Re: NPPPD Server behind a firewall
>> There are ways to make even Windows clients use actual crypto with IPsec if >> needed, though last I checked it could not be done from the GUI but required >> powershell commands. (I don't have a URL handy, sorry, but this information >> wasn't very hard to find when I needed it.) > > Thanks. I will investigate. This has to work with iPads as well. Yuk! I would srongly recommend switching to IKEv2 if you can, it is far easier to come up with a config that still gives decent crypto with mixed client platforms. (Internal client on Apple OS and non-ancient Windows - strongswan on Android/Linux). >> I suspect getting IPsec SAs going with both peers behind NAT is tricky. > > I agree. The IPsec side should be ok as long as everything supports nat-t (not unusual).
Re: HTTPD directory index
On 2019-10-13, Patrick Dohman wrote: > Hoping to clarify if OpenBSD HTTPD supports index.html & index.php > simultaneously? >From a quick look at manual and code (I don't use httpd other than for testing) - you can set a different index in each location block, but you can only use one filename each time, there is no fallback to a second file if the first doesn't exist.
Re: Certain size packets not passing through a L2 over L3 IPsec tunnel
On 2019-10-10, Russell Sutherland wrote: > I've set up a L2overL3 tunnel using the template as found in "man etherip". I > am running OpenBSD 5.9, which I believe is the first version to support the > etherip interface. > > I find the bridge/tunnel does not pass a small range of specific sized > packets. > > E.g. if 1.2.3.4 is at the far end of the tunnel and I am pinging from the > local end: > > ping -s 1388 1.2.3.4 works > ping -s 1396 1.2.3.4 works > > All other sizes, 1389 to 1395 inclusive fail. > > Is there some way to remedy this? If you have different MTUs each side (e.g. common if one end uses pppoe), or if there is a link between the two tunnel endpoints with restricted MTU (which you might not notice for TCP connections because it may rewrite the MSS value), then reduce MTU on the endpoints to the lowest common denominator.
Re: IKEv2 OpenBSD client using X.509 Certificate Authentication
On 2019-10-07, Tristan Pilat wrote: > I'm trying to set up a IKEv2 VPN using X.509 Certificate Authentication with > iked(8). In the Virtual Private Networks (VPN) section of the FAQ there no > section about setting up this with an OpenBSD client. Is there anybody here > who's done that before? Hoping someone will tell me that I'm wrong, but iked's client-side support is not very flexible and I don't think it supports this - it definitely doesn't support username/password auth as a client. strongswan is in packages if that helps..
Re: Cannot configure IPv6 to a neighbor that drops NDP traffic
If you don’t have issues with Linux, could this be possibly handled by DHCP automatically? > Am 16.10.2019 um 00:40 schrieb Demi M. Obenour : > > I am trying to configure IPv6 support for an OpenBSD VM running on > QubesOS, but have not been successful. Is this likely due to NDP > traffic being blocked by the peer? If so, is there a workaround? > Linux manages to connect fine. > > For context, QubesOS uses Xen networking, and drops all IP traffic > that is not directly from a VM’s assigned address. This includes > traffic on link-local addresses. > > Thank you, > > Demi >
Re: Problems with route installation to fib from OSPF
Hi Remi, Thank you very much for your time with this issue. I was afraid that you couldn't reproduce it, since I wasn't able to reproduce it anymore in that location. regarding your comment: " The result was that for a short period of time I had two fib entries for the service IP with different next hops on the FW. After the inactivity timeout expires the first route is removed. " That's what I would expect to happen, but the route didn't disappear at all from the FIB, it was stuck there. But even in this event, I shouldn't get the "file exists" error, since the next hop of the route is different from the previous