Re: Sun's AMD 64 lineup
OpenBSD Admin([EMAIL PROTECTED])@2005.10.13 05:46:42 +: Teemu Schaabl wrote: OpenBSD Admin([EMAIL PROTECTED])@2005.10.12 20:28:05 +: Does anyone have any experience with these sun boxes eg (the 'X' series or aquarius are pretty new; X2100 X4100 X4200 v20z v40z I'd expect openbsd would work a charm but would like to know for sure before purchasing for a customer. read the archives .. Did *you* read the archives ? I don't have to - it is you searching for info, there was a thread about the x4100/2100 around the 29.09.05 (these machines are too new, they still aren't available here in US, sun needs certification for the power supplies as they told me), the v40zs have also been covered in the past. search for Compatibility question for the New Sun X4100 .. -- Every man takes the limits of his own field of vision for the limits of the world. - Schopenhauer [demime 1.01d removed an attachment of type application/pgp-signature]
Re: Sun's AMD 64 lineup
Teemu Schaabl([EMAIL PROTECTED])@2005.10.13 08:13:51 +: OpenBSD Admin([EMAIL PROTECTED])@2005.10.13 05:46:42 +: Teemu Schaabl wrote: Did *you* read the archives ? I don't have to - it is you searching for info, there was a thread about the x4100/2100 around the 29.09.05 (these machines are too new, they still aren't available here in US, sun needs ^^^ should be europe -- Every man takes the limits of his own field of vision for the limits of the world. - Schopenhauer [demime 1.01d removed an attachment of type application/pgp-signature]
Re: Problems With Thinkpad R51
Andreas Bihlmaier [EMAIL PROTECTED] wrote: I know of two solutions: 1.)The best thing to do is switching to a PTY (alt + ctrl + F1) and then pulling down the lid, after opening it again go back to you X terminal (alt + ctrl + F1) 2.) If apm IS enabled, Disable apm (perhaps even NOT starting apmd is enough). If apm IS disabled, enable and start apmd on startup via /etc/rc.conf I would say the other way around. 1) Enable apmd by putting the correct line in rc.conf.local (you can copy and change apmd.. from rc.conf). Reboot and then try again. If no success. 2) Report bug. Use messy workaround (switching to text console) until bug is fixed. Last I had problems with sleep on my Thinkpad R40 was when ehci made it crash over a year ago. And yes hibernate works too.
Re: openAFS or arla support?
Ok here is the first shot at this. I tested it, and it appears to work. However since I dont have a dedicated box for it just yet, it most likely has some bugs. Please review it before just running it. It is most likely broken in some way that only testing will find. http://www.linbsd.org/oafs_server_install_obsd.sh This patch keeps runntp from being set on a machine already running an ntpd. btw how do you build openafs without patches on -current since there isn't an extrattr.h? --- oafs_server_install_obsd.sh.origWed Oct 12 23:17:28 2005 +++ oafs_server_install_obsd.sh Wed Oct 12 23:16:55 2005 @@ -192,7 +192,9 @@ $VOS syncvldb $SERVER -cell $CELLNAME -verbose -noauth $VOS syncserv $SERVER -cell $CELLNAME -verbose -noauth $BOS create $SERVER upserver simple $BINDIR/upserver -crypt /usr/afs/etc -clear /usr/afs/bin -cell $CELLNAME -noauth -$BOS create $SERVER runntp simple $BINDIR/runntp -localclock -cell $CELLNAME -noauth +if ! pgrep ntpd/dev/null; then + $BOS create $SERVER runntp simple $BINDIR/runntp -localclock -cell $CELLNAME -noauth +fi $FS setacl /afs system:anyuser rl $VOS create $SERVER /vicepa root.cell $FS mkmount /afs/$CELLNAME root.cell
Re: Sun's AMD 64 lineup
On Wed, Oct 12, 2005 at 08:28:05PM +1000, OpenBSD Admin wrote: X2100 X4100 X4200 i'll have a look at a prototype next week. but i'm not sure if i have enough time to fully test it. but i'll do my best and bootstrap the amd64 port. reyk -- /* .vantronix|secure systems - (research development) * reyk floeter - friendly known free software engineer * [EMAIL PROTECTED] - http://team.vantronix.net/reyk/ */
Re: openAFS or arla support?
On 13/10/05, James Wright [EMAIL PROTECTED] wrote: This patch keeps runntp from being set on a machine already running an ntpd. might also want to call afsd with -nosettime - there is talk on the openafs dev lists about just killing that subsystem off entirely as there is no shortage of ntp daemons out there. btw how do you build openafs without patches on -current since there isn't an extrattr.h? create an i386 openbsd 3.8 config header defining AFS_OBSD38_ENV, and conditionally skip the inclusion of extattr.h if you're running 3.8 or higher. CK -- GDB has a 'break' feature; why doesn't it have 'fix' too?
Re: openAFS or arla support?
I built this on 3.7 I have only built the client on 3.8 and I was using the sysname option to point to the 3.7 config. -Ober On Thu, 13 Oct 2005, James Wright wrote: Ok here is the first shot at this. I tested it, and it appears to work. However since I dont have a dedicated box for it just yet, it most likely has some bugs. Please review it before just running it. It is most likely broken in some way that only testing will find. http://www.linbsd.org/oafs_server_install_obsd.sh This patch keeps runntp from being set on a machine already running an ntpd. btw how do you build openafs without patches on -current since there isn't an extrattr.h?
Re: openAFS or arla support?
Thanks -Ober On Thu, 13 Oct 2005, James Wright wrote: Ok here is the first shot at this. I tested it, and it appears to work. However since I dont have a dedicated box for it just yet, it most likely has some bugs. Please review it before just running it. It is most likely broken in some way that only testing will find. http://www.linbsd.org/oafs_server_install_obsd.sh This patch keeps runntp from being set on a machine already running an ntpd. btw how do you build openafs without patches on -current since there isn't an extrattr.h? --- oafs_server_install_obsd.sh.origWed Oct 12 23:17:28 2005 +++ oafs_server_install_obsd.sh Wed Oct 12 23:16:55 2005 @@ -192,7 +192,9 @@ $VOS syncvldb $SERVER -cell $CELLNAME -verbose -noauth $VOS syncserv $SERVER -cell $CELLNAME -verbose -noauth $BOS create $SERVER upserver simple $BINDIR/upserver -crypt /usr/afs/etc -clear /usr/afs/bin -cell $CELLNAME -noauth -$BOS create $SERVER runntp simple $BINDIR/runntp -localclock -cell $CELLNAME -noauth +if ! pgrep ntpd/dev/null; then + $BOS create $SERVER runntp simple $BINDIR/runntp -localclock -cell $CELLNAME -noauth +fi $FS setacl /afs system:anyuser rl $VOS create $SERVER /vicepa root.cell $FS mkmount /afs/$CELLNAME root.cell
aliases on CARP interface
We are moving from single to dual 3.7 FW's with CARP. The external interface has a lot of binated aliases and I am unsure if they are to go into hostname.carpN or stay as they are in hostname.ext_if. Could someone please enlighten me? Thanks.
Re: aliases on CARP interface
Then the redundant IP should be on the carp interface Leo -Message d'origine- De : Per olof Ljungmark [mailto:[EMAIL PROTECTED] Envoyi : jeudi 13 octobre 2005 10:40 @ : Lio Goehrs Cc : misc@openbsd.org Objet : Re: aliases on CARP interface Are you going to use carp on the external (public) interface ? In order to use failover, yes. We are moving from single to dual 3.7 FW's with CARP. The external interface has a lot of binated aliases and I am unsure if they are to go into hostname.carpN or stay as they are in hostname.ext_if.
Re: Install Berkeley DB both v3 and v4 from ports problem on Openbsd 3.7
Are you using a current version of OpenBSD? Lio -Message d'origine- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] De la part de Pavel M. Ivanchev Envoyi : jeudi 13 octobre 2005 13:22 @ : misc@openbsd.org Objet : Install Berkeley DB both v3 and v4 from ports problem on Openbsd 3.7 Hi there! I am new and hope that somebody will help me! Until now I didn't have any problem with installing ports but now i am in trouble with installing Berkeley DB both v3 (db-3.1.17p3) and v4 (db-4.2.52p3). I follwed these steps: 1. cvsup of the ports tree 2. cd /usr/ports/databases/db make install and the result is: Building package for db-3.1.17p3 Unknown element: @pkgpath databases/db/v3,no_tcl === Cleaning for db-3.1.17p3 rm -f /usr/ports/packages/i386/all/db-3.1.17p3.tgz *** Error code 1 Stop in /usr/ports/databases/db/v3 (line 2016 of /usr/ports/infrastructure/mk/bsd.port.mk). *** Error code 1 Stop in /usr/ports/databases/db/v3 (line 1252 of /usr/ports/infrastructure/mk/bsd.port.mk). *** Error code 1 Stop in /usr/ports/databases/db (line 109 of /usr/ports/infrastructure/mk/bsd.port.subdir.mk).
Re: aliases on CARP interface
Then the redundant IP should be on the carp interface Are you going to use carp on the external (public) interface ? In order to use failover, yes. We are moving from single to dual 3.7 FW's with CARP. The external interface has a lot of binated aliases and I am unsure if they are to go into hostname.carpN or stay as they are in hostname.ext_if. Like this?: FW1: hostname.ext_if inet aaa.bbb.ccc.125 netmask hostname.carpN inet aaa.bbb.ccc.124 netmask inet alias aaa.bbb.ccc.122 255.255.255.255 inet alias aaa.bbb.ccc.121 255.255.255.255 etc. FW2: hostname.ext_if inet aaa.bbb.ccc.123 netmask hostname.carpN inet aaa.bbb.ccc.124 netmask inet alias aaa.bbb.ccc.122 255.255.255.255 inet alias aaa.bbb.ccc.121 255.255.255.255 etc. Sorry if I'm being stupid here...
