Re: Does this look like SSP to you? (Vista)

[Tomas Bodzar]

Eheh,nice PR story - Use Java and .NET and you will be safe :-)



Just reaction on part of topic,not whole.



-Original Message-

From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sunnz

Sent: Thursday, August 14, 2008 3:49 AM

To: misc  OpenBSD Misc

Subject: Does this look like SSP to you? (Vista)



Hi,



I am just curious, have Vista implemented something similar to Stack-Smashing 
Protector as in OpenBSD's GCC?



http://arstechnica.com/news.ars/post/20080811-the-sky-isnt-falling-a-look-at-a-new-vista-security-bypass.html



I don't really know that much, so I am just asking here... if those things can 
be bypassed, would a same type of attack be threatening to OpenBSD systems?



Regards,

Sunnz.



--

This e-mail may be confidential. You may not copy, forward, distribute, or, use 
any part of it. Note, this text has no effective legal binding on your part, 
there is no obligation to abide any or all parts of this. Treat it with the 
same level of care as any other pretending-to-be-law-speaking-but-not-really 
texts attached to e-mail messages you normally find on any other e-mails. For 
more information about disclaimers, please see:

http://www.goldmark.org/jeff/stupid-disclaimers/

Re: Does this look like SSP to you? (Vista)

[Otto Moerbeek]

On Thu, Aug 14, 2008 at 11:48:49AM +1000, Sunnz wrote:

 Hi,
 
 I am just curious, have Vista implemented something similar to
 Stack-Smashing Protector as in OpenBSD's GCC?
 
 http://arstechnica.com/news.ars/post/20080811-the-sky-isnt-falling-a-look-at-a-new-vista-security-bypass.html
 
 I don't really know that much, so I am just asking here... if those
 things can be bypassed, would a same type of attack be threatening to
 OpenBSD systems?

Yes, stack protection can be circumvented in particular cases. But in
general it is pretty good at catching the accidental overwrite and
thus preventing the potential following attack.

ProPolice, like some many techniques does not provide 100% safety. If
that was the case, why would we bother doing all we do? We could have
stopped after finishing ProPolice and have some rest.

-Otto

Re: Does this look like SSP to you? (Vista)

[Damien Miller]

On Thu, 14 Aug 2008, Sunnz wrote:

 Hi,
 
 I am just curious, have Vista implemented something similar to
 Stack-Smashing Protector as in OpenBSD's GCC?
 
 http://arstechnica.com/news.ars/post/20080811-the-sky-isnt-falling-a-look-at-a-new-vista-security-bypass.html
 
 I don't really know that much, so I am just asking here... if those
 things can be bypassed, would a same type of attack be threatening to
 OpenBSD systems?

The actual paper is here and it is very good - well
worth reading for anyone interested in this stuff:
http://taossa.com/archive/bh08sotirovdowd.pdf

The described stack protection is quite Propolice-like and I think that
a similar attack would work on OpenBSD: corrupt a value in the stack,
use it to gain control in the executing function and its antecedents but
never return as that would activate the stack canary checks.

For this to work, an attacker would need to find 1) a function with a
stack-based overflow that 2) has a stack-allocated variable that is
amenable to their purpose. I'm sure these exist, but I have no idea how
common they are. Note that the attacks in the paper make use of the
stack layout used by C++ method calls which makes things quite a bit for
the attacker.

The thing that struck me most from the paper was how close Microsoft has
come to implementing a good set of protections and how they have managed
to screw them up by failing to turn them on everywhere. What use if DEP
or DLL load address randomisation if it isn't turned on everywhere? What
is the point of those (really good) heap consistency checks if you don't
abort() when they fail?

-d

Re: Siliconmotion driver in 4.4 Beta

[Mohamed Hussein Sayed]

Hi,

I apologize for the delayed response. I had to work out some other 
migration issues.
I tried your patch and it worked. Thanks for your help there. The side 
effect of the virtual consoles getting killed persist but X starts 
successfully. I was also able to xdm_flags= rc.conf and things came up 
properly.
The one issue that I see now is that the mouse pointer has sort of 2 
trailing pointers. I will try to take a snapshot later.


Thanks again for your time.

Regards
Mohamed


Matthieu Herrb wrote:

Mohamed Hussein Sayed wrote:

Hi,

I installed snapshot(08/06) on my thinkpad 240x.When I tried to start 
X, the lcd flickered and then went black. I was not able to switch 
consoles and the only thing to do would be ssh to the machine and 
reboot or powercycle it. This apparently has been a known problem for 
a few years?and I read reports It was broken in X 4.2.0 release.
Is anyone working on this (Todd?). Can I help?How?I was thinking to 
forward port 4.1.0 siliconmotion code, would that be a recommended 
approach?




Can you try this patch that updates to the latest X.Org version?
ftp://ftp.laas.fr/pub/ii/matthieu/OpenBSD/xf86-video-siliconmotion-1.6.0.diff.gz 



To apply:

cd /usr/xenocara/driver/xf86-video-siliconmotion
zcat /path/to/xf86-video-siliconmotion-1.6.0.diff.gz | patch -p0
make -f Makefile.bsd-wrapper obj
make -f Makefile.bsd-wrapper build

and try to start X

I don't have hardware to test this. Reports from other users with SMI 
cards are welcome too.

Re: Installation OpenBsd under HP DL120 - dmesg

[Christophe Rioux]

OpenBSD 4.3 (RAMDISK_CD) #645: Wed Mar 12 11:31:03 MDT 2008
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/RAMDISK_CD
cpu0: Intel(R) Celeron(R) CPU 420 @ 1.60GHz (GenuineIntel 686-class) 1.61
GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLU
SH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,TM,SBF,SSE3,MWAIT,DS-CPL,TM2,CX16,xTPR
real mem  = 534974464 (510MB)
avail mem = 511098880 (487MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 12/31/99, BIOS32 rev. 0 @ 0xfdc20,
SMBIOS rev. 2.5 @ 0xdc010 (43 entries)
bios0: vendor HP version O22 date 07/03/2008
bios0: HP ProLiant DL120 G5
acpi0 at bios0: rev 2, can't enable ACPI
bios0: ROM list: 0xc/0x8000 0xc8000/0x1000 0xc9000/0x5000 0xce000/0x1a00
0xdc000/0x4000!
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 vendor Intel, unknown product 0x29f0 rev
0x01
ppb0 at pci0 dev 1 function 0 vendor Intel, unknown product 0x29f1 rev
0x01: irq 5
pci1 at ppb0 bus 1
uhci0 at pci0 dev 26 function 0 Intel 82801I USB rev 0x02: irq 5
uhci1 at pci0 dev 26 function 1 Intel 82801I USB rev 0x02: irq 10
uhci2 at pci0 dev 26 function 2 Intel 82801I USB rev 0x02: irq 3
ehci0 at pci0 dev 26 function 7 Intel 82801I USB rev 0x02: irq 3
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1
ppb1 at pci0 dev 28 function 0 Intel 82801I PCIE rev 0x02: irq 5
pci2 at ppb1 bus 5
ppb2 at pci0 dev 28 function 4 Intel 82801I PCIE rev 0x02: irq 5
pci3 at ppb2 bus 13
vga1 at pci3 dev 0 function 0 Matrox MGA G200e (ServerEngines) rev 0x02
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
ppb3 at pci0 dev 28 function 5 Intel 82801I PCIE rev 0x02: irq 10
pci4 at ppb3 bus 14
bge0 at pci4 dev 0 function 0 Broadcom BCM5722 rev 0x00, BCM5755 C0
(0xa200): irq 10, address 00:1f:29:0e:48:e4
brgphy0 at bge0 phy 1: BCM5722 10/100/1000baseT PHY, rev. 0
uhci3 at pci0 dev 29 function 0 Intel 82801I USB rev 0x02: irq 5
uhci4 at pci0 dev 29 function 1 Intel 82801I USB rev 0x02: irq 10
uhci5 at pci0 dev 29 function 2 Intel 82801I USB rev 0x02: irq 3
ehci1 at pci0 dev 29 function 7 Intel 82801I USB rev 0x02: irq 5
usb1 at ehci1: USB revision 2.0
uhub1 at usb1 Intel EHCI root hub rev 2.00/1.00 addr 1
ppb4 at pci0 dev 30 function 0 Intel 82801BA Hub-to-PCI rev 0x92
pci5 at ppb4 bus 17
ichpcib0 at pci0 dev 31 function 0 Intel 82801IR LPC rev 0x02: PM disabled
pciide0 at pci0 dev 31 function 2 Intel 82801H RAID rev 0x02: DMA, channel
0 wired to native-PCI, channel 1 wired to native-PCI
pciide0: using irq 10 for native-PCI interrupt
Intel 82801I SMBus rev 0x02 at pci0 dev 31 function 3 not configured
pciide1 at pci0 dev 31 function 5 Intel 82801I SATA rev 0x02: DMA, channel
0 wired to native-PCI, channel 1 wired to native-PCI
pciide1: using irq 3 for native-PCI interrupt
atapiscsi0 at pciide1 channel 0 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0: TEAC, DV-28E-V, C.AB SCSI0 5/cdrom removable
cd0(pciide1:0:0): using PIO mode 4, Ultra-DMA mode 2
usb2 at uhci0: USB revision 1.0
uhub2 at usb2 Intel UHCI root hub rev 1.00/1.00 addr 1
usb3 at uhci1: USB revision 1.0
uhub3 at usb3 Intel UHCI root hub rev 1.00/1.00 addr 1
usb4 at uhci2: USB revision 1.0
uhub4 at usb4 Intel UHCI root hub rev 1.00/1.00 addr 1
usb5 at uhci3: USB revision 1.0
uhub5 at usb5 Intel UHCI root hub rev 1.00/1.00 addr 1
usb6 at uhci4: USB revision 1.0
uhub6 at usb6 Intel UHCI root hub rev 1.00/1.00 addr 1
usb7 at uhci5: USB revision 1.0
uhub7 at usb7 Intel UHCI root hub rev 1.00/1.00 addr 1
isa0 at ichpcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
biomask ffed netmask ffed ttymask ffef
rd0: fixed, 3800 blocks
uhidev0 at uhub5 port 2 configuration 1 interface 0 ServerEngines SE USB
Device rev 1.10/0.01 addr 2
uhidev0: iclass 3/1
ukbd0 at uhidev0
wskbd1 at ukbd0 mux 1
wskbd1: connecting to wsdisplay0
uhidev1 at uhub5 port 2 configuration 1 interface 1 ServerEngines SE USB
Device rev 1.10/0.01 addr 2
uhidev1: iclass 3/1
uhid at uhidev1 not configured
root on rd0a swap on rd0b dump on rd0b
umass0 at uhub0 port 3 configuration 1 interface 0 Kingston DataTraveler
2.0 rev 2.00/1.10 addr 2
umass0: using SCSI over Bulk-Only
scsibus1 at umass0: 2 targets
sd0 at scsibus1 targ 1 lun 0: Kingston, DataTraveler 2.0, PMAP SCSI0
0/direct removable
sd0: 954MB, 121 cyl, 255 head, 63 sec, 512 bytes/sec, 1953792 sec total

