Web based document / spredsheet editor
Hi colleges, I need to set up some kind of collaborative environment (rich text docjuments, basic tables) — request is „something like google docs“. As I’m almost working in shell I have to say that I’m little bit lost in this area. Could you recommend me some web-based application (idealy something which is „easily“ deployed on OpenBSD)? If it wouldn’t have behind some of the ‚big frameworks‘, it would be great. Any hints welcomed … Thanks M> S pozdravem / Kind regards Martin Sukaný UNIX Engineer, Developer, DevOps specialist xmpp: mar...@sukany.cz phone: +420 776 275 713 email: mar...@sukany.cz l: https://www.linkedin.com/in/martins6
Re: How many IPs can I block before taking a performance hit?
Hi, as the tables are stored in RAM anyway during thee processing it’s moreless matter of how fast are your DIMMs / CPU. I’m usually work with several tables with cca 30 K records - no impact on the performance so far. S pozdravem / Kind regards Martin Sukaný UNIX Engineer, Developer, DevOps specialist xmpp: mar...@sukany.cz phone: +420 776 275 713 email: mar...@sukany.cz l: https://www.linkedin.com/in/martins6 > 12. 8. 2020 v 14:22, Stuart Harland : > > This is one of those “How long is a piece of string” examples. > > You don’t give a lot in the way of specifications so as to come up with a > reasonble guess. But the guesses are meaningless anyway, as the packet > filtering subsystems are pretty efficient and very rapid. > > In reality with sufficient CPU clock speed and memory for the state tables, > you should be able to simultaneously block thousands and thousands, if not > more. > > Not particularly scientific, but there we are. > > Stuart > >> On 12 Aug 2020, at 13:11, Alan McKay wrote: >> >> Hey folks, >> >> This is one that is difficult to test in a test environment. >> >> I've got OpenBSD 6.5 on a relatively new pair of servers each with 8G RAM. >> >> With some scripting I'm looking at feeding block IPs to the firewalls >> to block bad-guys in near real time, but in theory if we got attacked >> by a bot net or something like that, it could result in a few thousand >> IPs being blocked. Possibly even 10s of thousands. >> >> Are there any real-world data out there on how big of a block list we >> can handle without impacting performance? >> >> We're doing the standard /etc/blacklist to load a table and then have >> a block on the table right at the top of the ruleset. >> >> thanks, >> -Alan >> >> -- >> "You should sit in nature for 20 minutes a day. >> Unless you are busy, then you should sit for an hour" >>- Zen Proverb >> >
Re: Alpine-virt vmd guest tsc directive
There is quite nice article how to prepare own headless ISO — for Debian it’s quite the same … https://giocher.com/words/2018/ubuntu-on-openbsd-vmm/ S pozdravem / Kind regards Martin Sukaný UNIX Engineer, Developer, DevOps specialist xmpp: mar...@sukany.cz phone: +420 776 275 713 email: mar...@sukany.cz l: https://www.linkedin.com/in/martins6 > 29. 6. 2020 v 21:53, George : > > > On 2020-06-29 12:54 p.m., Martin wrote: >> George, thanks for your feedback! >> >> I'd prefer OpenBSD in 99% of situations, but now I need to roll out Docker. >> Docker = linux. So I have to solve all the major issues, especially with >> clock, and run it for a project using OpenBSD host of course. > > > Work is an imposed 'choice' ;) and yes that is where virtualization shines a > little light in the tunnel. > > >> >> I set vmd Debian desktop guest a year ago with 5.2.x kernel which boots >> headless on vmd. Virtual framebuffer used for VNC connection from the same >> OpenBSD host by vnc viewer. Works perfectly, except clock... > > > I would be interested in any instructions you might have on setting that up. > > >> >> >> Currently, rebuilt kernel and vmd from -current. Going to make 5.4.x related >> vmm_clock module for minimalist Alpine-virt Linux guest. I'll report about >> results once done. > > > That would be great. > > Thanks. > > >> >> Martin >> >> ‐‐‐ Original Message ‐‐‐ >> On Monday, June 29, 2020 4:21 PM, George wrote: >> >>> On 2020-06-29 8:51 a.m., Martin Sukany wrote: >>> >>>> Hi George, >>>> did you solved the issue? I remember that I faces similar thing when I >>>> installed headless ubuntu as a guest … My issue was related to the fact >>>> that I used ‚boot cdrom‘ directive inside my configuration (seems that >>>> there is a bit inconsistency between the man page and the real >>>> configuration). >>>> This is is a relevant piece of my config: >>>> vm "ubuntu" { >>>> memory 2G >>>> cdrom /data/vms/_iso/mini-serial.iso >>>> disk /data/vms/ubuntu.raw >>>> interface tap { switch "uplink" } >>>> disable >>>> } >>>> I had bad experience with usage of qcow2 disk format for Linux based >>>> guests — especially when you’re trying to do dozens of I/O operations — >>>> several disk containers crashed before I migrated them to raw format. >>>> if you have more than 4 vms, don’t forget to create another /dev/tap >>>> device, otherwise you could expect the unexpectable behaviour :) >>>> M> >>> Hello Martin, >>> >>> Thanks for the pointers. I abandoned my Linux efforts, too many issue >>> and things to learn no time now. My goals could be satisfied by an >>> OpenBSD VM and it is much better than most Linuxes ;). I have been >>> swimming against the current (read using things/software/apis/os/tools >>> etc. when people said it is not what is supposed to be done) but as of >>> late I find it more relaxing going with it ;). >>> >>> Virtualization is such a ... mess which like everything else in our >>> lives nowadays is designed to cover another mess ... I want to run Linux >>> software on OpenBSD because I don't want to dedicate a machine to Linux >>> and want to upgrade or run the version I want until I want ... I should >>> be free to make that choice because of "I", sarcastic here, problem is >>> CPU vendors and OS developers have to jump some hoops and add some >>> features to make it happen ... and then things happen that the I does >>> not like. >>> >>> Thanks for adding this info albeit to the wrong thread, I read it >>> because I like Alpine and was thinking of it myself, but they don't have >>> a ready console install version do they? >>> >>> Cheers, >>> >>> George >>> >>>>>> Hi guys, >>>>>> I apologize if this maybe out of topic even though it is truly related >>>>>> to VMM than Debian. >>>>>> I am trying to setup a VMM Debian based guest but I'm not able to get it >>>>>> to work. I found some description on the web about which settings to >>>>>> edit in grub.cfg to enable the serial console and created a VM with 10.3 >>>>>> in qcow2 disk format in KVM. Now I am trying to start the same on >>>>>> OpenBSD 6.7 but keep getting the connected message and then just >>>>>> "Rebooting " after I hit some keyboard keys seems like baud rate issue >>>>>> but not sure. >>>>>> After messing with it for a while now I am getting a new error: >>>>>> vmctl: could not open disk image(s) >>>>>> even thought the disk is there and readable to the user I have setup in >>>>>> vm.conf in fact I have another VM with the same configuration and disk >>>>>> with the same permissions and in the same location that works (it is >>>>>> OpenBSD based). >>>>>> I would greatly appreciate it if someone has gone this path and can >>>>>> share some config info with me. >>>>>> Cheers and thanks in advance, >>>>>> George >> signature.asc Description: Message signed with OpenPGP
Re: Alpine-virt vmd guest tsc directive
