proxy
hi, I have a beginner quieston. I use FreeBSD 7.1-RC1 without X on my notebook. How can I configure my network to 1. use proxy to http or ftp connections (proxy address: (10.0.1.1:8080) or (on another place, with stong restrictions, but port 22 is open) 2. use ssh tunnel (in windows I've used socks5 proxy trough my server: ssh -D u...@host.tld) where can I set these settings? best regards, indul Hirdetés (x) mindenidok.hu Kedvenceid és VIP legek egy helyen. Mutasd meg, miben vagy király! Regisztrálj, szavazz, építs saját listát! Az első 50 decemberi listaszerző bögrét kap! mindenidok.hu. A legportál. // ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Re: proxy
On Fri, 2008-12-19 at 11:09 +0100, Lazar Szilard wrote: > hi, > > > > I have a beginner quieston. > > I use FreeBSD 7.1-RC1 without X on my notebook. > > How can I configure my network to > > 1. use proxy to http or ftp connections (proxy address: (10.0.1.1:8080) > > or (on another place, with stong restrictions, but port 22 is open) > > 2. use ssh tunnel (in windows I've used socks5 proxy trough my server: ssh -D > u...@host.tld) > > > > where can I set these settings? > > best regards, > > indul > > To use a proxy with most applications, it is simply necessary to set the appropriate environment variables. Eg, I have a squid proxy running on the server 'proxy', port 3128, so I put the following in my .bashrc: export HTTP_PROXY=proxy:3128 export http_proxy=http://proxy:3128/ export ftp_proxy=http://proxy:3128/ To use an ssh tunnel, you already have the command right there.. I use a tiny rc script to manage my ssh tunnels, it is attached. Put in /usr/local/etc/rc.d and add the following settings to /etc/rc.conf proxy_tunnel_enable="YES" proxy_tunnel_remote_user="some...@somehost" You should also set up passwordless ssh authentication for root to the u...@host you wish to use for proxying to, and then simply change your local users proxy settings. ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Surf outside Internet through VPN
Hello, I want to find a way to pass ALL traffic from my laptop THROUGH my office VPN and then out to the Internet. This is a "road warrior" setup. This gives me a few benefits: 1) I can check my email securely through VPN. 2) No matter where I am, I will always have the external IP of my VPN server when accessing the web. I have setup a VPN. Was able to get it working with either tun or tap interfaces. That part seems OK. Now what?? (I can see and connect to the VPN server with '10.0.8.1' easily. I can't see or connect to the outside world.) Do I need to add some kind of special route in the routing table? Would this be better as a tun or using a bridge through tap? Thanks, -N ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Re: Surf outside Internet through VPN
Noah Silverman wrote: I want to find a way to pass ALL traffic from my laptop THROUGH my office VPN and then out to the Internet. This is a "road warrior" setup. This gives me a few benefits: 1) I can check my email securely through VPN. 2) No matter where I am, I will always have the external IP of my VPN server when accessing the web. I have setup a VPN. Was able to get it working with either tun or tap interfaces. That part seems OK. Now what?? (I can see and connect to the VPN server with '10.0.8.1' easily. I can't see or connect to the outside world.) Do I need to add some kind of special route in the routing table? If you can talk to arbitrary hosts on your office network--not just the VPN server--setting your default router to the office's gateway will achieve what you want. ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Re: Surf outside Internet through VPN
On Fri, Dec 19, 2008 at 03:23:57AM -0800, Noah Silverman wrote: > Hello, Hi. > I want to find a way to pass ALL traffic from my laptop THROUGH my > office VPN and then out to the Internet. This is a "road warrior" > setup. This gives me a few benefits: 1) I can check my email securely > through VPN. 2) No matter where I am, I will always have the external > IP of my VPN server when accessing the web. > > I have setup a VPN. Was able to get it working with either tun or tap > interfaces. That part seems OK. Ok, I'll guess you're using an IPsec VPN. > Now what?? (I can see and connect to the VPN server with '10.0.8.1' > easily. I can't see or connect to the outside world.) Do I need to > add some kind of special route in the routing table? > > Would this be better as a tun or using a bridge through tap? If you're using a tun interface and can access your remote gate through the tunnel, you may just have to add a default route to this remote gate (warning: ensure you still have some static routes to access the public IP of the gate, so your tunnel won't match the default route, which is reachable through the tunnel). You can also just use "simple" IPsec without gif, and you'll have SPD entries like: spdadd myip 0.0.0.0/0 any -P out ipsec esp/tunnel/mypublicIP-GatepublicIP/unique; for outgoing traffic (and the reverse SPD entry for incoming traffic). Please note that, for IPsec (and for IKE negociations), 0.0.0.0/0 does NOT means "any IP", it does REALLY means "the network with base address 0.0.0.0 and 0 bits of netmask". Yvan. ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Re: Surf outside Internet through VPN