route, it should install and having at least Multipath. Regarding: " Because of the log message send_rtmsg: action 1, prefix 10.250.250.153/32: File exists I understand that in your case the two Ubuntu hosts advertised the service IP both with the same next hop and ospfd could not add that route because it was already present. It was present because the 1st box did not withdraw it's routes. (action 1 means "add route" (RTM_ADD)). " Well, if the 2 hosts advertised the service IP, I don't understand how and why. The 2nd Ubuntu host was not announcing the route because the IP wasn't set in the interface, it is set if keepalived set's it. When we shut the first Ubuntu box, it stops sending lsa's and keepalive messages simultaneously, and also, the other Ubuntu box when starts to send the lsa's related to the new prefix, send it with is own IP address, so next-hop will be now other IP. And this gets reflected in the OSPF RIB, what made me believe that is something related to ospfd process not being able to install it on FIB. Regarding pcap, I'll try to do this in other location running captures in FW's. I've found other place where the route is with MPATH flag without any reason, and since the issue faced was in this situation, I'll try to reproduce in this place. Right now, in this new place it's like this: root@fw1:~# route -n get 10.250.250.153/32 route to: 10.250.250.153 destination: 10.250.250.153 mask: 255.255.255.255 gateway: 10.10.53.20 interface: vlan1253 if address: 10.10.53.18 priority: 32 (ospf) flags: use mtu expire 57966509 0 0 root@fw1:~# route -n show | grep 10.250.250.153 10.250.250.153/32 10.10.53.20 _* UGP *_ 0 57967353 - 32 vlan1253 10.250.250.153/32 10.2.20.75 UG 0 0 - 48 vlan360 root@dc1fw1:~# There is 2 routes available, but with different priorities as one is OSPF and other BGP, so this shouldn't set the flag for MPATH. I'll update this when I'm able to do this test again. Once again, Thank you very much for your help. Best regards, João Alves On 15.10.19 20:17, Remi Locherer wrote: > Hi João, > > On Thu, Oct 10, 2019 at 03:01:30PM +0200, Joao Alves wrote: >> Hello OpenBSD team, >> >> >> We are facing an issue with OSPF related routes and would like to >> request your help as it seems to be a OSPF to FIB route replication issue. >> >> This happened already once in a different location, that one is running >> OpenBSD 6.3 and the site of the current report is OpenBSD 6.5 >> >> >> *Describing:* >> >> >> We have a setup with a FW cluster of 2 hosts talking OSPF to 2 Ubuntu >> boxes running Quagga. >> >> >> The 2 Ubuntu boxes run keepalived between them to install a secondary IP >> address on the interface, the service IP address. >> >> OSPF is configured to advertise this floating service IP and it's >> advertised only when it's available in the interface. >> >> OSPF is configured to not become DR/BDR in Ubuntu hosts >> >> >> *Initial state:* >> >> Service is active in ubuntu host A, everything working. >> >> root@fw1:~# ospfctl show nei >> ID Pri State DeadTime Address Iface Uptime >> (...) >> 10.10.53.28 1 FULL/OTHER 00:00:04 10.10.53.28 vlan1353 00:16:01 >> 172.16.50.3 1 FULL/DR 00:00:04 10.10.53.27 vlan1353 03w2d10h >> 10.10.53.29 1 FULL/OTHER 00:00:04 10.10.53.29 vlan1353 00:04:38 >> >> >> *Facing the issue:* >> >> Ubuntu host A is shutdown, keepalived converges to host B and OSPF >> advertises the network, but service IP is unreachable. >> >> FW receives the correct update and we see the new nexthop correct in >> "ospfctl show rib", >> >> >> root@fw1:~# ospfctl show rib |grep 10.250.250.153 >> 10.250.250.153/32 10.10.53.29 Intra-Area Network 110 >> 00:03:10 >> root@fw1:~# >> >> >> however FIB still points to old nexthop, the 10.10.53.28. The new >> nexthop should end in .29. >> >> >> root@fw1:~# route -n get 10.250.250.153 >> route to: 10.250.250.153 >> destination: 10.250.250.153 >> mask: 255.255.255.255 >> gateway: 10.10.53.28 >> interface: vlan1353 >> if address: 10.10.53.26 >> priority: 32 (ospf) >> flags: >> use mtu expire >> 8298 0 0 >> root@fw1:~# >> >> in logs we see th
