Re: OpenSMTPd maillist "compatible" manager Majordomo or what?
Hi, I set up mlmmj already. Thank you for recommendations. mlmmj seems to be a really great program to manage mail lists for OpenSMTPD! My question is how to add/remove mail list users by email commands like Majordomo do? For now I've done initial config for required list by command: $ doas /usr/local/bin/mlmmj-make-ml -L $listname -s /var/spool/mlmmj -c _smtpd But mailing to $listname return "denied" from mlmmj because of user list is absent. Thanks for advice. Denis On 3/21/2018 12:46 PM, Gilles Chehade wrote: > On Tue, Mar 20, 2018 at 10:38:43AM +, Craig Skinner wrote: >> Hi Denis, >> >> The OpenSMTPd mailing lists are mlmmj powered. >> >> http://www.OpenSMTPd.Org/list.html >> >> Join OpenSMTPd's misc@ list and ask OpenSMTPd questions there. >> > > mlmmj is a nice choice because it's simple and you can easily set it up > from within a ~/.forward file rather than /etc/mail/aliases which has a > huge security benefit. >
Re: PPPoE connection closing right after authentication?
On 03/20, Jon Martin wrote: > I'm hoping someone can do a sanity check for me. > > I'm trying to get an OpenBSD 6.2 router working with Teksavvy DSL. > Teksavvy uses PPPoE over Telus DSL. It seems to authenticate just fine, > but then my box immediately terminates the connection? > > My hostname.pppoe0, pretty much straight out of the man pages: > > inet 0.0.0.0 255.255.255.255 NONE \ > pppoedev em0 \ > authproto pap authname 'myteka...@teksavvy.com' authkey 'HiThere' \ > up debug > dest 0.0.0.1 > !/sbin/route add default -ifp pppoe0 0.0.0.1 > > Explicity turning off the dial-on-demand link1 flag does not change the > behaviour I'm seeing. I have put the logs created by the debug flag at > the bottom of this message. I'm on teksavvy as well, only thing I had to do special was login to the DSL modem and tell it to stop trying to login over PPPoE as well. I don't think you can be logged in twice. Not sure this is your issue, but might want to double check. gabe.
Re: xlock Does Not Unlock (Snapshot)
Hi Chris, I updated this morning to the latest snap: kern.version=OpenBSD 6.3 (GENERIC.MP) #82: Tue Mar 20 11:28:30 MDT 2018 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP This is what I see in syslog upon start and succesful unlock of xlock (note that I also use openbox): 2018-03-21T20:35:06.950Z pom xlock[95795]: Start: weerd, weerd, :0 2018-03-21T20:35:20.380Z pom xlock[95795]: xlock: root unlocked screen 2018-03-21T20:35:20.381Z pom xlock[95795]: Stop: weerd, weerd, :0, 0m 14s Does xlock log anything for you? If you start xlock from a terminal (say, xterm), does it output anything when you try to unlock but are not succesful? (which you would see after killing xlock from another tty) Have you tried running xlock under ktrace(1)? Are you running any other programs that might be grabbing your keyboard and/or mouse? You mention using yubikey. I don't think that works out-of-the-box without any further configuration. Can you undo that configuration and see if that makes a difference for unlocking with your password? Compare kdump output from a yubikey enabled attempt and a non-yubi attempt. That may give some more information to help diagnose the issue further. Cheers, Paul 'WEiRD' de Weerd On Wed, Mar 21, 2018 at 12:59:14PM -0700, Chris Wojo wrote: | Hello: | | I've found that when I run xlock to lock the screen, I cannot log back in. I must switch to a different tty and `kill -9 xlock`. | | I've tested this several with a few different snapshots since the 6.3 version change in both xfce and openbox. | Since xlock isn't working, I started using xflock4 and found that it will not accept my Yubikey for unlocking the screen; but requires my password. | | I feel like these two issues could be related; but I'm not aware of any way to diagnose why it won't accept my password or yubikey. | The yubikey authentication works on login; just not on screen locks. | | Here's the uname: | OpenBSD celestra 6.3 GENERIC.MP#89 amd64 | | Any insight or ways for me to help debug would be greatly appreciated. | | Thanks! | | -- >[<++>-]<+++.