Lenceria Erotica 4Bidden 43% OFF | Paseo en Velero 68% OFF | Parrilla Electrica 58 % OFF | Juguera S/Pulpa 56 % OFF | Fabrica de Helados Nova 51% OFF | Lifting sin cirugía 50% OFF
Para visualizar correctamente este newsletter ingresa a http://news.bonuscupon.com.ar/r.html?uid=1.3d.3dsc.1if.dr2fd7d5l2
Re: similar behaviour to Linux netstat -lpn ?
On Tue, Apr 3, 2012 at 4:21 PM, PP;QQ P(P8P?P8QP8P= chipits...@gmail.com wrote: Hello! I'd like to see every program (with program name) that listen something on network. I can achive that on Linux by running netstat -lpn, like that server:~# netstat -lpn Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address B B B B B Foreign Address State B B B PID/Program name tcp B B B B 0 B B B 0 0.0.0.0:25 B B B B B B B 0.0.0.0:* LISTEN B B B 411/master tcp B B B B 0 B B B 0 0.0.0.0:445 B B B B B B 0.0.0.0:* LISTEN B B B 428/smbd tcp B B B B 0 B B B 0 0.0.0.0:139 B B B B B B 0.0.0.0:* LISTEN B B B 428/smbd tcp B B B B 0 B B B 0 0.0.0.0:111 B B B B B B 0.0.0.0:* LISTEN B B B 263/portmap tcp B B B B 0 B B B 0 127.0.0.1:20209 B B B B 0.0.0.0:* LISTEN B B B 8547/dkim-filter tcp B B B B 0 B B B 0 0.0.0.0:22 B B B B B B B 0.0.0.0:* LISTEN B B B 343/sshd tcp6 B B B 0 B B B 0 :::22 B B B B B B B B B :::* LISTEN B B B 343/sshd udp B B B B 0 B B B 0 0.0.0.0:111 B B B B B B 0.0.0.0:* 263/portmap udp B B B B 0 B B B 0 0.0.0.0:37764 B B B B B 0.0.0.0:* 8547/dkim-filter udp B B B B 0 B B B 0 127.0.0.2:137 B B B B B 0.0.0.0:* 421/nmbd udp B B B B 0 B B B 0 192.168.7.21:137 B B B B 0.0.0.0:* 421/nmbd udp B B B B 0 B B B 0 0.0.0.0:137 B B B B B B 0.0.0.0:* 421/nmbd udp B B B B 0 B B B 0 127.0.0.2:138 B B B B B 0.0.0.0:* 421/nmbd udp B B B B 0 B B B 0 192.168.7.21:138 B B B B 0.0.0.0:* 421/nmbd udp B B B B 0 B B B 0 0.0.0.0:138 B B B B B B 0.0.0.0:* 421/nmbd is there similar things for OpenBSD ? http://www.feyrer.de/NetBSD/bx/blosxom.cgi/nb_20101002_2009.html Cheers, Ilya Shipitsin
Re: Route Target Import / Export in bgpd
Hello, Any hints on how to troubleshoot this issue? I'm looking for some kind of debug to see what is going from rib to fib in order to understand why the prefixes are not imported. Thanks, Rimi Le 1 avril 2012 16:24, Rimi Philippe m...@remiphilippe.fr a icrit : Hello, I'm testing OpenBSD with L3VPN, everything is working fine except from the RT import / export side. I usually configure my VPN with PE Loopback:identifier, so my config looks like this: PE1: rdomain 20 { rd 1.1.1.1:20 import-target rt 2.2.2.2:20 export-target rt 1.1.1.1:20 depend on mpe20 network inet connected } PE2: rdomain 20 { rd 2.2.2.2:20 import-target rt 1.1.1.1:20 export-target rt 2.2.2.2:20 depend on mpe20 network inet connected } This kind of configuration works on Cisco devices for example, but here PE1: # bgpctl show fib table 20 flags: * = valid, B = BGP, C = Connected, S = Static N = BGP Nexthop reachable via this route r = reject route, b = blackhole route flags prio destination gateway *C 0 127.0.0.0/8 link#0 *C 4 172.16.35.0/24 link#2 *C 0 ::1/128 link#0 PE2: # bgpctl sho fib table 20 flags: * = valid, B = BGP, C = Connected, S = Static N = BGP Nexthop reachable via this route r = reject route, b = blackhole route flags prio destination gateway *C 0 127.0.0.0/8 link#0 *C 4 172.16.39.0/24 link#3 *C 0 ::1/128 link#0 It works fine when I set the same RD on both PE, but that's not really what I'm looking for. I can't find much debug information, any hints on how to tshoot this? Thanks for your help, Remi
Tost Makinası Yapmak Yerine Bize Satabilirsiniz
Resimleri gvremiyor musunuz? Resimleri gvsteri segin ya da bu iletiyi tarayD1cD1nD1zda gvr|nt|leyin. Bilgilendirme e-postalarD1nD1 almak istemiyorsanD1z l|tfen tD1klayD1n. [IMAGE] 0212 252 15 75 Eski Notebookunuzdan Tost Makinesi YapmayD1 Deneyebilirsiniz [IMAGE] Ya da Bize SatarsD1nD1z! Onlar Gok DeDerliydiler KD1yamD1yorsunuz... Ama ArtD1k Eskidiler! Onlara sizin verdiDiniz deDeri biz de veriyoruz... MarkasD1 ve modeli her ne olursa olsun eski notebook, bilgisayar, yazD1cD1 ve monitvrlerinizi en uygun fiyata geri alD1yoruz. [IMAGE] D0nvn| Caddesi Teknik Han No:38 Kat:3 G|m|Esuyu, Taksim / D0stanbul 0 212 252 15 75 www.bilgisayarhastanesi.com [IMAGE]
Magistral Curso de La Estrategia del Océano Azul Ultimo dia para Inscribierse
Apreciable Ejecutivo: TIEM de Mixico Empresa Lmder en Capacitacisn y Actualizacisn de Capital Humano Debido al gran ixito de la conferencia, y porque usted lo pidis ahora en curso: Estrategia del Ociano Azul En la Ciudad de Mixico, el dma 18 de Abril Inscribase antes del 13 de Abril y aprobeche un 15% de descuento. La estrategia del Ociano Azul, plantea dos escenarios un ociano rojo que busca superar a la competencia con el fin de obtener una porcisn de un mercado existente y un ociano azul, que consiste en buscar un mercado virgen que nadie haya tocado y que tenga el potencial de crecer. En los ocianos rojos, la competencia pone las reglas; en los ocianos azules, la competencia se vuelve irrelevante. Esta estrategia se conoce como innovacisn de valor y es diferente a la ventaja competitiva, ya que no se enfoca en vencer a la competencia, sino que se enfoca en hacer a la competencia irrelevante al ofrecer un valor fundamentalmente nuevo y superior a sus clientes para crear nueva demanda. En este Curso con un enfoque muy practico, los participantes aprenderan csmo desarrollar y pensar en una Estrategia de Ociano Azul.. Objetivo: Proporcionar la metodologma para desarrollar estrategias y propuestas de valor para generar demandas latentes y de alto valor y poder competir en nuevos mercados/segmentos, con diferenciacisn y con una orientacisn a los no clientes tradicionales. Para mayor informacisn, favor de responder este correo con los siguientes datos: Empresa: Nombre: Ciudad: Telifono: O si lo prefiere comunmquese a los telifonos: Del DF al 5611-0969 con 10 lmneas Interior del Pams Lada sin Costo 01 800 900 TIEM (8436) Aceptamos todas las TDC y Dibito. **Promocisn: 3 meses sin Intereses pagando con American Express **Aplica solo con Inversisn Normal .Todos los Derechos Reservados )2011 TIEM Talento e Innovacisn Empresarial de Mixico Este Mensaje le ha sido enviado como usuario de TIEM de Mixico o bien un usuario le refiris para recibir este boletmn. Como usuario de TIEM de Mixico, en este acto autoriza de manera expresa que TIEM de Mixico le puede contactar vma correo electrsnico u otros medios. Si usted ha recibido este mensaje por error, haga caso omiso de il y reporte su cuenta respondiendo este correo con el subject BAJABD Unsubscribe to this mailing list, reply a blank message with the subject UNSUBSCRIBE BAJABD Tenga en cuenta que la gestisn de nuestras bases de datos es de suma importancia y no es intencisn de la empresa la inconformidad del receptor.
