Re: OpenBSD 5.5 on mSATA SSD unit in PC Engines APU.1C - bad dir ino 2 at offset 0: mangled entry kernel panic
Hi Matthieu, On 09.06.2014 19:30, Mattieu Baptiste wrote: Thanks for the tip concerning the Kingston drive. fwiw, I'm running april 5th firmware (I'm not aware of any may firmware, probably a confusion about date format, http://xkcd.com/1179/ ftw.) using a kingston SMS200S3/30G without any issues. hth andre
Possible to configure -Dunsigned in pkg.conf ?
Hi is it possible to make pkg_add -Dunsigned the default? I have a puppet setup with 5.5 and some custom built packages that are not yet signed. Regards André
Re: Possible to configure -Dunsigned in pkg.conf ?
Hi Theo, On 03/27/2014 12:27 AM, Theo de Raadt wrote: is it possible to make pkg_add -Dunsigned the default? I have a puppet setup with 5.5 and some custom built packages that are not yet signed. That's not going to happen. For your own private use, you will have to use -Dunsigned. An alternative is start creating your own keys and distribute them to your hosts (/etc/signify/keller-55-pkg.pub), then sign your custom packages. You then get key benefits for both distribution and custom packages. Well I was just looking for a quick fix. But after reading pkg_sign(1) / signify(1) this turns out to be pretty straightforward... Thanks! André
CPU/hw recommendations for routing
Hi I'm looking into replacing some older OpenBSD boxes (running BGPD/OSPFD and do routing, no active pf) with some new hardware. Of course I'd like to replace them with something fast. Currently there is only moderate load ~200mbps / 200-300kpps. But a little room to grow wont hurt. I guess multicore is nice to distribute the load from the routing processes over multiple cores. The interrupt load from the nics is handled by one core only, right? Ideally I'd have a CPU with fewer cores but higher CPU frequency on each core? Does anybody have experience with Core i7 CPUs that supposedly can automatically over-clock single CPU cores? (such as the Intel Core i7-3770K). Are the AMD FX processors any good for this purpose? Is cache/memory bandwidth and speed a major concern? I did some basic tests with some hardware I have lying around and saw that a Intel Xeon X3470 performs pretty well. How important is the nic driver? In the archives I read that the em driver is pretty good. Is that still the case? Anything else I need to take into consideration? Thanks for sharing your thoughts. Regards Andre
Re: OpenBGP - iBGP peers not announcing after 3 hops
Am 04.02.2013 16:32, schrieb Eduardo Meyer: Really? It's difficult for me in this environment, do I have another option? add a route collector that peers with all ibgp neighbors...
Re: Speed up amavisd-new on OpenBSD
Am 05.09.2012 11:58, schrieb Chaminda Indrajith: Could anybody please tell me how to mount a potion of RAM on /var/amavisd/tmp? man mount_mfs
Re: dovecot-2.1.8 with OpenBSD 5.2-current
Hi Am 27.07.2012 19:18, schrieb Wesley: Perhaps i need to play with openfiles-cur keyword in /etc/login.conf... So i increased 'default class' 512 to 2048, 'daemon class' 128 to 2048. Seems to work ;-) Did you even look into the readme, that mark pointed out? http://www.openbsd.org/cgi-bin/cvsweb/ports/mail/dovecot/pkg/README-server?rev=1.1;content-type=text%2Fplain For example, add this to the login.conf(5) file: dovecot:\ :openfiles-cur=512:\ :openfiles-max=2048:\ :tc=daemon: Rebuild the login.conf.db file if necessary: # [ -f /etc/login.conf.db ] cap_mkdb /etc/login.conf I guess thats all you need to know...
Re: OpenBSD 5.1 XEN HVM DomU - kernel panic
Hi Tomas Am 07.06.2012 05:53, schrieb Tomas Bodzar: So many panics in a such short period? Something is wrong and it's not OpenBSD most probably ;-) Yes I'm sure your right, that is why I was looking if someone is actually running OpenBSD on XEN, in the hope that such a person might share what they hat to tweak that OpenBSD runs smoothly on XEN. I really do not think its an OpenBSD Issue as OpenBSD on bare-metal on the same hardware runs rock solid. I might try KVM instead of XEN, as some offlist comments suggested that it is running stable on KVM... g Andre
OpenBSD 5.1 XEN HVM DomU - kernel panic
Hi is any body running OpenBSD as a XEN HVM guest? I have a difficult time accomplish that... The XEN guest does boot up and is usable. When f.e. do a cvs checkout of ports the machine panics about every other time. I know that is not really a supported configuration but if someone managed to get this working in a stable manner I'd still appreciate some assistance. If you need any further information, just ask. Regards André Dom0 Information: Debian GNU/Linux 6.0 - 64-Bit XEN Guest Config: import os, re arch= os.uname()[4] kernel = /usr/lib/xen-default/boot/hvmloader builder = hvm memory = 768 name= guest1 vif = [ 'vifname=v20005, mac=00:16:3c:02:00:05, bridge=virbr941, type=ioemu, model=e1000' ] disk= [ 'phy:/dev/onatopp/xen-guest1-hvm1,xvda,w', 