Re: ATB.com
In the past when I've had trouble with online banking I just refused to use it
and went in person. I still do this for checks as there's no way to cash them
online without a smartphone. Thankfully my local credit union, FSB and Etrade
work fine in Firefox for everything else.
--Stephen
On Sun, May 05, 2024 at 12:49:32PM -0600, Austin Hook wrote:
> {I'm currently still using release version of 7.4}
>
> {This may be of interest mainly to residents of Alberta, Canada}
>
> ATB.COM -- (i.e. Alberta Treasury Branch) is a provincially owned bank in
> Alberta, Canada. In general it is nicer, and friendlier to use than most
> big commercial banks. Not so, anymore, with their web page.
>
> In the past 6 months is has gotten more and more difficult to sign-on
> to with Firefox and OpenBSD, as they have tried to make their sites more
> and more bullet proof.
>
> Now, starting from atb.com it's hard to even get to where one signs into
> personal banking, and to where it requests a username and password.
>
> It seems to go through an amazing number of redirects, and then gets hung
> up in the process. Sometimes, tapping different cadences with lots of
> control-R or control-F5 sequences, I can get through. It must be a matter
> of timing.
>
> I guess it works better with other operating systems and/or browsers. In
> fact I do have much better luck with Chromium + OpenBSD although not
> always.
>
> I'd prefer to use Firefox, so long as it exists semi-independently of
> monsters like Google.
>
> So, if anyone is interested, perhaps it would be nice if we could qualify
> to the ATB web page design team, what doesn't work well for everybody,
> and if anything they are doing is beyond being reasonable.
>
> I also wonder if anyone has problems with Firefox and other operating
> systems, accessing ATB.COM, and even getting to the personal sign in page.
>
> Additionally, even getting that far, doesn't guarantee one actually can
> get beyond the next sequence of redirects, when signing in. It only works
> about half the time, from that point.
>
> An additional reason, for us Albertans, to try to keep ATB.COM from going
> outside the normal bounds of web site protection, and hence making it work
> only from certain operating systems and browsers, is that the Alberta
> Government has become so sold on their toy bank, and it's website
> developers, that they have recently decided to put that team in charge of
> all the website development for the government of Alberta, which means I
> won't even be able to access my health records -- the online ability to do
> that they are so proud of
>
> Whew... apologies for that run on sentence, above.
>
> Anyone game to help push the point?
>
> Sure, this is not really just an OpenBSD project question, but the project
> does have it's origins here in Alberta
>
> One doesn't have to be a resident of Alberta to see the problem (try it)
> -- but I am curious if the trend towards using timing to allow access to
> web sites is going to become more and more common, and how to fight back.
>
> Austin
>
> Milk River, Alberta
>
>
>
>
Re: Trying to access /dev/ttyUSB0 device from VM
Since it's just UART it probably wouldn't be too hard to use openpty to to pass it through over the network. I wouldn't be surprised if someone else already did this. On Sun, Mar 17, 2024 at 02:09:11PM +, Chris Narkiewicz wrote: > Hardware passthrough is not supported by vmd. > > Best regards, > Chris Narkiewicz >
Re: Screen rotation support
Have you tried using Xrandr? On Mon, Feb 26, 2024 at 06:33:02PM +0100, Nowarez Market wrote: > Hello, > > Screen rotation is currently supported? > And what about Xfce? > > Thanks! > > > > N0\/\/@r€Z > > -- > > /\/\@rk€T >
Re: do all headphone amps work?
I haven't used a USB sound card but it looks to me like there's a standard device class for them from the USB IF (like CDC, HID, MSC etc.) so I would expect it to work unless they're doing something strange. If they don't have special drivers that are needed to make it on Windows they probably aren't. --Stephen On Thu, Feb 15, 2024 at 11:35:53AM -, beecdadd...@danwin1210.de wrote: > hi list > I have a question: do all headphones amps work on OpenBSD? I think USB > does it have some sort of driver? what do I look for? > any tips? > does sound sound well on OpenBSD? does it depend on driver/headphones? > I don't want to waste money if they don't work > > thanks best regards >
Re: OpenBSD alternative setup to ZFS on Linux or FreeBSD
I was messing with blueray a couple years ago for archiving. Last I checked it's pretty marginal in terms of cost when compared with SSDs. It's just hard to compete with the progress everyone's been making with semiconductor manufacturing. I don't think the larger capacity disks I bought are all that high quality either. I haven't checked on them lately but I suspect they won't be readable in ten years. When you add to that the complexity of the whole multisession recording thing I'm just not sure it's an improvement over hosting whatever disk is common at the current time and periodically running rsync via some mechanism to keep fresh copies of your archives. On Wed, Nov 22, 2023 at 04:49:33PM -0300, Crystal Kolipe wrote: > On Wed, Nov 22, 2023 at 08:23:40PM +0100, i...@tutanota.com wrote: > > > Once data is no longer "work in progress", archive it to write-only > > > media and take it out of the regular backup loop. > > > > What kind of write-only media do you use/recommend? > > It depends on quite a few factors including the quantity of data you need to > backup, and how much you are prepared to spend on equipment and media. > > For a home or small office user, the most accessible in terms of cost, and > useful in terms of capacity WORM device is probably a bluray disc recorder. > > There are certainly other options, including, (much), more expensive optical > disc formats such as Archival Disc, and certain LTO tapes which are not really > WORM in the strictest sense but for most purposes behave like it. > > But if you just want to "dip your toes" in to keeping physical copies of > valuable data on a disc that can't be overwritten by software and isn't > subject to the same hazards as magnetic media, then BD-R is probably the best > way in to that. > > And speaking from experience, it's _much_ more reliable than DVD-R or CD-R as > long as the discs are correctly written in the first place. > > If you search around the internet, you'll easily find a lot of negative > commentary about BD-R from people who _don't use it_. In my experience it > works quite well, and certainly can be used on OpenBSD machines with little > difficulty. > > (BD-RW can even be written as a regular block device, and doesn't require > special writing software, but that's not WORM media.) > > Oh, and punched aluminuimised tape is also quite a good choice for small > files. That'll outlast practically anything else. >
Dell C400m i830M graphics, works under OpenBSD i386 4.8 & 4.9, freees under current revs
The symptoms of the freeze are similar to those described by i915kms users, but the C400 laptop (1.2GH Pentium-M, 768M RAM) has the i830M built-in graphics. This freeze also happens with NetBSD, FreeBSD, and several Linuxes. It works, however, with OpenBSD 4.8 & 4.9. The commonality of current distros makes me think it is an X-windows issue. The i830M is mentioned in the following: The Intel 8xx and 9xx families of integrated graphics chipsets have a unified memory architecture meaning that system memory is used as video RAM. For the i810 and i815 family of chipsets, operating system support for allocating system memory is required in order to use this driver. For the 830M and later, this is required in order for the driver to use more video RAM than has been pre-allocated at boot time by the BIOS. Which makes e wonder if it is a memory issue. I can bump the Dell C400 up to 1G RAM if that will help. Is there boot time configuration(s) I can give the laptop to restrain or expand the RAM allocated to the i830M?' Ideas welcome. -Stephen
Re: Restrict SSH to local network only except for Git users?
You might consider keeping your repo in an web/http directory for pulling and having your other users submit patches to you via eg email. That way you don't need ssh exposed to the public internet at all. That's how I have my self hosted git repos set up anyway. On Thu, Jul 27, 2023 at 09:24:56AM +0900, lain. wrote: > I have a pretty nifty network setup that allows me to host from home via > WireGuard. > But there's one thing I'm struggling with. > Because for security reasons, I made it impossible for people outside > the network to connect via SSH, but for Git to function properly, I need > to allow SSH only for git@(DOMAIN) or git@(PUBLIC IP), and redirect that > to my home network so they can do stuff like "git pull", "git push", and > all the other fancy stuff. > > My pf.conf rules look like this: > > pass in quick on wg0 proto tcp from 192.168.0.0/24 to any port 22 > > pass in on $externalinterface proto tcp from any to $externalip port 22 > > rdr-to $internalip > > block in quick on egress proto tcp from any to any port 22 > > And my sshd_config: > > AllowUsers lain@192.168.0.0/24 > > AllowUsers git@(DOMAIN) > > AllowUsers git@(PUBLIC IP) > > Where exactly am I doing wrong here?
TOFU/cert pinning in libtls
I am currently implementing a simple C client for the gemini protocol[1]. All transactions are protected using TLS, with a catch: > Clients can validate TLS connections however they like (including not > at all) but the strongly RECOMMENDED approach is to implement a > lightweight "TOFU" certificate-pinning system which treats self-signed > certificates as first- class citizens. This greatly reduces TLS > overhead on the network (only one cert needs to be sent, not a whole > chain) and lowers the barrier to entry for setting up a Gemini site > (no need to pay a CA or setup a Let's Encrypt cron job, just make a > cert and go). My basic idea for the client is: - load a db of self-signed certs. - connect to host - if host cert is self signed - if not in db, prompt user and add to db - if in db, check fingerprint and warn user if they don't match. Browsing the manuals/source code, there doesn't seem to be an easy way to configure this. I don't want to have to use the OpenSSL API for this :(. P.S. Big shoutout to Bob for his tutorial[2], it's a great introduction to an awesome library! [1] https://gemini.circumlunar.space/docs/spec-spec.txt [2] https://github.com/bob-beck/libtls/blob/ -- Stephen Gregoratto
Prefered manpage idioms?
When I'm writing new manpages, I like to draw inspiration from the documentation of similar programs. The problem is that many manpages have different ways of saying the same thing, probably due to their authors and time period they were written in. So, I'd like to ask what your preferred choice is of the following common idioms I keep finding: 1. Manpage Is it: man page man-page manpage reference manual UNIX™ Programmers Manual ...on second thought, maybe not 2. Standard output Is it: Print to standard output/error tee(1) Print to the standard output/error cat(1), echo(1) Print to stdout/stderr bzcat(1) Bonus Round: Print to ... Write to ... Print on ... readlink(1) 3. Program arguments Is it: Argument echo(1) Operand printf(1), also echo(1)? -- Stephen Gregoratto PGP: 3FC6 3D0E 2801 C348 1C44 2D34 A80C 0F8E 8BAB EC8B
Re: Upgrade procedure (6.4 -> 6.5)
On 2019-05-02 11:46, Noth wrote:
> I set up a script for sysclean:
>
> cat sysclean65.txt | while read line ; do rm -rf "${line}" ; done
Nitpick, but this could be shortened to:
xargs rm -rf < sysclean??.txt
Just tested this on my server, so it should work fine.
--
Stephen Gregoratto
PGP: 3FC6 3D0E 2801 C348 1C44 2D34 A80C 0F8E 8BAB EC8B
Re: How to print nicely formatted man pages?
In my opinion I find the PostScript/PDF output from groff to be better than mandoc's, sorry Ingo :(. The font size and line spacing makes a better print, which makes sense considering that groff is a typesetting suite. The catch is that groff doesn't detect if eqn(1) or tbl(1) needs to be run for the man page, while mandoc does. You would need to use grog(1) for that. Here are some example pdf's for the 6.4 version of man(1): https://www.sgregoratto.me/paste/man-groff.1.pdf $ groff -mandoc -T pdf /usr/share/man/man1/man.1 alternatively... $ grog -T pdf --run /usr/share/man/man1/man.1 https://www.sgregoratto.me/paste/man-mandoc.1.pdf $ mandoc -T pdf /usr/share/man/man1/man.1 alternatively... $ man -T pdf 1 man You should replace 'pdf' with 'ps' if you are using a PostScript printer. It's up to you to decide which one looks better. -- Stephen Gregoratto
[UPDATE] sysutils/neofetch to 6.0.0
Neofetch has been updated to version 6.0.0. I've bumped the port number
and removed the patches, as they were pulled from upstream.
Index: sysutils/neofetch/Makefile
===
RCS file: /cvs/ports/sysutils/neofetch/Makefile,v
retrieving revision 1.3
diff -u -p -r1.3 Makefile
--- sysutils/neofetch/Makefile 4 Sep 2018 20:41:42 - 1.3
+++ sysutils/neofetch/Makefile 9 Jan 2019 07:22:09 -
@@ -2,11 +2,11 @@
COMMENT = system information tool written in bash
CATEGORIES = sysutils misc
-REVISION = 1
+REVISION = 0
GH_ACCOUNT = dylanaraps
GH_PROJECT = neofetch
-GH_TAGNAME = 5.0.0
+GH_TAGNAME = 6.0.0
MAINTAINER = Charlene Wendling
Index: sysutils/neofetch/distinfo
===
RCS file: /cvs/ports/sysutils/neofetch/distinfo,v
retrieving revision 1.1.1.1
diff -u -p -r1.1.1.1 distinfo
--- sysutils/neofetch/distinfo 18 Jul 2018 09:28:55 - 1.1.1.1
+++ sysutils/neofetch/distinfo 9 Jan 2019 07:22:09 -
@@ -1,2 +1,2 @@
-SHA256 (neofetch-5.0.0.tar.gz) = Kk9IU7+DuIoDeZTbxTqQyL1XCPXuszkvVtTknEnZlbM=
-SIZE (neofetch-5.0.0.tar.gz) = 110526
+SHA256 (neofetch-6.0.0.tar.gz) = Jkp2iVYbtJj5fxAjGVm92PfIc2cbrC/7Zg3ppYY7HHY=
+SIZE (neofetch-6.0.0.tar.gz) = 115538
Index: sysutils/neofetch/patches/patch-neofetch
===
RCS file: sysutils/neofetch/patches/patch-neofetch
diff -N sysutils/neofetch/patches/patch-neofetch
--- sysutils/neofetch/patches/patch-neofetch4 Sep 2018 20:41:42 -
1.2
+++ /dev/null 1 Jan 1970 00:00:00 -
@@ -1,96 +0,0 @@
-$OpenBSD: patch-neofetch,v 1.2 2018/09/04 20:41:42 bcallah Exp $
-
-Battery fixes. Add support for amphour and charging status.
-From upstream 71df4ffd3b20abaf21c260c5a109793d579dfa11
-
-Fix WM detection, add disk and vmm(4) support
-From upstream e07f545c26a47151236af3a3bc73acae62d87922
-
-Index: neofetch
neofetch.orig
-+++ neofetch
-@@ -1137,6 +1137,7 @@ get_model() {
-
- case "$model" in
- "Standard PC"*) model="KVM/QEMU (${model})" ;;
-+"OpenBSD"*) model="vmm (${model})" ;;
- esac
- }
-
-@@ -1474,8 +1475,13 @@ get_wm() {
- # If function was run, stop here.
- ((wm_run == 1)) && return
-
-+case "$uname" in
-+*"OpenBSD"*)ps_flags=(x -c) ;;
-+*) ps_flags=(-e) ;;
-+esac
-+
- if [[ "$WAYLAND_DISPLAY" ]]; then
--wm="$(ps -e | grep -m 1 -o -F \
-+wm="$(ps "${ps_flags[@]}" | grep -m 1 -o -F \
--e "arcan" \
--e "asc" \
--e "clayland" \
-@@ -1512,11 +1518,11 @@ get_wm() {
-
- # Window Maker does not set _NET_WM_NAME
- [[ "$wm" =~ "WINDOWMAKER" ]] && wm="wmaker"
--
- # Fallback for non-EWMH WMs.
- [[ -z "$wm" ]] && \
--wm="$(ps -e | grep -m 1 -o -F \
-+wm="$(ps "${ps_flags[@]}" | grep -m 1 -o -F \
--e "catwm" \
-+ -e "fvwm" \
--e "dwm" \
--e "2bwm" \
--e "monsterwm" \
-@@ -3084,9 +3090,20 @@ get_disk() {
-
- # Create an array called 'disks' where each element is a separate line
from
- # df's output. We then unset the first element which removes the column
titles.
--IFS=$'\n' read -d "" -ra disks <<< "$(df "${df_flags[@]}"
"${disk_show[@]:-/}")"
--unset "disks[0]"
--
-+if [[ "$uname" == "OpenBSD" ]]; then
-+# On OpenBSD you can't use df against a /dev/... unless being root or
-+# in the 'operator' group. Making a separate disks array creation.
-+df_flags=(-h)
-+# building an AWK regexp
-+disk_re="${disk_show[*]:-/}"
-+disk_re="${disk_re// /\|}"
-+disk_re="^(${disk_re//\//\\\/})\$"
-+IFS=$'\n' read -d "" -ra disks <<< "$(df "${df_flags[@]}" | \
-+awk -v disk_re="$disk_re" '(NR > 1) && ($1 ~ disk_re || $6 ~
disk_re)')"
-+else
-+IFS=$'\n' read -d "" -ra disks <<< "$(df "${df_flags[@]}"
"${disk_show[@]:-/}")"
-+unset "disks[0]"
-+fi
- # Stop here if 'df' fails to print disk info.
- [[ -z "${disks[*]}" ]] && {
- err "Disk: df failed to print the disks, make sure the disk_show
array is set properly."
