Recommendation for T41 Wireless
Hello. I was recently given an IBM T41 laptop. I've had little experience of laptop hardware, and no experience of wireless. The laptop itself didn't come with any wireless hardware (which, I gather, is a good thing as it would have been closed intel stuff). I would like to get some sort of wireless card for it. What would the users of this list recommend? It'll run OpenBSD 4.0, of course. thanks, MC
Re: Recommendation for T41 Wireless
On Sun, Oct 15, 2006 at 07:57:56AM +0100, mal content wrote: Hello. I was recently given an IBM T41 laptop. I've had little experience of laptop hardware, and no experience of wireless. The laptop itself didn't come with any wireless hardware (which, I gather, is a good thing as it would have been closed intel stuff). I would like to get some sort of wireless card for it. What would the users of this list recommend? It'll run OpenBSD 4.0, of course. thanks, MC Get a Ralink based card, they work great. You'll have to run tpwireless from ports before you put it in to get around the stupid IBM whitelist though.
Re: Recommendation for T41 Wireless
On 15/10/06, Jonathan Gray [EMAIL PROTECTED] wrote: On Sun, Oct 15, 2006 at 07:57:56AM +0100, mal content wrote: Hello. I was recently given an IBM T41 laptop. I've had little experience of laptop hardware, and no experience of wireless. The laptop itself didn't come with any wireless hardware (which, I gather, is a good thing as it would have been closed intel stuff). I would like to get some sort of wireless card for it. What would the users of this list recommend? It'll run OpenBSD 4.0, of course. thanks, MC Get a Ralink based card, they work great. You'll have to run tpwireless from ports before you put it in to get around the stupid IBM whitelist though. Hi. http://catalog.belkin.com/IWCatProductPage.process?Product_Id=136500 This uses the Ralink chipset doesn't it? I just want to be sure before I place an order. thanks, MC
Ralink TX power
Does anyone know what the highest available tx power for a ralink based card is? or any other supported vendor for that matter. I am looking for something comparable to the atheros 400mw (26dbm) Sam Fourman Jr.
Re: Recommendation for T41 Wireless
Am Sonntag, 15. Oktober 2006 08:57 schrieben Sie: Hi! I was recently given an IBM T41 laptop. I've had little experience of laptop hardware, and no experience of wireless. The laptop itself didn't come with any wireless hardware (which, I gather, is a good thing as it would have been closed intel stuff). I would like to get some sort of wireless card for it. What would the users of this list recommend? It'll run OpenBSD 4.0, of course. Personally, I run a ral(4) MiniPCI wireless card on my router (WRAP). It works quite well compared to the ath I had before. And those cards are quite cheap. ral0 at pci0 dev 13 function 0 Ralink RT2560 rev 0x01: irq 12, address ... ral0: MAC/BBP RT2560 (rev 0x04), RF RT2525 Hope this helps, Stephan
Re: Recommendation for T41 Wireless
On Sun, Oct 15, 2006 at 08:52:07AM +0100, mal content wrote: On 15/10/06, Jonathan Gray [EMAIL PROTECTED] wrote: On Sun, Oct 15, 2006 at 07:57:56AM +0100, mal content wrote: Hello. I was recently given an IBM T41 laptop. I've had little experience of laptop hardware, and no experience of wireless. The laptop itself didn't come with any wireless hardware (which, I gather, is a good thing as it would have been closed intel stuff). I would like to get some sort of wireless card for it. What would the users of this list recommend? It'll run OpenBSD 4.0, of course. thanks, MC Get a Ralink based card, they work great. You'll have to run tpwireless from ports before you put it in to get around the stupid IBM whitelist though. Hi. http://catalog.belkin.com/IWCatProductPage.process?Product_Id=136500 This uses the Ralink chipset doesn't it? I just want to be sure before I place an order. thanks, MC Well some companies like Belkin make it hard to tell as they change things. If you don't mind opening up your thinkpad you should be able to place an internal Mini PCI card. These have the advantage of having the main chip clearly visible so you can tell what you're getting. People like wim sell them clearly marked as Ralink cards. If you want an external CardBus card look at the device list in the ral man page ral(4). Jonathan