-Message d'origine-
De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] De la part de
Stuart Henderson
Envoyi : mercredi 13 ao{t 2008 10:35
@ : misc@openbsd.org
Objet : Re: Installation OpenBsd under HP DL120

On 2008-08-13, Christophe Rioux [EMAIL PROTECTED] wrote:
 I just try to install OpenBSD on a HP DL120 Server (big PC in Rack form).
 But I have the following 

Re: [OOT] Can't browse http://www.xs4all.nl/~wpd/symon/ and http://www.benzedrine.cx/pfstat.html

[Insan Praja SW]

On Thu, 14 Aug 2008 09:38:52 +0700, Steve Shockley  
[EMAIL PROTECTED] wrote:



Insan Praja SW wrote:

(20x.x0.1x4.0/23).


Obfuscation doesn't help much when your IP address is in the headers...


Shame on me :P

--
insandotpraja(at)gmaildotcom

PPPoE - Connection reset by peer

[Dongsheng Song]

I have a adsl used by windows, it's fine. When I used in OpenBSD:

# cat /etc/ppp/ppp.conf
default:
 set log Phase Chat LCP IPCP CCP tun debug command
 set redial 15+5 0
 set reconnect 30 1

pppoe:
 set device !/usr/sbin/pppoe -i bge0
 set mtu max 1492
 set mru max 1492
 set speed sync
 set dial
 set login
 enable dns
 disable acfcomp protocomp
 deny acfcomp
 enable lqr
 enable mssfixup
 set authname [EMAIL PROTECTED]
 set authkey yyy

# ppp -ddial pppoe

# Aug 14 16:44:28 proxy ppp[23798]: Phase: Using interface: tun1
Aug 14 16:44:28 proxy ppp[23798]: Phase: deflink: Created in closed state
Aug 14 16:44:28 proxy ppp[23798]: tun1: Command: default: set redial 15+5 0
Aug 14 16:44:28 proxy ppp[23798]: tun1: Command: default: set reconnect 30 1
Aug 14 16:44:28 proxy ppp[23798]: tun1: Command: pppoe: set device
!/usr/sbin/pppoe -i bge0
Aug 14 16:44:28 proxy ppp[23798]: tun1: Command: pppoe: set mtu max 1492
Aug 14 16:44:28 proxy ppp[23798]: tun1: Command: pppoe: set mru max 1492
Aug 14 16:44:28 proxy ppp[23798]: tun1: Command: pppoe: set speed sync
Aug 14 16:44:28 proxy ppp[23798]: tun1: Command: pppoe: set dial
Aug 14 16:44:28 proxy ppp[23798]: tun1: Command: pppoe: set login
Aug 14 16:44:28 proxy ppp[23798]: tun1: Command: pppoe: enable dns
Aug 14 16:44:28 proxy ppp[23798]: tun1: Command: pppoe: disable
acfcomp protocomp
Aug 14 16:44:28 proxy ppp[23798]: tun1: Command: pppoe: deny acfcomp
Aug 14 16:44:28 proxy ppp[23798]: tun1: Command: pppoe: enable lqr
Aug 14 16:44:28 proxy ppp[23798]: tun1: Command: pppoe: enable mssfixup
Aug 14 16:44:28 proxy ppp[23798]: tun1: Command: pppoe: set authname
[EMAIL PROTECTED]
Aug 14 16:44:28 proxy ppp[23798]: tun1: Command: pppoe: set authkey 
Aug 14 16:44:28 proxy ppp[23119]: tun1: Phase: PPP Started (ddial mode).
Aug 14 16:44:28 proxy ppp[23119]: tun1: Phase: bundle: Establish
Aug 14 16:44:28 proxy ppp[23119]: tun1: Phase: deflink: closed - opening
Aug 14 16:44:28 proxy ppp[23119]: tun1: Phase: deflink: Connected!
Aug 14 16:44:28 proxy ppp[23119]: tun1: Phase: deflink: opening - dial
Aug 14 16:44:28 proxy ppp[23119]: tun1: Phase: deflink: dial - carrier
Aug 14 16:44:28 proxy ppp[23119]: tun1: Phase: deflink: carrier - login
Aug 14 16:44:28 proxy ppp[23119]: tun1: Phase: deflink: login - lcp
Aug 14 16:44:28 proxy ppp[23119]: tun1: LCP: FSM: Using deflink as a transport
Aug 14 16:44:28 proxy ppp[23119]: tun1: LCP: deflink: State change
Initial -- Closed
Aug 14 16:44:28 proxy ppp[23119]: tun1: LCP: deflink: State change
Closed -- Stopped
Aug 14 16:44:28 proxy ppp[23119]: tun1: Phase: deflink: read (0):
Connection reset by peer
Aug 14 16:44:28 proxy ppp[23119]: tun1: LCP: deflink: State change
Stopped -- Closed
Aug 14 16:44:28 proxy ppp[23119]: tun1: LCP: deflink: State change
Closed -- Initial
Aug 14 16:44:28 proxy ppp[23119]: tun1: Phase: deflink: Disconnected!
Aug 14 16:44:28 proxy ppp[23119]: tun1: Phase: deflink: lcp - logout
Aug 14 16:44:28 proxy ppp[23119]: tun1: Phase: deflink: logout - hangup
Aug 14 16:44:28 proxy ppp[23119]: tun1: Phase: deflink: Disconnected!
Aug 14 16:44:28 proxy ppp[23119]: tun1: Phase: deflink: Connect time:
0 secs: 45 octets in, 0 octets out
Aug 14 16:44:28 proxy ppp[23119]: tun1: Phase: deflink: 4 packets in,
0 packets out
Aug 14 16:44:28 proxy ppp[23119]: tun1: Phase:  total 45 bytes/sec,
peak 0 bytes/sec on Thu Aug 14 16:44:28 2008
Aug 14 16:44:28 proxy ppp[23119]: tun1: Phase: deflink: HUPing 28945
Aug 14 16:44:28 proxy ppp[23119]: tun1: Phase: deflink: hangup - opening
Aug 14 16:44:28 proxy ppp[23119]: tun1: Phase: deflink: Enter pause
(30) for redialing.
Aug 14 16:44:28 proxy ppp[23119]: tun1: Chat: deflink: Reconnect try 1 of 1

What's wrong? Thanks for some help.

Dongsheng Song

Re: PPPoE - Connection reset by peer

[Antti Harri]

Hi,

I don't know what's solution to your problem but I recommend
you take a look at the kernel pppoe driver: pppoe(4). It's
very simple to configure and works as good as pppoe can
work.

--
Antti Harri

Re: : BIND workaround for older versions?

[Raimo Niskanen]

On Fri, Jul 25, 2008 at 07:36:43AM +0200, Guido Tschakert wrote:
 Stuart Henderson schrieb:
  On 2008-07-24, Mike Shaw [EMAIL PROTECTED] wrote:
  Regarding the cache poisoning patch (which I see for 4.3).  Are there
  any effective workarounds for OpenBSD 4.0/4.1?
  
