Re: relayd https relay

2017-09-20 Thread rosjat
Hi there, ok I tried the with tls option and I can al least see relayd tries to send the request to the webserver. I still cant get a proper response from the webserver. When I do da simple rdr-to rule in pf it just works. Do I need to do some magic that I miss still? Regards MArkus Am 21.

Re: requesting help

2017-09-20 Thread Otto Moerbeek
On Thu, Sep 21, 2017 at 02:18:30AM +, Jules Gilbert wrote: > Can someone at OpenBSD help?? > > I recently switched over from FreeBSD to OpenBSD, I needed the bump up in > security. > Anyway, the dlfunc routine seems not to work in OpenBSD.  You know, this is > part of the dynamic library st

Re: relayd https relay

2017-09-20 Thread rosjat
Hi Ronan, thanks for the hint I'll give it a try! regards Markus Am 20.09.2017 um 21:30 schrieb Ronan Viel: Hi, This kind of config works perfectly on my box. I am not sure SNI has something to do here as relayd terminates the https connection, gets all the headers and reopens a new one. I

requesting help

2017-09-20 Thread Jules Gilbert
Can someone at OpenBSD help?? I recently switched over from FreeBSD to OpenBSD, I needed the bump up in security. Anyway, the dlfunc routine seems not to work in OpenBSD.  You know, this is part of the dynamic library stuff. And very recently I moved to the clang system, again something that wa

Re: LACP problem

2017-09-20 Thread Charles Lecklider
On 09/06/2017 04:07, Lyndon Nerenberg wrote: > The first step is to have the switch display its idea of the LACP > configuration and status. I haven't a clue how a TP-LINK does that, but on > our Junipers it's 'show lacp interfaces'. So I finally found my serial cable TL-SG3424#show lacp

Re: ping -R causes panic

2017-09-20 Thread Kapetanakis Giannis
On 20/09/17 19:25, Visa Hankala wrote: On Wed, Sep 20, 2017 at 02:26:56PM +0300, Kapetanakis Giannis wrote: I got this panic today after ping -R I don't run pfsync # ping -R www.google.com panic: kernel diagnostic assertion "m0->m_flags & M_PKTHDR" failed: file "/usr/src/sys/kern/uipc_mbuf.c",

Re: Problem IPSEC phase 2

2017-09-20 Thread Christiano Liberato
More information: The customer uses Mcafee Stonesoft. Phase 1 main auth hmac-md5 enc 3des group modp1024 lifetime 86400 Phase 2 quick auth hmac-md5 enc 3des group modp1024 lifetime 3600 psk Errors in the messages Sep 20 17:25:09 gw isakmpd[14702]: message_recv: cleartext phase 2 message S

relayd transparent don't work

2017-09-20 Thread Thuban
Hi, I'm using relayd to check headers before serving my website with httpd. I need to keep in httpd's logs the client IP address. So I try to use the "transparent" keyword in relayd.conf, but in this case, relayd doesn't work and I can't reach httpd. Here is the **not working** relayd relevant co

growisofs hangs closing disc

2017-09-20 Thread Allan Streib
Example, I was burning an Ubuntu .iso file, as follows: # growisofs -dvd-compat -Z /dev/rcd0c=ubuntu-16.04.3-desktop-amd64.iso Executing 'builtin_dd if=ubuntu-16.04.3-desktop-amd64.iso of=/dev/rcd0c obs=32k seek=0' /dev/rcd0c: "Current Write Speed" is 16.4x1352KBps. 34340864/1587609600 ( 2.2

Re: relayd https relay

2017-09-20 Thread Ronan Viel
Hi, This kind of config works perfectly on my box. I am not sure SNI has something to do here as relayd terminates the https connection, gets all the headers and reopens a new one. I just think you forgot the "with tls" in your forward directive below: relay "proxyssl" { listen on $gate

raid and crypto file system

2017-09-20 Thread Friedrich Locke
Hi folks, In the FAQ page, it is stated: Much like RAID, full disk encryption in OpenBSD is handled by the softraid(4) subsystem and bioctl(8) command. This section covers installing OpenBSD to a single encrypted disk, and is a v

Re: Wireless devices for a new product

2017-09-20 Thread Stuart Henderson
On 2017-09-19, Kevin Chadwick wrote: > > We are designing a PCB board that will run OpenBSD and wish to build in > wifi and 3g/UMTS/LTE devices whilst avoiding PCIEX as those are more > expensive than a module. .. > Are there any opinions on a reliable or best 3G/UMTS/LTE device. A > ublox device

Re: ping -R causes panic

2017-09-20 Thread Visa Hankala
On Wed, Sep 20, 2017 at 02:26:56PM +0300, Kapetanakis Giannis wrote: > I got this panic today after ping -R > I don't run pfsync > > # ping -R www.google.com > panic: kernel diagnostic assertion "m0->m_flags & M_PKTHDR" failed: file > "/usr/src/sys/kern/uipc_mbuf.c", line 1344splassert: pfsync_up