Hi George, did you solved the issue? I remember that I faces similar thing when I installed headless ubuntu as a guest … My issue was related to the fact that I used ‚boot cdrom‘ directive inside my configuration (seems that there is a bit inconsistency between the man page and the real configuration). This is is a relevant piece of my config: vm "ubuntu" { memory 2G cdrom /data/vms/_iso/mini-serial.iso disk /data/vms/ubuntu.raw interface tap { switch "uplink" } disable } I had bad experience with usage of qcow2 disk format for Linux based guests — especially when you’re trying to do dozens of I/O operations — several disk containers crashed before I migrated them to raw format. if you have more than 4 vms, don’t forget to create another /dev/tap device, otherwise you could expect the unexpectable behaviour :) M> > >> Hi guys, >> >> I apologize if this maybe out of topic even though it is truly related >> to VMM than Debian. >> >> I am trying to setup a VMM Debian based guest but I'm not able to get it >> to work. I found some description on the web about which settings to >> edit in grub.cfg to enable the serial console and created a VM with 10.3 >> in qcow2 disk format in KVM. Now I am trying to start the same on >> OpenBSD 6.7 but keep getting the connected message and then just >> "Rebooting " after I hit some keyboard keys seems like baud rate issue >> but not sure. >> >> After messing with it for a while now I am getting a new error: >> >> vmctl: could not open disk image(s) >> >> even thought the disk is there and readable to the user I have setup in >> vm.conf in fact I have another VM with the same configuration and disk >> with the same permissions and in the same location that works (it is >> OpenBSD based). >> >> I would greatly appreciate it if someone has gone this path and can >> share some config info with me. >> >> Cheers and thanks in advance, >> >> George > >
iked: macos couldn't connect
Hi there, I’ve tried to set up the IKEV2 VPN for my overall devices. I have the following network topology, where - vether0 (10.0.0.0/24) network groups some VMs (bridge0 is used as L2 switch grouping the appripriate tap devices) - enc0 (172.24.24.0/24) network is intended for the devices connecting the VPN server# ifconfig -a lo0: flags=8049 mtu 32768 index 4 priority 0 llprio 3 groups: lo inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4 inet 127.0.0.1 netmask 0xff00 bge0: flags=8843 mtu 1500 lladdr 50:65:f3:f0:9e:78 index 1 priority 0 llprio 3 groups: egress media: Ethernet autoselect (1000baseT full-duplex) status: active inet6 fe80::5265:f3ff:fef0:9e78%bge0 prefixlen 64 scopeid 0x1 inet6 2a02:2b88:2:2::6e2c:1 prefixlen 64 inet 89.221.223.253 netmask 0xff00 broadcast 89.221.223.255 bge1: flags=8802 mtu 1500 lladdr 50:65:f3:f0:9e:79 index 2 priority 0 llprio 3 media: Ethernet autoselect (none) status: no carrier enc0: flags=41 index 3 priority 0 llprio 3 groups: enc status: active inet6 2001:470:8c78:a0::1 prefixlen 64 inet 172.24.24.1 netmask 0xff00 bridge0: flags=41 description: switch19-uplink index 5 llprio 3 groups: bridge priority 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp tap1 flags=3 port 60 ifpriority 0 ifcost 0 tap10 flags=3 port 59 ifpriority 0 ifcost 0 tap6 flags=3 port 58 ifpriority 0 ifcost 0 tap4 flags=3 port 57 ifpriority 0 ifcost 0 tap7 flags=3 port 55 ifpriority 0 ifcost 0 tap3 flags=3 port 52 ifpriority 0 ifcost 0 tap2 flags=3 port 51 ifpriority 0 ifcost 0 tap9 flags=3 port 50 ifpriority 0 ifcost 0 tap8 flags=3 port 49 ifpriority 0 ifcost 0 tap5 flags=3 port 13 ifpriority 0 ifcost 0 tap0 flags=3 port 8 ifpriority 0 ifcost 0 vether0 flags=3 port 6 ifpriority 0 ifcost 0 vether0: flags=8943 mtu 1500 lladdr fe:e1:ba:d0:bd:33 index 6 priority 0 llprio 3 groups: vether media: Ethernet autoselect status: active inet 10.0.0.1 netmask 0xff00 broadcast 10.0.0.255 pflog0: flags=141 mtu 33136 index 7 priority 0 llprio 3 groups: pflog tap0: flags=8943 mtu 1500 lladdr fe:e1:ba:d1:50:86 description: vm3-if0-namer index 8 priority 0 llprio 3 groups: tap status: active tap5: flags=8943 mtu 1500 lladdr fe:e1:ba:d6:76:2d description: vm2-if0-klarasukana index 13 priority 0 llprio 3 groups: tap status: active tap8: flags=8943 mtu 1500 lladdr fe:e1:ba:da:34:b7 