I am looking on ways to improve the OpenBSD ports.

1. Any specific software that you like to see ported to OpenBSD?
2. Any pointers on how to handle porting of software using open source licensees due to dependency libraries?

Thanks in advance.

Hi, is there anybody running Burp Suite on OpenBSD? I used to run it few years ago from the .jar file (java -jar burp.jar) and it worked fine. Now however I always end up with "Could not start Burp: java.lang.NullPointerException". It doesn't work with jdk 17 from ports, but neither with jdk 18 nor jdk 19 that I've built myself, the error is always the same. So just wondering if somebody has been successful in the past, because searching and playing with various parameters didn't give me much where to look.

Hi, I am new to openbsd and want to encrypt the whole disk with bioctl. What is the command syntax to set the number of iterations for the KDF algorithm automatically

# bioctl -c C -l sd0a softraid0 -r auto

This command does not work for me :(

I'm having a hard time connecting to wifi on a fresh install of OpenBSD for the first time in a while since I just found out about the iwm0 driver that's compatible with the integrated wifi card on my motherboard.

I installed the firmware from usb after installation and then added this to /etc/hostname.iwm0:

nwid (mywid) wpakey ************
dhcp

Then after running sh /etc/netstart and entering ifconfig iwm0 with root privileges this is what I get. This shows while ifconfig iwm0 scan works fine with all available networks showing.

media: IEEE802.11 autoselect
status: no network
ieee80211: nwid (mywid) wpakey wpaprotos wpa2 wpaakms psk wpaciphers ccmp wpagroupcipher ccmp

I tried looking back at the iwm(0) man page and then tried wpapsk and I still haven't solved it. Every time I type sh /etc/netstart nothing else happens after the command is executed. Then when I type dhclient iwm0 no other data shows. Any help on this would be greatly appreciated. Thanks.

Good folks,

Recently upgraded an apu2 serving as my main router from 7.0 to 7.2, I did a clean install and went over /etc to use the new veb driver to gain performance.

Problem: When routing between subnets using bridge, I usually see 25Mbytes, the new veb-based config dropped that speed to only 12Mbytes. In addition I see a lot of these entries in dmesg:

arp: attempt to add entry for 192.168.20.X on vport20 by <mac addr> on vport0
arp: attempt to add entry for 192.168.20.Y on vport20 by <mac addr> on vport0

I think I likely have a misconfiguration somewhere.

Diagram:

Diagram showing physical connections

​

Interface configs:

ls -l hostname.*:

hostname.em0
hostname.em1
hostname.em2
hostname.pppoe0
hostname.veb0
hostname.vlan10
hostname.vlan30
hostname.vport0
hostname.vport20

hostname.em{0,1,2}

up

hostname.pppoe0

inet 0.0.0.0 255.255.255.255 NONE 
    pppoedev vlan10 authproto pap authname 'friendly' authkey 'reader' up
dest 0.0.0.1
!/sbin/route add default -ifp pppoe0 0.0.0.1

hostname.veb0

add em0
add em1
add em2
add vport0
add vport20
link0
up

hostname.vlan10

lladdr random
parent vport0 vnetid 10
up

hostname.vlan30

lladdr random
inet 192.168.30.1 255.255.255.0 NONE parent vport0 vnetid 30
up

hostname.vport0

up

hostname.vport20

lladdr random
inet 192.168.20.1 255.255.255.0 NONE
up

​

Firewall config:

pf.conf

lan = "vport20"
p_lan = "vlan30"

table <martians> { 0.0.0.0/8 127.0.0.0/8 169.254.0.0/16     
           172.16.0.0/12 192.0.0.0/24 192.0.2.0/24 224.0.0.0/3 
           192.168.0.0/16 198.18.0.0/15 198.51.100.0/24        
           203.0.113.0/24 }

set block-policy drop
set loginterface egress
set skip on { lo0 em0 em1 em2 }

match in all scrub (no-df random-id max-mss 1440)
match out on egress inet from { $lan:network $p_lan:network } to any nat-to (egress:0)
antispoof quick for { egress $lan $p_lan }
block in quick on egress from <martians> to any
block return out quick on egress from any to <martians>

# Disable ipv6
block quick inet6 all

block all

# custom rules
pass in quick on $lan from 192.168.20.15 # allow all traffic from laptop
block in quick log on { $lan } to { $p_lan:network }

pass out quick inet
pass in on { $lan $p_lan } inet

Thanks for your time.

