Re: Some hints to set up a PPTP or L2TP VPN client under OpenBSD

[Максим]

Hi, Denis.
At the moment I'd like to connect to a Mikrotik router which
was set up as a VPN server.
>From Ubuntu and Windows I'm able to connect
using built in solutions.
If there are some differences in MS Windows VPN Server
which I should take into account when connecting
from OpenBSD client, I'd be glad to know them as well.

Thanks in advance.
--
Maxim Rodin



03.12.2017, 13:30, "Denis" :
> Hi,
>
> Are you going to use OpenBSD as a client of MS Win server using L2TP and
> mschap auth?
>
> Thanks.
>
> On 12/3/2017 11:27 AM, Максим wrote:
>>  Hello,
>>  Where can I find any useful information about setting up a VPN client
>>  (PPTP or L2TP) in recent versions of OpenBSD?
>>  Everything I found goes about OpenBSD version 3.8.
>>
>>  --
>>  Best regards
>>  Maxim Rodin

Having a problem with sshlockout

[Андрей Поляков]

Hello
I have configured sshlockout. But it doesn't work properly.

Here is auth log:
root@openbsd-gw:~ # cat /var/log/authlog | grep sshlockout
Dec  4 06:37:54 openbsd-gw sshlockout[27074]: Detected ssh preauth attempt for 
an invalid user, locking out 59.63.166.104
Dec  4 07:40:16 openbsd-gw sshlockout[27074]: Detected ssh login attempt for an 
invalid user, locking out 5.188.10.176
Dec  4 07:46:34 openbsd-gw sshlockout[27074]: Detected ssh login attempt for an 
invalid user, locking out 185.190.58.108

But table in pf is empty:
root@openbsd-gw:~ # pfctl -t lockout -T show


Some info:

root@openbsd-gw:~ # uname -sr
OpenBSD 6.2

root@openbsd-gw:~ # syspatch -l
001_tcb_invalid
002_fktrace

root@openbsd-gw:~ # pkg_info sshlockout-0.20170726
Information for inst:sshlockout-0.20170726

root@openbsd-gw:~ # ps -aux | grep sshlockout
_syslogd 62152  0.0  0.2   308  1188 ??  Ip 8:31AM0:00.01 
/usr/local/sbin/sshlockout -pf lockout

root@openbsd-gw:~ # cat /etc/syslog.conf | grep sshlockout
auth.info;authpriv.info |exec 
/usr/local/sbin/sshlockout -pf lockout

root@openbsd-gw:~ # cat /etc/pf.conf
table  persist { }

set block-policy drop
set skip on lo

match in all scrub (no-df random-id)

block in all
block in quick from 

pass in on egress inet proto icmp from any to egress
pass in on egress inet proto tcp from any to egress port { ssh www }

pass out quick inet


Thanks for any help

Re: no sound by "Intel 6321ESB HD Audio"

[Jonathan Gray]

On Mon, Dec 04, 2017 at 01:37:53PM +0900, Tuyosi T wrote:
> i install openbsd 6.2 into mac pro 2006 .
> (boot by fedora's grub )
> 
> but i cannot hear sound .
> 
> $ dmesg | grep audio
> audio0 at azalia0
> 
> $ dmesg | grep azalia
> azalia0 at pci0 dev 27 function 0 "Intel 6321ESB HD Audio" rev 0x09: msi
> azalia0: codecs: Realtek ALC885
> audio0 at azalia0
> 
> are there any advices ?
> ---
> regards

Try the following diff though it may need a further quirk.

And include a full dmesg and pcidump -v output.

