Re: Oracle, anyone?
Monday, December 5, 2005, 12:49:21 AM, you wrote: FP Has anyone got Oracle 10g working on OpenBSD 3.8? FP What is the general consensus of running Oracle on OpenBSD? Bad idea, use Linux instead. Incidentally, I ask audience, have anyone port oracle7 client (API) like in FreeBSD? :) I don't need Oracle on OpenBSD, but an libraries to build perl DBD::Oracle. I've got oracle7 from FreeBSD and install DBD::Oracle, but after that I've got a problem while running script that only connects to Oracle: /usr/bin/perl: /usr/local/libdata/perl5/site_perl/i386-openbsd/auto/DBD/Oracle/Oracle.so: can't resolve reference '_DefaultRuneLocale' /usr/bin/perl: /usr/local/libdata/perl5/site_perl/i386-openbsd/auto/DBD/Oracle/Oracle.so: can't resolve reference '_CurrentRuneLocale' Segmentation fault (core dumped) -- Sincerely, Dennis
Re: multiple Local-IDs for isakmpd
On 5 dec 2005, at 02.57, Brian A. Seklecki wrote: I opened a PR on this earlier this year. Seach my last name in query-pr. The Cisco 3000 supports SA Proposals with multiple discontiguous subnets. The IKE protocol does not. In fact subnets are not part of SA proposals. (They're phase2 IDs.) One IPsec tunnel cannot manage more than one set of network to network traffic. If you have two subnets at each site, you'll need to configure four tunnels, etc. For the problem at hand, one specifies multiple entries in [Phase 2]:Connections, plus their config sections. There, multiple discontigous subnets. :) (Granted, isakmpd configuration could (like Cisco) support an easier way of configuring multiple networks. This may happen someday.) You could also take a look at ipsecctl(8). /H On Tue, 2005-06-07 at 20:54, Tamas TEVESZ wrote: hi, i have a situation where a branch office with multiple, non-overlapping, non-aggregatable local networks need to connect to the head office, via an ipsec tunnel. of course, the security gateway is also acting as a gateway to the internet (nat and the usual collateral stuff), and, as a matter of fact, some of the local networks are connected to it via openvpn (that is, it itself is a vpn concentrator of sorts, for openvpn tunnels). rough sketch: -- branch office -- | | -- head office -- | | 172.16.187.0/24 - | | 172.19.47.0/24 \ +---+ | | +---+ +- |security gw| - (ipsec tun) - |security gw| - ... 192.168.114.0/24 / ++--+ | | +---+ 192.168.2.0/24 - | \ (internet etc..) it may also be the case that at the head office end, there will be more than one hosts/networks to be accessed, this is not clarified yet. i am not in control of the head office's concentrator, but i know that they are using a cisco 3060. how is this realized within isakmpd's configuration? i already have tried putting more than one ipv4_addr_subnets into the ipsec-id section, and even more than one ipsec-id section, but isakmpd throw them out (not surprise). if this cannot be realized within isakmpd, what other options do i have? pf route-tos/reply-tos are about the only thing i can think of... anything else? tia, /H
Re: Problem with Realtek 8139 in very old machine
On Mon, Dec 05, 2005 at 12:07:33AM -0200, Giancarlo Razzolini wrote: Ted Unangst wrote: put it in a different slot. On 12/1/05, Giancarlo Razzolini [EMAIL PROTECTED] wrote: Hi Folks, I'm building a firewall solution to my home network on top of OpenBSD. The machine that i'm using is a very old Pentium 133Mhz, with only 40MB of RAM (EDO), 4 PCI ports and 5 ISA ports. I do have my VGA card (a trident TGUI) on one PCI, and a Realtek 8139 os other PCI port. The problem that i'm having is that i managed to install openbsd correctly, and it detects my ethernet card correctly, but it can initializate the device. As i don't have network, i can't put a full dmesg here, but it is something like this that shows to me: rl0 XXX no interrupt for pin A : couldn't map interrupt The rl(4) man page only says that it is A fatal initialization error has occurred. I did some homework and found some guys saying to deactivate plug and play (my BIOS don't have this, instead i deactivated auto irq mappings), other guys saying to deactivate the serial ports. I've done these both, with no success. I've even replaced the card for one that i was sure that was working, with no success. If any of you gurus have some hint for this, i would be vary glad. Perhaps, deactivate the automatic detection, and passing some arguments to the kernel. I don't know. A, by the way, my BIOS only let me to assign IRQ's 14 or 15 to the PCI port where the Realtek is. 14 is currently used for my IDE controller. I know that the ethernet card can share the same IRQ with the IDE controller, but i don't know if the other way arround is true. And if i force some IRQ, my machine doesn't even pass the BIOS checks, and freezes. First of all i would like to thank everybody that replyed. I tried putting it on a different slot, and i did something more radical. i've installed a slackware linux in the machine, and it gave me the same error. The kernel said to me to try to boot it with the pci=biosirq option. I did it, and i got a big kernel panic. I'm almost losing my hopes. The thing that is most painful is that it had a windows 98 installed on the machine before putting openbsd or the linux. And the realtek was working. I hate PnP. Well, i'll try to erase the bios, but i've already tried using the nic, on every slot. My last option will be to get 2 ISA cards, and try then. Thanks for all you pals. It really helped me a lot. I've only foung this kind of support in the slackware mail lists. I heard that the OpenBSD communty was very good, and now i know why. Looks like *something* is wonky. You could try another card, or this card in another machine, if you want to have a go at isolating the problem. For a more practical solution, ask around a bit and install your firewall on the best machine you've been offered after a couple of weeks. It's likely to be much better than what you have now, from my experience. Joachim
Re: Help with lpd and XP
Same issue when using the CUPS LPD daemon so it's not an LPD thing, surprise surprise it looks like a Windows thing. Greg Thomas wrote: On 12/4/05, Steve Murdoch [EMAIL PROTECTED] wrote: Any issues I had printing from XP went away when I enabled LPR Byte counting in the LPR port settings. Any ideas why that is? Greg
First to Know Bulletin for December 5, 2005