Re: Install Berkeley DB both v3 and v4 from ports problem on Openbsd 3.7
I am using OpenBSD 3.7 and updated the port tree and try to install DB. Just the port tree is cvs version. I have installed one-two monts ago in the same way the same things but with previous version ot db and again ot Openbsd 3.7 . Now the difference is just that there is new patch in the version of db- p3 Lio Goehrs wrote: Are you using a current version of OpenBSD? Lio -Message d'origine- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] De la part de Pavel M. Ivanchev Envoyi : jeudi 13 octobre 2005 13:22 @ : misc@openbsd.org Objet : Install Berkeley DB both v3 and v4 from ports problem on Openbsd 3.7 Hi there! I am new and hope that somebody will help me! Until now I didn't have any problem with installing ports but now i am in trouble with installing Berkeley DB both v3 (db-3.1.17p3) and v4 (db-4.2.52p3). I follwed these steps: 1. cvsup of the ports tree 2. cd /usr/ports/databases/db make install and the result is: Building package for db-3.1.17p3 Unknown element: @pkgpath databases/db/v3,no_tcl === Cleaning for db-3.1.17p3 rm -f /usr/ports/packages/i386/all/db-3.1.17p3.tgz *** Error code 1 Stop in /usr/ports/databases/db/v3 (line 2016 of /usr/ports/infrastructure/mk/bsd.port.mk). *** Error code 1 Stop in /usr/ports/databases/db/v3 (line 1252 of /usr/ports/infrastructure/mk/bsd.port.mk). *** Error code 1 Stop in /usr/ports/databases/db (line 109 of /usr/ports/infrastructure/mk/bsd.port.subdir.mk).
Re: openAFS or arla support?
ober wrote: Do you guys prefer --with-transarc paths? So let me know as I am writing it as we speak. The goal is to allow you to install a single server AFS cell with a single script. I use it the old version on Linux fine. However would like feedback for transarc/non transarc paths. I'd prefer to have it ports-lookalike and have everything not end up under /usr, even though Transarc once liked it that way. If it ends up as a port eventually, it still needs to put everything under /usr/local (or whatever PORTSBASEDIR is at the time)
[notify] Change of List-Membership details
This message is to inform you of a change of your details on our newsletter database You are currently member of the following newsletters: No Lists The information on our system for you is as follows: Email : misc@openbsd.org Send HTML email : Yes If this is not correct, please update your information at the following location: http://www.aheadsup.com/lists/?p=preferencesuid=9a383d20ed4f30df80bba687fe0f2676 Thank you
Re: Install Berkeley DB both v3 and v4 from ports problem on Openbsd 3.7
Pavel M. Ivanchev wrote: I am using OpenBSD 3.7 and updated the port tree and try to install DB. Just the port tree is cvs version. I have installed one-two monts ago in the same way the same things but with previous version ot db and again ot Openbsd 3.7 . Now the difference is just that there is new patch in the version of db- p3 Lio Goehrs wrote: The port version and OS version must match. If you are runnning OpenBSD 3.7 - release, you should grab the 3.7 release version of ports.tar.gz. Going off another thread from a day or two ago, the @pkgpath is something new that 3.7 pkg_* tools don't know about. -Keith Richardson
Re: Install Berkeley DB both v3 and v4 from ports problem on Openbsd 3.7
I hope you did not mixed up pre-release ports (for 3.8) with -current ones? Make sure you have right ports for the right system. On Thursday 13 October 2005 13:21, you wrote: Hi there! I am new and hope that somebody will help me! Until now I didn't have any problem with installing ports but now i am in trouble with installing Berkeley DB both v3 (db-3.1.17p3) and v4 (db-4.2.52p3). I follwed these steps: 1. cvsup of the ports tree 2. cd /usr/ports/databases/db make install and the result is: Building package for db-3.1.17p3 Unknown element: @pkgpath databases/db/v3,no_tcl === Cleaning for db-3.1.17p3 rm -f /usr/ports/packages/i386/all/db-3.1.17p3.tgz *** Error code 1 Stop in /usr/ports/databases/db/v3 (line 2016 of /usr/ports/infrastructure/mk/bsd.port.mk). *** Error code 1 Stop in /usr/ports/databases/db/v3 (line 1252 of /usr/ports/infrastructure/mk/bsd.port.mk). *** Error code 1 Stop in /usr/ports/databases/db (line 109 of /usr/ports/infrastructure/mk/bsd.port.subdir.mk).
Re: Sun's AMD 64 lineup
David Purdue wrote: OpenBSD Admin wrote: X2100 X4100 X4200 I think Sun is going to be providing one of these as a Sunray server for the AUUG 2005 conference (http://www.auug.org.au) - although the box they supply may turn out to be a v40z. If it is one of the new ones, at the end of the conference Adrian Close and I will try running OpenBSD up on it. We'll let you know how it goes. Cheers, DavidP That would be great David, thanks. Any chance if you can try and boot OpenBSD from one of the USB ports ? Cheers. Brian.
Re: Problems With Thinkpad R51
Andreas Bihlmaier [EMAIL PROTECTED] wrote: I know of two solutions: 1.)The best thing to do is switching to a PTY (alt + ctrl + F1) and then pulling down the lid, after opening it again go back to you X terminal (alt + ctrl + F1) 2.) If apm IS enabled, Disable apm (perhaps even NOT starting apmd is enough). If apm IS disabled, enable and start apmd on startup via /etc/rc.conf I would say the other way around. whatever the situation is ;) Could be he HAS apm activated and running, didn't say it anywhere either way. 1) Enable apmd by putting the correct line in rc.conf.local (you can copy and change apmd.. from rc.conf). Reboot and then try again. If no success. 2) Report bug. Use messy workaround (switching to text console) until bug is fixed. On my X40 everything works just fine suspend to ram and suspend to disk, but I have read about a dead X server after suspend a couple of times and it is REALLY not a problem to switch to a console before suspending! If it can be fixed it would be nice as well, but I'm already happy as is :) Regards, ahb
HP Proliant ML350 G4
For some this might be boring, but for others encouraging: Box off-shelf as above boots properly with cd37.iso Broadcom NC7761 Gigabit Server Adapter is recognized LSI 53c1030 Duplex U320 is recognized The 146 GB 15k drive is recognized I'll come back later as usual when the problems start to show up Uwe
Re: RAID for dummies
J Moore wrote: Anyway...you HAVE to spend time getting to know whatever RAID solution you are using. Practice, practice, practice!!! Try swapping drives -- what happens if you swap a drive with a larger drive? smaller drive? how does it indicate errors? etc... In short: never trust anyone else to haul your butt out of the fire. Not quite sure what point you're trying to make here... are you advocating that one develop expertise in all areas to become totally self-sufficient? If so, I suppose you are all at once: thoracic surgeon, firefighter, psychiatrist, tax lawyer, microbiologist, etc, etc, etc. No, I'm advocating that if you pick of a scalpel, that you understand how to perform surgery on the species you are going to be cutting on. If you pick up a fire hose, you understand what happens when the water hits full pressure. Etc. Taxes? ok, got me there, no one understands tax law. If you don't wish to spend time to learn the RAID tool of your choice, do everyone a favor: skip the RAID. Really. It will *cause* more downtime than it will ever save you. Some solutions are pretty easy (the Accusys is up there as one of the easiest, certainly the easiest I have seen and used), but there are still things you should get to know BEFORE an event, not after... RAID systems in the hands of people who assume magic will happen cause massive down-time problems. In the hands of people who know how to do it, yes, good things really can happen. But I doubt there are any truly mindless RAID options available. Nick.
