Re: OpenBSD + isakmpd + VPN concentrator 3060

[Mariusz Makowski]

I finally was able to setup vpn connection.
Other side was configured in wrong way and sum of all my ipsec.conf look in 
this way:

-- ipsec.conf --
other_peer = c.c.c.c_public_ip


ike esp tunnel from a.a.a.a_net to d.d.d.d_net peer $other_peer \
 main auth hmac-sha1 enc 3des group modp1024 \
 quick auth hmac-sha1 enc 3des group modp1024 \
 psk somekey
-- ipsec.conf --

But i have another problem, a.a.a.a_net is not configured on my network 
interface, it's a just net that must be done nat on this.
I was reading a bit about doing nat on obsd and ipsec.
I've tried to do so:

-- conf --
ifconfig lo1 inet a.a.a.a_net
route add -net d.d.d.d_net a.a.a.a_host 
and pf.conf:
nat on lo1 from e.e.e.e_net to d.d.d.d_net - a.a.a.a_host 
-- conf --


But it isn't seem to work. Packets are showing on lo1, but there are not going 
threw the flow/enc0 interface.

-- tcpdump lo1 --
09:38:20.497416 a.a.a.a_hostb  d.d.d.d_host: icmp: echo request
09:38:20.497421 a.a.a.a_hostb d.d.d.d_host: icmp: echo request
-- tcpdump lo1 --

flows:
flow esp in from d.d.d.d_net to a.a.a.a_net peer c.c.c.c_public_ip srcid 
b.b.b.b_public_ip dstid c.c.c.c_public_ip type use
flow esp out from a.a.a.a_net to d.d.d.d_net peer c.c.c.c_public_ip srcid 
b.b.b.b_public_ip dstid c.c.c.c_public_ip type require

image :):
e.e.e.e_net (em0) | a.a.a.a_net (lo1) obsd b.b.b.b_public_ip --- c.c.c.c_public_ip 
cisco d.d.d.d_net

Regard,
Mariusz Makowski


Mariusz Makowski wrote:

Mariusz Makowski wrote:

Hello,

Firstly i want to mention that it's my begining with ipsec/isakmpd 
tunneling.


My problem is about making connection from OpenBSD 4.3 to Cisco VPN 
concentrator 3060.
Cisco concentrator is out of my range so i can't check log there and i 
only wish that configuration there is done well.


Here it is my example:

a.a.a.a_net obsd b.b.b.b_public_ip --- c.c.c.c_public_ip cisco 
d.d.d.d_net


What i wan't to achiev is: - comunication from a.a.a.a_net to d.d.d.d_net

What i know about cisco configuration:
- VPN concentrator 3060
- c.c.c.c_public_ip
- d.d.d.d_net
- VPN Method: IPSec
- Encryption: 3DES
- Key exchange IKE
- Pre-Shared Key: somekey
- Perfect Forward Secrecy: Yes - Group 2 (1024 bits) - Hashing: SHA-1
- Diffie-Hellman: Yes - Group 2 - Time Lifetime: 28800 seconds
- Encapsulation Mode: Tunnel
- Negotiation Mode: Main

OpenBSD:
- clean instalation of 4.3
- no pf yet
- em0: a.a.a.a_net
- em1: b.b.b.b_public_ip

After couple hours of reading stuff on internet and reading some 
configuration files i achivied this configuration:


-- isakmpd.conf --
[General]
Listen-on= b.b.b.b_public_ip

[Phase 1]
c.c.c.c_public_ip= CONN

[Phase 2]
Connections  = LINK

[CONN]
Phase= 1
Transport= udp
Address  = c.c.c.c_public_ip
Configuration= Default-Main-Mode
Authentication   = somekey

[LINK]
Phase= 2
ISAKMP-Peer  = HP
Configuration= Default-Quick-Mode
Local-ID = LAN-1
Remote-ID= LAN-2

[LAN-1]
ID-Type  = IPV4_ADDR_SUBNET
Network  = a.a.a.a_net
Netmask  = a.a.a.a_netmask

[LAN-2]
ID-Type  = IPV4_ADDR_SUBNET
Network  = d.d.d.d_net
Netmask  = d.d.d.d_netmask

[Default-Main-Mode]
DOI  = IPSEC
Exchange_Type= ID_PROT
Transforms   = 3DES-SHA

[Default-Quick-Mode]
DOI  = IPSEC
Exchange_Type= QUICK_MODE
Suites   = QM-ESP-3DES-SHA-SUITE

[3DES-SHA]
ENCRYPTION_ALGORITHM = 3DES_CBC
HASH_ALGORITHM   = SHA
AUTHENTICATION_METHOD= PRE_SHARED
GROUP_DESCRIPTION= MODP_1024
Life = LIFE_3600_SECS

[QM-ESP-3DES-SHA-SUITE]
Protocols= QM-ESP-3DES-SHA

[QM-ESP-3DES-SHA-PFS-SUITE]
Protocols= QM-ESP-3DES-SHA-PFS

[QM-ESP-3DES-SHA]
PROTOCOL_ID  = IPSEC_ESP
Transforms   = QM-ESP-3DES-SHA-XF

[QM-ESP-3DES-SHA-PFS]
PROTOCOL_ID  = IPSEC_ESP
Transforms   = QM-ESP-3DES-SHA-PFS-XF

[QM-ESP-3DES-SHA-TRP]
PROTOCOL_ID  = IPSEC_ESP
Transforms   = QM-ESP-3DES-SHA-TRP-XF

[QM-ESP-3DES-SHA-XF]
TRANSFORM_ID = 3DES
ENCAPSULATION_MODE   = TUNNEL
AUTHENTICATION_ALGORITHM = HMAC_SHA
Life = LIFE_28800_SECS

[QM-ESP-3DES-SHA-PFS-XF]
TRANSFORM_ID = 3DES
ENCAPSULATION_MODE   = TUNNEL
AUTHENTICATION_ALGORITHM = HMAC_SHA
GROUP_DESCRIPTION= MODP_1024
Life = LIFE_28800_SECS

[QM-ESP-3DES-SHA-TRP-XF]
TRANSFORM_ID = 3DES
ENCAPSULATION_MODE   = TRANSPORT
AUTHENTICATION_ALGORITHM = HMAC_SHA
Life = LIFE_28800_SECS

[LIFE_3600_SECS]
LIFE_TYPE= SECONDS
LIFE_DURATION= 3600,1800:7200

[LIFE_28800_SECS]
LIFE_TYPE   = SECONDS
LIFE_DURATION = 28800

Re: ral(4) and Gigabyte GN-WI01GS 802.11b/g card

[Kevin Elliott]

Nick,

Good to hear.  It's going into a Soekris 4501 for wireless access duty
so hostap is necessary but anything got to work better than my current
Atheros based card.  If anyone else has used this card with success in
hostap mode, I'd love to hear about it.

-Kevin

On Thu, Sep 25, 2008 at 3:55 PM, Nick Templeton [EMAIL PROTECTED] wrote:
 I have one in my Dell laptop and it works great.  Here's how it looks in my
 dmesg:

 ral0 at pci2 dev 3 function 0 Ralink RT2561S rev 0x00: irq 11, address
 00:1a:4d:33:b6:03
 ral0: MAC/BBP RT2561C, RF RT2527

 I haven't tried it in hostap mode, but I've had good luck with another
 Gigabyte ral(4)-based card as an access point.

 -Nick

 Kevin Elliott wrote:

 I am thinking of buying a Gigabyte GN-WI01GS to replace my Wistron
 CM9.  It's listed as supported under the man file.  I was curious if
 anyone has any experience with this card and can confirm that it's
 FULLY supported under OpenBSD-4.3 (i386).

 Thank you.
Kevin

 Hope in reality is the worst of all evils because it prolongs the
 torments of man.

