Re: Hardware RNG speed
On Mon, 19 Dec 2005, Theo de Raadt wrote: Until you can justify actual real scientific reasons why you cannot use it, I think you should use arc4random(). And I am entirely serious. The entire idea in OpenBSD is to have many consumers, as this strengthens the source. Thanks for your comments, but I will attempt to justify why I cannot use arc4random() or /dev/arandom. I'm working on Professor Rabin's HyperEncryption project. The goal is to create a system for distributing random numbers to form one-time pads such that even an adversary who can break whatever crypto you happen to have devised is stopped by other limitations, such as limited storage or limited access to your data lines (that is, you have several links and the adversary can monitor some but not all of them). The idea is to offer a system which is cheaper and more flexible than quantum cryptography, but almost as secure (i.e. perfectly, information-theoretically secure with very high probability in the ideal case, requiring more assumptions for this ideal case than quantum cryptography, but not requiring a short, private, dedicated fiber-optic line and $50k worth of hardware on either end). Obviously, within these design goals, truly random numbers are necessary, because a computationally unbounded opponent can break arc4random(). Such an adversary can break other things, too, so we'll have to do a whole bunch of other things (turning off SYN cookies comes to mind), but the random numbers are a more immediate design parameter. Now, the project isn't in production or anything yet; we have some prototypes are exploring their design spaces, but a very important parameter is the cost and data rate of commercially available high-quality random number generators, and their software support under various operating systems. Under a limited-access model, the rate is not too important (while it adds to the amount of data that can be transmitted and marginally to its security, it is not essential that the data rate be very high), but 200B/s is still probably too slow. An important security and maintenance feature of this system will be whether it can be engineered cleanly. OpenBSD is considered a relatively secure OS, has a wide variety of hardware random number generator support, and perhaps most importantly is relatively easy to configure minimally on embedded hardware. So, we're very interested in supporting it, particularly on embedded hardware, but we need to know what kind of random number generators work on it at an acceptable rate. It looks like this will probably mean the VIA C3 or C7, but we'd like to give Hifn cards a shot. Also, given the terrible performance of the Hifn card, it's not clear that even the VIA C7 would be faster or whether the drivers are the rate-limiting step, which is why I'm asking for clarification here. I could, of course, write a VIA-specific user-mode RNG driver because their chips allow that. This is a strong draw to VIA, but OS support would be preferable. @Jason Crawford, we have considered and even prototyped sound-card-based solutions (mostly involving running a simple radio noise source into the microphone port, which is likely to have less pure-tone noise than your suggestion), and while they aren't out of the running yet they have two important problems. First, it will be more difficult to determine whether the output of this system is sufficiently random. We can run FIPS tests in real time at the rates we're dealing with, but the audio system will almost certainly not pass this or even come close. Massaging the data into a form which is both white and sufficiently simple that a breakdown will be detected is rather difficult. On the other hand, most hardware RNGs create noise with only very local biases (in raw mode) which should be easier to filter out without hiding breakages. Second, most embedded boards do not have sound cards, an almost none have microphones. Thanks a lot, Mike Hamburg
Re: disklabel and ext3 partitions on amd64
On Mon, Dec 19, 2005 at 12:00:52PM +, Simon Morgan wrote: On 18/12/05, steven mestdagh [EMAIL PROTECTED] wrote: I see the same happening on 3.8-release vs. 3.8-current on i386 for systems with foreign filesystems. Not sure why. Think it could be a bug? this change in behavior is caused by sys/arch/amd64/amd64/disksubr.c v 1.4 sys/arch/i386/i386/disksubr.c v 1.46 because the context is gone, here is the OP's problem summarized: 'D' in the disklabel editor now wipes everything except the 'c' partition, whereas it used to leave 'c', a modified 'a', and foreign filesystem ( 'i') partitions in place. maybe someone can comment on this? -- steven Disclaimer: http://www.kuleuven.be/cwis/email_disclaimer.htm
OpenBSD 3.8 and slapd 2.0.27
Hi all, I am learning to install and configure slapd on OpenBSD 3.8. Followed the installation howto (http://www.openbsdsupport.org/qmail-ldap-OpenBSD.html#2.0) but here is what I get when I run slapd -d -1 SNIP line 10 (include/etc/openldap/schema/krb5-kdc.schema) could not open config file /etc/openldap/schema/krb5-kdc.schema: No such file or directory (2) slapd shutdown: freeing system resources. slapd stopped. Hmm, apparently krb5-kdc.schema is notpresent in my system. How can this be? What should I install? Any pointers? Thanks, Yance
Re: MN-520 802.11b wireless PCMCIA card not found in -CURRENT on AMD Sempron?
