Problem with TCP congestion control behaviour of OpenBSD
Hello! I rented a VPS in USA and I'm currently in China. I'm having trouble to download files from it and I believe it's caused by the TCP congestion control. When I tried to download files via scp, the download speed started with 500K/s and downgrade over time. Approximately 1 min later, the download was stalled. What's worst was that I wouldn't able to connect to obsd host after stalled (unless wating sometime to make it `forget' my connection). I tried on a VPS with GNU/Linux and BBR. That didn't happen. My question is: 1. Is there a way to apply modern congestion control (like BBR) to OpenBSD? (From stackoverflow, that's not supported) 2. If there isn't, how to implement that on OpenBSD? Please point out some resources like OpenBSD source code or whatever. I'm not quite a programming expert but I'm interested in making it work. I had a few linux kernel module developing experenice. Maybe I can try to implement that on OpenBSD. I'm looking forward to your reply. -- William Goodspeed (龚志乐) Langfang, Hebei, PRC
iked RoadWarrior IPv6
Hello, I want to integrate a remote OpenBSD 7.2 machine into my local network. So it will be reachable via a local IPv4 address like 192.168.0.206. My local router and IPSec server is a LANCOM 1781EW+. The setup works already, but only if iked uses IPv4 and not IPv6. (I have a working IPv6 setup with strongSwan on Android tough.) # cat /etc/iked.conf ikev2 "rathaus" active esp \ from 192.168.0.0/24 to any \ from dynamic to 192.168.0.0/24 \ peer vpn.example.com \ srcid o2@rathaus \ psk "will-change-to-certs-if-testing-is-finished" \ request address any \ iface lo1 This config works if the peer entry is a IPv4 address or if vpn.example.com has only an A record. If vpn.example.com has an record or peer is a IPv6 address it will not work. Working: # iked -d ikev2_init_ike_sa: initiating "rathaus" spi=0x6fa20e5d5cc463ce: send IKE_SA_INIT req 0 peer 91.65.56.196:500 local 0.0.0.0:500, 518 bytes spi=0x6fa20e5d5cc463ce: recv IKE_SA_INIT res 0 peer 91.65.56.196:500 local 192.168.1.210:500, 38 bytes, policy 'rathaus' spi=0x6fa20e5d5cc463ce: sa_free: reinitiating with new DH group ikev2_init_ike_sa: initiating "rathaus" spi=0x22213067a8f10273: send IKE_SA_INIT req 0 peer 91.65.56.196:500 local 0.0.0.0:500, 742 bytes spi=0x22213067a8f10273: recv IKE_SA_INIT res 0 peer 91.65.56.196:500 local 192.168.1.210:500, 487 bytes, policy 'rathaus' spi=0x22213067a8f10273: send IKE_AUTH req 1 peer 91.65.56.196:4500 local 192.168.1.210:4500, 327 bytes, NAT-T spi=0x22213067a8f10273: recv IKE_AUTH res 1 peer 91.65.56.196:4500 local 192.168.1.210:4500, 239 bytes, policy 'rathaus' spi=0x22213067a8f10273: ikev2_ike_auth_recv: obtained lease: 192.168.0.206 spi=0x22213067a8f10273: ikev2_ike_auth_recv: obtained DNS: 192.168.1.254 spi=0x22213067a8f10273: ikev2_childsa_enable: loaded SPIs: 0xcffacc66, 0xe1e53f59 (enc aes-256-gcm) spi=0x22213067a8f10273: ikev2_childsa_enable: loaded flows: ESP-192.168.0.0/24=0.0.0.0/0(0) spi=0x22213067a8f10273: established peer 91.65.56.196:4500[UFQDN/o2@rathaus] local 192.168.1.210:4500[UFQDN/o2@rathaus] policy 'rathaus' as initiator (enc aes-256-gcm group modp2048 prf hmac-sha2-256) Not working: # iked -vd ikev2 "rathaus" active tunnel esp inet6 from 192.168.0.0/24 to 0.0.0.0/0 from 0.0.0.0 to 192.168.0.0/24 local any peer 2a02:810d:0:bf:c816:fbf3:8a40:7821 ikesa enc aes-128-gcm enc aes-256-gcm prf hmac-sha2-256 prf hmac-sha2-384 prf hmac-sha2-512 prf hmac-sha1 group curve25519 group ecp521 group ecp384 group ecp256 group modp4096 