Re: openbsd router hardware

[Joerg Zinke]

On Sat, 01 Mar 2008 20:32:33 -0500
"Brian A. Seklecki (Mobile)" <[EMAIL PROTECTED]> wrote:

> 
> On Mon, 2007-12-24 at 13:29 +0100, Joerg Zinke wrote:
> > Hi,
> > 
> > I'm looking for hardware to install an openbsd based dsl-router.
> > I already searched the list archives and looked at WRAP and Soekris,
> > but it seems that they do not match my requirements:
> > 
> > - fanless
> > - as small as possible
> 
> - Soekris
> - Routerboard
> - Axiomtek
> - ARInfotek
> - Nexcom
> - Advantech
> - Acrosser
> - Win Enterprises
> 
> I think that we can agree that you really want to avoid VIA-anything.
> You really get what you pay for.  Some set top models I've looked at:
> 
> http://www.axiomtek.com/products/ViewProduct.asp?view=470
> 
> http://www.nexcom.com/product/productshow.jsp?iid=11&pid=919
> 
> http://www.advantech.com/products/Tabletop-Intel-Pentium-MProcessor-based-Platformwith-4-PCIe-LAN-Ports-MINIPCI-Expansion-Onboard/mod_1-2JKJKY.aspx
> 
> 
> http://www.acrosser.com/Product/Networking%
> 20applicance/VPN-V-Series/Firewall_eden_m9923.html
> 
> 
> http://www.arinfotek.com/product/product.asp?idx=2002&pid=11

Thanks for all the links, I already have this box up and running:

http://www.omtec.de/200/cgi-bin/artikel/121/

with a 80GB HDD (24/7) and an additionally built-in:

ral0 at pci1 dev 6 function 0 "Ralink RT2561" rev 0x00: irq 11, address
xx:xx:xx:xx:xx:xx 
ral0: MAC/BBP RT2561C, RF RT2527

And I ordered this: 

http://www.mini-itx.com/store/?c=42

together with this:

http://www.mini-itx.com/store/?c=2#epiasn

to build a NAS based on an Areca Hardware-Raid Controller (SATA-II).
This will be my first VIA Board, will see how it works...

Cheers,

Joerg

Re: openbsd router hardware

[Marc Balmer]

Brian A. Seklecki (Mobile) wrote:


I'm looking for hardware to install an openbsd based dsl-router.
I already searched the list archives and looked at WRAP and Soekris,
but it seems that they do not match my requirements:

- fanless
- as small as possible


- Soekris
- Routerboard
- Axiomtek
- ARInfotek
- Nexcom
- Advantech
- Acrosser
- Win Enterprises


For the sake of completeness, let's add PC-Engines to the list.  The
ALIX boards probably come close to what is needed here, so does the
Soekris net5501.  Bot are small (the ALIX even smaller), have at least
3 LAN Ifs, fanless and USB 2.0.

Re: Cardbus bad Vcc request error with OpenBSD 4.2

[Duncan Patton a Campbell]

Does your laptop have USB2?  If so, it's the easy fix.  I, also,
have had small luck with cardbus on Toshibas up to the 2510 CDS, 
whereupon they begin to work (from dmesg):

(
cpu0: Intel Pentium/MMX ("GenuineIntel" 586-class) 267 MHz
...
cardslot1 at cbb1 slot 1 flags 0
cardbus1 at cardslot1: bus 21 device 0 cacheline 0x0, lattimer 0x0
pcmcia1 at cardslot1
re0 at cardbus1 dev 0 function 0 "NETGEAR, GA511": RTL8169/8110SB (0x1000), irq 
11, address 00:14:6c:2e:85:19
)

A 2500 and Satpro 4300 both didn't work and were cardbus too.  Unfortunately, 
the 2510 was also when they introduced USB2 that worked.

