Re: nat-t dropping response packets

[n0g0013]

On 01.09-21:00, Stijn wrote:
 n0g0013 wrote:
 not sure where to start debugging this VPN problem.  i have an ipsec,
 nat-t tunnel between a development network and the main services hub
 using isakmpd.  the exchange seems to go smoothly and the tunnel gets
 established.
 
  hub(public_ip) -- {inet} -- ext-gw(nat-ip) -- dev-gw(private_ip)
 
 however no traffic gets through from the hub.  this is a sample dump
 of a ping from the VPN hub to the development gateway.
 
  12:02:24.890060 (authentic,confidential): SPI 0x088b62c7:
  10.12.228.17  10.12.170.9: icmp: echo request 
  (encap)
  12:02:24.891659 193.200.155.117.4500 
  193.200.155.18.46289:udpencap: esp 193.200.155.117  
  193.200.155.18
  spi 0x088B62C7 seq 2 len 116
  12:02:24.892778 193.200.155.18.46289 
  193.200.155.117.4500:udpencap: esp 193.200.155.18  
  193.200.155.117
  spi 0xE99A3368 seq 27 len 116
 
 as you can see, the echo request passes out the 'enc0' and down the
 tunnel to the remote end, where it is apparently decoded and a ping
 response is sent back.  this response hits the external interface
 and disappears.
 
 i have no clue where to start tracking this down from here.  can i
 somehow track this lost packet beyond the external inferace?  or
 must i manually decode the packet at this stage and try to uncover
 the issue from there?  also, if the packet was malformed or
 erroneous could i expect an error log of some description?
 
 any pointers would be appreciated.
 
 nb: disabling 'pf' has no effect
   
 does the reply packets know the way back? i.e. is there a route defined 
 to route the traffic back into the tunnel? Do you see esp traffic 
 returning to the development gw?

the dumps are on the hub using both 'enc0' and the external interface.
you can see the echo request go out on 'enc0' (the first line) and
the udpencap pass out the external interface toward the dev-gw.  the
final packet above is the returning echo-reply from the dev-gw.  it
does not not re-appear anywhere at the hub.  you may note that the
ping is sent from the gw and thus i would expect the ping response to
arrive.  it doesn't.

in short, yes the dev-gw knows the route back and appears to use it
correctly.  it's possible that the returning packet is not an icmp
echo-reply, of course ... although i'm pretty sure i checked that on
the remote side ... i'll double check it.

-- 
t
 t
 w

Come to celebrate the Mexico Independence day

[Club Vacation Deals]

Club Vacation DealsClub Vacation Deals

Club Vacation DealsClub Vacation Deals

Club Vacation DealsClub Vacation Deals

Club Vacation DealsClub Vacation Deals

Club Vacation DealsClub Vacation DealsClub Vacation Deals

Club Vacation Deals

This is an exclusive promotion fromClub Vacation Deals
Telephone in Mixico  +52 (322) 224 0347
Los Angeles, CA (310) 598 2091
New York, NY (212) 845 9362
All reservations are subject to availability
Click here to receive more promotions
Click to unsuscribe from our emailing list

Recommended Switches for Trunking?

[Toni Mueller]

Hi,

I'm looking into getting switches to be used in port-extender style,
and found a thread from last year recommending Cisco switches. I need
about 20-50 ports atm, and would like to avoid Cisco. My current
preference is using Procurve (2810 or 29xx). Do they work?

What do you recommend? Any gotchas?


TIA!


-- 
Kind regards,
--Toni++

Re: Recommended Switches for Trunking?

[Reyk Floeter]

slightly offtopic, but procurve works fine

trunk(4) was mostly developed with procurve on the switch side

On Wed, Sep 02, 2009 at 01:26:27PM +0200, Toni Mueller wrote:
 Hi,
 
 I'm looking into getting switches to be used in port-extender style,
 and found a thread from last year recommending Cisco switches. I need
 about 20-50 ports atm, and would like to avoid Cisco. My current
 preference is using Procurve (2810 or 29xx). Do they work?
 
 What do you recommend? Any gotchas?
 
 
 TIA!
 
 
 -- 
 Kind regards,
 --Toni++

Re: OT rack mount monitor/keyboards

[Morris, Roy]

I used the Perle cs9000. Worked great!