description: vm5-if0-mail2 index 49 priority 0 llprio 3 groups: tap status: active tap9: flags=8943 mtu 1500 lladdr fe:e1:ba:db:53:5b description: vm5-if1-mail2 index 50 priority 0 llprio 3 groups: tap status: active tap2: flags=8943 mtu 1500 lladdr fe:e1:ba:dc:97:99 description: vm4-if0-mail1 index 51 priority 0 llprio 3 groups: tap status: active tap3: flags=8943 mtu 1500 lladdr fe:e1:ba:dd:64:70 description: vm4-if1-mail1 index 52 priority 0 llprio 3 groups: tap status: active tap7: flags=8943 mtu 1500 lladdr fe:e1:ba:d0:e6:00 description: vm8-if0-xmpp index 55 priority 0 llprio 3 groups: tap status: active tap4: flags=8943 mtu 1500 lladdr fe:e1:ba:d2:3e:83 description: vm7-if0-mda index 57 priority 0 llprio 3 groups: tap status: active tap6: flags=8943 mtu 1500 lladdr fe:e1:ba:d3:f0:9d description: vm1-if0-sukany index 58 priority 0 llprio 3 groups: tap status: active tap10: flags=8943 mtu 1500 lladdr fe:e1:ba:d4:ba:41 description: vm9-if0-ubuntu index 59 priority 0 llprio 3 groups: tap status: active tap1: flags=8943 mtu 1500 lladdr fe:e1:ba:d5:2b:25 description: vm6-if0-monitor index 60 priority 0 llprio 3 groups: tap status: active This is my sysctl.conf settings: net.inet.ip.forwarding=1 net.inet6.ip6.forwarding=1 There is my firewall settings external="bge0" internal="vether0" vpn="enc0" bridge="bridge0" dns="10.0.0.2" jabber="10.0.0.9" jitsi="10.0.0.10" tcp_pass_in= "{ 22 80 443 25 465 587 143 993 5232 5000 5222 5269 5280 }" udp_pass_in=" { 53 } " icmp_types = "{ echoreq, unreach }" set skip on lo set loginterface bge0 block in on $external all set block-policy drop set timeout {
iked: macos couldn't connect
Hi there, I’ve tried to set up the IKEV2 VPN for my overall devices. I have the following network topology, where - vether0 (10.0.0.0/24) network groups some VMs (bridge0 is used as L2 switch grouping the appripriate tap devices) - enc0 (172.24.24.0/24) network is intended for the devices connecting the VPN server# ifconfig -a lo0: flags=8049 mtu 32768 index 4 priority 0 llprio 3 groups: lo inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4 inet 127.0.0.1 netmask 0xff00 bge0: flags=8843 mtu 1500 lladdr 50:65:f3:f0:9e:78 index 1 priority 0 llprio 3 groups: egress media: Ethernet autoselect (1000baseT full-duplex) status: active inet6 fe80::5265:f3ff:fef0:9e78%bge0 prefixlen 64 scopeid 0x1 inet6 2a02:2b88:2:2::6e2c:1 prefixlen 64 inet 89.221.223.253 netmask 0xff00 broadcast 89.221.223.255 bge1: flags=8802 mtu 1500 lladdr 50:65:f3:f0:9e:79 index 2 priority 0 llprio 3 media: Ethernet autoselect (none) status: no carrier enc0: flags=41 index 3 priority 0 llprio 3 groups: enc status: active inet6 2001:470:8c78:a0::1 prefixlen 64 inet 172.24.24.1 netmask 0xff00 bridge0: flags=41 description: switch19-uplink index 5 llprio 3 groups: bridge priority 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp tap1 flags=3 port 60 ifpriority 0 ifcost 0 tap10 flags=3 port 59 ifpriority 0 ifcost 0 tap6 flags=3 port 58 ifpriority 0 ifcost 0 tap4 flags=3 port 57 ifpriority 0 ifcost 0 tap7 flags=3 port 55 ifpriority 0 ifcost 0 tap3 flags=3 port 52 ifpriority 0 ifcost 0 tap2 flags=3 port 51 ifpriority 0 ifcost 0 tap9 flags=3 port 50 ifpriority 0 ifcost 0 tap8 flags=3 port 49 ifpriority 0 ifcost 0 tap5 flags=3 port 13 ifpriority 0 ifcost 0 tap0 flags=3 port 8 ifpriority 0 ifcost 0 vether0 flags=3 port 6 ifpriority 0 ifcost 0 vether0: flags=8943 mtu 1500 lladdr fe:e1:ba:d0:bd:33 index 6 priority 0 llprio 3 groups: vether media: Ethernet autoselect status: active inet 10.0.0.1 netmask 0xff00 broadcast 10.0.0.255 pflog0: flags=141 mtu 33136 index 7 priority 0 llprio 3 groups: pflog tap0: flags=8943 mtu 1500 lladdr fe:e1:ba:d1:50:86 description: vm3-if0-namer index 8 priority 0 llprio 3 groups: tap status: active tap5: flags=8943 mtu 1500 lladdr fe:e1:ba:d6:76:2d description: vm2-if0-klarasukana index 13 priority 0 llprio 3 groups: tap status: active tap8: flags=8943 mtu 1500 lladdr fe:e1:ba:da:34:b7 description: vm5-if0-mail2 index 49 priority 0 llprio 3 groups: tap status: active tap9: flags=8943 mtu 1500 lladdr fe:e1:ba:db:53:5b description: vm5-if1-mail2 index 50 priority 0 llprio 3 groups: tap status: active tap2: flags=8943 mtu 1500 lladdr fe:e1:ba:dc:97:99 description: vm4-if0-mail1 index 51 priority 0 llprio 3 groups: tap status: active tap3: flags=8943 mtu 1500 lladdr fe:e1:ba:dd:64:70 description: vm4-if1-mail1 index 52 priority 0 llprio 3 groups: tap status: active tap7: flags=8943 mtu 1500 lladdr fe:e1:ba:d0:e6:00 description: vm8-if0-xmpp index 55 priority 0 llprio 3 groups: tap status: active tap4: flags=8943 mtu 1500 lladdr fe:e1:ba:d2:3e:83 description: vm7-if0-mda index 57 priority 0 llprio 3 groups: tap status: active tap6: flags=8943 mtu 1500 lladdr fe:e1:ba:d3:f0:9d description: vm1-if0-sukany index 58 priority 0 llprio 3 groups: tap status: active tap10: flags=8943 mtu 1500 lladdr fe:e1:ba:d4:ba:41 description: vm9-if0-ubuntu index 59 priority 0 llprio 3 groups: tap status: active tap1: flags=8943 mtu 1500 lladdr fe:e1:ba:d5:2b:25 description: vm6-if0-monitor index 60 priority 0 llprio 3 groups: tap status: active This is my sysctl.conf settings: net.inet.ip.forwarding=1 net.inet6.ip6.forwarding=1 There is my firewall settings external="bge0" internal="vether0" vpn="enc0" bridge="bridge0" dns="10.0.0.2" jabber="10.0.0.9" jitsi="10.0.0.10" tcp_pass_in= "{ 22 80 443 25 465 587 143 993 5232 5000 5222 5269 5280 }" udp_pass_in=" { 53 } " icmp_types = "{ echoreq, unreach }" set skip on lo set loginterface bge0 block in on $external all set block-policy drop set timeout {
Re: VMs as real hosts on the same network
could you post here your /etc/pf.conf rules? Dne 07. 12. 18 v 12:40 Mischa napsal(a): On 7 Dec 2018, at 12:32, mabi wrote: ‐‐‐ Original Message ‐‐‐ On Friday, December 7, 2018 11:43 AM, Mischa wrote: It might be as easy as adding: up cat /etc/hostname.bridge6 == add vlan6 up By default the bridge interface is not brought up. You can also run: ifconfig bridge6 up Good idea and I added "up" to my hostname.bridge6 file but it looks like it was already up (at least by doing an ifconfig bridge6 shows the "UP" flag). Neverthless to be on the safe side I rebooted the server but still not connectivity on the vlan6/bridge6 network for the VMs. On the bridge6 interface I can see the DHCP request with tcpdump when the OpenBSD installer in the VM tries to fetch an IP address with DHCP: 11:59:35.672258 0.0.0.0.68 > 255.255.255.255.67: xid:0xbafb375b [|bootp] [tos 0x10] Then on the DHCP server I can see the following in loop: Dec 7 12:00:27 dhcpsrv dhcpd[18917]: DHCPDISCOVER from fe:e1:bb:01:01:01 via XXX.XXX.XXX.1 Dec 7 12:00:27 dhcpsrv dhcpd[18917]: DHCPOFFER on XXX.XXX.XXX.101 to fe:e1:bb:01:01:01 via XXX.XXX.XXX.1 The IP address ending with .1 is the gateway on my public network and the one ending with .101 is the IP which should be assigned to my OpenBSD VM. It seems like the traffic is not flowing back to the VM itself. I just found a very interesting behaviour by running tcpdump on pretty much all interfaces of my server to analyze the traffic at different levels and BINGO: as soon as I run tcpdump on my trunk0 interface the DHCP request goes through and my VM has network connectivity! But as soon as I stop tcpdump on the trunk interface: no more network connectivity... Now as far as I know running tcpdump enables promiscous mode (PROMISC flag on the interface) and this should the reason why it works. But now what does it mean for my setup, do I need to enable promiscuous mode on my trunk interface manually? and if yes how can I do that? The VLAN does require an IP address as far as I am aware. Mischa -- Martin Sukany UNIX Engineer - Solaris / Linux / OpenBSD L3 Specialist +420 776 275 713 www.sukany.cz
Re: [OT?] I have 4 IPs. How is outbound IP selected, say run lynx URL on server?
