Re: Relayd TLS client mode CA verification

On Fri, March 25, 2016 10:59 am, trondd wrote: > On Fri, March 25, 2016 7:15 am, Lampshade wrote: >> >> #tls ca file "/etc/ssl/cert.pem" >> >> ca_engine_init: using RSA privsep engine >> relay_launch: running relay connect_to_mail_wp >&g

Re: Relayd TLS client mode CA verification

On Sat, March 26, 2016 6:45 am, Lampshade wrote: > I have reported problem to bugs mailing list. > Thanks for checking that and response. > Found the problem. The cert.pem file is too big. If you put the necessary ca certificate into a file by itself, and reference that with 'ca file' in the con

Re: about relayd.conf and certs

On Mon, April 11, 2016 7:55 pm, igor.kos wrote: > I am confused using relayd & certificates & pf > > First of all, I want to do ssl-accel, so do I need to do "divert" in > pf.conf, > as: > > pass in quick inet proto tcp from lan:network to any port https divert-to > localhost port 8443 > You don't

Re: syslog-ng+ELK

On Sat, May 7, 2016 12:29 am, Predrag Punosevac wrote: > Michael Shirk wrote: > >> On May 23, 2015 10:42, "Predrag Punosevac" >> wrote: >> > >> > 5. Finally I am open for simpler ideas. Any opinions on >> sysutils/logfmon >> > Is it possible to visualize on the web output from logfmon? >> > >> > B

Re: TLS now supported on openbsd.org?

On Mon, May 9, 2016 12:57 pm, arrowscr...@mail.com wrote: > > - I don't know in modern browsers, but Links 2.12 say that the > certificate is not valid. It's just old browsers, or firefox also > have this same problem? Make sure you go to www.openbsd.org as it seems the cert is not valid for openb

Re: Suggestion: new webpage for openbsd.org

On Tue, May 17, 2016 3:11 am, Joakim FrostegÃ¥rd wrote: > Hi, > > Iâ**ve made a responsive new webpage replacement for the > in my opinion somewhat aged openbsd.org . > > Iâ**ve tried to keep the page without bells and whistles, that is: > * Just static HTML and CSS > * No fram

Re: pf sanity check

On Wed, May 25, 2016 9:01 am, Jeff Ross wrote: > Hi all, > > I am incrementally bringing my server up to date. I was on 5.5-current so > following the instructions I upgraded to 5.6 stable. > > I re-wrote my pf.conf to remove the oldqueue rules and to simplify the > rule set. > > Checks okay for

Re: syslogd on 6.0-beta

On Wed, May 25, 2016 6:39 pm, Jeff Ross wrote: > Hello again, > > syslogd doesn't actually work for me on 6.0-beta either. > > OpenBSD 6.0-beta (GENERIC.MP) #1768: Wed May 18 12:01:43 MDT 2016 > dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC.MP I had been running a May 16th snaps

Re: moving postgresql files to seperate mount

On Wed, June 1, 2016 3:45 am, Markus Rosjat wrote: > Hi there, > > just need some kind of acknowledgement for my workflow :) > > a naive approach would be: > > - extend the virtual disk > - create a partition /var/postgresql (thats the folder under var right > now) > - move the files to the n

Re: Long life on SSD in a firewall environment

On Sun, June 19, 2016 5:56 am, Sjöholm Per-Olov wrote: > Hi > > Does anyone know if there exist any list of recommendations about how to > make > an SSD disk to live as long as possible when using it for firewall purpose > on > OpenBSD? Since a firewall doesn't need much disk space and it's easie

Re: Long life on SSD in a firewall environment

On Tue, June 21, 2016 11:24 am, trondd wrote: > On Sun, June 19, 2016 5:56 am, Sjöholm Per-Olov wrote: >> Hi >> >> Does anyone know if there exist any list of recommendations about how to >> make >> an SSD disk to live as long as possible when using it for fir

Re: 5.9: tar core dumps extracting a tar created on 4.8

On Wed, June 22, 2016 3:14 pm, Listas IT wrote: > Hello > > When I try to extract a tar created by 4.8 base tar on a fresh installed > 5.9 it dies with core dump and this message on syslog: > > Jun 22 16:08:52 un1 /bsd: tar(9316): syscall 14 "dpath" > Jun 22 16:09:11 un1 /bsd: tar(19504): syscall 1