CMedia 8788 (Asus Xonar D2X)
Hi list, I'm wondering if anybody is working on support for the Asus Xonar D2X (a branded CMedia 8788). If not, then I was planning on having a look at the OSS driver from http://developer.opensound.com/sources/ (the page states that the sources are GPLv2 or CDDL 1, but I think it just hasn't been updated (there are source tarballs available in a bsd directory that includes a 2-clause BSD licence. Is there any reason that this would be a bad place to start? If so, can anybody suggest a better place? Thanks, Patsy
ALTQ and VLAN interfaces
Hi All, I have the following OpenBSD multi-tenant firewall setup: | +-+---+++---+---+ | | vlan10 |||vlan11 | | | | 195.188.200.a |--(em0)--| 195.188.201.a | | | | 195.188.200.b | | 195.188.201.b | | | | rdomain 1 | | rdomain 2 | | | +---+ +---+ | | | | +---+ +---+ | | |vlan160| |vlan161| | | | 10.1.160.1 |--(em1)--| 10.1.160.1 | | | | rdomain 160 ||| rdomain 161 | | +-+---+++---+---+ | vlan10 and vlan11 represent the PUBLIC side of the firewall and each vlan has a separate rdomain. A customer could be assigned IP addresses from both vlan10 and vlan11. Traffic from vlans 160 and 161 is then natted out of vlan10 and vlan11 using pf rules (and vice-verse, with some tagging). vlan160 and vlan161 represent the customer side of the firewall, ip addresses on this side can only be rfc1918, but can be the same subnets in each vlan (hence separate rdomains). What I'd like to be able to do is queue traffic as it leaves the firewall, both north and south, but I'm unsure as to where to enable altq. Should I do: # out being out of em0 altq on em0 cbq bandwidth 300Mb queue { INT_em0, queue1_out, queue2_out } queue INT_em0 bandwidth 100Mb cbq(default) queue queue1_out bandwidth 100Mb cbq(ecn) queue queue2_out bandwidth 100Mb cbq(ecn) # Using pass in to keep state for packets coming back out of vlan10 pass in on vlan10 from any to 195.188.200.a queue queue1_out pass in on vlan10 from any to 195.188.200.b queue queue2_out # in being out of em1 altq on em1 cbq bandwidth 300Mb queue { INT_em1, queue1_in, queue2_in } queue INT_em1 bandwidth 100Mb cbq(default) queue queue1_in bandwidth 100Mb cbq(ecn) queue queue2_in bandwidth 100Mb cbq(ecn) # Using pass in to keep state for packets coming back out of vlan160 or vlan161 pass in on vlan160 from any to any queue queue1_in pass in on vlan160 from any to any queue queue2_in or should I do: altq on vlan10 cbq bandwidth 300MB queue { INT_vlan10, queue1_out, queue2_out } queue INT_vlan10 bandwidth 100Mb cbq(default) queue queue1_out bandwidth 100Mb cbq(ecn) queue queue2_out bandwidth 100Mb cbq(ecn) # Using pass in to keep state for packets coming back out of vlan10 pass in on vlan10 from any to 195.188.200.a queue queue1_out pass in on vlan10 from any to 195.188.200.b queue queue2_out # in being out of vlan160 altq on vlan160 cbq bandwidth 100Mb queue { INT_vlan160 } queue INT_vlan160 bandwidth 100Mb cbq(default) # Using pass in to keep state for packets coming back out of vlan160 or vlan161 pass in on vlan160 from any to any queue queue1_in pass in on vlan160 from any to any queue queue2_in With altq statements for each vlan interface. Ideally I'd want to do altq on the vlan parent interface. Thanks, Peter
Re: Route Target Import / Export in bgpd
On Wed, Apr 04, 2012 at 10:37:20AM +0200, Rimi Philippe wrote: Hello, Any hints on how to troubleshoot this issue? I'm looking for some kind of debug to see what is going from rib to fib in order to understand why the prefixes are not imported. Hmm. Looks like I go t confused by the old BGP MPLS VPN RFC where the RD was somewhat strangly declared. In other words bgpd filters on the RD as well. This is a bug and I will fix it ASAP. -- :wq Claudio Thanks, Rimi Le 1 avril 2012 16:24, Rimi Philippe m...@remiphilippe.fr a icrit : Hello, I'm testing OpenBSD with L3VPN, everything is working fine except from the RT import / export side. I usually configure my VPN with PE Loopback:identifier, so my config looks like this: PE1: rdomain 20 { rd 1.1.1.1:20 import-target rt 2.2.2.2:20 export-target rt 1.1.1.1:20 depend on mpe20 network inet connected } PE2: rdomain 20 { rd 2.2.2.2:20 import-target rt 1.1.1.1:20 export-target rt 2.2.2.2:20 depend on mpe20 network inet connected } This kind of configuration works on Cisco devices for example, but here PE1: # bgpctl show fib table 20 flags: * = valid, B = BGP, C = Connected, S = Static N = BGP Nexthop reachable via this route r = reject route, b = blackhole route flags prio destination gateway *C 0 127.0.0.0/8 link#0 *C 4 172.16.35.0/24 link#2 *C 0 ::1/128 link#0 PE2: # bgpctl sho fib table 20 flags: * = valid, B = BGP, C = Connected, S = Static N = BGP Nexthop reachable via this route r = reject route, b = blackhole route flags prio destination gateway *C 0 127.0.0.0/8 link#0 *C 4 172.16.39.0/24 link#3 *C 0 ::1/128 link#0 It works fine when I set the same RD on both PE, but that's not really what I'm looking for. I can't find much debug information, any hints on how to tshoot this? Thanks for your help, Remi
Re: OpenOSPFD crashes when using mpls traffic-eng on Cisco
From: Claudio Jeker cje...@diehard.n-r-g.com Thanks for the log and tcpdumps. It seems you're the first person to try opaque LSA against ospfd. Can you give the following diff a spin? I think this will solve the problems. Claudio, Thanks for the patch. I've compiled this in a lab and indeed things are indeed stable. lab# ospfctl show neigh | grep FULL 1.0.0.80200 FULL/DR 00:00:37 10.1.1.80 em0 18:41:01 1.0.0.72100 FULL/BCKUP 00:00:30 10.1.1.72 em0 18:41:0 Out of curiosity, why is the default to terminate instead of ignore the invalid LSA?