NetBSD-based system using MINIX3 microkernel announced by Andy Tanenbaum

2017-09-20 Thread SOUL_OF_ROOT 55
When most were thinking MINIX and its microkernel had never and were still nowhere going, due to all the reasons many would argue about, today I went for the first time ever to the Distrowatch's week news appendix: - http://distrowatch.com/weekly.php?issue=current#news and fate wanted me to bump

Re: OpenBSD router / firewall / gateway device

2017-09-20 Thread trondd
On Tue, September 19, 2017 10:25 pm, Usexy Nerd wrote: > https://beagleboard.org/x15 > > > What is BeagleBoard-X15? > > BeagleBoard-X15 is the top performing, mainline Linux enabled, > power-usersâ** > dream board with a core tailored for

Re: Wireless devices for a new product

2017-09-20 Thread Kevin Chadwick
On Tue, 19 Sep 2017 16:33:46 +0200 > On Tue, Sep 19, 2017 at 03:00:15PM +0100, Kevin Chadwick wrote: > > > > We are designing a PCB board that will run OpenBSD and wish to > > build in wifi and 3g/UMTS/LTE devices whilst avoiding PCIEX as > > those are more expensive than a module. > > > > I as

Re: relayd https relay

2017-09-20 Thread trondd
On Wed, September 20, 2017 8:10 am, Bryan Harris wrote: > I don't think you can know the host header unless you decrypt the https > using a certificate. It seems that idea would require SNI but I don't > know > if they have SNI in relayd/httpd. (I could be wrong about that.) > httpd has SNI, rel

Re: ping -R causes panic

2017-09-20 Thread Matthias Schmidt
Hi, On 20.09.2017 14:28, George Brown wrote: I can reproduce this after updating to the Sept 18th snapshot, I did not observe this on my Aug 20 snapshot install if that aids in narrowing down when this was introduced. I am by no means a kernel developer but I would assume that the bug has be

Re: ping -R causes panic

2017-09-20 Thread George Brown
I can reproduce this after updating to the Sept 18th snapshot, I did not observe this on my Aug 20 snapshot install if that aids in narrowing down when this was introduced. I suspect reporting this to bugs rather than misc may be a better course of action. https://www.openbsd.org/report.html On

Re: ping -R causes panic

2017-09-20 Thread Christer Solskogen
On Wed, Sep 20, 2017 at 1:26 PM, Kapetanakis Giannis < bil...@edu.physics.uoc.gr> wrote: > I got this panic today after ping -R > I don't run pfsync > Happens on my system as well, and I do run pfsync. OpenBSD 6.2-beta (GENERIC.MP) #104: Mon Sep 18 23:31:27 MDT 2017 dera...@amd64.openbsd.org

Re: relayd https relay

2017-09-20 Thread rosjat
Hi Brian, I know that scenario but I want to serve a individual certificate for every virtual host (httpd can do that) so I was looking for a simple relay by looking at the header but I might cant get it to work this way :( Am 20.09.2017 um 14:10 schrieb Bryan Harris: I don't think you can

Re: relayd https relay

2017-09-20 Thread Bryan Harris
I don't think you can know the host header unless you decrypt the https using a certificate. It seems that idea would require SNI but I don't know if they have SNI in relayd/httpd. (I could be wrong about that.) In mine I have listen on $ext_addr port 443 tls. Then exists /etc/ssl/ipaddr:443.cr

ping -R causes panic

2017-09-20 Thread Kapetanakis Giannis
I got this panic today after ping -R I don't run pfsync # ping -R www.google.com panic: kernel diagnostic assertion "m0->m_flags & M_PKTHDR" failed: file "/usr/src/sys/kern/uipc_mbuf.c", line 1344splassert: pfsync_update_state: want 1 have 256 pStopped at db_enter+0x5: popq%rbp T

Re: relayd https relay

2017-09-20 Thread rosjat
there is of course a tls to much in the config its just relay "proxyssl" { listen on $gateway port https protocol "httpproxy" forward to port https } Am 20.09.2017 um 10:19 schrieb rosjat: Hi there, just a simple question about the  relaying of https connections.

relayd https relay

2017-09-20 Thread rosjat
Hi there, just a simple question about the  relaying of https connections. Is it possible to simple pass the https traffic to the webserver with relayd? My naive approach was simply checking the host name in the header and then forward it to http or https port. This works for http  but with h

pfstat -f hangs

2017-09-20 Thread Christer Solskogen
On a pretty current machine (15th of september) the command pfstat -f /var/db/pfstat.db seems to hang. I've stopped all cron jobs regarding pfstat. I'm not that familiar with ktrace and kdump, but this it the three last lines: 30126 pfstat CALL mmap(0,0x5000,0x3,0x1002,-1,0) 30126 pfstat RET