Re: How to follow -stable and verify it with signify?
On 01-10-2014 01:58, Eric Furman wrote: If you don't realize the the OpenBSD team hasn't thought about, talked about and argued about these issues to an extremely large extent then you are very new here. Nope. I myself participated on these discussions on the past. You won't see it on these lists, but if users are making suggestions you can be rest assured it has already been extensively discussed privately with the team. They are way ahead of us. So you are suggesting that we shouldn't use a miscelaneous list to talk about miscelaneous subjects, because the OpenBSD team may or may not have talked about them, in private? Great way to improve things. Cheers [demime 1.01d removed an attachment of type application/pkcs7-signature which had a name of smime.p7s]
Re: something is weird with pppoe
Hi Pieter, On 09/29/14 10:54, Pieter Verberne wrote: On 2014-09-26 18:52, Harald Dunkel wrote: It takes 2 or 3 minutes till the connection is established. I have seen very similar things on Soekris. Also hostname.pppoe0 seems to be picky about the syntax. Where you can just [enter] for normal ethernet interfaces, hostname.pppoe0 expects most commands on one line (or separated by '\' [enter]) I believe. But I haven't really looked in to this. I have used copypaste from pppoe(4) into hostname.pppoe0, adjusted pppoedev, authname and authkey, but I get still the same problem. Thanx anyway for your reply Harri
Node.js core dumps after upgrading packages
Hi, After upgrading all of my OpenBSD packages (http://lteo.net/blog/2012/11/08/reinstalling-all-your-openbsd-packages-with-pkg-adds-fuzzy-matching-feature/) I've started getting frequent core dumps in Node.js. All I'm seeing is `segmentation fault (core dumped)`. I wanted to try https://github.com/ddopson/node-segfault-handler to debug what's going on but it doesn't seem to want to build on OpenBSD. Has anybody experienced anything similar? Thanks. O.D.
Re: Node.js core dumps after upgrading packages
On Oct 1, 2014 5:51 AM, openda...@hushmail.com wrote: Hi, After upgrading all of my OpenBSD packages ( http://lteo.net/blog/2012/11/08/reinstalling-all-your-openbsd-packages-with-pkg-adds-fuzzy-matching-feature/) I've started getting frequent core dumps in Node.js. What version of node are you using and what are you trying to run when it dumps? All I'm seeing is `segmentation fault (core dumped)`. I wanted to try https://github.com/ddopson/node-segfault-handler to debug what's going on but it doesn't seem to want to build on OpenBSD. Has anybody experienced anything similar? Thanks. O.D.
relayd and url logging
I'm trying out relayd (as released in 5.4, feel free to suggest I update if it would help my use case) for transparent outgoing http proxying. Before I turn to filtering I'd like to look at the traffic, creating a log of URLs I can sift through daily. I'm having trouble getting it to log the way I think it should be able to. From looking at the relayd.conf man page it seems like I should be able to use log as an action in the protocols, but it's unclear how it is to be used. What's key and value in relation to the url-type? This isn't explained anywhere that I've seen. Also, the syntax for the configuration directives for protocols as described in relayd.conf(5) reads: [direction] [type] action [marked id] [log]. This would indicate relayd should be able to log something. I asked this in #openbsd on IRC (freenode) today, but thought I'd get a wider reach here. Apoligies for the repetition if you already saw my question there. Thanks! // Daniel
Re: How to follow -stable and verify it with signify?
2014-10-01 3:02 GMT+02:00 Giancarlo Razzolini grazzol...@gmail.com: OpenBSD do not have any secure way to get things. Buy a CD. If you don't trust the shop, have it somehow signed by a dev. Best Martin
Re: OpenBSD 5.6 pre-orders in Germany possible
Hi guys, On Tue, Sep 30, 2014 at 08:16:05PM +0100, OpenBSD Europe wrote: | Am 09/30/14 um 14:42 schrieb Martijn van Duren: | | The openbsdstore.com has opend. | | Guess what I just did? ;-) | | Cheers, | STEFAN | | Yep. | | We had a some issues to start with. | | *Please*, if you order and hit a problem, email it to | ord...@openbsdstore.com and not on these lists. It's *much* easier for us | to deal with. They seem to have settled now. I've just placed my pre-order for 5.6 (5 sets, for myself and some friends) via your new website. Wanted to thank you for taking over from Austin, but also for your acknowledgement towards him in your FAQ; I think that is a very nice touch :) Cheers! Paul PS: One of the FAQs is repeated twice (How is my credit card handled?) -- [++-]+++.+++[---].+++[+ +++-].++[-]+.--.[-] http://www.weirdnet.nl/
X Window manual pages not on http://www.openbsd.org/cgi-bin/man.cgi
Hi, It seems that manual pages related to X Window (e.g. xterm) do not appear on http://www.openbsd.org/cgi-bin/man.cgi causing all links that point to them on the OpenBSD FAQ to be broken. Best regards, Edward
Re: Pidgin/Lync success stories?
