Re: trouble installing php on 6.3

[Michael Maurer]

On 16 April 2018 at 18:41, IL Ka  wrote:
> Hm.. sounds strange then.
>
> Did you try to call "pkg_add libxml"?
> If not, then try and in case of success try pkg_add php again
>
>
> If it does not work, then lets do the following:
>
> To make sure libxml is deleted
> # pkg_delete libxml
>
> use different mirror
> # echo "http://ftp.eu.openbsd.org/pub/OpenBSD/"; > /etc/installurl
>
> run pkg_add in verbose mode asking it to use different folder
>
> # mkdir /tmp/foo
> PKG_TMPDIR=/tmp/foo pkg_add -vvv libxml
>
> And post output here
>
>

Strangely that worked. I did some googling before I wrote to this
list, someone mentioned a similar error that
got resolved by adding a PKG_TMPDIR. Might that have been the case?

Re: CPUTYPE in mk.conf to set -march like in FreeBSD?

[Theo de Raadt]

IL Ka  wrote:

> In FreeBSD they have /etc/make.conf
> You set CPUTYPE= there, and
> /usr/share/mk/bsd.cpu.mk will read it, and set -march for CPUCFLAGS
> 
> This variable is used by ports, kernel, and any random Makefile may use it.
> (There are similar things in Linux Gentoo also)
> 
> But OpenBSD /etc/mk.conf does not have it nor bsd.cpu.mk
> exists in /usr/share/mk
> 
> So, OpenBSD does not use this approach, right?
> But why? Is it because most ports ignore it?

Because that's a fantastic way to accidentally build incompatible
snapshots and releases.

CPUTYPE in mk.conf to set -march like in FreeBSD?

[IL Ka]

In FreeBSD they have /etc/make.conf
You set CPUTYPE= there, and
/usr/share/mk/bsd.cpu.mk will read it, and set -march for CPUCFLAGS

This variable is used by ports, kernel, and any random Makefile may use it.
(There are similar things in Linux Gentoo also)

But OpenBSD /etc/mk.conf does not have it nor bsd.cpu.mk
exists in /usr/share/mk

So, OpenBSD does not use this approach, right?
But why? Is it because most ports ignore it?

Re: Kakoune editor on openbsd

[Patrick Marchand]

> On 04/16, Stuart Henderson wrote:
> > On 2018-04-16, Patrick Marchand  wrote:
> > So trying again I looked closer at what the function was doing and how
> > it was implemented for freebsd and dragonflybsd. The function
> > tries to find the executable path of kak, but the freebsd way of doing
> > it doesnt work because it doesnt seem like KERN_PROC_PATHNAME is defined
> > in openbsd? So whats the preferred way of doing this on openbsd?
> 
> Hardcode it.
If anybody wants to play with it, heres my tentative pull request
https://github.com/mawww/kakoune/pull/2005
 
Kakoune has at least one stable release, so I might make this my first
try at creating an openbsd package.

OpenVPN error (code=49) flushing routes /sh /etc/netstart seems to fix

[Tom Smyth]

Lads, and ladies,

I was wondering if anyone else comes across this
issue where  Openvpn client gives the following error

 04:38:33 78906 openvpn[56335]: Control Channel Authentication: using
'/etc/openvpn/tlsauth.pem' as a OpenVPN static key file
Apr 16 04:38:33 78906 openvpn[56335]: UDPv4 link local (bound): [undef]
Apr 16 04:38:33 78906 openvpn[56335]: UDPv4 link remote:
[AF_INET]i.p.address:443
Apr 16 04:38:33 78906 openvpn[56335]: write UDPv4: Can't assign
requested address (code=49)
Apr 16 04:38:35 78906 openvpn[56335]: write UDPv4: Can't assign
requested address (code=49)

I see references on OpenVPn fora that it is an
issue with the routing table getting corrupt

which sounds a bit weird when other access to the
system seems ok but  doing a  restart of the
physical network interface with the route
that openvpn uses to connect to the server

has anyone else come across this issue

Ill try to do more in depth debugging when
the issue arrises
is there any way of verifyin the route table

I use route -n show and it looks normal enough
arp -an  looked fine also

# arp -an
Host Ethernet Address   Netif Expire Flags
192.168.1.1  6c:3b:6b:e6:04:abem0 19m46s
192.168.1.11000:0d:b9:42:dc:68em0 permanent  l


# route -n show
Routing tables

Internet:
DestinationGatewayFlags   Refs  Use   Mtu  Prio Iface
default192.168.1.1UGS3  1066720 - 8 em0
224/4  127.0.0.1  URS0 2162 32768 8 lo0
127/8  127.0.0.1  UGRS   00 32768 8 lo0
127.0.0.1  127.0.0.1  UHl1  736 32768 1 lo0
192.168.1/24   192.168.1.110  UC 1 6662 - 4 em0
192.168.1.16c:3b:6b:e6:04:ab  UHLc   227648 - 4 em0
192.168.1.110  00:0d:b9:42:dc:68  UHLl   0 105119892 - 1 em0
192.168.1.255  192.168.1.110  UHb00 - 1 em0


Internet6:
DestinationGateway
Flags   Refs  Use   Mtu  Prio Iface
::/96  ::1UGRS
  00 32768 8 lo0
::/104 ::1UGRS
  00 32768 8 lo0
::1::1UHl
 14   14 32768 1 lo0
::127.0.0.0/104::1UGRS
  00 32768 8 lo0
::224.0.0.0/100::1UGRS
  00 32768 8 lo0
::255.0.0.0/104::1UGRS
  00 32768 8 lo0
:::0.0.0.0/96  ::1UGRS
  00 32768 8 lo0
2002::/24  ::1UGRS
  00 32768 8 lo0
2002:7f00::/24 ::1UGRS
  00 32768 8 lo0
2002:e000::/20 ::1UGRS
  00 32768 8 lo0
2002:ff00::/24 ::1UGRS
  00 32768 8 lo0
fe80::/10  ::1UGRS
  00 32768 8 lo0
fec0::/10  ::1UGRS
  00 32768 8 lo0
fe80::1%lo0fe80::1%lo0UHl
  00 32768 1 lo0
ff01::/16  ::1UGRS
 11   11 32768 8 lo0
ff01::%lo0/32  ::1Um
  01 32768 4 lo0
ff02::/16  ::1UGRS
 11   11 32768 8 lo0
ff02::%lo0/32  ::1Um
  01 32768 4 lo0

Re: question regarding architecture mailing lists

[Tom Smyth]

Hello Theo, Diana,

Yeah .. it was one of those Misc Responses where I
responded to a PS with a n essay ... :)
basically i was putting a stick in the ground saying
"Here be trouble!!"...
and offering my humble experience as a MikroTik
User for those who might think the tilera would be
super awesome for OpenBSD
it would be alot of work with limited help from the
new owners of the
CPU

all the Best,
Tom Smyth

On 16 April 2018 at 23:21, Theo de Raadt  wrote:
> Diana Eichert  wrote:
>
>> On Mon, 16 Apr 2018, Theo de Raadt wrote:
>>
>> > Diana Eichert  wrote:
>> >
>> >> Hi Tom
>> >>
>> >> Thanks for educating the misc@ masses on Tile hardware.
>> >
>> > Unfortunately I don't think misc@ will do much with the info.
>>
>> I doubt they will either, however my original question still
>> stands.  Is there a better OpenBSD mailing list to discuss
>> hardware related to non x86 or x86_64 platforms?
>
> Discuss what?
>
> That OpenBSD doesn't run on it?  With pleasant requests that
> someone will write the code?
>
>> I know there is arm@, but sgi@ does not seem appropriate for Cavium
>> Octeon or other hardware.
>
> lists which very few people pay attention to
>
> OpenBSD uses very few mailing lists intentionally.
>



-- 
Kindest regards,
Tom Smyth

Mobile: +353 87 6193172
The information contained in this E-mail is intended only for the
confidential use of the named recipient. If the reader of this message
is not the intended recipient or the person responsible for
delivering it to the recipient, you are hereby notified that you have
received this communication in error and that any review,
dissemination or copying of this communication is strictly prohibited.
If you have received this in error, please notify the sender
immediately by telephone at the number above and erase the message
You are requested to carry out your own virus check before
opening any attachment.

carp ssh setup

[jungle Boogie]

Hi All,

I have a very simple carp setup - basically I want ssh access if the
master goes offline.
In theory, this are functioning correctly. In practice, it seems the
backup is taking over way too often - the backup takes over way too
often, even when I'm ssh'd to the master device.

master:
inet 192.168.0.99 255.255.255.0 192.168.0.255 vhid 1 carpdev dwxe0
state master advskew 1 pass pass

backup:
inet 192.168.0.99 255.255.255.0 192.168.0.255 vhid 1 carpdev cnmac0
state backup advskew 10 pass pass

Both are running openBSD snapshots of the latest for their platform
(master is arm64; backup is octeon).

I see there is a sysctl I can tweak regarding logging, but I don't
know if that's what I need to do in order to find out what's
happening.

Crude drawing: https://imgur.com/a/zcoU5


Is anyone else running carp in this simplistic of a manner that could
tell me of an issue?

