Re: OpenBSD-based ISP
On 2017-08-17, Juan Guillermo Narvaez wrote: > Stuart, > > Where I can set the port range of NAT? pf.conf. "nat-to $address port $low:$high"
Re: lock X on suspend
>>> fwiw, I sometimes had problems with characters from my password going to >>> xterms when I used xidle. I don't know if it was something odd about my >>> setup, but something to watch out for if anyone's changing config as a >>> result of this thread. > > I'm stepping in just to mention that I've observed the same behaviour, > though I thought it was because of the locking program that I used > (slock), not xidle. I was seeing it with xidle+xlock.
Re: Set date during OpenBSD installation
On 19/08/17 12:23, Nan Xiao wrote:
> Hi all,
>
> Greetings from me! I am a newbie of OpenBSD, and come across
> a confusion of setting date during installation:
>
> I install OpenBSD on VirtualBox and host machine is ArchLinux.
> During setup, it prompts me:
>
> > What timezone are you in? ('?' for list) [Asia/Singapore]
...
>
> After installation, I use "date" command to check time:
>
> #date
> Sat Aug 19 03:57:14 GMT 2017
>
> The time is correct. But after reboot. The time changes:
>
> #date
> Sat Aug 19 20:01:00 +8 2017
> #date
> Sat Aug 19 12:01:05 UTC 2017
Hi and welcome,
Did you do something between these two commands? My own date displays thus:
$ date
Sat Aug 19 08:15:55 BST 2017
$ locale
LANG=
LC_COLLATE="C"
LC_CTYPE="C"
LC_MONETARY="C"
LC_NUMERIC="C"
LC_TIME="C"
LC_MESSAGES=en_GB.UTF8
LC_ALL=
and is as expected for the United Kingdom. The system usually displays
the locale date. Whenever there is a problem the first thing to do is to
read the relevant manpage and faq. The developers spend a lot of time
keeping the manpages right so that is always the first thing to do. They
are way superior to all linux systems I have seen.
$ man 1 date
$ man 1 locale
I don't understand how this has arisen on your installation.
Good Luck
Moss
ftp.eu.openbsd.org no longer accepts anonymous ftp?
About to do my few-times-a-week upgrade to the most recent snapshot for one of my systems earlier this week, I discovered that ftp.eu.openbsd.org apparently has dropped support for anonymous ftp: $ ncftp eu-openbsd NcFTP 3.2.6 (Dec 04, 2016) by Mike Gleason (http://www.NcFTP.com/contact/). Connecting to 193.156.26.18... jj-prod-obsdmirror.inet6.se FTP server ready. User anonymous unknown. Sleeping 20 seconds... - after a few iterations of which I Ctrl-C out and just download the bsd.rd over http and use that to install sets, again via http, from the same mirror. I don't see downloading bsd.rd only and then doing an http install as much of a hardship (the process takes only a few minutes total either way), but if the change was intentional it would probably be a good thing to update the relevant web pages. - Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
iwn0: no link after 6.1 upgrade
After an 6.1 upgrade (from 6.0-release to 6.1-release) on my Lenovo X230 laptop, I can't get my wireless connection working anywore on different kind of access points or ISP boxes. Same problem on 6.1-current On my Samsung S6 Wifi Hotspot there is no issue. $ sudo sh /etc/netstart iwn0 Password: iwn0: no link ... sleeping $ cat /etc/hostname.iwn0 nwid my_ssid wpakey "my key" dhcp $ dmesg | grep iwn iwn0 at pci2 dev 0 function 0 "Intel Centrino Advanced-N 6205" rev 0x34: msi, MIMO 2T2R, MoW, address 60:67:20:43:86:aa $ pkg_info | grep iwn iwn-firmware-5.11p1 firmware binary images for iwn(4) driver I have tested again with an USB live OpenBSD 6.0 and everything is working fine. But a live 6.1 or -current, it's not. There is no dhcp server problem too. Thanks for your help. $ dmesg OpenBSD 6.1-current (GENERIC.MP) #11: Thu Aug 17 15:52:35 MDT 2017 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 3959615488 (3776MB) avail mem = 3832594432 (3655MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xdae9d000 (69 edntries) bios0: vendor LENOVO version "G2ET82WW (2.02 )" date 09/11/2012 bios0: LENOVO 2325ND2 acpi0 at bios0: rev 2 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP SLIC TCPA SSDT SSDT SSDT HPET APIC MCFG ECDT FPDT ASF! UEFI UEFI POAT SSDT SSDT UEFI DBG2 acpi0: wakeup devices LID_(S4) SLPB(S3) IGBE(S4) EXP3(S4) XHCI(S3) EHC1(S3) EHC2(S3) HDEF(S4) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpihpet0 at acpi0: 14318179 Hz acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM) i5-3320M CPU @ 2.60GHz, 2594.58 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,SENSOR,ARAT