Re: leaving linux - questions about capabilities

[Fred]

On 12/30/14 03:45, Jonathan Gray wrote:

On Mon, Dec 29, 2014 at 08:57:15PM +, Fred wrote:


I currently have three monitors connected to my laptop but if I try to
enable X on the third one I'm getting the following error:

port:fred ~ xrandr --output VGA1 --auto
xrandr: cannot find crtc for output VGA1


...


vga1 at pci0 dev 2 function 0 Intel HD Graphics 3000 rev 0x09


Sandy bridge only has two output pipes, it isn't possible
to use three outputs.  Radeon hardware tends to support more
outputs http://xorg.freedesktop.org/wiki/RadeonFeature/#index7h2

Ivy bridge supports three outputs with two of them sharing
a clock assuming the sytem has two displayport outputs (and none do?).
Haswell is a bit less restrictive still.

Quoting https://01.org/linuxgraphics/documentation/3-pipes

3-pipes is a feature that allows users to have 3 Monitors plugged in.
It is present at 3rd Generation Intel Core processors with Intel
HD Graphics (codenamed IvyBridge) and 4th Generation Intel Core
processors with Intel HD Graphics (codenamed Haswell).

For other platforms only Dual outputs are supported.

IvyBridge limitations
In order to get 3 screen outputs at Ivybridge you shall use 2 Display
Ports + any display with some limitations on modes supported.

Haswell limitations
Haswell 3-pipes is less restrictive than Ivybridge. You can have 3
screns with

* 2 Display Ports + any display

* 1 Display Port and 2 HDMI or DVI

* 1 VGA and  2 HDMI or DVI

and no restrictions on mode combination.



Thanks for the info - I had thought it might be a limitation of X - as 
all three worked when used in pairs.


Cheers

Fred

Re: iked (IKEv2) setup help on the simplest testing setup

[Stuart Henderson]

On 2014-12-28, Daniel Ouellet dan...@presscom.net wrote:
 When all is done it will be ospf over vether over gif tunnel

Does vether give any benefit here? I think that you should just be able
to route the addresses over the gif interface without the extra layer
of indirection (and overhead from carrying ethernet headers).

The classic use case for vether is where you are bridging an ethernet
at one location to a router at another (without needing to connect to a
physical network at the second location).

Re: leaving linux - questions about capabilities

[Rusty]

On 12/29/14 08:17, Christopher Barry wrote:

Greetings All,

I've used OpenBSD in the past to build redundant routers and firewalls
and it was fantastic, but it's been quite a few years since I've played
with it. I've also never used it as my default workstation. Yet.

I've always used Debian GNU/Linux on my workstations in the past,
but with jessie/sid (and practically all other linux distros) the
direction the linux userspace has taken is a serious turn for the worst
IMO. I am simply philosophically at odds with systemd, and I would like
to stop relying on linux altogether if possible. My problem is I have
specific needs, and it's not clear if I can meet them running OpenBSD.
I'm hoping I can, and someone can share their experiences with making a
similar setup work.

Firstly, I'm running an i7 960 with a PCI-e ATI Radeon 7850 in a three
monitor configuration (2 direct DVI and 1 active HDMI-to-DVI dongle)
using the OpenSource Radeon linux driver @1920x1200 on each monitor.
I'm using enlightenment 17.6 as my window manager. I use and rely on
blender http://www.blender.org a /lot/ with hardware accelerated
OpenGL, and having three monitors is important for my graphics work.

Is anyone running OpenBSD with three monitors? With blender, hw-accel
OpenGL, and/or E1{7,8,9}?


Your thoughts, knowledge, and possibly links to more info would be
very greatly appreciated.

Thank You.

--
-C


As this is a getting to know you thread.

I use OpenBSD in a desktop role.
snapshots on an Intel i5 with a radeon 6950, two screens(my card chokes 
on the third screen but I think that is hardware)


I like the one dimensional desktop style setup, that is, spectrwm and 
lots of xterms. For what its worth spectrwm has the best multiscreen 
support I have seen


I don't use blender every day, but I do find it handy from time to time 
(for me 3d printing stuff) The maintainer tends to keep it nicly up to 
date, which I appreciate as it looks like it is a bitch and a half to build.


I update the snapshots every couple weeks when I want to try what ever 
new stuff comes out of the pipe(*cough*, and libc bumps, *cough*).


One thing I would recommend is to look at login.conf(5) and set the 
memory limits to something gratuitous, many of the desktop 
applications like to use a lot of memory.


And as far as overall experience, I think obsd is a little slower than 
linux(whatever that means) but the simplicity and correctness of the 
system(obsd was the first/only system where I feel I understand how the 
whole thing works) means I enjoy using it quite a bit more.


So good luck, and I hope it works out for you as well as it did for me.

Re: 500 httpd error with owncloud

[Clemens Gößnitzer]

Reading the recent post on misc, Best way forward w.r.t.
apache/nginx/httpd?, I don't think httpd is ready for owncloud,
especially for someone with little experience running web servers.

Anyway, thanks guys for your support.

Clemens

On 30.12.14 08:03, Jona Joachim wrote:
 [This message has also been posted to gmane.os.openbsd.misc.]
 On 2014-12-29, Clemens Gößnitzer e1126...@student.tuwien.ac.at wrote:
 Hey,

 Since your initial email you have not included any config files, i.e.
 httpd.conf, etc. Would you, perhaps, care to share them with us? My
 shew stone is being serviced.

