VPN client connectivity issues with OBSD firewall
Hopefully someone will be able to help me with a vpn client
connectivity problem . Using Contivity VPN client on windows 2k going
through OpenBSD 3.7 PF/NAT
I have three workstations behind the firewall using private IPs. The
internet usage is fine on all the machines. But when I use Contivity
VPN client through NAT on a single machine to connect to the remote
site, I am able to connect fine. When I use the second machine to
connect to the remote site using the VPN client, the VPN client fails
in the last stage of establishing the connection. It gives me a
message "Checking for banner text from x.x.x.x" and then disconnects.
The first machine I use to connect to the client's VPN server is
working fine. When the first VPN connection is active, and when I try
to connect the second machine, it is not able to connect to the
VPN server.
Is it something to do with the traffic routing in the private network
between the client machines and the router?? Please advise.
Here is my ruleset.
# Define useful variables
ExtIF="fxp0" # External Interface
NoRouteIPs="{ 127.0.0.1/8, 192.168.0.0/16, 172.16.0.0/12 }"
# Clean up fragmented and abnormal packets
scrub in all
#nat goes here now
nat on $ExtIF from 192.168.1.1/24 to any -> $ExtIF
# don't allow anyone to spoof non-routeable addresses
block in quick on $ExtIF from $NoRouteIPs to any
block out quick on $ExtIF from any to $NoRouteIPs
# block various nmap shyte
block in quick on $ExtIF inet proto tcp from any to any flags FUP/FUP
block in quick on $ExtIF inet proto tcp from any to any flags SF/SFRA
block in quick on $ExtIF inet proto tcp from any to any flags /SFRA
block in quick on $ExtIF inet proto tcp from any to any flags F/SFRA
block in quick on $ExtIF inet proto tcp from any to any flags U/SFRAU
block in quick on $ExtIF inet proto tcp from any to any flags P
# by default, block all incoming packets, except those explicitly
# allowed by further rules
block in on $ExtIF all
# Allow isakmp
pass in quick on $ExtIF inet proto udp from any to any port = 500
pass in quick on $ExtIF inet proto esp from any to any
# and let out-going traffic out and maintain state on established connections
# pass out all protocols, including TCP, UDP and ICMP, and create state,
# so that external DNS servers can reply to our own DNS requests (UDP).
# ALSO ALLOW isakmp outgoing
block out on $ExtIF all
pass out on $ExtIF inet proto tcp all flags S/SA keep state
pass out on $ExtIF inet proto udp from any to any port = 500
pass out on $ExtIF inet proto esp from any to any
pass out on $ExtIF inet proto udp all keep state
pass out on $ExtIF inet proto icmp all keep state
Am I missing something? I am new to OpenBSD. I was very hopeful of
building a firewall that I could use with my small office setup that
connects to a client site via VPN.I picked up the above ruleset from
internet. If someone can suggest better ruleset, that would be great
also.
Please help.
Thanks
Suresh
Re: SGI hardware options for OpenBSD 3.7
Anon Y. Mous wrote: > My questions: ... > Are there any plans to support older SGI hardware > in the future? (e.g., Iris, Indigo, Crimson, etc.) There is no active opposition to doing a port for the older SGI systems. However, it would end up being a totally different platform, being a 32 bit processor, rather than the (supported) 64 bit. And of course, someone has to do it. There is no time schedule. There won't be a time schedule until it is basically done. Nick.
Re: SGI hardware options for OpenBSD 3.7
On May 29, 2005 7:17 pm, Anon Y. Mous wrote: > My questions: > > What type of SGI hardware is supported by OpenBSD > 3.7? > if only there was some way to find this information http://www.openbsd.org/sgi.html#hardware > Are there any plans to support older SGI hardware > in the future? (e.g., Iris, Indigo, Crimson, etc.) > > Also, is anyone in the list currently using SGI > hardware > with OpenBSD? I'd like to hear about their experience. > > Is IRIX binary emulation supported under 3.7/MIPS? > > I am considering getting an O2 or Octane, and > installing > a dual-boot of IRIX 6.5.x/OpenBSD 3.7 for flexibility. > > [EMAIL PROTECTED]
Re: SGI hardware options for OpenBSD 3.7
> What type of SGI hardware is supported by OpenBSD > 3.7? http://www.openbsd.org/sgi.html#hardware > Also, is anyone in the list currently using SGI > hardware > with OpenBSD? I'd like to hear about their experience. i am running an O2 with 96MB ram, R5K cpu, 2GB scsi disk with an extra PCI ether express card as a cable router.. (on a serial console) running quite nicely so far..
Re: ipcomp weirdness (traffic not decompressed when large compression ratio)
On Sun, May 29, 2005 at 08:02:22PM -0600, jared r r spiegel wrote: > > note, i setup the 192.168.7.17 <-> 192.168.7.18 testcase due > to initially seeing the issue against a remote host, and then > trying to duplicate with a simple case. > > also, the following counters are staying at 0 in all cases: sigh, hopefully i have all the bases covered now: for instance, here is 192.168.7.18's netstat -sp ipcomp before and after i do a crapload of pings with that -p 00 from .17: - [/home/jrrs] $ netstat -sp ipcomp ipcomp: 40220 input IPCOMP packets 28212 output IPCOMP packets 0 packets from unsupported protocol families 0 packets shorter than header shows 0 packets dropped due to policy 34 packets for which no TDB was found 0 input packets that failed to be processed 9890 packets for which no XFORM was set in TDB received 0 packets were dropped due to full output queue 0 packets where counter wrapping was detected 0 packets attempted to use an invalid TDB 0 packets got larger than max IP packet size 0 packets that failed (de)compression processing 5563 packets less than minimum compression length 29424355 input bytes 28678436 output bytes [/home/jrrs] $ netstat -sp ipcomp ipcomp: 40696 input IPCOMP packets 28212 output IPCOMP packets 0 packets from unsupported protocol families 0 packets shorter than header shows 0 packets dropped due to policy 34 packets for which no TDB was found 0 input packets that failed to be processed 10366 packets for which no XFORM was set in TDB received 0 packets were dropped due to full output queue 0 packets where counter wrapping was detected 0 packets attempted to use an invalid TDB 0 packets got larger than max IP packet size 0 packets that failed (de)compression processing 5563 packets less than minimum compression length 29437012 input bytes 28678436 output bytes --- 192.168.7.18 ping statistics --- 476 packets transmitted, 0 packets received, 100.0% packet loss -- and here is the same if i leave out the '-p00' stuff and it works: -- [/home/jrrs] $ netstat -sp ipcomp ipcomp: 40699 input IPCOMP packets 28212 output IPCOMP packets 0 packets from unsupported protocol families 0 packets shorter than header shows 0 packets dropped due to policy 34 packets for which no TDB was found 0 input packets that failed to be processed 10366 packets for which no XFORM was set in TDB received 0 packets were dropped due to full output queue 0 packets where counter wrapping was detected 0 packets attempted to use an invalid TDB 0 packets got larger than max IP packet size 0 packets that failed (de)compression processing 5572 packets less than minimum compression length 29437500 input bytes 28678436 output bytes [/home/jrrs] $ netstat -sp ipcomp ipcomp: 46470 input IPCOMP packets 33980 output IPCOMP packets 0 packets from unsupported protocol families 0 packets shorter than header shows 0 packets dropped due to policy 34 packets for which no TDB was found 0 input packets that failed to be processed 10366 packets for which no XFORM was set in TDB received 0 packets were dropped due to full output queue 0 packets where counter wrapping was detected 0 packets attempted to use an invalid TDB 0 packets got larger than max IP packet size 0 packets that failed (de)compression processing 5575 packets less than minimum compression length 35252272 input bytes 34492580 output bytes --- 192.168.7.18 ping statistics --- 5767 packets transmitted, 5766 packets received, 0.0% packet loss -- hopefully that can clarify any ambiguity questions. the 'packets for which no TDB was found' was from a while back when i setup the CPIs wrong. -- [ openbsd 3.7 GENERIC ( may 17 ) // i386 ]