Darren Pilgrim wrote: > Noah Silverman wrote: >> I want to find a way to pass ALL traffic from my laptop THROUGH my >> office VPN and then out to the Internet. This is a "road warrior" >> setup. This gives me a few benefits: 1) I can check my email >> securely through VPN. 2) No matter where I am, I will always have >> the external IP of my VPN server when accessing the web. >> >> I have setup a VPN. Was able to get it working with either tun or >> tap interfaces. That part seems OK. >> >> Now what?? (I can see and connect to the VPN server with '10.0.8.1' >> easily. I can't see or connect to the outside world.) Do I need to >> add some kind of special route in the routing table? > > If you can talk to arbitrary hosts on your office network--not just > the VPN server--setting your default router to the office's gateway > will achieve what you want. > ___ If you meant the internal address of the office's gateway, then changing the default route to that means that you will no longer be able to reach the public IP of the VPN peer. What you need to do is, i) Add a host route to the VPN peer address, via your current default gateway on whatever network you happen to be on ii) Change your default route to be something on your office net that is willing to router traffic out the Internet for you. This potentially could the internal address of your office firewall, if it knows how to route back to you via the VPN terminating box. Alternatively just the other end of your tunnel, I'm guessing from the above that it's '10.0.8.1' If you're using OpenVPN, then the "redirect-gateway" directive tries to do the above for you. Cheers, Dunc ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Re: HEADSUP: arp-v2 has been committed
On Mon, 15 Dec 2008 06:34:13 GMT, Qing Li wrote: > > The arp-v2 changes have been committed into HEAD. > > Please report problems to me and Kip Macy. Wine is not build any more: ... cc -c -I. -I. -I../../include -I../../include -D__WINESRC__ -D_REENTRANT -fPIC -Wall -pipe -fno-strict-aliasing -Wdeclaration-after-statement -Wwrite-strings -Wpointer-arith -I/usr/local/include -O2 -pipe -fno-strict-aliasing -o ipstats.o ipstats.c ipstats.c: In function 'getNumArpEntries': ipstats.c:1253: error: 'RTF_LLINFO' undeclared (first use in this function) ipstats.c:1253: error: (Each undeclared identifier is reported only once ipstats.c:1253: error: for each function it appears in.) ipstats.c: In function 'getArpTable': ipstats.c:1311: error: 'RTF_LLINFO' undeclared (first use in this function) ipstats.c:1311: warning: initialization makes integer from pointer without a cast gmake[2]: *** [ipstats.o] Ошибка 1 gmake[2]: Leaving directory `/usr/ports/emulators/wine/work/wine-1.1.10/dlls/iphlpapi' gmake[1]: *** [iphlpapi] Ошибка 2 gmake[1]: Leaving directory `/usr/ports/emulators/wine/work/wine-1.1.10/dlls' gmake: *** [dlls] Ошибка 2 -- Vladimir B. Grebenschikov v...@fbsd.ru ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Re: Surf outside Internet through VPN
On Fri, 2008-12-19 at 14:03 +0100, VANHULLEBUS Yvan wrote: > > Please note that, for IPsec (and for IKE negociations), 0.0.0.0/0 does > NOT means "any IP", it does REALLY means "the network with base > address 0.0.0.0 and 0 bits of netmask". > > > Yvan. Could you define an IPv4 IP address that wouldn't be matched by that definition? IE - aren't they both the same thing? I might be being dense.. Cheers Tom ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Update of Yandex' SMBable em driver
Hi, We've published latest versions at http://people.yandex-team.ru/~wawa/em-6.7.3-yandex-1.40.tar.gz http://people.yandex-team.ru/~wawa/em-6.9.6-RELENG7-yandex-1.36.2.8.tar.gz These revisions use mtx_trylock instead of mtx_lock in em_start(). Regards, -- Vladimir Ivanov Network Operations Center OOO "Yandex" t: +7 495 739-7000 f: +7 495 739-7070 @: n...@yandex.net (corporate) w...@yandex-team.ru (personal) www: www.yandex.ru -- ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Re: FD_SETSIZE (too many open file descriptors) + BIND
On Wednesday 17 December 2008 8:40:55 pm JINMEI Tatuya / 神明達哉 wrote: > At Wed, 17 Dec 2008 15:20:02 +0200, > Ott Köstner wrote: > > > named[63198]: socket: too many open file descriptors > > last message repeated 26 times > > > > Bind version is: BIND 9.4.2-P2 > > Please try BIND 9.4.3. Even with all attempts to mitigate the trouble > and with tweaking parameters, 9.4.2-P2 still has a fundamental > limitation on performance. It should work for the vast majority of > users, but you really need 9.4.3 if your server is very busy. However there is no FreeBSD port of BIND 9.4.3, manually installed 9.4.3 from sources...and... Yes, it *is* much better now. 'socket: too many open file descriptors' messages disappeared :) Now waiting for FreeBSD port to come into existence... Thank You! O.K. -- Mõõda oma inteneti kiirust / Test Your Internet speed http://tallinn.speedtest.net/ ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Re: IPv6 routing help?
