How to configure iked with OpenBSD (roadwarrior)?
Hi. Please tell me how to connect to an OpenBSD 7.2 Release
from an OpenBSD 7.2 Release client via iked.
I'm trying to set it up with this documentation,
https://www.openbsd.org/faq/faq17.html#clientikev2
but it just doesn't work.
I have a VDS machine (server) with OpenBSD,
with one external ip-address A.B.C.D,
which I want to connect to from my laptop.
I copied the file from VDS /etc/iked/local.pub to the laptop in
/etc/iked/pubkeys/fqdn/bsd.server.vds and from the laptop the file
/etc/iked/local.pub on VDS in /etc/iked/pubkeys/fqdn/amihailov.laptop
VDS machine settings:
cat /etc/iked.conf
ikev2 'responder_rsa' passive esp \
from any to dynamic \
local any peer any \
srcid bsd.server.vds \
config address 172.24.24.0/24 \
tag "ROADW"
cat /etc/sysctl.conf
net.inet.ip.forwarding=1
pf.conf:
...
block in on vio0
pass out
pass in proto udp from any to port {500, 4500} keep state
pass in proto esp from any
pass on enc0 from any to any
pass on enc0 from any to self keep state (if-bound)
...
# cat /etc/hostname.enc0
inet 172.24.24.1 255.255.255.0 172.24.24.255
up
Laptop settings:
ikev2 'amihailov.laptop' active esp \
from dynamic to any \ \
peer bsd.server.vds \
srcid amihailov.laptop \
dstid bsd.server.vds \
request address any \
iface lo1
When I run iked - I get the following log messages on the server:
https://pastebin.com/raw/rgpTtMzr
And on the laptop:
https://pastebin.com/raw/UUrryZCN
A.B.C.D is the external address of the server,
10.222.222.222 is the address of the laptop in the local network
W.X.Y.Z is the external address of the gateway,
through which the laptop gets to the Internet.
Lo1 interface on the laptop also does not get an ip-address.
I would be very grateful if you could tell me what I am doing wrong.
If you need any additional logs and information, I will send it to you.
Thanks for your attention!
Re: How to configure iked with OpenBSD (roadwarrior)?
Tobias Heider wrote: > On Thu, Nov 24, 2022 at 05:50:57PM +0300, Aleksandr Mikhaylov wrote: > > Tobias Heider wrote: > > > On Thu, Nov 24, 2022 at 12:45:03PM +0300, Aleksandr Mikhaylov wrote: > > > > Hi. Please tell me how to connect to an OpenBSD 7.2 Release > > > > from an OpenBSD 7.2 Release client via iked. > > > > > > > > > > Hi, > > > > > > your configs look ok. The server log shows the handshake is completed > > > and a IKE_AUTH reply is sent to the client, but on the client side this > > > message never arrives. This is why it keeps on resending the AUTH request > > > until it times out. > > > > > > It is not clear whether the reply is lost in transit or discarded by your > > > client. You could try looking at a tcpdump of your handshake or enable > > > verbose logging in iked on your client and see if you can find anything > > > suspicious after "send IKE_AUTH req 1 ...". > > > > > > - Tobias > > > > And on which ports should the connection come to the laptop? It has pf > > configured on it and is behind NAT > > Probably the one with your default route. Try 'route get bsd.server.vds'. I mean tcp/udp port
Re: How to configure iked with OpenBSD (roadwarrior)?
Tobias Heider wrote: > On Thu, Nov 24, 2022 at 12:45:03PM +0300, Aleksandr Mikhaylov wrote: > > Hi. Please tell me how to connect to an OpenBSD 7.2 Release > > from an OpenBSD 7.2 Release client via iked. > > > > Hi, > > your configs look ok. The server log shows the handshake is completed > and a IKE_AUTH reply is sent to the client, but on the client side this > message never arrives. This is why it keeps on resending the AUTH request > until it times out. > > It is not clear whether the reply is lost in transit or discarded by your > client. You could try looking at a tcpdump of your handshake or enable > verbose logging in iked on your client and see if you can find anything > suspicious after "send IKE_AUTH req 1 ...". > > - Tobias And on which ports should the connection come to the laptop? It has pf configured on it and is behind NAT
Crackling in sndio
Hello all!
I'm using OpenBSD 7.2 RELEASE,
but I've seen this problem on earlier versions as well.
Please tell me, when I am playing audio through sndio,
for example with firefox or mpd,
and the processor load starts to increase,
for example because I opened a heavy web page or some heavy application,
sometimes I hear clicks, or my audio is interrupted,
and I have to restart the playback.
I can see in the mpd log at this time:
output: Failed to play on "Libao Audio Device" (sndio): sndio write failed
I tried increasing the sndiod buffer to 9600,
but that didn't do anything.
I also tried running sndio with the -d flag,
but I didn't see any errors.
I have two laptops with OpenBSD, a Thinkpad x250 and a Latitude 5300,
and both laptops have this problem.
If anyone can tell me what might be the problem,
I would be very grateful, thank you very much.
