Re: Vlan tagging and Carp

On Wed, 2008-03-26 at 10:01 -0400, G 0kita wrote: --- Nah, a /29 is the smallest WAN space you can use for a CARP <-> CARP (or HSRP/VRRP) Ethernet WAN transport. If you have that budget and business need, then you can afford the hardware and IP space. Remember, you can always use _RFC1918 privat

Re: configuration tweaks for CF-based systems?

___ > You rock. That's why Blockbuster's offering you one month of Blockbuster > Total Access, No Cost. > http://tc.deals.yahoo.com/tc/blockbuster/text5.com > -- Brian A. Seklecki <[EMAIL PROTECTED]> Collaborative Fusion, Inc.

Re: nagios monitoring of a remote openntp service

anybody gotten Nagois' check_ntp_* to play nicely with a remote > >> openntp service ? It appears to rely upon services not implemented > >> in openntp ? > > > > this is against an OpenNTP server; > > > > <[EMAIL PROTECTED]:12>$ /usr/local/libexec/

Re: snmpd

Its just not been at the top of my priority list. -- Brian A. Seklecki <[EMAIL PROTECTED]> Collaborative Fusion, Inc.

Re: Mbufs tunning

On Fri, 2007-03-16 at 18:30 -0300, Gustavo Rios wrote: > Dear gentleman, > > when i execute some command on my server box, i got a complain about > not enough buffer available. For instance. > > $ rusers > rusers: can't send broadcast packet: No buffer space available > $ netstat(8) -m gives som

Re: sshd configure howto

>From an architecture standpoint, It wouldn't be within the mandate of sshd(8) anyway. You'd accomplish this using some userland resource quota enforcement policy (max number of processes, max instances of a shell). Hell you could do it in /etc/profile or ~/.cshrc I don't know of one OTTMH, bu

[EMAIL PROTECTED] list archives in file format?

Does anyone have a personal archive that they can export via MUA and share? Is there a way to ask Majordomo for it (playing with the 'get' command now) I'm doing some number crunching and analysis and I'd like a few year-long data sample. TIA, l8* -lav

Re: OpenBGPD MIB

n you give me some links or tell the way you do such things ? > > > > ps. yeah, I know I can write my own, but I hope not to be > > Christopher Columbus :) > > dirty hack would be net-snmpd and lots of 'exec' OIDS > -- Brian A. Seklecki <[EMAIL PROTECTE

Re: GRE over IPsec

I ran into some kernel panics (watchdog reset) with GRE + ESP/Transport (or ESP+GRE) back in the day. It was related to MTU assumptions etc. There was a sendbug(8) related to it. Google "seklecki gre ipsec openbsd" http://archives.neohapsis.com/archives/openbsd/2006-01/0623.html etc... On Su

Re: Widescreen flat panel

xinit -- -logverbose 9 -verbose 9 && send the EDID info? Try a liveCD that that has the 'nvidia' binary driver and see if they have support yet, it may be a simple hack. ~BAS On Sat, 2007-03-31 at 18:46 +0200, Eric Dillenseger wrote: > Hi, > > I just bought a 22 inches 16/10 flat panel. > Saddl

Re: Widescreen flat panel

DDC/EDID can be a killjoy. I want to say that there was an Option "NoEDID" "true" ~~BAS On Sat, 2007-03-31 at 21:09 +0200, Eric Dillenseger wrote: > (II) NV(0): Supported VESA Video Modes: > (II) NV(0): [EMAIL PROTECTED] > (II) NV(0): [EMAIL PROTECTED] > (II) NV(0): [EMAIL PROTECTED] > (II) NV(

Re: Ralink pci on spark64?

It would help to see the dmesg(8) output of the card on a supported platform. Do you mean ral(4)? Many PCI drivers will just-work. ~BAS On Sat, 2007-03-31 at 16:12 +0200, Maxim Belooussov wrote: > Hi, > > I plan to turn my Sun Ultra 10 into a firewall/access point using a > supported Ralink PCI

Re: lsi logic sparc64 config?

megarc(8) has been ported to some non-Linux platforms. MegaCli runs in emulation mode in others (dirty dirty hack). The best bet is a bio(4) interface or a hardware raid that has a non-BIOS/proprietary CLI management interface. ~BAS On Sat, 2007-03-31 at 14:37 +1000, David Gwynne wrote: > On 31

Re: 4 port router card

omething I need to change to get openbsd to recognize > the additional ports. > > I've read that there may be problems with 'older' computers. I have > this > in a PIII - perhaps that would qualify as 'older' ? > -- Brian A. Seklecki <[EMAIL PROTECTED]>

Re: 4 port router card

http://xorg.freedesktop.org/archive/X11R6.8.0/doc/scanpci.1.html On Mon, 2007-04-30 at 14:14 -0400, Bret Lambert wrote: > On Mon, 2007-04-30 at 14:03 -0400, Brian A. Seklecki wrote: > > Full lspci(8) / pciconf(8) and dmesg(8) output would help us answer the > > question.

