Re: Hardware recommendations for compact 1U firewall

A search on fleabay shows that, in Australia, they still fetch >$300, out of my price range. :( On Thu, Dec 15, 2016 at 10:30 PM, Stuart Henderson wrote: > On 2016-12-15, Aaron Mason wrote: >> All >> >> I'm looking for a 1U appliance that I can

Re: mounting tmpfs ???

On Thu, Dec 15, 2016 at 4:32 PM, Stuart Henderson wrote: > On 2016/12/15 11:23, sven falempin wrote: > > > > > > On Wed, Dec 14, 2016 at 11:36 AM, Stuart Henderson > > wrote: > > > > On 2016/12/14 11:07, sven falempin wrote: > > > On Wed, Dec

Re: Hardware recommendations for compact 1U firewall

On Thu, Dec 15, 2016 at 02:04:04PM -0800, OpenBSD lists wrote: > I recently replaced a pair of Soekris 6501's (BIOSes on both went blank) > with some SuperMicro X11SBA-LN4F-O boards, SATA-DOM-064s, the CSE505-203B > and 4 GB 1600 Mhz DRR3 sticks. > > Draws so little power that it looks like the

Re: Hardware recommendations for compact 1U firewall

Jordon wrote: About a year ago i replaced my Soekris net5501 with the following system: Supermicro A1SAi-2550F (4 core Atom with 4 NICS + IPMI) Supermicro SC505-203B (1U case where the back of the mob comes out the front) Kingston KVR16LSE11/4 (4GB SO-DIMM) I also used a SATA-DOM

Re: Hardware recommendations for compact 1U firewall

On 15.12.2016. 20:45, Bryan Vyhmeister wrote: > There is no support for Intel QAT (sometimes called Quick Assist) in > OpenBSD and that's not likely to change anytime soon. Some support is > supposedly coming to FreeBSD (by way of pfSense and some commerical > sponsorship or something) but I have

Re: mounting tmpfs ???

On 2016/12/15 11:23, sven falempin wrote: > > > On Wed, Dec 14, 2016 at 11:36 AM, Stuart Henderson > wrote: > > On 2016/12/14 11:07, sven falempin wrote: > > On Wed, Dec 14, 2016 at 10:51 AM, Stuart Henderson < > s...@spacehopper.org> > > wrote: > > >

Re: Hardware recommendations for compact 1U firewall

About a year ago i replaced my Soekris net5501 with the following system: Supermicro A1SAi-2550F (4 core Atom with 4 NICS + IPMI) Supermicro SC505-203B (1U case where the back of the mob comes out the front) Kingston KVR16LSE11/4 (4GB SO-DIMM) I also used a SATA-DOM because I was going

Re: Hardware recommendations for compact 1U firewall

On Thu, Dec 15, 2016 at 07:51:40PM +0100, Hrvoje Popovski wrote: > On 15.12.2016. 12:30, Stuart Henderson wrote: > > If you want to cut down on weight+noise at the expense of more cost > > and a less powerful cpu, maybe APU2 in a 1U case or something like > > supermicro SYS-5018A-FTN4. > > has

Re: doas prompting for password in script

On 15 December 2016 at 10:42, trondd wrote: > On Thu, December 15, 2016 12:28 pm, Ax0n wrote: >> I don't know how doas is keeping track of a session. If it's by >> interactive >> tty session only, that could cause problems with non-interactive scripts. >> I'll let someone

Re: Hardware recommendations for compact 1U firewall

On 15.12.2016. 12:30, Stuart Henderson wrote: > If you want to cut down on weight+noise at the expense of more cost > and a less powerful cpu, maybe APU2 in a 1U case or something like > supermicro SYS-5018A-FTN4. has anyone dmesg from SYS-5018A-FTN4 box? i'm interesting in intel qat thank you

Re: doas prompting for password in script

On Thu, December 15, 2016 12:28 pm, Ax0n wrote: > I don't know how doas is keeping track of a session. If it's by > interactive > tty session only, that could cause problems with non-interactive scripts. > I'll let someone closer to the code answer that question. > It's tied to the shell.

Re: Hardware recommendations for compact 1U firewall

On 2016-12-15, Stuart Henderson wrote: > If you want to cut down on weight+noise at the expense of more cost > and a less powerful cpu, maybe APU2 in a 1U case or something like > supermicro SYS-5018A-FTN4. I can second this recommendation, it's what I use at home.

Re: doas prompting for password in script

I don't know how doas is keeping track of a session. If it's by interactive tty session only, that could cause problems with non-interactive scripts. I'll let someone closer to the code answer that question. On Thu, Dec 15, 2016 at 11:25 AM, jungle Boogie wrote: > On 15

Re: doas prompting for password in script

On 15 December 2016 at 09:21, Ax0n wrote: > In -CURRENT, doas.conf has a "persist" keyword that will only prompt once > per session. This isn't available in OpenBSD 6.0, but should work when 6.1 > is released. Here's a fairly minimal rule that would allow wheel group users > to do

Re: doas prompting for password in script

For now, you may want to use the "nopass" keyword and set up highly-restrictive rules. The last matching rule determines the action taken, so you can have more general rules up top, and more specific ones that don't require a password toward the end. For example, my wireless network manager script

Re: Hardware recommendations for compact 1U firewall

On Thu, Dec 15, 2016 at 11:30:31AM +, Stuart Henderson wrote: > On 2016-12-15, Aaron Mason wrote: > > All > > > > I'm looking for a 1U appliance that I can re-purpose into a firewall > > using OpenBSD. I've tried the near-free method by using an old Lacie > >

doas prompting for password in script

Hi All, Should I be prompted for a password during this scenario? $ doas date doas (jun...@openbsd.my.domain) password: Thu Dec 15 08:55:39 PST 2016 $ ./date.sh doas (jun...@openbsd.my.domain) password: Thu Dec 15 08:55:46 PST 2016 As you see, only seconds past from both commands and yet, I'm

Re: PC-Engines Wireless - PPPOE timeouts.

