Re: Does this look like SSP to you? (Vista)
Eheh,nice PR story - Use Java and .NET and you will be safe :-) Just reaction on part of topic,not whole. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Sunnz Sent: Thursday, August 14, 2008 3:49 AM To: misc OpenBSD Misc Subject: Does this look like SSP to you? (Vista) Hi, I am just curious, have Vista implemented something similar to Stack-Smashing Protector as in OpenBSD's GCC? http://arstechnica.com/news.ars/post/20080811-the-sky-isnt-falling-a-look-at-a-new-vista-security-bypass.html I don't really know that much, so I am just asking here... if those things can be bypassed, would a same type of attack be threatening to OpenBSD systems? Regards, Sunnz. -- This e-mail may be confidential. You may not copy, forward, distribute, or, use any part of it. Note, this text has no effective legal binding on your part, there is no obligation to abide any or all parts of this. Treat it with the same level of care as any other pretending-to-be-law-speaking-but-not-really texts attached to e-mail messages you normally find on any other e-mails. For more information about disclaimers, please see: http://www.goldmark.org/jeff/stupid-disclaimers/
Re: Does this look like SSP to you? (Vista)
On Thu, Aug 14, 2008 at 11:48:49AM +1000, Sunnz wrote: Hi, I am just curious, have Vista implemented something similar to Stack-Smashing Protector as in OpenBSD's GCC? http://arstechnica.com/news.ars/post/20080811-the-sky-isnt-falling-a-look-at-a-new-vista-security-bypass.html I don't really know that much, so I am just asking here... if those things can be bypassed, would a same type of attack be threatening to OpenBSD systems? Yes, stack protection can be circumvented in particular cases. But in general it is pretty good at catching the accidental overwrite and thus preventing the potential following attack. ProPolice, like some many techniques does not provide 100% safety. If that was the case, why would we bother doing all we do? We could have stopped after finishing ProPolice and have some rest. -Otto
Re: Does this look like SSP to you? (Vista)
On Thu, 14 Aug 2008, Sunnz wrote: Hi, I am just curious, have Vista implemented something similar to Stack-Smashing Protector as in OpenBSD's GCC? http://arstechnica.com/news.ars/post/20080811-the-sky-isnt-falling-a-look-at-a-new-vista-security-bypass.html I don't really know that much, so I am just asking here... if those things can be bypassed, would a same type of attack be threatening to OpenBSD systems? The actual paper is here and it is very good - well worth reading for anyone interested in this stuff: http://taossa.com/archive/bh08sotirovdowd.pdf The described stack protection is quite Propolice-like and I think that a similar attack would work on OpenBSD: corrupt a value in the stack, use it to gain control in the executing function and its antecedents but never return as that would activate the stack canary checks. For this to work, an attacker would need to find 1) a function with a stack-based overflow that 2) has a stack-allocated variable that is amenable to their purpose. I'm sure these exist, but I have no idea how common they are. Note that the attacks in the paper make use of the stack layout used by C++ method calls which makes things quite a bit for the attacker. The thing that struck me most from the paper was how close Microsoft has come to implementing a good set of protections and how they have managed to screw them up by failing to turn them on everywhere. What use if DEP or DLL load address randomisation if it isn't turned on everywhere? What is the point of those (really good) heap consistency checks if you don't abort() when they fail? -d
Re: Siliconmotion driver in 4.4 Beta
Hi, I apologize for the delayed response. I had to work out some other migration issues. I tried your patch and it worked. Thanks for your help there. The side effect of the virtual consoles getting killed persist but X starts successfully. I was also able to xdm_flags= rc.conf and things came up properly. The one issue that I see now is that the mouse pointer has sort of 2 trailing pointers. I will try to take a snapshot later. Thanks again for your time. Regards Mohamed Matthieu Herrb wrote: Mohamed Hussein Sayed wrote: Hi, I installed snapshot(08/06) on my thinkpad 240x.When I tried to start X, the lcd flickered and then went black. I was not able to switch consoles and the only thing to do would be ssh to the machine and reboot or powercycle it. This apparently has been a known problem for a few years?and I read reports It was broken in X 4.2.0 release. Is anyone working on this (Todd?). Can I help?How?I was thinking to forward port 4.1.0 siliconmotion code, would that be a recommended approach? Can you try this patch that updates to the latest X.Org version? ftp://ftp.laas.fr/pub/ii/matthieu/OpenBSD/xf86-video-siliconmotion-1.6.0.diff.gz To apply: cd /usr/xenocara/driver/xf86-video-siliconmotion zcat /path/to/xf86-video-siliconmotion-1.6.0.diff.gz | patch -p0 make -f Makefile.bsd-wrapper obj make -f Makefile.bsd-wrapper build and try to start X I don't have hardware to test this. Reports from other users with SMI cards are welcome too.
Re: Installation OpenBsd under HP DL120 - dmesg
OpenBSD 4.3 (RAMDISK_CD) #645: Wed Mar 12 11:31:03 MDT 2008 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/RAMDISK_CD cpu0: Intel(R) Celeron(R) CPU 420 @ 1.60GHz (GenuineIntel 686-class) 1.61 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLU SH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,TM,SBF,SSE3,MWAIT,DS-CPL,TM2,CX16,xTPR real mem = 534974464 (510MB) avail mem = 511098880 (487MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 12/31/99, BIOS32 rev. 0 @ 0xfdc20, SMBIOS rev. 2.5 @ 0xdc010 (43 entries) bios0: vendor HP version O22 date 07/03/2008 bios0: HP ProLiant DL120 G5 acpi0 at bios0: rev 2, can't enable ACPI bios0: ROM list: 0xc/0x8000 0xc8000/0x1000 0xc9000/0x5000 0xce000/0x1a00 0xdc000/0x4000! cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 vendor Intel, unknown product 0x29f0 rev 0x01 ppb0 at pci0 dev 1 function 0 vendor Intel, unknown product 0x29f1 rev 0x01: irq 5 pci1 at ppb0 bus 1 uhci0 at pci0 dev 26 function 0 Intel 82801I USB rev 0x02: irq 5 uhci1 at pci0 dev 26 function 1 Intel 82801I USB rev 0x02: irq 10 uhci2 at pci0 dev 26 function 2 Intel 82801I USB rev 0x02: irq 3 ehci0 at pci0 dev 26 function 7 Intel 82801I USB rev 0x02: irq 3 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1 ppb1 at pci0 dev 28 function 0 Intel 82801I PCIE rev 0x02: irq 5 pci2 at ppb1 bus 5 ppb2 at pci0 dev 28 function 4 Intel 82801I PCIE rev 0x02: irq 5 pci3 at ppb2 bus 13 vga1 at pci3 dev 0 function 0 Matrox MGA G200e (ServerEngines) rev 0x02 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) ppb3 at pci0 dev 28 function 5 Intel 82801I PCIE rev 0x02: irq 10 pci4 at ppb3 bus 14 bge0 at pci4 dev 0 function 0 Broadcom BCM5722 rev 0x00, BCM5755 C0 (0xa200): irq 10, address 00:1f:29:0e:48:e4 brgphy0 at bge0 phy 1: BCM5722 10/100/1000baseT PHY, rev. 0 uhci3 at pci0 dev 29 function 0 Intel 82801I USB rev 0x02: irq 5 uhci4 at pci0 dev 29 function 1 Intel 82801I USB rev 0x02: irq 10 uhci5 at pci0 dev 29 function 2 Intel 82801I USB rev 0x02: irq 3 ehci1 at pci0 dev 29 function 7 Intel 82801I USB rev 0x02: irq 5 usb1 at ehci1: USB revision 2.0 uhub1 at usb1 Intel EHCI root hub rev 2.00/1.00 addr 1 ppb4 at pci0 dev 30 function 0 Intel 82801BA Hub-to-PCI rev 0x92 pci5 at ppb4 bus 17 ichpcib0 at pci0 dev 31 function 0 Intel 82801IR LPC rev 0x02: PM disabled pciide0 at pci0 dev 31 function 2 Intel 82801H RAID rev 0x02: DMA, channel 0 wired to native-PCI, channel 1 wired to native-PCI pciide0: using irq 10 for native-PCI interrupt Intel 82801I SMBus rev 0x02 at pci0 dev 31 function 3 not configured pciide1 at pci0 dev 31 function 5 Intel 82801I SATA rev 0x02: DMA, channel 0 wired to native-PCI, channel 1 wired to native-PCI pciide1: using irq 3 for native-PCI interrupt atapiscsi0 at pciide1 channel 0 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: TEAC, DV-28E-V, C.AB SCSI0 5/cdrom removable cd0(pciide1:0:0): using PIO mode 4, Ultra-DMA mode 2 usb2 at uhci0: USB revision 1.0 uhub2 at usb2 Intel UHCI root hub rev 1.00/1.00 addr 1 usb3 at uhci1: USB revision 1.0 uhub3 at usb3 Intel UHCI root hub rev 1.00/1.00 addr 1 usb4 at uhci2: USB revision 1.0 uhub4 at usb4 Intel UHCI root hub rev 1.00/1.00 addr 1 usb5 at uhci3: USB revision 1.0 uhub5 at usb5 Intel UHCI root hub rev 1.00/1.00 addr 1 usb6 at uhci4: USB revision 1.0 uhub6 at usb6 Intel UHCI root hub rev 1.00/1.00 addr 1 usb7 at uhci5: USB revision 1.0 uhub7 at usb7 Intel UHCI root hub rev 1.00/1.00 addr 1 isa0 at ichpcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo biomask ffed netmask ffed ttymask ffef rd0: fixed, 3800 blocks uhidev0 at uhub5 port 2 configuration 1 interface 0 ServerEngines SE USB Device rev 1.10/0.01 addr 2 uhidev0: iclass 3/1 ukbd0 at uhidev0 wskbd1 at ukbd0 mux 1 wskbd1: connecting to wsdisplay0 uhidev1 at uhub5 port 2 configuration 1 interface 1 ServerEngines SE USB Device rev 1.10/0.01 addr 2 uhidev1: iclass 3/1 uhid at uhidev1 not configured root on rd0a swap on rd0b dump on rd0b umass0 at uhub0 port 3 configuration 1 interface 0 Kingston DataTraveler 2.0 rev 2.00/1.10 addr 2 umass0: using SCSI over Bulk-Only scsibus1 at umass0: 2 targets sd0 at scsibus1 targ 1 lun 0: Kingston, DataTraveler 2.0, PMAP SCSI0 0/direct removable sd0: 954MB, 121 cyl, 255 head, 63 sec, 512 bytes/sec, 1953792 sec total -Message d'origine- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] De la part de Stuart Henderson Envoyi : mercredi 13 ao{t 2008 10:35 @ : misc@openbsd.org Objet : Re: Installation OpenBsd under HP DL120 On 2008-08-13, Christophe Rioux [EMAIL PROTECTED] wrote: I just try to install OpenBSD on a HP DL120 Server (big PC in Rack form). But I have the following
Re: [OOT] Can't browse http://www.xs4all.nl/~wpd/symon/ and http://www.benzedrine.cx/pfstat.html
On Thu, 14 Aug 2008 09:38:52 +0700, Steve Shockley [EMAIL PROTECTED] wrote: Insan Praja SW wrote: (20x.x0.1x4.0/23). Obfuscation doesn't help much when your IP address is in the headers... Shame on me :P -- insandotpraja(at)gmaildotcom
PPPoE - Connection reset by peer
I have a adsl used by windows, it's fine. When I used in OpenBSD: # cat /etc/ppp/ppp.conf default: set log Phase Chat LCP IPCP CCP tun debug command set redial 15+5 0 set reconnect 30 1 pppoe: set device !/usr/sbin/pppoe -i bge0 set mtu max 1492 set mru max 1492 set speed sync set dial set login enable dns disable acfcomp protocomp deny acfcomp enable lqr enable mssfixup set authname [EMAIL PROTECTED] set authkey yyy # ppp -ddial pppoe # Aug 14 16:44:28 proxy ppp[23798]: Phase: Using interface: tun1 Aug 14 16:44:28 proxy ppp[23798]: Phase: deflink: Created in closed state Aug 14 16:44:28 proxy ppp[23798]: tun1: Command: default: set redial 15+5 0 Aug 14 16:44:28 proxy ppp[23798]: tun1: Command: default: set reconnect 30 1 Aug 14 16:44:28 proxy ppp[23798]: tun1: Command: pppoe: set device !/usr/sbin/pppoe -i bge0 Aug 14 16:44:28 proxy ppp[23798]: tun1: Command: pppoe: set mtu max 1492 Aug 14 16:44:28 proxy ppp[23798]: tun1: Command: pppoe: set mru max 1492 Aug 14 16:44:28 proxy ppp[23798]: tun1: Command: pppoe: set speed sync Aug 14 16:44:28 proxy ppp[23798]: tun1: Command: pppoe: set dial Aug 14 16:44:28 proxy ppp[23798]: tun1: Command: pppoe: set login Aug 14 16:44:28 proxy ppp[23798]: tun1: Command: pppoe: enable dns Aug 14 16:44:28 proxy ppp[23798]: tun1: Command: pppoe: disable acfcomp protocomp Aug 14 16:44:28 proxy ppp[23798]: tun1: Command: pppoe: deny acfcomp Aug 14 16:44:28 proxy ppp[23798]: tun1: Command: pppoe: enable lqr Aug 14 16:44:28 proxy ppp[23798]: tun1: Command: pppoe: enable mssfixup Aug 14 16:44:28 proxy ppp[23798]: tun1: Command: pppoe: set authname [EMAIL PROTECTED] Aug 14 16:44:28 proxy ppp[23798]: tun1: Command: pppoe: set authkey Aug 14 16:44:28 proxy ppp[23119]: tun1: Phase: PPP Started (ddial mode). Aug 14 16:44:28 proxy ppp[23119]: tun1: Phase: bundle: Establish Aug 14 16:44:28 proxy ppp[23119]: tun1: Phase: deflink: closed - opening Aug 14 16:44:28 proxy ppp[23119]: tun1: Phase: deflink: Connected! Aug 14 16:44:28 proxy ppp[23119]: tun1: Phase: deflink: opening - dial Aug 14 16:44:28 proxy ppp[23119]: tun1: Phase: deflink: dial - carrier Aug 14 16:44:28 proxy ppp[23119]: tun1: Phase: deflink: carrier - login Aug 14 16:44:28 proxy ppp[23119]: tun1: Phase: deflink: login - lcp Aug 14 16:44:28 proxy ppp[23119]: tun1: LCP: FSM: Using deflink as a transport Aug 14 16:44:28 proxy ppp[23119]: tun1: LCP: deflink: State change Initial -- Closed Aug 14 16:44:28 proxy ppp[23119]: tun1: LCP: deflink: State change Closed -- Stopped Aug 14 16:44:28 proxy ppp[23119]: tun1: Phase: deflink: read (0): Connection reset by peer Aug 14 16:44:28 proxy ppp[23119]: tun1: LCP: deflink: State change Stopped -- Closed Aug 14 16:44:28 proxy ppp[23119]: tun1: LCP: deflink: State change Closed -- Initial Aug 14 16:44:28 proxy ppp[23119]: tun1: Phase: deflink: Disconnected! Aug 14 16:44:28 proxy ppp[23119]: tun1: Phase: deflink: lcp - logout Aug 14 16:44:28 proxy ppp[23119]: tun1: Phase: deflink: logout - hangup Aug 14 16:44:28 proxy ppp[23119]: tun1: Phase: deflink: Disconnected! Aug 14 16:44:28 proxy ppp[23119]: tun1: Phase: deflink: Connect time: 0 secs: 45 octets in, 0 octets out Aug 14 16:44:28 proxy ppp[23119]: tun1: Phase: deflink: 4 packets in, 0 packets out Aug 14 16:44:28 proxy ppp[23119]: tun1: Phase: total 45 bytes/sec, peak 0 bytes/sec on Thu Aug 14 16:44:28 2008 Aug 14 16:44:28 proxy ppp[23119]: tun1: Phase: deflink: HUPing 28945 Aug 14 16:44:28 proxy ppp[23119]: tun1: Phase: deflink: hangup - opening Aug 14 16:44:28 proxy ppp[23119]: tun1: Phase: deflink: Enter pause (30) for redialing. Aug 14 16:44:28 proxy ppp[23119]: tun1: Chat: deflink: Reconnect try 1 of 1 What's wrong? Thanks for some help. Dongsheng Song
Re: PPPoE - Connection reset by peer
Hi, I don't know what's solution to your problem but I recommend you take a look at the kernel pppoe driver: pppoe(4). It's very simple to configure and works as good as pppoe can work. -- Antti Harri
Re: : BIND workaround for older versions?