Index: sys/dev/pci/azalia_codec.c
===
RCS file: /cvs/src/sys/dev/pci/azalia_codec.c,v
retrieving revision 1.172
diff -u -p -r1.172 azalia_codec.c
--- sys/dev/pci/azalia_codec.c  28 Mar 2017 04:54:44 -  1.172
+++ sys/dev/pci/azalia_codec.c  4 Dec 2017 05:20:35 -
@@ -205,6 +205,14 @@ azalia_codec_init_vtbl(codec_t *this)
this->subid == 0x00a3106b) {/* APPLE_MB4 */
this->qrks |= AZ_QRK_GPIO_UNMUTE_0;
}
+   if (this->subid == 0x1000106b ||/* iMac 24 */
+   this->subid == 0x2800106b ||/* AppleTV */
+   this->subid == 0x3e00106b ||/* iMac 24 Aluminum */
+   this->subid == 0x0c00106b ||/* Mac Pro */
+   this->subid == 0x4200106b) {/* Mac Pro 4,1/5,1 */
+   this->qrks |= AZ_QRK_GPIO_UNMUTE_0 |
+   AZ_QRK_GPIO_UNMUTE_1;
+   }
if (this->subid == 0x00a1106b ||
this->subid == 0xcb7910de ||/* APPLE_MACMINI3_1 
(internal spkr) */
this->subid == 0x00a0106b)

no sound by "Intel 6321ESB HD Audio"

[Tuyosi T]

i install openbsd 6.2 into mac pro 2006 .
(boot by fedora's grub )

but i cannot hear sound .

$ dmesg | grep audio
audio0 at azalia0

$ dmesg | grep azalia
azalia0 at pci0 dev 27 function 0 "Intel 6321ESB HD Audio" rev 0x09: msi
azalia0: codecs: Realtek ALC885
audio0 at azalia0

are there any advices ?
---
regards

Re: Do not give-up on marketing

[Mike Hammett]

It sounds more like some people need to get modern messaging platforms and stop 
making such a big deal out of nothing. 




- 
Mike Hammett 
Intelligent Computing Solutions 

Midwest Internet Exchange 

The Brothers WISP 

- Original Message -

From: "Mikko Laine"  
To: r...@protonmail.com 
Cc: misc@openbsd.org 
Sent: Sunday, December 3, 2017 10:48:15 AM 
Subject: Re: Do not give-up on marketing 

Rupert Gallagher  wrote: 

> Finally, the truth behind the aggressive behaviour against me. Some of you 
> cannot read protonmail posts *because* you read the list through a mail 
> archive with a substandard implementation of mime encoding. Well, fuck you 
> and your mail archive. Upgrade, or die slowly. 

Even if the encoding issue is ignored, your messages still do not 
conform to the netiquette of this mailing list and make for difficult 
reading. Please do consider fixing your end. 

Re: Integrating "safe" languages into OpenBSD?

[bytevolcano]

I've always subscribed to the idea that too much safety results in too
may idiots, and the same is true for all these "safe" programming
languages. "Oh I don't have to write any form of bounds-checking,
because the language will do it for me."

To add further insult to injury, if the language's bounds checking kicks
in first your program may do something worse than just corrupting its
own memory. In my experience, apps written in these "safe" languages
(usually web apps or bloatware) actually have been the most bug-ridden
and bloated.

On Sun, 3 Dec 2017 15:54:43 -0500
Daniel Wilkins  wrote:

> And on top of what Theo said: rewriting stuff in "safe" languages doesn't 
> reduce
> the need for mitigations *anyway*. Nobody's rewriting all of the ports tree in
> memory safe languages.
> 

ed(1) text editor issue with Spanish accents

[Alejandro G. Peregrina]

Hello,

I've noticed something unexpected when entering an accent character
alone (´) and then deleting it in ed(1) in xterm(1). Instead of deleting
it, it creates another character which is seen as an inverted
exclamation (?) in the font 'misc-fixed'.

How to reproduce:
$ uname -a
OpenBSD foo.my.domain 6.2 GENERIC.MP#1 amd64
$ locale
LANG=
LC_COLLATE="C"
LC_CTYPE=en_US.UTF-8
LC_MONETARY="C"
LC_NUMERIC="C"
LC_TIME="C"
LC_MESSAGES="C"
LC_ALL=
$ #Let's append the ´ character in ed(1)
$ ed -p"> "
> a
´

Now let's delete with a backspace, return to create a newline and a dot
to stop appending, and then print:

$ ed -p"> "
> a

.
> p
(?)

