Re: Lenovo ThinkPad T60 won't resume
On Sun, Oct 31, 2010 at 23:07:40 +, percy piper wrote: > >> It has an ATI Radeon Mobility X1400 btw. > > > I have the same issue with resume. > > Did either of you have working resume ever before? The farthest I could got with resume was a not resumed video display. I could type in reboot and not have to turn off the machine, but that's all. Daniel -- LIVAI Daniel PGP key ID = 0x83B63A8F Key fingerprint = DBEC C66B A47A DFA2 792D 650C C69B BE4C 83B6 3A8F
Re: Dynamic web hosting and OpenBSD
Sir, You Are Awesome. > I am currently starting my very own hosting business, > as I'm horribly tired of all the incompetence in the > field. Obviously I take security seriously, and therefore > will be using OpenBSD exclusively. -- Old mercenaries never die. They go to hell and regroup. With best regards, Mikle Krutov, Bercut ltd. Technical Support department
Re: Dynamic web hosting and OpenBSD
Why not filtering hushmail and living in peace again? -david-
Re: Dynamic web hosting and OpenBSD
On Oct 31 17:12:17, bsdmas...@hushmail.com wrote: > Dear Friends, > > I am currently starting my very own hosting business, > as I'm horribly tired of all the incompetence in the > field. Obviously I take security seriously, and therefore > will be using OpenBSD exclusively. > > One thing is bothering me though. I've searched the web > and the archives trying to clarify one single point, but > to no avail. I hope you friendly folks would help me. > > I want to host my customers websites, but I'm unclear > how OpenBSD web scripting languages support works. I know > for a fact that the base system includes perl, so hosting > perl websites should work without issues. That is good because > many of my customers will be using domains such as domain.pl > I also see Mono is part of the ports, so domain.net should > also work without issue. > > The one thing I'm unclear about is example.com domains. > How can I get OpenBSD to run .com files? I found that these > are actualy very old DOS binaries. How do other OpenBSD folks > manage them? Is it with Wine? Qemu running a stripped down XP? > > Of course I could write a very good .COM wrapper for ELF I guess, > but I don't want to reinvent the wheel, so if a solution already > exists, I better use it. > > So, what is this solution? Or maybe OpenBSD is not compatible yet > with .COM web applications? > > PS: by the way, I am ready to offer the OpenBSD project a very good > discount, so maybe it's a good idea to move all the hosting of the > project to my new company once I've ironed out the few remaining > details. > Service will be very good, high bandwidth and very modern, being > IPv6 only > (it's the new version of DHCP and DNS with more addresses for your > machines), > so very future-proof. Just contact me if you need more information. > > Thanks, > bsdmaster This is a good one again. Thanks!
Re: Lenovo ThinkPad T60 won't resume
On Sun, Oct 31, 2010 at 15:06:29 -0700, Philip Guenther wrote: > On Sunday, October 31, 2010, LEVAI Daniel wrote: > > My Lenovo ThinkPad won't resume after suspend. When suspending, the > > little moon led lights up, and when resuming it blinks, but that's all. > ... > > Problem commit has been backed out. Update sys/ and rebuild. I'm sorry to say, but with the new kernel, I still can't get this machine to resume. The dmesg haven't changed at all (except of course the first version line), and the pcidump -v output is the same too. I've uploaded the new acpidump to, I don't know if it has changed: http://leva.ecentrum.hu/acpidump/t60_2.tar.gz Daniel -- LIVAI Daniel PGP key ID = 0x83B63A8F Key fingerprint = DBEC C66B A47A DFA2 792D 650C C69B BE4C 83B6 3A8F
Re: Dynamic web hosting and OpenBSD
On 10/31/10 18:12, bsdmas...@hushmail.com wrote: > Dear Friends, > > I am currently starting my very own hosting business, > as I'm horribly tired of all the incompetence in the > field. Obviously I take security seriously, and therefore > will be using OpenBSD exclusively. > > One thing is bothering me though. I've searched the web > and the archives trying to clarify one single point, but > to no avail. I hope you friendly folks would help me. > > I want to host my customers websites, but I'm unclear > how OpenBSD web scripting languages support works. I know > for a fact that the base system includes perl, so hosting > perl websites should work without issues. That is good because > many of my customers will be using domains such as domain.pl > I also see Mono is part of the ports, so domain.net should > also work without issue. > > The one thing I'm unclear about is example.com domains. > How can I get OpenBSD to run .com files? I found that these > are actualy very old DOS binaries. How do other OpenBSD folks > manage them? Is it with Wine? Qemu running a stripped down XP? > > Of course I could write a very good .COM wrapper for ELF I guess, > but I don't want to reinvent the wheel, so if a solution already > exists, I better use it. > > So, what is this solution? Or maybe OpenBSD is not compatible yet > with .COM web applications? > > PS: by the way, I am ready to offer the OpenBSD project a very good > discount, so maybe it's a good idea to move all the hosting of the > project to my new company once I've ironed out the few remaining > details. > Service will be very good, high bandwidth and very modern, being > IPv6 only > (it's the new version of DHCP and DNS with more addresses for your > machines), > so very future-proof. Just contact me if you need more information. > > Thanks, > bsdmaster > It's a good thing we have people like you making a stand against incompetent web hosting companies. This list is getting funnier every day. Good one :-) -- -- Hugo Osvaldo Barrera
Re: Dynamic web hosting and OpenBSD
On Mon, Nov 1, 2010 at 6:10 AM, Jan Stary wrote: > This is a good one again. Thanks! > > Yeah! even fwd it to a couple of buddies not on the list. Surely much more important things to talk about like why NFS is so fucking slow on openbsd?
error when compile the kernel
Hi, I just installed an OpenBSD 4.7. Now i want to update it to 4.7 -current what i ve done : cd /usr/src ; tar zxvf src.tar.gz ; tar zxvf sys.tar.gz cd /usr export cvsroot=anon...@anoncvs.fr.openbsd.org:/cvs cvs -d$CVSROOT checkout -P src cd /usr/src cvs -d $CVSROOT up -Pd when this last is done, i start to compile kernel : cd /usr/src/sys/arch/i386/conf config GENERIC cd ../compile/GENERIC make clean I have this error : rm -f eddep *bsd *bsd.gdb tags *.[io] [a-z]*.s [Ee]rrs linterrs assym.h I don't understand why it doesn't work. If someone can help me. thanks
Re: error when compile the kernel
On Mon, 01 Nov 2010 16:36:35 +0400, OpenBSD Geek wrote > Hi, I just installed an OpenBSD 4.7. > > Now i want to update it to 4.7 > -current... > ...I don't understand why it doesn't work. If > someone can help me. thanks >From FAQ 5.1: "If you desire to run -current, a recent snapshot is often all you need, and upgrading to a snapshot is a required starting point before attempting to build -current from source."