Medical Breakthroughs: First to Know Reported by Ivanhoe Broadcast News Click here to search Ivanhoe.com Letter from the President December 5, 2005 Boycott Butter! Having celebrated two Thanksgivings -- one with my family and one with my husband's family -- we are now joining the diet crowd so we don't put on the 10 pounds many of us tend to gain during the holiday season. For some excellent tips on what to eat and drink to stay fit for the holidays, see our story this week on what nutritionist Tejal Parekh, R.D., of M. D. Anderson Cancer Center has to say on this topic. Though he says to forgo the butter, you'll be pleased to know you don't have to give up the mashed potatoes or dessert... With more and more people fighting the battle of the bulge, Stanford University surgeon, Myriam Curet, M.D., is one of the first in the country using a $1 million robot to help perform laparoscopic gastric bypass surgery. Read this week's report to learn more about this delicate robotic surgery that Dr. Curet says is safer, easier and more precise. Since eating certain foods may be one of the environmental factors that affects type 1 diabetes patients, make sure you also see our in-depth doctor's interview with William Hagopian, M.D., Ph.D., about what he's discovering in the Environmental Determinants in Diabetes of the Young (TEDDY) study. The discovery process is also happening at the University of Vermont where Helene Langevin, M.D., is uncovering remarkable clues about what happens during acupuncture and at the University of Michigan where doctors have found a combination of state-of-the-art chemo and radiation that is helping liver cancer patients live longer than expected. You may want to check out two special reports in our fee-based Archives. One is our September 2005 report, The Scientific Mystery of Sleep, and the other is Simpler Blood Thinning Medication Prevents Strokes. Premium Content in the Archives may be purchased for as little as $9 for 24-hour, unlimited access. If you would like to access Premium Content for the first time click here. Finally, if you're interested in an alternative to heart bypass surgery and creating new channels of blood around your heart, read about a special exercise done in bed that is showing improvement in 85 percent of the patients being studied. Having a new chance at life without surgery sounds good to me! And there's more where that came from... Marjorie Marjorie Bekaert Thomas President, Ivanhoe Broadcast News It's a helluva start, being able to recognize what makes you happy. --Lucille Ball Click here to get Ivanhoe's Medical Headline RSS feed Also In This Issue... Small Amounts of Alcohol Reduce Obesity In Vitro Fertilization and Birth Defects Drink Heavily or Not at All? Uncontrolled High Blood Pressure is a High-Risk Condition Commercialized Sex Doubles What Causes Chronic Fatigue Discussion Groups: Smart Woman: When Diets Go Too Far Breakthrough Medical Web Sites Listing DBIS Home Click to View the Latest Video Clips Click here to watch the video Click here to watch the video Click here to watch the video Smart Woman Home Click here to read the story Click here to read the story Click here to read the story Smart Woman Home Laughter is the Best Medicine! To post a joke or saying, click here! Do you want to be a part of the Ivanhoe news network? Click here to read letters to the Webdoctor.We are interested in learning of the latest science-related research and discoveries, including astronomy, chemistry, computer and earth science, engineering, optics and physics. Please e-mail Stephanie Pancratz, Managing Editor, at [EMAIL PROTECTED] Submit Story Ideas! E-mail us at [EMAIL PROTECTED] Has this site saved your life or the life of someone you know? E-mail us at [EMAIL PROTECTED] What do you think about Ivanh oe? E-mail us at [EMAIL PROTECTED] E-mail a Friend To stop receiving the First to Know Bulletin, click here and unsubscribe your e-mail address. What's New | News Flash | Discussion | Search/Archives | Ivanhoe FAQ E-mail Medical Ale rts! | Our TV Partners | Awards | Useful Links | Play It Again, Please Contents ) 1995-2005 Ivanhoe Broadcast News, Inc. No part of this newsletter may be reproduced without permission.
Re: disk encryption on login
Alexander Farber wrote: I have one suggestion: if a user logs in and the path to home dir in the /etc/passwd is actually pointing to a file, then it is encrypted Ok, maybe not so excellent, because where that would be mounted :-/ In the parent directory: /home/lbruno/image.vnd - /home/lbruno/
Re: Fwd: Re: KWordd - correction
On Sun, Dec 04, 2005 at 06:03:39PM -0500, Dave Feustel wrote: If I were not running OpenBSD, the comments by Dave Faure below would lead me to believe that my freshly installed (supposedly) single-user OpenBSD 3.8 system has been penetrated and the penetrating perp is rattling my cage. :-) Does anyone else have ideas about what is causing this? (I'm also getting other odd error messages. See the log at the end of the post. Note the OpenSSL-related messages. As far as I know, I'm not making use of ssl right now. Any insight as to what's going on will be appreciated. Thanks, Dave Feustel Hmm, no responses. I do not personally have a clue what could be the problem, but it looks like installation didn't work as well as expected (c.q. some links are not resolvable). Where did you get this from? Is it a package from 3.8-release on a 3.8-release system? Joachim
Can't use TCP SYN Proxy on CARP interface.
Is there a reason that I don't understand why TCP SYN Proxy wouldn't work on a CARP interface? If I run a web server on a physical interface with pass in on $ext_if proto tcp from any to $web_server port www \ flags S/SA synproxy state will work as explain in the FaQ, but if I try to do the same where I run the web server on a CARP interface it wouldn't accept it. Something like: pass in on $ext_if proto tcp from any to carp1 port www \ flags S/SA synproxy state will not work but this would: pass in on $ext_if proto tcp from any to carp1 port www May be I am trying to do something that makes no sense, but I thought it should work, so that I could in the end use additional filtering and limits with pass in on $ext_if proto tcp from any to carp1 port www \ flags S/SA synproxy state \ (max 200, source-track rule, max-src-nodes 100, max-src-states 3)
Re: Problem with Realtek 8139 in very old machine
Joachim Schipper wrote: Looks like *something* is wonky. You could try another card, or this card in another machine, if you want to have a go at isolating the problem. For a more practical solution, ask around a bit and install your firewall on the best machine you've been offered after a couple of weeks. It's likely to be much better than what you have now, from my experience. Joachim Thanks. I already putted my hands on some ISA nic's and on some PCI nic's from other vendors, and will try them all. Unfortunately, i have to sticky with this solution, because i want to build a very low budget firewall, only for my home needs (5 machines). But thanks for the reply. -- Giancarlo Razzolini Linux User 172199 Moleque Sem Conteudo Numero #002 Slackware Current Snike Tecnologia em Informatica 4386 2A6F FFD4 4D5F 5842 6EA0 7ABE BBAB 9C0E 6B85
3.8 userland build fails on amd64 and sparc64
After extracting sources from the cd, checking out current, building installing and booting from the new kernel, make build fails. The error message indicates that xargs is being called with an unsupported argument, -r as I recall. If I then just build and install xargs the make build completes. This has happened now on both a sparc64 and an amd64 machine.
