Re: Laptop Recommendations?
I'm not sure if anything new is a good choice, particularly because of a lack of current GPU / WiFi drivers. I usually pick up something about a year or two old on refurb \ second hand market. Dell's business line (latitude / precision) have treated me well in the past. Just stick with Intel or and graphics.On Nov 10, 2016 12:47 AM, Nathan Kochwrote: > > Greetings Fair BSD Wizards, > I am new to the lists. I am currently shopping for a new Xmas present for > myself and am looking for a laptop that's portable and lightweight. > Preferably fast, cheap (close to free), light, and secure. If you have any > recommendations before the stormy winter hits the prairies please let me > know. > > Thank you. > Nate > > > Sailing the South Saskatchewan.
Re: usage of pf overload table option inside anchors
> On Nov 9, 2016, at 10:37 PM, Jan Kalkuswrote: > >> Hi, >> >> How does one use the overload state option inside an anchor? >> >> I'm running -current (7th november snapshot) 64bit, sample pf >> configurations follow with two different configuration attempts. >> Both print the following warning: >> >> pfctl: warning: namespace collision with global table. >> >> >> sample pf configurations below: >> >> table >> icmp_types = "{ echoreq, unreach }" >> ext_if="" >> int_if="{ em1 em2 em3 }" >> int_networks="{ em1:network, em2:network, em3:network }" >> v6broker="" >> v6resolver="" >> mediacenter="" >> set skip on lo >> set loginterface egress >> block drop in all >> antispoof quick for (egress) >> >> match proto { udp tcp } to port { domain ntp } set prio 6 >> match proto tcp to port ssh set prio 6 >> match in all scrub (no-df max-mss 1440) >> anchor "inet" on $ext_if { >>block quick from >>block all >>pass inet proto ipv6 from ($ext_if) to $v6broker tag GOOD >>pass inet proto icmp all icmp-type $icmp_types tag GOOD >>pass in inet proto {tcp,udp} from any to any port 4 rdr-to >> $mediacenter tag GOOD >>pass in inet proto tcp from any to any port {80,443} tag GOOD >>pass in inet proto tcp from any to any port 22 keep state (max-src-conn >> 50, max-src-conn-rate 3/15, overload flush global ) tag GOOD >>pass out from (self) to any tag GOOD >>pass out inet from $int_networks to any nat-to (egress) tag GOOD >>match out inet from $int_networks to any nat-to (egress) tag GOOD >>pass out inet6 from em2:network to any tag GOOD >>pass out inet6 proto udp from em2:network to $v6resolver port 53 tag >> GOOD >>block quick inet ! tagged GOOD >>} >> >> # > pfctl -f /etc/pf.conf >> pfctl: warning: namespace collision with global table. >> >> >> >> >> table >> icmp_types = "{ echoreq, unreach }" >> ext_if="" >> int_if="{ em1 em2 em3 }" >> int_networks="{ em1:network, em2:network, em3:network }" >> v6broker="" >> v6resolver="" >> mediacenter="" >> set skip on lo >> set loginterface egress >> block drop in all >> antispoof quick for (egress) >> >> match proto { udp tcp } to port { domain ntp } set prio 6 >> match proto tcp to port ssh set prio 6 >> match in all scrub (no-df max-mss 1440) >> anchor "inet" on $ext_if { >>block quick from >>block all >>pass inet proto ipv6 from ($ext_if) to $v6broker tag GOOD >>pass inet proto icmp all icmp-type $icmp_types tag GOOD >>pass in inet proto {tcp,udp} from any to any port 4 rdr-to >> $mediacenter tag GOOD >>pass in inet proto tcp from any to any port {80,443} tag GOOD >>pass in inet proto tcp from any to any port 22 keep state (max-src-conn >> 50, max-src-conn-rate 3/15, overload flush global ) tag GOOD >>pass out from (self) to any tag GOOD >>pass out inet from $int_networks to any nat-to (egress) tag GOOD >>match out inet from $int_networks to any nat-to (egress) tag GOOD >>pass out inet6 from em2:network to any tag GOOD >>pass out inet6 proto udp from em2:network to $v6resolver port 53 tag >> GOOD >>block quick inet ! tagged GOOD >>} >> >> # > pfctl -f /etc/pf.conf >> pfctl: warning: namespace collision with global table. >> >> >> Thank you for your help, >> Pedro Caetano >> > > Hi Pedro, > > In my experience, you only need the `global' table from main pf.conf. > > Subsequent anchors can reference `global' tables (tables that have been defined in pf.conf), but not the other way around. > > - Jan Apologies, I misinterpreted your configurations. I would first compare the outputs of the following two commands: `pfctl -s Tables’ `pfctl -a inet -s Tables’ to make sure there are no overlapping tables between the two. I have also had trouble with table collisions when accidentally creating a table with an identical name inside an anchor. I usually clear out the duplicate table from that anchor with a reboot. - Jan
Laptop Recommendations?