Ok, here i go, i downloaded pidgin from original web and sipe from their web too. This procedure does not adjust to the procedures folllowed by openbsd but, its valid to get pidgin / sipe working =) Pidgin pidgin-2.10.9 from https://pidgin.im/download/ Sipe 1.18.2 from http://sourceforge.net/projects/sipe/files/sipe/pidgin-sipe-1.18.2/pidgin-sip e-1.18.2.tar.gz/download For making pidgin: $ ./configure --disable-farstream --disable-vv --disable-nm --with-nss --with-openssl --disable-tcl $ gmake $ sudo gmake install (you can tune your installation with prefix env) For making sipe $ ./configure --enable-openssl --enable-nss --enable-debug $ gmake $ sudo gmake install (you can tune your installation with prefix env) HTH Regards Saludos.- Leonardo Santagostini http://ar.linkedin.com/in/santagostini 2014-09-27 14:34 GMT-03:00 Leonardo Santagostini lsantagost...@gmail.com: Later i will write the issue. But is before openssl/libressl switch and its related to use nss libs instead ssl. And pidgin is ssilently refusing server certs. But later i will write it more deeper with some debug. I have pidgin / sipe working without issues Regards El sep 27, 2014 1:37 p.m., Alexander Hall alexan...@beard.se escribió: On 09/26/14 11:55, Mattieu Baptiste wrote: On Fri, Sep 26, 2014 at 10:49 AM, Alexander Hall alexan...@beard.se mailto:alexan...@beard.se wrote: Hi! I'm trying to set up Pidgin to talk to our Lync servers at work, but it seems somewhere after (or in) the TLS handshaking, it just stops, and eventually times out. I installed the pidgin-sipe package and I'm using the 'office communicator' protocol. On a Debian box on the side, with the same settings, I don't have this issue. Can someone please share success stories, non-success stories, or useful hints of using Pidgin for Lync on OpenBSD? Hi, I've also failed at using Pidgin with Office 365. I tried different settings with the pidgin-sipe port, without success. I found a workaround with chrome (+ extension to change the user-agent) and Outlook web access. It let me use the Lync web client. Just to rule one possibiliy out... Was this before or after the separation from upstream openssl? /Alexander Regards, -- Mattieu Baptiste /earth is 102% full ... please delete anyone you can.
Re: How to follow -stable and verify it with signify?
On Tue, Sep 30, 2014 at 4:56 PM, Josh Grosse j...@jggimi.homeip.net wrote: They happen whenever a fix is backported but not deemed critical enough or in wide enough use for errata. Here's the first two I found in 5.5-stable, there may be others but I stopped looking, since you just wanted a couple of examples. Thanks. How do I go about finding those myself? -- Don't eat anything you've ever seen advertised on TV - Michael Pollan, author of In Defense of Food
Both PPTP and L2TP on npppd?
I’m running a L2TP server using npppd on OpenBSD 5.5. Is it possible to run both PPTP and L2TP using npppd? I tried to append a tunnel for pptp in default configuration then my L2TP could not work. Best regards
route to 127.0.0.1 broke by today's current
Hello together I have an issue on my mailserver; the today's current broke my route to 127.0.0.1 / localhost Externel IP is working. Here are some Infos: ifconfig lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 32768 priority: 0 groups: lo inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3 inet 127.0.0.1 netmask 0xff00 re0: flags=28843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,NOINET6 mtu 1500 lladdr 54:04:a6:b4:99:c2 priority: 0 groups: egress media: Ethernet autoselect (1000baseT full-duplex) status: active inet 176.9.157.xx netmask 0xffe0 broadcast 176.9.157.95 PING 127.0.0.1 (127.0.0.1): 56 data bytes --- 127.0.0.1 ping statistics --- 26 packets transmitted, 0 packets received, 100.0% packet loss PING 8.8.8.8 (8.8.8.8): 56 data bytes 64 bytes from 8.8.8.8: icmp_seq=0 ttl=48 time=15.044 ms PING 176.9.157.xx (176.9.157.xx): 56 data bytes 64 bytes from 176.9.157.xx: icmp_seq=0 ttl=64 time=0.688 ms netstat -nr Internet: DestinationGatewayFlags Refs Use Mtu Prio Iface default176.9.157.xx UGS 1727367 - 8 re0 127/8 127.0.0.1 UGRS 03 32768 8 lo0 127.0.0.1 127.0.0.1 UH 1 134 32768 4 lo0 176.9.157.64/27link#1 UC 10 - 4 re0 176.9.157.xx 78:fe:3d:46:ed:9d UHLc 20 - 4 re0 176.9.157.76 54:04:a6:b4:99:c2 UHLl 09 - 1 lo0 176.9.157.95 link#1 UHLb 00 - 1 re0 217.94.125.49 176.9.157.65 UGHD 026664 - L 56 re0 224/4 127.0.0.1 URS00 32768 8 lo0 OpenBSD xxx 5.6 GENERIC.MP#76 amd64 Today's source OpenSMTPd brings: stat=Network error on destination MXs What can I to to fix it ? Thank you in advance. Heiko
Build is hard-coded to /usr/src and /usr/obj?
Hi folks, This seems to be the case but wondering whether there is a way to override this. In particular I want to be able to build 5.5 -stable and then 5.5 -release + patches and keep the two source trees separate. thanks, -Alan -- Don't eat anything you've ever seen advertised on TV - Michael Pollan, author of In Defense of Food
Re: How to follow -stable and verify it with signify?
On 2014-10-01 10:29, Alan McKay wrote: On Tue, Sep 30, 2014 at 4:56 PM, Josh Grosse j...@jggimi.homeip.net wrote: They happen whenever a fix is backported but not deemed critical enough or in wide enough use for errata. Here's the first two I found in 5.5-stable, there may be others but I stopped looking, since you just wanted a couple of examples. Thanks. How do I go about finding those myself? Several options to choose from: 1. Update a local working directory from -release to -stable Start with -release working directory, which can be from CD, or tarball, or AnonCVS. Update, logging CVS output. Compare patched or updated modules against errata. 2. Subscribe to the CVS commit log mailing list, and watch for commits tagged for -stable (OPENBSD_n_m). Compare with errata publication. You can also subscribe to the Ports CVS commit log mailing list, and note any -stable port commitments. 3. Keep a local CVSROOT repository with CVSync, which gives you access to the complete Changelog* history, which you can search. This is sometimes more helpful than searching mailing list archives for commits. I happened to use option 3 for the quick search I conducted for you yesterday. CVS commits are also logged via the CVS Web interface at http://cvsweb.openbsd.org/cgi-bin/cvsweb/ It's an extremely useful service, and I use it too, just not not for this sort of generic scan.