>+++[<-->-]<.>+++[<+ +++>-]<.>++[<>-]<+.--.[-] http://www.weirdnet.nl/
Re: xlock Does Not Unlock (Snapshot)
On 03/21/18 20:23, Chris Wojtyna wrote: I regularly run snapshots myself. I did a fresh install to move to full disk encryption. No custom Xorg conf dmesg: OpenBSD 6.3 (GENERIC.MP) #89: Wed Mar 21 02:14:53 MDT 2018 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 21331415040 (20343MB) avail mem = 20677857280 (19719MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.7 @ 0x9cbfd000 (65 entries) bios0: vendor LENOVO version "JBET54WW (1.19 )" date 11/06/2015 bios0: LENOVO 20BXCTO1WW acpi0 at bios0: rev 2 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP ASF! HPET ECDT APIC MCFG SSDT SSDT SSDT SSDT SSDT SSDT SSDT SSDT SSDT PCCT SSDT UEFI MSDM BATB FPDT UEFI DMAR acpi0: wakeup devices LID_(S4) SLPB(S3) IGBE(S4) EXP2(S4) XHCI(S3) EHC1(S3) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpihpet0 at acpi0: 14318179 Hz acpiec0 at acpi0 acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM) i7-5600U CPU @ 2.60GHz, 2494.63 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,RDSEED,ADX,SMAP,PT,IBRS,IBPB,STIBP,SENSOR,ARAT,MELTDOWN cpu0: 256KB 64b/line 8-way L2 cache acpihpet0: recalibrated TSC frequency 2594002659 Hz cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges cpu0: apic clock running at 99MHz cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1.1.1, IBE cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Core(TM) i7-5600U CPU @ 2.60GHz, 2494.23 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,RDSEED,ADX,SMAP,PT,IBRS,IBPB,STIBP,SENSOR,ARAT,MELTDOWN cpu1: 256KB 64b/line 8-way L2 cache cpu1: smt 1, core 0, package 0 cpu2 at mainbus0: apid 2 (application processor) cpu2: Intel(R) Core(TM) i7-5600U CPU @ 2.60GHz, 2494.23 MHz cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,RDSEED,ADX,SMAP,PT,IBRS,IBPB,STIBP,SENSOR,ARAT,MELTDOWN cpu2: 256KB 64b/line 8-way L2 cache cpu2: smt 0, core 1, package 0 cpu3 at mainbus0: apid 3 (application processor) cpu3: Intel(R) Core(TM) i7-5600U CPU @ 2.60GHz, 2494.23 MHz cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,RDSEED,ADX,SMAP,PT,IBRS,IBPB,STIBP,SENSOR,ARAT,MELTDOWN cpu3: 256KB 64b/line 8-way L2 cache cpu3: smt 1, core 1, package 0 ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 40 pins acpimcfg0 at acpi0 addr 0xf800, bus 0-63 acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus -1 (PEG_) acpiprt2 at acpi0: bus 2 (EXP1) acpiprt3 at acpi0: bus 3 (EXP2) acpiprt4 at acpi0: bus -1 (EXP3) acpicpu0 at acpi0: C3(200@233 mwait.1@0x40), C2(200@148 mwait.1@0x33), C1(1000@1 mwait.1), PSS acpicpu1 at acpi0: C3(200@233 mwait.1@0x40), C2(200@148 mwait.1@0x33), C1(1000@1 mwait.1), PSS acpicpu2 at acpi0: C3(200@233 mwait.1@0x40), C2(200@148 mwait.1@0x33), C1(1000@1 mwait.1), PSS acpicpu3 at acpi0: C3(200@233 mwait.1@0x40), C2(200@148 mwait.1@0x33), C1(1000@1 mwait.1), PSS acpipwrres0 at acpi0: PUBS, resource for XHCI, EHC1 acpipwrres1 at acpi0: NVP3, resource for PEG_ acpipwrres2 at acpi0: NVP2, resource for PEG_ acpitz0 at acpi0: critical temperature is 128 degC acpibtn0 at acpi0: LID_ acpibtn1 at acpi0: SLPB "LEN0071" at acpi0 not configured "LEN200F" at acpi0 not configured acpibat0 at acpi0: BAT0 model "45N1773" serial 20427 type LION oem "SANYO" acpibat1 at acpi0: BAT1 model "45N1775" serial 2659 type LION oem "SANYO" acpiac0 at acpi0: AC unit online acpithinkpad0 at acpi0 "PNP0C14" at acpi0 not configured "PNP0C14" at acpi0 not configured "PNP0C14" at acpi0 not configured "INT340F" at acpi0 not configured acpivideo0 at acpi0: VID_ acpivout at acpivideo0 not configured cpu
