ospfd: some machines stuck in 2-WAY/OTHER
Hi, in my network, I have five OSPF routers and hosts which learn their routes via OSPF, all in one area. One of the routers is a Cisco, all other affected routers and hosts are OpenBSD/i386 4.1-stable as of May 24th. The problem is that some machines establish an adjacency with some, but not all machines in that area. On 192.168.50.4: $ ospfctl show nei ID Pri StateDeadTime Address Iface Uptime 10.0.0.25 FULL/OTHER 00:00:37 192.168.50.2 fxp0 00:19:04 10.0.0.550 FULL/OTHER 00:00:37 192.168.50.5 fxp0 01w5d17h 10.0.0.650 FULL/DR 00:00:33 192.168.50.6 fxp0 01w5d17h 10.0.0.35 FULL/OTHER 00:00:34 192.168.50.3 fxp0 02w2d12h 10.0.0.110 FULL/OTHER 00:00:34 192.168.50.1 fxp0 01w6d21h On 192.168.50.3: $ ospfctl show nei ID Pri StateDeadTime Address Iface Uptime 10.0.0.25 2-WAY/OTHER 00:00:31 192.168.50.2 fxp1 - 10.0.0.550 2-WAY/OTHER 00:00:31 192.168.50.5 fxp1 - 10.0.0.650 FULL/DR 00:00:38 192.168.50.6 fxp1 01w5d17h 10.0.0.110 2-WAY/OTHER 00:00:39 192.168.50.1 fxp1 - 10.0.0.450 FULL/BCKUP 00:00:39 192.168.50.4 fxp1 02w2d12h On 192.168.50.2: $ ospfctl show nei ID Pri StateDeadTime Address Iface Uptime 10.0.0.550 2-WAY/OTHER 00:00:32 192.168.50.5 dc2 - 10.0.0.110 2-WAY/OTHER 00:00:30 192.168.50.1 dc2 - 10.0.0.450 FULL/BCKUP 00:00:39 192.168.50.4 dc2 00:19:04 10.0.0.35 2-WAY/OTHER 00:00:39 192.168.50.3 dc2 - 10.0.0.650 FULL/DR 00:00:38 192.168.50.6 dc2 00:19:04 The router 192.168.50.1 is the Cisco machine. Restarting the ospfd on one or the other machine has no effect I could determine so far. Any ideas are most welcome! Best, --Toni++
Re: installing jdk-1.5 on 4.1 (i386) error
On 8/20/07, Brian A. Seklecki [EMAIL PROTECTED] wrote: Unexepected EOF ? That means that the download never completed that the file is truncated (which leads to the SHA1 and Size mismatch) Thanks to all who replied. The SHA1 for jdk1.5 in OpenBSD 4.1 is correct. The issue was with downloading xalan-j from http://www.apache.org/dist/xml/xalan-j/. Firefox was terminating the download after 4MB as the connection was being closed by the server. wget picked up the partial content and downloaded the remaining bytes smoothly. I must say that jdk1.5 compilation take a very long time even on a dual-code T60 laptop with 512MB ram. Thanks.
Re: ospfd: some machines stuck in 2-WAY/OTHER
On Mon, Aug 20, 2007 at 12:37:03PM +0200, Toni Mueller wrote: Hi, in my network, I have five OSPF routers and hosts which learn their routes via OSPF, all in one area. One of the routers is a Cisco, all other affected routers and hosts are OpenBSD/i386 4.1-stable as of May 24th. The problem is that some machines establish an adjacency with some, but not all machines in that area. On 192.168.50.4: $ ospfctl show nei ID Pri StateDeadTime Address Iface Uptime 10.0.0.25 FULL/OTHER 00:00:37 192.168.50.2 fxp0 00:19:04 10.0.0.550 FULL/OTHER 00:00:37 192.168.50.5 fxp0 01w5d17h 10.0.0.650 FULL/DR 00:00:33 192.168.50.6 fxp0 01w5d17h 10.0.0.35 FULL/OTHER 00:00:34 192.168.50.3 fxp0 02w2d12h 10.0.0.110 FULL/OTHER 00:00:34 192.168.50.1 fxp0 01w6d21h On 192.168.50.3: $ ospfctl show nei ID Pri StateDeadTime Address Iface Uptime 10.0.0.25 2-WAY/OTHER 00:00:31 192.168.50.2 fxp1 - 10.0.0.550 2-WAY/OTHER 00:00:31 192.168.50.5 fxp1 - 10.0.0.650 FULL/DR 00:00:38 192.168.50.6 fxp1 01w5d17h 10.0.0.110 2-WAY/OTHER 00:00:39 192.168.50.1 fxp1 - 10.0.0.450 FULL/BCKUP 00:00:39 192.168.50.4 fxp1 02w2d12h On 192.168.50.2: $ ospfctl show nei ID Pri StateDeadTime Address Iface Uptime 10.0.0.550 2-WAY/OTHER 00:00:32 