Two typos on the website

2014-05-10 Thread Guido Tschakert 
Hello,

while going through the upgrade guide for 5.5 I found two typos on the website:

In upgrade55.html it shoud read and remove them from /etc/inetd.conf
instead /etc/identd.conf

In faq4.html in section 4.3.4 (creating a bootable install flash drive)
I found another typo. The raw device in the dd command shoud read /dev/rsd6c
instead of rsd4c, as in the text the example is sd6.


have a nice day


  guido


Here are the diffs:

upgrade55.html:

--- upgrade55.html  2014-05-07 04:48:08.0 +0200
+++ upgrade55.html.new  2014-05-10 13:57:40.608551035 +0200
@@ -182,7 +182,7 @@
 The new version runs as a daemon, rather than from
 a 
href=http://www.openbsd.org/cgi-bin/man.cgi?query=inetdamp;sektion=8;inetd(8)/a.
 So, you will need to set your desired flags in tt/etc/rc.conf.local/tt
-and remove them from tt/etc/identd.conf/tt.
+and remove them from tt/etc/inetd.conf/tt.

 p
 a name=pfqueue/a


faq4.html:

--- faq4.html   2014-05-02 22:30:31.0 +0200
+++ faq4.html.new   2014-05-10 14:20:14.011095639 +0200
@@ -487,7 +487,7 @@
 p
 Here is an OpenBSD example, assuming the device was recognized as sd6:
 table border=0 width=90%trtd nowrap bgcolor=#EEpre
-  # dd if=/location/install55.fs of=/dev/rsd4c bs=1m
+  # dd if=/location/install55.fs of=/dev/rsd6c bs=1m
 /pre/td/tr/table
 Details of this will vary on other platforms -- the important things are:
 ul

Re: OpenBSD changes virtual nic driver in vmware workstation?

2012-08-13 Thread Guido Tschakert 
Am 13.08.2012 09:42, schrieb C. L. Martinez:
 Hi all,
 
  I am trying to do some tests with OpenBSD 5.1 and FreeBSD 9.1 beta in
 my laptop virtual lab based on vmware workstation 8. But I have found
 a problem when I try to configure OpenBSD vms: I can't use e1000
 driver with these OpenBSD vms. I have tried to setup these OpenBSD vms
 as FreeBSD virtual guests, as Other, as RHEL, etc ... (and yes, I have
 changed .vmx config file to ethernetX.virtualDriver = e1000 every
 time) but when OpenBSD boots, every time change virtual nic driver to
 vicX  (in .vmx config appears as a vlance, the worst driver
 possible)...
 
  After doing several tests, like installing FreeBSD to see if same
 problem occurs, I conclude that the problem may be with OpenBSD ifself
 making the change, is it right??
 
  Curiously, I have five OpenBSD vms under two ESXi servers, and this
 problem doesn't appears: I can use e1000 configuring OpenBSD vms as
 FreeBSD guest or Other ...
 
  Any idea??
 

Hmm,

I have some OBSD 5.1 Testmachines running under vmware Workstation 8.0.4
on a linux host.

They work all with Network-Driver e1000. I did not do any configuration,
it just worked out of the box. But I think, if your system puts it back
to vlance instead of e1000, it is a problem of vmware and not of Openbsd.

guido

Re: pf and includes

2011-11-30 Thread Guido Tschakert 
Am 30.11.2011 09:22, schrieb Peter Hallin:
 Hello,
 
 I have some issues with pf.conf and includes that perhaps someone could
 shed some light on.
 
 Where I work, we use bridging firewalls with multiple tagged vlans 
 passing the bridges, and filtering is done on the vlan interfaces. 
 Normally we have around 10-20 vlans on each machine, and we have a LOT 
 of rules in pf.conf. To make configuration a little easier I'm beginning
 to look at how to separate the vlans into multiple configs, one for each
 vlan, and then include them all from pf.conf.
 
 I would want to have all macros, options and rules for each vlan in a
 separate file, but also i would like to use macros from one config in 
 rules in another file. To clarify what I'm getting at, here's an
 example:
 
 ##
 
 /etc/vlan500.conf:
 
 DB=192.168.0.10/32
 
 block log on vlan500
 pass in quick on vlan500 from $Webserver to $DB port 3306
 pass out on vlan500
 
 ##
 
 /etc/vlan1000.conf:
 
 Webserver=192.168.1.20/32
 
 block log on vlan1000
 pass in quick on vlan1000 from any to $Webserver port 80
 pass out on vlan1000
 
 ##
 
 /etc/pf.conf
 
 include /etc/vlan500.conf
 include /etc/vlan1000.conf
 
 ##
 
 The above example would not work, as pfctl will look at the rules in
 vlan500.conf before looking at the macros in vlan1000.conf and it will 
 throw an error that the $Webserver macro is not defined.
 
 If I change the order of the includes in pf.conf, it will work, but of 
 course of I try to use macros from vlan1000.conf for rules in 
 vlan500.conf, the problem will arise again.
 
 One way to solve it would be to put all the macros in, say,
 /etc/vlan500-macros.conf and /etc/vlan1000-macros.conf and make sure
 they are included before the rules in pf.conf, but that seems
 inconvenient to me.
 
 What is the common practice for using includes? Is there a way to get 
 pfctl to read ALL macros from ALL files before looking at the rules?
 
 I would be happy to hear some suggestions.
 
 Thanks, Peter
 

How about a definition.conf with all your (Name,IP-Adress)-Pairs which
is included first in your pf.conf, so your vlan.confs only include
the rules but no definitions.

guido

Re: Bridging and ESXi

2011-11-23 Thread Guido Tschakert 
Am 24.11.2011 05:16, schrieb Brian Hechinger:
 On Nov 23, 2011, at 19:45, Josh Grosse j...@jggimi.homeip.net wrote:
 
 On Wed, Nov 23, 2011 at 04:41:09PM -0500, Brian Hechinger wrote:

 Anyone know where I should be looking here to figure out why this
 isn't working?

 Brian, I don't know if you've received other advice yet, but the key here is
 to -post- configuration information.  For example, your dmesg and your
 hostname.bridge0 config file.  That way, people can look at your
 configuration
 rather than guessing.
 
 You are correct. I was rushing out the door and in turn rushed my email. That
 was wrong of me.
 
 I'll guess your configuration is missing an up ifconfig setting, which I
 recall is explictly required for the bridge to forward packets.  See the
 BRIDGE section in the ifconfig(8) man page.
 
 Unfortunately you would be wrong. I should have prefaced my email at the very
 least with the fact that I have setup bridging openbsd boxes before and do
 know how to do it as well as the fact that we beat all the basics to death in
 #openbsd on FreeNode.
 
 hostname.em1:
 up
 
 hostname.em2:
 up
 
 hostname.bridge0:
 add em1
 add em2
 up
 
 Stock pf.conf.
 
 I can copy and paste the output of ifconfig tomorrow but you won't see
 anything unusual there.
 
 Playing around a bit more by putting logging on pf it looks like the packets
 aren't making it to the openbsd box so this could very well be a VMware
 issue.
 
 Unless openbsd is dropping them before pf gets them but that strikes me as
 rather unlikely.
 
 -brian
 
Hello,

I don't think it's a OpenBSD Problem.

How does the vswitch configs look?

I believe (I don't know because you tell not exactly)  you have 2
vswitches, both connected with your OpenBSD machine. Do you have 2 other
machines, one connected vswitch0 and the other one with vswitch1?
Also I believe, that you use the same IP-Range on both vswitches.
Have you defined the IP-Range on both switches?
Vswitches are normally really stupid, but VmWare has put some sort of
intelligence in them, so maybe the vswitches work together, if both
have the same ip range defined and packets go direct from one machine to
another without passing your bridge.

To be honest. I think this question is for a vmware mailing list.

guido

Driver vmt having trouble with automated snapshots in vSphere

2011-10-19 Thread Guido Tschakert 
Hello,

2 weeks ago I updated a virtual openbsd test machine from 4.8 to 4.9. It
came with the new vmt driver from dlg@ which is is a nice and useful
feature.
But now I saw that it does not work properly with functions in vSphere
which uses automated snapshots. (I testet it with VMware Data Recovery
and cloning)
In both cases I get Protocol error from VMX.

Disabling vmt in the kernel is a workaround for the problem.

I saw that there was no further development in the driver (looked at
http://openbsd.org/plus.html) but maybe someone is interested to have a
deeper look as I am not the only person having this issue (
http://communities.vmware.com/thread/317068 )

For now (and maybe until the end of computers ;-) ) I will live without
this driver as it is a nice to have and not a must have.

thanks

  guido

Here comes the dmesg with diabled vmt:

OpenBSD 4.9 (GENERIC) #671: Wed Mar  2 07:09:00 MST 2011
dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Xeon(R) CPU E5520 @ 2.27GHz (GenuineIntel 686-class)
2.27 GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,SSE3,SSSE3,CX16,SSE4.1,SSE4.2,POPCNT
real mem  = 267939840 (255MB)
avail mem = 253427712 (241MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 10/13/09, BIOS32 rev. 0 @ 0xfd780,
SMBIOS rev. 2.4 @ 0xe0010 (98 entries)
bios0: vendor Phoenix Technologies LTD version 6.00 date 10/13/2009
bios0: VMware, Inc. VMware Virtual Platform
acpi0 at bios0: rev 2
acpi0: sleep states S0 S1 S4 S5
acpi0: tables DSDT FACP BOOT APIC MCFG SRAT
acpi0: wakeup devices PCI0(S3) USB_(S1) P2P0(S3) S1F0(S3) S2F0(S3)
S3F0(S3) S4F0(S3) S5F0(S3) S6F0(S3) S7F0(S3) S8F0(S3) S9F0(S3) Z00P(S3)
Z00Q(S3) Z00R(S3) Z00S(S3) Z00T(S3) Z00U(S3) Z00V(S3) Z00W(S3) Z00X(S3)
Z00Y(S3) Z00Z(S3) Z010(S3) Z011(S3) Z012(S3) Z013(S3) Z014(S3) Z015(S3)
Z016(S3) Z017(S3) Z018(S3) Z019(S3) Z01A(S3) Z01B(S3) P2P1(S3) S1F0(S3)
S2F0(S3) S3F0(S3) S4F0(S3) S5F0(S3) S6F0(S3) S7F0(S3) S8F0(S3) S9F0(S3)
Z00P(S3) Z00Q(S3) Z00R(S3) Z00S(S3) Z00T(S3) Z00U(S3) Z00V(S3) Z00W(S3)
Z00X(S3) Z00Y(S3) Z00Z(S3) Z010(S3) Z011(S3) Z012(S3) Z013(S3) Z014(S3)
Z015(S3) Z016(S3) Z017(S3) Z018(S3) Z019(S3) Z01A(S3) Z01B(S3) P2P2(S3)
S1F0(S3) S2F0(S3) S3F0(S3) S4F0(S3) S5F0(S3) S6F0(S3) S7F0(S3) S8F0(S3)
S9F0(S3) Z00P(S3) Z00Q(S3) Z00R(S3) Z00S(S3) Z00T(S3) Z00U(S3) Z00V(S3)
Z00W(S3) Z00X(S3) Z00Y(S3) Z00Z(S3) Z010(S3) Z011(S3) Z012(S3) Z013(S3)
Z014(S3) Z015(S3) Z016(S3) Z017(S3) Z018(S3) Z019(S3) Z01A(S3) Z01B(S3)
P2P3(S3) S1F0(S3) S2F0(S3) S3F0(S3) S4F0(S3) S5F0(S3) S6F0(S3) S7F0(S3)
S8F0(S3) S9F0(S3) Z00P(S3) Z00Q(S3) Z00R(S3) Z00S(S3) Z00T(S3) Z00U(S3)
Z00V(S3) Z00W(S3) Z00X(S3) Z00Y(S3) Z00Z(S3) Z010(S3) Z011(S3) Z012(S3)
Z013(S3) Z014(S3) Z015(S3) Z016(S3) Z017(S3) Z018(S3) Z019(S3) Z01A(S3)
Z01B(S3) PE40(S3) S1F0(S3) PE50(S3) S1F0(S3) PE60(S3) S1F0(S3) PE70(S3)
S1F0(S3) PE80(S3) S1F0(S3) PE90(S3) S1F0(S3) PEA0(S3) S1F0(S3) PEB0(S3)
S1F0(S3) PEC0(S3) S1F0(S3) PED0(S3) S1F0(S3) PEE0(S3) S1F0(S3) PE41(S3)
S1F0(S3) PE42(S3) S1F0(S3) PE43(S3) S1F0(S3) PE44(S3) S1F0(S3) PE45(S3)
S1F0(S3) PE46(S3) S1F0(S3) PE47(S3) S1F0(S3) PE51(S3) S1F0(S3) PE52(S3)
S1F0(S3) PE53(S3) S1F0(S3) PE54(S3) S1F0(S3) PE55(S3) S1F0(S3) PE56(S3)
S1F0(S3) PE57(S3) S1F0(S3) PE61(S3) S1F0(S3) PE62(S3) S1F0(S3) PE63(S3)
S1F0(S3) PE64(S3) S1F0(S3) PE65(S3) S1F0(S3) PE66(S3) S1F0(S3) PE67(S3)
S1F0(S3) PE71(S3) S1F0(S3) PE72(S3) S1F0(S3) PE73(S3) S1F0(S3) PE74(S3)
S1F0(S3) PE75(S3) S1F0(S3) PE76(S3) S1F0(S3) PE77(S3) S1F0(S3) PE81(S3)
S1F0(S3) PE82(S3) S1F0(S3) PE83(S3) S1F0(S3) PE84(S3) S1F0(S3) PE85(S3)
S1F0(S3) PE86(S3) S1F0(S3) PE87(S3) S1F0(S3) PE91(S3) S1F0(S3) PE92(S3)
S1F0(S3) PE93(S3) S1F0(S3) PE94(S3) S1F0(S3) PE95(S3) S1F0(S3) PE96(S3)
S1F0(S3) PE97(S3) S1F0(S3) PEA1(S3) S1F0(S3) PEA2(S3) S1F0(S3) PEA3(S3)
S1F0(S3) PEA4(S3) S1F0(S3) PEA5(S3) S1F0(S3) PEA6(S3) S1F0(S3) PEA7(S3)
S1F0(S3) PEB1(S3) S1F0(S3) PEB2(S3) S1F0(S3) PEB3(S3) S1F0(S3) PEB4(S3)
S1F0(S3) PEB5(S3) S1F0(S3) PEB6(S3) S1F0(S3) PEB7(S3) S1F0(S3) SLPB(S4)
LID_(S4)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: apic clock running at 65MHz
ioapic0 at mainbus0: apid 1 pa 0xfec0, version 11, 24 pins
acpimcfg0 at acpi0 addr 0xe000, bus 0-255
acpiprt0 at acpi0: bus 0 (PCI0)
acpicpu0 at acpi0
acpibat0 at acpi0: BAT1 not present
acpibat1 at acpi0: BAT2 not present
acpiac0 at acpi0: AC unit online
acpibtn0 at acpi0: SLPB
acpibtn1 at acpi0: LID_
bios0: ROM list: 0xc/0x8000 0xc8000/0x1e00! 0xca000/0x1000
0xdc000/0x4000! 0xe/0x4000! 0xee200/0x1e00!
vmt at mainbus0 not configured
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 0 function 0 Intel 82443BX AGP rev 0x01
ppb0 at pci0 dev 1 function 0 Intel 82443BX AGP rev 0x01
pci1 at ppb0 bus 1
piixpcib0 at pci0 dev 7 function 0 Intel 82371AB PIIX4 ISA rev 0x08
pciide0 at pci0 dev 7 function 1 Intel 82371AB IDE rev 0x01:

Re: OpenBSD bridge setup

2010-11-06 Thread Guido Tschakert 
Am 06.11.2010 03:23, schrieb James A. Peltier:
 Problem Description:
 
 I'm trying to filter VLANs on the bridge.  However, when enabling VLAN 
 devices on the em1 interface the bridge does not work.
 
Hello
 
 Test Setup:
 
 
 The 2910AL-24G port 19 has its ports configured as TAGGED for VLAN 300 and 
 VLAN 302 with no other VLANs are enabled on this port.  This cable enters the 
 bridge via em0 of the bridge and em1 connects to port 1 on the HP5304XL which 
 is configured for TAGGED VLAN 300 and VLAN 302.  Port two is configured as 
 VLAN 300 UNTAGGED.
 
 HP2910AL-24G (port 19) --- OpenBSD Bridge --- HP 5304XL (port 1)
 
 OS - OpenBSD 4.8-beta (GENERIC.MP) #259: Tue Aug  3 09:06:37 MDT 2010
 (no difference with newer versions)
 PF - Disabled
 
 Two physical interfaces
 
 em0
 em1
 
 VLAN devices
 # cat /etc/hostname.vlan300
 vlan 300 vlandev em1
 
 # cat /etc/hostname.vlan302
 vlan 302 vlandev em1
 
 cat /etc/hostname.em0
 up
 
 cat /etc/hostname.em1
 up
 
 

Make also 2 corresponding vlan devices on em1 (they must have different
names then vlan300 and vlan302, but the same vlan tag )
hostname.vlan300:
vlan 300 vlandev em0
hostname.vlan302:
vlan 302 vlandev em0
hostname.vlan1300:
vlan 300 vlandev em1
hostname.vlan1302:
vlan 302 vlandev em1


 Working configuration but without filtering.
 =
 cat /etc/hostname.bridge0
 add em0
 add em1
 up
 

Make 2 bridges, one for vlan tag 300 and one for tag 302.
Bridge0:
add vlan300
add vlan1300
up

Bridge1:
add vlan302
add vlan1302
up

Now you should be able to filter on bridge0 (vlan 300) and bridge1 (vlan
302).


guido

 With this configuration and no VLAN devices created the bridge works and the 
 tags are passed appropriately, however I am unable to filter the traffic on 
 the VLANs.
 
 dhclient eth0 on client works fine
 pinging out works fine
 
 Non-Working configuration with hopes of filtering
 ==
 
 However, as soon as I create the vlan300 devices with a parent of em1 the 
 bridge stops functioning and the client on HP5304XL Port 2 (UNTAGGED VLAN 
 300) stops functioning.  This remains the same even if I add the vlan300 and 
 vlan302 devices to the bridge.
 
 dhclient stops working
 ping is dead
 
 
 I'm stumped here.  Any ideas?
 --
 James A. Peltier
 Systems Analyst (FASNet), VIVARIUM Technical Director
 Simon Fraser University - Burnaby Campus
 Phone   : 778-782-6573
 Fax : 778-782-3045
 E-Mail  : jpelt...@sfu.ca
 Website : http://www.fas.sfu.ca | http://vivarium.cs.sfu.ca
   http://blogs.sfu.ca/people/jpeltier
 MSN : subatomic_s...@hotmail.com

Re: HA: pair of firewalls, 2 switches and 1 server

2010-05-19 Thread Guido Tschakert 
Axel Rau schrieb:
 Am 18.05.2010 um 14:11 schrieb Guido Tschakert:
 
 I would say your Server is __the__ single point of failure (sure the
 switch is also a spof but normally I'm more worried about servers then
 switches)
 Yes, but it has 2 power supplies and redundant disks. If the mini pwr supply 
 of the single switch dies, I'm loosing.
Oh, yes and it has two mainboards and you have two ups for all the
things. ;-)
Have you thought of two internet connections from two different providers?

