From davidianwalker at gmail.com Sun May 3 03:40:49 2009 From: davidianwalker at gmail.com (David Walker) Date: Sun, 3 May 2009 11:10:49 +0930 Subject: Myname and DNS. Message-ID: Guten tag. Usually I use OpenBSD on the desktop and have no cause to get my head around any sophisticated networking. The extent I usually go to is choosing a machine name and accepting the default domain which is home I think. I end up with this in myname(5): # cat myname david.home I have a static IP from my ISP which gives me a real world name: pppxxx-xx.static.internode.on.net I am wondering if there is a possibility of incorporating this into myname(5) and if there are any advantages or disadvantages to this. I want to learn more about DNS on OpenBSD and figure this is possibly a good start - rather than trying to get it working using two different names. Can someone please confirm whether I have this correct: /etc/hosts is a list of known machines for quick resolving without using external DNS servers or named. /etc/resolv.conf is instructions telling lookups whether to use the hosts file and what external DNS server to query. Also whether to use named. /etc/named.conf is the settings for running the local DNS server. I am looking through named.conf(5) and it is reasonably complex (for me). Are there any cheap setups that work? At the moment this is optional for me (BIND) but I would like to put some effort into it. Best wishes. From DStaal at usa.net Sun May 3 15:35:57 2009 From: DStaal at usa.net (Daniel Staal) Date: Sun, 03 May 2009 09:35:57 -0400 Subject: Myname and DNS. In-Reply-To: References: Message-ID: <363EB9F408E482C856EC668D@Mac-Pro.magehandbook.com> --As of May 3, 2009 11:10:49 AM +0930, David Walker is alleged to have said: > Can someone please confirm whether I have this correct: > /etc/hosts is a list of known machines for quick resolving without > using external DNS servers or named. > /etc/resolv.conf is instructions telling lookups whether to use the > hosts file and what external DNS server to query. Also whether to use > named. > /etc/named.conf is the settings for running the local DNS server. Bingo: That's just about perfect, I think. (And note from that you can both run named and not use it...) > I am looking through named.conf(5) and it is reasonably complex (for me). > Are there any cheap setups that work? > At the moment this is optional for me (BIND) but I would like to put > some effort into it. I think the 'default' setup works for most uses straight out of the box. (I haven't checked recently, I'll admit.) The most likely thing you'd have to change is what interfaces/addresses named will listen on: I've seen some defaults that would only listen on 127.0.0.1 to the local box. As for having your hostname match what a DNS query returns: It's not necessary, except for certain uses as an internet-facing server. It's often nice to have just one name for things, but often the one assigned by you ISP isn't a great one. Daniel T. Staal --------------------------------------------------------------- This email copyright the author. Unless otherwise noted, you are expressly allowed to retransmit, quote, or otherwise use the contents for non-commercial purposes. This copyright will expire 5 years after the author's death, or in 30 years, whichever is longer, unless such a period is in excess of local copyright law. --------------------------------------------------------------- From sgeorge.ml at gmail.com Tue May 5 12:05:27 2009 From: sgeorge.ml at gmail.com (Siju George) Date: Tue, 5 May 2009 15:35:27 +0530 Subject: updating man.conf Message-ID: Hi, while updating packages i found the below instruction --- qt3-mt-3.8p2 ------------------- You may wish to add /usr/local/lib/qt3/man to /etc/man.conf --- samba-3.0.33 ------------------- what is the exact line I should add to man.conf and where should i add it? Is there anything else I should do after adding the line to man.conf to view the man page thanks --Siju From josh at jggimi.homeip.net Tue May 5 13:46:53 2009 From: josh at jggimi.homeip.net (Josh Grosse) Date: Tue, 5 May 2009 07:46:53 -0400 Subject: updating man.conf In-Reply-To: References: Message-ID: <20090505112610.M26263@jggimi.homeip.net> On Tue, 5 May 2009 15:35:27 +0530, Siju George wrote > Hi, > > while updating packages i found the below instruction > > --- qt3-mt-3.8p2 ------------------- > You may wish to add /usr/local/lib/qt3/man to /etc/man.conf > --- samba-3.0.33 ------------------- > > what is the exact line I should add to man.conf and where should i > add it? Is there anything else I should do after adding the line to man.conf > to view the man page Siju, First: Understand *why* qt3-mt was installed. Since Qt is a toolkit for building X11 GUIs, it is likely it is installed as a dependency for some other application. If you don't know what it does, use: $ pkg_info -D qt3-mt If you want to know what application has it as a dependency, use: $ pkg_info -R qt3-mt Second: Determine if you *need* Qt man pages. If it was a dependency, you probably will never be executing any of its five utilities, nor developing applications that make any of its four hundred and sixteen library calls. Third: Read the man.conf(5) man page. It describes the structure and syntax for the configuration file. Fourth: Read the existing /etc/man.conf file. Note the section headed by this comment line: # Other sections that represent complete man subdirectories. Fifth: Place your new entry in that section. From josh at jggimi.homeip.net Tue May 5 14:32:36 2009 From: josh at jggimi.homeip.net (Josh Grosse) Date: Tue, 5 May 2009 08:32:36 -0400 Subject: updating man.conf In-Reply-To: References: <20090505112610.M26263@jggimi.homeip.net> Message-ID: <20090505122658.M34762@jggimi.homeip.net> On Tue, 5 May 2009 17:45:09 +0530, Siju George wrote > I placed the new entry in that section but i cannot view the man page > using "man". You can, if you explicity specify the qt3 section, per man(1). If you want your qt3 section searched by default, follow the instructions in man.conf(5), which says: The section named ``_default'' is the list of directories that will be searched if no section is specified by the user. From sgeorge.ml at gmail.com Tue May 5 14:15:09 2009 From: sgeorge.ml at gmail.com (Siju George) Date: Tue, 5 May 2009 17:45:09 +0530 Subject: updating man.conf In-Reply-To: <20090505112610.M26263@jggimi.homeip.net> References: <20090505112610.M26263@jggimi.homeip.net> Message-ID: On Tue, May 5, 2009 at 5:16 PM, Josh Grosse wrote: > Fourth: > > Read the existing /etc/man.conf file. ?Note the section headed by this comment > line: > > # Other sections that represent complete man subdirectories. > > Fifth: > > Place your new entry in that section. > I placed the new entry in that section but i cannot view the man page using "man". here is my man.conf ======== # $OpenBSD: man.conf,v 1.14 2008/04/27 15:10:58 deanna Exp $ # Sheer, raging paranoia... _version BSD.2 # The whatis/apropos database. _whatdb /usr/share/man/whatis.db _whatdb /usr/local/man/whatis.db _whatdb /usr/X11R6/man/whatis.db _whatdb /usr/local/lib/qt3/man/whatis.db # Subdirectories for paths ending in '/', IN SEARCH ORDER. _subdir cat1 man1 cat8 man8 cat6 man6 cat2 man2 cat3 man3 cat5 man5 cat7 man7 cat4 man4 cat9 man9 cat3p man3p cat3f man3f catn mann # Files typed by suffix and their commands. # Note the order: .Z must come after .[1-9n].Z, or it will match first. _suffix .0 _build .0.Z /usr/bin/zcat %s _build .0.gz /usr/bin/gzcat %s _build .[1-9n] /usr/bin/nroff -man %s _build .[1-9n].Z /usr/bin/zcat %s | /usr/bin/nroff -man _build .[1-9n].gz /usr/bin/gzcat %s | /usr/bin/nroff -man _build .[1-9][a-z] /usr/bin/nroff -man %s _build .[1-9][a-z].Z /usr/bin/zcat %s | /usr/bin/nroff -man _build .[1-9][a-z].gz /usr/bin/gzcat %s | /usr/bin/nroff -man _build .tbl /usr/bin/tbl %s | /usr/bin/nroff -man _build .tbl.Z /usr/bin/zcat %s | /usr/bin/tbl | /usr/bin/nroff -man _build .tbl.gz /usr/bin/gzcat %s | /usr/bin/tbl | /usr/bin/nroff -man _build .me /usr/bin/nroff -me %s 2>/dev/null | cat -s _build .ms /usr/bin/nroff -ms %s 2>/dev/null | cat -s # Sections and their directories. # All paths ending in '/' are the equivalent of entries specifying that # directory with all of the subdirectories listed for the keyword _subdir. # default _default /usr/{share,X11R6,local}/man/ # Other sections that represent complete man subdirectories. X11 /usr/X11R6/man/ X11R6 /usr/X11R6/man/ local /usr/local/man/ qt3 /usr/local/lib/qt3/man/ # Specific section/directory combinations. 1 /usr/{share,X11R6,local}/man/{cat,man}1 2 /usr/{share,X11R6,local}/man/{cat,man}2 3 /usr/{share,X11R6,local}/man/{cat,man}3 3F /usr/local/man/{cat,man}3f 3f /usr/local/man/{cat,man}3f 3P /usr/{share,local}/man/{cat,man}3p 3p /usr/{share,local}/man/{cat,man}3p 4 /usr/{share,X11R6,local}/man/{cat,man}4 5 /usr/{share,X11R6,local}/man/{cat,man}5 6 /usr/{share,X11R6,local}/man/{cat,man}6 7 /usr/{share,X11R6,local}/man/{cat,man}7 8 /usr/{share,X11R6,local}/man/{cat,man}8 9 /usr/share/man/{cat,man}9 n /usr/local/man/{cat,man}n ===================================== thanks --Siju From davidianwalker at gmail.com Wed May 6 02:15:07 2009 From: davidianwalker at gmail.com (David Walker) Date: Wed, 6 May 2009 09:45:07 +0930 Subject: Myname and DNS. In-Reply-To: <363EB9F408E482C856EC668D@Mac-Pro.magehandbook.com> References: <363EB9F408E482C856EC668D@Mac-Pro.magehandbook.com> Message-ID: Hi Daniel. On 03/05/2009, Daniel Staal wrote: > --As of May 3, 2009 11:10:49 AM +0930, David Walker is alleged to have said: > >> Can someone please confirm whether I have this correct: >> /etc/hosts is a list of known machines for quick resolving without >> using external DNS servers or named. >> /etc/resolv.conf is instructions telling lookups whether to use the >> hosts file and what external DNS server to query. Also whether to use >> named. >> /etc/named.conf is the settings for running the local DNS server. > > Bingo: That's just about perfect, I think. Cool. I was patient when I read the man pages and I proof read (edited) my mail. :] > (And note from that you can both run named and not use it...) Of course. That's a good way for me to turn named on and off when I get stuck. >> I am looking through named.conf(5) and it is reasonably complex (for me). >> Are there any cheap setups that work? >> At the moment this is optional for me (BIND) but I would like to put >> some effort into it. > > I think the 'default' setup works for most uses straight out of the box. > (I haven't checked recently, I'll admit.) The most likely thing you'd have > to change is what interfaces/addresses named will listen on: I've seen some > defaults that would only listen on 127.0.0.1 to the local box. Cheers. > As for having your hostname match what a DNS query returns: It's not > necessary, except for certain uses as an internet-facing server. It's > often nice to have just one name for things, but often the one assigned by > you ISP isn't a great one. Yes. My ISP assigned name is long and a mish mash of IP address ... pppTHIRDOCTET-FOURTHOCTET.static.internode.on.net Still, as I do get confused by some of the name entries in configuration files I might give it a whirl. I might find some leet way to use it. :] > Daniel T. Staal Best wishes. From marmot at pennswoods.net Wed May 6 21:32:56 2009 From: marmot at pennswoods.net (Woodchuck) Date: Wed, 6 May 2009 15:32:56 -0400 Subject: Sendmail, gmail, ssl?, sasl? aaargh Message-ID: <97b0e1030905061232p4f2e5739ucddff635c24e6233@mail.gmail.com> My ISP has gone to using gmail. I have the fetchmail stuff for getting mail to me working. But now outbound mail is broken. Formerly, I used a sendmail daemon, with queues, etc etc, masquerading, blah blah, and with the critical feature of using the ISP smart host, which was mail.pennswoods.net. They (the ISP) have never heard of sendmail... but I gathered from them that now I have to send my mail through a new smarthost, namely "smtp.gmail.com", through port 465, using "SSL". Apparently outlook express and that sort of thing can do this easily. I have no clue how to proceed. Does someone have either clue, or a working sendmail .mc or .cf file for accomplishing this stunt? Probably also need an example /etc/mail/access[.db]. I apologize in advance for the lousy formatting of this email, but I am now reduced to the shame of using gmail's "webmail" "interface". Needless to say, I've done some research, but it is all gibberish. Thanks, Dave From javapunk at gmail.com Thu May 7 05:43:04 2009 From: javapunk at gmail.com (Kevin Arhelger) Date: Wed, 6 May 2009 22:43:04 -0500 Subject: Sendmail, gmail, ssl?, sasl? aaargh In-Reply-To: <97b0e1030905061232p4f2e5739ucddff635c24e6233@mail.gmail.com> References: <97b0e1030905061232p4f2e5739ucddff635c24e6233@mail.gmail.com> Message-ID: I set this up years ago but can't remember the details. Google should be able to provide an answer though. http://rajasuperman.blogspot.com/2006/09/gmail-as-smarthost-for-fre_115764792412436946.html was something I easily found. You basically just need to setup smarthost to do SMTP+SSL authentication. On Wed, May 6, 2009 at 2:32 PM, Woodchuck wrote: > My ISP has gone to using gmail. ?I have the fetchmail stuff for > getting mail to me working. > > But now outbound mail is broken. ?Formerly, I used a sendmail daemon, > with queues, etc etc, masquerading, blah blah, > and with the critical feature of using the ISP smart host, which was > mail.pennswoods.net. ? They (the ISP) have never > heard of sendmail... ?but I gathered from them that now I have to send > my mail through a new smarthost, > namely "smtp.gmail.com", through port 465, ?using "SSL". ? Apparently > outlook express and that sort of thing > can do this easily. > > I have no clue how to proceed. ?Does someone have either clue, or a > working sendmail .mc or .cf file for > accomplishing this stunt? ?Probably also need an example /etc/mail/access[.db]. > > I apologize in advance for the lousy formatting of this email, but I > am now reduced to the shame of using gmail's > "webmail" "interface". > > Needless to say, I've done some research, but it is all gibberish. > > Thanks, > > Dave > _______________________________________________ > Openbsd-newbies mailing list > Openbsd-newbies at sfobug.org > http://mailman.theapt.org/listinfo/openbsd-newbies > -- Kevin Arhelger kevarh at gmail.com From marmot at pennswoods.net Thu May 7 12:20:14 2009 From: marmot at pennswoods.net (Woodchuck) Date: Thu, 7 May 2009 06:20:14 -0400 Subject: my problem with ssl Message-ID: <97b0e1030905070320t34217a08q36a3d6b2b71a43e@mail.gmail.com> "You basically just need to setup smarthost to do SMTP+SSL authentication" -- Kevin Basically I knew that, thanks. But somehow I need to connect to port 465 of smtp.gmail.com Thanks for the reference to Freebsd. Sendmail is not the same, in particular in some of the details. Does anyone have a working configuration for OpenBSD sendmail, using port 465 to smtp.gmail.com as a smarthost? Thanks, Dave From stu at spacehopper.org Thu May 7 21:12:21 2009 From: stu at spacehopper.org (Stuart Henderson) Date: Thu, 7 May 2009 19:12:21 +0000 (UTC) Subject: my problem with ssl References: <97b0e1030905070320t34217a08q36a3d6b2b71a43e@mail.gmail.com> Message-ID: On 2009-05-07, Woodchuck wrote: > "You basically just need to setup smarthost to do SMTP+SSL > authentication" -- Kevin > > Basically I knew that, thanks. > > But somehow I need to connect to port 465 of smtp.gmail.com > > Thanks for the reference to Freebsd. Sendmail is not the same, in > particular in some > of the details. > > Does anyone have a working configuration for OpenBSD sendmail, using > port 465 to smtp.gmail.com as a smarthost? it's fiddly because you would need to install cyrus-sasl and recompile a special version of sendmail with different build options in order to use it. I'd generally recommend against it (it's particularly "fun" at upgrade time). some MUAs have direct support for smtp-auth, for example if you use Mutt, the -sasl flavour lets you do this: set smtp_url="smtps://user:password at host/" or ... "smtps://user.with.embedded.\@.symbol:password at host/" if you need this in an MTA you'll probably have better luck with some other one, say OpenSMTPd (recommend you track -current if you do this, it does work but is still beta code, you need to keep an eye on it and watch out for sharp edges ;-) or something like Postfix. (you still usually need cyrus-sasl, but it avoids a special build of some standard part of the OS, which is usually a good thing). From marmot at pennswoods.net Thu May 7 22:11:51 2009 From: marmot at pennswoods.net (Woodchuck) Date: Thu, 7 May 2009 16:11:51 -0400 Subject: my problem with ssl In-Reply-To: References: <97b0e1030905070320t34217a08q36a3d6b2b71a43e@mail.gmail.com> Message-ID: <97b0e1030905071311k1a7e9e71tcdd6a0e6a331e181@mail.gmail.com> On Thu, May 7, 2009 at 3:12 PM, Stuart Henderson wrote: > On 2009-05-07, Woodchuck wrote: >> "You basically just need to setup smarthost to do SMTP+SSL >> authentication" -- Kevin >> >> Basically I knew that, thanks. >> >> But somehow I need to connect to port 465 of smtp.gmail.com >> >> Thanks for the reference