xenocara errors
I am running 4.7-current amd64, not sure what this means, I am guessing it is an issue with xf86-video-mga driver Tpo; exit 1; fi gcc -DHAVE_CONFIG_H -I. -I/usr/xenocara/driver/xf86-video-mga/src -I.. -I/usr/X11R6/include/xorg -I/usr/X11R6/include/pixman-1 -I/usr/X11R6/include -I/usr/X11R6/include -I/usr/include/dev/pci/drm -I/usr/X11R6/include/X11/dri -O2 -pipe -MT mga_dri.lo -MD -MP -MF .deps/mga_dri.Tpo -c /usr/xenocara/driver/xf86-video-mga/src/mga_dri.c -fPIC -DPIC -o .libs/mga_dri.o /usr/xenocara/driver/xf86-video-mga/src/mga_dri.c:50:21: mga_drm.h: No such file or directory /usr/xenocara/driver/xf86-video-mga/src/mga_dri.c: In function `MGAWaitForIdleDMA': /usr/xenocara/driver/xf86-video-mga/src/mga_dri.c:323: error: `DRM_MGA_FLUSH' undeclared (first use in this function) /usr/xenocara/driver/xf86-video-mga/src/mga_dri.c:323: error: (Each undeclared identifier is reported only once /usr/xenocara/driver/xf86-video-mga/src/mga_dri.c:323: error: for each function it appears in.) /usr/xenocara/driver/xf86-video-mga/src/mga_dri.c:343: error: `DRM_MGA_RESET' undeclared (first use in this function) /usr/xenocara/driver/xf86-video-mga/src/mga_dri.c: In function `MGADRIBootstrapDMA': /usr/xenocara/driver/xf86-video-mga/src/mga_dri.c:552: error: syntax error before dma_bs /usr/xenocara/driver/xf86-video-mga/src/mga_dri.c:555: error: `dma_bs' undeclared (first use in this function) /usr/xenocara/driver/xf86-video-mga/src/mga_dri.c:562: error: `DRM_MGA_DMA_BOOTSTRAP' undeclared (first use in this function) /usr/xenocara/driver/xf86-video-mga/src/mga_dri.c: In function `MGADRIKernelInit': /usr/xenocara/driver/xf86-video-mga/src/mga_dri.c:786: error: syntax error before init /usr/xenocara/driver/xf86-video-mga/src/mga_dri.c:794: error: `init' undeclared (first use in this function) /usr/xenocara/driver/xf86-video-mga/src/mga_dri.c:794: error: `drm_mga_init_t' undeclared (first use in this function) /usr/xenocara/driver/xf86-video-mga/src/mga_dri.c:796: error: `MGA_INIT_DMA' undeclared (first use in this function) /usr/xenocara/driver/xf86-video-mga/src/mga_dri.c:827: error: `DRM_MGA_INIT' undeclared (first use in this function) /usr/xenocara/driver/xf86-video-mga/src/mga_dri.c: In function `MGADRICloseScreen': /usr/xenocara/driver/xf86-video-mga/src/mga_dri.c:1470: error: syntax error before init /usr/xenocara/driver/xf86-video-mga/src/mga_dri.c:1484: error: `init' undeclared (first use in this function) /usr/xenocara/driver/xf86-video-mga/src/mga_dri.c:1484: error: `drm_mga_init_t' undeclared (first use in this function) /usr/xenocara/driver/xf86-video-mga/src/mga_dri.c:1485: error: `MGA_CLEANUP_DMA' undeclared (first use in this function) /usr/xenocara/driver/xf86-video-mga/src/mga_dri.c:1486: error: `DRM_MGA_INIT' undeclared (first use in this function) *** Error code 1 Stop in /usr/xenocara/driver/xf86-video-mga/obj/src (line 382 of Makefile). *** Error code 1 Stop in /usr/xenocara/driver/xf86-video-mga/obj (line 329 of Makefile). *** Error code 1 Stop in /usr/xenocara/driver/xf86-video-mga/obj (line 236 of Makefile). *** Error code 1 Stop in /usr/xenocara/driver/xf86-video-mga (line 142 of /usr/X11R6/share/mk/bsd.xorg.mk). *** Error code 1 Stop in /usr/xenocara/driver/xf86-video-mga (line 203 of /usr/X11R6/share/mk/bsd.xorg.mk). *** Error code 1 Stop in /usr/xenocara/driver (line 48 of /usr/share/mk/bsd.subdir.mk). *** Error code 1 Stop in /usr/xenocara (line 48 of /usr/share/mk/bsd.subdir.mk).
Re: How to figure out the error location?
Hi, On Mon, 24 May 2010 12:31:56 +0700, Bret S. Lambert bret.lamb...@gmail.com wrote: On Mon, May 24, 2010 at 12:52:39AM +0200, Roger Schreiter wrote: Hi, we've been running a BGP router on OpenBSD for the months without problems. Now it crashed two times within 4 days. After the second crash, I could have a look on the screen: uvm_fault (0xd088cfc0, 0x6c4e2000, 0, 1) - e kernel: page fault trap, code=0 Stopped at pool_do_get+0x11b: movl 0(%ebx),%eax Is there any mean to figure out, which driver did cause the problem? Yes, by following the instructions which accompanied this message. WTF is it with people unable to do that lately? There is a 4xFE-NIC from D-Link (interface ste0 .. 3), whose driver seems to be new at OpenBSD-4.6. Maybe OOT, but I suggest your replace D-link 4xFE with something else.. It has some problem with PF. I've replace mine a long time ago. Should I try updating to OpenBSD-4.7? Regards, Roger. Regards, Insan -- insandotpraja(at)gmaildotcom
Re: mount_portal on 4.7+
On Mon, May 24, 2010 at 03:07:27AM +0400, ba...@yandex.ru wrote: mount_portal work? if yes, then give some working(tested) example for fs, please To the best of my knowledge, it hasn't been seriously used/maintained in ages. It may work, but use something else if at all possible. Joachim
rdomain, mpe, ldpd, OpenBGPD and PF
Hi Misc@, Before I begin to test OpenBGPD mpls VPN support on current, is there any hints on route-leaking, and an example/hints to make a complete setup MPLS cloud and MPLS/VPN on a network. In my later experiences using OpenBSD, I use pf with rtable to make a VPN-like network without isolation on the network. Now I need to know if there are ways to have a semi-isolated network when using rdomain or anything like it. Thanks, Insan Praja -- insandotpraja(at)gmaildotcom
Re: 4.7 pf: quick and rdr-to/nat-to
On Mon, May 24, 2010 at 01:24:26AM +0400, Vadim Jukov wrote: Then maybe, you'll show us output of: 1. cat /etc/pf.conf 2. pfctl -f /etc/pf.conf pfctl -sr 3. pfctl -o none -f /etc/pf.conf pfctl -sr Today it works without the quick. I don't know why, but it works now. Sorry for the noise. Cheers Rene -- Reni Maroufi i...@maroufi.net
a secure web server
I want to use a secure web server on OpenBSD. It would serve only static html filest, no cgi, no php, etc. It just have to be secure, no need to be fast, just secure [only using it with https]. What would be the best web server software? nginx? apache? lighthttpd? Thank you for any proposals. Have a nice day!
