Re: Proper way to update system + ports?
On 2011-12-19, James Hozier guitars...@yahoo.com wrote: I ran into an error trying to install Firefox (I think the latest version in Ports is 8.0.1) so I thought I might be updating incorrectly. === Checking files for firefox-5.0p3 Fetch http://releases.mozilla.org/pub/mozilla.org/firefox/releases/5.0/source/firefox-5.0.source.tar.bz2 ftp: Error retrieving file: 404 Not Found Mozilla don't keep many old releases on the http distribution sites. You can fetch this from ftp://ftp.mozilla.org/pub/mozilla.org/firefox/releases/5.0/source/firefox-5.0.source.tar.bz2 I'll add this to ports/www/mozilla/mozilla.port.mk in -stable in a bit. I'd really suggest running -current if you want to keep up to date with things like browsers. Then you can just use packages rather than spend hours building (also note that only fixes for the worst bugs will get into -stable; and even then only if they won't cause problems for other ports needing a whole chain of updates). Just because -stable is named -stable doesn't imply that -current is likely to break often.
Suite à une visite sur votre site
Madame, Monsieur, B Suite C une visite sur votre site internet, que je trouve particuliC(rement rC)ussi d'ailleurs, j'ai eu l'idC)e de faire un petit montage, qui je trouve, colle parfaitement avec la prC)sentation de votre entreprise. B Voici ce que cela donne : B http://dev.windeo.com/mailingserv.php?action=testemail=url=http://www.openb sd.org/ ( http://dev.windeo.com/mailingserv.php?action=testemail=url=http://www.open bsd.org/ ) B Vous verrez, c'est assez surprenant et vraiment amusant ! B Qu'en pensez-vous ? B Pour information, ce montage est une simple simulation dC)stinC)e C vous donner un aperC'u de la prestation que nous pourrions vous proposer. Cvidemment, ce lien est indC)pendant et privatif, et n'est en aucun cas consacrC) C une reprC)sentation publique. B Cordialement, Sylvie MILANO Service Marketing SpC)cialisteB Windeo agrC)C)e Tel : (+33) 01 79 47 50 19 E-mail :B contact.win...@gmail.com ( mailto:contact.win...@gmail.com; ) B PS : Pour C*tre certaine que vous avez reC'u le message ,J'ai envoyC) ce montage sur votre e-mail principal : misc@openbsd.org mais aussi aux adresses e-mail liC)es C votre site internet : http://www.openbsd.org/
IPSec VPN dropping packets from time to time
Hi, i've two openbsd firewalls running 1x OpenBSD 4.9 (amd64) in our office 1x OpenBSD 5.0 (amd64) in our co location. we have a vpn set up between both locations via /etc/ipsec.conf isakmpd is setup to not read any konfiguration files: === /etc/rc.conf.local === isakmpd_flags=-4 -K -v === /etc/rc.conf.local === now from time to time the vpn becomes unavailable, though the established security association is visible via ipsecctl -sa. i don't find anything suspucios in the log only quick mode done === /etc/ipsec.conf === ike active esp from $local_net to $remotenet peer $remotepeer \ main auth hmac-sha1 enc aes group modp1024\ quick auth hmac-sha1 enc aes group modp1024\ psk MyPsKMyPsKMyPsKMyPsKMyPsKMyPsKMyPsKMyPsKMyPsKMyPsK === /etc/ipsec.conf === are there any hints what would be the best to debug next? as till now i didn't see a pattern there. delete the ruleset manually by solves the probleme temporarily which could be needed more often when forced. === ipsecctl -d -f /etc/ipsec.conf; ipsecctl -f /etc/ipsec.conf === Georg
Re: claimed 5.0 problems on sparc64 (was Re: Upgrading AMD64 4.9-stable to 5.0)
I used the advice from the blog called gab software. Perhaps he was wrong. I am willing to reinstall. I have no personal data to lose on this old box. Nick Holland n...@holland-consulting.net wrote: On 12/19/11 14:39, Stuart Henderson wrote: On 2011-12-19, Richard Thornton thornton.rich...