Re: Build is hard-coded to /usr/src and /usr/obj?
On 2014-10-01 11:07, Alan McKay wrote: Hi folks, This seems to be the case but wondering whether there is a way to override this. In particular I want to be able to build 5.5 -stable and then 5.5 -release + patches and keep the two source trees separate. thanks, -Alan Guidance for environment variable setting can be found in the top level src/Makefile, and also in the /usr/share/mk/bsd.README -- and you may find the bsd.own.mk Makefile helpful.
Re: Build is hard-coded to /usr/src and /usr/obj?
On Wed, Oct 1, 2014 at 11:20 AM, Josh Grosse j...@jggimi.homeip.net wrote: Guidance for environment variable setting can be found in the top level src/Makefile, and also in the /usr/share/mk/bsd.README -- and you may find the bsd.own.mk Makefile helpful. Dang, should have thought to look there. I was looking at the release manpage which gives the details on how to build from source. There is mention there of env vars for building the final release, but not for alternate source code locations. -- Don't eat anything you've ever seen advertised on TV - Michael Pollan, author of In Defense of Food
Change routing tables when ISP goes down
I have a very unreliable ISP (approximately 97% uptime). Many of the times that they go down, I'm connected and can ping within their limited network, but can't get to the outside world. In these cases, I have an alternate slow speed connection that I use. Right now, I manually change the default route and use pfctl to invoke an alternate pf.conf file. I'm thinking that OpenOSPF, BIRD or one of the other routing oriented daemons might be a way to automate switching back and forth. Does anyone suggestions on effective ways to automate/manage this? Thanks! Jeff
Re: Change routing tables when ISP goes down
ifstated could do it ...
Re: Change routing tables when ISP goes down
On Wed, Oct 01, 2014 at 11:10:12AM -0400, Jeff wrote: I have a very unreliable ISP (approximately 97% uptime). Many of the times that they go down, I'm connected and can ping within their limited network, but can't get to the outside world. In these cases, I have an alternate slow speed connection that I use. Right now, I manually change the default route and use pfctl to invoke an alternate pf.conf file. I'm thinking that OpenOSPF, BIRD or one of the other routing oriented daemons might be a way to automate switching back and forth. Does anyone suggestions on effective ways to automate/manage this? Thanks! Jeff Have you considered using ifstated(8) with external tests (e.g. ping)? See the ifstated.conf(5) man page.
pf on rpi
I installed netbsd on raspberry pi and intent to
use pf as a firewall. Seems that pf version on the
current (7.99.1) is about 4.2 or 4.3 openbsd ver-
sion. I am aware that I might stay locked out if
I make mistake, since the node is ssh reachable.
At first, I would start pf and stay with an option
to have new start:
# pfctl -f /etc/pf.conf; shutdown -r +10
What bothers me are rules, that could be a mismatch.
In fact, it is basic one node configuration like:
set skip on lo0
match in all scrub (no-df)
block in all
block out all
pass out on fxp0 proto { tcp, udp, icmp } from any to any modulate state
pass in on fxp0 proto tcp from any to any port ssh
Would this be enough for old version on netbsd or
I have to change the syntax?
Best regards
Zoran
No SSH fingerprints for Alberta Anon CVS Server?
Hi again folks, This is yet another email relating to my search for a secure way to download -stable source. When I first started building -stable a couple of weeks ago I chose the Alberta CVS server because I considered it Home Base (or maybe I should say Center Ice? :-)) Now that I have the building down pat I am looking at ways to ensure I have the correct source code. So I'm looking at what someone mentioned in my other thread I started - verify SSH fingerprints. However, it seems that all the servers except the Alberta one have this information published at http://www.openbsd.org/anoncvs.html Is there a reason this one does not have its fingerprints listed? thanks, -Alan -- Don't eat anything you've ever seen advertised on TV - Michael Pollan, author of In Defense of Food
Re: Change routing tables when ISP goes down
On 2014-10-01 16:10, Jeff wrote: I have a very unreliable ISP (approximately 97% uptime). Many of the times that they go down, I'm connected and can ping within their limited network, but can't get to the outside world. In these cases, I have an alternate slow speed connection that I use. Right now, I manually change the default route and use pfctl to invoke an alternate pf.conf file. I'm thinking that OpenOSPF, BIRD or one of the other routing oriented daemons might be a way to automate switching back and forth. Does anyone suggestions on effective ways to automate/manage this? Thanks! Jeff Implementing a dynamic routing protocol will ensure the switch over but would require either ISP cooperation or a server on the internet side. the easiest way to achieve what you want is scripting default route change. Something like that should do the trick. while true do route1=$(ping -I $INTERFACE_TO_ISP1 $ISP1_GATEWAY -c 1 | tail -n2 | head -1 | grep -c 1 received) route2=$(ping -I $INTERFACE_TO_ISP1 $ISP2_GATEWAY -c 1 | tail -n2 | head -1 | grep -c 1 received) routa=$(ip route | grep default | cut -d' ' -f3 | tr -d ' ') if [ $route1 != 1 ] then route del default route add default gw $ISP2_GATEWAY else if [ $routa != $ISP1_GATEWAY ] then route del default route add default gw $ISP1_GATEWAY fi fi sleep $waittime //you may want to wait a bit between checks done Regards Louis
Re: No SSH fingerprints for Alberta Anon CVS Server?
