Networking/pf question, I am not sure ?
Hello, I recently setup a home network as followings (Just for fun): ISP <> openbsd router (version 6.6 Stable) <---> gigabits switch (TP-Link TL-SG1008D) <-> linksys ea8300 (with wireless) everything works except that I can't use my sony xperia tablet to access internet using the wireless function provide by the linksys-ea8300. When I replace the openbsd-router and switch with another wireless router, I can use my sony xperia to access the internet. Does any one try this before ? If yes, please let me to know how you do it. Thanks. Clarence
Re: Networking/pf question, I am not sure ?
pchb2 at pci0 dev 24 function 1 "AMD AMD64 10h Address Map" rev 0x00 pchb3 at pci0 dev 24 function 2 "AMD AMD64 10h DRAM Cfg" rev 0x00 km0 at pci0 dev 24 function 3 "AMD AMD64 10h Misc Cfg" rev 0x00 pchb4 at pci0 dev 24 function 4 "AMD AMD64 10h Link Cfg" rev 0x00 usb2 at ohci0: USB revision 1.0 uhub2 at usb2 configuration 1 interface 0 "ATI OHCI root hub" rev 1.00/1.00 addr 1 usb3 at ohci1: USB revision 1.0 uhub3 at usb3 configuration 1 interface 0 "ATI OHCI root hub" rev 1.00/1.00 addr 1 usb4 at ohci2: USB revision 1.0 uhub4 at usb4 configuration 1 interface 0 "ATI OHCI root hub" rev 1.00/1.00 addr 1 usb5 at ohci3: USB revision 1.0 uhub5 at usb5 configuration 1 interface 0 "ATI OHCI root hub" rev 1.00/1.00 addr 1 isa0 at pcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 irq 1 irq 12 pckbd0 at pckbc0 (kbd slot) wskbd0 at pckbd0: console keyboard pcppi0 at isa0 port 0x61 spkr0 at pcppi0 wbsio0 at isa0 port 0x2e/2: NCT6776F rev 0x33 lm1 at wbsio0 port 0x290/8: NCT6776F usb6 at ohci4: USB revision 1.0 uhub6 at usb6 configuration 1 interface 0 "ATI OHCI root hub" rev 1.00/1.00 addr 1 vmm0 at mainbus0: SVM/RVI vscsi0 at root scsibus2 at vscsi0: 256 targets softraid0 at root scsibus3 at softraid0: 256 targets root on sd0a (bf7f658e79b5a6bc.a) swap on sd0b dump on sd0b initializing kernel modesetting (RS780 0x1002:0x9616 0x1849:0x9616 0x00). radeondrm0: 1440x900, 32bpp wsdisplay0 at radeondrm0 mux 1: console (std, vt100 emulation), using wskbd0 wsdisplay0: screen 1-5 added (std, vt100 emulation) umass0 at uhub0 port 3 configuration 1 interface 0 "KINGSTON DT 101 G2" rev 2.00/0.00 addr 2 umass0: using SCSI over Bulk-Only scsibus4 at umass0: 2 targets, initiator 0 sd1 at scsibus4 targ 1 lun 0: <, , 1.00> removable serial.09511642AC40D7092ACB sd1: 7424MB, 512 bytes/sector, 15204352 sectors Kaya Saman () 在 2020年5月10日星期日 下午9:27:45 [GMT+8] 寫道: On 5/10/20 2:12 PM, Kaya Saman wrote: > On 5/10/20 2:04 PM, Tom Smyth wrote: >> Hello Clarence, >> >> you would need to provide some more information about your setup, >> >> ip addresses on interfaces , what is your pf.conf etc... >> >> In your experia ( I believe they are android) >> you can download the hurricane electric network tools (HE network >> tools) (a free app to run rudimentary network diagnostic commands, >> such as ping traceroute dns lookup tests to identify the problem >> associated with your connection when using openBSD.. >> that would help you diagnose the source of the connectivity problems >> you are having... >> Hope this helps >> >> Tom Smyth >> >> >> On Sun, 10 May 2020 at 13:09, man Chan wrote: >>> Hello, >>> I recently setup a home network as followings (Just for fun): >>> ISP <> openbsd router (version 6.6 Stable) <---> gigabits >>> switch (TP-Link TL-SG1008D) <-> linksys ea8300 (with wireless) >>> >>> everything works except that I can't use my sony xperia tablet to >>> access internet using the wireless function provide by the >>> linksys-ea8300. >>> When I replace the openbsd-router and switch with another wireless >>> router, I can use my sony xperia to access the internet. Does any >>> one try this before ? >>> If yes, please let me to know how you do it. Thanks. >>> Clarence >> >> > I totally agree with the suggestion by @Tom above! > > > Another good tool for Android is 'fing', it will give you access to > Traceroute and Ping functions on your Xperia. > > > The first thing to try would be to see if the Xperia can communicate > with the gateway (OpenBSD router) then if that is successful public IP > addresses. If something strange is going on you can further run > Traceroute to narrow down where the issue is occurring. > > > On the OpenBSD side, it could be a number of things like PF rules, > routing, NAT but without further information it is basically a guess > as to what it could be. Just to elaborate here a little; you can run the 'tcpdump' program on OpenBSD to give you more information. To get started: man tcpdump If you want to see where the packets from the Xperia are traveling then something like: tcpdump -eni (inside_interface) host (ip_of_Xperia) For debugging PF rules a good start is to use: tcpdump -eni pflog0 <- you can further narrow things down by using the 'action' option eg. 'block' / 'allow' Hope this helps a little more :-)
Re: Networking/pf question, I am not sure ?
