Re: Oracle, anyone?

[Dennis S.Davidoff]

Monday, December 5, 2005, 12:49:21 AM, you wrote:

FP Has anyone got Oracle 10g working on OpenBSD 3.8?

FP What is the general consensus of running Oracle on OpenBSD?

Bad idea, use Linux instead.
Incidentally, I ask audience, have anyone port oracle7 client (API)
like in FreeBSD? :) I don't need Oracle on OpenBSD, but an libraries
to build perl DBD::Oracle. I've got oracle7 from FreeBSD and install
DBD::Oracle, but after that I've got a problem while running script
that only connects to Oracle:

/usr/bin/perl:
/usr/local/libdata/perl5/site_perl/i386-openbsd/auto/DBD/Oracle/Oracle.so: 
can't resolve reference '_DefaultRuneLocale'
/usr/bin/perl:
/usr/local/libdata/perl5/site_perl/i386-openbsd/auto/DBD/Oracle/Oracle.so: 
can't resolve reference '_CurrentRuneLocale'
Segmentation fault (core dumped)

-- 
Sincerely,
Dennis

Re: multiple Local-IDs for isakmpd

[Håkan Olsson]

On 5 dec 2005, at 02.57, Brian A. Seklecki wrote:


I opened a PR on this earlier this year.  Seach my last name in
query-pr.

The Cisco 3000 supports SA Proposals with multiple discontiguous
subnets.


The IKE protocol does not. In fact subnets are not part of SA  
proposals. (They're phase2 IDs.)


One IPsec tunnel cannot manage more than one set of network to  
network traffic. If you have two  subnets at each site, you'll need  
to configure four tunnels, etc.


For the problem at hand, one specifies multiple entries in [Phase  
2]:Connections, plus their config sections. There, multiple  
discontigous subnets. :)


(Granted, isakmpd configuration could (like Cisco) support an easier  
way of configuring multiple networks. This may happen someday.)


You could also take a look at ipsecctl(8).

/H



On Tue, 2005-06-07 at 20:54, Tamas TEVESZ wrote:

hi,

i have a situation where a branch office with multiple,
non-overlapping, non-aggregatable local networks need to connect to
the head office, via an ipsec tunnel. of course, the security
gateway is also acting as a gateway to the internet (nat and the  
usual

collateral stuff), and, as a matter of fact, some of the local
networks are connected to it via openvpn (that is, it itself is a vpn
concentrator of sorts, for openvpn tunnels).

rough sketch:

  -- branch office --  | | -- head office --
   | |
172.16.187.0/24 -  | |
172.19.47.0/24   \   +---+ | | +---+
  +- |security gw| - (ipsec tun) - |security gw|  
- ...

192.168.114.0/24 /   ++--+ | | +---+
192.168.2.0/24  - |
  \
    (internet etc..)

it may also be the case that at the head office end, there will be
more than one hosts/networks to be accessed, this is not clarified
yet. i am not in control of the head office's concentrator, but i  
know

that they are using a cisco 3060.

how is this realized within isakmpd's configuration? i already have
tried putting more than one ipv4_addr_subnets into the ipsec-id
section, and even more than one ipsec-id section, but isakmpd throw
them out (not surprise).

if this cannot be realized within isakmpd, what other options do i
have? pf route-tos/reply-tos are about the only thing i can think
of... anything else?

tia,




/H

Re: Problem with Realtek 8139 in very old machine

[Joachim Schipper]

On Mon, Dec 05, 2005 at 12:07:33AM -0200, Giancarlo Razzolini wrote:
 Ted Unangst wrote:
  put it in a different slot.
  
  On 12/1/05, Giancarlo Razzolini [EMAIL PROTECTED] wrote:
  
 Hi Folks,

I'm building a firewall solution to my home network on top of 
  OpenBSD.
 The machine that i'm using is a very old Pentium 133Mhz, with only 40MB
 of RAM (EDO), 4 PCI ports and 5 ISA ports. I do have my VGA card (a
 trident TGUI) on one PCI, and a Realtek 8139 os other PCI port. The
 problem that i'm having is that i managed to install openbsd correctly,
 and it detects my ethernet card correctly, but it can initializate the
 device. As i don't have network, i can't put a full dmesg here, but it
 is something like this that shows to me:
 
 rl0 XXX no interrupt for pin A
 : couldn't map interrupt
 
The rl(4) man page only says that it is A fatal initialization error
 has occurred. I did some homework and found some guys saying to
 deactivate plug and play (my BIOS don't have this, instead i deactivated
 auto irq mappings), other guys saying to deactivate the serial ports.
 I've done these both, with no success. I've even replaced the card for
 one that i was sure that was working, with no success. If any of you
 gurus have some hint for this, i would be vary glad. Perhaps, deactivate
 the automatic detection, and passing some arguments to the kernel. I
 don't know. A, by the way, my BIOS only let me to assign IRQ's 14 or 15
 to the PCI port where the Realtek is. 14 is currently used for my IDE
 controller. I know that the ethernet card can share the same IRQ with
 the IDE controller, but i don't know if the other way arround is true.
 And if i force some IRQ, my machine doesn't even pass the BIOS checks,
 and freezes.

 First of all i would like to thank everybody that replyed. I tried
 putting it on a different slot, and i did something more radical. i've
 installed a slackware linux in the machine, and it gave me the same
 error. The kernel said to me to try to boot it with the pci=biosirq
 option. I did it, and i got a big kernel panic. I'm almost losing my
 hopes. The thing that is most painful is that it had a windows 98
 installed on the machine before putting openbsd or the linux. And the
 realtek was working. I hate PnP. Well, i'll try to erase the bios, but
 i've already tried using the nic, on every slot. My last option will be
 to get 2 ISA cards, and try then. Thanks for all you pals. It really
 helped me a lot. I've only foung this kind of support in the slackware
 mail lists. I heard that the OpenBSD communty was very good, and now i
 know why.

Looks like *something* is wonky. You could try another card, or this
card in another machine, if you want to have a go at isolating the
problem.

For a more practical solution, ask around a bit and install your
firewall on the best machine you've been offered after a couple of
weeks. It's likely to be much better than what you have now, from my
experience.

Joachim

Re: Help with lpd and XP

[Simon Slaytor]

Same issue when using the CUPS LPD daemon so it's not an LPD thing, 
surprise surprise it looks like a Windows thing.


Greg Thomas wrote:


On 12/4/05, Steve Murdoch [EMAIL PROTECTED] wrote:
 


Any issues I had printing from XP went away when I enabled LPR Byte
counting in the LPR port settings.

   



Any ideas why that is?

Greg

First to Know Bulletin for December 5, 2005

[Webdoctor at Ivanhoe Newswire]

Medical Breakthroughs: First to Know
Reported by Ivanhoe Broadcast News

Click here to search Ivanhoe.com

Letter from
the President

December 5, 2005

Boycott Butter!

