Re: pf state-table-induced instability

On Thu, Aug 24, 2023 at 12:31 PM Lyndon Nerenberg (VE7TFX/VE6BBM) wrote: > For over a year now we have been seeing instability on our firewalls > that seems to kick in when our state tables approach 200K entries. > The number varies, but it's a safe bet that once we cross the 180K > threshold,

Re: pf state-table-induced instability

On Thu, Aug 24, 2023 at 2:57 PM Gabor LENCSE wrote: > I used OpenBSD 7.1 PF during stateful NAT64 benchmarking measurements > from 400,000 to 40,000,000 states. (Of course, its connection setup and > packet forwarding performance degraded with the number of states, but > the degradation was not

Re: Feedback on redesigned OpenBSD.org

On Wed, Aug 9, 2023 at 3:12 PM wrote: > Child Pages. > > I'd like to draw peoples attention to the child pages of > my redesign. > > Just a few examples (but note, ALL child pages have been > updated with new design): > > A. FAQ > > before: http://www.openbsd.org/faq/index.html > after:

VPN and Forwarding Performance (was Selecting a 10G NIC)

On Fri, Feb 17, 2023 at 11:28 AM Hrvoje Popovski wrote: > On 17.2.2023. 18:29, Nicolas Goy wrote: > > I know this question has been answered multiple times, but I wonder if > > things changed with 7.2. > > > > Which NIC would provide the best performance with 10G physical layer > > with open bsd?

Hyper-V and Intel 10Gbe NIC DDA/Pass-Through

Has anyone done this successfully with OpenBSD? I’m not looking for SR-IOV via a Virtual Function (VF) device like iavf(4) (although I might try this route, but I think there’s no VF support for this NIC in OpenBSD). I’d like OpenBSD to see this as a native Intel X552 NIC and use the ix(4)

Re: Openbsd pf firewall ipv6 routing

On Thu, Jul 29, 2021 at 10:10 PM Irshad wrote: > I have following setup at home ,I am sharing internet > with neighbour , our ISP provides IPV6 > With 2001:16a2:cdd2:xx00::/56 prefix delegation , until now I was only using > IPv4 NAT with following setup > >

Re: Counting traffic of one host through an OpenBSD computer

On Thu, Jun 17, 2021 at 3:01 PM Ibsen S Ripsbusker wrote: > I want to know how much network traffic a Windows computer is > responsible for. The Windows computer is connected to a switch, > the switch is connected to a router running OpenBSD, and the router is > connected eventually to the

Re: Small/Mini 10Gbe Router Recommendation

On Thu, Apr 8, 2021 at 1:52 PM Hrvoje Popovski wrote: > On 8.4.2021. 20:56, Daniel Melameth wrote: > > On Thu, Apr 8, 2021 at 3:57 AM Stuart Henderson > > wrote: > >> On 2021-04-07, Daniel Melameth wrote: > >>> Looking to finally part with

Re: Small/Mini 10Gbe Router Recommendation

On Thu, Apr 8, 2021 at 3:57 AM Stuart Henderson wrote: > On 2021-04-07, Daniel Melameth wrote: > > Looking to finally part with my legacy OpenBSD router and upgrade to > > something that can push more than 2Gbps out of a single port. Since > > my switching equipment is st

Small/Mini 10Gbe Router Recommendation

Looking to finally part with my legacy OpenBSD router and upgrade to something that can push more than 2Gbps out of a single port. Since my switching equipment is still only 1Gbe, I also want something that has, at least, two Gbe ports. Any recommendations that work well with OpenBSD? I am

Re: pf firewall packet size

On Thu, Mar 11, 2021 at 12:33 PM da...@hajes.org wrote: > I am trying to find out way how to port my Linux netfilter into OpenBSD pf. > > I want to prioritize small new SYN connection SYN/ACK, ACK. > > In Linux I simply set a packet size 0-128 bytes that covers usual 3-way > handshake. This

Re: No watchdog detected (IT8613)

On Wed, Aug 19, 2020 at 7:32 AM Strahil Nikolov wrote: > can someone tell me if the watchdog in IT8613 Super IO chip is supported. ... > When I activate the watchdog in bios, the system is reset on timer expiry - > so it is definitely working. ... > OpenBSD 6.7 (GENERIC.MP) #5: Tue Jul 21

dmesg spam bsd: cannot forward from 2601:283... to fe80:8... nxt 58 received on inteface 8

I've tracked this down to a misbehaving Chrome OS device. Since I cannot fix the issue with the device itself (already on the latest version), what's the best way to keep this seemingly broken device from spamming dmesg and related on my IPv6/v4 router? Thank you!