Re: HP Proliant ML350 G4
Uwe Dippel skrev: For some this might be boring, but for others encouraging: Box off-shelf as above boots properly with cd37.iso Broadcom NC7761 Gigabit Server Adapter is recognized LSI 53c1030 Duplex U320 is recognized The 146 GB 15k drive is recognized I'll come back later as usual when the problems start to show up Uwe good to hear! from the particular machine running generic do something like this: # dmesg | mail -s HP Proliant ML350 G4 works OK [EMAIL PROTECTED] /kami
wmware and openbsd disk image
Hi A question ? If I install openbsd in a virtual disk (Vmware 5), configure it and later I create a image of virtual disk with dd. Then with this image I use dd again for install openbsd in a real disk. Thanks works ? Somebody has done it? thanks in advance roberto
OpenBSD Metastore: New kit, thanks
New stuff has been added. Thanks to those who provided me information on the Plextor PX-716A, the RouterBoard rb44, the Zonet ZEW2500p, and the SysKonnect SK-98xx series. A problem with Internet Explorer (naw, really?) that was reported to me as preventing comments from being added has been fixed, so now comments should work from IE as well. (Of course, Microsoft makes liars of us all at times.) For those who didn't know, the MetaStore is at the following link: http://www.sdeath.net/obsdstore PROVIDE INFORMATION! Any piece of kit that you know works under some version of OpenBSD and can be purchased as new is fair game, and every bit of information you provide helps! In the two weeks this has been up, there have been 1200 views of the page. Further, 97 links have been clicked through to a dealer purchase page. That isn't bad. While there is no way for anyone to identify how many actual purchases are made, nor what trend might obtain in the future, it is an interesting statistic nonetheless. I think this experiment might actually work, but we'll see what happens. Again, thanks to all contributors, and please, continue sending information! -- (c) 2005 Unscathed Haze via Central Plexus [EMAIL PROTECTED] I am Chaos. I am alive, and I tell you that you are Free. -Eris Big Brother is watching you. Learn to become Invisible. | Your message must be this wide to ride the Internet. |
Re: PHP + SSH2
OK, I4m with this error: (./configure ) [ssh2] checking for libssh2_banner_set in -lssh2... no configure: error: libssh2 version = 0.4 not found .. 2005/10/12, James F. Wilkus [EMAIL PROTECTED]: Vitor Acioli said: I am with some problems when trying to compile libssh2 in OpenBSD 3.7, Error: # make all install gcc -o channel.o channel.c -c -g -O2 -I/usr/include -I/usr/include -Wall -g -I../include/ -fPIC In file included from channel.c:38: ../include/libssh2_priv.h:206: error: `MD5_DIGEST_LENGTH' undeclared here (not in a function) ../include/libssh2_priv.h:209: error: `SHA_DIGEST_LENGTH' undeclared here (not in a function) *** Error code 1 Stop in /root/libssh2-0.11/src (line 16 of Makefile). *** Error code 1 Stop in /root/libssh2-0.11 (line 20 of Makefile). # You should include md5.h and sha1.h in libssh2_priv.h. e.g. #include ssl/md5.h #include ssl/sha1.h -- :: url :: https://www.gc8q.net/~james/ :: :: key :: 0E5C801A :: :: fp :: 423D 7C46 7A45 D8D4 8C48 D2FE C060 AFB4 0E5C 801A :: -- Vitor Acioli Linux User #365713 E-mail: [EMAIL PROTECTED]
Re: OpenBSD Metastore: New kit, thanks
For those who didn't know, the MetaStore is at the following link: http://www.sdeath.net/obsdstore Maybe it's just me but I've never been able to connect to that site: $ telnet www.sdeath.net 80 Trying 64.4.231.19... telnet: connect to address 64.4.231.19: Connection timed out --- Lars Hansson
zebra/ospf zero lentgh MTU's
I'm trying to set up ospf using the zebra port on a 3.7 machine. It appears that (at least one) of my problems is that the router I need to peer with is sending a MTU of 0. I'm getting this error message: recv_dd_description: invalid MTU, neighbor ID 170.85.115.1 from ospfd. I did a bit of Googling, and found some mention of this as a problem with some peices of CISCO gear. This happens to not be a Cisco router, but I think it shares this issue with Cisco. I've poked around in the source code for the ospfd that comes with zebra, but I can't seem to find where this check is made. Any sugestiosn as to how to work around this? -- U.S. Encouraged by Vietnam Vote - Officials Cite 83% Turnout Despite Vietcong Terror - New York Times 9/3/1967
Re: some ospf setup questions
On Wed, Oct 12, 2005 at 11:32:07PM -0400, stan wrote: I have a couple of OpenBSD 3.7 machines that I use for a firewall/gateway to a particulare network at work using carp. I had these machines set up to advertise the route to this network using routed (RIP). Today some changes were amde to the networking topolgy, and I sudently find myselef in a postion of needing to change to ospf. I built the zebra prt, and now I'm having a bit of trouble getting thisng to work. First, I;m assuming that since I only need ospf, I should be able to just run ospfd, is this correct, or do I need to run the zebra executbale, and let it call opsfd? For zebras ospfd to work you need both zebra and ospfd running. Without zebra it will not work correctly. Here's my /etc/ospfd.conf file: This is the config of OpenOSPFD that is part of OpenBSD. zebra uses /etc/zebra as config directory. I'm peering with an Aclere (sp) router, and when I run opsfd, I cna't get them to work with each other. here's some ouptut from the daemon: recv_db_description: neighbor ID 170.85.115.1, seq_num 2d5830df recv_dd_description: invalid MTU, neighbor ID 170.85.115.1 db_tx_timer: neighbor ID 170.85.115.1 send_db_description: neighbor ID 170.85.115.1, seq_num 2d5830df send_db_description: state EXSTART, neighbor ID 170.85.115.1 That are not zebra error messages but OpenOSPFD ones. By googling I did find a reference to changing the check for MTU size, but it references changing code in a file called database.c, which does not seem to exist in the zebra port build directory. I want this machine to advertise a route to the network on fxp2. This advertisement should go out on the network fxp0 connects to. Any idea how to solve the MTU problem? and am I close on my config file? You have to decide which ospfd you would like to run. Zebra or OpenOSPFD. -- :wq Claudio
Re: Installing gnucash docs ./configure error
On 10/11/05, Roger Neth Jr [EMAIL PROTECTED] wrote: When I access help it gives me Not Found; The specified URL could not be loaded. Any more ideas is appreciated. Edit this file: /etc/gnucash/config Add this line: doc-path=/usr/local/share/gnucash/doc/html See if that helps. -- Terry
Re: OpenBSD Metastore: New kit, thanks
Lars Hansson wrote: For those who didn't know, the MetaStore is at the following link: http://www.sdeath.net/obsdstore Maybe it's just me but I've never been able to connect to that site: $ telnet www.sdeath.net 80 Trying 64.4.231.19... telnet: connect to address 64.4.231.19: Connection timed out --- Lars Hansson $ telnet www.sdeath.net 80 Trying 64.4.231.19... Connected to www.sdeath.net. Escape character is '^]'. Try a traceroute or tcptraceroute
Re: zebra/ospf zero lentgh MTU's
On Thu, Oct 13, 2005 at 09:16:29AM -0400, stan wrote: I'm trying to set up ospf using the zebra port on a 3.7 machine. It appears that (at least one) of my problems is that the router I need to peer with is sending a MTU of 0. I'm getting this error message: recv_dd_description: invalid MTU, neighbor ID 170.85.115.1 This is fixed in 3.8 and -current and it is an /usr/sbin/ospfd specific error and not one from the zebra port. from ospfd. I did a bit of Googling, and found some mention of this as a problem with some peices of CISCO gear. This happens to not be a Cisco router, but I think it shares this issue with Cisco. I've poked around in the source code for the ospfd that comes with zebra, but I can't seem to find where this check is made. Your looking at the wrong source. You are running OpenOSPFD and not zerba. Any sugestiosn as to how to work around this? Try to run the correct binary. If you like to give OpenOSPFD a try you should use -current ospfd/ospfctl. Some major bugs got fixed in the last few days. -- :wq Claudio
Re: zebra/ospf zero lentgh MTU's
On Thu, Oct 13, 2005 at 03:51:05PM +0200, Claudio Jeker wrote: On Thu, Oct 13, 2005 at 09:16:29AM -0400, stan wrote: I'm trying to set up ospf using the zebra port on a 3.7 machine. It appears that (at least one) of my problems is that the router I need to peer with is sending a MTU of 0. I'm getting this error message: recv_dd_description: invalid MTU, neighbor ID 170.85.115.1 This is fixed in 3.8 and -current and it is an /usr/sbin/ospfd specific error and not one from the zebra port. Thanks, I was confused because I looked on an older machine to see if there was an osppf daemon provided with OpenBSD, decided there was not, and installed zebra. Yhen I found the OpenBSD one :-( from ospfd. I did a bit of Googling, and found some mention of this as a problem with some peices of CISCO gear. This happens to not be a Cisco router, but I think it shares this issue with Cisco. I've poked around in the source code for the ospfd that comes with zebra, but I can't seem to find where this check is made. Your looking at the wrong source. You are running OpenOSPFD and not zerba. Thanks, again. I see that now. Any sugestiosn as to how to work around this? Try to run the correct binary. If you like to give OpenOSPFD a try you should use -current ospfd/ospfctl. Some major bugs got fixed in the last few days. Is thee a way to get the latest OpenBSD ospfd source, without having to upgrade the whole machine to current? And if so, would that be a sane thing to do? -- U.S. Encouraged by Vietnam Vote - Officials Cite 83% Turnout Despite Vietcong Terror - New York Times 9/3/1967
