Re: strange lockups
On 2012-05-11, Adam Jacob Muller adam-openbsd-m...@adam.gs wrote: On 5/10/12 4:24 AM, JC)rC)mie CourrC(ges-Anglas wrote: Please see http://www.openbsd.org/faq/faq2.html and http://www.openbsd.org/report.html Regards. Hi, I did do a sendbug, but i'm not sure if gnats@ goes anywhere (seems query-pr page is broken?). Possibly not at the moment. In any event, this is the ddb output of ps/show registers. I'm fairly reliably able to reproduce this, if there is any more information I can gather, let me know. Dmesg (no. 3 on http://www.openbsd.org/report.html) is really important. Ideally send one from the working previous version too which you might find in old logs (/var/log/messages*). -=[~]=- -=[Thu May 10]=- -=[21:30:46]=- [root@charon]# ifconfig em2 up -=[~]=- -=[Thu May 10]=- -=[21:30:49]=- [root@charon]# uptime 9:30PM up 2 mins, 1 user, load averages: 1.38, 0.50, 0.19 -=[~]=- -=[Thu May 10]=- -=[21:30:52]=- [root@charon]# ifconfig em3 up ^EB^EStopped at Debugger+0x5: leave ddb show panic the kernel did not panic Happens for em3 and not em2? Or does this vary? I won't trim the quote below so you can reply to the whole lot and keep the information together (but no more text from me below :) ddb ps PID PPID PGRPUID S FLAGS WAIT COMMAND *31458 2782 31458 0 7 0ifconfig 2782 1 2782 0 30x80 wait bash 9835 1 9835 0 30x80 ttyin getty 28249 1 28249 0 30x80 ttyin getty 1429 1 1429 0 30x80 ttyin getty 12859 1 12859 0 30x80 ttyin getty 15689 1 15689 0 30x80 ttyin getty 21720 1 21720 0 30x80 selectcron 22103 15791 15791 0 30x80 nanosleep perl 15791 1 15791 0 30x80 poll collectd 17486 1711 1711 77 30x80 poll dhcpd 32181 15104 27517 90 30x80 kqreadospf6d 22133 15104 27517 90 30x80 kqreadospf6d 4380 27517 27517 0 30x80 piperdtee 15104 27517 27517 0 20x80ospf6d 27517 11636 27517 0 30x88 pause sh 7865 22621 4001 83 30x80 poll ntpd 22621 4001 4001 83 30x80 poll ntpd 11636 1 11636 0 30x80 selectscreen 1711 22145 1711 77 30x80 poll dhcpd 4001 26301 4001 0 30x80 poll ntpd 22145 1 22145 0 30x80 selectscreen 20753 11069 20753 0 30x80 netconphp 11069 1 11069 0 30x80 selectscreen 26301 1 26301 0 30x80 selectscreen 23181 1 23181556 30x80 selectnrpe 13812 30502 30502 91 20x80snmpd 30502 23345 30502 0 30x80 kqreadsnmpd 24114 6566 24114 0 30x80 nanosleep php 24896 12320 24896 0 30x80 nanosleep php 30324 26717 30324 0 30x80 nanosleep php 23345 1 23345 0 30x80 selectscreen 2939 17720 2939 0 30x80 nanosleep php 26717 1 26717 0 30x80 selectscreen 12320 1 12320 0 30x80 selectscreen 6566 1 6566 0 30x80 selectscreen 17720 1 17720 0 30x80 selectscreen 20349 31546 20349 0 30x80 poll syslog-ng 31546 1 13174 0 30x80 wait syslog-ng 22116 1 22116 99 30x80 poll sndiod 12536 1 12536 0 30x80 selectinetd 21142 13495 13495507 30x80 kqreadqmgr 16697 13495 13495507 30x80 kqreadpickup 13495 1 13495 0 30x80 kqreadmaster 17383 15889 15889 75 30x80 poll bgpd 2491 15889 15889 75 30x80 poll bgpd 15889 1 15889 0 20x80bgpd 30554 15678 15678 90 30x80 kqreadospf6d 19811 15678 15678 90 30x80 kqreadospf6d 15678 1 15678 0 20x80ospf6d 29524 1 29524 0 30x80 selectsshd 26501 5231 5231 70 30x80 selectnamed 5231 1 5231 0 30x80 netio named 21867 29781 29781 74 30x80 bpf pflogd 29781 1 29781 0 30x80 netio pflogd 9811 2867 2867
Re: Watchdog timeout reset in 5.1 on intel nic:s
On Thu, May 10, 2012 at 03:31:27PM +0100, Stuart Henderson wrote: In gmane.os.openbsd.misc, Garry Dolley wrote: On Tue, May 08, 2012 at 07:58:30PM -0400, Simon Perreault wrote: On 2012-05-08 19:08, Per-Olov Sjvholm wrote: It says em1: watchdog timeout -- resetting aol I saw the same on an amd64 VPS from arpnetworks.com. Network was not functional. Backed out. Did not investigate further. /aol Simon I had another customer on amd64 report this problem today. Not sure what the solution is. I'm recommending either downgrade to 5.0 or use i386 arch for now. If possible, tracking down the commit which broke it, or at least narrow it to a reasonably small date range, would help. I have an archive of snapshot kernels if you want to work through them rather than cvs checkouts, contact me if you'd like access to them. Guys, I now have an amd64 test VM set up, where I installed stock 5.0. I ran a lot of traffic over em0 without any timeouts. I also have been trying several -current kernels. As of: OpenBSD 5.1-current (GENERIC) #205: Wed Mar 28 21:40:45 MDT 2012 I don't see any em0 timeouts. I will continue to try newer ones and report back here... -- Garry Dolley ARP Networks, Inc. | http://www.arpnetworks.com | (818) 206-0181 Data center, VPS, and IP Transit solutions Member Los Angeles County REACT, Unit 336 | WQGK336 Blog http://scie.nti.st
Re: Watchdog timeout reset in 5.1 on intel nic:s
On 2012/05/11 01:15, Garry Dolley wrote: On Thu, May 10, 2012 at 03:31:27PM +0100, Stuart Henderson wrote: In gmane.os.openbsd.misc, Garry Dolley wrote: On Tue, May 08, 2012 at 07:58:30PM -0400, Simon Perreault wrote: On 2012-05-08 19:08, Per-Olov Sjvholm wrote: It says em1: watchdog timeout -- resetting aol I saw the same on an amd64 VPS from arpnetworks.com. Network was not functional. Backed out. Did not investigate further. /aol Simon I had another customer on amd64 report this problem today. Not sure what the solution is. I'm recommending either downgrade to 5.0 or use i386 arch for now. If possible, tracking down the commit which broke it, or at least narrow it to a reasonably small date range, would help. I have an archive of snapshot kernels if you want to work through them rather than cvs checkouts, contact me if you'd like access to them. Guys, I now have an amd64 test VM set up, where I installed stock 5.0. I ran a lot of traffic over em0 without any timeouts. I also have been trying several -current kernels. As of: OpenBSD 5.1-current (GENERIC) #205: Wed Mar 28 21:40:45 MDT 2012 I don't see any em0 timeouts. I will continue to try newer ones and report back here... Hmm - Mar 28 is already after 5.1 was released. Could somebody seeing the problem (sperreault?) please send a dmesg from a kernel showing the problem?
