Victor Sudakov wrote:
>
> Do you have any idea why a FreeBSD host sees only itself in the
> "avahi-browse -a" output?
>
> There are other hosts on the LAN segment, and "avahi-browse -a" on an
> Ubuntu host does show them (and does not show itself, which
Dear Colleagues,
Do you have any idea why a FreeBSD host sees only itself in the
"avahi-browse -a" output?
There are other hosts on the LAN segment, and "avahi-browse -a" on an
Ubuntu host does show them (and does not show itself, which is
reasonable).
--
Victor Sudako
table?
Not yet.
When the situation occurs again, I'll turn on
net.inet6.icmp6.nd6_debug=0xff as Bjoern A. Zeeb has suggested, maybe
I'll see something useful. Then I'll think of updating the system.
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
2:5005/49@fidonet http://vas.tomsk.ru/
signature.asc
Description: PGP signature
st
Why could that be? Hardware problem or software/FreeBSD glitch?
> (you see it only due to the promisc mode of the
> capture). But this is unlikely (due to the promisc mode)
> c) your system is broken
Very likely. That's why I'm here looking for advice and enlightenm
Lutz Donnerhacke wrote:
> Victor Sudakov wrote:
> > Paul Mather wrote:
> > > >>>> Why could it be that a FreeBSD 12.2 host does not reply to ICMPv6
> > > >>>> Neighbor Solicitations from the router?
> >
> > Well, Neighbor Solicita
Lutz Donnerhacke wrote:
> > Victor Sudakov wrote:
> > > Dear Colleagues,
> > >
> > > Why could it be that a FreeBSD 12.2 host does not reply to ICMPv6
> > > Neighbor Solicitations from the router?
> >
> > Any ideas please?
>
> Thank you
nd can be reproduced and reported.
>
> [*] As well as a static IPv6 address I also enable SLAAC to get
> autoconfigured and privacy addresses on the interface.
>
I see your point, this makes sense, but I would like to try and isolate
the problem.
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
2:5005/49@fidonet http://vas.tomsk.ru/
signature.asc
Description: PGP signature
Michael Sierchio wrote:
> On Sun, Jan 3, 2021 at 6:35 PM Victor Sudakov wrote:
>
> > > Why could it be that a FreeBSD 12.2 host does not reply to ICMPv6
> > > Neighbor Solicitations from the router?
> >
> > Any ideas please?
> >
> >
> Are you pe
Victor Sudakov wrote:
> Dear Colleagues,
>
> Why could it be that a FreeBSD 12.2 host does not reply to ICMPv6
> Neighbor Solicitations from the router?
Any ideas please?
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
2:5005/49@fidonet http://vas.tomsk.ru/
signature.asc
Desc
min@MikroTik] >
Packet dump: http://admin.sibptus.ru/~vas/nd1.pcapng
where I ping a host in the IPv6 Internet from 2001:470:ecba:3::5, the
router wants to learn the L2 address for 2001:470:ecba:3::5 to reply
to, and receives no answer.
Where could be the problem?
--
Victor Sudakov, VAS
ght technology (iPXE) for
booting the installation media over the network, or maybe what I'm
doing is stupid and there *is* the right way.
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
2:5005/49@fidonet http://vas.tomsk.ru/
signature.asc
Description: PGP signature
It's very useful.
I guess, the magic I was missing is in using 2 OSPF processes simultaneously:
protocol ospf v2 opsf4 {
ipv4 { import all; export all;};
area 0 {
interface "epair2a" {};
};
}
protocol ospf v3 ospf6 {
ipv6 { import all; export all;};
area 0 {
i
Dear Colleagues,
Can anyone please share a *working* net/bird2 config with OSPFv3
doing both IPv4 and IPv6 routing?
Works fine for me with "protocol ospf v2", but as soon as I switch to
"protocol ospf v3" I lose all IPv4 network information etc.
