Can OpenBSD access BBC Iplayer?
Greetings, list! I'm a long-standing user of Linux (currently ArchLinux) who is just trying out OpenBSD and so far is much impressed. I'm using a Thinkpad T42. The main outstanding problem at the moment is accessing BBC Iplayer, which insists on my having Flashplayer installed. After reading the FAQ and various lists I put libflashplayer.so in ~/.mozilla/plugins and installed the fedora_base package as suggested in the FAQ. I still can't use Iplayer. I saw somewhere that Chrome has inbuilt flashplayer but that doesn't seem to be the case. As a workaround I can use get_iplayer to download BBC programmes but is it possible to get a browser to access Iplayer? Anthony -- Anthony Campbell - a...@acampbell.org.uk http://www.acupuncturecourse.org.uk http://www.smashwords.com/profile.view/acampbell https://itunes.apple.com/ca/artist/anthony-campbell/id73235412
Re: unbound reverse DNS problem to local stub zone
On 2014-09-01 Mon 08:58 AM |, Arthur Mesh wrote: I have the same exact symptom, unbound.conf: local-zone: 10.in-addr.arpa. nodefault Change this to: local-zone: 10.in-addr.arpa typetransparent See types under the section 'local-zone' of unbound.conf(5)
Re: Can OpenBSD access BBC Iplayer?
On Tue, Sep 02, 2014 at 08:57:34AM +0100, Anthony Campbell wrote: Greetings, list! I'm a long-standing user of Linux (currently ArchLinux) who is just trying out OpenBSD and so far is much impressed. I'm using a Thinkpad T42. The main outstanding problem at the moment is accessing BBC Iplayer, which insists on my having Flashplayer installed. After reading the FAQ and various lists I put libflashplayer.so in ~/.mozilla/plugins and installed the fedora_base package as suggested in the FAQ. I still can't use Iplayer. I saw somewhere that Chrome has inbuilt flashplayer but that doesn't seem to be the case. As a workaround I can use get_iplayer to download BBC programmes but is it possible to get a browser to access Iplayer? Anthony Hi Anthony, In the past I have managed to get flash to work on OpenBSD - but flash has not worked reliablybut not having flash is a positive feature for me ;~) I have not managed to get iplayer to work in a browser. If you succeed could you let misc@ know it would be useful for the archives. Cheers Fred
Re: pfsync and trunk
As Chuck pointed out this has nothing to do with pfsense or freebsd. While I dig deeper I'm running with the following config to get around the problem: pf1.swe1# cat /etc/hostname.pfsync0 ! sleep 10 ! ifconfig $1 syncdev vlan44 syncpeer 10.240.252.77 up pf1.swe1# I see the request for the bulk transfer now, and the bulk transfer starting. Although bulk transfer performance looks like a problem, but that is for another thread. /T On Sat, Aug 30, 2014 at 9:31 PM, System Administrator ad...@bitwise.net wrote: And what does OP's message have to do with pfSense ??? (especially since he's clearly indicating currently supported OpenBSD versions 5.4 and 5.5 near the bottom...) On 30 Aug 2014 at 14:22, Chuck Burns wrote: On Saturday, August 30, 2014 8:27:24 AM Tony Sarendal wrote: Good morning, I'm having issues with pfsync on trunk interfaces, although I suspect it to snip Running on pfsync on trunk(4) that initial request never shows up, and the bulk update never starts/finishes. I would like to run pfsync on trunk(4) lacp link, but as it looks now I have firewalls with carp demote counter 33 forever. snip pfSense is FreeBSD-based. not OpenBSD-based... different versions of pf between OpenBSD and FreeBSD -- Chuck Burns Audemus Jura Nostra Defendere
Re: mplayer full screen problems
On 2014 Sep 01 (Mon) at 23:35:15 +0200 (+0200), Mihai Popescu wrote: : : The -fs doesn't work. :It is known that -fs doesn't work for anything you run mplayer at. you are totally high. I use -fs all the time on mplayer. And have been doing so for 5+ years. -- Finding out what goes on in the C.I.A. is like performing acupuncture on a rock. -- New York Times, Jan. 20, 1981
Re: mplayer full screen problems
On Mon, Sep 01, 2014 at 12:51:17PM +0200, somelooser3...@hushmail.com wrote: Hello, If I put an OpenBSD 5.5 (FVWM) box on a display via VGA cable mplayer does strange things: The -geometry=50%:50% doesn't work (doesn't put the videos in center). The -fs doesn't work. I can only use -xy 1024 - but that is not the best, since there could be videos that are wrongly aligned with it, too much to the top, or too much to the bottom. Does anybody knows how can I use mplayer in OpenBSD from console so it will put the videos in fullscreen properly with good alignment (in center/middle of the screen)? Many thanks! Useless report, paste here mplayer output to console. One doesn't know what video output you used... j.