-- 
---
inum: 883510009027723
sip: jungleboo...@sip2sip.info

Re: Kakoune editor on openbsd

[Stuart Henderson]

On 2018-04-16, Patrick Marchand  wrote:
> So trying again I looked closer at what the function was doing and how
> it was implemented for freebsd and dragonflybsd. The function
> tries to find the executable path of kak, but the freebsd way of doing
> it doesnt work because it doesnt seem like KERN_PROC_PATHNAME is defined
> in openbsd? So whats the preferred way of doing this on openbsd?

Hardcode it.

aesni/crypto related kernel panic on 6.3

[mabi]

Hi,

I finally replaced my old OpenBSD 5.0 firewall with 6.3 which also serves as a 
site-to-site VPN using now iked instead of isakmpd. The problem is that when I 
start a big transfer over the VPN to the remote site, also an OpenBSD 6.3 
firewall, the kernel panics. Crazy enough I tried to reproduce the problem to 
find out what it is related to and managed to even make both firewalls kernel 
panic at the same time. When this happens the hardware is frozen and won't take 
any input and won't even reboot automatically. I need to power it off and on 
again.

As I was logged into the serial console when I reproduced this problem I 
managed to get the following messages from the console:

fatal protection fault in supervisor mode
trap type 4 code 0 rip 8104d58a cs 8 rflags 10202 cr2  1dd9ec5f7c70 cpl 
a rsp 80002231ce28
panic: trap type 4, code=0, pc=8104d58a
Starting stack trace...
panic() at panic+0x11c
trap() at trap+0x688
--- trap (number 4) ---
memcpy(801be460,ff03a0f34188,0,0,16,a21ae232a3847235) at memcpy+0xa
aesni_process(ff03a0f34188) at aesni_process+0x124
crypto_invoke(8116ebc0) at crypto_invoke+0xd0
taskq_thread(0) at taskq_thread+0x67
end trace frame: 0x0, count: 251
End of stack trace.
syncing disks... 

​When this happened I just started to transfer over SSH a ZFS snapshot to the 
remote site using the IPSec VPN. The iked daemon was rekeying its SAs and then 
the kernel paniced...

Below I pasted the dmesg of the firewall corresponding to the kernel panic 
message above. I can't send now the dmesg of the remote firewall as I need to 
go on-site first. Please let me know if I should send any log files or other 
details.

Regards,
Mabi


OpenBSD 6.3 (GENERIC.MP) #107: Sat Mar 24 14:21:59 MDT 2018
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 17104490496 (16312MB)
avail mem = 16579031040 (15810MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xec1e0 (85 entries)
bios0: vendor American Megatrends Inc. version "4.6.5" date 02/05/2015
bios0: INTEL Corporation DENLOW_REFRESH_WS
acpi0 at bios0: rev 2
acpi0: sleep states S0 S5
acpi0: tables DSDT FACP APIC FPDT FIDT SSDT SSDT MCFG HPET SSDT SSDT ASF! SPCR 
DMAR EINJ ERST HEST BERT
acpi0: wakeup devices PEGP(S0) PEG0(S0) PEGP(S0) PEG1(S0) PEGP(S0) PEG2(S0) 
PXSX(S0) RP01(S0) PXSX(S0) RP02(S0) PXSX(S0) RP03(S0) PXSX(S0) RP04(S0) 
PXSX(S0) RP05(S0) [...]
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Xeon(R) CPU E3-1275 v3 @ 3.50GHz, 3691.99 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,IBRS,IBPB,STIBP,SENSOR,ARAT,MELTDOWN
cpu0: 256KB 64b/line 8-way L2 cache
acpitimer0: recalibrated TSC frequency 3491911605 Hz
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 99MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4, IBE
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Xeon(R) CPU E3-1275 v3 @ 3.50GHz, 3691.45 MHz
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,IBRS,IBPB,STIBP,SENSOR,ARAT,MELTDOWN
cpu1: 256KB 64b/line 8-way L2 cache
cpu1: smt 0, core 1, package 0
cpu2 at mainbus0: apid 4 (application processor)
cpu2: Intel(R) Xeon(R) CPU E3-1275 v3 @ 3.50GHz, 3691.45 MHz
cpu2: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,IBRS,IBPB,STIBP,SENSOR,ARAT,MELTDOWN
cpu2: 256KB 64b/line 8-way L2 cache
cpu2: smt 0, core 2, package 0
cpu3 at mainbus0: apid 6 (application processor)
cpu3: Intel(R) Xeon(R) CPU E3-1275 v3 @ 3.50GHz, 3691.45 MHz
cpu3: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,IBRS,IBPB,STIBP,SEN

Re: question regarding architecture mailing lists

[Theo de Raadt]

Diana Eichert  wrote:

> On Mon, 16 Apr 2018, Theo de Raadt wrote:
> 
> > Diana Eichert  wrote:
> >
> >> Hi Tom
> >>
> >> Thanks for educating the misc@ masses on Tile hardware.
> >
> > Unfortunately I don't think misc@ will do much with the info.
> 
> I doubt they will either, however my original question still
> stands.  Is there a better OpenBSD mailing list to discuss
> hardware related to non x86 or x86_64 platforms?

Discuss what?

That OpenBSD doesn't run on it?  With pleasant requests that
someone will write the code?  

> I know there is arm@, but sgi@ does not seem appropriate for Cavium
> Octeon or other hardware.

lists which very few people pay attention to

OpenBSD uses very few mailing lists intentionally.

Re: question regarding architecture mailing lists

[Diana Eichert]

On Mon, 16 Apr 2018, Theo de Raadt wrote:


Diana Eichert  wrote:


Hi Tom

Thanks for educating the misc@ masses on Tile hardware.


Unfortunately I don't think misc@ will do much with the info.


I doubt they will either, however my original question still
stands.  Is there a better OpenBSD mailing list to discuss
hardware related to non x86 or x86_64 platforms?  I know
there is arm@, but sgi@ does not seem appropriate for
Cavium Octeon or other hardware.

FWIW, it appears Mellanox doesn't have a future for
Tile h/w, http://www.mellanox.com/repository/solutions/tile-scm/

sorry for the noise
diana

Re: question regarding architecture mailing lists

[Theo de Raadt]

Diana Eichert  wrote:

> Hi Tom
> 
> Thanks for educating the misc@ masses on Tile hardware.

Unfortunately I don't think misc@ will do much with the info.

Re: question regarding architecture mailing lists

[Diana Eichert]

Hi Tom

Thanks for educating the misc@ masses on Tile hardware.  I have quite a
bit of experience with Tile h/w prior to the EZchip sale, however we could
no longer work with the hardware after the sale.

There was anotherBSD Tile-GX port, however it was never committed to
their tree.

g.day
diana

On Mon, 16 Apr 2018, Tom Smyth wrote:


Hi Diana

That Mikrotik router board is based on originally a tilera chip the chip
owner which was sold to ez chip which then sold to mellanox.
Im not sure what mellanox are doing with the tech
The chip was a tile architecture meaning adding additional cores was easy
(ier) for the manufacturer


From my experience of using hardware is that it is massively parallelising

individual 1 ghz cores..

Early experience was poor enough... aparently many vendors who tfied this
architecture had pains with the quality of the reference linux kernel 3.3x
i believe...
Stability was painful... to be fair it would be difficult for any vendor
trying to run code designed for faster individual cores and then trying to
run on many slower cores...

Packet ordering and through put was painful particularly with encapsulating
/dencapsulating traffic loads

The architecture has some nice features such as interrupt load balancing in
hardware (similar to those found on server chipsets...) nics built directly
ito the chip...

Mikrotik have done an lot of work on reworking their os to use the
architecture better... iron out kinks in the linux kernel on that
architecture... rewritten alot of their code to handle out of order packets
better and to make their code make use of more cores. Alot of their work is
paying off for certain loads but you are limited in what features you can
use on the router in "fast path" to get the big packet rate numbers ...

The build quality of the mikrotik ccrs make them more attractive for
development on than some of their low budget offerings (eg rb2011)

I have 1 x ccr2016 tilera 12 port 16 core router spare if there is an
interested dev who wants to seriously look at the architecture... but with
uncertainty of what mellanox will do with the chip it may be a waste of
time...
Also im not sure how open the architecture and if they have some bsd
licensed code / reference implentation to get development started on it
I hope this helps

Tom Smyth

On Mon 16 Apr 2018, 19:42 Diana Eichert,  wrote:


I subscribe to the OpenBSD arm list but was wondering what the
appropriate mon-misc list would be for mips based h/w, ex:
Cavium Octeon.

Sometimes I don't want to pollute misc@ with h/w specific
questions.

thanks
diana

PS Anyone seen this hardware,
https://mikrotik.com/product/CCR1036-12G-4S-EM ?

Re: OpenBSD + 3G/4G USB modem

[Roderick]

On Mon, 16 Apr 2018, MS wrote:


I will try it and let you know about the problems/results.


I am curious to see your tutorial at the end. :)



One more thing though, how do I know which USB port is which cuaXX?


Just plug the modem in a USB Port and see dmesg. You can also see
"man ucom".

