Re: hardware
Did you not know NetBSD runs on everything and OpenBSD runs on every fur! Op wo 19 apr. 2023 10:53 schreef Stanislav Syekirin < stanislav.syeki...@studium.fernuni-hagen.de>: > > > > On Mi, 19 Apr 2023 12:51:02 +1000 > David Diggles wrote: > > On 2023-04-19 01:40, folly bololey wrote: > >>> It doesn't matter whether the cat is black or white, as long as it > >>> catches mice. > >> Black cat is more stealthy > > > > just a different hunting strategy and depends on the lighting. white > >cats would be stealthier in snow, or ambushing from above in the day > >time. > > > > To be honest I didn't know it was possible to install OpenBSD on a > cat. > >
relayd.conf http headers from file
Hi List, Is it possible with relayd to match HTTP headers key and value from a file ? I want to store JWT authorisation tokens in a file. Pass request header "Authorize" value "123456" #works Once I start adding the file option things get confusing. Manual mentions we can only read keys from external files. Not the header values. Very confusing. Any clues? Gr.FH
Re: Editing hostname.if files
2016-06-02 20:28 GMT+02:00 Otto Moerbeek <o...@drijf.net>: > On Thu, Jun 02, 2016 at 08:08:19PM +0200, Frans Haarman wrote: > >> I got tired of typing hostname so came up with this little tweak. Now >> atleast I have some tab completion. >> >> Maybe useful for some ? Do you have a differnt approach ? >> >> Regards, >> Frans >> >> >> >> # cd /etc/interface/ >> # ls -la >> total 12 >> drwxr-xr-x 2 root wheel 512 Jun 2 19:51 . >> drwxr-xr-x 23 root wheel 1536 Jun 2 19:42 .. >> -rw-r--r-- 1 root wheel 144 Jun 2 19:47 .mklink >> lrwxr-xr-x 1 root wheel21 Jun 2 19:47 bridge0 -> >> /etc/hostname.bridge0 >> lrwxr-xr-x 1 root wheel21 Jun 2 19:47 vether0 -> >> /etc/hostname.vether0 >> lrwxr-xr-x 1 root wheel23 Jun 2 19:47 vether247 -> >> /etc/hostname.vether247 >> lrwxr-xr-x 1 root wheel22 Jun 2 19:47 vlan2470 -> >> /etc/hostname.vlan2470 >> lrwxr-xr-x 1 root wheel18 Jun 2 19:47 vmx0 -> /etc/hostname.vmx0 >> lrwxr-xr-x 1 root wheel18 Jun 2 19:47 vmx1 -> /etc/hostname.vmx1 >> # >> >> # cat .mklink >> #!/bin/sh >> >> interfaces=`ls -1 /etc |grep "hostname.*" | sed 's/hostname\.//g' ` >> for int in $interfaces; do >> ln -s /etc/hostname.$int $int >> done >> >> # vi /etc/interface/ >> bridge0vether0vether247 vlan2470 vmx0 vmx1 >> # vi /etc/interface/v >> vether0vether247 vlan2470 vmx0 vmx1 >> # vi /etc/interface/vether >> vether0vether247 >> # vi /etc/interface/vether247 > > I do not think this script is very useful but on the subject matter > of shell scripting you need to learn about shell expansions and > substitutions: > > Something like: > > for i in /etc/hostname.*; do > ln -sf /etc.hostname.$i ${i#/etc/hostname.} > done > > (untested) > > -Otto > Indeed I do! :) so this works: for i in /etc/hostname.*; do ln -sf $i ${i#/etc/hostname.*} done That looks so much better! I'll go do some homework. Regards, Frans
Editing hostname.if files
I got tired of typing hostname so came up with this little tweak. Now atleast I have some tab completion. Maybe useful for some ? Do you have a differnt approach ? Regards, Frans # cd /etc/interface/ # ls -la total 12 drwxr-xr-x 2 root wheel 512 Jun 2 19:51 . drwxr-xr-x 23 root wheel 1536 Jun 2 19:42 .. -rw-r--r-- 1 root wheel 144 Jun 2 19:47 .mklink lrwxr-xr-x 1 root wheel21 Jun 2 19:47 bridge0 -> /etc/hostname.bridge0 lrwxr-xr-x 1 root wheel21 Jun 2 19:47 vether0 -> /etc/hostname.vether0 lrwxr-xr-x 1 root wheel23 Jun 2 19:47 vether247 -> /etc/hostname.vether247 lrwxr-xr-x 1 root wheel22 Jun 2 19:47 vlan2470 -> /etc/hostname.vlan2470 lrwxr-xr-x 1 root wheel18 Jun 2 19:47 vmx0 -> /etc/hostname.vmx0 lrwxr-xr-x 1 root wheel18 Jun 2 19:47 vmx1 -> /etc/hostname.vmx1 # # cat .mklink #!/bin/sh interfaces=`ls -1 /etc |grep "hostname.*" | sed 's/hostname\.//g' ` for int in $interfaces; do ln -s /etc/hostname.$int $int done # vi /etc/interface/ bridge0vether0vether247 vlan2470 vmx0 vmx1 # vi /etc/interface/v vether0vether247 vlan2470 vmx0 vmx1 # vi /etc/interface/vether vether0vether247 # vi /etc/interface/vether247
Re: NPPPD and IPSec
I have used this with windows 7 and osx: ike passive esp transport \ proto udp from $public_ip to any port 1701 \ main auth hmac-sha1 enc 3des group modp1024 \ quick auth hmac-sha1 enc aes \ psk 2013/12/2 Or Elimelech o...@xwise.com Hi, I'm having trouble configuring Windows clients with l2tp over ipsec, This config works great on OSX/iOS/Android/Linux I do not know which type of auth/enc/group I should use for Windows clients I currently use OpenBSD 5.4 with the following ike passive esp transport \ proto udp from 1.2.3.4 to any port 1701 \ main auth hmac-sha1 enc aes group modp1024 \ quick auth hmac-sha1 enc aes group modp1024 \ psk secret Thank you so much and keep up the good work I love the OpenBSD project ___ The sender of this email is not authorized to bind XWise Marketing or any of its affiliate companies (hereby: the Companies) or to make any representations, contracts, or commitments on behalf of the Companies. The information contained in this communication is intended solely for the use of the individual or entity to whom it is addressed and others authorized to receive it. It may contain confidential or legally privileged information. If you are not the intended recipient you are hereby notified that any disclosure, copying, distribution or taking any action in reliance on the contents of this information is strictly prohibited and may be unlawful. If you have received this communication in error, please notify us immediately by forwarding this email to le...@xwise.com and then delete it from your system. The Companies are neither liable for the proper and complete transmission of the information contained in this communication nor for any delay in its receipt.
Re: slashdot rumours
its a joke Strangest of all was the ability of infected machines to transmit small amounts of network data with other infected machines even when their power cords and Ethernet cables were unplugged and their Wi-Fi and Bluetooth cards were removed 2013/11/1 Mathieu KERJOUAN kerjouan.math...@gmail.com Hi Marko, Could you send some links? If it's badbios malware... I (we) have no public data to prove if it's true. http://arstechnica.com/security/2013/10/meet-badbios-the-mysterious-mac-and-p c-malware-that-jumps-airgaps/ http://www.geek.com/apps/self-healing-badbios-malware-infects-pcs-through-mic -and-speakers-is-straight-out-of-sci-fi-1575768/ Halloween joke? -- Mathieu Kerjouan
Re: slashdot rumours
It would amaze me if this is possible without external power! I assumed it was not possible on the internal battery. Perhaps I jumped to conclusions. 2013/11/1 Stuart Henderson s...@spacehopper.org On 2013-11-01, Frans Haarman franshaar...@gmail.com wrote: its a joke Strangest of all was the ability of infected machines to transmit small amounts of network data with other infected machines even when their power cords and Ethernet cables were unplugged and their Wi-Fi and Bluetooth cards were removed Why a joke? Then, when Ruiu removed the internal speaker and microphone connected to the airgapped machine, the packets suddenly stopped. block in quick on azalia0 freq =18KHz
fix for faq ?
The line mentioning running tftpd from inetd is no longer valid! Its now started via /etc/rc.d/tftpd. http://www.openbsd.org/faq/faq6.html#PXE You will also have to activate the tftpd(8) daemon. This is typically done through inetd(8). The standard OpenBSD install has a sample line in inetd.conf which will do nicely for you: #tftp dgram udp wait root /usr/libexec/tftpd tftpd -s /tftpboot which simply needs to have the '#' character removed and send inetd(8) a -HUP signal to get it to reload /etc/inetd.conf. tftpd(8) serves files from a particular directory, in the case of this line, that directory is /tftpboot, which we will use for this example. Obviously, this directory needs to be created and populated. Typically, you will have only a few files here for PXE booting: Regards, Frans
Re: Narcicism?