Re: a secure web server
On 24/05/2010 11:44, Jozsi Vadkan wrote: I want to use a secure web server on OpenBSD. It would serve only static html filest, no cgi, no php, etc. It just have to be secure, no need to be fast, just secure [only using it with https]. What would be the best web server software? nginx? apache? lighthttpd? Thank you for any proposals. Have a nice day! Handily, there happens to be just such a web server that comes as part of the standard OpenBSD install. Secure, chrooted, supports SSL, sane defaults out of the box. See man httpd(8), or take a look at http://www.openbsd.org/cgi-bin/man.cgi?query=httpd http://www.openbsd.org/faq/faq10.html#HTTPS will also help, and deals specifically with setting up an SSL-enabled server. As a side note, might I humbly recommend that in future a certain amount of Googling, or even just browsing around the FAQ by hand, might bring better results than just asking this list, which generally prefers to focus on more complex issues, ie ones not already well-documented in the man pages, the FAQ, and answered repeatedly in the archives of this list. Cheers, Si1entDave -- Yes, I know, I've just defeated my own argument by giving him his answers on a platter, and thus reinforcing said behaviour, but what the hell, its a nice sunny day here in Coventry. I'm in a good mood :-)
Re: a secure web server
Il 24/05/10 12.44, Jozsi Vadkan ha scritto: I want to use a secure web server on OpenBSD. It's a real generalistic idea. It would serve only static html filest, no cgi, no php, etc. It just have to be secure, no need to be fast, just secure [only using it with https]. What you mean with secure? Not vulnerable to any attacks? Can resist to DDoS of thousands machines? Noone found that you set asd or asdasd as root password? What would be the best web server software? nginx? It's a reverse proxy and referring to proxy definition implement a light webserver. Have a small footprint and someone[1] say fast because implement nonblocking I/O. apache? maybe yes, but it's more than you need lighthttpd? better no. Thank you for any proposals. Have a nice day! [1] https://calomel.org/nginx.html
Re: a secure web server
http://www.openbsd.org/faq/faq1.html#Included Our improved and secured version of the Apache 1.3 web server. The OpenBSD team has added default chrooting, privilege revocation, and other security-related improvements. Also includes mod_ssl and DSO support. The httpd included by default in the system is exactly what your are looking for. ;) -- I must not fear. Fear is the mind-killer. Fear is the little-death that brings total obliteration. I will face my fear. I will permit it to pass over me and through me. And when it has gone past I will turn the inner eye to see its path. Where the fear has gone there will be nothing. Only I will remain. Bene Gesserit Litany Against Fear.
Re:
2010/5/24 J.C. Roberts list-...@designtools.org: On Mon, 24 May 2010 00:00:07 +0200 patrick kristensen kristensenpatri...@gmail.com wrote: I have managed to get a working connection with the following script /etc/ppp/ppp.conf default: set log Phase Chat LCP IPCP CCP tun command set device /dev/cuaU0 set speed 460800 set dial ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \\ AT OK-AT-OK ATE1Q0 OK \\dATDT\\T TIMEOUT 40 CONNECT esp: set device /dev/cuaU0 set speed 460800 set timeout 0 set dial ABORT BUSY TIMEOUT 5 \ \\ \ AT OK-AT-OK \ AT+CPIN=\\\7291\\\ OK-AT-OK \ AT+CFUN=1 OK-AT-OK \ AT+CGDCONT=1,\\\IP\\\,\\\movistar.es\\\ OK-AT-OK \ \\dATDT*99***1# TIMEOUT 30 CONNECT set ifaddr 0 81.47.192.13 255.255.255.255 add default HISADDR enable dns # ./. Setting 'set ifaddr to 0.0.0.0/0 0.0.0.0/0 255.255.255.255' gave me an ipadress to MYADDR but i did not get a route. Setting 'set ifaddr 0.0.0.0/0 194.179.1.100 (which was DNS) 255.255.255.255' made it possible to nslookup movistar.es. After nslookup the APN and hardcoding the ip to HISADDR i got a working connection. The APN (Movistar (Telefonica) Spain) is correct (http://www.vysoo.com/apn.php#415 and other sources). (I have not been able to find other data networks for movistar as with your example with Verizon) This setup works so far (i can ping external addresses). My understanding of ppp(8) is that it should have been enough to 'set ifaddr 0 0 255.255.255.255 (0)' and 'add default HISADDR' (if the CGDCONT is correct). I appreciate any input on the script and log. It seems your routing is hosed. As the ppp(8) manual states, if you use add it will not overwrite your default route (typically stored in /etc/mygate). When you want to overwrite the default route, you need to use add! such as: add! default HISADDR Typically, you want to overwrite the default route, but note, you'll probably see some harmless warnings for routes that ppp cannot overwrite (such as IPv6 when it's not supported by your provider). As for setting up the interface addresses, you should define all four parts, rather than defining only three as you have done above. set ifaddr 10.0.0.1/0 10.0.0.2/0 0.0.0.0 0.0.0.0 part#1 part#2 part#3 part#4 In your script above, your part#1 of 0 is *DEMANDING* that your address be 0.0.0.0/32 and nothing else, or in other words, you are *DEMANDING* that you become the default route for the remote system. Needless to say the remote system will just laugh at you and refuse to change it's default route (i.e. address your end as 0.0.0.0). Setting the netmask (part#3) to 0.0.0.0 forces ppp to assign an appropriate netmask. Since it is a point-to-point link and some operating systems/kernels do not understand a POINTTOPOINT netmask, you'll typically end up with 255.255.255.255 or 255.255.255.0 for the netmask of your tun0 interface *even* if the remote gateway address is outside of the netmask. Using part#4 is important. This the address you *SUGGEST* that your side should be, but you *DEMAND* your side gets and address defined by part#1 (the /0 netmask on part#1 says any IP address). Additionally, part#4 is also the trigger address when using '-auto' mode to connect or reconnect. Lastly, there's no point in defining 'device' 'speed' and 'dial' in the default: section of your config file since you are redefining them in the esp: section. Once you have the above corrected, look at your CHAP settings. Though you were able to