It may happen that there appear many cuaUX. Try "cu -l" to each
and give the command "AT", the modem should answer with "OK".
If not, go out with "~." and try other.

By the way, you need from Provider:

(1) APN. You give it to the modem with AT+CGDCONT=1,"IP","APNofProvider"
(2) User and Pass. May be there are no auth, then there is nothing to
do. Otherwise user in the options file, user and pass in the chap
or pap secret files.
(3) Telefone Number. You give it to the modem with ATDT. At best in chat
script.

The connect script may look like:

REPORT CONNECT
ABORT BUSY
ABORT 'NO CARRIER'
ABORT ERROR
ABORT 'NO DIALTONE'
ABORT 'NO ANSWER'
'' at
OK atz
OK 'atdt*99#'
CONNECT

And the disconnect script:

ABORT 'NO CARRIER'
ABORT ERROR
ABORT 'NO DIALTONE'
ABORT 'NO ANSWER'
'' '\K'
'' '+++ATH'

In any case read chat to see how they are constructed, perhaps
you should better add some "SAY" statements to the above scripts to
better follow what happens.

And of course, you can also see "/var/log/messages" when testing.

Rodrigo

Re: OpenBSD vs Linux KVM Guest Performance and Stability

[Claudio Jeker]

On Mon, Apr 16, 2018 at 11:10:46PM +0300, Kapetanakis Giannis wrote:
> On 16/04/18 18:40, Claudio Jeker wrote:
> >
> >>really depends on the KVM/linux version
> >>
> >Don't forget to set "options kvm-intel preemption_timer=0" for modprobe on
> >newer linux kernels. After that it seems to work nicely.
> >
> 
> This module option (according to lists) is about timing issues with kvm and
> obsd.
> Does it affect performance as well?

It affects stability (sometimes VM hang because the clock interrupts don't
work correctly) which is a big performace killer. Also for me stat clock
was not running so there was no way to know what CPU load the VM has.
 
> which kernel?

I see it for sure on a 4.14 kernel. Guess more affected.

-- 
:wq Claudio

Re: OpenBSD + 3G/4G USB modem

[MS]

Thanks a lot! You Sir are a hero! :)
I will try it and let you know about the problems/results.

One more thing though, how do I know which USB port is which cuaXX? If I
connect to cua00 it seems to start conversation but the whole thing
freezes. cuaU0 gives not configured info.

Thanks,
MS

2018-04-15 22:50 GMT+02:00 Roderick :

>
> On Sun, 15 Apr 2018, MS wrote:
>
> Is there a successful story with OpenBSD and a 3G USB modem?
>>
>
> I use it since years.
>
> I've read the manuals, but can't really glue the whole thing together
>> to make it work.
>>
>
> Yes, the manuals and the files/examples in /etc/ppp should be enough.
> It should be like configuring an old analog modem (That I never needed :).
>
> Some ideas to get the whole picture:
>
> (1) You need to create a ppp interface, let us say do
>  "ifconfig ppp0 create". See "man 4 ppp" for it.
>
> (2) You need need the modem to be ready for the connection,
>  first connect to it with "cu -l /dev/cuaU0" (if it is
>  pluged in cuaU0) and give commands like:
>
>  AT
>  AT+CPIN="YourPin"
>  AT+CGCONT=1,"IP","APNofYourProvider" [perhaps only once, modem saves
> it]
>  ~. [to leave the session]
>
> You can see more commands here:
>
> http://www.etsi.org/deliver/etsi_ts/127000_127099/127007/13.
> 03.00_60/ts_127007v130300p.pdf
> http://smssolutions.net/tutorials/gsm/
>
> (3) With "man pppd" you learn how to write a file with "options" that
>  goes to the directory "/etc/ppp/peers/". It depends on your
>  modem, on your provider. Let us call it "/etc/ppp/peers/xyz".
>  Then you start the connection with "pppd call xyz". See with
>  "ifconfig" what happens.
>
> (4) You need to set manually a DNS in "/etc/resolv.conf", unfortunately
>  OpenBSDs pppd does not do it.
>
> Back to "/etc/ppp/peers/xyz". There are lines ("options") of the form
>
> connect "/usr/sbin/chat -v -f /etc/ppp/con.chat"
> disconnect "/usr/sbin/chat -v -f /etc/ppp/dis.chat"
>
> They call the program "chat" applied to the "chat scripts" con.chat and
> dis.chat when connecting and disconnecting, chat communicate
> with the modem. See "man 8 chat" to see how the chat scripts are
> written. The above commands (after cu) could be for example included
> in con.chat. You could also use other programs different from chat.
>
> You also can see in in "/etc/ppp/peers/xyz" a line of the form
>
> user username
>
> For this username there should be a password in the file
> "/etc/ppp/chap-secrets" or "/etc/ppp/pap-secrets". The
> provider gives you this username and password. Authentication is
> also described in "man 8 pppd".
>
> I hope, you get now the whole picture and can concentrate on the details.
>
> Any corrections or commentaries there?
>
> Rodrigo.
>
>

Kakoune editor on openbsd

[Patrick Marchand]

So I'd like to try the kakoune editor on openbsd 6.3-current. 

For now I've identified two files that stop me from compiling the project, 
The first one is the makefile, which requires gmake and has a os
specific command for finding ncursesw and the second one is the file.cc
file in the get_kak_binary_path function, where there is also os specific
preprocessing.

My naive fix was to copy paste the dragonflybsd entries and rename them
to openbsd and while it does allow the project to compile, it
understandably aborts when run.

So trying again I looked closer at what the function was doing and how
it was implemented for freebsd and dragonflybsd. The function
tries to find the executable path of kak, but the freebsd way of doing
it doesnt work because it doesnt seem like KERN_PROC_PATHNAME is defined
in openbsd? So whats the preferred way of doing this on openbsd?

https://github.com/mawww/kakoune/blob/master/src/file.cc
https://github.com/mawww/kakoune/tree/master/src

Thanks,
Patrick Marchand

Re: OpenBSD vs Linux KVM Guest Performance and Stability

[Kapetanakis Giannis]

On 16/04/18 18:40, Claudio Jeker wrote:



really depends on the KVM/linux version


Don't forget to set "options kvm-intel preemption_timer=0" for modprobe on
newer linux kernels. After that it seems to work nicely.



This module option (according to lists) is about timing issues with kvm 
and obsd.

Does it affect performance as well?

which kernel?

G

Re: question regarding architecture mailing lists

[Tom Smyth]

Hi Diana

That Mikrotik router board is based on originally a tilera chip the chip
owner which was sold to ez chip which then sold to mellanox.
Im not sure what mellanox are doing with the tech
The chip was a tile architecture meaning adding additional cores was easy
(ier) for the manufacturer

>From my experience of using hardware is that it is massively parallelising
individual 1 ghz cores..

Early experience was poor enough... aparently many vendors who tfied this
architecture had pains with the quality of the reference linux kernel 3.3x
i believe...
Stability was painful... to be fair it would be difficult for any vendor
trying to run code designed for faster individual cores and then trying to
run on many slower cores...

Packet ordering and through put was painful particularly with encapsulating
/dencapsulating traffic loads

The architecture has some nice features such as interrupt load balancing in
hardware (similar to those found on server chipsets...) nics built directly
ito the chip...

Mikrotik have done an lot of work on reworking their os to use the
architecture better... iron out kinks in the linux kernel on that
architecture... rewritten alot of their code to handle out of order packets
better and to make their code make use of more cores. Alot of their work is
paying off for certain loads but you are limited in what features you can
use on the router in "fast path" to get the big packet rate numbers ...

The build quality of the mikrotik ccrs make them more attractive for
development on than some of their low budget offerings (eg rb2011)

I have 1 x ccr2016 tilera 12 port 16 core router spare if there is an
interested dev who wants to seriously look at the architecture... but with
uncertainty of what mellanox will do with the chip it may be a waste of
time...
Also im not sure how open the architecture and if they have some bsd
licensed code / reference implentation to get development started on it
I hope this helps

Tom Smyth

On Mon 16 Apr 2018, 19:42 Diana Eichert,  wrote:

> I subscribe to the OpenBSD arm list but was wondering what the
> appropriate mon-misc list would be for mips based h/w, ex:
> Cavium Octeon.
>
> Sometimes I don't want to pollute misc@ with h/w specific
> questions.
>
> thanks
> diana
>
> PS Anyone seen this hardware,
> https://mikrotik.com/product/CCR1036-12G-4S-EM ?
>
>

question regarding architecture mailing lists

[Diana Eichert]

I subscribe to the OpenBSD arm list but was wondering what the
appropriate mon-misc list would be for mips based h/w, ex:
Cavium Octeon.

Sometimes I don't want to pollute misc@ with h/w specific
questions.

thanks
diana

PS Anyone seen this hardware, 
https://mikrotik.com/product/CCR1036-12G-4S-EM ?

Re: Way to specify offset suggestion autoalignment multiple in disklabel(8)? (w.o. paper, pen and a 2:nd computer)

[Sebastian Benoit]

Tinker(t1...@protonmail.ch) on 2018.04.16 03:30:37 -0400:
> Hi,
> 
> When in "disklabel -E" for instance in the OS installer, being able to
> specify that I want the partition offsets to be multiples of 2048 would
> be useful.

why?
to whom?