2011/12/1 Brandon Weaver keystonele...@gmail.com: so remind me again why we're catering to NLB's and Trolls? I think people are still debugging his bug report.
Re: HP Mini 5102, bluetooth speakers not working
2011/6/30 Brynet bry...@gmail.com: Frans Haarman wrote: The built-in bluetooth is not working, neither are the laptop speakers or I am just not smart enough :) OpenBSD's bluetooth drivers are disabled in GENERIC, you can enable it with config(8)/UKC but it's very unreliable. The azalia(4) bug could be real, but they're really complex devices and have a lot of knobs.. it could be simply that you need to fiddle with one of them. How about 'mixerctl outputs.spkr_source=mix2'? I'm sad to report this did not work.
HP Mini 5102, bluetooth speakers not working
Hi, since I am probably the only one running OpenBSD on this machine I am not expecting much. But here it goes. The builtin wifi chipset is unsupported still. I've bought one of those mini dlink wifi adapaters and its a great solution. Thanks for that damien@! Having a big usb-dongle stickout out a netbook just looks wrong :) The headphones work fine, mic seems to be working although I am still in the process of getting some sort of voip/video chat software running. The built-in bluetooth is not working, neither are the laptop speakers or I am just not smart enough :) $ mixerctl -v outputs.hp_source=mix2 [ dac-0:1 dac-2:3 mix2 ] outputs.hp_boost=off [ off on ] outputs.mic_dir=none [ none input input-vr0 input-vr50 input-vr80 ] outputs.mic2_dir=none [ none input input-vr0 input-vr50 input-vr80 ] outputs.spkr_source=dac-2:3 [ dac-0:1 dac-2:3 mix2 ] inputs.dac-0:1_mute=off [ off on ] inputs.dac-0:1=126,126 inputs.dac-2:3_mute=off [ off on ] inputs.dac-2:3=126,126 inputs.sel_source=mix2 [ dac-0:1 dac-2:3 mix2 ] inputs.mix2_source=dac-0:1,dac-2:3,sel2,sel3 { dac-0:1 dac-2:3 sel2 sel3 } inputs.mix2_dac-0:1=120,120 inputs.mix2_dac-2:3=120,120 inputs.mix2_sel2=120,120 inputs.mix2_sel3=120,120 inputs.sel2_source=mic2 [ mic mic2 ] outputs.sel2=85,85 inputs.sel3_source=mic [ mic mic2 ] outputs.sel3=85,85 record.adc-0:1_source=sel2 [ sel2 mix2 ] record.adc-0:1_mute=off [ off on ] record.adc-0:1=119,119 record.adc-2:3_source=sel3 [ sel3 mix2 ] record.adc-2:3_mute=off [ off on ] record.adc-2:3=119,119 inputs.sel6_source=adc-0:1 [ adc-0:1 adc-2:3 ] inputs.sel7_source=adc-0:1 [ adc-0:1 adc-2:3 ] inputs.beep_mute=off [ off on ] inputs.beep=85 outputs.hp_sense=unplugged [ unplugged plugged ] outputs.mic_sense=unplugged [ unplugged plugged ] outputs.spkr_muters=hp { hp } outputs.master=126,126 outputs.master.mute=off [ off on ] outputs.master.slaves=dac-0:1,dac-2:3 { dac-0:1 dac-2:3 sel2 sel3 beep } record.volume=119,119 record.volume.mute=off [ off on ] record.volume.slaves=adc-0:1,adc-2:3 { adc-0:1 adc-2:3 } $ $ usbdevs -vd Controller /dev/usb0: addr 1: high speed, self powered, config 1, EHCI root hub(0x), Intel(0x8086), rev 1.00 uhub0 port 1 powered port 2 powered port 3 powered port 4 addr 2: high speed, power 98 mA, config 1, CNF8243(0xb159), Chicony Electronics Co., Ltd.(0x04f2), rev 85.39, iSerialNumber SN0001 uvideo0 port 5 powered $ usbdevs -vd Controller /dev/usb0: addr 1: high speed, self powered, config 1, EHCI root hub(0x), Intel(0x8086), rev 1.00 uhub0 port 1 powered port 2 powered port 3 powered port 4 addr 2: high speed, power 98 mA, config 1, CNF8243(0xb159), Chicony Electronics Co., Ltd.(0x04f2), rev 85.39, iSerialNumber SN0001 uvideo0 port 5 powered port 6 powered port 7 powered port 8 addr 3: high speed, power 500 mA, config 1, 802.11n WLAN Adapter(0x3308), Realtek(0x2001), rev 2.00, iSerialNumber 00e04c01 urtwn0 Controller /dev/usb1: addr 1: full speed, self powered, config 1, UHCI root hub(0x), Intel(0x8086), rev 1.00 uhub1 port 1 powered port 2 addr 2: full speed, self powered, config 1, HP Integrated Module(0x231d), Broadcom Corp(0x03f0), rev 3.06 ugen0 Controller /dev/usb2: addr 1: full speed, self powered, config 1, UHCI root hub(0x), Intel(0x8086), rev 1.00 uhub2 port 1 powered port 2 powered Controller /dev/usb3: addr 1: full speed, self powered, config 1, UHCI root hub(0x), Intel(0x8086), rev 1.00 uhub3 port 1 powered port 2 powered Controller /dev/usb4: addr 1: full speed, self powered, config 1, UHCI root hub(0x), Intel(0x8086), rev 1.00 uhub4 port 1 powered port 2 powered $ $ dmesg OpenBSD 4.9-current (GENERIC.MP) #97: Mon Jun 27 10:01:47 MDT 2011 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC.MP RTC BIOS diagnostic error bfclock_battery,config_unit,memory_size,fixed_disk,invalid_time cpu0: Intel(R) Atom(TM) CPU N450 @ 1.66GHz (GenuineIntel 686-class) 1.67 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,EST,TM2,SSSE3,CX16,xTPR,PDCM,MOVBE real mem = 2131890176 (2033MB) avail mem = 2086793216 (1990MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 11/20/09, SMBIOS rev. 2.6 @ 0x7e815000 (22 entries) bios0: vendor Hewlett-Packard version 68PGU Ver. F.06 date 05/25/2010 bios0: Hewlett-Packard HP Mini 5102 acpi0 at bios0: rev 2 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP HPET APIC MCFG ASF! SSDT SLIC SSDT acpi0: wakeup devices HDEF(S3) RP01(S5) WNIC(S5) RP04(S0) NIC_(S0) USB1(S0) USB2(S0) USB3(S0) USB4(S0) EHC1(S0) PCIB(S5) HST1(S5) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpihpet0 at acpi0: 14318179 Hz acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: apic clock running at 166MHz cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Atom(TM) CPU N450 @ 1.66GHz (GenuineIntel 686-class) 1.67 GHz cpu1:
HP Mini 5102 with networking ?