'file:/srv/install51.iso,xvdc:cdrom,r', ] device_model = '/usr/lib64/xen-4.0/bin/qemu-dm' boot=cd sdl=0 vnc=1 vncdisplay=4 vncconsole=1 stdvga=0 serial='pty' ddb trace cpu_switchto() at cpu_switchto+0x4b sleep_finish() at sleep_finish+0x94 tsleep() at tsleep+0x95 biowait() at biowait+0x3e bwrite() at bwrite+0xf8 ufs_dirremove() at ufs_dirremove+0x123 ufs_rename() at ufs_rename+0x108a VOP_RENAME() at VOP_RENAME+0x3b dorenameat() at dorenameat+0x249 syscall() at syscall+0x165 --- syscall (number 128) --- end of kernel end trace frame: 0x20fa67000, count: -10 0x206774eda: ddb dmesg OpenBSD 5.1 (GENERIC) #181: Sun Feb 12 09:35:53 MST 2012 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC real mem = 804257792 (767MB) avail mem = 768774144 (733MB) mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xeb01f (10 entries) bios0: vendor Xen version 4.0.1 date 06/09/2011 bios0: Xen HVM domU acpi0 at bios0: rev 2, ACPI control unavailable mpbios0 at bios0: Intel MP Specification 1.4 cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Xeon(R) CPU 3060 @ 2.40GHz, 2400.55 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH, MMX,FXSR,SSE,SSE2,HTT,SSE3,SSSE3,CX16,NXE,LONG,LAHF cpu0: 4MB 64b/line 16-way L2 cache cpu0: apic clock running at 100MHz mpbios0: bus 0 is type ISA ioapic0 at mainbus0: apid 1 pa 0xfec0, version 11, 48 pins ioapic0: misconfigured as apic 0, remapped to apid 1 pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 Intel 82441FX rev 0x02 pcib0 at pci0 dev 1 function 0 Intel 82371SB ISA rev 0x00 pciide0 at pci0 dev 1 function 1 Intel 82371SB IDE rev 0x00: DMA, channel 0 w ired to compatibility, channel 1 wired to compatibility wd0 at pciide0 channel 0 drive 0: QEMU HARDDISK wd0: 16-sector PIO, LBA48, 30720MB, 62914560 sectors wd0(pciide0:0:0): using PIO mode 0, DMA mode 2 atapiscsi0 at pciide0 channel 1 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: QEMU, QEMU DVD-ROM, 0.10 ATAPI 5/cdrom removabl e cd0(pciide0:1:0): using PIO mode 0 piixpm0 at pci0 dev 1 function 3 Intel 82371AB Power rev 0x01: SMBus disabled vga1 at pci0 dev 2 function 0 Cirrus Logic CL-GD5446 rev 0x00 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) XenSource Platform Device rev 0x01 at pci0 dev 3 function 0 not configured em0 at pci0 dev 4 function 0 Intel PRO/1000MT (82540EM) rev 0x03: apic 1 int 5 , address 00:16:3c:02:00:05 isa0 at pcib0 isadma0 at isa0 com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo com0: console pckbc0 at isa0 port 0x60/5 ckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pms0 at pckbc0 (aux slot) pckbc0: using irq 12 for aux slot wsmouse0 at pms0 mux 0 pcppi0 at isa0 port 0x61 spkr0 at pcppi0 lpt0 at isa0 port 0x378/4 irq 7 fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 fd0 at fdc0 drive 0: density unknown fd1 at fdc0 drive 1: density unknown nvram: invalid checksum mtrr: Pentium Pro MTRR support vscsi0 at root scsibus1 at vscsi0: 256 targets softraid0 at root scsibus2 at softraid0: 256 targets root on wd0a (2365655b77a4def3.a) swap on wd0b dump on wd0b clock: unknown CMOS layout
Re: OpenBSD 5.1 XEN HVM DomU - kernel panic
Am 06.06.2012 17:09, schrieb Henning Brauer: * Andre Keller a...@list.ak.cx [2012-06-06 16:05]: is any body running OpenBSD as a XEN HVM guest? nobody sane. I hope on someone as insane as me then... :-) ddb trace ddb dmesg the actual panic is missing. Hmm, ist it possible to get that from ddb? are this these lines at the end of the dmesg? uvm_fault(0x80d2cf40, 0x0, 0, 2) - e kernel: page fault trap, code=0 Stopped at cpu_switchto+0x4b: lock btrq %rdi,0x90(%rcx) g Andre
Re: OpenBSD 5.1 XEN HVM DomU - kernel panic
OK I have another one: kernel: type 269 trap, code=0 Stopped at 0: pushq %rbx ddb trace end trace frame: 0x0, count: -1 This one is less verbose though... g Andre
Re: Tuning for pppoe over fibre 30M/1M link
Am 28.05.2012 15:26, schrieb David Diggles: Maybe I should try some of the kernel tuning suggested on calomel. I would not even visit that site... It's mostly a waste of time as most of the tunings are not up-to-date or just plain wrong. OpenBSD ships with pretty sane defaults that normally do not need any tweaking unless you run some unorthodox configuration. If you need to tweak something look into the faq and the sysctl(3) man page and not to calomel.org Could you please be a bit more specific about your setup? Are you using pppoe(4) or pppoe(8)? Do you see maxed out mbufs (netstat -m), a very high interrupt load (top / vmstat -i), ifq drops (sysctl net.inet.ip.ifq.drops), interface errors (netstat -i)? I'm running pppoe(4) on a lot of Geode 500MHz powered boxes and have no problem getting 30Mbit/s throughput of unencrypted traffic... g Andri
Re: bgpctl shiw rib out displaying incorrect information
Hi Am 31.08.2011 10:23, schrieb Tony Sarendal: Sender says next hop = 172.29.1.100, receiver says .51. show rib out in this case shows incorrect nexthop. Well thats kind of the point of having set nexthop self in the config...