Re: Beg for Atheros wifi driver

[IL Ka]

Almost all drivers in OpenBSD report themselves, so you can grep your dmesg
for message like "foo0 at pci0 dev0 function 0 [PCI Device name from PCI
configuration space] "
$ man autoconf
$ man dmesg

Except dmesg, this information is reported to userspace via /dev/pci and
could be read with pcidump.

$  man pci
$  man pcidump

On Mon, Apr 16, 2018 at 6:05 AM, Stuart Longland  wrote:

> On 16/04/18 08:08, Manuel Solis wrote:
> > Sorry for that, i havent figure it out, maybe i should reinstall windows
> to
> > get the info
> >  My bad.
>
> Does `lspci` work on OpenBSD?  Failing that, boot a Linux LiveCD and run
> `lspci` there, it'll tell you the chipset; `dmesg` might give you some
> more clues.
>
> `lsusb` if it's a USB wifi chip.
> --
> Stuart Longland (aka Redhatter, VK4MSL)
>
> I haven't lost my mind...
>   ...it's backed up on a tape somewhere.
>
>

Re: Beg for Atheros wifi driver

[edgar]

On Apr 15, 2018 10:05 PM, Stuart Longland  wrote:
>
> On 16/04/18 08:08, Manuel Solis wrote:
> > Sorry for that, i havent figure it out, maybe i should reinstall windows to
> > get the info
> >  My bad.
>
> Does `lspci` work on

pcidump(8)


 OpenBSD?  Failing that, boot a Linux LiveCD and run
> `lspci` there, it'll tell you the chipset; `dmesg` might give you some
> more clues.
>
> `lsusb` if it's a USB wifi chip.

usbdevs(8)


> -- 
> Stuart Longland (aka Redhatter, VK4MSL)
>
> I haven't lost my mind...
>   ...it's backed up on a tape somewhere.
>

Re: DMESG / syslog

[IL Ka]

Hello.
This is "kern" facility.

# touch  /var/log/dmesg

And then add
"kern.* /var/log/dmesg" to your "syslog.conf".
Restart syslog and anything printed by kernel will go to /var/log/dmesg

But note that when booting, kernel does not have access to syslog, so it
stores messages in its internal buffer (which you can read by ``dmesg``)
and after boot, its contents are written to /var/run/dmesg.boot

man syslog.conf
man dmesg

PS: when adding new log file, make sure to configure its rotation using
newsysliog

On Mon, Apr 16, 2018 at 7:14 PM, sven falempin 
wrote:

> Dear readers,
>
> This question is probably answer somewhere
> but i m afraid to follow any non openBSD style answer.
>
> How do it get DMESG messages in my log ( like when a usb is attached )
>
> syslog *.*  does not contain them right ?
>
> Best,
>
> --
> --
> 
> -
> Knowing is not enough; we must apply. Willing is not enough; we must do
>

Re: trouble installing php on 6.3

[IL Ka]

Hm.. sounds strange then.

Did you try to call "pkg_add libxml"?
If not, then try and in case of success try pkg_add php again


If it does not work, then lets do the following:

To make sure libxml is deleted
# pkg_delete libxml

use different mirror
# echo "http://ftp.eu.openbsd.org/pub/OpenBSD/"; > /etc/installurl

run pkg_add in verbose mode asking it to use different folder

# mkdir /tmp/foo
PKG_TMPDIR=/tmp/foo pkg_add -vvv libxml

And post output here


On Mon, Apr 16, 2018 at 6:52 PM, Michael Maurer 
wrote:

>
> > Also, try to download this file and unpack it. If
> >
> > $ wget https://ftp.fau.de/pub/OpenBSD/6.3/packages/amd64/
> libxml-2.9.8.tgz
> > $ tar xvfz  libxml-2.9.8.tgz
> >
> > (you may need pkg_add wget)
> > Does it work?
> >
>
> Yeah, that works, no problem.
>

Re: OpenBSD vs Linux KVM Guest Performance and Stability

[Stuart Henderson]

On 2018-04-16, Daniel Santos  wrote:
> Anyway my point now is not to configure another Zabbix but another 
> enterprise software suite (Pydio) with PHP 7.x on OpenBSD 6.3 in the 
> same KVM environment.
>
> This would include:
> -Lighttpd
> -php7.x and some modules
> -needs cifs mount on one part of the webhosting from an external windows 
> server
> -pydio cifs storage connection to external windows server

Do you mean you need to mount a share from a Windows server via CIFS from
the OpenBSD machine? The only option for that is via FUSE and it's flaky.

DMESG / syslog

[sven falempin]

Dear readers,

This question is probably answer somewhere
but i m afraid to follow any non openBSD style answer.

How do it get DMESG messages in my log ( like when a usb is attached )

syslog *.*  does not contain them right ?

Best,

-- 
--
-
Knowing is not enough; we must apply. Willing is not enough; we must do

Re: trouble installing php on 6.3

[Michael Maurer]

On 16 April 2018 at 17:42, IL Ka  wrote:
>  php depends on libxml, pkg_add tries to download it,  and downloaded
> archive is broken.
> pkg_add uses "/etc/installurl" to find website to download packages. You
> may try different website (echo "https://ftp.openbsd.org/pub/OpenBSD/"; >
> /etc/installurl)
>
> Also, try to download this file and unpack it. If
>
> $ wget https://ftp.fau.de/pub/OpenBSD/6.3/packages/amd64/libxml-2.9.8.tgz
> $ tar xvfz  libxml-2.9.8.tgz
>
> (you may need pkg_add wget)
> Does it work?
>

Yeah, that works, no problem.

Re: Community-driven OpenBSD tutorials wiki?

[IL Ka]

woman (with out man) is tool used in Emacs to read manual pages with out of
actually running man

https://www.gnu.org/software/emacs/manual/html_mono/woman.html
:)

On Mon, Apr 16, 2018 at 6:25 PM, Mehma Sarja  wrote:

> It is meant as a play on words, a light hearted comment. I see too many
> "shit" and "fuck" comments in posts these days from people trying to sound
> important when the subject matter is not.
>
> Mehma
> ---
>
>
>
> On Mon, Apr 16, 2018, 1:20 AM Stuart Henderson 
> wrote:
>
> > On 2018-04-14, Mehma Sarja  wrote:
> > > Man pages, as opposed to woman pages, help one accomplish a task.
> >
> > What do you mean, "as opposed to woman pages"?
> >
> > In this context it is simply short for "manual".
> >
> >
> >
>

Re: trouble installing php on 6.3

[IL Ka]

 php depends on libxml, pkg_add tries to download it,  and downloaded
archive is broken.
pkg_add uses "/etc/installurl" to find website to download packages. You
may try different website (echo "https://ftp.openbsd.org/pub/OpenBSD/"; >
/etc/installurl)

Also, try to download this file and unpack it. If

$ wget https://ftp.fau.de/pub/OpenBSD/6.3/packages/amd64/libxml-2.9.8.tgz
$ tar xvfz  libxml-2.9.8.tgz

(you may need pkg_add wget)
Does it work?



On Mon, Apr 16, 2018 at 4:37 PM, Michael Maurer 
wrote:

> I'm having trouble setting up php on a fresh install of 6.3. This is what
> I get
>
> -
> burt# pkg_add php
> quirks-2.414 signed on 2018-03-28T14:24:37Z
> Ambiguous: choose package for php
> a   0: 
> 1: php-5.6.34
> 2: php-7.0.28
> Your choice: 1
> Fatal error: Ustar
> [https://ftp.fau.de/pub/OpenBSD/6.3/packages/amd64/
> libxml-2.9.8.tgz][share/gtk-doc/html/libxml2/libxml2-parserInternals.html
> ]:
> Premature end of archive
> Fatal error: Installation of libxml-2.9.8 failed, partial installation
> recorded as partial-libxml-2.9.8
>  at /usr/libdata/perl5/OpenBSD/PkgAdd.pm line 801.
> -
>
> choice doesn't really matter, same answer. I tried googling the error
> code, but found nothing, hence why I post here. New to OpenBSD as
> well.
>
> cheers,
> Michael
>
>

Re: OpenBSD vs Linux KVM Guest Performance and Stability

[Claudio Jeker]

On Mon, Apr 16, 2018 at 11:12:32AM -0400, sven falempin wrote:
> On Mon, Apr 16, 2018 at 10:33 AM, Claudio Jeker 
> wrote:
> 
> > On Mon, Apr 16, 2018 at 04:15:42PM +0200, Daniel Santos wrote:
> > > I looking for some experience sharing from those who also run OpenBSD
> > inside
> > > KVM on Linux.
> > >
> > > I was running 5.2 and now 6.2 inside KVM on a Linux wheezy host with 3.2
> > > kernel.
> > >
> > > This system was used as an all in one Zabbix monitoring server, which
> > > included the full stack required to run a central monitoring server:
> > >
> > > -Lighttpd
> > > -Zabbix Server
> > > -Zabbix Agent
> > > -Mysql Server
> > > -SNMP utils
> > >
> > > First it was using Zabbix 2.x then I have upgraded it to the 3.x series.
> > The
> > > zabbix server was regularily crashing or stopped logging to the DB and
> > > needed to be restarted.
> > > If not that then the db and page load was terribly slow even on LAN and I
> > > only had <15 clients on this server. I started moving the components off
> > one
> > > by one, at the end only the zabbix server engine left on the vm even that
> > > sometimes just stuck and stopped sending data to a standalone other linux
> > > mysql vm. Then I gave up, I recreated the whole environment with the same
> > > Zabbix version on an all in one Debian 9 vm and since then it runs
> > > flawlessly. Another issue was that I kept getting dropped packet entries
> > in
> > > my pflog on the enabled ports (seems like broken connections).
> > >
> >
> > Zabbix needs a fast DB which I would not run virtualised. Also the crashes
> > you have seen may have been fixed in the meantime (between 6.2 and 6.3
> > there was an libc asr fix that made zabbix reliable for me).
> >
> > I run a few KVM OpenBSD machines (mainly network / load balancers) they
> > work reasonably well.
> >
> > --
> > :wq Claudio
> >
> >
> really depends on the KVM/linux version
> 

Don't forget to set "options kvm-intel preemption_timer=0" for modprobe on
newer linux kernels. After that it seems to work nicely.