Re: 10Gbit network work only 1Gbit

... > Firewall/router: ... > * OpenBSD 6.3 64bit ... I recommend updating to a modern version of OpenBSD before spending time investigating the issue further.

Re: How to have pf filter packets on combination of incoming and outgoing interface (for packets transiting the firewall)?

On Mon, May 7, 2018 at 11:51 AM, Daniel Melameth <dan...@melameth.com> wrote: > On Mon, May 7, 2018 at 10:40 AM, Martin Gignac <martin.gig...@gmail.com> > wrote: >> In Juniper SRXes and Netscreen firewalls one defines security policies >> (firewall rules) accor

Re: How to have pf filter packets on combination of incoming and outgoing interface (for packets transiting the firewall)?

On Mon, May 7, 2018 at 10:40 AM, Martin Gignac wrote: > In Juniper SRXes and Netscreen firewalls one defines security policies > (firewall rules) according to a "from" security zone, and a "to" > security zone. Rules within each "from-to" combo can then focus on >

Re: Return back dhclient lease time displaying after renew an IP address manually

On Thu, Apr 26, 2018 at 2:11 PM, Denis wrote: > After upgrading 6.2amd64 -> 6.3amd64 there is no lease time info present > by renewing an IP address using '#sh /etc/netstart if0' command. > > Manually run dhclinent shows MAC address of a dhcpd server (very useful) > but lease

state-policy floating Expectations

The man page defines this as "States can match packets on any interfaces." I understood this to mean that state created on one interface would automatically create state, or allow a related match, on another interface, but this is not the case. Simple example: Host A 10.0.0.2 Firewall 10.0.0.1

Re: Wake-on-LAN from suspended state

On Tue, Apr 24, 2018 at 2:11 PM, Paul de Weerd wrote: > I've been playing with WoL recently and found that my desktop machine > (a Dell Optiplex 9020) can be woken up from another OpenBSD machine on > the same network with `doas arp -W ${MAC} em1` (where ${MAC} is the > mac

Re: Flow Tools

On Wed, Mar 14, 2018 at 3:06 AM, Gregory Edigarov wrote: > Sorry, if I hijack the thread, but what do you guys use for netflow > analysis? > Only know nfsen in ports, but sometimes I need more versatile tool. nfdump is rather powerful if you don't need a pretty GUI; it's like

Re: CoDel Flows

On Fri, Oct 13, 2017 at 7:47 PM, Mike Belopuhov <m...@belopuhov.com> wrote: > On Fri, Oct 13, 2017 at 05:33 +0000, Daniel Melameth wrote: >> In playing around with the new CoDel/fair traffic sharing, it's not >> clear to me the best way to work with this when also using th

Re: CoDel Flows

On Thu, Oct 12, 2017 at 11:48 PM, Daniel Ouellet wrote: >> Also, the pf.conf man page says the default qlimit is 1024, but, if I >> don't specify a qlimit, pfctl –vsq shows a qlength of 50 when I was >> expecting it to be 1024. What am I missing? > > Why would you want to

CoDel Flows

In playing around with the new CoDel/fair traffic sharing, it's not clear to me the best way to work with this when also using the previous queuing. pfctl balks when I specify a flow on the root queue with child queues present, so I only specify flows on child queues. Will CoDel still work as

Re: PF queueing confusion

On Wed, May 10, 2017 at 4:47 AM, Gabriele Tozzi wrote: > I have a quite simple pf setup: I have defined 3 queues for my external > interface in my pf.conf: > > queue ext on $Ext bandwidth 900K > queue normal parent ext bandwidth 386K, max 850K qlimit 10 default > queue high

Re: Packet in and out on the same eithernet port.

