O'Reilly Net article: short comparison between Cisco PIX, Smoothwall
http://www.oreillynet.com/pub/a/sysadmin/2007/02/15/evaluating_firewalls.html ...have fun... greetings Andre Ruppert
Re: site-to-site vpn 4.0 to cisco 3000 SOLVED
On Sun, Feb 25 2007 at 06:20, c l wrote: Finally got this to work. Here's the config that ended up working. I'm not sure why I didn't notice before but the quick mode stuff wasn't setup correctly. ipsec.conf ike esp from 192.168.1.0/24 to 10.10.0.0/16 peer 2.2.2.2 \ main auth hmac-sha1 enc 3des group modp768 \ quick auth hmac-sha1 enc 3des group none psk openbsdrules There is another potential problem with this configuration. You did not specify the ike mode: active, passive, dynamic. The default behavior is to use active. dynamic mode comes with DPD (Dead Peer Detection) and don't work with some devices. I remember a post here stating that it doesn't interoperate with Netscreen at the other end. You're lucky to not enter into this problem :) Routing in the enc0 interface is done with the flow statement in the ipsec.conf file. Your ipsec.conf should include a line like this one : flow esp from 192.168.1.0/24 to 10.10.0.0/16 peer peer 2.2.2.2 Good luck! Claer cisco IKE proposal authentication mode - presharedkeys authentication algorithm - sha/hmac-160 encryption - 3DES-168 DH Group - 1 768-bits Lifetime - 3600seconds Lan-to-Lan connection interface - external(2.2.2.2) connection type - bi-directional peer - 1.1.1.1 presharedkey - openbsdrules authentication - esp/sha/hmac160 local network - 10.10.0.0 (wildcard mask 0.0.255.255) remote network - 192.168.1.0 (wildcard mask 0.0.0.255) SA authentication - esp/sha/hmac160 encryption - 3DES-168 mode - tunnel Lifetime - 1200seconds Now I just have to figure out the routing :) From: William Bloom [EMAIL PROTECTED] To: c l [EMAIL PROTECTED] CC: misc@openbsd.org Subject: Re: site-to-site vpn 4.0 to cisco 3000 Date: Sun, 25 Feb 2007 18:53:12 -0700 The man page for isakpd.conf indeed sheds some light, there's an example in that page that show's how to specify lifetimes for both phases... [General] Default-phase-1-lifetime= 3600,60:86400 Default-phase-2-lifetime= 1200,60:86400 At this point, if the lifetimes indeed agree, then I myself would be a little puzzled over why the proposal would be rejected. Both endpoints are configured to use the peer address as the ID? At first blush, your settings seem all kosher. I would agree, though, that it certainly appears that there must still be some sort of inconsistency between the proposals. Another suggestion... It appears that you've been trying to initiate the VPN from one end, perhaps the OpenBSD end. Probably by sending a ping from the 1st site to the 2nd. Restart both ends to clear out any SAs that have been negotiated and try to ping from the -other- end in order to see what happens when the VPN negotiation is initiated the opposite direction. The log entries might show something useful. Also, did the OpenBSD logs show any detail of the failure from the last attempts apart from the mismatched SA queries? Bill On Feb 25, 2007, at 14:48, c l wrote: Hello, thanks for the reply, it helped if I'm not mistaken. I think I'm getting closer but still no joy. See below. From: William Bloom [EMAIL PROTECTED] To: c l [EMAIL PROTECTED] CC: misc@openbsd.org Subject: Re: site-to-site vpn 4.0 to cisco 3000 Date: Sun, 25 Feb 2007 14:02:13 -0700 I've setup maybe 78 LAN-to-LAN VPNs between my datacenter and other sites of customers and partners. However, I haven't had occasion to use OpenBSD as a VPN endpoint yet and I'm not an expert on the ike/ ipsec features of OpenBSD. Having said that, I've done quite a bit of VPN troubleshooting in the past, so I'll take a stab at this in general terms... My reading of the three 'ike esp' statements in ipsec.conf is that you've declared three sets of SAs on the OpenBSD endpoint, all to peer 2.2.2.2 - one SA between the interior address spaces of the two locations, a second between the endpoint address of the 1st location and the interior address space of the 2nd, and a third between the endpoint addresses. That third one certainly catches my attention since I know that -some- pieces of equipment (particularly the PIX, ASA, and I believe the Juniper although I've never confirmed this for a Cisco 3000) hate the idea of having their own endpoint address included in the encryption domain. This seems likely to me as a cause for the rejection. This is something that IKE might negotiate on -some- manufacturer's equipment but not others. In most cases, there's no need for the endpoints to participate in the encryption domain since they aren't application servers - they only need to exchange IKE messages and then simply pass IPsec to/from their respective protected address spaces. So my suggestion would be to strike that third 'ike esp' statement and then see what difference that makes in the log.
Re: keyboard lockup, KVM, dual-boot
On Sun, Feb 25, 2007 at 06:10:43PM +0100, Stefan Kell wrote: Hallo list, I want to use this machine as a dual-boot system together with windows. It is connected to a standard PS2-KVM, no USB-mouse or keyboard. Installation of both Windows and OpenBSD 4.0 from CDs worked without any problems. But now if I boot OpenBSD from harddisk the keyboard is locked at the login prompt. But I can use the keyboard in the BIOS, for the boot-manager, with the standard boot-prompt of OpenBSD and within UKC. So something later in the bootprocess is locking the keyboard. I tried to use X-Windows but there is the problem that the mouse is not responding. Maybe this is related? Any sugestions? Dmesg follows Try a snapshot. mickey commited a fix for this: http://marc.theaimsgroup.com/?l=openbsd-cvsm=117025451820884w=2
Re: keyboard lockup, KVM, dual-boot
On Sun, Feb 25, 2007 at 06:10:43PM +0100, Stefan Kell wrote: I want to use this machine as a dual-boot system together with windows. It is connected to a standard PS2-KVM, no USB-mouse or keyboard. Installation of both Windows and OpenBSD 4.0 from CDs worked without any problems. But now if I boot OpenBSD from harddisk the keyboard is locked at the login prompt. But I can use the keyboard in the BIOS, for the boot-manager, with the standard boot-prompt of OpenBSD and within UKC. So something later in the bootprocess is locking the keyboard. I tried to use X-Windows but there is the problem that the mouse is not responding. Maybe this is related? Any sugestions? On perhaps 10-20% of the times I boot my KVM'd OpenBSD setup, a similar thing happens. The keyboard works well at UKC and while the console is booting. As soon as X is launched (with kdm running) the keyboard sometimes is totally dead. Rebooting usually cures the problem and this is easily done via the mouse (which still works) with kdm. So in my case, it's irritating, but not a serious enough problem to really worry about. Have you tried rebooting when the keyboard locks? Every once in a while, I have to reboot 3 or 4 times to get things working so some persistence might pay off. Laurie -- http://tratt.net/laurie/ -- Personal http://convergepl.org/ -- The Converge programming language
CARP / HSRP problem
I have a pair of 3.9 pf firewalls running CARP. I have two ethernet connections to my provider who is running Cisco HSRP. When they reload the active router or bounce the active interface, then the Ciscos can no longer see the CARP virtual interface until I cause a CARP failover by rebooting the active firewall or admining down the external interface on the active firewall. Through all of this, I have outbound connectivity from the firewall since it is on the same subnet as the Ciscos. I am not sure if anyone else has experienced this, but I am sure Cisco won't fix it. Thanks in advance for your help. Scud
two servers (4.0 and 3.9) constantly keep freezing
