dev tap
how to create device tap ( for openvpn bridge mode ) in OBSD 4.1 -- sonjaya http://sicute.blogspot.com
Re: dev tap
On Thu, Jul 12, 2007 at 01:50:51PM +0700, sonjaya wrote: how to create device tap ( for openvpn bridge mode ) in OBSD 4.1 Man tun(4) and look for link0 or layer 2 mode. For openvpn the magic is: dev tun0 dev-type tap -- :wq Claudio
Re: Intel Core 2 - round #2
bofh [EMAIL PROTECTED] writes: So, everyone picks up on the one thing that Linus fixed a while back, the TLB stuff. What about the rest of the bugs? The non-TLB crap? How is Art ignoring the relevance of the rest of the message? He just said, the TLB is just a minor issue, that the *OTHER* guys are ignoring the major stuff. I think that's what he said. He wasn't contradicting me, he was just amplifying my message. :) //art
Re: dev tap
i try bridge mode but i think not support in obsd 4.1 , below log Thu Jul 12 14:56:45 2007 notebook/202.93.xx.xxx:62358 write to TUN/TAP : Address family not supported by protocol family (code=47) Thu Jul 12 14:56:46 2007 notebook/202.93.xx.xxx:62358 write to TUN/TAP : Address family not supported by protocol family (code=47) #ifconfig enc0: flags=0 mtu 1536 tun0: flags=8051UP,POINTOPOINT,RUNNING,MULTICAST mtu 1500 groups: tun inet6 fe80::250:daff:fe80:63e1%tun0 - prefixlen 64 scopeid 0x6 #cat /etc/openvpn/bridgemode.conf dev tun0 dev-type tap server-bridge 192.168.2.1 255.255.255.0 192.168.2.2 192.168.2.3 On 7/12/07, Claudio Jeker [EMAIL PROTECTED] wrote: On Thu, Jul 12, 2007 at 01:50:51PM +0700, sonjaya wrote: how to create device tap ( for openvpn bridge mode ) in OBSD 4.1 Man tun(4) and look for link0 or layer 2 mode. For openvpn the magic is: dev tun0 dev-type tap -- :wq Claudio -- sonjaya http://sicute.blogspot.com
Re: dev tap
On Thu, Jul 12, 2007 at 02:58:26PM +0700, sonjaya wrote: i try bridge mode but i think not support in obsd 4.1 , below log Thu Jul 12 14:56:45 2007 notebook/202.93.xx.xxx:62358 write to TUN/TAP : Address family not supported by protocol family (code=47) Thu Jul 12 14:56:46 2007 notebook/202.93.xx.xxx:62358 write to TUN/TAP : Address family not supported by protocol family (code=47) #ifconfig enc0: flags=0 mtu 1536 tun0: flags=8051UP,POINTOPOINT,RUNNING,MULTICAST mtu 1500 groups: tun inet6 fe80::250:daff:fe80:63e1%tun0 - prefixlen 64 scopeid 0x6 #cat /etc/openvpn/bridgemode.conf dev tun0 dev-type tap server-bridge 192.168.2.1 255.255.255.0 192.168.2.2 192.168.2.3 The tun(4) interface is still in Layer 3 mode. Destroy it and restart openvpn. Your interface should look similar to this one: tun0: flags=9843UP,BROADCAST,RUNNING,SIMPLEX,LINK0,MULTICAST mtu 1500 lladdr 00:bd:e4:a9:e8:01 inet 10.0.42.2 netmask 0xff00 broadcast 10.0.42.255 inet6 fe80::2bd:e4ff:fea9:e801%tun0 prefixlen 64 scopeid 0x10 Btw. dev tun0 dev-type tap ifconfig 10.0.42.1 255.255.255.0 server-bridge 10.0.42.1 255.255.255.0 10.0.42.2 10.0.42.192 works for me on the server and plus this on the client side: dev tun0 dev-type tap ifconfig 10.0.42.2 255.255.255.0 One system is running 4.0 the other is mostly -current. -- :wq Claudio On 7/12/07, Claudio Jeker [EMAIL PROTECTED] wrote: On Thu, Jul 12, 2007 at 01:50:51PM +0700, sonjaya wrote: how to create device tap ( for openvpn bridge mode ) in OBSD 4.1 Man tun(4) and look for link0 or layer 2 mode. For openvpn the magic is: dev tun0 dev-type tap -- :wq Claudio -- sonjaya http://sicute.blogspot.com
Re: VA space question
Minor comment fix of src/sys/arch/amd64/include/pmap.h. :) diff -u pmap.h pmap2.h [demime 1.01d removed an attachment of type text/x-patch which had a name of pmap.h.diff]
Re: VA space question
Since my attachment was filtered out, here's the little patch in text. Minor comment fix of src/sys/arch/amd64/include/pmap.h. :) diff -u pmap.h pmap2.h --- pmap.h 2007-07-09 13:14:12.0 +0300 +++ pmap2.h 2007-07-12 11:59:46.0 +0300 @@ -167,7 +167,7 @@ * the following defines give the virtual addresses of various MMU * data structures: * PTE_BASE and APTE_BASE: the base VA of the linear PTE mappings - * PTD_BASE and APTD_BASE: the base VA of the recursive mapping of the PTD + * PDP_BASE and APDP_BASE: the base VA of the recursive mapping of the PDP * PDP_PDE and APDP_PDE: the VA of the PDE that points back to the PDP/APDP * */
NAT issues
Hi there!
