Re: CARP on 9.0 (was no subject)
On Fri, Aug 26, 2011 at 10:00 PM, Johan Hendriks jo...@double-l.nl wrote: SOLVED! Was a typo in /etc/sysctl.conf Sorry for the noise and thanks for your time. regards Johan Van: owner-freebsd-curr...@freebsd.org [owner-freebsd-curr...@freebsd.org] namens Johan Hendriks [jo...@double-l.nl] Verzonden: vrijdag 26 augustus 2011 20:22 Aan: Brian Seklecki (Mobile); freebsd-questions@freebsd.org CC: freebsd-curr...@freebsd.org Onderwerp: RE: CARP on 9.0 (was no subject) How about: %sudo netstat -s carp ...on both machines. A few years ago I submitted (or maybe it was Steve Polyack) a patch to add debugging to CARP, not sure if it ever got commited. Need-more-Cisco'sih-Debugging. ~BAS On Fri, 26 Aug 2011, Patrick Lamaiziere wrote: Le Fri, 26 Aug 2011 15:26:28 +, Johan Hendriks jo...@double-l.nl a ?crit : I am trying to set up CARP under 9.0 ... Also with a higer value like advskew 200 or 254 the role of the servers stays the same. Ok, there is something wrong so. Did you check that the sysctl net.inet.carp.suppress_preempt is equal to zero ? If yes, I don't have any more idea. Regards. Hello first off all thanks for your time. sysctl -a | grep carp on both machines give me the following output sysctl -a | grep carp device carp net.inet.ip.same_prefix_carp_only: 0 net.inet.carp.allow: 1 net.inet.carp.preempt: 0 net.inet.carp.log: 2 net.inet.carp.arpbalance: 0 net.inet.carp.suppress_preempt: 0 netstat -s on the master carp: 260 packets received (IPv4) 0 packets received (IPv6) 0 packets discarded for wrong TTL 0 packets shorter than header 0 discarded for bad checksums 0 discarded packets with a bad version 0 discarded because packet too short 0 discarded for bad authentication 0 discarded for bad vhid 0 discarded because of a bad address list 11430 packets sent (IPv4) 0 packets sent (IPv6) 0 send failed due to mbuf memory error netstat -s on the slave carp: 11735 packets received (IPv4) 0 packets received (IPv6) 0 packets discarded for wrong TTL 0 packets shorter than header 0 discarded for bad checksums 0 discarded packets with a bad version 0 discarded because packet too short 0 discarded for bad authentication 0 discarded for bad vhid 0 discarded because of a bad address list 448 packets sent (IPv4) 0 packets sent (IPv6) 0 send failed due to mbuf memory error tcpdump -i bge0 on slave 20:10:48.868200 IP 192.168.50.40 vrrp.mcast.net: VRRPv2, Advertisement, vrid 1, prio 50, authtype none, intvl 1s, length 36 Here the advskew is set to 50, on the slave it is 20. So the slave should be the master. if i raise the advskew to 254, i see the change in the capture. Both machines are fresh install with nothing changed on them so far just a fresh build from a csup this morning. And installed bash as the shell.. for freebsd-current@ the /etc/rc.conf file again Master ifconfig_bge0=inet 192.168.50.40 netmask 255.255.255.0 defaultrouter=192.168.50.150 # CARP cloned_interfaces=carp0 ifconfig_carp0=vhid 1 advskew 10 pass letmepass 192.168.50.45 netmask 255.255.255.0 On the slave i have the following in /etc/rc.conf ifconfig_bge0=inet 192.168.50.41 netmask 255.255.255.0 defaultrouter=192.168.50.150 # CARP cloned_interfaces=carp0 ifconfig_carp0=vhid 1 advskew 20 pass letmepass 192.168.50.45 netmask 255.255.255.0 regards, Johan ___ freebsd-curr...@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org ___ freebsd-curr...@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to freebsd-current-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Need an audio multicasting solution
Colleagues, I need a solution to read sound from a soundcard (/dev/dsp) and multicast it into the network, for the multicast audio stream to be played on FreeBSD, Linux and Windows workstations. No sophisticated codecs needed, plain PCM would do. Can you advise something? I know that in theory there are many ways to implement this, but I am especially interested in personal first-hand experience, success stories or good white papers. Please no lmgtfu-type replies. Thanks very much in advance. -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: get rel 9.0 iso
I think dvd1.iso was 700 MB and would therefore fit on a CD? I just checked, it was 700 MB: Index of ftp://ftp.freebsd.org/pub/FreeBSD/releases/amd64/amd64/ISO-IMAGES/9.0/ Up to higher level directory NameSizeLast Modified File:CHECKSUM.MD5 1 KB09/01/1100:00:00 File:CHECKSUM.SHA2561 KB09/01/1100:00:00 File:FreeBSD-9.0-BETA2-amd64-bootonly.iso 142490 KB 08/31/11 18:45:00 File:FreeBSD-9.0-BETA2-amd64-dvd1.iso 621926 KB 08/31/1118:43:00 File:FreeBSD-9.0-BETA2-amd64-memstick.img 666990 KB 08/31/11 18:46:00 (end of quote) My computer from July 2001 had CD-RW but no DVD. This was one of the factors pushing me to buy parts for a new computer. FreeBSD 8.2 slice on old computer is about 12 GB with 1.3 GB free; RAM is 256 MB. So a better way to upgrade to 9.0 might be to build on the new computer onto a 16 GB USB stick, I wouldn't even need to keep the ports tree or system source on the USB stick. I assume booting a USB stick with Plop would work on the 2001 computer with FreeBSD as it did with NetBSD 4.0.1 and NetBSD-current. Due to insufficient RAM and insufficient disk space for the bigger packages/ports, I feel like I'm at the end of the line with FreeBSD, NetBSD too, on the 2001 computer; would need to build on my new computer. Tom ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: get rel 9.0 iso
