Re: Minimum free space on /usr for upgrade?

2025-10-03 Thread Lloyd
something). Regards Lloyd Martin Schröder wrote: > Hi, > I just had an upgrade 7.6 -> 7.7 fail due to not enough free space on /usr. > > I had to manually delete /usr/share/relink/kernel/GENERIC.MP/ to free space. > System is an apu2, so amd64. > > The system now seems to run

Re: wireguard multiple peers problem: information ignored

2025-09-27 Thread Lloyd
owedIPs field should be set to 192.168.23.2/32 and 192.168.23.3/32 respectively. You can add additional subnets if you intend to route between networks beyond the peer but I suspect this is a "road warrior" setup in which case this will do what you want. Please read the man page for wg(4) sectio

Re: Not able to configure home router/firewall to allow Forticlient connections to the vpn server

2025-09-20 Thread Lloyd
u your answer. I noticed your rules e.g.: pass out on re0 inet from 192.168.1.0 to any flags S/SA nat-to (re0) round-robin are missing a netmask on the IP. Shouldn't there be a "/24" or other on the end? Regards Lloyd

Re: Not able to configure home router/firewall to allow Forticlient connections to the vpn server

2025-09-18 Thread Lloyd
I suspect they have mislead you and the VPN is really using IPSec. The easiest way to find out is add a block log all rule at the top. Review the log with tcpdump and see what is being dropped. I assume this is a typo: > block drop in quick inet from 177.7.7..7 to any Regards Lloyd L

Re: Difficulty installing 7.7 on desktop

2025-09-16 Thread Lloyd
DNS? AFAIK the installer does not reset the clock. Regards Lloyd

Re: Difficulty installing 7.7 on desktop

2025-09-16 Thread Lloyd
ntel.com/download/20211/BIOS-Update-KGIBX10J-86A- By the way, this was nearly impossible to find, and they have since memory holed all their desktop boards. Intel's support site of that era was not well indexed by archive.org due to its crappy web design. But where there's a will, there'

Re: Remove a derogatory term for female genitalia

2025-09-15 Thread Lloyd
Evan Silberman wrote: > The 1934 copyright has lapsed. 1934? Clearly in need of an update for modern lexicon, I offer a patch: Index: web2 === RCS file: /cvs/src/share/dict/web2,v retrieving revision 1.8 diff -u -p -u -p -r1.8 web2

Re: Original client ip in httpd logs behind haproxy

2025-09-10 Thread Lloyd
t this header in your proxy as nothing stops a client from sending X-Forwarded-For headers in the request. Regards Lloyd Lars Bonnesen wrote: > Been running apache where this seems to work correctly, but on a new > openbsd install, I am evaluating a shift to httpd - but I am hitting a >

Re: Virtual hosting wih TLS on relayd

2025-09-02 Thread Lloyd
;d like to know about it. Regards Lloyd ashley wrote: > Right, thanks. Upon closer reading it seems the man page does mention > this, but I didn't notice while grepping for things like "SNI" and > "Server Name Identification", etc.

Re: pf tables stored in filesystem

2025-08-26 Thread Lloyd
$ doas pfctl -t spamd -T show | tee temporary-filen followed by editing > temporary-file, loading the result etc) Thanks guys for the thorough explanations. Regards Lloyd

pf tables stored in filesystem

2025-08-25 Thread Lloyd
If I have a pf table defined as follows: table persist file "/etc/spammers" and I add/remove IP addresses from that file, do you have to run pfctl to refresh the table in memory? Or does pf see that the file has been touched and automatically update accordingly? Regards Lloyd

Security Event Auditing?