Does anybody have a hp min 5102 with networking ? I managed to install 4.8 amd on a usbdisk (using qemu, on windows7, *sigh*). It boots, and works fine, just missing networking support. I managed to boot i386 bsd.rd, and snapshots bsd.rd but both claim [vlan0] is the way to go. OpenBSD 4.8 (GENERIC) #182: Mon Aug 16 09:02:40 MDT 2010 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC RTC BIOS diagnostic error bfclock_battery,config_unit,memory_size,fixed_disk,invalid_time real mem = 1057562624 (1008MB) avail mem = 1015611392 (968MB) mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.6 @ 0x3e815000 (22 entries) bios0: vendor Hewlett-Packard version 68PGU Ver. F.06 date 05/25/2010 bios0: Hewlett-Packard HP Mini 5102 acpi0 at bios0: rev 2 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP HPET APIC MCFG ASF! SSDT SLIC SSDT SSDT acpi0: wakeup devices HDEF(S3) RP01(S5) WNIC(S5) RP04(S5) NIC_(S5) USB1(S3) USB2(S3) USB3(S3) USB4(S3) EHC1(S3) PCIB(S5) HST1(S5) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpihpet0 at acpi0: 14318179 Hz acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Atom(TM) CPU N450 @ 1.66GHz, 1662.81 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,EST,TM2,SSSE3,CX16,xTPR,PDCM,MOVBE,NXE,LONG cpu0: 512KB 64b/line 8-way L2 cache cpu0: apic clock running at 166MHz cpu at mainbus0: not configured ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 24 pins ioapic0: misconfigured as apic 0, remapped to apid 1 acpiprt0 at acpi0: bus -1 (PEGP) acpiprt1 at acpi0: bus 1 (RP01) acpiprt2 at acpi0: bus 2 (RP03) acpiprt3 at acpi0: bus 67 (RP04) acpiprt4 at acpi0: bus 68 (PCIB) acpiprt5 at acpi0: bus 0 (PCI0) acpiec0 at acpi0 acpicpu0 at acpi0: C3, C2, C1, PSS acpipwrres0 at acpi0: APPR acpipwrres1 at acpi0: COMP acpipwrres2 at acpi0: LPP_ acpipwrres3 at acpi0: PFN0 acpipwrres4 at acpi0: PFN1 acpipwrres5 at acpi0: PFN2 acpipwrres6 at acpi0: PFN3 acpipwrres7 at acpi0: PFN4 acpitz0 at acpi0: critical temperature 105 degC acpitz1 at acpi0: critical temperature 103 degC acpitz2 at acpi0: critical temperature 78 degC acpitz3 at acpi0: critical temperature 103 degC acpitz4 at acpi0: critical temperature 110 degC acpibat0 at acpi0: BAT0 model Primary serial 10707 2010/07/21 type LIon oem Hewlett-Packard acpibat1 at acpi0: BAT1 not present acpiac0 at acpi0: AC unit offline acpibtn0 at acpi0: SLPB acpibtn1 at acpi0: LID_ acpivideo0 at acpi0: DGFX acpivideo1 at acpi0: GFX0 acpivout0 at acpivideo1: DD02 cpu0: Enhanced SpeedStep 1662 MHz: speeds: 1666, 1333, 1000 MHz pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 Intel Pineview DMI rev 0x00 vga1 at pci0 dev 2 function 0 Intel Pineview Video rev 0x00 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) intagp0 at vga1 agp0 at intagp0: aperture at 0x4000, size 0x1000 inteldrm0 at vga1: apic 1 int 16 (irq 10) drm0 at inteldrm0 Intel Pineview Video rev 0x00 at pci0 dev 2 function 1 not configured azalia0 at pci0 dev 27 function 0 Intel 82801GB HD Audio rev 0x02: apic 1 int 19 (irq 11) azalia0: codecs: IDT 92HD75B1/2 audio0 at azalia0 ppb0 at pci0 dev 28 function 0 Intel 82801GB PCIE rev 0x02: apic 1 int 16 (irq 10) pci1 at ppb0 bus 1 vendor Broadcom, unknown product 0x4353 (class network subclass miscellaneous, rev 0x01) at pci1 dev 0 function 0 not configured ppb1 at pci0 dev 28 function 2 Intel 82801GB PCIE rev 0x02: apic 1 int 18 (irq 10) pci2 at ppb1 bus 2 ppb2 at pci0 dev 28 function 3 Intel 82801GB PCIE rev 0x02: apic 1 int 19 (irq 11) pci3 at ppb2 bus 67 uhci0 at pci0 dev 29 function 0 Intel 82801GB USB rev 0x02: apic 1 int 20 (irq 10) uhci1 at pci0 dev 29 function 1 Intel 82801GB USB rev 0x02: apic 1 int 22 (irq 10) uhci2 at pci0 dev 29 function 2 Intel 82801GB USB rev 0x02: apic 1 int 18 (irq 10) uhci3 at pci0 dev 29 function 3 Intel 82801GB USB rev 0x02: apic 1 int 19 (irq 11) ehci0 at pci0 dev 29 function 7 Intel 82801GB USB rev 0x02: apic 1 int 20 (irq 10) usb0 at ehci0: USB revision 2.0 uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1 ppb3 at pci0 dev 30 function 0 Intel 82801BAM Hub-to-PCI rev 0xe2 pci4 at ppb3 bus 68 pcib0 at pci0 dev 31 function 0 Intel Tigerpoint LPC rev 0x02 ahci0 at pci0 dev 31 function 2 Intel 82801GR AHCI rev 0x02: apic 1 int 22 (irq 10), AHCI 1.1 ahci0: PHY offline on port 1 scsibus0 at ahci0: 32 targets sd0 at scsibus0 targ 0 lun 0: ATA, Hitachi HTS72502, PC2O SCSI3 0/direct fixed sd0: 238475MB, 512 bytes/sec, 488397168 sec total usb1 at uhci0: USB revision 1.0 uhub1 at usb1 Intel UHCI root hub rev 1.00/1.00 addr 1 usb2 at uhci1: USB revision 1.0 uhub2 at usb2 Intel UHCI root hub rev 1.00/1.00 addr 1 usb3 at uhci2: USB revision 1.0 uhub3 at usb3 Intel UHCI root hub rev 1.00/1.00 addr 1 usb4 at uhci3: USB revision 1.0 uhub4 at usb4 Intel UHCI root hub rev 1.00/1.00 addr 1 isa0 at
Re: HP Mini 5102 with networking ?
2010/11/15 Andres Perera andre...@zoho.com On Mon, Nov 15, 2010 at 3:05 PM, Frans Haarman franshaar...@gmail.com wrote: Does anybody have a hp min 5102 with networking ? I managed to install 4.8 amd on a usbdisk (using qemu, on windows7, *sigh*). It boots, and works fine, just missing networking support. I managed to boot i386 bsd.rd, and snapshots bsd.rd but both claim [vlan0] is the way to go. OpenBSD 4.8 (GENERIC) #182: Mon Aug 16 09:02:40 MDT 2010 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC RTC BIOS diagnostic error bfclock_battery,config_unit,memory_size,fixed_disk,invalid_time mine also can't give a battery usage estimate, not even in linux stuff vendor Broadcom, unknown product 0x4353 (class network subclass miscellaneous, rev 0x01) at pci1 dev 0 function 0 not configured would be interesting if you say what type of network card is it i have a similar HP mini but it uses ral and re I've been advised to use a usb wifi device for the time being. The broadcom chipset is unsupported as of yet.
Re: [OT] New fund raising item, dream inspired
On 16 September 2010 13:23, Chris Bennett ch...@bennettconstruction.biz wrote: I just woke up from a dream where I saw the new fund raising item. Apparently it was an embedded firewall, and a can opener. It had a list of PF settings on a knob. The only PF setting I could remember was 'turnaround', which seems oddly appropriate for a can opener Interesting. I see the need for blocking expired cans, and perhaps 'can inspection' so we can filter out nasty preservatives. Will this be another OpenXX project or are you concidering a spoon ?
Re: MTA choice
On 13 August 2010 16:30, open...@e-solutions.re wrote: On Fri, 13 Aug 2010 09:23:30 -0500, j...@fixedpointgroup.com j...@fixedpointgroup.com wrote: sendmail is fine if you have a few users at a relatively quiet domain, all of whom you want to have system accounts on the mailserver. smtpd does similarly but has unpredictable behavior at best. i spent many hours fiddling with smtpd until i gave up on it. postfix is great because of the virtual user support, meaning that your mail users do not require system accounts, and configurability. hosting several domains, all with separate mailboxes e.g. u...@domain1.com and u...@domain2.com is done pretty easily by postfix. in the instance that you need support from the postfix-users mailing list don your douchebag-proof-suit and you should be ok so long as you don't subscribe to that list. i have heard good things about qmail but never used it myself. Thank's for your answer. Qmail has worked for me for many years. We get about 50.00 smtp connections a day and do about 200K deliveries a month.
Re: slow down dd - how?
On 8 July 2010 18:52, Jozsi Avadkan jozsi.avad...@gmail.com wrote: How can I slow down dd? I don't want to slow down the pc, when generating a big file [~40 GByte]. Does ionice work properly? Thank you for any help! :\ maybe dd bs=1 ?
Re: Unable to ping routes learnt via BGP (OpenBSD 4.7)
On 22 June 2010 18:55, rh...@hushmail.com wrote: Hello List, I'm sure I'm missing something fairly obvious but don't know where to start. First, forgive my ASCII art : [BSD A] -- [PEER A] ^ | v [BSD B] -- [PEER B] The following works OK : - eBGP - iBGP - Routing to and from machines behind the BSD boxes - Pinging internet routes learnt from either peer from BSD A console The following does not work : - Pinging internet routes learnt from Peer B on BSD B. However it is possible to ping routes learnt from Peer A on BSD B. It is also possible to ping routes learnt from Peer B on BSD B if I use ping with the -I flag and pick a LAN-side interface to ping from. What have I missed ? bgpctl sh nex reports fine, and there are no default routes hiding in output from route -n show. maybe pf related ? did you try to disable it ? You did not provide too much detail so its hard to guess. Did you find any clues in bgpctl show rib/fib ?
Re: OpenBSD culture?
