Re: support new

[Wesley MOUEDINE ASSABY]

Hello Ingo,

Parfait, merci beaucoup.

Regards,

Wesley

-Message d'origine-
De : Ingo Schwarze  
Envoyé : mardi 24 octobre 2023 15:35
À : Wesley MOUEDINE ASSABY 
Cc : misc@openbsd.org
Objet : Re: support new

Hi Wesley,

Wesley MOUEDINE ASSABY wrote on Tue, Oct 24, 2023 at 02:06:47PM +0400:

> 0
> C France
> P REUNION
> T Sainte Clotilde
> Z 97490
> O Consultant
> I Wesley Mouedine Assaby
> M wes...@mouedine.net <mailto:wes...@mouedine.net> U 
> https://www.mouedine.net N OpenBSD consulting, services like 
> mailserver, web hosting, firewall and vpn.

Committed with s/vpn/VPN/, the spelling familiar from OpenBSD manual pages.
I removed all information from your old entry that you no longer included in
your new entry.

The new entry is now online here, please check:

  https://www.openbsd.org/support.html#France

Yours,
  Ingo

support update

[Wesley MOUEDINE ASSABY]

Please, can you remove my old entry < AISE-INFORMATIQUE > in < France >
area.

Thank's !

 

support new

[Wesley MOUEDINE ASSABY]

0

C France

P REUNION

T Sainte Clotilde

Z 97490

O Consultant

I Wesley Mouedine Assaby

M wes...@mouedine.net <mailto:wes...@mouedine.net> 

U https://www.mouedine.net

N OpenBSD consulting, services like mailserver, web hosting, firewall and
vpn.

 

 

 

Re: pkg_add, stdout and exit code

[Wesley Mouedine Assaby]

What's about the stdout ?

On 13.02.2019 02:11, Solene Rapenne wrote:
On Wed, Feb 13, 2019 at 01:56:07AM -0500, Wesley Mouedine Assaby 
wrote:

Hi all,

I'm using OpenBSD 6.4 amd64 (GENERIC.MP) #6

Using 'pkg_add' i can't access stdout, and the exit code stays 0 
whatever it

finds or not the package to install.

Example :
doas pkg_add sl > file.stdout
echo $? # exit code is 0
cat file.stdout # empty file

or
doas pkg_add sl > file.stdout 2>&1
cat file.stdout # empty file

Therefore, i can access stderr trying to install a bad package name 
but exit

code stays 0
doas pkg_add sli > file.stderr
echo $? # exit code is 0
cat file.stderr # => Can't find sli

Reading pkg_add(1) :
Interactive mode is the default on a tty
-I Force non-interactive mode. Default is to be interactive when run 
from a

tty.
-i Force interactive mode, even if not run from a tty. pkg_add may 
ask

questions to the user if faced with difficult decisions.

I also tried with -i/-I same issue.

Any way to get stdout ? Is this an expected behavior ?

Thanks,

  Wesley


hi,

I don't know about pkg_add return codes but what you are currently
looking is the return code of doas which return >0 in those cases as
explained in doas(1):

• The config file /etc/doas.conf could not be parsed.
• The user attempted to run a command which is not permitted.
• The password was incorrect.
• The specified command was not found or is not executable.

pkg_add, stdout and exit code

[Wesley Mouedine Assaby]

Hi all,

I'm using OpenBSD 6.4 amd64 (GENERIC.MP) #6

Using 'pkg_add' i can't access stdout, and the exit code stays 0 
whatever it finds or not the package to install.


Example :
doas pkg_add sl > file.stdout
echo $? # exit code is 0
cat file.stdout # empty file

or
doas pkg_add sl > file.stdout 2>&1
cat file.stdout # empty file

Therefore, i can access stderr trying to install a bad package name but 
exit code stays 0

doas pkg_add sli > file.stderr
echo $? # exit code is 0
cat file.stderr # => Can't find sli

Reading pkg_add(1) :
Interactive mode is the default on a tty
-I Force non-interactive mode. Default is to be interactive when run 
from a tty.
-i Force interactive mode, even if not run from a tty. pkg_add may ask 
questions to the user if faced with difficult decisions.


I also tried with -i/-I same issue.

Any way to get stdout ? Is this an expected behavior ?

Thanks,

  Wesley

Re: Ruby On Rails application with httpd

[Wesley MOUEDINE ASSABY]

Le 2018-03-19 15:55, Artur Pedziwilk a écrit :
On 15 Feb 2018, at 12:03, Wesley MOUEDINE ASSABY 
 wrote:


Is there a way to get a 'Ruby on Rails' application running with the 
embedded OpenBSD httpd(+slowcgi??) ?


Why like that? Relayd is perfect for that on OpenBSD IMHO.


Do you have an example ? (httpd + relayd)

Thank's anyway.

/Wesley

Re: Custom bsd.rd to include auto_install.conf

[Wesley MOUEDINE ASSABY]

Try 'upobsd' tool
(http://ports.su/sysutils/upobsd)
(https://maly.io/@semarie)

/Wesley


Le 2018-02-23 17:01, Thuban a écrit :

As mentionned in autoinstall(8),
"""
If either /auto_install.conf or /auto_upgrade.conf is found on bsd.rd's
built-in RAM disk, autoinstall behaves as if the machine is netbooted,
but uses the local response file.
"""

I would like to build a custom bsd.rd to include auto_install.conf 
file.


Do you have any advice for this ?
I found some tutorials for 5.7 [1], so quite outdated, and can't go 
through

the entire process.

Regards.

[1] : http://mouedine.net/reinstall57/

Ruby On Rails application with httpd

[Wesley MOUEDINE ASSABY]

Hi,

Is there a way to get a 'Ruby on Rails' application running with the 
embedded OpenBSD httpd(+slowcgi??) ?



Thank you very much anyway!

/Wesley

FAQ - Add a link

[Wesley MOUEDINE ASSABY]

Hi,

Can you add a link to "http://www.openbsd.org"; on the OpenBSD logo 
(smalltitle.gif) located at http://cvsweb.openbsd.org/cgi-bin/cvsweb/ ?

It will be better for browsing, to come back.

Thank you very much.


Regards,

Wesley MOUEDINE ASSABY
www.openbsdjumpstart.org

Re: acpi error running openbsd snapshot 20140820 (amd64)

[Wesley MOUEDINE ASSABY]

How can i get the acpidump if there 's no ddb prompt ? :)



man acpidump


Reading FAQ, there's no acpidump informations...the same for acpi(4)

I will post the dump. Thank you very much.




>What would your mechanic say if you took your car to the garage
>and said
>"My engine is making a strange sound, but I'm not going to tell
>you what
>sound it's making. By the way, I've unplugged some random wires
>somewhere
>in the engine compartment."

Criticism is easy :)


Asking for help and providing a substandard bug report is easier.


+1 :)

Re: acpi error running openbsd snapshot 20140820 (amd64)

[Wesley MOUEDINE ASSABY]

On 20.08.2014 19:27, Mike Larkin wrote:
On Wed, Aug 20, 2014 at 12:34:24PM +0400, Wesley MOUEDINE ASSABY 
wrote:

Hi,

Running the install56.fs from an usb key give me the following error 
:

http://pbrd.co/1rWT1Us

So i disabled acpi using UKC to be able to install :
http://pbrd.co/1rWUqL0

OpenBSD is installed now, but running it with acpi support give me a
kernel panic :
http://pbrd.co/1rWTCFX

trace :
http://pbrd.co/1rWTKVS
http://pbrd.co/1rWTUws

and ps :
http://pbrd.co/1rWU1bl


So you expect us to help you when:

1. You've been randomly disabling code in the kernel.


I can't install it with acpi support as i mentioned.
The error with acpi at install process :

Running the install56.fs from an usb key give me the following error 
:

http://pbrd.co/1rWT1Us



2. You're claiming the bug is somehow related to acpi
and yet you've provided us with no acpidump.


If you look the error message :
http://pbrd.co/1rWT1Us

How can i get the acpidump if there 's no ddb prompt ? :)

What would your mechanic say if you took your car to the garage and 
said
"My engine is making a strange sound, but I'm not going to tell you 
what
sound it's making. By the way, I've unplugged some random wires 
somewhere

in the engine compartment."


Criticism is easy :)

==wma

acpi error running openbsd snapshot 20140820 (amd64)

[Wesley MOUEDINE ASSABY]

DMA
pciide2: using apic 2 int 10 for native-PCI interrupt
ppb1 at pci0 dev 9 function 0 "NVIDIA MCP61 PCIE" rev 0xa2
pci2 at ppb1 bus 2
ppb2 at pci0 dev 11 function 0 "NVIDIA MCP61 PCIE" rev 0xa2
pci3 at ppb2 bus 3
ppb3 at pci0 dev 12 function 0 "NVIDIA MCP61 PCIE" rev 0xa2
pci4 at ppb3 bus 4
vga1 at pci0 dev 13 function 0 "NVIDIA GeForce 6100 nForce 430" rev 
0xa2

wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
pchb0 at pci0 dev 24 function 0 "AMD AMD64 0Fh HyperTransport" rev 0x00
pchb1 at pci0 dev 24 function 1 "AMD AMD64 0Fh Address Map" rev 0x00
pchb2 at pci0 dev 24 function 2 "AMD AMD64 0Fh DRAM Cfg" rev 0x00
kate0 at pci0 dev 24 function 3 "AMD AMD64 0Fh Misc Cfg" rev 0x00: core 
rev BH-G2

isa0 at pcib0
isadma0 at isa0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
wbsio0 at isa0 port 0x2e/2: W83627EHF rev 0x63
lm1 at wbsio0 port 0x290/8: W83627EHF
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
usb1 at ohci0: USB revision 1.0
uhub1 at usb1 "NVIDIA OHCI root hub" rev 1.00/1.00 addr 1
vscsi0 at root
scsibus2 at vscsi0: 256 targets
softraid0 at root
scsibus3 at softraid0: 256 targets
root on wd0a (0a792ba942a68105.a) swap on wd0b dump on wd0b

Any idea, patches ?

Thank you very much.

Cheers,

Wesley MOUEDINE ASSABY

Re: /usr/local/lib/ruby/site_ruby/1.8/i386-openbsd/RRD.so: Cannot load specified object

[Wesley MOUEDINE ASSABY]

Now, it works using your advice, the following at startup
export LD_PRELOAD=/usr/lib/libpthread.so.18.0


Thank you very much.

--

On 01.07.2014 03:14, Stuart Henderson wrote:


dlopen() doesn't automatically pull in libpthread. Either the main
program must be linked against it, or you need LD_PRELOAD.

