Re: OpenBSD 5.2 AutoFSCK at boot
On 11/24/16 08:48, Markus Hennecke wrote: > Am 24.11.2016 um 14:31 schrieb Luescher Claude: >> I have couple of OpenBSD 5.2 vms where I could use automatic file system >> repair at start. In most other OS'es I have running virtualized >> (windows, linux) it's not a problem, they automatically repair >> filesystem inconsistencies and start up but not OpenBSD. > > Is the VM hypervisor a VMWare ESX and you got the paravirtualized SCSI > controller set up? If that is the case, switch the controller to the > lsilogic parallel and the file systems will be repaired during fsck. > > The problem seems to be that the first write on the paravirtualized > controller does not end up on the virtual disk. This is the case for > OpenBSD 6.0 and later, don't know about 5.2. it's been a problem for a long time. And a cool thing: the change won't break anything, either. Just works. Yes, lousy problem report, but I'll bet this is it. Nick.
Re: Recommendation for firewall appliance running of and OpenBSD
> As far as I know, Halon cuts the number of IPSec tunnels on free version. You're paying for ease of use and polish. Software developers aren't free.
Re: IPSec
You should be able to. As far as I understand ipses.conf gets “translated” to isakmpd.conf I use both. What I have in isakmpd.conf is: [General] DPD-check-interval = 60 Works fine. //mxb > On 24 nov. 2016, at 22:58, Damian McGuckinwrote: > > Can you mix the use of 'isakmpd.conf' and 'ipsec.conf'? > > I currently use the former for port 500 stuff. We use both predefined network-to-networks IPSec links with PreShared Secrets and also dynamic, i.e. negotiated, network-to-network links. The thought of figuring out how to do both with IPSec, especially the latter which does not seem to be documented with examples, fills me with dread. > > I have just figured out to allow L2TP/IPSec connections which demands the use of the latter. > > I would love to use both concurrently if I can? > > Has anybody got any experience with both working well together? > > Thanks - Damian > > Pacific Engineering Systems International, 277-279 Broadway, Glebe NSW 2037 > Ph:+61-2-8571-0847 .. Fx:+61-2-9692-9623 | unsolicited email not wanted here > Views & opinions here are mine and not those of any past or present employer
Re: Recommendation for firewall appliance running of and OpenBSD
As far as I know, Halon cuts the number of IPSec tunnels on free version. > On 24 nov. 2016, at 21:21, Joe Crivellowrote: > >> Can somebody please recommend me a firewall appliance that can run OpenBSD > and >> pf, and can be upgradeable to the latest version? It would be a great plus > if >> the appliance can also be configured as part of CARP firewall group. > > > http://securityrouter.org/ > > Great product.
IPSec
Can you mix the use of 'isakmpd.conf' and 'ipsec.conf'? I currently use the former for port 500 stuff. We use both predefined network-to-networks IPSec links with PreShared Secrets and also dynamic, i.e. negotiated, network-to-network links. The thought of figuring out how to do both with IPSec, especially the latter which does not seem to be documented with examples, fills me with dread. I have just figured out to allow L2TP/IPSec connections which demands the use of the latter. I would love to use both concurrently if I can? Has anybody got any experience with both working well together? Thanks - Damian Pacific Engineering Systems International, 277-279 Broadway, Glebe NSW 2037 Ph:+61-2-8571-0847 .. Fx:+61-2-9692-9623 | unsolicited email not wanted here Views & opinions here are mine and not those of any past or present employer
Re: Recommendation for firewall appliance running of and OpenBSD
On Fri, Nov 25, 2016 at 04:15:23AM +0800, Tito Mari Francis H. Escaño wrote: > Hi everyone, > Can somebody please recommend me a firewall appliance that can run OpenBSD and > pf, and can be upgradeable to the latest version? It would be a great plus if > the appliance can also be configured as part of CARP firewall group. pfSense > with FreeBSD doesn't cut it :) > I'd recommend: Ditch appliances, invest your time into learning OpenBSD and pf, and be happy forever after (including any future upgrades).