Re: 3.8 userland build fails on amd64 and sparc64
On Mon, 5 Dec 2005, Dag Richards wrote: After extracting sources from the cd, checking out current, building installing and booting from the new kernel, make build fails. The error message indicates that xargs is being called with an unsupported argument, -r as I recall. If I then just build and install xargs the make build completes. This has happened now on both a sparc64 and an amd64 machine. Always be sure to read http://www.openbsd.org/faq/current.html when following -current. -Otto
Re: 3.8 userland build fails on amd64 and sparc64
After extracting sources from the cd, checking out current, building installing and booting from the new kernel, make build fails. The error message indicates that xargs is being called with an unsupported argument, -r as I recall. If I then just build and install xargs the make build completes. This has happened now on both a sparc64 and an amd64 machine. You should take a look at http://www.openbsd.org/faq/current.html#20050927 .
Re: 3.8 userland build fails on amd64 and sparc64
On Mon, 05 Dec 2005 06:59:07 -0800 Dag Richards [EMAIL PROTECTED] wrote: After extracting sources from the cd, checking out current, building installing and booting from the new kernel, make build fails. The error message indicates that xargs is being called with an unsupported argument, -r as I recall. If I then just build and install xargs the make build completes. This has happened now on both a sparc64 and an amd64 machine. http://www.openbsd.org/faq/current.html#20050927 -- Security is decided by quality -- Theo de Raadt [demime 1.01d removed an attachment of type application/pgp-signature]
Re: 3.8 userland build fails on amd64 and sparc64
Dag Richards [EMAIL PROTECTED] wrote: After extracting sources from the cd, checking out current, building installing and booting from the new kernel, make build fails. The error message indicates that xargs is being called with an unsupported argument, -r as I recall. If I then just build and install xargs the make build completes. This has happened now on both a sparc64 and an amd64 machine. Read http://www.openbsd.org/faq/current.html, doh.
PF NAT Address Pool Source Interface
All: It may seem rudimentary, but no where in the FAQ or man pages is it explicitly stated that the source address or address pool of a NAT translation must be assigned to an interface. Obviously it can be either be a primary address (such as 99.9% of the PAT configurations on the Internet) or a series of IP Aliases assigned. Further more, It doesn't actually state or recommend which interface the translated addresses should be assigned. Technically, it's irrelevant. In practice, it depends greatly on the overall network configuration (specifically, routing). As long as other hosts in the network know a discrete route to the subnet of the translated hosts via any interface on the device doing the translation. The translation occurs to the packet's source address as it leaves the outbound interface (the one explicitly defined to the right of the - in the pf.conf(5) rule), so one might casually assume to assign the pool/address there; however in my tests, I've found that It can be assigned to the same interface as the subnet being translated. However, if a translation rule in pf.conf(5) exists but the destination address/pool (the address to be translated to, not the optional destination CIDR mask), OpenBSD will still happily transmit a translated packet out an interface with a source address foreign to that segment / whatever media. Even if other hosts receive a packet and reply to it, they won't be able to ARP for it, and if they could, the original OpenBSD box will drop the reply with destination host/network unreachable (obviously). Wouldn't a better behavior to prevent the transmission of the packet in the same way the a socket cannot bind to a source port/ip if it is not assigned to an interface? Thoughts? TIA, BAS
OpenBSD 3.8 and Dell 1850 with PERC4/DC controller
We have a Dell 1850 with a PERC4/DC controller. When I try installing OpenBSD 3.8, I am having some troubles. 3.8 will sees the card as with the mpt0 driver. Which will not recognize my RAID1 config. The hardware compatibility guide tells me the mpt0 is support for a standard scsi card. According to the hardware guide, the correct driver for RAID support is ami. When I boot with the, boot -cs and add the ami driver support, I get a no disk drive support. To check the drive config I installed and booted another OS. Any help/comments would be greatly appreciated. Thanks Shane
Re: Oracle, anyone?