Re: Can OpenBSD access BBC Iplayer?
On 02 Sep 2014, Fred Crowson wrote: On Tue, Sep 02, 2014 at 08:57:34AM +0100, Anthony Campbell wrote: Greetings, list! I'm a long-standing user of Linux (currently ArchLinux) who is just trying out OpenBSD and so far is much impressed. I'm using a Thinkpad T42. The main outstanding problem at the moment is accessing BBC Iplayer, which insists on my having Flashplayer installed. After reading the FAQ and various lists I put libflashplayer.so in ~/.mozilla/plugins and installed the fedora_base package as suggested in the FAQ. I still can't use Iplayer. I saw somewhere that Chrome has inbuilt flashplayer but that doesn't seem to be the case. As a workaround I can use get_iplayer to download BBC programmes but is it possible to get a browser to access Iplayer? Anthony Hi Anthony, In the past I have managed to get flash to work on OpenBSD - but flash has not worked reliablybut not having flash is a positive feature for me ;~) I have not managed to get iplayer to work in a browser. If you succeed could you let misc@ know it would be useful for the archives. Cheers Fred Thanks for the reply, which confirms what I suspected, viz. that it isn't going to work. If I find a solution I'll certainly report it. Anthony -- Anthony Campbell - a...@acampbell.org.uk http://www.acupuncturecourse.org.uk http://www.smashwords.com/profile.view/acampbell https://itunes.apple.com/ca/artist/anthony-campbell/id73235412
Re: Intel i354 Quad GbE network adapter failed on 5.5-RELEASE
Am 30.08.2014 um 13:46 schrieb Axel Rau axel@chaos1.de: Am 29.08.2014 um 08:11 schrieb Jonathan Gray j...@jsg.id.au: Initial support for the i347 phy was added back in March but that wasn't part of 5.5. I suspect you want something along the lines of the following patch: Yes, this patch worked (does at least initialization of em2-em5, more testing to follow). Next problem shows up with sppp over vlan from MAC 00:60:e0:5a:75:45: - - - - 13:49:38.170666 00:60:e0:5a:75:39 ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100) , length 60: vlan 7, p 3, ethertype PPPoE D, PPPoE PADI [Service-Name] [Host-Uniq 0x95F818D3] 13:49:38.313082 00:30:88:1f:18:9a 00:60:e0:5a:75:39, ethertype 802.1Q (0x8100) , length 87: vlan 7, p 6, ethertype PPPoE D, PPPoE PADO [Host-Uniq 0x95F818D3] [AC-Name FFMR71-se800-B2224180702381] [AC-Cookie ..lvg}..Bv..;8.] [Service-Name] 13:49:38.313093 00:60:e0:5a:75:39 00:30:75:39:00:30, ethertype 802.1Q (0x8100) , length 60: vlan 7, p 3, ethertype PPPoE D, PPPoE PADR [Service-Name] [AC-Cookie ..lvg}..Bv..;8.] [Host-Uniq 0x95F818D3] 13:49:43.310779 00:60:e0:5a:75:39 00:30:75:39:00:30, ethertype 802.1Q (0x8100) , length 60: vlan 7, p 3, ethertype PPPoE D, PPPoE PADR [Service-Name] [AC-Cookie ..lvg}..Bv..;8.] [Host-Uniq 0x95F818D3] 13:49:53.311256 00:60:e0:5a:75:39 ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100) , length 60: vlan 7, p 3, ethertype PPPoE D, PPPoE PADI [Service-Name] [Host-Uniq 0x95F818D3] 13:49:53.339482 00:30:88:1f:18:9a 00:60:e0:5a:75:39, ethertype 802.1Q (0x8100) , length 87: vlan 7, p 6, ethertype PPPoE D, PPPoE PADO [Host-Uniq 0x95F818D3] [AC-Name FFMR71-se800-B2224180702381] [AC-Cookie ..lvg}..Bv..;8.] [Service-Name] 13:49:53.339492 00:60:e0:5a:75:39 00:30:75:39:00:30, ethertype 802.1Q (0x8100) , length 60: vlan 7, p 3, ethertype PPPoE D, PPPoE PADR [Service-Name] [AC-Cookie ..lvg}..Bv..;8.] [Host-Uniq 0x95F818D3] 13:50:01.214264 00:60:e0:5a:75:39 ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100) , length 60: vlan 7, p 3, ethertype PPPoE D, PPPoE PADI [Service-Name] [Host-Uniq 0x95F818D3] - - - The i347 device (em5) has a hardware-MAC of 00:60:e0:5a:75:45, but shows up above as 00:60:e0:5a:75:39. The answer to the pppoe server with MAC address 00:30:88:1f:18:9a is being sent to MAC 00:30:75:39:00:30 instead. Do I need more patches (perhaps VLAN related) for the i347 ? Any help welcome, Axel --- PGP-Key:29E99DD6 ☀ +49 151 2300 9283 ☀ computing @ chaos claudius