Re: Making sense of ktrace
On 11/23/16 8:25 PM, Jeremie Courreges-Anglas wrote: "Andy Bradford"writes: Thus said Jeff Ross on Wed, 23 Nov 2016 15:42:08 -0700: The stack may indeed be too damaged--I get the following but it doesn't look very helpful: More likely the symbols were stripped. Assuming this was installed from sources, edit conf-cc and add -g, then edit conf-ld and remove the -s: $ head -1 conf-cc cc -O2 -g $ head -1 conf-ld cc Better add -g here too. $ Then recompile and try again (e.g. get a new core file and run gdb again). Andy I made the change to conf-cc and conf-ld and indeed, I got a core file that showed the source and the point of failure. Thanks Andy and Jeremie! Jeff
Re: Recommendation for firewall appliance running of and OpenBSD
https://www.esdenera.com/ By our friend reyk floeter Le 24/11/2016 à 21:15, Tito Mari Francis H. Escaño a écrit : > Hi everyone, > Can somebody please recommend me a firewall appliance that can run OpenBSD and > pf, and can be upgradeable to the latest version? It would be a great plus if > the appliance can also be configured as part of CARP firewall group. pfSense > with FreeBSD doesn't cut it :)
Re: Recommendation for firewall appliance running of and OpenBSD
> Can somebody please recommend me a firewall appliance that can run OpenBSD and > pf, and can be upgradeable to the latest version? It would be a great plus if > the appliance can also be configured as part of CARP firewall group. http://securityrouter.org/ Great product.
Recommendation for firewall appliance running of and OpenBSD
Hi everyone, Can somebody please recommend me a firewall appliance that can run OpenBSD and pf, and can be upgradeable to the latest version? It would be a great plus if the appliance can also be configured as part of CARP firewall group. pfSense with FreeBSD doesn't cut it :)
Re: Disable Laptops Keyboard in OpenBSD
Op Tue, 22 Nov 2016 10:24:16 +0100 schreef pasta: Hi, I can't figure out how to disable my laptops keyboard so I can only use my USB one. xinput doesn't list each keyboard as in Linux I believe. I could write a xorg.conf but what if I dont have my keyboard with myself then? wsconsctl can't disable a keyboard, can it? Have you tried wsconscfg(8)? -- Gemaakt met Opera's e-mailprogramma: http://www.opera.com/mail/
Re: OpenBSD 5.2 AutoFSCK at boot
On 11/24/16 14:31, Luescher Claude wrote: > I have couple of OpenBSD 5.2 vms where I could use automatic file system > repair at start. In most other OS'es I have running virtualized > (windows, linux) it's not a problem, they automatically repair > filesystem inconsistencies and start up but not OpenBSD. > > With this the boot either completely stucks or it mounts up the fs to > read-only mode and I always have to connect to the VM console reboot it > to single user mode with boot -s then fsck -y all partitions then boot > it back. > > Did anyone come up with a solution for this? > Is this feature added to the new versions? You're not giving us a lot to work with here (exactly which virtualization technology, which version and so on would be extremely useful for meaningful feedback), but anyway - As far as I can remember, OpenBSD does indeed run a file system check at boot if there are indications that the system did not shut down cleanly. I don't think the system has changed very much in that respect at all for a very long time. But then OpenBSD 5.2 has been out of support for years already. I'd try with a supported release (5.9 or 6.0) with similar application load and see if your problem persists. Next, look into what caused those file systems to go bad in the first place. The problem doesn't have to be an OpenBSD one - back in the day IIRC virtualbox had bugs that showed up as memory corruption in guests, that for some reason bit OpenBSD guests more frequently than others. But again, we don't have sufficient information to help you diagnose. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: OpenBSD 5.2 AutoFSCK at boot