Re: Recommendation for T41 Wireless
On 15/10/06, Jonathan Gray [EMAIL PROTECTED] wrote: Well some companies like Belkin make it hard to tell as they change things. If you don't mind opening up your thinkpad you should be able to place an internal Mini PCI card. These have the advantage of having the main chip clearly visible so you can tell what you're getting. People like wim sell them clearly marked as Ralink cards. If you want an external CardBus card look at the device list in the ral man page ral(4). Jonathan Ok, thank you! MC
[OT] Newbye network question(s)
Finally I'm going to have time, to put in house a firewall with openbsd, to learn pf. I'm not an expert in networks, so sorry for this OT, not related to openbsd. There are 3 questions: about Vlans, usb installation and DoS atacks... The scene is the following one: about 50 Meters of utp-5e [ Mi room ]--[ Garage ] || || [ 8 port switch ] [ 3com superstack III ] | |--- | | | | | | | [ adsl router ] | |[ web server ] [ Other machines ] | | Obsd 3.9 Only LAN services [ Desktop PCs ] | | [2 laptops])))[ Wifi AP ] To the garage, only a network cable can go, because they do not fit more in the tubes. I would like that everything was filtered, but I cannot put a always runing machine in my room. Switch of 8 ports is not manageable and the 3com produces much noise. My questions are: If i send all the traffic direct to the garage, passing by the 8 ports, and soon returns by the same cable, the machines in the 8 ports are in danger some? (they would be in a diferent vlan, managed by firewall, that the router) Is some doc of howto install obsd in a usb memory? because i can put in my room, some 486 or P1, that without hard disk do not produce noise. My old zyxel router, does not have a good answer with DoS attacks, many connections, etcb is some way to avoid it or I must change it unavoidably? Any other wonderful idea/change to protect well my network ? Sorry for the OT, thanks in advance, and congratulations to all those that make openbsd. And by the music that accompanies releases jeje Inigo
Re: [OT] Newbye network question(s)
On 2006/10/15 13:33, Iqigo Tejedor Arrondo wrote: To the garage, only a network cable can go, because they do not fit more in the tubes. I would like that everything was filtered, but I cannot put a always runing machine in my room. Switch of 8 ports is not manageable and the 3com produces much noise. As long as it's not gigabit, you can split the network cable, since 100baseTX only needs two twisted pairs of wire. One pair needs to be on pins 1 and 2, the other on pins 3 and 6. The pairs are denoted by a stripe of the same colour (e.g. white/orange and orange/white are twisted together). So, you can take each end of the cable and put two plugs on (or two sockets, whichever you prefer): plug Aplug B - 1 white/orange white/blue 2 orange/white blue/white 3 white/green white/brown 4 (no wire) (no wire) 5 (no wire) (no wire) 6 green/white brown/white 7 (no wire) (no wire) 8 (no wire) (no wire) You can also buy a ready-made adapter usually called a cable economiser which normally plugs into a RJ45 socket. This way, you don't even need the vlans. (Incidentally, someone might be interested to know about SMC GS16-Smart if they're looking for a silent manageable switch; it's meant to support jumbo frames with latest firmware but I haven't made it work yet). Is some doc of howto install obsd in a usb memory? because i can put in my room, some 486 or P1, that without hard disk do not produce noise. 486 or P1 are not likely to boot from USB, you need either a compactflash card and a compactflash-IDE adapter, or a disk-on-module (flash memory which plugs straight into the motherboard's IDE socket; ipc2u.com/ipc2u.de have many types). My old zyxel router, does not have a good answer with DoS attacks, many connections, etcb is some way to avoid it or I must change it unavoidably? You can't really avoid a DoS attack at the end of an ADSL, if someone sends a lot of traffic to you there's not much you can do (except mayb change IP address). Some routers have really small memory and can't NAT a large number of connections; with these it may better to use the router as a bridge, run pppoe on the firewall and NAT there instead (unless your ISP will allow you to have at least a /30 subnet).