cpu0: 256KB 64b/line 8-way L2 cache cpu0: TSC frequency 2594580120 Hz cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges cpu0: apic clock running at 99MHz cpu0: mwait min=64, max=64, C-substates=0.2.1.1.2, IBE cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Core(TM) i5-3320M CPU @ 2.60GHz, 2594.11 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,SENSOR,ARAT cpu1: 256KB 64b/line 8-way L2 cache cpu1: smt 1, core 0, package 0 cpu2 at mainbus0: apid 2 (application processor) cpu2: Intel(R) Core(TM) i5-3320M CPU @ 2.60GHz, 2594.11 MHz cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,SENSOR,ARAT cpu2: 256KB 64b/line 8-way L2 cache cpu2: smt 0, core 1, package 0 cpu3 at mainbus0: apid 3 (application processor) cpu3: Intel(R) Core(TM) i5-3320M CPU @ 2.60GHz, 2594.11 MHz cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,SENSOR,ARAT cpu3: 256KB 64b/line 8-way L2 cache cpu3: smt 1, core 1, package 0 ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins acpimcfg0 at acpi0 addr 0xf800, bus 0-63 acpiec0 at acpi0 acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus -1 (PEG_) acpiprt2 at acpi0: bus 2 (EXP1) acpiprt3 at acpi0: bus 3 (EXP2) acpiprt4 at acpi0: bus 4 (EXP3) acpicpu0 at acpi0: C2(350@80 mwait.1@0x20), C1(1000@1 mwait.1), PSS acpicpu1 at acpi0: C2(350@80 mwait.1@0x20), C1(1000@1 mwait.1), PSS acpicpu2 at acpi0: C2(350@80 mwait.1@0x20), C1(1000@1 mwait.1), PSS acpicpu3 at acpi0: C2(350@80 mwait.1@0x20), C1(1000@1 mwait.1), PSS acpipwrres0 at acpi0: PUBS, resource for XHCI, EHC1, EHC2 acpitz0 at acpi0: critical temperature is 103 degC acpibtn0 at acpi0: LID_ acpibtn1 at acpi0: SLPB "LEN0071" at acpi0 not configured "LEN0020" at acpi0 not configured "SMO1200" at acpi0 not configured acpibat0 at acpi0: BAT0 model "45N1023" serial 7560 type LION oem "SANYO" acpiac0 at acpi0: AC unit online "LEN0078" at acpi0 not configured acpithinkpad0 at acpi0 "PNP0C14" at acpi0 not configured "PNP0C14" at acpi0 not configured acpidock0 at acpi0: GDCK not docked (0) acpivideo0 at acpi0: VID_ acpivout at acpivideo0 not configured acpivideo1 at acpi0: VID_ cpu0: Enhance
Re: Set date during OpenBSD installation
Hey, > I install OpenBSD on VirtualBox and host machine is ArchLinux. Your issue might be VirtualBox related. If not, try setting "Hardware clock in UTC time" in your OpenBSD machine settings. -- greetings, Florian Viehweger
Re: iwn0: no link after 6.1 upgrade
On Sat, Aug 19, 2017 at 11:12:04AM +0200, Alexis de BRUYN wrote: > After an 6.1 upgrade (from 6.0-release to 6.1-release) on my Lenovo X230 > laptop, I can't get my wireless connection working anywore on different kind > of access points or ISP boxes. Same problem on 6.1-current My guess is that your AP is using WPA1. Is this correct? WPA1 has been disabled by default because it is not secure. Make sure your AP is using WPA2 (sometimes called "AES" by vendors). Only if you cannot change the AP, try: ifconfig iwn0 wpaprotos wpa1,wpa2 Please also show the output of 'ifconfig iwn0 scan' and show any additional messages produced in /var/log/messages after running 'ifconfig iwn0 debug'.
Re: ftp.eu.openbsd.org no longer accepts anonymous ftp?
Also, yesterday's # pkg_add -u failed for me, apparently for that same reason. BR, Andreas lör 19 aug. 2017 kl. 11:06 skrev Peter N. M. Hansteen : > About to do my few-times-a-week upgrade to the most recent snapshot for > one of my systems earlier this week, I discovered that > ftp.eu.openbsd.org apparently has dropped support for anonymous ftp: > > $ ncftp eu-openbsd > NcFTP 3.2.6 (Dec 04, 2016) by Mike Gleason (http://www.NcFTP.com/contact/ > ). > Connecting to 193.156.26.18... > > > jj-prod-obsdmirror.inet6.se FTP server ready. > User anonymous unknown. > > > Sleeping 20 seconds... > > - after a few iterations of which I Ctrl-C out and just download the > bsd.rd over http and use that to install sets, again via http, from the > same mirror. > > I don't see downloading bsd.rd only and then doing an http install as > much of a hardship (the process takes only a few minutes total either > way), but if the change was intentional it would probably be a good > thing to update the relevant web pages. > > - Peter > > -- > Peter N. M. Hansteen, member of the first RFC 1149 implementation team > http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ > "Remember to set the evil bit on all malicious network traffic" > delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds. > >
Re: ftp.eu.openbsd.org no longer accepts anonymous ftp?