routing. Dne 30. 11. 18 v 21:31 Chris Bennett napsal(a): I'm just curious. Is there a default method to select on this? Random? Can I control this somehow? It's clear how everything else selects IP, but I just wanted to know in case that ever mattered, say one of my IPs were blocked. And I wanted to be sure which IP outbound is or is not used for running something like lynx, etc. Not terribly important, but at least interesting question for me. Thanks, Chris Bennett -- Martin Sukany UNIX Engineer - Solaris / Linux / OpenBSD L3 Specialist +420 776 275 713 www.sukany.cz
Re: OpenBSD migration
Hello Nick, actually, this is the way I did it :) Machine is already migrated - it took less then 2hrs (I remember when i built it last year it took almost whole weekend ) ... M> On 11/19/18 2:29 PM, Nick Holland wrote: On 11/17/18 15:13, Martin Sukany wrote: Hi, I want to migrate OpenBSD 6.4 (stable) from VM to bare metal. I see, as usual, two options: 1) install everything from scratch 2) create some flashimage (I did such thing on Solaris few years ago) and apply the image on new hw. I'd be glad for any personal experience / recommendations. NOTE: Server is not so important so downtime is not a problem here I'm going to suggest option 3... 3) Restore from backup. You got a backup, right? You think it works, right? Here's /THE/ time to find out. I have done image migrations (dd partition->file, dd file->partition), I've done complete rebuilds, and they all work if done properly. OpenBSD is easier than most other OSs, regardless of how you do it, if you understand all the pieces. But really, this is when you get to test your backup. And, this should be the lowest down-time -- you can fully test the new system (AND FIX YOUR BACKUP PROCESS) before you flip the switch. Nick.
Re: OpenBSD migration
Thanks Guys, I decided to go trough fresh installation ... M> On 11/18/18 3:23 PM, Mitchell Riedstra wrote: Hi Martin, On Sat, Nov 17, 2018 at 3:18 PM Martin Sukany wrote: I want to migrate OpenBSD 6.4 (stable) from VM to bare metal. I see, as usual, two options: 1) install everything from scratch 2) create some flashimage (I did such thing on Solaris few years ago) and apply the image on new hw. OpenBSD is in many ways just files on a disk and it's possible to migrate from a VM to bare metal with a dump, tarball, rsync or similar. This will also require a somewhat in-depth understanding of the boot process, and setting up the fstab properly and perhaps other OpenBSD specific things I do not recall at this time. It's certainly possible to get this understanding by reading the installer scripts. I've had to do this on FreeBSD and Linux to migrate between hosting providers w/o downtime. It's painful and filled with some trial and error . For simple setups often takes longer than a re-install. If downtime isn't a major concern just back-up the important things and re-install. As others have mentioned getting the list of installed packages is doable, and even mentioned int the FAQ: https://www.openbsd.org/faq/faq15.html#PkgDup I hope this helps! -- Mitch -- Martin Sukany UNIX Engineer - Solaris / Linux / OpenBSD L3 specialist www.sukany.cz
amd64: installboot on RAID 1 cRYPTO
Hi, probably I'm overlooking something ... I have following disk layout: sd0, sd1 - physical drives sd2 - RAID 1 array with only "a" partiton on which CRYPTO device is created, sd3 - used as "connection point" for crypted device. So, finally the system is installed on sd3X partitions. Problem comes when I want to boot, I tried installboot sd2 /usr/mdec/biosboot /usr/mdec/boot After reboot I see the bootloader prompt but not able to boot, it screems that can't find sr0a:/bsd kernel If I understand it correctly, I'm booting from RAID now but I'm not able decrypt the CRYPTO device. NOTE: Using passphrase, not key, to encrypt CRYPTO device. I tried also install bootloader to sd2a but without success ... Any ideas? Thanks M>
OpenBSD migration
Hi, I want to migrate OpenBSD 6.4 (stable) from VM to bare metal. I see, as usual, two options: 1) install everything from scratch 2) create some flashimage (I did such thing on Solaris few years ago) and apply the image on new hw. I'd be glad for any personal experience / recommendations. NOTE: Server is not so important so downtime is not a problem here M>
Re: Vacation with smtpd doesn't work in 6.4