On Mon, Dec 19, 2005 at 10:57:44PM -0600, C. Bensend wrote: Hey folks, I've never been lucky enough to actually own my own laptop until yesterday, when a friend pointed me at a special at Staples. I picked up a Compaq Presario V2405US (AMD Sempron) for a pretty good price. Yes, I know, Compaq and Staples, fear. But for $500, I can cope. I installed Saturday's snapshot, crossing my fingers and hoping the magical 802.11b/g fairy would grace me and it would recognize the built-in wireless. Alas, it's a Broadcom BCM4318. That's OK, I didn't expect the one that's built in to work. Stupid Broadcom. However, I was a little surprised when my Microsoft MN-520 PCMCIA adapter isn't found. This is the same physical adapter that works great with my work laptop (a straight Pentium-M Dell). It's this one, and works flawlessly with my D600: http://marc.theaimsgroup.com/?l=openbsd-miscm=109286218613735w=2 So, here is the dmesg from the new laptop, running Saturday's snapshot (pardon any funkiness from cut-n-paste): OpenBSD 3.8-current (GENERIC) #320: Sat Dec 17 10:09:10 MST 2005 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Mobile AMD Sempron(tm) Processor 3000+ (AuthenticAMD 686-class, 128KB L2 cache) 1.80 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CF LUSH,MMX,FXSR,SSE,SSE2,SSE3 cpu0: AMD Powernow: TS FID VID TTP TM STC cpu0: AMD PowerNow! K8 available states (35400,70700,79500) real mem = 233349120 (227880K) avail mem = 206016512 (201188K) using 2874 buffers containing 11771904 bytes (11496K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(51) BIOS, date 08/04/05, BIOS32 rev. 0 @ 0xfd660 pcibios0 at bios0: rev 2.1 @ 0xfd660/0x9a0 pcibios0: PCI BIOS has 10 Interrupt Routing table entries pcibios0: no compatible PCI ICU found pcibios0: Warning, unable to fix up PCI interrupt routing pcibios0: PCI bus #3 is the last bus bios0: ROM list: 0xc/0x1 0xd/0x1000 0xdc000/0x4000! 0xe/0x4000! ATI IXP PCI interrupt quirks aren't known. I went looking for documentation on the ATI chipsets some time ago but couldn't find any. cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 ATI RS480 Host rev 0x01 ppb0 at pci0 dev 1 function 0 ATI RS480 PCIE rev 0x00 pci1 at ppb0 bus 1 ... cbb0 at pci2 dev 9 function 0 Texas Instruments PCI7XX1 CardBus rev 0x00pci_in tr_map: no mapping for pin A : couldn't map interrupt The CardBus slot can not be used as interrupt routing is busted in ways not apparent without documentation. So, no wireless as of right now. But I am curious to know why the same card works fine in my Dell, but not in my Presario. Would I be lucky enough that it would be a quick fix? Depends if you can find documentation on the ATI chipset the laptop is based on...
Re: MN-520 802.11b wireless PCMCIA card not found in -CURRENT on AMD Sempron? ScanMail has blocked your mail due to a mail policy.
[EMAIL PROTECTED] Reason the mail was blocked: Scanned by ScanMail for Lotus Notes 2.6 SP1 with scanengine 7.510-1002 and pattern version 3.115.00
pid of last started process
Sorry, may be I've written in wrong place, but what variable contained pid of last started process from this shell (script) in ksh?
Re: pid of last started process
Dimaz, #!/bin/ksh somecommand echo PID of last backgrounded command is $! Read the manual for more info. Andreas On 20/12/05, dMITRIJ lEBEDX [EMAIL PROTECTED] wrote: Sorry, may be I've written in wrong place, but what variable contained pid of last started process from this shell (script) in ksh? -- Andreas Kahari
Re: VPN: solutions that interoperate with win xp
i have also setup openvpn, which works great for me from home, and i have been able to successfully get this working. however, one of the users that connects to my VPN is having problems making openvpn and his kerio firewall play nice, and a working openvpn configuration cannot survive a reboot due to win xp being such a great OS. I would definately stick with the openvpn solution. It's simplier to implement, and i didn't understood the part that the configuration cannot survive a reboot. Is this a problem on the user side? If it is, the same potential to damage the openvpn setup, could be used to dmage the ipsec setup. The same problem probably won't affect ipsec, since there's no extra network interface involved there. http://openvpn.se/xpsp2_problem.html Yes, that's another advantage, it use only ONE port, and is NAT friendly. This is no different to ipsec nat-t. There are both advantages and disadvantages with ipsec, openvpn, and openssh tun-forwarding. Use what fits best for the job...