Having celebrated two Thanksgivings -- one with my family and one with my
husband's family -- we are now joining the diet crowd so we don't put on
the 10 pounds many of us tend to gain during the holiday season. For some
excellent tips on what to eat and drink to stay fit for the holidays, see
our story this week on what nutritionist Tejal Parekh, R.D., of M. D.
Anderson Cancer Center has to say on this topic. Though he says to forgo
the butter, you'll be pleased to know you don't have to give up the
mashed potatoes or dessert...

With more and more people fighting the battle of the bulge, Stanford
University surgeon, Myriam Curet, M.D., is one of the first in the
country using a $1 million robot to help perform laparoscopic gastric
bypass surgery. Read this week's report to learn more about this delicate
robotic surgery that Dr. Curet says is safer, easier and more precise.
Since eating certain foods may be one of the environmental factors that
affects type 1 diabetes patients, make sure you also see our in-depth
doctor's interview with William Hagopian, M.D., Ph.D., about what he's
discovering in the Environmental Determinants in Diabetes of the Young
(TEDDY) study.

The discovery process is also happening at the University of Vermont
where Helene Langevin, M.D., is uncovering remarkable clues about what
happens during acupuncture and at the University of Michigan where
doctors have found a combination of state-of-the-art chemo and radiation
that is helping liver cancer patients live longer than expected.

You may want to check out two special reports in our fee-based Archives.
One is our September 2005 report, The Scientific Mystery of Sleep, and
the other is Simpler Blood Thinning Medication Prevents Strokes. Premium
Content in the Archives may be purchased for as little as $9 for 24-hour,
unlimited access. If you would like to access Premium Content for the
first time click here.

Finally, if you're interested in an alternative to heart bypass surgery
and creating new channels of blood around your heart, read about a
special exercise done in bed that is showing improvement in 85 percent of
the patients being studied. Having a new chance at life without surgery
sounds good to me!

And there's more where that came from...

Marjorie
Marjorie Bekaert Thomas
President, Ivanhoe Broadcast News

It's a helluva start, being able to recognize what makes you happy.
--Lucille Ball

Click here to get Ivanhoe's Medical Headline RSS feed

Also In This Issue...

Small Amounts of Alcohol Reduce Obesity

In Vitro Fertilization and Birth Defects

Drink Heavily or Not at All?

Uncontrolled High Blood Pressure is a High-Risk Condition

Commercialized Sex Doubles

What Causes Chronic Fatigue

Discussion Groups:

Smart Woman: When Diets Go Too Far

Breakthrough Medical Web Sites Listing

DBIS Home

Click to View the Latest Video Clips

Click here to watch the video

Click here to watch the video

Click here to watch the video

Smart Woman Home

Click here to read the story

Click here to read the story

Click here to read the story

Smart Woman Home

Laughter is the Best Medicine! To post a joke or saying, click here!

Do you want to be a part of the Ivanhoe news network?

Click here to read letters to the Webdoctor.We are interested in learning
of the latest science-related research and discoveries, including
astronomy, chemistry, computer and earth science, engineering, optics and
physics.

Please e-mail Stephanie Pancratz, Managing Editor, at
[EMAIL PROTECTED]

Submit Story Ideas!
E-mail us at
[EMAIL PROTECTED]

Has this site saved your life or the life of someone you know?
E-mail us at
[EMAIL PROTECTED]

What do you think about Ivanh oe?
E-mail us at
[EMAIL PROTECTED]

E-mail a Friend
To stop receiving the First to Know Bulletin, click here
and unsubscribe your e-mail address.

What's New | News Flash | Discussion | Search/Archives | Ivanhoe FAQ
E-mail Medical Ale rts! | Our TV Partners | Awards | Useful Links | Play
It Again, Please

Contents ) 1995-2005 Ivanhoe Broadcast News, Inc.
No part of this newsletter may be reproduced without permission.

Re: disk encryption on login

[Luís Bruno]

Alexander Farber wrote:

I have one suggestion: if a user logs in and the path to home dir
in the /etc/passwd is actually pointing to a file, then it is 
encrypted


Ok, maybe not so excellent, because where that would be mounted :-/


In the parent directory: /home/lbruno/image.vnd - /home/lbruno/

Re: Fwd: Re: KWordd - correction

[Joachim Schipper]

On Sun, Dec 04, 2005 at 06:03:39PM -0500, Dave Feustel wrote:
 If I were not running OpenBSD, the comments by Dave Faure below would lead
 me to believe that my freshly installed (supposedly) single-user OpenBSD 3.8 
 system has been penetrated and the penetrating perp is rattling my cage. :-)
 
 Does anyone else have ideas about what is causing this?
 
 (I'm also getting other odd error messages. See the log at the end of the 
 post. Note the OpenSSL-related messages. As far as I know, I'm not making
 use of ssl right now. Any insight as to what's going on will be appreciated.
 
 Thanks,
 Dave Feustel

Hmm, no responses. I do not personally have a clue what could be the
problem, but it looks like installation didn't work as well as expected
(c.q. some links are not resolvable). Where did you get this from? Is it
a package from 3.8-release on a 3.8-release system?

Joachim

Can't use TCP SYN Proxy on CARP interface.

[Daniel Ouellet]

Is there a reason that I don't understand why TCP SYN Proxy wouldn't 
work on a CARP interface?


If I run a web server on a physical interface with
pass in on $ext_if proto tcp from any to $web_server port www \
   flags S/SA synproxy state

will work as explain in the FaQ, but if I try to do the same where I run 
the web server on a CARP interface it wouldn't accept it. Something like:


pass in on $ext_if proto tcp from any to carp1 port www \
   flags S/SA synproxy state

will not work but this would:

pass in on $ext_if proto tcp from any to carp1 port www

May be I am trying to do something that makes no sense, but I thought it 
should work, so that I could in the end use additional filtering and 
limits with


pass in on $ext_if proto tcp from any to carp1 port www \
   flags S/SA synproxy state \
(max 200, source-track rule, max-src-nodes 100, max-src-states 3)

Re: Problem with Realtek 8139 in very old machine

[Giancarlo Razzolini]

Joachim Schipper wrote:
 
 
 Looks like *something* is wonky. You could try another card, or this
 card in another machine, if you want to have a go at isolating the
 problem.
 
 For a more practical solution, ask around a bit and install your
 firewall on the best machine you've been offered after a couple of
 weeks. It's likely to be much better than what you have now, from my
 experience.
 
   Joachim
 
 
Thanks. I already putted my hands on some ISA nic's and on some PCI
nic's from other vendors, and will try them all. Unfortunately, i have
to sticky with this solution, because i want to build a very low budget
firewall, only for my home needs (5 machines). But thanks for the reply.