I'm having major head-aches trying to figure out why this isn't working.
I have an OpenBSD machine acting as a router/firewall and it has three
interfaces: vge0, vge1, and dc0. This machine connects to a hub and
the hub in turn connects to various other machines. I got NAT to work
only by plugging both vge0 and dc0 into the hub (at least one has to
be the source link), but it fails if either vge0 or dc0 is set to down
or unplugged.
I've narrowed my pf.conf file down to a minimal reproducable state and
here it is:
ext_if=vge1
int_if=vge0
lan=192.168.0.0/16
nat on $ext_if from $lan to any - ($ext_if:0)
pass out on $ext_if proto { tcp, udp, icmp } from any to any
pass quick on $int_if
Am I missing something? I feel like a fool as I've been trying to fix
this for hours now but I just can't figure it out.
Re: NAT issues
Deraj Puma wrote:
Hi there!
I'm having major head-aches trying to figure out why this isn't working.
I have an OpenBSD machine acting as a router/firewall and it has three
interfaces: vge0, vge1, and dc0. This machine connects to a hub and
the hub in turn connects to various other machines. I got NAT to work
only by plugging both vge0 and dc0 into the hub (at least one has to
be the source link), but it fails if either vge0 or dc0 is set to down
or unplugged.
I've narrowed my pf.conf file down to a minimal reproducable state and
here it is:
ext_if=vge1
int_if=vge0
lan=192.168.0.0/16
nat on $ext_if from $lan to any - ($ext_if:0)
pass out on $ext_if proto { tcp, udp, icmp } from any to any
pass quick on $int_if
Am I missing something? I feel like a fool as I've been trying to fix
this for hours now but I just can't figure it out.
Which interface routes for the 192.168/16 subnet?
The output from ifconfig, pfctl -sn and route might be useful for
debugging this issue.
Fred
--
http://www.crowsons.com/puters/x41.htm
Re: NAT issues
For the archives: It was a problem with the routes. Thanks Fred.
Re: books.html out of date?
Chris Cappuccio wrote: Alexander Hall [EMAIL PROTECTED] wrote: Is books.html falling behind? Yes ... or is the OpenBSD/amazon association for specific ISBN's? No If you can update the URLs, or have other books to add, you should email a diff -u to [EMAIL PROTECTED] Done. Thanks. /Alexander
Atheros AR5213 PCMCIA card works
Hi folks, I've almost over the installation of a toshiba laptop under OpenBSD 4.1. I use a CISCO AIR-CB21AG-E-K9 pcmcia wireless card. The dmesg tell that is a AR5213 chipset. It seems in the man ath that this chipset is not supported by the OpenBSD's driver, but it works on this laptop, so, if this could help the OpenBSD project, I send you my ifconfig ath0, my netstat -nI ath0 and my dmesg. If ever you want I make some test for you, I'm ready to help the project. First, this is the ifconfig ath0 ath0: flags=8863UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:40:96:a6:c6:0b groups: wlan egress media: IEEE802.11 autoselect (DS11 mode 11b) status: active ieee80211: nwid ap-amiens chan 1 bssid 00:12:7f:8b:28:00 28% nwkey 0x01234567890123456789012345 inet6 fe80::240:96ff:fea6:c60b%ath0 prefixlen 64 scopeid 0x5 inet 195.98.236.232 netmask 0xff00 broadcast 195.98.236.255 This the the netstat -nI ath0 NameMtu Network Address Ipkts IerrsOpkts Oerrs Colls ath01500 Link 00:40:96:a6:c6:0b34190 722575 31 0 ath01500 fe80::%ath0 fe80::240:96ff:fe34190 722575 31 0 ath01500 195.98.236/ 195.98.236.232 34190 722575 31 0 This is my dmesg OpenBSD 4.1 (GENERIC) #1435: Sat Mar 10 19:07:45 MST 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Mobile Intel(R) Pentium(R) 4 - M CPU 2.20GHz (GenuineIntel 686-class) 2.20 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS, ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,CNXT-ID,xTPR real mem = 536244224 (523676K) avail