  The 4.2 patch should also work for 4.1
  
  
 I can confirm that the 4.2 patch works with 4.1 (at least for me).

+1

 
 
 guido

-- 

/ Raimo Niskanen, Erlang/OTP, Ericsson AB

Re: uaudio+umidi recommendation

[Alexandre Ratchov]

On Tue, Aug 12, 2008 at 01:55:18AM +0300, Alexey Suslikov wrote:
 Hello [EMAIL PROTECTED]
 
 Can somebody recommend well-supported external (u)audio
 card with (u)midi controller?
 

i've never used such device, but will try to provide useful
information.

- by midi controller, you mean an interface to the standard MIDI
  UARTs with a 5-pin DIN ports, right?

- do you need the card to be external because it's easier to
  manipulate or you have other reasons?

  If you wan't the card to be trully external, the only option on
  openbsd is any class-compliant USB device. I've an m-audio
  mobilepre uaudio(4) device and an 2in/2out edirol um-2 umidi(4)
  interface; they are really nice. Note that if the card is poorly
  designed, the usb connection may introduce noise anyway.

  There are (internal) PCI cards with _external_ rackable breakout
  box (ex: m-audio delta 1010) which are very good. Properly
  designed PCI cards can have very good accuracy. There're also
  poorly designed cards having bad quality.

  There are also excellent bare PCI cards without breakout box. 
  They require good cables and must be properly plugged though.

- why do you need the audio(4) and midi(4) device to be on the same
  card? they are logically (and physically) independent.  IMO the
  only advantage of having them on the same card is to have fewer
  cables.

  in the USB case, i believe that it's better to have separate
  uaudio(4) and umidi(4) cards. It's to avoid cards with an USB hub
  and two separate devices inside.

-- Alexandre

Re: BIND workaround for older versions?

[Nick Holland]

Raimo Niskanen wrote:
 On Fri, Jul 25, 2008 at 07:36:43AM +0200, Guido Tschakert wrote:
 Stuart Henderson schrieb:
  On 2008-07-24, Mike Shaw [EMAIL PROTECTED] wrote:
  Regarding the cache poisoning patch (which I see for 4.3).  Are there
  any effective workarounds for OpenBSD 4.0/4.1?
  
  The 4.2 patch should also work for 4.1
  
  
 I can confirm that the 4.2 patch works with 4.1 (at least for me).
 
 +1

But...what if it didn't?

This is why you have to keep your systems up-to-date, and the
upgrade plans have to be part of your original implementation.

Years ago, I quit doing data recovery for my clients.  It
became clear that every time I hauled a client's data out of
the proverbial fire, rather than taking it as a lesson about
how important backups are, they took it as a lesson that
backups weren't that important, and Nick can get our data
back, and thus, got more careless rather than more careful.
My calculation was that they would lose less data if I let
them lose a little now (or pay through the nose and a few
other orifices to the big data recovery services) rather
than recover it now and NOT be able to recover it next time.

I fear that people finding out their old systems can be
salvaged by back-porting patches are just going to take
this as Well, upgrades aren't really that important.

Come on...DNS servers running OpenBSD?  That's one of the
easier upgrades you can do...it's all base!  (Unlike some
certain other OS where they bundle stuff in, claim they
support the OS for many years, but things like BIND don't
really count...  *sigh*).

KEEP YOUR BLOOMIN' SYSTEMS UP TO DATE!

Nick.

Re: console xterm

[Etienne Robillard]

On Wed, 13 Aug 2008 17:08:02 + (UTC)
[EMAIL PROTECTED] (Christian Weisgerber) wrote:

 Etienne Robillard [EMAIL PROTECTED] wrote:
 
  export TERM=cons25
 
 Bad.
 
  alias ls='colorls -FG'
  
  Sorry i confused freebsd console (cons25) with obsd console (vt220), but
  with cons25 and colorls the console looks pretty.. ;) 
 
 The proper terminal type would be TERM=wsvt25.  The colorls package
 description actually says as much.
 
 -- 
 Christian naddy Weisgerber  [EMAIL PROTECTED]
 

Yeah. Thanks for the clarification. Although setting the terminal type to
`cons25' seems like getting colored ls output, its breaking my keyboard mapping
apart.. :)

Regards,

-Etienne

Re: PPPoE - Connection reset by peer

[Olaf Schreck]

 Aug 14 16:44:28 proxy ppp[23119]: tun1: Phase: deflink: login - lcp
 Aug 14 16:44:28 proxy ppp[23119]: tun1: LCP: FSM: Using deflink as a 
 transport
[...]
 Aug 14 16:44:28 proxy ppp[23119]: tun1: Phase: deflink: read (0):
 Connection reset by peer
[...]
 Aug 14 16:44:28 proxy ppp[23119]: tun1: Phase: deflink: Disconnected!

Looks like the remote peer does not like LCP.  Try disable lcp.


ciao,
chakl

spamdb with '0' as pass

[Stephan A. Rickauer]

I have difficulties in understanding why a minority of IP's of a huge
set of WHITE entries of our spamdb do not have a 'pass' date set:

# spamdb | grep 128.1x8.50.xxx
WHITE|128.1x8.50.xxx|||1218625388|0|1221750240|1|1

spamdb(8) says: time the entry passed from being GREY to being WHITE.
Since it is WHITE, how can pass be 0?

Puzzled,
Stephan

Re: Using PF to NAT internal addresses over an IPSec link

[Jorge Valbuena]

I have the following configuration:


LAN_B--[openBSD+Pf+Nat+VPN]---(internet)---[OpenBSD+Pf+NAT+VPN]---[openBSD+Squid]---LAN_A



http://bsdsupport.org/ , setting up Ipsec over GRE on OpenBSD


I can ping a host from LAN_A to a host on LAN_B

I hope this can Help !





 Original-Nachricht 
 Datum: Wed, 13 Aug 2008 16:41:20 -0400
 Von: Toby Burress [EMAIL PROTECTED]
 An: misc@openbsd.org
 Betreff: Using PF to NAT internal addresses over an IPSec link

 I have an IPSec connection set up to an external site, over which
 I have no control and whose topololgy I know nothign about (i.e. I
 don't know what subnets they use, etc.)  Using ipsecctl, I have one
 flow set up, from my external IP A.B.C.D to an internal IP on their
 side, 172.25.0.1.
 
 I can ping 172.25.0.1 from the OpenBSD box, so IPSec is working fine.
 
 What I want to do is allow any machine from my internal networks
 to reach 172.25.0.1.
 
 What I would like to do is set up NAT, so that packets headed to
 the OpenBSD box from anywhere on my network get translated to
 A.B.C.D, which is then sent over the VPN connection.  Unfortunately
 it looks like PF only applies NAT transforms when packets leave
 interfaces, not when they enter them, so packets come into the
 OpenBSD box with their private IPs, get routed out the interface
 associated with the default route, and only then get rewritten.
 
 Is there a better way to do this?  I would like to be able to change
 which hosts on my side can go over the IPSec connection without
 having to coordinate with the other company, and without having to
 expose internal IP information.
 
 If you reply to the list please cc me as I am not subscribed.

-- 
Pt! Schon das coole Video vom GMX MultiMessenger gesehen?
Der Eine f|r Alle: http://www.gmx.net/de/go/messenger03

Re: PPPoE - Connection reset by peer

[Stuart Henderson]

On 2008-08-14, Olaf Schreck [EMAIL PROTECTED] wrote:
 Aug 14 16:44:28 proxy ppp[23119]: tun1: Phase: deflink: login - lcp
 Aug 14 16:44:28 proxy ppp[23119]: tun1: LCP: FSM: Using deflink as a 
 transport
 [...]
 Aug 14 16:44:28 proxy ppp[23119]: tun1: Phase: deflink: read (0):
 Connection reset by peer
 [...]
 Aug 14 16:44:28 proxy ppp[23119]: tun1: Phase: deflink: Disconnected!

 Looks like the remote peer does not like LCP.

I think this is unlikely.

Lack of LCP would be a bit of a problem if you were trying to
establish a PPP connection with them...

Re: Hardware recommendation for firewalls (more than 4 NICs)

[secucatcher]

 On Fri, Aug 8, 2008 at 3:08 PM, James Records [EMAIL PROTECTED]wrote:

  Grab a Watchguard Firebox X off of ebay, they have 6 interfaces, and you
  can get them pretty cheap, some of the bigger ones have more, onboard
  crypto, perfect for building openbsd firewalls... you can run off a CF...
 
  I'm putting together a project that uses openbsd on these boxes.  If you
  have any questions about running openbsd on them let me know:
 
  www.thewaffle.org

all the series works ?
the url doesn't work:The requested URL /alpha.html was not found on this server.

How to copy an entire directory to my home directory

[skogzort]

Hello,
Ibm trying to copy all the contents of /root/var/namedb from a remote
OpenBSD3.8 DNS server to my local PC. I am using WinSCP for file transfer. I
have found that I am unable to download some of the directories:

/root/var/named/etc
/root/var/named/log
/root/var/named/slave

I do not know OpenBSD or Unix but I can use Putty to login to the console as a
member of the wheel group then I can type su b to execute commands as root.