Re: Route Target Import / Export in bgpd
Thanks Claudio. The way I see it is that RD are only local, they identify the VRF (or rdomain) locally on the router, then the RT import / export handles the way the routes are distributed. This permits the hub spoke approach for example. If you need help on the testing side feel free to send me the code, I'll give it a try. Rimi Le 4 avril 2012 13:28, Claudio Jeker cje...@diehard.n-r-g.com a icrit : On Wed, Apr 04, 2012 at 10:37:20AM +0200, Rimi Philippe wrote: Hello, Any hints on how to troubleshoot this issue? I'm looking for some kind of debug to see what is going from rib to fib in order to understand why the prefixes are not imported. Hmm. Looks like I go t confused by the old BGP MPLS VPN RFC where the RD was somewhat strangly declared. In other words bgpd filters on the RD as well. This is a bug and I will fix it ASAP. -- :wq Claudio Thanks, Rimi Le 1 avril 2012 16:24, Rimi Philippe m...@remiphilippe.fr a icrit : Hello, I'm testing OpenBSD with L3VPN, everything is working fine except from the RT import / export side. I usually configure my VPN with PE Loopback:identifier, so my config looks like this: PE1: rdomain 20 { rd 1.1.1.1:20 import-target rt 2.2.2.2:20 export-target rt 1.1.1.1:20 depend on mpe20 network inet connected } PE2: rdomain 20 { rd 2.2.2.2:20 import-target rt 1.1.1.1:20 export-target rt 2.2.2.2:20 depend on mpe20 network inet connected } This kind of configuration works on Cisco devices for example, but here PE1: # bgpctl show fib table 20 flags: * = valid, B = BGP, C = Connected, S = Static N = BGP Nexthop reachable via this route r = reject route, b = blackhole route flags prio destination gateway *C 0 127.0.0.0/8 link#0 *C 4 172.16.35.0/24 link#2 *C 0 ::1/128 link#0 PE2: # bgpctl sho fib table 20 flags: * = valid, B = BGP, C = Connected, S = Static N = BGP Nexthop reachable via this route r = reject route, b = blackhole route flags prio destination gateway *C 0 127.0.0.0/8 link#0 *C 4 172.16.39.0/24 link#3 *C 0 ::1/128 link#0 It works fine when I set the same RD on both PE, but that's not really what I'm looking for. I can't find much debug information, any hints on how to tshoot this? Thanks for your help, Remi
Re: OpenOSPFD crashes when using mpls traffic-eng on Cisco
On Wed, Apr 04, 2012 at 07:01:14AM -0500, Chris Wopat wrote: From: Claudio Jeker cje...@diehard.n-r-g.com Thanks for the log and tcpdumps. It seems you're the first person to try opaque LSA against ospfd. Can you give the following diff a spin? I think this will solve the problems. Claudio, Thanks for the patch. I've compiled this in a lab and indeed things are indeed stable. lab# ospfctl show neigh | grep FULL 1.0.0.80200 FULL/DR 00:00:37 10.1.1.80 em0 18:41:01 1.0.0.72100 FULL/BCKUP 00:00:30 10.1.1.72 em0 18:41:0 Out of curiosity, why is the default to terminate instead of ignore the invalid LSA? Invalid LSA should not make it into the LSDB and therefor not into the SPF calculation. The problem was, that I added the opaque LSA support in opsfd whithout any way to test them correctly (my bad) and forgot that having them inside the LSDB will cause the SPF calculation to run into those nodes when recalculating even though they're not referenced by any other node. I guess we could ignore these nodes but at the same time it is an indication of a bigger problem and that should be fixed. So in the end the fatals are there to generate bug reports in case something unexpected happens. -- :wq Claudio
Re: CMedia 8788 (Asus Xonar D2X)
On Wed, Apr 04, 2012 at 09:52:49AM +, Patsy wrote: Hi list, I'm wondering if anybody is working on support for the Asus Xonar D2X (a branded CMedia 8788). If not, then I was planning on having a look at the OSS driver from http://developer.opensound.com/sources/ (the page states that the sources are GPLv2 or CDDL 1, but I think it just hasn't been updated (there are source tarballs available in a bsd directory that includes a 2-clause BSD licence. Is there any reason that this would be a bad place to start? If so, can anybody suggest a better place? IMHO the best place to start is the CMI-8788 datasheet. Note that this is only the PCI part, and you may have to figure out which codecs the card uses, how they are wired, and get codecs datasheet as well. At this stage oss or linux code might be very helpful. -- Alexandre
Question on LPD and OpenBSD printing
Dear all, If this is OT kindly pardon me. I have a script based on Net::LPR. #!/usr/bin/perl -w use strict; use vars '@ARGV'; use Net::LPR; use IO::File; die usage: $0 filename printer queue\n if (@ARGV != 3); my $lp = new Net::LPR( StrictRFCPorts = 0, RemoteServer = $ARGV[1], RemotePort = 515, PrintErrors = 0, RaiseErrors = 0, ) or die Can't create print context\n; my $fh = new IO::File $ARGV[0], O_RDONLY or die Can't open $ARGV[0]: $!\n; my $size = ($fh-stat())[7]; # Hope file doesn't change while printing $lp-connect() or die Can't connect to printer: .$lp-error.\n; my $jobkey = $lp-new_job() or die Can't create new job: .$lp-error.\n; $lp-send_jobs('lp') or die Can't send jobs: .$lp-error.\n; # Can easily print postscript by changing method to job_mode_postscript $lp-job_mode_text($jobkey) or die Can't set job mode to text: .$lp-error.\n; #$lp-job_mode_postscript($jobkey) or die Can't set job mode to text: .$lp-error.; $lp-job_send_control_file($jobkey) or die Can't send control file: .$lp-error.\n $lp-job_send_data($jobkey, '', $size); while (my $line = $fh-getline()) { $lp-job_send_data($jobkey, $line); } $lp-disconnect(); I try this against a HP Professional m1213ncj printer and it does nothing. Is there a way to use netcat to print directly to the JetDirect port 9100? I find this ppd in hpijs package but the printer is on the network. What to do? I tried both postscript printing and text printing. The silence and laziness of the printer is positively boring. What do you think? -Girish -- G3 Tech Networking appliance company web: http://g3tech.in mail: gir...@g3tech.in
Re: Question on LPD and OpenBSD printing
I mean HP m1213nf On Wed, Apr 4, 2012 at 8:35 PM, Girish Venkatachalam girishvenkatacha...@gmail.com wrote: Dear all, If this is OT kindly pardon me. I have a script based on Net::LPR. #!/usr/bin/perl -w use strict; use vars '@ARGV'; use Net::LPR; use IO::File; die usage: $0 filename printer queue\n if (@ARGV != 3); my $lp = new Net::LPR( StrictRFCPorts = 0, RemoteServer = $ARGV[1], RemotePort = 515, PrintErrors = 0, RaiseErrors = 0, ) or die Can't create print context\n; my $fh = new IO::File $ARGV[0], O_RDONLY or die Can't open $ARGV[0]: $!\n; my $size = ($fh-stat())[7]; # Hope file doesn't change while printing $lp-connect() or die Can't connect to printer: .$lp-error.\n; my $jobkey = $lp-new_job() or die Can't create new job: .$lp-error.\n; $lp-send_jobs('lp') or die Can't send jobs: .$lp-error.\n; # Can easily print postscript by changing method to job_mode_postscript $lp-job_mode_text($jobkey) or die Can't set job mode to text: .$lp-error.\n; #$lp-job_mode_postscript($jobkey) or die Can't set job mode to text: .$lp-error.; $lp-job_send_control_file($jobkey) or die Can't send control file: .$lp-error.\n $lp-job_send_data($jobkey, '', $size); while (my $line = $fh-getline()) { $lp-job_send_data($jobkey, $line); } $lp-disconnect(); I try this against a HP Professional m1213ncj printer and it does nothing. Is there a way to use netcat to print directly to the JetDirect port 9100? I find this ppd in hpijs package but the printer is on the network. What to do? I tried both postscript printing and text printing. The silence and laziness of the printer is positively boring. What do you think? -Girish -- G3 Tech Networking appliance company web: http://g3tech.in mail: gir...@g3tech.in -- G3 Tech Networking appliance company web: http://g3tech.in mail: gir...@g3tech.in
Re: Question on LPD and OpenBSD printing
On Apr 04 20:35:52, Girish Venkatachalam wrote: I have a script based on Net::LPR. I try this against a HP Professional m1213ncj printer and it does nothing. Before using the script, try to get it printing with just lpr. Is there a way to use netcat to print directly to the JetDirect port 9100? Maybe. What other interfaces does the printer have? What other ways are there to talk to the printer besides port 9100? Does it listen on the standard lpd port? I find this ppd in hpijs package but the printer is on the network. I must be missign something here: cannot PPD files be used with remote printers just as with local printers, via foomatic-filters?