Greetings Fair BSD Wizards, I am new to the lists. I am currently shopping for a new Xmas present for myself and am looking for a laptop that's portable and lightweight. Preferably fast, cheap (close to free), light, and secure. If you have any recommendations before the stormy winter hits the prairies please let me know. Thank you. Nate Sailing the South Saskatchewan.
Re: usage of pf overload table option inside anchors
> Hi, > > How does one use the overload state option inside an anchor? > > I'm running -current (7th november snapshot) 64bit, sample pf > configurations follow with two different configuration attempts. > Both print the following warning: > > pfctl: warning: namespace collision with global table. > > > sample pf configurations below: > > table > icmp_types = "{ echoreq, unreach }" > ext_if="" > int_if="{ em1 em2 em3 }" > int_networks="{ em1:network, em2:network, em3:network }" > v6broker="" > v6resolver="" > mediacenter="" > set skip on lo > set loginterface egress > block drop in all > antispoof quick for (egress) > > match proto { udp tcp } to port { domain ntp } set prio 6 > match proto tcp to port ssh set prio 6 > match in all scrub (no-df max-mss 1440) > anchor "inet" on $ext_if { > block quick from > block all > pass inet proto ipv6 from ($ext_if) to $v6broker tag GOOD > pass inet proto icmp all icmp-type $icmp_types tag GOOD > pass in inet proto {tcp,udp} from any to any port 4 rdr-to > $mediacenter tag GOOD > pass in inet proto tcp from any to any port {80,443} tag GOOD > pass in inet proto tcp from any to any port 22 keep state (max-src-conn > 50, max-src-conn-rate 3/15, overload flush global ) tag GOOD > pass out from (self) to any tag GOOD > pass out inet from $int_networks to any nat-to (egress) tag GOOD > match out inet from $int_networks to any nat-to (egress) tag GOOD > pass out inet6 from em2:network to any tag GOOD > pass out inet6 proto udp from em2:network to $v6resolver port 53 tag > GOOD > block quick inet ! tagged GOOD > } > > # > pfctl -f /etc/pf.conf > pfctl: warning: namespace collision with global table. > > > > > table > icmp_types = "{ echoreq, unreach }" > ext_if="" > int_if="{ em1 em2 em3 }" > int_networks="{ em1:network, em2:network, em3:network }" > v6broker="" > v6resolver="" > mediacenter="" > set skip on lo > set loginterface egress > block drop in all > antispoof quick for (egress) > > match proto { udp tcp } to port { domain ntp } set prio 6 > match proto tcp to port ssh set prio 6 > match in all scrub (no-df max-mss 1440) > anchor "inet" on $ext_if { > block quick from > block all > pass inet proto ipv6 from ($ext_if) to $v6broker tag GOOD > pass inet proto icmp all icmp-type $icmp_types tag GOOD > pass in inet proto {tcp,udp} from any to any port 4 rdr-to > $mediacenter tag GOOD > pass in inet proto tcp from any to any port {80,443} tag GOOD > pass in inet proto tcp from any to any port 22 keep state (max-src-conn > 50, max-src-conn-rate 3/15, overload flush global ) tag GOOD > pass out from (self) to any tag GOOD > pass out inet from $int_networks to any nat-to (egress) tag GOOD > match out inet from $int_networks to any nat-to (egress) tag GOOD > pass out inet6 from em2:network to any tag GOOD > pass out inet6 proto udp from em2:network to $v6resolver port 53 tag > GOOD > block quick inet ! tagged GOOD > } > > # > pfctl -f /etc/pf.conf > pfctl: warning: namespace collision with global table. > > > Thank you for your help, > Pedro Caetano > Hi Pedro, In my experience, you only need the “global” table from main pf.conf. Subsequent anchors can reference “global” tables (tables that have been defined in pf.conf), but not the other way around. - Jan
Re: Dell R930 server
>What about my questions ? the work can be done by someone with technical skills who has the hardware and the need to do it.