-- 
Giancarlo Razzolini
Linux User 172199
Moleque Sem Conteudo Numero #002
Slackware Current
Snike Tecnologia em Informatica
4386 2A6F FFD4 4D5F 5842  6EA0 7ABE BBAB 9C0E 6B85

3.8 userland build fails on amd64 and sparc64

[Dag Richards]

After extracting sources from the cd,  checking out current, building 
installing and booting from the new kernel, make build fails.



The error message indicates that xargs is being called with an 
unsupported argument, -r as I recall.  If I then just build and 
install xargs the make build completes.


This has happened now on both a sparc64 and an amd64 machine.

Re: 3.8 userland build fails on amd64 and sparc64

[Otto Moerbeek]

On Mon, 5 Dec 2005, Dag Richards wrote:

 After extracting sources from the cd,  checking out current, building
 installing and booting from the new kernel, make build fails.
 
 
 The error message indicates that xargs is being called with an unsupported
 argument, -r as I recall.  If I then just build and install xargs the make
 build completes.
 
 This has happened now on both a sparc64 and an amd64 machine.

Always be sure to read http://www.openbsd.org/faq/current.html when
following -current.

-Otto

Re: 3.8 userland build fails on amd64 and sparc64

[Alexandre Anriot]

 After extracting sources from the cd,  checking out current, building 
 installing and booting from the new kernel, make build fails.
 
 
 The error message indicates that xargs is being called with an 
 unsupported argument, -r as I recall.  If I then just build and 
 install xargs the make build completes.
 
 This has happened now on both a sparc64 and an amd64 machine.

You should take a look at
http://www.openbsd.org/faq/current.html#20050927 .

Re: 3.8 userland build fails on amd64 and sparc64

[Jasper Lievisse Adriaanse]

On Mon, 05 Dec 2005 06:59:07 -0800
Dag Richards [EMAIL PROTECTED] wrote:

 After extracting sources from the cd,  checking out current, building
 installing and booting from the new kernel, make build fails.


 The error message indicates that xargs is being called with an
 unsupported argument, -r as I recall.  If I then just build and
 install xargs the make build completes.

 This has happened now on both a sparc64 and an amd64 machine.

http://www.openbsd.org/faq/current.html#20050927


--
Security is decided by quality -- Theo de Raadt

[demime 1.01d removed an attachment of type application/pgp-signature]

Re: 3.8 userland build fails on amd64 and sparc64

[Martin Reindl]

Dag Richards [EMAIL PROTECTED] wrote:

 After extracting sources from the cd,  checking out current, building 
 installing and booting from the new kernel, make build fails.
 
 
 The error message indicates that xargs is being called with an 
 unsupported argument, -r as I recall.  If I then just build and 
 install xargs the make build completes.
 
 This has happened now on both a sparc64 and an amd64 machine.

Read http://www.openbsd.org/faq/current.html, doh.

PF NAT Address Pool Source Interface

[Brian A. Seklecki]

All:

It may seem rudimentary, but no where in the FAQ or man pages is it 
explicitly stated that the source address or address pool of a NAT 
translation must be assigned to an interface.


Obviously it can be either be a primary address (such as 99.9% of the PAT 
configurations on the Internet) or a series of IP Aliases assigned.


Further more, It doesn't actually state or recommend which interface the 
translated addresses should be assigned.  Technically, it's irrelevant. 
In practice, it depends greatly on the overall network configuration 
(specifically, routing).  As long as other hosts in the network know a 
discrete route to the subnet of the translated hosts via any interface on 
the device doing the translation.


The translation occurs to the packet's source address as it leaves the 
outbound interface (the one explicitly defined to the right of the - in 
the pf.conf(5) rule), so one might casually assume to assign the 
pool/address there; however in my tests, I've found that It can be 
assigned to the same interface as the subnet being translated.


However, if a translation rule in pf.conf(5) exists but the destination 
address/pool (the address to be translated to, not the optional 
destination CIDR mask),  OpenBSD will still happily transmit a translated 
packet out an interface with a source address foreign to that segment / 
whatever media.


Even if other hosts receive a packet and reply to it, they won't be able 
to ARP for it, and if they could, the original OpenBSD box will drop the 
reply with destination host/network unreachable (obviously).


Wouldn't a better behavior to prevent the transmission of the packet in 
the same way the a socket cannot bind to a source port/ip if it is not 
assigned to an interface?


Thoughts?

TIA,
BAS

OpenBSD 3.8 and Dell 1850 with PERC4/DC controller

[shane mullins]

We have a Dell 1850 with a PERC4/DC controller.  When I try installing OpenBSD
3.8, I am having some troubles.  3.8 will sees the card as with the mpt0
driver.  Which will not recognize my RAID1 config.  The hardware compatibility
guide tells me the mpt0 is support for a standard scsi card.  According to the
hardware guide, the correct driver for RAID support is ami.  When I boot with
the, boot -cs and add the ami driver support, I get a no disk drive support.
To check the drive config I installed and booted another OS.  Any
help/comments would be greatly appreciated.

Thanks
Shane

Re: Oracle, anyone?

[Obi Okeke]

--- Josh Tolley [EMAIL PROTECTED] wrote:

 Running oracle on any unsupported platform is
 probably not the best
 idea, not only because you won't get support, but
 also because running
 it on a more secure platform will still leave you
 with lots of holes;
1) Just an fyi, I have a few boxes Oracle 9iR2 running
on FreeBSD 5.2.1 in a test environment and it runs as
well if not better (consistently for a year and a
half) than Oracle 9iR2 on our production Suse Linux
boxes.
1a) Also, I have Oracle 10G running on Mac OSX which
Oracle has support for.
 in other words, you're going to need something in
 front of the box to
2) I also put Snort on OpenBSD in front of the boxes
to add a layer of security. Snort 2 has support for
filtering/blocking specific sql statements, etc. and
is a terrific way to add a powerful layer of security.

- Obi
Just $16.99/mo. or less. 
dsl.yahoo.com 

Re: OpenBSD 3.8 and Dell 1850 with PERC4/DC controller

[Brian A. Seklecki]

I've only had the priv. to run OpenBSD on the 750 and 850 1Us from Dell.

However I have a number of FreeBSD 5.3x hosts on single and dual-proc 1850 
models, some with RAID and some with standard SCSI.


The standard SCSI config (on which I run software RAID) probes as:


NAME
 mpt(4) -- LSI Fusion-MPT SCSI/Fibre Channel driver

mpt0: LSILogic 1030 Ultra4 Adapter port 0xec00-0xecff mem 
0xdfde-0xdfde,0xdfdf-0xdfdf irq 34 at device 5.0 on pci2

mpt0: [GIANT-LOCKED]
ses0 at mpt0 bus 0 target 6 lun 0
da0 at mpt0 bus 0 target 0 lun 0
da1 at mpt0 bus 0 target 1 lun 0


The hardware RAID (with cache and battery and all) probes as:

NAME
 amr(4) -- AMI MegaRAID PCI-SCSI RAID driver

amr0: LSILogic MegaRAID mem 0xdfde-0xdfdf,0xd80f-0xd80f 
irq 46 at device 14.0 on pci2

amr0: [GIANT-LOCKED]
amr0: LSILogic PERC 4e/Si Firmware 521S, BIOS H430, 256MB RAM
amrd0: LSILogic MegaRAID logical drive on amr0
amrd0: 69880MB (143114240 sectors) RAID 1 (optimal)

Maybe check your invoice?