On Fri, Jul 25, 2008 at 07:36:43AM +0200, Guido Tschakert wrote: Stuart Henderson schrieb: On 2008-07-24, Mike Shaw [EMAIL PROTECTED] wrote: Regarding the cache poisoning patch (which I see for 4.3). Are there any effective workarounds for OpenBSD 4.0/4.1? The 4.2 patch should also work for 4.1 I can confirm that the 4.2 patch works with 4.1 (at least for me). +1 guido -- / Raimo Niskanen, Erlang/OTP, Ericsson AB
Re: uaudio+umidi recommendation
On Tue, Aug 12, 2008 at 01:55:18AM +0300, Alexey Suslikov wrote: Hello [EMAIL PROTECTED] Can somebody recommend well-supported external (u)audio card with (u)midi controller? i've never used such device, but will try to provide useful information. - by midi controller, you mean an interface to the standard MIDI UARTs with a 5-pin DIN ports, right? - do you need the card to be external because it's easier to manipulate or you have other reasons? If you wan't the card to be trully external, the only option on openbsd is any class-compliant USB device. I've an m-audio mobilepre uaudio(4) device and an 2in/2out edirol um-2 umidi(4) interface; they are really nice. Note that if the card is poorly designed, the usb connection may introduce noise anyway. There are (internal) PCI cards with _external_ rackable breakout box (ex: m-audio delta 1010) which are very good. Properly designed PCI cards can have very good accuracy. There're also poorly designed cards having bad quality. There are also excellent bare PCI cards without breakout box. They require good cables and must be properly plugged though. - why do you need the audio(4) and midi(4) device to be on the same card? they are logically (and physically) independent. IMO the only advantage of having them on the same card is to have fewer cables. in the USB case, i believe that it's better to have separate uaudio(4) and umidi(4) cards. It's to avoid cards with an USB hub and two separate devices inside. -- Alexandre
Re: BIND workaround for older versions?
Raimo Niskanen wrote: On Fri, Jul 25, 2008 at 07:36:43AM +0200, Guido Tschakert wrote: Stuart Henderson schrieb: On 2008-07-24, Mike Shaw [EMAIL PROTECTED] wrote: Regarding the cache poisoning patch (which I see for 4.3). Are there any effective workarounds for OpenBSD 4.0/4.1? The 4.2 patch should also work for 4.1 I can confirm that the 4.2 patch works with 4.1 (at least for me). +1 But...what if it didn't? This is why you have to keep your systems up-to-date, and the upgrade plans have to be part of your original implementation. Years ago, I quit doing data recovery for my clients. It became clear that every time I hauled a client's data out of the proverbial fire, rather than taking it as a lesson about how important backups are, they took it as a lesson that backups weren't that important, and Nick can get our data back, and thus, got more careless rather than more careful. My calculation was that they would lose less data if I let them lose a little now (or pay through the nose and a few other orifices to the big data recovery services) rather than recover it now and NOT be able to recover it next time. I fear that people finding out their old systems can be salvaged by back-porting patches are just going to take this as Well, upgrades aren't really that important. Come on...DNS servers running OpenBSD? That's one of the easier upgrades you can do...it's all base! (Unlike some certain other OS where they bundle stuff in, claim they support the OS for many years, but things like BIND don't really count... *sigh*). KEEP YOUR BLOOMIN' SYSTEMS UP TO DATE! Nick.
Re: console xterm
On Wed, 13 Aug 2008 17:08:02 + (UTC) [EMAIL PROTECTED] (Christian Weisgerber) wrote: Etienne Robillard [EMAIL PROTECTED] wrote: export TERM=cons25 Bad. alias ls='colorls -FG' Sorry i confused freebsd console (cons25) with obsd console (vt220), but with cons25 and colorls the console looks pretty.. ;) The proper terminal type would be TERM=wsvt25. The colorls package description actually says as much. -- Christian naddy Weisgerber [EMAIL PROTECTED] Yeah. Thanks for the clarification. Although setting the terminal type to `cons25' seems like getting colored ls output, its breaking my keyboard mapping apart.. :) Regards, -Etienne
Re: PPPoE - Connection reset by peer
Aug 14 16:44:28 proxy ppp[23119]: tun1: Phase: deflink: login - lcp Aug 14 16:44:28 proxy ppp[23119]: tun1: LCP: FSM: Using deflink as a transport [...] Aug 14 16:44:28 proxy ppp[23119]: tun1: Phase: deflink: read (0): Connection reset by peer [...] Aug 14 16:44:28 proxy ppp[23119]: tun1: Phase: deflink: Disconnected! Looks like the remote peer does not like LCP. Try disable lcp. ciao, chakl
spamdb with '0' as pass
I have difficulties in understanding why a minority of IP's of a huge set of WHITE entries of our spamdb do not have a 'pass' date set: # spamdb | grep 128.1x8.50.xxx WHITE|128.1x8.50.xxx|||1218625388|0|1221750240|1|1 spamdb(8) says: time the entry passed from being GREY to being WHITE. Since it is WHITE, how can pass be 0? Puzzled, Stephan
Re: Using PF to NAT internal addresses over an IPSec link
I have the following configuration: LAN_B--[openBSD+Pf+Nat+VPN]---(internet)---[OpenBSD+Pf+NAT+VPN]---[openBSD+Squid]---LAN_A http://bsdsupport.org/ , setting up Ipsec over GRE on OpenBSD I can ping a host from LAN_A to a host on LAN_B I hope this can Help ! Original-Nachricht Datum: Wed, 13 Aug 2008 16:41:20 -0400 Von: Toby Burress [EMAIL PROTECTED] An: misc@openbsd.org Betreff: Using PF to NAT internal addresses over an IPSec link I have an IPSec connection set up to an external site, over which I have no control and whose topololgy I know nothign about (i.e. I don't know what subnets they use, etc.) Using ipsecctl, I have one flow set up, from my external IP A.B.C.D to an internal IP on their side, 172.25.0.1. I can ping 172.25.0.1 from the OpenBSD box, so IPSec is working fine. What I want to do is allow any machine from my internal networks to reach 172.25.0.1. What I would like to do is set up NAT, so that packets headed to the OpenBSD box from anywhere on my network get translated to A.B.C.D, which is then sent over the VPN connection. Unfortunately it looks like PF only applies NAT transforms when packets leave interfaces, not when they enter them, so packets come into the OpenBSD box with their private IPs, get routed out the interface associated with the default route, and only then get rewritten. Is there a better way to do this? I would like to be able to change which hosts on my side can go over the IPSec connection without having to coordinate with the other company, and without having to expose internal IP information. If you reply to the list please cc me as I am not subscribed. -- Pt! Schon das coole Video vom GMX MultiMessenger gesehen? Der Eine f|r Alle: http://www.gmx.net/de/go/messenger03
Re: PPPoE - Connection reset by peer
On 2008-08-14, Olaf Schreck [EMAIL PROTECTED] wrote: Aug 14 16:44:28 proxy ppp[23119]: tun1: Phase: deflink: login - lcp Aug 14 16:44:28 proxy ppp[23119]: tun1: LCP: FSM: Using deflink as a transport [...] Aug 14 16:44:28 proxy ppp[23119]: tun1: Phase: deflink: read (0): Connection reset by peer [...] Aug 14 16:44:28 proxy ppp[23119]: tun1: Phase: deflink: Disconnected! Looks like the remote peer does not like LCP. I think this is unlikely. Lack of LCP would be a bit of a problem if you were trying to establish a PPP connection with them...
Re: Hardware recommendation for firewalls (more than 4 NICs)
On Fri, Aug 8, 2008 at 3:08 PM, James Records [EMAIL PROTECTED]wrote: Grab a Watchguard Firebox X off of ebay, they have 6 interfaces, and you can get them pretty cheap, some of the bigger ones have more, onboard crypto, perfect for building openbsd firewalls... you can run off a CF... I'm putting together a project that uses openbsd on these boxes. If you have any questions about running openbsd on them let me know: www.thewaffle.org all the series works ? the url doesn't work:The requested URL /alpha.html was not found on this server.