Re: [OT] Newbye network question(s)
On 15/10/06, Iqigo Tejedor Arrondo [EMAIL PROTECTED] wrote: Finally I'm going to have time, to put in house a firewall with openbsd, to learn pf. I'm not an expert in networks, so sorry for this OT, not related to openbsd. There are 3 questions: about Vlans, usb installation and DoS atacks... The scene is the following one: about 50 Meters of utp-5e [ Mi room ]--[ Garage ] || || [ 8 port switch ] [ 3com superstack III ] | |--- | | | | | | | [ adsl router ] | |[ web server ] [ Other machines ] | | Obsd 3.9 Only LAN services [ Desktop PCs ] | | [2 laptops])))[ Wifi AP ] To the garage, only a network cable can go, because they do not fit more in the tubes. I would like that everything was filtered, but I cannot put a always runing machine in my room. Switch of 8 ports is not manageable and the 3com produces much noise. My questions are: If i send all the traffic direct to the garage, passing by the 8 ports, and soon returns by the same cable, the machines in the 8 ports are in danger some? (they would be in a diferent vlan, managed by firewall, that the router) As was recently posted: http://www.gurulabs.com/goodies/routeronastick.php
Problem sendmail won't
Help, I need some advice. Sendmail stopped sending out and receiving mails. I looked at top, and sendmail is running (Numerous instances), but it just won't send anything. Additionally, trying to login takes up to 3 minutes (kerberos problem? Thanks for any assistance you can provide. --Rob - Eirik Goransson / Rob Baldassano Member, Barony of Endless Hills; House Odlahorde; Viking All around Good Egg ; VROC #5029 (Tigger) come visit http://www.dracowolf.com Do you Yahoo!? Get on board. You're invited to try the new Yahoo! Mail.
Re: [OT] Newbye network question(s)
El dom, 15-10-2006 a las 14:41 +0200, ropers escribis: My questions are: If i send all the traffic direct to the garage, passing by the 8 ports, and soon returns by the same cable, the machines in the 8 ports are in danger some? (they would be in a diferent vlan, managed by firewall, that the router) As was recently posted: http://www.gurulabs.com/goodies/routeronastick.php Cool link, thanks, but I like more than the separation is physical instead of logic. Of all the ways, thanks, could be a solution. In addition, it would force to me to learn, to translate those values of proc-sysctl-linux to the great openbsd :)
Re: Problem sendmail won't
On Sun, Oct 15, 2006 at 05:25:25AM -0700, Rob Baldassano wrote: Help, I need some advice. Sendmail stopped sending out and receiving mails. I looked at top, and sendmail is running (Numerous instances), but it just won't send anything. Additionally, trying to login takes up to 3 minutes (kerberos problem? Thanks for any assistance you can provide. --Rob Check if name resolving works properly. Tobias
Milter-regex problem
Hi
I've got a problem with milter-regex on a _multi-homed_ gateway (OpenBSD
3.9 stable).
Milter-regex did not get the From To and Subject here is the
milter-regex -d output :
Oct 15 15:15:48 mymachine milter-regex[16137]:
1.1.1.1:cb_connect('foo.foo.com', '1.1.1.2')
Oct 15 15:15:53 mymachine milter-regex[16137]:
1.1.1.1:cb_helo('foo.foo.com')
Oct 15 15:15:53 mymachine milter-regex[16137]:
1.1.1.1:cb_envfrom('[EMAIL PROTECTED]')
Oct 15 15:15:53 mymachine milter-regex[16137]: 1.1.1.1::ACCEPT, From: ,
To: , Subject:
Oct 15 15:15:56 mymachine milter-regex[16137]: 1.1.1.1: cb_close()
/etc/mail/sendmail.cf
...
# Input mail filters
O InputMailFilters=milter-regex
...
Xmilter-regex, S=unix:/var/spool/milter-regex/sock, T=S:30s;R:2m
...
/etc/milter-regex.conf
#tempfail Sender IP address not resolving
reject Sender IP address not resolving
connect /\[.*\]/ //
reject sorry bye
header /^(TO|FROM|SUBJECT)$/ei /test/
/etc/rc.conf.local
...
sendmail_flags=-L sm-mta -bd -q30m
...