negotiate IP addresses (according to the log), it seems your provider wanted to use CHAP authentication. If you made the previous corrections and you still cannot connect, then you may need to use CHAP: set authname myusername set authkey mypassword set login Not all providers require PAP/CHAP authentication through 'authname' 'authkey' and 'login' because the real authentication is being done by device identifiers (MEID and/or IMEI). jcr -- The OpenBSD Journal - http://www.undeadly.org I used the 'add! default' and the 'TRIGGER ADDR' in several attempts but removed them when they didnt seem to change anything, however i understand that they should be there. Setting 'set ifaddr 0.0.0.0/0 0.0.0.0-255.255.255.254 0.0.0.0 0.0.0.0' works however i can still not set HISADDR to '0.0.0.0/0' to get an ipaddres offer to HISADDR. I assume setting a range has the same affect as setting HISADDR with changeable bits but i dont understand why 0.0.0.0/0 or any variation doesnt give me an address. These set ifaddr does not work 0.0.0.0/0 0.0.0.0/0 0.0.0.0 0.0.0.0 0.0.0.0/0 0.0.0.0/32 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0.0 0.0.0.0 0.0.0.0/0 0.0.0.0/0 0.0.0.0 0.0.0.0/0 etc These works 0.0.0.0/0 81.47.192.13 0.0.0.0 0.0.0.0 0.0.0.0/0 0.0.0.0-255.255.255.254 0.0.0.0
Re: rdomain, mpe, ldpd, OpenBGPD and PF
On Mon, May 24, 2010 at 05:23:00PM +0700, Insan Praja SW wrote: Hi Misc@, Before I begin to test OpenBGPD mpls VPN support on current, is there any hints on route-leaking, and an example/hints to make a complete setup MPLS cloud and MPLS/VPN on a network. In my later experiences using OpenBSD, I use pf with rtable to make a VPN-like network without isolation on the network. Now I need to know if there are ways to have a semi-isolated network when using rdomain or anything like it. Passing traffic between VPNs is either done in pf(4) by setting the rtable on a rule or by importing routes in BGP (import/export-target). The first method is much more flexible but more static. First of all you need the attached diff to play with the kernel MPLS part. With that in you can start playing with the various parts. 1. You need to MPLS enable the interfaces that do MPLS In my test I use a vlan for this: # more /etc/hostname.vlan2003 vlan 2003 vlandev sis0 inet 10.83.128.26 255.255.255.248 NONE mpls 2. Then it is best to have a loopback interface: # more /etc/hostname.lo1 inet 10.83.66.23 255.255.255.255 NONE 3. LDP config: router-id 10.83.66.23 distribution independent retention liberal advertisement unsolicited interface lo1 { } interface vlan2003 { } 4. I use ospfd as IGP, there is nothing special needed here. 5. create a rdomain 1: # more /etc/hostname.vlan2017 rdomain 1 vlan 2017 vlandev sis0 inet 192.168.220.1 255.255.255.0 6. create a mpe(4) in rdomain 1: # more /etc/hostname.mpe0 rdomain 1 mplslabel 543 inet 10.83.66.129 255.255.255.255 Note: it is necessary to have an IP on mpe(4) but it does not matter which one you pick. I normaly use the loopback IP but maybe using the vlan2017 IP would be smarter. 7. BGP config: AS 65003 router-id 10.83.66.23 listen on 10.83.66.23 rdomain 1 { descr CUSTOMER1 rd 65003:1 import-target rt 65003:1 export-target rt 65003:1 depend on mpe0 network 192.168.220/24 } group ibgp { announce IPv4 unicast announce IPv4 vpn remote-as 65003 local-address 10.83.66.23 neighbor 10.83.66.2 { descr c2 } } Start ospfd, bgpd, and ldpd and hope for the best (check that all sessions come up). Setup something similar on a second system. Use e.g. ping -V1 -I 192.168.220.1 192.168.221.1 to test the VPN. It is possible to use gif/gre instead of LDP -- just use a gre interface in point 1 and skip everyting that needs LDP. -- :wq Claudio Index: sbin/ifconfig/ifconfig.8 === RCS file: /cvs/src/sbin/ifconfig/ifconfig.8,v retrieving revision 1.200 diff -u -p -r1.200 ifconfig.8 --- sbin/ifconfig/ifconfig.87 May 2010 06:17:34 - 1.200 +++ sbin/ifconfig/ifconfig.824 May 2010 12:48:34 - @@ -347,6 +347,11 @@ this directive is used to select between and 802.11g .Pq Dq 11g operating modes. +.It Cm mpls +Enable Multiprotocol Label Switching (MPLS) on the interface. It will be +able to send and receive MPLS traffic. +.It Fl mpls +Disable MPLS on the interface. .It Cm mtu Ar value Set the MTU for this device to the given .Ar value . Index: sbin/ifconfig/ifconfig.c === RCS file: /cvs/src/sbin/ifconfig/ifconfig.c,v retrieving revision 1.232 diff -u -p -r1.232 ifconfig.c --- sbin/ifconfig/ifconfig.c6 May 2010 12:58:40 - 1.232 +++ sbin/ifconfig/ifconfig.c6 May 2010 20:34:51 - @@ -191,6 +191,7 @@ voidunsetmediaopt(const char *, int); void setmediainst(const char *, int); void settimeslot(const char *, int); void timeslot_status(void); +void setifmpls(const char *, int); void setmpelabel(const char *, int); void setvlantag(const char *, int); void setvlanprio(const char *, int); @@ -346,6 +347,8 @@ const structcmd { { -rtlabel, -1, 0, setifrtlabel }, { range, NEXTARG,0, setatrange }, { phase, NEXTARG,0, setatphase }, + { mpls, IFXF_MPLS, 0, setifxflags }, + { -mpls, -IFXF_MPLS, 0, setifxflags }, { mplslabel, NEXTARG,0, setmpelabel }, { advbase,NEXTARG,0, setcarp_advbase }, { advskew,NEXTARG,0, setcarp_advskew }, @@ -3252,6 +3255,7 @@ mpe_status(void) printf(\tmpls label: %d\n, shim.shim_label); } +/* ARGSUSED */ void setmpelabel(const char *val, int d) { Index: sys/conf/GENERIC
Re: rdomain, mpe, ldpd, OpenBGPD and PF