Re: /usr/local/lib/ruby/site_ruby/1.8/i386-openbsd/RRD.so: Cannot load specified object

[Wesley MOUEDINE ASSABY]

Hi,

Running the web app, give me in the production.log :

Processing DashboardController#index (for 192.168.0.20 at 2014-07-02 
11:58:53) [GET]

  Parameters: {"controller"=>"dashboard", "action"=>"index"}
LoadError (Cannot load specified object - 
/usr/local/lib/ruby/site_ruby/1.8/i386-openbsd/RRD.so):

  /usr/local/lib/ruby/site_ruby/1.8/i386-openbsd/RRD.so
  lib/rrdmon.rb:4
  app/controllers/dashboard_controller.rb:7:in `index'

Below, a beginning of dashboard_controller.rb file :
class DashboardController < ApplicationController
  def index
@proc = Mailserver.new.processes
@updates = Mailserver.new.updates
# problem to load rrdtools - can not load specified object RRD.so
Rrdmon.new.daily
  end


The error was away in the install using LD_PRELOAD in the install 
process.

But i don't know how to correct this app, if you can help me.

Thank you very much.







Rendering /var/mailserv/admin/public/500.html (500 Internal Server 
Error)


On 01.07.2014 03:14, Stuart Henderson wrote:

On 2014-06-30, Wesley MOUEDINE ASSABY  wrote:

dlopen: /usr/local/lib/ruby/site_ruby/1.8/i386-openbsd/RRD.so: done
(failed).
/usr/local/lib/ruby/site_ruby/1.8/i386-openbsd/RRD.so: Cannot load
specified object - 
/usr/local/lib/ruby/site_ruby/1.8/i386-openbsd/RRD.so

...


and verify now : ldconfig -r | grep libpthread.so.18.0
68:-lpthread.18.0 => /usr/lib/libpthread.so.18.0

and the file exists.

I don't understand why it is not loaded ...


dlopen() doesn't automatically pull in libpthread. Either the main
program must be linked against it, or you need LD_PRELOAD.


On 2014-06-30, Wesley MOUEDINE ASSABY  wrote:

On 30.06.2014 18:11, Ted Unangst wrote:


LD_PRELOAD=libpthread.so ruby 


I tried this : env LD_PRELOAD=/usr/lib/libpthread.so.18.0 ruby18
path_to_rb
The error go away. But the ruby app doesn't work.


So this fixed one problem, now you have another and need to debug a
bit further..

Re: /usr/local/lib/ruby/site_ruby/1.8/i386-openbsd/RRD.so: Cannot load specified object

[Wesley MOUEDINE ASSABY]

On 30.06.2014 18:11, Ted Unangst wrote:

On Mon, Jun 30, 2014 at 16:38, Wesley MOUEDINE ASSABY wrote:

Hi,

I'm trying to make mailserv project working with the last OpenBSD
version.

I meet this error :

/usr/local/lib/ruby/site_ruby/1.8/i386-openbsd/RRD.so: Cannot load
specified object - 
/usr/local/lib/ruby/site_ruby/1.8/i386-openbsd/RRD.so

(LoadError)
from /var/mailserv/scripts/rrdmon_create.rb:2


LD_PRELOAD=libpthread.so ruby 


I tried this : env LD_PRELOAD=/usr/lib/libpthread.so.18.0 ruby18 
path_to_rb

The error go away. But the ruby app doesn't work.

Re: /usr/local/lib/ruby/site_ruby/1.8/i386-openbsd/RRD.so: Cannot load specified object

[Wesley MOUEDINE ASSABY]

Now, error i have using LD_DEBUG :

env LD_DEBUG=1 ruby18 /var/mailserv/scripts/rrdmon_create.rb :

...
loading: libexpat.so.11.0 required by /usr/local/lib/librrd.so.4.0
 flags /usr/lib/libexpat.so.11.0 = 0x0
obj /usr/lib/libexpat.so.11.0 has 
/usr/local/lib/ruby/site_ruby/1.8/i386-openbsd/RRD.so as head

loading: libXext.so.13.0 required by /usr/local/lib/librrd.so.4.0
 flags /usr/X11R6/lib/libXext.so.13.0 = 0x0
obj /usr/X11R6/lib/libXext.so.13.0 has 
/usr/local/lib/ruby/site_ruby/1.8/i386-openbsd/RRD.so as head

loading: libpthread.so.18.0 required by /usr/local/lib/librrd.so.4.0
 flags /usr/lib/libpthread.so.18.0 = 0x68
dlopen: failed to open libpthread.so.18.0
unload_shlib called on 
/usr/local/lib/ruby/site_ruby/1.8/i386-openbsd/RRD.so

unload_shlib called on /usr/local/lib/librrd.so.4.0
unload_shlib unloading on /usr/local/lib/librrd.so.4.0
unload_shlib called on /usr/local/lib/libruby18.so.0.0
unload_shlib called on /usr/lib/libm.so.9.0
unload_shlib called on /usr/lib/libc.so.73.1
unload_shlib unloading on 
/usr/local/lib/ruby/site_ruby/1.8/i386-openbsd/RRD.so
dlopen: /usr/local/lib/ruby/site_ruby/1.8/i386-openbsd/RRD.so: done 
(failed).
/usr/local/lib/ruby/site_ruby/1.8/i386-openbsd/RRD.so: Cannot load 
specified object - /usr/local/lib/ruby/site_ruby/1.8/i386-openbsd/RRD.so 
(LoadError)

from /var/mailserv/scripts/rrdmon_create.rb:2
doing dtors
doing dtors obj 0x8376a288 @0xb189630: 
[/usr/local/lib/libruby18.so.0.0]

doing dtors obj 0x8376a080 @0xc7cab30: [/usr/lib/libc.so.73.1]
doing dtors obj 0x844ee068 @0x6b20900: [/usr/lib/libm.so.9.0]


and verify now : ldconfig -r | grep libpthread.so.18.0
68:-lpthread.18.0 => /usr/lib/libpthread.so.18.0

and the file exists.

I don't understand why it is not loaded ...
Any idea ?

On 30.06.2014 16:52, sven falempin wrote:

ldd  /usr/local/lib/ruby/site_ruby/1.8/i386-openbsd/RRD.so would
probably give the raeson

it is a dlib

On Mon, Jun 30, 2014 at 8:38 AM, Wesley MOUEDINE ASSABY
 wrote:

Hi,

I'm trying to make mailserv project working with the last OpenBSD 
version.


I meet this error :

/usr/local/lib/ruby/site_ruby/1.8/i386-openbsd/RRD.so: Cannot load 
specified
object - /usr/local/lib/ruby/site_ruby/1.8/i386-openbsd/RRD.so 
(LoadError)

from /var/mailserv/scripts/rrdmon_create.rb:2

I checked the file 
/usr/local/lib/ruby/site_ruby/1.8/i386-openbsd/RRD.so

exists.
I already read the documentation about rrdtool-1.4.8p1. (located in
/usr/local/share/doc/pkg-readmes)

Packages Installed :
ruby-1.8.7.374p0object oriented script language with threads
ruby-1.9.3.484p0object oriented script language with threads
ruby-daemons-1.1.9p0 wrap existing Ruby scripts to be run as a 
daemon

ruby-fastercsv-1.5.4p2 faster Ruby CSV library
ruby-fastthread-1.0.7p9 optimized replacement for Ruby thread.rb 
primitives

ruby-gem_plugin-0.2.3p7 install Ruby gems as plugins
ruby-gems-1.8.23p1  package management framework for the Ruby 
language

ruby-iconv-1.8.7.374 libiconv interface for ruby
ruby-mongrel-1.1.5p6 fast HTTP library and server for Ruby
ruby-mysql-2.8.1p16 access a MySQL database from Ruby
ruby-rake-0.9.2.2p0 ruby make
ruby-rrd-1.4.8p1ruby interface to librrd
ruby19-hoe-2.12.3p1 simple rake/rubygems helper for project 
Rakefiles


$(ldconfig -r | grep rrd) give me :
139:-lrrd.4.0 => /usr/local/lib/librrd.so.4.0
140:-lrrd_th.4.0 => /usr/local/lib/librrd_th.so.4.0

$(ldd /usr/local/lib/ruby/site_ruby/1.8/i386-openbsd/RRD.so) give me 
:


StartEnd  Type Open Ref GrpRef Name
0702e000 27032000 dlib 10   0
/usr/local/lib/ruby/site_ruby/1.8/i386-openbsd/RRD.so
06448000 26455000 rlib 01   0  
/usr/local/lib/librrd.so.4.0

05814000 2583f000 rlib 01   0
/usr/local/lib/libruby18.so.0.0
06bc6000 26bcf000 rlib 013   0  /usr/lib/libm.so.9.0
0e1bf000 2e1c3000 rlib 01   0
/usr/local/lib/libpangocairo-1.0.so.3600.0
0396f000 23974000 rlib 011   0  
/usr/lib/libpthread.so.18.0

050fe000 25108000 rlib 03   0
/usr/X11R6/lib/libpixman-1.so.32.4
0c77d000 2c785000 rlib 03   0  
/usr/local/lib/libpng.so.17.1

09da1000 29da5000 rlib 03   0
/usr/X11R6/lib/libxcb-shm.so.1.0
067ec000 267f rlib 03   0
/usr/X11R6/lib/libxcb-render.so.1.0
0d678000 2d67c000 rlib 03   0
/usr/X11R6/lib/libXrender.so.6.0
021e9000 221ed000 rlib 03   0
/usr/X11R6/lib/libXext.so.13.0
035a1000 2361f000 rlib 05   0  
/usr/X11R6/lib/libX11.so.16.0
0297b000 2298 rlib 08   0  
/usr/X11R6/lib/libxcb.so.3.0

0b102000 2b11a000 rlib 02   0
/usr/local/lib/libcairo.so.12.2
0e448000 2e44d000 rlib 02   0
/usr/local/lib/libpangoft2-1.0.so.3600.0
0649 264a3000 rlib 03   0
/usr/local/lib/libharfbuzz.so.4.2
06042000 2604a000 rlib 04   0
/usr/local/lib/libgraphite2.so.0.0
0767c000 27694000 rlib 03   0
/usr/local/

/usr/local/lib/ruby/site_ruby/1.8/i386-openbsd/RRD.so: Cannot load specified object

[Wesley MOUEDINE ASSABY]

Hi,

I'm trying to make mailserv project working with the last OpenBSD 
version.