On Tue, May 9, 2017 at 8:24 AM, Peter Fraser wrote: > Because of one user's misconfiguration of Microsoft's HypeV, his virtual > machines were not getting the results > of arp. As a result of that configuration all the packets going to machines > on the same subnetwork were

PKG_CACHE and recent snapshot

While trying out the latest snapshot, I noticed that PKG_CACHE is ignored: # whoami root # echo $PKG_CACHE /root/packages # pkg_add -ivv wget Update candidates: quirks-2.241 -> quirks-2.241 quirks-2.241 signed on 2016-07-26T16:56:10Z No change in quirks-2.241 parsing wget-1.18 ... Running

Unbound and the day some of the DNS stopped

I've blatantly copied tedu@'s subject line from http://www.tedunangst.com/flak/post/the-day-some-of-the-DNS-stopped since he's a developer and I believe I've run into the same issue. Almost every time the Internet connection goes down at home, unbound 1.5.7 on my 5.9-release router partly goes

Re: VLAN in 5.9 - NAT problem

On Mon, Apr 18, 2016 at 12:59 AM, Radek wrote: > I'm trying to move my OpenBSD router from 5.4 to 5.9. > > 1. I copied VLANs conf from my 5.4. DHCPserver works, clients get IP. NAT > does not work. > 2. Then I removed trunk0. DHCPserver works, clients get IP. NAT does not work

Re: Puzzling broadband issue

On Tue, Jan 19, 2016 at 11:36 AM, wrote: > a. With both Linux or Windows all downloads tend to hover around 100 KB/s on > a 50 Mb/s cable Internet connection > b. if I run a processor intensive program while downloading (typically at the > moment a video of a burning

Re: PF: can't make queueing and priority work as expected

On Mon, Jan 11, 2016 at 9:37 PM, David Gwynne <da...@gwynne.id.au> wrote: >> On 11 Jan 2016, at 22:43, Daniel Melameth <dan...@melameth.com> wrote: >> On Sun, Jan 10, 2016 at 7:58 AM, Marko Cupać <marko.cu...@mimar.rs> wrote: >>> On Sat, 9 Jan 2016

Re: PF: can't make queueing and priority work as expected

On Sun, Jan 10, 2016 at 7:58 AM, Marko Cupać <marko.cu...@mimar.rs> wrote: > On Sat, 9 Jan 2016 11:11:27 -0700 > Daniel Melameth <dan...@melameth.com> wrote: >> You NEED to set a max on your ROOT queues. > I came to this conclusion as well. But not only on root queu

Re: PF: can't make queueing and priority work as expected

On Thu, Jan 7, 2016 at 11:28 AM, Marko Cupać wrote: > I am setting up gateway for a small network which has two main types of > traffic: p2p and http(s). The idea is to give p2p traffic all the > available bandwidth until there is http(s) traffic, in which case p2p > should

Re: pf match counter peak causes firewall to lag

On Sat, Nov 21, 2015 at 6:21 AM, Martin Hlavatý wrote: > I have issues with firewall lags while there is peak in match > rule counter in pf. Normally it has match ratio of about > 1500/sec, but several times a day it jumps to somewhere > around 6k/sec and firewall lags, some

Re: What hardware spec would I need to push 20 gigabit of network traffic on an OpenBSD server?

On Sun, Oct 25, 2015 at 2:46 AM, Some Developer wrote: > I'm just wondering what hardware spec I'd need push 20 gigabits of network > traffic on an OpenBSD server? As someone else mentioned, this is likely not possible today. > The thing is I want to log all traffic

Re: network config question

On Fri, Sep 25, 2015 at 1:20 PM, patrick keshishian wrote: > On 9/24/15, Kapetanakis Giannis wrote: >> On 24/09/15 22:41, patrick keshishian wrote: >>> I'm pretty sure I'm over-thinking this, so I thought I'd step back and >>> see if I can get some

Re: network config question

On Thu, Sep 24, 2015 at 1:41 PM, patrick keshishian wrote: > I'm pretty sure I'm over-thinking this, so I thought I'd step back and > see if I can get some hints as how this sort of a set-up is done > "properly" by pros. > > Say, existing set up: > > [internet] -- [pf] -- [

Re: Installed 5.7/amd64, now No acceptable DHCPOFFERS received.