Hi Claudio, Thanks, I'll report back to you after I'm done with my first test. On Mon, 24 May 2010 20:11:46 +0700, Claudio Jeker cje...@diehard.n-r-g.com wrote: On Mon, May 24, 2010 at 05:23:00PM +0700, Insan Praja SW wrote: Hi Misc@, Before I begin to test OpenBGPD mpls VPN support on current, is there any hints on route-leaking, and an example/hints to make a complete setup MPLS cloud and MPLS/VPN on a network. In my later experiences using OpenBSD, I use pf with rtable to make a VPN-like network without isolation on the network. Now I need to know if there are ways to have a semi-isolated network when using rdomain or anything like it. Passing traffic between VPNs is either done in pf(4) by setting the rtable on a rule or by importing routes in BGP (import/export-target). The first method is much more flexible but more static. First of all you need the attached diff to play with the kernel MPLS part. With that in you can start playing with the various parts. 1. You need to MPLS enable the interfaces that do MPLS In my test I use a vlan for this: # more /etc/hostname.vlan2003 vlan 2003 vlandev sis0 inet 10.83.128.26 255.255.255.248 NONE mpls 2. Then it is best to have a loopback interface: # more /etc/hostname.lo1 inet 10.83.66.23 255.255.255.255 NONE 3. LDP config: router-id 10.83.66.23 distribution independent retention liberal advertisement unsolicited interface lo1 { } interface vlan2003 { } 4. I use ospfd as IGP, there is nothing special needed here. 5. create a rdomain 1: # more /etc/hostname.vlan2017 rdomain 1 vlan 2017 vlandev sis0 inet 192.168.220.1 255.255.255.0 6. create a mpe(4) in rdomain 1: # more /etc/hostname.mpe0 rdomain 1 mplslabel 543 inet 10.83.66.129 255.255.255.255 Note: it is necessary to have an IP on mpe(4) but it does not matter which one you pick. I normaly use the loopback IP but maybe using the vlan2017 IP would be smarter. 7. BGP config: AS 65003 router-id 10.83.66.23 listen on 10.83.66.23 rdomain 1 { descr CUSTOMER1 rd 65003:1 import-target rt 65003:1 export-target rt 65003:1 depend on mpe0 network 192.168.220/24 } group ibgp { announce IPv4 unicast announce IPv4 vpn remote-as 65003 local-address 10.83.66.23 neighbor 10.83.66.2 { descr c2 } } Start ospfd, bgpd, and ldpd and hope for the best (check that all sessions come up). Setup something similar on a second system. Use e.g. ping -V1 -I 192.168.220.1 192.168.221.1 to test the VPN. It is possible to use gif/gre instead of LDP -- just use a gre interface in point 1 and skip everyting that needs LDP. Thanks, -- insandotpraja(at)gmaildotcom
problems with CARP
Hi all, I have some problems with CARP (I can't get it working). this is my current configuration: # sysctl net.inet.ip.forwarding net.inet.ip.forwarding=1 # sysctl net.inet.carp net.inet.carp.allow=1 net.inet.carp.preempt=1 net.inet.carp.log=2 # cat /etc/hostname.carp1 inet 172.16.0.1 255.255.255.0 172.16.0.255 vhid 2 pass carppasswd carpdev em1 # cat /etc/hostname.em1 inet 172.16.0.3 255.255.255.0 (pf is disabled) # ifconfig carp1 carp1: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:00:5e:00:01:02 priority: 0 carp: MASTER carpdev em1 vhid 2 advbase 1 advskew 0 groups: carp inet6 fe80::200:5eff:fe00:102%carp1 prefixlen 64 scopeid 0x8 inet 172.16.0.1 netmask 0xff00 broadcast 172.16.0.255 from the carp device I'm able to ping 172.16.0.1, but from a client I can't (but I can ping 172.16.0.3). But in the client I have an arp entry for 172.16.0.1 (correctly referring to 00:0:5e:00:01:02) when I tcpdump to em1 I can see carp advertisement: 16:47:21.223303 CARPv2-advertise 36: vhid=2 advbase=1 advskew=0 demote=0 (DF) [tos 0x10] but when I tcpdump on carp1 I can't see anything. any hint? thanks, stefano
Fırsat ürünlerinde yüzde 50 indirim ve kargo ücretsiz
Halens T|rkiye : Kvyalt} Mevki Cemal Ulusoy Caddesi Asena Sok. No : 9 Kat : 3 34197 Yenibosna / ]stanbul T|rkiye CEO: Matthias Fink, Ticaret Sicil Numaras} 694704 HALENS DANI^MA HATTI 09:30 - 12:30 / 13:30 - 17:30 i...@halens.com.tr Telif hakk} 2009 Quelle T|rkiye tekstil ve Elektronik Online Shop Limited ^irketi'ne aittir. Bu maili d|zg|n gvremiyorsan}z t}klay}n}z. \yelikten g}kmak istiyorsan}z t}klay}n}z. Tasar}m : Kollektif
Toshiba L505D-S5983 ACPI
I have to disable ACPI in order to boot OpenBSD 4.7 on this laptop. I don't really mind but can this harm the hardware?
Re: Toshiba L505D-S5983 ACPI
On May 24 11:29:51, Michael Seney wrote: I have to disable ACPI in order to boot OpenBSD 4.7 on this laptop. I don't really mind but can this harm the hardware? Of course; things burn. Nice laptop you got there ... I can take it under my protection for $1000 a week.
Re: OpenBGP: 3 doubts regarding localpref, rib out and announcement
On Sun, May 23, 2010 at 3:10 PM, Henning Brauer lists-open...@bsws.de wrote: match to $peer_2 prefix X.Y.Z.0/23 set localpref +50 But it wont work as I need. Please remember X.Y.Z.0/23 is announced by me. localpref for outgoing? that is useless. localpref is, well, local, and not transmitted to the peer. and since you're setting it outbound (after all route decisions) it is a noop. I believe I was not clear. I need to set a certain prefix of mine with a higher localpref. It's not expected to be transmitted to the peer, it's a local router policy decision to set localpref for a local /23. Today I do this with pf route-to. pass route-to peer2_ip from x.y.z.0/23 to any sounds like you're after sh ri out nei foo Thats excactly what I wanted, thank you a lot Brauer. Finally, my last doubt. I want to re-announce the bogon prefix I get from cymru projet to by internal BGP servers. I do announce all but the bogon list prefixes I get from cymru don't get announced. I managed to set community delete NO_EXPORT since I believed the NO_EXPORT community cymru sends me is the cause of non-reannouncement on announce all desired behavior. However its still dont get announced to my peers. i bet this is an invalid nexthop case. set nexthop-self might be required. That's why I like talking to whom knows. You are absolutely right, thank you again :) I could export it setting it to a reachable nexthop. But now I tried something else which did not work. My scenario: group cymru { ... set community $myasn:6 ... peer $cymru1 { ... ... } peer $cymru2 { ... } } #match from any community $myasn:6 set community delete NO_EXPORT # [1] works great match to $transit_peer1 community $myasn:6 set community delete NO_EXPORT # [2] wont work, never gets deleted My intention: export selectively what I get from group cymru, by selectively removing the NO_EXPORT community. If I comment [1] and uncomment [2] the rule wont match. [1] always match fine... In fact I tested a number o rules and nome with match to .. set X worked, when I am dealing with a prefix I got from someone else (not announced by be). What am I missing? -- === Eduardo Meyer pessoal: dudu.me...@gmail.com profissional: ddm.farmac...@saude.gov.br
Re: Toshiba L505D-S5983 ACPI
On Mon, May 24, 2010 at 11:29:51AM -0400, Michael Seney wrote: I have to disable ACPI in order to boot OpenBSD 4.7 on this laptop. I don't really mind but can this harm the hardware? Why do you have to disable it? What's the panic/problem etc. dmesg, acpidump...