Am 24.11.2016 um 14:31 schrieb Luescher Claude: I have couple of OpenBSD 5.2 vms where I could use automatic file system repair at start. In most other OS'es I have running virtualized (windows, linux) it's not a problem, they automatically repair filesystem inconsistencies and start up but not OpenBSD. Is the VM hypervisor a VMWare ESX and you got the paravirtualized SCSI controller set up? If that is the case, switch the controller to the lsilogic parallel and the file systems will be repaired during fsck. The problem seems to be that the first write on the paravirtualized controller does not end up on the virtual disk. This is the case for OpenBSD 6.0 and later, don't know about 5.2. VMWare Workstation wasn't affected AFAIR. Kind regards Markus
Re: OpenBSD 5.2 AutoFSCK at boot
On Thu, Nov 24, 2016 at 02:31:24PM +0100, Luescher Claude wrote: > Hello List, > > I have couple of OpenBSD 5.2 vms where I could use automatic file system > repair at start. In most other OS'es I have running virtualized (windows, > linux) it's not a problem, they automatically repair filesystem > inconsistencies and start up but not OpenBSD. > > With this the boot either completely stucks or it mounts up the fs to > read-only mode and I always have to connect to the VM console reboot it to > single user mode with boot -s then fsck -y all partitions then boot it back. > > Did anyone come up with a solution for this? > Is this feature added to the new versions? > > Thx OpenBSD does repair filesystems at the start. But for some reason in your setup it doesn't succeed. Try to find out why. But first upgrade to a supported system (6.0). -Otto
OpenBSD 5.2 AutoFSCK at boot
Hello List, I have couple of OpenBSD 5.2 vms where I could use automatic file system repair at start. In most other OS'es I have running virtualized (windows, linux) it's not a problem, they automatically repair filesystem inconsistencies and start up but not OpenBSD. With this the boot either completely stucks or it mounts up the fs to read-only mode and I always have to connect to the VM console reboot it to single user mode with boot -s then fsck -y all partitions then boot it back. Did anyone come up with a solution for this? Is this feature added to the new versions? Thx
Re: jdk-1.7.0 and jdk-1.8.0 Abort trap (core dumped) GDB core trace provided
Now works great. Thanks. On 24.11.2016 11:40, David Coppa wrote: On Thu, Nov 24, 2016 at 9:32 AM, Denis Lapshinwrote: Hello All, There is a problem with starting jdk from packages on AMD64 platform. It doesn't matter what versions of jdk installed: jdk-1.7.0 or jdk-1.8.0. The same issue is present on both. # java Abort trap (core dumped) # gdb /usr/local/jdk-1.7.0/bin/java java.core GNU gdb 6.3 Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "amd64-unknown-openbsd6.0"...(no debugging symbols found) Core was generated by `java'. Program terminated with signal 6, Aborted. Reading symbols from /usr/lib/libpthread.so.22.0...done. Loaded symbols for /usr/lib/libpthread.so.22.0 Loaded symbols for /usr/local/jdk-1.7.0/bin/java Reading symbols from /usr/lib/libz.so.5.0...done. Loaded symbols for /usr/lib/libz.so.5.0 Symbols already loaded for /usr/lib/libpthread.so.22.0 Reading symbols from /usr/lib/libc.so.88.0...done. Loaded symbols for /usr/lib/libc.so.88.0 Reading symbols from /usr/libexec/ld.so...done. Loaded symbols for /usr/libexec/ld.so Reading symbols from /usr/local/jdk-1.7.0/jre/lib/amd64/server/libjvm.so...done. Loaded symbols for /usr/local/jdk-1.7.0/jre/lib/amd64/server/libjvm.so Reading symbols from /usr/lib/libstdc++.so.57.0...done. Loaded symbols for /usr/lib/libstdc++.so.57.0 Reading symbols from /usr/lib/libm.so.9.0...done. Loaded symbols for /usr/lib/libm.so.9.0 Reading symbols from /usr/local/jdk-1.7.0/jre/lib/amd64/libverify.so...done. Loaded symbols for /usr/local/jdk-1.7.0/jre/lib/amd64/libverify.so Reading symbols from /usr/local/jdk-1.7.0/jre/lib/amd64/libjava.so...done. Loaded symbols for /usr/local/jdk-1.7.0/jre/lib/amd64/libjava.so Reading symbols from /usr/local/jdk-1.7.0/jre/lib/amd64/libzip.so...done. Loaded symbols for /usr/local/jdk-1.7.0/jre/lib/amd64/libzip.so #0 0x12b62e14c0ca in mprotect () at :2 2 : No such file or directory. in (gdb) where #0 0x12b62e14c0ca in mprotect () at :2 #1 0x12b65861b5c8 in os::pd_commit_memory () from Your '/usr/local' filesystem does not have the "wxallowed" mount option. Read the mount(8) manual page. Ciao! David -- Denis Lapshin mailto: den...@mindall.org
ntpd.conf: how to do IPv6 in a carp setup?