(The (?) is a simulation of the font character that misc-fixed shows to
the terminal.)

Whenever I use more(1) or less(1) to view it, it shows:

$ more test.txt




I have to add that I tested this with urxvt and ed(1) prints an Â
character, but more(1) and less(1) keep printing .

When not using X this can't be reproduced. This is reproducible with
xterm(1) and urxvt(1) in cwm(1) and fvwm(1). I've tested this in Linux
and FreeBSD and this behaviour is not reproducible.

Thank you,
A

Re: renice and network forwarding

[Theo de Raadt]

won't help.

it does not adjust the scheduler in that way, at all

> just wondering if anyone else has tried using renice to
> de-prioritise other processes in an effort to give more cpu
> time to packet forwarding in the kernel ?
> 
> While Im certain that there significant risks to system stability
> and other functionality of the system if one were to carpet bomb
> the process list pids with renice 20. Perhaps the current defaults
> are for general purpose systems ? Perhaps  other network
> Administrators have tweaked background processes where a system
> was a single purpose system such as a Router, Firewall or Bridge.
> 
> Also is the softnet process (as seen by  command top -SH)  only
> interrupt handling of packets ?
>  or does it cover processing (e.g. forwarding if enabled ) (either
> bridging or routing depending on network config)
> 
> any advice  welcome ...
> 
> Thanks
> Tom Smyth
> 

renice and network forwarding

[Tom Smyth]

Hello all,

just wondering if anyone else has tried using renice to
de-prioritise other processes in an effort to give more cpu
time to packet forwarding in the kernel ?

While Im certain that there significant risks to system stability
and other functionality of the system if one were to carpet bomb
the process list pids with renice 20. Perhaps the current defaults
are for general purpose systems ? Perhaps  other network
Administrators have tweaked background processes where a system
was a single purpose system such as a Router, Firewall or Bridge.

Also is the softnet process (as seen by  command top -SH)  only
interrupt handling of packets ?
 or does it cover processing (e.g. forwarding if enabled ) (either
bridging or routing depending on network config)

any advice  welcome ...

Thanks
Tom Smyth

Multicast in OSPF with shared interface addresses

[Scott Nicholas]

I joined a VPN network (dn42) to learn BGP and such and decided to do
so with OpenBSD, which I'm also learning. Most peers are Linux
machines and they re-use their address on each VPN tunnel as a /32. I
have been successful doing the same until I decided I needed ospf for
my internal routes.

openospfd sets the interface (identified only by its IP) as the
multicast source. Since several tunnels have that address, it sets it
incorrectly. A brief look at Linux headers show that their newer
ip_mreqn struct includes an interface index since Linux 2.2. Perhaps
this is a useful inclusion in the OpenBSD kernel so that userland can
pick the interface correctly?

For now I've worked around this by assigning /31 aliases in
192.168.0.0/16 to the interfaces. But I'm curious what others are
doing that use OpenBSD as a router, as it's all fairly new to me. I'm
reading that OSPF could also have unicast neighbors setup, but
OpenOSPFd doesn't have this feature.

Re: Integrating "safe" languages into OpenBSD?

[Daniel Wilkins]

And on top of what Theo said: rewriting stuff in "safe" languages doesn't reduce
the need for mitigations *anyway*. Nobody's rewriting all of the ports tree in
memory safe languages.

Re: KVM / Proxmox Hosted OpenBSD Boxes Multiqueue Virtio Query

[Tom Smyth]

Stefan, All,

Thanks for your Response,  the reason I was asking was I was experiencing
some packet loss on a sub 1Gb/s Connection, on a setup where by
I had 70vlans on one interface and these vlans were subsequently  Bridged onto
another virtio Interface
I added in an additional Virtio Interface, and split the 70 Vlans
across 2 interfaces
ie I had 35 vlans on 2 virtio interfaces and then the 70 vlans were
bridged onto a
third virtio interface. This seemed to reduce the loss that I had.