--
Victor Sudakov, VAS
Dear Colleagues,
Do you know if the new advanced Zabbix agent2 will be ever supported on FreeBSD?
https://www.zabbix.com/documentation/current/manual/concepts/agent2
I'm sending a CC to the Zabbix port maintainer.
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
2:5005/49@fidonet http://vas.tom
Victor Sudakov wrote:
> Patrick M. Hausen wrote:
> >
> > > Am 23.03.2020 um 06:00 schrieb Victor Sudakov :
> > > I've noticed that a newly created gre0 interface has the expected "mtu
> > > 1476"
> > > value, but a newly created gif0
Patrick M. Hausen wrote:
>
> > Am 23.03.2020 um 06:00 schrieb Victor Sudakov :
> > I've noticed that a newly created gre0 interface has the expected "mtu 1476"
> > value, but a newly created gif0 interface has "mtu 1280", why would the
> > d
Victor Sudakov wrote:
>
> If the MTU on the external Ethernet interface is 1500, it should be safe
> to configure the gif(4) interfaces with mtu=1480 and gre(4)
> interfaces with mtu=1476, correct?
>
> I've noticed that a newly created gre0 interface has the expected &q
ly created gif0 interface has "mtu 1280", why would the
default be so low?
A second question. If the gif and gre tunnels will be wrapped in
IPSec transport mode, does it make sense to set the MTU on the
corresponding gif and gre interfaces to some lower value?
--
Victor Sudakov, VAS4-R
condition. But maybe
> it is related to some addresses being in use yet when restarting a jail?
Does this happen only with IPv6 jail addresses?
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
2:5005/49@fidonet http://vas.tomsk.ru/
signature.asc
Description: PGP signature
ea. However I agree that it should
> automatically do the right thing somehow ..
>
>
>
> > Thank you for the hint in the right direction, what would you suggest
> > further?
>
> If you make it 3 seconds, does it deterministically work then?
Not quite: https://termbin.com/arvb
syslogd sometimes remains deprived of the IPv6 address.
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
2:5005/49@fidonet http://vas.tomsk.ru/
signature.asc
Description: PGP signature
e?
>
> # Jail Mail
> ifconfig_em0_alias4="inet6 2a01:4f9:4a:1fd8::17 prefixlen 64"
No, I'd prefer for these addresses to be handled by the jail
infrastructure. That is, I want an address to appear when the
corresponding jail goes up, and to disapper when the jail is shut down.
>
> Restarting the network stack will make ip persistent and I hope usable by your
> jail.
>
I don't want it persistent. If a jail is shut down but its address
persists, it can have undesirable consequences of it suddenly pointing
at the host system.
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
2:5005/49@fidonet http://vas.tomsk.ru/
signature.asc
Description: PGP signature
t;;
>
> In my config there is the interface to use (em0 in my case, re1 should be in
> yours)
I have a more generic "interface = re1" statement, but replacing it with
ip6.addr = "re1|2001:470:ecba:3::4" did not produce any effect on the
jailed daemons.
Of cour
Bjoern A. Zeeb wrote:
> On 18 Mar 2020, at 15:50, Victor Sudakov wrote:
>
> > > If sshd in the host is configured to listen on all available
> > > interfaces and
> > > addresses (the default) then it will catch your jails IP too.
> >
> > Why is i
description: Inside
options=8209b
ether c4:12:f5:33:c9:7c
inet 192.168.4.204/24 broadcast 192.168.4.255
inet6 2001:470:ecba:3::4/128
media: Ethernet autoselect (none)
status: no carrier
nd6 options=21
root@test4:/ #
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
2:5005/49@fidonet http://vas.tomsk.ru/
signature.asc
Description: PGP signature
Miroslav Lachman wrote:
> Victor Sudakov wrote on 2020/03/18 16:15:
> >
> > Is IPv6 in jails supposed to work? Does not work for me, what am I doing
> > wrong?
