Re: Certain size packets not passing through a L2 over L3 IPsec tunnel

2019-10-14 Thread Russell Sutherland 
Ok... I've updated both ends of the tunnel to OpenBSD 6.5 and the same problem 
exists when trying to pass packets of a certain size.

Any ideas on how to fix or work around this issue?

Thanks in advance.

Russell P. Sutherland   Email: russell . sutherland @ utoronto dawt ca
Network Engineer, I+TS   Voice: +1.416.978.0470
4 Bancroft Ave., Rm. 102  Cell: +1.416.803.0080
University of TorontoFax:   +1.416.978.6620
Toronto, ON  M5S 1C1

From: Russell Sutherland
Sent: Thursday, October 10, 2019 16:25
To: misc@openbsd.org 
Subject: Certain size packets not passing through a L2 over L3 IPsec tunnel

I've set up a L2overL3 tunnel using the template as found in "man etherip". I 
am running OpenBSD 5.9, which I believe is the first version to support the 
etherip interface.

I find the bridge/tunnel does not pass a small range of specific sized packets.

E.g. if 1.2.3.4 is at the far end of the tunnel and I am pinging from the local 
end:

ping -s 1388 1.2.3.4 works
ping -s 1396 1.2.3.4 works

All other sizes, 1389 to 1395 inclusive fail.

Is there some way to remedy this?


Thanks in advance.

Russell P. Sutherland   Email: russell . sutherland @ utoronto dawt ca
Network Engineer, I+TS   Voice: +1.416.978.0470
4 Bancroft Ave., Rm. 102  Cell: +1.416.803.0080
University of TorontoFax:   +1.416.978.6620
Toronto, ON  M5S 1C1

Certain size packets not passing through a L2 over L3 IPsec tunnel

2019-10-10 Thread Russell Sutherland 
I've set up a L2overL3 tunnel using the template as found in "man etherip". I 
am running OpenBSD 5.9, which I believe is the first version to support the 
etherip interface.

I find the bridge/tunnel does not pass a small range of specific sized packets.

E.g. if 1.2.3.4 is at the far end of the tunnel and I am pinging from the local 
end:

ping -s 1388 1.2.3.4 works
ping -s 1396 1.2.3.4 works

All other sizes, 1389 to 1395 inclusive fail.

Is there some way to remedy this?


Thanks in advance.

Russell P. Sutherland   Email: russell . sutherland @ utoronto dawt ca
Network Engineer, I+TS   Voice: +1.416.978.0470
4 Bancroft Ave., Rm. 102  Cell: +1.416.803.0080
University of TorontoFax:   +1.416.978.6620
Toronto, ON  M5S 1C1

Re: OpenBSD 6.5 dumps to debugger when using ifconfig bridge command

2019-06-05 Thread Russell Sutherland 
Done.

Russell P. Sutherland   Email: russell . sutherland @ utoronto dawt ca
Network Engineer, I+TS   Voice: +1.416.978.0470
4 Bancroft Ave., Rm. 102  Cell: +1.416.803.0080
University of TorontoFax:   +1.416.978.6620
Toronto, ON  M5S 1C1

From: owner-m...@openbsd.org  on behalf of Hrvoje 
Popovski 
Sent: Wednesday, June 5, 2019 05:59
To: misc@openbsd.org
Subject: Re: OpenBSD 6.5 dumps to debugger when using ifconfig bridge command

On 4.6.2019. 21:22, Russell Sutherland wrote:
> I tried loading current on the device and the same result:
>
> OpenBSD 6.5-current (GENERIC.MP) #5: Mon Jun  3 07:46:49 MDT 2019
>
> # netstat -in
> NameMtu   Network Address  Ipkts IfailOpkts Ofail 
> Colls
> lo0 327680 00 0 > 0
> lo0 32768 ::1/128 ::1  0 00 0 > 0
> lo0 32768 fe80::%lo0/ fe80::1%lo0  0 00 0 > 0
> lo0 32768 127/8   127.0.0.10 00 0 > 0
> em0 150000:0d:b9:43:9b:3031715 0   120479 7 > 0
> em1 150000:0d:b9:43:9b:31   123252   11630860 0 > 0
> em2 150000:0d:b9:43:9b:32 1672 0  625 0 > 0
> em2 1500  128.100.103 128.100.103.831672 0  625 0 > 0
> enc0*   00 00 0 > 0
> bridge0 1500152255 0   151339 0 > 0
> pflog0  331360 0   70 0 > 0
> freenas-fw# ifconfig bridge0
> bridge0: flags=4WARNING: SPL NOT LOWERED ON S1
> YSCALL 5index 6 llprio 34 3 EXIT 0
> groups: bridg 9
> e
> priorStopped at  savectx+0xb1:   movl$0,%gs:0x530
> ddb{2}>


Hi,

can you take a look at this link
https://www.openbsd.org/ddb.html

when your box is up and running execute sendbug -P > bridge-problem.txt
and when your box is in ddb type this commands
trace, ps

and send all those to b...@openbsd.org mailing list ...

