Re: WLAN throughput less 10Mb/s

2020-04-18 Thread Mario Theodoridis

On 13.04.2020 22:42, Mario Theodoridis wrote:


On 13.04.2020 20:34, Stefan Sperling wrote:

On Mon, Apr 13, 2020 at 07:03:27PM +0200, Mario Theodoridis wrote:

Hi everyone.

I'm running a APU2 board with an Atheros wlan chipset.
I've been plagued by rather slow WLAN throughput rates < 10Mb/s.
Is that normal or not. If not, how would i go about debugging this?
Any other info i should provide?

[...]
One way you could help is to keep following -current, upgrade a day or so
after any wifi-related commits happen, and letting us know if things are
better or worse compared to a previous snapshots.


I'm looking into that.


Ok, i got me a new apu3 which now houses the athn chipset and can be 
used for testing.
Let me know what you, or anybody else that needs stuff tested, need me 
to do.



Mit freundlichen Grüßen/Best regards

Mario Theodoridis



OpenBSD 6.7-beta (GENERIC.MP) #138: Sat Apr 18 09:45:17 MDT 2020
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 4261076992 (4063MB)
avail mem = 4119322624 (3928MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xdffb7020 (7 entries)
bios0: vendor coreboot version "4.0.7" date 03/02/2017
bios0: PC Engines APU3
acpi0 at bios0: ACPI 4.0
acpi0: sleep states S0 S1 S2 S3 S4 S5
acpi0: tables DSDT FACP SSDT APIC HEST SSDT SSDT HPET
acpi0: wakeup devices PWRB(S4) PBR4(S4) PBR5(S4) PBR6(S4) PBR7(S4) 
PBR8(S4) UOH1(S3) UOH3(S3) UOH5(S3) XHC0(S4)

acpitimer0 at acpi0: 3579545 Hz, 32 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: AMD GX-412TC SOC, 998.26 MHz, 16-30-01
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,TOPEXT,DBKP,PERFTSC,PCTRL3,ITSC,BMI1,XSAVEOPT
cpu0: 32KB 64b/line 2-way I-cache, 32KB 64b/line 8-way D-cache, 2MB 
64b/line 16-way L2 cache

cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative
cpu0: DTLB 40 4KB entries fully associative, 8 4MB entries fully associative
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 99MHz
cpu0: mwait min=64, max=64, IBE
cpu1 at mainbus0: apid 1 (application processor)
cpu1: AMD GX-412TC SOC, 998.12 MHz, 16-30-01
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,TOPEXT,DBKP,PERFTSC,PCTRL3,ITSC,BMI1,XSAVEOPT
cpu1: 32KB 64b/line 2-way I-cache, 32KB 64b/line 8-way D-cache, 2MB 
64b/line 16-way L2 cache

cpu1: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative
cpu1: DTLB 40 4KB entries fully associative, 8 4MB entries fully associative
cpu1: smt 0, core 1, package 0
cpu2 at mainbus0: apid 2 (application processor)
cpu2: AMD GX-412TC SOC, 998.12 MHz, 16-30-01
cpu2: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,TOPEXT,DBKP,PERFTSC,PCTRL3,ITSC,BMI1,XSAVEOPT
cpu2: 32KB 64b/line 2-way I-cache, 32KB 64b/line 8-way D-cache, 2MB 
64b/line 16-way L2 cache

cpu2: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative
cpu2: DTLB 40 4KB entries fully associative, 8 4MB entries fully associative
cpu2: smt 0, core 2, package 0
cpu3 at mainbus0: apid 3 (application processor)
cpu3: AMD GX-412TC SOC, 998.37 MHz, 16-30-01
cpu3: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,TOPEXT,DBKP,PERFTSC,PCTRL3,ITSC,BMI1,XSAVEOPT
cpu3: 32KB 64b/line 2-way I-cache, 32KB 64b/line 8-way D-cache, 2MB 
64b/line 16-way L2 cache

cpu3: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative
cpu3: DTLB 40 4KB entries fully associative, 8 4MB entries fully associative
cpu3: smt 0, core 3, package 0
ioapic0 at mainbus0: apid 4 pa 0xfec0, version 21, 24 pins
ioapic1 at mainbus0: apid 5 pa 0xfec2, version 21, 32 pins, remapped
acpihpet0 at acpi0: 14318180 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (PBR4)
acpiprt2 at acpi0: bus 1 (PBR5)
acpiprt3 at acpi0: bus 2 (PBR6)
acpiprt4 at acpi0: bus 3 (PBR7)
acpiprt5 at acpi0: bus 4 (PBR8)
acpicpu0 at acpi0: C2(0@400 io@0x1771), C1(@1 halt!), PSS
acpicpu1 at acpi0: C2(0@400 io@0

