Re: doas
I wrote a guide: https://wiki.ircnow.org/?n=Doas.Configure -- jrmu IRCNow (https://ircnow.org) On Thu, Sep 05, 2024 at 01:59:49PM -0400, openbsd_fr...@mail2tor.com wrote: > Gentlemen! How do I doas my regular user. > > How do I learn the syntax? > > Thanks. >
Re: how do I debug this? any hints?
Searching for .fullchain.pem first before .crt would be a great help, it
best matches the naming conventions used in the
/etc/example/acme-client.conf
--
jrmu
IRCNow (https://ircnow.org)
On Sun, Aug 11, 2024 at 12:44:40PM +0200, Peter Philipp wrote:
> On Sun, Aug 11, 2024 at 11:10:17AM +0200, Kirill A. Korinsky wrote:
> > On Sun, 11 Aug 2024 09:57:31 +0200,
> > Peter Philipp wrote:
> > >
> > > openssl s_client returns this:
> > >
> > > Verify return code: 20 (unable to get local issuer certificate)
> > >
> > >
> > > based on these two command which the first one fails hard:
> > >
> > > 34 ftp
> > > https://download.delphinusdns.org/pub/delphinusdnsd/snapshot/INSTALL/goldflipper11.png
> > > 35 openssl s_client -connect download.delphinusdns.org:443
> > >
> > > how do I debug this? If anyone can hold my hand a little bit here, I
> > > would
> > > appreciate it. I have added TLSA DNS entries for all the port 443's on my
> > > DNS!
> > >
> >
> > I see that you're using a ceritficate which was issued by Let's Encryption,
> > and I asee that certificate which is sent from your server hasn't got full
> > chain:
> >
> > Certificate chain
> >0 s:/CN=download.delphinusdns.org
> > i:/C=US/O=Let's Encrypt/CN=R10
> >
> > I think that distributing the whole chain should fix that issue.
> >
> > --
> > wbr, Kirill
>
> Would this patch then, make any sense?
>
> -pjp
>
>
> Index: parse.y
> ===
> RCS file: /cvs/src/usr.sbin/relayd/parse.y,v
> retrieving revision 1.257
> diff -u -p -u -r1.257 parse.y
> --- parse.y 10 Aug 2024 05:47:29 - 1.257
> +++ parse.y 11 Aug 2024 10:43:15 -
> @@ -1372,6 +1372,8 @@ flag: STRING{
> $$ = TLSFLAG_CIPHER_SERVER_PREF;
> else if (strcmp("client-renegotiation", $1) == 0)
> $$ = TLSFLAG_CLIENT_RENEG;
> + else if (strcmp("fullchain", $1) == 0)
> + $$ = TLSFLAG_KEYPAIR_FULLCHAIN;
> else {
> yyerror("invalid TLS flag: %s", $1);
> free($1);
> Index: relayd.c
> ===
> RCS file: /cvs/src/usr.sbin/relayd/relayd.c,v
> retrieving revision 1.191
> diff -u -p -u -r1.191 relayd.c
> --- relayd.c 25 Jun 2023 08:07:38 - 1.191
> +++ relayd.c 11 Aug 2024 10:43:15 -
> @@ -1367,11 +1367,14 @@ relay_load_certfiles(struct relayd *env,
> goto fail;
>
> if (snprintf(certfile, sizeof(certfile),
> - "/etc/ssl/%s:%u.crt", hbuf, useport) == -1)
> + "/etc/ssl/%s:%u.%s", hbuf, useport, ((proto->tlsflags & \
> + TLSFLAG_KEYPAIR_FULLCHAIN) ? "fullchain.pem" : "crt")) == -1)
> goto fail;
> if ((cert_fd = open(certfile, O_RDONLY)) == -1) {
> if (snprintf(certfile, sizeof(certfile),
> - "/etc/ssl/%s.crt", hbuf) == -1)
> + "/etc/ssl/%s.%s", hbuf, ((proto->tlsflags & \
> + TLSFLAG_KEYPAIR_FULLCHAIN) ? "fullchain.pem" : "crt")
> + ) == -1)
> goto fail;
> if ((cert_fd = open(certfile, O_RDONLY)) == -1)
> goto fail;
> Index: relayd.conf.5
> ===
> RCS file: /cvs/src/usr.sbin/relayd/relayd.conf.5,v
> retrieving revision 1.209
> diff -u -p -u -r1.209 relayd.conf.5
> --- relayd.conf.5 14 Jul 2024 03:58:49 - 1.209
> +++ relayd.conf.5 11 Aug 2024 10:43:15 -
> @@ -1040,6 +1040,9 @@ The default is
> Is deprecated and does nothing.
> .It Ic tlsv1.1
> Is deprecated and does nothing.
> +.It Ic fullchain
> +prefers the fullchain PEM file instead of the CRT as given by
> +.Xr acme-client 1 .
> .El
> .It Ic http Ar option
> Set the HTTP options and session settings.
> Index: relayd.h
> ===
> RCS file: /cvs/src/usr.sbin/relayd/relayd.h,v
> retrieving revision 1.274
> diff -u -p -u -r1.274 relayd.h
> --- relayd.h 10 Aug 2024 05:47:29 - 1.274
> +++ relayd.h 11 Aug 2024 10:43:15 -
> @@ -701,12 +701,14 @@ TAILQ_
Re: ripd processes not exchanging routing tables
Greetings, > This looks strange to me. You do something here that is putting you in the > warranty void bucket. Please configure your interfaces properly. Do not > play games by injecting route commands to install cloning routes for a > different network. > > In short make sure that vport11 and vio0 share a common subnet and can > talk directly to each other. After that ripd may actually work as well. Thank you, this was the cause. I updated the configuration so that the interfaces were in the same subnet, and now it works! I documented it here: https://wiki.ircnow.org/index.php?n=Ripd.Configure Thanks so much for the help. -- jrmu IRCNow (https://ircnow.org)
Re: ripd processes not exchanging routing tables
On R2, I run this command: r2# netstat -na -f inet Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign AddressTCP-State tcp 0 0 127.0.0.1.25 *.*LISTEN tcp 0 0 *.22 *.*LISTEN Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address udp 0 0 10.2.1.1.3788 217.180.209.214.123 udp 0 0 10.2.1.1.12451 162.159.200.1.123 udp 0 0 10.2.1.1.29041 142.202.190.19.123 udp 0 0 10.2.1.1.8358 69.89.207.199.123 udp 0 0 10.2.1.1.23580 73.193.62.54.123 udp 0 0 *.520 *.* udp 0 0 *.**.* udp 0 0 *.**.* I notice that there's no listener for 224.0.0.9. This looks like the reason for failure is that the interface isn't set up to listen for IP multicast packets. Does anyone know how to fix that? I can't seem to find documentation for how to add the interface to listen to multicast packets. -- jrmu IRCNow (https://ircnow.org)
ripd processes not exchanging routing tables
29734 e8:8b:21:21:21:21 01:00:5e:00:00:09 0800 186: 10.2.1.1.520 >
224.0.0.9.520: RIPv2-resp [items 7]: {10.1.0.0/255.255.0.0}(16)
{10.1.2.1/255.255.255.255}(16) {10.3.0.0/255.255.0.0}(2)
{10.3.2.1/255.255.255.255}(2) {10.4.0.0/255.255.0.0}(2)
{10.4.2.1/255.255.255.255}(2) {10.5.0.0/255.255.0.0}(2) [tos 0xc0] [ttl 1]
20:18:10.669431 fe:e1:ba:d1:c2:8b 01:00:5e:00:00:09 0800 86: 10.1.2.1.520 >
224.0.0.9.520: RIPv2-resp [items 2]: {10.0.0.0/255.0.0.0}(16)
{10.2.1.1/255.255.255.255}(16) [tos 0xc0] [ttl 1]
20:18:38.049714 e8:8b:21:21:21:21 01:00:5e:00:00:09 0800 186: 10.2.1.1.520 >
224.0.0.9.520: RIPv2-resp [items 7]: {10.1.0.0/255.255.0.0}(16)
{10.1.2.1/255.255.255.255}(16) {10.3.0.0/255.255.0.0}(2)
{10.3.2.1/255.255.255.255}(2) {10.4.0.0/255.255.0.0}(2)
{10.4.2.1/255.255.255.255}(2) {10.5.0.0/255.255.0.0}(2) [tos 0xc0] [ttl 1]
20:18:43.679243 fe:e1:ba:d1:c2:8b 01:00:5e:00:00:09 0800 86: 10.1.2.1.520 >
224.0.0.9.520: RIPv2-resp [items 2]: {10.0.0.0/255.0.0.0}(16)
{10.2.1.1/255.255.255.255}(16) [tos 0xc0] [ttl 1]
20:19:11.069663 e8:8b:21:21:21:21 01:00:5e:00:00:09 0800 186: 10.2.1.1.520 >
224.0.0.9.520: RIPv2-resp [items 7]: {10.1.0.0/255.255.0.0}(16)
{10.1.2.1/255.255.255.255}(16) {10.3.0.0/255.255.0.0}(2)
{10.3.2.1/255.255.255.255}(2) {10.4.0.0/255.255.0.0}(2)
{10.4.2.1/255.255.255.255}(2) {10.5.0.0/255.255.0.0}(2) [tos 0xc0] [ttl 1]
20:19:14.689247 fe:e1:ba:d1:c2:8b 01:00:5e:00:00:09 0800 86: 10.1.2.1.520 >
224.0.0.9.520: RIPv2-resp [items 2]: {10.0.0.0/255.0.0.0}(16)
{10.2.1.1/255.255.255.255}(16) [tos 0xc0] [ttl 1]
Here are the routing tables:
r1# route -n show -inet
Routing tables
Internet:
DestinationGatewayFlags Refs Use Mtu Prio Iface
default104.167.241.193UGS9 1107616 - 8 em1
224/4 127.0.0.1 URS0 705 32768 8 lo0
10/8 10.2.1.1 UGS024272 - 8 vport11
10.1/1610.1.2.1 UCn00 - 4 vport11
10.1.2.1 fe:e1:ba:d1:c2:8b UHLl 0 496 - 1 vport11
10.1.255.255 10.1.2.1 UHb00 - 1 vport11
10.2.1.1 e8:8b:21:21:21:21 UHLch 1 6735 - 7 vport11
10.2.1.1 link#12UHCS 10 - 8 vport11
104.167.241.192/26 104.167.241.211UCn1 286888 - 4 em1
104.167.241.193ac:1f:6b:fe:ca:98 UHLch 3 138477 - 3 em1
104.167.241.21100:25:90:5a:2d:92 UHLl 0 137570 - 1 em1
104.167.241.255104.167.241.211UHb085674 - 1 em1
127/8 127.0.0.1 UGRS 00 32768 8 lo0
127.0.0.1 127.0.0.1 UHhl 2 323253 32768 1 lo0
r2# route -n show -inet
Routing tables
Internet:
DestinationGatewayFlags Refs Use Mtu Prio Iface
224/4 127.0.0.1 URS0 252 32768 8 lo0
10.1/1610.1.2.1 UGS00 - 8 vio0
10.1.2.1 fe:e1:ba:d1:c2:8b UHLch 14 - 7 vio0
10.1.2.1 link#1 UHCS 10 - 8 vio0
10.2/1610.2.1.1 UCPn 02 - 4 vio0
10.2/1610.2.3.1 UCPn 00 - 4 vio1
10.2/1610.2.4.1 UCPn 00 - 4 vio2
10.2.1.1 e8:8b:21:21:21:21 UHLl 08 - 1 vio0
10.2.3.1 e8:8b:23:23:23:23 UHLl 0 10 - 1 vio1
10.2.4.1 e8:8b:24:24:24:24 UHLl 07 - 1 vio2
10.2.255.255 10.2.1.1 UHPb 00 - 1 vio0
10.2.255.255 10.2.3.1 UHPb 00 - 1 vio1
10.2.255.255 10.2.4.1 UHPb 00 - 1 vio2
10.3/1610.3.2.1 UGS00 - 8 vio1
10.3.2.1 e8:8b:32:32:32:32 UHLch 28 - 7 vio1
10.3.2.1 link#2 UHCS 10 - 8 vio1
10.4/1610.4.2.1 UGS00 - 8 vio2
10.4.2.1 link#3 UHLch 12 - 7 vio2
10.4.2.1 link#3 UHCS 10 - 8 vio2
10.5/1610.3.2.1 UGS01 - 8 vio1
127/8 127.0.0.1 UGRS 00 32768 8 lo0
127.0.0.1 127.0.0.1 UHhl 12 32768 1 lo0
Anyone have suggestions for what is wrong with my configuration?