-@@ -3179,12 +3196,19 @@ get_battery() {
- ;;
-
- "OpenBSD"* | "Bitrig"*)
--battery0full="$(sysctl -n hw.sensors.acpibat0.watthour0)"
--battery0full="${battery0full/ Wh*}"
-+battery0full="$(sysctl -n hw.sensors.acpibat0.watthour0\
-+hw.sensors.acpibat0.amphour0)"
-+battery0full="${battery0full%% *}"
-
--battery0now="$(sysctl -n
Re: Help with LibreSSL manpages
Thanks for your response Ingo. I think I'll start with the missing functions and go through them by order of length. I'll try and peruse through the ports and check for any examples. Speaking of functions: I'm trying to generate a list of each function, the source file it's defined in and the corresponding line number, similar to the format of `grep -n`. Is there a way to force ctags to output in some tabular format that can be AWK'd? The -x option isn't cutting it for me. -- Stephen Gregoratto
Help with LibreSSL manpages
Hello, I've recently been getting into (re)writing my manpages using mdoc(7), and came across Ingo's talk about mandoc/LibreSSL [1]. In it he mentioned that there are still some functions to document and many pages need a couple of goes over (specifically openssl(1)). Now I've never developed for Open/LibreSSL, and have an OK knowledge of C, but I do have a bit of free time over Christmas and would be happy to help out in any way. Would I need to fully grok the code before I could write the docs? [1] https://www.openbsd.org/papers/eurobsdcon2018-mandoc.pdf -- Stephen Gregoratto
Re: Best way to serve files to Windows?
Hey guys. Just wanted to let you know about the security aspect. Anything on SMB is passed completely in the clear. You can actually use Wireshark to carve files directly out of PCAP that have SMB traffic. On Wed, Jul 25, 2018 at 1:56 PM Adam Thompson wrote: > On 2018-07-18 09:35, Tom Smyth wrote: > > Hi John, > > You would need microsoft services for unix (SFU) for NFS connectivity > > FYI - so no-one goes haring off in the wrong direction. > > SFU is the server-side component, equivalent to running nfsd(8). > > On the client side, only certain editions of Windows can speak NFS: > - Windows 10 *Enterprise* can mount remote NFS shares. > - Windows 7 *Ultimate* can mount remote NFS shares. > (No idea about Win8, sorry.) > > Win10Ent, at least, has flexible authentication options, but IIRC > defaults to uid=0/gid=0 (gee, thanks). It prefers to use Kerberos > security, which won't work with OpenBSD's NFS server. It's possible to > make this work reasonably well, but it takes a fair bit of time. > > So, as everyone else said, you're better off running Samba on your > OpenBSD system. Have fun. > -Adam > >
panic: aml_die on 6.0/amd64 (Intel N3050)
Just did a fresh install of 6.0/amd64 on my HP 250 G4 laptop with Celeron N3050 CPU. 5.9 was working, but 6.0 panics on the first boot immediately after installing base sets. I took pictures with cellphone digital camera; it's the only one I have. The first images are cut off a little, so I took them again at the very end. In order, there is: - panic - dmesg - trace - ps - machine acpi tree; didn't know there would be so many screens! - (and again everything before the acpi tree) Maybe I screwed up, but "machine ddbcpu 0" says: Invalid cpu 0, and "machine ddbcpu 1" just hangs the system. Here's a link to tarball with the 288 pictures. It's named HP250G4_N3050.tar.gz with size 196,539,398 bytes. https://www.sendspace.com/file/yltbuc
xenocara build on fresh install
hi, I am just curious if the defaults (namely the disk sizes) are supposed to be sufficient for building xenocara after a fresh install. i attempted to do so following release(8) and it ended unsuccessfully due to the drive/filesystem being full. (it does seem to have almost finished, by the way) All I have done else in the system is pulling source and making according to the faq5 page. This is after skipping the "release" part and moving on to building xenocara. Let me know what else i need to include for assist.
Re: fresh install of 6.0 - cvs
Thanks again for all the help! I just finished a fresh install, logged in as root and updated the wsrc group on my user, then after login as the user was able to start up CVS with no issue at all. Just wanted to verify. On Fri, Sep 9, 2016 at 10:33 AM, Theo Buehler <t...@math.ethz.ch> wrote: > On Fri, Sep 09, 2016 at 10:19:21AM -0400, Stephen Trotter wrote: > > Aha, this is probably what was going on. I used su to add my user to the > > group, then had just exited to my user shell to continue with the faq. > > I'll probably do a fresh install and ensure it works out, and to make > sure > > I don't have any issues with CVS. Thanks for the help! > > I added a couple of clarifications to faq5.html and anoncvs.html to > avoid this confusion in the future. Thanks for the report.
Re: fresh install of 6.0 - cvs
Aha, this is probably what was going on. I used su to add my user to the group, then had just exited to my user shell to continue with the faq. I'll probably do a fresh install and ensure it works out, and to make sure I don't have any issues with CVS. Thanks for the help! Stephen J. Trotter On Fri, Sep 9, 2016 at 9:38 AM, Christian Weisgerber <na...@mips.inka.de> wrote: > On 2016-09-09, Theo Buehler <t...@math.ethz.ch> wrote: > > > I tried myself on a fresh install, added my user to wsrc, and I can > > confirm that I got permission errors (write permissions denied to > > /usr/src) which went away after logging out and logging in again. > > Yes, you have to login again for the new group membership to be > active. > > -- > Christian "naddy" Weisgerber na...@mips.inka.de
Re: fresh install of 6.0 - cvs
Also I should mention that I was able to get the commands to work by going into /usr/src and running from there, but did find afterward that a new copy of src was put into the folder ( i.e. /usr/src/src/ ) so I did end up moving everything up a directory. I am not sure, will this affect cvs in the future, or should I be ok as long as I run it with the full command to pull the src, from /usr (oppossed to running the update command first)? On Sep 9, 2016 8:04 AM, "Stephen Trotter" <stephen.j.trot...@gmail.com> wrote: > Raf, > > Yes I was attempting to follow the instructions and was logged in as my > user, not as root. And I was pulling the src from cvs (for the first time) > and using the -r option for the stable version. > > Theo, > > The user is a member of wsrc. That was part of the reason I was so > confused at the time. (I can't verify with id at the moment, but I did > check /etc/group to ensure the user was listed under wsrc.) > > I suspect that /usr is not owned by wsrc possibly, and that cvs was trying > to write to /usr but I cannot confirm right now. When I am able to, I will > run cvs again without the -q option and see if there is any extra detail I > can include. > > Thanks, will reply again when I can run those. > > (As a side note, should doas be enabled by default? I don't recall any > instruction in the faq on setting it up, but when I try to use it, it > fails.) > > On Sep 9, 2016 1:20 AM, "Theo Buehler" <t...@math.ethz.ch> wrote: > >> On Fri, Sep 09, 2016 at 12:54:05AM -0400, Stephen Trotter wrote: >> > hi, >> > i was attempting a fresh install of 6.0 and got to the part where you >> pull >> > the source tree and update the system to stable. >> > i was stuck because the faq states you can (should) use a regular user >> with >> > cvs, and i kept getting a permission error from cvs when attempting to >> run >> > from /usr >> > so, just wondering if anyone else was getting this, or if there is >> > something that i missed. >> > >> >> Is your user member of the group wsrc? Use id(1), for example. >> >> By default, /usr/src is owned by root:wsrc with permissions 0775. This >> means that you need to be root or a member of group wsrc in order to >> write to it. FAQ 5 'avoiding root' tells you how to add your user to >> wsrc before running cvs: user mod -G wsrc youruser
Re: fresh install of 6.0 - cvs
Raf, Yes I was attempting to follow the instructions and was logged in as my user, not as root. And I was pulling the src from cvs (for the first time) and using the -r option for the stable version. Theo, The user is a member of wsrc. That was part of the reason I was so confused at the time. (I can't verify with id at the moment, but I did check /etc/group to ensure the user was listed under wsrc.) I suspect that /usr is not owned by wsrc possibly, and that cvs was trying to write to /usr but I cannot confirm right now. When I am able to, I will run cvs again without the -q option and see if there is any extra detail I can include. Thanks, will reply again when I can run those. (As a side note, should doas be enabled by default? I don't recall any instruction in the faq on setting it up, but when I try to use it, it fails.) On Sep 9, 2016 1:20 AM, "Theo Buehler" <t...@math.ethz.ch> wrote: > On Fri, Sep 09, 2016 at 12:54:05AM -0400, Stephen Trotter wrote: > > hi, > > i was attempting a fresh install of 6.0 and got to the part where you > pull > > the source tree and update the system to stable. > > i was stuck because the faq states you can (should) use a regular user > with > > cvs, and i kept getting a permission error from cvs when attempting to > run > > from /usr > > so, just wondering if anyone else was getting this, or if there is > > something that i missed. > > > > Is your user member of the group wsrc? Use id(1), for example. > > By default, /usr/src is owned by root:wsrc with permissions 0775. This > means that you need to be root or a member of group wsrc in order to > write to it. FAQ 5 'avoiding root' tells you how to add your user to > wsrc before running cvs: user mod -G wsrc youruser
fresh install of 6.0 - cvs
hi, i was attempting a fresh install of 6.0 and got to the part where you pull the source tree and update the system to stable. i was stuck because the faq states you can (should) use a regular user with cvs, and i kept getting a permission error from cvs when attempting to run from /usr so, just wondering if anyone else was getting this, or if there is something that i missed.
spreed server
Has anyone tried to build the spreed server? https://github.com/strukturag/spreed-webrtc I tried, but the configure would not run with openbsd automake, autoconf and m4 packages. When I loaded the GNU equivalents, the configure ran but the makefile produced did not work, probably because the openbsd packages were not used.
vm example
Does anyone have an example of setting up vm? I am running into a problem with /dev/vmm not configured when trying to run vmd. (OpenBSD 5.9, amd64)
openBSD 5.8 php 5.6 Zend opcache
It would seem that Zend opcache has been dropped from php 5.6. Is this correct?
Re: Best OpenBSD cloud hosting?
On 10/09/13 03:16, openda...@hushmail.com wrote: Can anyone recommend a decent OpenBSD cloud hosting provider? RootBSD are quite good, I have been using them for a few years now with zero downtime. A bit more pricey compaired to Digital Ocean, but they are solid and support new releases rather quickly. http://www.rootbsd.net/services/virtual-servers-vps/
Bridge0 Oerrs with throughput speed issues
Hi Everyone, We are having a bridge and throughput issue with a live network bridge on an Openbsd 4.6 firewall here. root@luigi:/var/tmp# uname -a OpenBSD luigi 4.6 GENERIC.MP#89 i386 There are no errors on any other interface. Some interfaces are autoneg and some are full 100 statically set. (Normally I associate network errors with negotiation mismatch however I'm baffled how this can happen with a bridge) root@luigi:/var/tmp# netstat -i NameMtu Network Address Ipkts IerrsOpkts Oerrs Colls lo0 33200 Link 235579 0 235579 0 0 lo0 33200 localhost localhost 235579 0 235579 0 0 lo0 33200 localhost/1 localhost 235579 0 235579 0 0 lo0 33200 ::%lo0/ ::1%lo0 235579 0 235579 0 0 em0 1500 Link 00:10:f3:17:4e:a4 236952003 0 165182021 0 0 em0 1500 PUBLICIPPUBLICIP236952003 0 165182021 0 0 em0 1500 ::%em0/ ::210:f3ff:fe 236952003 0 165182021 0 0 em1 1500 Link 00:10:f3:17:4e:a5 38812715 0 50562554 0 0 em1 1500 PUBLICIPPUBLICIP 38812715 0 50562554 0 0 em1 1500 ::%em1/ ::210:f3ff:fe 38812715 0 50562554 0 0 em2 1500 Link 00:10:f3:17:4e:a6 118364373 0 173760105 0 0 em2 1500 luigi luigi 118364373 0 173760105 0 0 em2 1500 ::%em2/ ::210:f3ff:fe 118364373 0 173760105 0 0 em3 1500 Link 00:10:f3:17:4e:a7 6999857 0 4641310 0 0 em3 1500 ::%em3/ ::210:f3ff:fe 6999857 0 4641310 0 0 em4 1500 Link 00:10:f3:17:45:340 00 0 0 em4 1500 ::%em4/ ::210:f3ff:fe0 00 0 0 em5 1500 Link 00:10:f3:17:45:35 109416806 0 71962889 0 0 em5 1500 luigi luigi 109416806 0 71962889 0 0 em5 1500 ::%em5/ ::210:f3ff:fe 109416806 0 71962889 0 0 em6 1500 Link 00:10:f3:17:45:36 72358472 0 110481545 0 0 em6 1500 ::%em6/ ::210:f3ff:fe 72358472 0 110481545 0 0 em7 1500 Link 00:10:f3:17:45:37 9561263 0 14093518 0 0 em7 1500 ::%em7/ ::210:f3ff:fe 9561263 0 14093518 0 0 enc0* 1536 Link 0 00 0 0 bridge0 1500 Link207310432 0 344961456 *55542 *0 pflog0 33200 Link 0 0 135303 0 0 (Note the 55542 in Oerrs above) root@luigi:/var/tmp# cat /etc/bridgename.bridge0 add em0 add em1 add em3 add em4 add em6 add em7 up root@luigi:/var/tmp# netstat -m 1397 mbufs in use: 1373 mbufs allocated to data 2 mbufs allocated to packet headers 22 mbufs allocated to socket names and addresses 713/1822/6144 mbuf 2048 byte clusters in use (current/peak/max) 0/8/6144 mbuf 4096 byte clusters in use (current/peak/max) 0/8/6144 mbuf 8192 byte clusters in use (current/peak/max) 0/8/6144 mbuf 9216 byte clusters in use (current/peak/max) 0/8/6144 mbuf 12288 byte clusters in use (current/peak/max) 0/8/6144 mbuf 16384 byte clusters in use (current/peak/max) 0/8/6144 mbuf 65536 byte clusters in use (current/peak/max) 4468 Kbytes allocated to network (39% in use) 0 requests for memory denied 0 requests for memory delayed 0 calls to protocol drain routines I have upped the states incase that was an issue root@luigi:/var/tmp# pfctl -sm stateshard limit 20 src-nodes hard limit1 frags hard limit 5000 tableshard limit 1000 table-entries hard limit 20 root@luigi:/var/tmp# ifconfig bridge0 bridge0: flags=41UP,RUNNING mtu 1500 priority: 0 groups: bridge Would anyone have any ideas what I can try to see what is causing this issue? I have already tried disabling pf with pfctl -d however it doesnt make a difference. Also goggling around shows up practically nothing resembling. Any help would be very much appreciated! Many thanks! Stephen
Re: Kerberos disabled in SSH now?
Kerberos is disabled per default in SSH now? Any plans to enable it again? I would also like to know about this (was a nasty surprise when I couldn't log into work after a snapshot upgrade!). Are there also plans to remove this from openssh-portable, or is this just limited to OpenBSD's ssh? -Steve
Re: Tricks for install OpenBSD under Virtualbox, host Windows XP
https://www.virtualbox.org/ticket/639#comment:9 On Sun, Jan 6, 2013 at 5:12 PM, Aaron Mason simplersolut...@gmail.comwrote: On Mon, Jan 7, 2013 at 7:06 AM, Steve Williams st...@williamsitconsulting.com wrote: Hi, After recently reading (on this list) about how OpenBSD runs under Virtualbox, I thought I would take it for a test drive on my laptop so I can work in OpenBSD while away on business don't have access to the Internet. My laptop is a Dell Latitude E6500 with a Intel(R) Core(TM)2 Duo CPU (P8600). I have enabled the Virtualization support in the bios. The host system is Windows XP. When I start VirtualBox, I get a dialogue box that says: - VT-x/AMD-V hardware acceleration has been enabled, but is not operational. Certain guests (e.g. OS/2 and QNX) require this feature. Please ensure that you have enabled VT-x/AMD-V properly in the BIOS of your host computer. - When I got this message, I disabled the Enable VT-x/AMD-V in the settings of the VM for OpenBSD, but I still get that message. It's a bit confusing. I am trying to install OpenBSD-current (downloaded January 6, 2013). It will get various distances into installing before I get an error. I've even got as far as defining the partitions and the format starting, but it either gives an Illegal Instruction, or a kernel panic. The Intel website indicates it supports VT-x (http://ark.intel.com/products/35569?wapkw=core+2+duo+p8400) Any suggestions/tricks, or am I just out of luck with this combination of hardware/guest OS/OpenBSD? Thanks, Steve Did you try a stable version? It could be an issue with the snapshot you're using. -- Aaron Mason - Programmer, open source addict I've taken my software vows - for beta or for worse -- You know, I used to think it was awful that life was so unfair. Then I thought, wouldn't it be much worse if life were fair, and all the terrible things that happen to us come because we actually deserve them? So, now I take great comfort in the general hostility and unfairness of the universe.
Re: login_radius support for encrypted authentication type?
I haven't worked with OpenBSD in this context, but I've setup 802.1X auth for layer-2 wireless. It's LDAP backed. We happen to also run a samba3 domain, so LDAP also stores NTLM hashes. I'm not a radius expert, but the only mechanism that seems to be able to deal with non clear passwords seem to have to deal with NTLM hashes. If there isn't a way to pass the auth request through some kind of layer that will give you a pass/fail response, I'm pretty sure you're stuck with having to store your radius passwords in the clear. -Stephen
Re: XenServer and re0 watchdog timeout
e1k works great with OpenBSD whether regardless of what hypervisor framework is sitting in front of qemu. Until my plan to port the virtio NIC to OpenBSD grows beyond mere intent, its your best option. -S -- You know, I used to think it was awful that life was so unfair. Then I thought, wouldn't it be much worse if life were fair, and all the terrible things that happen to us come because we actually deserve them? So, now I take great comfort in the general hostility and unfairness of the universe.