Re: Question on LPD and OpenBSD printing
On Wed, Apr 4, 2012 at 8:58 PM, Jan Stary h...@stare.cz wrote: I try this against a HP Professional m1213ncj printer and it does nothing. Before using the script, try to get it printing with just lpr. Failed. It is silent. nmap reports port as open, if I disable LPD script does not work, so LPD seems sane but it refuses to respond. Is there a way to use netcat to print directly to the JetDirect port 9100? Maybe. What other interfaces does the printer have? What other ways are there to talk to the printer besides port 9100? Does it listen on the standard lpd port? I did an nmap scan. Those are the only ports. It does listen on LPD. 515. I find this ppd in hpijs package but the printer is on the network. I must be missign something here: cannot PPD files be used with remote printers just as with local printers, via foomatic-filters? You are not missing anything here. I want a config an /etc/printcap that can print to this fellow remotely. ;) Thanks. -Girish -- G3 Tech Networking appliance company web: http://g3tech.in mail: gir...@g3tech.in
Re: Question on LPD and OpenBSD printing
On Apr 04 21:03:11, Girish Venkatachalam wrote: On Wed, Apr 4, 2012 at 8:58 PM, Jan Stary h...@stare.cz wrote: I try this against a HP Professional m1213ncj printer and it does nothing. Before using the script, try to get it printing with just lpr. Failed. It is silent. What failed? How does your /etc/printcap describe the printer? nmap reports port as open, So the printer runs a lpd daemon that listens on 515/tcp? if I disable LPD script does not work, Forget the script for now. Before you get it to print via lpr/lpd, you will not get it to print with Net::LPD. so LPD seems sane but it refuses to respond. What LPD, the printer's LPD daemon? How do you talk to it that you know it refuses to respond? I did an nmap scan. Those are the only ports. It does listen on LPD. 515. Good. It runs a lpd daemon. There must be a way to talk to it. I find this ppd in hpijs package but the printer is on the network. I must be missign something here: cannot PPD files be used with remote printers just as with local printers, via foomatic-filters? You are not missing anything here. I want a config an /etc/printcap that can print to this fellow remotely. ;) This is your problem. Not that your homegrown Perl script doesn't work. Why didn't you say so? If it speaks postcript (glancing at the specs it might), you set it up just like any other remote printer and send postcript files to it. If it doesn't speak postscript, you might need to preprocces the printing jobs using the PPD file, using something like HP:\ :lp=:rm=a.dd.re.ss:rp=name:\ :af=/etc/foomatic/file.ppd:\ :if=/usr/local/bin/foomatic-rip:\ :sd=/var/spool/output:\ :lf=/var/log/lpd-errs:\ :sh:
Re: Question on LPD and OpenBSD printing
On Apr 04 21:54:30, Girish Venkatachalam wrote: On Wed, Apr 4, 2012 at 9:40 PM, Jan Stary h...@stare.cz wrote: Failed. It is silent. What failed? How does your /etc/printcap describe the printer? I just modified from the default remote printer commented out section. rm=ip lpr is from /usr/bin, not LPRng I tried that as well. lpq lists the jobs but nothing happens/moves in the printer. Repeat: how does your printcap decribe the printer? As in: show me your printcap. Having used to protocols all my life I was curious why it would not greet me. That is all. So I wanted a way to see if it was alive. so LPD seems sane but it refuses to respond. What LPD, the printer's LPD daemon? How do you talk to it that you know it refuses to respond? Printer works. It prints from Mac machine, not from OpenBSD. So it is alive, and does not refuse to to respond, right? If it doesn't speak postscript, you might need to preprocces the printing jobs using the PPD file, using something like HP:\ :lp=:rm=a.dd.re.ss:rp=name:\ :af=/etc/foomatic/file.ppd:\ :if=/usr/local/bin/foomatic-rip:\ :sd=/var/spool/output:\ :lf=/var/log/lpd-errs:\ :sh: I will try that and reply. Hold on. I am wondering whether there is something else I can do. I am guessing your /etc/foomatic/file.ppd is nothing but $ gunzip /usr/local/share/foomatic/db/source/PPD/HP/hp-laserjet_professional_m1213nf_mfp-hpijs.ppd.gz file.ppd is nothing but a made up name for a file that you need to replace with the right PPD file for that printer. OpenBSD has never give me so much trouble before. ;) It is not OpenBSD that is giving you trouble.
Re: Question on LPD and OpenBSD printing
On 4/4/12, Jan Stary h...@stare.cz wrote: On Apr 04 21:54:30, Girish Venkatachalam wrote: On Wed, Apr 4, 2012 at 9:40 PM, Jan Stary h...@stare.cz wrote: Failed. It is silent. What failed? How does your /etc/printcap describe the printer? I just modified from the default remote printer commented out section. rm=ip lpr is from /usr/bin, not LPRng I tried that as well. lpq lists the jobs but nothing happens/moves in the printer. Repeat: how does your printcap decribe the printer? As in: show me your printcap. ftp://g3tech.in/printcap # export PRINTER=rp@IP # lpr /etc/passwd Printer works. It prints from Mac machine, not from OpenBSD. So it is alive, and does not refuse to to respond, right? Correct. file.ppd is nothing but a made up name for a file that you need to replace with the right PPD file for that printer. Right. OpenBSD has never give me so much trouble before. ;) It is not OpenBSD that is giving you trouble. My ignorance. :) -Girish -- G3 Tech Networking appliance company web: http://g3tech.in mail: gir...@g3tech.in
Bonjour comment sa va ?
Bonjour , Nous voulons faire don de nos chiots cavalier king charles a toutes familles ou personnes qui seraient prjt ` leur montrer amour et affection . Si l'annonce vous interesse priere de nous contacter a cette adresse ( kristine.bouc...@live.fr ).