192.168.50.5 dc2 - 10.0.0.110 2-WAY/OTHER 00:00:30 192.168.50.1 dc2 - 10.0.0.450 FULL/BCKUP 00:00:39 192.168.50.4 dc2 00:19:04 10.0.0.35 2-WAY/OTHER 00:00:39 192.168.50.3 dc2 - 10.0.0.650 FULL/DR 00:00:38 192.168.50.6 dc2 00:19:04 The router 192.168.50.1 is the Cisco machine. Restarting the ospfd on one or the other machine has no effect I could determine so far. Any ideas are most welcome! This is perfectly fine. Only the DR and BDR routers 10.0.0.6 and 10.0.0.4 will have full connections with all other routers. All others (state OTHER) will remain in 2-WAY (as in we have to way communication but we do not send each other messages). -- :wq Claudio
Re: ospfd: some machines stuck in 2-WAY/OTHER
On Monday 20 August 2007 12:37:03 Toni Mueller wrote: Hi, in my network, I have five OSPF routers and hosts which learn their routes via OSPF, all in one area. One of the routers is a Cisco, all other affected routers and hosts are OpenBSD/i386 4.1-stable as of May 24th. The problem is that some machines establish an adjacency with some, but not all machines in that area. I think you network is just fine. From the output I gather that the three routers all agree that 10.0.0.6 is the DR and that the 10.0.0.4 is the BACKUP. This is 10.0.0.4 - it has FULL with all routers and the DR. On 192.168.50.4: $ ospfctl show nei ID Pri StateDeadTime Address Iface Uptime 10.0.0.25 FULL/OTHER 00:00:37 192.168.50.2 fxp0 00:19:04 10.0.0.550 FULL/OTHER 00:00:37 192.168.50.5 fxp0 01w5d17h 10.0.0.650 FULL/DR 00:00:33 192.168.50.6 fxp0 01w5d17h 10.0.0.35 FULL/OTHER 00:00:34 192.168.50.3 fxp0 02w2d12h 10.0.0.110 FULL/OTHER 00:00:34 192.168.50.1 fxp0 01w6d21h This is just a normal router thus it is FULL with the DR and the BACKUP, ignoring the rest... On 192.168.50.3: $ ospfctl show nei ID Pri StateDeadTime Address Iface Uptime 10.0.0.25 2-WAY/OTHER 00:00:31 192.168.50.2 fxp1 - 10.0.0.550 2-WAY/OTHER 00:00:31 192.168.50.5 fxp1 - 10.0.0.650 FULL/DR 00:00:38 192.168.50.6 fxp1 01w5d17h 10.0.0.110 2-WAY/OTHER 00:00:39 192.168.50.1 fxp1 - 10.0.0.450 FULL/BCKUP 00:00:39 192.168.50.4 fxp1 02w2d12h Another normal router that is FULL with the DR and the BACKUP - ignoring the rest... On 192.168.50.2: $ ospfctl show nei ID Pri StateDeadTime Address Iface Uptime 10.0.0.550 2-WAY/OTHER 00:00:32 192.168.50.5 dc2 - 10.0.0.110 2-WAY/OTHER 00:00:30 192.168.50.1 dc2 - 10.0.0.450 FULL/BCKUP 00:00:39 192.168.50.4 dc2 00:19:04 10.0.0.35 2-WAY/OTHER 00:00:39 192.168.50.3 dc2 - 10.0.0.650 FULL/DR 00:00:38 192.168.50.6 dc2 00:19:04 The router 192.168.50.1 is the Cisco machine. HTH Esben
Re: pkg_add can't install a package
On Fri, Aug 17, 2007 at 04:42:33AM -0500, Will Maier wrote: On Fri, Aug 17, 2007 at 11:48:34AM +0300, Tomas wrote: I'm having some trouble installing clamav-0.90.3.tgz package. I'm using OpenBSD_4_1. My steps: 1. export PKG_PATH=ftp://ftp.openbsd.org/pub/OpenBSD/4.1/packages/i386 2. sudo pkg_add -v clamav-0.90.3.tgz And I have this error: parsing clamav-0.90.3 Can't install clamav-0.90.3 because of conflicts (.libs-clamav-0.90) ^ Error from ftp://ftp.openbsd.org/pub/OpenBSD/4.1/packages/i386/: ftp: -: short write 421 Service not available, remote server has closed connection. /usr/sbin/pkg_add: clamav-0.90.3.tgz:Fatal error Use pkg_delete(1) to remove the .libs- package. Note that this is one issue which has gotten WAYS simpler for 4.2. pkg_add now knows enough to grab back .libs-* packages when they conflict. Where libraries are concerned, all possible update scenarios are now taken care of.