SGI hardware options for OpenBSD 3.7
My questions: What type of SGI hardware is supported by OpenBSD 3.7? Are there any plans to support older SGI hardware in the future? (e.g., Iris, Indigo, Crimson, etc.) Also, is anyone in the list currently using SGI hardware with OpenBSD? I'd like to hear about their experience. Is IRIX binary emulation supported under 3.7/MIPS? I am considering getting an O2 or Octane, and installing a dual-boot of IRIX 6.5.x/OpenBSD 3.7 for flexibility. [EMAIL PROTECTED]
ipcomp weirdness (traffic not decompressed when large compression ratio)
i can't recall if this has been discussed anywhere before, but i remember trying to use ipcomp a few years ago and i think i had the same pitfall happen; but i'm not sure what came of it. to save ppl the time of reading the entire mail, i'm having failure crop up when an ipcomp packet does a very good ratio of compression, it doesn't get decompressed on the receiving end, but rather, the receiving end increments the counter in 'netstat -sp ipcomp' for: "packets for which no XFORM was set in TDB received" - but it works fine as long as it doesn't compress the packet very well (but still enough to send it as ipcomp on the wire). 192.168.7.17(fxp1) -- netgear fs518 -- (em0)192.168.7.18 both are -current snapshots from may.17 i normally run isakmpd on .17, but for now i shut it off. start out by 'sudo ipsecadm flush' on both hosts, and then i setup ipcomp flows/CPIs on the respective hosts like this: -[192.168.7.17]--- sudo ipsecadm ipcomp -src 192.168.7.18 -dst 192.168.7.17 -comp deflate \ -cpi 0x sudo ipsecadm ipcomp -dst 192.168.7.18 -src 192.168.7.17 -comp deflate \ -cpi 0x sudo ipsecadm flow -proto ipcomp -src 192.168.7.17 -dst 192.168.7.18 \ -in -use -addr 192.168.7.18/32 192.168.7.17/32 sudo ipsecadm flow -proto ipcomp -src 192.168.7.17 -dst 192.168.7.18 \ -out -use -addr 192.168.7.17/32 192.168.7.18/32 -[192.168.7.18]--- sudo ipsecadm ipcomp -src 192.168.7.18 -dst 192.168.7.17 -comp deflate \ -cpi 0x sudo ipsecadm ipcomp -dst 192.168.7.18 -src 192.168.7.17 -comp deflate \ -cpi 0x sudo ipsecadm flow -proto ipcomp -src 192.168.7.18 -dst 192.168.7.17 \ -in -use -addr 192.168.7.17/32 192.168.7.18/32 sudo ipsecadm flow -proto ipcomp -src 192.168.7.18 -dst 192.168.7.17 \ -out -use -addr 192.168.7.18/32 192.168.7.17/32 -- netstat -rnf encap looks like: -[192.168.7.17]--- Encap: Source Port DestinationPort Proto SA(Address/Proto/Type/Direction) 192.168.7.17/320 192.168.7.18/320 0 192.168.7.17/108/use/in 192.168.7.18/320 192.168.7.17/320 0 192.168.7.17/108/use/out -[192.168.7.18]--- Encap: Source Port DestinationPort Proto SA(Address/Proto/Type/Direction) 192.168.7.17/320 192.168.7.18/320 0 192.168.7.17/108/use/in 192.168.7.18/320 192.168.7.17/320 0 192.168.7.17/108/use/out -- everything is great between the two with ipcomp, and i can watch the counters go up in 'netstat -sp ipcomp' and i can tcpdump for proto ipcomp on the appropriate interfaces and see that it is compressing/decompressing things, and also of course see that things aren't sent compressed if they're smaller in their natural state: --- tcpdump: listening on em0, link-type EN10MB 20:50:16.271887 192.168.7.17 > 192.168.7.18: icmp: echo request 20:50:16.271931 192.168.7.18 > 192.168.7.17: icmp: echo reply <...> 20:51:24.598112 ipcomp 192.168.7.17 > 192.168.7.18 cpi 0x flags 0 next 1 20:51:24.598632 ipcomp 192.168.7.18 > 192.168.7.17 cpi 0x flags 0 next 1 --- where the first one is a ping from .17 to .18, and the second is a ping -s 1000 from .17 to .18. that's all great. problem is if i do something like 'ping -s 1000 -p 00', or seemingly anything in which the pre-compressed packet is much much larger than the post-compressed packet. for instance, here is a ping -s 1000 from .17 to .18, as seen on .18 with tcpdump proto ipcomp -xs 2000, which is successful: --- 20:57:32.003047 ipcomp 192.168.7.17 > 192.168.7.18 cpi 0x flags 0 next 1 4500 0140 d4fb ff6c 55e2 c0a8 0711 c0a8 0712 0100 e260 08fe f55e 9a81 c169 56ca 1f06 c6f6 7b1c 9c5c dc3c bc7c fc02 8242 c222 a262 e212 9252 d232 b272 f20a 8a4a ca2a aa6a ea1a 9a5a da3a ba7a fa06 8646 c626 a666 e616 9656 d636 b676 f60e 8e4e ce2e ae6e ee1e 9e5e de3e be7e fe01 8141 c121 a161 e111 9151 d131 b171 f109 8949 c929 a969 e919 9959 d939 b979 f905 8545 c525 a565 e515 9555 d535 b575 f50d 8d4d cd2d ad6d ed1d 9d5d dd3d bd7d fd13 264e 9a3c 65ea b4e9 3366 ce9a 3d67 eebc f90b 162e 5abc 64e9 b2e5 2b56 ae5a bd66 edba f51b 366e dabc 65eb b6ed 3b76 eeda bd67 efbe fd07 0e1e 3a7c e4e8 b1e3 274e 9e3a 7de6 ecb9 f317 2e5e ba7c e5ea b5eb 376e deba 7de7 eebd fb0f 1e3e 7afc e4e9 b3e7 2f5e be7a fde6 edbb f71f 3e7e
Re: ipcomp weirdness (traffic not decompressed when large compression ratio)
On Sun, May 29, 2005 at 07:27:52PM -0600, jared r r spiegel wrote: > > to save ppl the time of reading the entire mail, i'm having > failure crop up when an ipcomp packet does a very good > ratio of compression, it doesn't get decompressed on the > receiving end, but rather, the receiving end increments > the counter in 'netstat -sp ipcomp' for: > "packets for which no XFORM was set in TDB received" - but it > works fine as long as it doesn't compress the packet > very well (but still enough to send it as ipcomp on the wire). > > 192.168.7.17(fxp1) -- netgear fs518 -- (em0)192.168.7.18 note, i setup the 192.168.7.17 <-> 192.168.7.18 testcase due to initially seeing the issue against a remote host, and then trying to duplicate with a simple case. also, the following counters are staying at 0 in all cases: 0 packets from unsupported protocol families 0 packets shorter than header shows 0 packets dropped due to policy 0 input packets that failed to be processed 0 packets were dropped due to full output queue 0 packets where counter wrapping was detected 0 packets attempted to use an invalid TDB 0 packets got larger than max IP packet size 0 packets that failed (de)compression processing so i guess it's not failing decompression processing, but it is after that that it doesn't find the XFORM thing... :/ jared
DWL-G520 problem in OpenBSD3.7
Hi,
(sorry my bad english, i am speak spanish)
I'm trying to setup a HostAP on my Openbsd.
