I'm installing nginx and rtmp server i do make config for and select rtmp module, when I start nginx (Cannot open "/usr/local/libexec/nginx/ngx_rtmp_module.so) I look in the directory and its not there, any idea?

Package or port?

Looks like compilied|installed the port per "make config"

sn00p, Check the build log of "nginx" if some error about "rtmp" was printed

has protonvpn-cli been removed from the ports?

removed in june: cgit.freebsd.org/ports/commit/?id=2…4a12bba79baeabc41519ab19ab876baec32

Title: ports - FreeBSD ports tree

"REASON: Has expired: This version is deprecated and unsupported upstream. The port needs an update, which would require a fair amount of effort. Use OpenVPN or Wireguard with configuration files provided by ProtonVPN instead."

I see

koobs: I have openvpn configs extracted from another provider but cant seem to connect to them using openvpn --config vpnfile.ovpn

can anyone help with connecting to openvpn as client?

I've tried everything in the past several days

woland: May want to try #OpenVPn first, unless its isolated to be a ports/package/freebsd issue

You'll want to pastebin your configuration (sanitized) and connecitons logs

any specific cmds outputs that I must pipe to a pastebin before hand?

I'll try openvpn irc too

woland, You can send text data to termbin.com via "nc": nc termbin.com 9999 /file ; or, sh ; command 2>&1 | nc termbin.com 9999 -- after sending to termbin, you would see an URL printed

woland, Sorry make the nc-file command to be: nc termbin.com 9999 < /file

parv: can I use ix.io ?

woland, I don't know what ix is, does, or behaves. If you or anyone else prefers, don't let me hold you back

parv: thanks for the tip. I'll try my luck in #openvpn

this is giving me such pain tbh

woland: try wireguard or others? (tinc, govpn, tailscale, etc)

koobs: I'll look into it right now

is the networkmgr the same as networkmanager on linux?

link?

Title: FreshPorts -- net-mgmt/networkmgr: FreeBSD/GhostBSD network connection manager

Sounce is: WWW: github.com/GhostBSD/networkmgr

Title: GitHub - ghostbsd/networkmgr: NetworkMgr is a Python GTK3 network manager for FreeBSD, GhostBSD, TrueOS and DragonFlyBSD

"NetworkMgr is an open source, Network Manager based on the look of the Linux

Network Manager user interface. "

hmm should be close enough then underhood

completely different underhood (it has to be, linux/freebsd network commands different)

but "based on the look" of the linux networkmgr

so UI wise, probably similar

as much as I hate randomly installing pkgs, I'll give this a shot

networkmgr is not the linux networkmanager.

not even close.

and the linux NetworkManager (which is really libnm et al) will not get ported here.

even though most desktop tooling clamors for NetworkManager in some manner, our network stack is simply too different from what NetworkManager expects that the work needed to make it all work isn't worth it

I wonder if ip is port-able.

iptools2, doubtful

as is iw

s/iptools2/iproute2/

furthermore, iproute2 is GPLv2

frontend design portable :)

vishwin: yes thats understandable. However I cant understand why a simple matter of connecting to a vpn should require any more than installing the pkg and enabling the service. So far I've really enjoyed FreeBSD in the two weeks that I've been using it, but this vpn situation is such a headache for me now

woland: its a matter of ease of configuration of the software rather than the unerlying os

wireguard was specifically deisnged to be as zero friction as possible (compared to say openvpn) intentionally

for example

koobs: That may be but I've never had this issue on Arch for instance

this of course is different than tools provided by os's for os functionality, and these should be levelled up as far as possible with respect to UX

Speaking of doing things that hard way... I have a 128G UFS root install. I wanna move that to zfs. I have two 500G SSDs ready to go. Just perform an auto zoot on zfs install and copy files? Or is a slicker way to do it?

woland: the part that does overlap, is the extent to which a package might provide good defaults for use, and any additional extras to make things easier (startup scripts etc)

what bothers me most is that all the articles about setting up opnvpn are about setting up a server

woland: if you can identify what about an arch vs freebsd openvpn setup is different, we can certainly look to improve things if there's a delta

and not withstanding, openvpn has been known for quite a while to not exactly be trivial to setup

koobs: sure, I can get into it in the morning, or maybe even copy my arch defaults