Re: VPN: solutions that interoperate with win xp
Stuart Henderson wrote: The same problem probably won't affect ipsec, since there's no extra network interface involved there. http://openvpn.se/xpsp2_problem.html I meant that if one user can misconfigure the openvpn setup, he or she have the same potential to misconfigure the ipsec setup. This is no different to ipsec nat-t. There are both advantages and disadvantages with ipsec, openvpn, and openssh tun-forwarding. Use what fits best for the job... I see one difference: AFAIK when you are using ipsec with nat-t, you have to give up some of the protection that the AH gives to you, and you stay only with the full ESP protection. With openvpn, you use the tls-auth directive and have the same level of protection that AH provides you. Implementing and keeping IPSEC solution is far more comples than a openvpn solution, so i would definately try the openvpn solution. My regards, -- Giancarlo Razzolini Linux User 172199 Moleque Sem Conteudo Numero #002 Slackware Current Snike Tecnologia em Informatica 4386 2A6F FFD4 4D5F 5842 6EA0 7ABE BBAB 9C0E 6B85
Re: pfsync/carp via 2 ISP's
Stoyan Genov wrote: Joachim Schipper wrote: On Tue, Nov 29, 2005 at 10:31:03AM +0100, David Coppa wrote: On 11/29/05, Joachim Schipper wrote: Why don't you just put a switch in front of the two firewalls, and then do CARP (for firewall failover) plus some smart routing tricks (for ISP failover - search the archives, I forgot the proper keywords)? pf route-to? Hmm, wouldn't that require some additional scripting? Would work, though... We have this running for several months. Setup is the following (sorry, no time for ascii art): *) 2 x obsd37/i386 boxes, 4 NICs each *) each box connects to both ISPs *) each box connects to internal LAN *) the two boxes are interconnected for pfsync purposes with a dedicated crossover ethernet cable *) CARPed on the inside is the LAN gateway IP address *) CARPed on the outside are IPs for a couple of pub services *) each box has it's own IP on the inside and the outside (so, 4 IPs used on the outside -- each ISP, each box) *) pf.conf on both boxes is identical; they differ in the default route (master box defaults through master ISP, backup box defaults through backup ISP (we want to use also the backup ISP through the backup box when everything is OK) *) upon becoming a master, a box would change its gateway through the master ISP, plus starting a couple of services *) upon becoming a backup, a box would change its gateway through the backup ISP, plus stopping a couple of services *) upon unavailability of its default ISP (cron+ping checks) each box would change default gateway to the other ISP An over-simplified pf.conf would look roughly like this: # nat on both interfaces; default route will choose which exactly nat on $if_isp1 from $net_int to $net_int_not - $if_isp1:0 nat on $if_isp2 from $net_int to $net_int_not - $if_isp2:0 block log all pass proto carp all pass on $if_loc all pass in on $if_int from $net_int to any pass out on $if_int from any to $net_int # pass from my IPs to everywhere rules # left as an exercise for the reader pass on $if_pfsync proto $pfsync_protos from $pfsync_peers \ to $pfsync_peers # NO KEEP STATE HERE pass on $if_isp1 proto $pub_serv_proto from any to $pub_serv_IP_on_isp1 pass on $if_isp2 proto $pub_serv_proto from any to $pub_serv_IP_on_isp2 # also, pub IPs are CARPed # KEEP THE STATE HERE # FOR PUB SERVICE, IT'S THE *RESPONSE* THAT CREATES A STATE pass out route-to ($if_isp1 $gw_isp1) from $net_isp1 to $net_isp1_not \ modulate state pass out route-to ($if_isp2 $gw_isp2) from $net_isp2 to $net_isp2_not \ modulate state I probably forget some minor but important details. I wish I could get an AS and use BGP to route through both ISPs. Best Regards, Stoyan Genov I am having some problems with a similar setup based on http://www.monkey.org/openbsd/archive/misc/0409/msg02994.html, but with CARP layers in front of the int/ext interfaces. Have you tried using packet tagging and decided it would not work? -- Sent from the openbsd user - misc forum at Nabble.com: http://www.nabble.com/pfsync-carp-via-2-ISP%27s-t632647.html#a2027119
Re: MN-520 802.11b wireless PCMCIA card not found in -CURRENT on AMD Sempron?
The CardBus slot can not be used as interrupt routing is busted in ways not apparent without documentation. ... Depends if you can find documentation on the ATI chipset the laptop is based on... Doh. I figured it was going to be something like that. I'll do some searching, but if you've already tried, I'm not too optomistic. Thanks for the explaination, Jonathan. Benny -- As a general rule, don't solve puzzles that open portals to Hell. - Unknown
Re: pf and two ADSL links
On Tue, Dec 20, 2005 at 02:40:28AM +, pedro la peu wrote: all UK ADSL is operated by them, with the minor exception of LLU. What? AFAIK there is only one UK operator unbundling for ADSL, in some southern exchanges (eg London there abouts). What? I can see from whois that you have some connection with the UK, as do some of the other posters on this thread. Therefore, if you don't know what LLU and unbundling are, I can only assume that you are a dialup windows user who is posting on the wrong mailing list. I've seen it often enough where [...] a JCB has dug though the footpath and taken the lot out There are cheap enough alternatives. Look to different media alltogether for HA. Don't exclude the cheap, predictable thing right under your nose. This is all fine for messing about at home or in a small style, no SLA business. It's better than you think. Ignorance is bliss, until the shit hits the fan. When an ADSL is faulted to BT via eCo once a fault has been detected though Woosh, the GPMS case will sit in the diagnostics queue for 48 hours before it is even looked at. Then resolution will typically take another 3-5 days. BS. Shame on you. I work for an ISP, you obviously are just a user.