Re: dual g4 needed for hackathon

0200, Mark Kettenis wrote: > the Calgary or Edmonton area that can loan us a dual g4 machine end -- Brian A. Seklecki <[EMAIL PROTECTED]> Collaborative Fusion, Inc. IMPORTANT: This message contains confidential information and is intended only for the individual named. If the reader of thi

Re: pf state limits

ht be and how I can monitor the system to see where I'm at in relationship to the max (if there's no hard number, I'm guessing the number depends on hardware and other system options that affect kernel memory). --Bill l8* -lava (Brian A. Seklecki - Pittsburgh, PA, USA)

Re: PF keep state does'nt like Mandriva2007

(Brian A. Seklecki - Pittsburgh, PA, USA) http://www.spiritual-machines.org/ "Guilty? Yeah. But he knows it. I mean, you're guilty. You just don't know it. So who's really in jail?" ~James Maynard Keenan

Re: About pf states

l see that they deal with this by a global "pass out keep state" rule. Try adding this to your ruleset after your "block in log all" If you were to argue that pf.conf(5) is unclear on this point, especially where it it says By default, packets coming in and out of any in

Re: PF set state-policy

ur ruleset explicitly denies outgoing packets on the interface then in my understanding these will be dropped. Tim -- Darksun rising over blood red sea l8* -lava (Brian A. Seklecki - Pittsburgh, PA, USA) http://www.spiritual-machines.org/ "Guilty? Yeah. But he k

Re: keep state in pf

intruding packet trying to hijack the transfer. This is not substantiated at all though. Has anyone else experienced this problem or seen documentation on it? If there is no documentation, I'm going to submit it as a bug. Thanks... -Lawren l8* -lava (Brian A. Seklecki - Pittsburgh, PA, US

Re: Media Proxy In OpenBSD

> Regards, > Demuel > -- Brian A. Seklecki <[EMAIL PROTECTED]> Collaborative Fusion, Inc. IMPORTANT: This message contains confidential information and is intended only for the individual named. If the reader of this message is not an intended recipient (or the individual

Re: OpenBSD router playing up

s this seem like something else?? Any advice would be greatly appreciated! Post your dmesg, the contents of /etc/pf.conf and your BGP configuration file. Doing so will not solve your issue but it will give other members of the list more information about your setup. l8* -lava (Brian A. Seklec

Kernel MINIROOTSIZE > 8192 = No Boot

ed it on an AMD Athalon, an AMD Geode, and a VMWare machine. l8* -lava (Brian A. Seklecki - Pittsburgh, PA, USA) http://www.spiritual-machines.org/ "Guilty? Yeah. But he knows it. I mean, you're guilty. You just don't know it. So who's really in j

Re: Kernel MINIROOTSIZE > 8192 = No Boot

e bsd-appliance project. I've tested it on an AMD Athalon, an AMD Geode, and a VMWare machine. l8* -lava (Brian A. Seklecki - Pittsburgh, PA, USA) http://www.spiritual-machines.org/ "Guilty? Yeah. But he knows it. I mean, you're guilty. You just don&#x

Re: AMD64 raid setup SATA - dmesg error/warning

onnecting to wsdisplay0 uhidev1 at uhub0 port 5 configuration 1 interface 1 uhidev1: Logitech Logitech USB Keyboard, rev 1.10/15.00, addr 2, iclass 3/0 uhidev1: 3 report ids uhid0 at uhidev1 reportid 1: input=2, output=0, feature=0 uhid1 at uhidev1 reportid 2: input=1, output=0, feature=0 ums0 at u

