Re: Certain size packets not passing through a L2 over L3 IPsec tunnel
Ok... I've updated both ends of the tunnel to OpenBSD 6.5 and the same problem exists when trying to pass packets of a certain size. Any ideas on how to fix or work around this issue? Thanks in advance. Russell P. Sutherland Email: russell . sutherland @ utoronto dawt ca Network Engineer, I+TS Voice: +1.416.978.0470 4 Bancroft Ave., Rm. 102 Cell: +1.416.803.0080 University of TorontoFax: +1.416.978.6620 Toronto, ON M5S 1C1 From: Russell Sutherland Sent: Thursday, October 10, 2019 16:25 To: misc@openbsd.org Subject: Certain size packets not passing through a L2 over L3 IPsec tunnel I've set up a L2overL3 tunnel using the template as found in "man etherip". I am running OpenBSD 5.9, which I believe is the first version to support the etherip interface. I find the bridge/tunnel does not pass a small range of specific sized packets. E.g. if 1.2.3.4 is at the far end of the tunnel and I am pinging from the local end: ping -s 1388 1.2.3.4 works ping -s 1396 1.2.3.4 works All other sizes, 1389 to 1395 inclusive fail. Is there some way to remedy this? Thanks in advance. Russell P. Sutherland Email: russell . sutherland @ utoronto dawt ca Network Engineer, I+TS Voice: +1.416.978.0470 4 Bancroft Ave., Rm. 102 Cell: +1.416.803.0080 University of TorontoFax: +1.416.978.6620 Toronto, ON M5S 1C1
Certain size packets not passing through a L2 over L3 IPsec tunnel
I've set up a L2overL3 tunnel using the template as found in "man etherip". I am running OpenBSD 5.9, which I believe is the first version to support the etherip interface. I find the bridge/tunnel does not pass a small range of specific sized packets. E.g. if 1.2.3.4 is at the far end of the tunnel and I am pinging from the local end: ping -s 1388 1.2.3.4 works ping -s 1396 1.2.3.4 works All other sizes, 1389 to 1395 inclusive fail. Is there some way to remedy this? Thanks in advance. Russell P. Sutherland Email: russell . sutherland @ utoronto dawt ca Network Engineer, I+TS Voice: +1.416.978.0470 4 Bancroft Ave., Rm. 102 Cell: +1.416.803.0080 University of TorontoFax: +1.416.978.6620 Toronto, ON M5S 1C1
Re: OpenBSD 6.5 dumps to debugger when using ifconfig bridge command
Done. Russell P. Sutherland Email: russell . sutherland @ utoronto dawt ca Network Engineer, I+TS Voice: +1.416.978.0470 4 Bancroft Ave., Rm. 102 Cell: +1.416.803.0080 University of TorontoFax: +1.416.978.6620 Toronto, ON M5S 1C1 From: owner-m...@openbsd.org on behalf of Hrvoje Popovski Sent: Wednesday, June 5, 2019 05:59 To: misc@openbsd.org Subject: Re: OpenBSD 6.5 dumps to debugger when using ifconfig bridge command On 4.6.2019. 21:22, Russell Sutherland wrote: > I tried loading current on the device and the same result: > > OpenBSD 6.5-current (GENERIC.MP) #5: Mon Jun 3 07:46:49 MDT 2019 > > # netstat -in > NameMtu Network Address Ipkts IfailOpkts Ofail > Colls > lo0 327680 00 0 > 0 > lo0 32768 ::1/128 ::1 0 00 0 > 0 > lo0 32768 fe80::%lo0/ fe80::1%lo0 0 00 0 > 0 > lo0 32768 127/8 127.0.0.10 00 0 > 0 > em0 150000:0d:b9:43:9b:3031715 0 120479 7 > 0 > em1 150000:0d:b9:43:9b:31 123252 11630860 0 > 0 > em2 150000:0d:b9:43:9b:32 1672 0 625 0 > 0 > em2 1500 128.100.103 128.100.103.831672 0 625 0 > 0 > enc0* 00 00 0 > 0 > bridge0 1500152255 0 151339 0 > 0 > pflog0 331360 0 70 0 > 0 > freenas-fw# ifconfig bridge0 > bridge0: flags=4WARNING: SPL NOT LOWERED ON S1 > YSCALL 5index 6 llprio 34 3 EXIT 0 > groups: bridg 9 > e > priorStopped at savectx+0xb1: movl$0,%gs:0x530 > ddb{2}> Hi, can you take a look at this link https://www.openbsd.org/ddb.html when your box is up and running execute sendbug -P > bridge-problem.txt and when your box is in ddb type this commands trace, ps and send all those to b...@openbsd.org mailing list ...
