Openbsd 6.1 and Current Console Freezes and lockup Proxmox PVE5.0
Hello, Im trying to deploy OpenBSD on Proxmox VE 5.0 (QEMU) /KVM Hypervisor running on Debian sarge Im noticing the console locks up (either Serial console ) or VGA Console locks up in the following circumstances 1) during installation of OpenBSD (when the installer is copying files to disk) 2)
Re: Openbsd 6.1 and Current Console Freezes and lockup Proxmox PVE5.0
Apologies... Incomplete Mail ... was feeling Trigger happy and now im certainly feeling uncomfortably dumb :) proper bug report to come tomorrow, Its a long story... :/ Thanks On 19 July 2017 at 01:00, Tom Smyth wrote: > Hello, > > Im trying to deploy OpenBSD on Proxmox VE 5.0 (QEMU) /KVM > Hypervisor running on Debian sarge > > Im noticing the console locks up (either Serial console ) or VGA Console > locks up in the following circumstances > 1) during installation of OpenBSD (when the installer is copying files to > disk) > 2)
Re: Openbsd 6.1 and Current Console Freezes and lockup Proxmox PVE5.0
Hi Tim, all I have submitted a bug report, just now regarding Proxmox 5.0 or earlier support im afraid im not familiar with the earlier versions and we were testing the platform to use with openBSD on top. problem, the OpenBSD VGA Console of the VM freezes when OpenBSD 6.1 release or 6.1 Current (amd64) is installed on proxmox 5.0 ve this seems to happen after about 5-10 minutes of uptime and can be brought on or exacerbated by holding down any key eg when the console freezes, proxmox reports one of the 4 cores assigned to the machine is at 100% (25% constant usage) ssh sessions that were established are terminated only a reboot recovers the situation. (until the next freeze) diagnostics it happens regardless of emulated processor type it happens regardless of emulated storage type it happes regardless of emulated network type it happens on multiple generations of Intel Processors. intel X5460 & on intel e5 2660 V2 it happens regardless of cache settings on the storage Fix or workaround use serial console only and set the Proxmox VM Display to "serial 0" (removing the vga adapter) this seems to make it stable for longer ( more details to follow) I will update the thread if there are any problems encountered Thanks Tom Smyth On 19 July 2017 at 02:14, trondd wrote: > On Tue, July 18, 2017 8:14 pm, Tom Smyth wrote: >> Apologies... >> Incomplete Mail ... was feeling Trigger happy and now im certainly >> feeling uncomfortably dumb :) >> >> proper bug report to come tomorrow, >> Its a long story... :/ >> Thanks >> > > When you do come back, mention if this is new with Proxmox 5.0 and if > you've used previous versions succesfully. > > I have been running OpenBSD on Proxmox for 2 or 3 years with no problems. > I think I am still on 4.x, though. I'll check tomorrow. > > Tim. > > -- Kindest regards, Tom Smyth Mobile: +353 87 6193172 The information contained in this E-mail is intended only for the confidential use of the named recipient. If the reader of this message is not the intended recipient or the person responsible for delivering it to the recipient, you are hereby notified that you have received this communication in error and that any review, dissemination or copying of this communication is strictly prohibited. If you have received this in error, please notify the sender immediately by telephone at the number above and erase the message You are requested to carry out your own virus check before opening any attachment.
Re: Openbsd 6.1 and Current Console Freezes and lockup Proxmox PVE5.0
Hello Tim, All, Just an Update, (copied from bugs mailing list to keep you in the loop, Proxmox5.0 running on AMD Opteron G2 2435 Based systems are NOT affected by the bug So the Bug seems to only affect Intel systems (well) IvyBridge Xeon e5 2660-v2 or Xeon X5650 based systems the OPenBSD 6.1 Release and OpenBSD Current systems running on proxmox 5.0 ve run fine without the Standard VGA Display...on Intel systems (ie they are operating on serial console only) I hope this helps
Re: Openbsd 6.1 and Current Console Freezes and lockup Proxmox PVE5.0
Hi Viq, Regarding your email >And removing VGA and switching to serial console only didn't help in my >case, as I did that around the time I sent my previous mail, and I'm >writing this one just after doing a hard reboot of a hanged VM. Can you confirm that you set the serial console, and then set the display in Proxmox to serial 0 ? it seemed to work for me ... I also found that if I changed to the serial console and I set a custom disk setup, such as / offset 2048 with a size of 2G swap with a size of 4G and any partition after that (eg / var ) the installer would hang when copying to disk, but if I just set defaults autopartion / or just 2 partitions the installer would not hang... once the install was complete I set the display to serial 0 exclusively then.. ie use vga to set the boot parameters to use serial 0 as the console then continue with the installer shutdown,and modify proxmox guest Display to serial 0 after that I saw improved stability I hope this helps Tom Smyth
Re: Openbsd 6.1 and Current Console Freezes and lockup Proxmox PVE5.0
Hello Jorge, > Tom, > > I guess this problem is related to pve 5.0 kernel, try to install pve 4.4 > kernel. > > JP I can confirm that Proxmox 4.4 works fine with Ivy Bridge Processors with host CPU exposed to the guest... -- Kindest regards, Tom Smyth Mobile: +353 87 6193172 The information contained in this E-mail is intended only for the confidential use of the named recipient. If the reader of this message is not the intended recipient or the person responsible for delivering it to the recipient, you are hereby notified that you have received this communication in error and that any review, dissemination or copying of this communication is strictly prohibited. If you have received this in error, please notify the sender immediately by telephone at the number above and erase the message You are requested to carry out your own virus check before opening any attachment.
OpenBSD Traning Docs / How Tos
Hello ladies and lads, Im currently working on internal training documentation for our operations and field teams for dealing with OpenBSD based equipment. These documents would focus on OpenBSDs Network stack and its capabilities, diagnostics and configuration manipulation Since Im going to that trouble I thought maybe My effort could be aligned with the goals of the project, and perhaps reduce the workload from some of the developers / advocates of the OpenBSD Project. I was discussing this with some developers at BSDCan but I didnt come away with a clear view of how to approach it. Could the members of OpenBSD who are responsible for OpenBSD Documentation, and indeed anyone who is interested in advancing / improving the documentation of OpenBSD get in touch so that I can adopt an approach that is compatible with the overall direction of the project and that I can finally provide practical support for a project that I have benefited from for so long. My initial thinking is 1) learn mandoc (Thanks to Philip & Reyk for pointing this out in BSDCan ) and try to author/ improve Examples sections of existing man pages. One that comes to mind is a point to point addressing on GRE tunnels for example or perhaps providing alternate hostname.if configuration lines that equate to ifconfig command arguments, (as a humble user I sometimes find the subtle differences between ifconfig syntax and hostname.if syntax a barrier to fully utilising OpenBSD to achieve our objectives on our network.) 2) work with interested parties who would like to see some concept driven / example driven documentation 3) I really like the snappy slick presentation of the training slides at http://www.openbsdjumpstart.org however I have since learned CSS / HTLML with out JS is preferred. If someone has templates for creating training slides / that rely only on HTML and CSS I would love to use those to create HTML help pages as well as man pages. in a nutshell Im writing content anyway... so maybe I can do it in a way that is both accessible for users and is useful for the OpenBSD Project. thanks for your time, All the best Tom Smyth
Re: Supporting OpenBSD
@ Radoslav Mirza I should have read your mail thread before writing the OpenBSD Traning Docs / How Tos If you are on for some doc work im happy to work with you on it Thanks Tom
Re: OpenBSD Traning Docs / How Tos
Hello Ingo, Theo, all, Thanks for taking the time to respond to my mail, I understand & agree with many of your points made, the ones I disagree with I will discuss with you over a Pint of Beer or 2, at some conference :) Ill take on board your suggestions of lots of little edits / little patches as opposed to large re-works of manuals / docs. Both of your inputs allow me to make a start at it ...and we will take it from there. We can revisit the possibility of tutorials (Not How Tos)once my understanding and documentation ability improves and that I can formulate a proposed approach that the team would would be happy with. (but this is clearly some way down the road) Thanks again and any other suggestions and tips welcome PS @Ingo Appreciate the pointers to your slides on mdoc(7) On 8 August 2017 at 03:48, Ingo Schwarze wrote: > Hi Tom, > > you are aware that the term "HOWTO" is very strongly detested round > here, right? It is considered a synonym for so-called documentation > that is imprecise, unsystematic, and tells the user to type some > random commands they won't understand because the HOWTO doesn't > really explain how things actually work. > > > Tom Smyth wrote on Mon, Aug 07, 2017 at 11:46:46PM +0100: > >> Im currently working on internal training documentation for >> our operations and field teams for dealing with OpenBSD based >> equipment. These documents would focus on OpenBSDs Network stack >> and its capabilities, diagnostics and configuration manipulation > > It would probably be hard to pick an area where working on the > documentation is harder than in the vicinity of the network stack. > Some important manual pages in that area are below-average quality > both regarding content and markup (including pf.conf(5) and > ifconfig(8)), and that is not a coincidence: The subject matter is > unusually difficult, the number of features to explain is unusually > large, the number of people qualified to judge the accuracy of the > manual pages and proposed changes is unusually small, and many of > them are unusually busy. > >> Since Im going to that trouble I thought maybe my effort could >> be aligned with the goals of the project, > > As a matter of principle, OpenBSD documentation is reference > documentation. So if you want to help the project, that would mean > improving manual pages (or maybe occasionally the FAQ, but much > less frequently). Both aim for exactness and conciseness above all > else, so writing substantial amounts of new text is unlikely to help. > >> and perhaps reduce the workload from some of the developers > > I'm not aware of any developers who currently spend significant > time on network stack documentation, so the effect would be improving > documentation, not reducing workload. But that is fine, we consider > documentation important. > > It will *increase* the workload on the developers in question because > they will have to check your diffs - jmc@ and myself will usually > be unable to do that alone because we don't understand the network > stack well enough. > >> advocates of the OpenBSD Project. > > I'm not aware of the existance of advocates, and there are certainly > no advocates who work on documentation. > >> I was discussing this with some developers at BSDCan but I didnt >> come away with a clear view of how to approach it. > > Give the manual pages to your field engineers as training documentation > for specific tasks, see how they fare with them, and if they fail > to set things up properly, figure out why. If the reason is that > they don't read carefully enough (being used to low-quality > documentation), work with them to improve their reading skills. If > the reason is that some features are not described, or with too > little precision, or wrongly, send patches to fix the gaps and bugs. > If the reason is that everything is described exactly but the subject > matter is so complicated that assembling actual commands or > configuration from the description alone is very hard, work on > adding or improving examples, focussing on *conciseness*. In any > case, the shorter the patches you send, the better. Anything > containing long newly-written text is probably of little use, at > least until you will have collected a lot of experience working on > OpenBSD documentation. > > It seems likely to me that all three elements will be needed, and > that both the first and the second will require more time and effort > than the third. > >> Could the members of OpenBSD who are responsible for OpenBSD >> Documentation, and indeed anyone who is interested in advancing / >> improving the documentation of OpenBSD get in touch
Re: Openbsd 6.1 and Current Console Freezes and lockup Proxmox PVE5.0
Hello, I have had this issue in proxmox in 5.0 in all releases (the beta 1, beta2 and the july 4th release of PRoxmox 5 and the update in August on intel systems with CPUS newer than the X5460) Curiously it worked fine as far as I could tell on AMD systems (Opteron Gen 2/ gen 3 systems) I have posted in Bugs, https://marc.info/?l=openbsd-bugs&m=150097397016837&w=2 To be fair to OpenBSD it wasnt a bug in 6.1 (as proxmox 5.0 was not released when 6.1 was released, however Current 6.1+ didnt work either I had opened a Ticket with Proxmox and worked on it for about a month and they couldn't repeat it which is weird cause it was just too easy for me to crash openbsd on Proxmox 5.0. Other operating systems running on Proxmos 5.0 seem to be unaffected so this issue will only become a bug when OpenBSD 6.2 is released :) OpenBSD 6.1 & 6.0 work fine in proxmox PVE 4.4 on the same hardware I hope this helps Tom Smyth
Re: Openbsd 6.1 and Current Console Freezes and lockup Proxmox PVE5.0
rt 1 configuration 1 interface 0 "QEMU QEMU USB Tablet" rev 2.00/0.00 addr 2 uhidev0: iclass 3/0 ums0 at uhidev0: 3 buttons, Z dir wsmouse1 at ums0 mux 0 vscsi0 at root scsibus3 at vscsi0: 256 targets softraid0 at root scsibus4 at softraid0: 256 targets root on sd0a (9ce3c4cfff12a7d0.a) swap on sd0b dump on sd0b fd0 at fdc0 drive 1: density unknown I hope this helps... I will do more extensive testing but I got much further with this no hangs on the Console window seen so far On 8 October 2017 at 15:55, Tom Smyth wrote: > Hello, > > I have had this issue in proxmox in 5.0 in all releases > (the beta 1, beta2 and the july 4th release of PRoxmox 5 and the > update in August on intel systems with CPUS newer than the X5460) > Curiously it worked fine as far as I could tell on AMD systems > (Opteron Gen 2/ gen 3 systems) > > I have posted in Bugs, > https://marc.info/?l=openbsd-bugs&m=150097397016837&w=2 > > To be fair to OpenBSD it wasnt a bug in 6.1 (as proxmox 5.0 was not > released when 6.1 was released, > however Current 6.1+ didnt work either I had opened a Ticket with > Proxmox and worked on it for about a month > and they couldn't repeat it which is weird > cause it was just too easy for me to crash openbsd on Proxmox 5.0. > Other operating systems running on Proxmos 5.0 seem to be unaffected > > so this issue will only become a bug when OpenBSD 6.2 is released :) > > OpenBSD 6.1 & 6.0 work fine in proxmox PVE 4.4 on the same hardware > > I hope this helps > > Tom Smyth
Re: Openbsd 6.1 and Current Console Freezes and lockup Proxmox PVE5.0
Hi Mike Just to say the gaps in ping response seems get worse as the uptime increases ie with the uptime around 5 minutes the gaps between ping results are around 1 sec (what I consider normal) with the uptime around 2 hrs 45 minutes the gaps between ping results are 13 sec with the uptime 8 hrs 30 minutes the gaps between ping results are 35 seconds Output of sysctl kern.timecounter below kern.timecounter.tick=1 kern.timecounter.timestepwarnings=0 kern.timecounter.hardware=acpihpet0 kern.timecounter.choice=i8254(0) acpihpet0(1000) acpitimer0(1000) dummy(-100) I will change the ACPI now to i8254 and report back later on Thanks On 26 October 2017 at 20:25, Mike Belopuhov wrote: > On Thu, Oct 26, 2017 at 19:05 +0100, Tom Smyth wrote: >> Lads, >> >> Im pleased to say that my testing of OpenBSD 6.1 and OpenBSD 6.2 >> Release >> amd64 , >> appear to work a little better in Proxmox PVE5.1 as released this week, >> >> I used iso version 5.1-722cc488-1 from Proxmox >> Updated on 24 October 2017 >> >> The Console no longer freezes but after a few hours >> the console (vga console accessed via Proxmox webinterface seems >> to lag a little >> the interval between pings for instance takes up to 13 seconds, which >> is a bit strange... ie it takes 13 seconds for each line of Ping result >> which is u >> Ill report more feedback later, but at least OpenBSD is not freezing >> as bad in this >> version of Proxmox PVE 5.1 >> > > Hi, > > Can you please show us the output of "sysctl kern.timecounter". > If you're currently using an acpihpet0, can you please try > switching to the acpitimer0 (and if that doesn't help, i8254) via > > sysctl kern.timecounter.hardware=acpitimer0 > > and attempt to reproduce the 13 secod delay. > > Regards, > Mike
Re: Openbsd 6.1 and Current Console Freezes and lockup Proxmox PVE5.0
Hello Mike just to follow up the issue seems to still occur with the kern.timecounter hardware set to i8254 sysctl kern.timecounter kern.timecounter.tick=1 kern.timecounter.timestepwarnings=0 kern.timecounter.hardware=i8254 kern.timecounter.choice=i8254(0) acpihpet0(1000) acpitimer0(1000) dummy(-100) when I ping after boot there is the normal 1 Second interval between ping result lines however at after 25 minutes runtime there is about 4 seconds of an interval between the ping result lines Thanks Tom Smyth On 27 October 2017 at 03:51, Tom Smyth wrote: > Hi Mike > > Just to say the gaps in ping response seems get worse as the uptime increases > ie > with the uptime around 5 minutes the gaps between ping results are around 1 > sec > (what I consider normal) > with the uptime around 2 hrs 45 minutes the gaps between ping results are 13 > sec > with the uptime 8 hrs 30 minutes the gaps between ping results are 35 seconds > > Output of sysctl kern.timecounter below > > kern.timecounter.tick=1 > kern.timecounter.timestepwarnings=0 > kern.timecounter.hardware=acpihpet0 > kern.timecounter.choice=i8254(0) acpihpet0(1000) acpitimer0(1000) > dummy(-100) > > I will change the ACPI now to i8254 and report back later on > Thanks > > > On 26 October 2017 at 20:25, Mike Belopuhov wrote: >> On Thu, Oct 26, 2017 at 19:05 +0100, Tom Smyth wrote: >>> Lads, >>> >>> Im pleased to say that my testing of OpenBSD 6.1 and OpenBSD 6.2 >>> Release >>> amd64 , >>> appear to work a little better in Proxmox PVE5.1 as released this week, >>> >>> I used iso version 5.1-722cc488-1 from Proxmox >>> Updated on 24 October 2017 >>> >>> The Console no longer freezes but after a few hours >>> the console (vga console accessed via Proxmox webinterface seems >>> to lag a little >>> the interval between pings for instance takes up to 13 seconds, which >>> is a bit strange... ie it takes 13 seconds for each line of Ping result >>> which is u >>> Ill report more feedback later, but at least OpenBSD is not freezing >>> as bad in this >>> version of Proxmox PVE 5.1 >>> >> >> Hi, >> >> Can you please show us the output of "sysctl kern.timecounter". >> If you're currently using an acpihpet0, can you please try >> switching to the acpitimer0 (and if that doesn't help, i8254) via >> >> sysctl kern.timecounter.hardware=acpitimer0 >> >> and attempt to reproduce the 13 secod delay. >> >> Regards, >> Mike -- Kindest regards, Tom Smyth Mobile: +353 87 6193172 The information contained in this E-mail is intended only for the confidential use of the named recipient. If the reader of this message is not the intended recipient or the person responsible for delivering it to the recipient, you are hereby notified that you have received this communication in error and that any review, dissemination or copying of this communication is strictly prohibited. If you have received this in error, please notify the sender immediately by telephone at the number above and erase the message You are requested to carry out your own virus check before opening any attachment.
Re: Openbsd 6.1 and Current Console Freezes and lockup Proxmox PVE5.0
Hello Theo, Mike, All, @Theo Understood it is important to protect developers and the project goals ... @Mike Thanks for your Generosity in the time you took on this thread, Yes I want Mike to make VMM more awesome :) @Mike keep up the good work I cant disagree with any point that Theo made in his email on this tread that said, unfortunately I cant always choose my hypervisor and I dearly want to run OpenBSD on it proxmox... I do think (based on the fact that OpenBSD 6.0-6.2 works on PVE 4.4 it is probably a (virtual Hardware issue ) .. not necessarily an OpenBSD issue I will raise this with the PVE Support guys (as I have already done since mid July ) Any further posts on this thread from me will be (hopefully for other OpenBSD users benefit (if I make progress) and certainly not intended as a request or a distraction for Core OpenBSD Developers All the Best, Tom Smyth On 27 October 2017 at 06:37, Theo de Raadt wrote: > Tom, > > A virtual machine setup is an operating system running on an operating > system on top of an operating system. > > OK, not quite. The middle one, the VM itself, is as a bit less > complex than a full operating system as machine-independent code goes, > but nevertheless the machine-dependent bat-shit-crazy stuff is far > more complex with gobs of extremely messy nuances face it on both > sides because x86 is a fucking minefield > > Everyone needs to adjust their expectation that all 3 layers are > perfect, AND not assume that it is our layer doing the wrong thing > > Really the layers should simplify but the current marketplace is still > gaining more value out of product differentiation than > simplification+convergence, both sw and hw > > Even if our subsystem isn't doing something 'right', it is NOT the > stated goal of OpenBSD to run well on every garbage VM, because it has > become impossible for the little guy to be perfect. > > Concerted efforts to diagnose and improve these low-level issues uses > the same crowd of people who are trying to improve other edges which > may be more important. do you want our vmm to work well? or do you > want us to work better on someone else's vmm? Sorry, limited > skillset, pick what you want mlarkin to focus on! But that is unfair, > and even if he listened to your wishlist, UNPRODUCTIVE. > > Where does this go? Get ready for monopolies in everything, or > oligopolies at best... or fight their establishment. > >> Just to say the gaps in ping response seems get worse as the uptime >> increases >> ie >> with the uptime around 5 minutes the gaps between ping results are around 1 >> sec >> (what I consider normal) >> with the uptime around 2 hrs 45 minutes the gaps between ping results are 13 >> sec >> with the uptime 8 hrs 30 minutes the gaps between ping results are 35 >> seconds >> >> Output of sysctl kern.timecounter below >> >> kern.timecounter.tick=1 >> kern.timecounter.timestepwarnings=0 >> kern.timecounter.hardware=acpihpet0 >> kern.timecounter.choice=i8254(0) acpihpet0(1000) acpitimer0(1000) >> dummy(-100) >> >> I will change the ACPI now to i8254 and report back later on >> Thanks >> >> >> On 26 October 2017 at 20:25, Mike Belopuhov wrote: >> > On Thu, Oct 26, 2017 at 19:05 +0100, Tom Smyth wrote: >> >> Lads, >> >> >> >> Im pleased to say that my testing of OpenBSD 6.1 and OpenBSD 6.2 >> >> Release >> >> amd64 , >> >> appear to work a little better in Proxmox PVE5.1 as released this week, >> >> >> >> I used iso version 5.1-722cc488-1 from Proxmox >> >> Updated on 24 October 2017 >> >> >> >> The Console no longer freezes but after a few hours >> >> the console (vga console accessed via Proxmox webinterface seems >> >> to lag a little >> >> the interval between pings for instance takes up to 13 seconds, which >> >> is a bit strange... ie it takes 13 seconds for each line of Ping result >> >> which is u >> >> Ill report more feedback later, but at least OpenBSD is not freezing >> >> as bad in this >> >> version of Proxmox PVE 5.1 >> >> >> > >> > Hi, >> > >> > Can you please show us the output of "sysctl kern.timecounter". >> > If you're currently using an acpihpet0, can you please try >> > switching to the acpitimer0 (and if that doesn't help, i8254) via >> > >> > sysctl kern.timecounter.hardware=acpitimer0 >> > >> > and attempt to reproduce the 13 secod delay. >> > >> > Regards, >> > Mike >> >
no route to host (when there is a route )
Hello, I have encountered this issue for a while, it happens irregularly on my systems on this lan basically when the issue occurs I cant route out the interface with the default route on it, I cant ping the gateway I cant see the arp of the gateway but i can see the routes installed in the routing table are there other commands I should be looking at to debug it more Im using ifconfig arp route when i run run sh /etc/netstart em0 then normal operation returns The only (unusual network config) im using is that im deploying more specific static routes (than the connected route) to allow clients on a non broadcast network to route to each other ie if a client wants to talk to another client send packet to default gateway (icmp redirects are off on the gateway) the output of ping and arp when it happens are as follows # ping 5.134.92.1 PING 5.134.92.1 (5.134.92.1): 56 data bytes ping: sendto: No route to host ping: wrote 5.134.92.1 64 chars, ret=-1 ping: sendto: No route to host ping: wrote 5.134.92.1 64 chars, ret=-1 ping: sendto: No route to host ping: wrote 5.134.92.1 64 chars, ret=-1 --- 5.134.92.1 ping statistics --- 3 packets transmitted, 0 packets received, 100.0% packet loss #ifconfig em0 em0: flags=8843 mtu 1500 lladdr 00:0d:b9:46:33:50 index 1 priority 0 llprio 3 groups: egress media: Ethernet autoselect (100baseTX full-duplex) status: active inet 5.134.92.142 netmask 0xfc00 broadcast 5.134.95.255 below is an output of the routing table when it is not working # route -n -T0 show Routing tables Internet: DestinationGatewayFlags Refs Use Mtu Prio Iface default5.134.92.1 UGS278893 - 8 em0 224/4 127.0.0.1 URS0 609 32768 8 lo0 5.134.92/225.134.92.142 UC 00 - 4 em0 5.134.92/235.134.92.1 UGS080897 - 8 em0 5.134.94/235.134.92.1 UGS0 396 - 8 em0 5.134.92.142 00:0d:b9:46:33:50 UHLl 0 52 - 1 em0 5.134.95.255 5.134.92.142 UHb00 - 1 em0 127/8 127.0.0.1 UGRS 00 32768 8 lo0 127.0.0.1 127.0.0.1 UHl16 32768 1 lo0 185.55.204/23 5.134.92.1 UGS0 24 - 8 em0 185.55.206/23 5.134.92.1 UGS0 21 - 8 em0 Internet6: DestinationGateway Flags Refs Use Mtu Prio Iface ::/96 ::1UGRS 00 32768 8 lo0 ::/104 ::1UGRS 00 32768 8 lo0 ::1::1UHl 14 14 32768 1 lo0 ::127.0.0.0/104::1UGRS 00 32768 8 lo0 ::224.0.0.0/100::1UGRS 00 32768 8 lo0 ::255.0.0.0/104::1UGRS 00 32768 8 lo0 :::0.0.0.0/96 ::1UGRS 00 32768 8 lo0 2002::/24 ::1UGRS 00 32768 8 lo0 2002:7f00::/24 ::1UGRS 00 32768 8 lo0 2002:e000::/20 ::1UGRS 00 32768 8 lo0 2002:ff00::/24 ::1UGRS 00 32768 8 lo0 fe80::/10 ::1UGRS 00 32768 8 lo0 fec0::/10 ::1UGRS 00 32768 8 lo0 fe80::1%lo0fe80::1%lo0UHl 00 32768 1 lo0 ff01::/16 ::1UGRS 21 21 32768 8 lo0 ff01::%lo0/32 ::1Um 01 32768 4 lo0 ff02::/16 ::1UGRS 21 21 32768 8 lo0 ff02::%lo0/32 ::1Um 01 32768 4 lo0 - - below is the output of the routing table when it is working # route -n -T0 show Routing tables Internet: DestinationGatewayFlags Refs Use Mtu Prio Iface default5.134.92.1 UGS551573 - 8 em0 224/4 127.0.0.1 URS0 1060 32768 8 lo0 5.134.92/225.134.92.142 UC 10 - 4 em0 5.134.92/23
Re: no route to host (when there is a route )
Hello Ingo, Martin,All, I think you hit the nail on the head, (I was too busy looking at the routing table (and forgot the fundamental principle of longest prefix match) so if I have a static arp entry before adding in the (more specific than the connected route) i should be OK just to explain (the method in my madness ) (what i agree in hindsight is a fragile setup) basically I have a /22 network the clients are isolated from each other on Layer 2 (so the clients cant see each others arp requests / replys) (Bridge horizon / protected ports / privatevlan) to limit bandwith wasting stuff such as broadcasts and other security issues such as rogue DHCP servers etc. The clients can only see the gateway and the gateway can see all the clients .. I have heard of people using some proxy arp solutions on the gateway and perhaps that is what I should be doing rather than the ( more specific than connected static routes) Does anyone who operate Access layer in ISPS have suggestions I appreciate the help and the reminder of the longest prefix match rule :) Thanks again On 1 May 2018 at 21:03, Martin Pieuchot wrote: > On 01/05/18(Tue) 21:28, Ingo Schwarze wrote: >> [...] >> So what you are doing seems fragile to me. It may sometimes work >> due to order of configuration, timeouts, whatever, i'm not sure. > > It can work if the ARP entry, what Ingo called the /32 is created > before you add your /23. > >> But once part of it gets broken for whatever reason, i don't see >> how it could possibly automatically recover via the normal RTF_CLONING >> mechanism. > > It can't because as you described the /23 will be a better match. And the > reason will be the expiration of the ARP cache.