Re: Help, please, understanding AHCI error on amd64
On 2014-08-27, Geoff Steckel g...@oat.com wrote: This paper: http://download.intel.com/support/motherboards/server/sb/enterprise_class_versus_desktop_class_hard_drives_.pdf describes the different features and intended uses of enterprise drives vs. desktop drives. The hardware requirements for a (good) enterprise drive far exceed those of a desktop drive. Well, it's not clear how much of that is actual technology and how much is marketing. Most important to users: different error recovery philosophy! Most important: difference in data integrity (factor 10 if you believe the data sheets). Desktop: do whatever is necessary to correct a read error, no matter how long it takes. The software is not time sensitive and may not be able to recover from a single sector error. Enterprise: disk must stay on line. Perform simple error recovery and depend on higher level software to repair or replace the bad sector. The irony is that my most recent drive failure, which I mentioned here on this list, involved a Hitachi Ultrastar 7K3000--not a desktop drive--and the most remarkable thing was how tenacious the little beast proved in recoverying the data, although it became VERY slow. Of course, if you read that Intel document, they are saying: A typical desktop drive command timeout can take many minutes and no disk access is allowed while the system attempts to retry the command. Typical timeout for an enterprise class drive is 7 to 15 seconds and retries are limited to a few attempts. Desktop-class drives with timeout values exceeding 30 seconds should not be used in an enterprise-class system. These are ridiculously large numbers, but if you take them at face value, then this is another argument against desktop drives, as running into a bad sector will badly lock up your system and having a multitude of bad sectors will render the rest of the drive effectively unrecoverable. -- Christian naddy Weisgerber na...@mips.inka.de
Re: Automated PXE install auto_install issue (was: Serva)
On Sat, Aug 30, 2014 at 12:54 PM, Jiri B ji...@devio.us wrote: And you probably didn't mention problem with auto_install as 'filename' :) See http://devio.us/~jirib/pxelinux-openbsd.html Quote : The caveat is how pxelinux reacts when filename is set to auto_install, as stated in autoinstall(8). pxelinux would use the value and it would split it on underscore character and use the beginning part as prefix for every path is is supposed to be loaded. Awesome! Thanks for that tip! I had set up an auto-installer about a month ago to do Linux and BSD installs and hit upon this fairly major stumbling block. I ended up doing things a bit differently that requires some manual steps but this should let me get it back going the way I want. There were some other issues I'd found with the OpenBSD auto install - I should summarize them to the list. Room for improvement. As a first release of an auto installer it is pretty good though. One nice addition would be if there is no answer in the automated answer file, then prompt for that question. I was surprised to find out that OpenBSD requires you to have all questions answered or else it bombs out. I'll check my notes to see whether there was anything else. -- Don't eat anything you've ever seen advertised on TV - Michael Pollan, author of In Defense of Food
PF Tagging
Hi, Hoping this is a pretty dumb question and someone can just shoot me down with an instant answer but is there any reason why I can't compare against multiple tags? E.g. pass out quick on $if_dmz tagged { T_LAN, T_ENGINEERING, T_WIFI, T_OPS } queue (_wan_dflt,_wan_pri) set prio (1,4) keep state I seem to only be able compare against one tag at a time which seem to be quite limiting? Cheers, Andy. PS; Yes I am only just starting to get round to setting up policy based rules for the first time as part of a big rewrite for a new much larger office with *many* VLANs etc..
