capamentos científicos para docentes y alumnos en tucuman

[institucional]

OBSERVATORIO ASTRONOMICO
AMPIMPA
TUCUMAN - ARGENTINA
Declarado de Interis Educativo por el Ministerio de Educacisn de la
Nacisn
  _

misc@openbsd.org
At.


Campamentos Cientmficos 2012
- Aqo del Maximo Solar -
  Docetes
Campamentos Cientmficos exclusivos para Docentes
"La ciencia en el Aula. Nuevos enfoques didacticos".
70 Hs. catedra con certificacisn oficial

Prsxima Fecha para Campamento Docente:
23 al  25 de Junio de 2012 (haga click para ver mayor informacisn)


(Ver aqum imagenes de campamentos docentes anteriores)


  Presentacisn

Tambiin: talleres


Campamentos Cientmficos Educativos
para grupos de alumnos

Organice campamentos cientmficos con los alumnos de su Colegio/Escuela.
Participe con ellos de esta experiencia Cohetes
 educativa znica.

Ver aqum imagenes de Campamentos con Alumnos


 Fechas y cupos limitados.

Ya se pueden reservar fechas del 2012 y 2013 !!!
Geologma

Para ver mayor informacisn y/o consultas sobre campamentos con alumnos,
haga click aqum 



El Cielos de Ampimpa


Actividades Especiales en los Campamentos Cientmficos durante todo el
aqo 2012 y 2013

   Los esperamos.

  _

Si no desea recibir nuevas notificaciones por favor responda este mail
solicitando ser removido de nuestra lista de contactos
Observatorio Astronsmico Ampimpa - Tucuman - Argentina
www.astrotuc.com.ar   -
institucio...@astrotuc.com.ar 

Curso de "Inteligencia Emocional y Manejo del Estrés"

[Maurin Quintero S.]

Apreciable Ejecutivo:

TIEM de Mixico
Empresa Lmder en Capacitacisn y Actualizacisn de Capital Humano

Pone a su disposicisn este excelente curso denominado:
"Inteligencia Emocional y Manejo del Estris"

28 de Mayo en la Ciudad de Mixico

Inscrmbase 5 dmas antes de la fecha del Curso y obtenga un descuento del 15%
con Inversisn Inmediata


No deje pasar esta oportunidad e Invierta en su Desarrollo Personal y
Profesional

Tradicionalmente se afirmaba que el cociente intelectual (CI) regma nuestro
destino. Pero surge la inquietud de porqui las personas con alto CI tienen
dificultades en su desempeqo y las de mas bajo CI se desempeqan muy bien. Y la
diferencia dicen los investigadores radica en la Inteligencia Emocional, que
comprende un grupo de habilidades que pueden ser aprendidas ofreciendo mejores
posibilidades de utilizar el potencial.

El ixito profesional,  independientemente de la profesisn, esta definido en un
80% por la inteligencia emocional y en un 20% por el CI.

Aprender a vivir es aprender a observar, analizar, recabar y utilizar el saber
que vamos acumulando con el paso del tiempo

Beneficios:

Incrementa la autoconciencia.
Favorece el equilibrio emocional.
Fomenta las relaciones armoniosas.
Potencia el rendimiento laboral.
Aumenta la motivacisn y el entusiasmo.
Otorga capacidad de influencia y liderazgo.
Mejora la empatma y las habilidades de analisis social.
Aumenta el bienestar psicolsgico.
Facilita una buena salud.
Brinda defensas para la reaccisn positiva a la tensisn y al Estris.
Objetivo General:
Los participantes podran adquirir las destrezas necesarias para el manejo
adecuado de las  emociones mas comunes en la vida laboral y personal,
mediante la aplicacisn de  los principios de la inteligencia emocional y
ticnicas de manejo del estris.

Para mayor informacisn, favor de responder este correo con los siguientes
datos:
 Empresa:
 Nombre:
 Ciudad:
 Telifono:

O si lo prefiere comunmquese a los telifonos:

Del DF al 5611-0969 con 10 lmneas
Interior del Pams Lada sin Costo
01 800 900 TIEM (8436)
Aceptamos todas las TDC y Dibito.
**Promocisn: 3 meses sin Intereses pagando con American Express
**Aplica solo con Inversisn Normal