On Sun, Aug 2, 2015 at 2:53 AM, openbsd2012 openbsd2...@breeno.net wrote: I decided that tonight was the time to upgrade my home router from OpenBSD 5.2/amd64. I performed a new install of 5.7/amd64. During the install, a DHCP lease could not be obtained on em0 from my ISP. On first boot it

Re: SOHO IPv6 router problems

On Mon, Jul 13, 2015 at 2:42 PM, Daniel Melameth dan...@melameth.com wrote: I’d love it if someone would be open to spending the time to do a “PHD” write up on getting OpenBSD base usable as a stateless IPv6 router/firewall with Comcast. While I agree that write ups like these should

Re: SOHO IPv6 router problems

On Mon, Jul 13, 2015 at 1:17 PM, Michael McConville mmcconvi...@mykolab.com wrote: On Mon, Jul 13, 2015 at 03:12:50PM -0300, Giancarlo Razzolini wrote: The client doesn't need inbound UDP ports to be open. The OpenBSD firewall do, if you're using DHCPv6 to configure it. If using SLAAC, only RS

Re: specify custom 404s with httpd in 5.7

On Mon, May 4, 2015 at 4:55 PM, Alexander Hall alexan...@beard.se wrote: On 05/02/15 01:46, Edgar Pettijohn III wrote: On May 1, 2015, at 6:09 PM, Daniel Melameth wrote: On Fri, May 1, 2015 at 3:09 PM, Kevin spy...@gmail.com wrote: How does one go about specifying a custom 404 page w/the new

Re: specify custom 404s with httpd in 5.7

On Fri, May 1, 2015 at 3:09 PM, Kevin spy...@gmail.com wrote: How does one go about specifying a custom 404 page w/the new httpd? This seems like the correct directive: error_page 404 /some/path/404.html Yet it am no workie for me when I specify it thusly: listen on

httpd.conf error_page Equivalent

In nginx, for one of my servers, I would redirect a 404 by doing the following: error_page 404 /; In httpd on 5.7-stable, I'm uncertain how to do this. I tried the following, but this appears to only work with 3xx codes: block return 404 / Assuming this is possible with httpd, how can I

Re: Route for a special IP

On Wed, Mar 11, 2015 at 9:39 AM, Zhi-Qiang Lei zhiqiang@gmail.com wrote: I have a OpenBSD 5.6 router with two external interfaces pppoe0 and tun0. Generally, all packets will go through pppoe0. However, now I have a special client with IP 192.168.1.200, is it possible to force it to use

Re: pf queuing and dropped packets

On Mon, Mar 9, 2015 at 4:51 AM, Henning Brauer hb-open...@ml.bsws.de wrote: * Daniel Melameth dan...@melameth.com [2015-01-23 22:38]: I noticed the following when downloading a large file: queue tcp_ack parent root on fxp0 bandwidth 2M qlimit 50 [ pkts: 289461 bytes: 15631434

ExpressCard Gigabit Ethernet

Anyone using one of these with OpenBSD? If so, is it reliable? Any benchmarks as to its performance? What make and model are you using and what driver is it using? Thanks.

ath client issues

My legacy ThinkPad died so I've resurrected a legacy HP notebook to replace it for the time being and the built-in ath can't see my 2.4GHz SSIDs (behavior doesn't change when the SSID's channel changes). While it does see my 5GHz SSID most of the time, connectivity is very problematic and, when it

pf queuing and dropped packets

I noticed the following when downloading a large file: queue tcp_ack parent root on fxp0 bandwidth 2M qlimit 50 [ pkts: 289461 bytes: 15631434 dropped pkts: 16 bytes:864 ] [ qlength: 0/ 50 ] [ measured: 3660.9 packets/s, 1.58Mb/s ] While the number of dropped packets is

Captive Portal Using Just pf

I'm trying to put together a simple captive portal of sorts and would like to leverage pf to help if possible. Basically if a certain pf rule is hit, I'd like remove the captiveness that I current have pf providing and allow the user to have fewer restrictions. I realize I can use authpf for

pfqstat - records pf queue bytes in CSV format

One of my favorite ports is pfstat. I've used it religiously for years with minor firewalls for bandwidth and queue graphs. When ALTQ was retired, pfstat could no longer graph my queues and this is still the case today. The correct behavior here would be for me to roll up my college-level C

Re: Traffic shaping on small network.