Implementing ntop - Last Version
Hi all, That's a pleasure got in the OpenBSD main list, that is my first time. But I thing anyone has a question like that. The problem is: I am trying to implement ntop in OpenBSD, but the version we have on repository pkg is very old, and the interface of that version is a little bit over. As we are a security company that offer OpenBSD as a service the actual ntop is totally out of the customers expect. I have already tried to compile the source code to OpenBSD, but it doesn't works at all. So what is the hint in my case? Thanks a lot in advanced! Att, -- Rovercy Este comunicado, incluindo seus anexos, e de uso exclusivo do destinatario e pode conter informacoes confidenciais e/ou privilegiadas. Se voce nao e o destinatario designado, qualquer uso, copia, divulgacao, veiculacao ou distribuicao e estritamente proibida. Por favor notifique o remetente imediatamente, respondendo este email, apague esta mensagem e destrua todas as copias. This communication, including attachments, is for the exclusive use of addressee and may contain proprietary, confidential and/or privileged information. If you are not the intended recipient, any use, copying, disclosure, dissemination or distribution is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this communication and destroy all copies.
Recommended 802.11g adapter
Hello, I'm going to set OpenBSD based AP on ALIX board. I've red ral(4) and ath(4) manpages but mentioned mPCI card models are really hard to find on the market. I found only Ralink RT2800 based Sparklan WMIR-200N which is too expensive for me (60$). Can anybody recommend me 802.11g miniPCI card that is able to work in host AP mode? regards Piotr
Introducing Acrobat Dynamic PDF 2010
Experience a better way to connect people, ideas and information. Acrobat Dynamic PDF 2010 enables you to connect, interact, and engage in powerful new ways. Streamline how you work, collaborate more easily, and create high impact communications. Designed to meet the needs of today's business, Acrobat Dynamic PDF helps you get more done - easier, faster, better. Key features: + Reliably create and distribute PDF documents and forms. + Protect documents and accelerate information exchange with PDF. + Deliver the richest, most engaging PDF communications anytime, anywhere. To learn more about new features and how to install this best-of-breed application, you can: + Go to http://signupway.ru/track/redirect.asp?siteid=4879aff=11994 Acobat Dynamic PDF 2010 + Get your options, download, install and boost your works productivity. As a complementary, you are offered a chance to get a full version of Office suite for your office work convenience. http://signupway.ru/track/redirect.asp?siteid=4879aff=11994 DOWNLOAD ACROBAT DYNAMIC PDF 2010 TODAY Thanks and best regards, Acrobat Dynamic PDF This email was sent by: Steelcase Store 901 44th Street SE Grand Rapids, MI, 49508-7505, US Update Your Profile: http://cl.exct.net/profile_center.aspx?s=fe2b157070670c7b761175mid=fec1157470630074j=fe581575716c06797d13l=fe8c16797760077572jb=ffcf14ju=Update Your Profile: http://cl.exct.net/profile_center.aspx?s=fe2b157070670c7b761175mid=fec1157470630074j=fe581575716c06797d13l=fe8c16797760077572jb=ffcf14ju=
parution de Amarré à un corps-mort de Jean-Pierre Barbier Jardet
Madame, Monsieur, Nous sommes heureux de vous informer de la parution de AmarrC) C un corps-mort de Jean-Pierre Barbier Jardet. Toutes les informations que vous souhaiteriez recevoir concernant son acquisition sont consignC)es dans le document que vous pourrez dC)rouler ci-aprC(s et au bas duquel nous vous offrons la suite de cette missive. Jean-Pierre Barbier-Jardet, psychanalyste, romancier, poC(te, est lbauteur dbune Euvre forte, au style ciselC). Ses romans sont authentiquement un thC)Ctre des passions de la chair et de la difficultC) dbC*tre. Sulfureux parfois, ils associent et une analyse des sentiments dbune grande finesse et une geste C)rotique tendue ; vaine ou non, la recherche de lbamour, dans sa variante homosexuelle, donne lieu C une narration originale et intelligente. Nous vous en conseillons vivement la lecture et plus particuliC(rement AmarrC) C un corps-mort.Collection LittC)rature. CorrC)lats dans le genre chez Orizons (voir notre site et son catalogue) : FranC'ois G. BUSSAC, Les GarC'ons sensibles Patrick CARDON : Le Grand Ecart ou tous les garC'ons sbappellent Ali GC)rard GLATT : LbImpasse HC)loC/se Avec nos remerciements pour votre attention. Daniel Cohen, directeur dbOrizons editionsorizons.com Paris, ce mois de mai 2010
Re:
I realize you must be frustrated while learning something new, but I am frustrated by you not paying attention. Now let's look at what I wrote one more time: set ifaddr 10.0.0.1/0 10.0.0.2/0 0.0.0.0 0.0.0.0 part#1 part#2 part#3 part#4 The first chunk of part#1, namely '10.0.0.1', says I want my IP address to be 10.0.0.1 but the second chunk of part#1, namely the '/0', is a netmask which says I will accept any IP address the remote system wants me to use on my side. The first chunk of part#2, namely '10.0.0.2', says I want the remote side to use IP address 10.0.0.2 but the second chunk of part#2, namely the '/0', says I will accept any IP address the remote system wants to use on their side. The IP addresses (and netmasks) stated in part#1 and part#2 are important. They should never be the same, and they should never be set to default route address ('0.0.0.0'). This is why two separate private IP addresses are used in the above (10.0.0.1 and 10.0.0.2), and also why the netmask '/0' in CIDR notation allows for the remote side to pick any address it wants to use for *both* your IP address and its IP address. If you forget the CIDR notation netmask on part#1 or part#2, you are DEMANDING that the specified address be used, and if the other side disagrees, your side will disconnect. The part#3 is the netmask assigned on my side to the resulting connection after we negotiate addresses. Links between two systems made with Point to Point Protocol (ppp) are weird in comparison to typical network links, and some operating systems do not have a specific PointToPoint netmask in the network stack, so the netmask must be faked. Using '0.0.0.0' as the part#3 netmask tells the ppp program to use what is available and the result is ppp will typically set the netmask to '255.255.255.255' automatically. The part#4 is the trigger address which controls when ppp