I meet this error :

/usr/local/lib/ruby/site_ruby/1.8/i386-openbsd/RRD.so: Cannot load 
specified object - /usr/local/lib/ruby/site_ruby/1.8/i386-openbsd/RRD.so 
(LoadError)

from /var/mailserv/scripts/rrdmon_create.rb:2

I checked the file 
/usr/local/lib/ruby/site_ruby/1.8/i386-openbsd/RRD.so exists.
I already read the documentation about rrdtool-1.4.8p1. (located in 
/usr/local/share/doc/pkg-readmes)


Packages Installed :
ruby-1.8.7.374p0object oriented script language with threads
ruby-1.9.3.484p0object oriented script language with threads
ruby-daemons-1.1.9p0 wrap existing Ruby scripts to be run as a daemon
ruby-fastercsv-1.5.4p2 faster Ruby CSV library
ruby-fastthread-1.0.7p9 optimized replacement for Ruby thread.rb 
primitives

ruby-gem_plugin-0.2.3p7 install Ruby gems as plugins
ruby-gems-1.8.23p1  package management framework for the Ruby language
ruby-iconv-1.8.7.374 libiconv interface for ruby
ruby-mongrel-1.1.5p6 fast HTTP library and server for Ruby
ruby-mysql-2.8.1p16 access a MySQL database from Ruby
ruby-rake-0.9.2.2p0 ruby make
ruby-rrd-1.4.8p1ruby interface to librrd
ruby19-hoe-2.12.3p1 simple rake/rubygems helper for project Rakefiles

$(ldconfig -r | grep rrd) give me :
139:-lrrd.4.0 => /usr/local/lib/librrd.so.4.0
140:-lrrd_th.4.0 => /usr/local/lib/librrd_th.so.4.0

$(ldd /usr/local/lib/ruby/site_ruby/1.8/i386-openbsd/RRD.so) give me :

StartEnd  Type Open Ref GrpRef Name
0702e000 27032000 dlib 10   0  
/usr/local/lib/ruby/site_ruby/1.8/i386-openbsd/RRD.so
06448000 26455000 rlib 01   0  
/usr/local/lib/librrd.so.4.0
05814000 2583f000 rlib 01   0  
/usr/local/lib/libruby18.so.0.0

06bc6000 26bcf000 rlib 013   0  /usr/lib/libm.so.9.0
0e1bf000 2e1c3000 rlib 01   0  
/usr/local/lib/libpangocairo-1.0.so.3600.0
0396f000 23974000 rlib 011   0  
/usr/lib/libpthread.so.18.0
050fe000 25108000 rlib 03   0  
/usr/X11R6/lib/libpixman-1.so.32.4
0c77d000 2c785000 rlib 03   0  
/usr/local/lib/libpng.so.17.1
09da1000 29da5000 rlib 03   0  
/usr/X11R6/lib/libxcb-shm.so.1.0
067ec000 267f rlib 03   0  
/usr/X11R6/lib/libxcb-render.so.1.0
0d678000 2d67c000 rlib 03   0  
/usr/X11R6/lib/libXrender.so.6.0
021e9000 221ed000 rlib 03   0  
/usr/X11R6/lib/libXext.so.13.0
035a1000 2361f000 rlib 05   0  
/usr/X11R6/lib/libX11.so.16.0
0297b000 2298 rlib 08   0  
/usr/X11R6/lib/libxcb.so.3.0
0b102000 2b11a000 rlib 02   0  
/usr/local/lib/libcairo.so.12.2
0e448000 2e44d000 rlib 02   0  
/usr/local/lib/libpangoft2-1.0.so.3600.0
0649 264a3000 rlib 03   0  
/usr/local/lib/libharfbuzz.so.4.2
06042000 2604a000 rlib 04   0  
/usr/local/lib/libgraphite2.so.0.0
0767c000 27694000 rlib 03   0  
/usr/local/lib/libpango-1.0.so.3600.0
079c7000 279cb000 rlib 04   0  
/usr/local/lib/libgmodule-2.0.so.3800.0
0b625000 2b629000 rlib 04   0  
/usr/local/lib/libgthread-2.0.so.3800.0
0915e000 2916b000 rlib 04   0  
/usr/local/lib/libgobject-2.0.so.3800.0
0c779000 2c77d000 rlib 05   0  
/usr/local/lib/libffi.so.0.0
05441000 25457000 rlib 09   0  
/usr/local/lib/libpcre.so.3.0
0cf6c000 2cfc1000 rlib 08   0  
/usr/local/lib/libglib-2.0.so.3800.0
00a46000 20a57000 rlib 04   0  
/usr/X11R6/lib/libfontconfig.so.9.0
010b3000 210cd000 rlib 06   0  
/usr/X11R6/lib/libfreetype.so.22.0
038c 238c5000 rlib 05   0  
/usr/lib/libexpat.so.11.0
0c2bb000 2c2bf000 rlib 07   0  
/usr/X11R6/lib/libpthread-stubs.so.2.0
0ae99000 2aec rlib 01   0  
/usr/local/lib/libxml2.so.15.1

0616e000 26175000 rlib 08   0  /usr/lib/libz.so.5.0
049e3000 249e7000 rlib 09   0  
/usr/local/lib/libintl.so.6.0
0e60c000 2e6ec000 rlib 011   0  
/usr/local/lib/libiconv.so.6.0
0d051000 2d055000 rlib 02   0  
/usr/X11R6/lib/libXau.so.10.0
0111e000 21123000 rlib 02   0  
/usr/X11R6/lib/libXdmcp.so.11.0
0cba8000 2cbd6000 rlib 02   0  
/usr/lib/libstdc++.so.57.0


Any idea ?

Thank you very much.

Cheers,

Wesley MOUEDINE ASSABY

Re: smokeping errors on OpenBSD 5.4

[Wesley MOUEDINE ASSABY]

Hi,

Perhaps this can help :

Dependencies :
http://ports.su/net/smokeping

What do you need from the official Smokeping project :
http://oss.oetiker.ch/smokeping/doc/smokeping_install.en.html


Cheers,

Wesley

Le 2014-04-06 0:37, Thorleif Wiik [BCIX] a écrit :

Hey all,

just tried to run smokeping on OpenBSD 5.4,
but I have the following error after installing it with "pkg_add 
smokeping"


#


smokeping --help





Can't load
'/usr/local/libdata/perl5/site_perl/amd64-openbsd/auto/RRDs/RRDs.so' 
for

module RRDs: Cannot load specified object at
/usr/libdata/perl5/amd64-openbsd/5.16.3/DynaLoader.pm line 190.

 at /usr/local/bin/../lib/Smokeping.pm line 15.

Compilation failed in require at /usr/local/bin/../lib/Smokeping.pm 
line 15.


BEGIN failed--compilation aborted at 
/usr/local/bin/../lib/Smokeping.pm

line 15.

Compilation failed in require at /usr/local/bin/smokeping line 12.

BEGIN failed--compilation aborted at /usr/local/bin/smokeping line 
12.

#


Any tips on that ?



Thanks, Thorleif

Re: OpenBSD Website, multilanguage faq

[Wesley MOUEDINE ASSABY]

Le 2014-04-03 15:50, Amit Kulkarni a écrit :

On Thu, Apr 3, 2014 at 3:30 AM, Wesley MOUEDINE ASSABY
 wrote:


Hi

There's no anymore multilanguage pages ?

Regards,

Wesley


They are gone... There are huge bunch of commits starting from this
one. I thought it was a subtle April fool's joke but apparently not.
http://marc.info/?l=openbsd-cvs&m=139637003025491&w=2 [1]


i thought the same before post...



Links:
--
[1] http://marc.info/?l=openbsd-cvs&m=139637003025491&w=2

OpenBSD Website, multilanguage faq

[Wesley MOUEDINE ASSABY]

Hi

There's no anymore multilanguage pages ?

Regards,

Wesley

Re: Layer 7 filtering example using pf and relayd : block torrent use and some urls

[Wesley MOUEDINE ASSABY]

Thanks, i will correct that.

Le 2013-11-27 13:21, Tristan Le Guern a écrit :

Le 11/25/13 15:38, Wesley MOUEDINE ASSABY a écrit :

Hi,

A new how to about PF and relayd :
http://www.mouedine.net/relayd

Cheers,

Wesley MOUEDINE ASSABY

Are you aware that DNS use TCP connexion when replies are too large 
for

UDP? It is a bad practice to block this.

Re: Layer 7 filtering example using pf and relayd : block torrent use and some urls

[Wesley MOUEDINE ASSABY]

Hi,

Tested with facebook.com/
It works. In this case, PF doesn't block any IP, relayd take all the 
work,

it is a transparent proxy with https/http inspection.

I also tested this :
Download .torrent file is not allowed.
From a usb key, i tried to open a .torrent with utorrent client 
(windows)
it doesn't download any files.I don't want to make any risky 
assumptions ;-)


Cheers,

==wma

Le 2013-11-26 4:14, Paolo Aglialoro a écrit :

Hi,
really nice tutorial :)

What about blocking some sites like dropbox, gdrive, etc. which are 
the
main channels through which files are nowadays leaking out of 
companies?


For instance, in the case of dropbox a single url would not be 
enough, just

look here:

https://ipdb.at/org/Dropbox

Same to block fbook or similar socials.

U could integrate ur schema with the use of tables but the real
breakthrough would be catching these applications at protocol level 
when
they try to login remotely. Managing tables of forbidden ip addresses 
is a

job in itself.
 Il 25/nov/2013 15:38 "Wesley MOUEDINE ASSABY" 
 ha

scritto:


Hi,

A new how to about PF and relayd :
http://www.mouedine.net/relayd

Cheers,

Wesley MOUEDINE ASSABY

Layer 7 filtering example using pf and relayd : block torrent use and some urls

[Wesley MOUEDINE ASSABY]

Hi,

A new how to about PF and relayd :
http://www.mouedine.net/relayd

Cheers,

Wesley MOUEDINE ASSABY

Re: How-to: dualboot Windows 8.1 and OpenBSD 5.4

[Wesley MOUEDINE ASSABY]

Le 2013-11-17 23:02, Nick Holland a écrit :

On 11/17/13 12:53, Wesley MOUEDINE ASSABY wrote:

Le 2013-11-17 20:27, dmitry.sensei a écrit :

What about 1Tb disk? Is CHS mode correct for this disks?


I done the test using Virtualization.
Not tried with a physical hard drive 1 TB.


The smallest common non-SSD laptop drive is probably around 500G now,
and 1TB is routine on desktops.  At least some (many? most?) of these
machines are now shipping with UEFI boot, and a lot of them will be
pre-loaded with Windows, with minimal resources to reload Windows 
from

scratch.