I find out the problem is in the unbound.conf file. Now, my xeperia can use the internet. Thanks you for your help.. Clarence ===original server: interface: 192.168.1.1 interface: 127.0.0.1 interface: ::1 access-control: 127.0.0.0/8 allow access-control: 10.0.0.0/24 allow access-control: 0.0.0.0/0 refuse access-control: ::0/0 refuse access-control: ::1 allow do-not-query-localhost: no hide-identity: yes hide-version: yes forward-zone: name: "." forward-addr: 64.6.64.6 # Verisign forward-addr: 94.75.228.29 # chaos Computer Club forward-first: yes #try direct if forwarder fails == changed unbound.conf=== server: interface: 192.168.1.1 interface: 127.0.0.1 access-control: 192.168.1.0/24 allow access-control: 127.0.0.0/8 allow do-not-query-localhost: no hide-identity: yes hide-version: yes forward-zone: name: "." forward-addr: 64.6.64.6 # Verisign forward-addr: 94.75.228.29 # chaos Computer Club forward-first: yes #try direct if forwarder fails ========== man Chan () 在 2020年5月11日星期一 下午3:21:17 [GMT+8] 寫道: Here is all the config files of my openbsd-router. traceroute yahoo.com.hk on my xperia (android) stop at ip of my openbsd-router. There is nothing display on openbsd-router running tcpdump -eni pflog0. dhclient.conf append domain-name-servers 127.0.0.1; == dhcpd.conf- # $OpenBSD: dhcpd.conf,v 1.1 2014/07/11 21:20:10 deraadt Exp $ # # DHCP server options. # See dhcpd.conf(5) and dhcpd(8) for more information. # # Network: 192.168.1.0/255.255.255.0 # Domain name: my.domain # Name servers: 192.168.1.3 and 192.168.1.5 # Default router: 192.168.1.1 # Addresses: 192.168.1.32 - 192.168.1.127 # option domain-name "my.domain"; #option domain-name-servers 192.168.1.3, 192.168.1.5; subnet 192.168.1.0 netmask 255.255.255.0 { option routers 192.168.1.1; option domain-name-servers 192.168.1.1; range 192.168.1.32 192.168.1.127; } == pf.conf -- # The wirde and wireless interface of the LAN wired="re0" #wifi="" # This is a table of non-routable addresses that will be used later table { 0.0.0.0/8 10.0.0.0/8 127.0.0.0/8 169.254.0.0/16 \ 172.16.0.0/12 192.0.0.0/24 192.0.2.0/24 224.0.0.0/3 \ 192.168.0.0/16 192.18.0.0/15 198.51.100.0/24 \ 203.0.113.0/24 } set block-policy drop set loginterface egress set skip on lo # Normalize the traffic match in all scrub (no-df random-id max-mss 1440) # Perform NAT match out on egress inet from !(egress:network) to any nat-to (egress:0) block in quick on egress from to any block return out quick on egress from any to block all pass out quick inet keep state pass in on { $wired } inet # Forward incoming connection ( on TCP port 40 and 443 ) to web server #pass in on egress inet proto tcp from any to (egress) port { 80 443 } rdr-to 192.168.1.2 resolv.conf-- # Generated by alc0 dhclient nameserver 192.168.8.1 nameserver 127.0.0.1 lookup file bind sysctl.conf- net.inet.ip.forwarding=1 net.inet6.ip6.forwarding=1 = unbound.conf server: interface: 192.168.1.1 interface: 127.0.0.1 interface: ::1 access-control: 127.0.0.0/8 allow access-control: 10.0.0.0/24 allow access-control: 0.0.0.0/0 refuse access-control: ::0/0 refuse access-control: ::1 allow do-not-query-localhost: no hide-identity: yes hide-version: yes forward-zone: name: "." forward-addr: 64.6.64.6 # Verisign forward-addr: 94.75.228.29 # chaos Computer Club forward-first: yes #try direct if forwarder fails === dmesg OpenBSD 6.6-stable (GENERIC.MP) #1: Thu May 7 17:40:45 HKT 2020 clare...@o66.my.domain:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 6156845056 (5871MB) avail mem = 5957545984 (5681MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.6 @ 0xfbe20 (23 entries) bios0: vendor American Megatrends Inc. version "P1.20" date 11/30/2012 bios0: ASRock 960GM-VGS3 FX acpi0 at bios0: ACPI 1.0 acpi0: sleep states S0 S1 S3 S4 S5 acpi0: tables DSDT FACP APIC MCFG OEMB AAFT HPET SSDT acpi0: wakeup devices PCE2(S4) PCE3(S4) PCE4(S4) PCE5(S4) PCE6(S4) PCE7(S4) PCE9(S4) PCEA(S4) PCEB(S4) PCEC(S4) SBAZ(S4) PS2K(S4) P0PC(S4) UHC1(S4) UHC2(S4) UHC3(S4) [...] acpitimer0 at acpi0: 3579545 Hz, 32 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor
10/100/1000 Fast Ethernet CardBus for openbsd
Hello, Is there anyone using a gigabps cardbus for your laptop ? I am trying to setup a router/VPN router using my old thinkpad under openbsd 6.6. I found D-Link DGE-660TD 10/100/1000 Gigabit Cardbus Adapter in the internet. Is it supported by openbsd ? Thanks. Clarence
openvpn setup tutorial
Hello, After a couple of days surfing the internet to get some notes to setup the openvpn, I got lost as I don't know how to start the job. Can anyone show me some pointer to study openvpn and setup step by step ? Thanks. Clarence
vsrion of openbsd installer in one usb drive