Hi list, I have two servers, one running 4.0 and one with 3.9, they are used as web servers, with a mysql database running on them. Both are more or less idle, but I have seem these messages in /var/log/messages on both servers: bsd: uvm_mapent_alloc: out of static map entries I found this thread, where someone has seen the same problem: http://marc.theaimsgroup.com/?l=openbsd-techm=115959929717470w=2 The servers are either freezing completely, or may still answer on pings, and carp communication, but it is not possible to log in via ssh, or contact the apache server. this is the output on one of the servers, just after new start: # vmstat -s|grep 'kernel map';grep uvm /var/log/messages 36 kernel map entries Jan 24 08:01:30 www /bsd: uvm_mapent_alloc: out of static map entries Jan 29 07:10:06 www /bsd: uvm_mapent_alloc: out of static map entries Feb 22 22:39:41 www /bsd: uvm_mapent_alloc: out of static map entries here the other running for ten days: # vmstat -s|grep 'kernel map';grep uvm /var/log/messages 672 kernel map entries Jan 24 08:01:30 www /bsd: uvm_mapent_alloc: out of static map entries Jan 29 07:10:06 www /bsd: uvm_mapent_alloc: out of static map entries Feb 22 22:39:41 www /bsd: uvm_mapent_alloc: out of static map entries as I read the message of the other thread, I can change some kernel option, but if I understand the message above correctly, with changing the options, i can only extend the time before a new freeze or problems. Is there anything else I can do to keep the machines up and running? kind regards Sebastian
USB host class ACM
hello, does someone have information or used the host class ACM? thanks ___ Dicouvrez une nouvelle fagon d'obtenir des riponses ` toutes vos questions ! Profitez des connaissances, des opinions et des expiriences des internautes sur Yahoo! Questions/Riponses http://fr.answers.yahoo.com
Re: keyboard lockup, KVM, dual-boot
Hello Nick, Original-Nachricht Datum: Sun, 25 Feb 2007 21:26:42 -0500 Von: Nick Holland [EMAIL PROTECTED] An: misc misc@openbsd.org CC: Betreff: Re: keyboard lockup, KVM, dual-boot Stefan Kell wrote: Hello Nick, On Sun, 25 Feb 2007, Nick Holland wrote: ... It sounds like this: http://www.openbsd.org/faq/faq12.html#i386smouse Some KVM switches work great, some don't. I've got some that work great while they work, but then the KVM switch itself crashes regularly. *sigh* thank you for the link. I did miss this but have read other pages on the net which mention problems with KVMs. I am still wondering why I was able to install the system without problems. There must be a subtle difference between the installation kernel on the CD and the Generic one which causes the lockup. By the way, the lockup is not happening on each boot. Regards Stefan Kell Actually, IF this is your problem, if you set the KVM to the OpenBSD system and LEAVE IT THERE, OpenBSD would probably work fine. You most likely did this on first install. It's the switching that kills the OpenBSD mouse/keyboard driver... Most likely, you switch it more once OpenBSD is loaded. Nick. Nope, the keyboard is locked even when I carefully do NOT switch the system with the KVM: I boot the machine, select the OS with bootmanager GAG, change timezone in UKC (remember dual boot), OpenBSD boots till the login prompt shows and then the keyboard is locked most of the time. I will try a current snapshot and see if this works better. Regards Stefan Kell
Re: two servers (4.0 and 3.9) constantly keep freezing
On Mon, Feb 26, 2007 at 11:36:38AM +0100, Sebastian Reitenbach wrote: I found this thread, where someone has seen the same problem: http://marc.theaimsgroup.com/?l=openbsd-techm=115959929717470w=2 (...) Is there anything else I can do to keep the machines up and running? Unfortunately, no. Nothing has changed since the above thread. -p.
Re: O'Reilly Net article: short comparison between Cisco PIX, Smoothwall
...and OpenBSD, of course... sorry, I forgot Andre
Re: [OT] openbsd + terminal server usage
On 2007/02/26 07:17, Julien TOUCHE wrote: Stuart Henderson wrote on 25/02/07 22:55: ports/comms/sredird to run a terminal server on OpenBSD, ftp://ftp.opengear.com/opengear-serial-client-2.0.9p0.tar.gz might work to let you connect to another terminal server as if it were a local port, I don't know whether it works on OpenBSD or not though. thanks a lot, exactly this. There is also 'cyclades-serial-client' to try if you have problems with the opengear one; these use the rfc2217 modem control protocol supported by most terminal servers which lets you change port speed, access control lines, etc. without reconfiguring the term server. there is also conserver in ports, but it seems more about managing than redirection. Yes, that's correct. It connects to terminal server ports, logs the output from the devices and can multiplex access to them (many users read-only, one user read-write).
Re: Router performance on OpenBSD and OpenBGPD
On 2007/02/25 20:05, Daniel Ouellet wrote: But I was wondering however if it wouldn't be possible to use the 72xx routers as dumb media converter? I don't think you can do this exactly, but you can run OSPF on them, let OpenBSD handle the main BGP sessions, and feed back a small BGP table to the cisco containing just the prefixes that it needs to know how to route. Something like this... physical: peer - cisco - openbgp e-bgp:peer - openbgp (n.b. multihop for ebgp sessions) ibgp: cisco - openbgp basically, cisco must know routes for any packets that will be fed to it. in some cases (e.g. one transit feed going into cisco) you may be able to get away with just a static default route to the transit on the cisco and OSPF or static routes back to your network. Same with layer3 switches if you need more PPS than you can handle on a PC and can live with limitations of the switches (e.g. restricted table sizes and buffers). I have ports for dynamips and dynagen if you need to play with cisco configs and don't have spare ciscos: http://spacehopper.org/openbsd/
Re: USB host class ACM
On Mon, Feb 26, 2007 at 10:13:45AM +, sof bo wrote: hello, does someone have information or used the host class ACM? These are supported by umodem(4) http://www.openbsd.org/cgi-bin/man.cgi?query=umodemsektion=4
Convite de Ralf Braga
Ola, O Ralf Braga (RalfBraga) esta a construir a sua rede de amigos online em : http://pt.facebox.com Aceita a sua amizade e junta-te ao Facebox! http://pt.facebox.com/go/register/id=1046589614i=t71 Criar o teu prsprio perfil - um blog - um albzm fotografico - um livro de visitas - a tua rede de amigos - videos - mzsica - e muito mais... Ja is um membro? Entco adiciona o Ralf Braga como teu amigo.: http://pt.facebox.com/RalfBraga/friends/view=add Tu nco conheces o(a) Ralf Braga? Visita a sua pagina de perfil na Facebox.: http://pt.facebox.com/RalfBraga Nco queres receber este e-mail? Bloquear o teu enderego de e-mail: http://pt.facebox.com/go/nomails/invite/[EMAIL PROTECTED]code=13097415i=t7id=1046589614
OpenBSD 4.0 / Xorg - vesa 1920x1200 widescreen resolution
Hi there, I got a Thinkpad Z61p (http://www.ciao.de/Lenovo_ThinkPad_Z61p_9452__2342038) with a 1920x1200 WUXGA widescreen display driven by an ATI Mobility FireGL V5200 - PCI Express x16 adaptor. Last weekend I tried to install OpenBSD 4.0 onto this box - everything essential works fine, except that it seems impossible to force the vesa driver of Xorg to work with a (or in particular this) widescreen resolution properly. The highest resolution I got working with the vesa driver was 1600x1200, but this sucks because the 1600 pixels are strechted to 1920 pixels in width. So due the lack of the fglrx driver which works just fine under Linux, the only half-decent workaround resolution was 1152x864 pixels for me, however this is insufficient if you own such a box ;) After I checked those issues with vanilla OpenBSD 4.0 + the shipped Xorg 6.9.x I upgraded to a recent snapshot from http://xenocara.org/ - but I didn't expected any different behavior, because my googling/rtfm already argued that the vesa driver seems to be not designed to work with such wide-screen resolutions (it seems to expect a 4:3 screen format anyways)... I can confirm that it makes no difference if you use Xorg 6.9 or 7.x. The source of the vesa driver is nearly the same btw, so nothing to wonder about. So out of curiosity, does anyone know of a vesa driver patch or of some unofficial hackish fglrx port to OpenBSD? Just wondering, because in Debian I can use fglrx even without loading some restricted kernel modules without dri capabilities... so I'd expect that the 2D part of this driver might work on a vanilla OpenBSD box as well (maybe). Note, the ati Xorg driver does not support the FireGL card. If nothing helps I have to stay with Linux ;(( Regards, -- Anselm R. Garbe http://www.suckless.org/ GPG key: 0D73F361
Free Advertising for the BSD Community