On 14 April 2010 11:11, Zachary Uram net...@gmail.com wrote: As a long time Linux user I will soon try out OpenBSD, I have been reading the list emails and contacted 1 OpenBSD top person who was very rude. There is some of the RTFM or get lost attitude in Linux, but if a questioner seems sincere there is usually a certain level of friendliness in Linux community towards them. Just what I have briefly observed the OpenBSD community is more abrupt and less interested in helping newbies, they prefer one find the answer solely on their own if possible. I must say I detect a certain attitude that smacks of superiority and even condescension at times. Is this a fair assessment of 6the OpenBSD culture? Zach I do not. Wouldn't you concider it disrespectfull if someone refuses to read and research ? Its quite nice for people to still direct those people to the FAQ and TFMs. - Frans
Re: OT: marco@ misc@ behavior Re: whiteboard over the net
Here's my top posting! load averages: 0.32, 0.16, 0.1015:39:59 26 processes: 25 idle, 1 on processor CPU states: 1.9% user, 0.0% nice, 0.3% system, 6.2% interrupt, 91.5% idle Memory: Real: 128M/338M act/tot Free: 662M Swap: 0K/2052M used/tot PID USERNAME PRI NICE SIZE RES STATEWAIT TIMECPU COMMAND 27303 _isakmpd 20 3016K 2900K sleepselect 229:09 0.00% isakmpd 6143 _snmpd 20 20M 20M sleepkqread 113:47 0.00% snmpd 15473 _bgpd 20 77M 78M sleeppoll 86:06 0.00% bgpd 10090 _syslogd 20 540K 716K sleeppoll 10:32 0.00% syslogd 3107 root 20 568K 1256K sleepselect9:07 0.00% sshd 18607 _bgpd 20 1756K 2000K sleeppoll 5:07 0.00% bgpd 3093 root 20 992K 1844K sleepselect2:22 0.00% sendmail 592 root 20 20M 21M sleeppoll 3:06 0.00% bgpd 9295 root 20 488K 792K idle select0:00 0.00% cron 42 root 20 464K 748K idle select0:50 0.00% inetd 1 root 100 428K 324K idle wait 0:29 0.00% init 13536 _ntp 20 512K 796K idle poll 0:00 0.00% ntpd 1405 root 20 712K 716K idle netio 0:02 0.00% syslogd 28634 root 20 420K 708K sleepnetio 0:00 0.00% comsat 738 root 20 516K 732K idle poll 0:00 0.00% ntpd 27740 root 20 3372K 2608K sleepselect0:00 0.00% sshd 21831 root 20 1288K 584K idle netio 0:00 0.00% isakmpd 10319 root 180 496K 444K sleeppause 0:00 0.00% ksh On 31 March 2010 16:12, Ahlsen-Girard, Edward F CTR USAF AFSOC AFSOC/A6OK edward.ahlsen-girard@hurlburt.af.mil wrote: Marco Peereboom wrote: Oh hai! Marco does it for the lulz. You know you don't have to read what I write you know. If it irritates you that is your problem, not mine. Feel free to ignore this. On Tue, Mar 30, 2010 at 09:52:46PM -0500, Neal Hogan wrote: On Tue, Mar 30, 2010 at 6:34 PM, Marco Peereboom sl...@peereboom.us wrote: oooh that looks perfect; let me try that. On Tue, Mar 30, 2010 at 06:27:13PM -0400, Ted Unangst wrote: On Tue, Mar 30, 2010 at 4:15 PM, Marco Peereboom sl...@peereboom.us wrote: Drawing shit with the mouse. ?Not typing stuff with the keybored. webcanvas.com ?Just carve off a section as your territory, like http://webcanvas.com/100N600W#-228000,-3,0 I understand that mr. peereboom (thinks he) is rather important to the obsd project . . . no doubt he (thinks) he is, but I was wondering if mr. peereboom ever thought about the silliness of top-posting (I'm sure he has and that's why he does it ;-). I've not been here that long, but it seems that his mailing list behavior is okay . . .? Other than his sarcasm, he has useful posts that are fucked up by his apparent need/desire to top post. Marco . . . can you please use accepted (i.e., rational) protocol from now on? misc@ is not personal correspondence . . . many of us appreciate what goes on here and your top-posting is . . . well . . . annoying (to say the least). Damn it, people, when I want to have the top-posting debate I'll have it with my brother. -- Ed Ahlsen-Girard [demime 1.01d removed an attachment of type application/x-pkcs7-signature which had a name of smime.p7s]
Re: problems using djbdns
Hi, # tinydns-conf tinydns dnslog /etc/tinydns 127.0.0.1 # ./add-ns straz 172.16.144.132 # ./add-host candle.straz 172.16.144.129 Your authoritive NS is running on 127.0.0.1 but dnscache is forwarding to: # echo 172.16.144.129 /etc/dnscache/root/servers/straz Perhaps it should forward to 127.0.0.1 instead. On 2 March 2010 15:34, Jan malepa...@googlemail.com wrote: Hello, this is my first post on this list. I'm using OpenBSD for some weeks now. I read around thousand pages about OpenBSD in the last months and I'm happy to continue doing so. Unfortunately I've problems going on: I'd like to run a local djbdns server that creates a TLD inside my LAN. 1) I've installed daemontools, UCSPI-TCP and djbdns, using the guide from djbdnsrocks.org. 2) To configure djbdns I used the examples from ( www.mn-linux.org/meetings/pastnotes/djbdns.pdf): # dnscache-conf dnscache dnslog /etc/dnscache 172.16.144.132give back # ln -s /etc/dnscache /service/ # touch /etc/dnscache/root/ip/172.16.144 # echo 172.16.144.129 /etc/dnscache/root/servers/straz # echo 172.16.144.129 /etc/dnscache/root/servers/172.16.144.129.in-addr.arpa //== 172.16.144.129 is a Linux Box running apache # tinydns-conf tinydns dnslog /etc/tinydns 127.0.0.1 # ln -s /etc/tinydns /service/ # cd /etc/tinydns/root # ./add-ns straz 172.16.144.132 # ./add-host candle.straz 172.16.144.129 # make This solution doesn't work. The 'dig' command runs out of time. When I use the configuration describen on djbdnsrocks.org I'm able to use djbdns as dns-server. But when I want to add my own namespace, it doesn't work. In the last week, I tried several solutions, but nothing worked out for me. I would be happy if you can give me one or two buzzwords, about how to go on. Thanks! Jan
Re: Script to ping, traceroute a destination and record the time
2009/10/29 Kasper Adel karim.a...@gmail.com thanks all for answering. Traceroute will allow me to find out if during the short period of application disconnect is whether its an app problem or the network topology changes and where (which router) the packets couldnt get across. Cheers, Kim On Thu, Oct 29, 2009 at 4:43 PM, Toni Mueller openbsd-m...@oeko.net wrote: Hi, On Thu, 29.10.2009 at 16:26:49 +0200, Kasper Adel karim.a...@gmail.com wrote: I am trying to troubleshoot a problem that is totally random and the one idea that would help me is to have a bash script that will ping a few destinations every minute, then do a traceroute to these destinations, record the time and all that output in a file. then the whole process would repeat minute. I don't know what exactly you are going to do with the traceroute, which is both hard to implement, given your timing requirements, and tedious to evaluate, but if you could be content with pings and packet loss, I can recommend using Smokeping with aggressive settings, and/or some other things to trigger a traceroute in case of a problem. Kind regards, --Toni++ I am playing with hping to monitor changes in traceroutes. You can specify which hop you want to monitor to a certain destination: # /usr/local/sbin/hping -c 1 -1 --traceroute --tr-keep-ttl --ttl 4 openbsd.org HPING openbsd.org (vic0 199.185.137.3): icmp mode set, 28 headers + 0 data bytes hop=4 TTL 0 during transit from ip=149.6.129.97 name= vl250.mpd03.ams03.atlas.cogentco.com hop=4 hoprtt=9.5 ms As you can see hping will only output info about the 4th hop. Might be usefull. Regards, -- Frans
Re: Live OpenBSD Bootable i386 CD
2009/4/23 Andreas Bihlmaier andreas.bihlma...@gmx.de Hi On Sun, Apr 19, 2009 at 09:59:02AM -0700, new_guy wrote: I'm interested in building a live, bootable OpenBSD CD for forensics, cloning and data recovery. Basically, boot and try to automatically bring up any existing network interface. I'm not interesated in a GUI or play things... only good, old-fashioned Unix tools like dd, netcat, md5, etc. I've googled and found some older info about building live CDs from OpenBSD, but I wanted to ask misc to see what folks think... good idea or bad? If it seems a reasonable task and I am able to do it, I'd like to do it so that it is easy to follow -current. So when -current get's new hardware support, I can redo my live CD to take advantage of that. The is also (nearly) -current info on this subject: http://www.openbsd-wiki.org/index.php?title=LiveCD Will be updated for 4.5 once it is out. I think OpenBSD is a good choice for something like this as it is very simple and straight-forward, but again, I wanted to ask here for other's opinions before doing much. Would it be hard to create a LiveCD which helps us boot a LiveUSBstick on systems which do not support boot from USB ? Or perhaps its usefull to boot the same stick on systems with differnt device names ? This way only people who can't boot from USBstick by default need a LiveCD. Just a thought!
