Re: open bsd router

[Sean Kamath]

On Oct 4, 2013, at 3:11 PM, Comète  wrote:

> Yes, we use a lot of ALIX 2D13 as routers on many sites since 2 or 3 years 
> (nearly 20 ALIX boxes now). It works like a charm with a good compact flash 
> card, no problem at all ! And i've recently discovered they even included a 
> watchdog ;)
> 
> Morgan

Ditto

I got all of mine with the cool red case. ;-)  All 2d13.

The P/S can have a wide voltage range, too.  I got my CF cards from PC Engines, 
they've all been great.

Sean

> Le 04/10/2013 23:45, Loïc BLOT a écrit :
>> Hello,
>> I also looked at ALIX board since a long time.
>> Is there anybody using Alix 2d13 with OpenBSD ?
>> Thanks in advance.
>> --
>> Best regards,
>> Loïc BLOT,
>> UNIX systems, security and network engineer
>> http://www.unix-experience.fr
>> Le vendredi 04 octobre 2013 à 15:05 +0200, Jan Stary a écrit :
>> On Oct 04 07:16:57, inform...@gmx.net wrote:
>> > >http://www.pcengines.ch/product.htm
>> > >http://en.wikipedia.org/wiki/Raspberry_Pi
>> > No, I'm not working for PC Engines. But I'm a huge fan of their
>> > products :-)
>> Just to praise PC Engines a little bit more:
>> when my ALIX.1C stopped working for some reason,
>> I sent it to PC Engines, who found that the board
>> is completely OK - it was my power supply
>> that was faulty (which I could then confirm).
>> Before sending it back, they kindly suggested
>> that ALIX.1E is a newer model that replaces
>> the ALIX.1C, so if I don't object ...
>> which I didn't.
>> The shipping didn't even cost me anything,
>> and they just replaced my old 1C with a new 1E.
>> Not to mention the chocolate.
>> In short, their customer service
>> is as good as the boards.
>> [demime 1.01d removed an attachment of type application/pgp-signature
>> which had a name of signature.asc]

Re: OT: SuperMicro X9SBAA-F with OpenBSD

[Carsten Larsen]

On 10/04/2013 21:27, Daniel Ouellet wrote:

Anyone every got their hands on one of SuperMicro 1U server with the
X9SBAA-F board in it.

I wish I could find a dmesg for it if that exists somewhere.

If you have, how is the 1x Realtek RTL8201N PHY (dedicated IPMI)s
working out for you?

I got a X7SPA also with IPMI.


Looks like the IPMI is there via Nuvoton WPCM450 BMC, so I wonder if
anyone have one and use it and how's the remote management of it is.
On the X7SPA the BMC share LAN port 1. It has its own network controller 
thou. You can take a look in the official manual from the SuperMicro 
site to see how to set up IPMI settings in BIOS.



Ideal is just console remote access via ssh for install and usual stuff.
Nothing graphics needed or wanted.

A web interface is supplied by the controller. Basically IPMI supply 
Keyboard - Video -Mouse (KVM) over IP.



Any feedback would be appreciated if possible on or off list depending
if others might be interested in the subject.


Here is a few screen shots to give you an idea:
http://www.thomas-krenn.com/en/wiki/Supermicro_IPMI_Configuration_through_BIOS_or_Web_Interface

I don't use it myself since I have direct access to the console.

Re: OT: SuperMicro X9SBAA-F with OpenBSD

[Chris Cappuccio]

Daniel Ouellet [dan...@presscom.net] wrote:
> Anyone every got their hands on one of SuperMicro 1U server with the
> X9SBAA-F board in it.
> 
> I wish I could find a dmesg for it if that exists somewhere.
> 
> If you have, how is the 1x Realtek RTL8201N PHY (dedicated IPMI)s
> working out for you?
> 
> Looks like the IPMI is there via Nuvoton WPCM450 BMC, so I wonder if
> anyone have one and use it and how's the remote management of it is.
> 
> Ideal is just console remote access via ssh for install and usual stuff.
> Nothing graphics needed or wanted.
> 
> Any feedback would be appreciated if possible on or off list depending
> if others might be interested in the subject.
> 