Re: Dell R930 server
the only question I see is the question about the questions. -l On Wed, Nov 9, 2016 at 4:42 PM, Friedrich Lockewrote: > What about my questions ? > > Thanks.
Dell R930 server
What about my questions ? Thanks.
using httpd's pattern support?
Hi, I'm writing a book on OpenBSD's web stack. If you're using httpd's Lua pattern support ('location match' or 'server match'), I'd be interested in hearing what you're using it for. I'm collecting use cases. If you can share snippets of httpd.conf, that would be VERY helpful. Please reply off-list. I've set the reply-to, but no idea if that will survive the mailing list. Thanks, ==ml -- Michael W. Lucas - mwlu...@michaelwlucas.com, Twitter @mwlauthor http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/
Re: Dell R930 server
"Nobody in their right mind would use OpenBSD for that." That's how literally all of the projects I've used OpenBSD for have started. On Nov 9, 2016 2:39 AM, "Martin Schröder"wrote: > 2016-11-09 9:06 GMT+01:00 ludovic coues : > > I would say big data. > > > > Stackexchange have a pair of SQL Server, with 384Go of memory for > > stackoverflow and 768 for everything else, a Redis server with 256, a > > server for elasticsearch with 192 and same quantity for an HAProxy > > server. > > None of this is the domain of OpenBSD and nobody in his right mind > wants to run Stackexchange on OpenBSD. > > Or are you suggesting that SAP should port HANA to OpenBSD? > > Best >Martin
Re: dkimproxy_out doesn't sign my outgoing messages
On Wed, Nov 09, 2016 at 06:13:47PM +0100, Walter Alejandro Iglesias wrote: > Taking in care /etc/rc.d/dkimproxy_out flags: > > daemon_flags="--conf_file=/etc/dkimproxy_out.conf --user=_dkimproxy > --group=_dkimproxy" > > These files should be owned by _dkimproxy user and group. > It worked! Big thanks trondd! (Next time I promise to read the logs more carefully)
Re: dkimproxy_out doesn't sign my outgoing messages
On Wed, Nov 09, 2016 at 11:57:18AM -0500, trondd wrote: > Should also be in the maillog. Hey, I think I found the problem: Nov 9 10:37:12 server dkimproxy.out[38514]: signing error: Error: cannot read /var/dkimproxy/default.private: Permission denied The permissions are: # ls -l /var/dkimproxy/ total 8 -rw--- 1 root wheel 887 Nov 9 10:50 default.private -rw--- 1 root wheel 313 Nov 9 10:50 default.txt Taking in care /etc/rc.d/dkimproxy_out flags: daemon_flags="--conf_file=/etc/dkimproxy_out.conf --user=_dkimproxy --group=_dkimproxy" These files should be owned by _dkimproxy user and group.