Re: IKEv2 OpenBSD client using X.509 Certificate Authentication
On 10/16/19 at 08:31P, Stuart Henderson wrote: > On 2019-10-07, Tristan Pilat wrote: > > I'm trying to set up a IKEv2 VPN using X.509 Certificate Authentication with > > iked(8). In the Virtual Private Networks (VPN) section of the FAQ there no > > section about setting up this with an OpenBSD client. Is there anybody here > > who's done that before? > > Hoping someone will tell me that I'm wrong, but iked's client-side support is > not very flexible and I don't think it supports this - it definitely doesn't > support username/password auth as a client. Does X.509 Certificate Authentication necessarily include the use of an username/password auth mechanism? > strongswan is in packages if that helps.. I'll use strongswan as a last resort but I'd really like to sort this out and use iked instead. I've actually gotten somewhere since I wrote this call for help. So here's what I did. I put the last two blocks of my example.pem file in a /etc/iked/ca/example.crt file and copied example.pem to /etc/iked/certs/example.crt And after some research I ended up with this configuration file : # cat /etc/iked.conf local_ip="198.51.100.1" local_network="192.0.2.0/24 " remote_ip="198.51.100.2" remote_network="203.0.113.0/24" ikev2 'example' active esp \ from $local_network to $remote_network \ local $local_ip peer $remote_ip \ ikesa auth hmac-sha1 enc aes-256 prf hmac-sha1 group modp1536 \ childsa auth hmac-sha1 enc aes-256 group modp1536 \ srcid "/C=FR/O=XXX/OU=0002 479766842/OU=X/CN=XXX" \ dstid "/C=FR/O=XXX/OU=0002 479766842/OU=X/CN=YYY" \ ikelifetime 86400 lifetime 28800 But I'm still stuck here with an "ikev2_pld_notify: AUTHENTICATION_FAILED, closing SA" Here's the full iked output: # iked -dvvT local_ip = "198.51.100.1" local_network = "192.0.2.0/24" remote_ip = "198.51.100.2" remote_network = "203.0.113.0/24" set_policy_auth_method: using rfc7427 for peer ikev2 "XXX" active esp inet from 192.0.2.0/24 to 203.0.113.0/24 local 198.51.100.1 peer 198.51.100.2 ikesa enc aes-256 prf hmac-sha1 auth hmac-sha1 group modp1536 childsa enc aes-256 auth hmac-sha1 group modp1536 srcid /C=FR/O=XXX/OU=0002 479766842/OU=X/CN=XXX dstid /C=FR/O=XXX/OU=0002 479766842/OU=X/CN=YYY ikelifetime 86400 lifetime 28800 bytes 536870912 rfc7427 /etc/iked.conf: loaded 1 configuration rules ca_privkey_serialize: type RSA_KEY length 1191 ca_pubkey_serialize: type RSA_KEY length 270 ca_privkey_to_method: type RSA_KEY method RSA_SIG ca_getkey: received private key type RSA_KEY length 1191 ca_getkey: received public key type RSA_KEY length 270 ca_dispatch_parent: config reset ca_reload: loaded ca file example.crt ca_reload: /C=FR/O=XXX/OU=0002 120061023/CN=X ca_reload: /CN=XXX-ROOT/OU=0002 120061023/O=/C=FR ca_reload: loaded 2 ca certificates ca_reload: loaded cert file example.crt ca_validate_cert: /C=FR/O=XXX/OU=0002 120061023/CN=AC XXX 2018 ok ca_validate_cert: /C=FR/O=XXX/OU=0002 479766842/OU=X/CN=XXX ok ca_validate_cert: /CN=XXX-ROOT/OU=0002 120061023/O=/C=FR ok ca_reload: local cert type X509_CERT config_getocsp: ocsp_url none ikev2_dispatch_cert: updated local CERTREQ type X509_CERT length 40 ikev2_dispatch_cert: updated local CERTREQ type X509_CERT length 40 config_getpolicy: received policy config_getpfkey: received pfkey fd 3 config_getcompile: compilation done config_getsocket: received socket fd 4 config_getsocket: received socket fd 5 config_getmobike: mobike ikev2_init_ike_sa: initiating "XXX" ca_x509_name_parse: setting 'C' to 'FR' ca_x509_name_parse: setting 'O' to 'XXX' ca_x509_name_parse: setting 'OU' to '0002 479766842' ca_x509_name_parse: setting 'OU' to 'X' ca_x509_name_parse: setting 'CN' to 'XXX' ikev2_policy2id: srcid ASN1_DN//C=FR/O=XXX/OU=0002 479766842/OU=X/CN=XXX length 109 ikev2_add_proposals: length 44 ikev2_next_payload: length 48 nextpayload KE ikev2_next_payload: length 200 nextpayload NONCE ikev2_next_payload: length 36 nextpayload NOTIFY ikev2_next_payload: length 14 nextpayload