~BAS

On Mon, 5 Dec 2005, shane mullins wrote:


We have a Dell 1850 with a PERC4/DC controller.  When I try installing OpenBSD
3.8, I am having some troubles.  3.8 will sees the card as with the mpt0
driver.  Which will not recognize my RAID1 config.  The hardware compatibility
guide tells me the mpt0 is support for a standard scsi card.  According to the
hardware guide, the correct driver for RAID support is ami.  When I boot with
the, boot -cs and add the ami driver support, I get a no disk drive support.
To check the drive config I installed and booted another OS.  Any
help/comments would be greatly appreciated.

Thanks
Shane




l8*
-lava

x.25 - minix - bitnet - plan9 - 110 bps - ASR 33 - base8

Re: OpenBSD 3.8 and Dell 1850 with PERC4/DC controller

[Marco Peereboom]

You need to do some reading on the BIOS settings of the 1850.  There  
is an option in there where you can switch from SCSI (mpt) to RAID 
(ami) mode and back.  The trick is that it requires a so called RAID  
key for this functionality to work.  This is a purchase option;  
don't know if you bought it or not.  1850s work fine with OpenBSD 3.8.


/marco

On Dec 5, 2005, at 9:14 AM, shane mullins wrote:

We have a Dell 1850 with a PERC4/DC controller.  When I try  
installing OpenBSD
3.8, I am having some troubles.  3.8 will sees the card as with the  
mpt0
driver.  Which will not recognize my RAID1 config.  The hardware  
compatibility
guide tells me the mpt0 is support for a standard scsi card.   
According to the
hardware guide, the correct driver for RAID support is ami.  When I  
boot with
the, boot -cs and add the ami driver support, I get a no disk drive  
support.

To check the drive config I installed and booted another OS.  Any
help/comments would be greatly appreciated.

Thanks
Shane

PPTP + PPPoE ?

[Abel Talaverón Estevez]

Hi all,

I'm running OpenBSD 3.7. I use my OpenBSD machine as a firewall, including a 
PPTP server and it runs ok. But...

I want to connect to my ISP with PPPoE and configure my router as bridge and 
I've achieve it!! But now my PPTP server is not running, I cannot connect 
from a Windows client as before. Does anybody know why? Can I use ppp.conf 
with two different applications? Or the problem is with the tun devices?

Thanks a lot.


My ppp.conf:

pptp:
 #set ifaddr 172.16.1.100 172.16.1.10-172.16.1.20
 enable proxy
 set timeout 0
 enable MSChapV2
 disable ipv6cp
 disable ipv6

default:
 set log Phase Chat LCP IPCP CCP tun command
 set device /dev/cua01
 set speed 115200
# set dial ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \\ AT OK-AT-OK ATE1Q0 OK 
\\dATDT\\T TIMEOUT 40 CONNECT


CHAPserver:
 enable chap
 enable proxy
 set ifaddr 192.244.176.44 292.244.184.31
 accept dns

pppoe:
 set device !/usr/sbin/pppoe -i rl0
 set mtu max 1492
 set mru max 1492
 set speed sync
 disable acfcomp protocomp
 deny acfcomp
 set authname [EMAIL PROTECTED]
 set authkey adslppp
 add default HISADDR
 enable dns
 enable mssfixup


-- 
Abel Talaversn Estevez
Ingeniero Superior de Telecomunicaciones
Analista de Proyectos

OpenWired
Caballero 87 - Bajos
08029 - Barcelona
Tel. 93 495 0990
Fax. 93 419 4591

Openwired
Alejandro Villegas,29
28043 - MADRID - ESPAQA
Telifono: 91 300 51 09
Fax:  91 300 28 13
http://www.openwired.com

Re: PPTP + PPPoE ?

[Maxim Bourmistrov]

The problem is GRE.
Take a look at http://sourceforge.net/projects/frickin


On Monday 05 December 2005 18:58, Abel Talaversn Estevez wrote:
 Hi all,
 
 I'm running OpenBSD 3.7. I use my OpenBSD machine as a firewall, including a 
 PPTP server and it runs ok. But...
 
 I want to connect to my ISP with PPPoE and configure my router as bridge and 
 I've achieve it!! But now my PPTP server is not running, I cannot connect 
 from a Windows client as before. Does anybody know why? Can I use ppp.conf 
 with two different applications? Or the problem is with the tun devices?
 
 Thanks a lot.
 
 
 My ppp.conf:
 
 pptp:
  #set ifaddr 172.16.1.100 172.16.1.10-172.16.1.20
  enable proxy
  set timeout 0
  enable MSChapV2
  disable ipv6cp
  disable ipv6
 
 default:
  set log Phase Chat LCP IPCP CCP tun command
  set device /dev/cua01
  set speed 115200
 # set dial ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \\ AT OK-AT-OK ATE1Q0 
 OK 
 \\dATDT\\T TIMEOUT 40 CONNECT
 
 
 CHAPserver:
  enable chap
  enable proxy
  set ifaddr 192.244.176.44 292.244.184.31
  accept dns
 
 pppoe:
  set device !/usr/sbin/pppoe -i rl0
  set mtu max 1492
  set mru max 1492
  set speed sync
  disable acfcomp protocomp
  deny acfcomp
  set authname [EMAIL PROTECTED]
  set authkey adslppp
  add default HISADDR
  enable dns
  enable mssfixup
 
 

-- 
Best regards
Maxim Bourmistrov

Re: OpenBSD 3.8 and Dell 1850 with PERC4/DC controller SOLVED

[shane mullins]

Thanks,

Ryan Fox told me to change the BIOS setting from i2o to mass
storage.  This setting worked great.

Shane

- Original Message - 
From: Marco Peereboom [EMAIL PROTECTED]
To: shane mullins [EMAIL PROTECTED]
Cc: misc@openbsd.org
Sent: Monday, December 05, 2005 11:26 AM
Subject: Re: OpenBSD 3.8 and Dell 1850 with PERC4/DC controller


 You need to do some reading on the BIOS settings of the 1850.  There
 is an option in there where you can switch from SCSI (mpt) to RAID
 (ami) mode and back.  The trick is that it requires a so called RAID
 key for this functionality to work.  This is a purchase option;
 don't know if you bought it or not.  1850s work fine with OpenBSD 3.8.