How to copy an entire directory to my home directory
Hello, Ibm trying to copy all the contents of /root/var/namedb from a remote OpenBSD3.8 DNS server to my local PC. I am using WinSCP for file transfer. I have found that I am unable to download some of the directories: /root/var/named/etc /root/var/named/log /root/var/named/slave I do not know OpenBSD or Unix but I can use Putty to login to the console as a member of the wheel group then I can type su b to execute commands as root. I was told that I should copy the etc, log, and slave directories to my local user directory, then I would be allowed to download them using WinSCP. I do not know the commands to copy a whole directory. Can anyone help? I want to make sure that when the copies end up in my home directory, they no longer have bwhatever restrictions are keeping me from downloading them from where the originals are at now. Thanks very much for any help
Re: How to copy an entire directory to my home directory
On Thu, Aug 14, 2008 at 11:14 AM, skogzort [EMAIL PROTECTED] wrote: Hello, Ib m trying to copy all the contents of /root/var/namedb from a remote OpenBSD3.8 DNS server to my local PC. I am using WinSCP for file transfer. I have found that I am unable to download some of the directories: /root/var/named/etc /root/var/named/log /root/var/named/slave I do not know OpenBSD or Unix but I can use Putty to login to the console as a member of the wheel group then I can type su b to execute commands as root. Either log in as root and tarball the directory, or log in as root through scp and pull it in. I was told that I should copy the etc, log, and slave directories to my local user directory, then I would be allowed to download them using WinSCP. I do not know the commands to copy a whole directory. Can anyone help? I want to make sure that when the copies end up in my home directory, they no longer have b whatever restrictions are keeping me from downloading them from where the originals are at now. man cp(1)
Re: How to copy an entire directory to my home directory
On Thu, Aug 14, 2008 at 12:40:38PM -0700, Johan Beisser wrote: man cp(1) You're all apparently missing out on a great tool called GHome Mover (http://www.brookepeig.com/ghomemover/). I know the guy said he is logging in from remote, but it is definitely worth the effort having X installed on your server and tunneled through SSH just to use this absolutely revolutionary tool! -p.
Re: How to copy an entire directory to my home directory
On Thu, Aug 14, 2008 at 1:15 PM, Pedro Martelletto [EMAIL PROTECTED] wrote: You're all apparently missing out on a great tool called GHome Mover (http://www.brookepeig.com/ghomemover/). I know the guy said he is logging in from remote, but it is definitely worth the effort having X installed on your server and tunneled through SSH just to use this absolutely revolutionary tool! If you're going outside of base, just use rsync. If you're staying in base, and not using X, abuse tar(1), and ssh(1) tunnels. tar cf - ./* | ssh host tar xvf - -C /path/to/destination/dir or ssh host tar cf - /start/dir/ | tar xvf - -C /path/to/dest/dir The latter may need some adjustment or other switches to remove the patch from the starting directory.
Re: How to copy an entire directory to my home directory
At 11:14 AM 8/14/2008 -0700, skogzort wrote: Hello, Ibm trying to copy all the contents of /root/var/namedb from a remote OpenBSD3.8 DNS server to my local PC. I am using WinSCP for file transfer. I have found that I am unable to download some of the directories: /root/var/named/etc /root/var/named/log /root/var/named/slave I do not know the commands to copy a whole directory. Can anyone help? KISS: $cd (makes sure you're in YOUR home directory) $mkdir stuff $su .. (Make sure you're still in your directory stuff) # cd /your home directory/stuff mkdir etc cp /root/var/named/etc/* etc mkdir log cp /root/var/named/log/* log mkdir slave cp /root/var/named/slave/* slave cd .. chown -R you * That should leave you three directories under 'stuff' you can grab via winscp. Lee
4.3 Bootloader waiting for keypress before loading kernel
Hi, I am still new to the *BSD world, but hopefully I will include most of the relevant information regarding my issue. If not, please forgive me. :) I have just done a fresh install of OpenBSD 4.3 (i386, AthlonXP 1800+, so not that old of hardware) which is running properly with one exception: the system pauses at boot time after selecting what partition/kernel to load and waits for any key to be pressed. After pressing any key, the machine boots and functions properly. I see the following after the bootloader timeout expires: booting hd0a:/bsd: 5913424+1004644 [52+306864+287943]=0x72a4d4 entry point at 0x200120 At which point the system waits. It sits indefinitely until any key is pressed. /etc/boot.conf contains set timeout 10. If I type any valid command into the boot prompt, the system loads the kernel and boots normally. It only hangs if the loader selects the kernel itself. Additionally, it hangs even when I specify a partition to use in boot.conf (bsd, bsd.rd, even the bootable CD do the same thing). I have also reinstalled completely as well as recompiled the kernel/system from CVSup. I am getting the feeling that this is some simple issue that I have missed, but nothing has come up with any of my internet/list archive searches. Anyone else with the issue seems to have a system that is unresponsive following the entry point... line. I don't plan on having a display or keyboard attached to this machine, so it would be convenient to not have to physically interact with it on each boot. Sorry for the length. I hope I have included all necessary information, my dmesg output is below. Best regards, Ryan Smith dmesg output: (pseudo device) 454 ppp count 1 (pseudo device) 455 sl count 1 (pseudo device) --- more ---456 tun count 1 (pseudo device) 457 vlan count 1 (pseudo device) 458 trunk count 1 (pseudo device) 459 pppoe count 1 (pseudo device) 460 bio count 1 (pseudo device) 461 pctr count 1 (pseudo device) 462 mtrr count 1 (pseudo device) 463 nvram count 1 (pseudo device) 464 sequencer count 1 (pseudo device) 465 hotplug count 1 (pseudo device) 466 wsmux count 2 (pseudo device) 467 crypto count 1 (pseudo device) Continuing... mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 02/24/03, BIOS32 rev. 0 @ 0xfdad0, SMBIOS rev. 2.3 @ 0xf0630 (22 entries) bios0: vendor American Megatrends Inc. version 07.00T date 04/02/01 bios0: MSI MS-6380E acpi at bios0 function 0x0 not configured pcibios0 at bios0: rev 2.1 @ 0xf/0x1 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf7f20/208 (11 entries) pcibios0: PCI Interrupt Router at 000:17:0 (VIA VT8235 ISA rev 0x00) pcibios0: PCI bus #1 is the last bus bios0: ROM list: 0xc/0xd000 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 VIA VT8366 PCI rev 0x00 agp0 at pchb0: v2, aperture at 0xe000, size 0x1000 ppb0 at pci0 dev 1 function 0 VIA VT8366 AGP rev 0x00 pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 ATI Radeon 9600 XT rev 0x00 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) ATI Radeon 9600 XT Sec rev 0x00 at pci1 dev 0 function 1 not configured ral0 at pci0 dev 6 function 0 Ralink RT2561S rev 0x00: irq 10, address 00:1f:1f:05:ce:e9 ral0: MAC/BBP RT2561C, RF RT2527 rl0 at pci0 dev 7 function 0 D-Link Systems 530TX+ rev 0x10: irq 9, address 00:11:95:26:4a:d5 rlphy0 at rl0 phy 0: RTL internal PHY uhci0 at pci0 dev 16 function 0 VIA VT83C572 USB rev 0x80: irq 11 uhci1 at pci0 dev 16 function 1 VIA VT83C572 USB rev 0x80: irq 10 ehci0 at pci0 dev 16 function 3 VIA VT6202 USB rev 0x82: irq 5 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 VIA EHCI root hub rev 2.00/1.00 addr 1 viapm0 at pci0 dev 17 function 0 VIA VT8235 ISA rev 0x00 iic0 at viapm0 iic0: addr 0x1b 06=f0 08=01 09=01 0b=fd 0c=04 0d=04 0e=f0 0f=07 10=0c 11=03 12=04 14=55 15=55 17=ff 18=ff 1c=02 20=ff 22=07 26=30 29=ff words 00=00ff 01=00ff 02=00ff 03=00ff 04=00ff 05=00ff 06=f0ff 07=00ff 08=01ff 09=01ff 0a=00ff 0b=fdff 0c=04ff 0d=04ff 0e=f0ff 0f=07ff iic0: addr 0x2f 00=00 02=0f 03=00 04=00 06=0f 07=00 08=00 0a=06 0b=00 0c=00 0d=07 0e=84 0f=00 10=c0 11=11 12=00 13=60 words 00=00ff 01= 02=0fff 03=00ff 04=00ff 05= 06=0fff 07=00ff 08=00ff 09= 0a=06ff 0b=00ff 0c=00ff 0d=07ff 0e=84ff 0f=00ff spdmem0 at iic0 addr 0x50: 512MB DDR SDRAM non-parity PC3200CL2.5 pciide0 at pci0 dev 17 function 1 VIA VT82C571 IDE rev 0x06: ATA133, channel 0 configured to compatibility, channel 1 configured to compatibility wd0 at pciide0 channel 0 drive 0: WDC WD1600JB-00GVA0 wd0: 16-sector PIO, LBA48, 152627MB, 312581808 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5 pciide0: channel 1 disabled (no drives) auvia0 at pci0 dev 17 function 5 VIA VT8233 AC97 rev 0x50: irq 9 ac97: codec id 0x414c4720 (Avance Logic ALC650) ac97: codec features 20 bit DAC, 18 bit ADC, Realtek 3D audio at auvia0 not configured usb1 at uhci0: USB revision 1.0 uhub1 at usb1
Re: 4.3 Bootloader waiting for keypress before loading kernel
Thanks for the reply Daniel. I should have noted that the machine did the same thing on initial boot (lacking boot.conf). Currently, boot.conf only increases the timeout; it does the same thing with or without a kernel being specified in boot.conf. If I type in a kernel to use at the bootloader prompt, it will boot normally without the delay. Best regards, Ryan Smith -Original Message- From: Daniel Ouellet [mailto:[EMAIL PROTECTED] Sent: Thursday, August 14, 2008 4:43 PM To: Ryan Smith Cc: misc@openbsd.org Subject: Re: 4.3 Bootloader waiting for keypress before loading kernel Ryan Smith wrote: /etc/boot.conf contains set timeout 10. If I type any valid command into The default install don't have these. May be stupid to ask, but did you try without your boot.conf file? From the FaQ a bit lower from it http://www.openbsd.org/faq/faq6.html#PXE Note that /etc/boot.conf is only needed if the kernel you wish to boot from is not named bsd, or other pxeboot defaults are not as you need them (for example, you wish to use a serial console). You can test your tftpd(8) server using a tftp(1) client, making sure you can fetch the needed files. Does it go well without it? Best, Daniel
Re: 4.3 Bootloader waiting for keypress before loading kernel
Ryan Smith wrote: Thanks for the reply Daniel. I should have noted that the machine did the same thing on initial boot (lacking boot.conf). Currently, boot.conf only increases the timeout; it does the same thing with or without a kernel being specified in boot.conf. If I type in a kernel to use at the bootloader prompt, it will boot normally without the delay. And you did it (without the boot.conf), not on your own compile version, but on the stable distribution one as the system you run now if your own compile version: OpenBSD 4.3-stable (GENERIC) #0: Thu Aug 14 09:15:48 CDT 2008 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC snip You didn't try to make changes on the default kernel, some optimization, removing drivers, or what not right? And your root / partition is not a multi GB in size, just in case right?
