newfs, fsck slow
Hi, When i do a newfs on HD 500Go , it takes much more times using OpenBSD 4.9 instead of 5.0 RELEASE. Same problem using fsck -y dev. Why ? Machine : mac mini model : A1347 Thank you very much for your replies. Cheers, Wesley.
Re: strange tcp rst with rdomain
well that is how rdomains work, they are isolated from each other, pf can break that isolation up. an sshd in rdomain 0 is not reachable from another rdomain, except pf is used to allow that - or something external routes between them. * Russell Garrison russell.garri...@gmail.com [2011-12-20 21:50]: I was inspired and realized you can do better with pf: pass in on em5 proto tcp to 192.168.235.12 port 22 \ rdr-to 192.168.163.1 rtable 0 I am not using vlan and my interfaces have IP addresses assigned. 235.12 above is the management IP of the host in a non-zero rdomain and 163.1 is the IP of the host in rdomain 0 with sshd listener started. May still not be the best way, but I like this better than starting multiple sshd. That approach had an added problem that my tty would start in the rdomain local to where I connected, instead of using 0 as the default. On Tue, Dec 20, 2011 at 3:28 PM, Russell Garrison russell.garri...@gmail.com wrote: I have found that I need to add something like: !route -T 2 exec /usr/sbin/sshd To the pertinent hostname.if file to make sure sshd is listening in addtional routing tables, but I do not know if this is best. On Mon, Dec 19, 2011 at 1:02 PM, PP;QQ P(P8P?P8QP8P= chipits...@gmail.com wrote: Hello. I'm running multihomed OpenBSD server: vlan5/carp5 - default vlan2/carp2 and vlan4/carp4 are connected to other ISPs. when there's no rdomain thing, everything seems to be working, except all outgoing packets goes through vlan5/carp5. so, I did f2n0:/root#cat /etc/hostname.vlan2 vlan 2 vlandev trunk0 mtu 1300 up f2n0:/root#cat /etc/hostname.carp2 vhid 62 pass m1pass carpdev vlan2 X.X.X.X/26 rdomain 2 !/sbin/route -T 2 add 0.0.0.0/0 X.X.X.Z f2n0:/root#cat /etc/hostname.vlan4 vlan 4 vlandev trunk0 mtu 1300 up f2n0:/root#cat /etc/hostname.carp4 vhid 64 pass m1pass carpdev vlan4 Y.Y.Y.Y/26 rdomain 4 !/sbin/route -T 4 add 0.0.0.0/0 Y.Y.Y.Z f2n0:/root# also, I did f2n0:/root#grep -v ^# /etc/pf.conf set skip on lo pass in vlan2 rtable 2 pass in vlan4 rtable 4 pass pingis working good, packets go out via appropriate interface. however, ssh ends with tcp rst, for example. how can the reason for that tcp rst might be detected? am I doing anything wrong with rdomains? Ilya Shipitsin -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/
Re: newfs, fsck slow
* Wesley M. open...@e-solutions.re [2011-12-21 09:22]: When i do a newfs on HD 500Go , it takes much more times using OpenBSD 4.9 instead of 5.0 RELEASE. Same problem using fsck -y dev. Why ? because we made it faster after 4.9 was released?!? -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/
Re: can not use the up key to last command at root?
On 2011-12-20, johnw johnw.m...@gmail.com wrote: The aliases are not neccesary. I suspect root's shell is in vi mode. Check with set -o -Otto Yes, i have this one in ~/.kshrc, export EDITOR=vim. delete this can solve the problem. thank all. If you still want to use vim (or any editor containing the string 'vi') in programs which use EDITOR without invoking this feature of the shell, create a symlink containing the string 'emacs' and use that in EDITOR instead..
Re: can not use the up key to last command at root?