BGPD on FreeBSD
Hi list May be a little bit OT - but are there any users with experiences in using OpenBGPD on FreeBSD? I have some strange problems here. Setup is OpenBGPD 3.7 on FreeBSD 6-RELEASE. Just a basic config with one transit and one iBGP session with some standard filters (check prefixlen and rfc1918 networks) works fine. But as soon as we add more peers and filters, the bgpd daemon dies regularly with different messages: E.g. fatal in RDE: nexthop_cmp: unknown af dispatch_imsg in main: pipe closed - This should not happen (the code could not compare either Inet4 or Inet6)?!? We also have entries in /var/log/messages like these: exited on signal 6 I can provide more information (config file, etc.) if needed. Please contact me directly if this topic does not fit into this list. Regards, Reto
cruft?
I hit a panic while doing make build on the Alpha PSW-433. My uneducated guess is that I somehow managed to leave cruft in my -STABLE tree when I moved it over from an i386 box. I did all the expected cleaning (make clean and rm -rf /usr/obj/*) and I tried to repeat the problem a second time while running over serial (to save myself from typing it all the ps and trace output again) but on the second try, make build worked perfectly. The only thing I can think of doing is running make build a few more times and see what shows up but that's a less than scientific approach. I want to know if I'm dealing with flaky hardware or if I managed to cruft myself. -Is there an easy way to identify cruft problems? Output for trace, ps and dmesg.boot are below. Thanks, JCR cc -O2 -pipe -I/usr/src/lib/libmenu -I/usr/src/lib/libmenu/../libcurses -DHAVE_CONFIG_H -c /usr/src/lib/libmenu/m_win.c -o m_win.o panic:trap Stopped at Debugger+0x4:retzero,(ra) RUN AT LEAST 'trace' AND 'ps' AND INCLUDE OUTPUT WHEN REPORTING THIS PANIC! DON NOT EVEN BOTHER REPORTING THIS WITHOUT INCLUDING THAT INFORMATION! ddb ps PIDPPIDPGRP UID SFLAGS WAITCOMMAND *10545427555350 3 0x4006 biowait ld 4275 2798955350 3 0x4086 wait make 27989127455350 3 0x86 pausesh 1274 2610955350 3 0x4086 pausesh 26109560755350 3 0x4086 wait make 5607 22755350 3 0x4086 pausesh 227 1 2270 3 0x4086 wait ksh 20897 1 208790 3 0x84 select cron 19219 1 192190 3 0x40184 select sendmail 24576 1 245760 3 0x84 select sshd 29076 1 290760 30x184 select inetd 12040 11304 11304 73 30x184 poll syslogd 11304 1 113040 3 0x84 netiosyslogd 8 0 00 3 0x100204 crypto_wacrypto 7 0 00 3 0x100204 aiodoned aiodoned 6 0 00 2 0x100204 update 5 0 00 3 0x100204 cleaner cleaner 4 0 00 3 0x100204 reaper reaper 3 0 00 3 0x100204 pgdaemon pgdaemon 2 0 00 3 0x100204 pftm pfpurge 1 0 10 3 0x4084 wait init 0 -1 00 3 0x80204 schedulerswapper ddb trace Debugger(6, fc787758, 2d, 0, 2, fc8248a8) at Debugger+0x4 panic(fc766e74, 1, 1, 2, fe001226b7c0, fc827a70) at panic+0x130 trap(?, ?, 1, 2, fe001226b7c0, fc827a70) at trap+0x51c XentMM(?, ?, 1, 2, ?, fe001226b7c0) at XentMM+0x20 pmap_activate(?, ?, fc7064ed, 0, 0, fc827a70) at pmap_activate+0xdc