Re: ipv6 support for rdomains?
On Fri, May 17, 2013 at 08:58:56PM -0600, Mattias Lindgren wrote: I was wondering about ipv6 support for rdomains. I set up a Virtualbox VM running OpenBSD 5.3 with a bridged network to my home network. I configured em0 into a vrf: ifconfig em0 10.50.3.16 255.255.255.0 rdomain 1 and was able to ping the other hosts in my network. I then configured an IPv6 address into the same vrf: ifconfig em0 inet6 2601:1::41::3/64 rdomain 1 and was unable to ping the host from the other hosts on my network. I was unable to test the other way because ping6 appears to not be vrf-aware. When I tcpdump on the interface I get messages such as: May 17 20:32:33.010151 00:0c:29:7f:ba:11 33:33:ff:00:00:01 86dd 78: :: ff02::1:ff00:1: icmp6: neighbor sol: who has 2601:1::41::3 May 17 20:32:33.175504 00:0c:29:7f:ba:11 33:33:ff:7f:ba:11 86dd 78: :: ff02::1:ff7f:ba11: icmp6: neighbor sol: who has fe80::20c:29ff:fe7f:ba11 It seems like multicast is getting a little goofy? I also tried setting my virtual NIC into promiscuous mode, but it did not make a difference. I will try with a physical box over the weekend, unless someone steps forward and tells me that this is not possible :) Does anyone know if it is possible to use ping6 within a routing domain? Currently no. There are bits missing to make rdomains IPv6 aware. There is some work done but the there are a few problems left to make it work. -- :wq Claudio
How to Run WindowMaker and GWorkspace on OBSD 5.3
Good day, I tried to install OpenBSD 5.3 64-bit on VMware Workstation 9.x and so far it's working like a charm. I next tried to install WindowMaker, to override the default twm, I created an .xinitrc file on home directory with just one entry: wmaker. When I typed startx, as expected, the X window manager is WindowMaker. I then installed GWorkspace, and to run it, I have to type in the xterm window: GWorkspace. I read the man page on startx, I tried to follow the example of /etc/X11/init/xinitrc where it ran fcwm || xterm to run xterm after the default WM started, by creating an home dir/.xinitrc with wmaker || GWorkspace but it doesn't seem to work. Can somebody please give me pointers how I can run GWorkspace automatically when I start X with WindowMaker as WM? Thank you very much.
Re: How to Run WindowMaker and GWorkspace on OBSD 5.3
Hi, On Saturday, May 18, 2013 16:32 CEST, Tito Mari Francis Escaño titomarifran...@gmail.com wrote: Good day, I tried to install OpenBSD 5.3 64-bit on VMware Workstation 9.x and so far it's working like a charm. I next tried to install WindowMaker, to override the default twm, I created an .xinitrc file on home directory with just one entry: wmaker. When I typed startx, as expected, the X window manager is WindowMaker. I then installed GWorkspace, and to run it, I have to type in the xterm window: GWorkspace. I read the man page on startx, I tried to follow the example of /etc/X11/init/xinitrc where it ran fcwm || xterm to run xterm after the default WM started, by creating an home dir/.xinitrc with wmaker || GWorkspace but it doesn't seem to work. Can somebody please give me pointers how I can run GWorkspace automatically when I start X with WindowMaker as WM? Thank you very much. just install the gnustep-desktop meta package: sudo pkg_add -i gnustep-desktop then, I have this in my .xsession file in order to start windowmaker and GWorkspace: if [ -f /usr/local/share/GNUstep/Makefiles/GNUstep.sh ];then . /usr/local/share/GNUstep/Makefiles/GNUstep.sh fi export GNUSTEP_STRING_ENCODING=NSUTF8StringEncoding export LC_ALL='en_EN.UTF-8' export LC_CTYPE='en_US.UTF-8' if [ -x /usr/local/bin/gpbs ];then /usr/local/bin/gpbs fi if [ -x /usr/local/bin/gdnc ];then /usr/local/bin/gdnc fi wmaker if [ -x /usr/local/bin/GWorkspace ];then /usr/local/bin/make_services /usr/local/bin/GWorkspace fi cheers, Sebastian
Re: How to Run WindowMaker and GWorkspace on OBSD 5.3
On Sat, May 18, 2013 at 10:32:47PM +0800, Tito Mari Francis Escaño wrote: I read the man page on startx, I tried to follow the example of /etc/X11/init/xinitrc where it ran fcwm || xterm to run xterm after the default WM started, by creating an home dir/.xinitrc with wmaker || GWorkspace but it doesn't seem to work. Of course it won't, you misunderstood what prog1 || prog2 does. It tries to run prog1, and *if that fails* then it runs prog2. Thus, in fcwm || xterm, the goal is to give you an xterm if the startup of fcwm fails (for instance, if your config file for the window manager is bogus). Among the various things sebastia wrote, he did: prog1 prog2 which is a possible shell-construct to start a prog1 in the background and then start prog2 as well. In the context of xinitrc, note that when the script exits, then X windows stops, so you have to write things in the correct order (e.g., the background program has no effect on when xwindows exits)
