Re: procmail and new grammar in smtpd.conf
On Wed, Dec 05, 2018 at 10:07:34AM -0500, Daniel Corbe wrote: > at 6:22 AM, Eda Sky wrote: > > > > Executive summary: delete the procmail port; the code is not safe and > > should not be used as a basis for any further work. > Is maildrop a recommended alternative?
[OpenBSD 6.4][OpenIKED] Route to IPSec tunnel?
Iām building a gateway to encrypt some traffics: Client ā> Gateway ā> VPN Server ā> Internet (192.168.1.16) (10.0.0.2) [Gateway] /etc/iked.conf: ikev2 quick active ipcomp esp \ from 10.0.0.2 to 0.0.0.0/0 \ local egress peer $vpn_server_ip \ ikesa auth hmac-sha2-512 enc aes-256 prf hmac-sha2-512 group curve25519 \ childsa enc chacha20-poly130 group curve25519 \ dstid "asgard.local" [VPN Server] /etc/iked.conf: ikev2 quick passive ipcomp esp \ from 0.0.0.0/0 to 10.0.0.2 \ local egress \ ikesa auth hmac-sha2-512 enc aes-256 prf hmac-sha2-512 group curve25519 \ childsa enc chacha20-poly130 group curve25519 \ dstid "blackjack.local" The SA has been established. When I ping 10.0.0.2 on VPN Server and tcpdump on gateway enc0 I got: # tcpdump -envps 1500 -i enc0 -l tcpdump: listening on enc0, link-type ENC 03:48:20.778584 (authentic,confidential): SPI 0x7f27bd3b: $vpn_server_ip > $gateway_ip: $vpn_server_ip > 10.0.0.2: icmp: echo request (id:4656 seq:0) [icmp cksum ok] (ttl 255, id 60419, len 84) (ttl 50, id 59144, len 104) 03:48:21.788330 (authentic,confidential): SPI 0x7f27bd3b: $vpn_server_ip > $gateway_ip: $vpn_server_ip > 10.0.0.2: icmp: echo request (id:4656 seq:1) [icmp cksum ok] (ttl 255, id 1688, len 84) (ttl 50, id 31496, len 104) How can I route the packets from the client to the VPN server on the gateway? When I was using OpenVPN, I did the routing in pf.conf: pass in quick from 192.168.1.0/24 to !192.168.1.0/24 route-to tun0 pass out quick on tun0 from 192.168.1.0/24 to any nat-to tun0 However, there is no tunnel device created after the SA is established on OpenBSD. Did I miss something to create it? Best regards, Siegfried
Re: rtable, rdomain for ppp0 with DHCP assigned IP
I've finally decided to keep ppp0 in default kernel's rdomain 0. It seems more efficient is to move em0 into rdomain 1 and start all the services related to em0 using rtable 1. But one question. How to keep OpenVPN functionality for em0 in rdomain 1? # cat /etc/hostname.tap0 up description 'conn1' inet 192.168.1.1 255.255.255.0 192.168.1.255 !/usr/bin/env LD_LIBRARY_PATH=/usr/lib:/usr/local/lib /usr/local/sbin/openvpn --config /etc/openvpn/server.conf Does it work, if I changed last row to: !/sbin/route -T1 exec /usr/bin/env LD_LIBRARY_PATH=/usr/lib:/usr/local/lib /usr/local/sbin/openvpn --config /etc/openvpn/server.conf On 12/10/2018 12:56 PM, Stuart Henderson wrote: > On 2018-12-09, Denis wrote: >> Stuck when running cvsync in rdomain 1. It seems cvsync does not using >> second routing table because of pf.conf misconfiguration or something. >> >> em0 as a main ISP channel, ppp0 works as reserved wireless ISP channel. >> Some system services like cvsync, git, ntp should use second routing >> table (rtable 1) assigned to ppp0. >> >> # route -T1 exec cvsync -c /etc/cvsync.conf >> Connecting to cvsync_server_remote_IP port >> host cvsync_server_remote_IP port : Can't assing requested address >> service is not available at cvsync_server_remote_IP port >> >> --- configs >> # cat /etc/hostname.em0 >> rdomain 0 >> dhcp >> >> # cat /etc/hostname.ppp0 >> rdomain 1 >> dhcp > > DHCP doesn't run on PPP. > >> # pppd call ISP >> >> # ifconfig ppp0 >> ppp0: flags=8051 rdomain 1 mtu 1500 >> index 7 priority 0 llprio 3 >> grups: ppp >> inet ISP_ppp0_gateway --> local_ppp0_IP netmask 0xffc0 >> >> # route -T1 show >> local_ppp0_IPISP_ppp0_gateway_IP UH Prio 8 ppp0 >> ISP_ppp0_gateway_IP ISP_ppp0_gateway_IP UHl Prio 1 ppp0 > > No default route. Perhaps you need to run pppd in rdomain 1? > >> # cat /etc/pf.conf >> ... >> match out on rdomain 0 from lo0 to any nat-to (em0) port 1024:65535 rtable 0 >> match out on rdomain 1 from lo0 to any nat-to (ppp0) port 1024:65535 >> rtable 1 >> ... >> pass out quick on ppp0 inet proto tcp from (ppp0) to any port flags >> S/SA modulate state queue cvs >> ... > > As an aside, I would recommend using rsync rather than cvsync - many > of the repo mirrors offer this, it's noted on cvsync.html. cvsync is > fragile and frequently breaks. >
Re: rtable, rdomain for ppp0 with DHCP assigned IP
On 12/10/2018 12:56 PM, Stuart Henderson wrote: > On 2018-12-09, Denis wrote: >> Stuck when running cvsync in rdomain 1. It seems cvsync does not using >> second routing table because of pf.conf misconfiguration or something. >> >> em0 as a main ISP channel, ppp0 works as reserved wireless ISP channel. >> Some system services like cvsync, git, ntp should use second routing >> table (rtable 1) assigned to ppp0. >> >> # route -T1 exec cvsync -c /etc/cvsync.conf >> Connecting to cvsync_server_remote_IP port >> host cvsync_server_remote_IP port : Can't assing requested address >> service is not available at cvsync_server_remote_IP port >> >> --- configs >> # cat /etc/hostname.em0 >> rdomain 0 >> dhcp >> >> # cat /etc/hostname.ppp0 >> rdomain 1 >> dhcp > > DHCP doesn't run on PPP. My mistake, the actual content of hostname.ppp0 is: rdomain 1 inet 10.0.99.1 255.255.255.0 10.0.99.255 > >> # pppd call ISP >> >> # ifconfig ppp0 >> ppp0: flags=8051 rdomain 1 mtu 1500 >> index 7 priority 0 llprio 3 >> grups: ppp >> inet ISP_ppp0_gateway --> local_ppp0_IP netmask 0xffc0 inet 10.161.49.16 --> 10.0.99.1 netmast 0xffc0 >> >> # route -T1 show >> local_ppp0_IPISP_ppp0_gateway_IP UH Prio 8 ppp0 >> ISP_ppp0_gateway_IP ISP_ppp0_gateway_IP UHl Prio 1 ppp0 # route -T1 show 10.0.99.1 10.161.49.16UH Prio 8 ppp0 10.161.49.1610.161.49.16UHl Prio 1 ppp0 > > No default route. Perhaps you need to run pppd in rdomain 1? By running pppd in rdomain 1: # route -T1 exec pppd call ISP I have the same routing table as above. No default route as before. dmesg shows some kernel messages every second: ppp0: trying to send packet on wrong domain. if 1 vs. mbuf 0, AF 0 ppp0: trying to send packet on wrong domain. if 1 vs. mbuf 0, AF 0 > >> # cat /etc/pf.conf >> ... >> match out on rdomain 0 from lo0 to any nat-to (em0) port 1024:65535 rtable 0 >> match out on rdomain 1 from lo0 to any nat-to (ppp0) port 1024:65535 >> rtable 1 >> ... >> pass out quick on ppp0 inet proto tcp from (ppp0) to any port flags >> S/SA modulate state queue cvs >> ... > > As an aside, I would recommend using rsync rather than cvsync - many > of the repo mirrors offer this, it's noted on cvsync.html. cvsync is > fragile and frequently breaks. > Stuart, thank you for advice. First of all I would like to fix rdomain, next stop will be migrate from cvsync to rsync, although I have no any sensible issues with cvsync before. By the way, can rsync be encrypted? Do repo mirrors accept encryption overlap for it?
