Hi Claudio,
On Mon, Dec 19, 2022 at 01:10:15PM +0100, Claudio Jeker wrote:
> You update from a very old version of OpenBGPD.
true. Your tips worked a treat, though, and adjusting the config wasn't
too difficult.
Thanks a lot,
Toni
anged over the course of time, and
possibly, some better error messages to help diagnose the errors?
Thanks a lot,
Toni
25, 2019 at 3:24 PM
> From: "Mara Toni"
> To: misc@openbsd.org
> Subject: pppoe only connects if tcpdump is running?!
>
> Hello!
>
> I got myself a new PCI ethernet card instead of an old USB3 to ethernet in a
> "router" named desktop machine.
>
> i
Hello!
I got myself a new PCI ethernet card instead of an old USB3 to ethernet in a
"router" named desktop machine.
in short:
But pppoe doesn't connects via the new PCI card. Only if I start a tcpdump on
it!?
longer:
#
# THE
Hello,
did anybody hear about the:
https://vigilance.fr/vulnerability/OpenBSD-privilege-escalation-via-vmmints-28874
OpenBSD: privilege escalation via vmmints
Synthesis of the vulnerability
An attacker can bypass restrictions via vmmints of OpenBSD, in order to
escalate his privileges.
Hi,
thanks for the insight.
On Thu, Jan 03, 2013 at 01:37:38AM +, Stuart Henderson wrote:
On 2013-01-02, Toni Mueller openbsd-m...@oeko.net wrote:
/bsd: in6_ifloop_request: ADD operation failed for 3ffe:3ffe::0001
(errno=17)
17 is EEXIST - see errno(2) for a list of these - there's
reboot the machine, the states of the CARP interface(s) are being
set correctly, but I don't know how to change them thereafter, as
described above.
The desired target state is to have A + C as a pair of CARP'ed routers
for both IPv4 and IPv6.
What am I doing wrong?
TIA!
Kind regards,
--Toni++
Hi,
On Wed, Jan 02, 2013 at 04:53:02PM +0100, Patrick Lamaiziere wrote:
Le Wed, 2 Jan 2013 13:39:25 +0100, Toni Mueller openbsd-m...@oeko.net a
écrit :
With this setup, carp1 will stay in BACKUP mode when I say ifconfig
carp1 advskew 120 on A, while on B, it would go into MASTER
Hi,
On Wed, Jan 02, 2013 at 05:47:23PM +, Stuart Henderson wrote:
On 2013-01-02, Toni Mueller openbsd-m...@oeko.net wrote:
A: 5.1 (IPv4: master)
B: 5.0 (IPv4: backup)
C: 5.2 (IPv4: master, IPv6: backup)
Is this 5.0 release or is it something close to 5.0?
the (working!) 5.0
Hi,
I have just discovered that I made a configuration error that had
resulted in the undesired, but correct, carp behaviour for IPv4. Ie,
OpenBSD operates as desired for this case.
That leaves these questions open:
On Wed, Jan 02, 2013 at 01:39:25PM +0100, Toni Mueller wrote:
I also have
, when used in
conjunction with X.509 certificates, but it also appears that OpenBSD
can't send that to the remote side. Or am I wrong?
TIA!
Kind regards,
--Toni++
this problem, but removes
the option to use several keys, which is bad.
There's another unresolved issue in this area, which I don't yet have
enough data to fathom.
Kind regards,
--Toni++
certificate, followed by the server certificate.
It would be very nice if someone could shed some light to this.
TIA!
Kind regards,
--Toni++
Hi,
On Thu, Oct 13, 2011 at 09:40:42AM +0200, Toni Mueller wrote:
My vote would go for Redmine (use together with thin), which has a
if the project wants to use/try it, I can offer my help with this one.
Please contact me off-list.
Kind regards,
--Toni++
regards,
--Toni++
, despite not having the 'ps' and 'trace' outputs?