On 08/19/17 11:44, Andreas Thulin wrote: > Also, yesterday's > > # pkg_add -u > > failed for me, apparently for that same reason. Yes, that would happen. Then again, changing ftp:// to https:// in /etc/installurl would make pkg_add -u work. - P -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: iwn0: no link after 6.1 upgrade
On 08/19/17 11:35, Stefan Sperling wrote: On Sat, Aug 19, 2017 at 11:12:04AM +0200, Alexis de BRUYN wrote: After an 6.1 upgrade (from 6.0-release to 6.1-release) on my Lenovo X230 laptop, I can't get my wireless connection working anywore on different kind of access points or ISP boxes. Same problem on 6.1-current My guess is that your AP is using WPA1. Is this correct? On my DLINK DAP-2310 with the last firmware, the WPA mode is WPA2 Only. I cannot check with other AP today. WPA1 has been disabled by default because it is not secure. Make sure your AP is using WPA2 (sometimes called "AES" by vendors). Only if you cannot change the AP, try: ifconfig iwn0 wpaprotos wpa1,wpa2 $ sudo ifconfig iwn0 wpaprotos wpa1,wpa2 $ sh /etc/netstart iwn0 DHCPREQUEST on iwn0 to 255.255.255.255 DHCPREQUEST on iwn0 to 255.255.255.255 DHCPACK from 192.168.0.51 (ec:a8:6b:ff:15:4e) bound to 192.168.0.9 -- renewal in 900 seconds. But not working with $ sudo ifconfig iwn0 wpaprotos wpa2 $ sudo sh /etc/netstart iwn0 iwn0: no link ... sleeping Please also show the output of 'ifconfig iwn0 scan' and show any additional messages produced in /var/log/messages after running 'ifconfig iwn0 debug'. $ sudo ifconfig iwn0 scan iwn0: flags=8843 mtu 1500 lladdr 60:67:20:43:86:aa index 2 priority 4 llprio 3 groups: wlan media: IEEE802.11 autoselect (autoselect mode 11a) status: no network ieee80211: nwid my_ssid wpakey [...] wpaprotos wpa2 wpaakms psk wpaciphers ccmp wpagroupcipher ccmp $ sudo ifconfig iwn0 debug $ tail -f /var/log/messages Aug 19 14:48:29 lt4-alexis /bsd: iwn0: end passive scan Aug 19 14:48:29 lt4-alexis /bsd: - 54:b8:0a:39:df:481! +233 54M ess privacy rsn! "my_ssid" -- Alexis de BRUYN
Re: iwn0: no link after 6.1 upgrade
On Sat, Aug 19, 2017 at 02:54:05PM +0200, Alexis de BRUYN wrote: > On 08/19/17 11:35, Stefan Sperling wrote: > > On Sat, Aug 19, 2017 at 11:12:04AM +0200, Alexis de BRUYN wrote: > > > After an 6.1 upgrade (from 6.0-release to 6.1-release) on my Lenovo X230 > > > laptop, I can't get my wireless connection working anywore on different > > > kind > > > of access points or ISP boxes. Same problem on 6.1-current > > > > My guess is that your AP is using WPA1. Is this correct? > On my DLINK DAP-2310 with the last firmware, the WPA mode is WPA2 Only. I > cannot check with other AP today. Are you really sure about that? > > WPA1 has been disabled by default because it is not secure. > > Make sure your AP is using WPA2 (sometimes called "AES" by vendors). > > Only if you cannot change the AP, try: ifconfig iwn0 wpaprotos wpa1,wpa2 > $ sudo ifconfig iwn0 wpaprotos wpa1,wpa2 > $ sh /etc/netstart iwn0 > DHCPREQUEST on iwn0 to 255.255.255.255 > DHCPREQUEST on iwn0 to 255.255.255.255 > DHCPACK from 192.168.0.51 (ec:a8:6b:ff:15:4e) > bound to 192.168.0.9 -- renewal in 900 seconds. > > But not working with > $ sudo ifconfig iwn0 wpaprotos wpa2 > $ sudo sh /etc/netstart iwn0 > iwn0: no link ... sleeping This implies that the AP is using WPA1, no? > > Please also show the output of 'ifconfig iwn0 scan' and show any > > additional messages produced in /var/log/messages after running > > 'ifconfig iwn0 debug'. > > $ sudo ifconfig iwn0 scan > iwn0: flags=8843 mtu 1500 > lladdr 60:67:20:43:86:aa > index 2 priority 4 llprio 3 > groups: wlan > media: IEEE802.11 autoselect (autoselect mode 11a) > status: no network > ieee80211: nwid my_ssid wpakey [...] wpaprotos wpa2 wpaakms psk > wpaciphers ccmp wpagroupcipher ccmp And there were no lines here showing access points? These lines would probably tell us which WPA version is used by your AP, if you had shown them. > $ sudo ifconfig iwn0 debug > $ tail -f /var/log/messages > Aug 19 14:48:29 lt4-alexis /bsd: iwn0: end passive scan > Aug 19 14:48:29 lt4-alexis /bsd: - 54:b8:0a:39:df:481! +233 54M ess > privacy rsn! "my_ssid" This shows the AP is not being selected because it has the wrong channel (channel 1 when we expected something else, probably cause the scan was currently scanning 11a mode which only supports channels >= 36, nothing to worry about) and the wrong encryption settings (rsn!) (so again, this indicates AP is using WPA1).