2025-08-19 Thread Lloyd
Does OpenBSD have a security event auditing facility similar to FreeBSD's audit(4)? I couldn't find anything in the tree. I assume porting something like OpenBSM would be useless if there is no kernel facility to support it. Regards Lloyd

Re: Frequent LAN Disconnects with rge Ethernet

2025-08-18 Thread Lloyd
ays 'status: active'). I know this isn't the answer you're looking for, but a few years ago I had a Windows box with a very similar issue. Sending moderate amounts of RDP traffic would cause the NIC to drop offline momentarily. The only long-term fix was to replace it with a non-Realtek NIC. Regards Lloyd

Re: relayd: blocking empty user-agents

2025-08-09 Thread Lloyd
a more concise way to test for absence of a header other than: block request pass request header "foo" value "*" (which takes two rules) Regards Lloyd

relayd: blocking empty user-agents

2025-08-08 Thread Lloyd
d. I suspect relayd interprets the zero-length string as a NULL value when the rule is parsed and it is summarily ignored. Is there a better way to check for a zero-length string or lack of a user-agent header in the HTTP request? Regards Lloyd

Re: Mitigating TCP SYN+ACK Reflection Attacks

2025-08-07 Thread Lloyd
ise) into a dedicated > block table in PF. What seemed to work for now was blocking traffic with a src port of 0-1024 and a dest port of one of the running services, e.g. HTTP. The forged packets almost always had a source port of 22, 80, or 443. Regards Lloyd

Re: Mitigating TCP SYN+ACK Reflection Attacks

2025-08-06 Thread Lloyd
Kirill A. Korinsky wrote: > But they need must to send one packet to get one packet. > > How does amplify part works here? It exploits the three way handshake, when you don't get ACK back from your SYN-ACK to the forged SYN, you will send a TCP retransmission. So e.g. if the attacker floods yo

Mitigating TCP SYN+ACK Reflection Attacks

2025-08-06 Thread Lloyd
known state where an outgoing request has already been made? I have the following enabled in pf.conf but it hasn't helped: set optimization aggressive set syncookies adaptive (start 15%, end 8%) Regards Lloyd

Re: QNAP QDG-1602P

2025-07-29 Thread Lloyd
jslee wrote: > I like the concept but it seems rather spendy given > > * very limited RAM (is it upgradeable?) Max RAM is 64 GB across two SO-DIMM slots. > Also, > > * fans > * 1U, so the fans will be loud Not necessarily. > FWIW I upgraded my APU2s with PCIe adapter boards to host NVMe sto

QNAP QDG-1602P

2025-07-29 Thread Lloyd
Has anyone used one of these before? It is an interesting product: a 16 port PoE switch + Intel PC with HDD bays in a 1U chassis. The internal uplink to the CPU is supposedly 2x 10GbE. It comes with a built-in Linux hypervisor that would probably run OpenBSD as a VM out of the box but I would be

purpose of the www group?

2025-07-27 Thread Lloyd
What is the purpose of the 'www' group? Is it just vestigial association with the www user? Most of /var/www is owned by root:daemon 0755 by default. Assuming you want to give users write access to various folders under and including /var/www/htdocs what is the best way to do this considering t

Re: Recommended (wireless) trackball mouse

2025-07-25 Thread Lloyd
Tito Mari Francis Escaño wrote: > Hi misc,I'm exploring options for a preferably wireless trackball mouse, can > somebody please recommend a verified OpenBSD-friendly working brand and model? Some of the newer Logitech trackballs are dual-mode Bluetooth and USB dongle, with the dongle storage h

Re: OpenBSD VM not cleanly shutting down in time

2025-07-18 Thread Lloyd
Courtney wrote: > I watched for shutdown events and it seems OpenBSD is not receiving ACPI > signals. I looked at my other OpenBSD guests, they also are not > receiving these ACPI signals and are not shutting down cleanly. I will > have to investigate again to see if my Linux VMs are receiving the

Re: Apparently my fridge runs OpenBSD, but under what license?

2025-07-11 Thread Lloyd
There's only one way to know for sure. You're going to have to take apart your fridge and report back. emu...@disroot.org wrote: > Perhaps someone on the list in Germany has contacts with Bosch and could > clarify matters with them? >

Re: httpd log

2025-07-09 Thread Lloyd
latin...@resist.ca wrote: > Thank you noodle, i was cautious because of the 200 which appears when > someone access the web page. You see HTTP 200 because it's passed as a query string, it's just serving your index.html from the root. It's probing for a web application with a path traversal vulne

Re: [OFFTOPIC] Dedicated Access Point

2025-07-08 Thread Lloyd
Take a look at the activity in the OpenWRT current branch, open source support for the latest standards hasn't been great due to closed firmware, but hardware released a few years ago is finally gaining support. Martijn Rijkeboer wrote: > Hi, > > My internet connection has recently been upgrad

Re: NAS on OpenBSD?