-- 
:wq Claudio

Re: Community-driven OpenBSD tutorials wiki?

[Mehma Sarja]

It is meant as a play on words, a light hearted comment. I see too many
"shit" and "fuck" comments in posts these days from people trying to sound
important when the subject matter is not.

Mehma
---



On Mon, Apr 16, 2018, 1:20 AM Stuart Henderson  wrote:

> On 2018-04-14, Mehma Sarja  wrote:
> > Man pages, as opposed to woman pages, help one accomplish a task.
>
> What do you mean, "as opposed to woman pages"?
>
> In this context it is simply short for "manual".
>
>
>

Re: OpenBSD vs Linux KVM Guest Performance and Stability

[sven falempin]

On Mon, Apr 16, 2018 at 10:33 AM, Claudio Jeker 
wrote:

> On Mon, Apr 16, 2018 at 04:15:42PM +0200, Daniel Santos wrote:
> > I looking for some experience sharing from those who also run OpenBSD
> inside
> > KVM on Linux.
> >
> > I was running 5.2 and now 6.2 inside KVM on a Linux wheezy host with 3.2
> > kernel.
> >
> > This system was used as an all in one Zabbix monitoring server, which
> > included the full stack required to run a central monitoring server:
> >
> > -Lighttpd
> > -Zabbix Server
> > -Zabbix Agent
> > -Mysql Server
> > -SNMP utils
> >
> > First it was using Zabbix 2.x then I have upgraded it to the 3.x series.
> The
> > zabbix server was regularily crashing or stopped logging to the DB and
> > needed to be restarted.
> > If not that then the db and page load was terribly slow even on LAN and I
> > only had <15 clients on this server. I started moving the components off
> one
> > by one, at the end only the zabbix server engine left on the vm even that
> > sometimes just stuck and stopped sending data to a standalone other linux
> > mysql vm. Then I gave up, I recreated the whole environment with the same
> > Zabbix version on an all in one Debian 9 vm and since then it runs
> > flawlessly. Another issue was that I kept getting dropped packet entries
> in
> > my pflog on the enabled ports (seems like broken connections).
> >
>
> Zabbix needs a fast DB which I would not run virtualised. Also the crashes
> you have seen may have been fixed in the meantime (between 6.2 and 6.3
> there was an libc asr fix that made zabbix reliable for me).
>
> I run a few KVM OpenBSD machines (mainly network / load balancers) they
> work reasonably well.
>
> --
> :wq Claudio
>
>
really depends on the KVM/linux version

-- 
--
-
Knowing is not enough; we must apply. Willing is not enough; we must do

Re: Migrating nginx config to OpenBSD's httpd

[Henrik Friedrichsen]

Thanks again.

This worked in case anyone is looking for it:

http protocol "monit" {
match request forward to 
match request header "Host" value "status.affekt.org" forward to 
}

The order is important, if put in reversed the "status.affekt.org"
forward will be overwritten.

Now all I need to investigate is why HTTP responses are erroneous,
though you might be right that it could be a Monit problem.

Re: Migrating nginx config to OpenBSD's httpd

[Pavel Korovin]

On 04/16, Henrik Friedrichsen wrote:
> - Is there a way to match all hosts that are not "status.affekt.org"?
>   That way I don't have to write a filter rule for every subdomain

Didn't test, just the idea:

1. You put your default host (i.e. one that will respond to all http
requests which do not fall into specific configurations) first in
httpd.conf.

2. In relayd configure http protocol like this:
http protocol "monit" {
 match request header "Host" value "status.affekt.org" forward to 
 forward to  port 80
}

So the requests that match Host header will go to monit, all other
requests will go to httpd, where default site will respond.

> - Relayed HTTP output is cut off. As you can see below the HTTP DOM is not
>   closed and most of the HTTP response headers are missing (status code,
>   content-length, etc.)
> 
> Any idea what I'm doing wrong?
 
I guess something is wrong on monit side.. I set up relayd with varous stuff
in the backend, but have seen anything like this.
 
-- 
With best regards,
Pavel Korovin

Re: OpenBSD vs Linux KVM Guest Performance and Stability

[Claudio Jeker]

On Mon, Apr 16, 2018 at 04:15:42PM +0200, Daniel Santos wrote:
> I looking for some experience sharing from those who also run OpenBSD inside
> KVM on Linux.
> 
> I was running 5.2 and now 6.2 inside KVM on a Linux wheezy host with 3.2
> kernel.
> 
> This system was used as an all in one Zabbix monitoring server, which
> included the full stack required to run a central monitoring server:
> 
> -Lighttpd
> -Zabbix Server
> -Zabbix Agent
> -Mysql Server
> -SNMP utils
> 
> First it was using Zabbix 2.x then I have upgraded it to the 3.x series. The
> zabbix server was regularily crashing or stopped logging to the DB and
> needed to be restarted.
> If not that then the db and page load was terribly slow even on LAN and I
> only had <15 clients on this server. I started moving the components off one
> by one, at the end only the zabbix server engine left on the vm even that
> sometimes just stuck and stopped sending data to a standalone other linux
> mysql vm. Then I gave up, I recreated the whole environment with the same
> Zabbix version on an all in one Debian 9 vm and since then it runs
> flawlessly. Another issue was that I kept getting dropped packet entries in
> my pflog on the enabled ports (seems like broken connections).
> 

Zabbix needs a fast DB which I would not run virtualised. Also the crashes
you have seen may have been fixed in the meantime (between 6.2 and 6.3
there was an libc asr fix that made zabbix reliable for me).

I run a few KVM OpenBSD machines (mainly network / load balancers) they
work reasonably well.

-- 
:wq Claudio

10 GigE -T cards (Aquantia/Tehuti based cheaper models).

[Karel Gardas]

Hello,

I'm curious if anybody here is working on support for cheaper 10
GigE-T Base cards. So far it looks like Tehuti 40xx chipset cards are
cheaper than venerable Intel's X5xx and Aquantia AQ107 based are even
cheaper. I'm asking since for example Aquantia starts to appear on some
boards so man even does not need to purchase separate card to get 10
GigE on consumer or small server board (for example found that on
Asrock X470 Tachi Ultimate). My preferred Supermicro seems to support
AQ108 only (5 GigE chipset) on X11SRA...

Yes, I know Tehuti 30xx and 75xx based cards are supported by tht and
thtc drivers thanks to David Gwynne.

Thanks!
Karel

OpenBSD vs Linux KVM Guest Performance and Stability

[Daniel Santos]

I looking for some experience sharing from those who also run OpenBSD 
inside KVM on Linux.


I was running 5.2 and now 6.2 inside KVM on a Linux wheezy host with 3.2 
kernel.


This system was used as an all in one Zabbix monitoring server, which 
included the full stack required to run a central monitoring server:


-Lighttpd
-Zabbix Server
-Zabbix Agent
-Mysql Server
-SNMP utils

First it was using Zabbix 2.x then I have upgraded it to the 3.x series. 
The zabbix server was regularily crashing or stopped logging to the DB 
and needed to be restarted.
If not that then the db and page load was terribly slow even on LAN and 
I only had <15 clients on this server. I started moving the components 
off one by one, at the end only the zabbix server engine left on the vm 
even that sometimes just stuck and stopped sending data to a standalone 
other linux mysql vm. Then I gave up, I recreated the whole environment 
with the same Zabbix version on an all in one Debian 9 vm and since then 
it runs flawlessly. Another issue was that I kept getting dropped packet 
entries in my pflog on the enabled ports (seems like broken 
connections).


Anyway my point now is not to configure another Zabbix but another 
enterprise software suite (Pydio) with PHP 7.x on OpenBSD 6.3 in the 
same KVM environment.