Re: Kernel MINIROOTSIZE > 8192 = No Boot

Just recompiled with: #define NKPTP_MIN 8 #define NKPTP_MAX 191 Same result. Thank you though. We'll revisit it in the future when the money is available? ~BAS On Thu, 7 Jun 2007, mickey wrote: On Wed, Jun 06, 2007 at 01:39:47PM -0400, Brian A. Seklecki wrote: Th

Re: Problem installing 4.1/sparc64 on Sun Blade 100

Could it be memory ? hard disk ? Box has a 256mb + 512mb , and i don't know a way to test this memory without os on the box. Smth like memconf There should be a memtest_obp_sparc whatever -- there's already one for the OBP platform on the Apple PowerPC platform. Most Sun shops have everythi

Re: Kernel MINIROOTSIZE > 8192 = No Boot

It works; free beer on me for all on me ... (Columbia maybe) Thanks again, ~BAS On Thu, 7 Jun 2007, mickey wrote: On Thu, Jun 07, 2007 at 11:52:24AM -0400, Brian A. Seklecki wrote: Just recompiled with: #define NKPTP_MIN 8 #define NKPTP_MAX 191 Same result. Thank you

Re: Sometime NAT, sometimes NOT?

On Fri, 8 Jun 2007, Geraerts Andy wrote: We have an OpenBSD firewall running for a while now. Since a few days we encounter some sort of selective natting. I try to ping a host, I get reply, and 2 minutes later I try to ping the same host and I dont get replies. So despite the state being c

OpenBSD 4.0/i386 w/ raid(4) ISO (-stable w/ RAIDFrame)

ources. Tags: -r "OPENBSD_4_0", -D "11/06/06 10:58:26 EST". http://people.collaborativefusion.com/~seklecki/openbsd_4.0_stableUpdate_wRAIDFrame.iso SHA1: b7e33764ab96e1a2db0d125d07e9628367680858 Size: 175331328 -- Brian A. Seklecki <[EMAIL PROTECTED]> Collaborative Fusion,

Re: OpenBSD 4.0/i386 w/ raid(4) ISO (-stable w/ RAIDFrame)

On Wed, 13 Dec 2006, Brian A. Seklecki wrote: > All: > BTW, it is far from optimal, but the following BRE works: DKDEVS=$(scan_dmesg "${MDDKDEVS:-/^\(rai\)*[sw]*d[0-9][0-9]* /s/ .*//p}") ...because saying: "may contain one \(rai\)* or more, but not either, and (or?)...

Re: openbsd 4.0 snmpd core dumps with vlan interface number higher as 9

) if i destroy vlan10 it works again. the core dump is here http://www.tbits.org/snmpd.core.gz Have everyone an idea ? Thx Thomas l8* -lava (Brian A. Seklecki - Pittsburgh, PA, USA) http://www.spiritual-machines.org/ "...from back in the heady days when &quo

nagios check_carp for OpenBSD carp(4)

and one interface in a SLAVE state; all other are in that state. Perhaps 4.0 features such as interface groups and multi-routing tables will change that. Other ideas? -- Brian A. Seklecki <[EMAIL PROTECTED]> Collaborative Fusion, Inc.

Master ${SKIPDIR} manifest

Is anyone maintaining a ${SKIPDIR} manifest? A master list of source directories, organized logically by subsystem? Something to match the variety of make.conf(5)/mk.conf(5) knobs in other systems? l8* -lava (Brian A. Seklecki - Pittsburgh, PA, USA) http

Re: searching a good MRTG/SNMP configuration

0:45:05 (MSK) l8* -lava (Brian A. Seklecki - Pittsburgh, PA, USA) http://www.spiritual-machines.org/ "...from back in the heady days when "helpdesk" meant nothing, "diskquota" meant everything, and lives could be bought and sold for a couple of pages of laser printout - and frequently were."

Re: External 250Gb USB Disk with three FAT32 partitions, device not configured

sdX device (except of sd0 with are the device of the external usb box that runs ok) is Device not configured. A lot of thanks -- Angel Sancho Alvarez l8* -lava (Brian A. Seklecki - Pittsburgh, PA, USA) http://www.spiritual-machines.org/ "...from back in the heady da

Re: Speedtouch modem and PPPoA

On Mon, 5 Feb 2007, Luca wrote: Hi all, I installed for the first time the Speedtouch 330, compiled the source code (http://speedtouch.sourceforge.net/index.php?/index.en.html), installed the firmware...launched the script...it takes about 10 minutes to bring up the tun0 interface and get a vali

mk.conf(5) note about ${SKIPDIR}

>:} I'll sendbug(1) l8* -lava (Brian A. Seklecki - Pittsburgh, PA, USA) http://www.spiritual-machines.org/