Sorry I don't want to bother you, I just want to say that achieving
redundancy is not that easy like you described it in your first message.

The first question is:
What problem are you trying to resolve?
Or in your case: How much redundancy do you want/need?

 Also a 2nd server is in the pipeline...

Ok, that's fine.

guido

Btw: it would be great for the archive, if you got it working, that you
send a message to the list, describing your configuration.

Re: HA: pair of firewalls, 2 switches and 1 server

2010-05-18 Thread Guido Tschakert 
Axel Rau schrieb:
 Hi all,
 
 I have a pair of redundant firewalls (obsd 4.6) and a server (fbsd 8.0):
 
+---+  +--+
|   |  |  |
+fw1+--+ +-+  |
   carp0|   |carp1 | |  em0|  |
|   |  | | |  |
+-+-++-+-+-+   |  |
  |  | sw  |   |Server|
+-+-++-+-+-+   | fbsd |
|   |  | | |  |
+fw2+--+ +-+  |
   carp0|   |carp1  em1|  |
|   |  |  |
+---+  DMZ +--+
 
 We all know, the switch is the sigle point of failure.

Hi,

I would say your Server is __the__ single point of failure (sure the
switch is also a spof but normally I'm more worried about servers then
switches)

guido

 Even worse, when it fails the carp0 pair starts flapping, disturbing
 other firewall traffic.
 So, how to resolve this?
 
 Trunking would only be possible between 2 boxes, not 3.
 Carp on top of trunk?
 2 Carp pairs on the firewalls and 1 pair at the server?
 
 If I get it right, the physical LAN should look like this:
 
+---+  +--+
|   |+-+   |  |
+fw1++ sw1 +---+  |
   carp0|   +--+ +-+-+-+em0|  |
|   |  |   |   |  |
+-+-+  |  ++   |  |
  ||  ||Server|
+-+-+  +--|--+ | fbsd |
|   | |  | |  |
|   +-+  +-+-+-+   |  |
+fw2++ sw2 +---+  |
   carp0|   |+-+em1|  |
+---+  +--+
 
 Switches must have Spanning Tree support (RSTP), so I hope a pair of
 Netgear GS108T can do this.
 
 Any proposals highly appreciated,
 Axel
 ---
 axel@chaos1.de  PGP-Key:29E99DD6  +49 151 2300 9283  computing @
 chaos claudius

Re: Padlock accelerated SHA on Via C7

2009-04-15 Thread Guido Tschakert 
Guido Tschakert schrieb:
 John Arnold schrieb:
 It isn't worth using it.  The overhead is too high.


 OK, thanks for the response.

 That being the case, can anybody give me any advice on what hardware I would 
 need to achieve gigabit VPN throughput (aes/3des  md5/sha1) with ipsec?

 
And yes I forgot a few things:

what I use is described in man brconfig (how I love the faqs and
manuals) and we use  hmac-sha2-256 and aes128 (the default)


 
 Hi,
 my max throughput with ipsec is around 218 Mbit/s with the following
 hardware:
 3Ghz Intel Dual Core and Intel EM-Network Devices.
 
 
 This is a building to building tunnel with ipsec-bridge and the two
 boxes are directly connected.
 Without any dedicated crypto hardware you need a single core cpu as fast
 a possible (dual/quad core is also possible but won't help you, as the
 encryption/decryption is done by the kernel which uses only one kernel)
 
 dmesg:
 
 OpenBSD 4.3 (GENERIC) #1368: Wed Mar 12 11:05:31 MDT 2008
 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC
 real mem = 1071693824 (1022MB)
 avail mem = 1028931584 (981MB)
 mainbus0 at root
 bios0 at mainbus0: SMBIOS rev. 2.5 @ 0x3fee (38 entries)
 bios0: vendor Phoenix Technologies LTD version 1.1a date 04/03/2008
 bios0: Supermicro X7SBi
 acpi0 at bios0: rev 2
 acpi0: tables DSDT FACP _MAR MCFG HPET APIC BOOT SPCR SSDT SSDT SSDT SSDT
 acpi0: wakeup devices PXHA(S5) PEX_(S5) LAN_(S5) USB4(S5) USB5(S5)
 USB7(S5) ESB2(S5) EXP1(S5) EXP5(S5) EXP6(S5) USB1(S5) USB2(S5) USB3(S5)
 USB6(S5) ESB1(S5) PCIB(S5) KBC0(S1) MSE0(S1) COM1(S5) COM2(S5) PWRB(S3)
 acpitimer0 at acpi0: 3579545 Hz, 24 bits
 acpihpet0 at acpi0: 14318179 Hz
 acpiprt0 at acpi0: bus 0 (PCI0)
 acpiprt1 at acpi0: bus 2 (PXHA)
 acpiprt2 at acpi0: bus 3 (PEX_)
 acpiprt3 at acpi0: bus 5 (EXP1)
 acpiprt4 at acpi0: bus 13 (EXP5)
 acpiprt5 at acpi0: bus 15 (EXP6)
 acpiprt6 at acpi0: bus 17 (PCIB)
 acpicpu0 at acpi0: C1, FVS, 3000, 2667, 2333, 2000 MHz
 acpibtn0 at acpi0: PWRB
 cpu0 at mainbus0: (uniprocessor)
 cpu0: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz, 2992.90 MHz
 cpu0:
 FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,CX16,xTPR,NXE,LONG
 cpu0: 6MB 64b/line 16-way L2 cache
 pci0 at mainbus0 bus 0: configuration mode 1
 pchb0 at pci0 dev 0 function 0 vendor Intel, unknown product 0x29f0
 rev 0x01
 ppb0 at pci0 dev 1 function 0 vendor Intel, unknown product 0x29f1 rev
 0x01: irq 5
 pci1 at ppb0 bus 1
 ppb1 at pci1 dev 0 function 0 Intel PCIE-PCIE rev 0x09
 pci2 at ppb1 bus 2
 Intel IOxAPIC rev 0x09 at pci1 dev 0 function 1 not configured
 ppb2 at pci0 dev 6 function 0 vendor Intel, unknown product 0x29f9 rev
 0x01: irq 5
 pci3 at ppb2 bus 3
 em0 at pci3 dev 0 function 0 Intel PRO/1000 PF (82572EI) rev 0x06: irq
 5, address 00:15:17:57:8a:f5
 ppb3 at pci0 dev 28 function 0 Intel 82801I PCIE rev 0x02: irq 5
 pci4 at ppb3 bus 5
 ppb4 at pci0 dev 28 function 4 Intel 82801I PCIE rev 0x02: irq 5
 pci5 at ppb4 bus 13
 em1 at pci5 dev 0 function 0 Intel PRO/1000MT (82573E) rev 0x03: irq
 5, address 00:30:48:64:eb:48
 ppb5 at pci0 dev 28 function 5 Intel 82801I PCIE rev 0x02: irq 10
 pci6 at ppb5 bus 15
 em2 at pci6 dev 0 function 0 Intel PRO/1000MT (82573L) rev 0x00: irq
 10, address 00:30:48:64:eb:49
 ppb6 at pci0 dev 30 function 0 Intel 82801BA Hub-to-PCI rev 0x92
 pci7 at ppb6 bus 17
 vga1 at pci7 dev 3 function 0 ATI ES1000 rev 0x02
 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
 wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
 pciide0 at pci7 dev 4 function 0 vendor ITExpress, unknown product
 0x8213 rev 0x00: DMA (unsupported), channel 0 wired to native-PCI,
 channel 1 wired to native-PCI
 pciide0: using irq 10 for native-PCI interrupt
 pciide0: channel 0 ignored (not responding; disabled or no drives?)
 pciide0: channel 1 ignored (not responding; disabled or no drives?)
 pcib0 at pci0 dev 31 function 0 Intel 82801IR LPC rev 0x02
 ahci0 at pci0 dev 31 function 2 Intel 82801I AHCI rev 0x02: irq 10,
 AHCI 1.2
 scsibus0 at ahci0: 32 targets
 sd0 at scsibus0 targ 0 lun 0: ATA, ST380815AS, 4.AA SCSI3 0/direct fixed
 sd0: 76319MB, 9729 cyl, 255 head, 63 sec, 512 bytes/sec, 156301488 sec total
 ichiic0 at pci0 dev 31 function 3 Intel 82801I SMBus rev 0x02: irq 10
 iic0 at ichiic0
 lm1 at iic0 addr 0x2d: W83627HF
 wbng0 at iic0 addr 0x2f: w83793g
 iic0: addr 0x48 00=7d 02=4b 03=50 04=7d 06=4b 07=50 08=7d 0a=4b 0b=50
 0c=7d 0e=4b 0f=50 10=7d 12=4b 13=50 14=7d 16=4b 17=50 18=7d 1a=4b 1b=50
 1c=7d 1e=4b 1f=50 20=7d 22=4b 23=50 24=7d 26=4b 27=50 28=7d 2a=4b 2b=50
 2c=7d 2e=4b 2f=50 30=7d 32=4b 33=50 34=7d 36=4b 37=50 38=7d 3a=4b 3b=50
 3c=7d 3e=4b 3f=50 40=7d 42=4b 43=50 44=7d 46=4b 47=50 48=7d 4a=4b 4b=50
 4c=7d 4e=4b 4f=50 50=7d 52=4b 53=50 54=7d 56=4b 57=50 58=7d 5a=4b 5b=50
 5c=7d 5e=4b 5f=50 60=7d 62=4b 63=50 64=7d 66=4b 67=50 68=7d 6a=4b 6b=50
 6c=7d 6e=4b 6f=50 70=7d 72=4b 73=50 74=7d 76=4b 77=50 78=7d 7a=4b 7b

Re: European orders

2009-03-27 Thread Guido Tschakert 
Hello everybody,

Just want to put my 2 cents in this discussion:

some weeks ago, I thought that it would be time to pre-order 4.5.
But then the following comes to my mind: in the last years I seldom used
the CDs, most time I used ftp. The CDs themself were lying on the shelf.
Actually I do not need these CDs: but a lot of resources are needed to
produce CDs and bring them to me, for me this is some kind of
environmental pollution which is not necessary and I would like to
avoid. (I'm talking about raw materials and fuel)
Then I started to look what other possibilities I have to support
OpenBSD. Sure there are donations, but will I remember every 6 month to
make a donation: No, I'm just a human being (me thinks so).
But here in Germany we have a thing called standing order (in
German: Dauerauftrag) where I can put a monthly amount of money to the
project (for me this is very easy as Theo has a bank account in Germany).
The European orders discussion brought it back to my mind and half an
hour ago I started my standing order with 12,50 per Month (150/year).
This Is not much, but more as if I would buy the CDs twice a year.

guido

Re: openbsd in virtualization

2009-03-20 Thread Guido Tschakert 
Markus Hennecke schrieb:
 Guido Tschakert wrote:
 the question is: do you use the vmware-tools from server 2.0 and if
 you do so, how did you manage it?
 
 No, we are running server 1.0.8 for our OpenBSD vmware installations. We
 have some laptops with our Windows client software that needs fast
 access to a database on an OpenBSD server. All setup for evaluation of
 the whole packet. So we need the ability to gracefully shutdown the vm
 if the laptop is powered down. The vm must start when the laptop is
 started. It is a setup for users with low skills on computers (medical
 personel mostly), so the ability to start and shut down a vm is not
 something I can expect.
 
 OpenBSD 4.4 or newer will run happily with the vmware server 2.0, but no
 automatic shutdown is a real show stopper.
 
 Kind regards
   Markus
 


Hello Markus,

as I wrote earlier, you can use VmServer 2.0 with the old tools.
Shutdown works well.

I have the feeling that 2.0 is faster then 1.0 (except the management
interface which can be very annoying), but I have no measurements ;-)

guido

Re: openbsd in virtualization

2009-03-19 Thread Guido Tschakert 

Markus Hennecke wrote:

On Wed, 18 Mar 2009, Markus Hennecke wrote:


Laurens Vets wrote:

Markus Hennecke wrote:

On Wed, 18 Mar 2009, Laurens Vets wrote:

Laurens Vets wrote:
Doesn't work for me.  Vmware-guestd doesn't want to run and the 
message Abort trap is printed...


Btw, this is on OpenBSD 4.4 i386 and VMware Server 2.0


This works no longer with VMWare Server 2.0. With 1.0.8 you were 
fine with that method.


Any specific reason why?  Did they change the FreeBSD binary too much 
or...?


I think that the vmware tools were statically linked in the previous 
versions, now they are dynamically linked and I was missing most of 
the libs. But I will check that tomorrow when I'm back at work.


So here is the information, it is indeed dynamically linked in the 
server 2.0 version:


vmware tools server 2.0:

$ pwd
/home/markus/vmware-tools-distrib/lib/sbin32
$ ls -la
total 1228
drwxr-xr-x   2 markus  users 512 Sep 11  2008 .
drwxr-xr-x  21 markus  users 512 Sep 11  2008 ..
-r-xr-xr-x   1 markus  users   42900 Sep 11  2008 vmware-checkvm
-r-xr-xr-x   1 markus  users  505384 Sep 11  2008 vmware-guestd
-r-xr-xr-x   1 markus  users4862 Sep 11  2008 vmware-guestd-wrapper
-r-xr-xr-x   1 markus  users   49412 Sep 11  2008 vmware-rpctool
$ file vmware-guestd
vmware-guestd: ELF 32-bit LSB executable, Intel 80386, version 1, 
dynamically

linked (uses shared libs), stripped

- 


Hello Markus,

the question is: do you use the vmware-tools from server 2.0 and if you 
do so, how did you manage it?


guido



vmware tools server 1.0.8;

$ ls -la /emul/freebsd/sbin/
total 584
drwxr-xr-x  2 root  wheel 512 Sep  2  2008 .
drwxr-xr-x  3 root  wheel 512 Dec 17  2007 ..
-r-xr-xr-x  1 root  wheel  270236 Sep  2  2008 vmware-guestd

$ file vmware-guestd
vmware-guestd: ELF 32-bit LSB executable, Intel 80386, version 1, 
statically

linked, stripped

Kind regards,
  Markus

Re: openbsd in virtualization

2009-03-18 Thread Guido Tschakert 
sonjaya schrieb:
 what virtualization you use  (vmware , openvz , etc )?
 
 
Hi,

as Michiel wrote, he uses kvm (this is something in the linux kernel)

OpenVZ will not work. (Its up to you to find out why ;-) )

I use OpenBSD in Vmware Server 2.0 and if you search the archives you
will find a lot of people asking questions regarding vmware and xen.

But you should really search the archives as you will find a lot of
things about security, stability and so.

guido



 On Wed, Mar 18, 2009 at 3:34 PM, Michiel van Baak mich...@vanbaak.info
 wrote:
 On 15:13, Wed 18 Mar 09, sonjaya wrote:
 Hi...

 My boss ask how to move current obsd server to virtualiaztion ( such
 as  openvz, vmare , etc ) .
 anyone in here sucsess moving obsd to Environment  virtualization (
 openvz , vmware  etc ) , may be want share to me ?
 So obsd become guest OS  ?

 ps: i'm so sory to ask this because Efficiency  and reduce IT cost .
 thank's
 I'm running OpenBSD 4.4 and -current under KVM here at home.
 I wont run it in production tho. Real hardware is much more stable.
 --

 Michiel van Baak
 mich...@vanbaak.eu
 http://michiel.vanbaak.eu
 GnuPG key: http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0x71C946BD

 Why is it drug addicts and computer aficionados are both called users?


 
 
 
 --
 sonjaya
 http://sicute.blogspot.com
 http://www.pojokdomain.com(sell  buy domain with free )

Re: openbsd in virtualization

2009-03-18 Thread Guido Tschakert 
Linus Swdlas schrieb:
 On Wed, 18 Mar 2009 14:45:44 +0100, Laurens Vets laur...@daemon.be wrote:
 
 Laurens Vets wrote:
 Alexandre Verriere wrote:
 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1

 Laurens Vets a icrit :
 My boss ask how to move current obsd server to virtualiaztion ( such
 as  openvz, vmare , etc ) .
 anyone in here sucsess moving obsd to Environment  virtualization (
 openvz , vmware  etc ) , may be want share to me ?
 So obsd become guest OS  ?

 ps: i'm so sory to ask this because Efficiency  and reduce IT cost .
 thank's

 Works great for me under VMware.

 /  L
 How are you shutting down the OpenBSD guest when you stop VMware?
 Manually?



 This can be achieved with FreeBSD compt turned on this way:

 halt the obsd guest then set his type to freebsd and back up install
 the
 vmware tools:

 mount /dev/cd0c /mnt
 tar -xzf /mnt/vmware-freebsd-tools.tar.gz -C /tmp
 mkdir -p /emul/freebsd/sbin
 install -m 555 -o root -g wheel
 /tmp/vmware-tools-distrib/lib/sbin32/vmware-guestd /emul/freebsd/sbin
 cp -r /tmp/vmware-tools-distrib/etc /etc/vmware-tools

 then tune your sysctl.conf
  kern.emul.freebsd=1

 Add this one to your rc.local:

 if [ -x /emul/freebsd/sbin/vmware-guestd ]; then
 echo -n ' vmware-tools'
 /emul/freebsd/sbin/vmware-guestd --background
 /var/run/vmware-guestd.pid --halt-command /sbin/shutdown -p -h now
  fi

 Now you can use vmware scripts to automate power management of your vm.

 Hope this helps.
  Doesn't work for me.  Vmware-guestd doesn't want to run and the
 message Abort trap is printed...