 -Nietzsche





-- 
Since love and fear can hardly exist together, if we must choose
between them, it is far safer to be feared than loved.
  -Niccolo Machiavelli

[OT] IronPort mail servers

[Chris]

I know this is not OpenBSD related but I'm just asking for if someone
has any first-hand experience with IronPort [1]

My company has decided to move away from Solaris 8 mail system (sendmail,
clamav, mimedefang, relaydelay and god-knows-what-else) - the reason for the
move is that the current system is kind of glued together and no one
knows how it
all works. People who implemented these have left with no documentation behind.

Anyhow, we have acquired one IronPort for free plus free training. After doing
the training it looks like an extremely powerful little box that can do the
whole lot: mail, spam, virus checking, LDAP lookup, SPF...everything from a
nice GUI and also CLI.

I just wonder if anyone has any first-hand experience with IronPort
and would share
their experience.

Thanks.

--
[1] http://en.wikipedia.org/wiki/IronPort

Re: OpenBSD + isakmpd + VPN concentrator 3060

[Claer]

On Fri, Sep 26 2008 at 45:07, Mariusz Makowski wrote:
 I finally was able to setup vpn connection.
 Other side was configured in wrong way and sum of all my ipsec.conf look in 
 this way:

 -- ipsec.conf --
 other_peer = c.c.c.c_public_ip


 ike esp tunnel from a.a.a.a_net to d.d.d.d_net peer $other_peer \
  main auth hmac-sha1 enc 3des group modp1024 \
  quick auth hmac-sha1 enc 3des group modp1024 \
  psk somekey
 -- ipsec.conf --
In our environnement (we manage openbsd tunnels to cisco 3030 which is
out of our scope) we debugged a strange problem when the connection goes
down. The tunnels won't come back after a small link shutdown.

The problem was Cisco 3030 was doing DPD check and not the OpenBSD.

If it's the case for you too, you should add these lines to
/etc/isakmpd/isakmpd.conf :

--- isakmpd.conf ---
[General]
DPD-check-interval= 30
--- isakmpd.conf ---

 But i have another problem, a.a.a.a_net is not configured on my network 
 interface, it's a just net that must be done nat on this.
 I was reading a bit about doing nat on obsd and ipsec.
 I've tried to do so:

 -- conf --
 ifconfig lo1 inet a.a.a.a_net
 route add -net d.d.d.d_net a.a.a.a_host and pf.conf:
 nat on lo1 from e.e.e.e_net to d.d.d.d_net - a.a.a.a_host -- conf --

 But it isn't seem to work. Packets are showing on lo1, but there are not 
 going threw the flow/enc0 interface.
The route will not work. Instead, you should use pf and route-to
directive. 

 -- tcpdump lo1 --
 09:38:20.497416 a.a.a.a_hostb  d.d.d.d_host: icmp: echo request
 09:38:20.497421 a.a.a.a_hostb d.d.d.d_host: icmp: echo request
 -- tcpdump lo1 --

 flows:
 flow esp in from d.d.d.d_net to a.a.a.a_net peer c.c.c.c_public_ip srcid 
 b.b.b.b_public_ip dstid c.c.c.c_public_ip type use
 flow esp out from a.a.a.a_net to d.d.d.d_net peer c.c.c.c_public_ip srcid 
 b.b.b.b_public_ip dstid c.c.c.c_public_ip type require

 image :):
 e.e.e.e_net (em0) | a.a.a.a_net (lo1) obsd b.b.b.b_public_ip --- 
 c.c.c.c_public_ip cisco d.d.d.d_net

 Regard,
 Mariusz Makowski


 Mariusz Makowski wrote:
 Mariusz Makowski wrote:
 Hello,

 Firstly i want to mention that it's my begining with ipsec/isakmpd 
 tunneling.

 My problem is about making connection from OpenBSD 4.3 to Cisco VPN 
 concentrator 3060.
 Cisco concentrator is out of my range so i can't check log there and i 
 only wish that configuration there is done well.

 Here it is my example:

 a.a.a.a_net obsd b.b.b.b_public_ip --- c.c.c.c_public_ip cisco 
 d.d.d.d_net

 What i wan't to achiev is: - comunication from a.a.a.a_net to d.d.d.d_net

 What i know about cisco configuration:
 - VPN concentrator 3060
 - c.c.c.c_public_ip
 - d.d.d.d_net
 - VPN Method: IPSec
 - Encryption: 3DES
 - Key exchange IKE
 - Pre-Shared Key: somekey
 - Perfect Forward Secrecy: Yes - Group 2 (1024 bits) - Hashing: SHA-1
 - Diffie-Hellman: Yes - Group 2 - Time Lifetime: 28800 seconds
 - Encapsulation Mode: Tunnel
 - Negotiation Mode: Main

 OpenBSD:
 - clean instalation of 4.3
 - no pf yet
 - em0: a.a.a.a_net
 - em1: b.b.b.b_public_ip

 After couple hours of reading stuff on internet and reading some 
 configuration files i achivied this configuration:

 -- isakmpd.conf --
 [General]
 Listen-on= b.b.b.b_public_ip

 [Phase 1]
 c.c.c.c_public_ip= CONN

 [Phase 2]
 Connections  = LINK

 [CONN]
 Phase= 1
 Transport= udp
 Address  = c.c.c.c_public_ip
 Configuration= Default-Main-Mode
 Authentication   = somekey

 [LINK]
 Phase= 2
 ISAKMP-Peer  = HP
 Configuration= Default-Quick-Mode
 Local-ID = LAN-1
 Remote-ID= LAN-2

 [LAN-1]
 ID-Type  = IPV4_ADDR_SUBNET
 Network  = a.a.a.a_net
 Netmask  = a.a.a.a_netmask

 [LAN-2]
 ID-Type  = IPV4_ADDR_SUBNET
 Network  = d.d.d.d_net
 Netmask  = d.d.d.d_netmask

 [Default-Main-Mode]
 DOI  = IPSEC
 Exchange_Type= ID_PROT
 Transforms   = 3DES-SHA

 [Default-Quick-Mode]
 DOI  = IPSEC
 Exchange_Type= QUICK_MODE
 Suites   = QM-ESP-3DES-SHA-SUITE

 [3DES-SHA]
 ENCRYPTION_ALGORITHM = 3DES_CBC
 HASH_ALGORITHM   = SHA
 AUTHENTICATION_METHOD= PRE_SHARED
 GROUP_DESCRIPTION= MODP_1024
 Life = LIFE_3600_SECS

 [QM-ESP-3DES-SHA-SUITE]
 Protocols= QM-ESP-3DES-SHA

 [QM-ESP-3DES-SHA-PFS-SUITE]
 Protocols= QM-ESP-3DES-SHA-PFS

 [QM-ESP-3DES-SHA]
 PROTOCOL_ID  = IPSEC_ESP
 Transforms   = QM-ESP-3DES-SHA-XF

 [QM-ESP-3DES-SHA-PFS]
 PROTOCOL_ID  = IPSEC_ESP
 Transforms   = QM-ESP-3DES-SHA-PFS-XF

 [QM-ESP-3DES-SHA-TRP]
 PROTOCOL_ID  = IPSEC_ESP
 Transforms   = QM-ESP-3DES-SHA-TRP-XF

 [QM-ESP-3DES-SHA-XF]
 TRANSFORM_ID 

Re: how to turn off greylisting?

[Juan Miscaro]

2008/9/25 jared r r spiegel [EMAIL PROTECTED]:
 On Thu, Sep 25, 2008 at 10:25:19PM -0400, Juan Miscaro wrote:
 I have stopped my spamd on my 4.3 box and went ahead and restarted it
 with the '-b' switch.  However, the output of spamdb tells me that
 greylisting is still active.  What is happening?

  maybe

 /home/jrrs $ fgrep grey /etc/rc*
 /etc/rc.conf:spamd_black=NO # set to YES to run spamd without 
 greylisting

Huh thanks but I'm talking real-time.

