How to configure iked with OpenBSD (roadwarrior)?
Hi. Please tell me how to connect to an OpenBSD 7.2 Release
from an OpenBSD 7.2 Release client via iked.
I'm trying to set it up with this documentation,
https://www.openbsd.org/faq/faq17.html#clientikev2
but it just doesn't work.
I have a VDS machine (server) with OpenBSD,
with one external ip-address A.B.C.D,
which I want to connect to from my laptop.
I copied the file from VDS /etc/iked/local.pub to the laptop in
/etc/iked/pubkeys/fqdn/bsd.server.vds and from the laptop the file
/etc/iked/local.pub on VDS in /etc/iked/pubkeys/fqdn/amihailov.laptop
VDS machine settings:
cat /etc/iked.conf
ikev2 'responder_rsa' passive esp \
from any to dynamic \
local any peer any \
srcid bsd.server.vds \
config address 172.24.24.0/24 \
tag "ROADW"
cat /etc/sysctl.conf
net.inet.ip.forwarding=1
pf.conf:
...
block in on vio0
pass out
pass in proto udp from any to port {500, 4500} keep state
pass in proto esp from any
pass on enc0 from any to any
pass on enc0 from any to self keep state (if-bound)
...
# cat /etc/hostname.enc0
inet 172.24.24.1 255.255.255.0 172.24.24.255
up
Laptop settings:
ikev2 'amihailov.laptop' active esp \
from dynamic to any \ \
peer bsd.server.vds \
srcid amihailov.laptop \
dstid bsd.server.vds \
request address any \
iface lo1
When I run iked - I get the following log messages on the server:
https://pastebin.com/raw/rgpTtMzr
And on the laptop:
https://pastebin.com/raw/UUrryZCN
A.B.C.D is the external address of the server,
10.222.222.222 is the address of the laptop in the local network
W.X.Y.Z is the external address of the gateway,
through which the laptop gets to the Internet.
Lo1 interface on the laptop also does not get an ip-address.
I would be very grateful if you could tell me what I am doing wrong.
If you need any additional logs and information, I will send it to you.
Thanks for your attention!
Re: How to configure iked with OpenBSD (roadwarrior)?
On Thu, Nov 24, 2022 at 12:45:03PM +0300, Aleksandr Mikhaylov wrote:
> Hi. Please tell me how to connect to an OpenBSD 7.2 Release
> from an OpenBSD 7.2 Release client via iked.
> I'm trying to set it up with this documentation,
> https://www.openbsd.org/faq/faq17.html#clientikev2
> but it just doesn't work.
>
> I have a VDS machine (server) with OpenBSD,
> with one external ip-address A.B.C.D,
> which I want to connect to from my laptop.
>
> I copied the file from VDS /etc/iked/local.pub to the laptop in
> /etc/iked/pubkeys/fqdn/bsd.server.vds and from the laptop the file
> /etc/iked/local.pub on VDS in /etc/iked/pubkeys/fqdn/amihailov.laptop
>
> VDS machine settings:
>
> cat /etc/iked.conf
> ikev2 'responder_rsa' passive esp \
> from any to dynamic \
> local any peer any \
> srcid bsd.server.vds \
> config address 172.24.24.0/24 \
> tag "ROADW"
>
> cat /etc/sysctl.conf
> net.inet.ip.forwarding=1
>
> pf.conf:
> ...
> block in on vio0
> pass out
> pass in proto udp from any to port {500, 4500} keep state
> pass in proto esp from any
> pass on enc0 from any to any
> pass on enc0 from any to self keep state (if-bound)
> ...
>
> # cat /etc/hostname.enc0
> inet 172.24.24.1 255.255.255.0 172.24.24.255
> up
>
> Laptop settings:
> ikev2 'amihailov.laptop' active esp \
> from dynamic to any \ \
> peer bsd.server.vds \
> srcid amihailov.laptop \
> dstid bsd.server.vds \
> request address any \
> iface lo1
>
> When I run iked - I get the following log messages on the server:
>
> https://pastebin.com/raw/rgpTtMzr
>
> And on the laptop:
>
> https://pastebin.com/raw/UUrryZCN
>
> A.B.C.D is the external address of the server,
> 10.222.222.222 is the address of the laptop in the local network
> W.X.Y.Z is the external address of the gateway,
> through which the laptop gets to the Internet.