Kind regards,
--Toni++
Hi Daniel,
On Thu, Oct 13, 2011 at 09:10:22AM +0200, LEVAI Daniel wrote:
On Thu, Oct 13, 2011 at 09:01:51 +0200, Toni Mueller wrote:
today I wanted to research open bug reports for OpenBSD, using this link
in lieu of anything linked from the homepage:
http://marc.info/?l=openbsd-miscm
upgrading everything is that road warriors (NCP)
are stopped dead in much the same way like shown above, when running
against 4.9 (but not if they work against lower versions of OpenBSD,
including 4.8). If I could verify that they'll work, I'd uprade rather
sooner than later.
Kind regards,
--Toni++
Hi,
I solved the site-site part of it. It turned out to be a typo somewhere.
:(
But the mobile issue is still open.
Kind regards,
--Toni++
TIPOGRAFIA e STAMPA DIGITALE
www.tipoprint.com
Tel: 02 89 92 67 50
Gentile Cliente,
Crediamo sia cosa gradita farvi pervenire questa nostra offerta relativa ai
nostri stampati. E' una occasione da non perdere anche perche' potrete
sfruttare questa OFFERTA fino a Giugno 2011 a sola condizione che
interesting:
http://nbender.com/install.netboot/install.html
Kind regards,
--Toni++
Hi,
I discover that CARP and routing don't always mix well:
Internet --- host1 host2
If host1 and host2 have a CARP interface with the same IP, then packets
destined for that IP don't ever reach host2, even if the interface on
host1 is in BACKUP state.
Kind regards,
--Toni++
On Thu, 25.11.2010 at 13:15:06 +, Michal mic...@sharescope.co.uk wrote:
On 25/11/10 12:22, Toni Mueller wrote:
I discover that CARP and routing don't always mix well:
Internet --- host1 host2
Wait, do you mean;
Host1
Internet
+ --- host3 +
but this is not very relevant in this context. Ok, a better picture
would be
Internet --- switch --- host1 --- switch --- host2
+ --- host3 +
Kind regards,
--Toni++
this into the mainline, someday?
What's left to do is additional testing, documentation, and updating for any
changes in 4.8 (it is working now against 4.7).
I have a use case, so if you want me to test something... ;)
Kind regards,
--Toni++
On Fri, 05.11.2010 at 16:54:00 +0100, Aleksandar Lazic al-open...@none.at
wrote:
due to the fact that openssh and some other parts of openbsd are ported
to linux maybe you can tell me if you plan to make a openrelayd which is
able to compile on linux.
I'am willing to try it by my self,
On Wed, 24.11.2010 at 21:30:05 +0100, ropers rop...@gmail.com wrote:
On 23 November 2010 13:52, Toni Mueller openbsd-m...@oeko.net wrote:
I usually have a use case that can be satisfied
with one XOR the other system
So, not with both?
You have weird use cases.
I don't think so. See eg
Hi,
On Sun, 24.10.2010 at 08:20:35 +0530, Siju George sgeorge...@gmail.com wrote:
On Sat, Oct 23, 2010 at 7:18 PM, Toni Mueller openbsd-m...@oeko.net wrote:
Also, Linux is better supported by hardware vendors, and/or much less
picky about hardware than OpenBSD is.
Not always
Hi,
On Sat, 23.10.2010 at 10:36:54 -0500, Marco Peereboom sl...@peereboom.us
wrote:
On Oct 23, 2010, at 8:48, Toni Mueller openbsd-m...@oeko.net wrote:
Also, Linux is better supported by hardware vendors, and/or much less
picky about hardware than OpenBSD is.
If you consider the garbage
.
--
Kind regards,
--Toni++
Hi,
On Tue, 23.11.2010 at 11:07:40 -0500, Ted Unangst ted.unan...@gmail.com wrote:
On Tue, Nov 23, 2010 at 10:02 AM, Otto Moerbeek o...@drijf.net wrote:
On Tue, Nov 23, 2010 at 03:16:57PM +0100, Toni Mueller wrote:
# ifconfig em3
em3:
flags=8b43UP,BROADCAST,RUNNING,PROMISC,ALLMULTI
OpenBSD, so
there is very little point in running Linux on them.