@gmail.com wrote: Do a simple clean 5.0 install. One would assume any browser package in the packages folder would install. None do for me on sparc, but with a clean 4.9 install all 4.9 packages install. I am not a Unix specialist by any means but I do know how to type pkg_add . Please send a mail to ports@ detailing exactly what you are doing (what you're typing, what PKG_PATH is set to if you're using it, the contents of /etc/pkg.conf if you're using that) and what output you see. This is the first I've heard of any major problem with 5.0 release packages on any arch, if there is a problem obviously we need to know what went wrong so we can avoid it happening in future, but before digging into that we need to first rule out incorrect procedure. Don't bother, he's doing something very wrong. This is a PEBKAC diagnostic issue, not an OpenBSD issue. Just happened to have a blade100 (the machine he named) sitting here, just loaded it up, but not into production yet, so blew it away (it was at -current, of course) and did exactly what he said: * simple 5.0 install from CD (only non-default was to use ntpd) * set PKG_PATH to my local mirror * pkg_add xxxterm * pkg_add firefox36 (didn't seem to be newer ones for sparc64) * pkg_add dillo * pkg_add conkeror * pkg_add midori * pkg_add kazehakase * pkg_add links+2.2p2 * pkg_add elinks * pkg_add w3m-0.5.3 * pkg_add links FINALLY! an error! conflict with links+. Package management system worked fine :) Other than links after links+, all installed fine. Starting them all at the same time on a blade100 with only 512M RAM was not my most productive move, but they all seemed to be trying to work, until something ran out of something and X blew me back to a command prompt :) (I gotta play with some of these alternate browsers) Personally, I think he's screwing up between sparc and sparc64. He's being VERY sloppy with the platform name_s_ in his posting, so I suspect it is safe to assume he's doing that elsewhere. Nick.
Re: claimed 5.0 problems on sparc64 (was Re: Upgrading AMD64 4.9-stable to 5.0)
there is an excellent blog called www.openbsd.org/faq/. Check out the advice there. It's pretty awesome. On 2011 Dec 20 (Tue) at 07:49:11 -0500 (-0500), Richard Thornton wrote: :I used the advice from the blog called gab software. Perhaps he was wrong. I am willing to reinstall. I have no personal data to lose on this old box. : :Nick Holland n...@holland-consulting.net wrote: : :On 12/19/11 14:39, Stuart Henderson wrote: : On 2011-12-19, Richard Thornton thornton.rich...@gmail.com wrote: : Do a simple clean 5.0 install. One would assume any browser package in the : packages folder would install. None do for me on sparc, but with a clean : 4.9 install all 4.9 packages install. I am not a Unix specialist by any : means but I do know how to type pkg_add . : : Please send a mail to ports@ detailing exactly what you are doing (what : you're typing, what PKG_PATH is set to if you're using it, the contents : of /etc/pkg.conf if you're using that) and what output you see. : : This is the first I've heard of any major problem with 5.0 release : packages on any arch, if there is a problem obviously we need to know : what went wrong so we can avoid it happening in future, but before : digging into that we need to first rule out incorrect procedure. : :Don't bother, he's doing something very wrong. This is a PEBKAC :diagnostic issue, not an OpenBSD issue. : :Just happened to have a blade100 (the machine he named) sitting here, :just loaded it up, but not into production yet, so blew it away (it was :at -current, of course) and did exactly what he said: : :* simple 5.0 install from CD (only non-default was to use ntpd) :* set PKG_PATH to my local mirror :* pkg_add xxxterm :* pkg_add firefox36 (didn't seem to be newer ones for sparc64) :* pkg_add dillo :* pkg_add conkeror :* pkg_add midori :* pkg_add kazehakase :* pkg_add links+2.2p2 :* pkg_add elinks :* pkg_add w3m-0.5.3 :* pkg_add links FINALLY! an error! conflict with links+. Package :management system worked fine :) : :Other than links after links+, all installed fine. : :Starting them all at the same time on a blade100 with only 512M RAM was :not my most productive move, but they all seemed to be trying to work, :until something ran out of something and X blew me back to a command :prompt :) : :(I gotta play with some of these alternate browsers) : :Personally, I think he's screwing up between sparc and sparc64. He's :being VERY sloppy with the platform name_s_ in his posting, so I suspect :it is safe to assume he's doing that elsewhere. : :Nick. : -- Drew's Law of Highway Biology: The first bug to hit a clean windshield lands directly in front of your eyes.
