Re: Proper way to update system + ports?

[Stuart Henderson]

On 2011-12-19, James Hozier guitars...@yahoo.com wrote:
 I ran into an error trying to install Firefox (I think the latest
 version in Ports is 8.0.1) so I thought I might be updating
 incorrectly.

===  Checking files for firefox-5.0p3
 Fetch 
 http://releases.mozilla.org/pub/mozilla.org/firefox/releases/5.0/source/firefox-5.0.source.tar.bz2
 ftp: Error retrieving file: 404 Not Found

Mozilla don't keep many old releases on the http distribution
sites.  You can fetch this from

ftp://ftp.mozilla.org/pub/mozilla.org/firefox/releases/5.0/source/firefox-5.0.source.tar.bz2

I'll add this to ports/www/mozilla/mozilla.port.mk in -stable
in a bit.

I'd really suggest running -current if you want to keep up to
date with things like browsers. Then you can just use packages
rather than spend hours building (also note that only fixes for
the worst bugs will get into -stable; and even then only if
they won't cause problems for other ports needing a whole chain
of updates).

Just because -stable is named -stable doesn't imply that -current
is likely to break often.

Suite à une visite sur votre site

[Sylvie MILANO]

Madame, Monsieur,
B 
Suite C  une visite sur votre site internet, que je trouve particuliC(rement
rC)ussi d'ailleurs,
j'ai eu l'idC)e de faire un petit montage, qui je trouve, colle parfaitement
avec la prC)sentation de votre entreprise.
B 
Voici ce que cela donne :
B 
http://dev.windeo.com/mailingserv.php?action=testemail=url=http://www.openb
sd.org/ (
http://dev.windeo.com/mailingserv.php?action=testemail=url=http://www.open
bsd.org/ )
B 
Vous verrez, c'est assez surprenant et vraiment amusant !
B 
Qu'en pensez-vous ?
B 
Pour information, ce montage est une simple simulation dC)stinC)e C  vous
donner un aperC'u
de la prestation que nous pourrions vous proposer. Cvidemment, ce lien est
indC)pendant et privatif,
et n'est en aucun cas consacrC) C  une reprC)sentation publique.
B 
Cordialement,
Sylvie MILANO
Service Marketing
SpC)cialisteB Windeo agrC)C)e
Tel : (+33) 01 79 47 50 19
E-mail :B contact.win...@gmail.com ( mailto:contact.win...@gmail.com; )
B 
PS : Pour C*tre certaine que vous avez reC'u le message ,J'ai envoyC) ce
montage sur votre e-mail principal : misc@openbsd.org
mais aussi aux adresses e-mail liC)es C  votre site internet :
http://www.openbsd.org/

IPSec VPN dropping packets from time to time

[Georg Buschbeck]

Hi,

i've two openbsd firewalls running

1x OpenBSD 4.9 (amd64) in our office
1x OpenBSD 5.0 (amd64) in our co location.

we have a vpn set up between both locations via /etc/ipsec.conf
isakmpd is setup to not read any konfiguration files:

=== /etc/rc.conf.local ===
isakmpd_flags=-4 -K -v
=== /etc/rc.conf.local ===

now from time to time the vpn becomes unavailable,
though the established security association is visible via ipsecctl -sa.

i don't find anything suspucios in the log only quick mode done

=== /etc/ipsec.conf ===
ike active esp from $local_net to   $remotenet   peer $remotepeer \
main auth hmac-sha1  enc aes group modp1024\
quick auth hmac-sha1 enc aes group modp1024\
psk MyPsKMyPsKMyPsKMyPsKMyPsKMyPsKMyPsKMyPsKMyPsKMyPsK
=== /etc/ipsec.conf ===

are there any hints what would be the best to debug next?
as till now i didn't see a pattern there.

delete the ruleset manually by  solves the probleme temporarily
which could be needed more often when forced.