At the bottom of the list: Note: If your server is listed on here with inaccurate or unknown information, please contact b...@openbsd.org There is also a maintainer contact email for each mirror. Coincidentally, the one for Alberta is b...@ualberta.ca Funny, if it is the same beck, seems like those are the fingerprints that'd be most known. Tim.
Re: route to 127.0.0.1 broke by today's current
On Wed, 01 Oct 2014 15:30:49 +0200 Heiko Zimmermann e-c...@t-online.de wrote: OpenSMTPd brings: stat=Network error on destination MXs What can I to to fix it ? Thank you in advance. Heiko On Debian Linux, I have lo fail all the time, and so after every reboot, I do: ifdown lo ifup lo Obviously this is a workaround, but until it's fixed it's better than nothing. I don't know what the equivalent commands would be on OpenBSD, but you might try them. SteveT Steve Litt* http://www.troubleshooters.com/ Troubleshooting Training * Human Performance
Re: route to 127.0.0.1 broke by today's current
On 01/10/14(Wed) 15:30, Heiko Zimmermann wrote: Hello together I have an issue on my mailserver; the today's current broke my route to 127.0.0.1 / localhost I am to blame, I broke it in r1.237 of sys/netinet/ip_input.c. I just committed a fix, the normal behavior should be restored with r1.104 of sys/netinet/in.c. Martin
Re: pf on rpi
netbsd pf is way too old, and it looks like their plan is to
not update, but to convince people to use another new filter
written from scratch and used by a handful of people.
Good luck.
I installed netbsd on raspberry pi and intent to
use pf as a firewall. Seems that pf version on the
current (7.99.1) is about 4.2 or 4.3 openbsd ver-
sion. I am aware that I might stay locked out if
I make mistake, since the node is ssh reachable.
At first, I would start pf and stay with an option
to have new start:
# pfctl -f /etc/pf.conf; shutdown -r +10
What bothers me are rules, that could be a mismatch.
In fact, it is basic one node configuration like:
set skip on lo0
match in all scrub (no-df)
block in all
block out all
pass out on fxp0 proto { tcp, udp, icmp } from any to any modulate state
pass in on fxp0 proto tcp from any to any port ssh
Would this be enough for old version on netbsd or
I have to change the syntax?
Best regards
Zoran
Re: No SSH fingerprints for Alberta Anon CVS Server?
On Wed, Oct 1, 2014 at 12:32 PM, trondd tro...@gmail.com wrote: Note: If your server is listed on here with inaccurate or unknown information, please contact b...@openbsd.org Yeah, damned if you do, damned if you don't. I saw that and was not 100% sure whether this fell into that category and did not want to bug him and/or get chewed out for bugging him. So I figured I'd ask the list first. Thanks, I'll just check with beck@ -- Don't eat anything you've ever seen advertised on TV - Michael Pollan, author of In Defense of Food
Re: route to 127.0.0.1 broke by today's current
Hello Martin, My workaround was: cvs -q up -D 2 days ago“ When you fixed it, so it will be in the next cvs src update ? Thanks Heiko Am 01.10.2014 um 18:40 schrieb Martin Pieuchot mpieuc...@nolizard.org: On 01/10/14(Wed) 15:30, Heiko Zimmermann wrote: Hello together I have an issue on my mailserver; the today's current broke my route to 127.0.0.1 / localhost I am to blame, I broke it in r1.237 of sys/netinet/ip_input.c. I just committed a fix, the normal behavior should be restored with r1.104 of sys/netinet/in.c. Martin
Re: route to 127.0.0.1 broke by today's current
When you fixed it, so it will be in the next cvs src update ? With the current network, it takes about 5-30 minutes for it to show up in the various repo mirrors.
Re: Change routing tables when ISP goes down
It sounds like ping -I is what I was looking for, but when I use it, it seems to be sending out the packet with the right source address, but sending it to the wrong interface.are there any tricks here? Here's some data (edited) to show what I'm seeing: fxp0: inet 10.16.100.1 netmask 0xfff0 broadcast 10.16.100.15 fxp1: inet 192.168.243.152 netmask 0xff00 broadcast 192.168.243.255 when I try ping -I 192.168.243.152 ucla.edu, I see the following: tcpdump -i fxp0 icmp and host ucla.edu tcpdump: listening on fxp0, link-type EN10MB 13:06:36.478450 192.168.243.152 128.97.27.37: icmp: echo request 13:06:37.483393 192.168.243.152 128.97.27.37: icmp: echo request 13:06:38.493244 192.168.243.152 128.97.27.37: icmp: echo request The routing table shows: 10.16.100.0/28 link#1 UC 40 - 4 fxp0 192.168.243/24 link#2 UC 10 - 4 fpx1 -- View this message in context: http://openbsd.7691.n7.nabble.com/Change-routing-tables-when-ISP-goes-down-tp256610p256624.html Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: quotas grace period none right away
On Tue, Sep 30, 2014 at 07:31:20PM +0200, Otto Moerbeek wrote: On Tue, Sep 30, 2014 at 11:20:23AM -0500, Boris Goldberg wrote: Hello Otto, Wednesday, September 24, 2014, 2:36:58 PM, you wrote: OM Try to come up with a reproducable test case, include all relevant OM info and then we can investigate. I indeed see strange things on sparc64 more or less -current. Not exactly what you are seeing, but for starters, edquota -t is giving me what looks like unitialized mem. I hope to find some time to investigate further... -Otto There is indeed a bug in edquota -t in 5.5 and newer due to the time_t change, but that is unrelated to what you are seeing. I installed a 5.4 i386 machine to investigate further. Please tell me a few things: are you using softdep? uids in fstab? Please how me you full fstab line for the filesystem. Also, I like to see the output of both edquota -t and $ hexdump -C ../user.quota | head Note that changes made by edquota -t only end up in quota.user file after a a quoatcheck run. To be sure, reboot first. BTW please fix you email. Both you mx time out. -Otto
Re: How to follow -stable and verify it with signify?
