IPv6 over PPPoE with Plusnet/QSC, IP6CP message gets rejected?
hello list, i'm hoping somebody can tell me how to correctly configure PPPoE IPv6 address negotiation, or can at least point me towards the relevant literature. it's rather unclear to me what configuration options there are for inet6 over pppoe. my german ISP (Plusnet, used to be QSC) has assigned to my contract a /64 WAN prefix. the inet6 address of my pppoe0 interface needs to be negotiated during the PPPoE handshake. this however does not happen, my pppoe0 interface shows only the link-local inet6 address after running /etc/netstart.sh pppoe0 the ISP engineers have provided me with a pcap file of a working handshake, presumably from a non-BSD client. they show the pppoe client sending a IP6CP Conf-Request message to the server, and the server responding with a IP6CP Conf-Request message on its own. after that, NDP RA and DHCPv6 messages handle the actual WAN and LAN prefix negotiation. when i capture the PPPoE handshake on my OpenBSD machine, i can also see a IP6CP Conf-Request message from my client to the server, however in response the server sends a Prot-Reject LCP message, apparently confused by the clients message. comparing the initial Conf-Request messages between the working and failing scenario, i notice that the working message has a length of 46 bytes, while the message that was rejected has a length of only 22 bytes. i also note that a subsequent IP6CP Term-Request sent by my client was likewise rejected by the server. so it seems that my OpenBSD 6.5 pppoe client is not speaking the exact dialect of IP6CP that the pppoe server expects. * is the Conf-Request message sent by OpenBSD pppoe(8) a well-formed IP6CP message? * are there any configuration options available to tweak the IP6CP behaviour of pppoe(8)? * does anybody happen to have a working configuration for Plusnet GmbH / QSC? :) many thanks! /f WORKING SCENARIO: client > server, ethertype PPPoE S (0x8864), length 60: PPPoE [ses 0x26f1] IP6CP (0x8057), length 16: IP6CP, Conf-Request (0x01), id 1, length 16 encoded length 14 (=Option(s) length 10) Interface-ID Option (0x01), length 10: 32e4:dbff:fe34:4000 0x: 1100 26f1 0010 8057 0101 000e 010a 32e4 ..&W..2. 0x0010: dbff fe34 4000 3108 0045 6000 36ba c500 ...4@.1..E`.6... 0x0020: 00fe 11c7 2a5c c582 3b36 *\..;6 server > client, ethertype PPPoE S (0x8864), length 64: PPPoE [ses 0x26f1] IP6CP (0x8057), length 16: IP6CP, Conf-Request (0x01), id 1, length 16 encoded length 14 (=Option(s) length 10) Interface-ID Option (0x01), length 10: 0212:efff:fe71:3afa 0x: 1100 26f1 0010 8057 0101 000e 010a 0212 ..&W 0x0010: efff fe71 3afa ...q:... 0x0020: 0x0030: .. FAILING SCENARIO: client > server, ethertype PPPoE S (0x8864), length 36: PPPoE [ses 0x3175] IP6CP (0x8057), length 16: IP6CP, Conf-Request (0x01), id 6, length 16 encoded length 14 (=Option(s) length 10) Interface-ID Option (0x01), length 10: d235:2d95:d846:ef19 0x: 1100 3175 0010 8057 0106 000e 010a d235 ..1u...W...5 0x0010: 2d95 d846 ef19 -..F.. server > client, ethertype PPPoE S (0x8864), length 60: PPPoE [ses 0x3175] LCP (0 xc021), length 22: LCP, Prot-Reject (0x08), id 30, length 22 encoded length 20 (=Option(s) length 16) Rejected IP6CP Protocol (0x8057) Rejected Packet 0x: 0106 000e 010a d235 2d95 d846 ef19 0x0010: 0x: 1100 3175 0016 c021 081e 0014 8057 0106 ..1u...!.W.. 0x0010: 000e 010a