Also, throw out doesn't mean that I put these machines into the
dustbin, it only means that I have to remove them from this task.
Kind regards,
--Toni++
Hi,
On Tue, 23.11.2010 at 10:55:30 -0500, and...@msu.edu and...@msu.edu wrote:
Toni, have you published a list of the hardware thats been causing you
problems?
sorry, no I didn't think of it, yet. But I have posted to this list
about some of them, most prominently the small PCs with C7 chips
a way to put them back to life, in which case the owner may
decide to keep them, I'll try to ship the surplus to interested
developers (please talk to me offline if you're interested).
Kind regards,
--Toni++
Hi,
On Tue, 02.11.2010 at 13:40:44 +0100, Guillaume DualC) g.du...@otasc.org
wrote:
try it : http://openbsd.org
it's (probably) not the same, and (worse!) it doesn't help with all the
configurations that contain www.openbsd.org.
Kind regards,
--Toni++
, and
keep your fingers crossed that none of the security problems hit you
(you're going to build a firewall, after all, right?).
Kind regards,
--Toni++
as well.
Kind regards,
--Toni++
of connections on one IP?
My guess is that it's (1), but my preference would be (3), of course.
--
Kind regards,
--Toni++
changed in the meantime, at least in Europe:
http://www.ripe.net/ripe/docs/ipv6-policy.html#assignment_size
Kind regards,
--Toni++
or might not
be there. But it's worth a try. My supplier is already looking into
this issue of possible BIOS uppgrades.
On 2010-08-13, Toni Mueller openbsd-m...@oeko.net wrote:
Having said that, what is the current common wisdom for reliable small
CPE boxes that are reliable enough to be safely
for comparison.
Kind regards,
--Toni++
supplier also only learnt it when he asked the
manufacturer for a new BIOS version.
Having said that, what is the current common wisdom for reliable small
CPE boxes that are reliable enough to be safely upgraded remotely, and
will be safe to upgrade for several upcoming releases?
Kind regards,
--Toni++
a dmesg of one of the working machines (naturally, since
I couldn't get one out of the broken ones).
Kind regards,
--Toni++
OpenBSD 4.7 (GENERIC) #1: Sun May 30 16:44:59 CEST 2010
r...@w3.oeko.net:/usr/S/src.47/sys/arch/i386/compile/GENERIC
cpu0: VIA Eden Processor 1200MHz (CentaurHauls 686-class
wondering whether I did something stupid while
compiling the system(s), or if the bug has re-appeared.
I'd also like to know whether the OpenBSD developers prefer to have
such vague messages in Gnats, or whether they prefer them here on the
list.
TIA!
Kind regards,
--Toni++
be
avoided at all costs. It also complicates network setup quite a bit,
imho.
Kind regards,
--Toni++
changes in the tables at once and
not require reloading the rule set. The machine where I took this
example from, runs 4.7-stable/i386, but I saw this problem on 4.6
hosts, too.
Any ideas about what might cause this problem?
Kind regards,
--Toni++
to work but I'm under the impression that queueing
should be done on the physical interface (vlandev).
I don't know how useful this really is. I need to limit and/or reserve
bandwidth of individual vlans on the (one) wan pipe.
Kind regards,
--Toni++
problem in a Metro-LAN-like setting.
Oh... and I forgot to add CARP into the mix - I want to automatically
fail over the whole stack of vlans to a second router of mine when one
interface fails.
Kind regards,
--Toni++
times at home, and encapsulate everything at home before
sending it out through the wan pipe again, to be decapsulated in the
data centre and distributed to various other people there.
--
Kind regards,
--Toni++
want to run at least three vlans across the WAN link, and need to
keep the vlans strictly separated. I also need to do traffic shaping on
a per-vlan basis. :/
TIA!
