something).
Regards
Lloyd
Martin Schröder wrote:
> Hi,
> I just had an upgrade 7.6 -> 7.7 fail due to not enough free space on /usr.
>
> I had to manually delete /usr/share/relink/kernel/GENERIC.MP/ to free space.
> System is an apu2, so amd64.
>
> The system now seems to run
owedIPs field should be set to 192.168.23.2/32 and
192.168.23.3/32 respectively. You can add additional subnets if you
intend to route between networks beyond the peer but I suspect this
is a "road warrior" setup in which case this will do what you want.
Please read the man page for wg(4) sectio
u your answer.
I noticed your rules e.g.:
pass out on re0 inet from 192.168.1.0 to any flags S/SA nat-to (re0) round-robin
are missing a netmask on the IP. Shouldn't there be a "/24" or other on the end?
Regards
Lloyd
I suspect they have mislead you and the VPN is really using IPSec.
The easiest way to find out is add a block log all rule at the top.
Review the log with tcpdump and see what is being dropped.
I assume this is a typo:
> block drop in quick inet from 177.7.7..7 to any
Regards
Lloyd
L
DNS? AFAIK the installer does not reset the
clock.
Regards
Lloyd
ntel.com/download/20211/BIOS-Update-KGIBX10J-86A-
By the way, this was nearly impossible to find, and they have
since memory holed all their desktop boards. Intel's support
site of that era was not well indexed by archive.org due to its
crappy web design. But where there's a will, there'
Evan Silberman wrote:
> The 1934 copyright has lapsed.
1934? Clearly in need of an update for modern lexicon, I offer a patch:
Index: web2
===
RCS file: /cvs/src/share/dict/web2,v
retrieving revision 1.8
diff -u -p -u -p -r1.8 web2
t this header in your proxy as nothing stops
a client from sending X-Forwarded-For headers in the request.
Regards
Lloyd
Lars Bonnesen wrote:
> Been running apache where this seems to work correctly, but on a new
> openbsd install, I am evaluating a shift to httpd - but I am hitting a
>
;d like to know about it.
Regards
Lloyd
ashley wrote:
> Right, thanks. Upon closer reading it seems the man page does mention
> this, but I didn't notice while grepping for things like "SNI" and
> "Server Name Identification", etc.
$ doas pfctl -t spamd -T show | tee temporary-filen followed by editing
> temporary-file, loading the result etc)
Thanks guys for the thorough explanations.
Regards
Lloyd
If I have a pf table defined as follows:
table persist file "/etc/spammers"
and I add/remove IP addresses from that file, do you have to run pfctl to
refresh the table in memory?
Or does pf see that the file has been touched and automatically update
accordingly?
Regards
Lloyd
Does OpenBSD have a security event auditing facility similar to FreeBSD's
audit(4)?
I couldn't find anything in the tree. I assume porting something like
OpenBSM would be useless if there is no kernel facility to support it.
Regards
Lloyd
ays 'status: active').
I know this isn't the answer you're looking for, but a few years ago I
had a Windows box with a very similar issue. Sending moderate amounts of
RDP traffic would cause the NIC to drop offline momentarily. The only
long-term fix was to replace it with a non-Realtek NIC.
Regards
Lloyd
a more concise way to
test for absence of a header other than:
block request
pass request header "foo" value "*"
(which takes two rules)
Regards
Lloyd
d.
I suspect relayd interprets the zero-length string as a NULL value when
the rule is parsed and it is summarily ignored. Is there a better way to
check for a zero-length string or lack of a user-agent header in the HTTP
request?
Regards
Lloyd
ise) into a dedicated
> block table in PF.
What seemed to work for now was blocking traffic with a src port of 0-1024 and
a dest port of one of the running services, e.g. HTTP.
The forged packets almost always had a source port of 22, 80, or 443.
Regards
Lloyd
Kirill A. Korinsky wrote:
> But they need must to send one packet to get one packet.
>
> How does amplify part works here?
It exploits the three way handshake, when you don't get ACK
back from your SYN-ACK to the forged SYN, you will send a TCP
retransmission.