Thomas Mueller mueller6727@bellsouth.net wrote: I think dvd1.iso was 700 MB and would therefore fit on a CD? I just checked, it was 700 MB: Index of ftp://ftp.freebsd.org/pub/FreeBSD/releases/amd64/amd64/ISO-IMAGES/9.0/ Up to higher level directory NameSizeLast Modified File:CHECKSUM.MD5 1 KB09/01/1100:00:00 File:CHECKSUM.SHA2561 KB09/01/1100:00:00 File:FreeBSD-9.0-BETA2-amd64-bootonly.iso 142490 KB 08/31/11 18:45:00 File:FreeBSD-9.0-BETA2-amd64-dvd1.iso 621926 KB 08/31/1118:43:00 File:FreeBSD-9.0-BETA2-amd64-memstick.img 666990 KB 08/31/11 18:46:00 (end of quote) My computer from July 2001 had CD-RW but no DVD. This was one of the factors pushing me to buy parts for a new computer. FreeBSD 8.2 slice on old computer is about 12 GB with 1.3 GB free; RAM is 256 MB. So a better way to upgrade to 9.0 might be to build on the new computer onto a 16 GB USB stick, I wouldn't even need to keep the ports tree or system source on the USB stick. I assume booting a USB stick with Plop would work on the 2001 computer with FreeBSD as it did with NetBSD 4.0.1 and NetBSD-current. Due to insufficient RAM and insufficient disk space for the bigger packages/ports, I feel like I'm at the end of the line with FreeBSD, NetBSD too, on the 2001 computer; would need to build on my new computer. Tom The dvd1.iso file is less than 700mb and would fit on a standard cd. But the point is you do not install from a .iso file. The .iso file is a compressed file and when you uncompress it it's way to large to fit on a standard cd but will fit on a dvd. Thats why its named dvd1.iso. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Help with crash dump
2011-09-08 22:11, Andrea Venturoli skrev: Hello. Anyone can give any hint on this? Guessing! You have run out of swapspace, based on these 2 lines panic: ffs_write: dir write current process = 0 (swapper) Or you have a hardware error. Does the current process change between panics or is it always the same? I'm in no sense a kernel debugger, but it's a hint. I really have no clue. bye Thanks av. # uname -a FreeBSD x..it 7.3-RELEASE-p4 FreeBSD 7.3-RELEASE-p4 #1: Wed Dec 15 11:53:13 CET 2010 r...@x..it:/usr/obj/usr/src/sys/x i386 # kgdb kernel.debug /var/crash/vmcore.17 GNU gdb 6.1.1 [FreeBSD] Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type show copying to see the conditions. There is absolutely no warranty for GDB. Type show warranty for details. This GDB was configured as i386-marcel-freebsd... Unread portion of the kernel message buffer: panic: ffs_write: dir write cpuid = 3 Uptime: 26d9h4m27s Physical memory: 2033 MB Dumping 300 MB: 285 269 253 237 221 205 189 173 157 141 125 109 93 77kernel trap 12 with interrupts disabled Fatal trap 12: page fault while in kernel mode cpuid = 3; apic id = 03 fault virtual address = 0x14 fault code = supervisor read, page not present instruction pointer = 0x20:0xc059accb stack pointer = 0x28:0xc0c20ccc frame pointer = 0x28:0xc0c20cec code segment = base 0x0, limit 0xf, type 0x1b = DPL 0, pres 1, def32 1, gran 1 processor eflags = resume, IOPL = 0 current process = 0 (swapper) trap number = 12 panic: page fault cpuid = 3 61 45 29 13 Reading symbols from /boot/kernel/splash_bmp.ko...Reading symbols from /boot/kernel/splash_bmp.ko.symbols...done. done. Loaded symbols for /boot/kernel/splash_bmp.ko Reading symbols from /boot/kernel/geom_stripe.ko...Reading symbols from /boot/kernel/geom_stripe.ko.symbols...done. done. Loaded symbols for /boot/kernel/geom_stripe.ko Reading symbols from /boot/kernel/acpi.ko...Reading symbols from /boot/kernel/acpi.ko.symbols...done. done. Loaded symbols for /boot/kernel/acpi.ko #0 doadump () at pcpu.h:196 196 __asm __volatile(movl %%fs:0,%0 : =r (td)); (kgdb) bt #0 doadump () at pcpu.h:196 #1 0xc0563d48 in boot (howto=260) at /usr/src/sys/kern/kern_shutdown.c:418 #2 0xc0564025 in panic (fmt=Variable fmt is not available. ) at /usr/src/sys/kern/kern_shutdown.c:574 #3 0xc06cd16d in ffs_write (ap=0xe6912a44) at /usr/src/sys/ufs/ffs/ffs_vnops.c:667 #4 0xc0740640 in VOP_WRITE_APV (vop=0xc07ba4e0, a=0xe6912a44) at vnode_if.c:691 #5 0xc06fd8d6 in vnode_pager_generic_putpages (vp=0xc672f678, m=0xe6912bb0, bytecount=Variable bytecount is not available. ) at vnode_if.h:373 #6 0xc05d4a5f in vop_stdputpages (ap=0xe6912ad4) at /usr/src/sys/kern/vfs_default.c:540 #7 0xc073faf3 in VOP_PUTPAGES_APV (vop=0xc07ba4e0, a=0xe6912ad4) at vnode_if.c:2189 #8 0xc06fda5f in vnode_pager_putpages (object=0xcb14ac80, m=0xe6912bb0, count=1, sync=0, rtvals=0xe6912b20) at vnode_if.h:1164 #9 0xc06f730b in vm_pageout_flush (mc=0xe6912bb0, count=1, flags=0) at vm_pager.h:148 #10 0xc06f7661 in vm_pageout_clean (m=Variable m is not available. ) at /usr/src/sys/vm/vm_pageout.c:403 #11 0xc06f92a2 in vm_pageout () at /usr/src/sys/vm/vm_pageout.c:1017 #12 0xc053e9a1 in fork_exit (callout=0xc06f82d6 vm_pageout, arg=0x0, frame=0xe6912d38) at /usr/src/sys/kern/kern_fork.c:811 #13 0xc0718b30 in fork_trampoline () at /usr/src/sys/i386/i386/exception.s:271 (kgdb) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Can't log in as toor since package update
I use the toor login on my FreeBSD systems to log in with the korn shell. Since August 22, When I try to log in as toor or even when I try to su - toor, I get logged in as root. For example: ushers# ssh -l toor woodstock Password: Last login: Fri Sep 9 06:30:23 2011 from 172.16.175.216 Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD 8.2-RELEASE-p1 (WOODSTOCK) #1: Mon Jul 11 09:05:07 CDT 2011 woodstock# who am i root 0Sep 9 07:46 woodstock# su - toor woodstock# who am i root 0Sep 9 07:47 Unfortunately, I haven't tried to log in since a package update I did around August 22, so I didn't notice this problem until now. Does anybody have any idea what might be causing this? -- Paul Keusemannpkeu...@visi.com 4266 Joppa Court (952) 894-7805 Savage, MN 55378 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Need an audio multicasting solution
On Fri, Sep 9, 2011 at 2:21 AM, Victor Sudakov v...@mpeks.tomsk.su wrote: Colleagues, I need a solution to read sound from a soundcard (/dev/dsp) and multicast it into the network, for the multicast audio stream to be played on FreeBSD, Linux and Windows workstations. No sophisticated codecs needed, plain PCM would do. Can you advise something? I know that in theory there are many ways to implement this, but I am especially interested in personal first-hand experience, success stories or good white papers. Please no lmgtfu-type replies. Thanks very much in advance. I doubt people in this list are the lmgtfu type! I use Icecast on FBSD and it works great. For the client though we use Ubuntu with idjc and Jack. Probably Jack works well on FBSD (http://www.freebsd.org/cgi/cvsweb.cgi/ports/audio/jack_mixer/) and you could run everything on a single node, but from my experience with Jack on Linux, it probably ain't gonna be easy. Nevertheless, the _usual_ way is having your *cast daemon on a server with ample bandwidth and the client(s) is separate node. For us, the Icecast FBSD server + idjc/Jack on Linux is a great combination but YMMV. Regards, -- Alejandro Imass -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN sip:suda...@sibptus.tomsk.ru ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Can't log in as toor since package update