On Wed, Dec 10, 2014 at 4:30 AM, Paco Esteban p...@onna.be wrote: The box has an vr(4) interface connected to a ADSL modem that provides roughly 14Mbps/910Kbps (down/up) thought pppoe. I've set up some queues on pppoe0 interface (I use $gw_if in rules). There are also basically 3 subnets

Re: Packet Filter router i368 vs 64bit

On Tue, Nov 25, 2014 at 1:52 PM, Motty Cruz motty.c...@gmail.com wrote: I am searching for hardware to build a router with OpenBSD. I have found mixed signals as to fastest system with i386 or 64bit. I know in the past i386 OpenBSD used to perform a lot better than 64bit system. As I

Re: Multiple NICs vs multiple physical firewalls

On Sat, Nov 22, 2014 at 8:46 AM, Martin Hanson greencopperm...@yandex.com wrote: Hi all I have one gateway and several boxes serving some NFS, Samba and other stuff. Then I have a public server for some gaming. I am thinking about two different setups, but I am in serious doubt as to

Re: netflow + carp + nat problem

On Mon, Nov 10, 2014 at 2:36 AM, jean-yves boisiaud jean-yves.boisi...@alcor-consulting.fr wrote: I use OpenBSD 5.5 as a firewall gateway. I also use nfsen/nfdump as the netflow collector/analyzer. pf.conf enables netflow for every pf rule (set state-defaults pflow). On the netflow

Re: ntpd -s via ssh remote command 'hangs'

On Mon, Oct 6, 2014 at 6:34 PM, Philip Guenther guent...@gmail.com wrote: On Mon, Oct 6, 2014 at 2:09 PM, Tor Houghton t...@bogus.net wrote: Hi, Dumb question: I'm running 'sudo ntpd -s' as part of a remote command to an OpenBSD guest[*]; unless I add a 'pkill sshd' to the end of the remote

Re: pf/queue questions

On Tue, Sep 23, 2014 at 9:39 AM, Dewey Hylton dewey.hyl...@gmail.com wrote: i have a site-to-site vpn setup across a 40Mbps wan link (average ~30ms latency). one of its uses is for san replication, but of course management traffic (ssh sessions, etc.) have to cross the link as well. without

pf new queue resolution (was Relationship Between VLANs and Physical Interfaces in PF)

On Wed, Aug 6, 2014 at 2:38 PM, Stuart Henderson s...@spacehopper.org wrote: In my (admittedly very limited) testing with the new queueing system, it hasn't done very well with low bandwidth queues (ADSL type speeds) that used to work OK with altq (symptom, packets being assigned to queues as

Re: two wireless networks on one interface?

On Fri, Aug 1, 2014 at 12:50 PM, Tobias Stoeckmann tob...@stoeckmann.org wrote: Is it (technically) possible to join two wireless networks with just one chip? My system has an athn0 interface, would be nice if I can join two networks with that. I don't believe this is possible with OpenBSD.

Re: network roaming convenience

On Thu, Jul 17, 2014 at 1:51 PM, Charles Musser cmus...@sonic.net wrote: I'm looking to create or cobble together functionality that automates network connections as a user roams around with a laptop. The idea is to respond to changing network availability: wifi network is known, so connect,

Re: pf+voip

On Tue, May 27, 2014 at 3:33 PM, Stuart Henderson s...@spacehopper.org wrote: It just workstm for me, no special setup needed, no static-port or anything, just a standard nat-to rule. This is with various devices; snom and gigaset hardware phones, softclient on android, pjsua on OpenBSD. But

Re: pftop and systat with new queueing

On Tue, May 6, 2014 at 1:09 PM, Daniel Melameth dan...@melameth.com wrote: On Tue, May 6, 2014 at 9:55 AM, Marko Cupać marko.cu...@mimar.rs wrote: I have just upgraded (actually reinstalled from scratch) one of my firewalls to 5.5 release, and I have noticed that 'systat queues' no longer

Re: pftop and systat with new queueing

On Tue, May 6, 2014 at 9:55 AM, Marko Cupać marko.cu...@mimar.rs wrote: I have just upgraded (actually reinstalled from scratch) one of my firewalls to 5.5 release, and I have noticed that 'systat queues' no longer shows P/S and B/S values. pftop does not show queues at all. Was nice to see

pf/pfstat New Queue Reporting

Running a recent snapshot and I've noticed the following: * pfstat no longer graphs the new queues correctly (they are blank) * nfdump reports Sequence Errors when using pflowproto 10 (I haven’t tried v5) Anyone else seeing this? I also noticed pps and bps were missing from systat queues, but I

pf/pfstat New Queue Reporting

I'm running a recent snapshot and noticed pfstat no longer graphs the new queues correctly (they are blank). Is anyone else seeing this? I also noticed pps and bps were missing from systat queues, but I assume this is expected (pfctl –vvs queue still displays this though). I also noticed the

systat queues pps and bps (was pf/pfstat New Queue Reporting)

