Re: isakmpd and iked on the same box
On 30/08/2018 17:39, Philipp Buehler wrote: I was not following development too closely, but I think that on the kernel side things have not changed. Which means iked and isakmpd will happily "toe tap" on each others SADB in the kernel (even if there is *some* PID handling). Would like to hear if kernel side has "improved" lately, but the overall standpoint looks like: IKEv1 is dead (e.g. see the removal of IKEv1 stubs in iked some "months ago"). Why would IKEv1 be dead if the stubs were removed from iked? There is still isakmpd and that works pretty well. Also I see many companies that still use IKEv1 and it would be unpleasant if there was no way to connect to them with OpenBSD. Daniel
Re: isakmpd and iked on the same box
Tommy Nevtelen wrote on 30-8-2018 23:13: We use isakmpd to interconnect 30ish routers and I would like to switch to iked, but since there is no support to run both at the same time it makes it quite hard to migrate slowly. Will basically need to do it all at the same time and that is not very good for SLAs which complicates things. Or am I missing something? Would it work for you to add a separate VPN gateway with iked next to the VPN gateway running isakmpd? If you do that you can then set routes to direct traffic for networks that have migrated to ikev2 to the iked gateway.
Re: isakmpd and iked on the same box
Tommy Nevtelen wrote on 31-8-2018 16:12: On 2018-08-31 10:44, Daniel Polak wrote: Tommy Nevtelen wrote on 30-8-2018 23:13: We use isakmpd to interconnect 30ish routers and I would like to switch to iked, but since there is no support to run both at the same time it makes it quite hard to migrate slowly. Will basically need to do it all at the same time and that is not very good for SLAs which complicates things. Or am I missing something? Would it work for you to add a separate VPN gateway with iked next to the VPN gateway running isakmpd? If you do that you can then set routes to direct traffic for networks that have migrated to ikev2 to the iked gateway. Sure, there are many solutions. But that is kind of a lot of work and investment in hardware compared to just running both at the same time right? Of course it is but if the work on and the investment in software has not been done for you by the OpenBSD developers (or sometimes their sponsors) then that's how it is. Needs must.
Re: Monitoring system
I second Tom's recommendation of LibreNMS, it integrates well with OpenBSD. Daniel On 5-10-2018 00:44, flipchan wrote: Greetings all, I need to install a monitoring system with email notifications, I have used mmonit which is great but it's a little too pricey for personal use. Can anyone recommend a open source monitoring system that support email notifications and monitoring of multiple hosts running openbsd. Something more modern then nagios would be great, I just need it to work so as long as it supports email notifications and monitoring of more then one host it's good Thanks in advance
Re: OpenBSD with root FS mounted read only
Stuart Henderson wrote on 15-11-2018 22:53: On 2018-11-15, Kevin Chadwick wrote: The main benefit of read-only is not having to do disk checks but the time for root is negligible. well, it's not just time fsck'ing, those checks can fail, and then if you don't have OOB you have to go visit the machine .. Agree entirely and that is why on our firewalls I always use a RO root filesystem and whatever needs to be RW is in MFS. It does require minor modification of among others /etc/rc though. Root of the problem is the relative fragility of the current file system but changing that is of course a major undertaking. Daniel
provide option to dhclient at boot
I'd like to use the -l option to have dhclient use an alternate location for the leases file. Netstart starts dhclient at boot but I don't see a way to supply the -l option to dhclient other than to modify netstart. Am I missing something? Daniel
Re: provide option to dhclient at boot
Op 20 mei 2013 om 14:47 heeft Kenneth R Westerback het volgende geschreven: > On Mon, May 20, 2013 at 11:56:15AM +0200, Daniel Polak wrote: >> I'd like to use the -l option to have dhclient use an alternate location >> for the leases file. >> Netstart starts dhclient at boot but I don't see a way to supply the -l >> option to dhclient other than to modify netstart. >> >> Am I missing something? >> >> >> Daniel > > Nope. If you want to change the parameters netstart uses, you must > modify netstart. Excellent point. May have to think up a better > way. That's what I will do for now. It's only a minor change. Now that dhclient-script is gone customisation has to be done differently. If a '-l' equivalent would be added to dhclient.conf it might be useful to add the other dhclient options too but that's provably fairly obvious anyway. Thanks! Daniel
how to compare ipsec.conf and isakmpd.conf settings?
On a computer running OpenBSD 5.3 system I am migrating from an isakmpd.conf based configuration to an ipsec.conf based configuration. The tunnel comes up and works correctly when using isakmpd.conf but I can't get the tunnel to come up when I use ipsec.conf. As far as I can see ipsec.conf contains the same settings as the settings that are in isakmpd.conf. The error message when using ipsec.conf is: attribute_unacceptable: ENCRYPTION_ALGORITHM: got AES_CBC, expected 3DES_CBC. This means the proposal from the peer does not match the configuration added by ipsecctl and isakmpd is trying to use its default settings. I've double-checked the settings ipsec.conf and especially the IP addresses. I have also looked at the packets and the isakmpd debug output but all I can see is the peer offering a proposal that matches what is in ipsec.conf. I'd like to see how isakmpd interprets the settings in ipsec.conf and isakmpd.conf and would like to compare those interpretations. ipsecctl -nvf /etc/ipsec.conf shows the settings from ipsec.conf as they would be used by isakmpd but don't see how to do the same with isakmpd.conf. How can I get the settings from isakmpd.conf and ipsec.conf in the same format so I can compare them? Daniel
Re: how to compare ipsec.conf and isakmpd.conf settings?