I was told that I should copy the etc, log, and slave directories to my local
user directory, then I would be allowed to download them using WinSCP.

I do not know the commands to copy a whole directory. Can anyone help? I want
to make sure that when the copies end up in my home directory, they no longer
have bwhatever restrictions are keeping me from downloading them from where
the originals are at now.

Thanks very much for any help

Re: How to copy an entire directory to my home directory

[Johan Beisser]

On Thu, Aug 14, 2008 at 11:14 AM, skogzort [EMAIL PROTECTED] wrote:
 Hello,
 Ib m trying to copy all the contents of /root/var/namedb  from a remote
 OpenBSD3.8 DNS server to my local PC. I am using WinSCP for file transfer. I
 have found that I am unable to download some of the directories:

 /root/var/named/etc
 /root/var/named/log
 /root/var/named/slave

 I do not know OpenBSD or Unix but I can use Putty to login to the console as a
 member of the wheel group then I can type su b  to execute commands as root.

Either log in as root and tarball the directory, or log in as root
through scp and pull it in.

 I was told that I should copy the etc, log, and slave directories to my local
 user directory, then I would be allowed to download them using WinSCP.

 I do not know the commands to copy a whole directory. Can anyone help? I want
 to make sure that when the copies end up in my home directory, they no longer
 have b whatever restrictions are keeping me from downloading them from where
 the originals are at now.

man cp(1)

Re: How to copy an entire directory to my home directory

[Pedro Martelletto]

On Thu, Aug 14, 2008 at 12:40:38PM -0700, Johan Beisser wrote:
 man cp(1)

You're all apparently missing out on a great tool called GHome Mover
(http://www.brookepeig.com/ghomemover/). I know the guy said he is
logging in from remote, but it is definitely worth the effort having X
installed on your server and tunneled through SSH just to use this
absolutely revolutionary tool!

-p.

Re: How to copy an entire directory to my home directory

[Johan Beisser]

On Thu, Aug 14, 2008 at 1:15 PM, Pedro Martelletto
[EMAIL PROTECTED] wrote:

 You're all apparently missing out on a great tool called GHome Mover
 (http://www.brookepeig.com/ghomemover/). I know the guy said he is
 logging in from remote, but it is definitely worth the effort having X
 installed on your server and tunneled through SSH just to use this
 absolutely revolutionary tool!

If you're going outside of base, just use rsync.

If you're staying in base, and not using X, abuse tar(1), and ssh(1) tunnels.

tar cf - ./* | ssh host tar xvf - -C /path/to/destination/dir

or

ssh host tar cf - /start/dir/ | tar xvf - -C /path/to/dest/dir

The latter may need some adjustment or other switches to remove the
patch from the starting directory.

Re: How to copy an entire directory to my home directory

[L. V. Lammert]

At 11:14 AM 8/14/2008 -0700, skogzort wrote:

Hello,
Ibm trying to copy all the contents of /root/var/namedb from a remote
OpenBSD3.8 DNS server to my local PC. I am using WinSCP for file transfer. I
have found that I am unable to download some of the directories:

/root/var/named/etc
/root/var/named/log
/root/var/named/slave

I do not know the commands to copy a whole directory. Can anyone help?


KISS:

$cd (makes sure you're in YOUR home directory)
$mkdir stuff
$su ..
(Make sure you're still in your directory stuff)
# cd /your home directory/stuff

mkdir etc
cp /root/var/named/etc/* etc

mkdir log
cp /root/var/named/log/* log

mkdir slave
cp /root/var/named/slave/* slave

cd ..
chown -R you *

That should leave you three directories under 'stuff' you can grab via winscp.

Lee

4.3 Bootloader waiting for keypress before loading kernel

[Ryan Smith]

Hi,

I am still new to the *BSD world, but hopefully I will include most of the
relevant
information regarding my issue.  If not, please forgive me. :)

I have just done a fresh install of OpenBSD 4.3 (i386, AthlonXP 1800+, so
not that old
of hardware) which is running properly with one exception:  the system
pauses at boot
time after selecting what partition/kernel to load and waits for any key to
be pressed.
After pressing any key, the machine boots and functions properly.

I see the following after the bootloader timeout expires:

booting hd0a:/bsd: 5913424+1004644 [52+306864+287943]=0x72a4d4
entry point at 0x200120

At which point the system waits.  It sits indefinitely until any key is
pressed.

/etc/boot.conf contains set timeout 10.  If I type any valid command into
the boot
prompt, the system loads the kernel and boots normally.  It only hangs if
the loader
selects the kernel itself.  Additionally, it hangs even when I specify a
partition
to use in boot.conf (bsd, bsd.rd, even the bootable CD do the same thing).

I have also reinstalled completely as well as recompiled the kernel/system
from CVSup.

I am getting the feeling that this is some simple issue that I have missed,
but nothing
has come up with any of my internet/list archive searches.  Anyone else with
the issue
seems to have a system that is unresponsive following the entry point...
line.

I don't plan on having a display or keyboard attached to this machine, so it
would be
convenient to not have to physically interact with it on each boot.

Sorry for the length.  I hope I have included all necessary information, my
dmesg
output is below.

Best regards,
Ryan Smith

dmesg output:
(pseudo device)
454 ppp count 1 (pseudo device)
455 sl count 1 (pseudo device)
--- more ---456 tun count 1 (pseudo device)
457 vlan count 1 (pseudo device)
458 trunk count 1 (pseudo device)
459 pppoe count 1 (pseudo device)
460 bio count 1 (pseudo device)
461 pctr count 1 (pseudo device)
462 mtrr count 1 (pseudo device)
463 nvram count 1 (pseudo device)
464 sequencer count 1 (pseudo device)
465 hotplug count 1 (pseudo device)
466 wsmux count 2 (pseudo device)
467 crypto count 1 (pseudo device)
Continuing...
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 02/24/03, BIOS32 rev. 0 @ 0xfdad0,
SMBIOS rev. 2.3 @ 0xf0630 (22 entries)
bios0: vendor American Megatrends Inc. version 07.00T date 04/02/01
bios0: MSI MS-6380E
acpi at bios0 function 0x0 not configured
pcibios0 at bios0: rev 2.1 @ 0xf/0x1
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf7f20/208 (11 entries)
pcibios0: PCI Interrupt Router at 000:17:0 (VIA VT8235 ISA rev 0x00)
pcibios0: PCI bus #1 is the last bus
bios0: ROM list: 0xc/0xd000
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 VIA VT8366 PCI rev 0x00
agp0 at pchb0: v2, aperture at 0xe000, size 0x1000
ppb0 at pci0 dev 1 function 0 VIA VT8366 AGP rev 0x00
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 ATI Radeon 9600 XT rev 0x00
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
ATI Radeon 9600 XT Sec rev 0x00 at pci1 dev 0 function 1 not configured
ral0 at pci0 dev 6 function 0 Ralink RT2561S rev 0x00: irq 10, address
00:1f:1f:05:ce:e9
ral0: MAC/BBP RT2561C, RF RT2527
rl0 at pci0 dev 7 function 0 D-Link Systems 530TX+ rev 0x10: irq 9,
address 00:11:95:26:4a:d5
rlphy0 at rl0 phy 0: RTL internal PHY
uhci0 at pci0 dev 16 function 0 VIA VT83C572 USB rev 0x80: irq 11
uhci1 at pci0 dev 16 function 1 VIA VT83C572 USB rev 0x80: irq 10
ehci0 at pci0 dev 16 function 3 VIA VT6202 USB rev 0x82: irq 5
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 VIA EHCI root hub rev 2.00/1.00 addr 1
viapm0 at pci0 dev 17 function 0 VIA VT8235 ISA rev 0x00
iic0 at viapm0
iic0: addr 0x1b 06=f0 08=01 09=01 0b=fd 0c=04 0d=04 0e=f0 0f=07 10=0c 11=03
12=04 14=55 15=55 17=ff 18=ff 1c=02 20=ff 22=07 26=30 29=ff words 00=00ff
01=00ff 02=00ff 03=00ff 04=00ff 05=00ff 06=f0ff 07=00ff 08=01ff 09=01ff
0a=00ff 0b=fdff 0c=04ff 0d=04ff 0e=f0ff 0f=07ff
iic0: addr 0x2f 00=00 02=0f 03=00 04=00 06=0f 07=00 08=00 0a=06 0b=00 0c=00
0d=07 0e=84 0f=00 10=c0 11=11 12=00 13=60 words 00=00ff 01= 02=0fff
03=00ff 04=00ff 05= 06=0fff 07=00ff 08=00ff 09= 0a=06ff 0b=00ff
0c=00ff 0d=07ff 0e=84ff 0f=00ff
spdmem0 at iic0 addr 0x50: 512MB DDR SDRAM non-parity PC3200CL2.5
pciide0 at pci0 dev 17 function 1 VIA VT82C571 IDE rev 0x06: ATA133,
channel 0 configured to compatibility, channel 1 configured to compatibility
wd0 at pciide0 channel 0 drive 0: WDC WD1600JB-00GVA0
wd0: 16-sector PIO, LBA48, 152627MB, 312581808 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5
pciide0: channel 1 disabled (no drives)
auvia0 at pci0 dev 17 function 5 VIA VT8233 AC97 rev 0x50: irq 9
ac97: codec id 0x414c4720 (Avance Logic ALC650)
ac97: codec features 20 bit DAC, 18 bit ADC, Realtek 3D
audio at auvia0 not configured
usb1 at uhci0: USB revision 1.0
uhub1 at usb1 

Re: 4.3 Bootloader waiting for keypress before loading kernel

[Ryan Smith]

Thanks for the reply Daniel.