Re: OpenBGP load balancing between 2 ISP (multihoming)
ospf and bgp are designed to select the best possbile route and add that to the kernel routing table I think ;) I still think you could run 2 CARPs on both BGP routers and load balance on your firewalls. It means if one BGP router fails you will be load balancing your connections to the same BGP router.. 2008/10/8 BARDOU Pierre [EMAIL PROTECTED] Hello, I set up net.inet.ip.multipath to 1 I configured OSPF on the BGP routers to 'redistribute default' to FW's. 'ospfctl show rib' on FW's shows that they have two defaults routes, But 'ospfctl show fib' shows that only one is active. Besides a 'dirty' solution with ifstated which inserts multipath routes, and withdraw them when one link/router fails, I am running out of ideas... Someone has one ? Thanks -- Cordialement, Pierre BARDOU -Message d'origine- De : Mariusz Makowski [mailto:[EMAIL PROTECTED] Envoyi : mardi 7 octobre 2008 21:38 @ : Frans Haarman Cc : BARDOU Pierre; misc@openbsd.org Objet : Re: OpenBGP load balancing between 2 ISP (multihoming) Frans Haarman wrote: 2008/10/7 BARDOU Pierre [EMAIL PROTECTED] Hello, I am trying to set up a configuraion like this : +--- -+ +-+ | ISP1 | | ISP2 | Cisco | ROUTER | | ROUTER | | AS3215 | | AS12670 | +-+ +-+ || || +-+ +-+ | BGP | | BGP | | ROUTER | | ROUTER | OpenBSD 4.3 | AS47818 | | AS45818 | +-+ +-+ || || +-+ |217.109.108.240/28 | +-+ || || +++---+ | FW || FW | OpenBSD 4.3 | MASTER | pfsync | SLAVE | +++---+ || || +-+ | PRIVATE NETWORKS| +-+ I'd like to load balance outgoing connections to the internet, but I don't know how to configure openBGPd to do this. I searched a lot on the Internet and I found a lot of informations on how to do this with cisco, but I have never found an openBGP solution. Some people speak about it but I have never seen it. I made a test conf where failover works like a charm (using iBGP on the FW's with 'set nexhop self' on BGP routers), but when both connections are active only one is used. Would it be possible to help me please ? Is setting up iBGP sessions between FW's and BGP routers a good idea ? Should I rather use OSPF for this ? And in tha case how to configure it to loadbalance/failover ? Many thanks PS : loadbalancing incoming connections too would be very nice, but I understood it was much more difficult. -- Cordialement, Pierre BARDOU just wondering.. What happens when you load balance your traffic on your firewalls ? So you devide the traffic over both bgp routers: http://www.openbsd.org/faq/pf/pools.html maybe you could even do the route-to on the bgp routers ? something like: route-to { ($ext_if $ext_ISP1), ($local_if $BGP2 ) } round-robin from $lan_net to any keep state #and on the other bgp router route-to { ($ext_if $ext_ISP2), ($local_if $BGP1 ) } round-robin from $lan_net to any keep state Beware: I have no idea if any of this is possible. But thats what I'd try :) Gr. FH You might want to read about http://www.openbsd.org/faq/faq6.html#Multipath, although it's not bgp solution. I think with default configuration you should have multipath capability. Check if there is not localpref chosen, and check yours ISP prepends length. Regards, Mariusz Makowski
Re: OpenBGP load balancing between 2 ISP (multihoming)
2008/10/7 BARDOU Pierre [EMAIL PROTECTED] Hello, I am trying to set up a configuraion like this : +--- -+ +-+ | ISP1 | | ISP2 | Cisco | ROUTER | | ROUTER | | AS3215 | | AS12670 | +-+ +-+ || || +-+ +-+ | BGP | | BGP | | ROUTER | | ROUTER | OpenBSD 4.3 | AS47818 | | AS45818 | +-+ +-+ || || +-+ |217.109.108.240/28 | +-+ || || +++---+ | FW || FW | OpenBSD 4.3 | MASTER | pfsync | SLAVE | +++---+ || || +-+ | PRIVATE NETWORKS| +-+ I'd like to load balance outgoing connections to the internet, but I don't know how to configure openBGPd to do this. I searched a lot on the Internet and I found a lot of informations on how to do this with cisco, but I have never found an openBGP solution. Some people speak about it but I have never seen it. I made a test conf where failover works like a charm (using iBGP on the FW's with 'set nexhop self' on BGP routers), but when both connections are active only one is used. Would it be possible to help me please ? Is setting up iBGP sessions between FW's and BGP routers a good idea ? Should I rather use OSPF for this ? And in tha case how to configure it to loadbalance/failover ? Many thanks PS : loadbalancing incoming connections too would be very nice, but I understood it was much more difficult. -- Cordialement, Pierre BARDOU just wondering.. What happens when you load balance your traffic on your firewalls ? So you devide the traffic over both bgp routers: http://www.openbsd.org/faq/pf/pools.html maybe you could even do the route-to on the bgp routers ? something like: route-to { ($ext_if $ext_ISP1), ($local_if $BGP2 ) } round-robin from $lan_net to any keep state #and on the other bgp router route-to { ($ext_if $ext_ISP2), ($local_if $BGP1 ) } round-robin from $lan_net to any keep state Beware: I have no idea if any of this is possible. But thats what I'd try :) Gr. FH
ipsecctl psk usage
If you use an unqouted string as psk (pre-shared key) it can't start with a number so: fails: ike from any to any psk 123 works: ike from any to any psk 123 Same goes for the tag-strings. For most this is probably obvious, because it has to be a string right ? But not for me :P Regards, Frans
Re: ipsecctl psk usage
2008/9/8 Otto Moerbeek [EMAIL PROTECTED] On Mon, Sep 08, 2008 at 12:57:09PM +0200, Reyk Floeter wrote: hi! On Mon, Sep 08, 2008 at 12:33:20PM +0200, Frans Haarman wrote: If you use an unqouted string as psk (pre-shared key) it can't start with a number so: fails: ike from any to any psk 123 works: ike from any to any psk 123 it can start with a number, but it cannot be a number. so 123foo would be ok but not just 123. Same goes for the tag-strings. For most this is probably obvious, because it has to be a string right ? But not for me :P is there any problem with quoting the string? i think the normal approach is that quoting should be the default unless you have a string that also works without quotes. i mean we could fix this in ipsecctl (see diff below) but is it really required? and there is a problem with the attached diff that it normalizes the number, so a key 0123 would become 123. any other fix would require changes in the parser that is shared with many other tools and daemons in openbsd - it is probably just easier to use the quotes and to add a note in the manpage suggesting it. yes, i think it's just a manpage thing. Ambiguous stuff in the grammer oftemn leads to confusion and/or disaster. Yes I expected some mention of it in the manpage. I notice the same behaviour with pf.conf also (labels, tags). Gr. FH -Otto reyk Index: parse.y === RCS file: /cvs/src/sbin/ipsecctl/parse.y,v retrieving revision 1.138 diff -u -p -r1.138 parse.y --- parse.y 1 Jul 2008 14:31:37 - 1.138 +++ parse.y 8 Sep 2008 10:51:00 - @@ -275,7 +275,7 @@ typedef struct { %typev.typetype %typev.lifelife %typev.modephase1mode phase2mode -%typev.string tag +%typev.string tag numstr %% grammar : /* empty */ @@ -806,7 +806,7 @@ ikeauth : /* empty */ { $$.type = IKE_AUTH_RSA; $$.string = NULL; } - | PSK STRING{ + | PSK numstr{ $$.type = IKE_AUTH_PSK; if (($$.string = strdup($2)) == NULL) err(1, ikeauth: strdup); @@ -817,9 +817,20 @@ tag : /* empty */ { $$ = NULL; } - | TAG STRING + | TAG numstr { $$ = $2; + } + ; + +numstr : STRING + { + $$ = $1; + } + | NUMBER + { + if (asprintf($$, %lld, $1) == -1) + err(1, string: asprintf); } ;
Re: multiple bgpd ?
2008/7/13 Frank Habicht [EMAIL PROTECTED]: Hi misc, is it possible to run multiple bgpd instances on the same box? with different sockets (-s) and non-overlapping listen on and only one with fib-update yes ? doesn't seem to work here. no error message, all sessions only Active Maybe you need multiple routing tables for this to work ?
Re: bgp routing question
On Tue, Mar 25, 2008 at 4:31 PM, Fridiric Pli [EMAIL PROTECTED] wrote: Hi, I have an openbsd router with two ebgp peers. I have serveral prefixes to announce but I would like to know how I could influence outcoming traffic from each of my prefix. I did not understand how to use weight, localpref and metric nor filter rules to do that. I dont think you can use BGP to direct traffic based on scr network. You might using virtual routing tables, pf route-to and/or tagging ?
Re: HP Raid hardware
On Jan 22, 2008 11:59 AM, Max [EMAIL PROTECTED] wrote: Thanks for you answer. I know that hardware compatibilty page exists but drivers/hardware names are not really clear for me :| And does anyone know if HP SC40Ge SAS HBA RAID on Proliant DL160 G5 is supported ? You can find the supported controller details in the driver man pages!