Re: WLAN throughput less 10Mb/s

2020-04-14 Thread Mario Theodoridis

On 14.04.2020 10:21, Stefan Sperling wrote:

Hmm, using
media autoselect mode 11a mediaopt hostap
nwid foo
wpaprotos wpa2
wpakey mysecret
up

Brings the inteface up alright, but i don't see any 5 or 2.4 GHz signal with
a Wifi analyzer nor can i connect.


The 'nwid' and 'wpakey' options should appear on the same line.

You don't need to specify 'wpaprotos wpa2' since this is the default.


Got it. Yes, it's working now, but the bandwidth is the same.



The channel is available, but i am only using one antenna. I remember trying
with both didn't help, though.


If you use 11n mode you must have 2 antennas connected for MIMO.
Otherwise it will perform rather badly since MIMO frames (MCS-8 to MCS-15)
are going to be lost.


Ok, so with a,b or g this ought to be fine fine, then.



Meanwhile is there a mini PCI chipset that will do 54Mb or more in hostap
mode?


54Mbit where? You're not going to see tcpbench displaying "54Mbps" on a
"54Mbit" AP if that's what you're expecting to see.
Typically "54 Mbit" refers to a specific modulation scheme (64-QAM with a
3/4 coding rate) used to transmit the data payload of an 802.11 frame.
But transmitting a frame involves a lot more than just sending payload data,
so user-visible data rates are much lower and depend on many factors.
In my experience tcpbench over 11a maxes out at around 20-30 Mbps on a
clean channel.


I didn't know that, but that's what i meant.



Regarding other chipsets, if you want the fastest possible AP on OpenBSD
your best option right now is to get a bwfm(4) device, which offloads almost
all of its 802.11 operation into a firmware blob running in the embedded
system on the device. So far, this is the only way to have an OpenBSD 11ac
AP (with the caveat that about the only OpenBSD wifi code you're running
is the code that handles WPA handshakes; everything else is offloaded).


Hm, that's almost like buying a wlan router, not really what i want.



Mit freundlichen Grüßen/Best regards

Mario Theodoridis



Re: WLAN throughput less 10Mb/s

2020-04-13 Thread Mario Theodoridis



On 13.04.2020 20:34, Stefan Sperling wrote:

On Mon, Apr 13, 2020 at 07:03:27PM +0200, Mario Theodoridis wrote:

Hi everyone.

I'm running a APU2 board with an Atheros wlan chipset.
I've been plagued by rather slow WLAN throughput rates < 10Mb/s.
Is that normal or not. If not, how would i go about debugging this?
Any other info i should provide?


Is this a new problem or has it always been like this for you?


It has always been this way. Always being on 6.2 and 6.6.


Here's an ifconfig
athn0: flags=8943 mtu 1500


There are several known performance issues with athn(4).

...
And our automatic rate selection has some performance issues of its own.


Ok, so i take it issues aren't uncommon then.



Also, athn(4) does not support Tx aggregation yet, and 40 MHz channels are
not yet suppored either. In practice this means the driver won't be noticably
faster in 11n mode than it is in 11a/g modes. For now, I would recommend
using 11a mode if you want it to be as fast as possible.


Hmm, using
media autoselect mode 11a mediaopt hostap
nwid foo
wpaprotos wpa2
wpakey mysecret
up

Brings the inteface up alright, but i don't see any 5 or 2.4 GHz signal 
with a Wifi analyzer nor can i connect.




I do want to fix all of these issues, but it will take time and help
would be very welcome.


I'm open to that. Maybe PM me with details.



Another important factor is your RF environment. No amount of bug fixing
is going to help when your channel is heavily used by one or more other
wifi networks. Ensure that your AP is running on a channel where no other
wifi networks can be seen in a scan.


The channel is available, but i am only using one antenna. I remember 
trying with both didn't help, though.





OpenBSD 6.6 (GENERIC.MP) #7: Thu Mar 12 11:55:22 MDT 2020


One way you could help is to keep following -current, upgrade a day or so
after any wifi-related commits happen, and letting us know if things are
better or worse compared to a previous snapshots.