-Original Message-
From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf
Of stan
Sent: Tuesday, September 01, 2009 4:57 PM
To: OpenBSD general usage list
Subject: OT rack mount monitor/keyboards

I have a few locations where I have installed 1U rack mount
KVM/monitor/keyboards, and quite frankly. I'm not happy with any of the
ones I have tried.

I recognize this is off topic, but the people on this list are pretty
hard
to please. Given that I was wondering if anyone would like to recomend
anything that they have used for these, and been happy with?

--
One of the main causes of the fall of the roman empire was that, lacking
zero, they had no way to indicate successful termination of their C
programs.

Re: Recommended Switches for Trunking?

[tico]

Toni Mueller wrote:

Hi,

I'm looking into getting switches to be used in port-extender style,
and found a thread from last year recommending Cisco switches. I need
about 20-50 ports atm, and would like to avoid Cisco. My current
preference is using Procurve (2810 or 29xx). Do they work?

What do you recommend? Any gotchas?
  
They work excellently! ... and the (free) Procurve support has been 
surprisingly sane in my experience.


I much prefer Procurve over the cheap SMC or NetGear or Dell managed 
switches I've had to deal with in the past -- yuck!


-T


TIA!

Re: Recommended Switches for Trunking?

[John E.P. Hynes]

Toni Mueller wrote:

Hi,

I'm looking into getting switches to be used in port-extender style,
and found a thread from last year recommending Cisco switches. I need
about 20-50 ports atm, and would like to avoid Cisco. My current
preference is using Procurve (2810 or 29xx). Do they work?

What do you recommend? Any gotchas?



FWIW, I've had no trouble with Allied Telesys, either.

-John

Re: Recommended Switches for Trunking?

[Jason Dixon]

On Wed, Sep 02, 2009 at 01:26:27PM +0200, Toni Mueller wrote:
 Hi,
 
 I'm looking into getting switches to be used in port-extender style,
 and found a thread from last year recommending Cisco switches. I need
 about 20-50 ports atm, and would like to avoid Cisco. My current
 preference is using Procurve (2810 or 29xx). Do they work?
 
 What do you recommend? Any gotchas?

We use Foundry LS 648 switches throughout our infrastructure.  They've
worked great with OpenBSD features.

P.S.  Foundry was bought out by Brocade last year, so the model line is
now sold as Brocade FastIron.

-- 
Jason Dixon
DixonGroup Consulting
http://www.dixongroup.net/

Re: gcc to 4.1 openbsd

[Fred Crowson]

On 8/17/09, Yamidt Henao yamidthe...@gmail.com wrote:
 Hi,

 where I find the gcc version for OpenBSD 4.1.

 Best Regards,

 Y.H

By ordering OpenBSD 4.1 CD set from  http://www.openbsd.org/orders.html

tbox:fred ~ gcc --version
gcc (GCC) 3.3.5 (propolice)
Copyright (C) 2003 Free Software Foundation, Inc.
This is free software; see the source for copying conditions.  There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

tbox:fred ~ uname -a
OpenBSD tbox.crowsons.net 4.1 GENERIC#1435 i386

hth

Fred

Re: Recommended Switches for Trunking?

[J.C. Roberts]

On Wed, 2 Sep 2009 10:39:54 -0400 Jason Dixon ja...@dixongroup.net
wrote:

 On Wed, Sep 02, 2009 at 01:26:27PM +0200, Toni Mueller wrote:
  Hi,
  
  I'm looking into getting switches to be used in port-extender style,
  and found a thread from last year recommending Cisco switches. I
  need about 20-50 ports atm, and would like to avoid Cisco. My
  current preference is using Procurve (2810 or 29xx). Do they work?
  
  What do you recommend? Any gotchas?
 
 We use Foundry LS 648 switches throughout our infrastructure.  They've
 worked great with OpenBSD features.
 
 P.S.  Foundry was bought out by Brocade last year, so the model line
 is now sold as Brocade FastIron.

Also, you might want to note the innards of *most* HP ProCurve gear was
actually rebranded Foundry hardware.

Since Brocade bought out Foundry, I believe HP is now using Force10
Networks hardware inside of their newer (rebranded) ProCurve line. I
might be wrong on this, but I remember being told about it at InterOp
Vegas earlier this year.