>
> Lo1 interface on the laptop also does not get an ip-address.
> I would be very grateful if you could tell me what I am doing wrong.
> If you need any additional logs and information, I will send it to you.
> Thanks for your attention!
>
Hi,
your configs look ok. The server log shows the handshake is completed
and a IKE_AUTH reply is sent to the client, but on the client side this
message never arrives. This is why it keeps on resending the AUTH request
until it times out.
It is not clear whether the reply is lost in transit or discarded by your
client. You could try looking at a tcpdump of your handshake or enable
verbose logging in iked on your client and see if you can find anything
suspicious after "send IKE_AUTH req 1 ...".
- Tobias
Re: less prints superfluous characters with --no-init
On Wed, Nov 23, 2022 at 11:31:57PM +1059, Reuben mac Saoidhea wrote: > i hate to harp on about it, but: > > in case you happen to discover the `command' command, > beware that its description in sh(1) is wrong. > > sh(1) says: > command -vV command args ... > actually openbsd's sh(1) pages says: command [-p | -V | -v] command [arg ...] > in fact it is: > command -vV command ... > yes, -v and -V are different. instead of invoking command, they identify information about "command", such as path used to run it. so we could do like posix and show two differing forms: command [-p] command_name [argument] command [-p][-v|-V] command_name however one of the goals of sh(1) was brevity. to that end it is combined, and i think it is obvious that if you are asking "command" to identify whether something is a function (or whatever) then it would be silly to specify it with arguments. > note in particular, that, like `type', > command -V command echo > > outputs > command is a shell builtin > echo is a shell builtin well, posix makes no claim that multiple arguments are supported with either -v or -V. openbsd's sh(1) page does not say this either. you could write some code to improve how this is handled, i suppose. having said that, ksh(1) seems to contradict what i've just said: If the -v option is given, instead of executing cmd, information about what would be executed is given (and the same is done for arg ...). that doesn;t seem to be the case. i'm not sure whether ksh(1) is wrong or it's expected to behave differently. > > rather than what `command -V' ought to output: > command echo is /bin/echo > $ command -V echo echo is a shell builtin jmc > to find out what `command blahcommand' means to sh(1), use > whereis blahcommand > > to find out what `blahcommand' means to sh(1), use > type blahcommand > > noting that `type' is explained in `man sh', > and that `tracked alias' means `hash'. > (note that using `type' affects `hash'.) > > isnt *N*X FUN!? >
Re: Documentation of wsconsctl keyboard.map format?
On 2022-11-23 02:21, Mike Fischer wrote: > Am 23.11.2022 um 11:43 schrieb Vlad Meșco : > > On Wed, Nov 23, 2022 at 06:57:17AM +, Jason McIntyre wrote: > > On Wed, Nov 23, 2022 at 12:21:26AM +0100, Mike Fischer wrote: > > > keyboard.encoding=us > keyboard.map+="keysym Caps_Lock = Control_L" > mouse.tp.tapping=3 > mouse.reverse_scrolling=1 > keyboard.map+="keysym Caps_Lock = Control_L" Duplicate? ...probably. > keyboard.map+="keycode 184 = Cmd2 Mode_switch Multi_key" I don't think I understand what this actually does? In my case, maps right alt to AltGr. I don't remember exactly how it works, but I \ think CmdN tells the driver it's a modifier and the next N tokens tell it what. First of all none of my ‚keyboard.map's have a keycode 184. I tried \ keyboard.encoding=us, keyboard.encoding=de, keyboard.encoding=fr, \ keyboard.encoding=fr.apple. I don't know, there might be differences between PC, USB and Apple. I mentioned HU \ earlier because that definitely has altgr defined. Second, if the columns normally represent levels (or layers), how does that work \ here? Plain 184 is