I'm looking into that.

Meanwhile is there a mini PCI chipset that will do 54Mb or more in 
hostap mode?



Mit freundlichen Grüßen/Best regards

Mario Theodoridis



WLAN throughput less 10Mb/s

2020-04-13 Thread Mario Theodoridis
ting RPC daemons:.
savecore: no core dump
checking quotas: done.
clearing /tmp
kern.securelevel: 0 -> 1
creating runtime link editor directory cache.
preserving editor files.
starting network daemons: sshd dhcpd smtpd spamd spamlogd sndiod.
starting package daemons: nrpe openvpn  unboundDmz.
[1] 70134
Starting GKrellM Daemon 2.3.10
starting local daemons: cron.
Mon Apr 13 15:44:09 CEST 2020
pppoe0: host unique tag found, but it belongs to a connection in state 3
pppoe: received PADO but could not find request for it

OpenBSD/amd64 (foo.bar.com) (tty00)


--
Mit freundlichen Grüßen/Best regards

Mario Theodoridis



Re: openbsd.org down?

2020-04-13 Thread Mario Theodoridis

For me with /etc/mail/spamd.conf

nixspam:\
:black:\
:msg="Your address %A is in the nixspam list\n\
See http://www.heise.de/ix/nixspam/dnsbl_en/ for details":\
:method=http:\
:file=www.openbsd.org/spamd/nixspam.gz

sleep $((RANDOM % 2048)) && /usr/libexec/spamd-setup

produces

 ftp: connect: Operation timed out

since yesterday morning 4am CEST.

But running

wget http://www.openbsd.org/spamd/nixspam.gz
--2020-04-13 14:59:07--  http://www.openbsd.org/spamd/nixspam.gz
Resolving www.openbsd.org (www.openbsd.org)... 129.128.5.194
Connecting to www.openbsd.org (www.openbsd.org)|129.128.5.194|:80... 
connected.

HTTP request sent, awaiting response... 200 OK
Length: 18025 (18K) [text/plain]
Saving to: 'nixspam.gz'

nixspam.gz 
100%[=>] 
 17.60K  37.7KB/sin 0.5s


2020-04-13 14:59:08 (37.7 KB/s) - 'nixspam.gz' saved [18025/18025]

just now works.

Mit freundlichen Grüßen/Best regards

Mario Theodoridis

On 13.04.2020 14:02, infoomatic wrote:

not reachable for days now in Austria, Germany, Czech Republic


On 13.04.20 11:01, SP2L Tom wrote:

Greetings.


It was and it is still up
At least, I can reach OpenBSD site.


Best regards.
Tom

W 13 kwietnia 2020 10:23:18 Sebastien Marie  napisał:


On Mon, Apr 13, 2020 at 10:14:00AM +0300, Ilya Mitrukov wrote:

Hi,
flushing the caches doesn't help and it's still unavailable.

Does anybody know where to report the issue?
(I'd look at openbsd.org but ... )


I suppose there is one or two openbsd developers which follow this
list. So they
might already know.

Thanks.
--
Sebastien Marie










Re: installation question

2019-12-18 Thread Mario Theodoridis



On 18.12.19 18:13, Stefan Sperling wrote:

On Wed, Dec 18, 2019 at 05:05:26PM +0100, Mario Theodoridis wrote:

Hi everyone,

this may sound silly but i'm trying to install 6.6 via serial console from
install66.fs which is described as you know:


A boot and installation image which contains
the base and X sets.  An install or upgrade can be
done with a USB key without network connectivity.


However when i get to the distribution sets my install looks like this:


Let's install the sets!
Location of sets? (disk http nfs or 'done') [http] disk
Is the disk partition already mounted? [yes]


Try answering 'no' here and then selecting the 'a' partition
of the disk which contains install66.fs for mounting.


Thanks Stefan,
i'll try that on the next test install.

Mit freundlichen Grüßen/Best regards

Mario Theodoridis



installation question

2019-12-18 Thread Mario Theodoridis

Hi everyone,

this may sound silly but i'm trying to install 6.6 via serial console 
from install66.fs which is described as you know:



A boot and installation image which contains
the base and X sets.  An install or upgrade can be
done with a USB key without network connectivity.