The target (and worst-case) audience is the person who bought a 
laptop
or desktop pre-loaded with Windows 8, and wants to install OpenBSD 
with

as little disruption to the existing system as possible.

I appreciate the efforts, but we need something more comprehensive.

Sounds like I need to go buy a modern Windows system. :-/


I can make the test on hardware at work with a 1TB SATA on a HP 
Proliant ML110.

Do you want absolutely UEFI ?

If it is the case, so i will try on a recent laptop.
But this time with 500GB SATA 2"5.

You re welcome.





Nick.







17.11.2013 20:20 пользователь "Wesley MOUEDINE ASSABY"
 напиÑал:


Hi

I just tested this. It works nice for me.

I have a Windows 8.1 on a hard drive 15 GB (A full one partition).
So i want to install OpenBSD 5.4 and have multiboot.

-1- Reduce the disk using disk management (MMC snap)
i reduced Windows partition, i have now a second partition 1GB.
Put OpenBSD 5.4 CD, and reboot.

-2- Install OpenBSD using CHS (Be careful!)
OpenBSD is now installed, eject cd, and reboot to windows
# fdisk -e 3

-3- Download the tool dd for windows
http://www.chrysocome.net/dd [1]
Unzip dd-0.6beta3 and do :

open "cmd" as administrator and do:
dd --list
# this will list device (we are looking for partition 2 (openbsd)

dd if=\?DeviceHarddisk0Partition2 of=openbsd.pbr bs=512 count=1
# This record OpenBSD PBR
Copy the file openbsd.pbr to the root c:

-4- Modify boot.ini using bcdedit
In a cmd console (need administrator rights)
bcdedit /create /d "OpenBSD 5.4" /application boot sector
# copy the identifier and paste it to the 4 following lines
# For me, identifier is : {0eae31b8-4f98-11e3-8260-00264aa3d5ac}

bcdedit /set {0eae31b8-4f98-11e3-8260-00264aa3d5ac} device boot
bcdedit /set {0eae31b8-4f98-11e3-8260-00264aa3d5ac} path 
openbsd.pbr

bcdedit /set {0eae31b8-4f98-11e3-8260-00264aa3d5ac} device
partition=c:
bcdedit /displayorder {0eae31b8-4f98-11e3-8260-00264aa3d5ac}
/addlast

-5- Reboot, you re done!
As Dmitri said, windows 8.1 load graphical before you have the 
boot

choice.
And when you choose OpenBSD, the box reboot and load OpenBSD.

I hope this helps!!
If you want i can do a better how-to with snapshots, and put it on
the web.
Or contribute to the FAQ!*

Cheers,

Wesley MOUEDINE ASSABY
http://www.mouedine.net [2]



Links:
--
[1] http://www.chrysocome.net/dd
[2] http://www.mouedine.net

Re: How-to: dualboot Windows 8.1 and OpenBSD 5.4

[Wesley MOUEDINE ASSABY]

For more details:

#On windows 8.1 side:


C:\Users\wesley\Desktop>diskpart

Microsoft DiskPart version 6.3.9600

Copyright (C) 1999-2013 Microsoft Corporation.
Sur l'ordinateur : WIN-FP7P8RGJ41R

DISKPART> list disk

  N° disque  Statut Taille   LibreDyn  GPT
  -  -  ---  ---  ---  ---
  Disque 0En ligne 15 G octets  7168 K octets

DISKPART> select disk 0

Le disque 0 est maintenant le disque sélectionné.

DISKPART> list partition

  N° partition   Type  Taille   Décalage
  -    ---  
  Partition 1Principale  13 G   1024 K
  Partition 2Principale1016 M 14 G


C:\Users\wesley\Desktop>dd --list
rawwrite dd for windows version 0.6beta3.
Written by John Newbigin 
This program is covered by terms of the GPL Version 2.

Win32 Available Volume Information
\\.\Volume{7eb8fac6-3a97-11e3-8250-806e6f6e6963}\
  link to \\?\Device\HarddiskVolume1
  fixed media
  Mounted on \\.\c:

\\.\Volume{7eb8facf-3a97-11e3-8250-806e6f6e6963}\
  link to \\?\Device\Floppy0
  removeable media
  Mounted on \\.\a:

\\.\Volume{7eb8face-3a97-11e3-8250-806e6f6e6963}\
  link to \\?\Device\CdRom0
  CD-ROM
  Mounted on \\.\d:


NT Block Device Objects
\\?\Device\CdRom0
  size is 2147483647 bytes
\\?\Device\Floppy0
\\?\Device\Harddisk0\Partition0
  link to \\?\Device\Harddisk0\DR0
  Fixed hard disk media. Block size = 512
  size is 16106127360 bytes
\\?\Device\Harddisk0\Partition1
  link to \\?\Device\HarddiskVolume1
\\?\Device\Harddisk0\Partition2
  link to \\?\Device\HarddiskVolume2
  Fixed hard disk media. Block size = 512
  size is 1065503744 bytes


C:\Windows\system32>bcdedit

Gestionnaire de démarrage Windows
-
identificateur  {bootmgr}
device  partition=C:
description Windows Boot Manager
locale  fr-FR
inherit {globalsettings}
integrityservices   Enable
default {current}
resumeobject{d12fb8de-3a9f-11e3-87ed-8386d37742c1}
displayorder{current}
{0eae31b8-4f98-11e3-8260-00264aa3d5ac}
toolsdisplayorder   {memdiag}
timeout 30

Chargeur de démarrage Windows
-
identificateur  {current}
device  partition=C:
path\Windows\system32\winload.exe
description Windows 8.1
locale  fr-FR
inherit {bootloadersettings}
recoverysequence{d12fb8e0-3a9f-11e3-87ed-8386d37742c1}
integrityservices   Enable
recoveryenabled Yes
allowedinmemorysettings 0x1575
osdevicepartition=C:
systemroot  \Windows
resumeobject{d12fb8de-3a9f-11e3-87ed-8386d37742c1}
nx  OptIn
bootmenupolicy  Standard

Secteur de démarrage en mode réel
-
identificateur  {0eae31b8-4f98-11e3-8260-00264aa3d5ac}
device  partition=C:
path\openbsd.pbr
description OpenBSD 5.4


#On OpenBSD side:

# fdisk sd0
Disk: sd0   geometry: 1958/255/63 [31457280 Sectors]
Offset: 0   Signature: 0xAA55
Starting Ending LBA Info:
 #: id  C   H   S -  C   H   S [   start:size ]
---
*0: 07  0  32  33 -   1827 116  17 [2048:29356032 ] 
NTFS
 1: 00  0   0   0 -  0   0   0 [   0:   0 ] 
unused
 2: 00  0   0   0 -  0   0   0 [   0:   0 ] 
unused
 3: A6   1828 117  18 -   1957 254  63 [29374208: 2081062 ] 
OpenBSD



# disklabel sd0
# /dev/rsd0c:
type: SCSI
disk: SCSI disk
label: VMware Virtual S
duid: 5a595447d111e24a
flags:
bytes/sector: 512
sectors/track: 63
tracks/cylinder: 255
sectors/cylinder: 16065
cylinders: 1958
total sectors: 31457280
boundstart: 29374208
boundend: 31455270
drivedata: 0

16 partitions:
#size   offset  fstype [fsize bsize  cpg]
  a:  2046720 29374208  4.2BSD   2048 163841 # /
  b:34332 31420928swap   # none
  c: 314572800  unused
  i: 29356032 2048NTFS






17.11.2013 20:20 пользователь "Wesley MOUEDINE ASSABY"
 написал:


Hi

I just tested this. It works nice for me.

I have a Windows 8.1 on a hard drive 15 GB (A full one partition).
So i want to install OpenBSD 5.4 and have multiboot.

-1- Reduce the disk using disk management (MMC snap)
i reduced Windows partition, i have now a second partition 1GB.
Put OpenBSD 5.4 CD, and reboot.

-2- Install OpenBSD using CHS (Be careful!)
OpenBSD is now installed, eject cd, and reboot to windows
# fdisk -e 3

-3- Download the tool dd for windows
http://w

Re: How-to: dualboot Windows 8.1 and OpenBSD 5.4

[Wesley MOUEDINE ASSABY]

Le 2013-11-17 20:27, dmitry.sensei a écrit :

What about 1Tb disk? Is CHS mode correct for this disks?


I done the test using Virtualization.
Not tried with a physical hard drive 1 TB.



17.11.2013 20:20 пользователь "Wesley MOUEDINE ASSABY"
 написал:


Hi

I just tested this. It works nice for me.

I have a Windows 8.1 on a hard drive 15 GB (A full one partition).
So i want to install OpenBSD 5.4 and have multiboot.

-1- Reduce the disk using disk management (MMC snap)
i reduced Windows partition, i have now a second partition 1GB.
Put OpenBSD 5.4 CD, and reboot.

-2- Install OpenBSD using CHS (Be careful!)
OpenBSD is now installed, eject cd, and reboot to windows
# fdisk -e 3

-3- Download the tool dd for windows
http://www.chrysocome.net/dd [1]
Unzip dd-0.6beta3 and do :

open "cmd" as administrator and do:
dd --list
# this will list device (we are looking for partition 2 (openbsd)

dd if=\?DeviceHarddisk0Partition2 of=openbsd.pbr bs=512 count=1
# This record OpenBSD PBR
Copy the file openbsd.pbr to the root c:

-4- Modify boot.ini using bcdedit
In a cmd console (need administrator rights)
bcdedit /create /d "OpenBSD 5.4" /application boot sector
# copy the identifier and paste it to the 4 following lines
# For me, identifier is : {0eae31b8-4f98-11e3-8260-00264aa3d5ac}

bcdedit /set {0eae31b8-4f98-11e3-8260-00264aa3d5ac} device boot
bcdedit /set {0eae31b8-4f98-11e3-8260-00264aa3d5ac} path openbsd.pbr
bcdedit /set {0eae31b8-4f98-11e3-8260-00264aa3d5ac} device 
partition=c:
bcdedit /displayorder {0eae31b8-4f98-11e3-8260-00264aa3d5ac} 
/addlast


-5- Reboot, you re done!
As Dmitri said, windows 8.1 load graphical before you have the boot 
choice.

And when you choose OpenBSD, the box reboot and load OpenBSD.

I hope this helps!!
If you want i can do a better how-to with snapshots, and put it on 
the web.