Re: dkimproxy_out doesn't sign my outgoing messages
trondd, Your response was also useful to me in another more important way. I took a look to the headers of your message and I observe gmail says your dkim is correct: Authentication-Results: mx.google.com; dkim=pass header.i=@kagu-tsuchi.com; However, I had to rescue your message from my gmail SPAM folder! So, I wonder if all these efforts are in vain. :-) (I'm starting to think spammers are sponsored by them)
Re: dkimproxy_out doesn't sign my outgoing messages
On Wed, November 9, 2016 11:39 am, Walter Alejandro Iglesias wrote: > On Wed, Nov 09, 2016 at 09:27:58AM -0500, trondd wrote: >> On Wed, November 9, 2016 9:14 am, Walter Alejandro Iglesias wrote: >> > Hi everyone, >> > >> > First of all, is dkimproxy a work in progress? >> > >> > If it's not, then the long one. I've tried something similar to >> > the example in smtpd.conf(5). Outgoing messages don't get signed. >> > >> > >> > # dkim-genkey -s default -d mydomain.com -r -D /var/dkimproxy >> > >> > /etc/dkimproxy_out.conf >> > --- >> > listen127.0.0.1:10027 >> > relay 127.0.0.1:10028 >> > domainmydomain.com >> > signature dkim(c=relaxed) >> > signature domainkeys(c=nofws) >> > keyfile /var/dkimproxy/default.private >> > selector default >> > >> > >> > /etc/mail/smptd.conf >> > --- >> > egress_int="em0" >> > server="server.mydomain.com" >> > ca $server certificate "/etc/ssl/acme/chain.pem" >> > >> > table aliases file:/etc/mail/aliases >> > table valiases file:/etc/mail/valiases >> > table vdomains file:/etc/mail/vdomains >> > table addresses file:/etc/mail/addresses >> > table users file:/etc/mail/users >> > >> > pki $server certificate "/etc/ssl/acme/cert.pem" >> > pki $server key "/etc/ssl/acme/private/privkey.pem" >> > >> > listen on lo0 >> > listen on lo0 port 10028 tag DKIM >> > listen on $egress_int port 25 tls pki $server >> > listen on $egress_int port 465 smtps pki $server auth senders >> > masquerade >> > >> > accept from any for domain virtual deliver to >> mbox >> > accept for local alias deliver to mbox >> > accept tagged DKIM for any relay >> > accept from local sender for any relay via >> > smtp://127.0.0.1:10027 >> > >> > >> > Do I need to do something else? (running current) >> > >> > >> >Walter >> > >> >> Did you add the public key part to DNS for your domain? What's going on >> in maillog? > > I forgot to mention that, yes, I added the DNS record and checked its > validity using this site: > > http://dkimcore.org/tools/keycheck.html > > That tells me it's ok. Then I been sending to this testing address: > > check-a...@verifier.port25.com > > where I'm told (in a replay to my same address) the message isn't signed. > > /var/log/maillog just shows the message as correctly delivered: > > Nov 9 14:16:39 server smtpd[68603]: 44fc40aeb913cba0 mta event=delivery > evpid=1da22dbaa5825b53 from=<.*@mydomain.com> > to=rcpt=<-> source="192.168.1.101" > relay="??.??.??.??" (verifier.port25.com)" delay=2s result="Ok" stat="250 > 2.6.0 message received" > > >> Are the mails being forwarded to dkimproxy_out and back into >> smtpd as expected? >> > > How can I check this? > Should also be in the maillog. You should see smtpd accept the initial connection and relay it to 127.0.0.1 10027. Then accept a new connection from 127.0.0.1 or localhost and relay to the destination. If you don't see that, you can use tcpdump to see if the proxy is ever contacted. You can also trace which rules smtpd matched on. man smtpctl and search for trace. I run this at home, but can't access the machine from where I am. I can double check your configs later.
