newsyslog refused to work
Hi folks, Apparently newsyslog refuses to rotate any file, if there is a single bad line in newsyslog.conf, e.g. newsyslog: /etc/newsyslog.conf:7: unknown user: uucp I would suggest to ignore the bad line, but rotate the other log files as usual. Regards Harri
Re: WireGuard will make OpenIKED obsolete?
On 14/07/17 02:50, if...@airmail.cc wrote: > Hi, > I have recently read about WireGuard Protocol and it seems really > interesting. Here's a description (from wireguard.io): It's interesting indeed. In advance in their roadmap they say: "Eventually we'll work with OpenBSD to produce a component for their kernel ..." https://www.wireguard.io/roadmap/ G
Brightness-keys on Thinkpad T460
Hi, I installed now OpenBSD on my Thinkpad T460 and some of the media-keys don't work. The only keys that work are XF86AudioMute, XF86AudioRaiseVolume and XF86AudioLowerVolume. The other keys do not even register, when I use xev. Any ideas where I could look further? Especially annoying are the brightness-keys. Thus I thought I write a script that will set the brightness for me. Since xbacklight tells me "No outputs have backlight property", I am using wsconsctl #!/bin/sh level=`wsconsctl -n display.brightness | sed s/\%// | awk -F . '{print $1}'` echo $level echo $1 nlevel=`echo $level+$1 | bc` echo $nlevel wsconsctl display.brightness=$nlevel I added in the doas.conf: permit nopass user cmd sh args /home/user/bin/backlight.sh * And it works fine when I use it in a terminal. But when I use it in the xfce-keyboard-shortcuts like: /usr/bin/doas /bin/sh /home/nik/bin/backlight.sh -10 with shift+super+j nothing happens. Why could that be? Niels
Restoring /altroot
Hi misc@. I wonder how to restore from an /altroot backup? (I missed that pax -r happily writes absolute paths and wrote over /etc from a backup file of another machine) Is it to dd(1) back all but the first 16 blocks - the reverse of what daily(8) does? Is that all that is needed? (I missed to skip the first 16 blocks, and I used the block devices instead of the character devices. The result was a vegetable, and would like to understand which of my mistakes that were fatal.) Best regards -- / Raimo Niskanen, Erlang/OTP, Ericsson AB
rdomain and loopback ifs
Hey, Not sure if this already known, but while creating rdomain shell# ifconfig vmx5 rdomain 1 OS assumes that for this particular domain number 1, lo1 will be used as a ”glue” between domains. However, it is not checked if this loopback is already within any rdomain. I my case, it is yet another loopback, configured in rdomain 0. lo1: flags=8049mtu 32768 description: DNS_ANYCAST index 32 priority 0 llprio 3 groups: lo inet 10.30.30.10 netmask 0x The command ' ifconfig vmx5 rdomain 1’ will fail with ifconfig: SIOCSIFRDOMAIN: File exists Is this a minor ”leftover” ? Also, ifconfig does not contain ’-rdomain’ flag. Is it intentionally? Br
Re: BGP vpnv4 prefixes in RIB, not in FIB