Re: OpenBSD 6.5 dumps to debugger when using ifconfig bridge command
I tried loading current on the device and the same result: OpenBSD 6.5-current (GENERIC.MP) #5: Mon Jun 3 07:46:49 MDT 2019 # netstat -in NameMtu Network Address Ipkts IfailOpkts Ofail Colls lo0 327680 00 0 0 lo0 32768 ::1/128 ::1 0 00 0 0 lo0 32768 fe80::%lo0/ fe80::1%lo0 0 00 0 0 lo0 32768 127/8 127.0.0.10 00 0 0 em0 150000:0d:b9:43:9b:3031715 0 120479 7 0 em1 150000:0d:b9:43:9b:31 123252 11630860 0 0 em2 150000:0d:b9:43:9b:32 1672 0 625 0 0 em2 1500 128.100.103 128.100.103.831672 0 625 0 0 enc0* 00 00 0 0 bridge0 1500152255 0 151339 0 0 pflog0 331360 0 70 0 0 freenas-fw# ifconfig bridge0 bridge0: flags=4WARNING: SPL NOT LOWERED ON S1 YSCALL 5index 6 llprio 34 3 EXIT 0 groups: bridg 9 e priorStopped at savectx+0xb1: movl$0,%gs:0x530 ddb{2}> Russell P. Sutherland Email: russell . sutherland @ utoronto dawt ca Network Engineer, I+TS Voice: +1.416.978.0470 4 Bancroft Ave., Rm. 102 Cell: +1.416.803.0080 University of Toronto Fax: +1.416.978.6620 Toronto, ON M5S 1C1 From: owner-m...@openbsd.org on behalf of Stuart Henderson Sent: Tuesday, June 4, 2019 13:53 To: misc@openbsd.org Subject: Re: OpenBSD 6.5 dumps to debugger when using ifconfig bridge command >There was a crash fixed in bridge(4) a few weeks ago, can you try reproducing on -current? On 2019-06-04, Lee Nelson wrote: > I have twice seen kernel panics in the same situation. It drops to "ddb>" > but the system is unresponsive. Unfortunately, other than taking a picture > of the screen with my cellphone, I do not have any further information from > the system. On both occasions, I was issuing "ifconfig bridge42" without > any arguments. (and no, there aren't 41 other bridges. 42 has other > significance in my network) > > On Tue, Jun 4, 2019, 08:41 Russell Sutherland < > russell.sutherl...@utoronto.ca> wrote: > >> I began to install resflash (https://stable.rcesoftware.com/resflash/) >> which is based on OpenBSD) to build a small firewall on an PC Engines apu2 >> board. Three interfaces, two bridged and one with an IP for management. >> >> I found the system would crash and drop down to the debugger interface >> whenever I issued the: >> >> # ifconfig bridge0 >> >> command. >> >> # ifconfig -a >> >> worked fine. After discussing this with the author we thought it good to >> try the same configuration on vanilla 6.5 install. >> >> This worked better, but after a short period of operation the same >> symptoms occured: >> >> # ifconfig bridge0 >> >> bridge0: flags=4WAR1 >> >> Nindex 6 llprio ING: SPL NOT >> >> groups: bridgLOWEe >> >> priority 327RED68 hellotime 2 f ONwddelay 15 maxag e 20 holdcnt 6 >> pSYSCALL 5roto rstp >> >> desi4gnated: id 00:0 3 EXIT 0:00:00:00:00 pri 9 >> >> ority 0 >> >> agsStopped at savectx+0xb1: movl $0,%gs:0x508 >> >> ddb{3}> >> >> >> Here is the output from dmesg: >> >> >> OpenBSD 6.5 (GENERIC.MP) #3: Sat Apr 13 14:48:43 MDT 2019 >> dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP >> real mem = 