Re: LAC LNS server with OpenBSD
Hi Am 18.08.2011 07:51, schrieb YASUOKA Masahiko: npppd supports `LNS' only and it supports `compulsory tunnel' (or `accept dialin'). So currently npppd can become `R3' on above picture but it can not become `R2'. To enable `accept-dialin' on npppd, please add below line to npppd.conf. l2tp.accept_dialin: true is there radius support for npppd? (looking in the sourcecode shows that a least some radius parts are implemented) If there is support can some documentation about usage be found anywhere? Regards Andri
Re: 4.9 net.inet.tcp
Am 14.06.2011 10:26, schrieb pilax: Any idea when CVSROOT: /cvs Module name: src Changes by: clau...@cvs.openbsd.org 2010/10/11 02:44:34 Modified files: sbin/sysctl: sysctl.8 Log message: Remove net.inet.tcp.recvspace and net.inet.tcp.sendspace here as well. Reminded by jmc@ and why ? because the kernel does automagically tune these values... http://readlist.com/lists/openbsd.org/misc/23/118122.html
Re: OpenBGP
Am 28.02.2011 19:36, schrieb fredrik danerklint: Well, ospf6d is so broken that it can't be used in a production environment. Since IPv6 is so important for me as a Internet Service Provider I have to come up with something to solve my needs... Well I use opsf6d in production (for a small setup), when you know what issues you have to deal with its ok. To sum up: - No LSAs sent for passive interfaces. Patch available on misc/tech - opsf6d crashes when ip addresses are added to interfaces or when interfaces are removed. Patch available on misc/tech - opsf6d crashes on ospf6ctl reload. (No that big a deal...) - ospf6d does not support stub routes (Would be nice for carp interfaces - like ospfd does announce the backup routes...) - ospf6d does not support multiple areas (AFAIK) But having this points in mind, it does work okay. (It sure works better than static routing or stuff like ripng. You might even use quagga I don't know if its more stable though...)
Re: Strange network problem. Debugging hints needed.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi all I still have this issue with 4.9. Please let me know if I could assist with any additional data. During the last week I had this problem about 3 times, so I can run tests when the issue is present but I don't know what I could check. I can say the problem seems to occur only with vr(4). bge(4) and em(4) work fine with an otherwise identical configuration. I'd really appreciate some help on this...(This is also PR6546) Regards Andri Am 21.01.2011 00:38, schrieb Andre Keller: Hi there I have a strange problem with network connectivity on a device of mine. The setup is carp on vlan on vr(4). The problem is that the link runs for 10minutes, 10hours or 10days and suddenly it stops working. Doing a ifconfig vr0 down ; ifconfig vr0 up solves the problem temporarly but as you can imagine I'd like to have a more permanent solution. The problem is there are no obvious indications. The port on the switch (C 2960) stays up (and it is not errdisabled), there are no errors. Configuring the interface 100 full or autoselect (on both switch and device) does not make a difference. The error counters on the switch as well as netstat -i do not show any errors. I setup the same configuration (carp on vlan on physical interface) using em(4) and did not run into the problem yet (3 weeks up). So I guess I could have something to do with vr(4). The problem appeared first after updateing 4.8 to 20101222 snapshot, and is still present with snapshot from this week. But prior 20101222 snapshot there were no carp and vlan interfaces, just an ip on the physical interface. So I don't know if the problem is my configuration or something that has changed in the code... dmesg: OpenBSD 4.9-beta (GENERIC) #628: Tue Jan 18 14:14:07 MST 2011 t...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Geode(TM) Integrated Processor by AMD PCS (AuthenticAMD 586-class) 499 MHz cpu0: FPU,DE,PSE,TSC,MSR,CX8,SEP,PGE,CMOV,CFLUSH,MMX real mem = 268009472 (255MB) avail mem = 253489152 (241MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 11/05/08, BIOS32 rev. 0 @ 0xfd088 pcibios0 at bios0: rev 2.1 @ 0xf/0x1 pcibios0: pcibios_get_intr_routing - function not supported pcibios0: PCI IRQ Routing information unavailable. pcibios0: PCI bus #0 is the last bus bios0: ROM list: 0xe/0xa800 cpu0 at mainbus0: (uniprocessor) pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 1 function 0 AMD Geode LX rev 0x33 glxsb0 at pci0 dev 1 function 2 AMD Geode LX Crypto rev 0x00: RNG AES vr0 at pci0 dev 9 function 0 VIA VT6105M RhineIII rev 0x96: irq 10, address 00:0d:b9:17:c0:60 ukphy0 at vr0 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI 0x004063, model 0x0034 vr1 at pci0 dev 10 function 0 VIA VT6105M RhineIII rev 0x96: irq 11, address 00:0d:b9:17:c0:61 ukphy1 at vr1 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI 0x004063, model 0x0034 vr2 at pci0 dev 11 function 0 VIA VT6105M RhineIII rev 0x96: irq 15, address 00:0d:b9:17:c0:62 ukphy2 at vr2 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI 0x004063, model 0x0034 glxpcib0 at pci0 dev 15 function 0 AMD CS5536 ISA rev 0x03: rev 3, 32-bit 3579545Hz timer, watchdog, gpio gpio0 at glxpcib0: 32 pins pciide0 at pci0 dev 15 function 2 AMD CS5536 IDE rev 0x01: DMA, channel 0 wired to compatibility, channel 1 wired to compatibility wd0 at pciide0 channel 0 drive 0: CF 4GB wd0: 1-sector PIO, LBA, 3823MB, 7831152 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2 pciide0: channel 1 ignored (disabled) ohci0 at pci0 dev 15 function 4 AMD CS5536 USB rev 0x02: irq 12, version 1.0, legacy support ehci0 at pci0 dev 15 function 5 AMD CS5536 USB rev 0x02: irq 12 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 AMD EHCI root hub rev 2.00/1.00 addr 1 isa0 at glxpcib0 isadma0 at isa0 com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo com0: console com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo pcppi0 at isa0 port 0x61 spkr0 at pcppi0 npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 usb1 at ohci0: USB revision 1.0 uhub1 at usb1 AMD OHCI root hub rev 1.00/1.00 addr 1 biomask 73e7 netmask ffe7 ttymask mtrr: K6-family MTRR support (2 registers) nvram: invalid checksum vscsi0 at root scsibus0 at vscsi0: 256 targets softraid0 at root root on wd0a swap on wd0b dump on wd0b clock: unknown CMOS layout ifconfig (first two octets / words of ip exchanged): lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 33200 priority: 0 groups: lo inet 127.0.0.1 netmask 0xff00 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5 vr0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:0d:b9:17:c0:60 priority: 0 media: Ethernet 100baseTX full-duplex status: active inet6
Strange network problem. Debugging hints needed.