--
jrmu
IRCNow (https://ircnow.org)
Re: Packet filter can't NAT devices 2 hops away?
Greetings, Thanks so much to Zeloff and Stuart Henderson; I managed to solve the problem. > Standard PF diagnosis tools are to add "log" to various rules, or add > "match log(matches)" to the top of the ruleset, and tcpdump -nei pflog0, > but N.B. due to a bug in (iirc) 7.3 to 7.5 the rule numbers printed by > tcpdump will be wrong if you have any anchors in the ruleset - that's > fixed in -current. After logging all icmp packets and running tcpdump on pflog0, I realized that packet filter was filtering R5's packets on the veb35 interface. The problem I made was setting the veb interfaces to link1. This caused packet filter to filter them really early in some way I didn't expect. Once I remove link1 from the veb interfaces, NAT works just fine now. So it was my configuration error, thanks again. -- jrmu IRCNow (https://ircnow.org)
Re: Packet filter can't NAT devices 2 hops away?
Greetings,
> Check your pf rules carefully. And check your routing/bridging config
> carefully, this setup with loads of veb and whatever vports certainly
> makes things more complicated. Do you actually need it, what are you
> trying to achieve with it? Simplify if you can. As far as I'm concerned
> ridging on pf boxes would be a special case that I'd try to avoid unless
> there's no alternative.
Here is my complete pf.conf:
# $OpenBSD: pf.conf,v 1.55 2017/12/03 20:40:04 sthen Exp $
#
# See pf.conf(5) and /etc/examples/pf.conf
set skip on lo
block return# block stateless traffic
pass# establish keep-state
# By default, do not permit remote connections to X11
block return in on ! lo0 proto tcp to port 6000:6010
# Port build user does not need network
block return out log proto {tcp udp} user _pbuild
match out log on em1 from 10/8 to any nat-to 104.167.241.211
It's basically just the default pf.conf with that rule added to the end
(I removed any dynamic lookups as you suggested).
Here is the complete routing table if it helps:
Routing tables
Internet:
DestinationGatewayFlags Refs Use Mtu Prio Iface
default104.167.241.193UGS 11 5198051 - 8 em1
224/4 127.0.0.1 URS0 193 32768 8 lo0
10/8 10.2.1.1 UGS0 1201 - 8 vport11
10.1/1610.1.2.1 UCn00 - 4 vport11
10.1.2.1 fe:e1:ba:dc:65:83 UHLl 0 940 - 1 vport11
10.1.255.255 10.1.2.1 UHb00 - 1 vport11
10.2.1.1 e8:8b:21:21:21:21 UHLch 1 2250 - 7 vport11
10.2.1.1 link#154 UHCS 10 - 8 vport11
104.167.241.192/26 104.167.241.211UCn1 1532666 - 4 em1
104.167.241.48/29 104.167.241.49 UCn6 63 - 4 vport0
104.167.241.48 link#11UHLc 0 115 - 3 vport0
104.167.241.49 fe:e1:ba:d0:b5:eb UHLl 0 557652 - 1 vport0
104.167.241.50 e8:8b:27:7b:7a:00 UHLc 0 1780557 - 3 vport0
104.167.241.51 link#11UHRLc 0 101 - 3 vport0
104.167.241.52 link#11UHLc 0 109 - 3 vport0
104.167.241.53 link#11UHLc 0 162 - 3 vport0
104.167.241.54 e8:8b:27:7b:7a:01 UHLc 0 2466471 - 3 vport0
104.167.241.55 104.167.241.49 UHb0 127949 - 1 vport0
104.167.241.193ac:1f:6b:fe:ca:98 UHLch 2 783055 - 3 em1
104.167.241.21100:25:90:5a:2d:92 UHLl 0 842125 - 1 em1
104.167.241.255104.167.241.211UHb0 484601 - 1 em1
127/8 127.0.0.1 UGRS 00 32768 8 lo0
127.0.0.1 127.0.0.1 UHhl 2 1839573 32768 1 lo0
> Standard PF diagnosis tools are to add "log" to various rules, or add
> "match log(matches)" to the top of the ruleset, and tcpdump -nei pflog0,
> but N.B. due to a bug in (iirc) 7.3 to 7.5 the rule numbers printed by
> tcpdump will be wrong if you have any anchors in the ruleset - that's
> fixed in -current.
When I run $ ping 1.1.1.1 on R2, I run this tcpdump on the host and I
see the packet matching:
host# tcpdump -ne -i pflog0 'host 1.1.1.1'
tcpdump: WARNING: snaplen raised from 116 to 160
tcpdump: listening on pflog0, link-type PFLOG
13:05:33.555191 rule 5/(match) match out on em1: 10.2.1.1 > 1.1.1.1: icmp: echo
request
^C
1 packets received by filter
0 packets dropped by kernel
But when I run ping 1.1.1.1 on R5, I run tcpdump on the host and I don't
see any matches:
host# tcpdump -ne -i pflog0 'host 1.1.1.1'
tcpdump: WARNING: snaplen raised from 116 to 160
tcpdump: listening on pflog0, link-type PFLOG
^C
0 packets received by filter
0 packets dropped by kernel
When I run tcpdump on the em1 interface instead of on pflog0, I see R5's
pings matching:
host# tcpdump -ne -i em1 'host 1.1.1.1'
tcpdump: listening on em1, link-type EN10MB
13:06:02.019325 00:25:90:5a:2d:92 ac:1f:6b:fe:ca:98 0800 98: 10.5.3.1 >
1.1.1.1: icmp: echo request
13:06:03.019307 00:25:90:5a:2d:92 ac:1f:6b:fe:ca:98 0800 98: 10.5.3.1 >
1.1.1.1: icmp: echo request
^C
The hardware addresses are also correct, that's the hardware address
from the host's em1 interface to the default gateway. So the packets are
being sent, but NAT is not being performed, and I have no idea why.
--
jrmu
IRCNow (https://ircnow.org)
Re: Packet filter can't NAT devices 2 hops away?
Ah, the picture I drew did not make it clear. The bridges connect different interfaces. For example, R3 is connected to veb35 on an interface with IP 10.3.5.1, but R3 is connected to veb34 on a separate interface with IP 10.3.4.1. The chart didn't make it clear enough, but no three nodes are in the same broadcast domain, so it's not possible to directly send a message from R5 to R1. -- jrmu IRCNow (https://ircnow.org) On Wed, Jul 03, 2024 at 09:39:06PM +0100, Zé Loff wrote: > On Wed, Jul 03, 2024 at 12:43:53PM -0700, jrmu wrote: > > Greetings, > > > > I'm trying to get packet filter to provide NAT for a group of routers I > > set up as follows: > > > > R1 <--> Internet > > 10.1/16 > > ^ > > | > >veb12 > > | > > R2 <--veb23--> R3 <--veb35--> R5 10.5/16 > > 10.2/16 10.3/16 > > ^ ^ > > \/ > > veb24/ > > \ veb34 > > \ / > > > R4 < > > 10.4/16 > > I know this is unrelated to your question, and apologies in advance if > this is a stupid question, but... what is the point of having routers > and subnets if you are veb-ing everything together? > > -- > >
Packet filter can't NAT devices 2 hops away?
Greetings, I'm trying to get packet filter to provide NAT for a group of routers I set up as follows: R1 <--> Internet 10.1/16 ^ | veb12 | R2 <--veb23--> R3 <--veb35--> R5 10.5/16 10.2/16 10.3/16 ^ ^ \/ veb24/ \ veb34 \ / > R4 < 10.4/16 At R1, I have this packet filter rule to perform NAT on packets going to the Internet: match out on egress from !(egress:network) to any nat-to (egress:0) When I run $ ping 1.1.1.1 from R2, packets are successfully NAT'd to the public IP address, and ping works. However, when I run $ ping 1.1.1.1 from any other node (R3, R4, or R5), the packets are sent to R1 but not properly NAT'd. Here is what I see when I run tcpdump on the egress interface: host# tcpdump -ne -i em1 'host 1.1.1.1' tcpdump: listening on em1, link-type EN10MB 14:34:25.531207 00:25:90:5a:2d:92 ac:1f:6b:fe:ca:98 0800 98: 10.5.3.1 > 1.1.1.1: icmp: echo request 14:34:26.549336 00:25:90:5a:2d:92 ac:1f:6b:fe:ca:98 0800 98: 10.5.3.1 > 1.1.1.1: icmp: echo request 14:34:27.549307 00:25:90:5a:2d:92 ac:1f:6b:fe:ca:98 0800 98: 10.5.3.1 > 1.1.1.1: icmp: echo request 14:34:28.549275 00:25:90:5a:2d:92 ac:1f:6b:fe:ca:98 0800 98: 10.5.3.1 > 1.1.1.1: icmp: echo request The ping from node R5 is properly routed to R1, and is being sent out the egress interface, but for some reason, R1 is not properly performing NAT. NAT seems only to work for devices directly connected to R1. I don't believe the issue is with routing, but in case it helps, here are the relevant routing tables: Routing tables Internet: DestinationGatewayFlags Refs Use Mtu Prio Iface default104.167.241.193UGS 11 4606309 - 8 em1 224/4 127.0.0.1 URS0 175 32768 8 lo0 10/8 10.2.1.1 UGS05 - 8 vport11 10.1/1610.1.2.1 UCn00 - 4 vport11 10.1.2.1 fe:e1:ba:dc:65:83 UHLl 0 13 - 1 vport11 10.1.255.255 10.1.2.1 UHb00 - 1 vport11 10.2.1.1 e8:8b:21:21:21:21 UHLch 1 347 - 7 vport11 10.2.1.1 link#154 UHCS 10 - 8 vport11 104.167.241.192/26 104.167.241.211UCn2 1412997 - 4 em1 104.167.241.193ac:1f:6b:fe:ca:98 UHLch 1 669180 - 3 em1 104.167.241.2108a:2c:1c:4a:15:f4 UHLc 0 1412439 - 3 em1 104.167.241.21100:25:90:5a:2d:92 UHLl 0 766416 - 1 em1 104.167.241.255104.167.241.211UHb0 449707 - 1 em1 127/8 127.0.0.1 UGRS 00 32768 8 lo0 127.0.0.1 127.0.0.1 UHhl 2 1707666 32768 1 lo0 -- jrmu IRCNow (https://ircnow.org)
Re: How to configure vlans with vmm
Greetings, > Each switch you define in vm.conf is isolated by itself (and shows up as > a veb device on the host). So if you want to keep your VMs isolated, > you don't need to worry about VLANs at the VM level. Thanks, that's exactly what I had suspected. In my case, the default gateway for the virtual machines is a vport I created on the host, and I will create one switch per virtual machine, so there seems no benefit from using VLANs. It sounds like VLAN tagging is useful for when a single router is acting as the default gateway for virtual machines on multiple separate host. -- jrmu IRCNow (https://ircnow.org) signature.asc Description: PGP signature
Re: How to configure vlans with vmm
Greetings, > You don't have the vlan tag/trunk/id inside of the VM. > On the host you have to "terminate" the vlan and map them to a veb or > veb/vport. > As was mentioned in another post, vport isn't mandatory, you can also do > with just veb. OK, so if I understand correctly, vlans are used then if you have a default gateway that is not on the host itself, and the virtual machines have their packets tagged by the host and then relayed to the router, which removes the vlan tags. Right now, I am having the host itself create a vport which acts as default gateway, so I suppose there is no benefit for me in using vlan tagging. I did manage to figure out how to add vlan tags at the host and remove vlan tags inside the virtual machine, but this is probably not the right setup: https://wiki.ircnow.org/index.php?n=Vlan.Configure I'll keep researching, thanks again for your help. -- jrmu IRCNow (https://ircnow.org) signature.asc Description: PGP signature
Re: How to configure vlans with vmm
I tried the previously suggested setups with veb(4) but couldn't get it
to work, so I decided to start with simpler configurations to at least
figure out how to use vlan(4).