usb printer speed
My usb printer works very slow under OpenBSD, I mean, when compared to other operating systems. According to dmesg, the printer operates through usb version 1. Is there any way, like kernel configuration or so, to make it operate under usb version 2? I'm asking because I want to erase that other operating system from my hard drive. Currently I only need it to print faster. Send instant messages to your online friends http://uk.messenger.yahoo.com
Re: pkg_add can't install a package
I know that OpenBSD developers are the best developers on earth and they are doing the best they can to make this already great OS even greater... Thank you OpenBSD developers, we appreciate the work you do. Marc Espie wrote: On Fri, Aug 17, 2007 at 04:42:33AM -0500, Will Maier wrote: On Fri, Aug 17, 2007 at 11:48:34AM +0300, Tomas wrote: I'm having some trouble installing clamav-0.90.3.tgz package. I'm using OpenBSD_4_1. My steps: 1. export PKG_PATH= ftp://ftp.openbsd.org/pub/OpenBSD/4.1/packages/i386 2. sudo pkg_add -v clamav-0.90.3.tgz And I have this error: parsing clamav-0.90.3 Can't install clamav-0.90.3 because of conflicts (.libs-clamav-0.90) ^ Error from ftp://ftp.openbsd.org/pub/OpenBSD/4.1/packages/i386/: ftp: -: short write 421 Service not available, remote server has closed connection. /usr/sbin/pkg_add: clamav-0.90.3.tgz:Fatal error Use pkg_delete(1) to remove the .libs- package. Note that this is one issue which has gotten WAYS simpler for 4.2. pkg_add now knows enough to grab back .libs-* packages when they conflict. Where libraries are concerned, all possible update scenarios are now taken care of.
serial console device
Hello, I'm almost done configuring some little 1U server for my own edutainment, and I'm busy trying to configure the serial console. I have the excellent book of Michael W. Lucas calld Absolute OpenBSD, and he tells about serial console, that by entering set tty com0, we can access the machine from any other machine that has a serial port, and a port monitoring software. I use a windows computer for it, only because I know this machine's serial port works, and the configuration I set up for my cisco (which is the same config as the one for openbsd) works in that machine. However, I can't get my serial port on my server to work ; I type in set tty com0, and nothing nowhere ! It even seems this server does not boot up ! (I can't find it with an nmap -sP with serial on booting, while I can otherwise). The server is an old compaq server : Proliant DL 320 (G1), with only 1 serial port on the motherboard. Is there anyway for me to check my com port is detected and working, before I put my server into a datacenter ? Thanks nicodache
Re: Beginner NAT / route / pfctl question - resolved
The default pf.conf had the nat configuration I have been using: nat on $ext_if from !($ext_if) - ($ext_if:0) and it works fine. The problem seems to be with my use of dnsmasq. -Lars
Re: serial console device
* nicodache [EMAIL PROTECTED] [070820 15:26]: Hello, I'm almost done configuring some little 1U server for my own edutainment, and I'm busy trying to configure the serial console. I have the excellent book of Michael W. Lucas calld Absolute OpenBSD, and he tells about serial console, that by entering set tty com0, we can access the machine from any other machine that has a serial port, and a port monitoring software. I use a windows computer for it, only because I know this machine's serial port works, and the configuration I set up for my cisco (which is the same config as the one for openbsd) works in that machine. However, I can't get my serial port on my server to work ; I type in set tty com0, and nothing nowhere ! It even seems this server does not boot up ! (I can't find it with an nmap -sP with serial on booting, while I can otherwise). The server is an old compaq server : Proliant DL 320 (G1), with only 1 serial port on the motherboard. Is there anyway for me to check my com port is detected and working, before I put my server into a datacenter ? Thanks nicodache This doesn't answer your question directly, but you could take a look in the FAQ here: http://www.openbsd.org/faq/faq7.html#SerCon and change the relevant line in /etc/ttys to something like: tty00 /usr/libexec/getty std.19200 vt220on secure If you don't enable the console, 'set tty com0' doesn't help. HTH, Jim
FTP server behind a bridge
Hello all, I currently have an FTP server on the internet for use transferring files back and forth with customers and have now been given the requirement to put a firewall between it and the internet but still allow users to use the ftp service. So, I was looking at the possibility of dropping an OpenBSD box in that is setup to serve as a filtering bridge but I have been unable to find information about how to setup a transparent bridge in front of an FTP server. Do I need to run an FTP proxy on the bridge? or does the fact that the bridge is transparent take care of that issue? A point in the right direction would be appreciated. I tried looking up on google, but I found a bazillion hits on how to setup a firewall on a network and still being able to reach an ftp server on the internet from the network, but nothing on how to do it the other way around where the FTP server is behind the firewall. My guess is the information I need is there but I was unable to see it through all the interference. I have also looked at the bridge section of the FAQ, and I am planning on going back in and looking further to see if I just missed something. Unfortunately, I was unable to search the list archive because we are restricted here where I work as to where we can and can't go on the internet. Thanks. Stuart van Zee [EMAIL PROTECTED]
Re: serial console device