group modp3072 group modp2048 group modp1536 group modp1024 ikesa enc aes-256 enc aes-192 enc aes-128 enc 3des prf hmac-sha2-256 prf hmac-sha2-384 prf hmac-sha2-512 prf hmac-sha1 auth hmac-sha2-256 auth hmac-sha2-384 auth hmac-sha2-512 auth hmac-sha1 group curve25519 group ecp521 group ecp384 group ecp256 group modp4096 group modp3072 group modp2048 group modp1536 group modp1024 childsa enc aes-128-gcm enc aes-256-gcm group none esn noesn childsa enc aes-256 enc aes-192 enc aes-128 auth hmac-sha2-256 auth hmac-sha2-384 auth hmac-sha2-512 auth hmac-sha1 group none esn noesn srcid o2@rathaus lifetime 10800 bytes 4294967296 psk 0xfoobar config address any iface lo1 ikev2_init_ike_sa: initiating "rathaus" spi=0x12efeecdd9b0e8b6: send IKE_SA_INIT req 0 peer 2a02:810d:0:bf:c816:fbf3:8a40:7821:500 local :::500, 518 bytes spi=0x12efeecdd9b0e8b6: recv IKE_SA_INIT res 0 peer 2a02:810d:0:bf:c816:fbf3:8a40:7821:500 local 2003:c8:2721:cc00:f773:7319:68a6:8ed8:500, 38 bytes, policy 'rathaus' spi=0x12efeecdd9b0e8b6: sa_free: reinitiating with new DH group ikev2_init_ike_sa: initiating "rathaus" spi=0x4657d2d35de226ed: send IKE_SA_INIT req 0 peer 2a02:810d:0:bf:c816:fbf3:8a40:7821:500 local :::500, 742 bytes spi=0x4657d2d35de226ed: recv IKE_SA_INIT res 0 peer 2a02:810d:0:bf:c816:fbf3:8a40:7821:500 local 2003:c8:2721:cc00:f773:7319:68a6:8ed8:500, 487 bytes, policy 'rathaus' (Around this point the router reports: "IKEV2C_O2 connected") spi=0x4657d2d35de226ed: send IKE_AUTH req 1 peer 2a02:810d:0:bf:c816:fbf3:8a40:7821:500 local 2003:c8:2721:cc00:f773:7319:68a6:8ed8:500, 359 bytes spi=0x4657d2d35de226ed: retransmit 1 IKE_AUTH req 1 peer 2a02:810d:0:bf:c816:fbf3:8a40:7821:500 local 2003:c8:2721:cc00:f773:7319:68a6:8ed8:500 spi=0x4657d2d35de226ed: retransmit 2 IKE_AUTH req 1 peer 2a02:810d:0:bf:c816:fbf3:8a40:7821:500 local 2003:c8:2721:cc00:f773:7319:68a6:8ed8:500 spi=0x4657d2d35de226ed: retransmit 3 IKE_AUTH req 1 peer 2a02:810d:0:bf:c816:fbf3:8a40:7821:500 local 2003:c8:2721:cc00:f773:7319:68a6:8ed8:500 spi=0x4657d2d35de226ed: retransmit 4 IKE_AUTH req 1 peer 2a02:810d:0:bf:c816:fbf3:8a40:7821:500 local 2003:c8:2721:cc00:f773:7319:68a6:8ed8:500 spi=0x4657d2d35de226ed: retransmit 5 IKE_AUTH req 1 peer 2a02:810d:0:bf:c816:fbf3:8a40:7821:500 local 2003:c8:2721:cc00:f773:7319:68a6:8ed8:500 spi=0x4657d2d35de226ed: recv IKE_AUTH res 1 peer 2a02:810d:0:bf:c816:fbf3:8a40:7821:500 local 2003:c8:2721:cc00:f
Re: Questions about the code commit review process
You should read tech@ mailing list archive to see many code reviews On October 29, 2022 4:28:08 PM MDT, i...@tutanota.com wrote: >Hi, > >What is the code commit review process in OpenBSD? A developer with commit >access, does his code get reviewed by other developers before a release, and >if so, is that an internal requirement? > >Thanks. > >Kind regards. >
Re: Questions about the code commit review process
On 10/29/22 18:28, i...@tutanota.com wrote: > Hi, > > What is the code commit review process in OpenBSD? A developer with commit > access, does his code get reviewed by other developers before a release, and > if so, is that an internal requirement? Code gets reviewed before committing and approvals are given by an 'ok' from other developers. The 'ok's are noted in the commit messages. aisha > > Thanks. > > Kind regards. >
Questions about the code commit review process
Hi, What is the code commit review process in OpenBSD? A developer with commit access, does his code get reviewed by other developers before a release, and if so, is that an internal requirement? Thanks. Kind regards.