I'd say there's almost zero config differences with freebsd openvpn (as a client) and Fedora.

all else (including configs) being identical, the only delta is really tun/tap/route setup, which openvpn mostly handles

since it abstracts over those devices

and supports many OS's directly

bottom line; with specific issues/problems known, its muych easier to conclude if and where improvements can be made on particular OS's

and we always look forward to those discussions

koobs: I'll make sure to keep you posted should I find the issue or the solution

we can also help with things if you have errors/etc or with more details of the issue youre experiencing

difficult to help without that detail

service openvpn start returns => ix.io/49Qc

openvpn --config de.ovpn returns => ix.io/49Qd

what user are you running openvpn start with ?

and there will likely be more information in the openvpn.log

privilledged user

with doas

with root it returns another error, /usr/local/etc/rc.d/openvpn: warning failed to start openvpn

my bad, arrow upped the wrong cmd

ix.io/49Qf is the contents of /usr/local/etc/rc.d/openvpn

so why does `service -e` dump warnings into /var/log/messages? like "/usr/sbin/service: WARNING: $ is not set properly - see rc.conf(5)."

Here "*.notice", among others, go to "/var/log/messages"

ya but what's the warning for? what isn't set properly?

that's in a fresh install meaning the OS is shipping with warnings

openvpn or sndiod isn't in base

so it's not "fresh"

and the warning is telling you what isn't set

'$' tho?

how can i debug that

Hello, my fellow BSD users. I have a question. What 'modern hardware' do people talk about when it comes to say, 'FreeBSD has problem with modern hardware' in comparison? What kind of hardware? What part?

Is there some magical feature that Linux enhances its hardwares while I and FreeBSD miss it out?

i think amd is still rougher than intel? not sure if that's still true

the magical feature is more hw drivers so more hw support is a fact

mictty: The magical feature is money, yes.

money or popularity amongst devs

it's just not as popular an open source project as linux is so it's a crude measure but it's less monkeys coding less lines

as a monkey =)

hey when i nmap freebsd with pf some tcp ports show up as "filtered unknown" but i dont have that port in my pf config at all and the default is to drop so i wonder why THAT port shows up?

it's a few, 72794 is one

and 7663 rome wtf?

how can i ask pf for whatever rules it has on 7663 port?

`pfctl -s rules` will show all active rules, but there should be more granular options described in the man page

ya i know that 1

but it shows names for ports lol

and it dont take -sn to show in number form like netstat -rn does

the n

I have one BSD machine since 2021. In the build all parts were, I believe, released at oldest in 2019, except the graphics because I don't need a desktop environment. I tried to be as modern and experimental as I could. My machine has never had Windows nor Linux in her entire life.

CPU: AMD Ryzen 7 5800X 8-Core Processor (3793.07-MHz K8-class CPU)

FreeBSD/SMP: Multiprocessor System Detected: 16 CPUs

cpu0: <ACPI CPU> on acpi0

I felt the 'modern hardware' problem can be misleading to the audience

what image pastebin do you use? let me paste somethin

mictty: modern CPUs will "work" for the most part provided they don't present anything too different than what came before, that is largely going to be dependent on the motherboard as well. But it's all of the things which need to talk to all the other hardware [drivers basically, as others have said].

you had a 5800X, but did all the thermal sensors work on it?

what about storage?

network [particularly wifi] drivers can be problematic, as can things like bluetooth, audio.....

putting together a bare rig which operates from a terminal is well and good, but when people make comparisons to linux, they almost always are referring to something with a GUI, and/or runs on a laptop

I definitely would like more people trying out freebsd, but being anything but honest with them about what to expect is only going to people off if they are expecting parity with linux

edenist: do people usually provide thee benchmark along with their hardware to claim 'work fine'? How do i test such thermal operations? Audio/Bluetooth is actually a good point. I have never thought about it.

mobo is asus-x570i

I'm unsure for the zen cpus, but for example on my bulldozer opterons cpu thermals are provided amdtemp.ko

edenist: wifi works, but given your context, I have no confidance since I did not measure the performance.

