt with a hardware flash drive which I generate
for that test machine. But I've got to get the kernel basically running
on my test VM, then another not that damn small hardware. Once this is
Hi!
I have a couple of machines that run as VM and are lacking good entropy
data. I was wondering if there is a way of feeding the local random
number pool of a VM with entropy that was generated on a hardware random
number generator on a physical machine.
I thought the hardware random number gen
Im running some throughput testing using OpenBSD as the router OS. Running
the GENERIC.MP kernel im not seeing any system load despite the NIC's generating
about 40 000 interrupts in vmstat.
Running the same test on a GENERIC kernel results in 80% system utilization.
Checking with sysctl confir
I have a few machines with the same behavior. The boxes run fine
unless you tax them with
things like unpacking ports, du on a large tree or dd'ng some
/dev/zero to disk. The 1950 can route 400mbit
ethernet with no problems for weeks if you don't mess with the disks,
so i guess the hardware is
reas
I guess the previous message got garbled somehow.
Dell 1950 with a PERC5 raid1 SATA 160gb mirror. 4.2-RELEASE
A 300mb dd write makes an unkillable process. Outputs a few "sd0: not
queued, error 5" lines.
Recently flashed the card to the latest firmware. Behaves somewhat better.
Happens with
On Fri, Jul 11, 2008 at 11:47 PM, Martmn Coco
<[EMAIL PROTECTED]> wrote:
> Hi misc,
>
> I'm currently looking for hardware alternatives for firewalls that should
> have more than four NICs.
>
> Currently we are buying R200s from Dell, but we have the 4 NIC limitation.
> We could tell Dell to instal
;
> Have you tried the quad nics on those Dells? We do have a couple of R200s,
> 860s and 850s running with 2 dual port cards no problem, but we have never
> tried the quad ports.
>
> Torsten Frost escribis:
>>
>> On Fri, Jul 11, 2008 at 11:47 PM, Martmn Coco
>&g
hi, I've setup a roadwarrior ipsec/l2tp (undeadly guide) that worked fine
until I made some new rules in ipsec.conf in order to get a vpn-connection to
a FreeBSD machine to work.
My ipsec.conf looks like this. When connecting from a roadwarrior ip I still
goes to the crypto that it supposed to be f
Mark Smith schrieb:
> On Thu, Apr 15, 2010 at 5:10 PM, Bill Dunshie wrote:
>
>> A huge Thanks to Jacek Artymiak for the PDF's of "Building Firewalls with
>> OpenBSD and PF, 3rd ed." and "The OpenBSD Command-LineCompanion". The wait
>> was worth it !!!
>>
>>
> Link or didn't happen.
>
@mark: sor
been
operated by those "reply-to" rules.
Since I consider PF a brilliant concept I would really appretiate any
hint that would help. Thanks to all OpenBSD developers for their great
work and thanks for any advice.
Best regards
Torsten
--
------
out how
to dispatch replies to incoming requests over different connections.
The FAQ on multipath has helped me very well to set up multiple default routes
- this works very well.
Best regards
Torsten
> > Dear List,
> >
> > Here I show my network topology. Maybe it seems quite t
over exactly that interface the request came in? The problem is that the
client anywhere on the internet expects the answer from the very address it
had contacted. If now the reply comes from another address, it will get lost.
Best regards
Torsten
> On Tue, Jan 10, 2012 at 10:46 AM, Dr.-I
est regards
Torsten
> On Tue, Jan 10, 2012 at 1:41 PM, Dr.-Ing. Torsten Finke
> wrote:
> > Hello Jorge,
> >
> >> I read again your mail and now i'm lost !
> >>
> >> You Wrote:
> >>
> >> "How can I force my Extl. FW to reply on
Dear Ken,
On Thu, Jan 12, 2012 at 01:05:10PM -0500, Kenneth Gober wrote:
> On Tue, Jan 10, 2012 at 1:41 PM, Dr.-Ing. Torsten Finke <
> torsten.fi...@igh-essen.com> wrote:
>
> > On my firewall I have TWO different internet connections. It is simple to
> > forward -
ual connection state (if one of the connections is
broken, pfctl complains about an unreacheable peer of course).
Has anyone tried somthing like this using pf anchors?
Thank you for advice and thanks to the openbsd Team for their great work!
Torsten
--
68 matches
Mail list logo