Cmd2; 184 + some modifier is Mode_switch; and 184 + some other \ modifier is Multi_key (whatever that is supposed to mean)? > # use ? for unicode that causes mojibake > keyboard.map+="keycode 26 = question question bracketleft braceleft" > keyboard.map+="keycode 27 = question question bracketright braceright" > keyboard.map+="keycode 39 = question question semicolon colon" > keyboard.map+="keycode 40 = question question apostrophe quotedbl" > keyboard.map+="keycode 41 = question question grave asciitilde" # 3byte UTF-8, \ > don't bother keyboard.map+="keycode 43 = question question backslash bar" > keyboard.map+="keycode 51 = comma semicolon less question" > keyboard.map+="keycode 52 = period colon greater question" > > A more proper example for e.g. keycode 26: > > keyboard.map+="keycode 26 = abreve Abreve bracketleft braceleft" > > Or for keys that don't have a symbolic name: > > keyboard.map+="keycode 43 = unknown_50082 unknown_50050 backslash bar" > > I started from US which is 90% there, and the first thing is to add > right Alt as `Mode_switch', otherwise it's just (left) Alt (which I > think just sets the MSB, IDK; you want AltGr/Mode_switch if you want to > map specific characters). > > Which keycode is what? I don't know. I dumped the hu layout as a > reference with `doas wsconsctl keyboard.map > hu.map' and looked at what > was done for that crazy layout, and started from there. > > Cheers, > Vlad Thanks, that helps somewhat. It still is strange to have to resort to experiments \ to figure things out instead of having them documented on OpenBSD. By xkb do you mean xkeyboard-config(7)? I have looked at the man page but I \ honestly can't see much similarity to the keyboard.map syntax. I also looked at \ setxkbmap(1) and xkbcomp(1) but they where no help either. I don't normally use X \ for anything so I am not very familiar with all of the associated settings. https://www.x.org/wiki/XKB/ did seem to explain some relevant concepts though. For \ example the concept of levels which probably translates to the columns used in the \ keycode statements? But where are the definitions of which modifier (or combination \ thereof) selects which column? Hello! I would like to find some supporting documentation too, if anything is available, but for certain other reasons (https://github.com/letoram/arcan/issues/263). Basically, this "desktop engine" has problems with figuring out my keyboard layouts, and I want to figure out why. This might've been more appropriate to post in ports@ but this thread catched my eye, so I'm here. It would be nice to be able to determine what keycodes correspond to what symbols in console, to figure out what goes wrong in the process of how Arcan determines my keyboard layout. Any help appreciated!
Re: How to configure iked with OpenBSD (roadwarrior)?
On Thu, Nov 24, 2022 at 05:50:57PM +0300, Aleksandr Mikhaylov wrote: > Tobias Heider wrote: > > On Thu, Nov 24, 2022 at 12:45:03PM +0300, Aleksandr Mikhaylov wrote: > > > Hi. Please tell me how to connect to an OpenBSD 7.2 Release > > > from an OpenBSD 7.2 Release client via iked. > > > > > > > Hi, > > > > your configs look ok. The server log shows the handshake is completed > > and a IKE_AUTH reply is sent to the client, but on the client side this > > message never arrives. This is why it keeps on resending the AUTH request > > until it times out. > > > > It is not clear whether the reply is lost in transit or discarded by your > > client. You could try looking at a tcpdump of your handshake or enable > > verbose logging in iked on your client and see if you can find anything > > suspicious after "send IKE_AUTH req 1 ...". > > > > - Tobias > > And on which ports should the connection come to the laptop? It has pf > configured on it and is behind NAT Probably the one with your default route. Try 'route get bsd.server.vds'.
Re: How to configure iked with OpenBSD (roadwarrior)?