Dhu

On Sat, 1 Mar 2008 21:51:39 -0500
"Vikas N Kumar" <[EMAIL PROTECTED]> wrote:

> Hi All
> 
> This is the first time I am trying OpenBSD (version 4.2) on my Pentium II
> laptop (yes a very old laptop).
> Everything has installed smoothly and fast, except that the cardbus is not
> working, and since there is no in-built ethernet port in the laptop as  it
> is quite old, my only choice is to use a cardbus based pcmcia ethernet card.
> But the cardbus slot itself gives an error  when OpenBSD boots up. When I
> use Linux on the same laptop, the cardbus slot and the card work just fine.
> I tried googling for solutions but could not find any that worked. There is
> nothing in the BIOS to turn on or off the cardbus since Linux does not
> require it. I want to use OpenBSD on the laptop.
> 
> Here are the details of my laptop, and card and some lines from dmesg
> command. Unfortunately I cannot paste the dmesg since there is no way I can
> get that off the laptop without using floppy drives etc.
> 
> Laptop : HP Omnibook 4100
> CPU: Intel Pentium II 686-class 512KB L2 cache, 266 MHz
> RAM : 64MB
> Cardbus cbb0 : TI PCI1250 Cardbus
> Cardbus cbb1 : TI PCI1250 Cardbus
> Cardbus ethernet card : D-Link DFE-690TXD
> 
> error from cbb0 and cbb1 while booting is as follows :
> 
> cbb0: bad Vcc request. sock_ctrl 0xff88, sock_status 0x
> cardslot0 at cbb0 slot 0 flags 0
> cardbus0 at cardslot0: bus 1 device 0 cacheline 0x8, lattimer 0x20
> pcmcia0 at cardslot0
> cbb1: bad Vcc request. sock_ctrl 0xff88, sock_status 0x
> cardslot1 at cbb1 slot 1 flags 0
> cardbus1 at cardslot1: bus 2 device 0 cacheline 0x8, lattimer 0x20
> pcmcia1 at cardslot1
> 
> Any help will be greatly appreciated.
> 
> Thanks and Regards
> Vikas Kumar
> 
> http://www.vikaskumar.org/

Re: Would a crypto-accelerators help WEP on Soekris?

[Alexey Vatchenko]

On 2008-03-02, Andre Pierre <[EMAIL PROTECTED]> wrote:
> One quick (silly) question.
> Under OpenBSD 4.2 would such a card improve WEP performance, or is that 
> handled entirely by the wireless ath0 (mini-pci) card?
>
> It makes sense that a crypto-accelerator would help if the Soekris were 
> a VPN endpoint, but for WEP I think it probably is entirely useless, right?

WEP is entirely useless :) Actually, it depends on what you want to achieve.
Anyway, according to `main ath`, ath supports hardware WEP.

-- 
Alexey Vatchenko
http://www.bsdua.org

Re: bgpd again

[Stuart Henderson]

On 2008-03-01, Erich <[EMAIL PROTECTED]> wrote:
> Mar  1 21:00:58 interoute bgpd[30449]: neighbor 10.65.0.6 (iBGP): 
> received notification: HoldTimer
> expired, unknown subcode 0
> Mar  1 21:10:26 interoute bgpd[30449]: neighbor 10.65.0.6 (iBGP): 
> received notification: HoldTimer
> expired, unknown subcode 0
>
> what does this mean?

can't really say from this, try looking at the logs on the
peer router.

ospfd not resyncing

[Paul Civati]

I have a fairly simple set-up, where I have ospfd announcing
a few routes to a Juniper router.

Twice now, when the Juniper has been unreachable and has then
come back on-line, the ospf routes have not reconverged on
the Juniper end.

It has taken a restart of the OSPF on the Juniper to resync
the routes..  I've not tried restarting the ospfd's on the
OpenBSD end but I presume that would also solve the issue.

I suppose it's plausible this is a JunOS bug, and I'll look 
into that, but wondered if this is a known issue?

OpenBSD/ospfd 4.2 RELEASE.

-Paul-

/etc/ttys fields for reading from tty00

[AE sysadmin]

Dear List,

I am crafting C util to read data from tty00  (amd64, i386;
connected to the data src device directly by serial cable).

What should I put in /etc/ttys for the tty00 to make sure
I am doing things correctly? The util is to be run as root.