On Fri, 9 Sep 2011, Paul Keusemann wrote: I use the toor login on my FreeBSD systems to log in with the korn shell. Since August 22, When I try to log in as toor or even when I try to su - toor, I get logged in as root. For example: ushers# ssh -l toor woodstock Password: Last login: Fri Sep 9 06:30:23 2011 from 172.16.175.216 Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD 8.2-RELEASE-p1 (WOODSTOCK) #1: Mon Jul 11 09:05:07 CDT 2011 woodstock# who am i root 0Sep 9 07:46 This has been entirely normal since I have been using toor - sometime around 5.X. Toor is root. If you are not in your korn shell, you should check that it is install and the path is correct in passwd. If you have been running at toor with the thought that somehow it is better than running as root, you are mistaken. You should have a normal user account to use for most everyday tasks. You can put that user in the wheel group if you want to be able to su to root. woodstock# su - toor woodstock# who am i root 0Sep 9 07:47 Unfortunately, I haven't tried to log in since a package update I did around August 22, so I didn't notice this problem until now. Does anybody have any idea what might be causing this? The fact that user 0 is root to the system. Calling it toor to use an alternate shell does not change that. -- Lars Eighner http://www.larseighner.com/index.html 8800 N IH35 APT 1191 AUSTIN TX 78753-5266 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Can't log in as toor since package update
On 9/9/2011 8:52 AM, Paul Keusemann wrote: I use the toor login on my FreeBSD systems to log in with the korn shell. Since August 22, When I try to log in as toor or even when I try to su - toor, I get logged in as root. For example: ushers# ssh -l toor woodstock Password: Last login: Fri Sep 9 06:30:23 2011 from 172.16.175.216 Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD 8.2-RELEASE-p1 (WOODSTOCK) #1: Mon Jul 11 09:05:07 CDT 2011 woodstock# who am i root 0Sep 9 07:46 woodstock# su - toor woodstock# who am i root 0Sep 9 07:47 Unfortunately, I haven't tried to log in since a package update I did around August 22, so I didn't notice this problem until now. Does anybody have any idea what might be causing this? That seems to be the normal behavior, because toor has the id of root. I'm running 8.2-RELEASE, and that seems to be normal behavior. On one of my systems: [root@mail01]~# who am i root 1Sep 9 09:26 [root@mail01]~# su - toor [toor@mail01]~# who am i root 1Sep 9 09:26 [toor@mail01]~# ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Help with crash dump
On 09/09/11 14:26, Bernt Hansson wrote: You have run out of swapspace, based on these 2 lines panic: ffs_write: dir write current process = 0 (swapper) Hmmm... Cacti woldn't think so: the graph about swap space is plain flat (round 0%, by the way); of course it could have risen so fast that it reached 100% between two consecutive polls, but I doubt it. Besides, why would the system crash for such a reason? I'd expect application failing, not the whole kernel. Am I wrong? Or you have a hardware error. SOB! I hope not. RAM is fine, HDs are SAS RAID with a good contoller which should have detected failures... What else can I check? Does the current process change between panics or is it always the same? Right now I've only had this crash (and hope no other will follow). In the worst case, I'll take notice. I'm in no sense a kernel debugger, but it's a hint. I appreciate your interest anyway. bye Thanks av. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
portmaster -r libnotify-0 problems
Hi, I've been trying to update libnotify and libproxy following the instructions in UPDATING, which is to do portmaster -r libnotify-0 This trys to install ghostscript9, and fails. Apparently ghostscript9 conflicts with ghostscript8-8.71_6, which presumably is the reason for the failure. Could someone help me resolve this? The obvious solution of pkg_delete ghostscript8-8.71_6 doesn't work, because too many installed ports depend on ghostscript8-8.71_6. Thanks in advance, Scott -- s...@ssr.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Can't log in as toor since package update
On 09/09/11 07:52, Paul Keusemann wrote: I use the toor login on my FreeBSD systems to log in with the korn shell. Since August 22, When I try to log in as toor or even when I try to su - toor, I get logged in as root. For example: ushers# ssh -l toor woodstock Password: Last login: Fri Sep 9 06:30:23 2011 from 172.16.175.216 Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD 8.2-RELEASE-p1 (WOODSTOCK) #1: Mon Jul 11 09:05:07 CDT 2011 woodstock# who am i root 0Sep 9 07:46 woodstock# su - toor woodstock# who am i root 0Sep 9 07:47 Unfortunately, I haven't tried to log in since a package update I did around August 22, so I didn't notice this problem until now. Does anybody have any idea what might be causing this? OK, a couple of clarifications: - First, this is a shell problem, not a user id problem. - Second, su does give me the correct shell. In my earlier frustrated state, I did not check to make sure I was getting a csh shell from su. I have narrowed this down a little further and found a workaround. Normally, the way I start an admin shell on my FreeBSD machine via a menu item that runs a command something like this: ssh -l toor woodstock /usr/local/bin/xterm +ut -ls Up until August 22 or September 6, this would give me an xterm running a korn shell but now is giving me csh shell. The xterm package was updated September 6 but I don't see anything obvious in the change log. A quick look at the xterm man page shows me the login shell can be specified on the command line, so it looks like that is what I will have to do. I am still curious about what has changed in the last couple of weeks though. -- Paul Keusemannpkeu...@visi.com 4266 Joppa Court (952) 894-7805 Savage, MN 55378 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Printing from Firefox broken after update.