Re: 4.3 Bootloader waiting for keypress before loading kernel
Ryan Smith wrote: /etc/boot.conf contains set timeout 10. If I type any valid command into The default install don't have these. May be stupid to ask, but did you try without your boot.conf file? From the FaQ a bit lower from it http://www.openbsd.org/faq/faq6.html#PXE Note that /etc/boot.conf is only needed if the kernel you wish to boot from is not named bsd, or other pxeboot defaults are not as you need them (for example, you wish to use a serial console). You can test your tftpd(8) server using a tftp(1) client, making sure you can fetch the needed files. Does it go well without it? Best, Daniel
Re: 4.3 Bootloader waiting for keypress before loading kernel
Ryan Smith wrote: Thanks for the reply Daniel. I should have noted that the machine did the same thing on initial boot (lacking boot.conf). Currently, boot.conf only increases the timeout; it does the same thing with or without a kernel being specified in boot.conf. If I type in a kernel to use at the bootloader prompt, it will boot normally without the delay. You could always try this. As Nick explain before in the archive. This usually should work no problem, unless there is a keyboard switch in the path or something similar, witch you do not right? http://archives.neohapsis.com/archives/openbsd/2005-01/2830.html Anyway, as you say your system boot if you enter, or press a key, you can always just try this and see echo boot /etc/boot.conf But I would try without the keyboard connected and see and also make sure your BIOS do not have the wait on keyboard if error setup. Just a thought there as well. Not sure about your bios, but some old one did have this in there and if not setup properly, just wait on keyboard error. So, try without a keyboard and also try the above echo to see. After that, if it still doesn't work, may be someone else may have a better suggestion for you. But I would think that would be the source of the problem, but I could be wrong. Is your keyboard is USB type by any chance? Not that it should make a difference, but if so, may be you have something else connected there that give you the problem. Best, Daniel
openldap-server on 4.3? (newbie)
Please accept my apologies if this question has been asked, etc. I have done my very best to research it but have found nothing that helps. I am trying to set my new OpenBSD 4.3 installation up as a PDC for a windows network. I am following directions from http://www.kernel-panic.it/openbsd/pdc/pdc2.html but I cannot get openldap-server to build from the ports, because the bdb flavor is marked broken in 4.3! In the tutorial, he just continues on without explaining what to do. What ought I do to get openldap-server to build? Thank you very much for your patience and time. Ross Tucker
Re: 4.3 Bootloader waiting for keypress before loading kernel
Daniel Ouellet: snip You didn't try to make changes on the default kernel, some optimization, removing drivers, or what not right? And your root / partition is not a multi GB in size, just in case right? /snip My root partition is 10GB in size, following the recommendation of openbsd101.com. I have had no other problems with other operating systems, but perhaps I was just getting lucky with the bootloader being loaded in the appropriate region for the BIOS. I will try reinstalling with a smaller root. snip echo boot /etc/boot.conf But I would try without the keyboard connected and see and also make sure your BIOS do not have the wait on keyboard if error setup. Just a thought there as well. Not sure about your bios, but some old one did have this in there and if not setup properly, just wait on keyboard error. ... But I would think that would be the source of the problem, but I could be wrong. Is your keyboard is USB type by any chance? Not that it should make a difference, but if so, may be you have something else connected there that give you the problem. /snip The BIOS seems happy to boot without a keyboard attached (which is PS/2). It proceeds to load the boot loader where it hangs in the same place, but this time, I can't press any keys to get it to continue loading. :) I also tried eliminating the timeout with boot in boot.conf, but I still have this issue, with or without a keyboard being attached.
SOLVED: openldap-server on 4.3? (newbie)
Thanks for the bandwidth. Ross
Re: openldap-server on 4.3? (newbie)
On 2008-08-14, Ross Tucker [EMAIL PROTECTED] wrote: I am trying to set my new OpenBSD 4.3 installation up as a PDC for a windows network. I am following directions from http://www.kernel-panic.it/openbsd/pdc/pdc2.html but I cannot get openldap-server to build from the ports, because the bdb flavor is marked broken in 4.3! In the tutorial, he just continues on without explaining what to do. What ought I do to get openldap-server to build? Don't use the bdb flavor. Just set PKG_PATH appropriately as per FAQ15.2.2 and pkg_add openldap-server for the normal LDBM version. I don't see much point for what you want in building your own package from the port, you might as well use the ones that are already built. Berkeley(/Sleepycat/Oracle) DB broke the API mid-release-cycle (4.6.3 or something, earlier 4.6.x were OK), OpenLDAP added support for the new version to 2.4 _only_, not 2.3 (which was until recently the release they deemed stable).
Re: 4.3 Bootloader waiting for keypress before loading kernel
On Aug 14, 2008, at 4:17 PM, Ryan Smith wrote: My root partition is 10GB in size, following the recommendation of openbsd101.com. I have had no other problems with other operating systems, but perhaps I was just getting lucky with the bootloader being loaded in the appropriate region for the BIOS. I will try reinstalling with a smaller root. what is openbsd101.com? nevermind, don't answer. you might consider reading the install documentation supplied with the product you're installing though. ftp://ftp.openbsd.org/OpenBSD/4.3/i386/INSTALL.i386 Ben
Re: Using PF to NAT internal addresses over an IPSec link
Hey List ! ... Interesting... I was about to send an e-mail on the list regarding this same question : aka: Best practice on NAT over IPsec... or how to do it correctly ?!?!?!? May I can suggest you to try something... : ( that what I will try anyway somewhere next week or so... ) Create a Loopback interface on one of your BSD and try to NAT on this 'lo' interface ... from that nat, adjust your pf to block all from lan A to lab B except from NAT ...and well, I think it should work ! any other suggestion to try or any ''already working here' ' notes that someone can post ? Regards, M-A Jorge Valbuena wrote: I have the following configuration: LAN_B--[openBSD+Pf+Nat+VPN]---(internet)---[OpenBSD+Pf+NAT+VPN]---[openBSD+Squid]---LAN_A http://bsdsupport.org/ , setting up Ipsec over GRE on OpenBSD I can ping a host from LAN_A to a host on LAN_B I hope this can Help ! Original-Nachricht Datum: Wed, 13 Aug 2008 16:41:20 -0400 Von: Toby Burress [EMAIL PROTECTED] An: misc@openbsd.org Betreff: Using PF to NAT internal addresses over an IPSec link I have an IPSec connection set up to an external site, over which I have no control and whose topololgy I know nothign about (i.e. I don't know what subnets they use, etc.) Using ipsecctl, I have one flow set up, from my external IP A.B.C.D to an internal IP on their side, 172.25.0.1. I can ping 172.25.0.1 from the OpenBSD box, so IPSec is working fine. What I want to do is allow any machine from my internal networks to reach 172.25.0.1. What I would like to do is set up NAT, so that packets headed to the OpenBSD box from anywhere on my network get translated to A.B.C.D, which is then sent over the VPN connection. Unfortunately it looks like PF only applies NAT transforms when packets leave interfaces, not when they enter them, so packets come into the OpenBSD box with their private IPs, get routed out the interface associated with the default route, and only then get rewritten. Is there a better way to do this? I would like to be able to change which hosts on my side can go over the IPSec connection without having to coordinate with the other company, and without having to expose internal IP information. If you reply to the list please cc me as I am not subscribed.
