newfs, fsck slow

[Wesley M.]

Hi, 

When i do a newfs on HD 500Go , it takes much more times using
OpenBSD 4.9 instead of 5.0 RELEASE.
Same problem using fsck -y dev. Why ?


Machine : mac mini 
model : A1347

Thank you very much for your replies.


Cheers, 

Wesley.

Re: strange tcp rst with rdomain

[Henning Brauer]

well that is how rdomains work, they are isolated from each other, pf
can break that isolation up. an sshd in rdomain 0 is not reachable
from another rdomain, except pf is used to allow that - or something
external routes between them.

* Russell Garrison russell.garri...@gmail.com [2011-12-20 21:50]:
 I was inspired and realized you can do better with pf:

 pass in on em5 proto tcp to 192.168.235.12 port 22 \
 rdr-to 192.168.163.1 rtable 0

 I am not using vlan and my interfaces have IP addresses assigned.
 235.12 above is the management IP of the host in a non-zero rdomain
 and 163.1 is the IP of the host in rdomain 0 with sshd listener
 started. May still not be the best way, but I like this better than
 starting multiple sshd. That approach had an added problem that my tty
 would start in the rdomain local to where I connected, instead of
 using 0 as the default.



 On Tue, Dec 20, 2011 at 3:28 PM, Russell Garrison
 russell.garri...@gmail.com wrote:
  I have found that I need to add something like:
 
  !route -T 2 exec /usr/sbin/sshd
 
  To the pertinent hostname.if file to make sure sshd is listening in
  addtional routing tables, but I do not know if this is best.
 
  On Mon, Dec 19, 2011 at 1:02 PM, PP;QQ P(P8P?P8QP8P=
 chipits...@gmail.com wrote:
  Hello.
 
  I'm running multihomed OpenBSD server:
 
  vlan5/carp5 - default
  vlan2/carp2 and vlan4/carp4 are connected to other ISPs.
 
  when there's no rdomain thing, everything seems to be working, except
  all outgoing packets goes through vlan5/carp5.
 
 
  so, I did
 
  f2n0:/root#cat /etc/hostname.vlan2
  vlan 2 vlandev trunk0 mtu 1300
  up
 
  f2n0:/root#cat /etc/hostname.carp2
  vhid 62 pass m1pass carpdev vlan2 X.X.X.X/26 rdomain 2
  !/sbin/route -T 2 add 0.0.0.0/0 X.X.X.Z
  f2n0:/root#cat /etc/hostname.vlan4
  vlan 4 vlandev trunk0 mtu 1300
  up
 
  f2n0:/root#cat /etc/hostname.carp4
  vhid 64 pass m1pass carpdev vlan4 Y.Y.Y.Y/26 rdomain 4
  !/sbin/route -T 4 add 0.0.0.0/0 Y.Y.Y.Z
  f2n0:/root#
 
  also, I did
 
  f2n0:/root#grep -v ^# /etc/pf.conf
 
  set skip on lo
 
  pass in vlan2 rtable 2
  pass in vlan4 rtable 4
 
  pass
 
 
  pingis working good, packets go out via appropriate interface.
  however, ssh ends with tcp rst, for example.
  how can the reason for that tcp rst might be detected?
 
  am I doing anything wrong with rdomains?
 
  Ilya Shipitsin


--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully
Managed
Henning Brauer Consulting, http://henningbrauer.com/

Re: newfs, fsck slow

[Henning Brauer]

* Wesley M. open...@e-solutions.re [2011-12-21 09:22]:
 When i do a newfs on HD 500Go , it takes much more times using
 OpenBSD 4.9 instead of 5.0 RELEASE.
 Same problem using fsck -y dev. Why ?

because we made it faster after 4.9 was released?!?

-- 
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de, Full-Service ISP
Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed
Henning Brauer Consulting, http://henningbrauer.com/

Re: can not use the up key to last command at root?

[Stuart Henderson]

On 2011-12-20, johnw johnw.m...@gmail.com wrote:
 The aliases are not neccesary. I suspect root's shell is in vi mode.
 Check with set -o

  -Otto


 Yes, i have this one in ~/.kshrc,
 export EDITOR=vim.
 delete this can solve the problem.

 thank all.


If you still want to use vim (or any editor containing the
string 'vi') in programs which use EDITOR without invoking
this feature of the shell, create a symlink containing
the string 'emacs' and use that in EDITOR instead..