I should have noted that the machine did the same thing on initial boot
(lacking boot.conf).  Currently, boot.conf only increases the timeout;
it does the same thing with or without a kernel being specified in
boot.conf.  If I type in a kernel to use at the bootloader prompt, it
will boot normally without the delay.

Best regards,
Ryan Smith

-Original Message-
From: Daniel Ouellet [mailto:[EMAIL PROTECTED] 
Sent: Thursday, August 14, 2008 4:43 PM
To: Ryan Smith
Cc: misc@openbsd.org
Subject: Re: 4.3 Bootloader waiting for keypress before loading kernel

Ryan Smith wrote:
 /etc/boot.conf contains set timeout 10.  If I type any valid command
into

The default install don't have these.

May be stupid to ask, but did you try without your boot.conf file?

 From the FaQ a bit lower from it

http://www.openbsd.org/faq/faq6.html#PXE

Note that /etc/boot.conf is only needed if the kernel you wish to boot 
from is not named bsd, or other pxeboot defaults are not as you need 
them (for example, you wish to use a serial console). You can test your 
tftpd(8) server using a tftp(1) client, making sure you can fetch the 
needed files.

Does it go well without it?

Best,

Daniel

Re: 4.3 Bootloader waiting for keypress before loading kernel

[Daniel Ouellet]

Ryan Smith wrote:

Thanks for the reply Daniel.

I should have noted that the machine did the same thing on initial boot
(lacking boot.conf).  Currently, boot.conf only increases the timeout;
it does the same thing with or without a kernel being specified in
boot.conf.  If I type in a kernel to use at the bootloader prompt, it
will boot normally without the delay.


And you did it (without the boot.conf), not on your own compile version, 
but on the stable distribution one as the system you run now if your own 
compile version:


OpenBSD 4.3-stable (GENERIC) #0: Thu Aug 14 09:15:48 CDT 2008
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC

snip

You didn't try to make changes on the default kernel, some optimization, 
removing drivers, or what not right?


And your root / partition is not a multi GB in size, just in case right?

Re: 4.3 Bootloader waiting for keypress before loading kernel

[Daniel Ouellet]

Ryan Smith wrote:

/etc/boot.conf contains set timeout 10.  If I type any valid command into


The default install don't have these.

May be stupid to ask, but did you try without your boot.conf file?

From the FaQ a bit lower from it

http://www.openbsd.org/faq/faq6.html#PXE

Note that /etc/boot.conf is only needed if the kernel you wish to boot 
from is not named bsd, or other pxeboot defaults are not as you need 
them (for example, you wish to use a serial console). You can test your 
tftpd(8) server using a tftp(1) client, making sure you can fetch the 
needed files.


Does it go well without it?

Best,

Daniel

Re: 4.3 Bootloader waiting for keypress before loading kernel

[Daniel Ouellet]

Ryan Smith wrote:

Thanks for the reply Daniel.

I should have noted that the machine did the same thing on initial boot
(lacking boot.conf).  Currently, boot.conf only increases the timeout;
it does the same thing with or without a kernel being specified in
boot.conf.  If I type in a kernel to use at the bootloader prompt, it
will boot normally without the delay.


You could always try this.

As Nick explain before in the archive. This usually should work no 
problem, unless there is a keyboard switch in the path or something 
similar, witch you do not right?


http://archives.neohapsis.com/archives/openbsd/2005-01/2830.html

Anyway, as you say your system boot if you enter, or press a key, you 
can always just try this and see


echo boot  /etc/boot.conf

But I would try without the keyboard connected and see and also make 
sure your BIOS do not have the wait on keyboard if error setup. Just a 
thought there as well. Not sure about your bios, but some old one did 
have this in there and if not setup properly, just wait on keyboard error.


So, try without a keyboard and also try the above echo to see.

After that, if it still doesn't work, may be someone else may have a 
better suggestion for you.


But I would think that would be the source of the problem, but I could 
be wrong. Is your keyboard is USB type by any chance? Not that it should 
make a difference, but if so, may be you have something else connected 
there that give you the problem.


Best,

Daniel

openldap-server on 4.3? (newbie)

[Ross Tucker]

Please accept my apologies if this question has been asked, etc. I
have done my very best to research it but have found nothing that
helps.

I am trying to set my new OpenBSD 4.3 installation up as a PDC for a
windows network. I am following directions from
http://www.kernel-panic.it/openbsd/pdc/pdc2.html but I cannot get
openldap-server to build from the ports, because the bdb flavor is
marked broken in 4.3! In the tutorial, he just continues on without
explaining what to do. What ought I do to get openldap-server to
build?

Thank you very much for your patience and time.

Ross Tucker

Re: 4.3 Bootloader waiting for keypress before loading kernel

[Ryan Smith]

Daniel Ouellet:
snip
You didn't try to make changes on the default kernel, some optimization,
removing drivers, or what not right?

And your root / partition is not a multi GB in size, just in case right?
/snip

My root partition is 10GB in size, following the recommendation of
openbsd101.com.  I have had no other problems with other operating systems,
but perhaps I was just getting lucky with the bootloader being loaded in the
appropriate region for the BIOS.  I will try reinstalling with a smaller
root.

snip
echo boot  /etc/boot.conf

But I would try without the keyboard connected and see and also make 
sure your BIOS do not have the wait on keyboard if error setup. Just a 
thought there as well. Not sure about your bios, but some old one did 
have this in there and if not setup properly, just wait on keyboard error.

...

But I would think that would be the source of the problem, but I could 
be wrong. Is your keyboard is USB type by any chance? Not that it should 
make a difference, but if so, may be you have something else connected 
there that give you the problem.
/snip

The BIOS seems happy to boot without a keyboard attached (which is PS/2).
It proceeds to load the boot loader where it hangs in the same place, but
this time, I can't press any keys to get it to continue loading. :)

I also tried eliminating the timeout with boot in boot.conf, but I still
have this issue, with or without a keyboard being attached.

SOLVED: openldap-server on 4.3? (newbie)

[Ross Tucker]

Thanks for the bandwidth.

Ross

Re: openldap-server on 4.3? (newbie)

[Stuart Henderson]

On 2008-08-14, Ross Tucker [EMAIL PROTECTED] wrote:
 I am trying to set my new OpenBSD 4.3 installation up as a PDC for a
 windows network. I am following directions from
 http://www.kernel-panic.it/openbsd/pdc/pdc2.html but I cannot get
 openldap-server to build from the ports, because the bdb flavor is
 marked broken in 4.3! In the tutorial, he just continues on without
 explaining what to do. What ought I do to get openldap-server to
 build?

Don't use the bdb flavor. Just set PKG_PATH appropriately as per
FAQ15.2.2 and pkg_add openldap-server for the normal LDBM version.
I don't see much point for what you want in building your own package
from the port, you might as well use the ones that are already built.

Berkeley(/Sleepycat/Oracle) DB broke the API mid-release-cycle (4.6.3
or something, earlier 4.6.x were OK), OpenLDAP added support for the new
version to 2.4 _only_, not 2.3 (which was until recently the release
they deemed stable).

Re: 4.3 Bootloader waiting for keypress before loading kernel

[Ben Calvert]

On Aug 14, 2008, at 4:17 PM, Ryan Smith wrote:


My root partition is 10GB in size, following the recommendation of
openbsd101.com.  I have had no other problems with other operating  
systems,
but perhaps I was just getting lucky with the bootloader being  
loaded in the
appropriate region for the BIOS.  I will try reinstalling with a  
smaller

root.


what is openbsd101.com? nevermind, don't answer.

you might consider reading the install documentation supplied with the  
product you're installing though.


ftp://ftp.openbsd.org/OpenBSD/4.3/i386/INSTALL.i386

Ben

Re: Using PF to NAT internal addresses over an IPSec link

[Marc-Andre Jutras]

Hey List ! ...

Interesting... I was about to send an e-mail on the list regarding this 
same question : aka: Best practice on NAT over IPsec... or how to do it 
correctly ?!?!?!?


May I can suggest you to try something... : ( that what I will try 
anyway somewhere next week or so... )


Create a Loopback interface on one of your BSD and try to NAT on this 
'lo' interface ... from that nat, adjust your pf to block all from lan A 
to lab B except from NAT  ...and well, I think it should work !


any other suggestion to try or any ''already working here' ' notes that 
someone can post ?


Regards,
M-A

Jorge Valbuena wrote:

I have the following configuration:


LAN_B--[openBSD+Pf+Nat+VPN]---(internet)---[OpenBSD+Pf+NAT+VPN]---[openBSD+Squid]---LAN_A



http://bsdsupport.org/ , setting up Ipsec over GRE on OpenBSD


I can ping a host from LAN_A to a host on LAN_B

I hope this can Help !