Hope this helps and Stefan Thanks for your feedback

Tom Smyth




On 1 December 2017 at 07:39, Stefan Fritsch  wrote:
> On Friday, 1 December 2017 02:27:53 CET Tom Smyth wrote:
>> Hello All
>> I havent seen much by way of advice about multiqueue virtio
>> support on OpenBSD and I was wondering do other users use it ?
>> does anyone have experience with setting the number of virtio
>> queues in Proxmox for an OpenBSD guest ?
>> It is suggested by
>> proxmox  / KVM to set the number of Queues presented to a vm
>> to be = the number of vCPUs you have assigned to the Guest.
>
> openbsd does not yet support multiqueue for virtio and it does not make much
> sense to add that until the network stack is more parallel.
>
> Cheers,
> Stefan
>

Re: Integrating "safe" languages into OpenBSD?

[Theo de Raadt]

> As a response to this, Theo asked rhetorically "Where's ls, where's cat,
> where's grep, and where's sort?", implying that noone so far bothered to
> write implementations of even the basic unix utilities in such a
> language.

I wasn't implying.  I was stating a fact.  There has been no attempt
to move the smallest parts of the ecosystem, to provide replacements
for base POSIX utilities.

As a general trend the only things being written in these new
languages are new web-facing applications, quite often proprietory or
customized to narrow roles.  Not Unix parts.

Right now, there are zero usage cases in the source tree to require
those compiler tools.  We won't put a horse into the source tree when
society lacks cart builders.

> This brings me to the question, what if someone actually bothered?

So rather than bothering to begin, you wrote an email.

Awesome.

Yes, now I am implying something: you won't bother to rewrite the
utilities.

And I understand, why would anyone bother?  It took about 10 years for
gnu grep to be replaced sufficiently well in our tree.  This stuff
doesn't happen overnight.

However there is a rampant fiction that if you supply a new safer
method everyone will use it.  For gods sake, the simplest of concepts
like the stack protector took nearly 10 years for adoption, let people
should switch languages?  DELUSION.

> Under what conditions would you consider replacing one of the
> current C implementations with an implementation written in another,
> "safer" language?

In OpenBSD there is a strict requirement that base builds base.

So we cannot replace any base utility, unless the toolchain to build
it is in the base.  Adding such a toolchain would take make build time
from 40 minutes to hours.  I don't see how that would happen.

> Note that with Cgrep and haskell-ls, there do in fact exist
> implementations/analogues of two of the mentioned utilities in a
> memory safe language (Haskell).

Are they POSIX compliant?  No.  They are completely different programs
that have borrowed the names.

By the way, this is how long it takes to compile our grep:

0m00.62s real 0m00.63s user 0m00.53s system

Does Cgrep compile in less than 10 minutes?

Such ecosystems come with incredible costs.  For instance, rust cannot
even compile itself on i386 at present time because it exhausts the
address space.

Consider me a skeptic -- I think these compiler ecosystems face a grim
bloaty future.

Integrating "safe" languages into OpenBSD?

[Nicolas Schmidt]

Hi,

I recently watched a recording of Theo's talk on pledge at EuroBSDCon 2017, in 
which the question of memory-safe languages and their practical usefulness came 
up. Specifically, someone in the audience criticized the approach taken by 
OpenBSD, which (as I understand) accepts that all software is broken and 
mitigates the damage caused by various classes of exploits through techniques 
like ASLR, and suggested that instead one should stick to "memory safe 
languages" to avoid these exploits altogether.

As a response to this, Theo asked rhetorically "Where's ls, where's cat, 
where's grep, and where's sort?", implying that noone so far bothered to write 
implementations of even the basic unix utilities in such a language.