will try to establish a connection. Since we set part#4 to the equivalent of any address namely '0.0.0.0' any attempt to contact another system will result in ppp automatically establishing the connection. The thing to realize is 0.0.0.0 is roughly equivalent to a default route. The stuff you are doing is just plain wrong: set ifaddr 0.0.0.0/0 0.0.0.0-255.255.255.254 0.0.0.0 0.0.0.0 part#1 part#2 part#3 part#4 Prior to negotiating address, you are saying your IP address will initially be 0.0.0.0 and the remote IP address will also initially be 0.0.0.0 The problem is, when two systems have the same IP address you have a conflict. Additionally, since 0.0.0.0 equates to the default route, this is very bad. Needless to say, the ppp(8) software is compensating for your mistakes and doing the best it can with your broken config. In the second chunk of your part#1, namely '/0', this netmask says that you will accept any IP address the other side wants you to use. This is good. In the second chunk of part#3, namely '-255.255.255.254' is using the wrong syntax. The ppp(8) program might interpret this as a range of addresses, or might interpret it as a pair of addresses, or it might interpret it as a netmask. You should use simple CIDR notation as described in the ppp man page. If ppp(8) is interpreting this bad second chunk of part#3 as a netmask, the you are *DEMANDING* that the remote system use 0.0.0.0 or 0.0.0.1 as its IP address, and if the remote side refuses to use one of those two addresses, then you will disconnect. jcr
Re:
I didn't get the importance of having different addresses in part#1 and #2 and assumed from 'ifconfig tun0' [ ... ] inet 95.124.11.167 -- 10.0.0.2 netmask 0xfff [ ... ] that HISADDR did not change to a valid one. I should have understood you were telling me the correct syntax literally. I see that this configuration works and i understand the syntax. Sorry this took longer time than it should and thanks for following through. I have found a great resource in 'Absolute OpenBSD: UNIX for the Practical Paranoid' (ISBN 1886411999) and of course this was a great first impression from this mailing list. I will try not to abuse it. All the best to you 2010/5/24, J.C. Roberts list-...@designtools.org: I realize you must be frustrated while learning something new, but I am frustrated by you not paying attention. Now let's look at what I wrote one more time: set ifaddr 10.0.0.1/0 10.0.0.2/0 0.0.0.0 0.0.0.0 part#1 part#2 part#3 part#4 The first chunk of part#1, namely '10.0.0.1', says I want my IP address to be 10.0.0.1 but the second chunk of part#1, namely the '/0', is a netmask which says I will accept any IP address the remote system wants me to use on my side. The first chunk of part#2, namely '10.0.0.2', says I want the remote side to use IP address 10.0.0.2 but the second chunk of part#2, namely the '/0', says I will accept any IP address the remote system wants to use on their side. The IP addresses (and netmasks) stated in part#1 and part#2 are important. They should never be the same, and they should never be set to default route address ('0.0.0.0'). This is why two separate private IP addresses are used in the above (10.0.0.1 and 10.0.0.2), and also why the netmask '/0' in CIDR notation allows for the remote side to pick any address it wants to use for *both* your IP address and its IP address. If you forget the CIDR notation netmask on part#1 or part#2, you are DEMANDING that the specified address be used, and if the other side disagrees, your side will disconnect. The part#3 is the netmask assigned on my side to the resulting connection after we negotiate addresses. Links between two systems made with Point to Point Protocol (ppp) are weird in comparison to typical network links, and some operating systems do not have a specific PointToPoint netmask in the network stack, so the netmask must be faked. Using '0.0.0.0' as the part#3 netmask tells the ppp program to use what is available and the result is ppp will typically set the netmask to '255.255.255.255' automatically. The part#4 is the trigger address which controls when ppp will try to establish a connection. Since we set part#4 to the equivalent of any address namely '0.0.0.0' any attempt to contact another system will result in ppp automatically establishing the connection. The thing to realize is 0.0.0.0 is roughly equivalent to a default route. The stuff you are doing is just plain wrong: set ifaddr 0.0.0.0/0 0.0.0.0-255.255.255.254 0.0.0.0 0.0.0.0 part#1 part#2 part#3 part#4 Prior to negotiating address, you are saying your IP address will initially be 0.0.0.0 and the remote IP address will also initially be 0.0.0.0 The problem is, when two systems have the same IP address you have a conflict. Additionally, since 0.0.0.0 equates to the default route, this is very bad. Needless to say, the ppp(8) software is compensating for your mistakes and doing the best it can with your broken config. In the second chunk of your part#1, namely '/0', this netmask says that you will accept any IP address the other side wants you to use. This is good. In the second chunk of part#3, namely '-255.255.255.254' is using the wrong syntax. The ppp(8) program might interpret this as a range of addresses, or might interpret it as a pair of addresses, or it might interpret it as a netmask. You should use simple CIDR notation as described in the ppp man page. If ppp(8) is interpreting this bad second chunk of part#3 as a netmask, the you are *DEMANDING* that the remote system use 0.0.0.0 or 0.0.0.1 as its IP address, and if the remote side refuses to use one of those two addresses, then you will disconnect. jcr
Re: Recommended 802.11g adapter