Re: can not use the up key to last command at root?

[David Coppa]

On Wed, Dec 21, 2011 at 10:41 AM, Stuart Henderson s...@spacehopper.org
wrote:
 On 2011-12-20, johnw johnw.m...@gmail.com wrote:
 The aliases are not neccesary. I suspect root's shell is in vi mode.
 Check with set -o

  -Otto


 Yes, i have this one in ~/.kshrc,
 export EDITOR=vim.
 delete this can solve the problem.

 thank all.


 If you still want to use vim (or any editor containing the
 string 'vi') in programs which use EDITOR without invoking
 this feature of the shell, create a symlink containing
 the string 'emacs' and use that in EDITOR instead..

Or:

EDITOR=vi
VISUAL=not_emacs

$ ls -al /usr/bin/not_emacs
lrwxr-xr-x  1 root  wheel  2 Dec 21 11:03 /usr/bin/not_emacs - vi

Re: newfs, fsck slow

[Otto Moerbeek]

On Wed, Dec 21, 2011 at 12:21:11PM +0400, Wesley M. wrote:

 Hi, 
 
 When i do a newfs on HD 500Go , it takes much more times using
 OpenBSD 4.9 instead of 5.0 RELEASE.
 Same problem using fsck -y dev. Why ?
 
 
 Machine : mac mini 
 model : A1347
 
 Thank you very much for your replies.
 
 
 Cheers, 
 
 Wesley.

Because we improve things?

-Otto

start daemon with rc.d

[pavel pocheptsov]

Hello misc.
In old release of OBSD to start daemons with system was used rc.local. 
For example:
if [ -x /usr/local/bin/mysqld_safe ] ; then
   su -c _mysql root -c '/usr/local/bin/mysqld_safe /dev/null 21 '
   echo -n ' mysql'
 fi

In 5.0 have changes described here: http://www.openbsd.org/faq/faq10.html#rc
and in man rc.d and rc.conf.local.
The questions is how to start mysqld_safe or cupsd or any other daemon,
that was placed in /etc/rc.d?
Add the lines to rc.conf.local like this:
pkg_scripts=cupsd
pkg_scripts=mysqld

or something else?

Re: start daemon with rc.d

[Antoine Jacoutot]

On Wed, Dec 21, 2011 at 02:26:32PM +0400, pavel pocheptsov wrote:
 Hello misc.
 In old release of OBSD to start daemons with system was used rc.local. 
 For example:
 if [ -x /usr/local/bin/mysqld_safe ] ; then
su -c _mysql root -c '/usr/local/bin/mysqld_safe /dev/null 21 '
echo -n ' mysql'
  fi
 
 In 5.0 have changes described here: http://www.openbsd.org/faq/faq10.html#rc
 and in man rc.d and rc.conf.local.
 The questions is how to start mysqld_safe or cupsd or any other daemon,
 that was placed in /etc/rc.d?
 Add the lines to rc.conf.local like this:
 pkg_scripts=cupsd
 pkg_scripts=mysqld
 
 or something else?

pkg_scripts=cupsd mysqld

Order matters, since daemons will be started accordingly.

-- 
Antoine

Re[2]: start daemon with rc.d

[pavel pocheptsov]

21 P4P5P:P0P1QQ 2011, 14:41 PQ Antoine Jacoutot ajacou...@bsdfrog.org:
 On Wed, Dec 21, 2011 at 02:26:32PM +0400, pavel pocheptsov wrote:
  Hello misc.
  In old release of OBSD to start daemons with system was used rc.local.
  For example:
  if [ -x /usr/local/bin/mysqld_safe ] ; then
 su -c _mysql root -c '/usr/local/bin/mysqld_safe /dev/null 21 '
 echo -n ' mysql'
   fi
 
  In 5.0 have changes described here: http://www.openbsd.org/faq/faq10.html#rc
  and in man rc.d and rc.conf.local.
  The questions is how to start mysqld_safe or cupsd or any other daemon,
  that was placed in /etc/rc.d?
  Add the lines to rc.conf.local like this:
  pkg_scripts=cupsd
  pkg_scripts=mysqld
 
  or something else?
 
 pkg_scripts=cupsd mysqld
 
 Order matters, since daemons will be started accordingly.
 
 --
 Antoine
 
 
Thanks, so old way is no longer needed or it use for daemons,
that not properly installed and not put own startup-script in /etc/rc.d?