 Original-Nachricht 
  

Datum: Wed, 13 Aug 2008 16:41:20 -0400
Von: Toby Burress [EMAIL PROTECTED]
An: misc@openbsd.org
Betreff: Using PF to NAT internal addresses over an IPSec link



  

I have an IPSec connection set up to an external site, over which
I have no control and whose topololgy I know nothign about (i.e. I
don't know what subnets they use, etc.)  Using ipsecctl, I have one
flow set up, from my external IP A.B.C.D to an internal IP on their
side, 172.25.0.1.

I can ping 172.25.0.1 from the OpenBSD box, so IPSec is working fine.

What I want to do is allow any machine from my internal networks
to reach 172.25.0.1.

What I would like to do is set up NAT, so that packets headed to
the OpenBSD box from anywhere on my network get translated to
A.B.C.D, which is then sent over the VPN connection.  Unfortunately
it looks like PF only applies NAT transforms when packets leave
interfaces, not when they enter them, so packets come into the
OpenBSD box with their private IPs, get routed out the interface
associated with the default route, and only then get rewritten.

Is there a better way to do this?  I would like to be able to change
which hosts on my side can go over the IPSec connection without
having to coordinate with the other company, and without having to
expose internal IP information.

If you reply to the list please cc me as I am not subscribed.

Re: 4.3 Bootloader waiting for keypress before loading kernel

[Ryan Smith]

You have assumed that because I have used some resource for new users that I
have not read any of the official documentation.  This would be untrue.  In
fact, INSTALL.i386 was the first thing I read while grabbing the ISO, but
since I have had no problems with a larger bootable partition with Linux, I
anticipated no problems with the larger partition sizes recommended on the
aforementioned website.  The minimum partition sizes from the FAQ are for a
substantially smaller hard drive, and, obviously, scaling the sizes by the
almost order of magnitude of difference would not have been a good idea.

There are other supplemental resources out there, and not all of them are
bad.

Thanks anyway.

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Ben Calvert
Sent: Thursday, August 14, 2008 6:34 PM
To: Ryan Smith
Cc: misc@openbsd.org
Subject: Re: 4.3 Bootloader waiting for keypress before loading kernel

On Aug 14, 2008, at 4:17 PM, Ryan Smith wrote:

 My root partition is 10GB in size, following the recommendation of
 openbsd101.com.  I have had no other problems with other operating  
 systems,
 but perhaps I was just getting lucky with the bootloader being  
 loaded in the
 appropriate region for the BIOS.  I will try reinstalling with a  
 smaller
 root.

what is openbsd101.com? nevermind, don't answer.

you might consider reading the install documentation supplied with the  
product you're installing though.

ftp://ftp.openbsd.org/OpenBSD/4.3/i386/INSTALL.i386

Ben

PPPoE(4) - pap failure: 22 (Re: PPPoE - Connection reset by peer)

[Dongsheng Song]

When I user pppoe(4):

# cat /etc/hostname.bge0
up

# cat /etc/hostname.pppoe0
inet 0.0.0.0 255.255.255.255 NONE \
pppoedev bge0 authproto pap \
authname '[EMAIL PROTECTED]' authkey 'yyy' up
dest 0.0.0.1
!/sbin/route add -inet 59.37.173.0/24 0.0.0.1

I got error pap failure: 22:

Aug 15 09:48:38 proxy /bsd: pppoe0: disconnecting
Aug 15 09:48:38 proxy /bsd: pppoe0: lcp down(stopped)
Aug 15 09:48:38 proxy /bsd: pppoe0: lcp stopped-starting
Aug 15 09:48:38 proxy /bsd: pppoe0: phase establish
Aug 15 09:48:38 proxy /bsd: pppoe0 (8863) state=1, session=0x0 output
- ff:ff:ff:ff:ff:ff, len=18
Aug 15 09:48:38 proxy /bsd: pppoe0: Down event (carrier loss), taking
interface down.7pppoe0: lcp close(starting)
Aug 15 09:48:38 proxy /bsd: pppoe0: lcp starting-initial
Aug 15 09:48:38 proxy /bsd: pppoe0: phase dead
Aug 15 09:48:38 proxy /bsd: pppoe0 (8863) state=2, session=0x0 output
- 00:90:1a:41:d2:86, len=38
Aug 15 09:48:38 proxy /bsd: pppoe0: session 0x18d connected
Aug 15 09:48:38 proxy /bsd: pppoe0: lcp open(initial)
Aug 15 09:48:38 proxy /bsd: pppoe0: lcp initial-starting
Aug 15 09:48:38 proxy /bsd: pppoe0: phase establish
Aug 15 09:48:38 proxy /bsd: pppoe0: lcp up(starting)
Aug 15 09:48:38 proxy /bsd: pppoe0: lcp starting-req-sent
Aug 15 09:48:38 proxy /bsd: pppoe0: lcp output conf-req id=0x40
len=10 05-06-a9-ff-60-ba
Aug 15 09:48:38 proxy /bsd: pppoe0 (8864) state=3, session=0x18d
output - 00:90:1a:41:d2:86, len=18
Aug 15 09:48:39 proxy /bsd: pppoe0: lcp input(req-sent): conf-req
id=0xc0 len=18 
01-04-05-d4-03-04-c0-23-05-06-0c-ed-39-6b-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
Aug 15 09:48:39 proxy /bsd: pppoe0: lcp parse opts: mru auth-proto magic
Aug 15 09:48:39 proxy /bsd: pppoe0: lcp parse opt values: mru 1492
auth-proto magic 0xced396b send conf-ack
Aug 15 09:48:39 proxy /bsd: pppoe0: lcp output conf-ack id=0xc0
len=18 01-04-05-d4-03-04-c0-23-05-06-0c-ed-39-6b
Aug 15 09:48:39 proxy /bsd: pppoe0 (8864) state=3, session=0x18d
output - 00:90:1a:41:d2:86, len=26
Aug 15 09:48:39 proxy /bsd: pppoe0: lcp req-sent-ack-sent
Aug 15 09:48:39 proxy /bsd: pppoe0: lcp input(ack-sent): conf-ack
id=0x40 len=10 
05-06-a9-ff-60-ba-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
Aug 15 09:48:39 proxy /bsd: pppoe0: lcp ack-sent-opened
Aug 15 09:48:39 proxy /bsd: pppoe0: lcp tlu
Aug 15 09:48:39 proxy /bsd: pppoe0: up
Aug 15 09:48:39 proxy /bsd: pppoe0: phase authenticate
Aug 15 09:48:39 proxy /bsd: pppoe0: pap output req id=0x41 len=34
14-67-7a-44-53-4c-33-37-38-38-33-37-30-38-40-31-36-33-2e-67-64-08-44-56-42-4c-50-42-4d-4e
Aug 15 09:48:39 proxy /bsd: pppoe0 (8864) state=3, session=0x18d
output - 00:90:1a:41:d2:86, len=42
Aug 15 09:48:40 proxy /bsd: pppoe0: pap peer TO
Aug 15 09:48:40 proxy /bsd: pppoe0: pap output req id=0x42 len=34
14-67-7a-44-53-4c-33-37-38-38-33-37-30-38-40-31-36-33-2e-67-64-08-44-56-42-4c-50-42-4d-4e
Aug 15 09:48:40 proxy /bsd: pppoe0 (8864) state=3, session=0x18d
output - 00:90:1a:41:d2:86, len=42
Aug 15 09:48:41 proxy /bsd: pppoe0: pap failure: 22
Aug 15 09:48:41 proxy /bsd: pppoe0: lcp input(opened): term-req
id=0xc1 len=4 
00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
Aug 15 09:48:41 proxy /bsd: pppoe0: lcp opened-stopping
Aug 15 09:48:41 proxy /bsd: pppoe0: phase terminate
Aug 15 09:48:41 proxy /bsd: pppoe0: lcp send terminate-ack
Aug 15 09:48:41 proxy /bsd: pppoe0: lcp output term-ack id=0xc1 len=4
Aug 15 09:48:41 proxy /bsd: pppoe0 (8864) state=3, session=0x18d
output - 00:90:1a:41:d2:86, len=12
Aug 15 09:48:51 proxy /bsd: pppoe0: lcp TO(stopping) rst_counter = 0
Aug 15 09:48:51 proxy /bsd: pppoe0: lcp stopping-stopped
Aug 15 09:48:51 proxy /bsd: pppoe0: phase dead
Aug 15 09:48:51 proxy /bsd: pppoe0: timeout
Aug 15 09:48:51 proxy /bsd: pppoe0: disconnecting
Aug 15 09:48:51 proxy /bsd: pppoe0: lcp down(stopped)
Aug 15 09:48:51 proxy /bsd: pppoe0: lcp stopped-starting
Aug 15 09:48:51 proxy /bsd: pppoe0: phase establish
...

Thanks for some help.