So e.g. if the attacker floods yo
known state where an outgoing request has already been made?
I have the following enabled in pf.conf but it hasn't helped:
set optimization aggressive
set syncookies adaptive (start 15%, end 8%)
Regards
Lloyd
jslee wrote:
> I like the concept but it seems rather spendy given
>
> * very limited RAM (is it upgradeable?)
Max RAM is 64 GB across two SO-DIMM slots.
> Also,
>
> * fans
> * 1U, so the fans will be loud
Not necessarily.
> FWIW I upgraded my APU2s with PCIe adapter boards to host NVMe sto
Has anyone used one of these before? It is an interesting product: a 16 port
PoE switch + Intel PC with HDD bays in a 1U chassis. The internal uplink to the
CPU is supposedly 2x 10GbE. It comes with a built-in Linux hypervisor that
would probably run OpenBSD as a VM out of the box but I would be
What is the purpose of the 'www' group? Is it just vestigial association with
the www user?
Most of /var/www is owned by root:daemon 0755 by default.
Assuming you want to give users write access to various folders under and
including /var/www/htdocs what is the best way to do this considering t
Tito Mari Francis Escaño wrote:
> Hi misc,I'm exploring options for a preferably wireless trackball mouse, can
> somebody please recommend a verified OpenBSD-friendly working brand and model?
Some of the newer Logitech trackballs are dual-mode Bluetooth and USB dongle,
with the dongle storage h
Courtney wrote:
> I watched for shutdown events and it seems OpenBSD is not receiving ACPI
> signals. I looked at my other OpenBSD guests, they also are not
> receiving these ACPI signals and are not shutting down cleanly. I will
> have to investigate again to see if my Linux VMs are receiving the
There's only one way to know for sure. You're going to have to take apart your
fridge and report back.
emu...@disroot.org wrote:
> Perhaps someone on the list in Germany has contacts with Bosch and could
> clarify matters with them?
>
latin...@resist.ca wrote:
> Thank you noodle, i was cautious because of the 200 which appears when
> someone access the web page.
You see HTTP 200 because it's passed as a query string, it's just serving
your index.html from the root. It's probing for a web application with a
path traversal vulne
Take a look at the activity in the OpenWRT current branch, open source support
for the latest standards hasn't been great due to closed firmware, but hardware
released a few years ago is finally gaining support.
Martijn Rijkeboer wrote:
> Hi,
>
> My internet connection has recently been upgrad
Take a look at OmniOS for NAS use. Very underrated IMHO. ZFS, integrated NFS
and SMB server. Based on Illumos code so uses Solaris conventions. Only catch
is the hardware support isn't great.
Piotr K. Isajew wrote:
> I want to build a NAS for my home network of OpenBSD
> machines. I have a 4x8T
Zack Newman wrote:
> There was a thread[^1] early this year on @tech talking about this.
> The fact IP addresses could be issued an X.509 v3 certificate was not
> explicitly mentioned, but there was talk about short-lived certs and
> more generally the notion of "profiles".
>
> Stuart replied a
Courtney wrote:
> SmartOS host on the bhyve hypervisor. Yes, it will do this and pull the
> plug. The guest gets quite a bit of time to poweroff. For some reason,
> it seems that only my Vaultwarden guest wants to take long. I also have
> a more complex synapse server and OpenBao server running wh
cted around "domains" - which a cert
lacking a Common Name, Subject, and only an iPAddress SAN is at odds with.
A quick scan through the man pages and source code, my initial assessment is
"no" - though someone please correct me if I'm missing something.
Regards
Lloyd
If you're looking for a fileserver, take a serious look at OmniOS, which is
under-appreciated.
Solaris ZFS, in-kernel SMB server (and NFS of course), and natively supports
NT-style ACLs as opposed to the Samba UID/GID mapping kludge.