 /marco

 On Dec 5, 2005, at 9:14 AM, shane mullins wrote:

  We have a Dell 1850 with a PERC4/DC controller.  When I try
  installing OpenBSD
  3.8, I am having some troubles.  3.8 will sees the card as with the
  mpt0
  driver.  Which will not recognize my RAID1 config.  The hardware
  compatibility
  guide tells me the mpt0 is support for a standard scsi card.
  According to the
  hardware guide, the correct driver for RAID support is ami.  When I
  boot with
  the, boot -cs and add the ami driver support, I get a no disk drive
  support.
  To check the drive config I installed and booted another OS.  Any
  help/comments would be greatly appreciated.
 
  Thanks
  Shane

Can't get VM_UVMEXP: Cannot allocate memory 3.8 GENERIC

[Thomas Börnert]

Hi List,

i've a problem with 3.8

systat vm

shows this error above and no memory values ...

BUT:

if i'm using the original kernel from the 3.8 cd
that it works without this error.

BUT:

if i build the 3.8 GENERIC kernel by myself without
any changes pf the GENERIC config, then the error appears.

With 3.7 or older no problem.

Whats the difference between the builded 3.8 GENERIC
kernel on CD and the GENERIC config on the original
source CD ?

Thanks for help.

Thomas Boernert

Re: PPTP + PPPoE ?

[David Coppa]

Alternatively, you can use in-kernel pppoe for adsl to your ISP and
user-space ppp for pptp.
Look at the man pages.

Regards,
David

On 12/5/05, Maxim Bourmistrov [EMAIL PROTECTED] wrote:
 The problem is GRE.
 Take a look at http://sourceforge.net/projects/frickin


 On Monday 05 December 2005 18:58, Abel Talaversn Estevez wrote:
  Hi all,
 
  I'm running OpenBSD 3.7. I use my OpenBSD machine as a firewall, including a
  PPTP server and it runs ok. But...
 
  I want to connect to my ISP with PPPoE and configure my router as bridge and
  I've achieve it!! But now my PPTP server is not running, I cannot connect
  from a Windows client as before. Does anybody know why? Can I use ppp.conf
  with two different applications? Or the problem is with the tun devices?
 
  Thanks a lot.
 
 
  My ppp.conf:
 
  pptp:
   #set ifaddr 172.16.1.100 172.16.1.10-172.16.1.20
   enable proxy
   set timeout 0
   enable MSChapV2
   disable ipv6cp
   disable ipv6
 
  default:
   set log Phase Chat LCP IPCP CCP tun command
   set device /dev/cua01
   set speed 115200
  # set dial ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \\ AT OK-AT-OK ATE1Q0 
  OK
  \\dATDT\\T TIMEOUT 40 CONNECT
 
 
  CHAPserver:
   enable chap
   enable proxy
   set ifaddr 192.244.176.44 292.244.184.31
   accept dns
 
  pppoe:
   set device !/usr/sbin/pppoe -i rl0
   set mtu max 1492
   set mru max 1492
   set speed sync
   disable acfcomp protocomp
   deny acfcomp
   set authname [EMAIL PROTECTED]
   set authkey adslppp
   add default HISADDR
   enable dns
   enable mssfixup
 
 

 --
 Best regards
 Maxim Bourmistrov

Re: Oracle, anyone?

[Joseph C. Bender]

On Sun, 4 Dec 2005, J.C. Roberts wrote:


On Sun, 4 Dec 2005 21:57:15 -0700, Josh Tolley [EMAIL PROTECTED]

If someone has a viable need of Oracle products, it's in their best
interest to get it running on OpenBSD.


Why?

Going off into unsupported territory where there's probably 10 other 
shops in the world doing the same thing (i.e. lack of community) will mean 
chasing down lots and lots of issues yourself with very few resources to 
turn to.



Sure, you're right that many people are primarily interested in getting
supposed support from Oracle but forcibly drop kicking Oracle software 
onto OpenBSD will most likely allow you to find a lot of Oracle bugs.


	Or a lot of Linux emulation bugs.  Or bugs in the linux lib 
packages triggered by the kernel emulation.


Linux emulation + non-native libs + lack of documented issues = lots of 
variables that are going to make it a royal pain to troubleshoot problems.



If you've got enough $ for Oracle Inc to think you're important, they
might actually consider fixing the bugs you report.

	If you've got that much cash to persuade them to do that, you 
might as well go whole-hog and have them do a native port.  And if you 
have that much cash, you're probably looking at running Oracle on 
$very_large_hardware that OpenBSD doesn't support yet.



If Oracle software is too broken to run properly on OpenBSD and Oracle
refuses to fix their bugs (i.e. failure to actually support their
products), then you might want to reconsider your choice of software to
see if there are other alternatives available.

	If there's no native port, there is no running properly, period. 
Even if their software was buggy, how can Oracle be reasonably expected to 
fix bugs on a system that is more or less rigged with the software 
equivalent of duct tape and baling wire?


That being said, if OpenBSD is a requirement, then change the database to 
something nice and not so bloated like PostGres.  Then at least it'll 
native compile.



--
Signing off,

Joseph C. Bender
[EMAIL PROTECTED]
Does the government fear us?  Or do we fear the government?  When the 
people fear the government, tyranny has found victory. The federal 
government is our servant, not our master.  ---Thomas Jefferson

Mounting UFS2 (FreeBSD) partition?

[Vinicius Vianna]

Hi,

I'm using 3.8 GENERIC kernel, and  having problems mounting a FreeBSD 
UFS2 harddisk, is there a way to mount it in OpenBSD or the only way is 
to backup data, reformat in FFS and restore?


Thanks in advance,
DS

CSAV for Exchange - Virus Alert

[Administrator]

The message Unknown  you sent to DCARTER had the file attachment mail.zip 
which was infected with the mail.zip-mail.htm 

 Infection: W32/[EMAIL PROTECTED] (exact) virus.  
The file attachment was deleted from the message.

Re: Mounting UFS2 (FreeBSD) partition?

[Ted Unangst]

UFS2 is not supported.

On 12/5/05, Vinicius Vianna [EMAIL PROTECTED] wrote:
 Hi,

 I'm using 3.8 GENERIC kernel, and  having problems mounting a FreeBSD
 UFS2 harddisk, is there a way to mount it in OpenBSD or the only way is
 to backup data, reformat in FFS and restore?

 Thanks in advance,
 DS

Re: Oracle, anyone?

[Jim Razmus]

* Dennis S.Davidoff [EMAIL PROTECTED] [051205 03:23]:
 Monday, December 5, 2005, 12:49:21 AM, you wrote:
 
 FP Has anyone got Oracle 10g working on OpenBSD 3.8?
 
 FP What is the general consensus of running Oracle on OpenBSD?
 