Re: SSH client (putty) hangs after name/password login

I tried the above (see link) but still it won't work... Does the privsep sshd(8) process spawn on the server? Does that spawn a login shell of the associated user? pstree(8) will show. Also, fire up debugging levels? #LogLevel INFO -> DEBUG, DEBUG1, DEBUG3 etc. ~BAS help ! re

Re: SSH client (putty) hangs after name/password login

Hello Brian, Not quite sure what you mean with pstree...don't know the command and no 'man pstree' on my 3.8 system..? It's in the psmisc/ package Note that I no problems logging into the system while on the local network (doing this via a PC that I remotely manage). When I do a SSH session (

Re: SSH client (putty) hangs after name/password login

On Tue, 6 Feb 2007, forums wrote: Hello, That was my first guess as well...For that reason I set the option UseDNS NO Yea. When DNS times occur, the login process never completes. In fact, before the prompt appears the timeour occurs. AS

Master ${SKIPDIR} manifest (fwd)

nsive) attempt reduces build sizes: # du -hs /usr/obj/ /usr/destdir /usr/releasedir/ 475M/usr/obj/ 243M/usr/destdir 104M/usr/releasedir/ (Down from the usual 850m+ obj/, etc.) ~BAS -- Forwarded message -- Date: Mon, 5 Feb 2007 01:06:07 -0500 (EST) From: Brian A. Seklecki &l

Building bsd.rd in cdrom39.fs with RAIDFrame

.fs as your '-B'. You may now safely burn a CD-R for binary upgrades of existing RAIDFrame enabled OpenBSD systems, or use your .ISO with your DRAC card via remote media. l8* -lava (Brian A. Seklecki - Pittsburgh, PA, USA) http://www.spiritual-machines.org/ "...

Re: Building bsd.rd in cdrom39.fs with RAIDFrame

R}/../sys/arch/i386/compile/GENERIC.MP+RAIDFRAME && \ ${MAKE} clean && ${MAKE} depend && exec ${MAKE} notes: -- On Fri, 8 Sep 2006, Brian A. Seklecki wrote: One of the big problems with RAIDFrame support absence in GENERIC is that it's also lacking in RAMDISK and R

carp(4) debugging

elp debug the decision making algorithm used in master/standy/backup election process. Certainly a way to log events (interfaces, etc.) and the resulting actions taken by the code would be useful in mission critical environments. Anything beats "tcpdump 'proto carp'&q

Re: carp(4) debugging

number of max states (set limit states 20, etc.) ~BAS On Wed, 11 Oct 2006, Ryan McBride wrote: On Tue, Oct 10, 2006 at 05:50:50PM -0400, Brian A. Seklecki wrote: Certainly a way to log events (interfaces, etc.) and the resulting actions taken by the code would be useful in missio

Re: ports question

and so the screen just keeps right on trucking and you don't have time to read it. Is there some command or somewhere you can go to see what the message was? --Bryan l8* -lava (Brian A. Seklecki - Pittsburgh, PA, USA) http://www.spiritual-machines.org/ "...fr

Re: Annoying echoes in console DRAC III/XT on DELL Poweredge

The thing emulates a USB keyboard. Trying toggling legacy emulation mode in the BIOS. ~BAS On Thu, 2005-12-01 at 03:55, Xavier MilliC(s-Lacroix wrote: > Hello, > > I 'm trying to install OBSD 3.8 on a Dell Poweredge 750 server using the Card > DRAC III/XT (provides remote console/screen). > But

Re: multiple Local-IDs for isakmpd

I opened a PR on this earlier this year. Seach my last name in query-pr. The Cisco 3000 supports SA Proposals with multiple discontiguous subnets. ~BAS On Tue, 2005-06-07 at 20:54, Tamas TEVESZ wrote: > hi, > > i have a situation where a branch office with multiple, > non-overlapping, non-aggr

PF NAT Address Pool Source Interface

All: It may seem rudimentary, but no where in the FAQ or man pages is it explicitly stated that the source address or address pool of a NAT translation must be assigned to an interface. Obviously it can be either be a primary address (such as 99.9% of the PAT configurations on the Internet)

Re: OpenBSD 3.8 and Dell 1850 with PERC4/DC controller

I've only had the priv. to run OpenBSD on the 750 and 850 1Us from Dell. However I have a number of FreeBSD 5.3x hosts on single and dual-proc 1850 models, some with RAID and some with standard SCSI. The standard SCSI config (on which I run software RAID) probes as: NAME mpt(4) -- LSI F

*STUPID* IPSEC Routing Bug - No Default Gateway?!