Kind regards,
--Toni++
regards,
--Toni++
in such regulated enviroments, even if they wanted to be in
there in the first place?
Kind regards,
--Toni++
Hi,
On Wed, 17.03.2010 at 17:48:21 +0100, Toni Mueller openbsd-m...@oeko.net
wrote:
On Mon, 15.03.2010 at 19:10:12 +0100, Toni Mueller openbsd-m...@oeko.net
wrote:
# pfctl -s a |grep mss
# ifconfig|grep mtu|grep -v 1500
lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 33152
enc0
is not well supported, either.
Below you find the dmesg for the problematic machine, but with the ok
kernel.
--
Kind regards,
--Toni++
OpenBSD 4.7 (GENERIC.MP) #448: Wed Mar 10 12:15:21 MST 2010
dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC.MP
cpu0: Intel(R) Pentium(R) 4
to append the Archive to the script file , Then try
to read through the `setup file' except for the first 5 lines.
maybe you can use or tweak 'shar' to do what you want.
$ man shar
Kind regards,
--Toni++
Hi,
this should have gone into the thread 'spurious need to frag
messages'. Sorry for opening a new thread.
On Wed, 31.03.2010 at 13:36:48 +0200, Toni Mueller openbsd-m...@oeko.net
wrote:
recently, a problem with OpenBSD has popped up over here that manifests
itself in random connection
. Normally, the connection should come up immediately
after one proposal packet from each isakmpd.
Both sides are OpenBSD -current amd64, but one side is about a week
older.
I don't recall this behaviour from earlier versions of OpenBSD.
--
Kind regards,
--Toni++
Hi,
it would be great to be able to specify a fallback kernel in case
booting a new kernel fails - esp. if one needs to work on a remote
site w/o hands-on support.
TIA!
Kind regards,
--Toni++
and I don't
have a console and power switch to reboot the machine and/or select a
different kernel. It would be nice if I could say something like (in
grub) fallback /bsd.backup.
As I said, this is only relevant if I'm working remotely.
Kind regards,
--Toni++
, and in
that case, often no personell whatsoever was within reach of at least a
day of travelling of the affected sites.
Kind regards,
--Toni++
).
The boot.conf stuff is platform specific - a workaround for
broken bioses. sparc64 machines, for example, just read the kernel
image name from their boot configuration and load that, no boot.conf
needed at all.
Understood. Thanks for the summary.
Kind regards,
--Toni++
On Fri, 02.04.2010 at 22:20:46 +0200, Henning Brauer lists-open...@bsws.de
wrote:
* Toni Mueller openbsd-m...@oeko.net [2010-04-02 12:25]:
it would be great to be able to specify a fallback kernel in case
booting a new kernel fails
how exactly does the bootloader notice your new kernel
, when I was reporting problems, the large
difference in serial number struck me as odd, and curiosity set in.
Kind regards,
--Toni++
Hi,
On Wed, 31.03.2010 at 22:10:08 +0300, Ozgur Kazancci
ozgur.kazan...@info.uvt.ro wrote:
- Toni Mueller openbsd-m...@oeko.net wrote:
On Wed, 31.03.2010 at 14:03:06 -0400, Devin Ceartas nacred...@gmail.com
wrote:
I suppose it should be 5.2.11 or later my machine running 4.6
--- 1 root wheel 0 Apr 1 11:19 pf.conf.ipsec
IOW, the error is produced by the load anchor statement shown above,
which is not uncovered by running a syntax check on the file, also not
using -v.
Kind regards,
--Toni++
Hi,
I'd like to be able to clear the counters of interfaces, similar to
clear counters in Cisco lingo.
TIA!
Kind regards,
--Toni++
the same source, so I'm
confident that the programs should have been built from the same
sources.
Kind regards,
--Toni++
that there may be some underlying memory corruption problem.
I'd very much appreciate hints for how to go about debugging this,
and/or can probably be remote controlled to do some testing.