--- Josh Tolley [EMAIL PROTECTED] wrote: Running oracle on any unsupported platform is probably not the best idea, not only because you won't get support, but also because running it on a more secure platform will still leave you with lots of holes; 1) Just an fyi, I have a few boxes Oracle 9iR2 running on FreeBSD 5.2.1 in a test environment and it runs as well if not better (consistently for a year and a half) than Oracle 9iR2 on our production Suse Linux boxes. 1a) Also, I have Oracle 10G running on Mac OSX which Oracle has support for. in other words, you're going to need something in front of the box to 2) I also put Snort on OpenBSD in front of the boxes to add a layer of security. Snort 2 has support for filtering/blocking specific sql statements, etc. and is a terrific way to add a powerful layer of security. - Obi Just $16.99/mo. or less. dsl.yahoo.com
Re: OpenBSD 3.8 and Dell 1850 with PERC4/DC controller
I've only had the priv. to run OpenBSD on the 750 and 850 1Us from Dell. However I have a number of FreeBSD 5.3x hosts on single and dual-proc 1850 models, some with RAID and some with standard SCSI. The standard SCSI config (on which I run software RAID) probes as: NAME mpt(4) -- LSI Fusion-MPT SCSI/Fibre Channel driver mpt0: LSILogic 1030 Ultra4 Adapter port 0xec00-0xecff mem 0xdfde-0xdfde,0xdfdf-0xdfdf irq 34 at device 5.0 on pci2 mpt0: [GIANT-LOCKED] ses0 at mpt0 bus 0 target 6 lun 0 da0 at mpt0 bus 0 target 0 lun 0 da1 at mpt0 bus 0 target 1 lun 0 The hardware RAID (with cache and battery and all) probes as: NAME amr(4) -- AMI MegaRAID PCI-SCSI RAID driver amr0: LSILogic MegaRAID mem 0xdfde-0xdfdf,0xd80f-0xd80f irq 46 at device 14.0 on pci2 amr0: [GIANT-LOCKED] amr0: LSILogic PERC 4e/Si Firmware 521S, BIOS H430, 256MB RAM amrd0: LSILogic MegaRAID logical drive on amr0 amrd0: 69880MB (143114240 sectors) RAID 1 (optimal) Maybe check your invoice? ~BAS On Mon, 5 Dec 2005, shane mullins wrote: We have a Dell 1850 with a PERC4/DC controller. When I try installing OpenBSD 3.8, I am having some troubles. 3.8 will sees the card as with the mpt0 driver. Which will not recognize my RAID1 config. The hardware compatibility guide tells me the mpt0 is support for a standard scsi card. According to the hardware guide, the correct driver for RAID support is ami. When I boot with the, boot -cs and add the ami driver support, I get a no disk drive support. To check the drive config I installed and booted another OS. Any help/comments would be greatly appreciated. Thanks Shane l8* -lava x.25 - minix - bitnet - plan9 - 110 bps - ASR 33 - base8
Re: OpenBSD 3.8 and Dell 1850 with PERC4/DC controller
You need to do some reading on the BIOS settings of the 1850. There is an option in there where you can switch from SCSI (mpt) to RAID (ami) mode and back. The trick is that it requires a so called RAID key for this functionality to work. This is a purchase option; don't know if you bought it or not. 1850s work fine with OpenBSD 3.8. /marco On Dec 5, 2005, at 9:14 AM, shane mullins wrote: We have a Dell 1850 with a PERC4/DC controller. When I try installing OpenBSD 3.8, I am having some troubles. 3.8 will sees the card as with the mpt0 driver. Which will not recognize my RAID1 config. The hardware compatibility guide tells me the mpt0 is support for a standard scsi card. According to the hardware guide, the correct driver for RAID support is ami. When I boot with the, boot -cs and add the ami driver support, I get a no disk drive support. To check the drive config I installed and booted another OS. Any help/comments would be greatly appreciated. Thanks Shane
PPTP + PPPoE ?
Hi all, I'm running OpenBSD 3.7. I use my OpenBSD machine as a firewall, including a PPTP server and it runs ok. But... I want to connect to my ISP with PPPoE and configure my router as bridge and I've achieve it!! But now my PPTP server is not running, I cannot connect from a Windows client as before. Does anybody know why? Can I use ppp.conf with two different applications? Or the problem is with the tun devices? Thanks a lot. My ppp.conf: pptp: #set ifaddr 172.16.1.100 172.16.1.10-172.16.1.20 enable proxy set timeout 0 enable MSChapV2 disable ipv6cp disable ipv6 default: set log Phase Chat LCP IPCP CCP tun command set device /dev/cua01 set speed 115200 # set dial ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \\ AT OK-AT-OK ATE1Q0 OK \\dATDT\\T TIMEOUT 40 CONNECT CHAPserver: enable chap enable proxy set ifaddr 192.244.176.44 292.244.184.31 accept dns pppoe: set device !/usr/sbin/pppoe -i rl0 set mtu max 1492 set mru max 1492 set speed sync disable acfcomp protocomp deny acfcomp set authname [EMAIL PROTECTED] set authkey adslppp add default HISADDR enable dns enable mssfixup -- Abel Talaversn Estevez Ingeniero Superior de Telecomunicaciones Analista de Proyectos OpenWired Caballero 87 - Bajos 08029 - Barcelona Tel. 93 495 0990 Fax. 93 419 4591 Openwired Alejandro Villegas,29 28043 - MADRID - ESPAQA Telifono: 91 300 51 09 Fax: 91 300 28 13 http://www.openwired.com
Re: PPTP + PPPoE ?
The problem is GRE. Take a look at http://sourceforge.net/projects/frickin On Monday 05 December 2005 18:58, Abel Talaversn Estevez wrote: Hi all, I'm running OpenBSD 3.7. I use my OpenBSD machine as a firewall, including a PPTP server and it runs ok. But... I want to connect to my ISP with PPPoE and configure my router as bridge and I've achieve it!! But now my PPTP server is not running, I cannot connect from a Windows client as before. Does anybody know why? Can I use ppp.conf with two different applications? Or the problem is with the tun devices? Thanks a lot. My ppp.conf: pptp: #set ifaddr 172.16.1.100 172.16.1.10-172.16.1.20 enable proxy set timeout 0 enable MSChapV2 disable ipv6cp disable ipv6 default: set log Phase Chat LCP IPCP CCP tun command set device /dev/cua01 set speed 115200 # set dial ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \\ AT OK-AT-OK ATE1Q0 OK \\dATDT\\T TIMEOUT 40 CONNECT CHAPserver: enable chap enable proxy set ifaddr 192.244.176.44 292.244.184.31 accept dns pppoe: set device !/usr/sbin/pppoe -i rl0 set mtu max 1492 set mru max 1492 set speed sync disable acfcomp protocomp deny acfcomp set authname [EMAIL PROTECTED] set authkey adslppp add default HISADDR enable dns enable mssfixup -- Best regards Maxim Bourmistrov
Re: OpenBSD 3.8 and Dell 1850 with PERC4/DC controller SOLVED
Thanks, Ryan Fox told me to change the BIOS setting from i2o to mass storage. This setting worked great. Shane - Original Message - From: Marco Peereboom [EMAIL PROTECTED] To: shane mullins [EMAIL PROTECTED] Cc: misc@openbsd.org Sent: Monday, December 05, 2005 11:26 AM Subject: Re: OpenBSD 3.8 and Dell 1850 with PERC4/DC controller You need to do some reading on the BIOS settings of the 1850. There is an option in there where you can switch from SCSI (mpt) to RAID (ami) mode and back. The trick is that it requires a so called RAID key for this functionality to work. This is a purchase option; don't know if you bought it or not. 1850s work fine with OpenBSD 3.8. /marco On Dec 5, 2005, at 9:14 AM, shane mullins wrote: We have a Dell 1850 with a PERC4/DC controller. When I try installing OpenBSD 3.8, I am having some troubles. 3.8 will sees the card as with the mpt0 driver. Which will not recognize my RAID1 config. The hardware compatibility guide tells me the mpt0 is support for a standard scsi card. According to the hardware guide, the correct driver for RAID support is ami. When I boot with the, boot -cs and add the ami driver support, I get a no disk drive support. To check the drive config I installed and booted another OS. Any help/comments would be greatly appreciated. Thanks Shane
Can't get VM_UVMEXP: Cannot allocate memory 3.8 GENERIC
Hi List, i've a problem with 3.8 systat vm shows this error above and no memory values ... BUT: if i'm using the original kernel from the 3.8 cd that it works without this error. BUT: if i build the 3.8 GENERIC kernel by myself without any changes pf the GENERIC config, then the error appears. With 3.7 or older no problem. Whats the difference between the builded 3.8 GENERIC kernel on CD and the GENERIC config on the original source CD ? Thanks for help. Thomas Boernert
Re: PPTP + PPPoE ?