Hello, I tried this work for me. 1. Install openbsd (basic packages:- bsd,bsd.rd and basexx.tgz) in a usb drive2. use the newly installed usb drive to boot up the system and then shut it down.3. use other openbsd system to delete all the contents of the usb drive except bsd.rd, bsd, boot. Then copy packages basexx>tgz compxx.tgz ... to the usb drive under xx/arch/ directory.4. When there is new version, you can store the packages (basexx.tgz ...) under yy/arch same usb drive and so on. Is there a better way to store verions of openbsd installer in usb drive ? Thanks Clarence
Liksys pci wireless card
Hello, I tried to setup my Linksys WLAN (Ralink RT2560) as access point with mediaopt hostap nwid mynwid wpakey mywpakey inet 192.168.2.1 255.255.255.0 When I ifconfig ral0, I got status: no network. Did I missing something to make it work or this card cannot config as hostap ? any idea ? Thanks. Clarence
re0 watchsog timeout
Hello, Is there anyone have the answer to solve the watchdog timeout problem ? I got one in the internet as followings, and it didn't solve the problem. config -ef /bsddisable mbbiosquit Is there any better method to solve it. Thanks Clarence
dmesg memory not match spdmem and bios
Hello, I just got a second Gaga-H97N-wifi motherbroad and installed openbsd6.6 Stable. The dmesg shows real and avail memory does not match with the spdmem. Anyone know how to solve this problem ? Please help. Thanks Clarence OpenBSD 6.6-stable (GENERIC.MP) #1: Sun Jun 7 14:00:04 HKT 2020 r...@dell.my.domain:/usr/src/sys/arch/i386/compile/GENERIC.MP real mem = 3634733056 (3466MB) avail mem = 3552747520 (3388MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: date 04/13/12, SMBIOS rev. 2.7 @ 0xecf50 (76 entries) bios0: vendor American Megatrends Inc. version "F6" date 02/02/2015 bios0: Gigabyte Technology Co., Ltd. H97N-WIFI acpi0 at bios0: ACPI 5.0 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP APIC FPDT SSDT SSDT SSDT MCFG HPET SSDT SSDT DMAR acpi0: wakeup devices PEG0(S4) PEGP(S4) PEG1(S4) PEGP(S4) PEG2(S4) PEGP(S4) RP01(S4) PXSX(S4) PXSX(S4) PXSX(S4) RP04(S4) PXSX(S4) RP05(S4) PXSX(S4) PXSX(S4) PXSX(S4) [...] acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM) i5-4590 CPU @ 3.30GHz ("GenuineIntel" 686-class) 3.71 GHz, 06-3c-03 cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,TSC_ADJUST,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges cpu0: apic clock running at 100MHz cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4, IBE cpu1 at mainbus0: apid 2 (application processor) cpu1: Intel(R) Core(TM) i5-4590 CPU @ 3.30GHz ("GenuineIntel" 686-class) 3.31 GHz, 06-3c-03 cpu1: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,TSC_ADJUST,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN cpu2 at mainbus0: apid 4 (application processor) cpu2: Intel(R) Core(TM) i5-4590 CPU @ 3.30GHz ("GenuineIntel" 686-class) 3.31 GHz, 06-3c-03 cpu2: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,TSC_ADJUST,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN cpu3 at mainbus0: apid 6 (application processor) cpu3: Intel(R) Core(TM) i5-4590 CPU @ 3.30GHz ("GenuineIntel" 686-class) 3.31 GHz, 06-3c-03 cpu3: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,TSC_ADJUST,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN ioapic0 at mainbus0: apid 8 pa 0xfec0, version 20, 24 pins acpimcfg0 at acpi0 acpimcfg0: addr 0xf800, bus 0-63 acpihpet0 at acpi0: 14318179 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus -1 (PEG0) acpiprt2 at acpi0: bus -1 (PEG1) acpiprt3 at acpi0: bus -1 (PEG2) acpiprt4 at acpi0: bus 1 (RP01) acpiprt5 at acpi0: bus 2 (RP04) acpiprt6 at acpi0: bus 3 (RP05) acpiec0 at acpi0: not present acpicpu0 at acpi0: C2(200@117 mwait.1@0x30), C1(1000@1 mwait.1), PSS acpicpu1 at acpi0: C2(200@117 mwait.1@0x30), C1(1000@1 mwait.1), PSS acpicpu2 at acpi0: C2(200@117 mwait.1@0x30), C1(1000@1 mwait.1), PSS acpicpu3 at acpi0: C2(200@117 mwait.1@0x30), C1(1000@1 mwait.1), PSS acpipwrres0 at acpi0: PG00, resource for PEG0 acpipwrres1 at acpi0: PG01, resource for PEG1 acpipwrres2 at acpi0: PG02, resource for PEG2 acpipwrres3 at acpi0: FN00, resource for FAN0 acpipwrres4 at acpi0: FN01, resource for FAN1 acpipwrres5 at acpi0: FN02, resource for FAN2 acpipwrres6 at acpi0: FN03, resource for FAN3 acpipwrres7 at acpi0: FN04, resource for FAN4 acpitz0 at acpi0: critical temperature is 105 degC acpitz1 at acpi0: critical temperature is 105 degC "PNP0A08" at acpi0 not configured acpicmos0 at acpi0 "INT33CA" at acpi0 not configured acpibtn0 at acpi0: PWRB acpibtn1 at acpi0: SLPB "PNP0C0B" at acpi0 not configured "PNP0C0B" at acpi0 not configured "PNP0C0B" at acpi0 not configured "PNP0C0B" at acpi0 not configured "P
Re: dmesg memory not match spdmem and bios