-- 
J.C. Roberts

isakmpd tunnels dropping routes to subnet

[Danny Butroyd]

Hi List

I have several Soekris OpenBSD boxes running a mix of 4.3, 4.4 and 4.5
all connecting multiple subnets together on a central server running
OpenBSD 4.5 (this server is a Dell Poweredge 860).

Most of the routers work, but some of them drop the routes to one of my
subnets.  This happens to be the most critical subnet and so causes
quite a problem.  The really odd thing is that when I run isakmpd in
debug mode (on the problem routers) the subnet route does not get
dropped.  Even more odd/annoying is this problem is intermittent and
tends to only affect one of the routers at any one time.

The problem routers all have an internal network of 10.x.0.0/24.  My
central location is 10.100.0.0/24 (this is the one that gets dropped by
the remote routers).  My routers that don't have a problem are either on
a 192.168.x.0/24 network and/or are running IPCOP.

A sample of one of the problem router ipsec.conf:-

---snip---
local_network=10.30.0.0/24
remote_networks={ 10.100.0.0/24, 192.168.10.0/24, 192.168.254.0/24,
10.10.0.0/24, 10.20.0.0/24, 10.40.0.0/24, 10.50.0.0/24, 10.60.0.0/24 }
local_peer=10.30.0.1
remote_peer=xxx.xxx.xxx.xxx
key=**

# IPSec tunnel
ike active esp from $local_network to $remote_networks local $local_peer
peer $remote_peer psk $key
---snip---

The central location routers has this entry for this router:-

---snip---
ike esp from { 10.100.0.0/24, 192.168.10.0/24, 192.168.254.0/24,
10.10.0.0/24, 10.20.0.0/24, 10.40.0.0/24, 10.50.0.0/24, 10.60.0.0/24 }
to 10.30.0.0/24 local $me peer xxx.xxx.xxx.xxx psk **
---snip---

Thanks in advance!!!

Danny


This message has been scanned for viruses

Re: Recommended Switches for Trunking?

[Toni Mueller]

Hi,

thanks for all your answers!

-- 
Kind regards,
--Toni++

Re: Recommended Switches for Trunking?

[Henning Brauer]

* J.C. Roberts list-...@designtools.org [2009-09-02 17:53]:
 Also, you might want to note the innards of *most* HP ProCurve gear was
 actually rebranded Foundry hardware.
 
 Since Brocade bought out Foundry, I believe HP is now using Force10
 Networks hardware inside of their newer (rebranded) ProCurve line. I
 might be wrong on this, but I remember being told about it at InterOp
 Vegas earlier this year.

you are wrong.

the 9000 (_huge_ chassis switches) series was foundry with an HP
label. that was about the only change, the sticker. otherwise just the
successor of the bigiron 8000 line (forgot the name). that is a very
good choice tho anyway. they don't sell that line any more.

there was one smaller one that was a foundry as well, 8 port
1000BaseSX. forgot the model number, i even have one somewhere (but
not in use). not sold any more either.

all the rest of their product line - and that is a LOT of models - is
their own line. i don't see any connection to force10.

the successor of the 9000 line is the 8200zl and from all i can tell
(i never touched on of those myself) has no relation to force10.
force10's fabric is faster than the 692 GBit/s HP specs for the 8200,
and the force10s are way way way more expensive. different league,
entirely.

-- 
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting - Hamburg  Amsterdam

Has IPsec slowed down?

[Christian Weisgerber]

I seem to remember that I could push some bulk data (scp) to my
laptop at .11g speed and the net5501 doing the IPsec encryption for
the wireless link had under 50% CPU usage.  Now it's more like 80%.

Standard AES(-128-CBC), which is accelerated by glxsb(4), and
HMAC-SHA1.

Am I simply misremembering or has the IPsec performance suffered
substantially sometime during the last two years?

-- 
Christian naddy Weisgerber  na...@mips.inka.de

Now OT Re: Recommended Switches for Trunking?

[Diana Eichert]

On Wed, 2 Sep 2009, tico wrote:

I much prefer Procurve over the cheap SMC or NetGear or Dell managed switches 
I've had to deal with in the past -- yuck!


-T


Dell announced today they are going to private label Brocade AKA Foundry 
switches.




diana

Re: gcc to 4.1 openbsd

[Jason Crawford]

On Mon, Aug 17, 2009 at 5:20 PM, Yamidt Henaoyamidthe...@gmail.com wrote:
 Hi,

 where I find the gcc version for OpenBSD 4.1.