I accidentally got some supermicro boards with IPMI. Not sure why
but under OpenBSD the IPMI freaks out crazy all the time. Probably
wants to use some memory OpenBSD already uses or some shit.  I just ignore
the blinking light. One of these days

Re: open bsd router

[Comète]

Yes, we use a lot of ALIX 2D13 as routers on many sites since 2 or 3 
years (nearly 20 ALIX boxes now). It works like a charm with a good 
compact flash card, no problem at all ! And i've recently discovered 
they even included a watchdog ;)


Morgan

Le 04/10/2013 23:45, Loïc BLOT a écrit :

Hello,
I also looked at ALIX board since a long time.
Is there anybody using Alix 2d13 with OpenBSD ?

Thanks in advance.
--
Best regards,
Loïc BLOT,
UNIX systems, security and network engineer
http://www.unix-experience.fr



Le vendredi 04 octobre 2013 à 15:05 +0200, Jan Stary a écrit :
On Oct 04 07:16:57, inform...@gmx.net wrote:
> >http://www.pcengines.ch/product.htm
> >http://en.wikipedia.org/wiki/Raspberry_Pi
> No, I'm not working for PC Engines. But I'm a huge fan of their
> products :-)

Just to praise PC Engines a little bit more:
when my ALIX.1C stopped working for some reason,
I sent it to PC Engines, who found that the board
is completely OK - it was my power supply
that was faulty (which I could then confirm).

Before sending it back, they kindly suggested
that ALIX.1E is a newer model that replaces
the ALIX.1C, so if I don't object ...
which I didn't.

The shipping didn't even cost me anything,
and they just replaced my old 1C with a new 1E.
Not to mention the chocolate.

In short, their customer service
is as good as the boards.

[demime 1.01d removed an attachment of type application/pgp-signature
which had a name of signature.asc]

Re: open bsd router

[Loïc BLOT]

Hello,
I also looked at ALIX board since a long time.
Is there anybody using Alix 2d13 with OpenBSD ?

Thanks in advance.
--
Best regards,
Loïc BLOT,
UNIX systems, security and network engineer
http://www.unix-experience.fr



Le vendredi 04 octobre 2013 à 15:05 +0200, Jan Stary a écrit :
> On Oct 04 07:16:57, inform...@gmx.net wrote:
> > >http://www.pcengines.ch/product.htm
> > >http://en.wikipedia.org/wiki/Raspberry_Pi
> > No, I'm not working for PC Engines. But I'm a huge fan of their
> > products :-)
>
> Just to praise PC Engines a little bit more:
> when my ALIX.1C stopped working for some reason,
> I sent it to PC Engines, who found that the board
> is completely OK - it was my power supply
> that was faulty (which I could then confirm).
>
> Before sending it back, they kindly suggested
> that ALIX.1E is a newer model that replaces
> the ALIX.1C, so if I don't object ...
> which I didn't.
>
> The shipping didn't even cost me anything,
> and they just replaced my old 1C with a new 1E.
> Not to mention the chocolate.
>
> In short, their customer service
> is as good as the boards.

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of signature.asc]

OT: SuperMicro X9SBAA-F with OpenBSD

[Daniel Ouellet]

Anyone every got their hands on one of SuperMicro 1U server with the
X9SBAA-F board in it.

I wish I could find a dmesg for it if that exists somewhere.

If you have, how is the 1x Realtek RTL8201N PHY (dedicated IPMI)s
working out for you?

Looks like the IPMI is there via Nuvoton WPCM450 BMC, so I wonder if
anyone have one and use it and how's the remote management of it is.

Ideal is just console remote access via ssh for install and usual stuff.
Nothing graphics needed or wanted.

Any feedback would be appreciated if possible on or off list depending
if others might be interested in the subject.