On Mon, Aug 20, 2007 at 03:55:50PM -0400, Jim Razmus wrote: * nicodache [EMAIL PROTECTED] [070820 15:26]: Hello, I'm almost done configuring some little 1U server for my own edutainment, and I'm busy trying to configure the serial console. I have the excellent book of Michael W. Lucas calld Absolute OpenBSD, and he tells about serial console, that by entering set tty com0, we can access the machine from any other machine that has a serial port, and a port monitoring software. I use a windows computer for it, only because I know this machine's serial port works, and the configuration I set up for my cisco (which is the same config as the one for openbsd) works in that machine. However, I can't get my serial port on my server to work ; I type in set tty com0, and nothing nowhere ! It even seems this server does not boot up ! (I can't find it with an nmap -sP with serial on booting, while I can otherwise). The server is an old compaq server : Proliant DL 320 (G1), with only 1 serial port on the motherboard. Is there anyway for me to check my com port is detected and working, before I put my server into a datacenter ? This doesn't answer your question directly, but you could take a look in the FAQ here: http://www.openbsd.org/faq/faq7.html#SerCon and change the relevant line in /etc/ttys to something like: tty00 /usr/libexec/getty std.19200 vt220on secure If you don't enable the console, 'set tty com0' doesn't help. Actually, 'set tty com0' in /etc/boot.conf will tell the kernel to redirect the console messages (notably, the messages at boot) there. Also, are you *sure* you want to set the console to 19200 baud instead of the far-more-standard 9600? Even if you are, you should at least match it with /etc/boot.conf... (The above suggests booting into OpenBSD with both a serial cable and if possible a monitor attached, starting the serial session before OpenBSD starts booting, and looking at the results.) Joachim -- TFMotD: pkg_mklocatedb (1) - create a locate database for packages
Re: FTP server behind a bridge
On Mon, Aug 20, 2007 at 04:33:28PM -0400, stuart van Zee wrote: Hello all, I currently have an FTP server on the internet for use transferring files back and forth with customers and have now been given the requirement to put a firewall between it and the internet but still allow users to use the ftp service. So, I was looking at the possibility of dropping an OpenBSD box in that is setup to serve as a filtering bridge but I have been unable to find information about how to setup a transparent bridge in front of an FTP server. Do I need to run an FTP proxy on the bridge? or does the fact that the bridge is transparent take care of that issue? A point in the right direction would be appreciated. I tried looking up on google, but I found a bazillion hits on how to setup a firewall on a network and still being able to reach an ftp server on the internet from the network, but nothing on how to do it the other way around where the FTP server is behind the firewall. My guess is the information I need is there but I was unable to see it through all the interference. I have also looked at the bridge section of the FAQ, and I am planning on going back in and looking further to see if I just missed something. Unfortunately, I was unable to search the list archive because we are restricted here where I work as to where we can and can't go on the internet. I don't know the exact answer, but if you want to do stateful filtering on your bridge, you do need some way to capture FTP state (i.e. it won't 'just work'). I recall people talking about using ftpsesame (capitalization is most likely wrong, but spelling should be correct), which should add the relevant rules on the fly. Joachim -- TFMotD: newsyslog (8) - trim log files to manageable sizes
Re: serial console device
Hello, I was just looking this webpage when I got your answer ; as Michael Lucas didn't talk about this file in his talk about consoles, I though console ports were active by default... (but I found this file in this book's index, however) So, tty00 is tty00 /usr/libexec/getty std.9600 vt220 on secure, but it still does not work (I tried 19200 also). At the boot prompt, when I type set tty, there is some sort of autocompletion, that lists me only pc0, no com port is present. Does that mean the kernel does not recognize the serial ports ? I'm still running generic kernel plus RAIDframe. My serial port should be detected by the kernel, shouldn't they ? any guess would be neat, I really do feel unconfident with serial ports :-/ Would a dmesg be of any use in this case ? Thanks nicodache On 8/20/07, Jim Razmus [EMAIL PROTECTED] wrote: * nicodache [EMAIL PROTECTED] [070820 15:26]: Hello, I'm almost done configuring some little 1U server for my own edutainment, and I'm busy trying to configure the serial console. I have the excellent book of Michael W. Lucas calld Absolute OpenBSD, and he tells about serial console, that by entering set tty com0, we can access the machine from any other machine that has a serial port, and a port monitoring software. I use a windows computer for it, only because I know this machine's serial port works, and the configuration I set up for my cisco (which is the same config as the one for openbsd) works in that machine. However, I can't get my serial port on my server to work ; I type in set tty com0, and nothing nowhere ! It even seems this server does not boot up ! (I can't find it with an nmap -sP with serial on booting, while I can otherwise). The server is an old compaq server : Proliant DL 320 (G1), with only 1 serial port on the motherboard. Is there anyway for me to check my com port is detected and working, before I put my server into a datacenter ? Thanks nicodache This doesn't answer your question directly, but you could take a look in the FAQ here: http://www.openbsd.org/faq/faq7.html#SerCon and change the relevant line in /etc/ttys to something like: tty00 /usr/libexec/getty std.19200 vt220on secure If you don't enable the console, 'set tty com0' doesn't help. HTH, Jim
Re: FTP server behind a bridge