Packet Loss on Wireless (RAL and WI)
Hi I'm experiencing problems setting up an OpenBSD box as a firewall/Wireless Access Point and wonder if I can get some advice from someone who has previously set this up. I've tried everything I can think of but have run out of ideas. Firstly my setup: * I've tried this using OpenBSD v4.1, v4.6 and a 4.8 snapshot from 29/10/20 all with similar results. * I've tried various different wireless cards based on either the Prism (wi0) or Ralink 2561 (ral0) chipsets. * I've used 4 different machines, admittedly all low horsepower machines, from 400MHz PII to 1.2GHz Athlon * I've tried with pf enabled and disabled. This makes no difference. * I've used WEP and WPA-PSK with no difference in outcome * I've tried configuring the interface in both "ibss" and "hostap" mode. I'm aware of the caveat regarding hostap mode and power saving mode in the client and have ensured that the clients (various WinXP times 2, and Brother wireless enabled printer) have this disabled but the packet loss occurs in both ad-hoc and hostap modes anyway. Most google results mention the hostap/power save issue. On each occasion I get anywhere up to 75% packet loss or long periods of several tens of seconds where the wireless link is down. Often the clients are completely unable to associate with the access point/peer and the link is most unstable. I have tried this with the two machines side by side and at a distance of >10m but even with a link of only a few feet I still get packet loss. I've tested by pinging both ends both individually, and simultaneously, and the packet loss occurs in both directions. At the same time, I can use the same wireless cards in a Windows XP machine and get zero packet loss and a completely stable link in an ad-hoc network so I'm sure that the hardware is OK and the wireless radio does work. My /etc/hostname.ral0/wi0 is something like the following depending on the options I've chosen: inet 192.168.5.1 255.255.255.0 NONE media autoselect mediaopt hostap nwid Homenet nwkey I'm afraid I don't have my dmesg handy but I'll attempt to post this soon.. The fact that my configuration is failing every time despite running on numerous different hardware/software combinations makes me think that there's something fundamental that I've missed. Can anyone point me to something that could either solve this or start me looking in the right direction. Is there some sysctl value that I need to check/set ? (...in the morning after I get some sleep!!) Thanks in advance Jeremy
Re: error when compile the kernel
On Mon, 01 Nov 2010 16:36:35 +0400 OpenBSD Geek wrote: > when this last is done, i start to compile kernel : cd > /usr/src/sys/arch/i386/conf > > config GENERIC > > cd ../compile/GENERIC > > make > clean Your config is broken? Mine prints: # config GENERIC Don't forget to run "make depend" http://www.openbsd.org/faq/faq5.html#BldKernel 'extract the tarballs' OR 'cvs checkout', after that 'cvs up'. http://www.openbsd.org/anoncvs.html In gerneral, if you want to run -current, you start by upgrading to/installing the latest snapshot.
Re: error when compile the kernel
On Mon, 1 Nov 2010 08:40:04 -0500 "Josh Grosse" wrote: > On Mon, 1 Nov 2010 14:28:00 +0100, roberth wrote > > > Your config is broken? Mine prints: > > # config GENERIC > > Don't forget to run "make depend" > > The OP's config is "broken" because of the 25 May 2010 change to > config(8) for kernel builds. It was in the "Following -current" FAQ > until today, when all of the changes since 4.7-release were removed. > Older version here: > > http://www.openbsd.org/cgi-bin/cvsweb/~checkout~/www/faq/current.html?rev=1.238;content-type=text%2Fhtml#20100525 My subconciousness is playing tricks on me, i guess. Should have remembered that one, but 4.7 is so far back that i get confused by the timeline. New location for the old stuff: http://www.openbsd.org/faq/upgrade-old.html#20100525 > > In gerneral, if you want to run -current, you start by > > upgrading to/installing the latest snapshot. > > =That= is the reason the OP's build failed. Othere general advice for OP, if he wants to follow current: sub the source-changes ml or atleast follow /faq/current.html and if you still want to try to go from 4.7 instead of a snapshot the relevant parts are now in /faq/upgrade-old.html . But as said before, snapshot first is less painfull.
Multi-Port SSH brute force protection
I was checking my authlog today and noticed the following series of brute force login attempts: Nov 1 01:37:04 solar sshd[8173]: Failed password for root from 58.211.1.163 port 8895 ssh2 Nov 1 01:37:04 solar sshd[10692]: Received disconnect from 58.211.1.163: 11: Bye Bye Nov 1 01:37:06 solar sshd[6273]: Failed password for root from 58.211.1.163 port 9052 ssh2 Nov 1 01:37:06 solar sshd[21047]: Received disconnect from 58.211.1.163: 11: Bye Bye First off login as root is disabled, so not much they can do here, but I'd like to try and setup up some kind of throttling protection for these sorts of attacks. Unfortunately they keep changing ports, so the traditional port 22 protection isn't going to work. I'm wondering if there's something similar to spamd for sshd that can handle this sort of throttling before handing off to the real server, or if sshd has some functionality to do that on its own. Thanks ahead of time for any suggestions. - Onteria
Re: Multi-Port SSH brute force protection
pf and tables are your friends. On 11/01/10 11:30, onteria wrote: > I was checking my authlog today and noticed the following series of > brute force login attempts: > > Nov 1 01:37:04 solar sshd[8173]: Failed password for root from > 58.211.1.163 port 8895 ssh2 > Nov 1 01:37:04 solar sshd[10692]: Received disconnect from > 58.211.1.163: 11: Bye Bye > Nov 1 01:37:06 solar sshd[6273]: Failed password for root from > 58.211.1.163 port 9052 ssh2 > Nov 1 01:37:06 solar sshd[21047]: Received disconnect from > 58.211.1.163: 11: Bye Bye > > First off login as root is disabled, so not much they can do here, but > I'd like to try and setup up some kind of throttling protection for > these sorts of attacks. Unfortunately they keep changing ports, so the > traditional port 22 protection isn't going to work. I'm wondering if > there's something similar to spamd for sshd that can handle this sort of > throttling before handing off to the real server, or if sshd has some > functionality to do that on its own. Thanks ahead of time for any > suggestions. > > - Onteria > -- Sending from my Computer.