NONE ikev2_pld_parse: header ispi 0x30eecb84950d6a8a rspi 0x nextpayload SA version 0x20 exchange IKE_SA_INIT flags 0x08 msgid 0 length 326 response 0 ikev2_pld_payloads: payload SA nextpayload KE critical 0x00 length 48 ikev2_pld_sa: more 0 reserved 0 length 44 proposal #1 protoid IKE spisize 0 xforms 4 spi 0 ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA1_96 ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4 ikev2_pld_xform: more 3 reserved 0 length 8 type DH id MODP_1536 ikev2_pld_xform: more 0 reserved 0 length 8 type PRF id HMAC_SHA1 ikev2_pld_payloads: payload KE nextpayload NONCE critical 0x00 length 200 ikev2_pld_ke: dh group MODP_1536 reserved 0 i
Re: IKEv2 OpenBSD client using X.509 Certificate Authentication
On 2019/10/16 15:49, Tristan Pilat" wrote: > On 10/16/19 at 08:31P, Stuart Henderson wrote: > > On 2019-10-07, Tristan Pilat wrote: > > > I'm trying to set up a IKEv2 VPN using X.509 Certificate Authentication > > > with > > > iked(8). In the Virtual Private Networks (VPN) section of the FAQ there no > > > section about setting up this with an OpenBSD client. Is there anybody > > > here > > > who's done that before? > > > > Hoping someone will tell me that I'm wrong, but iked's client-side support > > is > > not very flexible and I don't think it supports this - it definitely doesn't > > support username/password auth as a client. > > Does X.509 Certificate Authentication necessarily include the use of an > username/password auth mechanism? No that is a different and very common mechanism that is definitely not supported as a client (but is supported as a server). I mentioned it because I think that the same thing may well apply for X.509 cert authentication. (And if iked *does* support X.509 cert auth, it is at the very least lacking documentation). My feeling is that iked usually works pretty well as the server-side of client/server, it has some capabilities for doing lan-to-lan, but there's not much in the way of client-side support. > ikev2_pld_payloads: payload VENDOR nextpayload NONE critical 0x00 length 20 > ikev2_sa_negotiate: score 4 > sa_stateok: SA_INIT flags 0x, require 0x0009 cert,auth > Oct 11 16:13:02 x.example.net local4.warning Local:198.51.100.2:500 > Remote:198.51.100.1:1011 Username:198.51.100.1 IKEv2 Negotiation aborted due > to ERROR: Peer authentication method configured is mismatching with the > method proposed by peer That message is clear but I can't suggest how to change what iked is doing for this or say whether it *can* be changed.
Re: Softraid data recovery
On 2019-10-15 13:44, Steven Surdock wrote: Model Family: Western Digital Black Device Model: WDC WD4001FAEX-00MJRA0 196 Reallocated_Event_Count 0x0032 200 200 000Old_age Always - 0 197 Current_Pending_Sector 0x0032 200 200 000Old_age Always - 9 198 Offline_Uncorrectable 0x0030 200 200 000Old_age Offline - 9 199 UDMA_CRC_Error_Count0x0032 200 200 000Old_age Always - 0 200 Multi_Zone_Error_Rate 0x0008 200 200 000Old_age Offline - 9 Looks like 9 bad sectors which can't be remapped for whatever reason. UDMA_CRC error count is on 0, which looks like your SATA cable is fine. The drive is kind of strange since it still claim Raw read error rate to have on 0. Model Family: Western Digital Black Device Model: WDC WD4003FZEX-00Z4SA0 Serial Number:WD-WMC5D0D50MLK Vendor Specific SMART Attributes with Thresholds: ID# ATTRIBUTE_NAME FLAG VALUE WORST THRESH TYPE UPDATED WHEN_FAILED RAW_VALUE 1 Raw_Read_Error_Rate 0x002f 200 200 051Pre-fail Always - 6 196 Reallocated_Event_Count 0x0032 200 200 000Old_age Always - 0 197 Current_Pending_Sector 0x0032 200 200 000Old_age Always - 0 198 Offline_Uncorrectable 0x0030 200 200 000Old_age Offline - 4 199 UDMA_CRC_Error_Count0x0032 200 200 000Old_age Always - 0 200 Multi_Zone_Error_Rate 0x0008 200 200 000Old_age Offline - 6 Looks like 4 uncorrectable sectors while 6 raw read error happened. You can attempt to run -t long to learn more about your 2 drives (with -a following long test), but I still consider both drives happily dyeing.