stuart van Zee [EMAIL PROTECTED] writes: A point in the right direction would be appreciated. I tried looking up on google, but I found a bazillion hits on how to setup a firewall on a network and still being able to reach an ftp server on the internet from the network, but nothing on how to do it the other way around where the FTP server is behind the firewall. That's probably due to the fact that there's a lot more people who need to access ftp servers elsewhere than people who need to run ftp servers. ftp-proxy has its reverse mode ( -R ) for that purpose. I'm not convinced it's possible to run the proxy in any useful way on the bridge itself, though. The proxy needs to bind to an interface with an IP address, which is sort of a scarce commodity on a transparent bridge. Then again, you can probably set up your ftp server to behave predictably (limit its port range) and craft a bridge rule set with just enough holes in it to let your traffic through. See eg http://www.openbsd.org/faq/pf/ftp.html#server for a starting point. - P -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.datadok.no/ http://www.nuug.no/ Remember to set the evil bit on all malicious network traffic delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: FTP server behind a bridge
On 2007/08/20 16:33, stuart van Zee wrote: allow users to use the ftp service. So, I was looking at the possibility of dropping an OpenBSD box in that is setup to serve as a filtering bridge but I have been unable to find information about how to setup a transparent bridge in front of an FTP server. Do I need to run an FTP proxy on the bridge? You need something that adds rules for (at least some classes of) FTP data connections; either a proxy, or something like ftpsesame (which, in the case of a bridge, will likely make your life easier).
Re: bind 9 cache poisoning
On 7/25/07, Allen [EMAIL PROTECTED] wrote: Richard Storm wrote: Is openbsd bind vulnerable to attacks on binds PRNG described here: http://www.securiteam.com/securitynews/5VP0L0UM0A.html A glance at the README.OpenBSD file for 4.1 in /usr/src/usr.sbin/bind shows (among other things): - add LCG (Linear Congruential Generator) implementation to libisc - use LCG instead of LFSR for ID generation until LFSR is proven reliable - strlcpy/strlcat/snprintf fixes Without digging into things deeper, it looks like this is unlikely to be an issue since the OBSD version doesn't rely on LFSR. One would think that with 16 bits for the query ID and 16 bits for the source port on DNS requests that the source port would be considered as important in terms of cache poisoning / response spoofing resiliency. named(8) uses a static source port for every query from the time of server startup; is there a good reason the authors don't pass source port allocation off to the OS where it can be randomized? DS
Re: serial console device
I wouldn't try to set set tty com0 in my /boot.conf, as it does not even work from boot prompt : I wouldn't like to have my computer stuck at boot, without beeing able to get OpenBSD up (seems like my computer does not continue booting after switching to the serial console). However, good news, I got to make it work, I don't know how, and I don't know why. I discovered this after plugging my only screen for both the server and the windows, on the windows ; I saw console output from the previous boot. However, I don't remember the settings, and I can't get it to work anymore :( I think some unplug/replug of serial cable was involved. Seems abnormal to me... nicodache On 8/20/07, Joachim Schipper [EMAIL PROTECTED] wrote: On Mon, Aug 20, 2007 at 03:55:50PM -0400, Jim Razmus wrote: * nicodache [EMAIL PROTECTED] [070820 15:26]: Hello, I'm almost done configuring some little 1U server for my own edutainment, and I'm busy trying to configure the serial console. I have the excellent book of Michael W. Lucas calld Absolute OpenBSD, and he tells about serial console, that by entering set tty com0, we can access the machine from any other machine that has a serial port, and a port monitoring software. I use a windows computer for it, only because I know this machine's serial port works, and the configuration I set up for my cisco (which is the same config as the one for openbsd) works in that machine. However, I can't get my serial port on my server to work ; I type in set tty com0, and nothing nowhere ! It even seems this server does not boot up ! (I can't find it with an nmap -sP with serial on booting, while I can otherwise). The server is an old compaq server : Proliant DL 320 (G1), with only 1 serial port on the motherboard. Is there anyway for me to check my com port is detected and working, before I put my server into a datacenter ? This doesn't answer your question directly, but you could take a look in the FAQ here: http://www.openbsd.org/faq/faq7.html#SerCon and change the relevant line in /etc/ttys to something like: tty00 /usr/libexec/getty std.19200 vt220on secure If you don't enable the console, 'set tty com0' doesn't help. Actually, 'set tty com0' in /etc/boot.conf will tell the kernel to redirect the console messages (notably, the messages at boot) there. Also, are you *sure* you want to set the console to 19200 baud instead of the far-more-standard 9600? Even if you are, you should at least match it with /etc/boot.conf... (The above suggests booting into OpenBSD with both a serial cable and if possible a monitor attached, starting the serial session before OpenBSD starts booting, and looking at the results.) Joachim -- TFMotD: pkg_mklocatedb (1) - create a locate database for packages
Re: serial console device
On 2007/08/20 21:17, nicodache wrote: I use a windows computer for it, only because I know this machine's serial port works, and the configuration I set up for my cisco (which is the same config as the one for openbsd) works in that machine. Doesn't mean the cable is suitable. Check that first... 3-wire is generally not enough for the PC boot loaders (but probably will be enough for an after-boot console enabled in /etc/ttys). The server is an old compaq server : Proliant DL 320 (G1), with only 1 serial port on the motherboard. Also check any BIOS console redirect options; if this exists, you should probably only have it active for the BIOS, not OS/bootloader. Is there anyway for me to check my com port is detected and working, before I put my server into a datacenter ? cu -l cua00, dumb terminal software at the other end, type blind at one end, it should appear on-screen at the other.