 Btw, this is on OpenBSD 4.4 i386 and VMware Server 2.0
 
 I use VMWare Workstation 6.5.1 which, as far as I know, uses the same
 hw-compat as Server 2.0 and it sometimes bring my whole machine down
 when running OpenBSD 4.4. The crashes are quite random.
 Difficult to determine the problem for me though as I changed hardware,
 and thus OS, and changed from Workstation 6.0 to 6.5 and OpenBSD-version
 to 4.4 at the same time. =)
 Previous versions has worked wonders.
 I'm kinda curious on if it would be possible to figure out what the
 changes are and write a DoS-sploit for VMware/host-OS from it. =)
 Host OS would be a Linux 64-bit on Core2Duo if anyone wondered.
 
Hello Again,

I can confirm that using the tools from 1.0.8 in a virtual machine with
hardware version 7 on VmServer 2.0 works. (and vmware tells you to
upgrade the tools, what you shouldn't do)
So the wiki
http://openbsd-wiki.org/index.php?title=HowTo_install_VMWare_tools
could be updated.

The freebsd.iso can be found in (/usr)/lib/isoimages from an 1.0.8
installation or in the tar.gz.

next step would be to use the new tools and find out which libs are
needed. Maybe Markus has some news tomorrow.

guido

Re: openbsd in virtualization

2009-03-18 Thread Guido Tschakert 
Linus Swdlas schrieb:
 On Wed, 18 Mar 2009 14:45:44 +0100, Laurens Vets laur...@daemon.be wrote:
 
 Laurens Vets wrote:
 Alexandre Verriere wrote:
 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1

 Laurens Vets a icrit :
 My boss ask how to move current obsd server to virtualiaztion ( such
 as  openvz, vmare , etc ) .
 anyone in here sucsess moving obsd to Environment  virtualization (
 openvz , vmware  etc ) , may be want share to me ?
 So obsd become guest OS  ?

 ps: i'm so sory to ask this because Efficiency  and reduce IT cost .
 thank's

 Works great for me under VMware.

 /  L
 How are you shutting down the OpenBSD guest when you stop VMware?
 Manually?



 This can be achieved with FreeBSD compt turned on this way:

 halt the obsd guest then set his type to freebsd and back up install
 the
 vmware tools:

 mount /dev/cd0c /mnt
 tar -xzf /mnt/vmware-freebsd-tools.tar.gz -C /tmp
 mkdir -p /emul/freebsd/sbin
 install -m 555 -o root -g wheel
 /tmp/vmware-tools-distrib/lib/sbin32/vmware-guestd /emul/freebsd/sbin
 cp -r /tmp/vmware-tools-distrib/etc /etc/vmware-tools

 then tune your sysctl.conf
  kern.emul.freebsd=1

 Add this one to your rc.local:

 if [ -x /emul/freebsd/sbin/vmware-guestd ]; then
 echo -n ' vmware-tools'
 /emul/freebsd/sbin/vmware-guestd --background
 /var/run/vmware-guestd.pid --halt-command /sbin/shutdown -p -h now
  fi

 Now you can use vmware scripts to automate power management of your vm.

 Hope this helps.
  Doesn't work for me.  Vmware-guestd doesn't want to run and the
 message Abort trap is printed...

 Btw, this is on OpenBSD 4.4 i386 and VMware Server 2.0
 
 I use VMWare Workstation 6.5.1 which, as far as I know, uses the same
 hw-compat as Server 2.0 and it sometimes bring my whole machine down
 when running OpenBSD 4.4. The crashes are quite random.
 Difficult to determine the problem for me though as I changed hardware,
 and thus OS, and changed from Workstation 6.0 to 6.5 and OpenBSD-version
 to 4.4 at the same time. =)
 Previous versions has worked wonders.
 I'm kinda curious on if it would be possible to figure out what the
 changes are and write a DoS-sploit for VMware/host-OS from it. =)
 Host OS would be a Linux 64-bit on Core2Duo if anyone wondered.
 
Ok,

I think I've got an idea regarding our problem with installing the
vmware-tools in OpenBSD 4.4 on VmServer 2.0 and Workstation 6.5.1.

Someone wrote that it works with OpenBSD 4.4 and VmServer 1.0.8, so
OpenBSD 4.4 isn't the problem (as mostly ;-) )

I think we (Laurens, Linus and myself) have started with creating a new
vm in VmServer 2.0 or WS 6.5 and then installed the tools via cd-emulation.

The problem might be the hardware version/product compability: We have
version 7 and Vmserver 1.0 uses version 4. Another point would be to try
the vmware-tools.tar.gz from server 1.0 (Markus wrote they are
statically linked, so maybe we can use them also in our new vm)

guido

Re: OpenBSD 4.4 pf+vlan+bridge problem

2009-01-20 Thread Guido Tschakert 
Key Aavoja schrieb:
 Hello,
 
Hello,

first thing: I do not have any experience with multicast traffic.
But what you have build seems very strange to me. First you use vlan to
separate the networks an then you put them alltogether with a bridge.
I do not see the use of the vlans.

Wouldn't it be better to not use the bridge and use (multicast-)routing
and pf to solve your problem?

As I said, I have no experience with multicast traffic, but that is how
I would start digging.

guido

 I have a problem with pf+bridge+vlan (multicast traffic) and I googled
 a lot, read the manuals and so on - no help. Finally I posted on wrong
 place :( sorry.
 
 Hopefully this time I'm writing to right place.
 
 
 Following setup is made for multicast traffic separation from one lan
 to multiple vlans.
 
 Setup:
 
 Two physical interfaces
 
 bnx0
 bnx1
 
 interfaces bnx0 and bnx1 has vlans:
 
 bnx0
 vlan1100
 bnx1
 vlan1101
 vlan1102
 vlan1103
 vlan1104
 vlan1105
 vlan1106
 vlan1107
 vlan1108
 
 Bridge setup: bridge0 has all vlans as bridge members (vlan1100,
 vlan1101 ... vlan1108)
 
 PF config:
 
 block out on bnx1 all
 block out on vlan1100 all
 block out on vlan1101 all
 block out on vlan1102 all
 block out on vlan1103 all
 block out on vlan1104 all
 block out on vlan1105 all
 block out on vlan1106 all
 block out on vlan1107 all
 block out on vlan1108 all
 pass out quick on vlan1101 proto udp from any to 239.16.1.1
 pass out quick on vlan1102 proto udp from any to 239.16.1.2
 pass out quick on vlan1103 proto udp from any to 239.16.1.3
 
 Wishful thinking, what the result should be:
 
 All multicast streams are available on vlan1100 and recieved via
 bnx0/vlan1100. Bridge should stream the multicast packets to what
 ever vlan - its the place where pf should help. Stream: 239.16.1.1
 should be available only on vlan1101, and 239.16.1.2 avialable on
 vlan1102 and so on.
 .
 
 Real Result:
 Stream 239.16.1.1 is available on all three vlans: 11101,1102,1103 -
 same thing happens with other two streams (239.16.1.2, 239.16.1.3)
 
 It's really weird what's going on or did I understood something wrong
 and configuration is not correct?
 
 Thank you.
 


-

Re: cryptographic accelerator for a laptop

2009-01-14 Thread Guido Tschakert 
ro...@cs.wisc.edu schrieb:
 I recently started using a VPN with my laptop for when I travel(which is
 quite often) and I have noticed a detectable degradation when going
 through the VPN especially when using streaming video. My laptop is a few
 years old and the problem isn't that big a deal but I was wondering if
 there is a card I could buy that I could offload the work to. Hopefully
 one that isn't very expensive would be nice. Just wondering if anybody has
 any suggestions.
 
 roger
 

Hello,

you forgot to mention a lot of information:

what kind of vpn you are using?


what kind of laptop you are using?

As you want to add hardware, where is the mesg?

btw:
I am not aware of any pcmcia device, usb device or pci express card
doing cryptographic acceleration, but i am not that expert. But I think
if you find such a thing, it is cheaper to buy a new laptop ;-)

and another thing: maybe it would help to tweak your vpn config, but
therefore it is needed!

guido

Re: cryptographic accelerator for a laptop

2009-01-14 Thread Guido Tschakert 
Guido Tschakert schrieb:
 ro...@cs.wisc.edu schrieb:
 I recently started using a VPN with my laptop for when I travel(which is
 quite often) and I have noticed a detectable degradation when going
 through the VPN especially when using streaming video. My laptop is a few
 years old and the problem isn't that big a deal but I was wondering if
 there is a card I could buy that I could offload the work to. Hopefully
 one that isn't very expensive would be nice. Just wondering if anybody has
 any suggestions.

 roger

 
 Hello,
 
 you forgot to mention a lot of information:
 
 what kind of vpn you are using?
 
 
 what kind of laptop you are using?
 
 As you want to add hardware, where is the mesg?
 
 btw:
 I am not aware of any pcmcia device, usb device or pci express card
 doing cryptographic acceleration, but i am not that expert. But I think
 if you find such a thing, it is cheaper to buy a new laptop ;-)
 
 and another thing: maybe it would help to tweak your vpn config, but
 therefore it is needed!
 
 guido

Another question comes to my mind.
What speed do you get through your VPN and what speed do you expect/need
(specially for streaming video).
Another problem might be that your CPU cannot handle vpn and video at
the same time. (so the speed of the vpn is not your problem)
If this is your problem, maybe a new graphic card is a solution (which
also isn't quiet easy to change in a laptop)

guido

Re: FreeBSD emulation of VMware Tools

2009-01-05 Thread Guido Tschakert 
Laurens Vets schrieb:
 Laurens Vets wrote:
 Good morning,


Hello
 have you read man compat_freebsd and tried the suggestions (i.e.
 download libc.so.1 from somewhere and also ldd and some other files)

 I was not aware of that man page...  I've been trying to set things up
 using it as a guide, but I'm unsuccesfull at the moment.  The man page
 mentions FreeBSD 5.0-RELEASE, yet the port freebsd_lib seems to be
 compiled for FreeBSD 4.1.1.

 Any idea on what FreeBSD version is supported by OpenBSD?
 
 Some more information:
 - VMware Server 2.0
 - OpenBSD 4.4
 

Hmm, thats also my configuration
 I've gotten the FreeBSD emulation working now:
 # ldd-freebsd /emul/freebsd/usr/bin/ldd
 /emul/freebsd/usr/bin/ldd:
 libc.so.4 = /usr/lib/libc.so.4 (0x4fa23000)

Can you exactly tell what you've done and where you got the binaries
from. I'm trying to also solve this problem...
 
 However, while running it on vmware-guestd I still receive an error:
 
 # ldd-freebsd /emul/freebsd/sbin/vmware-guestd
 /emul/freebsd/sbin/vmware-guestd:
 /emul/freebsd/sbin/vmware-guestd: signal 6
 
according to man signal signal 6 is
SIGABRT create core image   abort(3) call (formerly SIGIOT)

Is vmware-guestd running anymore after signal 6?


 Any idea on how I can proceed from there?
 
 Laurens Vets schrieb:
 Hi list,

 I'm trying to get the FreeBSD version of the VMware Tools installed in
 OpenBSD 4.4 under VMware Server 2.0 following the guide posted at
 http://www.openbsd-wiki.org/index.php?title=HowTo_install_VMWare_tools.

 I've had to install the freebsd_lib-4.11p0.tgz package and had to add
 some additional symbolic links to /emul/freebsd/usr/lib.  However,
 vmware-guestd segfaults upon trying to start it:

 # ktrace /emul/freebsd/sbin/vmware-guestd --background
 /var/run/vmware-guestd.pid --halt-command /sbin/shutdown -p -h now
 Segmentation fault (core dumped)
 # ktrace -C
 # kdump
   6020 ktrace   RET   ktrace 0
   6020 ktrace   CALL  execve(0xcfbdabb3,0xcfbdaa60,0xcfbdaa78)
   6020 ktrace   NAMI  /emul/freebsd/sbin/vmware-guestd
   6020 ktrace   NAMI  /emul/freebsd/usr/lib/libc.so.1
   6020 ktrace   NAMI  /emul/freebsd
   6020 vmware-guestd NAMI  /emul/freebsd/usr/lib/libc.so.1
   6020 vmware-guestd EMUL  freebsd
   6020 vmware-guestd RET   execve 0
   6020 vmware-guestd PSIG  SIGSEGV SIG_DFL code 1 addr=0x85fa8 trapno=1
   6020 vmware-guestd NAMI  vmware-guestd.core
 #

 I'm not sure how to proceed from here.  Can anyone help me further?

 Thanks in advance!

Re: FreeBSD emulation of VMware Tools

2009-01-04 Thread Guido Tschakert 
Hi,

have you read man compat_freebsd and tried the suggestions (i.e.
download libc.so.1 from somewhere and also ldd and some other files)

guido

Laurens Vets schrieb:
 Hi list,
 
 I'm trying to get the FreeBSD version of the VMware Tools installed in
 OpenBSD 4.4 under VMware Server 2.0 following the guide posted at
 http://www.openbsd-wiki.org/index.php?title=HowTo_install_VMWare_tools.
 
 I've had to install the freebsd_lib-4.11p0.tgz package and had to add
 some additional symbolic links to /emul/freebsd/usr/lib.  However,
 vmware-guestd segfaults upon trying to start it:
 
 # ktrace /emul/freebsd/sbin/vmware-guestd --background
 /var/run/vmware-guestd.pid --halt-command /sbin/shutdown -p -h now
 Segmentation fault (core dumped)
 # ktrace -C
 # kdump
   6020 ktrace   RET   ktrace 0
   6020 ktrace   CALL  execve(0xcfbdabb3,0xcfbdaa60,0xcfbdaa78)
   6020 ktrace   NAMI  /emul/freebsd/sbin/vmware-guestd
   6020 ktrace   NAMI  /emul/freebsd/usr/lib/libc.so.1
   6020 ktrace   NAMI  /emul/freebsd
   6020 vmware-guestd NAMI  /emul/freebsd/usr/lib/libc.so.1
   6020 vmware-guestd EMUL  freebsd
   6020 vmware-guestd RET   execve 0
   6020 vmware-guestd PSIG  SIGSEGV SIG_DFL code 1 addr=0x85fa8 trapno=1
   6020 vmware-guestd NAMI  vmware-guestd.core
 #
 
 I'm not sure how to proceed from here.  Can anyone help me further?
 
 Thanks in advance!

Re: OpenBSD4.4 can ping ip but can't resolv Doname

2008-12-21 Thread Guido Tschakert 
Hello,

what about /etc/resolv.conf on your OpenBSD System.
Have you configured which DNS to use?

guido

Linyin schrieb:
 Installed openbsd,configure network.When I try ping ip address its
 ok,but use the doname is looks down.
 The dns server is ok,i try ping doname under winxp:
 
 C:\Documents and Settings\linyinping www.openbsd.org
 Pinging www.openbsd.org [129.128.5.191] with 32 bytes of data:
 Reply from 129.128.5.191: bytes=32 time=251ms TTL=238
 Reply from 129.128.5.191: bytes=32 time=281ms TTL=238
 Reply from 129.128.5.191: bytes=32 time=280ms TTL=238
 Reply from 129.128.5.191: bytes=32 time=280ms TTL=238
 Ping statistics for 129.128.5.191:
 Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
 Approximate round trip times in milli-seconds:
 Minimum = 251ms, Maximum = 281ms, Average = 273ms
 
 But under OpenBSD,it's not any reponse.
 
 # uname -a
 OpenBSD linyin.8800.org 4.4 GENERIC#1021 i386
 
 # ping www.openbsd.org
 ping: unknown host: www.openbsd.org
 
 # more /etc/hosts
 #   $OpenBSD: hosts,v 1.11 2002/09/26 23:35:51 krw Exp $
 #
 # Host Database
 #
 # RFC 1918 specifies that these networks are internal.
 # 10.0.0.0  10.255.255.255
 # 172.16.0.0172.31.255.255
 # 192.168.0.0   192.168.255.255
 #
 ::1 localhost.8800.org localhost
 127.0.0.1 localhost.8800.org localhost
 ::1 linyin.8800.org linyin
 127.0.0.1 linyin.8800.org linyin
 
 # more /etc/hostname.rl0
 inet 192.168.1.5 255.255.255.0 NONE
 
 # ping 129.128.5.191
 PING 129.128.5.191 (129.128.5.191): 56 data bytes
 64 bytes from 129.128.5.191: icmp_seq=1 ttl=238 time=1350.464 ms
 64 bytes from 129.128.5.191: icmp_seq=2 ttl=238 time=1201.868 ms
 --- 129.128.5.191 ping statistics ---
 4 packets transmitted, 2 packets received, 50.0% packet loss
 round-trip min/avg/max/std-dev = 1201.868/1276.166/1350.464/74.298 ms
 
 Im not using PF,and other firewall.Dose anyone can give me some advise?THANKS!

Re: softraid(4) in production environment

2008-11-21 Thread Guido Tschakert 
Jordi Espasa Clofent schrieb:
 Hi all,
 
 As post subject says, it's a clear question ?Is it softraid(4) ready for
 a production system?
 I have to build a authentication (with OpenLDAP) system and I want to do
 it with OpenBSD; I absolutely tust on Marco's good job, but I must to
 know if softraid(4) is ready for a real and critical production system.
 
 I've used softraid(4) solution in the past without problems, but I think
 softraid(4) it's better designed and coded, so the logical way is trust
 on it.
 
If it is that critical wouldn't it be better to have two simple ldap
server and replicate with slurpd.
You know: keep the systems simple. This remember me on the discussions
on having raid in a firewall and the answer is ever use carp and make it
redundant.
So I suggest: use slurpd and make it redundant ;-)

guido

Re: Packet Filter: how to keep device names on hardware failure?

2008-11-07 Thread Guido Tschakert 
Peter N. M. Hansteen schrieb:
 Harald Dunkel [EMAIL PROTECTED] writes:
 

maybe you can use something like this in your script:

int_if=xx:xx:xx:xx:xx:xx
ext_if=yy:yy:yy:yy:yy:yy
int_if=`ifconfig|grep -e $int_if|awk '{print $1}'`
ext_if=`ifconfig|grep -e $ext_if|awk '{print $1}'`

This will not directly work on OpenBSD as the output of ifconfig is not
the same as on Linux and I used it on Linux as some linux kernels
doesn't enumerated the network interfaces in the same order at each boot
and they were all called ethx, so rebooting without scanning for
mac-adresses was a real mess.
Surely we assume that nobody fakes the mac.

guido

Re: PCI-Express Crypto Hardware

2008-10-31 Thread Guido Tschakert 
Sylvain MAURIN schrieb:
 Hello,
 
 I am looking to upgrade our lab's ssh gateway[1] but I
 haven't been able to find one hardware crypto accelerator
 with PCIe bus.
 