~juan

Le Guide des salons en France et à l'étranger enfin disponible

[Editions Expo News]

Le Guide des salons en France et ` l'itranger est paru.

Commmandez votre exemplaire.

A partir de 29 € TTC (version PDF)

Sur 300 pages, toutes les informations nicessaires pour priparer sa
participation ` un salon :
a) Des conseils techniques :
b) L'agenda des salons
Du 1er octobre 2008 au 31 dicembre 2009 (1 500 dates en France et plus de
3 500 ` l'international), en fiches techniques (nom du salon, dates,
lieu, nombre d'exposants et de visiteurs, surface brute, date de
criation, piriodiciti, coordonnies de l'organisateur).
 c) Les professionnels de l'installation de stands et d'expositions :

Plus d'information



A riception de votre rhglement :

 Vous recevrez le produit commandi dans un dilai maximum de 24 heures en
version ilectronique et de
5 jours en diffusion postale.

 Vous serez automatiquement abonni sur notre site
www.expo-news.fr pour consulter en ligne nos bases de donnies sur les
salons et les congrhs, avec votre logging et code d'acchs e-mail votre
code d'acchs, envoyis par e-mail.

Nos autres publications :

Le Magazine bimestriel
(5 numiros par an) - 64 pages : dossiers de fond, enqujtes, reportages,
interviews,
portraits de dicideurs
Plus d'information

La news-letter ilectronique hebdomadaire (42 numiros par an) :
30 pages d'infos sur la toute dernihre actualiti : nominations, criations
de salons, risultats, salons et congrhs
Plus d'information

Choisissez
votre formule :

 Version PDF (cliquable, imprimable mais non modifiable) :
29 € TTC

 Version imprimie :
69 € TTC

 Package abonnement (version imprimie + 5 Magazines + 42 news-letter
hebdo ilectroniques :
89 € TTC



Pour commander :

 Paiement en ligne (CB) :
Cliquez sur ce lien

Paiement par chhque
ou par virement bancaire :
Cliquez sur ce lien pour tilicharger le bon de commande.



Editeur du Magazine, de la news-letter et du Guide Evinements
d'entreprise : Editions Expo News
61-63 rue Albert Dhalenne - 93400 Saint Ouen - Til : 00 33 (0)1 75 43 45
83
Pour ne plus recevoir de messages, cliquez sur ce lien

Re: OpenBSD + isakmpd + VPN concentrator 3060

[[EMAIL PROTECTED]]

Claer wrote:

On Fri, Sep 26 2008 at 45:07, Mariusz Makowski wrote:

I finally was able to setup vpn connection.
Other side was configured in wrong way and sum of all my ipsec.conf look in 
this way:


-- ipsec.conf --
other_peer = c.c.c.c_public_ip


ike esp tunnel from a.a.a.a_net to d.d.d.d_net peer $other_peer \
 main auth hmac-sha1 enc 3des group modp1024 \
 quick auth hmac-sha1 enc 3des group modp1024 \
 psk somekey
-- ipsec.conf --

In our environnement (we manage openbsd tunnels to cisco 3030 which is
out of our scope) we debugged a strange problem when the connection goes
down. The tunnels won't come back after a small link shutdown.

The problem was Cisco 3030 was doing DPD check and not the OpenBSD.

If it's the case for you too, you should add these lines to
/etc/isakmpd/isakmpd.conf :

--- isakmpd.conf ---
[General]
DPD-check-interval= 30
--- isakmpd.conf ---


Thanks for this.
But i have another problem, a.a.a.a_net is not configured on my network 
interface, it's a just net that must be done nat on this.

I was reading a bit about doing nat on obsd and ipsec.
I've tried to do so:

-- conf --
ifconfig lo1 inet a.a.a.a_net
route add -net d.d.d.d_net a.a.a.a_host and pf.conf:
nat on lo1 from e.e.e.e_net to d.d.d.d_net - a.a.a.a_host -- conf --

But it isn't seem to work. Packets are showing on lo1, but there are not 
going threw the flow/enc0 interface.

The route will not work. Instead, you should use pf and route-to
directive. 
Finally i managed to do nat in correct way, propably i was mistyped some 
pf.conf configuration.

Both ways of adding route are working.
route add -net d.d.d.d_net a.a.a.a_host and pf.conf:
and
pass in quick on $int_if \
route-to (lo1 a.a.a.a_host)\
from e.e.e.e_net to d.d.d.d_net

But packets after nat are ignoring encap flows, and they are trying to 
go out by default gateway.





-- tcpdump lo1 --
09:38:20.497416 a.a.a.a_hostb  d.d.d.d_host: icmp: echo request
09:38:20.497421 a.a.a.a_hostb d.d.d.d_host: icmp: echo request
-- tcpdump lo1 --

flows:
flow esp in from d.d.d.d_net to a.a.a.a_net peer c.c.c.c_public_ip srcid 
b.b.b.b_public_ip dstid c.c.c.c_public_ip type use
flow esp out from a.a.a.a_net to d.d.d.d_net peer c.c.c.c_public_ip srcid 
b.b.b.b_public_ip dstid c.c.c.c_public_ip type require


image :):
e.e.e.e_net (em0) | a.a.a.a_net (lo1) obsd b.b.b.b_public_ip --- 
c.c.c.c_public_ip cisco d.d.d.d_net


Regard,
Mariusz Makowski


Mariusz Makowski wrote:

Mariusz Makowski wrote:

Hello,

Firstly i want to mention that it's my begining with ipsec/isakmpd 
tunneling.


My problem is about making connection from OpenBSD 4.3 to Cisco VPN 
concentrator 3060.
Cisco concentrator is out of my range so i can't check log there and i 
only wish that configuration there is done well.


Here it is my example:

a.a.a.a_net obsd b.b.b.b_public_ip --- c.c.c.c_public_ip cisco 
d.d.d.d_net


What i wan't to achiev is: - comunication from a.a.a.a_net to d.d.d.d_net

What i know about cisco configuration:
- VPN concentrator 3060
- c.c.c.c_public_ip
- d.d.d.d_net
- VPN Method: IPSec
- Encryption: 3DES
- Key exchange IKE
- Pre-Shared Key: somekey
- Perfect Forward Secrecy: Yes - Group 2 (1024 bits) - Hashing: SHA-1
- Diffie-Hellman: Yes - Group 2 - Time Lifetime: 28800 seconds
- Encapsulation Mode: Tunnel
- Negotiation Mode: Main

OpenBSD:
- clean instalation of 4.3
- no pf yet
- em0: a.a.a.a_net
- em1: b.b.b.b_public_ip

After couple hours of reading stuff on internet and reading some 
configuration files i achivied this configuration:


-- isakmpd.conf --
[General]
Listen-on= b.b.b.b_public_ip

[Phase 1]
c.c.c.c_public_ip= CONN

[Phase 2]
Connections  = LINK

[CONN]
Phase= 1
Transport= udp
Address  = c.c.c.c_public_ip
Configuration= Default-Main-Mode
Authentication   = somekey

[LINK]
Phase= 2
ISAKMP-Peer  = HP
Configuration= Default-Quick-Mode
Local-ID = LAN-1
Remote-ID= LAN-2

[LAN-1]
ID-Type  = IPV4_ADDR_SUBNET
Network  = a.a.a.a_net
Netmask  = a.a.a.a_netmask

[LAN-2]
ID-Type  = IPV4_ADDR_SUBNET
Network  = d.d.d.d_net
Netmask  = d.d.d.d_netmask

[Default-Main-Mode]
DOI  = IPSEC
Exchange_Type= ID_PROT
Transforms   = 3DES-SHA

[Default-Quick-Mode]
DOI  = IPSEC
Exchange_Type= QUICK_MODE
Suites   = QM-ESP-3DES-SHA-SUITE

[3DES-SHA]
ENCRYPTION_ALGORITHM = 3DES_CBC
HASH_ALGORITHM   = SHA
AUTHENTICATION_METHOD= PRE_SHARED
GROUP_DESCRIPTION= MODP_1024
Life = LIFE_3600_SECS

[QM-ESP-3DES-SHA-SUITE]
Protocols= QM-ESP-3DES-SHA

[QM-ESP-3DES-SHA-PFS-SUITE]
Protocols= QM-ESP-3DES-SHA-PFS

[QM-ESP-3DES-SHA]

how to turn on em for Intel 1000PT quad port NIC

[Jorge Medina]

hi guys

I have this device: Intel PRO 1000PT Quad Port 1GbE NIC and OpenBSD
4.3 man em(4) indicate supported device
but the device not been created after installation, how can turn on this
device?