Re: OpenBSD Metastore: New kit, thanks
On Thu, 13 Oct 2005 05:55:47 -0800 Szechuan Death [EMAIL PROTECTED] wrote: Nah, he's probably bouncing off my router. While I don't think he's running afoul of my OpenBSD pf-friendly auto-retrieval and aggregator for netblocks by country (http://www.sdeath.net/cb/, if anybody cares), in that I don't specifically block .ph, Our ip addresses are assigned from TWNIC, even though we're not actually in Taiwan, so that's probably why. The CIDR blocks in question is 203.65.244.0/22 and 203.65.248.0/22. It's not that great to have an obenbsd store that is inaccesible from a large part of the world though? --- Lars Hansson
Re: zebra/ospf zero lentgh MTU's
Wust fetch the full sources, then go to /usr/src/usr.sbin/ospfd and /usr/src/usr.sbin/ospfctl and make make install :) Leo -Message d'origine- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] De la part de stan Envoyi : jeudi 13 octobre 2005 16:21 @ : OpenBSD general usage list Cc : Claudio Jeker; Stewart Flood Objet : Re: zebra/ospf zero lentgh MTU's On Thu, Oct 13, 2005 at 03:51:05PM +0200, Claudio Jeker wrote: On Thu, Oct 13, 2005 at 09:16:29AM -0400, stan wrote: I'm trying to set up ospf using the zebra port on a 3.7 machine. It appears that (at least one) of my problems is that the router I need to peer with is sending a MTU of 0. I'm getting this error message: recv_dd_description: invalid MTU, neighbor ID 170.85.115.1 This is fixed in 3.8 and -current and it is an /usr/sbin/ospfd specific error and not one from the zebra port. Thanks, I was confused because I looked on an older machine to see if there was an osppf daemon provided with OpenBSD, decided there was not, and installed zebra. Yhen I found the OpenBSD one :-( from ospfd. I did a bit of Googling, and found some mention of this as a problem with some peices of CISCO gear. This happens to not be a Cisco router, but I think it shares this issue with Cisco. I've poked around in the source code for the ospfd that comes with zebra, but I can't seem to find where this check is made. Your looking at the wrong source. You are running OpenOSPFD and not zerba. Thanks, again. I see that now. Any sugestiosn as to how to work around this? Try to run the correct binary. If you like to give OpenOSPFD a try you should use -current ospfd/ospfctl. Some major bugs got fixed in the last few days. Is thee a way to get the latest OpenBSD ospfd source, without having to upgrade the whole machine to current? And if so, would that be a sane thing to do? -- U.S. Encouraged by Vietnam Vote - Officials Cite 83% Turnout Despite Vietcong Terror - New York Times 9/3/1967
Re: OpenBSD Metastore: New kit, thanks
Lars Hansson wrote: Our ip addresses are assigned from TWNIC, even though we're not actually in Taiwan, so that's probably why. The CIDR blocks in question is 203.65.244.0/22 and 203.65.248.0/22. # cb findip 203.65.244.1 203.65.248.1 Netblock 203.64.0.0/14 is in country TW (TAIWAN) Netblock 203.64.0.0/14 is in country TW (TAIWAN) Yup, looks like. Sorry, Charlie. Take a flight to Taipei and snuff a spammer or scriptkiddie, if everybody does that TW can be put back on the Civilized Net Nation list. Arguments that US contains the most spam lords will be directed to /dev/null, I invite anybody who wants to to fly to Miami and snuff the top 20 archspammers too. Sorry, I don't feel like unblocking Taiwan and watching my logs fill with SSH scans, there's nothing I care about in Taiwan enough to do so. Alternately, find an ISP that is not so braindamaged that they get netblocks from another country. For a third choice, use tor or find a proxy that is in a netblock that is not allocated to one of the following countries: # cb showcc Blocked countries: AO (ANGOLA) BJ (BENIN) BF (BURKINA FASO) BI (BURUNDI) KH (CAMBODIA) CM (CAMEROON) CF (CENTRAL AFRICAN REPUBLIC) TD (CHAD) CN (CHINA) CD (CONGO, Democratic Republic of (was Zaire)) CG (CONGO, People's Republic of) CI (COTE D'IVOIRE) DJ (DJIBOUTI) GQ (EQUATORIAL GUINEA) ER (ERITREA) ET (ETHIOPIA) GA (GABON) GM (GAMBIA) GH (GHANA) GW (GUINEA-BISSAU) HT (HAITI) HK (HONG KONG) IR (IRAN (ISLAMIC REPUBLIC OF)) KE (KENYA) KP (KOREA, DEMOCRATIC PEOPLE'S REPUBLIC OF) KR (KOREA, REPUBLIC OF) LA (LAO PEOPLE'S DEMOCRATIC REPUBLIC) LB (LEBANON) LS (LESOTHO) LR (LIBERIA) LY (LIBYAN ARAB JAMAHIRIYA) MW (MALAWI) ML (MALI) MR (MAURITANIA) MZ (MOZAMBIQUE) MM (MYANMAR) NA (NAMIBIA) NE (NIGER) NG (NIGERIA) PK (PAKISTAN) PS (PALESTINIAN TERRITORY, Occupied) RW (RWANDA) SN (SENEGAL) SL (SIERRA LEONE) SG (SINGAPORE) SO (SOMALIA) SD (SUDAN) SZ (SWAZILAND) TW (TAIWAN) TZ (TANZANIA, UNITED REPUBLIC OF) UG (UGANDA) VN (VIET NAM) YE (YEMEN) ZM (ZAMBIA) ZW (ZIMBABWE) Note: anybody from any one of these countries, the same goes for you. Again, sorry. Don't complain about it, just go kill your spammers and scriptkiddiez and all is forgiven. I recommend cudgels, impalement on the stake, or forced immolation. It's not that great to have an obenbsd store that is inaccesible from a large part of the world though? I don't intend to host this for one second longer than I have to. I'm already uneasy, it's already showing up on Google and I imagine that it's going to get slashdotted at some point if it goes much further. This is not going to be live on my home DSL connection, it's going to be hosted somewhere else with a real Net connection (preferably openbsd.org), or it's going to go quietly away after I'm done beta- testing it, the end. You'll probably be able to access it then. -- (c) 2005 Unscathed Haze via Central Plexus [EMAIL PROTECTED] I am Chaos. I am alive, and I tell you that you are Free. -Eris Big Brother is watching you. Learn to become Invisible. | Your message must be this wide to ride the Internet. |
ipsecadm group returns write: Invalid argument
Hi Folks, I'm running 3.7-stable and am trying to 'group' a compression association with an esp association like so - Not sure what these 'errno 209's are about either :(' # ipsecadm show sadb_dump: satype ipcomp vers 2 len 14 seq 0 pid 0 errno 209: Unknown error: 209 sa: cpi 0x1004 comp deflate state larval replay 0 flags 0 lifetime_cur: alloc 0 bytes 0 add 1129216072 first 0 address_src: 47.128.22.159 address_dst: 47.128.22.193 sadb_dump: satype ipcomp vers 2 len 14 seq 0 pid 0 errno 209: Unknown error: 209 sa: cpi 0x1005 comp deflate state larval replay 0 flags 0 lifetime_cur: alloc 0 bytes 0 add 1129216072 first 0 address_src: 47.128.22.193 address_dst: 47.128.22.159 sadb_dump: satype esp vers 2 len 22 seq 0 pid 0 errno 209: Unknown error: 209 sa: spi 0x1000 auth hmac-sha1 enc 3des-cbc state larval replay 0 flags 4 lifetime_cur: alloc 0 bytes 0 add 1129216072 first 0 address_src: 47.128.22.159 address_dst: 47.128.22.193 key_auth: bits 160: e14c30ace1478dfcba0b3ffcd217ddf8fd1fedf9 key_encrypt: bits 192: d82fd5d82fd5d82fd5d82fd5d82fd5d82fd5d82fd5d82fd5 sadb_dump: satype esp vers 2 len 22 seq 0 pid 0 errno 209: Unknown error: 209 sa: spi 0x1001 auth hmac-sha1 enc 3des-cbc state larval replay 0 flags 4 lifetime_cur: alloc 0 bytes 0 add 1129216072 first 0 address_src: 47.128.22.193 address_dst: 47.128.22.159 key_auth: bits 160: e14c30ace1478dfcba0b3ffcd217ddf8fd1fedf9 key_encrypt: bits 192: d82fd5d82fd5d82fd5d82fd5d82fd5d82fd5d82fd5d82fd5 sadb_dump: satype ah vers 2 len 18 seq 0 pid 0 errno 209: Unknown error: 209 sa: spi 0x1002 auth hmac-sha1 enc none state larval replay 0 flags 0 lifetime_cur: alloc 0 bytes 0 add 1129216072 first 0 address_src: 47.128.22.159 address_dst: 47.128.22.193 key_auth: bits 160: e14c30ace1478dfcba0b3ffcd217ddf8fd1fedf9 sadb_dump: satype ah vers 2 len 18 seq 0 pid 0 errno 209: Unknown error: 209 sa: spi 0x1003 auth hmac-sha1 enc none state larval replay 0 flags 0 lifetime_cur: alloc 0 bytes 0 add 1129216072 first 0 address_src: 47.128.22.193 address_dst: 47.128.22.159 key_auth: bits 160: e14c30ace1478dfcba0b3ffcd217ddf8fd1fedf9 # ipsecadm group -cpi 1004 -spi 1004 -proto ipcomp -spi2 1000 -proto2 esp -dst 47.128.22.193 -dst2 47.128.22.193 ipsecadm: write: Invalid argument I've tried with and without the -cpi parameter .. Is this an ipsecadm bug or (once again :)) am I doing something obviously wrong? Incidentally, this doesn't work either - # ipsecadm group -dst 47.128.22.193 -spi 1000 -proto esp -dst2 47.128.22.193 -spi2 1002 -proto2 ah ipsecadm: write: Invalid argument Cheers, Andrew.