2008/12/19 Max Laier : > On Friday 19 December 2008 01:11:51 Ivan Voras wrote: >> Max Laier wrote: >> > On the interface you are running rtadvd you need a global address out of >> > your stf prefix, e.g. 2002:aabb:ccdd:1::/64. Once you do that, >> > everything else should just fall into place. The client will configure >> > an address out of that prefix and adds a route via 2002:aabb:ccdd:1::/64. >> > This should get you going. >> >> Thanks, I understand now what I was doing wrong before. Actually 6to4 is >> very elegant. >> >> Another related question: if I understand it correctly, rtadvd should >> also be used for address autoconfiguration (like DHCP for IPv6, but not >> actually DHCP). I have it running with defaults (they look like they >> should do the right thing) and apparently it works as the client got the >> link-local address of the router as it's default IPv6 route, but I >> expected it would also automagically pick up the 2002:aabb:ccdd:1::/64 >> network when I assigned an address from it on the router and >> autoconfigure its own address. Maybe I'm expecting too much of it? > > It will, provided you properly assign an address on the NIC that is running > rtadvd. Thanks, it did! ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Getting WPA2-PSK
Hey, I've never used a mailing list before, so forgive me if I'm not doing this right. I'm trying to set up my network card, but I keep getting this error message. I type in this: ifconfig wi0 authmode wpa > And I get this: ieee80211_load_module: load the wlan_xauth module by hand for now. > ifconfig: SIOCS80211: Invalid argument > Can anybody tell me what I'm doing wrong? Thanks, Jordy ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Re: Getting WPA2-PSK
On 19 Dec 2008, at 14:19, Jordy Dickinson wrote: Hey, I've never used a mailing list before, so forgive me if I'm not doing this right. I'm trying to set up my network card, but I keep getting this error message. I type in this: ifconfig wi0 authmode wpa And I get this: ieee80211_load_module: load the wlan_xauth module by hand for now. ifconfig: SIOCS80211: Invalid argument Can anybody tell me what I'm doing wrong? You're probably running a custom kernel without the wlan_xauth module built in. Either load it as a module or compile it in your kernel. You may also want to use wpa_supplicant instead. Regads, -- Rui Paulo ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Re: Surf outside Internet through VPN
On Fri, Dec 19, 2008 at 01:35:02PM +, Tom Evans wrote: > On Fri, 2008-12-19 at 14:03 +0100, VANHULLEBUS Yvan wrote: > > > > Please note that, for IPsec (and for IKE negociations), 0.0.0.0/0 does > > NOT means "any IP", it does REALLY means "the network with base > > address 0.0.0.0 and 0 bits of netmask". > > > > > > Yvan. > > Could you define an IPv4 IP address that wouldn't be matched by that > definition? IE - aren't they both the same thing? I might be being > dense.. When setting up configurations, I often see people who put 0.0.0.0/0 as traffic endpoint one one side, and "something else" on the other side (either in racoon.conf's sainfo sections or in SPD traffic endpoints), and who think it will work. It won't. Of course, once you get such SPD entry, any packet wich matches the other network (myip as source in my previous example) will match the SPD. Yvan. ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Panic on boot with em1 attached
Hello, System is a NAS and has two interfaces. Default route is on em0. The network consisting of 2k hosts is attached to the em1. 7.0-RELEASE, 7.1-BETA2, 7.1-RC1 has the same error. In the progress of boot (uptime 7 seconds) it is panicing: Slab at 0xff000152ef50, freei 2 = 0. panic: Duplicate free of item 0xff000152e200 from zone 0xff003bfd3000(mbuf_packet) If I detach em1 before boot, the system boots and works well, but after attaching em1 back constantly appears a messages like this: rtfree: 0xff000187f7c0 has 1 refs May be the cause of this warnings is connected to the cause of panic. Here is a backtrace: #0 doadump () at pcpu.h:195 #1 0x802cbc97 in boot (howto=260) at ../../../kern/kern_shutdown.c:418 #2 0x802cc13c in panic (fmt=Variable "fmt" is not available. ) at ../../../kern/kern_shutdown.c:574 #3 0x805029a8 in uma_dbg_free (zone=Variable "zone" is not available. ) at ../../../vm/uma_dbg.c:302 #4 0x80501434 