Re: OpenBSD 6.5 dumps to debugger when using ifconfig bridge command

2019-06-04 Thread Russell Sutherland 
I tried loading current on the device and the same result:

OpenBSD 6.5-current (GENERIC.MP) #5: Mon Jun  3 07:46:49 MDT 2019

# netstat -in
NameMtu   Network Address  Ipkts IfailOpkts Ofail Colls
lo0 327680 00 0 0
lo0 32768 ::1/128 ::1  0 00 0 0
lo0 32768 fe80::%lo0/ fe80::1%lo0  0 00 0 0
lo0 32768 127/8   127.0.0.10 00 0 0
em0 150000:0d:b9:43:9b:3031715 0   120479 7 0
em1 150000:0d:b9:43:9b:31   123252   11630860 0 0
em2 150000:0d:b9:43:9b:32 1672 0  625 0 0
em2 1500  128.100.103 128.100.103.831672 0  625 0 0
enc0*   00 00 0 0
bridge0 1500152255 0   151339 0 0
pflog0  331360 0   70 0 0
freenas-fw# ifconfig bridge0
bridge0: flags=4WARNING: SPL NOT LOWERED ON S1
YSCALL 5index 6 llprio 34 3 EXIT 0
groups: bridg 9
e
priorStopped at  savectx+0xb1:   movl$0,%gs:0x530
ddb{2}>







Russell P. Sutherland   Email: russell . sutherland @ utoronto dawt ca
Network Engineer, I+TS   Voice: +1.416.978.0470
4 Bancroft Ave., Rm. 102  Cell: +1.416.803.0080
University of Toronto    Fax:   +1.416.978.6620
Toronto, ON  M5S 1C1  



From: owner-m...@openbsd.org  on behalf of Stuart 
Henderson 
Sent: Tuesday, June 4, 2019 13:53
To: misc@openbsd.org
Subject: Re: OpenBSD 6.5 dumps to debugger when using ifconfig bridge command
 
>There was a crash fixed in bridge(4) a few weeks ago, can you try reproducing
on -current?


On 2019-06-04, Lee Nelson  wrote:
> I have twice seen kernel panics in the same situation. It drops to "ddb>"
> but the system is unresponsive. Unfortunately, other than taking a picture
> of the screen with my cellphone, I do not have any further information from
> the system. On both occasions, I was issuing "ifconfig bridge42" without
> any arguments. (and no, there aren't 41 other bridges. 42 has other
> significance in my network)
>
> On Tue, Jun 4, 2019, 08:41 Russell Sutherland <
> russell.sutherl...@utoronto.ca> wrote:
>
>> I began to install resflash (https://stable.rcesoftware.com/resflash/)
>> which is based on OpenBSD) to build a small firewall on an PC Engines apu2
>> board. Three interfaces, two bridged and one with an IP for management.
>>
>> I found the system would crash and drop down to the debugger interface
>> whenever I issued the:
>>
>> # ifconfig bridge0
>>
>> command.
>>
>> # ifconfig -a
>>
>> worked fine. After discussing this with the author we thought it good to
>> try the same configuration on vanilla 6.5 install.
>>
>> This worked better, but after a short period of operation the same
>> symptoms occured:
>>
>> # ifconfig bridge0
>>
>> bridge0: flags=4WAR1
>>
>> Nindex 6 llprio ING: SPL NOT
>>
>> groups: bridgLOWEe
>>
>> priority 327RED68 hellotime 2 f ONwddelay 15 maxag e 20 holdcnt 6
>> pSYSCALL 5roto rstp
>>
>> desi4gnated: id 00:0 3 EXIT 0:00:00:00:00 pri 9
>>
>>    ority 0
>>
>> agsStopped at  savectx+0xb1:   movl    $0,%gs:0x508
>>
>> ddb{3}>
>>
>>
>> Here is the output from dmesg:
>>
>>
>> OpenBSD 6.5 (GENERIC.MP) #3: Sat Apr 13 14:48:43 MDT 2019
>> dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
>> real mem = 1996148736 (1903MB)
>> avail mem = 1926090752 (1836MB)
>> mpath0 at root
>> scsibus0 at mpath0: 256 targets
>> mainbus0 at root
>> bios0 at mainbus0: SMBIOS rev. 2.7 @ 0x77fb7020 (7 entries)
>> bios0: vendor coreboot version "88a4f96" date 03/07/2016
>> bios0: PC Engines apu2
>> acpi0 at bios0: rev 2
>> acpi0: sleep states S0 S1 S2 S3 S4 S5
>> acpi0: tables DSDT FACP SSDT APIC HEST SSDT SSDT HPET
>> acpi0: wakeup devices PWRB(S4) PBR4(S4) PBR5(S4) PBR6(S4) PBR7(S4)
>> PBR8(S4) UOH1(S3) UOH3(S3) UOH5(S3) XHC0(S4)
>> acpitimer0 at acpi0: 3579545 Hz, 32 bits
>> acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
>> cpu0 at mainbus0: apid 0 (boot processor)
>> cpu0: AMD GX-412TC SOC, 998.28 MHz, 16-30-01
>> cpu0:FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PA