Re: current port build under 6.2
On 2018 Dec 11 (Tue) at 17:30:56 +0100 (+0100), Bambero wrote: :Hi, :I'm trying to compile clamav from current snapshots under OBSD 6.2 but it :returns error when building package: : That's not supported. ports and src need to be in lock-step. If you want to install ports for 6.2, you'll need to use 6.2 ports or packages. However, it may be best to upgrade to 6.4, or even -current. -- I am so optimistic about beef prices that I've just leased a pot roast with an option to buy.
current port build under 6.2
Hi, I'm trying to compile clamav from current snapshots under OBSD 6.2 but it returns error when building package: Installing /usr/ports/security/clamav/pkg/clamav_milter.rc as /usr/ports/pobj/clamav-0.101.0/fake-amd64/etc/rc.d/clamav_milter Installing /usr/ports/security/clamav/pkg/clamd.rc as /usr/ports/pobj/clamav-0.101.0/fake-amd64/etc/rc.d/clamd Installing /usr/ports/security/clamav/pkg/freshclam.rc as /usr/ports/pobj/clamav-0.101.0/fake-amd64/etc/rc.d/freshclam ===> Building package for clamav-0.101.0p1 Create /usr/ports/packages/amd64/all/clamav-0.101.0p1.tgz checksumming|** | 25% Error: /usr/ports/pobj/clamav-0.101.0/fake-amd64/etc/rc.d/bin/clamav-config does not exist Error: /usr/ports/pobj/clamav-0.101.0/fake-amd64/etc/rc.d/bin/clambc does not exist Error: /usr/ports/pobj/clamav-0.101.0/fake-amd64/etc/rc.d/bin/clamconf does not exist Error: /usr/ports/pobj/clamav-0.101.0/fake-amd64/etc/rc.d/bin/clamdscan does not exist Error: /usr/ports/pobj/clamav-0.101.0/fake-amd64/etc/rc.d/bin/clamdtop does not exist Error: /usr/ports/pobj/clamav-0.101.0/fake-amd64/etc/rc.d/bin/clamscan does not exist Error: /usr/ports/pobj/clamav-0.101.0/fake-amd64/etc/rc.d/bin/clamsubmit does not exist Error: /usr/ports/pobj/clamav-0.101.0/fake-amd64/etc/rc.d/bin/freshclam does not exist Error: /usr/ports/pobj/clamav-0.101.0/fake-amd64/etc/rc.d/bin/sigtool does not exist Error: /usr/ports/pobj/clamav-0.101.0/fake-amd64/etc/rc.d/include/clamav.h does not exist Error: /usr/ports/pobj/clamav-0.101.0/fake-amd64/etc/rc.d/lib/libclamav.a does not exist Error: /usr/ports/pobj/clamav-0.101.0/fake-amd64/etc/rc.d/lib/libclamav.la does not exist Error: /usr/ports/pobj/clamav-0.101.0/fake-amd64/etc/rc.d/lib/libclamav.so.23.0 does not exist Error: /usr/ports/pobj/clamav-0.101.0/fake-amd64/etc/rc.d/lib/libclammspack.a does not exist Error: /usr/ports/pobj/clamav-0.101.0/fake-amd64/etc/rc.d/lib/ libclammspack.la does not exist Error: /usr/ports/pobj/clamav-0.101.0/fake-amd64/etc/rc.d/lib/libclammspack.so.1.0 does not exist Error: /usr/ports/pobj/clamav-0.101.0/fake-amd64/etc/rc.d/lib/libclamunrar.a does not exist Error: /usr/ports/pobj/clamav-0.101.0/fake-amd64/etc/rc.d/lib/ libclamunrar.la does not exist Error: /usr/ports/pobj/clamav-0.101.0/fake-amd64/etc/rc.d/lib/libclamunrar.so.4.0 does not exist Error: /usr/ports/pobj/clamav-0.101.0/fake-amd64/etc/rc.d/lib/libclamunrar_iface.a