Re: mplayer full screen problems
On 01-09-2014 07:51, somelooser3...@hushmail.com wrote: Hello, If I put an OpenBSD 5.5 (FVWM) box on a display via VGA cable mplayer does strange things: The -geometry=50%:50% doesn't work (doesn't put the videos in center). The -fs doesn't work. I can only use -xy 1024 - but that is not the best, since there could be videos that are wrongly aligned with it, too much to the top, or too much to the bottom. Does anybody knows how can I use mplayer in OpenBSD from console so it will put the videos in fullscreen properly with good alignment (in center/middle of the screen)? Many thanks! Hi, You probably have a problem with video overlay. You driver probably do not support it. Since you didn't provided a dmesg, it's a guess. But, in these cases, using -vo x11 and -zoom options normally do the trick. You could try them. Try just with the -zoom option also, in case your mplayer already selects the x11 driver. Just note that this does have a impact on videos with higher resolution, such as 720p and 1080p. These could not play at all, or drop so many frames that they'll be unwatchable. Another shot is to use vlc, but it will be limited by your video driver, in the same manner mplayer is. Cheers, -- Giancarlo Razzolini GPG: 4096R/77B981BC [demime 1.01d removed an attachment of type application/pkcs7-signature which had a name of smime.p7s]
Re: PF Tagging
On 02-09-2014 16:10, andy wrote: Hi, Hoping this is a pretty dumb question and someone can just shoot me down with an instant answer but is there any reason why I can't compare against multiple tags? E.g. pass out quick on $if_dmz tagged { T_LAN, T_ENGINEERING, T_WIFI, T_OPS } queue (_wan_dflt,_wan_pri) set prio (1,4) keep state I seem to only be able compare against one tag at a time which seem to be quite limiting? Cheers, Andy. PS; Yes I am only just starting to get round to setting up policy based rules for the first time as part of a big rewrite for a new much larger office with *many* VLANs etc.. From the pf.conf man page: tag string Packets matching this rule will be tagged with the specified string. The tag acts as an internal marker that can be used to identify these packets later on. This can be used, for example, to provide trust between interfaces and to determine if packets have been processed by translation rules. Tags are sticky, meaning that the packet will be tagged even if the rule is not the last matching rule. Further matching rules can replace the tag with a new one but will not remove a previously applied tag. A packet is only ever assigned one tag at a time. Tags take the same macros as labels (see above). So, as you see, your packet can only have one tag assigned at any time. I think your best bet is to use match rules in association with the tags. But you'll probably not be able to condense them that much (ie, one rule per tag). In your case, I suggest you break down your pf.conf into smaller anchors. This will save you time and make your pf rules much more readable. Cheers, -- Giancarlo Razzolini GPG: 4096R/77B981BC [demime 1.01d removed an attachment of type application/pkcs7-signature which had a name of smime.p7s]
Re: PF Tagging
2014-09-02 23:10 GMT+04:00 andy a...@brandwatch.com: Hi, Hoping this is a pretty dumb question and someone can just shoot me down with an instant answer but is there any reason why I can't compare against multiple tags? E.g. pass out quick on $if_dmz tagged { T_LAN, T_ENGINEERING, T_WIFI, T_OPS } queue (_wan_dflt,_wan_pri) set prio (1,4) keep state I seem to only be able compare against one tag at a time which seem to be quite limiting? Yes, only one tag maximum. This makes actual comparison in PF fast easy: internal PF per-packet and per-rule structures both contain a single number, reperesenting a tag. To allow multiple tags you'll need to make size of those structures dynamic. Cheers, Andy. PS; Yes I am only just starting to get round to setting up policy based rules for the first time as part of a big rewrite for a new much larger office with *many* VLANs etc.. You'll probably want to play more with match rules. -- WBR, Vadim Zhukov
Re: PF Tagging