Re: iwn0: no link after 6.1 upgrade
On 08/19/17 15:02, Stefan Sperling wrote: On Sat, Aug 19, 2017 at 02:54:05PM +0200, Alexis de BRUYN wrote: On 08/19/17 11:35, Stefan Sperling wrote: On Sat, Aug 19, 2017 at 11:12:04AM +0200, Alexis de BRUYN wrote: After an 6.1 upgrade (from 6.0-release to 6.1-release) on my Lenovo X230 laptop, I can't get my wireless connection working anywore on different kind of access points or ISP boxes. Same problem on 6.1-current My guess is that your AP is using WPA1. Is this correct? On my DLINK DAP-2310 with the last firmware, the WPA mode is WPA2 Only. I cannot check with other AP today. Are you really sure about that? Yes, I have double-checked, this is what is shown in the Web GUI. "Authentication PassPhrase Settings" : "WPA-Personal" "WPA Mode" : "WPA2 Only" "Cipher Type" : "TKIP" WPA1 has been disabled by default because it is not secure. Make sure your AP is using WPA2 (sometimes called "AES" by vendors). Only if you cannot change the AP, try: ifconfig iwn0 wpaprotos wpa1,wpa2 $ sudo ifconfig iwn0 wpaprotos wpa1,wpa2 $ sh /etc/netstart iwn0 DHCPREQUEST on iwn0 to 255.255.255.255 DHCPREQUEST on iwn0 to 255.255.255.255 DHCPACK from 192.168.0.51 (ec:a8:6b:ff:15:4e) bound to 192.168.0.9 -- renewal in 900 seconds. But not working with $ sudo ifconfig iwn0 wpaprotos wpa2 $ sudo sh /etc/netstart iwn0 iwn0: no link ... sleeping This implies that the AP is using WPA1, no? Yes it seems so. Please also show the output of 'ifconfig iwn0 scan' and show any additional messages produced in /var/log/messages after running 'ifconfig iwn0 debug'. $ sudo ifconfig iwn0 scan iwn0: flags=8843 mtu 1500 lladdr 60:67:20:43:86:aa index 2 priority 4 llprio 3 groups: wlan media: IEEE802.11 autoselect (autoselect mode 11a) status: no network ieee80211: nwid my_ssid wpakey [...] wpaprotos wpa2 wpaakms psk wpaciphers ccmp wpagroupcipher ccmp And there were no lines here showing access points? These lines would probably tell us which WPA version is used by your AP, if you had shown them. Yes sorry, there is just mine listed: nwid my_ssid chan 1 bssid 54:b8:0a:39:df:48 -20dBm 54M privacy,short_preamble,short_slottime,wpa2 $ sudo ifconfig iwn0 debug $ tail -f /var/log/messages Aug 19 14:48:29 lt4-alexis /bsd: iwn0: end passive scan Aug 19 14:48:29 lt4-alexis /bsd: - 54:b8:0a:39:df:481! +233 54M ess privacy rsn! "my_ssid" This shows the AP is not being selected because it has the wrong channel (channel 1 when we expected something else, probably cause the scan was currently scanning 11a mode which only supports channels >= 36, nothing to worry about) and the wrong encryption settings (rsn!) (so again, this indicates AP is using WPA1). -- Alexis de BRUYN
Re: Set date during OpenBSD installation
Hi Moss,
Thanks for your response!
Hi Florian,
You are right! "Hardware clock in UTC time" fix it,
thanks very much!
Best Regards
Nan Xiao
On Sat, Aug 19, 2017 at 12:23 PM, Nan Xiao wrote:
> Hi all,
>
> Greetings from me! I am a newbie of OpenBSD, and come across
> a confusion of setting date during installation:
>
> I install OpenBSD on VirtualBox and host machine is ArchLinux.
> During setup, it prompts me:
>
>> What timezone are you in? ('?' for list) [Asia/Singapore]
> Since my host machine is indeed located in Singapore, and I press
> Enter.
>
> Before finish of installation, it prompts me:
>
>> Time appears wrong. Set to 'Sat Aug 19 11:56:42 +08 2017'? [yes]
> My host machine time is actually "Sat Aug 19 11:56:42 +08 2017", so I
> press Enter.
>
> After installation, I use "date" command to check time:
>
> #date
> Sat Aug 19 03:57:14 GMT 2017
>
> The time is correct. But after reboot. The time changes:
>
> #date
> Sat Aug 19 20:01:00 +8 2017
> #date
> Sat Aug 19 12:01:05 UTC 2017
>
> It seems that after rebooting, the OS considers current UTC+8 time as
> the UTC time, and add another 8 hours. I can't figure out what is the
> problem during installation, and can't find similar issue in archives
> of mailing list.
>
> Could anyone give some tips? Thanks very much in advance!
>
> Best Regards
> Nan Xiao
Re: iwn0: no link after 6.1 upgrade
On Sat, Aug 19, 2017 at 03:51:32PM +0200, Alexis de BRUYN wrote: > Yes, I have double-checked, this is what is shown in the Web GUI. > "Authentication PassPhrase Settings" : "WPA-Personal" > "WPA Mode" : "WPA2 Only" > "Cipher Type" : "TKIP" Please set Cipher Type to 'AUTO' or 'AES'. Then it should work. TKIP is used with WPA1 only.