Re: Question on LPD and OpenBSD printing
I don't want to use CUPS. I will also avoid LPRng. Please guide me. lpr command from Mac is working like a cake. It uses CUPS and IPP. -Girish On 4/4/12, Girish Venkatachalam girishvenkatacha...@gmail.com wrote: On 4/4/12, Jan Stary h...@stare.cz wrote: On Apr 04 21:54:30, Girish Venkatachalam wrote: On Wed, Apr 4, 2012 at 9:40 PM, Jan Stary h...@stare.cz wrote: Failed. It is silent. What failed? How does your /etc/printcap describe the printer? I just modified from the default remote printer commented out section. rm=ip lpr is from /usr/bin, not LPRng I tried that as well. lpq lists the jobs but nothing happens/moves in the printer. Repeat: how does your printcap decribe the printer? As in: show me your printcap. ftp://g3tech.in/printcap # export PRINTER=rp@IP # lpr /etc/passwd Printer works. It prints from Mac machine, not from OpenBSD. So it is alive, and does not refuse to to respond, right? Correct. file.ppd is nothing but a made up name for a file that you need to replace with the right PPD file for that printer. Right. OpenBSD has never give me so much trouble before. ;) It is not OpenBSD that is giving you trouble. My ignorance. :) -Girish -- G3 Tech Networking appliance company web: http://g3tech.in mail: gir...@g3tech.in -- G3 Tech Networking appliance company web: http://g3tech.in mail: gir...@g3tech.in
Re: Intel E3-1270 and AES-NI
On Tue, Apr 3, 2012 at 10:49 PM, mxb m...@alumni.chalmers.se wrote: On Apr 3, 2012, at 4:31 PM, Tony Sarendal wrote: On Tue, Apr 3, 2012 at 3:41 PM, Jonathan Gray j...@jsg.id.au wrote: On Tue, Apr 03, 2012 at 03:09:37PM +0200, Tony Sarendal wrote: When testing new boxes with Intel E3-1270 cpu I don't see AES on the cpu's in dmesg. Does this mean that the aes-ni stuff isn't used on these ? I was a bit curious to see if it had any effect on ipsec performance. According to http://ark.intel.com/products/52276/Intel-Xeon-Processor-E3-1270-%288M-Cache-3_40-GHz%29 it does support it. So it sounds like a problem with the bios. It would be printing along with the other cpuid flags in the cpu part of dmesg were it enabled. And if the cpuid says it is not present, it is not used. You are star. It was disabled in bios. Cheers. Sometimes you even need to flash BIOS to have it. Worked fine here. Performance boost depended a lot on packet size, a full speed one direction tcp data transfer got a 30% boost from enabling aes-ni. Small packet size, 200 byte mtu in sending direction, gave around 5% boost. The test box has been doing 400Mbps of large frame data transfer for a day or so now. One interesting thing was that running with SP kernel two low-latency, high-speed, tcp tranfers could starve userland badly enough to drop bgp sessions where as with MP kernel the box remained responsive no matter how many tcp sessions I shot through it. /T
Re: Question on LPD and OpenBSD printing
On Apr 04 22:25:18, Girish Venkatachalam wrote: ftp://g3tech.in/printcap Sigh. Next time, please post the six damn lines inline. rp:HP PRinter:\ :lp=:rm=192.168.1.6:rp=lp:\ :af=/etc/foomatic/hp.ppd:\ :if=/usr/local/bin/foomatic-rip:\ :sd=/var/spool/output:\ :lf=/var/log/lpd-errs:\ :sh: # export PRINTER=rp@IP Does that mean rp@192.168.1.6? Anyway, I don't think this is correct: it should be simply rp, i.e. the name of the printer in your printcap. With the above printcp, an empty lpq, and a correctly running lpd, what does the following do? echo test | lpr -Prp If it doesn't work, what does lpd-errs say?
Participe da Promo��o Fidelidade TAM e Ganhe um Ford Edge!
4 Atencao voce cliente Tam Linhas Aereas == PROMOCAO TAM FIDELIDADE E PONTOS MULTIPLUS Voce foi convidado para participar da promocao de Vantagens TAM Fidelidade. Caso vocj seja um cliente TAM Fidelidade, acesse o link abaixo para concorrer a um Ford Edge com sua conta fidelidade. Clique aqui e Participe Apos o termino da operacao, aguarde o prazo de 48 horas para a confirmcao. Estamos a disposicao para esclarecer qualquer duvida. Esta e uma mensagem totalmente segura. Mensagem analizada e verificada pelo AVG AntiVirus e ScanMail
GPIO and rc.securelevel
gpioctl(8) man page says: Only pins that have been configured at securelevel 0, typically during system startup, are accessible once the securelevel has been raised. However, /etc/rc.securelevel first says securelevel=1 and only then # Place local actions here. Should I put gpioctl statements before the securelevel=1 statement or is the man page in error, please? -- Jack Woehr # I'm not lazy, I'm useless. Box 51, Golden CO 80402 # There's a big difference. http://www.softwoehr.com # - Wally (Dilbert 20110318)
Re: GPIO and rc.securelevel
On Wed, 04 Apr 2012 12:24:37 -0600 Jack Woehr jwo...@softwoehr.com wrote: gpioctl(8) man page says: Only pins that have been configured at securelevel 0, typically during system startup, are accessible once the securelevel has been raised. However, /etc/rc.securelevel first says securelevel=1 and only then # Place local actions here. Should I put gpioctl statements before the statement or is the man page in error, please? place them after the comment. securelevel=1 is just a variable assignment, which is used in /etc/rc, which sources /etc/rc.securelevel.