These experiments, though, have also failed. I'm attempting to use vlan
with vmm but making a mistake somewhere. Networking without vlans
works, but as soon as I create vlans, it fails. Anyone able to provide
hints?
Here is the original working configuration:
First, the host/hypervisor:
# cat /etc/vm.conf
socket owner :vmdusers
switch "switch1" {
locked lladdr
interface bridge0
}
bsdiso="/home/iso/install75.iso"
vm "jrmu" {
owner jrmu
memory 2G
cdrom $bsdiso
disk /home/jrmu/jrmu.qcow2 format qcow2
interface tap1 {
locked lladdr e8:8b:27:7b:7a:02
switch "switch1"
}
}
# cat /etc/hostname.bridge0
add vether0
# cat /etc/hostname.vether0
inet 104.167.241.53 0xfff8
up
# cat /etc/hostname.em1
inet 104.167.241.211 0xffc0
inet6 2602:fccf:400:41::1 64
!route add -inet6 2602:fccf:400::1 -cloning -link -iface em1
!route add -inet6 default 2602:fccf:400::1
# ifconfig
lo0: flags=2008049 mtu 32768
index 4 priority 0 llprio 3
groups: lo
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
inet 127.0.0.1 netmask 0xff00
em0: flags=8802 mtu 1500
lladdr 00:25:90:5a:2d:93
index 1 priority 0 llprio 3
media: Ethernet autoselect (none)
status: no carrier
em1: flags=8843 mtu 1500
lladdr 00:25:90:5a:2d:92
index 2 priority 0 llprio 3
groups: egress
media: Ethernet autoselect (1000baseT full-duplex,master)
status: active
inet 104.167.241.211 netmask 0xffc0 broadcast 104.167.241.255
inet6 fe80::225:90ff:fe5a:2d92%em1 prefixlen 64 scopeid 0x2
inet6 2602:fccf:400:41::1 prefixlen 64
enc0: flags=0<>
index 3 priority 0 llprio 3
groups: enc
status: active
bridge0: flags=41 mtu 1500
description: switch1-switch1
index 5 llprio 3
groups: bridge
priority 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp
tap1 flags=3
port 8 ifpriority 0 ifcost 0
vether0 flags=3
port 6 ifpriority 0 ifcost 0
vether0: flags=8943 mtu 1500
lladdr fe:e1:ba:d0:bc:f9
index 6 priority 0 llprio 3
groups: vether
media: Ethernet autoselect
status: active
inet 104.167.241.53 netmask 0xfff8 broadcast 104.167.241.55
pflog0: flags=141 mtu 33136
index 7 priority 0 llprio 3
groups: pflog
tap1: flags=8943 mtu 1500
lladdr fe:e1:ba:d1:13:c3
description: vm1-if0-jrmu
index 8 priority 0 llprio 3
groups: tap
status: active
# route -n show -inet
Routing tables
Internet:
DestinationGatewayFlags Refs Use Mtu Prio Iface
default104.167.241.193UGS2 845 - 8 em1
224/4 127.0.0.1 URS00 32768 8 lo0
47.103.216.95 104.167.241.193UGHD 1 755 - L 8 em1
104.167.241.192/26 104.167.241.211UCn1 545 - 4 em1
104.167.241.48/29 104.167.241.53 UCn60 - 4 vether0
104.167.241.48 link#6 UHLc 0 20 - 3 vether0
104.167.241.49 link#6 UHRLc 0 59 - 3 vether0
104.167.241.50 link#6 UHRLc 0 88 - 3 vether0
104.167.241.51 e8:8b:27:7b:7a:02 UHLc 0 183 - 3 vether0
104.167.241.52 link#6 UHRLc 0 64 - 3 vether0
104.167.241.53 fe:e1:ba:d0:db:10 UHLl 0 27 - 1 vether0
104.167.241.54 link#6 UHRLc 0 68 - 3 vether0
104.167.241.55 104.167.241.53 UHb0 12 - 1 vether0
104.167.241.193ac:1f:6b:fe:ca:98 UHLch 2 277 - 3 em1
104.167.241.21100:25:90:5a:2d:92 UHLl 0 127 - 1 em1
104.167.241.255104.167.241.211UHb0 61 - 1 em1
127/8 127.0.0.1 UGRS 00 32768 8 lo0
127.0.0.1 127.0.0.1 UHhl 2 280 32768 1 lo0
Inside the virtual machine:
jrmu# cat /etc/hostname.vio0
inet 104.167.241.51 0xfff8
up
jrmu# cat /etc/mygate
104.167.241.53
Connectivity works fine:
jrmu# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 8.8.8.8: icmp_seq=0 ttl=114 time=7.205 ms
64 bytes from 8.8.8.8: icmp_seq=1 ttl=114 time=7.272 ms
However, here is what I see after I setup vlan
Re: How to configure vlans with vmm
I attempted to follow the advice posted, but perhaps misunderstood somewhere.
I attempted to assign the IP address to vlan0 inside the virtual machine
(104.167.241.51). Needless to say this did not work, but I am not quite sure
what the correct configuration is. Any help would be greatly welcome:
$ doas cat /etc/vm.conf
socket owner :vmdusers
switch "switch1" {
locked lladdr
interface veb1
}
bsdiso="/home/iso/install75.iso"
vm "jrmu" {
owner jrmu
memory 2G
cdrom $bsdiso
disk /home/jrmu/jrmu.qcow2 format qcow2
interface tap1 {
locked lladdr e8:8b:27:7b:7a:02
switch "switch0"
}
}
$ doas cat /etc/hostname.veb1
add vlan0
add vlan1
link1
$ doas cat /etc/hostname.vlan0
vnetid 100 parent em1
lladdr fe:e1:ba:d0:84:0e
up
$ doas cat /etc/hostname.vlan1
vnetid 100 parent tap1
lladdr fe:e1:ba:d0:84:0f
up
$ doas cat /etc/hostname.em1
inet 104.167.241.211 0xffc0
inet6 2602:fccf:400:41::1 64
!route add -inet6 2602:fccf:400::1 -cloning -link -iface em1
!route add -inet6 default 2602:fccf:400::1
$ ifconfig
em1: flags=8b43 mtu
1500
lladdr 00:25:90:5a:2d:92
index 2 priority 0 llprio 3
groups: egress
media: Ethernet autoselect (1000baseT full-duplex)
status: active
inet 104.167.241.211 netmask 0xffc0 broadcast 104.167.241.255
inet6 fe80::225:90ff:fe5a:2d92%em1 prefixlen 64 scopeid 0x2
inet6 2602:fccf:400:41::1 prefixlen 64
veb1: flags=a843
description: switch2-switch1
index 6 llprio 3
groups: veb
vlan0 flags=3
port 7 ifpriority 0 ifcost 0
vlan1 flags=3
port 8 ifpriority 0 ifcost 0
vlan0: flags=8943 mtu 1500
lladdr fe:e1:ba:d0:84:0e
index 7 priority 0 llprio 3
encap: vnetid 100 parent em1 txprio packet rxprio outer
groups: vlan
media: Ethernet autoselect (1000baseT full-duplex)
status: active
vlan1: flags=8102 mtu 1500
lladdr fe:e1:ba:d0:84:0f
index 8 priority 0 llprio 3
encap: vnetid 100 parent none txprio packet rxprio outer
groups: vlan
status: no carrier
vport1: flags=8843 mtu 1500
lladdr fe:e1:ba:d1:85:30
index 10 priority 0 llprio 3
groups: vport
inet 104.167.241.51 netmask 0xfff8 broadcast 104.167.241.55
inet6 fe80::fce1:baff:fed1:8530%vport1 prefixlen 64 scopeid 0xa
inet6 2602:fccf:4:51:: prefixlen 48
tap1: flags=8943 mtu 1500
lladdr fe:e1:ba:d7:82:a2
description: vm2-if0-jrmu
index 17 priority 0 llprio 3
groups: tap vms
status: active
Inside the virtual machine jrmu:
jrmu# cat /etc/hostname.vio0
up
jrmu# cat /etc/hostname.vlan0
vnetid 100 parent vio0
inet 104.167.241.51 0xff00
inet6 2602:fccf:4:51:: 64
!route add 104.167.241.211 -cloning -link -iface vlan0
!route add default 104.167.241.211
!route add -inet6 2602:fccf:4::1 -cloning -link -iface vlan0
!route add -inet6 default 2602:fccf:4::1
up
jrmu# ifconfig
lo0: flags=2008049 mtu 32768
index 3 priority 0 llprio 3
groups: lo
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
inet 127.0.0.1 netmask 0xff00
vio0: flags=8b43 mtu
1500
lladdr e8:8b:27:7b:7a:02
index 1 priority 0 llprio 3
media: Ethernet autoselect
status: active
enc0: flags=0<>
index 2 priority 0 llprio 3
groups: enc
status: active
vether0: flags=8843 mtu 1500
lladdr fe:e1:ba:d0:8c:a9
index 4 priority 0 llprio 3
groups: vether
media: Ethernet autoselect
status: active
inet 10.0.0.2 netmask 0xff00 broadcast 10.255.255.255
inet6 fe80::fce1:baff:fed0:8ca9%vether0 prefixlen 64 scopeid 0x4
inet6 fc00::2 prefixlen 7
vlan0: flags=8843 mtu 1500
lladdr e8:8b:27:7b:7a:02
index 5 priority 0 llprio 3
encap: vnetid 100 parent vio0 txprio packet rxprio outer
groups: vlan egress
media: Ethernet autoselect
status: active
inet 104.167.241.51 netmask 0xff00 broadcast 104.167.241.255
inet6 fe80::ea8b:27ff:fe7b:7a02%vlan0 prefixlen 64 scopeid 0x5
inet6 2602:fccf:4:51:: prefixlen 64
pflog0: flags=141 mtu 33136
index 6 priority 0 llprio 3
groups: pflog
--
jrmu
IRCNow (https://ircnow.org)
signature.asc
Description: PGP signature
Re: How to configure vlans with vmm
> TL,DR: add the VLAN interface to the veb device configured in /etc/vm.conf > > It depends a bit on the role you want your vmm host to play in that > network. Everything written below refers to the host, unless otherwise > specified. Thanks. I think I follow the basic idea of the setup. However, it appears to me that the virtual machine interfaces, which vm.conf(5) appears to constrain to be tap(4) interfaces, will not automatically have their vnet id set. Instead, each virtual machine will need to create its own vlan interface. Is there any way to avoid forcing the virtual machine to do that? To handle this entirely by the host? -- jrmu IRCNow (https://ircnow.org) signature.asc Description: PGP signature
Re: How to configure vlans with vmm
One more question I forgot to ask: How do you get the virtual machines to use your vport800/vport880 interfaces? From what I see in vm.conf(5), the virtual machines are required to use tap(4) interfaces. -- jrmu IRCNow (https://ircnow.org) signature.asc Description: PGP signature
Re: How to configure vlans with vmm
Thanks for your help. I think I follow your logic. If I understand correctly, each virtual machine needs its own vlan and its own virtual switch? So the host running vmm needs to create N number of vlans for its interface (in your example mcx0) for each of the N vitrual machines, and we need to create N switches. I think this is making sense now. Seems a bit complex, but I'm guessing it's best practice for security. -- jrmu IRCNow (https://ircnow.org) signature.asc Description: PGP signature
How to configure vlans with vmm
How can I configure vmm to use vlans for virtual machines? I saw openbsd.amsterdam * use this, but I am not sure how to replicate it. As I understand it, vmm creates a tap(4) interface for each virtual machine, and all tap interfaces are then placed inside the switch defined in vm.conf, which in my case is veb(4). To set up the virtual machines, would I want to create a vlan(4) device for each virtual machine, and have the machine use that? And then to add the vlan device onto the veb bridge? * https://openbsd.amsterdam/setup.html -- jrmu IRCNow (https://ircnow.org) signature.asc Description: PGP signature
Re: Issue bridging vport and tap interfaces with veb
> There is a big battle over implicit vs expicit up. Especially since the > way it is done is by hacking up every interface ioctl routine. > So depending on which side did the driver it may do the up or not. I noticed this in ifconfig(8): up Mark an interface “up”. This may be used to enable an interface after an ifconfig down. It happens automatically when setting the first address on an interface. If the interface was reset when previously marked down, the hardware will be re-initialized. Perhaps there should be a special note in the veb(4) manual page? -- jrmu IRCNow (https://ircnow.org) signature.asc Description: PGP signature
Re: Issue bridging vport and tap interfaces with veb
> This interface is not UP. Not sure why. Thank you! This was indeed the cause. I appended "up" to /etc/hostname.vport0 and everything works now. Most interfaces get turned on automatically, I wonder why vport(4) does not. In any case, it's solved, thanks so much. -- jrmu IRCNow (https://ircnow.org) signature.asc Description: PGP signature
Issue bridging vport and tap interfaces with veb
Greetings,
I am having a hard time figuring out how to bridge vport(4) and tap(4)
interfaces.