This brings me to the question, what if someone actually bothered? Under what 
conditions would you consider replacing one of the current C implementations 
with an implementation written in another, "safer" language? Note that with 
Cgrep and haskell-ls, there do in fact exist implementations/analogues of two 
of the mentioned utilities in a memory safe language (Haskell).

Best,
Nicolas Schmidt

Re: Do not give-up on marketing

[x9p]

nice idea. done. direct to trash.

cheers.

x9p

> On 2017-12-02, Mihai Popescu  wrote:
>>> Q2xpY2sgb24gc3RpY2tlcnMuCgpodHRwczovL3d3dy5wYXJhbGxlbGxhLm9y
>>> Zy9idXkvCgpEbyB0aGUgc2FtZSBhbmQgYmUgaGFwcHku
>>
>> Man, please quit using that encoding of ASCII mail.
>> Many people told you that is useless and it is not use by mainstream
>> servers.
>> Please have a try and disable this, you are killing the internet email
>> list for nothing ! There is no benefit in using that sht.
>
> Just filter @protonmail.com (I have it for message-id and in-reply-to),
> you'll have a more pleasant misc@-reading experience.
>
>

Re: Chip cheaper than chips

[Brian McCafferty]

On 12/03/17 03:23, Rupert Gallagher wrote:
> The bug on Atom C2000 was solved in the new C3000 series. It was a minor bug 
> anyway.
> 
> I have no evidence that the management engine is part of the new chip. It is 
> an expensive extension that Intel would not include for free. Besides, if 
> available, I think I would use it!
> 
> Sent from ProtonMail Mobile
> 
> On Sun, Dec 3, 2017 at 03:47,  wrote:
> 
>> https://danluu.com/cpu-bugs/

It's included in this notice:
https://www.intel.com/content/www/us/en/support/articles/25619/software.html

And shown on the diagram in this product brief:
https://www.intel.com/content/www/us/en/design/products-and-solutions/processors-and-chipsets/denverton/ns/atom-processor-c3000-series.html

slrn [was] Re: Do not give-up on marketing

[Edgar Pettijohn]

On Sun, Dec 03, 2017 at 12:59:01PM +, Stuart Henderson wrote:
> On 2017-12-03, Mihai Popescu  wrote:
> >> Just filter @protonmail.com (I have it for message-id and in-reply-to), 
> >> you'll have a more pleasant > misc@-reading experience.
> >
> > I use to read lists in marc.info.
> > It is a little bit off topic, but I dare to ask: what combination are
> > you using, like email client and misc@ configuration( i.e, daily
> > digest, individual emails, etc.)?
> >
> > I am sorry for the off topic.
> 
> For most lists I just use mutt. For noisier ones like misc I use slrn
> (via news.gmane.org) as the filtering in usenet clients is a bit better.

Thanks for this. I was looking for a newsreader a while back and
couldn't find one I liked. slrn is perfect!
> 
> 

18-year-old laptop "Compaq Armada 1750" still works fine ...

[Jens A. Griepentrog]

OpenBSD 6.2 (GENERIC) #1: Fri Dec  1 12:00:30 CET 2017

r...@syspatch-62-i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel Celeron ("GenuineIntel" 686-class, 256KB L2 cache) 366 MHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PSE36,MMX,FXSR,PERF

real mem  = 200785920 (191MB)
avail mem = 182915072 (174MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: date 06/04/99, BIOS32 rev. 0 @ 0xf
apm0 at bios0: Power Management spec V1.2 (BIOS managing devices)
pcibios0 at bios0: rev 2.1 @ 0xf/0x1080
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf09a0/96 (4 entries)
pcibios0: bad IRQ table checksum
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf6e60/96 (4 entries)
pcibios0: PCI Exclusive IRQs: 11
pcibios0: PCI Interrupt Router at 000:07:0 ("Intel 82371AB PIIX4 ISA" 
rev 0x00)