Since a while back I've had a problem with printing from Firefox. I get this error in CUPS when I try to print. /usr/local/libexec/cups/filter/pdftops failed I have done the following: portmaster -t -f print/cups portmaster -t -f www/firefox But it has not helped. I would like some help to identify the problem Thanks /Leslie ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Printing from Firefox broken after update.
On Fri, 09 Sep 2011 17:47:16 +0200 Leslie Jensen les...@eskk.nu wrote: /usr/local/libexec/cups/filter/pdftops failed Does the file exist? -- Rares Aioanei ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: get rel 9.0 iso
The dvd1.iso file is less than 700mb and would fit on a standard cd. But the point is you do not install from a .iso file. The .iso file is a compressed file and when you uncompress it it's way to large to fit on a standard cd but will fit on a dvd. Thats why its named dvd1.iso. __**_ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/**mailman/listinfo/freebsd-**questionshttp://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-** unsubscr...@freebsd.org freebsd-questions-unsubscr...@freebsd.org I just burned the dvd1.iso to a cd-r this morning and used it to install to a laptop. Worked great. I think there is some confusion about compression on the iso file. There is none on the file in question. Previous DVD iso files have been compressed, which gives it a filename of dvd1.iso.xz. The 9.0BETA2 file is not compressed though. Mike Kelly ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Printing from Firefox broken after update.
2011-09-09 18:17, Rares Aioanei skrev: On Fri, 09 Sep 2011 17:47:16 +0200 Leslie Jensenles...@eskk.nu wrote: /usr/local/libexec/cups/filter/pdftops failed Does the file exist? Yes! -r-xr-xr-x 1 root wheel 20112 9 Sep 09:12 /usr/local/libexec/cups/filter/pdftops ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
VPN problem
Hi; I've been having this problem establishing a VPN behind a FreeBSD 8-STABLE with pf. I have this scenario: home LAN FBSD+pf home INTERNET --- FBSD+pf work --- work LAN MPD VPN server nat rules on FBSD+pf home: nat on $ext_if from $int_if:network to any - ($ext_if) port 1024:65535 # nat on $ext_if from any to any - ($ext_if) port 1024:65535 obs- it makes no difference which nat rule I use. The problem persists. These are the first 5 pf rules on FBSD+pf home: # pass quick all pass quick on lo0 all # my whole home lan is free pass in quick on $int_if from $int_if:network to any #--- Allow networks to see themselves and dns pass quick from $int_if:network to $int_if:network #--- Allow vpns from anywhere to anywhere pass in quick log on $int_if proto gre from any to any keep state pass in quick log on $int_if proto tcp from any to any port pptp flags S/SA keep state On any attempt to connect to the FBSD+pf work VPN Server from home LAN, I get this (even if I uncomment pass quick all): #mpd5 Multi-link PPP daemon for FreeBSD process 98799 started, version 5.5 (root@Papi 16:55 3-Sep-2011) CONSOLE: listening on 127.0.0.1 5005 web: listening on 127.0.0.1 5006 [B1] Bundle: Interface ng0 created [L1] [L1] Link: OPEN event [L1] LCP: Open event [L1] LCP: state change Initial -- Starting [L1] LCP: LayerStart [L1] PPTP call successful [L1] Link: UP event [L1] LCP: Up event [L1] LCP: state change Starting -- Req-Sent [L1] LCP: SendConfigReq #1 [L1] ACFCOMP [L1] PROTOCOMP [L1] ACCMAP 0x000a [L1] MRU 1486 [L1] MAGICNUM 2d08ae01 [snip..] [L1] LCP: SendConfigReq #10 [L1] ACFCOMP [L1] PROTOCOMP [L1] ACCMAP 0x000a [L1] MRU 1486 [L1] MAGICNUM 2d08ae01 [L1] LCP: parameter negotiation failed [L1] LCP: state change Req-Sent -- Stopped [L1] LCP: LayerFinish [L1] PPTP call terminated [L1] Link: DOWN event [L1] LCP: Close event [L1] LCP: state change Stopped -- Closed [L1] LCP: Down event [L1] LCP: state change Closed -- Initial BUT, on the 9th or 10th attempt, without touching any setting anywhere, the VPN MAY BE established. out of nothing ! Machines (Windows, Unix, whatever) behind both FBSD+pfs ALSO have the same problem when trying to close VPN tunnels to outside sites. Sometimes, opening an ssh session from my workstation to FBSD+pf work may help in establishing the VPN. The FBSD+pf work VPN Server is working fine. My colleagues can connect to it from their homes (NATted cable modems or 3G modems) without problems. I am the only one behind a FBSD+pf router. I installed MPD5 on FBSD+pf home, and copied mpd.conf from my home workstation to it. Without touching a single setting on mpd.conf, the VPN is established from FBSD+pf home (as a client) to FBSD+pf work WITHOUT any hiccups on EVERY SINGLE attempt! even I bring it up/down 200 times! And yet, if the FBSD+pf combo is out of the way, (i.e. no NAT!, as is the case of FBSD+pf home as a client) or if I let my cable modem do the NAT/routing, the problem is GONE!. FreeBSD work FreeBSD 8.2-STABLE #0: Mon Aug 22 14:50:42 BRT 2011 amd64 FreeBSD Home FreeBSD FreeBSD 8.2-STABLE #0: Wed May 18 16:53:26 BRT 2011 i386 Any suggestions? Thanks, -- Mario Lobo http://www.mallavoodoo.com.br FreeBSD since 2.2.8 [not Pro-Audio YET!!] (99% winblows FREE) -- Mario Lobo http://www.mallavoodoo.com.br FreeBSD since 2.2.8 [not Pro-Audio YET!!] (99% winblows FREE) Mario Lobo http://www.mallavoodoo.com.br FreeBSD since 2.2.8 [not Pro-Audio YET!!] (99% winblows FREE) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
VPN problem