4.8 breaks ral (hostap) for me
Running 4.8 patch/stable with all updated, apm disable via config, upgraded from 4.7 patch/stable. Any time ral0 is initialized (in hostap mode) using, say, sh /etc/netstart, the following message is shown on the console: ral0: timeout waiting for BBP The code shows that when this happens, the device initialization is aborted and EIO error is returned, making 4.8 patch/stable useless for running the box as a wireless access point using ral. This may ordinarily point to hardware failing except for two things: 1. checking the code shows that the busy bit is actually cleared because no cannot read from BBP message is seen, only a 0 is returned from the version flash read. My guess is that some firmware is being loaded wrong onto the hardware in 4.8? ...and 2. ral0 initializes just fine without the timeout using either my previous 4.7 kernel, or the -current kernel which I am running now. The relevant parts of dmesg (relevant imho; if there is more that is needed, please advise) are: ral0 at pci0 dev 14 function 0 Ralink RT2561S rev 0x00: irq 3, address 00:24:1 d:39:f6:84 ral0: MAC/BBP RT2561C, RF RT2527 Also, pcidump -v shows for this device: 0:14:0: Ralink RT2561S 0x: Vendor ID: 1814 Product ID: 0301 0x0004: Command: 0017 Status ID: 0410 0x0008: Class: 02 Subclass: 80 Interface: 00 Revision: 00 0x000c: BIST: 00 Header Type: 00 Latency Timer: 20 Cache Line Size: 08 0x0010: BAR mem 32bit addr: 0xe380 0x0014: BAR empty () 0x0018: BAR empty () 0x001c: BAR empty () 0x0020: BAR empty () 0x0024: BAR empty () 0x0028: Cardbus CIS: 0601 0x002c: Subsystem Vendor ID: 1458 Product ID: e934 0x0030: Expansion ROM Base Address: 0x0038: 0x003c: Interrupt Pin: 01 Line: 03 Min Gnt: 00 Max Lat: 00 0x0040: Capability 0x01: Power Management I don't know what to do next here. I am understandably very apprehensive about running a -current kernel on top of a 4.8 stable userland. I don't want to be running -current at all. I was thinking about posting a bug using sendbug but that seems a bit pointless considering that I am right now running the -current kernel. The best case scenario would be for whomever knows what causes the -current kernel to work in this instance to post what relevant changes there are (or a patch?) or better yet, post a patch to the errata so I can go back to a 4.8 stable kernel with the patch. What is interesting about this is that I can't find any other mention of this problem anywhere else on the Internet. I would have thought that a lot of people would be running ral0 as an access point and would have found this. If this is only local to me, I would sure appreciate any advice on how to track this down.
enquiries : docstore.mik.ua
We found your contact email from docstore.mik.ua My name is Stephen Lee and I come from China, Hong Kong. May I have your company purchase department contact information ? I thought to send you details of our LCD Products, believing your business may benefit from using them. Also, these products design are for any business retail store, shop and boutique. Our products are: A. Digital LCD Display with internal media player from 19, 32, 40, and 46 inch. (use in Windows Display) B. 7 inch LCD Player with motion Sensor (use in Goods Shelves) These products is using in store. Function: Promote products, Increase 20-30% sales, Attract customers and help the customers to make decisions based on the information gained from the LCD displays. We can send you a market research report and products information to your company purchase department for reference. Thanks for your help. I am apologize for any inconvenience and appreciate your patience. Sincerely, Stephen YK Lee AVAST Anti-Virus Check in: 11/3/2010 3:07:00 [demime 1.01d removed an attachment of type image/jpeg which had a name of 201026b.jpg] [demime 1.01d removed an attachment of type image/jpeg which had a name of 201026f.jpg] [demime 1.01d removed an attachment of type image/jpeg which had a name of 201026a.jpg] [demime 1.01d removed an attachment of type image/jpeg which had a name of 201026g.jpg]
Re: Delete packages with dependencies
Luis Useche wrote: It seems like an additional information should be added to the package database. A bit indicating if the package was installed manually by the user (admin?) or not. Then, the package can only be deleted if the the user explicitly say so as oppose to automatic deletion as dependency. That might be a solution if you're stricly using package/ports. But consider what happens when you manually build and install other programs that came in the form of plain old source code tarballs (make make install, etc.) Most of these programs will have library dependencies and some of those libraries will have already been installed as dependencies of official packages. If you remove the whole shebang (a package and all its unique deps) then your custom-built programs won't find some of their libs anymore...
Re: Experience with GA-MA74GM or any other AMD 740G chipset motherboard?
Hey Daniel, I've been playing around with OpenBSD amd64 on a Gigabyte GA-MA78GPM-DS2H (which is a similar chipset, but not identical) using a Phenom X3. Everything seems to work fairly well. Video works with radeonhd. The on-board azalia works well, but seems a bit noisy (obviously not a OpenBSD problem). The on-board re NIC works fine. AHCI works well on the southbridge, but I was having problems getting hotpluging working with my eSATA drive -- I couldn't manage to reset the bus to detect the new drive without a reboot. Otherwise the system board seems to work fairly well. Feel free to shoot me a message if you have any other questions. Take care, Steve On Thu, Dec 04, 2008 at 11:31:51AM +0100, Schvberle Daniel wrote: Hi! I'm planning to get a Gigabyte GA-MA74GM-S2H or GA-MA74GM-SH (basically the same motherboard). The goal is to make a green, lowpower NAS, so I'm mostly interested in SATA and LAN experiences concerning this or similar boards. If you tried it, please write couple of lines describing the good/bad stuff. Thank you for your time! -- Schvberle, Daniel AAM Technologies Kft. IT Architect http://www.aamtech.hu ---
Re: UPDATE: mozilla-firefox-3.0
Jason LaRiviere wrote: The current breed of standards-based web developers - which in my estimation form the bulk of all web developers currently doing anything anyone is seeing, and of which I am fairly representative, would think nothing of the sort. Truly well-versed web developers find cross-browser issues bothersome, but far from insurmountable; certainly not worthy of abandoning xhtml, css and javascript for something with funny names and registered trademarks. [...] At a bank? Yeesh... Even javascript is completely unnecessary in many cases. I've yet to see an online banking system that's usable via /usr/bin/lynx, even though the browser supports both SSL and cookies. And we're talking about a site you log into specifically to shift numbers around... There need not be any images, videos, scripts, or other bloat... -- Stephen Takacs [EMAIL PROTECTED] http://perlguru.net/ 4149 FD56 D078 C988 9027 1EB4 04CC F80F 72CB 09DA
xbase43 and friends, no MD5 checksums?
Hello The MD5's for the X packages seem to be missing from the distribution directories for 4.3 and snapshots. $ wget ftp://ftp.openbsd.org/pub/OpenBSD/snapshots/i386/MD5 --21:15:35-- ftp://ftp.openbsd.org/pub/OpenBSD/snapshots/i386/MD5 = `MD5' Resolving ftp.openbsd.org... 129.128.5.191 Connecting to ftp.openbsd.org|129.128.5.191|:21... connected. Logging in as anonymous ... Logged in! == SYST ... done.== PWD ... done. == TYPE I ... done. == CWD /pub/OpenBSD/snapshots/i386 ... done. == PASV ... done.== RETR MD5 ... done. Length: 1,022 (unauthoritative) 100%[=] 1,022 --.--K/s 21:15:37 (48.73 MB/s) - `MD5' saved [1022] $ cat MD5 MD5 (INSTALL.i386) = 26e66fc1aa0b68b274582001aff86765 MD5 (INSTALL.linux) = 34ab7e52e8b1ed96682349a2f0addcce MD5 (base43.tgz) = 475e7a71806e34692cc0e1de2023e8df MD5 (bsd) = 4535e9ca3ae9c2a28e66572647dae575 MD5 (bsd.mp) = 67d3cb13f153a453070979c63fd8f3f6 MD5 (bsd.rd) = db61e290b64f808e20ff5c8ea8ba8ae0 MD5 (cd43.iso) = 023bec19edba5ca92dd86fefabeda8a0 MD5 (cdboot) = 63ea5cdbd08f4a3a4b6dbcab0d940beb MD5 (cdbr) = 3bf8bb332496c08a9a2c777cb7321c76 MD5 (cdemu43.iso) = dfceeda7a3f91c1920c93e203315424a MD5 (comp43.tgz) = e269e6e552b26696bb677f14e0654d2d MD5 (etc43.tgz) = d00c787ce5d94335dc9ba878fad27219 MD5 (floppy43.fs) = 9df4b61cbdd39f7db74507292fbfe5b8 MD5 (floppyB43.fs) = 96115591166595248ac3ffdd893885be MD5 (floppyC43.fs) = 0fcfe979a533328c28d5f0a795ddd011 MD5 (game43.tgz) = ed6e22ea0fa41da78a776713344755a3 MD5 (install43.iso) = 08f7e2c21515e9b1519d0f1f65a82de5 MD5 (man43.tgz) = 05c38c7ac423278cbba61defb101cfc7 MD5 (misc43.tgz) = de883362db26d70dd183ff54bdb13cce MD5 (pxeboot) = aad938e673c5eacb1f28cbf14b480100
Re: usb gamepads
So I ended up bying a Logitech Dual Action for $15 at a local store. This is what shows up in dmesg: uhidev2 at uhub1 port 2 configuration 1 interface 0 Logitech Logitech Dual Action rev 1.10/3.00 addr 2 uhidev2: iclass 3/0 uhid0 at uhidev2: input=8, output=7, feature=5 All the buttons and analog sticks work okay. I tried it with bzflag, zsnes and generator (r3, the r2 package didn't work with it). I was also going to try xmame, but the compile bombed and I didn't spell FLAVOR correctly anyway (used the british spelling... oops). Well anyway it's a nice piece of hardware for the price! -- Stephen Takacs [EMAIL PROTECTED] http://perlguru.net/ 4149 FD56 D078 C988 9027 1EB4 04CC F80F 72CB 09DA
usb gamepads
Do they work on OpenBSD? I don't see any mention of them in the FAQ or man pages. It looks like some of the ports (generator, zsnes, xmame) link against usbhid, but others (snes9x) don't. Any hardware recommendations? -- Stephen Takacs [EMAIL PROTECTED] http://perlguru.net/ 4149 FD56 D078 C988 9027 1EB4 04CC F80F 72CB 09DA
Re: Firefox 2.0.0.12
Matthew Szudzik wrote: What alternatives to firefox do you suggest? /usr/bin/lynx is actually pretty good for a lot of things, and if you rebuild it with '--enable-externs', it can launch scripts or another browser on the current page or current link. It even has an almost foolproof advertisement filter built-in. Only google has managed to break that filter. :-) On the graphics side, links+ is excellent. It's blazing fast compared to everything else, and makes firefox look like a bloated pig. Unfortunately its Javascript implemention is almost non-existent. Because of that, you might not be able to use it to login to your online banking site, so keep the pig around (but only use it for the bank website). -- Stephen Takacs [EMAIL PROTECTED] http://perlguru.net/ 4149 FD56 D078 C988 9027 1EB4 04CC F80F 72CB 09DA
Re: The REAL reason we use OpenBSD
Chris Kuethe wrote: not if you're using sed... or Perl. :-) Anyway, ex-Linux user here... I switched to OpenBSD after nearly a decade of various distros because I got tired of recompiling kernels with security patches and otherwise wasting much of my time searching through outdated HOWTOs and placeholder man pages (no joke!) And yeah, the command line is fun, but it's also invaluable. I once visited a Linux shop where they had this motto: automation is excellence. The founder was very proud of his motto, and kept repeating it constantly. But I think their sights were set much too low, because automation is something that should be considered a given, as without it any meaningful business operation falls apart after a certain scale is reached. -- Stephen Takacs [EMAIL PROTECTED] http://perlguru.net/ 4149 FD56 D078 C988 9027 1EB4 04CC F80F 72CB 09DA
Re: zombies - half solved
Lars wrote:
But the second question still stands, is there a generic way to prevent
the formation of zombies? The cause in this specific case is a
perl-based CGI script called by apache2.
The easiest way might be to let perl auto-reap the children for you.
It's as simple as prepending this line within the block that spawns the
child processes:
local $SIG{CHLD} = 'IGNORE'; # straight outa perlipc(1)
One thing to watch out for though is that you may get weird side effects
if you set this and then use system() in the same scope. If so, just
use wait/waitpid instead (it's only a few more lines of code).
--
Stephen Takacs [EMAIL PROTECTED] http://perlguru.net/
4149 FD56 D078 C988 9027 1EB4 04CC F80F 72CB 09DA
Route-based VPN - Fortigate to OpenBSD
Chris Jones writes: A while back I attempted to setup a route-based VPN tunnel between a Fortigate firewall and an OpenBSD firewall with no success. I now have the need to get this to work and wondering if someone on the list can shed some light on the configuration. The end goal is to have a gif(4) interface run over IPSec so that I can use a dynamic routing protocol to route traffic to remote VPN networks. As far as a OpenBSD is concerned when it talks to a FortiGate/Netscreen both are using tunnel mode IPsec. The difference is that FortiGate/Netscreen implement it in such away that a virtual interface is created so that you can route over it. To do the equivalent under OpenBSD you'd either :- * implement an equivalent kind of IPsec network device in the OpenBSD kernel (enc0 is starting point) and modify the IKE daemon to know about it. * Modify the IKE daemon so that when it negotiates tunnel mode then on the OpenBSD side it add transport mode IPsec SAs and creates or binds to a gif device. If you are wondering why FortiGate/Netscreen do things the way they do then it comes down to ease of configuration. For years under Cisco IOS the way to do what you want a combination of transport mode IPsec and GRE interface. Not particularly difficult to setup but still more complicated that it needed to be if all you want is a VPN that you can route over. So Cisco IOS now supports an IPsec interface so that you can forget about transport mode and GRE (unless your talking to *BSD/Linux) and just define your tunnel mode IPsec and you can get an interface to route over.
Re: openbsd's perl and thread support
Thomas Delaet [EMAIL PROTECTED] wrote: I want to use perl's threads module. It seems that this is not supported on OpenBSD (4.0 but since the perl version is the same in 4.1 and 4.2, I guess this problem still exists). You'll have to rebuild perl from source if you want threads. It's a fairly painless but somewhat lengthy process if this is your first time. Check out the INSTALL file in /usr/src/gnu/usr.bin/perl - it explains everything. Perl threads on Unix aren't nearly as useful as on platforms like Win32 that don't have a native fork(), and even there you have to be careful because Perl's threads are not at all lightweight. You can easily end up with processes that have huge memory footprints if you don't exert extreme caution. Also some modules aren't safe to use in multiple threads. Another alternative that's cross-platform and perhaps more robust is POE (http://poe.perl.org). This is just a CPAN module, so you don't have to rebuild perl in order to use it. -- Stephen Takacs [EMAIL PROTECTED] http://perlguru.net/ 4149 FD56 D078 C988 9027 1EB4 04CC F80F 72CB 09DA
Re: A (pf?) puzzler -- a single device invisible on the other side of an IPsec tunnel
knitti wrote: On 10/19/07, Stephen Bosch [EMAIL PROTECTED] wrote: Other things I've tried: - moving the Jetdirect to a different port on the same physical switch - a variety of static and dynamic IPs in the subnet I also forwarded the external port 9100 to this print server and tried to access it from a public host, but this didn't work either. This leads me to suspect a peculiar interaction between OpenBSD 4.1 and this particular print server. Of course, it might well be the fault of HP's IP stack, but I've already talked to them at great length and got pretty much nowhere: We don't support JetDirect over WAN connections. look with tcpdump, whether the packets of the printserver look like you expect. perhaps it only has a ttl of 1 or 2 ;-) No -- the damn thing is doing ARP for the remote address, even though it has a gateway configured. The stupid thing is that this same model of printer works on another network, same configuration -- except the local VPN endpoint is a SonicWall. -Stephen-
A (pf?) puzzler -- a single device invisible on the other side of an IPsec tunnel
Hi, folks: Here's a good one for you. I have an IPsec tunnel running between two OpenBSD boxes. One is still running 3.8 (yes, it needs to be updated) and the other is running 4.1. There is a functioning tunnel running between the two devices. Hosts on one end can see hosts on the other, and vice versa -- EXCEPT we just put an HP Jetdirect print server on the OpenBSD 4.1 side. This device is pingable and accessible from hosts on the same network, but totally unpingable and inaccessible from hosts on the remote network. To recap: Print server is at site A. Hosts at site A (on the same subnet) can ping and access print server. Hosts at site B (on a different subnet) *cannot* ping or access this print server. And yet - Hosts at site B *can* see every other device at site A (and vice versa) and all those devices can see the print server. Note that we're not doing any filtering on the encryption interface (the line is pass quick on enc0); nevertheless, I'm wondering if I need some special flags somewhere. Other things I've tried: - moving the Jetdirect to a different port on the same physical switch - a variety of static and dynamic IPs in the subnet I also forwarded the external port 9100 to this print server and tried to access it from a public host, but this didn't work either. This leads me to suspect a peculiar interaction between OpenBSD 4.1 and this particular print server. Of course, it might well be the fault of HP's IP stack, but I've already talked to them at great length and got pretty much nowhere: We don't support JetDirect over WAN connections. We ended up putting the printer outside on a public IP address as an ugly, undesirable workaround, and, WAN connection or not, that is currently working. I'd really like to get this one back on the private network. I don't need hackers sending mountains of porn to this printer, even if it *is* in a truck stop. Any ideas or salient suggestions? -Stephen-
Re: A (pf?) puzzler -- a single device invisible on the other side of an IPsec tunnel
knitti wrote: On 10/19/07, Stephen Bosch [EMAIL PROTECTED] wrote: Other things I've tried: - moving the Jetdirect to a different port on the same physical switch - a variety of static and dynamic IPs in the subnet I also forwarded the external port 9100 to this print server and tried to access it from a public host, but this didn't work either. This leads me to suspect a peculiar interaction between OpenBSD 4.1 and this particular print server. Of course, it might well be the fault of HP's IP stack, but I've already talked to them at great length and got pretty much nowhere: We don't support JetDirect over WAN connections. look with tcpdump, whether the packets of the printserver look like you expect. perhaps it only has a ttl of 1 or 2 ;-) Yeah, I'm going to do some packet sniffing with tcpdump :) The TTL is unlikely to be the cause as the printer works now that it is on the outside, and the remote site is 8 hops away... but the suggestions about MTU possibly causing trouble are worth investigating. Anyway, I'll try tcpdump and see what it turns up. Thanks for all the suggestions and help! Cheers, -Stephen-
Re: A (pf?) puzzler -- a single device invisible on the other side of an IPsec tunnel
Jussi Peltola wrote: Does the print server have the right gateway configured? Yeah. Checked that. Does scrub have any effect (fragments get dropped in some cases if scrub is off - that bit me once with openvpn)? I think scrub is on, though -- I'll have to look again. Wouldn't tcpdump tell you more about the packets coming back from it? Yes, it would, but I'd been working for 20 hours and I couldn't really think anymore. Plus, doing a dump on an encryption interface... well. I'd probably just use rdr and a TCP proxy on some machine to work around the problem. Print server IP stacks tend to be funny, especially in case of non-1500 MTU. That was my thinking also -- I don't think they spend a lot of time on them, and they run on bare minimum hardware. Thanks! -Stephen-
Re: A (pf?) puzzler -- a single device invisible on the other side of an IPsec tunnel
Claudiu Pruna wrote: hi Stephen, No offense, but did you check JetDirect's ip settings about the default gateway ? None taken. Yes, I did actually check that, and it was correct. Try an tcpdump on the ethernet interface at site A while trying to print from site B and check if you see packets on both directions. That'll be the next thing I try. -Stephen-
Issues Using Forticlient behind an OpenBSD Firewall to connect to a Fortigate IPSEC VPN Server
Siju George writes: All outbound TCP, UDP and ICMP traffic from the LAN is let out through PF. I am able to connect to another Fortigate IPSEC VPN Server on the Internet using Forticlient on the same XP system but no data communication happens between them. I tried connecting from a network that is not firewalled by OpenBSD and the VPN connection to the same Fortigate Server is working fine and I am able to access the internal machines. Is there any other traffic I should allow other than TCP,UDP,ICMP on the firewall to connect and pass traffic between the Fortigate VPN server and the XP system using Forticlient? You didn't indicate whether the OpenBSD 4.0 is doing NAPT for your XP box or you have a binat setup. If NAPT then you must enable NAT traversal on the FortiGate. If you have setup a binat then you have the choice of enabling NAT traveral on the FortiGate or modifying pf to allow ESP (protocol 50) inout.