I 've a car DWL-G520. The card was detected by OpenBSD 3.7, dmesg
output:
# dmesg |grep ath
ath0 at pci0 dev 4 function 0 "Atheros AR5212" rev 0x01: irq 11
ath0: mac 112.9 phy 4.5 radio 5.6 5.6, 802.11a/b/g, FCC1A, address
00:11:95:c2:0c:48
gpio at ath0 not configured
I try,
#ifconfig ath0 inet 192.168.0.2 netmask 255.255.255.0 media autoselect
mediaopt hostap nwid wifi chan 11
#ifconfig ath0
ath0: flags=8863 mtu
1500
lladdr 00:11:95:c2:0c:48
ieee80211: nwid wifi chan 11 bssid 00:11:95:c2:0c:48
media: IEEE802.11 autoselect hostap (autoselect mode 11b hostap)
status: active
inet 192.168.0.2 netmask 0xff00 broadcast 192.168.0.255
inet6 fe80::211:95ff:fec2:c48%ath0 prefixlen 64 scopeid 0x2
My problem is a DWL-G520 in mode HostAP no working...
I try to setup a Client my card:
ifconfig ath0 inet 192.168.0.2 netmask 255.255.255.0 nwid redwifi
# ifconfig ath0
ath0: flags=8863 mtu
1500
lladdr 00:11:95:c2:0c:48
ieee80211: nwid redwifi
media: IEEE802.11 autoselect (DS1)
status: no network
inet 192.168.0.2 netmask 0xff00 broadcast 192.168.0.255
My Card in mode Client no working :(
any idea of what could i do to fix the problem ?
thanks :)
Luis Sandoval
full dmesg:
# dmesg
OpenBSD 3.7 (GENERIC) #50: Sun Mar 20 00:01:57 MST 2005
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: AMD-K6(tm) 3D processor ("AuthenticAMD" 586-class) 346 MHz
cpu0: FPU,V86,DE,PSE,TSC,MSR,MCE,CX8,PGE,MMX
real mem = 200908800 (196200K)
avail mem = 176566272 (172428K)
using 2478 buffers containing 10149888 bytes (9912K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(2a) BIOS, date 01/21/99, BIOS32 rev. 0 @
0xfa0c0
apm0 at bios0: Power Management spec V1.2
apm0: AC on, battery charge unknown
pcibios0 at bios0: rev 2.1 @ 0xfa040/0x1000
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfa040/128 (6 entries)
pcibios0: PCI Interrupt Router at 000:20:0 ("VIA VT82C586 ISA" rev 0x00)
pcibios0: PCI bus #1 is the last bus
bios0: ROM list: 0xc/0x1
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "VIA VT82C598 PCI" rev 0x04
ppb0 at pci0 dev 1 function 0 "VIA VT82C598 AGP" rev 0x00
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 "ATI Mach64 LB" rev 0xdc
wsdisplay0 at vga1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
rl0 at pci0 dev 3 function 0 "Realtek 8139" rev 0x10: irq 11 address
00:40:f4:6d:99:48
rlphy0 at rl0 phy 0: RTL internal phy
ath0 at pci0 dev 4 function 0 "Atheros AR5212" rev 0x01: irq 11
ath0: mac 112.9 phy 4.5 radio 5.6 5.6, 802.11a/b/g, FCC1A, address
00:11:95:c2:0c:48
gpio at ath0 not configured
dc0 at pci0 dev 5 function 0 "DEC 21142/3" rev 0x41: irq 10, address
00:08:c7:9e:4a:81
dcphy0 at dc0 phy 31: internal PHY
pcib0 at pci0 dev 20 function 0 "VIA VT82C586 ISA" rev 0x45
pciide0 at pci0 dev 20 function 1 "VIA VT82C571 IDE" rev 0x06: ATA33,
channel 0 configured to compatibility, channel 1 configured to
compatibility
wd0 at pciide0 channel 0 drive 0:
wd0: 16-sector PIO, LBA, 6149MB, 12594960 sectors
wd1 at pciide0 channel 0 drive 1:
wd1: 16-sector PIO, LBA, 38166MB, 78165360 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2
wd1(pciide0:0:1): using PIO mode 4, Ultra-DMA mode 2
atapiscsi0 at pciide0 channel 1 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0: SCSI0 5/cdrom
removable
cd0(pciide0:1:0): using PIO mode 4, DMA mode 2
uhci0 at pci0 dev 20 function 2 "VIA VT83C572 USB" rev 0x02: irq 10
usb0 at uhci0: USB revision 1.0
uhub0 at usb0
uhub0: VIA UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
"VIA VT82C586 Power Mgmt" rev 0x10 at pci0 dev 20 function 3 not
configured
isa0 at pcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0 (mux 1 ignored for console): console keyboard, using
wsdisplay0
pms0 at pckbc0 (aux slot)
pckbc0: using irq 12 for aux slot
wsmouse0 at pms0 mux 0
sb0 at isa0 port 0x220/24 irq 5 drq 1: dsp v3.01
midi0 at sb0:
audio0 at sb0
opl0 at sb0: model OPL3
midi1 at opl0:
pcppi0 at isa0 port 0x61
midi2 at pcppi0:
sysbeep0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
npx0 at isa0 port 0xf0/16: using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
biomask e74d netmask ef4d ttymask ffcf
pctr: user-level cycle counter enabled
mtrr: K6-family MTRR support (2 registers)
dkcsum: wd0 matched BIOS disk 80
wd1: no disk label
dkcsum: wd1 matched BIOS disk 81
root on wd0a
rootdev=0x0 rrootdev=0x300 rawdev=0x302
WARNING: / was not properly unmounted
Re: mounting ext3fs via ext2fs
Rogier Krieger wrote: > Haluk Durmus <[EMAIL PROTECTED]> wrote: > > It is a 80gig extern harddisk connected with usb2.0 to my laptop. > > It has an ext3fs and is full of data. > > > > I thought,that I could mount it with ext2fs, but it was not > > posible... > > Feel free to correct me if I'm wrong, but as far as I know, ext3fs is > not supported. Looking at the list of cvs changes, I can only find > changes to ext2fs support (for large files) and nothing for ext3fs; > I'd say ext3fs is not supported. > > Digging through the misc@ archives, I get the same impression. That > would mean you're out of luck until you have a chance to convert the > ext3fs filesystem into an ext2fs one. ext3 is nothing more than ext2 with a "journal file" tacked on as an afterthought. As such, existing ext2 volumes maybe be converted to ext3 merely by creating a special ".journal"[*] file in the root of the volume and remounting. Similarly, an ext3 volume may be mounted as ext2; the only difference would be the appearance of the journal file, and lack of journaling capabilities. So I'd be very interested to know why Haluk's filesystem won't mount. [*] This special file is created by the mkfs.ext3 program, not the user. HTH, Tim Hammerquist -- scanf() is evil.