On Wed, Dec 21, 2011 at 10:41 AM, Stuart Henderson s...@spacehopper.org wrote: On 2011-12-20, johnw johnw.m...@gmail.com wrote: The aliases are not neccesary. I suspect root's shell is in vi mode. Check with set -o -Otto Yes, i have this one in ~/.kshrc, export EDITOR=vim. delete this can solve the problem. thank all. If you still want to use vim (or any editor containing the string 'vi') in programs which use EDITOR without invoking this feature of the shell, create a symlink containing the string 'emacs' and use that in EDITOR instead.. Or: EDITOR=vi VISUAL=not_emacs $ ls -al /usr/bin/not_emacs lrwxr-xr-x 1 root wheel 2 Dec 21 11:03 /usr/bin/not_emacs - vi
Re: newfs, fsck slow
On Wed, Dec 21, 2011 at 12:21:11PM +0400, Wesley M. wrote: Hi, When i do a newfs on HD 500Go , it takes much more times using OpenBSD 4.9 instead of 5.0 RELEASE. Same problem using fsck -y dev. Why ? Machine : mac mini model : A1347 Thank you very much for your replies. Cheers, Wesley. Because we improve things? -Otto
start daemon with rc.d
Hello misc. In old release of OBSD to start daemons with system was used rc.local. For example: if [ -x /usr/local/bin/mysqld_safe ] ; then su -c _mysql root -c '/usr/local/bin/mysqld_safe /dev/null 21 ' echo -n ' mysql' fi In 5.0 have changes described here: http://www.openbsd.org/faq/faq10.html#rc and in man rc.d and rc.conf.local. The questions is how to start mysqld_safe or cupsd or any other daemon, that was placed in /etc/rc.d? Add the lines to rc.conf.local like this: pkg_scripts=cupsd pkg_scripts=mysqld or something else?
Re: start daemon with rc.d
On Wed, Dec 21, 2011 at 02:26:32PM +0400, pavel pocheptsov wrote: Hello misc. In old release of OBSD to start daemons with system was used rc.local. For example: if [ -x /usr/local/bin/mysqld_safe ] ; then su -c _mysql root -c '/usr/local/bin/mysqld_safe /dev/null 21 ' echo -n ' mysql' fi In 5.0 have changes described here: http://www.openbsd.org/faq/faq10.html#rc and in man rc.d and rc.conf.local. The questions is how to start mysqld_safe or cupsd or any other daemon, that was placed in /etc/rc.d? Add the lines to rc.conf.local like this: pkg_scripts=cupsd pkg_scripts=mysqld or something else? pkg_scripts=cupsd mysqld Order matters, since daemons will be started accordingly. -- Antoine
Re[2]: start daemon with rc.d
21 P4P5P:P0P1QQ 2011, 14:41 PQ Antoine Jacoutot ajacou...@bsdfrog.org: On Wed, Dec 21, 2011 at 02:26:32PM +0400, pavel pocheptsov wrote: Hello misc. In old release of OBSD to start daemons with system was used rc.local. For example: if [ -x /usr/local/bin/mysqld_safe ] ; then su -c _mysql root -c '/usr/local/bin/mysqld_safe /dev/null 21 ' echo -n ' mysql' fi In 5.0 have changes described here: http://www.openbsd.org/faq/faq10.html#rc and in man rc.d and rc.conf.local. The questions is how to start mysqld_safe or cupsd or any other daemon, that was placed in /etc/rc.d? Add the lines to rc.conf.local like this: pkg_scripts=cupsd pkg_scripts=mysqld or something else? pkg_scripts=cupsd mysqld Order matters, since daemons will be started accordingly. -- Antoine Thanks, so old way is no longer needed or it use for daemons, that not properly installed and not put own startup-script in /etc/rc.d?