What about SUN?

At Sun you can find a X6000A for 1150

But I really do not know if the card will work with OpenBSD.

guido

BTW: You have a lot of traffic through your ssh-Gateway, don't you?


 Alas, my new serverboard[2] does not provide PCI nor
 PCI-X slots.
 
 Do you have any tips about an openbsd compatible product ?
 
 I have a budget of about 1K EUR to purchase some crypto
 hardware next week and I think my lab could support[3]
 your project.
 
 Thanks for any help,
 Sylvain MAURIN
 
 1. Soekris 1401 on SunBlade 150
http://www.isc.cnrs.fr/informatique/public_notice/OpenBSD-sshchrooted
 2. Sun T1000, sparc64 arch.
 3. Aka hosting and opening an access to some BSD developers
agreeing our security charts, time to polish any drivers
before I put T1000 server in exploitation setup, probably
around mid-2009 and keeping running the old SunBlade for
your project until she die.
 
 [demime 1.01d removed an attachment of type application/x-pkcs7-signature 
 which had a name of smime.p7s]
 
 


-- 

Mit freundlichen Gr|_en,

  Guido Tschakert

_

SRC Security Research  Consulting GmbH
Graurheindorfer Str. 149 a  Tel: +49-228-2806-138
53117 Bonn  Fax: +49-228-2806-199
http://www.src-gmbh.de  Mob: +49-160-3671422
Handelsregister Bonn: HRB 9414  Geschdftsf|hrer: Gerd Cimiotti

Re: new home box for secure data storage

2008-10-30 Thread Guido Tschakert 
Douglas A. Tutty schrieb:
 On Wed, Oct 29, 2008 at 09:09:20PM -0500, patric conant wrote:
 I'm confused, the encrypted volume cannot be backed up without a key?
 
 Sure, I could backup the encrypted volume.  However, I'd rather back the
 data up as an unencrypted directory along with everything else.  

And then someone steals your backup.

Wouldn't it be more sophisticated, to secure the physical access (lock
up the door, some security on the windows (the real one, not that crap
from MS), if any) to the system and encrypt the backup (public-key comes
to my mind). As mostly backup will be done on external media (DVD, CD,
Tape, USB-Harddrives)

It always depends on how paranoid you are (and as I remember you are
more paranoid then the average ;-) ), how secret your data is.

guido








 
 I don't know what's involved in e.g. restoring an accidentally deleted
 file from within an encrypted volume.  I guess I'd treat it like a
 tarball in that its a file, mount it somewhere using the usual key and
 retreive the file, mount the user's encrypted volume and copy the file
 back where it belongs.
 
 Its likely that its me that's confused.  Since what I'm contemplating
 doesn't seem to be mainstream, I'm assuming that backup and restore
 procedures aren't mainstream (e.g. have the kinks worked out) either.
 That assumption could be invalid.
 
 Doug.
 
 


-- 

Mit freundlichen Gr|_en,

  Guido Tschakert

_

SRC Security Research  Consulting GmbH
Graurheindorfer Str. 149 a  Tel: +49-228-2806-138
53117 Bonn  Fax: +49-228-2806-199
http://www.src-gmbh.de  Mob: +49-160-3671422
Handelsregister Bonn: HRB 9414  Geschdftsf|hrer: Gerd Cimiotti

Re: Longest Uptime?

2008-10-29 Thread Guido Tschakert 
new_guy schrieb:
 I know. Longest uptime is silly, macho, pointless stuff... but I ran across
 an old SunOS 2.6 box that had been up for 387 days. It had been hacked. The
 only reason it was not an open mail relay is that /var was full. So, I
 thought to myself, I bet I could run an OpenBSD box for that amount of time
 or longer without getting hacked and without doing much to it. Just
 wondering what's the longest OpenBSD uptime some folks on misc have seen?
 
 Thanks


Hmm,

what about 180-190 days uptime max?
Afaik you need to reboot your OpenBSD when you upgrade in May and
November...

guido

Re: what exactly is enc0?

2008-10-16 Thread Guido Tschakert 
J.C. Roberts schrieb:
 On Wednesday 15 October 2008, ropers wrote:
 I don't know if it is possible to use --surrounding physical space
 permitting-- 64bit cards in 32 bit slots (and have them run w/
 reduced performance). IIRC, something like that used to be possible
 back when it came to the transition from 8bit ISA to 16bit ISA slots;
 back then, some 16bit ISA cards could be used in 8bit slots at
 reduced speeds. Whether something like that is possible now with
 64bit PCI cards I don't know. Maybe someone else knows.
 
 Of course it depends on the design of the specific card, but yes, at 
 least *some* 64-bit cards can be used in 32-bit slots. I've seen early 
 64-bit PCI SCSI controller cards that were built this way.
 
 --
 JCR
 
 
Not that I would recommend them anymore,
but the D-Link DGE-550T/SX (64bit/66MHz) worked in an Asus P4P800-VM
(PCI 32bit) for me (with OpenBSD of course).
I think it depends on the card __and__ the mainboard if it works or not.

guido

Re: ral(4) stops generating traffic

2008-10-16 Thread Guido Tschakert 
Stuart Henderson schrieb:
 I think I probably see the same thing on RT2860, but you've got further
 tracking down what's happening than me (my debugging is hampered by the
 AP being about 2 hour's drive away..)
 
 In gmane.os.openbsd.misc, you wrote:
 Hi,

 I 'm running OpenBSD 4.4-current (RALDBG) #0: Fri Oct 10 16:56:50 CEST 
 2008, which is GENERIC with RAL_DEBUG, but I've seen this problem with 
 previous kernels and without RAL_DEBUG, too.

 # dmesg | grep ral
 ral0 at pci0 dev 14 function 0 Ralink RT2860 rev 0x00: irq 10EEPROM 
 rev=1, FAE=1
 ral0: MAC/BBP RT2860 (rev 0x0101), RF RT2820 (2T3R)

 This is a pci Edimax EW-7728IN, which I believe is the same card that was 
 donated to damien@ (?) and that led to 28xx support.

 After an unfixed amount of time, from a few minutes up to a few days, the 
 interface simply stops respoding to probe requests:

 # tcpdump -nvvvs 1000 -i ral0 -y IEEE802_11_RADIO not subtype beacon
 14:17:40.761912 CLI1-MAC  ff:ff:ff:ff:ff:ff, bssid ff:ff:ff:ff:ff:ff (seq 
 16): 802.11: probe request, radiotap v0, 1Mbit/s, chan 6, 11g, sig -19dBm, 
 antenna 2, signal 17dB
 14:17:40.963338 CLI1-MAC  ff:ff:ff:ff:ff:ff, bssid ff:ff:ff:ff:ff:ff (seq 
 32): 802.11: probe request, radiotap v0, 1Mbit/s, chan 6, 11g, sig -17dBm, 
 antenna 2, signal 15dB
 14:21:03.860025 CLI2-MAC  ff:ff:ff:ff:ff:ff, bssid ff:ff:ff:ff:ff:ff (seq 
 1120): 802.11: probe request, radiotap v0, 1Mbit/s, chan 6, 11g, sig 
 -27dBm, antenna 1, signal 25dB
 14:21:04.306901 CLI2-MAC  ff:ff:ff:ff:ff:ff, bssid ff:ff:ff:ff:ff:ff (seq 
 1520): 802.11: probe request, radiotap v0, 1Mbit/s, chan 6, 11g, sig 
 -23dBm, antenna 1, signal 21dB

 Whereas normally you'd see the probe req, probe resp, auth req, auth resp, 
 assoc req, assoc resp, wpa dance.

 # tcpdump -nvvvs 1000 -i ral0 -y IEEE802_11_RADIO | grep beacon | grep 
 AP-MAC
 Shows that it stops sending beacon frames. It's still picking up the 
 beacons from the 5 other wlans it can see, so rx seems to work fine.

 # ifconfig ral0 down  ifconfig ral0 up
 Fixes everything, until it happens again after a seemingly random interval. 
 The kernel doesn't log anything unusual even with RAL_DEBUG.

 I suppose I should sendbug, but I think lots of people have these cards so 
 I'd like to know if anyone else is seeing this. Any ideas?

 Thanks and please cc,

 bbee
 
 

After reading this, I think I have a similar problem
(But sorry, I did not dig any deeper)
First the part of the dmesg:
ral0 at pci0 dev 20 function 0 Ralink RT2860 rev 0x00: irq 15, address
xx:xx:xx:xx:xx:xx
ral0: MAC/BBP RT2860 (rev 0x0101), RF RT2820 (2T3R)

and my /etc/hostname.ral0 contains:
inet x.y.z.w a.b.c.d NONE media autoselect mode 11g mediaopt hostap nwid
abc wpa wpapsk
0xa0101010101010101010101010101010101010101010101010101010101010101
wpaprotos wpa1 chan 11 description WLAN WPA

From time to time I could not connect any more so I had to restart
ral0 which leads to my (quick'n'dirty) workaround.
In my /etc/crontab is the following line:
30 4 * * * root /bin/sh /etc/netstart ral0

Up to now this worked for me and I have forgotten about the problem :-(
until I read this thread...

guido

OpenBSD 4.4 CDs have arrived in Bonn/Germany

2008-10-09 Thread Guido Tschakert 
Hi Folks,

just a few minutes ago a packet from Wim arrived in my office.

may the source be with us

guido

Re: recommendation for router (COMMELL)

2008-09-17 Thread Guido Tschakert 
Juan Miscaro schrieb:
 2008/9/17 Diana Eichert [EMAIL PROTECTED]:
 On Wed, Sep 17, 2008 at 08:56:07AM +, Stuart Henderson wrote:
 On 2008-09-17, Juan Miscaro [EMAIL PROTECTED] wrote:
 Has anyone any experience running OpenBSD on this puppy:

 http://www.commell-sys.com/Product/IPC/EMB-564.htm

 I'm looking for a replacement for my tower that is currently acting as
 router, anti-spam, mail server for a small network/domain.
 They should run OpenBSD fine. But disk storage might be a problem.
 Continuously running 2.5 drives in fanless cases don't tend to last
 very long; the alternatives (DOM or compactflash) would not be great
 choices for a typical mail server.
 I have one, it's okay, but like all PC based system it suffers from
 crappy BIOS serial port redirection.  I second Stuart's opinion regarding
 not running a mail server on it.
 
 Thanks everyone for your comments.  I guess I'll look elsewhere.  Now
 how about the inverse question?
 
 What *would* you recommend?
 
 In addition to the listed duties, I am looking for stability,
 quietness, and low power (in that order).  Don't need 4 lan ports (at
 least 2) but 3 would be nice.
 
 /juan
 
Hm,
I also always thougt I needed 2 or 3 NICs (DMZ, int, ext...).
But then I replaced my network switch with the Netgear GS108T (8Port,
1000MBit __and__ vlan for around 100b, ) and then I started  using vlans.

guido

Re: BIND workaround for older versions?

2008-07-25 Thread Guido Tschakert 
Stuart Henderson schrieb:
 On 2008-07-24, Mike Shaw [EMAIL PROTECTED] wrote:
 Regarding the cache poisoning patch (which I see for 4.3).  Are there
 any effective workarounds for OpenBSD 4.0/4.1?
 
 The 4.2 patch should also work for 4.1
 
 
I can confirm that the 4.2 patch works with 4.1 (at least for me).


guido

Re: This is what Linus Torvalds calls openBSD crowd

2008-07-24 Thread Guido Tschakert 

Duncan Patton a Campbell schrieb:

On Thu, 17 Jul 2008 21:37:27 +0200
Marc Balmer [EMAIL PROTECTED] wrote:


* Shizzle Cash wrote:

On Jul 17, 2008, at 8:42 AM, Giancarlo Razzolini wrote:


agreed. I barely can wait to see Ty Semaka artwork for 4.4. Definitively
it should include monkeys.  And amoebas too.
I agree, monkeys should definitely be somehow incorporated into the artwork 
for the next release.

ty draws openbsd developers as fish.  and I think that we, the openbsd
developers, did enough to warrant a nice topic for the next release.
no need to resort to that strange monkey business.

or do you want to honour a stupid remark made by l. by making him
the main theme of our next release?  I don't think so.  we have
more substantial work that goes into our next release than the
stupid remark of a wanking fat penguin that all to obviously does
not understand what we do.




Wanking Sea Monkeys, then: the oceanic analogue of fleas, 
at least in the area of genital proportion ;-)


Dhu


Sea Monkeys?

I feed my fishes with sea monkeys!


guido

Kernel panic with wpa (wpa2-personal)

2008-07-03 Thread Guido Tschakert 

Yes I know its experimental...  ;-)

I bought a ASUS WL-130N, installed the latest snapshot (from July 2nd)
and tried WPA

I build the pre-shared key
# wpa-psk ZELDA start123
0x763b94d25e9800f80f926fcc26d7fdf52b3b565209456bd0aa31973fbd8d5ce2

and put it in my /etc/hostname.ral0
# cat /etc/hostname.ral0
inet 192.168.22.1 255.255.255.252 NONE media autoselect mediaopt hostap 
nwid ZELDA wpa wpapsk 
0x763b94d25e9800f80f926fcc26d7fdf52b3b565209456bd0aa31973fbd8d5ce2 chan 
11 description WLAN WPA


I started the network an took my laptop (ubuntu 8.04) and made the 
following configuration:

Network name (ESSID):   ZELDA
Password type:  WPA Personal
Network password:   start123

I started and everything was fine.
(Oh my god, wifi can be that easy?!?  ;-)  )

Then I tried with WPA2 Personal and boom: the kernel panics.
(It can be reproduced without problems)

Here are the panic message output from trace and ps and the dmesg.
Maybe someone else but me understands that.

guido


panic: pool_do_get(mbpl): free list modified: magic=1b7448e5; page 
0xd685b000; item addr 0xd685b500

Stopped at  Debugger+0x4:   leave
RUN AT LEAST 'trace' AND 'ps' AND INCLUDE OUTPUT WHEN REPORTING THIS PANIC!
DO NOT EVEN BOTHER REPORTING THIS WITHOUT INCLUDING THAT INFORMATION!
ddb trace
Debugger(f10c0210,9d404f57,d68a4600,d685b500,d080fa60) at Debugger+0x4
panic(d06caee0,d06ccc04,1b7448e5,d685b000,d685b500) at panic+0x55
pool_do_get(d080fa60,0,0,d68a4600,7) at pool_do_get+0x2ea
pool_get(d080fa60,0,12,60) at pool_get+0x1e
m_gethdr(1,1,0,d9d2ad48,0) at m_gethdr+0x30
vr_encap(d10ba000,d10babd0,d685bb00,0) at vr_encap+0x18
vr_start(d10ba034,0,d68a4600,d678b0d8,0) at vr_start+0x90
nettxintr(23d6,0,d678b0d8,d037177b,0) at nettxintr+0x4e
Xsoftnet() at Xsoftnet+0x6e
--- interrupt ---
0x1:
ddb ps
   PID   PPID   PGRPUID  S   FLAGS  WAIT  COMMAND
 28305  21587   6778   1000  3  0x4082  ttyin more
 21587   6778   6778   1000  3  0x4082  pause sh
  6778  13844   6778   1000  3  0x4082  wait  man
 13844  22477  13844   1000  3  0x4082  pause ksh
 22477   9376   9376   1000  3   0x180  selectsshd
  9376  10701   9376  0  3  0x4180  netio sshd
 23605  1  23605  0  3 0x40180  selectsendmail
 21625  27808  27808  0  3   0x181  pause smbd
 22674  1  22674  0  3  0x4082  ttyin ksh
  6025  1   6025  0  3  0x4082  ttyin getty
 29778  1  29778  0  3  0x4082  ttyin getty
  9080  1   9080  0  3  0x4082  ttyin getty
 10148  1  10148  0  3  0x4082  ttyin getty
 16765  1  16765  0  3  0x4082  ttyin getty
 28761  1  28761  0  30x80  selectcron
 27808  1  27808  0  3   0x181  selectsmbd
 17237  1  17237  0  30x81  selectnmbd
 10701  1  10701  0  30x80  selectsshd
 21179  1  21179  0  3   0x180  selectinetd
 16226  1  16226 77  3   0x180  poll  dhcpd
  3955   8063   8063 83  3   0x180  poll  ntpd
  8063  1   8063  0  30x80  poll  ntpd
* 6753  18595  18595 70  7   0x100named
 18595  1  18595  0  3   0x180  netio named
 13456   5248   5248 74  3   0x180  bpf   pflogd
  5248  1   5248  0  30x80  netio pflogd
 15110   1759   1759 73  3   0x180  poll  syslogd
  1759  1   1759  0  30x88  netio syslogd
18  0  0  0  30x100200  bored crypto
17  0  0  0  30x100200  aiodoned  aiodoned
16  0  0  0  30x100200  syncerupdate
15  0  0  0  30x100200  cleaner   cleaner
14  0  0  0  30x100200  reaperreaper
13  0  0  0  30x100200  pgdaemon  pagedaemon
12  0  0  0  30x100200  pftm  pfpurge
11  0  0  0  30x100200  usbevtusb4
10  0  0  0  30x100200  usbevtusb3
 9  0  0  0  30x100200  usbevtusb2
 8  0  0  0  30x100200  usbevtusb1
 7  0  0  0  30x100200  usbtskusbtask
 6  0  0  0  30x100200  usbevtusb0
 5  0  0  0  30x100200  apmev apm0
 4  0  0  0  30x100200  bored syswq
 3  0  0  0  30x100200idle0
 2  0  0  0  30x100200  kmalloc   kmthread
 1  0  1  0  3  0x4080  wait  init
 0 -1  0  0  3 0x80200  scheduler swapper


dmesg:

boot
booting hd0a:/bsd: 6041600+1009204 [52+314832+297292]=0x74eef8
entry point at 0x200120

[ using

Re: Kernel panic with wpa (wpa2-personal)

2008-07-03 Thread Guido Tschakert 

giovanni schrieb:

well, I'm not alone

same behaviour as stated in:

http://marc.info/?l=openbsd-miscm=121396323512149w=2

moreover if I do not use any wpa it does not panic. did you try this?



Hi Giovanni,

no, I did not really tested it, I only tried out wpa and saw that it 
worked with wpa at client site and crashed with wpa2 at client site.


The crash with wpa2 directly occured when using it, with wpa I was able 
to surf the net and no crash happend. At the weekend I will configure it 
for daily use (firewall, dhcpd etc.). Then we will see if it also 
crashes with wpa1.