 Best Regards,

 Y.H



http://www.openbsd.org/41.html

--
Jason

crimemapping.edmontonpolice.ca

[Duncan Patton a Campbell]

With regards to your mapping application, 

If this software is licensed under any other 
regime than that of an open source code license,
then the Edmonton City Police and the City of 
Edmonton are running stolen intellectual property
and should immediately desist from further use
and operation of this system. 

I intend to examine the site and collect evidence
on it's functioning to support the case that this
is an artless reworking of the invention, visible at
http://www.indx.ca, and in operation for some ten
years.  

I am also inviting the examination of your site by
other technically capable parties.  

For this reason you should consider that I have not
checked the box agreeing to terms and conditions for
use of the site.  

Should I find that your system is available in the 
public domain, that is to other police departments
and organizations globally under either the terms 
of the GPL (GNU Public License) or a similar Berkely 
copyright then I would have no grounds to sue for 
financial recompense for the use of my invention.

Sincerely, 

Duncan (Dhu) Patton, a Campbell

gif tunnel with ipv6 end points

[Thomas Schoeller]

hello,

i'm trying to make a ipv4 over ipv6 tunnel, but ifconfig tells me: 

ifconfig: error in parsing address string: temporary failure in name
resolution

when i'm issueing:

ifconfig gif0 tunnel XX:XX:XX:0:0:0:0:1 XX:XX:XX:0:0:0:0:2

best regards

thomas

8 va. Promoción “Distancia” del Curso de Postgrado de Alta Dirección en Turismo Rural

[Area de Turismo Rural]

FACULTAD DE AGRONOMIA

Universidad de Buenos Aires
AREA DE TURISMO RURAL

8 va. Promocisn Distancia del Curso de Postgrado de Alta Direccisn en
Turismo Rural



 Ultimos dmas de Inscripcisn para el  CURSO MODALIDAD DISTANCIA de
Turismo Rural que inicia el 7 de Septiembre del 2009.



OBJETIVO

Se espera que el alumno esti capacitado para diseqar e implementar un
Plan de Negocios o un Plan Estratigico destinado a poner en marcha una
inversisn privada o un proyecto institucional de Turismo Rural,
utilizando estrategias que permitan generar ventajas competitivas en la
empresa y en el territorio.

DIRIGIDO A:

Jsvenes emprendedores, mujeres empresarias que quieran desempeqarse en el
ambito rural, lmderes de Pueblos Rurales que buscan desarrollar su
comunidad, interesados en el armado de rutas alimentarias, circuitos
turmsticos, profesionales y directivos vinculados a organizaciones,
empresas e instituciones del sector agropecuario y turmstico,
funcionarios nacionales, provinciales y municipales del area econsmica,
agropecuaria y turmstica y docentes y capacitadotes, entre otros 

DURACION Y MODALIDAD

7 Meses de cursada mntegramente a travis de Internet con tutores a cargo.

Cuenta con mas de 240 egresados en esta modalidad de los siguientes
pamses: Alemania, Argentina, Bolivia, Brasil, Chile, Colombia, Cuba,
Ecuador, El Salvador, Espaqa, Guatemala, Honduras, Mixico, Nicaragua,
Panama, Perz, Portugal, Puerto Rico, Reino Unido, Uruguay, Venezuela.

A travis de este curso el alumno logra armar su proyecto, obtiene un
reconocimiento acadimico y realiza contactos de negocios.

En nuestra pagina web encontrara un video informativo acerca del Curso
http://www.agro.uba.ar/catedras/turismo/presentacion.htm

Para mayor informacisn complete los siguientes datos y reenvmelos a
campo...@agro.uba.ar

Nombre y Apellido:
E-mail 1:
E-mail 2:
Telifono particular y csdigo de area:
Telifono laboral y csdigo de area:
Telifono celular y csdigo de area:
Profesisn:
Ocupacisn:
Entidad:
Ciudad:
Provincia/Estado:
Pams:

Lo saluda cordialmente,

Area de Turismo Rural
Facultad de Agronomma
Universidad de Buenos Aires
campo...@agro.uba.ar

Tel/Fax: 00 54 11 4523-9700
Pabellsn de Agronegocios
Av. San Martmn 4453
Ciudad Autsnoma de Buenos Aires
Argentina

Re: IrDA

[Fred Crowson]

On 8/30/09, soko.tica soko.t...@gmail.com wrote:
 On 8/28/09, Mike Hammer mikeham...@fastmail.fm wrote:

 Does anyone have IrDA working on a T60 Thinkpad?