 Bad idea, use Linux instead.
 Incidentally, I ask audience, have anyone port oracle7 client (API)
 like in FreeBSD? :) I don't need Oracle on OpenBSD, but an libraries
 to build perl DBD::Oracle. I've got oracle7 from FreeBSD and install
 DBD::Oracle, but after that I've got a problem while running script
 that only connects to Oracle:
 
 /usr/bin/perl:
 /usr/local/libdata/perl5/site_perl/i386-openbsd/auto/DBD/Oracle/Oracle.so: 
 can't resolve reference '_DefaultRuneLocale'
 /usr/bin/perl:
 /usr/local/libdata/perl5/site_perl/i386-openbsd/auto/DBD/Oracle/Oracle.so: 
 can't resolve reference '_CurrentRuneLocale'
 Segmentation fault (core dumped)
 
 -- 
 Sincerely,
 Dennis
 

I would be very happy to see a native Oracle client for OpenBSD.  Fat
chance of it happening.  I poked Oracle on metalink and got nowhere
faster than I did explaining my need for RAID documentation to Adaptec.

I would be thrilled to see a FreeTNS project spawn similar to the
FreeTDS project.  That would solve our problem quite nicely.

Jim

Re: Mounting UFS2 (FreeBSD) partition?

[Eric Buchanan]

I've mounted OpenBSD from FreeBSD 4.x without any problems. I converted an 
extra freebsd partition to OpenBSD (use sysinstall to change the partition 
type to 166) and rebooted. Then I installed OpenBSD on it. I've never 
accessed FreeBSD from OpenBSD.

FreeBSD 5.x can mount an OpenBSD partition, but it can only access the first 
slice.
HTH,
Eric Buchanan

El Mon 05 Dec 2005 12:38 pm, escribis:
 Hi,

 I'm using 3.8 GENERIC kernel, and  having problems mounting a FreeBSD
 UFS2 harddisk, is there a way to mount it in OpenBSD or the only way is
 to backup data, reformat in FFS and restore?

 Thanks in advance,
 DS

Re: smtp-vilter with pf integration

[Per-Olov Sjöholm]

On Sunday 04 December 2005 12.02, Marc Balmer wrote:
 smtp-vilter, the flexible and fast email content scanner for sendmail
 based systems, can now interact with the pf packet filter on OpenBSD.

 If a virus, spam or otherwise unwanted content is detected in an email
 message, it can add the sending hosts IP address to a pf table.  You
 can then give this host special treatment...

 In the configuration file, you can add the following statements to
 activate reactions:

 react on [virus|spam|unwanted-content|clean] add to table [tablename]

 Dynamically reconfiguring systems always carry a risk of being abused
 for denial of service attacks, so use with care.

 The code is relatively new and I'd be happy to receive some feedback
 from people using smtp-vilter.

 The code can be downloaded here:
 http://www.etc.msys.ch/sources/smtp-vilter/smtp-vilter-1.2.0.tgz

 I will eventually update the port in -current.

 - Marc Balmer


Nice work.

I will try it a.s.a.p.

And it would be really nice if you had the time to update the port as well.


Regards
/Per-Olov
-- 
GPG keyID: 4DB2 83CE
GPG fingerprint: 45E8 3D0E DE05 B714 D549 45BC CFB4 BBE9 4DB2 83CE

Re: Mounting UFS2 (FreeBSD) partition?

[Martin Schröder]

On 2005-12-05 13:17:54 -0800, Ted Unangst wrote:
 UFS2 is not supported.

Is anybody working on changing that?

Best
Martin
-- 
http://www.tm.oneiros.de

Re: group ownership of /var/mail

[Smith]

Do away with akpop3d altogether.  Use OpenBSD's sendmail and popa3d.  
Install OpenVPN on your OpenBSD server and client computer to connect to 
OpenBSD's default MTA and POP3 server.  This is a much easier and vastly 
more flexible solution.  I use it all the time and only require's me to 
install one single 3rd party application (OpenVPN).  By your route, you 
have to install akpop3d and configure it and then sasl and configure it 
for sending out encrypted email.  By your route, you have to watch not 
only your OpenBSD vulnerabilities but vulnerabilites for akpop3d and 
sasl (or any other 3rd party solution you choose to authenticate your 
smtp connection).  Do it my way and you only have to watch out for 
OpenBSD and OpenVPN vulnerabilities.


J Moore wrote:

... trying to get an errant package (akpop3d) squared away raised the 
following question:


Some othe OSs (Linux-Fedora, and FreeBSD) assign ownership of the 
/var/mail directory to a group named mail; OpenBSD assigns ownership 
of this directory to the group wheel.


Apparently akpop3d needs write access to /var/mail to create a lock file 
for the user's mail spool. akpop3d assumes /var/mail is owned by group 
mail, but allows that to be changed at startup with the -g option.


This leads me to a two-part question:
1. Is there an advantage to assigning group ownership of /var/mail to 
wheel, or was this choice simply arbitrary?


2. To get akpop3d running should I change group ownership of /var/mail 
to mail (rather than giving akpop3d the '-g wheel' option)?


And yes - I did email the port maintainer, but have received no response 
in almost a week.


Thnx,
Jay

Re: Mounting UFS2 (FreeBSD) partition?

[Ted Unangst]

On 12/5/05, Martin Schrvder [EMAIL PROTECTED] wrote:
 On 2005-12-05 13:17:54 -0800, Ted Unangst wrote:
  UFS2 is not supported.

 Is anybody working on changing that?

not that i'm aware of.

Re: Oracle, anyone?

[J.C. Roberts]

On Mon, 5 Dec 2005 14:43:18 -0500 (EST), Joseph C. Bender
[EMAIL PROTECTED] wrote:

On Sun, 4 Dec 2005, J.C. Roberts wrote:

 On Sun, 4 Dec 2005 21:57:15 -0700, Josh Tolley [EMAIL PROTECTED]

 If someone has a viable need of Oracle products, it's in their best
 interest to get it running on OpenBSD.

Why?

Going off into unsupported territory where there's probably 10 other 
shops in the world doing the same thing (i.e. lack of community) will mean 
chasing down lots and lots of issues yourself with very few resources to 
turn to.


Communities often start with one idea and one person willing to do some
work. If everyone based their decision on whether or not there are other
people out there with similar interests and effort, new things would
never be started.

Sure, you're right that many people are primarily interested in getting
supposed support from Oracle but forcibly drop kicking Oracle software 
onto OpenBSD will most likely allow you to find a lot of Oracle bugs.

   Or a lot of Linux emulation bugs.  Or bugs in the linux lib 
packages triggered by the kernel emulation.

Linux emulation + non-native libs + lack of documented issues = lots of 
variables that are going to make it a royal pain to troubleshoot problems.


You certainly have a valid point when it comes to doing useful
production work with Oracle on OpenBSD but from what you've written, it
seems like you do not value the bug finding process all that much. My
opinion is the exact opposite; the main reason for attempting such a
configuration *_is_* to find the bugs and hopefully fix them. Sure,
you're right it's a royal pain, but if no one does the work, it never
gets done.