Re: Multi-Port SSH brute force protection
> You are confusing the origination port numbers, which can be any random port > number, with the destination port number -- the destination port number is the > port your server is listening on, and that will be 22 by default. Ouch, I just realized the idiocy of my previous email upon reading that. > Throttle with PF's stateful tracking options -- see the examples of using > "overload" with "flush" in the PF User's Guide -- Packet Filtering chapter. RTFM now. Thanks again for your help. - Onteria
Re: Multi-Port SSH brute force protection
On Mon, 1 Nov 2010 07:30:50 -0700, onteria wrote > I was checking my authlog today and noticed the following series of > brute force login attempts: > > Nov 1 01:37:04 solar sshd[8173]: Failed password for root from > 58.211.1.163 port 8895 ssh2 > Nov 1 01:37:04 solar sshd[10692]: Received disconnect from > 58.211.1.163: 11: Bye Bye > Nov 1 01:37:06 solar sshd[6273]: Failed password for root from > 58.211.1.163 port 9052 ssh2 > Nov 1 01:37:06 solar sshd[21047]: Received disconnect from > 58.211.1.163: 11: Bye Bye > > First off login as root is disabled, so not much they can do here, > but I'd like to try and setup up some kind of throttling protection for > these sorts of attacks. Unfortunately they keep changing ports, so > the traditional port 22 protection isn't going to work. You are confusing the origination port numbers, which can be any random port number, with the destination port number -- the destination port number is the port your server is listening on, and that will be 22 by default. Throttle with PF's stateful tracking options -- see the examples of using "overload" with "flush" in the PF User's Guide -- Packet Filtering chapter.
Re: Multi-Port SSH brute force protection
On Mon, Nov 1, 2010 at 8:30 AM, onteria wrote: > I was checking my authlog today and noticed the following series of > brute force login attempts: > > Nov B 1 01:37:04 solar sshd[8173]: Failed password for root from > 58.211.1.163 port 8895 ssh2 > Nov B 1 01:37:04 solar sshd[10692]: Received disconnect from > 58.211.1.163: 11: Bye Bye > Nov B 1 01:37:06 solar sshd[6273]: Failed password for root from > 58.211.1.163 port 9052 ssh2 > Nov B 1 01:37:06 solar sshd[21047]: Received disconnect from > 58.211.1.163: 11: Bye Bye > > First off login as root is disabled, so not much they can do here, but > I'd like to try and setup up some kind of throttling protection for > these sorts of attacks. Unfortunately they keep changing ports, so the > traditional port 22 protection isn't going to work. I'm wondering if > there's something similar to spamd for sshd that can handle this sort of > throttling before handing off to the real server, or if sshd has some > functionality to do that on its own. Thanks ahead of time for any > suggestions. > > - Onteria > > There is sshguard in ports, or you can read the archives for some pf max-src-conn-rate magic (or pf.conf(5)).
Re: Multi-Port SSH brute force protection
On Mon, Nov 1, 2010 at 2:30 PM, onteria wrote: > I was checking my authlog today and noticed the following series of > brute force login attempts: > > Nov 1 01:37:04 solar sshd[8173]: Failed password for root from > 58.211.1.163 port 8895 ssh2 > Nov 1 01:37:04 solar sshd[10692]: Received disconnect from > 58.211.1.163: 11: Bye Bye > Nov 1 01:37:06 solar sshd[6273]: Failed password for root from > 58.211.1.163 port 9052 ssh2 > Nov 1 01:37:06 solar sshd[21047]: Received disconnect from > 58.211.1.163: 11: Bye Bye > > First off login as root is disabled, so not much they can do here, but > I'd like to try and setup up some kind of throttling protection for > these sorts of attacks. Unfortunately they keep changing ports, so the > traditional port 22 protection isn't going to work. I'm wondering if > there's something similar to spamd for sshd that can handle this sort of > throttling before handing off to the real server, or if sshd has some > functionality to do that on its own. Thanks ahead of time for any > suggestions. Hi, You have pf :) . Check "max-src-conn-rate / " on the man page. Regards, Ari Constancio
Re: Multi-Port SSH brute force protection
On Mon, Nov 1, 2010 at 3:30 PM, onteria wrote: > I was checking my authlog today and noticed the following series of > brute force login attempts: > > Nov B 1 01:37:04 solar sshd[8173]: Failed password for root from > 58.211.1.163 port 8895 ssh2 > Nov B 1 01:37:04 solar sshd[10692]: Received disconnect from > 58.211.1.163: 11: Bye Bye > Nov B 1 01:37:06 solar sshd[6273]: Failed password for root from > 58.211.1.163 port 9052 ssh2 > Nov B 1 01:37:06 solar sshd[21047]: Received disconnect from > 58.211.1.163: 11: Bye Bye > > First off login as root is disabled, so not much they can do here, but > I'd like to try and setup up some kind of throttling protection for > these sorts of attacks. Unfortunately they keep changing ports, so the > traditional port 22 protection isn't going to work. I'm wondering if > there's something similar to spamd for sshd that can handle this sort of > throttling before handing off to the real server, or if sshd has some > functionality to do that on its own. Thanks ahead of time for any > suggestions. This problem is quite active for at least last two years and quite a lot about that was written eg. here http://bsdly.blogspot.com/ so I can recommend it for reading. If you will disable passwords completely and use keys instead then you will have much less problems. > > - Onteria
Re: Multi-Port SSH brute force protection