However when i get to the distribution sets my install looks like this:


Let's install the sets!
Location of sets? (disk http nfs or 'done') [http] disk
Is the disk partition already mounted? [yes] 
Pathname to the sets? (or 'done') [6.6/amd64] 
The directory '6.6/amd64' does not exist.


I assume the sets are on install.fs which is mounted, but no dice.
Then i google and find https://www.openbsdhandbook.com/installation/
However, there the basic installation goes as mine, but then uses http 
instead. I already did that back when i installed 6.2, thinking it was a 
bug, or my fault.


So how exactly do i actually install distribution sets from disk.


--
Mit freundlichen Grüßen/Best regards

Mario Theodoridis



Re: Code of Conduct location

2019-04-28 Thread Mario Theodoridis

On 28/04/19 14:27, tfrohw...@fastmail.com wrote:

On April 28, 2019 10:47:25 AM UTC, Strahil Nikolov  
wrote:

Well, the link gives enough info.

Did anyone test the html to plaintext reformat option?
Sadly my phone apps do not support plain text (maybe someone can
recoomend one for Android).

K9 mail on Android supports plaintext (account settings -> message format). 
This is how I'm typing this email.

You can also run most of the usual Unix tools like mutt via termux if that 
happens to be your thing.

I can recommend FairEmail on Android. It does multipart/alternative and 
you can set plain text only in the identity management settings.


It also has some nice security perks, and is open source.

https://email.faircode.eu/

--
Mit freundlichen Grüßen/Kind regards

Mario Theodoridis



Re: spamd and google smtp ips

2018-10-31 Thread Mario Theodoridis



On 31.10.2018 17:09, Kevin Chadwick wrote:

On 10/30/18 8:05 PM, Mario Theodoridis wrote:

I ran into this problem as well.
I ended up writing a script that parses the SPF entries out of the greylist and
if reasonable, whitelists those ranges and removes the grey
list entries. It runs every 15 minutes.


smtpctl now has an spf walk function that may shorten your script?


Thanks Kevin.
That'd be one less wheel to invent.

--
Mit freundlichen Grüßen/Best regards

Mario Theodoridis



Re: spamd and google smtp ips

2018-10-31 Thread Mario Theodoridis



On 30.10.2018 20:46, Chris Narkiewicz wrote:

W dniu 30/10/2018 o 19:31, Peter N. M. Hansteen pisze:

yes, a well-known problem, and it's what nospamd (hinted at in the spamd
man pages) is for.

To some extent it helps to whitelist IP addresses and networks that
domains list in their SPF info.


Yeah, I hoped there are some reputable sources of validated mail
sources based on SPF and DKIM.

I'll give a try to your compiled list, but the fact you maintain
it manually is a bit discouraging.

I ran into this problem as well.
I ended up writing a script that parses the SPF entries out of the 
greylist and if reasonable, whitelists those ranges and removes the grey 
list entries. It runs every 15 minutes.


This works with the following rules
pass in quick on $extIf proto tcp from  to $pubIp port smtp \
    rdr-to $mailsrv
pass in quick on $extIf proto tcp from ! to $pubIp port smtp \
    rdr-to 127.0.0.1 port $spamdPort

The trapping function when it goes to the wrong recipient works for me 
and probably does not scale.
The spamdb -Gd calls to remove the greylist entries are something i 
patched into spamd, but it seems that functionality has somehow made it 
into the regular binary.


The script is fairly debugged and has run for me over a year with good 
results, but seriously lacks tests of any kind.

Your mileage may vary.

--
Mit freundlichen Grüßen/Best regards

Mario Theodoridis

#!/usr/bin/env python2.7
import subprocess, traceback, os, re, sys, time
import dns.resolver, dns.name, dns.exception
import socket,struct

def doLog(msg, caller=2):
debugLog = '/var/log/scanSpam.log'
stk = traceback.extract_stack()
orig = ''
for i in range(0, len(stk)-caller):
if stk[i][3] == None:
orig += '__main__:'
else:
orig += stk[i][3] + ':'
x = stk[-caller][1]
out = time.strftime("%Y-%m-%d %H:%M:%S", time.localtime()) + ' ' + msg \
+ ' STACK[' + orig + str(x) + ']\n'
wh = open(debugLog, 'a')
wh.write(out)
wh.close()


def run(command, caller=3):
""" run(command) -> (returncode, stdout, stderr)