 FAQ http://openbsd.org/i386.html#hardware
 says:

 Unsupported Hardware:
 Infrared devices, such as commonly found on laptops


I have in the past successfully used the birda package on i386 laptops
to get IrDA working with OpenBSD.

YMMV - I've not done this recently...

hth

Fred

Re: gif tunnel with ipv6 end points

[Todd T. Fries]

Penned by Thomas Schoeller on 20090902 21:50.14, we have:
| hello,
| 
| i'm trying to make a ipv4 over ipv6 tunnel, but ifconfig tells me: 
| 
| ifconfig: error in parsing address string: temporary failure in name
| resolution
| 
| when i'm issueing:
| 
| ifconfig gif0 tunnel XX:XX:XX:0:0:0:0:1 XX:XX:XX:0:0:0:0:2
| 
| best regards
| 
| thomas

hint: you're missing 'inet6'.

If you're doing OpenBSD - OpenBSD gif(4) tunneling (or know how to bump
MTU on the remote end in general) you might find that 1200 is leaving way
too much overhead per packet out.

Try this in /etc/hostname.gif0 on one end:

mtu 1400
!ifconfig \$if inet6 tunnel XX:XX:XX:XX::1 XX:XX:XX::2
inet 10.0.0.2 255.255.255.255
dest 10.0.0.1

And this on the other:

mtu 1400
!ifconfig \$if inet6 tunnel XX:XX:XX:XX::2 XX:XX:XX:XX::1
inet 10.0.0.1 255.255.255.255
dest 10.0.0.2

-- 
Todd Fries .. t...@fries.net

 _
| \  1.636.410.0632 (voice)
| Free Daemon Consulting, LLC \  1.405.227.9094 (voice)
| http://FreeDaemonConsulting.com \  1.866.792.3418 (FAX)
| ..in support of free software solutions.  \  sip:freedae...@ekiga.net
| \  sip:4052279...@ekiga.net
 \\
 
  37E7 D3EB 74D0 8D66 A68D  B866 0326 204E 3F42 004A
http://todd.fries.net/pgp.txt

interesting article about gpl and bsd license

[frantisek holop]

http://www.informit.com/articles/article.aspx?p=1390172

-f
-- 
light doesn't emit energy; it emits little dark eaters

Accessing lan from internet?

[halcon]

Hello

I am administering a small linux/windows lan from my laptop/OpenBSD-4.5
base, without any problem, using # ssh u...@192.168.0.xxx; how could i
accesss the lan from internet?

u...@hostname? u...@external ip?

I have read many docs without success, thanks in advance.

francisco 

Fique a conhecer os Gadgets mais interessantes desta semana!

[Loja21 - Os gadgets mais incríveis!]

caso nco visualize correctamente este e-mail, clique aqui










Consulte aqui outros Summer Products a
PREGOS FANTASTICOS:














Encomende ja online, por telefone ou por e-mail

www.loja21.pt|214 151 492   |ap...@loja21.pt

Morada: Rua Professor Reinaldo dos Santos, N:13, 9:Esq.
1500-501 Lisboa.
Horario: 2* a 6* feira das 10h00 `s 19h00.

Este e-mail promocional foi enviado para o enderego misc@openbsd.org

Caso nco deseje voltar a receber a nossa newsletter, por favor clique aqui.

Re: Accessing lan from internet

[Daniel Bolgheroni]

On Wed, 2 Sep 2009, halcon wrote:

 Hello
 
 I am administering a small linux/windows lan from my laptop/OpenBSD-4.5
 base, without any problem, using # ssh u...@192.168.0.xxx; how could i
 accesss the lan from internet?
 
 u...@hostname? u...@external ip?
 
 I have read many docs without success, thanks in advance.
 
 francisco 

Are you using these cheap routers available everywhere?

Port forwarding, forwarding, virtual server, etc.

--
Daniel Bolgheroni
FEI - Faculdade de Engenharia Industrial
http://www.dbolgheroni.eng.br/mykey

ASCII ribbon campaign ( )
 against HTML e-mail   X
  / \

Re: Accessing lan from internet?