Re: 4.3 Bootloader waiting for keypress before loading kernel
You have assumed that because I have used some resource for new users that I have not read any of the official documentation. This would be untrue. In fact, INSTALL.i386 was the first thing I read while grabbing the ISO, but since I have had no problems with a larger bootable partition with Linux, I anticipated no problems with the larger partition sizes recommended on the aforementioned website. The minimum partition sizes from the FAQ are for a substantially smaller hard drive, and, obviously, scaling the sizes by the almost order of magnitude of difference would not have been a good idea. There are other supplemental resources out there, and not all of them are bad. Thanks anyway. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ben Calvert Sent: Thursday, August 14, 2008 6:34 PM To: Ryan Smith Cc: misc@openbsd.org Subject: Re: 4.3 Bootloader waiting for keypress before loading kernel On Aug 14, 2008, at 4:17 PM, Ryan Smith wrote: My root partition is 10GB in size, following the recommendation of openbsd101.com. I have had no other problems with other operating systems, but perhaps I was just getting lucky with the bootloader being loaded in the appropriate region for the BIOS. I will try reinstalling with a smaller root. what is openbsd101.com? nevermind, don't answer. you might consider reading the install documentation supplied with the product you're installing though. ftp://ftp.openbsd.org/OpenBSD/4.3/i386/INSTALL.i386 Ben
PPPoE(4) - pap failure: 22 (Re: PPPoE - Connection reset by peer)
When I user pppoe(4): # cat /etc/hostname.bge0 up # cat /etc/hostname.pppoe0 inet 0.0.0.0 255.255.255.255 NONE \ pppoedev bge0 authproto pap \ authname '[EMAIL PROTECTED]' authkey 'yyy' up dest 0.0.0.1 !/sbin/route add -inet 59.37.173.0/24 0.0.0.1 I got error pap failure: 22: Aug 15 09:48:38 proxy /bsd: pppoe0: disconnecting Aug 15 09:48:38 proxy /bsd: pppoe0: lcp down(stopped) Aug 15 09:48:38 proxy /bsd: pppoe0: lcp stopped-starting Aug 15 09:48:38 proxy /bsd: pppoe0: phase establish Aug 15 09:48:38 proxy /bsd: pppoe0 (8863) state=1, session=0x0 output - ff:ff:ff:ff:ff:ff, len=18 Aug 15 09:48:38 proxy /bsd: pppoe0: Down event (carrier loss), taking interface down.7pppoe0: lcp close(starting) Aug 15 09:48:38 proxy /bsd: pppoe0: lcp starting-initial Aug 15 09:48:38 proxy /bsd: pppoe0: phase dead Aug 15 09:48:38 proxy /bsd: pppoe0 (8863) state=2, session=0x0 output - 00:90:1a:41:d2:86, len=38 Aug 15 09:48:38 proxy /bsd: pppoe0: session 0x18d connected Aug 15 09:48:38 proxy /bsd: pppoe0: lcp open(initial) Aug 15 09:48:38 proxy /bsd: pppoe0: lcp initial-starting Aug 15 09:48:38 proxy /bsd: pppoe0: phase establish Aug 15 09:48:38 proxy /bsd: pppoe0: lcp up(starting) Aug 15 09:48:38 proxy /bsd: pppoe0: lcp starting-req-sent Aug 15 09:48:38 proxy /bsd: pppoe0: lcp output conf-req id=0x40 len=10 05-06-a9-ff-60-ba Aug 15 09:48:38 proxy /bsd: pppoe0 (8864) state=3, session=0x18d output - 00:90:1a:41:d2:86, len=18 Aug 15 09:48:39 proxy /bsd: pppoe0: lcp input(req-sent): conf-req id=0xc0 len=18 01-04-05-d4-03-04-c0-23-05-06-0c-ed-39-6b-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 Aug 15 09:48:39 proxy /bsd: pppoe0: lcp parse opts: mru auth-proto magic Aug 15 09:48:39 proxy /bsd: pppoe0: lcp parse opt values: mru 1492 auth-proto magic 0xced396b send conf-ack Aug 15 09:48:39 proxy /bsd: pppoe0: lcp output conf-ack id=0xc0 len=18 01-04-05-d4-03-04-c0-23-05-06-0c-ed-39-6b Aug 15 09:48:39 proxy /bsd: pppoe0 (8864) state=3, session=0x18d output - 00:90:1a:41:d2:86, len=26 Aug 15 09:48:39 proxy /bsd: pppoe0: lcp req-sent-ack-sent Aug 15 09:48:39 proxy /bsd: pppoe0: lcp input(ack-sent): conf-ack id=0x40 len=10 05-06-a9-ff-60-ba-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 Aug 15 09:48:39 proxy /bsd: pppoe0: lcp ack-sent-opened Aug 15 09:48:39 proxy /bsd: pppoe0: lcp tlu Aug 15 09:48:39 proxy /bsd: pppoe0: up Aug 15 09:48:39 proxy /bsd: pppoe0: phase authenticate Aug 15 09:48:39 proxy /bsd: pppoe0: pap output req id=0x41 len=34 14-67-7a-44-53-4c-33-37-38-38-33-37-30-38-40-31-36-33-2e-67-64-08-44-56-42-4c-50-42-4d-4e Aug 15 09:48:39 proxy /bsd: pppoe0 (8864) state=3, session=0x18d output - 00:90:1a:41:d2:86, len=42 Aug 15 09:48:40 proxy /bsd: pppoe0: pap peer TO Aug 15 09:48:40 proxy /bsd: pppoe0: pap output req id=0x42 len=34 14-67-7a-44-53-4c-33-37-38-38-33-37-30-38-40-31-36-33-2e-67-64-08-44-56-42-4c-50-42-4d-4e Aug 15 09:48:40 proxy /bsd: pppoe0 (8864) state=3, session=0x18d output - 00:90:1a:41:d2:86, len=42 Aug 15 09:48:41 proxy /bsd: pppoe0: pap failure: 22 Aug 15 09:48:41 proxy /bsd: pppoe0: lcp input(opened): term-req id=0xc1 len=4 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 Aug 15 09:48:41 proxy /bsd: pppoe0: lcp opened-stopping Aug 15 09:48:41 proxy /bsd: pppoe0: phase terminate Aug 15 09:48:41 proxy /bsd: pppoe0: lcp send terminate-ack Aug 15 09:48:41 proxy /bsd: pppoe0: lcp output term-ack id=0xc1 len=4 Aug 15 09:48:41 proxy /bsd: pppoe0 (8864) state=3, session=0x18d output - 00:90:1a:41:d2:86, len=12 Aug 15 09:48:51 proxy /bsd: pppoe0: lcp TO(stopping) rst_counter = 0 Aug 15 09:48:51 proxy /bsd: pppoe0: lcp stopping-stopped Aug 15 09:48:51 proxy /bsd: pppoe0: phase dead Aug 15 09:48:51 proxy /bsd: pppoe0: timeout Aug 15 09:48:51 proxy /bsd: pppoe0: disconnecting Aug 15 09:48:51 proxy /bsd: pppoe0: lcp down(stopped) Aug 15 09:48:51 proxy /bsd: pppoe0: lcp stopped-starting Aug 15 09:48:51 proxy /bsd: pppoe0: phase establish ... Thanks for some help. -- Dongsheng Song 2008/8/14 Antti Harri [EMAIL PROTECTED]: Hi, I don't know what's solution to your problem but I recommend you take a look at the kernel pppoe driver: pppoe(4). It's very simple to configure and works as good as pppoe can work. -- Antti Harri
Re: 4.3 Bootloader waiting for keypress before loading kernel
On Thu, Aug 14, 2008 at 7:57 PM, Ryan Smith [EMAIL PROTECTED] wrote: You have assumed that because I have used some resource for new users that I have not read any of the official documentation. This would be untrue. In fact, INSTALL.i386 was the first thing I read while grabbing the ISO, but since I have had no problems with a larger bootable partition with Linux, I anticipated no problems with the larger partition sizes recommended on the aforementioned website. The minimum partition sizes from the FAQ are for a substantially smaller hard drive, and, obviously, scaling the sizes by the almost order of magnitude of difference would not have been a good idea. There are other supplemental resources out there, and not all of them are bad. Thanks anyway. OpenBSD is not Linux. http://www.openbsd.org/faq/faq4.html#Install http://www.openbsd.org/faq/faq14.html#LargeDrive What was lacking about the official resources that the supplemental ones provided? --david
Re: 4.3 Bootloader waiting for keypress before loading kernel