Re: iwn0: no link after 6.1 upgrade
On 08/19/17 16:16, Stefan Sperling wrote: On Sat, Aug 19, 2017 at 03:51:32PM +0200, Alexis de BRUYN wrote: Yes, I have double-checked, this is what is shown in the Web GUI. "Authentication PassPhrase Settings" : "WPA-Personal" "WPA Mode" : "WPA2 Only" "Cipher Type" : "TKIP" Please set Cipher Type to 'AUTO' or 'AES'. Then it should work. Force AES works. I will test on other AP. Thanks Stefan. TKIP is used with WPA1 only. -- Alexis de BRUYN
Re: Full disk encryption questions
Ted Unangst wrote: >Philippe Meunier wrote: >> - is the panic intended (well, known to the developers and considered >> normal; I hesitate to call it a feature) or is it an oversight? > >no, nothing bioctl does should kill init like that. Well, it does, and it's reproducible. >> - I would have thought that, once the softraid volume has been created, its >> metadata wouldn't need to change (unless the passphrase is changed, or the >> volume is roaming, as seen above). Any idea why part of it gets trashed? > >that's true, but maybe a stray write killed it? It happens even in single-user mode when only / is mounted read-only and only init and a shell are running. Here are all the gory details, if you want them, including the ddb trace when the kernel panics. # wget http://ftp.jaist.ac.jp/pub/OpenBSD/6.1/amd64/SHA256.sig # wget http://ftp.jaist.ac.jp/pub/OpenBSD/6.1/amd64/install61.fs # signify -Cp /etc/signify/openbsd-61-base.pub -x SHA256.sig install61.fs Signature Verified install61.fs: OK # dd if=install61.fs of=/dev/rsd1c bs=1m Then boot from install USB on the t61 and go to shell: # dd if=/dev/random of=/dev/rwd0c bs=1m # fdisk -iy wd0 # disklabel -E wd0 a a 64 * RAID w q # bioctl -c C -l wd0a softraid0 New passphrase: Re-type passphrase: sd1 at scsibus2 targ 1 lun 0: SCSI2 0/direct fixed sd1: 114470MB, 512 bytes/sector, 234435008 sectors softraid0: CRYPTO volume attached as sd1 # cd /dev && sh MAKEDEV sd1 # dd if=/dev/zero of=/dev/rsd1c bs=1m count=1 # exit I default System hostname = t61 Which network interface do you wish to configure = done DNS domain name = my.domain DNS nameservers = none Start sshd(8) by default = no Do you want the X Window System to be started by xenodm(1) = no Setup a user = no Which disk is the root disk = sd1 Use (W)hole disk MBR, whole disk (G)PT or (E)dit = W Use (A)uto layout, (E)dit auto layout, or create (C)ustom layout = A Which disk do you wish to initialize = done Location of sets = disk Is the disk partition already mounted = no Which disk contains the install media = sd0 Which sd0 partition has the install sets = a Pathname to the sets = 6.1/amd64 Set name(s) = done Directory does not contain SHA256.sig. Continue without verification = yes Location of sets = done What timezone are you in = PRC # reboot Then everything works fine. Here's the dmesg: OpenBSD 6.1 (GENERIC.MP) #20: Sat Apr 1 13:45:56 MDT 2017 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 1030422528 (982MB) avail mem = 994574336 (948MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xe0010 (73 entries) bios0: vendor LENOVO version "7LETD0WW (2.30 )" date 02/27/2012 bios0: LENOVO 7659AE6 acpi0 at bios0: rev 2 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP SSDT ECDT TCPA APIC MCFG HPET SLIC BOOT ASF! SSDT SSDT SSDT SSDT SSDT acpi0: wakeup devices LID_(S3) SLPB(S3) IGBE(S4) EXP0(S4) EXP1(S4) EXP2(S4) EXP3(S4) EXP4(S4) PCI1(S4) USB0(S3) USB1(S3) USB2(S3) USB3(S3) USB4(S3) EHC0(S3) EHC1(S3) [...] acpitimer0 at acpi0: 3579545 Hz, 24 bits acpiec0 at acpi0 acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM)2 Duo CPU T7300 @ 2.00GHz, 2194.89 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,NXE,LONG,LAHF,PERF,SENSOR cpu0: 4MB 64b/line 16-way L2 cache cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges cpu0: apic clock running at 199MHz cpu0: mwait min=64, max=64, C-substates=0.2.2.2.2, IBE cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Core(TM)2 Duo CPU T7300 @ 2.00GHz, 1995.00 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,NXE,LONG,LAHF,PERF,SENSOR cpu1: 4MB 64b/line 16-way L2 cache cpu1: smt 0, core 1, package 0 ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 24 pins acpimcfg0 at acpi0 addr 0xf000, bus 0-63 acpihpet0 at acpi0: 14318179 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus -1 (AGP_) acpiprt2 at acpi0: bus 2 (EXP0) acpiprt3 at acpi0: bus 3 (EXP1) acpiprt4 at acpi0: bus 4 (EXP2) acpiprt5 at acpi0: bus 5 (EXP3) acpiprt6 at acpi0: bus 13 (EXP4) acpiprt7 at acpi0: bus 21 (PCI1) acpicpu0 at acpi0: !C3(250@17 mwait.3@0x20), !C2(500@1 mwait.1@0x10), C1(1000@1 mwait.1), PSS acpicpu1 at acpi0: !C3(250@17 mwait.3@0x20), !C2(500@1 mwait.1@0x10), C1(1000@1 mwait.1), PSS acpipwrres0 at acpi0: PUBS, resource for USB0, USB2, USB4, EHC0, EHC1 acpitz0 at acpi0: critical temperature is 127 degC acpitz1 at acpi0: critical temperature is 100 degC acpibtn0 at acpi0: LID_ acpibtn1 at acpi0: SLPB "PNP0303" at acpi0 not configured "IBM0057" at acpi0 not configured tpm0 at acpi0: TPM_ addr 0xfed400
[PATCH] Off-by-one bug in httpd, ldapd, relayd, smtpd, switchd and ypldap
On Fri, Aug 18, 2017 at 09:24:33AM -0700, Chris Cappuccio wrote:
> This looks correct. Also, there's more:
Thanks for looking and catching what I missed. It hit me a while after
I sent my original email that relayd likely has the same bug. D'oh.