Re: Route Target Import / Export in bgpd
On Wed, Apr 04, 2012 at 02:43:04PM +0200, Rimi Philippe wrote: Thanks Claudio. The way I see it is that RD are only local, they identify the VRF (or rdomain) locally on the router, then the RT import / export handles the way the routes are distributed. This permits the hub spoke approach for example. If you need help on the testing side feel free to send me the code, I'll give it a try. Give this a try. -- :wq Claudio Index: bgpd.conf.5 === RCS file: /cvs/src/usr.sbin/bgpd/bgpd.conf.5,v retrieving revision 1.116 diff -u -p -r1.116 bgpd.conf.5 --- bgpd.conf.5 17 Sep 2011 16:29:44 - 1.116 +++ bgpd.conf.5 4 Apr 2012 18:46:54 - @@ -494,13 +494,13 @@ for further information about the argume .Pp .It Ic rd Ar as-number Ns Li : Ns Ar local .It Ic rd Ar IP Ns Li : Ns Ar local -The Route Distinguishers uniquely identifies a set of VPN prefixes. -Only prefixes matching the +The sole purpose of the Route Distinguisher .Ic rd -will be imported into the routing domain. -The purpose of the +is to ensure that possible common prefixes are destinct between VPNs. +The .Ic rd -is solely to allow one to create distinct routes to a common address prefix. +is neither used to identify the origin of the prefix nor to control into +which VPNs the prefix is distributed to. The .Ar as-number or Index: rde.c === RCS file: /cvs/src/usr.sbin/bgpd/rde.c,v retrieving revision 1.312 diff -u -p -r1.312 rde.c --- rde.c 27 Mar 2012 18:22:07 - 1.312 +++ rde.c 4 Apr 2012 15:40:41 - @@ -2414,8 +2414,6 @@ rde_send_kroute(struct prefix *new, stru break; SIMPLEQ_FOREACH(rd, rdomains_l, entry) { - if (addr.vpn4.rd != rd-rd) - continue; if (!rde_rdomain_import(p-aspath, rd)) continue; /* must send exit_nexthop so that correct MPLS tunnel
Re: Route Target Import / Export in bgpd
Hi Claudio, It works at 90% thanks. The last 10% are still not working. On PE1 I have 2 Rdomains (20,30) and PE2 1 rdomain (20). On PE1 I want the rdomain 20 routes to be imported in rdomain 30 (locally), but that doesn't seem to work locally, here are the details. Rimi rdomain 20 PE1: 172.16.35.0/24 rdomain 30 PE1: 172.16.33.0/24 rdomain 20 PE2: 172.16.39.0/24 PE1: rdomain 20 { rd 1.1.1.1:20 import-target rt 2.2.2.2:20 import-target rt 1.1.1.1:30 export-target rt 1.1.1.1:20 depend on mpe20 network inet connected } rdomain 30 { rd 1.1.1.1:30 import-target rt 2.2.2.2:20 import-target rt 1.1.1.1:20 export-target rt 1.1.1.1:30 depend on mpe20 network inet connected } PE2: rdomain 20 { rd 2.2.2.2:20 import-target rt 1.1.1.1:20 import-target rt 1.1.1.1:30 export-target rt 2.2.2.2:20 depend on mpe20 network inet connected } PE1: # bgpctl show fib table 20 flags: * = valid, B = BGP, C = Connected, S = Static N = BGP Nexthop reachable via this route r = reject route, b = blackhole route flags prio destination gateway *C 0 127.0.0.0/8 link#0 *C 4 172.16.35.0/24 link#2 *B 48 172.16.39.0/24 2.2.2.2 *C 0 ::1/128 link#0 # bgpctl show fib table 30 flags: * = valid, B = BGP, C = Connected, S = Static N = BGP Nexthop reachable via this route r = reject route, b = blackhole route flags prio destination gateway *C 0 127.0.0.0/8 link#0 *C 4 172.16.33.0/24 link#3 *B 48 172.16.39.0/24 2.2.2.2 *C 0 ::1/128 link#0 PE2: # bgpctl show fib table 20 flags: * = valid, B = BGP, C = Connected, S = Static N = BGP Nexthop reachable via this route r = reject route, b = blackhole route flags prio destination gateway *C 0 127.0.0.0/8 link#0 *B 48 172.16.33.0/24 1.1.1.1 *B 48 172.16.35.0/24 1.1.1.1 *C 4 172.16.39.0/24 link#3 *C 0 ::1/128 link#0 Le 4 avr. 2012 ` 21:07, Claudio Jeker a icrit : On Wed, Apr 04, 2012 at 02:43:04PM +0200, Rimi Philippe wrote: Thanks Claudio. The way I see it is that RD are only local, they identify the VRF (or rdomain) locally on the router, then the RT import / export handles the way the routes are distributed. This permits the hub spoke approach for example. If you need help on the testing side feel free to send me the code, I'll give it a try. Give this a try. -- :wq Claudio Index: bgpd.conf.5 === RCS file: /cvs/src/usr.sbin/bgpd/bgpd.conf.5,v retrieving revision 1.116 diff -u -p -r1.116 bgpd.conf.5 --- bgpd.conf.5 17 Sep 2011 16:29:44 - 1.116 +++ bgpd.conf.5 4 Apr 2012 18:46:54 - @@ -494,13 +494,13 @@ for further information about the argume .Pp .It Ic rd Ar as-number Ns Li : Ns Ar local .It Ic rd Ar IP Ns Li : Ns Ar local -The Route Distinguishers uniquely identifies a set of VPN prefixes. -Only prefixes matching the +The sole purpose of the Route Distinguisher .Ic rd -will be imported into the routing domain. -The purpose of the +is to ensure that possible common prefixes are destinct between VPNs. +The .Ic rd -is solely to allow one to create distinct routes to a common address prefix. +is neither used to identify the origin of the prefix nor to control into +which VPNs the prefix is distributed to. The .Ar as-number or Index: rde.c === RCS file: /cvs/src/usr.sbin/bgpd/rde.c,v retrieving revision 1.312 diff -u -p -r1.312 rde.c --- rde.c 27 Mar 2012 18:22:07 - 1.312 +++ rde.c 4 Apr 2012 15:40:41 - @@ -2414,8 +2414,6 @@ rde_send_kroute(struct prefix *new, stru break; SIMPLEQ_FOREACH(rd, rdomains_l, entry) { - if (addr.vpn4.rd != rd-rd) - continue; if (!rde_rdomain_import(p-aspath, rd)) continue; /* must send exit_nexthop so that correct MPLS tunnel
Re: GPIO and rc.securelevel
Christopher Zimmermann wrote: place them after the comment. securelevel=1 is just a variable assignment, which is used in /etc/rc, which sources /etc/rc.securelevel. Thanks ... are there also undocumented flags? I have a user who is using the invocation /usr/sbin/gpioctl -q -d /dev/gpio1 -c 4 set out od jp5pin12; and it seems to sort of work but I can't find the -c option in the manual. -- Jack Woehr # I'm not lazy, I'm useless. Box 51, Golden CO 80402 # There's a big difference. http://www.softwoehr.com # - Wally (Dilbert 20110318)
Recent DELL hardware support
Hello all, we are about to engage a procurement procedure of servers. There is a high probability to purchase DELL hardware. I want OpenBSD to be supported on the hardware. I have 2 broad options - Go with PowerEdge R410 - Go with PowerEdge R620 (latest generation of servers) The first option has only a single PCIe slot so I cannot have hot swappable disks AND Intel Ethernet interfaces (preferred from Broadcom but unfortunately Broadcom is on-board and I cannot get rid of them). The second option has the disadvantages of recent hardware (= can be unsupported). My main concerns are the PERC controller, where I saw that PERC 310 is supported in mfi(4) and the Intel NICs (these servers come with Intel Ethernet I350, still unsupported from what I saw, they are on the hardware wanted list). The machines will be bought and put to use in at least 6 months from now, one or two OpenBSD releases will have been made. What do you think? Will the hardware be supported by then? As you can tell I do not control the procurement procedure, but I can ask for specific DELL hardware. Regards, Kostas -- Kostas Zorbadelos twitter:@kzorbadelos http://gr.linkedin.com/in/kzorba () www.asciiribbon.org - against HTML e-mail proprietary attachments /\
Re: Recent DELL hardware support