mem = 481591296 (470304K) using 4278 buffers containing 26935296 bytes (26304K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+ BIOS, date 01/09/03, BIOS32 rev. 0 @ 0xfc04c, SMBIOS rev. 2.3 @ 0xec000 (42 entries) bios0: TOSHIBA Satellite 2410 apm0 at bios0: Power Management spec V1.2 apm0: battery life expectancy 100% apm0: AC on, battery charge high, estimated 1:32 hours apm0: flags 20102 dobusy 0 doidle 1 pcibios0 at bios0: rev 2.1 @ 0xf/0x1 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf01a0/160 (8 entries) pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82371FB ISA rev 0x00) pcibios0: PCI bus #5 is the last bus bios0: ROM list: 0xc/0x1 0xe/0x1! acpi at mainbus0 not configured cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 Intel 82845 Host rev 0x04 ppb0 at pci0 dev 1 function 0 Intel 82845 AGP rev 0x04 pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 NVIDIA GeForce4 420 Go rev 0xa3 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) uhci0 at pci0 dev 29 function 0 Intel 82801CA/CAM USB rev 0x02: irq 11 usb0 at uhci0: USB revision 1.0 uhub0 at usb0 uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered uhci1 at pci0 dev 29 function 1 Intel 82801CA/CAM USB rev 0x02: irq 11 usb1 at uhci1: USB revision 1.0 uhub1 at usb1 uhub1: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub1: 2 ports with 2 removable, self powered ppb1 at pci0 dev 30 function 0 Intel 82801BAM Hub-to-PCI rev 0x42 pci2 at ppb1 bus 2 TI TSB43AB22 FireWire rev 0x00 at pci2 dev 7 function 0 not configured fxp0 at pci2 dev 8 function 0 Intel PRO/100 VE rev 0x42, i82562: irq 11, address 00:08:0d:fe:b9:5f inphy0 at fxp0 phy 1: i82562ET 10/100 PHY, rev. 0 cbb0 at pci2 dev 11 function 0 Toshiba ToPIC100 CardBus rev 0x32: irq 11 cbb1 at pci2 dev 11 function 1 Toshiba ToPIC100 CardBus rev 0x32: irq 11 Toshiba SD Controller rev 0x03 at pci2 dev 13 function 0 not configured cardslot0 at cbb0 slot 0 flags 0 cardbus0 at cardslot0: bus 4 device 0 cacheline 0x0, lattimer 0x0 pcmcia0 at cardslot0 cardslot1 at cbb1 slot 1 flags 0 cardbus1 at cardslot1: bus 5 device 0 cacheline 0x0, lattimer 0x0 pcmcia1 at cardslot1 ichpcib0 at pci0 dev 31 function 0 Intel 82801CAM LPC rev 0x02: SpeedStep pciide0 at pci0 dev 31 function 1 Intel 82801CAM IDE rev 0x02: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility wd0 at pciide0 channel 0 drive 0: TOSHIBA MK4018GAS wd0: 16-sector PIO, LBA, 38154MB, 78140160 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5 atapiscsi0 at pciide0 channel 1 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: TOSHIBA, DVD-ROM SD-R6012, 1334 SCSI0 5/cdrom removable cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2 auich0 at pci0 dev 31 function 5 Intel 82801CA/CAM AC97 rev 0x02: irq 11, ICH3 AC97 ac97: codec id 0x594d4803 (Yamaha YMF753-S) ac97: codec features 18 bit DAC, No 3D Stereo audio0 at auich0 Intel
Re: Intel Core 2 - round #2
On 12 Jul 2007 09:56:03 +0200, Artur Grabowski [EMAIL PROTECTED] wrote: I think that's what he said. He wasn't contradicting me, he was just amplifying my message. :) In that case, color me *blush* :) Apologies Jacob. -Tai -- This officer's men seem to follow him merely out of idle curiosity. -- Sandhurst officer cadet evaluation.
Re: X with XGI Volari Z7
On 7/11/07, Alexey Vatchenko [EMAIL PROTECTED] wrote: Hi! I have motherboard Tyan n3400B with XGI Volari Z7 video card: vga1 at pci1 dev 10 function 0 XGI Technology Volari Z7 rev 0x00 Have anyone successfully run X with more than 8bpp (and more than 320x200)? The sis X.Org driver should work for this chipset. You need to provide more information (the /var/log/Xorg.0.log and the xorg.conf file you tried) if you want to get useful help.
formerly working vpn between obsd 4.0 hosts failing ....