Re: start daemon with rc.d

[Antoine Jacoutot]

On Wed, Dec 21, 2011 at 03:17:24PM +0400, pavel pocheptsov wrote:
 21 P4P5P:P0P1QQ 2011, 14:41 PQ Antoine Jacoutot ajacou...@bsdfrog.org:
  On Wed, Dec 21, 2011 at 02:26:32PM +0400, pavel pocheptsov wrote:
   Hello misc.
   In old release of OBSD to start daemons with system was used rc.local.
   For example:
   if [ -x /usr/local/bin/mysqld_safe ] ; then
  su -c _mysql root -c '/usr/local/bin/mysqld_safe /dev/null 21 '
  echo -n ' mysql'
fi
  
   In 5.0 have changes described here:
http://www.openbsd.org/faq/faq10.html#rc
   and in man rc.d and rc.conf.local.
   The questions is how to start mysqld_safe or cupsd or any other daemon,
   that was placed in /etc/rc.d?
   Add the lines to rc.conf.local like this:
   pkg_scripts=cupsd
   pkg_scripts=mysqld
  
   or something else?
 
  pkg_scripts=cupsd mysqld
 
  Order matters, since daemons will be started accordingly.
 
  --
  Antoine
 
 
 Thanks, so old way is no longer needed or it use for daemons,
 that not properly installed and not put own startup-script in /etc/rc.d?

You can still use the old way if you prefer.


--
Antoine

trendnet ethernet usb

[Wesley M.]

I plug on my OpenBSD 4.9 (fresh install) :Ethernet USB Device, trendnet
TU2-ETG
It detects axe0, i configured it using dhcp, it doesn't
work.
Manually also doesn't work. Pf disabled, no traffic out 

any issue ?


Here dmesg | grep axe0 : 

axe0 at uhub5 port 2 configuration 1 interface
0 ASIX Electronics AX88178 rev 2.00/0.01 addr 5
axe0: AX88178, address
00:50:b6:4e:5a:c9 

Re: trendnet ethernet usb

[Wesley M.]

tried on OpenBSD 5.0 : same problem
ifconfig show :
media : Ethernet none (none)

On Wed, 21 Dec 2011 16:04:36 +0400, Wesley M. open...@e-solutions.re
wrote:
 I plug on my OpenBSD 4.9 (fresh install) :Ethernet USB Device, trendnet
 TU2-ETG
 It detects axe0, i configured it using dhcp, it doesn't
 work.
 Manually also doesn't work. Pf disabled, no traffic out 
 
 any issue ?
 
 
 Here dmesg | grep axe0 : 
 
 axe0 at uhub5 port 2 configuration 1 interface
 0 ASIX Electronics AX88178 rev 2.00/0.01 addr 5
 axe0: AX88178, address
 00:50:b6:4e:5a:c9

Re: trendnet ethernet usb

[Wesley M.]

i read man page axe(4) there's no my model trendnet TU2-ETG :(
So i suppose that it is not compatible :(

Wesley.

On Wed, 21 Dec 2011 16:10:35 +0400, Wesley M. open...@e-solutions.re
wrote:
 tried on OpenBSD 5.0 : same problem
 ifconfig show :
 media : Ethernet none (none)
 
 On Wed, 21 Dec 2011 16:04:36 +0400, Wesley M. open...@e-solutions.re
 wrote:
 I plug on my OpenBSD 4.9 (fresh install) :Ethernet USB Device, trendnet
 TU2-ETG
 It detects axe0, i configured it using dhcp, it doesn't
 work.
 Manually also doesn't work. Pf disabled, no traffic out 
 
 any issue ?
 
 
 Here dmesg | grep axe0 : 
 
 axe0 at uhub5 port 2 configuration 1 interface
 0 ASIX Electronics AX88178 rev 2.00/0.01 addr 5
 axe0: AX88178, address
 00:50:b6:4e:5a:c9

Re: start daemon with rc.d

[Vitali]

On Wed, Dec 21, 2011 at 12:27 PM, Antoine Jacoutot
ajacou...@bsdfrog.org wrote:
 On Wed, Dec 21, 2011 at 03:17:24PM +0400, pavel pocheptsov wrote:
 21 P4P5P:P0P1QQ B 2011, 14:41 PQ B Antoine Jacoutot
ajacou...@bsdfrog.org:
  On Wed, Dec 21, 2011 at 02:26:32PM +0400, pavel pocheptsov wrote:
   Hello misc.
   In old release of OBSD to start daemons with system was used rc.local.
   For example:
   if [ -x /usr/local/bin/mysqld_safe ] ; then
   B  B su -c _mysql root -c '/usr/local/bin/mysqld_safe /dev/null 21
'
   B  B echo -n ' mysql'
   B fi
  