On Wed, Apr 23, 2014 at 9:58 AM, Henning Brauer lists-open...@bsws.de wrote: * Daniel Melameth dan...@melameth.com [2014-04-23 17:56]: Anyone else seeing this? I also noticed pps and bps were missing from systat queues, but I assume this is expected hmm, no, that worked for me. did I forget

Re: systat queues pps and bps (was pf/pfstat New Queue Reporting)

On Wed, Apr 23, 2014 at 11:00 AM, Henning Brauer lists-open...@bsws.de wrote: * Daniel Melameth dan...@melameth.com [2014-04-23 18:27]: On Wed, Apr 23, 2014 at 9:58 AM, Henning Brauer lists-open...@bsws.de wrote: * Daniel Melameth dan...@melameth.com [2014-04-23 17:56]: Anyone else seeing

Re: pf/pfstat New Queue Reporting

On Wed, Apr 23, 2014 at 3:18 PM, Stuart Henderson s...@spacehopper.org wrote: On 2014-04-23, Daniel Melameth dan...@melameth.com wrote: I'm running a recent snapshot and noticed pfstat no longer graphs the new queues correctly (they are blank). Is anyone else seeing this? I also noticed pps

Re: Virtual firewalls with OpenBSD and PF

On Tue, Apr 8, 2014 at 12:47 PM, Wiesław Kielas wieslaw.kie...@bluemedia.pl wrote: I'm trying to achieve something similar to Cisco's firewall contexts or Juniper's virtual systems with PF and OpenBSD. Currently I run an OpenBSD box as a firewalling device for multiple environments, most of

Re: Suspend and Hibernate Issues with 3/5 Snapshot and ThinkPad T42p

mode requested: 2 radeondrm0: GTT: 256M 0xD000 - 0xDFFF Lastly, I often routinely get the following from iwi upon startup (didn't happen in the past), but it still works: iwi0: timeout waiting for master Cheers. On Thu, Mar 20, 2014 at 7:15 PM, Daniel Melameth dan...@melameth.com wrote

Suspend and Hibernate Issues with 3/5 Snapshot and ThinkPad T42p

With OpenBSD 5.2, I had no issue doing suspend and hibernate: when I closed the lid, it suspended, when I hit Fn+F12 the BIOS took over, with it's own pretty text interface, and hibernated the system. iwi(4) also worked flawlessly with suspend/hibernate. Fast forward to upgrading to 5.5 with

Re: Suspend and Hibernate Issues with 3/5 Snapshot and ThinkPad T42p

the problem began? Bisecting the tree would be the next step. :-) Ken On 20 March 2014 20:34, Daniel Melameth dan...@melameth.com wrote: With OpenBSD 5.2, I had no issue doing suspend and hibernate: when I closed the lid, it suspended, when I hit Fn+F12 the BIOS took over, with it's

Re: new queue bursting

On Tue, Feb 11, 2014 at 10:31 PM, Ted Unangst t...@tedunangst.com wrote: How does bursting work in new queue? I'm unable to measure any effects. For instance, I start with something like: pass in on em0 proto tcp to port 80 queue web queue rootq on em0 bandwidth 100M max 100M queue web

Re: pflow collection and analysis

On Thu, May 2, 2013 at 5:55 AM, Jan Stary h...@stare.cz wrote: Also, the -u and -g options of nfcapd do not seem to work: while the _nfcapd user and group are created by the package, nfcapd simply does not start if I try to use -u or -g. (Without it, it runs just fine). I use the following

Re: IP accounting

On Fri, Jan 25, 2013 at 5:48 AM, Kapetanakis Giannis bil...@edu.physics.uoc.gr wrote: I'd like to implement IP accounting in one of my OB routers. What I want to do is to log each new connection that creates a state, ideally in a database. In another Linux router I have (and want to replace

Re: suspend on Thinkpad T40

On Tue, Nov 20, 2012 at 2:55 AM, Jan Stary h...@stare.cz wrote: This is current/i386 on a Thinkpad T40 (dmesg below). It's an APM machine; no acpi. I am running apmd -A, and have scripts in /etc/apm/ that just go ... Suspend mostly works, trigerred either by an explicit apm -s, or Fn+F4, or

Re: Hardware hunting

On Thu, Nov 15, 2012 at 2:47 PM, Chris McGee cmcge...@gmail.com wrote: I am hunting for a low-power firewall for my home network. For at least 10 years, whenever my firewall hardware has started to die, I've grabbed a decommissioned game PC, added a few NIC's, and put OpenBSD on it. The

Re: vlan(4), run(4) and dhclient

On Mon, Oct 29, 2012 at 4:32 PM, Frank Brodbeck f...@guug.de wrote: I am currently playing with VLANs and found myself unable to get a lease via run(4) device when using VLAN: ifconfig vlan4094 vlandev run0 dhclient vlan4094 I see the packets leaving vlan4094 but they are not arriving at

Re: Upgrade to 5.2?