Re: zebra/ospf zero lentgh MTU's
On Thu, Oct 13, 2005 at 04:50:48PM +0200, L?o Goehrs wrote: Wust fetch the full sources, then go to /usr/src/usr.sbin/ospfd and /usr/src/usr.sbin/ospfctl and make make install :) Thanks. That is a bit problematic as, the long version of what is going on here is corporate made some changes which have resulted in these boxes being isolated from the outside world. Thier answer as to how to fix this is for me to get ospf working. Can you say chiicken or egg question :-) In the mean time, Ive comenetd out the check for zero lentght MTU's in the 3.7 ospfd sorcues, and I can now get a conection to the corporate router. However, they are not seeing the route I'm suposed to advertise. I strongly suspect that it's a problem with my ospfd.conf file. Here it is: # $OpenBSD: ospfd.conf,v 1.2 2005/02/06 20:07:09 norby Exp $ # macros # password=secret # global configuration router-id 170.85.113.111 # fib-update no # spf-delay 1 # spf-holdtime 5 # auth-key $password # auth-type none hello-interval 10 # metric 10 retransmit-interval 5 router-dead-time 40 router-priority 1 transmit-delay 1 # areas area 0.0.0.120 { interface fxp0 { auth-type none } interface fxp2 { auth-type none } } What I'm trying to do is advertise that these machines (whose CARP'd externall addres is 170.85.113.99 can route to 170.85.106.128/25 Yhe external NIC is fxp1, and the internal one is fxp2. Can you show me how to correct this config file? If we can get this done, then I should be able to use cvs to grab the current sources. Thanks for the help. -- U.S. Encouraged by Vietnam Vote - Officials Cite 83% Turnout Despite Vietcong Terror - New York Times 9/3/1967
Re: HP Proliant ML350 G4
On Thu, Oct 13, 2005 at 01:56:29PM +0200, kami petersen wrote: Uwe Dippel skrev: For some this might be boring, but for others encouraging: Box off-shelf as above boots properly with cd37.iso Broadcom NC7761 Gigabit Server Adapter is recognized LSI 53c1030 Duplex U320 is recognized The 146 GB 15k drive is recognized Talking about HP hardware, are the new HP SmartArray (64x/640x) supported? -- Any attempt to brew coffee with a teapot should result in the error code 418 I'm a teapot. The resulting entity body MAY be short and stout. -- HTCPCP Spec, RFC 2324
Re: HP Proliant ML350 G4
Making, drinking tea and reading an opus magnum from Eric Dillenseger: On Thu, Oct 13, 2005 at 01:56:29PM +0200, kami petersen wrote: Uwe Dippel skrev: For some this might be boring, but for others encouraging: Box off-shelf as above boots properly with cd37.iso Broadcom NC7761 Gigabit Server Adapter is recognized LSI 53c1030 Duplex U320 is recognized The 146 GB 15k drive is recognized Talking about HP hardware, are the new HP SmartArray (64x/640x) supported? natuerlich vom -kurrent! cu -- paranoic mickey (my employers have changed but, the name has remained)
Re: HP Proliant ML350 G4
On Thu, 13 Oct 2005 13:56:29 +0200, kami petersen wrote: good to hear! from the particular machine running generic do something like this: # dmesg | mail -s HP Proliant ML350 G4 works OK [EMAIL PROTECTED] But of course ! - as soon as it will be bsd.mp and Dual Xeon showing up in it. Uwe
Slow write speed on ICH6R
Hi, we have a HP ProLiant DL320 G3 server and running OpenBSD/amd64 on it. The problem is with the Intel ICH6R SATA controller. The write speed is very slow: # dd if=/dev/zero of=/tmp/foo bs=32k count=1 1+0 records in 1+0 records out 32768 bytes transferred in 38.898 secs (8423881 bytes/sec) The read speed is looks good: # dd if=/dev/rwd0c of=/dev/null bs=32k count=1 1+0 records in 1+0 records out 32768 bytes transferred in 5.531 secs (59237994 bytes/sec) Anybody has an idea for this problem? We tried 3.8-current too but the problem is the same, here is the dmesg: OpenBSD 3.8-current (GENERIC) #293: Wed Oct 12 00:16:12 MDT 2005 [EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/GENERIC real mem = 1073291264 (1048136K) avail mem = 908877824 (887576K) using 22937 buffers containing 107536384 bytes (105016K) of memory mainbus0 (root) cpu0 at mainbus0: (uniprocessor) cpu0: Intel(R) Pentium(R) 4 CPU 3.40GHz, 3391.92 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,NXE,LONG cpu0: 1MB 64b/line 8-way L2 cache pci0 at mainbus0 bus 0: configuration mode 1 pchb0 at pci0 dev 0 function 0 Intel E7221 MCH Host rev 0x05 ppb0 at pci0 dev 1 function 0 Intel E7221 PCIE rev 0x05 pci1 at ppb0 bus 5 ppb1 at pci1 dev 0 function 0 Intel PCIE-PCIE rev 0x09 pci2 at ppb1 bus 6 bge0 at pci2 dev 1 function 0 Broadcom BCM5704C rev 0x10, BCM5704 B0 (0x2100): irq 5 address 00:13:21:1d:33:2a brgphy0 at bge0 phy 1: BCM5704 10/100/1000baseT PHY, rev. 0 bge1 at pci2 dev 1 function 1 Broadcom BCM5704C rev 0x10, BCM5704 B0 (0x2100): irq 11 address 00:13:21:1d:33:29 brgphy1 at bge1 phy 1: BCM5704 10/100/1000baseT PHY, rev. 0 ppb2 at pci1 dev 0 function 2 Intel PCIE-PCIE rev 0x09 pci3 at ppb2 bus 9 ppb3 at pci0 dev 28 function 0 Intel 82801FB PCIE rev 0x03 pci4 at ppb3 bus 2 uhci0 at pci0 dev 29 function 0 Intel 82801FB USB rev 0x03: irq 5 usb0 at uhci0: USB revision 1.0 uhub0 at usb0 uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered uhci1 at pci0 dev 29 function 1 Intel 82801FB USB rev 0x03: irq 11 usb1 at uhci1: USB revision 1.0 uhub1 at usb1 uhub1: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub1: 2 ports with 2 removable, self powered uhci2 at pci0 dev 29 function 2 Intel 82801FB USB rev 0x03: irq 7 usb2 at uhci2: USB revision 1.0 uhub2 at usb2 uhub2: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub2: 2 ports with 2 removable, self powered uhci3 at pci0 dev 29 function 3 Intel 82801FB USB rev 0x03: irq 10 usb3 at uhci3: USB revision 1.0 uhub3 at usb3 uhub3: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub3: 2 ports with 2 removable, self powered ehci0 at pci0 dev 29 function 7 Intel 82801FB USB rev 0x03: irq 5 usb4 at ehci0: USB revision 2.0 uhub4 at usb4 uhub4: Intel EHCI root hub, rev 2.00/1.00, addr 1 uhub4: 8 ports with 8 removable, self powered ppb4 at pci0 dev 30 function 0 Intel 82801BA AGP rev 0xd3 pci5 at ppb4 bus 1 vendor Compaq, unknown product 0xb203 (class system subclass miscellaneous, rev 0x01) at pci5 dev 2 function 0 not configured vendor Compaq, unknown product 0xb204 (class system subclass miscellaneous, rev 0x01) at pci5 dev 2 function 2 not configured vga1 at pci5 dev 3 function 0 ATI Rage XL rev 0x27 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) pcib0 at pci0 dev 31 function 0 Intel 82801FB LPC rev 0x03 pciide0 at pci0 dev 31 function 1 Intel 82801FB IDE rev 0x03: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility atapiscsi0 at pciide0 channel 0 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: TEAC, DV-28E-N, C.6B SCSI0 5/cdrom removable cd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2 pciide0: channel 1 disabled (no drives) pciide1 at pci0 dev 31 function 2 Intel 82801FR SATA rev 0x03: DMA, channel 0 configured to native-PCI, channel 1 configured to native-PCI pciide1: using irq 11 for native-PCI interrupt wd0 at pciide1 channel 0 drive 0: Maxtor 6Y080M0 wd0: 16-sector PIO, LBA48, 76319MB, 156301488 sectors wd0(pciide1:0:0): using PIO mode 4, Ultra-DMA mode 5 wd1 at pciide1 channel 1 drive 0: Maxtor 6Y080M0 wd1: 16-sector PIO, LBA48, 76319MB, 156301488 sectors wd1(pciide1:1:0): using PIO mode 4, Ultra-DMA mode 5 isa0 at pcib0 isadma0 at isa0 com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pcppi0 at isa0 port 0x61 spkr0 at pcppi0 sysbeep0 at pcppi0 fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 dkcsum: wd0 matches BIOS drive 0x80 dkcsum: wd1 matches BIOS drive 0x81 root on wd0a rootdev=0x0 rrootdev=0x300 rawdev=0x302 thx, Hunger
Re: zebra/ospf zero lentgh MTU's
On Thu, Oct 13, 2005 at 11:20:50AM -0400, stan wrote: On Thu, Oct 13, 2005 at 04:50:48PM +0200, L?o Goehrs wrote: Wust fetch the full sources, then go to /usr/src/usr.sbin/ospfd and /usr/src/usr.sbin/ospfctl and make make install :) Thanks. That is a bit problematic as, the long version of what is going on here is corporate made some changes which have resulted in these boxes being isolated from the outside world. Thier answer as to how to fix this is for me to get ospf working. Can you say chiicken or egg question :-) In that case I would download a current base38.tgz form a snapshot. Extract usr/sbin/ospfd usr/sbin/ospfctl usr/lib/libc.so.38.2 from it and put those on a floppy or memory stick to move the binaries to your box. In the mean time, Ive comenetd out the check for zero lentght MTU's in the 3.7 ospfd sorcues, and I can now get a conection to the corporate router. However, they are not seeing the route I'm suposed to advertise. Hmm. The 3.7 ospfd had many limitations and bugs. One of them was I think a problem with redistribution of stub networks as in your case. ospfctl show database and ospfctl show database router shows you what is in the link state database. It is possible that the second command was introduced after 3.7 I strongly suspect that it's a problem with my ospfd.conf file. Here it is: # $OpenBSD: ospfd.conf,v 1.2 2005/02/06 20:07:09 norby Exp $ # macros # password=secret # global configuration router-id 170.85.113.111 # fib-update no # spf-delay 1 # spf-holdtime 5 # auth-key $password # auth-type none hello-interval 10 # metric 10 retransmit-interval 5 router-dead-time 40 router-priority 1 transmit-delay 1 # areas area 0.0.0.120 { interface fxp0 { auth-type none } interface fxp2 { auth-type none } } What I'm trying to do is advertise that these machines (whose CARP'd externall addres is 170.85.113.99 can route to 170.85.106.128/25 Yhe external NIC is fxp1, and the internal one is fxp2. What is on fxp0? You don't have a fxp1 in your config. Can you show me how to correct this config file? Looks not that bad. With -current ospfd you could acctually use redistribute connected to annouce all connected networks. If we can get this done, then I should be able to use cvs to grab the current sources. If the router is part of the OSPF cloud it should be able to access the internet. Make sure that you are updateing the FIB, I think it is on by default but I may be wrong. Try to play a bit with ospfctl to see if your router actually is part of the ospf cloud. -- :wq Claudio
Re: Slow write speed on ICH6R
Making, drinking tea and reading an opus magnum from Hunger: [Charset ISO-8859-1 unsupported, filtering to ASCII...] Hi, we have a HP ProLiant DL320 G3 server and running OpenBSD/amd64 on it. The problem is with the Intel ICH6R SATA controller. The write speed is very slow: # dd if=/dev/zero of=/tmp/foo bs=32k count=1 1+0 records in 1+0 records out 32768 bytes transferred in 38.898 secs (8423881 bytes/sec) The read speed is looks good: # dd if=/dev/rwd0c of=/dev/null bs=32k count=1 1+0 records in 1+0 records out 32768 bytes transferred in 5.531 secs (59237994 bytes/sec) Anybody has an idea for this problem? you are comparing horses to asses... either run dd to rwd0c or into a file in BOTH tests. cu -- paranoic mickey (my employers have changed but, the name has remained)