Here is an updated patch for httpd, ldapd, relayd, smtpd, switchd and
ypldap, which all seem to have the off-by-one bug for port number
checking (where 65535 is unusable and called invalid, at least when
specifying it as a number). Again, I cannot build and actually test
this right now.
Cheers,
Kris Katterjohn
Index: usr.sbin/httpd/parse.y
===
RCS file: /cvs/src/usr.sbin/httpd/parse.y,v
retrieving revision 1.91
diff -u -p -r1.91 parse.y
--- usr.sbin/httpd/parse.y 11 Aug 2017 18:48:56 - 1.91
+++ usr.sbin/httpd/parse.y 19 Aug 2017 20:15:31 -
@@ -1118,7 +1118,7 @@ medianamesl : numberstring
{
;
port : PORT NUMBER {
- if ($2 <= 0 || $2 >= (int)USHRT_MAX) {
+ if ($2 <= 0 || $2 > (int)USHRT_MAX) {
yyerror("invalid port: %lld", $2);
YYERROR;
}
Index: usr.sbin/ldapd/parse.y
===
RCS file: /cvs/src/usr.sbin/ldapd/parse.y,v
retrieving revision 1.24
diff -u -p -r1.24 parse.y
--- usr.sbin/ldapd/parse.y 6 Apr 2017 12:22:32 - 1.24
+++ usr.sbin/ldapd/parse.y 19 Aug 2017 20:15:31 -
@@ -161,7 +161,7 @@ port: PORT STRING {
free($2);
}
| PORT NUMBER {
- if ($2 <= 0 || $2 >= (int)USHRT_MAX) {
+ if ($2 <= 0 || $2 > (int)USHRT_MAX) {
yyerror("invalid port: %lld", $2);
YYERROR;
}
Index: usr.sbin/relayd/parse.y
===
RCS file: /cvs/src/usr.sbin/relayd/parse.y,v
retrieving revision 1.215
diff -u -p -r1.215 parse.y
--- usr.sbin/relayd/parse.y 27 May 2017 08:33:25 - 1.215
+++ usr.sbin/relayd/parse.y 19 Aug 2017 20:15:32 -
@@ -338,7 +338,7 @@ port: PORT STRING {
free($2);
}
| PORT NUMBER {
- if ($2 <= 0 || $2 >= (int)USHRT_MAX) {
+ if ($2 <= 0 || $2 > (int)USHRT_MAX) {
yyerror("invalid port: %d", $2);
YYERROR;
}
Index: usr.sbin/smtpd/parse.y
===
RCS file: /cvs/src/usr.sbin/smtpd/parse.y,v
retrieving revision 1.197
diff -u -p -r1.197 parse.y
--- usr.sbin/smtpd/parse.y 11 Jul 2017 06:08:40 - 1.197
+++ usr.sbin/smtpd/parse.y 19 Aug 2017 20:15:33 -
@@ -480,7 +480,7 @@ opt_if_listen : INET4 {
}
listen_opts.options |= LO_PORT;
- if ($2 <= 0 || $2 >= (int)USHRT_MAX) {
+ if ($2 <= 0 || $2 > (int)USHRT_MAX) {
yyerror("invalid port: %" PRId64, $2);
YYERROR;
}
Index: usr.sbin/switchd/parse.y
===
RCS file: /cvs/src/usr.sbin/switchd/parse.y,v
retrieving revision 1.5
diff -u -p -r1.5 parse.y
--- usr.sbin/switchd/parse.y6 Aug 2017 17:31:19 - 1.5
+++ usr.sbin/switchd/parse.y19 Aug 2017 20:15:33 -
@@ -144,7 +144,7 @@ listen : LISTEN ON STRING opttls port {
;
port : PORT NUMBER {
- if ($2 <= 0 || $2 >= (int)USHRT_MAX) {
+ if ($2 <= 0 || $2 > (int)USHRT_MAX) {
yyerror("invalid port: %lld", $2);
YYERROR;
}
Index: usr.sbin/ypldap/parse.y
===
RCS file: /cvs/src/usr.sbin/ypldap/parse.y,v
retrieving revision 1.22
diff -u -p -r1.22 parse.y
--- usr.sbin/ypldap/parse.y 30 May 2017 09:33:31 - 1.22
+++ usr.sbin/ypldap/parse.y 19 Aug 2017 20:15:33 -
@@ -171,7 +171,7 @@ port: PORT STRING
{
free($2);
}
| PORT NUMBER {
- if ($2 <= 0 || $2 >= (int)USHRT_MAX) {
+ if ($2 <= 0 || $2 > (int)USHRT_MAX) {
yyerror("invalid port: %lld", $2);
YYERROR;
}
Re: vmm workflow
On Thu, Aug 17, 2017 at 01:36:33PM -0700, Carlos Cardenas wrote:
> Thanks Bryan and Mike.
>
> I'll stick to what y'all are suggesting.
>
> Is there a page for the vmm roadmap? I am interested in advancing vmm and
> would like to participate in its development.
>
not really. people work on what they want to work on, like most of the rest of
openbsd.
that being said, diffs to fix bugs like the ones below are welcome. that would
be a good way to get started.