Re: start daemon with rc.d
On Wed, Dec 21, 2011 at 03:17:24PM +0400, pavel pocheptsov wrote: 21 P4P5P:P0P1QQ 2011, 14:41 PQ Antoine Jacoutot ajacou...@bsdfrog.org: On Wed, Dec 21, 2011 at 02:26:32PM +0400, pavel pocheptsov wrote: Hello misc. In old release of OBSD to start daemons with system was used rc.local. For example: if [ -x /usr/local/bin/mysqld_safe ] ; then su -c _mysql root -c '/usr/local/bin/mysqld_safe /dev/null 21 ' echo -n ' mysql' fi In 5.0 have changes described here: http://www.openbsd.org/faq/faq10.html#rc and in man rc.d and rc.conf.local. The questions is how to start mysqld_safe or cupsd or any other daemon, that was placed in /etc/rc.d? Add the lines to rc.conf.local like this: pkg_scripts=cupsd pkg_scripts=mysqld or something else? pkg_scripts=cupsd mysqld Order matters, since daemons will be started accordingly. -- Antoine Thanks, so old way is no longer needed or it use for daemons, that not properly installed and not put own startup-script in /etc/rc.d? You can still use the old way if you prefer. -- Antoine
trendnet ethernet usb
I plug on my OpenBSD 4.9 (fresh install) :Ethernet USB Device, trendnet TU2-ETG It detects axe0, i configured it using dhcp, it doesn't work. Manually also doesn't work. Pf disabled, no traffic out any issue ? Here dmesg | grep axe0 : axe0 at uhub5 port 2 configuration 1 interface 0 ASIX Electronics AX88178 rev 2.00/0.01 addr 5 axe0: AX88178, address 00:50:b6:4e:5a:c9
Re: trendnet ethernet usb
tried on OpenBSD 5.0 : same problem ifconfig show : media : Ethernet none (none) On Wed, 21 Dec 2011 16:04:36 +0400, Wesley M. open...@e-solutions.re wrote: I plug on my OpenBSD 4.9 (fresh install) :Ethernet USB Device, trendnet TU2-ETG It detects axe0, i configured it using dhcp, it doesn't work. Manually also doesn't work. Pf disabled, no traffic out any issue ? Here dmesg | grep axe0 : axe0 at uhub5 port 2 configuration 1 interface 0 ASIX Electronics AX88178 rev 2.00/0.01 addr 5 axe0: AX88178, address 00:50:b6:4e:5a:c9
Re: trendnet ethernet usb
i read man page axe(4) there's no my model trendnet TU2-ETG :( So i suppose that it is not compatible :( Wesley. On Wed, 21 Dec 2011 16:10:35 +0400, Wesley M. open...@e-solutions.re wrote: tried on OpenBSD 5.0 : same problem ifconfig show : media : Ethernet none (none) On Wed, 21 Dec 2011 16:04:36 +0400, Wesley M. open...@e-solutions.re wrote: I plug on my OpenBSD 4.9 (fresh install) :Ethernet USB Device, trendnet TU2-ETG It detects axe0, i configured it using dhcp, it doesn't work. Manually also doesn't work. Pf disabled, no traffic out any issue ? Here dmesg | grep axe0 : axe0 at uhub5 port 2 configuration 1 interface 0 ASIX Electronics AX88178 rev 2.00/0.01 addr 5 axe0: AX88178, address 00:50:b6:4e:5a:c9
Re: start daemon with rc.d
On Wed, Dec 21, 2011 at 12:27 PM, Antoine Jacoutot ajacou...@bsdfrog.org wrote: On Wed, Dec 21, 2011 at 03:17:24PM +0400, pavel pocheptsov wrote: 21 P4P5P:P0P1QQ B 2011, 14:41 PQ B Antoine Jacoutot ajacou...