Alternatively, you can use in-kernel pppoe for adsl to your ISP and user-space ppp for pptp. Look at the man pages. Regards, David On 12/5/05, Maxim Bourmistrov [EMAIL PROTECTED] wrote: The problem is GRE. Take a look at http://sourceforge.net/projects/frickin On Monday 05 December 2005 18:58, Abel Talaversn Estevez wrote: Hi all, I'm running OpenBSD 3.7. I use my OpenBSD machine as a firewall, including a PPTP server and it runs ok. But... I want to connect to my ISP with PPPoE and configure my router as bridge and I've achieve it!! But now my PPTP server is not running, I cannot connect from a Windows client as before. Does anybody know why? Can I use ppp.conf with two different applications? Or the problem is with the tun devices? Thanks a lot. My ppp.conf: pptp: #set ifaddr 172.16.1.100 172.16.1.10-172.16.1.20 enable proxy set timeout 0 enable MSChapV2 disable ipv6cp disable ipv6 default: set log Phase Chat LCP IPCP CCP tun command set device /dev/cua01 set speed 115200 # set dial ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \\ AT OK-AT-OK ATE1Q0 OK \\dATDT\\T TIMEOUT 40 CONNECT CHAPserver: enable chap enable proxy set ifaddr 192.244.176.44 292.244.184.31 accept dns pppoe: set device !/usr/sbin/pppoe -i rl0 set mtu max 1492 set mru max 1492 set speed sync disable acfcomp protocomp deny acfcomp set authname [EMAIL PROTECTED] set authkey adslppp add default HISADDR enable dns enable mssfixup -- Best regards Maxim Bourmistrov
Re: Oracle, anyone?
On Sun, 4 Dec 2005, J.C. Roberts wrote: On Sun, 4 Dec 2005 21:57:15 -0700, Josh Tolley [EMAIL PROTECTED] If someone has a viable need of Oracle products, it's in their best interest to get it running on OpenBSD. Why? Going off into unsupported territory where there's probably 10 other shops in the world doing the same thing (i.e. lack of community) will mean chasing down lots and lots of issues yourself with very few resources to turn to. Sure, you're right that many people are primarily interested in getting supposed support from Oracle but forcibly drop kicking Oracle software onto OpenBSD will most likely allow you to find a lot of Oracle bugs. Or a lot of Linux emulation bugs. Or bugs in the linux lib packages triggered by the kernel emulation. Linux emulation + non-native libs + lack of documented issues = lots of variables that are going to make it a royal pain to troubleshoot problems. If you've got enough $ for Oracle Inc to think you're important, they might actually consider fixing the bugs you report. If you've got that much cash to persuade them to do that, you might as well go whole-hog and have them do a native port. And if you have that much cash, you're probably looking at running Oracle on $very_large_hardware that OpenBSD doesn't support yet. If Oracle software is too broken to run properly on OpenBSD and Oracle refuses to fix their bugs (i.e. failure to actually support their products), then you might want to reconsider your choice of software to see if there are other alternatives available. If there's no native port, there is no running properly, period. Even if their software was buggy, how can Oracle be reasonably expected to fix bugs on a system that is more or less rigged with the software equivalent of duct tape and baling wire? That being said, if OpenBSD is a requirement, then change the database to something nice and not so bloated like PostGres. Then at least it'll native compile. -- Signing off, Joseph C. Bender [EMAIL PROTECTED] Does the government fear us? Or do we fear the government? When the people fear the government, tyranny has found victory. The federal government is our servant, not our master. ---Thomas Jefferson
Mounting UFS2 (FreeBSD) partition?
Hi, I'm using 3.8 GENERIC kernel, and having problems mounting a FreeBSD UFS2 harddisk, is there a way to mount it in OpenBSD or the only way is to backup data, reformat in FFS and restore? Thanks in advance, DS
CSAV for Exchange - Virus Alert
The message Unknown you sent to DCARTER had the file attachment mail.zip which was infected with the mail.zip-mail.htm Infection: W32/[EMAIL PROTECTED] (exact) virus. The file attachment was deleted from the message.
Re: Mounting UFS2 (FreeBSD) partition?
UFS2 is not supported. On 12/5/05, Vinicius Vianna [EMAIL PROTECTED] wrote: Hi, I'm using 3.8 GENERIC kernel, and having problems mounting a FreeBSD UFS2 harddisk, is there a way to mount it in OpenBSD or the only way is to backup data, reformat in FFS and restore? Thanks in advance, DS
Re: Oracle, anyone?