-ml
> +--+
> Carlos
>
> On Aug 17, 2017 12:48, "Mike Larkin" wrote:
>
> On Wed, Aug 16, 2017 at 07:50:59PM -0700, Carlos Cardenas wrote:
> > Howdy.
> >
> > I've been playing around with vmm(4) on 6.1 and have noticed a few
> > things that seem odd.
> >
> > Take the following vm.conf:
> > ramdisk="/home/los/vmm/bsd.rd-current"
> > switch "local" {
> > add vether0
> > }
> > vm "test.vm" {
> > boot $ramdisk
> > disable
> > owner los
> > memory 2G
> > disk "/home/los/vmm/test.vm.img"
> > interface { switch "local" }
> > }
> >
> > Doing vmd -n yields:
> > /etc/vm.conf:6: syntax error
> >
> > Removing the boot line yields a warning about unused macro (referring
> > to ramdisk).
> >
> > So now my config is:
> > switch "local" {
> > add vether0
> > }
> > vm "test.vm" {
> > disable
> > owner los
> > memory 2G
> > disk "/home/los/vmm/test.vm.img"
> > interface { switch "local" }
> > }
> >
> > vmd(8) is happy and am expecting
> > vmctl start "test.vm" -b "/home/los/vmm/bsd.rd-current" -c
> > to work since all the other params have been defined in vm.conf.
> >
> > Instead I get:
> > vmctl: starting without disks
> > vmctl: starting without network interfaces
> > vmctl: start vm command failed: Operation not permitted
> >
> > Increasing verbose log on vmd gets me:
> > startup
> > /etc/vm.conf:4: switch "local" registered
> > /etc/vm.conf:11: vm "test.vm" registered (disabled)
> > vm_priv_brconfig: interface bridge0 description switch1-local
> > vm_priv_brconfig: interface bridge0 add vether0
> > vmd_configure: not creating vm test.vm (disabled)
> > denied request 3 from uid 1000
> >
> > However, if I perform a "doas vmctl start" first (along with
> > install) and then define it in vm.conf, "vmctl start 'test.vm'" works as
> > expected.
> >
> > What is the expected workflow for vmm?
> >
> > Any ideas on why the boot $ramdisk line is error'ing out?
> >
> > +--+
> > Carlos
> >
>
> You can't yet specify part of the parameter list in vm.conf and override or
> supplement that later with command line arguments to vmctl. So the thing
> that
> is breaking you is the -b option on your command line.
>
> I don't know why the macro expansion is failing.
>
> Note that the ability to supplement config options is something we planned
> to
> do at some point, just haven't got there yet. There are questions to be
> answered about how that interacts with the "owner" concept. For now, either
> specify all the VM config on the command line, or all of it in vm.conf.
> Don't
> mix and match.
>
> -ml
Re: vmm workflow
On Sat, Aug 19, 2017 at 10:24:57PM -0700, Mike Larkin wrote:
> On Thu, Aug 17, 2017 at 01:36:33PM -0700, Carlos Cardenas wrote:
> > Thanks Bryan and Mike.
> >
> > I'll stick to what y'all are suggesting.
> >
> > Is there a page for the vmm roadmap? I am interested in advancing vmm and
> > would like to participate in its development.
> >
>
> not really. people work on what they want to work on, like most of the rest of
> openbsd.
>
> that being said, diffs to fix bugs like the ones below are welcome. that
> would
> be a good way to get started.
>
> -ml
>
PS, the following content in /etc/vm.conf (based on yours) works fine for me.
ramdisk="/bsd.rd"
switch "x" {
add vether0
}
vm "tester" {
boot $ramdisk
memory 512M
disable
interface { switch "x" }
}
-ml
> > +--+
> > Carlos
> >
> > On Aug 17, 2017 12:48, "Mike Larkin" wrote:
> >
> > On Wed, Aug 16, 2017 at 07:50:59PM -0700, Carlos Cardenas wrote:
> > > Howdy.
> > >
> > > I've been playing around with vmm(4) on 6.1 and have noticed a few
> > > things that seem odd.
> > >
> > > Take the following vm.conf:
> > > ramdisk="/home/los/vmm/bsd.rd-current"
> > > switch "local" {
> > > add vether0
> > > }
> > > vm "test.vm" {
> > > boot $ramdisk
> > > disable
> > > owner los
> > > memory 2G
> > > disk "/home/los/vmm/test.vm.img"
> > > interface { switch "local" }
> > > }
> > >
> > > Doing vmd -n yields:
> > > /etc/vm.conf:6: syntax error
> > >
> > > Removing the boot line yields a warning about unused macro (referring
> > > to ramdisk).
> > >
> > > So now my config is:
> > > switch "local" {
> > > add vether0
> > > }
> > > vm "test.vm" {
> > > disable
> > > owner los
> > > memory 2G
> > > disk "/home/los/vmm/test.vm.img"
> > > interface { switch "local" }
> > > }
> > >
> > > vmd(8) is happy and am expecting
> > > vmctl start "test.vm" -b "/home/los/vmm/bsd.rd-current" -c
> > > to work since all the other params have been defined in vm.conf.