Hi, As some of you might know, I self-publish my books, which gives me full control of the contents, for better or worse. Because of the way my printers work, I must typeset my manuscripts to match their funky specs and sometimes I have a few blank pages left at the end. I need to pay for them anyway, so I thought I'd offer them to you for free. My next book is coming out in two weeks. I don't know how many pages I can offer but I though I'd give you an early warning :-) If you are a BSD professional, company, event organizer, project manager, etc. send me a private email and tell me what you'd like to advertise. The specs are simple: a black white copy, 4x7 inches in EPS or TIFF at 600dpi. My choices are final. I give preference to non-profits, but I welcome businesses too. -- Jacek Artymiak devGuide.net :: RadioBSD
Re: two servers (4.0 and 3.9) constantly keep freezing
Hi Sebastian, I don't know if this will help at all, but I remember having a Cyrus-IMAP server that always had a fair amount of disk I/O and tons of open files that would exhibit the similar behavior. Unfortunately, it wasn't running GENERIC (had RAIDFRAME and a couple of other things enabled), it was running an old OpenBSD 3.6 (amd64) system and I didn't have time to debug the issue since it was a production box, so I just changed the /usr/src/sys/uvm/uvm_map.h KMAP_ENT #define to be 4000 instead of 1000, recompiled the kernel, and also added crontab entries to stop and start most of the daemons running on that machine frequently, and that kept it up long enough to migrate the data off of it. I know it's incredibly kludgey and hackish, but it worked temporarily Best of luck, Tico Sebastian Reitenbach wrote: Hi list, I have two servers, one running 4.0 and one with 3.9, they are used as web servers, with a mysql database running on them. Both are more or less idle, but I have seem these messages in /var/log/messages on both servers: bsd: uvm_mapent_alloc: out of static map entries I found this thread, where someone has seen the same problem: http://marc.theaimsgroup.com/?l=openbsd-techm=115959929717470w=2 The servers are either freezing completely, or may still answer on pings, and carp communication, but it is not possible to log in via ssh, or contact the apache server. this is the output on one of the servers, just after new start: # vmstat -s|grep 'kernel map';grep uvm /var/log/messages 36 kernel map entries Jan 24 08:01:30 www /bsd: uvm_mapent_alloc: out of static map entries Jan 29 07:10:06 www /bsd: uvm_mapent_alloc: out of static map entries Feb 22 22:39:41 www /bsd: uvm_mapent_alloc: out of static map entries here the other running for ten days: # vmstat -s|grep 'kernel map';grep uvm /var/log/messages 672 kernel map entries Jan 24 08:01:30 www /bsd: uvm_mapent_alloc: out of static map entries Jan 29 07:10:06 www /bsd: uvm_mapent_alloc: out of static map entries Feb 22 22:39:41 www /bsd: uvm_mapent_alloc: out of static map entries as I read the message of the other thread, I can change some kernel option, but if I understand the message above correctly, with changing the options, i can only extend the time before a new freeze or problems. Is there anything else I can do to keep the machines up and running? kind regards Sebastian
Re: OpenBSD 4.0 / Xorg - vesa 1920x1200 widescreen resolution
For my laptop (whole different brand/chipset, but similar problem), I had to manually make a ModeLine. After that I had no problem at all using 1920x1200. -- Darrin Chandler | Phoenix BSD Users Group [EMAIL PROTECTED] | http://bsd.phoenix.az.us/ http://www.stilyagin.com/darrin/ |
Source Interface for outgoing connections
Hi everyone, I'm having some issues with an ipsec connection with vpnc (isakmp is not an option, since does not support xauth, and I don't control the other end) from an OpenBSD firewall/router to a Cisco device. I think problems could be natt related so I would like to eliminate nat from the equation, but the problem is that the outside interface is a private address. This firewall routes between a DMZ (public /29), a LAN segment (private /24), and the outside (private /30). -- LAN --- OpenBSD -- 10.90.0.0/30 --- Outside Router -- INET | | DMZ (public /29) Right now, I need to NAT on the Outside Router, since internet routed packets from the OpenBSD box go out with a private address. What I would like to achieve is that packets destined to internet get sourced with DMZ's interface, which is internet routable, and without pf tricks(I don't want NAT, remember). Bridging is not an option, since the Outside router needs its own IP for its own purposes. I don't know it its possible. If it's, please, let me know (pointing a man page would be OK). Thanks in advance
Re: OpenBSD 4.0 / Xorg - vesa 1920x1200 widescreen resolution
On Mon, Feb 26, 2007 at 09:36:10AM -0700, Darrin Chandler wrote: For my laptop (whole different brand/chipset, but similar problem), I had to manually make a ModeLine. After that I had no problem at all using 1920x1200. Well, would you like to send me your xorg.conf? I've seen various ones using ModeLines, but no one worked in conjunction with the vesa driver for me. If you can confirm that it really works with the vesa driver for you using special modelines, I'd really invest more time into debugging the issue. ;) Regards, -- Anselm R. Garbe http://www.suckless.org/ GPG key: 0D73F361
filesystem hackathon: still seeking donations
Hi, unfortunately the first call for hardware donations wasn't really that successful, we got a few interesting pieces of hardware, but we are still lacking major parts. So here's the second call for donations. In order to have a successful event we need the following pieces of hardware: - 2 fast build boxes, preferrably sth like a Sun Fire X2100 M2 or comparable - 8 250G SATA disks - 8 250G IDE disks As an alternative, we also ask for financial donations. All money collected will be used to buy above mentioned hardware for f2k7. One build box will afterwards be used for stable ports maintenance, the other machine and the disks will be given to developers in need. Excess money will be forwarded as regular OpenBSD donations. Paypal donations can be sent to [EMAIL PROTECTED], if you prefer a bank transfer or have any questions, please contact me directly. cheers, Nikolay -- It's all part of my Can't-Do approach to life. Wally
Re: Source Interface for outgoing connections
On 2/26/07, Samuel Moqux [EMAIL PROTECTED] wrote: I'm having some issues with an ipsec connection with vpnc (isakmp is not an option, since does not support xauth, and I don't control the other end) from an OpenBSD firewall/router to a Cisco device. I think problems could be natt related so I would like to eliminate nat from the equation, but the problem is that the outside interface is a private address. This firewall routes between a DMZ (public /29), a LAN segment (private /24), and the outside (private /30). -- LAN --- OpenBSD -- 10.90.0.0/30 --- Outside Router -- INET | | DMZ (public /29) Right now, I need to NAT on the Outside Router, since internet routed packets from the OpenBSD box go out with a private address. What I would like to achieve is that packets destined to internet get sourced with DMZ's interface, which is internet routable, and without pf tricks(I don't want NAT, remember). If you could get vpnc to bind to a specific interface it seems like that would be possible. Can you see if that's an option? The way I see it, NAT may not be an issue; any worthwhile modern IPsec implementation supports NAT traversal, which vpnc appears to (I see a reference to '--natt-mode' on their page.) If you can support NAT-T on the client and server, it may be a non-issue for you. Haven't used vpnc myself, but just looking at the package install message there's a couple of considerations: snip --- vpnc-0.3.3p1 --- In order for vpnc to actually get any received IPsec packet, you have to disable ESP in your kernel like this: sysctl net.inet.esp.enable=0 If you are behind a NAT gateway, you have to disable UDP encapsulation as well: sysctl net.inet.esp.udpencap=0 /snip DS
Re: monitoring traffic/bandwidth on a bridge
Monitoring the total bandwidth through the bridge is easy with `bwm-ng` or `ifstat`. The problem is that I want to see the bandwidth on a per-IP address basis. I can do this with `ntop` on an interface that has an IP address, but when I try to use it on the bridge I get: # ntop -i bridge0 bridge0: no IPv4 address assigned Unless I am misunderstanding the concept of a bridge, I don't think a bridge can even have an IP address. Any ideas? Thanks, Ross
Re: OpenBGPD bug??