 Of course. Here they are:

 # cat /etc/httpd.conf
 server default {
 listen on wpi0 port 80
 directory { no index, index index.php }

 location *.php {
 fastcgi socket /run/php-fpm.sock
 }

 }

 types {
 include /usr/share/misc/mime.types
 }


 /etc/php-5.5.ini: everything default except the values mentioned in the
 pkg-readme of owncloud:

 allow_url_fopen = On
 memory_limit = 512M
 upload_max_filesize = 1024M  # to accept large files upload
 post_max_size = 1030M# sync with above value

 all other php module config files unchanged, and active according to
 phpinfo().

 # cat /var/www/owncloud/config/config.php
 ?php
 $CONFIG = array (
   'instanceid' = 'MY_ID',
   'passwordsalt' = 'MY_PW-SALT',
   'secret' = 'MY_SECRECT',
   'trusted_domains' =
   array (
 0 = '192.168.178.49',
   ),
   'datadirectory' = '/owncloud-data',
   'overwrite.cli.url' = 'http://192.168.178.49/owncloud',
   'dbtype' = 'sqlite3',
   'version' = '7.0.4.2',
   'dbname' = 'owncloud_db',
   'dbhost' = '127.0.0.1',
   'dbtableprefix' = 'oc_',
   'dbuser' = 'oc_clemens',
   'dbpassword' = 'MY_DB-PASSWORD',
   'installed' = true,
 );
 
 Was the sqlite database created? 'installed = true' means that it
 assumes that the database is functional and it will not be initialized.
 Also you will not need the hostname, user, db prefix, etc. with sqlite.
 
 Also make sure that you don't need any url rewrites. I'm using
 owncloud-6.0.4 and the documentation recommends url rewrites which are
 not mandatory for owncloud to work but perhaps this changed in the new
 version. Perhaps you should try with nginx and the recommended
 configuration and see if it works and then go back to httpd.
 
 Best regards,
 Jona

unbound problem in 5.6

[Raimundo Santos]

Hello misc@!

I have a router (peaking at 70Mbps of aggregated traffic) that acts as a
recursive internal DNS server too (this configuration will die
soon, as my traffic is growing), but Unbound keep saying, in
/var/log/messages:

Dec 30 09:57:07 myhost unbound: [3873:0] error: can't create socket: Too
many open files
Dec 30 09:57:08 myhost last message repeated 20284 times
Dec 30 10:26:48 myhost unbound: [3873:0] error: can't create socket: Too
many open files
Dec 30 10:26:50 myhost last message repeated 24896 times

Sometimes it says:

Dec 27 21:49:19 myhost unbound: [2565:0] notice: sendto failed: No buffer
space available

I have:

kern.maxfiles=16384
kern.somaxconn=16384

And in login.conf:

daemon:\
:ignorenologin:\
:datasize=infinity:\
:maxproc=infinity:\
:openfiles-cur=4096:\
:openfiles-max=8192:\
:stacksize-cur=8M:\
:localcipher=blowfish,9:\
:tc=default:

unbound:\
:ignorenologin:\
:datasize=infinity:\
:maxproc=infinity:\
:openfiles-cur=8192:\
:openfiles-max=16384:\
:stacksize-cur=32M:\
:localcipher=blowfish,9:\
:tc=default:

With many resources just for Unbound, how can it keep complaining?

Thandk you in advance, and happy new year!
Raimundo Santos

--

Here are some more info...

# systat -B mbufs


1 usersLoad 0.16 0.12 0.09 Tue Dec 30 11:02:00
2014

IFACE LIVELOCKS  SIZE ALIVE   LWM   HWM   CWM

System0   256   194  93

 2048   184 442

lo0

em0  20489010   25690

xl0

re0

re1

enc0

pflog0


...and the dmesg:

OpenBSD 5.6 (GENERIC) #310: Fri Aug  8 00:14:24 MDT 2014
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC
real mem = 8502595584 (8108MB)
avail mem = 8267517952 (7884MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xe84b0 (59 entries)
bios0: vendor Intel Corp. version NBG4310H.86A.0051.2008.0804.1738 date
08/04/2008
bios0: Intel Corporation DP43TF
acpi0 at bios0: rev 2couldn't map rsdt
, can't load tables
cpu0 at mainbus0: (uniprocessor)
cpu0: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz, 2394.30 MHz
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,NXE,LONG,LAHF,PERF
cpu0: 4MB 64b/line 16-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 7 var ranges, 88 fixed ranges
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 Intel G45 Host rev 0x03
ppb0 at pci0 dev 1 function 0 Intel G45 PCIE rev 0x03: irq 11
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 NVIDIA GeForce 8600 GT rev 0xa1
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
vendor Intel, unknown product 0x2e24 (class communications subclass
miscellaneous, rev 0x03) at pci0 dev 3 function 0 not configured
em0 at pci0 dev 25 function 0 Intel ICH10 R BM V rev 0x00: irq 10,
address 00:1c:c0:91:9f:c3
uhci0 at pci0 dev 26 function 0 Intel 82801JI USB rev 0x00: irq 11
uhci1 at pci0 dev 26 function 1 Intel 82801JI USB rev 0x00: irq 5
uhci2 at pci0 dev 26 function 2 Intel 82801JI USB rev 0x00: irq 3
ehci0 at pci0 dev 26 function 7 Intel 82801JI USB rev 0x00: irq 3
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1
ppb1 at pci0 dev 28 function 0 Intel 82801JI PCIE rev 0x00: irq 7
pci2 at ppb1 bus 2
ppb2 at pci0 dev 28 function 3 Intel 82801JI PCIE rev 0x00: irq 4
pci3 at ppb2 bus 3
jmb0 at pci3 dev 0 function 0 JMicron JMB368 IDE rev 0x00
pciide0 at jmb0: DMA, channel 0 wired to native-PCI, channel 1 wired to
native-PCI
pciide0: using irq 4 for native-PCI interrupt
pciide0: channel 0 disabled (no drives)
pciide0: channel 1 disabled (no drives)
uhci3 at pci0 dev 29 function 0 Intel 82801JI USB rev 0x00: irq 11
uhci4 at pci0 dev 29 function 1 Intel 82801JI USB rev 0x00: irq 4
uhci5 at pci0 dev 29 function 2 Intel 82801JI USB rev 0x00: irq 3
ehci1 at pci0 dev 29 function 7 Intel 82801JI USB rev 0x00: irq 11
ehci1: timed out waiting for BIOS
usb1 at ehci1: USB revision 2.0
uhub1 at usb1 Intel EHCI root hub rev 2.00/1.00 addr 1
ppb3 at pci0 dev 30 function 0 Intel 82801BA Hub-to-PCI rev 0x90
pci4 at ppb3 bus 4
xl0 at pci4 dev 0 function 0 3Com 3c905C 100Base-TX rev 0x74: irq 10,
address 00:50:da:0d:d8:b9
bmtphy0 at xl0 phy 24: 3C905C internal PHY, rev. 6
re0 at pci4 dev 2 function 0 Realtek 8169 rev 0x10: RTL8169/8110SB
(0x1000), irq 5, address 00:0c:76:86:02:37
rgephy0 at re0 phy 7: RTL8169S/8110S PHY, rev. 3
re1 at pci4 dev 4 function 0 Realtek 8169 rev 0x10: RTL8169/8110SB
(0x1000), irq 10, address 00:0c:76:87:03:23
rgephy1 at re1 phy 7: RTL8169S/8110S PHY, rev. 3
pcib0 at pci0 dev 31 function 0 Intel 82801JIB LPC rev 0x00
ahci0 at pci0 dev 31 