Re: no route to host (when there is a route )
Ingo , Martin, All, i can confirm when the issue occured the command arp -s gateway-ip-address gateway-mac-address worked to restore connectivity Cheers, Tom Smyth On 1 May 2018 at 21:16, Tom Smyth wrote: > Hello Ingo, Martin,All, > > I think you hit the nail on the head, (I was too busy looking at the > routing table (and forgot the fundamental principle of longest prefix > match) > > so if I have a static arp entry before adding in the > (more specific than the connected route) i should be OK > > just to explain (the method in my madness ) > (what i agree in hindsight is a fragile setup) > basically I have a /22 network the clients are isolated from each > other on Layer 2 (so the clients cant see each others > arp requests / replys) (Bridge horizon / protected ports / privatevlan) > to limit bandwith wasting stuff such as broadcasts and other > security issues such as rogue DHCP servers etc. > > The clients can only see the gateway > and the gateway can see all the clients .. I have heard of people > using some proxy arp solutions on the gateway and perhaps > that is what I should be doing rather than the ( more specific > than connected static routes) > > Does anyone who operate Access layer in ISPS have suggestions > I appreciate the help and the reminder of the longest prefix match > rule :) > > Thanks again > > On 1 May 2018 at 21:03, Martin Pieuchot wrote: >> On 01/05/18(Tue) 21:28, Ingo Schwarze wrote: >>> [...] >>> So what you are doing seems fragile to me. It may sometimes work >>> due to order of configuration, timeouts, whatever, i'm not sure. >> >> It can work if the ARP entry, what Ingo called the /32 is created >> before you add your /23. >> >>> But once part of it gets broken for whatever reason, i don't see >>> how it could possibly automatically recover via the normal RTF_CLONING >>> mechanism. >> >> It can't because as you described the /23 will be a better match. And the >> reason will be the expiration of the ARP cache.
Re: Limit CPU usage of a process?
would the renice command be of any use ... to change the priority of the process ? On 27 May 2018 at 22:09, BergenBergen BergenBergen wrote: > I'd much rather prefer a generic tool that could limit any process, rather > than trying to come up with ways to strip down ones browser. > > FreeBSD has a cpulimit (https://github.com/opsengine/cpulimit/) port, and > it would be nice if OpenBSD could too. I'm not skilled enough to make one, > but I'd gladly make a donation to whomever could. > > Regards, > Murk > > > On Sun, May 27, 2018 at 10:34 PM, Consus wrote: > >> On 20:02 Sun 27 May, Kevin Chadwick wrote: >> > Umatrix is a good javascript control extension. Some websites are even >> > running bitcoin mining without asking your permission. Theft of >> > electricity in my book. >> >> Hell, javascript itself is a theft of electricity. >> >> -- Kindest regards, Tom Smyth Mobile: +353 87 6193172 The information contained in this E-mail is intended only for the confidential use of the named recipient. If the reader of this message is not the intended recipient or the person responsible for delivering it to the recipient, you are hereby notified that you have received this communication in error and that any review, dissemination or copying of this communication is strictly prohibited. If you have received this in error, please notify the sender immediately by telephone at the number above and erase the message You are requested to carry out your own virus check before opening any attachment.
Re: OpenBSD in qemu freezes randomly
Hi Stuart, I had a similar issue on Proxmox /KVM the issue doesnt affect linux guests / windows guests on a KVM Box It doesnt affect OpenBSD running on Older versions of KVM / Linux Kernel (4.x) it would appear to be a compatibility issue between an openBSD guest and the virtual hardware (virtual timers) as presented by newer KVM boxes http://openbsd-archive.7691.n7.nabble.com/Performance-issues-as-KVM-guest-td334612.html as Stuart Henderson pointed out kernel pre-emption timer disabling worked for us and would probably help you... that said the Kernel Patch as mentioned by Kaptaniks sounds interesting and may be a more permanent fix (on my to do list to try ...) Thanks Tom Smyth On 19 June 2018 at 21:09, Stuart Longland wrote: > On 20/06/18 00:21, Leo Unglaub wrote: >> Hi, >> i have searched the list archive and found some similar reports but none >> of them found a solution for the problem. (at least not the threads i >> have found) >> >> I run some OpenBSD 6.3 instances in a virtual environment. The host is >> some unknown Linux distribution with qemu on it. After the data center >> updated there kernels and also qemu my virtual OpenBSD instances startet >> to freeze randomly but almost always during login. They freeze up so >> hard that i cannot drop into a debugger or get any output whatsoever. >> There is not even a core dump, nothing. Just for testing purposes i >> installed a 6.2 as well and did syspatch on it just to see if the error >> happens there as well and it does. I have added a dmesg on the bottom of >> the email. > > I had a problem like this as well, this was about the time I was > battling rl0 issues on an old industrial PC, so thought it might've been > something else causing the issues. > > With the exception of the border router, all my other OpenBSD instances > are virtual machines. Updating the VMs to 6.3 proved to be quite an > adventure as the kernel would randomly freeze up. `virt-manager` would > show the virtual processor spinning at 100% CPU, `top` on the host would > show qemu-system-x86_64 consuming 100% CPU. > > One spot it'd freeze up (in the installer) is creating /dev nodes, and > sometimes when re-linking the kernel. Very rarely, it will freeze up on > the production install. > > None of the Linux guests are affected, it's just OpenBSD. I've seen it > in 6.1, 6.2 and 6.3. (They were 6.1 VMs; did the update to 6.2 then to > 6.3.) > > Due to resets during install, one of my routers complains (the > "insecurity" report from cron) about permissions and ownership on /dev > nodes as a result. It's on my TO-DO list to clean this up. > > https://www.mail-archive.com/misc@openbsd.org/msg161846.html was posted > as a response to me trying to find a work-around until such time as I > could investigate it further. > > If it happens again, I wonder if it's worth breaking into the QEMU > monitor and seeing where the CPU registers are pointed and to inspect > the RAM on the VM to figure out where in the kernel OpenBSD is spinning? > (Although trying to figure out where in the kernel a particular hex > dump of machine code came from will be "fun".) > > Regards, > -- > Stuart Longland (aka Redhatter, VK4MSL) > > I haven't lost my mind... > ...it's backed up on a tape somewhere. > -- Kindest regards, Tom Smyth Mobile: +353 87 6193172 The information contained in this E-mail is intended only for the confidential use of the named recipient. If the reader of this message is not the intended recipient or the person responsible for delivering it to the recipient, you are hereby notified that you have received this communication in error and that any review, dissemination or copying of this communication is strictly prohibited. If you have received this in error, please notify the sender immediately by telephone at the number above and erase the message You are requested to carry out your own virus check before opening any attachment.
Re: httpd chroot outbound
what are you trying to do ? if you want to make a file visible to the webserver just copy the file into the chrooted folder ie from cp /path-to-file/var/www/path-to-file if you want to make some files in a directory accessible to the web service (be careful with this (naturally) ) you can create a symlink in the manner as suggested in the following thread http://openbsd-archive.7691.n7.nabble.com/httpd-chroot-security-and-user-homepage-td299565.html I hope this helps On 25 June 2018 at 17:37, Elias M. Mariani wrote: > Hi. > Does anybody knows what is needed to allow php to retrieve files while > under httpd chrooted ? > I recall the need of /etc/resolv.conf on the jail but that didn't work. > > Cheers. > Elias. > -- Kindest regards, Tom Smyth Mobile: +353 87 6193172 The information contained in this E-mail is intended only for the confidential use of the named recipient. If the reader of this message is not the intended recipient or the person responsible for delivering it to the recipient, you are hereby notified that you have received this communication in error and that any review, dissemination or copying of this communication is strictly prohibited. If you have received this in error, please notify the sender immediately by telephone at the number above and erase the message You are requested to carry out your own virus check before opening any attachment.
Re: Is Intel PRO/1000 CT Desktop Adapter supported on amd64?
Hi John, Im pretty sure that this variant intel Pro1000 would be supported by the em(4) Driver I have multiple devices running various generations of Intel Pro 1000 Cards and they work fine https://man.openbsd.org/em.4 if you can check the datasheet for the brand name of your Card and match the Intel chipset model listed in the Manpage Check out the em(4) man page for the capabilities supported in the driver in OpenBSD Suck it and see but if i was a betting man id bet it will work thanks Tom Smyth Thanks On 27 June 2018 at 16:09, John Long wrote: > I found a lot of PRO/1000 adapters listed in the em driver man page but > CT version is not included. > > Does anybody know? > > Thanks > > /jl >
Re: Backup of OpenBSD under VMware
> Hi Paolo > if you dont have vmtools installed on the guest you cant do filesystem > quiescing > > Create a separate veembackup job for your openbsd vms and disable > filesystem quiescing on that backup job > > If you run workloads such as dbs run a db backup (dump using your db > tools) so > That it completes before the veem backup commences > > You can test the backup and restore with this method > > > Ps in openBSD > you may want do adjust ffs settings > And add noatime (reduce writes) and softep mount options also to reduce > risk of a bad backup) capturing the filesystem while writing a file > > Think of a restored vm and disk using this backup method > as a vm and disk that was not properly shutdown last time round... > > > Hope this helps > > Tom smyth > > > > > On Sat 30 Jun 2018, 13:30 Paolo Aglialoro, wrote: > >> Hello, >> >> the scenario is a cluster of ESXi nodes on which OpenBSD should run as a >> VM. >> >> Currently the cluster is being backed up by Veeam, I tried to insert th >> obsd VM inside the backup job but no success, with following "Error: An >> error occurred while saving the snapshot: Failed to the virtual >> machine.". This looks strange to me because the open-vm-tools implemented >> inside the kernel are usually functional to ESXi hosts. >> >> Questions: >> 1. has anybody found a way to use Veeam to backup OpenBSD VMs? >> 2. are there any other suggested softwares to perform a similar task? >> >> Thanks >> >
Re: Rewards of Up to $500,000 Offered for OpenBSD Zero-Days (and other dist.)
Hello Marko /Sekeres I dont mean to start a flame war as it is counterproductive but Idont fully get what you mean / imply by >.".. while not requiring from OpenBSD to introduce Code of Conduct" I think to anyone who has been on the mailing list for a number of years anyone who has read the project goals it is clear what the projects goals are and one of the most important is increase security users are not in anyway bound to a code of conduct. it is not in the license based on technical discussions and safeguards and talks about risks bugs and their mitigations I don't think any one @openbsd.org would sell the project out suffice to say that the anyone following the Selective Disclosure Controversies would understand that the OpenBSD project is does not endorse them or advocate them. selling zeroday bugs to anyone and deliberately withholding information from the developers of the software is probably the antithesis of what this project stands for. Regards, Tom Smyth On 4 July 2018 at 18:23, Marko Cupać wrote: > On Wed, 4 Jul 2018 18:06:04 +0200 > Reyk Floeter wrote: > >> I hope somebody steps up and donates $500,000 to the OpenBSD >> foundation instead. > > ... while not requiring from OpenBSD to introduce Code od Conduct > > :D > > -- > Before enlightenment - chop wood, draw water. > After enlightenment - chop wood, draw water. > > Marko Cupać > https://www.mimar.rs/ >
Re: Rewards of Up to $500,000 Offered for OpenBSD Zero-Days (and other dist.)
Ok sorry ididnt get it woops ;) On Wed 4 Jul 2018, 19:21 Marko Cupać, wrote: > On Wed, 4 Jul 2018 19:02:56 +0100 > Tom Smyth wrote: > > > Hello Marko /Sekeres > > > > I dont mean to start a flame war as it is counterproductive but Idont > > fully get what you mean / imply by > > > > >.".. while not requiring from OpenBSD to introduce Code of Conduct" > > I'm just trolling around :) > > At the same time I'm relatively long-time *BSD user, thankful to anyone > and everyone who is making them possible. Specially to OpenBSD who still > appears to stick to simple "Don't be an asshole" CoC, as opposed to > some who took the different path, probably partly as a result of > accepting large "generous" "contributions". > > As The Smiths sang, "Some BSDs are bigger than the others". > > Once again, I'm just trolling around, I hope noone takes my posts on > this topic seriously. > -- > Before enlightenment - chop wood, draw water. > After enlightenment - chop wood, draw water. > > Marko Cupać > https://www.mimar.rs/ > >
Re: em0: couldn't map interrupt (No support for my Intel NIC?)
Hello Farid, Can you confirm that other operating systems pick up the Nic ok and they function ok has the Physical Host settings been setup correctly for SR-IOV is it possible that the nic has been assigned to another vm ? Hope this helps On 5 July 2018 at 15:38, Farid Joubbi wrote: > I realize now that I wrote a reply to only Mike and not the whole misc > earlier. > > Anyway. > The server is running several functions, and it's not popular to do > maintenance on it. > I went ahead and rebooted it anyway since this is important ;-) > > I booted the OpenBSD 6.3 install media natively on the hardware. > It found all six NICs that I have installed. There are two Broadcom on the > mainboard and four on the Intel card. > Broadcoms were found as bge and Intel as em. They all seemed to work. > > I had an extra bge card lying around. I installed it in the server and did > PCI passthrough with it as well as the Intel in FreeBSD/bhyve. > I get the same result in OpenBSD: > bge0 at pci0 dev 5 function 0 "Broadcom BCM5720" rev 0x00, BCM5720 A0 > (0x572), APE firmware NCSI 1.4.12.0: couldn't map interrupt > > Conclusion: > The problem has to do with the fact that bhyve is between the hardware and > OpenBSD. > > Any ideas? > > On Thu, Jul 5, 2018 at 2:31 AM Mike Larkin wrote: > >> On Thu, Jul 05, 2018 at 03:36:17AM +0200, Farid Joubbi wrote: >> > Hi, >> > >> > I have a server running bhyve in FreeBSD. I did PCI passthrough in order >> > to have exclusive access to one of the network interfaces on the server. >> > My plan was to use that NIC in OpenBSD. Unfortunately when I boot the 6.3 >> > release installer I get this in dmesg: >> > "em0 at pci0 dev 5 function 0 "Intel 82576" rev 0x01: couldn't map >> > interrupt". >> > >> > The installation goes through without errors, but the Intel NIC is not >> > visible during install or after rebooting the installed system. >> > >> > Man pages suggest that the problem is a fatal initialization error. >> > >> > The NIC works without problems installing FreeBSD. >> > In FreeBSD the NIC uses the igb driver. >> > >> > https://man.openbsd.org/FreeBSD-11.1/igb.4 >> > >> > The OpenBSD man page for em lists 82576EB as supported. >> > >> > The NIC is an Intel Gigabi ET2 quad: >> > >> https://ark.intel.com/products/series/46841/Intel-Gigabit-ET-Server-Adapter-Series >> > >> > Could it be that the quad variant of the NIC is not supported by OpenBSD? >> > Is there anything I can do to make it work? >> > Is it possible to use the igb driver in OpenBSD somehow? >> > >> > Thanks. >> >> Before anyone at all spends any time on this, please verify if this works >> without bhyve in the way. Eg, boot natively on this hardware and see. >> >> Or did you already do that? In which case the commentary about bhyve is >> extraneous. >> >> -ml >> -- Kindest regards, Tom Smyth Mobile: +353 87 6193172 The information contained in this E-mail is intended only for the confidential use of the named recipient. If the reader of this message is not the intended recipient or the person responsible for delivering it to the recipient, you are hereby notified that you have received this communication in error and that any review, dissemination or copying of this communication is strictly prohibited. If you have received this in error, please notify the sender immediately by telephone at the number above and erase the message You are requested to carry out your own virus check before opening any attachment.
Re: em0: couldn't map interrupt (No support for my Intel NIC?)
Farid Can you check if the SR-IOV works by runing another OS as a vm on top of Bhyve on the host that is what I meant on my previous mail Thanks On 5 July 2018 at 17:49, Farid Joubbi wrote: > Hi, > The Intel NIC works correctly in the native FreeBSD. I used it there before > I did the passthrough. > The Intel NIC worked correctly natively when I tested the OpenBSD installer. > The Intel NIC works in bhyve if I install FreeBSD. > > The new Broadcom NIC also works normally as long as it's not a OpenBSD > instance in bhyve. > > The NICs are not assigned to other hosts. > > The settings for virtualization on the hardware are correct to my knowledge. > I have several other hosts running in bhyve without problems. > One FreeBSD host using passthrough the same way as I intend to do with > OpenBSD. > > > On Thu, Jul 5, 2018 at 4:55 PM Tom Smyth > wrote: >> >> Hello Farid, >> >> >> Can you confirm that other operating systems pick up the Nic ok and >> they function ok >> >> has the Physical Host settings been setup correctly for SR-IOV >> >> is it possible that the nic has been assigned to another vm ? >> >> Hope this helps >> >> >> On 5 July 2018 at 15:38, Farid Joubbi wrote: >> > I realize now that I wrote a reply to only Mike and not the whole misc >> > earlier. >> > >> > Anyway. >> > The server is running several functions, and it's not popular to do >> > maintenance on it. >> > I went ahead and rebooted it anyway since this is important ;-) >> > >> > I booted the OpenBSD 6.3 install media natively on the hardware. >> > It found all six NICs that I have installed. There are two Broadcom on >> > the >> > mainboard and four on the Intel card. >> > Broadcoms were found as bge and Intel as em. They all seemed to work. >> > >> > I had an extra bge card lying around. I installed it in the server and >> > did >> > PCI passthrough with it as well as the Intel in FreeBSD/bhyve. >> > I get the same result in OpenBSD: >> > bge0 at pci0 dev 5 function 0 "Broadcom BCM5720" rev 0x00, BCM5720 A0 >> > (0x572), APE firmware NCSI 1.4.12.0: couldn't map interrupt >> > >> > Conclusion: >> > The problem has to do with the fact that bhyve is between the hardware >> > and >> > OpenBSD. >> > >> > Any ideas? >> > >> > On Thu, Jul 5, 2018 at 2:31 AM Mike Larkin wrote: >> > >> >> On Thu, Jul 05, 2018 at 03:36:17AM +0200, Farid Joubbi wrote: >> >> > Hi, >> >> > >> >> > I have a server running bhyve in FreeBSD. I did PCI passthrough in >> >> > order >> >> > to have exclusive access to one of the network interfaces on the >> >> > server. >> >> > My plan was to use that NIC in OpenBSD. Unfortunately when I boot the >> >> > 6.3 >> >> > release installer I get this in dmesg: >> >> > "em0 at pci0 dev 5 function 0 "Intel 82576" rev 0x01: couldn't map >> >> > interrupt". >> >> > >> >> > The installation goes through without errors, but the Intel NIC is >> >> > not >> >> > visible during install or after rebooting the installed system. >> >> > >> >> > Man pages suggest that the problem is a fatal initialization error. >> >> > >> >> > The NIC works without problems installing FreeBSD. >> >> > In FreeBSD the NIC uses the igb driver. >> >> > >> >> > https://man.openbsd.org/FreeBSD-11.1/igb.4 >> >> > >> >> > The OpenBSD man page for em lists 82576EB as supported. >> >> > >> >> > The NIC is an Intel Gigabi ET2 quad: >> >> > >> >> >> >> https://ark.intel.com/products/series/46841/Intel-Gigabit-ET-Server-Adapter-Series >> >> > >> >> > Could it be that the quad variant of the NIC is not supported by >> >> > OpenBSD? >> >> > Is there anything I can do to make it work? >> >> > Is it possible to use the igb driver in OpenBSD somehow? >> >> > >> >> > Thanks. >> >> >> >> Before anyone at all spends any time on this, please verify if this >> >> works >> >> without bhyve in the way. Eg, boot natively on this hardware and see. >> >> >> >> Or did you already do that? In which case th
Re: "Cannot allocate memory" error when memory is enough
Hello Nan,
you need to set the PKG_path as Stuart suggested to install packages using
pkg_add command
for example to use fastly cdn mirror you would set your pkg_path variable as
shown below
export PKG_PATH=https://fastly.cdn.openbsd.org/pub/OpenBSD/$(uname
-r)/packages/$(uname -p)/
/etc/installurl file is for the syspatch utility to install binary
patches for the release
if you are using current ... Packages are less straight forward as
packages and current
are modified regularly updated
so if you go to install a package from today on a current snapshot from 1 week
ago it is not guaranteed to work
i believe there are few ways around this
1) install the packages that you expect to use on current as soon as possible
after install
2) if you must use that version of current for some reason ... when downloading
the current install iso / install image, download the contents of the
entire package
directory for current also. (on the same day ) your millage on this
will vary depending
on what work is being done on the tree at the time
and if anyone else uses a better way id love to know also
I hope this helps
On 7 July 2018 at 15:26, Nan Xiao wrote:
> HI Stuart,
>
> Thanks for your reply!
>
> I don't set PKG_PATH environment.
>
> Yes, it seems I installed the current package:
> $ ls -l /usr/local/bin/egdb
> -rwxr-xr-x 1 root bin 10040410 Jun 28 19:03 /usr/local/bin/egdb
>
> But I can't remember what I have done. I can only remember I modified
> /etc/installurl before.
>
> Thanks!
> Best Regards
> Nan Xiao
>
>
> On Sat, Jul 7, 2018 at 8:23 PM, Stuart Henderson wrote:
>> On 2018-07-07, Nan Xiao wrote:
>>> Hi Philip,
>>>
>>> Thanks very much for your time and effort!
>>>
>>> The following is the command output:
>>>
>>> $ readelf -Wl /usr/local/bin/egdb | awk '/RANDOM/{print ($5+0)/1024}'
>>> 88.4844
>>>
>>> The same as yours.
>>
>> That is from -current.
>>
>>> Honestly, I am not sure whether the package is for -stable or -current.
>>>
>>> After installation, I just add following config in /etc/installurl:
>>> $ cat /etc/installurl
>>> https://ftp.openbsd.org/pub/OpenBSD
>>>
>>> Then I use "pkg_add -u" sometimes. Doesn't
>>> https://ftp.openbsd.org/pub/OpenBSD guarantee it selects correct
>>> packages? Or I miss something?
>>
>> Do you have PKG_PATH set in the environment?
>>
>> Whatever the reason, it looks like you have a -current version of the
>> gdb package installed.