Original message from Stuart Henderson at 26-9-2013 23:58 On 2013-09-26, Daniel Polak wrote: I'd like to see how isakmpd interprets the settings in ipsec.conf and isakmpd.conf and would like to compare those interpretations. ipsecctl -nvf /etc/ipsec.conf shows the settings from ipsec.conf as they would be used by isakmpd but don't see how to do the same with isakmpd.conf. How can I get the settings from isakmpd.conf and ipsec.conf in the same format so I can compare them? isakmpd does not interpret settings in ipsec.conf *at all*; ipsecctl converts them into control commands which generate isakmpd.conf sections. to compare, you'll need to adjust the format manually; ipsecctl -nvf outputs a bunch of lines like this: C set [sectionname]:variable1=setting1 C set [sectionname]:variable2=setting2 C set [sectionname]:variable3=setting3 which equate to isakmpd.conf entries like this: [sectionname] variable1=setting1 variable2=setting2 variable3=setting3 Writing "how isakmpd interprets the settings in ipsec.conf" was slightly misleading, sorry about that. I do understand that ipsecctl reads ipsec.conf, generates control commands and thereby sets up isakmpd. I have now solved my immediate problem and things are working (I overlooked that the connection was set for passive mode in ipsec.conf and for active mode in isakmpd, and the connection only worked when the my side initiated it). What would have helped me solve this is a way to see what the current configuration of isakmpd looks like (irrespective of whether it was loaded from isakmpd.conf or from ipsec.conf). It appears there is no equivalent of a "C get all" command to the FIFO to get the configuration values of all sections in the running isakmpd configuration. In spite of having used isakmpd for many years I still don't find troubleshooting VPN issues easy :-( Daniel
Re: VPN suggestions
Original message from Kapetanakis Giannis at 8-11-2013 13:38 > I would like to discuss some suggestions about VPN to multiple road > warriors. > > So far we're using OpenVPN, but I want to change that or at maybe > offer L2TP/IPsec in addition to OpenVPN. Have you considered using isakmpd? > Playing around with npppd was straight forward and I was quite > impressed with it. Good job. > EAP-TLS would also be a very nice feature to have. > > What I'm wondering is what you guys do to setup the ipsec path of the > tunnel. > > One option is to use a unique pre-shared key for all clients. But this > is probably insecure since > it opens MITM attacks. Isn't it? > > Best option would be is to use a PKI infrastructure for your clients. > Isn't that a pain in the ass for users (user registration, key > deliveries etc). > How do you guys manage this for best user experience and compatibility > with most OSes? PKI is a bit of a PITA but it is doable. You could use a PKCS#12 package to deliver the certificates to the client. Daniel
Re: VPN suggestions
Original message from Kapetanakis Giannis at 12-11-2013 20:42 > >>> So far we're using OpenVPN, but I want to change that or at maybe >>> offer L2TP/IPsec in addition to OpenVPN. >> Have you considered using isakmpd? > > Yes my test implementation was with isakmpd and npppd. The problem is > the authentication on the ipsec path. > I don't want to use the same PSK for every-one. isakmpd with an ipsec.conf set up to use X.509 certificates would take care of that. > However the whole process is much more difficult for the end user than > New Connection -> Define Connection type -> Enter username/password -> > done. If you use PKCS#12 you can send the certificate to the end user by mail without compromising security. All the end user needs to do is tell a (properly configured) VPN client where the PKCS#12 package is located and he/she is up and running. Daniel
Re: OT, .. but eCommerce?
We4ve used Zen Cart for several webshops. No problems running it on OpenBSD. Zen Cart does have some rough edges but if you spend the time it will work the way you want it to. Several people have told me they are using Magento and that they like it. May be worth a look too. Daniel Original message from L. V. Lammert at 12-12-2008 16:33 A friend of mine is trying to get a small cCommece site up on one of our 4.4 servers, .. he is trying to get eCommerce Templates running but is having problems with curl & it looks like others are ahead. This seems that is something from ASP land, so before I try to help him get it working thought I'd ask to see what other folks are using. Basic inventory control & shopping cart is all he needs - does anyone have a recommendation? TIA, Lee
php5 package, no zip support?
I have php5-core-5.2.6p0 installed on an OpenBSD system and am having trouble using the zip functionality of PHP. The line $zip = new ZipArchive; results in this error: *Fatal error*: Class 'ZipArchive' not found Apparently PHP has to be compiled with zip support. Could somebody who knows more about the PHP5 port tell me how enable zip support? Daniel
AESGCM supported in IKEv1 phase 2 but not in phase 1
Just tried to configure an IKEv1 VPN connection with AESGCM but isakmpd only supports that in phase 2 but not in phase 1. See https://marc.info/?l=openbsd-cvs&m=128516335103833&w=2 for the commit. Is there any special reason why AESGCM has not been implemented for phase 1 as well?
Re: AESGCM supported in IKEv1 phase 2 but not in phase 1
Stuart Henderson wrote on 4-7-2019 17:14: On 2019-07-04, Daniel Polak wrote: Just tried to configure an IKEv1 VPN connection with AESGCM but isakmpd only supports that in phase 2 but not in phase 1. See https://marc.info/?l=openbsd-cvs&m=128516335103833&w=2 for the commit. Is there any special reason why AESGCM has not been implemented for phase 1 as well? AFAIK AES-GCM isn't in the spec for IKEv1 phase 1. See e.g. https://tools.ietf.org/html/rfc4543#section-5.1 I had a look (https://tools.ietf.org/html/rfc4106#section-8.2 is slightly better) and you are right AES-GCM is phase 2 only! How does one supply the 32-bit nonce the man page mentions? Or is this handled automatically by isakmpd?