Re: How to Run WindowMaker and GWorkspace on OBSD 5.3
Thanks for the pointers SEbastian :) I tried creating an xsession or .xsession file with those contents but they didn't work. Following your example, what I did instead was to create on the home dir the file .xinitrc with the following content: wmaker /usr/local/bin/gpbs /usr/local/bin/gndc /usr/local/bin/make_services /usr/local/bin/GWorkspace This enabled me to run X with the WindowMaker and automatically starting GWorkspace, with the effect that exits X11 when I Quit GWorkspace. Thank you very much. Now my next task is to run the installed apps when I ran the command: pkg_add gnustep-desktop Maybe you can further advise me on this. I'm very grateful. Thank you very much. On Sat, May 18, 2013 at 11:15 PM, Sebastian Reitenbach sebas...@l00-bugdead-prods.de wrote: Hi, On Saturday, May 18, 2013 16:32 CEST, Tito Mari Francis Escaño titomarifran...@gmail.com wrote: Good day, I tried to install OpenBSD 5.3 64-bit on VMware Workstation 9.x and so far it's working like a charm. I next tried to install WindowMaker, to override the default twm, I created an .xinitrc file on home directory with just one entry: wmaker. When I typed startx, as expected, the X window manager is WindowMaker. I then installed GWorkspace, and to run it, I have to type in the xterm window: GWorkspace. I read the man page on startx, I tried to follow the example of /etc/X11/init/xinitrc where it ran fcwm || xterm to run xterm after the default WM started, by creating an home dir/.xinitrc with wmaker || GWorkspace but it doesn't seem to work. Can somebody please give me pointers how I can run GWorkspace automatically when I start X with WindowMaker as WM? Thank you very much. just install the gnustep-desktop meta package: sudo pkg_add -i gnustep-desktop then, I have this in my .xsession file in order to start windowmaker and GWorkspace: if [ -f /usr/local/share/GNUstep/Makefiles/GNUstep.sh ];then . /usr/local/share/GNUstep/Makefiles/GNUstep.sh fi export GNUSTEP_STRING_ENCODING=NSUTF8StringEncoding export LC_ALL='en_EN.UTF-8' export LC_CTYPE='en_US.UTF-8' if [ -x /usr/local/bin/gpbs ];then /usr/local/bin/gpbs fi if [ -x /usr/local/bin/gdnc ];then /usr/local/bin/gdnc fi wmaker if [ -x /usr/local/bin/GWorkspace ];then /usr/local/bin/make_services /usr/local/bin/GWorkspace fi cheers, Sebastian
Re: openospfd vs bird vs quagga etc on OpenBSD for OSPF interoperating with IOS XE (v4 v6)
Hi, Sorry for the slow reply, have just got back home from the RIPE 66 conference in Dublin. Which was great by the way :) Thank you very much for your comments and suggestions. When building something like this it is really important to me to hear the experience and thoughts of others. Ok, so I think Quagga is out the Window. This is what I have got it down too.. I have put question marks next to the items which I am not 100% sure on, and a score of 1 to 10 on how important it is. *BIRD; - Pro's Widely deployed - 7/10 Heavily tested - 10/10 Great interoperability with Cisco - 10/10 Fast development with many developers working on it - 5/10 - Con's All routes treated with same priority - 4/10 No CARP demote - (Not sure if this is important or not?) - ?/10 *OpenBGPd/OpenOSPFd; - Pro's Tightly integrated into OBSD code - 7/10 Routes support different priorities - 5/10 Supports CARP demote - (Not sure if this is important or not?) - ?/10 Better configuration interface compared to Bird(?) - 3/10 - Con's Not so widely deployed(?) - 7/10 Not as well tested(?) - 10/10 More likely to have interoperability issues with Cisco maybe(?) - 10/10 I seem to remember seeing something when googling like OpenOSPFd once had assert fail problems when receiving packets from other routing daemons with unknown attributes, is this true or still the case? I can't remember where I heard that so not sure if thats even true. What is the level of integration with CARP for OpenBGPd and OpenOSPFd? I.e. Can I have both the Primary 'and' the Backup firewalls sending and receiving routes all the time, but referring to the CARP IPs in the route entires so the forwarding plane uses the CARP Masters etc, and the routing control plane always involves all firewalls etc? This would mean that a CARP fail-over would effectively be an instantaneous re-convergence? (this is very important). The network I am building is as follows; I have 3 data centres (one primary, one DR/backup, one staging/development). I am building 2 brand new POPs at two new central locations using two Cisco ASR 1002 routers to join the data centres and firewalls I have inherited together, and bring all POPs/DCs under the same ASN and global IP prefixes etc. The DR/backup and staging/dev DCs just have single layer 2 back-haul links (one to one POP, and the other to the other POP). The primary data center has a fibre to the first POP, and a second