d235 2d95 d846 ef19 .5-..F.. 0x0020: .. client > server, ethertype PPPoE S (0x8864), length 26: PPPoE [ses 0x3175] IP6CP (0x8057), length 6: IP6CP, Term-Request (0x05), id 8, length 6 0x: 1100 3175 0006 8057 0508 0004..1u...W server > client, ethertype PPPoE S (0x8864), length 60: PPPoE [ses 0x3175] LCP (0xc021), length 12: LCP, Prot-Reject (0x08), id 31, length 12 encoded length 10 (=Option(s) length 6) Rejected IP6CP Protocol (0x8057) Rejected Packet 0x: 0508 0004 0x: 1100 3175 000c c021 081f 000a 8057 0508 ..1u...!.W.. 0x0010: 0004 0x0020: dc18 2eef .. uname -a: OpenBSD feedface.com 6.5 GENERIC.MP#5 amd64 cat /etc/hostname.pppoe0: inet 0.0.0.0 255.255.255.255 NONE \ pppoedev em2 \ authproto pap \ authname 'cpe...@qsc-wia-vdsl.de' \ authkey 'XXX' \ up dest 0.0.0.1 #inet6 eui64 inet6 -autoconfprivacy inet6 autoconf !/sbin/route add
OpenBGPd announce fulltables +default
Hello, I notice that in the current manual there is an option to export none, default-route with the explanation below in the manual export (none|default-route)If set to none, no UPDATE messages will be sent to the neighbor. If set to default-route, only the default route will be announced to the neighbor. When export is modified the neighbor session needs to be reset to become active. I was wondering is there an easy way to announce the default + full tables for BGP customers who want to choose to migrate from default routing to full table without contacting me ... something inside me says it would be wrong to add 0.0.0.0/0 network (although if memory serves me correctly previous versions of OpenBGPd would politely decline to do that :) and filter the crap out of that for upstream Transit and Peers (non Customers ) ... -- Kindest regards, Tom Smyth.
Re: OpenBSD Hangs On
Hi Jinn This issue we came across a few years ago , it affects certain versions of KVM / Proxmox... if you disable Intel Preemption timer... in the Hypervisor Linux kernel if you do a search misc lists ... with KVM and freeze and OpenBSD you will see lots of discussions and the exact settings to put in the KVM Hypervisor it may relieve your situation.. Thanks Tom Smyth On Mon, 22 Jun 2020 at 14:30, jin&hitman&Barracuda wrote: > Hello > > I've a virtual appliance on kvm and it hangs on every 3 days > period approximately. The problem been there since its installation which > was in March. When it happens, I can only make hard shutdown/reboot to > recover my system from this issue because the system doesn't respond me. > I'm using version 6.6 of OpenBSD and i already applied the all syspatches. > I'm not certain but it looks like the problem could be related with syslog > deamon. May be it is too early to make an assumption but log messages > (/var/log/messages) show that syslog daemon keeps restarting itself in 4 > hours periods. > > Could someone please point me to how to increase verbosity of the logs ? > I'ld like to dig myself as much as possible. > > Fatih > Sincerely > > dmesg output > > OpenBSD 6.6 (GENERIC) #7: Thu Mar 12 10:32:29 MDT 2020 > r...