Re: State of IPsec, iked (OpenIKED) and redundancy (CARP)
Hello Jasper, I wanted to use iked in a redundant configuration too and wasn't sure whether iked and sasyncd play nice together. I contacted Reyk Floeter (the main developer of iked) and it turns out there is room for improvement. We use OpenBSD for the Muniam managed firewalls and need redundant iked for our customers. We will be sponsoring Reyk's work to improve iked redundancy. I expect that Reyk will have something soon but the timing depends on him. Daniel Jasper Siepkes wrote on 28-9-2016 11:07: Hi everyone @ misc! I'm trying to determine what the state is of using iked (OpenIKED) with redundancy (with CARP). Should such a setup work in OpenBSD 6.0? The iked.conf (5) man page implies that using CARP for redundancy is a supported configuration: "This option is used for setups using sasyncd(8) and carp(4) to provide redundancy.". However after some digging I'm leaning towards it was something that used to work but doesn't work anymore (at least not in 6.0). The issue I bumped into; I'm using OpenBSD 6.0 (fully patched) and CARP and iked by themselves work fine. The problems start when trying to have iked use the CARP IP address instead of the IP of the host it self. iked says in it's logs that it uses the CARP IP as source IP in the messages it sends but in reality (checked with tcpdump) it doesn't. It uses the IP of the interface with the default route. After some digging I found someone on the list who encountered the same problem: "IKED/carp/sasyncd: Wrong source ip address/No IKEv2 response" [1]. The response is: "iked generates some packets before binding, so they have whatever source address is on the interface that holds the outgoing route to the destination.". I also found a post in the list called "iked+CARP/ active, passive"[2] which implies that iked + CARP actually does work. But since that post is from 2011 I'm guessing it broke somewhere between 2011 and 2016. If the current state is indeed that using CARP with iked is not an working option perhaps we should modify the iked.conf (5) man page to clearly state that? On a related note; I got bitten by the bug fixed in the patch: "Fix an infinite loop in iked"[3]. I manually patched my build with it but perhaps it's a good candidate for inclusion in the 6.0 patch branch? Regards, Jasper [1] https://marc.info/?l=openbsd-misc&m=145924380931352&w=2 [2] https://marc.info/?l=openbsd-misc&m=131850193524708&w=2 [3] https://marc.info/?l=openbsd-tech&m=147348976311128&w=2
Re: l2tp / ipsec issue
I'm about to do the same and was gathering the necessary information yesterday. The best thread I found was this one: http://marc.info/?l=openbsd-misc&m=138836875831549&w=1 The article on Undeadly http://undeadly.org/cgi?action=article&sid=20120427125048 is outdated. I've not been able to find a clear write up on the web of a complete working configuration for making a L2TP / IPsec VPN connection to an OpenBSD machine with an iPhone. I'll give it a go with what I found but if anyone who has it working with local authentication can post their ipsec.conf and npppd.conf, I would appreciate it! Daniel Original message from Gordon Turner at 21-7-2014 2:35 > Hey List, > > I am trying to use OpenBSD 5.5 as an VPN end point for iOS 7.0 and OSX > 10.9 native VPN clients, using L2TP / IPsec.
Re: l2tp / ipsec issue
Wow, that is some response! I'll give it a try today or tomorrow. Thank you Bastien, Gordon, Chenghan and mxb. Original message from mxb at 22-7-2014 13:15 > As been the original author of undeadly.org article I can state that info in > is stil partially valid, except npppd.conf part.
Re: l2tp / ipsec issue
I got everything to work based on the Undeadly article and the information in this thread. A few remarks: - when connecting with an iPhone 3des in ipsec.conf should be replaced by aes - uncomment the line with net.pipex.enable=1 in sysctl.conf - add npppd_flags="" to rc.conf.local so npppd is started automatically at system boot And one question: Do we really need to allow ah in pf.conf? I have it working with just esp. Daniel Original message from mxb at 22-7-2014 13:15 > As been the original author of undeadly.org article I can state that info in > is stil partially valid, except npppd.conf part.
Re: l2tp / ipsec issue
Bastien, I just gave it a try with Windows 7 and it needs an ipsec.conf with main auth "hmac-sha1" enc "3des" group modp2048 \ quick auth "hmac-sha1" enc "aes" \ I've only tested it locally on the same network so no NAT involved, I've not tried it from the internet behind a firewall/router that is doing NAT. Daniel Original message from Bastien Ceriani at 23-7-2014 9:41 > Daniel, > > Good. > Did you try to connect an Windows (Seven or Eight ?) client. Your VPN > server is working on your frontend firewall/router or on a internal server > behind a firewall ? > > Regards, > > > On Tue, Jul 22, 2014 at 8:16 PM, Daniel Polak wrote: > >> I got everything to work based on the Undeadly article and the >> information in this thread. >> >> A few remarks: >> - when connecting with an iPhone 3des in ipsec.conf should be replaced >> by aes >> - uncomment the line with net.pipex.enable=1 in sysctl.conf >> - add npppd_flags="" to rc.conf.local so npppd is started automatically >> at system boot >> >> And one question: >> Do we really need to allow ah in pf.conf? I have it working with just esp. >> >> >> Daniel >> Original message from mxb at 22-7-2014 13:15 >>> As been the original author of undeadly.org article I can state that >> info in is stil partially valid, except npppd.conf part.
Shuttle DS47 Realtek 8168 detected but not working
I've installed current of Dec 9 on a Shuttle DS47 but the network card
doesn't seem to work.
It is detected but doesn't get a DHCP lease, I don't see any traffic on
the network with tcpdump and setting a fixed IP address doesn't help either.
What can I do to help get it supported in OpenBSD?
This is the dmesg:
OpenBSD 5.4-current (GENERIC) #180: Mon Dec 9 16:31:40 MST 2013
dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Celeron(R) CPU 847 @ 1.10GHz ("GenuineIntel" 686-class)
1.10 GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,NXE,LONG,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,XSAVE,LAHF,PERF,ITSC
real mem = 1822261248 (1737MB)
avail mem = 1780666368 (1698MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 04/13/12, SMBIOS rev. 2.7 @
0xe9700 (73 entries)
bios0: vendor American Megatrends Inc. version "1.03" date 08/09/2013
bios0: Shuttle Inc. DS47D
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP APIC FPDT MCFG SLIC HPET SSDT SSDT SSDT
acpi0: wakeup devices P0P1(S4) USB1(S3) USB2(S3) USB3(S3) USB4(S3)
USB5(S3) USB6(S3) USB7(S3) PXSX(S4) RP01(S4) PXSX(S4) RP02(S4) PXSX(S4)
RP03(S4) PXSX(S4) RP04(S4) [...]