> This problem is quite active for at least last two years and quite a > lot about that was written eg. here http://bsdly.blogspot.com/ so I > can recommend it for reading. If you will disable passwords completely > and use keys instead then you will have much less problems. Yes, looking over a few sites I'm moving to key based authentication as I type this email. Thank you for the blog link. This looks to be a very good read for enhancing OpenBSD knowledge. - Onteria
OpenBSD 4.8 released Nov 1, 2010
Nov 1, 2010. We are pleased to announce the official release of OpenBSD 4.8. This is our 28th release on CD-ROM (and 29th via FTP). We remain proud of OpenBSD's record of more than ten years with only two remote holes in the default install. As in our previous releases, 4.8 provides significant improvements, including new features, in nearly all areas of the system: - New/extended platforms: o i386 and amd64: - ACPI-based suspend/resume works on most machines with Intel/ATI video. Machines using NVidia graphics will not resume the graphics. cardbus(4) and pcmcia(4) will still have some problems, too. - Improved hardware support, including: o New acpisony(4) driver for Sony ACPI control. o New itherm(4) driver for Intel 3400 temperature sensor. o New se(4) driver for SiS 190 10/100/Gigabit Ethernet devices. o New uguru(4) driver for ABIT temperature, voltage and fan sensors. o New owctr(4) driver for 1-Wire counter devices. o New pgs(4) driver for Programmers Switch found on some macppc machines. o Support for 82576 fiber and 82577/82578 (PCH) based devices has been added to em(4). o Support for 24-bit encodings and USB 2.0 playback has been added to uaudio(4). o Support for Winbond/Nuvoton W83627DHG-P has been added to wbsio(4). o Support for RTL8168E has been added to re(4). o Support for 800x480 has been added to udl(4). o Support for M-audio Audiophile 192k has been added to envy(4). o Support for Intel Core i3/i5 internal graphics (Ironlake) has been added to inteldrm(4) and agp(4). o The ss(4) and uscanner(4) drivers have been removed. o Improved robustness of several SCSI/SAS/RAID HBA drivers, including mpi(4), mpii(4) and ciss(4). - New tools: o iked(8), an Internet Key Exchange version 2 (IKEv2) daemon. o ldapd(8), a Lightweight Directory Access Protocol (LDAP) daemon. - Filesystem midlayer improvements: o Fix internal locking in (still experimental!) NTFS. - OpenBGPD, OpenOSPFD and other routing daemon improvements: o bgpd(8) control sockets are now specified in the config file. This removes the -s and -r arguments to bgpd. o Extended the BGP MPLS VPN support to allow Layer-3 MPLS VPNs to be terminated on OpenBSD with the help of mpe(4), ldpd(8), and bgpd(8). o bgpd(8) supports multiple FIBs and it is possible to assign them to RIBs for redistribution. o bgpd now supports to use neighbor-as in AS filter statements and added two new filters -- max-as-seq and max-as-len -- to limit the length of a sequence of a single AS or the total length of an AS path. o Added softreconfig support in bgpd for peers changing the RIB. o Fixed multiprotocol MRT dumps and added 4-byte AS-Number support in bgpd(8). o Added support for ping6 and traceroute6 in bgplg(8) and bgplgsh(8) o ospfd(8) has better LSA pruning and config reload support. o ospf6d(8) now supports LSAs larger than the link MTU, has improved interoperability with other OSPFv3 implementations, can redistribute the default route, and will correctly handle IPv6 prefixes advertised by neighbours on the same link but not configured on the router itself. o Various improvements in ldpd(8) including correct penultimate hop popping, better session handling, and a imporved config file parser. - Generic network stack improvements: o ifconfig(8) and route(8) get better Multiprotocol Label Switching support. o traceroute(8) now supports extended ICMP headers which allows printing of MPLS labels. o Support for RFC 4941 privacy extensions for stateless address autoconfiguration has been added to inet6(4) and can be enabled via ifconfig(8). o ifconfig(8) now supports random selection of MAC addresses. o tcpdump(8) now decodes Multicast Listener Discovery version 2 and Internet Key Exchange version 2 traffic. o enc(4) and ipsec(4) are now aware of routing domains. o dhcpd(8) and dhclient(8) and are now capable of running in different routing domains. o Added MPLS support and a simple keepalive mechanism to gre(4). o Added MPLS support to gif(4). o Support for 802.1ad-style QinQ nested VLANs with the addition of svlan(4) (service VLAN) interfaces. o Added a RTM_DESYNC routing message as indicator that route messages got dropped because of insufficent buffer space. ospfd(8) uses this message to keep the internal view of the routing table in sync. - SCSI improvements: o better cd(4) detaching. o better st(4) sense data and buf handling. o eliminate excessive delays when starting DVD playing. o ask only for minimal (i.e. 18 bytes) sense data, fixing usb devices. o migrate to using bufq. o always try READ CAPACITY 16 on devices claimin
Re: error when compile the kernel
On Mon, 1 Nov 2010 14:28:00 +0100, roberth wrote > Your config is broken? Mine prints: > # config GENERIC > Don't forget to run "make depend" The OP's config is "broken" because of the 25 May 2010 change to config(8) for kernel builds. It was in the "Following -current" FAQ until today, when all of the changes since 4.7-release were removed. Older version here: http://www.openbsd.org/cgi-bin/cvsweb/~checkout~/www/faq/current.html?rev=1.238;content-type=text%2Fhtml#20100525 > In gerneral, if you want to run -current, you start by > upgrading to/installing the latest snapshot. =That= is the reason the OP's build failed.