pcibios0: PCI bus #3 is the last bus
bios0: ROM list: 0xc/0x1
cpu0 at mainbus0: (uniprocessor)
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 0 function 0 "Intel 82443BX AGP" rev 0x03
intelagp0 at pchb0
agp0 at intelagp0: aperture at 0x5000, size 0x400
ppb0 at pci0 dev 1 function 0 "Intel 82443BX AGP" rev 0x03
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 "ATI Mach64" rev 0xdc
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
piixpcib0 at pci0 dev 7 function 0 "Intel 82371AB PIIX4 ISA" rev 0x02
pciide0 at pci0 dev 7 function 1 "Intel 82371AB IDE" rev 0x01: DMA, 
channel 0 wired to compatibility, channel 1 wired to compatibility

wd0 at pciide0 channel 0 drive 0: 
wd0: 16-sector PIO, LBA, 6194MB, 12685680 sectors
atapiscsi0 at pciide0 channel 0 drive 1
scsibus1 at atapiscsi0: 2 targets
cd0 at scsibus1 targ 0 lun 0:  ATAPI 
5/cdrom removable

wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2
cd0(pciide0:0:1): using PIO mode 4, DMA mode 2
wd1 at pciide0 channel 1 drive 0: 
wd1: 16-sector PIO, LBA, 9590MB, 19640880 sectors
wd1(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2
uhci0 at pci0 dev 7 function 2 "Intel 82371AB USB" rev 0x01: irq 11
piixpm0 at pci0 dev 7 function 3 "Intel 82371AB Power" rev 0x02: SMBus 
disabled

cbb0 at pci0 dev 17 function 0 "TI PCI1225 CardBus" rev 0x01: irq 11
cbb1 at pci0 dev 17 function 1 "TI PCI1225 CardBus" rev 0x01: irq 11
isa0 at piixpcib0
isadma0 at isa0
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
com2 at isa0 port 0x3e8/8 irq 5: ns16550a, 16 byte fifo
pckbc0 at isa0 port 0x60/5 irq 1 irq 12
pckbd0 at pckbc0 (kbd slot)
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pms0 at pckbc0 (aux slot)
wsmouse0 at pms0 mux 0
pms0: Synaptics clickpad, firmware 4.3, 0x8e58a1 0x3b4700
sb0: irq 5 already in use
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
usb0 at uhci0: USB revision 1.0
uhub0 at usb0 configuration 1 interface 0 "Intel UHCI root hub" rev 
1.00/1.00 addr 1

cardslot0 at cbb0 slot 0 flags 0
cardbus0 at cardslot0: bus 2 device 0 cacheline 0x8, lattimer 0x20
pcmcia0 at cardslot0
cardslot1 at cbb1 slot 1 flags 0
cardbus1 at cardslot1: bus 3 device 0 cacheline 0x8, lattimer 0x20
pcmcia1 at cardslot1
vscsi0 at root
scsibus2 at vscsi0: 256 targets
softraid0 at root
scsibus3 at softraid0: 256 targets
rl0 at cardbus0 dev 0 function 0 "Realtek 8139" rev 0x10: irq 11, 
address 00:19:e0:18:0c:fe

rlphy0 at rl0 phy 0: RTL internal PHY
root on wd0a (98c8f8a7f56949dd.a) swap on wd0b dump on wd0b

hw.machine=i386
hw.model=Intel Celeron ("GenuineIntel" 686-class, 256KB L2 cache)
hw.ncpu=1
hw.byteorder=1234
hw.pagesize=4096
hw.disknames=wd0:98c8f8a7f56949dd,cd0:,wd1:28b5edf4ef785b47
hw.diskcount=3
hw.cpuspeed=366
hw.physmem=200785920
hw.usermem=200773632
hw.ncpufound=1
hw.allowpowerdown=1

Battery state: high, 90% remaining, 0 minutes life estimate
A/C adapter state: connected
Performance adjustment mode: manual (366 MHz)

OpenBGPD: matching multiple BGP communities

[Pier Carlo Chiodi]

Hello,

is there a way to have OpenBGPD matching more than one BGP community in
a single statement?