in uma_zfree_arg (zone=0xff003bfd3000, item=0xff000152e200, udata=0x0) at ../../../vm/uma_core.c:2265 #5 0x803237d9 in m_freem (mb=0x0) at mbuf.h:515 #6 0x803d39a1 in ip_fastforward (m=0xff000152e200) at ../../../netinet/ip_fastfwd.c:609 #7 0x8036ace6 in ether_demux (ifp=0xff0001257000, m=0xff000152e200) at ../../../net/if_ethersubr.c:770 #8 0x8036af62 in ether_input (ifp=0xff0001257000, m=0xff000152e200) at ../../../net/if_ethersubr.c:692 #9 0x801fe6f4 in em_rxeof (adapter=0x80c57000, count=99) at ../../../dev/e1000/if_em.c:4539 #10 0x801feb8b in em_handle_rxtx (context=Variable "context" is not available. ) at ../../../dev/e1000/if_em.c:1702 #11 0x80303481 in taskqueue_run (queue=0xff0001258600) at ../../../kern/subr_taskqueue.c:282 #12 0x8030363a in taskqueue_thread_loop (arg=Variable "arg" is not available. ) at ../../../kern/subr_taskqueue.c:401 #13 0x802aa7ff in fork_exit (callout=0x803035e0 , arg=0x80c5b588, frame=0x9ead9c80) at ../../../kern/kern_fork.c:804 #14 0x805250e3 in fork_trampoline () at ../../../amd64/amd64/exception.S:455 Dump for the mbuf: 0xff000152e200: 0x000x000x000x000x000x000x00 0x00 0xff000152e208: 0x000x000x000x000x000x000x00 0x00 0xff000152e210: 0x100x680x530x010x000xff0xff 0xff 0xff000152e218: 0x300x000x000x000x030x000x00 0x00 0xff000152e220: 0x010x000xad0xde0xde0xc00xad 0xde 0xff000152e228: 0x000x700x250x010x000xff0xff 0xff 0xff000152e230: 0x000x000x000x000x000x000x00 0x00 0xff000152e238: 0x300x000x000x000x000x0f0x00 0x00 0xff000152e240: 0xff0xff0x000x000x000x000x00 0x00 0xff000152e248: 0x000x000x000x000x000x000x00 0x00 0xff000152e250: 0x000x680x530x010x000xff0xff 0xff 0xff000152e258: 0x000x000x000x000x000x000x00 0x00 0xff000152e260: 0x000x000x000x000x000x000x00 0x00 0xff000152e268: 0x000x080x000x000xde0xc00xad 0xde 0xff000152e270: 0x3c0x000xfb0x3b0x000xff0xff 0xff 0xff000152e278: 0x060x000x000x000xde0xc00xad 0xde 0xff000152e280: 0xde0xc00xad0xde0xde0xc00xad 0xde 0xff000152e288: 0xde0xc00xad0xde0xde0xc00xad 0xde 0xff000152e290: 0xde0xc00xad0xde0xde0xc00xad 0xde 0xff000152e298: 0xde0xc00xad0xde0xde0xc00xad 0xde 0xff000152e2a0: 0xde0xc00xad0xde0xde0xc00xad 0xde 0xff000152e2a8: 0xde0xc00xad0xde0xde0xc00xad 0xde 0xff000152e2b0: 0xde0xc00xad0xde0xde0xc00xad 0xde 0xff000152e2b8: 0xde0xc00xad0xde0xde0xc00xad 0xde 0xff000152e2c0: 0xde0xc00xad0xde0xde0xc00xad 0xde 0xff000152e2c8: 0xde0xc00xad0xde0xde0xc00xad 0xde 0xff000152e2d0: 0xde0xc00xad0xde0xde0xc00xad 0xde 0xff000152e2d8: 0xde0xc00xad0xde0xde0xc00xad 0xde 0xff000152e2e0: 0xde0xc00xad0xde0xde0xc00xad 0xde 0xff000152e2e8: 0xde0xc00xad0xde0xde0xc00xad 0xde 0xff000152e2f0: 0xde0xc00xad0xde0xde0xc00xad 0xde 0xff000152e2f8: 0xde0xc00xad0xde0xde0xc00xad 0xde I have a tcpdump file for the traffic on em1 during the boot but I can't work out the method of finding the matching packet to the mbuf. Is there any
Re: Getting WPA2-PSK
On Fri, Dec 19, 2008 at 03:04:55PM +, Rui Paulo wrote: > > On 19 Dec 2008, at 14:19, Jordy Dickinson wrote: > >> Hey, I've never used a mailing list before, so forgive me if I'm not doing >> this right. >> >> I'm trying to set up my network card, but I keep getting this error >> message. >> I type in this: >> >> ifconfig wi0 authmode wpa >>> >> >> And I get this: >> >> ieee80211_load_module: load the wlan_xauth module by hand for now. >>> ifconfig: SIOCS80211: Invalid argument >>> >> >> Can anybody tell me what I'm doing wrong? >> > > You're probably running a custom kernel without the wlan_xauth module built > in. Either load it as a module or compile it in your kernel. > > You may also want to use wpa_supplicant instead. More specifically, setting "authmode wpa" with ifconfig will always be wrong (unless perhaps someday someone adds a suplicant to the kernel). If you want WPA to work, you must run wpa_supplicant. -- Brooks pgpevFNprr1AB.pgp Description: PGP signature
Re: HEADSUP: arp-v2 has been committed
On Mon, 2008-12-15 at 15:42 +0200, Giorgos Keramidas wrote: > On Mon, 15 Dec 2008 06:34:13 GMT, Qing Li wrote: > > Hi All, > > > > The arp-v2 changes have been committed into HEAD. > > Please report problems to me and Kip Macy. Nice, my host sends arp-reply about other hosts my host has MAC address 00:19:7d:8c:0b:44: 19:59:39.409151 00:13:e8:d5:0f:63 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: arp who-has 10.24.11.35 tell 10.24.11.42 >> it got broadcast arp request from some host 19:59:39.409163 00:19:7d:8c:0b:44 > 00:13:e8:d5:0f:63, ethertype ARP (0x0806), length 42: arp reply 10.24.11.35 is-at 00:13:e8:d5:0f:63 >> it replies - IP you seeking for is on your MAC address some OS do put entries based on such bogus arp reply on their arp tables Looks as serious problem of ARP stack. -- Vladimir B. Grebenschikov v...@fbsd.ru ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