Re: OpenBSD Metastore: New kit, thanks
And of course this message ended up in my spam-filter, and I'm not even going to tell it it was a mistake. =) Szechuan Death wrote: Lars Hansson wrote: Our ip addresses are assigned from TWNIC, even though we're not actually in Taiwan, so that's probably why. The CIDR blocks in question is 203.65.244.0/22 and 203.65.248.0/22. # cb findip 203.65.244.1 203.65.248.1 Netblock 203.64.0.0/14 is in country TW (TAIWAN) Netblock 203.64.0.0/14 is in country TW (TAIWAN) Yup, looks like. Sorry, Charlie. Take a flight to Taipei and snuff a spammer or scriptkiddie, if everybody does that TW can be put back on the Civilized Net Nation list. Arguments that US contains the most spam lords will be directed to /dev/null, I invite anybody who wants to to fly to Miami and snuff the top 20 archspammers too. Sorry, I don't feel like unblocking Taiwan and watching my logs fill with SSH scans, there's nothing I care about in Taiwan enough to do so. Alternately, find an ISP that is not so braindamaged that they get netblocks from another country. For a third choice, use tor or find a proxy that is in a netblock that is not allocated to one of the following countries: # cb showcc Blocked countries: AO (ANGOLA) BJ (BENIN) BF (BURKINA FASO) BI (BURUNDI) KH (CAMBODIA) CM (CAMEROON) CF (CENTRAL AFRICAN REPUBLIC) TD (CHAD) CN (CHINA) CD (CONGO, Democratic Republic of (was Zaire)) CG (CONGO, People's Republic of) CI (COTE D'IVOIRE) DJ (DJIBOUTI) GQ (EQUATORIAL GUINEA) ER (ERITREA) ET (ETHIOPIA) GA (GABON) GM (GAMBIA) GH (GHANA) GW (GUINEA-BISSAU) HT (HAITI) HK (HONG KONG) IR (IRAN (ISLAMIC REPUBLIC OF)) KE (KENYA) KP (KOREA, DEMOCRATIC PEOPLE'S REPUBLIC OF) KR (KOREA, REPUBLIC OF) LA (LAO PEOPLE'S DEMOCRATIC REPUBLIC) LB (LEBANON) LS (LESOTHO) LR (LIBERIA) LY (LIBYAN ARAB JAMAHIRIYA) MW (MALAWI) ML (MALI) MR (MAURITANIA) MZ (MOZAMBIQUE) MM (MYANMAR) NA (NAMIBIA) NE (NIGER) NG (NIGERIA) PK (PAKISTAN) PS (PALESTINIAN TERRITORY, Occupied) RW (RWANDA) SN (SENEGAL) SL (SIERRA LEONE) SG (SINGAPORE) SO (SOMALIA) SD (SUDAN) SZ (SWAZILAND) TW (TAIWAN) TZ (TANZANIA, UNITED REPUBLIC OF) UG (UGANDA) VN (VIET NAM) YE (YEMEN) ZM (ZAMBIA) ZW (ZIMBABWE) Note: anybody from any one of these countries, the same goes for you. Again, sorry. Don't complain about it, just go kill your spammers and scriptkiddiez and all is forgiven. I recommend cudgels, impalement on the stake, or forced immolation. It's not that great to have an obenbsd store that is inaccesible from a large part of the world though? I don't intend to host this for one second longer than I have to. I'm already uneasy, it's already showing up on Google and I imagine that it's going to get slashdotted at some point if it goes much further. This is not going to be live on my home DSL connection, it's going to be hosted somewhere else with a real Net connection (preferably openbsd.org), or it's going to go quietly away after I'm done beta- testing it, the end. You'll probably be able to access it then. # Han
Re: PHP + SSH2
On 13/10/05, Vitor Acioli [EMAIL PROTECTED] wrote: OK, I4m with this error: (./configure ) [ssh2] checking for libssh2_banner_set in -lssh2... no configure: error: libssh2 version = 0.4 not found Is your base system and ports in sync? Regards Edd
join us for Linux-Kongress in Hamburg
the drunken belgian dude occupying my couch (wim) says I should ask you guys to join us at Linux-Kongress at Hamburg University tomorrow. There is a little exhibition with the congress and there is free admittance. And we even have free 3.8 posters! Just come to Hamburg University, main entrance, it's in the hallway - can't miss us.
Re: Slow write speed on ICH6R
so try to help each other and don't be a smartass... OK, I'm getting tired of this. You think someone is going to help you now? No. We're going to delete your mail. We are going to utterly ignore you from now on. I do it all the time. It is much easier to delete mail from people like you. So please cut the attitude. It is not endearing.
Re: OpenBSD Metastore: New kit, thanks
As you want everyone to look at this can help, you *should* probably remove the blocking you have in place. Just my $0.02 worth. On 10/13/05, Han Boetes [EMAIL PROTECTED] wrote: And of course this message ended up in my spam-filter, and I'm not even going to tell it it was a mistake. =) Szechuan Death wrote: Lars Hansson wrote: Our ip addresses are assigned from TWNIC, even though we're not actually in Taiwan, so that's probably why. The CIDR blocks in question is 203.65.244.0/22 http://203.65.244.0/22 and 203.65.248.0/22 http://203.65.248.0/22. # cb findip 203.65.244.1 http://203.65.244.1 203.65.248.1http://203.65.248.1 Netblock 203.64.0.0/14 http://203.64.0.0/14 is in country TW (TAIWAN) Netblock 203.64.0.0/14 http://203.64.0.0/14 is in country TW (TAIWAN) Yup, looks like. Sorry, Charlie. Take a flight to Taipei and snuff a spammer or scriptkiddie, if everybody does that TW can be put back on the Civilized Net Nation list. Arguments that US contains the most spam lords will be directed to /dev/null, I invite anybody who wants to to fly to Miami and snuff the top 20 archspammers too. Sorry, I don't feel like unblocking Taiwan and watching my logs fill with SSH scans, there's nothing I care about in Taiwan enough to do so. Alternately, find an ISP that is not so braindamaged that they get netblocks from another country. For a third choice, use tor or find a proxy that is in a netblock that is not allocated to one of the following countries: # cb showcc Blocked countries: AO (ANGOLA) BJ (BENIN) BF (BURKINA FASO) BI (BURUNDI) KH (CAMBODIA) CM (CAMEROON) CF (CENTRAL AFRICAN REPUBLIC) TD (CHAD) CN (CHINA) CD (CONGO, Democratic Republic of (was Zaire)) CG (CONGO, People's Republic of) CI (COTE D'IVOIRE) DJ (DJIBOUTI) GQ (EQUATORIAL GUINEA) ER (ERITREA) ET (ETHIOPIA) GA (GABON) GM (GAMBIA) GH (GHANA) GW (GUINEA-BISSAU) HT (HAITI) HK (HONG KONG) IR (IRAN (ISLAMIC REPUBLIC OF)) KE (KENYA) KP (KOREA, DEMOCRATIC PEOPLE'S REPUBLIC OF) KR (KOREA, REPUBLIC OF) LA (LAO PEOPLE'S DEMOCRATIC REPUBLIC) LB (LEBANON) LS (LESOTHO) LR (LIBERIA) LY (LIBYAN ARAB JAMAHIRIYA) MW (MALAWI) ML (MALI) MR (MAURITANIA) MZ (MOZAMBIQUE) MM (MYANMAR) NA (NAMIBIA) NE (NIGER) NG (NIGERIA) PK (PAKISTAN) PS (PALESTINIAN TERRITORY, Occupied) RW (RWANDA) SN (SENEGAL) SL (SIERRA LEONE) SG (SINGAPORE) SO (SOMALIA) SD (SUDAN) SZ (SWAZILAND) TW (TAIWAN) TZ (TANZANIA, UNITED REPUBLIC OF) UG (UGANDA) VN (VIET NAM) YE (YEMEN) ZM (ZAMBIA) ZW (ZIMBABWE) Note: anybody from any one of these countries, the same goes for you. Again, sorry. Don't complain about it, just go kill your spammers and scriptkiddiez and all is forgiven. I recommend cudgels, impalement on the stake, or forced immolation. It's not that great to have an obenbsd store that is inaccesible from a large part of the world though? I don't intend to host this for one second longer than I have to. I'm already uneasy, it's already showing up on Google and I imagine that it's going to get slashdotted at some point if it goes much further. This is not going to be live on my home DSL connection, it's going to be hosted somewhere else with a real Net connection (preferably openbsd.org http://openbsd.org), or it's going to go quietly away after I'm done beta- testing it, the end. You'll probably be able to access it then. # Han
Re: PHP + SSH2
Ok, but, I want to use SCP too. Thanks 2005/10/13, Bryan Irvine [EMAIL PROTECTED]: I am with some problems when trying to compile libssh2 in OpenBSD 3.7, Somebody already qualified PHP + LIBSSH2 in the OpenBSD and could give an aid to me? it follows below the errros! I recently went through this same thing. libssh wouldn't compile, ssh2 wouldn't install from pear, it was huge pain. I ended up using an ssh class. It's a little finicky until you get used to it, but works well. http://www.phpclasses.org/browse/package/2477.html --Bryan -- Vitor Acioli Linux User #365713 E-mail: [EMAIL PROTECTED]
Re: Problems With Thinkpad R51
Am Donnerstag, 13. Oktober 2005 05:14 schrieben Sie: When i flip down the lcd of the computer, when i turn it up again i got a black screen with just a cursor blinking, my keyboard doesn't work.. the only way to get my computer back without restarting the system (using the power button, cause i can't control it) or going trough ssh and killing the X server.. Hi, I got the same problem on my T20. Just a workaround, which might be suitable for you: run 'zzz' from your X session and your notebook goes off to sleep. Then you can close the lid and as soon as you reopen it, it awakes. A fix for the mentioned behavior would be appreciated. Any clues how to produce useful debugging info? Regards, Stephan
how to tell if I getting anything out of my hifn1411 card
Even though the card is detected, I'm not seeing any boost in IPsec performance. I'm getting 10Mb/s using 3des. The raw speed (no ipsec) of the link is around 25Mb/s. This measured with netstrain. Here's what dmesg says - hifn0 at pci0 dev 13 function 0 Hifn 7955/7954 rev 0x00: LZS 3DES ARC4 MD5 SHA1 RNG AES PK, 32KB dram, irq 12 I know in FreeBSD/DragonFly I have a couple of tools to check to see if it's being engaged - hifnstats and cryptostats (in /usr/src/tools/tools/crypto), but I'm not sure if the equivalent exists for OpenBSD. I was looking at sysctl oids for ipsec - net.inet.ip.ipsec-expire-acquire=30 net.inet.ip.ipsec-invalid-life=60 net.inet.ip.ipsec-pfs=1 net.inet.ip.ipsec-soft-allocs=0 net.inet.ip.ipsec-allocs=0 net.inet.ip.ipsec-soft-bytes=0 net.inet.ip.ipsec-bytes=0 net.inet.ip.ipsec-timeout=86400 net.inet.ip.ipsec-soft-timeout=8 net.inet.ip.ipsec-soft-firstuse=3600 net.inet.ip.ipsec-firstuse=7200 net.inet.ip.ipsec-enc-alg=aes net.inet.ip.ipsec-auth-alg=hmac-sha1 # ipsecadm show -esp sadb_dump: satype esp vers 2 len 22 seq 0 pid 0 errno 191: Unknown error: 191 sa: spi 0x1001 auth hmac-sha1 enc aes state larval replay 0 flags 4 lifetime_cur: alloc 0 bytes 0 add 1129153280 first 0 address_src: 47.x.x.x address_dst: 47.y.y.y key_auth: bits 160: e14c30ace1478dfcba0b3ffcd217ddf8fd1fedf9 key_encrypt: bits 192: d82fd5d82fd5d82fd5d82fd5d82fd5d82fd5d82fd5d82fd5 sadb_dump: satype esp vers 2 len 22 seq 0 pid 0 errno 191: Unknown error: 191 sa: spi 0x1000 auth hmac-sha1 enc aes state larval replay 0 flags 4 lifetime_cur: alloc 0 bytes 0 add 1129153280 first 0 address_src: 47.y.y.y address_dst: 47.x.x.x key_auth: bits 160: e14c30ace1478dfcba0b3ffcd217ddf8fd1fedf9 key_encrypt: bits 192: d82fd5d82fd5d82fd5d82fd5d82fd5d82fd5d82fd5d82fd5 Cpu is a Geode1100 - doing 10Mb/s IPsec has it maxed out :) Cheers, Andrew.