On Tue, 02 Sep 2014 16:28:27 -0300, Giancarlo Razzolini grazzol...@gmail.com wrote: On 02-09-2014 16:10, andy wrote: Hi, Hoping this is a pretty dumb question and someone can just shoot me down with an instant answer but is there any reason why I can't compare against multiple tags? E.g. pass out quick on $if_dmz tagged { T_LAN, T_ENGINEERING, T_WIFI, T_OPS } queue (_wan_dflt,_wan_pri) set prio (1,4) keep state I seem to only be able compare against one tag at a time which seem to be quite limiting? Cheers, Andy. PS; Yes I am only just starting to get round to setting up policy based rules for the first time as part of a big rewrite for a new much larger office with *many* VLANs etc.. From the pf.conf man page: tag string Packets matching this rule will be tagged with the specified string. The tag acts as an internal marker that can be used to identify these packets later on. This can be used, for example, to provide trust between interfaces and to determine if packets have been processed by translation rules. Tags are sticky, meaning that the packet will be tagged even if the rule is not the last matching rule. Further matching rules can replace the tag with a new one but will not remove a previously applied tag. A packet is only ever assigned one tag at a time. Tags take the same macros as labels (see above). So, as you see, your packet can only have one tag assigned at any time. I think your best bet is to use match rules in association with the tags. But you'll probably not be able to condense them that much (ie, one rule per tag). In your case, I suggest you break down your pf.conf into smaller anchors. This will save you time and make your pf rules much more readable. Cheers, Hi grazzolini, Yes I wouldn't expect to be able to apply more than one tag, I'm asking about checking for multiple matching tags? I.e pass out of the packet is 'tagged' with XXX or YYY or ZZZ. Thanks, Andy.
Re: PF Tagging
On 02-09-2014 16:32, andy wrote: Yes I wouldn't expect to be able to apply more than one tag, I'm asking about checking for multiple matching tags? I.e pass out of the packet is 'tagged' with XXX or YYY or ZZZ. But that's the point. If you assign a packet with multiple tags, only the last one (or the one with the quick keyword), is the one the packet will have. You can, however, use multiple match rules and control your packet flow with multiple tags, directing the packets as they switch their tags. But you can't compare for multiple tags at once. One thing that I do before writing my pf rules is to draw the flows into a paper. That way I can plan in advance. You have another option, which I also use, that is to use a pflow(4) interface in combination with nfsen and make your OpenBSD machine act as a simple router and monitor your packets for for a week or so. That way you can effectively know how your network behave and can program your rules accordingly. Cheers, -- Giancarlo Razzolini GPG: 4096R/77B981BC [demime 1.01d removed an attachment of type application/pkcs7-signature which had a name of smime.p7s]
Re: PF Tagging
On Tue, 02 Sep 2014 16:37:38 -0300, Giancarlo Razzolini grazzol...@gmail.com wrote: On 02-09-2014 16:32, andy wrote: Yes I wouldn't expect to be able to apply more than one tag, I'm asking about checking for multiple matching tags? I.e pass out of the packet is 'tagged' with XXX or YYY or ZZZ. But that's the point. If you assign a packet with multiple tags, only the last one (or the one with the quick keyword), is the one the packet will have. You can, however, use multiple match rules and control your packet flow with multiple tags, directing the packets as they switch their tags. But you can't compare for multiple tags at once. One thing that I do before writing my pf rules is to draw the flows into a paper. That way I can plan in advance. You have another option, which I also use, that is to use a pflow(4) interface in combination with nfsen and make your OpenBSD machine act as a simple router and monitor your packets for for a week or so. That way you can effectively know how your network behave and can program your rules accordingly. Cheers, Hi thanks for the ideas, but maybe I'm not being very clear. I only want or expect the packet to have one tag at a time. But I would like to write a rule that passes packets if they have any one of the following tags; For example; pass out quick on $if_ext from { $lan, $dmz } to any expands in the compiled rule set to; pass out quick on $if_ext from $lan to any pass out quick on $if_ext from $dmz to any So why does; pass out quick on $if_ext tagged { T_LAN, T_DMZ } keep state NOT expand out to; pass out quick on $if_ext tagged T_LAN keep state pass out quick on $if_ext tagged T_DMZ keep state This way you could do the following; match out on $if_ext from $dmz to any nat-to $dmz_natted_ip match out on $if_ext from $lan to any nat-to $lan_natted_ip pass in quick on $if_dmz from { $dmz } to any tag T_DMZ keep state pass in quick on $if_lan from { $lan } to any tag T_LAN keep state pass out quick on $if_ext tagged { T_LAN, T_DMZ } keep state This is easier and has more control and is less error prone than having to do things like the following just to cope with NATing; match out on $if_ext from $dmz to any nat-to $dmz_natted_ip match out on $if_ext from $lan to any nat-to $lan_natted_ip pass in quick on $if_dmz from { $dmz } to any pass in quick on $if_lan from { $lan } to any pass out quick on $if_ext from { $dmz_natted_ip, $lan_natted_ip } to any I.e. I have to think about the NATing in the pass rules.. Thanks for your replies and time. Cheers, Andy.