[Rémi Pointel]

halcon a icrit :

Hello

I am administering a small linux/windows lan from my laptop/OpenBSD-4.5
base, without any problem, using # ssh u...@192.168.0.xxx; how could i
accesss the lan from internet?

u...@hostname? u...@external ip?

I have read many docs without success, thanks in advance.

francisco 

  

Hello,

you must forward (using the NAT) the port 22 from your external IP 
address to the internal IP address of your network (the system you want 
to join).


Caution : it is not very secure to permit to join your LAN from 
Internet, you should install your servers in a DMZ (for example).


Remi.

Re: Accessing lan from internet

[halcon]

El miC), 02-09-2009 a las 18:48 +, Daniel Bolgheroni escribiC3:
 On Wed, 2 Sep 2009, halcon wrote:
 
  Hello
  
  I am administering a small linux/windows lan from my laptop/OpenBSD-4.5
  base, without any problem, using # ssh u...@192.168.0.xxx; how could i
  accesss the lan from internet?
  
  u...@hostname? u...@external ip?
  
  I have read many docs without success, thanks in advance.
  
  francisco 
 
 Are you using these cheap routers available everywhere?
 
 Port forwarding, forwarding, virtual server, etc.

Yes, i am, my gateway is 192.168.0.1 it is a cheap D-Link, behind, there
are 2 Linux boxes (Ubuntu and Slackware), and 2 windows boxes (Windows
Pro 2000 and Windows XP Home).

If i understood well; it could be:

ssh [hostname|IP] -- log into hostname as current username

ssh Slackware|192.168.0.1

ssh au...@[hostname|IP] --log into hostname as auser

or ssh j...@slackware|192.168.0.1

where IP is the current gateway to your lan.

Is it correct, Dhu?

Re: brgphy(4) diff needs testing.

[Stuart Henderson]

On 2009-08-29, Jason Beaudoin jasonbeaud...@gmail.com wrote:

 Hiya Kevin,

 I'm hoping this dmesg is from a jetway NF76-N1G:
 http://www.mini-box.com/Jetway-NF76-N1G6-mini-ITX_2

try again.

 On Thu, Jun 11, 2009 at 3:51 AM, Kevin Lo ke...@openbsd.org wrote:
 bios0: iDOT Computers, Inc. iDOT VED8900 Series.

Re: IrDA

[Jona Joachim]

On 2009-09-02, Fred Crowson fred.crow...@googlemail.com wrote:
 On 8/30/09, soko.tica soko.t...@gmail.com wrote:
 On 8/28/09, Mike Hammer mikeham...@fastmail.fm wrote:

 Does anyone have IrDA working on a T60 Thinkpad?

 FAQ http://openbsd.org/i386.html#hardware
 says:

 Unsupported Hardware:
 Infrared devices, such as commonly found on laptops


 I have in the past successfully used the birda package on i386 laptops
 to get IrDA working with OpenBSD.

 YMMV - I've not done this recently...

 hth

 Fred

I successfully use IrDA on a T60 with OpenBSD -CURRENT amd64 together
with the birda package

cheers,
Jona

-- 
Worse is better
Richard P. Gabriel

Re: brgphy(4) diff needs testing. | hijacked thread: jetway nf76-n1g5

[Jason Beaudoin]

--
401.837.8417
jasonbeaud...@gmail.com


On Wed, Sep 2, 2009 at 7:51 PM, Stuart Henderson s...@spacehopper.orgwrote:

 On 2009-08-29, Jason Beaudoin jasonbeaud...@gmail.com wrote:
 
  Hiya Kevin,
 
  I'm hoping this dmesg is from a jetway NF76-N1G:
  http://www.mini-box.com/Jetway-NF76-N1G6-mini-ITX_2

 try again.

 might you know what it actually is? (curious)

I'm trying to determine which (if any) chips from this board might be a
problem in openbsd. Between this dmesg (which shares some of the chipsets)
and a few snippets I've seen elsewhere it looks good, the only thing I
haven't determined is the sound chipset.

~jason

ifstated not honouring my if clauses ?

[David Harrison]

Hi all,

I'm setting up a firewall with 2 load-balanced redundant Internet
links.  To ensure the host itself can load balance its outbound
connections (and fail-over correctly if one of those links dies) I'm
configuring ifstated to handle updating the default routes for the
host based on a simple ping test to assess if I can contact the next
hop for each interface.