cgi best practices (was: Re: http://openbsd.rt.fm/faq/faq10.html#httpdchroot)
David Newman [EMAIL PROTECTED] wrote: Anything else? perldoc perlsec has a lot of good advice. -- Stephen Takacs [EMAIL PROTECTED] http://perlguru.net/ 4149 FD56 D078 C988 9027 1EB4 04CC F80F 72CB 09DA
smtp auth + greylisting
I just moved my super-fantastic spamd soekris in front of a new mail server that requires SMTP Auth to send mail... and it broke. No one can send mail from that server. My old server didn't require SMTP Auth and it worked fine. I couldn't find anything in the docs or on the net that suggests that I need to make changes - but obviously I do. Can anyone point me in the right direction? Your help is much appreciated! Best Regards, Stephen
Re: smtp auth + greylisting
That's a really good point. However we have about 200 users we'd have
to get to switch their mail settings - 99% of don't know what mail
settings are of course.
Changing ports could prove very painful. I will definitely consider
it though, given how painful email is without greylisting.
Best Regards,
Stephen
On 22-May-07, at 3:10 PM, Bob Beck wrote:
Trust me - bit the bullet and change to 587/465 anyway.
we had to for road warriors because 25 is blocked in so many
places anyway from walkups. You're better just getting your
users to switch.
* Chad M Stewart [EMAIL PROTECTED] [2007-05-22 12:46]:
Since having users change their settings can be problematic in many
environments, instead change the MX record. This way you can
implement spamd right away and your users will not have to change
anything. Though I would suggest moving the users to 587/465 in the
future so that they don't get burned at places like hotels that
redirect outbound port 25 traffic to a local SMTP proxy, that won't
have a clue how to authenticate the user anyways.
-Chad
--
#!/usr/bin/perl
if ((not 0 not 1) != (! 0 ! 1)) {
print Larry and Tom must smoke some really primo stuff...\n;
}
Re: fileserver lockups: no ddb
cpu0: AMD Sempron(tm) Processor 3000+ (AuthenticAMD 686-class, 256KB L2 cache) 1.60 GHz That's interesting. How long have you been running OBSD 4.0 on that machine? I have the mobile version of this cpu, and my laptop started locking up erratically (also w/o ddb) shortly after upgrading from 3.9 to 4.0. After about a week of that craziness and no way to troubleshoot further (short of running memtest86 and 'make build', neither of which revealed any hardware issues), I went back to 3.9, and it's been as rock-solid as it used to be. -- Stephen Takacs [EMAIL PROTECTED] http://perlguru.net/ 4149 FD56 D078 C988 9027 1EB4 04CC F80F 72CB 09DA
Re: GRE over IPsec
Chris Jones writes: I may have been mistaken. I just pulled this information from this document which Gregory Lebovitz from Netscreen co-authored back in 2003. No FortiGate model supported GRE in 2003, it wasn't added until 2006. On page 46 he talks about using GRE to create a virtual routing interfaces AKA tunnel interface. I have configure route-based VPNs between a Netscreen and FortiGate which interop just fine, which leads me to believe that they are using the same approach to tunnel interfaces. They are using the same approach, it just isn't GRE based. Both FortGate and Netscreen allow you to define a IPsec interface which has the routing benefits described in http://www.isi.edu/div7/presentation_files/dynamic_routing.pdf but which is also compatible with anything that supports tunnel mode IPsec. I have yet to get this to work between an OpenBSD box and a FortiGate/Netscreen. I will look into the gif option to see if this will work. It isn't clear to me why you don't just use tunnel mode IPsec on OpenBSD, it is compatible with both FortiGate and Netscreen. The gif approach is going to be a problem unless you have an IKE daemon that can negotiate tunnel mode (because that's what the FortiGate will expect) but actually use tranport+IPIP as per the RFC draft referenced in the above.
Re: GRE over IPsec
Stuart Henderson writes: interesting; if my understanding of this and the RFC that the referenced 'touch' draft was published as (rfc3884), at one end you can configure one side in *transport* mode carrying ipip encapsulated packets - gif(4) with net.inet.ipip.allow=1, afaict - and the other side in tunnel mode as usual. That's the idea, though the IKE daemon on the transport+IPIP side has to actually offer tunnel mode or the other end will typically reject the negotiation. this could be useful for either running routing protocols over IPsec, or for redistributing IPsec routes into an IGP (the latter being something I've been wondering about how to handle in some way that's a little more flexible than configure all of concentrator X's tunnels within 10.X/16 and all of concentrator Y's tunnels within 10.Y/16...) It is useful for all of the above.
Re: fileserver lockups: no ddb
On Sun, Apr 08, 2007 at 12:11:37PM -0400, Nick Holland wrote: What you are describing is almost certainly the i386-on-amd64 problem. Solution is to do one of the following (in my order of preference, your criteria may be different than mine, of course!) : * run OpenBSD/amd64 (where this problem doesn't exist) * wait for 4.1 (where it is fixed) * run -current (where it is fixed) Unfortunately, my cpu is one of the lame Sempron chips which isn't a true AMD64. It can be pretty hard to tell them apart, given all the revisions: http://en.wikipedia.org/wiki/Sempron I'll definitely give 4.1 a shot and see though... -- Stephen Takacs [EMAIL PROTECTED] http://perlguru.net/ 4149 FD56 D078 C988 9027 1EB4 04CC F80F 72CB 09DA
Re: fileserver lockups: no ddb
Nick Holland wrote: In that case, could you provide a full dmesg on the thing? This sounds interesting, I'd really love to know what -current does on it, though I guess we can wait a few weeks for 4.1-release. :) (not like I'm the guy who has the knowledge to troubleshoot what's going on here...) Here's an old 4.0 dmesg from back in November: http://archives.neohapsis.com/archives/openbsd/2006-11/0385.html Did you actually try amd64 on it? I hadn't tried it before, so today I burned the amd64 cd40.iso, just in case... It didn't get very far though. The second-stage bootloader ran okay: OpenBSD/amd64 CDBOOT 1.06 booting cd0a:/4.0/amd64/bsd.rd [0xblahblah etc.] entry point at 0x1001e0 [0xblahblah etc.] _ But that's where it stopped (imagine the _ above is a blinking cursor). No blue kernel messages ever appeared on the console. -- Stephen Takacs [EMAIL PROTECTED] http://perlguru.net/ 4149 FD56 D078 C988 9027 1EB4 04CC F80F 72CB 09DA
GRE over IPsec
Chris Jones writes: Fortigates and Netscreens both use GRE interaces as tunnel interfaces when creating route-based VPN tunnels. FortiGates do not use GRE interface when creating route-based VPN tunnels. The route-based VPN on a FortiGate creates packets that are identical to IPsec tunnel mode i.e. IP|ESP|IP. As far as I'm aware, Netscreen do the same. Are you sure you don't have any Cisco's in your network? They use GRE for IPsec unless you've got a farily recent version of IOS that supports the virtual interface approach. Right now I have a hub-and-spoke VPN network using static routes to route traffic across the VPN. Each spoke endpoint has a static destination route of 10.1.0.0/16 which is sent over GRE interface. The only exception to the hub-and-spoke VPN is my OpenBSD firewall which I have to create VPN tunnels to every spoke network I need access to (quite painfull). On my OpenBSD box I would like to be able to use a single static destination route of 10.1.0.0/16 to send this traffic over a GRE interface to get to the rest of the VPN network. Since the FortiGate doesn't use GRE for IPsec (unless you configured it for some reason) then there is no need to use GRE on OpenBSD. Just define a normal tunnel based IPsec connection (as if the other end was another OpenBSD box). If you really want an interface so that you can route over it, then you'd have better luck with a gif interface. In that case if you can get the tunnel to come up you could run RIP/OSPF/iBGP on the OpenBSD gif interface and on the FortiGate IPsec interface and not use static routing at all.
About commands
Hi folks, On Linux World, $ fdisk -l displaying all partitions of a HD $ df -h displaying all partitions with size and use What will be the equivalent command on OBSD? TIA B.R. Stephen Send instant messages to your online friends http://uk.messenger.yahoo.com
Re: Where to download cvsup-16.1h-no_x11.tgz for amd64
Hi Christian, Tks for your advice. I did not receive your reply until searching following site and found this thread; http://article.gmane.org/gmane.os.openbsd.misc/120640 http://thread.gmane.org/gmane.os.openbsd.misc/120636/focus=120640 To my surprise I even did not receive my original mail posted. Just resubribed the list [EMAIL PROTECTED] The reply was I having subscribed this list. only i386 available. Exactly. If you want to mirror the repository, consider using cvsync. If you want to use checkout mode from a CVSup server, consider using csup. Now I have csup running on OpenBSD 4.0 # which csup /usr/local/bin/csup man csup doesn't provide much info and examples running this package. Where can I find such info. TIA It further mentioned csup only supports checkout mode. CVSUP supports both CVS and checkout mode B.R. Stephen Liu Send instant messages to your online friends http://uk.messenger.yahoo.com
Re: Problem on installing new packages
Hi Stuart, Is your network working, can you connect to the site with ftp? Yes, I can ping yahoo.com/google.com, etc. without problem [EMAIL PROTECTED]:29$ ftp ftp://ftp.it.net.au/mirrors/OpenBSD/4.0/packages/amd64/ # ftp ftp://ftp.it.net.au/mirrors/OpenBSD/4.0/packages/amd64/ Connected to poledra.it.net.au 220 ProFTPD 1.2.10 Server (Informed Technoloty FTP Server) [203.8.116.111] 331 Anonymous loginod, send your completed email address as your password ... 230 Anonymous access granted, restrictions apply. Remote system type is UNIX. Using binary mode to transfer files 200 Type set to I 250 CWD command successful ftp exit 221 Goodbye B.R. Stephen Liu Send instant messages to your online friends http://uk.messenger.yahoo.com
Re: Problem on installing new packages
Hi Stuart, On 2007/03/26 23:14, Stephen Liu wrote: 250 CWD command successful ftp exit 221 Goodbye try 'ls' too; it will open a data channel. certain firewall/nat-related problems will allow the command channel to open but not the data channel. # ls .Xauthority .cshrc .klogin .login .profile .ssh Other noted wit tks. B.R. Stephen Send instant messages to your online friends http://uk.messenger.yahoo.com
Re: Problem on installing new packages-Firefox found
Hi folks, Re: firefox. I found it which is named; mozilla-firefox-1.5.0.5.tgz B.R. Stephen Send instant messages to your online friends http://uk.messenger.yahoo.com
Re: Problem on installing new packages
Hi Jeff and Lawrence, Your advice worked here. Tks. On 3/26/07, Lawrence Teo [EMAIL PROTECTED] wrote: PKG_PATH=ftp://ftp.it.net.au/mirrors/OpenBSD/4.0/packages/amd64 \ pkg_add -v nano-1.2.5.tgz Make sure to add a trailing / PKG_PATH=ftp://ftp.it.net.au/mirrors/OpenBSD/4.0/packages/amd64/ \ pkg_add -v nano-1.2.5.tgz # PKG_PATH=ftp://ftp.it.net.au/mirrors/OpenBSD/4.0/packages/amd64/ \ # pkg_add -v nano-1.2.5.tgz parsing nano-1.2.5 .. . nano-1.2.5:parsing expat-2.0.0 nano-1.2.5:expat-2.0.0: complete nano-1.2.5:gettext-0.14.5p1: complete nano-1.2.5: complete looks like groupinstall with export omitted # which nano /usr/local/bin/nano Other noted with tks. How to install Firefox? On; ftp://ftp.it.net.au/mirrors/OpenBSD/4.0/packages/amd64/ only those packages found such as; firefox-i18n-ar-1.5.0.10p0.tgz firefox-i18n-ar-1.5.0.5.tgz firefox-i18n-ar-1.5.0.7.tgz firefox-i18n-ar-1.5.0.8.tgz firefox-i18n-ar-1.5.0.9.tgz firefox-i18n-ar-1.5.0.9p0.tgz firefox-i18n-bg-1.5.0.10p0.tgz firefox-i18n-bg-1.5.0.5.tgz firefox-i18n-bg-1.5.0.7.tgz firefox-i18n-bg-1.5.0.8.tgz firefox-i18n-bg-1.5.0.9.tgz firefox-i18n-bg-1.5.0.9p0.tgz firefox-i18n-ca-1.5.0.10p0.tgz ... etc. Tks B.R. Stephen Send instant messages to your online friends http://uk.messenger.yahoo.com
Re: Problem on installing new packages
# ls.Xauthority .cshrc .klogin .login .profile .ssh Stuart meant to try ls within ftp session, not from the commandprompt. ftp ls . . -r--r--r-- 1 ftpadm staff 49650 Sep 23 2006 zsh-zftp-4.2.6.tgz 226 Transfer complete ftp ls | more 229 Entering Extended Passive Mode (|||41410|) 150 Opening ASCII mode data connection for file list 226 Transfer complete. ftp ls | less 229 Entering Extended Passive Mode (|||33305|) 150 Opening ASCII mode data connection for file list 226 Transfer complete. ftp Stephen Send instant messages to your online friends http://uk.messenger.yahoo.com
Where to download cvsup-16.1h-no_x11.tgz for amd64
Hi folks, Just installed OpenBSD 4.0 direct from ftp, running amd64 cd40. Please advise where can I download its cvsup-16.1h-no_x11.tgz. I can't find this package on; ftp://ftp.openbsd.org/pub/OpenBSD/4.0/packages/ only i386 available. TIA B.R. Stephen Liu Send instant messages to your online friends http://uk.messenger.yahoo.com
Seeking advice on OpenBSD
Hi folks, CPU - AMD Athlon64 X2 AM2 512Kx2 3,800 Mobo - ASUS M2N-E with onboard NIC, nVidia chipsets Vedio Card - ASUS EN7600 with nVidia chipsets I have been searching around for a 64 bit OS to run as server. The OS will be easy to install, rigid and w/o driver problem. In the last 3 weeks I have been testing 64 bit FreeBSD 6.2, archlinux 0.8, slamd64 11.0, CentOS 4.4, etc. All of them have nvidia driver problem, FreeBSD being the worst. I'll install X and Xfce-4.2 as desktop. They won't start at boot. The only reason for me retaining X is for communication via Internet. I'm not feeling comfortable on running text browse such as Elinks, etc. Also on Internet browsing the websites complain requesting me to run GUI browser. Please advise will OpenBSD serve my need. TIA B.R. Stephen Liu Send instant messages to your online friends http://uk.messenger.yahoo.com
Re: Seeking opinion about OpenBSD
Hi Albert, 1) Buy a supported video card I have no idea which chipset has no problem. 2) Contact nvidia to let them know why you did so I don't think nvidia w/o knowledge of the driver problem on FreeBSD Pls refer to; http://www.nvnews.net/vbulletin/showthread.php?t=41545page=15 and http://www.nvnews.net/vbulletin/showthread.php?t=82203 64 bit FC6 and Ubuntu don't have nvidia driver problem. I have 64bit FC6 box here running on ASUS motherboard with onboard NIC and nvidia chipset. NIC works and my Philips Monitor, Brilliance 200WP7, displays correct resolution. I tested 64bit Ubuntu before working without problem. B.R. Stephen Liu 3) profit! CPU - AMD Athlon64 X2 AM2 512Kx2 3,800 Mobo - ASUS M2N-E with onboard NIC, nVidia chipsets Vedio Card - ASUS EN7600 with nVidia chipsets I have been searching around for a 64 bit OS to run as server. The OS will be easy to install, rigid and w/o driver problem. In the last 3 weeks I have been testing 64 bit FreeBSD 6.2, archlinux 0.8, slamd64 11.0, CentOS 4.4, etc. All of them have nvidia driver problem, FreeBSD being the worst. Send instant messages to your online friends http://uk.messenger.yahoo.com
Re: Seeking opinion about OpenBSD