Re: Installing OpenBSD on new Chromebook
Il Sab 29 Ott 2022, 01:02 Jeff Ross ha scritto: > Hi all, > > I got a nice new laptop at Costco for under $200. I did the developer > mode to get to a linux shell and installed a bunch of programs but I'd > rather just wipe the whole disk and install OpenBSD. > > All of places I'm finding with directions on how to do this are from > circa 2015 and do not work now. > > Anybody have a pointer to a more updated set of directions I can try? > > Thanks! > > Jeff Ross > There's also this detailed howto by jcs@: https://jcs.org/2016/08/26/openbsd_chromebook Bye, David
Re: Installing OpenBSD on new Chromebook
You can't just boot any old USB from a Chromebook. It has a locked down BIOS. More information here: https://mrchromebox.tech/ On 10/28/22 17:59, Jeff Ross wrote: Hi all, I got a nice new laptop at Costco for under $200. I did the developer mode to get to a linux shell and installed a bunch of programs but I'd rather just wipe the whole disk and install OpenBSD. All of places I'm finding with directions on how to do this are from circa 2015 and do not work now. Anybody have a pointer to a more updated set of directions I can try? Thanks! Jeff Ross
Re: Installing OpenBSD on new Chromebook
On 10/29/22 8:50 AM, Nick Holland wrote: On 10/29/22 10:11, Jeff Ross wrote: On 10/29/22 1:29 AM, Stuart Henderson wrote: On 2022-10-28, Gabriel Busch de Brito wrote: All of places I'm finding with directions on how to do this are from circa 2015 and do not work now. Anybody have a pointer to a more updated set of directions I can try? I suggest that you follow the installation guide at the FAQ section of the website. Chromebooks aren't standard computers and usually come with a locked-down bootloader that will need disabling to install another OS. Also if it's arm rather than x86 there will be additional challenges beyond this. So there's not enough information in the original post to give any kind of pointer. Thanks Stuart. It's an HP Chromebook 14a-na1083d with an Intel Celeron N4500 with 4G ram and 128 eMMC drive. Booting up in developer mode it tells me that it is Model LANTIS-MEXL if that helps. Just install it, see what happens. If you want a guarantee, buy me one exactly like it, and I'll do what I'm suggesting you do. :) (and then you will discover why I call model numbers "market position statements", not "unique HW configuration identification systems") Or maybe better yet, see if it will boot from an OpenBSD install image on a USB drive, if it does, set up a full OpenBSD install on a USB drive and see what happens. I've had pretty good luck with HP PC-like systems that weren't sold with "standard" operating systems on them, but past experience is no indicator yada-yada-yada. Pain points if you get past booting are likely to be wireless and graphics. If you can get it to boot from a USB drive to test, you are probably good for an install. If you can't, probably not worth the effort. There MAY be tricks you can do, but you can put a lot of time and effort into forcing something to install OpenBSD and then find out X doesn't work. Or there's no functioning network. Or both. Nick. All good points, Nick. I have tried booting it from an install USB stick with no luck. Off list I was directed to https://mrchromebox.tech and that tells me that this is at least possible, and includes the crucial step I didn't know about to enable booting from an external disk and bypassing the check for an official ChromeOS disk. I'll be noodling around with this over the weekend--hopefully I'll be able to report success and, of course, include a dmesg. Jeff
Re: Installing OpenBSD on new Chromebook
On 10/29/22 10:11, Jeff Ross wrote: On 10/29/22 1:29 AM, Stuart Henderson wrote: On 2022-10-28, Gabriel Busch de Brito wrote: All of places I'm finding with directions on how to do this are from circa 2015 and do not work now. Anybody have a pointer to a more updated set of directions I can try? I suggest that you follow the installation guide at the FAQ section of the website. Chromebooks aren't standard computers and usually come with a locked-down bootloader that will need disabling to install another OS. Also if it's arm rather than x86 there will be additional challenges beyond this. So there's not enough information in the original post to give any kind of pointer. Thanks