All: I'm CC'ing everyone who has previously posted the "destination host unreachable" behavior when setting up a generic 4-host IPSec VPN tunnel config per the template in vpn(8) / isakmpd.conf(5). NOTE: This is not the "I can't ping the other side of the tunnel from the remote gateway becau

Re: *STUPID* IPSEC Routing Bug - No Default Gateway?!

> no, you just need a route to the destination, this is a known a route to the destination of the tunnel...(that overlaps with the encap route...)... > but and there's no simple fix. however, just create a network > route for the peer that points back to the sender. this way ...or a route to th

Re: UltraSparc documentation

> There is the (expensive) Real Weasel for x86 kit, Dell's crappy lights DRAC/4 isn't that bad >:} You can always use serial console redirection on the 1850s/2850s; it works well until OS boot (BIOS menus works, RAID, IPMI menus), when you have to setup serial console redirection on the boot load

Re: RAIDframe issues on 3.8

> started filing PR's for RAIDframe stuff in OpenBSD -- there have been > a lot of changes/fixes to RAIDframe in the last 5 years that aren't I have $100 via Paypal for the person who commits RAID enabled boot blocks for Sparc[64] and i386/amd64 on OpenBSD. I have an $100 additional via Paypal

Re: OpenBSD beep

PC speaker beep (something action on the console?) Or possibly hardware alarm? ~BAS On Sat, 2005-12-17 at 09:12, dimaz wrote: > I've installed OpenBSD on my small server, before on server was linux, > and 2-3 times a day my server beeps (3 times)... > What does it mean? And how I can control th

Re: isakmpd + gre crashing on OpenBSD 3.8

But as soon as I start an scp from Perspex to Soekris, Perspex reboots after a few hundred kb. Unfortunately, Perspex is in a datacenter and I do not have console access to it to see what the heck is happening at that exact moment. I don't recall. But for the record (IPSEC inside GRE): If the

Re: Annoying echoes in console DRAC III/XT on DELL Poweredge

d get MUX'd in. Compile a kernel w/o wscons or wskbd? I dunno. I'd really have to play with it. All that I can personally attest to is: It works fine with Drac/4 on FreeBSD 5.x =/ ~BAS > > -Message d'origine- > De : Brian A. Seklecki [mailto:[EMAIL PROT

Re: ipmi(4) (IPMI MIB?)

All: Regarding the future of IPMI and SNMP, where do they intersect in the evolution of enterprise free software (aka, BSD) ? Specifically, the OpenBSD implementation we're seeing here seems to provide sysctl style access to Sensor data, watchdog info, etc., but what about other IPMI functio

IPMI / SNMP / MRTG (WAS: RE: ipmi(4) (IPMI MIB?))

On Thu, 26 Jan 2006, Bruce Shaw wrote: We've actually got several different problems here. Specifically, the OpenBSD implementation we're seeing here seems to provide sysctl style access to Sensor data, watchdog info, etc., but what about other IPMI functions? I've been working on better sen

Re: IPMI / SNMP / MRTG (WAS: RE: ipmi(4) (IPMI MIB?))

On Fri, 3 Feb 2006, Marco Peereboom wrote: What's wrong with? # sysctl hw | grep ipmi hw.sensors.0=ipmi0, Temp, OK, temp, 43.00 degC / 109.40 degF hw.sensors.1=ipmi0, Planar Temp, OK, temp, 30.00 degC / 86.00 degF hw.sensors.2=ipmi0, CMOS Battery, OK, volts_dc, 3.12 V hw.sensors.3=ipmi0, Front F

Re: snmpd

> > Tim > > - Original Message > > From: Brian A. Seklecki <[EMAIL PROTECTED]> > > To: Tim Kuijsten <[EMAIL PROTECTED]> > > Cc: misc@openbsd.org > > Sent: Friday, May 9, 2008 1:35:46 AM > > Subject: Re: snmpd > > > > > >

sshd_config(5) PermitRootLogin yes

Am I reading this right? http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/sshd_config?rev=1.80&content-type=text/x-cvsweb-markup I dont have a fresh install anywhere -- but I want to say that it doesnt default to PermitRootLogin yes after the install. I remember that I filed PRs with Fre