Re: upgrade OpenBSD
On Mon, Dec 19, 2011 at 10:34:12PM -0500, Nick Holland wrote: On 12/19/11 15:55, Lars Kotthoff wrote: Hi list, the OpenBSD upgrade pages carry a warning at the top Note: Upgrades are only supported from one release to the release immediately following it. Do not skip releases. What's the reason for this warning? I've had a look at the upgrade steps and the only thing that seems to assume a certain system configuration is the update of the configuration files using the patches. As Henning indicated...it's what we test. There are 17 platforms for OpenBSD. There's a lot to test for each release, testing upgrades from 4.8 to 5.0 just doubled our work...pointlessly. Documenting the two-release process just doubled MY work. And you want four steps. No. This shouldn't be a problem when using sysmerge though, should it? By that statement, I presume you audited the code for that? no, actually, I didn't believe that. :) To be clear, I'm not intending to start a flame war about OpenBSD upgrade processes, I was just wondering why releases shouldn't be skipped. I'm looking to upgrade a machine running 4.6 to 5.0 and would obviously prefer to do this in one step instead of four. This REALLY falls under the category of, if you gotta ask, don't. Just don't. The OpenBSD upgrade process is really simple (so simple, *I* could write the process! Come to think of it, I do!), but if you are asking can I get away with ..., rather than understanding the process well enough to answer your own question, don't. Consider it punishment for not having kept the system up to date. You SHOULD have done those three missing updates anyway...now you have to do them all in one hour. :) And, if there's any question this isn't just a snarky answer (I'm not denying it is ALSO a snarky answer), if you look at the update instructions for any arbitrary version of OpenBSD, you will note there is more to it than just run sysmerge. When you start jumping versions, you may see interesting issues from those steps...and little problems that will bite you in the ass and you won't be sure which step you skipped did it. Me? If I had console on the machine, I'd have no trouble taking your system directly from 4.6 to 5.0 (and the console would be just in case I got cocky and screwed up :). But then, I understand the process pretty well (we hope!). I understand it well enough that I suggest YOU take the advice. Nick. Doing 1 upgrade over multiple releases vs several upgrades is, in addition to the excellent reasons pointed out by Nick, not worth testing since each upgrade takes 5-10 minutes (on most, reasonably modern archs). And that's with running sysmerge, removing old files, backing up the new config files, etc. If one is just passing through I assume upgrading packages doesn't figure into it until the 'final' upgrade. Why would we waste hundreds of man hours testing upgrading over multiple releases to save you 30 or 40 minutes? I mean, it's not like you have to download all those files. You do buy CD's, right? Ken
can not use the up key to last command at root?
my system is i386/current, i do not know why and when, today, i noticed i can not use the up key to last command at root anymore. i can use the up key to last command at non root user, both is use ksh. any idea? please help and thank you.
Re: Proper way to update system + ports?
--- On Tue, 12/20/11, Stuart Henderson s...@spacehopper.org wrote: From: Stuart Henderson s...@spacehopper.org Subject: Re: Proper way to update system + ports? To: misc@openbsd.org Date: Tuesday, December 20, 2011, 10:25 AM On 2011-12-19, James Hozier guitars...@yahoo.com wrote: I ran into an error trying to install Firefox (I think the latest version in Ports is 8.0.1) so I thought I might be updating incorrectly. === Checking files for firefox-5.0p3 Fetch http://releases.mozilla.org/pub/mozilla.org/firefox/releases/5.0/source/firefox-5.0.source.tar.bz2 ftp: Error retrieving file: 404 Not Found Mozilla don't keep many old releases on the http distribution sites. You can fetch this from ftp://ftp.mozilla.org/pub/mozilla.org/firefox/releases/5.0/source/firefox-5.0.source.tar.bz2 I'll add this to ports/www/mozilla/mozilla.port.mk in -stable in a bit. I'd really suggest running -current if you want to keep up to date with things like browsers. Then you can just use packages rather than spend hours building (also note that only fixes for the worst bugs will get into -stable; and even then only if they won't cause problems for other ports needing a whole chain of updates). Just because -stable is named -stable doesn't imply that -current is likely to break often. I guess it is sort of ironic that trying to build Firefox from -stable was broken, but in -current it worked fine. As far as keeping up with -current goes, would it be bad netiquette to update my system every 12 hours just to keep up with the changes? Or is that being a resource hog?