RE: HEADSUP: arp-v2 has been committed
I checked in a fix earlier this morning, sync-up and give it a try. -- Qing Revision 1.188: download - view: text, markup, annotated - select for diffs Fri Dec 19 11:07:34 2008 UTC (6 hours, 26 minutes ago) by qingli Branches: MAIN CVS tags: HEAD Diff to: previous 1.187: preferred, colored Changes since revision 1.187: +52 -57 lines SVN rev 186317 on 2008-12-19 11:07:34Z by qingli The proxy-arp code was broken and responds to ARP requests for addresses that are not proxied locally. -Original Message- From: owner-freebsd-curr...@freebsd.org on behalf of Vladimir Grebenschikov Sent: Fri 12/19/2008 9:04 AM To: Qing Li Cc: freebsd-net@freebsd.org; freebsd-curr...@freebsd.org Subject: Re: HEADSUP: arp-v2 has been committed On Mon, 2008-12-15 at 15:42 +0200, Giorgos Keramidas wrote: > On Mon, 15 Dec 2008 06:34:13 GMT, Qing Li wrote: > > Hi All, > > > > The arp-v2 changes have been committed into HEAD. > > Please report problems to me and Kip Macy. Nice, my host sends arp-reply about other hosts my host has MAC address 00:19:7d:8c:0b:44: 19:59:39.409151 00:13:e8:d5:0f:63 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: arp who-has 10.24.11.35 tell 10.24.11.42 >> it got broadcast arp request from some host 19:59:39.409163 00:19:7d:8c:0b:44 > 00:13:e8:d5:0f:63, ethertype ARP (0x0806), length 42: arp reply 10.24.11.35 is-at 00:13:e8:d5:0f:63 >> it replies - IP you seeking for is on your MAC address some OS do put entries based on such bogus arp reply on their arp tables Looks as serious problem of ARP stack. -- Vladimir B. Grebenschikov v...@fbsd.ru ___ freebsd-curr...@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org" ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Packet Loss Under FreeBSD 7.0
Hi, I am new to FreeBSD and I am developing a program that does heavy use of UDP multicast over the LAN. This program is incurring 90-100 percent packet loss on FreeBSD. Packet loss occurs even when a I send just 3 packets. When I send 1000 packets I get 100% packet loss. netstat on FreeBSD shows all the packets, but none/few make it to my program. The program is single-source for FreeBSD, Linux and Solaris and neither Linux nor Solaris has anything like this level of packet loss. I am running a generic kernel, Intel P4, 512MB. I use a quad port SUN HME card 100T. I can telnet, ftp, etc. just fine. My guess is something is misconfigured in FreeBSD. Does anyone know what I need to tune? Thanks, /cho ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Re: Packet Loss Under FreeBSD 7.0
On Dec 19, 2008, at 9:42 AM, richard lll wrote: I am new to FreeBSD and I am developing a program that does heavy use of UDP multicast over the LAN. This program is incurring 90-100 percent packet loss on FreeBSD. Packet loss occurs even when a I send just 3 packets. When I send 1000 packets I get 100% packet loss. netstat on FreeBSD shows all the packets, but none/few make it to my program. How are you sending your traffic? send() over a socket(), or via BPF or something else? Does adding something like a usleep(1000) call after each packet being sent do anything to help with the packet lossage? Regards, -- -Chuck ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Re: Surf outside Internet through VPN
I'm not sure that would work. I have my openVPN assigning IPs from a private range, 10.8.0.0 to my laptop. My office gateway is from our ISP on a public IP 123.123.123.123. My guess is that somewhere on the VPN server, I need to configure some kind of route or bridge from the opvnp ip block to the public ip block?? On Dec 19, 2008, at 4:30 AM, Darren Pilgrim wrote: Noah Silverman wrote: I want to find a way to pass ALL traffic from my laptop THROUGH my office VPN and then out to the Internet. This is a "road warrior" setup. This gives me a few benefits: 1) I can check my email securely through VPN. 2) No matter where I am, I will always have the external IP of my VPN server when accessing the web. I have setup a VPN. Was able to get it working with either tun or tap interfaces. That part seems OK. Now what?? (I can see and connect to the VPN server with '10.0.8.1' easily. I can't see or connect to the outside world.) Do I need to add some kind of special route in the routing table? If you can talk to arbitrary hosts on your office network--not just the VPN server--setting your default router to the office's gateway will achieve what you want. ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Re: Surf outside Internet through VPN