Re: Multi-Port SSH brute force protection
On Mon, 1 Nov 2010, Gonzalo L. R. wrote: > From: Gonzalo L. R. > To: misc@openbsd.org > Date: Mon, 1 Nov 2010 14:39:41 > Subject: Re: Multi-Port SSH brute force protection > > pf and tables are your friends. More precisely, Peter Hansteen is your friend: http://home.nuug.no/~peter/pf/en/bruteforce.html -- Dennis Davis, BUCS, University of Bath, Bath, BA2 7AY, UK d.h.da...@bath.ac.uk Phone: +44 1225 386101
Re: Lenovo ThinkPad T60 won't resume
On Mon, Nov 1, 2010 at 4:38 AM, LEVAI Daniel wrote: > On Sun, Oct 31, 2010 at 15:06:29 -0700, Philip Guenther wrote: >> On Sunday, October 31, 2010, LEVAI Daniel wrote: >> > My Lenovo ThinkPad won't resume after suspend. When suspending, the >> > little moon led lights up, and when resuming it blinks, but that's all. >> ... >> >> Problem commit has been backed out. Update sys/ and rebuild. > > I'm sorry to say, but with the new kernel, I still can't get this > machine to resume. In a hurry and didn't have time to give any real information about your builds? Did files change when you did your cvs update (maybe the mirror you update from is slow)? In particular, sys/dev/acpi/{acpi.c,acpivar.h,dsdt.c} should have been updated and should now have $OpenBSD: lines with my name in them. Next, assuming that that's the case, had you ever done a "make depend" in that kernel compile directory? Hmm, there have been changes not too long ago that required running 'config' again, so if you've carried this kernel compile directory around a while then you should delete it and start with a config again. If that's all correct, then you're going to need to do some digging of your own to help track this down. What was the update time/date of the last kernel that you are sure could resume? Can you confirm that by updating to that date with "cvs update -D2010/10/XX" and building the result? (You should toast the compile directory in each case when doing this sort of thing.) If that confirms a success, then do a binary search from that date to the present. If not, back up further and try again... I mean, come on, "worked before, stopped working, still doesn't work" gives us nothing to go on for what broke your box. That last commit was what broke resume on _my_ thinkpad... Philip Guenther
Re: error when compile the kernel
On 11/01/10 10:01, roberth wrote: On Mon, 1 Nov 2010 08:40:04 -0500 "Josh Grosse" wrote: In gerneral, if you want to run -current, you start by upgrading to/installing the latest snapshot. =That= is the reason the OP's build failed. Othere general advice for OP, if he wants to follow current: sub the source-changes ml or atleast follow /faq/current.html and if you still want to try to go from 4.7 instead of a snapshot the relevant parts are now in /faq/upgrade-old.html . But as said before, snapshot first is less painfull. NO. Binary upgrade first is the ONLY WAY to avoid us making fun of you and laughing at you. Upgrading by source is NOT SUPPORTED. Sometimes it can be done in one step by carefully following current.html, but often interim versions must be built, and even then, sometimes it is very difficult. If you have time to do things the hard way, you need a hobby or to get out of the Linux mindset. The tools to do things the easy way are sitting on your nearest mirror. If you are trying to upgrade releases using current.html, you are doing it wrong. If you are looking at upgrade-old.html, you are doing it VERY WRONG. And I just made it a bit more difficult to do very wrong by removing upgrade-old.html Nick.
Re: suggestion for a new/additional OpenBSD release media option
> > For me, the ability to boot of the install media is not a requirement. I do > > all my installs via pxeboot. > > > > If there were enough room on the DVD, you could also provide the CDROM ISOs. > > If a user REALLY needed bootable media, they could > > burn the ISOs to CDROMs, and do that. > > > > Again, these are only suggestions. > > > > You understand your user/customer base infinitely better than I do. > > Obviously it is your decision what "products" you choose to offer. > > > You can have CD's with multiple types of OS and you have a choice > screen. MS MSDN CD's often have different versions; server OS cd's have > web, stranded and enterprise and you just get a choice screen. But > again, its all time and effort at the end of the day And how does this help macppc and sparc64?
Re: suggestion for a new/additional OpenBSD release media option
For me, the ability to boot of the install media is not a requirement. I do all my installs via pxeboot. If there were enough room on the DVD, you could also provide the CDROM ISOs. If a user REALLY needed bootable media, they could burn the ISOs to CDROMs, and do that. Again, these are only suggestions. You understand your user/customer base infinitely better than I do. Obviously it is your decision what "products" you choose to offer. You can have CD's with multiple types of OS and you have a choice screen. MS MSDN CD's often have different versions; server OS cd's have web, stranded and enterprise and you just get a choice screen. But again, its all time and effort at the end of the day
Re: OpenBSD 4.8 released Nov 1, 2010
El 01/11/2010 16:02, Theo de Raadt escribis: Nov 1, 2010. We are pleased to announce the official release of OpenBSD 4.8. This is our 28th release on CD-ROM (and 29th via FTP). We remain proud of OpenBSD's record of more than ten years with only two remote holes in the default install. Best OS ever. Thanks for the hard work and the effort. -J
Re: suggestion for a new/additional OpenBSD release media option
On Sun, Oct 31, 2010 at 3:39 PM, Jamie Paul Griffin wrote: >> Everytime one of you write to Theo directly, >> I feel like I'm watching gay porn. > > would someone please block this prick. it was funny to start with but now > it's intensely annoying. You could just toss his email in to your killfile.
Re: suggestion for a new/additional OpenBSD release media option
On Mon, Nov 1, 2010 at 11:11 AM, Michal wrote: > You can have CD's with multiple types of OS and you have a choice screen. > MS MSDN CD's often have different versions; server OS cd's have web, > stranded and enterprise and you just get a choice screen. But again, its all > time and effort at the end of the day > > There's a huge difference between "one OS - multiple license schemes" and "one OS - multiple hardware architectures".
Any improvements in mgetty/ppp for 4.8?
I would like to know if the mgetty/ppp userland code in 4.8 has improvements, only that because I'm getting weird problems right now with 4.3, thanks. ;) LeaL
Re: error when compile the kernel
OpenBSD Geek writes: > Hi, I just installed an OpenBSD 4.7. > > Now i want to update it to 4.7 > -current what i ve done : cd /usr/src ; tar zxvf src.tar.gz ; tar zxvf > sys.tar.gz You're at least six months too late to get 4.7-current. After those steps you have 4.7-release and matching sources unpacked. > cd /usr > > export cvsroot=anon...@anoncvs.fr.openbsd.org:/cvs > > > cvs -d$CVSROOT checkout -P src > > cd /usr/src cvs -d $CVSROOT up -Pd and this gives you the source of today's -current source, which is somewhere significantly past 4.8. You've skipped too many intermediate steps, and the result is what the FAQ and other sources warn you about. Assuming it's -current you want (now *4.8*-current), the only useful way to go is to install the most recent snapshot you can get your hands on and go from there. Then again, it's usually painless to go about it like this: 1) fetch the most recent snapshot install files available to a local directory 2) cd to that directory and run sysmerge -x etcNN.tgz -s etcNN.tgz (that will work in most cases, but there's always a risk you will need to do some hand editing if your setup is old enough, then again this isn't really the supported way) 3) copy the snapshot's bsd.rd to / 4) reboot; boot bsd.rd 5) follow the friendly prompts, choose disk and your local directory as the install source. couldn't be easier really. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
spamd -G whiteexp not honored?