   In 5.0 have changes described here:
 http://www.openbsd.org/faq/faq10.html#rc
   and in man rc.d and rc.conf.local.
   The questions is how to start mysqld_safe or cupsd or any other
daemon,
   that was placed in /etc/rc.d?
   Add the lines to rc.conf.local like this:
   pkg_scripts=cupsd
   pkg_scripts=mysqld
  
   or something else?
 
  pkg_scripts=cupsd mysqld
 
  Order matters, since daemons will be started accordingly.
 
  --
  Antoine
 
 
 Thanks, so old way is no longer needed or it use for daemons,
 that not properly installed and not put own startup-script in /etc/rc.d?

 You can still use the old way if you prefer.


 --
 Antoine



Let me also squeeze in a couple of words into the topic. :)

I'm very glad that OpenBSD has at last moved to the rc.d model, I like
this approach much better.
I had been using it all the way before, but before rc.d appeared here
officially I'd been (and - sorry - keep on) doing it like this:

vi /etc/rc.local

echo 'starting local daemons:'
###
SERVICES_LIST=`/bin/ls /etc/rc.d/*sh`
for sh in ${SERVICES_LIST}; do
${sh} start
done
###
echo ---

vi /etc/rc.shutdown

SERVICES_LIST=`/bin/ls /etc/rc.d/*sh`
for sh in ${SERVICES_LIST}; do
   ${sh} stop
done

mkdir -p /etc/rc.d/rc.5
cd /etc/rc.d/rc.5

vi D000mysql.sh

#!/bin/sh
###
MYDIR=/usr/local/mysql
LEDIR=/usr/local/mysql/libexec
PIDIR=/usr/local/mysql/data
USER=mysql
###
case $1 in
start)
if [ -x ${MYDIR}/bin/mysqld_safe -a -x ${LEDIR}/mysqld ]; then
   /bin/sleep 1
   (cd ${MYDIR}; ./bin/mysqld_safe --user=${USER} --federated
--ndbcluster /dev/null 21 ); echo  MySQL is up! 
   /bin/sleep 1
fi
;;
stop)
   (${MYDIR}/bin/mysqladmin -u shutdown -pshutdown_user_pwd shutdown);
echo  MySQL shut down! 
   /bin/sleep 1
;;
hup)
   $0 stop
   /bin/sleep 4
   /bin/rm ${PIDIR}/*.err
   /bin/sleep 1
   $0 start
;;
###
*)
   echo Usage: `basename $0` {start|stop|hup} 2
exit 64
;;
esac

exit 0
###

chmod 555 D000mysql.sh

ln -s /etc/rc.d/rc.5/D000mysql.sh /etc/rc.d/D000mysql.sh


and so on with squid, apache, etc...

Any time you need to turn off a daemon from the auto start just remove
the link from /etc/rc.d or rename it without .sh

P.S. No, I'm not a linuxoid at all, I'd say - an esthete... :)

--
### Coonardoo - PQP8P=P8QP:P0 Q QQP=Q / The Well In The Shadow / Le
Puits
Dans L'Ombre ###

Re: start daemon with rc.d

[Antti Harri]

On Wednesday 21 December 2011 12:26:32 pavel pocheptsov wrote:
 Hello misc.
 In old release of OBSD to start daemons with system was used rc.local.
 For example:
 if [ -x /usr/local/bin/mysqld_safe ] ; then
su -c _mysql root -c '/usr/local/bin/mysqld_safe /dev/null 21 '
echo -n ' mysql'
  fi

 In 5.0 have changes described here:
 http://www.openbsd.org/faq/faq10.html#rc and in man rc.d and rc.conf.local.
 The questions is how to start mysqld_safe or cupsd or any other daemon,
 that was placed in /etc/rc.d?
 Add the lines to rc.conf.local like this:
 pkg_scripts=cupsd
 pkg_scripts=mysqld

 or something else?

I'd like to point out that the latter line will overwrite what was inside 
$pkg_scripts varible before that, so your example would only start mysqld.