On Fri, Dec 19, 2008 at 03:23:57AM -0800, Noah Silverman wrote: > Hello, > > I want to find a way to pass ALL traffic from my laptop THROUGH my office > VPN and then out to the Internet. This is a "road warrior" setup. This > gives me a few benefits: 1) I can check my email securely through VPN. 2) > No matter where I am, I will always have the external IP of my VPN server > when accessing the web. > > I have setup a VPN. Was able to get it working with either tun or tap > interfaces. That part seems OK. > > Now what?? (I can see and connect to the VPN server with '10.0.8.1' > easily. I can't see or connect to the outside world.) Do I need to add > some kind of special route in the routing table? > > Would this be better as a tun or using a bridge through tap? Have you considered just using a http/socks proxy?, it would do away with all the routing magic. Andrew ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Re: Surf outside Internet through VPN
Thanks for all the replies. I think that I need to better explain what I'm trying to do My company has a small server farm that is co-located at a major ISP. In that farm we have a machine that acts as a small webserver and pop server. Since that webserver is already "exposed" to the public, I thought it would make a good choice as a VPN server for a few of our guys who travel and/or connect from home. Right now, I have openVPN working, certificates exchanged and signed, etc. I can remotely connect and setup a tunnel easily. I can ssh to the openVPN server using 10.0.8.1 and it works. I CAN'T surf the web or get outside the netblock of my openVPN. For this e-mail, lets assume the public IP of the webserver is 123.123.123.100 This was my plan: 1 )Setup openVPN on the webserver with a TUN interface. 2) Remote workers can then connect to the openVPN running on 123.123.123.100 3) Remote workers can now access our pop and smtp email at 10.0.8.1 (Address from openVPN.) 4) When Remote workers surf web or connect to other outside services, they appear to come from 123.123.123.100 (address of webserver.) 5) Remote workers need to access some "admin" pages on the webserver. Again, this should be easy as they could connect to 10.0.8.1 to get to the webserver through the VPN tunnel. We can then add rules to the webserver to only allow admin access from the 10.0.8.x block. 6) Remote workers can access services on our other servers through various firewalls because we have a simple rule in those firewalls allowing traffic in from 123.123.123.100. The "big picture" was to "standardize" the way remote workers connect, and to make sure all their traffic comes from the same IP address. That way we can manage rules for firewall, email relaying, mysql access, etc. Here are the key config settings for openVPN that I have setup now: proto udp dev tun server 10.0.8.0 255.255.255.0 push "route 10.0.8.0 255.255.255.0" push "redirect-gateway" client-to-client My guess is that I'm missing some very basic config line or routing setup. Here are some interesting observations: On the client (remote laptop) I see some strange things in "netstat - rn" the first line is: DestinationGatewayFlagsRefs Use Netif Expire 0/110.0.8.5 UGSc6 74 tun0 Why is the gateway coming in as "10.0.8.5"?? I thought my gateway would be 10.0.8.1 from openVPN. Why did it skip to "5" ## On the webserver (openVPN host) "netstat -rn" gives me the following: DestinationGatewayFlagsRefs Use Netif Expire default123.123.123.1UGS 0 10514423em0 10.0.8/24 10.0.8.2 UGS 0 436 tun0 Why is the gateway "10.0.8.2"?? Shouldn't it be "10.0.8.1"?? ## On the webserver (openVPN host) an ifconfig shows some odd results tun0: flags=8051 mtu 1500 inet 10.0.8.1 --> 10.0.8.2 netmask 0x Opened by PID 52970 What is the reference to '10.0.8.2'?? I didn't put that in. Any and all help, suggestions, ideas, etc would be greatly appreciated!! Thanks!! -N On Dec 19, 2008, at 12:00 PM, Andrew Thompson wrote: On Fri, Dec 19, 2008 at 03:23:57AM -0800, Noah Silverman wrote: Hello, I want to find a way to pass ALL traffic from my laptop THROUGH my office VPN and then out to the Internet. This is a "road warrior" setup. This gives me a few benefits: 1) I can check my email securely through VPN. 2) No matter where I am, I will always have the external IP of my VPN server when accessing the web. I have setup a VPN. Was able to get it working with either tun or tap interfaces. That part seems OK. Now what?? (I can see and connect to the VPN server with '10.0.8.1' easily. I can't see or connect to the outside world.) Do I need to add some kind of special route in the routing table? Would this be better as a tun or using a bridge through tap? Have you considered just using a http/socks proxy?, it would do away with all the routing magic. Andrew ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org" ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Re: HEADSUP: arp-v2 has been committed
Hello, I for one, can confirm that the fix from this morning resolved my problems :-) Cheers remko On Dec 19, 2008, at 6:33 PM, Li, Qing wrote: I checked in a fix earlier this morning, sync-up and give it a try. -- Qing Revision 1.188: download - view: text, markup, annotated - select for diffs Fri Dec 19 11:07:34 2008 UTC (6 hours, 26 minutes ago) by qingli Branches: MAIN CVS tags: HEAD Diff to: previous 1.187: preferred, colored Changes since revision 1.187: +52 -57 lines SVN rev 186317 on 2008-12-19 11:07:34Z by qingli The proxy-arp code was broken and responds to ARP requests for addresses that are not proxied locally. -Original Message- From: owner-freebsd-curr...@freebsd.org on behalf of Vladimir Grebenschikov Sent: Fri 12/19/2008 9:04 AM To: Qing Li Cc: freebsd-net@freebsd.org; freebsd-curr...@freebsd.org Subject: Re: HEADSUP: arp-v2 has been committed On Mon, 2008-12-15 at 15:42 +0200, Giorgos Keramidas wrote: On Mon, 15 Dec 2008 06:34:13 GMT, Qing Li wrote: Hi All, The arp-v2 changes have been committed into HEAD. Please report problems to me and Kip Macy. Nice, my host sends arp-reply about other hosts my host has MAC address 00:19:7d:8c:0b:44: 19:59:39.409151 00:13:e8:d5:0f:63 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: arp who-has 10.24.11.35 tell 10.24.11.42 it got broadcast arp request from some host 19:59:39.409163 00:19:7d:8c:0b:44 > 00:13:e8:d5:0f:63, ethertype ARP (0x0806), length 42: arp reply 10.24.11.35 is-at 00:13:e8:d5:0f:63 it replies - IP you seeking for is on your MAC address some OS do put entries based on such bogus arp reply on their arp tables Looks as serious problem of ARP stack. -- Vladimir B. Grebenschikov v...@fbsd.ru ___ freebsd-curr...@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org " ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org" -- /"\ Best regards,| re...@freebsd.org \ / Remko Lodder | re...@efnet Xhttp://www.evilcoder.org/| / \ ASCII Ribbon Campaign| Against HTML Mail and News ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Re: Getting WPA2-PSK
On Fri, Dec 19, 2008 at 11:46 AM, Brooks Davis wrote: > On Fri, Dec 19, 2008 at 03:04:55PM +, Rui Paulo wrote: > > > > On 19 Dec 2008, at 14:19, Jordy Dickinson wrote: > > > >> Hey, I've never used a mailing list before, so forgive me if I'm not > doing > >> this right. > >> > >> I'm trying to set up my network card, but I keep getting this error > >> message. > >> I type in this: > >> > >> ifconfig wi0 authmode wpa > >>> > >> > >> And I get this: > >> > >> ieee80211_load_module: load the wlan_xauth module by hand for now. > >>> ifconfig: SIOCS80211: Invalid argument > >>> > >> > >> Can anybody tell me what I'm doing wrong? > >> > > > > You're probably running a custom kernel without the wlan_xauth module > built > > in. Either load it as a module or compile it in your kernel. > > > > You may also want to use wpa_supplicant instead. > > More specifically, setting "authmode wpa" with ifconfig will always be > wrong (unless perhaps someday someone adds a suplicant to the kernel). > If you want WPA to work, you must run wpa_supplicant. > > -- Brooks So how do I use wpa_supplicant? I've installed it on my machine already, and the man pages are gibberish to me. Also, is there a way to make the mailing list stop sending me emails that I'm not part of? ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Re: Getting WPA2-PSK