> > >
> > > Instead I get:
> > > vmctl: starting without disks
> > > vmctl: starting without network interfaces
> > > vmctl: start vm command failed: Operation not permitted
> > >
> > > Increasing verbose log on vmd gets me:
> > > startup
> > > /etc/vm.conf:4: switch "local" registered
> > > /etc/vm.conf:11: vm "test.vm" registered (disabled)
> > > vm_priv_brconfig: interface bridge0 description switch1-local
> > > vm_priv_brconfig: interface bridge0 add vether0
> > > vmd_configure: not creating vm test.vm (disabled)
> > > denied request 3 from uid 1000
> > >
> > > However, if I perform a "doas vmctl start" first (along with
> > > install) and then define it in vm.conf, "vmctl start 'test.vm'" works as
> > > expected.
> > >
> > > What is the expected workflow for vmm?
> > >
> > > Any ideas on why the boot $ramdisk line is error'ing out?
> > >
> > > +--+
> > > Carlos
> > >
> >
> > You can't yet specify part of the parameter list in vm.conf and override or
> > supplement that later with command line arguments to vmctl. So the thing
> > that
> > is breaking you is the -b option on your command line.
> >
> > I don't know why the macro expansion is failing.
> >
> > Note that the ability to supplement config options is something we planned
> > to
> > do at some point, just haven't got there yet. There are questions to be
> > answered about how that interacts with the "owner" concept. For now, either
> > specify all the VM config on the command line, or all of it in vm.conf.
> > Don't
> > mix and match.
> >
> > -ml
>
Re: vmm workflow
I found the problem with my config.
6.1 release doesn't have this commit:
commit 6b03ca832af8774eea914a99e4e49c232b169cd4
Author: reyk
Date: Thu Apr 6 21:35:22 2017 +
"kernel" got renamed to "boot" in vm.conf but I didn't commit the
parse.y bits.
Found by Pontus Lundkvist
OK deraadt
So I just renamed "boot" to "kernel" and everything is golden.
Verified that -current works with the original config (using "boot").
On 08/19/17 22:32, Mike Larkin wrote:
> On Sat, Aug 19, 2017 at 10:24:57PM -0700, Mike Larkin wrote:
>> On Thu, Aug 17, 2017 at 01:36:33PM -0700, Carlos Cardenas wrote:
>>> Thanks Bryan and Mike.
>>>
>>> I'll stick to what y'all are suggesting.
>>>
>>> Is there a page for the vmm roadmap? I am interested in advancing vmm and
>>> would like to participate in its development.
>>>
>>
>> not really. people work on what they want to work on, like most of the rest
>> of
>> openbsd.
>>
>> that being said, diffs to fix bugs like the ones below are welcome. that
>> would
>> be a good way to get started.
>>
>> -ml
>>
>
> PS, the following content in /etc/vm.conf (based on yours) works fine for me.
>
> ramdisk="/bsd.rd"
> switch "x" {
> add vether0
> }
>
> vm "tester" {
> boot $ramdisk
> memory 512M
> disable
> interface { switch "x" }
> }
>
>
> -ml
>
>>> +--+
>>> Carlos
>>>
>>> On Aug 17, 2017 12:48, "Mike Larkin" wrote:
>>>
>>> On Wed, Aug 16, 2017 at 07:50:59PM -0700, Carlos Cardenas wrote:
Howdy.
I've been playing around with vmm(4) on 6.1 and have noticed a few
things that seem odd.
Take the following vm.conf:
ramdisk="/home/los/vmm/bsd.rd-current"
switch "local" {
add vether0
}
vm "test.vm" {
boot $ramdisk
disable
owner los
memory 2G
disk "/home/los/vmm/test.vm.img"
interface { switch "local" }
}
Doing vmd -n yields:
/etc/vm.conf:6: syntax error
Removing the boot line yields a warning about unused macro (referring
to ramdisk).
So now my config is:
switch "local" {
add vether0
}
vm "test.vm" {
disable
owner los
memory 2G
disk "/home/los/vmm/test.vm.img"
interface { switch "local" }
}
vmd(8) is happy and am expecting
vmctl start "test.vm" -b "/home/los/vmm/bsd.rd-current" -c
to work since all the other params have been defined in vm.conf.
Instead I get:
vmctl: starting without disks
vmctl: starting without network interfaces
vmctl: start vm command failed: Operation not permitted
Increasing verbose log on vmd gets me:
startup
/etc/vm.conf:4: switch "local" registered
/etc/vm.conf:11: vm "test.vm" registered (disabled)
vm_priv_brconfig: interface bridge0 description switch1-local
vm_priv_brconfig: interface bridge0 add vether0
vmd_configure: not creating vm test.vm (disabled)
denied request 3 from uid 1000
However, if I perform a "doas vmctl start" first (along with
install) and then define it in vm.conf, "vmctl start 'test.vm'" works as
expected.
What is the expected workflow for vmm?
Any ideas on why the boot $ramdisk line is error'ing out?
+--+
Carlos
>>>
>>> You can't yet specify part of the parameter list in vm.conf and override or
>>> supplement that later with command line arguments to vmctl. So the thing
>>> that
>>> is breaking you is the -b option on your command line.
>>>
>>> I don't know why the macro expansion is failing.
>>>
>>> Note that the ability to supplement config options is something we planned
>>> to
>>> do at some point, just haven't got there yet. There are questions to be
>>> answered about how that interacts with the "owner" concept. For now, either
>>> specify all the VM config on the command line, or all of it in vm.conf.
>>> Don't
>>> mix and match.
>>>
>>> -ml
>>
+--+
Carlos