Re: serial console device
Ok, the dmesg is here :) BTW, is it normal to still have access the the ctrl-alt-del keys when I'm (or at least I should be) using the serial to redirect all the i/o from the other computer ? DMESG : OpenBSD 4.1 (GENERIC.RAID) #0: Sun Jul 8 22:16:34 CEST 2007 [EMAIL PROTECTED]:/sys/arch/i386/compile/GENERIC.RAID cpu0: Intel Pentium III (GenuineIntel 686-class) 795 MHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE real mem = 1073311744 (1048156K) avail mem = 971534336 (948764K) using 4278 buffers containing 53788672 bytes (52528K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+ BIOS, date 12/31/99, BIOS32 rev. 0 @ 0xeca00, SMBIOS rev. 2.3 @ 0xf2000 (41 entries) bios0: Compaq ProLiant DL320 pcibios0 at bios0: rev 2.1 @ 0xeca00/0x3600 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfaca0/160 (8 entries) pcibios0: PCI Interrupt Router at 000:15:0 (ServerWorks OSB4 rev 0x00) pcibios0: PCI bus #0 is the last bus bios0: ROM list: 0xc/0x8000 0xc8000/0x8000 0xd/0x3400 0xe8000/0x8000! acpi at mainbus0 not configured cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 ServerWorks CNB20LE Host rev 0x05 pchb1 at pci0 dev 0 function 1 ServerWorks CNB20LE Host rev 0x05 pci1 at pchb1 bus 1 pciide0 at pci1 dev 1 function 0 Promise PDC20375 rev 0x02: DMA wd0 at pciide0 channel 0 drive 0: ST380811AS wd0: 16-sector PIO, LBA48, 76319MB, 156301488 sectors wd0(pciide0:0:0): using BIOS timings, Ultra-DMA mode 6 wd1 at pciide0 channel 1 drive 0: ST380811AS wd1: 16-sector PIO, LBA48, 76319MB, 156301488 sectors wd1(pciide0:1:0): using BIOS timings, Ultra-DMA mode 6 pciide0: using irq 3 for native-PCI interrupt siop0 at pci1 dev 2 function 0 Symbios Logic 53c895A rev 0x01: irq 3, using 8K of on-board RAM scsibus0 at siop0: 16 targets fxp0 at pci1 dev 3 function 0 Intel 8255x rev 0x08, i82559: irq 11, address 00:50:8b:e8:56:04 inphy0 at fxp0 phy 1: i82555 10/100 PHY, rev. 4 fxp1 at pci1 dev 4 function 0 Intel 8255x rev 0x08, i82559: irq 11, address 00:50:8b:e8:56:05 inphy1 at fxp1 phy 1: i82555 10/100 PHY, rev. 4 vga1 at pci0 dev 2 function 0 ATI Rage XL rev 0x27 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) Compaq Netelligent ASMC rev 0x00 at pci0 dev 3 function 0 not configured piixpm0 at pci0 dev 15 function 0 ServerWorks OSB4 rev 0x51: polling iic0 at piixpm0 adm1022 at iic0 addr 0x2c not configured iic0: addr 0x2c 13=3a 14=4d 15=02 17=46 18=64 19=00 20=80 26=3b 27=1b 2b=7f 2c=80 37=48 38=c9 39=35 3a=c9 3e=41 3f=c9 40=2b 41=10 43=11 44=08 47=50 4a=01 4c=10 93=3a 94=4d 95=02 97=46 98=64 99=00 a0=80 a6=3b a7=1b ab=7f ac=80 b7=48 b8=c9 b9=35 ba=c9 be=41 bf=c9 c0=2b c1=10 c3=11 c4=08 c7=50 ca=01 cc=10: adm1022 pciide1 at pci0 dev 15 function 1 ServerWorks OSB4 IDE rev 0x00: DMA atapiscsi0 at pciide1 channel 1 drive 0 scsibus1 at atapiscsi0: 2 targets cd0 at scsibus1 targ 0 lun 0: COMPAQ, CD-ROM CRN-8241B, 2.23 SCSI0 5/cdrom removable cd0(pciide1:1:0): using PIO mode 4, DMA mode 2 ohci0 at pci0 dev 15 function 2 ServerWorks OSB4/CSB5 USB rev 0x04: irq 5, version 1.0, legacy support usb0 at ohci0: USB revision 1.0 uhub0 at usb0 uhub0: ServerWorks OHCI root hub, rev 1.00/1.00, addr 1 uhub0: 4 ports with 4 removable, self powered isa0 at mainbus0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker spkr0 at pcppi0 npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec biomask f7ed netmask ffed ttymask ffef pctr: 686-class user-level performance counters enabled mtrr: Pentium Pro MTRR support Kernelized RAIDframe activated cd0(atapiscsi0:0:0): Check Condition (error 0x70) on opcode 0x0 SENSE KEY: Not Ready ASC/ASCQ: Medium Not Present raid0 (root): (RAID Level 1) total number of sectors is 156091648 (76216 MB) as root dkcsum: wd0 matches BIOS drive 0x80 dkcsum: wd1 matches BIOS drive 0x81 swapmount: no device On 8/20/07, Darren Spruell [EMAIL PROTECTED] wrote: On 8/20/07, nicodache [EMAIL PROTECTED] wrote: Hello, I was just looking this webpage when I got your answer ; as Michael Lucas didn't talk about this file in his talk about consoles, I though console ports were active by default... (but I found this file in this book's index, however) So, tty00 is tty00 /usr/libexec/getty std.9600 vt220 on secure, but it still does not work (I tried 19200 also). At the boot prompt, when I type set tty, there is some sort of autocompletion, that lists me only pc0, no com port is present. Does that mean the kernel does not recognize the serial ports ? I'm still running generic kernel plus RAIDframe. My serial port
Re: vlan on vr: one way traffic trouble
Jacob Yocom-Piatt [EMAIL PROTECTED] wrote: on the same interface but HTTP connections traversing vr0-vlan0 hang while similar connections going vlan0-vr0 work fine. the firewall plugs vr0: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST mtu 1500 vlan0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1496 You need a newer if_vr driver that supports IFCAP_VLAN_MTU. Try current.
Re: 10G cards for 4.2
These cards are in the $5000 range and if you are lighting up fiber then you need some xenpaks that start around $1000 to $15000 ea. (If you want to light up strands from, say, Lansing to Ann Arbor, you would be using the $15000 part at each end, one with a 60 mile rating anyways) Before you go out and buy some, you might want to make sure that openbsd can handle the packet per second load that you expect to have. You may find that you have to use commercial switching gear to get what you really want. Stephan Andre' [EMAIL PROTECTED] wrote: I'm looking at the possibility of helping get a 10G speed network running. This is new territory to me--for OpenBSD purposes, are there more solid drivers out there? I'm told that the machine would want to exchange a lot of data, constantly (video stuff). Part of my consideration would also be what 10G companies have been open source friendly with hardware, etc. If I can I'd like to spend money somewhere that deserves it. Ideas? Thanks, STeve Andre' -- I'm a conservative liberal - and not afraid of calling myself one either. Both parties can take their anti-constitutional activity and shove it up my fat american ass. - Be More Social (kuro5hin.org troll)
ftp-proxy
Dear gentleman, i have just setted up a new natted firewall server after some period of inactivity. I got surprised with the new ftp-proxy utility! Now, it writes new pf rules, the prior one did not! I feel like unconfortable by the current ftp-proxy approach, since i cannot understand the rationale behind it. thanks a lot for your time and cooperation. best regards.
Re: ipsec vpn?