Re: ppp[1508]: tun0: Warning: ff02::%tun0/32: Change route failed: errno: Undefined error: 0
On Sun, 29 May 2005, Alexandre Anriot wrote: > On Sat, May 28, 2005 at 10:56:50PM +0200, Oliver Fuchs wrote: > > Hi, > > I am using openbsd 3.6 and with using ppp I receive everytime this > > message when running ppp: > > 1) tun0: Warning: 0.0.0.0/0: Change route failed: errno: No such > >process > > 2) tun0: Warning: ff02::%tun0/32: Change route failed: errno: > >Undefined error: 0 > > > > (What is a undefined error?) > > > > I am not running any network on laptop and have configured > > /etc/ppp/ppp.conf exactly like it is described in the openbsd-faq: > > default: > > set log Phase Chat LCP IPCP CCP tun command > > ident user-ppp VERSION (built COMPILATIONDATE) > > set device /dev/cua03 > > set speed 115200 > > set dial "ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \ > > \"\" AT OK-AT-OK ATE1Q0 OK \\dATDT\\T TIMEOUT 440 CONNECT" > > set timeout 0 > > > > mea: > > set phone 007007007 > > set login > > set authname memyselfandI > > set ifaddr 10.0.0.1/0 10.0.0.2/0 255.255.255.0 0.0.0.0 > > add default HISADDR > > You probably should use "add! default HISADDR"; the "!" forces the new > default route, and ppp will not complain about the existing default > route anymore. I added "add! default HISADDR" but ppp is still complaining. > > Moreover, you can add `disable ipv6cp' to nuke v6 variation of the > message. But the "undefined error" message disappeared. So thanks for answering. Oliver -- ... don't touch the bang bang fruit
Re: mounting ext3fs via ext2fs
On 30/05/2005, at 9:00 AM, Rogier Krieger wrote: Digging through the misc@ archives, I get the same impression. That would mean you're out of luck until you have a chance to convert the ext3fs filesystem into an ext2fs one. On a Linux machine it's perfectly possible to mount an ext3 filesystem as ext2. The only usual requirement is that the filesystem be clean, so fsck'ing it first is a good idea. -- Phone: +64-9-373-7599 x84679Room: 301-231, Chemistry Building Email: [EMAIL PROTECTED](or shout loudly)
Re: Problem with NAT-T/NAT-D on isakmpd?
Update to a newer snapshot, this has been fixed AFAIK. On Fri, May 27, 2005 at 02:57:12PM -0700, Sean Knox wrote: > It appears that isakmpd from a May 17 snapshop is failing to recognize > valid NAT-D payloads and/or recognizing that both sides are NAT'ed. > isakmpd seems to have this problem with any client that supports RFC 3947. > > snippet from IKE packet capture: > > 14:30:59.851139 216.27.182.172.64878 > 69.33.227.66.500: [udp sum ok] > isakmp v1.0 > exchange ID_PROT > cookie: efab88cbb3abc0c8->9a44c4998d25f3eb msgid: len: 228 > payload: KEY_EXCH len: 132 > payload: NONCE len: 20 > payload: len: 24 > payload: len: 24 [ttl 0] (id 1, len 256) > > Here are payloads from my strongSWAN linux client: > > May 27 14:30:59 localhost sudo: sean : TTY=pts/0 ; > PWD=/home/sean/strongswan-2.4.1 ; USER=root ; > COMMAND=/usr/local/sbin/ipsec auto --up sec > May 27 14:30:59 localhost pluto[4766]: "sec" #11: initiating Main Mode > May 27 14:30:59 localhost pluto[4766]: "sec" #11: received Vendor ID > payload [draft-ietf-ipsec-nat-t-ike-02_n] > May 27 14:30:59 localhost pluto[4766]: "sec" #11: received Vendor ID > payload [draft-ietf-ipsec-nat-t-ike-03] > May 27 14:30:59 localhost pluto[4766]: "sec" #11: received Vendor ID > payload [RFC 3947] > May 27 14:30:59 localhost pluto[4766]: "sec" #11: received Vendor ID > payload [Dead Peer Detection] > May 27 14:30:59 localhost pluto[4766]: "sec" #11: enabling possible > NAT-traversal with method 3 > May 27 14:31:00 localhost pluto[4766]: packet from 69.33.227.66:500: > ignoring informational payload, type INVALID_PAYLOAD_TYPE > > > isakmpd supports RFC 3947 and sends that RFC vendor id to the clients > requesting to use it. The clients I've tried (openswan 2.3.1, strongswan > 2.4.1, VPN Tracker 4) all send a payload ID of 20 which is correct, yet > isakmpd says these payloads are unknown. When using VPN Tracker, isakmpd > actually sends back NAT-D payloads that are 130 per draft-03 and > draft-00 instead of using RFC 3947. A quick glance at nat_traversal.c > shows that it adds the NAT-D payload and always uses > ISAKMP_PAYLOAD_NAT_D_DRAFT. In message.c, I only saw that payload ID > defined. > > I have a plethora of other logs should they be needed. Any insight on > this would be appreciated. Thanks. > > sk
Re: mounting ext3fs via ext2fs
On Sun, May 29, 2005 at 11:00:34PM +0200, Rogier Krieger wrote: > Feel free to correct me if I'm wrong, but as far as I know, ext3fs is > not supported. ext3 is mostly ext2 with an extra inode to handle the journal. You can usually mount the partition as ext3 or ext2 without any special tweak. However on some distributions (at least Fedora it seems), directory hashing (htree) is enabled by default when partitions are formatted as ext3. And *BSD don't support htree yet. So maybe this is your showstopper. While running Linux, try tune2fs -O ^dir_index /dev/ in order to remove htree on the partition. -- Frank - my stupid blog: http://00f.net
Re: mounting ext3fs via ext2fs
On 5/29/05, Haluk Durmus <[EMAIL PROTECTED]> wrote: > It is a 80gig extern harddisk connected with usb2.0 to my laptop. > It has an ext3fs and is full of data. > > I thought,that I could mount it with ext2fs, but it was not posible... Feel free to correct me if I'm wrong, but as far as I know, ext3fs is not supported. Looking at the list of cvs changes, I can only find changes to ext2fs support (for large files) and nothing for ext3fs; I'd say ext3fs is not supported. Digging through the misc@ archives, I get the same impression. That would mean you're out of luck until you have a chance to convert the ext3fs filesystem into an ext2fs one. Cheers, Rogier -- If you don't know where you're going, any road will get you there.