BTW, as long as wpa2 leads to crashes I will disable it within ifconfig 
to avoid a possible Denial of service ;-) (option wpaprotos wpa1)


guido

More then 1 dhcrelay process on 1 router

2008-03-06 Thread Guido Tschakert 
Hello folks

short:
will 2 (or more) dhcrelay work on one router without problems

long:
I have a router connected to 3 networks:
a.b.1.0/24 connected to if1,
a.b.2.0/24 connceted to if2,
a.b.3.0/24 connected to if3.

Lets say I have a dhcpd on a.b.1.1

Is it possible to start the two dhcrelay processes:

dhcrelay
/usr/sbin/dhcrelay -i if2 a.b.1.1
/usr/sbin/dhcrelay -i if3 a.b.1.1

or will they interfere?

If no one knows an answer I will test it next week, as for now I don't
have a spare machine with enough network cards ready ;-)

thanks guido

Re: More then 1 dhcrelay process on 1 router

2008-03-06 Thread Guido Tschakert 
Guido Tschakert schrieb:
 Hello folks
 
 short:
 will 2 (or more) dhcrelay work on one router without problems
 
 long:
 I have a router connected to 3 networks:
 a.b.1.0/24 connected to if1,
 a.b.2.0/24 connceted to if2,
 a.b.3.0/24 connected to if3.
 
 Lets say I have a dhcpd on a.b.1.1
 
 Is it possible to start the two dhcrelay processes:
 
 dhcrelay
 /usr/sbin/dhcrelay -i if2 a.b.1.1
 /usr/sbin/dhcrelay -i if3 a.b.1.1
 
 or will they interfere?
 
 If no one knows an answer I will test it next week, as for now I don't
 have a spare machine with enough network cards ready ;-)
 
 thanks guido
 
 

Ok,
If found some hardware to test it:

it just worked out of the box. That is why I love OpenBSD: It just work!

guido

Re: Updates for old releases

2008-02-22 Thread Guido Tschakert 
Antonio Lobato schrieb:
Hi all!
 
I read http://openbsd.org/security.html (and stable.html), but could
 not make
 sure about my question.
 
If today I download old versions (say /pub/OpenBSD/4.0/i386/cd40.iso) of
 openbsd, does it already includes the fixes listed in
 http://openbsd.org/security.html#40 (or #41)? 
No

If no, is there available
 the same
 cd40.iso but including these fixes or must I to apply the patches on
 original
 system?

No, and don't use 4.0 as 4.2 is already available and supported.

 
If there is some doc explaining it with more details, please give me
 the pointers.
  Thanks,
 
You want to check
http://www.openbsd.org/faq/faq5.html#Flavors

 
 
Tom
 
 


guido

Why does pf work with last matching rule wins

2008-02-21 Thread Guido Tschakert 
Hi,

I wonder why pf works from top to bottom in filtering with last matching
rule wins but in adress translation from top to bottom with first
matching rule wins.

Sure, I can use quick on every rule in filtering to have first
matching rule wins.

Me thinks it would be better if both filtering and adress translation
works the same (like first rule wins), but I think there are reasons to
do it the pf way, but I don't see them.
Any enlightment for me?

thanks guido

Re: OT: Where to buy an appliance style case?

2007-12-25 Thread Guido Tschakert 
Steve B wrote:
 Has anyone seen a manufacturer that sells an appliance style chassis? I'd
 like to slim down my current 4U/OBSD box to a 1U form factor using a VIA C7
 board. Ideally I'd like to have a chassis that has the Ethernet ports on the
 front, along with a serial port. Something like an old Symantec Firewall,
 Netscreen or Watchguard chassis. Alternatively has anyone hacked one of
 these type of devices and installed their own board and drive?
 
Hello,

Chenbro makes some small 1U Chassis like the RM13800 an RM 12500. I
remember a Chassis like the RM12500 with ports on the front size but did
not find it yet.
But these chassis are not cheap and not every board will fit.

cheers

guido

Asus releases source-code for eeepc

2007-11-28 Thread Guido Tschakert 
Hello,

for those of you who are interested,
Asus has released the source code of their linux drivers for the EeePc.

http://support.asus.com/download/Download.aspx?SLanguage=en-us

Sorry, no direct link and I also don't know if it is blob free.
Maybe someone of you wants to look deeper in the code.

guido

Re: OT: OpenBSD on Asus eeePC

2007-11-13 Thread Guido Tschakert 
Marc Balmer schrieb:
 Jacob Winther wrote:
 On 14/11/2007, at 6:55 AM, Andreas Maus wrote:

 Did anyone try to run OpenBSD on Asus new small eeePC?


 Just fired up a flashboot image from usb running 4.1 bsd.rd:
 
 nice to see you have one.  can you boot -current and mail the dmesg to
 [EMAIL PROTECTED]
 
 Does anybody know where I could buy such a machine, preferrably in
 .ch or .de?
 
 - Marc




Hello,
you might find this link useful:

http://www.asus.de/news_show.aspx?id=8890  (sorry, its german)

Asus will ship the EeePC to Germany and Austria in December2007.

Mabye alternate.de will sell them.


guido

Re: How can i boot a bsd.rd from windows 2000 ?

2007-10-11 Thread Guido Tschakert 
Gerald Thornberry schrieb:
 How about an external CDROM drive connected to a parallel port?  Micro
 Solutions used to make one (called BackPack) that could connect via
 USB, PCCard, and Parallel Port.  Once you loaded the drivers under
 Windows I'm pretty sure you could boot from it.
 

Hmm,
what does the windows driver has to do with the ability of the bios  to
boot from a device?

Wasn't there, in the last century, a tool for windows to boot a linux
kernel (yeah, I know this is OpenBSD) from windows, but I guess that was
with win-dos.

guido

 On 10/11/07, Christopher Bianchi [EMAIL PROTECTED] wrote:
 Peter N. M. Hansteen ha scritto:
 Christopher Bianchi [EMAIL PROTECTED] writes:


 Mmm i've tried qemu, but i wish install really OpenBSD on it. I've a
 pcmcia but this notebook can't boot from it.

 As Craig pointed out, if the machine has a USB port it's likely it can
 boot from USB floppy.


 really ?  but in the bios i not see any voices about it...anyway i'll try.

Typo on http://www.openbsd.org/errata41.html

2007-10-11 Thread Guido Tschakert 
Hello Webmasters :-)

Theres is a Typo on http://www.openbsd.org/errata41.html :

Me thinks it should read 011:SECURITY FIX: October 10,2007

and not: 018:SECURITY FIX: October 10,2007

guido

Re: partioning for multiple OS's

2007-09-04 Thread Guido Tschakert 
stan schrieb:
 I have a new laptop.
 
 It came with Vista on it. I used gpartd to resize those partions, and added
 Ubuntu. Now I want to add OpenBSD, and FreeBSD. I'd like to do OpenBSD
 next.
 
 When I boot the 4.1 CD, I get to the partioning step, and I am confused.
 Since I can't figure out how to capture the screen imafe from a machine
 booted off of the CD. I'll show you what Linux's cfdisk shows.
 
 NameFlags  Part Type  FS Type  [Label]Size (MB)
 --
   sda1Primary   Unknown (27)  10479.01 
   sda2BootPrimary   FAT16[]   31453.48
   sda3Primary   Linux ReiserFS3.54
   sda5Logical   Linux swap / Solaris   3997.49
   Logical   Free Space74109.78
 
 How can I acomplish this?
 
 
 


Hello,

do you need to have dual (triple, quadruple) boot, or would you like to
hear about other possibilities?

I would say: use some kind of virtualization (vmware server, xen,
virtual pc )

Doing that, you have not to worry about partitioning and boot loader
configuration (which all is possible but will also likely end in a mess).
You have the possibilities to play with network between the virtual
machines and the host, you can eazy share data between them, and it is
eazy to set up.

Virtualization ist not a solution for everything but a solution for a
lot of things (I'm sure a lot of people here would agree), especially if
you want to play around with things.

guido

Re: Zurich OpenBSD

2007-07-18 Thread Guido Tschakert 
Peter N. M. Hansteen wrote:
 Anton Karpov [EMAIL PROTECTED] writes:
 
 People who don't know each other but wears PUFFY, should salute each other.
 It's an OpenBSD thing. You wouldn't understand ;-)
 
 obviously the salute would need to be clearly specified or at least
 set to sensible defaults (for Monty Python values of)
 
 My coffee had just run out, so no keyboard harmed.
 

Just say Humpaa to everyone wearing an OpenBSD-Shirt or other signs of
lovely Puffy.

guido

-

Re: ifconfig pfsync0 down

2007-03-28 Thread Guido Tschakert 
Ronnie Garcia wrote:
 Hey,
 
 I was expecting to stop pfsync with :
 ifconfig pfsync0 down
 
Hi

pfsync is a pseudo-device (see man pfsync)
To stop a pseudo-device you have to destroy it:
ifconfig pfsync0 destroy (see man ifconfig and search for pseudo-device)

hth

guido



 But it did not.
 I could stop pfsync by down'ing the physical device, but is there any
 other way around ?
 
 I'm using 4.0
 
 Rgds,

Re: vmware: detecting real interfaces?

2007-02-28 Thread Guido Tschakert 
Jacob Yocom-Piatt wrote:
 i am forced to use windows at work and am trying to get a vmware openbsd
 VM to recognize the non-virtual interfaces, so as to have openbsd as the
 router for the windows system. this is using the free vmplayer v1.0.3.
 
 i've read and followed
 
 http://www.cs.drexel.edu/~vp/VirtualFirewall/
 
 and can only see the pcn0 interface under the VM (which is 3.8-release,
 btw) after following the suggestions contained therein. any clues about
 getting the VM to recognize the real physical interfaces would be great.
 
 cheers,
 jake
 
 

Hello Jacob,

some time ago there was an article in the german magazin ct' where they
described the same situation as you have (with the different that they
use ipcop (a linux firewall distro) instead of lovely openbsd to do the
job).

You need the following in your vmware-config:
the real network card has to be used in bridged mode poimting to your
virtual pcn0 interface. This is the external interface of your firewall
pointing to the evil internet. Do not configure this card under windows
(Sorry at the moment I don't know if you can easily disable the card in
 WIndows, but I may have a look in the article if you want)
Next you need a virtual network beetween your virtual machine and your
host. Then you have a second nic in your Windows System (vmware virtual
something) and a second nic in your OpenbSD which points to your
internal (virtual) network.

hth

guido

Re: vmware: detecting real interfaces?

2007-02-28 Thread Guido Tschakert 
Subcommander l0r3zz wrote:
 
 
 On 2/28/07, *Guido Tschakert* [EMAIL PROTECTED]
 mailto:[EMAIL PROTECTED] wrote:
 
 Jacob Yocom-Piatt wrote:
  i am forced to use windows at work and am trying to get a vmware
 openbsd
  VM to recognize the non-virtual interfaces, so as to have openbsd
 as the
  router for the windows system. this is using the free vmplayer v1.0.3.
 
  i've read and followed
 
  http://www.cs.drexel.edu/~vp/VirtualFirewall/
 
  and can only see the pcn0 interface under the VM (which is
 3.8-release,
  btw) after following the suggestions contained therein. any clues
 about
  getting the VM to recognize the real physical interfaces would be
 great.
 
  cheers,
  jake
 
 
 
 Hello Jacob,
 
 some time ago there was an article in the german magazin ct' where they
 described the same situation as you have (with the different that they
 use ipcop (a linux firewall distro) instead of lovely openbsd to do the
 job).
 
 You need the following in your vmware-config:
 the real network card has to be used in bridged mode poimting to your
 virtual pcn0 interface. This is the external interface of your firewall
 pointing to the evil internet. Do not configure this card under windows
 (Sorry at the moment I don't know if you can easily disable the card in
 WIndows, but I may have a look in the article if you want)
 
 
 
 This particular vmware product relies on the drivers of the host
 operating system to send packets to the outside world so if you disable
 the interface in windows, you also disable any virtuals nics that are
 bound to this interface.
 
  
 
 Next you need a virtual network beetween your virtual machine and your
 host. Then you have a second nic in your Windows System (vmware virtual
 something) and a second nic in your OpenbSD which points to your
 internal (virtual) network.
 
 
 Fine, but ultimately you must go outside.  All vmware virtual mahines
 are standardized around this particular network interface, it is what
 enables us to do things like VMotion in the Enterprise products.  So,
 unlike Xen, vmware VMs  do not see the PCI buss or any other particulars
 of your underlying hardware.
 
 

Hi,
yes finally you must go outside, this is done with the bridged interface.
The question is (I don't have the complete answer, but a strange feeling):
How secure is your windows with a network interface enabled and nothing
on it configured.

guido

Re: Configuring nut for USB

2007-02-23 Thread Guido Tschakert 
James Blasius wrote:
 I have not been able to figure out (for months) how to attach
 configure NUT to find an UPS on a USB port. The dmesg shows it to be
 on uhidev0. Thanks.
 
Hi,

I have the same problem
http://archives.neohapsis.com/archives/openbsd/2006-11/2133.html
but unfortunely never received an answer,
I am also very interested in a solution.

thanks,

guido

Spamassassin overwrites manual of OpenBSD spamd

2007-02-20 Thread Guido Tschakert 
Hello,

while reading the discussion about spamd, I decided to learn a little
bit about it and have a look in the manual, but man spamd yields to the
manual of spamd - daemonized version of spamassassin what is not
exactly what I was looking for. (I installed p5-Mail-SpamAssasin from
ports/packages)

apropos spamd shows:
spamd (8) - spam deferral daemon
spamd-setup (8) - parse and load file of spammer addresses
spamd.conf (5) - configuration file read by spamd-setup(8) for spamd(8)
spamdb (8) - spamd database tool
spamlogd (8) - spamd whitelist updating daemon
Mail::SpamAssassin::Client (3p) - Client for spamd Protocol
spamc (1) - client for spamd
spamd (1) - daemonized version of spamassassin
spamd (8) - daemonized version of spamassassin

The first and the last entry are both spamd (8), but spamassassin from
ports has overwritten /usr/local/man/man8/spamd.8 from the system (which
I am looking for)

I don't know if there is an easy solution for this (I don't want to call
it a problem), but I think this shouldn't happen.

For now I go to
http://www.openbsd.org/cgi-bin/man.cgi?query=spamdapropos=0sektion=0manpath=OpenBSD+Currentarch=i386format=html
and read the manual online :-)

thanks
guido

Re: Spamassassin overwrites manual of OpenBSD spamd

2007-02-20 Thread Guido Tschakert 
Jason McIntyre wrote:
 On Tue, Feb 20, 2007 at 10:19:31PM +0100, Guido Tschakert wrote:
 The first and the last entry are both spamd (8), but spamassassin from
 ports has overwritten /usr/local/man/man8/spamd.8 from the system (which
 I am looking for)

 I don't know if there is an easy solution for this (I don't want to call
 it a problem), but I think this shouldn't happen.

 
 you can change the order man(1) looks for its pages in /etc/man.conf, i
 think. but probably best is to contact the port maintainer and ask them
 to rename the page to stop it squashing base spamd(8).
 
 jmc
 
Hi,

I already have send my mail to the maintainer of the port.
I have looked in /etc/man.conf and read the manual: you can change the
order of the subdirs with _subdir, but the order of how the sections are
searched (with _default) seems to be alphabetically and /usr/local comes
 before /usr/share. (correct me, if I'm wrong)

Digging in man (1) gives me the following help:
$ man -w spamd
/usr/local/man/man1/spamd.1
/usr/share/man/cat8/spamd.0
/usr/local/man/man8/spamd.8
$ more /usr/share/man/cat8/spamd.0

BTW, I was wrong with saying the port overwrites the manual of the
system-spamd. The system manuals are stored in /usr/share/man while the
port manuals go to /usr/local/man, as some guys told me privatly. Stupid me,

thanks
guido

Re: OpenBSD Wireless Router and Nintendo DS

2007-02-16 Thread Guido Tschakert 
Jan Izary wrote:
  Brian wrote:
 I'm having trouble connecting to my OpenBSD wireless router with my
 Nintendo DS handheld.
 
 http://nate.my-balls.com/reference/?content=wirelessmenu=network does
 have a working configuration with ural, try it's set up and of course,
 configure your ds to make sure it's got the connection information.

Hello,
this is a very nice description on how to configure ural,
I have done this myself some month ago and it works, only one thing does
__not__ works with my DS: WEP. (as I mentioned some month ago on this list).
Maybe this is a firmware problem of my DS (or of the nintendo
wifi-connector).
But without WEP it works very well like it is described on the webpage
mentioned above.

guido

Problems using a Powerware 5110 (with nut 2.0.3)

2006-11-24 Thread Guido Tschakert 
Hello,

I'm trying to connect to my Eaton Pwoerware 5110 with usb.

I have installed OpenBSD 4.0 and nut-2.0.3.

The dmesg part for the UPS reads:

ugen0 at uhub0 port 2
ugen0: Powerware Powerware UPS, rev 0.20/0.50, addr 6

I tried to configure /etc/nut/ups.conf

[UPS]
driver = bcmxcp_usb
port = /dev/ugen0.00
desc = Eaton PW 5110

like it is described on the nut homepage.
Then I regocnized that there is no bcmxcp_usb driver in my system ;-(

So i want to ask, if (why?) the usb device of such an ups isn't
supported yet or if I can use the bcmxcp driver instead (which I tried
but I was out of luck)?

Another question come to me while looking through the ugen manual:
/dev/ugenN.EE Endpoint EE of device N
What is the endpoint EE compared to my dmesg? Port2 or addr 6 or
something else?

thanks for your time

guido

Re: Nintendo Wifi Connector and Nintendo DS (WEP)

2006-11-02 Thread Guido Tschakert 
Damian Wiest wrote:
  On Tue, Oct 31, 2006 at 11:08:15AM +0100, Guido Tschakert wrote:
  Hello,
 
  after reading through the ralink broken after last update thread and
  seeing that Bruno is using an Nintendo Wifi Connector
  I wonder if someone has connected a Nintendo DS via an OpenBSD Box and
  the Nintendo Wifi Connector as AP using WEP.
  Without WEP everything works fine for me (i put my /etc/hostname.ural0
  at the bottom of this message)
  But I haven't worked out how to configure WEP.
  What worked was using WEP for a connection between the Wifi
Connector as
  Accesspoint and my notebook.
  So if anybody know in which format I have to use the WEP Key on
both the
  OpenBSD Box and the Nintendo DS, I really would like to know.
 
  thanks
 
  guido
 
 
 
 
 
  /etc/hostname.ural0
  inet 192.168.22.1 255.255.255.252 NONE media DS2 mediaopt hostap mode
  11b nwid zelda chan 12 -nwkey
 
  (btw the DS only works with 2Mbps)
 
  I've got a couple DS's (and a PSP  :(  ) at home and have been using
them
  with various systems (FreeBSD and OpenBSD with Aironet and Prism cards
  and a Linksys 54WRTG) acting as access points.  I don't seem to recall
  encountering any problems.  What does the Nintendo wireless adapter
  attach as?
 