Ethan Azariah wrote:
> i want a network fileserver so ther
obs...@loopw.com wrote:
> not 100% conjecture, but not 100% science either:
> You have <90MB on /, which is where relinking happens, on a ~30MB
> kernel. Thats a bit tight. My guess is more than one
> thing was moving things around in the first relink attempt, and in your
> second attempt less of
Janne Johansson wrote:
> that doesn't sound 100% like out-of-space.
>
Disk space was my first guess, but unlikely:
Filesystem SizeUsed Avail Capacity Mounted on
/dev/sd0a 384M276M 89.6M76%/
/dev/sd0k 2.9G328K2.7G 1%/home
/dev/sd0d 500M
m not so sure.
Regards
Lloyd
David Diggles wrote:
> Any ideas? I'm thinking maybe the root disk is on a bad CF card.
>
> Get/Verify syspatch77-001_nfs.tgz 100%
> || 158 KB
> 00:00
> Installing patch 001_nfs
> Get/Verify syspatch77-002_zic.tgz 100%
> || 24992
>
Hi - does OpenBSD support Intel QAT hw crypto acceleration?
Similar to FreeBSD qat(4) support.
I couldn't find any documentation confirming this.
Regards
Lloyd
Crazy idea, but have you tried changing the Ethernet cable?
A dodgy cable can cause L1 issues.
Lloyd
Kirill A. Korinsky wrote:
> On Sun, 08 Jun 2025 19:33:51 +0200,
> "H. Hartzer" h...@hartzer.sh wrote:
>
> > Jarod Watkins wrote:
> >
> > > Hi Jon,
>
a256 -h /var/db/kernel.SHA256 /bsd
Kernel has been relinked and is active on next reboot.
SHA256 (/bsd) = 75600b28045794fa983d0823435c3a07c276b13dbbf11dc01dca71a2d4fe8d6d
The size of this corrupt kernel was 29935875 bytes.
Regards
Lloyd
Nick Holland wrote:
> wild guess: you have a "single partition" model, rather than the
> suggested, so rather than the root file system being fairly quiet
> during normal operation, you have a lot of overall filesystem
> churn taking place. (I'm not a FS person...so I may be full of
> ).
Eh n
I've run across this a few times, where I've improperly shut down
a VM (tapped the wrong button for power off vs ACPI shutdown) and
this lead to an unbootable image with the message before boot:
booting hd0a:/bsd: hd0a:/bsd: Inappropriate file type or format
failed(79). will try /bsd
boot>
To rec
Peter N. M. Hansteen wrote:
> the skinniest config I have running is an arm64 VM that is
> configured with 4GB RAM
IMHO this is a bit misleading. I regularly run Windows Server
VMs with less than that. It depends if you're running X or not.
OpenBSD is an extraordinarily lean OS. I usually config
, +/- 30 seconds from each other.
More notably, it doesn't seem to affect anything.
These are Gen 1 VMs that boot in BIOS mode.
Digging around, this message seems common to Hyper-V users of OpenBSD.
VMware doesn't seem to be affected. Any ideas on the root cause?
Regards
Lloyd
D or chain-load the OpenBSD
EFI loader?
Regards
Lloyd
number: XXX
His showed the following additional error message:
> WARNING: PC/SC not available. Smart card (CCID) protocols will not function.
Try installing pcsc-tools from ports, then:
rcctl enable pcscd && rcctl start pcscd
Then retry the yubikey tools
Regards
Lloyd
Quincy Lawd wrote:
> I've never had any issue like this before. I even unplugged everything
> and put them back in, and still it's not POSTing
FWIW I have, but under Linux, so it's not unheard of. The Ubuntu installer
(if we are naming and shaming) ran a friendly 'firmware update' at its
conclusi
Ingo Schwarze wrote:
>
> Continuing the timeline backwards:
>
> July 19, 1993 FreeBSD: Rodney W. Grimes adds myname(5) and mygate(5) support
> commit message:
> "From NetBSD, copied verbatium. May need some work yet."
> https://github.com/freebsd/freebsd-src/commit/0a71fe69
> This tells us that
Stuart Henderson wrote:
> However nginx would allow blocking user agents by regex (and also would
> avoid another problem that these sites run into from time..)
