Re: small portable for OpenBSD
On 12 June 2013 02:20, Todd T. Fries t...@fries.net wrote: I'm looking for a small (phone or slightly larger sized) computer that will run OpenBSD, has audio and wifi supported, and has a decentish battery life. I don't know exactly what is meant by decentish, but I've seen OpenBSD running a Sony VAIO P -- a grossly underpowered 1.3lb netbook with the accursed GMA500 (read: no X), and an athn for wifi. It runs for about 2-3 hours or so, and suspend works. According to the ads, it fits in an ass pocket... but also looks like a purse. (argh sony why).
frontiernet mirror
I think the openbsd.mirror.frontiernet.net mirror is stale; its most recent packages are dated Jan 8th to me. Does anyone else see this? -- Sincerely, Andrew Ngo
Re: ikev2 and (ta-da) OpenBSD road warrior host
On Thursday, October 4, 2012, Erling Westenvik wrote: On Thu, Oct 04, 2012 at 01:40:30PM +0200, Mike Belopuhov wrote: for now your only option is to use psk and a different server rule. please make sure to use different local ip addresses on the server otherwise you won't be able to match multiple policies. that's something we need to address as well. Thanks. And good luck with the implementation of IKEv2. It looks really promising! And sorry for my attempt to joke about howto's. For people like me they are sometimes a necessary evil. Toying with iked.conf for a while, I've found that the best place to start is (on the client): ikev2 active esp \ from ipv4:here to elsewhere:there \ local ipv4:here peer ipv4:there \ srcid ipv4:here dstid ipv4:there ...with (a) active and (b) srcid being important because (a) iked.conf defaults everything to passive, and (b) /etc/myname is sent as srcid, while the iked.conf manpage suggests the creation of X509 using ipv4s. Obviously this won't help with the road warrior configuration directly (since srcid is tied down) but maybe when you figure it out you can tell me how it actually works. :) -- Andrew Ngo
npppd, framed_ip_address
Hello again, On 28 September 2012 03:17, YASUOKA Masahiko yasu...@yasuoka.netjavascript:; wrote: Hi, On Thu, 27 Sep 2012 13:41:52 -0400 Andrew Ngo andrew@gmail.com javascript:; wrote: Hm. I can't seem to get npppd to map users to static addresses in the npppd-users file, after trying various permutations of pool-address ##-## for static and such. The client is an iPhone running iOS 6.0, and is definitely able to set up a working vpn over l2tp/ipsec with the npppd server (many thx, btw), but the client is then always assigned a random address from the pool (and never the static one, incidentally... but that could just be chance). Did I screw something up in the configuration or has this particular feature not been implemented yet? Has anyone else had troubles with this? The feature was broken by the my configuration syntax change work. Thank you for your report. Attached diff will fix the problem. I tested the diff and it works over here; thanks. (By the way, the daemon goes absolutely bananas if you use a framed-ip-address on a different subnet than those in the pool. Bananas! I don't recommend this error. ^^) npppd will assign ip address dynamically on that case. Can you explain your recommendation? I only managed to replicate the error using pool-address [ip4] [ip4] for static in the pre-patched npppd, so it's probably a result of the same bug. (When I said bananas, I was just talking about the deluge of unhandled option messages. :) Anyway, I've attached the output -- it looks like a consequence of npppd thinking it has no addresses to allocate. 10:15:17:NOTICE: Starting npppd pid=12849 version=5.0.0 10:15:17:NOTICE: Load configuration from='/etc/npppd/npppd.conf' successfully. 