Re: Hardware (firewall) recommendation
On Thu, May 10, 2012 at 3:28 AM, Predrag Punosevac punoseva...@gmail.comwrote: Dear All, I am resurrecting this thread which I followed carefully because I need some hardware advice for the firewall machine which is going to serve our new scientific computing laboratory. Initially behind this firewall, we will have only two small (16 and 8 nodes) clusters, a GPU based super computer, a CVS/File server and a web-server for PMWiki. They will be accessible to users (15-20 for now) only via SSH(NX X) and HTTP protocols. We are vendor locked due to the contract between DeLL and the University system of Georgia. I would like to hear opinion about: Dell PowerEdge R210 II Ultra-compact Rack Server http://www.dell.com/us/enterprise/p/poweredge-r210-2/pd I am looking at the one with Intel Gigabit ET Quad Port Adapter, Gigabit Ethernet NIC, PCIe x4 Does One Dual port Broadcom BCM 5716 work on OpenBSD? What about those Broadcom NetXtremes ? It is not going to have RAID controller. We are looking at the one with Dual-core Intel Celeron G400 and G500 series Thank you so much! Predrag Watch out for onboard bios/firmare of the two native gigabit nics (bnx): anything below 1.3 will cause abundant data loss on at least one of the two... the early bioses were severely buggy!!!
Re: 4.4 m68k packages?
On 05/10/12 17:56, David Diggles wrote: Were there ever 4.4 m68k packages? I can only find 4.3 packages for m68k on ftp sites. Or, is it possible to cross compile for m68k arch on i386? Or if I can't compile 4.4 packages either cross compile, or on the SE/30 itself, I will downgrade the SE/30 to 4.3 The Quadra 700 I was using to do compiles, has finally died. They are still building. Then we get to start on 4.5... slightly more seriously... If you are running an m68k machine, it's a labor of love, I really have difficulty believing that it's a practical event. And since you only talk of releases over three years old, again, I'm hoping this is not a production machine of any kind. So...build what you want! It's part of the fun! As for cross compiling: 1) no. 2) WHY? that's like jogging for health, and taking a short cut because its easier... And run 5.1, building the packages you want shouldn't take more than a few weeks. Nick.
Re: wifi firmware for lenovo thinkpad E420
On Fri, May 11, 2012 at 12:11 AM, Henning Brauer lists-open...@bsws.de wrote: I have one of these somewhere - basically, all that is needed is a pci attachment for the existing urtwn. shouldn't be too hard, but as usual - somebody has to do it. ok thanks :-) Siju
Re : Re: Re : Re: fw_update
I confirm it works, so this firmware (athn,uvideo) is not necessary. My network card is an Atheros AR9285. I suspect it could have been my Atheros too Bluetooth Adapter. Call me paranoid but it makes me happier! I apologize for the bad format of my last email (new webmail) and some out-of-topic comments. I think I was in evangelic mode.. Sorry. Last question. Which is the best way to disable fw_update so that when it connects to the network it doesnB4t attempt to install more firmware? Stuart suggested: # echo 127.0.0.1 firmware.openbsd.org /etc/hosts will this work if I have another source other than ftp.openbsd.org? ie. are the firmware updates independent from the pkg source? I'd like to round up with a request to make firmware installation optional in the installer (amd64 cd) if there are any chances that the OS will work without it. Some question like: Would you like to install X (your Z hardware might not be operative without it). This would me happier too. Thanks for your patience and work. - Message d'origine - De : David Coppa EnvoyC)s : 10.05.12 12:20 C : mark sullivan Objet : Re: Re : Re: fw_update On Thu, May 10, 2012 at 12:03 PM, mark sullivan mark.sulli...@gmx.fr wrote: I didn't even have the chance to test if it would work without it. Yes, it should work. Just remove the package with pkg_delete athn-firmware.
Re: fw_update
* David Coppa dco...@gmail.com [2012-05-09 23:40]: If you have concerns with firmwares, swap your card with, for example, an atheros or another card that doesn't need a firmware. wait. on those cards, the firmware is simply on the card itself, usually in some kind of flash. where's the difference really? the difference is that in one case the firmware is stored on the card, in the other case it has to be uploaded to the card by the OS. now that makes a huge difference for privacy et al... -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de, Full-Service ISP Secure Hosting, Mail and DNS Services. Dedicated Servers, Root to Fully Managed Henning Brauer Consulting, http://henningbrauer.com/
Re: Watchdog timeout reset in 5.1 on intel nic:s
On 2012-05-11 04:15, Garry Dolley wrote: I now have an amd64 test VM set up, where I installed stock 5.0. I ran a lot of traffic over em0 without any timeouts. That's expected. 5.0 has been running without issue for me for a long time. I also have been trying several -current kernels. As of: OpenBSD 5.1-current (GENERIC) #205: Wed Mar 28 21:40:45 MDT 2012 I don't see any em0 timeouts. I will continue to try newer ones and report back here... Why not just test 5.1? Problems have been reported against 5.1, not -current. Simon
making packages
I want to create packages from compiled port, copy to usb and install on another computer. After trying with make package in xfce4-session port tree i got only one package. How to include all dependencies and all needed to install the application on another computer?