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: apic clock running at 99MHz
cpu at mainbus0: not configured
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins
acpimcfg0 at acpi0 addr 0xf800, bus 0-63
acpihpet0 at acpi0: 14318179 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (P0P1)
acpiprt2 at acpi0: bus 1 (RP01)
acpiprt3 at acpi0: bus 2 (RP02)
acpiprt4 at acpi0: bus 3 (RP03)
acpiprt5 at acpi0: bus 4 (RP04)
acpiprt6 at acpi0: bus -1 (RP05)
acpiprt7 at acpi0: bus -1 (RP06)
acpiprt8 at acpi0: bus -1 (RP07)
acpiprt9 at acpi0: bus -1 (RP08)
acpiprt10 at acpi0: bus -1 (PEG0)
acpiprt11 at acpi0: bus -1 (PEG1)
acpiprt12 at acpi0: bus -1 (PEG2)
acpiprt13 at acpi0: bus -1 (PEG3)
acpiec0 at acpi0: Failed to read resource settings
acpicpu0 at acpi0: C1, PSS
acpipwrres0 at acpi0: FN00: resource for FAN0
acpipwrres1 at acpi0: FN01: resource for FAN1
acpipwrres2 at acpi0: FN02: resource for FAN2
acpipwrres3 at acpi0: FN03: resource for FAN3
acpipwrres4 at acpi0: FN04: resource for FAN4
acpitz0 at acpi0: critical temperature is 101 degC
acpitz1 at acpi0: critical temperature is 101 degC
acpibat0 at acpi0: BAT0 not present
acpibat1 at acpi0: BAT1 not present
acpibat2 at acpi0: BAT2 not present
acpibtn0 at acpi0: PWRB
acpibtn1 at acpi0: LID0
acpivideo0 at acpi0: GFX0
bios0: ROM list: 0xc/0xf000
cpu0: Enhanced SpeedStep 1098 MHz: speeds: 1100, 1000, 900, 800 MHz
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 0 function 0 "Intel Core 2G Host" rev 0x09
vga1 at pci0 dev 2 function 0 "Intel HD Graphics 2000" rev 0x09
intagp0 at vga1
agp0 at intagp0: aperture at 0xe000, size 0x1000
inteldrm0 at vga1
drm0 at inteldrm0
inteldrm0: 1280x1024
wsdisplay0 at vga1 mux 1: console (std, vt100 emulation)
wsdisplay0: screen 1-5 added (std, vt100 emulation)
"Intel 7 Series MEI" rev 0x04 at pci0 dev 22 function 0 not configured
ehci0 at pci0 dev 26 function 0 "Intel 7 Series USB" rev 0x04: apic 2 int 16
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 "Intel EHCI root hub" rev 2.00/1.00 addr 1
azalia0 at pci0 dev 27 function 0 "Intel 7 Series HD Audio" rev 0x04: msi
azalia0: codecs: Realtek ALC662, Intel/0x2806, using Realtek ALC662
audio0 at azalia0
ppb0 at pci0 dev 28 function 0 "Intel 7 Series PCIE" rev 0xc4: apic 2 int 16
pci1 at ppb0 bus 1
"Realtek 8188CE" rev 0x01 at pci1 dev 0 function 0 not configured
ppb1 at pci0 dev 28 function 1 "Intel 7 Series PCIE" rev 0xc4: apic 2 int 17
pci2 at ppb1 bus 2
re0 at pci2 dev 0 function 0 "Realtek 8168" rev 0x0c: RTL8168G/8111G
(0x4c00), msi, address 80:ee:73:73:33:1c
ukphy0 at re0 phy 7: Generic IEEE 802.3u media interface, rev. 0: OUI
0x000732, model 0x
ppb2 at pci0 dev 28 function 2 "Intel 7 Series PCIE" rev 0xc4: apic 2 int 18
pci3 at ppb2 bus 3
vendor "ASMedia", unknown product 0x1142 (class serial bus subclass USB,
rev 0x00) at pci3 dev 0 function 0 not configured
ppb3 at pci0 dev 28 function 3 "Intel 7 Series PCIE" rev 0xc4: apic 2 int 19
pci4 at ppb3 bus 4
re1 at pci4 dev 0 function 0 "Realtek 8168" rev 0x0c: RTL8168G/8111G
(0x4c00), msi, address 80:ee:73:73:33:1d
ukphy1 at re1 phy 7: Generic IEEE 802.3u media interface, rev. 0: OUI
0x000732, model 0x
ehci1 at pci0 dev 29 function 0 "Intel 7 Series USB" rev 0x04: apic 2 int 23
usb1 at ehci1: USB revision 2.0
uhub1 at usb1 "Intel EHCI root hub" rev 2.00/1.00 addr 1
pcib0 at pci0 dev 31 function 0 vendor "Intel", unknown product 0x1e5f
rev 0x04
ahci0 at pci0 dev 31 function 2 "Intel 7 Series AHCI" rev 0x04: msi,
AHCI 1.3
scsibus0 at ahci0: 32 targe
isakmpd move road warriors to new pre-shared key
In our VPN setups all road warriors that connect to a VPN gateway use the same pre-shared key. This means that changing the key will require all users to switch to the new key at the same time which is difficult in practice. Has anyone found a solution for this? Is there any way to have two pre-shared keys active at the same time? As an alternative to using pre-shared keys I'd like to use XAUTH but AFAIK there's currently no support for that in OpenBSD Another option would be to use public key authentication but it looks like the VPN client we use does not (yet?) support that. Daniel
hosts file and caching name server
Is it possible to have bind consult the hosts file (or an equivalent) before querying DNS? Entries in /etc/hosts only seem to work for lookups done for the OpenBSD machine itself but not for clients using the caching DNS. Daniel
Re: SIP on OpenBSD
Original message from pedro la peu at 14-2-2007 2:37 On Tuesday 13 February 2007 21:04, Stuart Henderson wrote: Anyone with a phone... there are numerous companies gatewaying PSTN<>SIP in and out and some doing PSTN<>H323 and a few doing PSTN<>IAX And a choice of ISDN (basic, pri) -> SIP gateways. Much easier. I Googled a bit and found this: http://www.patton.com/products/pe_products.asp?category=45 Looks good for a small office installation and avoids a few problems you might run into with PCI cards. If I'm not mistaken you could use a Patton (or any other brand) VoIP gateway to connect to the physical phonelines and use Asterisk running on OpenBSD to talk to the VoIP gateway using SIP. I might actually give that a try. Daniel
Re: Quad ethernet card
Original message from Fredrik Carlsson at 5-6-2007 18:26 I'm planing to set up a new firewall and have a few questions about what quad ethernet cards people recommend? The server will probably be a Dell PE860 (they seem to be well supported by OpenBSD), but what quad cards should i buy? what cards have good performance? The Intel quad port card (PWLA8494GT) is supported well by OpenBSD but it is rather expensive. Daniel
Re: Problem with Intel Pro/1000 PT
Original message from Robert Warning at 6-6-2007 19:16 Hello everybody, I've been getting some strange errors with this dual port nic. My system is a dual core AMD64 system running 4.1-stable with multiprocessor support enabled. The chipset of the card is 82571EB. This problem also occurs when I boot into a kernel without MP support. em0 works fine, but em1 throws watchdog timeout errors frequently, and it is so slow to the point of being unusable. em1 is slow even if it happens to not be throwing the watchdog timeout errors. I first noticed this when i set both devices to configure via dhcp. Thinking it might be a broken card, I swapped in another card of the same model and chipset, and experienced the same problem. The other nic in the system, re0, works fine. I've looked through some message boards on the subject but I have not found anything conclusive, and I'm at a loss at what the problem could be. I'm hoping it's a configuration issue, or a problem at my end. Any advice would be greatly appreciated. Bob, I've seen problems and watchdog timeout messages with the Intel em driver too. Henning Brauer and Mark Kettenis corrected the em driver and the cards now work properly. The current drivers (in src/sys/dev/pci/if_em*) will probably work with 4.1 but Henning and Mark are the ones to ask for more details. Daniel
Re: Intel Atom and D945GCLF2
Original message from Steve B at 27-9-2008 4:24
Is anyone running OpenBSD on one of these boards? The supported platform
page does not list either the chipset or the CPU so I'm guesing it is not
supported at this time.