I use the same configuration files on 3 OpenBSD (single interface)
without problem.
Any idea ?
Thanks
Re: OpenBSD and the Blind
Han Boetes han at mijncomputer.nl writes: Zachary Kline wrote: What I am interested in here are ways that an OpenBSD system might be made accessible. Does anyone here have any thoughts on this issue? I'm more than willing to discuss possible approaches. Don't get overexited when reading the header, but do read the whole thread, it contains a lot of useful information. http://undeadly.org/cgi?action=articlesid=20061011142519mode=expanded # Han I found this posted 2 weeks ago http://archives.neohapsis.com/archives/openbsd/2006-09/1664.html Douglas
Re: OpenBSD and the Blind
Douglas Hunter douglas.hunter at tiscali.co.uk writes: sorry about my previous post (first post to through gmane), what I should have posted was: this post http://archives.neohapsis.com/archives/openbsd/2006-09/1664.html has information about combining EFlite and Emacspeak to generate a software based audio desktop for OpenBSD. Douglas
Re: [OT] Newbye network question(s)
El dom, 15-10-2006 a las 13:38 +0100, Stuart Henderson escribis: On 2006/10/15 13:33, Iqigo Tejedor Arrondo wrote: To the garage, only a network cable can go, because they do not fit more in the tubes. I would like that everything was filtered, but I cannot put a always runing machine in my room. Switch of 8 ports is not manageable and the 3com produces much noise. As long as it's not gigabit, you can split the network cable, since 100baseTX only needs two twisted pairs of wire. One pair needs to be on pins 1 and 2, the other on pins 3 and 6. The pairs are denoted by a stripe of the same colour (e.g. white/orange and orange/white are twisted together). So, you can take each end of the cable and put two plugs on (or two sockets, whichever you prefer): plug Aplug B - 1 white/orange white/blue 2 orange/white blue/white 3 white/green white/brown 4 (no wire) (no wire) 5 (no wire) (no wire) 6 green/white brown/white 7 (no wire) (no wire) 8 (no wire) (no wire) You can also buy a ready-made adapter usually called a cable economiser which normally plugs into a RJ45 socket. A million thanks to execute find in my brain. I had done this sometimes in the work, but in the middle of my problem, i didn't remember this solution. !thanks! [...] 486 or P1 are not likely to boot from USB, you need either a compactflash card and a compactflash-IDE adapter, or a disk-on-module (flash memory which plugs straight into the motherboard's IDE socket; ipc2u.com/ipc2u.de have many types). outch, is true... finally i will have to re-install my brain, with a clean install ... it is full of bugs :/... perhaps with a boot floppy ??. It's equal, with distributing threads of the network cord already I have it solved :) adsl---4threads1---garagefirewall---garageswitch---4threads2---roomswitch cool [...] Some routers have really small memory and can't NAT a large number of connections; with these it may better to use the router as a bridge, run pppoe on the firewall and NAT there instead (unless your ISP will allow you to have at least a /30 subnet). Yes, i was thinking about buying a adsl2 router (I have only 1024/300), and bridge it to a Gb interfaze in a obsd router/firewall. Stuar, a million thanks for hack of 4 threads in the utp cord. It is just wath I need :) Inigo
dmesg2dot
Hi misc,
Here's a small awk script that convert OpenBSD dmesg into graphviz dot format.
Just for sharing and/or comments...
Best regards,
Bruno.