.Todos los Derechos Reservados )2011 TIEM Talento e Innovacisn Empresarial
de Mixico
Este Mensaje le ha sido enviado como usuario de TIEM de Mixico o bien un
usuario le refiris para recibir este boletmn.
Como usuario de TIEM de Mixico, en este acto autoriza de manera expresa que
TIEM de Mixico le puede contactar vma correo electrsnico u otros medios.
Si usted ha recibido este mensaje por error, haga caso omiso de il y reporte
su cuenta respondiendo este correo con el subject BAJABD
Unsubscribe to this mailing list, reply a blank message with the subject
UNSUBSCRIBE BAJABD
Tenga en cuenta que la gestisn de nuestras bases de datos es de suma
importancia y no es intencisn de la empresa la inconformidad del receptor.

greylisting and blacklisting rules in pf.conf

[ager39148]

The spamd man page shows an example pf.conf fragment:
  table  persist
  table  persist file "/etc/mail/nospamd"
  pass in on egress proto tcp from any to any port smtp \
   rdr-to 127.0.0.1 port spamd
  pass in on egress proto tcp from  to any port smtp
  pass in log on egress proto tcp from  to any port smtp
  pass out log on egress proto tcp to any port smtp

and later shows the pf.conf fragment for "BLACKLIST-ONLY MODE":
  table  persist
  pass in on egress proto tcp from  to any port smtp \
   rdr-to 127.0.0.1 port spamd
for blacklisting.

The pf.conf mand pages shows:
  table  persist file "/etc/spammers" file "/etc/openrelays"
  block on fxp0 from  to any

 
What rules should I have in "pf.conf" for both greylisting and blacklisting? 
I'd like to blacklist those site that got spam through the greylisting.

Thanks,

Joe

Re: update http://www.openbsdsupport.org/

[Daniel Ouellet]

Hi,

misc@ is NOT the place to send complain or updates and they have nothing 
to do with it.


As very clearly written on the page, it is a users submitted project, at 
the complains of the users for the users to prove a point that started 
on November 12 2004.


That was to answer recurring complains from users that always say if 
this was done or that was done it would be best and it would work.


I put my money where my mouth was and did it and posted requests for it 
as well and welcome help to update the site as well as accepted content too.


That lasted for a few weeks then only emails asking to link to this or 
to that and no decent content.


I have been busy and in some cases it took me sometime to reply to 
emails, but I did in most valid content ideas and good contributions.


I also had a short email exchange with Theo that warned me that it was 
going to be useless and he was 100% right, but never the less I told him 
to shut the list of all these useless complains, etc I was going to do 
it. If the end results is ONLY to not get these complains on misc@, just 
that was worth to me as time to time I find this list to be 
disrespectful to be polite in regards of the incredible work done by the 
developers on their time and that they give us free to use.


So, do you have any content that is good to add, or you are just one 
more users that expect everyone else to do the work for you?


I am waiting your content avidly.

If you have no contribution to make then you know what to do right? Let 
the developers do what they love to do.


I think without being to harsh the front page of the site is pretty darn 
clear as to why it exists and what's proper and what's not.


Left side is very clear abtu it too:


Note: The content published here in no way implies that the OpenBSD 
project or any member of the OpenBSD team sanctions or approves of such 
use. Do not complain to them if you find anything obsolete here. If you 
do find it unusable, inexact, obsolete or simply bad, then your help 
would be welcome to make it better. Send in your new document.


Complaints go here
/dev/null

Improvements are posted for everyone's benefit and we thank you for them!

Otherwise, constructive suggestions are more than welcome!


It is true that it hasn't been updated for sometime, but I haven't got 
any content from the community to do so either... So, the project and 
goal speak for itself proving the long term social experiment as well.


So, now you know what to do and leave misc@ out of it.

Not the place for it.

Best regards,

Daniel


On 5/16/12 4:03 AM, Wesley wrote:

Hi,

OpenBSD FAQ is a very good starting point.
But it will be famous if http://www.openbsdsupport.org/ can be updated.
The most recent article : February 2008

Thank you very much for your posts and specially for all OpenBSD
Developers.

Cheers,

Wesley MOUEDINE ASSBAY
www.mouedine.net

Re: Is it possible to use openssl 1.0.1 with isakmpd?

[Stuart Henderson]

On 2012-05-15, Johan Ryberg  wrote:
> Hi.
>
> Is it possible to use openssl 1.0.1 with isakmpd in OpenBSD 5.1?
>
> I can compile openssl 1.0.1 without any problem but it's not replacing
> existing openssl. It's just installed in /usr/local/ssl
>
> I need support for hardware aes that come with 1.0.1 and the benchmark
> is showing much better result then the default version.
>
> Best regards Johan
>
>

It should be possible to build your own copy of isakmpd linking
to another OpenSSL, but it might not be very useful as the bulk
of crypto for IPSEC is done in the kernel, not in isakmpd..