to Freebsd. Sendmail is not the same, in >> particular in some >> of the details. >> >> Does anyone have a working configuration for OpenBSD sendmail, using >> port 465 to smtp.gmail.com as a smarthost? > > it's fiddly because you would need to install cyrus-sasl and recompile a > special version of sendmail with different build options in order to use it. > I'd generally recommend against it (it's particularly "fun" at upgrade time). Done this. The rebuild of sendmail is fairly straightforward. One adds a switch to /etc/mk.conf ("WANT_SMTPAUTH=1" seemed to work), then does "make" in /usr/src/gnu/usr.sbin/sendmail and a "make install" in /usr/src/gnu/usr.sbin/sendmail/sendmail. (I put this in for future googlers). > some MUAs have direct support for smtp-auth, for example if you use Mutt, > the -sasl flavour lets you do this: I will try this; I have built the port yesterday, but wanted to continue sport with sendmail. > set smtp_url="smtps://user:password at host/" > or ... "smtps://user.with.embedded.\@.symbol:password at host/" Thanks, I'll keep this in mind. Some versions might want "smtps" defined in /etc/services (tcp 465). > if you need this in an MTA you'll probably have better luck with > some other one, say OpenSMTPd (recommend you track -current if you > do this, it does work but is still beta code, you need to keep an > eye on it and watch out for sharp edges ;-) or something like > Postfix. (you still usually need cyrus-sasl, but it avoids a > special build of some standard part of the OS, which is usually > a good thing). Yes, agree. But postfix opens its own cans of worms. (Mainly my learning curve. Darned if I'll buy a $40 book...) The itchy part of this is that I think I am close with sendmail. I need, I think, an "authinfo" file separate from /etc/mail/access. Thanks to you and Kevin! I !<3 sendmail Dave From davidianwalker at gmail.com Mon May 11 17:24:22 2009 From: davidianwalker at gmail.com (David Walker) Date: Tue, 12 May 2009 00:54:22 +0930 Subject: Compact flash, mounting in RAM. Message-ID: Konnichiwa. I have an ALIX (one of those little x86 boxes). As it uses CF as storage (limited read/write cycles) I want to mount it read only. That's the easy bit. As OpenBSD writes information to disk during normal use I would like to mount as much as possible in RAM (mfs) so that normal operation continues. For instance during boot, unless I mount /dev in RAM I get a whole bunch of error messages (a whole bunch). :] Also the pf log spits errors at me quite regularly - no surprises there. Originally I mounted /dev and /var in RAM with the following (cat fstab): /dev/wd0a / ffs rw 1 1 swap /dev mfs rw,-P=/populate/dev,-s=16384 0 0 swap /var mfs rw,-P=/populate/var,-s=32768 0 0 swap /tmp mfs rw,-s=16384 0 0 Hey I solved my first problem (I think). I was going to ask how to populate (-P) the mfs mounts without having to duplicate the original directories on my CF (/populate). I think I could populate them straight from the original directories. :] Anyway, are there other ways to populate mfs mounts with system files? Is there any way to mount only the specific files I need? For instance if I never use a specific log file is there any way to not mount it? Reading the man pages seems to suggest that mount only works on directories. Best wishes. From stu at spacehopper.org Mon May 11 22:33:06 2009 From: stu at spacehopper.org (Stuart Henderson) Date: Mon, 11 May 2009 20:33:06 +0000 (UTC) Subject: Compact flash, mounting in RAM. References: Message-ID: On 2009-05-11, David Walker wrote: > I have an ALIX (one of those little x86 boxes). > As it uses CF as storage (limited read/write cycles) I want to mount > it read only. I use a bunch of CF based systems, and mount most of them read-write. I've done so for years, and haven't had any problems as a result. I've got a 64MB card that was written regularly for 5+ years that still works (decommissioned as the motherboard it was attached to died). I've had cards fail, but mostly after just a month or two, and other identical cards bought at the same time in the same conditions (similar number of write/erase cycles) have been totally ok, so I'm putting that down to individual bad cards. I mount read-only on some machines to avoid fscks: for remote systems where untrained staff might need to power-cycle or if I'm worried about power failure. That's the only reason. > As OpenBSD writes information to disk during normal use I would like > to mount as much as possible in RAM (mfs) so that normal operation > continues. > For instance during boot, unless I mount /dev in RAM I get a whole > bunch of error messages (a whole bunch). :] > Also the pf log spits errors at me quite regularly - no surprises there. > > Originally I mounted /dev and /var in RAM with the following (cat fstab): > /dev/wd0a / ffs rw 1 1 > swap /dev mfs rw,-P=/populate/dev,-s=16384 0 0 > swap /var mfs rw,-P=/populate/var,-s=32768 0 0 > swap /tmp mfs rw,-s=16384 0 0 > > Hey I solved my first problem (I think). > I was going to ask how to populate (-P) the mfs mounts without having > to duplicate the original directories on my CF (/populate). > I think I could populate them straight from the original directories. :] If it were some other filesystem, you could mount once, cp, umount, then mount under the different path. Not really an option for a ramdisk which is destroyed at umount time though... I keep two copies of /dev, one in /dev (for single-user boots etc), and one in /dev_src which is used to populate the MFS. At upgrade time you need to copy the new MAKEDEV in, and re-run it. You can have a smaller /dev if you adjust the -i value. e.g. swap /dev mfs rw,nosuid,-s=4096,-i=1024,-P=/dev_src 0 0 > Anyway, are there other ways to