Re: MacbookPro 11,1

On Tue, Nov 24, 2015 at 05:17:56PM -0500, Bryan C. Everly wrote: > The rsu driver I'm using as an external USB network adapter appears to be a > bit flaky on this hardware (dropping packets and connections entirely > sometimes) so that's been a barrier as well necessitating multiple retries > of

Re: vmm uvm_fault in vmware player/workstation when Intel VT/AMD-v not enabled

On Tue, Nov 24, 2015 at 11:02:30PM +0100, Erwin van Maanen wrote: > Hello Misc, > > I was playing around with the new vmm in the bsd snapshot of Nov 23 under > VMWare Workstation. > And when enabling it, i forget to enabled "Virtualize Intel VT-x/EPT or > AMD-V/RVI" option in VMWare

Re: Daily digest, Issue 3641 (37 messages)

On Tue, Nov 24, 2015 at 1:42 PM, Alan Corey wrote: > re: bootable cylinder limit? > > All manner of things seem to have broken when I went from a 500 gig > drive to 1 TB, or maybe it's because I added Linux. For years I've > been using the method that used to be in the

vmm uvm_fault in vmware player/workstation when Intel VT/AMD-v not enabled

Hello Misc, I was playing around with the new vmm in the bsd snapshot of Nov 23 under VMWare Workstation. And when enabling it, i forget to enabled "Virtualize Intel VT-x/EPT or AMD-V/RVI" option in VMWare workstation an i get an uvm_fault: uvm_fault(0xff007f549f00, 0x60, 0, 1) -> e

Re: pf change destination port for outgoing traffic

Does anything changed during these years? I would like to do the same thing the author of topic wanted. I want it because I am playing with relayd, privoxy and pf. I have done chain Firefox -> relayd1-> privoxy -> relayd2, but relayd2 seems to try estabilish tls connection to 80 port rather than

Re: MacbookPro 11,1

So I got a usable Gnome3 desktop on this machine! Trying to install gnome was a bit of a pain due to a library version mismatch with the snapshot I grabbed. However, after building /usr/ports/devel/harfbuzz and /usr/ports/graphics/exiv2 from source (amazing how fast that build went on this

option DEBUG in sparc64 kernel

Hi Misc@ I'm trying to build a debug kernel for sparc64 but keep getting the following errors in iommu.c: cc -Werror -Wall -Wimplicit-function-declaration -Wno-main -Wno-uninitialized -Wframe-larger-than=2047 -Wa,-Av9b, -mno-fpu -fno-builtin-printf -fno-builtin-snprintf

Re: WLAN Card AP feature

On Tue, Nov 24, 2015 at 12:20:31PM -0700, bluesun08 wrote: > In FreeBSD there is the command "ifconfig list caps". This displays > the adaptor's capabilities, including the operating modes supported. > > 1) Is there a similar command in OpenBSD? See "ifconfig media" for some of that

WLAN Card AP feature

In FreeBSD there is the command "ifconfig list caps". This displays the adaptor's capabilities, including the operating modes supported. 1) Is there a similar command in OpenBSD? 2) Is there a WLAN-USB-Stick which can act as access point? Regards Alex -- View this message in context:

Re: diff man page typo

On Tue, Nov 24, 2015 at 09:47:20AM -0500, Donald Allen wrote: > In the 'Output Style' section, the diff man page says > > "XXdYYAt line XX delete the line. The value YY tells to which > line the change would bring file1 in line with file1." > > I think what is meant is

Re: pf change destination port for outgoing traffic

On 2015-11-24, Lampshade wrote: > Does anything changed during these years? > I would like to do the same thing the author of topic wanted. I don't remember the exact syntax but IIRC this can be done with a rule involving "rdr-to", "bitmask", and "0.0.0.0/0".

Re: lidsuspend does not work anymore on 5.8 snapshot, garbles screen, zzz suspend works fine (longer)

On Mon, Aug 31, 2015 at 08:59:15PM -0400, Michael McConville wrote: > Michael McConville wrote: > > I'm having a similar issue on today's AMD64 snapshot on a ThinkPad > > X210. > > > > When I opened it the screen stayed black and there were no signs of > > life other than the battery indicator.

How to test radius server

I read the /etc/npppd/npppd.conf It's ok. except radius:) "man npppd.conf" say: authentication RADIUS type radius { username-suffix "@example.com" authentication-server { address 192.168.0.1 secret "hogehoge" } } then, I couldn't find /etc/radiusd.conf I check the "man -k radius". "man

Re: Recognizing USB plug-ins

On 23 Nov 2015, Mihai Popescu wrote: >> OpenBSD 5.8 (GENERIC.MP) #1236: Sun Aug 16 02:31:04 MDT 2015 > > First suggestion is to try the latest snapshot - development is going > on. Unfortunately latest is a hard thing to come back from. I can try current again though! > For the ignorant one,

Re: opensmtpd

Yes, I don't want auth for other mail servers, I wan't to only authorization for sening mail from my server mail. On 24.11.2015 17:19, Jason Barbier wrote: > read the man page a bit more carfully around how the auth keyword works. > you probably dont want auth on that line.