Tobias Heider wrote: > On Thu, Nov 24, 2022 at 05:50:57PM +0300, Aleksandr Mikhaylov wrote: > > Tobias Heider wrote: > > > On Thu, Nov 24, 2022 at 12:45:03PM +0300, Aleksandr Mikhaylov wrote: > > > > Hi. Please tell me how to connect to an OpenBSD 7.2 Release > > > > from an OpenBSD 7.2 Release client via iked. > > > > > > > > > > Hi, > > > > > > your configs look ok. The server log shows the handshake is completed > > > and a IKE_AUTH reply is sent to the client, but on the client side this > > > message never arrives. This is why it keeps on resending the AUTH request > > > until it times out. > > > > > > It is not clear whether the reply is lost in transit or discarded by your > > > client. You could try looking at a tcpdump of your handshake or enable > > > verbose logging in iked on your client and see if you can find anything > > > suspicious after "send IKE_AUTH req 1 ...". > > > > > > - Tobias > > > > And on which ports should the connection come to the laptop? It has pf > > configured on it and is behind NAT > > Probably the one with your default route. Try 'route get bsd.server.vds'. I mean tcp/udp port
Re: How to configure iked with OpenBSD (roadwarrior)?
Tobias Heider wrote: > On Thu, Nov 24, 2022 at 12:45:03PM +0300, Aleksandr Mikhaylov wrote: > > Hi. Please tell me how to connect to an OpenBSD 7.2 Release > > from an OpenBSD 7.2 Release client via iked. > > > > Hi, > > your configs look ok. The server log shows the handshake is completed > and a IKE_AUTH reply is sent to the client, but on the client side this > message never arrives. This is why it keeps on resending the AUTH request > until it times out. > > It is not clear whether the reply is lost in transit or discarded by your > client. You could try looking at a tcpdump of your handshake or enable > verbose logging in iked on your client and see if you can find anything > suspicious after "send IKE_AUTH req 1 ...". > > - Tobias And on which ports should the connection come to the laptop? It has pf configured on it and is behind NAT
Re: How to configure iked with OpenBSD (roadwarrior)?
On Thu, Nov 24, 2022 at 06:51:40PM +0300, Aleksandr Mikhaylov wrote: > Tobias Heider wrote: > > On Thu, Nov 24, 2022 at 05:50:57PM +0300, Aleksandr Mikhaylov wrote: > > > Tobias Heider wrote: > > > > On Thu, Nov 24, 2022 at 12:45:03PM +0300, Aleksandr Mikhaylov wrote: > > > > > Hi. Please tell me how to connect to an OpenBSD 7.2 Release > > > > > from an OpenBSD 7.2 Release client via iked. > > > > > > > > > > > > > Hi, > > > > > > > > your configs look ok. The server log shows the handshake is completed > > > > and a IKE_AUTH reply is sent to the client, but on the client side this > > > > message never arrives. This is why it keeps on resending the AUTH > > > > request > > > > until it times out. > > > > > > > > It is not clear whether the reply is lost in transit or discarded by > > > > your > > > > client. You could try looking at a tcpdump of your handshake or enable > > > > verbose logging in iked on your client and see if you can find anything > > > > suspicious after "send IKE_AUTH req 1 ...". > > > > > > > > - Tobias > > > > > > And on which ports should the connection come to the laptop? It has pf > > > configured on it and is behind NAT > > > > Probably the one with your default route. Try 'route get bsd.server.vds'. > > I mean tcp/udp port > That would be udp 4500 because it is using udpencap for NAT traversal as we can see in your log: send IKE_AUTH res 1 peer W.X.Y.Z:4500 local A.B.C.D:4500 ...