I just checked the man page and apparently it supports up to family 17h, which is zen2

but does fbsd have temp sensor integrated into fan controllers? like if temp gets too high for laptop it'll automatically turn fans up, cpus down as last resort, stuff like that

polyex: most of that is handled by bios/motherboard firmwares, with overrides provided through a driver if wanted. For example the acpi_ibm.ko provides puttinng the fans into manual mode

but that's just for thinkpads

how can we see if we're currently set to auto or if somehow i turned manual on and it's now kinda unsafe?

mictty: you are right about CPU performance though. Especially with the way AMD does boost mode, it doesn't really expose it to the OS, so you need to use something like hwbmc to check it is running

polyex: you will need a driver specific to your hardware

I don't think there are any loaded by default [that I know of]

so OS doesn't use all hw available to prevent allowing user to damage hw

I can't think of any hardware which can damage itself in it's default state. Any CPU made in the last decade or two or so will throttle itself once it hits Tcrit

what about battery damage from getting to hot because it was ran with lid down? laptop

but any OS needs to have the thermal drivers added before it can do anything, windows, linux or whatever....

that should be handled by the device firmware anyway

it isn't the job of an OS to prevent critical overheating of hardware

ahh

polyex: For example, my CPU just turned off itself when it was overheated(before bios update) and, like edenist said, it is done at the bios layer, you do this without OS installed.

ya but i seen batteries start to bulge so wtf that mean?

polyex: I have no good knowledge in laptops.

edenist: should one benchmark storage on two different OSs with the hardware to compare?

* with the same hardware

polyex: there are different ways batteries bulge, but again this isn't something that using another OS is going to solve. Laptops are always going to generate heat, it's up to the firmware to manage that. If you want to prolong the life of a battery then I guess you could run fans on max and CPU on lowest performance profile, and not keep it plugged in 24/7?

mictty: maybe check out some of the phoronix test suite benchmarks if you are curious? There are tests for CPU, mem, i/o etc...

ya

I'll go take a look hwpmc

polyex: lithium batteries are really picky, mustn't be to hot, absolutely not too cold, not kept at 100%, never run to 0%, etc, etc. Most end up like reddit.com/r/spicypillows

Title: spicypillows

do I need to reboot after I do a pkg update and upgrade?

sn00p, perhaps only if you had installed/update a kernel module which can be used _cleanly_ only after a reboot

s/update/&d/

sn00p: pkg upgrade updates the index, you do not really need to pkg update beforehand; if you see that anything you run as daemons/services has been updated, you can restart just those services, no system reboot necessary

I ok thanks

if a kernel module was updated, it is often possible to stop all services using that module, unload it

and load the updated version

also I just installed qemu, and I get qemu command not found

You may need to rehash the $PATH. zsh has "rehash" command

still commnd not found

In that case, check what files were installed via "pkg-info" : pkg info -l -x qemu # Will list files for all packages with "qemu" in its name

cant find the executable

emulators/qemu/pkg-plist* list various "bin.*/qemu\b" lines, perhaps one of those🤷‍♂️

any sanoid user?

mage: please just ask your question, instead of asking for people; it's entirely possible someone knows the answer to your question but don't have the time to have a whole conversation about it.

I want to backup production servers on multiple boxes, I'd like to keep only a few snapshots on the production machines but a lot on the backup machines (I snapshot every 15 min). I don't care about keeping monthly snapshots on the production machines so I have monthly=0 but the downside is that no monthly snapshots are created .. but I want monthly snapshots of the servers stored on the backup machines

any idea how to manage this?

I want to learn more about building a freebsd nas, 16-32 TB. Suggestions on where to look/read?

What's so complicated about it?

What do you need?

NAS could mean just a ssh-in box and use scp(1)

Define what you mean by NAS

What for of NAS?

Do you need low power usage?

Will it run on battery?

Would you expand in the future?

Can you please write out your sentences in one line, instead of this stream-of-conciousness writing where you press enter every 5-8 words?

not really - that's how I type. Why is this a problem to you?

I also think that this form of texting is also more readable

So to each their own, I guess.

this is IRC, not whatsapp

*lol

I know, what about it?