Searching for Unix based point of sale systems without much success
Hello List, I have been trying to find some Unix based point of sale systems for restaurants and retailers. Mostly independents, mom and pops. The only ones of interest I have been able to find are www.bananahead.com (based on Linux) and www.viewtouch.com (based on freebsd) My goal is to install OpenBSD as the operating system and run a point of sale program on top of it being easy to install, secure, stable and easy to maintain. Anyone know of anything like this? I'm not a programmer just a point of sale reseller that loves OpenBSD and would like to use OpenBSD to produce some income to give to the OpenBSD effort, further God's Kingdom and pay the expenses. Thank you, rogern John 3:16
Re: how to tell if I getting anything out of my hifn1411 card
Even though the card is detected, I'm not seeing any boost in IPsec performance. Cpu is a Geode1100 - doing 10Mb/s IPsec has it maxed out :) The cpu is unable to feed the crypto card fast enough. You would think that doing crypto operations, especially 3DES is a lot of work. And it is. But there is a nearly fixed overhead for in the driver for managing the card. And it is a high overhead. I wish people would STOP USING WIMPY PROCESSORS AND EXPECTING THEM TO DO MAGIC.
two vpn endpoints ... 3 net connections
Hi all, Here's my problem, I have a remote machine that has two links, one is high bandwidth but has bad latency, the other has low bandwidth but good latency. I need two VPN tunnels running between these machines, but one over each link as below. The reasons why are due to the traffic I need to push over them, some is important but not high in volume, other is less important but there's alot of it. Link2 + +--- | +---+ Link || | Machine 1 | ---+| Machine 2 +---+|| +--- | Link1 + My problem is that I can't seem to find a way around the need for Machine 2 to have two default routes. My understanding of my problem is that any time Machine 2 receives a connection (irrespective of which link) it tries to respond over the link that is the default route (for example Link1). This means that whenever Link2 gets a connection, Link1 tries to respond for it. Can anyone suggest a solution for this problem ? Do I not need multiple default routes ? Do I misunderstand my problem ? All help is appreciated as ever, Cheers Dave
Re: two vpn endpoints ... 3 net connections
--On 14 October 2005 08:32 +1000, Dave Harrison wrote: Here's my problem, I have a remote machine that has two links, one is high bandwidth but has bad latency, the other has low bandwidth but good latency. pf.conf(5), look at 'route-to' and 'reply-to'. Use PF rules to send ssh over the fast link and ftp over the fat link (etc).
Re: two vpn endpoints ... 3 net connections
Stuart Henderson wrote: --On 14 October 2005 08:32 +1000, Dave Harrison wrote: Here's my problem, I have a remote machine that has two links, one is high bandwidth but has bad latency, the other has low bandwidth but good latency. pf.conf(5), look at 'route-to' and 'reply-to'. Use PF rules to send ssh over the fast link and ftp over the fat link (etc). The problem is that it's not the routed traffic I'm concerned with, it's the ISAKMP traffic that is directed to the firewall/vpn endpoint itself (as opposed to something behind that machine). Route-to doesn't work for the firewall machine itself I don't think, just for those machines passing traffic through it (although I had considered using reply-to, but I'm not sure how to use it for this scenario).
Re: OpenBSD Metastore: New kit, thanks
hmm, on Thu, Oct 13, 2005 at 07:15:26AM -0800, Szechuan Death said that Yup, looks like. Sorry, Charlie. Take a flight to Taipei and snuff a spammer or scriptkiddie, if everybody does that TW can be put back on the Civilized Net Nation list. Arguments that US contains the most spam lords will be directed to /dev/null, I invite anybody who wants to what i can't really understand is, why bother making a tool like this, if you are afraid that it is going to be used, or that someone will ssh scan you from taiwan? so let's just block all the non us countries or what? if you are afraid of the big bad internet, turn off your machine. you know, smtp and ssh do not use port 80 maybe you could open it up. the horror, the horror. -f -- there is too much blood in my caffiene stream!
Re: how to tell if I getting anything out of my hifn1411 card
--On 13 October 2005 17:50 -0400, Andrew Atrens wrote: I know in FreeBSD/DragonFly I have a couple of tools to check to see if it's being engaged - hifnstats and cryptostats (in /usr/src/tools/tools/crypto), but I'm not sure if the equivalent exists for OpenBSD. You'll see something in the interrupt count on hifn in the 'vmstat' screen of systat. Cpu is a Geode1100 - doing 10Mb/s IPsec has it maxed out :) After the last mention of this processor here I had an offlist reply along the lines of the PCI controller isn't very good (I didn't keep the email for the exact quote). top will probably show a lot of time in interrupt servicing the nic, if it's a dp83816 [pretty common on geode boards] this can be reduced *a bit* by irq hold-off, http://openbsd.toybed.com/archive/2005/msg51817.html which may improve things slightly. Probably not enough to make a big difference, however. If you want a low-ish power cpu for running crypto, the newer c3/eden are better.
Re: two vpn endpoints ... 3 net connections
--On 14 October 2005 09:02 +1000, Dave Harrison wrote: Here's my problem, I have a remote machine that has two links, one is high bandwidth but has bad latency, the other has low bandwidth but good latency. pf.conf(5), look at 'route-to' and 'reply-to'. Use PF rules to send ssh over the fast link and ftp over the fat link (etc). The problem is that it's not the routed traffic I'm concerned with, it's the ISAKMP traffic that is directed to the firewall/vpn endpoint itself (as opposed to something behind that machine). Route-to doesn't work for the firewall machine itself I don't think, Seems that it does on my colo'd netra (at least for plain ip, admittedly I've not tried it with ipsec).
Re: Slow write speed on ICH6R
On 10/13/05, Theo de Raadt [EMAIL PROTECTED] wrote: OK, I'm getting tired of this. You must have been tired for some time as you haven't committed jack shit for a long time now... You think someone is going to help you now? I got used to the fact that noone helps me from the openbsd team. Last time i reported 3 kernel panics in layerfs, yet instead of fixing them properly you just removed the whole code. Congratulations, nice fix. No. No. We're going to delete your mail. We are going to utterly ignore you from now on. It's much simpler than finding bugs and fixing them... I do it all the time. I know, i know ;-P It is much easier to delete mail from people like you. Good. Then you don't need to answer this one either. So please cut the attitude. It is not endearing. And you and your worshippers had better take that advice yourselves.