>>
>> The one in 6.3 should look like this:
>>
>> $ ls -l /usr/local/bin/egdb
>> -rwxr-xr-x 1 root bin 9452688 Mar 28 00:40 /usr/local/bin/egdb
>>
>> $ readelf -Wl /usr/local/bin/egdb | awk '/RANDOM/{print($5+0)/1024}'
>> 0.0078125
>>
>>
>
--
Kindest regards,
Tom Smyth
Mobile: +353 87 6193172
The information contained in this E-mail is intended only for the
confidential use of the named recipient. If the reader of this message
is not the intended recipient or the person responsible for
delivering it to the recipient, you are hereby notified that you have
received this communication in error and that any review,
dissemination or copying of this communication is strictly prohibited.
If you have received this in error, please notify the sender
immediately by telephone at the number above and erase the message
You are requested to carry out your own virus check before
opening any attachment.
Re: "Cannot allocate memory" error when memory is enough
Hi otto
I must check that last time i read man page it was related it was for
syspatch
Thanks
On Sat 7 Jul 2018, 17:07 Otto Moerbeek, wrote:
> On Sat, Jul 07, 2018 at 03:52:44PM +0100, Tom Smyth wrote:
>
> > Hello Nan,
> > you need to set the PKG_path as Stuart suggested to install packages
> using
> >
> > pkg_add command
> >
> > for example to use fastly cdn mirror you would set your pkg_path
> variable as
> > shown below
> >
> > export PKG_PATH=https://fastly.cdn.openbsd.org/pub/OpenBSD/$(uname
> > -r)/packages/$(uname -p)/
> >
> > /etc/installurl file is for the syspatch utility to install binary
> > patches for the release
>
> Wrong. installurl *is* used by pkg_add. Read the man page.
>
> -Otto
> >
> >
> >
> > if you are using current ... Packages are less straight forward as
> > packages and current
> > are modified regularly updated
> > so if you go to install a package from today on a current snapshot from
> 1 week
> > ago it is not guaranteed to work
> >
> > i believe there are few ways around this
> > 1) install the packages that you expect to use on current as soon as
> possible
> > after install
> > 2) if you must use that version of current for some reason ... when
> downloading
> > the current install iso / install image, download the contents of the
> > entire package
> > directory for current also. (on the same day ) your millage on this
> > will vary depending
> > on what work is being done on the tree at the time
> >
> > and if anyone else uses a better way id love to know also
> >
> >
> > I hope this helps
> >
> >
> > On 7 July 2018 at 15:26, Nan Xiao wrote:
> > > HI Stuart,
> > >
> > > Thanks for your reply!
> > >
> > > I don't set PKG_PATH environment.
> > >
> > > Yes, it seems I installed the current package:
> > > $ ls -l /usr/local/bin/egdb
> > > -rwxr-xr-x 1 root bin 10040410 Jun 28 19:03 /usr/local/bin/egdb
> > >
> > > But I can't remember what I have done. I can only remember I modified
> > > /etc/installurl before.
> > >
> > > Thanks!
> > > Best Regards
> > > Nan Xiao
> > >
> > >
> > > On Sat, Jul 7, 2018 at 8:23 PM, Stuart Henderson
> wrote:
> > >> On 2018-07-07, Nan Xiao wrote:
> > >>> Hi Philip,
> > >>>
> > >>> Thanks very much for your time and effort!
> > >>>
> > >>> The following is the command output:
> > >>>
> > >>> $ readelf -Wl /usr/local/bin/egdb | awk '/RANDOM/{print ($5+0)/1024}'
> > >>> 88.4844
> > >>>
> > >>> The same as yours.
> > >>
> > >> That is from -current.
> > >>
> > >>> Honestly, I am not sure whether the package is for -stable or
> -current.
> > >>>
> > >>> After installation, I just add following config in /etc/installurl:
> > >>> $ cat /etc/installurl
> > >>> https://ftp.openbsd.org/pub/OpenBSD
> > >>>
> > >>> Then I use "pkg_add -u" sometimes. Doesn't
> > >>> https://ftp.openbsd.org/pub/OpenBSD guarantee it selects correct
> > >>> packages? Or I miss something?
> > >>
> > >> Do you have PKG_PATH set in the environment?
> > >>
> > >> Whatever the reason, it looks like you have a -current version of the
> > >> gdb package installed.
> > >>
> > >> The one in 6.3 should look like this:
> > >>
> > >> $ ls -l /usr/local/bin/egdb
> > >> -rwxr-xr-x 1 root bin 9452688 Mar 28 00:40 /usr/local/bin/egdb
> > >>
> > >> $ readelf -Wl /usr/local/bin/egdb | awk '/RANDOM/{print($5+0)/1024}'
> > >> 0.0078125
> > >>
> > >>
> > >
> >
> >
> >
> > --
> > Kindest regards,
> > Tom Smyth
> >
> > Mobile: +353 87 6193172
> > The information contained in this E-mail is intended only for the
> > confidential use of the named recipient. If the reader of this message
> > is not the intended recipient or the person responsible for
> > delivering it to the recipient, you are hereby notified that you have
> > received this communication in error and that any review,
> > dissemination or copying of this communication is strictly prohibited.
> > If you have received this in error, please notify the sender
> > immediately by telephone at the number above and erase the message
> > You are requested to carry out your own virus check before
> > opening any attachment.
>
Re: "Cannot allocate memory" error when memory is enough
Hello
yeah the installurl functionality appears to have been added to
after 6.1
thanks Otto
On 7 July 2018 at 17:10, Tom Smyth wrote:
> Hi otto
>
> I must check that last time i read man page it was related it was for
> syspatch
>
>
> Thanks
>
>
>
> On Sat 7 Jul 2018, 17:07 Otto Moerbeek, wrote:
>>
>> On Sat, Jul 07, 2018 at 03:52:44PM +0100, Tom Smyth wrote:
>>
>> > Hello Nan,
>> > you need to set the PKG_path as Stuart suggested to install packages
>> > using
>> >
>> > pkg_add command
>> >
>> > for example to use fastly cdn mirror you would set your pkg_path
>> > variable as
>> > shown below
>> >
>> > export PKG_PATH=https://fastly.cdn.openbsd.org/pub/OpenBSD/$(uname
>> > -r)/packages/$(uname -p)/
>> >
>> > /etc/installurl file is for the syspatch utility to install binary
>> > patches for the release
>>
>> Wrong. installurl *is* used by pkg_add. Read the man page.
>>
>> -Otto
>> >
>> >
>> >
>> > if you are using current ... Packages are less straight forward as
>> > packages and current
>> > are modified regularly updated
>> > so if you go to install a package from today on a current snapshot from
>> > 1 week
>> > ago it is not guaranteed to work
>> >
>> > i believe there are few ways around this
>> > 1) install the packages that you expect to use on current as soon as
>> > possible
>> > after install
>> > 2) if you must use that version of current for some reason ... when
>> > downloading
>> > the current install iso / install image, download the contents of the
>> > entire package
>> > directory for current also. (on the same day ) your millage on this
>> > will vary depending
>> > on what work is being done on the tree at the time
>> >
>> > and if anyone else uses a better way id love to know also
>> >
>> >
>> > I hope this helps
>> >
>> >
>> > On 7 July 2018 at 15:26, Nan Xiao wrote:
>> > > HI Stuart,
>> > >
>> > > Thanks for your reply!
>> > >
>> > > I don't set PKG_PATH environment.
>> > >
>> > > Yes, it seems I installed the current package:
>> > > $ ls -l /usr/local/bin/egdb
>> > > -rwxr-xr-x 1 root bin 10040410 Jun 28 19:03 /usr/local/bin/egdb
>> > >
>> > > But I can't remember what I have done. I can only remember I modified
>> > > /etc/installurl before.
>> > >
>> > > Thanks!
>> > > Best Regards
>> > > Nan Xiao
>> > >
>> > >
>> > > On Sat, Jul 7, 2018 at 8:23 PM, Stuart Henderson
>> > > wrote:
>> > >> On 2018-07-07, Nan Xiao wrote:
>> > >>> Hi Philip,
>> > >>>
>> > >>> Thanks very much for your time and effort!
>> > >>>
>> > >>> The following is the command output:
>> > >>>
>> > >>> $ readelf -Wl /usr/local/bin/egdb | awk '/RANDOM/{print
>> > >>> ($5+0)/1024}'
>> > >>> 88.4844
>> > >>>
>> > >>> The same as yours.
>> > >>
>> > >> That is from -current.
>> > >>
>> > >>> Honestly, I am not sure whether the package is for -stable or
>> > >>> -current.
>> > >>>
>> > >>> After installation, I just add following config in /etc/installurl:
>> > >>> $ cat /etc/installurl
>> > >>> https://ftp.openbsd.org/pub/OpenBSD
>> > >>>
>> > >>> Then I use "pkg_add -u" sometimes. Doesn't
>> > >>> https://ftp.openbsd.org/pub/OpenBSD guarantee it selects correct
>> > >>> packages? Or I miss something?
>> > >>
>> > >> Do you have PKG_PATH set in the environment?
>> > >>
>> > >> Whatever the reason, it looks like you have a -current version of the
>> > >> gdb package installed.
>> > >>
>> > >> The one in 6.3 should look like this:
>> > >>
>> > >> $ ls -l /usr/local/bin/egdb
>> > >> -rwxr-xr-x 1 root bin 9452688 Mar 28 00:40 /usr/local/bin/egdb
>> > >>
>> > >> $ readelf -Wl /usr/local/bin/egdb | awk '/RANDOM/{print($5+0)/1024}'
>>
Re: Ratgod leadership?
Hmm. That is one F**ked up stream of consciousness... that email is probably will be the posterboy of being an warning to kids "don't do drugs!" if you need assistance with finding a decent translator or grammar and spell check tool, just ask and include a dmesg. it is useful to know what you are running before we all rush in to help you you can add packages with pkg_add but make sure that you have the /etc/installurl file set to your preferred mirror and generally keep posts some what technical and not personal. getting personal is no bueno as they say in France... On 10 July 2018 at 17:57, Email wrote: > What does Theo De Raadt mean anyway? God Is The Rat? Ratgod leadership may > indeed take the side of junkie pedophiles. > > And we will do with available source regardless of fairyworld ideas of > leadership. >
ISDN Card /PRI Card support on OpenBSD
Hello all, this is an odd one but I have a client that needs to migrate some legacy services Is there support for ISDN type interfaces in OpenBSD ? man / apropos shows nothing or is there a package that would add ISDN support (although I didnt see a package containing isdn or ISDN in packages) is ISDN support available under a different name by any chance Thanks Tom Smyth
Re: ISDN Card /PRI Card support on OpenBSD
Thanks Guys :) Appreciate the confirmation :) On 11 July 2018 at 17:52, Theo de Raadt wrote: > Christian Weisgerber wrote: > >> On 2018-07-11, Tom Smyth wrote: >> >> > this is an odd one but I have a client that needs to >> > migrate some legacy services >> > Is there support for ISDN type interfaces in OpenBSD ? >> >> No. >> >> (Once upon a time there was something called isdn4bsd, but I don't >> think it was ever officially integrated into OpenBSD, and that's >> from, oh, twenty years ago.) > > And some people are still crying themselves to sleep. > -- Kindest regards, Tom Smyth Mobile: +353 87 6193172 The information contained in this E-mail is intended only for the confidential use of the named recipient. If the reader of this message is not the intended recipient or the person responsible for delivering it to the recipient, you are hereby notified that you have received this communication in error and that any review, dissemination or copying of this communication is strictly prohibited. If you have received this in error, please notify the sender immediately by telephone at the number above and erase the message You are requested to carry out your own virus check before opening any attachment.
Re: Weird routing problem on simple CARP setup
Hi Pierre, with VRRP on other vendors the IP on the Virtual interface is recommended to be a /32, afaik it prevents ambiguity when it comes to your connected routes do you route a packet out the carp interface which as an ip on the configured /24 network or do you route the packet out the physcial interface which also has a /24 network configured I note the examples and faq page in openbsd show ips configured with a /24 configured https://man.openbsd.org/carp and a /24 seems to be the default ip if a subnet mask is not specified But I would love to hear / learn more experienced OpenBSD Admins Devs take on it Thanks Tom Smyth On 11 July 2018 at 16:47, BARDOU Pierre wrote: > Hellom > > Sorry for the long delay, I've been very busy recently. > > Putting the carp in /32 works. > What's the best practice when you have a physical IP + CARP in the same > subnet ? > The FAQ here https://www.openbsd.org/faq/pf/carp.html#failover uses the same > netmask for the CARP and the physical interface. > > I upgraded to 6.3 and it also works. > > Thank you for your help > > -- > Cordialement, > Pierre BARDOU > > -Message d'origine- > De : Stefan Sperling > Envoyé : mardi 3 juillet 2018 13:33 > À : BARDOU Pierre > Cc : misc@openbsd.org > Objet : Re: Weird routing problem on simple CARP setup > > On Wed, Jun 27, 2018 at 09:30:16AM +, BARDOU Pierre wrote: >> Hello, >> >> I have a strange problem with OpenBSD 6.2, which looks like a bug. >> Steps to reproduce : >> >> * sh /etc/netstart -> everything works. Routing table : >> root@fw-t-wan-chut01:~ # netstat -rnf inet >> Routing tables >> >> Internet: >> DestinationGatewayFlags Refs Use Mtu Prio Iface >> default10.194.119.254 UGS0 16 - 8 bge0 >> 224/4 127.0.0.1 URS0 798 32768 8 lo0 >> 10.194.116/22 10.194.116.29 UCn11 - 4 bge0 >> 10.194.116/22 10.194.116.28 UCn00 -19 carp0 >> 10.194.116.28 00:00:5e:00:01:0f UHLl 03 - 1 carp0 >> 10.194.116.29 40:a8:f0:36:22:0c UHLl 0 28 - 1 bge0 >> 10.194.119.254 00:1b:2a:e9:c4:00 UHLch 25 - 3 bge0 >> 10.194.119.255 10.194.116.29 UHb00 - 1 bge0 >> 10.194.119.255 10.194.116.28 UHb00 - 1 carp0 >> 127/8 127.0.0.1 UGRS 00 32768 8 lo0 >> 127.0.0.1 127.0.0.1 UHhl 1 1122 32768 1 lo0 >> 192.168.190/24 192.168.190.1 Cn 00 - 4 bge1 >> 192.168.190.1 40:a8:f0:36:22:0d UHLl 00 - 1 bge1 >> 192.168.190.255192.168.190.1 Hb 00 - 1 bge1 >> root@fw-t-wan-chut01:~ # ifconfig carp0 >> carp0: flags=8843 mtu 1500 >> lladdr 00:00:5e:00:01:0f >> description: TL-INT-ADM-WAN >> index 10 priority 15 llprio 3 >> carp: MASTER carpdev bge0 vhid 15 advbase 1 advskew 10 >> groups: carp >> status: master >> inet 10.194.116.28 netmask 0xfc00 broadcast 10.194.119.255 >> >> * then sh /etc/netstart carp0 -> routed traffic stops working (ping >> 10.194.125.120 says "sendmsg: Invalid argument"). >> Same result if I do ifconfig carp0 10.194.116.28/22. > > Have you tried using a /32 mask on carp0 instead of /22? > That might work around the problem. > > I believe this problem is fixed in 6.3. Can you confirm? > -- Kindest regards, Tom Smyth Mobile: +353 87 6193172 The information contained in this E-mail is intended only for the confidential use of the named recipient. If the reader of this message is not the intended recipient or the person responsible for delivering it to the recipient, you are hereby notified that you have received this communication in error and that any review, dissemination or copying of this communication is strictly prohibited. If you have received this in error, please notify the sender immediately by telephone at the number above and erase the message You are requested to carry out your own virus check before opening any attachment.
Re: ISDN Card /PRI Card support on OpenBSD
Hi Stuart thanks it is for a client who wants to take faxes multiple numbers in on a hardline ... and then convert to email and vice versa any suggestions you have would be appreciated... On Wed 11 Jul 2018, 22:34 Stuart Henderson, wrote: > On 2018-07-11, Tom Smyth wrote: > > Hello all, > > > > this is an odd one but I have a client that needs to > > migrate some legacy services > > Is there support for ISDN type interfaces in OpenBSD ? > > > > man / apropos shows nothing > > > > or is there a package that would add ISDN support > > (although I didnt see a package containing isdn or ISDN > > in packages) > > is ISDN support available under a different name by any chance > > > > Thanks > > > > Tom Smyth > > > > > > ISDN covers various things, data/voice, and various types of line > (BRI = 2 64k data/voice "B" channels plus one signalling "D" channel .. > PRI = up to 30 B channels over an E1/T1 circuit). > > Would need more information about what the "legacy services" are before > it's possible to make any kind of suggestion (but apart from some data > services on BRI which might work with an async TA, it's not really going > to involve OpenBSD in directly terminating the ISDN). > > > >
Re: Employers, Jobs and OpenBSD
Hello Man, all, please find my answers in line and a little more in line On 14 July 2018 at 03:05, Man Hobby wrote: > Hi, > > What is the opinion of employers about OpenBSD? > as a small business owner who has benefited and use OpenBSD in some critical components of our infrastructure we think highly of it. and we are trying to expand our use of it in our business. I dont think OpenBSD , BSD (or any Unix) is thought enough in college It for some reason is not being introduced to college students studying computer related degrees. as an employer I would say that there could be more training programs offered online to make the barrier of entry easier for BSD I particularly like the effort that the folks in http://www.bsdcertification.org/ are doing in particular I appreciate the time and effort Dru Lavigne has put in to try to make the certification exams mean something. I have taken the exam and the questions were well written, and fair. and gave a fair indication of my knowledge of BSD at the time. there are many certifications out there that are not worth the paper they are written on, either because of exam dumps, exam questions not quite capturing the candidates abilities. I think the availability of readily available trained staff is a consideration when a business opts to adopt a technology. and I think that this can impact whether or not a business adopts BSD > > There is reason for to learn use OpenBSD to find job? > Proficiency in OpenBSD would mean that you have a good technical aptitude you are not afraid of the command-line and you probably can script a few things to make our processes more efficient. and you would be capable of managing Unix systems in particular and with some additional training on systemd you would be able to run some linux systems :) (not saying you want to learn systemd) . OpenBSD skills are transferable and chances are you would be able to show other Sys Admins in that job the awesomeness of OpenBSD :) > If not, why? > > If there is not reason for to learn use OpenBSD to find job, why use > OpenBSD? > Are you looking for a job or a career where you will be happy and possibly make a difference ? there are lots of jobs with lower skill requirements however the opportunity to develop your skills is limited. the more challenging engaging jobs are fewer and farther between, Lastly I would like to add that the project is not about being popular or widely deployed it is about improving security, through the use of good design and coding practices. where good design and coding is not enough they innovate to create exploit mitigation technologies. there is alot of work that they do to make all these things happen. they focus on that rather than trying to market themselves, or train newcomers. I think users (like me) should probably put more time into helping the project (if we cant code perhaps we can write about how we build systems using openBSD) For more information on getting started on OpenBSD check out http://www.openbsdjumpstart.org/ http://www.bsdcertification.org/ http://www.openbsd.org/events.html https://www.romanzolotarev.com/ (the stuff that this guy has done in the past year) https://bsdly.blogspot.com/ there is some git up site that has a tonne of useful articles and blogs on how other people got cool things to work on openbsd and this would be useful (but I cant remember it)
Re: Best way to serve files to Windows?
Hi John, You would need microsoft services for unix (SFU) for NFS connectivity I would try SAMBA first, if it was my choice, be aware that you may have to change some SMB Signing and NTLM Authentication setings in local policies / security policy/ Security options/ in microsoft gpedit.msc tool or secpol.msc to get them talking to SAMBA. Thanks On 18 July 2018 at 14:22, Solene Rapenne wrote: > > John Long writes: > > > Hi, > > > > I have minidlna working fine on OpenBSD. However this doens't help with > > Roon media software since they don't have anything for OpenBSD, > > unsurprisingly. Roon doesn't want to support dlna. > > > > I have my Windows foobar2000 appliance roped-off from my LAN because I > > don't trust Windows boxes on my network. So I would like to set up some > > way to serve the files to Windows from OpenBSD. I guess that is > > CIFS/SAMBA? > > > > Is this secure over the network? I have not done this before and I > > don't know what's involved. Is there an approved CIFS implementation to > > use? > > > > Thanks, > > > > /jl > > Hello, > > I would recommend samba. You can also try using NFS, I've heard that > windows can mount NFS shares. > > About the security thing, I don't know if the protocol used by samba is > secure between clients, but you can still run a VPN between your openbsd > box and the Windows client to allow connecting to the samba share > securely. > > regards > > -- Kindest regards, Tom Smyth Mobile: +353 87 6193172 The information contained in this E-mail is intended only for the confidential use of the named recipient. If the reader of this message is not the intended recipient or the person responsible for delivering it to the recipient, you are hereby notified that you have received this communication in error and that any review, dissemination or copying of this communication is strictly prohibited. If you have received this in error, please notify the sender immediately by telephone at the number above and erase the message You are requested to carry out your own virus check before opening any attachment.
Re: Best way to serve files to Windows?
Hi John, I would just follow the SAMBA documentation in setting up the share, /shared folders, then on the windows clients you may have to tweak the security settings in the local security policy manager, (but windows out of the box for domestic settings) if your windows boxes are controlled by a Windows Domain then you may need to talk to the windows admin to relax / enhance authentication settings and SMB signing settings in the group policy ) but a typical windows setup should just ask you for a username and password to connect to the setup samba share keep it simple for now the eventlog (system event log) with the following windows command eventvwr will spew errors if there are a mismatches in your security settings and you will get hints by looking up errors as you see them, I hope this helps Tom Smyth On 18 July 2018 at 16:29, John Long wrote: > @tom @solene > > Thanks guys. I'll look into Samba. I hope it won't turn out to be a > typical Windows nightmare. > > Are there any reliable setup guides on the net? > > I will basically want to just make a couple of directory trees > available read-only. > > Thanks, > > /jl > >
Re: Questions about crypto and USA laws, concerns today
Hi Chris, Im not a Lawyer, But basically you cant export cryptographic technology from the US, https://en.wikipedia.org/wiki/Export_of_cryptography_from_the_United_States If you want to ship a firewall to an overseas office (for a VPN) Im not certain it would constitute exporting. as you are not selling it, (Get legal advice on this) also host countries (particularly ones with large powerful intelligence organizations generally have restrictions on what Cryptographic kit can come into that country... Im not aware of any restrictions on Cryptography coming into the US https://en.wikipedia.org/wiki/Restrictions_on_the_import_of_cryptography ... I hope this helps, Tom Smyth On 24 July 2018 at 19:50, Chris Bennett wrote: > I don't watch any news on TV and for the most part only read headlines > that show up on my phone despite the fact I don't want them. > > What is going on overall with the US and cryptography? > I recently joined an organization that has legitimate concerns about > privacy, so I thought I'd ask those who know and have history with this > issue. > > Get a lawyer doesn't seem like very useful advice, since all of this > seems to be in the process of change at the upper levels of US > government. > > How does the outlook appear to be right now? > I was young when all the original BS was going on with exporting > cryptography, so my memories aren't very useful. > > I haven't searched anywhere yet, since I wanted to know if the old > topics about this on the lists are still good references or have things > changed too much to be very useful? > > > As a side note, the organization has just put up a new website running on > software they own and are still in the process of getting completely > working. They are using nginx and wordpress. I don't know any more than > that. > > Thanks for any response. > I do consider this on topic for OpenBSD since things are concerning here > in the USA. > > Chris Bennett > > > -- Kindest regards, Tom Smyth Mobile: +353 87 6193172 The information contained in this E-mail is intended only for the confidential use of the named recipient. If the reader of this message is not the intended recipient or the person responsible for delivering it to the recipient, you are hereby notified that you have received this communication in error and that any review, dissemination or copying of this communication is strictly prohibited. If you have received this in error, please notify the sender immediately by telephone at the number above and erase the message You are requested to carry out your own virus check before opening any attachment.