#!/usr/bin/awk -f
BEGIN { unknow=0; print digraph dmesg {; }
{ if ($2 == at) {
dev=$1; pdev=$3; desc=$0;
sub(/:/, , pdev);
gsub(//, \\\, desc);
if (dev == \unknown\) { dev = unknow unknow++; }
printf \t%s [label=\%s\];\n\t%s - %s;\n, dev, desc, pdev, dev;
}
}
END { print } }
Re: c.93.3 not found when installing packages
On 10/13/06, Joachim Schipper [EMAIL PROTECTED] wrote: A quick fix that worked for me (don't know if it's bad to do this or not, though): # cd /usr/lib # ln -s libc.so.40.0 libc.so.39.3 It is, libc bumps happen when functions change in interesting ways. A-ha. Good to know. :-) -Martin -- Suburbia is where the developer bulldozes out the trees, then names the streets after them. --Bill Vaughan
Re: Oldest Server you run
We're trying to put an old server to good use again and would like to know what's exactly the oldest machine running OpenBSD? My home router/firewall/DNS: $ uname -a OpenBSD gw.stare.cz 3.9 COMPAQ#0 i386 $ dmesg OpenBSD 3.9-stable (COMPAQ) #0: Thu Sep 28 20:48:44 CEST 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/COMPAQ cpu0: Intel Pentium (P54C) (GenuineIntel 586-class) 133 MHz cpu0: FPU,V86,DE,PSE,TSC,MSR,MCE,CX8 cpu0: F00F bug workaround installed real mem = 16359424 (15976K) avail mem = 9256960 (9040K) $ sysctl hw hw.machine=i386 hw.model=Intel Pentium (P54C) (GenuineIntel 586-class) hw.ncpu=1 hw.byteorder=1234 hw.physmem=16359424 hw.usermem=16195584 hw.pagesize=4096 hw.disknames=wd0,wd1,fd0 hw.diskcount=3 hw.cpuspeed=133 Jan
Re: c.93.3 not found when installing packages
On Fri, 13 Oct 2006 17:56:07 +0200, Joachim Schipper [EMAIL PROTECTED] wrote: It is, libc bumps happen when functions change in interesting ways. Just out of curiosity: This is not an update to keep the libc version number in-sync with the OpenBSD release? It would have remained on 39 if there would not have been a change in the interface or semantics? Bernd
Re: c.93.3 not found when installing packages
It is, libc bumps happen when functions change in interesting ways. Just out of curiosity: This is not an update to keep the libc version number in-sync with the OpenBSD release? It would have remained on 39 if there would not have been a change in the interface or semantics? Of course we only change the numbers for good reasons. Keeping it in sync because it is pretty? Don't be crazy.
Re: c.93.3 not found when installing packages
On Sun, 15 Oct 2006 20:03:55 +0200, Chris Kuethe [EMAIL PROTECTED] wrote: On 10/15/06, Bernd Schoeller [EMAIL PROTECTED] wrote: On Fri, 13 Oct 2006 17:56:07 +0200, Joachim Schipper [EMAIL PROTECTED] wrote: It is, libc bumps happen when functions change in interesting ways. Just out of curiosity: This is not an update to keep the libc version number in-sync with the OpenBSD release? It would have remained on 39 if there would not have been a change in the interface or semantics? http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/shlib_version Thank you for the link, though it does not answer my question. So I assume the answer to my question is: no, there would not be a bump in libc version number just to keep it in sync with the OpenBSD version number. Sorry for the noise, Bernd
Re: Recommendation for T41 Wireless
Jonathan Gray wrote: Well some companies like Belkin make it hard to tell as they change things. If you don't mind opening up your thinkpad you should be able to place an internal Mini PCI card. These have the advantage of having the main chip clearly visible so you can tell what you're getting. People like wim sell them clearly marked as Ralink cards. This is to the OP, but it's a good place to interject this comment: If the Thinkpad was not shipped with a wireless card, make sure that it's at least one of the wireless ready models with the antennas already provisioned in the laptop lid. The fastest way to check this is to pull the keyboard screws and the palmrest screws (The ones marked with the keyboard symbols, then the ones marked with symbols that look like a mini-PCI card), pulling the keyboard first, then the other. There will be two antenna cables, one marked MAIN, the other marked AUX. These will be next to or on top of the Mini-PCI slot that the wireless NIC goes into. If you don't have those, you don't have the antennas installed. Install kits can be gotten from IBM or eBay or some such, but require disassembly of the laptop lid as well, and can be really tricky. FWIW, you might want to check for those first before you make any buying decisions. -Joe -- Joseph C. Bender jcbender at bendorius com
Re: Problem sendmail won't