pfstat -t does not work for me (pfstat-2.3p1)
Hello, I am collecting interface statistics with pfstat on OpenBSD 4.9. Everything works fine except pfstat -t (days). The .db files getting big so I want to clear old entries, unfortunately it does not work. Here is what I do: root@storage. ~ # du -h /var/db/pfstat.db 801M/var/db/pfstat.db root@storage. ~ # /usr/local/bin/pfstat -t 30:45 -d /var/db/pfstat.db root@storage. ~ # du -h /var/db/pfstat.db 801M/var/db/pfstat.db root@storage. ~ # The .db file is at least 6 months old, so there should be entries to delete. I miss something obvious? Thanks for the help, Ivo
Re: Watchdog timeout reset in 5.1 on intel nic:s
I see the same issue on the most recent snapshot. Upgrading to current, disabling mpbios, and applying mikeb's patch[1] on tech@ and things are looking a lot better. bsd.rd has never exhibited this issue for me FWIW [1] http://marc.info/?l=openbsd-techm=133665750315650w=2 On Fri, May 11, 2012 at 2:13 PM, Simon Perreault sperrea...@openbsd.orgwrote: On 2012-05-11 04:15, Garry Dolley wrote: I now have an amd64 test VM set up, where I installed stock 5.0. I ran a lot of traffic over em0 without any timeouts. That's expected. 5.0 has been running without issue for me for a long time. I also have been trying several -current kernels. As of: OpenBSD 5.1-current (GENERIC) #205: Wed Mar 28 21:40:45 MDT 2012 I don't see any em0 timeouts. I will continue to try newer ones and report back here... Why not just test 5.1? Problems have been reported against 5.1, not -current. Simon
Re: making packages
On Fri, May 11, 2012 at 3:15 PM, Dimitry T dimitryr...@hotmail.com wrote: I want to create packages from compiled port, copy to usb and install on another computer. After trying with make package in xfce4-session port tree i got only one package. How to include all dependencies and all needed to install the application on another computer? IIRC make package-depends should do the trick. -- chs,
Re: making packages
make package-depends won't work, with make package depends give same results. From: christer.solsko...@gmail.com Date: Fri, 11 May 2012 15:29:49 +0200 Subject: Re: making packages To: dimitryr...@hotmail.com CC: misc@openbsd.org On Fri, May 11, 2012 at 3:15 PM, Dimitry T dimitryr...@hotmail.com wrote: I want to create packages from compiled port, copy to usb and install on another computer. After trying with make package in xfce4-session port tree i got only one package. How to include all dependencies and all needed to install the application on another computer? IIRC make package-depends should do the trick. -- chs,
Re: pfstat -t does not work for me (pfstat-2.3p1)
Ivo Chutkin wrote: Hello, I am collecting interface statistics with pfstat on OpenBSD 4.9. Everything works fine except pfstat -t (days). The .db files getting big so I want to clear old entries, unfortunately it does not work. Here is what I do: root@storage. ~ # du -h /var/db/pfstat.db 801M/var/db/pfstat.db root@storage. ~ # /usr/local/bin/pfstat -t 30:45 -d /var/db/pfstat.db root@storage. ~ # du -h /var/db/pfstat.db 801M/var/db/pfstat.db root@storage. ~ # The .db file is at least 6 months old, so there should be entries to delete. I miss something obvious? What did you expect, a smaller file ? I'm not familiar with pfstat but I suppose you could check if the old records still exist. If not, I suspect that, in general, when records are deleted from a database, the actual storage isn't freed up. This way the database program can reuse it for storing new records. You could check if pfstat has an option to purge/shrink the database or reclaim the database storage. Or maybe a tool exists to shrink a .db file.
Re: making packages
On Friday 11 May 2012 15:15:23 Dimitry T wrote: I want to create packages from compiled port, copy to usb and install on another computer. After trying with make package in xfce4-session port tree i got only one package. How to include all dependencies and all needed to install the application on another computer? Do you have those dependencies already installed on the build machine before making that package? If so, they won't be build. If you make the packages on a clean system, all deps will be build. Ofcourse this includes the build-depends. gr Renzo
Re: making packages
On Fri, May 11, 2012 at 05:24:43PM +0200, Renzo Fabriek wrote: On Friday 11 May 2012 15:15:23 Dimitry T wrote: I want to create packages from compiled port, copy to usb and install on another computer. After trying with make package in xfce4-session port tree i got only one package. How to include all dependencies and all needed to install the application on another computer? Do you have those dependencies already installed on the build machine before making that package? If so, they won't be build. If you make the packages on a clean system, all deps will be build. Ofcourse this includes the build-depends. If the dependencies are already installed, you can recreate the package from /var/db/pkg. See pkg_create(1) In general, when you want to build several things at once, use dpb(1). In particular, it *will* build all packages.
Re: 4.4 m68k packages?
Hi Nick, Ok I'll tell you (and everyone) a little bit about it. On Fri, May 11, 2012 at 07:27:00AM -0400, Nick Holland wrote: If you are running an m68k machine, it's a labor of love, I really have difficulty believing that it's a practical event. And since you only talk of releases over three years old, again, I'm hoping this is not a production machine of any kind. You are correct. It's more of an animated ascii art lava lamp, novelty. It was in production serving http when 4.4 was current, but I think after 4.5, mac68k no longer had a maintainer, so it just became a lava lamp. So...build what you want! It's part of the fun! Maybe, if I NFS mount src and ports. It doesn't have a lot of disk space. As for cross compiling: 1) no. 2) WHY? that's like jogging for health, and taking a short cut because its easier... Well I did worse. Lazy cheat. I left 4.4 on it, installed what I needed from 4.2 packages, symlinked any any libs it complained about. And run 5.1, building the packages you want shouldn't take more than a few weeks. When I installed 4.4, I modified the install script to accept tar instead of tgz to save time. If I did it again, I would have also made it skip the keygen sequence on the first boot, as it takes half a day. This could be generated somewhere else and copied over post install. I also run telnetd on it from an older version of obsd (i think it was removed somewhere back in the 3.x series)... because ssh takes 10 mins to login. PF restricts this by IP and OS, to another obsd local box. .d.d.