Re: Is pf all I need to set up a gateway/router?
On Dec 20, 2007 11:23 AM, Sunnz [EMAIL PROTECTED] wrote: Hi, I am just trying to set up a wireless gateway/router using an old Mac with OpenBSD 4.2 installed... I have followed through the FAQ and set up my device, IP addresses, and DHCPD accordingly. Now I have come to this part of the FAQ: http://www.openbsd.org/faq/faq6.html#Setup.forward Which has a few suggestions for exactly what I wanted to do: routing packets... out of OpenBGPD, routed(8), mrtd, zebra, and quagga, I attempted to look up OpenBGPD and routed(8), but couldn't really get my head around, maybe because my lack of knowledge? OpenBGPD is great, use it. You might also want to look at OpenSPFD. Now, I have configured pf to have an extremely nat rule just to see if that works, and it does, I were able to my my packets across the network and stuff... although traceroute do seem a bit slow compared to my stock router that I brought some time ago... but I guess my question is, is pf all I need to get this router going? Or do I need to look into OpenBGPD or routed(8)? This is just for a small home network by the way, and I really just want to have more control over what my housemates can do, nothing in the level of enterprise ISP. OpenBGPD is to talk to other BGP routers. Otherwise you are fine using just pf. If you have nat working already, your box also does routing.. So I guess the question is what is not working ?
ipsec tunnels with same destination networks
Hi, Is it possible to have VPN tunnels which reach the same private networks ? Basicly I want to reach all the networks without having to renumber everything: ike esp from 10.200.0.0/16 to 192.168.1.0/16 peer 1.2.3.4 tag IPSEC-ONE ike esp from 10.200.0.0/16 to 192.168.1.0/16 peer 5.6.7.8 tag IPSEC-TWO rdr on bge0 from any to 10.0.1.0/24 tag NET-ONE - 192.168.1.0/24 bitmask rdr on bge0 from any to 10.0.2.0/24 tag NET-TWO - 192.168.1.0/24 bitmask nat on IPSEC-ONE from any to any nat on IPSEC-TWO from any to any pass in on bge0 route-to IPSEC-ONE tagged NET-ONE pass in on bge0 route-to IPSEC-TWO tagged NET-TWO I do this with vpnc tunnel devices now. I was hoping there is some hidden tunnel device with the ipsec ? I guess its hard to do the nat rules, because the devices might not exists when pf.conf is loaded.. thinking on this I dont think I can do anything but use gif tunnels ? We want to reach about 300 networks. In my current test config I have 30 scripts running. First line in the script is a tcpdump which waits for a packet for the destination network, then vpnc is started! Its a very exotic vpn gateway :] It does work!! and using labels I can even check if traffic is flowing through the tunnel and disable vpnc after a couple of minutes idle time. I am hoping people on this list have better ideas on how todo this!!! Thanks, Frans
Re: Straw men (Straw women too thx Hannah)
On Dec 17, 2007 3:14 PM, Karthik Kumar [EMAIL PROTECTED] wrote: Sorry, we are already overstocked on requests. Please try again next year. The Santa Claus Company, North Pole Dear Santa, Please cancel all our requests, I think the OpenBSD people deserve some extra attention this Christmas.
Re: Bernstein puts qmail in public domain
On Nov 30, 2007 9:38 AM, Matthew Dempsky [EMAIL PROTECTED] wrote: (Ugh, I wish I had noticed this message a few minutes earlier.) On 11/29/07, Tobias Weisserth [EMAIL PROTECTED] wrote: I just wanted to point out that D.J. Bernstein has put qmail in public domain. I'm not implying anything but wouldn't it be a perfect opportunity to get rid of sendmail (GNU GPL) and have qmail as the standard MTA in OpenBSD? qmail's security record is better and many OpenBSD users prefer it to sendmail. I'm interested seeing this happen and am willing to contribute patches if they stand a chance of being accepted. :-) I'd like to see puffy on www.openqmaild.org ;)
Re: Replace sendmail with qmail?
On Nov 30, 2007 9:27 AM, Matthew Dempsky [EMAIL PROTECTED] wrote: Dan Bernstein has placed qmail 1.03 into the public domain (see http://cr.yp.to/qmail/dist.html). Is there any interest in replacing sendmail with it to remove another component from the src/gnu/ hierarchy? This would be very cool. I am totally in love with qmail, it hasnt failed me yet. Did he change his djbdns license as well !?
changing active slice at boot
Just wondering... Has anyone ever thought of having 2 openbsd installations to boot from ? This way I could upgrade the installation on one slice/disk and boot from it! Then if the kernel would crash/reboot the other slice would be used for booting. So at boot time the active slice is changed, after booting its changed back if there are no troubles! Perhaps this is an ugly work around to most, but it might save my life when a system refuses to boot the active slice.. Most of this can be prevented with remote consoles or ILO stuff I guess! What do you think ? FUD ? ;)
Re: 4.2 Trouble with HP Notebook
On Nov 2, 2007 1:22 PM, Rafal Brodewicz [EMAIL PROTECTED] wrote: Frans Haarman pisze: The model is HP Compaq 6710b And indeed, enableing acpi crashes things! I have 6510b model and enabling acpi crashes system. The main problem in disabled acpi is that cpu fan doesn't respond to cpu temperature changes so it's very easy to overheat cpu. dmesg is in my previous post HP notebook fan issue. Probably acpi related thing. Try install amd64 version which works fine. i386 stops at MTRR for me too. This did work! Its running fine now. Thanks, Gr. FH
Re: 4.2 Trouble with HP Notebook
On Nov 2, 2007 1:24 PM, Rafal Brodewicz [EMAIL PROTECTED] wrote: Frans Haarman pisze: The model is HP Compaq 6710b And indeed, enableing acpi crashes things! I have 6510b model and enabling acpi crashes system. The main problem in disabled acpi is that cpu fan doesn't respond to cpu temperature changes so it's very easy to overheat cpu. dmesg is in my previous post HP notebook fan issue. Probably acpi related thing. Try install amd64 version which works fine. i386 stops at MTRR for me too. Will try this today! Thanks.
Re: 4.2 Trouble with HP Notebook
On Nov 1, 2007 6:51 PM, Valery Masiutsin [EMAIL PROTECTED] wrote: Hello,Frans ! What hp model do you have ? A lot of their models - models from nx line is a good example, have broken acpi tables in BIOS, it means you won't be able to get acpi working. Regards Valery The model is HP Compaq 6710b And indeed, enableing acpi crashes things!
4.2 Trouble with HP Notebook
Hello, I am trying to install 4.2 on my HP. It boots installs fine, but after the install the kernel stops at: pctr: 686-class user-level performance counters enabled mtrr: Pentium Pro MTRR support Then nothing, I waited for 15 minutes, then rebooted, reinstalled, but no luck. Anyway to disable that mtrr stuff ? Frans Haarman De Giessen Automatisering B.V. Technische Dienst Telefoon : (0184) 67 53 75 Fax : (0184) 61 12 46 E-mail : [EMAIL PROTECTED] Website : http://www.giessen.nl/ Algemeen Tel. : (0184) 67 54 00 KvK nr. : 23091032 d u i d e l i j k e t a a l !
Re: 4.2 Trouble with HP Notebook
Frans Haarman De Giessen Automatisering B.V. Technische Dienst Telefoon : (0184) 67 53 75 Fax : (0184) 61 12 46 E-mail : [EMAIL PROTECTED] Website : http://www.giessen.nl/ Algemeen Tel. : (0184) 67 54 00 KvK nr. : 23091032 d u i d e l i j k e t a a l ! -Oorspronkelijk bericht- Van: Tobias Ulmer [mailto:[EMAIL PROTECTED] Verzonden: donderdag 1 november 2007 16:08 Aan: Frans Haarman CC: misc@openbsd.org Onderwerp: Re: 4.2 Trouble with HP Notebook On Thu, Nov 01, 2007 at 03:19:11PM +0100, Frans Haarman wrote: Hello, I am trying to install 4.2 on my HP. It boots installs fine, but after the install the kernel stops at: pctr: 686-class user-level performance counters enabled mtrr: Pentium Pro MTRR support Then nothing, I waited for 15 minutes, then rebooted, reinstalled, but no luck. Anyway to disable that mtrr stuff ? you can't try - enable acpi, disable apm - disable pcibios Thanks for your reply, however acpi throws me into DDB :( I guess its time to start using the console cable and sending some usefull info! Thanks for your time.