Previously, I had set up vmm with bridge(4) and vether(4), and all was
working well. However, I recently heard that veb(4) has better
performance, so I tried to replace my bridge0 and vether0 with veb0 and
vport0 respectively, but now it's failing.
This I think is due how "to veb takes over the operation of the interfaces
that are added as ports" but I'm not sure how to fix it.
When I try to use one of the VM IPs (like 104.167.241.51) it is unable to
reach the IP assigned to vport0 (104.167.241.49) even though ip4 packet
forwarding has been enabled.
Here are the configurations and networking output:
$ cat /etc/hostname.veb0
add vport0
$ cat /etc/hostname.vport0
inet 104.167.241.49 0xfff8
inet6 2602:fccf:4::1 48
$ cat /etc/vm.conf
socket owner :vmdusers
switch "switch0" {
group vms
locked lladdr
interface veb0
}
bsdiso="/home/iso/install75.iso"
vm "mattbsd" {
owner matt
memory 8G
cdrom $bsdiso
disk /home/matt/disks/openbsd.qcow2 format qcow2
interface tap0 {
locked lladdr e8:8b:27:7b:7a:01
switch "switch0"
}
}
vm "jrmu" {
owner jrmu
memory 2G
cdrom $bsdiso
disk /home/jrmu/jrmu.qcow2 format qcow2
interface tap1 {
locked lladdr e8:8b:27:7b:7a:02
switch "switch0"
}
}
vm "errorbsd" {
owner matt
memory 8G
cdrom $bsdiso
disk /home/matt/disks/errorbsd.qcow2 format qcow2
interface tap2 {
locked lladdr e8:8b:27:7b:7a:03
switch "switch0"
}
}
vm "jrmu2" {
owner jrmu
memory 2G
cdrom $bsdiso
disk /home/jrmu/jrmu2.qcow2 format qcow2
interface tap3 {
locked lladdr e8:8b:27:7b:7a:04
switch "switch0"
}
}
$ route -n show -inet
Routing tables
Internet:
DestinationGatewayFlags Refs Use Mtu Prio Iface
default104.167.241.193UGS4 534 - 8 em1
224/4 127.0.0.1 URS00 32768 8 lo0
104.167.241.192/26 104.167.241.211UCn1 248 - 4 em1
104.167.241.48/29 104.167.241.49 Cn 60 - 4 vport0
104.167.241.48 link#6 HLc0 56 - 3 vport0
104.167.241.49 fe:e1:ba:d0:a5:db UHLl 0 23 - 1 vport0
104.167.241.50 link#6 HLc0 148 - 3 vport0
104.167.241.51 link#6 HLc0 132 - 3 vport0
104.167.241.52 link#6 HLc0 104 - 3 vport0
104.167.241.53 link#6 HLc0 88 - 3 vport0
104.167.241.54 link#6 HLc0 228 - 3 vport0
104.167.241.55 104.167.241.49 Hb 0 78 - 1 vport0
104.167.241.193ac:1f:6b:fe:ca:98 UHLch 1 124 - 3 em1
104.167.241.21100:25:90:5a:2d:92 UHLl 0 92 - 1 em1
104.167.241.255104.167.241.211UHb0 82 - 1 em1
127/8 127.0.0.1 UGRS 00 32768 8 lo0
127.0.0.1 127.0.0.1 UHhl 2 358 32768 1 lo0
lo0: flags=2008049 mtu 32768
index 4 priority 0 llprio 3
groups: lo
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
inet 127.0.0.1 netmask 0xff00
em0: flags=8802 mtu 1500
lladdr 00:25:90:5a:2d:93
index 1 priority 0 llprio 3
media: Ethernet autoselect (none)
status: no carrier
em1: flags=8843 mtu 1500
lladdr 00:25:90:5a:2d:92
index 2 priority 0 llprio 3
groups: egress
media: Ethernet autoselect (1000baseT full-duplex,master)
status: active
inet 104.167.241.211 netmask 0xffc0 broadcast 104.167.241.255
inet6 fe80::225:90ff:fe5a:2d92%em1 prefixlen 64 scopeid 0x2
inet6 2602:fccf:400:41::1 prefixlen 64
enc0: flags=0<>
index 3 priority 0 llprio 3
groups: enc
status: active
veb0: flags=8843
description: switch1-switch0
index 5 llprio 3
groups: veb
vport0 flags=3
port 6 ifpriority 0 ifcost 0
tap0 flags=3
port 8 ifpriority 0 ifcost 0
tap1 flags=3
port 9 ifpriority 0 ifcost 0
tap2 flags=3
port 10 ifpriority 0 ifcost 0
tap3 flags=3
port 11 ifpriority 0 ifcost 0
vport0: flags=8902 mtu 1500
lladdr fe:e1:ba:d0:a5:db
index 6 priority 0 llprio 3
groups: vport
inet 104.167.241.49 netmask 0xfff8 broadcast 104.167.241.55
inet6 fe80::fce1:baff:fed0:a5db%vport0 prefixlen 64 scopeid 0x6
Re: IPv6 routing problems with vether and vmm
> When you manage a hypervisor, using only 1x/64 is less than ideal. It's just > not enough because you can have more than 1 'type of usage'. I always > request at least 1x/56. Thanks. I spoke with the ISP and he gave me a larger subnet, 2602:fccf:4::/48, I've been experimenting it by manually adding the route and it seems to have worked. -- jrmu IRCNow (https://ircnow.org) signature.asc Description: PGP signature
Re: OpenBSD 7.4 in virtualize env
> Sometimes, rarely, across multiple version ( did not see it in 7.5 so far ) > the log `scsi_xfer pool exhausted` just get spammed forever, > > It doesn't crash, the device just spam the message , so it s active > > I do not have a way to create the problem , but, > i wonder if the code could be modified so the device just drop to DDB >Did you run out of memory / swap perhaps? I have noticed that occurring when my system runs out of swap space. -- jrmu IRCNow (https://ircnow.org) signature.asc Description: PGP signature
Re: IPv6 routing problems with vether and vmm
Greetings, > > I also don't control the entire /48. > > > > Here is the information I was given: > > > > My IPv6 Address Subnet: 2602:fccf:400:41::/64 > > Hypervisor' IPv6 Gateway: 2602:fccf:400::1 > > > > I was only given a /64. > > So you should use a /64 prefix length not the /48 which you have. > > See EXAMPLES in route(8) for how to set the gateway. Please excuse my ignorance here, as I am unfamiliar with networking. Can you explain why /64 is the correct prefix length? I am confused because it seems not analogous to IPv4. In the IPv4 example, my address is 104.167.241.211, the gateway is 104.167.241.193, and the subnet mask 255.255.255.192. The network length then is /26. I don't control the entire /26 subnet, only one single IPv4 address within it, but my network would have a prefix length of /26. Isn't using a prefix length of /48 the same in the case of IPv6? I don't control the entire /48, but the gateway 2602:fccf:400::1 shares the first 48 network bits with my IPv6 address 2602:fccf:400:41:: If I were to set the routing prefix length to 64, then I could manually add an extra route to the IPv6 gateway. But then, wouldn't I want to set my IPv4 address with a subnet mask of 255.255.255.255, so that the network length would be 32 rather than 26, and also add a manual route there? -- jrmu IRCNow (https://ircnow.org) signature.asc Description: PGP signature
Re: IPv6 routing problems with vether and vmm
Greetings, > > Here is my configuration: > > > Inside hypervisor: > > > hypervisor$ cat /etc/hostname.em1 > > inet 104.167.241.211 0xffc0 > > inet6 2602:fccf:400:41:: 48 > > Why are you using 48 as mask here and not 64? I don't have control over the hypervisor's gateway, that is provided by my ISP. > Your gateway must have a (static) route saying we can reach 2602:fccf::/36 > (or a any smaller subnet you will use in your hypervisor) via > em1.IPv6.address. I will pick 2602:fccf:400::/48 as the block you plan to > use for all your VMs. I also don't control the entire /48. Here is the information I was given: My IPv6 Address Subnet: 2602:fccf:400:41::/64 Hypervisor' IPv6 Gateway: 2602:fccf:400::1 I was only given a /64. Thanks for your help. -- jrmu IRCNow (https://ircnow.org) signature.asc Description: PGP signature
IPv6 routing problems with vether and vmm
Greetings, I'm running into issues with IPv6 networking using vmm with an openbsd guest, both running OpenBSD 7.5. Setup and diagnostic info here: https://paste.ircnow.org/05ejwpmf4hi74xuz0h2n I am setting up an openbsd virtual machine inside vmm using this configuration: https://wiki.ircnow.org/?n=Vmm.Configure IPv4 networking inside the virtual machine works fine, but IPv6 is failing. I can use the hypervisor's IPv6 address 2602:fccf:400:41:: but am unable to use IPv6 from the virtual machines. Here is my configuration: Inside hypervisor: hypervisor$ cat /etc/hostname.em1 inet 104.167.241.211 0xffc0 inet6 2602:fccf:400:41:: 48 hypervisor$ cat /etc/mygate 104.167.241.193 2602:fccf:400::1 hypervisor$ cat /etc/hostname.vether0 inet 104.167.241.49 255.255.255.248 inet6 2602:fccf:400:41::1 64 hypervisor$ cat /etc/hostname.bridge0 add vether0 Inside virtual machine: vm# cat /etc/hostname.vio0 inet 104.167.241.51 0xffc0 inet6 2602:fccf:400:41:51:: 64 vm# cat /etc/mygate 104.167.241.49 2602:fccf:400:41::1 Hypervisor ifconfig, route, arp, and ndp: hypervisor$ ifconfig lo0: flags=2008049 mtu 32768 index 4 priority 0 llprio 3 groups: lo inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4 inet 127.0.0.1 netmask 0xff00 em0: flags=8802 mtu 1500 lladdr 00:25:90:5a:2d:93 index 1 priority 0 llprio 3 media: Ethernet autoselect (none) status: no carrier em1: flags=8843 mtu 1500 lladdr 00:25:90:5a:2d:92 index 2 priority 0 llprio 3 groups: egress media: Ethernet autoselect (1000baseT full-duplex) status: active inet 104.167.241.211 netmask 0xffc0 broadcast 104.167.241.255 inet6 fe80::225:90ff:fe5a:2d92%em1 prefixlen 64 scopeid 0x2 inet6 2602:fccf:400:41:: prefixlen 48 enc0: flags=0<> index 3 priority 0 llprio 3 groups: enc status: active bridge0: flags=41 mtu 1500 description: switch1-switch0 index 5 llprio 3 groups: bridge priority 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp tap1 flags=3 port 15 ifpriority 0 ifcost 0 tap2 flags=3 port 10 ifpriority 0 ifcost 0 tap0 flags=3 port 8 ifpriority 0 ifcost 0 vether0 flags=3 port 6 ifpriority 0 ifcost 0 vether0: flags=8943 mtu 1500 lladdr fe:e1:ba:d0:6f:27 index 6 priority 0 llprio 3 groups: vether media: Ethernet autoselect status: active inet 104.167.241.49 netmask 0xfff8 broadcast 104.167.241.55 inet6 fe80::fce1:baff:fed0:6f27%vether0 prefixlen 64 scopeid 0x6 inet6 2602:fccf:400:41::1 prefixlen 64 pflog0: flags=141 mtu 33136 index 7 priority 0 llprio 3 groups: pflog tap0: flags=8943 mtu 1500 lladdr fe:e1:ba:d1:76:b7 description: vm1-if0-mattbsd index 8 priority 0 llprio 3 groups: tap status: active tap2: flags=8943 mtu 1500 lladdr fe:e1:ba:d3:f5:02 description: vm3-if0-errorbsd index 10 priority 0 llprio 3 groups: tap status: active tap1: flags=8943 mtu 1500 lladdr fe:e1:ba:d8:99:f9 description: vm2-if0-jrmu index 15 priority 0 llprio 3 groups: tap status: active hypervisor$ route -n show Routing tables Internet: DestinationGatewayFlags Refs Use Mtu Prio Iface default104.167.241.193UGS 1146767 - 8 em1 224/4 127.0.0.1 URS00 32768 8 lo0 104.167.241.192/26 104.167.241.211UCn112147 - 4 em1 104.167.241.48/29 104.167.241.49 UCn60 - 4 vether0 104.167.241.48 link#6 UHLc 0 17 - 3 vether0 104.167.241.49 fe:e1:ba:d0:6f:27 UHLl 0 8098 - 1 vether0 104.167.241.50 e8:8b:27:7b:7a:01 UHLc 0 1439 - 3 vether0 104.167.241.51 e8:8b:27:7b:7a:02 UHLc 022740 - 3 vether0 104.167.241.52 link#6 UHLc 0 84 - 3 vether0 104.167.241.53 link#6 UHLc 0 15 - 3 vether0 104.167.241.54 e8:8b:27:7b:7a:03 UHLc 0 1069 - 3 vether0 104.167.241.55 104.167.241.49 UHb0 1005 - 1 vether0 104.167.241.193ac:1f:6b:fe:ca:98 UHLch 1 5705 - 3 em1 104.167.241.21100:25:90:5a:2d:92 UHLl 0 9427 - 1 em1 104.167.241.255104.167.241.211UHb0 4455 - 1 em1 127/8 127.0.0.1 UGRS 00 32768 8 lo0 127.0.0.1 127.0.0.1 UHhl 12 32768 1 lo0 Internet6: Destination Gateway Flags Ref