cpu_switch(?, ?, fc7064ed, 0, 0, fc827a70) at cpu_switch+0xfc cpu_switch(?, ?, fc7064ed, 0, 0, fc827a70) at cpu_switch+0xfc cpu_switch(?, ?, fc7064ed, 0, 0, fc827a70) at cpu_switch+0xfc cpu_switch(?, ?, fc7064ed, 0, 0, fc827a70) at cpu_switch+0xfc cpu_switch(?, ?, fc7064ed, 0, 0, fc827a70) at cpu_switch+0xfc cpu_switch(?, ?, fc7064ed, 0, 0, fc827a70) at cpu_switch+0xfc cpu_switch(?, ?, fc7064ed, 0, 0, fc827a70) at cpu_switch+0xfc cpu_switch(?, ?, fc7064ed, 0, 0, fc827a70) at cpu_switch+0xfc cpu_switch(?, ?, fc7064ed, 0, 0, fc827a70) at cpu_switch+0xfc cpu_switch(?, ?, fc7064ed, 0, 0, fc827a70) at cpu_switch+0xfc cpu_switch(?, ?, fc7064ed, 0, 0, fc827a70) at cpu_switch+0xfc cpu_switch(?, ?, fc7064ed, 0, 0, fc827a70) at cpu_switch+0xfc cpu_switch(?, ?, fc7064ed, 0, 0, fc827a70) at cpu_switch+0xfc cpu_switch(?, ?, fc7064ed, 0, 0, fc827a70) at cpu_switch+0xfc cpu_switch(?, ?, fc7064ed, 0, 0, fc827a70) at cpu_switch+0xfc cpu_switch(?, ?, fc7064ed, 0, 0, fc827a70) at cpu_switch+0xfc cpu_switch(?, ?, fc7064ed, 0, 0, fc827a70) at cpu_switch+0xfc cpu_switch(?, ?, fc7064ed, 0, 0, fc827a70) at cpu_switch+0xfc cpu_switch(?, ?, fc7064ed, 0, 0, fc827a70) at cpu_switch+0xfc cpu_switch(?, ?, fc7064ed, 0, 0, fc827a70) at cpu_switch+0xfc cpu_switch(?, ?, fc7064ed, 0, 0, fc827a70) at cpu_switch+0xfc cpu_switch(?, ?, fc7064ed, 0, 0, fc827a70) at cpu_switch+0xfc cpu_switch(?, ?, fc7064ed, 0, 0, fc827a70) at cpu_switch+0xfc cpu_switch(?, ?, fc7064ed, 0, 0, fc827a70) at cpu_switch+0xfc cpu_switch(?, ?, fc7064ed, 0, 0, fc827a70)
Re: cruft?
On Tue, 20 Dec 2005, J.C. Roberts wrote: I hit a panic while doing make build on the Alpha PSW-433. My uneducated guess http://marc.theaimsgroup.com/?t=11082572061r=1w=2 -- [-] mkdir /nonexistent
Re: cruft?
On Tue, 20 Dec 2005 18:28:27 +0100 (CET), Tamas TEVESZ [EMAIL PROTECTED] wrote: On Tue, 20 Dec 2005, J.C. Roberts wrote: I hit a panic while doing make build on the Alpha PSW-433. My uneducated guess http://marc.theaimsgroup.com/?t=11082572061r=1w=2 Thanks Tamas! jcr
src.tar.gz and sys.tar.gz in snapshots?
Hi, Why are not provided the corresponding source files? a resource limit I suppose... Este correo electrsnico y la informacisn contenida en el mismo es de caracter confidencial y esta sometida al secreto profesional, dirigiindose exclusivamente al destinatario mencionado en el encabezamiento, cuyos datos forman parte de un fichero responsabilidad del GRUPO CARRERAS y cuya finalidad es contactar con el titular de los datos a travis del correo electrsnico. Le informamos que cuenta con los derechos de acceso, rectificacisn y cancelacisn, que podra ejercitar mediante el envmo de un e- mail a la siguiente direccion: [EMAIL PROTECTED] Si el receptor de la comunicacisn no fuera el destinatario, le informamos que cualquier divulgacisn, copia, distribucisn o utilizacisn no autorizada de la informacisn contenida en la misma esta prohibida por la legislacisn vigente. http://www.grupocarreras.com
Re: src.tar.gz and sys.tar.gz in snapshots?