* Dennis S.Davidoff [EMAIL PROTECTED] [051205 03:23]: Monday, December 5, 2005, 12:49:21 AM, you wrote: FP Has anyone got Oracle 10g working on OpenBSD 3.8? FP What is the general consensus of running Oracle on OpenBSD? Bad idea, use Linux instead. Incidentally, I ask audience, have anyone port oracle7 client (API) like in FreeBSD? :) I don't need Oracle on OpenBSD, but an libraries to build perl DBD::Oracle. I've got oracle7 from FreeBSD and install DBD::Oracle, but after that I've got a problem while running script that only connects to Oracle: /usr/bin/perl: /usr/local/libdata/perl5/site_perl/i386-openbsd/auto/DBD/Oracle/Oracle.so: can't resolve reference '_DefaultRuneLocale' /usr/bin/perl: /usr/local/libdata/perl5/site_perl/i386-openbsd/auto/DBD/Oracle/Oracle.so: can't resolve reference '_CurrentRuneLocale' Segmentation fault (core dumped) -- Sincerely, Dennis I would be very happy to see a native Oracle client for OpenBSD. Fat chance of it happening. I poked Oracle on metalink and got nowhere faster than I did explaining my need for RAID documentation to Adaptec. I would be thrilled to see a FreeTNS project spawn similar to the FreeTDS project. That would solve our problem quite nicely. Jim
Re: Mounting UFS2 (FreeBSD) partition?
I've mounted OpenBSD from FreeBSD 4.x without any problems. I converted an extra freebsd partition to OpenBSD (use sysinstall to change the partition type to 166) and rebooted. Then I installed OpenBSD on it. I've never accessed FreeBSD from OpenBSD. FreeBSD 5.x can mount an OpenBSD partition, but it can only access the first slice. HTH, Eric Buchanan El Mon 05 Dec 2005 12:38 pm, escribis: Hi, I'm using 3.8 GENERIC kernel, and having problems mounting a FreeBSD UFS2 harddisk, is there a way to mount it in OpenBSD or the only way is to backup data, reformat in FFS and restore? Thanks in advance, DS
Re: smtp-vilter with pf integration
On Sunday 04 December 2005 12.02, Marc Balmer wrote: smtp-vilter, the flexible and fast email content scanner for sendmail based systems, can now interact with the pf packet filter on OpenBSD. If a virus, spam or otherwise unwanted content is detected in an email message, it can add the sending hosts IP address to a pf table. You can then give this host special treatment... In the configuration file, you can add the following statements to activate reactions: react on [virus|spam|unwanted-content|clean] add to table [tablename] Dynamically reconfiguring systems always carry a risk of being abused for denial of service attacks, so use with care. The code is relatively new and I'd be happy to receive some feedback from people using smtp-vilter. The code can be downloaded here: http://www.etc.msys.ch/sources/smtp-vilter/smtp-vilter-1.2.0.tgz I will eventually update the port in -current. - Marc Balmer Nice work. I will try it a.s.a.p. And it would be really nice if you had the time to update the port as well. Regards /Per-Olov -- GPG keyID: 4DB2 83CE GPG fingerprint: 45E8 3D0E DE05 B714 D549 45BC CFB4 BBE9 4DB2 83CE
Re: Mounting UFS2 (FreeBSD) partition?
On 2005-12-05 13:17:54 -0800, Ted Unangst wrote: UFS2 is not supported. Is anybody working on changing that? Best Martin -- http://www.tm.oneiros.de
Re: group ownership of /var/mail
Do away with akpop3d altogether. Use OpenBSD's sendmail and popa3d. Install OpenVPN on your OpenBSD server and client computer to connect to OpenBSD's default MTA and POP3 server. This is a much easier and vastly more flexible solution. I use it all the time and only require's me to install one single 3rd party application (OpenVPN). By your route, you have to install akpop3d and configure it and then sasl and configure it for sending out encrypted email. By your route, you have to watch not only your OpenBSD vulnerabilities but vulnerabilites for akpop3d and sasl (or any other 3rd party solution you choose to authenticate your smtp connection). Do it my way and you only have to watch out for OpenBSD and OpenVPN vulnerabilities. J Moore wrote: ... trying to get an errant package (akpop3d) squared away raised the following question: Some othe OSs (Linux-Fedora, and FreeBSD) assign ownership of the /var/mail directory to a group named mail; OpenBSD assigns ownership of this directory to the group wheel. Apparently akpop3d needs write access to /var/mail to create a lock file for the user's mail spool. akpop3d assumes /var/mail is owned by group mail, but allows that to be changed at startup with the -g option. This leads me to a two-part question: 1. Is there an advantage to assigning group ownership of /var/mail to wheel, or was this choice simply arbitrary? 2. To get akpop3d running should I change group ownership of /var/mail to mail (rather than giving akpop3d the '-g wheel' option)? And yes - I did email the port maintainer, but have received no response in almost a week. Thnx, Jay
Re: Mounting UFS2 (FreeBSD) partition?
On 12/5/05, Martin Schrvder [EMAIL PROTECTED] wrote: On 2005-12-05 13:17:54 -0800, Ted Unangst wrote: UFS2 is not supported. Is anybody working on changing that? not that i'm aware of.
Re: Oracle, anyone?