Thanks

Daniel

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of signature.asc]

Re: nouveau driver help (moved from ports to misc)

[Kevin Chadwick]

> > Oke,
> > What is then the best way to proceed ?  
> 
> Buy an ATI or Intel gfx card.

I assume you meant a system with an intel gfx chip and most use laptops
these days but this raised a thought with me. 

What would be a cheap but decent enough, KMS supported VGA and or PCIEX
card model?


-- 
___

'Write programs that do one thing and do it well. Write programs to work
together. Write programs to handle text streams, because that is a
universal interface'

(Doug McIlroy)

In Other Words - Don't design like polkit or systemd
___

Re: OpenOSPFd and CARP Masters

[Andy]

On 02/10/13 12:31, Stuart Henderson wrote:
> On 2013/10/02 12:26, Andy wrote:
>> "No, but does it matter anyway?" - Good point.. What I should have
>> really asked is how can I ensure that the route with the lowest
>> metric/cost is the one pointing to the master..
> ospfd does that anyway (and DR/BDR are only ospf roles determining
> who synchronizes with other routers, it doesn't affect which is preferred
> for routing)

Hi, I've been working on this for a couple days now since your reply and 
I'm not finding this is the case. All the routes are being announced 
with the same cost from both the master and the slave and so the master 
is not being preferred :( I'm probably doing something wrong..

I'm running 5.3 at the moment, and as per page 11 in 'Routing with 
OpenBSD using OpenOSPFD and OpenBGPD' which reads: "redistribute 
connected" got replaced with a "interface carp0". This ensures that the 
announced network depends on the interface state of carp0. It is not 
recommended to use "redistribute connected" with carp(4) because the 
connected route is attached to the parent interface and so depends on 
the link state of that interface and not of the carp(4) one.

I have two ABR OpenBSD firewalls connected to two Cisco routers via a 
layer 2 link to connecting all 4 devices to each other. I have other 
networks/OpenBSD firewalls (which also all show the same problem) also 
connecting up to the Cisco's but to keep it short and sweet I'll omit 
those unless interested and stick to the one example below.

/etc/ospfd.conf;

password="password"
router-id 10.0.10.5
fast-hello-interval msec 200
router-dead-time minimal
router-priority 1
rfc1583compat no
auth-type crypt
auth-md 1 $password
auth-md-keyid 1

area 0.0.0.0 {
 # Main VPLS Link to Cisco 1 and Cisco 2
 interface vlan900 { metric 100 }
 # Announce via CARP Master
 interface carp0
 # Crossover link between firewalls
 interface em3 { metric 110 }
 # CARP Preempt
 demote carp
}
area 0.0.0.1 {
 # Main LAN Link 10.0.10.0/24
 interface em1 { metric 100 }
 # Announce via CARP Master
 interface carp1
}

The same file is on the backup firewall but with a different router-id.

However on the Cisco routers I see routes for all the networks via both 
of the firewalls with the same cost/metric :(

thor#show ip ospf route
. (omitted from brevity)
 Inter-area Route List
*>  10.0.10.0/24, Inter, cost 101, area 0
   via 185.25.30.22, GigabitEthernet0/0/1.900
   via 185.25.30.21, GigabitEthernet0/0/1.900
*>  10.0.13.0/24, Inter, cost 101, area 0
   via 185.25.31.156, GigabitEthernet0/0/2
   via 185.25.31.157, GigabitEthernet0/0/2
*>  10.1.10.0/24, Inter, cost 101, area 0
   via 185.25.31.157, GigabitEthernet0/0/2
   via 185.25.31.156, GigabitEthernet0/0/2

I'm also confused by the output of ospfctl show interface;
[LIVE]root@ne1301test:~# ospfctl show inter
Interface   AddressState  HelloTimer Linkstate Uptimenc  ac
carp1   10.0.10.4/24   DOWN   -  master 00:00:00   0   0
em1 10.0.10.5/24   DR 00:00:00   unknown 00:18:22   1   1
em3 192.168.0.252/24   DR 00:00:00   unknown 00:18:22   1   1
carp0   185.25.30.20/24DOWN   -  master 00:00:00   0   0
vlan900 185.25.30.21/24DR 00:00:00   unknown 00:18:22   3   3

I don't understand why the 'State' is 'DOWN' on both the CARP master and 
backup firewalls, even though the linkstate shows 'master' and 'backup' 
correctly.