My mixerctl settings:
$ doas mixerctl -v -a
inputs.dac-0:1=152,152
inputs.dac-2:3=152,152
record.adc-2:3_mute=off [ off on ]
record.adc-2:3=172,172
record.adc-0:1_mute=off [ off on ]
record.adc-0:1=172,172
inputs.mix_source=spkr3,mic2,beep { spkr3 mic2 beep }
inputs.mix_spkr3=120,120
inputs.mix_mic2=120,120
inputs.mix_beep=120,120
inputs.mix2_source=dac-0:1,mix { dac-0:1 mix }
inputs.mix3_source=dac-2:3,mix { dac-2:3 mix }
inputs.mix4_source=dac-0:1,dac-2:3 { dac-0:1 dac-2:3 }
inputs.mic=85,85
outputs.spkr_source=mix3 [ mix2 mix3 ]
outputs.spkr_mute=off [ off on ]
outputs.spkr_eapd=on [ off on ]
outputs.hp_source=mix2 [ mix2 mix3 ]
outputs.hp_mute=off [ off on ]
outputs.hp_boost=off [ off on ]
outputs.hp_eapd=on [ off on ]
outputs.spkr2_source=mix2 [ mix2 mix3 ]
outputs.spkr2_mute=off [ off on ]
outputs.spkr2_boost=off [ off on ]
outputs.spkr2_eapd=on [ off on ]
inputs.spkr3=85,85
inputs.mic2=85,85
outputs.mic2_dir=input-vr80 [ none input input-vr0 input-vr50 input-vr80
input-vr100 ]
record.adc-0:1_source=mic [ spkr3 mic2 beep mix mic ]
record.adc-2:3_source=spkr3 [ spkr3 mic2 beep mix ]
outputs.hp_sense=unplugged [ unplugged plugged ]
outputs.mic2_sense=unplugged [ unplugged plugged ]
outputs.spkr_muters=hp { hp }
outputs.master=153,153
outputs.master.mute=off [ off on ]
outputs.master.slaves=dac-0:1,dac-2:3,spkr,hp,spkr2 { dac-0:1 dac-2:3 spkr hp
spkr2 }
record.volume=173,173
record.volume.mute=off [ off on ]
record.volume.slaves=adc-2:3,adc-0:1 { adc-2:3 adc-0:1 mic spkr3 mic2 }
record.enable=sysctl [ off on sysctl ]
My dmesg on Thinkpad:
OpenBSD 7.2 (GENERIC.MP) #2: Thu Nov 24 23:54:39 MST 2022
r...@syspatch-72-amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 17036316672 (16247MB)
avail mem = 16502607872 (15738MB)
random: good seed from bootblocks
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xacbfd000 (65 entries)
bios0: vendor LENOVO version "N10ET62W (1.41 )" date 04/08/2021
bios0: LENOVO 20CM003HRT
acpi0 at bios0: ACPI 5.0
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP SLIC ASF! HPET ECDT APIC MCFG SSDT SSDT SSDT SSDT SSDT
SSDT SSDT SSDT SSDT PCCT SSDT UEFI MSDM BATB FPDT UEFI BGRT DMAR
acpi0: wakeup devices LID_(S4) SLPB(S3) IGBE(S4) EXP2(S4) XHCI(S3) EHC1(S3)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpihpet0 at acpi0: 14318179 Hz
acpiec0 at acpi0
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i5-5200U CPU @ 2.20GHz, 2095.17 MHz, 06-3d-04
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,RDSEED,ADX,SMAP,PT,SRBDS_CTRL,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
cpu0: 32KB 64b/line 8-way D-cache, 32KB 64b/line 8-way I-cache, 256KB 64b/line
8-way L2 cache, 3MB 64b/line 12-way L3 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 99MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1.1.1, IBE
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Core(TM) i5-5200U CPU @ 2.20GHz, 2095.16 MHz, 06-3d-04
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,RDSEED,ADX,SMAP,PT,SRBDS_CTRL,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
cpu1: 32KB 64b/line 8-way D-cache, 32KB 64b/line 8-way I-cache, 256KB 64b/line
8-way L2 cache, 3MB 64b/line 12-way L3 cache
cpu1: smt 1, core 0, package 0
cp
Re: Crackling in sndio
Alexandre Ratchov wrote: > On Fri, Dec 09, 2022 at 01:41:55PM +0300, Aleksandr Mikhaylov wrote: > > Hello all! > > > > I'm using OpenBSD 7.2 RELEASE, > > but I've seen this problem on earlier versions as well. > > Please tell me, when I am playing audio through sndio, > > for example with firefox or mpd, > > and the processor load starts to increase, > > for example because I opened a heavy web page or some heavy application, > > sometimes I hear clicks, or my audio is interrupted, > > and I have to restart the playback. > > I can see in the mpd log at this time: > > > > output: Failed to play on "Libao Audio Device" (sndio): sndio write failed > > > > I tried increasing the sndiod buffer to 9600, > > but that didn't do anything. > > I also tried running sndio with the -d flag, > > but I didn't see any errors. > > I have two laptops with OpenBSD, a Thinkpad x250 and a Latitude 5300, > > and both laptops have this problem. > > If anyone can tell me what might be the problem, > > I would be very grateful, thank you very much. > > I've noticed similar problems and many have reported them. The OpenBSD > kernel is not preemptive, so while big programs (including browsers) > are running long kernel code-paths, audio doesn't get the CPU timely > and audio drops. > > AFAICS, the kernel is improving a lot with time, but browsers (and > sites they are running) are becoming heavier, compilers are becoming > heavier, etc. > > Interestingly (at least to my ears and for my workload) the annoyances > caused by big programs don't depend much on the audio deadline (at > least in the 10-100ms range). This suggests that there are only huge > non-preemptive kernel code-paths. Userland is affected, USB audio > devices (operated at IPL_SOFTNET) are affected, but PCI devices > (operated at IPL_AUDIO) are not affected; this might indicate that the > blocking code paths run at above IPL_SOFTNET and below IPL_AUDIO. My 2 > cents, in case this rings a bell to someone. > > Meanwhile, I suggest you to try to reduce the processes/services that > you dont need but load the kernel. In my experiences processes that > allocate/free big amounts of memory always cause underruns. > > HTH Thank you so much for the explanation!