On Mon, 5 Dec 2005 14:43:18 -0500 (EST), Joseph C. Bender [EMAIL PROTECTED] wrote: On Sun, 4 Dec 2005, J.C. Roberts wrote: On Sun, 4 Dec 2005 21:57:15 -0700, Josh Tolley [EMAIL PROTECTED] If someone has a viable need of Oracle products, it's in their best interest to get it running on OpenBSD. Why? Going off into unsupported territory where there's probably 10 other shops in the world doing the same thing (i.e. lack of community) will mean chasing down lots and lots of issues yourself with very few resources to turn to. Communities often start with one idea and one person willing to do some work. If everyone based their decision on whether or not there are other people out there with similar interests and effort, new things would never be started. Sure, you're right that many people are primarily interested in getting supposed support from Oracle but forcibly drop kicking Oracle software onto OpenBSD will most likely allow you to find a lot of Oracle bugs. Or a lot of Linux emulation bugs. Or bugs in the linux lib packages triggered by the kernel emulation. Linux emulation + non-native libs + lack of documented issues = lots of variables that are going to make it a royal pain to troubleshoot problems. You certainly have a valid point when it comes to doing useful production work with Oracle on OpenBSD but from what you've written, it seems like you do not value the bug finding process all that much. My opinion is the exact opposite; the main reason for attempting such a configuration *_is_* to find the bugs and hopefully fix them. Sure, you're right it's a royal pain, but if no one does the work, it never gets done. If you've got enough $ for Oracle Inc to think you're important, they might actually consider fixing the bugs you report. If you've got that much cash to persuade them to do that, you might as well go whole-hog and have them do a native port. And if you have that much cash, you're probably looking at running Oracle on $very_large_hardware that OpenBSD doesn't support yet. Yep, you're totally right on the above. If your only goal is putting Oracle on OpenBSD in production and you have the money to pay for all the work, then you can probably make it happen. If Oracle software is too broken to run properly on OpenBSD and Oracle refuses to fix their bugs (i.e. failure to actually support their products), then you might want to reconsider your choice of software to see if there are other alternatives available. If there's no native port, there is no running properly, period. Even if their software was buggy, how can Oracle be reasonably expected to fix bugs on a system that is more or less rigged with the software equivalent of duct tape and baling wire? When you're starting off, duct tape and bailing wire are your best friends mainly because there is no other way to get going. You can kind of think of it as boot strapping. It's not going to happen over night or anytime soon. As for expecting anything from Oracle, well, even if *you* are convinced it is in their best interest to fix their bugs, it doesn't mean the decision makers at the company will be convinced. The most you can do is document your setup and findings so others can repeat your tests. In a nutshell, it comes down to your goals and your time frame. If you want the Oracle code you run to be more reliable, robust and secure on $very_large_hardware that OpenBSD doesn't support yet just using OpenBSD to find some bugs could be a worthwhile experiment even if you never actually use OBSD/Oracle in production. A lot of companies would consider such efforts to be a waste of time/money but as you can see by this thread, there are some people who think the task might be a fun or interesting hack... -You can view it as the difference between those people who follow the warning on the sticker Warranty Void If Removed and those people who are more interested in learning what can be learned. That being said, if OpenBSD is a requirement, then change the database to something nice and not so bloated like PostGres. Then at least it'll native compile. Yes. And I think we will both agree the decision of what to use in production really comes down to the requirements. On the other hand, I think if a company really values the data they store in their production Oracle db's, financing a bit of experimentation to find/fix bugs is in the best interest of company long term. I think the best way you could understand my view on the whole Oracle/OBSD thing is by analogy... The OpenBSD port to the SGI-O2 platform has been ongoing for some time and even after almost 2 years of work, the port is still incomplete since we don't have an X server. None the less, the O2 porting effort has allowed new types and classes of bugs to be found mainly because the bugs have not shown up on other architectures. Fixing the newly discovered bugs benefits all the supported architectures. Since you don't have
Re: Can't get VM_UVMEXP: Cannot allocate memory 3.8 GENERIC
Thomas Bvrnert wrote: Hi List, i've a problem with 3.8 systat vm shows this error above and no memory values ... BUT: if i'm using the original kernel from the 3.8 cd that it works without this error. BUT: if i build the 3.8 GENERIC kernel by myself without any changes pf the GENERIC config, then the error appears. With 3.7 or older no problem. Whats the difference between the builded 3.8 GENERIC kernel on CD and the GENERIC config on the original source CD ? Due to lack of details, I'm going to make a quick guess that you mixed a -current kernel with a -release userland. Don't do that. See FAQ 5 for more info. Nick.
Re: Oracle, anyone?
On Sun, Dec 04, 2005 at 09:49:21PM +, Frank Parsons wrote: Has anyone got Oracle 10g working on OpenBSD 3.8? What is the general consensus of running Oracle on OpenBSD? Don't bother. Run it on Linux instead, and make sure you use the distro Oracle approves of or expect things to break. (whatever that is this week) In my expereince it runs better on Solaris than anything else because there is only one Solaris distribution to choose. Since this isn't an Oracle list I'm not going to get into the technical reasons why this is so important. You might also try postgres since it does almost everything Oracle does and in a lot of ways it sucks less. And it runs great on OpenBSD.
Re: Oracle, anyone?
On Mon, 5 Dec 2005, J.C. Roberts wrote: You certainly have a valid point when it comes to doing useful production work with Oracle on OpenBSD but from what you've written, it seems like you do not value the bug finding process all that much. You could not be more wrong. Do *not* presume that you may assume what I do or do not value. I just got done rewriting a bunch of the logging code in tinyproxy because the bug in that case happened to be extremely verbose logging because the original writers didn't understand using the software in a 1000+ user environment. My opinion is the exact opposite; the main reason for attempting such a configuration *_is_* to find the bugs and hopefully fix them. Sure, you're right it's a royal pain, but if no one does the work, it never gets done. Yes, but there's fixing bugs you can get at, and there's the banging of one's head against a brick wall created from running a closed source package in an *emulated* environment. When you're starting off, duct tape and bailing wire are your best friends mainly because there is no other way to get going. You can kind of think of it as boot strapping. It's not going to happen over night or anytime soon. You're not getting it. It's not bootstrapping, it's a gross, ugly, nasty hack. This is not making a port work, this is kludging something into functioning when a much better effort could be made on other platforms or by using other database packages. In a nutshell, it comes down to your goals and your time frame. If you want the Oracle code you run to be more reliable, robust and secure on $very_large_hardware that OpenBSD doesn't support yet just using OpenBSD to find some bugs could be a worthwhile experiment even if you never actually use OBSD/Oracle in production. This only works for a native port! You're not running Oracle on OpenBSD, you're running Oracle on what Oracle thinks is some wierd LINUX. A lot of companies would consider such efforts to be a waste of time/money but as you can see by this thread, there are some people who think the task might be a fun or interesting hack... -You can view it as the difference between those people who follow the warning on the sticker Warranty Void If Removed and those people who are more interested in learning what can be learned. And some people think drilling holes in their head leads to some deep inner wisdom. This does not make it a good idea. If someone wants to use *linux emulation* to run Oracle on OpenBSD and think it's doing some good, they can go right ahead. I've been there and done that with trying to hack evil crap into working in places it shouldn't, and all I've learned is that it leads to nothing but a ton of pain. Some people need object lessons in said pain before it sinks in. Their call, I guess. I'd rather work on something more useful or interesting. Yes. And I think we will both agree the decision of what to use in production really comes down to the requirements. On the other hand, I think if a company really values the data they store in their production Oracle db's, financing a bit of experimentation to find/fix bugs is in the best interest of company long term. Again, you think this will lead to bugfixes. I marvel at your raw idealism. I think the best way you could understand my view on the whole Oracle/OBSD thing is by analogy... The OpenBSD port to the SGI-O2 platform has been ongoing for some time and even after almost 2 years of work, the port is still incomplete since we don't have an X server. None the less, the O2 porting effort has allowed new types and classes of bugs to be found mainly because the bugs have not shown up on other architectures. Fixing the newly discovered bugs benefits all the supported architectures. Since you don't have X, you can't use your O2 as a production desktop yet but the porting effort has still been beneficial to the project as a whole, including all the folks who only use other archs. Your analogy is flawed. The discovered bugs are actively used by the OpenBSD devs to fix. As you yourself have even asserted, there's a pretty good chance that Oracle would probably ignore the bug reports, and given that it'd be coming from an environment that is nowhere near the intended platforms that they coded for, I wouldn't blame them. -- Signing off, Joseph C. Bender [EMAIL PROTECTED] Does the government fear us? Or do we fear the government? When the people fear the government, tyranny has found victory. The federal government is our servant, not our master. ---Thomas Jefferson
*STUPID* IPSEC Routing Bug - No Default Gateway?!