Re: 4.2 Trouble with HP Notebook
On 11/1/07, Paul de Weerd [EMAIL PROTECTED] wrote: On Thu, Nov 01, 2007 at 03:19:11PM +0100, Frans Haarman wrote: | Hello, | | I am trying to install 4.2 on my HP. It boots installs fine, but after the | install the | kernel stops at: | | pctr: 686-class user-level performance counters enabled | mtrr: Pentium Pro MTRR support | | Then nothing, I waited for 15 minutes, then rebooted, reinstalled, but no | luck. | | Anyway to disable that mtrr stuff ? The same way you disable just about every driver out there At the boot prompt type : boot -c At the UKC prompt type : disable pctr disable mtrr quit This gives me can't disable pseudo device
Kernel crash after connecting NIC
This happend after connecting an network interface! It was previously connected to a HP SWitch, I moved the cable to a lan port on a Cisco PIX 501. The crash was almost instant I Think. It happend in a test lab I am setting up. So probably some config error on my side, but still I typed the ddb trace over from the screen, dont hold me too it. kernel: page fault trap, code =0 STopped at bge_encap+0xfd: movw 0x21e(%edx),%ax ddb bge_encap(d190d000,d7aa0800,d08d5dcc,0) at bge_encap+0xfd bge_encap(d190d030,d08d5df4,d02023c9,30) at bge_start+0x81 bgep_initr(d190d000) at bge_intr+0xe1 Xrecurse_legacy5() at Xrecurse_legacy5+0xad --- interrupt --- amp_cpu_idle(c0,d0799260,7fff,d033641b) at amp_cpu_idle+0x42 idle_loop(d08d5f00,4,d08d5f18,d0333706,d08d5f00) sleep_finish(d08d5f00,1,4,d06a1b8c,0) at sleep_finish+0x4d tsleep(d0799260,4,d06a1b8c,0) at tsleep+0x7a uvm_scheduler(d079923c,3,0,d0658570,2) at uvm_scheduler+0x1b main(0,0,0,0,0) at main+0x70f bgp02# cat aftercrash.dmesg OpenBSD 4.2-current (GENERIC) #405: Thu Sep 13 16:06:09 MDT 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Xeon(TM) CPU 3.00GHz (GenuineIntel 686-class) 3.01 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,CNXT-ID,CX16,xTPR real mem = 1073258496 (1023MB) avail mem = 1030098944 (982MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 12/31/99, BIOS32 rev. 0 @ 0xf, SMBIOS rev. 2.3 @ 0xec000 (73 entries) bios0: vendor HP version P54 date 02/14/2006 bios0: HP ProLiant DL360 G4p pcibios0 at bios0: rev 2.1 @ 0xf/0x2000 pcibios0: PCI BIOS has 7 Interrupt Routing table entries pcibios0: PCI Interrupt Router at 000:31:0 (Intel 6300ESB LPC rev 0x00) pcibios0: PCI bus #13 is the last bus bios0: ROM list: 0xc/0x8000 0xc8000/0x3600! 0xcb600/0x1600 0xee000/0x2000! acpi at mainbus0 not configured cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 Intel E7520 MCH rev 0x0c ppb0 at pci0 dev 2 function 0 Intel MCH PCIE rev 0x0c pci1 at ppb0 bus 13 ppb1 at pci0 dev 4 function 0 Intel MCH PCIE rev 0x0c pci2 at ppb1 bus 6 ppb2 at pci2 dev 0 function 0 Intel PCIE-PCIE rev 0x09 pci3 at ppb2 bus 7 ppb3 at pci2 dev 0 function 2 Intel PCIE-PCIE rev 0x09 pci4 at ppb3 bus 10 ppb4 at pci0 dev 6 function 0 Intel MCH PCIE rev 0x0c pci5 at ppb4 bus 3 ppb5 at pci0 dev 28 function 0 Intel 6300ESB PCIX rev 0x02 pci6 at ppb5 bus 2 bge0 at pci6 dev 2 function 0 Broadcom BCM5704C rev 0x10, BCM5704 B0 (0x2100): irq 5, address 00:18:fe:30:f7:08 brgphy0 at bge0 phy 1: BCM5704 10/100/1000baseT PHY, rev. 0 bge1 at pci6 dev 2 function 1 Broadcom BCM5704C rev 0x10, BCM5704 B0 (0x2100): irq 5, address 00:18:fe:30:f7:07 brgphy1 at bge1 phy 1: BCM5704 10/100/1000baseT PHY, rev. 0 uhci0 at pci0 dev 29 function 0 Intel 6300ESB USB rev 0x02: irq 5 uhci1 at pci0 dev 29 function 1 Intel 6300ESB USB rev 0x02: irq 5 Intel 6300ESB WDT rev 0x02 at pci0 dev 29 function 4 not configured Intel 6300ESB APIC rev 0x02 at pci0 dev 29 function 5 not configured ehci0 at pci0 dev 29 function 7 Intel 6300ESB USB rev 0x02: irq 5 usb0 at ehci0: USB revision 2.0 uhub0 at usb0: Intel EHCI root hub, rev 2.00/1.00, addr 1 ppb6 at pci0 dev 30 function 0 Intel 82801BA AGP rev 0x0a pci7 at ppb6 bus 1 vga1 at pci7 dev 3 function 0 ATI Rage XL rev 0x27 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) Compaq iLO rev 0x01 at pci7 dev 4 function 0 not configured Compaq iLO rev 0x01 at pci7 dev 4 function 2 not configured ichpcib0 at pci0 dev 31 function 0 Intel 6300ESB LPC rev 0x02: 24-bit timer at 3579545Hz pciide0 at pci0 dev 31 function 1 Intel 6300ESB IDE rev 0x02: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility pciide0: channel 0 disabled (no drives) pciide0: channel 1 disabled (no drives) pciide1 at pci0 dev 31 function 2 Intel 6300ESB SATA rev 0x02: DMA, channel 0 configured to native-PCI, channel 1 configured to native-PCI pciide1: using irq 7 for native-PCI interrupt wd0 at pciide1 channel 0 drive 0: ST3250624AS wd0: 16-sector PIO, LBA48, 238475MB, 488397168 sectors wd0(pciide1:0:0): using PIO mode 4, Ultra-DMA mode 5 wd1 at pciide1 channel 1 drive 0: ST3250624AS wd1: 16-sector PIO, LBA48, 238475MB, 488397168 sectors wd1(pciide1:1:0): using PIO mode 4, Ultra-DMA mode 5 usb1 at uhci0: USB revision 1.0 uhub1 at usb1: Intel UHCI root hub, rev 1.00/1.00, addr 1 usb2 at uhci1: USB revision 1.0 uhub2 at usb2: Intel UHCI root hub, rev 1.00/1.00, addr 1 isa0 at ichpcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pms0 at pckbc0 (aux slot) pckbc0: using irq 12 for aux slot wsmouse0 at pms0 mux 0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker spkr0 at pcppi0 npx0 at isa0 port 0xf0/16: reported by
vlan hostname.if problem
Hello, Several times I have noticed my vlan not getting an IP when I use vlan 1 vlandev bge0 10.3.3.1 255.255.255.252 10.3.3.3 It works everytime when I use: vlan 1 vlandev bge0 10.3.3.1 255.255.255.252 10.3.3.3 It seems the interface must be created first before the assining IP can be done ? This makes sense to me! I think it might be worth mentioning in hostname.ifman page!
Compaq 6710b
My boss gave me a laptop! Its a Compaq 6710b. I am hoping someone is running OpenBSD on it. I couldnt boot the cd41.iso properly. Anyone running similar laptop ?
Re: Compaq 6710b
On 7/18/07, nicodache [EMAIL PROTECTED] wrote: what do you mean by couldn't boot the cd41.iso proprerly ? did you get any error message, any kernel panic, or things like that ? for info to the other RpenBSD-misc reader, this laptop seems to be more than recent, with hardware like Core 2 duo 7300, GB965, SATA drive, X3100 (Intel gpu), broadcom netlink GigE... On 7/18/07, Frans Haarman [EMAIL PROTECTED] wrote: My boss gave me a laptop! Its a Compaq 6710b. I am hoping someone is running OpenBSD on it. I couldnt boot the cd41.iso properly. Anyone running similar laptop ? It hangs somewhere when booting the kernel. I figured I check here first for known problems. Searches came up empty. I will post some more detailed info when I have the time to play with the machine!
Monitoring with labels
Hello, I was wondering about using pf to monitor what is happening on our network. The idea is to connect a pf machine to the management port on the switch. I am building some rules to monitor certain protocols for all IP adresses connected to our network: pass in proto tcp from src_ip to dest_server port=protocl label src_ip_protocol pass in proto tcp from 10.10.1.1 to 10.200.1.1 port=80 label 10_10_1_1_HTTP pass in proto tcp from 10.10.1.2 to 10.200.1.1 port=80 label 10_10_1_2_HTTP pass in proto tcp from 10.10.1.3 to 10.200.1.1 port=80 label 10_10_1_3_HTTP . I think I will end up with over 2000 rules. But maybe much more. Is this something doable with pf or am I totally abusing the labeling features ? For me it seems like a quick way to get protocol statistics per connected ip going towards our servers... however I have no idea if it will work with lots of traffic ips! I am hoping some of you are doing similar things ?
pf logging tags and labels ?