Hi there I have a strange problem with network connectivity on a device of mine. The setup is carp on vlan on vr(4). The problem is that the link runs for 10minutes, 10hours or 10days and suddenly it stops working. Doing a ifconfig vr0 down ; ifconfig vr0 up solves the problem temporarly but as you can imagine I'd like to have a more permanent solution. The problem is there are no obvious indications. The port on the switch (C 2960) stays up (and it is not errdisabled), there are no errors. Configuring the interface 100 full or autoselect (on both switch and device) does not make a difference. The error counters on the switch as well as netstat -i do not show any errors. I setup the same configuration (carp on vlan on physical interface) using em(4) and did not run into the problem yet (3 weeks up). So I guess I could have something to do with vr(4). The problem appeared first after updateing 4.8 to 20101222 snapshot, and is still present with snapshot from this week. But prior 20101222 snapshot there were no carp and vlan interfaces, just an ip on the physical interface. So I don't know if the problem is my configuration or something that has changed in the code... dmesg: OpenBSD 4.9-beta (GENERIC) #628: Tue Jan 18 14:14:07 MST 2011 t...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Geode(TM) Integrated Processor by AMD PCS (AuthenticAMD 586-class) 499 MHz cpu0: FPU,DE,PSE,TSC,MSR,CX8,SEP,PGE,CMOV,CFLUSH,MMX real mem = 268009472 (255MB) avail mem = 253489152 (241MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 11/05/08, BIOS32 rev. 0 @ 0xfd088 pcibios0 at bios0: rev 2.1 @ 0xf/0x1 pcibios0: pcibios_get_intr_routing - function not supported pcibios0: PCI IRQ Routing information unavailable. pcibios0: PCI bus #0 is the last bus bios0: ROM list: 0xe/0xa800 cpu0 at mainbus0: (uniprocessor) pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 1 function 0 AMD Geode LX rev 0x33 glxsb0 at pci0 dev 1 function 2 AMD Geode LX Crypto rev 0x00: RNG AES vr0 at pci0 dev 9 function 0 VIA VT6105M RhineIII rev 0x96: irq 10, address 00:0d:b9:17:c0:60 ukphy0 at vr0 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI 0x004063, model 0x0034 vr1 at pci0 dev 10 function 0 VIA VT6105M RhineIII rev 0x96: irq 11, address 00:0d:b9:17:c0:61 ukphy1 at vr1 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI 0x004063, model 0x0034 vr2 at pci0 dev 11 function 0 VIA VT6105M RhineIII rev 0x96: irq 15, address 00:0d:b9:17:c0:62 ukphy2 at vr2 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI 0x004063, model 0x0034 glxpcib0 at pci0 dev 15 function 0 AMD CS5536 ISA rev 0x03: rev 3, 32-bit 3579545Hz timer, watchdog, gpio gpio0 at glxpcib0: 32 pins pciide0 at pci0 dev 15 function 2 AMD CS5536 IDE rev 0x01: DMA, channel 0 wired to compatibility, channel 1 wired to compatibility wd0 at pciide0 channel 0 drive 0: CF 4GB wd0: 1-sector PIO, LBA, 3823MB, 7831152 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2 pciide0: channel 1 ignored (disabled) ohci0 at pci0 dev 15 function 4 AMD CS5536 USB rev 0x02: irq 12, version 1.0, legacy support ehci0 at pci0 dev 15 function 5 AMD CS5536 USB rev 0x02: irq 12 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 AMD EHCI root hub rev 2.00/1.00 addr 1 isa0 at glxpcib0 isadma0 at isa0 com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo com0: console com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo pcppi0 at isa0 port 0x61 spkr0 at pcppi0 npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 usb1 at ohci0: USB revision 1.0 uhub1 at usb1 AMD OHCI root hub rev 1.00/1.00 addr 1 biomask 73e7 netmask ffe7 ttymask mtrr: K6-family MTRR support (2 registers) nvram: invalid checksum vscsi0 at root scsibus0 at vscsi0: 256 targets softraid0 at root root on wd0a swap on wd0b dump on wd0b clock: unknown CMOS layout ifconfig (first two octets / words of ip exchanged): lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 33200 priority: 0 groups: lo inet 127.0.0.1 netmask 0xff00 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5 vr0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:0d:b9:17:c0:60 priority: 0 media: Ethernet 100baseTX full-duplex status: active inet6 fe80::20d:b9ff:fe17:c060%vr0 prefixlen 64 scopeid 0x1 vr1: flags=8b43UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST mtu 1500 lladdr 00:0d:b9:17:c0:61 priority: 0 media: Ethernet 100baseTX full-duplex status: active inet6 fe80::20d:b9ff:fe17:c061%vr1 prefixlen 64 scopeid 0x2 vr2: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:0d:b9:17:c0:62 priority: 0 media: Ethernet autoselect (100baseTX full-duplex) status: active inet 10.11.255.253 netmask 0xfffc broadcast 10.11.255.255 inet6 fe80::20d:b9ff:fe17:c062%vr2 prefixlen 64
Re: route show
Am 20.12.2010 08:42, schrieb lilit-aibolit: But if I do it on second machine, output in console and terminal is very-very slow, and while I write this letter it still end and show per line every 10-20 seconds: Check your dns settings or use the -n switch...