10:15:17:INFO: pppx0 Started pppx 10:15:17:INFO: Listening /var/run/npppd_ctl (npppd_ctl) 10:15:17:INFO: ipcp=IPCP pool pool=[ 172.16.2.2/31,172.16.2.4/31,172.16.2.6/32] 10:15:17:INFO: Loading pool config successfully. 10:15:17:INFO: l2tpd Listening 0.0.0.0:1701/udp (L2TP LNS) [L2TP_ipv4] 10:15:17:INFO: l2tpd Listening [::]:1701/udp (L2TP LNS) [L2TP_ipv6] 10:15:27:NOTICE: l2tpd ctrl=1 logtype=Started RecvSCCRQ from=[...]:49950/udp tunnel_id=1/38 protocol=1.0 winsize=4 hostname=Rhinoceros vendor=(no vendorname) firm= 10:15:27:INFO: l2tpd ctrl=1 SendSCCRP 10:15:27:NOTICE: l2tpd ctrl=2 logtype=Started RecvSCCRQ from=[...]:49950/udp tunnel_id=2/38 protocol=1.0 winsize=4 hostname=Rhinoceros vendor=(no vendorname) firm= 10:15:27:INFO: l2tpd ctrl=2 SendSCCRP 10:15:28:INFO: l2tpd ctrl=1 RecvSCCN 10:15:28:INFO: l2tpd ctrl=1 SendZLB 10:15:28:INFO: l2tpd ctrl=1 call=4645 RecvICRQ session_id=849 10:15:28:INFO: l2tpd ctrl=1 call=4645 SendICRP session_id=4645 10:15:28:INFO: l2tpd ctrl=1 RecvZLB 10:15:29:INFO: l2tpd ctrl=1 call=4645 RecvICCN session_id=849 calling_number= tx_conn_speed=100 framing=async 10:15:29:NOTICE: l2tpd ctrl=1 call=4645 logtype=PPPBind ppp=0 10:15:29:INFO: ppp id=0 layer=base logtype=Started tunnel=L2TP_ipv4([...]:49950) 10:15:29:INFO: l2tpd ctrl=1 call=4645 SendZLB 10:15:29:DEBUG: l2tpd ctrl=1 SendZLB 10:15:30:INFO: l2tpd ctrl=1 RecvZLB 10:15:33:INFO: ppp id=0 layer=lcp logtype=Opened mru=1360/1360 auth=MS-CHAP-V2 magic=[...]/[...] 10:15:34:INFO: ppp id=0 layer=chap proto=mschap_v2 logtype=Success username=turnip realm=LOCAL 10:15:34:NOTICE: ppp id=0 layer=base No free address in the pool. 10:15:34:NOTICE: ppp id=0 layer=base No free address in the pool. 10:15:35:INFO: ppp id=0 layer=base unhandled protocol ipv6cp, 32855(8057) 10:15:35:INFO: ppp id=0 layer=ccp CCP is stopped 10:15:35:DEBUG: ppp id=0 layer=ipcp Unhandled Option 01 10 10:15:36:DEBUG: ppp id=0 layer=ipcp Unhandled Option 01 10 10:15:36:DEBUG: ppp id=0 layer=ipcp Unhandled Option 01 10 10:15:37:DEBUG: ppp id=0 layer=ipcp Unhandled Option 01 10 10:15:38:DEBUG: ppp id=0 layer=ipcp Unhandled Option 01 10 10:15:38:DEBUG: ppp id=0 layer=ipcp Unhandled Option 01 10 10:15:39:DEBUG: ppp id=0 layer=ipcp Unhandled Option 01 10 10:15:39:DEBUG: ppp id=0 layer=ipcp Unhandled Option 01 10 10:15:40:NOTICE: l2tpd ctrl=2 timeout waiting ack for ctrl packets. 10:15:40:NOTICE: l2tpd ctrl=2 logtype=Finished 10:15:40:DEBUG: ppp id=0 layer=ipcp Unhandled Option 01 10 10:15:40:DEBUG: ppp id=0 layer=ipcp Unhandled Option 01 10 10:15:41:DEBUG: ppp id=0 layer=ipcp Unhandled Option 01 10 10:15:41:DEBUG: ppp id=0 layer=ipcp Unhandled Option 01 10 10:15:42:DEBUG: ppp id=0 layer=ipcp Unhandled Option 01 10 10:15:42:DEBUG: ppp id=0 layer=ipcp Unhandled Option 01 10 10:15:43:DEBUG: ppp id=0 layer=ipcp Unhandled Option 01 10 10:15:43:DEBUG: ppp id=0 layer=ipcp Unhandled Option 01 10 ^C 10:15:44:INFO: l2tpd ctrl=1 call=4645 SendCDN result=ADMINISTRATIVE_REASON/3 10:15:44:NOTICE: l2tpd ctrl=1 call=4645 logtype=PPPUnbind 10:15:44:NOTICE: ppp id=0 layer=base logtype=TUNNELUSAGE user=turnip duration=15sec layer2=L2TP_ipv4 layer2from=[...]:49950 auth=MS-CHAP-V2 data_in=701bytes,28packets data_out=563bytes,31packets error_in=1 error_out=0 mppe
npppd, framed_ip_address
Hm. I can't seem to get npppd to map users to static addresses in the
npppd-users file, after trying various permutations of pool-address
##-## for static and such. The client is an iPhone running iOS 6.0,
and is definitely able to set up a working vpn over l2tp/ipsec with
the npppd server (many thx, btw), but the client is then always
assigned a random address from the pool (and never the static one,
incidentally... but that could just be chance).