If you've got enough $ for Oracle Inc to think you're important, they
might actually consider fixing the bugs you report.

   If you've got that much cash to persuade them to do that, you 
might as well go whole-hog and have them do a native port.  And if you 
have that much cash, you're probably looking at running Oracle on 
$very_large_hardware that OpenBSD doesn't support yet.


Yep, you're totally right on the above. If your only goal is putting
Oracle on OpenBSD in production and you have the money to pay for all
the work, then you can probably make it happen.

 If Oracle software is too broken to run properly on OpenBSD and Oracle
 refuses to fix their bugs (i.e. failure to actually support their
 products), then you might want to reconsider your choice of software to
 see if there are other alternatives available.

   If there's no native port, there is no running properly, period. 
Even if their software was buggy, how can Oracle be reasonably expected to 
fix bugs on a system that is more or less rigged with the software 
equivalent of duct tape and baling wire?


When you're starting off, duct tape and bailing wire are your best
friends mainly because there is no other way to get going. You can kind
of think of it as boot strapping. It's not going to happen over night or
anytime soon. 

As for expecting anything from Oracle, well, even if *you* are
convinced it is in their best interest to fix their bugs, it doesn't
mean the decision makers at the company will be convinced. The most you
can do is document your setup and findings so others can repeat your
tests.

In a nutshell, it comes down to your goals and your time frame. If you
want the Oracle code you run to be more reliable, robust and secure on
$very_large_hardware that OpenBSD doesn't support yet just using
OpenBSD to find some bugs could be a worthwhile experiment even if you
never actually use OBSD/Oracle in production.

A lot of companies would consider such efforts to be a waste of
time/money but as you can see by this thread, there are some people who
think the task might be a fun or interesting hack... -You can view it as
the difference between those people who follow the warning on the
sticker Warranty Void If Removed and those people who are more
interested in learning what can be learned.

That being said, if OpenBSD is a requirement, then change the database to 
something nice and not so bloated like PostGres.  Then at least it'll 
native compile.

Yes. And I think we will both agree the decision of what to use in
production really comes down to the requirements. On the other hand, I
think if a company really values the data they store in their production
Oracle db's, financing a bit of experimentation to find/fix bugs is in
the best interest of company long term.

I think the best way you could understand my view on the whole
Oracle/OBSD thing is by analogy...

The OpenBSD port to the SGI-O2 platform has been ongoing for some time
and even after almost 2 years of work, the port is still incomplete
since we don't have an X server. None the less, the O2 porting effort
has allowed new types and classes of bugs to be found mainly because the
bugs have not shown up on other architectures. Fixing the newly
discovered bugs benefits all the supported architectures. Since you
don't have 

Re: Can't get VM_UVMEXP: Cannot allocate memory 3.8 GENERIC

[Nick Holland]

Thomas Bvrnert wrote:
 Hi List,
 
 i've a problem with 3.8
 
 systat vm
 
 shows this error above and no memory values ...
 
 BUT:
 
 if i'm using the original kernel from the 3.8 cd
 that it works without this error.
 
 BUT:
 
 if i build the 3.8 GENERIC kernel by myself without
 any changes pf the GENERIC config, then the error appears.
 
 With 3.7 or older no problem.
 
 Whats the difference between the builded 3.8 GENERIC
 kernel on CD and the GENERIC config on the original
 source CD ?

Due to lack of details, I'm going to make a quick guess that you mixed a
-current kernel with a -release userland.  Don't do that.

See FAQ 5 for more info.

Nick.

Re: Oracle, anyone?

[Sean Comeau]

On Sun, Dec 04, 2005 at 09:49:21PM +, Frank Parsons wrote:
 Has anyone got Oracle 10g working on OpenBSD 3.8?
 
 What is the general consensus of running Oracle on OpenBSD?
 

Don't bother.

Run it on Linux instead, and make sure you use the distro Oracle approves
of or expect things to break. (whatever that is this week)

In my expereince it runs better on Solaris than anything else because there 
is only one Solaris distribution to choose. Since this isn't an Oracle
list I'm not going to get into the technical reasons why this is so 
important. 

You might also try postgres since it does almost everything Oracle does
and in a lot of ways it sucks less. And it runs great on OpenBSD.

Re: Oracle, anyone?

[Joseph C. Bender]

On Mon, 5 Dec 2005, J.C. Roberts wrote:


You certainly have a valid point when it comes to doing useful
production work with Oracle on OpenBSD but from what you've written, it
seems like you do not value the bug finding process all that much.

	You could not be more wrong.  Do *not* presume that you may 
assume what I do or do not value.


I just got done rewriting a bunch of the logging code in tinyproxy because 
the bug in that case happened to be extremely verbose logging because 
the original writers didn't understand using the software in a 1000+ user 
environment.




My
opinion is the exact opposite; the main reason for attempting such a
configuration *_is_* to find the bugs and hopefully fix them. Sure,
you're right it's a royal pain, but if no one does the work, it never
gets done.

	Yes, but there's fixing bugs you can get at, and there's the 
banging of one's head against a brick wall created from running a closed 
source package in an *emulated* environment.



When you're starting off, duct tape and bailing wire are your best
friends mainly because there is no other way to get going. You can kind
of think of it as boot strapping. It's not going to happen over night or
anytime soon.

	You're not getting it.  It's not bootstrapping, it's a gross, 
ugly, nasty hack.  This is not making a port work, this is kludging 
something into functioning when a much better effort could be made on 
other platforms or by using other database packages.



In a nutshell, it comes down to your goals and your time frame. If you
want the Oracle code you run to be more reliable, robust and secure on
$very_large_hardware that OpenBSD doesn't support yet just using
OpenBSD to find some bugs could be a worthwhile experiment even if you
never actually use OBSD/Oracle in production.



This only works for a native port!  You're not running Oracle on OpenBSD, 
you're running Oracle on what Oracle thinks is some wierd LINUX.



A lot of companies would consider such efforts to be a waste of
time/money but as you can see by this thread, there are some people who
think the task might be a fun or interesting hack... -You can view it as
the difference between those people who follow the warning on the
sticker Warranty Void If Removed and those people who are more
interested in learning what can be learned.

	And some people think drilling holes in their head leads to some 
deep inner wisdom.  This does not make it a good idea.  If someone wants 
to use *linux emulation* to run Oracle on OpenBSD and think it's doing 
some good, they can go right ahead.


I've been there and done that with trying to hack evil crap into 
working in places it shouldn't, and all I've learned is that it leads 
to nothing but a ton of pain.  Some people need object lessons in said 
pain before it sinks in.  Their call, I guess.  I'd rather work on 
something more useful or interesting.