Re: em(4) ierrs [solved]
Hi Stuart On 21.09.2010 01:28, schrieb Stuart Henderson: I would try wbng first. Failing that, lm. I doubt you would need to disable ichiic but that would be the next step if there's no improvement. well disabling wbng seems to be the solution. After one day of normal traffic levels we do not see any Ierrs anymore... Thank you Stuart for the helpful advise. Can somebody explain how this driver (which is for getting voltage levels, fan speeds etc, if i did not misinterpret the manpage) is causing this strange behavior? I'm just curious... Thank you all Regards Andre
Re: em(4) ierrs
On 21.09.2010 09:21, schrieb Joerg Goltermann: On 20.09.2010 19:15, Andre Keller wrote: Hi I have some odd packet loss on a openbsd based router (running -current as of the beginning of september) . The router has 6 physical interfaces (all em, Intel 82575EB), 4 of them have traffic (about 10-20 Mbps). which packet rate do you expect on the interfaces? Do you see livelocks (systat -b mbuf)? IFACE LIVELOCKS SIZE ALIVE LWM HWM CWM System256 9893 805 2k 287 985 lo0 em037652k 113 4 256 113 em1 432k12 4 256 4 em293112k 135 4 256 135 em3 6702k12 4 256 4 em4 432k 6 4 256 6
em(4) ierrs
Hi I have some odd packet loss on a openbsd based router (running -current as of the beginning of september) . The router has 6 physical interfaces (all em, Intel 82575EB), 4 of them have traffic (about 10-20 Mbps). We did some tuning (mostly with informations from: https://calomel.org/network_performance.html) and could improve the performance: Currently we use the following sysctl tweaks: sysctl kern.maxclusters=122880 sysctl net.inet.ip.ifq.maxlen=1536 sysctl net.inet.tcp.recvspace=262144 sysctl net.inet.tcp.sendspace=262144 sysctl net.inet.udp.recvspace=262144 sysctl net.inet.udp.sendspace=262144 But still we have about 1300 Ierrs per minute... When we run a simple ping, we can see that something is strange. Where the majority of packets have a rtt of 1ms or less about every tenth package shows a rtt of 250ms... I could really use a hint of what to try next (autoneg has been disabled on all interfaces for testing, now it has been enabled again...) Thank you for your inputs Andri Keller The switches on the other and of the device are both cisco 2960G with a lacp to two interfaces on the openbsd box: em0: flags=8b43UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST mtu 1500 lladdr 00:25:90:05:54:6c priority: 0 trunk: trunkdev trunk1 media: Ethernet autoselect (1000baseT full-duplex) status: active inet6 fe80::225:90ff:fe05:546c%em0 prefixlen 64 scopeid 0x1 em1: flags=8b43UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST mtu 1500 lladdr 00:25:90:05:54:6c priority: 0 trunk: trunkdev trunk1 media: Ethernet autoselect (1000baseT full-duplex) status: active inet6 fe80::225:90ff:fe05:546d%em1 prefixlen 64 scopeid 0x2 em2: flags=8b43UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST mtu 1500 lladdr 00:25:90:05:54:6e priority: 0 trunk: trunkdev trunk0 media: Ethernet 1000baseT full-duplex status: active inet6 fe80::225:90ff:fe05:546e%em2 prefixlen 64 scopeid 0x3 em3: flags=8b43UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST mtu 1500 lladdr 00:25:90:05:54:6e priority: 0 trunk: trunkdev trunk0 media: Ethernet autoselect (1000baseT full-duplex) status: active inet6 fe80::225:90ff:fe05:546f%em3 prefixlen 64 scopeid 0x4 trunk0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:25:90:05:54:6e priority: 0 trunk: trunkproto lacp trunk id: [(8000,00:25:90:05:54:6e,4054,,), (8000,18:ef:63:bf:d7:00,0002,,)] trunkport em3 active,collecting,distributing trunkport em2 active,collecting,distributing groups: trunk media: Ethernet autoselect status: active inet ADDRESS REMOVED inet6 fe80::225:90ff:fe05:546e%trunk0 prefixlen 64 scopeid 0xa inet6 ADDRESS REMOVED trunk1: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST mtu 1500 lladdr 00:25:90:05:54:6c priority: 0 trunk: trunkproto lacp trunk id: [(8000,00:25:90:05:54:6c,405C,,), (8000,18:ef:63:bf:d7:00,0003,,)] trunkport em1 active,collecting,distributing trunkport em0 active,collecting,distributing groups: trunk media: Ethernet autoselect status: active inet6 fe80::225:90ff:fe05:546c%trunk1 prefixlen 64 scopeid 0xb vlan56: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST mtu 1500 lladdr 00:25:90:05:54:6c priority: 0 vlan: 56 priority: 0 parent interface: trunk1 groups: vlan status: active inet6 fe80::225:90ff:fe05:546c%vlan56 prefixlen 64 scopeid 0x11 inet ADDRESS REMOVED netstat -m 9023 mbufs in use: 9003 mbufs allocated to data 11 mbufs allocated to packet headers 9 mbufs allocated to socket names and addresses 528/1970/512000 mbuf 2048 byte clusters in use (current/peak/max) 0/8/512000 mbuf 4096 byte clusters in use (current/peak/max) 0/8/512000 mbuf 8192 byte clusters in use (current/peak/max) 0/8/512000 mbuf 9216 byte clusters in use (current/peak/max) 0/8/512000 mbuf 12288 byte clusters in use (current/peak/max) 0/8/512000 mbuf 16384 byte clusters in use (current/peak/max) 0/8/512000 mbuf 65536 byte clusters in use (current/peak/max) 7060 Kbytes allocated to network (46% in use) 0 requests for memory denied 0 requests for memory delayed 0 calls to protocol drain routines netstat -i | grep em NameMtu Network Address Ipkts IerrsOpkts Oerrs Colls em0 1500 Link 00:25:90:05:54:6c 3543633259 463916 4229526062 0 0 em0 1500 fe80::%em0/ fe80::225:90ff:fe 3543633259 463916 4229526062 0 0 em1 1500 Link