You need to use the format that Antoine gave or include the previous value of 
the variable when assigning:

pkg_scripts=$pkg_scripts cupsd # not really necessary on the first item
pkg_scripts=$pkg_scripts mysqld

-- 
Antti Harri

Re: ISAKMPD question: certificates shipped?

[Toni Mueller]

Hi Stu,

On Sun, Dec 04, 2011 at 11:24:24AM +, Stuart Henderson wrote:
 I don't see any code changes that would result in a different presentation
 order of certificates between 4.8 and 5.0..
 
 tcpdump traces of the negotiation from 4.8 and 5.0 might be useful, as might
 logs from the 3rd party and maybe isakmpd, though I'll be the first to admit
 isakmpd logging is pretty impenetrable; I find setting this on the command
 line gives a fairly good balance of information:

thank you for your statement.

Currently, the problem looks as follows:

If isakmpd is configured to use

[X509-Certificates]
Private-key-directory=  /etc/isakmpd/private


the documentation suggests that it will select one out of a set of keys
to use, depending on the actual configuration of the connections.

This does not seem to work with road warrior connections (=
Passive-Connections). In that case, the road warrior seems to get no
certificate, then decides that it's unsafe to connect to the gateway.
The desired behaviour is to ship the certificate which is appropriate
for this connection (it's configured as the local-id for those
connections, so...).

Specifying Private-key = somefile.key fixes this problem, but removes
the option to use several keys, which is bad.

There's another unresolved issue in this area, which I don't yet have
enough data to fathom.


Kind regards,
--Toni++

IPSEC gateway serving rogue laptops

[Henrik Engmark]

I have been trying to set up a vpn concentrator using isakmpd and ipsec,
where clients are laptops on the run, and my vpn concentrator is on a
static IP. To start with, I want to use a setup as simple as possible,
and use only psk for authentication. No certificates or anything like
that.
I am having trouble finding information on the subject, both on forums
and list archives.

I know this is kind of a spoon feeding request, but is anyone aware of
a good source of information, how-to or guide regarding this?
IPSEC has a kind of steep learning curve, and I am by no means an expert.
When we set up LAN-LAN IPSEC tunnels with static publics, everything
is as simple as can be. Not so much so when I try to serve rogue clients
with identical configs, it appears.

I am aware of the flaws in such a crude setup, but I dont need pointers
about that.

Any information or links would be highly appreciated.

Re: trendnet ethernet usb

[Jonathan Gray]

The man page is not an exhaustive list, include the full dmesg
with the device plugged in for a start and the output of
ifconfig axe0 media

On Wed, Dec 21, 2011 at 04:24:58PM +0400, Wesley M. wrote:
 i read man page axe(4) there's no my model trendnet TU2-ETG :(
 So i suppose that it is not compatible :(
 
 Wesley.
 
 On Wed, 21 Dec 2011 16:10:35 +0400, Wesley M. open...@e-solutions.re
 wrote:
  tried on OpenBSD 5.0 : same problem
  ifconfig show :
  media : Ethernet none (none)
  
  On Wed, 21 Dec 2011 16:04:36 +0400, Wesley M. open...@e-solutions.re
  wrote:
  I plug on my OpenBSD 4.9 (fresh install) :Ethernet USB Device, trendnet
  TU2-ETG
  It detects axe0, i configured it using dhcp, it doesn't
  work.
  Manually also doesn't work. Pf disabled, no traffic out 
  
  any issue ?
  
  
  Here dmesg | grep axe0 : 
  
  axe0 at uhub5 port 2 configuration 1 interface
  0 ASIX Electronics AX88178 rev 2.00/0.01 addr 5
  axe0: AX88178, address
  00:50:b6:4e:5a:c9

A recommendation from a friend !!!

[Linda Idiris]

I am Miss Linda I came across your profile today and
became much interested in you I will like to have you as my companion,
from here lets see if our dream

towards each other will became
a reality I will also like to received your mail direct to my box. I will
be glad to receive your mail (Remember the distance

or colour
does not matter but love matters allot in life) Send an email to my email
address. (lindaidiri...@yahoo.com) so l can give you my picture for you
to

know who l am.

Thanks
Miss Linda

Re: can not use the up key to last command at root?

