Re: Can't SSH into CARP'd system from the outside

On Tue, Nov 11, 2008 at 03:53:54PM -0800, Vivek Ayer wrote: [...] # macros [...] carpdevs = { carp0 , carp1 } [...] # pass rules [...] pass in on $carpdevs inet proto tcp from any to ($ext_if) \ port $tcp_services flags S/SA keep state # Allow SSH Access from Outside just from a quick

Re: pf.conf

On Wed, Nov 12, 2008 at 7:47 AM, disintx [EMAIL PROTECTED] wrote: For all the ports you are looking for, you need to check /etc/services and you should read the man pages for whatever daemons you want to know about. May I also recommend the excellent Building Firewalls with OpenBSD and PF

Re: 4.4: crash in uvm_aiodone_daemon

On 2008-11-12, jul [EMAIL PROTECTED] wrote: Pedro Martelletto wrote on 11/11/08 18:56: What was the actual panic message? sorry but the serial console was connected after crash, so i don't have initial message. This information is not in trace ? is there a command to recover it ? show panic

Re: Using a separate boot partition

On Wed, Nov 12, 2008 at 5:31 AM, Joseph Alten [EMAIL PROTECTED] wrote: So there isn't really an option like I was describing? I was going to just create my / partition on my boot hard drive like you mentioned, but I seemed so close when I ran boot hd0a:/bsd -a at the boot prompt that I thought

Re: symux/rrdtool problem on 4.4-snap

On 2008-11-12, Ryan Flannery [EMAIL PROTECTED] wrote: I'm having some strange problems with the symon (mon+mux) and rrdtool packages after recently upgrading to a 4.4 snapshot (fresh install). Seems like your Perl packages are not in-sync with the base perl. Make sure they are all up-to-date

Re: VLC/MPlayer/ffmpeg audio/video sync issues introduced in 4.4..

On Mon, Nov 10, 2008 at 09:19:18PM -0800, J.C. Roberts wrote: On Tue, 11 Nov 2008 04:26:22 + Jacob Meuser [EMAIL PROTECTED] wrote: On Mon, Nov 10, 2008 at 08:08:59PM -0800, J.C. Roberts wrote: general mplayer configuration suggestions nah, it's probably an B-frame or trellis

Re: IPSec to Checkpoint

On Wed, Nov 12, 2008 at 02:35:35PM +0100, Claer wrote: Hey there, I don't know if your isakmpd.conf is good or not. The general part seems good. But I'm wondering why you are not using the new configuration file (/etc/ipsec.conf) It's much easier to use and to maintain over time. For your

Applying patch 004 to OpenBSD 4.4 and Apache/OpenSSL (problem with PEM_F_DEF_CALLBACK)

Hello At work here I have a PC which was loaded with OpenBSD 4.3 I have updated it to OpenBSD 4.4 After having installed it I downloaded from OpenBSD's ftp the files sys.tar.gz and src.tar.gz which i did tar zxpf in /usr/src I then downloaded the latest 4.4.tar.gz patch file and applied every

Re: IPSec to Checkpoint

On Wed, Nov 12, 2008 at 02:35:35PM +0100, Claer wrote: Hey there, OK, so I've switched to ipsec.conf and it is alot easier! However, I'm still struggling to use aes 256. I have the following: ike esp from 195.24.xxx.x/25 to 62.232.yyy.y/27 \ local 195.24.aaa.aa peer 62.232.bbb.bbb \ main auth

useradd /etc/security

After a few upgrades; I noticed that new users added with useradd(8) (using commands in upgradeXX.htm) are created with 13 asterisks in passwd field. During a new install only one asterisk is placed in this field for system users. I was curious about this difference and feeling a bit

Re: Experiences running named and rndc on 4.4 vs 4.3

On Tue, 11 Nov 2008, Don Jackson wrote: Today I began testing named on a freshly installed OpenBSD 4.4 amd64 machine, using my old named.conf file from 4.3 (which was still running named version 9.4.2) When the machine first boots after the install, /etc/rc determines there is no rndc.key,

relayd: backups when using relay?

Hi list I'm looking at the relay (not redirect) feature of relayd (4.4), but cannot figure out how to use backups/fallbacks when doing relaying? With redirect I just add another forward directive, but this doesn't seem to work for relays? Cannot find anything in docs mentioning this (with

Re: relayd exits when disabling and enabling hosts

Yes, sorry it is a typo, I used 4.4-snapshot (10/08), got the same error, I'll try to test it on the release as soon as it gets out. If it keeps crushing i'll fill a bug report. Thanks for the info. 2008/11/11 Stuart Henderson [EMAIL PROTECTED] On 2008-11-11, Johan Strvm [EMAIL PROTECTED]

Re: How to NAT a site-site VPN tunnel

I found another thread in french (I think, I am not good with french) with a link that looks promising... http://fixunix.com/bsd/87865-nat-ipsec-openbsd-pf-isakmpd.html I will check out that solution and let you know if I still have problems.