OpenBSD 6.5 dumps to debugger when using ifconfig bridge command

2019-06-04 Thread Russell Sutherland 
 acpi0: bus 3 (PBR7)
acpiprt5 at acpi0: bus -1 (PBR8)
acpicpu0 at acpi0: C2(0@400 io@0x1771), C1(@1 halt!), PSS
acpicpu1 at acpi0: C2(0@400 io@0x1771), C1(@1 halt!), PSS
acpicpu2 at acpi0: C2(0@400 io@0x1771), C1(@1 halt!), PSS
acpicpu3 at acpi0: C2(0@400 io@0x1771), C1(@1 halt!), PSS
acpibtn0 at acpi0: PWRB
acpipci0 at acpi0 PCI0: 0x 0x0011 0x0001
acpicmos0 at acpi0
cpu0: 998 MHz: speeds: 1000 800 600 MHz
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "AMD AMD64 16h Root Complex" rev 0x00
pchb1 at pci0 dev 2 function 0 "AMD AMD64 16h Host" rev 0x00
ppb0 at pci0 dev 2 function 2 "AMD AMD64 16h PCIE" rev 0x00: msi
pci1 at ppb0 bus 1
em0 at pci1 dev 0 function 0 "Intel I211" rev 0x03: msi, address 
00:0d:b9:43:9b:30
ppb1 at pci0 dev 2 function 3 "AMD AMD64 16h PCIE" rev 0x00: msi
pci2 at ppb1 bus 2
em1 at pci2 dev 0 function 0 "Intel I211" rev 0x03: msi, address 
00:0d:b9:43:9b:31
ppb2 at pci0 dev 2 function 4 "AMD AMD64 16h PCIE" rev 0x00: msi
pci3 at ppb2 bus 3
em2 at pci3 dev 0 function 0 "Intel I211" rev 0x03: msi, address 
00:0d:b9:43:9b:32
ccp0 at pci0 dev 8 function 0 "AMD Cryptographic Co-processor v3" rev 0x00
xhci0 at pci0 dev 16 function 0 "AMD Bolton xHCI" rev 0x11: msi, xHCI 1.0
usb0 at xhci0: USB revision 3.0
uhub0 at usb0 configuration 1 interface 0 "AMD xHCI root hub" rev 3.00/1.00 
addr 1
ahci0 at pci0 dev 17 function 0 "AMD Hudson-2 SATA" rev 0x40: apic 4 int 19, 
AHCI 1.3
scsibus1 at ahci0: 32 targets
ehci0 at pci0 dev 19 function 0 "AMD Hudson-2 USB2" rev 0x39: apic 4 int 18
usb1 at ehci0: USB revision 2.0
uhub1 at usb1 configuration 1 interface 0 "AMD EHCI root hub" rev 2.00/1.00 
addr 1
piixpm0 at pci0 dev 20 function 0 "AMD Hudson-2 SMBus" rev 0x42: SMBus disabled
pcib0 at pci0 dev 20 function 3 "AMD Hudson-2 LPC" rev 0x11
sdhc0 at pci0 dev 20 function 7 "AMD Bolton SD/MMC" rev 0x01: apic 4 int 16
sdhc0: SDHC 2.0, 63 MHz base clock
sdmmc0 at sdhc0: 4-bit, sd high-speed, mmc high-speed, dma
pchb2 at pci0 dev 24 function 0 "AMD AMD64 16h Link Cfg" rev 0x00
pchb3 at pci0 dev 24 function 1 "AMD AMD64 16h Address Map" rev 0x00
pchb4 at pci0 dev 24 function 2 "AMD AMD64 16h DRAM Cfg" rev 0x00
km0 at pci0 dev 24 function 3 "AMD AMD64 16h Misc Cfg" rev 0x00
pchb5 at pci0 dev 24 function 4 "AMD AMD64 16h CPU Power" rev 0x00
pchb6 at pci0 dev 24 function 5 "AMD AMD64 16h Misc Cfg" rev 0x00
isa0 at pcib0
isadma0 at isa0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
com0: console
com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
wbsio0 at isa0 port 0x2e/2: NCT5104D rev 0x52
vmm0 at mainbus0: SVM/RVI
umass0 at uhub0 port 3 configuration 1 interface 0 "SanDisk Cruzer Glide" rev 
2.00/1.00 addr 2
umass0: using SCSI over Bulk-Only
scsibus2 at umass0: 2 targets, initiator 0
sd0: 29952MB, 512 bytes/sector, 61341696 sectors
uhub2 at uhub1 port 1 configuration 1 interface 0 "Advanced Micro Devices 
product 0x7900" rev 2.00/0.18 addr 2
vscsi0 at root
scsibus3 at vscsi0: 256 targets
softraid0 at root
scsibus4 at softraid0: 256 targets
root on sd0a (d3fbbb47f1a19759.a) swap on sd0b dump on sd0b