@syspatch-66-amd64.openbsd.org: > /usr/src/sys/arch/amd64/compile/GENERIC > real mem = 1056817152 (1007MB) > avail mem = 1012228096 (965MB) > mpath0 at root > scsibus0 at mpath0: 256 targets > mainbus0 at root > bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xf5940 (9 entries) > bios0: vendor SeaBIOS version " > rel-1.12.1-0-ga5cab58e9a3f-prebuilt.qemu.org" > date 04/01/2014 > bios0: QEMU Standard PC (i440FX + PIIX, 1996) > acpi0 at bios0: ACPI 1.0 > acpi0: sleep states S3 S4 S5 > acpi0: tables DSDT FACP APIC HPET > acpi0: wakeup devices > acpitimer0 at acpi0: 3579545 Hz, 24 bits > acpimadt0 at acpi0 addr 0xfee0: PC-AT compat > cpu0 at mainbus0: apid 0 (boot processor) > cpu0: Westmere E56xx/L56xx/X56xx (Nehalem-C), 2295.15 MHz, 06-2c-01 > cpu0: > > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3,PCLMUL,SSSE3,CX16,SSE4.1,SSE4.2,x2APIC,POPCNT,AES,HV,NXE,LONG,LAHF,ARAT,MELTDOWN > cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB > 64b/line 16-way L2 cache > cpu0: ITLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped > cpu0: DTLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped > cpu0: smt 0, core 0, package 0 > mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges > cpu0: apic clock running at 1000MHz > ioapic0 at mainbus0: apid 0 pa 0xfec0, version 11, 24 pins > acpihpet0 at acpi0: 1 Hz > acpiprt0 at acpi0: bus 0 (PCI0) > acpicpu0 at acpi0: C1(@1 halt!) > "ACPI0006" at acpi0 not configured > acpipci0 at acpi0 PCI0: _OSC failed > acpicmos0 at acpi0 > "PNP0A06" at acpi0 not configured > "PNP0A06" at acpi0 not configured > "PNP0A06" at acpi0 not configured > "QEMU0002" at acpi0 not configured > "ACPI0010" at acpi0 not configured > cpu0: using IvyBridge MDS workaround > pvbus0 at mainbus0: KVM > pvclock0 at pvbus0 > pci0 at mainbus0 bus 0 > pchb0 at pci0 dev 0 function 0 "Intel 82441FX" rev 0x02 > pcib0 at pci0 dev 1 function 0 "Intel 82371SB ISA" rev 0x00 > pciide0 at pci0 dev 1 function 1 "Intel 82371SB IDE" rev 0x00: DMA, channel > 0 wired to compatibility, channel 1 wired to compatibility > pciide0: channel 0 disabled (no drives) > pciide0: channel 1 disabled (no drives) > uhci0 at pci0 dev 1 function 2 "Intel 82371SB USB" rev 0x01: apic 0 int 11 > piixpm0 at pci0 dev 1 function 3 "Intel 82371AB Power" rev 0x03: apic 0 int > 9 > iic0 at piixpm0 > vga1 at pci0 dev 2 function 0 "Bochs VGA" rev 0x02 > wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) > wsdisplay0: screen 1-5 added (80x25, vt100 emulation) > virtio0 at pci0 dev 3 function 0 "Qumranet Virtio Network" rev 0x00 > vio0 at virtio0: address 52:54:00:a5:1f:57 > virtio0: msix shared > eap0 at pci0 dev 4 function 0 "Ensoniq AudioPCI" rev 0x00: apic 0 int 11 > audio0 at eap0 > midi0 at eap0: > virtio1 at pci0 dev 5 function 0 "Qumranet Virtio Storage" rev 0x00 > vioblk0 at virtio1 > scsibus1 at vioblk0: 2 targets > sd0 at scsibus1 targ 0 lun 0: > sd0: 51200MB, 512 bytes/sector, 104857600 sectors > virtio1: msix shared > virtio2 at pci0 dev 6 function 0 "Qumranet Virtio Memory Balloon" rev 0x00 > viomb0 at virtio2 > virtio2: apic 0 int 10 > isa0 at pcib0 > isadma0 at isa0 > fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 > pckbc0 at isa0 port 0x60/5 irq 1 irq 12 > pckbd0 at pckbc0 (kbd slot) > wskbd0 at pckbd0: console keyboard, using wsdisplay0 > pms0 at pckbc0 (aux slot) > wsmouse0 at pms0 mux 0 > pcppi0 at isa0 port 0x61 > spkr0 at pcppi0 > usb0 at uhci0: USB revision 1.0 > uhub0 at usb0 configuration 1 interface 0 "Intel UHCI root hub" rev > 1.00/1.00 addr 1 > uhidev0 at uhub0 port 1 configuration 1 interface 0 "QEMU QEMU USB Tablet" > rev 2.00/0.00 addr 2 > uhidev0: iclass 3/0
Re: [patch] calendar.music: Neil Peart 1952-2020