Re: IPSec to Checkpoint

On Wed, Nov 12 2008 at 18:13, Joe Warren-Meeks wrote: Hey guys, Hi, I'm struggling to get isakpmd to talk to a checkpoint firewall I need the following parameters General IKE Properties = AES-256 with SHA1 IKE Phase 1 SA = Group2 (1024 bit) IKE Phase 1 SA renegotiation = 1440 IKE Phase

Re: 4.4 recently installed

On Tue, Nov 11, 2008 at 01:21:09PM -0800, T D wrote: I'm not sure...I didn't think it had more than one, I will have to look into this. There are no extra cards on the system (only a rj45) - the motherboard wouldn't have more than one music built in would it?. unlikely Think I better check

IPSec to Checkpoint

Hey guys, I'm struggling to get isakpmd to talk to a checkpoint firewall I need the following parameters General IKE Properties = AES-256 with SHA1 IKE Phase 1 SA = Group2 (1024 bit) IKE Phase 1 SA renegotiation = 1440 IKE Phase 2 SA renegotiation = 3600 The network layout looks as follows:

How to reply read -s from bash (linux) in ksh (OpenBSD)

I need migrate a script to a OpenBSD server, this work ok, but in the script the some input parameters must be completed without echo in the terminal. I not found this in ksh, Thanks in advance! -- # /dev/hdc - OpenBSDeros.org hdc [at] openbsderos [dot] org

Re: How to reply read -s from bash (linux) in ksh (OpenBSD)

Something like stty -echo read variable stty echo Regards, Andreas 2008/11/12 HDC [EMAIL PROTECTED]: I need migrate a script to a OpenBSD server, this work ok, but in the script the some input parameters must be completed without echo in the terminal. I not found this in ksh,

Re: How to reply read -s from bash (linux) in ksh (OpenBSD)

On Wed, Nov 12, 2008 at 6:40 PM, HDC [EMAIL PROTECTED] wrote: I need migrate a script to a OpenBSD server, this work ok, but in the script the some input parameters must be completed without echo in the terminal. I not found this in ksh, a couple of ideas 1) do stty -echo read foo bar stty

Re: NAT + IPsec problem

Hello, I succeed to do what I wanted using this : http://fixunix.com/bsd/87865-nat-ipsec-openbsd-pf-isakmpd.html Many thanks for the help ! -- Cordialement, Pierre BARDOU -Message d'origine- De : Claer [mailto:[EMAIL PROTECTED] Envoyé : dimanche 9 novembre 2008 12:39 À : BARDOU

Re: relayd exits when disabling and enabling hosts

On 2008/11/12 10:56, David Caro wrote: Yes, sorry it is a typo, I used 4.4-snapshot (10/08), got the same error, I'll try to test it on the release as soon as it gets out. If it keeps crushing i'll fill a bug report. a snapshot from October '08 is way past 4.4 release, which was built in

openvpn error PKI on obsd 4.4

hi ,,, i follow tutorial from this site http://blog.innerewut.de/2005/7/4/openvpn-2-0-on-openbsd i try make PKI follow automatic script from openvpn not working , bellow detail log # uname -a OpenBSD log.mydomain.com 4.4 GENERIC#1021 i386 # #mkdir /etc/openvpn #cp -R

Re: symux/rrdtool problem on 4.4-snap

On Wed, Nov 12, 2008 at 6:54 AM, Stuart Henderson [EMAIL PROTECTED] wrote: In gmane.os.openbsd.misc, you wrote: On 2008-11-12, Ryan Flannery [EMAIL PROTECTED] wrote: I'm having some strange problems with the symon (mon+mux) and rrdtool packages after recently upgrading to a 4.4 snapshot (fresh

Missing security announcements

Hi! I subscribed to security-announce a long time ago and thought I would receive information about security annoucements, but contrary to what is stated on http://openbsd.org/mail.html: security-announce - Security announcements. This low volume list receives OpenBSD security advisories

Re: How to reply read -s from bash (linux) in ksh (OpenBSD)

1) do stty -echo read foo bar stty echo though in case you hit ^c in that read, that may lead to a tty with no echo. perhaps may be solved with trap. This work fine whit stty traps! Thanks! -- # /dev/hdc - OpenBSDeros.org hdc [at] openbsderos [dot] org