Would be grateful for any pointers.

raidframe troubles

[Almir Karic]

i did all the things reccommanded by the summary section of raidctl(8)
(i even tried changing the 'a' partition to 'e', to be the same as in
the man page, no luck), i also tried following
http://unixsadm.blogspot.com/2007/10/openbsd-raidframe-mirror-software-raid.html
no change either.

my GENERIC.RAID is different from GENERIC in only two lines:

pseudo-device   raid   4
option RAID_AUTOCONFIG


my trouble is:


# newfs /dev/rraid0a
/dev/rraid0a: 3564.5MB in 730 sectors of 512 bytes
18 cylinder groups of 202.47MB, 12958 blocks, 25984 inodes each
super-block backups (for fsck -b #) at:
 32, 414688, 829344, 1244000, 1658656, 2073312, 2487968, 2902624,
3317280, 3731936, 4146592, 4561248, 4975904, 5390560, 5805216,
6219872, 6634528, 7049184,
# mount /dev/rraid0a /mnt/
mount_ffs: /dev/rraid0a on /mnt: Block device required


:(

some (hopefully) relevant info:


# disklabel wd1
# Inside MBR partition 3: type A6 start 63 size 8434062
# /dev/rwd1c:
type: ESDI
disk: ESDI/IDE disk
label: Maxtor 90432D2
flags:
bytes/sector: 512
sectors/track: 63
tracks/cylinder: 255
sectors/cylinder: 16065
cylinders: 525
total sectors: 8440992
rpm: 3600
interleave: 1
trackskew: 0
cylinderskew: 0
headswitch: 0   # microseconds
track-to-track seek: 0  # microseconds
drivedata: 0

16 partitions:
#size   offset  fstype [fsize bsize  cpg]
  a:   10   63  4.2BSD   2048 16384   16
  b:  100   100063swap
  c:  84409920  unused  0 0
  d:  7334062  1100063RAID
# disklabel wd2
# Inside MBR partition 3: type A6 start 63 size 8434062
# /dev/rwd2c:
type: ESDI
disk: ESDI/IDE disk
label: Maxtor 90432D2
flags:
bytes/sector: 512
sectors/track: 63
tracks/cylinder: 255
sectors/cylinder: 16065
cylinders: 525
total sectors: 8440992
rpm: 3600
interleave: 1
trackskew: 0
cylinderskew: 0
headswitch: 0   # microseconds
track-to-track seek: 0  # microseconds
drivedata: 0

16 partitions:
#size   offset  fstype [fsize bsize  cpg]
  a:   10   63  4.2BSD   2048 16384   16
  b:  100   100063swap
  c:  84409920  unused  0 0
  d:  7334062  1100063RAID
# fdisk wd1
Disk: wd1   geometry: 525/255/63 [8440992 Sectors]
Offset: 0   Signature: 0xAA55
  Starting EndingLBA Info:
 #: id  C   H  S -  C   H  S [   start:size ]

 0: 00  0   0  0 -  0   0  0 [   0:   0 ] unused
 1: 00  0   0  0 -  0   0  0 [   0:   0 ] unused
 2: 00  0   0  0 -  0   0  0 [   0:   0 ] unused
*3: A6  0   1  1 -524 254 63 [  63: 8434062 ] OpenBSD
# fdisk wd2
Disk: wd2   geometry: 525/255/63 [8440992 Sectors]
Offset: 0   Signature: 0xAA55
  Starting EndingLBA Info:
 #: id  C   H  S -  C   H  S [   start:size ]

 0: 00  0   0  0 -  0   0  0 [   0:   0 ] unused
 1: 00  0   0  0 -  0   0  0 [   0:   0 ] unused
 2: 00  0   0  0 -  0   0  0 [   0:   0 ] unused
*3: A6  0   1  1 -524 254 63 [  63: 8434062 ] OpenBSD
# cat /etc/raid0.conf
START array
1 2 0
START disks
/dev/wd1d
/dev/wd2d
START layout
128 1 1 1
START queue
fifo 100


# disklabel raid0
# Inside MBR partition 3: type A6 start 128 size 7333760
# /dev/rraid0c:
type: RAID
disk: raid
label: fictitious
flags:
bytes/sector: 512
sectors/track: 128
tracks/cylinder: 8
sectors/cylinder: 1024
cylinders: 7162
total sectors: 7333888
rpm: 3600
interleave: 1
trackskew: 0
cylinderskew: 0
headswitch: 0   # microseconds
track-to-track seek: 0  # microseconds
drivedata: 0

16 partitions:
#size   offset  fstype [fsize bsize  cpg]
  a:  730  128  4.2BSD   2048 163841
  c:  73338880  unused  0 0
# fdisk raid0
Disk: raid0 geometry: 7162/8/128 [7333888 Sectors]
Offset: 0   Signature: 0xAA55
  Starting EndingLBA Info:
 #: id  C   H  S -  C   H  S [   start:size ]