On Wed, Oct 01, 2014 at 15:33, Martin Schröder wrote: 2014-10-01 3:02 GMT+02:00 Giancarlo Razzolini grazzol...@gmail.com: OpenBSD do not have any secure way to get things. Buy a CD. If you don't trust the shop, have it somehow signed by a dev. I'll note that at the recent EuroBSDCon, nobody asked Theo to personally verify any signify keys. Earlier, at BSDCan nobody asked Bob or I or anyone else there to verify any keys either.
Re: Change routing tables when ISP goes down
On Wed, Oct 1, 2014 at 8:10 AM, Jeff j...@usedmoviefinder.com wrote:
I have a very unreliable ISP (approximately 97% uptime). Many of the times
that they go
down, I'm connected and can ping within their limited network, but can't get
to the
outside world. In these cases, I have an alternate slow speed connection
that I use.
Right now, I manually change the default route and use pfctl to invoke an
alternate
pf.conf file.
I'm thinking that OpenOSPF, BIRD or one of the other routing oriented daemons
might be a
way to automate switching back and forth.
Does anyone suggestions on effective ways to automate/manage this?
Hi Jeff,
I have been casually working on this for some time now. I also have
two isp's. One more reliable than the other. The additional wish is to
load balance, since my backup isp is not that slow, so you can ignore
a few bits in the pf.conf files.
I almost have it working. I use ifstated, which calls a script called
manage-routes to do the heavy lifting. Multiple pf.conf files are
managed by anchors.
ExcuseSomething is wrong with what I have so far. Some quiet time is
needed to read through and trace the process, but I keep getting
interrupted by higher priorities. Plus my primary isp is very
reliable./Excuse Actually I am just lazy about most things until
there's an emergency.
Here are my files:
# cat ifstated.conf
shaw_linkup = vr1.link.up
telus_linkup= vr2.link.up
shaw_gate_test = ( \ping -q -c1 -w1 -I 199.71.129.170
199.71.129.169 /dev/null \ every 15 )
telus_gate_test = ( \ping -q -c1 -w1 -I 200.116.7.41 200.116.7.1
/dev/null \ every 15 )
init-state both
state both {
init {
run /usr/local/sbin/manage-routes ALL
}
if ! $telus_linkup {
set-state shaw
}
if ! $shaw_linkup {
set-state telus
}
if ! $telus_gate_test {
set-state shaw
}
if !$shaw_gate_test {
set-state telus
}
}
state shaw {
init {
run /usr/local/sbin/manage-routes SHAW
}
if !$shaw_linkup {
set-state telus
}
if !$shaw_gate_test {
set-state telus
}
if $telus_gate_test {
set-state both
}
}
state telus {
init {
run /usr/local/sbin/manage-routes TELUS
}
if ! $telus_linkup {
set-state none
}
if ! $telus_gate_test {
set-state none
}
if $shaw_gate_test {
set-state both
}
}
state none {
init {
run /usr/local/sbin/manage-routes NONE
}
if $shaw_gate_test {
set-state shaw
}
if $telus_gate_test {
set-state telus
}
}
I had a bit of fun with the led's on the front of the box, so you can
ignore that. Here is my route script:
# cat /usr/local/sbin/manage-routes
#!/bin/sh
#
# with help from Justin Jereza on misc@openbsd.org
#
SCRIPT=$0;
function help {
echo Usage: $SCRIPT ALL | SHAW | TELUS | NONE;
}
function in_table {
GW=$1;
route -n show | grep '^default' | awk '{ print $2 }' | grep $GW
21 /dev/null;
}
function add_route {
GW=$1;
route add -mpath default $GW 21 /dev/null;
}
function delete_route {
GW=$1;
route delete default $GW 21 /dev/null;
}
function log_msg {
SRV=$1;
STATUS=$2;
MSG=Unitow Network Status: $SRV is $STATUS;
logger -p daemon.info -t ifstated $MSG ;
# mail -s $MSG -croot This is an automated message from gateway server;
}
function set_shaw_led {
STATE=$1;
gpioctl -q gpio0 shaw_led $STATE;
}
function set_telus_led {
STATE=$1;
gpioctl -q gpio0 telus_led $STATE;
}
function pf_all {
pfctl -a isp_lan-F rules;
pfctl -a isp_egress -F rules;
pfctl -a isp_lan-f /etc/pf.all_lan.conf;
pfctl -a isp_egress -f /etc/pf.all_egress.conf;
}
function pf_one {
pfctl -a isp_lan-F rules;
pfctl -a isp_egress -F rules;
pfctl -a isp_lan-f /etc/pf.one_lan.conf;
pfctl -a isp_egress -f /etc/pf.one_egress.conf;
}
function pf_none {
pfctl -a isp_lan-F rules;
pfctl -a isp_egress -F rules;
}
if [ $# -ne 1 ]; then
help;
exit 1;
fi
STATE=$1;
SHAW_GW=184.71.129.169;
TELUS_GW=206.116.7.1;
case $STATE in
ALL)
if ! in_table $SHAW_GW; then
add_route $SHAW_GW;
fi
if ! in_table $TELUS_GW; then
add_route $TELUS_GW;
fi
pf_all;
log_msg SHAW UP;
log_msg TELUS UP;
set_shaw_led on;
set_telus_led on;
;;
SHAW)
if ! in_table $SHAW_GW; then
add_route $SHAW_GW;
fi
if in_table $TELUS_GW; then
delete_route $TELUS_GW;
fi
pf_one;
log_msg TELUS DOWN;
Amazing Encryption