Hello

the dmesg of the adapter is:
ural0 at uhub4 port 1
ural0: Nintendo Nintendo Wi-Fi USB Connector, rev 2.00/0.01, addr 2
ural0: MAC/BBP RT2570 (rev 0x05), RF RT2526, address xx:xx:xx:xx:xx:xx


  Is there some reason you're hardcoding the transmit speed on your AP?
  I had no end of trouble trying to connect when I tried this.  I believe
  that if you specify the transmit speed, then all devices must use that
  speed.  Meaning, you can't have one using DS2, one using DS11 and your
  AP doing autoselect.  At least I couldn't get that sort of setup to
  function.
 

the reason for hardcoding the transmit speed is because the (u)ral
manual says:
The ural driver supports automatic control of the transmit speed in BSS
mode only. Therefore the use of a ural adapter in Host AP mode is
discouraged.
But that is no problem, I use this access point only for DS (and
upcoming Wii  ;-)  )

But I haven't worked out to use the WEP key on the DS.
I used the following line to configure the adapter:
inet 192.168.22.1 255.255.255.252 NONE media ds2 mediaopt hostap mode
11b nwid zelda chan 12 nwkey mario

  As for the WEP key, you should enter it just like you did on your AP.

Then I serached for Access Points with the DS and found zelda, encrypted
with WEP. I typed mario as wep key and then the DS told me: cannot
connect to access point.
I tried 40 and 104 Bits, hexadecimal and ascii keys on both the Openbsd
box and the DS, but nothing worked.
(now that I know how the DS recognize if it is hexa or ascii (it's the
length of the string), but after reading through the wifi website of
nintendo I believe they are not really interested in security. They tell
you to use an easy to remember wep key, e.g. your cellphone number)

Connecting from a Laptop to the Adapter using wep works just without
problems.

thanks

guido

Re: Transparent bridge rdr SSH traffic

2006-09-28 Thread Guido Tschakert 
Johan L wrote:
 Karsten McMinn skrev:
 On 9/27/06, Jason Dixon [EMAIL PROTECTED] wrote:

 Think about it.  How would sshd communicate with you without an IP
 address?  Seems to defy the laws of TCP/IP.

 I'd concede that its more akin to bending than defying laws (RFCs).

 with enough will and some legwork you might be able to get
 further with renumbering lo(4) and using rdr.  it would be a fun
 feature to run a ethernet interface in half bridge mode, but
 in the meantime just get a third interface outside of the bridge
 group.

 
 Half bridge mode sounds cool :).
 So my only way out is to add a third interface to the OpenBSD server
 with a public ip address? Right?
 
 
Wrong!

You can give an interface a ip address and use the same interface in
your bridge configuration.
(I do not say that this is the best configuration)

You can do very funny things with bridge configuration and ip
configuration.

At home I have one interface working as access point. This interface is
also member of a bridge, the only member! I only use this bridge to
filter mac adresses (ok, please no discussion about faking mac addresses)

cheers
guido

Re: Mail gateway behind MS Exchange

2006-09-06 Thread Guido Tschakert 
Stuart Henderson wrote:
 On 2006/09/06 13:19, Cedric Brisseau wrote:
 I think spamd can't help a lot since mails aren't received directly.
 
 oh, what do you mean by aren't received directly?
 
 


I think he means, the mail are fetched from their provider with a
mechanism similar to fetchmail and their provider also have a spam
filter (and putthe keyword spam in the subject).

So what you can do if this is the case, use fetchmail to fetch the mails
 feed the mails in a MTA (Postfix, sendmail) they can send them to a
content filter (amavis with clamav and spamassassin for example) and
after that, the mails are send to your MS-Crap. If you have time you can
also build a mechanism to feed spam (and probably ham) to your content
filter to train the content filter.

But don't forget to tell your boss and colleagues that there is no 100%
protection for spam  ;-)

guido

Re: Porting firewall/routing script to OpenBSD from linux?

2006-08-16 Thread Guido Tschakert 
Paul de Weerd schrieb:
 On Tue, Aug 15, 2006 at 02:20:05PM -0500, Matthew R. Dempsky wrote:
 | On Sun, Aug 13, 2006 at 01:19:31PM -0400, Nick Guenther wrote:
 |  I think you're looking for ifconfig(8). Wait, doesn't linux have
 |  ifconfig? What's ip for?
 | 
 | ip is from the iproute2 package.  From the lartc.org manual, ``Why 
 | iproute2?''[1]:
 | 
 | Most Linux distributions, and most UNIX's, currently use the 
 | venerable arp, ifconfig and route commands. While these tools work, 
 | they show some unexpected behaviour under Linux 2.2 and up. For 
 | example, GRE tunnels are an integral part of routing these days, but 
 | require completely different tools.
 | 
 | With iproute2, tunnels are an integral part of the tool set.
 | 
 | [1] http://lartc.org/howto/lartc.iproute2.html
 
 show some unexpected behaviour under Linux 2.2 and up... Why not fix
 that behaviour in stead of adding new and confusing tools ?
 
 KISS
 
 Paul 'WEiRD' de Weerd
 

Oh, it was much more better than just adding a new tool.
They forget to add a manual or info-page or something similar to this
tool for more than 2 years.
The only dokumentation was in the source code.

That is, why I love OpenBSD. For almost everything there exist a
man-Page and mostly with examples)

guido

Re: smtp proxy

2006-08-09 Thread Guido Tschakert 
openbsd misc schrieb:
  Hello,
 
  I'm looking for a smtp proxy. The idea is, that the proxy checks the
  smtp session (if everything is valid and forward the information to an
  exchange-server). The forwards should happen step-by-step (the smtp
  proxy should be able to drop to be able to deny the recipient). The mail
  itself should be streamed (because the proxy should run in memory only).
  Does someone know such a solution?
 
  Regards
Hagen Volpers
 
 

Hi,

use a standard smtp daemon (sendmail, postfix or whatever) and put the
spooling directory in a ramdisk  :-)


guido


-

Re: D-Link DUB-E100 new Revision does not work

2006-07-20 Thread Guido Tschakert 
finley_it schrieb:
 Hi Guido, 
 Maybe you are interested in knowing that Suse 10.1 handle quit well asix
 ax88772, while previous 9.3 doesn't
 
 bue
 
 Finley

Yeah, I know, (i also tested the D-Link Crap with SuSE10.1) and had a
look in the sources of the usbnet driver. But it didn't work out of the
box and I'm not that kernel guru to change the source code, so this crap
 is regocnized by usbnet
I will wait till the next Versions (OpenBSD 4.0 and SuSE10.2) and see if
 some developer has had the time to support this crap.

As mentioned before I do not need this thing to work under OpenBSD or Linux.

guido

Re: D-Link DUB-E100 new Revision does not work

2006-07-13 Thread Guido Tschakert 
 ello,

 I have searched the net and what I found isn't that good.

 From the linux people I found that AX88772 L should be supported by
 their usbnet driver.
 On the other side I found a guy (using linux) having the same device
 (and thus the same problem as I have)

 At asix I found the following site
 http://www.asix.com.tw/products.php?op=pItemdetailPItemID=86;71;101PLine=71

 They say that their chip is supported under linux with the usbnet driver.

 The only difference I see between what I have and what I found in the
 net is the name of the chipset: everyone talks about AX88772 L and I
 have AX88772 LF (you see the F? )

 I think, I write a email to D-LINK and Asix,

 cheers

 guido
 
 The letters are probably package sizes of the chip rather than
 revisions.
 
 More likely something like the gpio twiddling needs to be improved
 in the driver if the diff I sent is not working.
 
 

Hello Jonathan,

I must admit, I don't know what you exactly are talking about (gpio
twiddling :-)

I got an answer from axis, I think I can post it here:

 Dear Guido:
 Thank you for your question. AX88772 L and AX88772 LF are all support
 Linux driver. D-Link can't support Linux driver because they has
 different PID and VID at their new device.

 You should find out their PID and VID so that you can add it to Linux
 driver.

As often, they only talk about linux.
I think, that is exactly what your diff has done.
The guy from axis included the source code of the usbnet.c driver, which
contains a lot of functions with ax88772 in their names.

If it helps, I can forward it to you.

One thing, if you don't have the time to improve the driver: I really
don't need it, better use your time for important things ;-)

Nevertheless, thanks for your help

guido

Re: D-Link DUB-E100 new Revision does not work

2006-07-13 Thread Guido Tschakert 
Guido Tschakert schrieb:
 ello,

 I have searched the net and what I found isn't that good.

 From the linux people I found that AX88772 L should be supported by
 their usbnet driver.
 On the other side I found a guy (using linux) having the same device
 (and thus the same problem as I have)

 At asix I found the following site
 http://www.asix.com.tw/products.php?op=pItemdetailPItemID=86;71;101PLine=71

 They say that their chip is supported under linux with the usbnet driver.

 The only difference I see between what I have and what I found in the
 net is the name of the chipset: everyone talks about AX88772 L and I
 have AX88772 LF (you see the F? )

 I think, I write a email to D-LINK and Asix,

 cheers

 guido
 The letters are probably package sizes of the chip rather than
 revisions.

 More likely something like the gpio twiddling needs to be improved
 in the driver if the diff I sent is not working.


 
 Hello Jonathan,
 
 I must admit, I don't know what you exactly are talking about (gpio
 twiddling :-)
 
 I got an answer from axis, I think I can post it here:
 
 Dear Guido:
 Thank you for your question. AX88772 L and AX88772 LF are all support
 Linux driver. D-Link can't support Linux driver because they has
 different PID and VID at their new device.

 You should find out their PID and VID so that you can add it to Linux
 driver.
 
 As often, they only talk about linux.
 I think, that is exactly what your diff has done.
 The guy from axis included the source code of the usbnet.c driver, which
 contains a lot of functions with ax88772 in their names.
 
 If it helps, I can forward it to you.
 
 One thing, if you don't have the time to improve the driver: I really
 don't need it, better use your time for important things ;-)
 
 Nevertheless, thanks for your help
 
 guido
 
 
Ok,

now i got an answer from dlink telling that the DUB-E100 contains the
following:
Asix AX88172 (as we already now)
IC+ IP101 (the PHY what we can see from the dmesg)

If someone is able to use this data...


guido

Re: D-Link DUB-E100 new Revision does not work

2006-07-12 Thread Guido Tschakert 
Guido Tschakert schrieb:
 Guido Tschakert schrieb:
 Hello,

 don't know if this is the right place, but I post it anyway.

 I bought an D-Link DUB-E100 which should work on OpenBSD accordingly to
 the web site.

 But it doesn't. Our lovely vendor D-Link changed the chipset and called
 it H/W Ver.:B1
 here comes the part of the dmesg

 ugen0 at uhub4 port 4
 ugen0: vendor 0x07d1 product 0x3c05, rev 2.00/0.01, addr 2

 Maybe the info on http://www.openbsd.org/i386.html#hardware should be
 changed to D-Link DUB-E100 (Revision A) or something like that.

 Btw, I don't need this thing to work on openbsd but I plug every piece
 of hardware in one of our openbsd boxes to check if it works ;-)

 If I can give you more info, please let me know.
 At this time I try to open the case of the adaper, hoping to see a label
 with the name of the chipset.


 guido

 PS: also on Linux which should support the old DUB-E100 the new one
 doesn't work.


 
 A colleague has opened this box, the chipset is AX88772 LF.
 (The old one had AX88172).
 Hope that anyone can use this information.
 
 guido
 
 
ello,

I have searched the net and what I found isn't that good.

From the linux people I found that AX88772 L should be supported by
their usbnet driver.
On the other side I found a guy (using linux) having the same device
(and thus the same problem as I have)

At asix I found the following site
http://www.asix.com.tw/products.php?op=pItemdetailPItemID=86;71;101PLine=71

They say that their chip is supported under linux with the usbnet driver.

The only difference I see between what I have and what I found in the
net is the name of the chipset: everyone talks about AX88772 L and I
have AX88772 LF (you see the F? )

I think, I write a email to D-LINK and Asix,

cheers

guido

-- 
Mit freundlichen Gr|_en,

  Guido Tschakert

_

SRC Security Research  Consulting GmbH
Graurheindorfer Str. 149 a  Tel: +49-228-2806-138
53117 Bonn  Fax: +49-228-2806-199
http://www.src-gmbh.de  Mob: +49-160-3671422

Re: No Java in OpenBSD

2006-07-11 Thread Guido Tschakert 
Karel Kulhavy schrieb:
 I appreciate there is no Java in OpenBSD. I searched for java, jre, jdk,
 j2se, sun, blackdown and ibm in the packages and didn't find anything.
 
 I understand why - presumably because Java is not a free software.
 
Hmm, go read the faqs

http://www.openbsd.org/faq/faq13.html#javaflash

Not everything in ports exist as a package (mostly due to license problems)

guido



 This is very handy - I don't have to waste time with Java programs, which are
 usually broken anyway, and sometimes trash the machine with of denial of
 service attack on CPU and memory. Now I can focus on more productive things
 than Java programs. I just need to find an alternative program for the given
 task that doesn't rely on non-free software to be able to run.
 
 The fact that something doesn't run on OpenBSD already proven to be handy
 several times. I needed to run Lotus Notes which is not possible so I had
 to put it on a Linux server, which is faster. I don't like the Lotus Notes
 but I have to work with them. This way it's faster and Lotus Notes don't
 crash when I switch virtual desktop. They also don't take memory and disk
 and attack a different CPU than mine :)
 
 The same with the program Inventory I used for TODO list. It segfaulted 
 because
 was written badly. On Linux it runs OK. I was forced to find a text-mode todo
 which is more suited to the task. And I don't have to run a MySQL server for
 that.
 
 I also appreciate there is no suspend to disk or ram. On Linux it used to 
 cause
 problems - the CPU switched to lower speeds, the keyboard in X crashed, and
 when one closed the lid and reopened quickly, it took many minutes to recover
 from hysterical suspend-wake cycles. Now I just run shutdown and have benefits
 like:
 - if I wait on platform and a train comes, I just close the lid and don't
 have to wait for wake up in the train
 - I can switch to external LCD and turn off the internal LCD easily by putting
   a chip from old CDROM over the lid sensor.
 
 Some people whine that on OpenBSD nothing runs, but I think this is actually 
 an
 advantage. This way the user is forced to work with the properly implemented
 things and doesn't have to waste time with crap.
 
 CL
 
 


-- 
Mit freundlichen Gr|_en,

  Guido Tschakert

_

SRC Security Research  Consulting GmbH
Graurheindorfer Str. 149 a  Tel: +49-228-2806-138
53117 Bonn  Fax: +49-228-2806-199
http://www.src-gmbh.de  Mob: +49-160-3671422

Re: D-Link DUB-E100 new Revision does not work

2006-07-10 Thread Guido Tschakert 
Jonathan Gray schrieb:
**snip**

 Hello,

 here is what I've done.

 installed an openbsd
 put src.tar.gz on it
 made an cvs-update
 
 A snapshot would have been easier for this bit.
 
 applied the diffs (by hand, as it were just a few lines and I didn't
 find the right way to do this with patch/cvs, maybe some can tell me)
 
 get -current src via cvs
 cd /usr/src/sys/dev/usb
 patch -p0  /path/to/patch
 
 rebuild kernel
 booted the system
 rebuild userland
 booted the system

 now I have done -current for the first time in my life ;-)

 Then I attached the usb-device and got following kernel message

 axe0 at uhub3 port 1 configuration 1 interface 0
 axe0: D-Link DUB-E100 rev B1, rev 2.00/0.01, addr 2, AX88772, address
 00:80:c8:38:64:3f
 rlphy1 at axe0 phy 3: IP101 10/100 PHY, rev. 4

 looks good, but
 after configuring the network I wasn't able to send/receive packages
 over the device.
 The only thing I could see with tcpdump (while pinging another computer)
 was the arp request, nothing more.
 With windows the device works as it should *sigh*

 If there is another patch/diff I should try, please let me know.
 
 Are you sure you don't have another default route active?
 Perhaps try set an ip address run tcpdump on the machine
 with the axe(4), and ping it from another computer.
 
 Do you see anything then?
 
 

Hello Jonathan

I have now started from scratch,
installed the latest snapshot and src.tar.gz
updated the sources via cvs
Patched your diffs with the patch command and build a new kernel.
Everything works fine and with no problems.

As before the device is recognized and can be configured but did not
send or receive data.
Yes I doublechecked the network connection (direct connection to another
box, so no other network device like router or switch (which I tried
also before) is interfering)

As said before, if you have another patch or need some other information
 please tell me.

guido

Re: D-Link DUB-E100 new Revision does not work

2006-07-07 Thread Guido Tschakert 
Jonathan Gray schrieb:
 On Thu, Jul 06, 2006 at 04:14:12PM +0200, Guido Tschakert wrote:
 Guido Tschakert schrieb:
 Hello,

 don't know if this is the right place, but I post it anyway.

 I bought an D-Link DUB-E100 which should work on OpenBSD accordingly to
 the web site.

 But it doesn't. Our lovely vendor D-Link changed the chipset and called
 it H/W Ver.:B1
 here comes the part of the dmesg

 ugen0 at uhub4 port 4
 ugen0: vendor 0x07d1 product 0x3c05, rev 2.00/0.01, addr 2

 Maybe the info on http://www.openbsd.org/i386.html#hardware should be
 changed to D-Link DUB-E100 (Revision A) or something like that.

 Btw, I don't need this thing to work on openbsd but I plug every piece
 of hardware in one of our openbsd boxes to check if it works ;-)

 If I can give you more info, please let me know.
 At this time I try to open the case of the adaper, hoping to see a label
 with the name of the chipset.


 guido

 PS: also on Linux which should support the old DUB-E100 the new one
 doesn't work.