Hi; I've been having this problem closing a VPN behind a FreeBSD 8-STABLE with pf. I have this scenario: home LAN FBSD+pf home INTERNET --- FBSD+pf work --- work LAN MPD VPN server nat on $ext_if from $int_if:network to any - ($ext_if) port 1024:65535 # nat on $ext_if from any to any - ($ext_if) port 1024:65535 obs- it makes no difference which nat rule I use. The problem persists. These are the first 5 pf rules on FBSD+pf home: # pass quick all pass quick on lo0 all # my whole home lan is free pass in quick on $int_if from $int_if:network to any #--- Allow networks to see themselves and dns pass quick from $int_if:network to $int_if:network #--- Allow vpns from anywhere to anywhere pass in quick log on $int_if proto gre from any to any keep state pass in quick log on $int_if proto tcp from any to any port pptp flags S/SA keep state On any attempt to conect to the FBSD+pf work VPN Server from home LAN, I get this (even if I uncomment pass quick all): #mpd5 Multi-link PPP daemon for FreeBSD process 98799 started, version 5.5 (root@Papi 16:55 3-Sep-2011) CONSOLE: listening on 127.0.0.1 5005 web: listening on 127.0.0.1 5006 [B1] Bundle: Interface ng0 created [L1] [L1] Link: OPEN event [L1] LCP: Open event [L1] LCP: state change Initial -- Starting [L1] LCP: LayerStart [L1] PPTP call successful [L1] Link: UP event [L1] LCP: Up event [L1] LCP: state change Starting -- Req-Sent [L1] LCP: SendConfigReq #1 [L1] ACFCOMP [L1] PROTOCOMP [L1] ACCMAP 0x000a [L1] MRU 1486 [L1] MAGICNUM 2d08ae01 [snip..] [L1] LCP: SendConfigReq #10 [L1] ACFCOMP [L1] PROTOCOMP [L1] ACCMAP 0x000a [L1] MRU 1486 [L1] MAGICNUM 2d08ae01 [L1] LCP: parameter negotiation failed [L1] LCP: state change Req-Sent -- Stopped [L1] LCP: LayerFinish [L1] PPTP call terminated [L1] Link: DOWN event [L1] LCP: Close event [L1] LCP: state change Stopped -- Closed [L1] LCP: Down event [L1] LCP: state change Closed -- Initial BUT, on the 9th or 10th attempt, without touching any setting anywhere, the VPN MAY BE established. out of nothing ! Machines (Windows, unix, whatever) behind both FBSD+pfs ALSO have the same problem when trying to close VPN tunnels to outside sites. The FBSD+pf work VPN Server is working fine. My coleagues can conect to it from their homes (NATted cable modems or 3G modems) without problems. I am the only one behind a FBSD+pf router. I installed MPD5 on FBSD+pf home, and copied mpd.conf from my home workstation to it. Without touching a single setting on mpd.conf, the VPN is established from FBSD+pf home (as a client) to FBSD+pf work WITHOUT any hickups on EVERY SINGLE attempt! even I bring it up/down 200 times! And yet, if the FBSD+pf combo is out of the way, (i.e. no NAT!, as is the case of FBSD+pf home as a client) or if I let my cable modem do the NAT/routing, the problem is GONE!. FreeBSD work FreeBSD 8.2-STABLE #0: Mon Aug 22 14:50:42 BRT 2011 amd64 FreeBSD Home FreeBSD FreeBSD 8.2-STABLE #0: Wed May 18 16:53:26 BRT 2011 i386 Any suggestions? -- Mario Lobo http://www.mallavoodoo.com.br FreeBSD since 2.2.8 [not Pro-Audio YET!!] (99% winblows FREE) ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: get rel 9.0 iso
On Thu, 8 Sep 2011 10:31:57 + (GMT), Thomas Mueller wrote: Is that pc that can't boot from memstick old? I have an old PC, dating to July 2001, that can't boot directly from USB, but can boot from USB with the help of Plop (http://www.plop.at/) boot manager. If it doesn't boot directly (even my old 2005 PC has problems with that) try to use PLOP to boot the memstick image. You can easily directly copy it to a USB stick which would then be a bootable media. I think dvd1.iso was 700 MB and would therefore fit on a CD? No that would have been the CD#1; the traditional set of 4 CDs comes with CD#1 installation, CD#2 Live system (can also be used to install via Internet), CD#3 and CD#4 for packages. Those CD images are named disc instead of dvd. You can find them for the current release at ftp://ftp.freebsd.org/pub/FreeBSD/releases/i386/ISO-IMAGES/8.2/ FreeBSD-8.2-RELEASE-i386-bootonly.iso 48,108 KB - CD FreeBSD-8.2-RELEASE-i386-disc1.iso668,928 KB - CD FreeBSD-8.2-RELEASE-i386-dvd1.iso.xz2,017,993 KB - DVD FreeBSD-8.2-RELEASE-i386-livefs.iso 258,216 KB - CD FreeBSD-8.2-RELEASE-i386-memstick.img 936,150 KB - USB Those set of images is typically generated for a RELEASE, not for CURRENT (and its BETA and RC stages). In your case, the 9.0-BETA2 bootonly CD can be used to boot the system and to start the installation via Internet (in case you don't have the option to boot from DVD). My computer from July 2001 had CD-RW but no DVD. This was one of the factors pushing me to buy parts for a new computer. In this case, I'd simply use CD because it seems to be less trouble (just in case USB boot via PLOP doesn't work). You can also go the following road: Install 8.2-RELEASE, do a source upgrade to 9.0-BETA and update your system from source. You'll find details in the FreeBSD Handbook and in /usr/src/Makefile's comment header. -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: get rel 9.0 iso
On Fri, 9 Sep 2011 11:29:28 + (GMT), Thomas Mueller wrote: FreeBSD 8.2 slice on old computer is about 12 GB with 1.3 GB free; RAM is 256 MB. Depending on your particular software needs, a full FreeBSD installation _with_ programs can fit onto an 8 GB slice (or disk) with 50% free space. :-) So a better way to upgrade to 9.0 might be to build on the new computer onto a 16 GB USB stick, I wouldn't even need to keep the ports tree or system source on the USB stick. You should just pay attention to building parameters (see man make.conf and man src.conf) to keep the system in a minimal state, and make sure not to tie it to the hardware characteristics (especially CPU) of the building system. I assume booting a USB stick with Plop would work on the 2001 computer with FreeBSD as it did with NetBSD 4.0.1 and NetBSD-current. Just try it, it should be possible. Due to insufficient RAM and insufficient disk space for the bigger packages/ports, I feel like I'm at the end of the line with FreeBSD, NetBSD too, on the 2001 computer; would need to build on my new computer. Yes, even if the system runs flawlessly, upgrading gets more and more complicated, so maybe migrating to a new machine would be better here. Just an addition: I still run a Pentium (yes, no numbers after the name!) with 150 MHz and 128 MB RAM here as a small server, using FreeBSD/x86 8.2. I did install from CD and then via Internet. Packages are fine to use in this case (see man pkg_add). Depending on _what_ the server does, even this over-obsoleted configuration might fit perfectly well! So I do _no_ claim it's impossible to run and install FreeBSD on older hardware. In fact, it _IS_ possible, maybe just a bit complicated in special cases (e. g. as the P1 server I mentioned does not even have USB, only a CD-ROM drive), but _POSSIBLE_, which may be fully sufficient in some cases. So old iron can still be a valueable citizen of the IT infrastructure. :-) -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Printing from Firefox broken after update.