On Tue, Oct 30, 2012 at 8:55 PM, Matt M. cmorrow...@gmail.com wrote: Yesterday I upgraded from 5.1-release to -current. Is there any need to upgrade to 5.2-release? Could this cause issues since -current is really newer than what's on the 5.2 media? You are now running bleeding edge

Re: WPA2 AES on OpenBSD

http://www.openbsd.org/faq/faq6.html#Wireless On Tue, Sep 18, 2012 at 1:26 PM, obsd, wifi obsdw...@postafiok.hu wrote: I have an OpenBSD 5.1 i386 installed. I have no GUI/X. I googled for the answer but I can't find authentic one. How can I connect to a WPA2 PSK/AES wifi network using only the

Re: Suspect fragmented packets.

On Sun, Aug 5, 2012 at 7:50 AM, David Walker davidianwal...@gmail.com wrote: I've had a bridged modem and OpenBSD gateway setup for years on a particular Australian ISP. I've never re-assembled packets and worried over MTU or fragments. Everything just worked ... Recently one of the companies

Re: Suspect fragmented packets.

On Sun, Aug 5, 2012 at 9:24 AM, David Walker davidianwal...@gmail.com wrote: Daniel Melameth daniel () melameth ! com wrote: When using pppoe(4), MSS can be a problem. I recommend you read the MTU/MSS ISSUES section of the man page and see if that resolves your issue. I have read and tried

Re: switching between ethernet and wifi

On Mon, Jul 23, 2012 at 5:13 PM, frantisek holop min...@obiit.org wrote: consider a notebook with two nic's: re0 (ethernet) and urtwn0 (usb wifi). let's say, at boot time there is ethernet connection and /etc/hostname.re0 contains dhcp. urtwn0 is not plugged in. later, i want to switch to

Re: Debugging athn(4) hostap connection problem

On Thu, Jul 12, 2012 at 1:21 PM, Peter Kay syllops...@syllopsium.co.uk wrote: I have an athn(4) hostap system : ... that is working ok with a couple of Windows machines, but not with a HP Touchpad (WebOS is much better than Android, but not perfect) or a Nokia E51. The latter two devices

Re: Large scale DNS anycast setup: OpenBSD performance issues

On Tue, May 29, 2012 at 4:01 AM, Tomas Bodzar tomas.bod...@gmail.com wrote: Probably you are aware that OpenBSD doesn't have VMware tools from VMware available (they have impact)... While I don't think it'd help here, you might want to see vmt(4) and vic(4)...

Re: Openbsd 5.1 Review on Distrowatch

On Mon, May 14, 2012 at 6:00 AM, Ralph Ellis ralphell...@netscape.ca wrote: As a relative newcomer to Openbsd, I decided to write a review of the 5.1 release for Distrowatch.com from a desktop user's perspective. Openbsd has come a long way in terms of improved hardware support and ease of

Re: Sendmail at home

On Thu, May 10, 2012 at 11:30 AM, Laurence Rochfort laurence.rochf...@gmail.com wrote: I want to setup sendmail so that I can send mail from my home network. I have no experience with sendmail outside a corporate environment where DNS makes everything happen automagically. I have a Gmail

wiconfig - simplifies the configuration of wireless interfaces

So, I got tired of doing my little time saving workarounds every time I connected to a wireless network--and decided to look for a solution. Several people have posted little wireless scripts and minor modifications here to help simplify and automate the configuration of wireless, but the scripts

pdksh typeset

While I realize this might not be the best forum for this, it is the ksh that is in base--and the official pdksh-5.2.14 has been abandoned since '99. That said, I'm not too familiar with shell scripting, but I'm giving it a spin and am having some issues with typeset that I'd appreciate an

Re: pdksh typeset (solved)