Hi folks, I am running a carp environment on my gateway. Due to lack of routable IPv4 addresses the em0 interface provides IPv6 only, the carp0 interface defines both IPv4 and IPv6 addresses. The internal interfaces em1 and carp1 provide both IPv4 and IPv6. ntpd works fine on the master, but on the backup host ntpd complains " peer not valid " and "sendto: Network is unreachable". "ntpctl -s peers" shows *no* IPv6 addresses (on master and backup), even though there seems to be some IPv6 support in the code. The workaround is clear, but I wonder how comes? ntpd.conf: # grep -v ^\# /etc/ntpd.conf listen on 10.100.0.1 listen on 10.100.0.3 listen on 2001:db8:30:fff0::1 listen on 2001:db8:30:fff0::3 servers pool.ntp.org servers ntp.eu.sixxs.net The packet filter allows ntp as well: pass out log quick proto udp from (self) to any port ntp keep state (no-sync) There is no nat-to for (self). Every helpful comment is highly appreciated. Harri
Re: jdk-1.7.0 and jdk-1.8.0 Abort trap (core dumped) GDB core trace provided
On 2016-11-24, Denis Lapshinwrote: > Hello All, > > There is a problem with starting jdk from packages on AMD64 platform. It > doesn't matter what versions of jdk installed: jdk-1.7.0 or jdk-1.8.0. > The same issue is present on both. You forgot to include dmesg which would make things more clear. But most likely you upgraded to 6.0 and need to follow the first step in "Configuration and syntax changes".
Re: jdk-1.7.0 and jdk-1.8.0 Abort trap (core dumped) GDB core trace provided
On Thu, Nov 24, 2016 at 9:32 AM, Denis Lapshinwrote: > Hello All, > > There is a problem with starting jdk from packages on AMD64 platform. It > doesn't matter what versions of jdk installed: jdk-1.7.0 or jdk-1.8.0. The > same issue is present on both. > > # java > Abort trap (core dumped) > > # gdb /usr/local/jdk-1.7.0/bin/java java.core > GNU gdb 6.3 > Copyright 2004 Free Software Foundation, Inc. > GDB is free software, covered by the GNU General Public License, and you are > welcome to change it and/or distribute copies of it under certain > conditions. > Type "show copying" to see the conditions. > There is absolutely no warranty for GDB. Type "show warranty" for details. > This GDB was configured as "amd64-unknown-openbsd6.0"...(no debugging > symbols found) > > Core was generated by `java'. > Program terminated with signal 6, Aborted. > Reading symbols from /usr/lib/libpthread.so.22.0...done. > Loaded symbols for /usr/lib/libpthread.so.22.0 > Loaded symbols for /usr/local/jdk-1.7.0/bin/java > Reading symbols from /usr/lib/libz.so.5.0...done. > Loaded symbols for /usr/lib/libz.so.5.0 > Symbols already loaded for /usr/lib/libpthread.so.22.0 > Reading symbols from /usr/lib/libc.so.88.0...done. > Loaded symbols for /usr/lib/libc.so.88.0 > Reading symbols from /usr/libexec/ld.so...done. > Loaded symbols for /usr/libexec/ld.so > Reading symbols from > /usr/local/jdk-1.7.0/jre/lib/amd64/server/libjvm.so...done. > Loaded symbols for /usr/local/jdk-1.7.0/jre/lib/amd64/server/libjvm.so > Reading symbols from /usr/lib/libstdc++.so.57.0...done. > Loaded symbols for /usr/lib/libstdc++.so.57.0 > Reading symbols from /usr/lib/libm.so.9.0...done. > Loaded symbols for /usr/lib/libm.so.9.0 > Reading symbols from /usr/local/jdk-1.7.0/jre/lib/amd64/libverify.so...done. > Loaded symbols for /usr/local/jdk-1.7.0/jre/lib/amd64/libverify.so > Reading symbols from /usr/local/jdk-1.7.0/jre/lib/amd64/libjava.so...done. > Loaded symbols for /usr/local/jdk-1.7.0/jre/lib/amd64/libjava.so > Reading symbols from /usr/local/jdk-1.7.0/jre/lib/amd64/libzip.so...done. > Loaded symbols for /usr/local/jdk-1.7.0/jre/lib/amd64/libzip.so > #0 0x12b62e14c0ca in mprotect () at :2 > 2 : No such file or directory. > in > (gdb) where > #0 0x12b62e14c0ca in mprotect () at :2 > #1 0x12b65861b5c8 in os::pd_commit_memory () from Your '/usr/local' filesystem does not have the "wxallowed" mount option. Read the mount(8) manual page. Ciao! David