Hi! Try to read /var/log/maillog There you will find a lot of usefull information. Most attention to all possible errors. Tobias Ulmer wrote: On Sun, Oct 15, 2006 at 05:25:25AM -0700, Rob Baldassano wrote: Help, I need some advice. Sendmail stopped sending out and receiving mails. I looked at top, and sendmail is running (Numerous instances), but it just won't send anything. Additionally, trying to login takes up to 3 minutes (kerberos problem? Thanks for any assistance you can provide. --Rob Check if name resolving works properly. Tobias
Re: Swedish speakers -- OpenBSD and IBM Tivoli TSM BA
On Fri, Oct 13, 2006 at 06:16:52PM +0200, ropers wrote: On 13/10/06, Joachim Schipper [EMAIL PROTECTED] wrote: On Thu, Oct 12, 2006 at 06:11:16PM +0200, ropers wrote: I find myself having to use the Tivoli Storage Manager Backup/Archive client (dsmc). As much as I would prefer a free solution, this is the only offsite backup supported in my organisaton and if I want to maintain an OpenBSD server, I will have to get OpenBSD to talk to the Tivoli server. It appears, though I've not done more than take a quick glance, that this product can back up from NFS exports. If so, that might be the least hackish solution. Sorry to appear lazy, but do you remember where you saw that? IMHO IBM's Tivoli documentation is all over the place, that's why I don't seem to be finding information to confirm this (much less to help me to implement this). If you don't remember then nevermind -- I'll get to test the installed Linux dsmc TSM client fairly soon. If I can fully test it and IFF it fully works, including restoring the entire mullarkey to another HDD, then I could probably use the Linux TSM client as is, though I do understand the earlier poster's concerns. Mostly circumstantial evidence like http://publib.boulder.ibm.com/infocenter/tivihelp/v1r1/topic/com.ibm.itsmc.doc/ans5127.htm#back014. Admittedly, this is not terribly clear; I had hoped that someone who was more familiar with the product would find the note sufficient. Some more research does not help terribly much. Than again, whoever set up the system should be able to answer this question... Joachim
isakmpd fail on key renew with Checkpoint NG
Hi all I have checkpoint NG running on 1 system (retiring next weekend) but right now, it seems that the tunnels between it and my BSD 4.0 firewalls drops on key renewal or something. I am running isakmpd with -T flag and the other BSD firewalls I run do not drop the connection at all I am using the same config as I have in the past with BSD 3.9 Can anyone offer some suggestions to which will enable me to dig deeper into what would be causing the expiry of the key to not renew. I have to actually stop and restart isakmpd on the 4.0 BSD firewalls for the communication to checkpoint to kick back in. Thanks again James
sasyncd not failing over/back
Hi all I have 2 Openbsd 4.0 systems running I have the systems plugged into a gigabit (4 port intel server adapter) management switch (external interface) I then have the 2 systems plugged together via the pfsync on a 100mb intel card Carp is working fine, pf is working fine. I allow all carp and pfsync data to pass per the manual(s) Here is an example of my files Server1 Hostname.em0 Ip is 1.2.3.4 Mygate 1.2.3.254 Hostname.carp0 (used by em0) Primary ip is 1.2.3.10 Alias 1.2.3.11 Alias 1.2.3.12 Alias 1.2.3.13 Hostname.em1 (internal interface) Ip is 10.50.50.1 Hostname.carp1 (used by em1) Ip is 10.50.50.254 Sasyncd.conf interface carp0 peer 1.2.3.5 sharedkey /etc/aes1922.key Server2 Hostname.em0 Ip is 1.2.3.5 Mygate 1.2.3.254 Hostname.carp0 (used by em0) Primary ip is 1.2.3.10 Alias 1.2.3.11 Alias 1.2.3.12 Alias 1.2.3.13 Hostname.em1 (internal interface) Ip is 10.50.50.1 Hostname.carp1 (used by em1) Ip is 10.50.50.254 Sasyncd.conf interface carp0 peer 1.2.3.4 sharedkey /etc/aes1922.key The VPN's, carp, and PF work perfectly fine, but if on say server1 I do a interface em0 down the vpn's die and never come back. Isakmpd runs fine but I do use flag -T on it because of some older fw's that seem not to communicate properly with later fw's without it. Sasyncd is running fine as I have it set to start in rc.conf I am using the same key as I did on 3.9 and failover worked perfectly, of course, fail back didn't work in 3.9 version of sasyncd Anyhow, can anyone offer some advice as I am using the same files (other then change the sasyncd.conf from carp interface carp0 to interface carp0 as it wouldn't load until doing that) I'm rather stumped at the moment (going to do major testing this week on it) so any extra feedback/comments or input on who I can better enable details on the sa transfers the better. Thanks again James
Re: sasyncd not failing over/back