RAID5 softraid inside VMM unable to read disklabel
I am practicing setting up RAID5 inside a virtual machine running OpenBSD 7.5 in VMM on OpenBSD 7.4. I created 3 disks sd0, sd1, sd2, and sd3, and 4 disk devices (the fourth to represent the RAID array itself): Welcome to the OpenBSD/amd64 7.5 installation program. (I)nstall, (U)pgrade, (A)utoinstall or (S)hell? s # cd /dev/ # sh MAKEDEV sd0 sd1 sd2 sd3 # fdisk -iy sd0 Writing MBR at offset 0. # fdisk -iy sd1 Writing MBR at offset 0. # fdisk -iy sd2 Writing MBR at offset 0. # disklabel -E sd0 Label editor (enter '?' for help at any prompt) sd0> a a offset: [64] size: [41942976] * FS type: [4.2BSD] RAID sd0*> w sd0> q No label changes. # disklabel sd0 > layout # disklabel -R sd1 layout # disklabel -R sd2 layout # rm layout # bioctl -c 5 -l sd0a,sd1a,sd2a softraid0 sd3 at scsibus4 targ 1 lun 0: sd3: 40959MB, 512 bytes/sector, 83884800 sectors softraid0: RAID 5 volume attached as sd3 # dd if=/dev/zero of=/dev/rsd3c bs=1m count=1 1+0 records in 1+0 records out 1048576 bytes transferred in 0.028 secs (37044791 bytes/sec) And I verified the RAID5 array is online: # bioctl sd3 Volume Status Size Device softraid0 0 Online42949017600 sd3 RAID5 0 Online21474533376 0:0.0 noencl 1 Online21474533376 0:1.0 noencl 2 Online21474533376 0:2.0 noencl The rest of the OpenBSD installation proceeds as usual using sd3 as the installation disk, but upon reboot, I run into this error: >> OpenBSD/amd64 BOOT 3.65 open(sr0a:/etc/boot.conf): can't read disk label boot> cannot open sr0a:/etc/random.seed: can't read disk label booting sr0a:/bsd: open sr0a:/bsd: can't read disk label failed(100). will try /bsd RAID1 worked fine, it's just RAID5 throwing this error at me. -- jrmu IRCNow (https://ircnow.org)
Re: RAID5 softraid inside VMM unable to read disklabel
Please ignore, sibiria on IRC clarified to me that boot support is limited to only RAID1, crypto, and RAID1c disciplines. -- jrmu IRCNow (https://ircnow.org) On Tue, Apr 09, 2024 at 03:50:19PM -0700, jrmu wrote: > I am practicing setting up RAID5 inside a virtual machine running > OpenBSD 7.5 in VMM on OpenBSD 7.4. > > I created 3 disks sd0, sd1, sd2, and sd3, and 4 disk devices (the fourth to > represent the RAID array itself): > > Welcome to the OpenBSD/amd64 7.5 installation program. > (I)nstall, (U)pgrade, (A)utoinstall or (S)hell? s > # cd /dev/ > # sh MAKEDEV sd0 sd1 sd2 sd3 > # fdisk -iy sd0 > Writing MBR at offset 0. > # fdisk -iy sd1 > Writing MBR at offset 0. > # fdisk -iy sd2 > Writing MBR at offset 0. > # disklabel -E sd0 > Label editor (enter '?' for help at any prompt) > sd0> a a > offset: [64] > size: [41942976] * > FS type: [4.2BSD] RAID > sd0*> w > sd0> q > No label changes. > # disklabel sd0 > layout > # disklabel -R sd1 layout > # disklabel -R sd2 layout > # rm layout > # bioctl -c 5 -l sd0a,sd1a,sd2a softraid0 > sd3 at scsibus4 targ 1 lun 0: > sd3: 40959MB, 512 bytes/sector, 83884800 sectors > softraid0: RAID 5 volume attached as sd3 > # dd if=/dev/zero of=/dev/rsd3c bs=1m count=1 > 1+0 records in > 1+0 records out > 1048576 bytes transferred in 0.028 secs (37044791 bytes/sec) > > And I verified the RAID5 array is online: > > # bioctl sd3 > Volume Status Size Device > softraid0 0 Online42949017600 sd3 RAID5 > 0 Online21474533376 0:0.0 noencl > 1 Online21474533376 0:1.0 noencl > 2 Online21474533376 0:2.0 noencl > > The rest of the OpenBSD installation proceeds as usual using sd3 as the > installation disk, but upon reboot, I run into this error: > > >> OpenBSD/amd64 BOOT 3.65 > open(sr0a:/etc/boot.conf): can't read disk label > boot> > cannot open sr0a:/etc/random.seed: can't read disk label > booting sr0a:/bsd: open sr0a:/bsd: can't read disk label > failed(100). will try /bsd > > RAID1 worked fine, it's just RAID5 throwing this error at me. > > -- > jrmu > IRCNow (https://ircnow.org)
Re: No audio playback with azalia0 Intel Braswell HD Audio
> Please use sendbug(1) to make a report, and make sure it includes the > acpidump from the system. > > -peter I hope this helps. Below is the output of sendbug: >Synopsis: No audio playback with azalia0 Intel Braswell HD Audio >Category: Audio bug report >Environment: System : OpenBSD 7.4 Details : OpenBSD 7.4 (GENERIC.MP) #1382: Wed Sep 27 10:51:31 MDT 2023 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP Architecture: OpenBSD.amd64 Machine : amd64 >Description: I am attempting to play audio on an HP Chromebook 11 G5 Setzer, but OpenBSD appears to be missing the necessary codecs. Here's the output I see when using ogg123: $ ogg123 -d sndio Mozart_-_Eine_kleine_Nachtmusik_-_1._Allegro.ogg Audio Device: sndio audio output Playing: Mozart_-_Eine_kleine_Nachtmusik_-_1._Allegro.ogg Ogg Vorbis stream: 2 channel, 44100 Hz Title: ADVENT CHAMBER ORCHESTRA Artist=Roxanna Pavel Goldstein, Musical Director ERROR: Cannot open device sndio. I tried running sndiod in debug mode: bsd$ doas sndiod - snd0 pst=cfg.default: rec=0:1 play=0:1 vol=8388608 dup snd0 pst=cfg.0: rec=0:1 play=0:1 vol=8388608 dup snd1 pst=cfg.1: rec=0:1 play=0:1 vol=8388608 dup snd2 pst=cfg.2: rec=0:1 play=0:1 vol=8388608 dup snd3 pst=cfg.3: rec=0:1 play=0:1 vol=8388608 dup helper(helper|ini): created poll: helper: 1 worker(worker|ini): created listen(/tmp/sndio/sock0|ini): created default/server.device=0:1 at 1 -> opt_dev:default/0: added default/server.device=1:0 at 2 -> opt_dev:default/1: added default/server.device=2:0 at 3 -> opt_dev:default/2: added default/server.device=3:0 at 4 -> opt_dev:default/3: added poll: listen: 1 worker: 1 sock(sock|ini): created listen(/tmp/sndio/sock0|ini): processed in 226us worker(worker|ini): processed in 1us sock,rmsg,widl: no messages to build anymore, idling... poll: sock: 1 listen: 1 worker: 1 helper: recv: cmd = 0, num = 0, mode = 3, fd = -1 helper: send: cmd = 3, num = 0, mode = 0, fd = -1 helper(helper|ini): processed in 339us poll: helper: 1 helper: recv: cmd = 0, num = 0, mode = 1, fd = -1 helper: send: cmd = 3, num = 0, mode = 0, fd = -1 helper(helper|ini): processed in 105us poll: helper: 1 sock,rmsg,widl: reading 40 todo sock,rmsg,widl: read full message sock,rmsg,widl: AUTH message sock,rmsg,widl: reading 40 todo sock,rmsg,widl: read full message sock,rmsg,widl: HELLO message sock,rmsg,widl: hello from , mode = 1, ver 7 app/ogg0.level=127 at 5 -> slot_level:ogg0: added snd0 pst=cfg: device requested worker: send: cmd = 0, num = 0, mode = 3, fd = -1 worker: recv: cmd = 3, num = 0, mode = 0, fd = -1 worker: send: cmd = 0, num = 0, mode = 1, fd = -1 worker: recv: cmd = 3, num = 0, mode = 0, fd = -1 worker: send: cmd = 0, num = 0, mode = 2, fd = -1 worker: recv: cmd = 3, num = 0, mode = 0, fd = -1 snd0 pst=cfg: failed to open audio device sock,rmsg,widl: closing sock(sock|zom): destroyed sock(sock|zom): processed in 8478us listen(/tmp/sndio/sock0|ini): processed in 1us worker(worker|ini): processed in 0us poll: listen: 1 worker: 1 helper: recv: cmd = 0, num = 0, mode = 2, fd = -1 helper: send: cmd = 3, num = 0, mode = 0, fd = -1 helper(helper|ini): processed in 206us poll: helper: 1 ^Cpoll: helper: 1 helper: hup helper(helper|zom): destroyed helper(helper|zom): processed in 54us nothing to do... worker(worker|zom): destroyed listen(/tmp/sndio/sock0|zom): destroyed default/server.device=0:1 at 1 -> opt_dev:default/0: removed default/server.device=1:0 at 2 -> opt_dev:default/1: removed default/server.device=2:0 at 3 -> opt_dev:default/2: removed default/server.device=3:0 at 4 -> opt_dev:default/3: removed snd0 pst=cfg: draining snd1 pst=cfg: draining snd2 pst=cfg: draining snd3 pst=cfg: draining nothing to do... snd0 pst=cfg: deleting snd1 pst=cfg: deleting snd2 pst=cfg: deleting snd3 pst=cfg: deleting dmesg: OpenBSD 7.4 (GENERIC.MP) #1382: Wed Sep 27 10:51:31 MDT 2023 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 2068180992 (1972MB) avail mem = 1985822720 (1893MB) random: good seed from bootblocks mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 3.0 @ 0x1fee8000 (17 entries) bios0: vendor coreboot version "MrChromebox-4.20.1" date 07/21/2023 bios0: GOOGLE Setzer efi0 at bios0: UEFI 2.7 efi0: EDK II rev 0x1 acpi0 at bios0: ACPI 6.0 acpi0: sleep states S0 S1 S3 S4 S5 acpi0: tables DSDT FACP SSDT MCFG TCPA APIC HPET TCPA BGRT acpi0: wakeup devices XHCI(S3) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimcfg0 at acpi0 acpimcfg0: addr 0xe000, bus 0-255 acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Celeron(R) CPU N3060 @ 1.60GHz, 2480.43 MHz, 06-4c-04, patch 0411 cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX1
No audio playback with azalia0 Intel Braswell HD Audio