Re: unbound problem in 5.6

[Otto Moerbeek]

On Tue, Dec 30, 2014 at 11:09:44AM -0200, Raimundo Santos wrote:

 Hello misc@!
 
 I have a router (peaking at 70Mbps of aggregated traffic) that acts as a
 recursive internal DNS server too (this configuration will die
 soon, as my traffic is growing), but Unbound keep saying, in
 /var/log/messages:
 
 Dec 30 09:57:07 myhost unbound: [3873:0] error: can't create socket: Too
 many open files
 Dec 30 09:57:08 myhost last message repeated 20284 times
 Dec 30 10:26:48 myhost unbound: [3873:0] error: can't create socket: Too
 many open files
 Dec 30 10:26:50 myhost last message repeated 24896 times
 
 Sometimes it says:
 
 Dec 27 21:49:19 myhost unbound: [2565:0] notice: sendto failed: No buffer
 space available
 
 I have:
 
 kern.maxfiles=16384
 kern.somaxconn=16384
 
 And in login.conf:
 
 daemon:\
 :ignorenologin:\
 :datasize=infinity:\
 :maxproc=infinity:\
 :openfiles-cur=4096:\
 :openfiles-max=8192:\
 :stacksize-cur=8M:\
 :localcipher=blowfish,9:\
 :tc=default:
 
 unbound:\
 :ignorenologin:\
 :datasize=infinity:\
 :maxproc=infinity:\
 :openfiles-cur=8192:\
 :openfiles-max=16384:\
 :stacksize-cur=32M:\
 :localcipher=blowfish,9:\
 :tc=default:
 
 With many resources just for Unbound, how can it keep complaining?

There's an undocumented feature with unbound: it (only) sets its
resource limits based on the class of its user (_unbound by default).

So set the class of the _unbound user to unbound and you're all set.

-Otto

 
 Thandk you in advance, and happy new year!
 Raimundo Santos
 
 --
 
 Here are some more info...
 
 # systat -B mbufs
 
 
 1 usersLoad 0.16 0.12 0.09 Tue Dec 30 11:02:00
 2014
 
 IFACE LIVELOCKS  SIZE ALIVE   LWM   HWM   CWM
 
 System0   256   194  93
 
  2048   184 442
 
 lo0
 
 em0  20489010   25690
 
 xl0
 
 re0
 
 re1
 
 enc0
 
 pflog0
 
 
 ...and the dmesg:
 
 OpenBSD 5.6 (GENERIC) #310: Fri Aug  8 00:14:24 MDT 2014
 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC
 real mem = 8502595584 (8108MB)
 avail mem = 8267517952 (7884MB)
 mpath0 at root
 scsibus0 at mpath0: 256 targets
 mainbus0 at root
 bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xe84b0 (59 entries)
 bios0: vendor Intel Corp. version NBG4310H.86A.0051.2008.0804.1738 date
 08/04/2008
 bios0: Intel Corporation DP43TF
 acpi0 at bios0: rev 2couldn't map rsdt
 , can't load tables
 cpu0 at mainbus0: (uniprocessor)
 cpu0: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz, 2394.30 MHz
 cpu0:
 FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,NXE,LONG,LAHF,PERF
 cpu0: 4MB 64b/line 16-way L2 cache
 cpu0: smt 0, core 0, package 0
 mtrr: Pentium Pro MTRR support, 7 var ranges, 88 fixed ranges
 pci0 at mainbus0 bus 0
 pchb0 at pci0 dev 0 function 0 Intel G45 Host rev 0x03
 ppb0 at pci0 dev 1 function 0 Intel G45 PCIE rev 0x03: irq 11
 pci1 at ppb0 bus 1
 vga1 at pci1 dev 0 function 0 NVIDIA GeForce 8600 GT rev 0xa1
 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
 wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
 vendor Intel, unknown product 0x2e24 (class communications subclass
 miscellaneous, rev 0x03) at pci0 dev 3 function 0 not configured
 em0 at pci0 dev 25 function 0 Intel ICH10 R BM V rev 0x00: irq 10,
 address 00:1c:c0:91:9f:c3
 uhci0 at pci0 dev 26 function 0 Intel 82801JI USB rev 0x00: irq 11
 uhci1 at pci0 dev 26 function 1 Intel 82801JI USB rev 0x00: irq 5
 uhci2 at pci0 dev 26 function 2 Intel 82801JI USB rev 0x00: irq 3
 ehci0 at pci0 dev 26 function 7 Intel 82801JI USB rev 0x00: irq 3
 usb0 at ehci0: USB revision 2.0
 uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1
 ppb1 at pci0 dev 28 function 0 Intel 82801JI PCIE rev 0x00: irq 7
 pci2 at ppb1 bus 2
 ppb2 at pci0 dev 28 function 3 Intel 82801JI PCIE rev 0x00: irq 4
 pci3 at ppb2 bus 3
 jmb0 at pci3 dev 0 function 0 JMicron JMB368 IDE rev 0x00
 pciide0 at jmb0: DMA, channel 0 wired to native-PCI, channel 1 wired to
 native-PCI
 pciide0: using irq 4 for native-PCI interrupt
 pciide0: channel 0 disabled (no drives)
 pciide0: channel 1 disabled (no drives)
 uhci3 at pci0 dev 29 function 0 Intel 82801JI USB rev 0x00: irq 11
 uhci4 at pci0 dev 29 function 1 Intel 82801JI USB rev 0x00: irq 4
 uhci5 at pci0 dev 29 function 2 Intel 82801JI USB rev 0x00: irq 3
 ehci1 at pci0 dev 29 function 7 Intel 82801JI USB rev 0x00: irq 11
 ehci1: timed out waiting for BIOS
 usb1 at ehci1: USB revision 2.0
 uhub1 at usb1 Intel EHCI root hub rev 2.00/1.00 addr 1
 ppb3 at pci0 dev 30 function 0 Intel 82801BA Hub-to-PCI rev 0x90
 pci4 at ppb3 bus 4
 xl0 at pci4 dev 0 function 0 3Com 3c905C 100Base-TX rev 0x74: irq 10,
 address 00:50:da:0d:d8:b9
 bmtphy0 at xl0 phy 

Re: Openbsd broke my hard drive twice! Getting frustrated

[Mark - Syminet]

On Dec 29, 2014, at 5:02 PM, Eric Furman ericfur...@fastmail.net wrote:

 Linux supports the UEFI boot loader. OpenBSD does not.

...and that is all we need to know.  

Shame on them!  Shame Shame Shame!  

-- 
Mark 

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of signature.asc]

latest snapshot gives errors for libfreetype.so.23.0

[Anthony Campbell]

I upgraded to the amd64 snapshot today (30 December) and since then lots
of programs in X (gvim, firefox, libreoffice) give a warning for
/usr/X11R6/lib/libfreetype.so.23.0: size mismatch, relink your program.

The affected programs run with incorrect fonts. Is it just a matter of
waiting a few days for a fix or can I do something about it?

5.6, IPv6: is autoconf set by default?

[Harald Dunkel]

Hi folks,

AFAICS the old net.inet6.ip6.accept_rtadv was replaced with a
local autoconf flag for each interface. I wonder if autoconf
is set or cleared by default, if inet6 is configured for the
network interfaces and if net.inet6.ip6.forwarding is enabled?

Every helpful comment is highly appreciated
Harri

freeradius problem - ephemeral RSA key generation

[Kapetanakis Giannis]

Hi,

After upgrading to latest snapshot I have problems with freeradius 2.2.5 
package not starting.


Especially the problem occurs in loading of module eap-tls

rlm_eap_tls: Couldn't set ephemeral RSA key
rlm_eap: Failed to initialize type tls
/etc/raddb/eap.conf[17]: Instantiation failed for module eap

I've tried installing version 2.2.6 but I have the same problem.

The program fails at:
src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c

/*
 * Generate ephemeral RSA keys.
 */
static int generate_eph_rsa_key(SSL_CTX *ctx)
{
   RSA *rsa;

   rsa = RSA_generate_key(512, RSA_F4, NULL, NULL);

   if (!SSL_CTX_set_tmp_rsa(ctx, rsa)) {
  radlog(L_ERR, rlm_eap_tls: Couldn't set ephemeral RSA key);
  return -1;
   }

   RSA_free(rsa);
   return 0;
}

is this related to freeradius or something with OpenBSD ssl libraries?

regards,

Giannis

Re: OpenBSD projects

[Jungle Boogie]

Dear Bryan,

From: Bryan Steele bry...@gmail.com
Sent:  Sun, 28 Dec 2014 22:01:16 -0500
To: misc@openbsd.org
Subject: Re: OpenBSD projects


AnonCVS is probably a worthy addition to the list. OpenBSD is the
first open source project to expose their repos publically. By this I
mean allowing read-only CVS access, history as it happened.

The functionally was added to GNU CVS by Theo and Chuck Cranor, and
prior to this work, you were lucky to get weekly source snapshots
with changelogs, which required manual reconstruction.

There's probably some historical significance to their work..

http://www.openbsd.org/papers/anoncvs-paper.pdf
http://www.openbsd.org/papers/anoncvs-slides.pdf

.. right? :-)

http://marc.info/?l=freebsd-hackersm=94346786026588w=2



Wow, thanks for sharing! We all take instant source control code viewing for 
granted with things like github, fossil-scm and even

https://secure.freshbsd.org/

Now that we have this read only instant access, I hope its never reverted in 
the name of security.



-Bryan.



Thanks,
Jungle

--
inum: 883510009027723
sip: jungleboo...@sip2sip.info
xmpp: jungle-boo...@jit.si

Re: 5.6, IPv6: is autoconf set by default?

[Henrik Friedrichsen]

On Tue, Dec 30, 2014 at 06:16:04PM +0100, Harald Dunkel wrote:
 I wonder if autoconf
 is set or cleared by default, if inet6 is configured for the
 network interfaces and if net.inet6.ip6.forwarding is enabled?

It certainly doesn't seem to be enabled by default as I just had to
enable it to get an IPv6 assigned. This was on -CURRENt, though.

Re: 5.6, IPv6: is autoconf set by default?

[Kapetanakis Giannis]

On 30/12/14 19:16, Harald Dunkel wrote:

Hi folks,

AFAICS the old net.inet6.ip6.accept_rtadv was replaced with a
local autoconf flag for each interface. I wonder if autoconf
is set or cleared by default, if inet6 is configured for the
network interfaces and if net.inet6.ip6.forwarding is enabled?

Every helpful comment is highly appreciated
Harri


Not sure about autoconf but
you can check status of net.inet6.ip6.forwarding with
sysctl -a | grep net.inet6.ip6.forwarding

which is off by default.
You can enable it realtime with sysctl and make it permanent in 
/etc/sysctl.conf


G

usmb/FUSE on 5.6

[Steven Surdock]

Using the package usmb to mount a share from a Windows 2008R2 server does not 
seem reliable.  FUSE/usmb dismounts the share after a while (less than 24 
hours) with the following error:

Dec 30 01:30:07 fileshare /bsd: fuse: device close without umount

Usmb is not typically running afterwards.  Anyone tried using usmb or have any 
suggested next steps for troubleshooting?

-Steve S.

Re: nginx how to run first site as open , and second

[Tuyosi Takesima]

thanks  for einfach's kind advise , i at last do it.

final nginx.conf is


worker_processes  1;
worker_rlimit_nofile 1024;

events {
worker_connections  800;
}

#h
http {

include   mime.types;
default_type  application/octet-stream;
index index.html index.htm;
keepalive_timeout  65;
server_tokens off;


server {
listen   80;
listen   [::]:80;
server_name  localhost;#-for test
root /var/www/d1;
auth_basic Restricted;
auth_basic_user_file /var/www/1/.htpasswd;
  }

#0
server {
listen   80;
listen   [::]:80;
server_name  a.mydns.jp;
root /var/www/d0;
auth_basic Restricted;
auth_basic_user_file /var/www/1/.htpasswd;
  }

#1
server {
listen   80;
listen   [::]:80;
server_name  s.sun.ddns.vc;
root /var/www/d1;
auth_basic Restricted;
auth_basic_user_file /var/www/1/.htpasswd;
  }

#2
server {
listen   80;
listen   [::]:80;
server_name  k.sun.ddns.vc;
root /var/www/d2;
auth_basic Restricted;
auth_basic_user_file /var/www/2/.htpasswd;
  }

#11
server {
listen   80;
listen   [::]:80;
server_name  member.planex.ddns.vc;
root /var/www/d11;
auth_basic Restricted;
auth_basic_user_file /var/www/11/.htpasswd;
  }

#12
server {
listen   80;
listen   [::]:80;
server_name  n.luna.ddns.vc;
root /var/www/d12;
auth_basic Restricted;
auth_basic_user_file /var/www/12/.htpasswd;
  }
#h
}

and i run openbsd on USB only about 4GB .
so i must use hard sisk .

Filesystem  512-blocks  Used Avail Capacity  Mounted on
/dev/sd1a  8293692   5045444   283356464%/
/dev/sd0a 58566000  30109240  2548143254%/var/www

so

# cat /etc/rc.local
umount /var/www
mount_ext2fs /dev/sd0a /var/www   # -ext2fs
if [  -x /usr/local/sbin/nginx ]; then
echo ' -   Starting nginx -  ';  /etc/rc.d/nginx -f start
fi


because
cat /etc/rc.d/nginx
#!/bin/sh
#
# $OpenBSD: nginx,v 1.1 2012/02/19 11:34:36 robert Exp $

daemon=/usr/local/sbin/nginx   #--

. /etc/rc.d/rc.subr

pexp=nginx:.*master.*process

rc_reload() {
${daemon} -s reload
}

rc_stop() {
${daemon} -s stop || pkill -f ^${pexp}
}

rc_cmd $1


and
 cat
/etc/rc.shutdown

umount  /var/www/


thanks thanks
--
tuyosi
* http://marc.info/?a=14167909673r=1w=2*

Re: leaving linux - questions about capabilities

[Christopher Barry]

On Mon, 29 Dec 2014 20:57:15 +
Fred open...@crowsons.com wrote:

On 12/29/14 17:45, Christopher Barry wrote:
 On Mon, 29 Dec 2014 09:29:15 -0800
 Ryan Freeman r...@slipgate.org wrote:

 On Mon, Dec 29, 2014 at 11:17:55AM -0500, Christopher Barry wrote:
 Greetings All,

 I've used OpenBSD in the past to build redundant routers and
 firewalls and it was fantastic, but it's been quite a few years
 since I've played with it. I've also never used it as my default
 workstation. Yet.

 I've always used Debian GNU/Linux on my workstations in the past,
 but with jessie/sid (and practically all other linux distros) the
 direction the linux userspace has taken is a serious turn for the
 worst IMO. I am simply philosophically at odds with systemd, and I
 would like to stop relying on linux altogether if possible. My
 problem is I have specific needs, and it's not clear if I can meet
 them running OpenBSD. I'm hoping I can, and someone can share their
 experiences with making a similar setup work.