Re: dhcpd problem on OpenBSD 4.4 with release / renew

Kenneth R Westerback wrote: On Tue, Nov 11, 2008 at 03:03:19PM -0800, Brian Keefer wrote: On Nov 11, 2008, at 2:01 PM, Administrator wrote: Brian Keefer wrote: On Nov 11, 2008, at 12:42 PM, Administrator wrote: Nope, didn't help. There must be some other mistery. Now it stops at DHCPOFFER

Re: IPSec to Checkpoint

Support for specifying aes key sizes was added february 2008, thus 4.2 does not provide this. On Wed, Nov 12, 2008 at 03:17:17PM +, Joe Warren-Meeks wrote: On Wed, Nov 12, 2008 at 02:35:35PM +0100, Claer wrote: Hey there, OK, so I've switched to ipsec.conf and it is alot easier!

Re: Can't SSH into CARP'd system from the outside

i don't think I understand. Clarify. you mean carpdev is like your physical interface..eth0, re0, etc.? On Wed, Nov 12, 2008 at 12:40 AM, Marco Pfatschbacher [EMAIL PROTECTED] wrote: On Tue, Nov 11, 2008 at 03:53:54PM -0800, Vivek Ayer wrote: [...] # macros [...] carpdevs = { carp0 , carp1 }

PCC developer looking for funding through BSD Fund

I know there has been some interest on this list related to having a BSD licensed C compiler used for OpenBSD. Anders Magnusson (Ragge,) is the maintainer of PCC and is looking for some funding through BSD Fund (tax deductible in the US) to get a V1.0 release out. This is also on Undeadly, if

Re: Experiences running named and rndc on 4.4 vs 4.3 - Solved/Explained

Yes, you are exactly right. My OS install script renames the existing /var/named/etc directory, and creates a new one pulled from version control, and in so doing, does not restore the correct ownership of the etc directory. So later on, during the execution of /etc/rc, the rndc.key file gets

Re: Problem with relayctl - OBSD 4.4

Hello, Here is the log for relayd -dv. When I try to relayctl reload I got a command failed and nothing in relayd output. # relayd -dv warning: macro 'squid_adh' not used warning: macro 'dns_adh' not used warning: macro 'dns1_ext' not used warning: macro 'dns2_ext' not used warning: macro

Re: relayd exits when disabling and enabling hosts

In that case i'll make the bug report as soon as i get one machine idle enough time to install openbsd 4.4 again. 2008/11/12 Stuart Henderson [EMAIL PROTECTED] On 2008/11/12 10:56, David Caro wrote: Yes, sorry it is a typo, I used 4.4-snapshot (10/08), got the same error, I'll try to test

Re: Can't SSH into CARP'd system from the outside

On 2008-11-12, Vivek Ayer [EMAIL PROTECTED] wrote: i don't think I understand. Clarify. you mean carpdev is like your physical interface..eth0, re0, etc.? yes On Wed, Nov 12, 2008 at 12:40 AM, Marco Pfatschbacher [EMAIL PROTECTED] wrote: On Tue, Nov 11, 2008 at 03:53:54PM -0800, Vivek

symux/rrdtool problem on 4.4-snap

Hello misc@, I'm having some strange problems with the symon (mon+mux) and rrdtool packages after recently upgrading to a 4.4 snapshot (fresh install). Previously I was running 4.3 with symon symux installed, and would cron a script that created rrdtool graphs from some of the symux rrd files,

Re: Using a separate boot partition

Seems to me we are not looking at the good direction. I seem to understand that the problem is multi-booting, with OSes possibly on multiple physical devices. It also seems that the starting point is a Lunixish advocating of having a /boot partition handling *all* parameters for all OSes,

Re: relayd: does timeout-directive limits time for SSL-handshake?

Hi! (ok not really a Re: since i dont have the original message, but i copy-pasted somewhat from archives to get some context, hope noone minds :) http://www.nabble.com/relayd:-does-timeout-directive-limits-time-for-SSL-handshake--td19698613.html) Just want to bring this back up, since I

Re: Using a separate boot partition

On Tue, Nov 11, 2008 at 07:52:30PM -0800, Joseph Alten wrote: Due to technical constraints, my setup requires that I have a separate boot partition (basically the kernel and anything else critical for booting), and then of course my root partition other data partitions on a separate

Re: Using a separate boot partition

On 2008-11-12, dermiste [EMAIL PROTECTED] wrote: I'm backing ben here : OpenBSD / should be small enough to fit it entirely into a boot partition. /etc/{master.,}passwd and /etc/{s,}pwd.db can grow pretty large on some systems...