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Ok Henning.
I'm using 3.9, and my config is:
group peering AS {
remote-as
neighbor $principal {
descr Link Principal
announce all
local-address $mypeer1
depend on carp1
set metric 1
set localpref 200
}
neighbor $backup {
descr Link BKP
announce all
local-address $mypeer2
depend on carp2
set metric 10
set localpref 100
}
}
group peering bogon {
remote-as 65333
neighbor $peer_bogon1 {
descr Peering Bogon 1
local-address $my_bogon
depend on carp0
multihop 64
announce none
max-prefix 1000
tcp md5sig password X
}
neighbor $peer_bogon2 {
descr Peering Bogon 2
local-address $my_bogon
depend on carp0
multihop 64
announce none
max-prefix 1000
tcp md5sig password
}
}
# filter out prefixes longer than 24 or shorter than 8 bits
deny from any
allow from any prefixlen 8 - 24
match to $principal set community :200
match to $backup set community :100
#BOGON
allow from any community 65333:888 set pftable bogons
allow from any community 65333:888 set nexthop blackhole
# do not accept a default route
deny from any prefix 0.0.0.0/0
# filter bogus networks
deny from any prefix 10.0.0.0/8 prefixlen = 8
deny from any prefix 172.16.0.0/12 prefixlen = 12
deny from any prefix 192.168.0.0/16 prefixlen = 16
deny from any prefix 169.254.0.0/16 prefixlen = 16
deny from any prefix 192.0.2.0/24 prefixlen = 24
deny from any prefix 224.0.0.0/4 prefixlen = 4
deny from any prefix 240.0.0.0/4 prefixlen = 4
The only relevant messages in the log before the crash is:
Feb 25 21:53:27 my_router bgpd[8131]: neighbor 38.229.0.5 (Peering Bogon
1): state change Active - OpenSent, reason: Connection opened
Feb 25 21:53:27 my_router bgpd[8131]: neighbor 38.229.0.5 (Peering Bogon
1): state change OpenSent - OpenConfirm, reason: OPEN message received
Feb 25 21:53:27 my_router bgpd[8131]: neighbor 38.229.0.5 (Peering Bogon
1): state change OpenConfirm - Established, reason: KEEPALIVE message
received
Feb 25 21:53:28 my_router bgpd[3075]: fatal in RDE:
rde_dispatch_imsg_parent: pipe closed
Feb 25 21:53:28 my_router bgpd[8131]: fatal in SE:
session_dispatch_imsg: pipe closed: Connection refused
But, i have a lot os this messages all the time:
Feb 26 09:02:06 my_router bgpd[7117]: neighbor (AS) withdraw
87.236.67.0/24
Feb 26 09:02:06 my_router bgpd[7117]: neighbor (AS) withdraw
87.236.66.0/23
[]'s
Nadal
Nco discuta com idiotas, eles te levam ati o nmvel deles e te vencem
por serem experientes
+---+
| Anderson Nadal [EMAIL PROTECTED] - CCNA/RHCE |
|Coordenador Tecnico|
| Fone: + 55 41 3331 8200 |
| FAX: + 55 41 3331 8256 |
| OndaRPC |
| www.ondarpc.com.br |
|Registered Linux User: 56841 |
| PGP KEY: www.keyserver.net KEY ID 6ABB668D|
+---+
Henning Brauer escreveu:
* Anderson Nadal [EMAIL PROTECTED] [2007-02-26 05:28]:
I found a possible OpenBGPD bug.
you're petty much leaving out all relevant information.
you don't mention which version you run, you don't show your config,
and you don't show complete logs at time of failure. impossible to
track down possible bugs like this.
that said, chances are very good this is fixed in -current/4.1.
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFF4x9kLQAusHT90XQRAru6AKC4vsg8pCcBi/ZIj+8g2QXBKu17AQCfZpsu
H6fXMN/4UzQmG1gM0EWnYvc=
=J3k7
-END PGP SIGNATURE-
Re: OpenBSD 4.0 / Xorg - vesa 1920x1200 widescreen resolution
On Mon, Feb 26, 2007 at 06:29:40PM +0100, Anselm R. Garbe wrote: On Mon, Feb 26, 2007 at 09:36:10AM -0700, Darrin Chandler wrote: For my laptop (whole different brand/chipset, but similar problem), I had to manually make a ModeLine. After that I had no problem at all using 1920x1200. Well, would you like to send me your xorg.conf? I've seen various ones using ModeLines, but no one worked in conjunction with the vesa driver for me. If you can confirm that it really works with the vesa driver for you using special modelines, I'd really invest more time into debugging the issue. ;) After switching to the vesa driver it didn't work. Perhaps it can be made to work with additional information (clock lines?) but I don't know. Sorry. I hope you find something that works for you. -- Darrin Chandler | Phoenix BSD Users Group [EMAIL PROTECTED] | http://bsd.phoenix.az.us/ http://www.stilyagin.com/darrin/ |
Re: monitoring traffic/bandwidth on a bridge
Check out bandwidthd, i dont think its in ports or pkgs, however it does an excellent job, gives per IP graphs and total bandwidth used. never tried it on a bridge thou On 22/02/07, Ross Davis [EMAIL PROTECTED] wrote: I am running OpenBSD 4.0 and have a bridge set up between two interfaces: fxp0 and xl0. I would like a program that gives a fairly basic report on the traffic flowing through this bridge. I am primarily interested in knowing which IPs on the xl0 side of the bridge are pulling the most bandwidth. I am currently experimenting with bwm-ng and ntop, but was wondering if anyone had a super magic awesome tool that they could recommend. Thanks, Ross -- -Lawrence -Student ID 1028219 -CCNA
Re: OpenBGPD bug??