Re: bnx support

[Per-Olov Sjöholm]

On 16 maj 2012, at 01:42, Brad Smith wrote:

> On 15/05/12 5:44 PM, Per-Olov Sjvholm wrote:
>> Hi
>>
>> Looking at the man page for em and bnx drivers
>>
>> On "em" I can read it supports jumbo frames. But "bnx" man page says
nothing
>> about this. Does it mean it's just missing in the man page or is it the
fact
>> that "bnx" wont support jumbo frames?
>
> The hardware is capable. The driver currently does not have support.
>
> A diff was posted but it has not been commited yet. Any further testing
> would be useful.
>
> http://marc.info/?l=openbsd-tech&m=133160147815932&w=2
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>

Ok thanks for the info

I4ll download and hopefully can test it


/Per-Olov

Documentation for Apache-SSL key creation

[Nicolai]

Hi all,

While making a self-signed key for use with Apache I noticed that the
FAQ recommends deprecated crypto (RSA-1024 and SHA1).  I chose instead
RSA-4096 and sha256.  A couple patches for the website and manual page
are below.

You can see an example of the resulting cert on my personal site (no
linkspam), which works fine with both xxxterm and Firefox.

Any problems with this?

Nicolai

--- faq10.html.orig Tue May  1 09:42:54 2012
+++ faq10.html  Wed May 16 14:20:36 2012
@@ -486,7 +486,7 @@
 OpenSSL:

 
-# openssl genrsa -out /etc/ssl/private/server.key 1024
+# openssl genrsa -out /etc/ssl/private/server.key 4096
 

 
@@ -494,7 +494,7 @@
 have to type in when starting servers

 
-# openssl genrsa -des3 -out /etc/ssl/private/server.key 1024
+# openssl genrsa -des3 -out /etc/ssl/private/server.key 4096
 

 
@@ -517,7 +517,7 @@
 yourself, you can use the following.

 
-# openssl x509 -req -days 365 -in /etc/ssl/private/server.csr \
+# openssl x509 -sha256 -req -days 365 -in /etc/ssl/private/server.csr \
-signkey /etc/ssl/private/server.key -out /etc/ssl/server.crt
 




--- ssl.8.orig  Wed Aug 17 10:55:25 2011
+++ ssl.8   Wed May 16 14:59:05 2012
@@ -110,13 +110,13 @@
 .Ar RSA
 certificate.
 .Bd -literal -offset indent
-# openssl genrsa -out /etc/ssl/private/server.key 1024
+# openssl genrsa -out /etc/ssl/private/server.key 4096
 .Ed
 .Pp
 Or, if you wish the key to be encrypted with a passphrase that you will
 have to type in when starting servers
 .Bd -literal -offset indent
-# openssl genrsa -des3 -out /etc/ssl/private/server.key 1024
+# openssl genrsa -des3 -out /etc/ssl/private/server.key 4096
 .Ed
 .Pp
 The next step is to generate a
@@ -139,8 +139,9 @@
 .Pp
 You can also sign the key yourself, using the command:
 .Bd -literal -offset indent
-# openssl x509 -req -days 365 -in /etc/ssl/private/server.csr \e
-  -signkey /etc/ssl/private/server.key -out /etc/ssl/server.crt
+# openssl x509 -sha256 -req -days 365 -in \e
+  /etc/ssl/private/server.csr -signkey \e
+  /etc/ssl/private/server.key -out /etc/ssl/server.crt
 .Ed
 .Pp
 With

i386 -current Sloppy source-track Breaks?

[Insan Praja SW]

Hi Misc@,

I was upgrading my 5.0 i386 -stable to 5.1 i386 -stable. We use ECMP using  
ospfd, and asymmetric routing with bgpd. Strangely, "keep state (sloppy  
source-track) flags any" can't no longer pass icmp traffic. Traceroute,  
browsing etc works, though. Then, I decided to upgrade it to -current,  
which, doesn't seem solve the problem.