On Thu, 15 Dec 2016 11:05:08 + (UTC) Stuart Henderson wrote: > On 2016-12-15, Patrick Dohman wrote: > > Stuart > > > > Please see below for more info: > > > > Please note the 5.7 dmesg is subsequent to a reboot. > > Thanks. I was

Re: Openbgpd emulation on GNS3

On Thu, 15 Dec 2016 16:26:00 +0530 Karthik Veeragoni wrote: > Hi guys, > > I'm trying to emulate the Openbsd's Openbgpd on GNS3. Here is the > topology for same: Lat time I checked some 8 years ago when I was preparing my CCNA, GNS3 was visual front-end to

Re: Encrypted data partition

In gmane.os.openbsd.misc, you wrote: > On Thu, Dec 15, 2016 at 07:24:24AM +0100, Carsten Kunze wrote: >> So it would really be great to have an up-to-date EncFS... > > This might be a good opportunity for you to give ports development a go > ;-) > > http://www.openbsd.org/faq/ports/index.html >

Re: Hardware recommendations for compact 1U firewall

On 2016-12-15, Aaron Mason wrote: > All > > I'm looking for a 1U appliance that I can re-purpose into a firewall > using OpenBSD. I've tried the near-free method by using an old Lacie > Ethernet Disk appliance I had lying around, but it turns out the > onboard SATA

Re: PC-Engines Wireless - PPPOE timeouts.

On 2016-12-15, Patrick Dohman wrote: > Stuart > > Please see below for more info: > > Please note the 5.7 dmesg is subsequent to a reboot. Thanks. I was wondering about a bug with LCP echoes I accidentally introduced that made it into 5.9 (fixed for 6.0). Nothing

Re: Encrypted data partition

On Thu, Dec 15, 2016 at 11:47:56AM +0100, Carsten Kunze wrote: > Julian Suschlik wrote: > > > What about an encrypted backup to the USB drive and restore on the other > > host? Preserves links and permissions. Can do deduplication and updates. > > Borgbackup does this.

Re: Encrypted data partition

Stefan Sperling wrote: > > So it would really be great to have an up-to-date EncFS... > > This might be a good opportunity for you to give ports development a go > ;-) I even would be interested, but I need it for both OpenBSD *and* NetBSD. A year ago I tried to update their

Openbgpd emulation on GNS3

Hi guys, I'm trying to emulate the Openbsd's Openbgpd on GNS3. Here is the topology for same: [image: Inline image 2] *My-bgp-router: 10.0.0./8 * *ISP1: 20.0.0./8 * *ISP2: 30.0.0./8 * *On the ISP machines I'm unable to recieve any

Re: How to make spamd more annoying ?

On 2016-12-13, Mik J wrote: > Peter, you use greylists but I read somewhere that gmail servers change their > IPs when they retry to send the mails. It used to be common to attempt a few deliveries from a "main" smarthost and then push to a "slow retry" host, it seemed that

Re: Encrypted data partition

Julian Suschlik wrote: > What about an encrypted backup to the USB drive and restore on the other > host? Preserves links and permissions. Can do deduplication and updates. > Borgbackup does this. You can carry binaries of the software for Linux and > OpenBSD on the

Re: How to make spamd more annoying ?

Op Wed, 14 Dec 2016 18:07:15 +0100 schreef Craig Skinner : On Tue, 13 Dec 2016 18:29:00 + (UTC) Mik J wrote: I use spamlogd so that every outgoing mail adds the remote mx IP in my whitelist. As with many domains, large mail services deploy/out source separate

Re: How to make spamd more annoying ?

On 2016-12-14, OpenBSD lists wrote: > > Beside, this is only enabled on my primary server, the secondary server > will still accept email where the sender doesn't listen for SMTP. A > legitimate email server would detect the failure and try again with the > next

Re: Encrypted data partition

On Thu, Dec 15, 2016 at 07:24:24AM +0100, Carsten Kunze wrote: > So it would really be great to have an up-to-date EncFS... This might be a good opportunity for you to give ports development a go ;-) http://www.openbsd.org/faq/ports/index.html

Re: Encrypted data partition

> Also in most cases ssh does not support changing mtime of symlinks, > which is required for fast data synchronization (compare mtime > instead of readlink). For this reason I even use USB when the two > systems are in the same network. > > So it would really be great to have an up-to-date

Re: PC-Engines Wireless - PPPOE timeouts.

> OpenBSD 5.7 (GENERIC.MP) #881: Sun Mar 8 11:04:17 MDT 2015 5.7 is not supported anymore. Besides that, there is a huge improvement of wireless stuff in -current. I can't believe you didn;t notice that. Are you serious by not upgrading?