* Anderson Nadal [EMAIL PROTECTED] [2007-02-26 19:14]: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ok Henning. I'm using 3.9, and my config is: well, this is obviously not your full config, but in this case, I am reasnably certain the problem is fixed. Now is a good time to give 4.1-beta a whirl anyway ;) But, i have a lot os this messages all the time: Feb 26 09:02:06 my_router bgpd[7117]: neighbor (AS) withdraw 87.236.67.0/24 Feb 26 09:02:06 my_router bgpd[7117]: neighbor (AS) withdraw 87.236.66.0/23 you obviously have update logging enabled, so you get what you ask for -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg Amsterdam
Re: keyboard lockup, KVM, dual-boot
Stefan Kell wrote: Hello Nick, Original-Nachricht Datum: Sun, 25 Feb 2007 21:26:42 -0500 Von: Nick Holland [EMAIL PROTECTED] An: misc misc@openbsd.org CC: Betreff: Re: keyboard lockup, KVM, dual-boot Stefan Kell wrote: Hello Nick, On Sun, 25 Feb 2007, Nick Holland wrote: ... It sounds like this: http://www.openbsd.org/faq/faq12.html#i386smouse Some KVM switches work great, some don't. I've got some that work great while they work, but then the KVM switch itself crashes regularly. *sigh* thank you for the link. I did miss this but have read other pages on the net which mention problems with KVMs. I am still wondering why I was able to install the system without problems. There must be a subtle difference between the installation kernel on the CD and the Generic one which causes the lockup. By the way, the lockup is not happening on each boot. Regards Stefan Kell Actually, IF this is your problem, if you set the KVM to the OpenBSD system and LEAVE IT THERE, OpenBSD would probably work fine. You most likely did this on first install. It's the switching that kills the OpenBSD mouse/keyboard driver... Most likely, you switch it more once OpenBSD is loaded. Nick. Nope, the keyboard is locked even when I carefully do NOT switch the system with the KVM: I boot the machine, select the OS with bootmanager GAG, change timezone in UKC (remember dual boot), OpenBSD boots till the login prompt shows and then the keyboard is locked most of the time. I will try a current snapshot and see if this works better. Regards Stefan Kell Hi, I tried with yesterdays snapshot (25/Feb) and had similar problems with Linksys KVM. Pulling keyboard cable out of KVM and putting back flashes the keyboard lights and keyboard starts working. I have had similar KVM problems since v3.9. I used Belkin KVM earlier but that caused erratic mouse with X. Neither of those KVM's had problems with linux. -pekka-
Re: OpenBGPD bug??
Ok, i will try a upgrade to 4.0 or 4.1 I know about logging update enabled, i just told you. :) Thanks for your help. []'s Nadal Nco discuta com idiotas, eles te levam ati o nmvel deles e te vencem por serem experientes +---+ | Anderson Nadal [EMAIL PROTECTED] - CCNA/RHCE | |Coordenador Tecnico| | Fone: + 55 41 3331 8200 | | FAX: + 55 41 3331 8256 | | OndaRPC | | www.ondarpc.com.br | |Registered Linux User: 56841 | | PGP KEY: www.keyserver.net KEY ID 6ABB668D| +---+ Henning Brauer escreveu: * Anderson Nadal [EMAIL PROTECTED] [2007-02-26 19:14]: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ok Henning. I'm using 3.9, and my config is: well, this is obviously not your full config, but in this case, I am reasnably certain the problem is fixed. Now is a good time to give 4.1-beta a whirl anyway ;) But, i have a lot os this messages all the time: Feb 26 09:02:06 my_router bgpd[7117]: neighbor (AS) withdraw 87.236.67.0/24 Feb 26 09:02:06 my_router bgpd[7117]: neighbor (AS) withdraw 87.236.66.0/23 you obviously have update logging enabled, so you get what you ask for
openbsd 4.0 and usb
Hi, I got some troubles. My openbsd hasn't any usb support, i tried to moun and usb pen drive, or configure my usb printer with no good results. I'm using downloaded openbsd from the ftp ( using cd40.iso to boot and get the install program then download the rest trough ftp ), and Jon Drews suggested me to get orginal CD , i will wait til 4.1 ( thanks Jon for all ). Here is the output for dmesg: OpenBSD 4.0 (GENERIC) #1107: Sat Sep 16 19:15:58 MDT 2006 [EMAIL PROTECTED] :/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel Pentium III (GenuineIntel 686-class, 512KB L2 cache) 502 MHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE real mem = 268005376 (261724K) avail mem = 236724224 (231176K) using 3297 buffers containing 13504512 bytes (13188K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(53) BIOS, date 03/10/00, BIOS32 rev. 0 @ 0xfb120, SMBIOS rev. 2.3 @ 0xf0800 (33 entries) bios0: VIA Technologies, Inc. VT82C693ABX apm0 at bios0: Power Management spec V1.2 apm0: AC on, battery charge unknown apm0: flags 70102 dobusy 1 doidle 1 pcibios0 at bios0: rev 2.1 @ 0xf/0xb59c pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdbd0/128 (6 entries) pcibios0: PCI Exclusive IRQs: 11 pcibios0: PCI Interrupt Router at 000:07:0 (VIA VT82C596A ISA rev 0x00) pcibios0: PCI bus #1 is the last bus bios0: ROM list: 0xc/0x8000 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 VIA VT82C691 PCI rev 0x44 ppb0 at pci0 dev 1 function 0 VIA VT82C598 AGP rev 0x00 pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 S3 Trio3 DX2 rev 0x02 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) pcib0 at pci0 dev 7 function 0 VIA VT82C596A ISA rev 0x23 pciide0 at pci0 dev 7 function 1 VIA VT82C571 IDE rev 0x10: ATA66, channel 0 configured to compatibility, channel 1 configured to compatibility wd0 at pciide0 channel 0 drive 0: ST38410A wd0: 32-sector PIO, LBA, 8223MB, 16841664 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 4 atapiscsi0 at pciide0 channel 1 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: HL-DT-ST, CD-ROM GCR-8520B, 1.00 SCSI0 5/cdrom removable cd0(pciide0:1:0): using PIO mode 4, DMA mode 2 VIA VT82C596 Power rev 0x30 at pci0 dev 7 function 3 not configured rl0 at pci0 dev 11 function 0 Realtek 8139 rev 0x10: irq 11, address 00:48:54:6a:75:30 rlphy0 at rl0 phy 0: RTL internal PHY isa0 at pcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker spkr0 at pcppi0 lpt0 at isa0 port 0x378/4 irq 7 npx0 at isa0 port 0xf0/16: using exception 16 pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec biomask f765 netmask ff65 ttymask ffe7 pctr: 686-class user-level performance counters enabled mtrr: Pentium Pro MTRR support dkcsum: wd0 matches BIOS drive 0x80 root on wd0a rootdev=0x0 rrootdev=0x300 rawdev=0x302 lpt0: out of paper lpt0: stat=0x4 not zero lpt0: stat=0x4 not zero I get this with usb printer connected and the pen drive. I'm using a P3 board. Any help? Thanks for all, Tang
Re: openbsd 4.0 and usb