Re: Clean OpenBSD's httpd logs

On Thu, June 30, 2016 8:50 am, C. L. Martinez wrote: > Hi all, > > Sorry if this question sounds stupid, but how can I avoid this type of > entry in OpenBSD's httpd access.log: > > 172.22.55.1:44710 -> 172.22.55.10, /favicon.ico (404 Not Found), [/] > [/favicon.ico] > > ?? > Put a favicon.ico th

Re: image view and manipulation

On Sun, July 3, 2016 8:34 pm, jsg wrote: >Hi folks > Can some of you recommend what packages or package >you use to manipulate, view, resive .png or .img (other) imaeges >for website content. > > >thanks in advance > I just went looking for a simple image editor myself. I fou

Re: Install VMWare tools on Openbsd 5.9

On Thu, July 14, 2016 7:00 am, Mik J wrote: > Hello, > Does anyone know how to install the VMWare tools on Openbsd 5.9 ?I > understood that I will not install some vmware program and rather use the > vmt driver which is enabled by default in GENERIC.I can see it's loaded at > bootup dmesg | grep vm

Re: Weird errors during install.site

On Thu, July 28, 2016 4:40 am, James Pole wrote: > Hello, > > My thinking at this stage is either to: > (1) Move the pkg_add(1) command to /etc/rc.firsttime. This which would > also > mean moving a whole lot of other scripted commands that depends on these > packages to /erc/rc.firsttime as well so

Re: resolv.conf with dhcp when upgrading with bsd.rd

On Wed, August 3, 2016 5:07 pm, Solène Rapenne wrote: > Le 2016-08-03 22:11, Ossi Herrala a écritÂ
: >> On Mon, Aug 01, 2016 at 02:14:27PM +0200, Solène RAPENNE wrote: >> >>> When upgrading with bsd.rd, dhclient will use this dhclient.conf with >>> unbound stopped, the system won't resolve names

Re: Upgrading from 5.8 to 5.9: Can't install patches

On Thu, August 18, 2016 7:34 pm, Jay Hart wrote: > > Next I downloaded all 25 patches but patch 002 failed to install and I > think its because I need to > download and untar src.tar.gz and sys.tar.gz. My thinking is the source > tree I installed under > 5.8, is still 5.8, not 5.9. Correct. The

Re: DPB can't do it's job in 6.0

On Mon, August 22, 2016 11:17 am, Noth wrote: > Once that's all sorted out building works as root with dpb subdir/port. > However I can't seem to make it use my list of ports to build, it just > complains about a bad pkgpath. Where do you have the file containing the list? Even on 5.9 you can't h

Re: DPB can't do it's job in 6.0

On Thu, August 25, 2016 6:47 pm, Noth wrote: > > I apologize for wasting your time but surely it should be indicated > somewhere that some directories now need owning by _pfetch or _pbuild, > or better they should have proper ownership when dpb is run as root (a > check made on startup maybe?). I s

Re: How to follow -stable and verify it with signify?

There are SSH fingerprints published for each of the CVS servers. Alternatively, you use the patch files which are signed. There aren't so many of them that's it hard to catch up. Tim. On Tue, Sep 30, 2014 at 10:37 AM, Alan McKay wrote: > On Tue, Sep 30, 2014 at 10:27 AM, Stefan Olsson > wro

Re: How to follow -stable and verify it with signify?

On Tue, Sep 30, 2014 at 11:30 AM, Giancarlo Razzolini wrote: > On 30-09-2014 11:56, trondd wrote: > >> There are SSH fingerprints published for each of the CVS servers. >> > They are published on a clear http page and there is no SSHFP on the dns. > You need to acce

Re: How to follow -stable and verify it with signify?

On Tue, Sep 30, 2014 at 11:57 AM, Giancarlo Razzolini wrote: > >> Is it good enough to grab the signed source tarball, then checkout from >> CVS over it and make sure nothing changed in the process? >> > No, this won't cut it. Unless you check every line changed, and understand > completely what

Re: No SSH fingerprints for Alberta Anon CVS Server?