Re: How to NAT a site-site VPN tunnel

2008/11/12 Mitja MuEeniD [EMAIL PROTECTED]: If you control the target box, the simplest solution by far is to assign a deconficting alias address to it and then establish the VPN tunnel between the 3rd party site and this alias address of yours. Everybody will be accessing through the

Re: Can't SSH into CARP'd system from the outside

then, what about this: pass on $carpdev proto carp keep state Looks like it's filtering on the $carpdev, which is carp0 and carp1 in this case. It's just what I read in the pf book. I'd like to resolve this soon so I can go ahead an launch my website. I feel like there's a lot of carp in the pf

Re: Can't SSH into CARP'd system from the outside

On 2008/11/12 14:35, Vivek Ayer wrote: then, what about this: pass on $carpdev proto carp keep state the proto carp packets are all strictly on the parent interfaces, that is the only place you need to pass them. Looks like it's filtering on the $carpdev, which is carp0 and carp1 in this

Re: Missing security announcements

On 12 Nov 2008, at 17:57, Peer Janssen wrote: Hi! I subscribed to security-announce a long time ago and thought I would receive information about security annoucements, but contrary to what is stated on http://openbsd.org/mail.html: security-announce - Security announcements. This low

Re: PCC developer looking for funding through BSD Fund

On 12 Nov 2008, at 20:25, Mark Carlson wrote: I know there has been some interest on this list related to having a BSD licensed C compiler used for OpenBSD. Anders Magnusson (Ragge,) is the maintainer of PCC and is looking for some funding through BSD Fund (tax deductible in the US) to get a

Re: Missing security announcements

On Thu, 13 Nov 2008, Simon Connah wrote: On 12 Nov 2008, at 17:57, Peer Janssen wrote: Hi! I subscribed to security-announce a long time ago and thought I would receive information about security annoucements, but contrary to what is stated on http://openbsd.org/mail.html:

Re: Missing security announcements

On Wed, Nov 12, 2008 at 06:57:19PM +0100, Peer Janssen wrote: I subscribed to security-announce a long time ago and thought I would receive information about security annoucements, but contrary to what is stated on http://openbsd.org/mail.html: security-announce - Security announcements.

Re: Missing security announcements

On Wed, 12 Nov 2008 21:32:57 -0600 Emilio Perea [EMAIL PROTECTED] wrote: I don't think it's a big deal since there are other ways of getting the information. Given that we usually sign up to a security-announce mailing list for good reason, if the list isn't working as intended, or there is

Re: Missing security announcements

I don't think it's a big deal since there are other ways of getting the information. Given that we usually sign up to a security-announce mailing list for good reason, if the list isn't working as intended, or there is some misunderstanding as to why the list exists, then I'd like to

Re: Missing security announcements

On Wed, 12 Nov 2008 21:32:57 -0600, Emilio Perea wrote: On Wed, Nov 12, 2008 at 06:57:19PM +0100, Peer Janssen wrote: I subscribed to security-announce a long time ago and thought I would receive information about security annoucements, but contrary to what is stated on

Re: Missing security announcements

On Wed, Nov 12, 2008 at 10:32 PM, Emilio Perea [EMAIL PROTECTED] wrote: FWIW, I received the Welcome to the security-announce mailing list! message on 9/4/2002 and nothing since. I don't think it's a big deal since there are other ways of getting the information. Maybe you mean 2008, because

Re: Missing security announcements

On Wed, Nov 12, 2008 at 11:36:10PM -0500, Ted Unangst wrote: On Wed, Nov 12, 2008 at 10:32 PM, Emilio Perea [EMAIL PROTECTED] wrote: FWIW, I received the Welcome to the security-announce mailing list! message on 9/4/2002 and nothing since. I don't think it's a big deal since there are

Re: Missing security announcements

On Wed, 12 Nov 2008 21:17:46 -0700 Theo de Raadt [EMAIL PROTECTED] wrote: It does not work because noone who works on OpenBSD runs -stable. Then every few months some of you come and yell at us. Not yelling, honest; I was just curious. So, basically, no one has the time or motivation to send

Re: Missing security announcements

It does not work because noone who works on OpenBSD runs -stable. Then every few months some of you come and yell at us. Not yelling, honest; I was just curious. So, basically, no one has the time or motivation to send out updates? None of the developers are on the list. Heck! More

chaplIn...

. . . out of all the lies said to mE i love you was my favouriTe . . . [EMAIL PROTECTED] . . .

Re: Using a separate boot partition

On Wed, Nov 12, 2008 at 2:21 PM, Raimo Niskanen [EMAIL PROTECTED] wrote: On Tue, Nov 11, 2008 at 07:52:30PM -0800, Joseph Alten wrote: Due to technical constraints, my setup requires that I have a separate boot partition (basically the kernel and anything else critical for booting), and then