On Mon, 26 Feb 2007, Tang Tse wrote: Hi, I got some troubles. My openbsd hasn't any usb support, i tried to moun and usb pen drive, or configure my usb printer with no good results. I'm using downloaded openbsd from the ftp ( using cd40.iso to boot and get the install program then download the rest trough ftp ), and Jon Drews suggested me to get orginal CD , i will wait til 4.1 ( thanks Jon for all ). Here is the output for dmesg: No trace of any USB device. Is USB disabled in the BIOS? -Otto OpenBSD 4.0 (GENERIC) #1107: Sat Sep 16 19:15:58 MDT 2006 [EMAIL PROTECTED] :/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel Pentium III (GenuineIntel 686-class, 512KB L2 cache) 502 MHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE real mem = 268005376 (261724K) avail mem = 236724224 (231176K) using 3297 buffers containing 13504512 bytes (13188K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(53) BIOS, date 03/10/00, BIOS32 rev. 0 @ 0xfb120, SMBIOS rev. 2.3 @ 0xf0800 (33 entries) bios0: VIA Technologies, Inc. VT82C693ABX apm0 at bios0: Power Management spec V1.2 apm0: AC on, battery charge unknown apm0: flags 70102 dobusy 1 doidle 1 pcibios0 at bios0: rev 2.1 @ 0xf/0xb59c pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdbd0/128 (6 entries) pcibios0: PCI Exclusive IRQs: 11 pcibios0: PCI Interrupt Router at 000:07:0 (VIA VT82C596A ISA rev 0x00) pcibios0: PCI bus #1 is the last bus bios0: ROM list: 0xc/0x8000 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 VIA VT82C691 PCI rev 0x44 ppb0 at pci0 dev 1 function 0 VIA VT82C598 AGP rev 0x00 pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 S3 Trio3 DX2 rev 0x02 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) pcib0 at pci0 dev 7 function 0 VIA VT82C596A ISA rev 0x23 pciide0 at pci0 dev 7 function 1 VIA VT82C571 IDE rev 0x10: ATA66, channel 0 configured to compatibility, channel 1 configured to compatibility wd0 at pciide0 channel 0 drive 0: ST38410A wd0: 32-sector PIO, LBA, 8223MB, 16841664 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 4 atapiscsi0 at pciide0 channel 1 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: HL-DT-ST, CD-ROM GCR-8520B, 1.00 SCSI0 5/cdrom removable cd0(pciide0:1:0): using PIO mode 4, DMA mode 2 VIA VT82C596 Power rev 0x30 at pci0 dev 7 function 3 not configured rl0 at pci0 dev 11 function 0 Realtek 8139 rev 0x10: irq 11, address 00:48:54:6a:75:30 rlphy0 at rl0 phy 0: RTL internal PHY isa0 at pcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker spkr0 at pcppi0 lpt0 at isa0 port 0x378/4 irq 7 npx0 at isa0 port 0xf0/16: using exception 16 pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec biomask f765 netmask ff65 ttymask ffe7 pctr: 686-class user-level performance counters enabled mtrr: Pentium Pro MTRR support dkcsum: wd0 matches BIOS drive 0x80 root on wd0a rootdev=0x0 rrootdev=0x300 rawdev=0x302 lpt0: out of paper lpt0: stat=0x4 not zero lpt0: stat=0x4 not zero I get this with usb printer connected and the pen drive. I'm using a P3 board. Any help? Thanks for all, Tang
Re: openbsd 4.0 and usb
Yes, it's up. Maybe an unsupported usb chipset? 2007/2/26, Otto Moerbeek [EMAIL PROTECTED]: On Mon, 26 Feb 2007, Tang Tse wrote: Hi, I got some troubles. My openbsd hasn't any usb support, i tried to moun and usb pen drive, or configure my usb printer with no good results. I'm using downloaded openbsd from the ftp ( using cd40.iso to boot and get the install program then download the rest trough ftp ), and Jon Drews suggested me to get orginal CD , i will wait til 4.1 ( thanks Jon for all ). Here is the output for dmesg: No trace of any USB device. Is USB disabled in the BIOS? -Otto OpenBSD 4.0 (GENERIC) #1107: Sat Sep 16 19:15:58 MDT 2006 [EMAIL PROTECTED] :/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel Pentium III (GenuineIntel 686-class, 512KB L2 cache) 502 MHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE real mem = 268005376 (261724K) avail mem = 236724224 (231176K) using 3297 buffers containing 13504512 bytes (13188K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(53) BIOS, date 03/10/00, BIOS32 rev. 0 @ 0xfb120, SMBIOS rev. 2.3 @ 0xf0800 (33 entries) bios0: VIA Technologies, Inc. VT82C693ABX apm0 at bios0: Power Management spec V1.2 apm0: AC on, battery charge unknown apm0: flags 70102 dobusy 1 doidle 1 pcibios0 at bios0: rev 2.1 @ 0xf/0xb59c pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdbd0/128 (6 entries) pcibios0: PCI Exclusive IRQs: 11 pcibios0: PCI Interrupt Router at 000:07:0 (VIA VT82C596A ISA rev 0x00) pcibios0: PCI bus #1 is the last bus bios0: ROM list: 0xc/0x8000 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 VIA VT82C691 PCI rev 0x44 ppb0 at pci0 dev 1 function 0 VIA VT82C598 AGP rev 0x00 pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 S3 Trio3 DX2 rev 0x02 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) pcib0 at pci0 dev 7 function 0 VIA VT82C596A ISA rev 0x23 pciide0 at pci0 dev 7 function 1 VIA VT82C571 IDE rev 0x10: ATA66, channel 0 configured to compatibility, channel 1 configured to compatibility wd0 at pciide0 channel 0 drive 0: ST38410A wd0: 32-sector PIO, LBA, 8223MB, 16841664 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 4 atapiscsi0 at pciide0 channel 1 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: HL-DT-ST, CD-ROM GCR-8520B, 1.00 SCSI0 5/cdrom removable cd0(pciide0:1:0): using PIO mode 4, DMA mode 2 VIA VT82C596 Power rev 0x30 at pci0 dev 7 function 3 not configured rl0 at pci0 dev 11 function 0 Realtek 8139 rev 0x10: irq 11, address 00:48:54:6a:75:30 rlphy0 at rl0 phy 0: RTL internal PHY isa0 at pcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker spkr0 at pcppi0 lpt0 at isa0 port 0x378/4 irq 7 npx0 at isa0 port 0xf0/16: using exception 16 pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec biomask f765 netmask ff65 ttymask ffe7 pctr: 686-class user-level performance counters enabled mtrr: Pentium Pro MTRR support dkcsum: wd0 matches BIOS drive 0x80 root on wd0a rootdev=0x0 rrootdev=0x300 rawdev=0x302 lpt0: out of paper lpt0: stat=0x4 not zero lpt0: stat=0x4 not zero I get this with usb printer connected and the pen drive. I'm using a P3 board. Any help? Thanks for all, Tang
Re: two servers (4.0 and 3.9) constantly keep freezing
Hi Tico, Pedro, have time to debug the issue since it was a production box, so I just changed the /usr/src/sys/uvm/uvm_map.h KMAP_ENT #define to be 4000 instead of 1000, recompiled the kernel, and also added crontab entries to stop and start most of the daemons running on that machine frequently, and that kept it up long enough to migrate the data off of it. more or less here, a production box, and no time to play with it :( I know it's incredibly kludgey and hackish, but it worked temporarily Best of luck, Tico thanks for your answers, now I now that there is no other way for now, than recompiling kernel. thanks Sebastian
Re: openbsd 4.0 and usb