Hi, I'm having problems with spamd and the -G option. It seems that spamd does not honor the whiteexp value at all, but uses the default value at all times: # pkill spam # /usr/libexec/spamd -G 4:10:500 # /usr/libexec/spamd-setup -D # /usr/libexec/spamlogd # spamdb -a 1.2.3.4 # spamdb|grep 1.2.3.4 WHITE|1.2.3.4|||1288600451|1288600451|1291710851|1|0 # date -r 1288600451 Mon Nov 1 09:34:11 CET 2010 # date -r 1291710851 Tue Dec 7 09:34:11 CET 2010 As you can see, the default 36 days are still in effect. This happens with all the whiteexp values I have tried, from 50 to 5000. I am using OpenBSD 4.6, but I have not seen anything related to this in the newer changelogs. It should be easy for someone on 4.7 (or 4.8) to verify if this behaviour is still there. Thanks, Daniel
Re: Multi-Port SSH brute force protection
* Dennis Davis [2010-11-01 17:19]: > More precisely, Peter Hansteen is your friend: > > http://home.nuug.no/~peter/pf/en/bruteforce.html and funny enough - I use that technique for ages, and only ever trapped myself with it once. While sitting on a table at ottawa uni - with peter. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting
Re: OpenBSD 4.8 released Nov 1, 2010
> Nov 1, 2010. > > We are pleased to announce the official release of OpenBSD 4.8. > > > ThanX to EVERYONE for this greatl OS! bb
Re: OpenBSD-capable, fanless, diskful computer with ECC RAM
Le Saturday 30 October 2010 02:14:21, Damien Miller a icrit : > Hi, > > Can anyone recommend a small, fanless computer that will accept a HD > (perhaps a 2.5" drive) that uses ECC RAM? Needless to say, it must run > OpenBSD. > > Being 64 bit, having accellerated crypto and/or supporting multiple drives > would be bonus points, but are not required. > > -d here ? http://www.logicsupply.com/ Regards
Re: OpenBSD 4.8 released Nov 1, 2010
On 11/01/2010 10:02:28 AM, Theo de Raadt wrote: > We are pleased to announce the official release of OpenBSD 4.8. I notice that the Errata link on the OpenBSD home page gets a 404. Are there no errata? Thanks for all the great work. Karl Free Software: "You don't pay back, you pay forward." -- Robert A. Heinlein
Re: OpenBSD 4.8 released Nov 1, 2010
Again a phenomenal release...thanks again for the best OS in existence. On Nov 1, 2010, at 8:02, Theo de Raadt wrote: > > Nov 1, 2010. > > We are pleased to announce the official release of OpenBSD 4.8. > This is our 28th release on CD-ROM (and 29th via FTP). We remain > proud of OpenBSD's record of more than ten years with only two remote > holes in the default install. > > As in our previous releases, 4.8 provides significant improvements, > including new features, in nearly all areas of the system: > > - New/extended platforms: >o i386 and amd64: > - ACPI-based suspend/resume works on most machines with > Intel/ATI video. Machines using NVidia graphics will not > resume the graphics. cardbus(4) and pcmcia(4) will still > have some problems, too. > > - Improved hardware support, including: >o New acpisony(4) driver for Sony ACPI control. >o New itherm(4) driver for Intel 3400 temperature sensor. >o New se(4) driver for SiS 190 10/100/Gigabit Ethernet devices. >o New uguru(4) driver for ABIT temperature, voltage and fan sensors. >o New owctr(4) driver for 1-Wire counter devices. >o New pgs(4) driver for Programmers Switch found on some macppc machines. >o Support for 82576 fiber and 82577/82578 (PCH) based devices has been > added to em(4). >o Support for 24-bit encodings and USB 2.0 playback has been added to > uaudio(4). >o Support for Winbond/Nuvoton W83627DHG-P has been added to wbsio(4). >o Support for RTL8168E has been added to re(4). >o Support for 800x480 has been added to udl(4). >o Support for M-audio Audiophile 192k has been added to envy(4). >o Support for Intel Core i3/i5 internal graphics (Ironlake) has been > added to inteldrm(4) and agp(4). >o The ss(4) and uscanner(4) drivers have been removed. >o Improved robustness of several SCSI/SAS/RAID HBA drivers, including > mpi(4), mpii(4) and ciss(4). > > - New tools: >o iked(8), an Internet Key Exchange version 2 (IKEv2) daemon. >o ldapd(8), a Lightweight Directory Access Protocol (LDAP) daemon. > > - Filesystem midlayer improvements: >o Fix internal locking in (still experimental!) NTFS. > > - OpenBGPD, OpenOSPFD and other routing daemon improvements: >o bgpd(8) control sockets are now specified in the config file. > This removes the -s and -r arguments to bgpd. >o Extended the BGP MPLS VPN support to allow Layer-3 MPLS VPNs to be > terminated on OpenBSD with the help of mpe(4), ldpd(8), and bgpd(8). >o bgpd(8) supports multiple FIBs and it is possible to assign them > to RIBs for redistribution. >o bgpd now supports to use neighbor-as in AS filter statements and > added two new filters -- max-as-seq and max-as-len -- to limit the > length of a sequence of a single AS or the total length of an AS path. >o Added softreconfig support in bgpd for peers changing the RIB. >o Fixed multiprotocol MRT dumps and added 4-byte AS-Number support in bgpd(8). >o Added support for ping6 and traceroute6 in bgplg(8) and bgplgsh(8) >o ospfd(8) has better LSA pruning and config reload support. >o ospf6d(8) now supports LSAs larger than the link MTU, has improved > interoperability with other OSPFv3 implementations, can redistribute > the default route, and will correctly handle IPv6 prefixes advertised > by neighbours on the same link but not configured on the router itself. >o Various improvements in ldpd(8) including correct penultimate hop > popping, better session handling, and a imporved config file parser. > > - Generic network stack improvements: >o ifconfig(8) and route(8) get better Multiprotocol Label > Switching support. >o traceroute(8) now supports extended ICMP headers which allows > printing of MPLS labels. >o Support for RFC 4941 privacy extensions for stateless address > autoconfiguration has been added to inet6(4) and can be enabled > via ifconfig(8). >o ifconfig(8) now supports random selection of MAC addresses. >o tcpdump(8) now decodes Multicast Listener Discovery version 2 > and Internet Key Exchange version 2 traffic. >o enc(4) and ipsec(4) are now aware of routing domains. >o dhcpd(8) and dhclient(8) and are now capable of running in different > routing domains. >o Added MPLS support and a simple keepalive mechanism to gre(4). >o Added MPLS support to gif(4). >o Support for 802.1ad-style QinQ nested VLANs with the addition > of svlan(4) (service VLAN) interfaces. >o Added a RTM_DESYNC routing message as indicator that route messages > got dropped because of insufficent buffer space. ospfd(8) uses > this message to keep the internal view of the routing table in sync. > > - SCSI improvements: >o better cd(4) detaching. >o better st(4) sense data and buf handlin
Call for Papers: AsiaBSDCon 2011
Hello, I would like to announce AsiaBSDCon the next year, 17-20 March 2011 in Tokyo. You can find the details at: http://2011.asiabsdcon.org and the CFP can be found at: http://2011.asiabsdcon.org/cfp.html Papers, videos, and photos of the past AsiaBSDCon can also be found there. The venue of AsiaBSDCon 2011 is the same as 2010 and 2009. The paper submission deadline is December 20, 2010. Please spread this to your friends in BSD communities and encourage them to attend (and write a paper). If you have a question, please do not hesitate to contact secret...@asiabsdcon.org. Thank you! -- Hiroki
Re: something weird with perl in CVS?