Everyone has been fine the way I type but you 2

are they fine with it or not bothered enough to say anything?

or just asleep

Just not bothered like you 2

No need to make out an elephant out of a fly

hello, new here, whats going on

If you got nothing to say - say nothing, instead of "please type the way I want :))"

s/2/too/g

or two

Hi. A few normies trying to command how I type messages

s/command/control

Someone asked about a FreeBSD NAS box above

thats how you do unbother: /ignore PredatorONormies

Even better, yes. If you cannot cope with someone being out of your absolute control - there's /ignore ;)

good idea

I agree

i'm always had a question, how to search for man page which name is not well known

like list all available man pages by wildcard or keyword

nerozero: there is apropos

megaTherion, tnx

PredatorONormies: because you're not the only person chatting, and if there's even one more conversation going on and anyone else types like that, it becomes increasingly difficult to follow conversations.

I disagree, like I said - it's way more readable, in my opinion.

Because I typed in the past a lot of text, and even I got lost in my own words

I know what I'm talking about.

I think.

It isn't really up for debate.

It is - it's my speech that you are trying to control.

If you don't like it - you got optins: /ignore, ban/kick/mute.

I shall NOT be subject to your manipulation and control

nerozero: also whatis, which takes keyword (and apropos takes wildcard)

youhow !!!! yuripv Thanks !

lang/zig is statically compiled

next update requires devel/icu as well

I've added that to BUILD_DEPENDS and port seems to run just fine (tm)

is there any way to tell if that's correct?

mage: the feature you're looking for is called bookmarks, I'm sure sanoid will support it somewhere.

mage: TLDR the source side does snapshots, replicates them (for backup offsite), then prunes them & just leaves bookmarks of them, which take up no space.

Hello, I would know how to use port un pkg without conflict. I use pkg for most of my packages, but some of my packages must be installed via port (for configuration purposes). When I run pkg upgrade, it currently replaces my port installed packages.

Any other iSCSI users out there? I'm getting 'icl_soft_conn_new_pdu: failed to allocate soft PDU' on my target server since 13.1.

gearnode: look into poudriere or synth for maintaining a private repo with the options you want.

(I prefer synth for mixing mostly-vanilla -- leveraging pre-built -- with a few packages where I needed non-standard.)

eborisch: thanks it was my next step but I will love having a way to pin package. Like this pkg can ignore them.

On the initiator side, I'm getting 'UNIT ATTENTION asc:29,7 (I_T nexus loss occurred)'; it retries without further issues, but disconcerting.

hi, is there a process for a mail to be validated on freebsd-bugs⊙Fo mailling list, I post something but I don't see it in the archive.

gearnode: you can just use pkg lock <package>

You probably need to subscribe. lists.freebsd.org/subscription/freebsd-bugs . (But are you sure you need to post directly instead of filing a Bugzilla ticket?)

Title: FreeBSD Mailing lists: subscription for freebsd-bugs

souji: Oh thanks !

I fact I made a mistake in my mail adress to ...

it's ok now

Title: FreeBSD 13.1 : ZFS NFS : .zfs/snapshot : Stale file handle : with zfs destroy snapshot process in Uninterruptible sleep

I changed password using `passwd` but /etc/passwd still doesn't have any password

where is the password stored?

found it

I'm getting "Ports Collection support for your FreeBSD version has ended" when running poudriere bulk… but I'm on 13.0 which is marked as supported production release on freebsd.org – what's up with that?

to clarify, I'm getting that in the poudriere log for ccache which failed sanity checks with this message.

according to freebsd.org/security/#sup only 13.1 is supported

Title: FreeBSD Security Information | The FreeBSD Project

pfrrrbbblllffft :F

thanks for the heads up i guess – look like i'll be upgrading my infra…

vi: No terminal database found

is a problem I've been having for many years on freebsd

I can't use any terminal apps until I manually `export TERM=xterm`

can I get that database from pkg somehow?

currently on freebsd 12.3

Is you termcap broken?