===
ipsecctl -d -f /etc/ipsec.conf; ipsecctl -f /etc/ipsec.conf
===


Georg

Re: claimed 5.0 problems on sparc64 (was Re: Upgrading AMD64 4.9-stable to 5.0)

[Richard Thornton]

I used the advice from the blog called gab software.  Perhaps he was wrong.   I 
am willing to reinstall.  I have no personal data to lose on this old box.

Nick Holland n...@holland-consulting.net wrote:

On 12/19/11 14:39, Stuart Henderson wrote:
 On 2011-12-19, Richard Thornton thornton.rich...@gmail.com wrote:
 Do a simple clean 5.0 install.  One would assume any browser package in the
 packages folder would install. None do for me on sparc, but with a clean
 4.9 install all 4.9 packages install.  I am not a Unix specialist by any
 means but I do know how to type pkg_add .

 Please send a mail to ports@ detailing exactly what you are doing (what
 you're typing, what PKG_PATH is set to if you're using it, the contents
 of /etc/pkg.conf if you're using that) and what output you see.
 
 This is the first I've heard of any major problem with 5.0 release
 packages on any arch, if there is a problem obviously we need to know
 what went wrong so we can avoid it happening in future, but before
 digging into that we need to first rule out incorrect procedure.

Don't bother, he's doing something very wrong.  This is a PEBKAC
diagnostic issue, not an OpenBSD issue.

Just happened to have a blade100 (the machine he named) sitting here,
just loaded it up, but not into production yet, so blew it away (it was
at -current, of course) and did exactly what he said:

* simple 5.0 install from CD (only non-default was to use ntpd)
* set PKG_PATH to my local mirror
* pkg_add xxxterm
* pkg_add firefox36 (didn't seem to be newer ones for sparc64)
* pkg_add dillo
* pkg_add conkeror
* pkg_add midori
* pkg_add kazehakase
* pkg_add links+2.2p2
* pkg_add elinks
* pkg_add w3m-0.5.3
* pkg_add links  FINALLY! an error!  conflict with links+.  Package
management system worked fine :)

Other than links after links+, all installed fine.

Starting them all at the same time on a blade100 with only 512M RAM was
not my most productive move, but they all seemed to be trying to work,
until something ran out of something and X blew me back to a command
prompt :)

(I gotta play with some of these alternate browsers)

Personally, I think he's screwing up between sparc and sparc64.  He's
being VERY sloppy with the platform name_s_ in his posting, so I suspect
it is safe to assume he's doing that elsewhere.

Nick.

Re: claimed 5.0 problems on sparc64 (was Re: Upgrading AMD64 4.9-stable to 5.0)

[Peter Hessler]

there is an excellent blog called www.openbsd.org/faq/. Check out the
advice there.  It's pretty awesome.


On 2011 Dec 20 (Tue) at 07:49:11 -0500 (-0500), Richard Thornton wrote:
:I used the advice from the blog called gab software.  Perhaps he was wrong.   
I am willing to reinstall.  I have no personal data to lose on this old box.
:
:Nick Holland n...@holland-consulting.net wrote:
:
:On 12/19/11 14:39, Stuart Henderson wrote:
: On 2011-12-19, Richard Thornton thornton.rich...@gmail.com wrote:
: Do a simple clean 5.0 install.  One would assume any browser package in the
: packages folder would install. None do for me on sparc, but with a clean
: 4.9 install all 4.9 packages install.  I am not a Unix specialist by any
: means but I do know how to type pkg_add .
:
: Please send a mail to ports@ detailing exactly what you are doing (what
: you're typing, what PKG_PATH is set to if you're using it, the contents
: of /etc/pkg.conf if you're using that) and what output you see.
: 
: This is the first I've heard of any major problem with 5.0 release
: packages on any arch, if there is a problem obviously we need to know
: what went wrong so we can avoid it happening in future, but before
: digging into that we need to first rule out incorrect procedure.
:
:Don't bother, he's doing something very wrong.  This is a PEBKAC
:diagnostic issue, not an OpenBSD issue.
:
:Just happened to have a blade100 (the machine he named) sitting here,
:just loaded it up, but not into production yet, so blew it away (it was
:at -current, of course) and did exactly what he said:
:
:* simple 5.0 install from CD (only non-default was to use ntpd)
:* set PKG_PATH to my local mirror
:* pkg_add xxxterm
:* pkg_add firefox36 (didn't seem to be newer ones for sparc64)
:* pkg_add dillo
:* pkg_add conkeror
:* pkg_add midori
:* pkg_add kazehakase
:* pkg_add links+2.2p2
:* pkg_add elinks
:* pkg_add w3m-0.5.3
:* pkg_add links  FINALLY! an error!  conflict with links+.  Package
:management system worked fine :)
:
:Other than links after links+, all installed fine.
:
:Starting them all at the same time on a blade100 with only 512M RAM was
:not my most productive move, but they all seemed to be trying to work,
:until something ran out of something and X blew me back to a command
:prompt :)
:
:(I gotta play with some of these alternate browsers)
:
:Personally, I think he's screwing up between sparc and sparc64.  He's
:being VERY sloppy with the platform name_s_ in his posting, so I suspect
:it is safe to assume he's doing that elsewhere.
:
:Nick.
:

-- 
Drew's Law of Highway Biology:
The first bug to hit a clean windshield lands directly in front
of your eyes.

Re: upgrade OpenBSD

[Kenneth R Westerback]

On Mon, Dec 19, 2011 at 10:34:12PM -0500, Nick Holland wrote:
 On 12/19/11 15:55, Lars Kotthoff wrote:
  Hi list,
  
   the OpenBSD upgrade pages carry a warning at the top Note: Upgrades are 
  only
  supported from one release to the release immediately following it. Do not 
  skip
  releases.
  
  What's the reason for this warning? I've had a look at the upgrade steps 
  and the
  only thing that seems to assume a certain system configuration is the 
  update of
  the configuration files using the patches.
 
 As Henning indicated...it's what we test.
 There are 17 platforms for OpenBSD.  There's a lot to test for each
 release, testing upgrades from 4.8 to 5.0 just doubled our
 work...pointlessly.  Documenting the two-release process just doubled MY
 work.  And you want four steps.  No.
 
  This shouldn't be a problem when
  using sysmerge though, should it?
 
 By that statement, I presume you audited the code for that?
 no, actually, I didn't believe that. :)
 
  To be clear, I'm not intending to start a flame war about OpenBSD upgrade
  processes, I was just wondering why releases shouldn't be skipped. I'm 
  looking
  to upgrade a machine running 4.6 to 5.0 and would obviously prefer to do 
  this in
  one step instead of four.
 
 This REALLY falls under the category of, if you gotta ask, don't.  Just
 don't.
 
 The OpenBSD upgrade process is really simple (so simple, *I* could write
 the process!  Come to think of it, I do!), but if you are asking can I
 get away with ..., rather than understanding the process well enough to
 answer your own question, don't.
 
 Consider it punishment for not having kept the system up to date.  You
 SHOULD have done those three missing updates anyway...now you have to do
 them all in one hour. :)
 
 And, if there's any question this isn't just a snarky answer (I'm not
 denying it is ALSO a snarky answer), if you look at the update
 instructions for any arbitrary version of OpenBSD, you will note there
 is more to it than just run sysmerge.  When you start jumping
 versions, you may see interesting issues from those steps...and little
 problems that will bite you in the ass and you won't be sure which step
 you skipped did it.
 
 Me?  If I had console on the machine, I'd have no trouble taking your
 system directly from 4.6 to 5.0 (and the console would be just in case I
 got cocky and screwed up :).  But then, I understand the process pretty
 well (we hope!).  I understand it well enough that I suggest YOU take
 the advice.
 
 Nick.
 

Doing 1 upgrade over multiple releases vs several upgrades is, in
addition to the excellent reasons pointed out by Nick, not worth
testing since each upgrade takes 5-10 minutes (on most, reasonably
modern archs). And that's with running sysmerge, removing old files,
backing up the new config files, etc. If one is just passing through
I assume upgrading packages doesn't figure into it until the 'final'
upgrade. Why would we waste hundreds of man hours testing upgrading
over multiple releases to save you 30 or 40 minutes?