1996148736 (1903MB) >> avail mem = 1926090752 (1836MB) >> mpath0 at root >> scsibus0 at mpath0: 256 targets >> mainbus0 at root >> bios0 at mainbus0: SMBIOS rev. 2.7 @ 0x77fb7020 (7 entries) >> bios0: vendor coreboot version "88a4f96" date 03/07/2016 >> bios0: PC Engines apu2 >> acpi0 at bios0: rev 2 >> acpi0: sleep states S0 S1 S2 S3 S4 S5 >> acpi0: tables DSDT FACP SSDT APIC HEST SSDT SSDT HPET >> acpi0: wakeup devices PWRB(S4) PBR4(S4) PBR5(S4) PBR6(S4) PBR7(S4) >> PBR8(S4) UOH1(S3) UOH3(S3) UOH5(S3) XHC0(S4) >> acpitimer0 at acpi0: 3579545 Hz, 32 bits >> acpimadt0 at acpi0 addr 0xfee0: PC-AT compat >> cpu0 at mainbus0: apid 0 (boot processor) >> cpu0: AMD GX-412TC SOC, 998.28 MHz, 16-30-01 >> cpu0:FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PA
OpenBSD 6.5 dumps to debugger when using ifconfig bridge command
acpi0: bus 3 (PBR7) acpiprt5 at acpi0: bus -1 (PBR8) acpicpu0 at acpi0: C2(0@400 io@0x1771), C1(@1 halt!), PSS acpicpu1 at acpi0: C2(0@400 io@0x1771), C1(@1 halt!), PSS acpicpu2 at acpi0: C2(0@400 io@0x1771), C1(@1 halt!), PSS acpicpu3 at acpi0: C2(0@400 io@0x1771), C1(@1 halt!), PSS acpibtn0 at acpi0: PWRB acpipci0 at acpi0 PCI0: 0x 0x0011 0x0001 acpicmos0 at acpi0 cpu0: 998 MHz: speeds: 1000 800 600 MHz pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 "AMD AMD64 16h Root Complex" rev 0x00 pchb1 at pci0 dev 2 function 0 "AMD AMD64 16h Host" rev 0x00 ppb0 at pci0 dev 2 function 2 "AMD AMD64 16h PCIE" rev 0x00: msi pci1 at ppb0 bus 1 em0 at pci1 dev 0 function 0 "Intel I211" rev 0x03: msi, address 00:0d:b9:43:9b:30 ppb1 at pci0 dev 2 function 3 "AMD AMD64 16h PCIE" rev 0x00: msi pci2 at ppb1 bus 2 em1 at pci2 dev 0 function 0 "Intel I211" rev 0x03: msi, address 00:0d:b9:43:9b:31 ppb2 at pci0 dev 2 function 4 "AMD AMD64 16h PCIE" rev 0x00: msi pci3 at ppb2 bus 3 em2 at pci3 dev 0 function 0 "Intel I211" rev 0x03: msi, address 00:0d:b9:43:9b:32 ccp0 at pci0 dev 8 function 0 "AMD Cryptographic Co-processor v3" rev 0x00 xhci0 at pci0 dev 16 function 0 "AMD Bolton xHCI" rev 0x11: msi, xHCI 1.0 usb0 at xhci0: USB revision 3.0 uhub0 at usb0 configuration 1 interface 0 "AMD xHCI root hub" rev 3.00/1.00 addr 1 ahci0 at pci0 dev 17 function 0 "AMD Hudson-2 SATA" rev 0x40: apic 4 int 19, AHCI 1.3 scsibus1 at ahci0: 32 targets ehci0 at pci0 dev 19 function 0 "AMD Hudson-2 USB2" rev 0x39: apic 4 int 18 usb1 at ehci0: USB revision 2.0 uhub1 at usb1 configuration 1 interface 0 "AMD EHCI root hub" rev 2.00/1.00 addr 1 piixpm0 at pci0 dev 20 function 0 "AMD Hudson-2 SMBus" rev 0x42: SMBus disabled pcib0 at pci0 dev 20 function 3 "AMD Hudson-2 LPC" rev 0x11 sdhc0 at pci0 dev 20 function 7 "AMD Bolton SD/MMC" rev 0x01: apic 4 int 16 sdhc0: SDHC 2.0, 63 MHz base clock sdmmc0 at sdhc0: 4-bit, sd high-speed, mmc high-speed, dma pchb2 at pci0 dev 24 function 0 "AMD AMD64 16h Link Cfg" rev 0x00 pchb3 at pci0 dev 24 function 1 "AMD AMD64 16h Address Map" rev 0x00 pchb4 at pci0 dev 24 function 2 "AMD AMD64 16h DRAM Cfg" rev 0x00 km0 at pci0 dev 24 function 3 "AMD AMD64 16h Misc Cfg" rev 0x00 pchb5 at pci0 dev 24 function 4 "AMD AMD64 16h CPU Power" rev 0x00 pchb6 at pci0 dev 24 function 5 "AMD AMD64 16h Misc Cfg" rev 0x00 isa0 at pcib0 isadma0 at isa0 com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo com0: console com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo pcppi0 at isa0 port 0x61 spkr0 at pcppi0 lpt0 at isa0 port 0x378/4 irq 7 wbsio0 at isa0 port 0x2e/2: NCT5104D rev 0x52 vmm0 at mainbus0: SVM/RVI umass0 at uhub0 port 3 configuration 1 interface 0 "SanDisk Cruzer Glide" rev 2.00/1.00 addr 2 umass0: using SCSI over Bulk-Only scsibus2 at umass0: 2 targets, initiator 0 sd0: 29952MB, 512 bytes/sector, 61341696 sectors uhub2 at uhub1 port 1 configuration 1 interface 0 "Advanced Micro Devices product 0x7900" rev 2.00/0.18 addr 2 vscsi0 at root scsibus3 at vscsi0: 256 targets softraid0 at root scsibus4 at softraid0: 256 targets root on sd0a (d3fbbb47f1a19759.a) swap on sd0b dump on sd0b Russell P. Sutherland Email: russell . sutherland @ utoronto dawt ca Network Engineer, I+TS Voice: +1.416.978.0470 4 Bancroft Ave., Rm. 102 Cell: +1.416.803.0080 University of Toronto Fax: +1.416.978.6620 Toronto, ON M5S 1C1
More syntax/parsing issues in the lists/macros of pf
Is it possible to use a macro variable with a network CIDR value and then reference it later in a list? E.g. This first example is fine: a = “1.2.3.4” b = “2.3.4.5” c = “{“ $a $b “}” works as expected, that is c ends up as a list with host values: c = "{ 1.2.3.4 2.3.4.5 }” But if one uses the CIDR network format for any one of the variables, a syntax error is created: an = “1.2.3.0/24” bn = “2.3.0.0/16” cn = “{“ $an $bn “}” Output from pfctl -nvf /etc/pf.conf: a = "1.2.3.4" b = "2.3.4.5" c = "{ 1.2.3.4 2.3.4.5 }" an = "1.2.3.0/24" bn = "2.3.0.0/16" /etc/pf.conf:36: syntax error — Russell Sutherland Supervisor, Network Development | Enterprise Infrastructure Solutions Information Technology Services | University of Toronto 4 Bancroft Ave., Rm. 102 | Toronto, ON M5S 1C1 russell.sutherl...@utoronto.ca +1.416.978.0470 ~ tel +1.416.978.6620 ~ fax
Connecting to a GRE Transparent Ethernet Bridging host
Is it possible to use one of OpenBSD’s tunnelling interfaces (gre/gif/etherip) to connect to a remote host (Edgerouter Lite) which is using GRE in Transparent Ethernet (protocol type 0x6558) mode? Looking at the source code in /usr/src/sys/net there is a flag for this mode defined but I do not think it is referenced and hence not utilized. # pwd /usr/src/sys/net # grep ETHERTYPE * | grep TRANS ethertypes.h:#defineETHERTYPE_TRANSETHER0x6558 /* Trans Ether Bridging (RFC1701)*/ — Russell Sutherland Supervisor, Network Development | Enterprise Infrastructure Solutions Information Technology Services | University of Toronto 4 Bancroft Ave., Rm. 102 | Toronto, ON M5S 1C1 russell.sutherl...@utoronto.ca +1.416.978.0470 ~ tel +1.416.978.6620 ~ fax
Differences between etherip(4) and gif(4)