I have two bsd firewall / routers that have a vpn between them ... sometimes. They have a late May build of 4.0 386, they have been working well until a few days ago, and we of course all swear that nothing was changed... they just started failing. I left last night with tunnels up and running, came in this morning and found them down again. Isakmpd is running on both ends, on my 'client network' end the I started it with isakmpd -TLv -D A=40 , below is some log. I had found that if I restarted the daemon on the 'server network' side that I could get the tunnels to come up, but it might require a couple of attempts, so I really can not prove it was merely a coincidence that were starting. This morning I found that the clocks were off between the fws and synched them, then restarted isakmpd on the client net side the tunnels came right up. I claim that pf is configured properly, else the tunnels would never come up. I use preshared keys, I know they match again because the tunnels work for a while. I have never really seen tunnels just go down once running, so what would you do to isolate the cause? Any help would be appreciated. -snip with tunnels down -- Jul 12 06:31:29 mz1000wa isakmpd[13493]: timer_handle_expirations: event message_send_expire(0x87234480) Jul 12 06:31:29 mz1000wa isakmpd[13493]: timer_add_event: event message_send_expire(0x87234480) added before exchange_free_aux(0x7ed17700), expiration in 11s Jul 12 06:31:29 mz1000wa isakmpd[13493]: timer_add_event: event exchange_free_aux(0x7ed17a00) added last, expiration in 120s Jul 12 06:31:29 mz1000wa isakmpd[13493]: exchange_setup_p1: 0x7ed17a00 unnamed no policy policy responder phase 1 doi 0 exchange 5 step 0 Jul 12 06:31:29 mz1000wa isakmpd[13493]: exchange_setup_p1: icookie 987bc831de38f5d4 rcookie 93d3d4c89d53786b Jul 12 06:31:29 mz1000wa isakmpd[13493]: exchange_setup_p1: msgid Jul 12 06:31:29 mz1000wa isakmpd[13493]: isakmp_responder: got NOTIFY of type INVALID_COOKIE, ignoring Jul 12 06:31:29 mz1000wa isakmpd[13493]: exchange_finalize: 0x7ed17a00 unnamed no policy policy responder phase 1 doi 0 exchange 5 step 0 Jul 12 06:31:29 mz1000wa isakmpd[13493]: exchange_finalize: icookie 987bc831de38f5d4 rcookie 93d3d4c89d53786b Jul 12 06:31:29 mz1000wa isakmpd[13493]: exchange_finalize: msgid Jul 12 06:31:29 mz1000wa isakmpd[13493]: timer_remove_event: removing event exchange_free_aux(0x7ed17a00) Jul 12 06:31:29 mz1000wa isakmpd[13493]: message_free: freeing 0x87234500 Jul 12 06:31:33 mz1000wa isakmpd[13493]: message_free: freeing 0x87234500 Jul 12 06:31:40 mz1000wa isakmpd[13493]: timer_handle_expirations: event message_send_expire(0x87234480) Jul 12 06:31:40 mz1000wa isakmpd[13493]: timer_add_event: event message_send_expire(0x87234480) added before exchange_free_aux(0x7ed17700), expiration in 13s Jul 12 06:31:40 mz1000wa isakmpd[13493]: timer_add_event: event exchange_free_aux(0x7ed17a00) added last, expiration in 120s Jul 12 06:31:40 mz1000wa isakmpd[13493]: exchange_setup_p1: 0x7ed17a00 unnamed no policy policy responder phase 1 doi 0 exchange 5 step 0 Jul 12 06:31:40 mz1000wa isakmpd[13493]: exchange_setup_p1: icookie b65fccde1f52143b rcookie fee87d767fbe664b Jul 12 06:31:40 mz1000wa isakmpd[13493]: exchange_setup_p1: msgid Jul 12 06:31:40 mz1000wa isakmpd[13493]: isakmp_responder: got NOTIFY of type INVALID_COOKIE, ignoring Jul 12 06:31:40 mz1000wa isakmpd[13493]: exchange_finalize: 0x7ed17a00 unnamed no policy policy responder phase 1 doi 0 exchange 5 step 0 Jul 12 06:31:40 mz1000wa isakmpd[13493]: exchange_finalize: icookie b65fccde1f52143b rcookie fee87d767fbe664b Jul 12 06:31:40 mz1000wa isakmpd[13493]: exchange_finalize: msgid Jul 12 06:31:40 mz1000wa isakmpd[13493]: timer_remove_event: removing event exchange_free_aux(0x7ed17a00) Jul 12 06:31:40 mz1000wa isakmpd[13493]: message_free: freeing 0x87234500 Jul 12 06:31:46 mz1000wa isakmpd[13493]: message_free: freeing 0x87234500 Jul 12 06:31:53 mz1000wa isakmpd[13493]: timer_handle_expirations: event message_send_expire(0x87234480) Jul 12 06:31:53 mz1000wa isakmpd[13493]: timer_add_event: event message_send_expire(0x87234480) added before exchange_free_aux(0x7ed17700), expiration in 15s Jul 12 06:31:53 mz1000wa isakmpd[13493]: timer_add_event: event exchange_free_aux(0x7ed17a00) added last, expiration in 120s Jul 12 06:31:53 mz1000wa isakmpd[13493]: exchange_setup_p1: 0x7ed17a00 unnamed no policy policy responder phase 1 doi 0 exchange 5 step 0 Jul 12 06:31:53 mz1000wa isakmpd[13493]: exchange_setup_p1: icookie 6de5b4121e72cece rcookie 33e61848a188464b Jul 12 06:31:53 mz1000wa isakmpd[13493]: exchange_setup_p1: msgid Jul 12 06:31:53 mz1000wa isakmpd[13493]: isakmp_responder: got NOTIFY of type INVALID_COOKIE, ignoring Jul 12 06:31:53 mz1000wa isakmpd[13493]: exchange_finalize: 0x7ed17a00 unnamed no policy policy responder phase 1 doi 0 exchange 5 step 0 Jul 12
Half-bridged DSL modem...no joy?