I have been running OpenBSD 4.3 for several weeks on an Atom D945GCLF
and didn't encounter any problems.
The dmesg shows a few messages that indicate that not everything is
fully supported yet but the board still runs fine.
Daniel
OpenBSD 4.3-stable (GENERIC) #8: Wed Jul 30 22:03:55 CEST 2008
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
RTC BIOS diagnostic error 80
cpu0: Intel(R) Atom(TM) CPU 230 @ 1.60GHz ("GenuineIntel" 686-class)
1.60 GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,TM2,CX16,xTPR
cpu0: unknown i686 model 12, can't get bus clock (0x4308)
real mem = 526192640 (501MB)
avail mem = 500740096 (477MB)
RTC BIOS diagnostic error 80
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 04/27/08, SMBIOS rev. 2.4 @
0xe3590 (23 entries)
bios0: vendor Intel Corp. version "LF94510J.86A.0038.2008.0427.2223"
date 04/27/2008
bios0: Intel Corporation D945GCLF
apm0 at bios0: Power Management spec V1.2
apm0: AC on, battery charge unknown, estimated 0:00 hours
acpi at bios0 function 0x0 not configured
pcibios at bios0 function 0x1a not configured
bios0: ROM list: 0xc/0xae00! 0xcb000/0x1000
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "Intel 82945G Host" rev 0x02
agp0 at pchb0: aperture at 0x2000, size 0x1000
vga1 at pci0 dev 2 function 0 "Intel 82945G Video" rev 0x02
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
azalia0 at pci0 dev 27 function 0 "Intel 82801GB HD Audio" rev 0x01: irq 9
azalia0: codec[s]: Realtek/0x0662
audio0 at azalia0
ppb0 at pci0 dev 28 function 0 "Intel 82801GB PCIE" rev 0x01
pci1 at ppb0 bus 1
re0 at pci1 dev 0 function 0 "Realtek 8101E" rev 0x02: unknown ASIC
(0x2480), irq 11, address 00:1c:c0:45:21:25
rlphy0 at re0 phy 7: RTL8201L 10/100 PHY, rev. 1
ppb1 at pci0 dev 28 function 2 "Intel 82801GB PCIE" rev 0x01
pci2 at ppb1 bus 2
ppb2 at pci0 dev 28 function 3 "Intel 82801GB PCIE" rev 0x01
pci3 at ppb2 bus 3
uhci0 at pci0 dev 29 function 0 "Intel 82801GB USB" rev 0x01: irq 10
uhci1 at pci0 dev 29 function 1 "Intel 82801GB USB" rev 0x01: irq 11
uhci2 at pci0 dev 29 function 2 "Intel 82801GB USB" rev 0x01: irq 9
uhci3 at pci0 dev 29 function 3 "Intel 82801GB USB" rev 0x01: irq 11
ehci0 at pci0 dev 29 function 7 "Intel 82801GB USB" rev 0x01: irq 10
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 "Intel EHCI root hub" rev 2.00/1.00 addr 1
ppb3 at pci0 dev 30 function 0 "Intel 82801BA Hub-to-PCI" rev 0xe1
pci4 at ppb3 bus 4
em0 at pci4 dev 0 function 0 "Intel PRO/1000MT (82546GB)" rev 0x03: irq
10, address 00:1b:21:14:48:78
em1 at pci4 dev 0 function 1 "Intel PRO/1000MT (82546GB)" rev 0x03: irq
9, address 00:1b:21:14:48:79
ichpcib0 at pci0 dev 31 function 0 "Intel 82801GB LPC" rev 0x01: PM disabled
pciide0 at pci0 dev 31 function 1 "Intel 82801GB IDE" rev 0x01: DMA,
channel 0 configured to compatibility, channel 1 configured to compatibility
wd0 at pciide0 channel 0 drive 0:
wd0: 1-sector PIO, LBA, 244MB, 500400 sectors
wd0(pciide0:0:0): using PIO mode 4
pciide0: channel 1 ignored (disabled)
pciide1 at pci0 dev 31 function 2 "Intel 82801GB SATA" rev 0x01: DMA,
channel 0 configured to native-PCI, channel 1 configured to native-PCI
pciide1: using irq 11 for native-PCI interrupt
ichiic0 at pci0 dev 31 function 3 "Intel 82801GB SMBus" rev 0x01: irq 11
iic0 at ichiic0
admtm0 at iic0 addr 0x2d: 47m192
spdmem0 at iic0 addr 0x50: 512MB DDR2 SDRAM non-parity PC2-4200CL5
usb1 at uhci0: USB revision 1.0
uhub1 at usb1 "Intel UHCI root hub" rev 1.00/1.00 addr 1
usb2 at uhci1: USB revision 1.0
uhub2 at usb2 "Intel UHCI root hub" rev 1.00/1.00 addr 1
usb3 at uhci2: USB revision 1.0
uhub3 at usb3 "Intel UHCI root hub" rev 1.00/1.00 addr 1
usb4 at uhci3: USB revision 1.0
uhub4 at usb4 "Intel UHCI root hub" rev 1.00/1.00 addr 1
isa0 at ichpcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pms0 at pckbc0 (aux slot)
pckbc0: using irq 12 for aux slot
wsmouse0 at pms0 mux 0
pcppi0 at isa0 port 0x61
midi0 at pcppi0:
spkr0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
biomask ef6d netmask ef6d ttymask ffef
mtrr: Pentium Pro MTRR support
uftdi0 at uhub4 port 2 "Crystalfontz Crystalfontz CFA-634 USB LCD" rev
1.10/2.00 addr 2
ucom0 at uftdi0 portno 1
softraid0 at root
root on wd0a swap on wd0b dump on wd0b
current support for Asus Eee PC 4G
How well do the different Eee PC models currently work with OpenBSD? Any limitations? I'm especially interested in the Eee PC 4G as they are really cheap (a little over 200 euro) now. Daniel
OpenBSD 4.4 CD's arrived in Amsterdam, the Netherlands
The early bird catches the worm! www.sys.nl/images/obsd44_1.jpg www.sys.nl/images/obsd44_2.jpg A big thank you to all the developers for another great release! To all Europeans on the list: don't miss out, make Wim work even harder (and help OpenBSD) by ordering your very own CD set now here: http://www.openbsd.org/orders.html Daniel
wd1(pciide0:1:0): timeout with 1 GB CF card
I have a system with an IDE hard disk and CF-IDE adapter.
