Re: OpenBSD Nitrokey and GPG
I have tried using my NitroKey Pro 2 on my Openbsd 7.1 box using gpg-agent with an empty scdaemon.conf file. I get the same error if pcscd is not started. If started, I can run all gpg card commands. On Tue, Oct 18 2022, William White wrote: > I have a Nitrokey Start that I use to hold my private GPG key. It > works on Linux, but doesn't seem to work on OpenBSD. dmesg shows only > the following line when plugged in: > > ugen0 at uhub0 port 4 "Nitrokey Nitrokey Start" rev 2.00/2.00 addr 2 > > I have imported the public key (shows in gpg -k) but gpg -K does not > list the private key. gpg --card-status says > > gpg: selecting card failed: Operation not supported by device gpg: > OpenPGP card not available: Operation not supported by device > > Can anyone tell me for sure if it's supported or not? Or if I need to > do something else to get it recognized.
athn on a bridge
Hi, I'm experimenting with turning an OpenBSD 7.2 box into a wireless access point (hostap) using a athn, em, bridge, vether devices and dhcpd. Configuring the athn0 interface with IP, hostap and SSID works fine. Other clients connects to it and obtains IP over DHCP. When configuring the athn0 with no IP address, and adding the interface to a bridge0 interface along with the em1 device and a vether0 device, clients still connects fine to athn0 SSID but when clients ask for IP over DHCP, ethernet frames does not propagate to vether0 where the dhcpd listens. pf is disabled (pf=NO) dmesg: em1 at pci6 dev 0 function 0 "Intel 82574L" rev 0x00: msi, address 00:1b:21:3a:78:80 athn0 at pci16 dev 0 function 0 "Atheros AR928X" rev 0x01: apic 130 int 8 athn0: AR9280 rev 2 (2T2R), ROM rev 11, address 00:26:82:61:87:c9 ifconfig: em1: flags=8b43 mtu 1500 lladdr 00:1b:21:3a:78:80 index 2 priority 0 llprio 3 media: Ethernet autoselect (none) status: no carrier vether0: flags=8943 mtu 1500 lladdr fe:e1:ba:d0:cd:4a index 9 priority 0 llprio 3 groups: vether media: Ethernet autoselect status: active inet 192.168.1.1 netmask 0xff80 broadcast 192.168.1.127 athn0: flags=8943 mtu 1500 lladdr 00:26:82:61:87:c9 index 5 priority 4 llprio 3 groups: wlan media: IEEE802.11 autoselect mode 11g hostap status: active ieee80211: nwid TEST chan 2 bssid 00:26:82:61:87:c9 -58dBm wpakey wpaprotos wpa2 wpaakms psk wpaciphers ccmp wpagroupcipher ccmp bridge0: flags=0<> mtu 1500 index 8 llprio 3 groups: bridge priority 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp designated: id 00:00:00:00:00:00 priority 0 athn0 flags=3 port 5 ifpriority 0 ifcost 0 em1 flags=3 port 2 ifpriority 0 ifcost 0 vether0 flags=3 port 9 ifpriority 0 ifcost 0 Addresses (max cache: 100, timeout: 240): Have I configured something wrong or is a feature missing? /Martin
Re: athn on a bridge
On Wed, Feb 08 2023, Crystal Kolipe wrote: > On Wed, Feb 08, 2023 at 08:28:50PM +0100, Martin Kjr Jrgensen wrote: >> I'm experimenting with turning an OpenBSD 7.2 box into a wireless access >> point >> (hostap) using a athn, em, bridge, vether devices and dhcpd. > > You obviously enjoy pain :). He he, actually no :) I was just curious about it. > > Seriously, if this is for anything other than educational purposes, you'll > probably be disappointed with the results. The athn driver does support > hostap mode, but just like most other wifi cards on OpenBSD the support is > somewhat lacking. You won't get good performance out of it. That's what I gathered so far, but I could have been wrong or not up-to-date. There have been some work on the ieee80211(9) lately.