Re: PC Engines APU alternative for OpenBSD - 2022h2
On Wed, Sep 28, 2022 at 04:50:39PM +0100, Stuart Henderson wrote: > On 2022-09-28, Mikolaj Kucharski wrote: > > I'm looking for something similar like PC Engines APU board. Preferably > > 4 network cards, 4GB of RAM, low power consumption, no graphic card, > > serial console access, suitable for wired and Wi-Fi and/or LTE router, > > based on OpenBSD. > > Search with keywords like "mini pc router", "pfsense router" etc, > you will find a load of boxes along these lines (to pick the first > one I found, there are loads of choices of all very similar hardware) > - https://www.aliexpress.com/item/1005004420642522.html? > They do have video out as well but you can just configure OpenBSD > to use serial console. Seeing recent issues with buggy BIOSes I wanted to avoid mini pc hunting on Aliexpress :/ > Now that the 1G em(4) chips are out of stock everywhere, the common > NICs these days are igc(4) 2.5G ethernet (very common, to the extent that > "I225" will probably also do as a search term ..). > -- Regards, Mikolaj
Re: less prints superfluous characters with --no-init
Jason McIntyre wrote: > On Wed, Nov 23, 2022 at 11:31:57PM +1059, Reuben mac Saoidhea wrote: > > i hate to harp on about it, but: > > > > in case you happen to discover the `command' command, > > beware that its description in sh(1) is wrong. > > > > sh(1) says: > > command -vV command args ... > > > > actually openbsd's sh(1) pages says: > > command [-p | -V | -v] command [arg ...] > > > in fact it is: > > command -vV command ... > > > > yes, -v and -V are different. instead of invoking command, they identify > information about "command", such as path used to run it. > > so we could do like posix and show two differing forms: > > command [-p] command_name [argument] > command [-p][-v|-V] command_name > > however one of the goals of sh(1) was brevity. to that end it is > combined, and i think it is obvious that if you are asking "command" to > identify whether something is a function (or whatever) then it would be > silly to specify it with arguments. Correct. Manual page SYNOPSIS are not a formal exact grammar. To provide another example, SYNOPSIS ls [-1AaCcdFfgHhikLlmnopqRrSsTtux] [file ...] I suspect there are mixtures ls arguments which create highly unexpected results, or even terminate the ls command before outputting an unexpected result. That is fine. We document the wider end of the possibility spectrum, not the narrow. All of us are sick of this thread. It contains no solutions. I'm now going to say that a solution for one manual pages, must provide diffs for *all the commands in bin* as a starting proposal.. That won't happen, so let's just stop it.
Re: Suggestions for miniPCI wireless card for an accesspoint on OpenBSD - 2022q4
Hi Mikolaj, im told that the broadcom ac chipset based ones are an excellent choice as the card handles the vast majority of wi-fi protocols & advanced features associated with newer 802.11 standards... leaving you the admin to just configure the WPA keys and the ssids... checking back through the archives and there was a recenet enough discussion on this very topic ... I hope this helps, On Thu, 24 Nov 2022 at 17:27, Mikolaj Kucharski wrote: > Hi, > > I'm using for few years now on OpenBSD accesspoint (mediaopt hostap) > based on following miniPCI card: > > # dmesg | grep -e ^ath > athn0 at pci4 dev 0 function 0 "Atheros AR928X" rev 0x01: apic 5 int 16 > athn0: AR9280 rev 2 (2T2R), ROM rev 22, address 04:f0:21:45:6a:c4 > > I don't remember where I bought it, but I think it is one of those, or > compatibile: > > https://www.pcengines.ch/wle200nx.htm > > If you would build today an accesspoint, on hardware with miniPCI, what > would you choose, for OpenBSD? > > -- > Regards, > Mikolaj > > -- Kindest regards, Tom Smyth.