 A colleague has opened this box, the chipset is AX88772 LF.
 (The old one had AX88172).
 Hope that anyone can use this information.

 guido
 
 Please try this diff:
 
 Index: usbdevs
 ===
 RCS file: /cvs/src/sys/dev/usb/usbdevs,v
 retrieving revision 1.204
 diff -u -p -r1.204 usbdevs
 --- usbdevs   27 Jun 2006 09:19:09 -  1.204
 +++ usbdevs   6 Jul 2006 15:52:11 -
 @@ -903,6 +903,7 @@ product DLINK DWL120F 0x3702  DWL-120 re
  product DLINK RT2570 0x3c00  RT2570
  product DLINK2 DWLG122C1 0x3c03  DWL-G122 rev C1
  product DLINK2 WUA1340   0x3c04  WUA-1340
 +product DLINK2 DUBE100B1 0x3c05  DUB-E100 rev B1
  product DLINK DSB650C0x4000  10Mbps ethernet
  product DLINK DSB650TX1  0x4001  10/100 ethernet
  product DLINK DSB650TX   0x4002  10/100 ethernet
 Index: usbdevs.h
 ===
 RCS file: /cvs/src/sys/dev/usb/usbdevs.h,v
 retrieving revision 1.208
 diff -u -p -r1.208 usbdevs.h
 --- usbdevs.h 27 Jun 2006 09:19:58 -  1.208
 +++ usbdevs.h 6 Jul 2006 15:52:19 -
 @@ -1,4 +1,4 @@
 -/*   $OpenBSD: usbdevs.h,v 1.208 2006/06/27 09:19:58 jsg Exp $   */
 +/*   $OpenBSD$   */
  
  /*
   * THIS FILE IS AUTOMATICALLY GENERATED.  DO NOT EDIT.
 @@ -910,6 +910,7 @@
  #define  USB_PRODUCT_DLINK_RT25700x3c00  /* RT2570 */
  #define  USB_PRODUCT_DLINK2_DWLG122C10x3c03  /* DWL-G122 rev 
 C1 */
  #define  USB_PRODUCT_DLINK2_WUA1340  0x3c04  /* WUA-1340 */
 +#define  USB_PRODUCT_DLINK2_DUBE100B10x3c05  /* DUB-E100 rev 
 B1 */
  #define  USB_PRODUCT_DLINK_DSB650C   0x4000  /* 10Mbps 
 ethernet */
  #define  USB_PRODUCT_DLINK_DSB650TX1 0x4001  /* 10/100 
 ethernet */
  #define  USB_PRODUCT_DLINK_DSB650TX  0x4002  /* 10/100 
 ethernet */
 Index: usbdevs_data.h
 ===
 RCS file: /cvs/src/sys/dev/usb/usbdevs_data.h,v
 retrieving revision 1.208
 diff -u -p -r1.208 usbdevs_data.h
 --- usbdevs_data.h27 Jun 2006 09:19:58 -  1.208
 +++ usbdevs_data.h6 Jul 2006 15:52:28 -
 @@ -1,4 +1,4 @@
 -/*   $OpenBSD: usbdevs_data.h,v 1.208 2006/06/27 09:19:58 jsg Exp $  */
 +/*   $OpenBSD$   */
  
  /*
   * THIS FILE IS AUTOMATICALLY GENERATED.  DO NOT EDIT.
 @@ -1041,6 +1041,10 @@ const struct usb_known_product usb_known
   {
   USB_VENDOR_DLINK2, USB_PRODUCT_DLINK2_WUA1340,
   WUA-1340,
 + },
 + {
 + USB_VENDOR_DLINK2, USB_PRODUCT_DLINK2_DUBE100B1,
 + DUB-E100 rev B1,
   },
   {
   USB_VENDOR_DLINK, USB_PRODUCT_DLINK_DSB650C,
 Index: if_axe.c
 ===
 RCS file: /cvs/src/sys/dev/usb/if_axe.c,v
 retrieving revision 1.53
 diff -u -p -r1.53 if_axe.c
 --- if_axe.c  23 Jun 2006 06:27:11 -  1.53
 +++ if_axe.c  6 Jul 2006 15:52:29 -
 @@ -160,6 +160,7 @@ Static const struct axe_type axe_devs[] 
   { { USB_VENDOR_CISCOLINKSYS, USB_PRODUCT_CISCOLINKSYS_USB200MV2}, AX772 
 },
   { { USB_VENDOR_COREGA, USB_PRODUCT_COREGA_FETHER_USB2_TX }, 0},
   { { USB_VENDOR_DLINK, USB_PRODUCT_DLINK_DUBE100}, 0 },
 + { { USB_VENDOR_DLINK2, USB_PRODUCT_DLINK2_DUBE100B1}, AX772 },
   { { USB_VENDOR_GOODWAY, USB_PRODUCT_GOODWAY_GWUSB2E}, 0 },
   { { USB_VENDOR_JVC, USB_PRODUCT_JVC_MP_PRX1}, 0 },
   { { USB_VENDOR_LINKSYS2, USB_PRODUCT_LINKSYS2_USB200M}, 0 },
 
 

Ok, I will try that out next week (today there is not so much time and
at home I have no testing machine and btw, as I wrote I'm not in that
hurry).
To be honest I never worked with cvs and at this moment I don't know how
to patch this diff to the source tree, but I will find out.


thanks guido

Re: D-Link DUB-E100 new Revision does not work

2006-07-07 Thread Guido Tschakert 
Jonathan Gray schrieb:
 On Thu, Jul 06, 2006 at 04:14:12PM +0200, Guido Tschakert wrote:
 Guido Tschakert schrieb:
 Hello,

 don't know if this is the right place, but I post it anyway.

 I bought an D-Link DUB-E100 which should work on OpenBSD accordingly to
 the web site.

 But it doesn't. Our lovely vendor D-Link changed the chipset and called
 it H/W Ver.:B1
 here comes the part of the dmesg

 ugen0 at uhub4 port 4
 ugen0: vendor 0x07d1 product 0x3c05, rev 2.00/0.01, addr 2

 Maybe the info on http://www.openbsd.org/i386.html#hardware should be
 changed to D-Link DUB-E100 (Revision A) or something like that.

 Btw, I don't need this thing to work on openbsd but I plug every piece
 of hardware in one of our openbsd boxes to check if it works ;-)

 If I can give you more info, please let me know.
 At this time I try to open the case of the adaper, hoping to see a label
 with the name of the chipset.


 guido

 PS: also on Linux which should support the old DUB-E100 the new one
 doesn't work.


 A colleague has opened this box, the chipset is AX88772 LF.
 (The old one had AX88172).
 Hope that anyone can use this information.

 guido
 
 Please try this diff:
 
 Index: usbdevs
 ===
 RCS file: /cvs/src/sys/dev/usb/usbdevs,v
 retrieving revision 1.204
 diff -u -p -r1.204 usbdevs
 --- usbdevs   27 Jun 2006 09:19:09 -  1.204
 +++ usbdevs   6 Jul 2006 15:52:11 -
 @@ -903,6 +903,7 @@ product DLINK DWL120F 0x3702  DWL-120 re
  product DLINK RT2570 0x3c00  RT2570
  product DLINK2 DWLG122C1 0x3c03  DWL-G122 rev C1
  product DLINK2 WUA1340   0x3c04  WUA-1340
 +product DLINK2 DUBE100B1 0x3c05  DUB-E100 rev B1
  product DLINK DSB650C0x4000  10Mbps ethernet
  product DLINK DSB650TX1  0x4001  10/100 ethernet
  product DLINK DSB650TX   0x4002  10/100 ethernet
 Index: usbdevs.h
 ===
 RCS file: /cvs/src/sys/dev/usb/usbdevs.h,v
 retrieving revision 1.208
 diff -u -p -r1.208 usbdevs.h
 --- usbdevs.h 27 Jun 2006 09:19:58 -  1.208
 +++ usbdevs.h 6 Jul 2006 15:52:19 -
 @@ -1,4 +1,4 @@
 -/*   $OpenBSD: usbdevs.h,v 1.208 2006/06/27 09:19:58 jsg Exp $   */
 +/*   $OpenBSD$   */
  
  /*
   * THIS FILE IS AUTOMATICALLY GENERATED.  DO NOT EDIT.
 @@ -910,6 +910,7 @@
  #define  USB_PRODUCT_DLINK_RT25700x3c00  /* RT2570 */
  #define  USB_PRODUCT_DLINK2_DWLG122C10x3c03  /* DWL-G122 rev 
 C1 */
  #define  USB_PRODUCT_DLINK2_WUA1340  0x3c04  /* WUA-1340 */
 +#define  USB_PRODUCT_DLINK2_DUBE100B10x3c05  /* DUB-E100 rev 
 B1 */
  #define  USB_PRODUCT_DLINK_DSB650C   0x4000  /* 10Mbps 
 ethernet */
  #define  USB_PRODUCT_DLINK_DSB650TX1 0x4001  /* 10/100 
 ethernet */
  #define  USB_PRODUCT_DLINK_DSB650TX  0x4002  /* 10/100 
 ethernet */
 Index: usbdevs_data.h
 ===
 RCS file: /cvs/src/sys/dev/usb/usbdevs_data.h,v
 retrieving revision 1.208
 diff -u -p -r1.208 usbdevs_data.h
 --- usbdevs_data.h27 Jun 2006 09:19:58 -  1.208
 +++ usbdevs_data.h6 Jul 2006 15:52:28 -
 @@ -1,4 +1,4 @@
 -/*   $OpenBSD: usbdevs_data.h,v 1.208 2006/06/27 09:19:58 jsg Exp $  */
 +/*   $OpenBSD$   */
  
  /*
   * THIS FILE IS AUTOMATICALLY GENERATED.  DO NOT EDIT.
 @@ -1041,6 +1041,10 @@ const struct usb_known_product usb_known
   {
   USB_VENDOR_DLINK2, USB_PRODUCT_DLINK2_WUA1340,
   WUA-1340,
 + },
 + {
 + USB_VENDOR_DLINK2, USB_PRODUCT_DLINK2_DUBE100B1,
 + DUB-E100 rev B1,
   },
   {
   USB_VENDOR_DLINK, USB_PRODUCT_DLINK_DSB650C,
 Index: if_axe.c
 ===
 RCS file: /cvs/src/sys/dev/usb/if_axe.c,v
 retrieving revision 1.53
 diff -u -p -r1.53 if_axe.c
 --- if_axe.c  23 Jun 2006 06:27:11 -  1.53
 +++ if_axe.c  6 Jul 2006 15:52:29 -
 @@ -160,6 +160,7 @@ Static const struct axe_type axe_devs[] 
   { { USB_VENDOR_CISCOLINKSYS, USB_PRODUCT_CISCOLINKSYS_USB200MV2}, AX772 
 },
   { { USB_VENDOR_COREGA, USB_PRODUCT_COREGA_FETHER_USB2_TX }, 0},
   { { USB_VENDOR_DLINK, USB_PRODUCT_DLINK_DUBE100}, 0 },
 + { { USB_VENDOR_DLINK2, USB_PRODUCT_DLINK2_DUBE100B1}, AX772 },
   { { USB_VENDOR_GOODWAY, USB_PRODUCT_GOODWAY_GWUSB2E}, 0 },
   { { USB_VENDOR_JVC, USB_PRODUCT_JVC_MP_PRX1}, 0 },
   { { USB_VENDOR_LINKSYS2, USB_PRODUCT_LINKSYS2_USB200M}, 0 },
 
 
Hello,

here is what I've done.

installed an openbsd
put src.tar.gz on it
made an cvs-update
applied the diffs (by hand, as it were just a few lines and I didn't
find the right way to do this with patch/cvs, maybe some can tell me)
rebuild kernel
booted the system
rebuild userland
booted the system

now I have done -current for the first

Re: Kernel pppoe (and the german ISP Hansenet)

2006-07-06 Thread Guido Tschakert 
[EMAIL PROTECTED] schrieb:
 Hello everybody,
 
 Lately I switched to a new ISP in germany wich provides much more bandwith
 (~18Mbit) then my old ISP (~2Mbit).
 Until now I use the pppD and not the kernel-pppoe.
 I read somewhere that the kernel-pppoe may should be better with such fast
 connections so I tried to configure it.
 
 I set up a hostname.pppoe0 and I also got a connection but:
 It seams that the Routing does not work.
 
 pppoedev xl1
 !/sbin/ifconfig xl1 up
 !/usr/sbin/spppcontrol \$if myauthproto=pap myauthname=MYTEL \
  myauthkey=MYPASS
 !/sbin/ifconfig \$if inet 0.0.0.0 0.0.0.1 netmask 0x
 !/sbin/route add default 0.0.0.1
 up
 
 The Box where I tried to set up the Kernel-pppoe is a Router.
 Devices: ath0 (wlan), xl0 (lan), xl1 (for external).
 And yes, Packetforwarding is enabled *otherwise I wouldn`t be here* ;-)
 
 I`m sure I did a misstake somewhere but don`t get it yet (it pretty hot
 here too :)) so I would be happy for any suggestions. Thanks :)
 
 Kind regards,
 Sebastian
 
 
Have you tried setting the mtu of your pppoe Device like

!/sbin/ifconfig xl1 up mtu 1454

guido

D-Link DUB-E100 new Revision does not work

2006-07-06 Thread Guido Tschakert 
Hello,

don't know if this is the right place, but I post it anyway.

I bought an D-Link DUB-E100 which should work on OpenBSD accordingly to
the web site.

But it doesn't. Our lovely vendor D-Link changed the chipset and called
it H/W Ver.:B1
here comes the part of the dmesg

ugen0 at uhub4 port 4
ugen0: vendor 0x07d1 product 0x3c05, rev 2.00/0.01, addr 2

Maybe the info on http://www.openbsd.org/i386.html#hardware should be
changed to D-Link DUB-E100 (Revision A) or something like that.

Btw, I don't need this thing to work on openbsd but I plug every piece
of hardware in one of our openbsd boxes to check if it works ;-)

If I can give you more info, please let me know.
At this time I try to open the case of the adaper, hoping to see a label
with the name of the chipset.


guido

PS: also on Linux which should support the old DUB-E100 the new one
doesn't work.

Re: Configuring pppoe during installation?

2006-06-22 Thread Guido Tschakert 
Michael Lechtermann schrieb:
 Falk Husemann wrote:
 No doubt my name is anyone. I'd be angry.

 It's not about hitting Return one more time, it's integrating something
 new into the Installation Floppy. And you REALLY don't want to drop
 Floppy Installation support or favor CDs.
 
 If you had actually read what I have written you would know that I
 suggested to add it as a special feature for the CDs you can buy (and
 only to them), the other stuff stays the way it is.
 
 Maybe that would get more people to buy the CD, since they get a little
 bit more usability.
 
 Its simply a marketing idea to give a little more support or features
  (like the included install sets) to the CDs you buy.
 
 
No no no,

than we have to add all the other network stuff as mentioned before.
You surely do not want to say no to dozens of network questions (and
maybe a lot of other stuff)
This would make sense if you have any kind of graphical installer like
many linux distros have, but the openbsd installer is just straight
forward to get a minimal running system, which you configure afterwards.

One power of OpenBSD is that you can configure everything with a text
editor as interface to your configuration. You do not need any awkward
program to configure anything. And during installation you are always
allowed to change to a shell and use vi to edit your config files.

guido

Re: Reading a file that is been written make the system freeze?

2006-06-22 Thread Guido Tschakert 
Federico Giannici schrieb:
 Matthias Kilian wrote:
 On Tue, Jun 20, 2006 at 10:59:58AM +0200, Federico Giannici wrote:
 [...]
 The pc freezes (but only occasionally) during dumps of the entire
 filesystem, using the system dump program. The dump is done while
 the system is in use, so files may change during the dump.

 Yesterday another PC freezed!
 I noticed that it occurred just at the time that a copy of a
 directory was done, this time by means of the tar program. This
 time too the backed-up files were in use and probably written.

 What else is running? What's mounted? 
 
 ps: as somebody else wrote, fishy power supplies are a common (and
 hard to debug) cause of failure, too.
 
 As many suggested, I replaced the power supply with a big and expensive
 one.
 
 It just crashed again! At the first backup (it usually crash every 3-4
 times).
 
 So, now we have changed every piece of hardware. And remember that a
 second PC freezed too, just during a backup of a directory. So I
 continue to suspect that it's a software problem related to high disk/io
 usage, and maybe with concurrent reads and writes.
 
 Here is the dmsg.
 
 Thanks.
 
 
 OpenBSD 3.9-current (GENERIC) #591: Sat Jun 17 00:52:05 MDT 2006
 [EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/GENERIC
 real mem = 2146758656 (2096444K)
 avail mem = 1835319296 (1792304K)
 using 22937 buffers containing 214884352 bytes (209848K) of memory
 mainbus0 (root)
 --snip--
 dkcsum: sd0 matches BIOS drive 0x80
 root on sd0a
 rootdev=0x400 rrootdev=0xd00 rawdev=0xd02
 
 
Hmm,

the problems doesn't have to be in software.
I have an example of freezing:

I have a box working as a bridge which freezed on high traffic.
I replaced everything of hardware upgraded the software and it still
freezes.
After a lot more testing I found my problem: the system freezes only if
it were connected to a Cisco Catalyst with a stge Network card and fiber
optic cable. Using a fxp card and twisted pair cable solve the problem
- no more freezes.
Since you talk of backup, do you backup on another machine in your lan?
Have you tried to use another network card (with another chip) or
another switch?



guido

Re: Clock Drift - VMWare

2006-06-21 Thread Guido Tschakert 
Adrian Close schrieb:
 On Tue, 20 Jun 2006, Justin Blackmore wrote:
 
 Im running several OpenBSD 3.9 VM's on a GSX server and the clocks on
 the OBSD vm's drift pretty bad, the real time host hardware clock is
 
 How much drift?  The guest hardware clock generally won't be stable
 enough for NTP to keep things in sync (it might look like it's OK for a
 bit, but it won't be).

Hello,

I had the same problem with GSX Server and a linux guest, about 3 hours
in one day. (After stopping the java process from the developers, the
drift was only some minutes in a day :-) But the developers need their
crappy java stuff ;-) ).
 
 You might be able to use the Linux vmware-guestd tool (I haven't tried
 on OpenBSD), which will sync the time to the host hardware if you ask it
 (but you need X11 to config that, from memory).

I installed the vmware tools, don't have X running and started the
vmwaretools from another machine by ssh -X [EMAIL PROTECTED] vmware-tools.