Here some additional commands to my previous output # bgpctl sho fib table 1 flags: * = valid, B = BGP, C = Connected, S = Static, D = Dynamic N = BGP Nexthop reachable via this route R = redistributed r = reject route, b = blackhole route flags prio destination gateway *1 10.10.10.10/32 10.10.10.10 *C 0 127.0.0.0/8 link#0 *C R 4 192.168.35.0/24 link#3 *C 0 ::1/128 link#0 # bgpctl show rib VPNv4 flags: * = Valid, > = Selected, I = via IBGP, A = Announced, S = Stale origin: i = IGP, e = EGP, ? = Incomplete flags destination gateway lpref med aspath origin AI*> rd 100:1 192.168.35.0/24 rd 0:0 0.0.0.0 100 0 i I*> rd 100:1 192.168.41.0/24 1.1.1.1100 0 ? -- View this message in context: http://openbsd-archive.7691.n7.nabble.com/BGP-vpnv4-prefixes-in-RIB-not-in-FIB-tp321665p322707.html Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: BGP vpnv4 prefixes in RIB, not in FIB
I have exactly same problem. Here is my simply setup: R1(PE,Cisco, lo 1.1.1.1)---R2(P, Cisco, lo 2.2.2.2)--R3(PE, OpenBSD6.1, lo0 3.3.3.3) Everything works good, VPNv4 prefixes learned from other PE-router, but OpenBSD don't install this routes to appropriate routing table. Here is config files: # cat /etc/ospfd.conf router-id 3.3.3.3 area 0.0.0.0 { interface vio1 interface lo0 } # cat /etc/ldpd.conf address-family ipv4 { interface vio1 } # cat /etc/bgpd.conf router-id 3.3.3.3 AS 100 rdomain 1 { descr "CUSTOMER1" rd 100:1 import-target rt 100:1 export-target rt 100:1 depend on mpe0 network inet connected } group ibgp { announce IPv4 unicast announce IPv4 vpn remote-as 100 local-address 3.3.3.3 neighbor 1.1.1.1 { descr R1 } } Here is my output: # ospfctl show neighbor ID Pri StateDeadTime Address Iface Uptime 2.2.2.2 1 FULL/DR 00:00:31 10.10.23.2 vio1 00:17:44 # ldpctl show neighbor AF ID State Remote AddressUptime ipv4 2.2.2.2 OPERATIONAL 2.2.2.2 00:18:39 # ldpctl show lib AF Destination Nexthop Local Label Remote Label In Use ipv4 1.1.1.1/32 2.2.2.2 16 16 yes ipv4 2.2.2.2/32 2.2.2.2 17 imp-null yes ipv4 3.3.3.3/32 2.2.2.2 imp-null17no ipv4 10.10.12.0/242.2.2.2 18 imp-null yes ipv4 10.10.23.0/242.2.2.2 imp-nullimp-null no ipv4 192.168.1.0/24 0.0.0.0 imp-null- no ipv6 2002::/240.0.0.0 19 - no ipv6 2002:7f00::/24 0.0.0.0 20 - no ipv6 2002:e000::/20 0.0.0.0 21 - no ipv6 2002:ff00::/24 0.0.0.0 22 - no # ldpctl show fib Flags: C = Connected, S = Static Prio Destination Nexthop Local Label Remote Label S 8 0.0.0.0/0192.168.1.1 - - 32 1.1.1.1/32 10.10.23.21616 32 2.2.2.2/32 10.10.23.217imp-null C 1 3.3.3.3/32 3.3.3.3 imp-null - 32 10.10.12.0/2410.10.23.218imp-null C 4 10.10.23.0/2410.10.23.3imp-null - C 4 192.168.1.0/24 192.168.1.13 imp-null - S 8 ::/96::1 - - S 8 ::/104 ::1 - - C 1 ::1/128 ::1 - - S 8 ::127.0.0.0/104 ::1 - - S 8 ::224.0.0.0/100 ::1 - - S 8 ::255.0.0.0/104 ::1 - - S 8 :::0.0.0.0/96::1 - - S 8 2002::/24::1 19- S 8 2002:7f00::/24 ::1 20- S 8 2002:e000::/20 ::1 21- S 8 2002:ff00::/24 ::1 22- S 8 fe80::/10::1 - - 1 fe80::1%lo0/128 fe80::1%lo0 - - S 8 fec0::/10::1 - - S 8 ff01::/16::1 - - 4 ff01::%lo0/32::1 - - S 8 ff02::/16::1 - - 4 ff02::%lo0/32::1 - - # bgpctl show summary Neighbor ASMsgRcvdMsgSent OutQ Up/Down State/PrfRcvd R1100 38 42 0 00:19:56 1 # bgpctl show tables Table Description State 0 Loc-RIB coupled 1 CUSTOMER1coupled # bgpctl show rib flags: * = Valid, > = Selected, I = via IBGP, A = Announced, S = Stale origin: i = IGP, e = EGP, ? = Incomplete flags destination gateway lpref med aspath origin AI*> rd 100:1 192.168.35.0/24 rd 0:0 0.0.0.0 100 0 i I*> rd 100:1 192.168.41.0/24 1.1.1.1100 0 ? # bgpctl show rib detail BGP routing table entry for rd 100:1 192.168.35.0/24 Nexthop rd 0:0 0.0.0.0 (via rd 0:0 0.0.0.0) from LOCAL (3.3.3.3) Origin IGP, metric 0, localpref 100, weight 0, internal, valid, best, announced Last update: 00:22:18 ago Ext. communities: rt 100:1 BGP routing table entry for rd 100:1 192.168.41.0/24 Nexthop 1.1.1.1 (via 10.10.23.2) from R1 (1.1.1.1) Origin incomplete, metric 0, localpref 100, weight 0, internal, valid, best Last update: 00:22:18 ago Ext. communities: rt 100:1 # bgpctl show rib community 100:1 flags: * = Valid, > = Selected, I =