--
Jorge Andris Medina Oliva.
Evolve or die!

Re: how to turn on em for Intel 1000PT quad port NIC

[Stuart Henderson]

Send dmesg.

On 2008-09-26, Jorge Medina [EMAIL PROTECTED] wrote:
 hi guys

 I have this device: Intel PRO 1000PT Quad Port 1GbE NIC and OpenBSD
 4.3 man em(4) indicate supported device
 but the device not been created after installation, how can turn on this
 device?

 --
 Jorge Andris Medina Oliva.
 Evolve or die!

PR4 link exchange request

[Rose Brady]

Hello!
My name is Rose Brady. I have just visited your website (pkre.com.pl) 
and I was wondering if you'd be interested in exchanging links with my 
website. Currently I have real estate website and I'm looking to get 
other related pages to link to it. Of course, in exchange I can provide 
you an interesting link from my Otainno Real State website with pr4.

Your link will be exactly here:

http://www.otainno.com/ page rank 4 (your link will be in the home page 
and not at the links page!)

If you are interested please add to your site the following information 
and let me know when it4s ready and I will do the same for you in less 
than 24 hours, otherwise you can delete my link from your site.

Title: Makelaars Groningen
Description:Experienced and modern estate broker in Groningen.
URL: http://www.ben-s.nl 

Please let me know once my link is ready on your site and dont forget 
to send me your site details for do the same for you.

Best Regards

Rose Brady
Webmaster 


PD: In order to follow anti-spam regulations, please be so kind of
filling in the following form if you don't want to receive any more
messages from this address.
http://www.goodeyeforlinks.com/Contact_Us.html

Re: Sendmail issue with sparc/ALOM mails

[Stuart Henderson]

On 2008-09-25, Michael [EMAIL PROTECTED] wrote:
 Hi,

 I've got a Sun v440 with OpenBSD running with an ALOM card configured to 
 send out mails on events. However, since the hostname can not be read it 
 is set to unknown in the ALOM. It also is not possible to manually set 
 the hostname.

 Now, when sendmail receives the mail it does not accept it because the 
 sender [EMAIL PROTECTED] doesn't exist. Is there any way to accept 
 mails from [EMAIL PROTECTED] to local adresses anyway?

 Sep 23 07:12:21 warden sm-mta-mailx[22453]: m8N5CJMP022453: 
 ruleset=check_mail, arg1=[EMAIL PROTECTED], relay=cl-412.chi-02.us.sixxs
 .net [IPv6:2001:4978:f:19b::2], reject=553 5.1.8 [EMAIL PROTECTED]... 
 Domain of sender address [EMAIL PROTECTED] does not exist

You need a new sendmail cf file built from an mc file with
FEATURE(accept_unresolvable_domains) added. Look in /usr/share/sendmail/cf,
hopefully you'll be able to work out the rest from there. The normal one
in /etc/mail gets built from openbsd-proto.mc.

Copy rather than just editing, and use a different name for the installed
cf file so upgrades don't overwrite it.

 Second question... is there any way to set the hostname of the ALOM? ;-)

*shrug*

you could try looking in eeprom(8), but I don't know if ALOM has
anything to do with that.

Help with pf

[Ricardo Augusto de Souza]

# pfctl -e

pf enabled

# ping www.terra.com.br

PING www.terra.com.br (200.176.3.142): 56 data bytes

ping: sendto: No route to host

ping: wrote www.terra.com.br 64 chars, ret=-1

ping: sendto: No route to host

ping: wrote www.terra.com.br 64 chars, ret=-1

--- www.terra.com.br ping statistics ---

2 packets transmitted, 0 packets received, 100.0% packet loss

# cat /etc/pf.conf

# interface externa WAN

ext_if=xl1

# interface interna LAN

int_if=xl0

# interface MPLS

mpls_if =bge0

#Default GW

gw=200.162.41.33



# Variaveis

##



#

#1 - Redirecionamento ambiente de homologocao

###

ws_ip = { 10.10.100.21 }

ws_ports = { 8101, 8102, 8103 }





#2- Variaveis uteis



lan = { 10.10.0.0/16 }

rede_mpls  = { 10.100.0.0/26 }

ip_admin = { 10.10.0.135 }

portas_saida_tcp =  {25, 80, 110 }

portas_saida_udp =  { 53 }

portas_entrada_tcp =  { 22} 



###

set skip on lo

scrub in



# redirecionamento para lan, foi necessario fazer nat tb.

rdr pass on xl1 inet proto tcp from any to xl1 port $ws_ports - $ws_ip

nat on $int_if from any to $ws_ip - $int_if



#

# NAT  ##

#



#nat para dar acesso a internet para a lan

#nat on bge0  from $lan to $rede_mpls - 10.100.1.1# MPLS

nat on $ext_if from $lan to !($ext_if) - $ext_if



# bloqueia a entrada de tudo e saida de tudo

block in all

block out all



#regras de entrada



# libera entrada de tudo na interface interna

pass in quick on $int_if proto udp from $lan to $int_if port 53

pass in quick on $int_if from $lan to any keep state



# libera a entrada na interface externa

pass in quick on $ext_if proto tcp from any to $ext_if port
$portas_entrada_tcp keep state

pass in quick on $ext_if proto tcp from any to $ext_if port $ws_ports
keep state



# regras de saida

pass out on $int_if

pass out on $mpls_if

pass out on lo

pass out on $ext_if from any to $gw

pass out on $ext_if proto tcp from $lan to any port $portas_saida_tcp

pass out on $ext_if from $ip_admin to any



Question 1 ) What I am doing wrong, cause  when I turn pf on I am not
able to connect the internet.

# pfctl -d

pf disabled

# ping www.terra.com.br

PING www.terra.com.br (200.176.3.142): 56 data bytes

64 bytes from 200.176.3.142: icmp_seq=0 ttl=250 time=33.663 ms

64 bytes from 200.176.3.142: icmp_seq=1 ttl=250 time=33.943 ms

--- www.terra.com.br ping statistics ---

2 packets transmitted, 2 packets received, 0.0% packet loss

round-trip min/avg/max/std-dev = 33.663/33.803/33.943/0.140 ms





Question 2) How do  I  set correct route to mpls network to my clients (
10.10.0.0/24 ) ?

# ping 10.100.1.1

PING 10.100.1.1 (10.100.1.1): 56 data bytes

64 bytes from 10.100.1.1: icmp_seq=0 ttl=255 time=2.980 ms

64 bytes from 10.100.1.1: icmp_seq=1 ttl=255 time=1.570 ms

--- 10.100.1.1 ping statistics ---

2 packets transmitted, 2 packets received, 0.0% packet loss

round-trip min/avg/max/std-dev = 1.570/2.275/2.980/0.705 ms

#



Thanks

Re: [OT] IronPort mail servers

[Joshua Gimer]

We have been using Ironport for about a year now as our email security
appliance. We have roughly 60,000 addresses that we route mail for and take
in about 16 million messages a day. We went from a total of 16 systems
running just about everything imaginable including email encryption, to 2
Ironport C650 appliances.

We have been very happy with Ironport up to this point, the boxes are very
low maintenace and they have given us the ability to perform some more
advance mail routing functions that were not supported in our old system.
The support and response from Ironport has also been exceptional. They have
processed feature requests, and depending on the contract that you have they
can provide 24-hour on-site support.