TIA!
Kind regards,
--Toni++
/why?
Kind regards,
--Toni++
regards,
--Toni++
.
Kind regards,
--Toni++
Hi,
On Mon, 15.03.2010 at 19:10:12 +0100, Toni Mueller openbsd-m...@oeko.net
wrote:
# pfctl -s a |grep mss
# ifconfig|grep mtu|grep -v 1500
lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 33152
enc0: flags=41UP,RUNNING mtu 1536
pflog0: flags=141UP,RUNNING,PROMISC mtu 33152
#
And that's
is high). In the
branch office's gateway, using 'netstat -rnf encap', I see all the
entries that there used to be, but I see _NO_ packets on its enc0
interface.
Ideas about how to debug these, are most welcome!
Kind regards,
--Toni++
on my mind.
TIA!
--
Kind regards,
--Toni++
Darn, I should write better messages. So here goes an important
addendum:
On Wed, 17.03.2010 at 17:55:34 +0100, Toni Mueller openbsd-m...@oeko.net
wrote:
I've installed the latest snapshot, with kernel bsd.mp#488, on a
machine that has several IPSEC connections to handle, some fixed
(branch
Hi,
On Tue, 16.03.2010 at 07:37:42 +0001, Jason McIntyre j...@kerhand.co.uk wrote:
On Mon, Mar 15, 2010 at 10:35:23PM +0100, Toni Mueller wrote:
An optimizer (or any other such device) which is on by default and
claims to not change semantics, should imho be transparent to the user
table loading for optimizations
# /sbin/pfctl -s r
#
Imho, this interaction should be documented in the man page. One needs
to specify '-Tl', or else no rules will be loaded.
TIA!
Kind regards,
--Toni++
displaying them.
.It Fl s Ar modifier
Kind regards,
--Toni++
access a certain host,
while the number of inaccessible foreign hosts steadily increases.
The machine runs OpenBSD 4.6-stable/amd64.
What gives?
Kind regards,
--Toni++
.
An optimizer (or any other such device) which is on by default and
claims to not change semantics, should imho be transparent to the user,
but this one isn't. If you have other uses of disabling the optimizer
except for debugging pf, I'd really like to hear.
--
Kind regards,
--Toni++
to 'ipsecctl -d', like in
# ipsecctl -d 'flow esp in from 10.1.10.10 to 10.2.0.22 peer 1.2.3.4 srcid
5.6.7.8/32 dstid 1.2.3.4/32 type use'
it bails out, too. Now I'm confused. :(
I'd prefer to delete flows by SPI index, if possible...
Help is greatly appreciated!
Kind regards,
--Toni++
a BSD-Unix
Anyone know more about the OS used in this system??
what do you want to know?
How to make money bypassing government villains?
Or how to make money being a thug?
Kind regards,
--Toni++
Hi,
On Fri, 12.03.2010 at 13:21:45 +0001, Jason McIntyre j...@kerhand.co.uk wrote:
On Thu, Mar 11, 2010 at 12:23:22AM +0100, Toni Mueller wrote:
what exactly is missing from sysctl(3)?
the sections I read seem to exhaustively list the settings that can
be used with the 'mib' parameter
Hi Otto,
On Thu, 11.03.2010 at 07:08:24 +0100, Otto Moerbeek o...@drijf.net wrote:
On Thu, Mar 11, 2010 at 12:23:22AM +0100, Toni Mueller wrote:
Btw, in the snapshot of today, the sysctl(3) man page is absent:
$ find . -name 'sysctl*'
./cat8/sysctl.0
./cat5/sysctl.conf.0
$
Did
On Thu, 11.03.2010 at 14:31:46 +0100, Toni Mueller openbsd-m...@oeko.net
wrote:
But I'll now grab 'comp' too and see if that helps.
I've now looked at the man page in -current, and it does not cover the
leaves below PF_KEY.
--
Kind regards,
--Toni++
=i386format=html
). If someone with appropriate knowledge and powers
could fix these problems, eg. before 4.7, that would be great.