On Fri, 09 Sep 2011 20:56:18 +0200, Leslie Jensen wrote: 2011-09-09 18:17, Rares Aioanei skrev: On Fri, 09 Sep 2011 17:47:16 +0200 Leslie Jensenles...@eskk.nu wrote: /usr/local/libexec/cups/filter/pdftops failed Does the file exist? Yes! -r-xr-xr-x 1 root wheel 20112 9 Sep 09:12 /usr/local/libexec/cups/filter/pdftops Try to run it manually. Take a PDF file and convert it into PS. Add options you might need for paper size. Example: % /usr/local/libexec/cups/filter/pdftops -paper A4 test.pdf and check the PS output. See man pdftops for details. Maybe it's a dependency problem of pdftops... Note that the normal pdftops binary is provided by the xpdf port. Maybe you can try to update this one too? I'm not sure if CUPS's own binary is in some relation to that port, or is it working independently? -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: portmaster -r libnotify-0 problems
On 09/09/2011 15:13, Scott Ballantyne wrote: I've been trying to update libnotify and libproxy following the instructions in UPDATING, which is to do portmaster -r libnotify-0 This trys to install ghostscript9, and fails. Apparently ghostscript9 conflicts with ghostscript8-8.71_6, which presumably is the reason for the failure. Could someone help me resolve this? The obvious solution of pkg_delete ghostscript8-8.71_6 doesn't work, because too many installed ports depend on ghostscript8-8.71_6. There are two approaches you might take here. Either * replace ghostscript8 with ghostscript9 or * work out why libnotify triggers a dependency on ghostscript9 and try and make it use ghostscript8 (or nothing) instead. The first is a relatively mechanical process, which should work fine from the point of view of doing all the port wrangling, but might result in further ghostscript8 vs ghostscript9 problems down the line. Just run: # portmaster -o print/ghostscript9 ghostscript8- That will change the dependency settings in your /var/db/pkg directory, which may or may not be appropriate for all ghostscript dependent ports, and indeed some may not work at all. (Although I rather doubt the simply not-working thing: functionality between those versions hasn't changed much at all.) The second is a more satisfying fix. Lets see... Try defining WITH_GHOSTSCRIPT_VER=8 in /etc/make.conf (the default is 9 nowadays) -- then try reinstalling libnotify according to the instructions in UPDATING. Read /usr/ports/Mk/bsd.port.mk for the details -- search for GHOSTSCRIPT to find the relevant bits. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate JID: matt...@infracaninophile.co.uk Kent, CT11 9PW signature.asc Description: OpenPGP digital signature
Re: Can't log in as toor since package update
On 09/09/2011 16:27, Paul Keusemann wrote: I am still curious about what has changed in the last couple of weeks though. What do these commands produce: % pw user show -n root % pw user show -n toor --- the default results look like this: root:*:0:0::0:0:Charlie :/root:/bin/csh toor:*:0:0::0:0:Bourne-again Superuser:/root: (be particularly suspicious if the toor line doesn't end in your choice of shell -- a blank value gets you the default shell, which is /bin/sh) Does running # pwd_mkdb -p /etc/master.passwd improve things? Otherwise, did you run mergemaster at all during the last few weeks? Did you run mergemaster without sufficient care and attention when it asked you if it should replace your /etc/master.passwd with the default version from /usr/src? Or perhaps you attempted to merge old and new versions of master.passwd without conspicuous success? If you have managed to make mincemeat out of /etc/master.passwd, fear not. There should be a backup of the old version of file in /var/backups Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate JID: matt...@infracaninophile.co.uk Kent, CT11 9PW signature.asc Description: OpenPGP digital signature
Re: VPN problem
On Friday 09 September 2011 18:11:47 Torsten Kersandt wrote: HI Mario I don't know what the experts are suggesting but I use a table for the VPN addresses To allow nat but block them frm using the server as gateway (use as default gateway disabled in windows) I add the rules dynamically using mpd if-up and if-down scripts All I have in my rules is GRE pass anywhere and nat table to and from where ever Regards Torsten Thanks for replying, Torsten but the problem is way before all these things that you mentioned. I'm wildly guessing here but the problem seems to be inside the NAT mechanism of PF. At least the working/not working situations point to that direction. If I don't find a solution to that soon I am gonna have no choice but to switch to IPFW, which I would not like to do because the queuing mechanisms of pf are extremely useful and handy to my networks. By the way, I also do each item that you mentioned in your post. The funny thing is that there was a time (maybe a couple csups ago) that this problem didn't occur, and I am totally unable to say which csup brought this issue in. Remeber there are 3 FBSDs involved here. -- Mario Lobo http://www.mallavoodoo.com.br FreeBSD since 2.2.8 [not Pro-Audio YET!!] (99% winblows FREE) -Original Message- From: owner-freebsd...@freebsd.org [mailto:owner-freebsd...@freebsd.org] On Behalf Of Mario Lobo Sent: 09 September 2011 20:46 To: freebsd...