gitlogs:

Is there a way to get the console to go blank after being idle for some time? blanktime="300" and saver="daemon" don't seem to work these days.

hyperreal, See "man vidcontrol" and look for the screen saver timeout settings there.

I am not using the vt console myself at the moment, systems are either headless or have X running, so don't know this works from personal experience.

rwp thanks

Greetings

And salutations

hi everyone, I'm having a weird problem with FreeBSD 14.0-RELEASE-p6 on arm64. I'm trying something simple: create a gre tunnel. the interface comes up and I can ping the local private end of the tunnel, however I cannot ping the other end (private ip). what is weird is that even in the physical interface I cannot not see any gre packet when trying

to ping the other end. From the other end (openbsd machine) I ping my freebsd private IP and I can see the gre packets in the physical interface but there are no echo-replies sent back. I enabled net.inet.ip.forwarding=1, but Im not sure if something else is missing. Openbsd has net.inet.gre.allow=1 but I didnt find anything like that for freebsd.

jmon: sounds like your firewall might be blocking it

jmnbtslsQE: the freebsd machine is not running any firewall. and the problem is that internally I dont see the traffic from gre0  going through the physical interfaxe

OK, i ask because if the interfaces are configured correctly, typically that means that a firwall is blocking the outgoing gre. can you paste the intrerface config for your physical interface and gre interface on both machines?

or just the outgoing machine i guess since that's where your issue is now

maybe a route issue ? try netstat -rn4 (assuming IPv4); also make sure the gre interface is actually up.

agreed. it's either firewall, interface config, or routing. if he's seeing the packets on the interface it should be up

this is the freebsd box: clbin.com/AaDl1 and this is the openbsd: clbin.com/VyCPg

so you ping 10.255.255.2 from the freebsd machine and no packets are entering your genet0 interface?

exactly, while on the openbsd machine they do when I ping 10.255.255.1

hmm, maybe my assumption is wrong then, because i see no issue with the config on that machine. i guess you are certain that you have no firewall running

oh sorry

so, I dont have ipfw, ipfs, pf or anything similar running

GRE + NAT is the issue i think

strange that you're not getting any errors when you ping

actually when I ping I get ping: sendto: Network is down

yeah, the GRE interface will require that your local tunnel addr be an actual local address

one thing that bothers me is the list of flags on gre0; shouldn't the interface be in RUNNING state ? (IFF_RUNNING)

can you ping 46.23.91.142 from 78.18.50.37 ?

oh

I think it is not running because of the NAT problem

yeah

yes, I can ping the public end of the tunnel

78.18.50.37 isn't a local IP

i don't think GRE is possible in this case. i can't say i've ever tried this

that is the local public IP

jmnbtslsQE: should I change for an ip in the 192.168.0/24 network

i think your remote gre interface won't accept it because it has the "wrong" address

I can reconfigure the other end to use an ip in that range too

i'm sorry you're right

yes try that

let me give it a try

actually no i don't think that will work

yeah i'm just confusing myself

it will work fine

it's easy for me to confuse gre with other things i guess.

nope, no luck

I still get no traffic in the genet0 and I cannot ping the other end

even with local side of the tunnel set to your local IP?

yeah clbin.com/3PZBW

hmm no you don't need to change the "inet" address. you need to change the local "tunnel" one to your local 192.168.0.10

oh

the term it's a little confusing

is*

one sec

jmnbtslsQE++

jmnbtslsQE: it is alive!!!

great.

thanks so much for your help! TIL the complications of GRE + NAT :D

and now that is configured properly the interface is running: gre0: flags=1008051<UP,POINTOPOINT,RUNNING,MULTICAST,LOWER_UP> metric 0 mtu 1476

sure. good to know, i didn't notice that

is there a way I could configure how much pg-up pg-dwn move the buffer? It drives me crazy that it's only half a "page"

in which buffer?

sorry I accidentaly sent that here as well as somewhere else

after upgrading a jail to 14.1 and doing a pkg upgrade -f inside the jail I get "ld-elf.so.1: Shared object "libpcre2-8.so.0" not found, required by "nginx"" and some more for another program. What might be missing?

the host is 14.1 as well? did you try pkg-static upgrade?

yes. I think I found the error. ldconfig was not taking into account /usr/local/lib because of directory permission, it was group writable, I changed it to 750.

does the freebsd pf not support match directive?

seems like yes? man.freebsd.org/cgi/man.cgi?pf.conf(5)

thx

hrm

sorry for just asking... do you know which package provides /usr/include/security/pam_misc.h on freebsd? i do not know much about freebsd but want to test some code there...

I don't see pam_misc.h

do you mean pam_mod_misc.h ?

on linux it is called pam_misc.h

let me try

if so thats part of the base system, and not packages

on linux it is part of the package pam

on alpine part of the package linux-pam-dev

okay?

freebsd isn't linux

you see a file openpam.h maybe?

yes

i know... :)

okay...

which also isn't in a package

i want to compile this: git.xw3.org/xw3/checkpw

yeah, freebsd is very different... ;)

i wrote that program some time ago and wonder if it would compile on other OS's too since PAM ist stadartized

well, try it

you will probably have to ifdef a couple of #include's

yeah, i think you're right... i am trying

0x0.st/XYEO.h this is pam_mod_misc.h on freebsd 14.1

if that helps you identify it being similar

yes!

it compiles now

argh, no

stdio.h on freebsd is different... and produces an error.

thank you all! i think i am on the right way...

:)

👍

seems i have to learn more about freebsd this winter... ;)

i task i have on my todo since more then 25 years

Dealing with some fuckery today.

we're all dealing with some fuckery, in a manner of speaking

Trying to figure out what the best location for files is $PREFIX/libexec vs $PREFIX/share. I've looked at some ports for examples but there doesn't seem to be any consistency.

I have a set of shell scripts. One is the "main" executable, then there are a bunch of 'libraries' (all of which are shell). I also have documentation, resources (example config files, example scripts, templates, etc.).

what's the recommended location for each type of file?

poudriere seems to put it's libraries in /usr/local/share while git for example puts them in libexec

Looks like /usr/local/share/ ( architecture-independent files) is the correct location

ideally you'll find answers in man hier, but i don't know how specific it gets

Yeah, I'm looking at that, but I can't tell where the best place is for non-executable sh libraries go

the one project that comes to mind is bastille, and they put them in /usr/local/share

Hi!, I'm about to move disks from an ubuntu VM (running on HyperV) to a FreeBSD 14.1 VM. In Ubuntu, to avoid changing mount points, one must mount them using UUID instead of /dev/xxx. Is it safe to mount using /dev/da0p1 (as an example) in FreeBSD?

oh geez. how the hell can I establish a connection to Express VPN if I want to use openvpn and stunnel? ChatGPT told me that if the ISP's firewall rules block openvpn's attempts to connect to express vpn, I should use stunnel. But then, no matter how many suggestions ChatGPT gave me, I failed to connect to Express VPN using the openvpn/stunnel combination. I am so frustrated. What have I been

doing wrong?

TLS Error: TLS handshake failed

why?

i haven't used stunnel, but i don't know how that would help. your ISP is filtering based on ports, right? but either way, openvpn is already inside TLS, i think

does expressvpn have an option to connect on port 443?

over TCP

you mean, chatgpt gave me a garbage suggestion?

and stunnel is useless in this scenario?