You're right, thanks. I set it up this way as I noticed similar behaviour in some bigger providers ... - changed now back to meet 2487. M> On 11/16/18 6:43 PM, Penty Wenngren wrote: On Fri, Nov 16, 2018 at 05:54:13PM +0100, Martin Sukany wrote: Hello Craig, I don't think so .. I'm just enforcing encrypted communication ... :) { listen on vio0 port25 tls-require auth-optional pki sukany.cz } M> RFC 2487: A publicly-referenced SMTP server MUST NOT require use of the STARTTLS extension in order to deliver mail locally. This rule prevents the STARTTLS extension from damaging the interoperability of the Internet's SMTP infrastructure. A publicly-referenced SMTP server is an SMTP server which runs on port 25 of an Internet host listed in the MX record (or A record if an MX record is not present) for the domain name on the right hand side of an Internet mail address. On 11/16/18 4:50 PM, Craig Skinner wrote: Martin, your mail server is badly configured (broken):- Begin forwarded message: From: mailer-dae...@britvault.co.uk (Mail Delivery System) To: skin...@britvault.co.uk Subject: Undelivered Mail Returned to Sender Date: Fri, 16 Nov 2018 12:17:13 + (GMT) This is the mail system at host teak.britvault.co.uk. I'm sorry to have to inform you that your message could not be delivered to one or more recipients. It's attached below. For further assistance, please send mail to postmaster. If you do so, please include this problem report. You can delete your own text from the attached returned message. The mail system : host server.sukany.cz[89.221.217.40] said: 530 5.5.1 Invalid command: Must issue a STARTTLS command first (in reply to MAIL FROM command) From: Craig Skinner To: Martin Sukany Subject: Re: Vacation with smtpd doesn't work in 6.4 Date: Fri, 16 Nov 2018 11:31:52 + Try the OpenSMTPd list Martin. http://www.OpenSMTPd.Org/list.html Cheers, Reporting-MTA: dns; teak.britvault.co.uk X-Postfix-Queue-ID: 42xGL107FCzVd X-Postfix-Sender: rfc822; skin...@britvault.co.uk Arrival-Date: Fri, 16 Nov 2018 11:32:23 + (GMT) Final-Recipient: rfc822; mar...@sukany.cz Original-Recipient: rfc822;mar...@sukany.cz Action: failed Status: 5.5.1 Remote-MTA: dns; server.sukany.cz Diagnostic-Code: smtp; 530 5.5.1 Invalid command: Must issue a STARTTLS command first -- Martin Sukany UNIX Engineer - Solaris / Linux / OpenBSD L3 specialist www.sukany.cz -- Martin Sukany UNIX Engineer - Solaris / Linux / OpenBSD L3 specialist www.sukany.cz
Re: Vacation with smtpd doesn't work in 6.4
Hello Craig, I don't think so .. I'm just enforcing encrypted communication ... :) { listen on vio0 port25 tls-require auth-optional pki sukany.cz } M> On 11/16/18 4:50 PM, Craig Skinner wrote: Martin, your mail server is badly configured (broken):- Begin forwarded message: From: mailer-dae...@britvault.co.uk (Mail Delivery System) To: skin...@britvault.co.uk Subject: Undelivered Mail Returned to Sender Date: Fri, 16 Nov 2018 12:17:13 + (GMT) This is the mail system at host teak.britvault.co.uk. I'm sorry to have to inform you that your message could not be delivered to one or more recipients. It's attached below. For further assistance, please send mail to postmaster. If you do so, please include this problem report. You can delete your own text from the attached returned message. The mail system : host server.sukany.cz[89.221.217.40] said: 530 5.5.1 Invalid command: Must issue a STARTTLS command first (in reply to MAIL FROM command) From: Craig Skinner To: Martin Sukany Subject: Re: Vacation with smtpd doesn't work in 6.4 Date: Fri, 16 Nov 2018 11:31:52 + Try the OpenSMTPd list Martin. http://www.OpenSMTPd.Org/list.html Cheers, Reporting-MTA: dns; teak.britvault.co.uk X-Postfix-Queue-ID: 42xGL107FCzVd X-Postfix-Sender: rfc822; skin...@britvault.co.uk Arrival-Date: Fri, 16 Nov 2018 11:32:23 + (GMT) Final-Recipient: rfc822; mar...@sukany.cz Original-Recipient: rfc822;mar...@sukany.cz Action: failed Status: 5.5.1 Remote-MTA: dns; server.sukany.cz Diagnostic-Code: smtp; 530 5.5.1 Invalid command: Must issue a STARTTLS command first -- Martin Sukany UNIX Engineer - Solaris / Linux / OpenBSD L3 specialist www.sukany.cz
Re: Vacation with smtpd doesn't work in 6.4