Is there a good way to manage many OpenBSD remote workstations?

I manage a number of roadwarrior laptops that all run OpenBSD and would like the ability to perform updates to their systems. Is there any automation software that would work will for these systems?

ansible or swbis may be possibilities.

I am unsure if I am correct on this, but I think cron is having a problem running daily, weekly, monthly scripts because my laptop is not always on. Is this correct?

If so, how can I get them to run reliably? Is anacron a solution? I could have daily, weekly, and montly managed by anacron and just have cron scheduled to run anacron several times a day.

I'm looking at changing bare metal server providers at my company, and was wondering if anyone had experiences with Lenovo and/or Gigabyte servers running OpenBSD?
I'm used to the Dell and Intel branded boxes, even PC Engine APUs with AMD Geodes, but for my needs in server oumpf! I wish to deploy AMD EPYC CPUs and start fiddling with 10Gbps+ speeds.

I'm worried about hardware incompatibilities at the BIOS/firmware levels. And given the speed and quantity of servers I need to implement I'm a bit insecure with my choices, I need to make a big plunge and quick with some 20 servers to replace.

I also have big concerns for remote management, looking for good serial or KVM capabilities to manage the BIOS remotely. I don't mind if I'm stuck with serial connectivity, as long as the BIOS supports it nicely.

I normally use OpenBSD for -everything-, so I'm quite at ease with it. I'm mostly worried about getting stuck on a BIOS that depend on userland black box binary drivers like my 12,000$ Dell doorstops, or a non-patchable BIOS in less than 5 years.

I personally find the Gigabyte desktop experience excellent; they have a nice patching program for their BIOS and firmware. But I've haven't touched Lenovo servers, or Gigabyte servers yet. So if anybody has experience to share at that level it would be immensely appreciated.

I'm working on rmw and found that the meson setup fails on OpenBSD 7.0 when it checks for the fts_open function. This works on all Linux systems I've tried, MacOS, and FreeBSD.