Re: Softraid data recovery
> -Original Message- > From: Karel Gardas > Sent: Wednesday, October 16, 2019 11:26 AM > To: Steven Surdock > Cc: misc@openbsd.org > Subject: Re: Softraid data recovery > > On 2019-10-15 13:44, Steven Surdock wrote: > > Model Family: Western Digital Black > > Device Model: WDC WD4001FAEX-00MJRA0 > > 196 Reallocated_Event_Count 0x0032 200 200 000Old_age > Always - 0 > > 197 Current_Pending_Sector 0x0032 200 200 000Old_age > Always - 9 > > 198 Offline_Uncorrectable 0x0030 200 200 000Old_age > Offline - 9 > > 199 UDMA_CRC_Error_Count0x0032 200 200 000Old_age > Always - 0 > > 200 Multi_Zone_Error_Rate 0x0008 200 200 000Old_age > Offline - 9 > > Looks like 9 bad sectors which can't be remapped for whatever reason. > UDMA_CRC error count is on 0, which looks like your SATA cable is fine. > The drive is kind of strange since it still claim Raw read error rate to > have on 0. > > > Model Family: Western Digital Black > > Device Model: WDC WD4003FZEX-00Z4SA0 > > Serial Number:WD-WMC5D0D50MLK > > Vendor Specific SMART Attributes with Thresholds: > > ID# ATTRIBUTE_NAME FLAG VALUE WORST THRESH TYPE > UPDATED WHEN_FAILED RAW_VALUE > >1 Raw_Read_Error_Rate 0x002f 200 200 051Pre-fail > Always - 6 > > 196 Reallocated_Event_Count 0x0032 200 200 000Old_age > Always - 0 > > 197 Current_Pending_Sector 0x0032 200 200 000Old_age > Always - 0 > > 198 Offline_Uncorrectable 0x0030 200 200 000Old_age > Offline - 4 > > 199 UDMA_CRC_Error_Count0x0032 200 200 000Old_age > Always - 0 > > 200 Multi_Zone_Error_Rate 0x0008 200 200 000Old_age > Offline - 6 > > Looks like 4 uncorrectable sectors while 6 raw read error happened. > > You can attempt to run -t long to learn more about your 2 drives > (with -a following long test), but I still consider both drives happily > dyeing. Considered and working to replace. I'm still working on recovering as much data as possible. As noted, one partition is backups, but I had some scripts on there I did not backup. Thanks.
Re: Cannot configure IPv6 to a neighbor that drops NDP traffic
On 2019-10-15, Demi M. Obenour wrote: > I am trying to configure IPv6 support for an OpenBSD VM running on > QubesOS, but have not been successful. Is this likely due to NDP > traffic being blocked by the peer? If so, is there a workaround? > Linux manages to connect fine. > > For context, QubesOS uses Xen networking, and drops all IP traffic > that is not directly from a VM’s assigned address. This includes > traffic on link-local addresses. > > Thank you, > > Demi > > I bet it doesn't drop traffic from *all* link-local addresses, just ones that it doesn't expect. If you are on a release that enables SOII, you can try disabling it with "ifconfig -soii", or upgrade to 6.6 where SOII is no longer used for link-local addresses. Also, if you are using autoconf rather than hard-coding, you'll probably need to disable autoconfprivacy.