I don't know, it's a fresh freebsd jail

on linux it would be terminfo, and I'd get it on debian using `apt-get install ncurses-term`

I don't know Linux, sorry.

and the value of $TERM is tmux-256color, from openbsd

tmux-256color is in /etc/termcap

`grep tmux-256color /etc/termcap` doesn't return anything

Oh, maybe it got added in 13 or 14 then.

maybe, I'm on 12.3 and can't upgrade because it's a jail

cgit.freebsd.org/src/commit/share/t…8bd78408f4a6e99e68cbeb7ef88b0ecae68 not exactly new

Title: src - FreeBSD source tree

cgit.freebsd.org/src/tree/share/termcap/termcap?h=releng%2F13.1#n2797 it's in 13.1 so if you can upgrade that'll solve things

well, I don't know why it didn't make it to 12.3, which was released 2021

Title: termcap « termcap « share - src - FreeBSD source tree

Neither do I.

but thanks, looks like I'll get support automatically once the system outside the jail gets upgraded

yuripv might remember, then again they might not.

In either case, it's a little late for 12.3.

They might also not be around their computer right now, so it could take a while :)

12.4 might be out in a few months

debdrup: ps -p $(ps -p $$ -o ppid=) o args=

try this

woland: i'll check it when will be at home, thanks

xx: i had this in my ~/.tmux.conf before 13 `set-option -g default-terminal "screen-256color"`

ridcully: yes that would work

i wanna test that my server doesn't allow password ssh because it seems to. is 'ssh -o PubkeyAuthentication=no -o PreferredAuthentications=password host' enough to force ssh to ONLY try pw login?

polyex: just the '-o PubkeyAuthentication=no' should be enough if everything is set to defaults/unset in ~/.ssh/config otherwise. You likely want it to consider both password or KbdInteractive authentications. (Which it will, by default.)

But really you can ssh -v into the host and look for the 'Authentications that can continue' messages to see what types of authentications the server and client agree on.

k on my server auths that can continue are publickey and keyboard-interactive

If you're going through PAM, that's keyboard-interactive, and may still act like what most people might assume would be called "password" - with the user (potentially) able to log in with just a password, depending on PAM configuration.

polyex: ^

ya i think that's what's happening to me

so when ppl say disable ssh pw login, are they talking about password+kb-interactive, or literally just password?

Either configuring PAM to require more than just a password (it can add things like google authenticator in addition to a password), or disabling both PasswordAuthentication and KbdInteractiveAuthentication (leaving Pubkey)

There's also a special option just for the root user: PermitRootLogin=prohibit-password (in /etc/ssh/sshd_config), although UsePAM + KbdInteractive overrides this (see man sshd_config).

ok ill disable KbdInteractiveAuth too

Yep; if you've got shared keys set up, disabling both KbdInt. and Password is the way to say "only keys".

ya i have keys only. no certs yet tho. keys seem like happy medium

opinion?

Keys are popular. For an extra level of security, you can keep them encrypted on disk and load them into an agent for re-use during a session; you can also set options in ~/.ssh/authorized_keys if, for example, you only want to allow the key from certain hosts.

if i have a pw set on my key does that mean it's encrypted?

yes.

i do that

It provides some level of "if someone gets a copy of the key, it isn't immediately useful", but I still wouldn't post it up for the world to see...

You can also load it into ssh-agent (memory-resident SSH key cache) if you find yourself typing the passphrase over and over, so there's hardly any reason to _not_ encrypt your private key.

do you keep UsePAM yes if you set PasswordAuth no and KbdInteractiveAuth no?

config file says to do that if you want to keep session checks

but upside of UsePAM no, is we can run sshd as nonroot user

y/n/n to PAM / PasswordAuth / KbdInteractive lets you still do the session management things PAM can do (if you use them) as I recall. If you're not intentionally using PAM, you can likely set UsePAM to no.

As always with sshd configs, make sure your intended authentication method continues to work after changing / reloading configuration.

cam status ata server error means a faulty harddrive yes?

woland: not necessarily, cabling, controller, but often device fault

megaTherion: same laptop with another sdd gave no error during install

I guess it has to be the old HDD

how can i find out what pam account and session checks even are to see if i'd still want them?

i guess i can try UsePAM no and see if i lose anything i need

will i still get log messages somewhere for vailed ssh login attempts if UsePAM is no and the only allowed auth method is publickey?

failed*