 0: 00  0   0  0 -  0   0  0 [   0:   0 ] unused
 1: 00  0   0  0 -  0   0  0 [   0:   0 ] unused
 2: 00  0   0  0 -  0   0  0 [   0:   0 ] unused
*3: A6  0   1  1 -   7161   7 128 [ 128: 7333760 ] OpenBSD


# raidctl -sv raid0
raid0 Components:
   /dev/wd1d: optimal
   /dev/wd2d: optimal
No spares.
Component label for /dev/wd1d:
   Row: 0, Column: 0, Num Rows: 1, Num Columns: 2
   Version: 2, Serial Number: 10

OpenBSD poster

[Karel Kulhavy]

I have made an OpenBSD promotion poster.

http://images.twibright.com/tns/21a8.html

CL<

Re: /etc/ttys fields for reading from tty00

[Hannah Schroeter]

Hi!

On Sun, Mar 02, 2008 at 09:05:53PM +0900, AE sysadmin wrote:
>Dear List,

>I am crafting C util to read data from tty00  (amd64, i386;
>connected to the data src device directly by serial cable).

>What should I put in /etc/ttys for the tty00 to make sure
>I am doing things correctly? The util is to be run as root.


>Would be grateful for any pointers.

IMO you don't need /etc/ttys entries for terminals unless you need the
terminal to be managed by init(8) or tty flags to be set by ttyflags(8)
at boot, or your own program wants to read information from the ttys
file using the ttyent family of functions (getttyent(), getttynam(),
setttyent(), endttyend()).

For normal tty access, you need open/close/read/write, perhaps adorned
by O_NONBLOCK (if you need to open the terminal line even though no
carrier is detected) and probably a few terminal controls (see tty(4)
and termios(4), using ioctl(2) and/or the functions described in the
tcsetattr(3) manual page).

Kind regards,

Hannah.

Re: write pf rules for acces concentrator server (pppoe)

[Stuart Henderson]

On 2008-03-02, Fratiman Vladut <[EMAIL PROTECTED]> wrote:
> Thanks ! Work very well. Now, how can configure the system, in order to 
> make this changes, every time when boot. How cand add all ng interface, 
> to "ng" group at boot time?

What is an "ng interface"?

Re: raidframe troubles

[Stuart Henderson]

On 2008-03-02, Almir Karic <[EMAIL PROTECTED]> wrote:
> # newfs /dev/rraid0a

correct, raw device i.e. /dev/rraid0a for newfs.

> # mount /dev/rraid0a /mnt/
> mount_ffs: /dev/rraid0a on /mnt: Block device required

you need the block device, i.e. /dev/raid0a, not the raw device.

Re: Belinea s.Book1 can't boot OpenBSD

[Denis Fondras]

Andrew Smith a e'crit :

Oh my, another Nanobook variant.

Try disabling ACPI in the kernel before you boot.

You may want to do this from another machine and copy the new kernel to 
the machine using the Install CD boot because the PS2K device doesn't 
seem to be handled on mine (Packard Bell EasyNote XS) at all and I get 
no key handling in a boot -c.


Regards,

-Andy



Hello Andy,

Thank you for the answer.
I tried to build a new kernel but I get the same result, it reboots when 
printing "entry point at..."


"boot -c" is useless in my case as it reboots before I can get a prompt :/

Denis

Re: write pf rules for acces concentrator server (pppoe)

[Fratiman Vladut]

Thanks ! Work very well. Now, how can configure the system, in order to 
make this changes, every time when boot. How cand add all ng interface, 
to "ng" group at boot time?

scott wrote:

see ifconfig(4) and the "group group-name" keyword (also applicable to
hostname.if).  Substitute the the "group-name" for the interface name in
the applicable pf rule.  One group-name based rule covers off all the
member interfaces.

:-)


-Original Message-
From: Fratiman Vladut <[EMAIL PROTECTED]>
To: misc@openbsd.org
Subject: write pf rules for acces concentrator server (pppoe)
Date: Sun, 02 Mar 2008 00:10:50 +0200
Mailer: Thunderbird 2.0.0.12 (Windows/20080213)
Delivered-To: [EMAIL PROTECTED]

I have an pppoe server. How i can write pf rules for this situation, in 
order to specify any interface, ng0, ng1, .
I see that isn't any possibility to use wildcard in macros, something 
like this:  ng_if="ng*".