On Tue, 20 Dec 2005 18:59:35 +0100, Raul Aldaz wrote Hi, Why are not provided the corresponding source files? a resource limit I suppose... I've found the reasons in the archives, sorry for the noise! Este correo electrsnico y la informacisn contenida en el mismo es de caracter confidencial y esta sometida al secreto profesional, dirigiindose exclusivamente al destinatario mencionado en el encabezamiento, cuyos datos forman parte de un fichero responsabilidad del GRUPO CARRERAS y cuya finalidad es contactar con el titular de los datos a travis del correo electrsnico. Le informamos que cuenta con los derechos de acceso, rectificacisn y cancelacisn, que podra ejercitar mediante el envmo de un e- mail a la siguiente direccion: [EMAIL PROTECTED] Si el receptor de la comunicacisn no fuera el destinatario, le informamos que cualquier divulgacisn, copia, distribucisn o utilizacisn no autorizada de la informacisn contenida en la misma esta prohibida por la legislacisn vigente. http://www.grupocarreras.com
Re: Hardware RNG speed
Hello to the list, ...I set up OpenBSD on a board with a (Soekris) Hifn 7955 accelerator card, but the rate I'm getting by reading out of /dev/srandom is pretty low (200B/s). I am happily using VIA C3s for a project that requires high-quality entropy. In the industry I'm involved in, hardware random is de-rigeur. The VIA C3, using /dev/srandom, gives me somewhere right around 6KB/s. I was hoping for a higher rate, but we just ended up using multiple machines as a network random-number service (also yields fault-tolerance). In doing reading (but not of the acutal code), I remember having the distinct impression that /dev/srandom uses MD5 to cook the actual stream generated by the C3's on-die HRNG. You have to figure that it is compressing the stream. You may wish to look closely at the device driver code. There is quite a bit of very good data about the C3's HRNG available via google. One analysis of this HRNG made it clear that cooking may be redundant, given the right settings in the driver. I made the decision that the developers know what they're up to and left it at that. Hope this is helpful. -- Jack Bates Venice, CA, USA I play Texas Hold'Em at http://www.fulltiltpoker.com
OpenBSD 3.8 PPPoE Broadband Connection Howto
Hi all, I have a new Broadband Internet connection. It uses PPPoE with a username and password to connect to internet. I can connect to Internet with Windows 2003 (easy click and configure) so the DSL Router is working and the username and password is correct. I would like to use OpenBSD 3.8 to connect to Internet with it and not Windows 2003. I read the man pages and FAQ and did accordingly ( I suppose ) and it is not working. Could some one please point out as to what could I have done wrong? Details of my OpenBSD 3.8 system: I have two interfaces rl0 rl1 rl0 has the PPPoE connection and rl1 is connected to the LAN Switch. # ifconfig -a lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 33224 groups: lo inet 127.0.0.1 netmask 0xff00 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6 rl0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:50:fc:7d:4e:50 media: Ethernet autoselect (100baseTX full-duplex) status: active inet6 fe80::250:fcff:fe7d:4e50%rl0 prefixlen 64 scopeid 0x1 rl1: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:08:a1:7b:bf:52 media: Ethernet autoselect (100baseTX full-duplex) status: active inet 172.17.1.1 netmask 0xfff0 broadcast 172.31.255.255 inet6 fe80::208:a1ff:fe7b:bf52%rl1 prefixlen 64 scopeid 0x2 pflog0: flags=141UP,RUNNING,PROMISC mtu 33224 pfsync0: flags=0 mtu 1348 enc0: flags=0 mtu 1536 pppoe0: flags=a851UP,POINTOPOINT,RUNNING,SIMPLEX,LINK1,MULTICAST mtu 1492 dev: rl0 state: session sid: 0x10f1 PADI retries: 1 PADR retries: 0 time: 00:00:06 groups: pppoe egress inet 0.0.0.0 -- 0.0.0.1 netmask 0x inet6 fe80::250:fcff:fe7d:4e50%pppoe0 - prefixlen 64 scopeid 0x7 # cat /etc/sysctl.conf |grep inet.ip.forwarding net.inet.ip.forwarding=1# 1=Permit forwarding (routing) of packets # # cat /etc/mygate cat: /etc/mygate: No such file or directory # # cat /etc/hostname.rl0 up # # cat /etc/hostname.rl1 inet 172.17.1.1 255.240.0.0 NONE # # cat /etc/hostname.pppoe0 pppoedev rl0 !/sbin/ifconfig rl0 up !/usr/sbin/spppcontrol \$if myauthproto=pap [EMAIL PROTECTED] myauthkey=zz !/sbin/ifconfig \$if inet 0.0.0.0 0.0.0.1 netmask 0x !/sbin/route add default 0.0.0.1 link1 up # # cat /etc/pf.conf pass all # route show commands hangs for a long time :-( # route flush default 0.0.0.1 done loopback localhostdone 172.16.1.0 00:11:95:c0:c7:33done BASE-ADDRESS.MCAST.N localhostdone ::/128 localhost.broadband. done ::/128 localhost.broadband. done ::127.0.0.0/128 localhost.broadband. done ::224.0.0.0/128 localhost.broadband. done ::255.0.0.0/128 localhost.broadband. done :::0.0.0.0/128 localhost.broadband. done 2002::/128 localhost.broadband. done 2002:7f00::/128 localhost.broadband. done 2002:e000::/128 localhost.broadband. done 2002:ff00::/128 localhost.broadband. done fe80::/128 localhost.broadband. done fe80::250:fcff:fe7d: 00:50:fc:7d:4e:50done fe80::208:a1ff:fe7b: 00:08:a1:7b:bf:52done fe80::1%lo0 link#6 done fe80::250:fcff:fe7d: link#7 done fec0::/128 localhost.broadband. done # # sh /etc/netstart spppcontrol: SIOCSIFGENERIC(SPPPIOSDEFS): Device busy add net default: gateway 0.0.0.1 # What could be the problem? How do I debug this? Thankyou so much :-) kind regards Siju
Re: src.tar.gz and sys.tar.gz in snapshots?