I noticed that the etherip pseudo-device appeared with OpenBSD 5.9 which is intended for tunnelling. Prior to this I have been using the gif pseudo device to accomplish much the same thing (in my case L2 over L3). Apart from specifying the mtu to lower value to avoid problems with larger frames, is there any real advantage with the new etherip device? — Russell Sutherland Supervisor, Network Development | Enterprise Infrastructure Solutions Information Technology Services | University of Toronto 4 Bancroft Ave., Rm. 102 | Toronto, ON M5S 1C1 russell.sutherl...@utoronto.ca +1.416.978.0470 ~ tel +1.416.978.6620 ~ fax
Core dumps after upgrading to OpenBSD 5.7
31 function 2 Intel 3400 SATA rev 0x05: DMA, channel 0 configured to native-PCI, channel 1 configured to native-PCI pciide0: using apic 0 int 20 for native-PCI interrupt pciide1 at pci0 dev 31 function 5 Intel 3400 SATA rev 0x05: DMA, channel 0 wired to native-PCI, channel 1 wired to native-PCI pciide1: using apic 0 int 21 for native-PCI interrupt atapiscsi0 at pciide1 channel 0 drive 0 scsibus2 at atapiscsi0: 2 targets cd0 at scsibus2 targ 0 lun 0: TEAC, DVD-ROM DV-28SW, R.2A ATAPI 5/cdrom removable cd0(pciide1:0:0): using PIO mode 4, Ultra-DMA mode 5 isa0 at pcib0 isadma0 at isa0 com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo pckbc0 at isa0 port 0x60/5 pcppi0 at isa0 port 0x61 spkr0 at pcppi0 npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 uhub2 at uhub0 port 1 Intel Rate Matching Hub rev 2.00/0.00 addr 2 uhub3 at uhub2 port 1 Standard Microsystems product 0x2514 rev 2.00/0.00 addr 3 uhub4 at uhub3 port 2 Mitsumi Electric Hub in Apple Extended USB Keyboard rev 1.10/4.10 addr 4 uhidev0 at uhub4 port 3 configuration 1 interface 0 Mitsumi Electric Apple Extended USB Keyboard rev 1.10/4.10 addr 5 uhidev0: iclass 3/1 ukbd0 at uhidev0: 8 variable keys, 6 key codes wskbd0 at ukbd0: console keyboard, using wsdisplay0 uhidev1 at uhub4 port 3 configuration 1 interface 1 Mitsumi Electric Apple Extended USB Keyboard rev 1.10/4.10 addr 5 uhidev1: iclass 3/0, 3 report ids uhid0 at uhidev1 reportid 2: input=1, output=0, feature=0 uhid1 at uhidev1 reportid 3: input=3, output=0, feature=0 uhub5 at uhub1 port 1 Intel Rate Matching Hub rev 2.00/0.00 addr 2 vscsi0 at root scsibus3 at vscsi0: 256 targets softraid0 at root scsibus4 at softraid0: 256 targets root on sd0a (6b4b6c203a57b1ac.a) swap on sd0b dump on sd0b bnx0: address 78:2b:cb:13:e4:0c brgphy0 at bnx0 phy 1: BCM5709 10/100/1000baseT PHY, rev. 8 bnx1: address 78:2b:cb:13:e4:0d brgphy1 at bnx1 phy 1: BCM5709 10/100/1000baseT PHY, rev. 8 ukbd0: was console keyboard wskbd0 detached ukbd0 detached uhidev0 detached uhid0 detached uhid1 detached uhidev1 detached uhub4 detached Iâve never had this behaviour after an upgrade. -- Russell Sutherland Supervisor, Network Development | Enterprise Infrastructure Solutions Information Technology Services | University of Toronto 4 Bancroft Ave., Rm. 102 | Toronto, ON M5S 1C1 russell.sutherl...@utoronto.ca +1.416.978.0470 ~ tel +1.416.978.6620 ~ fax
Re: OpenBSD embedded?