Or contribute to the FAQ!*

Cheers,

Wesley MOUEDINE ASSABY
http://www.mouedine.net [2]



Links:
--
[1] http://www.chrysocome.net/dd
[2] http://www.mouedine.net

How-to: dualboot Windows 8.1 and OpenBSD 5.4

[Wesley MOUEDINE ASSABY]

Hi

I just tested this. It works nice for me.

I have a Windows 8.1 on a hard drive 15 GB (A full one partition).
So i want to install OpenBSD 5.4 and have multiboot.

-1- Reduce the disk using disk management (MMC snap)
i reduced Windows partition, i have now a second partition 1GB.
Put OpenBSD 5.4 CD, and reboot.

-2- Install OpenBSD using CHS (Be careful!)
OpenBSD is now installed, eject cd, and reboot to windows
# fdisk -e 3

-3- Download the tool dd for windows
http://www.chrysocome.net/dd
Unzip dd-0.6beta3 and do :

open "cmd" as administrator and do:
dd --list
# this will list device (we are looking for partition 2 (openbsd)

dd if=\\?\Device\Harddisk0\Partition2 of=openbsd.pbr bs=512 count=1
# This record OpenBSD PBR
Copy the file openbsd.pbr to the root c:

-4- Modify boot.ini using bcdedit
In a cmd console (need administrator rights)
bcdedit /create /d "OpenBSD 5.4" /application boot sector
# copy the identifier and paste it to the 4 following lines
# For me, identifier is : {0eae31b8-4f98-11e3-8260-00264aa3d5ac}

bcdedit /set {0eae31b8-4f98-11e3-8260-00264aa3d5ac} device boot
bcdedit /set {0eae31b8-4f98-11e3-8260-00264aa3d5ac} path \openbsd.pbr
bcdedit /set {0eae31b8-4f98-11e3-8260-00264aa3d5ac} device partition=c:
bcdedit /displayorder {0eae31b8-4f98-11e3-8260-00264aa3d5ac} /addlast

-5- Reboot, you re done!
As Dmitri said, windows 8.1 load graphical before you have the boot 
choice.

And when you choose OpenBSD, the box reboot and load OpenBSD.

I hope this helps!!
If you want i can do a better how-to with snapshots, and put it on the 
web.

Or contribute to the FAQ!*

Cheers,

Wesley MOUEDINE ASSABY
http://www.mouedine.net

Re: Limit downloading using the new queueing subsystem (OpenBSD 5.4-current)

[Wesley MOUEDINE ASSABY]

Le 2013-10-15 20:48, Norman Golisz a écrit :
Yes, I remember you need to explicitly set a "maximum" bandwidth to 
the

queue definition:

queue employee parent restriction bandwidth 10K max 10K

Does this work for you?


Yes, i just added max keyword.
Therefore i meet a problem :

queue restriction on axe0 bandwidth 10M
queue employee parent restriction bandwidth 1M max 2M
queue network parent restriction bandwidth 9M default

If i download a file, download turn around 3,5 KB/s
and just after 0/0KB/s ; impossible to download it

If i remove the max, it downloads the file with the high bandwidth.

Any idea ?
Thank you very much.

==wma

Re: Limit downloading using the new queueing subsystem (OpenBSD 5.4-current)

[Wesley MOUEDINE ASSABY]

Le 2013-10-15 16:18, Norman Golisz a écrit :

On Tue Oct 15 2013 14:08, Norman Golisz wrote:

On Tue Oct 15 2013 15:48, Wesley MOUEDINE ASSABY wrote:
> When i download a file using the host 192.168.1.1
> and do at the same time :
>
> # pfctl -vvs queue
>
> queue restriction on axe0 bandwidth 800K qlimit 50
>   [ pkts:  0  bytes:  0  dropped pkts:  0 
bytes:

> 0 ]
>   [ qlength:   0/ 50 ]
>   [ measured: 0.0 packets/s, 0 b/s ]
> queue employee parent restriction on axe0 bandwidth 10K qlimit 50
>   [ pkts:  21119  bytes:   30624777  dropped pkts:  0 
bytes:

> 0 ]
>   [ qlength:   0/ 50 ]
>   [ measured:   115.8 packets/s, 1.35Mb/s ]

yap, bandwidth restrictions apply on upload, only. So, you're
effectively using 10K for TCP ACK packets.


you might want to restrict bandwidth on the LAN interface, though. 
You'd

configure the queues as above on the LAN interface and apply packets
going "out"/upload.


Actually, queue is defined on axe0 ("IN"); it is the lan interface.
It doesn't work (downloading limited).

I already tried this:
block all
pass in log quick on lan from $employee set queue employee tag policy1
pass in on lan
pass log quick tagged policy1
pass out on egress
# Downloading still not limited.

Any idea ?

--
Wesley

Re: Limit downloading using the new queueing subsystem (OpenBSD 5.4-current)

[Wesley MOUEDINE ASSABY]

When i download a file using the host 192.168.1.1
and do at the same time :

# pfctl -vvs queue

queue restriction on axe0 bandwidth 800K qlimit 50
  [ pkts:  0  bytes:  0  dropped pkts:  0 bytes:
 0 ]

  [ qlength:   0/ 50 ]
  [ measured: 0.0 packets/s, 0 b/s ]
queue employee parent restriction on axe0 bandwidth 10K qlimit 50
  [ pkts:  21119  bytes:   30624777  dropped pkts:  0 bytes:
 0 ]

  [ qlength:   0/ 50 ]
  [ measured:   115.8 packets/s, 1.35Mb/s ]
queue network parent restriction on axe0 bandwidth 790K default qlimit 
50
  [ pkts:  0  bytes:  0  dropped pkts:  0 bytes:
 0 ]

  [ qlength:   0/ 50 ]
  [ measured: 0.0 packets/s, 0 b/s ]





Le 2013-10-15 15:37, Wesley MOUEDINE ASSABY a écrit :

Hi,

I built this small network:

192.168.1.0/29axe0-obsd54-re0---WAN

I want to limit a host (192.168.1.1/29) to download at 10KBps.
The pf ruleset is loaded. I can see the queue "employee" used
but download is still high, not limited at 10 KBps.

# pfctl -vvs queue

 [ pkts:  0  bytes:  0  dropped pkts:  0 bytes:   
 0 ]

 [ qlength:   0/ 50 ]
queue restriction on axe0 bandwidth 800K qlimit 50
 [ pkts:  0  bytes:  0  dropped pkts:  0 bytes:   
 0 ]

 [ qlength:   0/ 50 ]
queue employee parent restriction on axe0 bandwidth 10K qlimit 50
 [ pkts:   1744  bytes:2496373  dropped pkts:  0 bytes:   
 0 ]

 [ qlength:   0/ 50 ]
queue network parent restriction on axe0 bandwidth 790K default 
qlimit 50
 [ pkts:  0  bytes:  0  dropped pkts:  0 bytes:   
 0 ]

 [ qlength:   0/ 50 ]

Is there someone to help me on ?

For more informations, see below :

# uname -a

OpenBSD testing.pf.queue 5.4 GENERIC.MP#80 i386

# cat /etc/pf.conf

employee="192.168.1.1"

set skip on lo

match out on egress inet from lan:network to any nat-to egress
match in all scrub (no-df max-mss 1440)

queue restriction on axe0 bandwidth 800K
queue employee parent restriction bandwidth 10K
queue network parent restriction bandwidth 790K default

block all

pass out on egress
pass in on egress inet proto tcp from egress:network to any port ssh

pass in log quick on lan from $employee set queue employee
pass in on lan


# ifconfig

lo0: flags=8049 mtu 33192
   priority: 0
   groups: lo
   inet6 ::1 prefixlen 128
   inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
   inet 127.0.0.1 netmask 0xff00
re0: flags=8843 mtu 1500
   lladdr 00:1e:33:25:a5:33
   priority: 0
   groups: egress
   media: Ethernet autoselect (1000baseT 
full-duplex,rxpause,txpause)

   status: active
   inet6 fe80::21e:33ff:fe25:a533%re0 prefixlen 64 scopeid 0x2
   inet 192.168.0.19 netmask 0xffe0 broadcast 192.168.0.31
enc0: flags=0<>
   priority: 0
   groups: enc
   status: active
axe0: flags=8843 mtu 1500
   lladdr 00:50:b6:0b:e2:7d
   priority: 0
   groups: lan
   media: Ethernet autoselect (100baseTX full-duplex)
   status: active
   inet 192.168.1.4 netmask 0xfff8 broadcast 192.168.1.7
   inet6 fe80::250:b6ff:fe0b:e27d%axe0 prefixlen 64 scopeid 0x5
pflog0: flags=141 mtu 33192
   priority: 0
   groups: pflog

Thank you very much for your precious help!

Regards,

Wesley

Limit downloading using the new queueing subsystem (OpenBSD-5.4)

[Wesley MOUEDINE ASSABY]

Hi,

I built this small network:

192.168.1.0/29axe0-obsd54-re0---WAN

I want to limit a host (192.168.1.1/29) to download at 10KBps.
The pf ruleset is loaded. I can see the queue "employee" used
but download is still high, not limited at 10 KBps.

# pfctl -vvs queue

 [ pkts:  0  bytes:  0  dropped pkts:  0 bytes: 
0 ]

 [ qlength:   0/ 50 ]
queue restriction on axe0 bandwidth 800K qlimit 50
 [ pkts:  0  bytes:  0  dropped pkts:  0 bytes: 
0 ]

 [ qlength:   0/ 50 ]
queue employee parent restriction on axe0 bandwidth 10K qlimit 50
 [ pkts:   1744  bytes:2496373  dropped pkts:  0 bytes: 
0 ]

 [ qlength:   0/ 50 ]
queue network parent restriction on axe0 bandwidth 790K default qlimit 
50
 [ pkts:  0  bytes:  0  dropped pkts:  0 bytes: 
0 ]

 [ qlength:   0/ 50 ]

Is there someone to help me on ?