@freebsd.org Cc: freebsd-questions@freebsd.org Subject: VPN problem Hi; I've been having this problem establishing a VPN behind a FreeBSD 8-STABLE with pf. I have this scenario: home LAN FBSD+pf home INTERNET --- FBSD+pf work --- work LAN MPD VPN server nat rules on FBSD+pf home: nat on $ext_if from $int_if:network to any - ($ext_if) port 1024:65535 # nat on $ext_if from any to any - ($ext_if) port 1024:65535 obs- it makes no difference which nat rule I use. The problem persists. These are the first 5 pf rules on FBSD+pf home: # pass quick all pass quick on lo0 all # my whole home lan is free pass in quick on $int_if from $int_if:network to any #--- Allow networks to see themselves and dns pass quick from $int_if:network to $int_if:network #--- Allow vpns from anywhere to anywhere pass in quick log on $int_if proto gre from any to any keep state pass in quick log on $int_if proto tcp from any to any port pptp flags S/SA keep state On any attempt to connect to the FBSD+pf work VPN Server from home LAN, I get this (even if I uncomment pass quick all): #mpd5 Multi-link PPP daemon for FreeBSD process 98799 started, version 5.5 (root@Papi 16:55 3-Sep-2011) CONSOLE: listening on 127.0.0.1 5005 web: listening on 127.0.0.1 5006 [B1] Bundle: Interface ng0 created [L1] [L1] Link: OPEN event [L1] LCP: Open event [L1] LCP: state change Initial -- Starting [L1] LCP: LayerStart [L1] PPTP call successful [L1] Link: UP event [L1] LCP: Up event [L1] LCP: state change Starting -- Req-Sent [L1] LCP: SendConfigReq #1 [L1] ACFCOMP [L1] PROTOCOMP [L1] ACCMAP 0x000a [L1] MRU 1486 [L1] MAGICNUM 2d08ae01 [snip..] [L1] LCP: SendConfigReq #10 [L1] ACFCOMP [L1] PROTOCOMP [L1] ACCMAP 0x000a [L1] MRU 1486 [L1] MAGICNUM 2d08ae01 [L1] LCP: parameter negotiation failed [L1] LCP: state change Req-Sent -- Stopped [L1] LCP: LayerFinish [L1] PPTP call terminated [L1] Link: DOWN event [L1] LCP: Close event [L1] LCP: state change Stopped -- Closed [L1] LCP: Down event [L1] LCP: state change Closed -- Initial BUT, on the 9th or 10th attempt, without touching any setting anywhere, the VPN MAY BE established. out of nothing ! Machines (Windows, Unix, whatever) behind both FBSD+pfs ALSO have the same problem when trying to close VPN tunnels to outside sites. Sometimes, opening an ssh session from my workstation to FBSD+pf work may help in establishing the VPN. The FBSD+pf work VPN Server is working fine. My colleagues can connect to it from their homes (NATted cable modems or 3G modems) without problems. I am the only one behind a FBSD+pf router. I installed MPD5 on FBSD+pf home, and copied mpd.conf from my home workstation to it. Without touching a single setting on mpd.conf, the VPN is established from FBSD+pf home (as a client) to FBSD+pf work WITHOUT any hiccups on EVERY SINGLE attempt! even I bring it up/down 200 times! And yet, if the FBSD+pf combo is out of the way, (i.e. no NAT!, as is the case of FBSD+pf home as a client) or if I let my cable modem do the NAT/routing, the problem is GONE!. FreeBSD work FreeBSD 8.2-STABLE #0: Mon Aug 22 14:50:42 BRT 2011 amd64 FreeBSD Home FreeBSD FreeBSD 8.2-STABLE #0: Wed May 18 16:53:26 BRT 2011 i386 Any suggestions? Thanks, ___ freebsd-questions@freebsd.org
Re: VPN problem
On Friday 09 September 2011 19:03:27 Torsten Kersandt wrote:
Hi
TUN and NG connections are not present at the time you start your server
and rules for such interfaces are not applicable to PF
You're right, but on the client end that is trying to conect to that server
behind a pf firewall, nat rules DO apply, and on my tests I can see for sure
that when I take NAT out of the picture, the VPN tunnel is established.
The is there the if up and if down functions of MPD come into place unless
you use IP Address/network specific rules.
One server I have in the if-up script:
/etc/rc.d/pf resync
/sbin/pfctl -t if_pptp -T add ${4}
I do all that! in fact even go beyond and use the linkup/down scripts to
create a log on the server of which user(s) is(are) conected to the VPN, from
which public IP, with which ng interface, at what time/date they logged in and
and logged out.
And it works perfectly fine including on the secondary MPD instance (bound
to IP address) allowing usage as default gateway functions.
Like I said before:
The FBSD+pf work VPN Server is working fine. My colleagues can connect to
it from their homes (NATted cable modems or 3G modems) without problems.
Other than that I think you will have to go down the bridging line.
I may be corrected bu others :-)
Regards
Torsten
Thanks again, Torsten. I think this issue seems to lie deeper that just pf
rules and link scripts
--
Mario Lobo
http://www.mallavoodoo.com.br
FreeBSD since 2.2.8 [not Pro-Audio YET!!] (99% winblows FREE)
-Original Message-
From: owner-freebsd...@freebsd.org [mailto:owner-freebsd...@freebsd.org] On
Behalf Of Mario Lobo
Sent: 09 September 2011 22:53
To: freebsd...@freebsd.org
Cc: freebsd-questions@freebsd.org
Subject: Re: VPN problem
On Friday 09 September 2011 18:11:47 Torsten Kersandt wrote:
HI Mario
I don't know what the experts are suggesting but I use a table for the
VPN addresses
To allow nat but block them frm using the server as gateway (use as
default gateway disabled in windows)
I add the rules dynamically using mpd if-up and if-down scripts
All I have in my rules is GRE pass anywhere and nat table to and from
where ever
Regards
Torsten
Thanks for replying, Torsten but the problem is way before all these things
that you mentioned. I'm wildly guessing here but the problem seems to be
inside the NAT mechanism of PF. At least the working/not working situations
point to that direction.
If I don't find a solution to that soon I am gonna have no choice but to
switch to IPFW, which I would not like to do because the queuing mechanisms
of
pf are extremely useful and handy to my networks.
By the way, I also do each item that you mentioned in your post.
The funny thing is that there was a time (maybe a couple csups ago) that
this
problem didn't occur, and I am totally unable to say which csup brought
this
issue in. Remeber there are 3 FBSDs involved here.
-Original Message-
From: owner-freebsd...@freebsd.org [mailto:owner-freebsd...@freebsd.org]
On
Behalf Of Mario Lobo
Sent: 09 September 2011 20:46
To: freebsd...@freebsd.org
Cc: freebsd-questions@freebsd.org
Subject: VPN problem
Hi;
I've been having this problem establishing a VPN behind a FreeBSD
8-STABLE with pf.
I have this scenario:
home LAN FBSD+pf home INTERNET --- FBSD+pf work --- work LAN
MPD VPN server
nat rules on FBSD+pf home:
nat on $ext_if from $int_if:network to any - ($ext_if) port 1024:65535
# nat on $ext_if from any to any - ($ext_if) port 1024:65535
obs- it makes no difference which nat rule I use. The problem persists.