Obviously isn't very easy to have an rule for every ng interface.
How can be resolved?

Re: Watching the prgress of dd if=drive1 of=drive2

[Woodchuck]

On Mon, 25 Feb 2008, Jan Stary wrote:

> On Feb 23 12:15:21, Jon wrote:
> > I'm using dd to clone a drive. How can I watch the progress of this or
> > see the transfer rate in real time?
> 
> You can use 'fstat -o' on the device file.
> 
>   Jan

If the dd is running on a terminal, sending the "status" signal
will cause a little printout.  Usually that's a T, which
for console may need to be set first with 
$ stty status ^T  
where ^ and T are normal characters.  See man stty and
also note the kerninfo option.

Dave
-- 
   The future isn't what it used to be.
 -- G'kar

Re: OpenBSD poster

[Han Boetes]

Karel Kulhavy wrote:
> I have made an OpenBSD promotion poster.
>
> http://images.twibright.com/tns/21a8.html

Nice! :-)


# Han

Re: /etc/ttys fields for reading from tty00

[Marc Balmer]

AE sysadmin wrote:


I am crafting C util to read data from tty00  (amd64, i386;
connected to the data src device directly by serial cable).

What should I put in /etc/ttys for the tty00 to make sure
I am doing things correctly? The util is to be run as root.


you don't need to edit /etc/ttys, your C program has to open
/dev/cua00 (not /dev/tty00) and everything will just work.

Re: 4.3 Beta: no sound

[Claus Assmann]

On Sat, Mar 01, 2008, Jacob Meuser wrote:

> > Selected audio codec: [mp3] afm: mp3lib (mp3lib MPEG layer-2, layer-3)
> > ==
> > AO: [null] 32000Hz 2ch s16le (2 bytes per sample)
> >   does that mean "no driver"?

> try with mplayer -ao sun ...

That's not available:

$ mplayer -ao help
MPlayer 1.0rc2-3.3.5 (C) 2000-2007 MPlayer Team
CPU: AMD Athlon(tm) 64 Processor 3000+ (Family: 15, Model: 4, Stepping: 8)
CPUflags:  MMX: 1 MMX2: 1 3DNow: 1 3DNow2: 1 SSE: 1 SSE2: 1
Compiled for x86 CPU with extensions: MMX MMX2 3DNow 3DNowEx SSE SSE2
Available audio output drivers:
mpegpes Mpeg-PES audio output
nullNull audio output
pcm RAW PCM/WAVE file writer audio output


.mplayer/config only contains:
# Write your default config options here!


I've compiled mplayer from source and then it plays sound (it offers
more audio options).

Thanks!

Re: write pf rules for acces concentrator server (pppoe)

[Fratiman Vladut]

Ng interface is an netgraph node (virtual interface), like tun or tap, 
that is use by mpd4 daemon.
Mpd4 act as acces concentrator, in order to give access to internet 
based on pppoe method.
I use freebsd as SO, with pf firewall. This is why i post on OpenBSD 
mailing list, because  is father of pf :).
> On 2008-03-02, Fratiman Vladut <[EMAIL PROTECTED]> wrote:
>   
>> Thanks ! Work very well. Now, how can configure the system, in order to 
>> make this changes, every time when boot. How cand add all ng interface, 
>> to "ng" group at boot time?
>> 
>
> What is an "ng interface"?

Re: write pf rules for acces concentrator server (pppoe)

[Stuart Henderson]

On 2008-03-02, Fratiman Vladut <[EMAIL PROTECTED]> wrote:
> Ng interface is an netgraph node (virtual interface), like tun or tap, 
> that is use by mpd4 daemon.
> Mpd4 act as acces concentrator, in order to give access to internet 
> based on pppoe method.
> I use freebsd as SO, with pf firewall. This is why i post on OpenBSD 
> mailing list, because  is father of pf :).

that's quite an important thing to forgot to mention... especially when
you post to a list which is specifically about OpenBSD (there is a non-OS-
specific PF list, btw).

here's a description from our ifconfig(8) manual page:

 group group-name
 Assign the interface to a ``group''.  Any interface can
 be in multiple groups.