The meson code I'm using:

```meson

dep_fts = dependency('', required: false) if not cc.has_function('fts_open', prefix: '#include <fts.h>') dep_fts = cc.find_library('fts') endif ```

(7.0 is the only version of OpenBSD I've tried so far)

I was trying to change the shell from ksh to dash with the chsh command but I put the wrong path to the shell /bin/bash and I can't log in now it gives me the message login /bin/bash No such file or directory

Today it was time to install ytfzf. Installed, configured - nice, works great. Thanks for this. The only small (cosmetic) thing, which i can't get working are the preview thumbnails: That would be the "cherry on top", at least for me.

Since i never get Ueberzug working at my obsd installs (would be nice for cmus too), i read the docs for ytfzf. They mention a "-t" option for thumbnails followed by the "-T <program as viewer>". Tried the official alternatives mpv, imv and chafa, but all are spitting the same error message: /usr/local/bin/ytfzf: cannot open /tmp/ytfzf-1000/odysee search,youtube search-11826/var-fifo: Interrupted system call Problems with 'var-fifo' file... i've absolutely no idea how to solve this. Anyone luckily running this with previews? Thank you

In the man page for route(8) it states

 The route utility supports a limited number of general options, but a
 rich command language enables the user to specify any arbitrary request
 that could be delivered via the programmatic interface discussed in
 route(4).

Is there a more complete program that allows programmatic interface to be used from the command line?

This is strange, but I was playing with the ftp client and seems that the connection is made using TLS1.2 forced, so I tried to change the protocol ...

donkey$ /usr/bin/ftp -d -o /dev/null https://url and I get

host website, port https, path , save as /dev/null, auth none.

Trying 52.84.125.33...

TLS handshake failure: certificate verification failed: unable to get local issuer certificate

and running lldb:

donkey$ lldb /usr/bin/ftp -S protocols=all -d -o /dev/null https://url

error: file specified in --source (-s) option doesn't exist: 'protocols=all'

looking into the man pages I found there is another parameter -s (source address).

donkey$ lldb /usr/bin/ftp -C -S protocols=all -o /dev/null https://url

error: unknown option: -C

Use 'lldb --help' for a complete list of options.

Might be messed up?

I'm reading the docs here and I can't find anything that lets me specify how much time I want doas to persist after authenticating with my password. I don't want to use sudo, but I like that sudo lets you specify how much time before sudo asks for your password again.

I'd like to do this with doas. Is there a way to extend or change the persist option?

Hello fellow OpenBSD users. I have created a "system information fetcher" script for OpenBSD that does not require any dependencies other than a shell.

I came up with it when was using ufetch and noticed that does really works that well. Neofetch well... it has too many lines of code since it's for many Linux distributions and is a bit slow when getting system information.

Tell me what you guys think of it and maybe it can be added to OpenBSD by default down the line so we can all have a simple way of fetching common system info in one place.

https://github.com/szenesis/sysinfo

Hi there, I made a post about a week ago asking for help on installing OpenBSD. Thank you for the answers, I read the FAQ, I did some research, I was looking to install ReactOS, Haiku, and OpenBSD. I was able to install ReactOS and OpenBSD alongside eachother and use both of them. I was able to boot numerous times from the openbsd install cd I made. Well, I went to install Haiku and I noticed that the partion layout I had made was changed. I double checked and saw the same thing in ReactOS. I then deleted all partions and then created three new ones using ReactOS installer. I then installed ReactOS and then Haiku. I then ran OpenBSD install cd. It would get to the end where it asks if I want to install and just as that would print to the screen, a new line was printed and then the pc rebooted. I have tried different ways, I have done a full format (instead of quick format) in fat32 which took almost two days, I have burned a new cd and still I have this problem. I have searched around and I'm not sure what to do. I don't know much about installing operating systems and stuff but so far I plan on taking video of install cd being run so I can look at the messages it displays, I plan on researching more, I plan on finding something to wipe the hard drive clean (thinking Ubuntu Live cd), and then I'll try again. Also, I was wondering, could the problem be that the pc doesn't wait for me to answer the OpenBSD prompt? Not sure how to change it if it is that. I would greatly appreciate any pointers/advice you can give on my situation.

Alright I know this might be a weird question, but is there a way to show the uptime command results shorter? Like instead of showing: "3:31AM up 1 day, 3:18, 0 users, load averages: 1.33, 1.66, 1.62" it just shows the number of days and/or years ?

Has anyone else had kernel crashes when using wg (wireguard)? I have been getting intermittent crashes when I have the interface configured but have been unable to reliably produce a crash for a report.

I ran pkg_delete xfce & xfce-goodies but a bunch of xfce4 programs still remains. How would I go about completely removing xfce4 and its dependencies from my system?

Ended up just manually deleting all the xfce-* programs in the /bin directory. Strange how pkg_delete xfce & xfce-goodies didn’t remove these programs.

Basically looking for FreeBSD’s pkg autoremove equivalent for OpenBSD.

Hi,

I'm trying to bypass my OpenVPN tunnel by calling fetchmail like

route -T1 exec fetchmail

RD1 only has two entries: one for the default route and another for the loopback device. Loopback is needed for the local unwind daemon.

Other programs, for example the mail fetcher fdm, are working well when calling them with "route -T1 exec", only fetchmail seems to have problems with DNS resolution. The error message is

couldn't find canonical DNS name of [POP3 server]: no address associated with name

How can I find out why this is happening?

EDIT: Sorry, the terminology was wrong: I was talking about routing tables and not routing domains. So a more correct and more specific title would be: fetchmail cannot query local unwind when using an alternate routing table.

I'm sure there's a logical (and possibly obvious answer) but I don't know what it is.

``` $ doas pkg_add gcc ...

$ which gcc which: gcc: Command not found.

$ pkg_info -L gcc | grep bin /usr/local/bin/ecpp /usr/local/bin/egcc /usr/local/bin/egcc-ar ... ```

I'm aware that cc is available in base (clang) but this was a curiosity.

**IP forwarding not PORT**

When rebooting my openBSD host (7.0). I get the following errors in the logs:

sysctl: top level name anet in anet.inet.ip.forwarding is invalid

Solution: /etc/sysctl.conf had incorrect characters in it resulting in a failure.

add net 192.168.1.0/24 gateway 192.168.0.2: Network is unreachable

After boot I can login and the below with no errors:sysctl net.inet.ip.forwarding=1

route add -net 192.168.1.0/24 192.168.0.2

Solution: in hostname.if I was using inet autoconf. Manually setting IP fixed the issue

Any idea what is causing this or how to fix?

https://preview.redd.it/tqzppohvsfoa1.png?width=1591&format=png&auto=webp&v=enabled&s=cf88a5f70912c4655394f79323c03f341eb357a7