I mean, it's not like you have to download all those files. You do
buy CD's, right?

 Ken

can not use the up key to last command at root?

[johnw]

my system is i386/current, i do not know why and when,
today, i noticed i can not use the up key to last command at root anymore.

i can use the up key to last command at non root user,
both is use ksh.

any idea?

please help and thank you.

Re: Proper way to update system + ports?

[James Hozier]

--- On Tue, 12/20/11, Stuart Henderson s...@spacehopper.org wrote:

 From: Stuart Henderson s...@spacehopper.org
 Subject: Re: Proper way to update system + ports?
 To: misc@openbsd.org
 Date: Tuesday, December 20, 2011, 10:25 AM
 On 2011-12-19, James Hozier guitars...@yahoo.com
 wrote:
  I ran into an error trying to install Firefox (I think
 the latest
  version in Ports is 8.0.1) so I thought I might be
 updating
  incorrectly.
 
 ===  Checking files for firefox-5.0p3
  Fetch 
  http://releases.mozilla.org/pub/mozilla.org/firefox/releases/5.0/source/firefox-5.0.source.tar.bz2
  ftp: Error retrieving file: 404 Not Found

 Mozilla don't keep many old releases on the http
 distribution
 sites.  You can fetch this from

 ftp://ftp.mozilla.org/pub/mozilla.org/firefox/releases/5.0/source/firefox-5.0.source.tar.bz2

 I'll add this to ports/www/mozilla/mozilla.port.mk in
 -stable
 in a bit.

 I'd really suggest running -current if you want to keep up
 to
 date with things like browsers. Then you can just use
 packages
 rather than spend hours building (also note that only fixes
 for
 the worst bugs will get into -stable; and even then only
 if
 they won't cause problems for other ports needing a whole
 chain
 of updates).

 Just because -stable is named -stable doesn't imply that
 -current
 is likely to break often.



I guess it is sort of ironic that trying to build Firefox from
-stable was broken, but in -current it worked fine.

As far as keeping up with -current goes, would it be bad netiquette
to update my system every 12 hours just to keep up with the changes?
Or is that being a resource hog?

Re: can not use the up key to last command at root?

[Francois Pussault]

Hi

add the following
lines to the bottom of your .kshrc file in your /root directory:

set -o emacs
alias __A=$(print '\0020') # ^P = up = previous command
alias __B=$(print '\0016') # ^N = down = next command
alias __C=$(print '\0006') # ^F = right = forward a character
alias __D=$(print '\0002') # ^B = left = back a character
alias __H=$(print '\0001') # ^A = home = beginning of line

this should resolv the issue...

or you can prefer to use vi mode

then esc-K will give you last command.

 
 From: johnw johnw.m...@gmail.com
 Sent: Tue Dec 20 15:32:30 CET 2011
 To: misc@openbsd.org
 Subject: can not use the up key to last command at root?


 my system is i386/current, i do not know why and when,
 today, i noticed i can not use the up key to last command at root anymore.

 i can use the up key to last command at non root user,
 both is use ksh.

 any idea?

 please help and thank you.



Cordialement
Francois Pussault
3701 - 8 rue Marcel Pagnol
31100 ToulouseB 
FranceB 
+33 6 17 230 820 B  +33 5 34 365 269
fpussa...@contactoffice.fr

Re: can not use the up key to last command at root?

[Otto Moerbeek]

On Tue, Dec 20, 2011 at 03:44:11PM +0100, Francois Pussault wrote:

 Hi
 
 add the following
 lines to the bottom of your .kshrc file in your /root directory:
 
 set -o emacs
 alias __A=$(print '\0020') # ^P = up = previous command
 alias __B=$(print '\0016') # ^N = down = next command
 alias __C=$(print '\0006') # ^F = right = forward a character
 alias __D=$(print '\0002') # ^B = left = back a character
 alias __H=$(print '\0001') # ^A = home = beginning of line
 
 this should resolv the issue...