Re: mounting ext3fs via ext2fs
I tried an snapshot kernel: -r--r--r-- 1 root root 5177338 May 27 16:56 bsd same problems ... thanks Haluk Durmus On Sun, 29 May 2005 16:31:08 +0100 "Niall O'Higgins" <[EMAIL PROTECTED]> wrote: > On Sun, May 29, 2005 at 04:58:16PM +0200, Haluk Durmus wrote: > > Was it sufficiend that I did an cvs update on current tree, before > > kompiling ? > > Could you just use a binary snapshot please? That way we bypass all > this nonsense.
Re: Slow Downloads with Userpace PPPoE and High Speed ADSL link
Good day, I found the following to work well for fast downloads on a 8000/1000 ADSL service. pppoe: set device "!/usr/sbin/pppoe -i de0" set mtu 1400 set mtu max 1400 #set mru max 1472 set speed sync disable acfcomp protocomp deny acfcomp set authname *** set authkey enable lqr accept lqr set lqrperiod 50 set cd 5 set dial set login set timeout 0 add default HISADDR enable dns enable mssfixup FWIW, Vijay Vijay Sankar, M.Eng., P.Eng. ForeTell Technologies Limited 59 Flamingo Avenue, Winnipeg, MB, Canada, R3J 0X6 Phone: +1 (204) 885 9535, E-Mail: [EMAIL PROTECTED] > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf > Of Mick > Sent: May 29, 2005 1:35 PM > To: misc@openbsd.org > Subject: Slow Downloads with Userpace PPPoE and High Speed ADSL link > > Hello. > > I seem to be seeing somewhat odd behaviour with regards to the > userpace PPPoE program and my high speed ADSL link. By "high speed" I > mean 8Mbps down and 1Mbps up. Initially, I was on a 512/128 plan > before I upgraded to a 1500/256 plan and then finally to a 8000/1000 > plan. Now, with the > 512/128 and 1500/256 plans, download (as well as upload) speeds were > fine as I could usually saturate my connection - especially with a > 'test' file that was hosted on my ISP's FTP site (this test file was > placed there by my ISP in order for their ADSL clients to test their > connections). However, after I upgraded to the 8000/1000 plan, while > upload speeds were still fine (they now typically average at 800Kbps > to FTP servers that I have write permissions to), download speeds > average at around 256kbps (after a brief initial download spike of > several million bps) - even from my ISP's FTP site. > > Now, the above is the case when I have configured the modem to run in > Bridge mode and use OpenBSD's userpace PPPoE client. However, if I > instead configure the modem into what the modem manufacturer (D-Link) > call "Bimap" mode so that it sets up the PPPoE connection, > authenticates, passes all traffic etc and so simply use the OpenBSD > box for NAT, Redirection and Firewalling, then download speeds can > easily reach over 6.4Mbps. What I also discovered was that with > OpenBSD 3.5 and when using its PPPoE client, once I had started a > download, PPPoE on 3.5 used over 92% of the CPU (the machine that > OpenBSD is installed on is a Pentium Classic 133 with 80MB RAM). So > when OpenBSD 3.6 was released, I upgraded my 3.5 installation to 3.6 > and while I now found that when downloading, CPU usage was only around > 6% - with PPPoE now consuming < 1% and PPP consuming around 5% - the > download speeds were still pitifully slow (and upon reconfiguring the > modem to be in Bridge mode etc, download speeds from those same sites > increased enormously). I also tried setting up AltQ as described here: > > http://www.benzedrine.cx/ackpri.html > > but that didnt help in the slightest. Here by the way is my > /etc/ppp/ppp.conf: > > default: > set log Phase Chat IPCP CCP tun command set redial 15 0 > set reconnect 15 10 > > adsl: > set device "!/usr/sbin/pppoe -i de0" > disable acfcomp protocomp > deny acfcomp > set mtu max 1492 > set speed sync > enable lqr > set lqrperiod 5 > set cd 5 > set dial > set login > set timeout 0 > set authname ** > set authkey * > enable mssfixup > > > So at this point, I am toying with the idea of perhaps using the > Roaring Penguin PPPoE client as I need to run the modem in "Bimap" > mode because when running in Bridge mode, the modem chokes up really > badly when UDP packets greater than 100 bytes in size are passed > through it and the modem manufacturer's tech support have no idea as > to why this would be happening. Any ideas or suggestions would be > most appreciated. Thanks.
Slow Downloads with Userpace PPPoE and High Speed ADSL link
Hello. I seem to be seeing somewhat odd behaviour with regards to the userpace PPPoE program and my high speed ADSL link. By "high speed" I mean 8Mbps down and 1Mbps up. Initially, I was on a 512/128 plan before I upgraded to a 1500/256 plan and then finally to a 8000/1000 plan. Now, with the 512/128 and 1500/256 plans, download (as well as upload) speeds were fine as I could usually saturate my connection - especially with a 'test' file that was hosted on my ISP's FTP site (this test file was placed there by my ISP in order for their ADSL clients to test their connections). However, after I upgraded to the 8000/1000 plan, while upload speeds were still fine (they now typically average at 800Kbps to FTP servers that I have write permissions to), download speeds average at around 256kbps (after a brief initial download spike of several million bps) - even from my ISP's FTP site. Now, the above is the case when I have configured the modem to run in Bridge mode and use OpenBSD's userpace PPPoE client. However, if I instead configure the modem into what the modem manufacturer (D-Link) call "Bimap" mode so that it sets up the PPPoE connection, authenticates, passes all traffic etc and so simply use the OpenBSD box for NAT, Redirection and Firewalling, then download speeds can easily reach over 6.4Mbps. What I also discovered was that with OpenBSD 3.5 and when using its PPPoE client, once I had started a download, PPPoE on 3.5 used over 92% of the CPU (the machine that OpenBSD is installed on is a Pentium Classic 133 with 80MB RAM). So when OpenBSD 3.6 was released, I upgraded my 3.5 installation to 3.6 and while I now found that when downloading, CPU usage was only around 6% - with PPPoE now consuming < 1% and PPP consuming around 5% - the download speeds were still pitifully slow (and upon reconfiguring the modem to be in Bridge mode etc, download speeds from those same sites increased enormously). I also tried setting up AltQ as described here: http://www.benzedrine.cx/ackpri.html but that didnt help in the slightest. Here by the way is my /etc/ppp/ppp.conf: default: set log Phase Chat IPCP CCP tun command set redial 15 0 set reconnect 15 10 adsl: set device "!/usr/sbin/pppoe -i de0" disable acfcomp protocomp deny acfcomp set mtu max 1492 set speed sync enable lqr set lqrperiod 5 set cd 5 set dial set login set timeout 0 set authname ** set authkey * enable mssfixup So at this point, I am toying with the idea of perhaps using the Roaring Penguin PPPoE client as I need to run the modem in "Bimap" mode because when running in Bridge mode, the modem chokes up really badly when UDP packets greater than 100 bytes in size are passed through it and the modem manufacturer's tech support have no idea as to why this would be happening. Any ideas or suggestions would be most appreciated. Thanks.