Josh

On Fri, Sep 26, 2008 at 12:50 AM, Chris [EMAIL PROTECTED] wrote:

 I know this is not OpenBSD related but I'm just asking for if someone
 has any first-hand experience with IronPort [1]

 My company has decided to move away from Solaris 8 mail system (sendmail,
 clamav, mimedefang, relaydelay and god-knows-what-else) - the reason for
 the
 move is that the current system is kind of glued together and no one
 knows how it
 all works. People who implemented these have left with no documentation
 behind.

 Anyhow, we have acquired one IronPort for free plus free training. After
 doing
 the training it looks like an extremely powerful little box that can do the
 whole lot: mail, spam, virus checking, LDAP lookup, SPF...everything from a
 nice GUI and also CLI.

 I just wonder if anyone has any first-hand experience with IronPort
 and would share
 their experience.

 Thanks.

 --
 [1] http://en.wikipedia.org/wiki/IronPort




-- 
Thx
Joshua Gimer

Re: OpenBSD + isakmpd + VPN concentrator 3060

[Christoph Leser]

This is interesting. We suffer from spurious connection losses since we
started with OBSD ipsec.
Do you have any details what caused your problem, and why setting
DPD-check-interval helped?


 In our environnement (we manage openbsd tunnels to cisco 3030
 which is out of our scope) we debugged a strange problem when
 the connection goes down. The tunnels won't come back after a
 small link shutdown.

 The problem was Cisco 3030 was doing DPD check and not the OpenBSD.

 If it's the case for you too, you should add these lines to
 /etc/isakmpd/isakmpd.conf :

 --- isakmpd.conf ---
 [General]
 DPD-check-interval= 30
 --- isakmpd.conf ---

Odd spamd-white update issues

[Derek Buttineau]

Good Day,

We have an OpenBSD 4.3 machine that is acting as a firewall for our  
scanning service and has spamd employed (which we've been using ever  
since hearing Bob talk about it at BSDCan 2005).


Yesterday though, we had our first issue with it, for some reason  
about 4pm yesterday all of our entries in the spamd-white table  
disappeared?  I suspected that it may have had something to do with  
the sync as I had spamd running with the -Y and -y flags, yet there is  
currently no other host on the network for it to sync with (though a  
redundant machine is in the works to be deployed very soon).


When we uncovered the issue this morning, I removed the -Y and -y  
flags and restarted the machine and it is now working correctly again,  
however I'm a little puzzled as to the source of this problem as I've  
scoured our log files and do not see any errors or alerts that I can  
attribute to this situation.


Any suggestions or advice would be greatly appreciated.

Our spamd_flags were as follows (It is currently running without the - 
Y and -y):


-h 'scanner.netguardsolutions.net' -n 'netGUARD: Mail Protection  
Service' -G 15:4:864 -Y em0 -y em0 -M 66.159.122.14


Thank you

--
Regards,

Derek Buttineau
Internet Systems Developer
Compu-SOLVE Internet Services
Compu-SOLVE Technologies, Inc

Phone:  705-725-1212 x255
E-Mail:  [EMAIL PROTECTED]

How do I add nat to other subnet in pf

[Ricardo Augusto de Souza]

 I have already have nat configured in pf.conf.

It4s working good and all my clients are connected to the internet.

I need to tell to openBSD route when my clients try to access subnet
10.100.0.0/26.

From openbsd I can access this network.

I think when I add other nat rule in pf its missing something. Nat rule is
commented and has a mark called MPLS.



I have this:

# ifconfig

lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 33208

groups: lo

inet 127.0.0.1 netmask 0xff00

inet6 ::1 prefixlen 128

inet6 fe80::1%lo0 prefixlen 64 scopeid 0x7

em0: flags=8802BROADCAST,SIMPLEX,MULTICAST mtu 1500

lladdr 00:11:25:7f:86:28

media: Ethernet autoselect (none)

status: no carrier

bge0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500

lladdr 00:10:18:16:14:1b

media: Ethernet autoselect (1000baseT full-duplex,master)

status: active

inet6 fe80::210:18ff:fe16:141b%bge0 prefixlen 64 scopeid 0x2

inet 10.100.1.3 netmask 0xff00 broadcast 255.255.255.192

bge1: flags=8802BROADCAST,SIMPLEX,MULTICAST mtu 1500

lladdr 00:10:18:16:0e:8a

media: Ethernet autoselect (none)

status: no carrier

xl0: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST mtu 1500

lladdr 00:0a:5e:63:7e:2e

media: Ethernet autoselect (100baseTX full-duplex)

status: active

inet 10.10.100.254 netmask 0x broadcast 10.10.255.255

inet6 fe80::20a:5eff:fe63:7e2e%xl0 prefixlen 64 scopeid 0x4

xl1: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500

lladdr 00:0a:5e:63:7d:72

groups: egress

media: Ethernet autoselect (100baseTX full-duplex)

status: active

inet 200.162.41.XX netmask 0xfff8 broadcast 200.162.41.39

inet6 fe80::20a:5eff:fe63:7d72%xl1 prefixlen 64 scopeid 0x5

enc0: flags=0 mtu 1536

pflog0: flags=141UP,RUNNING,PROMISC mtu 33208

groups: pflog

#





# cat /etc/pf.conf

# interface externa WAN

ext_if=xl1

# interface interna LAN

int_if=xl0

# interface MPLS

mpls_if =bge0

#Default GW

gw=200.162.41.1



# Variaveis

##



#

#1 - Redirecionamento ambiente de homologocao

###

ws_ip = { 10.10.100.21 }

ws_ports = { 8101, 8102, 8103 }





#2- Variaveis uteis



lan = { 10.10.0.0/16 }

rede_mpls  = { 10.100.0.0/26 }

ip_admin = { 10.10.0.135 }

portas_saida_tcp =  {25, 80, 110 }

portas_saida_udp =  { 53 }

portas_entrada_tcp =  { 22} 



###

#options

set block-policy return

set loginterface $ext_if

set skip on lo

scrub in



# redirecionamento para lan, foi necessario fazer nat tb.

rdr pass on $int_if inet proto tcp from $lan to any port 80 - $int_if port
3128

rdr pass on $ext_if inet proto tcp from any to $ext_if port $ws_ports -
$ws_ip

nat on $int_if from any to $ws_ip - $int_if



#

# NAT  ##

#



#nat para dar acesso a internet para a lan

nat on $ext_if from $lan to !($ext_if) - $ext_if

#nat on $ext_if  from $lan to $rede_mpls - 10.100.1.1   #MPLS



# bloqueia a entrada de tudo e saida de tudo

block in on $ext_if



#regras de entrada



# libera entrada de tudo na interface interna

pass in quick on $int_if proto udp from $lan to $int_if port 53

pass in quick on $int_if from $lan to any keep state



# libera a entrada na interface externa

pass in quick on $ext_if proto tcp from any to $ext_if port
$portas_entrada_tcp keep state

pass in quick on $ext_if proto tcp from any to $ext_if port $ws_ports keep
state



# regras de saida

antispoof quick for { lo $int_if }

pass out on $int_if keep state



#

# proibe todo o trafego de saida

block out on $ext_if

pass out on $ext_if from $ext_if to any



pass out quick on $ext_if proto tcp from $lan to any port $portas_saida_tcp



#libera acesso total para os administradores

pass out on $ext_if from $ip_admin to any

#











Dmesg:





# dmesg

OpenBSD 4.3 (CMT) #0: Wed Sep 24 09:52:31 BRT 2008

[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/CMT

cpu0: Intel(R) Pentium(R) 4 CPU 2.13GHz (GenuineIntel 686-class) 2.13 GHz

cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,CNXT-ID,CX16,xTPR

real mem  = 1072697344 (1023MB)

avail mem = 1032876032 (985MB)

mainbus0 at root

bios0 at mainbus0: AT/286+ BIOS, date 06/16/05, BIOS32 rev. 0 @ 0xfd5b6,
SMBIOS rev. 2.33 @ 0x3ff77000 (46 entries)

bios0: vendor IBM version -[KEE134AUS-1.34]- date 06/16/2005

bios0: IBM CORPORATION -[84824RU]-

bios0: ROM list: 0xc/0x9000 0xc9000/0x1000 0xca000/0x1000 0xcb000/0x9c00
0xd5000/0x2000 0xd7000/0x2000 0xd9000/0x800 0xd9800/0x800

cpu0 at mainbus0

pci0 at mainbus0 bus 0: configuration mode 1 (no bios)

pchb0 at pci0 dev 0 function 0 Intel 82875P Host rev 0x02

Re: making man(1) to open a file

[Cezary Morga]

Dnia czwartek, 25 wrze6nia 2008, Bryan Irvine napisa3:
  Next to the useful suggestions you've received so far, you can try
 
 groff -man -Tascii /path/to/manpage.X | less

 man -a is easier though.