Re: Problem from OpenBSD User
Hello Sobin I dont use gnome but Xfce is a light enough destop enviornment ...it works well in openbsd Check the following video to help you https://youtu.be/oC5D9fenQBs There are videos and guides on gnome and openbsd but i havent used it /them to make a comment Cwm is quite popular amongst other openbsd users and there are guides on cwm setup on youtube and the net Hope this helps On Wed 25 Jul 2018, 02:43 樊 少冰, wrote: > Hello, OpenBSD developers. > > I like OpenBSD very much because of its security and stability. > > But, as an UNIX-like system, it has some traditional problem such as no > integrated graphical operating environment (not means X but a completed > desktop environment system like Gnome). So, I tried to install the Gnome > software. > > Although I tried hard to install and run Gnome, I always get a "Failed > connect to system bus: No such file or dictionary." error message. So I > want to ask you to give me a practical way to install the desktop > environment on OpenBSD 6.3 and furthermore, advise you to integrated > desktop environment into the system for making the system easier to use. > > Sobin >
Re: protected domain for tap for vmm vms
Hi Jiri Protected domains are like protected ports on a switch two ports that are in the bridge with the same protected domain will not be able to communicate with each other, Protected domains are implemented on the Bridge but not on Switch in OpenBSD Bridge Protected domain does work from 6.3 and up here is the output of my bridge config cat /etc/hostname.bridge101 up maxaddr 16384 timeout 300 add vio0 -stp vio0 add vlan3993 protected vlan3993 1 -stp vlan3993 add vlan3994 protected vlan3994 1 -stp vlan3994 add vlan3995 protected vlan3995 1 -stp vlan3995 add vlan3996 protected vlan3996 1 -stp vlan3996 add vlan3997 protected vlan3997 1 -stp vlan3997 add vlan3998 protected vlan3998 1 -stp vlan3998 add vlan3999 protected vlan3999 1 -stp vlan3999 add vlan4000 protected vlan4000 1 -stp vlan4000 protected interfacename pddomainnumber the vio0 address is the uplink and is not a member of the protected domain all the other ports that you want to isolate from each other should be members of the same protected domain *1* in this example Hope this helps @Mike Larkin yes this could be implemented with Vlans and many people do when they dont have the port isolation functionality (necessity being the mother of invention ) ... but protected domains allow one to use the same vlan and minimise the amount of vlans / simplify configuration of the (network /hardware switches) Hope this Helps Tom Smyth On 22 August 2018 at 07:08, Mike Larkin wrote: > On Fri, Aug 17, 2018 at 06:39:22PM +0200, jirib wrote: > > Hello, > > > > I was checking bridge's protected domains and I'm curious > > how to add VMM VM's tap into a VMM switch/bridge protected domain. > > > > It seems it's not implemented yet. > > > > I wanted to achieve this: > > > > - multiple VMM VMs in same switch/bridge > > - VMs cannot talk to each other inside the bridge > > hence protected domain > > - VMs can access uplink via bridge's vether > > > > Jiri > > > > I am not a networking person but is this something VLANs can solve? > > -- Kindest regards, Tom Smyth Mobile: +353 87 6193172 The information contained in this E-mail is intended only for the confidential use of the named recipient. If the reader of this message is not the intended recipient or the person responsible for delivering it to the recipient, you are hereby notified that you have received this communication in error and that any review, dissemination or copying of this communication is strictly prohibited. If you have received this in error, please notify the sender immediately by telephone at the number above and erase the message You are requested to carry out your own virus check before opening any attachment.
Re: Vultr hosting of OpenBSD
+1 Misha the guy running openbsd.amsterdam is sound out On 8 September 2018 at 20:04, Tracey Emery wrote: > > > I'm very happy with https://openbsd.amsterdam/. > > > > Plus, they donate back. > > > > Tracey > > > > > > >> >> On Sep 8, 2018 at 12:55,wrote: >> >> >> This is related to my mail server thread, but in googling about openbsd on >> vultr I have seen some comments here and there about issues with the default >> image on vultr and to use a custom image or iso instead of what they have. >> Some of these seem dated and related to older versions of openbsd. My >> questions are: 1. Is it still current information that it would be better to >> use my own image/install/iso for openbsd on Vultr? 2. Is vultr a good place >> to host an openbsd box? If not interested in hearing alternatives. Also a >> side note question, is it possible to use VMD/VMM in an openbsd guest on >> vultr. I was thinking probably not. I just ask as sometinmes I appreciate >> using docker to test things, yeah I know. But the point is my dev workflow >> on my openbsd current laptop involves sometimes using alpine linux on vmm an >> using docker on that to spin up different things I want to check out. Ken >> > -- Kindest regards, Tom Smyth Mobile: +353 87 6193172 The information contained in this E-mail is intended only for the confidential use of the named recipient. If the reader of this message is not the intended recipient or the person responsible for delivering it to the recipient, you are hereby notified that you have received this communication in error and that any review, dissemination or copying of this communication is strictly prohibited. If you have received this in error, please notify the sender immediately by telephone at the number above and erase the message You are requested to carry out your own virus check before opening any attachment.
Minimum Holdtime for BGP OpenBGPd in Production
Hello all, I was wondering what is the lowest values of BGP holdtime that you recommend running in production ? I would like to set them to a lower value to detect an issue with peers that dont support BFD quicker, but I dont want to set it to a value that would overly tax the system resources, If you are running approx 60 Peers on one and 30 Peers on another router, Im also running Arista 7050 Switches with BGP sessions to the OpenBGPd Routers. I would really apprecate any one elses real world experience on this matter before I go lowering the default values in our production enviornment Thanks Tom Smyth
EuroBSD Con 2018 1 Free Ticket for Ansible Tutorial and LibTLS Tutorial Thursday
Hello, I have paid for Ticekts for the Ansible Tutorial and the Lib TLS tutorial Thursday in EuroBSD Con2018 Bucharest. I cant attend Thursday and I dont want the tickets to go to waste, so if any of the mailing list subscribers woudl like to go ... please reply directly to me and you can have the ticket for the either or both tutorials ... first come first served, Hope this helps, Tom Smyth,
Re: Minimum Holdtime for BGP OpenBGPd in Production
Hi Stuart, all please find my responses below, On Tue, 18 Sep 2018 at 11:14, Stuart Henderson wrote: > > On 2018-09-18, Claudio Jeker wrote: > > > > I recomend using the default especially against ebgp peers. > > MikroTik in particular are known to be bad at keeping up with BGP timers. > Yes we have had some pain with this we are migrating off them (slowly but surely) > > > > bgpd should be able to handle the minimal hold time with 30 or 60 > > peers just fine but I'm not so sure about any other system. Also flaping > > sessions because of too aggressive holdtime is counterproductive the > > session flap dampening will kick in and will keep session longer down than > > needed. Thanks for this insight it really helpful > > > > In the end, like with most tuning, you need to check for yourself with what > > you are comfortable with. > > This is mostly down to what your peers can handle (at a particular time), > and other people's real world experience will mostly not reflect that. > yes, Im more concerned about the L3 Switches that would be running BGP and the speed of their control plane... > You might think to check "bgpctl sh nei" over time and monitor how "Last > read" compares with "keepalive interval" to get a baseline, but if you do > then beware, that will mostly just show things under a normal situation. > If hold times expire because somebody's router is too busy on occasion, > flapping the session is just going to make it *even more* busy, adding > to the problem (which can be especially nasty at an IXP). > the read times vary between 1 and 3 seconds from my tests, > Are you seeing actual problems with peers that cause you to want to do > this? It was mainly an issue internally where we had alot of IGP sessions (full Table) with multihop bgp sessions running (which depend on OSPF), we had some problems with a couple of routers were oSPF would loose adjacency and I was trying to lower the impact of those on BGP. or improve convergence times if / when it happened.. I just need to migrate off those routers that are causing me pain > > - If so and it's IXP-wide, maybe talk to the IXP? If it happens during > maintenance and they aren't already following BCP214 (session culling), > perhaps they could do that. Thankfully it is not an IXP wide issue.. > > - If so and it's individual peers, maybe consider dropping them if > they're unreliable and not that important, or talking to them if they > are important? They are internal peers so they are important ... I will stick to the defaults based on what Stuart and Claudio Recommended Thanks I really appreciate your help, > > -- Kindest regards, Tom Smyth Mobile: +353 87 6193172 The information contained in this E-mail is intended only for the confidential use of the named recipient. If the reader of this message is not the intended recipient or the person responsible for delivering it to the recipient, you are hereby notified that you have received this communication in error and that any review, dissemination or copying of this communication is strictly prohibited. If you have received this in error, please notify the sender immediately by telephone at the number above and erase the message You are requested to carry out your own virus check before opening any attachment.
Re: syslogd restarts randomly
Hello Bogdan, AFAIK it is just restarting to facilitate the rolling of logfiles... check out the manual page for the log file rotation setup in openBSD man newsyslog check out the config file for newsyslog.conf ... cat /etc/newsyslog.conf # $OpenBSD: newsyslog.conf,v 1.36 2016/12/27 09:17:52 jca Exp $ # # configuration file for newsyslog # # logfile_name owner:group mode count size when flags /var/cron/log root:wheel 600 3 10 * Z /var/log/authlogroot:wheel 640 7 *168 Z /var/log/daemon 640 5 300 * Z /var/log/lpd-errs 640 7 10 * Z /var/log/maillog640 7 *24Z /var/log/messages 644 5 300 * Z /var/log/secure 600 7 *168 Z /var/log/wtmp 644 7 *$W6D4 B /var/log/xferlog640 7 250 * Z /var/log/pflog 600 3 250 * ZB "pkill -HUP -u root -U root -t - -x pflogd" /var/www/logs/access.log644 4 *$W0 Z "pkill -USR1 -u root -U root -x httpd" /var/www/logs/error.log 644 7 250 * Z "pkill -USR1 -u root -U root -x httpd" On Mon, 1 Oct 2018 at 02:45, Bogdan Kulbida wrote: > > Hi Everyone, > > I'm having hard time understanding what is going on with the syslogd > on some of my servers. It restarts on a regular basis and that just > looks suspicious to me. I'm using OpenBSD 6.3 (GENERIC.MP). > > Here is an output of the syslogd: > > Sep 26 07:00:01 syslogd: restart > Sep 26 10:00:07 syslogd: dropped 9 messages during initialization > Sep 26 10:00:07 syslogd: restart > Sep 26 16:38:44 syslogd: dropped 5 messages during initialization > Sep 26 16:38:44 syslogd: restart > Sep 27 14:00:01 syslogd: dropped 9 messages during initialization > Sep 27 14:00:01 syslogd: restart > Sep 27 16:31:34 syslogd: dropped 5 messages during initialization > Sep 27 16:31:34 syslogd: restart > Sep 28 04:00:01 syslogd: dropped 9 messages during initialization > Sep 28 04:00:01 syslogd: restart > Sep 28 10:01:47 syslogd: dropped 9 messages during initialization > Sep 28 10:01:47 syslogd: start > Sep 28 11:25:54 syslogd: dropped 5 messages during initialization > Sep 28 11:25:54 syslogd: restart > Sep 28 16:24:24 syslogd: dropped 5 messages during initialization > Sep 28 16:24:24 syslogd: restart > Sep 28 17:00:02 syslogd: dropped 9 messages during initialization > Sep 28 17:00:02 syslogd: restart > Sep 28 19:00:01 syslogd: dropped 9 messages during initialization > Sep 28 19:00:01 syslogd: restart > Sep 28 23:22:18 syslogd: dropped 5 messages during initialization > Sep 28 23:22:18 syslogd: restart > Sep 29 10:00:01 syslogd: dropped 9 messages during initialization > Sep 29 10:00:01 syslogd: restart > Sep 29 16:17:14 syslogd: dropped 5 messages during initialization > Sep 29 16:17:14 syslogd: restart > Sep 29 19:00:01 syslogd: dropped 9 messages during initialization > Sep 29 19:00:01 syslogd: restart > Sep 30 10:11:52 syslogd: dropped 5 messages during initialization > Sep 30 10:11:52 syslogd: restart > Sep 30 16:10:05 syslogd: dropped 5 messages during initialization > Sep 30 16:10:05 syslogd: restart > Sep 30 17:00:02 syslogd: dropped 9 messages during initialization > Sep 30 17:00:02 syslogd: restart > > Any ideas on how I can start investigate this issue? Also what would > be your thinking on what is going on? > > Thank you a lot > > -- > --- > Best regards, > Bogdan > -- Kindest regards, Tom Smyth Mobile: +353 87 6193172 The information contained in this E-mail is intended only for the confidential use of the named recipient. If the reader of this message is not the intended recipient or the person responsible for delivering it to the recipient, you are hereby notified that you have received this communication in error and that any review, dissemination or copying of this communication is strictly prohibited. If you have received this in error, please notify the sender immediately by telephone at the number above and erase the message You are requested to carry out your own virus check before opening any attachment.
Re: network architecture question
Hello Aham, The book of PF by Peter M Hansteen is very good, and openBSD Specific Building Internet firewalls is good also ... Building internet firewalls book can be a bit verbose atimes... but it does go through things in detail... regarding BGP ... https://www.ssi.gouv.fr/uploads/2016/03/bgp-configuration-best-practices.pdf is good for BGP and Security best practices... just watch URPF when having multiple paths through your rotuers / firewalls it features OpenBGPd config guidelines too Lookup BGP BCP and BCP 38 also if you want more slides, there are many freebee presentations on Ripe NANOG and the like that are very good ... If you like vidoes ... Job Snijders has done some very good talks on security practices on NANOg ...Check out Youtube... On Mon, 1 Oct 2018 at 22:45, Aham Brahmasmi wrote: > > Hi Ingo, > > Thank you for sharing your experience and insight. > > > This is discussed in very great detail, covering several chapters, > > in the fundamental book by Elizabeth D. Zwicky, "Building Internet > > Firewalls" (O'Reilly 2000). While in that book, lots of information > > about specific services is somewhat dated, i think the part about > > topologies still holds. > > Would you recommend any other books in addition to "Building Internet > Firewalls"? > > Thanks. > > Regards, > ab > -----|-|-|-|-|-|-|-- > -- Kindest regards, Tom Smyth Mobile: +353 87 6193172 The information contained in this E-mail is intended only for the confidential use of the named recipient. If the reader of this message is not the intended recipient or the person responsible for delivering it to the recipient, you are hereby notified that you have received this communication in error and that any review, dissemination or copying of this communication is strictly prohibited. If you have received this in error, please notify the sender immediately by telephone at the number above and erase the message You are requested to carry out your own virus check before opening any attachment.
Re: checking source with pvs-studio
... is it just 750 for a License ? If one were to donate a License ? would that work for the project ? Thanks Tom Smyth On Wed, 3 Oct 2018 at 17:33, Todd C. Miller wrote: > > On Wed, 03 Oct 2018 10:20:45 +0200, Ingo Schwarze wrote: > > > Which is of course trivial to do - you write a script to do a > > checkout, run "sed -i", run the tool, collect the the results, > > and delete the checkout. So the harassment by the author is not > > even effective for his intended purpose. > > The license explicitly prohibits this kinds of behavior, though of > course there's no way for them to tell. If someone really wanted > to use it, a trial license does not have this kind of restriction > though it only lasts for a week IIRC. > > I think it's clear that we're not going to be using pvs-studio which > is a bit of a shame since it does catch real bugs. The way Coverity > deals with open source projects is easier for us to deal with. > > - todd > -- Kindest regards, Tom Smyth Mobile: +353 87 6193172 The information contained in this E-mail is intended only for the confidential use of the named recipient. If the reader of this message is not the intended recipient or the person responsible for delivering it to the recipient, you are hereby notified that you have received this communication in error and that any review, dissemination or copying of this communication is strictly prohibited. If you have received this in error, please notify the sender immediately by telephone at the number above and erase the message You are requested to carry out your own virus check before opening any attachment.
Re: checking source with pvs-studio
Hi Todd, I was thinking ... it might be possible to examine a copy of the code out of band on a different OS system ... and deal with the bugs that are flagged as part of the normal OpenBSD development process, if the license is not permissible then I suppose my suggestion was entirely academic :/ PS awesome talk in euroBSD Con :) Thanks anyway Tom Smyth On Wed, 3 Oct 2018 at 18:02, Todd C. Miller wrote: > > On Wed, 03 Oct 2018 17:42:16 +0100, Tom Smyth wrote: > > > ... is it just 750 for a License ? > > If one were to donate a License ? would that work for the project ? > > No, it would not. Their licensing model simply won't work for us. > Even if it did, it's not like we could run it natively on OpenBSD. > > - todd -- Kindest regards, Tom Smyth Mobile: +353 87 6193172 The information contained in this E-mail is intended only for the confidential use of the named recipient. If the reader of this message is not the intended recipient or the person responsible for delivering it to the recipient, you are hereby notified that you have received this communication in error and that any review, dissemination or copying of this communication is strictly prohibited. If you have received this in error, please notify the sender immediately by telephone at the number above and erase the message You are requested to carry out your own virus check before opening any attachment.
Re: Performance impact of PF on APU2
Hello, your forwarding performance will vary based on a few things... at the minute Routing is MP safe... but if one of the lan ports lets say em1 was in a bridge... then the forwarding is done by a single core... My testing on OpenBSD 6.3 showed speeds of 750/s - 800Mb/s with default rules usingx86-64 GENERIC (not i386) speeds generally fell when playing with Encapsulation.. I was using a test rig as follows apuc2iperfclient - -- apuc2iperf server I hope this helps TomSmyth On Wed, 3 Oct 2018 at 19:04, Benjamin Petit wrote: > > Thanks, I just saw the previous discussion, from late 2017. > > Do you know where we can follow the work that is being done? I would be more > than > happy to test early version. > -- Kindest regards, Tom Smyth Mobile: +353 87 6193172 The information contained in this E-mail is intended only for the confidential use of the named recipient. If the reader of this message is not the intended recipient or the person responsible for delivering it to the recipient, you are hereby notified that you have received this communication in error and that any review, dissemination or copying of this communication is strictly prohibited. If you have received this in error, please notify the sender immediately by telephone at the number above and erase the message You are requested to carry out your own virus check before opening any attachment.
Re: Performance impact of PF on APU2
can you show us a copy of your sysctl output? check if smt is disabled ... (Hyper Threading ) Im not sure if this would have an effect on the APU2C2 ... but worth checking as it is a change in behaviour between 6.3 and current AFIK Thanks Tom Smyth On Thu, 4 Oct 2018 at 04:58, Benjamin Petit wrote: > > Ok so I compared 6.3-release, 6.3-release+syspatches(=stable?) and the latest > snapshot from October 2. > > I measured iperf3 throughput between A and B, like this: > PC A <---> APU2 <---> PC B > > pf rules are the one shipped by default in 6.3: > > gw# pfctl -sr > block return all > pass all flags S/SA > block return in on ! lo0 proto tcp from any to any port 6000:6010 > block return out log proto tcp all user = 55 > block return out log proto udp all user = 55 > > OpenBSD 6.3 RELEASE: > - pf enabled: 841 Mbits/sec > - pf disabled: 935 Mbits/sec > > OpenBSD 6.3 + Syspatch: > - pf enabled: 803 Mbits/sec > - pf disabled: 936 Mbits/sec > > OpenBSD CURRENT: > - pf enabled: 526 Mbits/sec (541 with kern.pool_debug=0) > - pf disabled: 934 Mbits/sec > > So there is a small perf drop when applying all syspatches to 6.3 (not sure > which one cause the drop), > but the performance drop SIGNIFICANTLY using the latest snapshot. > > Am I missing something? (I really hope I am) -- Kindest regards, Tom Smyth Mobile: +353 87 6193172 The information contained in this E-mail is intended only for the confidential use of the named recipient. If the reader of this message is not the intended recipient or the person responsible for delivering it to the recipient, you are hereby notified that you have received this communication in error and that any review, dissemination or copying of this communication is strictly prohibited. If you have received this in error, please notify the sender immediately by telephone at the number above and erase the message You are requested to carry out your own virus check before opening any attachment.
Re: Monitoring system
Librenms would be worth a look i believe it has email alerting and snmp support needs php and mysql Zabbix ...havent used this one but it has monitoring functionality ... If you are monitoring alot of systems, make sure your storage can cope with alot of I/O or you will see annoying gaps in your graphs so use SSDs and make sure that when formatting the system that you align with 1MB offset ... 2048 sectors (instead the default 64 bytes) Peace Tom Smyth On Thu, 4 Oct 2018 at 23:57, flipchan wrote: > > Greetings all, > > I need to install a monitoring system with email notifications, I have used > mmonit which is great but it's a little too pricey for personal use. > > Can anyone recommend a open source monitoring system that support email > notifications and monitoring of multiple hosts running openbsd. > > > Something more modern then nagios would be great, I just need it to work so > as long as it supports email notifications and monitoring of more then one > host it's good > > > Thanks in advance > > > > -- > Take Care Sincerely flipchan layerprox dev -- Kindest regards, Tom Smyth Mobile: +353 87 6193172 The information contained in this E-mail is intended only for the confidential use of the named recipient. If the reader of this message is not the intended recipient or the person responsible for delivering it to the recipient, you are hereby notified that you have received this communication in error and that any review, dissemination or copying of this communication is strictly prohibited. If you have received this in error, please notify the sender immediately by telephone at the number above and erase the message You are requested to carry out your own virus check before opening any attachment.
Re: Monitoring system
Both of of the ones I emailed to you are in ports also there is pmmact by the Legend paulo Lucende that can aggregate and convert multiple logs to different formats worth having a look at that also ... On Fri, 5 Oct 2018 at 04:08, Tom Smyth wrote: > > > Librenms would be worth a look i believe it has email alerting > and snmp support needs php and mysql > Zabbix ...havent used this one but it has monitoring functionality ... > If you are monitoring alot of systems, make sure your storage can > cope with alot of I/O or you will see annoying gaps in your graphs > so use SSDs and make sure that when formatting the system > that you align with 1MB offset ... 2048 sectors (instead the default > 64 bytes) > > Peace > Tom Smyth > > > On Thu, 4 Oct 2018 at 23:57, flipchan wrote: > > > > Greetings all, > > > > I need to install a monitoring system with email notifications, I have used > > mmonit which is great but it's a little too pricey for personal use. > > > > Can anyone recommend a open source monitoring system that support email > > notifications and monitoring of multiple hosts running openbsd. > > > > > > Something more modern then nagios would be great, I just need it to work so > > as long as it supports email notifications and monitoring of more then one > > host it's good > > > > > > Thanks in advance > > > > > > > > -- > > Take Care Sincerely flipchan layerprox dev > > > > -- > Kindest regards, > Tom Smyth > > Mobile: +353 87 6193172 > The information contained in this E-mail is intended only for the > confidential use of the named recipient. If the reader of this message > is not the intended recipient or the person responsible for > delivering it to the recipient, you are hereby notified that you have > received this communication in error and that any review, > dissemination or copying of this communication is strictly prohibited. > If you have received this in error, please notify the sender > immediately by telephone at the number above and erase the message > You are requested to carry out your own virus check before > opening any attachment. -- Kindest regards, Tom Smyth Mobile: +353 87 6193172 The information contained in this E-mail is intended only for the confidential use of the named recipient. If the reader of this message is not the intended recipient or the person responsible for delivering it to the recipient, you are hereby notified that you have received this communication in error and that any review, dissemination or copying of this communication is strictly prohibited. If you have received this in error, please notify the sender immediately by telephone at the number above and erase the message You are requested to carry out your own virus check before opening any attachment.
Re: Monitoring system
Make sure the module is enabled... check php info Installed is neq enabled On Fri 5 Oct 2018, 21:51 flipchan, wrote: > Maybe I need to set some sys variable or something similar cuz > php-mysqli > php-pdo_mysql > php-mysql is installed > > On October 5, 2018 6:16:07 PM UTC, Stuart Henderson > wrote: > >On 2018/10/05 17:35, flipchan wrote: > >> It's weird because I have no error files that it describes the error > >in, I am promted with > >> "Configuration file errror DB type MYSQL is not supported by current > >setup" > > > >Oh, in that case (always include the actual error message!) I'm pretty > >sure > >you didn't enable the relevant PHP database module. I don't know which > >one > >zabbix-web needs but I'd try php-pdo_mysql first. > > > >> I have set all configs (/var/www/zabbix/conf/zabbix.conf.php and > >/etc/zabbix*) to use 127.0.0.1 > >> 3306 , but nono :/ > >> > >> On October 5, 2018 12:55:15 PM UTC, Stuart Henderson > > wrote: > >> > >> On 2018-10-05, flipchan wrote: > >> Hey how did everyone get zabbix running I tried the zabbix > >MySQL with the zabbix web on 6.2 but I get a database connection error > >in the php , I assume the php can't read the config > >> > >> This is usually mysql/mariadb's annoying feature of automatically > >trying > >> to use a unix socket when you try to make a TCP connection to > >localhost. > >> See pkg-readmes/mariadb-server (the "chrooted daemons and MariaDB > >> socket" for a workaround. > >> > >> > >> > >> > >> -- > >> Take Care Sincerely flipchan layerprox dev > > -- > Take Care Sincerely flipchan layerprox dev >
Re: Monitoring system
Howdy Create a atest phpinfo(); file in ur webserver htdocs directory And open the url to that file in ur browser to show you what php configuration and modules are loaded Check this page for details http://php.net/manual/en/function.phpinfo.php On a side note This function is useful in testing other oses also because the os can load phpconfig from anywhere.. and frequently with nonstandard packages you can be editing the wrong php.ini config... On Fri 5 Oct 2018, 22:35 Edgar Pettijohn, wrote: > > On Oct 5, 2018 3:48 PM, flipchan wrote: > > > > Maybe I need to set some sys variable or something similar cuz > > php-mysqli > > php-pdo_mysql > > php-mysql is installed > > > > But are they enabled. Read the package read me for PHP for instructions. > > On October 5, 2018 6:16:07 PM UTC, Stuart Henderson > wrote: > > >On 2018/10/05 17:35, flipchan wrote: > > >> It's weird because I have no error files that it describes the error > > >in, I am promted with > > >> "Configuration file errror DB type MYSQL is not supported by current > > >setup" > > > > > >Oh, in that case (always include the actual error message!) I'm pretty > > >sure > > >you didn't enable the relevant PHP database module. I don't know which > > >one > > >zabbix-web needs but I'd try php-pdo_mysql first. > > > > > >> I have set all configs (/var/www/zabbix/conf/zabbix.conf.php and > > >/etc/zabbix*) to use 127.0.0.1 > > >> 3306 , but nono :/ > > >> > > >> On October 5, 2018 12:55:15 PM UTC, Stuart Henderson > > > wrote: > > >> > > >> On 2018-10-05, flipchan wrote: > > >> Hey how did everyone get zabbix running I tried the zabbix > > >MySQL with the zabbix web on 6.2 but I get a database connection error > > >in the php , I assume the php can't read the config > > >> > > >> This is usually mysql/mariadb's annoying feature of automatically > > >trying > > >> to use a unix socket when you try to make a TCP connection to > > >localhost. > > >> See pkg-readmes/mariadb-server (the "chrooted daemons and MariaDB > > >> socket" for a workaround. > > >> > > >> > > >> > > >> > > >> -- > > >> Take Care Sincerely flipchan layerprox dev > > > > -- > > Take Care Sincerely flipchan layerprox dev > >
Re: want.html: Unifi wifi gear for interop debugging
I have asked ubnt to donate the hardware if that request gets lost in space.. I will purchase them... and donate them to stsp ... (they can afford to give it more than I can ) regarding the price point of the ap... they are mid range.. and affordable if you are deploying them commercially but they are more expensive than cheap (almost disposable comsumer grade routers) regarding the your comment previous donation.. I dont agree with your assertion, as such when one donates it is in trust that the foundation will centrally manage the funds. the requests in want.html is a way for devs of asking the community if you have spare hardware lying around help a brother out ... it saves paper work and time ... and not in any way controversial. im not a dev or a member of the foundation, im someone who donates to the foundation money (monthly small contribution ) -beer -hardware and I try where I can(comercially justify it with my colleagues ) contract work to OpenBSD Devs im happy to keep doing so ...and think want.html is a useful way of connecting developers to users /vendors to and allow users if they so wish to directly help a developer. basically my past donations to the project dont give me the right to second guess the projects future requests for assistance.. peace out ... Tom Smyth On Sat, 6 Oct 2018 at 11:00, Tim Jones wrote: > > ‐‐‐ Original Message ‐‐‐ > On Saturday, October 6, 2018 9:21 AM, Marcus MERIGHI > wrote: > > > Dear all, > > > > not everyone is reading want.html every day, therefore I wanted to hint > > at: https://www.openbsd.org/want.html > > > > stsp@wifi is asking for gear and we should deliver :-) > > > > "Ubiquity Unifi Ufo / Unifi AP Pro are needed for wifi driver debugging > > in Berlin, Germany. Contact s...@openbsd.org" > > > > I cannot find "Unifi Ufo", but "Unifi AP Pro" is not a cheapo Access > > Point, around EUR 160,-- here. > > > > Marcus > > > Unifi not a cheapo access point ? That's a first for me! Unifi APs are > probably the cheapest half-decent APs on the market, especially if you > compare them to the typical cost of a brand name "enterprise" AP. > > As someone who has recently donated, surely this is the very sort of thing > the OpenBSD Foundation should be funding ? I didn't just give money to pay > for electricity bills caused by people insisting on maintaining racks of > vintage room-heaters. > -- Kindest regards, Tom Smyth Mobile: +353 87 6193172 The information contained in this E-mail is intended only for the confidential use of the named recipient. If the reader of this message is not the intended recipient or the person responsible for delivering it to the recipient, you are hereby notified that you have received this communication in error and that any review, dissemination or copying of this communication is strictly prohibited. If you have received this in error, please notify the sender immediately by telephone at the number above and erase the message You are requested to carry out your own virus check before opening any attachment.
Re: Dual boot OpenBSD with DragonFly BSD
I second this approach... 1 sep further you could go is with a laptopwith a 2.5 inch sata slot and an m sata slot Install each os on separate internal drives That way you can use the bios / boot menu to select the diskand hence the os u wish to boot... Hope this helps On Mon 8 Oct 2018, 15:17 Henrik Engmark, wrote: > This will be yet another non-answer to your question, I am fully aware, > but maybe it will be applicable to your situation. > > I always found dual booting with OpenBSD a little bit cumbersome > compared to other OSes. > Whenever I want to "dual boot" my OpenBSD client computers I > install the second OS to its own usb drive with its own mbr, leaving > the internal drive untouched. > When I want to boot the secondary OS I just interrupt the normal > boot process with whatever F-key and choose to boot from the stick. > Has served me well for many years, and makes it very easy to try out > different secondary OSes, as long as I consider OpenBSD my main. > > Regards, > Henrik > > -Original message- > > From: Dr. Martin Ivanov [mailto:martin.iva...@greenpocket.de] > > Sent: den 7 oktober 2018 16:23 > > To: misc@openbsd.org > > Subject: Dual boot OpenBSD with DragonFly BSD > > > > Hello, I am a Linux (Slackware) fan who is keen to try the BSD flavour > as well. I am planning to buy a new laptop, on which to install OpenBSD and > DragonFly BSD in a dual boot set up. I know this is a challenging task, so > I will proceed step by step. > > > > > > My first question is, which operating system has to be installed first, > DragonFly of OpenBSD? Assuming that it is DragonFly, I am planning to: > > > > > > 1. Load DragonFly using a USB boot disk and login as root > > > > 2. Slice the hard drive in two GPT slices using gpt (e.g., das0 and > > das1) > > > > 3. Create a, b, and d disklabel partitions on the Dragonfly slice > > (das0) > > > > 4. Install DragonFly on das0 > > > > 5. Create a, b, d, e, and probably some more disklabel partitions on > > the OpenBSD slice (das1) > > > > 6. Install OpenBSD on das1 > > > > Please correct me on any of the above steps. I will be happy to read > your suggestions. I would be very thankful if you provide the corresponding > commands in your answers. > > Thank you very much in advance! > >
unbound-checkconf "Killed" on openbsd 6.4 amd64 when loading large local cache
Hello all, unbound-checkconf "Killed" when cheking a large local zone config file rcctl start unbound fails because of the above command failing background we were migrating our dns filtering from one platform to openbsd so we have a basic unbound configuration file that loads another configuration file that contains zones for an educational institution to filter inappropiate sites for kids. the zone file is located below (89M) http://5.134.89.24/unboundlocalzone.conf the above file was loaded into /var/unbound/etc/ and then was included in the unbound.conf file using the include directive include: /var/unbound/etc/unboundlocalzone.conf when I run unbound-checkconf it runs for about 30 seconds and then i see a "Killed" message on the commandline rcctl start unbound fails after about the same time and it woudl appear that the rcctl script calls unbound-checkconf before starting the unbound however running unbound or nohup unbound works fine.. to load that local zone into memory it takes about 4G of Ram, /var/log/messages is clear /var/log/daemon is clear -- Kindest regards, Tom Smyth
Re: unbound-checkconf "Killed" on openbsd 6.4 amd64 when loading large local cache
Hi Predrag, Thanks for taking a look, im running OpenBSD fns1.ogmaconnect.com 6.4 GENERIC.MP#364 amd64 It would appear that the killed message was due to insufficient memory on the machine, However the issue with rcctl start unbound still remains despite the increase of the ram on the vm ok so it looks like you are getting the (timeout) when trying rcctl start unbound (I was getting this too) but if you try nohup unbound it will take about 30 seconds to load but it should run fine... the rcctl start when I look at the process list when I run rcctl start unbound it looks like the unbound-checkconf is called and then disappears from the process list after about 30 seconds, (and unbound its self doesnt start and we get a timeout message Im going to look at increasing the daemon timeout setting To see if that fixes the issue... On Thu, 25 Oct 2018 at 04:30, Predrag Punosevac wrote: > > Tom Smyth wrote: > > > Hello all, > > unbound-checkconf "Killed" when cheking a large local zone config file > > rcctl start unbound fails because of the above command failing > > > > background > > > > we were migrating our dns filtering from one platform to openbsd > > so we have a basic unbound configuration file that loads another > > configuration file that contains zones for an educational institution > > to filter inappropiate sites for kids. > > the zone file is located below (89M) > > http://5.134.89.24/unboundlocalzone.conf > > the above file was loaded into /var/unbound/etc/ > > and then was included in the unbound.conf file using the include > > directive > > include: /var/unbound/etc/unboundlocalzone.conf > > > > when I run unbound-checkconf it runs for about 30 seconds and then > > i see a "Killed" message on the commandline > > > > I just run unbound-checkconf with your local zone file and I can't > reproduce your report > > oko# uname -a > OpenBSD oko.bagdala2.net 6.4 GENERIC.MP#364 amd64 > > oko# ls -l > total 183368 > -rw-r--r-- 1 root wheel 2366 Oct 24 23:03 unbound.conf > -rw-r--r-- 1 _unbound _unbound 93821046 Oct 24 23:00 unboundlocalzone.conf > > oko# head -10 unboundlocalzone.conf > > server: > local-zone: "0gratisporno.ontheweb.nl" redirect > local-data: "0gratisporno.ontheweb.nl A 5.134.89.24" > local-zone: "0sexe.free.fr" redirect > local-data: "0sexe.free.fr A 5.134.89.24" > local-zone: "0nwebcamnow.com" redirect > local-data: "0nwebcamnow.com A 5.134.89.24" > local-zone: ".1.free.fr" redirect > local-data: ".1.free.fr A 5.134.89.24" > local-zone: "69.com" redirect > > > > oko# grep "include" unbound.conf > > include: "/var/unbound/etc/unboundlocalzone.conf" > > oko# unbound-checkconf > unbound-checkconf: no errors in /var/unbound/etc/unbound.conf > > > It did take good 30-45 seconds for my machine to parse the file. However > I was NOT able to start the unbound with your zone file due to the time > out error. > > oko# rcctl start unbound > unbound(timeout) > > > I have four cores and 16 GB of RAM on this machine. I can try > tomorrow at work on much more powerful machine with 64 GB of RAM. > > Cheers, > Predrag > > > > > > rcctl start unbound fails after about the same time and it woudl appear > > that the rcctl script calls unbound-checkconf before starting the > > unbound > > > > however running unbound or nohup unbound works fine.. > > to load that local zone into memory it takes about 4G of Ram, > > > > /var/log/messages is clear > > /var/log/daemon is clear > > > > > > > > > > > > -- > > Kindest regards, > > Tom Smyth > -- Kindest regards, Tom Smyth Mobile: +353 87 6193172 The information contained in this E-mail is intended only for the confidential use of the named recipient. If the reader of this message is not the intended recipient or the person responsible for delivering it to the recipient, you are hereby notified that you have received this communication in error and that any review, dissemination or copying of this communication is strictly prohibited. If you have received this in error, please notify the sender immediately by telephone at the number above and erase the message You are requested to carry out your own virus check before opening any attachment.
Re: unbound-checkconf "Killed" on openbsd 6.4 amd64 when loading large local cache
Hello,
to resolve the rcctl start unbound timeout issue,
I tried increasing daemon_timeout value in multiple files (and failing)
finally i edited line 300 of /etc/rc.d/rc.subr
- [ -z "${daemon_timeout}" ] && daemon_timeout=30
+ [ -z "${daemon_timeout}" ] && daemon_timeout=300
--
The above fixed... it ...
but im not so sure I should be editing rc.subr like that...
Is there an easier / more elegant way of setting daemon_timeout
for unbound ?
I did try rebooting the box to ensure that settings took effect
The Long version of failed attempts is listed below for those interested
/etc/rc.conf.local
unbound_flags"daemon_timeout=300"
---
the above didnt seem to work
then I tired adding daemon_timout=300 to
/etc/login.conf
unbound:\
:openfiles=512:\
:daemon_timeout=300:\
:tc=daemon:
-
the above didnt seem to work
then I tried daemon_timeout=300 in the top of
/etc/rc.d/unbound
daemon_timeout=300
-
the above didnt seem to work
Thanks
On Thu, 25 Oct 2018 at 09:06, Tom Smyth wrote:
>
> Hi Predrag,
>
> Thanks for taking a look,
> im running
> OpenBSD fns1.ogmaconnect.com 6.4 GENERIC.MP#364 amd64
> It would appear that the killed message was due to insufficient memory on the
> machine,
> However the issue with rcctl start unbound still remains despite the
> increase
> of the ram on the vm
>
> ok so it looks like you are getting the (timeout) when trying rcctl start
> unbound
> (I was getting this too)
> but if you try nohup unbound it will take about 30 seconds to load but it
> should run fine...
>
> the rcctl start
> when I look at the process list when I run rcctl start unbound it looks like
> the
> unbound-checkconf is called and then disappears from the process list after
> about 30 seconds, (and unbound its self doesnt start and we get a timeout
> message
>
> Im going to look at increasing the daemon timeout setting
> To see if that fixes the issue...
>
>
> On Thu, 25 Oct 2018 at 04:30, Predrag Punosevac wrote:
> >
> > Tom Smyth wrote:
> >
> > > Hello all,
> > > unbound-checkconf "Killed" when cheking a large local zone config file
> > > rcctl start unbound fails because of the above command failing
> > >
> > > background
> > >
> > > we were migrating our dns filtering from one platform to openbsd
> > > so we have a basic unbound configuration file that loads another
> > > configuration file that contains zones for an educational institution
> > > to filter inappropiate sites for kids.
> > > the zone file is located below (89M)
> > > http://5.134.89.24/unboundlocalzone.conf
> > > the above file was loaded into /var/unbound/etc/
> > > and then was included in the unbound.conf file using the include
> > > directive
> > > include: /var/unbound/etc/unboundlocalzone.conf
> > >
> > > when I run unbound-checkconf it runs for about 30 seconds and then
> > > i see a "Killed" message on the commandline
> > >
> >
> > I just run unbound-checkconf with your local zone file and I can't
> > reproduce your report
> >
> > oko# uname -a
> > OpenBSD oko.bagdala2.net 6.4 GENERIC.MP#364 amd64
> >
> > oko# ls -l
> > total 183368
> > -rw-r--r-- 1 root wheel 2366 Oct 24 23:03 unbound.conf
> > -rw-r--r-- 1 _unbound _unbound 93821046 Oct 24 23:00
> > unboundlocalzone.conf
> >
> > oko# head -10 unboundlocalzone.conf
> >
> > server:
> > local-zone: "0gratisporno.ontheweb.nl" redirect
> > local-data: "0gratisporno.ontheweb.nl A 5.134.89.24"
> > local-zone: "0sexe.free.fr" redirect
> > local-data: "0sexe.free.fr A 5.134.89.24"
> > local-zone: "0nwebcamnow.com" redirect
> > local-data: "0nwebcamnow.com A 5.134.89.24"
> > local-zone: ".1.free.fr" redirect
> > local-data: ".1.free.fr A 5.134.89.24"
> > local-zone: "69.com" redirect
> >
> >
> >
> > oko# grep "include" unbound.conf
> >
> > include: "/var/unbound/etc/unboundlocalzone.conf"
> >
> > oko# unbound-checkconf
> > unbound-checkconf: no errors in /var/unbound/etc/unbound.conf
> >
> >
> > It did take good 30-45 seconds for my machine to parse the file. How
Re: unbound-checkconf "Killed" on openbsd 6.4 amd64 when loading large local cache
Thanks, Andre I reverted my change to rc.subr I tried what you suggested and it seemed to work, (believe it or not, I tried somehting similar this morning but i must have had typo in my syntax) Thanks Tom Smyth On Thu, 25 Oct 2018 at 13:53, Andre Stoebe wrote: > > Use "rcctl set unbound timeout 300", which sets "unbound_timeout=300" in > rc.conf.local. The variables are documented in rc.d(8). > > Regards > André -- Kindest regards, Tom Smyth Mobile: +353 87 6193172 The information contained in this E-mail is intended only for the confidential use of the named recipient. If the reader of this message is not the intended recipient or the person responsible for delivering it to the recipient, you are hereby notified that you have received this communication in error and that any review, dissemination or copying of this communication is strictly prohibited. If you have received this in error, please notify the sender immediately by telephone at the number above and erase the message You are requested to carry out your own virus check before opening any attachment.
Re: LibreOffice, and others, not usable via ssh at OpenBSD 6.4
,gtk+3-cups-3.22.30p0 > Ambiguous: choose package for claws-mail > a 0: > 1: claws-mail-3.17.1 > 2: claws-mail-3.17.1-ldap > Your choice: 1 > Can't install libcanberra-gtk-0.30p6: can't resolve gtk+2-2.24.32p2 > Can't install claws-mail-3.17.1: can't resolve > gtk+2-2.24.32p2,libcanberra-gtk-0.30p6 > Can't install gtkspell-2.0.16p11: can't resolve gtk+2-2.24.32p2 > Can't install sylpheed-3.7.0p1: can't resolve > gtk+2-2.24.32p2,gtkspell-2.0.16p11 > Can't install gstreamer1-plugins-base-1.14.4: can't resolve gvfs-1.36.2p1 > Can't install gstreamer1-plugins-libav-1.14.4: can't resolve > gstreamer1-plugins-base-1.14.4 > Can't install midori-0.5.11p5: can't resolve > gstreamer1-plugins-libav-1.14.4,gcr-3.28.0p3,webkitgtk4-2.22.2,libsoup-2.62.3 > Can't find evince-3.28.4.light > The following new rcscripts were installed: /etc/rc.d/avahi_daemon > /etc/rc.d/avahi_dnsconfd /etc/rc.d/messagebus /etc/rc.d/saslauthd > /etc/rc.d/svnserve > See rcctl(8) for details. > New and changed readme(s): > /usr/local/share/doc/pkg-readmes/avahi > /usr/local/share/doc/pkg-readmes/consolekit2 > /usr/local/share/doc/pkg-readmes/dbus > /usr/local/share/doc/pkg-readmes/ffmpeg > /usr/local/share/doc/pkg-readmes/glib2 > /usr/local/share/doc/pkg-readmes/gnupg > /usr/local/share/doc/pkg-readmes/jack > /usr/local/share/doc/pkg-readmes/mplayer > /usr/local/share/doc/pkg-readmes/p5-Mojolicious > /usr/local/share/doc/pkg-readmes/p5-XML-LibXML > /usr/local/share/doc/pkg-readmes/tcl-8.5 > /usr/local/share/doc/pkg-readmes/xdg-utils > --- +apl-fonts-1.0 --- > You may wish to update your font path for /usr/local/share/fonts/apl > --- +ghostscript-fonts-8.11p3 --- > You may wish to update your font path for /usr/local/share/fonts/ghostscript > --- +go-fonts-20170401 --- > You may wish to update your font path for /usr/local/share/fonts/go > --- +hunspell-1.6.2 --- > Install mozilla dictionaries for extra hunspell languages. > e.g. > # pkg_add mozilla-dicts-ca > --- +liberation-fonts-2.00.1p1 --- > You may wish to update your font path for /usr/local/share/fonts/Liberation > --- +noto-emoji-20150929p0 --- > You may wish to update your font path for /usr/local/share/fonts/noto > --- +python-2.7.15p0 --- > If you want to use this package as your default system python, as root > create symbolic links like so (overwriting any previous default): > ln -sf /usr/local/bin/python2.7 /usr/local/bin/python > ln -sf /usr/local/bin/python2.7-2to3 /usr/local/bin/2to3 > ln -sf /usr/local/bin/python2.7-config /usr/local/bin/python-config > ln -sf /usr/local/bin/pydoc2.7 /usr/local/bin/pydoc > --- +tcl-8.5.19p3 --- > You may wish to add /usr/local/lib/tcl/tcl8.5/man to /etc/man.conf > --- +tk-8.5.19p1 --- > You may wish to add /usr/local/lib/tcl/tk8.5/man to /etc/man.conf > --- +ubuntu-fonts-0.83 --- > You may wish to update your font path for /usr/local/share/fonts/ubuntu > openbsdsrc# exit > > > Script done on Mon Oct 22 14:16:14 2018 > -- Kindest regards, Tom Smyth Mobile: +353 87 6193172 The information contained in this E-mail is intended only for the confidential use of the named recipient. If the reader of this message is not the intended recipient or the person responsible for delivering it to the recipient, you are hereby notified that you have received this communication in error and that any review, dissemination or copying of this communication is strictly prohibited. If you have received this in error, please notify the sender immediately by telephone at the number above and erase the message You are requested to carry out your own virus check before opening any attachment.
Old OpenBSD 6.1 Diagnosing alloc_subregion: can't allocate region and resource shortage: 1 pages of swap lost
Hello, I have have a box terminating openVPN connections and after an upstream router rebooted suddenly I salw a klog error followed by an alloc_subregion error followed by extent_alloc_subregion error the OpenBSD Box ram s ram (according to the hypervisor) was not completely used up... is there any other reason why the error below can occur ... are there any sysctl settings changes I need to condsider to avoid this error in future ... Thanks Tom Smyth Oct 28 08:03:20 persistent02 /bsd: klog: dropped 906578 bytes, message buffer full Oct 28 08:03:36 persistent02 /bsd: alloc_subregion: can't allocate region descriptor Oct 28 08:03:36 persistent02 /bsd: extent_alloc_subregion: can't allocate region descriptor Oct 28 08:03:39 persistent02 /bsd: warning: resource shortage: 1 pages of swap lost Oct 28 08:03:39 persistent02 /bsd: extent_alloc_subregion: can't allocate region descriptor Oct 28 08:03:39 persistent02 /bsd: extent_alloc_subregion: can't allocate region descriptor Oct 28 08:03:39 persistent02 /bsd: warning: resource shortage: 1 pages of swap lost Oct 28 08:03:39 persistent02 /bsd: extent_alloc_subregion: can't allocate region descriptor Oct 28 08:03:39 persistent02 /bsd: extent_alloc_subregion: can't allocate region descriptor Oct 28 08:03:39 persistent02 /bsd: warning: resource shortage: 1 pages of swap lost Oct 28 08:03:39 persistent02 /bsd: extent_alloc_subregion: can't allocate region descriptor Oct 28 08:03:39 persistent02 /bsd: extent_alloc_subregion: can't allocate region descriptor Oct 28 08:03:39 persistent02 /bsd: warning: resource shortage: 1 pages of swap lost Oct 28 08:03:39 persistent02 /bsd: extent_alloc_subregion: can't allocate region descriptor Oct 28 08:03:39 persistent02 /bsd: extent_alloc_subregion: can't allocate region descriptor Oct 28 08:03:39 persistent02 /bsd: warning: resource shortage: 1 pages of swap lost Oct 28 08:03:39 persistent02 /bsd: extent_alloc_subregion: can't allocate region descriptor Oct 28 08:03:39 persistent02 /bsd: extent_alloc_subregion: can't allocate region descriptor Oct 28 08:03:39 persistent02 /bsd: warning: resource shortage: 1 pages of swap lost Oct 28 08:03:39 persistent02 /bsd: extent_alloc_subregion: can't allocate region descriptor Oct 28 08:03:39 persistent02 /bsd: extent_alloc_subregion: can't allocate region descriptor Oct 28 08:03:39 persistent02 /bsd: warning: resource shortage: 1 pages of swap lost Oct 28 08:03:39 persistent02 /bsd: extent_alloc_subregion: can't allocate region descriptor Oct 28 08:03:39 persistent02 /bsd: extent_alloc_subregion: can't allocate region descriptor Oct 28 08:03:39 persistent02 /bsd: warning: resource shortage: 1 pages of swap lost Oct 28 08:03:39 persistent02 /bsd: extent_alloc_subregion: can't allocate region descriptor Oct 28 08:03:39 persistent02 /bsd: extent_alloc_subregion: can't allocate region descriptor Oct 28 08:03:39 persistent02 /bsd: warning: resource shortage: 1 pages of swap lost Oct 28 08:03:39 persistent02 /bsd: extent_alloc_subregion: can't allocate region descriptor Oct 28 08:03:39 persistent02 /bsd: extent_alloc_subregion: can't allocate region descriptor Oct 28 08:03:39 persistent02 /bsd: warning: resource shortage: 1 pages of swap lost Oct 28 08:03:39 persistent02 /bsd: extent_alloc_subregion: can't allocate region descriptor Oct 28 08:03:39 persistent02 /bsd: extent_alloc_subregion: can't allocate region descriptor Oct 28 08:03:39 persistent02 /bsd: warning: resource shortage: 1 pages of swap lost Oct 28 08:03:39 persistent02 /bsd: extent_alloc_subregion: can't allocate region descriptor Oct 28 08:03:39 persistent02 /bsd: extent_alloc_subregion: can't allocate region descriptor Oct 28 08:03:39 persistent02 /bsd: warning: resource shortage: 1 pages of swap lost Oct 28 08:03:39 persistent02 /bsd: extent_alloc_subregion: can't allocate region descriptor Oct 28 08:03:39 persistent02 /bsd: extent_alloc_subregion: can't allocate region descriptor Oct 28 08:03:39 persistent02 /bsd: warning: resource shortage: 1 pages of swap lost Oct 28 08:03:39 persistent02 /bsd: extent_alloc_subregion: can't allocate region descriptor Oct 28 08:03:39 persistent02 /bsd: extent_alloc_subregion: can't allocate region descriptor Oct 28 08:03:39 persistent02 /bsd: warning: resource shortage: 1 pages of swap lost Oct 28 08:03:39 persistent02 /bsd: extent_alloc_subregion: can't allocate region descriptor Oct 28 08:03:39 persistent02 /bsd: extent_alloc_subregion: can't allocate region descriptor Oct 28 08:03:39 persistent02 /bsd: warning: resource shortage: 1 pages of swap lost Oct 28 08:03:39 persistent02 /bsd: extent_alloc_subregion: can't allocate region descriptor Oct 28 08:03:39 persistent02 /bsd: extent_alloc_subregion: can't allocate region descriptor Oct 28 08:03:39 persistent02 /bsd: warning: resource shortage: 1 pages of swap l
Re: daily cron not starting
what does crontab -l say ? On Tue, 13 Nov 2018 at 05:49, Tony Boston wrote: > > Hi misc@, > > the daily cron is not running anymore although I can execute '/bin/sh > /etc/daily' by hand just fine. I don't see anything in the logs and I > don't have any clue what else to check. > Do you guys have any idea? > > -- > Tony > > GPG-FP: 49CC8250 CDCF2183 6209C1AE 625677C1 F7783D5F > Threema: DN8PJX4Z > -- Kindest regards, Tom Smyth
BGPlooking glass in 1 RDOMAIN BGPD in another RDomain
Hello, I have a Looking glass that I want to run on a management interface that is in a separate rdomain to the BGP router ... is there away we can have the the bgprocess in one RDomain (main Rdomain) and the the bgp looking glass in another rdomain... so currently i have httpd in Rdomain 240 slowcgi is running in rdomain 0 ping works but not the bgp commands... I tried setting slowcgi flags but they just didn't take do I need to run slowcgi with route -T240 exec slowcgi ? (which would put the entire bgplg and the bgp collector on the same Rdomain.. any suggestions are welcome ...thanks
Re: BGPlooking glass in 1 RDOMAIN BGPD in another RDomain
hello So to get it working, I had httpd running in the management Rdomain rcctl set httpd rtable 240 i put the slowcgi running in the main rdomain (default rdomain 0) rcctl set slowcgi rtable 0 followed the man page man bgplg (upped the ram from 1GB to 4GB as I was loading 2 BGP full feeds) and it worked Thanks for your help Claudio ... I think i had a typo in my restricted socket path Tom Smyth On Mon, 19 Nov 2018 at 08:58, Claudio Jeker wrote: > > On Sun, Nov 18, 2018 at 10:57:01PM +0000, Tom Smyth wrote: > > Hello, > > > > I have a Looking glass that I want to run on a management interface > > that is in a separate rdomain to the BGP router ... > > > > is there away we can have the the bgprocess in one RDomain (main Rdomain) > > and the the bgp looking glass in another rdomain... > > > > so currently i have httpd in Rdomain 240 > > slowcgi is running in rdomain 0 > > > > ping works but not the bgp commands... > > > > > > I tried setting slowcgi flags but they just didn't take > > > > > > do I need to run slowcgi with route -T240 exec slowcgi ? > > (which would put the entire bgplg and the bgp collector on the same > > Rdomain.. > > any suggestions are welcome ...thanks > > > > I would check that the restricted socket is in /var/www/run and is called > bgpd.rsock. After that I do not really see why bgpctl should not work. > > If there are no errors logged in the httpd error log then you could try to > ktrace -di the slowcgi process and see why bgplg and bgpctl fails. > > -- > :wq Claudio
Re: Time jumping forward issue under OpenBSD 6.6 VMM
Hi Ian, I think this is a common problem, and has been an issue from time to time on KVM machines also, you can try an alternate counter and see how you get on, if you check out Mischa Peters talk on VMM he has some workarounds that he has deployed in production. but for an NTP server the accuracy of the clock may cause you too much problems.. as I said we had issues before with KVM and the timecounter hardware... but the newer timecounters in recent versions of OpenBSD have worked really well for us. I hope this helps, Tom Smyth On Tue, 3 Mar 2020 at 17:05, Ian Gregory wrote: > > On Tue, 3 Mar 2020 at 15:47, mabi wrote: > > It looks like there is a time issue on that VM although I am running the > > default ntpd of OpenBSD 6.6 and I have added the following parameter into > > my /etc/sysctl.conf on that VM: > > > > kern.timecounter.hardware=tsc > > I've had similar issues with timekeeping within guests of VMM, > although there are improvements in -current with the pvclock time > source. Since the fix below I now see occasional instances of the > clock stepping by a few whole seconds (typically less than 8s) but > it's much less frequent and the magnitude is within the bounds of what > ntpd can correct. > > See > http://openbsd-archive.7691.n7.nabble.com/pvclock-stability-tp376946p377922.html > for some backstory > > (aside: I see similar small occasional clock jumps of an integer > number of seconds on OpenBSD-6.6 guests using tsc running on a VMware > ESXi host) > > Regards > Ian > -- Kindest regards, Tom Smyth.