Dell has an ugly habit of changing components even within the same model year of hardware. You can't predict how well supported something is based on PowerEdge R410 until you have your specific one in front of you. On Wed, Apr 4, 2012 at 1:14 PM, Kostas Zorbadelos kzo...@otenet.gr wrote: Hello all, we are about to engage a procurement procedure of servers. There is a high probability to purchase DELL hardware. I want OpenBSD to be supported on the hardware. I have 2 broad options - Go with PowerEdge R410 - Go with PowerEdge R620 (latest generation of servers) The first option has only a single PCIe slot so I cannot have hot swappable disks AND Intel Ethernet interfaces (preferred from Broadcom but unfortunately Broadcom is on-board and I cannot get rid of them). The second option has the disadvantages of recent hardware (= can be unsupported). My main concerns are the PERC controller, where I saw that PERC 310 is supported in mfi(4) and the Intel NICs (these servers come with Intel Ethernet I350, still unsupported from what I saw, they are on the hardware wanted list). The machines will be bought and put to use in at least 6 months from now, one or two OpenBSD releases will have been made. What do you think? Will the hardware be supported by then? As you can tell I do not control the procurement procedure, but I can ask for specific DELL hardware. Regards, Kostas -- Kostas Zorbadelos twitter:@kzorbadelos http://gr.linkedin.com/in/kzorba () www.asciiribbon.org - against HTML e-mail proprietary attachments /\
chroot scp
Hi, I have create a chroot with scp and needed library for it but when I try to copy a file with scp, I always get the error unknown user UID after succefully entering the password. I can't find anything for this error exept for Linux. There also nothing in authlog, only successful connection messages. Anybody know what missing in the chroot for scp to work ? ls -R /chroot/ bin dev etc transfer usr /chroot/bin: sh /chroot/dev: MAKEDEV nullstderr stdin stdout tty zero /chroot/etc: passwd /chroot/transfer: test /chroot/usr: bin lib libexec /chroot/usr/bin: scp /chroot/usr/lib: libc.so.60.1 /chroot/usr/libexec: ld.so Thanks, Michel
Re: Question on LPD and OpenBSD printing
On Wed, Apr 4, 2012 at 11:36 PM, Jan Stary h...@stare.cz wrote: On Apr 04 22:25:18, Girish Venkatachalam wrote: ftp://g3tech.in/printcap Sigh. Next time, please post the six damn lines inline. rp:HP PRinter:\ :lp=:rm=192.168.1.6:rp=lp:\ :af=/etc/foomatic/hp.ppd:\ :if=/usr/local/bin/foomatic-rip:\ :sd=/var/spool/output:\ :lf=/var/log/lpd-errs:\ :sh: # export PRINTER=rp@IP Does that mean rp@192.168.1.6? I tried that as well as what you suggest below. I get on the command line, connecting to localhost... Anyway, I don't think this is correct: it should be simply rp, i.e. the name of the printer in your printcap. With the above printcp, an empty lpq, and a correctly running lpd, what does the following do? echo test | lpr -Prp Yes empty lpq , lpd runs and the above command does nothing. If it doesn't work, what does lpd-errs say? Nothing. Okay I am giving up now. -Girish -- G3 Tech Networking appliance company web: http://g3tech.in mail: gir...@g3tech.in
Re: chroot scp
On Wed, 04 Apr 2012 18:08:37 -0400 Michel Blais wrote: I have create a chroot with scp and needed library for it but when I try to copy a file with scp, I always get the error unknown user UID after succefully entering the password. I can't find anything for this error exept for Linux. There also nothing in authlog, only successful connection messages. You probably need a shell and maybe a /etc/passwd and a few other things like /dev/log. If you use sftp instead of scp you shouldn't need either, nor a tty, allowing read only root too.
Re: Question on LPD and OpenBSD printing
On 04/04/2012 06:10 PM, Girish Venkatachalam wrote: Nothing. Okay I am giving up now. -Girish -- G3 Tech Networking appliance company web: http://g3tech.in mail: gir...@g3tech.in telnetprinter_ip_address 9100 %!PS (hi\n) print flush What does it do? If it echoes hi, then postscript works. end with a controld then close the connection Another test would be telnetprinter_ip_address 9100 %!PS 100 300 moveto /TimesRoman findfont 24 scalefont selectfont (Testing 1 2 3 4) show showpage controld That should print a page with Testing 1 2 3 4 in the middle. Does the printer have a built in web server for configuration? Are the correct ports and emulations enabled? This is unlikely to be a problem with lpr if you have configured /etc/printcap according to the example included in it. Are you sending postscript or HPGL to the printer? If you are sending plain text it is very unlikely you will see anything useful. Use a2ps (for example - there are other programs which do the same) to format plain text into postscript. Geoff Steckel
Re: Question on LPD and OpenBSD printing
On Apr 05 03:40:22, Girish Venkatachalam wrote: On Wed, Apr 4, 2012 at 11:36 PM, Jan Stary h...@stare.cz wrote: On Apr 04 22:25:18, Girish Venkatachalam wrote: ftp://g3tech.in/printcap Sigh. Next time, please post the six damn lines inline. rp:HP PRinter:\ :lp=:rm=192.168.1.6:rp=lp:\ :af=/etc/foomatic/hp.ppd:\ :if=/usr/local/bin/foomatic-rip:\ :sd=/var/spool/output:\ :lf=/var/log/lpd-errs:\ :sh: # export PRINTER=rp@IP Does that mean rp@192.168.1.6? I tried that as well as what you suggest below. I get on the command line, connecting to localhost... Anyway, I don't think this is correct: it should be simply rp, i.e. the name of the printer in your printcap. With the above printcp, an empty lpq, and a correctly running lpd, what does the following do? echo test | lpr -Prp Yes empty lpq , lpd runs and the above command does nothing. If it doesn't work, what does lpd-errs say? Nothing. Then something else is broken. Run lpd with -l to make sure that the print job at least made it to lpd as a request. You do actually have the foomatic* packages installed, right? You did not just blindly copy the ':if=/usr/local/bin/foomatic-rip:' line, right?
Re: Question on LPD and OpenBSD printing
On Thu, Apr 5, 2012 at 4:46 AM, Jan Stary h...@stare.cz wrote: Nothing. Then something else is broken. Run lpd with -l to make sure that the print job at least made it to lpd as a request. If the queue clears that is what it means right? It does make it. I will also take a stab at the -l switch. You do actually have the foomatic* packages installed, right? You did not just blindly copy the ':if=/usr/local/bin/foomatic-rip:' line, right? But of course yes. If you install hpijs it is installed as a dependency. -Girish -- G3 Tech Networking appliance company web: http://g3tech.in mail: gir...@g3tech.in
Re: chroot scp
I've already added /bin/sh as shell and also /etc/passwd like you can see on my recursive ls from my first post.I will try /dev/log but I was thinking it was maybe that scp need ssh client + lib but just wanted to make sure since I want a chroot as small as possible. Thanks Le 4 avril 2012 18:45, Kevin Chadwick ma1l1i...@yahoo.co.uk a icrit : On Wed, 04 Apr 2012 18:08:37 -0400 Michel Blais wrote: I have create a chroot with scp and needed library for it but when I try to copy a file with scp, I always get the error unknown user UID after succefully entering the password. I can't find anything for this error exept for Linux. There also nothing in authlog, only successful connection messages. You probably need a shell and maybe a /etc/passwd and a few other things like /dev/log. If you use sftp instead of scp you shouldn't need either, nor a tty, allowing read only root too.