Re: can not use the up key to last command at root?
Hi add the following lines to the bottom of your .kshrc file in your /root directory: set -o emacs alias __A=$(print '\0020') # ^P = up = previous command alias __B=$(print '\0016') # ^N = down = next command alias __C=$(print '\0006') # ^F = right = forward a character alias __D=$(print '\0002') # ^B = left = back a character alias __H=$(print '\0001') # ^A = home = beginning of line this should resolv the issue... or you can prefer to use vi mode then esc-K will give you last command. From: johnw johnw.m...@gmail.com Sent: Tue Dec 20 15:32:30 CET 2011 To: misc@openbsd.org Subject: can not use the up key to last command at root? my system is i386/current, i do not know why and when, today, i noticed i can not use the up key to last command at root anymore. i can use the up key to last command at non root user, both is use ksh. any idea? please help and thank you. Cordialement Francois Pussault 3701 - 8 rue Marcel Pagnol 31100 ToulouseB FranceB +33 6 17 230 820 B +33 5 34 365 269 fpussa...@contactoffice.fr
Re: can not use the up key to last command at root?
On Tue, Dec 20, 2011 at 03:44:11PM +0100, Francois Pussault wrote: Hi add the following lines to the bottom of your .kshrc file in your /root directory: set -o emacs alias __A=$(print '\0020') # ^P = up = previous command alias __B=$(print '\0016') # ^N = down = next command alias __C=$(print '\0006') # ^F = right = forward a character alias __D=$(print '\0002') # ^B = left = back a character alias __H=$(print '\0001') # ^A = home = beginning of line this should resolv the issue... The aliases are not neccesary. I suspect root's shell is in vi mode. Check with set -o -Otto or you can prefer to use vi mode then esc-K will give you last command. From: johnw johnw.m...@gmail.com Sent: Tue Dec 20 15:32:30 CET 2011 To: misc@openbsd.org Subject: can not use the up key to last command at root? my system is i386/current, i do not know why and when, today, i noticed i can not use the up key to last command at root anymore. i can use the up key to last command at non root user, both is use ksh. any idea? please help and thank you. Cordialement Francois Pussault 3701 - 8 rue Marcel Pagnol 31100 ToulouseB FranceB +33 6 17 230 820 B +33 5 34 365 269 fpussa...@contactoffice.fr
Re: Proper way to update system + ports?
On Tue, Dec 20, 2011 at 06:43:37AM -0800, James Hozier wrote: I guess it is sort of ironic that trying to build Firefox from -stable was broken, but in -current it worked fine. As far as keeping up with -current goes, would it be bad netiquette to update my system every 12 hours just to keep up with the changes? Or is that being a resource hog? Very little change in -stable. You're wasting your time. I don't know if you noted that there is a commit on why your port broke. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Re: Where to buy Lemote FuLoong MIPS boxes?
Gregory Edigarov wrote [2011-12-19 11:30+0100]: Taiga and Niva is two different models, just for the record... You cannot hide Austria only because the boys (B;BurschenB+) are not qualified for Ukraine/Poland 2012! What if England had not been able to qualify? Would you pretend not to know --- *England*? --steffen
Re: claimed 5.0 problems on sparc64 (was Re: Upgrading AMD64 4.9-stable to 5.0)
On 12/20/2011 07:49 AM, Richard Thornton wrote: I used the advice from the blog called gab software. Perhaps he was wrong. I am willing to reinstall. I have no personal data to lose on this old box. What was deficient on the official documentation? Nick.