Hi Sunnz, Well then you could try OpenBSD with nv driver and see if that works for you... I tried nv driver on slamd64 before. It did not work. Anyway I'll try it on OpenBSD. Is OpenBSD LiveCD available? You know how to configure X with xorg.conf, right? No problem. I did a lot of manual-editing on xorg.conf in the last 3 weeks As for font size, you could change them in xfce-settings, right? Have you attempted doing so in all the systems that you have tried? No I can't change the font size on Xfce-4.2. I installed Xfce-4.2 on all OS tested previously. I only need changing the font size on Terminal as well as the URL box on Firefox. They were too tiny to read. I can adjust font sizes on Firefox via preferences except the font size on its URL box. I think maybe I can adjust it via gtk. I did it before but w/o a good recollection. Another problem running Xfce-4.2 is no default text editor. Maybe I have to download mousepad on Internet if I can't find it on repo. Xfce-4.2 has OO installed but it is not convenient to run it for editing text. B.R. Stephen 2007/3/19, Stephen Liu [EMAIL PROTECTED]: Hi Sunnz, If you need 3D graphics acceleration, no. But for a server I don't see why would you need so, can you specify any particular need for 3D acceleration? No I don't need. Neither I do graphic editing on server. I can tolerate running X on incorrect resolution. My only problem was the fonts on desktop being too tiny to read. I can't adjust them. B.R. Stephen 2007/3/19, Jason Dixon [EMAIL PROTECTED]: On Mar 18, 2007, at 10:08 AM, satimis wrote: Hi folks, CPU - AMD Athlon64 X2 AM2 512Kx2 3,800 Mobo - ASUS M2N-E with onboard NIC, nVidia chipsets Vedio Card - ASUS EN7600 with nVidia chipsets I have been searching around for a 64 bit OS to run as server. The OS will be easy to install, rigid and w/o driver problem. In the last 3 weeks I have been testing 64 bit FreeBSD 6.2, archlinux 0.8, slamd64 11.0, CentOS 4.4, etc. All of them have nvidia driver problem, FreeBSD being the worst. I'll install X and Xfce-4.2 as desktop. They won't start at boot. The only reason for me retaining X is for communication via Internet. I'm not feeling comfortable on running text browse such as Elinks, etc. Also on Internet browsing the websites complain requesting me to run GUI browser. Please advise will OpenBSD serve my need. TIA OpenBSD helps those who help themselves. http://www.openbsd.org/amd64.html Your best option is to download a copy of cd40.iso from one of the FTP mirrors and boot up the install process. Choose the shell option and run 'dmesg' to see if all of your hardware is supported (compare against the supported hardware list in the aforementioned link). If it is, go ahead and complete the installation and then purchase a real CD from the project. Installation Guide - http://www.openbsd.org/faq/faq4.html OpenBSD Store - http://www.openbsd.org/orders.html -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net -- Please avoid sending me Word or PowerPoint attachments. See http://www.gnu.org/philosophy/no-word-attachments.html Send instant messages to your online friends http://uk.messenger.yahoo.com -- Please avoid sending me Word or PowerPoint attachments. See http://www.gnu.org/philosophy/no-word-attachments.html Send instant messages to your online friends http://uk.messenger.yahoo.com
Re: Seeking opinion about OpenBSD
Hi Timo, Tks for your advice. - snip - i have a similar setup here serving me as a low energy personal file, email server and misc task machine (i have an Athlon64 AM2 3800+ EE SFF with 35 Watt power drawing maximum, and 2GByte Kingston ECC DDR2 RAM). the first i did was to disable the onboard NIC (nVidia crap) of my ASUS M2NPV-VM and put an intel-based board into that machine. I did the same plugging in a NIC with realtek chipset. It worked. Another problem on X still existed. Although I can run X on incorrect resolution because I don't do graphic editing on server. But the problem was the fonts on desktop being too tiny to read. I can't adjust them. B.R. Stephen Liu Send instant messages to your online friends http://uk.messenger.yahoo.com
Re: Seeking opinion about OpenBSD
Hi Jason, Tks for your advice. - snip - Your best option is to download a copy of cd40.iso from one of the FTP mirrors and boot up the install process. Choose the shell option and run 'dmesg' to see if all of your hardware is supported (compare against the supported hardware list in the aforementioned link). If it is, go ahead and complete the installation and then purchase a real CD from the project. Installation Guide - http://www.openbsd.org/faq/faq4.html OpenBSD Store - http://www.openbsd.org/orders.html I'll try later. If OpenBSD LiveCD is availble it will be even more convenient for me. B.R. Stephen Liu Send instant messages to your online friends http://uk.messenger.yahoo.com
Re: Seeking opinion about OpenBSD
Hi Sunnz, If you need 3D graphics acceleration, no. But for a server I don't see why would you need so, can you specify any particular need for 3D acceleration? No I don't need. Neither I do graphic editing on server. I can tolerate running X on incorrect resolution. My only problem was the fonts on desktop being too tiny to read. I can't adjust them. B.R. Stephen 2007/3/19, Jason Dixon [EMAIL PROTECTED]: On Mar 18, 2007, at 10:08 AM, satimis wrote: Hi folks, CPU - AMD Athlon64 X2 AM2 512Kx2 3,800 Mobo - ASUS M2N-E with onboard NIC, nVidia chipsets Vedio Card - ASUS EN7600 with nVidia chipsets I have been searching around for a 64 bit OS to run as server. The OS will be easy to install, rigid and w/o driver problem. In the last 3 weeks I have been testing 64 bit FreeBSD 6.2, archlinux 0.8, slamd64 11.0, CentOS 4.4, etc. All of them have nvidia driver problem, FreeBSD being the worst. I'll install X and Xfce-4.2 as desktop. They won't start at boot. The only reason for me retaining X is for communication via Internet. I'm not feeling comfortable on running text browse such as Elinks, etc. Also on Internet browsing the websites complain requesting me to run GUI browser. Please advise will OpenBSD serve my need. TIA OpenBSD helps those who help themselves. http://www.openbsd.org/amd64.html Your best option is to download a copy of cd40.iso from one of the FTP mirrors and boot up the install process. Choose the shell option and run 'dmesg' to see if all of your hardware is supported (compare against the supported hardware list in the aforementioned link). If it is, go ahead and complete the installation and then purchase a real CD from the project. Installation Guide - http://www.openbsd.org/faq/faq4.html OpenBSD Store - http://www.openbsd.org/orders.html -- Jason Dixon DixonGroup Consulting http://www.dixongroup.net -- Please avoid sending me Word or PowerPoint attachments. See http://www.gnu.org/philosophy/no-word-attachments.html Send instant messages to your online friends http://uk.messenger.yahoo.com
Re: Seeking opinion about OpenBSD
Hi Tobias, On Sunday, 18. March 2007 19:00, Thomas Leveille wrote: Am I the only one to find this stupid ? Why should you need a browser in a server ? I sometimes depend on lynx to download stuff from sourceforge where no direct download link is supplied. I ran elinks, the text driver, before and finally I have to coming back to gui browser. Download is not a problem to me. I ran wget on Terminal to get the job done. Without X I can tunnel via SSH to a workstation to do installation and fine tuning a server, running the latter headless. But I have to run 2 PCs doing a single job. So my final solution is to have X and a lightweight deskstop such as Xfce, winframe, etc. installed on the server but without running them at boot. After finish I can erase all of them or just leaving them there, administrating the server via a workstation. B.R. Stephen Send instant messages to your online friends http://uk.messenger.yahoo.com
Re: Seeking advice on OpenBSD
Hi Darrin, Tks for your advice. Please advise will OpenBSD serve my need. TIA I do not know. I have a computer with nVidia, and it works fine using the generic xorg 'nv' driver. Of course, special nVidia functionality is not available. But it does work on MY particular nVidia. It will probably work on yours. Without more details about specific chipset nobody will be able to tell you everything. Yes, you are right. Generic xorg 'nv' driver works on nVidia chipset but depending on OS. I'm now replying your posting on a FC6_x86_64 PC with following config; CPU AMD Athlon64 socket 939 Mobo - ASUS A8N-VM, onboard NIC, Graphic and sound cards Notherbridge: nVidia GeForce 6100 CPU Southebridge: nVidia nForce 410 MCP Vedio card - Gigabyte GV-NX66256DP2, nVidia GeForece6600 chipset LCD Monitor - Philips Brilliance 200WP7 nv driver works with correct resolution displayed 1680x1050 Ubuntu-LAMP-server_amd64 also works on this box without nVidia driver problem. 64bit Gentoo has nVidia driver problem on this box. It needs installing nvidia driver on nvidia.com. It seems to me depending OS. Another box having nVidia driver problem with following config. CPU -AMD Athlon64 X2 AM2 socket 512kx2 Mobo - ASUS M2N-E with onboard NIC and sound, nVidia nForce 570 Ultra MCP chipset Vedio card - ASUS EN7300GS, GeForce 7300GS GPU chipset 64bit OS, tested; FC6 - no problem on onboard NIC and X, displaying correct resolution 1680x1050 slamd64 - no problem on onboard NIC graphic - need nvidia driver on nvidia.com archlinux - no problem on onboard NIC graphic - need nvidia driver on nvidia.com CentOS - no problem on onboard NIC graphic need nvidia driver on nvidia.com NetBSD - no problem on onboard NIC no test on graphic FreeBSD - having problem on onboard NIC having problem on graphic no available driver on nvidia.com I have DragonflyBSD installer available but haven't tested it. It is ported on FreeBSD. I have no idea on PC_BSD and Desktop_BSD. Googling found me some info that they are striving on driver. It may draw a preliminary conclusion that the problem of driver is largely depending on the development of the OS. Since it sounds like you are stuck currently, you might just try it and find out for yourself. The basic install should only take you a few minutes. After that just try 'startx' and see if it works. If not, you're no worse off than before... Yes, your are correct. The basic installation took me a short while. Graphic testing took me prolonged time. I'll copy the xorg.conf file of this box to the AMD Athlon64 X2 box and install 'nv' driver there to see what will happen to the 64bit CentOS which is under testing. B.R. Stephen Liu Send instant messages to your online friends http://uk.messenger.yahoo.com
Re: greylisting
Just for the archives... I went through these emails again, and discovered that this one was the one that solved my problem. Indeed the default pf.conf file says rdr pass on for the spamd redirects, and Chris asks why pass there? I removed the word pass - now it all works like magic. Thanks Chris! Stephen On 8-Jan-07, at 9:41 PM, Chris Kuethe wrote: On 1/8/07, Stephen Schaff [EMAIL PROTECTED] wrote: rdr pass on $ext_if proto tcp from spamd to port smtp \ - 127.0.0.1 port spamd rdr pass on $ext_if proto tcp from !spamd-white to port smtp \ - 127.0.0.1 port spamd why pass there? -- GDB has a 'break' feature; why doesn't it have 'fix' too?
Re: greylisting
Hmmm - should sis1 have an IP?
On 9-Jan-07, at 3:54 PM, Stephen Schaff wrote:
That's what I'm starting to think...
hostname.sis0: (management interface)
inet xxx.xxx.xxx.xxx 255.255.255.0 NONE
hostname.sis1:
up
hostname.sis2:
up
bridgename.bridge0:
add sis1
add sis2
up
pf.conf: (as per http://undeadly.org/cgi?
action=articlesid=20061108134508)
ext_if=sis1
mailserver=xxx.xxx.xxx.xxx
table spamd persist
table spamd-white persist
rdr pass on $ext_if proto tcp from spamd to port smtp \
- 127.0.0.1 port spamd
rdr pass on $ext_if proto tcp from !spamd-white to port smtp \
- 127.0.0.1 port spamd
# log so you can watch the connections getting trapped
pass in log on $ext_if route-to lo0 inet proto tcp to 127.0.0.1
port spamd
# log smtp sessions to and from the mailserver
pass in log on $ext_if proto tcp to $mailserver port smtp keep state
pass out log on $ext_if proto tcp from $mailserver to any port smtp
keep state
rc.conf:
...
spamd_flags=-G 5:4:864 -v
spamd_grey=YES
spamlogd_flags=
...
syslog.conf:
!spamd
*.* /var/log/spamd
On 9-Jan-07, at 9:14 AM, Bob Beck wrote:
Sounds to me like your pf rules and/or bridge setup
are not set up correctly to allow the connections to be redirected.
-Bob
* Stephen Schaff [EMAIL PROTECTED] [2007-01-08 18:52]:
tail -f /var/log/daemon shows:
Jan 8 02:23:38 spamd spamd[4966]: listening for incoming
connections.
That's it.
Stephen
On 8-Jan-07, at 3:54 AM, edgarz wrote:
They should be.
tail -f /var/log/daemon
there they are.
Stephen Schaff wrote:
I've set up spamd on a soekris bridge. It seems to be working for
the most part. However, when I used spamdb to view the database -
it only shows WHITE entries. It appears there are no GREY entries.
Have I configured things incorrectly?
Also, if I try to send mail from a remote mail client, using the
mail server behind spamd, it won't allow the connection. I have to
use my shaw smtp server, or some other one to get the mail to
send. Any ideas on how to configure it so that I can use my main
mail server to send messages?
Config files:
pf.conf:
ext_if=sis1
mailserver=my mail server IP
table spamd persist
table spamd-white persist
rdr pass on $ext_if proto tcp from spamd to port smtp \
- 127.0.0.1 port spamd
rdr pass on $ext_if proto tcp from !spamd-white to port smtp \
- 127.0.0.1 port spamd
# log so you can watch the connections getting trapped
pass in log on $ext_if route-to lo0 inet proto tcp to 127.0.0.1
port spamd
# log smtp sessions to and from the mailserver
pass in log on $ext_if proto tcp to $mailserver port smtp keep
state
pass out log on $ext_if proto tcp from $mailserver to any port
smtp keep state
rc.conf:
spamd_flags=-v
spamd_grey=YES
spamlogd_flags=
!DSPAM:45a2227782793355514740!
--
#!/usr/bin/perl
if ((not 0 not 1) != (! 0 ! 1)) {
print Larry and Tom must smoke some really primo stuff...\n;
}
Re: greylisting
do you mean the second rdr on the !spamd-white? well, I'm going from the example found here: http://undeadly.org/cgi?action=articlesid=20061108134508 There's a thread about that on that page. It's my understanding that the first rdr quickly handles everything on the blacklist which is a subset of the ! whitelist - but it's faster to narrow those ones first, then if they get past that rule, send everything not on the whitelist to spamd. Stephen On 8-Jan-07, at 9:41 PM, Chris Kuethe wrote: On 1/8/07, Stephen Schaff [EMAIL PROTECTED] wrote: rdr pass on $ext_if proto tcp from spamd to port smtp \ - 127.0.0.1 port spamd rdr pass on $ext_if proto tcp from !spamd-white to port smtp \ - 127.0.0.1 port spamd why pass there? -- GDB has a 'break' feature; why doesn't it have 'fix' too?
Re: greylisting
That's what I'm starting to think...
hostname.sis0: (management interface)
inet xxx.xxx.xxx.xxx 255.255.255.0 NONE
hostname.sis1:
up
hostname.sis2:
up
bridgename.bridge0:
add sis1
add sis2
up
pf.conf: (as per http://undeadly.org/cgi?
action=articlesid=20061108134508)
ext_if=sis1
mailserver=xxx.xxx.xxx.xxx
table spamd persist
table spamd-white persist
rdr pass on $ext_if proto tcp from spamd to port smtp \
- 127.0.0.1 port spamd
rdr pass on $ext_if proto tcp from !spamd-white to port smtp \
- 127.0.0.1 port spamd
# log so you can watch the connections getting trapped
pass in log on $ext_if route-to lo0 inet proto tcp to 127.0.0.1 port
spamd
# log smtp sessions to and from the mailserver
pass in log on $ext_if proto tcp to $mailserver port smtp keep state
pass out log on $ext_if proto tcp from $mailserver to any port smtp
keep state
rc.conf:
...
spamd_flags=-G 5:4:864 -v
spamd_grey=YES
spamlogd_flags=
...
syslog.conf:
!spamd
*.* /var/log/spamd
On 9-Jan-07, at 9:14 AM, Bob Beck wrote:
Sounds to me like your pf rules and/or bridge setup
are not set up correctly to allow the connections to be redirected.