Re: making packages
I use make install on port xfce4-session, and after that make package. Date: Fri, 11 May 2012 17:39:51 +0200 From: es...@nerim.net To: rfabr...@nerdshack.com CC: misc@openbsd.org Subject: Re: making packages On Fri, May 11, 2012 at 05:24:43PM +0200, Renzo Fabriek wrote: On Friday 11 May 2012 15:15:23 Dimitry T wrote: I want to create packages from compiled port, copy to usb and install on another computer. After trying with make package in xfce4-session port tree i got only one package. How to include all dependencies and all needed to install the application on another computer? Do you have those dependencies already installed on the build machine before making that package? If so, they won't be build. If you make the packages on a clean system, all deps will be build. Ofcourse this includes the build-depends. If the dependencies are already installed, you can recreate the package from /var/db/pkg. See pkg_create(1) In general, when you want to build several things at once, use dpb(1). In particular, it *will* build all packages.
ikev2 between openbsd and windows
Hi everyone. Trying to build ikev2 vpn between openbsd 5.1 and windows 7 via certificates. Windows stops at #13843 error message - Invalid payload received. Iked -vd output has a 'sa_state: VALID - ESTABLISHED' meaning that 2nd phase is ok but just before that line I have: ca_getreq: no valid local certificate found What local cert does it mean? 'ikectl show ca certificates' output is ok - it returnes all the certs that I have installed/exported/imported on windows side Did install both obsd's and win7's certificates like ikectl ca caname certificate openbsdmachine create | install | export ikectl ca caname certificate win7machine create | install | export - just like it's said in the man page. Google has just one link for that queue - openbsd sources =) -- Best regards, Pavel Shvagirev skype: pavel.shvagirev
Re: making packages
Can pkg_create -Pf /var/db/pkg/xfce4-session-4.8.2 be enought? From: dimitryr...@hotmail.com To: es...@nerim.net; rfabr...@nerdshack.com CC: misc@openbsd.org Subject: Re: making packages Date: Fri, 11 May 2012 16:25:39 + I use make install on port xfce4-session, and after that make package. Date: Fri, 11 May 2012 17:39:51 +0200 From: es...@nerim.net To: rfabr...@nerdshack.com CC: misc@openbsd.org Subject: Re: making packages On Fri, May 11, 2012 at 05:24:43PM +0200, Renzo Fabriek wrote: On Friday 11 May 2012 15:15:23 Dimitry T wrote: I want to create packages from compiled port, copy to usb and install on another computer. After trying with make package in xfce4-session port tree i got only one package. How to include all dependencies and all needed to install the application on another computer? Do you have those dependencies already installed on the build machine before making that package? If so, they won't be build. If you make the packages on a clean system, all deps will be build. Ofcourse this includes the build-depends. If the dependencies are already installed, you can recreate the package from /var/db/pkg. See pkg_create(1) In general, when you want to build several things at once, use dpb(1). In particular, it *will* build all packages.
Re: systat total freeze
so i had another systat complete freeze, this time remotely, so again, no dump... sorry about another useless report, but looking at the mailing list looks like other people are experiencing hangs during disk activity. (i am speculating in this direction simply because systat's first screen after starting is the disk activity.) what kind of bug could be triggered by a process started as non-root that kills the whole system is the 20 euro question of course. as nowadays virtually everyone is in X, i think i am not the only who has difficulties getting panic messages. at any rate, i am just writing this to perhaps have an openbsd systat day (together with a towel, being douglas adams' death anniversary) and simply run systat randomly on as many machines as possible. if absolutely noone else speaks up, i'll just assume any hw of mine is simply cursed and i am d.n.a.lusional. -f -- i may be wrong, but i'm never in doubt!
Re: making packages
On Friday 11 May 2012 18:25:39 Dimitry T wrote: I use make install on port xfce4-session, and after that make package. make install already builds the package. Which offcourse is needed to do the install part. As for pkg_create. The manual explains that very well, it even provides an example. I don't repeat it here. Just look a bit further. But as far as I can see you'll have to do that for every package. Still much faster than compiling. Date: Fri, 11 May 2012 17:39:51 +0200 From: es...@nerim.net To: rfabr...@nerdshack.com CC: misc@openbsd.org Subject: Re: making packages On Fri, May 11, 2012 at 05:24:43PM +0200, Renzo Fabriek wrote: On Friday 11 May 2012 15:15:23 Dimitry T wrote: I want to create packages from compiled port, copy to usb and install on another computer. After trying with make package in xfce4-session port tree i got only one package. How to include all dependencies and all needed to install the application on another computer? Do you have those dependencies already installed on the build machine before making that package? If so, they won't be build. If you make the packages on a clean system, all deps will be build. Ofcourse this includes the build-depends. If the dependencies are already installed, you can recreate the package from /var/db/pkg. See pkg_create(1) In general, when you want to build several things at once, use dpb(1). In particular, it *will* build all packages.
Re: 4.4 m68k packages?
On Fri, May 11, 2012 at 07:27:00AM -0400, Nick Holland wrote: So...build what you want! It's part of the fun! Last time I used one took 3 days to compile wget.
VPN questions
Would like to tunnel the net traffic from my (android) cell phone (and tablet if I ever get one) through my soho OpenBSD firewall/router when I'm connected to untrusted and/or open wifi. My outside/public IP is not fixed (cable) but it rarely changes and I do have a ddns hostname. Is this possible? Or do I need a second outside IP address? Any tutorials if it is doable? Thanks, Chris
hotplugd/disklabel + smartphone sd card
hi there, i am trying to trick /etc/hotplug/attach into mounting the sd card from my android smartphone. the principal problem seems to be that at the time of e.g. sd2 showing up, the disklabel is not ready yet. (maybe the delay is the time android needs to unmount it) as no disklabel is ready, 'label:' is also empty and nothing happens. so i set out to try make a small sleep loop until disklabel can return the label instead of ioctl DIOCGDINFO: Input/output error but it seems like disklabel does not really differentiate between failures. $ sudo disklabel sd2 disklabel: ioctl DIOCGDINFO: Input/output error tyin:~$ echo $? 4 $ sudo disklabel sd3 disklabel: /dev/rsd3c: Device not configured $ echo $? 4 also, i could not find the return codes in the disklabel man page. is there a way to differentiate between the error situations? i dont want to loop forever... with all these usb thingies, would it make sense to have a disklabel parameter to return just the label/duid for scripting purposes? -f -- the greatest hate springs from the greatest love.