Russell P. Sutherland   Email: russell . sutherland @ utoronto dawt ca
Network Engineer, I+TS   Voice: +1.416.978.0470
4 Bancroft Ave., Rm. 102  Cell: +1.416.803.0080
University of Toronto    Fax:   +1.416.978.6620
Toronto, ON  M5S 1C1  

More syntax/parsing issues in the lists/macros of pf

2016-10-12 Thread Russell Sutherland 
Is it possible to use a macro variable with a network CIDR value and then
reference it later in a list?

E.g. This first example is fine:


a = “1.2.3.4”
b = “2.3.4.5”

c = “{“ $a $b “}”

works as expected, that is c ends up as a list with host values:

c = "{ 1.2.3.4 2.3.4.5 }”

But if one uses the CIDR network format for any one of the variables, a syntax
error is created:

an = “1.2.3.0/24”
bn = “2.3.0.0/16”

cn = “{“ $an $bn “}”

Output from pfctl -nvf /etc/pf.conf:

a = "1.2.3.4"
b = "2.3.4.5"
c = "{ 1.2.3.4 2.3.4.5 }"
an = "1.2.3.0/24"
bn = "2.3.0.0/16"
/etc/pf.conf:36: syntax error


—
Russell Sutherland
Supervisor, Network Development | Enterprise Infrastructure Solutions
Information Technology Services | University of Toronto
4 Bancroft Ave., Rm. 102 | Toronto, ON  M5S 1C1

russell.sutherl...@utoronto.ca
+1.416.978.0470 ~ tel
+1.416.978.6620 ~ fax

Connecting to a GRE Transparent Ethernet Bridging host

2016-09-13 Thread Russell Sutherland 
Is it possible to use one of OpenBSD’s tunnelling interfaces
(gre/gif/etherip) to connect to a remote host (Edgerouter Lite) which is using
GRE in Transparent Ethernet (protocol type 0x6558) mode?

Looking at the source code in /usr/src/sys/net there is a flag for this mode
defined but I do not think it is referenced and hence not utilized.

# pwd
/usr/src/sys/net

# grep ETHERTYPE * | grep TRANS
ethertypes.h:#defineETHERTYPE_TRANSETHER0x6558  /* Trans Ether
Bridging (RFC1701)*/

—
Russell Sutherland
Supervisor, Network Development | Enterprise Infrastructure Solutions
Information Technology Services | University of Toronto
4 Bancroft Ave., Rm. 102 | Toronto, ON  M5S 1C1

russell.sutherl...@utoronto.ca
+1.416.978.0470 ~ tel
+1.416.978.6620 ~ fax

Differences between etherip(4) and gif(4)

2016-07-20 Thread Russell Sutherland 
I noticed that the etherip pseudo-device appeared with OpenBSD 5.9 which is
intended for tunnelling.