For more informations, see below :

# uname -a

OpenBSD testing.pf.queue 5.4 GENERIC.MP#80 i386

# cat /etc/pf.conf

employee="192.168.1.1"

set skip on lo

match out on egress inet from lan:network to any nat-to egress
match in all scrub (no-df max-mss 1440)

queue restriction on axe0 bandwidth 800K
queue employee parent restriction bandwidth 10K
queue network parent restriction bandwidth 790K default

block all

pass out on egress
pass in on egress inet proto tcp from egress:network to any port ssh

pass in log quick on lan from $employee set queue employee
pass in on lan


# ifconfig

lo0: flags=8049 mtu 33192
   priority: 0
   groups: lo
   inet6 ::1 prefixlen 128
   inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
   inet 127.0.0.1 netmask 0xff00
re0: flags=8843 mtu 1500
   lladdr 00:1e:33:25:a5:33
   priority: 0
   groups: egress
   media: Ethernet autoselect (1000baseT 
full-duplex,rxpause,txpause)

   status: active
   inet6 fe80::21e:33ff:fe25:a533%re0 prefixlen 64 scopeid 0x2
   inet 192.168.0.19 netmask 0xffe0 broadcast 192.168.0.31
enc0: flags=0<>
   priority: 0
   groups: enc
   status: active
axe0: flags=8843 mtu 1500
   lladdr 00:50:b6:0b:e2:7d
   priority: 0
   groups: lan
   media: Ethernet autoselect (100baseTX full-duplex)
   status: active
   inet 192.168.1.4 netmask 0xfff8 broadcast 192.168.1.7
   inet6 fe80::250:b6ff:fe0b:e27d%axe0 prefixlen 64 scopeid 0x5
pflog0: flags=141 mtu 33192
   priority: 0
   groups: pflog

Thank you very much for your precious help!

Regards,

Wesley

Re: poptop on OpenBSD 5.3

[Wesley MOUEDINE ASSABY]

Hi,

Why not use the embedded package in OpenBSD 5.3 : npppd ??
conf files : /etc/npppd/npppd.conf and npppd-users

Below a link that will help you on :
http://fr.slideshare.net/GiovanniBechis/npppd-easy-vpn-with-openbsd


Cheers,

Wesley

Le 2013-08-05 4:48, Alvaro Mantilla Gimenez a écrit :

Hi,

  I am trying to configure poptop on OpenBSD 5.3 without success. 
I've

installed the package and configured the files as
the /usr/local/share/doc/pkg-readmes/poptop-1.3.4p4 says but didn't 
work so
I started to change things here and there without success. These are 
the

facts:

  /etc/pptpd.conf:

   stimeout 10
   noipparam
   logwtmp
   localip 5.5.5.1
   remoteip 5.5.5.2-102


  /etc/ppp/options:

   lock
   auth
   usehostname
   proxyarp
   +MSChap-V2 mppe-128 mppe-stateless


  /etc/ppp/ppp.conf:

   default:
 set log Phase Chat LCP IPCP CCP tun command
 set speed 115200

   pptp:
 set log phase tun
 enable proxy
 set dns 8.8.8.8 8.8.4.4
 set ifaddr 5.5.5.1 5.5.5.0/0 255.255.255.0
 set timeout 0
 enable chap
 enable MSChapV2


And here the error:

   pptpd[25764]: CTRL: Starting call (launching pppd, opening GRE)
   ppp[14716]: Phase: Using interface: tun0
   ppp[14716]: Phase: deflink: Created in closed state
   ppp[14716]: tun0: Command: default: set speed 115200
   ppp[14716]: tun0: Command: pptp: set log phase tun
   ppp[14716]: tun0: Phase: PPP Started (direct mode).
   ppp[14716]: tun0: Phase: bundle: Establish
   ppp[14716]: tun0: Phase: deflink: closed -> opening
   ppp[14716]: tun0: Phase: deflink: Connected!
   ppp[14716]: tun0: Phase: deflink: opening -> carrier
   ppp[14716]: tun0: Phase: deflink: carrier -> lcp
   ppp[14716]: tun0: Phase: bundle: Authenticate
   ppp[14716]: tun0: Phase: deflink: his = none, mine = CHAP 0x81
   ppp[14716]: tun0: Phase: Chap Output: CHALLENGE
   ppp[14716]: tun0: Phase: Chap Input: RESPONSE (49 bytes from 
testuser)

   ppp[14716]: tun0: Phase: Chap Output: SUCCESS
   ppp[14716]: tun0: Phase: deflink: lcp -> open
   ppp[14716]: tun0: Phase: bundle: Network
   ppp[14716]: tun0: Phase: deflink: open -> lcp
   ppp[14716]: tun0: Warning: ff01:4::: Change route failed: errno: 
Network

is unreachable
   ppp[14716]: tun0: Warning: ff02:4::: Change route failed: errno: 
Network

is unreachable
   ppp[14716]: tun0: Warning: ff02:4::: Change route failed: errno: 
Network

is unreachable
   ppp[14716]: tun0: Phase: bundle: Terminate
   pptpd[25764]: CTRL: EOF or bad error reading ctrl packet length.
   pptpd[25764]: CTRL: couldn't read packet header (exit)
   pptpd[25764]: CTRL: CTRL read failed
   ppp[14716]: tun0: Phase: deflink: read (0): Got zero bytes
   ppp[14716]: tun0: Phase: deflink: Disconnected!
   ppp[14716]: tun0: Phase: deflink: Connect time: 1 secs: 354 octets 
in,

364 octets out
   ppp[14716]: tun0: Phase: deflink: 7 packets in, 11 packets out
   ppp[14716]: tun0: Phase:  total 718 bytes/sec, peak 0 bytes/sec on 
Sun

Aug  4 18:23:07 2013
   ppp[14716]: tun0: Phase: deflink: lcp -> closed
   ppp[14716]: tun0: Phase: bundle: Dead
   ppp[14716]: tun0: Phase: PPP Terminated (normal).
   pptpd[25764]: CTRL: Client  control connection 
finished



So far I think is not an authentication problem (the authentication 
process
seems to be "success") and it is a network related issue. However, I 
do not

how to fix it according to the three lines on the output:

  ppp[14716]: tun0: Warning: ff01:4::: Change route failed: errno: 
Network

is unreachable
  ppp[14716]: tun0: Warning: ff02:4::: Change route failed: errno: 
Network

is unreachable
  ppp[14716]: tun0: Warning: ff02:4::: Change route failed: errno: 
Network

is unreachable

 I enabled and applied on sysctl.conf:

  net.inet.gre.allow=1
  net.inet.gre.wccp=1

Also, I added the pf.conf lines needed to allow traffic from 1723 and 
GRE
connections and, to be sure, let all traffic from 5.5.5.0 network 
pass

through the firewall on tun0.

 Any help? What I am missing?

 Thanks in advance,

 Alvaro

gre protocol

[Wesley MOUEDINE ASSABY]

Hi,

I'm using OpenBSD 5.3-stable.

It will be famous if "#net.inet.gre.allow=1" can be  present in the 
file /etc/sysctl.conf (as a comment).


Thank you very much.

Warm Regards,

Wesley

How-To updated : Vpn IKEv2 between a Windows 8 Road Warrior Host and an OpenBSD-5.3 gateway

[Wesley MOUEDINE ASSABY]

Hi everyone,

I just updated my How-To about ikev2.
You can reach it here : http://www.mouedine.net

Cheers,

Wesley MOUEDINE ASSABY

Re: ikev2 and a win7 road warrior host

[Wesley MOUEDINE ASSABY]

It works !!! ;-)

Just doing below.

--
Wesley



Le 22 mai 2012 ` 19:29, Wesley MOUEDINE ASSABY a icrit :

> First thank you very much for your time and reply. I appreciate.
>
> Therefore win7 is a road warrior host so dynamic address.
> so the iked.conf become :
>
> ikev2 "win7" passive esp \
> from 192.168.0.0/24 to 10.10.10.0/24 local aa.bb.cc.dd peer any \
> srcid aa.bb.cc.dd \
> config address 10.10.10.7
>
> ILLUSTRATION :
>
> 192.168.0.0/24--lan--GW51--egress--INTERNET--(win7)
>
> GW51 : hostname vpn.X.net
>   IP address : 192.168.0.51 (lan)
>   egress : aa.bb.cc.dd static IP ADDRESS provide by ISP (SDSL)
>
> win7 : hostname win7
>   IP ADDRESS DHCP (192.168.1.77)
>   IKEV2 Connection config : 10.10.10.7/24
>
> Does this config sound good for you ?
>
> Cheers,
>
> Wesley.

Re: ikev2 and a win7 road warrior host

[Wesley MOUEDINE ASSABY]

First thank you very much for your time and reply. I appreciate.

Therefore win7 is a road warrior host so dynamic address.
so the iked.conf become :

ikev2 "win7" passive esp \
from 192.168.0.0/24 to 10.10.10.0/24 local aa.bb.cc.dd peer any \
srcid aa.bb.cc.dd \
config address 10.10.10.7

ILLUSTRATION :

192.168.0.0/24--lan--GW51--egress--INTERNET--(win7)

GW51 : hostname vpn.X.net
IP address : 192.168.0.51 (lan)
egress : aa.bb.cc.dd static IP ADDRESS provide by ISP (SDSL)

win7 : hostname win7
IP ADDRESS DHCP (192.168.1.77)
IKEV2 Connection config : 10.10.10.7/24

Does this config sound good for you ?

Cheers,

Wesley.

Re: disable password check using /etc/login.conf file

[Wesley MOUEDINE ASSABY]

Le 20 mai 2012 ` 01:11, Stuart Henderson a icrit :

> On 2012-05-18, Wesley MOUEDINE ASSABY  wrote:
>> i'm trying to disable password check.
>
> I have to ask... why?
>

It was only for testing purpose more convenient.
And of course not to put in production.

--
Wesley

Re: disable password check using /etc/login.conf file

[Wesley MOUEDINE ASSABY]

passwd(1)
The quality of the password can be enforced by specifying an external
checking program via the ``passwordcheck'' variable in login.conf(5).

Finally all passwords typed by the user (insane class) are controlled by
passwd(1) and then controlled this time with passwordcheck program

It is only possible to do it using through a script (combining pw_mkdb and
master.passwd).
Sorry for this useless post.

cheers,

--
Wesley.


Le 19 mai 2012 ` 23:38, Wesley MOUEDINE ASSABY a icrit :

> Sorry 'tc=default' was missing at the end :
>
> insane:\
>   :minpasswordlen=4:\
>   :passwordcheck=/usr/bin/true:\
>   :passwordtries=0:\
>   :tc=default:
>
> It doesn't work,  still need a more complicated password.
>
> I read login.conf (5) :
> passwordcheck  program  An external program that
> checks the quality of the
> password.  The password is
> passed to the program on
> stdin.  An exit code of 0
> indicates that the quality
> of
> the password is sufficient,
> an exit code of 1 signals
> that the password failed
the
> check.
>
> and
>
> passwordtries  number 3 The number of times the
> passwd(1) utility enforces
a
> check on the password.  If
> 0,
> the new password will only
> be
> accepted if it passes the
> password quality check.
>
> Any idea ?
>
> Thank you very much.
>
> Cheers,
>
> Wesley.
>
>
>
> Le 18 mai 2012 ` 23:20, Wesley MOUEDINE ASSABY a icrit :
>
>> Hi,
>>
>> i'm trying to disable password check. I already read man page of
login.conf
>> (5) and passwd (1).
>> What i have done :
>>
>> - add a new class "insane" in /etc/login.conf :
>>
>> insane:\
>>  :minpasswordlen=1:\
>>  :passwordcheck=/usr/bin/true:\
>>  :passwordtries=1:
>>
>> - add a new user with this class
>>
>> The length control is ok, tries is also ok, but the password check is
still
>> here.
>> Any idea to disable it ?
>>
>> Cheers,
>>
>> Wesley.