IPv6 with wide-dhcpv6
Comcast provides me with IPv6 via DHCPv6, which I've finally tried to configure on my OpenBSD 6.1 router. I am having difficulty maintaining my IPv6 public IP address when using the wide-dhcpv6 package when in client mode. Specifically, when the pltime/vltime goes to zero, the address is removed from the interface but dhcp6c doesn't seem interested in renewing either before or after this happens until I manually send it a HUP. When running tcpdump, I see the following RA packet(s) but do not see the prefixes in my routing table. 13:27:09.986879 fe80::201:5cff:fe86:7046 > ff02::1: icmp6: router advertisement(chlim=0, MO, pref=medium, router_ltime=1800, reachable_time=360, retrans_time=1000)(prefix info: valid_ltime=604800, preferred_ltime=302400, prefix=2001:558:4083:17::/64)(prefix info: valid_ltime=604800, preferred_ltime=302400, prefix=2001:558:5018:69::/64)(prefix info: valid_ltime=604800, preferred_ltime=302400, prefix=2001:558:6020:117::/64)(prefix info: valid_ltime=604800, preferred_ltime=302400, prefix=2001:558:8026:22::/64) [icmp6 cksum ok] (len 144, hlim 255) Several questions: - Have I configured something wrong? - Should the RA prefixes appear in my routing table? Is this related at all to my issues? - I plan to get prefix delegation going eventually, are there any other surprises to worry about? - Is there a security/quality preference between wide-dhcpv6 and dhcpcd? I notice that dhcp6c doesn't appear to support a dedicated chroot/user... - Does the project have any near-term plans to write a DHCPv6 daemon to live in base? Happy to provide further info; thanks in advance for any feedback. --david
Re: Restoring /altroot
On 07/14/17 09:00, Raimo Niskanen wrote: > Hi misc@. > > I wonder how to restore from an /altroot backup? > > (I missed that pax -r happily writes absolute paths and wrote over > /etc from a backup file of another machine) > > > Is it to dd(1) back all but the first 16 blocks - the reverse of what > daily(8) does? Is that all that is needed? don't... > (I missed to skip the first 16 blocks, and I used the block devices instead > of the character devices. The result was a vegetable, and would like to > understand which of my mistakes that were fatal.) yeah, that's why. It CAN work, but ... it is the hard way and it's error prone. better way: let's say sd1k is your /altroot... # mount /dev/sd1k /altroot now...it's just a normal file system on a normal place. Copy out whatever you want. umount it when done, please. Nick.
Re: newsyslog refused to work
Harald Dunkelwrites: > Hi folks, > > Apparently newsyslog refuses to rotate any file, if there > is a single bad line in newsyslog.conf, e.g. > > newsyslog: /etc/newsyslog.conf:7: unknown user: uucp > > I would suggest to ignore the bad line, but rotate the > other log files as usual. Thanks for mentioning this, we're discussing the topic on tech@: https://marc.info/?l=openbsd-tech=150006341015931=2 -- jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE