Re: how to Bridging with a wireless NIC

[Tuyosi Takesima]

i follow your advice .

the resul is
---
# ifconfig  -a
lo0: flags=8049 mtu 32768
priority: 0
groups: lo
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
inet6 ::1 prefixlen 128
inet 127.0.0.1 netmask 0xff00
re0: flags=8b43
mtu 1500
lladdr f0:76:1c:6c:41:af
priority: 0
media: Ethernet autoselect (100baseTX full-duplex,rxpause,txpause)
status: active
enc0: flags=0<>
priority: 0
groups: enc
status: active
rum0: flags=8943 mtu 1500
lladdr 00:22:cf:01:22:6f
priority: 4
groups: wlan egress
media: IEEE802.11 autoselect (OFDM12 mode 11g)
status: active
ieee80211: nwid URoad-9BF5EC chan 1 bssid 00:1d:93:9b:f5:ec 114dBm
wpakey 0x33948dd44dd$
inet 192.168.100.102 netmask 0xff00 broadcast 192.168.100.255
bridge0: flags=41
groups: bridge
priority 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto
rstp
rum0 flags=3
port 4 ifpriority 0 ifcost 0
re0 flags=3
port 1 ifpriority 0 ifcost 0
pflog0: flags=141 mtu 33144
priority: 0
groups: pflog

---
but fails .


acording to http://marc.info/?l=openbsd-misc=113037538815977=2

it may be too hard for me (i have no knowlege about hostap).

-
regards

Re: Will Softraid RAID1 read from the fastest mirror/-s / supports user-specified device read priority order, nowadays? Takes broken disk out of use?

[Nick Holland]

On 02/15/16 16:02, Karel Gardas wrote:
>> ..And therefore you need enterprise disks because they behave "cleanly", as
>> when using those only, essentially full softraid QoS is maintained at all
>> times.
>
> Interesting! I've understand Nick excellent email in completely
> reversed sense. I understood it in "use consumer drives which fail
> really slowly and with degraded performance which will give you a
> chance to notice it at all. With enterprise, your drives may fail too
> quickly so there is a danger of failing drive in a array which is just
> rebuilding after another drive failure few hours ago".
>

And that's the way I meant it...

I've had maybe five drives do the "slow-fail" thing.  Maybe.  In 34
years, including selling and supporting thousands of computers at a very
successful store, working for a few very large companies, and working
with a lot of tiny companies.  I'd file that under "it happens, don't
wait up, and certainly don't design around it".

In contrast, the number of "fast failures" I've seen on "Enterprise
grade" stuff is ... stunning.  And, I think I've seen evidence of one
"event" taking multiple drives off-line at once, with predictable
results to the array.  Fix?  Remove and re-insert drive, and rebuild,
since there is really nothing wrong with the disk 80-90% of the time.
Oh, guess you need a hot-swap enclosure, then.

My experience can be summed up as: Simple systems have simple problems.
 "Enterprise Grade" stuff that is never supposed to break or go
down...will (due to complexity) and will stay that way for amazing
periods of time (due to your lack of preparation, because you don't
believe it will happen).

And when it comes to disk systems, IF "enterprise grade" *disks* are any
better (and I don't believe it), when combined with enterprise grade
enclosures and enterprise grade disk controllers and firmware and fancy
drivers...no question in my mind, consumer grade SATA disks on dull
interfaces win, hands down.  Remember, it isn't WHY you lost data that
matters (be it hardware, software or human error), just that you did.
(A common failure part in "enterprise grade" servers is the disk
backplane board.  There's almost no active electronics on it, but they
fail often.  they don't exist on a desktop pc.  I suspect the vibration
of drives cracks the solder joints).
with
My recommendation:
1) Plan for things to break.
2) Plan for ANYTHING to break.
3) Have an in-house way of dealing with whatever breaks.
4) Don't rely on others.  It's not their business that is down.
5) The people you paid to bail you out of 1 & 2 so you don't have to
worry about 3 and 4 WILL let you down and will not live up to their
promises, and when you read the fine print, you will realize there isn't
a damn thing you can do about it, 'cept pay them again when the contract
comes up.

And after you do that, you will realize that obsessing over "enterprise
grade" parts is not part of the design.


NOTE WELL: That's my opinion based on *my* experience (including what
was almost a "controlled experiment" along those lines).  Every
manufacturer out there says I'm wrong.  Most of my coworkers say I'm
wrong.  Every new technology (like SSDs) give another opportunity to
"change everything" (and the results always seem to be the same, but
maybe THIS time will be different).  If you follow my advice and things
blow up, you will look like an idiot, and I really don't want to hear
about it.  If you follow the mainstream mindset, you can always say,
"That's what (almost) everyone said is the right way, not my fault!".
Blindly following the opinions of some crackpot on the internet may be
foolish.  Blindly following the opinions of people who profit from what
they advise you will be expensive.

Nick.

Re: PPPoE / isakmpd race

[Christopher Snell]

Yes, the Listen-on is static.  Unfortunately, changing the 0.0.0.0 in
hostname.pppoe0 breaks PPPoE.

I think I could work around this in netstart by simply sleeping until the
link comes up (or a pre-defined timer elapses) but I'm struggling to come
up with a more generic approach.  There might be more than one PPPoE
interface and more than one tunnel/PPP dependency that needs to be
accounted for.

Perhaps another approach is to rework netstart to block up to
[configurable] seconds after bringing up any PPPoE connection before
continuing.  This could default to no blocking but a maximum block period
could be defined in rc.conf.local for those who have PPPoE dependencies.

Chris

On Tue, Feb 16, 2016 at 7:46 AM, Stuart Henderson 
wrote:

> Is the address in "Listen-on" a static address for this connection?
>
> If so, you should be able to use it directly in hostname.pppoe0
> instead of 0.0.0.0, and that might well solve this.

Re: Is true that the BSD developers were inspired to make their code free software by the example of the GNU Project, and explicit appeals from GNU activists helped persuade them?

[Eric Furman]

OS400 people don't come on this list and discuss their operating system.
VOS people don't come on this list and discuss their operating system.
Hell, even Windows people don't come on this list and discuss their OS.
I'm totally confused as to why we constantly get GNU/Linux douche bags
on this list wanting to talk about GNU/Linux.
Here's a heads up; WE DO NOT CARE.

Re: how to Bridging with a wireless NIC

[Adam Van Ymeren]

On Tue, Feb 16, 2016 at 8:54 PM, Tuyosi Takesima
 wrote:
> hi all ,
>
>
>  my room has no wired lan cord .
>
> my situation is
>
> internet
> |
> wifi router
> 192.168.100.254
> |
> |wireless
> |
> rum0:dhcpcd
> openbsd
> re0
> |
> |wired LAN
> |
> video recorder
>
> my intension is that
> video recorder recieves address from  wifi router ( ***not from openbsd***)
>
> debian linux has
> https://wiki.debian.org/BridgeNetworkConnections#Bridging_with_a_wireless_NIC
> .
> but this setting  is compex and hard to follow .
>
> openbsd has logical simplicity .
> so are there someone who overcome it ?

http://www.openbsd.org/faq/faq6.html#Bridge

On your openbsd system

/etc/hostname.rum0 should read
dhcp

/etc/hostname.re0 should read
up

/etc/hostname.bridge0 should read
add rum0
add re0
up

That should do it



> -
> regards

how to Bridging with a wireless NIC

[Tuyosi Takesima]

hi all ,


 my room has no wired lan cord .

my situation is

internet
|
wifi router
192.168.100.254
|
|wireless
|
rum0:dhcpcd
openbsd
re0
|
|wired LAN
|
video recorder

my intension is that
video recorder recieves address from  wifi router ( ***not from openbsd***)

debian linux has
https://wiki.debian.org/BridgeNetworkConnections#Bridging_with_a_wireless_NIC
.
but this setting  is compex and hard to follow .

openbsd has logical simplicity .
so are there someone who overcome it ?
-
regards

Re: startx vs xdm

[Jiri B]

XDM fires up /etc/X11/xdm/Xsession, easy to read. One can even
customize XDM and all other things in /etc/X11/xdm/xdm-config.

It should be `xrdb -load $file'.

j.

Re: Is true that the BSD developers were inspired to make their code free software by the example of the GNU Project, and explicit appeals from GNU activists helped persuade them?

[lists]

Tue, 16 Feb 2016 09:26:54 -0800 Chris Cappuccio 
> Yes
> The great example of Richard Stallman set the University of
> California Berkeley on their righteous way to make AT Unix System V
> free for all!!!

A historic example, not related, long time ago chose political career
directing lawyers, advocates and salesmen over free for all.  Must be
the age thing, zoo director analogy comes to mind.

Was it not Ken who visited Berkeley?  To be brutal, the free
software happened with or without (and despite) any advocates.

Creating a half-assed multi-version unreadable crap semi (pseudo) free
encumbered licences helps corporations harvest free labour.  Deal with
it, now back to OpenBSD related talk.

Thank you, Chris for adding a bit a humour sunshine today!  And OpenBSD
for providing the sanity and correctness.

> I'm glad this history is finally being discovered and talked about on
> the OpenBSD mailing lists.

As marketing bullshit, meaning, polluting OpenBSD mailing lists.

> It's very important that everyone sees the true greatness of Richard
> Stallman and the GNU project, without which, we would not have GNU
> Hurd.

Sarcastically caustic to the bone!

> Jorge Luis [jorgeluiscorreioeletron...@gmail.com] is a troll.
> > If no, what is the true story of BSD developers?

Re: Will Softraid RAID1 read from the fastest mirror/-s / supports user-specified device read priority order, nowadays? Takes broken disk out of use?

[lists]

Tue, 16 Feb 2016 10:57:38 -0800 Chris Cappuccio 
> li...@wrant.com [li...@wrant.com] wrote:
> > 
> > Plan for your use case, and consult the man page and respective source
> > code on implementation details.  And flash storage disks are still
> > unreliable compared to spinning hard drives.  
> 
> Although I was a long proponent of read-only flash use, I've found the
> Samsung 845DC Pro and Samsung SM863 to be very durable in heavy write
> environments (heavily written-to monitoring database, mail server).

Thank you for the tip, I'll consider these in the future too.  I've
found Intel 35xx/37xx series to be the other option of better flash
drives currently on the market.

Yet, it's still not the same class of reliability.  This is not related
to OpenBSD, but my 20+ years of hard disks are still able to store and
retrieve data, after their long and useful production life.  I can not
validate this for any other flash or memory based storage device.

In present understanding data retention decay is still present in the
flash devices and can not meet spinning hard disks, and we all know
that's not going to change without improvement in battery ageing and
the type of cells used in the flash drives.

I insist on recommending pairing any storage type device in soft-RAID
and not mixing device types in the same array, advising the reliable
parts despite hating the enterprise server tax for personal use.

This and advanced engineering knowledge on the basis of technical
specifications and hardware documentation, to compliment the incredibly
useful OpenBSD software man pages and source code.  For kids: don't
forget to make a copy of your important files.

Re: Will Softraid RAID1 read from the fastest mirror/-s / supports user-specified device read priority order, nowadays? Takes broken disk out of use?

[Chris Cappuccio]

li...@wrant.com [li...@wrant.com] wrote:
> 
> Plan for your use case, and consult the man page and respective source
> code on implementation details.  And flash storage disks are still
> unreliable compared to spinning hard drives.

Although I was a long proponent of read-only flash use, I've found the
Samsung 845DC Pro and Samsung SM863 to be very durable in heavy write
environments (heavily written-to monitoring database, mail server).

Re: Is true that the BSD developers were inspired to make their code free software by the example of the GNU Project, and explicit appeals from GNU activists helped persuade them?

[Raul Miller]

https://en.wikipedia.org/wiki/Sturgeon%27s_law might also be relevant.

-- 
Raul


On Tue, Feb 16, 2016 at 12:29 PM, David Vasek  wrote:
> On Tue, 16 Feb 2016, Alexey Suslikov wrote:
>
>> Jorge Luis  gmail.com> writes:
>>
>>> Is true that the BSD developers were inspired to make their code free
>>> software by the example of the GNU Project, and explicit appeals from GNU
>>> activists helped persuade them?
>>>
>>> If no, what is the true story of BSD developers?
>>
>>
>> http://www.openbsd.org/lyrics.html#44
>
>
> Also, for better understanding don't forget to read this too:
>
> http://www.openbsd.org/lyrics.html#43
>
> Regards,
> David

Re: Is true that the BSD developers were inspired to make their code free software by the example of the GNU Project, and explicit appeals from GNU activists helped persuade them?

[David Vasek]

On Tue, 16 Feb 2016, Alexey Suslikov wrote:


Jorge Luis  gmail.com> writes:


Is true that the BSD developers were inspired to make their code free
software by the example of the GNU Project, and explicit appeals from GNU
activists helped persuade them?

If no, what is the true story of BSD developers?


http://www.openbsd.org/lyrics.html#44


Also, for better understanding don't forget to read this too:

http://www.openbsd.org/lyrics.html#43

Regards,
David

jdk-1.8.0 and Eclipse

[Philippe Meunier]

Hello,

I'm running OpenBSD 5.8-release generic on i386.

Has anyone managed to get Eclipse 3.2 (the one from packages) working
with jdk-1.8.0 (from packages too)?  When I try, I get the following
error message: "An error has occurred. See the log file ..." and
Eclipse dies.

The log file contains many error messages like this one:

!ENTRY org.eclipse.equinox.common 4 0 2016-02-17 02:35:28.192
[...]
org.osgi.framework.BundleException: The bundle could not be resolved. Reason: 
Missing Constraint: Bundle-RequiredExecutionEnvironment: 
CDC-1.0/Foundation-1.0,J2SE-1.3
[...]

>From my limited understanding of the problem, this seems to indicate
that there is some sort of version mismatch between Eclipse 3.2 and
jdk-1.8.0 (Eclipse 3.2 being either somehow too old, or having been
compiled using an older version of Java; I'm not sure which is the
correct reason).

I installed jdk-1.7.0 (from packages too) and that solved the problem
for now, but it would be neat if someone had a (preferably simple)
solution to getting Eclipse and jdk-1.8.0 to work together.

Thanks,

Philippe

Re: Is true that the BSD developers were inspired to make their code free software by the example of the GNU Project, and explicit appeals from GNU activists helped persuade them?

[Chris Cappuccio]

Karel Gardas [gard...@gmail.com] wrote:
> On Tue, Feb 16, 2016 at 6:26 PM, Chris Cappuccio  wrote:
> >
> > It's very important that everyone sees the true greatness of Richard 
> > Stallman and the GNU project, without which, we would not have GNU Hurd.
> 
> or without which we would not be able to compile our OS? Let's stay
> honest OpenBSD still depends on GNU while using binutils/gcc in the
> tree. Perl probably too I would guess. Don't know if there is more
> GPLed code in the tree...
> 

More popular platforms could be moved to non-GNU tools, such as llvm,
elftoolchain, lld

Perl is not GNU licensed, but the Artistic license is unique enough
that it is kept in /usr/src/gnu

Re: startx vs xdm

[Jan Stary]

On Feb 16 11:49:58, erling.westen...@gmail.com wrote:
> On Tue, Feb 16, 2016 at 09:32:05AM +0100, Stefan Sperling wrote:
> > On Tue, Feb 16, 2016 at 09:15:58AM +0100, Jan Stary wrote:
> > > There seems to be a difference between an X session
> > > initialized by startx(1) and one launched by xdm(1).
> > > 
> > > When I start an X session via startx, the settings
> > > specified in ~/.Xresources seem to be honoured.
> > > A session started via xdm(1) does _not_ honour
> > > 
> > >   XTerm*utf8: true
> > >   XTerm*locale:   UTF-8
> > > 
> > > and every xterm I start in the running cwm(1)
> > > with ctrl+alt+del has XTERM_LOCALE=C
> > > 
> > > On the other hand, an xterm I start with `xterm`
> > > from an already running xterm has XTERM_LOCALE=cs_CZ.UTF-8
> > > For an xdm(1) session, this is exactly the difference in env(1)
> > > between a ctrl-alt-del started xterm and an `xterm`.
> > > 
> > > In a startx(1) session, the xterm started as ctrl-alt-del
> > > already has XTERM_LOCALE=cs_CZ.UTF-8 as per ~/.Xresources
> > > 
> > > Is this expected? Is it due to a difference between
> > > an xdm(1) session and a startx(1) session?
> > > 
> > >   Jan
> > > 
> > > 
> > > $ cat ~/.xinit:
> > > 
> > > #!/bin/sh
> > > 
> > > xset -b -c dpms 300 600 900 m 2 0 r rate 400 30 s blank s 120 60
> > > xsetroot -solid black
> > > xrdb ~/.Xresources
> > 
> > The above line calling xrdb makes your .Xresources file work.
> > startx reads ~/.xinit while xdm reads ~/.xsession.
> 
> I believe that should read ~/.xinitrc according to startx(1)?

Yes.

> > Create a .xsession file which matches your .xinit (or use a symlink)
> > and xdm should pick .Xresources up, too.

Thanks for the hint. However, having a ~/.xsession identical to ~/.xinitrc
still leads to the same behaviour.

Note that even in a xdm(1) session I do get an UTF8 xterm
IF I launch it from the command line. So the ~/.Xresources
must be consulted at some point. It is just that the xterm
started with cwm's ctrl-alt-del does have XTERM_LOCALE=C

Jan

> > > setxkbmap -layout "us,cz" -option "grp:shifts_toggle,grp_led:scroll"
> > > xmodmap ~/.xmodmaprc
> > > cwm

Re: Is true that the BSD developers were inspired to make their code free software by the example of the GNU Project, and explicit appeals from GNU activists helped persuade them?

[Karel Gardas]

On Tue, Feb 16, 2016 at 6:26 PM, Chris Cappuccio  wrote:
>
> It's very important that everyone sees the true greatness of Richard Stallman 
> and the GNU project, without which, we would not have GNU Hurd.

or without which we would not be able to compile our OS? Let's stay
honest OpenBSD still depends on GNU while using binutils/gcc in the
tree. Perl probably too I would guess. Don't know if there is more
GPLed code in the tree...

Anyway, original paragraph was complete nonsense of course...

Re: Storage server HW advice/feedback req for setup overall & in particular reliability/QoS of SATA, to

[j]

Hi,

This is to ask you for your thoughts/advice on the best hardware setup
for an OpenBSD server.


Oh where to start.  You have a lot of enthusiasm clearly but not a lot 
of

experience.

OK, I'll bite.

"best" is subjective.  The server(s) will be surrounded
by clients (they are servers after all).  What is the best client for
this best server?  What is the purpose of this collection of servers
and clients?  What is your budget?  Who will evaluate this system and on
what basis will they describe it as successful or not?



This email ultimately reduces to the question, "What HW & config do you
suggest for minimizing the possibility of IO freeze or system crash 
from

BIOS or SATA card, in the event of SSD/HDD malfunction?", however I'll
take the whole reasoning around the HW choice from ground up with you
just to see that you feel that I got it all right.



This post and others seem to show you are very concerned with I/O 
freeze.

Yet that is a rare occurence, by comparison to hundreds of other
possibilities for system failure.  AC power failure, for instance.


I hope this email will serve as general advice for others re. best
practice for OpenBSD server hardware choices.

GOAL
I am setting up an SSD-based storage facility that needs high data
integrity guarantees and high performance (random reads/writes). The
goal is to be able to safely store and constantly process something
about as important as, say, medical records.


"high" and "guarantee" are mutually incompatible.  You either get a 
guarantee
or you don't.  (Any guarantee is unlikely to be credible.)  Now, if they 
said
"perfect" and "guarantee" then your statement would be correct, however, 
still

unbelievable.  There is a disconnect here in the logic.



Needless to say, at some point such a storage server *will* fail, and
the only way to get to any sense of a pretty-much-100% uptime 
guarantee,
is to set up the facility in the form of multiple servers in a 
reduntant

cluster.


OK, now you have a choice: do you want to spend lots of money on highly
reliable servers, and cluster them, or spend less money on less reliable
servers and rely on the clustering for overall reliability?

OpenBSD does not support clustered filesystems, so here you must be 
assuming
some other non-OpenBSD package, such as from ports, to implement 
"clusters".


Is this right?



What the individual server can do then is to never ever deliver broken
data. And, locally and collectively there needs to be a well working
mechanism for detecting when a node needs maintenance & take it out of
use then.


Another error in logic.  "never ever" is incompatible with "*will* 
fail".


You might want to review how Netflix manages failure.  Look up "chaos 
monkey".
The gist of which is, based on a "will fail" assumption, they constantly 
test

handling failures.



What I want to ask you about nw then, is your thoughts on what would be
the most suitable hardware configuration for the individual server, for
them to function for as long as possible without need for physical
administrator intervention.


Why do you think you need to build such a device?  Why don't you buy it?

(Dell PowerEdge VRTX, HP hyper converged, etc)



(And for when physical admin intervention would be needed, to reduce
competence need for that maintenance if possible, to only involve
hotswapping or adding a physical disk - so that is to minimize need of
reboots due to SATA controller issues, weird BIOS behavior, or other
reasons.)

GENERAL PROBLEM SURFACE OF SERVER HARDWARE

It seems to me that the accumulated experience with respect to why
servers break, is 1) anything storage-related, 2) PSU, 3) other.


You don't give any source for this claim.  Check out various 
publications

by Google and other at-scale users about their experience.



So then, stability aspects should be given consideration in that order.

For 2), the PSU can be made redundant easily, and PSU failures are
fairly rare anyhow, so that is pretty much what is reasonable to do for
that.


You omit AC power failures, distribution panel faults, uninterruptible 
power
systems, power cables, unintended pressure by fingers roaming on/off 
buttons,

feet kicking power cables, and so on.  Why do you leave these risks out?



For 3), the "other" category would either be because of bad thermal
conditions (so that needs to be given proper consideration), or happen
anyhow, for which no safeguards exist anyhow, so we just need to take
that.

The rest of this post will discuss 1) the storage aspect, only.

THE STORAGE SOLUTION
Originally I thought RAID 5/6 would provide data integrity guarantees
and performance well. Then I saw the benchmark for a high-end RAID card
showing 25MB/sec write (= 95% overhead) and 80% overhead on reads
(http://www.storagereview.com/lsi_megaraid_sas3_93618i_review) per disk


The reference you cite says no such thing.  The word "overhead" does not
appear in the article.

That reference has some flaky methodology 

Re: Is true that the BSD developers were inspired to make their code free software by the example of the GNU Project, and explicit appeals from GNU activists helped persuade them?

[Richard Thornton]

I would read McKusick's book on FreeBSD. He gives a good historical accounting
of the BSD's. Also the book Raymond's book "The Cathedral and the Bazaar". 

Sent from my BlackBerry 10 smartphone on the Verizon Wireless 4G LTE network.
  Original Message  
From: Jorge Luis
Sent: Tuesday, February 16, 2016 12:08 PM
To: misc@openbsd.org
Subject: Is true that the BSD developers were inspired to make their code free
software by the example of the GNU Project, and explicit appeals from GNU
activists helped persuade them?

It is written in article 'Linux and the GNU System' posted in GNU Operating
System:

"People sometimes ask whether BSD too is a version of GNU, like GNU/Linux.
The BSD developers were inspired to make their code free software by the
example of the GNU Project, and explicit appeals from GNU activists helped
persuade them, but the code had little overlap with GNU. BSD systems today
use some GNU programs, just as the GNU system and its variants use some BSD
programs; however, taken as wholes, they are two different systems that
evolved separately. The BSD developers did not write a kernel and add it to
the GNU system, and a name like GNU/BSD would not fit the situation.(5)"

Is true that the BSD developers were inspired to make their code free
software by the example of the GNU Project, and explicit appeals from GNU
activists helped persuade them?

If no, what is the true story of BSD developers?



--
View this message in context:
http://openbsd-archive.7691.n7.nabble.com/Is-true-that-the-BSD-developers-wer
e-inspired-to-make-their-code-free-software-by-the-example-of-the-tp289840.ht
ml
Sent from the openbsd user - misc mailing list archive at Nabble.com.

Re: Is true that the BSD developers were inspired to make their code free software by the example of the GNU Project, and explicit appeals from GNU activists helped persuade them?

[Chris Cappuccio]

Yes
The great example of Richard Stallman set the University of California Berkeley 
on their righteous way to make AT Unix System V free for all!!!

I'm glad this history is finally being discovered and talked about on the 
OpenBSD mailing lists.

It's very important that everyone sees the true greatness of Richard Stallman 
and the GNU project, without which, we would not have GNU Hurd.

Jorge Luis [jorgeluiscorreioeletron...@gmail.com] wrote:
> It is written in article 'Linux and the GNU System' posted in GNU Operating
> System:
> 
> "People sometimes ask whether BSD too is a version of GNU, like GNU/Linux.
> The BSD developers were inspired to make their code free software by the
> example of the GNU Project, and explicit appeals from GNU activists helped
> persuade them, but the code had little overlap with GNU. BSD systems today
> use some GNU programs, just as the GNU system and its variants use some BSD
> programs; however, taken as wholes, they are two different systems that
> evolved separately. The BSD developers did not write a kernel and add it to
> the GNU system, and a name like GNU/BSD would not fit the situation.(5)"
> 
> Is true that the BSD developers were inspired to make their code free
> software by the example of the GNU Project, and explicit appeals from GNU
> activists helped persuade them?
> 
> If no, what is the true story of BSD developers?
> 
> 
> 
> --
> View this message in context: 
> http://openbsd-archive.7691.n7.nabble.com/Is-true-that-the-BSD-developers-were-inspired-to-make-their-code-free-software-by-the-example-of-the-tp289840.html
> Sent from the openbsd user - misc mailing list archive at Nabble.com.

Re: Is true that the BSD developers were inspired to make their code free software by the example of the GNU Project, and explicit appeals from GNU activists helped persuade them?

[Alexey Suslikov]

Jorge Luis  gmail.com> writes:

> Is true that the BSD developers were inspired to make their code free
> software by the example of the GNU Project, and explicit appeals from GNU
> activists helped persuade them?
> 
> If no, what is the true story of BSD developers?

http://www.openbsd.org/lyrics.html#44

Is true that the BSD developers were inspired to make their code free software by the example of the GNU Project, and explicit appeals from GNU activists helped persuade them?

[Jorge Luis]

It is written in article 'Linux and the GNU System' posted in GNU Operating
System:

"People sometimes ask whether BSD too is a version of GNU, like GNU/Linux.
The BSD developers were inspired to make their code free software by the
example of the GNU Project, and explicit appeals from GNU activists helped
persuade them, but the code had little overlap with GNU. BSD systems today
use some GNU programs, just as the GNU system and its variants use some BSD
programs; however, taken as wholes, they are two different systems that
evolved separately. The BSD developers did not write a kernel and add it to
the GNU system, and a name like GNU/BSD would not fit the situation.(5)"

Is true that the BSD developers were inspired to make their code free
software by the example of the GNU Project, and explicit appeals from GNU
activists helped persuade them?

If no, what is the true story of BSD developers?



--
View this message in context: 
http://openbsd-archive.7691.n7.nabble.com/Is-true-that-the-BSD-developers-were-inspired-to-make-their-code-free-software-by-the-example-of-the-tp289840.html
Sent from the openbsd user - misc mailing list archive at Nabble.com.

Re: bringing degraded softraid online

[Johan Huldtgren]

On 2/16/16 10:31, Joel Sing wrote:

This is the reason that the volume will not reassemble - two of your chunks
have metadata with version 64, while the rest have version 63. As such, only
chunks 0 and 1 are considered to be online - all others have old metadata and
are marked offline.

This most likely occurred due to the original panic (from another mail in the
same thread):

panic: Non dma-reachable buffer at curaddr 0x81115888(raw)
Stopped at Debugger+0x9: leave
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*25637 25637 0 0x14000 0x200 1 srdis
Debugger() at Debugger+0x9
panic() at panic+0xfe
_bus_dmamap_load_buffer() at _bus_dmamap_load_buffer+0x1b6
_bus_dmamap_load() at _bus_dmamap_load+0x7f
ahci_load_prdt() at ahci_load_prdt+0x97
ahci_ata_cmd() at ahci_ata_cmd+0x69
atascsi_disk_cmd() at atascsis_disk_cmd+0x1b1
scsi_xs_exec() scsi_xs_exec+0x35
sdstart() at sdstart+0x16f
scsi_iopool_run() at scsi_iopool_run+0x5d
scsi_xsh_runqueue() at scsi_xsh_runqueue+0x13d
scsi_xsh_add() at scsi_xsh_add+0x98
sdstrategy() at sdstrategy+0x10f
spec_strategy() at spec_strategy+0x53

My guess is that it was in the process of writing out new metadata (version
64) when it paniced due to the AHCI driver being passed a non dma-reachable
buffer. This is most likely due to a bug in the softraid code - we're likely
using a malloc'd buffer in a place where we need to use a dma_alloc'd one.


I've been running with krw@'s patch from this related thread[1] and copying
and I've not paniced (yet, still have lots of data to copy back), but I'll
gladly test any patches which come out of this.

thanks,

.jh

[1] http://marc.info/?t=14552934247=1=2

Re: PPPoE / isakmpd race

[Stuart Henderson]

Is the address in "Listen-on" a static address for this connection?

If so, you should be able to use it directly in hostname.pppoe0
instead of 0.0.0.0, and that might well solve this.

Re: pf, bridge and vether: interface with no group

[Patrick Lamaiziere]

Le Tue, 16 Feb 2016 13:05:51 +0100,
Clemens Goessnitzer  a écrit :

Ok I think :

the pf.conf rule 
### rules for internal network ###
pass inet proto { tcp, udp } from internal:network to port $udp_services

is expanded to 

pass inet proto udp from 10.0.0.0/24 to any port = 22
pass inet proto udp from 10.0.0.0/24 to any port = 53
pass inet proto udp from 10.0.0.0/24 to any port = 123
pass inet proto udp from 10.0.0.0/24 to any port = 67
pass inet proto udp from 10.0.0.0/24 to any port = 68

For DHCP, the source IP is 0.0.0.0 so this does not match.

If re1 is a member of the group internal how this rule is expanded ?
(may be there is something with "if:network' when the interface
does not have an IP address and a network.)

Regards,

Re: bringing degraded softraid online

[Joel Sing]

On Saturday 06 February 2016 16:09:53 Johan Huldtgren wrote:
> > Not sure. Perhaps these drives don't have good meta data due to the
> > crash?
> > Can you set sr_debug = SR_D_STATE | SR_D_META and see if that prints
> > anything informative?
> 
> well we now get lots more:
> 
> softraid0 at root
> scsibus5 at softraid0: 256 targets
> softraid0: sr_boot_assembly
> softraid0: sr_meta_native_bootprobe
[snip]
> softraid0: assembling volume 05a4f9a1-e533-4e6b-ad0c-7051a541c881 volid
> 0 with 8 chunks
> softraid0: using ondisk metadata version 64 for chunk 0
> softraid0: using ondisk metadata version 64 for chunk 1
> softraid0: using ondisk metadata version 63 for chunk 2
> softraid0: using ondisk metadata version 63 for chunk 3
> softraid0: using ondisk metadata version 63 for chunk 4
> softraid0: using ondisk metadata version 63 for chunk 5
> softraid0: using ondisk metadata version 63 for chunk 6
> softraid0: using ondisk metadata version 63 for chunk 7

This is the reason that the volume will not reassemble - two of your chunks 
have metadata with version 64, while the rest have version 63. As such, only 
chunks 0 and 1 are considered to be online - all others have old metadata and 
are marked offline.

This most likely occurred due to the original panic (from another mail in the 
same thread):

panic: Non dma-reachable buffer at curaddr 0x81115888(raw)
Stopped at Debugger+0x9: leave
TID PID UID PRFLAGS PFLAGS CPU COMMAND
*25637 25637 0 0x14000 0x200 1 srdis
Debugger() at Debugger+0x9
panic() at panic+0xfe
_bus_dmamap_load_buffer() at _bus_dmamap_load_buffer+0x1b6
_bus_dmamap_load() at _bus_dmamap_load+0x7f
ahci_load_prdt() at ahci_load_prdt+0x97
ahci_ata_cmd() at ahci_ata_cmd+0x69
atascsi_disk_cmd() at atascsis_disk_cmd+0x1b1
scsi_xs_exec() scsi_xs_exec+0x35
sdstart() at sdstart+0x16f
scsi_iopool_run() at scsi_iopool_run+0x5d
scsi_xsh_runqueue() at scsi_xsh_runqueue+0x13d
scsi_xsh_add() at scsi_xsh_add+0x98
sdstrategy() at sdstrategy+0x10f
spec_strategy() at spec_strategy+0x53

My guess is that it was in the process of writing out new metadata (version 
64) when it paniced due to the AHCI driver being passed a non dma-reachable 
buffer. This is most likely due to a bug in the softraid code - we're likely 
using a malloc'd buffer in a place where we need to use a dma_alloc'd one.

ksh search history backwards patch still available

[Rudolf Sykora]

Hello,

does anybody have a patch described here

http://tech.openbsd.narkive.com/Ns42EcmB/patch-to-ksh-adding-history-search-backward-forward

which can be applied to the 5.8 release?
(direct use of the linked patch fails at a few places...)

Thanks
Ruda

Storage server HW advice/feedback req for setup overall & in particular reliability/QoS of SATA, to protect from controller- or BIOS-induced system crashes? Dedicated PCI SATA HBA needed??

[Tinker]

Hi,

This is to ask you for your thoughts/advice on the best hardware setup
for an OpenBSD server.

This email ultimately reduces to the question, "What HW & config do you
suggest for minimizing the possibility of IO freeze or system crash from
BIOS or SATA card, in the event of SSD/HDD malfunction?", however I'll
take the whole reasoning around the HW choice from ground up with you
just to see that you feel that I got it all right.

I hope this email will serve as general advice for others re. best
practice for OpenBSD server hardware choices.

GOAL
I am setting up an SSD-based storage facility that needs high data
integrity guarantees and high performance (random reads/writes). The
goal is to be able to safely store and constantly process something
about as important as, say, medical records.

Needless to say, at some point such a storage server *will* fail, and
the only way to get to any sense of a pretty-much-100% uptime guarantee,
is to set up the facility in the form of multiple servers in a reduntant
cluster.

What the individual server can do then is to never ever deliver broken
data. And, locally and collectively there needs to be a well working
mechanism for detecting when a node needs maintenance & take it out of
use then.

What I want to ask you about now then, is your thoughts on what would be
the most suitable hardware configuration for the individual server, for
them to function for as long as possible without need for physical
administrator intervention.

(And for when physical admin intervention would be needed, to reduce
competence need for that maintenance if possible, to only involve
hotswapping or adding a physical disk - so that is to minimize need of
reboots due to SATA controller issues, weird BIOS behavior, or other
reasons.)

GENERAL PROBLEM SURFACE OF SERVER HARDWARE

It seems to me that the accumulated experience with respect to why
servers break, is 1) anything storage-related, 2) PSU, 3) other.

So then, stability aspects should be given consideration in that order.

For 2), the PSU can be made redundant easily, and PSU failures are
fairly rare anyhow, so that is pretty much what is reasonable to do for
that.

For 3), the "other" category would either be because of bad thermal
conditions (so that needs to be given proper consideration), or happen
anyhow, for which no safeguards exist anyhow, so we just need to take
that.

The rest of this post will discuss 1) the storage aspect, only.

THE STORAGE SOLUTION
Originally I thought RAID 5/6 would provide data integrity guarantees
and performance well. Then I saw the benchmark for a high-end RAID card
showing 25MB/sec write (= 95% overhead) and 80% overhead on reads
(http://www.storagereview.com/lsi_megaraid_sas3_93618i_review) per disk
set, which is enough to make me understand that the upcoming softraid
RAID1C with 2-4 drives will be far better at delivering those qualities
-

Of course I didn't see any benchmarks on RAID1C, but I guess its
overhead for both read and write will be <<10-15% in average at least
with its default CRC32C.

(Perhaps RAID1C needs to be fortified with a better checksumming
algorithm, and perhaps also double mirror reads on any read (depending
on how the scrubbing works - didn't check this yet), though that is a
separate conversation.)

Of course to really know how well RAID1C will perform, I would need to
benchmark it, but, there seems to be a general consensus in the RAID
community that checksummed mirroring is preferable to RAID 5/6, so like,
I perceive that this preliminary understanding I have that RAID1C will
be the winning option, is well founded.

The SSD:s would be enterprise grade and hence *should* shut down
immediately if they start malfunctioning, so there should be essentially
no QoS dumps in the softraid from any IO operations that take ultra-long
to complete e.g. >>>10 seconds.

For the RAID1C to really deliver then (now that PSU, CPU, RAM, and SSD
all work), all that would be needed is that the remaining factors
deliver well, so that is the SATA connectivity and that the BIOS
operates transparently.

HARDWARE BUDGET
A good Xeon Supermicro server with onboard SATA and ethernet with decent
PSU, RAM, CPU is some 1000:ds USD. 2TB x 2-3 enterprise SSD:s is around
2700-4000 USD. If any specialized SATA controllers if needed would be
below 2000 USD anyhow.

QUESTION
Someone with 30 years of admin experience warned me that in the case
that an individual storage drive dies, the SATA controller could crash,
or the BIOS could kill the whole system.

Also he warned me that if any disk in the boot softraid RAID1 would
break, then the BIOS could get so confused that the system even wouldn't
want to boot - and for that reason I guess the boot disks should be
separated altogether from the "data disks", as the further will have a
much, much lower turnover.

A SATA-controller- or BIOS-induced system crash, freeze, or other need
to reboot the system because of malfunction because of them, would be
really 

Re: pf, bridge and vether: interface with no group

[Patrick Lamaiziere]

Le Tue, 16 Feb 2016 00:10:41 +0100,
Clemens Goessnitzer  a écrit :

> Hello misc,

Hi

...

> So, if I specify a group for re1, everything is working as expected.
> However, if re1 is not a member of any group, DHCP request are blocked
> by pf, as tcpdump shows. Is this intended behaviour? Or have I done
> something wrong in my ruleset?

hmmm may be the output of the ruleset loaded by pf will help.

# pfctl -sr

Regards

Re: Hardware compatibility

[Gabriele Tozzi]

> That was early on, but you should probably see NXE in the dmesg of all
> intel cpus these days.
>  
> [...]
> 
> I'm not certain I have tried exactly Pro 1000 PT Dual, but all intel gig
> dual cards
> I did try worked like a charm. I assume the quads work out nicely too.

The card arrived today and it worked out-of-the box.

I have now installed amd64 version and it has NXE enabled.

Thank you!

Gabriele Tozzi

-- 
GPG Key Fingerprint:
DAD1 E3E3 C3E9 36FB C570 F405 9B5F 7108 A1D0 2FFF

Re: Will Softraid RAID1 read from the fastest mirror/-s / supports user-specified device read priority order, nowadays? Takes broken disk out of use?

[lists]

Mon, 15 Feb 2016 22:03:13 +0100 Karel Gardas 
> > ..And therefore you need enterprise disks because they behave "cleanly", as
> > when using those only, essentially full softraid QoS is maintained at all
> > times.  
> 
> Interesting! I've understand Nick excellent email in completely
> reversed sense.

That does not reverse the advice however.  Double slow speed read again
carefully ;-)

> I understood it in "use consumer drives which fail
> really slowly and with degraded performance which will give you a
> chance to notice it at all.

This is not the concept.  It is more an important technological
prerequisite many people don't know exists in the hardware RAID world.

> With enterprise, your drives may fail too
> quickly so there is a danger of failing drive in a array which is just
> rebuilding after another drive failure few hours ago".

That's not the takeaway advice.  That would be: have in mind some
controllers reject a drive which is still operational but does not meet
the controller timeout.  More like: hardware RAID controllers twist
your hands to buy enterprise class disks and replace them more
diligently before they actually reach the fail state on continuous
usage timing parameters.

Plan for your use case, and consult the man page and respective source
code on implementation details.  And flash storage disks are still
unreliable compared to spinning hard drives.

Re: pf, bridge and vether: interface with no group

[Clemens Goessnitzer]

On 2016-02-16 11:17, Patrick Lamaiziere wrote:
> Le Tue, 16 Feb 2016 00:10:41 +0100,
> Clemens Goessnitzer  a écrit 
>> Hello misc,
> 
> Hi
> 

Salut!

> 
>> So, if I specify a group for re1, everything is working as expected.
>> However, if re1 is not a member of any group, DHCP request are blocked
>> by pf, as tcpdump shows. Is this intended behaviour? Or have I done
>> something wrong in my ruleset?
> 
> hmmm may be the output of the ruleset loaded by pf will help.
> 
> # pfctl -sr

# pfctl -sr
match in all scrub (no-df max-mss 1440)
block drop in quick on ! external inet from 192.168.0.0/24 to any
block drop in quick inet from 192.168.0.10 to any
block drop in quick on ! internal inet from 10.0.0.0/24 to any
block drop in quick inet from 10.0.0.1 to any
block drop quick from  to any
pass log (all) quick inet proto icmp all icmp-type echoreq
pass log (all) quick inet proto icmp all icmp-type echorep
pass log (all) quick inet proto icmp all icmp-type unreach
block drop log all
block return log (all) inet from 10.0.0.0/24 to any
match out proto tcp from any to any port = 53 set ( prio(6, 7) )
match out proto udp from any to any port = 53 set ( prio(6, 7) )
pass quick on external inet proto tcp from 127.0.0.1 to any port = 53
flags S/SA
pass quick on external inet proto tcp from 192.168.0.10 to any port = 53
flags S/SA
pass quick on external inet proto tcp from 10.0.0.1 to any port = 53
flags S/SA
pass quick on external inet proto udp from 127.0.0.1 to any port = 53
pass quick on external inet proto udp from 192.168.0.10 to any port = 53
pass quick on external inet proto udp from 10.0.0.1 to any port = 53
pass quick inet proto tcp from any to any port = 53 flags S/SA
pass quick inet proto udp from any to any port = 53
pass log quick inet proto tcp from any to 192.168.0.10 port = 22 flags
S/SA keep state (source-track rule, max-src-conn 15, max-src-conn-rate
3/15, overload  flush global, src.track 15)
pass log quick inet proto udp from any to 192.168.0.10 port = 22 keep
state (source-track rule, max-src-conn 15, max-src-conn-rate 3/15,
overload  flush global, src.track 15)
pass inet proto tcp from 10.0.0.0/24 to any port = 22 flags S/SA
pass inet proto tcp from 10.0.0.0/24 to any port = 53 flags S/SA
pass inet proto tcp from 10.0.0.0/24 to any port = 123 flags S/SA
pass inet proto tcp from 10.0.0.0/24 to any port = 67 flags S/SA
pass inet proto tcp from 10.0.0.0/24 to any port = 68 flags S/SA
pass inet proto tcp from 10.0.0.0/24 to any port = 143 flags S/SA
pass inet proto tcp from 10.0.0.0/24 to any port = 993 flags S/SA
pass inet proto tcp from 10.0.0.0/24 to any port = 113 flags S/SA
pass inet proto tcp from 10.0.0.0/24 to any port = 119 flags S/SA
pass inet proto tcp from 10.0.0.0/24 to any port = 80 flags S/SA
pass inet proto tcp from 10.0.0.0/24 to any port = 443 flags S/SA
pass inet proto tcp from 10.0.0.0/24 to any port = 2401 flags S/SA
pass inet proto tcp from 10.0.0.0/24 to any port = 587 flags S/SA
pass inet proto udp from 10.0.0.0/24 to any port = 22
pass inet proto udp from 10.0.0.0/24 to any port = 53
pass inet proto udp from 10.0.0.0/24 to any port = 123
pass inet proto udp from 10.0.0.0/24 to any port = 67
pass inet proto udp from 10.0.0.0/24 to any port = 68
pass inet proto udp from 10.0.0.0/24 to any port 33433:33626
match out on external inet from 10.0.0.0/24 to any nat-to (external:0)
round-robin

And what I should have included maybe in the original email:

# cat /etc/hostname.vether0
inet 10.0.0.1 255.255.255.0 10.0.0.255
group internal
# cat /etc/hostname.bridge0
add re1
add athn0
add athn1
add vether0
up
# cat /etc/dhcpd.conf
# cat /etc/dhcpd.conf

#   $OpenBSD: dhcpd.conf,v 1.1 2014/07/11 21:20:10 deraadt Exp $
#
# DHCP server options.
# See dhcpd.conf(5) and dhcpd(8) for more information.
#
default-lease-time 86400;

subnet 10.0.0.0 netmask 255.255.255.0 {
option routers 10.0.0.1;
option domain-name-servers 10.0.0.1;

range 10.0.0.5 10.0.0.254;

host debian {
hardware ethernet d0:50:99:37:bb:a2;
fixed-address 10.0.0.2;
}

host nexus5 {
hardware ethernet bc:f5:ac:ff:84:19;
fixed-address 10.0.0.3;
}

host nexus7 {
hardware ethernet ac:22:0b:5c:f4:a7;
fixed-address 10.0.0.4;
}
}

Re: startx vs xdm

[Erling Westenvik]

On Tue, Feb 16, 2016 at 09:32:05AM +0100, Stefan Sperling wrote:
> On Tue, Feb 16, 2016 at 09:15:58AM +0100, Jan Stary wrote:
> > There seems to be a difference between an X session
> > initialized by startx(1) and one launched by xdm(1).
> > 
> > When I start an X session via startx, the settings
> > specified in ~/.Xresources seem to be honoured.
> > A session started via xdm(1) does _not_ honour
> > 
> > XTerm*utf8: true
> > XTerm*locale:   UTF-8
> > 
> > and every xterm I start in the running cwm(1)
> > with ctrl+alt+del has XTERM_LOCALE=C
> > 
> > On the other hand, an xterm I start with `xterm`
> > from an already running xterm has XTERM_LOCALE=cs_CZ.UTF-8
> > For an xdm(1) session, this is exactly the difference in env(1)
> > between a ctrl-alt-del started xterm and an `xterm`.
> > 
> > In a startx(1) session, the xterm started as ctrl-alt-del
> > already has XTERM_LOCALE=cs_CZ.UTF-8 as per ~/.Xresources
> > 
> > Is this expected? Is it due to a difference between
> > an xdm(1) session and a startx(1) session?
> > 
> > Jan
> > 
> > 
> > $ cat ~/.xinit:
> > 
> > #!/bin/sh
> > 
> > xset -b -c dpms 300 600 900 m 2 0 r rate 400 30 s blank s 120 60
> > xsetroot -solid black
> > xrdb ~/.Xresources
> 
> The above line calling xrdb makes your .Xresources file work.
> startx reads ~/.xinit while xdm reads ~/.xsession.

I believe that should read ~/.xinitrc according to startx(1)?
   ^^
> Create a .xsession file which matches your .xinit (or use a symlink)
> and xdm should pick .Xresources up, too.
> 
> > setxkbmap -layout "us,cz" -option "grp:shifts_toggle,grp_led:scroll"
> > xmodmap ~/.xmodmaprc
> > cwm

OpenBSD 5.8 ikev2 road warrior setup with various clients

[George Mamalakis]

Hi all!

I'm trying to configure an ikev2 VPN gateway on my OpenBSD 5.8 box to 
allow remote access to my local network from various, road-warrior 
client "types" (MS Windows, Linux's, BSD's). My example local network is 
10.0.0.0/24 and my public IP (egress) is 1.2.3.4.


I've read various guides on the Internet regarding analogous setups, but 
all of them were discussing about MS Windows clients. I'm trying to test 
my setup with an OpenBSD 5.8 client but I fail, and next I'd like to 
test it with a FreeBSD and a Linux client to see if it works.


My /etc/iked.conf looks like this:

ikev2 passive esp \
from 10.0.0.0/24 to 10.10.10.0/24 local 1.2.3.4 peer any \
psk mypass  \
config address 10.10.10.5

My client's /etc/iked.conf looks like this:

ikev2 active esp \
from 10.10.10.0/24 to 10.0.0.0/24 peer 1.2.3.4 \
psk lala123

which is based on an old email of this list (at around 2012), and as I 
explained earlier, it doesn't work. What happens is that when I try to 
access 10.0.0.1 from my client, the specific traffic is not passing from 
enc0 but is rather passing directly from the egress interface to its 
default route. Now, as it seems, this is a routing/flows issue, but I am 
unsure as to how to address it.


ipsecctl -sa on both machines looks good (or at least I think it does):

server:
# ipsecctl -sa
FLOWS:
flow esp in from 10.10.10.0/24 to 10.0.0.0/24 peer 5.6.7.8 srcid 
FQDN/1.2.3.4 dstid FQDN/5.6.7.8 type use
flow esp out from 10.0.0.0/24 to 10.10.10.0/24 peer 5.6.7.8 srcid 
FQDN/1.2.3.4 dstid FQDN/5.6.7.8 type require

flow esp out from ::/0 to ::/0 type deny

SAD:
esp tunnel from 5.6.7.8 to 1.2.3.4 spi 0x3ebcc647 auth hmac-sha2-256 enc 
aes-256
esp tunnel from 1.2.3.4 to 5.6.7.8 spi 0x736c382f auth hmac-sha2-256 enc 
aes-256


client:
# ipsecctl -sa
FLOWS:
flow esp in from 10.0.0.0/24 to 10.10.10.0/24 peer 1.2.3.4 srcid 
FQDN/5.6.7.8 dstid FQDN/1.2.3.4 type use
flow esp out from 10.10.10.0/24 to 10.0.0.0/24 peer 1.2.3.4 srcid 
FQDN/5.6.7.8 dstid FQDN/1.2.3.4 type require

flow esp out from ::/0 to ::/0 type deny

SAD:
esp tunnel from 5.6.7.8 to 1.2.3.4 spi 0x3ebcc647 auth hmac-sha2-256 enc 
aes-256
esp tunnel from 1.2.3.4 to 5.6.7.8 spi 0x736c382f auth hmac-sha2-256 enc 
aes-256


As inferred, my client's public IP is 5.6.7.8, and on both machines ip 
forwarding is enabled (pf allows all traffic as well).


Any help would be greatly appreciated, and directions towards an 
analogous, working, client setup for FreeBSD and Linux would be equally 
appreciated.


Thanks all in advance,

George.

Re: startx vs xdm

[Stefan Sperling]

On Tue, Feb 16, 2016 at 09:15:58AM +0100, Jan Stary wrote:
> There seems to be a difference between an X session
> initialized by startx(1) and one launched by xdm(1).
> 
> When I start an X session via startx, the settings
> specified in ~/.Xresources seem to be honoured.
> A session started via xdm(1) does _not_ honour
> 
>   XTerm*utf8: true
>   XTerm*locale:   UTF-8
> 
> and every xterm I start in the running cwm(1)
> with ctrl+alt+del has XTERM_LOCALE=C
> 
> On the other hand, an xterm I start with `xterm`
> from an already running xterm has XTERM_LOCALE=cs_CZ.UTF-8
> For an xdm(1) session, this is exactly the difference in env(1)
> between a ctrl-alt-del started xterm and an `xterm`.
> 
> In a startx(1) session, the xterm started as ctrl-alt-del
> already has XTERM_LOCALE=cs_CZ.UTF-8 as per ~/.Xresources
> 
> Is this expected? Is it due to a difference between
> an xdm(1) session and a startx(1) session?
> 
>   Jan
> 
> 
> $ cat ~/.xinit:
> 
> #!/bin/sh
> 
> xset -b -c dpms 300 600 900 m 2 0 r rate 400 30 s blank s 120 60
> xsetroot -solid black
> xrdb ~/.Xresources

The above line calling xrdb makes your .Xresources file work.

startx reads ~/.xinit while xdm reads ~/.xsession.
Create a .xsession file which matches your .xinit (or use a symlink)
and xdm should pick .Xresources up, too.

> setxkbmap -layout "us,cz" -option "grp:shifts_toggle,grp_led:scroll"
> xmodmap ~/.xmodmaprc
> cwm

startx vs xdm

[Jan Stary]

There seems to be a difference between an X session
initialized by startx(1) and one launched by xdm(1).

When I start an X session via startx, the settings
specified in ~/.Xresources seem to be honoured.
A session started via xdm(1) does _not_ honour

XTerm*utf8: true
XTerm*locale:   UTF-8

and every xterm I start in the running cwm(1)
with ctrl+alt+del has XTERM_LOCALE=C

On the other hand, an xterm I start with `xterm`
from an already running xterm has XTERM_LOCALE=cs_CZ.UTF-8
For an xdm(1) session, this is exactly the difference in env(1)
between a ctrl-alt-del started xterm and an `xterm`.

In a startx(1) session, the xterm started as ctrl-alt-del
already has XTERM_LOCALE=cs_CZ.UTF-8 as per ~/.Xresources

Is this expected? Is it due to a difference between
an xdm(1) session and a startx(1) session?

Jan


$ cat ~/.xinit:

#!/bin/sh

xset -b -c dpms 300 600 900 m 2 0 r rate 400 30 s blank s 120 60
xsetroot -solid black
xrdb ~/.Xresources
setxkbmap -layout "us,cz" -option "grp:shifts_toggle,grp_led:scroll"
xmodmap ~/.xmodmaprc
cwm


$ cat ~/.Xresources
(also symlinked as ~/.Xdefaults)

XTerm*termName: xterm-color
XTerm*message:  true
XTerm*cutNewline:   true
XTerm*cutToBeginningOfLine: true
XTerm*charClass:37:48,45-47:48,58:48,64:48,126:48
! Here is a pattern that is useful for double-clicking on a URL:
!*charClass: 33:48,35:48,37-38:48,43-47:48,58:48,61:48,63-64:48,95:48,126:48
! Alternatively,
!*on2Clicks: regex 
[[:alpha:]]+://([[:alnum:]!#+,./=?@_~-]|(%[[:xdigit:]][[:xdigit:]]))+
XTerm*toolBar:  false
!XTerm.keyboardType:vt220
XTerm*backarrowKeyIsErase:  false
!XTer*deleteIsDEL:  true
!XTerm.ptyInitialErase: true
XTerm*background:   black
XTerm*foreground:   white
XTerm*activeIcon:   false
XTerm*autowrap: true
XTerm*colorMode:true
XTerm*cursorBlink:  true
XTerm*backarrowKey: true
XTerm*dynamicColors:false
XTerm*loginShell:   true
XTerm*reverseWrap:  true
XTerm*scrollBar:false
!XTerm*scrollKey:   true
!XTerm*scrollLines: 1024
!XTerm*scrollTtyOutput: false
XTerm*saveLines:1024
XTerm*selectToClipboard:true
!XTerm*translations:TODO
XTerm*visualBell:   true
XTerm*pointerMode:  0
*modifyFunctionKeys:0

XTerm*eightBitInput:true
XTerm*eightBitOutput:   true
!XTerm*allowC1Printable:true

XTerm*utf8: true
XTerm*locale:   UTF-8
!XTerm*locale:  true
!*fontMenu*utf8-mode*Label: UTF-8 Encoding
!*fontMenu*utf8-fonts*Label:UTF-8 Fonts
!*fontMenu*utf8-title*Label:UTF-8 Titles

*VT100.utf8Fonts.font:  
-misc-fixed-medium-r-semicondensed--13-120-75-75-c-60-iso10646-1
!*VT100.utf8Fonts.font2:
-misc-fixed-medium-r-normal--8-80-75-75-c-50-iso10646-1
!*VT100.utf8Fonts.font3:
-misc-fixed-medium-r-normal--14-130-75-75-c-70-iso10646-1
!*VT100.utf8Fonts.font4:
-misc-fixed-medium-r-normal--13-120-75-75-c-80-iso10646-1
!*VT100.utf8Fonts.font5:
-misc-fixed-medium-r-normal--18-120-100-100-c-90-iso10646-1
!*VT100.utf8Fonts.font6:
-misc-fixed-medium-r-normal--20-200-75-75-c-100-iso10646-1

! xterm recognizes several escape sequences which can be used to set fonts,
! window properties, return settings via escape sequences.  Some find these
! useful; others are concerned with the possibility of unexpected inputs.
! Depending on your environment, you may wish to disable those by default by
! uncommenting one or more of the resource settings below:
*allowFontOps: false
*allowTcapOps: false
*allowTitleOps: false
*allowWindowOps: false