Re: xlock Does Not Unlock (Snapshot)
I regularly run snapshots myself. I did a fresh install to move to full disk encryption. No custom Xorg conf dmesg: OpenBSD 6.3 (GENERIC.MP) #89: Wed Mar 21 02:14:53 MDT 2018 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 21331415040 (20343MB) avail mem = 20677857280 (19719MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.7 @ 0x9cbfd000 (65 entries) bios0: vendor LENOVO version "JBET54WW (1.19 )" date 11/06/2015 bios0: LENOVO 20BXCTO1WW acpi0 at bios0: rev 2 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP ASF! HPET ECDT APIC MCFG SSDT SSDT SSDT SSDT SSDT SSDT SSDT SSDT SSDT PCCT SSDT UEFI MSDM BATB FPDT UEFI DMAR acpi0: wakeup devices LID_(S4) SLPB(S3) IGBE(S4) EXP2(S4) XHCI(S3) EHC1(S3) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpihpet0 at acpi0: 14318179 Hz acpiec0 at acpi0 acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM) i7-5600U CPU @ 2.60GHz, 2494.63 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,RDSEED,ADX,SMAP,PT,IBRS,IBPB,STIBP,SENSOR,ARAT,MELTDOWN cpu0: 256KB 64b/line 8-way L2 cache acpihpet0: recalibrated TSC frequency 2594002659 Hz cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges cpu0: apic clock running at 99MHz cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1.1.1, IBE cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Core(TM) i7-5600U CPU @ 2.60GHz, 2494.23 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,RDSEED,ADX,SMAP,PT,IBRS,IBPB,STIBP,SENSOR,ARAT,MELTDOWN cpu1: 256KB 64b/line 8-way L2 cache cpu1: smt 1, core 0, package 0 cpu2 at mainbus0: apid 2 (application processor) cpu2: Intel(R) Core(TM) i7-5600U CPU @ 2.60GHz, 2494.23 MHz cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,RDSEED,ADX,SMAP,PT,IBRS,IBPB,STIBP,SENSOR,ARAT,MELTDOWN cpu2: 256KB 64b/line 8-way L2 cache cpu2: smt 0, core 1, package 0 cpu3 at mainbus0: apid 3 (application processor) cpu3: Intel(R) Core(TM) i7-5600U CPU @ 2.60GHz, 2494.23 MHz cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,RDSEED,ADX,SMAP,PT,IBRS,IBPB,STIBP,SENSOR,ARAT,MELTDOWN cpu3: 256KB 64b/line 8-way L2 cache cpu3: smt 1, core 1, package 0 ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 40 pins acpimcfg0 at acpi0 addr 0xf800, bus 0-63 acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus -1 (PEG_) acpiprt2 at acpi0: bus 2 (EXP1) acpiprt3 at acpi0: bus 3 (EXP2) acpiprt4 at acpi0: bus -1 (EXP3) acpicpu0 at acpi0: C3(200@233 mwait.1@0x40), C2(200@148 mwait.1@0x33), C1(1000@1 mwait.1), PSS acpicpu1 at acpi0: C3(200@233 mwait.1@0x40), C2(200@148 mwait.1@0x33), C1(1000@1 mwait.1), PSS acpicpu2 at acpi0: C3(200@233 mwait.1@0x40), C2(200@148 mwait.1@0x33), C1(1000@1 mwait.1), PSS acpicpu3 at acpi0: C3(200@233 mwait.1@0x40), C2(200@148 mwait.1@0x33), C1(1000@1 mwait.1), PSS acpipwrres0 at acpi0: PUBS, resource for XHCI, EHC1 acpipwrres1 at acpi0: NVP3, resource for PEG_ acpipwrres2 at acpi0: NVP2, resource for PEG_ acpitz0 at acpi0: critical temperature is 128 degC acpibtn0 at acpi0: LID_ acpibtn1 at acpi0: SLPB "LEN0071" at acpi0 not configured "LEN200F" at acpi0 not configured acpibat0 at acpi0: BAT0 model "45N1773" serial 20427 type LION oem "SANYO" acpibat1 at acpi0: BAT1 model "45N1775" serial 2659 type LION oem "SANYO" acpiac0 at acpi0: AC unit online acpithinkpad0 at acpi0 "PNP0C14" at acpi0 not configured "PNP0C14" at acpi0 not configured "PNP0C14" at acpi0 not configured "INT340F" at acpi0 not configured acpivideo0 at acpi0: VID_ acpivout at acpivideo0 not configured cpu0: Enhanced SpeedStep 2494 MHz: speeds: 260