This would include:
-Lighttpd
-php7.x and some modules
-needs cifs mount on one part of the webhosting from an external windows 
server

-pydio cifs storage connection to external windows server
-postfix/dovecot server

Were there any improvements made in the 6.3 virtualization code that 
would provide me with a brighter outlook? Did anyone run into similar 
performance and app crash issues on OBSD in KVM?

Re: pfstat package dependencies missing on 6.3 amd64

[mabi]

Sorry my bad these are actually system libraries and not packages missing. 
Indeed I do not have X tgz packages installed yet.
​​

‐‐‐ Original Message ‐‐‐

On April 16, 2018 3:48 PM, mabi  wrote:

> ​​
> 
> Hello,
> 
> It looks like some package dependencies are missing on the package repository 
> of 6.3 amd64 or pfstat dependencies is broken. See below:
> 
> $ doas pkg_add -v pfstat
> 
> quirks-2.414 signed on 2018-03-28T14:24:37Z
> 
> quirks-2.414: ok
> 
> pfstat-2.5p2:libiconv-1.14p3: ok
> 
> pfstat-2.5p2:png-1.6.34: ok
> 
> pfstat-2.5p2:jpeg-1.5.3v0: ok
> 
> pfstat-2.5p2:tiff-4.0.9: ok
> 
> pfstat-2.5p2:giflib-5.1.4: ok
> 
> pfstat-2.5p2:libwebp-0.6.1p0: ok
> 
> Can't install gd-2.2.5p0 because of libraries
> 
> |library fontconfig.11.0 not found
> 
> | not found anywhere
> 
> |library freetype.28.2 not found
> 
> | not found anywhere
> 
> Direct dependencies for gd-2.2.5p0 resolve to png-1.6.34 jpeg-1.5.3v0 
> tiff-4.0.9 libiconv-1.14p3 libwebp-0.6.1p0
> 
> Full dependency tree is tiff-4.0.9 giflib-5.1.4 libwebp-0.6.1p0 
> libiconv-1.14p3 png-1.6.34 jpeg-1.5.3v0
> 
> Can't install pfstat-2.5p2: can't resolve gd-2.2.5p0
> 
> Extracted 12048693 from 12052934
> 
> Best regards,
> 
> Mabi

Re: pfstat package dependencies missing on 6.3 amd64

[edgar]

Do you have the X sets installed? I'm not at my computer but fontconfig sounds 
like something that would be in the base x install.
On Apr 16, 2018 8:48 AM, mabi  wrote:
>
> Hello,
>
> It looks like some package dependencies are missing on the package repository 
> of 6.3 amd64 or pfstat dependencies is broken. See below:
>
> $ doas pkg_add -v pfstat
> quirks-2.414 signed on 2018-03-28T14:24:37Z
> quirks-2.414: ok
> pfstat-2.5p2:libiconv-1.14p3: ok
> pfstat-2.5p2:png-1.6.34: ok
> pfstat-2.5p2:jpeg-1.5.3v0: ok
> pfstat-2.5p2:tiff-4.0.9: ok
> pfstat-2.5p2:giflib-5.1.4: ok
> pfstat-2.5p2:libwebp-0.6.1p0: ok
> Can't install gd-2.2.5p0 because of libraries
> |library fontconfig.11.0 not found
> | not found anywhere
> |library freetype.28.2 not found
> | not found anywhere
> Direct dependencies for gd-2.2.5p0 resolve to png-1.6.34 jpeg-1.5.3v0 
> tiff-4.0.9 libiconv-1.14p3 libwebp-0.6.1p0
> Full dependency tree is tiff-4.0.9 giflib-5.1.4 libwebp-0.6.1p0 
> libiconv-1.14p3 png-1.6.34 jpeg-1.5.3v0
> Can't install pfstat-2.5p2: can't resolve gd-2.2.5p0
> Extracted 12048693 from 12052934
>
> Best regards,
> Mabi
>

Re: Migrating nginx config to OpenBSD's httpd

[Henrik Friedrichsen]

Hey Pavel,

thanks for your response. I have adapted my configuration and came up
with this:


ext4="51.15.10.194"
ext6="2001:bc8:2d08::1"

table  { "127.0.0.1" }
table  { "127.0.0.1" }

http protocol "monit" {
match request header "Host" value "status.affekt.org" forward to 
match request header "Host" value "affekt.org" forward to 
}

relay "proxy" {
listen on $ext4 port 80
protocol "monit"
forward to  port 2812
forward to  port 80
}


I have a local monit instance listening on 127.0.0.1:2812

This configuration works, sort of:
- Is there a way to match all hosts that are not "status.affekt.org"?
  That way I don't have to write a filter rule for every subdomain
- Relayed HTTP output is cut off. As you can see below the HTTP DOM is not
  closed and most of the HTTP response headers are missing (status code,
  content-length, etc.)

Any idea what I'm doing wrong?

Thanks!

hera ~ % curl -v "http://status.affekt.org/";
*   Trying 51.15.10.194...
* TCP_NODELAY set
* Connected to status.affekt.org (51.15.10.194) port 80 (#0)
> GET / HTTP/1.1
> Host: status.affekt.org
> User-Agent: curl/7.58.0
> Accept: */*
> 
Connection: close
Content-Type: text/html
WWW-Authenticate: Basic realm="monit"

* Connection #0 to host status.affekt.org left intact
401 UnauthorizedUnauthorizedYou are not authorized to access
monit. Either you supplied the wrong credentials (e.g. bad password), or
your browser doesn't understand how to supply the credentials required

pfstat package dependencies missing on 6.3 amd64

[mabi]

Hello,

It looks like some package dependencies are missing on the package repository 
of 6.3 amd64 or pfstat dependencies is broken. See below:

$ doas pkg_add -v pfstat
quirks-2.414 signed on 2018-03-28T14:24:37Z
quirks-2.414: ok
pfstat-2.5p2:libiconv-1.14p3: ok
pfstat-2.5p2:png-1.6.34: ok
pfstat-2.5p2:jpeg-1.5.3v0: ok
pfstat-2.5p2:tiff-4.0.9: ok
pfstat-2.5p2:giflib-5.1.4: ok
pfstat-2.5p2:libwebp-0.6.1p0: ok
Can't install gd-2.2.5p0 because of libraries
|library fontconfig.11.0 not found
| not found anywhere
|library freetype.28.2 not found
| not found anywhere
Direct dependencies for gd-2.2.5p0 resolve to png-1.6.34 jpeg-1.5.3v0 
tiff-4.0.9 libiconv-1.14p3 libwebp-0.6.1p0
Full dependency tree is tiff-4.0.9 giflib-5.1.4 libwebp-0.6.1p0 libiconv-1.14p3 
png-1.6.34 jpeg-1.5.3v0
Can't install pfstat-2.5p2: can't resolve gd-2.2.5p0
Extracted 12048693 from 12052934

Best regards,
Mabi

trouble installing php on 6.3

[Michael Maurer]

I'm having trouble setting up php on a fresh install of 6.3. This is what I get

-
burt# pkg_add php
quirks-2.414 signed on 2018-03-28T14:24:37Z
Ambiguous: choose package for php
a   0: 
1: php-5.6.34
2: php-7.0.28
Your choice: 1
Fatal error: Ustar
[https://ftp.fau.de/pub/OpenBSD/6.3/packages/amd64/libxml-2.9.8.tgz][share/gtk-doc/html/libxml2/libxml2-parserInternals.html]:
Premature end of archive
Fatal error: Installation of libxml-2.9.8 failed, partial installation
recorded as partial-libxml-2.9.8
 at /usr/libdata/perl5/OpenBSD/PkgAdd.pm line 801.
-

choice doesn't really matter, same answer. I tried googling the error
code, but found nothing, hence why I post here. New to OpenBSD as
well.

cheers,
Michael

Re: Beg for Atheros wifi driver

[Paul de Weerd]

On Mon, Apr 16, 2018 at 01:05:37PM +1000, Stuart Longland wrote:
| On 16/04/18 08:08, Manuel Solis wrote:
| > Sorry for that, i havent figure it out, maybe i should reinstall windows to
| > get the info
| >  My bad.
| 
| Does `lspci` work on OpenBSD?  Failing that, boot a Linux LiveCD and run
| `lspci` there, it'll tell you the chipset; `dmesg` might give you some
| more clues.

No need to run Linux to run lspci, it's available through the pciutils
packages (doas pkg_add pciutils).  But base OpenBSD has pcidump(8),
which gives quite similar info.

| `lsusb` if it's a USB wifi chip.

Or try usbdevs(8), also in base OpenBSD.

Your operating system of choice comes with a pretty complete toolset.

Paul 'WEiRD' de Weerd

-- 
>[<++>-]<+++.>+++[<-->-]<.>+++[<+
+++>-]<.>++[<>-]<+.--.[-]
 http://www.weirdnet.nl/ 

Re: Beg for Atheros wifi driver

[Janne Johansson]

2018-04-16 5:05 GMT+02:00 Stuart Longland :

> On 16/04/18 08:08, Manuel Solis wrote:
> > Sorry for that, i havent figure it out, maybe i should reinstall windows
> to
> > get the info
> >  My bad.
>
> Does `lspci` work on OpenBSD?  Failing that, boot a Linux LiveCD and run
> `lspci` there, it'll tell you the chipset; `dmesg` might give you some
> more clues.
>
> `lsusb` if it's a USB wifi chip.
>
>
pcidump and usbdevs if on openbsd.