> >
> > Here is a test jail:
> >
> > test4 {
> > path = /d02/jails/test4
Steve O'Hara-Smith wrote:
> On Wed, 18 Mar 2020 22:15:56 +0700
> Victor Sudakov wrote:
>
> > If I "ssh 2001:470:ecba:3::4" from outside, I get into the host instead
> > of the jail (because 2001:470:ecba:3::4 *is* assigned to re1, but not
> > availab
1500
description: Inside
options=8209b
ether c4:12:f5:33:c9:7c
inet 192.168.4.204/24 broadcast 192.168.4.255
inet6 2001:470:ecba:3::4/64
media: Ethernet autoselect (none)
status: no carrier
nd6 options=21
root@test4:/ #
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
2:5005/49@fidonet http://vas.tomsk.ru/
signature.asc
Description: PGP signature
If I "ssh 2001:470:ecba:3::4" from outside, I get into the host instead
of the jail (because 2001:470:ecba:3::4 *is* assigned to re1, but not
available inside the jail).
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
2:5005/49@fidonet http://vas.tomsk.ru/
signature.asc
Description: PGP signature
dy/cyrussasl.so'
no file '/usr/local/lib/lua/5.2/cyrussasl.so'
no file '/usr/local/lib/lua/5.2/loadall.so'
I guess lua is missing the "cyrussasl" library but where do I get it? I
could not find one in the ports. Nor does the net-im/prosody port have any
con
= off (keep
unchecked).
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
2:5005/49@fidonet http://vas.tomsk.ru/
signature.asc
Description: PGP signature
Sergey Matveev wrote:
> *** Victor Sudakov [2020-01-19 15:07]:
> >Probably this transformation should not cause any increase in payload
> >size because AFAIK a symmetric cipher does not increase the message
> >size (i.e. the encrypted message is not bigger than the cleartext).
Eugene Grosbein wrote:
> 19.01.2020 14:12, Victor Sudakov wrote:
>
> > So this is most probably the artifact of if_enc. What is then the
> > correct way to capture data with it?
>
> This is documented behaviour of enc(4), see its manual page for description
>
Victor Sudakov wrote:
> Julian Elischer wrote:
> > >
> > > > Back to the point. I've figured out that both encrypted (in transport
> > > > mode) and unencrypted TCP segments have the same MSS=1460. Then I'm
> > > > completely at a loss how
Victor Sudakov wrote:
> Michael Sierchio wrote:
> >
> > What is the result of
> >
> > > sysctl net.enc
>
> ot@fbsd-test1:~ # sysctl net.enc
> net.enc.out.ipsec_bpf_mask: 3
> net.enc.out.ipsec_filter_mask: 0
> net.enc.in.ipsec_bpf_mask: 1
> net
how IPSec transport mode and MTU adjustment is implemented in
other OSes (OpenBSD, Linux, even Windows). Any experts?
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
2:5005/49@fidonet http://vas.tomsk.ru/
signature.asc
Description: PGP signature
s, which you could be seeing twice.
>
An artifact of enc0, you think ? Are the above settings sending the
packets to if_enc twice?
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
2:5005/49@fidonet http://vas.tomsk.ru/
signature.asc
Description: PGP signature
_mss: 1220
net.inet.tcp.pmtud_blackhole_mss: 1200
net.inet.tcp.pmtud_blackhole_detection: 0
root@fbsd-test2:~ # sysctl net.inet.tcp | fgrep blackhole_
net.inet.tcp.v6pmtud_blackhole_mss: 1220
net.inet.tcp.pmtud_blackhole_mss: 1200
net.inet.tcp.pmtud_blackhole_detection: 0
root@fbsd-test2:~ #
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
2:5005/49@fidonet http://vas.tomsk.ru/
signature.asc
Description: PGP signature
re almost 19,000 packets in the
encrypted file vs 12,000 in the plain file, I think because of those
excessive retransmissions.
Could the retransmissions be some artifact of the enc(4) interface I was
capturing the encrypted session on?
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
2:5005/49@fidonet http://vas.tomsk.ru/
signature.asc
Description: PGP signature
oesn't work. So, I will report back
> when there will be some working solution.