On Mon, 26 Feb 2007, Tang Tse wrote: Yes, it's up. Maybe an unsupported usb chipset? unsupported devices show up in the dmesg as not configured. So your USB hardware might be broken, or maybe it is hiding behind an PCI bridge or something like that (though that is pure speculation). Try booting a snapshotd bsd.rd to see what that demsg shows in that case. -Otto
kadmin problem
when I try to connect to kadmin remote server (MIT) from openbsd SSH login gateway, the application hangs: kadmin add --random-key host/myhost.mydomain administrator/[EMAIL PROTECTED]'s Password: it hangs... I tryed to dobthis because I can;t logon using SSH I have this error: Feb 26 21:42:54 myhost krb5: verify: Server not found in Kerberos database so I tryed to register the OpenBSD krb5 client host to krb5 server usign kadmin but as I Said it hangs... what I have to do ? thanks Rick
Re: kadmin problem
RJ45 wrote: when I try to connect to kadmin remote server (MIT) from openbsd SSH login gateway, the application hangs: kadmin add --random-key host/myhost.mydomain administrator/[EMAIL PROTECTED]'s Password: it hangs... i'm guessing it hangs b/c you don't have this particular KDC as your default in your /etc/krb5.conf. posting a sanitized version of this file would be helpful for diagnosis. verify you're actually connected to the remote KDC's kadmin port before trying to issue commands. read the manual page for kadmin. having the privileges necessary to do this is also important. I tryed to dobthis because I can;t logon using SSH I have this error: Feb 26 21:42:54 myhost krb5: verify: Server not found in Kerberos database so I tryed to register the OpenBSD krb5 client host to krb5 server usign kadmin but as I Said it hangs... what I have to do ? thanks Rick
Re: [OT] openbsd + terminal server usage
ports/comms/sredird to run a terminal server on OpenBSD, i've installed sredird and it seems to be only telnet to local openbsd serial port. what i want is local openbsd serial to remote/telnet serial port ... :( ftp://ftp.opengear.com/opengear-serial-client-2.0.9p0.tar.gz might work to let you connect to another terminal server as if it were a local port, I don't know whether it works on OpenBSD or not though. seems configure has never been used on any bsd ... took linux compiler flags but it seems there is system dependant file. linux one fails on termio.h There is also 'cyclades-serial-client' to try if you have problems with the opengear one; these use the rfc2217 modem control protocol supported by most terminal servers which lets you change port speed, access control lines, etc. without reconfiguring the term server. seems based on the same old and bsd-unfriendly configure and base code ... there is also conserver in ports, but it seems more about managing than redirection. Yes, that's correct. It connects to terminal server ports, logs the output from the devices and can multiplex access to them (many users read-only, one user read-write). so it doesn't solve my problem here. no more advices to handle multiple serial device through terminal server while using basic tools like nut, cu, ... ? thanks Regards Julien note: i'm on list, no need to cc
no controlling tty error
I recently had a crashed disk. I recovered from backup, and made some changes to fstab. Now I can't get postgresql to start. I get an error that no controlling tty. If I try to start it anyway it tells me that postmaster isn't in the same directory as pg_ctl (but it is). Maybe somebody else can spot what I'm missing. errors: GTX-440:/root#su - _postgresql sh: No controlling tty (open /dev/tty: Permission denied) sh: warning: won't have full job control $ pg_ctl -D data/ start sh: cannot create /dev/null: Permission denied fgets failure: Permission denied The program postmaster is needed by pg_ctl but was not found in the same directory as /usr/local/bin/pg_ctl. Check your installation. $ locate pg_ctl /usr/local/bin/pg_ctl /usr/local/man/man1/pg_ctl.1 $ locate postmaster /usr/local/bin/postmaster /usr/local/man/man1/postmaster.1 here's the changes I made to fstab (sd4 is the crashed disk): $ cat /etc/fstab /dev/wd0a / ffs rw 1 1 /dev/wd1a /home ffs rw,nodev,nosuid,softdep 1 2 /dev/wd0d /usr ffs rw,nodev 1 2 /dev/wd0b /var/squid/cache/ mfs rw,async,-s=252400 0 0 #/dev/sd0a /usr/obj ffs rw,nodev 1 2 /dev/sd3a /usr/src ffs rw,nodev 1 2 #/dev/sd4a /var/www ffs rw,nodev 1 2 /dev/sd0a /var/www ffs rw,nodev 1 2 --Bryan
Re: no controlling tty error
sh: No controlling tty (open /dev/tty: Permission denied) sh: cannot create /dev/null: Permission denied Did you tighten up any permissions? # cd /dev; ls -al tty null crw-rw-rw- 1 root wheel2, 2 Feb 26 22:29 null crw-rw-rw- 1 root wheel1, 0 Feb 26 22:25 tty
Re: no controlling tty error
On 2007/02/26 13:39, Bryan Irvine wrote: sh: No controlling tty (open /dev/tty: Permission denied) sh: cannot create /dev/null: Permission denied this all points to permissions on /dev being wrong. (cd /dev;sh MAKEDEV all), I would untar the relevant OS distribution *.tgz over the top as well (with the p flag) to fix up any other files that may have been broken.
Re: no controlling tty error
On Mon, Feb 26, 2007 at 01:39:16PM -0800, Bryan Irvine wrote: sh: No controlling tty (open /dev/tty: Permission denied) [...] sh: cannot create /dev/null: Permission denied Use ls(1) to see what's wrong with /dev (probably just empty), then use MAKEDEV(8) to repair it. Ciao, Kili -- GUIs normally make it simple to accomplish simple actions and impossible to accomplish complex actions. -- Doug Gwyn (22/Jum/91 in `comp.unix.wizards')
Re: no controlling tty error
ah this did it. I'm not sure why it was all messed up. As far as I recall I didn't mess with /dev hr ah well MAKEDEV all fixed it. Everything is ok now. On 2/26/07, Stuart Henderson [EMAIL PROTECTED] wrote: On 2007/02/26 13:39, Bryan Irvine wrote: sh: No controlling tty (open /dev/tty: Permission denied) sh: cannot create /dev/null: Permission denied this all points to permissions on /dev being wrong. (cd /dev;sh MAKEDEV all), I would untar the relevant OS distribution *.tgz over the top as well (with the p flag) to fix up any other files that may have been broken.
Re: [OT] openbsd + terminal server usage
On 2007/02/26 22:22, Julien TOUCHE wrote: ftp://ftp.opengear.com/opengear-serial-client-2.0.9p0.tar.gz might work to let you connect to another terminal server as if it were a local port, I don't know whether it works on OpenBSD or not though. seems configure has never been used on any bsd ... took linux compiler flags but it seems there is system dependant file. linux one fails on termio.h ah, so there is. No ports to netbsd/freebsd either (and despite the addition of a GPL COPYING file to the tarball, all the source code is copyright Cyclades all rights reserved, so I don't think there will be an OpenBSD port either looking like that). no more advices to handle multiple serial device through terminal server while using basic tools like nut, cu, ... ? not from me, sorry.