Re: Odd Network Lockups
I'll give it a shot. On Dec 19, 2011 4:27 AM, Stuart Henderson s...@spacehopper.org wrote: I just noticed the vether/tun/bridge in your systat output. To try and narrow things down, are you able to disable these to see if there's any improvement? On 2011-12-08, Nick Templeton n...@nicktempleton.com wrote: I think you're right Stuart, raising kern.maxclusters is only buying me time. The only sysctl values I've modified are: net.inet.ip.forwarding=1 ddb.panic=0 kern.maxclusters=8192 netstat -m shows increasing values over time, here's the output from this morning: 3510 mbufs in use: 3479 mbufs allocated to data 24 mbufs allocated to packet headers 7 mbufs allocated to socket names and addresses 3477/3522/8192 mbuf 2048 byte clusters in use (current/peak/max) 0/8/8192 mbuf 4096 byte clusters in use (current/peak/max) 0/8/8192 mbuf 8192 byte clusters in use (current/peak/max) 0/8/8192 mbuf 9216 byte clusters in use (current/peak/max) 0/8/8192 mbuf 12288 byte clusters in use (current/peak/max) 0/8/8192 mbuf 16384 byte clusters in use (current/peak/max) 0/8/8192 mbuf 65536 byte clusters in use (current/peak/max) 8204 Kbytes allocated to network (95% in use) 0 requests for memory denied 0 requests for memory delayed 0 calls to protocol drain routines ...and here it is from this evening: 3718 mbufs in use: 3687 mbufs allocated to data 24 mbufs allocated to packet headers 7 mbufs allocated to socket names and addresses 3685/3734/8192 mbuf 2048 byte clusters in use (current/peak/max) 0/8/8192 mbuf 4096 byte clusters in use (current/peak/max) 0/8/8192 mbuf 8192 byte clusters in use (current/peak/max) 0/8/8192 mbuf 9216 byte clusters in use (current/peak/max) 0/8/8192 mbuf 12288 byte clusters in use (current/peak/max) 0/8/8192 mbuf 16384 byte clusters in use (current/peak/max) 0/8/8192 mbuf 65536 byte clusters in use (current/peak/max) 8628 Kbytes allocated to network (96% in use) 0 requests for memory denied 0 requests for memory delayed 0 calls to protocol drain routines Here's the output from systat mbuf: 1 usersLoad 0.65 0.79 0.76 Wed Dec 7 18:15:12 2011 IFACE LIVELOCKS SIZE ALIVE LWM HWM CWM System0 256 3716 242 2k 36861867 lo0 em02k21 4 25621 em12k20 4 25620 em22k14 4 25614 enc0 vether0 tun0 bridge0 pflog0 I did update the kernel at the same time as changing the bios settings, so that led me down the wrong path I think. Digging through /var/log/messages* it looks as though things changed when I upgraded from the October 6th snapshot to the November 15th snapshot. When I was running this (and previous snapshots): OpenBSD 5.0-current (GENERIC.MP) #96: Thu Oct 6 16:12:43 MDT 2011 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP ...I had a bunch of these errors (but no network lockups): pf: state key linking mismatch! dir=OUT, if=em1, stored af=2, a0: 76.126.243.211:25619, a1: 192.168.10.2:49200, proto=17, found af=2, a0: 176.15.107.37:45022, a1: 239.190.175.222:61374, proto=17 After updating to this (and another update since): OpenBSD 5.0-current (GENERIC.MP) #133: Tue Nov 15 22:08:20 MST 2011 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP ...I now have these warnings (and the network lockups): WARNING: mclpools limit reached; increase kern.maxclusters -Nick On Tue, Dec 6, 2011 at 11:21 AM, Stuart Henderson s...@spacehopper.org wrote: Have you adjusted any other sysctl values? What does netstat -m say? Run it once, then again after 30 mins or so. What does systat mbuf say? Did you update the kernel at the same time as changing bios settings? If so, what did you run before? (check /var/log/messages*) I doubt there's a legitimate reason to increase kern.maxclusters to 8192 on this system, best I think you can hope for with that is to make it run for a little longer before crashing. On 2011-12-06, Nick Templeton n...@nicktempleton.com wrote: You're right that I had an outdated BIOS, which I've now updated, but upon further review I don't think that is/was the culprit. I've since had the issue re-surface and this time I noticed many lines like this in the dmesg (not sure how I missed it before): WARNING: mclpools limit reached; increase kern.maxclusters So I've upped kern.maxclusters to 8192, however, I'm not sure if I really should need to. This machine is a firewall/router for my home network running a few services (sshd, named, httpd, tomcat) for about 5 users. There's also a machine that is running Transmission BitTorrent client behind the firewall,