On Tue, Dec 20, 2005 at 09:36:05PM +0100, Andreas Bihlmaier wrote: On Tue, Dec 20, 2005 at 07:10:02PM +0100, Raul Aldaz wrote: On Tue, 20 Dec 2005 18:59:35 +0100, Raul Aldaz wrote Hi, Why are not provided the corresponding source files? a resource limit I suppose... I've found the reasons in the archives, sorry for the noise! A link to your findings would be very helpful since I couldn't find it! I was wondering about this for a long while as well because the ftp mirror I'm using has them for every snapshot ftp://ftp.freenet.de/pub/ftp.openbsd.org/pub/OpenBSD/ huh? That mirror doesn't seem to be updating at all. There's nothing there that's been updated since 3.8 release. They most certainly do not have source files for every snapshot. As stated sorry for making noice, but I guess I'm using the wrong key words (on marc.) http://www.openbsd.org/faq/faq5.html first article. Nick.
Re: OpenBSD 3.8 PPPoE Broadband Connection Howto
On Wed, Dec 21, 2005 at 02:54:23AM +0530, Siju George wrote: I have two interfaces rl0 rl1 rl0 has the PPPoE connection and rl1 is connected to the LAN Switch. # ifconfig -a lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 33224 groups: lo inet 127.0.0.1 netmask 0xff00 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6 rl0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:50:fc:7d:4e:50 media: Ethernet autoselect (100baseTX full-duplex) status: active inet6 fe80::250:fcff:fe7d:4e50%rl0 prefixlen 64 scopeid 0x1 rl1: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:08:a1:7b:bf:52 media: Ethernet autoselect (100baseTX full-duplex) status: active inet 172.17.1.1 netmask 0xfff0 broadcast 172.31.255.255 inet6 fe80::208:a1ff:fe7b:bf52%rl1 prefixlen 64 scopeid 0x2 pflog0: flags=141UP,RUNNING,PROMISC mtu 33224 pfsync0: flags=0 mtu 1348 enc0: flags=0 mtu 1536 pppoe0: flags=a851UP,POINTOPOINT,RUNNING,SIMPLEX,LINK1,MULTICAST mtu 1492 dev: rl0 state: session sid: 0x10f1 PADI retries: 1 PADR retries: 0 time: 00:00:06 groups: pppoe egress inet 0.0.0.0 -- 0.0.0.1 netmask 0x inet6 fe80::250:fcff:fe7d:4e50%pppoe0 - prefixlen 64 scopeid 0x7 # cat /etc/sysctl.conf |grep inet.ip.forwarding net.inet.ip.forwarding=1# 1=Permit forwarding (routing) of packets # # cat /etc/mygate cat: /etc/mygate: No such file or directory # # cat /etc/hostname.rl0 up you don't need this file, since hostname.pppoe0 effectively brings the interface up # # cat /etc/hostname.rl1 inet 172.17.1.1 255.240.0.0 NONE # # cat /etc/hostname.pppoe0 pppoedev rl0 !/sbin/ifconfig rl0 up !/usr/sbin/spppcontrol \$if myauthproto=pap [EMAIL PROTECTED] myauthkey=zz !/sbin/ifconfig \$if inet 0.0.0.0 0.0.0.1 netmask 0x !/sbin/route add default 0.0.0.1 link1 up are you cut'n'paste here? that is not helpful... - the spppcontrol line should all be on one line: you need a `\' otherwise - try `link1 up' - `up' to debug this - try following the steps in ppp(8). it is easy to set up and debug. it might show some info you are missing. jmc
Re: OpenBSD related wallpaper
On Sun, 18 Dec 2005 23:50:02 -0800 (PST) Viktor Berke [EMAIL PROTECTED] wrote: I've found some nice wallpapers here: http://www.bsdnexus.com/wallpapers.htm Hummm it promotes bad code: http://www.bsdnexus.com/wallpapers/carry_code_single.jpg Should never allocate memory within the function. At worst, pass the pointer to need_coffee and free the pointer after need_coffee returns. I suppose some might say its possible to do that anyway, but it's just bad practise. -- Regards, Ed http://www.usenix.org.uk - http://irc.is-cool.net :%s/Open Source/Free Software/g
Re: OpenBSD 3.8 PPPoE Broadband Connection Howto
On Wed, 21 Dec 2005 02:54:23 +0530, Siju George [EMAIL PROTECTED] wrote: I have a new Broadband Internet connection. It uses PPPoE with a username and password to connect to internet. Hi Siju, You left out a few important details about the service package from your provider. PPPoE is cheap way for providers to prevent people from stealing service (i.e. hooking up their own DSL gear to an abandoned/unused line). I've seen PPPoE used in service packages with a dynamic IP and service packages with a static IP (or a small block of static IP's). At times the service provider will be using DHCP to configure the external interface (often based in the DSL modem/router itself) and other times, they don't offer DHCP and you're expected to configure the interface yourself. Details of the exact kind of service package you have from your provider and occasionally info on the DSL hardware you're using are needed to figure out how things should be set up on your end. Kind Regards, JCR