I found this article its amazing ... http://mysteriesexplored.wordpress.com/2011/08/24/amazing-encryption-technology-in-ancient-india-the-katapayadi-shankya/ :)
Re: Change routing tables when ISP goes down
It sounds like ping -I is what I was looking for, but when I use it, it seems to be sending out the packet with the right source address, but sending it to the wrong interface.are there any tricks here? Here's some data (edited) to show what I'm seeing: fxp0: inet 10.16.100.1 netmask 0xfff0 broadcast 10.16.100.15 fxp1: inet 192.168.243.152 netmask 0xff00 broadcast 192.168.243.255 when I try ping -I 192.168.243.152 ucla.edu, I see the following: tcpdump -i fxp0 icmp and host ucla.edu tcpdump: listening on fxp0, link-type EN10MB 13:06:36.478450 192.168.243.152 128.97.27.37: icmp: echo request 13:06:37.483393 192.168.243.152 128.97.27.37: icmp: echo request 13:06:38.493244 192.168.243.152 128.97.27.37: icmp: echo request The routing table shows: 10.16.100.0/28 link#1 UC 40 - 4 fxp0 192.168.243/24 link#2 UC 10 - 4 fpx1 On Wed, Oct 01, 2014 at 05:23:43PM +0100, aluc...@phangos.fr wrote: On 2014-10-01 16:10, Jeff wrote: I have a very unreliable ISP (approximately 97% uptime). Many of the times that they go down, I'm connected and can ping within their limited network, but can't get to the outside world. In these cases, I have an alternate slow speed connection that I use. Right now, I manually change the default route and use pfctl to invoke an alternate pf.conf file. I'm thinking that OpenOSPF, BIRD or one of the other routing oriented daemons might be a way to automate switching back and forth. Does anyone suggestions on effective ways to automate/manage this? Thanks! Jeff Implementing a dynamic routing protocol will ensure the switch over but would require either ISP cooperation or a server on the internet side. the easiest way to achieve what you want is scripting default route change. Something like that should do the trick. while true do route1=$(ping -I $INTERFACE_TO_ISP1 $ISP1_GATEWAY -c 1 | tail -n2 | head -1 | grep -c 1 received) route2=$(ping -I $INTERFACE_TO_ISP1 $ISP2_GATEWAY -c 1 | tail -n2 | head -1 | grep -c 1 received) routa=$(ip route | grep default | cut -d' ' -f3 | tr -d ' ') if [ $route1 != 1 ] then route del default route add default gw $ISP2_GATEWAY else if [ $routa != $ISP1_GATEWAY ] then route del default route add default gw $ISP1_GATEWAY fi fi sleep $waittime //you may want to wait a bit between checks done Regards Louis -- === Jeff's Used Movie Finder http://www.usedmoviefinder.com email: j...@usedmoviefinder.com
Re: Change routing tables when ISP goes down
On Wed, Oct 1, 2014 at 2:10 PM, Gerald Chudyk gchu...@gmail.com wrote: I have been casually working on this for some time now. Hey, nice work! -- Don't eat anything you've ever seen advertised on TV - Michael Pollan, author of In Defense of Food
[no subject]
Hello All, I was trying to use openIKED to setup up multiple IKEv2 tunnels simultaneously. Can OPenIKEd software handle simultaneous IKEv2 connections to different end point or Gateways. i.,e UE1 connecting to Gateway1, UE1 connecting to GW2. Can both requests be processed by the software simultaenously, setup 2 parallel connections. and operate each tunnel independently ? -- Regards, Venkata
xombrero crashes with 'Bus error'
Hi there, I am running OpenBSD 5.6 amd64/current on a Thinkpad T60 (dmesg at the end). For a couple of weeks now over the last snapshots xombrero wont start. In a xterm I seen the following: ~ $ xombrero xombrero:/usr/local/lib/libestdc++.so.16.0: /usr/lib/libstdc++.so.57.0 : WARNING: symbol(_ZN11__gnu_debug17_S_debug_messagesE) size mismatch, relink your program Bus error (core dumped) So I deleted the package and tried to re-install vi ports. Result: === Building package for xombrero-1.6.3v1 Create /usr/ports/packages/amd64/all/xombrero-1.6.3v1.tgz Error: Libraries in packing-lists in the ports tree and libraries from installed packages don't match --- /tmp/dep_cache.7qIWNppQS/portstree-xombrero-1.6.3v1 Wed Oct 1 23:49:46 2014 +++ /tmp/dep_cache.7qIWNppQS/inst-xombrero-1.6.3v1 Wed Oct 1 23:49:46 2014 @@ -1,16 +1,16 @@ --W atk-1.0.21409.1 +-W atk-1.0.21209.1 -W c.77.2 -W cairo.12.2 -W cairo-gobject.1.1 -W fontconfig.9.1 -W freetype.22.0 --W gdk-3.1400.0 +-W gdk-3.1200.0 -W gdk_pixbuf-2.0.3000.0 --W gio-2.0.4200.0 --W glib-2.0.4200.0 +-W gio-2.0.4000.0 +-W glib-2.0.4000.0 -W gnutls.41.4 --W gobject-2.0.4200.0 --W gtk-3.1400.0 +-W gobject-2.0.4000.0 +-W gtk-3.1200.0 -W javascriptcoregtk-3.0.5.0 -W m.9.0 -W pango-1.0.3600.0 *** Error 1 in . (/usr/ports/infrastructure/mk/bsd.port.mk:3244 