RSS feeds for Errata
If anyone likes to use RSS for security update notification, I made an application for Google Appengine that parses the OpenBSD errata pages and creates an RSS feed. It will work as long as the format of the errata pages does not change. http://erratafeed.appspot.com/ Todd
Re: 4096-byte sector size again
some of these usb sticks come with a piece of software that will set them back to being normal usb sticks without hidden cdroms j...@bitminer.ca [j...@bitminer.ca] wrote: I have an Iomega Prestige 1TB disk, USB 3.0 up to 5Gbit/s, OpenBSD 4.9 (GENERIC.MP) #794: Wed Mar 2 07:19:02 MST 2011 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC.MP ...snip... Dec 17 09:53:54 len /bsd: port 2 configuration 1 interface 0 iomega LDHD-UP3 rev 2.10/0.04 addr 4 Dec 17 09:53:54 len /bsd: umass0: using SCSI over Bulk-Only Dec 17 09:53:54 len /bsd: scsibus2 at umass0: 2 targets, initiator 0 Dec 17 09:53:54 len /bsd: sd1 at scsibus2 targ 1 lun 0: OEM, Ext Hard Disk, SCSI3 0/direct fixed Dec 17 09:53:54 len /bsd: sd1: 953169MB, 4096 bytes/sec, 244011446 sec total Dec 17 09:53:54 len /bsd: cd1 at scsibus2 targ 1 lun 1: Virtual, CDROM, SCSI0 5/cdrom fixed (which of course has the built-in CD-ROM emulator containing Windows backup software.) The sectors are definitely 4k bytes. How can I re-partition it given that fdisk won't adjust the MBR? # fdisk -e sd1 Unable to read MBR (DOS partitions, not disklabel partitions. disklabel works just fine.) thanks --John -- There are only three sports: bullfighting, motor racing, and mountaineering; all the rest are merely games. - E. Hemingway
Re: strange tcp rst with rdomain
I have found that I need to add something like: !route -T 2 exec /usr/sbin/sshd To the pertinent hostname.if file to make sure sshd is listening in addtional routing tables, but I do not know if this is best. On Mon, Dec 19, 2011 at 1:02 PM, PP;QQ P(P8P?P8QP8P= chipits...@gmail.com wrote: Hello. I'm running multihomed OpenBSD server: vlan5/carp5 - default vlan2/carp2 and vlan4/carp4 are connected to other ISPs. when there's no rdomain thing, everything seems to be working, except all outgoing packets goes through vlan5/carp5. so, I did f2n0:/root#cat /etc/hostname.vlan2 vlan 2 vlandev trunk0 mtu 1300 up f2n0:/root#cat /etc/hostname.carp2 vhid 62 pass m1pass carpdev vlan2 X.X.X.X/26 rdomain 2 !/sbin/route -T 2 add 0.0.0.0/0 X.X.X.Z f2n0:/root#cat /etc/hostname.vlan4 vlan 4 vlandev trunk0 mtu 1300 up f2n0:/root#cat /etc/hostname.carp4 vhid 64 pass m1pass carpdev vlan4 Y.Y.Y.Y/26 rdomain 4 !/sbin/route -T 4 add 0.0.0.0/0 Y.Y.Y.Z f2n0:/root# also, I did f2n0:/root#grep -v ^# /etc/pf.conf set skip on lo pass in vlan2 rtable 2 pass in vlan4 rtable 4 pass pingis working good, packets go out via appropriate interface. however, ssh ends with tcp rst, for example. how can the reason for that tcp rst might be detected? am I doing anything wrong with rdomains? Ilya Shipitsin
CF Card setup
Hi everyone. i am brand new purchased my open bsd 5.0 on 11 Nov 2011. I booted the CD on another computer installed every thing on a 32GB CF card. Placed in my old thin client and it booked. But the network card does not work. It did work on the other computer after the install. Is there a way to make the setup come up again? Thanks John
Re: CF Card setup
On Tue, Dec 20, 2011 at 2:41 PM, Jannik Pruitt pruttel...@googlemail.com wrote: Hi everyone. i am brand new purchased my open bsd 5.0 on 11 Nov 2011. I booted the CD on another computer installed every thing on a 32GB CF card. Placed in my old thin client and it booked. But the network card does not work. It did work on the other computer after the install. Is there a way to make the setup come up again? You really didn't provide enough information for anyone to help you. Let's start with what's missing. - dmesg - what hardware you're running - did you check your hostname.if in /etc matches the interface? - have you read the FAQ? (http://www.openbsd.org/faq) - did you check man pages?