By "it doesn't work" you mean everything is suddenly fine and good? :-)
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
2:5005/49@fidonet http://vas.tomsk.ru/
signature.asc
Description: PGP signature
Eugene Grosbein wrote:
> 17.01.2020 16:36, Victor Sudakov пишет:
>
> > Back to the point. I've figured out that both encrypted (in transport
> > mode) and unencrypted TCP segments have the same MSS=1460. Then I'm
> > completely at a loss how the encrypted packe
Andrey V. Elsukov wrote:
> On 17.01.2020 12:36, Victor Sudakov wrote:
> > Back to the point. I've figured out that both encrypted (in transport
> > mode) and unencrypted TCP segments have the same MSS=1460. Then I'm
> > completely at a loss how the encrypted packets
on type:
OpenBSD enc(4) encapsulating interface" and shows the contents
correctly.
Back to the point. I've figured out that both encrypted (in transport
mode) and unencrypted TCP segments have the same MSS=1460. Then I'm
completely at a loss how the encrypted packets avoid being fragmented.
TCP has no way to know in advance that encryption overhead will be
added.
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
2:5005/49@fidonet http://vas.tomsk.ru/
signature.asc
Description: PGP signature
there a way to view the MSS in the TCP segments before encryption or
after decryption? I want to compare them in situations with IPSec
enabled and disabled.
I've never been able to see anything in "tcpdump -i enc0", probably it
cannot do transport mode IPSec because the man page
nnot reproduce this problem in bhyve. In this
packet dump: http://admin.sibptus.ru/~vas/ipsec1.pcap.gz I'm scp-ing a
50M file from 192.168.246.10 (bhyve guest) to 192.168.246.1 (bhyve
host), and I see no fragments, and the largets packet is 1466 bytes, and
the scp never stalls nor fails.
Why
they
correspond to?
Please note that the DF group for IKE is configured separately, and can
be set to 1, 2, or 2048.
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
2:5005/49@fidonet http://vas.tomsk.ru/
signature.asc
Description: PGP signature
Shell only, and I need to configure a
secure connection via Group Policy editor (mmc). I'm still too weak of
heart to use PowerShell for IPSec setup.
I have this working successfully with racoon (on pre-shared keys) and am
investigating the possibility to replace racoon with strongswan.
--
.
I've been trying out strongswan for the last 2-3 days and must admit
it's not that scary when you grasp the concept. But it is not without
its problems either, see my another post about it.
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
2:5005/49@fidonet http://vas.tomsk.ru/
signature.asc
Description: PGP signature
Victor Sudakov wrote:
> >
> > If you ever find good documentation/howto for strongswan on FreeBSD,
> > please share with me.
>
> Really, please! I know there are people present here using strongswan.
>
> I would like to try and replace racoon with it.
Now tha
nothing to be done in transit.
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
2:5005/49@fidonet http://vas.tomsk.ru/
signature.asc
Description: PGP signature
Andrey V. Elsukov wrote:
> On 20.12.2019 19:22, Victor Sudakov wrote:
> >> What's the root of the problem? ESP packets cannot get fragmented or
> >> what?
> >
> > Wireshark has shown that the "Don't Fragment" flag is set on all ESP
> &g
Victor Sudakov wrote:
>
> I need to figure out why IPsec tunnel mode is always generating ESP
> packets with the DF flag set. Therefore they just don't get through the
> interface and never leave the host.
>
> I cannot even "scrub out proto 50 no-df" them beca
Victor Sudakov wrote:
> Kajetan Staszkiewicz wrote:
> > On 20.12.19 16:23, Victor Sudakov wrote:
> > > Dear Colleagues,
> > >
> > > I've set up IPSec in transport mode between two regular FreeBSD hosts,
> > > for testing. Now TCP sessions betw
Victor Sudakov wrote:
[dd]
>
> What's the root of the problem? ESP packets cannot get fragmented or
> what?
Wireshark has shown that the "Don't Fragment" flag is set on all ESP
(protocol 50) packets. Who does this, why, and how can I switch it off
globally?