Re: sshd_config(5) PermitRootLogin yes

On Thu, 10 Jul 2008, Brynet wrote: The keyword here is *default*. Say you installed OpenBSD on a soekris, it's nice having root enabled "temporarily". That way you can login at a later time, create a lesser privledged account, On Soekris, does the first boot console access not function pro

Re: sshd_config(5) PermitRootLogin yes

afterboot(8) covers this Works for me, I guess. =/ ~BAS http://www.openbsd.org/cgi-bin/man.cgi?query=afterboot&apropos=0&sektion=0&ma npath=OpenBSD+Current&arch=i386&format=html

Re: sshd_config(5) PermitRootLogin yes

ikely the rationel why the rest of the projects changed it. ~~BAS On Thu, Jul 10, 2008 at 10:35:06AM -0400, Brian A. Seklecki wrote: Am I reading this right? http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/sshd_config?rev=1.80&content-type=text/x-cvsweb-markup I dont have a fres

Re: sshd_config(5) PermitRootLogin yes

does anything other than make mgmt types worry because they don't really understand security. On Thu, Jul 10, 2008 at 01:38:22PM -0400, Brian A. Seklecki wrote: On Thu, 10 Jul 2008, Marco Peereboom wrote: Of course it is enabled by default. Why do I want a box that is freshly insta

Re: contact info for PC Weasel?

On Wed, 2008-08-06 at 13:58 -0700, Chris Cappuccio wrote: > spend your money on a motherboard with serial console. like a supermicro > board or something. you'll be happier. No offense but: No. No you wont. Unless you have IPMI or something like Dell's DRAC (4, not 5 -- 5 sux big time). The A

Re: isakmpd

wiki somewhere with lots of known-good-working isakmpd(8) / isakmpd.conf(5) examples. ~BAS > I think i have seen some sample config before but i cant seem to find any > now.. > > Any help would be appreciated.. > > /Daniel > -- Brian A. Seklecki <[EMAIL PROTECTED]>

Re: recommendation for router (COMMELL)

> "What *would* you recommend?" > > In addition to the listed duties, I am looking for stability, For a mail server appliance, Axiomtek units are the only way to fly. Try the NA-820. We've been nothing but pleased, and of all the cheap Award/AMI BIOS's, theirs has been the best performing so f

Re: LDAP and OpenBSD

On Fri, 2008-10-10 at 19:52 +0200, raven wrote: > I'm thinking how my users into an ldap db can login into my openbsd One would need NSS_LDAP and PAM_LDAP, which requires PAM and NSS infrastructure in-tree. Likely you'd want to sponsor development for something like that. ~BAS

Re: logging smtp connections

On Sat, 2009-05-02 at 05:06 -0500, Robson Caetano wrote: > Hi > > I would like to log From:, To: and Subject: fields of > every SMTP connection to my internal SMTP server > that is passed by the openbsd firewall. > You're better off doing that within your MTA. Courier has a Big Brother feature:

Re: unable to redirect port 443 from the internet to an internal server

On Wed, 2009-06-10 at 09:24 -0700, Journey Man wrote: > Yet another rule that redirects port 1443 to port 443 works: Try tcpdump: % sudo tcpdump -i $ext_if 'port 443' Then try to re-create the TCP socket from a 3rd party remote host. See if the syn packet comes in. If not, then your ISP could

Re: Server trouble shooting

> Since I can't connect > successfully via ssh is there anything else I could be doing remotely? ...you could be researching a Lights-out-Management solution for your server (Dell DRAC, Sun LOM). Best all-around solution is a PC-Weasel (realweasel.com) connected to the system next to it (Or a R

Re: OpenBSD 4.2 hardware recommendation

On Sat, 3 Nov 2007, Martin Schrvder wrote: > > You don't need one computer with two discs and two psus; instead get > two systems and use carp to get HA. Also 2GB for a firewall is > overkill. Spend the money on the NICs instead. If he's going to be doing local processing of pcap(4) data into som

Re: OpenBSD 4.2 hardware recommendation

If he's going to be doing local processing of pcap(4) data into some pcap(3), of course, is what I meant >:}

Re: OS not seeing all RAM (1GiB less)

On Mon, 2007-11-12 at 22:40 -0500, C Thala wrote: > What would cause an 4.1 machine running on a Dell PowerEdge 1950 to see only > 3,220,439,040 bytes of RAM as opposed to the 4GB that it really has > (confirmed by BIOS)? A little something-something called PAE. You're probably running 4.1/i386?