@bsdfrog.org: On Wed, Dec 21, 2011 at 02:26:32PM +0400, pavel pocheptsov wrote: Hello misc. In old release of OBSD to start daemons with system was used rc.local. For example: if [ -x /usr/local/bin/mysqld_safe ] ; then B B su -c _mysql root -c '/usr/local/bin/mysqld_safe /dev/null 21 ' B B echo -n ' mysql' B fi In 5.0 have changes described here: http://www.openbsd.org/faq/faq10.html#rc and in man rc.d and rc.conf.local. The questions is how to start mysqld_safe or cupsd or any other daemon, that was placed in /etc/rc.d? Add the lines to rc.conf.local like this: pkg_scripts=cupsd pkg_scripts=mysqld or something else? pkg_scripts=cupsd mysqld Order matters, since daemons will be started accordingly. -- Antoine Thanks, so old way is no longer needed or it use for daemons, that not properly installed and not put own startup-script in /etc/rc.d? You can still use the old way if you prefer. -- Antoine Let me also squeeze in a couple of words into the topic. :) I'm very glad that OpenBSD has at last moved to the rc.d model, I like this approach much better. I had been using it all the way before, but before rc.d appeared here officially I'd been (and - sorry - keep on) doing it like this: vi /etc/rc.local echo 'starting local daemons:' ### SERVICES_LIST=`/bin/ls /etc/rc.d/*sh` for sh in ${SERVICES_LIST}; do ${sh} start done ### echo --- vi /etc/rc.shutdown SERVICES_LIST=`/bin/ls /etc/rc.d/*sh` for sh in ${SERVICES_LIST}; do ${sh} stop done mkdir -p /etc/rc.d/rc.5 cd /etc/rc.d/rc.5 vi D000mysql.sh #!/bin/sh ### MYDIR=/usr/local/mysql LEDIR=/usr/local/mysql/libexec PIDIR=/usr/local/mysql/data USER=mysql ### case $1 in start) if [ -x ${MYDIR}/bin/mysqld_safe -a -x ${LEDIR}/mysqld ]; then /bin/sleep 1 (cd ${MYDIR}; ./bin/mysqld_safe --user=${USER} --federated --ndbcluster /dev/null 21 ); echo MySQL is up! /bin/sleep 1 fi ;; stop) (${MYDIR}/bin/mysqladmin -u shutdown -pshutdown_user_pwd shutdown); echo MySQL shut down! /bin/sleep 1 ;; hup) $0 stop /bin/sleep 4 /bin/rm ${PIDIR}/*.err /bin/sleep 1 $0 start ;; ### *) echo Usage: `basename $0` {start|stop|hup} 2 exit 64 ;; esac exit 0 ### chmod 555 D000mysql.sh ln -s /etc/rc.d/rc.5/D000mysql.sh /etc/rc.d/D000mysql.sh and so on with squid, apache, etc... Any time you need to turn off a daemon from the auto start just remove the link from /etc/rc.d or rename it without .sh P.S. No, I'm not a linuxoid at all, I'd say - an esthete... :) -- ### Coonardoo - PQP8P=P8QP:P0 Q QQP=Q / The Well In The Shadow / Le Puits Dans L'Ombre ###
Re: start daemon with rc.d
On Wednesday 21 December 2011 12:26:32 pavel pocheptsov wrote: Hello misc. In old release of OBSD to start daemons with system was used rc.local. For example: if [ -x /usr/local/bin/mysqld_safe ] ; then su -c _mysql root -c '/usr/local/bin/mysqld_safe /dev/null 21 ' echo -n ' mysql' fi In 5.0 have changes described here: http://www.openbsd.org/faq/faq10.html#rc and in man rc.d and rc.conf.local. The questions is how to start mysqld_safe or cupsd or any other daemon, that was placed in /etc/rc.d? Add the lines to rc.conf.local like this: pkg_scripts=cupsd pkg_scripts=mysqld or something else? I'd like to point out that the latter line will overwrite what was inside $pkg_scripts varible before that, so your example would only start mysqld. You need to use the format that Antoine gave or include the previous value of the variable when assigning: pkg_scripts=$pkg_scripts cupsd # not really necessary on the first item pkg_scripts=$pkg_scripts mysqld -- Antti Harri
Re: ISAKMPD question: certificates shipped?