Did I screw something up in the configuration or has this particular
feature not been implemented yet? Has anyone else had troubles with
this?
(By the way, the daemon goes absolutely bananas if you use a
framed-ip-address on a different subnet than those in the pool.
Bananas! I don't recommend this error. ^^)
/etc/npppd/npppd-users
turnip:\
:password=[...]:\
:framed-ip-address=172.16.2.2:
/etc/npppd/npppd.conf
authentication LOCAL type local {
users-file /etc/npppd/npppd-users
}
tunnel L2TP_ipv4 protocol l2tp {
listen on 0.0.0.0
}
tunnel L2TP_ipv6 protocol l2tp {
listen on ::
}
ipcp IPCP {
pool-address 172.16.2.2-172.16.2.6
dns-servers 172.16.2.1
}
interface pppx0 address 172.16.2.1 ipcp IPCP
bind tunnel from L2TP_ipv4 authenticated by LOCAL to pppx0
bind tunnel from L2TP_ipv6 authenticated by LOCAL to pppx0
/etc/ipsec.conf
ike passive esp transport \
proto udp from pppoe0 to any port 1701 \
main auth hmac-sha1 enc 3des group modp1024 \
quick auth hmac-sha1 enc aes \
psk [...]
(npppd -d) output
3:15:21:NOTICE: Load configuration from='/etc/npppd/npppd.conf' successfully.
3:15:21:INFO: pppx0 Started pppx
3:15:21:INFO: Listening /var/run/npppd_ctl (npppd_ctl)
3:15:21:INFO: ipcp=IPCP pool
dyn_pool=[172.16.2.2/31,172.16.2.4/31,172.16.2.6/32]
pool=[172.16.2.2/31,172.16.2.4/31,172.16.2.6/32]
3:15:21:INFO: Loading pool config successfully.
3:15:21:INFO: l2tpd Listening 0.0.0.0:1701/udp (L2TP LNS) [L2TP_ipv4]
3:15:21:INFO: l2tpd Listening [::]:1701/udp (L2TP LNS) [L2TP_ipv6]
3:15:37:NOTICE: l2tpd ctrl=1 logtype=Started RecvSCCRQ
from=[...]:65293/udp tunnel_id=1/28 protocol=1.0 winsize=4
hostname=Elephant-Triumph vendor=(no vendorname) firm=
3:15:37:INFO: l2tpd ctrl=1 SendSCCRP
3:15:38:INFO: l2tpd ctrl=1 RecvSCCN
3:15:38:INFO: l2tpd ctrl=1 SendZLB
3:15:38:INFO: l2tpd ctrl=1 call=24105 RecvICRQ session_id=362
3:15:38:INFO: l2tpd ctrl=1 call=24105 SendICRP session_id=24105
3:15:39:INFO: l2tpd ctrl=1 call=24105 RecvICCN session_id=362
calling_number= tx_conn_speed=100 framing=async
3:15:39:NOTICE: l2tpd ctrl=1 call=24105 logtype=PPPBind ppp=0
3:15:39:INFO: ppp id=0 layer=base logtype=Started tunnel=L2TP_ipv4([...]:65293)
3:15:39:INFO: l2tpd ctrl=1 call=24105 SendZLB
3:15:42:INFO: ppp id=0 layer=lcp logtype=Opened mru=1360/1360
auth=MS-CHAP-V2 magic=[...]/[...]
3:15:43:INFO: ppp id=0 layer=chap proto=mschap_v2 logtype=Success
username=radish realm=LOCAL
3:15:44:INFO: ppp id=0 layer=ipcp IP Address peer=0.0.0.0 our=172.16.2.6.
3:15:44:INFO: ppp id=0 layer=base unhandled protocol ipv6cp, 32855(8057)
3:15:45:INFO: ppp id=0 layer=ccp CCP is stopped
3:15:45:INFO: ppp id=0 layer=ipcp logtype=Opened ip=172.16.2.6
assignType=dynamic
3:15:45:NOTICE: ppp id=0 layer=base logtype=TUNNELSTART user=turnip
duration=6sec layer2=L2TP_ipv4 layer2from=[...]:65293 auth=MS-CHAP-V2
ip=172.16.2.6 iface=pppx0
3:15:45:NOTICE: ppp id=0 layer=base Using pipex=yes
--
Drew