Re: ikev2 between openbsd and windows
Hi, I take a entire week to try ikev2 between a win7 road warrior and an OpenBSD 5.1 gateway. All in following the man pages of ikectl, iked, and iked.conf. It doesn't work for me... Bugs ? Perhaps, certainly because, iked is not yet finished. So i keep isakmpd and the GreenBowVPN. Good luck to have it works. ;-) -- Wesley Le 2012-05-11 20:39, Pavel Shvagirev a C)critB : Hi everyone. Trying to build ikev2 vpn between openbsd 5.1 and windows 7 via certificates. Windows stops at #13843 error message - Invalid payload received. Iked -vd output has a 'sa_state: VALID - ESTABLISHED' meaning that 2nd phase is ok but just before that line I have: ca_getreq: no valid local certificate found What local cert does it mean? 'ikectl show ca certificates' output is ok - it returnes all the certs that I have installed/exported/imported on windows side Did install both obsd's and win7's certificates like ikectl ca caname certificate openbsdmachine create | install | export ikectl ca caname certificate win7machine create | install | export - just like it's said in the man page. Google has just one link for that queue - openbsd sources =)
Re: making packages
On Fri, May 11, 2012 at 07:48:15PM +0200, Renzo Fabriek wrote: As for pkg_create. The manual explains that very well, it even provides an example. I don't repeat it here. Just look a bit further. But as far as I can see you'll have to do that for every package. Still much faster than compiling. Well, shell is good, e.g., for f in /var/db/pkg/*/+CONTENTS do pkg_create -f $f done (generally done as root if any file in any package may be unreadable as normal user).
Re: VPN questions
On Fri, 11 May 2012 14:25:22 -0400 Chris Smith wrote: Would like to tunnel the net traffic from my (android) cell phone (and tablet if I ever get one) through my soho OpenBSD firewall/router when I'm connected to untrusted and/or open wifi. My outside/public IP is not fixed (cable) but it rarely changes and I do have a ddns hostname. Is this possible? Or do I need a second outside IP address? Any tutorials if it is doable? Easiest option might be connectbot to ssh tunnel. Android has ipsec support too.
Re: strange lockups
On 05/11/12 03:21, Stuart Henderson wrote: On 2012-05-11, Adam Jacob Mulleradam-openbsd-m...@adam.gs wrote: On 5/10/12 4:24 AM, JC)rC)mie CourrC(ges-Anglas wrote: Please see http://www.openbsd.org/faq/faq2.html and http://www.openbsd.org/report.html Regards. Hi, I did do a sendbug, but i'm not sure if gnats@ goes anywhere (seems query-pr page is broken?). Possibly not at the moment. In any event, this is the ddb output of ps/show registers. I'm fairly reliably able to reproduce this, if there is any more information I can gather, let me know. Dmesg (no. 3 on http://www.openbsd.org/report.html) is really important. Ideally send one from the working previous version too which you might find in old logs (/var/log/messages*). Sorry, that was in the sendbug, I removed it when I sent to the list. Unfortunately/fortunately the box was up for so long prior to upgrading that there's no dmesg and the remote syslog archives don't catch things from so early on in the boot so I only have the 5.1 dmesg :/ OpenBSD 5.1 (GENERIC) #181: Sun Feb 12 09:35:53 MST 2012 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC real mem = 2146172928 (2046MB) avail mem = 2074972160 (1978MB) mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.3 @ 0xfa3d0 (48 entries) bios0: vendor Secure Computing version A02 date 03/29/2006 bios0: Secure Computing Sidewinder G2 acpi0 at bios0: rev 0 acpi0: sleep states S0 S4 S5 acpi0: tables DSDT FACP APIC SPCR HPET MCFG acpi0: wakeup devices PCI0(S5) PES1(S5) PEP0(S5) PXHA(S5) PEP1(S5) PEP2(S5) PCIS(S5) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Celeron(R) CPU 2.66GHz, 2667.13 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,TM2,CNXT-ID,CX16,xTPR,NXE,LONG,LAHF cpu0: 256KB 64b/line 4-way L2 cache cpu0: apic clock running at 133MHz ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 24 pins ioapic0: misconfigured as apic 0, remapped to apid 1 ioapic1 at mainbus0: apid 2 pa 0xfec1, version 20, 24 pins ioapic1: misconfigured as apic 0, remapped to apid 2 acpihpet0 at acpi0: 14318179 Hz acpimcfg0 at acpi0 addr 0xf000, bus 0-63 acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 1 (PES1) acpiprt2 at acpi0: bus 2 (PEP0) acpiprt3 at acpi0: bus 3 (PXHA) acpiprt4 at acpi0: bus 5 (PEP1) acpiprt5 at acpi0: bus 6 (PEP2) acpiprt6 at acpi0: bus 7 (PCIS) acpicpu0 at acpi0 ipmi at mainbus0 not configured pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 Intel E7230 Host rev 0x00 ppb0 at pci0 dev 1 function 0 Intel E7230 PCIE rev 0x00: msi pci1 at ppb0 bus 1 ppb1 at pci0 dev 28 function 0 Intel 82801GB PCIE rev 0x01 pci2 at ppb1 bus 2 ppb2 at pci2 dev 0 function 0 Intel 6702PXH PCIE-PCIX rev 0x09 pci3 at ppb2 bus 3 ppb3 at pci3 dev 2 function 0 IBM 133 PCIX-PCIX rev 0x02 pci4 at ppb3 bus 4 em0 at pci4 dev 4 function 0 Intel PRO/1000MT QP (82546EB) rev 0x01: apic 2 int 3, address 00:04:23:c2:9f:24 em1 at pci4 dev 4 function 1 Intel PRO/1000MT QP (82546EB) rev 0x01: apic 2 int 2, address 00:04:23:c2:9f:25 em2 at pci4 dev 6 function 0 Intel PRO/1000MT QP (82546EB) rev 0x01: apic 2 int 1, address 00:04:23:c2:9f:26 em3 at pci4 dev 6 function 1 Intel PRO/1000MT QP (82546EB) rev 0x01: apic 2 int 0, address 00:04:23:c2:9f:27 ppb4 at pci0 dev 28 function 4 Intel 82801G PCIE rev 0x01 pci5 at ppb4 bus 5 bge0 at pci5 dev 0 function 0 Broadcom BCM5721 rev 0x11, BCM5750 B1 (0x4101): apic 1 int 16, address 00:13:72:fc:ae:1b brgphy0 at bge0 phy 1: BCM5750 10/100/1000baseT PHY, rev. 0 ppb5 at pci0 dev 28 function 5 Intel 82801G PCIE rev 0x01 pci6 at ppb5 bus 6 bge1 at pci6 dev 0 function 0 Broadcom BCM5721 rev 0x11, BCM5750 B1 (0x4101): apic 1 int 17, address 00:13:72:fc:ae:1c brgphy1 at bge1 phy 1: BCM5750 10/100/1000baseT PHY, rev. 0 ppb6 at pci0 dev 30 function 0 Intel 82801BA Hub-to-PCI rev 0xe1 pci7 at ppb6 bus 7 vga1 at pci7 dev 5 function 0 XGI Technology Volari Z7 rev 0x00 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) pcib0 at pci0 dev 31 function 0 Intel 82801GB LPC rev 0x01 pciide0 at pci0 dev 31 function 1 Intel 82801GB IDE rev 0x01: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility atapiscsi0 at pciide0 channel 0 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: HL-DT-ST, CD-ROM GCR-8240N, 1.10 ATAPI 5/cdrom removable cd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2 pciide0: channel 1 ignored (disabled) pciide1 at pci0 dev 31 function 2 Intel 82801GB SATA rev 0x01: DMA, channel 0 configured to native-PCI, channel 1 configured to native-PCI pciide1: using apic 1 int 20 for native-PCI interrupt wd0 at pciide1 channel 0 drive 0: ST31500341AS wd0: 16-sector PIO, LBA48, 1430799MB, 2930277168 sectors wd0(pciide1:0:0): using
Re: making packages