These are the first 5 pf rules on FBSD+pf home:
# pass quick all
pass quick on lo0 all
# my whole home lan is free
pass in quick on $int_if from $int_if:network to any
#--- Allow networks to see themselves and dns
pass quick from $int_if:network to $int_if:network
#--- Allow vpns from anywhere to anywhere
pass in quick log on $int_if proto gre from any to any keep state
pass in quick log on $int_if proto tcp from any to any port pptp flags
S/SA
keep state
On any attempt to connect to the FBSD+pf work VPN Server from home LAN,
I get this (even if I uncomment pass quick all):
#mpd5
Multi-link PPP daemon for FreeBSD
process 98799 started, version 5.5 (root@Papi 16:55 3-Sep-2011)
CONSOLE: listening on 127.0.0.1 5005
web: listening on 127.0.0.1 5006
[B1] Bundle: Interface ng0 created
[L1] [L1] Link: OPEN event
[L1] LCP: Open event
[L1] LCP: state change Initial -- Starting
[L1] LCP: LayerStart
[L1] PPTP call successful
[L1] Link: UP event
[L1] LCP: Up event
[L1] LCP: state change Starting -- Req-Sent
[L1] LCP: SendConfigReq #1
[L1] ACFCOMP
[L1] PROTOCOMP
[L1] ACCMAP 0x000a
[L1]
RE: VPN problem
Hi
TUN and NG connections are not present at the time you start your server and
rules for such interfaces are not applicable to PF
The is there the if up and if down functions of MPD come into place unless
you use IP Address/network specific rules.
One server I have in the if-up script:
/etc/rc.d/pf resync
/sbin/pfctl -t if_pptp -T add ${4}
And it works perfectly fine including on the secondary MPD instance (bound
to IP address) allowing usage as default gateway functions.
Other than that I think you will have to go down the bridging line.
I may be corrected bu others :-)
Regards
Torsten
-Original Message-
From: owner-freebsd...@freebsd.org [mailto:owner-freebsd...@freebsd.org] On
Behalf Of Mario Lobo
Sent: 09 September 2011 22:53
To: freebsd...@freebsd.org
Cc: freebsd-questions@freebsd.org
Subject: Re: VPN problem
On Friday 09 September 2011 18:11:47 Torsten Kersandt wrote:
HI Mario
I don't know what the experts are suggesting but I use a table for the VPN
addresses
To allow nat but block them frm using the server as gateway (use as
default gateway disabled in windows)
I add the rules dynamically using mpd if-up and if-down scripts
All I have in my rules is GRE pass anywhere and nat table to and from
where ever
Regards
Torsten
Thanks for replying, Torsten but the problem is way before all these things
that you mentioned. I'm wildly guessing here but the problem seems to be
inside the NAT mechanism of PF. At least the working/not working situations
point to that direction.
If I don't find a solution to that soon I am gonna have no choice but to
switch to IPFW, which I would not like to do because the queuing mechanisms
of
pf are extremely useful and handy to my networks.
By the way, I also do each item that you mentioned in your post.
The funny thing is that there was a time (maybe a couple csups ago) that
this
problem didn't occur, and I am totally unable to say which csup brought this
issue in. Remeber there are 3 FBSDs involved here.
--
Mario Lobo
http://www.mallavoodoo.com.br
FreeBSD since 2.2.8 [not Pro-Audio YET!!] (99% winblows FREE)
-Original Message-
From: owner-freebsd...@freebsd.org [mailto:owner-freebsd...@freebsd.org]
On
Behalf Of Mario Lobo
Sent: 09 September 2011 20:46
To: freebsd...@freebsd.org
Cc: freebsd-questions@freebsd.org
Subject: VPN problem
Hi;
I've been having this problem establishing a VPN behind a FreeBSD 8-STABLE
with pf.
I have this scenario:
home LAN FBSD+pf home INTERNET --- FBSD+pf work --- work LAN
MPD VPN server
nat rules on FBSD+pf home:
nat on $ext_if from $int_if:network to any - ($ext_if) port 1024:65535
# nat on $ext_if from any to any - ($ext_if) port 1024:65535
obs- it makes no difference which nat rule I use. The problem persists.
These are the first 5 pf rules on FBSD+pf home:
# pass quick all
pass quick on lo0 all
# my whole home lan is free
pass in quick on $int_if from $int_if:network to any
#--- Allow networks to see themselves and dns
pass quick from $int_if:network to $int_if:network
#--- Allow vpns from anywhere to anywhere
pass in quick log on $int_if proto gre from any to any keep state
pass in quick log on $int_if proto tcp from any to any port pptp flags
S/SA
keep state
On any attempt to connect to the FBSD+pf work VPN Server from home LAN,
I get this (even if I uncomment pass quick all):
#mpd5
Multi-link PPP daemon for FreeBSD
process 98799 started, version 5.5 (root@Papi 16:55 3-Sep-2011)
CONSOLE: listening on 127.0.0.1 5005
web: listening on 127.0.0.1 5006
[B1] Bundle: Interface ng0 created
[L1] [L1] Link: OPEN event
[L1] LCP: Open event
[L1] LCP: state change Initial -- Starting
[L1] LCP: LayerStart
[L1] PPTP call successful
[L1] Link: UP event
[L1] LCP: Up event
[L1] LCP: state change Starting -- Req-Sent
[L1] LCP: SendConfigReq #1
[L1] ACFCOMP
[L1] PROTOCOMP
[L1] ACCMAP 0x000a
[L1] MRU 1486
[L1] MAGICNUM 2d08ae01
[snip..]
[L1] LCP: SendConfigReq #10
[L1] ACFCOMP
[L1] PROTOCOMP
[L1] ACCMAP 0x000a
[L1] MRU 1486
[L1] MAGICNUM 2d08ae01
[L1] LCP: parameter negotiation failed
[L1] LCP: state change Req-Sent -- Stopped
[L1] LCP: LayerFinish
[L1] PPTP call terminated
[L1] Link: DOWN event
[L1] LCP: Close event
[L1] LCP: state change Stopped -- Closed
[L1] LCP: Down event
[L1] LCP: state change Closed -- Initial
BUT, on the 9th or 10th attempt, without touching any setting anywhere,
the
VPN MAY BE established. out of nothing ! Machines (Windows, Unix,
whatever)
behind both FBSD+pfs ALSO have the same problem when trying to close VPN
tunnels to outside sites.
Sometimes, opening an ssh session from my workstation to FBSD+pf work may
help in establishing the VPN.
The FBSD+pf work VPN Server is working fine. My colleagues can connect to
it
from their homes (NATted