Sorry, On server 2 this is what hostname.em1 would be Hostname.em1 (internal interface) Ip is 10.50.50.2 Says I'm running OpenBSD 4.0-current (GENERIC) #1149: Thanks again James -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of James Mackinnon Sent: Sunday, October 15, 2006 5:14 PM To: misc@openbsd.org Subject: sasyncd not failing over/back Hi all I have 2 Openbsd 4.0 systems running I have the systems plugged into a gigabit (4 port intel server adapter) management switch (external interface) I then have the 2 systems plugged together via the pfsync on a 100mb intel card Carp is working fine, pf is working fine. I allow all carp and pfsync data to pass per the manual(s) Here is an example of my files Server1 Hostname.em0 Ip is 1.2.3.4 Mygate 1.2.3.254 Hostname.carp0 (used by em0) Primary ip is 1.2.3.10 Alias 1.2.3.11 Alias 1.2.3.12 Alias 1.2.3.13 Hostname.em1 (internal interface) Ip is 10.50.50.1 Hostname.carp1 (used by em1) Ip is 10.50.50.254 Sasyncd.conf interface carp0 peer 1.2.3.5 sharedkey /etc/aes1922.key Server2 Hostname.em0 Ip is 1.2.3.5 Mygate 1.2.3.254 Hostname.carp0 (used by em0) Primary ip is 1.2.3.10 Alias 1.2.3.11 Alias 1.2.3.12 Alias 1.2.3.13 Hostname.em1 (internal interface) Ip is 10.50.50.1 Hostname.carp1 (used by em1) Ip is 10.50.50.254 Sasyncd.conf interface carp0 peer 1.2.3.4 sharedkey /etc/aes1922.key The VPN's, carp, and PF work perfectly fine, but if on say server1 I do a interface em0 down the vpn's die and never come back. Isakmpd runs fine but I do use flag -T on it because of some older fw's that seem not to communicate properly with later fw's without it. Sasyncd is running fine as I have it set to start in rc.conf I am using the same key as I did on 3.9 and failover worked perfectly, of course, fail back didn't work in 3.9 version of sasyncd Anyhow, can anyone offer some advice as I am using the same files (other then change the sasyncd.conf from carp interface carp0 to interface carp0 as it wouldn't load until doing that) I'm rather stumped at the moment (going to do major testing this week on it) so any extra feedback/comments or input on who I can better enable details on the sa transfers the better. Thanks again James
Re: Problem sendmail won't
On 2006/10/15 at 05:25:25AM -0700, Rob Baldassano wrote: Help, I need some advice. Sendmail stopped sending out and receiving mails. I looked at top, and sendmail is running (Numerous instances), but it just won't send anything. Additionally, trying to login takes up to 3 minutes (kerberos problem? Thanks for any assistance you can provide. Do you have your own domain? There is a spamer out there (in Russia, IIRC) who is making a practice of forging lots of the same domain name in one massive spam run, with bogus usernames of the form: first-nametwo-initialslastname all run together And -- he does not have a particularly clean list of addresses, so there are *lots* of bounce messages. I'm running qmail, not sendmail, and if I don't do anything about it, my systems run to a load average of 256 and then lock up (these happen to be older Solaris systems, not OpenBSD). However, since qmail can be run from inetd.conf, I have set up a shell script which checks the system load average (with a small quick binary program which simply tests whether the load average is above or below a threshold passed on the command line, and returns a status corresponding to that). If the load average is over eight, it swaps in a second inetd.conf which has the qmail incoming SMTP entry commented out, and when the load average finally falls below that, it re-enables the incoming SMTP connections. This allows the systems (with peak load averages of somewhere around 64) to survive the flood, and eventually drain the pool of incoming bounce messages. Of course -- there is nothing so simple as blocking the source, as you are receiving the bounces from his victim's systems, not the original spam, which are themselves coming from a large number of compromised machines around the world. These seem to be happening about once a week now, with one starting this morning. If you have your own domain, and he happens to be forging your domain today, you will also have a massively overloaded sendmail, and the only easy cure is to disconnect from the net until sendmail catches up. (You might want to look in the queue to see what is being processed. Today's spam seems to be a weight loss spam.) Good Luck, DoN. -- Email: [EMAIL PROTECTED] | Voice (all times): (703) 938-4564 (too) near Washington D.C. | http://www.d-and-d.com/dnichols/DoN.html --- Black Holes are where God is dividing by zero ---
WordPress support
Wordpress ver 1.5 is in the package list for OpenBSD 3.9. The latest version of Wordpress is 2.0.4. Is Wordpress being actively maintained on OpenBSD? Thanks, Jay
cvs timeouts?