'wantlib-args') *** Error 1 in . (/usr/ports/infrastructure/mk/bsd.port.mk:1963 '/usr/ports/packages/amd64/all/xombrero-1.6.3v1.tgz') *** Error 1 in . (/usr/ports/infrastructure/mk/bsd.port.mk:2512 '_internal-package') *** Error 1 in . (/usr/ports/infrastructure/mk/bsd.port.mk:2492 'package') *** Error 1 in . (/usr/ports/infrastructure/mk/bsd.port.mk:1976 '/var/db/pkg/xombrero-1.6.3v1/+CONTENTS') *** Error 1 in /usr/ports/www/xombrero (/usr/ports/infrastructure/mk/bsd.port.mk:2492 'install') At this point I am lost... Anyone a clue what I might do? Below you'll find the dmesg and the .xombrero.conf. Thanke in advance. STEFAN dmesg ## OpenBSD 5.6-current (GENERIC.MP) #393: Tue Sep 30 23:06:30 MDT 2014 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 3203203072 (3054MB) avail mem = 3109277696 (2965MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xe0010 (68 entries) bios0: vendor LENOVO version 79ETC9WW (2.09 ) date 12/22/2006 bios0: LENOVO 2007VG2 acpi0 at bios0: rev 2 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP SSDT ECDT TCPA APIC MCFG HPET SLIC BOOT SSDT SSDT SSDT SSDT acpi0: wakeup devices LID_(S3) SLPB(S3) LURT(S3) DURT(S3) EXP0(S4) EXP1(S4) EXP2(S4) EXP3(S4) PCI1(S4) USB0(S3) USB1(S3) USB2(S3) USB7(S3) HDEF(S4) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpiec0 at acpi0 acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM)2 CPU T7200 @ 2.00GHz, 1994.66 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,NXE,LONG,LAHF,PERF cpu0: 4MB 64b/line 16-way L2 cache cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges cpu0: apic clock running at 166MHz cpu0: mwait min=64, max=64, C-substates=0.2.2.2.2, IBE cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Core(TM)2 CPU T7200 @ 2.00GHz, 1994.34 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,NXE,LONG,LAHF,PERF cpu1: 4MB 64b/line 16-way L2 cache cpu1: smt 0, core 1, package 0 ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 24 pins ioapic0: misconfigured as apic 2, remapped to apid 1 acpimcfg0 at acpi0 addr 0xf000, bus 0-63 acpihpet0 at acpi0: 14318179 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 1 (AGP_) acpiprt2 at acpi0: bus 2 (EXP0) acpiprt3 at acpi0: bus 3 (EXP1) acpiprt4 at acpi0: bus 4 (EXP2) acpiprt5 at acpi0: bus 12 (EXP3) acpiprt6 at acpi0: bus 21 (PCI1) acpicpu0 at acpi0: C3, C2, C1, PSS acpicpu1 at acpi0: C3, C2, C1, PSS acpipwrres0 at acpi0: PUBS, resource for USB0, USB2, USB7 acpitz0 at acpi0: critical temperature is 127 degC acpitz1 at acpi0: critical temperature is 99 degC acpibtn0 at acpi0: LID_ acpibtn1 at acpi0: SLPB acpibat0 at acpi0: BAT0 model 92P1139 serial 2887 type LION oem Panasonic acpibat1 at acpi0: BAT1 not present acpiac0 at acpi0: AC unit online acpithinkpad0 at acpi0 acpidock0 at acpi0: GDCK not docked (0) cpu0: Enhanced SpeedStep 1994 MHz: speeds: 2000, 1667, 1333, 1000 MHz pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 Intel 82945GM Host rev 0x03 ppb0 at pci0 dev 1 function 0 Intel 82945GM PCIE rev 0x03: msi pci1 at ppb0 bus 1 radeondrm0 at pci1 dev 0 function 0 ATI Radeon Mobility X1300 M52-64 rev 0x00 drm0 at radeondrm0 radeondrm0: apic 1 int 16 azalia0
Re: Change routing tables when ISP goes down
On 01-10-2014 14:14, Jeff wrote: It sounds like ping -I is what I was looking for, but when I use it, it seems to be sending out the packet with the right source address, but sending it to the wrong interface.are there any tricks here? You must enforce through pf route-to the packets to go through the right interface. Or, better yet, you should use multipath routing. Enable it on your systctl.conf. It will allow you to have multiple default gateways. If they both have the same priority the connections will go out in a simple round-robin fashion. Then you should use ifstated, as mentioned by others. If your ISP's routers support SNMP, you could use it to check for the link status instead of relying on external pinging. I only use it as last resort. On some of my modems I even have a small script that connect with on the administrative web interface to check if the link is up. On others I use telnet and expect. I only use ping as a last resort. I could help you with more elaborated examples, but I hope you got the idea. Cheers [demime 1.01d removed an attachment of type application/pkcs7-signature which had a name of smime.p7s]
Re: xombrero crashes with 'Bus error'
Are you rebuilding xombrero from the ports tree or reinstalling an existing built package? Is your ports tree from the same snapshot as your installed system? Tim.