[Alexander Polakov]

* David Coppa dco...@gmail.com [111221 14:09]:
 On Wed, Dec 21, 2011 at 10:41 AM, Stuart Henderson s...@spacehopper.org
 wrote:
  On 2011-12-20, johnw johnw.m...@gmail.com wrote:
  The aliases are not neccesary. I suspect root's shell is in vi mode.
  Check with set -o
 
   -Otto
 
 
  Yes, i have this one in ~/.kshrc,
  export EDITOR=vim.
  delete this can solve the problem.
 
  thank all.
 
 
  If you still want to use vim (or any editor containing the
  string 'vi') in programs which use EDITOR without invoking
  this feature of the shell, create a symlink containing
  the string 'emacs' and use that in EDITOR instead..
 
 Or:
 
 EDITOR=vi
 VISUAL=not_emacs
 
 $ ls -al /usr/bin/not_emacs
 lrwxr-xr-x  1 root  wheel  2 Dec 21 11:03 /usr/bin/not_emacs - vi


Isn't set -o emacs at the end of ~/.kshrc enough? It seems to be (at
least with my somewhat patched ksh).

-- 
Alexander Polakov | plhk.ru

Re: IPSEC gateway serving rogue laptops

[Tomas Bodzar]

On Wed, Dec 21, 2011 at 3:25 PM, Henrik Engmark h...@tti.se wrote:

 I have been trying to set up a vpn concentrator using isakmpd and ipsec,
 where clients are laptops on the run, and my vpn concentrator is on a
 static IP. To start with, I want to use a setup as simple as possible,
 and use only psk for authentication. No certificates or anything like
 that.
 I am having trouble finding information on the subject, both on forums
 and list archives.

 I know this is kind of a spoon feeding request, but is anyone aware of
 a good source of information, how-to or guide regarding this?
 IPSEC has a kind of steep learning curve, and I am by no means an expert.
 When we set up LAN-LAN IPSEC tunnels with static publics, everything
 is as simple as can be. Not so much so when I try to serve rogue clients
 with identical configs, it appears.

 I am aware of the flaws in such a crude setup, but I dont need pointers
 about that.

 Any information or links would be highly appreciated.

http://undeadly.org/cgi?action=articlesid=20090903183235

http://www.kernel-panic.it/openbsd/vpn/

Re: Proper way to update system + ports?

[Corey]

On 12/20/2011 11:16 AM, Stuart Henderson wrote:



Then afterwards, can I check out the -current branch from CVS as
I do with -stable? i.e. # cvs -d$CVSROOT checkout -P src
Or am I not supposed to fetch  build -current at all? Would it

You can checkout src if you want, but you don't have to,
you can just install the binary sets just as you would for a release


be safer to just download the /snapshots/i386/install50.iso every
couple weeks and do a fresh install every time? I guess I will

There's really no need for fresh installs, upgrades work very well

No need for install*.iso either, just download a new bsd.rd and
boot that from the boot loader (boot /bsd.rd) and do a network
upgrade install



Out of curiosity, is this more efficient and/or less loading on the 
servers than downloading the iso (assuming one installs all sets)?


Using snapshots is for me the best way to follow -current, as I'm much 
more a user than a developer. But I tend to get the iso and a few 
packages that I know I'll need for a particular snap so I can have a 
consistent base to reinstall from or whatever if I'm not able to update 
to a more current snapshot. But if that is really beating the crap out 
of the servers unnecessarily (I do use mirrors), I'll switch to getting 
bsd.rd or floppy image and doing network upgrades where I can.


TIA,
Corey

Re: can not use the up key to last command at root?

[Stuart Henderson]

On 2011-12-21, Alexander Polakov polac...@gmail.com wrote:
 * David Coppa dco...@gmail.com [111221 14:09]:
 On Wed, Dec 21, 2011 at 10:41 AM, Stuart Henderson s...@spacehopper.org
 wrote:
  On 2011-12-20, johnw johnw.m...@gmail.com wrote:
  The aliases are not neccesary. I suspect root's shell is in vi mode.
  Check with set -o
 
   -Otto
 
 
  Yes, i have this one in ~/.kshrc,
  export EDITOR=vim.
  delete this can solve the problem.
 
  thank all.
 
 
  If you still want to use vim (or any editor containing the
  string 'vi') in programs which use EDITOR without invoking
  this feature of the shell, create a symlink containing
  the string 'emacs' and use that in EDITOR instead..
 
 Or:
 
 EDITOR=vi
 VISUAL=not_emacs
 
 $ ls -al /usr/bin/not_emacs
 lrwxr-xr-x  1 root  wheel  2 Dec 21 11:03 /usr/bin/not_emacs - vi


 Isn't set -o emacs at the end of ~/.kshrc enough?