So both the CARP master and the backup are announcing (wasn't expecting 
this in 5.3). I was expecting the backup to either stay silent, or to 
announce with a higher metric so the master is preferred.

Have I got the wrong end of the stick? ;)

Cheers, Andy.


>> ""Reinstate ospfd(8) code to announce routes to backup carp
>> interfaces, so that a specific route is maintained during failover."
>> ..which I think means it actually will announce it when being carp
>> slave, but with a higher cost/metric/whateveritsname."
>>
>> !! This would be amazing and exactly what I'm after :) (assuming that
>> the carp backup announces with a higher cost..)
> before this fix (which you could easily backport to 5.3 if needed)
> then only the carp master would announce the route so it still did
> pretty much what you need; this fix reinstates the code which makes
> both backup+master announce into ospf so the route doesn't dropout
> (reducing the chance of evil cloned default routes)

Re: open bsd router

[Bruno Flueckiger]

On 04.10.2013 15:05, Jan Stary wrote:


Just to praise PC Engines a little bit more:
when my ALIX.1C stopped working for some reason,
I sent it to PC Engines, who found that the board
is completely OK - it was my power supply
that was faulty (which I could then confirm).

Before sending it back, they kindly suggested
that ALIX.1E is a newer model that replaces
the ALIX.1C, so if I don't object ...
which I didn't.

The shipping didn't even cost me anything,
and they just replaced my old 1C with a new 1E.
Not to mention the chocolate.

In short, their customer service
is as good as the boards.


Reading this I almost regret that I never had any
trouble with the boards so far ;-) This is true
customer service.

Re: open bsd router

[alexey.kurin...@gmail.com]

I also decide to buy 2d13 because it have the battery.

On 10/04/13 17:48, Manolis Tzanidakis wrote:

On Fri (04/10/13), alexey.kurin...@gmail.com wrote:


Question is - what boards succesfully used by members of
misc@openbsd.org list? I glad to read members IMHO about used
boards.


I can also highly recommend ALIX boards. I've installed a few 2d3 and
2d13 in various small to medium sized businesses over the years, and
some of these boards even outlived the businesses..

My advice is to get a model with built-in battery-powered real-time
clock (RTC), like 2d13. And avoid cheap flash cards.

Re: open bsd router

[Manolis Tzanidakis]

On Fri (04/10/13), alexey.kurin...@gmail.com wrote:

> Question is - what boards succesfully used by members of
> misc@openbsd.org list? I glad to read members IMHO about used
> boards.

I can also highly recommend ALIX boards. I've installed a few 2d3 and
2d13 in various small to medium sized businesses over the years, and
some of these boards even outlived the businesses..

My advice is to get a model with built-in battery-powered real-time
clock (RTC), like 2d13. And avoid cheap flash cards.

Re: open bsd router

[Peter N. M. Hansteen]

Jan Stary  writes:

> AFAIK there are currently no plans to port OpenBSD to Raspberry,
> as the hardware is not really documented.

Judging by some recent threads here (findable via the obvious
keywords), "not really documented" is something of an
understatement. And there is real info here and there in these
threads, I promise.

- P

-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
"Remember to set the evil bit on all malicious network traffic"
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.

Re: open bsd router

[Jan Stary]

On Oct 04 07:16:57, inform...@gmx.net wrote:
> >http://www.pcengines.ch/product.htm
> >http://en.wikipedia.org/wiki/Raspberry_Pi
> No, I'm not working for PC Engines. But I'm a huge fan of their
> products :-)

Just to praise PC Engines a little bit more:
when my ALIX.1C stopped working for some reason,
I sent it to PC Engines, who found that the board
is completely OK - it was my power supply
that was faulty (which I could then confirm).