-
Kajetan Staszkiewicz wrote:
> On 20.12.19 16:23, Victor Sudakov wrote:
> > Dear Colleagues,
> >
> > I've set up IPSec in transport mode between two regular FreeBSD hosts,
> > for testing. Now TCP sessions between those hosts don't work normally
> > a
4 -D". ("ping -s1415 -D host-b" already disappears
in the void).
I'm really at a loss what to do about that. In transport mode, there is
no network interface I could adjust MTU on, or run some kind of MSS
fixer.
PS And I'm talking about IPv4 only for now, but "{scp, ssh}
Victor Sudakov wrote:
>
> Could anyone share a working (e.g. personally tested) IPSec+l2tp
> *client* configuration for FreeBSD as VPN client? The VPN gateway is a
> Windows server with a preshared key.
>
> I have a working configuration of mpd5 in l2tp client mode (works ju
IPSec optional).
But I'd be interested in seeing a racoon.conf (and a set of setkey
commands if necessary) for such a VPN client.
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
2:5005/49@fidonet http://vas.tomsk.ru/
signature.asc
Description: PGP signature
the "block ..." line and restart pf, I cannot do
that any more. Why is that?
My idea was that the "pass in on $inside" creates state so that return
traffic from 172.16.1.10:80 to 192.168.10.3:x should be permitted,
but this is not happening so I must be wrong in my understaning
ot; creates state so that return
traffic from 172.16.1.10:80 to 192.168.10.3:52447 should be permitted, but this
is not happening. Why?
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
2:5005/49@fidonet http://vas.tomsk.ru/
signature.asc
Description: PGP signature
Any more opinions please if DNS queries leak information about the internal
network topology and size to the resolver?
It would be interesting to consider 2 separate cases:
1. The internal network is NATed.
2. The internal network is IPv6 with ipv6_privacy="YES"
Victor Sudakov wro
Unix Codenetworks wrote:
> Hi Victor,
>
> | but I'm damned if I know how to put vxlan to good use.
>
> In term of? Like benefits of using VXLAN in general?
Under FreeBSD, yes.
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
2:5005/49@fidonet http://vas.tomsk.ru/
signature.
on Linux using VXLAN ecnap (Linux + tungsten
> fabric or similar). I will love to know about any live
> deployment/successful stories on FreeBSD + VXLAN + bhyve and Jails.
So will I.
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
2:5005/49@fidonet http://vas.tomsk.ru/
signature.asc
Description: PGP signature
hat's the use case of vxlan(4) on FreeBSD?
I would love to hear a couple of real life examples.
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
2:5005/49@fidonet http://vas.tomsk.ru/
signature.asc
Description: PGP signature
Eugene Grosbein wrote:
> 24.11.2019 23:02, Victor Sudakov wrote:
>
> > If there are multiple recursive queries for MS domains only, do you think
> > the operator of Resolver B can tell if there are 10 or 100 MS clients
> > behind Resolver A?
>
> I guess so, beca
re are multiple recursive queries for MS domains only, do you think
the operator of Resolver B can tell if there are 10 or 100 MS clients
behind Resolver A?
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
2:5005/49@fidonet http://vas.tomsk.ru/
signature.asc
Description: PGP signature
Can the operator of Resolver B figure out how many clients there are
behind Resolver A, or obtain any other information about the hosts on
the said local network (like their operating system etc)? In other
words, does Resolver A effectively anonymize the queries, or is some
information about the interna
g
> quick rules so I'm not 100% sure.
As a person with some ipfw background, I try to take advantage of pf's
features, e.g. "last match wins." Maybe it allows for more concise
rules.
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
2:5005/49@fidonet http://vas.tomsk.ru/
signature.asc
Description: PGP signature
?
block in on $dmz
pass in on $dmz proto icmp
pass out on $inside
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
2:5005/49@fidonet http://vas.tomsk.ru/
signature.asc
Description: PGP signature
>
> These Subnet-Router anycast addresses will be added only when
> ipv6_gateway_enable is YES.