diff upgrade66
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 I may be wrong, but wouldn't that be better? It seems to me that there is a gap between the two 'rm' commands, isn't it? Index: faq/upgrade66.html === RCS file: /cvs/www/faq/upgrade66.html,v retrieving revision 1.10 diff -u -p -r1.10 upgrade66.html - --- faq/upgrade66.html16 Oct 2019 17:48:16 - 1.10 +++ faq/upgrade66.html 16 Oct 2019 19:15:14 - @@ -136,7 +136,7 @@ any post-release fixes. acme-client(1). https://man.openbsd.org/OpenBSD-6.6/acme-client.1";>acme-client(1) - - has been updated to implement the recently published RFC 8555. Users + has been updated to implement the recently published RFC 8555. Users must change the api url in https://man.openbsd.org/OpenBSD-6.6/acme-client.5";> /etc/acme-client.conf from @@ -286,7 +286,7 @@ any post-release fixes. Remove files associated with client use of the X Font Service: rm -f /usr/X11R6/lib/pkgconfig/libfs.pc \ - -/usr/X11R6/include/X11/fonts/FSlib.h +/usr/X11R6/include/X11/fonts/FSlib.h; rm -rf /usr/X11R6/share/doc/libFS - -- ~ " Fully Basic System Distinguish Life! " ~ " Libre as a BSD " +=<<< - Stephane HUC as PengouinBSD or CIOTBSD b...@stephane-huc.net -BEGIN PGP SIGNATURE- iHUEARYKAB0WIQScTRXz7kMlZfGpDZMTq98t3AMG7wUCXadtqgAKCRATq98t3AMG 7+knAP4zKUDtNRqKXViMb+i9hI24Ms5FV3/9U3opu+RynEU6swD/cgonOxAxyjaD FfPIkSqaa3gQMqZoRMV9bMECabjAkwQ= =TlO9 -END PGP SIGNATURE-
Encrypting my keydisk
Hi, I was wondering if there is a reason for the lack of keydisk encryption. And if there is a reason what that would be. Or maybe I'm just missing something and there is a way to achieve this. Please correct me. Thanks for your time. g Stephan
Patch for www:upgrade66
Hi Here a diff for www page: upgrade66 It seems to have on error Right? Index: macppc.html === RCS file: /cvs/www/macppc.html,v retrieving revision 1.267 diff -u -p -r1.267 macppc.html --- macppc.html 1 Jun 2019 23:12:48 - 1.267 +++ macppc.html 16 Oct 2019 19:15:13 - @@ -1,7 +1,14 @@ +<<< macppc.html +http://www.w3.org/TR/html4/loose.dtd";> + + +=== +>>> 1.267 OpenBSD/macppc @@ -161,7 +168,11 @@ Known compatible systems include the fol +<<< macppc.html +To help us improve the accuracy of this list, PLEASE +=== To help us improve the accuracy of this list, PLEASE +>>> 1.267 send your dmesg after installation to mailto:dm...@openbsd.org";>dm...@openbsd.org. @@ -182,8 +193,13 @@ to mailto:dm...@openbsd.org";>dm Apple Shasta +<<< macppc.html +PCI-Bridges +(https://man.openbsd.org/?query=pchb&arch=macppc&sektion=4";>pchb) +=== PCI-Bridges (https://man.openbsd.org/macppc/pchb.4";>pchb) +>>> 1.267 Apple Bandit Apple Intrepid 2 AGP @@ -313,8 +329,13 @@ to mailto:dm...@openbsd.org";>dm LSIFC909, LSIFC919, LSIFC919X, LSIFC929, LSIFC929X, LSIFC949, LSIFC949X, LSISAS1064, LSISAS1064E, LSISAS1068, LSISAS1068E +<<< macppc.html +All PCI IDE +(https://man.openbsd.org/?query=pciide&arch=macppc&sektion=4";>pciide) +=== All PCI IDE (https://man.openbsd.org/macppc/pciide.4";>pciide) +>>> 1.267 adapters supported by the i386 platform @@ -344,6 +365,16 @@ adapters supported by the https://man.openbsd.org/?query=ukbd&arch=macppc&sektion=4";>ukbd) +Apple touchpad mouse (https://man.openbsd.org/?query=utpms&arch=macppc&sektion=4";>utpms) +Gude ADS Expert mouseCLOCK USB and Expert mouseCLOCK USB II DCF77 and HBG radio clocks (https://man.openbsd.org/?query=udcf&arch=macppc&sektion=4";>udcf) +Solid Year Keyboard and Mouse (https://man.openbsd.org/?query=ukbd&arch=macppc&sektion=4";>ukbd) (https://man.openbsd.org/?query=ums&arch=macppc&sektion=4";>ums) +Logitech M4848 (https://man.openbsd.org/?query=ums&arch=macppc&sektion=4";>ums) +Kensington