You mean the memory limitation of i386 is 4G. Am I right ? clarence Zé Loff () 在 2020年6月10日星期三 下午10:08:24 [GMT+8] 寫道: Wrong architecture. You should be running amd64, not i386 On Wed, Jun 10, 2020 at 02:02:32PM +, man Chan wrote: > Hello, > I just got a second Gaga-H97N-wifi motherbroad and installed > openbsd6.6 Stable. The dmesg shows real and avail memory does not > match with the spdmem. Anyone know how to solve this problem ? > Please help. > Thanks > Clarence > OpenBSD 6.6-stable (GENERIC.MP) #1: Sun Jun 7 14:00:04 HKT 2020 > r...@dell.my.domain:/usr/src/sys/arch/i386/compile/GENERIC.MP --
Re: dmesg memory not match spdmem and bios
thanks you . will amd64 on my i5 machine clarence () 在 2020年6月10日星期三 下午10:17:51 [GMT+8] 寫道: Haai, "man Chan" wrote: > Hello, > I just got a second Gaga-H97N-wifi motherbroad and installed openbsd6.6 > Stable. The dmesg shows real and avail memory does not match with the > spdmem. Anyone know how to solve this problem ? Please help. > Thanks > Clarence > OpenBSD 6.6-stable (GENERIC.MP) #1: Sun Jun 7 14:00:04 HKT 2020 > r...@dell.my.domain:/usr/src/sys/arch/i386/compile/GENERIC.MP i386 is limited to 4G of memory. Try amd64. (In theory, there's PAE, but the developers appear to find it more trouble than it's worth.) > real mem = 3634733056 (3466MB) <<<<<<<<<<<<<<<<<<<<<<<< > avail mem = 3552747520 (3388MB) <<<<<<<<<<<<<<<<<<<<<<<<<<<< >[snip] > spdmem0 at iic0 addr 0x50: 8GB DDR3 SDRAM PC3-12800 > <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< Good luck, --zeurkous. -- Friggin' Machines!
Re: dmesg memory not match spdmem and bios
Thanks. I tried to use amd64 which show the correct memory size. Is there a way to use i386 to show the correct size of memory ? The bios shows 8G memory. Did I miss something to make it ? Clarence Stuart Henderson () 在 2020年6月11日星期四 上午12:41:40 [GMT+8] 寫道: On 2020-06-10, man Chan wrote: > You mean the memory limitation of i386 is 4G. Am I right ? A 32-bit kernel can only access memory mapped to addresses below 4GB. The actual amount of memory that you can use depends on where the BIOS/UEFI maps the memory (it reserves some addresses for device i/o etc). That's why you see a lower "available memory" amount than 4GB.
Re: dmesg memory not match spdmem and bios
What make it different ? 1) arch==> i386 limit to 4G (dmesg) and spdmem show 8G , Bios show 8G 2) arch==> amd64 memory show correct figure 8G (dmeag, spdmem and bios) 1 & 2 use the same machine with different arch. So can I use the i5 core at i386 arch to use the correct size of memory (i.e 8G) and how to make it work . Thanks clarence Theo de Raadt () 在 2020年6月11日星期四 上午9:18:43 [GMT+8] 寫道: i386 showed the correct amount of memory *it could use*. man Chan wrote: > Thanks. I tried to use amd64 which show the correct memory size. > Is there a way to use i386 to show the correct size of memory ? The bios > shows 8G memory. Did I miss something to make it ? > Clarence > > Stuart Henderson () 在 2020年6月11日星期四 上午12:41:40 >[GMT+8] 寫道: > > On 2020-06-10, man Chan wrote: > > You mean the memory limitation of i386 is 4G. Am I right ? > > A 32-bit kernel can only access memory mapped to addresses below 4GB. > > The actual amount of memory that you can use depends on where the > BIOS/UEFI maps the memory (it reserves some addresses for device i/o > etc). > > That's why you see a lower "available memory" amount than 4GB. > >
Re: dmesg memory not match spdmem and bios
I just want to know why OpenBSD/i386 have the memory limit to 4G. Thanks for your reply. It is the design of OpenBSD/i386 is 32 bits OS not the hardware limitation. It is ok for me to run OpenBSD/amd64 on a i5 machine. Thanks Clarence Stuart Henderson () 在 2020年6月11日星期四 下午6:02:56 [GMT+8] 寫道: On 2020/06/11 05:04, man Chan wrote: > What make it different ? > > 1) arch==> i386 limit to 4G (dmesg) and spdmem show 8G , Bios show 8G > 2) arch==> amd64 memory show correct figure 8G (dmeag, spdmem and bios) > > 1 & 2 use the same machine with different arch. > > > So can I use the i5 core at i386 arch to use the correct size of memory > (i.e 8G) and how to make it work . You can't. OpenBSD/i386 is a 32-bit OS. This requires addresses that fit in 32 bits, that is the memory location is numbered 4294967295 (2^32) or lower. You are already seeing all the memory that can work with the 32-bit kernel. Why do you want to run i386 anyway? There are many downsides (less supported memory, fewer CPU registers which means that many programs run slower, fewer secury mitigations are available, more limited in terms of what software you can run on it, etc). To me, the only reason for running i386 on amd64-capable hardware is to compile software on a fast new machine to run on other old machines that can't run a 64-bit OS..