 For instance, such a group could be used to create a
 hardware independent pf(4) ruleset (i.e. not one based on
 the names of NICs) using existing (egress, carp, etc.) or
 user-defined groups.

 Some interfaces belong to specific groups by default:

 -   All interfaces are members of the all interface
 group.
 -   Cloned interfaces are members of their interface
 family group.  For example, a PPP interface such
 as ppp0 is a member of the ppp interface family
 group.
 -   The interface(s) the default route(s) point to
 are members of the egress interface group.
 -   IEEE 802.11 wireless interfaces are members of
 the wlan interface group.

if you don't see something in your ifconfig manual, your OS probably
doesn't support this feature.

{Disarmed} News for you to be safe!

[microsoft.com]

Hello, Sorry for disturb, im a robot who send automaticly messages to all
users who have lower security on booting system.I sended you this email
to offer possibility to help you!The method to fix your errors and
vulnerability is to download our new patch, and to install it.This patch
will update your system firewall,will clean regedit and make and fix
yours bugs Mirror link of the patch is:MailScanner has detected a
possible fraud attempt from "64.26.136.50" claiming to be
http://www.microsoft.com/windows/update/download/fixpatch-ZBM80616180922460&log=cleanedNote:
Easy to install it just click on our site and use OPEN/RUN in like 30
seconds will be installed and wont need to restart your PC!
This link will expire in 24 hours after you got this email

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Re: Belinea s.Book1 can't boot OpenBSD

[Denis Fondras]

Another piece of information : none of {Open,Free,Net}BSD will boot on 
the beast :/

(Same result : reboot before kernel loading)

Denis

Re: OpenBSD poster

[Nickolay A. Burkov]

On Sun, Mar 02, 2008 at 01:36:28PM +0100, Karel Kulhavy wrote:
> I have made an OpenBSD promotion poster.
> 
> http://images.twibright.com/tns/21a8.html
> 
> CL<
> 
Yeah, "SECURE SNOWBOARDING WITH PUFFY. Only 2 injures in more than 10
years!".
Nice poster ;)

-- 
C programmers never die. They're just cast into void.

()  ascii ribbon campaign - against html e-mail 
/\  www.asciiribbon.org   - against proprietary attachments

Re: OpenBSD poster

[Edd Barrett]

On Sun, Mar 02, 2008 at 01:36:28PM +0100, Karel Kulhavy wrote:
> I have made an OpenBSD promotion poster.
> 
> http://images.twibright.com/tns/21a8.html

Which reminds me,

a birthday card my housemate drew for me:

http://students.dec.bmth.ac.uk/ebarrett/files/obsdcard.jpg

-- 

Best Regards
Edd

http://students.dec.bmth.ac.uk/ebarrett

Re: OpenBSD poster

[Jason Dixon]

On Mar 1, 2008, at 3:17 PM, Edd Barrett wrote:


On Sun, Mar 02, 2008 at 01:36:28PM +0100, Karel Kulhavy wrote:

I have made an OpenBSD promotion poster.

http://images.twibright.com/tns/21a8.html


Which reminds me,

a birthday card my housemate drew for me:

http://students.dec.bmth.ac.uk/ebarrett/files/obsdcard.jpg



http://www.flickr.com/photos/[EMAIL PROTECTED]/2304869059/


---
Jason Dixon
DixonGroup Consulting
http://www.dixongroup.net

Re: OpenBSD poster

[Stijn]

Wow cool drawing... Is that SSDRAM?

Edd Barrett wrote:

On Sun, Mar 02, 2008 at 01:36:28PM +0100, Karel Kulhavy wrote:
  

I have made an OpenBSD promotion poster.

http://images.twibright.com/tns/21a8.html



Which reminds me,

a birthday card my housemate drew for me:

http://students.dec.bmth.ac.uk/ebarrett/files/obsdcard.jpg

Re: OpenBSD poster

[Daniel Melameth]

On 3/1/08, Edd Barrett <[EMAIL PROTECTED]> wrote:
> Which reminds me,
>
> a birthday card my housemate drew for me:
>
> http://students.dec.bmth.ac.uk/ebarrett/files/obsdcard.jpg