Thanks on shellcode. Ofc i try example in man page pkg_create -f /var/db/pkg/xfce4-session-4.8.2p2/+CONTENTS but that create only one xfce4-session package without depends. This shellcode do same as pkg_create -f /var/db/pkg/*/+CONTENTS, but i want only xfce4-session. Date: Fri, 11 May 2012 21:29:59 +0200 From: es...@nerim.net To: rfabr...@nerdshack.com CC: misc@openbsd.org Subject: Re: making packages On Fri, May 11, 2012 at 07:48:15PM +0200, Renzo Fabriek wrote: As for pkg_create. The manual explains that very well, it even provides an example. I don't repeat it here. Just look a bit further. But as far as I can see you'll have to do that for every package. Still much faster than compiling. Well, shell is good, e.g., for f in /var/db/pkg/*/+CONTENTS do pkg_create -f $f done (generally done as root if any file in any package may be unreadable as normal user).
Odd PMTU issue on ipsec tunnel
I have an openbsd 5.1-release box configured with an ipsec vpn to another identical openbsd machine. I am trying to test PMTU discovery by sending packets, both TCP and UDP, with the DF bit set. I get an ICMP Unreachable - Fragmentation needed packet as expected, however the Next-Hop MTU: field is set to 0. The RFC says this should never be below 68. I am wondering if the issue is related to the fact that you can no longer set an MTU on enc0 (the ipsec tunnel interface). My first question is why am I getting 0 as the next-hop mtu? Secondly, why can I no longer set an MTU for my enc0 interface (when I try with ifconfig, I get : SIOCSIFMTU: Inappropriate ioctl for device)? Thanks.
Re: making packages
On Friday 11 May 2012 22:12:36 Dimitry T wrote: Thanks on shellcode. Ofc i try example in man page pkg_create -f /var/db/pkg/xfce4-session-4.8.2p2/+CONTENTS but that create only one xfce4-session package without depends. This shellcode do same as pkg_create -f /var/db/pkg/*/+CONTENTS, but i want only xfce4-session. I think I found a way with pkg_add and PKG_CACHE. Provided that you have made all packages installed on your current system. (assuming all needed packages are installed) Please read the pkg_add manual for the explanation of -U and PKG_CACHE. I'm doing homework which you could do yourself. sudo pkg add -U your_package Before you do that you have set export PKG_CACHE=/the/packages/you/need/ After that you find the necesary packages in /the/packages/you/need/. Date: Fri, 11 May 2012 21:29:59 +0200 From: es...@nerim.net To: rfabr...@nerdshack.com CC: misc@openbsd.org Subject: Re: making packages On Fri, May 11, 2012 at 07:48:15PM +0200, Renzo Fabriek wrote: As for pkg_create. The manual explains that very well, it even provides an example. I don't repeat it here. Just look a bit further. But as far as I can see you'll have to do that for every package. Still much faster than compiling. Well, shell is good, e.g., for f in /var/db/pkg/*/+CONTENTS do pkg_create -f $f done (generally done as root if any file in any package may be unreadable as normal user).
Re: Watchdog timeout reset in 5.1 on intel nic:s
On 11 maj 2012, at 11:16, Stuart Henderson wrote: On 2012/05/11 01:15, Garry Dolley wrote: On Thu, May 10, 2012 at 03:31:27PM +0100, Stuart Henderson wrote: In gmane.os.openbsd.misc, Garry Dolley wrote: On Tue, May 08, 2012 at 07:58:30PM -0400, Simon Perreault wrote: On 2012-05-08 19:08, Per-Olov Sjvholm wrote: It says em1: watchdog timeout -- resetting aol I saw the same on an amd64 VPS from arpnetworks.com. Network was not functional. Backed out. Did not investigate further. /aol Simon I had another customer on amd64 report this problem today. Not sure what the solution is. I'm recommending either downgrade to 5.0 or use i386 arch for now. If possible, tracking down the commit which broke it, or at least narrow it to a reasonably small date range, would help. I have an archive of snapshot kernels if you want to work through them rather than cvs checkouts, contact me if you'd like access to them. Guys, I now have an amd64 test VM set up, where I installed stock 5.0. I ran a lot of traffic over em0 without any timeouts. I also have been trying several -current kernels. As of: OpenBSD 5.1-current (GENERIC) #205: Wed Mar 28 21:40:45 MDT 2012 I don't see any em0 timeouts. I will continue to try newer ones and report back here... Hmm - Mar 28 is already after 5.1 was released. Could somebody seeing the problem (sperreault?) please send a dmesg from a kernel showing the problem? Hi Stuart Here is a dmesg on 4.9 where it's working and on 5.1 when it's not working. http://www.incedo.eu/~sjoholmp/misc_internet_links/timer_problem_openbsd/ Note that both are virtual OpenBSDs running on the exact same KVM host version and use the same bios etc. Regards P-O -- GPG keyID: 5231C0C4 GPG fingerprint: B232 3E1A F5AB 5E10 7561 6739 766E D29D 5231 C0C4
Re: making packages
Ok, I obviously made bba mess. I know how to install packages, but don't know how to make it. This is full story. On one computer i compile from ports xfce4-session and some other ports. I want to make package for xfce4-session, exaile and few another who are already compiled from ports with make install. After that i will copy packages to usb and install on another computers. Because i wanted to practice and make packages I deleted all existing in /usr/ports/packages. If i try with make package or pkg_create -f /var/db/pkg/xfce4-session-4.8.2p2/+CONTENTS I get just one package xfce4-session-4.8.2p2.tgz without depends. Sorry and thanks on homework i try to learn, but only a few days ago i arrived in bsd world. From: rfabr...@nerdshack.com To: misc@openbsd.org Subject: Re: making packages Date: Fri, 11 May 2012 23:21:28 +0200 On Friday 11 May 2012 22:12:36 Dimitry T wrote: Thanks on shellcode. Ofc i try example in man page pkg_create -f /var/db/pkg/xfce4-session-4.8.2p2/+CONTENTS but that create only one xfce4-session package without depends. This shellcode do same as pkg_create -f /var/db/pkg/*/+CONTENTS, but i want only xfce4-session. I think I found a way with pkg_add and PKG_CACHE. Provided that you have made all packages installed on your current system. (assuming all needed packages are installed) Please read the pkg_add manual for the explanation of -U and PKG_CACHE. I'm doing homework which you could do yourself. sudo pkg add -U your_package Before you do that you have set export PKG_CACHE=/the/packages/you/need/ After that you find the necesary packages in /the/packages/you/need/. Date: Fri, 11 May 2012 21:29:59 +0200 From: es...@nerim.net To: rfabr...@nerdshack.com CC: misc@openbsd.org Subject: Re: making packages On Fri, May 11, 2012 at 07:48:15PM +0200, Renzo Fabriek wrote: As for pkg_create. The manual explains that very well, it even provides an example. I don't repeat it here. Just look a bit further. But as far as I can see you'll have to do that for every package. Still much faster than compiling. Well, shell is good, e.g., for f in /var/db/pkg/*/+CONTENTS do pkg_create -f $f done (generally done as root if any file in any package may be unreadable as normal user).