-- 
May the most significant bit of your life be positive.

Re: Beg for Atheros wifi driver

[Stuart Longland]

On 16/04/18 08:08, Manuel Solis wrote:
> Sorry for that, i havent figure it out, maybe i should reinstall windows to
> get the info
>  My bad.

Does `lspci` work on OpenBSD?  Failing that, boot a Linux LiveCD and run
`lspci` there, it'll tell you the chipset; `dmesg` might give you some
more clues.

`lsusb` if it's a USB wifi chip.
-- 
Stuart Longland (aka Redhatter, VK4MSL)

I haven't lost my mind...
  ...it's backed up on a tape somewhere.

Re: Migrating nginx config to OpenBSD's httpd

[Pavel Korovin]

Henrik,

Regarding cut off responses, I didn't have such problems, maybe it was fixed
since 2016.

Regarding multi-site setup, I have something like this:

--- httpd.conf ---
### default site behind relayd
server "waste.tristero.se" {
alias "tristero.se"
listen on 127.0.0.1 port 80
listen on ::1 port 80
root "/htdocs/waste.tristero.se"
}

server "openbsd.tristero.se" {
listen on 127.0.0.1 port 80
listen on ::1 port 80
root "/htdocs/openbsd.tristero.se"
}

### this one is not behind relayd, used for http to https redirection
server "waste.tristero.se" {
alias "openbsd.tristero.se"
alias "tristero.se"
listen on 188.244.46.111 port 80
listen on 2001:470:1f15:1492::2 port 80
root "/htdocs/waste.tristero.se"
block return 301 "https://$HTTP_HOST/$DOCUMENT_URI";
}

--- relayd.conf ---

ext4="188.244.46.111"
ext6="2001:470:1f15:1492::2"
localhost4="127.0.0.1"
localhost6="::1"

table  { $localhost4 }
table  { $localhost6 }
table  { $localhost4 }
table  { $localhost6 }

http protocol "https4" {
match request header set "X-Forwarded-For" value "$REMOTE_ADDR"
match request header set "X-Forwarded-By" value 
"[$SERVER_ADDR]:$SERVER_PORT"
match request header "Host" value "tristero.se" forward to 
match request header "Host" value "waste.tristero.se" forward to 
match request header "Host" value "openbsd.tristero.se" forward to 

tls { no tlsv1.0, ciphers 
EECDH+AESGCM:EECDH+CHACHA20:EECDH+SHA256:EECDH+SHA384:ECDHE+SHA256 }
}

http protocol "https6" {
match request header set "X-Forwarded-For" value "$REMOTE_ADDR"
match request header set "X-Forwarded-By" value 
"[$SERVER_ADDR]:$SERVER_PORT"
match request header "Host" value "tristero.se" forward to 
match request header "Host" value "waste.tristero.se" forward to 
match request header "Host" value "openbsd.tristero.se" forward to 

tls { no tlsv1.0, ciphers 
EECDH+AESGCM:EECDH+CHACHA20:EECDH+SHA256:EECDH+SHA384:ECDHE+SHA256 }
}

relay "https4" {
listen on $ext4 port 443 tls
protocol "https4"
forward to  port 80
forward to  port 80
}

relay "https6" {
listen on $ext6 port 443 tls
protocol "https6"
forward to  port 80
forward to  port 80
}

--- end cut ---

The only problem I have was configuring specific security headers for
specific hosts, i.e. I cannot have specific http protocol sections with
different responses for specific hosts, like:

http protocol "https4-flex" {
match request header "Host" value "not-secure.domain" forward to 

match response header set "Content-Security-Policy" value 
""
}
http protocol "https4-strict" {
match request header "Host" value "secure.domain" forward to 
match response header set "Content-Security-Policy" value 
""
}

-- 
With best regards,
Pavel Korovin

On 04/16, Henrik Friedrichsen wrote:
> 
> So far I have not been able to emulate proxy_pass with relayd.
> 
> I came across two issues:
> - relayed HTTP requests resulted in cut off responses, similar to this
>   issue: https://github.com/reyk/relayd/issues/12
> - I have not been able to come up with a configuration/filter setting
>   that will only match for a specific subdomain and will pass the
>   non-matching requests to the regular httpd listening on port 80
> 
> Did anyone have success in setting this up?

Re: Migrating nginx config to OpenBSD's httpd

[Henrik Friedrichsen]

On Fri, Apr 13, 2018 at 02:30:18PM +0300, Pavel Korovin wrote:
> Hi Carlos,
> 
> There's no analog of proxy_pass in httpd(8). relayd(8) is your friend.

So far I have not been able to emulate proxy_pass with relayd.

I came across two issues:
- relayed HTTP requests resulted in cut off responses, similar to this
  issue: https://github.com/reyk/relayd/issues/12
- I have not been able to come up with a configuration/filter setting
  that will only match for a specific subdomain and will pass the
  non-matching requests to the regular httpd listening on port 80

Did anyone have success in setting this up?

Re: OpenBSD 6.3, pppoe and IPv6 - default route missing

[Edmund Craske]

On Fri, Apr 13, 2018, at 10:55 AM, Daniel Gillen wrote:
> Hi
> 
> Just upgraded to 6.3 and it works for me. Here is my config:

> --- /etc/pf.conf
> if_ext="pppoe0"
> icmp6_types="{ 1, 2, 133, 134, 135, 136 }"
> pass in quick on $if_ext inet6 proto icmp6 from any to { ($if_ext),
> ff02::1/16 } icmp6-type $icmp6_types
> pass in quick on $if_ext inet6 proto icmp6 from any to { ($if_ext),
> ff02::1/16 } icmp6-type 3 code 0
> pass in quick on $if_ext inet6 proto icmp6 from any to { ($if_ext),
> ff02::1/16 } icmp6-type 3 code 1
> pass in quick on $if_ext inet6 proto icmp6 from any to { ($if_ext),
> ff02::1/16 } icmp6-type 4 code 0
> pass in quick on $if_ext inet6 proto icmp6 from any to { ($if_ext),
> ff02::1/16 } icmp6-type 4 code 1
> pass in quick on $if_ext inet6 proto icmp6 from any to { ($if_ext),
> ff02::1/16 } icmp6-type 4 code 2

I added this to my pf.conf, and SLAAC now works, and pokes in a default route. 
So that's worked around the fact that '!/sbin/route add -inet6 default -ifp 
pppoe0 fe80::%pppoe0' no longer works on boot. Thanks for the pf config :)

Ed

Re: Way to specify offset suggestion autoalignment multiple in disklabel(8)? (w.o. paper, pen and a 2:nd computer)

[Tinker]

On April 16, 2018 4:07 PM, Stuart Henderson  wrote:
> On 2018-04-16, Tinker t1...@protonmail.ch wrote:
> > When in "disklabel -E" for instance in the OS installer, being able to
> > specify that I want the partition offsets to be multiples of 2048 would
> > be useful.
> > 
> > Right now, when in "a" (add partition), i transcribe the suggested
> > offset to another computer, on the other computer calculate its value
> > rounded up to the next 2048 multiple, and then transcribe it back to
> > the computer with the OpenBSD installer.
> > 
> > It's fine as it is, all that's needed is a paper, a pen, and attention.
> > 
> > Just wanted to check if when reading through
> > http://man.openbsd.org/disklabel.8 I missed something, or, if it's not
> > there if anyone more knowledgeable than me would think it would be a
> > useful option.
> 
> You didn't miss anything, the only way to do this at the moment is by
> hand (I start at 2048 for the 'a' partition then just make sure the size
> is a multiple of 2048, then the offset takes care of itself).
> I don't see much value to making it optional, doing this as standard
> is a sane default for most systems.

Is your point that disklabel(8)'s multiple should be increased to 2048?

(What I had on my mind when I wrote the email would be a command
"* 2048" or similar, that would instruct disklabel what multiple i like
the offset suggestions to autoalign to. I guess 2048 would be the very
sanest default multiple also yes.)

Thanks,
Tinker

Re: Community-driven OpenBSD tutorials wiki?

[Stuart Henderson]

On 2018-04-14, Mehma Sarja  wrote:
> Man pages, as opposed to woman pages, help one accomplish a task.

What do you mean, "as opposed to woman pages"?

In this context it is simply short for "manual".

Re: Way to specify offset suggestion autoalignment multiple in disklabel(8)? (w.o. paper, pen and a 2:nd computer)

[Stuart Henderson]

On 2018-04-16, Tinker  wrote:
> When in "disklabel -E" for instance in the OS installer, being able to
> specify that I want the partition offsets to be multiples of 2048 would
> be useful.
>
> Right now, when in "a" (add partition), i transcribe the suggested
> offset to another computer, on the other computer calculate its value
> rounded up to the next 2048 multiple, and then transcribe it back to
> the computer with the OpenBSD installer.
>
> It's fine as it is, all that's needed is a paper, a pen, and attention.
>
> Just wanted to check if when reading through
> http://man.openbsd.org/disklabel.8 I missed something, or, if it's not
> there if anyone more knowledgeable than me would think it would be a
> useful option.