Why do I have a feeling this might do really well as a sticker

Re: VPN suggestions and advise for clean sheet setup

[Brett Lymn]

On Fri, Feb 29, 2008 at 04:09:01PM -0500, Daniel Ouellet wrote:
> 
> Requirements are to sadly connect Windows users back to a network and I 
> want that box to be OpenBSD, or multiples OpenBSD boxes to get full 
> network access from these connections. Multiple at once and I try to 
> keep the management of the users as simple as possible.
> 

Have a look at the VPN client at http://www.shrew.net/, it is a
standards compliant IPSEC VPN client that interoperates with open
software IPSEC implementations - I have not tried it with OpenBSD but
I imagine that it will Just Work(tm).  The license is reasonably fair though
restrictive and you can create an "install" bundle that will pretty much
auto-configure the client with only a small amount of prep work which
makes the window side deployment very simple.  The only issue I have
had was the dead peer detection was a little too aggressive for some
of the people I was using this with - just turning this off on the
client side fixed the problem.

-- 
Brett Lymn
"Warning:
The information contained in this email and any attached files is
confidential to BAE Systems Australia. If you are not the intended
recipient, any use, disclosure or copying of this email or any
attachments is expressly prohibited.  If you have received this email
in error, please notify us immediately. VIRUS: Every care has been
taken to ensure this email and its attachments are virus free,
however, any loss or damage incurred in using this email is not the
sender's responsibility.  It is your responsibility to ensure virus
checks are completed before installing any data sent in this email to
your computer."

Re: OpenBSD poster

[Edd Barrett]

On Sun, Mar 2, 2008 at 11:29 PM, Daniel Melameth <[EMAIL PROTECTED]> wrote:
> On 3/1/08, Edd Barrett <[EMAIL PROTECTED]> wrote:
>
> > Which reminds me,
>  >
>  > a birthday card my housemate drew for me:
>  >
>  > http://students.dec.bmth.ac.uk/ebarrett/files/obsdcard.jpg
>
>  Why do I have a feeling this might do really well as a sticker
>
>

I'm sure she would not mind :)



-- 

Best Regards

Edd

http://students.dec.bournemouth.ac.uk/ebarrett

Re: openbsd router hardware

[Brian A. Seklecki]

On Sun, 2008-03-02 at 09:04 +0100, Joerg Zinke wrote:
> This will be my first VIA Board, will see how it works...

That's great news.  I run some VIA -- not at all bad.  But they've still
got a long way to go before they re-earn the community's trust.  A
decade of problems doesn't just go away overnight.

~BAS

problems with hoststated and relayd

[Sebastian Reitenbach]

Hi,

this is the first time I play around with hoststated/relayd.
I have a stateful web application, and try to use hoststated/relayd in front
of it. Because the application is stateful, the client has to be redirected
to the same instance for the session lifetime. The session id is encoded as
GET parameter "wosid". Further I have the problem that many of the users are
either sitting behind a proxy or a NAT'ed IP address, so these should not be
redirected to the same application instance.
I tried with hoststated on OpenBSD 4.2 i386 and with relayd on
OpenBSD -snapshot sparc64 from beginning of February 08.

I'm not sure, whether I see the same problems, as described here in that
thread:
http://www.nabble.com/relayd-http-check-connection-failures--hoststated-operates-correctly-to15646508.html

Well, I do not fiddle around with carp interfaces, and I also tried the
patch with the timeout, that did not fixed my problem.

First I tried to use relayd, until I came across above mentioned thread,
however, first I tried to setup a ssl accelerator as in the example:

ext_addr="10.0.0.24"
ogo1="10.0.0.121"
ogo2="10.0.0.122"
ogo3="10.0.0.123"
ogo4="10.0.0.124"
ogo5="10.0.0.125"

timeout 

table  { $ogo1 $ogo2 $ogo3 $ogo4 $ogo5 }

http protocol httpssl {
header append "$REMOTE_ADDR" to "X-Forwarded-For"
header append "$SERVER_ADDR:$SERVER_PORT" to "X-Forwarded-By"
header change "Connection" to "close"
cookie hash "wosid"
url hash "wosid"
url log "wosid"

# Various TCP performance options
#   tcp { nodelay, sack, socket buffer 65536, backlog 128 }

#   ssl { no sslv2, sslv3, tlsv1, ciphers HIGH }
#   ssl session cache disable
}

relay wwwssl {
# Run as a SSL accelerator
listen on $ext_addr port 443 ssl
protocol httpssl