jdk-1.7.0 and jdk-1.8.0 Abort trap (core dumped) GDB core trace provided
Hello All, There is a problem with starting jdk from packages on AMD64 platform. It doesn't matter what versions of jdk installed: jdk-1.7.0 or jdk-1.8.0. The same issue is present on both. # java Abort trap (core dumped) # gdb /usr/local/jdk-1.7.0/bin/java java.core GNU gdb 6.3 Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "amd64-unknown-openbsd6.0"...(no debugging symbols found) Core was generated by `java'. Program terminated with signal 6, Aborted. Reading symbols from /usr/lib/libpthread.so.22.0...done. Loaded symbols for /usr/lib/libpthread.so.22.0 Loaded symbols for /usr/local/jdk-1.7.0/bin/java Reading symbols from /usr/lib/libz.so.5.0...done. Loaded symbols for /usr/lib/libz.so.5.0 Symbols already loaded for /usr/lib/libpthread.so.22.0 Reading symbols from /usr/lib/libc.so.88.0...done. Loaded symbols for /usr/lib/libc.so.88.0 Reading symbols from /usr/libexec/ld.so...done. Loaded symbols for /usr/libexec/ld.so Reading symbols from /usr/local/jdk-1.7.0/jre/lib/amd64/server/libjvm.so...done. Loaded symbols for /usr/local/jdk-1.7.0/jre/lib/amd64/server/libjvm.so Reading symbols from /usr/lib/libstdc++.so.57.0...done. Loaded symbols for /usr/lib/libstdc++.so.57.0 Reading symbols from /usr/lib/libm.so.9.0...done. Loaded symbols for /usr/lib/libm.so.9.0 Reading symbols from /usr/local/jdk-1.7.0/jre/lib/amd64/libverify.so...done. Loaded symbols for /usr/local/jdk-1.7.0/jre/lib/amd64/libverify.so Reading symbols from /usr/local/jdk-1.7.0/jre/lib/amd64/libjava.so...done. Loaded symbols for /usr/local/jdk-1.7.0/jre/lib/amd64/libjava.so Reading symbols from /usr/local/jdk-1.7.0/jre/lib/amd64/libzip.so...done. Loaded symbols for /usr/local/jdk-1.7.0/jre/lib/amd64/libzip.so #0 0x12b62e14c0ca in mprotect () at :2 2 : No such file or directory. in (gdb) where #0 0x12b62e14c0ca in mprotect () at :2 #1 0x12b65861b5c8 in os::pd_commit_memory () from /usr/local/jdk-1.7.0/jre/lib/amd64/server/libjvm.so #2 0x12b65861b5f0 in os::pd_commit_memory () from /usr/local/jdk-1.7.0/jre/lib/amd64/server/libjvm.so #3 0x12b658619cf7 in os::commit_memory () from /usr/local/jdk-1.7.0/jre/lib/amd64/server/libjvm.so #4 0x12b6587a3236 in VirtualSpace::expand_by () from /usr/local/jdk-1.7.0/jre/lib/amd64/server/libjvm.so #5 0x12b6587a34d8 in VirtualSpace::initialize () from /usr/local/jdk-1.7.0/jre/lib/amd64/server/libjvm.so #6 0x12b658366cab in CodeHeap::reserve () from /usr/local/jdk-1.7.0/jre/lib/amd64/server/libjvm.so #7 0x12b658214726 in CodeCache::initialize () from /usr/local/jdk-1.7.0/jre/lib/amd64/server/libjvm.so #8 0x12b6583829fa in init_globals () from /usr/local/jdk-1.7.0/jre/lib/amd64/server/libjvm.so #9 0x12b658750afd in Threads::create_vm () from /usr/local/jdk-1.7.0/jre/lib/amd64/server/libjvm.so #10 0x12b6583f04ce in JNI_CreateJavaVM () from /usr/local/jdk-1.7.0/jre/lib/amd64/server/libjvm.so #11 0x12b397d0303c in JavaMain () from /usr/local/jdk-1.7.0/bin/java #12 0x12b643b6031e in _rthread_start (v=Variable "v" is not available. ) at /usr/src/lib/librthread/rthread.c:115 #13 0x12b62e141a2b in __tfork_thread () at /usr/src/lib/libc/arch/amd64/sys/tfork_thread.S:75 #14 0x in ?? () Current language: auto; currently asm (gdb) Please let me know what I can do to make it in working order. Thanks