 Firstly, I'm running an i7 960 with a PCI-e ATI Radeon 7850 in a
 three monitor configuration (2 direct DVI and 1 active HDMI-to-DVI
 dongle) using the OpenSource Radeon linux driver @1920x1200 on each
 monitor.

 Hey, not 100% the same but similar setup on a workstation at work:
 Radeon HD4550 using radeondrm and two 1920x1080 monitors:
 DisplayPort-0 connected 1920x1080+1920+0
 DVI-0 connected 1920x1080+0+0

 Also have used multiple monitors on my i5-powered laptop, using its
 integrated intelHD video.

 I'm using enlightenment 17.6 as my window manager. I use and rely
 on

 I use openbox myself but enlightenment 0.17.5 is an available
 package.

 blender http://www.blender.org a /lot/ with hardware accelerated
 OpenGL, and having three monitors is important for my graphics
 work.

 blender is available in packages as well, though I have never used
 it.

 Is anyone running OpenBSD with three monitors? With blender,
 hw-accel OpenGL, and/or E1{7,8,9}?

 I'm sure three monitors would work just as well as two :)  E17 does
 work, I have used it in the past.  I play with OpenGL stuff quite
 regularly and it is my opinion that the recent drivers for intel and
 radeon video devices respectively perform roughly the same here as
 they do on freebsd or linux.  No formal tests have been done by
 myself, strictly subjective experience.

 Your thoughts, knowledge, and possibly links to more info would be
 very greatly appreciated.

 Thank You.

 I would like to point out that I do follow current, both on my own
 workstations and my work workstation :)

 The FAQ on http://www.openbsd.org/ is always a good read.

 Cheers!

 --ryan

 Hey Ryan,

 Thanks for the thoughtful response. The move looks promising then.
 I'll definitely read the FAQ - thanks for the reminder.

 RE: OpenGL:
 It's great that it works, but is it taking advantage of the hw, or do
 you know if it is sw only? Some posts I've read seem less positive
 about that.


 Anyone else have any experiences to share?

 Thanks again,

 --
 -C


I currently have three monitors connected to my laptop but if I try to 
enable X on the third one I'm getting the following error:

port:fred ~ xrandr --output VGA1 --auto
xrandr: cannot find crtc for output VGA1

Thanks Fred.
what happens when you disconnect HDMI1? Does VGA1 light up? I'm
thinking the mobile gpu has 2 active outputs, the LCD built-in, plus
one additional monitor of VGA or HDMI type.


But blender 2.72 is running fine (I wish I new how to use it properly).

It's huge, and the learning curve is steep. I've been using it daily
for a year and still don't know squat...


Output of xrandr and dmesg below if interested.

hth

Fred

PS twitter pic of two monitors: 
https://twitter.com/fcbsd/status/549669313268170752

port:fred ~ xrandr
Screen 0: minimum 320 x 200, current 3286 x 1080, maximum 32767 x 32767
LVDS1 connected 1366x768+1920+0 (normal left inverted right x axis y 
axis) 0mm x 0mm
1366x768  60.17*+
1024x768  60.00
800x600   60.3256.25
640x480   59.94
VGA1 connected (normal left inverted right x axis y axis)
1920x1080 60.00 +
1680x1050 59.95
1600x900  59.98
1280x1024 75.0260.02
1440x900  59.89
1280x800  59.81
1152x864  75.00
1280x720  59.97
1024x768  75.0870.0760.00
832x624   74.55
800x600   72.1975.0060.3256.25
640x480   72.8166.6760.00
720x400   70.08
HDMI1 connected 1920x1080+0+0 (normal left inverted right x axis y
axis) 477mm x 268mm
1920x1080 60.00*+  50.00
1920x1080i60.00
1680x1050 59.88
1400x1050 59.95
1600x900  59.98
1280x1024 60.02
1440x900  59.90
1280x800  59.91
1152x864  59.97
1280x720  50.00
1024x768  60.00
800x600   60.32
720x576   50.00
720x480   59.94
640x480   60.0059.94
DP1 disconnected (normal left inverted 

Re: leaving linux - questions about capabilities

[Christopher Barry]

On Mon, 29 Dec 2014 20:19:12 -0800
Rusty rus...@outband.net wrote:

On 12/29/14 08:17, Christopher Barry wrote:
 Greetings All,

 I've used OpenBSD in the past to build redundant routers and
 firewalls and it was fantastic, but it's been quite a few years
 since I've played with it. I've also never used it as my default
 workstation. Yet.

 I've always used Debian GNU/Linux on my workstations in the past,
 but with jessie/sid (and practically all other linux distros) the
 direction the linux userspace has taken is a serious turn for the
 worst IMO. I am simply philosophically at odds with systemd, and I
 would like to stop relying on linux altogether if possible. My
 problem is I have specific needs, and it's not clear if I can meet
 them running OpenBSD. I'm hoping I can, and someone can share their
 experiences with making a similar setup work.

 Firstly, I'm running an i7 960 with a PCI-e ATI Radeon 7850 in a
 three monitor configuration (2 direct DVI and 1 active HDMI-to-DVI
 dongle) using the OpenSource Radeon linux driver @1920x1200 on each
 monitor. I'm using enlightenment 17.6 as my window manager. I use
 and rely on blender http://www.blender.org a /lot/ with hardware
 accelerated OpenGL, and having three monitors is important for my
 graphics work.

 Is anyone running OpenBSD with three monitors? With blender, hw-accel
 OpenGL, and/or E1{7,8,9}?