AX88179 usb gigabit ethernet
Hello, I recently brought a pci usb gigabit ethernet with chipset AX88179 and update the source to 5.4. After the making the 5.4 new kernel, I found out that I still can't use the usb gigabit enternet. Is there anyone using the usb gigabit ethernet under 5.4 ? Any idea to solve the problem ? The system report the usb gigabit ethernet as followings:- ugen0 at uhub1 port2 "ASIX Elec. Corp. AX88179" rev2.10/1.00 addr 2 Thanks. clarence
netstart error
Hello, After updating the source tree through cvs and make build, my system reported errors when starting netstart as followings :- netstart [226] dbteste_error: missing operator (offset -1) netstart [318] dbteste_error: netstart [323] .. I had updated the etc files using mergemaster... Any idea ? Clarence ___ YM - Bw=u0T.' 4N:b'A(S&3$W:t!A'A*:*B$M$4%i%H/d$U0T.'59'A!A7m'A$W:t.I4N/`%_'Y,](l!A%t&s;!8\3#IN(+%"!C http://messenger.yahoo.com.hk
標題: Re: ThinkPad testers required
--- Jesper Louis Andersen <[EMAIL PROTECTED]> ;!!G > imEnsion wrote: > > I have a thinkpad x22.. not sure if I can help, > but if i can slap a > > snapshot on the lappy, would it be of any help? > > Unfortunately not: > > >>Can people with the following laptops: > >> > >>- ThinkPad R50, R50p, R51, R52 > >>- ThinkPad T41, T41p, T42, T42p, T43, T43p > >>- ThinkPad X40 > >>- ThinkPad X41, X41 Tablet > > The reason is quite simple: x22 (and the x24 I own) > do not have the aps > system in them. Testing snapshots regularily is > however a good way to > produce a stable release, so it should be done > frequently. > > I like the idea of running -current on the laptop > and test boxes and > releases on the servers in production. That way you > can play with new > stuff quickly and be alerted when something changes > that impacts you > (proper mmap()-based malloc() comes to mind). > > I have a R51. Is there any difference if I installed the current-i386 on it using external disk through usb connection ? clarence ___ 7Q'Y.I&,(l7s email 3q*>!H $U8| Yahoo! Messenger http://messenger.yahoo.com.hk
add wireless router using openbsd-3.8 (i386)
Hello, I recently tried to setup a wireless AP machine using openbsd-3.8 (i386) without any luck. I tried to search the google to find out the way to solve my problem with no success. Can anyone show me the direction to do it ? Thanks for your time . clarence ps. 1. the hardware is Dlink 802.11b prism2.5 2. I can use wicontrol -l to list the connected machine. 3. I can use ssh from the window-xp to the AP machine 4. here is the diagram of my case internet <-- adsl -> obsd-3.6 <- switch -> wired clients | > AP (obsd3.8) | > wireless clients ___ 7Q'Y.I&,(l7s email 3q*>!H $U8| Yahoo! Messenger http://messenger.yahoo.com.hk
回覆: Re: add wireless router using openbsd-3.8 (i386)
Thanks. I find out that I have to setup a dns and pf at the AP in order to allowed the clients (window, obsd) to access the internet. However, it is plain text mode. Any idea (I am new to this sort of thing wireless setup). here is my configuration: ifconfig out put lo0: flags=8049 mtu 33224 groups: lo inet 127.0.0.1 netmask 0xff00 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5 rl0: flags=8943 mtu 1500 lladdr 00:e0:4c:3b:a9:ed groups: egress media: Ethernet autoselect (100baseTX full-duplex) status: active inet 192.168.1.120 netmask 0xff00 broadcast 192.168.1.255 inet6 fe80::2e0:4cff:fe3b:a9ed%rl0 prefixlen 64 scopeid 0x1 pflog0: flags=141 mtu 33224 pfsync0: flags=0<> mtu 1348 enc0: flags=0<> mtu 1536 wi0: flags=8d43 mtu 1500 lladdr 00:05:5d:d9:84:6c media: IEEE802.11 autoselect hostap (DS2) status: active ieee80211: nwid obsd-group 2dBm (auto) inet 192.168.2.1 netmask 0xff00 broadcast 192.168.2.255 inet6 fe80::205:5dff:fed9:846c%wi0 prefixlen 64 scopeid 0x6 bridge0: flags=41 mtu 1500 groups: bridge wicontrol output = NIC serial number: [ 99SA0100 ] Station name: [ air ] SSID for IBSS creation: [ obsd-group ] Current netname (SSID): [ obsd-group ] Desired netname (SSID): [ obsd-group ] Current BSSID: [ 00:05:5d:d9:84:6c ] Channel list: [ 2047 ] IBSS channel: [ 6 ] Current channel:[ 6 ] Comms quality/signal/noise: [ 0 81 27 ] Promiscuous mode: [ Off ] Process 802.11b Frame: [ Off ] Port type (1=BSS, 3=ad-hoc, 6=Host AP): [ 6 ] MAC address:[ 00:05:5d:d9:84:6c ] TX rate (selection):[ 3 ] TX rate (actual speed): [ 2 ] Maximum data length:[ 2304 ] RTS/CTS handshake threshold:[ 2347 ] Create IBSS:[ On ] Antenna diversity (0=auto,1=pri,2=aux): [ ] Microwave oven robustness: [ On ] Roaming mode(1=firm,3=disable): [ 1 ] Access point density: [ 1 ] Power Management: [ Off ] Max sleep time: [ 100 ] Enhanced Security mode: [ ] Intersil Prism2-based card: [ 1 ] Card info: [ PRISM2.5 ISL3873, Firmware 1.3.4 ] Encryption: [ Off ] Encryption algorithm: [ Firmware WEP ] Authentication type (1=OpenSys, 2=Shared Key): [ 1 ] TX encryption key: [ 1 ] Encryption keys:[ abcdef1234567 ][ ][ ][ ] air# cat /tmp/a NIC serial number: [ 99SA0100 ] Station name: [ air ] SSID for IBSS creation: [ obsd-group ] Current netname (SSID): [ obsd-group ] Desired netname (SSID): [ obsd-group ] Current BSSID: [ 00:05:5d:d9:84:6c ] Channel list: [ 2047 ] IBSS channel: [ 6 ] Current channel:[ 6 ] Comms quality/signal/noise: [ 0 81 27 ] Promiscuous mode: [ Off ] Process 802.11b Frame: [ Off ] Port type (1=BSS, 3=ad-hoc, 6=Host AP): [ 6 ] MAC address:[ 00:05:5d:d9:84:6c ] TX rate (selection):[ 3 ] TX rate (actual speed): [ 2 ] Maximum data length:[ 2304 ] RTS/CTS handshake threshold:[ 2347 ] Create IBSS:[ On ] Antenna diversity (0=auto,1=pri,2=aux): [ ] Microwave oven robustness: [ On ] Roaming mode(1=firm,3=disable): [ 1 ] Access point density: [ 1 ] Power Management: [ Off ] Max sleep time: [ 100 ] Enhanced Security mode: [ ] Intersil Prism2-based card: [ 1 ] Card info: [ PRISM2.5 ISL3873, Firmware 1.3.4 ] Encryption: [ Off ] Encryption algorithm: [ Firmware WEP ] Authentication type (1=OpenSys, 2=Shared Key): [ 1 ] TX encryption key: [ 1 ] Encryption keys:[ abcdef1234567 ][ ][ ][ ] = sysctl.conf net.inet.ip.forwarding=1 net.inet6.ip6.forwarding=1 Thomas <[EMAIL PROTECTED]> ;!!G > On 10/11/05, man Chan <[EMAIL PROTECTED]> > wrote: > > > > Hello, > > > > I
wireless pci card problem
Hello, I got a pci wireless yesterday. After the installation, the system reported that the following message:- rtw0 at pci0 dev 8 function 0 "Realtek 8185" rev 0x20: irq 11 rtw0: ver RTL8185, rtw0: could not recall EEPROM in 1us rtw0: could not recall EEPROM in 1us Does this mean that the card is not supported at the moment. It is surecom 9321g/2A Thanks. Clarence ___ 7Q'Y.I&,(l7s email 3q*>!H $U8| Yahoo! Messenger http://messenger.yahoo.com.hk
route problem
Hello, I have a route problem in setting up my home network. Here is the layout of it: internet | obsd3.6 (fw) | 192.168.1.254 | switch (wired) | | 192.168.1.230 (vr0 wired) | obsd-3.8 | | 192.168.2.1 (ral0 wireless) | clients (Xp) My problem is: the XP can ssh to the obsd-3.8 through wirelss. However it cannot access the internet. Thanks clarence ifconfig at 192.168.1.230 = lo0: flags=8049 mtu 33224 groups: lo inet 127.0.0.1 netmask 0xff00 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6 ral0: flags=8943 mtu 1500 lladdr 00:12:17:68:80:74 media: IEEE802.11 autoselect hostap status: active ieee80211: nwid obsd-group chan 6 bssid 00:12:17:68:80:74 100dBm inet 192.168.2.1 netmask 0xff00 broadcast 192.168.2.255 inet6 fe80::212:17ff:fe68:8074%ral0 prefixlen 64 scopeid 0x1 vr0: flags=8943 mtu 1500 lladdr 00:0d:87:b4:63:8f groups: egress media: Ethernet autoselect (100baseTX full-duplex) status: active inet 192.168.1.230 netmask 0xff00 broadcast 192.168.1.255 inet6 fe80::20d:87ff:feb4:638f%vr0 prefixlen 64 scopeid 0x2 pflog0: flags=0<> mtu 33224 pfsync0: flags=0<> mtu 1348 enc0: flags=0<> mtu 1536 bridge0: flags=41 mtu 1500 groups: bridge ___ 7Q'Y.I&,(l7s email 3q*>!H $U8| Yahoo! Messenger http://messenger.yahoo.com.hk
回覆: Re: route problem
--- Greg Thomas <[EMAIL PROTECTED]> ;!!G > On 10/15/05, man Chan <[EMAIL PROTECTED]> > wrote: > > > > Hello, > > > > I have a route problem in setting up my home > network. > > Here is the layout of it: > > > > internet > > | > > obsd3.6 (fw) > > | 192.168.1.254 <http://192.168.1.254> > > | > > switch (wired) > > | > > | 192.168.1.230 <http://192.168.1.230> (vr0 wired) > > | > > obsd-3.8 > > | > > | 192.168.2.1 <http://192.168.2.1> (ral0 wireless) > > | > > clients (Xp) > > > > My problem is: the XP can ssh to the obsd-3.8 > through > > wirelss. However it cannot access the internet. > > As I mentioned before you probably don't have a > route on your 3.6 box to > your 192.168.2.0 <http://192.168.2.0> network. And > do your pf rules on the > 3.6 box allow the 192.168.2.0 <http://192.168.2.0> > network to reach the > internet? > Greg > > Thanks Greg. I finally fixed all the problems. Since I added another AP machine (192.168.3.1) for testing purpose, I may mesh up something. The next step for my case is to make the wireless channel excrypted. Any pointers ? Thanks. Clarence ___ 7Q'Y.I&,(l7s email 3q*>!H $U8| Yahoo! Messenger http://messenger.yahoo.com.hk ___ 7Q'Y.I&,(l7s email 3q*>!H $U8| Yahoo! Messenger http://messenger.yahoo.com.hk
DNS question
Hello, I have a problem in DNS. Here is the diagram of my network. internet | V ISP | V obsd-3.6 (FW,DNS) 192.168.1.0/24 | V switch <-wired-> obsd-3.8-AP <-wireless-> obsd,window-xp |--> 192,168.2.0/24 1. I have setup routes that obsd-3.6(FW,DNS) between obsd-3.8-AP. 2. I have setup intructs the obsd and the window-xp to use the nameserver at obsd-3.6(FW,DNS). 3. I can ping the internet using IP like 129.128.5.191 (www.openbsd.org) at obsd, window-xp. However, I can't ping with the names like www.openbsd.org. I would like to know if it is possible for the obsd and the window-xp client to access the nameserver at obsd-3.6 (FW) Thanks Clarence ___ 7Q'Y.I&,(l7s email 3q*>!H $U8| Yahoo! Messenger http://messenger.yahoo.com.hk
回覆: Re: openbsd as secure accesspoint documentation/tutorial