Hello, I'm trying to set up a gateway / firewall at my home. I've set my modem into half bridge mode, and my ethernet card (url0) is able to get the address correctly if I use dhclient once the system has booted (more on that later). I've set /etc/resolv.conf to use the correct name servers that my ISP provides. So I'm guessing that leaves the question of setting the right gateway. Here's /etc/hostname.url0: dhcp NONE NONE NONE !/sbin/route add default -ifp url0 0.0.0.1 However, when my machine boots up, it can't get an address via DHCP! This is very strange; the modem is on and connected, so I know it has the address to give out. Obviously because I don't have an IP address, adding the default route fails too. The strange thing is though, that once the machine is booted, I can log in and do dhclient and it all works fine. I can even set the route, but I still can't connect to the internet. Is there something glaringly obviously that I'm doing wrong? I'm not sure what other information I should provide. I'll add my dmesg, though I'm not sure that it's necessary: OpenBSD 4.1 (GENERIC) #1435: Sat Mar 10 19:07:45 MST 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel Pentium III (GenuineIntel 686-class) 907 MHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE real mem = 251162624 (245276K) avail mem = 221499392 (216308K) using 3096 buffers containing 12681216 bytes (12384K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+ BIOS, date 02/25/02, BIOS32 rev. 0 @ 0xfaf93, SMBIOS rev. 2.3 @ 0xec000 (46 entries) bios0: TOSHIBA DynaBook T4/410PME apm0 at bios0: Power Management spec V1.2 apm0: battery life expectancy 100% apm0: AC on, battery charge high, estimated 3:03 hours apm0: flags 20102 dobusy 0 doidle 1 pcibios0 at bios0: rev 2.1 @ 0xf/0x1 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf0200/144 (7 entries) pcibios0: PCI Interrupt Router at 000:07:0 (Acer Labs M1533 ISA rev 0x00) pcibios0: PCI bus #4 is the last bus bios0: ROM list: 0xc/0xc000 0xe/0x1! acpi at mainbus0 not configured cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 Acer Labs M1644 PCI rev 0x01 ppb0 at pci0 dev 1 function 0 Acer Labs M5247 AGP/PCI-PC rev 0x00 pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 Trident CyberBlade XP/Ai1 rev 0x82 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) ohci0 at pci0 dev 2 function 0 Acer Labs M5237 USB rev 0x03: irq 11, version 1.0, legacy support usb0 at ohci0: USB revision 1.0 uhub0 at usb0 uhub0: Acer Labs OHCI root hub, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered pciide0 at pci0 dev 4 function 0 Acer Labs M5229 UDMA IDE rev 0xc3: DMA, channel 0 wired to compatibility, channel 1 wired to compatibility wd0 at pciide0 channel 0 drive 0: TOSHIBA MK4018GAS wd0: 16-sector PIO, LBA, 38154MB, 78140160 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 4 atapiscsi0 at pciide0 channel 1 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: MATSHITA, UJDA720 DVD/CDRW, 1.00 SCSI0 5/cdrom removable cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2 autri0 at pci0 dev 6 function 0 Acer Labs M5451 Audio rev 0x01: irq 11 ac97: codec id 0x414b4d02 (Asahi Kasei AK4543) ac97: codec features headphone, 18 bit DAC, 18 bit ADC, AKM 3D audio0 at autri0 midi0 at autri0: 4DWAVE MIDI UART pcib0 at pci0 dev 7 function 0 Acer Labs M1533 ISA rev 0x00 alipm0 at pci0 dev 8 function 0 Acer Labs M7101 Power rev 0x00: 74KHz clock iic0 at alipm0 admtemp0 at iic0 addr 0x4c: adm1032 fxp0 at pci0 dev 10 function 0 Intel 8255x rev 0x0d, i82550: irq 11, address 00:00:39:8c:91:ed inphy0 at fxp0 phy 1: i82555 10/100 PHY, rev. 4 TI TSB43AB22 FireWire rev 0x00 at pci0 dev 12 function 0 not configured cbb0 at pci0 dev 17 function 0 Toshiba ToPIC100 CardBus rev 0x32: irq 11 cbb1 at pci0 dev 17 function 1 Toshiba ToPIC100 CardBus rev 0x32: irq 11 isa0 at pcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pms0 at pckbc0 (aux slot) pckbc0: using irq 12 for aux slot wsmouse0 at pms0 mux 0 pcppi0 at isa0 port 0x61 midi1 at pcppi0: PC speaker spkr0 at pcppi0 lpt0 at isa0 port 0x378/4 irq 7 npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec cardslot0 at cbb0 slot 0 flags 0 cardbus0 at cardslot0: bus 3 device 0 cacheline 0x0, lattimer 0x0 pcmcia0 at cardslot0 cardslot1 at cbb1 slot 1 flags 0 cardbus1 at cardslot1: bus 4 device 0 cacheline 0x0, lattimer 0x0 pcmcia1 at cardslot1 biomask ef6d netmask ef6d ttymask ffef pctr: 686-class user-level performance counters enabled mtrr: Pentium Pro MTRR support url0 at uhub0 port 2 url0:
Re: Half-bridged DSL modem...no joy?