updated vmm support modules for older Linux guests
I finally got around to slapping more hacky #ifdef's onto my vmm_clock [1] and virtio_vmmci [2] Linux kernel modules because I found older Linux kernel versions (~3.10 era) didn't support compiling them. If you host things like CentOS 7 guests under vmm(4)/vmd(8), I recommend trying them out and opening a GitHub issue in the respective project if there's something wrong. (PR's welcome.) No idea what I'm talking about? * virtio_vmmci - Linux port of vmmci(4) that helps signal reboots/rtc sync with Linux guests via vmctl(8) and vmd(8). * vmm_clock - duct-taped version of kvmclock to work with vmm(4)'s pvclock(4) paravirtualized clock. -dv [1] https://github.com/voutilad/virtio_vmmci [2] https://github.com/voutilad/vmm_clock
Re: Suggestions for miniPCI wireless card for an accesspoint on OpenBSD - 2022q4
> I'm using for few years now on OpenBSD accesspoint (mediaopt hostap) > based on following miniPCI card: > # dmesg | grep -e ^ath > athn0 at pci4 dev 0 function 0 "Atheros AR928X" rev 0x01: apic 5 int 16 > athn0: AR9280 rev 2 (2T2R), ROM rev 22, address 04:f0:21:45:6a:c4 > I don't remember where I bought it, but I think it is one of those, or > compatibile: > https://www.pcengines.ch/wle200nx.htm > If you would build today an accesspoint, on hardware with miniPCI, what > would you choose, for OpenBSD? i would choose(and i chose) an external access point. i've been trying for a long time to do something sane in terms of an access point, but i realized that the next thing Theo will cut out from obsd would be the 802.11 subsystem. and don't believe what the same bwfm promises, although 11ac mode is declared there, but in fact it works like 11n. an external access point is the only variant. except, of course, the variant to leave obsd. the very concept professed by obsd will not allow to be anywhere except in the tail of progress. obsd is not about how to live, it's about how to survive. if you still choose bwfm, then know that somewhere once every ten downloads the system will freeze
Re: PC Engines APU alternative for OpenBSD - 2022h2
On Nov 24 17:01:55, miko...@kucharski.name wrote: > On Wed, Sep 28, 2022 at 04:50:39PM +0100, Stuart Henderson wrote: > > On 2022-09-28, Mikolaj Kucharski wrote: > > > I'm looking for something similar like PC Engines APU board. Preferably > > > 4 network cards, 4GB of RAM, low power consumption, no graphic card, > > > serial console access, suitable for wired and Wi-Fi and/or LTE router, > > > based on OpenBSD. Doesn't PC Engines itself have a model like that?
Re: PC Engines APU alternative for OpenBSD - 2022h2
Yes. Sometimes they even have stock. -- Sent from a phone, apologies for poor formatting. On 24 November 2022 19:51:07 Jan Stary wrote: On Nov 24 17:01:55, miko...@kucharski.name wrote: On Wed, Sep 28, 2022 at 04:50:39PM +0100, Stuart Henderson wrote: > On 2022-09-28, Mikolaj Kucharski wrote: > > I'm looking for something similar like PC Engines APU board. Preferably > > 4 network cards, 4GB of RAM, low power consumption, no graphic card, > > serial console access, suitable for wired and Wi-Fi and/or LTE router, > > based on OpenBSD. Doesn't PC Engines itself have a model like that?
Re: updated vmm support modules for older Linux guests
On Thu, Nov 24, 2022 at 12:35:20PM -0500, Dave Voutila wrote: > I finally got around to slapping more hacky #ifdef's onto my vmm_clock > [1] and virtio_vmmci [2] Linux kernel modules because I found older > Linux kernel versions (~3.10 era) didn't support compiling them. > > If you host things like CentOS 7 guests under vmm(4)/vmd(8), I recommend > trying them out and opening a GitHub issue in the respective project if > there's something wrong. (PR's welcome.) > > No idea what I'm talking about? > > * virtio_vmmci - Linux port of vmmci(4) that helps signal reboots/rtc > sync with Linux guests via vmctl(8) and vmd(8). > > * vmm_clock - duct-taped version of kvmclock to work with vmm(4)'s > pvclock(4) paravirtualized clock. > > -dv > > [1] https://github.com/voutilad/virtio_vmmci > [2] https://github.com/voutilad/vmm_clock > Awesome, thanks!
Re: Documentation of wsconsctl keyboard.map format?
> Am 24.11.2022 um 15:07 schrieb u...@disroot.org:
>
> Hello!
>
> I would like to find some supporting documentation too, if anything is
> available, but for certain other reasons
> (https://github.com/letoram/arcan/issues/263). Basically, this "desktop
> engine" has problems with figuring out my keyboard layouts, and I want to
> figure out why. This might've been more appropriate to post in ports@ but
> this thread catched my eye, so I'm here. It would be nice to be able to
> determine what keycodes correspond to what symbols in console, to figure out
> what goes wrong in the process of how Arcan determines my keyboard layout.