3/1 ukbd0 at uhidev1: 8 variable keys, 6 key codes wskbd1 at ukbd0 mux 1 uvideo0 at uhub0 port 4 configuration 1 interface 0 "SunplusIT Inc HP Truevision HD" rev 2.00/28.74 addr 4 video0 at uvideo0 ugen0 at uhub0 port 5 "Intel Bluetooth" rev 2.00/0.03 addr 5 vscsi0 at root scsibus2 at vscsi0: 256 targets softraid0 at root scsibus3 at softraid0: 256 targets root on sd0a (0b14990a7a3f0418.a) swap on sd0b dump on sd0b drm:pid0:intel_dp_aux_wait_done *ERROR* [drm] *ERROR* AUX C/DP C: did not complete or timeout within 10ms (status 0xa0130064) inteldrm0: 1366x768, 32bpp wsdisplay0 at inteldrm0 mux 1: console (std, vt100 emulation), using wskbd0 wskbd1: connecting to wsdisplay0 wsdisplay0: screen 1-5 added (std, vt100 emulation) iwm0: hw rev 0x210, fw ver 17.3216344376.0, address 88:b1:11:3b:15:dc pckbc: command timeout pckbc: command timeout pckbc: command timeout -- jrmu IRCNow (https://ircnow.org)
Re: my software is changing its future
Greetings Peter, Will the BSD port remain freely licensed? If so, thank you. -- jrmu IRCNow (https://ircnow.org)
Re: Keyboard/trackpad issues on HP Chromebook 11 G5 Setzer
Greetings, > This sounds very similar to what I reported in: > > https://marc.info/?l=openbsd-bugs&m=169030217301737&w=2 Yes this sounds identical to the error I'm seeing. > But in my case I didn't observe timeout errors and I didn't try to use > the trackpad. > > It could be MrChromebox firmware is buggy or it only works in combination > with Linux distros. Since I don't have enough context to > investigate how is that firmware built I ended using that laptop as a > headless server (machdep.lidaction=0) Ah, I will try to experiment with the wscons settings you suggested: wsconsctl keyboard.repeat.del1=1024 wsconsctl keyboard.repeat.deln=1024 What I ended up doing was attaching an external USB keyboard and mouse, and now the laptop is usable, but it's obviously not ideal to have to carry an external usb keyboard. -- jrmu IRCNow (https://ircnow.org)
Keyboard/trackpad issues on HP Chromebook 11 G5 Setzer
>Synopsis: Keyboard/trackpad issues on HP Chromebook 11 G5 Setzer >Category: amd64 >Environment: System : OpenBSD 7.4 Details : OpenBSD 7.4 (GENERIC.MP) #1382: Wed Sep 27 10:51:31 MDT 2023 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP Architecture: OpenBSD.amd64 Machine : amd64 >Description: I installed MrChromebox firmware (https://mrchromebox.tech/static/fwscript.html) on an HP Chromebook 11 G5 Setzer, then proceeded to install OpenBSD 7.4 snapshots. I was able to get OpenBSD to boot, built-in wifi is working but trackpad and keyboard are malfunctional. I see this error after the login prompt: pckbc: command timeout pckbc: command timeout pckbc: command timeout The trackpad itself is not detected at all. It neither senses clicks nor mouse movements. The keyboard does sense keypresses but each keypress is interpreted as several presses (typing the letter 'a' once results in a string of 6 'a's). When the BSD bootloader is first started, the built-in keyboard works fine. Only after OpenBSD has finished loading does the keyboard start to duplicate keypresses. To install the system, I attached an external USB keyboard, which works perfectly with no duplicate keypresses. Thanks in advance for the help, I'm delighted to have OpenBSD booting on a chromebook. dmesg: OpenBSD 7.4 (GENERIC.MP) #1382: Wed Sep 27 10:51:31 MDT 2023 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 2068180992 (1972MB) avail mem = 1985830912 (1893MB) random: good seed from bootblocks mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 3.0 @ 0x1fee8000 (17 entries) bios0: vendor coreboot version "MrChromebox-4.20.1" date 07/21/2023 bios0: GOOGLE Setzer efi0 at bios0: UEFI 2.7 efi0: EDK II rev 0x1 acpi0 at bios0: ACPI 6.0 acpi0: sleep states S0 S1 S3 S4 S5 acpi0: tables DSDT FACP SSDT MCFG TCPA APIC HPET TCPA BGRT acpi0: wakeup devices XHCI(S3) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimcfg0 at acpi0 acpimcfg0: addr 0xe000, bus 0-255 acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Celeron(R) CPU N3060 @ 1.60GHz, 2480.53 MHz, 06-4c-04, patch 0411 cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,RDRAND,NXE,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,TSC_ADJUST,SMEP,ERMS,MD_CLEAR,IBRS,IBPB,STIBP,SENSOR,ARAT,MELTDOWN cpu0: 24KB 64b/line 6-way D-cache, 32KB 64b/line 8-way I-cache, 1MB 64b/line 16-way L2 cache cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges cpu0: apic clock running at 79MHz cpu0: mwait min=64, max=64, C-substates=0.2, IBE cpu1 at mainbus0: apid 4 (application processor) cpu1: Intel(R) Celeron(R) CPU N3060 @ 1.60GHz, 2481.05 MHz, 06-4c-04, patch 0411 cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,RDRAND,NXE,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,TSC_ADJUST,SMEP,ERMS,MD_CLEAR,IBRS,IBPB,STIBP,SENSOR,ARAT,MELTDOWN cpu1: 24KB 64b/line 6-way D-cache, 32KB 64b/line 8-way I-cache, 1MB 64b/line 16-way L2 cache cpu1: smt 0, core 2, package 0 ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 115 pins acpihpet0 at acpi0: 14318179 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpiec0 at acpi0 acpipci0 at acpi0 PCI0: 0x 0x0011 0x0001 acpibtn0 at acpi0: LID0 acpiac0 at acpi0: AC unit online acpibat0 at acpi0: BAT0 model "DR02043" serial 150F type LION oem "333-42-" "GOOG0004" at acpi0 not configured acpicmos0 at acpi0 "GOOG000A" at acpi0 not configured "INTL9C60" at acpi0 not configured "INTL9C60" at acpi0 not configured dwiic0 at acpi0 I2C1 addr 0x9132/0x1000 irq 32 iic0 at dwiic0 ihidev0 at iic0 addr 0x20dwiic0: timed out reading remaining 30 , failed fetching initial HID descriptor dwiic1 at acpi0 I2C5 addr 0x91324000/0x1000 irq 36 iic1 at dwiic1 "10EC5650" at iic1 addr 0x1a not configured dwiic2 at acpi0 I2C6 addr 0x91326000/0x1000 irq 37 iic2 at dwiic2 ietp0 at iic2 addr 0x15 , can't establish interrupt "808622A8" at acpi0 not configured tpm0 at acpi0 TPM_ 1.2 (TIS) addr 0xfed4/0x5000, Infineon SLB9635 1.2 rev 0x10 chvgpio0 at acpi0 GPSW uid 1 addr 0xfed8/0x8000 irq 49, 56 pins chvgpio1 at acpi0 GPNC uid 2 addr 0xfed88000/0x8000 irq 48, 59 pins chvgpio2 at acpi0 GPEC uid 3 addr 0xfed9/0x8000 irq 50, 24 pins chvgpio3 at acpi0 GPSE uid 4 addr 0xfed98000/0x8000 irq 91, 55 pins "INT3400" at acpi0 not configured "INT3403" at acpi0 not configured "INT3403" at acpi0 not configured "INT3403" at acpi0 not configured "INT3403" at acpi0 not configured acpicpu0 at acpi0
Re: UTF-8 chars
This is the setup I use for Chinese and it works OK for me for traditional Chinese and xterm: https://wiki.ircnow.org/index.php?n=Openbsd.Uim Fonts render properly and traditional Chinese input works. -- jrmu IRCNow (https://ircnow.org)
Keyboard/trackpad issues on HP Chromebook 11 G5 Setzer
>Synopsis: Keyboard/trackpad issues on HP Chromebook 11 G5 Setzer >Category: amd64 >Environment: System : OpenBSD 7.4 Details : OpenBSD 7.4 (GENERIC.MP) #1382: Wed Sep 27 10:51:31 MDT 2023 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP Architecture: OpenBSD.amd64 Machine : amd64 >Description: I installed MrChromebox firmware (https://mrchromebox.tech/static/fwscript.html) on an HP Chromebook 11 G5 Setzer, then proceeded to install OpenBSD 7.4 snapshots. I was able to get OpenBSD to boot, built-in wifi is working but trackpad and keyboard are malfunctional. The trackpad itself is not detected at all. It neither senses clicks nor mouse movements. The keyboard does sense keypresses but each keypress is interpreted as several presses (typing the letter 'a' once results in a string of 6 'a's). When the BSD bootloader is first started, the built-in keyboard works fine. Only after OpenBSD has finished loading does the keyboard start to duplicate keypresses. To install the system, I attached an external USB keyboard, which works perfectly with no duplicate keypresses. Thanks in advance for the help, I'm delighted to have OpenBSD booting on a chromebook. dmesg: OpenBSD 7.4 (GENERIC.MP) #1382: Wed Sep 27 10:51:31 MDT 2023 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 2068180992 (1972MB) avail mem = 1985830912 (1893MB) random: good seed from bootblocks mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 3.0 @ 0x1fee8000 (17 entries) bios0: vendor coreboot version "MrChromebox-4.20.1" date 07/21/2023 bios0: GOOGLE Setzer efi0 at bios0: UEFI 2.7 efi0: EDK II rev 0x1 acpi0 at bios0: ACPI 6.0 acpi0: sleep states S0 S1 S3 S4 S5 acpi0: tables DSDT FACP SSDT MCFG TCPA APIC HPET TCPA BGRT acpi0: wakeup devices XHCI(S3) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimcfg0 at acpi0 acpimcfg0: addr 0xe000, bus 0-255 acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Celeron(R) CPU N3060 @ 1.60GHz, 2480.53 MHz, 06-4c-04, patch 0411 cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,RDRAND,NXE,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,TSC_ADJUST,SMEP,ERMS,MD_CLEAR,IBRS,IBPB,STIBP,SENSOR,ARAT,MELTDOWN cpu0: 24KB 64b/line 6-way D-cache, 32KB 64b/line 8-way I-cache, 1MB 64b/line 16-way L2 cache cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges cpu0: apic clock running at 79MHz cpu0: mwait min=64, max=64, C-substates=0.2, IBE cpu1 at mainbus0: apid 4 (application processor) cpu1: Intel(R) Celeron(R) CPU N3060 @ 1.60GHz, 2481.05 MHz, 06-4c-04, patch 0411 cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,RDRAND,NXE,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,TSC_ADJUST,SMEP,ERMS,MD_CLEAR,IBRS,IBPB,STIBP,SENSOR,ARAT,MELTDOWN cpu1: 24KB 64b/line 6-way D-cache, 32KB 64b/line 8-way I-cache, 1MB 64b/line 16-way L2 cache cpu1: smt 0, core 2, package 0 ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 115 pins acpihpet0 at acpi0: 14318179 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpiec0 at acpi0 acpipci0 at acpi0 PCI0: 0x 0x0011 0x0001 acpibtn0 at acpi0: LID0 acpiac0 at acpi0: AC unit online acpibat0 at acpi0: BAT0 model "DR02043" serial 150F type LION oem "333-42-" "GOOG0004" at acpi0 not configured acpicmos0 at acpi0 "GOOG000A" at acpi0 not configured "INTL9C60" at acpi0 not configured "INTL9C60" at acpi0 not configured dwiic0 at acpi0 I2C1 addr 0x9132/0x1000 irq 32 iic0 at dwiic0 ihidev0 at iic0 addr 0x20dwiic0: timed out reading remaining 30 , failed fetching initial HID descriptor dwiic1 at acpi0 I2C5 addr 0x91324000/0x1000 irq 36 iic1 at dwiic1 "10EC5650" at iic1 addr 0x1a not configured dwiic2 at acpi0 I2C6 addr 0x91326000/0x1000 irq 37 iic2 at dwiic2 ietp0 at iic2 addr 0x15 , can't establish interrupt "808622A8" at acpi0 not configured tpm0 at acpi0 TPM_ 1.2 (TIS) addr 0xfed4/0x5000, Infineon SLB9635 1.2 rev 0x10 chvgpio0 at acpi0 GPSW uid 1 addr 0xfed8/0x8000 irq 49, 56 pins chvgpio1 at acpi0 GPNC uid 2 addr 0xfed88000/0x8000 irq 48, 59 pins chvgpio2 at acpi0 GPEC uid 3 addr 0xfed9/0x8000 irq 50, 24 pins chvgpio3 at acpi0 GPSE uid 4 addr 0xfed98000/0x8000 irq 91, 55 pins "INT3400" at acpi0 not configured "INT3403" at acpi0 not configured "INT3403" at acpi0 not configured "INT3403" at acpi0 not configured "INT3403" at acpi0 not configured acpicpu0 at acpi0: C2 bad (state 6 has no substates): C3 bad (state 6 has no substates): C1(1000@1 mwait.1), PSS acpicpu1 at acp