 -B

-a Display all of the manual pages for a specified section and name
combination.  Normally, only the first manual page found is dis-
played.

You're sure that's the one?

--
Cezary Morga
A real administrator is always logged in as root - it's CRAP
administrators that aren't! (BOFH @theregister.co.uk)

Re: [OT] IronPort mail servers

[Stijn]

Joshua Gimer wrote:

We have been using Ironport for about a year now as our email security
appliance. We have roughly 60,000 addresses that we route mail for and take
in about 16 million messages a day. We went from a total of 16 systems
running just about everything imaginable including email encryption, to 2
Ironport C650 appliances.

We have been very happy with Ironport up to this point, the boxes are very
low maintenace and they have given us the ability to perform some more
advance mail routing functions that were not supported in our old system.
The support and response from Ironport has also been exceptional. They have
processed feature requests, and depending on the contract that you have they
can provide 24-hour on-site support.

Josh

On Fri, Sep 26, 2008 at 12:50 AM, Chris [EMAIL PROTECTED] wrote:

  

I know this is not OpenBSD related but I'm just asking for if someone
has any first-hand experience with IronPort [1]

My company has decided to move away from Solaris 8 mail system (sendmail,
clamav, mimedefang, relaydelay and god-knows-what-else) - the reason for
the
move is that the current system is kind of glued together and no one
knows how it
all works. People who implemented these have left with no documentation
behind.

Anyhow, we have acquired one IronPort for free plus free training. After
doing
the training it looks like an extremely powerful little box that can do the
whole lot: mail, spam, virus checking, LDAP lookup, SPF...everything from a
nice GUI and also CLI.

I just wonder if anyone has any first-hand experience with IronPort
and would share
their experience.

Thanks.

--
[1] http://en.wikipedia.org/wiki/IronPort






  
I can only second that. I implemented a couple of systems at big 
customers and they never looked back. Easy to configure, low 
maintenance, very high catch rate. When customers ask me what to do 
about spam, my answer is simple: IronPort.


Have fun (doing something else than cleaning up spam messages),

Stijn

Re: how to turn on em for Intel 1000PT quad port NIC

[Jorge Medina]

On Fri, Sep 26, 2008 at 11:54 AM, Stuart Henderson [EMAIL PROTECTED]
wrote:
 On 2008/09/26 11:28, Jorge Medina wrote:
 On Fri, Sep 26, 2008 at 10:37 AM, Stuart Henderson [EMAIL PROTECTED]
wrote:
  Send dmesg.

 to the list, not to me personally please. (CC'd).
sorry
 Intel PRO/1000 QP (82575GB) rev 0x02 at pci5 dev 0 function 0 not
configured
 Intel PRO/1000 QP (82575GB) rev 0x02 at pci5 dev 0 function 1 not
configured
 Intel PRO/1000 QP (82575GB) rev 0x02 at pci6 dev 0 function 0 not
configured
 Intel PRO/1000 QP (82575GB) rev 0x02 at pci6 dev 0 function 1 not
configured

 those aren't supported, even in current..

ok, I so hope!

 OpenBSD 4.3 (GENERIC) #1368: Wed Mar 12 11:05:31 MDT 2008
 [EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/GENERIC
 real mem = 3483631616 (3322MB)
 avail mem = 3368439808 (3212MB)
 mainbus0 at root
 bios0 at mainbus0: SMBIOS rev. 2.5 @ 0xcfb9c000 (55 entries)
 bios0: vendor Dell Inc. version 1.2.0 date 04/07/2008
 bios0: Dell Inc. PowerEdge R300
 acpi0 at bios0: rev 2
 acpi0: tables DSDT FACP APIC SPCR HPET MCFG WD__ SLIC ERST HEST BERT
 EINJ TCPA SSDT SSDT SSDT
 acpi0: wakeup devices PCI0(S5)
 acpitimer0 at acpi0: 3579545 Hz, 24 bits
 acpihpet0 at acpi0: 14318179 Hz
 acpiprt0 at acpi0: bus 0 (PCI0)
 acpiprt1 at acpi0: bus 5 (PEX4)
 acpiprt2 at acpi0: bus 10 (PEX6)
 acpiprt3 at acpi0: bus 1 (SBE4)
 acpiprt4 at acpi0: bus 2 (SBE5)
 acpiprt5 at acpi0: bus 13 (COMP)
 acpicpu0 at acpi0: C1, FVS, 1867, 1600 MHz
 ipmi at mainbus0 not configured
 cpu0 at mainbus0: (uniprocessor)
 cpu0: Intel(R) Core(TM)2 Duo CPU E6305 @ 1.86GHz, 1866.89 MHz
 cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,CX16,
xTPR,NXE,LONG
 cpu0: 2MB 64b/line 8-way L2 cache
 pci0 at mainbus0 bus 0: configuration mode 1
 pchb0 at pci0 dev 0 function 0 vendor Intel, unknown product 0x65c0 rev
0x90
 ppb0 at pci0 dev 2 function 0 vendor Intel, unknown product 0x65f7 rev
0x90
 pci1 at ppb0 bus 3
 ppb1 at pci0 dev 3 function 0 vendor Intel, unknown product 0x65e3 rev
0x90
 pci2 at ppb1 bus 4
 ppb2 at pci0 dev 4 function 0 vendor Intel, unknown product 0x65f8 rev
0x90
 pci3 at ppb2 bus 5
 ppb3 at pci3 dev 0 function 0 vendor IDT, unknown product 0x8018 rev
0x0e
 pci4 at ppb3 bus 6
 ppb4 at pci4 dev 2 function 0 vendor IDT, unknown product 0x8018 rev
0x0e
 pci5 at ppb4 bus 7
 Intel PRO/1000 QP (82575GB) rev 0x02 at pci5 dev 0 function 0 not
configured
 Intel PRO/1000 QP (82575GB) rev 0x02 at pci5 dev 0 function 1 not
configured
 ppb5 at pci4 dev 4 function 0 vendor IDT, unknown product 0x8018 rev
0x0e
 pci6 at ppb5 bus 8
 Intel PRO/1000 QP (82575GB) rev 0x02 at pci6 dev 0 function 0 not
configured
 Intel PRO/1000 QP (82575GB) rev 0x02 at pci6 dev 0 function 1 not
configured
 ppb6 at pci0 dev 5 function 0 vendor Intel, unknown product 0x65e5 rev
0x90
 pci7 at ppb6 bus 9
 ppb7 at pci0 dev 6 function 0 vendor Intel, unknown product 0x65f9 rev
0x90
 pci8 at ppb7 bus 10
 ppb8 at pci0 dev 7 function 0 vendor Intel, unknown product 0x65e7 rev
0x90
 pci9 at ppb8 bus 11
 pchb1 at pci0 dev 16 function 0 vendor Intel, unknown product 0x65f0 rev
0x90
 pchb2 at pci0 dev 16 function 1 vendor Intel, unknown product 0x65f0 rev
0x90
 pchb3 at pci0 dev 16 function 2 vendor Intel, unknown product 0x65f0 rev
0x90
 pchb4 at pci0 dev 17 function 0 vendor Intel, unknown product 0x65f1 rev
0x90
 pchb5 at pci0 dev 19 function 0 vendor Intel, unknown product 0x65f3 rev
0x90
 pchb6 at pci0 dev 21 function 0 vendor Intel, unknown product 0x65f5 rev
0x90
 pchb7 at pci0 dev 22 function 0 vendor Intel, unknown product 0x65f6 rev
0x90
 ppb9 at pci0 dev 28 function 0 Intel 82801I PCIE rev 0x02
 pci10 at ppb9 bus 12
 ppb10 at pci0 dev 28 function 4 Intel 82801I PCIE rev 0x02
 pci11 at ppb10 bus 1
 bge0 at pci11 dev 0 function 0 Broadcom BCM5722 rev 0x00, BCM5755 C0
 (0xa200): irq 15, address 00:1e:4f:3f:21:32
 brgphy0 at bge0 phy 1: BCM5722 10/100/1000baseT PHY, rev. 0
 ppb11 at pci0 dev 28 function 5 Intel 82801I PCIE rev 0x02
 pci12 at ppb11 bus 2
 bge1 at pci12 dev 0 function 0 Broadcom BCM5722 rev 0x00, BCM5755 C0
 (0xa200): irq 14, address 00:1e:4f:3f:21:33
 brgphy1 at bge1 phy 1: BCM5722 10/100/1000baseT PHY, rev. 0
 uhci0 at pci0 dev 29 function 0 Intel 82801I USB rev 0x02: irq 11
 uhci1 at pci0 dev 29 function 1 Intel 82801I USB rev 0x02: irq 10
 uhci2 at pci0 dev 29 function 2 Intel 82801I USB rev 0x02: irq 11
 ehci0 at pci0 dev 29 function 7 Intel 82801I USB rev 0x02: irq 11
 usb0 at ehci0: USB revision 2.0
 uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1
 ppb12 at pci0 dev 30 function 0 Intel 82801BA Hub-to-PCI rev 0x92
 pci13 at ppb12 bus 13
 vga1 at pci13 dev 7 function 0 ATI ES1000 rev 0x02
 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
 wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
 pcib0 at pci0 dev 31 function 0 Intel 82801IR LPC rev 0x02
 pciide0 at pci0 dev 31 function 2 Intel 82801I SATA rev 0x02: 