Wireless WPA and crypto hardware
Hi misc Can a wireless interface (say, athn) make use of a hardware crypto card like hifn when using WPA/WPA2 as encryption? /Martin
Re: Wireless WPA and crypto hardware
On Sat, Dec 15, 2012 at 11:03:00AM +0100, Tobias Ulmer wrote: > On Sat, Dec 15, 2012 at 09:52:28AM +0100, Martin Kjær Jørgensen wrote: > > Hi misc > > > > Can a wireless interface (say, athn) make use of a hardware crypto card > > like hifn when using WPA/WPA2 as encryption? > > From a quick look through the kernel: > > No, net80211 does not use the crypto framework, therefore it can not use > any hardware crypto devices. > > Usually the chip itself can do the necessary operations, but that seems > disabled. It's all done in software, I think. > > More generally, "modern" CPUs hardly break a sweat doing a few crypto > ops. The overhead to talk to accelerator cards is usually large and > only makes sense on (really) slow hardware. Then there is the whole > issue of bus bandwidth and transferring the same data n times. Do you think an AMD Elan 133 Mhz is "modern" enough for at 54/mbit wireless WPA2 throughput? > > > > > /Martin
Re: Wireless WPA and crypto hardware
On Sat, Dec 15, 2012 at 06:24:38PM +0100, Stefan Sperling wrote: > On Sat, Dec 15, 2012 at 12:00:07PM -0500, Nick Holland wrote: > > On 12/15/12 11:45, Martin Kjær Jørgensen wrote: > > > Do you think an AMD Elan 133 Mhz is "modern" enough for at 54/mbit > > > wireless WPA2 throughput? > > > > Are you kidding me? > > That's about as non-modern as OpenBSD/i386 supports. Seriously. > > That's a 4x clock multiplied 486. > > The only things less modern and supported are 3x, 2x, and 1x 486 chips. > > > > The machines I have seen those chips in have difficulty pumping that > > much data, ignoring encryption (though in large part, I suspect, due to > > the crappy NIC chips). > > > > Nick. > > Not to mention that OpenBSD-based access points rarely sustain 54Mbit/s > throughput in general. Rate adaptation in the net80211 stack is rather basic. > Most of the time slower speeds are selected even if in close range to the AP. > There's a high amount of interference where I live and wireless speed > usually settles at 1 or 2Mbit/s even right next to the AP. > > sephe at Dragonfly has made some interesting changes to rate adaptation > in his patches to their version of ral(4) and the Dragonfly network stack. > I took a look at them once but they're mostly over my head so I gave up on > porting them. But such improvements are unlikely to help a 133Mhz PC anyway :) > Sounds like OpenBSD is not quite ready for being a production Access Point.
openbsd 5.2 on soekris softraid boot error code 91
Hi I've just installed OpenBSD 5.2 on my Soekris 6501. Im using two WDC WD2500BPVT-22JJ5T0 disks in RAID1. Installation goes well and the system boots fine the first time. After reboot I'm greeted with the following error: Using drive 0, partition 3. Loading... probing: pc0 com0 mem[620K 2046M a20=on] disk: hd0+ hd1+ sr0* >> OpenBSD/amd64 BOOT 3.20 open(sr0a:/etc/boot.conf): Unknown error: code 91 boot> booting sr0a:/bsd: open sr0a:/bsd: Unknown error: code 91 failed(91). will try /bsd boot> booting sr0a:/bsd: open sr0a:/bsd: Unknown error: code 91 failed(91). will try /bsd Turning timeout off. boot> This error occurs everytime I "reboot" or press the reset-button on the back of the chassis. At first when I pulled the powerplug and pluged it in, it booted fine the first time, but now I cant even do that anymore. I fear its a hardware issue. Does anyone know what this is, or what error code 91 means?
Re: openbsd 5.2 on soekris softraid boot error code 91
On Tue, Jan 15, 2013 at 02:15:34PM +1100, Joel Sing wrote: > On Tue, 15 Jan 2013, Martin Kjær Jørgensen wrote: > > Hi > > > > I've just installed OpenBSD 5.2 on my Soekris 6501. Im using two WDC > > WD2500BPVT-22JJ5T0 disks in RAID1. > > > > Installation goes well and the system boots fine the first time. > > After reboot I'm greeted with the following error: > > > > Using drive 0, partition 3. > > Loading... > > probing: pc0 com0 mem[620K 2046M a20=on] > > disk: hd0+ hd1+ sr0* > > > > >> OpenBSD/amd64 BOOT 3.20 > > > > open(sr0a:/etc/boot.conf): Unknown error: code 91 > > boot> > > booting sr0a:/bsd: open sr0a:/bsd: Unknown error: code 91 > > failed(91). will try /bsd > > boot> > > booting sr0a:/bsd: open sr0a:/bsd: Unknown error: code 91 > > failed(91). will try /bsd > > Turning timeout off. > > boot> > > > > This error occurs everytime I "reboot" or press the reset-button on > > the back of the chassis. > > At first when I pulled the powerplug and pluged it in, it booted fine > > the first time, but now I cant even do that anymore. > > I fear its a hardware issue. > > Are you saying that it does sometimes boot from sr0? Yes. > > > Does anyone know what this is, or what error code 91 means? > > man errno: > > 91 ENOTSUP Not supported. The operation has requested an unsupported > value. > > The 'sr0*' means that it found the softraid volume and that it is marked as > bootable. Are you certain that it is a RAID 1 partition? The main reason that > it would return ENOTSUP is if it encountered a RAID level that is currently > unsupported (e.g. RAID 0). It should be. The softraid have been created with the following command: bioctl -c 1 -l /dev/sd0d,/dev/sd1d softraid0 The "-c 1" should mean RAID1 > -- > > "Reason is not automatic. Those who deny it cannot be conquered by it. > Do not count on them. Leave them alone." -- Ayn Rand
Favorite configuration and system replication tools?
Hello, I was wondering which programs you use for replicating/copying/syncing environments/configs on your openbsd systems with between your desktops (home or work) and laptops? Example programs for this could be syncthing, stow, chezmoi, etc. Do you also maintain installeded/removed packages in some standard way across systems so that you have reasonable consistent systems to work on? All thoughts are welcome.