Re: em(4) ierrs
Am 20.09.2010 19:54, schrieb James Peltier: I see you are using LACP as your trunk protocol. You might want to check that all the LACP settings are correct or that there aren't any links being dropped for some reason that might cause the errors to occur. Additionally, have you tried with only one link in the LACP pairs being active? Does it stop then? Just tried that. There is not much I can configure for LACP. On the switch I see no errors. I've now pulled one cable so that only on interface in the trunk is active. The problem is still existing. Ierrs on the interfaces (mostly em2) (btw. there are no ifq.drops) It seems to me that some buffers are running full. As now when there is low traffic there is only a small amount of errors (about 150 in 5minutes) Are there any other knobs I could try to tune? Regards Andri
Re: em(4) ierrs
Am 21.09.2010 00:43, schrieb Stuart Henderson: On 2010-09-20, Andre Keller a...@list.ak.cx wrote: I have some odd packet loss on a openbsd based router (running -current as of the beginning of september) . The router has 6 physical interfaces (all em, Intel 82575EB), 4 of them have traffic (about 10-20 Mbps). We did some tuning (mostly with informations from: https://calomel.org/network_performance.html) and could improve the performance: grr, that page again. As a very general rule, using the on-board network card is going to be much slower than an add in PCI card A gigabit network controller built on board using the CPU will slow the entire system down. More than likely the system will not even be able to sustain 100MB speeds while also pegging the CPU at 100%. and people still use it for kernel tuning advice? As we didn't find any other advices out there we thought it might be worth giving it a try Currently we use the following sysctl tweaks: sysctl kern.maxclusters=122880 how much?!! yes this might be a bit to much: [r...@rt01-rc: root]# netstat -m 9665 mbufs in use: 9642 mbufs allocated to data 14 mbufs allocated to packet headers 9 mbufs allocated to socket names and addresses 83/1970/122880 mbuf 2048 byte clusters in use (current/peak/max) 0/8/122880 mbuf 4096 byte clusters in use (current/peak/max) 0/8/122880 mbuf 8192 byte clusters in use (current/peak/max) 0/8/122880 mbuf 9216 byte clusters in use (current/peak/max) 0/8/122880 mbuf 12288 byte clusters in use (current/peak/max) 0/8/122880 mbuf 16384 byte clusters in use (current/peak/max) 0/8/122880 mbuf 65536 byte clusters in use (current/peak/max) 7288 Kbytes allocated to network (35% in use) 0 requests for memory denied 0 requests for memory delayed 0 calls to protocol drain routines sysctl net.inet.ip.ifq.maxlen=1536 increasing this from the defaults can be useful if you see drops in net.inet.ip.ifq.drops, I'm surprised if you have to go that high for 4x10-20Mb. yeah we had alot of ifq drops first and after setting this value they are gone... I read on multiple tuning tutorial setting this to 256*iface count makes sense sysctl net.inet.tcp.recvspace=262144 sysctl net.inet.tcp.sendspace=262144 sysctl net.inet.udp.recvspace=262144 sysctl net.inet.udp.sendspace=262144 the net.inet.*space values HAVE NO EFFECT on routed packets. OK good to know... But still we have about 1300 Ierrs per minute... When we run a simple ping, we can see that something is strange. Where the majority of packets have a rtt of 1ms or less about every tenth package shows a rtt of 250ms... missing dmesg. Not from the machine above but a machine with the exactly same hardware... OpenBSD 4.8 (GENERIC.MP) #3: Wed Aug 11 19:24:59 CEST 2010 r...@scaramanga.rbnetwork.biz:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 3486973952 (3325MB) avail mem = 3380334592 (3223MB) mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.5 @ 0xcfedf000 (39 entries) bios0: vendor Phoenix Technologies LTD version 1.3a date 11/03/2009 bios0: Supermicro X7SBi acpi0 at bios0: rev 2 acpi0: sleep states S0 S1 S4 S5 acpi0: tables DSDT FACP _MAR MCFG APIC BOOT SPCR ERST HEST BERT EINJ SLIC SSDT SSDT SSDT SSDT SSDT SSDT SSDT SSDT SSDT acpi0: wakeup devices PXHA(S5) PEX_(S5) LAN_(S5) USB4(S5) USB5(S5) USB7(S5) ESB2(S5) EXP1(S5) EXP5(S5) EXP6(S5) USB1(S5) USB2(S5) USB3(S5) USB6(S5) ESB1(S5) PCIB(S5) KBC0(S1) MSE0(S1) COM1(S5) COM2(S5) PWRB(S3) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Xeon(R) CPU X3220 @ 2.40GHz, 2400.43 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,NXE,LONG cpu0: 4MB 64b/line 16-way L2 cache cpu0: apic clock running at 266MHz cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Xeon(R) CPU X3220 @ 2.40GHz, 2400.09 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,NXE,LONG cpu1: 4MB 64b/line 16-way L2 cache cpu2 at mainbus0: apid 2 (application processor) cpu2: Intel(R) Xeon(R) CPU X3220 @ 2.40GHz, 2400.09 MHz cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,NXE,LONG cpu2: 4MB 64b/line 16-way L2 cache cpu3 at mainbus0: apid 3 (application processor) cpu3: Intel(R) Xeon(R) CPU X3220 @ 2.40GHz, 2400.09 MHz cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,NXE,LONG cpu3: 4MB 64b/line 16-way