I am aware that OpenBSD is not Linux and never made the assertion that they were the same. That's the reason I am trying to use OpenBSD and not Linux; it is more suited for what I am eventually wanting to do. I wasn't trying to say it works in Linux, so why doesn't it work in OpenBSD? I understand they are different, but I also understand that the BIOS is the defining factor in the bootable partition size limitation. For that reason, it is not unreasonable to expect that if I have a 10gb partition in XYZ operating system (insert Linux) and the BIOS still allows booting from this partition regardless of where the bootloader and kernel falls, the BIOS probably will continue to allow me to boot on a similarly-sized partition with another operating system. If the BIOS will address n-gb for XYZ operating system, it is unlikely to refuse to address that size for OpenBSD. There was nothing lacking in the official documentation. Additionally, the supplemental documentation actually didn't provide very much; most of the OpenBSD stuff I have found is just summarized documentation or verbatim manpages. But if we followed the logic of if it's not the official documentation, it's no good, there would be no reason for having mailing lists or fora either. The documentation included in the manpages is fantastic, easily the best that I've ever seen with an OS; but as a new user to the *BSD systems, it can be overwhelming at first, and sometimes a dumbed-down guide is a nice preface for a dumbed-down user like myself. Anyway, I dropped the root partition size to 1gb and did clean install, but still this issue prevails. I have been through the BIOS settings time and again and haven't found any setting that would be causing this, nor have I been able to find anything on the OS side. Is it possible (likely?) that this is being caused by hardware? I don't know if it is actually the bootloader that is causing the delay or if the kernel is actually being loaded and hangs for some reason. Any other suggestions would be appreciated. Best, Ryan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Higgs Sent: Thursday, August 14, 2008 9:31 PM To: Ryan Smith Cc: misc@openbsd.org Subject: Re: 4.3 Bootloader waiting for keypress before loading kernel On Thu, Aug 14, 2008 at 7:57 PM, Ryan Smith [EMAIL PROTECTED] wrote: You have assumed that because I have used some resource for new users that I have not read any of the official documentation. This would be untrue. In fact, INSTALL.i386 was the first thing I read while grabbing the ISO, but since I have had no problems with a larger bootable partition with Linux, I anticipated no problems with the larger partition sizes recommended on the aforementioned website. The minimum partition sizes from the FAQ are for a substantially smaller hard drive, and, obviously, scaling the sizes by the almost order of magnitude of difference would not have been a good idea. There are other supplemental resources out there, and not all of them are bad. Thanks anyway. OpenBSD is not Linux. http://www.openbsd.org/faq/faq4.html#Install http://www.openbsd.org/faq/faq14.html#LargeDrive What was lacking about the official resources that the supplemental ones provided? --david
Resent, Issues with -CURRENT on Vostro 1310
Resending as the 1st attempt to send this with acpidump pcidump output resulted in a 105kb sized email. It seems the previous issues with re(4) reported on here have been semi fixed, however the system is acting strange, if I attempt to boot the system from GENERIC without disable ACPI, the system will stop after spkr0 at pcppi0, the keyboard is still responsive in that I can switch scroll, caps, num lock on off but the system just sits there. Power cycling the box attempting to boot GENERIC.MP kernel after the hang will cause a kernel panic with the previously reported panic: config_detach: forced detach of re0 failed (45) What I noticed is that though re(4) is detected, an error follows no PHY found reset never completed The only way to get the system to boot GENERIC.MP is to switch the machine off, unplug battery mains, wait then use GENERIC.MP when you power up. The system also needs to have ACPI disabled to boot from install44.iso. As previously reported acpidump core dumps when run on this system aswell. Screenshot of trace, ps after kernel panic, the core file from acpidump coredump + acpi pcidump output can be found here: http://geeklan.co.uk/files/vostro1310/openbsd/august-12th/ OpenBSD 4.4 (GENERIC.MP) #1812: Tue Aug 12 17:22:53 MDT 2008 [EMAIL PROTECTED]:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 2132897792 (2034MB) avail mem = 2071056384 (1975MB) mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xdc010 (38 entries) bios0: vendor Dell Inc. version A10 date 07/10/2008 bios0: Dell Inc. Vostro1310 acpi0 at bios0: rev 2 acpi0: tables DSDT FACP APIC HPET MCFG TCPA TMOR OSFR APIC BOOT SLIC SSDT SSDT SSDT SSDT acpi0: wakeup devices LID0(S3) HDEF(S3) PXSX(S3) PXSX(S5) USB1(S0) USB2(S0) USB3(S0) USB4(S0) USB5(S0) EHC1(S0) EHC2(S0) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM)2 Duo CPU T5670 @ 1.80GHz, 1795.74 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,EST,TM2,CX16,xTPR ,NXE,LONG cpu0: 2MB 64b/line 8-way L2 cache cpu0: apic clock running at 199MHz cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Core(TM)2 Duo CPU T5670 @ 1.80GHz, 1795.50 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,EST,TM2,CX16,xTPR ,NXE,LONG cpu1: 2MB 64b/line 8-way L2 cache ioapic0 at mainbus0 apid 1 pa 0xfec0, version 20, 24 pins ioapic0: misconfigured as apic 2, remapped to apid 1 acpihpet0 at acpi0: 14318179 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 1 (PEGP) acpiprt2 at acpi0: bus 2 (RP01) acpiprt3 at acpi0: bus 3 (RP02) acpiprt4 at acpi0: bus -1 (RP03) acpiprt5 at acpi0: bus 6 (RP04) acpiprt6 at acpi0: bus 7 (RP05) acpiprt7 at acpi0: bus -1 (RP06) acpiprt8 at acpi0: bus 8 (PCIB) acpiec0 at acpi0 acpicpu0 at acpi0: C3, C2 acpicpu1 at acpi0: C3, C2 acpibtn0 at acpi0: LID0 acpibtn1 at acpi0: PWRB acpibtn2 at acpi0: SLPB acpiac0 at acpi0: AC unit offline acpibat0 at acpi0: BAT1 serial 11 type Lion oem Dell acpivideo at acpi0 not configured acpivideo at acpi0 not configured cpu0: unknown Enhanced SpeedStep CPU, msr 0x0612092506000925 cpu0: using only highest and lowest power states cpu0: Enhanced SpeedStep 1800 MHz (1292 mV): speeds: 1800, 1200 MHz pci0 at mainbus0 bus 0: configuration mode 1 pchb0 at pci0 dev 0 function 0 Intel GM965 Host rev 0x0c ppb0 at pci0 dev 1 function 0 Intel GM965 PCIE rev 0x0c: apic 1 int 16 (irq 5) pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 vendor NVIDIA, unknown product 0x0427 rev 0xa1 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) agp0 at vga1: no integrated graphics drm at vga1 unsupported uhci0 at pci0 dev 26 function 0 Intel 82801H USB rev 0x03: apic 1 int 16 (irq 5) uhci1 at pci0 dev 26 function 1 Intel 82801H USB rev 0x03: apic 1 int 21 (irq 11) ehci0 at pci0 dev 26 function 7 Intel 82801H USB rev 0x03: apic 1 int 18 (irq 10) usb0 at ehci0: USB revision 2.0 uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1 azalia0 at pci0 dev 27 function 0 Intel 82801H HD Audio rev 0x03: apic 1 int 22 (irq 10) azalia0: codec[s]: Realtek/0x0268 audio0 at azalia0 ppb1 at pci0 dev 28 function 0 Intel 82801H PCIE rev 0x03: apic 1 int 17 (irq 11) pci2 at ppb1 bus 2 ppb2 at pci0 dev 28 function 1 Intel 82801H PCIE rev 0x03: apic 1 int 16 (irq 5) pci3 at ppb2 bus 3 ppb3 at pci0 dev 28 function 3 Intel 82801H PCIE rev 0x03: apic 1 int 19 (irq 11) pci4 at ppb3 bus 6 ppb4 at pci0 dev 28 function 4 Intel 82801H PCIE rev 0x03: apic 1 int 17 (irq 11) pci5 at ppb4 bus 7 re0 at pci5 dev 0 function 0 Realtek 8168 rev 0x02: RTL8168C/8111C (0x3c00), apic 1 int 16 (irq 5), address 00:1c:23: rgephy0 at re0 phy 7: RTL8169S/8110S PHY, rev. 2 uhci2 at pci0 dev 29 function 0 Intel 82801H
Re: 4.3 Bootloader waiting for keypress before loading kernel
On Aug 14, 2008, at 8:29 PM, Ryan Smith wrote: There was nothing lacking in the official documentation. Additionally, the supplemental documentation actually didn't provide very much; most of the OpenBSD stuff I have found is just summarized documentation or verbatim manpages. But if we followed the logic of if it's not the official documentation, it's no good, there would be no reason for having mailing lists or fora either. This is not what people are saying to you. people are trying point out that your strategy: 1. read the official docs 2. read some other docs 3. pick and choose which to follow 4. come to the official support forum and ask for help ( instead of asking the guy who's advice you followed ) is selfish. you're asking people to volunteer to help you after ignoring the resources that they have ( again, voluntarily and for free ) provided for you. Best, Ryan Ben
Re: Using PF to NAT internal addresses over an IPSec link