USB/PS2 Wheel Mouse (https://man.openbsd.org/?query=ums&arch=macppc&sektion=4";>ums) +USB Zip Drives (https://man.openbsd.org/?query=umass&arch=macppc&sektion=4";>umass) + +=== Alps Electric Apple USB Keyboard (https://man.openbsd.org/macppc/ukbd.4";>ukbd) Apple touchpad mouse (https://man.openbsd.org/macppc/utpms.4";>utpms) Gude ADS Expert mouseCLOCK USB and Expert mouseCLOCK USB II DCF77 and HBG radio clocks (https://man.openbsd.org/macppc/udcf.4";>udcf) @@ -352,11 +383,17 @@ adapters supported by the https://man.openbsd.org/macppc/ums.4";>ums) USB Zip Drives (https://man.openbsd.org/macppc/umass.4";>umass) +>>> 1.267 CardBus/PCMCIA bridges +<<< macppc.html +PBG4 onboard CardBus bridge is now supported, as are PCI CardBus bridges. +(https://man.openbsd.org/?query=cbb&sektion=4";>cbb) +=== PBG4 onboard CardBus bridge is now supported, as are PCI CardBus bridges. (https://man.openbsd.org/cbb.4";>cbb) +>>> 1.267 PC Cards (PCMCIA / Cardbus) @@ -485,10 +522,16 @@ There are several installation media pro while leaving the "C" key pressed will bootstrap the installation procedure. Alternatively, the CD can be booted at the Open Firmware prompt, with +<<< macppc.html + + boot cd:,ofwboot 6.5/macppc/bsd.rd + +=== boot cd:,ofwboot 6.5/macppc/bsd.rd +>>> 1.267 Mac OS based boot If the system disk is shared with Mac OS, the ofwboot bootloader @@ -529,12 +572,23 @@ detect which drive is the root drive, so prompt for a root drive or fail. +<<< macppc.html +ultra0 is always a valid root drive. +ultra1 is valid as a root disk, as long as ultra0 +=== ultra0 is always a valid root drive. ultra1 is valid as a root disk, as long as ultra0 +>>> 1.267 is a hard drive, not a non-hard disk ATAPI device. +<<< macppc.html +ide1 (Zip drive bay) is valid as a root disk if no hard drive is + located at ultra1, +ide0 (cdrom) is valid as a root drive only if no hard +=== ide1 (Zip drive bay) is valid as a root disk if no hard drive is located at ultra1, ide0 (cdrom) is valid as a root drive only if no hard +>>> 1.267 drives are connected to the Ultra bus. Index: faq/faq17.html === RCS file: /cvs/www/faq/faq17.html,v retrieving revision 1.11 diff -u -p -r1.11 faq17.html --- faq/faq17.html 21 Jun 2019 08:22:16 - 1.11 +++ faq/faq17.html 16 Oct 2019 19:15:14 - @@ -627,8 +627,13 @@ ike dynamic esp transport proto udp from psk mekmitasdigoat +<<< faq17.html +Once the IKEv1 tunnel is up and running, the L2TP tunnel need to be configured. +OpenBSD doesn't provide an L2TP client by default, so installing +=== Once the IKEv1 tunnel is up and running, the L2TP tunnel needs to be configured. OpenBSD doesn'
Re: Patch for www:upgrade66
Excuse me; it's a mistake. Ignore this mail, please On 10/16/19 11:40 PM, b...@stephane-huc.net wrote: > Hi > > Here a diff for www page: upgrade66 > > It seems to have on error > > Right? > > > > Index: macppc.html > === > RCS file: /cvs/www/macppc.html,v > retrieving revision 1.267 > diff -u -p -r1.267 macppc.html > --- macppc.html 1 Jun 2019 23:12:48 - 1.267 > +++ macppc.html 16 Oct 2019 19:15:13 - > @@ -1,7 +1,14 @@ > +<<< macppc.html > + +"http://www.w3.org/TR/html4/loose.dtd";> > + > + > +=== > > > > > +>>> 1.267 > OpenBSD/macppc > > > @@ -161,7 +168,11 @@ Known compatible systems include the fol > > > > +<<< macppc.html > +To help us improve the accuracy of this list, PLEASE > +=== > To help us improve the accuracy of this list, PLEASE > +>>> 1.267 > send your dmesg after installation > to mailto:dm...@openbsd.org";>dm...@openbsd.org. > > @@ -182,8 +193,13 @@ to mailto:dm...