It's not passed through if you do e.g. sudo -s

Re: IPSEC gateway serving rogue laptops

[Stuart Henderson]

On 2011-12-21, Henrik Engmark h...@tti.se wrote:
 I have been trying to set up a vpn concentrator using isakmpd and ipsec,
 where clients are laptops on the run, and my vpn concentrator is on a
 static IP. To start with, I want to use a setup as simple as possible,
 and use only psk for authentication. No certificates or anything like
 that.
 I am having trouble finding information on the subject, both on forums
 and list archives.

The manuals are probably a better place to start: try ipsec.conf(5),
isakmpd(8), ipsec(4).

 I know this is kind of a spoon feeding request, but is anyone aware of
 a good source of information, how-to or guide regarding this?
 IPSEC has a kind of steep learning curve, and I am by no means an expert.
 When we set up LAN-LAN IPSEC tunnels with static publics, everything
 is as simple as can be. Not so much so when I try to serve rogue clients
 with identical configs, it appears.

Here's a very brief starter:

ike passive esp for the central site
ike dynamic esp on the laptops

Re: can not use the up key to last command at root?

[Frédéric Perrin]

On 21.12.2011 23:36, Stuart Henderson wrote:

On 2011-12-21, Alexander Polakov polac...@gmail.com wrote:

Isn't set -o emacs at the end of ~/.kshrc enough?


It's not passed through if you do e.g. sudo -s


Which is why you should use `sudo -i'.

--
Fred -- http://tar-jx.bz

Re: Proper way to update system + ports?

[Stuart Henderson]

On 2011-12-21, Corey clinge...@gmail.com wrote:
 On 12/20/2011 11:16 AM, Stuart Henderson wrote:

 Then afterwards, can I check out the -current branch from CVS as
 I do with -stable? i.e. # cvs -d$CVSROOT checkout -P src
 Or am I not supposed to fetch  build -current at all? Would it
 You can checkout src if you want, but you don't have to,
 you can just install the binary sets just as you would for a release

 be safer to just download the /snapshots/i386/install50.iso every
 couple weeks and do a fresh install every time? I guess I will
 There's really no need for fresh installs, upgrades work very well

 No need for install*.iso either, just download a new bsd.rd and
 boot that from the boot loader (boot /bsd.rd) and do a network
 upgrade install


 Out of curiosity, is this more efficient and/or less loading on the 
 servers than downloading the iso (assuming one installs all sets)?

Doesn't make a lot of difference server-side but I know it's a lot
easier for me to boot a different kernel and point it at a (possibly
locally mirrored or pre-downloaded) set of files than it is to
download an iso, burn a cd and boot from it - I imagine this is
the case for most people.

root/boot on softraid in 5.0

[Paul B. Henson]

I've been running openbsd 4.6 for a couple years now with root on
softraid, booting off a CF card with a kernel compiled to hardcode
root/swap on sd0.

I read about official support for root on softraid:

http://www.undeadly.org/cgi?action=articlesid=20111002154251

and got the impression it would just work, particularly the part about
eliminates the need for a custom kernel.

However, I just did a test install on a vm with two ide hard drives (wd0
and wd1) configured into a softraid mirror (sd0), and when booting the kernel
from wd0a it tries to find the root on wd0a as well, and panics.

I was able to get it to boot by either providing the -a option to boot
and specifying sd0a as the root, or by compiling a custom kernel with
sd0a hardcoded as I did in 4.6.

Am I missing something? Based on the web post, I expected the kernel
loaded from wd0a to figure out root was on sd0a and boot successfully.

Looking at the underlying commit:

http://article.gmane.org/gmane.os.openbsd.cvs/108176

It's talking about comparing the rootduid to the softraid volume. I'm
not clear where this is coming from, the fstab in sd0a uses duid's, but
I don't see how the booting kernel would know about that yet.

Anyway, just to clarify my understanding, is it expected in 5.0 to be
able to boot softraid root without a custom kernel or using -a? If so,
what am I doing wrong?

Thanks...