Hi, I am searching the similar setup for a few days. I have questions like this. openbsd-AP <---> xp for simplicity, forget about the pf baba... at the mement. I just want it connected with ssh tunnel. 1. how can the xp connect to the openbsd-AP (through Authpf or ??) I mixed up the idea of authpf and putty connection. Can anyone show me the correct procedures how it works. Thanks Clarence --- Josh Grosse <[EMAIL PROTECTED]> ;!!G > On Tue, Nov 01, 2005 at 09:14:52PM +0100, Didier > Wiroth wrote: > > Hello, > > I was wondering if there are users using openbsd > wifi accesspoints in a multi windows os environment > like: > > windows mobile 2003, windows mobile 5, xp. > > > > Do you know about tutorials or documentation on > how to setup such a "secure" openbsd accesspoint? > > > > I must honestly admit that I don't know which > secure technology to use to be able to connect with > all different clients, especially windows mobile > wifi clients. > > > > I would really appreciate any suggestions. > > Authpf(8) is a common tool for wifi authentication > -- I use it with W2K, WME, > W98, and OBSD clients. The Windows platforms all > run putty. > > Since wifi isn't secure -- you'll want to set up > encrypted connections for > your clients. I use ssh to tunnel everything, and > to provide SOCKS proxy > services as well. Your environment may need more > than that, if so, you can > use vpn(8) or the OpenVPN port. > > ___ 7Q'Y.I&,(l7s email 3q*>!H $U8| Yahoo! Messenger http://messenger.yahoo.com.hk
OPENVPN - openssl question
hello, For the past week, I am trying to get information to setup a sceure way for my obsd(3.8)AP <---> XP. I find the following document: http://www50.brinkster.com/dachee/OpenVPN.htm Is there anyone try this out successfully ? As I was stopped at the OpenSSL CA & Certificates. The error is like this === openssl req -new -x509 -keyout private/CA_key.pem -out CA_cert.pem -days 9125 Error Loading extension section CA_extensions 12446:error:2207C082:X509 V3 routines:DO_EXT_CONF:unknown extension name:/usr/src/lib/libssl/src/crypto/x509v3/v3_conf.c:123: 12446:error:2206B080:X509 V3 routines:X509V3_EXT_conf:error in extension:/usr/src/lib/libssl/src/crypto/x509v3/v3_conf.c:92:name=default_days, value=9125 The openssl.cnf is --- [ ca ] # Default directives for ca command default_ca=CA_default # reference to a new section name [ CA_default ] # Default directives for the ca command # referred from [ ca ] section dir =/etc/ssl # openssl working directory crl_dir =$dir/crl # directory for certificate revoke file database =$dir/index.txt # index file for every issued certificate new_certs_dir =$dir/certs # where copies of each certificate is stored. # each copy is identified as nn.pem # nn corresponds with the index number in index.txt certificate =$dir/CA_cert.pem # Name of the Certificate Authority¡¦s Certificate # File is used in signing or revoking a certificate serial=$dir/serial # The serial number to use for the next certificate # Same as ¡¥serialfile¡¦ option and serials text. crl =$dir/crl/crl.pem # File that contains the list of revoked certificates. private_key =$dir/private/CA_key.pem # Private key of the Certificate Authority RANDFILE =$dir/private/.rand # Private random number file default_days =9125 # Days a signed cert is valid default_crl_days =30 # Days before the next certificate revocation list default_md=md5 # Message digest algorithm- md5, sh1 or mdc2 unique_subject=yes # All certificates must have a unique, distinguished name policy=policy_any # Reference section for policy enforced when signing a request x509_extensions =user_extensions # reference section when ca command signs certificate [ policy_any ] # Default directives while signing a request # Referenced from [ CA_default ] section organizationName=match # organizationName must match CA_cert organizationalUnitName =optional # certificate does not have to have organizationalUnitName commonName =supplied # certificate must have commonName but is supplied by user [ req ] # Default directives for the req command # (Public Key is contained in the certificate request) default_bits=2048 default_keyfile =privkey.pem # default key file location but ¡Vkeyout command overrides distinguished_name =req_distinguished_name # Reference section for assembling the distinguished name x509_extensions =CA_extensions # Reference section when req & ¡Vx509 commands are invoked [ req_distinguished_name ] # Default directives for the req command # referenced from [ req ] section # Presents user prompts to assemble the distinguish name organizationName=Organization Name (must match CA) organizationName_default=ORGNAME # REPLACE VALUE AS PROMPT DEFAULT FOR YOUR ORG organizationalUnitName =Location Name commonName =Common User or Org Name # These two values above can be changed but not required. # their values will appear as prompts when creating certs/keys. # Max characters in common name. commonName_max =64 [ user_extensions ] # default directives when ca command signs a certificate # referenced from [ CA_default ] basicConstraints=CA:FALSE # The certificate is not allowed to sign other objects [ CA_extensions ] # default directives for req & ¡Vx509 command # referenced from [ req ] section # added extensions when request creates self signed certificate basicConstraints=CA:TRUE # Certificate is allowed to sign other new certificates. default_days =9125 # Days a self sign cert is valid. If not used, the default # of 30 days may be applied and VPN clients will not be able # to connect after it expires. [ server ] # Optional directives for ca & ¡Vextensions server commands # Overrides [ user_extensions ] section normally referenced # by the ca command alone. basicConstraints=CA:FALSE nsCertType =server # signing a server certificate requires this extension to # prevent man in the middle attacks. Allows OpenVPN clients # to use ns-cert-type server in OpenVPN configuration file. --- Thanks clarence ___ 7Q'Y.I&,