Runs the given command in the shell and returns the output and return code """
proc = subprocess.Popen(command, stdout=subprocess.PIPE, 
stderr=subprocess.PIPE, shell=True)
(out, err) = proc.communicate()
doLog("COM:[" + command + "]   RC:[" + str(proc.returncode) + "185  OUT:[" \
  + out.strip() + "]  ERR:[" + err.strip() + "]", caller)
return (proc.returncode, out, err)

def makeMask(n):
"return a mask of n bits as a long integer"
return (2L< 1:
try:
mask = int(pcs[1])
except ValueError:
mask = 32
else:
mask = 32
return (ip, mask)

def addressInNet(ip, net_n_bits):
ipaddr = struct.unpack('>L', socket.inet_aton(ip))[0]
net, bits = getIpNetMask(net_n_bits)
netaddr = struct.unpack('>L', socket.inet_aton(net))[0]
netmask = (1 << 32) - (1 << 32 - bits)
return ipaddr & netmask == netaddr & netmask

def getIplist(dName, ipl, isRecursive=False):
global recursions, hosts
domain = dName.to_text()
if hosts.has_key(domain):
doLog("Ignoring duplicate domain {0:s}".format(domain))
return

hosts[domain] = True
recursions += 1
if recursions > 50:
doLog("Over {0:d} recursions, quitting".format(recursions))
return
try:
answers = dns.resolver.query(dName, 'TXT')
except dns.exception.DNSException:
if len(dName.labels) > 3:
p = dName.parent()
getIplist(p, ipl)
return
for data in answers:
for txt in data.strings:
doLog("recursion {0:d} queried [{1:s}]".format(recursions, txt))
f = txt.split(' ')
if re.match('v=spf1', f[0].strip()):
parseSpf(f[1:], ipl, dName)

def getARecord(dName, ipl, subnet=''):
try:
answers = dns.resolver.query(dName, 'A')
except dns.exception.DNSException:
return
for data in answers:
ipl.append(data.address+subnet)

def getMxRecord(dName, ipl, subnet=''):
try:
answers = dns.resolver.query(dName, 'MX')
except dns.exception.DNSException:
return
for data in answers:
mx = data.exchange.to_text()
if re.match('^[\d\.]{7,15}$', mx):
ipl.append(mx+subnet)
continue
getARecord(mx, ipl, subnet)

def parseSpf(fields, ipl, dName):
for fld in fields:
doLog('parsing [{0:s}]'.format(fld))
kv = fld.split(':')
key = kv[0].strip()
m = re.search('^(a|mx)(/|:|$)', key)
if m:
type = m.group(1)
if type == 'a':
getter = getARecord
else:

PPPoE without IPv6

2018-09-05 Thread Mario Theodoridis

Hi everyone,

i'm having a bit of a hard time trying to connect to my ISP (Stiegeler 
IT) seemingly because i don't have IPv6 enabled.


My /etc/hostname.pppoe0

inet 0.0.0.0 255.255.255.255 NONE \
pppoedev em0 authproto chap debug \
authname 'user' authkey 'pass' up
dest 0.0.0.1
!/sbin/route add default -ifp pppoe0 0.0.0.1


My /etc/hostname.em0

up


The failing end of tcpdump on a linux box in between me and the AC reveals
# tcpdump -n -vvv -i br0 ether proto 0x8864 or ether proto 0x8863
...
22:58:54.805821 PPPoE  [ses 0xf0f] CHAP, Success (0x03), id 1, Msg
22:58:54.806382 PPPoE  [ses 0xf0f] IPCP, Conf-Request (0x01), id 1, 
length 12

encoded length 10 (=Option(s) length 6)
0x:  8021 0101 000a
  IP-Addr Option (0x03), length 6: 1.1.1.1
0x:  0101 0101
22:58:54.806390 PPPoE  [ses 0xf0f] IP6CP, Conf-Request (0x01), id 1, 
length 16

encoded length 14 (=Option(s) length 10)
0x:  8057 0101 000e
  Interface-ID Option (0x01), length 10: 76a0:2fff:fe7b:9780
0x:  76a0 2fff fe7b 9780
22:58:54.813051 PPPoE  [ses 0xf0f] LCP, Term-Request (0x05), id 117, 
length 6

22:58:54.814333 PPPoE  [ses 0xf0f] LCP, Term-Ack (0x06), id 117, length 6
22:58:54.837301 PPPoE PADT [ses 0xf0f]