Re: dkimproxy_out doesn't sign my outgoing messages
On Wed, Nov 09, 2016 at 09:27:58AM -0500, trondd wrote: > On Wed, November 9, 2016 9:14 am, Walter Alejandro Iglesias wrote: > > Hi everyone, > > > > First of all, is dkimproxy a work in progress? > > > > If it's not, then the long one. I've tried something similar to > > the example in smtpd.conf(5). Outgoing messages don't get signed. > > > > > > # dkim-genkey -s default -d mydomain.com -r -D /var/dkimproxy > > > > /etc/dkimproxy_out.conf > > --- > > listen127.0.0.1:10027 > > relay 127.0.0.1:10028 > > domainmydomain.com > > signature dkim(c=relaxed) > > signature domainkeys(c=nofws) > > keyfile /var/dkimproxy/default.private > > selector default > > > > > > /etc/mail/smptd.conf > > --- > > egress_int="em0" > > server="server.mydomain.com" > > ca $server certificate "/etc/ssl/acme/chain.pem" > > > > table aliases file:/etc/mail/aliases > > table valiases file:/etc/mail/valiases > > table vdomains file:/etc/mail/vdomains > > table addresses file:/etc/mail/addresses > > table users file:/etc/mail/users > > > > pki $server certificate "/etc/ssl/acme/cert.pem" > > pki $server key "/etc/ssl/acme/private/privkey.pem" > > > > listen on lo0 > > listen on lo0 port 10028 tag DKIM > > listen on $egress_int port 25 tls pki $server > > listen on $egress_int port 465 smtps pki $server auth senders > > masquerade > > > > accept from any for domain virtual deliver to mbox > > accept for local alias deliver to mbox > > accept tagged DKIM for any relay > > accept from local sender for any relay via > > smtp://127.0.0.1:10027 > > > > > > Do I need to do something else? (running current) > > > > > > Walter > > > > Did you add the public key part to DNS for your domain? What's going on > in maillog? I forgot to mention that, yes, I added the DNS record and checked its validity using this site: http://dkimcore.org/tools/keycheck.html That tells me it's ok. Then I been sending to this testing address: check-a...@verifier.port25.com where I'm told (in a replay to my same address) the message isn't signed. /var/log/maillog just shows the message as correctly delivered: Nov 9 14:16:39 server smtpd[68603]: 44fc40aeb913cba0 mta event=delivery evpid=1da22dbaa5825b53 from=<.*@mydomain.com> to=rcpt=<-> source="192.168.1.101" relay="??.??.??.??" (verifier.port25.com)" delay=2s result="Ok" stat="250 2.6.0 message received" > Are the mails being forwarded to dkimproxy_out and back into > smtpd as expected? > How can I check this?
Re: low bandwidth results with IPSEC enabled between two PC Engines APU2C2
On 2016-11-09, "Comète"wrote: > I've made some bandwidth tests (on 6.0 stable - amd64) between two APU2C > boxes connected with an Ethernet cable and an IPSEC VPN using IKEDv2. I get a > maximum bandwidth of 66 Avg Mbps when IPSEC is enable which is, I think, very > low for an AES-NI enabled processor. Well, it still is a slow processor. For best performance, I'd add "childsa enc aes-128-gcm" to the iked configuration. The default cipher is aes-256-cbc with hmac-sha2-256, and the latter has a noticeable performance impact. > And about 30 seconds after the test is > started, I don't know why, the connection is lost and I have restart IKED > daemon on the "passive" host. Every half gigabyte of transferred data, iked rekeys. There is a longstanding bug there that causes the ikeds to lose synchronization. They will eventually resync on their own, but it takes several minutes. -- Christian "naddy" Weisgerber na...@mips.inka.de
Re: low bandwidth results with IPSEC enabled between two PC Engines APU2C2
On 2016-11-09, =?utf-8?B?Q29tw6h0ZQ==?=wrote: > Hi, > > I've made some bandwidth tests (on 6.0 stable - amd64) between two APU2C > boxes connected with an Ethernet cable and an IPSEC VPN using IKEDv2. I get a > maximum bandwidth of 66 Avg Mbps when IPSEC is enable which is, I think, very > low for an AES-NI enabled processor. Try it with aes-128-gcm. > And about 30 seconds after the test is > started, I don't know why, the connection is lost and I have restart IKED > daemon on the "passive" host. Anything in logs? Anything on-screen if you run iked -vd?