回覆: OPENVPN - openssl question
Is there any difference between openssl 0.9.7d and openssl 0.9.7g. ? The said http used 0.9.7d but mine is 0.9.7g. clarence --- man Chan <[EMAIL PROTECTED]> ;!!G > hello, > > For the past week, I am trying to get information to > setup a sceure way for my obsd(3.8)AP <---> XP. I > find the following document: > > http://www50.brinkster.com/dachee/OpenVPN.htm > > Is there anyone try this out successfully ? As I was > stopped at the OpenSSL CA & Certificates. The error > is like this > > === > openssl req -new -x509 -keyout private/CA_key.pem > -out > CA_cert.pem -days 9125 > Error Loading extension section CA_extensions > 12446:error:2207C082:X509 V3 > routines:DO_EXT_CONF:unknown extension > name:/usr/src/lib/libssl/src/crypto/x509v3/v3_conf.c:123: > 12446:error:2206B080:X509 V3 > routines:X509V3_EXT_conf:error in > extension:/usr/src/lib/libssl/src/crypto/x509v3/v3_conf.c:92:name=default_days, > value=9125 > > > The openssl.cnf is > > --- > > [ ca ] > # Default directives for ca command > > default_ca=CA_default > # reference to a new section name > > [ CA_default ] > > # Default directives for the ca command > # referred from [ ca ] section > > dir =/etc/ssl > # openssl working directory > > crl_dir =$dir/crl > # directory for certificate revoke file > > database =$dir/index.txt > # index file for every issued certificate > > new_certs_dir =$dir/certs > # where copies of each certificate is stored. > # each copy is identified as nn.pem > # nn corresponds with the index number in index.txt > > certificate =$dir/CA_cert.pem > # Name of the Certificate Authority¡¦s > Certificate > # File is used in signing or revoking a certificate > > serial=$dir/serial > # The serial number to use for the next certificate > # Same as ¡¥serialfile¡¦ option > and serials text. > > crl =$dir/crl/crl.pem > # File that contains the list of revoked > certificates. > > private_key =$dir/private/CA_key.pem > # Private key of the Certificate Authority > > RANDFILE =$dir/private/.rand > # Private random number file > > default_days =9125 > # Days a signed cert is valid > > default_crl_days =30 > # Days before the next certificate revocation list > > default_md=md5 > # Message digest algorithm- md5, sh1 or mdc2 > > > unique_subject=yes > # All certificates must have a unique, distinguished > name > > > policy=policy_any > # Reference section for policy enforced when signing > a > request > > x509_extensions =user_extensions > # reference section when ca command signs > certificate > > [ policy_any ] > # Default directives while signing a request > # Referenced from [ CA_default ] section > > > organizationName=match > # organizationName must match CA_cert > > organizationalUnitName =optional > # certificate does not have to have > organizationalUnitName > > commonName =supplied > > # certificate must have commonName but is supplied > by > user > > [ req ] > # Default directives for the req command > # (Public Key is contained in the certificate > request) > > default_bits=2048 > > default_keyfile =privkey.pem > # default key file location but ¡Vkeyout > command > overrides > > > distinguished_name =req_distinguished_name > # Reference section for assembling the distinguished > name > > x509_extensions =CA_extensions > # Reference section when req & ¡Vx509 commands > are invoked > > [ req_distinguished_name ] > # Default directives for the req command > # referenced from [ req ] section > # Presents user prompts to assemble the distinguish > name > > organizationName=Organization Name (must > match > CA) > > organizationName_default=ORGNAME > # REPLACE VALUE AS PROMPT DEFAULT FOR YOUR ORG > > organizationalUnitName =Location Name > > commonName =Common User or Org Name > > # These two values above can be changed but not > required. > # their values will appear as prompts when creating > certs/keys. > # Max characters in common name. > > commonName_max =64 > > [ user_extensions ] > # default directives when ca command signs a > certificate > # referenced from [ CA_default ] > > basicConstra
radius on openbsd
Hello, I would like t know where can I get the authentication users using LDAP via Radius as it seems unavailable at the openbsd journel. Any pointers ? Thanks. Clarence ___ 7Q'Y.I&,(l7s email 3q*>!H $U8| Yahoo! Messenger http://messenger.yahoo.com.hk
two bridges setup
Hello, I have the following hardware setup and would like to know is it possible to setup two bridges . Thanks for your effort. obsd-3.8 stable (APs) |__ rl0 |__ral0 |__wi0 clarence ___ kx>S O" - Yahoo! Messenger >MKcDc]SPIO>W#,Dc5DEsSQHT?IRTAtOBS O"=oDc#,.DcIO>Wr>MD\A"<4?45=#,HN:NUfT6<SW_J'!# http://messenger.yahoo.com.hk
Hylafax 6.0.5p0
Dear All, I am now try to setup the hylafax 6.0.5 for my machine running openbsd-5.0 stable. I go through all the processes faxsetup, faxaddmodem with no luck. Can anyone show me some pointer of examples that works. Thanks. Clarence