Re: OpenBSD Metastore: New kit, thanks
On 2005-10-13 07:15:26 -0800, Szechuan Death wrote: there's nothing I care about in Taiwan enough to do so. Alternately, Then stop buying anything manufactured in Taiwan (or China). HTH. HAND. Martin -- http://www.tm.oneiros.de
DRDB (was: RAID for dummies)
On 2005-10-11 23:58:27 +0200, Joachim Schipper wrote: DRBD is RAID-1, actually (with n-way replication under development last time I checked). I assume that was just a typo. ;-) I just listend to a talk about v8. Seems quite production ready. :-) You can get 3-way replication with DRDB commercially. Best Martin -- http://www.tm.oneiros.de
Re: how to tell if I getting anything out of my hifn1411 card
On Thu, Oct 13, 2005 at 04:07:00PM -0600, Theo de Raadt wrote: Even though the card is detected, I'm not seeing any boost in IPsec performance. Cpu is a Geode1100 - doing 10Mb/s IPsec has it maxed out :) The cpu is unable to feed the crypto card fast enough. You would think that doing crypto operations, especially 3DES is a lot of work. And it is. But there is a nearly fixed overhead for in the driver for managing the card. And it is a high overhead. friend of mine and i tried setting up a 4501 as a router doing IPsec for any wirelessly connected hosts ( WAPs on the ethernets ). we found the 4501 getting slaughtered by doing IPsec itself ( throughput from wireless to wired host, having gone through the 4501, was down from ~1.2MB/s clear to ~180KB/s with IPsec ), and then found that a 4501 + a 1411 really ain't that much to write home about either. ( don't remember precisely what it went up to with the 1411, maybe about 20%-30% of the way between CPU_IPsec and cleartext speeds ). did some testing on a 4801 ( which your numbers seem to indicate as being what you are doing it on too ) and saw things pretty close to what you saw, +/- 1.5 Mb/s here or there. of note was that the type of crypto we were doing ( so long as it was supported by the hifn ) didn't matter at all. we got essentially same throughput ( eg within less than a megabit ) if we did 3des-cbc/MD5 or aes-128-cbc/MD5 or aes-256-cbc/SHA., etc as a sidenote, i've also put a 1401 in a dual athlon.mp 2.14GHz and seen openssl speed crank out a 20% or more improvement in the 8k blocksize column, as compared to straight CPU. ( the hifn eats it compared to straight CPU for the lower 3 blocksizes, 4th one is sometimes either/or, depends on how much -multi i am testing ). in other words, the problem ain't the hifn, nor would your situation be made better by a faster crypto chip; again, the athlon.mp machine got beat at 8k blocksize with a hifn versus without. it's easy to be an armchair quarterback, and perhaps i don't know the whole story, but it'd be nice if soren-et-al. appeared to not be resting on the laurels of selling a boat load of 4501/4801s over the past few years and instead was pumping out some hardware that was fast enough to not suck for use as something like a LAN-LAN IPsec'd wireless router/AP. jared -- [ openbsd 3.8 GENERIC ( sep 27 ) // i386 ]
Re: RAID for dummies
On Thu, Oct 13, 2005 at 07:47:48AM -0400, the unit calling itself Nick Holland wrote: Not quite sure what point you're trying to make here... are you advocating that one develop expertise in all areas to become totally self-sufficient? If so, I suppose you are all at once: thoracic surgeon, firefighter, psychiatrist, tax lawyer, microbiologist, etc, etc, etc. No, I'm advocating that if you pick of a scalpel, that you understand how to perform surgery on the species you are going to be cutting on. If you pick up a fire hose, you understand what happens when the water hits full pressure. Etc. Taxes? ok, got me there, no one understands tax law. And I'm suggesting that trying to be an expert in everything is not a realistic goal... why pick up a scalpel at all (to haul your butt out of the fire) if your neighbor has invested years in becoming a thoracic surgeon? If surgery is required, I would choose to let the experienced surgeon haul my butt out of the fire, and concentrate my energy in my field of interest. Sorry if I confused you on that point. RAID systems in the hands of people who assume magic will happen cause massive down-time problems. In the hands of people who know how to do it, yes, good things really can happen. But I doubt there are any truly mindless RAID options available. Now I'm confused... are you suggesting that the investment required to successfully use an ACS-7500 even approaches that required for the do-it-yourself RAID setup? V/r, Jay
Re: RAID for dummies
J Moore wrote: On Thu, Oct 13, 2005 at 07:47:48AM -0400, the unit calling itself Nick Holland wrote: Not quite sure what point you're trying to make here... are you advocating that one develop expertise in all areas to become totally self-sufficient? If so, I suppose you are all at once: thoracic surgeon, firefighter, psychiatrist, tax lawyer, microbiologist, etc, etc, etc. No, I'm advocating that if you pick of a scalpel, that you understand how to perform surgery on the species you are going to be cutting on. If you pick up a fire hose, you understand what happens when the water hits full pressure. Etc. Taxes? ok, got me there, no one understands tax law. And I'm suggesting that trying to be an expert in everything is not a realistic goal... why pick up a scalpel at all (to haul your butt out of the fire) if your neighbor has invested years in becoming a thoracic surgeon? If surgery is required, I would choose to let the experienced surgeon haul my butt out of the fire, and concentrate my energy in my field of interest. Sorry if I confused you on that point. From your original post, you said you did not desire to become an expert on RAID. You didn't talk about farming the maintenance of this system to other people. RAID systems in the hands of people who assume magic will happen cause massive down-time problems. In the hands of people who know how to do it, yes, good things really can happen. But I doubt there are any truly mindless RAID options available. Now I'm confused... are you suggesting that the investment required to successfully use an ACS-7500 even approaches that required for the do-it-yourself RAID setup? Not at all. A car with an automatic transmission is much easier to drive than a car with a stick shift. However, without proper training, you can hurt yourself and others with either. The Accusys boxes are very simple, seemingly reliable, but if you don't play with them for a bit and understand how they work, you can still can screw things up. IN FACT, there are so many neat things you can do with the Accusys boxes, you might be tempted to do something silly and wrong, believing that it will save you from everything. If you aren't willing to learn how the thing works, your overall reliability and uptime will probably be better with a single drive, no RAID at all. Sure, the drive could fail, but your recovery options will be very clear and direct. Nick.
wireless pci card problem
Hello, I got a pci wireless yesterday. After the installation, the system reported that the following message:- rtw0 at pci0 dev 8 function 0 Realtek 8185 rev 0x20: irq 11 rtw0: ver RTL8185, rtw0: could not recall EEPROM in 1us rtw0: could not recall EEPROM in 1us Does this mean that the card is not supported at the moment. It is surecom 9321g/2A Thanks. Clarence ___ 7Q'Y.I,(l7s email 3q*!H $U8| Yahoo! Messenger http://messenger.yahoo.com.hk
VPN setup
I am attempting to set up a test VPN, using two OpenBSD 3.7 systems as gateways, and two WinXP clients. The addressing scheme is as follows client1 - ip:192.168.1.2 default gateway:192.168.1.1 gateway1 le1 - 192.168.2.1 le2 - 192.168.1.1 gateway2 le1 - 192.168.2.2 le2 - 192.168.3.1 client2 - ip:192.168.3.2 default gateway:192.168.3.1 I followed the instructions from vpn(8) for automated keying, although I currently do not have pf enabled. The tests given in the man page, modified for my addressing scheme, indicates the vpn is functioning. ie, netstat -rn -f encap returns: Routing tables Encap: Source Port DestinationPort Proto SA(Address/Proto/Type/Direction) 192.168.3/24 0 192.168.1/24 0 0 192.168.2.2/50/use/in 192.168.1/24 0 192.168.3/24 0 0 192.168.2.2/50/require/out I am also able to successfully execute 'ping -I 192.168.1.1 192.168.3.1' (the above is from gateway1, gateway2 is similar, with the appropriate addresses switched.) At this point, according to the man page, vpn(8), I should have a functioning vpn. However, when I try to ping from client1 to 192.168.3.1 or to client2, or from client2 to 192.168.1.1 or to client 1, I receive: from client1: Reply from 192.168.1.1: Destination host unreachable. from client2: Reply from 192.168.3.1: Destination host unreachable. I'm sure it's some detail I'm missing, but I'm stumped.
Re: ipsecadm group returns write: Invalid argument
On Thu, Oct 13, 2005 at 11:15:51AM -0400, Andrew Atrens wrote: Not sure what these 'errno 209's are about either :(' i think i saw those in 3.7 and didn't have them affect anything i was doing adversely, at least noticably so... they aren't showing in 3.8/oct.2 ( or sep27 ) # ipsecadm group -cpi 1004 -spi 1004 -proto ipcomp -spi2 1000 -proto2 esp -dst 47.128.22.193 -dst2 47.128.22.193 ipsecadm: write: Invalid argument i'm getting this also, i duplicated the info you have from the 'ipsecadm show', and then i get the 'write invalid' with all the permutations of 'group' i try. i threw a bunch of 'fprintf' debug markers into ipsecadm.c during the case GRP_SPI at the bottom, it makes it through them all, does the break and dies during xf_set(iov, cnt, smsg.sadb_msg_len * 8); tried doing a printf of those values before the xf_set, but using '%s' gave me a segfault. %X %X %X gives CFBC736C 8 50 for the same line you have right above. trying with ah+esp ( 47.128.22.193/esp/1000, 47.128.22.193/ah/1002) gave CFBC1250 8 50; i notice the first one, the 'iov', that is changing every time. flailed around some more, looked at the case statement up top, it looked almost like the comment for SA header should be SA2 header ? for the second part ( eg, there is a Destination2 address header ), but the actual variables in it seemed to talk about sa2 ( or 8, rather, but that looks like the second one ). noticed that there is a 'protocol' section that happens at the end, but only one of them; i copied the iov stuff ( and the smsg one ) up before the 2nd SA header part, but that didn't change; also tried commenting out the '=sproto2' line and made the current protocol stuff say protocol2; it still compiled, and when i ran the ipsecadm group, that junky output i got from before was now like CFBD332C 9 58; so 8 - 9 and 50 - 58... :/ but perhaps all of that was entirely useless and i'm doing the group thing wrong too jared -- [ openbsd 3.8 GENERIC ( sep 27 ) // i386 ]
Re: VPN setup
On Thu, Oct 13, 2005 at 10:36:27PM -0500, Josh Webb wrote: from client1: Reply from 192.168.1.1: Destination host unreachable. from client2: Reply from 192.168.3.1: Destination host unreachable. I'm sure it's some detail I'm missing, but I'm stumped. sudo sysctl -w net.inet.ip.forwarding=1 ? jared -- [ openbsd 3.8 GENERIC ( sep 27 ) // i386 ]
Re: VPN setup
On Thu, Oct 13, 2005 at 10:36:27PM -0500, Josh Webb wrote: I'm sure it's some detail I'm missing, but I'm stumped. if it's not the sysctl, can gateway1 ping client2 || gateway2 ping client1 ? or client1 ping 192.168.2.1 || client2 ping 192.168.2.2 ?
Re: VPN setup
jared r r spiegel wrote: On Thu, Oct 13, 2005 at 10:36:27PM -0500, Josh Webb wrote: from client1: Reply from 192.168.1.1: Destination host unreachable. from client2: Reply from 192.168.3.1: Destination host unreachable. I'm sure it's some detail I'm missing, but I'm stumped. sudo sysctl -w net.inet.ip.forwarding=1 ? I thought that should have taken care of it too, but no such luck.
Re: VPN setup
if it's not the sysctl, can gateway1 ping client2 || gateway2 ping client1 ? no or client1 ping 192.168.2.1 || client2 ping 192.168.2.2 ? yes also, client1 can't ping 192.168.2.2 || client2 can't ping 192.168.2.1.