Well, I figured out, that problem is in vacation itself, where is missing proper control of recipient's address. In case, the header of original message contains line like: From: vacation encloses the message by "<>", so SMTPD then receives sth like: RCPT TO: <> As a temporary hack, I created little filter each message goes through before it's handled by vacation itself. If I have a time, I'll write patch for vacation Cheers M> On 11/15/18 3:48 PM, Martin Sukany wrote: Hi, I'm using vacation as auto-responder while I'm out of office. I've been using it by following way: 1) create ~/.vacation.msg contains body of the message 2) init vacation db $ vacation -i 3) update .forward file to pipe vacation (see below) Unfortunately starting 6.4, it seems like vacation sends mail with wrong address format, see output from maillog: _*(server) ~ # fgrep 342d2aa97860a044 /var/log/maillog*_ Nov 15 15:45:13 server smtpd[80519]: 342d2aa97860a044 smtp connected address=local host=server.sukany.cz Nov 15 15:45:13 server smtpd[80519]: 342d2aa97860a044 smtp failed-command address=local host=server.sukany.cz command="RCPT TO:<> " result="501 5.1.3: Recipient address syntax error" Nov 15 15:45:13 server smtpd[80519]: 342d2aa97860a044 smtp disconnected address=local host=server.sukany.cz reason=disconnect My configuration looks like: smtpd.conf_* (server) ~ # cat /etc/mail/smtpd.conf*_ pki sukany.cz cert "/etc/ssl/sukany.cz.crt" pki sukany.cz key "/etc/ssl/private/sukany.cz.key" listen on lo0 port 25 listen on vio0 port 25 tls-require auth-optional pki sukany.cz listen on vio0 port 465 smtps auth pki sukany.cz listen on vio0 port submission tls-require auth pki sukany.cz # DKIM listen on lo0 port 10028 tag DKIM table aliases file:/etc/mail/aliases action "local" maildir alias action "relay" relay action "procmail" mda "/usr/local/bin/procmail -f -" # DKIM action "relay_dkim" relay host smtp://127.0.0.1:10027 match for local action "local" match from any for domain "sukany.cz" action "local" match from any for domain "server.sukany.cz" action "local" match auth tag DKIM from any for any action "relay" match tag DKIM from local for any action "relay" # DKIM match auth from any for any action "relay_dkim" match from local for any action "relay_dkim"_* *_ _*(server) ~ # cat /home/martin/.forward*_ \martin, "|/usr/bin/vacation martin" Has anyone face the same / similar issue? Cheers M> -- Martin Sukany UNIX Engineer - Solaris / Linux / OpenBSD L3 specialist www.sukany.cz
Vacation with smtpd doesn't work in 6.4
Hi, I'm using vacation as auto-responder while I'm out of office. I've been using it by following way: 1) create ~/.vacation.msg contains body of the message 2) init vacation db $ vacation -i 3) update .forward file to pipe vacation (see below) Unfortunately starting 6.4, it seems like vacation sends mail with wrong address format, see output from maillog: _*(server) ~ # fgrep 342d2aa97860a044 /var/log/maillog*_ Nov 15 15:45:13 server smtpd[80519]: 342d2aa97860a044 smtp connected address=local host=server.sukany.cz Nov 15 15:45:13 server smtpd[80519]: 342d2aa97860a044 smtp failed-command address=local host=server.sukany.cz command="RCPT TO:<> " result="501 5.1.3: Recipient address syntax error" Nov 15 15:45:13 server smtpd[80519]: 342d2aa97860a044 smtp disconnected address=local host=server.sukany.cz reason=disconnect My configuration looks like: smtpd.conf_* (server) ~ # cat /etc/mail/smtpd.conf*_ pki sukany.cz cert "/etc/ssl/sukany.cz.crt" pki sukany.cz key "/etc/ssl/private/sukany.cz.key" listen on lo0 port 25 listen on vio0 port 25 tls-require auth-optional pki sukany.cz listen on vio0 port 465 smtps auth pki sukany.cz listen on vio0 port submission tls-require auth pki sukany.cz # DKIM listen on lo0 port 10028 tag DKIM table aliases file:/etc/mail/aliases action "local" maildir alias action "relay" relay action "procmail" mda "/usr/local/bin/procmail -f -" # DKIM action "relay_dkim" relay host smtp://127.0.0.1:10027 match for local action "local" match from any for domain "sukany.cz" action "local" match from any for domain "server.sukany.cz" action "local" match auth tag DKIM from any for any action "relay" match tag DKIM from local for any action "relay" # DKIM match auth from any for any action "relay_dkim" match from local for any action "relay_dkim"_* *_ _*(server) ~ # cat /home/martin/.forward*_ \martin, "|/usr/bin/vacation martin" Has anyone face the same / similar issue? Cheers M> -- Martin Sukany UNIX Engineer - Solaris / Linux / OpenBSD L3 specialist www.sukany.cz
Re: python3 script not running as root
Hi, you'd fix this by defining PATH variable in your crontab, or specify the full path to python3 interpreter instead using env. M> On 11/15/18 8:39 AM, Markus Rosjat wrote: Hi all, I have a python script to get some traffic stats from my machines and it is running without problems except for a new installed OpenBSD 6.4 machine. There I get following error: env: python3: No such file or directory This only happens when the cronjob is running when I run it from terminal with doas it works. That is kinda odd sice both root and my user have python3 and env in there $PATH at least the path to the executable. some hints would be appreciated. regards