Stuart. It's an HP Chromebook 14a-na1083d with an Intel Celeron N4500 with 4G ram and 128 eMMC drive. Booting up in developer mode it tells me that it is Model LANTIS-MEXL if that helps. Just install it, see what happens. If you want a guarantee, buy me one exactly like it, and I'll do what I'm suggesting you do. :) (and then you will discover why I call model numbers "market position statements", not "unique HW configuration identification systems") Or maybe better yet, see if it will boot from an OpenBSD install image on a USB drive, if it does, set up a full OpenBSD install on a USB drive and see what happens. I've had pretty good luck with HP PC-like systems that weren't sold with "standard" operating systems on them, but past experience is no indicator yada-yada-yada. Pain points if you get past booting are likely to be wireless and graphics. If you can get it to boot from a USB drive to test, you are probably good for an install. If you can't, probably not worth the effort. There MAY be tricks you can do, but you can put a lot of time and effort into forcing something to install OpenBSD and then find out X doesn't work. Or there's no functioning network. Or both. Nick.
Re: Installing OpenBSD on new Chromebook
As it seems to be an x86_64 machine why not try a fresh OpenBSD Live system via USB or DVD and and see what happens? https://fuguita.org/ Wolfgang On Sat, Oct 29, 2022 at 08:11:15AM -0600, Jeff Ross wrote: On 10/29/22 1:29 AM, Stuart Henderson wrote: On 2022-10-28, Gabriel Busch de Brito wrote: All of places I'm finding with directions on how to do this are from circa 2015 and do not work now. Anybody have a pointer to a more updated set of directions I can try? I suggest that you follow the installation guide at the FAQ section of the website. Chromebooks aren't standard computers and usually come with a locked-down bootloader that will need disabling to install another OS. Also if it's arm rather than x86 there will be additional challenges beyond this. So there's not enough information in the original post to give any kind of pointer. Thanks Stuart. It's an HP Chromebook 14a-na1083d with an Intel Celeron N4500 with 4G ram and 128 eMMC drive. Booting up in developer mode it tells me that it is Model LANTIS-MEXL if that helps. I can get a linux dmesg from the linux VM if that helps at all. Not sure how much the VM would represent the actual hardware though. Jeff -- "Altars are burnin' with flames far and wide The foe has crossed over from the other side They tip their caps from the top of the hill You can feel them come, more brave blood to spill" Bob Dylan: "'Cross The Green Mountain"
Re: Installing OpenBSD on new Chromebook
On 10/29/22 1:29 AM, Stuart Henderson wrote: On 2022-10-28, Gabriel Busch de Brito wrote: All of places I'm finding with directions on how to do this are from circa 2015 and do not work now. Anybody have a pointer to a more updated set of directions I can try? I suggest that you follow the installation guide at the FAQ section of the website. Chromebooks aren't standard computers and usually come with a locked-down bootloader that will need disabling to install another OS. Also if it's arm rather than x86 there will be additional challenges beyond this. So there's not enough information in the original post to give any kind of pointer. Thanks Stuart. It's an HP Chromebook 14a-na1083d with an Intel Celeron N4500 with 4G ram and 128 eMMC drive. Booting up in developer mode it tells me that it is Model LANTIS-MEXL if that helps. I can get a linux dmesg from the linux VM if that helps at all. Not sure how much the VM would represent the actual hardware though. Jeff
Re: Installing OpenBSD on new Chromebook
On 2022-10-28, Gabriel Busch de Brito wrote: > >> All of places I'm finding with directions on how to do this are from circa >> 2015 and do not work now. >> >> Anybody have a pointer to a more updated set of directions I can try? > I suggest that you follow the installation guide at the FAQ section of > the website. Chromebooks aren't standard computers and usually come with a locked-down bootloader that will need disabling to install another OS. Also if it's arm rather than x86 there will be additional challenges beyond this. So there's not enough information in the original post to give any kind of pointer. -- Please keep replies on the mailing list.