The CF-IDE adapter works fine with CF cards of 512 MB capacity and less.
As time goes by smaller capacity cards become more difficult to find so
I bought several 1 GB Kingston CF cards.
However these CF cards don't seem to work (on OpenBSD 4.3 stable). I
tried three empty 1 GB Kingston CF cards and they all prevent the system
from getting past loading the kernel.
I went back to a smaller card and then everything is fine.
The error message is
type: ata
c_bcount: 512
c_skip: 0
pciide0:1:0: bus-master DMA error: missing interrupt, status=0x21
This is the dmesg:
OpenBSD 4.3 (GENERIC) #0: Sat May 3 18:58:41 CEST 2008
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Pentium(R) 4 CPU 2.40GHz ("GenuineIntel" 686-class) 2.40 GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,CNXT-ID,xTPR
real mem = 401944576 (383MB)
avail mem = 380342272 (362MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 10/05/04, BIOS32 rev. 0 @ 0xfda74,
SMBIOS rev. 2.3 @ 0xf0e80 (62 entries)
bios0: vendor Intel Corp. version "WD84510A.86B.0020.P12.0410052327"
date 10/05/2004
bios0: Intel Corporation S845WD1-E
acpi0 at bios0: rev 0
acpi0: tables DSDT FACP APIC SSDT
acpi0: wakeup devices PBTN(S4) SLPB(S4) PCI1(S4) UAR1(S4) USB_(S3)
USB2(S3) AC9_(S4) SMB_(S4)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 2 (PCI1)
acpicpu0 at acpi0
acpibtn0 at acpi0: PBTN
acpibtn1 at acpi0: SLPB
bios0: ROM list: 0xc/0x8000 0xc8000/0x1000 0xc9000/0x1000
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "Intel 82845 Host" rev 0x11
agp0 at pchb0: aperture at 0xf800, size 0x400
ppb0 at pci0 dev 1 function 0 "Intel 82845 AGP" rev 0x11
pci1 at ppb0 bus 1
ppb1 at pci0 dev 30 function 0 "Intel 82801BA Hub-to-PCI" rev 0x05
pci2 at ppb1 bus 2
em0 at pci2 dev 11 function 0 "Intel PRO/1000MT (82546GB)" rev 0x03: irq
9, address 00:04:23:b6:e7:9c
em1 at pci2 dev 11 function 1 "Intel PRO/1000MT (82546GB)" rev 0x03: irq
10, address 00:04:23:b6:e7:9d
fxp0 at pci2 dev 12 function 0 "Intel 8255x" rev 0x0d, i82550: irq 11,
address 00:07:e9:91:03:4f
inphy0 at fxp0 phy 1: i82555 10/100 PHY, rev. 4
fxp1 at pci2 dev 13 function 0 "Intel 8255x" rev 0x0d, i82550: irq 11,
address 00:07:e9:91:03:50
inphy1 at fxp1 phy 1: i82555 10/100 PHY, rev. 4
vga1 at pci2 dev 15 function 0 "ATI Rage XL" rev 0x27
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
ichpcib0 at pci0 dev 31 function 0 "Intel 82801BA LPC" rev 0x05
pciide0 at pci0 dev 31 function 1 "Intel 82801BA IDE" rev 0x05: DMA,
channel 0 wired to compatibility, channel 1 wired to compatibility
wd0 at pciide0 channel 0 drive 0:
wd0: 16-sector PIO, LBA48, 38134MB, 78099824 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2
pciide0: channel 1 ignored (disabled)
uhci0 at pci0 dev 31 function 2 "Intel 82801BA USB" rev 0x05: irq 11
ichiic0 at pci0 dev 31 function 3 "Intel 82801BA SMBus" rev 0x05: irq 10
iic0 at ichiic0
adt0 at iic0 addr 0x2e: lm85 rev 0x60
spdmem0 at iic0 addr 0x50: 128MB DDR SDRAM ECC PC2100CL2.5
spdmem1 at iic0 addr 0x51: 256MB DDR SDRAM ECC PC2100CL2.5
uhci1 at pci0 dev 31 function 4 "Intel 82801BA USB" rev 0x05: irq 9
isa0 at ichpcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pmsi0 at pckbc0 (aux slot)
pckbc0: using irq 12 for aux slot
wsmouse0 at pmsi0 mux 0
pcppi0 at isa0 port 0x61
midi0 at pcppi0:
spkr0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
usb0 at uhci0: USB revision 1.0
uhub0 at usb0 "Intel UHCI root hub" rev 1.00/1.00 addr 1
usb1 at uhci1: USB revision 1.0
uhub1 at usb1 "Intel UHCI root hub" rev 1.00/1.00 addr 1
biomask ef65 netmask ef65 ttymask ffe7
mtrr: Pentium Pro MTRR support
softraid0 at root
root on wd0a swap on wd0b dump on wd0b
Do you think the problem is with the CF cards, with the CF-IDE adapter
or with something in the OpenBSD 4.3 kernel?