Re: disable password check using /etc/login.conf file

[Wesley MOUEDINE ASSABY]

Sorry 'tc=default' was missing at the end :

insane:\
:minpasswordlen=4:\
:passwordcheck=/usr/bin/true:\
:passwordtries=0:\
:tc=default:

It doesn't work,  still need a more complicated password.

I read login.conf (5) :
 passwordcheck  program  An external program that
 checks the quality of the
 password.  The password is
 passed to the program on
 stdin.  An exit code of 0
 indicates that the quality
of
 the password is sufficient,
 an exit code of 1 signals
 that the password failed the
 check.

and

 passwordtries  number 3 The number of times the
 passwd(1) utility enforces a
 check on the password.  If
0,
 the new password will only
be
 accepted if it passes the
 password quality check.

Any idea ?

Thank you very much.

Cheers,

Wesley.



Le 18 mai 2012 ` 23:20, Wesley MOUEDINE ASSABY a icrit :

> Hi,
>
> i'm trying to disable password check. I already read man page of login.conf
> (5) and passwd (1).
> What i have done :
>
> - add a new class "insane" in /etc/login.conf :
>
> insane:\
>   :minpasswordlen=1:\
>   :passwordcheck=/usr/bin/true:\
>   :passwordtries=1:
>
> - add a new user with this class
>
> The length control is ok, tries is also ok, but the password check is still
> here.
> Any idea to disable it ?
>
> Cheers,
>
> Wesley.

disable password check using /etc/login.conf file

[Wesley MOUEDINE ASSABY]

Hi,

i'm trying to disable password check. I already read man page of login.conf
(5) and passwd (1).
What i have done :

- add a new class "insane" in /etc/login.conf :

insane:\
:minpasswordlen=1:\
:passwordcheck=/usr/bin/true:\
:passwordtries=1:

- add a new user with this class

The length control is ok, tries is also ok, but the password check is still
here.
Any idea to disable it ?

Cheers,

Wesley.

looking to review my french manual, book

[Wesley MOUEDINE ASSABY]

Hi,
I wrote a little manual in french about "Administration Et maintenance d'un
systhme OpenBSD".Is there someone experienced to review the config files,
commands ?
Thank you very much.
All the best,
Wesley MOUEDINE ASSABY

ikev2 between win7 and OpenBSD

[Wesley MOUEDINE ASSABY]

Hi, 

I'm trying ikev2 vpn between an OpenBSD Gateway and a workstation Windows
7

The lab : 

win7[192.168.0.7]---[LAN]-puffy49[192.168.0.49(em0);10.10.10.10(rl0)]


OpenBSD Gateway (puffy49) 
em0 connected on a switch with win7 
rl0 connected on an other switch
PF is disabled. net.inet.ip.forwarding=1

iked.conf :
user "vpnclient" "password0"
ikev2 "win7" passive esp \
from 192.168.0.0/24 to 10.10.10.0/24 \
local any peer any \
eap "mschap-v2"

I also done on the OpenBSD Box : ikectl ca vpntest create; ikectl ca
vpntest install
i exported vpntest, and add it on my win7 machine, and then started iked
-dvvv on OpenBSD box
Try the vpn on win7, it doesn't work, stop on authenfication.
If someone can help me.

Thank you very much.

Cheers,

Wesley M.

rebuild RAID1

[Wesley MOUEDINE ASSABY]

Hi, 

I'm trying to test softraid. 
I use OpenBSD 4.8 Release, i have 2 disks : 

wd0 250G Openbsd is installed ; wd0k slice is part of RAID (200G) 
wd1 500G wd1k slice is part of RAID (200G) 

I built my RAID using this : bioctl -c 1 -l wd0k,wd1k softraid0 
All is ok, sd0c is mounted in /home (cf /etc/fstab) 

Now i disconnected wd1, restart computer. /home is available, but RAID1 is
degraded. 

Add wd1, restart computer, try bioctl -R sd0 0:1.0 (give me an error like
not part in /dev/bio.) 

How can i rebuild ? 

Thank you very much. 

Wesley.

Re: make an firewall with IDS

[Wesley MOUEDINE ASSABY]

First, thank you very much for your link.
I will try it this night.


On Mon, 01 Aug 2011 00:18:06 +0300, "Simeon Rusev" 
wrote:
> Sure,
> take a look at
>
http://www.sec-net.net/en/2011/07/openbsd/snort-2-9-0-5-on-openbsd-current.html
> 
> 
> 
> On Sun, 31 Jul 2011 00:37:41 +0400 Wesley MOUEDINE ASSABY
>  wrote
> 
>> Hi,
>> 
>> Does someone already build an IDS on OpenBSD, and would help me ?
>> I want to use snort on an OpenBSD 4.9 with a small web interface to see
>> Snort alerts.
>> What do you advice me ?
>> 
>> Do i need to install a precompiled snort, with mysql support?? or use
>> ports ?
>> What is the best way to do it ?
>> 
>> Thank you very much for your replies !
>> 
>> Wesley.

make an firewall with IDS

[Wesley MOUEDINE ASSABY]

Hi,

Does someone already build an IDS on OpenBSD, and would help me ?
I want to use snort on an OpenBSD 4.9 with a small web interface to see
Snort alerts.
What do you advice me ?

Do i need to install a precompiled snort, with mysql support?? or use
ports ?
What is the best way to do it ?

Thank you very much for your replies !

Wesley.

Re: pf rule?

[Wesley MOUEDINE ASSABY]

Hi,

For your ftp issue, see here : http://www.openbsd.org/faq/pf/ftp.html

Wesley. M
www.mouedine.net
www.e-solutions.re

On Wed, 20 Jul 2011 23:26:33 -0700, fqui nonez 
wrote:
> 2011/7/20 fqui nonez :
>> 2011/7/20 Andres Perera :
>>> On Wed, Jul 20, 2011 at 8:49 AM, fqui nonez 
>>> wrote:
>>
>> On Wed, 20 Jul 2011 01:09:09 -0700, fqui nonez

>> wrote:
>>> Hello
>>>
>>> I have a sshd/ftpd/httpd server box, 4.9 stable; and I want to log
>>> all
>>> blocked packets, and send them to /var/log/pfblocklog to be read
>>> with
>>> tcpdump. What and where should be the rule?
>>
>>> Thanks for your attention.

 Hello

 I changed it to:

 #$OpenBSD: pf.conf,v 1.49 2009/09/17 06:39:03 jmc Exp $
 #

 set skip on lo

 ### Agregadas por mi: (added by me)
 block log

 pass out quick on rl0

 antispoof quick for rl0

 pass in log on rl0 proto tcp from any to port 22
 pass in log on rl0 proto tcp from any to port 21
 pass in log on rl0 proto tcp from any to port 80
>>>
>>> replace all three by:
>>> pass in log on rl0 proto tcp to port { 21 22 80 }
>>>

 ### Fin. (end)

 # filter rules and anchor for ftp-proxy(8)
 anchor "ftp-proxy/*"
 pass in quick proto tcp to port ftp rdr-to 127.0.0.1 port 8021
>>>
>>> you already pass these packets before. redundant rules make pfctl
>>> output hard to read, so change it to:
>>> match in proto tcp to port ftp rdr-to localhost port 8021
>>>
>>
>> Done, thanks again!
>>
> 
> Hello, again.
> 
> I am receiving this message at client side :
> "425 Can't build data connection: illegal port number"
> then, i changed it to:
> 
> # $OpenBSD: pf.conf,v 1.49 2009/09/17 06:39:03 jmc Exp $
> 
> set skip on lo
> 
> # filter rules and anchor for ftp-proxy(8)
> anchor "ftp-proxy/*"
> pass in quick proto tcp to port ftp rdr-to 127.0.0.1 port 8021
> 
> ### Agregadas por mi: (added by me)
> block log
> 
> pass out quick on rl0
> 
> antispoof quick for rl0
> 
> pass in log on rl0 proto tcp from any to port {21 22 80}
> 
> ### Fin. (end)
> 
> #pass # to establish keep-state
> 
> # By default, do not permit remote connections to X11
> #block in on ! lo0 proto tcp to port 6000:6010
> 
> ftpd is not working correctly with those rules; does somebody see the
> error?
> 
> Thanks for your attention.

Re: pf rule?

[Wesley MOUEDINE ASSABY]

Also,
you can see a sample on http://mouedine.net/ruleset49.aspx

Wesley.

On Wed, 20 Jul 2011 14:27:27 +0400, Wesley MOUEDINE ASSABY
 wrote:
> Hi,
> 
> Try this:
> block log return
> 
> Cheers,
> 
> Wesley.
> 
> On Wed, 20 Jul 2011 01:09:09 -0700, fqui nonez 
> wrote:
>> Hello
>> 
>> I have a sshd/ftpd/httpd server box, 4.9 stable; and I want to log all
>> blocked packets, and send them to /var/log/pfblocklog to be read with
>> tcpdump. What and where should be the rule?
>> 
>> #$OpenBSD: pf.conf,v 1.49 2009/09/17 06:39:03 jmc Exp $
>> #
>> 
>> set skip on lo
>> 
>> ### Agregadas por mi: (added by me)
>> block return
>> 
>> pass in quick log on rl0 proto tcp from any to port 22
>> pass out quick on rl0 to any
>> pass in quick log on rl0 proto tcp from any to port 21
>> pass in quick log on rl0 proto tcp from any to port 80
>> 
>> ### Fin. (end)
>> 
>> # filter rules and anchor for ftp-proxy(8)
>> anchor "ftp-proxy/*"
>> pass in quick proto tcp to port ftp rdr-to 127.0.0.1 port 8021
>> 
>> pass # to establish keep-state
>> 
>> # By default, do not permit remote connections to X11
>> block in on ! lo0 proto tcp to port 6000:6010
>> 
>> Thanks for your attention.

Re: pf rule?

[Wesley MOUEDINE ASSABY]

Hi,

Try this:
block log return

Cheers,

Wesley.