Re: PF Tagging
On 02-09-2014 17:12, andy wrote: So why does; pass out quick on $if_ext tagged { T_LAN, T_DMZ } keep state NOT expand out to; pass out quick on $if_ext tagged T_LAN keep state pass out quick on $if_ext tagged T_DMZ keep state I didn't tested. But if I recall correctly, that rule will expand exactly as you want them to. But I disagree with you. I think you should separate the rules for the internal network from the dmz. Even if they are physically on the same interface (vlan), they should be on separate rules. You could even use separate anchors with a file for the internal net and another for the dmz. There is a point when too much simplification starts getting into the way of doing things securely. Which is what OpenBSD is all about. If you really, really want to simplify your ruleset, you could first write it with security in mind, then use the pf's ruleset optimizer, and then use the optimization as a starting point. Cheers, -- Giancarlo Razzolini GPG: 4096R/77B981BC [demime 1.01d removed an attachment of type application/pkcs7-signature which had a name of smime.p7s]
Re: Can OpenBSD access BBC Iplayer?
On 2014-09-02, Anthony Campbell a...@acampbell.org.uk wrote: As a workaround I can use get_iplayer to download BBC programmes but is You can also use it to stream them live. Or some ISPs have live multicast streams that VLC can play. it possible to get a browser to access Iplayer? nope.
5.5 Upgrade Without Uninstalling Packages
Hi All, Why yes, I'm an idiot. I upgraded to 5.5 AMD64 via CD just now without reading the instructions. As a result, I didn't first uninstall the packages that were on my 5.4 system. Do I have any recourse now? Can I just delete the packages now and rerun the upgrade? Thanks for any help. -Chaz
Re: 5.5 Upgrade Without Uninstalling Packages
On 09/02/14 20:09, Chaz Gilbert wrote: Hi All, Why yes, I'm an idiot. I upgraded to 5.5 AMD64 via CD just now without reading the instructions. As a result, I didn't first uninstall the packages that were on my 5.4 system. Do I have any recourse now? Can I just delete the packages now and rerun the upgrade? Thanks for any help. -Chaz actually, just delete the packages now...see what happens. Many packages will be no problem, but those that have to execute binaries to remove will be an issue. If that happens, try using the -Dscripts option of pkg_delete, and maybe a -q When done, check /usr/local/bin and /usr/local/sbin for straglers, clean those up the best you can, then install packages. Should be no reason to reinstall 5.5. Nick.