-Bob
* Stephen Schaff [EMAIL PROTECTED] [2007-01-08 18:52]:
tail -f /var/log/daemon shows:
Jan 8 02:23:38 spamd spamd[4966]: listening for incoming
connections.
That's it.
Stephen
On 8-Jan-07, at 3:54 AM, edgarz wrote:
They should be.
tail -f /var/log/daemon
there they are.
Stephen Schaff wrote:
I've set up spamd on a soekris bridge. It seems to be working for
the most part. However, when I used spamdb to view the database -
it only shows WHITE entries. It appears there are no GREY entries.
Have I configured things incorrectly?
Also, if I try to send mail from a remote mail client, using the
mail server behind spamd, it won't allow the connection. I have to
use my shaw smtp server, or some other one to get the mail to
send. Any ideas on how to configure it so that I can use my main
mail server to send messages?
Config files:
pf.conf:
ext_if=sis1
mailserver=my mail server IP
table spamd persist
table spamd-white persist
rdr pass on $ext_if proto tcp from spamd to port smtp \
- 127.0.0.1 port spamd
rdr pass on $ext_if proto tcp from !spamd-white to port smtp \
- 127.0.0.1 port spamd
# log so you can watch the connections getting trapped
pass in log on $ext_if route-to lo0 inet proto tcp to 127.0.0.1
port spamd
# log smtp sessions to and from the mailserver
pass in log on $ext_if proto tcp to $mailserver port smtp keep
state
pass out log on $ext_if proto tcp from $mailserver to any port
smtp keep state
rc.conf:
spamd_flags=-v
spamd_grey=YES
spamlogd_flags=
!DSPAM:45a2227782793355514740!
--
#!/usr/bin/perl
if ((not 0 not 1) != (! 0 ! 1)) {
print Larry and Tom must smoke some really primo stuff...\n;
}
greylisting
I've set up spamd on a soekris bridge. It seems to be working for the most part. However, when I used spamdb to view the database - it only shows WHITE entries. It appears there are no GREY entries. Have I configured things incorrectly? Also, if I try to send mail from a remote mail client, using the mail server behind spamd, it won't allow the connection. I have to use my shaw smtp server, or some other one to get the mail to send. Any ideas on how to configure it so that I can use my main mail server to send messages? Config files: pf.conf: ext_if=sis1 mailserver=my mail server IP table spamd persist table spamd-white persist rdr pass on $ext_if proto tcp from spamd to port smtp \ - 127.0.0.1 port spamd rdr pass on $ext_if proto tcp from !spamd-white to port smtp \ - 127.0.0.1 port spamd # log so you can watch the connections getting trapped pass in log on $ext_if route-to lo0 inet proto tcp to 127.0.0.1 port spamd # log smtp sessions to and from the mailserver pass in log on $ext_if proto tcp to $mailserver port smtp keep state pass out log on $ext_if proto tcp from $mailserver to any port smtp keep state rc.conf: spamd_flags=-v spamd_grey=YES spamlogd_flags=
Re: greylisting
tail -f /var/log/daemon shows: Jan 8 02:23:38 spamd spamd[4966]: listening for incoming connections. That's it. Stephen On 8-Jan-07, at 3:54 AM, edgarz wrote: They should be. tail -f /var/log/daemon there they are. Stephen Schaff wrote: I've set up spamd on a soekris bridge. It seems to be working for the most part. However, when I used spamdb to view the database - it only shows WHITE entries. It appears there are no GREY entries. Have I configured things incorrectly? Also, if I try to send mail from a remote mail client, using the mail server behind spamd, it won't allow the connection. I have to use my shaw smtp server, or some other one to get the mail to send. Any ideas on how to configure it so that I can use my main mail server to send messages? Config files: pf.conf: ext_if=sis1 mailserver=my mail server IP table spamd persist table spamd-white persist rdr pass on $ext_if proto tcp from spamd to port smtp \ - 127.0.0.1 port spamd rdr pass on $ext_if proto tcp from !spamd-white to port smtp \ - 127.0.0.1 port spamd # log so you can watch the connections getting trapped pass in log on $ext_if route-to lo0 inet proto tcp to 127.0.0.1 port spamd # log smtp sessions to and from the mailserver pass in log on $ext_if proto tcp to $mailserver port smtp keep state pass out log on $ext_if proto tcp from $mailserver to any port smtp keep state rc.conf: spamd_flags=-v spamd_grey=YES spamlogd_flags= !DSPAM:45a2227782793355514740!
Re: greylisting
Thank you for your help - it still doesn't seem to be working. Nothing is showing up in the GREY list from spamdb and nothing is getting appended to /var/log/daemon except the listening for connections line at startup A more important problem right now is that I can't connect to the mail server on the other side of the bridge from my mail client to send messages. Any idea how to work around that? Stephen On 8-Jan-07, at 12:19 PM, edgarz wrote: spamd_flags=-G 5:4:864 -v spamd_grey=YES Stephen Schaff wrote: tail -f /var/log/daemon shows: Jan 8 02:23:38 spamd spamd[4966]: listening for incoming connections. That's it. Stephen On 8-Jan-07, at 3:54 AM, edgarz wrote: They should be. tail -f /var/log/daemon there they are. Stephen Schaff wrote: I've set up spamd on a soekris bridge. It seems to be working for the most part. However, when I used spamdb to view the database - it only shows WHITE entries. It appears there are no GREY entries. Have I configured things incorrectly? Also, if I try to send mail from a remote mail client, using the mail server behind spamd, it won't allow the connection. I have to use my shaw smtp server, or some other one to get the mail to send. Any ideas on how to configure it so that I can use my main mail server to send messages? Config files: pf.conf: ext_if=sis1 mailserver=my mail server IP table spamd persist table spamd-white persist rdr pass on $ext_if proto tcp from spamd to port smtp \ - 127.0.0.1 port spamd rdr pass on $ext_if proto tcp from !spamd-white to port smtp \ - 127.0.0.1 port spamd # log so you can watch the connections getting trapped pass in log on $ext_if route-to lo0 inet proto tcp to 127.0.0.1 port spamd # log smtp sessions to and from the mailserver pass in log on $ext_if proto tcp to $mailserver port smtp keep state pass out log on $ext_if proto tcp from $mailserver to any port smtp keep state rc.conf: spamd_flags=-v spamd_grey=YES spamlogd_flags= !DSPAM:45a27e92289407079677781!
x2100 M2
I'm thinking about buying the Sun x2100 M2 for OpenBSD 4.0. I've purchased one for a client that's running linux. I set it up but don't admin it. I don't use linux, but I really like the hardware. I want to do RAID1 with it, which the motherboard supports. However, I'm told that the RAID controllers they put on motherboards are just glorified software RAID and don't even compare to real hardware RAID. Further, I don't think that OpenBSD would even work with the motherboard RAID controller - please correct me if I'm wrong. So, I'm looking for a suggested course of action regarding the x2100 M2. Anyone have any experience with it - especially keeping RAID1 in mind? Best Regards, Stephen
Re: 4.0 frozen
Yeah. I did some testing last night - to know avail. When it bailed today, I restarted it, expecting the raid to rebuild as it always does. This time it didn't! It booted right up using wd1 and failed wd0 in raid0. Kinda makes me happy I built it that way (special thanks to this page: http://www.argon18.com/raid_openbsd.html ). So, I think that wd0 may be the cause of the whole problem, and I'll replace it right away and keep an eye on it to make sure that there aren't other problems. Thanks everyone for your great suggestions. I've been exploring them all. Best Regards, Stephen On 17-Dec-06, at 12:48 PM, Artur Grabowski wrote: Stephen Schaff [EMAIL PROTECTED] writes: wd0(pciide1:0:0): timeout type: ata c_bcount: 65536 c_skip: 0 pciide1:0:0: bus-master DMA error: missing interrupt, status=0x21 wd0d: device timeout reading fsbn 234162112 of 234162112-234162239 (wd0 bn 235334857; cn 14648 tn 233 sn 58), retrying wd0: soft error (corrected) wd0(pciide1:0:0): timeout type: ata c_bcount: 65536 c_skip: 0 pciide1:0:0: bus-master DMA error: missing interrupt, status=0x21 wd0d: device timeout reading fsbn 234997440 of 234997440-234997567 (wd0 bn 236170185; cn 14700 tn 233 sn 6), retrying wd0: soft error (corrected) wd0(pciide1:0:0): timeout type: ata c_bcount: 65536 c_skip: 0 pciide1:0:0: bus-master DMA error: missing interrupt, status=0x21 wd0d: device timeout reading fsbn 235719872 of 235719872-23571 (wd0 bn 236892617; cn 14745 tn 225 sn 17), retrying wd0: soft error (corrected) This is a pretty good indication of what's going wrong. Your disk is sad. //art
4.0 frozen
I've got 4.0 running nicely on a server sitting in a data centre, thanks to the help of the members of this list. It's been up since Nov. 22nd and in production. Yesterday it inexplicably went dark. I went down to check it out, and hooked up the monitor and keyboard. I could see the welcoming login prompt, but it wouldn't accept any input. It wasn't accepting any pings from a remote system on the network either. The only word I have for that is frozen - if there's better terminology out there - please let me know. Anyway, after hard booting the machine, and rebuilding the raid - I checked all the log files I could think of and can't find a thing. Nada. Then - it went down again today! I'm not sure what to do now. So, I thought I would post my dmesg here and see if it grabs the attention of anyone who knows better than I do. Any insight would be much appreciated. It turns my stomach to think I'd have to reinstall with a different OS. Best Regards, Stephen , addr 1 uhub1: 8 ports with 8 removable, self powered pciide0 at pci0 dev 13 function 0 NVIDIA MCP51 IDE rev 0xa1: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility atapiscsi0 at pciide0 channel 0 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: HL-DT-ST, CD-ROM GCR-8525B, 1.02 SCSI0 5/cdrom removable cd0(pciide0:0:0): using PIO mode 4, DMA mode 2 pciide0: channel 1 disabled (no drives) pciide1 at pci0 dev 14 function 0 NVIDIA MCP51 SATA rev 0xa1: DMA pciide1: using irq 11 for native-PCI interrupt wd0 at pciide1 channel 0 drive 0: ST3250823AS wd0: 16-sector PIO, LBA48, 238475MB, 488397168 sectors wd0(pciide1:0:0): using PIO mode 4, Ultra-DMA mode 5 pciide2 at pci0 dev 15 function 0 NVIDIA MCP51 SATA rev 0xa1: DMA pciide2: using irq 10 for native-PCI interrupt wd1 at pciide2 channel 0 drive 0: ST3250823AS wd1: 16-sector PIO, LBA48, 238475MB, 488397168 sectors wd1(pciide2:0:0): using PIO mode 4, Ultra-DMA mode 5 wd2 at pciide2 channel 1 drive 0: ST3250823AS wd2: 16-sector PIO, LBA48, 238475MB, 488397168 sectors wd2(pciide2:1:0): using PIO mode 4, Ultra-DMA mode 5 ppb3 at pci0 dev 16 function 0 NVIDIA MCP51 PCI-PCI rev 0xa2 pci4 at ppb3 bus 4 VIA VT6306 FireWire rev 0x80 at pci4 dev 5 function 0 not configured em0 at pci4 dev 9 function 0 Intel PRO/1000GT (82541GI) rev 0x05: irq 5, address 00:0e:0c:b1:4e:e6 azalia0 at pci0 dev 16 function 1 NVIDIA MCP51 HD Audio rev 0xa2: irq 5 azalia0: host: High Definition Audio rev. 1.0 azalia0: codec: 0x04x/0x11d4 (rev. 5.0), HDA version 1.0 audio0 at azalia0 nfe0 at pci0 dev 20 function 0 NVIDIA MCP51 LAN rev 0xa1: irq 5, address 00:13:d4:ff:0f:4b eephy0 at nfe0 phy 1: Marvell 88E Gigabit PHY, rev. 2 pchb0 at pci0 dev 24 function 0 AMD AMD64 HyperTransport rev 0x00 pchb1 at pci0 dev 24 function 1 AMD AMD64 Address Map rev 0x00 pchb2 at pci0 dev 24 function 2 AMD AMD64 DRAM Cfg rev 0x00 pchb3 at pci0 dev 24 function 3 AMD AMD64 Misc Cfg rev 0x00 isa0 at pcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker spkr0 at pcppi0 lpt0 at isa0 port 0x378/4 irq 7 lm0 at isa0 port 0x290/8: unknown Winbond chip (ID 0xa1) npx0 at isa0 port 0xf0/16: using exception 16 pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 biomask ff6d netmask ff6d ttymask ffef pctr: user-level cycle counter enabled Kernelized RAIDframe activated cd0(atapiscsi0:0:0): Check Condition (error 0x70) on opcode 0x0 SENSE KEY: Not Ready ASC/ASCQ: Medium Not Present raid0 (root): (RAID Level 1) total number of sectors is 487219200 (237900 MB) as root dkcsum: wd0 matches BIOS drive 0x80 dkcsum: wd1 matches BIOS drive 0x81 dkcsum: wd2 matches BIOS drive 0x82 WARNING: / was not properly unmounted swapmount: no device raid0: Device already configured! wd0(pciide1:0:0): timeout type: ata c_bcount: 65536 c_skip: 0 pciide1:0:0: bus-master DMA error: missing interrupt, status=0x21 wd0d: device timeout reading fsbn 234162112 of 234162112-234162239 (wd0 bn 235334857; cn 14648 tn 233 sn 58), retrying wd0: soft error (corrected) wd0(pciide1:0:0): timeout type: ata c_bcount: 65536 c_skip: 0 pciide1:0:0: bus-master DMA error: missing interrupt, status=0x21 wd0d: device timeout reading fsbn 234997440 of 234997440-234997567 (wd0 bn 236170185; cn 14700 tn 233 sn 6), retrying wd0: soft error (corrected) wd0(pciide1:0:0): timeout type: ata c_bcount: 65536 c_skip: 0 pciide1:0:0: bus-master DMA error: missing interrupt, status=0x21 wd0d: device timeout reading fsbn 235719872 of 235719872-23571 (wd0 bn 236892617; cn 14745 tn 225 sn 17), retrying wd0: soft error (corrected) Warning: truncating spare disk /dev/wd2d to 487219200 blocks. OpenBSD 4.0 (GENERIC) #0: Thu Nov 23 01:28:38
VPN stability issues with a Fortigate peer
Chris Jones writes: I'm running the release version or OpenBSD 4.0 on my firewall and experiencing some odd IPSEC VPN behavior when connecting to a Fortigate peer. The tunnel will come up just fine but will randomly go down and then come back up and will continue this cycle. Unfortunately both FortiGate and OpenBSD don't follow Postel's advice to be liberal in what you accept (OpenBSD) and conservative in what you send (FortiGate). RFC 3706 section 5.3 says that the DOI SHOULD (not MUST) be 1. When the FortiGate sends a DPD with a DOI of 0, OpenBSD rejects it because that sends it to the ISAKMP handler which drops NOTIFY messages (see annotated trace below). If you only need DPD on one end and OpenBSD will send a DPD Vendor ID without trying to send a DPD (I haven't checked) then you can leave DPD enabled on the FortiGate and disable it OpenBSD. If that won't work or isn't acceptable (won't work too well if the FortiGate is configured with a dynamic connection) then to get FortiGate and OpenBSD DPD to interoperate you'll need to get one or both of FortiGate and OpenBSD to change their code. For FortiGate, send email to their customer support. In the case of OpenBSD maybe it is as simple as copying over the DPD message parsing from src/sbin/isakmpd/ipsec.c:ipsec_responder and put it in src/sbin/isakmpd/isakmpd_doi.c:isakmp_responder. BTW Cisco IOS (12.4) does follow the be liberal in what you accept recommendation in this case and will accept a DPD with a DOI of 0 from a FortiGate (though it will log a warning for DPD R U THERE). I am running isakmpd with the -K option and using ipsecctl to establish flows and SA's. This is what my ipsec.conf looks like: remote_gw = 10.1.1.1 flow esp from 192.168.8.1/32 to 192.168.0.0/16 peer $remote_gw type bypass ike dynamic esp from 192.168.8.0/24 to 192.168.0.0/16 peer $remote_gw \ aggressive auth hmac-sha1 enc 3des group modp1536 \ quick auth hmac-sha1 enc 3des group modp1536 \ srcid [EMAIL PROTECTED] \ psk sharedsecret The peer is DPD capable and enabled with the following settings: retry-count: 3 retry-interval: 5 After running isakmpd in debug mode (isakmpd -d -DA=50 -K) and after running ipsecctl I issued a continuous ping to one of the hosts at the other side of the tunnel. The ping ran fine for a period of time and then stopped. Here is the ouput from the debug: 073059.683292 Cryp 30 crypto_decrypt: after decryption: 073059.686654 Cryp 30 0118 fbbe1146 c43cf921 dc386a4a 0dfc2751 e4cf2a6d 0a34 0001 073059.689438 Cryp 30 0001 0028 01030401 f286fdea 001c 0103 80010001 800204b0 073059.692737 Cryp 30 80040001 80050002 80030005 0414 c5664590 c4700a67 9cec6a71 633ffd8c 073059.695546 Cryp 30 05c4 6214a4ed 31ca88ca 0945b3d6 dd2c44ef d03b008d 72b5ea00 273d3e0a 073059.698996 Cryp 30 5ec40d98 02c0ebad e3eac805 f87fa1ee 1142e2fd 92aee043 09e84e1c 3788c268 073059.701817 Cryp 30 4fdab8c6 1cbfad15 8123a459 df7a9a3b 66db84c5 59211ec4 90882bfc 2ae61c66 073059.705109 Cryp 30 6d35acdf 585d0b08 c5560cf9 d4a996a7 32a18daa d3385206 7ce49f52 f5bab82c 073059.707999 Cryp 30 12b6cc01 29fec19b 3f582995 e80637b4 5e99d396 3a3b650b 2d78dd5f 44879af5 073059.711332 Cryp 30 1f8e016d 27c69817 341c6984 52e4f663 175db8ba c206fb2b 08b9d0df f46705c1 073059.714125 Cryp 30 5a7d0a5a 0510 0400 0a4c0800 ff00 0010 0400 0a4c 073059.717252 Cryp 30 073059.719573 Mesg 50 message_parse_payloads: offset 28 payload HASH 073059.722425 Mesg 50 message_parse_payloads: offset 52 payload SA 073059.724772 Mesg 50 message_parse_payloads: offset 104 payload NONCE 073059.727806 Mesg 50 message_parse_payloads: offset 124 payload KEY_EXCH 073059.730126 Mesg 50 message_parse_payloads: offset 320 payload ID 073059.733027 Mesg 50 message_parse_payloads: offset 336 payload ID 073059.735500 Mesg 50 message_parse_payloads: offset 64 payload PROPOSAL 073059.738492 Mesg 50 message_parse_payloads: offset 76 payload TRANSFORM 073059.740835 Mesg 50 Transform 1's attributes 073059.743665 Mesg 50 Attribute SA_LIFE_TYPE value 1 073059.745973 Mesg 50 Attribute SA_LIFE_DURATION value 1200 073059.749044 Mesg 50 Attribute ENCAPSULATION_MODE value 1 073059.751324 Mesg 50 Attribute AUTHENTICATION_ALGORITHM value 2 073059.754161 Mesg 50 Attribute GROUP_DESCRIPTION value 5 073059.757008 Mesg 40 ipsec_validate_id_information: proto 0 port 0 type 4 073059.761190 Mesg 40 ipsec_validate_id_information: IPv4 network/netmask: 073059.763556 Mesg 40 0a4c0800 ff00 073059.766532 Mesg 40 ipsec_validate_id_information: proto 0 port 0 type 4 073059.768913 Mesg 40 ipsec_validate_id_information: IPv4 network/netmask: 073059.771838 Mesg 40 0a4c 073059.774860 Misc 20 ipsec_decode_transform: transform 1 chosen 073059.778019 Cryp 50 crypto_update_iv: updated IV:
Re: crash on 4.0 (but no ddb)
Stuart Henderson wrote: I've had faulty hardware that was somewhat stable with earlier releases but crashed more often with code from sometime in april; the key point is that the hardware _was_ faulty. memtest86 did not find any RAM errors. 'make build' whilst running stress (from ports) did crash (quickly in the case of the newer OS; after running for a while in the case of the older OS). This was resolved by replacing the CPU with a good one. I ran a 'make build' Friday night on 4.0, along with 'stress --vm 1 --cpu 33' but it was still trying to configure apache after several hours, so I cancelled the stress, changed hw.setperf to 100 and let it grind away. The next morning I found the system frozen at the libc build stage (qsort.o). I'm not sure that any of this is really significant since under 4.0 this machine freezes up even when the system is completely idle for hours on end. Yesterday I reverted back to 3.9 and did another 'make build', with hw.setperf also at 100. It completed without any problems (no sig11, crash, freeze or anything out of the ordinary). If you think it's worthwhile to try that again with more load, what stress parameters do you suggest?