The aliases are not neccesary. I suspect root's shell is in vi mode.
Check with set -o

-Otto

 
 or you can prefer to use vi mode
 
 then esc-K will give you last command.
 
  
  From: johnw johnw.m...@gmail.com
  Sent: Tue Dec 20 15:32:30 CET 2011
  To: misc@openbsd.org
  Subject: can not use the up key to last command at root?
 
 
  my system is i386/current, i do not know why and when,
  today, i noticed i can not use the up key to last command at root anymore.
 
  i can use the up key to last command at non root user,
  both is use ksh.
 
  any idea?
 
  please help and thank you.
 
 
 
 Cordialement
 Francois Pussault
 3701 - 8 rue Marcel Pagnol
 31100 ToulouseB 
 FranceB 
 +33 6 17 230 820 B  +33 5 34 365 269
 fpussa...@contactoffice.fr

Re: Proper way to update system + ports?

[Daniel Bolgheroni]

On Tue, Dec 20, 2011 at 06:43:37AM -0800, James Hozier wrote:
 
 I guess it is sort of ironic that trying to build Firefox from
 -stable was broken, but in -current it worked fine.
 
 As far as keeping up with -current goes, would it be bad netiquette
 to update my system every 12 hours just to keep up with the changes?
 Or is that being a resource hog?

Very little change in -stable. You're wasting your time.

I don't know if you noted that there is a commit on why your port broke.

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

Re: Where to buy Lemote FuLoong MIPS boxes?

[Steffen Daode Nurpmeso]

Gregory Edigarov wrote [2011-12-19 11:30+0100]:
 Taiga and Niva is two different models, just for the record...

You cannot hide Austria only because the boys (B;BurschenB+)
are not qualified for Ukraine/Poland 2012!
What if England had not been able to qualify?
Would you pretend not to know --- *England*?

--steffen

Re: claimed 5.0 problems on sparc64 (was Re: Upgrading AMD64 4.9-stable to 5.0)

[Nick Holland]

On 12/20/2011 07:49 AM, Richard Thornton wrote:

I used the advice from the blog called gab software.  Perhaps he was
wrong.   I am willing to reinstall.  I have no personal data to lose
on this old box.


What was deficient on the official documentation?

Nick.

Re: Odd Network Lockups

[Nick Templeton]

I'll give it a shot.
On Dec 19, 2011 4:27 AM, Stuart Henderson s...@spacehopper.org wrote:

 I just noticed the vether/tun/bridge in your systat output.
 To try and narrow things down, are you able to disable these
 to see if there's any improvement?


 On 2011-12-08, Nick Templeton n...@nicktempleton.com wrote:
  I think you're right Stuart, raising kern.maxclusters is only buying me
 time.
 
  The only sysctl values I've modified are:
  net.inet.ip.forwarding=1
  ddb.panic=0
  kern.maxclusters=8192
 
  netstat -m shows increasing values over time, here's the output from
  this morning:
 
  3510 mbufs in use:
3479 mbufs allocated to data
24 mbufs allocated to packet headers
7 mbufs allocated to socket names and addresses
  3477/3522/8192 mbuf 2048 byte clusters in use (current/peak/max)
  0/8/8192 mbuf 4096 byte clusters in use (current/peak/max)
  0/8/8192 mbuf 8192 byte clusters in use (current/peak/max)
  0/8/8192 mbuf 9216 byte clusters in use (current/peak/max)
  0/8/8192 mbuf 12288 byte clusters in use (current/peak/max)
  0/8/8192 mbuf 16384 byte clusters in use (current/peak/max)
  0/8/8192 mbuf 65536 byte clusters in use (current/peak/max)
  8204 Kbytes allocated to network (95% in use)
  0 requests for memory denied
  0 requests for memory delayed
  0 calls to protocol drain routines
 
  ...and here it is from this evening:
 