does not exist Error: /usr/ports/pobj/clamav-0.101.0/fake-amd64/etc/rc.d/lib/ libclamunrar_iface.la does not exist Error: /usr/ports/pobj/clamav-0.101.0/fake-amd64/etc/rc.d/lib/libclamunrar_iface.so.4.0 does not exist Error: /usr/ports/pobj/clamav-0.101.0/fake-amd64/etc/rc.d/lib/pkgconfig/libclamav.pc does not exist Error: /usr/ports/pobj/clamav-0.101.0/fake-amd64/etc/rc.d/man/man1/clambc.1 does not exist Error: /usr/ports/pobj/clamav-0.101.0/fake-amd64/etc/rc.d/man/man1/clamconf.1 does not exist Error: /usr/ports/pobj/clamav-0.101.0/fake-amd64/etc/rc.d/man/man1/clamdscan.1 does not exist Error: /usr/ports/pobj/clamav-0.101.0/fake-amd64/etc/rc.d/man/man1/clamdtop.1 does not exist Error: /usr/ports/pobj/clamav-0.101.0/fake-amd64/etc/rc.d/man/man1/clamscan.1 does not exist Error: /usr/ports/pobj/clamav-0.101.0/fake-amd64/etc/rc.d/man/man1/clamsubmit.1 does not exist Error: /usr/ports/pobj/clamav-0.101.0/fake-amd64/etc/rc.d/man/man1/freshclam.1 does not exist Error: /usr/ports/pobj/clamav-0.101.0/fake-amd64/etc/rc.d/man/man1/sigtool.1 does not exist Error: /usr/ports/pobj/clamav-0.101.0/fake-amd64/etc/rc.d/man/man5/clamav-milter.conf.5 does not exist Error: /usr/ports/pobj/clamav-0.101.0/fake-amd64/etc/rc.d/man/man5/clamd.conf.5 does not exist Error: /usr/ports/pobj/clamav-0.101.0/fake-amd64/etc/rc.d/man/man5/freshclam.conf.5 does not exist Error: /usr/ports/pobj/clamav-0.101.0/fake-amd64/etc/rc.d/man/man8/clamav-milter.8 does not exist Error: /usr/ports/pobj/clamav-0.101.0/fake-amd64/etc/rc.d/man/man8/clamd.8 does not exist Error: /usr/ports/pobj/clamav-0.101.0/fake-amd64/etc/rc.d/sbin/clamav-milter does not exist Error: /usr/ports/pobj/clamav-0.101.0/fake-amd64/etc/rc.d/sbin/clamd does not exist Error: /usr/ports/pobj/clamav-0.101.0/fake-amd64/etc/rc.d/share/doc/clamav/UserManual.md does not exist Error: /usr/ports/pobj/clamav-0.101.0/fake-amd64/etc/rc.d/share/doc/clamav/UserManual/Installation-Unix.md does not exist Error: /usr/ports/pobj/clamav-0.101.0/fake-amd64/etc/rc.d/share/doc/clamav/UserManual/Installation-Unix/Steps-Debian-Ubuntu.md does not exist Error: /usr/ports/pobj/clamav-0.101.0/fake-amd64/etc/rc.d/share/doc/clamav/UserManual/Installation-Unix/Steps-Redhat-CentOS.md does not exist Error: /usr/ports/pobj/clamav-0.101.0/fake-amd64/etc/rc.d/share/doc/clamav/UserManual/Installation-Unix/Steps-macOS.md does not exist Error: /usr/ports/pobj/clamav-0.101.0/fake-amd64/etc/rc.d/share/doc/clamav/UserManual/Installation-Windows.md does not exist Error:
Re: rtwn
On 2018-12-11, gilmulin wrote: > My network device is Realtek RTL8723BE Wireless LAN 802.11 PCI-E NIC. > > By the way, rtwn driver has the firmware for my device: > # ls /etc/firmware | grep rtwn-rtl8723 > rtwn-rtl8723befw_36 > rtwn-rtl8723fw > rtwn-rtl8723fw_B Firmware was added for some newer Realtek wlan devices to make it easier to work on the driver, but it doesn't mean that the device is supported yet.