Re: snmpd on current

On Wed, 21 Nov 2007, Insan Praja SW wrote: Date: Wed, 21 Nov 2007 18:45:47 +0700 From: Insan Praja SW <[EMAIL PROTECTED]> To: "misc@openbsd.org" Subject: snmpd on current Hi all, I'm currently running 4.2-current and installing net-snmp-5.4.1 from ports (updated). Something is wrong, when I ru

Re: Site-to-site IPSec VPN between OpenBSD and Cisco PIX 515E

On Thu, 22 Nov 2007, Shohrukh Shoyoqubov wrote: Date: Thu, 22 Nov 2007 09:46:54 +0500 From: Shohrukh Shoyoqubov <[EMAIL PROTECTED]> To: misc@openbsd.org Subject: Re: Site-to-site IPSec VPN between OpenBSD and Cisco PIX 515E From which machine do I have to do "ping -I A.B.C.D E.F.G.H" pf has d

Update RAIDFrame-Enabled ISO for 4.2

Updated diff, ISO image, build instructions. http://people.collaborativefusion.com/~seklecki/obsd_wRAIDFrame.html Note: There's a small problem with my regex in install.sub that prevents scanning of RAIDFrame boot lines in dmesg.boot. The work-around from the bsd.rd shell is to: $ export MD

Re: VPN Concentrator

On Fri, 30 Nov 2007, Khalid Schofield wrote: Hi, I'd like to make a VPN Concentrator using openbsd. I want users to be able to authenticate using usernames and passwords and to either nat the users or give them an ip from our main dhcp server via a bridge. That's a tall order. In Cisco-land a

Re: pflog filling up /var mount every 2-3 days!

On Fri, 30 Nov 2007, Jake Conk wrote: Hello, I have my /var partitioned out to be 150mb which I thought was a You're probably getting a lot of log hits on a "default block log all" at the end of your rules. You can prevent a lot of crud by doing "block quicks" w/o log statements for the fo

Re: no 4.2-stable package updates??

7;m not supposed to use 4.2 stable system > > with current ports. > > Personnaly, I use -current (base+packages) everywhere. > But this is just me. > -- Brian A. Seklecki <[EMAIL PROTECTED]> Collaborative Fusion, Inc. IMPORTANT: This message contains confidential information

Re: no 4.2-stable package updates??

> > critical patches, and those should be pulled into 4.2-stable. > > Unfortunately, it isn't that easy. Some updates imply updates of > depending ports (e.g. poppler and evince), which may imply further > updates of dependencies. So you'll end up with -current -- more or > less, including more up

Re: Had a strange problem with CARP preemption

On Thu, 2007-12-20 at 15:31 +1100, Dave Harrison wrote: > Because carp doesn't log it's state changes etc, I've been writing the Over Christmas, I may backport the FreeBSD carp(4) logging improvements and submit them with kernel/5512. ~BAS

Re: Trouble Installing OpenBSD 4.2 stable

On Fri, 2007-12-28 at 17:16 -0600, Alan Hamlett wrote: > Currently running OpenBSD i386 3.8 with one 20GB IDE drive at wd0a and > one 250gb IDE drive all partitioned for bsd. > > Trying to install OpenBSD i386 4.2 from install42.iso by trading the > 250gb drive for a cd-rom drive. > > I keep gett

Re: PF Queue on a GROUP of nics?