Attempts to update my source tree fail repeatedly from several servers (see output below). Any ideas on how to correct this? Thnx, J ssh: connect to host anoncvs3.usa.openbsd.org port 22: Connection timed out cvs [update aborted]: end of file from server (consult above messages if any)
Question about the book Secure architecture with OpenBSD
Hi everyone, I was just about to order the 4.0 CDs and I figured I'd get a book along with it. I was thinking on getting 'Secure architecture with OpenBSD'. My question is since it was written in 2004 is it still up-to-date? Also is there a 2nd edition in the works? Thank you for your time, Jd
Re: Question about the book Secure architecture with OpenBSD
On Sun, 15 Oct 2006, Jean-Daniel Beaubien wrote: Hi everyone, I was just about to order the 4.0 CDs and I figured I'd get a book along with it. I was thinking on getting 'Secure architecture with OpenBSD'. My question is since it was written in 2004 is it still up-to-date? Also is there a 2nd edition in the works? Thank you for your time, Jd I think you will find that the vast majority of the information is still relevant and up to date. One area that has seen a lot of enhancement is in the IPSEC configuration. This area has been simplified quite a bit. Aside from that most everything else is the same and I would definately recommend it as a good book to purchase. -Matt-
Re: Cannot login into OpenSSH after applying patch 020_ssh2.patch to OpenBSD 3.8 stable
On Fri, 13 Oct 2006 17:27:50 +0200, Tobias Weisserth wrote: I just patched OpenSSH on OpenBSD 3.8 and restarted OpenSSH. Now I can't login anymore using public/private key authentication. I get this on the client side: Enter passphrase for key '/Users/user/.ssh/id_dsa': Connection to host.xy closed by remote host. Connection to host.xy closed. The key seems to be alright (there have not been any changes to it), / var/log/authlog on the server says that OpenSSH accepts the key. There's no other stuff in there or in /var/log/messages that indicates any trouble. Any ideas? Right now, I have effectively locked myself out of my box. Luckily it's right in the next room... For me it isn't (in the next room). I get exactly the same. I removed the key, but password doesn't work neither. sftp is also behaving similarly. I have rebooted the box; against my conviction. This is what I get: debug1: Next authentication method: password [EMAIL PROTECTED]'s password: debug3: packet_send2: adding 64 (len 58 padlen 6 extra_pad 64) debug2: we sent a password packet, wait for reply debug1: Authentication succeeded (password). debug1: channel 0: new [client-session] debug3: ssh_session2_open: channel_new: 0 debug2: channel 0: send open debug1: Entering interactive session. debug1: channel 0: free: client-session, nchannels 1 debug3: channel 0: status: The following connections are open: #0 client-session (t3 r-1 i0/0 o0/0 fd 5/6 cfd -1) debug3: channel 0: close_fds r 5 w 6 e 7 c -1 Connection to 172.16.0.2 closed by remote host. Connection to 172.16.0.2 closed. debug1: Transferred: stdin 0, stdout 0, stderr 83 bytes in 0.0 seconds debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 3140.3 debug1: Exit status -1 Any help appreciated, Uwe