On Fri, Dec 9, 2011 at 1:22 AM, Daniel Melameth dan...@melameth.com wrote: While I realize this might not be the best forum for this, it is the ksh that is in base--and the official pdksh-5.2.14 has been abandoned since '99. That said, I'm not too familiar with shell scripting, but I'm giving

Re: packet loss

On Tue, Nov 29, 2011 at 11:47 AM, rik rikc...@gmail.com wrote: Sorry, I've mised the top 2 rows of the dmesg: OpenBSD 3.9 (FIREWALL) #0: Sun Sep 17 15:49:07 CEST 2006 r...@fw1.domain.com:/usr/src/sys/arch/i386/compile/FIREWALL Firewall is just the generic.mp with a device (cpu temp

Re: pppoe

On Sun, Nov 20, 2011 at 6:37 PM, John Tate j...@johntate.org wrote: I am setting up an OpenBSD firewall, and have everything working but I am using userland pppoe. I am not sure if it ever became an official part of OpenBSD, but I've heard there might be kernel level pppoe support. Is there

Re: cwm autogroup confusion

On Thu, Sep 8, 2011 at 3:39 AM, Okan Demirmen o...@demirmen.com wrote: On Tue 2011.09.06 at 18:46 -0600, Daniel Melameth wrote: I'm trying to put one xterm in a different autogroup. This xterm's relevant properties (via xprop) are: WM_CLASS(STRING) = xterm, XTerm WM_NAME(STRING

cwm autogroup confusion

I'm trying to put one xterm in a different autogroup. This xterm's relevant properties (via xprop) are: WM_CLASS(STRING) = xterm, XTerm WM_NAME(STRING) = largexterm The relevant portion of my .cwmrc is: autogroup 1 xterm,XTerm autogroup 3 largexterm,XTerm With this, largexterm is

rfc1323 and mirror.team-cymru.org (and others)

When using one of the mirrors, mirror.team-cymru.org, ftp connectivity works sporadically--and the issue is resolved when net.inet.tcp.rfc1323=0. My first thought is some issue with the mirror's firewall, but I have no issue using this mirror from a Windows machine. With pf enabled (pass

Re: Only the first nameserver entry in resolv.conf is being queried

On Tue, Aug 16, 2011 at 12:05 PM, Brett brett.ma...@gmx.com wrote: I have customised dhclient.conf so I can use nameservers other than my ISP's. The first one on my list is unreliable, but instead of going to the next on the list, ping, xxxterm and firefox are not finding the sites (ie DNS

iwi versus ath scan

I recently picked up another notebook and the ath card in it cannot see my SSIDs (meth, meth2.4 and open) at home. However, my two other notebooks, one using iwi and other other running Windows, can see these just fine (and all three notebooks are next to each other). The following is an

Re: iwi versus ath scan

On Sun, Jul 24, 2011 at 8:55 AM, Daniel Melameth dan...@melameth.com wrote: I recently picked up another notebook and the ath card in it cannot see my SSIDs (meth, meth2.4 and open) at home. However, my two other notebooks, one using iwi and other other running Windows, can see these just

Re: problem with download limit

On Tue, May 10, 2011 at 12:44 PM, Wesley MOUEDINE ASSABY open...@e-solutions.re wrote: When PF is enabled on the box, there's no queuing limit. And disable PF, don't solve the problem. Really, i don't understand why i download the file at 32Ko/s instead of ~80Ko/s At work, connection used is

Re: No data in pfstat-queues graph

On Fri, Mar 18, 2011 at 12:34 AM, Indunil Jayasooriya induni...@gmail.com wrote: I use pfstat to get the graphs. every graph is working fine other than pfstat-queues graph. This graph is always blank. No data to display. always empty. Here's the output of # pfctl -sq queue std_out on em0

Re: Pflow netflows exported twice for each connection?

On Wed, Jan 5, 2011 at 3:54 AM, Bernd Bornkessel bbornkes...@dunkel.de wrote: I plan to move our core routers from FreeBSD to OpenBSD. Currently I use netgraph and ng_netflow on the FreeBSD machines for netflow accounting. As there is a netflow kernel implentation with pflow in OpenBSD, too, I

Re: OT - secondary DNS recommendations

On Wed, Dec 8, 2010 at 9:49 AM, Scott McEachern sc...@blackstaff.ca wrote: Given the (general) support of WikiLeaks here, I was wondering if anyone could recommend a free alternative to replace EveryDNS.net? I know how to use Google to find free alternatives, I'm looking for *recommendations*

  1   2   >