2025-07-08 Thread Lloyd
Take a look at OmniOS for NAS use. Very underrated IMHO. ZFS, integrated NFS and SMB server. Based on Illumos code so uses Solaris conventions. Only catch is the hardware support isn't great. Piotr K. Isajew wrote: > I want to build a NAS for my home network of OpenBSD > machines. I have a 4x8T

Re: acme-client(1) - support for Let's Encrypt iPAddress SAN?

2025-07-02 Thread Lloyd
Zack Newman wrote: > There was a thread[^1] early this year on @tech talking about this. > The fact IP addresses could be issued an X.509 v3 certificate was not > explicitly mentioned, but there was talk about short-lived certs and > more generally the notion of "profiles". > > Stuart replied a

Re: OpenBSD VM not cleanly shutting down in time

2025-07-02 Thread Lloyd
Courtney wrote: > SmartOS host on the bhyve hypervisor. Yes, it will do this and pull the > plug. The guest gets quite a bit of time to poweroff. For some reason, > it seems that only my Vaultwarden guest wants to take long. I also have > a more complex synapse server and OpenBao server running wh

acme-client(1) - support for Let's Encrypt iPAddress SAN?

2025-07-02 Thread Lloyd
cted around "domains" - which a cert lacking a Common Name, Subject, and only an iPAddress SAN is at odds with. A quick scan through the man pages and source code, my initial assessment is "no" - though someone please correct me if I'm missing something. Regards Lloyd

Re: does openbsd support file history?

2025-06-26 Thread Lloyd
If you're looking for a fileserver, take a serious look at OmniOS, which is under-appreciated. Solaris ZFS, in-kernel SMB server (and NFS of course), and natively supports NT-style ACLs as opposed to the Samba UID/GID mapping kludge. Ethan Azariah wrote: > i want a network fileserver so ther

Re: syspatch: kernel relinking failure

2025-06-19 Thread Lloyd
obs...@loopw.com wrote: > not 100% conjecture, but not 100% science either: > You have <90MB on /, which is where relinking happens, on a ~30MB > kernel. Thats a bit tight. My guess is more than one > thing was moving things around in the first relink attempt, and in your > second attempt less of

Re: syspatch: kernel relinking failure

2025-06-19 Thread Lloyd
Janne Johansson wrote: > that doesn't sound 100% like out-of-space. > Disk space was my first guess, but unlikely: Filesystem SizeUsed Avail Capacity Mounted on /dev/sd0a 384M276M 89.6M76%/ /dev/sd0k 2.9G328K2.7G 1%/home /dev/sd0d 500M

Re: syspatch: kernel relinking failure

2025-06-18 Thread Lloyd
m not so sure. Regards Lloyd David Diggles wrote: > Any ideas? I'm thinking maybe the root disk is on a bad CF card. > > Get/Verify syspatch77-001_nfs.tgz 100% > || 158 KB > 00:00 > Installing patch 001_nfs > Get/Verify syspatch77-002_zic.tgz 100% > || 24992 >

Intel QAT

2025-06-15 Thread Lloyd
Hi - does OpenBSD support Intel QAT hw crypto acceleration? Similar to FreeBSD qat(4) support. I couldn't find any documentation confirming this. Regards Lloyd

Re: Ping Spikes

2025-06-08 Thread Lloyd
Crazy idea, but have you tried changing the Ethernet cable? A dodgy cable can cause L1 issues. Lloyd Kirill A. Korinsky wrote: > On Sun, 08 Jun 2025 19:33:51 +0200, > "H. Hartzer" h...@hartzer.sh wrote: > > > Jarod Watkins wrote: > > > > > Hi Jon, >

Re: Improper shutdown leads to no-boot situation

2025-05-11 Thread Lloyd
a256 -h /var/db/kernel.SHA256 /bsd Kernel has been relinked and is active on next reboot. SHA256 (/bsd) = 75600b28045794fa983d0823435c3a07c276b13dbbf11dc01dca71a2d4fe8d6d The size of this corrupt kernel was 29935875 bytes. Regards Lloyd