Re: xlock Does Not Unlock (Snapshot)
On Wed, Mar 21, 2018 at 12:59:14PM -0700, Chris Wojo wrote: > Hello: > > I've found that when I run xlock to lock the screen, I cannot log back in. I > must switch to a different tty and `kill -9 xlock`. > > I've tested this several with a few different snapshots since the 6.3 version > change in both xfce and openbox. > Since xlock isn't working, I started using xflock4 and found that it will not > accept my Yubikey for unlocking the screen; but requires my password. > > I feel like these two issues could be related; but I'm not aware of any way > to diagnose why it won't accept my password or yubikey. > The yubikey authentication works on login; just not on screen locks. > > Here's the uname: > OpenBSD celestra 6.3 GENERIC.MP#89 amd64 > > Any insight or ways for me to help debug would be greatly appreciated. > > Thanks! > > Howdy. Can you provide more information? Examples of such information would be: * dmesg * X config (if not autogenerated) * X log As another data point, I'm a daily user of xlock and regularly run the latest snapshot(s)/pkgs and have not experienced what you have on an Intel NUC (Skull Canyon) or a Thinkpad E475. +--+ Carlos
xlock Does Not Unlock (Snapshot)
Hello: I've found that when I run xlock to lock the screen, I cannot log back in. I must switch to a different tty and `kill -9 xlock`. I've tested this several with a few different snapshots since the 6.3 version change in both xfce and openbox. Since xlock isn't working, I started using xflock4 and found that it will not accept my Yubikey for unlocking the screen; but requires my password. I feel like these two issues could be related; but I'm not aware of any way to diagnose why it won't accept my password or yubikey. The yubikey authentication works on login; just not on screen locks. Here's the uname: OpenBSD celestra 6.3 GENERIC.MP#89 amd64 Any insight or ways for me to help debug would be greatly appreciated. Thanks!
Re: Building software that requires older libressl on snapshots
> There is a patch on rust-openssl to force the build using the latest > suppported version (see > lang/rust/patches/patch-src_vendor_openssl-sys_build_rs). Applying the patch worked > Running testsuite is usually a good method to check breakage. And the test suite passed > For me, rust FFI is a bit a shame: it is a *copy* of C headers, written > and maintained in Rust language. It is good for crosscompilation (as > Rust know how to build stuff without any C headers), but it is awful to > maintain and keep up-to-date. I think I recall work being done on that front? And as I'm writting this I realize you're the own who started the git issue. Issue #2239 on the rust github. (pasting in st is a bit bonkers right now, so I'm not copy pasting the url) Thanks for the help
Re: Dual-ISP home router setup problems