I need to perform some actions only when 2 or more communities are
simultaneously attached to a route.

I've tried the following statements but all failed:

# syntax error
match from any community 1:2 3:4 set community 5:6
match from any community 1:2, 3:4 set community 5:6
match from any community {1:2 3:4} set community 5:6
match from any community {1:2, 3:4} set community 5:6

# "community" already specified
match from any community 1:2 community 3:4 set community 5:6

Thanks

-- 
Pier Carlo Chiodi
https://pierky.com
AS 999
router-id 192.0.2.2

fib-update no
log updates

nexthop qualify via default

group "clients" {
neighbor 192.0.2.11 {
remote-as 1

transparent-as yes
enforce neighbor-as no

announce all
announce as-4byte yes
announce IPv6 none
announce IPv4 unicast

set nexthop no-modify
}
}

match from any community 1:2 3:4 set community 5:6   # syntax error
match from any community 1:2, 3:4 set community 5:6  # syntax error
match from any community {1:2 3:4} set community 5:6 # syntax error
match from any community {1:2, 3:4} set community 5:6# syntax error
match from any community 1:2 community 3:4 set community 5:6 # "community" 
already specified



signature.asc
Description: Digital signature

Re: Do not give-up on marketing

[Mikko Laine]

Rupert Gallagher  wrote:

> Finally, the truth behind the aggressive behaviour against me. Some of you 
> cannot read protonmail posts *because* you read the list through a mail 
> archive with a substandard implementation of mime encoding. Well, fuck you 
> and your mail archive. Upgrade, or die slowly.

Even if the encoding issue is ignored, your messages still do not 
conform to the netiquette of this mailing list and make for difficult 
reading. Please do consider fixing your end.

Re: Do not give-up on marketing

[Rupert Gallagher]

Finally, the truth behind the aggressive behaviour against me. Some of you 
cannot read protonmail posts *because* you read the list through a mail archive 
with a substandard implementation of mime encoding. Well, fuck you and your 
mail archive. Upgrade, or die slowly.

Sent from ProtonMail Mobile

On Sun, Dec 3, 2017 at 13:59, Stuart Henderson  wrote:

> On 2017-12-03, Mihai Popescu wrote: >> Just filter @protonmail.com (I have it 
> for message-id and in-reply-to), you'll have a more pleasant > misc@-reading 
> experience. > > I use to read lists in marc.info. > It is a little bit off 
> topic, but I dare to ask: what combination are > you using, like email client 
> and misc@ configuration( i.e, daily > digest, individual emails, etc.)? > > I 
> am sorry for the off topic. For most lists I just use mutt. For noisier ones 
> like misc I use slrn (via news.gmane.org) as the filtering in usenet clients 
> is a bit better. @gmail.com>

Re: OpenBSD NFC support

[Stefan Sperling]

On Sun, Dec 03, 2017 at 03:48:06PM +0200, Lari Rasku wrote:
> I've been thinking about getting a laptop with a Near Field Communication
> module, but I'm worried if it'll work on OpenBSD.  A search through the
> mailing list archives, man pages and packages revealed only the the
> qtconnectivity package, whose description holds the following paragraph:
> 
>   Qt NFC enables connectivity between NFC enabled devices.
>   Be warned that Qt NFC on OpenBSD may need some additional
>   components.
> 
> Which seems to suggest that it's possible, but doesn't mention what those
> "additional components" might be.  Does anyone have any firm knowledge?
> 

I am quite certain that OpenBSD contains no drivers for any NFC devices.

I have an NFC device in a laptop. If it is enabled in the BIOS
OpenBSD hangs at boot due to an interrupt storm. I don't know if
this happens on other machines, but you may even have to disable
the NFC device in the BIOS in order to use OpenBSD at all...