Prior to this I have been using the gif pseudo device to accomplish much the
same thing (in my case L2 over L3).

Apart from specifying the mtu to lower value to avoid problems with larger
frames, is there any real advantage with the new etherip device?


—
Russell Sutherland
Supervisor, Network Development | Enterprise Infrastructure Solutions
Information Technology Services | University of Toronto
4 Bancroft Ave., Rm. 102 | Toronto, ON  M5S 1C1

russell.sutherl...@utoronto.ca
+1.416.978.0470 ~ tel
+1.416.978.6620 ~ fax

Core dumps after upgrading to OpenBSD 5.7

2015-05-15 Thread Russell Sutherland 
 31 function 2 Intel 3400 SATA rev 0x05: DMA, channel 0 
configured to native-PCI, channel 1 configured to native-PCI
pciide0: using apic 0 int 20 for native-PCI interrupt
pciide1 at pci0 dev 31 function 5 Intel 3400 SATA rev 0x05: DMA, channel 0 
wired to native-PCI, channel 1 wired to native-PCI
pciide1: using apic 0 int 21 for native-PCI interrupt
atapiscsi0 at pciide1 channel 0 drive 0
scsibus2 at atapiscsi0: 2 targets
cd0 at scsibus2 targ 0 lun 0: TEAC, DVD-ROM DV-28SW, R.2A ATAPI 5/cdrom 
removable
cd0(pciide1:0:0): using PIO mode 4, Ultra-DMA mode 5
isa0 at pcib0
isadma0 at isa0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
pckbc0 at isa0 port 0x60/5
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
uhub2 at uhub0 port 1 Intel Rate Matching Hub rev 2.00/0.00 addr 2
uhub3 at uhub2 port 1 Standard Microsystems product 0x2514 rev 2.00/0.00 addr 
3
uhub4 at uhub3 port 2 Mitsumi Electric Hub in Apple Extended USB Keyboard rev 
1.10/4.10 addr 4
uhidev0 at uhub4 port 3 configuration 1 interface 0 Mitsumi Electric Apple 
Extended USB Keyboard rev 1.10/4.10 addr 5
uhidev0: iclass 3/1
ukbd0 at uhidev0: 8 variable keys, 6 key codes
wskbd0 at ukbd0: console keyboard, using wsdisplay0
uhidev1 at uhub4 port 3 configuration 1 interface 1 Mitsumi Electric Apple 
Extended USB Keyboard rev 1.10/4.10 addr 5
uhidev1: iclass 3/0, 3 report ids
uhid0 at uhidev1 reportid 2: input=1, output=0, feature=0
uhid1 at uhidev1 reportid 3: input=3, output=0, feature=0
uhub5 at uhub1 port 1 Intel Rate Matching Hub rev 2.00/0.00 addr 2
vscsi0 at root
scsibus3 at vscsi0: 256 targets
softraid0 at root
scsibus4 at softraid0: 256 targets
root on sd0a (6b4b6c203a57b1ac.a) swap on sd0b dump on sd0b
bnx0: address 78:2b:cb:13:e4:0c
brgphy0 at bnx0 phy 1: BCM5709 10/100/1000baseT PHY, rev. 8
bnx1: address 78:2b:cb:13:e4:0d
brgphy1 at bnx1 phy 1: BCM5709 10/100/1000baseT PHY, rev. 8
ukbd0: was console keyboard
wskbd0 detached
ukbd0 detached
uhidev0 detached
uhid0 detached
uhid1 detached
uhidev1 detached
uhub4 detached

I’ve never had this behaviour after an upgrade.


--
Russell Sutherland
Supervisor, Network Development | Enterprise Infrastructure Solutions
Information Technology Services | University of Toronto
4 Bancroft Ave., Rm. 102 | Toronto, ON  M5S 1C1

russell.sutherl...@utoronto.ca
+1.416.978.0470 ~ tel
+1.416.978.6620 ~ fax

Re: OpenBSD embedded?

2014-12-04 Thread Russell Sutherland 
Does anyone know if the Dual-Core 500 MHz, MIPS64 board that is used in
the Ubiquiti EdgeRouter family,
has been used as an OpenBSD platform? I know there is development on the
octeon http://www.openbsd.org/octeon.html
platforms, but not sure if the port was actually usable.