Manual IPsec setup with ipsec.conf
Dear all, Such a silly thing is not documented anywhere, no vpn(8) man page and not on the Internet. I am forced to send this mail though it is embarrassing having worked on the internals of manual IPsec keying back in 2004. But well here goes. on peer A: remoteip=173.167.82.52 remotenet=10.1.23.0/24 flow esp from 59.99.242.167 to $remoteip flow esp from 192.168.1.0/24 to $remotenet peer $remoteip esp from 59.99.242.167 to $remoteip spi 0xdeadbeef:0xbeefdead auth hmac-sha1 \ authkey 0xeda8f06463b2d0fed008ccc474216dba8c463a7c:0x91c763de940ce1745215c84b7 535269acaef516d \ enckey 0xb341aa065c3850edd6a61e150d6a5fd3:0xf7795f6bdd697a43a4d28dcf1b79062d on peer B: localnet=192.168.0.0/16 remoteip=59.99.242.167 flow esp from 173.167.82.52 to 59.99.242.167 flow esp from 10.1.23.0/24 to 192.168.1.0/24 peer $remoteip esp from 173.167.82.52 to 59.99.242.167 spi 0xbeefdead:0xdeadbeef auth hmac-sha1 \ authkey 0x91c763de940ce1745215c84b7535269acaef516d:0xeda8f06463b2d0fed008ccc47 4216dba8c463a7c \ enckey 0xf7795f6bdd697a43a4d28dcf1b79062d:0xb341aa065c3850edd6a61e150d6a5fd3 It is a test. I don't care about the keys and IP addresses. pf(4) is disabled both sides and here is the output of #ipsecctl -sa on peer B # ipsecctl -sa -v FLOWS: flow esp in from 192.168.1.0/24 to 10.1.23.0/24 peer 59.99.242.167 type require flow esp out from 10.1.23.0/24 to 192.168.1.0/24 peer 59.99.242.167 type require flow esp in from 59.99.242.167 to 173.167.82.52 peer 59.99.242.167 type require flow esp out from 173.167.82.52 to 59.99.242.167 peer 59.99.242.167 type require SAD: esp tunnel from 173.167.82.52 to 59.99.242.167 spi 0xbeefdead auth hmac-sha1 enc aes sa: spi 0xbeefdead auth hmac-sha1 enc aes state mature replay 0 flags 4 lifetime_cur: alloc 0 bytes 0 add 1333585323 first 0 address_src: 173.167.82.52 address_dst: 59.99.242.167 esp tunnel from 59.99.242.167 to 173.167.82.52 spi 0xdeadbeef auth hmac-sha1 enc aes sa: spi 0xdeadbeef auth hmac-sha1 enc aes state mature replay 0 flags 4 lifetime_cur: alloc 0 bytes 0 add 1333585323 first 0 address_src: 59.99.242.167 address_dst: 173.167.82.52 And peer A: # ipsecctl -sa -v FLOWS: flow esp in from 10.1.23.0/24 to 192.168.1.0/24 peer 173.167.82.52 type require flow esp out from 192.168.1.0/24 to 10.1.23.0/24 peer 173.167.82.52 type require flow esp in from 173.167.82.52 to 59.99.242.167 peer 173.167.82.52 type require flow esp out from 59.99.242.167 to 173.167.82.52 peer 173.167.82.52 type require SAD: esp tunnel from 173.167.82.52 to 59.99.242.167 spi 0xbeefdead auth hmac-sha1 enc aes sa: spi 0xbeefdead auth hmac-sha1 enc aes state mature replay 0 flags 4 lifetime_cur: alloc 0 bytes 0 add 1333585275 first 0 address_src: 173.167.82.52 address_dst: 59.99.242.167 esp tunnel from 59.99.242.167 to 173.167.82.52 spi 0xdeadbeef auth hmac-sha1 enc aes sa: spi 0xdeadbeef auth hmac-sha1 enc aes state mature replay 0 flags 4 lifetime_cur: alloc 0 bytes 196 add 1333585275 first 1333585277 address_src: 59.99.242.167 address_dst: 173.167.82.52 lifetime_lastuse: alloc 0 bytes 0 add 0 first 1333585277 I cannot ping between 192.168.1.50 and 10.1.23.2 What is going on? -Girish -- G3 Tech Networking appliance company web: http://g3tech.in mail: gir...@g3tech.in
Re: chroot scp
On 2012-04-04, Kevin Chadwick ma1l1i...@yahoo.co.uk wrote: On Wed, 04 Apr 2012 18:08:37 -0400 Michel Blais wrote: I have create a chroot with scp and needed library for it but when I try to copy a file with scp, I always get the error unknown user UID after succefully entering the password. I can't find anything for this error exept for Linux. There also nothing in authlog, only successful connection messages. Probably need at least pwd.db (and passwd is probably not necessary). ktrace should tell you more. You probably need a shell and maybe a /etc/passwd and a few other things like /dev/log. If you use sftp instead of scp you shouldn't need either, nor a tty, allowing read only root too. This is obviously the client not the server. The sftp client needs more than scp (termcap etc).
Re: Recent DELL hardware support
On 2012-04-04, Kostas Zorbadelos kzo...@otenet.gr wrote: Hello all, we are about to engage a procurement procedure of servers. There is a high probability to purchase DELL hardware. I want OpenBSD to be supported on the hardware. I have 2 broad options - Go with PowerEdge R410 - Go with PowerEdge R620 (latest generation of servers) The first option has only a single PCIe slot so I cannot have hot swappable disks AND Intel Ethernet interfaces (preferred from Broadcom but unfortunately Broadcom is on-board and I cannot get rid of them). I haven't come across any problems with bnx(4). Did you look at 2U boxes at all? The second option has the disadvantages of recent hardware (= can be unsupported). My main concerns are the PERC controller, where I saw that PERC 310 is supported in mfi(4) and the Intel NICs (these servers come with Intel Ethernet I350, still unsupported from what I saw, they are on the hardware wanted list). The machines will be bought and put to use in at least 6 months from now, one or two OpenBSD releases will have been made. What do you think? Will the hardware be supported by then? As you can tell I do not control the procurement procedure, but I can ask for specific DELL hardware. Regards, Kostas So your choice is between hardware which should already work in OpenBSD and hardware which (at least the nics) is known not to work yet but might work sometime in the future. Nobody here can make that decision for you :)
Re: GPIO and rc.securelevel
On 2012-04-04, Jack Woehr jwo...@softwoehr.com wrote: Christopher Zimmermann wrote: place them after the comment. securelevel=1 is just a variable assignment, which is used in /etc/rc, which sources /etc/rc.securelevel. Thanks ... are there also undocumented flags? I have a user who is using the invocation /usr/sbin/gpioctl -q -d /dev/gpio1 -c 4 set out od jp5pin12; and it seems to sort of work but I can't find the -c option in the manual. They are using code from 2008 or earlier.
Re: chroot scp
Hi Stuart, You we're right. It's working fine now with pwd.db and passwd was not needed. Thanks Michel Le 4 avril 2012 20:46, Stuart Henderson s...@spacehopper.org a icrit : On 2012-04-04, Kevin Chadwick ma1l1i...@yahoo.co.uk wrote: On Wed, 04 Apr 2012 18:08:37 -0400 Michel Blais wrote: I have create a chroot with scp and needed library for it but when I try to copy a file with scp, I always get the error unknown user UID after succefully entering the password. I can't find anything for this error exept for Linux. There also nothing in authlog, only successful connection messages. Probably need at least pwd.db (and passwd is probably not necessary). ktrace should tell you more. You probably need a shell and maybe a /etc/passwd and a few other things like /dev/log. If you use sftp instead of scp you shouldn't need either, nor a tty, allowing read only root too. This is obviously the client not the server. The sftp client needs more than scp (termcap etc).
Re: Recent DELL hardware support
So your choice is between hardware which should already work in OpenBSD and hardware which (at least the nics) is known not to work yet but might work sometime in the future. Nobody here can make that decision for you :) Last time such issues happened, the people involved made sure we had the hardware in question. Such such problems get solved fast, most of the time, anyways.
Re: GPIO and rc.securelevel
Stuart Henderson wrote: They are using code from 2008 or earlier. My bad. Using three different OBSD machines at different levels, man gpioctl on wrong one :( Thanks, Stuart. -- Jack Woehr # I'm not lazy, I'm useless. Box 51, Golden CO 80402 # There's a big difference. http://www.softwoehr.com # - Wally (Dilbert 20110318)