Re: dkimproxy_out doesn't sign my outgoing messages
On Wed, November 9, 2016 9:14 am, Walter Alejandro Iglesias wrote: > Hi everyone, > > First of all, is dkimproxy a work in progress? > > If it's not, then the long one. I've tried something similar to > the example in smtpd.conf(5). Outgoing messages don't get signed. > > > # dkim-genkey -s default -d mydomain.com -r -D /var/dkimproxy > > /etc/dkimproxy_out.conf > --- > listen127.0.0.1:10027 > relay 127.0.0.1:10028 > domainmydomain.com > signature dkim(c=relaxed) > signature domainkeys(c=nofws) > keyfile /var/dkimproxy/default.private > selector default > > > /etc/mail/smptd.conf > --- > egress_int="em0" > server="server.mydomain.com" > ca $server certificate "/etc/ssl/acme/chain.pem" > > table aliases file:/etc/mail/aliases > table valiases file:/etc/mail/valiases > table vdomains file:/etc/mail/vdomains > table addresses file:/etc/mail/addresses > table users file:/etc/mail/users > > pki $server certificate "/etc/ssl/acme/cert.pem" > pki $server key "/etc/ssl/acme/private/privkey.pem" > > listen on lo0 > listen on lo0 port 10028 tag DKIM > listen on $egress_int port 25 tls pki $server > listen on $egress_int port 465 smtps pki $server auth senders > masquerade > > accept from any for domain virtual deliver to mbox > accept for local alias deliver to mbox > accept tagged DKIM for any relay > accept from local sender for any relay via > smtp://127.0.0.1:10027 > > > Do I need to do something else? (running current) > > > Walter > Did you add the public key part to DNS for your domain? What's going on in maillog? Are the mails being forwarded to dkimproxy_out and back into smtpd as expected?
dkimproxy_out doesn't sign my outgoing messages
Hi everyone, First of all, is dkimproxy a work in progress? If it's not, then the long one. I've tried something similar to the example in smtpd.conf(5). Outgoing messages don't get signed. # dkim-genkey -s default -d mydomain.com -r -D /var/dkimproxy /etc/dkimproxy_out.conf --- listen127.0.0.1:10027 relay 127.0.0.1:10028 domainmydomain.com signature dkim(c=relaxed) signature domainkeys(c=nofws) keyfile /var/dkimproxy/default.private selector default /etc/mail/smptd.conf --- egress_int="em0" server="server.mydomain.com" ca $server certificate "/etc/ssl/acme/chain.pem" table aliases file:/etc/mail/aliases table valiases file:/etc/mail/valiases table vdomains file:/etc/mail/vdomains table addresses file:/etc/mail/addresses table users file:/etc/mail/users pki $server certificate "/etc/ssl/acme/cert.pem" pki $server key "/etc/ssl/acme/private/privkey.pem" listen on lo0 listen on lo0 port 10028 tag DKIM listen on $egress_int port 25 tls pki $server listen on $egress_int port 465 smtps pki $server auth senders masquerade accept from any for domain virtual deliver to mbox accept for local alias deliver to mbox accept tagged DKIM for any relay accept from local sender for any relay via smtp://127.0.0.1:10027 Do I need to do something else? (running current) Walter
Re: Wrong Guest OS type in VMware ESXi 5.5.0.3568722