Ralink hostap
Hi Since I didn't get any replies to my initial question (http://archives.neohapsis.com/archives/openbsd/2005-05/1711.html), I'd like to know if anybody got a ralink-card working in hostap-mode. Currently, I have to set the client's IP statically, since for some reason DHCP doesn't get through. Is this a driver issue? -- Fridtjof Busse "If the terriers and bariffs are torn down, this economy will grow." George W. Bush January 7, 2000 Spoken in Rochester, New York during presidential campaign.
Re: Network performance
> Incidentally, the original 3c509 is a terrible performer >(the 3c509b was better). Really good history lesson, i must say ,here at argentina i don't have a lot of options to buy nics cards, so fxp and xl are the main options,also could be that i'm too lazy to search in deep for other options. If i don't remember bad the B at the 3C509-B is for "Buffered" , so it has a big buffer on the NIC which gives it a better performance and less IRQ request, that's why the incredible 2,5 x 2,5 cm Chip(the biggest i ever saw on a NIC ;)). -Pablo
Re: kernel-pppoe worries on 3.7
On Sun, 29 May 2005 07:21:25 -0400, Jason Ackley wrote: > For the mailing list archives, can you post what settings > (authentication protocol, any other specific setting) finally did work > with them? Sure. Only: nothing specific; just as in the man pages. Chances are I messed some quotes; in here we see various examples and discussion about single or double; plus '[EMAIL PROTECTED]' and myauthname='[EMAIL PROTECTED]' (or does it have to go through a debug process once ? ;) ) I can confirm, that here it works well without any specific settings (I only changed username and userkey; nothing else: pppoedev ep1 !/sbin/ifconfig ep1 up !/usr/sbin/spppcontrol \$if myauthproto=pap [EMAIL PROTECTED] myauthkey=userkey !/sbin/ifconfig \$if inet 0.0.0.0 0.0.0.1 netmask 0x !/sbin/route add default 0.0.0.1 up Other questions: Since it contains user particulars: can - should - we set it to 600 ? Is it suggested to run a utility (no-ip client) within here ? Somehow I miss the ppp.linkup hook ... What is recommended to /dev/null the output ? I tend to be annoyed by the messages Phase established, Phase dead, etc. in all my sessions. Also here, the details are not interesting. A hook would be, though, for link state. Thanks again, Uwe
Re: No AMD64 mailing list?
On Sun, 2005-05-29 at 11:57 -0400, Nick Holland wrote: > From what little I've seen of NetBSD and FreeBSD mail lists, they look > like a lesson to learn from, not a model to go by. sheesh. Please practice what you preach. I don't think you need to bring down two good projects because you think one big misc list suffices. There are morons like the OP and other noise on this list which is totally unrelated to the project. PS - I agree with your other comments though. -Bruno
Re: No AMD64 mailing list?
z0mer wrote: > U... > > Ok, I'm an idiot. Explain to me in single syllable > words why there is no AMD64 list. Wrong. Things don't happen around here because they COULD happen, but because there is REASON for them to happen. > Why is there a ROMP list? Because issues regarding ROMP are not of interest to the majority of OpenBSD users. > A WWW list? Because issues regarding the website are not of interest to the majority of OpenBSD users. > A list for people running old Macs with 680xx Motorola dust-covered > crap, Because issues regarding mac68k systems are not of interest to the majority of OpenBSD users. > but there's no AMD64 list. Because issues regarding amd64 systems *ARE* very similar to those of the majority of OpenBSD users. Besides, those of us that don't (yet) have one want one (except for Miod) :) > The other BSDs of note have AMD64 lists, so I'm a dumb-fuck for asking? no, you are acting with questionable intelect in assuming that what another project does mandates what we do, even if you can't provide a valid reason as requested. I, for one, have NO interest in trying to follow one hundered different mail lists (NetBSD) or eighty (FreeBSD). Now, you, as a user, may say you have no interest in seeing non-AMD-related stuff, but news flash: it ain't about you. If the developers can't keep an eye out for important stuff on all the lists, the quality of the product goes down. >From what little I've seen of NetBSD and FreeBSD mail lists, they look like a lesson to learn from, not a model to go by. sheesh. > Given what OBSD ~has~ for mailing lists, I'd find it > shocking that there was a list for a platform that > just may get someplace. > > So, Why (TF) is there not an AMD64 list, given that > OBSD has a list for iron lung vintage hardware. Do > you think that an AMD64 is the same thing as an i386? sure, we send ALL AMD queries off to the..non-existant i386 mail list, too! Do you think there is an i386 mail list? > WTF? Having MORE mail lists doesn't improve anyone's life. We've probably got too many -- a number of the lists get virtually no traffic, and some have produced ZERO traffic of use, and lots of "WHEN WILL IT BE DONE so I can 'test' it??" whining. AMD64 is a mainstream platform. We treat it as such. I see no benefit in treating it as a bizzare, nitch machine. Why don't you go ask FreeBSD and NetBSD why they push off a mainstream platform that shares 99+% of the code with their other platforms into a "special" mail list. Heck, we can't even get people to post on the right list with the small number of lists we got now. Nick.
Re: mounting ext3fs via ext2fs
On Sun, May 29, 2005 at 04:58:16PM +0200, Haluk Durmus wrote: > Was it sufficiend that I did an cvs update on current tree, before kompiling ? Could you just use a binary snapshot please? That way we bypass all this nonsense.