Re: pfsync and trunk
Final email in this thread, for correctness. The initial request disappearing and the firewalls staying demoted forever are independent issues. A new request for bulk transfer is sent after 2h+. Due to bulk transfer performance the transfers never finish. I see on average 3kpps of pfsync on this cluster, looking at pfsync this is what I find: 12:02:45.778145 10.240.252.78 10.240.252.77: PFSYNCv6 len 36 act UPD ST REQ count 1 id: creatorid: 12:02:45.778153 10.240.252.77 10.240.252.78: PFSYNCv6 len 1412 act BULK UPD STAT count 1 creatorid: b33d7f45 age: 00:00:00 status: start 14:16:09.689102 10.240.252.78 10.240.252.77: PFSYNCv6 len 1264 act UPD ST REQ count 1 id: creatorid: 14:16:09.689114 10.240.252.77 10.240.252.78: PFSYNCv6 len 124 act BULK UPD STAT count 1 creatorid: b33d7f45 age: 00:00:00 status: start 16:29:33.604110 10.240.252.78 10.240.252.77: PFSYNCv6 len 36 act UPD ST REQ count 1 id: creatorid: 16:29:33.604120 10.240.252.77 10.240.252.78: PFSYNCv6 len 544 act BULK UPD STAT count 1 creatorid: b33d7f45 age: 00:00:00 status: start 18:42:57.518630 10.240.252.78 10.240.252.77: PFSYNCv6 len 124 act UPD ST REQ count 1 id: creatorid: 18:42:57.518634 10.240.252.77 10.240.252.78: PFSYNCv6 len 1384 act BULK UPD STAT count 1 creatorid: b33d7f45 age: 00:00:00 status: start 20:56:21.433270 10.240.252.78 10.240.252.77: PFSYNCv6 len 208 act UPD ST REQ count 1 id: creatorid: 20:56:21.433283 10.240.252.77 10.240.252.78: PFSYNCv6 len 628 act BULK UPD STAT count 1 creatorid: b33d7f45 age: 00:00:00 status: start 23:09:45.347531 10.240.252.78 10.240.252.77: PFSYNCv6 len 36 act UPD ST REQ count 1 id: creatorid: 23:09:45.347534 10.240.252.77 10.240.252.78: PFSYNCv6 len 292 act BULK UPD STAT count 1 creatorid: b33d7f45 age: 00:00:00 status: start 01:23:09.262083 10.240.252.78 10.240.252.77: PFSYNCv6 len 36 act UPD ST REQ count 1 id: creatorid: 01:23:09.262093 10.240.252.77 10.240.252.78: PFSYNCv6 len 712 act BULK UPD STAT count 1 creatorid: b33d7f45 age: 00:00:00 status: start 03:36:33.176294 10.240.252.78 10.240.252.77: PFSYNCv6 len 616 act UPD ST REQ count 1 id: creatorid: 03:36:33.176300 10.240.252.77 10.240.252.78: PFSYNCv6 len 628 act BULK UPD STAT count 1 creatorid: b33d7f45 age: 00:00:00 status: start 05:49:57.090125 10.240.252.78 10.240.252.77: PFSYNCv6 len 124 act UPD ST REQ count 1 id: creatorid: 05:49:57.090130 10.240.252.77 10.240.252.78: PFSYNCv6 len 1132 act BULK UPD STAT count 1 creatorid: b33d7f45 age: 00:00:00 status: start /T On Tue, Sep 2, 2014 at 12:07 PM, Tony Sarendal t...@polarcap.org wrote: As Chuck pointed out this has nothing to do with pfsense or freebsd. While I dig deeper I'm running with the following config to get around the problem: pf1.swe1# cat /etc/hostname.pfsync0 ! sleep 10 ! ifconfig $1 syncdev vlan44 syncpeer 10.240.252.77 up pf1.swe1# I see the request for the bulk transfer now, and the bulk transfer starting. Although bulk transfer performance looks like a problem, but that is for another thread. /T On Sat, Aug 30, 2014 at 9:31 PM, System Administrator ad...@bitwise.net wrote: And what does OP's message have to do with pfSense ??? (especially since he's clearly indicating currently supported OpenBSD versions 5.4 and 5.5 near the bottom...) On 30 Aug 2014 at 14:22, Chuck Burns wrote: On Saturday, August 30, 2014 8:27:24 AM Tony Sarendal wrote: Good morning, I'm having issues with pfsync on trunk interfaces, although I suspect it to snip Running on pfsync on trunk(4) that initial request never shows up, and the bulk update never starts/finishes. I would like to run pfsync on trunk(4) lacp link, but as it looks now I have firewalls with carp demote counter 33 forever. snip pfSense is FreeBSD-based. not OpenBSD-based... different versions of pf between OpenBSD and FreeBSD -- Chuck Burns Audemus Jura Nostra Defendere