Re: TLS intercepting proxy [MitM]

Thanks Uwe Werler! I have not yet estabilished chain described in first message, but it is due to lack of time I didn't tried. Firefox runs as firefox user. I have actually MitM on relayd *using divert* with this pf-magic: cat /etc/pf_kop.conf

Re: opensmtpd

read the man page a bit more carfully around how the auth keyword works. you probably dont want auth on that line. -- Jason Barbier | E: jab...@serversave.us GPG Key-ID: B5F75B47(http://kusuriya.devio.us/pubkey.asc) On Tue, Nov 24, 2015, at 08:13 AM, Krzysztof Strzeszewski wrote: > Hello, > >

opensmtpd

Hello, when I use in smtpd.conf: . .. ... listen on egress secure pki nroot.pl auth ... .. . mail sending to me can't reach: smtp-in: Failed command on session 14529d46237222d5: "MAIL FROM: SIZE=1599" =>530 5.5.1 Invalid command: Must issue an AUTH command first when I use in

Re: opensmtpd

This is my config file…with Maildir /var/mail/ and DKIMproxy $ cat /etc/mail/smtpd.conf queue compression queue encryption key xxx ->(your_key_numbers) table aliases db:/etc/mail/aliases.db table domains file:/etc/mail/domains table users

Re: Daily digest, Issue 3641 (37 messages)

re: bootable cylinder limit? All manner of things seem to have broken when I went from a 500 gig drive to 1 TB, or maybe it's because I added Linux. For years I've been using the method that used to be in the OpenBSD FAQ of using dd to write out the first sector of the partition you want to boot

Re: NSD/Unbound clarifications

On Mon, Nov 23, 2015 at 12:24:53PM +0100, Alessandro Baggi wrote: > Hi list, > I've switched from Obsd 5.3 from Pfsense to try it. Now I want come back to > Obsd. I prefer it. > Great choice. [snip] > Now today I've nsd and unbound that I can use on my firewall. > I don't need authoritative

Re: Hitting the bootable cylinder limit?

You are making life unnecessarily difficult for yourself, even apart from running multi boot (mind, I have multi boot here on various legacy systems, but not for anything serious). Install Windows first, although I would note a 32GB boot partition is not large enough to properly maintain any

Re: TLS intercepting proxy [MitM]

On Tue, Nov 24, 2015 at 01:05:34AM +0100, Stefan Wollny wrote: > Am 11/23/15 um 23:41 schrieb Lampshade: > >Hello, > >I would like to use privoxy to scrub/delete > >some informations in application layer (HTTP) going out from my PC. > >Problem is that a lot of connections are secured with TLS, so

Re: NSD/Unbound clarifications

On 2015-11-23 Mon 12:24 PM |, Alessandro Baggi wrote: > > In my last valid OBSD config, I used named for my lan (not exposed on > internet) only for lan dns serving, not exposed, with recursion and > forwarder. > unbound can fill this role for you Alessandro. Search for 'local-zone' in

Re: TLS intercepting proxy [MitM]

Am 24.11.2015 14:52:58, schrieb Jiri B: > > With a little bit pf-magic this works like this: > > pass out log on $ext_if proto tcp to any port 443 route-to lo0 > > pass out log on > > $ext_if proto tcp to any port 443 user _relayd > > pass in log on lo0 proto tcp to > > any port 443 divert-to

Re: TLS intercepting proxy [MitM]

> With a little bit pf-magic this works like this: > pass out log on $ext_if proto tcp to any port 443 route-to lo0 > pass out log on > $ext_if proto tcp to any port 443 user _relayd > pass in log on lo0 proto tcp to > any port 443 divert-to 127.0.0.1 port 8443 Have you actually tested this? The

relayd ssl interception and certificate subject

Hello, I'm just testing ssl interception and noticed the following problem. Sometimes the Subject/Subject Alternative Name of the cert is altered with a different name than the one the original cert has: The faked cert:

Re: Logging removal of dependent packages - disregard please

On Tue, 24 Nov 2015 01:01:59 +0200 Mihai Popescu wrote: > Too bad, pkg_* suite is using perl, if i remember ... Woenderful guest art awe ditto. Mass the Reading compression now your will. Not heart that must bee.

diff man page typo

In the 'Output Style' section, the diff man page says "XXdYYAt line XX delete the line. The value YY tells to which line the change would bring file1 in line with file1." I think what is meant is "XXdYYAt line XX delete the line. The value YY tells to which

Re: list Hackfest 2015 videos in events.html

Committed, thanks! On Tue, Nov 24, 2015 at 10:05:47AM +0100, Daniel Jakots wrote: > Hi, > > Hackfest videos of mlarkin@ and deraadt@ were published yesterday. > > Cheers, > Daniel > > Index: events.html > === > RCS file:

Re: TLS intercepting proxy [MitM]

Em 24-11-2015 11:17, Lampshade escreveu: > I know that relayd can decrypt traffic, then log, then encrypt. You know that this ain't the only thing it can do, right? > The thing is that I want to > send decrypted traffic to another process (privoxy), and then re-encrypt it. Now this, I don't

Re: TLS intercepting proxy [MitM]

Am 24.11.2015 14:17:41, schrieb Lampshade: > Ok, I know that relayd can decrypt traffic, then log, then encrypt. The thing is that I want to > send decrypted traffic to another process (privoxy), and then re-encrypt it. > I have also problem with Reyk's config because I can not divert outgoing

Re: TLS intercepting proxy [MitM]

On Tue, Nov 24, 2015 at 02:17:41PM +0100, Lampshade wrote: > I want to intercept and alter traffic on the same box that I run Firefox. > Is this possible using pf and relayd or I must use something else? IIRC this is not possible. j.

Re: TLS intercepting proxy [MitM]

Ok, I know that relayd can decrypt traffic, then log, then encrypt. The thing is that I want to send decrypted traffic to another process (privoxy), and then re-encrypt it. I have also problem with Reyk's config because I can not divert outgoing traffic using pf. I have tried with rdr-to and