OpenBSD NFC support

[Lari Rasku]

I've been thinking about getting a laptop with a Near Field 
Communication module, but I'm worried if it'll work on OpenBSD.  A 
search through the mailing list archives, man pages and packages 
revealed only the the qtconnectivity package, whose description holds 
the following paragraph:


Qt NFC enables connectivity between NFC enabled devices.
Be warned that Qt NFC on OpenBSD may need some additional
components.

Which seems to suggest that it's possible, but doesn't mention what 
those "additional components" might be.  Does anyone have any firm 
knowledge?

Re: Do not give-up on marketing

[Stuart Henderson]

On 2017-12-03, Mihai Popescu  wrote:
>> Just filter @protonmail.com (I have it for message-id and in-reply-to), 
>> you'll have a more pleasant > misc@-reading experience.
>
> I use to read lists in marc.info.
> It is a little bit off topic, but I dare to ask: what combination are
> you using, like email client and misc@ configuration( i.e, daily
> digest, individual emails, etc.)?
>
> I am sorry for the off topic.

For most lists I just use mutt. For noisier ones like misc I use slrn
(via news.gmane.org) as the filtering in usenet clients is a bit better.

Re: Do not give-up on marketing

[Mihai Popescu]

> Just filter @protonmail.com (I have it for message-id and in-reply-to), 
> you'll have a more pleasant > misc@-reading experience.

I use to read lists in marc.info.
It is a little bit off topic, but I dare to ask: what combination are
you using, like email client and misc@ configuration( i.e, daily
digest, individual emails, etc.)?

I am sorry for the off topic.

Re: Some hints to set up a PPTP or L2TP VPN client under OpenBSD

[Denis]

Hi,

Are you going to use OpenBSD as a client of MS Win server using L2TP and
mschap auth?

Thanks.

On 12/3/2017 11:27 AM, Максим wrote:
> Hello,
> Where can I find any useful information about setting up a VPN client
> (PPTP or L2TP) in recent versions of OpenBSD?
> Everything I found goes about OpenBSD version 3.8.
>
> --
> Best regards
> Maxim Rodin
>

Re: Do not give-up on marketing

[Stuart Henderson]

On 2017-12-02, Mihai Popescu  wrote:
>> Q2xpY2sgb24gc3RpY2tlcnMuCgpodHRwczovL3d3dy5wYXJhbGxlbGxhLm9y
>> Zy9idXkvCgpEbyB0aGUgc2FtZSBhbmQgYmUgaGFwcHku
>
> Man, please quit using that encoding of ASCII mail.
> Many people told you that is useless and it is not use by mainstream servers.
> Please have a try and disable this, you are killing the internet email
> list for nothing ! There is no benefit in using that sht.

Just filter @protonmail.com (I have it for message-id and in-reply-to),
you'll have a more pleasant misc@-reading experience.

Re: Chip cheaper than chips (ME)

[Rupert Gallagher]

Article on how to disable the management engine, if you have it and are afraid 
of it.

http://blog.ptsecurity.com/2017/08/disabling-intel-me.html?m=1

> @openmailbox.org>

Some hints to set up a PPTP or L2TP VPN client under OpenBSD

[Максим]

Hello,
Where can I find any useful information about setting up a VPN client
(PPTP or L2TP) in recent versions of OpenBSD?
Everything I found goes about OpenBSD version 3.8.

--
Best regards
Maxim Rodin

Re: obligatory leaving letter

[Robert Peichaer]

Well said, Ingo

-- 
-=[rpe]=-

Re: Chip cheaper than chips

[Rupert Gallagher]

The bug on Atom C2000 was solved in the new C3000 series. It was a minor bug 
anyway.

I have no evidence that the management engine is part of the new chip. It is an 
expensive extension that Intel would not include for free. Besides, if 
available, I think I would use it!

Sent from ProtonMail Mobile

On Sun, Dec 3, 2017 at 03:47,  wrote:

> https://danluu.com/cpu-bugs/