-- 
Paul B. Henson  |  (909) 979-6361  |  http://www.csupomona.edu/~henson/
Operating Systems and Network Analyst  |  hen...@csupomona.edu
California State Polytechnic University  |  Pomona CA 91768

Re: OpenVPN issues on 5.0

[Erling Westenvik]

On Wed, Dec 14, 2011 at 06:28:55PM -0800, Johan Beisser wrote:
 On Wed, Dec 14, 2011 at 5:54 PM, Erling Westenvik
 erling.westen...@gmail.com wrote:
  After upgrading (re-installing from scratch) my firewall from 4.6 (or
  4.7) to 5.0, I have not been able to get OpenVPN back working. Please
  forgive me for asking here at misc but I have spent two days Googling,
  reading tons of HOWTO's and trying out different solutions, but without
  being able to solve the issue.
 
 What are your current pf.conf rules? Did you check that the syntax is
 right? Have you checked it for errors? Have you looked at the output
 for pflog?
 
 What's your current routing table? Does that look correct?

I didn't dare to take Janne Johansson's little HOWTO Why a priori
knowledge is better than HOWTO's as anything less than a challenge and
have spent the last five days trying to learn adn understand some basic
principles. Thank you, Janne. Really!

Anyway, the problem was a combination of pf rules and routing tables.
The former is solved completely and LAN clients and WLAN VPN-clients now
connect with each other. But VPN clients cannot reach the server
or the internet, and the server cannot reach the VPN clients.

Sorry for bumping this here @ misc when my question propably belong to
some OpenVPN forum, but it seems like no-one out there can say much on
OpenVPN issues that appears to be OpenBSD spesific.

What puzzles me is that I cannot make the tun-interface show up in the
route table on the server:

DestinationGateway   Flags Refs  Use   Mtu Prio Iface
defaultAAA.BB.CCC.D  UGS  3 1101 -8 url0 
127/8  127.0.0.1 UGRS 00 331968 lo0  
127.0.0.1  127.0.0.1 UH   20 331964 lo0  
192.168.2/24   link#5UC   10 -4 acx0 
192.168.2.200  00:16:ea:b3:65:d0 UHLc 1  400 -4 acx0 
192.168.3/24   link#2UC   20 -4 bge0 
192.168.3.106  00:1e:4f:95:19:1d UHLc 1 1582 -4 bge0 
192.168.3.200  fe:e1:ba:d7:c3:24 UHLc 0   28 -4 bge0 
193.90.160/20  link#6UC   10 -4 url0 
AAA.BB.CCC.D   00:90:1a:42:6d:81 UHLc 10 -4 url0 
AAA.BB.CCC.DDD 127.0.0.1 UGHS 00 331968 lo0  
224/4  127.0.0.1 URS  00 331968 lo0  

/etc/hostname.tun0 
link0
up
!/usr/local/sbin/openvpn --config /etc/openvpn/server.conf


/etc/hostname.bridge0 
add bge0
add acx0
up


-- 
Cheers,
Erling

Re: root/boot on softraid in 5.0

[Josh Grosse]

Paul B. Henson henson at acm.org writes:

 
 I've been running openbsd 4.6 for a couple years now with root on
 softraid, booting off a CF card with a kernel compiled to hardcode
 root/swap on sd0.
 
 I read about official support for root on softraid

 Anyway, just to clarify my understanding, is it expected in 5.0 to be
 able to boot softraid root without a custom kernel or using -a? If so,
 what am I doing wrong?
 
 Thanks...


See if http://www.undeadly.org/cgi?action=articlesid=20111002154251 provides
what your looking for.  Note in particular, the installboot(8) magic.  The
kernel still needs to be on a non-RAID partition, and only the kernel.  The
bootblocks point to a second stage bootloader within the RAID array.

Re: root/boot on softraid in 5.0

[Josh Grosse]

Josh Grosse josh at jggimi.homeip.net writes:

 
 Paul B. Henson henson at acm.org writes:
 
  
  I've been running openbsd 4.6 for a couple years now with root on
  softraid, booting off a CF card with a kernel compiled to hardcode
  root/swap on sd0.
  
  I read about official support for root on softraid

Woops.  I misread your post.  The commits were September 19, which is -current,
beyond 5.0-release.

You must either migrate to -current, or await 5.1-release.

Re: 4096-byte sector size again

[j]

Regarding

 The sectors are definitely 4k bytes.  How can I re-partition it given
that
 fdisk won't adjust the MBR?
 # fdisk -e sd1
 Unable to read MBR

It turns out this is fixed in 5.0 (and I tested in -current).  Thanks to
Theo and Kenneth for some offline help.


--John