-- 
Russell Sutherland  I+TS
email:russell.sutherl...@utoronto.ca
office:   +1.416.978.0470
mobile: +1.416.803.0080




On 2014-12-04, 7:53 AM, Brad Smith b...@comstyle.com wrote:

On 12/04/14 07:05, Alan McKay wrote:
 On Thu, Dec 4, 2014 at 1:15 AM, Vivek Vinod vi...@icanconnect.com
wrote:
 We have been using Mikrotik routerboards since 7 years

 Huh?  With OpenBSD on them?

There are 3 PowerPC based RouterBOARDs. AFAIK the RB600 is supported
at the moment by the socppc port.

The RB800 and RB850Gx2 boards would probably be relatively easy to add
support for.

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Re: OpenBSD embedded?

2014-12-04 Thread Russell Sutherland 
ThanksŠ And may I assume with net booting saving local customizations
(firewall rules, network configuration, etc.)
is a bit awkward, as there is no local storage?

-- 
Russell Sutherland  I+TS
email:russell.sutherl...@utoronto.ca
office:   +1.416.978.0470
mobile: +1.416.803.0080




On 2014-12-04, 12:05 PM, Chris Cappuccio ch...@nmedia.net wrote:

Russell Sutherland [russell.sutherl...@utoronto.ca] wrote:
 Does anyone know if the Dual-Core 500 MHz, MIPS64 board that is used in
 the Ubiquiti EdgeRouter family,
 has been used as an OpenBSD platform? I know there is development on the
 octeon http://www.openbsd.org/octeon.html
 platforms, but not sure if the port was actually usable.
 

The port is going to be more usable if it gets USB support. Right now
you have to net boot.

NAT logging and limits using pf

2014-10-03 Thread Russell Sutherland 
I am trying to determine whether using an OpenBSD system to perform
institutional NAT for our wireless users would be a viable option.

At the present time we are evaluating the A10 Thunder CGN  appliance.

There are a few issues for which I would like to get some input for those
using pf for NAT in large environments (  10k users )


  *   are there problems with arp cache resources ?
  *   can logging be modified to use radius ? We really need some hooks to
determine who is/was responsible for a given session.

Thanks in advance for any operational experience you may have using pf in a
similar environment.


--
Russell Sutherland  I+TS
email:russell.sutherl...@utoronto.ca
office:   +1.416.978.0470
mobile: +1.416.803.0080

Snmpd and socket file creation

2011-11-23 Thread Russell Sutherland 
It appears to me that the OpenBSD SNMP daemon: /usr/sbin/snmpd should create
it's own socket file: /var/run/snmpd.sock upon startup. There seems to be an
error which occurs at startup:

# /usr/sbin/snmpd -d
startup
fatal: snmpe: failed to bind SNMP UDP socket
check_child: lost child: snmp engine exited
terminating

I am running OpenBSD 5.0 on a Vmware image.

I've run snmpd previously on OpenBSD 4.7 without problems.

Russell

--
Russell Sutherand  I+TS
e: russell.sutherl...@utoronto.ca
t: +1.416.978.0470
f: +1.416.978.6620
m: +1.416.803.0080

Audacity/Sound recording on a Mac Mini

2011-11-22 Thread Russell Sutherland 
I have a G4 Mac Mini (PowerMac 10,1) and have successfully installed OpenBSD
5.0 on it. I have also successfully built audacity from the ports tree. My
thought was to create a small footprint audio recording system for a small
charitable organization using OpenBSD.

I've had two small problems:

A. When sound is played e.g. When KDE starts up, there is a loud hissing
sound which comes from the internal speaker(s).

B. I am not really able to see any sound input coming from either the native
MacMini audio input/output jack (aoa) nor from a USB (iMic) microphone
(uaudio).

Audacity seems to only show one source of audio input: sndio.

Any help with be greatly appreciated. I do not want to have to go back to an
unsupported version of Mac OS X, nor a Linux/Debian option. Has anyone used
OpenBSD to do sound recording on a MacMini or other Apple PowerPC devices?

Russell

--
Russell Sutherand  I+TS
e: russell.sutherl...@utoronto.ca
t: +1.416.978.0470
f: +1.416.978.6620
m: +1.416.803.0080

Multi Link PPP support in Kernel

2011-11-17 Thread Russell Sutherland 
Is it possible to enable multilink PPP using the kernel based: pppoe(4) ?
Or does one have to resort to the userland pppoe/ppp(8) ?