On Thursday 12 July 2007 16:49:27 Timothy Wilson wrote: internet. Is there something glaringly obviously that I'm doing wrong? I don't know, but this is what I use with my half-bridge modem. # /etc/hostname.if0 inet XXX.XXX.XXX.XXX 255.255.255.255 NONE !route add -host 192.168.0.2 -netmask 255.255.255.0 \ -interface XXX.XXX.XXX.XXX -cloning # /etc/mygate 192.168.0.2 Where XXX.XXX.XXX.XXX is the WAN address and 192.168.0.2 the internal IP address of the modem. Of course for this scenario, I use a static IP but it shouldn't be difficult to adapt it for dhcp. -- Antoine
Re: Half-bridged DSL modem...no joy?
On 2007/07/13 00:49, Timothy Wilson wrote: !/sbin/route add default -ifp url0 0.0.0.1 I don't think 0.0.0.1 is relevant here, it's normally used with pppoe(4). dhclient should set the default route. I'm not sure what other information I should provide. let's see what tricks this particular router is playing with 'half bridge'... (full bridge and pppoe is usually easier when your ISP supports it): run this and fire off a dhclient # tcpdump -vvniurl0 -os2000 port bootps or port bootpc I'll add my dmesg, though I'm not sure that it's necessary: Saves manually typing info about which kernel version, architecture and other stuff, then missing out something pertinent, then someone having to ask for clarification.
FAQ/PF Guide PDF links out of date?
I think I may have found a glitch in the OpenBSD website - The FAQ and the PF User's guide are provided as PDF's, which is very handy for those of us who like to print them out to hand to people as part of their site documentation. Quickly out of date I know, but some of our customers like paper. However, having printed out the PDF found at ftp://ftp.openbsd.org/pub/OpenBSD/doc/obsd-faq.pdf which is the one linked from http://www.openbsd.org/faq/index.html I found that the footer stated it was last re-generated on 02/12/06. More fool me for printing it without checking first. A spot of digging revealed that the copy on the mirrors, for example http://spargel.kd85.com/ftp/pub/OpenBSD/doc/obsd-faq.pdf was last updated on 02/05/07, which is far more like what I woulde have expected. In summary, am I being dumb or is something out of sync? -- Richard 'Dave' Wilson Systems Administrator Senokian Solutions Ltd. Business Innovation Centre, Binley Business Park, Coventry, United Kingdom CV3 2TX T: +44 (0)24 76 233 400 DDI: +44 (0)24 76 233 416 F: +44 (0)24 76 233 401
Re: X with XGI Volari Z7
On 2007-07-12, Matthieu Herrb [EMAIL PROTECTED] wrote: On 7/11/07, Alexey Vatchenko [EMAIL PROTECTED] wrote: Hi! I have motherboard Tyan n3400B with XGI Volari Z7 video card: vga1 at pci1 dev 10 function 0 XGI Technology Volari Z7 rev 0x00 Have anyone successfully run X with more than 8bpp (and more than 320x200)? The sis X.Org driver should work for this chipset. That's it! Thanks! -- Alexey Vatchenko http://www.bsdua.org E-mail: [EMAIL PROTECTED] JID: [EMAIL PROTECTED]
Re: Half-bridged DSL modem...no joy?
Thanks Antoine and Stuart for your replies. On 13/07/07, Stuart Henderson [EMAIL PROTECTED] wrote: let's see what tricks this particular router is playing with 'half bridge'... (full bridge and pppoe is usually easier when your ISP supports it): run this and fire off a dhclient # tcpdump -vvniurl0 -os2000 port bootps or port bootpc The problem is that I can't run tcpdump on boot, before the dhcp allocation fails. Once the machine has booted, it can get dhcp fine :( I tried removed the /etc/mygate file because I thought that could interfere, but that made no difference either :( No matter who I try to ping (well, just my ISPs name servers; www.google.com obviously fails) it always comes back with sendto: No route to host. I can't even traceroute!! Maybe the modem's half bridging is broken, and I need to use full bridged mode. Is that what is normally suggested? I can't find any resources for half bridging PF gateways (or iptables for that matter). Or is dhclient not working properly? I'm using some slightly stranger hardware - it's a usb network thing. Could that make a difference?
ipsec vpn with os x clients
I have an OpenBSD 4.1 (OpenBSD snip 4.1 GENERIC#1435 i386) acting
as a PPPoE NAT router firewall to my ISP. I'd like to replace my OS
X 10.4 Server IPSEC VPN with the OpenBSD system. My road warrior
clients are all OS X 10.4.10. I read that 10.4 supports AES
encryption but advertises 3DES by default. I'm happy to use 3DES for
now, as isakmpd reported proposal errors when i configured for AES.