  3718 mbufs in use:
 3687 mbufs allocated to data
 24 mbufs allocated to packet headers
 7 mbufs allocated to socket names and addresses
  3685/3734/8192 mbuf 2048 byte clusters in use (current/peak/max)
  0/8/8192 mbuf 4096 byte clusters in use (current/peak/max)
  0/8/8192 mbuf 8192 byte clusters in use (current/peak/max)
  0/8/8192 mbuf 9216 byte clusters in use (current/peak/max)
  0/8/8192 mbuf 12288 byte clusters in use (current/peak/max)
  0/8/8192 mbuf 16384 byte clusters in use (current/peak/max)
  0/8/8192 mbuf 65536 byte clusters in use (current/peak/max)
  8628 Kbytes allocated to network (96% in use)
  0 requests for memory denied
  0 requests for memory delayed
  0 calls to protocol drain routines
 
  Here's the output from systat mbuf:
 
  1 usersLoad 0.65 0.79 0.76 Wed Dec  7
 18:15:12
  2011
 
  IFACE LIVELOCKS  SIZE ALIVE   LWM   HWM   CWM
  System0   256  3716 242
 2k  36861867
  lo0
  em02k21 4   25621
  em12k20 4   25620
  em22k14 4   25614
  enc0
  vether0
  tun0
  bridge0
  pflog0
 
  I did update the kernel at the same time as changing the bios settings,
 so
  that
  led me down the wrong path I think. Digging through /var/log/messages* it
  looks
  as though things changed when I upgraded from the October 6th snapshot
 to the
  November 15th snapshot. When I was running this (and previous snapshots):
 
  OpenBSD 5.0-current (GENERIC.MP) #96: Thu Oct 6 16:12:43 MDT 2011
  dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
 
  ...I had a bunch of these errors (but no network lockups):
 
  pf: state key linking mismatch! dir=OUT, if=em1, stored af=2, a0:
  76.126.243.211:25619, a1: 192.168.10.2:49200, proto=17, found af=2, a0:
  176.15.107.37:45022, a1: 239.190.175.222:61374, proto=17
 
  After updating to this (and another update since):
 
  OpenBSD 5.0-current (GENERIC.MP) #133: Tue Nov 15 22:08:20 MST 2011
  dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
 
  ...I now have these warnings (and the network lockups):
 
  WARNING: mclpools limit reached; increase kern.maxclusters
 
  -Nick
 
  On Tue, Dec 6, 2011 at 11:21 AM, Stuart Henderson s...@spacehopper.org
  wrote:
  Have you adjusted any other sysctl values?
 
  What does netstat -m say? Run it once, then again after 30 mins or so.
 
  What does systat mbuf say?
 
  Did you update the kernel at the same time as changing bios settings?
  If so, what did you run before? (check /var/log/messages*)
 
  I doubt there's a legitimate reason to increase kern.maxclusters to
  8192 on this system, best I think you can hope for with that is to make
  it run for a little longer before crashing.
 
 
 
  On 2011-12-06, Nick Templeton n...@nicktempleton.com wrote:
  You're right that I had an outdated BIOS, which I've now updated, but
  upon further review I don't think that is/was the culprit. I've since
  had the issue re-surface and this time I noticed many lines like this
  in the dmesg (not sure how I missed it before):
 
  WARNING: mclpools limit reached; increase kern.maxclusters
 
  So I've upped kern.maxclusters to 8192, however, I'm not sure if I
  really should need to. This machine is a firewall/router for my home
  network running a few services (sshd, named, httpd, tomcat) for about
  5 users. There's also a machine that is running Transmission
  BitTorrent client behind the firewall, 

RSS feeds for Errata

[Todd]

If anyone likes to use RSS for security update notification, I made an
application for Google Appengine that parses the OpenBSD errata pages
and creates an RSS feed.  It will work as long as the format of the
errata pages does not change.

http://erratafeed.appspot.com/

Todd

Re: 4096-byte sector size again

[Chris Cappuccio]

some of these usb sticks come with a piece of software that will set them back 
to being normal usb sticks without hidden cdroms

j...@bitminer.ca [j...@bitminer.ca] wrote:
 I have an Iomega Prestige 1TB disk, USB 3.0 up to 5Gbit/s,
 