At the bottom of the list: Note: If your server is listed on here with inaccurate or unknown information, please contact b...@openbsd.org There is also a maintainer contact email for each mirror. Coincidentally, the one for Alberta is b...@ualberta.ca Funny, if it is the same beck, seems like th

Re: xombrero crashes with 'Bus error'

Are you rebuilding xombrero from the ports tree or reinstalling an existing built package? Is your ports tree from the same snapshot as your installed system? Tim.

Re: xombrero crashes with 'Bus error'

I can't tell if you're actually rebuilding and reinstalling your ports. What does 'pkg_info | grep gtk' show? Either the src and ports trees are out of sync or your installed ports are.

Re: Changing MTU size

I'm pretty sure that any parameter you can pass to ifconfig on the command line, you can also put into the interface's /etc/hostname.* file. It will then be set at every boot or anytime the interface is restarted with netstart. Tim.

Re: Changing MTU size

The man page for dhclient.conf shows the ability to ignore options sent by the dhcp server. If hostname.* doesn't do it, that might be necessary. Tim. On Fri, Oct 3, 2014 at 4:10 AM, Daniel Ouellet wrote: > On 10/2/14 11:39 PM, Daniel Ouellet wrote: > > May be a bit more for you as well under

Re: openbsdstore: enable javascript and buy something or gtfo

He didn't say it changed his decision to order. It is a rather terse and unhelpful message, though. It could at least mention the option of ordering via email. Tim.

Re: smtpd smarthost ISP config

What is the failing result? Does the email bounce? Error in the log? Does your smtp server require authentication and you need to provide a password with the secrets.db?

Re: Live resize / filesystem?

Hmm...not as easy as a cloud template, but could you dump the installed partition, use bsd.rd or the like to create the partition the desired size then restore the dump to it?

Re: Mount RAID 1, CRYPTO softraid at boot

I added it /etc/rc (at my own peril). In 5.6, they added they net option to mount so in fstab I label the encrypted file systems as net, then call bioctl before the net partitions are mounted and fsck'ed. I also called it 3 times: bioctl || bioctl || bioctl to give me 3 shots at the password. ;)

Re: 5.6 arrived

As a release engineer, the numbering convention of the snapshots does seem confusing to me at first. But if it works for the project, that's what's important. And as Theo brought up, numbering them 57 snapshots doesn't fix anything. It just changes the confusion. Instead of you asking if the 56

Re: pf rdr-to and access from internal network

Are you telnetting to the external IP of the server from the internal client? Have you enabled logging in pf? Are the packets blocked or are they passed by a different rule that doesn't give the expected results? Tim.

Re: Logging Password change attempts

> The second problem I have is that when I change password, out of habit, I > do a passwd instead of mypasswd. Why not call the script passwd and put it in the path ahead of the real one? What is the goal? Are there users on the system trying to brute force change a password? Or are you just t

Re: Logging Password change attempts

Also check passwd(5), master.passwd holds expiration and last change information (I don't have in enabled anywhere, so I am not sure what it looks like) that maybe you could generate a report from if you are enforcing password expiry that way. Tim.

Re: Logging Password change attempts

Only other thing I could think of is monitoring the right file access or system calls or the like and logging that. But the script is probably the simplest and if anyone circumvents the script by calling passwd directly, it only means their password is newer than expected, which isn't as much of a

Re: OpenBSD 5.6/amd64 WLE200NX (Atheros AR9280) athn issues

Same here. About 3 timeouts a day and I get close to 10% errors on the input on 2 different athn devices. On Nov 2, 2014 7:49 PM, "Zé Loff" wrote: > On Mon, Nov 03, 2014 at 01:13:40AM +0100, Stefan Krüger wrote: > > Hi, > > > > I have a PC Engines APU board with a Compex WLE200NX miniPCI-e wifi c

Re: Questions on pf limit table-entries PFR_KENTRY_HIWAT_SMALL

On Sat, January 1, 2022 8:02 pm, Paul Pace wrote: > Hello! > > I'm trying to understand the limits in PF, and I can't seem to figure > this out: > > In pf.conf(5) I see two limits called table-entries, and one of them is > > table-entries PFR_KENTRY_HIWAT_SMALL 10 > > Some searching an

<    1   2   3