Re: relayd error: socket_rlimit: max open files 1024
Thank you, that helped. Here was the setup I settled with in the end: https://wiki.ircnow.org/index.php?n=Relayd.Acceleration jrmu On Tue, Mar 02, 2021 at 12:32:03PM +0200, Jean-Pierre de Villiers wrote: > The entry openfiles-cur=1024 is overriding the entry openfiles=1024. > Note that openfiles=value sets both openfiles-max=value and > openfiles-cur=value. > > The setting openfiles-max setting is the upper limit which can only be > changed by root while any user can change their own openfiles-cur up the > maximum value set previously. You will either need to increase > openfiles-cur or remove it completely and only have openfiles=4096. > > All this info and more is contained in login.conf(5) and getrlimit(2). > > However, I believe the recommended practice would be to create a new > login class, called 'relayd' say, that inherits from the daemon class. > This is specified using the entry: tc=daemon. Otherwise, every process > running as a user in the daemon class will have these heightened > privileges - and there's a lot of them. > > Regards, > JP
relayd error: socket_rlimit: max open files 1024
I am trying to use relayd to provide TLS acceleration for 20+ user services.
Here is my /etc/relayd.conf (with ip4 and ip6 redacted):
ip4="192.168.0.1"
ip6="2001:db8::"
table { 127.0.0.1 }
table { 127.0.0.1 }
table { 127.0.0.1 }
table { 127.0.0.1 }
table { 127.0.0.1 }
table { 127.0.0.1 }
table { 127.0.0.1 }
table { 127.0.0.1 }
table { 127.0.0.1 }
table { 127.0.0.1 }
table { 127.0.0.1 }
table { 127.0.0.1 }
table { 127.0.0.1 }
table { 127.0.0.1 }
table { 127.0.0.1 }
table { 127.0.0.1 }
table { 127.0.0.1 }
table { 127.0.0.1 }
log connection
http protocol https {
match request header append "X-Forwarded-For" value "$REMOTE_ADDR"
match request header append "X-Forwarded-By" \
match request header append "X-Forwarded-For" value "$REMOTE_ADDR"
match request header append "X-Forwarded-By" \
value "$SERVER_ADDR:$SERVER_PORT"
match request header set "Connection" value "close"
tcp { sack, backlog 128 }
tls { keypair username01.example.ircnow.org
keypair username02.example.ircnow.org
keypair username03.example.ircnow.org
keypair username04.example.ircnow.org
keypair username05.example.ircnow.org
keypair username06.example.ircnow.org
keypair username07.example.ircnow.org
keypair username08.example.ircnow.org
keypair username09.example.ircnow.org
keypair username10.example.ircnow.org
keypair username11.example.ircnow.org
keypair username12.example.ircnow.org
keypair username13.example.ircnow.org
keypair username14.example.ircnow.org
keypair username15.example.ircnow.org
keypair username16.example.ircnow.org
keypair username17.example.ircnow.org
keypair username18.example.ircnow.org }
match request header "Host" value "username01.example.ircnow.org"
forward to
match request header "Host" value "username01.example.ircnow.org"
forward to
match request header "Host" value "username02.example.ircnow.org"
forward to
match request header "Host" value "username03.example.ircnow.org"
forward to
match request header "Host" value "username04.example.ircnow.org"
forward to
match request header "Host" value "username05.example.ircnow.org"
forward to
match request header "Host" value "username06.example.ircnow.org"
forward to
match request header "Host" value "username07.example.ircnow.org"
forward to
match request header "Host" value "username08.example.ircnow.org"
forward to
match request header "Host" value "username09.example.ircnow.org"
forward to
match request header "Host" value "username10.example.ircnow.org"
forward to
match request header "Host" value "username11.example.ircnow.org"
forward to
match request header "Host" value "username12.example.ircnow.org"
forward to
match request header "Host" value "username13.example.ircnow.org"
forward to
match request header "Host" value "username14.example.ircnow.org"
forward to
match request header "Host" value "username15.example.ircnow.org"
forward to
match request header "Host" value "username16.example.ircnow.org"
forward to
match request header "Host" value "username17.example.ircnow.org"
forward to
match request header "Host" value "username18.example.ircnow.org"
forward to
}
relay wwwtls {
listen on $ip4 port 443 tls
protocol https
forward to port 8001 check icmp
forward to port 8001 check icmp
forward to port 8001 check icmp
forward to port 8001 check icmp
forward to port 8001 check icmp
forward to port 8001 check icmp
forward to port 8001 check icmp
forward to port 8001 check icmp
forward to port 8001 check icmp
forward to port 8001 check icmp
forward to port 8001 check icmp
forward to port 8001 check icmp
forward to port 8001 check icmp
forward to port 8001 check icmp
forward to port 8001 check icmp
forward to port 8001 check icmp
forward to port 8001 check icmp
forward to port 8001 check icmp
}
relay www6tls {
listen on $ip6 port 443 tls
protocol https
forward to port 8001 check icmp
forward to port 8001 check icmp
forward to port 8001 check icmp
forward to port 8001 check icmp
forward to port 8001 check icmp
forward to port 8001 check icmp
forward to port 8001 check icmp
forward to port 8001 check icmp
forward to port 8001 check icmp
forward to port 8001 check icmp
forward to port 8001 check icmp
forward to port 8001 check icmp
forward to port 8001 che
Re: relayd, ipv6, and tls keypair names
Adding two relay blocks does seem to fix the problem, thank you.
jrmu
On Sat, Feb 27, 2021 at 02:50:11AM -0700, Anthony J. Bentley wrote:
> Hi,
>
> j...@ircnow.org writes:
> > Then it seems relayd also works. So I suspect relayd is ignoring
> > the tls keypair directive for IPv6 addresses. In other words, when IPv6 is
> > en
> > abled,
> > relayd appears to ignore:
> >
> > tls { keypair example.com }
> >
> > Can someone verify if this is correct behavior, if I misconfigured, or
> > if this is a bug?
>
> You're making things a bit harder for yourself with your choice of
> certificate filenames. For starters, on webservers I've never had
> any use for a certificate without full chain. So I just create a
> full chain certificate under the usual certificate filename in my
> acme-client config.
>
> domain example.com {
> domain key "/etc/ssl/private/example.com.key"
> domain full chain certificate "/etc/ssl/example.com.crt"
> sign with letsencrypt
> }
>
> No symlinks necessary.
>
> Then in relayd I create two relays, listening to the same protocol
> block.
>
> table { 127.0.0.1 }
>
> log connection
>
> http protocol myremote {
> tls keypair "example.com"
>
> return error
> pass
> }
>
> relay mysite4 {
> listen on 127.0.0.1 port 443 tls
> protocol myremote
> forward to check tcp port 80
> }
>
> relay mysite6 {
> listen on ::1 port 443 tls
> protocol myremote
> forward to check tcp port 80
> }
>
> The problem really is that you can't listen on IPv4 and IPv6 in the
> same relay block. This might be a bug although I suppose it could be
> intentional (I've never found relayd's configuration very intuitive).
>
> --
> Anthony J. Bentley
signature.asc
Description: PGP signature
relayd, ipv6, and tls keypair names
I was trying to configure relayd for TLS acceleration when I noticed an unusual
error.
Here is my /etc/relayd.conf (with actual IPs and domains replaced):
ip4="192.0.2.1"
ip6="2001:db8::"
table { 127.0.0.1 }
table { 127.0.0.1 }
log connection
http protocol https {
match request header append "X-Forwarded-For" value "$REMOTE_ADDR"
match request header append "X-Forwarded-By" \
value "$SERVER_ADDR:$SERVER_PORT"
match request header set "Connection" value "close"
# Various TCP options
tcp { sack, backlog 128 }
tls { keypair example.com }
match request header "Host" value "www.example.com" forward to
}
relay wwwtls {
listen on $ip4 port 443 tls
listen on $ip6 port 443 tls
protocol https
forward to port 8001 check icmp
}
I set up symlinks for the SSL certs as follows:
$ doas ln -s /etc/ssl/example.com.fullchain.pem /etc/ssl/example.com:443.crt
$ doas ln -s /etc/ssl/private/example.com.key
/etc/ssl/private/example.com:443.key
I then start relayd:
$ doas relayd -dvv
and get the following errors:
relay_load_certfiles: using certificate /etc/ssl/example.com:443.crt
relay_load_certfiles: using private key /etc/ssl/private/example.com:443.key
/etc/relayd.conf:26: cannot load certificates for relay wwwtls2:443
I discovered that if I comment out the below line, line 23, relayd works:
listen on $ip6 port 443 tls
So if I uncomment out the IPv6 listener, relayd works just fine.