Before sending it back, they kindly suggested
that ALIX.1E is a newer model that replaces
the ALIX.1C, so if I don't object ...
which I didn't.

The shipping didn't even cost me anything,
and they just replaced my old 1C with a new 1E.
Not to mention the chocolate.

In short, their customer service
is as good as the boards.

Re: open bsd router

[Jan Stary]

On Oct 04 00:37:41, alexey.kurin...@gmail.com wrote:
> Hi. I want to buy some single board (arm cpu) computer for
> installing open bsd and run services NAT, vpn, webserver,
> etc... Primary experiments for work and fun.
> Hours of googling and reading. I found many deviceses, many of it's
> listed there 
> http://www.element14.com/community/community/knode/single-board_computers/blog?start=0
> Exist good industrial boards, but low price start for it when buying
> >=1k boards
> 
> My favorite:
> http://www.pcengines.ch/product.htm
> http://en.wikipedia.org/wiki/Raspberry_Pi

I can recommend the ALIX boards - they work just fine for me
as routers and dns/mail/pgsql/www servers.

AFAIK there are currently no plans to port OpenBSD to Raspberry,
as the hardware is not really documented.

Re: PostgreSQL "samenet" in pg_hba.conf

[Craig R. Skinner]

No?

On 2013-10-02 Wed 18:06 PM |, Craig R. Skinner wrote:
> Does the ADDRESS keyword "samenet" work in OpenBSD's PostgreSQL pg_hba.conf?
> 
> Manually specifying an address block works, as does a DNS hostname &
> domain name.
> 
> $ pkg_info -I postgresql-server
> postgresql-server-9.2.3 PostgreSQL RDBMS (server)
> 
> $ uname -a
> OpenBSD oak.britvault.co.uk 5.3 GENERIC#50 i386
> 
> 
> This page mentions an interface testing tool "test_ifaddrs":
> https://www.virtualnetwork.net/about/opensource/package/postgres
> 
> http://doxygen.postgresql.org/test__ifaddrs_8c_source.html
> 
> Not found:
> find /usr/local -type f -name test_ifaddrs
> 
> Thoughts?
> -- 
> Craig Skinner | http://twitter.com/Craig_Skinner | http://linkd.in/yGqkv7

Re: open bsd router

[Paco Esteban]

A 03.10.2013 23:37, alexey.kurin...@gmail.com escrigué:

Hi. I want to buy some single board (arm cpu) computer for installing
open bsd and run services NAT, vpn, webserver,
etc... Primary experiments for work and fun.
Hours of googling and reading. I found many deviceses, many of it's
listed there

http://www.element14.com/community/community/knode/single-board_computers/blog?start=0
Exist good industrial boards, but low price start for it when buying 
>=1k boards


My favorite:
http://www.pcengines.ch/product.htm
http://en.wikipedia.org/wiki/Raspberry_Pi

Question is - what boards succesfully used by members of
misc@openbsd.org list? I glad to read members IMHO about used boards.

Sorry for ugly english.


+1 to Alix devices.

alix2d3 + dnma92 802.11 a/b/g/n miniPCI radio + OpenBSD = Amazing soho 
router !


You'll only need software in base, by the way !

Cheers,

--
Paco Esteban.
GnuPG key: 0x0E1192A4

Re: open bsd router

[alexey.kurin...@gmail.com]

Thanks for replies. Thanks for correction about ALIX not arm , esturday 
I missing that. My tired eyes see AMD like ARM - first leter match :)

ALIX low power consuming, fanless and long life - good features.

I still doubt, but lowest price not associated with long life. For me - 
good things price always higer then lowest, but not to high at all.


Maybe ALIX is what I need.

Many many thanks for replies.