Re: ACLs in PF ?
Hi Duncan, Peter M Hansteen has a a great book on pf https://nostarch.com/pf3 and Peter M Hansteen also has a nice tutorial on PF https://home.nuug.no/~peter/pftutorial/#1 The manuals are great but the links above help with some context also to help people use the manuals more effectively Hope this helps you ... Thanks, Tom Smyth On Thu, 12 Mar 2020 at 06:46, Duncan Patton a Campbell wrote: > > > easily solved by reading the right man pages. ignore. > > Dhu > > On Thu, 12 Mar 2020 00:06:23 -0600 > Duncan Patton a Campbell wrote: > > > > > Hi all. > > > > This may seem naive but I am wondering there is a simple pf setup to > > perform positive access > > control only accepting traffic from a definite limited set of IP/IP6 > > addresses. > > > > RSVP thanks, > > > > Dhu > > > > > > > > -- > > Je suis Canadien. Ce n'est pas Francais ou Anglaise. > > C'est une esp`ece de sauvage: ne obliviscaris, vix ea nostra voco;-) > > > > > > > -- > Je suis Canadien. Ce n'est pas Francais ou Anglaise. > C'est une esp`ece de sauvage: ne obliviscaris, vix ea nostra voco;-) > -- Kindest regards, Tom Smyth.
Openbsd 6.6 amd64 stable bridge with 90 vlans does not forward packets after reboot
Hello, I have a box that I use to aggregate a number of vlans which are isolated from each other(using port protection groups and bridged onto a 10G interface ix0 these are configured using a standard hostname.bridgefile as follows, cat /etc/hostname.bridge101 maxaddr 16384 timeout 300 up add ix0 -stp ix0 add vlan604 protected vlan604 1 -stp vlan604 add vlan4069 protected vlan4069 1 -stp vlan4069 . . . add vlan3982 protected vlan43982 1 -stp vlan3982 when I reboot the box ... the system does not seem to forward frames ) but if I run sh /etc/netstart bridge101 then the bridge forwards the packets just fine. interface configs are as follows cat /etc/hostname.ix0 mtu 1700 up cat /etc/hostname.ix1 mtu 1708 up cat /etc/hostname.vlan3982 parent ix1 vnetid 3982 mtu 1700 up ifconfig bridge101 yields similar results after reboot as opposed to ifconfig bridge101 after restarting the interface the only differences I saw was the index after reboot the index of bridge101 was 6 but after restarting the bridge101 the index of bridge101 was 98 (which sounds to me like perhaps the bridge was being started before the vlans on bootup) has anyone come across this issue before? Thanks -- Kindest regards, Tom Smyth.
Re: Openbsd 6.6 amd64 stable bridge with 90 vlans does not forward packets after reboot
hi Aaron, I tried that, no such luck !/bin/sleep 20 didnt work i also tried adding sh /etc/netstart bridge101 to the rc.local that didnt work, I ended up just manually destroying the bridge and starting it with sh /etc/netstart to get it running... Thanks Tom Smyth On Fri, 20 Mar 2020 at 02:04, Aaron Mason wrote: > > Hi Tom > > Just looking at /etc/netstart (admittedly for 6.1) and by all rights > that shouldn't be happening - the VLAN interfaces should be starting > well before the bridges. Maybe add !sleep 1 to the top of the > /etc/hostname.bridge101 file and see if it does better? > > On Fri, Mar 20, 2020 at 12:22 PM Tom Smyth > wrote: > > > > Hello, > > > > I have a box that I use to aggregate a number of vlans which are > > isolated from each other(using port protection groups and bridged > > onto a 10G interface ix0 > > these are configured using a standard hostname.bridgefile as follows, > > cat /etc/hostname.bridge101 > > maxaddr 16384 timeout 300 > > up > > add ix0 -stp ix0 > > add vlan604 protected vlan604 1 -stp vlan604 > > add vlan4069 protected vlan4069 1 -stp vlan4069 > > . > > . > > . > > add vlan3982 protected vlan43982 1 -stp vlan3982 > > > > when I reboot the box ... the system does not seem to forward frames ) > > > > but if I run > > sh /etc/netstart bridge101 > > > > then the bridge forwards the packets just fine. > > > > interface configs are as follows > > cat /etc/hostname.ix0 > > mtu 1700 up > > > > cat /etc/hostname.ix1 > > mtu 1708 up > > > > cat /etc/hostname.vlan3982 > > parent ix1 vnetid 3982 mtu 1700 up > > > > > > ifconfig bridge101 yields similar results after reboot as opposed to > > ifconfig bridge101 after restarting the interface > > > > the only differences I saw was the index > > > > after reboot the index of bridge101 was 6 > > > > but after restarting the bridge101 the index of bridge101 was 98 > > (which sounds to me like perhaps the bridge was being started before > > the vlans on bootup) > > > > > > has anyone come across this issue before? > > Thanks > > > > > > > > > > -- > > Kindest regards, > > Tom Smyth. > > > > > -- > Aaron Mason - Programmer, open source addict > I've taken my software vows - for beta or for worse -- Kindest regards, Tom Smyth.
Re: Porting from linux
Howdy Putrid... :) Kurt M and Mark Espie have given some talks available from U Tube https://www.youtube.com/watch?v=eyK_LloYZu4 https://www.youtube.com/watch?v=aw2Gezj-Nkw Peace out ... On Thu, 26 Mar 2020 at 12:53, wrote: > > I want to get into porting, I have experience > installing from source particularly on linux. > > Is there a difference in how package works on > linux and openbsd? Is there a guide anyone > can point me to porting linux packages to > openbsd? > > Are there different syscalls? > Directory systems are almost the same, in > concern to packages. > Is there a need to edit the source? > -- Kindest regards, Tom Smyth.
Re: Faking the same LAN over the Internet
Hi Chris, Dianna, Gre is great and fast and a hell of a lot faster than OpenVPN... However and it is a Big However... Gre does not typically work Across NATs L2 GRE tunnel interfaces u can run on OpenBSD include eoip(4) egre(4), etherip(4) On Wed, 1 Apr 2020 at 17:58, Chris Bennett wrote: > > On Wed, Apr 01, 2020 at 07:01:15AM -0600, Diana Eichert wrote: > > have you considered looking at native OpenBSD tools? > > > > https://man.openbsd.org/egre.4 > > > > Wow! I had no idea about this. > The manual page seems to be very clear, too. > > I have 2 servers at different ISPs and from home I almost always connect > over my phone's hotspot. > > I will definitely be learning this! > > Thanks! > > Chris Bennett > > -- Kindest regards, Tom Smyth.
Bridge performance with vlans on ix(4) and protected ports ) diagnostic tips request
method no _STA method no _STA method no _STA method no _STA method no _STA method no _STA method no _STA method no _STA method no _STA method no _STA method no _STA method no _STA method no _STA method no _STA method no _STA method no _STA method no _STA method no _STA method no _STA method no _STA method no _STA method no _STA method no _STA method no _STA method no _STA method acpicpu0 at acpi0: C1(@1 halt!) acpicpu1 at acpi0: C1(@1 halt!) acpicpu2 at acpi0: C1(@1 halt!) acpicpu3 at acpi0: C1(@1 halt!) "ACPI0006" at acpi0 not configured acpipci0 at acpi0 PCI0: 0x 0x0011 0x0001 acpicmos0 at acpi0 "PNP0A06" at acpi0 not configured "PNP0A06" at acpi0 not configured "QEMU0002" at acpi0 not configured "ACPI0010" at acpi0 not configured "QEMUVGID" at acpi0 not configured cpu0: using VERW MDS workaround pvbus0 at mainbus0: KVM pvclock0 at pvbus0 pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 "Intel 82G33 Host" rev 0x00 vga1 at pci0 dev 1 function 0 "Bochs VGA" rev 0x02 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) uhci0 at pci0 dev 26 function 0 "Intel 82801I USB" rev 0x03: apic 0 int 10 uhci1 at pci0 dev 26 function 1 "Intel 82801I USB" rev 0x03: apic 0 int 10 uhci2 at pci0 dev 26 function 2 "Intel 82801I USB" rev 0x03: apic 0 int 11 ehci0 at pci0 dev 26 function 7 "Intel 82801I USB" rev 0x03: apic 0 int 11 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 configuration 1 interface 0 "Intel EHCI root hub" rev 2.00/1.00 addr 1 azalia0 at pci0 dev 27 function 0 "Intel 82801I HD Audio" rev 0x03: msi azalia0: no HD-Audio codecs ppb0 at pci0 dev 28 function 0 vendor "Red Hat", unknown product 0x000c rev 0x00: apic 0 int 10 pci1 at ppb0 bus 1 ix0 at pci1 dev 0 function 0 "Intel 82599" rev 0x01: msi, address 00:12:c0:88:07:b8 ppb1 at pci0 dev 28 function 1 vendor "Red Hat", unknown product 0x000c rev 0x00: apic 0 int 10 pci2 at ppb1 bus 2 ix1 at pci2 dev 0 function 0 "Intel 82599" rev 0x01: msi, address 00:12:c0:88:07:b9 ppb2 at pci0 dev 28 function 2 vendor "Red Hat", unknown product 0x000c rev 0x00: apic 0 int 10 pci3 at ppb2 bus 3 ix2 at pci3 dev 0 function 0 "Intel 82599" rev 0x01: msi, address 00:12:c0:88:07:b6 ppb3 at pci0 dev 28 function 3 vendor "Red Hat", unknown product 0x000c rev 0x00: apic 0 int 10 pci4 at ppb3 bus 4 uhci3 at pci0 dev 29 function 0 "Intel 82801I USB" rev 0x03: apic 0 int 10 uhci4 at pci0 dev 29 function 1 "Intel 82801I USB" rev 0x03: apic 0 int 10 uhci5 at pci0 dev 29 function 2 "Intel 82801I USB" rev 0x03: apic 0 int 11 ehci1 at pci0 dev 29 function 7 "Intel 82801I USB" rev 0x03: apic 0 int 11 usb1 at ehci1: USB revision 2.0 uhub1 at usb1 configuration 1 interface 0 "Intel EHCI root hub" rev 2.00/1.00 addr 1 ppb4 at pci0 dev 30 function 0 "Intel 82801BA Hub-to-PCI" rev 0x92 pci5 at ppb4 bus 5 ppb5 at pci5 dev 1 function 0 "Red Hat Qemu PCI-PCI" rev 0x00 pci6 at ppb5 bus 6 virtio0 at pci6 dev 5 function 0 "Qumranet Virtio SCSI" rev 0x00 vioscsi0 at virtio0: qsize 128 scsibus1 at vioscsi0: 255 targets sd0 at scsibus1 targ 0 lun 0: sd0: 12288MB, 512 bytes/sector, 25165824 sectors, thin virtio0: msix shared virtio1 at pci6 dev 18 function 0 "Qumranet Virtio Network" rev 0x00 vio0 at virtio1: address 3a:28:3d:f6:05:45 virtio1: msix shared ppb6 at pci5 dev 2 function 0 "Red Hat Qemu PCI-PCI" rev 0x00 pci7 at ppb6 bus 7 ppb7 at pci5 dev 3 function 0 "Red Hat Qemu PCI-PCI" rev 0x00 pci8 at ppb7 bus 8 ppb8 at pci5 dev 4 function 0 "Red Hat Qemu PCI-PCI" rev 0x00 pci9 at ppb8 bus 9 pcib0 at pci0 dev 31 function 0 "Intel 82801IB LPC" rev 0x02 ahci0 at pci0 dev 31 function 2 "Intel 82801I AHCI" rev 0x02: msi, AHCI 1.0 ahci0: port 1: 1.5Gb/s scsibus2 at ahci0: 32 targets cd0 at scsibus2 targ 1 lun 0: removable ichiic0 at pci0 dev 31 function 3 "Intel 82801I SMBus" rev 0x02: apic 0 int 10 iic0 at ichiic0 usb2 at uhci0: USB revision 1.0 uhub2 at usb2 configuration 1 interface 0 "Intel UHCI root hub" rev 1.00/1.00 addr 1 usb3 at uhci1: USB revision 1.0 uhub3 at usb3 configuration 1 interface 0 "Intel UHCI root hub" rev 1.00/1.00 addr 1 usb4 at uhci2: USB revision 1.0 uhub4 at usb4 configuration 1 interface 0 "Intel UHCI root hub" rev 1.00/1.00 addr 1 usb5 at uhci3: USB revision 1.0 uhub5 at usb5 configuration 1 interface 0 "Intel UHCI root hub" rev 1.00/1.00 addr 1 usb6 at uhci4: USB revision 1.0 uhub6 at usb6 configuration 1 interface 0 "Intel UHCI root hub" rev 1.00/1.00 addr 1 usb7 at uhci5: USB revision 1.0 uhub7 at usb7 configuration 1 interface 0 "Intel UHCI root hub" rev 1.00/1.00 addr 1 isa0 at pcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 irq 1 irq 12 pckbd0 at pckbc0 (kbd slot) wskbd0 at pckbd0: console keyboard, using wsdisplay0 pms0 at pckbc0 (aux slot) wsmouse0 at pms0 mux 0 pcppi0 at isa0 port 0x61 spkr0 at pcppi0 vscsi0 at root scsibus3 at vscsi0: 256 targets softraid0 at root scsibus4 at softraid0: 256 targets root on sd0a (cdebca84b665f93b.a) swap on sd0b dump on sd0b -- Kindest regards, Tom Smyth.
Re: IPv4 traffic over IPv6 tunnel approach
Hi Martin, If I understand your question correctly you need 2 endpoints to the tunnel... for gif(4) or any gre((4) based tunnel you need the interface setup on both the client and the server (gateway) if you have a gateway serving multiple clients... then you need one interface per client that you intend to connect Thanks Tom Smyth On Fri, 8 May 2020 at 17:38, Martin wrote: > > Thanks for confirmation. > > Hope I understand gif(4) functionality right from its configuration. Can I > set /etc/hostname.gif0 from client's side only like below: > > /etc/hostname.gif0 > tunnel 10.20.30.40 195.203.212.221 > inet6 alias 2001:05a8::0001::::8542 128 > dest 2001:05a8::0001::::8541 > > where > tunnel 10.20.30.40 is client's address, 195.203.212.221 gateway machine > egress IPv4 > inet6 alias is the same IPv6 address of client's IPv6 local interface or an > IPv6 address in the same subnet. > dest IPv6 is a destination IPv6 interface address of gateway machine. > > Do I need to setup gif0 on gateway machine to have encapsulation working? > > Martin > > ‐‐‐ Original Message ‐‐‐ > On Friday, May 8, 2020 1:43 PM, Kristjan Komlosi > wrote: > > > gif(4) should work fine, as it's designed to do what you described. The > > best approach depends on the level of security you want to achieve. IPIP > > tunnels aren't encrypted... > > > > regards, kristjan > > > > On 5/8/20 3:32 PM, Martin wrote: > > > > > I have IPv6 unidirectional tunnel between two machines. One of them is > > > gateway, another one is a client. > > > The goal is to route IPv4 packets over IPv6 tunnel from client to gateway > > > and NAT IPv4 packet to egress on gateway machine. > > > May I use gif(4) for it or what is the best approach to traverse IPv4 > > > packets over IPv6 tun? > > > Martin > > -- Kindest regards, Tom Smyth.
Re: IPv4 traffic over IPv6 tunnel approach
Martin If I understand your question correctly ... PC1 --IPV6 Gateway1 so you have a public ipv6 address on PC1 and Gateway 1 hostname.gif should specify the real ipv6 address of PC1 and the real IPv6 address of gateway1 in it to establish the tunnel #setup the tunnel interface with a command similar to the following ifconfig gif1 tunnel PC1-IPV6Gateway1-IPV6 #setup an ip address (ipv4) on the gif tunnel ifconfig gif1 inet PC1-IPv4address/subnetmask and do the the gateway ifconfig gif1 tunnel Gateway1-IPV6 PC1-IPV6 setup gateway ipv4 address on tunnel interface you just cratesed ifconfig gif1 inet PC1-IPv4address/subnetmask then you just need to add a default IPv4 Route on the client to the gateway On Fri, 8 May 2020 at 20:05, Martin wrote: > > Last thing I have to understand about gif(4) and IPv6 tunneling. > > Should I set gif(4) 'inet6 alias' = the same IPv6 of the local end of IPv6 > tunnel interface or just set 'inet6 alias' for gif(4) in tunnel's IPv6 subnet? > > Martin > > ‐‐‐ Original Message ‐‐‐ > On Friday, May 8, 2020 4:41 PM, Tom Smyth > wrote: > > > Hi Martin, > > If I understand your question correctly > > > > you need 2 endpoints to the tunnel... > > > > for gif(4) or any gre((4) based tunnel > > you need the interface setup on both the client and the server (gateway) > > > > if you have a gateway serving multiple clients... then you need one > > interface per client that you intend to connect > > Thanks > > Tom Smyth > > > > On Fri, 8 May 2020 at 17:38, Martin martin...@protonmail.com wrote: > > > > > Thanks for confirmation. > > > Hope I understand gif(4) functionality right from its configuration. Can > > > I set /etc/hostname.gif0 from client's side only like below: > > > /etc/hostname.gif0 > > > tunnel 10.20.30.40 195.203.212.221 > > > inet6 alias 2001:05a8::0001::::8542 128 > > > dest 2001:05a8::0001::::8541 > > > where > > > tunnel 10.20.30.40 is client's address, 195.203.212.221 gateway machine > > > egress IPv4 > > > inet6 alias is the same IPv6 address of client's IPv6 local interface or > > > an IPv6 address in the same subnet. > > > dest IPv6 is a destination IPv6 interface address of gateway machine. > > > Do I need to setup gif0 on gateway machine to have encapsulation working? > > > Martin > > > ‐‐‐ Original Message ‐‐‐ > > > On Friday, May 8, 2020 1:43 PM, Kristjan Komlosi > > > kristjan.koml...@gmail.com wrote: > > > > > > > gif(4) should work fine, as it's designed to do what you described. The > > > > best approach depends on the level of security you want to achieve. IPIP > > > > tunnels aren't encrypted... > > > > regards, kristjan > > > > On 5/8/20 3:32 PM, Martin wrote: > > > > > > > > > I have IPv6 unidirectional tunnel between two machines. One of them > > > > > is gateway, another one is a client. > > > > > The goal is to route IPv4 packets over IPv6 tunnel from client to > > > > > gateway and NAT IPv4 packet to egress on gateway machine. > > > > > May I use gif(4) for it or what is the best approach to traverse IPv4 > > > > > packets over IPv6 tun? > > > > > Martin > > > > -- > > > > Kindest regards, > > Tom Smyth. > > -- Kindest regards, Tom Smyth.
Re: Networking/pf question, I am not sure ?
Hello Clarence, you would need to provide some more information about your setup, ip addresses on interfaces , what is your pf.conf etc... In your experia ( I believe they are android) you can download the hurricane electric network tools (HE network tools) (a free app to run rudimentary network diagnostic commands, such as ping traceroute dns lookup tests to identify the problem associated with your connection when using openBSD.. that would help you diagnose the source of the connectivity problems you are having... Hope this helps Tom Smyth On Sun, 10 May 2020 at 13:09, man Chan wrote: > > Hello, > I recently setup a home network as followings (Just for fun): > ISP <> openbsd router (version 6.6 Stable) <---> gigabits switch > (TP-Link TL-SG1008D) <-> linksys ea8300 (with wireless) > > everything works except that I can't use my sony xperia tablet to access > internet using the wireless function provide by the linksys-ea8300. > When I replace the openbsd-router and switch with another wireless router, I > can use my sony xperia to access the internet. Does any one try this before ? > If yes, please let me to know how you do it. Thanks. > Clarence -- Kindest regards, Tom Smyth.
Re: Intel I210 Fiber Optic Ethernet Card Transceiver Info.