Much of the (excellent) IPsec documentation refers either to site-to-
site configuration and not road warrior clients or is outdated and
refers to isakmpd.conf
# cat ipsec.conf
ike dynamic from any to any \
main auth hmac-sha1 enc 3des group modp1024 \
quick auth hmac-sha1 enc 3des psk TheSecret
I start isakmpd with 'isakmpd -K4dv'
I load ipsec.conf with 'ipsecctl -f /etc/ipsec.conf'
I then monitor key exchanges with 'ipsecctl -m'
Once i load ipsec.conf I get the following from isakmpd, repeating
every 25secs or so:
171653.48 Default udp_create: no address configured for peer-
default
171653.422357 Default exchange_establish: transport udp for peer
peer-default could not be created
I'm testing this entirely from my internal subnet. PF is configured
to 'pass quick on { $int_if enc0 }'
My OS X VPN client setup includes the OpenBSD server's IP, my OpenBSD
username and password, and the PSK. I click Connect.
isakmpd reports:
172358.016652 Default isakmpd: phase 1 done: initiator id ac1e0114:
172.30.1.20, responder id OpenBSD FQDN, src: 172.30.1.1 dst:
172.30.1.20
172430.679924 Default message_recv: invalid cookie(s)
bacca5c8db12e3b9 78c4c4508b02cbe4
172430.680286 Default dropped message from 172.30.1.20 port 500 due
to notification type INVALID_COOKIE
172430.680826 Default message_recv: invalid cookie(s)
bacca5c8db12e3b9 a162b17df4ce9921
172430.681041 Default dropped message from 172.30.1.20 port 500 due
to notification type INVALID_COOKIE
The INVALID_COOKIE messages repeat until the Mac gives up or I
cancel. Then I get:
172450.699914 Default transport_send_messages: giving up on exchange
IPsec-0.0.0.0/0-0.0.0.0/0, no response from peer 172.30.1.20:500
172450.700387 Default transport_send_messages: giving up on exchange
IPsec-::/0-::/0, no response from peer 172.30.1.20:500
ipsecctl -m reports this:
sadb_getspi: satype esp vers 2 len 10 seq 1 pid 15108
address_src: 172.30.1.20
address_dst: 172.30.1.1
spirange: min 0x0100 max 0x
sadb_getspi: satype esp vers 2 len 10 seq 1 pid 15108
sa: spi 0x272f2a24 auth none enc none
state mature replay 0 flags 0
address_src: 172.30.1.20
address_dst: 172.30.1.1
sadb_getspi: satype esp vers 2 len 10 seq 2 pid 15108
address_src: 172.30.1.20
address_dst: 172.30.1.1
spirange: min 0x0100 max 0x
sadb_getspi: satype esp vers 2 len 10 seq 2 pid 15108
sa: spi 0xee7e7297 auth none enc none
state mature replay 0 flags 0
address_src: 172.30.1.20
address_dst: 172.30.1.1
Does anybody have any documentation on using Mac clients with IPSEC?
I sincerely appreciate any assistance and am willing to provide any
additional requested information. Thank you.
runaway httpd processes with mod_auth_bsd
I have this situation where a httpd process will try to use 100% of my cpu after a fastcgi or normal cgi script has finished doing its thing -- POST will modified server state and GET will give me the page but the browser keeps loading and the controlling httpd's cpu usage goes right up. This is repeated on either the next request or with a few successful requests in between and then I have two httpds sitting on around 50% and a another browser request still active. Once I get to about 4 or so httpds fighting away the site gets sluggish... I'm not sure what the pattern is, it can take a while to trigger the first run away process but then it seems likely that the next one will go soon. The problem appears to be with mod_auth_bsd (see backtrace below) I didn't notice this problem on 4.0-release. I'm running 4.1-release i386 in VMware Server 1.0.2 under Debian 4.0 amd64 httpd with -u -DSSL Packages: mod_auth_bsd-0.8.2 mod_fastcgi-2.4.2 python-2.4.4p1 Non ports: flup 0.5 + patch (fcgi_base.py to r2348) web.py 0.21 This is the backtrace from one of the run away processes, it is trying to read from the auth_socket variable in auth_child_userokay() in /usr/ports/www/mod_auth_bsd/w-mod_auth_bsd-0.8.2/bsdauth-0.8.2/authd.c (gdb) bt #0 0x00a85a49 in read () from /usr/lib/libc.so.40.3 #1 0x0822d6ae in auth_child_userokay () from /usr/lib/apache/modules/mod_auth_bsd.so #2 0x0822fa72 in authenticate () from /usr/lib/apache/modules/mod_auth_bsd.so #3 0x1c0358a9 in ap_cleanup_method_ptrs () #4 0x1c035996 in ap_check_user_id () #5 0x1c04637f in ap_some_auth_required () #6 0x1c0464bf in ap_process_request () #7 0x in ?? () This my httpd error_log since the last restart (lots of lines sorry): [Fri Jul 13 15:41:49 2007] [error] (2)No such file or directory: FastCGI: access for server (uid 32767, gid 32766) failed: read not allowed [Fri Jul 13 15:41:49 2007] [error] (2)No such file or directory: FastCGI: can't create dynamic directory /var/www/logs/fastcgi/dynamic: access for server (uid 32767, gid 32766) failed: read not allowed [Fri Jul 13 15:41:49 2007] [notice] [AuthBSD] Preparing auth daemon [Fri Jul 13 15:41:49 2007] [notice] [AuthBSD] Forking auth daemon [Fri Jul 13 15:41:49 2007] [error] (2)No such file or directory: FastCGI: access for server (uid 32767, gid 32766) failed: read not allowed [Fri Jul 13 15:41:49 2007] [error] (2)No such file or directory: FastCGI: can't create dynamic directory /var/www/logs/fastcgi/dynamic: access for server (uid 32767, gid 32766) failed: read not allowed [Fri Jul 13 15:41:49 2007] [notice] [AuthBSD] Auth daemon running with pid 2692 [Fri Jul 13 15:41:49 2007] [notice] [AuthBSD] Auth daemon changed user/group to www/auth [Fri Jul 13 15:41:49 2007] [notice] FastCGI: process manager initialized (pid 10504) [Fri Jul 13 15:41:49 2007] [warn] FastCGI: server /var/www/cgi-bin/pharmac.py started (pid 10775) [Fri Jul 13 15:41:50 2007] [notice] Initializing etag from /var/www/logs/etag-state [Fri Jul 13 15:41:50 2007] [notice] Apache/1.3.29 (Unix) mod_fastcgi/2.4.2 mod_ssl/2.8.16 OpenSSL/0.9.7j configured -- resuming normal operations [Fri Jul 13 15:41:50 2007] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Fri Jul 13 15:41:50 2007] [notice] Accept mutex: sysvsem (Default: sysvsem) [Fri Jul 13 15:41:50 2007] [debug] authd.c(0): [AuthBSD] Peer read 64 bytes from auth daemon [Fri Jul 13 15:41:50 2007] [debug] authd.c(0): [AuthBSD] Peer received auth socket and shared secret [Fri Jul 13 15:41:50 2007] [debug] authd.c(0): [AuthBSD] Peer read 64 bytes from auth daemon [Fri Jul 13 15:41:50 2007] [debug] authd.c(0): [AuthBSD] Peer received auth socket and shared secret [Fri Jul 13 15:41:50 2007] [debug] authd.c(0): [AuthBSD] Peer read 64 bytes from auth daemon [Fri Jul 13 15:41:50 2007] [debug] authd.c(0): [AuthBSD] Peer received auth socket and shared secret [Fri Jul 13 15:41:50 2007] [debug] authd.c(0): [AuthBSD] Peer read 64 bytes from auth daemon [Fri Jul 13 15:41:50 2007] [debug] authd.c(0): [AuthBSD] Peer received auth socket and shared secret [Fri Jul 13 15:41:50 2007] [warn] FastCGI: server /var/www/cgi-bin/pharmac.py started (pid 25035) [Fri Jul 13 15:41:50 2007] [debug] authd.c(0): [AuthBSD] Peer read 64 bytes from auth daemon [Fri Jul 13 15:41:50 2007] [debug] authd.c(0): [AuthBSD] Peer received auth socket and shared secret [Fri Jul 13 15:41:50 2007] [debug] authd.c(0): [AuthBSD] Peer read 64 bytes from auth daemon [Fri Jul 13 15:41:50 2007] [debug] authd.c(0): [AuthBSD] Peer received auth socket and shared secret [Fri Jul 13 15:41:50 2007] [debug] authd.c(0): [AuthBSD] Peer read 64 bytes from auth daemon [Fri Jul 13 15:41:50 2007] [debug] authd.c(0): [AuthBSD] Peer received auth socket and shared secret [Fri Jul 13 15:41:50 2007] [debug] authd.c(0): [AuthBSD] Peer read 64 bytes from auth daemon [Fri Jul 13 15:41:50 2007] [debug] authd.c(0): [AuthBSD] Peer received auth socket and shared secret [Fri Jul 13 15:41:50 2007] [debug]
mysql problem
I am having a very strange problem on a 3.9 , suddenly i can't access any table on the databases. I have around 100 databases on this server and can't access not even one. This is a production server and i am in an urge to solve it, if anyone can help i would appreciate it: # mysql mysql -p Enter password: Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 303342 to server version: 5.0.18 Type 'help;' or '\h' for help. Type '\c' to clear the buffer. mysql show tables; ERROR 1018 (HY000): Can't read dir of './mysql/' (errno: 9) mysql I have backups of all databases, including mysql database which i think is the one broken , how can i restore it ? Thanks for your help