Hi, I tried to reproduce what you want in my testing environment and managed to make it work. What you have to do is : - In your ipsec.conf, add an rule from your local network to the distant 172.25.0.1 (this rule is needed in order to route the traffic to enc0) - Add a nat rule on enc0 in your pf.conf. Something like : nat on enc0 from !($ext_if) - ($ext_if:0) - Note that if you had set a skip on enc0, you should remove it and use something like pass quick on enc0 for the nat to be applied. It works for me, local addresses are nated inside the tunnel and cannot be seen by the remote servers. Feel free to ask if you need more details. Cheers, William 2008/8/15 Marc-Andre Jutras [EMAIL PROTECTED]: Hey List ! ... Interesting... I was about to send an e-mail on the list regarding this same question : aka: Best practice on NAT over IPsec... or how to do it correctly ?!?!?!? May I can suggest you to try something... : ( that what I will try anyway somewhere next week or so... ) Create a Loopback interface on one of your BSD and try to NAT on this 'lo' interface ... from that nat, adjust your pf to block all from lan A to lab B except from NAT ...and well, I think it should work ! any other suggestion to try or any ''already working here' ' notes that someone can post ? Regards, M-A Jorge Valbuena wrote: I have the following configuration: LAN_B--[openBSD+Pf+Nat+VPN]---(internet)---[OpenBSD+Pf+NAT+VPN]---[openBSD+Squid]---LAN_A http://bsdsupport.org/ , setting up Ipsec over GRE on OpenBSD I can ping a host from LAN_A to a host on LAN_B I hope this can Help ! Original-Nachricht Datum: Wed, 13 Aug 2008 16:41:20 -0400 Von: Toby Burress [EMAIL PROTECTED] An: misc@openbsd.org Betreff: Using PF to NAT internal addresses over an IPSec link I have an IPSec connection set up to an external site, over which I have no control and whose topololgy I know nothign about (i.e. I don't know what subnets they use, etc.) Using ipsecctl, I have one flow set up, from my external IP A.B.C.D to an internal IP on their side, 172.25.0.1. I can ping 172.25.0.1 from the OpenBSD box, so IPSec is working fine. What I want to do is allow any machine from my internal networks to reach 172.25.0.1. What I would like to do is set up NAT, so that packets headed to the OpenBSD box from anywhere on my network get translated to A.B.C.D, which is then sent over the VPN connection. Unfortunately it looks like PF only applies NAT transforms when packets leave interfaces, not when they enter them, so packets come into the OpenBSD box with their private IPs, get routed out the interface associated with the default route, and only then get rewritten. Is there a better way to do this? I would like to be able to change which hosts on my side can go over the IPSec connection without having to coordinate with the other company, and without having to expose internal IP information. If you reply to the list please cc me as I am not subscribed.
Re: 4.3 Bootloader waiting for keypress before loading kernel
Have you done a full burn-in overnight memtest? --ropers
Re: 4.3 Bootloader waiting for keypress before loading kernel
Ryan Smith wrote: You have assumed that because I have used some resource for new users that I have not read any of the official documentation. This would be untrue. In fact, INSTALL.i386 was the first thing I read while grabbing the ISO, but since I have had no problems with a larger bootable partition with Linux, I anticipated no problems with the larger partition sizes recommended on the aforementioned website. The minimum partition sizes from the FAQ are for a substantially smaller hard drive, and, obviously, scaling the sizes by the almost order of magnitude of difference would not have been a good idea. There are other supplemental resources out there, and not all of them are bad. Thanks anyway. Hi Ryan, You may or may not have a hardware problem, or something else. I think in all fairness people tried to help you. What was pointed out to you a few times, Linux != OpenBSD and reading the FaQ on OpenBSD and all are very valid point. No offense intended by anyone here really. But just look at it this way. - The FAQ point out not to use root bigger then 504MB in some old case, witch may not apply to you. http://www.openbsd.org/faq/faq14.html#LargeDrive You use 10GB. - The FAQ does point out that boot.conf is not required and you use one. http://www.openbsd.org/faq/faq6.html#PXE - The FAQ said not to asked for help if you don't use the generic BSD and there ins't any need for custom kernel and you built your own from cvs, not even trying the snapshots one. http://www.openbsd.org/faq/faq5.html#WhySrc - You said no explain of your problem was on google, but a very quick search show differently. http://archives.neohapsis.com/archives/openbsd/2005-01/2830.html - You said you read the documentations, but you refer and justify it by pointing to openbsd101.com - You explain that your system works with your setup on Linux, so there isn't any reason it wouldn't work on OpenBSD. I have had no problems with a larger bootable partition with Linux. And a few more. Again Ryan, I am not trying to dig a hole under you at all. I am really trying to help you and a few others as well did. But all that we see if many and even recurring Linux behaviors, not what's expected with OpenBSD to fist read the FAQ and then follow their details and if all fails, then asked for help. When asked, each times, it doesn't follow the OpenBSD way and even try to justify it to others as it's OK with Linux, so it should be OK here. But all these pitfall have been seen time and time again and a lots of people are more then welling to help you, but at the same time, none want to waste their time on the same old issues that may apply. That's why all these questions and answer show it as justify too. Again, please don't take it the wrong way here. You will find help great, but you will also see that people will expect you to do you share too AND follow the FAQ for good reason. Now, you may well have a legitimate problem, I can't say you do not. However, you shouldn't be offended when people try to help you and they point out to you what's expected and standard on OpenBSD and asking you if you did and follow it as well. The documentations provided in the FAQ and on the man page is really second to none oppose to Linux as you may be use too. So, take the help provided as such and not as an attack on you. However at the same time, if the basic advise provided and written for very good reason are not follow, then don't expect people to not point it out to you. Again, it may or may not fix your problem, but no one will waste time trying to help, if you don't even do the basic requirement pointed out in the FAQ. I for one tried to help you and I thought the problem was what I pointed out to you. I still would like to make sure the standard steps of the FAQ are follow and it may help. Or not in this case. I can only tell you that you will have way more chance to get help if you leave behind you, what you may have done on Linux if you want to use OpenBSD and learn to do it the OpenBSD way. It will serve you well in the long run and if you use Linux as a way to justify it's good, you can expect some flame at time as history proved it time and time again. The archive is full of it. Again, I wish you the best of luck and if you stick with it, it will not regret it. But start the right way and you will be much happier. All that said, I hope you can read this in good term and for what it is really. It's not a judgment on your person what so ever. However you will be expected to do your share first and that's why all the questions and reference were provided to you by a few so far. Now to go back to your real problem. If all the standard setup as explain in the FAQ are done as such, without exception and it still doesn't work out of the box. Then providing the details as you did with the error message and the dmesg, then /etc/fstab may be as well in the