Re: mounting ext3fs via ext2fs
Was it sufficiend that I did an cvs update on current tree, before kompiling ? On Sun, 29 May 2005 14:05:20 +0100 "Niall O'Higgins" <[EMAIL PROTECTED]> wrote: > Support for ext2fs filesystems with large files was added after 3.7. > Please try a snapshot, it should work there. > > On Sun, May 29, 2005 at 12:37:18AM +0200, Haluk Durmus wrote: > > [EMAIL PROTECTED]:~# fsck_ext2fs -d /dev/sd0i > > ** /dev/rsd0i > > compat 0x0004, incompat 0x0006, compat_ro 0x0001 > > BAD SUPER BLOCK: INCOMPATIBLE FEATURE BITS IN SUPER BLOCK > > /dev/rsd0i: CANNOT FIGURE OUT FILE SYSTEM PARTITION
Re: mounting ext3fs via ext2fs
ps. It is possible to do an dd if=/dev/sd0i of=/dev/null On Sun, 29 May 2005 00:37:18 +0200 Haluk Durmus <[EMAIL PROTECTED]> wrote: > Hello, > > since 2 week's I changed from linux to openbsd. > But my extern hd didn't managed it yet. > > It is a 80gig extern harddisk connected with usb2.0 to my laptop. > It has an ext3fs and is full of data. > > I thought,that I could mount it with ext2fs, but it was not posible... > > > [EMAIL PROTECTED]:~# mount_ext2fs /dev/sd0i /mnt/tmp/ > mount_ext2fs: /dev/sd0i on /mnt/tmp: specified device does not match mounted > device > > [EMAIL PROTECTED]:~# dmesg > ... > rootdev=0x0 rrootdev=0x300 rawdev=0x302 > uhub2 at usb2 > uhub2: NEC OHCI root hub, class 9/0, rev 1.00/1.00, addr 1 > uhub2: 2 ports with 2 removable, self powered > ehci0 at cardbus1 dev 0 function 2: "NEC USB" rev 0x04 (rev. 0x04) > ehci0: interrupting at 10 > usb3 at ehci0: USB revision 2.0 > uhub3 at usb3 > uhub3: NEC EHCI root hub, class 9/0, rev 2.00/1.00, addr 1 > uhub3: 5 ports with 5 removable, self powered > umass0 at uhub3 port 2 configuration 1 interface 0 > umass0: Genesyslogic USB Mass Storage Device, rev 2.00/0.33, addr 2 > umass0: using SCSI over Bulk-Only > scsibus1 at umass0: 2 targets > sd0 at scsibus1 targ 1 lun 0: SCSI0 0/direct fixed > sd0: 76319MB, 76319 cyl, 64 head, 32 sec, 512 bytes/sec, 156301488 sec total > > > [EMAIL PROTECTED]:~# disklabel sd0 > disklabel: warning, DOS partition table with no valid OpenBSD partition > # /dev/rsd0c: > type: SCSI > disk: SCSI disk > label: MHT2080AT > flags: > bytes/sector: 512 > sectors/track: 32 > tracks/cylinder: 64 > sectors/cylinder: 2048 > cylinders: 76319 > total sectors: 156301488 > rpm: 3600 > interleave: 1 > trackskew: 0 > cylinderskew: 0 > headswitch: 0 # microseconds > track-to-track seek: 0 # microseconds > drivedata: 0 > > 16 partitions: > # sizeoffset fstype [fsize bsize cpg] > c: 156301488 0 unused 0 0 # Cyl 0 - > 76319* > i: 15629632263 ext2fs # Cyl 0*- > 76316* > > [EMAIL PROTECTED]:~# fsck_ext2fs -d /dev/sd0i > ** /dev/rsd0i > compat 0x0004, incompat 0x0006, compat_ro 0x0001 > BAD SUPER BLOCK: INCOMPATIBLE FEATURE BITS IN SUPER BLOCK > /dev/rsd0i: CANNOT FIGURE OUT FILE SYSTEM PARTITION
Re: mounting ext3fs via ext2fs
Ok I recompiled with "option EXT2FS_SYSTEM_FLAGS" /usr/src/sys/conf/GENERIC no changes ... before I compiled the kernel, I did a "cvs update" on "/usr/src", to get the current tree On Sun, 29 May 2005 10:17:02 +0200 "Frank Denis (Jedi/Sector One)" <[EMAIL PROTECTED]> wrote: > On Sun, May 29, 2005 at 01:16:08AM +0200, Haluk Durmus wrote: > > I only found the option > > option EXT2FS # Second Extended Filesystem > > and it is true in GENERIC kernel > > > > > option EXT2FS_SYSTEM_FLAGS > > This is a different flag, and it is not in GENERIC kernel. > > Add that line, reconfig and recompile :) > > You can have a list of supported options with "man options".
Re: mounting ext3fs via ext2fs
Support for ext2fs filesystems with large files was added after 3.7. Please try a snapshot, it should work there. On Sun, May 29, 2005 at 12:37:18AM +0200, Haluk Durmus wrote: > [EMAIL PROTECTED]:~# fsck_ext2fs -d /dev/sd0i > ** /dev/rsd0i > compat 0x0004, incompat 0x0006, compat_ro 0x0001 > BAD SUPER BLOCK: INCOMPATIBLE FEATURE BITS IN SUPER BLOCK > /dev/rsd0i: CANNOT FIGURE OUT FILE SYSTEM PARTITION
Re: kernel-pppoe worries on 3.7
On Sun, 29 May 2005, Uwe Dippel wrote: > And I can confirm it works for Streamyx in Malaysia ! For the mailing list archives, can you post what settings (authentication protocol, any other specific setting) finally did work with them? cheers, -- jason
Re: kernel-pppoe worries on 3.7
On Sat, 28 May 2005 18:32:06 +0800, Uwe Dippel wrote: > My /etc/hostname.pppoe0 doesn't want to start. > I have tried different myauthproto (pap, chap, none). With none, it goes > in fast circles: Thanks for all the advice on and off the list ! Finally I got it working; but I have no good clue what went wrong when and how (after some 30 to 40 efforts, changes, reboots I had lost track, sorry). Then 'debug' came and helped me to identify the correct protocol (no 'bad magic'), and from there onwards at one moment it started to work, finally. The trouble of asking an ISP of the local quality is that they barely manage to set it up on Windoze and don't have the slightest clue about things like authentication. And I can confirm it works for Streamyx in Malaysia ! Thanks again, Uwe
Re: Abocom Network Card
Wait for a new -current snapshot to come out, I added
support for this card. It should attach as [EMAIL PROTECTED]
// Brad
On Sun, May 29, 2005 at 12:30:13AM +1000, Ben Hooper wrote:
> Dmesg below of an Abocom 10/100 CardBus device. Is anyone familiar with them
> and able to hack up a patch?
>
> Ben.
>
> OpenBSD 3.7 (GENERIC) #50: Sun Mar 20 00:01:57 MST 2005
> [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
> cpu0: Intel Pentium III ("GenuineIntel" 686-class, 128KB L2 cache) 647 MHz
> cpu0:
> FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,
> SSE
> real mem = 536387584 (523816K)
> avail mem = 482652160 (471340K)
> using 4278 buffers containing 26923008 bytes (26292K) of memory
> mainbus0 (root)
> bios0 at mainbus0: AT/286+(ff) BIOS, date 07/23/01, BIOS32 rev. 0 @ 0xf0210
> apm0 at bios0: Power Management spec V1.2 (BIOS mgmt disabled)
> apm0: APM power management enable: unrecognized device ID (9)
> apm0: APM engage (device 1): power management disabled (1)
> apm0: battery life expectancy 100%
> apm0: AC on, battery charge high
> pcibios0 at bios0: rev 2.1 @ 0xf0200/0xb00
> pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfb9d0/112 (5 entries)
> pcibios0: no compatible PCI ICU found: ICU vendor 0x product 0x
> pcibios0: PCI bus #3 is the last bus
> bios0: ROM list: 0xc/0x1
> cpu0 at mainbus0
> pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
> pchb0 at pci0 dev 0 function 0 "Acer Labs M1621 PCI" rev 0x05
> ppb0 at pci0 dev 1 function 0 "Acer Labs M5247 AGP/PCI-PCI" rev 0x01
> pci1 at ppb0 bus 1
> vga1 at pci1 dev 0 function 0 "ATI Mobility 1" rev 0x64
> wsdisplay0 at vga1: console (80x25, vt100 emulation)
> wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
> autri0 at pci0 dev 6 function 0 "Acer Labs M5451 Audio" rev 0x01: irq 10
> ac97: codec id 0x43525934 (Cirrus Logic CS4299 rev 4)
> ac97: codec features headphone, 20 bit DAC, 18 bit ADC, Crystal Semi 3D
> audio0 at autri0
> midi0 at autri0: <4DWAVE MIDI UART>
> pcib0 at pci0 dev 7 function 0 "Acer Labs M1533 ISA" rev 0x00
> pciide0 at pci0 dev 16 function 0 "Acer Labs M5229 UDMA IDE" rev 0xc3: DMA,
> channel 0 configured to compatibility, channel 1 configured to compatibility
> wd0 at pciide0 channel 0 drive 0:
> wd0: 16-sector PIO, LBA48, 76351MB, 156368016 sectors
> wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 4
> atapiscsi0 at pciide0 channel 1 drive 0
> scsibus0 at atapiscsi0: 2 targets
> cd0 at scsibus0 targ 0 lun 0: SCSI0 5/cdrom
> removable
> cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2
> "Acer Labs M7101 Power Mgmt" rev 0x00 at pci0 dev 17 function 0 not
> configured
> cbb0 at pci0 dev 19 function 0 "O2 Micro OZ6933 CardBus" rev 0x01: irq 11
> cbb1 at pci0 dev 19 function 1 "O2 Micro OZ6933 CardBus" rev 0x01: irq 11
> ohci0 at pci0 dev 20 function 0 "Acer Labs M5237 USB" rev 0x03: irq 11,
> version 1.0, legacy support
> usb0 at ohci0: USB revision 1.0
> uhub0 at usb0
> uhub0: Acer Labs OHCI root hub, class 9/0, rev 1.00/1.00, addr 1
> uhub0: 2 ports with 2 removable, self powered
> isa0 at pcib0
> isadma0 at isa0
> pckbc0 at isa0 port 0x60/5
> pckbd0 at pckbc0 (kbd slot)
> pckbc0: using irq 1 for kbd slot
> wskbd0 at pckbd0 (mux 1 ignored for console): console keyboard, using
> wsdisplay0
> pmsi0 at pckbc0 (aux slot)
> pckbc0: using irq 12 for aux slot
> wsmouse0 at pmsi0 mux 0
> pcppi0 at isa0 port 0x61
> midi1 at pcppi0:
> sysbeep0 at pcppi0
> lpt0 at isa0 port 0x378/4 irq 7
> npx0 at isa0 port 0xf0/16: using exception 16
> pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
> fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
> fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec
> cardslot0 at cbb0 slot 0 flags 0
> cardbus0 at cardslot0: bus 2 device 0 cacheline 0x0, lattimer 0x20
> pcmcia0 at cardslot0
> cardslot1 at cbb1 slot 1 flags 0
> cardbus1 at cardslot1: bus 3 device 0 cacheline 0x0, lattimer 0x20
> pcmcia1 at cardslot1
> biomask eb6d netmask eb6d ttymask fbef
> pctr: 686-class user-level performance counters enabled
> mtrr: Pentium Pro MTRR support
> CardBus, Fast Ethernet, V1.0, (manufacturer 0x0, product 0x0) vendor
> "Abocom", unknown product 0xab08 (class network subclass ethernet, rev 0x11)
> at cardbus0 dev 0 function 0 not configured
> dkcsum: wd0 matched BIOS disk 80
> root on wd0a
> rootdev=0x0 rrootdev=0x300 rawdev=0x302
> WARNING: /mnt was not properly unmounted
Re: Some examples with ifstated+car+bridge?
But this is my actual problem. I have one interface without ip, and carp does not work. My config: Fw A /etc/hostname.le3 up /etc/hostname.carp3 inet xxx.xxx.xxx.xxx 255.255.255.192 NONE vhid 3 carpdev le3 pass 3Treb72 Fw B /etc/hostname.le3 up /etc/hostname.carp3 inet xxx.xxx.xxx.xxx 255.255.255.192 NONE vhid 3 carpdev le3 advskew 250 pass 3Treb725 And my sysctl.conf: net.inet.carp.preempt=1 # CARP Failover net.inet.carp.log=1 # Enable CARP logging net.inet.ip.forwarding=1 And the default route it is ok. But with configruation packets are not forwarding by the firewalls. Is this configuration correct??? On 5/29/05, David A. Ulevitch <[EMAIL PROTECTED]> wrote: > > > > Hi all, > > > > Where I can find some examples with ifstated+carp+bridge for OpenBSD > > 3.7?? I did not find nothing on OpenBSD faq and google. And other > > question, where is ifstated binary?? I can not find on fresh install, > > on ports perhaps?? > > /usr/src/usr.sbin/ifstated > > More than likely though, with the new carpdev stuff in 3.7 you probably > don't need it for the common cases where it was used before (interface > with no IP used with CARP). > > It did work reasonably well in 3.6 though handled the flushing and > assignment of some static routes I needed in my network. > > Thanks, > David Ulevitch > > > > > Thank you for your help. > > > > -- > > C.L. Martinez > > [EMAIL PROTECTED] > > > > > > !DSPAM:42996fda88301019620185! > > > > > > > >David A. Ulevitch - Founder, EveryDNS.Net >http://david.ulevitch.com -- http://everydns.net > > > -- C.L. Martinez [EMAIL PROTECTED]
Re: Some examples with ifstated+car+bridge?
> Hi all, > > Where I can find some examples with ifstated+carp+bridge for OpenBSD > 3.7?? I did not find nothing on OpenBSD faq and google. And other > question, where is ifstated binary?? I can not find on fresh install, > on ports perhaps?? /usr/src/usr.sbin/ifstated More than likely though, with the new carpdev stuff in 3.7 you probably don't need it for the common cases where it was used before (interface with no IP used with CARP). It did work reasonably well in 3.6 though handled the flushing and assignment of some static routes I needed in my network. Thanks, David Ulevitch > > Thank you for your help. > > -- > C.L. Martinez > [EMAIL PROTECTED] > > > !DSPAM:42996fda88301019620185! > > David A. Ulevitch - Founder, EveryDNS.Net http://david.ulevitch.com -- http://everydns.net
Re: ppp[1508]: tun0: Warning: ff02::%tun0/32: Change route failed: errno: Undefined error: 0
On Sat, May 28, 2005 at 10:56:50PM +0200, Oliver Fuchs wrote: > Hi, > I am using openbsd 3.6 and with using ppp I receive everytime this > message when running ppp: > 1) tun0: Warning: 0.0.0.0/0: Change route failed: errno: No such >process > 2) tun0: Warning: ff02::%tun0/32: Change route failed: errno: >Undefined error: 0 > > (What is a undefined error?) > > I am not running any network on laptop and have configured > /etc/ppp/ppp.conf exactly like it is described in the openbsd-faq: > default: > set log Phase Chat LCP IPCP CCP tun command > ident user-ppp VERSION (built COMPILATIONDATE) > set device /dev/cua03 > set speed 115200 > set dial "ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \ > \"\" AT OK-AT-OK ATE1Q0 OK \\dATDT\\T TIMEOUT 440 CONNECT" > set timeout 0 > > mea: > set phone 007007007 > set login > set authname memyselfandI > set ifaddr 10.0.0.1/0 10.0.0.2/0 255.255.255.0 0.0.0.0 > add default HISADDR You probably should use "add! default HISADDR"; the "!" forces the new default route, and ppp will not complain about the existing default route anymore. Moreover, you can add `disable ipv6cp' to nuke v6 variation of the message. -- Alexandre Anriot [EMAIL PROTECTED]
Some examples with ifstated+car+bridge?
Hi all, Where I can find some examples with ifstated+carp+bridge for OpenBSD 3.7?? I did not find nothing on OpenBSD faq and google. And other question, where is ifstated binary?? I can not find on fresh install, on ports perhaps?? Thank you for your help. -- C.L. Martinez [EMAIL PROTECTED]