Daniel
Re: wd1(pciide0:1:0): timeout with 1 GB CF card
Original message from Stuart Henderson at 13-5-2008 22:15 On 2008-05-13, Daniel Polak <[EMAIL PROTECTED]> wrote: I have a system with an IDE hard disk and CF-IDE adapter. The CF-IDE adapter works fine with CF cards of 512 MB capacity and less. As time goes by smaller capacity cards become more difficult to find so I bought several 1 GB Kingston CF cards. However these CF cards don't seem to work (on OpenBSD 4.3 stable). I tried three empty 1 GB Kingston CF cards and they all prevent the system from getting past loading the kernel. I went back to a smaller card and then everything is fine. The error message is type: ata c_bcount: 512 c_skip: 0 pciide0:1:0: bus-master DMA error: missing interrupt, status=0x21 Your card supports DMAs, but your adapter doesn't wire the required line. This was a later addition to the CF spec, you can disable DMA with flags to wd(4). See http://lists.soekris.com/pipermail/soekris-tech/2007-May/012083.html Thanks that looks like the cause of my problem! Only thing is that I have probably have many CF-IDE adapters like this and I'd need to use a custom kernel from now on or find enough of the older Kingston CF/512 cards that do work. Daniel
make release problem with 3.7 stable
I can't imagine that make release is not working anymore so I'm probably overlooking something. I'm doing everything as per release(8) and http://www.openbsd.org/faq/faq5.html#Release but errors about missing files show up. Any ideas? Daniel base: done. comp: done. etc: done. game: done. man: done. misc: done. cp /root/reldest/snapshot/bsd* /root/relout cp /root/reldest/snapshot/*boot* /root/relout cp /root/reldest/snapshot/cdbr /root/relout cp /root/reldest/snapshot/*BOOT* /root/relout cp: /root/reldest/snapshot/*BOOT*: No such file or directory *** Error code 1 (ignored) cp /root/reldest/snapshot/cd*.iso /root/relout cp /root/reldest/snapshot/*.ipk /root/relout cp: /root/reldest/snapshot/*.ipk: No such file or directory *** Error code 1 (ignored) cp /root/reldest/snapshot/Packages /root/relout cp: /root/reldest/snapshot/Packages: No such file or directory *** Error code 1 (ignored) cp /root/reldest/snapshot/INSTALL.* /root/relout cp /root/reldest/snapshot/*.fs /root/reldest/snapshot/*.fs.gz /root/relout cp: /root/reldest/snapshot/*.fs.gz: No such file or directory *** Error code 1 (ignored) cd /root/relout; md5 bsd!(*.gz) *boot* cdbr *BOOT* INSTALL.* *.fs *.iso *.gz *. tgz > MD5 md5: cannot open *BOOT*: No such file or directory md5: cannot open *.gz: No such file or directory cd /root/relout; cksum bsd!(*.gz) *boot* cdbr *BOOT* INSTALL.* *.fs *.iso *.gz *.tgz > CKSUM cksum: cannot open *BOOT*: No such file or directory cksum: cannot open *.gz: No such file or directory cd /root/relout && sort -o MD5 MD5 cd /root/relout && sort -o CKSUM -k 3 CKSUM
fan control on AcerPower F1b
During boot the fan on my AcerPower F1b is switched on and remains on at
full speed. This makes the pc rather noisy.
The fan switches on when the kernel loads right after fdc0 is detected.
I fiddled with the BIOS power saving settings and even called Acer but
to no avail.
Has anybody encountered anything similar?
dmesg below:
OpenBSD 3.7-stable (GENERIC) #0: Sat May 28 12:19:24 CEST 2005
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Celeron(R) CPU 2.66GHz ("GenuineIntel" 686-class) 2.67 GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,PNI,MWAIT,CNXT-ID
real mem = 234397696 (228904K)
avail mem = 207130624 (202276K)
using 2886 buffers containing 11821056 bytes (11544K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(a0) BIOS, date 11/18/04, BIOS32 rev. 0 @ 0xfb370
apm0 at bios0: Power Management spec V1.2
apm0: AC on, battery charge unknown
pcibios0 at bios0: rev 2.1 @ 0xf/0xdef4
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfde50/160 (8 entries)
pcibios0: PCI Exclusive IRQs: 5 9 10 11
pcibios0: PCI Interrupt Router at 000:02:0 ("SIS 85C503 System" rev 0x00)
pcibios0: PCI bus #1 is the last bus
bios0: ROM list: 0xc/0x8000 0xc8000/0x8000!
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 vendor "SIS", unknown product 0x0661 rev 0x11
ppb0 at pci0 dev 1 function 0 "SIS 648FX AGP" rev 0x00
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 "SIS 6330 VGA" rev 0x00: aperture at
0xd800, size 0x40
wsdisplay0 at vga1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
pcib0 at pci0 dev 2 function 0 "SIS 964 PCI" rev 0x36
pciide0 at pci0 dev 2 function 5 "SIS 5513 EIDE" rev 0x01: 5597/5598:
DMA, channel 0 configured to compatibility, channel 1 configured to
compatibility
wd0 at pciide0 channel 0 drive 0:
wd0: 16-sector PIO, LBA, 78167MB, 160086528 sectors
wd0(pciide0:0:0): using PIO mode 4, DMA mode 2
pciide0: channel 1 disabled (no drives)
auich0 at pci0 dev 2 function 7 "SIS 7012 AC97" rev 0xa0: irq 11,
SiS7012 AC97
ac97: codec id 0x414c4760 (Avance Logic ALC655)
audio0 at auich0
ohci0 at pci0 dev 3 function 0 "SIS 5597/5598 USB" rev 0x0f: irq 11,
version 1.0, legacy support
ohci0: SMM does not respond, resetting
usb0 at ohci0: USB revision 1.0
uhub0 at usb0
uhub0: SIS OHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub0: 3 ports with 3 removable, self powered
ohci1 at pci0 dev 3 function 1 "SIS 5597/5598 USB" rev 0x0f: irq 9,
version 1.0, legacy support
ohci1: SMM does not respond, resetting
usb1 at ohci1: USB revision 1.0
uhub1 at usb1
uhub1: SIS OHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub1: 3 ports with 3 removable, self powered
ohci2 at pci0 dev 3 function 2 "SIS 5597/5598 USB" rev 0x0f: irq 5,
version 1.0, legacy support
ohci2: SMM does not respond, resetting
usb2 at ohci2: USB revision 1.0
uhub2 at usb2
uhub2: SIS OHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub2: 2 ports with 2 removable, self powered
ehci0 at pci0 dev 3 function 3 "SIS 7002 USB" rev 0x00: irq 10