Hello, I have Alix 2D3 (and another 2D13) with Tonze PC-620C miniPCI. It mostly works ok, but I am still hunting some problem - one or two times for a month it falls to ddb prompt. I build OpenBSD completelly from cvs just about every month - it seems it is time for new build of -current. Best regards, Alexander # ifconfig ral0 ral0: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST mtu 1500 lladdr 00:17:b7:30:41:ab priority: 4 groups: wlan media: IEEE802.11 autoselect mode 11g hostap status: active ieee80211: nwid chan 7 bssid 00:17:b7:30:41:ab wpapsk 0x wpaprotos wpa1,wpa2 wpaakms psk wpaciphers ccmp wpagroupcipher ccmp 100dBm inet 192.168.254.1 netmask 0xff00 broadcast 192.168.254.255 inet netmask 0xfff8 broadcast # dmesg OpenBSD 4.7-current (FLASHRD) #19: Wed Apr 14 23:29:29 CEST 2010 r...@kraken.gremlin.cz:/usr/src/sys/arch/i386/compile/FLASHRD cpu0: Geode(TM) Integrated Processor by AMD PCS (AuthenticAMD 586-class) 499 MHz cpu0: FPU,DE,PSE,TSC,MSR,CX8,SEP,PGE,CMOV,CFLUSH,MMX real mem = 268009472 (255MB) avail mem = 247640064 (236MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 12/10/07, BIOS32 rev. 0 @ 0xfceb2 pcibios0 at bios0: rev 2.1 @ 0xf/0x1 pcibios0: pcibios_get_intr_routing - function not supported pcibios0: PCI IRQ Routing information unavailable. pcibios0: PCI bus #0 is the last bus bios0: ROM list: 0xe/0xa800 cpu0 at mainbus0: (uniprocessor) pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 1 function 0 AMD Geode LX rev 0x33 glxsb0 at pci0 dev 1 function 2 AMD Geode LX Crypto rev 0x00: RNG AES vr0 at pci0 dev 9 function 0 VIA VT6105M RhineIII rev 0x96: irq 10, address 00:0d:b9:17:23:d4 ukphy0 at vr0 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI 0x004063, model 0x0034 vr1 at pci0 dev 10 function 0 VIA VT6105M RhineIII rev 0x96: irq 11, address 00:0d:b9:17:23:d5 ukphy1 at vr1 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI 0x004063, model 0x0034 vr2 at pci0 dev 11 function 0 VIA VT6105M RhineIII rev 0x96: irq 12, address 00:0d:b9:17:23:d6 ukphy2 at vr2 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI 0x004063, model 0x0034 ral0 at pci0 dev 12 function 0 Ralink RT2561S rev 0x00: irq 9, address 00:17:b7:30:41:ab ral0: MAC/BBP RT2561C, RF RT2527 glxpcib0 at pci0 dev 15 function 0 AMD CS5536 ISA rev 0x03: rev 3, 32-bit 3579545Hz timer, watchdog, gpio gpio0 at glxpcib0: 32 pins pciide0 at pci0 dev 15 function 2 AMD CS5536 IDE rev 0x01: DMA, channel 0 wired to compatibility, channel 1 wired to compatibility wd0 at pciide0 channel 0 drive 0: CF CARD 4GB wd0: 1-sector PIO, LBA, 3599MB, 7372512 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2 pciide0: channel 1 ignored (disabled) ohci0 at pci0 dev 15 function 4 AMD CS5536 USB rev 0x02: irq 15, version 1.0, legacy support ehci0 at pci0 dev 15 function 5 AMD CS5536 USB rev 0x02: irq 15 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 AMD EHCI root hub rev 2.00/1.00 addr 1 isa0 at glxpcib0 isadma0 at isa0 com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo com0: console pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker spkr0 at pcppi0 npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 usb1 at ohci0: USB revision 1.0 uhub1 at usb1 AMD OHCI root hub rev 1.00/1.00 addr 1 biomask e1ef netmask ffef ttymask mtrr: K6-family MTRR support (2 registers) nvram: invalid checksum rd0: fixed, 6080 blocks umass0 at uhub0 port 1 configuration 1 interface 0 Kingston DataTraveler 2.0 rev 2.00/1.00 addr 2 umass0: using SCSI over Bulk-Only scsibus0 at umass0: 2 targets, initiator 0 sd0 at scsibus0 targ 1 lun 0: Kingston, DataTraveler 2.0, 1.00 SCSI2 0/direct removable sd0: 7643MB, 512 bytes/sec, 15654848 sec total vscsi0 at root scsibus1 at vscsi0: 256 targets softraid0 at root root on rd0a swap on rd0b dump on rd0b clock: unknown CMOS layout On Mon, 2010-05-24 at 22:10 +0200, Piotr Komborski wrote: Hello, I'm going to set OpenBSD based AP on ALIX board. I've red ral(4) and ath(4) manpages but mentioned mPCI card models are really hard to find on the market. I found only Ralink RT2800 based Sparklan WMIR-200N which is too expensive for me (60$). Can anybody recommend me 802.11g miniPCI card that is able to work in host AP mode? regards Piotr
Re: Recommended 802.11g adapter
On Mon, May 24, 2010 17:10, Piotr Komborski wrote: Hello, I'm going to set OpenBSD based AP on ALIX board. I've red ral(4) and ath(4) manpages but mentioned mPCI card models are really hard to find on the market. I found only Ralink RT2800 based Sparklan WMIR-200N which is too expensive for me (60$). Can anybody recommend me 802.11g miniPCI card that is able to work in host AP mode? never tested on OpenBSD, but I have a ral usb nic that runs ok on freebsd (pfsense), if you have usb on this alix. http://www.tp-link.com/products/productDetails.asp?class=wlanpmodel=TL-WN321G matheus -- We will call you cygnus, The God of balance you shall be A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? http://en.wikipedia.org/wiki/Posting_style
Re: Traffic redirect no longer working
lheck...@users.sourceforge.net writes: I've used the same pf.conf for years with only minimal changes, but 4.7 broke it, and I can't seem to fix it. The OBSD machine is a firwall between a cable modem and a private IP LAN. Previously, I used these rules to allow ssh access from specific Internet hosts to a machine in the LAN: rdr on $ext_if proto tcp from $work_hosts to any port ssh - $ssh_host pass in quick on $ext_if proto tcp \ from $work_hosts to $ssh_host port ssh flags S/SA modulate state In 4.7, I changed this to match in on $ext_if proto tcp from $work_hosts to any port ssh rdr-to $ssh_host pass in quick on $ext_if proto tcp \ from $work_hosts to $ssh_host port ssh flags S/SA modulate state What happens now when I try to connect to $ssh_host from the Internet is quite weird: - no blocked packets are logged - on the firewall's LAN-side interface, a tcpdump shows the ssh connection being forwarded to $ssh_host - on $ssh_host, tcpdump shows the incoming ssh connection - sshd on $ssh_host does not pick up I can ssh from the firewall to $ssh_host just fine; I haven't tested ssh from Internet to firewall (with suitable pass rule). What am I missing? I guess that some packet information isn't being rewritten correctly or completely. I still haven't gotten any further. Thanks to Scott, Neal, and Peter's BSDCan slides, I have rewritten chunks of pf.conf so that it's fully up to date wrt 4.7. The subject of my post is actually incorrect because the redirect is working, which I can verify with tcpdumps of the gateway external and internal interface, pflog, and tcpdump on the target host's interface. Looking at the tcpdumps in wireshark, I only see one-way traffic on the ssh port, i.e. only SYN, but no ACK. It doesn't matter whether the target is e.g a Linux or FreeBSD host. Any idea why this would be happening? I can ssh from the outside to the gw (with suitable pass rules), and from the gw to the internal host. All these observations taken together make it look like pf is mucking up the packets in transit. I'm stumped. All other aspects of the pf config appear to work fine. --- This message and any attachments may contain Cypress (or its subsidiaries) confidential information. If it has been received in error, please advise the sender and immediately delete this message. ---