TIA!
Kind regards,
--Toni++
page is absent:
$ find . -name 'sysctl*'
./cat8/sysctl.0
./cat5/sysctl.conf.0
$
as to why the cgi thing returns the section page, i'll let someone else
explain (i.e. i don't know).
Thanks.
--
Kind regards,
--Toni++
' and 'dstid' specifiers, as the man
page says that, in this case, the IP number(s) are taken as IDs, but
still no luck.
What gives?
Kind regards,
--Toni++
Hi,
On Sun, 24.01.2010 at 17:47:22 +0100, Toni Mueller openbsd-m...@oeko.net
wrote:
First off, I noticed that, if isakmpd is running w/o the '-K' switch,
running 'ipsecctl -f somefile' results in a problem accessing
/var/run/isakmpd.fifo, with a file does not exist error.
scratch
Hi,
On Thu, 21.01.2010 at 21:48:01 +, Christian Weisgerber na...@mips.inka.de
wrote:
Toni Mueller openbsd-m...@oeko.net wrote:
today I see tons of these on a 4.6-stable/amd64 machine (sample):
17:21:00.848135 esp 1.1.1.1 2.2.2.2 spi 0x54d46678 seq 132642 len 84
(DF) (ttl 64, id 49897
324 (ttl 46,
id 30599, len 344)
The 2.2.2.2 machine runs an older version of OpenBSD, but is now slated to be
upgraded RSN now.
Kind regards,
--Toni++
Hi,
On Sat, 09.01.2010 at 13:09:29 -0500, Ted Unangst ted.unan...@gmail.com wrote:
On Sat, Jan 9, 2010 at 11:40 AM, Toni Mueller openbsd-m...@oeko.net wrote:
# /sbin/pfctl -n -f pf.conf.test
pf.conf.test:23: illegal tos value (null)
Best guess: sbin/pfctl/parse.y
thanks, Ted, this worked
diagnostics as do Cisco's Serial interfaces.
--
Kind regards,
--Toni++
Hi,
On Wed, 30.12.2009 at 18:17:24 +0100, Marc Espie es...@nerim.net wrote:
I don't know about a long list of directories. These days, there are at
most 5 ports that do this kind of annoying shit.
Toni, this looks like hyperbolic speech to me. 4 or 5 doesn't amount to
long list.
I'll re
with Sonicwall or Cisco.
Now, if that means what I think it means,
You think correctly.
--
Kind regards,
--Toni++
Hi,
[ will cross-post this to tech@ ]
On Mon, 05.10.2009 at 18:47:10 +0200, Toni Mueller openbsd-m...@oeko.net
wrote:
On Thu, 01.10.2009 at 12:21:19 +0200, Toni Mueller openbsd-m...@oeko.net
wrote:
Searching around, I found that this question was already raised by
Martin Hedenfalk well
out, etc.pp., and a Soekris + art(4) card as a CPE device is
still smaller and much less power-consuming than a Cisco.
--
Kind regards,
--Toni++
Hi Dale, hi Theo,
On Tue, 29.12.2009 at 11:55:55 -0600, Dale Rahn dr...@dalerahn.com wrote:
On Tue, Dec 29, 2009 at 06:03:48PM +0100, Toni Mueller wrote:
I've just seen a program fail to work, saying that it can't load a
shared library (but a different one on each invocation - this is an SMP
/lib is not part of the default
path.
TIA!
Kind regards,
--Toni++
Hi,
On Sun, 22.11.2009 at 23:03:10 +0100, Joachim Schipper
joac...@joachimschipper.nl wrote:
On Sun, Nov 22, 2009 at 10:00:05PM +0100, Peter J. Philipp wrote:
On Sun, Nov 22, 2009 at 09:20:46PM +0100, Toni Mueller wrote:
for several releases of OpenBSD, I now have encountered the problem
1 - 100 of 446 matches
Mail list logo