diverse path fibre to the other POP, and the two POPs have a fibre between them. TransitsIXPs | ---POP1DR_DC Primary_DC-| | ---POP2-Dev_DC | TransitsIXPs The two Cisco ASRs are going to run eBGP to announce our ASN and full prefix globally etc, eBGP with announce filtering for our IXP peerings, iBGP to redistribute full internet table routes between them, and OSPF to redistribute the local DC sub-prefixes etc. Each of the DR and Dev DCs have two OpenBSD firewalls (in CARP configuration), and the Primary data centre has six OpenBSD firewalls (3 pairs) to physically separate out the different internal networks in that data centre (Public DMZ network behind different firewalls to the corporate business networks etc). The layer 2 connectivity between the 3 pairs of firewalls at the primary data centre and the two POPs is provided by VPLS from our Primary colocation data centre provider who we have a close working relationship with. Naturally I have sliced up our public global IP prefix so each pair of firewalls host their own aggregated IP ranges from the global prefix etc, and I would like each of these sub-prefixes to be redistributed around using OSPF between all POPs and all firewalls in all locations etc. So in the case of the Primary data centre firewalls, they should receive equal cost multi-path routes for global transit and IXP access via POP1 and POP2, and routes with different preferences for the DR DC and Dev DC depending on whether going via POP1 (one hop to DR, and two hops for Dev) or POP2 (one hop to Dev, and two hops to DR) for example. So considering the pro's and con's above, this network design, Cisco interoperability being critical, and firewall fail-over providing instantaneous re-convergence, is their any advice you can offer regarding BIRD or OpenOSPFd for the OpenBSD firewalls? To add another can of worms to the mix, although not entirely important for the core dynamic routing design under normal operation, the Transits and IXP access are being provided by our VPLS network provider who have multiple transits each from Telecom Italia, Level 3 and NTT, and multiple connections to LONAP (our IXP). This means we only need two 10 GBit uplinks on our ASRs instead of lots of physical layer 1 connections (Our new POPs will be in the same racks as their POPs..). It also means that if both of our ASR routers were to go down, they can continue providing the layer 3 Transit and IXP access for
Re: smtpd setup
Eric: Thanks again for your help; it's working again. All: While I've got the patience to work up to my final desired configuration for smtpd, I don't know if any of the rest of you do :) I'd like to write a section for mail setup in the FAQ. Whether it actually gets included or not is ultimately not up to me; but I'll work under the assumption that it will be anyway (but opinions still welcomed). On the one hand I think I should try my best to complete my desired configuration and ask on the list again when I can't get parts working. On the other hand I want to ask as little as possible so that I can experiment more and get clues from searching around. Chewing on the information and struggling with it for a while makes it more permanent than when it's just given to me right away. However, I suspect this might add a lot of noise to the list. Either option assumes due diligence on my part, reading manpages, searching the list, etc. before posting to list. But you tell me; which of the two is a more preferred approach on misc? Either way (or even if you tell me to take off), I respect everyone's time and appreciate you spending it to help, especially with these 101 type questions. As usual, thanks in advance. -Scott On Fri, May 17, 2013 at 10:41 PM, Eric Faurot e...@faurot.net wrote: On Fri, May 17, 2013 at 07:31:42PM -0700, Scott wrote: The initial debug advice I got was helpful, so I thought I'd take the next step and add relaying to gmail (back to that in a minute), but apparently I just don't get it still. Rolling back to my previously working setup failed also, this time with a new error: 421. I don't get much help looking for explanations of 421 on the web. From the log you sent, it fails because the .forward file in your user dir is empty. This is actually a bug that is fixed in the upcoming release. Either rm it, or put the username in there, for now. I wondered if somehow I gummed up my queue when I was diddling around with the relay settings. # ls /var/spool/smtpd/ a0 Ok, so that's my just-failed message, so I flush it, just to be sanitary: # smtpctl remove a0b31f71a4e509ff (BTW, is there a way to flush ALL queued messages? smtpctl(8) doesn't allude to it. If there isn't, what's the proper way to do so?) Get the envelope ids from the mailq output and pass them to smtpctl remove. Something like: # mailq | cut -d \| -f 1 | xargs -L 1 smtpctl remove Eric.