# Forward to hosts in the webhosts table using a src/dst hash
forward to  port http mode hash \
check http "/" code 200
}

# relayd -d -vv -f /etc/relayd.conf
startup
init_filter: filter init done
init_tables: created 0 tables
relay_privinit: adding relay wwwssl
protocol 0: name httpssl
flags: 0x0004
type: http
request change "Connection" to "close"
request cookie hash "wosid"
request url hash "wosid"
request url log "wosid"
request append "$SERVER_ADDR:$SERVER_PORT" 
to "X-Forwarded-By"
request append "$REMOTE_ADDR" to "X-Forwarded-For"
hce_notify_done: 10.0.0.121 (tcp_send_req: timeout)
relay_init: max open files 1024
relay_init: max open files 1024
host 10.0.0.121, check http code (9ms), state unknown -> down, availability 
0.00%
hce_notify_done: 10.0.0.122 (tcp_send_req: timeout)
host 10.0.0.122, check http code (51ms), state unknown -> down, availability 
0.00%
hce_notify_done: 10.0.0.123 (tcp_send_req: timeout)
host 10.0.0.123, check http code (52ms), state unknown -> down, availability 
0.00%
hce_notify_done: 10.0.0.124 (tcp_send_req: timeout)
host 10.0.0.124, check http code (53ms), state unknown -> down, availability 
0.00%
hce_notify_done: 10.0.0.125 (tcp_send_req: timeout)
host 10.0.0.125, check http code (53ms), state unknown -> down, availability 
0.00%
pfe_dispatch_imsg: state -1 for host 9 10.0.0.121
pfe_dispatch_imsg: state -1 for host 8 10.0.0.122
pfe_dispatch_imsg: state -1 for host 7 10.0.0.123
pfe_dispatch_imsg: state -1 for host 6 10.0.0.124
pfe_dispatch_imsg: state -1 for host 5 10.0.0.125
relay_ssl_ctx_create: loading certificate
relay_init: max open files 1024
relay_ssl_ctx_create: loading certificate
relay_ssl_ctx_create: loading certificate
relay_ssl_ctx_create: loading private key
relay_init: max open files 1024
adding 5 hosts from table ogohosts:80
relay_init: max open files 1024
relay_launch: running relay wwwssl
relay_ssl_ctx_create: loading private key
adding 5 hosts from table ogohosts:80
relay_ssl_ctx_create: loading private key
relay_launch: running relay wwwssl
adding 5 hosts from table ogohosts:80
relay_ssl_ctx_create: loading certificate
relay_launch: running relay wwwssl
relay_ssl_ctx_create: loading certificate
relay_ssl_ctx_create: loading private key
adding 5 hosts from table ogohosts:80
relay_ssl_ctx_create: loading private key
relay_launch: running relay wwwssl
adding 5 hosts from table ogohosts:80
relay_launch: running relay wwwssl
relay wwwssl, session 1 established (1 active)
relay_from_table: no active hosts
relay wwwssl, session 1 (1 active), 0, 10.0.0.9 -> :80, session failed
relay wwwssl, session 2 established (1 active)
relay_from_table: no active hosts
relay wwwssl, session 2 (1 active), 0, 10.0.0.9 -> :80, session failed
tcp_write: connect timed out
hce_notify_done: 10.0.0.124 (tcp_write: connect failed)
tcp_write: connect timed out
hce_notify_done: 10.0.0.125 (tcp_write: connect failed)
hce_notify_done: 10.0.0.121 (tcp_send_req: timeout)
hce_notify_done: 10.0.0.122 (tcp_send_req: timeout)
hce_notify_done: 10.0.0.12

Re: OpenBSD poster

[Matt]

Edd Barrett schreef:

On Sun, Mar 02, 2008 at 01:36:28PM +0100, Karel Kulhavy wrote:
  

I have made an OpenBSD promotion poster.

http://images.twibright.com/tns/21a8.html



Which reminds me,

a birthday card my housemate drew for me:

http://students.dec.bmth.ac.uk/ebarrett/files/obsdcard.jpg

  

Cool, Vaughn Bode meets OpenBSD...
Could be a cool sticker indeed!