OT: elliptic curve crypto

[John Nietzsche]

Dear list members,

i am searching for a tutorial on this regards that explain howto
implement it using ANSI C (I don't really care about the math
background abot this subject).

May some one point me the URL for a tutorial on this regard?


Thanks a lot for your time and cooperation.

Best regards.

Re: making man(1) to open a file

[Stuart Henderson]

On 2008-09-26, Cezary Morga [EMAIL PROTECTED] wrote:
 Dnia czwartek, 25 wrze6nia 2008, Bryan Irvine napisa3:
  Next to the useful suggestions you've received so far, you can try
 
 groff -man -Tascii /path/to/manpage.X | less

 man -a is easier though.

 -B

 -a Display all of the manual pages for a specified section and name
 combination.  Normally, only the first manual page found is dis-
 played.

 You're sure that's the one?

Given the original problem, I'm in trouble opening net-snmp package's
snmpd(8) or snmpd.conf(5) man page, because it conflicts with the base's
snmpd's man pages, that's quite appropriate and easy-to-use. Thanks
Bryan :)

As you see here, when asking on mailing lists, you'll get more useful
answers if you give an explanation of what you want to do, rather than
just think of one way to do it and ask how to do that. 

Re: OT: elliptic curve crypto

[Ted Unangst]

On Fri, Sep 26, 2008 at 4:02 PM, John Nietzsche
[EMAIL PROTECTED] wrote:
 i am searching for a tutorial on this regards that explain howto
 implement it using ANSI C (I don't really care about the math
 background abot this subject).

The people who are qualified to do this work generally just do it and
provide you with source, instead of encouraging the people who don't
care about getting right to do it.  The world is safer this way.

Re: making man(1) to open a file

[Bryan Irvine]

On Fri, Sep 26, 2008 at 11:43 AM, Cezary Morga [EMAIL PROTECTED] wrote:
 Dnia czwartek, 25 wrze6nia 2008, Bryan Irvine napisa3:
  Next to the useful suggestions you've received so far, you can try
 
 groff -man -Tascii /path/to/manpage.X | less

 man -a is easier though.

 -B

 -a Display all of the manual pages for a specified section and name
combination.  Normally, only the first manual page found is dis-
played.

 You're sure that's the one?

Yeah that's the one.
Instead of halting at the first page it finds (the openbsd native) it
then brings you to the next page found once you've scrolled through
the first.

-B

Re: OT: elliptic curve crypto

[Bob Beck]

On 26-Sep-08, at 14:43, Ted Unangst [EMAIL PROTECTED] wrote:


On Fri, Sep 26, 2008 at 4:02 PM, John Nietzsche
[EMAIL PROTECTED] wrote:

i am searching for a tutorial on this regards that explain howto
implement it using ANSI C (I don't really care about the math
background abot this subject).


The people who are qualified to do this work generally just do it and
provide you with source, instead of encouraging the people who don't
care about getting right to do it.  The world is safer this way.

Although it makes it harder to get solutions to your university  
assignments mailed to you courtesy [EMAIL PROTECTED]

Re: making man(1) to open a file

[François Chambaud]

Cezary Morga [EMAIL PROTECTED] writes:

 Dnia czwartek, 25 wrze6nia 2008, Bryan Irvine napisa3:
   Next to the useful suggestions you've received so far, you can try
  
  groff -man -Tascii /path/to/manpage.X | less
 
  man -a is easier though.
 
  -B
 
 -a Display all of the manual pages for a specified section and name
 combination.  Normally, only the first manual page found is dis-
 played.
 
 You're sure that's the one?
 
 --
 Cezary Morga
 A real administrator is always logged in as root - it's CRAP
 administrators that aren't! (BOFH @theregister.co.uk)
 
 
 

If the PAGER variable is set to less, you can examine the next manual
page with :n, the previous manual page with :p and the first manual
page again with :x.

Tested with man -a disklabel:

/usr/share/man/cat8/disklabel.0 (file 1 of 3) (END) - Next: 
/usr/share/man/cat5/disklabel.0
/usr/share/man/cat5/disklabel.0 (file 2 of 3) (END) - Next: 
/usr/share/man/cat9/disklabel.0
/usr/share/man/cat9/disklabel.0 (file 3 of 3) (END)

$ uname -srm
OpenBSD 4.3 i386

-- 
Francois Chambaud
http://www.chambaud.org

relayd: does timeout-directive limits time for SSL-handshake?

[Till Neudecker]

Hi,

I have a pretty normal loadbalancing setup (2 relayd-loadbalancer, 2 backend
hosts). The loadbalancer accepts ssl-encrypted sessions and forwards them
unencrypted to the backend-hosts. Because all the hosts are on the same LAN
I set the global timeout-directive to 200ms. 

When now connecting from a slow internet-connection to my service, I often
receive a SSL accept timeout. After changing the global timeout to 2000ms
the problem disappears. The man-pages only says timeout limits the time for
the checks of the backend-hosts but nothing about the SSL-handshake from
clients. 

Can someone agree or disgree to my guess that timeout also limits the time
for the SSL-handshake?



Thanks,

Till

Re: Sendmail issue with sparc/ALOM mails

[Bryan]

On Fri, Sep 26, 2008 at 7:43 AM, Stuart Henderson [EMAIL PROTECTED] wrote:
snipped...