ehci0: EHCI version 1.0
ehci0: companion controllers, 3 ports each: ohci0 ohci1 ohci2
usb3 at ehci0: USB revision 2.0
uhub3 at usb3
uhub3: SIS EHCI root hub, class 9/0, rev 2.00/1.00, addr 1
uhub3: single transaction translator
uhub3: 8 ports with 8 removable, self powered
rl0 at pci0 dev 14 function 0 "Realtek 8139" rev 0x10: irq 11 address
00:11:5b:7a:f9:da
rlphy0 at rl0 phy 0: RTL internal phy
isa0 at pcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0 (mux 1 ignored for console): console keyboard, using
wsdisplay0
pmsi0 at pckbc0 (aux slot)
pckbc0: using irq 12 for aux slot
wsmouse0 at pmsi0 mux 0
pcppi0 at isa0 port 0x61
midi0 at pcppi0:
sysbeep0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
it0 at isa0 port 0x290/8: IT87
npx0 at isa0 port 0xf0/16: using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
biomask ef65 netmask ef65 ttymask ffe7
pctr: user-level cycle counter enabled
dkcsum: wd0 matched BIOS disk 81
root on wd0a
rootdev=0x0 rrootdev=0x300 rawdev=0x302
Re: Need Quad Ethernet for router box
Original message from Bill Chmura at 21-7-2005 20:02 All of the traffic pretty much will be passing over the router. I see the wisdom of what you are saying with redesigning the network and I will give it some thought, but the majority of the resources are located in one spot. I will mull that over though. As it stands, only some students doing filesharing would not pass the router. I am liking the VLAN concept more and more for the less active segments. The whole thing has to fit into the budget. We have a few Cisco 3500XL switches that I think support VLAN, so I could task one of those to the job probably. After Henning pointed out to me with the SK cards I don't need to go the route of the quad, I am planning on the SK dual port cards. http://www.syskonnect.com/products/sk-9s22.htm - but when I searched it seems like the .2 revs are becoming hard to find and the .3 is unsupported. Bill, As it happens I have been e-mailing with SysKonnect about the SK-9S22 and a possible quad port card today! They are thinking about a doing a quad port card but need to be sure that there is enough interest. Anybody interested in a quad port SysKonnect card please e-mail me and I will pass on your e-mail address to SysKonnect so they can let you know when the quad port card becomes available. According to the SK man page at http://www.openbsd.org/cgi-bin/man.cgi?query=sk&apropos=0&sektion=0&manpath=OpenBSD+Current&arch=i386&format=html the SK-9S22 is currently not supported by OpenBSD. Daniel
Re: pf logging: tcpdump: need root privileges
Martin, The solution in the FAQ was ok for 3.8 but things changed in 3.9. For now if you run the script underneath from root's crontab every 5 minutes you'll most likely be ok. There should be a check in the script to see if it is already running to prevent another instance starting when the old one hasn't finished yet. The check in the script in the FAQ was actually not working anyway so if the script in the FAQ wasn't causing any problems this one will be ok too. With this script there is just one script and no need for the user pflogger anymore as everything is done as root. This allows tcpdump to privsep which makes things safer. /etc/pflogrotate: #!/bin/sh # rotate pflog file and feed to syslog FILE=/var/log/pflog5min.$(date "+%Y%m%d%H%M") kill -ALRM $(cat /var/run/pflogd.pid) if [ $(ls -l /var/log/pflog | cut -d " " -f 8) -gt 24 ]; then mv /var/log/pflog $FILE kill -HUP $(cat /var/run/pflogd.pid) tcpdump -n -e -ttt -r $FILE | logger -p local0.info rm $FILE fi Hope this helps! Daniel Original message from Martin Schrvder at 28-5-2006 20:45 2006/5/28, Henning Brauer <[EMAIL PROTECTED]>: > What's wrong here? Bug in the FAQ? you have to start tcpdump as root so it can run privilege seperated and you don't have the scary decoders running with any real user's privs. So it's a bug in the FAQ (faq/pf/logging.html), as that solution doesn't work anymore.
Re: Marvell Yukon-2 / Syskonnect SK-9S22
Original message from Adam at 25-11-2005 8:59 I'm in need of some help getting an syskonnect SK-9S22 (dual port gigabit ethernet) to work. I'm currently running on the i386 platform with openbsd 3.8-current as of 11/25/05. I believe this is the most relevant part of the dmesg: skc0 at pci1 dev 3 function 0 "Schneider & Koch SK-9Sxx" rev 0x12: irq 5 skc0: Marvell Yukon-2 XL (0x1) sk port A at skc0 not configured sk port B at skc0 not configured For whatever reason the mac addresses for the ports are not getting reported so sk0 & sk1 aren't getting setup. Any ideas?? Adam, Take a look at this thread http://marc.theaimsgroup.com/?l=openbsd-misc&m=113217946625538&w=2 I got a few SK-9S22 cards in the summer and helped Brad@ get some SysKonnect cards. For now they are not supported in OpenBSD. As far as I've been able to determine there is currently no good dual or quad port gigabit card on the market that works with OpenBSD. Some revisions of the Intel gigabit cards work but others don't. Daniel
Re: Marvell Yukon 88E8053 PCI-E Gigabit
Original message from Diana Eichert at 25-1-2006 20:09 On Wed, 25 Jan 2006, Christoph Fritz wrote: Am Mittwoch, 25. Januar 2006 16:20 schrieb Adam Dennis: I noticed that openbsd-current doesn't have support for Marvell Yukon88E8053 PCI-E Gigabit (onboard). I have the same if, but not on my OpenBSD-Computer. www.skd.de supports drivers for FreeBSD, Linux, etc. but not for OpenBSD as far as I can see. SysKonnect support has gone down hill ever since Marvel bought them. I tried unsuccessfully to get h/w and doc supplied to OBSD devs a little over a year ago, then all of the sudden my old SK contact quit replying. To provide a balanced view: In July last year SysKonnect provided a few SK-9S22 cards to Brad and me so OpenBSD support could be added. It took it bit of doing but they were definitely willing to help. Daniel