--
Russell Sutherand  I+TS
e: russell.sutherl...@utoronto.ca
t: +1.416.978.0470
f: +1.416.978.6620
m: +1.416.803.0080

Multiple Ethernet over IP tunnels.

2011-06-20 Thread Russell Sutherland 
I am trying to create multiple L2 over L3 tunnels using OpenBSD. The man
page for gif(4), the generic tunnel interface, gives excellent instructions
for creating _one_ bridge over a wide area network to join two remote LANs.

I have tried to extend this idea by bridging two other LANs over the same
gif0 tunnel. No such luck. Here's a representative stick diagram:


routerA  routerB
LAN1 fxp1  fxp1 LAN1
  \  /
LAN2 fxp2--OpenBSD 1.2.3.4 --- WAN --- 4.3.2.1 OpenBSD fxp2 LAN2
  /fxp0fxp0  \
LAN3 fxp3  fxp3 LAN3

The first tunnel works as documented:

routerA:
#cat /etc/hostname.bridge1
 up add fxp1 add gif0

#cat /etc/hostname.gif0
 tunnel 1.2.3.4 4.3.2.1

routerB:
#cat /etc/hostname.bridge1
 up add fxp1 add gif0
#cat /etc/hostname.gif0
 tunnel 4.3.2.1 1.2.3.4

However if one tries to bridge the other LANS as follows:
#cat /etc/hostname.bridge2
 up add fxp2 add gif0

This fails.

Does one need to create alias addresses on fxp0 and create gif1?
e.g. Tunnel 1.2.3.5 - 4.3.2.2

Or is there an easier way to do this?

--
Russell Sutherand
e: russell.sutherl...@utoronto.ca
t: +1.416.978.0470
f: +1.416.978.6620
m: +1.416.803.0080

ipsec.conf syntax

2010-06-07 Thread Russell Sutherland 
I am trying to set up an ipsec bridge  using the template and  
instructions found in the brconfig man page (OpenBSD 4.6):


 Create Security Associations (SAs) between the external IP  
address of

 each bridge and matching ingress flows by using the following
 ipsec.conf(5) file on bridge1:

   esp from 1.2.3.4 to 4.3.2.1 spi 0x4242:0x4243 \
   authkey file auth1:auth2 enckey file enc1:enc2
   flow esp proto etherip from 1.2.3.4 to 4.3.2.1

I was curious as to the exact meaning of the colon, specifically the  
auth1:auth2 and enc1:enc2 arguments.

Do they mean references to the 4 keys, two on each of the machines?

E.g.

om 1.2.3.4 to 4.3.2.1 spi 0x4242:0x4243 \
   authkey file /etc/keys/auth1:/etc/keys/auth2  
enckey file /etc/keys/enc1:/etc/keys/enc2

   flow esp proto etherip from 1.2.3.4 to 4.3.2.1


---
Russell P. Sutherland   Email: russ @ madhaus.cns.utoronto.ca
4 Bancroft Ave., Rm. 102Voice: +1.416.978.0470
University of Toronto   Fax:   +1.416.978.6620
Toronto, ON  M5S 1C1
CANADA

ALTQ question

2005-06-02 Thread Russell Sutherland 
I would like to create a traffic shaping scenario as follows:

Establish and queue on an outgoing interface
with the following properties:

1. Total available bandwidth: N Mbps

2. There are n active src IP addresses
   using the queue to send traffic.

3. All src IPs in the queue share
   the bandwith equally. That is each machine gets
   a maximum allocation of N/n Mbps. E.g. If there are 10 src IP
   addresses sending traffic each one gets a maximum
   bandwidth of: N/10 Mbps

4. [optional] One can set a cap for the maximum
   bandwidth (M Mbps) for each active src IP in the queue even
   in the case that N/n  M.

5. The n active src IP addresses all fall within a known
   CIDR block.

Can this be done using ALTQ? I believe its possible using dummynet.

-- 
Russell P. Sutherland   Email: russ @ madhaus.cns.utoronto.ca
4 Bancroft Ave., Rm. 102Voice: +1.416.978.0470
University of Toronto   Fax:   +1.416.978.6620
Toronto, ON  M5S 1C1WWW:   http://madhaus.cns.utoronto.ca/~russ
CANADA