Re: Kernel-level pppoe
Hi david David Walker schrieb: Hiya. Is it reasonable for you simplify your pf.conf in the interim? I use kernel pppoe and have a very simple ruleset that just works. Yeah sure I will try that... Some of the options are defaults and unneccesary. The pppoe0 interface is vr0. I've never had to scrub or set MTU. I'm not accepting any incoming transactions, however but then your problem is with outgoing http requests. I'm no expert but perhaps if you stop scrubbing and let the MTU work itself out you might be in the ballpark. I doubt that this will work, but I will try that Here's my ifconfig (snipped): pppoe0: flags=8851UP,POINTOPOINT,RUNNING,SIMPLEX,MULTICAST mtu 1492 priority: 0 dev: vr0 state: session Notice I get a spot on MTU of 1492 which from memory is the maximum allowable. I can unplug my cat5 and reboot my modem, etcetera and pppoe comes back up fine. Anyway, see here: http://marc.info/?l=openbsd-miscm=125810464015633w=2 Yeah that was my thread. Well it seemed to work properly as we have a very stable dsl infrastructure (we terminate dsl on our own lns). But last week we had to do some maintenance and therefore disconnect a few clients. And only about half the session worked after that (sessions came up but no http... so at least we can ssh to them and reboot, but thats not really a solution :-)) Best wishes I will be back with more results... btw. How can I check if scrubbing works f.e. with tcpdump? Thank you and regards andri
NAT OpenVPN clients on internal network
Dear list members I've got a small problem with my obenbsd based vpn gateway. There are 2 physical interfaces (vr0 - wan, vr1 - lan) and the openvpn tunnel interface (tun0) VPN clients have an ip address assigned out of the range 10.176.3.0/24, LAN clients out of the range 10.176.0.0/23. Now I'd like to NAT the VPN clients to the LAN address of the gateway (10.176.0.1) (There are clients in the network whitout a default gateway and I do not want to add the 10.176.3.0/24 route to every device in the network). I thought that this is an easy task to accomplish but I do not get the nat tun0-vr1 working: My pf configuration is: wan_if = vr0 lan_if = vr1 vpn_if = tun0 lan_net = $lan_if:network vpn_net = 10.176.3.0/24 pass quick on lo0 block return log on $wan_if all pass out on $wan_if proto icmp all keep state pass on $wan_if inet proto icmp all icmp-type 8 code 0 pass out on $wan_if proto udp all keep state pass in on $wan_if proto udp from any to any port { 53 123 1194 } pass out on $wan_if proto tcp all modulate state pass in on $wan_if proto tcp from any to any port { 22 64321 } match out on $wan_if from ($lan_net) nat-to ($wan_if:0) match out on $lan_if from $vpn_net nat-to ($lan_if:0) tcpdump: tcpdump -i vr1 'icmp' tcpdump: listening on vr1, link-type EN10MB 15:34:30.524786 10.176.3.6 10.176.0.4: icmp: echo request (DF) 15:34:31.520010 10.176.3.6 10.176.0.4: icmp: echo request (DF) 15:34:32.515313 10.176.3.6 10.176.0.4: icmp: echo request (DF) Anyone an idea what i miss? regards andre
Re: NAT OpenVPN clients on internal network
Hi Stuart now I feel really stupid... Thank you! Problem solved... Regards andre Am 07.08.2010 00:18, schrieb Stuart Henderson: match isn't an operation by itself. it sets options which stick to packets and are applied by the _next pass rule that matches that packet_. if there is no following pass rule to match that packet, nothing happens. On 2010-08-06, Andre Keller a...@list.ak.cx wrote: Dear list members I've got a small problem with my obenbsd based vpn gateway. There are 2 physical interfaces (vr0 - wan, vr1 - lan) and the openvpn tunnel interface (tun0) VPN clients have an ip address assigned out of the range 10.176.3.0/24, LAN clients out of the range 10.176.0.0/23. Now I'd like to NAT the VPN clients to the LAN address of the gateway (10.176.0.1) (There are clients in the network whitout a default gateway and I do not want to add the 10.176.3.0/24 route to every device in the network). I thought that this is an easy task to accomplish but I do not get the nat tun0-vr1 working: My pf configuration is: wan_if = vr0 lan_if = vr1 vpn_if = tun0 lan_net = $lan_if:network vpn_net = 10.176.3.0/24 pass quick on lo0 block return log on $wan_if all pass out on $wan_if proto icmp all keep state pass on $wan_if inet proto icmp all icmp-type 8 code 0 pass out on $wan_if proto udp all keep state pass in on $wan_if proto udp from any to any port { 53 123 1194 } pass out on $wan_if proto tcp all modulate state pass in on $wan_if proto tcp from any to any port { 22 64321 } match out on $wan_if from ($lan_net) nat-to ($wan_if:0) match out on $lan_if from $vpn_net nat-to ($lan_if:0) tcpdump: tcpdump -i vr1 'icmp' tcpdump: listening on vr1, link-type EN10MB 15:34:30.524786 10.176.3.6 10.176.0.4: icmp: echo request (DF) 15:34:31.520010 10.176.3.6 10.176.0.4: icmp: echo request (DF) 15:34:32.515313 10.176.3.6 10.176.0.4: icmp: echo request (DF) Anyone an idea what i miss? regards andre
Slightly OT:Problem with IPv6 ND with a specific host