populate mfs mounts with system files? > Is there any way to mount only the specific files I need? > For instance if I never use a specific log file is there any way to > not mount it? No. You could adjust the path of some file in syslog.conf and newsyslog.conf though. There is also the option of using a circular memory-buffer for logs, see syslogd(8) -s, syslogc(8), syslog.conf(5), but you probably need to write to some other things in /var (e.g. /var/run, /var/tmp; they could be symlinks though). At least if a file is never used, it's not going to take a lot of space on the ram disk :-) From davidianwalker at gmail.com Tue May 12 12:33:26 2009 From: davidianwalker at gmail.com (David Walker) Date: Tue, 12 May 2009 20:03:26 +0930 Subject: Compact flash, mounting in RAM. In-Reply-To: References: Message-ID: Hi Stuart. On 12/05/2009, Stuart Henderson wrote: > I use a bunch of CF based systems, and mount most of them read-write. > I've done so for years, and haven't had any problems as a result. > > I've had cards fail, but mostly after just a month or two, and other > identical cards bought at the same time in the same conditions (similar > number of write/erase cycles) have been totally ok, so I'm putting that > down to individual bad cards. I will stop stressing then. >> Hey I solved my first problem (I think). >> I was going to ask how to populate (-P) the mfs mounts without having >> to duplicate the original directories on my CF (/populate). >> I think I could populate them straight from the original directories. :] I'd like a recount on that. Obviously it will not work. Haha. >> Anyway, are there other ways to populate mfs mounts with system files? >> Is there any way to mount only the specific files I need? >> For instance if I never use a specific log file is there any way to >> not mount it? > > No. > > You could adjust the path of some file in syslog.conf and > newsyslog.conf though. There is also the option of using a circular > memory-buffer for logs, see syslogd(8) -s, syslogc(8), syslog.conf(5), > but you probably need to write to some other things in /var (e.g. > /var/run, /var/tmp; they could be symlinks though). That's the kind of road I was thinking of. > At least if a file is never used, it's not going to take a lot of > space on the ram disk :-) True. It bugs me to duplicate every file in /var. Especially things like /var/www/icons ... It really bugs me to duplicate /dev and /var on the CF to be able to copy them to RAM. Triplicate. I think some fancy script is what I need. MAKEDEV to my RAM /dev and changing the paths to the log files. I know I won't sleep well till it's done. :] Thanks for the clarification. Best wishes. From davidianwalker at gmail.com Tue May 12 16:27:59 2009 From: davidianwalker at gmail.com (David Walker) Date: Tue, 12 May 2009 23:57:59 +0930 Subject: Compact flash, mounting in RAM. In-Reply-To: <1242133182.6199.16.camel@angello-vaio> References: <1242133182.6199.16.camel@angello-vaio> Message-ID: Hi Angello. On 12/05/2009, angello wrote: > Hi, > try this: > http://www.nmedia.net/flashdist/ > > I've used it for wraps, now I use it for alixes, never had single > problem. > > br > angello I have no reason to have a router other than as a geek toy. :] In other words the whole reason I bought it was to learn more about OpenBSD. In the last few weeks I have: > pxeboot, tftpboot, from my desktop (getting quite good at it now). > install to CF over the network (getting pretty good at that also). > learnt how to terminate a PPPoe session (too easy). > learnt a little about resolving > started using pf > learnt more about fstab > plenty of other stuff Most excitingly I have finally unshackled myself from pico and started using vi. What possible reason would I have for installing a pre built puffy? I'm sure you can see my point. :] Not to say it's not a geat idea. It's not where I am at. :] Best wishes. From angello at post.cz Tue May 12 14:59:42 2009 From: angello at post.cz (angello) Date: Tue, 12 May 2009 14:59:42 +0200 Subject: Compact flash, mounting in RAM. In-Reply-To: References: Message-ID: <1242133182.6199.16.camel@angello-vaio> On Tue, 2009-05-12 at 12:33 +0200, David Walker wrote: > Hi Stuart. > > On 12/05/2009, Stuart Henderson wrote: > > I use a bunch of CF based systems, and mount most of them read-write. > > I've done so for years, and haven't had any problems as a result. > > > > I've had cards fail, but mostly after just a month or two, and other > > identical cards bought at the same time in the same conditions (similar > > number of write/erase cycles) have been totally ok, so I'm putting that > > down to individual bad cards. > > I will stop stressing then. > > >> Hey I solved my first problem (I think). > >> I was going to ask how to populate (-P) the mfs mounts without having > >> to duplicate the original directories on my CF (/populate). > >> I think I could populate them straight from the original directories. :] > > I'd like a recount on that. Obviously it will not work. Haha. > > >> Anyway, are there other ways to populate mfs mounts with system files? > >> Is there any way to mount only the specific files I need? > >> For instance if I never use a specific log file is there any way to > >> not mount it? > > > > No. > > > > You could adjust the path of some file in syslog.conf and > > newsyslog.conf though. There is also the option of using a circular > > memory-buffer for logs, see syslogd(8) -s, syslogc(8), syslog.conf(5), > > but you probably need to write to some other things in /var (e.g. > > /var/run, /var/tmp; they could be symlinks though). > > That's the kind of road I was thinking of. > > > At least if a file is never used, it's not going to take a lot of > > space on the ram