Re: Improper shutdown leads to no-boot situation

2025-05-10 Thread Lloyd
Nick Holland wrote: > wild guess: you have a "single partition" model, rather than the > suggested, so rather than the root file system being fairly quiet > during normal operation, you have a lot of overall filesystem > churn taking place. (I'm not a FS person...so I may be full of > ). Eh n

Improper shutdown leads to no-boot situation

2025-05-10 Thread Lloyd
I've run across this a few times, where I've improperly shut down a VM (tapped the wrong button for power off vs ACPI shutdown) and this lead to an unbootable image with the message before boot: booting hd0a:/bsd: hd0a:/bsd: Inappropriate file type or format failed(79). will try /bsd boot> To rec

Re: System Requirements

2025-05-10 Thread Lloyd
Peter N. M. Hansteen wrote: > the skinniest config I have running is an arm64 VM that is > configured with 4GB RAM IMHO this is a bit misleading. I regularly run Windows Server VMs with less than that. It depends if you're running X or not. OpenBSD is an extraordinarily lean OS. I usually config

acpi0: PM1 stuck (en 0x101 st 0x1), clearing

2025-05-09 Thread Lloyd
, +/- 30 seconds from each other. More notably, it doesn't seem to affect anything. These are Gen 1 VMs that boot in BIOS mode. Digging around, this message seems common to Hyper-V users of OpenBSD. VMware doesn't seem to be affected. Any ideas on the root cause? Regards Lloyd

OpenBSD on Apple TV Gen 1?

2025-04-24 Thread Lloyd
D or chain-load the OpenBSD EFI loader? Regards Lloyd

Re: YubiKey CLI tools not working?

2025-04-20 Thread Lloyd
number: XXX His showed the following additional error message: > WARNING: PC/SC not available. Smart card (CCID) protocols will not function. Try installing pcsc-tools from ports, then: rcctl enable pcscd && rcctl start pcscd Then retry the yubikey tools Regards Lloyd

Re: Left with an unusable motherboard after running fw_update and then installing intel-drm

2025-04-05 Thread Lloyd
Quincy Lawd wrote: > I've never had any issue like this before. I even unplugged everything > and put them back in, and still it's not POSTing FWIW I have, but under Linux, so it's not unheard of. The Ubuntu installer (if we are naming and shaming) ran a friendly 'firmware update' at its conclusi

Re: Comment on /etc/myname vs /etc/hostname

2025-03-28 Thread Lloyd
Ingo Schwarze wrote: > > Continuing the timeline backwards: > > July 19, 1993 FreeBSD: Rodney W. Grimes adds myname(5) and mygate(5) support > commit message: > "From NetBSD, copied verbatium. May need some work yet." > https://github.com/freebsd/freebsd-src/commit/0a71fe69 > This tells us that

Re: CVS Web crippled

2025-03-15 Thread Lloyd
Stuart Henderson wrote: > However nginx would allow blocking user agents by regex (and also would > avoid another problem that these sites run into from time..) I observe a lot of malicious bot traffic that masquerades as Chrome so this technique is only effective against the lowest hanging fruit

Re: Connecting to a WireGuard VPN using hostname.if(5)

2025-02-07 Thread Lloyd
Odd Martin Baanrud wrote: > I can of corse use wg-quick, but I don’t see how to run it via rc(8). > > Regards, Martin. You can install wireguard-tools from ports as you mentioned. Then use !command syntax in your hostname.if to shell out to wg-quick. E.g. your /etc/hostname.wg0 contents could be

relayd(8) binds to nonexistent adapters?

2025-02-02 Thread Lloyd
error thrown if a service cannot bind to an IP, maybe I am missing something here? Regards Lloyd

Re: MacBook Pro Unibody Trackpad Issue

2025-01-30 Thread Lloyd
Ulf Brosziewski wrote: > If the trackpad is handled by the ubcmtp(4) driver but isn't recognized > as clickpad, configure a bottom area (see wsmouse(4), wsconsctl(8), and > wsconsctl.conf(5)): > > # wsconsctl mouse.tp.edges=0,5,10,5 > Many thanks. A variation of this solved the issue. For some

MacBook Pro Unibody Trackpad Issue

2025-01-28 Thread Lloyd
imagine this got annoying pretty quickly. Is there some obscure X11 setting I can configure to fix this? I've been unable to find anything. Thanks Lloyd

Re: Firewall: Airplay/MDNS Not Working on IOS/Other Devices

2025-01-24 Thread Lloyd
louise9...@gmail.com wrote: > Hi I have a firewall that I’m trying to get working with mdns across > different vlans. Chrome on the main network(ix0:network) doesn’t even pick up > the chromecast and I have tried to allow MDNS as well as setting up openmdns > but it still doesn’t work. On the I

Re: Failed to find ENV in /root/.profile.