All: I'm CC'ing everyone who has previously posted the destination host unreachable behavior when setting up a generic 4-host IPSec VPN tunnel config per the template in vpn(8) / isakmpd.conf(5). NOTE: This is not the I can't ping the other side of the tunnel from the remote gateway because I forgot to specify the source IP flag to ping(8) bug. In the template, gateway A and B share a WAN circuit, normally an ethernet segment (a /30 for example). Each has a CIDR of RFC1918 Space on a second interface (a /24 for example) The tunnel(s) comes up, netstat -rn -f encap shows the ipsec routes, ipsecadm(8) shows the flows. However: If gateway A sends an ICMP packet using ping(8)'s -I with a source address of the private subnet on its second interface to the IP on the private/second interface on gateway B, the packet gets properly encapsualted and transmitted per pflog0. However, if the destination of the ICMP ping is an IP in the subnet assigned to the Ethernet segment on Gateway B's private/second interface, the packet: - crosses the tunnel - leaves the private interface, hits host X - host X returns the packet to Gateway B - Gateway B drops the packet, and returns Host X an ICMP host unreachable for Gateway A As crazy as that sounds, it happens? And after hours of troubleshooting, the problem turns out to be??!?! [*drumroll*] OpenBSD requires that gateway A and gateway B have a default route declared *EVEN THOUGH ONE IS NOT REQUIRED IN THE LAB CONFIGURATION* 1) If gateway A and gateway B have WAN interfaces on an ethernet segment such as a /30, they know the route to their respective WAN networks via directly connected route. 2) isakmpd/ipsec traffic can flow across that WAN network with no addtional routing assistance. 3) Once the phase 2 negotiation is complete, both boxes know a new special ipsec route for a /24 via the ipsec peer. 4) TRAFFIC EGRESSING THE TUNNEL MUST HAVE A SOURCE ADDRESS THAT MATCHES THE ACL. So why in the world would a default gateway be required? A default gateway is only required to reach subnets for which routes do not exist. Try it. :} This is the second time I've been bitten by these psuedo routes . See PR 4314/system. ~BAS
two bridges setup
Hello, I have the following hardware setup and would like to know is it possible to setup two bridges . Thanks for your effort. obsd-3.8 stable (APs) |__ rl0 |__ral0 |__wi0 clarence ___ kxS O - Yahoo! Messenger MKcDc]SPIOW#,Dc5DEsSQHT?IRTAtOBS O=oDc#,.DcIOWrMD\A4?45=#,HN:NUfT6SW_J'!# http://messenger.yahoo.com.hk
Posible bug in bktr(4) man pages
Hello. I have found something that I think it could be a man page bug. I have installed OpenBSD 3.8/i386 release from official CDROM and I am very happy with it. I have installed most of the software I use under Linux (I am writting from Linux now cause I have not configured thunderbird yet). The system does not recognize my TV CARD tuner type out of the box, and xawtv does not work. As I did not know if it was possible to configure TV CARD with config(8), I tried to compile a kernel, so I started to read the man pages. bktr(4) man page states the following for setting the card type in the kernel config file: option BKTR_OVERRIDE_CARD=nnn Select a specific card (overrides autodetection). `nnn' is set to one of the names listed and explained below. ASKEY_DYNALINK_MAGIC_TVIEWAskey/Dynalink Magic TView AVER_MEDIAAverMedia and so on. # I have added this to GENERIC.CUSTOM: option BKTR_SYSTEM_DEFAULT=BROOKTREE_PAL option BKTR_OVERRIDE_CARD=ASKEY_DYNALINK_MAGIC_TVIEW option BKTR_OVERRIDE_TUNER=PHILIPS_FR1216_PAL as stated in the man page. After some minutes of compiling, compilation fails and complains that ASKEY_DYNALINK_MAGIC_TVIEW is not defined (or something like that, I do not remember it exactly). Searching for clues on /usr/src/sys, I found /usr/src/sys/dev/pci/bktr/bktr_card.h file, with the following macro definitions (among others): #define CARD_IO_GV 9 #define CARD_FLYVIDEO 10 #define CARD_ZOLTRIX11 #define CARD_KISS 12 #define CARD_VIDEO_HIGHWAY_XTREME 13 #define CARD_ASKEY_DYNALINK_MAGIC_TVIEW 14 #define CARD_LEADTEK15 #define CARD_TERRATVPLUS16 #define CARD_TVWONDER 17 So, I had to add a CARD in front of the card type. I changed my GENERIC.CUSTOM kernel config file like this: option BKTR_SYSTEM_DEFAULT=BROOKTREE_PAL option BKTR_OVERRIDE_CARD=CARD_ASKEY_DYNALINK_MAGIC_TVIEW option BKTR_OVERRIDE_TUNER=PHILIPS_FR1216_PAL I compiled again the kernel and booted with the new one. Now I can watch TV with xawtv fine. :-) Should I fill a bug report? Thank you very much for everybody and for the developers who make this amazing OS. Thanks in advance. Ramiro.