On Sat, Oct 30, 2010 at 02:44:50PM -0700, Philip Guenther wrote: > On Sat, Oct 30, 2010 at 10:34 AM, Maurice Janssen wrote: > > (...) I extracted the src.tar.gz from the 4.8 CDROM and > > synchronized the src tree to -stable through CVS. I expected to see > > about 5 files being changed, but to my surprise a lot (all?) files in > > src/gnu/usr.bin/perl/ were also updated. [Huh?] > There was a late change in the keyword substitution mode for those > files. That's a per-file mode (note that it's *not* per-revision > per-mode) and there are no email messages generated for them, just as > no messages generated for imports. Not that this is relevant here, but messages *are* generated for imports; see e.g. http://mid.gmane.org/201009101113.o8abdk74012...@cvs.openbsd.org. Joachim -- TFMotD: pthread_cond_init (3) - create a condition variable http://www.joachimschipper.nl/
Re: RESOLVED: segmentation faults during compiling
Hi, The exact value which solved my problem is definitively. staff:\ :datasize-cur=1G:\ I found out that datasize-cur is a hard limit which causes a virtual memory exhausted message. As soon as memory comes close to 512M (old value), the compile process used to terminate. Just a FYI. Thanks On Wed, Oct 13, 2010 at 8:47 PM, Theo de Raadt wrote: >> On Wed, Oct 13, 2010 at 6:37 PM, Amit Kulkarni wrote: >> > My question is: when we do an initial/fresh install, are these limits >> > set dynamically or they are hard coded? If I install on another >> > machine do I have to change the limits in /etc/login.conf manually? >> >> login.conf is the same for every install. > > There has been talk about going thourgh /usr/src/etc and building > machine-dependent (that means "architecture-dependent" for those of > you who are not on The Team) variations for this. > > People who dug into this got scared and didn't finish. We'd be willing > to look at things other people start for this... and then provide a > long series of comments... if someone has the staying power...
Re: OT IPv6 Was: nfsv4?
On Sun, Oct 31, 2010 at 10:09 PM, Theo de Raadt wrote: > I'm proud of it. Well actually, University of Alberta doesn't sound v6 enabled either... Steph
Re: OpenBSD-capable, fanless, diskful computer with ECC RAM
On 10/29/10 21:14, Damien Miller wrote: > Hi, > > Can anyone recommend a small, fanless computer that will accept a HD (perhaps > a 2.5" drive) that uses ECC RAM? Needless to say, it must run OpenBSD. > > Being 64 bit, having accellerated crypto and/or supporting multiple drives > would be bonus points, but are not required. > > -d > There are several Intel mini-ITX motherboard with embedded Intel Atom processors (I use a 64bit one as a home server). Mine is an Intel D945GCLF2D. Works 100% with OpenBSD. -- Hugo Osvaldo Barrera
Re: OT IPv6 Was: nfsv4?
On Mon, 1 Nov 2010, Marco Peereboom wrote: I bet they don't like IPX either. NO, bad nightmares IPX over a T1 bridge make it stop, make it stop
Re: OT IPv6 Was: nfsv4?
I bet they don't like IPX either. On Nov 1, 2010, at 18:58, FRLinux wrote: > On Sun, Oct 31, 2010 at 10:09 PM, Theo de Raadt wrote: >> I'm proud of it. > > Well actually, University of Alberta doesn't sound v6 enabled either... > > Steph
Re: OpenBSD-capable, fanless, diskful computer with ECC RAM
The D945GCLF2D (Atom) doesn't do ECC. On Nov 1, 2010, at 5:42 PM, Hugo Osvaldo Barrera wrote: > On 10/29/10 21:14, Damien Miller wrote: >> Hi, >> >> Can anyone recommend a small, fanless computer that will accept a HD (perhaps >> a 2.5" drive) that uses ECC RAM? Needless to say, it must run OpenBSD. >> >> Being 64 bit, having accellerated crypto and/or supporting multiple drives >> would be bonus points, but are not required. >> >> -d >> > > There are several Intel mini-ITX motherboard with embedded Intel Atom > processors (I use a 64bit one as a home server). > > Mine is an Intel D945GCLF2D. Works 100% with OpenBSD. > > -- > Hugo Osvaldo Barrera
A propos de votre NewsLetter
Si vous ne lisez pas correctement ce mail vous devez le visualiser en html
Does ldapd work?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 http://www.openbsd.org/cgi-bin/man.cgi?query=ldapd Caveats says: " ldapd does not fully work yet." Is this outdated? Is there any place I can find out exactly what DOESN'T work? Also, should ldapd be considered stable for actual usage (I mean, not just testing)? Thanks, cheers! - -- Hugo Osvaldo Barrera Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJMz3KGAAoJEIc88gcb++1EwYkIAJY538OOPIqOUFTRi8dijZV6 C2i7Gz1iK2Jw2ye2tHBO1SZx4q4YuVs8FP4hmy8IMXZfDqLEiIJcBLSuU3IBDgsH m/LRhyLJRdclmbO+1JUzYjjhfz+77NErAMeEc2gk6yxni0aNWhCYX1wTuXtcLHOm pgf9+Z9l7lPFQ6XSNDlvI4OR320M1J6sBUpkxKy6IgzHw+QrYuP2dr1NzhmLBBRf 7GE73gXgKqHK42hXjXH6rSI5ivPm2Ld5+rIYsyy8q27G56X9zkmGocfP1fc1FMHG T0/7lmzS9EA3hKweMHGaGqnlMHAbogCPJHMpTcNkJE5ML3uRKzo7x+k2Ak+0Nsw= =gs7H -END PGP SIGNATURE-
Recursos Humanos 2011, Noviembre 18 en México D.F.