Re: IPSec VPN dropping packets from time to time
See -stable fixes to 4.9. Otherwise consider upgrading 4.9-5.0. -Steve S. -Steve S. -Original Message- From: Georg Buschbeck [open...@thomas-daily.de] Received: Tuesday, 20 Dec 2011, 2:35am To: misc@openbsd.org [misc@openbsd.org] Subject: IPSec VPN dropping packets from time to time Hi, i've two openbsd firewalls running 1x OpenBSD 4.9 (amd64) in our office 1x OpenBSD 5.0 (amd64) in our co location. we have a vpn set up between both locations via /etc/ipsec.conf isakmpd is setup to not read any konfiguration files: === /etc/rc.conf.local === isakmpd_flags=-4 -K -v === /etc/rc.conf.local === now from time to time the vpn becomes unavailable, though the established security association is visible via ipsecctl -sa. i don't find anything suspucios in the log only quick mode done === /etc/ipsec.conf === ike active esp from $local_net to $remotenet peer $remotepeer \ main auth hmac-sha1 enc aes group modp1024\ quick auth hmac-sha1 enc aes group modp1024\ psk MyPsKMyPsKMyPsKMyPsKMyPsKMyPsKMyPsKMyPsKMyPsKMyPsK === /etc/ipsec.conf === are there any hints what would be the best to debug next? as till now i didn't see a pattern there. delete the ruleset manually by solves the probleme temporarily which could be needed more often when forced. === ipsecctl -d -f /etc/ipsec.conf; ipsecctl -f /etc/ipsec.conf === Georg
Re: CF Card setup
On 12/20/11 17:41, Jannik Pruitt wrote: Hi everyone. i am brand new purchased my open bsd 5.0 on 11 Nov 2011. we like to hear that. :) You put me in a good mood, so I'm giving you something other than just a pointer at faq6 :) I booted the CD on another computer installed every thing on a 32GB CF card. Placed in my old thin client and it booked. But the network card does not work. It did work on the other computer after the install. Is there a way to make the setup come up again? Sure. this is really easy, much easier than most other OSs... Your target computer has a NIC in it that is of a different type than your install computer. (just did battle with a degenerate form of this problem on a Fedora machine today. holy shit. At least they pay me for that). So, let's say your install computer had an Intel gigabit card, which uses the em driver...so it probably configured the network adapter as em0. The configuration for this card was stored in /etc/hostname.em0 Your thin client machine has some different card...for sake of discussion, let's say it's an Intel 100mbps card, which uses a driver called fxp. It does NOT have an em card in it, so the em0 configuration information was ignored...so you came up with no network. The easy fix is to copy the hostname. file to the appropriate name for your target machine. You could rename it, but I prefer copying -- that way, if you have to move the flash card back to the source machine, the network will Just Come Up if you do an ifconfig, you will get a list of all interfaces. First will probably be lo0, second will be the one you are after... SO, assuming your original machine had em0, and your target machine has fxp0, you would do this: # cp /etc/hostname.em0 /etc/hostname.fxp0 That's almost certainly wrong for your case. You will have only one hostname.* file currently, so the source is easy. just need to figure out what kind of NIC you have now. (there are cases where you might actually have to alter what is in that file between card types, but I'm going to guess that won't be your problem) Nick.