Anders Andersson wrote: > On Mon, Jun 22, 2020 at 3:44 PM Jason McIntyre wrote: > > > > On Mon, Jun 22, 2020 at 08:31:34AM -0500, Carson Chittom wrote: > > > > > > Matthew J. C. Clarke writes: > > > > > > > 01/08 Elvis Presley born in East Tupelo, Mississippi, > > > > 1935 > > > > > > This caught my eye, being from Mississippi myself. > > > > > > As far as I know or can tell from searching online, there's no > > > such place as "East Tupelo". This should be just "Tupelo" (my > > > preference) or "east Tupelo" (the Elvis Presley Birthplace Museum > > > does appear to be on the eastern side of Tupelo). > > > > > > > hi. i changed it to just "Tupelo". > > thanks, > > > > jmc > > On a more serious note, why even bother with these files anymore? I'm > sure having your computer know the birth date of Elvis was useful and > novel 30 years ago, but today such a trivia list is just a bitrotting > museum piece that will get more and more out of date. IMO. > > Instead of adding every musician, let's just nuke all the files except > calendar.openbsd and calendar.computer. They still seem relevant to an > operating system and to make sure there's always some examples to play > with. > > ...again, IM (not so humble) O. stop wasting our time
Re: [patch] calendar.music: Neil Peart 1952-2020
On Mon, Jun 22, 2020 at 3:44 PM Jason McIntyre wrote: > > On Mon, Jun 22, 2020 at 08:31:34AM -0500, Carson Chittom wrote: > > > > Matthew J. C. Clarke writes: > > > > > 01/08 Elvis Presley born in East Tupelo, Mississippi, > > > 1935 > > > > This caught my eye, being from Mississippi myself. > > > > As far as I know or can tell from searching online, there's no > > such place as "East Tupelo". This should be just "Tupelo" (my > > preference) or "east Tupelo" (the Elvis Presley Birthplace Museum > > does appear to be on the eastern side of Tupelo). > > > > hi. i changed it to just "Tupelo". > thanks, > > jmc On a more serious note, why even bother with these files anymore? I'm sure having your computer know the birth date of Elvis was useful and novel 30 years ago, but today such a trivia list is just a bitrotting museum piece that will get more and more out of date. IMO. Instead of adding every musician, let's just nuke all the files except calendar.openbsd and calendar.computer. They still seem relevant to an operating system and to make sure there's always some examples to play with. ...again, IM (not so humble) O.
Re: [patch] calendar.music: Neil Peart 1952-2020
On Mon, Jun 22, 2020 at 08:31:34AM -0500, Carson Chittom wrote: > > Matthew J. C. Clarke writes: > > > 01/08 Elvis Presley born in East Tupelo, Mississippi, > > 1935 > > This caught my eye, being from Mississippi myself. > > As far as I know or can tell from searching online, there's no > such place as "East Tupelo". This should be just "Tupelo" (my > preference) or "east Tupelo" (the Elvis Presley Birthplace Museum > does appear to be on the eastern side of Tupelo). > hi. i changed it to just "Tupelo". thanks, jmc
Re: [patch] calendar.music: Neil Peart 1952-2020
Matthew J. C. Clarke writes: 01/08 Elvis Presley born in East Tupelo, Mississippi, 1935 This caught my eye, being from Mississippi myself. As far as I know or can tell from searching online, there's no such place as "East Tupelo". This should be just "Tupelo" (my preference) or "east Tupelo" (the Elvis Presley Birthplace Museum does appear to be on the eastern side of Tupelo).