[IMAGE] !Promociones Especiales para Grupos! Mayores informes responda este correo electrsnico con los siguientes datos. Empresa: Nombre: Telifono: Email: Nzmero de Interesados: Y en breve le haremos llegar la informacisn completa del evento. O bien comunmquense a nuestros telifonos un ejecutivo con gusto le atendera Tels. (33) 8851-2365, (33)8851-2741. Copyright (C) 2010, PMS Capacitacisn Efectiva de Mixico S.C. Derechos Reservados. PMS de Mixico, El logo de PMS de Mixico son marcas registradas. ADVERTENCIA PMS de Mixico no cuenta con alianzas estratigicas de ningzn tipo dentro de la Republica Mexicana. NO SE DEJE ENGAQAR - DIGA NO A LA PIRATERIA. Todos los logotipos, marcas comerciales e imagenes son propiedad de sus respectivas corporaciones y se utilizan con fines informativos solamente. Este Mensaje ha sido enviado a misc@openbsd.org como usuario de Pms de Mixico o bien un usuario le refiris para recibir este boletmn. Como usuario de Pms de Mixico, en este acto autoriza de manera expresa que Pms de Mixico le puede contactar vma correo electrsnico u otros medios. Si usted ha recibido este mensaje por error, haga caso omiso de el y reporte su cuenta respondiendo este correo con el subject BAJA Unsubscribe to this mailing list, reply a blank message with the subject UNSUBSCRIBE BAJA Tenga en cuenta que la gestisn de nuestras bases de datos es de suma importancia y no es intencisn de la empresa la inconformidad del receptor. [demime 1.01d removed an attachment of type image/jpeg which had a name of recursos humanos.jpg]
Re: Lenovo ThinkPad T60 won't resume
On 11/1/10, Philip Guenther wrote: ... > I mean, come on, "worked before, stopped working, still doesn't work" > gives us nothing to go on for what broke your box. That last commit > was what broke resume on _my_ thinkpad... ...or not. Further testing on my T60 (running i386) and T510 (running amd64) seems to indicate that Jordan's commit was just fine. My suspend problems appear to have been elsewhere as I'm now suspending and resuming just fine with the reverted commit back in my tree. So, while that change hasn't been recommitted yet, if you're running into problems with suspend or resume on a box that it worked fine on before, some sort of "worked with kernel from , failed on kernel from " really would assist in tracking this down. And build from a clean directory. Philip Guenther
sendmail relay defaults
hi misc, i was looking at rc.conf to activate sendmail and i ran into this: # For normal use: "-L sm-mta -bd -q30m", and note there is a cron job sendmail_flags="-L sm-mta -C/etc/mail/localhost.cf -bd -q30m" as i understand, sendmail is initially configured to send emails locally (ie, users on the same host). i'm setting up PHP on chrooted apache. mini_sendmail-chroot is already installed. i don't have any shells copied to the chroot bin directory (/var/www/bin). i was able to send mail from PHP using mini_sendmail-chroot after changing sendmail_flags to the one recommended by rc.conf. the setup is a web server out in the open internet. i'm using openbsd 4.6. two questions: 1) i want to make sure that sendmail won't relay email from any other host. is this setup enough? 2) what do i need to do to have multiple domain names allowed by sendmail to send from this host? eg, the websites i have are domain1.com, domain2.net. i think i can set the From field of the email from PHP code. any help or pointers would be greatly appreciated. /e
Re: Does ldapd work?
On Tue, Nov 2, 2010 at 3:08 AM, Hugo Osvaldo Barrera wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > http://www.openbsd.org/cgi-bin/man.cgi?query=ldapd > > Caveats says: " ldapd does not fully work yet." It was first implemented in 4.8 so if using current then you will have most up to date version. It's light implementation so there is not so much stuff like in "full" LDAP, but you can find details here http://www.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/ldapd/ And this is main developer of that http://marc.info/?l=openbsd-tech&m=125811270127832&w=2 > > Is this outdated? B Is there any place I can find out exactly what > DOESN'T work? > Also, should ldapd be considered stable for actual usage (I mean, not > just testing)? > > Thanks, cheers! > > - -- > Hugo Osvaldo Barrera > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iQEcBAEBAgAGBQJMz3KGAAoJEIc88gcb++1EwYkIAJY538OOPIqOUFTRi8dijZV6 > C2i7Gz1iK2Jw2ye2tHBO1SZx4q4YuVs8FP4hmy8IMXZfDqLEiIJcBLSuU3IBDgsH > m/LRhyLJRdclmbO+1JUzYjjhfz+77NErAMeEc2gk6yxni0aNWhCYX1wTuXtcLHOm > pgf9+Z9l7lPFQ6XSNDlvI4OR320M1J6sBUpkxKy6IgzHw+QrYuP2dr1NzhmLBBRf > 7GE73gXgKqHK42hXjXH6rSI5ivPm2Ld5+rIYsyy8q27G56X9zkmGocfP1fc1FMHG > T0/7lmzS9EA3hKweMHGaGqnlMHAbogCPJHMpTcNkJE5ML3uRKzo7x+k2Ak+0Nsw= > =gs7H > -END PGP SIGNATURE-
ssh vpn from mac os x to openbsd server howto
Hi , I created SSH VPN from my OpenBSD client at home to OpenBSD Server at office to work when I am sick. It is working great. I created it using the instructions in http://www.undeadly.org/cgi?action=article&sid=20090903183235 now mtu@ suggests there that dlg@ knows elegant methods on how a Mac OS X client can be used to create an SSH VPN to OpenBSD Server. I did email dlg@ privately but it seems he does not know and suggested me to ask here :-) It would be great if some body tell me how to use a Mac Client to SSH VPN to an OpenBSD Server so that a friend of mine can work from home :-) Thanks --Siju