Does anyone know if the Dual-Core 500 MHz, MIPS64 board that is used in the Ubiquiti EdgeRouter family, has been used as an OpenBSD platform? I know there is development on the octeon http://www.openbsd.org/octeon.html platforms, but not sure if the port was actually usable. -- Russell Sutherland I+TS email:russell.sutherl...@utoronto.ca office: +1.416.978.0470 mobile: +1.416.803.0080 On 2014-12-04, 7:53 AM, Brad Smith b...@comstyle.com wrote: On 12/04/14 07:05, Alan McKay wrote: On Thu, Dec 4, 2014 at 1:15 AM, Vivek Vinod vi...@icanconnect.com wrote: We have been using Mikrotik routerboards since 7 years Huh? With OpenBSD on them? There are 3 PowerPC based RouterBOARDs. AFAIK the RB600 is supported at the moment by the socppc port. The RB800 and RB850Gx2 boards would probably be relatively easy to add support for. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Re: OpenBSD embedded?
ThanksŠ And may I assume with net booting saving local customizations (firewall rules, network configuration, etc.) is a bit awkward, as there is no local storage? -- Russell Sutherland I+TS email:russell.sutherl...@utoronto.ca office: +1.416.978.0470 mobile: +1.416.803.0080 On 2014-12-04, 12:05 PM, Chris Cappuccio ch...@nmedia.net wrote: Russell Sutherland [russell.sutherl...@utoronto.ca] wrote: Does anyone know if the Dual-Core 500 MHz, MIPS64 board that is used in the Ubiquiti EdgeRouter family, has been used as an OpenBSD platform? I know there is development on the octeon http://www.openbsd.org/octeon.html platforms, but not sure if the port was actually usable. The port is going to be more usable if it gets USB support. Right now you have to net boot.
NAT logging and limits using pf
I am trying to determine whether using an OpenBSD system to perform institutional NAT for our wireless users would be a viable option. At the present time we are evaluating the A10 Thunder CGN appliance. There are a few issues for which I would like to get some input for those using pf for NAT in large environments ( 10k users ) * are there problems with arp cache resources ? * can logging be modified to use radius ? We really need some hooks to determine who is/was responsible for a given session. Thanks in advance for any operational experience you may have using pf in a similar environment. -- Russell Sutherland I+TS email:russell.sutherl...@utoronto.ca office: +1.416.978.0470 mobile: +1.416.803.0080
Snmpd and socket file creation
It appears to me that the OpenBSD SNMP daemon: /usr/sbin/snmpd should create it's own socket file: /var/run/snmpd.sock upon startup. There seems to be an error which occurs at startup: # /usr/sbin/snmpd -d startup fatal: snmpe: failed to bind SNMP UDP socket check_child: lost child: snmp engine exited terminating I am running OpenBSD 5.0 on a Vmware image. I've run snmpd previously on OpenBSD 4.7 without problems. Russell -- Russell Sutherand I+TS e: russell.sutherl...@utoronto.ca t: +1.416.978.0470 f: +1.416.978.6620 m: +1.416.803.0080
Audacity/Sound recording on a Mac Mini
I have a G4 Mac Mini (PowerMac 10,1) and have successfully installed OpenBSD 5.0 on it. I have also successfully built audacity from the ports tree. My thought was to create a small footprint audio recording system for a small charitable organization using OpenBSD. I've had two small problems: A. When sound is played e.g. When KDE starts up, there is a loud hissing sound which comes from the internal speaker(s). B. I am not really able to see any sound input coming from either the native MacMini audio input/output jack (aoa) nor from a USB (iMic) microphone (uaudio). Audacity seems to only show one source of audio input: sndio. Any help with be greatly appreciated. I do not want to have to go back to an unsupported version of Mac OS X, nor a Linux/Debian option. Has anyone used OpenBSD to do sound recording on a MacMini or other Apple PowerPC devices? Russell -- Russell Sutherand I+TS e: russell.sutherl...@utoronto.ca t: +1.416.978.0470 f: +1.416.978.6620 m: +1.416.803.0080
Multi Link PPP support in Kernel
Is it possible to enable multilink PPP using the kernel based: pppoe(4) ? Or does one have to resort to the userland pppoe/ppp(8) ? -- Russell Sutherand I+TS e: russell.sutherl...@utoronto.ca t: +1.416.978.0470 f: +1.416.978.6620 m: +1.416.803.0080
Multiple Ethernet over IP tunnels.