Yes. And I think we will both agree the decision of what to use in
production really comes down to the requirements. On the other hand, I
think if a company really values the data they store in their production
Oracle db's, financing a bit of experimentation to find/fix bugs is in
the best interest of company long term.

	Again, you think this will lead to bugfixes.  I marvel at your raw 
idealism.



I think the best way you could understand my view on the whole
Oracle/OBSD thing is by analogy...

The OpenBSD port to the SGI-O2 platform has been ongoing for some time
and even after almost 2 years of work, the port is still incomplete
since we don't have an X server. None the less, the O2 porting effort
has allowed new types and classes of bugs to be found mainly because the
bugs have not shown up on other architectures. Fixing the newly
discovered bugs benefits all the supported architectures. Since you
don't have X, you can't use your O2 as a production desktop yet but
the porting effort has still been beneficial to the project as a whole,
including all the folks who only use other archs.


Your analogy is flawed.

The discovered bugs are actively used by the OpenBSD devs to fix.  As you 
yourself have even asserted, there's a pretty good chance that Oracle 
would probably ignore the bug reports, and given that it'd be coming from 
an environment that is nowhere near the intended platforms that they coded 
for, I wouldn't blame them.


--
Signing off,

Joseph C. Bender
[EMAIL PROTECTED]
Does the government fear us?  Or do we fear the government?  When the 
people fear the government, tyranny has found victory. The federal 
government is our servant, not our master.  ---Thomas Jefferson

*STUPID* IPSEC Routing Bug - No Default Gateway?!

[Brian A. Seklecki]

All:

I'm CC'ing everyone who has previously posted the destination host 
unreachable behavior when setting up a generic 4-host IPSec VPN tunnel 
config per the template in vpn(8) / isakmpd.conf(5).


NOTE: This is not the I can't ping the other side of the tunnel from the 
remote gateway because I forgot to specify the source IP flag to ping(8) 
bug.


In the template, gateway A and B share a WAN circuit, normally an 
ethernet segment (a /30 for example).  Each has a CIDR of RFC1918 Space on 
a second interface (a /24 for example)


The tunnel(s) comes up, netstat -rn -f encap shows the ipsec routes, 
ipsecadm(8) shows the flows.


However:

If gateway A sends an ICMP packet using ping(8)'s -I with a source 
address of the private subnet on its second interface to the IP on the 
private/second interface on gateway B, the packet gets properly 
encapsualted and transmitted per pflog0.


However, if the destination of the ICMP ping is an IP in the subnet 
assigned to the Ethernet segment on Gateway B's private/second interface, 
the packet:

- crosses the tunnel
- leaves the private interface, hits host X
- host X returns the packet to Gateway B
- Gateway B drops the packet, and returns Host X an ICMP host 
unreachable for Gateway A 


As crazy as that sounds, it happens?

And after hours of troubleshooting, the problem turns out to be??!?!

[*drumroll*]

OpenBSD requires that gateway A and gateway B have a default route 
declared


*EVEN THOUGH ONE IS NOT REQUIRED IN THE LAB CONFIGURATION*

1) If gateway A and gateway B have WAN interfaces on an ethernet segment 
such as a /30, they know the route to their respective WAN networks via 
directly connected route.


2) isakmpd/ipsec traffic can flow across that WAN network with no 
addtional routing assistance.


3) Once the phase 2 negotiation is complete, both boxes know a new special 
ipsec route for a /24 via the ipsec peer.


4) TRAFFIC EGRESSING THE TUNNEL MUST HAVE A SOURCE ADDRESS THAT MATCHES 
THE ACL.


So why in the world would a default gateway be required?  A default 
gateway is only required to reach subnets for which routes do not exist.


Try it.  :}

This is the second time I've been bitten by these psuedo routes .

See PR 4314/system.

~BAS

two bridges setup

[man Chan]

Hello,
  
  I  have the following  hardware setup and would like to  know  is it possible 
 to setup  two  bridges  .  Thanks for your effort.
  
  obsd-3.8 stable (APs)
  |__ rl0
  |__ral0
  |__wi0
  
  clarence
  

___
 kxS
O - Yahoo! Messenger
 MKcDc]SPIOW#,Dc5DEsSQHT?IRTAtOBS
O=oDc#,.DcIOWrMD\A4?45=#,HN:NUfT6SW_J'!#
  http://messenger.yahoo.com.hk 

Posible bug in bktr(4) man pages

[Ramiro Aceves]

Hello.

I have found something that I think it could be a man page bug. I have
installed OpenBSD 3.8/i386 release from official CDROM and I am very
happy with it. I have installed most of the software I use under Linux
(I am writting from Linux now cause I have not configured thunderbird yet).

The system does not recognize my TV CARD tuner type out of the box, and
xawtv does not work. As I did not know if it was possible to configure
TV CARD with config(8), I tried to compile a kernel, so I started to
read the man pages.

bktr(4) man page states the following for setting the card type in the
kernel config file:

option BKTR_OVERRIDE_CARD=nnn
   Select a specific card (overrides autodetection).  `nnn'
is set
   to one of the names listed and explained below.

   ASKEY_DYNALINK_MAGIC_TVIEWAskey/Dynalink Magic TView
   AVER_MEDIAAverMedia

and so on.



# I have added this to GENERIC.CUSTOM:
option BKTR_SYSTEM_DEFAULT=BROOKTREE_PAL
option BKTR_OVERRIDE_CARD=ASKEY_DYNALINK_MAGIC_TVIEW
option BKTR_OVERRIDE_TUNER=PHILIPS_FR1216_PAL



as stated in the man page.

After some minutes of compiling, compilation fails and complains that
ASKEY_DYNALINK_MAGIC_TVIEW is not defined (or something like that, I do not
remember it exactly).


Searching for clues on /usr/src/sys, I found
/usr/src/sys/dev/pci/bktr/bktr_card.h
file, with the following macro definitions (among others):


#define CARD_IO_GV  9
#define CARD_FLYVIDEO   10
#define CARD_ZOLTRIX11
#define CARD_KISS   12
#define CARD_VIDEO_HIGHWAY_XTREME   13
#define CARD_ASKEY_DYNALINK_MAGIC_TVIEW 14
#define CARD_LEADTEK15
#define CARD_TERRATVPLUS16
#define CARD_TVWONDER   17


So, I had to add a CARD in front of the card type. I changed my
GENERIC.CUSTOM kernel config file like this:



option BKTR_SYSTEM_DEFAULT=BROOKTREE_PAL
option BKTR_OVERRIDE_CARD=CARD_ASKEY_DYNALINK_MAGIC_TVIEW
option BKTR_OVERRIDE_TUNER=PHILIPS_FR1216_PAL



I compiled again the kernel and booted with the new one. Now I can watch
TV with xawtv fine. :-)

Should I fill a bug report?

Thank you very much for everybody and for the developers who make this
amazing OS.

Thanks in advance.

Ramiro.