i just use route -T X exec dhclient in 6.3 AWESOME On Mon, Mar 19, 2018 at 7:54 AM, Samuel Wagen wrote: > And of course, too much copy paste while trying to use documentation > IP ranges. The two gateways in pf.conf above should be > > isp_a_gw = "198.51.100.1" > isp_b_gw = "203.0.113.1" > > The rest stands. > > On Mon, Mar 19, 2018 at 1:40 PM, Samuel Wagen wrote: >> Hello, >> >> I'm trying to build a home router with OpenBSD. I have two ISPs, both are >> giving me real IPs, one with straight DHCP (ISP_A), the other - via PPPoE >> (ISP_B). I've described the topology with more detail in the diagram below. >> >> I wanted to use PF with routing domains instead of multipath forwarding, due >> to multipath being very finicky when a link goes down. My current setup is >> described below. I have the following issues: >> >> - Initially I can't pass traffic from the LAN. I think this is due to the >> packets on em0 being dropped before PF has a chance to reach them, due >> to missing default route on rdomain 0. If I execute the following two >> commands: >> # route -T 0 add 198.51.100.0/24 127.0.0.1 >> # route -T 0 add 203.0.113.0/24 127.0.0.1 >> then traffic starts passing half of the time - if the round-robin >> decides it should go over the PPPoE link (ISP_B) - traffic from the LAN >> flows. If, however, it decides to go through the other link (ISP_A) - >> nothing passes, and I get the following kernel messages: >> >> arpresolve: 198.51.100.0: route contains no arp information >> >> - Traffic from the gateway itself to the Internet always fails, unless I >> specify a routing domain manually (route -T 1 exec whatever). Not sure >> what bogus route to add here, so that packets aren't dropped before PF, >> and what to add to PF so that they flow. >> >> In other words, I'm stuck, and need some pointers on how to continue and what >> am I doing wrong. I'm running latest snapshot, but also tried with 6.2. >> >> Many thanks in advance. >> >> Here's the info about my config, let me know if you need me to provide some >> more. The "internet" networks are from RFC5737 for illustration purposes. >> >> 1. Network diagram >> >>+-+ +-+ >>| ISP_A | | ISP_B | >>+---+-+ +---+-+ >>| | >>| | >>| | >> ++-+-+++ >> || em1 em2/pppoe0 || >> || DHCP client real IP || >> || IP: 198.51.100.20IP: 203.0.113.40 || >> || Net: 198.51.100.0/24 Net: 203.0.113.0/24 || >> || GW: 198.51.100.1 GW: 203.0.113.1 || >> || rdomain 1rdomain 2|| >> G| group isp_a group isp_b |G >> A||A >> T||T >> E+- - - - - - - - - - - NAT- - - - - - - - - - - -+E >> W||W >> A||A >> Y| em0 |Y >> || DHCP server || >> || IP: 172.16.16.1 || >> || Net: 172.16.16.0/24 || >> || rdomain 0|| >> || group lan|| >> +++---++ >> | >> | >> | >>+--++ >>|LAN| >>+---+ >> >> >> 2. Interface config files >> >> - /etc/hostname.em0 >> >> inet 172.16.16.1 255.255.255.0 172.16.16.255 group lan >> >> - /etc/hostname.em1 >> >> dhcp group isp_a rdomain 1 >> >> - /etc/hostname.em2 >> >> up >> >> - /etc/hostname.pppoe0 >> >> inet 0.0.0.0 255.255.255.255 NONE \ >> pppoedev em2 authproto chap \ >> authname 'user' authkey 'verysecret' \ >> group isp_b \ >> rdomain 2 \ >> up >> dest 0.0.0.1 >> !/sbin/route -T 2 add default -ifp pppoe0 0.0.0.1 >> >> >> 3. DHCP server config (/etc/dhcpd.conf) >> >> subnet 172.16.16.0 netmask 255.255.255.0 { >> option domain-name-servers 172.16.16.2, 172.16.16.3; >> option routers 172.16.16.1; >> range 172.16.16.100 172.16.16.199; >> } >> >> >> 4. PF config >> >> # Need to figure out how avoid hardcoding these >> isp_a_gw = "172.16.18.1" >> isp_b_gw = "192.168.68.1" >> >> set debug debug >> >> match in log all scrub (no-df random-id max-mss 1440) >> >> match out log on em1 from (lan:network) nat-to (em1) >> match out log on pppoe0 from (lan:network) nat-to (pppoe0) >> >> pass out log on lan to (
Re: SunBlade 150 to take at Lyon, France and ideas about 3 T1000 to replace, if possible.