disk :-) > > True. > It bugs me to duplicate every file in /var. > Especially things like /var/www/icons ... > It really bugs me to duplicate /dev and /var on the CF to be able to > copy them to RAM. > Triplicate. > > I think some fancy script is what I need. > MAKEDEV to my RAM /dev and changing the paths to the log files. > I know I won't sleep well till it's done. :] > > Thanks for the clarification. > > Best wishes. > _______________________________________________ > Openbsd-newbies mailing list > Openbsd-newbies at sfobug.org > http://mailman.theapt.org/listinfo/openbsd-newbies Hi, try this: http://www.nmedia.net/flashdist/ I've used it for wraps, now I use it for alixes, never had single problem. br angello From sgeorge.ml at gmail.com Thu May 14 16:36:15 2009 From: sgeorge.ml at gmail.com (Siju George) Date: Thu, 14 May 2009 20:06:15 +0530 Subject: using afsd to get OpenBSD Message-ID: Hi, How do I get OpenBSd install sets using afsd? What is the syntax/procedure? Thanks Siju From bsd4me at cableone.net Fri May 15 16:21:00 2009 From: bsd4me at cableone.net (Michael) Date: Fri, 15 May 2009 08:21:00 -0600 Subject: mistake with following stable Message-ID: <20090515142100.GA17647@iliamna.my.domain> After using anoncvs to get source tree, I started to rebuild the kernel. After 1 hr of the computer still building the kernel, I realized what dumb mistake I made. I had followed the instructions to rebuild the binaries instead! I hit ctl-c. My question is can I now start over, build the kernel and then binaries as I'm supposed to? For this machine, I was about 2/3 way through building binaries when I quit. I am running 4.5: OpenBSD iliamna.my.domain 4.5 GENERIC#0 i386 Thanks for your help Maybe you'll have a nice chuckle with this "first for me" mistake :) Mike From bsd4me at cableone.net Fri May 15 19:45:29 2009 From: bsd4me at cableone.net (Michael) Date: Fri, 15 May 2009 11:45:29 -0600 Subject: mistake with following stable In-Reply-To: <20090515172840.M35479@jggimi.homeip.net> References: <20090515142100.GA17647@iliamna.my.domain> <20090515172840.M35479@jggimi.homeip.net> Message-ID: <20090515174529.GB17647@iliamna.my.domain> On Fri, May 15, 2009 at 01:35:43PM -0400, Josh Grosse wrote: > On Fri, 15 May 2009 08:21:00 -0600, Michael wrote > > After using anoncvs to get source tree, I started to rebuild the > > kernel. After 1 hr of the computer still building the kernel, I > > realized what dumb mistake I made. I had followed the instructions > > to rebuild the binaries instead! I hit ctl-c. My question is can I > > now start over, build the kernel and then binaries as I'm supposed > > to? For this machine, I was about 2/3 way through building binaries > > when I quit. I am running 4.5: OpenBSD iliamna.my.domain 4.5 > > GENERIC#0 i386 > > No worries. You were building -stable, so the order of build is not critical, > as there is no new functionality added to either the kernel or userland for > -stable. > > Building the kernel first is important for -current, where new functionality > might be necessary to successfully conduct the userland build. > > You may restart the userland build at your convenience. You should not need > to clear /usr/obj first, but if you do so, be sure to "make obj" before > continuing. Thank-you! I was afraid I would have to install /usr/src again and start over. Mike From josh at jggimi.homeip.net Fri May 15 19:35:43 2009 From: josh at jggimi.homeip.net (Josh Grosse) Date: Fri, 15 May 2009 13:35:43 -0400 Subject: mistake with following stable In-Reply-To: <20090515142100.GA17647@iliamna.my.domain> References: <20090515142100.GA17647@iliamna.my.domain> Message-ID: <20090515172840.M35479@jggimi.homeip.net> On Fri, 15 May 2009 08:21:00 -0600, Michael wrote > After using anoncvs to get source tree, I started to rebuild the > kernel. After 1 hr of the computer still building the kernel, I > realized what dumb mistake I made. I had followed the instructions > to rebuild the binaries instead! I hit ctl-c. My question is can I > now start over, build the kernel and then binaries as I'm supposed > to? For this machine, I was about 2/3 way through building binaries > when I quit. I am running 4.5: OpenBSD iliamna.my.domain 4.5 > GENERIC#0 i386 No worries. You were building -stable, so the order of build is not critical, as there is no new functionality added to either the kernel or userland for -stable. Building the kernel first is important for -current, where new functionality might be necessary to successfully conduct the userland build. You may restart the userland build at your convenience. You should not need to clear /usr/obj first, but if you do so, be sure to "make obj" before continuing. From josh at jggimi.homeip.net Fri May 15 19:50:15 2009 From: josh at jggimi.homeip.net (Josh Grosse) Date: Fri, 15 May 2009 13:50:15 -0400 Subject: mistake with following stable In-Reply-To: <20090515174529.GB17647@iliamna.my.domain> References: <20090515142100.GA17647@iliamna.my.domain> <20090515172840.M35479@jggimi.homeip.net> <20090515174529.GB17647@iliamna.my.domain> Message-ID: <20090515174910.M30594@jggimi.homeip.net> On Fri, 15 May 2009 11:45:29 -0600, Michael wrote > I was afraid I would have to install /usr/src again and start over. No, Mike, that's the whole point of the object directory links; to keep src fairly pristine. :) From bsd4me at cableone.net Fri May 15 22:36:17 2009 From: bsd4me at cableone.net (Michael) Date: Fri, 15 May 2009 14:36:17 -0600 Subject: mistake with following stable In-Reply-To: <20090515174910.M30594@jggimi.homeip.net> References: <20090515142100.GA17647@iliamna.my.domain> <20090515172840.M35479@jggimi.homeip.net> <20090515174529.GB17647@iliamna.my.domain> <20090515174910.M30594@jggimi.homeip.net> Message-ID: <20090515203617.GA9365@iliamna.my.domain> On Fri, May 15, 2009 at 01:50:15PM -0400, Josh Grosse wrote: > On Fri, 15 May 2009 11:45:29 -0600, Michael wrote > > > I was afraid I would have to install /usr/src again and start over. > > No, Mike, that's the whole point of the object directory links; to keep src > fairly pristine. :) > Thanks for that info. This old dog learned a few things from asking for help ;) System is upgraded and running fine. Now, I'm starting an upgrade on a different machine from 4.4 to 4.5. Mike From vim.unix at googlemail.com Sun May 31 12:56:59 2009 From: vim.unix at googlemail.com (Pau) Date: Sun, 31 May 2009 12:56:59 +0200 Subject: Questions about vpn Message-ID: <30c383e70905310356q44d7ac7cu82c9b71ccfa7c0fd@mail.gmail.com> Hello, I have two questions regarding vpn. (1) My institute has a vpn net to which I would like to connect from home. This would save me a lot of ssh'ing because currently I have to go through two "portals"; there are also other intersting things, such as being able to download papers from online Journals since our institute has subscribed to virtually all existing journals in our field. So this is the first newbie question: How do I connect to the vpn net (of course I have all passwds etc) from my OpenBSD laptop? The machines in the institute are linux but I think this is irrelevant. (2) Also, I have internet at home, of course. I can use wireless and it's working pretty well but I am worried about security. WEP is out of question, because you can break that one in a couple of 3 minutes if you have a strong signal; I know it because I have played a lot with aircrack for this at home with my own net and it takes that amount of time. WPA is certainly more secure but with a good dictionary I believe (never did it) that if you can gather some 3 hours of packets you should be able to break the password in some hours. So I read "somewhere" (newbie, newbie) that you can use vpn to create very secure wireless connection points. Is this true? If so, how can this be done? How in/compatible is this with pf? thanks, Pau From vim.unix at googlemail.com Sun May 31 20:38:54 2009 From: vim.unix at googlemail.com (Pau) Date: Sun, 31 May 2009 20:38:54 +0200 Subject: Questions about vpn In-Reply-To: <5f5811f00905311026h40a9bb43me2eb97670e4abe95@mail.gmail.com> References: <30c383e70905310356q44d7ac7cu82c9b71ccfa7c0fd@mail.gmail.com> <5f5811f00905311026h40a9bb43me2eb97670e4abe95@mail.gmail.com> Message-ID: <30c383e70905311138ka20522bx1cc3cd3914d44d3a@mail.gmail.com> Hello, A bit more of information As regarding to point (1): =============== The institute has a web page where they explain that "Access from hosts located outside: You should use the Cisco VPN Client software" For this, they give explanations to install it for linux, macosx and windows. For the linux client, they specify that one needs: * Red Hat Version 6.2 Linux (i386) or later, or compatible libraries with glibc Version 2.1.1-6 or later, using kernel Versions 2.2.12 or later. [Note: No support of SMP (multiprocessor) kernels] * Linux Kernel Sources configured according to your running kernel What's worse, they provide you with a binary. This is proprietary software and the sources are not available. Other than that, one needs only the UNIX username and UNIX password for authentication. How can I do this without the Cisco VPN blobs? As for point (2): ========== I was meaning whether I can set up openvpn or so for my home wireless connection, between router and laptops thanks, Pau 2009/5/31 Fernando Quintero : > > hi, > > On Sun, May 31, 2009 at 5:56 AM, Pau wrote: >> >> Hello, >> >> I have two questions regarding vpn. >> >> (1) My institute has a vpn net to which I would like to connect from >> home. This would save me a lot of ssh'ing because currently I have to >> go through two "portals"; there are also other intersting things, such >> as being able to download papers from online Journals since our >> institute has subscribed to virtually all existing journals in our >> field. >> >> So this is the first newbie question: How do I connect to the vpn net >> (of course I have all passwds etc) from my OpenBSD laptop? The >> machines in the institute are linux but I think this is irrelevant. > > Uhmm maybe your institute give you some doc about that VPN, maybe what kind > of VPN, what protocols or something like that. > You need check if there is using pptp, ipsec, or vpn with certs, etc. > If you get this information, configurate the OpenBSD box is easy. > >> >> (2) Also, I have internet at home, of course. I can use wireless and >> it's working pretty well but I am worried about security. WEP is out >> of question, because you can break that one in a couple of 3 minutes >> if you have a strong signal; I know it because I have played a lot >> with aircrack for this at home with my own net and it takes that >> amount of time. WPA is certainly more secure but with a good >> dictionary I believe (never did it) that if you can gather some 3 >> hours of packets you should be able to break the password in some >> hours. > > You can configurate good passwords for WPA, and protect your boxes, i think > it's so difficult gain acces to your information with it. > >> >> So I read "somewhere" (newbie, newbie) that you can use vpn to create >> very secure wireless connection points. Is this true? If so, how can >> this be done? How in/compatible is this with pf? > > Uhmm, do you want conecct 2 points? trought wireless?, i don't understand, > pf works with that kind of conf. Just you need know what exactly want to do. > >> >> thanks, >> >> Pau >> _______________________________________________ >> Openbsd-newbies mailing list >> Openbsd-newbies at sfobug.org >> http://mailman.theapt.org/listinfo/openbsd-newbies > > > > -- > -------------- > > Fernando Quintero > http://nonroot.blogspot.com/ > *Just a nonroot User* > -- Let there be peace on earth. And let it begin with misc From stu at spacehopper.org Sun May 31 21:10:54 2009 From: stu at spacehopper.org (Stuart Henderson) Date: Sun, 31 May 2009 19:10:54 +0000 (UTC) Subject: Questions about vpn References: <30c383e70905310356q44d7ac7cu82c9b71ccfa7c0fd@mail.gmail.com> <5f5811f00905311026h40a9bb43me2eb97670e4abe95@mail.gmail.com> <30c383e70905311138ka20522bx1cc3cd3914d44d3a@mail.gmail.com> Message-ID: On 2009-05-31, Pau wrote: > > The institute has a web page where they explain that > "Access from hosts located outside: You should use the Cisco VPN > Client software" there's a client for Cisco VPN devices in /usr/ports/security/vpnc, I haven't used it but it should work out ok. > I was meaning whether I can set up openvpn or so for my home wireless > connection, between router and laptops yes, or you can use ssh tunnel-forwarding, or ipsec. it is probably easier to configure ipsec between openbsd systems (using ipsec.conf) than it is to configure the other methods. see isakmpd(8) "PUBLIC KEY AUTHENTICATION" and ipsec.conf(5) "AUTOMATIC KEYING" as a starting point if you would like to try this. apart from writing an ipsec.conf line, in rc.conf.local you will need to start isakmpd and load the ipsec.conf file, and you'll also need to copy the laptop's public key to the router and vice-versa. From vim.unix at googlemail.com Sun May 31 23:19:58 2009 From: vim.unix at googlemail.com (Pau) Date: Sun, 31 May 2009 23:19:58 +0200 Subject: Questions about vpn In-Reply-To: References: <30c383e70905310356q44d7ac7cu82c9b71ccfa7c0fd@mail.gmail.com> <5f5811f00905311026h40a9bb43me2eb97670e4abe95@mail.gmail.com> <30c383e70905311138ka20522bx1cc3cd3914d44d3a@mail.gmail.com> Message-ID: <30c383e70905311419w79eb330v8a8c85f1565b86d3@mail.gmail.com> Hello, thanks for the point. vpnc is working great. Nice. I was fed up of typing a billion times my password. I can also download all articles I need from firefox. Simply wonderful. I will look at the other point when I have time (which means that I will never look at it, I think) thanks Pau 2009/5/31 Stuart Henderson : > On 2009-05-31, Pau wrote: >> >> The institute has a web page where they explain that >> "Access from hosts located outside: You should use the Cisco VPN >> Client software" > > there's a client for Cisco VPN devices in /usr/ports/security/vpnc, > I haven't used it but it should work out ok. > >> I was meaning whether I can set up openvpn or so for my home wireless >> connection, between router and laptops > > yes, or you can use ssh tunnel-forwarding, or ipsec. > > it is probably easier to configure ipsec between openbsd systems (using > ipsec.conf) than it is to configure the other methods. > > see isakmpd(8) "PUBLIC KEY AUTHENTICATION" and ipsec.conf(5) "AUTOMATIC > KEYING" as a starting point if you would like to try this. > > apart from writing an ipsec.conf line, in rc.conf.local you will need > to start isakmpd and load the ipsec.conf file, and you'll also need to > copy the laptop's public key to the router and vice-versa. > > > _______________________________________________ > Openbsd-newbies mailing list > Openbsd-newbies at sfobug.org > http://mailman.theapt.org/listinfo/openbsd-newbies > -- Let there be peace on earth. And let it begin with misc From vim.unix at googlemail.com Sun May 31 23:30:17 2009 From: vim.unix at googlemail.com (Pau) Date: Sun, 31 May 2009 23:30:17 +0200 Subject: Questions about vpn In-Reply-To: <30c383e70905311419w79eb330v8a8c85f1565b86d3@mail.gmail.com> References: <30c383e70905310356q44d7ac7cu82c9b71ccfa7c0fd@mail.gmail.com> <5f5811f00905311026h40a9bb43me2eb97670e4abe95@mail.gmail.com> <30c383e70905311138ka20522bx1cc3cd3914d44d3a@mail.gmail.com> <30c383e70905311419w79eb330v8a8c85f1565b86d3@mail.gmail.com> Message-ID: <30c383e70905311430t4fe218d3v2724af1e1af518a7@mail.gmail.com> PS: http://blog.innerewut.de/2005/7/4/openvpn-2-0-on-openbsd This is looking very promising. So, to your opinion openvpn used to connect a laptop to the local network is (much?) more secure than WPA? Pau 2009/5/31 Pau : > Hello, > > thanks for the point. > > vpnc is working great. Nice. I was fed up of typing a billion times my > password. I can also download all articles I need from firefox. Simply > wonderful. > > I will look at the other point when I have time (which means that I > will never look at it, I think) > > thanks > > Pau > > 2009/5/31 Stuart Henderson : >> On 2009-05-31, Pau wrote: >>> >>> The institute has a web page where they explain that >>> "Access from hosts located outside: You should use the Cisco VPN >>> Client software" >> >> there's a client for Cisco VPN devices in /usr/ports/security/vpnc, >> I haven't used it but it should work out ok. >> >>> I was meaning whether I can set up openvpn or so for my home wireless >>> connection, between router and laptops >> >> yes, or you can use ssh tunnel-forwarding, or ipsec. >> >> it is probably easier to configure ipsec between openbsd systems (using >> ipsec.conf) than it is to configure the other methods. >> >> see isakmpd(8) "PUBLIC KEY AUTHENTICATION" and ipsec.conf(5) "AUTOMATIC >> KEYING" as a starting point if you would like to try this. >> >> apart from writing an ipsec.conf line, in rc.conf.local you will need >> to start isakmpd and load the ipsec.conf file, and you'll also need to >> copy the laptop's public key to the router and vice-versa. >> >> >> _______________________________________________ >> Openbsd-newbies mailing list >> Openbsd-newbies at sfobug.org >> http://mailman.theapt.org/listinfo/openbsd-newbies >> > > >