Hi Vertigo, can you send on a dmesg, what version and architecture OpenBSD are you running. ? I believe dlg@ had added in SFP+ functionality between OpenBSD 6.5 6.6 ? ( it may have been SFP+ functionality on the ix(4) (and not em(4) driver) On Tue, 12 May 2020 at 20:58, Vertigo Altair wrote: > > Hi Misc, > > I have 2 questions about my dual port fiber optic ethernet card with Intel > I210 chipset: > 1. The ifconfig em0 media command output only shows that it supports > multi-mode fiber (1G SX). > Actually it worked when I tried single mode fiber. But I still wanted to > report this to OpenBSD developers. > > 2. The ifconfig em0 sff or ifconfig em0 transceiver output does not return > information about transceiver. > Could the EM driver not support the transceiver / sff command set? > I searched on Google but I couldn't find such an expression. > > You can find the relevant command outputs below. > Thank you very much for your help in advance. > Stay safe. > > # pcidump | grep Fiber > 2:0:0: Intel I210 Fiber > 3:0:0: Intel I210 Fiber > # pcidump -v 2:0:0 > 2:0:0: Intel I210 Fiber > 0x: Vendor ID: 8086, Product ID: 1536 > 0x0004: Command: 0147, Status: 0010 > 0x0008: Class: 02 Network, Subclass: 00 Ethernet, > Interface: 00, Revision: 03 > 0x000c: BIST: 00, Header Type: 00, Latency Timer: 00, > Cache Line Size: 10 > 0x0010: BAR mem 32bit addr: 0xdfd0/0x0008 > 0x0014: BAR empty () > 0x0018: BAR io addr: 0xd000/0x0020 > 0x001c: BAR mem 32bit addr: 0xdfd8/0x4000 > 0x0020: BAR empty () > 0x0024: BAR empty () > 0x0028: Cardbus CIS: > 0x002c: Subsystem Vendor ID: Product ID: > 0x0030: Expansion ROM Base Address: > 0x0038: > 0x003c: Interrupt Pin: 01 Line: 0b Min Gnt: 00 Max Lat: 00 > 0x0040: Capability 0x01: Power Management > State: D0 > 0x0050: Capability 0x05: Message Signalled Interrupts (MSI) > Enabled: yes > 0x0070: Capability 0x11: Extended Message Signalled Interrupts > (MSI-X) > Enabled: no; table size 5 (BAR 3:0) > 0x00a0: Capability 0x10: PCI Express > Link Speed: 2.5 / 2.5 GT/s, Link Width: x1 / x1 > 0x0100: Enhanced Capability 0x01: Advanced Error Reporting > 0x0140: Enhanced Capability 0x03: Device Serial Number > Serial Number: 00900b875ba7 > 0x01a0: Enhanced Capability 0x17: TPH Requester > > # ifconfig em0 media > em0: flags=8802 mtu 1500 > lladdr fe:e1:ba:d0:92:da > index 1 priority 0 llprio 3 > trunk: trunkdev aggr0 > media: Ethernet autoselect (none) > status: no carrier > supported media: > media 1000baseSX mediaopt full-duplex > media 1000baseSX > media autoselect -- Kindest regards, Tom Smyth.
Re: DNS and rdomains
howdy, you can use symbolic links for /etc/rc.d/nsd to /etc/rc.d/nsd1 and to/etc/rc.d/nsd2 to /etc/rc.d/nsdn where 1,2 n are your r domains for your dns servers (authoritive) or you can use unbound instead of nsd if it is just a forwarding dns server then use for a dns server for rdomain1 rcctl enable nsd1 rcctl set nsd1 rtable=1 repeat the procedure for each domain configured rcctl enable nsd2 rcctl set nsd2 rtable=2 then go back to rdomain0 route -T0 exec ksh and then run the following to start each of your daemons rcctl start nsd1 rcctl start nsd2 and so on and so fourth... I used to have issues starting and stopping daemons if I was not in the correct domain when running the rcctl command, I saw a diff by ajacoutot a few months / (years ago that might have fixed the rcctl starting domains from a shell in a different Rdomain... I just got into the habit... of going to the correct rdomain of the daemon or rdomain0 before running the rcctl command to start / stop or restart the daemon Hope this helps, Tom Smyth On Wed, 27 May 2020 at 23:24, James wrote: > > Hi all, > > How can I allow different rdomains to use separate DNS nameservers? > > Thanks > -- Kindest regards, Tom Smyth.
Re: DNS and rdomains
oh yeah you will have to adjust the flags for each daemon (to accept a different config file for each dns server in each Rdomain... hope this helps... On Wed, 27 May 2020 at 23:35, Tom Smyth wrote: > howdy, > > you can use symbolic links for /etc/rc.d/nsd to /etc/rc.d/nsd1 > and to/etc/rc.d/nsd2 to /etc/rc.d/nsdn where 1,2 n are your r > domains for your > dns servers (authoritive) or you can use unbound instead of nsd > if it is just a forwarding dns server > > then use for a dns server for rdomain1 > rcctl enable nsd1 > rcctl set nsd1 rtable=1 > > repeat the procedure for each domain configured > rcctl enable nsd2 > rcctl set nsd2 rtable=2 > > then go back to rdomain0 > route -T0 exec ksh > and then run the following to start each of your daemons > > rcctl start nsd1 > rcctl start nsd2 > > and so on and so fourth... > > I used to have issues starting and stopping daemons if I was not in > the correct domain when running the rcctl command, > I saw a diff by ajacoutot a few months / (years ago that might have > fixed the rcctl starting domains from a shell in a different > Rdomain... > I just got into the habit... of going to the correct rdomain of the > daemon or rdomain0 before running the rcctl command to start / stop or > restart the daemon > > Hope this helps, > > Tom Smyth > > > On Wed, 27 May 2020 at 23:24, James wrote: > > > > Hi all, > > > > How can I allow different rdomains to use separate DNS nameservers? > > > > Thanks > > > > > -- > Kindest regards, > Tom Smyth. > -- Kindest regards, Tom Smyth.
Re: DNS and rdomains
Unbound can use root hints And you can over ride nameservers learned from dhclient Check man dhclient for more info And Set your resolv.conf nameservers to 127.0.0.1 Peace out On Thursday, 28 May 2020, James wrote: > Thanks. Your solution works but is not ideal for my situation. The > reason it's not ideal is that one of the rdomains gets its nameserver > from DHCP and I don't think unbound can read this information. > > For example, In the case of a captive portal or floating between APs I > would like DNS to work on different LANs where outbound DNS queries are > blocked. > I'm trying to build an isolated network environment in which all traffic > is routed over an interface with a custom DNS server and no network leaks. > > My solution so far is as follows: > ___ ___ > | || | > | rdomain0 || rdomain1 | > | pair0 ||pair1 | > |tun0 ||wlan0 | > |___||___| > > with pf tagging and NAT'ing tun0 traffic behind wlan0. > rdomain0 DNS queries should be routed to a fixed address and > rdomain1 DNS queries should be sent to the nameserver as per > /etc/resolv.conf generated from dhclient. > > Linux's implementation of network namespaces allows for custom > resolv.conf files per network namespace [1]. The problem I currently face > is that only 1 rdomain can perform DNS queries at a time by modifying > /etc/resolv.conf. > > Thanks, > > > > [1] https://www.man7.org/linux/man-pages/man8/ip-netns.8.html > > On Wed, May 27, 2020 at 11:35:11PM +0100, Tom Smyth wrote: > >> howdy, >> >> you can use symbolic links for /etc/rc.d/nsd to /etc/rc.d/nsd1 >> and to/etc/rc.d/nsd2 to /etc/rc.d/nsdn where 1,2 n are your r >> domains for your >> dns servers (authoritive) or you can use unbound instead of nsd >> if it is just a forwarding dns server >> >> then use for a dns server for rdomain1 >> rcctl enable nsd1 >> rcctl set nsd1 rtable=1 >> >> repeat the procedure for each domain configured >> rcctl enable nsd2 >> rcctl set nsd2 rtable=2 >> >> then go back to rdomain0 >> route -T0 exec ksh >> and then run the following to start each of your daemons >> >> rcctl start nsd1 >> rcctl start nsd2 >> >> and so on and so fourth... >> >> I used to have issues starting and stopping daemons if I was not in >> the correct domain when running the rcctl command, >> I saw a diff by ajacoutot a few months / (years ago that might have >> fixed the rcctl starting domains from a shell in a different >> Rdomain... >> I just got into the habit... of going to the correct rdomain of the >> daemon or rdomain0 before running the rcctl command to start / stop or >> restart the daemon >> >> Hope this helps, >> >> Tom Smyth >> >> >> On Wed, 27 May 2020 at 23:24, James wrote: >> >>> >>> Hi all, >>> >>> How can I allow different rdomains to use separate DNS nameservers? >>> >>> Thanks >>> >>> >> >> -- >> Kindest regards, >> Tom Smyth. >> >> -- Kindest regards, Tom Smyth.
Re: VMM Debian guest serial setup help needed
Hi George, a reboot on a serial console is probably due to the serial console speeds miss matching, between your console client and the console on the guest. make sure you are setting the console speed / parity, etc also this issue happens frequently also when booting the PC Engines board where the bios runs at 115200 baud , N 8 1 and then the OpenBSD Console changes to 9600 N 8 1 during boot (defaults on installxx.fs / installxx.img hope this helps Tom Smyth On Wed, 10 Jun 2020 at 21:01, George wrote: > Hi guys, > > I apologize if this maybe out of topic even though it is truly related > to VMM than Debian. > > I am trying to setup a VMM Debian based guest but I'm not able to get it > to work. I found some description on the web about which settings to > edit in grub.cfg to enable the serial console and created a VM with 10.3 > in qcow2 disk format in KVM. Now I am trying to start the same on > OpenBSD 6.7 but keep getting the connected message and then just > "Rebooting " after I hit some keyboard keys seems like baud rate issue > but not sure. > > After messing with it for a while now I am getting a new error: > > vmctl: could not open disk image(s) > > even thought the disk is there and readable to the user I have setup in > vm.conf in fact I have another VM with the same configuration and disk > with the same permissions and in the same location that works (it is > OpenBSD based). > > I would greatly appreciate it if someone has gone this path and can > share some config info with me. > > Cheers and thanks in advance, > > George > > > > -- Kindest regards, Tom Smyth.
Re: VMM Debian guest serial setup help needed
Hi George, if you are using the pre-built image perhaps you can test image with the Baud setting on a physical apu to verify that the baud setting is correct ? from what i can tell with debian there are a few ways of setting the grub boot config and perhaps there is a step missing.. hope this helps On Fri, 12 Jun 2020 at 16:27, George wrote: > > On 2020-06-10 4:29 p.m., Tom Smyth wrote: > > Hi George, > > a reboot on a serial console is probably due to the serial console speeds > > miss matching, between your > > console client and the console on the guest. > > > > make sure you are setting the console speed / parity, etc also > > > > this issue happens frequently also when booting the PC Engines board > where > > the bios runs at 115200 baud , N 8 1 > > and then the OpenBSD Console changes to 9600 N 8 1 during boot (defaults > on > > installxx.fs / installxx.img > > > > hope this helps > > Tom Smyth > > Thanks Tom! I agree I have seen this reboot behavior on apu's and a > soekris device(s), but I am setting the rate properly or so I believe > anyway. The trick with the install on APU's is to set the baud rate at > install time along with the console port: > > stty com0 19200 > set tty com0 > > Here though I have preinstalled and pre-build the OS and updated the > GRUB config to use the console to send boot and other messages > unfortunately apparently not really ... > > > > > > On Wed, 10 Jun 2020 at 21:01, George wrote: > > > >> Hi guys, > >> > >> I apologize if this maybe out of topic even though it is truly related > >> to VMM than Debian. > >> > >> I am trying to setup a VMM Debian based guest but I'm not able to get it > >> to work. I found some description on the web about which settings to > >> edit in grub.cfg to enable the serial console and created a VM with 10.3 > >> in qcow2 disk format in KVM. Now I am trying to start the same on > >> OpenBSD 6.7 but keep getting the connected message and then just > >> "Rebooting " after I hit some keyboard keys seems like baud rate issue > >> but not sure. > >> > >> After messing with it for a while now I am getting a new error: > >> > >> vmctl: could not open disk image(s) > >> > >> even thought the disk is there and readable to the user I have setup in > >> vm.conf in fact I have another VM with the same configuration and disk > >> with the same permissions and in the same location that works (it is > >> OpenBSD based). > >> > >> I would greatly appreciate it if someone has gone this path and can > >> share some config info with me. > >> > >> Cheers and thanks in advance, > >> > >> George > >> > >> > >> > >> > -- Kindest regards, Tom Smyth.
Re: www unreachable
It is not accessible from virgin media in Ireland either, not connecting on 80 or 443 TCP ... via telnet... dns is resolving Tracing route to openbsd.org [129.128.5.194] over a maximum of 30 hops: 4 8 ms 5 ms 7 ms 109.255.249.254 528 ms23 ms22 ms 84.116.239.10 617 ms17 ms16 ms 84.116.238.62 7 *** Request timed out. 816 ms17 ms18 ms 84.116.135.46 923 ms21 ms20 ms 84.116.135.69 1019 ms19 ms34 ms 216.66.80.117 1185 ms85 ms82 ms 72.52.92.166 1295 ms95 ms97 ms 184.105.80.10 13 115 ms 117 ms 115 ms 184.105.64.102 14 122 ms 122 ms 123 ms 184.104.192.70 15 133 ms 134 ms 131 ms 72.52.92.61 16 130 ms 130 ms 130 ms 184.105.18.50 17 135 ms 128 ms 129 ms 129.128.255.41 18 *** Request timed out. 19 *** Request timed out. 20 *** Request timed out. 21 133 ms 189 ms 741 ms 129.128.5.194 On Mon, 15 Jun 2020 at 10:50, Chris Bennett wrote: > On Mon, Jun 15, 2020 at 09:43:03AM +0200, Thomas de Grivel wrote: > > Hello, > > > > http://www.openbsd.org is unreachable. > > > > I wanted to know what's new in the current snapshots ? > > > > I'm not sure about the website. You might have local DNS problems. > Use dig to get the IP address (from a big nameserver like 8.8.8.8) > and skip that problem. > > If you mean the current -release, yes the website is simplest in > general terms only. > > If you mean -current, then the mailing lists and CVS are the right > places to look. misc@ isn't very helpful, but tech@, etc. are excellent. > > > DNS has problems in some places in the world. Usually just for hours. > Annoying, but sites like OpenBSD have stable IP's and knowing that > solves the problem quickly. > If the site has a problem, someone else can clarify that. > > Chris Bennett > > > -- Kindest regards, Tom Smyth.
Re: Openbsd 6.6 amd64 stable bridge with 90 vlans does not forward packets after reboot
Hello, This Issue is resolved in OpenBSD6.7 Release and OpenBSD 6.7 Stable, I no longer have to manually restart the bridge interface after reboot Thanks On Fri, 20 Mar 2020 at 01:20, Tom Smyth wrote: > Hello, > > I have a box that I use to aggregate a number of vlans which are > isolated from each other(using port protection groups and bridged > onto a 10G interface ix0 > these are configured using a standard hostname.bridgefile as follows, > cat /etc/hostname.bridge101 > maxaddr 16384 timeout 300 > up > add ix0 -stp ix0 > add vlan604 protected vlan604 1 -stp vlan604 > add vlan4069 protected vlan4069 1 -stp vlan4069 > . > . > . > add vlan3982 protected vlan43982 1 -stp vlan3982 > > when I reboot the box ... the system does not seem to forward frames ) > > but if I run > sh /etc/netstart bridge101 > > then the bridge forwards the packets just fine. > > interface configs are as follows > cat /etc/hostname.ix0 > mtu 1700 up > > cat /etc/hostname.ix1 > mtu 1708 up > > cat /etc/hostname.vlan3982 > parent ix1 vnetid 3982 mtu 1700 up > > > ifconfig bridge101 yields similar results after reboot as opposed to > ifconfig bridge101 after restarting the interface > > the only differences I saw was the index > > after reboot the index of bridge101 was 6 > > but after restarting the bridge101 the index of bridge101 was 98 > (which sounds to me like perhaps the bridge was being started before > the vlans on bootup) > > > has anyone come across this issue before? > Thanks > > > > > -- > Kindest regards, > Tom Smyth. > -- Kindest regards, Tom Smyth.
Re: OpenBSD Hangs On
Hi Jinn This issue we came across a few years ago , it affects certain versions of KVM / Proxmox... if you disable Intel Preemption timer... in the Hypervisor Linux kernel if you do a search misc lists ... with KVM and freeze and OpenBSD you will see lots of discussions and the exact settings to put in the KVM Hypervisor it may relieve your situation.. Thanks Tom Smyth On Mon, 22 Jun 2020 at 14:30, jin&hitman&Barracuda wrote: > Hello > > I've a virtual appliance on kvm and it hangs on every 3 days > period approximately. The problem been there since its installation which > was in March. When it happens, I can only make hard shutdown/reboot to > recover my system from this issue because the system doesn't respond me. > I'm using version 6.6 of OpenBSD and i already applied the all syspatches. > I'm not certain but it looks like the problem could be related with syslog > deamon. May be it is too early to make an assumption but log messages > (/var/log/messages) show that syslog daemon keeps restarting itself in 4 > hours periods. > > Could someone please point me to how to increase verbosity of the logs ? > I'ld like to dig myself as much as possible. > > Fatih > Sincerely > > dmesg output > > OpenBSD 6.6 (GENERIC) #7: Thu Mar 12 10:32:29 MDT 2020 > r...@syspatch-66-amd64.openbsd.org: > /usr/src/sys/arch/amd64/compile/GENERIC > real mem = 1056817152 (1007MB) > avail mem = 1012228096 (965MB) > mpath0 at root > scsibus0 at mpath0: 256 targets > mainbus0 at root > bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xf5940 (9 entries) > bios0: vendor SeaBIOS version " > rel-1.12.1-0-ga5cab58e9a3f-prebuilt.qemu.org" > date 04/01/2014 > bios0: QEMU Standard PC (i440FX + PIIX, 1996) > acpi0 at bios0: ACPI 1.0 > acpi0: sleep states S3 S4 S5 > acpi0: tables DSDT FACP APIC HPET > acpi0: wakeup devices > acpitimer0 at acpi0: 3579545 Hz, 24 bits > acpimadt0 at acpi0 addr 0xfee0: PC-AT compat > cpu0 at mainbus0: apid 0 (boot processor) > cpu0: Westmere E56xx/L56xx/X56xx (Nehalem-C), 2295.15 MHz, 06-2c-01 > cpu0: > > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3,PCLMUL,SSSE3,CX16,SSE4.1,SSE4.2,x2APIC,POPCNT,AES,HV,NXE,LONG,LAHF,ARAT,MELTDOWN > cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB > 64b/line 16-way L2 cache > cpu0: ITLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped > cpu0: DTLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped > cpu0: smt 0, core 0, package 0 > mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges > cpu0: apic clock running at 1000MHz > ioapic0 at mainbus0: apid 0 pa 0xfec0, version 11, 24 pins > acpihpet0 at acpi0: 1 Hz > acpiprt0 at acpi0: bus 0 (PCI0) > acpicpu0 at acpi0: C1(@1 halt!) > "ACPI0006" at acpi0 not configured > acpipci0 at acpi0 PCI0: _OSC failed > acpicmos0 at acpi0 > "PNP0A06" at acpi0 not configured > "PNP0A06" at acpi0 not configured > "PNP0A06" at acpi0 not configured > "QEMU0002" at acpi0 not configured > "ACPI0010" at acpi0 not configured > cpu0: using IvyBridge MDS workaround > pvbus0 at mainbus0: KVM > pvclock0 at pvbus0 > pci0 at mainbus0 bus 0 > pchb0 at pci0 dev 0 function 0 "Intel 82441FX" rev 0x02 > pcib0 at pci0 dev 1 function 0 "Intel 82371SB ISA" rev 0x00 > pciide0 at pci0 dev 1 function 1 "Intel 82371SB IDE" rev 0x00: DMA, channel > 0 wired to compatibility, channel 1 wired to compatibility > pciide0: channel 0 disabled (no drives) > pciide0: channel 1 disabled (no drives) > uhci0 at pci0 dev 1 function 2 "Intel 82371SB USB" rev 0x01: apic 0 int 11 > piixpm0 at pci0 dev 1 function 3 "Intel 82371AB Power" rev 0x03: apic 0 int > 9 > iic0 at piixpm0 > vga1 at pci0 dev 2 function 0 "Bochs VGA" rev 0x02 > wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) > wsdisplay0: screen 1-5 added (80x25, vt100 emulation) > virtio0 at pci0 dev 3 function 0 "Qumranet Virtio Network" rev 0x00 > vio0 at virtio0: address 52:54:00:a5:1f:57 > virtio0: msix shared > eap0 at pci0 dev 4 function 0 "Ensoniq AudioPCI" rev 0x00: apic 0 int 11 > audio0 at eap0 > midi0 at eap0: > virtio1 at pci0 dev 5 function 0 "Qumranet Virtio Storage" rev 0x00 > vioblk0 at virtio1 > scsibus1 at vioblk0: 2 targets > sd0 at scsibus1 targ 0 lun 0: > sd0: 51200MB, 512 bytes/sector, 104857600 sectors > virtio1: msix shared > virtio2 at pci0 dev 6 function 0 "Qumranet Virtio Memory Balloon" rev 0x00 > viomb0 at virtio2 > virtio2: apic 0 int 10 > isa0 at pcib0 > isadma0 at isa0 > fdc0 at is
OpenBGPd announce fulltables +default
Hello, I notice that in the current manual there is an option to export none, default-route with the explanation below in the manual export (none|default-route)If set to none, no UPDATE messages will be sent to the neighbor. If set to default-route, only the default route will be announced to the neighbor. When export is modified the neighbor session needs to be reset to become active. I was wondering is there an easy way to announce the default + full tables for BGP customers who want to choose to migrate from default routing to full table without contacting me ... something inside me says it would be wrong to add 0.0.0.0/0 network (although if memory serves me correctly previous versions of OpenBGPd would politely decline to do that :) and filter the crap out of that for upstream Transit and Peers (non Customers ) ... -- Kindest regards, Tom Smyth.
Re: OpenBSD Hangs On
But newerversions of kvm / linux kernels are unaffected By the bug fyi On Tuesday, 23 June 2020, jin&hitman&Barracuda wrote: > Thanks! > > On Tue, Jun 23, 2020, 01:40 Tom Smyth > wrote: > >> Hi Jinn >> This issue we came across a few years ago , >> it affects certain versions of KVM / Proxmox... >> if you disable Intel Preemption timer... in the Hypervisor Linux >> kernel >> if you do a search misc lists ... with KVM and freeze and OpenBSD >> you will see lots of discussions and the exact settings to put in the KVM >> Hypervisor >> it may relieve your situation.. >> >> >> Thanks >> Tom Smyth >> >> On Mon, 22 Jun 2020 at 14:30, jin&hitman&Barracuda >> wrote: >> >>> Hello >>> >>> I've a virtual appliance on kvm and it hangs on every 3 days >>> period approximately. The problem been there since its installation which >>> was in March. When it happens, I can only make hard shutdown/reboot to >>> recover my system from this issue because the system doesn't respond me. >>> I'm using version 6.6 of OpenBSD and i already applied the all >>> syspatches. >>> I'm not certain but it looks like the problem could be related with >>> syslog >>> deamon. May be it is too early to make an assumption but log messages >>> (/var/log/messages) show that syslog daemon keeps restarting itself in 4 >>> hours periods. >>> >>> Could someone please point me to how to increase verbosity of the logs ? >>> I'ld like to dig myself as much as possible. >>> >>> Fatih >>> Sincerely >>> >>> dmesg output >>> >>> OpenBSD 6.6 (GENERIC) #7: Thu Mar 12 10:32:29 MDT 2020 >>> r...@syspatch-66-amd64.openbsd.org: >>> /usr/src/sys/arch/amd64/compile/GENERIC >>> real mem = 1056817152 (1007MB) >>> avail mem = 1012228096 (965MB) >>> mpath0 at root >>> scsibus0 at mpath0: 256 targets >>> mainbus0 at root >>> bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xf5940 (9 entries) >>> bios0: vendor SeaBIOS version "rel-1.12.1-0-ga5cab58e9a3f- >>> prebuilt.qemu.org" >>> date 04/01/2014 >>> bios0: QEMU Standard PC (i440FX + PIIX, 1996) >>> acpi0 at bios0: ACPI 1.0 >>> acpi0: sleep states S3 S4 S5 >>> acpi0: tables DSDT FACP APIC HPET >>> acpi0: wakeup devices >>> acpitimer0 at acpi0: 3579545 Hz, 24 bits >>> acpimadt0 at acpi0 addr 0xfee0: PC-AT compat >>> cpu0 at mainbus0: apid 0 (boot processor) >>> cpu0: Westmere E56xx/L56xx/X56xx (Nehalem-C), 2295.15 MHz, 06-2c-01 >>> cpu0: >>> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA, >>> CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3,PCLMUL, >>> SSSE3,CX16,SSE4.1,SSE4.2,x2APIC,POPCNT,AES,HV,NXE,LONG, >>> LAHF,ARAT,MELTDOWN >>> cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB >>> 64b/line 16-way L2 cache >>> cpu0: ITLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped >>> cpu0: DTLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped >>> cpu0: smt 0, core 0, package 0 >>> mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges >>> cpu0: apic clock running at 1000MHz >>> ioapic0 at mainbus0: apid 0 pa 0xfec0, version 11, 24 pins >>> acpihpet0 at acpi0: 1 Hz >>> acpiprt0 at acpi0: bus 0 (PCI0) >>> acpicpu0 at acpi0: C1(@1 halt!) >>> "ACPI0006" at acpi0 not configured >>> acpipci0 at acpi0 PCI0: _OSC failed >>> acpicmos0 at acpi0 >>> "PNP0A06" at acpi0 not configured >>> "PNP0A06" at acpi0 not configured >>> "PNP0A06" at acpi0 not configured >>> "QEMU0002" at acpi0 not configured >>> "ACPI0010" at acpi0 not configured >>> cpu0: using IvyBridge MDS workaround >>> pvbus0 at mainbus0: KVM >>> pvclock0 at pvbus0 >>> pci0 at mainbus0 bus 0 >>> pchb0 at pci0 dev 0 function 0 "Intel 82441FX" rev 0x02 >>> pcib0 at pci0 dev 1 function 0 "Intel 82371SB ISA" rev 0x00 >>> pciide0 at pci0 dev 1 function 1 "Intel 82371SB IDE" rev 0x00: DMA, >>> channel >>> 0 wired to compatibility, channel 1 wired to compatibility >>> pciide0: channel 0 disabled (no drives) >>> pciide0: channel 1 disabled (no drives) >>> uhci0 at pci0 dev 1 function 2 "Intel 82371SB USB" rev 0x01: apic 0 int >>> 11 >>>
Re: OpenBGPd announce fulltables +default
Thanks Stuart ... for the feedback Appreciate it ... On Wed, 24 Jun 2020 at 10:17, Stuart Henderson wrote: > On 2020-06-22, Tom Smyth wrote: > > Hello, > > I notice that in the current manual > > there is an option to export none, default-route with the > > explanation below in the manual > > > > export (none|default-route)If set to none, no UPDATE messages will be > > sent to the neighbor. If set to default-route, only the default route > > will be announced to the neighbor. When export is modified the > > neighbor session needs to be reset to become active. > > > > I was wondering is there an easy way to announce the default + full > > tables for BGP customers who want to choose to migrate from default > > routing to full table without contacting me ... > > > > something inside me says it would be wrong to add 0.0.0.0/0 network > > (although if memory serves me correctly previous versions of OpenBGPd > > would politely decline to do that :) and filter the crap out of that > > for upstream Transit and Peers (non Customers ) ... > > > > Adding to networks is exactly how you do this. > > For filters I would do this in a similar way to "mynetworks" in the > example config (with a different prefix-set and controlled by a > different community number) then you can enable/disable it easily > per peer. Don't filter it *out* though - default to not sending > anything and just permit it to the relevant peers. > > > -- Kindest regards, Tom Smyth.