Re: xombrero crashes with 'Bus error'
On Thu, Oct 02, 2014 at 12:03:41AM +0200, Stefan Wollny wrote: Hi there, I am running OpenBSD 5.6 amd64/current on a Thinkpad T60 (dmesg at the end). For a couple of weeks now over the last snapshots xombrero wont start. In a xterm I seen the following: ~ $ xombrero xombrero:/usr/local/lib/libestdc++.so.16.0: /usr/lib/libstdc++.so.57.0 : WARNING: symbol(_ZN11__gnu_debug17_S_debug_messagesE) size mismatch, relink your program Bus error (core dumped) So I deleted the package and tried to re-install vi ports. Result: === Building package for xombrero-1.6.3v1 Create /usr/ports/packages/amd64/all/xombrero-1.6.3v1.tgz Error: Libraries in packing-lists in the ports tree and libraries from installed packages don't match --- /tmp/dep_cache.7qIWNppQS/portstree-xombrero-1.6.3v1 Wed Oct 1 23:49:46 2014 +++ /tmp/dep_cache.7qIWNppQS/inst-xombrero-1.6.3v1 Wed Oct 1 23:49:46 2014 @@ -1,16 +1,16 @@ --W atk-1.0.21409.1 +-W atk-1.0.21209.1 -W c.77.2 -W cairo.12.2 -W cairo-gobject.1.1 -W fontconfig.9.1 -W freetype.22.0 --W gdk-3.1400.0 +-W gdk-3.1200.0 -W gdk_pixbuf-2.0.3000.0 --W gio-2.0.4200.0 --W glib-2.0.4200.0 +-W gio-2.0.4000.0 +-W glib-2.0.4000.0 -W gnutls.41.4 --W gobject-2.0.4200.0 --W gtk-3.1400.0 +-W gobject-2.0.4000.0 +-W gtk-3.1200.0 -W javascriptcoregtk-3.0.5.0 -W m.9.0 -W pango-1.0.3600.0 ^^ You have a bunch of outdated ports installed. Wait to the next round of packages and update your system. *** Error 1 in . (/usr/ports/infrastructure/mk/bsd.port.mk:3244 'wantlib-args') *** Error 1 in . (/usr/ports/infrastructure/mk/bsd.port.mk:1963 '/usr/ports/packages/amd64/all/xombrero-1.6.3v1.tgz') *** Error 1 in . (/usr/ports/infrastructure/mk/bsd.port.mk:2512 '_internal-package') *** Error 1 in . (/usr/ports/infrastructure/mk/bsd.port.mk:2492 'package') *** Error 1 in . (/usr/ports/infrastructure/mk/bsd.port.mk:1976 '/var/db/pkg/xombrero-1.6.3v1/+CONTENTS') *** Error 1 in /usr/ports/www/xombrero (/usr/ports/infrastructure/mk/bsd.port.mk:2492 'install') At this point I am lost... Anyone a clue what I might do? Below you'll find the dmesg and the .xombrero.conf. Thanke in advance. STEFAN dmesg ## OpenBSD 5.6-current (GENERIC.MP) #393: Tue Sep 30 23:06:30 MDT 2014 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 3203203072 (3054MB) avail mem = 3109277696 (2965MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xe0010 (68 entries) bios0: vendor LENOVO version 79ETC9WW (2.09 ) date 12/22/2006 bios0: LENOVO 2007VG2 acpi0 at bios0: rev 2 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP SSDT ECDT TCPA APIC MCFG HPET SLIC BOOT SSDT SSDT SSDT SSDT acpi0: wakeup devices LID_(S3) SLPB(S3) LURT(S3) DURT(S3) EXP0(S4) EXP1(S4) EXP2(S4) EXP3(S4) PCI1(S4) USB0(S3) USB1(S3) USB2(S3) USB7(S3) HDEF(S4) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpiec0 at acpi0 acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM)2 CPU T7200 @ 2.00GHz, 1994.66 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,NXE,LONG,LAHF,PERF cpu0: 4MB 64b/line 16-way L2 cache cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges cpu0: apic clock running at 166MHz cpu0: mwait min=64, max=64, C-substates=0.2.2.2.2, IBE cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Core(TM)2 CPU T7200 @ 2.00GHz, 1994.34 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,NXE,LONG,LAHF,PERF cpu1: 4MB 64b/line 16-way L2 cache cpu1: smt 0, core 1, package 0 ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 24 pins ioapic0: misconfigured as apic 2, remapped to apid 1 acpimcfg0 at acpi0 addr 0xf000, bus 0-63 acpihpet0 at acpi0: 14318179 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 1 (AGP_) acpiprt2 at acpi0: bus 2 (EXP0) acpiprt3 at acpi0: bus 3 (EXP1) acpiprt4 at acpi0: bus 4 (EXP2) acpiprt5 at acpi0: bus 12 (EXP3) acpiprt6 at acpi0: bus 21 (PCI1) acpicpu0 at acpi0: C3, C2, C1, PSS acpicpu1 at acpi0: C3, C2, C1, PSS acpipwrres0 at acpi0: PUBS, resource for USB0, USB2, USB7 acpitz0 at acpi0: critical temperature is 127 degC acpitz1 at acpi0: critical temperature is 99 degC acpibtn0 at acpi0: LID_ acpibtn1 at acpi0: SLPB acpibat0 at acpi0: BAT0 model 92P1139 serial 2887 type LION oem Panasonic acpibat1 at acpi0: BAT1 not present acpiac0 at acpi0: AC unit online acpithinkpad0 at acpi0 acpidock0 at acpi0: GDCK not docked (0) cpu0: Enhanced SpeedStep 1994 MHz: speeds: 2000, 1667,