Hans-Joerg, Markus - Thanks for the advice and the help. I sat down and did some more testing at work. I definitely have an IPSEC tunnel from one point to the other. Any suggestions on how I can now have my users route all of their traffic through our end? I'd like them to be able to safely browse sites from Internet cafes and such. On 8/18/07, Steve B [EMAIL PROTECTED] wrote: I finally have some SUCCESS to report! I changed the ipsec.con file back to the one that I got to work on Phase 1, but appeared to be hanging on Phase 2, ran ipsecctl -f /etc/ipsec.conf and started isakmpd without the -K. Greenbow now reports both Phases worked and I had a tunnel. When I tested from the command line I was able to ping from one location to the other!! The only question that remains is, how can I determine traffic is passing over the IPSEC VPN instead of whatever connection it got to establish the VPN? # cat /etc/ipsec.conf ike dynamic esp tunnel from any to 192.168.1.0/24 \ main auth hmac-sha1 enc 3des group modp1024 \ quick auth hmac-sha2-256 enc 3des \ psk abc123 # ipsecctl -f /etc/ipsec.conf # ps ax |grep isakmpd 17023 ?? Is 0:00.02 isakmpd: monitor [priv] (isakmpd) 19046 ?? I 0:00.79 isakmpd # echo p on /var/run/isakmpd.fifo # echo p off /var/run/isakmpd.fifo # tcpdump -r /var/run/isakmpd.pcap -vvn 13:29:04.815727 64.119.40.170.500 64.119.37.74.500: [udp sum ok] isakmp v1.0 exchange ID_PROT cookie: 14a9d793fabd9a1b- msgid: len: 160 payload: SA len: 52 DOI: 1(IPSEC) situation: IDENTITY_ONLY payload: PROPOSAL len: 40 proposal: 1 proto: ISAKMP spisz: 0 xforms: 1 payload: TRANSFORM len: 32 transform: 0 ID: ISAKMP attribute ENCRYPTION_ALGORITHM = 3DES_CBC attribute HASH_ALGORITHM = SHA attribute AUTHENTICATION_METHOD = PRE_SHARED attribute GROUP_DESCRIPTION = MODP_1024 attribute LIFE_TYPE = SECONDS attribute LIFE_DURATION = 3600 payload: VENDOR len: 20 (supports v1 NAT-T, draft-ietf-ipsec-nat-t-ike-00) payload: VENDOR len: 20 (supports v2 NAT-T, draft-ietf-ipsec-nat-t-ike-02) payload: VENDOR len: 20 (supports v3 NAT-T, draft-ietf-ipsec-nat-t-ike-03) payload: VENDOR len: 20 (supports DPD v1.0) [ttl 0] (id 1, len 188) 13:29:04.826775 64.119.37.74.500 64.119.40.170.500 : [udp sum ok] isakmp v1.0 exchange ID_PROT cookie: 14a9d793fabd9a1b-40a39c778bcbd5eb msgid: len: 180 payload: SA len: 52 DOI: 1(IPSEC) situation: IDENTITY_ONLY payload: PROPOSAL len: 40 proposal: 1 proto: ISAKMP spisz: 0 xforms: 1 payload: TRANSFORM len: 32 transform: 0 ID: ISAKMP attribute ENCRYPTION_ALGORITHM = 3DES_CBC attribute HASH_ALGORITHM = SHA attribute AUTHENTICATION_METHOD = PRE_SHARED attribute GROUP_DESCRIPTION = MODP_1024 attribute LIFE_TYPE = SECONDS attribute LIFE_DURATION = 3600 payload: VENDOR len: 20 (supports OpenBSD-4.0) payload: VENDOR len: 20 (supports v2 NAT-T, draft-ietf-ipsec-nat-t-ike-02) payload: VENDOR len: 20 (supports v3 NAT-T, draft-ietf-ipsec-nat-t-ike-03) payload: VENDOR len: 20 (supports NAT-T, RFC 3947) payload: VENDOR len: 20 (supports DPD v1.0) [ttl 0] (id 1, len 208) 13:29:04.959737 64.119.40.170.500 64.119.37.74.500: [udp sum ok] isakmp v1.0 exchange ID_PROT cookie: 14a9d793fabd9a1b-40a39c778bcbd5eb msgid: len: 228 payload: KEY_EXCH len: 132 payload: NONCE len: 20 payload: NAT-D-DRAFT len: 24 payload: NAT-D-DRAFT len: 24 [ttl 0] (id 1, len 256) 13:29:05.06 64.119.37.74.4500 64.119.40.170.4500: [udp sum ok] udpencap: isakmp v1.0 exchange ID_PROT cookie: 14a9d793fabd9a1b-40a39c778bcbd5eb msgid: len: 228 payload: KEY_EXCH len: 132 payload: NONCE len: 20 payload: NAT-D-DRAFT len: 24 payload: NAT-D-DRAFT len: 24 [ttl 0] (id 1, len 260) 13:29:05.196922 64.119.40.170.4500 64.119.37.74.4500: [bad udp cksum a274!] udpencap: isakmp v1.0 exchange ID_PROT cookie: 14a9d793fabd9a1b-40a39c778bcbd5eb msgid: len: 92 payload: ID len: 12 type: IPV4_ADDR = 192.168.11.109 payload: HASH len: 24 payload: NOTIFICATION len: 28 notification: INITIAL CONTACT (14a9d793fabd9a1b-40a39c778bcbd5eb) [ttl 0] (id 1, len 124) 13:29:05.197530 64.119.37.74.4500 64.119.40.170.4500: [bad udp cksum 4d5e!] udpencap: isakmp v1.0 exchange ID_PROT cookie: 14a9d793fabd9a1b-40a39c778bcbd5eb msgid: len: 104 payload: ID len: 24 type: FQDN =