You didn't miss anything, the only way to do this at the moment is by
hand (I start at 2048 for the 'a' partition then just make sure the size
is a multiple of 2048, then the offset takes care of itself).

I don't see much value to making it optional, doing this as standard
is a sane default for most systems.

Way to specify offset suggestion autoalignment multiple in disklabel(8)? (w.o. paper, pen and a 2:nd computer)

[Tinker]

Hi,

When in "disklabel -E" for instance in the OS installer, being able to
specify that I want the partition offsets to be multiples of 2048 would
be useful.

Right now, when in "a" (add partition), i transcribe the suggested
offset to another computer, on the other computer calculate its value
rounded up to the next 2048 multiple, and then transcribe it back to
the computer with the OpenBSD installer.

It's fine as it is, all that's needed is a paper, a pen, and attention.

Just wanted to check if when reading through
http://man.openbsd.org/disklabel.8 I missed something, or, if it's not
there if anyone more knowledgeable than me would think it would be a
useful option.

Thanks,
Tinker

Re: Beg for Atheros wifi driver

[Antal Ispanovity]

Hi,

this one works fine for me with the urtwn(4) driver:
https://www.asus.com/Networking/USBN10_NANO/
I tried it on 6.2 and 6.3. You might need to do fw_update(1), but you can
do that from an USB stick as well.

By the way, you just need to have a look at this page, click on a driver
and you can see a list of supported devices:
https://man.openbsd.org/?query=wireless&apropos=1

You just need to spend some time to find the USB devices amongst them.

Cheers,
A

2018-04-15 18:37 GMT+02:00 Manuel Solis :

> Dear Misc,
>
> Could you please add support for the Atheros wifi card?
>
> Sorry sorry and thousands sorrys for asking, but i am a happy ever after
> OpenBSD user,
> i had it installed since 6.0 in all my work and personal computers with no
> problem at all,
> but i had to get a new computer this year so i got a Lenovo computer, and
> the wifi card was not supported,
> so i bought a couple (three!) wifi usb adapters in local stores and they
> were not supported,
> then i ordered an internal wifi card and was not supported,
> then i was in Wallmart in United States and asked you about buying a
> Netgear wifi usb and mr Stefan kindly save me from buying it because was
> not supported,
> then i remembered the "dont buy cheap wifi cards" from the FAQ,
> so i ordered an ACER Nitro 5 AMD / Radeon / Atheros laptop
> https://www.amazon.com/Acer-Radeon-Graphics-Windows-AN515-
> 41-F6VS/dp/B075KN357R/ref=sr_1_1?ie=UTF8&qid=1523810050&sr=
> 8-1&keywords=acer+nitro+amd
> thinking that maybe if i avoid the intel chipset i should time be happy,
> but the card is not supported either!!
>
> If someone could help i really appreciate it,
> If you consider that is so much trouble, could someone sell me your usb
> wifi adapter or tell me the comercial name to buy it ???
>
> Thank you so much for your help!
>
> Manuel
>
>
>
> OpenBSD 6.3 (RAMDISK_CD) #98: Sat Mar 24 14:26:39 MDT 2018
> dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/RAMDISK_CD
> real mem = 7991980032 (7621MB)
> avail mem = 7745982464 (7387MB)
> mainbus0 at root
> bios0 at mainbus0: SMBIOS rev. 3.0 @ 0xe3980 (23 entries)
> bios0: vendor Insyde Corp. version "V1.03" date 06/21/2017
> bios0: Acer Nitro AN515-41
> acpi0 at bios0: rev 2
> acpi0: tables DSDT FACP UEFI MSDM ASF! BOOT HPET APIC MCFG SPCR UEFI SSDT
> SSDT SSDT CRAT SSDT TPM2 SSDT SSDT SSDT SSDT FPDT
> acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
> cpu0 at mainbus0: apid 16 (boot processor)
> cpu0: AMD FX-9830P RADEON R7, 12 COMPUTE CORES 4C+8G, 2994.80 MHz
> cpu0:
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,
> CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,
> MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,
> AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,
> LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,
> IBS,XOP,SKINIT,WDT,FMA4,TCE,NODEID,TBM,CPCTR,DBKP,PERFTSC,
> MWAITX,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2
> cpu0: 96KB 64b/line 3-way I-cache, 32KB 64b/line 8-way D-cache, 1MB
> 64b/line 16-way L2 cache
> cpu0: ITLB 48 4KB entries fully associative, 24 4MB entries fully
> associative
> cpu0: DTLB 64 4KB entries fully associative, 64 4MB entries fully
> associative
> cpu0: apic clock running at 99MHz
> cpu0: mwait min=64, max=64, IBE
> cpu at mainbus0: not configured
> cpu at mainbus0: not configured
> cpu at mainbus0: not configured
> ioapic0 at mainbus0: apid 4 pa 0xfec0, version 21, 24 pins
> , remapped to apid 4
> ioapic1 at mainbus0: apid 5 pa 0xfec01000, version 21, 32 pins
> , remapped to apid 5
> acpiprt0 at acpi0: bus 0 (PCI0)
> acpiprt1 at acpi0: bus -1 (GPP0)
> acpiprt2 at acpi0: bus 1 (GPP1)
> acpiprt3 at acpi0: bus 2 (GPP2)
> acpiprt4 at acpi0: bus -1 (GPP3)
> acpiprt5 at acpi0: bus -1 (GPP4)
> acpiprt6 at acpi0: bus 3 (GFX0)
> acpiprt7 at acpi0: bus -1 (GFX1)
> acpiprt8 at acpi0: bus -1 (GFX2)
> acpiprt9 at acpi0: bus -1 (GFX3)
> acpiprt10 at acpi0: bus -1 (GFX4)
> acpiec0 at acpi0
> acpicpu at acpi0 not configured
> acpipwrres at acpi0 not configured
> acpipwrres at acpi0 not configured
> acpipwrres at acpi0 not configured
> acpipwrres at acpi0 not configured
> acpipwrres at acpi0 not configured
> acpipwrres at acpi0 not configured
> acpipwrres at acpi0 not configured
> acpipwrres at acpi0 not configured
> acpipwrres at acpi0 not configured
> "PNP0C0C" at acpi0 not configured
> "PNP0C0E" at acpi0 not configured
> "FUJ7401" at acpi0 not configured
> "PNP0C0A" at acpi0 not configured
> "ACPI0003" at acpi0 not configured
> "PNP0C14" at acpi0 not configured
> "PNP0C0D" at acpi0 not configured
> "AMD0030" at acpi0 not configured
> "AMD0010" at acpi0 not configured
> "ELAN0501" at acpi0 not configured
> "MSFT0101" at acpi0 not configured
> pci0 at mainbus0 bus 0
> pchb0 at pci0 dev 0 function 0 "AMD AMD64 15h Root Complex" rev 0x00
> vga1 at pci0 dev 1 function 0 "ATI Carrizo" rev 0xcc
> vga1: aperture needed
> wsdisplay1 at vga1 mux 1: console (80x25, vt100 emulation)
> "ATI Radeon HD Audio" rev 0x00 at pci0 dev 1 function 1 no

Re: Listen-on parameter in iked.conf

[mabi]

On April 16, 2018 9:05 AM, Stuart Henderson  wrote:

> There is not, but the main place this is needed is for setting the
> 
> "from" address for outgoing packets. isakmpd uses the "default" address
> 
> for this, which is often wrong on a multihomed system so it's necessary
> 
> to bind to a particular address to fix this. iked (at least in the
> 
> last few releases) uses the address from "local" in the config instead,
> 
> so binding isn't needed in most cases.

I see, so as long as I use the "local" parameter in iked.conf with the local IP 
address which I use for my site-2-site VPN I am saying to iked to listen only 
on that IP address. Here would be my generic example for a site-2-site VPN 
between two OpenBSD firewalls:

ikev2 passive esp \
from $local_network to $remote_network local $local_ip peer $remote_ip \
srcid $local_ip

I was also wondering in the case of a site-2-site VPN should one side be in 
active mode and the other one in passive mode? or what is usually used for 
site-2-site VPN?

adb 5.1.1.4 and Android 8

[dmitry.sensei]

Hi!.

The current version of the adb does not work with Android 8.0


In Linux, I updated the version of the utilities to the latest version.

Can someone compile the latest version for OpenBSD?

-- 
Dmitry Orlov

Re: Listen-on parameter in iked.conf

[Stuart Henderson]

On 2018-04-15, mabi  wrote:
> I just moved from isakmpd to iked and could not find the parameter name in 
> iked.conf in order to tell iked on which IP it should listen. With 
> isakmpd.conf I would use the following:
>
> [General]
> Listen-on=  123.123.123.123
>
> Is there any equivalent with iked?

There is not, but the main place this is needed is for setting the
"from" address for outgoing packets. isakmpd uses the "default" address
for this, which is often wrong on a multihomed system so it's necessary
to bind to a particular address to fix this. iked (at least in the
last few releases) uses the address from "local" in the config instead,
so binding isn't needed in most cases.