I am trying to create multiple L2 over L3 tunnels using OpenBSD. The man page for gif(4), the generic tunnel interface, gives excellent instructions for creating _one_ bridge over a wide area network to join two remote LANs. I have tried to extend this idea by bridging two other LANs over the same gif0 tunnel. No such luck. Here's a representative stick diagram: routerA routerB LAN1 fxp1 fxp1 LAN1 \ / LAN2 fxp2--OpenBSD 1.2.3.4 --- WAN --- 4.3.2.1 OpenBSD fxp2 LAN2 /fxp0fxp0 \ LAN3 fxp3 fxp3 LAN3 The first tunnel works as documented: routerA: #cat /etc/hostname.bridge1 up add fxp1 add gif0 #cat /etc/hostname.gif0 tunnel 1.2.3.4 4.3.2.1 routerB: #cat /etc/hostname.bridge1 up add fxp1 add gif0 #cat /etc/hostname.gif0 tunnel 4.3.2.1 1.2.3.4 However if one tries to bridge the other LANS as follows: #cat /etc/hostname.bridge2 up add fxp2 add gif0 This fails. Does one need to create alias addresses on fxp0 and create gif1? e.g. Tunnel 1.2.3.5 - 4.3.2.2 Or is there an easier way to do this? -- Russell Sutherand e: russell.sutherl...@utoronto.ca t: +1.416.978.0470 f: +1.416.978.6620 m: +1.416.803.0080
ipsec.conf syntax
I am trying to set up an ipsec bridge using the template and instructions found in the brconfig man page (OpenBSD 4.6): Create Security Associations (SAs) between the external IP address of each bridge and matching ingress flows by using the following ipsec.conf(5) file on bridge1: esp from 1.2.3.4 to 4.3.2.1 spi 0x4242:0x4243 \ authkey file auth1:auth2 enckey file enc1:enc2 flow esp proto etherip from 1.2.3.4 to 4.3.2.1 I was curious as to the exact meaning of the colon, specifically the auth1:auth2 and enc1:enc2 arguments. Do they mean references to the 4 keys, two on each of the machines? E.g. om 1.2.3.4 to 4.3.2.1 spi 0x4242:0x4243 \ authkey file /etc/keys/auth1:/etc/keys/auth2 enckey file /etc/keys/enc1:/etc/keys/enc2 flow esp proto etherip from 1.2.3.4 to 4.3.2.1 --- Russell P. Sutherland Email: russ @ madhaus.cns.utoronto.ca 4 Bancroft Ave., Rm. 102Voice: +1.416.978.0470 University of Toronto Fax: +1.416.978.6620 Toronto, ON M5S 1C1 CANADA
ALTQ question
I would like to create a traffic shaping scenario as follows: Establish and queue on an outgoing interface with the following properties: 1. Total available bandwidth: N Mbps 2. There are n active src IP addresses using the queue to send traffic. 3. All src IPs in the queue share the bandwith equally. That is each machine gets a maximum allocation of N/n Mbps. E.g. If there are 10 src IP addresses sending traffic each one gets a maximum bandwidth of: N/10 Mbps 4. [optional] One can set a cap for the maximum bandwidth (M Mbps) for each active src IP in the queue even in the case that N/n M. 5. The n active src IP addresses all fall within a known CIDR block. Can this be done using ALTQ? I believe its possible using dummynet. -- Russell P. Sutherland Email: russ @ madhaus.cns.utoronto.ca 4 Bancroft Ave., Rm. 102Voice: +1.416.978.0470 University of Toronto Fax: +1.416.978.6620 Toronto, ON M5S 1C1WWW: http://madhaus.cns.utoronto.ca/~russ CANADA