--
Dongsheng Song

2008/8/14 Antti Harri [EMAIL PROTECTED]:

 Hi,

 I don't know what's solution to your problem but I recommend
 you take a look at the kernel pppoe driver: pppoe(4). It's
 very simple to configure and works as good as pppoe can
 work.

 --
 Antti Harri

Re: 4.3 Bootloader waiting for keypress before loading kernel

[David Higgs]

On Thu, Aug 14, 2008 at 7:57 PM, Ryan Smith [EMAIL PROTECTED] wrote:
 You have assumed that because I have used some resource for new users that I
 have not read any of the official documentation.  This would be untrue.  In
 fact, INSTALL.i386 was the first thing I read while grabbing the ISO, but
 since I have had no problems with a larger bootable partition with Linux, I
 anticipated no problems with the larger partition sizes recommended on the
 aforementioned website.  The minimum partition sizes from the FAQ are for a
 substantially smaller hard drive, and, obviously, scaling the sizes by the
 almost order of magnitude of difference would not have been a good idea.

 There are other supplemental resources out there, and not all of them are
 bad.

 Thanks anyway.

OpenBSD is not Linux.

http://www.openbsd.org/faq/faq4.html#Install
http://www.openbsd.org/faq/faq14.html#LargeDrive

What was lacking about the official resources that the supplemental
ones provided?

--david

Re: 4.3 Bootloader waiting for keypress before loading kernel

[Ryan Smith]

I am aware that OpenBSD is not Linux and never made the assertion that they
were the same.  That's the reason I am trying to use OpenBSD and not Linux;
it is more suited for what I am eventually wanting to do.

I wasn't trying to say it works in Linux, so why doesn't it work in
OpenBSD?  I understand they are different, but I also understand that the
BIOS is the defining factor in the bootable partition size limitation.  For
that reason, it is not unreasonable to expect that if I have a 10gb
partition in XYZ operating system (insert Linux) and the BIOS still
allows booting from this partition regardless of where the bootloader and
kernel falls, the BIOS probably will continue to allow me to boot on a
similarly-sized partition with another operating system.  If the BIOS will
address n-gb for XYZ operating system, it is unlikely to refuse to address
that size for OpenBSD.

There was nothing lacking in the official documentation.  Additionally, the
supplemental documentation actually didn't provide very much; most of the
OpenBSD stuff I have found is just summarized documentation or verbatim
manpages.  But if we followed the logic of if it's not the official
documentation, it's no good, there would be no reason for having mailing
lists or fora either.  The documentation included in the manpages is
fantastic, easily the best that I've ever seen with an OS; but as a new user
to the *BSD systems, it can be overwhelming at first, and sometimes a
dumbed-down guide is a nice preface for a dumbed-down user like myself.

Anyway, I dropped the root partition size to 1gb and did clean install, but
still this issue prevails.  I have been through the BIOS settings time and
again and haven't found any setting that would be causing this, nor have I
been able to find anything on the OS side.

Is it possible (likely?) that this is being caused by hardware?  I don't
know if it is actually the bootloader that is causing the delay or if the
kernel is actually being loaded and hangs for some reason.  Any other
suggestions would be appreciated.

Best,
Ryan

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
David Higgs
Sent: Thursday, August 14, 2008 9:31 PM
To: Ryan Smith
Cc: misc@openbsd.org
Subject: Re: 4.3 Bootloader waiting for keypress before loading kernel

On Thu, Aug 14, 2008 at 7:57 PM, Ryan Smith [EMAIL PROTECTED]
wrote:
 You have assumed that because I have used some resource for new users that
I
 have not read any of the official documentation.  This would be untrue.
In
 fact, INSTALL.i386 was the first thing I read while grabbing the ISO, but
 since I have had no problems with a larger bootable partition with Linux,
I
 anticipated no problems with the larger partition sizes recommended on the
 aforementioned website.  The minimum partition sizes from the FAQ are for
a
 substantially smaller hard drive, and, obviously, scaling the sizes by the
 almost order of magnitude of difference would not have been a good idea.

 There are other supplemental resources out there, and not all of them are
 bad.

 Thanks anyway.

OpenBSD is not Linux.

http://www.openbsd.org/faq/faq4.html#Install
http://www.openbsd.org/faq/faq14.html#LargeDrive

What was lacking about the official resources that the supplemental
ones provided?

--david

Resent, Issues with -CURRENT on Vostro 1310

[Sevan / Venture37]

Resending as the 1st attempt to send this with acpidump  pcidump output
resulted in a 105kb sized email.

It seems the previous issues with re(4) reported on here have been semi fixed,
however the system is acting strange, if I attempt to boot the system from
GENERIC without disable ACPI, the system will stop after spkr0 at pcppi0, the
keyboard is still responsive in that I can switch scroll, caps, num lock on 
off but the system just sits there. Power cycling the box  attempting to boot
GENERIC.MP kernel after the hang will cause a kernel panic with the previously
reported panic: config_detach: forced detach of re0 failed (45)

What I noticed is that though re(4) is detected, an error follows no PHY
found  reset never completed
The only way to get the system to boot GENERIC.MP is to switch the machine
off, unplug battery  mains, wait  then use GENERIC.MP when you power up.

The system also needs to have ACPI disabled to boot from install44.iso.

As previously reported acpidump core dumps when run on this system aswell.

Screenshot of trace, ps after kernel panic, the core file from acpidump
coredump + acpi  pcidump output can be found here:
http://geeklan.co.uk/files/vostro1310/openbsd/august-12th/


OpenBSD 4.4 (GENERIC.MP) #1812: Tue Aug 12 17:22:53 MDT 2008
[EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 2132897792 (2034MB)
avail mem = 2071056384 (1975MB)
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xdc010 (38 entries)
bios0: vendor Dell Inc. version A10 date 07/10/2008
bios0: Dell Inc. Vostro1310
acpi0 at bios0: rev 2
acpi0: tables DSDT FACP APIC HPET MCFG TCPA TMOR OSFR APIC BOOT SLIC SSDT SSDT
SSDT SSDT
acpi0: wakeup devices LID0(S3) HDEF(S3) PXSX(S3) PXSX(S5) USB1(S0) USB2(S0)
USB3(S0) USB4(S0) USB5(S0) EHC1(S0) EHC2(S0)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM)2 Duo CPU T5670 @ 1.80GHz, 1795.74 MHz
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,EST,TM2,CX16,xTPR
,NXE,LONG
cpu0: 2MB 64b/line 8-way L2 cache
cpu0: apic clock running at 199MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Core(TM)2 Duo CPU T5670 @ 1.80GHz, 1795.50 MHz
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,EST,TM2,CX16,xTPR
,NXE,LONG
cpu1: 2MB 64b/line 8-way L2 cache
ioapic0 at mainbus0 apid 1 pa 0xfec0, version 20, 24 pins
ioapic0: misconfigured as apic 2, remapped to apid 1
acpihpet0 at acpi0: 14318179 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 1 (PEGP)
acpiprt2 at acpi0: bus 2 (RP01)
acpiprt3 at acpi0: bus 3 (RP02)
acpiprt4 at acpi0: bus -1 (RP03)
acpiprt5 at acpi0: bus 6 (RP04)
acpiprt6 at acpi0: bus 7 (RP05)
acpiprt7 at acpi0: bus -1 (RP06)
acpiprt8 at acpi0: bus 8 (PCIB)
acpiec0 at acpi0
acpicpu0 at acpi0: C3, C2
acpicpu1 at acpi0: C3, C2
acpibtn0 at acpi0: LID0
acpibtn1 at acpi0: PWRB
acpibtn2 at acpi0: SLPB
acpiac0 at acpi0: AC unit offline
acpibat0 at acpi0: BAT1 serial 11 type Lion oem Dell
acpivideo at acpi0 not configured
acpivideo at acpi0 not configured
cpu0: unknown Enhanced SpeedStep CPU, msr 0x0612092506000925
cpu0: using only highest and lowest power states
cpu0: Enhanced SpeedStep 1800 MHz (1292 mV): speeds: 1800, 1200 MHz
pci0 at mainbus0 bus 0: configuration mode 1
pchb0 at pci0 dev 0 function 0 Intel GM965 Host rev 0x0c
ppb0 at pci0 dev 1 function 0 Intel GM965 PCIE rev 0x0c: apic 1 int 16 (irq
5)
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 vendor NVIDIA, unknown product 0x0427 rev
0xa1
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
agp0 at vga1: no integrated graphics
drm at vga1 unsupported
uhci0 at pci0 dev 26 function 0 Intel 82801H USB rev 0x03: apic 1 int 16
(irq 5)
uhci1 at pci0 dev 26 function 1 Intel 82801H USB rev 0x03: apic 1 int 21
(irq 11)
ehci0 at pci0 dev 26 function 7 Intel 82801H USB rev 0x03: apic 1 int 18
(irq 10)
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1
azalia0 at pci0 dev 27 function 0 Intel 82801H HD Audio rev 0x03: apic 1 int
22 (irq 10)
azalia0: codec[s]: Realtek/0x0268
audio0 at azalia0
ppb1 at pci0 dev 28 function 0 Intel 82801H PCIE rev 0x03: apic 1 int 17
(irq 11)
pci2 at ppb1 bus 2
ppb2 at pci0 dev 28 function 1 Intel 82801H PCIE rev 0x03: apic 1 int 16
(irq 5)
pci3 at ppb2 bus 3
ppb3 at pci0 dev 28 function 3 Intel 82801H PCIE rev 0x03: apic 1 int 19
(irq 11)
pci4 at ppb3 bus 6
ppb4 at pci0 dev 28 function 4 Intel 82801H PCIE rev 0x03: apic 1 int 17
(irq 11)
pci5 at ppb4 bus 7
re0 at pci5 dev 0 function 0 Realtek 8168 rev 0x02: RTL8168C/8111C (0x3c00),
apic 1 int 16 (irq 5), address 00:1c:23:
rgephy0 at re0 phy 7: RTL8169S/8110S PHY, rev. 2
uhci2 at pci0 dev 29 function 0 Intel 82801H 

Re: 4.3 Bootloader waiting for keypress before loading kernel

[Ben Calvert]

On Aug 14, 2008, at 8:29 PM, Ryan Smith wrote:


There was nothing lacking in the official documentation.   
Additionally, the
supplemental documentation actually didn't provide very much; most  
of the
OpenBSD stuff I have found is just summarized documentation or  
verbatim

manpages.  But if we followed the logic of if it's not the official
documentation, it's no good, there would be no reason for having  
mailing

lists or fora either.