Hi Stu, On Sun, Dec 04, 2011 at 11:24:24AM +, Stuart Henderson wrote: I don't see any code changes that would result in a different presentation order of certificates between 4.8 and 5.0.. tcpdump traces of the negotiation from 4.8 and 5.0 might be useful, as might logs from the 3rd party and maybe isakmpd, though I'll be the first to admit isakmpd logging is pretty impenetrable; I find setting this on the command line gives a fairly good balance of information: thank you for your statement. Currently, the problem looks as follows: If isakmpd is configured to use [X509-Certificates] Private-key-directory= /etc/isakmpd/private the documentation suggests that it will select one out of a set of keys to use, depending on the actual configuration of the connections. This does not seem to work with road warrior connections (= Passive-Connections). In that case, the road warrior seems to get no certificate, then decides that it's unsafe to connect to the gateway. The desired behaviour is to ship the certificate which is appropriate for this connection (it's configured as the local-id for those connections, so...). Specifying Private-key = somefile.key fixes this problem, but removes the option to use several keys, which is bad. There's another unresolved issue in this area, which I don't yet have enough data to fathom. Kind regards, --Toni++
IPSEC gateway serving rogue laptops
I have been trying to set up a vpn concentrator using isakmpd and ipsec, where clients are laptops on the run, and my vpn concentrator is on a static IP. To start with, I want to use a setup as simple as possible, and use only psk for authentication. No certificates or anything like that. I am having trouble finding information on the subject, both on forums and list archives. I know this is kind of a spoon feeding request, but is anyone aware of a good source of information, how-to or guide regarding this? IPSEC has a kind of steep learning curve, and I am by no means an expert. When we set up LAN-LAN IPSEC tunnels with static publics, everything is as simple as can be. Not so much so when I try to serve rogue clients with identical configs, it appears. I am aware of the flaws in such a crude setup, but I dont need pointers about that. Any information or links would be highly appreciated.
Re: trendnet ethernet usb
The man page is not an exhaustive list, include the full dmesg with the device plugged in for a start and the output of ifconfig axe0 media On Wed, Dec 21, 2011 at 04:24:58PM +0400, Wesley M. wrote: i read man page axe(4) there's no my model trendnet TU2-ETG :( So i suppose that it is not compatible :( Wesley. On Wed, 21 Dec 2011 16:10:35 +0400, Wesley M. open...@e-solutions.re wrote: tried on OpenBSD 5.0 : same problem ifconfig show : media : Ethernet none (none) On Wed, 21 Dec 2011 16:04:36 +0400, Wesley M. open...@e-solutions.re wrote: I plug on my OpenBSD 4.9 (fresh install) :Ethernet USB Device, trendnet TU2-ETG It detects axe0, i configured it using dhcp, it doesn't work. Manually also doesn't work. Pf disabled, no traffic out any issue ? Here dmesg | grep axe0 : axe0 at uhub5 port 2 configuration 1 interface 0 ASIX Electronics AX88178 rev 2.00/0.01 addr 5 axe0: AX88178, address 00:50:b6:4e:5a:c9
A recommendation from a friend !!!
I am Miss Linda I came across your profile today and became much interested in you I will like to have you as my companion, from here lets see if our dream towards each other will became a reality I will also like to received your mail direct to my box. I will be glad to receive your mail (Remember the distance or colour does not matter but love matters allot in life) Send an email to my email address. (lindaidiri...@yahoo.com) so l can give you my picture for you to know who l am. Thanks Miss Linda
Re: can not use the up key to last command at root?