Dear list members I ran into a problem with IPv6 neighbor discovery. It's a openbsd (4.5-stable) box acting as router attached to a IXP switch. The ipv6 nd works with all peers but one (cisco), while the nonworking peer works from our second box (4.5-stable too)... when I add a static entry using ndp -s everything works just fine... But I would really like to know what causes this... Does someone around here has an idea what to look for? I don't really know how to debug this... I thought it might be a problem with blocking icmpv6, but why would the other session work then? I'll try to do some tcpdump later in the evening when traffic not that high (I saw some examples at http://tldp.org/HOWTO/Linux+IPv6-HOWTO/examples-tcpdump.html) Regards Andri
Re: OpenBGP filter question
Am 11.02.2010 11:31, schrieb Ivo Chutkin: The actual filter looks like this without the comment: match to $spnet_bg #(AS8717) sourse_as 9070 set prepend-seff 4 These are typos, right? match to neighborip source-as as to prepend set { prepend-self 3 } works in our setup
Re: bgplg failed only from web not from CLI
Am 28.11.2009 09:45, schrieb ~Lst: -bash-4.0# cat /etc/rc.conf.local bgpd_flags=-r /var/www/logs/bgpd.rsock The socket is working... -bash-4.0# bgpctl -s /var/www/logs/bgpd.rsock show ip bgp memory RDE memory statistics 299643 IPv4 network entries using 6.9M of memory 599286 rib entries using 18.3M of memory 599286 prefix entries using 18.3M of memory 107070 BGP path attribute entries using 7.8M of memory 46167 BGP AS-PATH attribute entries using 2.1M of memory, and holding 107070 references 8196 BGP attributes entries using 192K of memory and holding 126660 references 8195 BGP attributes using 151K of memory RIB using 53.6M of memory Does it work too when you run it with the apache user (I guess www) from console ? hth andre
Re: bgplg failed only from web not from CLI
Am 28.11.2009 16:36, schrieb ~Lst: No, I just install and followed manual. You either missed a step or run an very uncommon configuration What I don't undertand, why ping, traceroute and show version is ok, and anything else is failed (if it's via web). Well anything else is anything related to bgpd, so this makes perfect sense... And if via bgplgsh (CLI) the whole thing is ok. Through which user you run bgplgsh?
Re: bgplg failed only from web not from CLI
Hi Seems that you cannot connect to bgpd Are you sure bgpd_flags=-r /var/www/logs/bgpd.rsock is present in your rc.conf.local? is the socket working? (bgpctl -s /var/www/logs/bgpd.rsock show rib ) hth andre Am 26.11.2009 21:06, schrieb ~Lst: Hi, I've already setup bgplg on my test machine, but only show version, ping and traceroute that is work (suggested from http://marc.info/?l=openbsd-miscm=122670411001369w=2). Everything else is not work, such as show ip bgp memory, etc... I followed man pages and checked everything but still its only failed, the strange is everytime I tested from CLI it works fine but not if I tested from the web. Is there anything that I don't know ? -bash-4.0# /var/www/bin/bgpctl show ip bgp memory RDE memory statistics 299625 IPv4 network entries using 6.9M of memory 599250 rib entries using 18.3M of memory 599250 prefix entries using 18.3M of memory 106974 BGP path attribute entries using 7.8M of memory 46163 BGP AS-PATH attribute entries using 2.1M of memory, and holding 106974 references 8164 BGP attributes entries using 191K of memory and holding 126530 references 8163 BGP attributes using 149K of memory RIB using 53.6M of memory Rgds, -- ~Lst
Re: Problem with kernel-level pppoe
Hi David Am 13.11.2009 00:22, schrieb David Walker: !/sbin/route -v add -inet default -ifp pppoe0 0.0.0.1 Also it seems possible to add the dest to the end of the inet line (e.g.): inet 0.0.0.0 255.255.255.255 0.0.0.1 This is a should from the man page. Note also !command-line - hostname.if(5). OK I'll adjust that... And finally in sysctl.conf: net.inet.tcp.mssdflt=1440 Where does this come from? Well I read that somewere ;-) Its reverted now... Nevertheless try commenting your sysctl.conf addition, and scrubbing globally (e.g.): # scrub match in all scrub (no-df) Yop that was a problem. the match rule for scrubbing was overridden by a following pf rule... so all works now... Regards andri
Problem with kernel-level pppoe
Hi guys I use pppoe on my openbsd based router some time now, but always using user space ppp. I read on several posts / blogs / etc. that kernel-level pppoe (pppoe(4)) would have better performance and I decided to bring up a test device. My config (OpenBSD 4.6): /etc/hostname.pppoe0 inet 0.0.0.0 255.255.255.255 NONE \ pppoedev vr0 authproto chap \ authname 'user' authkey 'pass' up dest 0.0.0.1 /sbin/route add default 0.0.0.1 And additionally in pf.conf: match on pppoe0 scrub (max-mss 1440) And finally in sysctl.conf: net.inet.tcp.mssdflt=1440 The connection establish and icmp does work, but with udp pings I got duplicate answers and tcp does not work at all. Short: the connection is not usable. On the same device using userspace ppp: /etc/ppp/ppp.conf default: set log Phase Chat LCP IPCP CCP tun command pppoe: set device !/usr/sbin/pppoe -i vr0 set mtu max 1492 set mru max 1492 set speed sync disable acfcomp protocomp deny acfcomp set authname user set authkey pass set dial set login add default HISADDR Everything works ok. Did I miss anything here? Any help would be appreciated! Regards Andri