This is not what people are saying to you.  people are trying point  
out that your strategy:


1. read the official docs
2. read some other docs
3. pick and choose which to follow
4. come to the official support forum and ask for help ( instead of  
asking the guy who's advice you followed )


is selfish.

you're asking people to volunteer to help you after ignoring the  
resources that they have ( again, voluntarily and for free ) provided  
for you.




Best,
Ryan


Ben

Re: Using PF to NAT internal addresses over an IPSec link

[william dunand]

Hi,

I tried to reproduce what you want in my testing environment and
managed to make it work.

What you have to do is :
 - In your ipsec.conf, add an rule from your local network to the
distant 172.25.0.1 (this rule is needed in order to route the traffic
to enc0)
 - Add a nat rule on enc0 in your pf.conf. Something like : nat on
enc0 from !($ext_if) - ($ext_if:0)
 - Note that if you had set a skip on enc0, you should remove it and
use something like pass quick on enc0 for the nat to be applied.

It works for me, local addresses are nated inside the tunnel and
cannot be seen by the remote servers.

Feel free to ask if you need more details.

Cheers,
William





2008/8/15 Marc-Andre Jutras [EMAIL PROTECTED]:
 Hey List ! ...

 Interesting... I was about to send an e-mail on the list regarding this same
 question : aka: Best practice on NAT over IPsec... or how to do it correctly
 ?!?!?!?

 May I can suggest you to try something... : ( that what I will try anyway
 somewhere next week or so... )

 Create a Loopback interface on one of your BSD and try to NAT on this 'lo'
 interface ... from that nat, adjust your pf to block all from lan A to lab B
 except from NAT  ...and well, I think it should work !

 any other suggestion to try or any ''already working here' ' notes that
 someone can post ?

 Regards,
 M-A

 Jorge Valbuena wrote:

 I have the following configuration:



 LAN_B--[openBSD+Pf+Nat+VPN]---(internet)---[OpenBSD+Pf+NAT+VPN]---[openBSD+Squid]---LAN_A



 http://bsdsupport.org/ , setting up Ipsec over GRE on OpenBSD


 I can ping a host from LAN_A to a host on LAN_B

 I hope this can Help !





  Original-Nachricht 


 Datum: Wed, 13 Aug 2008 16:41:20 -0400
 Von: Toby Burress [EMAIL PROTECTED]
 An: misc@openbsd.org
 Betreff: Using PF to NAT internal addresses over an IPSec link




 I have an IPSec connection set up to an external site, over which
 I have no control and whose topololgy I know nothign about (i.e. I
 don't know what subnets they use, etc.)  Using ipsecctl, I have one
 flow set up, from my external IP A.B.C.D to an internal IP on their
 side, 172.25.0.1.

 I can ping 172.25.0.1 from the OpenBSD box, so IPSec is working fine.

 What I want to do is allow any machine from my internal networks
 to reach 172.25.0.1.

 What I would like to do is set up NAT, so that packets headed to
 the OpenBSD box from anywhere on my network get translated to
 A.B.C.D, which is then sent over the VPN connection.  Unfortunately
 it looks like PF only applies NAT transforms when packets leave
 interfaces, not when they enter them, so packets come into the
 OpenBSD box with their private IPs, get routed out the interface
 associated with the default route, and only then get rewritten.

 Is there a better way to do this?  I would like to be able to change
 which hosts on my side can go over the IPSec connection without
 having to coordinate with the other company, and without having to
 expose internal IP information.

 If you reply to the list please cc me as I am not subscribed.

Re: 4.3 Bootloader waiting for keypress before loading kernel

[ropers]

Have you done a full burn-in overnight memtest?

--ropers

Re: 4.3 Bootloader waiting for keypress before loading kernel

[Daniel Ouellet]

Ryan Smith wrote:

You have assumed that because I have used some resource for new users that I
have not read any of the official documentation.  This would be untrue.  In
fact, INSTALL.i386 was the first thing I read while grabbing the ISO, but
since I have had no problems with a larger bootable partition with Linux, I
anticipated no problems with the larger partition sizes recommended on the
aforementioned website.  The minimum partition sizes from the FAQ are for a
substantially smaller hard drive, and, obviously, scaling the sizes by the
almost order of magnitude of difference would not have been a good idea.

There are other supplemental resources out there, and not all of them are
bad.

Thanks anyway.


Hi Ryan,

You may or may not have a hardware problem, or something else. I think 
in all fairness people tried to help you. What was pointed out to you a 
few times, Linux != OpenBSD and reading the FaQ on OpenBSD and all are 
very valid point. No offense intended by anyone here really. But just 
look at it this way.


- The FAQ point out not to use root bigger then 504MB in some old case, 
witch may not apply to you.


http://www.openbsd.org/faq/faq14.html#LargeDrive

You use 10GB.

- The FAQ does point out that boot.conf is not required and you use one.
http://www.openbsd.org/faq/faq6.html#PXE

- The FAQ said not to asked for help if you don't use the generic BSD 
and there ins't any need for custom kernel and you built your own from 
cvs, not even trying the snapshots one.


http://www.openbsd.org/faq/faq5.html#WhySrc

- You said no explain of your problem was on google, but a very quick 
search show differently.


http://archives.neohapsis.com/archives/openbsd/2005-01/2830.html

- You said you read the documentations, but you refer and justify it by 
pointing to openbsd101.com


- You explain that your system works with your setup on Linux, so there 
isn't any reason it wouldn't work on OpenBSD.


I have had no problems with a larger bootable partition with Linux.

And a few more.

Again Ryan, I am not trying to dig a hole under you at all. I am really 
trying to help you and a few others as well did.


But all that we see if many and even recurring Linux behaviors,  not 
what's expected with OpenBSD to fist read the FAQ and then follow their 
details and if all fails, then asked for help.


When asked, each times, it doesn't follow the OpenBSD way and even try 
to justify it to others as it's OK with Linux, so it should be OK here.


But all these pitfall have been seen time and time again and a lots of 
people are more then welling to help you, but at the same time, none 
want to waste their time on the same old issues that may apply.


That's why all these questions and answer show it as justify too.

Again, please don't take it the wrong way here.

You will find help great, but you will also see that people will expect 
you to do you share too AND follow the FAQ for good reason.


Now, you may well have a legitimate problem, I can't say you do not.

However, you shouldn't be offended when people try to help you and they 
point out to you what's expected and standard on OpenBSD and asking you 
if you did and follow it as well.


The documentations provided in the FAQ and on the man page is really 
second to none oppose to Linux as you may be use too.


So, take the help provided as such and not as an attack on you.

However at the same time, if the basic advise provided and written for 
very good reason are not follow, then don't expect people to not point 
it out to you.


Again, it may or may not fix your problem, but no one will waste time 
trying to help, if you don't even do the basic requirement pointed out 
in the FAQ.


I for one tried to help you and I thought the problem was what I pointed 
out to you.


I still would like to make sure the standard steps of the FAQ are follow 
and it may help. Or not in this case.


I can only tell you that you will have way more chance to get help if 
you leave behind you, what you may have done on Linux if you want to use 
OpenBSD and learn to do it the OpenBSD way. It will serve you well in 
the long run and if you use Linux as a way to justify it's good, you can 
expect some flame at time as history proved it time and time again. The 
archive is full of it.


Again, I wish you the best of luck and if you stick with it, it will not 
regret it. But start the right way and you will be much happier.


All that said, I hope you can read this in good term and for what it is 
really. It's not a judgment on your person what so ever.


However you will be expected to do your share first and that's why all 
the questions and reference were provided to you by a few so far.


Now to go back to your real problem.

If all the standard setup as explain in the FAQ are done as such, 
without exception and it still doesn't work out of the box.


Then providing the details as you did with the error message and the 
dmesg, then /etc/fstab may be as well in the