On Fri, Dec 19, 2008 at 05:33:17PM -0500, Jordy Dickinson wrote: > On Fri, Dec 19, 2008 at 11:46 AM, Brooks Davis wrote: > > > On Fri, Dec 19, 2008 at 03:04:55PM +, Rui Paulo wrote: > > > > > > On 19 Dec 2008, at 14:19, Jordy Dickinson wrote: > > > > > >> Hey, I've never used a mailing list before, so forgive me if I'm not > > doing > > >> this right. > > >> > > >> I'm trying to set up my network card, but I keep getting this error > > >> message. > > >> I type in this: > > >> > > >> ifconfig wi0 authmode wpa > > >>> > > >> > > >> And I get this: > > >> > > >> ieee80211_load_module: load the wlan_xauth module by hand for now. > > >>> ifconfig: SIOCS80211: Invalid argument > > >>> > > >> > > >> Can anybody tell me what I'm doing wrong? > > >> > > > > > > You're probably running a custom kernel without the wlan_xauth module > > built > > > in. Either load it as a module or compile it in your kernel. > > > > > > You may also want to use wpa_supplicant instead. > > > > More specifically, setting "authmode wpa" with ifconfig will always be > > wrong (unless perhaps someday someone adds a suplicant to the kernel). > > If you want WPA to work, you must run wpa_supplicant. > > > > -- Brooks > > > So how do I use wpa_supplicant? I've installed it on my machine already, and > the man pages are gibberish to me. You have to add appropriate entries to /etc/wpa_supplicant.conf for your network. See the examples in the default file and the wpa_supplicant.conf manpage for details. You would then add WPA to your ifconfig_wi0 line in /etc/rc.conf. However, even if you do this, you will not actually be able to use WPA because wi(4) devices only support WEP (I missed that you were running wi(4) before). If you have a WPA encrypted network you will need to get another card. > Also, is there a way to make the mailing list stop sending me emails that > I'm not part of? You can not subscribe to the list. Since you have pretty basic questions you might consider asking the freebsd-questions list. -- Brooks pgpJTtjR156X3.pgp Description: PGP signature
Re: Getting WPA2-PSK
Brooks Davis wrote: On Fri, Dec 19, 2008 at 05:33:17PM -0500, Jordy Dickinson wrote: On Fri, Dec 19, 2008 at 11:46 AM, Brooks Davis wrote: On Fri, Dec 19, 2008 at 03:04:55PM +, Rui Paulo wrote: On 19 Dec 2008, at 14:19, Jordy Dickinson wrote: Hey, I've never used a mailing list before, so forgive me if I'm not doing this right. I'm trying to set up my network card, but I keep getting this error message. I type in this: ifconfig wi0 authmode wpa And I get this: ieee80211_load_module: load the wlan_xauth module by hand for now. ifconfig: SIOCS80211: Invalid argument Can anybody tell me what I'm doing wrong? You're probably running a custom kernel without the wlan_xauth module built in. Either load it as a module or compile it in your kernel. You may also want to use wpa_supplicant instead. More specifically, setting "authmode wpa" with ifconfig will always be wrong (unless perhaps someday someone adds a suplicant to the kernel). If you want WPA to work, you must run wpa_supplicant. -- Brooks So how do I use wpa_supplicant? I've installed it on my machine already, and the man pages are gibberish to me. You have to add appropriate entries to /etc/wpa_supplicant.conf for your network. See the examples in the default file and the wpa_supplicant.conf manpage for details. You would then add WPA to your ifconfig_wi0 line in /etc/rc.conf. However, even if you do this, you will not actually be able to use WPA because wi(4) devices only support WEP (I missed that you were running wi(4) before). If you have a WPA encrypted network you will need to get another card. Depends if he's running HEAD or something older. HEAD supports WPA w/ wi but only for Intersil cards w/ firmware rev >= 1.7. Also, is there a way to make the mailing list stop sending me emails that I'm not part of? You can not subscribe to the list. Since you have pretty basic questions you might consider asking the freebsd-questions list. There's also a section in the handbook that talks about setting up wireless network configs. Sam ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