Can I somehow see if a label or tag was applied to a certain packet in pflog ?
pf log question
# tcpdump -e -ttt -n -i pflog0 tcpdump: WARNING: pflog0: no IPv4 address assigned tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on pflog0, link-type PFLOG (OpenBSD pflog file), capture size 96 bytes 00 rule 4294967295/unkn(8): pass in on bge0: 172.16.10.89 224.0.0.22: igmp v3 report, 1 group record(s) 001063 rule 4294967295/unkn(8): pass in on bge0: 172.16.10.89 224.0.0.22: igmp v3 report, 1 group record(s) 875640 rule 4294967295/unkn(8): pass in on bge0: 172.16.10.89 224.0.0.22: igmp v3 report, 1 group record(s) I dont remember setting any log options in PF! But this is what I get Am I supposed to see this or is my setup broken ? ;)
Re: pf log question
On 2/27/07, Gustavo Rios [EMAIL PROTECTED] wrote: Could you send your pf.conf entirely? On 2/27/07, Frans Haarman [EMAIL PROTECTED] wrote: # tcpdump -e -ttt -n -i pflog0 tcpdump: WARNING: pflog0: no IPv4 address assigned tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on pflog0, link-type PFLOG (OpenBSD pflog file), capture size 96 bytes 00 rule 4294967295/unkn(8): pass in on bge0: 172.16.10.89 224.0.0.22: igmp v3 report, 1 group record(s) 001063 rule 4294967295/unkn(8): pass in on bge0: 172.16.10.89 224.0.0.22: igmp v3 report, 1 group record(s) 875640 rule 4294967295/unkn(8): pass in on bge0: 172.16.10.89 224.0.0.22: igmp v3 report, 1 group record(s) I dont remember setting any log options in PF! But this is what I get Am I supposed to see this or is my setup broken ? ;) rdr-anchor bge0-rdr nat-anchor bge0-nat #rdr on bge0 from any to 10.110.1.1 tag tun0 - 192.168.1.1 #nat on tun0 inet from any to 192.168.1.1 - tun0 #pass in log on bge0 route-to tun0 tagged tun0 keep state anchor bge0-rules This happend when playing with anchors. It seems to me the anchors did not get flushed when I restarted PF! I am now thinking an old anchor rule was responisble for this behaviour. I do not understand however how this whole anchor stuff works, investigating a bit further: DEVEL# pfctl -a bge0-rdr -s nat rdr on bge0 inet from any to 10.110.1.1 tag tun1 - 192.168.1.1 DEVEL# pfctl -a all -F nat nat cleared DEVEL# pfctl -a bge0-rdr -s nat rdr on bge0 inet from any to 10.110.1.1 tag tun1 - 192.168.1.1 DEVEL# pfctl -F nat nat cleared DEVEL# pfctl -a bge0-rdr -s nat rdr on bge0 inet from any to 10.110.1.1 tag tun1 - 192.168.1.1 It would be nice to know how I flush all Anchors! I am using the PF which comes with FreeBSD-6.1-RELEASE. I will try to test it on openbsd when I can. Dont know if there have been any changes to pf anchors! Gr. FH
Re: pf route-to rdr
On 2/14/07, Frans Haarman [EMAIL PROTECTED] wrote: when routing packets to another interface, is it then possible to do redirection for those packets on the other interface ? I am trying to: - route subnets to a tunnel - redirect the subnets to private ip 10.100.1.1 bge0 --- route-to --- tun0 --- rdr 10.100.1.1 - 192.168.1.1 I am seeing mostly 2007-02-14 15:29:43.043821 rule 1/0(match): pass out on tun0: 172.16.11.24 10.100.1.1: ICMP echo request, id 512, seq 20225, length 40 So no rdr. Its probably supposed to work like this, but I lack some pf understanding I guess.. if someone could drop some hints it would be nice. Test box is freebsd btw. If above setup will work on openbsd with multiple routing tables, etc, etc, please let me know. #Redirect 10.100.1.1 to CLIENT_A's 192.168.1.1 rdr on bge0 from any to 10.100.1.1 tag CLIENT_A - 192.168.1.1 #Do nat on CLIENT_A tunnel nat on tun0 from any to 192.168.0.0/16 - tun0 #Pass packets for CLIENT_A to their tunnel pass in log on bge0 route-to tun0 tagged CLIENT_A keep state This seems to work! I am quite happy with it. Cheers, Gr. FH
staticroutes bgpd
How does bgpd handle routes it learns which are already a staticroute in the kernel ? We want the staticroute to be used if we do not learn the same route via bgp. Possible somehow ? Thanks, Gr. FH
bgpd questions
Hi! We are wondering about a certain bgp setup. We want to announce some private networks to a select group of neighhbors. Is it possible to define multiple networks in bgp.conf ? Can I choose which networks get announced to which neighbors ? I ask this because the manual states I can announce self, none, default-route, all. I am hoping I can use communities and or filters to achieve what I want. Any pointers/example configs would be nice. Regards, Frans
Re: bgpd questions
On 12/28/06, Claudio Jeker [EMAIL PROTECTED] wrote: This is a more complex setup. In such cases it is best to add networks with a community tag network 10.1.2/24 set community $as:123 and filter on these communities later on to allow or deny the prefix. Right. Thanks for both replies. Will report my findings when we have things running. Curious: Is there an OpenBGPD FAQ in the making ? I am sure you are all bgp guru's and what not, but I am a simple chela and need instructions ;p Regards, Frans
questions about performance - ipsec - pf
Greetings, The idea is to switch to OpenBSD for our BGP D/PF. In the future we will get Gigabit connections so I am concerned about performance! The idea is to have 2 carped boxes voor OpenBGPD and Packetfilter. Then behind that 2 carped boxes for IPSEC Packetfilter (future) I am assuming with currentday hardware this should be a breeze for the machines. But I'd love to hear from people filtering gigabit and what to be aware off when setting it up Another thing I wonder about is how many VPN connections can a box handle ? If we would switch to an openbsd server and small (redundant carped ) soekris vpn gateways what would be the maximum ? When does CPU/memory become an issue ? I imagine we'd use a 3ghz box with 1GB of memory (2GB if needed). Last thing I am wondering about is some sort of backup route for my IPSEC tunnels. I know we can do dual-homed with Packetfilter, it would be neat to have a backup route for our clients vpn over another DSL line. Any pointers are welcome! Regards, Frans
Re: webbased authpf ?
On 9/18/06, Brian Shackelford [EMAIL PROTECTED] wrote: While a web-based solution would be more than ideal - I think what I have will work. What our clients need is a piece of software that doesn't require much user interaction - even Putty would be hard to convince them to use. So we hide everything behind a pretty GUI and do the same things through a custom written app. Please feel free to tear my every simple plan to shredsI can take it. My current plan is to create some small wrapper for the plink.exe program. The website will publish an temporary-session.ssh file with an either OneTime password or an private key (which will be removed at some point). Its probably smartest to use one time passwords ? The small wrapper tool will open the .ssh file, start plink with nessecary paramters, and logon to an authpf shell. Maybe have the wrapper program detect some proxy settings and we'll have a nice web gateway!
Re: webbased authpf ?
On 9/19/06, chris barry [EMAIL PROTECTED] wrote: Q: if the website gives away the password/key, how do you limit access? Is there some generic login, published in the company (like on the conference room wall), used first to get this session data? How would this login data be secured wirelessly? ssl? A: The idea is a https website which authenticates against a server inside the network.
webbased authpf ?
Is there someting which does Authpf like things, only via a website ? So the users authenticates on the website, then the firewall rules are loaded! Another idea I have is to simply have users authenticate, then they can download a ssh key with which they can login.
When todo ALTQ
We have 100Mbit connetion at work. I am wondering if it is every wise to start shaping the connection ? We never get more then 20mbit peaks, so it seems to me we have enough 'room' todo without shaping. But I see alot of people give the ACK packets preference, maybe we could benefit from this also... if anyone could shed some clue on this gaping whole of ignorance I have it would be appriaciated ;) Thanks, Frans
vpn gateway question
I have a quick question. I want to try to setup a vpn gateway. It would need vpn connections with several clients (using the same subnets!!). I want to somehow map each vpn connection to another IP range, so we can contact all networks at the same time. I think I can accomplish this using NAT or bidirectional mappings ? I do not know however if its possible to create several vpn connections which have the same network on the otherside. Is this possible ?! Most clients use 192.168.1.x. For each client I want to define a 10.1.1.x and map all addresses to the 192.168.1.x range of that client. Somthing like: 10.1.1.x 192.168.1.x 10.2.2.x 192.168.1.x 10.3.3.x 192.168.1.x But it looks like this would mess up routing tables. How would you do this ?! Is it even possible ? Regards, Frans