> --
Dear Hiroki,
You are an invaluable source of information. I wish all the above should
make it into the Handbook, the chapter on IPv6.
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
2:5005/49@fidonet http://vas.tomsk.ru/
signature.asc
Description: PGP signature
t marked as deprecated or
overridden or whatever.
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
2:5005/49@fidonet http://vas.tomsk.ru/
signature.asc
Description: PGP signature
erfaces." In practice, I don't observe this. A FreeBSD router does
not configure such an address automatically, for example.
RFC2526 is dim, I think it's because of this RFC the last usable address
on a subnet ends in ff7f instead of . I wonder if anyone anywhere
uses those subne
ormative and useful.
Can any IPv6 unicast or link-local address be configured as an anycast
address of a router? Is this a replacement for VRRP and carp(4)?
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
2:5005/49@fidonet http://vas.tomsk.ru/
signature.asc
Description: PGP signature
Dear Colleagues,
If a FreeBSD host receives router advertisements from several IPv6
routers, on a LAN segment, which would be chosen as the default gateway?
Can this be used for failover?
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
2:5005/49@fidonet http://vas.tomsk.ru/
signature.asc
No, each rule bound to different interface - i.e. different conditions.
>
> Actually, you should check state-policy in your configuration.
> In my firewalls there is already present
>
> set state-policy if-bound
>
> as routing typically static.
I had the impression that a
>
>
> You can tag packets on ingress interface and then filter on egress interface
> based on this tag:
>
1.
> pass in quick on $int_if inet proto tcp from $server to any flags S/SA keep
> state allow-opts tag SERVER
2.
> block return-rst out log quick on $mob_if ine
f)
Thank you Sergey, I get the idea. It is not very good though that
packets from 192.168.3.0/24 to not will get into the
Internet with the untranslated private src address. I guess I need to
complete the configuration by a rule something like
block out on $(ext_if) from 192.168.3.0/24 to any
s already been translated.
In ipfw I can "deny ip from 192.168.3.0/24 to not 8.8.8.8" before it
even gets into the nat rule, but what do I do with pf?
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
2:5005/49@fidonet http://vas.tomsk.ru/
signature.asc
Description: PGP signature
Disable autoconfiguration.
> >
> > This is unclear.
>
> Seems your ifconfig(8) is a bit out of day.
My ifconfig(8) is from 11.2-RELEASE.
> My manual says:
> autoconf
> Set the IPv6 autoconfigured address bit.
>
> -autoconf
&g
ut the autoconf is address's attribute.
ifconfig(8) says that
autoconf
Set a flag to accept router advertisements on an interface.
-autoconf
Disable autoconfiguration.
This is unclear.
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
2:5005/49@fidonet http://vas.to
Andrey V. Elsukov wrote:
> On 18.10.2018 18:56, Victor Sudakov wrote:
> > Thank you Andrey, you made my day! I'm beginning to love IPv6 more and
> > more.
> >
> > How would the prefer_source flag look like in rc.conf? Is the following
> > approach corre
send RSes based on address lifetimes.
>
> Today, we now use DNS config information provided via RA in the user
> space, so another role of rtsold is to reflect any changes to it while
> the host is still connected to the same link. Routers are supposed
> to advertise RAs with ne
look like in rc.conf? Is the following
approach correct:
ifconfig_fxp0_ipv6="inet6 accept_rtadv"
ifconfig_fxp0_alias0="inet6 2001:19f0:8001:1219::10 prefer_source"
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
2:5005/49@fidonet http://vas.tomsk.ru/
_
l
as a whole. Router Advertisement (RA) input for hosts is implemented
in the kernel. Router Solicitation (RS) output for endhosts, RS input
for routers, and RA output for routers are implemented in the
userland.
still correct?