The configuration I've included below works fine if both links are
active, and in a single link failure on either link it fails over
correctly and fails back if both links are found to be available
again.  However there's a worst-case where both links go, for which
I've included the 'alldown' state to prevent my host flapping, but it
never manage to reach 'alldown', it just flap back and forth between
'link1only' and 'link2only' - note my test situation is included below
including ifconfig output for the IF's, ping test output, ifstated
output, and a trascription of my ifstated.conf.

My reading of the ifstated.conf man page is that the BNF definitely
supports the  clauses I'm using, and executes the body in-order, so
does anyone know why I'm not reaching state 'alldown' ??

All help is greatly appreciated :-)

Cheers
Dave

--

re0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
lladdr 00:14:d1:13:78:25
priority: 0
media: Ethernet autoselect (none)
status: no carrier
inet6 fe80::214:d1ff:fe13:7825%re0 prefixlen 64 scopeid 0x1
inet 192.168.5.10 netmask 0xff00 broadcast 192.168.5.255
re1: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
lladdr 00:14:d1:13:71:e8
priority: 0
groups: egress
media: Ethernet autoselect (none)
status: no carrier
inet6 fe80::214:d1ff:fe13:71e8%re1 prefixlen 64 scopeid 0x2
inet 192.168.6.10 netmask 0xff00 broadcast 192.168.6.255


# ping -I 192.168.5.10 -q -c 1 -w 1 192.168.5.2; echo $?
PING 192.168.5.2 (192.168.5.2): 56 data bytes
--- 192.168.5.2 ping statistics ---
1 packets transmitted, 0 packets received, 100.0% packet loss
1
# ping -I 192.168.6.10 -q -c 1 -w 1 192.168.6.1; echo $?
PING 192.168.6.1 (192.168.6.1): 56 data bytes
--- 192.168.6.1 ping statistics ---
1 packets transmitted, 0 packets received, 100.0% packet loss
1

---

# ifstated -vvd
net_inet1 = ( ping -I 192.168.5.10 -q -c 1 -w 1 192.168.5.2 
/dev/null every 20 )
net_inet2 = ( ping -I 192.168.6.10 -q -c 1 -w 1 192.168.6.1 
/dev/null every 20 )
initial state: primary
changing state to primary
running ping -I 192.168.5.10 -q -c 1 -w 1 192.168.5.2  /dev/null
running ping -I 192.168.6.10 -q -c 1 -w 1 192.168.6.1  /dev/null
running route add -mpath default 192.168.5.2
add net default: gateway 192.168.5.2
running route add -mpath default 192.168.6.1
route: writing to routing socket: File exists
add net default: gateway 192.168.6.1: File exists
changing state to link1only
running ping -I 192.168.5.10 -q -c 1 -w 1 192.168.5.2  /dev/null
running ping -I 192.168.6.10 -q -c 1 -w 1 192.168.6.1  /dev/null
running route delete default 192.168.6.1
delete net default: gateway 192.168.6.1
running route add -mpath default 192.168.5.2
route: writing to routing socket: File exists
add net default: gateway 192.168.5.2: File exists
changing state to link2only
running ping -I 192.168.5.10 -q -c 1 -w 1 192.168.5.2  /dev/null
running ping -I 192.168.6.10 -q -c 1 -w 1 192.168.6.1  /dev/null
running route delete default 192.168.5.2
delete net default: gateway 192.168.5.2
running route add -mpath default 192.168.6.1
add net default: gateway 192.168.6.1
changing state to link1only
running ping -I 192.168.5.10 -q -c 1 -w 1 192.168.5.2  /dev/null
ping: sendto: Host is down
running ping -I 192.168.6.10 -q -c 1 -w 1 192.168.6.1  /dev/null
running route delete default 192.168.6.1
delete net default: gateway 192.168.6.1
running route add -mpath default 192.168.5.2
add net default: gateway 192.168.5.2
changing state to link2only
...