 Your thoughts, knowledge, and possibly links to more info would be
 very greatly appreciated.

 Thank You.

 --
 -C

As this is a getting to know you thread.

I use OpenBSD in a desktop role.
snapshots on an Intel i5 with a radeon 6950, two screens(my card
chokes on the third screen but I think that is hardware)

I like the one dimensional desktop style setup, that is, spectrwm
and lots of xterms. For what its worth spectrwm has the best
multiscreen support I have seen

I don't use blender every day, but I do find it handy from time to
time (for me 3d printing stuff) The maintainer tends to keep it nicly
up to date, which I appreciate as it looks like it is a bitch and a
half to build.

I update the snapshots every couple weeks when I want to try what ever 
new stuff comes out of the pipe(*cough*, and libc bumps, *cough*).

One thing I would recommend is to look at login.conf(5) and set the 
memory limits to something gratuitous, many of the desktop 
applications like to use a lot of memory.

And as far as overall experience, I think obsd is a little slower
than linux(whatever that means) but the simplicity and correctness of
the system(obsd was the first/only system where I feel I understand
how the whole thing works) means I enjoy using it quite a bit more.

So good luck, and I hope it works out for you as well as it did for me.


Very encouraging. Thanks. It seems I'll need to downgrade my video card
somewhat to get hw-accel, but found one refurbed for $145US, so I think
I'll go for it.

--
-C

Re: leaving linux - questions about capabilities

[Fred]

On 12/30/14 21:08, Christopher Barry wrote:
/snipped


I currently have three monitors connected to my laptop but if I try to
enable X on the third one I'm getting the following error:

port:fred ~ xrandr --output VGA1 --auto
xrandr: cannot find crtc for output VGA1


Thanks Fred.
what happens when you disconnect HDMI1? Does VGA1 light up? I'm
thinking the mobile gpu has 2 active outputs, the LCD built-in, plus
one additional monitor of VGA or HDMI type.



All three and useable, but only two at a time - due to the limitation 
that Johnathan mentioned. I can use any two of the three monitors - if I 
disconnect any I have to re-run xrandr or arandr (gui xrandr in ports).




But blender 2.72 is running fine (I wish I new how to use it properly).


It's huge, and the learning curve is steep. I've been using it daily
for a year and still don't know squat...



:~)

OpenBSD can be a bit like that but the documentation is excellent - and 
I have been using it as my main desktop since 2.9


cheers

Fred

Re: iked (IKEv2) setup help on the simplest testing setup

[Daniel Ouellet]

On 12/30/14 4:49 AM, Stuart Henderson wrote:
 On 2014-12-28, Daniel Ouellet dan...@presscom.net wrote:
 When all is done it will be ospf over vether over gif tunnel
 
 Does vether give any benefit here? I think that you should just be able
 to route the addresses over the gif interface without the extra layer
 of indirection (and overhead from carrying ethernet headers).
 
 The classic use case for vether is where you are bridging an ethernet
 at one location to a router at another (without needing to connect to a
 physical network at the second location).

Hi Stuart.

This is still a work in progress and all is in the lab so things are
changing. The Vether was to eliminate get MTU aspect after reading Theo
paper on the setup in Calgary. At this point I have taken out the vether
and the bridge, making it simpler. But I have to say there is some much
to read on the net and many choices that coming with the simplest and
most efficient one is not always easy.

It sure if fun to play around and tests things, even if at time I pull
my hairs a bit like I did with ikev2.

Even GIF I wasn't sure and did start with GRE instead. Much easier to
setup with Cisco router, or I should say, the only one that works with
Cisco, but then I decided to scrap Cisco all together from the picture!

That's for taking the time to answer this regardless. Te only answer I
got. Always nice to see you interested in some weird things still. (:

I have lots more coming down, but may well be boring for most.

I am testing now the processing with different encryption supported on
Iked with and without the ASE instruction set enable or disable on Xeon
processor to see for various setup's.

One interesting things I am working on as well is a way, or try to find
a way to do the queue and have decent QoS on lines like Fios and the
like where you really have no QoS what so ever. Yes you can do outgoing,
not much you can do on the incoming, but I am looking at how I could for
example limit the incoming traffic a bit lower then what's there to not
have congestion and not provide QoS, but at a minimum allow the
important traffic to come in easier then in congested line.

Like I am playing with 75/75Mb Fios at home for testing, except there is
plenty of time where that 75 Mb goes down to 2 or 3 Mb, most of the time
down to 35/12 and I have seen rare occasion, but it happen, where it
went as low as 750K.

I am not sure of what I will do, but one idea was as I do have both GIF
for not encrypted traffic when I actually use it to carry over routable
IP's on a single not fix one and ipsec tunnel as well where may be a
health check would identify congestion and then restrict the incoming
lower then what the connection is at that time to permit the critical
one to work.

I am not sure I explain it well as it's work in progress as well, but
fun and yes so far I have success, or mostly success anyway.

In short is a way to dynamically adjust the queue in pf to adapt itself
to the capacity available that is always changing and always keeping it
someone what lower and allowing what I would call a poor man QoS by
default, even if that's not the case at all!

One fun part was to change the remote part of the GIF configuration
automatically when the local outside IP's is changing on Fios or Comcast
for example. (:

Same with Iked oppose to use npppd.

Anyway, thanks for your input, it's a;ways well received. (:

Daniel

Re: Best way forward w.r.t. apache/nginx/httpd?

[T. Ribbrock]

I'll answer to this one, but I'll start with a big thanks to all who
responded - some interesting points were made!