Re: openospfd vs bird vs quagga etc on OpenBSD for OSPF interoperating with IOS XE (v4 v6)
On 2013/05/18 18:10, andy wrote: Hi, Sorry for the slow reply, have just got back home from the RIPE 66 conference in Dublin. Which was great by the way :) Thank you very much for your comments and suggestions. When building something like this it is really important to me to hear the experience and thoughts of others. Ok, so I think Quagga is out the Window. This is what I have got it down too.. I have put question marks next to the items which I am not 100% sure on, and a score of 1 to 10 on how important it is. *BIRD; - Pro's Widely deployed - 7/10 Heavily tested - 10/10 Great interoperability with Cisco - 10/10 Fast development with many developers working on it - 5/10 - Con's All routes treated with same priority - 4/10 No CARP demote - (Not sure if this is important or not?) - ?/10 Important con here if you're talking about running it on OpenBSD is that this is not a primary platform for them. I think it's safe to say that far fewer people will be running BIRD on OpenBSD than will be running OpenOSPFd on OpenBSD. (I mostly just imported it to ports in case it's useful for interoperability testing rather than to actually use it..) *OpenBGPd/OpenOSPFd; - Pro's Tightly integrated into OBSD code - 7/10 Routes support different priorities - 5/10 This is important when you're running with multiple routing daemons but less important if everything is done in one process. Supports CARP demote - (Not sure if this is important or not?) - ?/10 If you are using ospfd on a machine (firewall, etc) which is also running carp, yes it's very important, otherwise a machine can become carp master when ospf is down so it has no onward routes. Better configuration interface compared to Bird(?) - 3/10 - Con's Not so widely deployed(?) - 7/10 I don't think it's really possible to say which is more widely deployed.. I'm pretty sure Quagga is more deployed than either, still that wouldn't make me want to use it unless it was the only option ;) Not as well tested(?) - 10/10 see above; definitely better tested than BIRD on OpenBSD. More likely to have interoperability issues with Cisco maybe(?) - 10/10 no known problems, and we do minimal dead time for sub-second failover. I seem to remember seeing something when googling like OpenOSPFd once had assert fail problems when receiving packets from other routing daemons with unknown attributes, is this true or still the case? I can't remember where I heard that so not sure if thats even true. You're thinking of something else (possibly quagga's ospfd?) OpenBSD's ospfd has never had asserts. What is the level of integration with CARP for OpenBGPd and OpenOSPFd? I.e. Can I have both the Primary 'and' the Backup firewalls sending and receiving routes all the time, but referring to the CARP IPs in the route entires so the forwarding plane uses the CARP Masters etc, and the routing control plane always involves all firewalls etc? This would mean that a CARP fail-over would effectively be an instantaneous re-convergence? (this is very important). With OpenOSPFd normally both carp master *and* carp backup will advertise the route, master with a low (more preferred) metric, backup with a high metric. So when a failover occurs, the route will not drop out at all, it will switch straight over. I think this is what you're looking for. Other routing daemons do not do this. The network I am building is as follows; I have 3 data centres (one primary, one DR/backup, one staging/development). I am building 2 brand new POPs at two new central locations using two Cisco ASR 1002 routers to join the data centres and firewalls I have inherited together, and bring all POPs/DCs under the same ASN and global IP prefixes etc. The DR/backup and staging/dev DCs just have single layer 2 back-haul links (one to one POP, and the other to the other POP). The primary data center has a fibre to the first POP, and a second diverse path fibre to the other POP, and the two POPs have a fibre between them. TransitsIXPs | ---POP1DR_DC Primary_DC-| | ---POP2-Dev_DC | TransitsIXPs The two Cisco ASRs are going to run eBGP to announce our ASN and full prefix globally etc, eBGP with announce filtering for our IXP peerings, iBGP to redistribute full internet table routes between them, and OSPF to redistribute the local DC sub-prefixes etc. Each of the DR and Dev DCs have two OpenBSD firewalls (in CARP configuration), and the Primary data centre has six OpenBSD firewalls (3 pairs) to physically separate out the different internal networks in that data centre (Public DMZ network behind different firewalls to the corporate business networks etc). The layer 2 connectivity between the 3 pairs of firewalls at the primary data centre and the two POPs is provided by VPLS from our Primary colocation data centre provider
Another year goes by
Happy birthday Theo. Many more, I trust. Thanks for your leadership and the quality work that engenders amongst others. R/ *** NOTE *** Please DO NOT CC me. I am subscribed to the list. Mail to the sender address that does not originate at the list server is tarpitted. The reply-to: address is provided for those who feel compelled to reply off list. Thankyou. Rod/ --- This life is not the real thing. It is not even in Beta. If it was, then OpenBSD would already have a man page for it.