 Second question... is there any way to set the hostname of the ALOM? ;-)

 *shrug*

 you could try looking in eeprom(8), but I don't know if ALOM has
 anything to do with that.

According to this
(http://forums.sun.com/thread.jspa?threadID=5113585tstart=0), you
cannot.

Intel Atom and D945GCLF2

[Steve B]

Is anyone running OpenBSD on one of these boards? The supported platform
page does not list either the chipset or the CPU so I'm guesing it is not
supported at this time.

Steve

Dell SC440 hangs

[Steve Shockley]

I'm running -current from September 9 on a Dell SC440.  When I try to do
a bulk ports build using dpb, it runs for a couple of hours and hangs.
The console screen is blank and doesn't respond to keyboard, but I can
still ping the machine.  If I try to ssh in, I get a connection but no
logon prompt.

I've run the Dell hardware tests for what they're worth, and found no
errors.

Any ideas?  Dmesg below.

OpenBSD 4.4-current (GENERIC.MP) #1838: Tue Sep  9 16:35:25 MDT 2008
[EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 521924608 (497MB)
avail mem = 506335232 (482MB)
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.3 @ 0xf0450 (63 entries)
bios0: vendor Dell Inc. version 1.5.0 date 09/04/2007
bios0: Dell Inc. PowerEdge SC440
acpi0 at bios0: rev 2
acpi0: tables DSDT FACP SSDT APIC BOOT ASF! MCFG HPET SSDT SSDT SSDT
acpi0: wakeup devices VBTN(S4) PCI0(S5) PCI4(S5) PCI2(S5) PCI3(S5)
PCI1(S5) PCI5(S5) PCI6(S5) MOU_(S1) USB0(S1) USB1(S1) USB2(S1) USB3(S1)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Xeon(R) CPU 3040 @ 1.86GHz, 1862.26 MHz
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,CX16,xTPR,NXE,LONG
cpu0: 2MB 64b/line 8-way L2 cache
cpu0: apic clock running at 265MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Xeon(R) CPU 3040 @ 1.86GHz, 1862.00 MHz
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,CX16,xTPR,NXE,LONG
cpu1: 2MB 64b/line 8-way L2 cache
ioapic0 at mainbus0 apid 8 pa 0xfec0, version 20, 24 pins
ioapic0: misconfigured as apic 0, remapped to apid 8
acpihpet0 at acpi0: 14318179 Hz
acpiprt0 at acpi0: bus 5 (PCI4)
acpiprt1 at acpi0: bus 2 (PCI2)
acpiprt2 at acpi0: bus -1 (PCI3)
acpiprt3 at acpi0: bus 1 (PCI1)
acpiprt4 at acpi0: bus 3 (PCI5)
acpiprt5 at acpi0: bus 4 (PCI6)
acpiprt6 at acpi0: bus 0 (PCI0)
acpicpu0 at acpi0: FVS, 1867, 1600 MHz
acpicpu1 at acpi0: FVS, 1867, 1600 MHz
acpibtn0 at acpi0: VBTN
pci0 at mainbus0 bus 0: configuration mode 1
pchb0 at pci0 dev 0 function 0 Intel E7230 Host rev 0x00
ppb0 at pci0 dev 1 function 0 Intel E7230 PCIE rev 0x00: apic 8 int 16
(irq 11)
pci1 at ppb0 bus 1
ppb1 at pci0 dev 28 function 0 Intel 82801GB PCIE rev 0x01: apic 8 int
16 (irq 11)
pci2 at ppb1 bus 2
ppb2 at pci0 dev 28 function 4 Intel 82801G PCIE rev 0x01: apic 8 int
16 (irq 11)
pci3 at ppb2 bus 3
ppb3 at pci0 dev 28 function 5 Intel 82801G PCIE rev 0x01: apic 8 int
17 (irq 10)
pci4 at ppb3 bus 4
bge0 at pci4 dev 0 function 0 Broadcom BCM5754 rev 0x02, BCM5754/5787
A2 (0xb002): apic 8 int 17 (irq 10), address 00:1e:c9:2e:3f:7d
brgphy0 at bge0 phy 1: BCM5787 10/100/1000baseT PHY, rev. 0
uhci0 at pci0 dev 29 function 0 Intel 82801GB USB rev 0x01: apic 8 int
21 (irq 9)
uhci1 at pci0 dev 29 function 1 Intel 82801GB USB rev 0x01: apic 8 int
22 (irq 5)
uhci2 at pci0 dev 29 function 2 Intel 82801GB USB rev 0x01: apic 8 int
18 (irq 3)
uhci3 at pci0 dev 29 function 3 Intel 82801GB USB rev 0x01: apic 8 int
23 (irq 10)
ehci0 at pci0 dev 29 function 7 Intel 82801GB USB rev 0x01: apic 8 int
21 (irq 9)
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1
ppb4 at pci0 dev 30 function 0 Intel 82801BA Hub-to-PCI rev 0xe1
pci5 at ppb4 bus 5
vga1 at pci5 dev 7 function 0 ATI ES1000 rev 0x02
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
pcib0 at pci0 dev 31 function 0 Intel 82801GB LPC rev 0x01
pciide0 at pci0 dev 31 function 1 Intel 82801GB IDE rev 0x01: DMA,
channel 0 configured to compatibility, channel 1 configured to compatibility
atapiscsi0 at pciide0 channel 0 drive 0
scsibus0 at atapiscsi0: 2 targets, initiator 7
cd0 at scsibus0 targ 0 lun 0: PBDS, CD-ROM DH-48N1P, AD11 ATAPI
5/cdrom removable
cd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2
pciide0: channel 1 ignored (disabled)
pciide1 at pci0 dev 31 function 2 Intel 82801GB SATA rev 0x01: DMA,
channel 0 configured to native-PCI, channel 1 configured to native-PCI
pciide1: using apic 8 int 20 (irq 5) for native-PCI interrupt
wd0 at pciide1 channel 0 drive 0: SAMSUNG HE160HJ
wd0: 16-sector PIO, LBA48, 152587MB, 31250 sectors
wd0(pciide1:0:0): using PIO mode 4, Ultra-DMA mode 5
ichiic0 at pci0 dev 31 function 3 Intel 82801GB SMBus rev 0x01: apic 8
int 17 (irq 10)
iic0 at ichiic0
spdmem0 at iic0 addr 0x50: 512MB DDR2 SDRAM ECC PC2-5300CL5
usb1 at uhci0: USB revision 1.0
uhub1 at usb1 Intel UHCI root hub rev 1.00/1.00 addr 1
usb2 at uhci1: USB revision 1.0
uhub2 at usb2 Intel UHCI root hub rev 1.00/1.00 addr 1
usb3 at uhci2: USB revision 1.0
uhub3 at usb3 Intel UHCI root hub rev 1.00/1.00 addr 1
usb4 at uhci3: USB revision 1.0
uhub4 at usb4 Intel UHCI root hub rev 1.00/1.00 addr 1
isa0 at pcib0

Re: Dell SC440 hangs

[johan beisser]

On Sep 26, 2008, at 9:16 PM, Steve Shockley wrote:

I'm running -current from September 9 on a Dell SC440.  When I try  
to do

a bulk ports build using dpb, it runs for a couple of hours and hangs.
The console screen is blank and doesn't respond to keyboard, but I can
still ping the machine.  If I try to ssh in, I get a connection but no
logon prompt.

I've run the Dell hardware tests for what they're worth, and found no
errors.

Any ideas?  Dmesg below.


anything in /var/log/messages?

Re: Dell SC440 hangs

[Steve Shockley]

On 9/27/2008 12:44 AM, johan beisser wrote:

anything in /var/log/messages?


No, just the usual syslogd: restart followed by syslogd: start and 
the dmesg.


I did notice the log file for gcc 4.2 had a bunch of garbage (^@) at the 
end, and I think maybe it died on gcc in previous runs as well.  I'm 
re-running the build without gcc now to see if it makes a difference.