/var/log/messages has

Sep  5 18:15:21 obsd /bsd: pppoe0: chap success
Sep  5 18:15:21 obsd /bsd: pppoe0: phase network
Sep  5 18:15:21 obsd /bsd: pppoe0: ipcp open(starting)
Sep  5 18:15:21 obsd /bsd: pppoe0: ipv6cp_open(): no IPv6 interface
Sep  5 18:15:21 obsd /bsd: pppoe0: lcp close(opened)
Sep  5 18:15:21 obsd /bsd: pppoe0: lcp opened->closing
Sep  5 18:15:21 obsd /bsd: pppoe0: lcp output 
Sep  5 18:15:21 obsd /bsd: pppoe0 (8864) state=3, session=0xf0f output 
-> 74:a0:2f:7b:97:80, len=12



At the same my Fritz Box, which i'd like to get rid of, answer with "no 
thank you" instead.


16:24:30.496227 PPPoE  [ses 0xff8e] LCP, Prot-Reject (0x08), id 3, length 22
encoded length 20 (=Option(s) length 16)
0x:  c021 0803 0014
  Rejected IP6CP Protocol (0x8057)
  Rejected Packet
0x:  0101 000e 010a 76a0 2fff fe7b 9780 
0x0010:  

The man 4 pppoe mentions what to do when ipv6 this there, but doesn't 
really elaborate on the effects of its absence. The reason i still have 
IPv6 disabled is, i simply haven't wrapped my head around it and 
therefore left it off.


Need i enable it, or does some other setting suffice?
Clue sticks would be appreciated.

This is
# uname -a
OpenBSD obsd.schmut.com 6.2 GENERIC.MP#2 amd64

running on PC-Engines APU2

Let me know what else to report if this was too little to make sense.



--
Mit freundlichen Grüßen/Best regards

Mario



Re: Errors with Php and curl under OpenBSD 6.3

2018-04-24 Thread Mario Theodoridis

On 04/24/2018 08:23 AM, C. L. Martinez wrote:

Hi all,

   Since this morning my OpenBSD 6.3 host (with tt-rss installed) returns
the following error when I try to add some feeds:

Couldn't download the specified URL: ; 77 error setting certificate verify
locations: CAfile: /etc/ssl/cert.pem CApath: none

  It seems some type of problem with curl ... Am I right? I found some
solutions but all of them involves to make use of an insecure connection
with curl.


It's complaining about your certificate authority file being corrupt or 
missing. This is actually an SSL issue.


/etc/ssl/cert.pem should be there and look something like:

# $OpenBSD: cert.pem,v 1.15 2017/02/24 10:42:00 sthen Exp $

### AddTrust AB

=== /C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External 
CA Root
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1 (0x1)
Signature Algorithm: sha1WithRSAEncryption
Validity
Not Before: May 30 10:48:38 2000 GMT
Not After : May 30 10:48:38 2020 GMT
Subject: C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, 
CN=AddTrust External CA Root
X509v3 extensions:
X509v3 Subject Key Identifier:
AD:BD:98:7A:34:B4:26:F7:FA:C4:26:54:EF:03:BD:E0:24:CB:54:1A
X509v3 Key Usage:
Certificate Sign, CRL Sign
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Authority Key Identifier:

keyid:AD:BD:98:7A:34:B4:26:F7:FA:C4:26:54:EF:03:BD:E0:24:CB:54:1A
DirName:/C=SE/O=AddTrust AB/OU=AddTrust External TTP 
Network/CN=AddTrust External CA Root
serial:01

SHA1 Fingerprint=02:FA:F3:E2:91:43:54:68:60:78:57:69:4D:F5:E4:5B:68:85:18:68
SHA256 
Fingerprint=68:7F:A4:51:38:22:78:FF:F0:C8:B1:1F:8D:43:D5:76:67:1C:6E:B2:BC:EA:B4:13:FB:83:D9:65:D0:6D:2F:F2
-BEGIN CERTIFICATE-
MIIENjCCAx6gAwIBAgIBATANBgkqhkiG9w0BAQUFADBvMQswCQYDVQQGEwJTRTEU
MBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFkZFRydXN0IEV4dGVybmFs
IFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBFeHRlcm5hbCBDQSBSb290
...[snip]

--
Mit freundlichen Grüßen/Kind regards

Mario Theodoridis