I observe a lot of malicious bot traffic that masquerades as Chrome so
this technique is only effective against the lowest hanging fruit
Odd Martin Baanrud wrote:
> I can of corse use wg-quick, but I don’t see how to run it via rc(8).
>
> Regards, Martin.
You can install wireguard-tools from ports as you mentioned. Then use
!command syntax in your hostname.if to shell out to wg-quick. E.g. your
/etc/hostname.wg0 contents could be
error thrown if a service cannot bind to an IP,
maybe I am missing something here?
Regards
Lloyd
Ulf Brosziewski wrote:
> If the trackpad is handled by the ubcmtp(4) driver but isn't recognized
> as clickpad, configure a bottom area (see wsmouse(4), wsconsctl(8), and
> wsconsctl.conf(5)):
>
> # wsconsctl mouse.tp.edges=0,5,10,5
>
Many thanks. A variation of this solved the issue. For some
imagine this got annoying pretty quickly.
Is there some obscure X11 setting I can configure to fix this? I've been unable
to find anything.
Thanks
Lloyd
louise9...@gmail.com wrote:
> Hi I have a firewall that I’m trying to get working with mdns across
> different vlans. Chrome on the main network(ix0:network) doesn’t even pick up
> the chromecast and I have tried to allow MDNS as well as setting up openmdns
> but it still doesn’t work. On the I
Sebastien Marie wrote:
>
> With some simplification, it is running:
> /bin/sh -c '. /root/.profile; echo ENV=$ENV; echo PATH=$PATH'
>
> and check the output. In your case, it is complaining that "echo ENV="
> doesn't produce the expected line with 'ENV' string.
>
Further investigation uncovere
ncern by not having a ENV script defined in .profile? The default .profile
does not define ENV. Or have I misused/abused .profile for eternity and not
known it?
Regards
Lloyd
Steve Williams wrote:
> What is your configuration that you have a wg process running?
Your /etc/hostname.wg0 file should contain a line such as the following at the
end:
!/usr/local/bin/wg setconf wg0 /etc/wireguard/wg0.conf
The ! specifies a shell command - see hostname.if(5)
You will nee
few attempts at running reboot and shutdown showed multiples of those
processes (and rc) hanging in the process list.
Can't remember what exactly I did that finally broke the hang and allowed the
reboot to proceed, but it involved tickling the wg0 interface. I don't have
enough concrete data for a bug report but seeing if anyone has any ideas.
Regards
Lloyd
g under Linux is equally if not more painful, having to
enable dynamic debugging on the kernel module but I'm not familiar with it.
Regards
Lloyd
festering
elsewhere in my network.
Thank you for the inputs.
Regards
Lloyd
rather than making a change
to their default sshd_config.
While I'm sure this was well-intentioned, creating a situation where
sshd_config != sshd_config on every system seems a bit insane to me, and
makes debugging many times more difficult.
Regards
Lloyd
x27;s congestion related.
Regards
Lloyd
g iperf3 at nearly full
rate over the wireless network (~ 250Mbps) with zero packet loss. Only SSH
seems to be impacted.
Regards
Lloyd
e I should look next?
Regards
Lloyd
Let me first say that I looked over all the man pages, the official faqs and
I searched over the archived mailing lists before sending out these
questions ... and I'm still a little confused. So:
1. What are the main differences between cvs and cvsup when updating sources
to stable?
2. I'm just t
nt ones to work.
Regards,
Lloyd
Solved it. Etherboot cannot process files an integer multiple of 1432
bytes. pxeboot V4.1 is 36 * 1432 = 51552 bytes long.
Added two bytes to V4.1 pxeboot and it (Etherboot) works fine.
--John
_
Windows Live Hotmail, with safe
I'm trying to run an Nvidia Nforce2-based board diskless. It's a Shuttle
MN31 with Athlon XP.
Following instructions in http://www.openbsdsupport.org for OpenBSD
Diskless setup, I setup a DHCP server, TFTP server, etc. I get pxeboot
downloaded via tftp but it seems Etherboot says "unable to
65 matches
Mail list logo