Creating a mpe interface
I'm having trouble creating a mpe interface on OpenBSD 4.7. What I've done so far is recompile the kernel with option MPLS. I've also enabled forwarding and mpls in the /etc/sysctl.conf. I've also been able to configure and start ldpd and use ldpctl show to display the status of ldpd. I used config -e /bsd to enable the mpe driver. I'm experimenting under Sun VirtualBox if that makes a difference. Going from mpe(4), I'm trying to run the command ifconfig mpe0 create. It throws the error SIOCIFCREATE: Invalid argument. The mpe(4) man page doesn't suggest any additional command line arguments. Does anyone have any suggestions? Thanks in advance, --Bruce
Re: Creating a mpe interface
On Mon, May 24, 2010 at 05:34:18PM -0700, Robert Bruce Carleton wrote: I'm having trouble creating a mpe interface on OpenBSD 4.7. What I've done so far is recompile the kernel with option MPLS. I've also enabled forwarding and mpls in the /etc/sysctl.conf. I've also been able to configure and start ldpd and use ldpctl show to display the status of ldpd. I used config -e /bsd to enable the mpe driver. I'm experimenting under Sun VirtualBox if that makes a difference. Going from mpe(4), I'm trying to run the command ifconfig mpe0 create. It throws the error SIOCIFCREATE: Invalid argument. The mpe(4) man page doesn't suggest any additional command line arguments. Does anyone have any suggestions? $ grep -n mpe GENERIC 105:#pseudo-device mpe # MPLS PE interface ^ Uncomment that in sys/conf/GENERIC and recompile your kernel, if you haven't already done so. Thanks in advance, --Bruce
Re:
On Tue, 25 May 2010 00:54:53 +0200 patrick kristensen kristensenpatri...@gmail.com wrote: 2010/5/24, J.C. Roberts list-...@designtools.org: I realize you must be frustrated while learning something new, but I am frustrated by you not paying attention. Now let's look at what I wrote one more time: set ifaddr 10.0.0.1/0 10.0.0.2/0 0.0.0.0 0.0.0.0 part#1 part#2 part#3 part#4 The first chunk of part#1, namely '10.0.0.1', says I want my IP address to be 10.0.0.1 but the second chunk of part#1, namely the '/0', is a netmask which says I will accept any IP address the remote system wants me to use on my side. The first chunk of part#2, namely '10.0.0.2', says I want the remote side to use IP address 10.0.0.2 but the second chunk of part#2, namely the '/0', says I will accept any IP address the remote system wants to use on their side. The IP addresses (and netmasks) stated in part#1 and part#2 are important. They should never be the same, and they should never be set to default route address ('0.0.0.0'). This is why two separate private IP addresses are used in the above (10.0.0.1 and 10.0.0.2), and also why the netmask '/0' in CIDR notation allows for the remote side to pick any address it wants to use for *both* your IP address and its IP address. If you forget the CIDR notation netmask on part#1 or part#2, you are DEMANDING that the specified address be used, and if the other side disagrees, your side will disconnect. The part#3 is the netmask assigned on my side to the resulting connection after we negotiate addresses. Links between two systems made with Point to Point Protocol (ppp) are weird in comparison to typical network links, and some operating systems do not have a specific PointToPoint netmask in the network stack, so the netmask must be faked. Using '0.0.0.0' as the part#3 netmask tells the ppp program to use what is available and the result is ppp will typically set the netmask to '255.255.255.255' automatically. The part#4 is the trigger address which controls when ppp will try to establish a connection. Since we set part#4 to the equivalent of any address namely '0.0.0.0' any attempt to contact another system will result in ppp automatically establishing the connection. The thing to realize is 0.0.0.0 is roughly equivalent to a default route. The stuff you are doing is just plain wrong: set ifaddr 0.0.0.0/0 0.0.0.0-255.255.255.254 0.0.0.0 0.0.0.0 part#1 part#2 part#3 part#4 Prior to negotiating address, you are saying your IP address will initially be 0.0.0.0 and the remote IP address will also initially be 0.0.0.0 The problem is, when two systems have the same IP address you have a conflict. Additionally, since 0.0.0.0 equates to the default route, this is very bad. Needless to say, the ppp(8) software is compensating for your mistakes and doing the best it can with your broken config. In the second chunk of your part#1, namely '/0', this netmask says that you will accept any IP address the other side wants you to use. This is good. In the second chunk of part#2, namely '-255.255.255.254' is using the wrong syntax. The ppp(8) program might interpret this as a range of addresses, or might interpret it as a pair of addresses, or it might interpret it as a netmask. You should use simple CIDR notation as described in the ppp man page. If ppp(8) is interpreting this bad second chunk of part#2 as a netmask, the you are *DEMANDING* that the remote system use 0.0.0.0 or 0.0.0.1 as its IP address, and if the remote side refuses to use one of those two addresses, then you will disconnect. jcr I didn't get the importance of having different addresses in part#1 and #2 and assumed from 'ifconfig tun0' [ ... ] inet 95.124.11.167 -- 10.0.0.2 netmask 0xfff [ ... ] that HISADDR did not change to a valid one. I should have understood you were telling me the correct syntax literally. I see that this configuration works and i understand the syntax. Sorry this took longer time than it should and thanks for following through. I have found a great resource in 'Absolute OpenBSD: UNIX for the Practical Paranoid' (ISBN 1886411999) and of course this was a great first impression from this mailing list. I will try not to abuse it. All the best to you Heck, in my last two paragraphs I put part#3 instead of part#2 (corrected above) but you still understood it. ;) The Absolute OpenBSD is good but parts of it are now outdated, but this is to be expected. As for ppp(8), the ppp.conf file gives you full control of a a fairly complex Finite State Machine (FSM), so the man page is long and takes some effort to understand. Once you know the basics, ppp(8) becomes *REALLY* useful for debugging and monitoring connections. There are still a few minor problems with your chat