> Any help appreciated!
I’m not sure this will help with your issue but here is what I have been able
to figure out so far:
One thing that helped me a bit (though I have not solved this issue yet) was
the definition of the keycodes in the USB HID standards. I found this link
where presumably the codes sent by USB keyboards are defined:
https://gist.github.com/MightyPork/6da26e382a7ad91b5496ee55fdc73db2
Or see https://www.usb.org/sites/default/files/documents/hut1_12v2.pdf table 12
on page 53 for something more official.
You will still need to figure out which keycodes a specific keyboard will send
for certain keys, as there is some ambiguity with regard to the labeling of
keys, especially for non-us localizations. For example some of the Apple
keyboards have a modifier key. I don’t see that mentioned in the USB spec.
Maybe the keyboard handles this internally but that is simply guessing at the
moment.
The usable entity names are somewhat defined (you need to chop off the prefix
of the names) in source code:
/src/sys/dev/wscons/wsksymdef.h
Additionally Vlad Meșco mentioned that arbitrary Unicode values can be
specified using e.g. unknown_50082 (for U+C3A2?) instead of a known entity. I
have not tested this yet.
The actual predefined keyboard maps are compiled into OpenBSD drivers:
/src/sys/dev/pckbc/wskbdmap_mfii.c
/src/sys/dev/usb/ukbdmap.c (which seems to be derived from wskbdmap_mfii.c)
Note: All of the OpenBSD source files can be found at:
https://cvsweb.openbsd.org
That doesn’t explain the syntax of keyboard.map though.
And I have analyzed the de keyboard.encoding somewhat and found it to be quite
different from the way macOS treats German Apple USB keyboards.
As a small experiment I tried to redefine the 7 key:
wsconsctl keyboard.encoding=de
wsconsctl keyboard.map+="keycode 36 = 7 slash bar backslash"
Note 1: The default definition for de is "keycode 36 = 7 slash braceleft
braceleft“
However the actual mapping seems to be:
<7>: 7 (expected, ok)
<7>: / (expected, ok)
<7>: · (a small middle dot, and deleting with backspace doesn’t work)
<7>: ¯ (some weird glyph with just a short horizontal line at
the top, and deleting with backspace doesn’t work)
<7>: { (expected, ok)
<7>: { (expected, ok)
Note 2: On macOS the actual mappings are:
<7>: 7
<7>: / (slash)
<7>: | (bar)
<7>: \ (backslash)
And it does not matter whether or is used for .
But this does not yield all of the expected results:
<7>: 7 (expected, ok)
<7>: / (expected, ok)
<7>: · (a small middle dot, and deleting with backspace doesn’t work)
<7>: ¯ (some weird glyph with just a short horizontal line at
the top, and deleting with backspace doesn’t work)
<7>: | (expected, ok)
<7>: \ (expected, ok)
The key still does weird things.
But apparently the 4 columns in the keycode entries are:
Note: On non-Apple keyboards may be labeled as . Apple
labels both and as and does not generally
differentiate between the two.
Adding the very obscure:
wsconsctl keyboard.map+="keycode 226 = Cmd2 Mode_switch Multi_key"
(modified from the example Vlad Meșco mentioned to match the keycode
from the USB spec) finally yielded the expected result:
<7>: 7 (expected, ok)
<7>: / (expected, ok)
<7>: | (expected, ok)
<7>: \ (expected, ok)
<7>: | (expected, ok)
<7>: \ (expected, ok)
I can use this but I don’t understand how it works. :-(
Putting this into /etc/wsconsctl.conf gives me a persistent modification that
is one step close to my goal:
# cat /etc/wsconsctl.conf
# Start out with a German keyboard layout:
keyboard.encoding=de
# Make the modifier key behave the same as the key:
keyboard.map+="keycode 226 = Cmd2 Mode_switch Multi_key"
# Redefine the <7> key to match macOS:
keyboard.map+="keycode 36 = 7 slash bar backslash"
#
More enlightened but still puzzled…
Mike