Am 21. März 2018 14:36:31 MEZ schrieb Tinker : >Did Supermicro release non-AMD64 hardware recently? If I understood the >OP right he wants non-AMD64. Ah, missed that part. -- Sent from my cell phone
Re: SunBlade 150 to take at Lyon, France and ideas about 3 T1000 to replace, if possible.
On March 21, 2018 7:02 PM, Marc Peters wrote: > On Tue, Mar 20, 2018 at 04:21:14PM +0100, Sylvain Maurin wrote: > > > I am looking for OpenBSD hardware compatible 1/2U racks boxes, redondant > > PSU, > > > > with preference for another all but amd64 arch with LOM/RAC/IPMI management > > > > hardware, in less than 6kEUR budget range. > > > > Usually, my T1000 manage tunneling/forwarding for 20 ssh users, with 250Mb/s > > > > network streams. I suppose that most recent Loonsong or Octeon hardware > > would > > > > be able to do it easy, but I am unable to find any local resellers here, in > > > > France, outside for Ubiquity edgerouter that came without redundant PSU. > > > > I asked a quote to Rhino Labs for 2 Octeons SDNA boxes, without success. > > > > Helas, SPARC with ORACLE offers are not in my budget. > > Hi, > > you should look for supermicro boxes. They come with redundant power > supplies, ipmi and should fit your budget (processor dependent). As an EU > customer, you could also buy them in a different EU country (eg. Netherlands > or Germany). Did Supermicro release non-AMD64 hardware recently? If I understood the OP right he wants non-AMD64.
Re: What's the inc. SSH conn. launch seq., rel. to login.conf rlimit enforcement?
Hi Darren, Thanks for your clarifications - On March 21, 2018 6:50 PM, Darren Tucker wrote: .. > > - Steps 1 up to 4 are run as root by the sshd child, > > - login(1) is execve:ed at step "4. Changes to run with normal user > > privileges.", and it will > > login isn't used at all. On OpenBSD, sshd calls the equivalent > functions in session.c:do_setusercontext(). On other platforms > exactly what happens varies depending on platform and configuration > but it's roughly the same. Ah, the setusercontext(3) calls in session.c:do_setusercontext() both effectuate login class (login.conf) settings and set uid/gid. Neat! http://man.openbsd.org/setusercontext.3 https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c Thanks, Tinker
Re: SunBlade 150 to take at Lyon, France and ideas about 3 T1000 to replace, if possible.
On Tue, Mar 20, 2018 at 04:21:14PM +0100, Sylvain Maurin wrote: > I am looking for OpenBSD hardware compatible 1/2U racks boxes, redondant PSU, > with preference for another all but amd64 arch with LOM/RAC/IPMI management > hardware, in less than 6kEUR budget range. > > Usually, my T1000 manage tunneling/forwarding for 20 ssh users, with 250Mb/s > network streams. I suppose that most recent Loonsong or Octeon hardware would > be able to do it easy, but I am unable to find any local resellers here, in > France, outside for Ubiquity edgerouter that came without redundant PSU. > I asked a quote to Rhino Labs for 2 Octeons SDNA boxes, without success. > Helas, SPARC with ORACLE offers are not in my budget. > Hi, you should look for supermicro boxes. They come with redundant power supplies, ipmi and should fit your budget (processor dependent). As an EU customer, you could also buy them in a different EU country (eg. Netherlands or Germany). hth, Marc
Re: What's the inc. SSH conn. launch seq., rel. to login.conf rlimit enforcement?