OpenBSD Hangs On
Hello I've a virtual appliance on kvm and it hangs on every 3 days period approximately. The problem been there since its installation which was in March. When it happens, I can only make hard shutdown/reboot to recover my system from this issue because the system doesn't respond me. I'm using version 6.6 of OpenBSD and i already applied the all syspatches. I'm not certain but it looks like the problem could be related with syslog deamon. May be it is too early to make an assumption but log messages (/var/log/messages) show that syslog daemon keeps restarting itself in 4 hours periods. Could someone please point me to how to increase verbosity of the logs ? I'ld like to dig myself as much as possible. Fatih Sincerely dmesg output OpenBSD 6.6 (GENERIC) #7: Thu Mar 12 10:32:29 MDT 2020 r...@syspatch-66-amd64.openbsd.org: /usr/src/sys/arch/amd64/compile/GENERIC real mem = 1056817152 (1007MB) avail mem = 1012228096 (965MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xf5940 (9 entries) bios0: vendor SeaBIOS version "rel-1.12.1-0-ga5cab58e9a3f-prebuilt.qemu.org" date 04/01/2014 bios0: QEMU Standard PC (i440FX + PIIX, 1996) acpi0 at bios0: ACPI 1.0 acpi0: sleep states S3 S4 S5 acpi0: tables DSDT FACP APIC HPET acpi0: wakeup devices acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Westmere E56xx/L56xx/X56xx (Nehalem-C), 2295.15 MHz, 06-2c-01 cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3,PCLMUL,SSSE3,CX16,SSE4.1,SSE4.2,x2APIC,POPCNT,AES,HV,NXE,LONG,LAHF,ARAT,MELTDOWN cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 16-way L2 cache cpu0: ITLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped cpu0: DTLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges cpu0: apic clock running at 1000MHz ioapic0 at mainbus0: apid 0 pa 0xfec0, version 11, 24 pins acpihpet0 at acpi0: 1 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpicpu0 at acpi0: C1(@1 halt!) "ACPI0006" at acpi0 not configured acpipci0 at acpi0 PCI0: _OSC failed acpicmos0 at acpi0 "PNP0A06" at acpi0 not configured "PNP0A06" at acpi0 not configured "PNP0A06" at acpi0 not configured "QEMU0002" at acpi0 not configured "ACPI0010" at acpi0 not configured cpu0: using IvyBridge MDS workaround pvbus0 at mainbus0: KVM pvclock0 at pvbus0 pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 "Intel 82441FX" rev 0x02 pcib0 at pci0 dev 1 function 0 "Intel 82371SB ISA" rev 0x00 pciide0 at pci0 dev 1 function 1 "Intel 82371SB IDE" rev 0x00: DMA, channel 0 wired to compatibility, channel 1 wired to compatibility pciide0: channel 0 disabled (no drives) pciide0: channel 1 disabled (no drives) uhci0 at pci0 dev 1 function 2 "Intel 82371SB USB" rev 0x01: apic 0 int 11 piixpm0 at pci0 dev 1 function 3 "Intel 82371AB Power" rev 0x03: apic 0 int 9 iic0 at piixpm0 vga1 at pci0 dev 2 function 0 "Bochs VGA" rev 0x02 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) virtio0 at pci0 dev 3 function 0 "Qumranet Virtio Network" rev 0x00 vio0 at virtio0: address 52:54:00:a5:1f:57 virtio0: msix shared eap0 at pci0 dev 4 function 0 "Ensoniq AudioPCI" rev 0x00: apic 0 int 11 audio0 at eap0 midi0 at eap0: virtio1 at pci0 dev 5 function 0 "Qumranet Virtio Storage" rev 0x00 vioblk0 at virtio1 scsibus1 at vioblk0: 2 targets sd0 at scsibus1 targ 0 lun 0: sd0: 51200MB, 512 bytes/sector, 104857600 sectors virtio1: msix shared virtio2 at pci0 dev 6 function 0 "Qumranet Virtio Memory Balloon" rev 0x00 viomb0 at virtio2 virtio2: apic 0 int 10 isa0 at pcib0 isadma0 at isa0 fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 pckbc0 at isa0 port 0x60/5 irq 1 irq 12 pckbd0 at pckbc0 (kbd slot) wskbd0 at pckbd0: console keyboard, using wsdisplay0 pms0 at pckbc0 (aux slot) wsmouse0 at pms0 mux 0 pcppi0 at isa0 port 0x61 spkr0 at pcppi0 usb0 at uhci0: USB revision 1.0 uhub0 at usb0 configuration 1 interface 0 "Intel UHCI root hub" rev 1.00/1.00 addr 1 uhidev0 at uhub0 port 1 configuration 1 interface 0 "QEMU QEMU USB Tablet" rev 2.00/0.00 addr 2 uhidev0: iclass 3/0 ums0 at uhidev0: 3 buttons, Z dir wsmouse1 at ums0 mux 0 vscsi0 at root scsibus2 at vscsi0: 256 targets softraid0 at root scsibus3 at softraid0: 256 targets root on sd0a (496659ef9c4468e2.a) swap on sd0b dump on sd0b WARNING: / was not properly unmounted fd0 at fdc0 drive 1: density unknown syncing disks... done rebooting... OpenBSD 6.6 (GENERIC) #0: Thu Jun 4 15:26:25 MDT 2020 t...@syspatch-66-amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC real mem = 1056817152 (1007MB) avail mem = 1012228096 (965MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xf5940 (9 entries) bios0: vendo