If I include the IPv6 listener but create symlinks with IPv6 addresses like
follows:
$ doas ln -s /etc/ssl/example.com.fullchain.pem /etc/ssl/2001:db8:::443.crt
$ doas ln -s /etc/ssl/private/example.com.key
/etc/ssl/private/2001:db8:::443.key
Then it seems relayd also works. So I suspect relayd is ignoring
the tls keypair directive for IPv6 addresses. In other words, when IPv6 is
enabled,
relayd appears to ignore:
tls { keypair example.com }
Can someone verify if this is correct behavior, if I misconfigured, or
if this is a bug?
jrmu
Re: relayd, ipv6, and tls keypair names
PS: I am running OpenBSD 6.8 stable on amd64.
On Sat, Feb 27, 2021 at 03:48:04PM +0800, j...@ircnow.org wrote:
> I was trying to configure relayd for TLS acceleration when I noticed an
> unusual
> error.
>
> Here is my /etc/relayd.conf (with actual IPs and domains replaced):
>
> ip4="192.0.2.1"
> ip6="2001:db8::"
> table { 127.0.0.1 }
> table { 127.0.0.1 }
>
> log connection
>
> http protocol https {
> match request header append "X-Forwarded-For" value "$REMOTE_ADDR"
> match request header append "X-Forwarded-By" \
> value "$SERVER_ADDR:$SERVER_PORT"
> match request header set "Connection" value "close"
>
> # Various TCP options
> tcp { sack, backlog 128 }
>
> tls { keypair example.com }
> match request header "Host" value "www.example.com" forward to
> }
>
> relay wwwtls {
> listen on $ip4 port 443 tls
> listen on $ip6 port 443 tls
> protocol https
> forward to port 8001 check icmp
> }
>
> I set up symlinks for the SSL certs as follows:
>
> $ doas ln -s /etc/ssl/example.com.fullchain.pem /etc/ssl/example.com:443.crt
> $ doas ln -s /etc/ssl/private/example.com.key
> /etc/ssl/private/example.com:443.key
>
> I then start relayd:
>
> $ doas relayd -dvv
>
> and get the following errors:
>
> relay_load_certfiles: using certificate /etc/ssl/example.com:443.crt
> relay_load_certfiles: using private key /etc/ssl/private/example.com:443.key
> /etc/relayd.conf:26: cannot load certificates for relay wwwtls2:443
>
> I discovered that if I comment out the below line, line 23, relayd works:
>
> listen on $ip6 port 443 tls
>
> So if I uncomment out the IPv6 listener, relayd works just fine.
>
> If I include the IPv6 listener but create symlinks with IPv6 addresses like
> follows:
>
> $ doas ln -s /etc/ssl/example.com.fullchain.pem /etc/ssl/2001:db8:::443.crt
> $ doas ln -s /etc/ssl/private/example.com.key
> /etc/ssl/private/2001:db8:::443.key
>
> Then it seems relayd also works. So I suspect relayd is ignoring
> the tls keypair directive for IPv6 addresses. In other words, when IPv6 is
> enabled,
> relayd appears to ignore:
>
> tls { keypair example.com }
>
> Can someone verify if this is correct behavior, if I misconfigured, or
> if this is a bug?
>
> jrmu
Re: Shell account service providers
If you connect to IRC on irc.ircnow.org and join #ircnow, we offer free openbsd shell accounts. Our web page is at https://ircnow.org. jrmu IRCNow On Thu, Jul 16, 2020 at 01:51:44AM +, Ibsen S Ripsbusker wrote: > Are there services that sell managed OpenBSD shell accounts? > I mean a service similar to sdf.org. >
Error messages with VMM on 6.6 and 6.7
OpenBSD VMM suffers from error messages and possibly spontaneous crashing System : OpenBSD 6.7 Details : OpenBSD 6.7 (GENERIC.MP) #182: Thu May 7 11:11:58 MDT 2020 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP Architecture: OpenBSD.amd64 Machine : amd64 >Description: I ran VMM on OpenBSD 6.6 with ~30 VMs, a mixture of OpenBSD 6.6, 6.7, and Debian, and kept seeing the following error messages in logs: May 28 00:54:37 srv1 vmd[97924]: rtc_update_rega: set non-32KHz timebase not supported May 28 00:59:05 srv1 vmd[24983]: rtc_update_rega: set non-32KHz timebase not supported May 28 01:12:35 srv1 vmd[31276]: rtc_update_rega: set non-32KHz timebase not supported May 28 01:14:40 srv1 vmd[31276]: vioblk queue notify - nothing to do? May 28 01:15:12 srv1 last message repeated 806 times May 28 01:17:03 srv1 last message repeated 78 times May 28 01:30:03 srv1 vmd[31276]: vioblk queue notify - nothing to do? May 28 01:40:19 srv1 last message repeated 67 times May 28 01:44:17 srv1 last message repeated 47 times May 28 01:44:19 srv1 vmd[9684]: rtc_update_rega: set non-32KHz timebase not supported Every 2-3 weeks, the system appeared to crash, but I could not find any other error message that would narrow down the cause. I am not sure if the crash is related to either of those two above error messages. Today I upgraded to OpenBSD 6.7 stable with hopes that the problem may have been fixed. However, I still notice the same two error messages: May 31 19:06:32 srv1 vmd[72705]: vcpu_process_com_data: guest reading com1 when not ready May 31 19:06:33 srv1 last message repeated 2 times May 31 19:06:40 srv1 reorder_kernel: kernel relinking done May 31 19:09:03 srv1 vmd[72705]: rtc_update_rega: set non-32KHz timebase not supported Any workaround or suggestions? dmesg: OpenBSD 6.7 (GENERIC.MP) #182: Thu May 7 11:11:58 MDT 2020 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 34306437120 (32717MB) avail mem = 33254100992 (31713MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xec830 (156 entries) bios0: vendor American Megatrends Inc. version "3.3" date 05/23/2018 bios0: Supermicro X9DRi-LN4+/X9DR3-LN4+ acpi0 at bios0: ACPI 4.0 acpi0: sleep states S0 S1 S4 S5 acpi0: tables DSDT FACP APIC FPDT SRAT SLIT HPET PRAD SPMI SSDT EINJ ERST HEST BERT DMAR MCFG acpi0: wakeup devices P0P9(S1) EUSB(S4) USBE(S4) PEX0(S4) PWVE(S4) NPE1(S4) NPE4(S4) NPE5(S4) NPE6(S4) NPE8(S4) NPEA(S4) NPE2(S4) NPE3(S4) NPE7(S4) NPE9(S4) NPE2(S4) [...] acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Xeon(R) CPU E5-2620 0 @ 2.00GHz, 2000.27 MHz, 06-2d-07 cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,PAGE1GB,RDTSCP,LONG,LAHF,PERF,ITSC,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN cpu0: 256KB 64b/line 8-way L2 cache cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges cpu0: apic clock running at 99MHz cpu0: mwait min=64, max=64, C-substates=0.2.1.1.2, IBE cpu1 at mainbus0: apid 2 (application processor) cpu1: Intel(R) Xeon(R) CPU E5-2620 0 @ 2.00GHz, 2000.02 MHz, 06-2d-07 cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,PAGE1GB,RDTSCP,LONG,LAHF,PERF,ITSC,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN cpu1: 256KB 64b/line 8-way L2 cache cpu1: smt 0, core 1, package 0 cpu2 at mainbus0: apid 4 (application processor) cpu2: Intel(R) Xeon(R) CPU E5-2620 0 @ 2.00GHz, 2000.02 MHz, 06-2d-07 cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,PAGE1GB,RDTSCP,LONG,LAHF,PERF,ITSC,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN cpu2: 256KB 64b/line 8-way L2 cache cpu2: smt 0, core 2, package 0 cpu3 at mainbus0: apid 6 (application processor) cpu3: Intel(R) Xeon(R) CPU E5-2620 0 @ 2.00GHz, 2000.01 MHz, 06-2d-07 cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,PAGE1GB,RDTSCP,LONG,LAHF,PERF,ITSC,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELT
Re: OpenBSD PPPOE
Can you provide me with some more information? Perhaps run dmesg or check /var/log/messages ? You may also want to reboot your PC and test ping to see where the network error lies. jrmu On Mon, Jan 20, 2020 at 10:42:51PM -0700, peterwkc wrote: > Dear All, > > I would like to setup my openbsd as router. > /etc/hostname.fxp0 > up > > /etc/hostname.pppoe0 > pppoedev fxp0 authproto pap authname "" authkey "" up > dest 0.0.0.1 > !/sbin/route add default -ifp pppoe0 0.0.0.1 > > > Not able to get a connection. What wrong with it? > > > > -- > Sent from: http://openbsd-archive.7691.n7.nabble.com/openbsd-user-misc-f3.html >
LCP keepalive timeout for PPPOE
nfigured "l4_wkup_cm" at simplebus2 not configured "mpu_cm" at simplebus2 not configured "l4_rtc_cm" at simplebus2 not configured "gfx_l3_cm" at simplebus2 not configured "l4_cefuse_cm" at simplebus2 not configured syscon0 at simplebus3: "scm_conf" pinctrl0 at simplebus3 "wkup_m3_ipc" at simplebus3 not configured "dma-router" at simplebus3 not configured intc0 at simplebus0 rev 5.0 "edma" at simplebus0 not configured "tptc" at simplebus0 not configured "tptc" at simplebus0 not configured "tptc" at simplebus0 not configured omgpio0 at simplebus0: rev 0.1 gpio0 at omgpio0: 32 pins omgpio1 at simplebus0: rev 0.1 gpio1 at omgpio1: 32 pins omgpio2 at simplebus0: rev 0.1 gpio2 at omgpio2: 32 pins omgpio3 at simplebus0: rev 0.1 gpio3 at omgpio3: 32 pins com0 at simplebus0: ti16750, 64 byte fifo com0: console tiiic0 at simplebus0 rev 0.11 iic0 at tiiic0 "atmel,24c256" at iic0 addr 0x50 not configured nxphdmi0 at iic0 addr 0x70: rev 0x0301 nxphdmi0: no display detected tiiic1 at simplebus0 rev 0.11 iic1 at tiiic1 "atmel,24c256" at iic1 addr 0x54 not configured "atmel,24c256" at iic1 addr 0x55 not configured "atmel,24c256" at iic1 addr 0x56 not configured "atmel,24c256" at iic1 addr 0x57 not configured ommmc0 at simplebus0 sdmmc0 at ommmc0: 4-bit, sd high-speed, mmc high-speed ommmc1 at simplebus0 sdmmc1 at ommmc1: 1-bit "spinlock" at simplebus0 not configured omdog0 at simplebus0 rev 0.1 "mailbox" at simplebus0 not configured "timer" at simplebus0 not configured "timer" at simplebus0 not configured "timer" at simplebus0 not configured "timer" at simplebus0 not configured "timer" at simplebus0 not configured "timer" at simplebus0 not configured "rtc" at simplebus0 not configured "usb" at simplebus0 not configured cpsw0 at simplebus0: version 1.12 (0), address 40:bd:32:d3:fc:ab ukphy0 at cpsw0 phy 0: Generic IEEE 802.3u media interface, rev. 1: OU, model 0x000f "ocmcram" at simplebus0 not configured amdisplay0 at simplebus0 amdisplay0: no display attached. "emif" at simplebus0 not configured "sham" at simplebus0 not configured "aes" at simplebus0 not configured "mcasp" at simplebus0 not configured "rng" at simplebus0 not configured sdmmc0: can't enable card scsibus0 at sdmmc1: 2 targets, initiator 0 sd0 at scsibus0 targ 1 lun 0: removable sd0: 3648MB, 512 bytes/sector, 7471104 sectors vscsi0 at root scsibus1 at vscsi0: 256 targets softraid0 at root bootfile: sd0a:/bsd boot device: sd0 root on sd0a (d5018eab85909b4e.a) swap on sd0b dump on sd0b WARNING: CHECK AND RESET THE DATE! pppoe0: LCP keepalive timeout pppoe0: LCP keepalive timeout (last line repeats 100x) jrmu