2025-01-02 Thread Lloyd
Sebastien Marie wrote: > > With some simplification, it is running: > /bin/sh -c '. /root/.profile; echo ENV=$ENV; echo PATH=$PATH' > > and check the output. In your case, it is complaining that "echo ENV=" > doesn't produce the expected line with 'ENV' string. > Further investigation uncovere

Failed to find ENV in /root/.profile.

2025-01-01 Thread Lloyd
ncern by not having a ENV script defined in .profile? The default .profile does not define ENV. Or have I misused/abused .profile for eternity and not known it? Regards Lloyd

Re: wg(4) inhibits reboot

2025-01-01 Thread Lloyd
Steve Williams wrote: > What is your configuration that you have a wg process running? Your /etc/hostname.wg0 file should contain a line such as the following at the end: !/usr/local/bin/wg setconf wg0 /etc/wireguard/wg0.conf The ! specifies a shell command - see hostname.if(5) You will nee

wg(4) inhibits reboot

2025-01-01 Thread Lloyd
few attempts at running reboot and shutdown showed multiples of those processes (and rc) hanging in the process list. Can't remember what exactly I did that finally broke the hang and allowed the reboot to proceed, but it involved tickling the wg0 interface. I don't have enough concrete data for a bug report but seeing if anyone has any ideas. Regards Lloyd

Re: Wireguard interface "debug" - where to see?

2025-01-01 Thread Lloyd
g under Linux is equally if not more painful, having to enable dynamic debugging on the kernel module but I'm not familiar with it. Regards Lloyd

Re: Packet loss whilst using ssh

2024-12-15 Thread Lloyd
festering elsewhere in my network. Thank you for the inputs. Regards Lloyd

Re: Packet loss whilst using ssh

2024-12-15 Thread Lloyd
rather than making a change to their default sshd_config. While I'm sure this was well-intentioned, creating a situation where sshd_config != sshd_config on every system seems a bit insane to me, and makes debugging many times more difficult. Regards Lloyd

Re: Packet loss whilst using ssh

2024-12-15 Thread Lloyd
x27;s congestion related. Regards Lloyd

Re: Packet loss whilst using ssh

2024-12-15 Thread Lloyd
g iperf3 at nearly full rate over the wireless network (~ 250Mbps) with zero packet loss. Only SSH seems to be impacted. Regards Lloyd

Packet loss whilst using ssh

2024-12-14 Thread Lloyd
e I should look next? Regards Lloyd

cvs, cvsup and xenocara advice

2008-11-13 Thread Ansen Lloyd
Let me first say that I looked over all the man pages, the official faqs and I searched over the archived mailing lists before sending out these questions ... and I'm still a little confused. So: 1. What are the main differences between cvs and cvsup when updating sources to stable? 2. I'm just t

Are Intel PWLA8391GT PRO/1000 GT desktop NICs supported on i386?

2007-06-27 Thread Lloyd Martin
nt ones to work. Regards, Lloyd

Re: 4.1 PXEboot fails to load via etherboot

2007-05-21 Thread John Lloyd
Solved it. Etherboot cannot process files an integer multiple of 1432 bytes. pxeboot V4.1 is 36 * 1432 = 51552 bytes long. Added two bytes to V4.1 pxeboot and it (Etherboot) works fine. --John _ Windows Live Hotmail, with safe

4.1 PXEboot fails to load via etherboot

2007-05-20 Thread John Lloyd
I'm trying to run an Nvidia Nforce2-based board diskless. It's a Shuttle MN31 with Athlon XP. Following instructions in http://www.openbsdsupport.org for OpenBSD Diskless setup, I setup a DHCP server, TFTP server, etc. I get pxeboot downloaded via tftp but it seems Etherboot says "unable to