* David Coppa dco...@gmail.com [111221 14:09]: On Wed, Dec 21, 2011 at 10:41 AM, Stuart Henderson s...@spacehopper.org wrote: On 2011-12-20, johnw johnw.m...@gmail.com wrote: The aliases are not neccesary. I suspect root's shell is in vi mode. Check with set -o -Otto Yes, i have this one in ~/.kshrc, export EDITOR=vim. delete this can solve the problem. thank all. If you still want to use vim (or any editor containing the string 'vi') in programs which use EDITOR without invoking this feature of the shell, create a symlink containing the string 'emacs' and use that in EDITOR instead.. Or: EDITOR=vi VISUAL=not_emacs $ ls -al /usr/bin/not_emacs lrwxr-xr-x 1 root wheel 2 Dec 21 11:03 /usr/bin/not_emacs - vi Isn't set -o emacs at the end of ~/.kshrc enough? It seems to be (at least with my somewhat patched ksh). -- Alexander Polakov | plhk.ru
Re: IPSEC gateway serving rogue laptops
On Wed, Dec 21, 2011 at 3:25 PM, Henrik Engmark h...@tti.se wrote: I have been trying to set up a vpn concentrator using isakmpd and ipsec, where clients are laptops on the run, and my vpn concentrator is on a static IP. To start with, I want to use a setup as simple as possible, and use only psk for authentication. No certificates or anything like that. I am having trouble finding information on the subject, both on forums and list archives. I know this is kind of a spoon feeding request, but is anyone aware of a good source of information, how-to or guide regarding this? IPSEC has a kind of steep learning curve, and I am by no means an expert. When we set up LAN-LAN IPSEC tunnels with static publics, everything is as simple as can be. Not so much so when I try to serve rogue clients with identical configs, it appears. I am aware of the flaws in such a crude setup, but I dont need pointers about that. Any information or links would be highly appreciated. http://undeadly.org/cgi?action=articlesid=20090903183235 http://www.kernel-panic.it/openbsd/vpn/
Re: Proper way to update system + ports?
On 12/20/2011 11:16 AM, Stuart Henderson wrote: Then afterwards, can I check out the -current branch from CVS as I do with -stable? i.e. # cvs -d$CVSROOT checkout -P src Or am I not supposed to fetch build -current at all? Would it You can checkout src if you want, but you don't have to, you can just install the binary sets just as you would for a release be safer to just download the /snapshots/i386/install50.iso every couple weeks and do a fresh install every time? I guess I will There's really no need for fresh installs, upgrades work very well No need for install*.iso either, just download a new bsd.rd and boot that from the boot loader (boot /bsd.rd) and do a network upgrade install Out of curiosity, is this more efficient and/or less loading on the servers than downloading the iso (assuming one installs all sets)? Using snapshots is for me the best way to follow -current, as I'm much more a user than a developer. But I tend to get the iso and a few packages that I know I'll need for a particular snap so I can have a consistent base to reinstall from or whatever if I'm not able to update to a more current snapshot. But if that is really beating the crap out of the servers unnecessarily (I do use mirrors), I'll switch to getting bsd.rd or floppy image and doing network upgrades where I can. TIA, Corey
Re: can not use the up key to last command at root?
On 2011-12-21, Alexander Polakov polac...@gmail.com wrote: * David Coppa dco...@gmail.com [111221 14:09]: On Wed, Dec 21, 2011 at 10:41 AM, Stuart Henderson s...@spacehopper.org wrote: On 2011-12-20, johnw johnw.m...@gmail.com wrote: The aliases are not neccesary. I suspect root's shell is in vi mode. Check with set -o -Otto Yes, i have this one in ~/.kshrc, export EDITOR=vim. delete this can solve the problem. thank all. If you still want to use vim (or any editor containing the string 'vi') in programs which use EDITOR without invoking this feature of the shell, create a symlink containing the string 'emacs' and use that in EDITOR instead.. Or: EDITOR=vi VISUAL=not_emacs $ ls -al /usr/bin/not_emacs lrwxr-xr-x 1 root wheel 2 Dec 21 11:03 /usr/bin/not_emacs - vi Isn't set -o emacs at the end of ~/.kshrc enough? It's not passed through if you do e.g. sudo -s
Re: IPSEC gateway serving rogue laptops
On 2011-12-21, Henrik Engmark h...@tti.se wrote: I have been trying to set up a vpn concentrator using isakmpd and ipsec, where clients are laptops on the run, and my vpn concentrator is on a static IP. To start with, I want to use a setup as simple as possible, and use only psk for authentication. No certificates or anything like that. I am having trouble finding information on the subject, both on forums and list archives. The manuals are probably a better place to start: try ipsec.conf(5), isakmpd(8), ipsec(4). I know this is kind of a spoon feeding request, but is anyone aware of a good source of information, how-to or guide regarding this? IPSEC has a kind of steep learning curve, and I am by no means an expert. When we set up LAN-LAN IPSEC tunnels with static publics, everything is as simple as can be. Not so much so when I try to serve rogue clients with identical configs, it appears. Here's a very brief starter: ike passive esp for the central site ike dynamic esp on the laptops
Re: can not use the up key to last command at root?