On 20 March 2018 at 14:11, Tinker wrote: > Hi, > > When connecting to SSHD and authenticating as a user, in what sequence > are various processes launched (shell / shell with "-l" argument / sshd > child / login(1)), and in particular, at what stage are login.conf > settings enforced into the process context by login(1)? The general rule of thumb is that whatever must be run as root is, everything else is done after privileges have been dropped. sshd didn't use login(1) unless UseLogin was set, and that was removed in the 7.4 release. > I would guess this is what's described by the "LOGIN PROCESS" section > in the sshd(8) man page: > > * A child SSHD process is spawned already at connect time, meaning >prior to step 1, right. > * Steps 1 up to 4 are run as root by the sshd child, > > * login(1) is execve:ed at step "4. Changes to run with normal user >privileges.", and it will login isn't used at all. On OpenBSD, sshd calls the equivalent functions in session.c:do_setusercontext(). On other platforms exactly what happens varies depending on platform and configuration but it's roughly the same. [...] > * execve /bin/sh (or sshd??) to perform the remaining steps (5-9) Steps 5-9 are done by sshd. > > * The user's shell (without "-l") is execve:ed in step 9. > > http://man.openbsd.org/sshd.8#LOGIN_PROCESS > http://man.openbsd.org/login.conf.5 > > Also I'd guess it should be a similar process for SFTP sftp works approximately the same as a shell except sftp-server is exec'ed instead of the shell. >, telnet telnetd is no longer supported but I think it always exec'ed login(1). > other authenticated services. Can't speak to those. -- Darren Tucker (dtucker at dtucker.net) GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new) Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.
Re: Dell Latitude E6540 OpenBSD 6.2 amd64 freezes when adjusting refresh rate using xrandr
On 2018-03-20, Xianwen Chen wrote: > Dear OpenBSD users, > > I run OpenBSD 6.2 amd64 on a Dell Latitude E6540 laptop. > > I hook a Dell U2412M monitor to the laptop using VGA port. So you have a pretty decent monitor and laptop, but you're using an analogue connection (which means: digital generation, converted to analogue in the laptop, sent over a cable, sampled at the monitor to convert back to digital), at a resolution and refresh rate which is right at the practical limit for the cable. I think you'll be a lot happier if you get an HDMI-DisplayPort cable and switch to a digital connection.
Re: SunBlade 150 to take at Lyon, France and ideas about 3 T1000 to replace, if possible.
On Tue, Mar 20, 2018 at 04:21:14PM +0100, Sylvain Maurin wrote: > I am looking for OpenBSD hardware compatible 1/2U racks boxes, redondant PSU, > with preference for another all but amd64 arch with LOM/RAC/IPMI management > hardware, in less than 6kEUR budget range. A T5220 machine is stable for me after some patches to the cbus(4) driver family, which work around issues that look like firwmare bugs and prevented LDOM guests from working. These fixes will be in 6.3. It looks like these machines would fit your requirements? It's essentially one generation up from the T1000. The firmware versions I am using on my T5220 are: SP firmware 3.0.12.8.a SP firmware build number: 108523 SP firmware date: Fri Mar 11 07:19:16 PST 2016 SP filesystem version: 0.1.22 hypervisor_version = Hypervisor 1.10.7.h 2016/03/11 07:13 obp_version = OpenBoot 4.33.6.g 2016/03/11 06:05 post_version = POST 4.33.6.g 2016/03/11 06:15 status = OpenBSD running sysfw_version = Sun System Firmware 7.4.10.a 2016/03/11 07:45 There is one known outstanding issue with softraid(4) boot inside LDOM guests, again due to a firmware bug. This patch probably won't make 6.3 as it potentially affects many machines and it is too late now to get it tested properly before release: https://marc.info/?l=openbsd-tech&m=152085114214080&w=2 But softraid(4) boot from physical disks works fine without this patch.
Re: OpenSMTPd maillist "compatible" manager Majordomo or what?
On Tue, Mar 20, 2018 at 10:38:43AM +, Craig Skinner wrote: > Hi Denis, > > The OpenSMTPd mailing lists are mlmmj powered. > > http://www.OpenSMTPd.Org/list.html > > Join OpenSMTPd's misc@ list and ask OpenSMTPd questions there. > mlmmj is a nice choice because it's simple and you can easily set it up from within a ~/.forward file rather than /etc/mail/aliases which has a huge security benefit. -- Gilles Chehade https://www.poolp.org @poolpOrg
Re: Building software that requires older libressl on snapshots
On 2018-03-21, Sebastien Marie wrote: > For me, rust FFI is a bit a shame: it is a *copy* of C headers, written > and maintained in Rust language. It is good for crosscompilation (as > Rust know how to build stuff without any C headers), but it is awful to > maintain and keep up-to-date. If these headers are in one place, rather than being copied around between various programs which use them, it has an advantage over Go :-)