Almost success: OpenBSD on Xen
Hi All, I don't know if many of you already tried to run OpenBSD on Xen as a HVM guest, but here is a small report of my attempts this evening. The virtual server runs on a debian sarge with xen packages from the backports debian repository. Hardware is a dell 2950 with cpu virtualisation enabled in BIOS. I had to use Paul's boot iso image (http://www.weirdnet.nl/openbsd/serial/ ) to boot and use the serial console. I could have used the VNC option but all text was too scrambled to be really usefull. At first I attempted to use a physical LVM volume as disk but the installer failed, I think it was wrong about the disk geometry. I will take a look at this later. Second problem: I had to tell xen to emulate a ne2k-pci NIC instead of a rtl8139 (re(4)) NIC. The re(4) card only gave me lots of watchdog timeouts and no packets. Even though lots of those were fixed on current, I still have those errors that's why I am still on ne(4). Due to a strange bug in xen I have to shutdown the virtual machine and start it again to have networking work. When I do a reboot I get re(4) again. If re(4) would work ok this host might actually get very usefull ;-) As you can see in the dmesg the kernel tells me the clock has a unknown CMOS layout but don't worry, the clock works ok ;-) I hope this information is usefull to some of you. here is my dmesg: OpenBSD 4.1-beta (GENERIC) #1400: Thu Feb 22 03:18:10 MST 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Xeon(R) CPU 5130 @ 2.00GHz (GenuineIntel 686-class) 2 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,MMX,FXSR,SSE,SSE2,SS,SBF,SSE3,DS-CPL,CX16,xTPR real mem = 133722112 (130588K) avail mem = 114614272 (111928K) using 1663 buffers containing 6811648 bytes (6652K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+ BIOS, date 06/23/99, BIOS32 rev. 0 @ 0xf9e80, SMBIOS rev. 2.4 @ 0x9f01f (10 entries) bios0: Xen HVM domU apm0 at bios0: Power Management spec V1.2 apm0: AC on, battery charge unknown apm0: flags 30102 dobusy 0 doidle 1 pcibios0 at bios0: rev 2.1 @ 0xf/0x0 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfa120/128 (6 entries) pcibios0: PCI Interrupt Router at 000:01:0 (Intel 82371SB ISA rev 0x00) pcibios0: PCI bus #0 is the last bus bios0: ROM list: 0xc/0x8000 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 Intel 82441FX rev 0x02 pcib0 at pci0 dev 1 function 0 Intel 82371SB ISA rev 0x00 pciide0 at pci0 dev 1 function 1 Intel 82371SB IDE rev 0x00: DMA, channel 0 wired to compatibility, channel 1 wired to compatibility wd0 at pciide0 channel 0 drive 0: QEMU HARDDISK wd0: 16-sector PIO, LBA48, 4027MB, 8248792 sectors wd0(pciide0:0:0): using PIO mode 0, DMA mode 2 atapiscsi0 at pciide0 channel 1 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: QEMU, QEMU CD-ROM, 0.8. SCSI0 5/cdrom removable cd0(pciide0:1:0): using PIO mode 0, DMA mode 1 Cirrus Logic CL-GD5446 rev 0x00 at pci0 dev 2 function 0 not configured unknown vendor 0x5853 product 0x0001 (class undefined unknown subclass 0x80, rev 0x01) at pci0 dev 3 function 0 not configured re0 at pci0 dev 4 function 0 Realtek 8139 rev 0x20, RTL8139C+ (0x7480): irq 11, address 00:16:3e:23:af:69 rlphy0 at re0 phy 0: RTL internal PHY isa0 at pcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard pmsi0 at pckbc0 (aux slot) pckbc0: using irq 12 for aux slot wsmouse0 at pmsi0 mux 0 pcdisplay0 at isa0 port 0x3d0/16 iomem 0xb8000/32768 wsdisplay0 at pcdisplay0 mux 1: console (80x25, vt100 emulation), using wskbd0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker spkr0 at pcppi0 lpt0 at isa0 port 0x378/4 irq 7 npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 pccom0 at isa0 port 0x3f8/8 irq 4: ns16450, no fifo pccom0: console fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 fd0 at fdc0 drive 0: density unknown fd1 at fdc0 drive 1: density unknown biomask e76d netmask ef6d ttymask ffef pctr: 686-class user-level performance counters enabled mtrr: Pentium Pro MTRR support nvram: invalid checksum dkcsum: wd0 matches BIOS drive 0x80 root on wd0a rootdev=0x0 rrootdev=0x300 rawdev=0x302 clock: unknown CMOS layout re0: watchdog timeout re0: watchdog timeout re0: watchdog timeout re0: watchdog timeout Regards, Wijnand
Re: filesystem hackathon: still seeking donations
* Nikolay Sturm [2007-02-26]: unfortunately the first call for hardware donations wasn't really that successful, we got a few interesting pieces of hardware, but we are still lacking major parts. So here's the second call for donations. It looks like I messed up the words, all we are asking for is hardware *loans*. If you or your company can spare a bunch of disks or a server for a week, that would already help us enormously. Donations are welcome as well, of course. :) PS: f2k7 will take place in Vienna from April 10th to 15th. thanks, Nikolay
binary updates
When will we ever see binary updates for OpenBSD? Taking a system off-line for over 20 hours to do a source code rebuild is just too long, and just tracking RELEASE means running an insecure system. Binary updating - try it, you'll like it!
Re: binary updates
On Mon, 26 Feb 2007 22:31:08 -0600, Default User wrote: When will we ever see binary updates for OpenBSD? Taking a system off-line for over 20 hours to do a source code rebuild is just too long, and just tracking RELEASE means running an insecure system. Binary updating - try it, you'll like it! Troll /dev/null Plonk! From the land down under: Australia. Do we look umop apisdn from up over?
Wireless Access Points and DHCPd
Hello, I have problem with assigning IP addresses to wireless clients using DHCP. I have two D-Link DWL-G700AP access points and turned their DHCP servers off. They are connected to my wired network, where my OpenBSD server resides. I have configured OpenBSD as DHCP server and it works fine with wired clients, but no success with wireless clients. Am I missing something? Thanks
Re: Wireless Access Points and DHCPd
Shohrukh Shoyokubov wrote: Hello, I have problem with assigning IP addresses to wireless clients using DHCP. I have two D-Link DWL-G700AP access points and turned their DHCP servers off. They are connected to my wired network, where my OpenBSD server resides. I have configured OpenBSD as DHCP server and it works fine with wired clients, but no success with wireless clients. Am I missing something? Is you D-Link wireless access point offer DHCP proxy or DHCP relay agent? If not, (and I don't think lower model would offer that) how do you expect your OpenBSD box to get and answer the DHCP broadcast request from the wireless client? Look for either proxy or relay agent on your wireless to allow what you want to do.
Re: Wireless Access Points and DHCPd
On 2/26/07, Shohrukh Shoyokubov [EMAIL PROTECTED] wrote: Hello, I have problem with assigning IP addresses to wireless clients using DHCP. I have two D-Link DWL-G700AP access points and turned their DHCP servers off. They are connected to my wired network, where my OpenBSD server resides. I have configured OpenBSD as DHCP server and it works fine with wired clients, but no success with wireless clients. Am I missing something? How's your subnetting? Are the APs doing any routing? If so they're going to need to be doing some dhcp relaying. Greg
Re: Wireless Access Points and DHCPd
On 2/26/07, Shohrukh Shoyokubov [EMAIL PROTECTED] wrote: Hello, I have problem with assigning IP addresses to wireless clients using DHCP. I have two D-Link DWL-G700AP access points and turned their DHCP servers off. They are connected to my wired network, where my OpenBSD server resides. I have configured OpenBSD as DHCP server and it works fine with wired clients, but no success with wireless clients. Am I missing something? How do we know if you're not explaining your configuration and showing the setup? DS
Re: binary updates
Just curious - why are you using a system that you don't understand the philosophy of? No, that came out wrong. Why aren't you trying to better understand the system you are using? On 2/26/07, Default User [EMAIL PROTECTED] wrote: When will we ever see binary updates for OpenBSD? Taking a system off-line for over 20 hours to do a source code rebuild is just too long, and just tracking RELEASE means running an insecure system. Binary updating - try it, you'll like it!