@openbsd.org";>dm > Apple Shasta > > > +<<< macppc.html > +PCI-Bridges > +( href="https://man.openbsd.org/?query=pchb&arch=macppc&sektion=4";>pchb) > +=== > PCI-Bridges > (https://man.openbsd.org/macppc/pchb.4";>pchb) > +>>> 1.267 > > Apple Bandit > Apple Intrepid 2 AGP > @@ -313,8 +329,13 @@ to mailto:dm...@openbsd.org";>dm > LSIFC909, LSIFC919, LSIFC919X, LSIFC929, LSIFC929X, LSIFC949, > LSIFC949X, > LSISAS1064, LSISAS1064E, LSISAS1068, LSISAS1068E > > +<<< macppc.html > +All PCI IDE > +( href="https://man.openbsd.org/?query=pciide&arch=macppc&sektion=4";>pciide) > +=== > All PCI IDE > (https://man.openbsd.org/macppc/pciide.4";>pciide) > +>>> 1.267 > adapters supported by the i386 platform > > > @@ -344,6 +365,16 @@ adapters supported by the https://man.openbsd.org/?query=ukbd&arch=macppc&sektion=4";>ukbd) > +Apple touchpad mouse ( href="https://man.openbsd.org/?query=utpms&arch=macppc&sektion=4";>utpms) > +Gude ADS Expert mouseCLOCK USB and Expert mouseCLOCK USB II DCF77 and > HBG radio clocks ( href="https://man.openbsd.org/?query=udcf&arch=macppc&sektion=4";>udcf) > +Solid Year Keyboard and Mouse ( href="https://man.openbsd.org/?query=ukbd&arch=macppc&sektion=4";>ukbd) > ( href="https://man.openbsd.org/?query=ums&arch=macppc&sektion=4";>ums) > +Logitech M4848 ( href="https://man.openbsd.org/?query=ums&arch=macppc&sektion=4";>ums) > +Kensington USB/PS2 Wheel Mouse ( href="https://man.openbsd.org/?query=ums&arch=macppc&sektion=4";>ums) > +USB Zip Drives ( href="https://man.openbsd.org/?query=umass&arch=macppc&sektion=4";>umass) > + > +=== > Alps Electric Apple USB Keyboard ( href="https://man.openbsd.org/macppc/ukbd.4";>ukbd) > Apple touchpad mouse ( href="https://man.openbsd.org/macppc/utpms.4";>utpms) > Gude ADS Expert mouseCLOCK USB and Expert mouseCLOCK USB II DCF77 and > HBG radio clocks (https://man.openbsd.org/macppc/udcf.4";>udcf) > @@ -352,11 +383,17 @@ adapters supported by the https://man.openbsd.org/macppc/ums.4";>ums) > USB Zip Drives ( href="https://man.openbsd.org/macppc/umass.4";>umass) > > +>>> 1.267 > > CardBus/PCMCIA bridges > > +<<< macppc.html > +PBG4 onboard CardBus bridge is now supported, as are PCI CardBus bridges. > +(https://man.openbsd.org/?query=cbb&sektion=4";>cbb) > +=== > PBG4 onboard CardBus bridge is now supported, as are PCI CardBus bridges. > (https://man.openbsd.org/cbb.4";>cbb) > +>>> 1.267 > > > PC Cards (PCMCIA / Cardbus) > @@ -485,10 +522,16 @@ There are several installation media pro >while leaving the "C" key pressed will bootstrap the installation >procedure. >Alternatively, the CD can be booted at the Open Firmware prompt, with > +<<< macppc.html > + > + boot cd:,ofwboot 6.5/macppc/bsd.rd > + > +=== > > >boot cd:,ofwboot 6.5/macppc/bsd.rd > > +>>> 1.267 >Mac OS based boot > >If the system disk is shared with Mac OS, the ofwboot > bootloader > @@ -529,12 +572,23 @@ detect which drive is the root drive, so > prompt for a root drive or fail. > > > +<<< macppc.html > +ultra0 is always a valid root drive. > +ultra1 is valid as a root disk, as long as ultra0 > +=== > ultra0 is always a valid root drive. > ultra1 is valid as a root disk, as long as > ultra0 > +>>> 1.267 >is a hard drive, not a non-hard disk ATAPI device. > +<<< macppc.html > +ide1 (Zip drive bay) is valid as a root disk if no hard drive is > + located at ultra1, > +ide0 (cdrom) is valid as a root drive only if no hard > +=== > ide1 (Zip drive bay) is valid as a root disk if no hard > drive is >located at ultra1, > ide0 (cdrom) is valid as a root drive only > if no hard > +>>> 1.267 >drives are connected to the Ultra bus. > > > Index: faq/faq17.html > === > RCS file: /cvs/www/faq/faq17.html,v > retrieving revision