 OpenBSD 4.9 (GENERIC.MP) #794: Wed Mar  2 07:19:02 MST 2011
 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC.MP
 ...snip...
 Dec 17 09:53:54 len /bsd:  port 2 configuration 1 interface 0 iomega
 LDHD-UP3
 rev 2.10/0.04 addr 4
 Dec 17 09:53:54 len /bsd: umass0: using SCSI over Bulk-Only
 Dec 17 09:53:54 len /bsd: scsibus2 at umass0: 2 targets, initiator 0
 Dec 17 09:53:54 len /bsd: sd1 at scsibus2 targ 1 lun 0: OEM, Ext Hard
 Disk,  SCSI3 0/direct fixed
 Dec 17 09:53:54 len /bsd: sd1: 953169MB, 4096 bytes/sec, 244011446 sec total
 Dec 17 09:53:54 len /bsd: cd1 at scsibus2 targ 1 lun 1: Virtual, CDROM, 
 SCSI0 5/cdrom fixed
 
 (which of course has the built-in CD-ROM emulator containing Windows
 backup software.)
 
 The sectors are definitely 4k bytes.  How can I re-partition it given that
 fdisk won't adjust the MBR?
 
 # fdisk -e sd1
 Unable to read MBR
 
 (DOS partitions, not disklabel partitions.  disklabel works just fine.)
 
 thanks
 
 --John

-- 
There are only three sports: bullfighting, motor racing, and mountaineering; 
all the rest are merely games. - E. Hemingway

Re: strange tcp rst with rdomain

[Russell Garrison]

I have found that I need to add something like:

!route -T 2 exec /usr/sbin/sshd

To the pertinent hostname.if file to make sure sshd is listening in
addtional routing tables, but I do not know if this is best.

On Mon, Dec 19, 2011 at 1:02 PM, PP;QQ P(P8P?P8QP8P=
chipits...@gmail.com wrote:
 Hello.

 I'm running multihomed OpenBSD server:

 vlan5/carp5 - default
 vlan2/carp2 and vlan4/carp4 are connected to other ISPs.

 when there's no rdomain thing, everything seems to be working, except
 all outgoing packets goes through vlan5/carp5.


 so, I did

 f2n0:/root#cat /etc/hostname.vlan2
 vlan 2 vlandev trunk0 mtu 1300
 up

 f2n0:/root#cat /etc/hostname.carp2
 vhid 62 pass m1pass carpdev vlan2 X.X.X.X/26 rdomain 2
 !/sbin/route -T 2 add 0.0.0.0/0 X.X.X.Z
 f2n0:/root#cat /etc/hostname.vlan4
 vlan 4 vlandev trunk0 mtu 1300
 up

 f2n0:/root#cat /etc/hostname.carp4
 vhid 64 pass m1pass carpdev vlan4 Y.Y.Y.Y/26 rdomain 4
 !/sbin/route -T 4 add 0.0.0.0/0 Y.Y.Y.Z
 f2n0:/root#

 also, I did

 f2n0:/root#grep -v ^# /etc/pf.conf

 set skip on lo

 pass in vlan2 rtable 2
 pass in vlan4 rtable 4

 pass


 pingis working good, packets go out via appropriate interface.
 however, ssh ends with tcp rst, for example.
 how can the reason for that tcp rst might be detected?

 am I doing anything wrong with rdomains?

 Ilya Shipitsin

CF Card setup

[Jannik Pruitt]

Hi everyone.
i am brand new purchased my open bsd 5.0 on 11 Nov 2011.

I booted the CD on another computer installed every thing on a 32GB CF card.
Placed in my old thin client and it booked.

But the network card does not work.
It did work on the other computer after the install.

Is there a way to make the setup come up again?

Thanks

John

Re: CF Card setup

[Johan Beisser]

On Tue, Dec 20, 2011 at 2:41 PM, Jannik Pruitt
pruttel...@googlemail.com wrote:
 Hi everyone.
 i am brand new purchased my open bsd 5.0 on 11 Nov 2011.