Re: crash on 4.0 (but no ddb)
This machine has been locking up randomly once or twice a day on average, but always when X is running. So I've been leaving it in console mode at night, hoping it crashes into ddb... Last night it crashed, but unfortunately, it didn't go into ddb on its own, and the ddb.console Ctl-Alt-Esc key sequence didn't work either. Once again, the keyboard was completely dead (CapsLock key doesn't even toggle the LED). Actually that's not entirely true, I had left the LCD backlight turned off, and hitting a random key turned it back on. But that's the extent of the keyboard functionality. It looks like there was no activity when the machine crashed. I don't have cron jobs that run at night, other than fetchmail (0,30 * * * *) and it crashed sometime between 02:03:30 and 02:23:29: Nov 24 01:03:29 icicle -- MARK -- Nov 24 01:23:29 icicle -- MARK -- Nov 24 01:43:30 icicle -- MARK -- Nov 24 02:03:30 icicle -- MARK -- Nov 24 08:59:58 icicle syslogd: restart Nov 24 08:59:58 icicle /bsd: OpenBSD 4.0 (GENERIC) #1107: Sat Sep 16 19:15:58 MDT 2006 Nov 24 08:59:58 icicle /bsd: [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC I'm not sure what to do at this point. I'll run memtest86 tonight, but I'm very skeptical that it will reveal any hardware problems. This machine started acting strange the next day after I upgraded it to 4.0, and I can't recall a single crash during the 3.7 - 3.9 releases.
Re: slow compiling on amd64
No - I haven't tried an older version. The oldest I would go on a production machine would be 3.9. I could try 3.9, but to be honest I don't have time to test things out. I need these servers up, yesterday. I really don't want to use another OS, but might have to if I don't solve this problem quickly. Regards, Stephen On 15-Nov-06, at 10:19 PM, Brian Keefer wrote: On Nov 15, 2006, at 8:17 PM, Stephen Schaff wrote: this is my first post to the list - so please bear with me... I have 2 amd64 machines that I plan on using in production, and 1 amd64 machine at home for testing. I tried installing the amd64 openbsd on both machines and discovered that doing a make on anything goes really, really slowly. I have the i386 openbsd installed on my test system and it does everything very quickly. So, I tried installing i386 on my 2 production machines. It's still slow on both of them! When I say slow, here's what I mean. I'm compiling a new kernel with raid support. Just doing a make depend take roughly 30 seconds on my test machine and 30 minutes on the production machines. # time make depend TEST MACHINE: 0m31.36s real 0m20.64s user 0m6.32s system PRODUCTION MACHINE: 36m8.08s real 5m32.17s user 1m37.57s system Another poster and myself have been puzzling over amd64 performance problems as well. It seems that the OpenBSD/amd64 OS was fast back in 3.5, but somewhere between then and now it has slowed down dramatically. Have you tried installing older versions of OpenBSD to see if the performance is better? Brian Keefer www.Tumbleweed.com The Experts in Secure Internet Communication
Re: slow compiling on amd64
What strikes me as very bizarre is that my slower amd64 machine at home is just fine and runs really well. That one has an nvidia chipset on the A8N-SLI motherboard. The machines that aren't working properly have the A8N-VM CMS board which also uses the nvidia chipset. I just don't understand how there can be a difference factor of 10. 30 seconds for make depend on the A8N-SLI and 30 mins on the A8N-VM CMS (???) I MUST be missing something simple - has nobody else seen this? Regards, Stephen On 15-Nov-06, at 9:36 PM, Chris Kuethe wrote: Dmesg? Nvidia chipsets are dog-slow. On 11/15/06, Stephen Schaff [EMAIL PROTECTED] wrote: this is my first post to the list - so please bear with me... I have 2 amd64 machines that I plan on using in production, and 1 amd64 machine at home for testing. I tried installing the amd64 openbsd on both machines and discovered that doing a make on anything goes really, really slowly. I have the i386 openbsd installed on my test system and it does everything very quickly. So, I tried installing i386 on my 2 production machines. It's still slow on both of them! When I say slow, here's what I mean. I'm compiling a new kernel with raid support. Just doing a make depend take roughly 30 seconds on my test machine and 30 minutes on the production machines. # time make depend TEST MACHINE: 0m31.36s real 0m20.64s user 0m6.32s system PRODUCTION MACHINE: 36m8.08s real 5m32.17s user 1m37.57s system Here's the hardware: # sysctl hw TEST MACHINE: hw.machine=i386 hw.model=AMD Athlon(tm) 64 Processor 3000+ (AuthenticAMD 686-class, 512KB L2 cache) hw.ncpu=1 hw.byteorder=1234 hw.physmem=1073246208 hw.usermem=1072939008 hw.pagesize=4096 hw.disknames=wd0,cd0 hw.diskcount=2 hw.sensors.0=it0, Fan1, 5443 RPM hw.sensors.3=it0, VCORE_A, 1.41 V DC hw.sensors.4=it0, VCORE_B, 0.00 V DC hw.sensors.5=it0, +3.3V, 3.28 V DC hw.sensors.6=it0, +5V, 5.03 V DC hw.sensors.7=it0, +12V, 11.78 V DC hw.sensors.8=it0, Unused, 0.82 V DC hw.sensors.9=it0, -12V, -17.00 V DC hw.sensors.10=it0, +5VSB, 4.78 V DC hw.sensors.11=it0, VBAT, 3.06 V DC hw.sensors.12=it0, Temp 1, 35.00 degC hw.sensors.13=it0, Temp 2, 37.00 degC hw.sensors.14=it0, Temp 3, 25.00 degC hw.cpuspeed=1810 hw.setperf=100 hw.vendor=ASUSTeK Computer INC. hw.product=A8N-SLI DELUXE hw.version=1.XX hw.serialno=123456789000 hw.uuid=000fa389-5f1d-d711-9ec4-0011d84a06a8 PRODUCTION MACHINE: hw.machine=i386 hw.model=AMD Athlon(tm) 64 Processor 3500+ (AuthenticAMD 686-class, 512KB L2 cache) hw.ncpu=1 hw.byteorder=1234 hw.physmem=1005940736 hw.usermem=1005699072 hw.pagesize=4096 hw.disknames=cd0,wd0,wd1,wd2,wd3 hw.diskcount=5 hw.sensors.0=lm0, VCore A, 2.96 V DC hw.sensors.1=lm0, VCore B, 3.63 V DC hw.sensors.2=lm0, +3.3V, 3.38 V DC hw.sensors.3=lm0, +5V, 5.67 V DC hw.sensors.4=lm0, +12V, 16.32 V DC hw.sensors.5=lm0, -12V, -12.86 V DC hw.sensors.6=lm0, -5V, -5.36 V DC hw.sensors.7=lm0, Temp1, 33.00 degC hw.sensors.10=lm0, Fan3, 4017 RPM hw.cpuspeed=2211 hw.setperf=100 hw.vendor=ASUSTeK Computer INC. hw.product=A8N-VM CSM hw.uuid=c478ed80-74fe-d511-b068-749cdaa7f59a ANY ideas? This one is stumping me completely and I've wasted a week trying to sort it out. TIA! Stephen -- GDB has a 'break' feature; why doesn't it have 'fix' too?
Re: slow compiling on amd64
Thank you for your suggestions. It looks like write caching is enabled. I've pasted the results below. Stephen On 16-Nov-06, at 3:53 AM, Stuart Henderson wrote: On 2006/11/16 01:02, Stephen Schaff wrote: I just don't understand how there can be a difference factor of 10. factor of 100. yes - guess I was tired when calculating that! 30 seconds for make depend on the A8N-SLI and 30 mins on the A8N-VM CMS (???) I MUST be missing something simple - has nobody else seen this? softdep mount option? this will slow down creation/removal of large numbers of files. hard-drive write caching? (check under the 'Device has enabled...' section of 'sudo atactl wd0') drive write speeds will be low if it's not enabled (some drives normally enable it, some don't and you can do so in rc.local). sudo atactl wd0: Model: ST3250823AS, Rev: 3.03, Serial #: 5ND2CD2Q Device type: ATA, fixed Cylinders: 16383, heads: 16, sec/track: 63, total sectors: 488397168 Device capabilities: ATA standby timer values IORDY operation IORDY disabling Device supports the following standards: ATA-1 ATA-2 ATA-3 ATA-4 ATA-5 ATA-6 ATA-7 Master password revision code 0xfffe Device supports the following command sets: READ BUFFER command WRITE BUFFER command Host Protected Area feature set Read look-ahead Write cache Power Management feature set Security Mode feature set SMART feature set Flush Cache Ext command Flush Cache command Device Configuration Overlay feature set 48bit address feature set Set Max security extension commands DOWNLOAD MICROCODE command SMART self-test SMART error logging Device has enabled the following command sets/features: READ BUFFER command WRITE BUFFER command Host Protected Area feature set Read look-ahead Write cache Power Management feature set SMART feature set Flush Cache Ext command Flush Cache command Device Configuration Overlay feature set 48bit address feature set DOWNLOAD MICROCODE command
slow compiling on amd64
this is my first post to the list - so please bear with me... I have 2 amd64 machines that I plan on using in production, and 1 amd64 machine at home for testing. I tried installing the amd64 openbsd on both machines and discovered that doing a make on anything goes really, really slowly. I have the i386 openbsd installed on my test system and it does everything very quickly. So, I tried installing i386 on my 2 production machines. It's still slow on both of them! When I say slow, here's what I mean. I'm compiling a new kernel with raid support. Just doing a make depend take roughly 30 seconds on my test machine and 30 minutes on the production machines. # time make depend TEST MACHINE: 0m31.36s real 0m20.64s user 0m6.32s system PRODUCTION MACHINE: 36m8.08s real 5m32.17s user 1m37.57s system Here's the hardware: # sysctl hw TEST MACHINE: hw.machine=i386 hw.model=AMD Athlon(tm) 64 Processor 3000+ (AuthenticAMD 686-class, 512KB L2 cache) hw.ncpu=1 hw.byteorder=1234 hw.physmem=1073246208 hw.usermem=1072939008 hw.pagesize=4096 hw.disknames=wd0,cd0 hw.diskcount=2 hw.sensors.0=it0, Fan1, 5443 RPM hw.sensors.3=it0, VCORE_A, 1.41 V DC hw.sensors.4=it0, VCORE_B, 0.00 V DC hw.sensors.5=it0, +3.3V, 3.28 V DC hw.sensors.6=it0, +5V, 5.03 V DC hw.sensors.7=it0, +12V, 11.78 V DC hw.sensors.8=it0, Unused, 0.82 V DC hw.sensors.9=it0, -12V, -17.00 V DC hw.sensors.10=it0, +5VSB, 4.78 V DC hw.sensors.11=it0, VBAT, 3.06 V DC hw.sensors.12=it0, Temp 1, 35.00 degC hw.sensors.13=it0, Temp 2, 37.00 degC hw.sensors.14=it0, Temp 3, 25.00 degC hw.cpuspeed=1810 hw.setperf=100 hw.vendor=ASUSTeK Computer INC. hw.product=A8N-SLI DELUXE hw.version=1.XX hw.serialno=123456789000 hw.uuid=000fa389-5f1d-d711-9ec4-0011d84a06a8 PRODUCTION MACHINE: hw.machine=i386 hw.model=AMD Athlon(tm) 64 Processor 3500+ (AuthenticAMD 686-class, 512KB L2 cache) hw.ncpu=1 hw.byteorder=1234 hw.physmem=1005940736 hw.usermem=1005699072 hw.pagesize=4096 hw.disknames=cd0,wd0,wd1,wd2,wd3 hw.diskcount=5 hw.sensors.0=lm0, VCore A, 2.96 V DC hw.sensors.1=lm0, VCore B, 3.63 V DC hw.sensors.2=lm0, +3.3V, 3.38 V DC hw.sensors.3=lm0, +5V, 5.67 V DC hw.sensors.4=lm0, +12V, 16.32 V DC hw.sensors.5=lm0, -12V, -12.86 V DC hw.sensors.6=lm0, -5V, -5.36 V DC hw.sensors.7=lm0, Temp1, 33.00 degC hw.sensors.10=lm0, Fan3, 4017 RPM hw.cpuspeed=2211 hw.setperf=100 hw.vendor=ASUSTeK Computer INC. hw.product=A8N-VM CSM hw.uuid=c478ed80-74fe-d511-b068-749cdaa7f59a ANY ideas? This one is stumping me completely and I've wasted a week trying to sort it out. TIA! Stephen
Re: slow compiling on amd64
AMD64 Address Map rev 0x00 pchb2 at pci0 dev 24 function 2 AMD AMD64 DRAM Cfg rev 0x00 pchb3 at pci0 dev 24 function 3 AMD AMD64 Misc Cfg rev 0x00 isa0 at pcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker spkr0 at pcppi0 lpt0 at isa0 port 0x378/4 irq 7 lm0 at isa0 port 0x290/8: unknown Winbond chip (ID 0xa1) npx0 at isa0 port 0xf0/16: using exception 16 pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 biomask ff6d netmask ff6d ttymask ffef pctr: user-level cycle counter enabled dkcsum: wd0 matches BIOS drive 0x80 dkcsum: wd1 matches BIOS drive 0x81 wd2: no disk label dkcsum: wd2 matches BIOS drive 0x82 wd3: no disk label dkcsum: wd3 matches BIOS drive 0x83 root on wd0a rootdev=0x0 rrootdev=0x300 rawdev=0x302 On 15-Nov-06, at 9:36 PM, Chris Kuethe wrote: Dmesg? Nvidia chipsets are dog-slow. On 11/15/06, Stephen Schaff [EMAIL PROTECTED] wrote: this is my first post to the list - so please bear with me... I have 2 amd64 machines that I plan on using in production, and 1 amd64 machine at home for testing. I tried installing the amd64 openbsd on both machines and discovered that doing a make on anything goes really, really slowly. I have the i386 openbsd installed on my test system and it does everything very quickly. So, I tried installing i386 on my 2 production machines. It's still slow on both of them! When I say slow, here's what I mean. I'm compiling a new kernel with raid support. Just doing a make depend take roughly 30 seconds on my test machine and 30 minutes on the production machines. # time make depend TEST MACHINE: 0m31.36s real 0m20.64s user 0m6.32s system PRODUCTION MACHINE: 36m8.08s real 5m32.17s user 1m37.57s system Here's the hardware: # sysctl hw TEST MACHINE: hw.machine=i386 hw.model=AMD Athlon(tm) 64 Processor 3000+ (AuthenticAMD 686-class, 512KB L2 cache) hw.ncpu=1 hw.byteorder=1234 hw.physmem=1073246208 hw.usermem=1072939008 hw.pagesize=4096 hw.disknames=wd0,cd0 hw.diskcount=2 hw.sensors.0=it0, Fan1, 5443 RPM hw.sensors.3=it0, VCORE_A, 1.41 V DC hw.sensors.4=it0, VCORE_B, 0.00 V DC hw.sensors.5=it0, +3.3V, 3.28 V DC hw.sensors.6=it0, +5V, 5.03 V DC hw.sensors.7=it0, +12V, 11.78 V DC hw.sensors.8=it0, Unused, 0.82 V DC hw.sensors.9=it0, -12V, -17.00 V DC hw.sensors.10=it0, +5VSB, 4.78 V DC hw.sensors.11=it0, VBAT, 3.06 V DC hw.sensors.12=it0, Temp 1, 35.00 degC hw.sensors.13=it0, Temp 2, 37.00 degC hw.sensors.14=it0, Temp 3, 25.00 degC hw.cpuspeed=1810 hw.setperf=100 hw.vendor=ASUSTeK Computer INC. hw.product=A8N-SLI DELUXE hw.version=1.XX hw.serialno=123456789000 hw.uuid=000fa389-5f1d-d711-9ec4-0011d84a06a8 PRODUCTION MACHINE: hw.machine=i386 hw.model=AMD Athlon(tm) 64 Processor 3500+ (AuthenticAMD 686-class, 512KB L2 cache) hw.ncpu=1 hw.byteorder=1234 hw.physmem=1005940736 hw.usermem=1005699072 hw.pagesize=4096 hw.disknames=cd0,wd0,wd1,wd2,wd3 hw.diskcount=5 hw.sensors.0=lm0, VCore A, 2.96 V DC hw.sensors.1=lm0, VCore B, 3.63 V DC hw.sensors.2=lm0, +3.3V, 3.38 V DC hw.sensors.3=lm0, +5V, 5.67 V DC hw.sensors.4=lm0, +12V, 16.32 V DC hw.sensors.5=lm0, -12V, -12.86 V DC hw.sensors.6=lm0, -5V, -5.36 V DC hw.sensors.7=lm0, Temp1, 33.00 degC hw.sensors.10=lm0, Fan3, 4017 RPM hw.cpuspeed=2211 hw.setperf=100 hw.vendor=ASUSTeK Computer INC. hw.product=A8N-VM CSM hw.uuid=c478ed80-74fe-d511-b068-749cdaa7f59a ANY ideas? This one is stumping me completely and I've wasted a week trying to sort it out. TIA! Stephen -- GDB has a 'break' feature; why doesn't it have 'fix' too?