---

net_inet1 = '( ping -I 192.168.5.10 -q -c 1 -w 1 192.168.5.2 
/dev/null every 20 )'
net_inet2 = '( ping -I 192.168.6.10 -q -c 1 -w 1 192.168.6.1 
/dev/null every 20 )'


init-state primary


state primary {
init {
run route add -mpath default 192.168.5.2
run route add -mpath default 192.168.6.1
}

# both links are down
if (!$net_inet1)  (!$net_inet2)
set-state alldown

# link1 is down - go to link2
if ! $net_inet1
set-state link2only

# link2 is down - go to link1
if ! $net_inet2
set-state link1only

}

# only link1 is up
state link1only {
init {
run route delete default 192.168.6.1
run route add -mpath default 192.168.5.2
}

# both links are up (all metrics are go)
if $net_inet1  $net_inet2
set-state primary

# both links are down
if (! $net_inet1)  (! $net_inet2)
set-state alldown

# this link (link1) is down
if ! $net_inet1
set-state link2only

}

# only link2 is up
state 

Re: OT rack mount monitor/keyboards

[Steve Shockley]

stan wrote:

I have a few locations where I have installed 1U rack mount
KVM/monitor/keyboards, and quite frankly. I'm not happy with any of the
ones I have tried.

I recognize this is off topic, but the people on this list are pretty hard
to please. Given that I was wondering if anyone would like to recomend
anything that they have used for these, and been happy with?


A few people mentioned serial connections, but that doesn't really 
answer your question, since you'd still need a KVM.  You'd also need 
computers that properly do serial console.


The 1U KVM consoles I've used range from adequate to suck.  My best 
suggestion is KVM/IP (Avocent, etc.), serial as others have mentioned, 
or ILO/DRAC.  That way you don't have to stand next to the servers.

ar5xxx.h

[Dimitri]

Hi guys.

I have a problem with ath wireles driver, when I try configure this in
/etc/hostname.ath0 I received this error (/var/log/messages):

Sep  2 19:26:28 babilonia /bsd: ath0: unable to reset hardware; hal status 0
Sep  2 19:26:49 babilonia /bsd: ath0: unable to reset hardware; hal status 0
Sep  2 19:27:03 babilonia /bsd: ath0: unable to reset hardware; hal status
4096

I read man and I see:

ath%d: unable to reset hardware; hal status %u The Hardware Access Layer was
unable to reset the hardware as requested. The status code is ex-plained in
the HAL include file /sys/dev/ic/ar5xxx.h. This should not happen.

I review ar5xxx.h library but I do not understand this function (I am
researching more about this and how programming driver but the process is
slow).

/* Reset functions */ \
_t HAL_BOOL (_a _n##_reset)(struct ath_hal *, HAL_OPMODE, \
HAL_CHANNEL *, HAL_BOOL change_channel, HAL_STATUS *status); \
_t void (_a _n##_set_opmode)(struct ath_hal *); \
_t HAL_BOOL (_a _n##_calibrate)(struct ath_hal*, \
HAL_CHANNEL *); \

So, I try setting linux in a pendrive, config the wireless and... eureka, this
run

what is the difference between ar5k and madwifi?, how I can help to find a
solution for this problem.

PS. Sorry, I forgot this... I run OpenBSD 4.6 snapshots whit last version of
ar5xxx.h, but 4.5 has the same problem. my dmesg show this wireless:
ath0: AR5424 14.2 phy 7.0 rf 0.0, WOR5_ETSIC, address 00:24:2b:a0:10:3d

Thanks.

Dimitri.-
http://deoxyt2.livejournal.com
OpenBSD - Free, Functional  Secure

duo core mac mini, bluetooth keyboard?

[Jeff Quast]

does a usb keyboard work in GENERIC on intel duo core mac mini? or is it still 
necessary to pair a bluetooth keyboard in osx before starting the install?

Re: OT rack mount monitor/keyboards

[Bryan]

On Thu, Sep 3, 2009 at 02:57, Steve Shockleysteve.shock...@shockley.net
wrote:
 stan wrote:

 I have a few locations where I have installed 1U rack mount
 KVM/monitor/keyboards, and quite frankly. I'm not happy with any of the
 ones I have tried.

 I recognize this is off topic, but the people on this list are pretty hard
 to please. Given that I was wondering if anyone would like to recomend
 anything that they have used for these, and been happy with?

 A few people mentioned serial connections, but that doesn't really answer
 your question, since you'd still need a KVM. B You'd also need computers
that
 properly do serial console.

 The 1U KVM consoles I've used range from adequate to suck. B My best
 suggestion is KVM/IP (Avocent, etc.), serial as others have mentioned, or
 ILO/DRAC. B That way you don't have to stand next to the servers.


We use Cyclades at work...  you can SSH to that, and then connect to
the server using the serial connection.