Re: BGPD on FreeBSD
On Tue, Dec 20, 2005 at 03:53:45PM +0100, Reto Burkhalter wrote: Hi list May be a little bit OT - but are there any users with experiences in using OpenBGPD on FreeBSD? I have some strange problems here. Are you using the FreeBSD port or did you patch OpenBGPD yourself? Setup is OpenBGPD 3.7 on FreeBSD 6-RELEASE. Just a basic config with one transit and one iBGP session with some standard filters (check prefixlen and rfc1918 networks) works fine. But as soon as we add more peers and filters, the bgpd daemon dies regularly with different messages: Could you try a more current version of OpenBGPD? You have to pull it out of the CVS or I can make you a tar ball. E.g. fatal in RDE: nexthop_cmp: unknown af dispatch_imsg in main: pipe closed - This should not happen (the code could not compare either Inet4 or Inet6)?!? I think it is/was a bug hidden somewhere else and the af did not get initialized. We also have entries in /var/log/messages like these: exited on signal 6 Hmm. bgpd does not call abort so that is comming from somewhere else (malloc?). I can provide more information (config file, etc.) if needed. I would like to get the config file, then I can have a look at it. -- :wq Claudio
Re: isakmpd does not enter phase 2
On Tue, 20 Dec 2005, Matthew Closson wrote: matt, all, [Remote-peer-quick-mode] EXCHANGE_TYPE= QUICK_MODE Transforms= QM-ESP-3DES-SHA-SUITE notice the typo (s/Transforms/Suites/ for correct operation) that only became obvious after a healthy dose of sleep. thanks anyway. -- [-] mkdir /nonexistent
OBSD indirect call
Hey folks, i wonder if OpenBSD allows for RPC Indirect (RPC_PROC_CALLIT) call message to be received by means of TCP too, or it is only by UDP? Thanks for your time and cooperation. best regards.
exit and eject should have their second letter in upper-case in cdio(1) help output
Since E is an ambiguous command, one must use either type EJ or EX to eject a cd or otherwise exit cdio, but both have an E shorcut. That's why these two lines must be changed: { CMD_EJECT, eject, 1, } to: { CMD_EJECT, eject, 2, }, { CMD_QUIT, exit, 1, }, to: { CMD_QUIT, exit, 2, }, at http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/cdio/cdio.c Thanks! ;)
Re: OpenBSD 3.8 PPPoE Broadband Connection Howto
Siju George wrote: Hi all, I have a new Broadband Internet connection. It uses PPPoE with a username and password to connect to internet. I can connect to Internet with Windows 2003 (easy click and configure) so the DSL Router is working and the username and password is correct. I would like to use OpenBSD 3.8 to connect to Internet with it and not Windows 2003. Details of my OpenBSD 3.8 system: I have two interfaces rl0 rl1 rl0 has the PPPoE connection and rl1 is connected to the LAN Switch. Not entirely sure that you have to set up PPPoE for rl0. I never did this for the interface connected to my dsl router. All I did was give the interface an ip, set my default gateway to my router's ip, put my isp's nameserver in /etc/resolv.conf and it just worked. I don't know about your router but I can manage mineusing a web browser. That is, I point my web browser to my router and I set all my PPPoE settings through that.
Unexpected Expect timeout in chat script (ppp -auto)
I'm running PPP 3.1 (/usr/sbin/ppp) on OpenBSD 3.7 / i386. Every now and then, I run into a problem in which the chat script stops working in -auto mode: Dec 20 20:45:05 wally ppp[20296]: tun0: Physical: write Dec 20 20:45:05 wally ppp[20296]: tun0: Physical: 41 54 44 54 36 32 33 37 30 37 31 30 32 36 0d ATDT6237071026. Dec 20 20:45:08 wally ppp[20296]: tun0: Chat: Expect(650): CONNECT 115200 Dec 20 20:45:21 wally ppp[20296]: tun0: Chat: Expect timeout Dec 20 20:45:21 wally ppp[20296]: tun0: Warning: Chat script failed Dec 20 20:45:21 wally ppp[20296]: tun0: Phase: deflink: dial - hangup I'm using the following dial commnad: set dial ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 650 \\ AT OK-AT-OK ATM1L1E0Q0 OK \\dATDT\\T CONNECT\\s115200 As I understand TIMEOUT, my machine should be sitting around for up to 650 seconds before it times out. So why is it timing out in 13 seconds? If I go to terminal mode and let the modem connect manually, the rest of the chat script works fine. What key fact am I missing? Many thanks! Andrew Jr. Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com