Re: crash on 4.0 (but no ddb)
Alexander Hall wrote: Try a serial console, if possible. I have not been able to view the ddb output if the machine crashed while running X. Not sure if the caps lock etc was unresponsive, though. I am on a Dell Inspiron 4100. This laptop doesn't have any serial ports, but maybe one of those USB-RS-232 cables will work for this? Although if it's X that's causing ddb not to appear, I can just exit back to the console when I'm not using the machine. It sometimes locks up immediately after or during the daily cron job. I enabled the mark stuff in syslog, and this is what shows up in /var/log/messages (daily cron runs at 08:30): Nov 11 07:49:37 icicle -- MARK -- Nov 11 08:09:38 icicle -- MARK -- Nov 11 08:29:38 icicle -- MARK -- Nov 11 10:08:40 icicle syslogd: restart Nov 11 10:08:40 icicle /bsd: OpenBSD 4.0 (GENERIC) #1107: Sat Sep 16 19:15:58 MDT 2006 Nov 11 10:08:40 icicle /bsd: [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC I think that in this case the cron job finished because sendmail was invoked (this is /var/log/daemon): Nov 11 08:30:07 icicle identd[26402]: Connection from localhost.perlguru.net Nov 11 08:31:22 icicle identd[2040]: Connection from localhost.perlguru.net Nov 11 08:31:23 icicle identd[17847]: Connection from localhost.perlguru.net Nov 11 10:08:40 icicle named[1091]: starting BIND 9.3.2-P1 It's strange that the machine would freeze up *after* all the cron activity is finished. BTW, I removed softdep on all mounts in the fstab, in case that extra variable was an issue. Sadly X was running that day, so no ddb... Or try typing boot crash or so, and see if anything happens, but you maybe tried that earlier. Haven't tried that yet, but that's because I'm waiting for the machine to crash into ddb. :-) I can invoke ddb at the console with Ctrl-Alt-Esc, and then exit from it with continue, but so far haven't been able to trigger it at the right time. I installed the stress package and tried using that to put some load on the system, but it hapilly kept chugging away all night long while running stress --vm 1 --cpu 500.
Re: crash on 4.0 (but no ddb)
On Sun, Nov 05, 2006 at 05:27:05PM -0500, Kyle George wrote: Actually, what I should have said was uncomment the ddb.console=1 line in sysctl.conf. That's where it should go. It will work in either place though. Yeah that's what I did. :-) Unfortunately the machine crashed again tonight while I was using it, and the ddb.console key sequence didn't work, because the keyboard was totally dead. I had just started up xpdf, and it was taking forever to load the file (lots of graphics on this PDF) when I realized after a couple minutes that this time it wasn't going to finish loading... Ever since 3.9 was released I've been throttling the CPU with hw.setperf=0, because I don't mind a slightly slower system. I've loaded much crazier PDFs than this one before in previous releases, and although sometimes they can take a while to load, the machine never crashed like this. At most the xpdf process crashes and tells me it ran out of memory. :-) That's fine though and my ulimits are sane, considering that the machine has lots of RAM (and hardly ever hits swap): time(cpu-seconds)unlimited file(blocks) unlimited coredump(blocks) 0 data(kbytes) 131072 stack(kbytes)4096 lockedmem(kbytes)146377 memory(kbytes) 437376 nofiles(descriptors) 128 processes64 Since hotplugd was running, I tried to plug in a USB disk, in order to see if anything was alive still. The little LED on the flash disk didn't turn on... I then plugged my Linksys WPC11 into the cardbus slot, and it stayed dead too. It seemed like the machine was really locked up hard. Is there any way to troubleshoot this further in this kind of situation? I don't think it's the hardware, because I'm subjecting the machine to the same stress levels as always, and it started acting strange the next morning after the 3.9 - 4.0 upgrade.
crash on 4.0 (but no ddb)
I upgraded my laptop yesterday, and this afternoon I returned to find an interesting surprise: the screen was blank, and the keyboard completely unresponsive (even the CapsLock key LED didn't toggle). Unfortunately the logs don't say much. I hard-reset the machine at 13:25. Here are the only log entries immediately before then: - /var/log/messages - Nov 4 20:04:43 icicle /bsd: root on wd0a Nov 4 20:04:43 icicle /bsd: rootdev=0x0 rrootdev=0x300 rawdev=0x302 Nov 4 20:04:43 icicle named[16496]: starting BIND 9.3.2-P1 Nov 4 20:04:43 icicle named[16496]: command channel listening on 127.0.0.1#953 Nov 4 20:04:43 icicle named[16496]: command channel listening on ::1#953 Nov 4 20:04:43 icicle named[16496]: running Nov 4 20:04:52 icicle savecore: no core dump Nov 4 20:10:49 icicle /bsd: auich0: measured ac97 link rate at 48004 Hz, will use 48000 Hz Nov 5 04:00:01 icicle syslogd: restart Nov 5 09:00:02 icicle syslogd: restart - /var/log/daemon - Nov 4 20:04:52 icicle savecore: no core dump Nov 4 20:04:54 icicle hotplugd[16958]: started Nov 4 20:04:54 icicle hotplugd[16958]: wskbd1 attached, class 5 Nov 4 20:04:54 icicle hotplugd[16958]: ukbd0 attached, class 0 Nov 4 20:04:54 icicle hotplugd[16958]: uhidev0 attached, class 0 Nov 4 20:04:54 icicle hotplugd[16958]: wsmouse1 attached, class 5 Nov 4 20:04:54 icicle hotplugd[16958]: ums0 attached, class 0 Nov 4 20:04:54 icicle hotplugd[16958]: uhidev1 attached, class 0 Nov 5 08:31:14 icicle identd[4452]: Connection from localhost.perlguru.net Nov 5 08:31:15 icicle identd[16243]: Connection from localhost.perlguru.net It looks like the daily cronjob successfully ran at 08:30 (I even got the daily insecurity email that lists all the filesystem changes due to the 3.9 - 4.0 upgrade). And syslogd rotated the logfiles at 09:00. But after that, there doesn't appear to have been any activity. I even checked pflog, but it doesn't have anything since Oct 23. This laptop doesn't run apmd since the BIOS doesn't support APM. The processes running this morning were probably more or less the same as they are now: [EMAIL PROTECTED](ttyp3:0):~$ ps aux USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND root 7420 0.0 0.0 0 0 ?? ZW- 0:00.00 (sh) root 1 0.0 0.1 336 352 ?? Is 1:10PM0:00.01 /sbin/init -s root 18407 0.0 0.1 248 392 ?? Ds 1:19PM0:00.00 wsmoused -2 root 6547 0.0 0.1 131564 332 ?? Ss 1:25PM0:00.04 /sbin/mount_mfs -o rw -o nosuid _syslogd 14202 0.0 0.1 428 540 ?? S 1:25PM0:00.02 syslogd -a /var/named/dev/log -a root 17638 0.0 0.1 400 532 ?? Is 1:25PM0:00.00 syslogd: [priv] (syslogd) root 31822 0.0 0.1 420 388 ?? Is 1:25PM0:00.00 pflogd: [priv] (pflogd) _pflogd 24668 0.0 0.0 484 228 ?? S 1:25PM0:00.08 pflogd: [running] -s 116 -f /var root 7435 0.0 0.1 1460 540 ?? Is 1:25PM0:00.00 named: [priv] (named) named12722 0.0 0.6 2372 2860 ?? S 1:25PM0:00.15 named root 671 0.0 0.1 500 548 ?? Is 1:26PM0:00.00 inetd root 17187 0.0 0.1 332 376 ?? Is 1:26PM0:00.00 /usr/sbin/hotplugd root 16847 0.0 0.1 628 692 ?? Ss 1:26PM0:00.01 cron root 15969 0.0 0.2 1044 1104 ?? Ss 1:26PM0:00.08 sendmail: accepting connections smt 23933 0.0 1.7 5372 8536 ?? S 1:28PM0:13.45 /usr/X11R6/bin/X :0 -nolisten tc root 18443 0.0 0.1 1740 492 ?? I 1:28PM0:00.00 X: [priv] (Xorg) smt 14161 0.0 0.1 452 420 ?? Is 1:29PM0:00.01 sh -c sh smt 23180 0.0 0.7 1384 3512 ?? R 1:29PM0:01.94 xterm -e screen -R smt 25812 0.0 0.8 3236 3860 ?? Rs 1:29PM0:01.29 SCREEN -R (screen) smt 2706 0.0 0.2 688 900 p0 Ss+1:29PM0:00.02 screen -R smt434 0.0 0.1 572 600 p1 Is 1:29PM0:00.05 -/bin/ksh smt 14789 0.0 0.7 2004 3344 p1 I+ 1:44PM0:00.26 lynx smt 30149 0.0 0.1 592 584 p2 Is 1:53PM0:00.05 -/bin/ksh smt 13419 0.0 0.7 2040 3324 p2 I+ 1:55PM0:00.60 mutt smt 23410 0.0 0.1 448 432 p2 I+ 1:56PM0:00.00 sh -c sh smt 11529 0.0 0.6 2404 3060 p2 S+ 1:56PM0:02.27 vim /tmp/mutt-icicle-1000-13419- smt 28069 0.0 0.1 600 612 p3 Ss 2:33PM0:00.03 -/bin/ksh smt 18783 0.0 0.0 476 228 p3 R+ 2:33PM0:00.00 ps -aux smt 16007 0.0 0.1 504 460 C0 Is+1:28PM0:00.04 /bin/sh /usr/X11R6/bin/startx /u smt 31464 0.0 0.2 428 776 C0 I+ 1:28PM0:00.01 /usr/X11R6/bin/xinit /home/smt/. smt 18820 0.0 0.1 556 452 C0 I 1:29PM0:00.01 sh /home/smt/.xinitrc smt 13455 0.0 0.2 460 1144 C0 I 1:29PM0:00.02 xbindkeys -n smt 18184 0.0 0.2 428 1132 C0 I 1:29PM0:00.01
Re: crash on 4.0 (but no ddb)
On Sun, Nov 05, 2006 at 03:12:33PM -0500, Kyle George wrote: Maybe add sysctl ddb.console=1 to rc.securelevel so if it happens again you can try breaking into ddb with ctrl-alt-esc. Thanks! I'll add that, reboot, and we shall see...
Re: Soekris net4801, OpenBSD 3.8, and manual disklabel
joerch wrote: On Mon, Oct 16, 2006 at 02:13:53PM -0600, Stephen Bosch wrote: I recently switched to 1.0 GB SanDisk CF. I can generate images no problem, but at boot time, we see this warning: Automatic boot in progress: starting file system checks. /dev/rwd0a: file system is clean; not checking /dev/rwd0d: file system is clean; not checking Warning: inode blocks/cyl group (16) = data blocks (12) in last cylinder group. This implies 384 sector(s) cannot be allocated. Warning: inode blocks/cyl group (16) = data blocks (12) in last cylinder group. This implies 384 sector(s) cannot be allocated. I don't know what this means. Most of the time it is bad hardware. How did you get the image on the cf card ? Did you use an external usb to cf device ? I used a usb card reader, yes. I've done it before, using a different reader; I don't recall having this problem -- but it's true that this reader is new and I haven't used it much. Anything's possible. I did that more than one time, only to find out that most of these devices are crap. Maybe the cf card had some problems from the beginning or maybe it happened at the copy process. Is it a random thing, or can I reliably expect this to happen every time? Format the cf card and get an ide to cf adapter, plug it in an ide slot and copy it again. I'll try that. With the adapter it worked fine everytime i installed openbsd on a cf card. That is the fastest and secure way to get your data on the cf. I should point out that I've been generating the disklabels manually from text. Could that be the problem? I will not tell you how bad it worked with the usb device, too much 4 letter words will be in that mail. Ha! -Stephen-
Re: OpenBSD 3.8, Soekris net4801 - console boot hangs when keys pressed
Stephen Bosch wrote: Hi: I have a Soekris net4801 which runs from a compact flash disk. It boots to the serial console. I've set everything to 9600 baud, 8 bit words, no parity, 1 stop bit. When left unattended, it boots normally. If I try to enter anything at the boot prompt, I see one character and then it hangs completely. Only a hard reset fixes it: A generous soul has pointed out that flow control causes this problem. I have disabled all flow control in the terminal client and this resolved the problem. Thanks! -Stephen-
Soekris net4801, OpenBSD 3.8, and manual disklabel
Hi: I use a script to generate images for the compact flash disks I use in my Soekris net4801 devices. I recently switched to 1.0 GB SanDisk CF. I can generate images no problem, but at boot time, we see this warning: Automatic boot in progress: starting file system checks. /dev/rwd0a: file system is clean; not checking /dev/rwd0d: file system is clean; not checking Warning: inode blocks/cyl group (16) = data blocks (12) in last cylinder group. This implies 384 sector(s) cannot be allocated. Warning: inode blocks/cyl group (16) = data blocks (12) in last cylinder group. This implies 384 sector(s) cannot be allocated. I don't know what this means. Here is output from disklabel for the device in question: Disk: wd0 geometry: 993/32/63 [2001888 Sectors] Offset: 0 Signature: 0xAA55 Starting Ending LBA Info: #: idC H S -C H S [ start: size ] 0: 000 0 0 -0 0 0 [ 0: 0 ] unused 1: 000 0 0 -0 0 0 [ 0: 0 ] unused 2: 000 0 0 -0 0 0 [ 0: 0 ] unused *3: A60 1 1 - 992 31 63 [ 63: 2001825 ] OpenBSD # disklabel wd0 # Inside MBR partition 3: type A6 start 63 size 2001825 # /dev/rwd0c: type: ESDI disk: label: sd1024 flags: bytes/sector: 512 sectors/track: 63 tracks/cylinder: 32 sectors/cylinder: 2016 cylinders: 993 total sectors: 2001888 rpm: 3600 interleave: 1 trackskew: 0 cylinderskew: 0 headswitch: 0 # microseconds track-to-track seek: 0 # microseconds drivedata: 0 5 partitions: # sizeoffset fstype [fsize bsize cpg] a:10073763 4.2BSD 1024 8192 49 # Cyl 0*-49 b: 1100800swap # Cyl50 - 50* c: 2001888 0 unused 0 0 # Cyl 0 - 992 d:510048102816 4.2BSD 1024 8192 86 # Cyl51 - 303 e: 1389024612864 4.2BSD 1024 8192 86 # Cyl 304 - 992 To my eye, everything looks kosher. The device seems to work just fine, but before I deploy this I would like to know exactly what is going on here. Any ideas? Thanks, -Stephen-