OpenSMTPd can't sent mail behind IKEv2 NAT
I have working smtp server on OBSD 6.6 which did it's job successfully using egress server's IP before IPsec iked tunnel has been implemented. /etc/mail/smtpd.conf ... # smptd bound on server's egress interface (early setup with clearnet IP config without IPsec) table sources {1.2.3.4} table helonames {1.2.3.4 = smtp.domain.tld} ... Now all server's traffic goes trough IKEv2 gateway with NAT, and smtpd runs on the same server, but now behind IPsec NAT. The goal is that smtpd should send/receive mail trough IPsec tunnel. smtpd receives mail successfully but can't send mail trough IPsec tunnel. Once mail is sent by mail agent, mailq reports "No valid route to destination". I tried to bind smtpd to localhost and IPsec server's local NAT interface in smtpd.conf but unsuccessfully: ... table sources {127.0.0.1} table helonames {4.3.2.1 = smtp.another-domain.tld} ... I suppose smtpd uses system default routing table for delivering mail, instead of using IPsec gateway. And binding smtpd to localhost or IPsec NAT interface can't solve the problem. Any suggestions what can be missed or misconfigured? Martin
Re: OpenBSD Readonly File System
Tuesday, June 9, 2020 7:59 AM, Vertigo Altair wrote: > Hi Misc, > I have a firewall device and I'm using OpenBSD on it. Last year I had to configure an OpenBSD 6.5 firewall for use in a remote location, and was concerned about power loss corrupting the filesystem and making the system unbootable without manual intervention. As I did not want to modify OpenBSD in unsupported ways, I decided to test what kind of damage power loss could do, by randomly removing and applying power to the firewall, many many times. What I found was that 99% of the time, the system would just repair the filesystem and boot without problems, but if by chance the power was removed at a short time window during kernel relinking, the kernel would become corrupt and leave the system completely unbootable and not easy to repair. It was suggested to me that I tried to mount root partition with the sync option, so I arranged the partition layout in a way that would make it feasible and added the option to fstab. Only other problem I found, was that a few times after removing power when writing a large file, the system would require me to run fsck -y manually, this is by design, but I decided it was more important to me that the system could boot unattended, with a minuscule risk of completely ruining the filesystem, so I wrote a small unsupported patch for the rc script (sorry if the formatting gets messed up by posting): The patch has only been tested on OpenBSD 6.5. --- Index: src/etc/rc === RCS file: /cvs/src/etc/rc,v retrieving revision 1.536 diff -u -p -u -p -r1.536 rc --- src/etc/rc 1 Apr 2019 11:39:46 - 1.536 +++ src/etc/rc 20 Aug 2019 22:47:49 - @@ -1,5 +1,8 @@ # $OpenBSD: rc,v 1.536 2019/04/01 11:39:46 tedu Exp $ +# NOTE: The do_fsck() function has been patched to run 'fsck -y' if an +# automatic file system check fails with exit code 8. + # System startup script run by init on autoboot or after single-user. # Output and error are redirected to console by init, and the console is the # controlling terminal. @@ -271,8 +274,14 @@ do_fsck() { echo "Reboot failed; help!" exit 1 ;; - 8) echo "Automatic file system check failed; help!" - exit 1 + 8) echo "Automatic file system check failed; trying fsck -y" + fsck -y + case $? in + 0) ;; + *) echo "Could not repair file system unattended; help!" + exit 1 + ;; + esac ;; 12) echo "Boot interrupted." exit 1 --- After mounting root filesystem with sync option and applying the patch, I was no longer able to make the system unbootable by power loss in my test setup. It may be possible, but the risk is now so small that it is not a concern for me and the risk of something else breaking is probably bigger. During operation in remote location, the system has always been able to completely boot after a power loss so far. So while it was not possible for me to not make any unsupported modifications at all, I think it is a very small change compared to have read only filesystems. Anyone who knows OpenBSD, will be able to manage the firewall without special instructions. Regards, Mogens Jensen