Flooding frames in a Bridge with many ports OpenBSD 6.3-6.7 amd 64
Hello I have been aggregating about 95 vlans into a bridge and I notice the CPU can be quite high with softnet pegged quite high in the bridge so I have an untagged ix0 interface facing the gateway of the LAN which is also an unprotected bridge port and then I have 95 Vlans as protected ports spread across 2other ix(4) interfaces, in doing some analysis and quality checks on the network I noticed that doing a packet capture on either of my trunk ix(4) interfaces (both containing about 45 vlans each so when my gateway is broadcasting an arp request , when this enters the bridge on ix0 the kernel must copy the frame and craft 95 frames with different 802.1Q Tags on it... im wondering has anyone come across this issue before when bridging many ports together. this issue I hadn't fully considered before and I thought it might be a useful edge case for those optimising bridge forwarding. Thanks Tom Smyth -- Kindest regards, Tom Smyth.
Re: OpenBSD Hangs On
Im not sure what you mean? On Sun, 19 Jul 2020 at 23:43, Patrick Dohman wrote: > > > > On Jun 23, 2020, at 11:31 AM, Tom Smyth > wrote: > > > > But newerversions of kvm / linux kernels are unaffected > > By the bug fyi > > Sounds like FUD. > B.T.W where is Boba’s ride? > Regards > Patrick > > -- Kindest regards, Tom Smyth.
Re: OpenBSD Hangs On
Paddy, I wastnt engaging in FUD, I was describing a situation which I and others experienced where there were certain releases of KVM / Linux Hypervisors which on Intel platforms on which OpenBSD would Freeze, the console would slow down and eventually become unresponsive, if I recall correctly Proxmox 4.x worked ... and I think the versions up to 5.0-5.1 Didnt work so well and version 6.x of proxmox seems to work well hosting OpenBSD... the kernel preemption timer and some Hypervisor kernel versions apparently were the source of the bug ALl the Best ... On Sun, 19 Jul 2020 at 23:43, Patrick Dohman wrote: > > > > On Jun 23, 2020, at 11:31 AM, Tom Smyth > wrote: > > > > But newerversions of kvm / linux kernels are unaffected > > By the bug fyi > > Sounds like FUD. > B.T.W where is Boba’s ride? > Regards > Patrick > > -- Kindest regards, Tom Smyth.
Re: Droping UDP traffic
ot; rev 0x00: msi, address > 00:30:48:d4:8d:ba > ppb5 at pci0 dev 28 function 3 "Intel 82801I PCIE" rev 0x02: msi > pci6 at ppb5 bus 11 > em3 at pci6 dev 0 function 0 "Intel 82573L" rev 0x00: msi, address > 00:30:48:d4:8d:bb > uhci3 at pci0 dev 29 function 0 "Intel 82801I USB" rev 0x02: apic 4 int 23 > uhci4 at pci0 dev 29 function 1 "Intel 82801I USB" rev 0x02: apic 4 int 22 > uhci5 at pci0 dev 29 function 2 "Intel 82801I USB" rev 0x02: apic 4 int 21 > ehci1 at pci0 dev 29 function 7 "Intel 82801I USB" rev 0x02: apic 4 int 23 > usb1 at ehci1: USB revision 2.0 > uhub1 at usb1 configuration 1 interface 0 "Intel EHCI root hub" rev > 2.00/1.00 addr 1 > ppb6 at pci0 dev 30 function 0 "Intel 82801BA Hub-to-PCI" rev 0x92 > pci7 at ppb6 bus 17 > radeondrm0 at pci7 dev 3 function 0 "ATI ES1000" rev 0x02 > drm0 at radeondrm0 > radeondrm0: apic 4 int 22 > pciide0 at pci7 dev 4 function 0 "ITExpress IT8213F" rev 0x00: DMA > (unsupported), channel 0 wired to native-PCI, channel 1 wired to native-PCI > pciide0: using apic 4 int 23 for native-PCI interrupt > pciide0: channel 0 ignored (not responding; disabled or no drives?) > pciide0: channel 1 ignored (not responding; disabled or no drives?) > pcib0 at pci0 dev 31 function 0 "Intel 82801IR LPC" rev 0x02 > pciide1 at pci0 dev 31 function 2 "Intel 82801I SATA" rev 0x02: DMA, > channel 0 configured to native-PCI, channel 1 configured to native-PCI > pciide1: using apic 4 int 17 for native-PCI interrupt > wd0 at pciide1 channel 0 drive 0: > wd0: 1-sector PIO, LBA48, 30560MB, 62586880 sectors > wd0(pciide1:0:0): using PIO mode 4, Ultra-DMA mode 5 > ichiic0 at pci0 dev 31 function 3 "Intel 82801I SMBus" rev 0x02: apic 4 > int 17 > iic0 at ichiic0 > lm1 at iic0 addr 0x2d: W83627HF > wbng0 at iic0 addr 0x2f: w83793g > spdmem0 at iic0 addr 0x50: 1GB DDR2 SDRAM ECC PC2-5300CL5 > spdmem1 at iic0 addr 0x51: 1GB DDR2 SDRAM ECC PC2-5300CL5 > spdmem2 at iic0 addr 0x52: 1GB DDR2 SDRAM ECC PC2-5300CL5 > spdmem3 at iic0 addr 0x53: 1GB DDR2 SDRAM ECC PC2-5300CL5 > pciide2 at pci0 dev 31 function 5 "Intel 82801I SATA" rev 0x02: DMA, > channel 0 wired to native-PCI, channel 1 wired to native-PCI > pciide2: using apic 4 int 18 for native-PCI interrupt > "Intel 82801I Thermal" rev 0x02 at pci0 dev 31 function 6 not configured > usb2 at uhci0: USB revision 1.0 > uhub2 at usb2 configuration 1 interface 0 "Intel UHCI root hub" rev > 1.00/1.00 addr 1 > usb3 at uhci1: USB revision 1.0 > uhub3 at usb3 configuration 1 interface 0 "Intel UHCI root hub" rev > 1.00/1.00 addr 1 > usb4 at uhci2: USB revision 1.0 > uhub4 at usb4 configuration 1 interface 0 "Intel UHCI root hub" rev > 1.00/1.00 addr 1 > usb5 at uhci3: USB revision 1.0 > uhub5 at usb5 configuration 1 interface 0 "Intel UHCI root hub" rev > 1.00/1.00 addr 1 > usb6 at uhci4: USB revision 1.0 > uhub6 at usb6 configuration 1 interface 0 "Intel UHCI root hub" rev > 1.00/1.00 addr 1 > usb7 at uhci5: USB revision 1.0 > uhub7 at usb7 configuration 1 interface 0 "Intel UHCI root hub" rev > 1.00/1.00 addr 1 > isa0 at pcib0 > isadma0 at isa0 > com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo > com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo > pckbc0 at isa0 port 0x60/5 irq 1 irq 12 > pckbd0 at pckbc0 (kbd slot) > wskbd0 at pckbd0: console keyboard > pcppi0 at isa0 port 0x61 > spkr0 at pcppi0 > wbsio0 at isa0 port 0x2e/2: W83627HF rev 0x41 > lm2 at wbsio0 port 0x290/8: W83627HF > lm1: disabling sensors due to alias with lm2 > vscsi0 at root > scsibus1 at vscsi0: 256 targets > softraid0 at root > scsibus2 at softraid0: 256 targets > root on wd0a (a310158b1ec5ebc2.a) swap on wd0b dump on wd0b > initializing kernel modesetting (RV100 0x1002:0x515E 0x15D9:0xD480 0x02). > radeondrm0: 1024x768, 16bpp > wsdisplay0 at radeondrm0 mux 1: console (std, vt100 emulation), using > wskbd0 > wsdisplay0: screen 1-5 added (std, vt100 emulation) > > -- Kindest regards, Tom Smyth.
Re: Managing PF logs
pf logs are stored in Tcpdump format, so you can parse them with tcpdump before dumping them into your analysis dbs On Fri, 7 Aug 2020 at 11:36, Carlos Lopez wrote: > Hi all, > > I am thinking about how could be the best option to inject PF logs in > Elasticsearch (or any similar platform). If I am not wrong, some years ago > there is an option using a shell wrapper to store all pf logs in ASCII > format and redirect all of them to a central syslog server (published in PF > FAQ). More or less it is what I am looking for. > > But maybe exists another best option in nowadays. Any ideas? Tips? > > Regards, > C. L. Martinez > > -- Kindest regards, Tom Smyth.
Re: aggr(4) not working with Intel XXV710 SFP28 on a Supermicro X11DPi-N(T)
:e1:ba:d0:7c:e9, > key 0xb, port pri 0x8000 number 0x3 > ixl2 lacp actor state activity,aggregation,defaulted > ixl2 lacp partner system pri 0x0 mac 00:00:00:00:00:00, > key 0x0, port pri 0x0 number 0x0 > ixl2 lacp partner state activity,aggregation,sync > ixl2 port > groups: aggr > media: Ethernet autoselect > status: no carrier > > > Same issue. Anything else to try? > > This does work fine using trunk(4). > > Winfred > > -- Kindest regards, Tom Smyth.
anyone running a Thinkpad T15 Gen1 with 4k display
anyone running a Thinkpad T15 Gen1 with 4k display Im looking for a new laptop and I would like to Run OpenBSD on it also ... I was looking for the T series, and Im wondering is anyone running the T15 Ggen 1 with Nvidia NVIDIA GeForce MX330 GDDR5 2GB 64bits Intel Wi-Fi 6 AX201 2x2ax does anyone have experience with this Laptop... thanks Tom Smyth -- Kindest regards, Tom Smyth.
Re: ThinkPad T14 AMD
IT is hard not to like the T Series Build quality ... I have a laptop on my desk here that is working away after multiple falls... the ethernet port is bent on the main board (main board is bent... still works 1G FDX... awesome... On Sun, 23 Aug 2020 at 23:38, Rupert Gallagher wrote: > T14 AMD turned out to be the very best ThinkPad ever produced, as far as > performance is concerned. The R5 cpu is faster than Intel's i7-10, and the > R7 is faster than the i9, both on single core and multi core benchmarks. > The T14 has a dual heat pipe, and its WAN slot can be used as a disk bay. > > The quality of the chassis is that of the T series. > > Original Message > On Aug 23, 2020, 21:24, flint pyrite < flintnpyr...@gmail.com> wrote: > I had an A485 everything worked except wifi, which I replaced with USB > wifi stick. The laptop, however, turned out ot be a lemon. It is in > repair depot as we speak. On of the cpu cores went bad, keys kept > popping off and the synaptics mouse pad would not click and drag. Just > so you know Lenov support is hideous. It has taken over a one (1) > year and still counting to resolve these issues . > WHat are the specs of the T14? Never heard of it. > On Sun, Aug 23, 2020 at 1:06 PM Rupert Gallagher > wrote: > > > > Anybody managed to boot obsd on the T14? I tried, and it does not even > start. By comparison, Debian chokes on a missing network driver, and Fedora > just works. > -- Kindest regards, Tom Smyth.
Re: FireFox Browser 'Open File' error
rm0 at pci0 dev 2 function 0 "Intel 82945GM Video" rev 0x03 > > drm0 at inteldrm0 > > intagp0 at inteldrm0 > > agp0 at intagp0: aperture at 0xd000, size 0x1000 > > inteldrm0: apic 1 int 16, I945GM, gen 3 > > "Intel 82945GM Video" rev 0x03 at pci0 dev 2 function 1 not configured > > azalia0 at pci0 dev 27 function 0 "Intel 82801GB HD Audio" rev 0x02: msi > > azalia0: codecs: Analog Devices AD1981HD, Conexant/0x2bfa, using Analog > > Devices AD1981HD > > audio0 at azalia0 > > ppb0 at pci0 dev 28 function 0 "Intel 82801GB PCIE" rev 0x02: apic 1 int > 20 > > pci1 at ppb0 bus 2 > > em0 at pci1 dev 0 function 0 "Intel 82573L" rev 0x00: msi, address > > 00:15:58:c4:f6:49 > > ppb1 at pci0 dev 28 function 1 "Intel 82801GB PCIE" rev 0x02: apic 1 int > 21 > > pci2 at ppb1 bus 3 > > wpi0 at pci2 dev 0 function 0 "Intel PRO/Wireless 3945ABG" rev 0x02: msi, > > MoW1, address 00:1b:77:4f:64:5f > > ppb2 at pci0 dev 28 function 2 "Intel 82801GB PCIE" rev 0x02: apic 1 int > 22 > > pci3 at ppb2 bus 4 > > ppb3 at pci0 dev 28 function 3 "Intel 82801GB PCIE" rev 0x02: apic 1 int > 23 > > pci4 at ppb3 bus 12 > > uhci0 at pci0 dev 29 function 0 "Intel 82801GB USB" rev 0x02: apic 1 int > 16 > > uhci1 at pci0 dev 29 function 1 "Intel 82801GB USB" rev 0x02: apic 1 int > 17 > > uhci2 at pci0 dev 29 function 2 "Intel 82801GB USB" rev 0x02: apic 1 int > 18 > > uhci3 at pci0 dev 29 function 3 "Intel 82801GB USB" rev 0x02: apic 1 int > 19 > > ehci0 at pci0 dev 29 function 7 "Intel 82801GB USB" rev 0x02: apic 1 int > 19 > > usb0 at ehci0: USB revision 2.0 > > uhub0 at usb0 configuration 1 interface 0 "Intel EHCI root hub" rev > > 2.00/1.00 addr 1 > > ppb4 at pci0 dev 30 function 0 "Intel 82801BAM Hub-to-PCI" rev 0xe2 > > pci5 at ppb4 bus 21 > > cbb0 at pci5 dev 0 function 0 "TI PCI1510 CardBus" rev 0x00: apic 1 int > 16 > > cardslot0 at cbb0 slot 0 flags 0 > > cardbus0 at cardslot0: bus 22 device 0 cacheline 0x8, lattimer 0xb0 > > pcmcia0 at cardslot0 > > ichpcib0 at pci0 dev 31 function 0 "Intel 82801GBM LPC" rev 0x02: PM > > disabled > > pciide0 at pci0 dev 31 function 1 "Intel 82801GB IDE" rev 0x02: DMA, > > channel 0 configured to compatibility, channel 1 configured to > compatibility > > atapiscsi0 at pciide0 channel 0 drive 0 > > scsibus1 at atapiscsi0: 2 targets > > cd0 at scsibus1 targ 0 lun 0: > removable > > cd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2 > > pciide0: channel 1 ignored (disabled) > > ahci0 at pci0 dev 31 function 2 "Intel 82801GBM AHCI" rev 0x02: msi, AHCI > > 1.1 > > ahci0: port 0: 1.5Gb/s > > scsibus2 at ahci0: 32 targets > > sd0 at scsibus2 targ 0 lun 0: > > naa.5000cca521c3bc11 > > sd0: 57231MB, 512 bytes/sector, 117210240 sectors > > ichiic0 at pci0 dev 31 function 3 "Intel 82801GB SMBus" rev 0x02: apic 1 > > int 23 > > iic0 at ichiic0 > > usb1 at uhci0: USB revision 1.0 > > uhub1 at usb1 configuration 1 interface 0 "Intel UHCI root hub" rev > > 1.00/1.00 addr 1 > > usb2 at uhci1: USB revision 1.0 > > uhub2 at usb2 configuration 1 interface 0 "Intel UHCI root hub" rev > > 1.00/1.00 addr 1 > > usb3 at uhci2: USB revision 1.0 > > uhub3 at usb3 configuration 1 interface 0 "Intel UHCI root hub" rev > > 1.00/1.00 addr 1 > > usb4 at uhci3: USB revision 1.0 > > uhub4 at usb4 configuration 1 interface 0 "Intel UHCI root hub" rev > > 1.00/1.00 addr 1 > > isa0 at ichpcib0 > > isadma0 at isa0 > > pckbc0 at isa0 port 0x60/5 irq 1 irq 12 > > pckbd0 at pckbc0 (kbd slot) > > wskbd0 at pckbd0: console keyboard > > pms0 at pckbc0 (aux slot) > > wsmouse0 at pms0 mux 0 > > wsmouse1 at pms0 mux 0 > > pms0: Synaptics touchpad, firmware 6.2, 0x81a0b1 0x30 0x0 0xa04793 > 0x0 > > pcppi0 at isa0 port 0x61 > > spkr0 at pcppi0 > > aps0 at isa0 port 0x1600/31 > > npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 > > uhidev0 at uhub1 port 2 configuration 1 interface 0 "PixArt HP USB > Optical > > Mouse" rev 2.00/1.00 addr 2 > > uhidev0: iclass 3/1 > > ums0 at uhidev0: 3 buttons, Z dir > > wsmouse2 at ums0 mux 0 > > vscsi0 at root > > scsibus3 at vscsi0: 256 targets > > softraid0 at root > > scsibus4 at softraid0: 256 targets > > root on sd0a (1e4c43cb065898fd.a) swap on sd0b dump on sd0b > > WARNING: / was not properly unmounted > > inteldrm0: 1024x768, 32bpp > > wsdisplay0 at inteldrm0 mux 1: console (std, vt100 emulation), using > wskbd0 > > wsdisplay0: screen 1-5 added (std, vt100 emulation) > > wsmouse2 detached > > ums0 detached > > uhidev0 detached > > uhidev0 at uhub1 port 2 configuration 1 interface 0 "PixArt HP USB > Optical > > Mouse" rev 2.00/1.00 addr 2 > > uhidev0: iclass 3/1 > > ums0 at uhidev0: 3 buttons, Z dir > > wsmouse2 at ums0 mux 0 > > uhidev1 at uhub3 port 1 configuration 1 interface 0 "Lite-On Technology > > Corp. USB Keyboard" rev 1.10/1.09 addr 2 > > uhidev1: iclass 3/1 > > ukbd0 at uhidev1: 8 variable keys, 6 key codes > > wskbd1 at ukbd0 mux 1 > > wskbd1: connecting to wsdisplay0 > > uhidev2 at uhub3 port 1 configuration 1 interface 1 "Lite-On Technology > > Corp. USB Keyboard" rev 1.10/1.09 addr 2 > > uhidev2: iclass 3/0, 2 report ids > > uhid0 at uhidev2 reportid 1: input=2, output=0, feature=0 > > uhid1 at uhidev2 reportid 2: input=1, output=0, feature=0 > > # > > > > > -- Kindest regards, Tom Smyth.
Re: openconnect
Hello All, Drifting off topic on this one but when I saw OpenVPN Openvpn performance on OpenBSD (with Tap Interfaces) is less than one would expect.. even turning off ciphers and auth... you can still get about 80-90mb/s on a machine that would forward about 3.5Gb/s - 5Gb/s In doing a test with tap interfaces and a userland bridge (thanks Claudio) to test where the bottleneck was (incase it was the Tap interface was slow) it looked like OpenBSD Tap interfaces were not performance of the tap interfaces were about 10% slower than bridging physical interfaces To blame... as OpenVPN vpn say themselves it needs a rewrite and perhaps the code inefficiencies in OpenVPN combined with the OpenBSD Mitigations limit performance. sorry for drifting a little off topic... Tom Smyth On Tue, 1 Sep 2020 at 14:40, Stuart Henderson wrote: > On 2020-09-01, Hrvoje Popovski wrote: > > Hi all, > > > > does anyone use an openconnect server on openbsd and have guidelines on > > how to configure it? i see that an openconnect server can use radius, so > > it's interesting to me. Which client do you use to connect to the > > openconnect server? > > It worked when I tested after porting ocserv/openconnect, but I'm not using > it in production. You should be able to connect to ocserv using either the > openconnect client or cisco anyconnect client. > > > If there is something else that can use radius, i would like to know? > > at least these: > > - npppd (yeuch l2tp :) > > - openvpn (there's a username/pw auth method using a helper script, > you can write something calling a radius client to check auth, also > yeuch openvpn :) > > I did once see some code including radius support for iked but it > was tied up with a bunch of other changes and looked a bit complex > to separate. I don't recall whether it was just username/pw or if > it did full EAP. > > > -- Kindest regards, Tom Smyth.
Re: Intl I350 Network Card Not Found
Try Getting the intel firmware from the intel download site or >From your pci card manufacturer... On Thursday, 17 September 2020, Brandon Woodford wrote: > Hello, > > I've been trying to fix an issue with my Intel I350-T4 PCI Network card > not being reported to the OpenBSD 6.7 system during boot. Looking through > dmesg, I was not able to find any reference to the card or the em interface > name that it should have. I've also tried updating all firmware with > fw_update. After that I tried creating a /etc/hostname.em1 file that just > has dhcp included in it and ran sh /etc/netstart. Unfortunately, no luck as > of yet. I was able to find the boot_config(8) man page that describes a > similar issue with the ne(4) driver. I went into the boot configuration and > ran: find em and received a response of: em* at pci* dev -1 function -1 > flags 0x0. Not sure if that means anything. > > Quick note: the card does work on a separate system that is not OpenBSD > but FreeBSD. > > Any help in the right direction is appreciated! > > Thanks. > -- Kindest regards, Tom Smyth.
Re:
Hi Unicorn, what do you have in in your em0 config /etc/hostname.em0 are you in control of the KVM infrastructure ? can you get a vio nic instead of a intel 1000 nic it will generally perform better (according to my humble testing) Hope this helps Tom Smyth On Sat, 19 Sep 2020 at 07:41, Unicorn wrote: > > Hello, > > I am encountering a network related issue in a KVM VPS that I am using > for OpenBSD. The way it appears to me is that /etc/netstart fails to > get a network connection using dhcp on its first attempt, but works on > the second attempt. > > While the system is booting, I see the following: > > em0: no link. sleeping > > However, executing 'sh /etc/netstart' once the system is booted works: > > em0: 123.123.123.123 lease accepted from [...] > > The same happened during first installation of OpenBSD, I just told it > to use dhcp, it fails the first time, but works if I just do the same > thing for the same interface again. > > Attached is the full output of dmesg, I attached it as a plain text > file due to the line breaks hindering readability in email. > > I would appreciate any pointers as to what is happening and how I > could fix it or work around it. > > Thanks a lot in advance! -- Kindest regards, Tom Smyth.
Re: Intl I350 Network Card Not Found
Glad u got sorted Thanks for posting that solution as it would help someonelse sometime in the future On Friday, 25 September 2020, Brandon Woodford wrote: > On Thu, Sep 17, 2020, at 1:39 PM, Brandon Woodford wrote: > > Hello, > > > > I've been trying to fix an issue with my Intel I350-T4 PCI Network card > not being reported to the OpenBSD 6.7 system during boot. Looking through > dmesg, I was not able to find any reference to the card or the em interface > name that it should have. I've also tried updating all firmware with > fw_update. After that I tried creating a /etc/hostname.em1 file that just > has dhcp included in it and ran sh /etc/netstart. Unfortunately, no luck as > of yet. I was able to find the boot_config(8) man page that describes a > similar issue with the ne(4) driver. I went into the boot configuration and > ran: find em and received a response of: em* at pci* dev -1 function -1 > flags 0x0. Not sure if that means anything. > > > > Quick note: the card does work on a separate system that is not OpenBSD > but FreeBSD. > > > > Any help in the right direction is appreciated! > > > > Thanks. > > Update: I was able to solve this issue. I was using a PCIe 2 card in a > PCIe 3 slot. My motherboard had an option to correct the slot to a previous > generation of PCIe (for w/e reason it was called Gen1 in the BIOS). I had > seen this option previously but kept it on auto. All link lights were > working for the card during this time so I figured it was an OS issue. > Turns out I was dead wrong... Changing the setting has fixed all the > issues, so now the em firmware is loaded during boot. > -- Kindest regards, Tom Smyth.