 I booted the CD on another computer installed every thing on a 32GB CF card.
 Placed in my old thin client and it booked.

 But the network card does not work.
 It did work on the other computer after the install.

 Is there a way to make the setup come up again?

You really didn't provide enough information for anyone to help you.

Let's start with what's missing.

- dmesg
- what hardware you're running
- did you check your hostname.if in /etc matches the interface?
- have you read the FAQ? (http://www.openbsd.org/faq)
- did you check man pages?

Re: IPSec VPN dropping packets from time to time

[Steven Surdock]

See -stable fixes to 4.9.  Otherwise consider upgrading 4.9-5.0.

-Steve S.

-Steve S.


-Original Message-
From: Georg Buschbeck [open...@thomas-daily.de]
Received: Tuesday, 20 Dec 2011, 2:35am
To: misc@openbsd.org [misc@openbsd.org]
Subject: IPSec VPN dropping packets from time to time


Hi,

i've two openbsd firewalls running

1x OpenBSD 4.9 (amd64) in our office
1x OpenBSD 5.0 (amd64) in our co location.

we have a vpn set up between both locations via /etc/ipsec.conf
isakmpd is setup to not read any konfiguration files:

=== /etc/rc.conf.local ===
isakmpd_flags=-4 -K -v
=== /etc/rc.conf.local ===

now from time to time the vpn becomes unavailable,
though the established security association is visible via ipsecctl -sa.

i don't find anything suspucios in the log only quick mode done

=== /etc/ipsec.conf ===
ike active esp from $local_net to   $remotenet   peer $remotepeer \
 main auth hmac-sha1  enc aes group modp1024\
 quick auth hmac-sha1 enc aes group modp1024\
 psk MyPsKMyPsKMyPsKMyPsKMyPsKMyPsKMyPsKMyPsKMyPsKMyPsK
=== /etc/ipsec.conf ===

are there any hints what would be the best to debug next?
as till now i didn't see a pattern there.

delete the ruleset manually by  solves the probleme temporarily
which could be needed more often when forced.

===
ipsecctl -d -f /etc/ipsec.conf; ipsecctl -f /etc/ipsec.conf
===


Georg

Re: CF Card setup

[Nick Holland]

On 12/20/11 17:41, Jannik Pruitt wrote:
 Hi everyone.
 i am brand new purchased my open bsd 5.0 on 11 Nov 2011.

we like to hear that. :)
You put me in a good mood, so I'm giving you something other than just a
pointer at faq6 :)

 I booted the CD on another computer installed every thing on a 32GB CF card.
 Placed in my old thin client and it booked.
 
 But the network card does not work.
 It did work on the other computer after the install.
 
 Is there a way to make the setup come up again?

Sure.  this is really easy, much easier than most other OSs...
Your target computer has a NIC in it that is of a different type than
your install computer.  (just did battle with a degenerate form of this
problem on a Fedora machine today.  holy shit.  At least they pay me for
that).

So, let's say your install computer had an Intel gigabit card, which
uses the em driver...so it probably configured the network adapter as
em0.  The configuration for this card was stored in /etc/hostname.em0

Your thin client machine has some different card...for sake of
discussion, let's say it's an Intel 100mbps card, which uses a driver
called fxp.  It does NOT have an em card in it, so the em0
configuration information was ignored...so you came up with no network.

The easy fix is to copy the hostname. file to the appropriate name
for your target machine.  You could rename it, but I prefer copying --
that way, if you have to move the flash card back to the source machine,
the network will Just Come Up

if you do an ifconfig, you will get a list of all interfaces.  First
will probably be lo0, second will be the one you are after...  SO,
assuming your original machine had em0, and your target machine has
fxp0, you would do this:

# cp /etc/hostname.em0 /etc/hostname.fxp0

That's almost certainly wrong for your case.  You will have only one
hostname.* file currently, so the source is easy. just need to figure
out what kind of NIC you have now.  (there are cases where you might
actually have to alter what is in that file between card types, but I'm
going to guess that won't be your problem)

Nick.