(from https://www.freebsd.org/doc/en/books/developers-handbook/ipv6
6_activate_all_interfaces="YES"
rtsold_enable="YES"
rtsold_flags="-aF"
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
2:5005/49@fidonet http://vas.tomsk.ru/
___
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/li
> >
> > > > > rtsold is needed to write DNS server address from RDNSS RA option to
> > > > > /etc/resolv.conf
> > > > >
> > > > > man rtsold
> > > > > /-R
> > > >
> > > > On my test IPv6-on
d to write DNS server address from RDNSS RA option to
> > > /etc/resolv.conf
> > >
> > > man rtsold
> > > /-R
> >
> > On my test IPv6-only host, /etc/resolv.conf was successfully created
> > without any explicit "rtsold_enable=YES".
> >
&
Anton Yuzhaninov wrote:
> On 9/29/18 10:20 PM, Victor Sudakov wrote:
> > When running FreeBSD as an IPv6 host im SLAAC mode, is
> > "rtsold_enable=YES" really necessary? I did not enable rtsold and IPv6
> > still works fine only with
>
> rtsold is needed to w
ust gotten lucky and heard an
> > unsolicited router advertisement.
>
> Indeed, it's called from /etc/network.subr if rtsold is NOT enabled.
Thanks a lot, all is clear now.
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
2:5005/49@fidonet http://vas.tomsk.ru/
_
ho on earth sent the initial router solicitation
on boot if I never enabled rtsold?
I have not found rtsold in /etc/rc.d/netif or similar startup script.
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
2:5005/49@fidonet http://vas.tomsk.ru/
___
freebsd-net@free
Dear Colleagues,
When running FreeBSD as an IPv6 host im SLAAC mode, is
"rtsold_enable=YES" really necessary? I did not enable rtsold and IPv6
still works fine only with
fconfig_re0=""
ifconfig_re0_ipv6="inet6 accept_rtadv"
What would be the point of enabling rt
Victor Sudakov wrote:
>
> I have noticed that "env SSLKEYLOGFILE=/var/tmp/keylog.txt firefox"
> does not create /var/tmp/keylog.txt on FreeBSD.
>
> On Windows, this environment variable works as expected (creates a dump
> file with SSL keys to be fed to Wi
oing wrong? I've tried this on FreeBSD 11.2 with 62.0 from
the FreeBSD default package repository.
This is a rather standard recipe, it's odd that it does not work on
FreeBSD. Any help is appreciated.
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
2:5005/49@fidonet
result.
> >
> > Is this supposed to work? Are all the servers necessary for
> > freebsd-update operation available via IPv6?
>
> Please capture network traffic using tcpdump -nps0 while running
> freebsd-update
> and ma
failed.
No mirrors remaining, giving up.
The name of the update server can be different each time, like
"update4.freebsd.org", "update5.freebsd.org" etc with the same result.
Is this supposed to work? Are all the servers necessary for
freebsd-update operation available via IPv6?
nmpdModulePath."ucd" = "/usr/local/lib/snmp_ucd.so"
Eugene, thanks for the info. I hoped to do with the base system only.
For the present I have used the "pass" facility from net-mgmt/net-snmp snmpd.
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
AS43859
ing system.
Thank you very much in advance.
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
AS43859
___
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Peter Blok wrote:
> Hi,
>
> I have been using a TP-Link TL-WDN4800.
>
> It has hostap support, because that???s how I used it. Had lots of stuck
> beacon messages, but it kept doing its job.
How do you switch it between 2GHz and 5 GHz?
--
Victor Sudakov, VAS4-RIPE,
use an external antenna if needed, it seems to have 3
antennas.
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
AS43859
___
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail t
stable/11,
> so it seems not to claim HOSTAP support.
Kevin, what does "ifconfig ... list caps" say about your card? Does it
report "HOSTAP" mode, or just post the drivercaps string please.
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
AS43859
okay at 2.
Same about your iwm. Thank you in advance.
>
> I have no experience with HOSTAP mode.
Running "ifconfig ... list caps" may show HOSTAP support.
--
Victor Sudakov, VAS4-RIPE, VAS47-RIPN
AS43859
___
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
1 - 100 of 149 matches
Mail list logo