On 21.12.2011 23:36, Stuart Henderson wrote: On 2011-12-21, Alexander Polakov polac...@gmail.com wrote: Isn't set -o emacs at the end of ~/.kshrc enough? It's not passed through if you do e.g. sudo -s Which is why you should use `sudo -i'. -- Fred -- http://tar-jx.bz
Re: Proper way to update system + ports?
On 2011-12-21, Corey clinge...@gmail.com wrote: On 12/20/2011 11:16 AM, Stuart Henderson wrote: Then afterwards, can I check out the -current branch from CVS as I do with -stable? i.e. # cvs -d$CVSROOT checkout -P src Or am I not supposed to fetch build -current at all? Would it You can checkout src if you want, but you don't have to, you can just install the binary sets just as you would for a release be safer to just download the /snapshots/i386/install50.iso every couple weeks and do a fresh install every time? I guess I will There's really no need for fresh installs, upgrades work very well No need for install*.iso either, just download a new bsd.rd and boot that from the boot loader (boot /bsd.rd) and do a network upgrade install Out of curiosity, is this more efficient and/or less loading on the servers than downloading the iso (assuming one installs all sets)? Doesn't make a lot of difference server-side but I know it's a lot easier for me to boot a different kernel and point it at a (possibly locally mirrored or pre-downloaded) set of files than it is to download an iso, burn a cd and boot from it - I imagine this is the case for most people.
root/boot on softraid in 5.0
I've been running openbsd 4.6 for a couple years now with root on softraid, booting off a CF card with a kernel compiled to hardcode root/swap on sd0. I read about official support for root on softraid: http://www.undeadly.org/cgi?action=articlesid=20111002154251 and got the impression it would just work, particularly the part about eliminates the need for a custom kernel. However, I just did a test install on a vm with two ide hard drives (wd0 and wd1) configured into a softraid mirror (sd0), and when booting the kernel from wd0a it tries to find the root on wd0a as well, and panics. I was able to get it to boot by either providing the -a option to boot and specifying sd0a as the root, or by compiling a custom kernel with sd0a hardcoded as I did in 4.6. Am I missing something? Based on the web post, I expected the kernel loaded from wd0a to figure out root was on sd0a and boot successfully. Looking at the underlying commit: http://article.gmane.org/gmane.os.openbsd.cvs/108176 It's talking about comparing the rootduid to the softraid volume. I'm not clear where this is coming from, the fstab in sd0a uses duid's, but I don't see how the booting kernel would know about that yet. Anyway, just to clarify my understanding, is it expected in 5.0 to be able to boot softraid root without a custom kernel or using -a? If so, what am I doing wrong? Thanks... -- Paul B. Henson | (909) 979-6361 | http://www.csupomona.edu/~henson/ Operating Systems and Network Analyst | hen...@csupomona.edu California State Polytechnic University | Pomona CA 91768
Re: OpenVPN issues on 5.0