Don't know If the vmware-tools work on openbsd (with linux or freebsd
emul) but you don't need X on the openbsd Client, just a ssh-Connection
and X Forwarding will help you to open the vmware-toolbox (if it run on
openbsd which I don't believe by now, but I am very interested if it
works :-)  )
Maybe you need tcl/tk.

I also had a look throug the vmware-dirs on my machine but didn't find
where vmware-tool stored if to synchronize time with host or not.

 
 I once had a GSX setup where guest hardware clocks typically ran at 1/3
 - 1/10th of realtime, and sped up when the guest OS was eating lots of
 CPU, but that doesn't sound like what you have...
 
 Adrian Closeemail:[EMAIL PROTECTED]
 107 Essex St, Pascoe Valeweb:http://www.close.wattle.id.au/~adrian
 VIC, 3044, Australiamobile:+61 417 346 094
 
 

thanks guido

Re: release email in amavis temp

2006-06-21 Thread Guido Tschakert 
sonjaya schrieb:
 some email detect spam also most importan email ,so how to restore
 email in /var/virusmail/xxx because taht email is important.
 also any body have some tip to make amavisd-new in openbsd 3.9 most
 faster working because they a lot delay when send and receive with
 attachment.
 my regard
 
 
Hello,

amavis works much more faster if its tempdir is mounted on a ramdisk.
(but at this moment I don't know how to configure a ramdisk with OpenBSD
but surely google will know)



guido

Re: encrypting Bridge freezes

2006-05-18 Thread Guido Tschakert 
Stuart Henderson schrieb:
 On 2006/05/18 10:06, Guido Tschakert wrote:
 I also run a memorytest over a weekend with the only result that the
 memory seems to be ok.

 What else could freeze an OpenBSD box
 
 
 Other hardware problems can occur that memtest won't show.
 Some are fixable (e.g. poor cooling), others can be due to
 failed components (cpu, motherboard, memory, PCI cards,..).
 
 Try some 'make build', maybe run 'stress' from packages at
 the same time. This won't tell you for sure that everything
 is good, but if it fails here too you know there's likely
 to be some hardware problem.
 
 
Ok, I try out.

BTW

in the last hours I had a kernel message because of Keyboard problems
(pckbc: command timeout)
and some messages of too many DMA segments
(stge0: Tx packet consumes too many DMA segments, dropping...)

I think I have a Mobo Problem, in the next day my dealer  will bring a
new board and we will see.

thanks

guido

Re: DVD burning, cdrloots, dvdrtools, dvd+rw_tools on OpenBSD-3.8

2006-02-06 Thread Guido Tschakert 

Jacob Meuser wrote:

On Fri, Feb 03, 2006 at 10:35:16AM +0100, Guido Tschakert wrote:


Jacob Meuser wrote:


On Fri, Feb 03, 2006 at 12:04:20PM +0500, Dmitry Slobodchikov wrote:




Growisofs don't work too neither -Z nor -M arguments

/home/zoosman-dvd+rw-format -blank /dev/dvd
* DVDRW/-RAM format utility by [EMAIL PROTECTED], version 4.10.
:-( unable to open(/dev/dvd): Invalid argument

or

/home/zoosman-dvd+rw-mediainfo /dev/dvd
/dev/dvd: unable to open: Invalid argument



what is /dev/dvd?  you should use /dev/rcd0c or /dev/rcd1c.



Hello,

/dev/dvd ist the appropriate device name under linux.



maybe some distros set that up for you.

there is nothing stopping a user from doing:

# ln -s /dev/rcd1c /dev/dvd




Hello,

ok you're right.
I thought there where a config file for dvd+rw-tools which contains the 
name of the device to use.

(next time I do: reading, thinking, writing ;-)  and not just writing)

And /dev/dvd is actually not the device name under linux but a 
convenience which also can be used under OpenBSD.


guido

Re: DVD burning, cdrloots, dvdrtools, dvd+rw_tools on OpenBSD-3.8

2006-02-03 Thread Guido Tschakert 

Jacob Meuser wrote:

On Fri, Feb 03, 2006 at 12:04:20PM +0500, Dmitry Slobodchikov wrote:



Growisofs don't work too neither -Z nor -M arguments

/home/zoosman-dvd+rw-format -blank /dev/dvd
* DVDRW/-RAM format utility by [EMAIL PROTECTED], version 4.10.
:-( unable to open(/dev/dvd): Invalid argument

or

/home/zoosman-dvd+rw-mediainfo /dev/dvd
/dev/dvd: unable to open: Invalid argument



what is /dev/dvd?  you should use /dev/rcd0c or /dev/rcd1c.


Hello,

/dev/dvd ist the appropriate device name under linux.

BTW:

Wouldn't it be good, if the maintainer of a port/package have a look at 
the differences of the config files between the systems.
You will never seen the device /dev/dvd on OpenBSD, so changing the 
device directly in the port/package to /dev/rcd0c as default would be a 
good idea in my opinon. (i think a maintainer maintaines some port 
because he use it, so he/she has to change the config, why not put it 
directly in the port).


guido

Re: Does iocharset option be supported in OpenBSD mount?

2006-01-27 Thread Guido Tschakert 

Armand Chen wrote:

Hi all :-)

After I switched to OpenBSD, there are still some data in my old NTFS
partition. I've made the NTFS support into kernel, and successfully
mounted the NTFS partision.

The problem is, some filename of the data is encoded other than
ISO8859-1. In other UNIX-like systems, I could use savior option like
this:

Code:

mount -t ntfs -r -o iocharset=ENCODING /dev/DEVICEPARTITION /mnt



But the iocharset seems not be supported in OpenBSD, because the system told me:

Code:

mount_ntfs: -o iocharset: option not supported



Does this option be unsupported or just there exists some tweaks whick
I don't know?

Thx you guys and hope there would be someone to give me some hints :-)





Hi,

don't know if there's a port for openbsd but the tool convmv does 
exactly what you want. Convert Filenames from one encoding to another 
encoding.


guido

Re: Connect a Zaurus 3100 to a VGA monitor/projector

2006-01-11 Thread Guido Tschakert 

Zoong PHAM wrote:

Does anyone know if a Zaurus 3100 can work with any VGA
monitor/projector?
And where can I buy a VGA adapter for Zaurus 3100?

Thanks,
Zoong



Hello,

maybe you have a look here
http://www.trisoft.de/zxgacf.htm (sorry it's German)
and here:
http://www.iodata.com/manuals/CFXGA/e_manual.html

But I dunno if it works under OpenBSD because I have no Zaurus 3100 and 
my girlfriend will kill me if I buy one just for fun ;-)


guido

Re: OT: Quad Ethernet cards feedback on OpenBSD

2005-11-17 Thread Guido Tschakert 

Daniel Ouellet wrote:
Sorry for this off topic question. Looking at the archive, SK (Henning 
love them! (;) is what look likes the best Ethernet cards to use, a few 
months ago anyway. The network cards are changing so quickly that what 
was true 6 months ago, may well not be today.


For quad, can someone confirmed, deny or offer alternative known to work 
well before I get 12 of them. Hopefully I may be able to fit them into 
the Sun X2100, but will see.


Also, any issue to run a minimum of 100 VLan on them? I didn't see issue 
in the archive, so I take it as been no problem! I don't think of any.


Any other suggestions is also welcome, I am more concern at the 
efficiency of the cards as they will be routing and supporting many VLan 
and PF will in some of the setup use individual VLan firewall 
configuration, up to 125 in one case. Will see if I can make that work 
well, not sure of my possible success, but will see...


Thanks for your time.



Hello,

the D-Link Card DFE-580TX works under OpenBSD, but their greatest 
advantage is that they are cheap (around 100 Euro in Germany).

Don't expect to much performance.
The are useful if you have to connect a lot of networks (with small 
traffic) and have not enough pci slots and money ;-)


I think you need something with better performance regarding to your setup.

guido

Re: su on 3.8 soekris

2005-11-10 Thread Guido Tschakert 

Andreas M|rdter wrote:

command groups does not exist on the soekris-box. but id.
this is the output after reboot.

---snip---
$ id admin
uid=1000(admin) gid=10(users) groups=10(users), 0(wheel)

$ su
Password:
Nov  9 16:23:26 sample su: BAD SU admin to root on /dev/tty00
Sorry
Nov  9 16:23:26 sample su: BAD SU admin to root on /dev/tty00
$
---snip---

-Andreas



Which password do you use?
The password of admin or the password of root?

Using su you need the password of root.
Using sudo su (if you use sudo) you need the password of admin.

guido

[Fwd: Re: pf rules generation policy]

2005-10-21 Thread Guido Tschakert 

Kilaru Sambaiah wrote:

Hello All,
 I am linux administrator and use iptables for firewall. I use 
shorewall, which you
 need to be setting up only policy based on your box is having one 
interface or
 two interfaces or three. Policy, zone, interfaces, rules these are all 
I need to edit.


 Is there any such tool for PF. I am not looking at GUI for generating 
rules.


Hello Sam,

fwbuilder is a GUI which vomits pf rules if you wish (and also
iptables and some other kind of firewalls).
It's easy to use, but the result is not ever ecactly what you want
(therefore i used vomit).
Its' nice to see what it produces with iptables and then what it
produces with pf (at this point it can help you to see the differences
between iptables rules and pf rules), but mostly it is better to edit
pf.conf directly. So you know exactly what your firewall rulez does.

And btw: pf rules are much more readable then a set of iptable commands.

So give it a try.



 
thanks,

Sam





guido

Re: How to lock a user in his home.

2005-09-13 Thread Guido Tschakert 

Leonardo Marques wrote:

Hello people,

I wanna how to lock a user in his home, he cannot see any other
directory, just his home. Someone how can i do this?

Thanks for attention,
[]s

--
--
Leonardo Marques
http://www.analyx.org
--



Hmm,

if you lock your user in his home, he cannot access directories and 
files like /bin /usr/bin /dev/null and many others. This will prevent 
him from doing mostly anything (like ls, vi ...)


If you want your user not to access directories of other users, have a 
look at chmod, chown, chgrp.



guido

Re: firewall products

2005-09-08 Thread Guido Tschakert 

Florian wrote:

ok, squid, but what about POP and SMTP ?




Hmm, Proxy for smtp?

What about sendmail, postfix, qmail, etc?
Almost every MTA should work as a smtp proxy (i.e. is a smtp proxy)

Proxy for pop?

Never used one of them
but have you looked at
balance-2.33.tgz
nylon-1.2.tgz
proxy-suite-1.9.tgz

and

pop3gwd-1.2.tgz

(I just looked at the packages for tcp proxies and found the aboves)

Install them on a test system read the manuals and have a look at google.



guido

Re: Migration to PF - some questions

2005-09-08 Thread Guido Tschakert 

Hello


On 8 Sep 2005, at 13:55, Stephan A. Rickauer wrote:


Thanks to the kind help on this list, my test firewall successfully  
runs OpenBSD 3.7 and is basically configured. I now need to think  
about migrating my existing netfilter rule set to pf and would like  
to ask also some general questions to understand the concept(s)  
suffiently.


If I understand correctly, pf has no 'forward' chain like netfiler  
(which is probably by design). I have to admit I've found it pretty  
handy to use forward chains since one does not have to specify IN  
and OUT rules separately. But I don't want to argue about that. The  
simple question is: Does that mean, a netfilter forward rules needs  
to be replaced by two pf rules (in general)?



Does rdr not provide forward-like functionality in pf?  Or is it that  
you want to filter rdr'd connections?




No, I think he doesn't speak of redirections. What he means are packets, 
which travel through the firewall but aren't from or for the firewall.


Yes, you have to define rules for incoming and for outgoing packets 
(just like it was in ipchains but there you had also to define rules for 
forward), but pf is stateful!

if you use
pass in on $int from $net to $internet keep state

then the packet is known when it leaves on $ext and you don't need 
another rule their.


Btw (and that's just my 2 cents) I worked 5 years with ipchains/iptables 
and started some month ago with pf and I must say I like it, it's easier 
to understand, simpler to debug and I like the idea of not having a 
forward chain: Packets just come in and go out. And the logging, the 
logging is absolutly cool. Nothing else then sniffing on an interface.



guido

Re: snmp support

2005-09-02 Thread Guido Tschakert 

Joco Salvatti wrote:

Hi all,

I have a firewall with a xl0 at pci0 dev 9 function 0 3Com 3c905 100Base-TX
rev 0x00: irq 11, address 00:60:97:d3:77:85 network interface card, and I'd
like to know how to activate SMNP under my OpenBSD system to capture the
informations and generate the input to MRTG.

Thanks


What about

pkg_add net-snmp

and than have a look in the manuals
(starting with apropos snmp or man -k snmp)

guido

Re: Problems with pf+nat+some websites

2005-08-24 Thread Guido Tschakert 

Jonathan Schleifer wrote:

I don't see where you set the MTU/MSS? Are you sure you have set them
somewhere else? eBay is known to have problems with bad/wrong MTU/MSS.
Try adding scrub out on $ext_if max-mss 1414 to your pf.conf and adding
-mtu 1454 to the route. Also take a look at pppoe(4) [*NOT* pppoe(8)!],
section MTU/MSS ISSUES.


Hello Jonathan,

nice try, but i Don't use pppoe.
We have a DSL-Router from our providewr and as I mentioned before, we 
had no Problems with the cisco-router doing the firewall job (Nat).


guido

Re: Problems with pf+nat+some websites

2005-08-24 Thread Guido Tschakert 

Nick Holland wrote:

Guido Tschakert wrote:


Jonathan Schleifer wrote:


I don't see where you set the MTU/MSS? Are you sure you have set them
somewhere else? eBay is known to have problems with bad/wrong MTU/MSS.
Try adding scrub out on $ext_if max-mss 1414 to your pf.conf and adding
-mtu 1454 to the route. Also take a look at pppoe(4) [*NOT* pppoe(8)!],
section MTU/MSS ISSUES.



Hello Jonathan,

nice try, but i Don't use pppoe.
We have a DSL-Router from our providewr and as I mentioned before, we 
had no Problems with the cisco-router doing the firewall job (Nat).



so, yes you DO use PPPoE.  DSL systems VERY often have a
smaller-than-possible MTU.
This often causes problems much like you describe.


Ok, the DSL-Router of my provider uses PPPOE.

But please tell me, why I should set the mtu on the openbsd router to 
something lower then 1500 when the cisco router, I used before and now 
has set the mtu on his outgoing interface to 1500.

(This router has 2 Ethernet-Interfaces and does nothing with pppoe).
Why can it deal with this problem and openbsd not.

BTW. this morning I tried the suggestions from Jonathan and it didn't 
work :-(


As I mentioned in another thread (ok, it was stupid to fork the thread) 
there is another problem with malformed packets and reassemble tcp and 
all other scrub rules I tried did'nt work.





Just set it in your hostname.if file.
Google for simple ping tests to find the maximum MTU you can use in your
precise case...and see if setting the firewall accordingly solves your
problem.

Nick.





--
Mit freundlichen Gr|_en,

  Guido Tschakert

Re: Problems with pf+nat+some websites

2005-08-23 Thread Guido Tschakert 

Guido Tschakert wrote:

Ok, after digging in the archives I found the thread
pf reassemble tcp problem in latest snapshot?

and it seems there is no real solution for this problem in OpenBSD/pf.

provocation on
I found that somewhat poor, because with Cisco IOS and Linux iptables 
this problem doesn't exist and there are no problems to reach this sites 
with nat.

provocation off

 Hello,

 I have problems to load some websites (e.g. www.hit.de, www.lidl.de, 
www.ebay.de, www.ebay.com). They are very slow if they show up.
 I have this problem since this morning, when I changed our old cisco 
router with our new OpenBSD Firewall.

 Other sites load normal.

 Here is the network


 $srcnetopenbsd-box--$src_ext
  |
   ---internet


 (the OpenbsdBox has a regular IP-Address and an Alias from Class B 
$src_ext, therefore there is the exclusion in nat
 Yes I know this looks evil, but I have some more Firewalls in 
$src-net :-)




thanks
guido

Re: NAT doesn't appear to work for some websites

2005-08-15 Thread Guido Tschakert 

Matt Garman wrote:

I have a number of websites that I cannot load from machines
connected to the 'net through my OpenBSD firewall/NAT box.

One such site is directron.com.  Using Mozilla Firefox, it will
just say Waiting for directron.com... but the page never loads.
There are several other pages I've tried to load with the same
result.

On the other hand, some pages load fine (such as openbsd.org).

However, if I login to the firewall (the openbsd box), I can use
links to connect to these sites without any problem.

I'm guessing that this has something to do with redirects on the
target website.  I'm pretty sure that directon.com is actually an
alias for some other URL.  I'm thinking that the pf ruleset on the
OBSD box is not allowing this.

I'm using the pf example from the OpenBSD FAQ:

http://openbsd.org/faq/pf/example1.html

Has anyone else seen this before?

Thanks for any suggestions,
Matt


Hello,

just an idea,

are you connected to the internet via pppoe (DSL).
There is a well-known problem with mtu/mss (1500/1460 vs. 1492/1452)
You can use scrub in your pf.conf to solve it.
something like

scrub out on ppp0 all max-mss 1452

--
Mit freundlichen Gr|_en,

  Guido Tschakert

_

SRC Security Research  Consulting GmbH
Graurheindorfer Str. 149 a  Tel: +49-228-2806-138
53117 Bonn  Fax: +49-228-2806-199
http://www.src-gmbh.de  Mob: +49-160-3671422

IPSEC between OpenBSD (isakmpd) and Linux (FreeS/Wan)

2005-08-04 Thread Guido Tschakert 

Hello All,

I'm trying to build a vpn between an OpenBSD and a Linux Router. (If I 
could, I would directly replace the linux box to simplify matters ;-) 
but that's not possible at the moment :-(


BTW: I want to use RSA-based authentication using x509 certificates. I 
have already build the CA and also create my certs.


I found the following page but the configfile for isakmpd is full of 
bugs (looks like a lot of copy and paste without re-editing :-)  )

http://www.rommel.stw.uni-erlangen.de/~hshoexer/ipsec-howto/HOWTO.html

I want you to ask if one of you already has setup this sort of 
connection and is willing to give me some config files. (Or point me to 
some good documentation about inter-OS VPNs. I read a lot of docu but 
most of them deal with homogeneous networks)


Otherwise I will send my configs an error messages in the next days to 
the list :-D


And yes, I know openvpn is easy to set up, but I don't want to deal with 
  the lower mss/mtu. (But on the other hand openvpn is my fallback 
solution.)


TIA
--
Mit freundlichen Gr|_en,

  Guido Tschakert