On Mon, 2008-10-06 at 16:39 +1100, Sunnz wrote: > Is it possible? > > Say I have a few nics of the same group... dc0 dc1 dc2 dc3... which > all belong to a group "dc". Sunnz Do you mean a "shared queue" where "downstream" bandwidth from a single "upstream" interface is proportionally divided int

Advanced Queuing: Host-Only Stateful Inspection and Queues

[Long Message Disclaimer] All: I was just looking over Peter Hansteen's PF book -- It's a great reference, but the coverage on QUEUING is limited (6 pages of ~150). I was hoping to find an answer to a question there-in, that I had back in 2006 when I filed system/4574 -- but with behind me, I w

Re: Can't SSH into CARP'd system from the outside

On Mon, 2008-10-20 at 14:19 -0700, Vivek Ayer wrote: > So far, I can't ssh into the carp from the outside, can't ntp from the Try: % sudo tcpdump -ttt -e -vvv -n -i pflog0 -s 1024 -- Brian A. Seklecki <[EMAIL PROTECTED]> Collaborative Fusion, Inc. IMPORTANT: Th

Re: 4.3-stable panics on a Soekris net-5501

> Today I was dumping files from a wd0 disk to a mountpoint on sd0 disk > (external USB). I "accidently" unplugged the power cable of sd0 disk and That is generally considered the proper / pragmatic behavior. FreeBSD Foundation is sponsoring development to change this behavior to to some sort of

Transport Mode ipsec(4) and inet6(4) gre(4) (WAS: isakmpd + gre crashing)

006, at 4:41 PM, Brian A. Seklecki wrote: But as soon as I start an scp from Perspex to Soekris, Perspex reboots after a few hundred kb. Unfortunately, Perspex is in a datacenter and I do not have console access to it to see what the heck is happening at that exact moment. I don't recall.

Re: Transport Mode ipsec(4) and inet6(4) gre(4)

I haven't looked if we have support, but gre(4) w/ ipv6 address and stf(4) seem to be best options out there for secure v6 tunnels. That sounds... bizarre. According to ipv6book.ca, M. Blanchet. It's a good read, except OpenBSD/NetBSD are neglected (probably becase of the stf(4)/6to4(4) ab

sudo 1.6.9p20 patch in OPENBSD_4_3 and OPENBSD_4_4

All: Do we want to slip this into presently supported branches containing 1.6.9p17? It's a quick patch: http://www.sudo.ws/cgi-bin/cvsweb/sudo/parse.c.diff?r1=1.160.2.21&r2=1.160.2.22&only_with_tag=SUDO_1_6_9 I tested it on -rOPENBSD_4_3. Just be sure to nuke the version string. $ more sudo_

Re: Multiple IPSec-tunnels and load balancing

On Tue, 2009-06-30 at 11:15 +0200, u...@o3si.de wrote: > Is it possible to load balance / failover the traffic over IPSec? If > so, > should I use GIF for load balancing / routing? That's what Cisco DMVPN is, as far as I can tell. Was just reading about it. You're talking about GRE tunnels to tw

Re: LaCie

On Tue, 2009-08-04 at 13:53 -0300, Marcos Laufer wrote: > Hello, has anyone had any experience with LaCie Raid and Storage very Feng shui ~BAS "I'm the kind of Mac-using sociopath that looks at an external NAS and asks: 'What kind of RAID array defines me as a person?'"

Re: cell card on vaio p

On Fri, 2009-10-30 at 12:01 -0700, Lawrence-Sporkton wrote: > I believe its the Gobi 1000 or Gobi UNDP-1 which appear to be the same > device Very odd. This is a CDMA/3G/GSM/EVDO modem? Normally they show up as PCMICIA, USB, or PCI Serial devices. A lot of times the PCMCIA ones present a USB Ho

Re: Starting a Radius / Nas in openbsd

On Fri, 2009-10-30 at 22:08 +0100, C. Diego Raffaelli A. wrote: > Any idea? Am i right using OpenBSD and trying to use Radius and/or > NAS?? RADIUS Authentication and RADIUS Accounting are what you want, but that's off-topic for this list. Look in ports for RADIUS servers. Good luck. ~BAS

Re: ipsec(4) routing for a branch offices

g the tunnel. > > Mitja > > > -Original Message- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > > On Behalf Of Brian A. Seklecki > > Sent: Thursday, October 18, 2007 2:02 AM > > To: misc@openbsd.org > > Subject: ipsec(4) routing for a bra

CEF / MLS (WAS: Re: em(4) - IFCAP_VLAN_MTU & IFCAP_VLAN_HWTAGGING ?)

On Mon, 2007-10-22 at 00:12 +0100, Tony Sarendal wrote: > On 10/21/07, Henning Brauer <[EMAIL PROTECTED]> wrote: I'll throw this out there since its been something on my mind for a while: Hardware VLAN tagging, TOE offload, IP/UDP/TCP Checksum offload, interface polling are all ways to accelerate

<    1   2   3   >