On Wed, Dec 14, 2011 at 06:28:55PM -0800, Johan Beisser wrote: On Wed, Dec 14, 2011 at 5:54 PM, Erling Westenvik erling.westen...@gmail.com wrote: After upgrading (re-installing from scratch) my firewall from 4.6 (or 4.7) to 5.0, I have not been able to get OpenVPN back working. Please forgive me for asking here at misc but I have spent two days Googling, reading tons of HOWTO's and trying out different solutions, but without being able to solve the issue. What are your current pf.conf rules? Did you check that the syntax is right? Have you checked it for errors? Have you looked at the output for pflog? What's your current routing table? Does that look correct? I didn't dare to take Janne Johansson's little HOWTO Why a priori knowledge is better than HOWTO's as anything less than a challenge and have spent the last five days trying to learn adn understand some basic principles. Thank you, Janne. Really! Anyway, the problem was a combination of pf rules and routing tables. The former is solved completely and LAN clients and WLAN VPN-clients now connect with each other. But VPN clients cannot reach the server or the internet, and the server cannot reach the VPN clients. Sorry for bumping this here @ misc when my question propably belong to some OpenVPN forum, but it seems like no-one out there can say much on OpenVPN issues that appears to be OpenBSD spesific. What puzzles me is that I cannot make the tun-interface show up in the route table on the server: DestinationGateway Flags Refs Use Mtu Prio Iface defaultAAA.BB.CCC.D UGS 3 1101 -8 url0 127/8 127.0.0.1 UGRS 00 331968 lo0 127.0.0.1 127.0.0.1 UH 20 331964 lo0 192.168.2/24 link#5UC 10 -4 acx0 192.168.2.200 00:16:ea:b3:65:d0 UHLc 1 400 -4 acx0 192.168.3/24 link#2UC 20 -4 bge0 192.168.3.106 00:1e:4f:95:19:1d UHLc 1 1582 -4 bge0 192.168.3.200 fe:e1:ba:d7:c3:24 UHLc 0 28 -4 bge0 193.90.160/20 link#6UC 10 -4 url0 AAA.BB.CCC.D 00:90:1a:42:6d:81 UHLc 10 -4 url0 AAA.BB.CCC.DDD 127.0.0.1 UGHS 00 331968 lo0 224/4 127.0.0.1 URS 00 331968 lo0 /etc/hostname.tun0 link0 up !/usr/local/sbin/openvpn --config /etc/openvpn/server.conf /etc/hostname.bridge0 add bge0 add acx0 up -- Cheers, Erling
Re: root/boot on softraid in 5.0
Paul B. Henson henson at acm.org writes: I've been running openbsd 4.6 for a couple years now with root on softraid, booting off a CF card with a kernel compiled to hardcode root/swap on sd0. I read about official support for root on softraid Anyway, just to clarify my understanding, is it expected in 5.0 to be able to boot softraid root without a custom kernel or using -a? If so, what am I doing wrong? Thanks... See if http://www.undeadly.org/cgi?action=articlesid=20111002154251 provides what your looking for. Note in particular, the installboot(8) magic. The kernel still needs to be on a non-RAID partition, and only the kernel. The bootblocks point to a second stage bootloader within the RAID array.
Re: root/boot on softraid in 5.0
Josh Grosse josh at jggimi.homeip.net writes: Paul B. Henson henson at acm.org writes: I've been running openbsd 4.6 for a couple years now with root on softraid, booting off a CF card with a kernel compiled to hardcode root/swap on sd0. I read about official support for root on softraid Woops. I misread your post. The commits were September 19, which is -current, beyond 5.0-release. You must either migrate to -current, or await 5.1-release.
Re: 4096-byte sector size again
Regarding The sectors are definitely 4k bytes. How can I re-partition it given that fdisk won't adjust the MBR? # fdisk -e sd1 Unable to read MBR It turns out this is fixed in 5.0 (and I tested in -current). Thanks to Theo and Kenneth for some offline help. --John