a live cd/dvd?
hello everyone. I was thinking that if we had a live image (A full running system) with an installer, we could have easier installations for the blind (and others as well). Now, some systems have the ability to port the screen to a local serial port (these are getting rare in modern commodity systems) and there are a couple of screen device options that will allow either screen-console output or screen-network. these, however, are fairly expensive solutions. I even suggested this to an interviewer from the conference happening in canada today. Now, I do understand that making OpenBSD capable of this might entail a lot of development work. now, some linux projects (like OpenSUSE, Ubuntu and Vinux) can operate as a live dvd (and in the case of Vinux, even the installer is fully accessible) but OpenBSD isn't Linux. However, this type of installation system could prove to be very powerful as hardware detection and settings could be made before running the installation script. Oh, and Theo, I would understand if you find this idea a little far fetched. Still, all I request is that you and your team give it a look-see. I am still looking at using the custom scripting project to perform an install, but have run into a couple of snags dealing with some of the variables that need to be passed to the installer (I know, I know, read some more). anyway, take a look and see if this idea is doable. There are a lot of blind people like me that want something more secure than windows and easier to work. Let me know what you guys think. btw, as an afterthought, I should mention that I am using OpenBSD 5.0 with Speakup as the console screen reader. This system is my household firewall and internal DNS. -eric
Re: a live cd/dvd?
On Fri, 2012-05-11 at 18:47 -0700, Eric Oyen wrote: hello everyone. I was thinking that if we had a live image (A full running system) with an installer, we could have easier installations for the blind (and others as well). Like this one? http://livecd-openbsd.sourceforge.net/ Or, if you want a USB stick, http://liveusb-openbsd.sourceforge.net/ He hasn't released a 5.1 version yet (it's usually a month or so behind the release), but there are instructions for doing so if you want one and have a 5.1 installation somewhere. Weldon
Re: strange lockups
I have further isolated this. I disabled/removed basically all custom configuration I had on the system, and was still able to trigger it. This: em3: flags=8802BROADCAST,SIMPLEX,MULTICAST mtu 1500 lladdr 00:04:23:c2:9f:27 priority: 0 media: Ethernet autoselect (1000baseT full-duplex) status: active -=[~]=- -=[Fri May 11]=- -=[22:46:55]=- [root@charon]# ifconfig em3 lladdr 00:04:23:c2:9f:ff -=[~]=- -=[Fri May 11]=- -=[22:47:11]=- [root@charon]# ifconfig em2 up -=[~]=- -=[Fri May 11]=- -=[22:47:13]=- [root@charon]# ifconfig em3 up -=[~]=- -=[Fri May 11]=- -=[22:47:16]=- [root@charon]# ifconfig em3 down -=[~]=- -=[Fri May 11]=- -=[22:47:20]=- [root@charon]# ifconfig em3 lladdr 00:04:23:c2:9f:27 -=[~]=- -=[Fri May 11]=- -=[22:47:29]=- [root@charon]# ifconfig em3 up Write failed: Broken pipe Shared connection to 10.0.12.14 closed. Now, em3 has a conflicting address with another box in the same vlan. This is/was managed with a script that hooks into dhclient (replaces dhclient-script) and was relying on the PREINIT actions (now removed) to change the ll address on the interface. http://www.openbsd.org/cgi-bin/cvsweb/src/sbin/dhclient/dhclient.c.diff?r1=1.138;r2=1.139 That was, I guess, not so useless for me :) In any event, it seems that even in this situation, the box really shouldn't hang like this, still no idea why that happens. -Adam On 5/10/12 11:46 PM, Adam Jacob Muller wrote: On 5/10/12 4:24 AM, JC)rC)mie CourrC(ges-Anglas wrote: Please see http://www.openbsd.org/faq/faq2.html and http://www.openbsd.org/report.html Regards. Hi, I did do a sendbug, but i'm not sure if gnats@ goes anywhere (seems query-pr page is broken?). In any event, this is the ddb output of ps/show registers. I'm fairly reliably able to reproduce this, if there is any more information I can gather, let me know. -=[~]=- -=[Thu May 10]=- -=[21:30:46]=- [root@charon]# ifconfig em2 up -=[~]=- -=[Thu May 10]=- -=[21:30:49]=- [root@charon]# uptime 9:30PM up 2 mins, 1 user, load averages: 1.38, 0.50, 0.19 -=[~]=- -=[Thu May 10]=- -=[21:30:52]=- [root@charon]# ifconfig em3 up ^EB^EStopped at Debugger+0x5: leave ddb show panic the kernel did not panic ddb ps PID PPID PGRPUID S FLAGS WAIT COMMAND *31458 2782 31458 0 7 0ifconfig 2782 1 2782 0 30x80 wait bash 9835 1 9835 0 30x80 ttyin getty 28249 1 28249 0 30x80 ttyin getty 1429 1 1429 0 30x80 ttyin getty 12859 1 12859 0 30x80 ttyin getty 15689 1 15689 0 30x80 ttyin getty 21720 1 21720 0 30x80 selectcron 22103 15791 15791 0 30x80 nanosleep perl 15791 1 15791 0 30x80 poll collectd 17486 1711 1711 77 30x80 poll dhcpd 32181 15104 27517 90 30x80 kqreadospf6d 22133 15104 27517 90 30x80 kqreadospf6d 4380 27517 27517 0 30x80 piperdtee 15104 27517 27517 0 20x80ospf6d 27517 11636 27517 0 30x88 pause sh 7865 22621 4001 83 30x80 poll ntpd 22621 4001 4001 83 30x80 poll ntpd 11636 1 11636 0 30x80 selectscreen 1711 22145 1711 77 30x80 poll dhcpd 4001 26301 4001 0 30x80 poll ntpd 22145 1 22145 0 30x80 selectscreen 20753 11069 20753 0 30x80 netconphp 11069 1 11069 0 30x80 selectscreen 26301 1 26301 0 30x80 selectscreen 23181 1 23181556 30x80 selectnrpe 13812 30502 30502 91 20x80snmpd 30502 23345 30502 0 30x80 kqreadsnmpd 24114 6566 24114 0 30x80 nanosleep php 24896 12320 24896 0 30x80 nanosleep php 30324 26717 30324 0 30x80 nanosleep php 23345 1 23345 0 30x80 selectscreen 2939 17720 2939 0 30x80 nanosleep php 26717 1 26717 0 30x80 selectscreen 12320 1 12320 0 30x80 selectscreen 6566 1 6566 0 30x80 selectscreen 17720 1 17720 0 30x80 selectscreen 20349 31546 20349 0 30x80 poll syslog-ng 31546 1 13174 0 30x80 wait syslog-ng 22116 1 22116 99 30x80 poll sndiod 12536 1 12536 0 30x80 selectinetd 21142 13495 13495507 30x80 kqread