On 11/09/16 03:24, Bryan Vyhmeister wrote: > On Tue, Nov 08, 2016 at 09:57:29PM +0300, Alexei Malinin wrote: >>> Synopsis: Wrong Guest OS type in VMware ESXi 5.5.0.3568722 >>> Description: >> OpenBSD kernel reports wrong Guest OS type to VMware ESXi. >>> Fix: >> Maybe somewhere in sys/dev/pv/hyperv.c: hv_fake_version()... > The sys/dev/pv/hyperv.c driver is for running OpenBSD under HyperV, not > VMware. It's the vmt(4) driver you are looking for. Starting on line 522 > of sys/dev/pv/vmt.c, there is a comment: > > "Host doesn't like it if we send an OS name it doesn't > recognise, so use the closest match, which happens > to be FreeBSD." > > I am not sure why vmt(4) reports as 32-bit rather than 64-bit but that > doesn't really matter. The root cause is that VMware does not support > OpenBSD as a officially supported guest operating system. This would > make a difference if there were VMware Tools from VMware but since > vmt(4) is implementing the required functions, it doesn't really matter. > OpenBSD works just fine under VMware ESXi and I have been using it that > way for at least six years running as "Other (64-bit)" before vmt(4) was > available. Thank you for the explanation, Bryan. "32-bit" confused me, and I tried to find where I could change "32" to "64" but I couldn't - should I hack vmware tools? -- Alexei Malinin
low bandwidth results with IPSEC enabled between two PC Engines APU2C2
Hi, I've made some bandwidth tests (on 6.0 stable - amd64) between two APU2C boxes connected with an Ethernet cable and an IPSEC VPN using IKEDv2. I get a maximum bandwidth of 66 Avg Mbps when IPSEC is enable which is, I think, very low for an AES-NI enabled processor. And about 30 seconds after the test is started, I don't know why, the connection is lost and I have restart IKED daemon on the "passive" host. If I disable the VPN, I get a maximum of 439 Avg Mbps which is not fabulous for a 1 Gbps link but quite better than 66 Mbps. The tests were made with tcpbench: tcpbench a.a.a.a on one host and tcpbench -s on the other one. No optimisation at all in sysctl.conf, only a default install. This is the IKEDv2 configuration file on host 2: ikev2 "HDV" active esp from $local_gw to $remote_gw \ from $LAN_LOCAL to $LAN_HDV_INFRA \ peer $remote_gw srcid $local_gw psk "testpassword" and the IKEDv2 configuration file on host 1: ikev2 "HDV-CEV" passive esp from $local_gw to $remote_gw \ from $LAN_HDV_INFRA to $LAN_CEV \ peer $remote_gw srcid $local_gw psk "testpassword" My question is, is there any optimisation I can set somewhere to get a better result with max bandwidth ? Thanks ! Morgan
Re: Dell R930 server
2016-11-09 9:06 GMT+01:00 ludovic coues: > I would say big data. > > Stackexchange have a pair of SQL Server, with 384Go of memory for > stackoverflow and 768 for everything else, a Redis server with 256, a > server for elasticsearch with 192 and same quantity for an HAProxy > server. None of this is the domain of OpenBSD and nobody in his right mind wants to run Stackexchange on OpenBSD. Or are you suggesting that SAP should port HANA to OpenBSD? Best Martin
Re: Dell R930 server
I would say big data. Stackexchange have a pair of SQL Server, with 384Go of memory for stackoverflow and 768 for everything else, a Redis server with 256, a server for elasticsearch with 192 and same quantity for an HAProxy server. And that's just a successful website. They aren't a search engine or a social network 2016-11-08 23:38 GMT+01:00 Mihai Popescu: > | Does OBSD "see" all the 96*128G memory available ? > > Out of curiosity, what does need such a memory today? Do you want to > use a ramdisk? > > Thanks. > -- Cordialement, Coues Ludovic +336 148 743 42