On Wed, 20 Jul 2011 01:09:09 -0700, fqui nonez 
wrote:
> Hello
> 
> I have a sshd/ftpd/httpd server box, 4.9 stable; and I want to log all
> blocked packets, and send them to /var/log/pfblocklog to be read with
> tcpdump. What and where should be the rule?
> 
> # $OpenBSD: pf.conf,v 1.49 2009/09/17 06:39:03 jmc Exp $
> #
> 
> set skip on lo
> 
> ### Agregadas por mi: (added by me)
> block return
> 
> pass in quick log on rl0 proto tcp from any to port 22
> pass out quick on rl0 to any
> pass in quick log on rl0 proto tcp from any to port 21
> pass in quick log on rl0 proto tcp from any to port 80
> 
> ### Fin. (end)
> 
> # filter rules and anchor for ftp-proxy(8)
> anchor "ftp-proxy/*"
> pass in quick proto tcp to port ftp rdr-to 127.0.0.1 port 8021
> 
> pass  # to establish keep-state
> 
> # By default, do not permit remote connections to X11
> block in on ! lo0 proto tcp to port 6000:6010
> 
> Thanks for your attention.

Re: Problems with a postfix server.

[Wesley MOUEDINE ASSABY]

Hi,

Why don't you use this : http://mailserv.github.com/
It is perfect as an OpenBSD Mailserver; With roundcube Webmail inside ;-)

Wesley MOUEDINE ASSABY
www.e-solutions.re
www.mouedine.net


On Wed, 20 Jul 2011 02:00:57 +1000, John Tate  wrote:
> I am setting up a small scale postfix server and the system it resides
> on is directly connected
> to the internet and has an internet ip. Currently the system is a lone
> VPS and lone mailserver
> (hopefully) for my domain. I have got the Postfix server running but
> avoided using MySQL but
> I cannot seem to get emails to relay properly. I want to get my own
> Postfix/Courier-IMAP mail
> server running. I do not care about SASL because the installation will
> be using ssh tunnels.
> 
> I could not find anywhere on the Internet an example of an
> /etc/postfix/mail.cf which is specific-
> ally for a system which is directly connected to the Internet and uses
> an existing pf firewall
> configuration. Providing my own mail services is very important but I
> am so far unfamiliar with
> Postfix servers.
> 
> Contact me if you need information about my existing configuration for
> the Postfix server.
> 
> --
> 
> Website: http://johntate.org
> Facebook: http://facebook.com/john.n.tate
> John Tate

OpenBSD 5.0-beta non-free firmware

[Wesley MOUEDINE ASSABY]

Hi,

I just installed a fresh snapshot 5.0-beta, i noticed at the end of
installation a new feature :
"Install non-free firmwares on first boot", what is it exactly ?
As an aside, installation is always clear, simple, very good jobs !!

cheers,

Wesley M.

detail groups

[Wesley MOUEDINE ASSABY]

Hi,

I'm looking for a paper, or a man page about described groups in OpenBSD.
Is there a way to have more details on groups (/etc/group), for example :
what is the groups "nobody, operator, nogroup, bin...)

For better understanding the system.

Thank you very much.

Wesley.

www.e-solutions.re

Internet bonding

[Wesley MOUEDINE ASSABY]

Hi,

I have a question : 
Is it possible with OpenBSD to bond 2 adsl connections (download=8Mb/s ;
upload=1Mb/s) with different ISP?
And so have a virtual ADSL connection with a speed : 16Mb/s and an upload
of : 2Mb/s
I have already read man pages of trunk, lap seems to me good, but i think
it work on level 2 (OSI) ...
Any idea?

Thank you very much for your replies.

All the best.

Wesley.

Re: merge 2 connections

[Wesley MOUEDINE ASSABY]

Sorry for the subject, but there's no Internet in the 2 connection. It is
IP VPN, to connect 2 sites.
But i have 2 connections RouterB1 and RouterB2 connected to router A.
I want to accumulate the 2 x 1M with OpenBSD,(if it is possible) and so
have A big Connection 2M.

(B)---LANOpenBSD(routerB1,routerB2)---VPN-NO-INTERNET--LAN---RDS(TSE)--(A)

Possible to do it with PF or trunk ? roundrobin ? 
Thank you for replies.

Wesley.

On Fri, 20 May 2011 15:33:46 +0200 (CEST), Francois Pussault
 wrote:
> hi,
> 
> I guess so, because some hardware routers have bandwidth with 2 input.
> At my last work, we used one from 2 distinct DSL connections, the router
&
> after it the network.
> 
> So As you want to use RouterB1 & RouterB2, using an unique one with 2
> inputs should be a good solution, it cots about 100$
> or you may use a software solution (but i don"t know how to).
> 
>> --------
>> From: Wesley MOUEDINE ASSABY 
>> Sent: Fri May 20 15:07:31 CEST 2011
>> To: 
>> Subject: merge 2 internet connection
>> 
>> 
>> Hi, 
>> 
>> I have a client who have 2 locations : A, B 
>> 
>> On side A : he has a RDS Server (TSE), with a router provided by ISP
>> (there's no internet, it's a 2M connection) 
>> 
>> On side B : he has 2 IP VPN Connection to Side A (2 x routers, there's
no
>> internet, but the link is 1M, so 2 x 1M). Users in B works on RDS
Server
>> thanks to VPN.
>> 
>> (A) router A ---IP VPN--1MrouterB1 (B) 
>> 
>> (A) router A---IP VPN --1MrouterB2 (B) 
>> 
>> I want to put an OpenBSD Gateway at B Location, with 3 network cards. 
>> 
>> Rl0 : router B1 
>> 
>> Rl1 : router B2 
>> 
>> RL2 : LAN B
>> 
>> Is it possible to have thanks to PF , the 2 bandwidths (router B1 and
>> routerB2) cumulated, and so have a 2M connection instead of 2x 1M ? 
>> 
>> Thank you very mych for your replies. 
>> 
>> Best Regards, 
>> 
>> Wesley MOUEDINE ASSABY
>> 
> 
> 
> Cordialement
> Francois Pussault
> 3701 - 8 rue Marcel Pagnol
> 31100 ToulouseB 
> FranceB 
> +33 6 17 230 820 B  +33 5 34 365 269 
> fpussa...@contactoffice.fr

merge 2 internet connection

[Wesley MOUEDINE ASSABY]

Hi, 

I have a client who have 2 locations : A, B 

On side A : he has a RDS Server (TSE), with a router provided by ISP
(there's no internet, it's a 2M connection) 

On side B : he has 2 IP VPN Connection to Side A (2 x routers, there's no
internet, but the link is 1M, so 2 x 1M). Users in B works on RDS Server
thanks to VPN.

(A) router A ---IP VPN--1MrouterB1 (B) 

(A) router A---IP VPN --1MrouterB2 (B) 

I want to put an OpenBSD Gateway at B Location, with 3 network cards. 

Rl0 : router B1 

Rl1 : router B2 

RL2 : LAN B

Is it possible to have thanks to PF , the 2 bandwidths (router B1 and
routerB2) cumulated, and so have a 2M connection instead of 2x 1M ? 

Thank you very mych for your replies. 

Best Regards, 

Wesley MOUEDINE ASSABY

Re: problem with download limit (resolved)

[Wesley MOUEDINE ASSABY]

Tried with OpenBSD 4.9 works (RELEASE)
Tried with OpenBSD 4.8 doesn't work (Fresh install)
Tried with OpenBSD 4.8 on 2 machines * with net.inet.tcp.recvspace=65535
works

Thank you a lot for your replies !

Cheers,

Wesley MOUEDINE ASSABY

Re: problem with download limit (resolved)

[Wesley MOUEDINE ASSABY]

But it works now. Just in modifying "recvspace" value for a higher... 
If you have other idea ...

I have test it on the firewall and also on an OpenBSD standalone machine
(directly with a public ip address).

At work : ISP is Orange with a SDSL connection (1M upload=download)
My home : ISP is SFR with an ADSL connection (8M for download, 800K for
upload)
the file is : http://marauders.dyndns.org/~wesley/file.ex (for testing)

Cheers,

Wesley MOUEDINE ASSABY.

On Wed, 11 May 2011 10:27:59 +0200, Henning Brauer 
wrote:
> bad advice. zero effect by definition.
> 
> * Wesley MOUEDINE ASSABY  [2011-05-11 07:47]:
>> I try this on our firewall (OpenBSD 4.8 -stable)
>> sysctl -w net.inet.tcp.recvspace=65535
>> 
>> the default value was : 16384
>> 
>> Thank's to Daniel Melameth
>> 
>> Cheers,
>> 
>> Wesley MOUEDINE ASSABY
>> www.mouedine.net
>> 
>> On Tue, 10 May 2011 15:59:09 -0600, Daniel Melameth

>> wrote:
>> >Try sysctl net.inet.tcp.recvspace=65535.  This is resolved in 4.9.

Re: problem with download limit (resolved)

[Wesley MOUEDINE ASSABY]

I try this on our firewall (OpenBSD 4.8 -stable)
sysctl -w net.inet.tcp.recvspace=65535

the default value was : 16384

Thank's to Daniel Melameth

Cheers,

Wesley MOUEDINE ASSABY
www.mouedine.net

On Tue, 10 May 2011 15:59:09 -0600, Daniel Melameth 
wrote:
>Try sysctl net.inet.tcp.recvspace=65535.  This is resolved in 4.9.

Re: problem with download limit

[Wesley MOUEDINE ASSABY]

When PF is enabled on the box, there's no queuing limit.
And disable PF, don't solve the problem. Really, i don't understand why i
download the file at 32Ko/s instead of ~80Ko/s

At work, connection used is SDSL 1M (128 Ko/s = upload and download); We
have 5 Public Ip Adress; ORANGE is the ISP.
At Home, my connection is ADSL 8M (upload is 800K).

What i have tested :
Put a laptop with Windows 7, configure it with a public ip address. I can
download my file at 80 Ko/s
Now, remove the laptop, take a pc, install OpenBSD 4.8, configure the
network card with a public ip address, download the file at 32Ko/s;with
the
same RJ45 Cable*
With the office' firewall, disable pf, same problem, i download at 32
Ko/s.
I try also with an OpenBSD Appliance (soekris), download at 32Ko/s. 

Any idea ??
Thank you very much.

Wesley.

On Tue, 10 May 2011 13:11:14 +, Kevin Chadwick 
wrote:

>Not sure, there's certainly not enough info here. PF won't cause
>that unless you have some queuing limit. Maybe you have an
>autonegotiation conflict. You could try setting all devices to
>100baseTX full-duplex.