On Mon, Dec 29, 2014 at 10:41:26PM +, Stuart Henderson wrote:
 apache-httpd-openbsd is a dead-end, it's not actively developed, ssl
 support is poor, third-party documentation relating to use of webapps
 with Apache has long since moved to Apache 2. It's mainly there to
 provide a quick migration path for existing OpenBSD users and to
 ease the pain in ports.

In fact, the Apache 1 vs. 2 problem has already hit me in the past and
forced me not to use a photogallery application I wanted to use. You
make a very valid point here: Contrary to nginx, there is indeed nobody
developing Apache 1 anymore (not even the OpenBSD developers who kept it
running for so long).


  b) Migrate to nginx
[...]

 This might be a reasonable choice, especially if the CMS you're looking
 at already documents how to use it with nginx.

I had a quick look - CMS Made Simple (which is what I'm using) has
aparently been used with nginx by some people, so there is some
documentation around. phpGedView (which is another application I use) is
no longer developed anymore and I was thinking about replacing it
anyway, so this might be a good time. Same goes for the gallery I'm
currently using. There will be some work involved, but this has been
coming a long time now... Time for some clean-up work.


  c) Migrate to httpd
[...]

 Personally I don't think httpd is quite ready for use with a typical
 PHP-based CMS yet (including -current). Two big issues for this type
 of use: clean urls functionality in most CMS needs rewrite support
 which httpd doesn't have. httpd's fastcgi support passes every url
 matching a location block to the handler meaning there's no mitigation
 for the issue described in
 http://wiki.nginx.org/Pitfalls#Passing_Uncontrolled_Requests_to_PHP
 (which also affects naive nginx configurations).

Thanks for those two insights. Based on what I've read so far, I will
give nginx a try - that will at least place me on a server that is a)
well known on OpenBSD and b) still under active development - that
should buy me enough time to wait for the day that httpd can take over
this job - given the track record of OpenBSD, I very much like to stay
within base where possible.

Thanks again!

And now off to read up on how to use nginx with PHP etc.pp ;-)

Cheerio,

Thomas
-- 
-
 Thomas Ribbrockhttp://www.ribbrock.org/ 
   You have to live on the edge of reality - to make your dreams come true!

hp pavilion hpps5521 ?

[Joel Rees]

Needing a new laptop, and this is one of the machines I've been looking at.

Is it going to be one of those whose graphics acceleration is too
new-fangled, etc.?

-- 
Joel Rees

Re: freeradius problem - ephemeral RSA key generation

[Joel Sing]

On Wednesday 31 December 2014, Kapetanakis Giannis wrote:
 Hi,

 After upgrading to latest snapshot I have problems with freeradius 2.2.5
 package not starting.

 Especially the problem occurs in loading of module eap-tls

 rlm_eap_tls: Couldn't set ephemeral RSA key
 rlm_eap: Failed to initialize type tls
 /etc/raddb/eap.conf[17]: Instantiation failed for module eap

 I've tried installing version 2.2.6 but I have the same problem.

 The program fails at:
 src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c

 /*
   * Generate ephemeral RSA keys.
   */
 static int generate_eph_rsa_key(SSL_CTX *ctx)
 {
 RSA *rsa;

 rsa = RSA_generate_key(512, RSA_F4, NULL, NULL);

 if (!SSL_CTX_set_tmp_rsa(ctx, rsa)) {
radlog(L_ERR, rlm_eap_tls: Couldn't set ephemeral RSA key);
return -1;
 }

 RSA_free(rsa);
 return 0;
 }

 is this related to freeradius or something with OpenBSD ssl libraries?

Support for ephemeral RSA keys was removed from LibreSSL, since it should only 
be needed for export ciphers (no longer supported) or otherwise violating 
RFCs (as at first glance FreeRADIUS appears to do above).

Since you're already looking at the code, does it set SSL_OP_EPHEMERAL_RSA 
anywhere? If not, the above function is probably a noop. At the very least it 
is likely buggy since they are supposed to call SSL_CTX_need_tmp_RSA() to see 
if the temporary RSA key should be set, before calling SSL_CTX_set_tmp_rsa().

 regards,

 Giannis

-- 

Action without study is fatal. Study without action is futile.
-- Mary Ritter Beard

Re: [probably solved] Re: Openbsd broke my hard drive twice! Getting frustrated

[Calvin]

I had a machine that didn't like OpenBSD either, it froze during POST or Plop, 
basically when BIOS services were still usable. It was a BIOS-based system 
though, and I didn't patch it either. Luckily, I installed on an external disk.

-Original Message-
From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of 
Henrique Lengler
Sent: December 23, 2014 12:56 PM
To: misc@openbsd.org
Subject: [probably solved] Re: Openbsd broke my hard drive twice! Getting 
frustrated

I figured that my BIOS have a old firmware from 2013. So I decided to update it.
At least this my motherboard did good, I easily updated the firmware by 
plugging a USB with the new firmware.
Then It rebooted and yes, it worked as it should. Booted normally with the HDD 
sata connected. I cannot get satisfied yet, I will install a OS and see if it 
will still
  working.
I'm in doubt about try openBSD again, I'm afraid everything could happen again.

Also is there a explanation to this shitty behavior? My motherboard acted like 
having a short circuit, making everything stop working because a bad formatted 
HDD, this is a really unexpected behavior, which made me think the problem was 
openBSD.

By now, thanks for helping.
I expect don't need to post anything more here.

Regards,
--
Henrique Lengler

Reminder, today is the deadline for CanSecWest CFP submissions, (conf March 18-20)

[Dragos Ruiu]

So send something in very soon if you want it considered.

 

Hope all of you have a Happy New Year.

 

Cheers,

--dr