Re: a live cd/dvd?
teaches me not to look at the website more often! /facepalm I never noticed these projects before. sometimes, being limited to braille or screen readers can be more than a little frustrating. thanks for the links though. I will give them a try and see what I can do with them. -eric On May 11, 2012, at 7:53 PM, Weldon Goree wrote: On Fri, 2012-05-11 at 18:47 -0700, Eric Oyen wrote: I was thinking that if we had a live image (A full running system) with an installer, we could have easier installations for the blind (and others as well). Like this one? http://livecd-openbsd.sourceforge.net/ Or, if you want a USB stick, http://liveusb-openbsd.sourceforge.net/ He hasn't released a 5.1 version yet (it's usually a month or so behind the release), but there are instructions for doing so if you want one and have a 5.1 installation somewhere. Weldon
Re: a live cd/dvd?
On 05/11/12 21:46, Eric Oyen wrote: hello everyone. I was thinking that if we had a live image (A full running system) with an installer, we could have easier installations for the blind (and others as well). Now, some systems have the ability to port the screen to a local serial port (these are getting rare in modern commodity systems) and there are a couple of screen device options that will allow either screen-console output or screen-network. these, however, are fairly expensive solutions. I even suggested this to an interviewer from the conference happening in canada today. Now, I do understand that making OpenBSD capable of this might entail a lot of development work. now, some linux projects (like OpenSUSE, Ubuntu and Vinux) can operate as a live dvd (and in the case of Vinux, even the installer is fully accessible) but OpenBSD isn't Linux. However, this type of installation system could prove to be very powerful as hardware detection and settings could be made before running the installation script. Oh, and Theo, I would understand if you find this idea a little far fetched. Still, all I request is that you and your team give it a look-see. I am still looking at using the custom scripting project to perform an install, but have run into a couple of snags dealing with some of the variables that need to be passed to the installer (I know, I know, read some more). anyway, take a look and see if this idea is doable. There are a lot of blind people like me that want something more secure than windows and easier to work. Let me know what you guys think. btw, as an afterthought, I should mention that I am using OpenBSD 5.0 with Speakup as the console screen reader. This system is my household firewall and internal DNS. -eric gee...now I'm getting self-conscious... what's better for a screen reader, top posting or bottom posting? (Part of me really hopes you say top posting, love to stick it to the people who can't write in complete sentences, but will dictate to the rest of the world how to write). First of all...the easy part...live CD. I suspect the interest in that is rapidly approaching zero. Its a concept who's time has come...and gone, I think. Five or six years ago, yeah...cool. Today...why?. A live CD gives you a very rigid, predefined read-only environment. I think a much more useful tool these days is a USB flash drive -- they are smaller than a CD, more rugged, and probably run on more modern systems than CDs do (I say that with some uncertainty -- some modern computers come with no DVD, virtually all come with USB ports, but some have broken BIOSs). Making a live USB stick is exactly the same as making a standard install; no need for anything new, assuming you have something that can boot from a CD or floppy and has a USB port (bootable or not!) to do the initial install from. Making it into an installer is as simple as adding the standard install files to a subdirectory on the flash drive, booting bsd.rd and pointing the installer at that location for the files. As for a vision-impared-friendly version of OpenBSD, I think this is a potentially a great idea for a side project (unlike most side projects which would be better replaced with a few lines of explanatory instruction). I would think this would be best handled like OpenSSH and friends are handled -- take the basic OpenBSD and rebundle to add whatever you need to add to make it screen-reader friendly. Follow OpenBSD, but re-bundle it as you feel best. If there are things that create problems for the vision impaired in OpenBSD or screen-reader incompatabilities, make a diff, make a regression test and submit it for inclusion... As for sending the screen out to a serial port, It's In There -- just use a serial console, and tap it to your serial reader (I'm having Vortrax Type n Talk flashbacks) (actually, I'd half-guess a modern serial reader would provide the serial port pass-through, but I have no idea). You probably want something where you just echo what is on the screen to the serial port...I'm guessing that would be a modest change to the wscons subsystem (but please don't take my comments as anything resembling authoritative or correct). Nick.