This;

pass in quick log on $core_if\
inet proto icmp to  tag PING\
keep state (sloppy source-track global) flags any\
queue (CoreUp_icmp CoreUp_ack)
pass in quick log on $core_if\
inet proto udp to  port 33433 >< 33626 tag PING\
keep state (sloppy source-track global) flags any\
queue (CoreUp_icmp CoreUp_ack)

pass out quick log on $core_if\
inet tagged PING\
keep state (sloppy source-track global) flags any\
queue CoreUp_icmp
pass out quick log on $core_if\
inet proto icmp from self\
keep state (sloppy source-track global) flags any\
queue CoreUp_icmp
pass out quick log on $core_if\
inet proto udp from self to any port 33433 >< 33626\
keep state (sloppy source-track global) flags any\
queue CoreUp_icmp

pass in quick log on $serv_if\
inet proto icmp from \
keep state (sloppy source-track global) flags any\
queue ServDn_icmp tag PING
pass in quick log on $serv_if\
inet proto udp to any port 33433 >< 33626\
keep state (sloppy source-track global) flags any\
queue ServDn_icmp tag PING

pass out quick log on $serv_if\
inet tagged PING\
keep state (sloppy source-track global) flags any\
queue ServDn_icmp
pass out quick log on $serv_if\
inet proto icmp\
keep state (sloppy source-track global) flags any\
queue ServDn_icmp
pass out quick log on $serv_if\
inet proto udp to any port 33433 >< 33626\
keep state (sloppy source-track global) flags any\
queue ServDn_icmp


Doesn't behave consistently. Some hosts/packets gets block, some get  
through, randomly.


Thanks,


Insan Praja SW


DMESG (identical machines):
OpenBSD 5.1-current (GENERIC.MP) #0: Thu May 17 01:18:14 WIT 2012

r...@greenrouter-jkt02.mygreenlinks.net:/usr/src/sys/arch/i386/compile/GENERIC.MP
RTC BIOS diagnostic error 3
cpu0: Intel(R) Pentium(R) D CPU 3.00GHz ("GenuineIntel" 686-class) 3.01 GHz
cpu0:  
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,NXE,LONG,SSE3,MWAIT,DS-CPL,EST,CNXT-ID,CX16,xTPR,PDCM,LAHF

real mem  = 2142687232 (2043MB)
avail mem = 2096836608 (1999MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 03/26/07, SMBIOS rev. 2.4 @  
0x7fbe4000 (43 entries)
bios0: vendor Intel Corporation version  
"S3000.86B.02.00.0054.061120091710" date 06/11/2009

bios0: Intel S3000AH
acpi0 at bios0: rev 2
acpi0: sleep states S0 S1 S4 S5
acpi0: tables DSDT SLIC FACP APIC WDDT HPET MCFG ASF! SSDT SSDT SSDT SSDT  
SSDT HEST BERT ERST EINJ
acpi0: wakeup devices SLPB(S4) P32_(S4) UAR1(S1) PEX4(S4) PEX5(S4)  
UHC1(S1) UHC2(S1) UHC3(S1) UHC4(S1) EHCI(S1) AC9M(S4) AZAL(S4)

acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: apic clock running at 199MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Pentium(R) D CPU 3.00GHz ("GenuineIntel" 686-class) 3 GHz
cpu1:  
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,NXE,LONG,SSE3,MWAIT,DS-CPL,EST,CNXT-ID,CX16,xTPR,PDCM,LAHF

ioapic0 at mainbus0: apid 5 pa 0xfec0, version 20, 24 pins
ioapic0: misconfigured as apic 0, remapped to apid 5
acpihpet0 at acpi0: 14318179 Hz
acpimcfg0 at acpi0 addr 0xf000, bus 0-127
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 4 (P32_)
acpiprt2 at acpi0: bus 1 (PEX0)
acpiprt3 at acpi0: bus -1 (PEX1)
acpiprt4 at acpi0: bus -1 (PEX2)
acpiprt5 at acpi0: bus -1 (PEX3)
acpiprt6 at acpi0: bus 2 (PEX4)
acpiprt7 at acpi0: bus 3 (PEX5)
acpicpu0 at acpi0: PSS
acpicpu1 at acpi0: PSS
acpibtn0 at acpi0: SLPB
bios0: ROM list: 0xc/0x9000 0xc9000/0x4800 0xcd800/0x1000  
0xce800/0x1000

cpu0: Enhanced SpeedStep 3000 MHz: speeds: 3000, 2400 MHz
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 0 function 0 "Intel E7230 Host" rev 0x00
ppb0 at pci0 dev 28 function 0 "Intel 82801GB PCIE" rev 0x01: apic 5 int 17
pci1 at ppb0 bus 1
ppb1 at pci0 dev 28 function 4 "Intel 82801G PCIE" rev 0x01: apic 5 int 17
pci2 at ppb1 bus 2
em0 at pci2 dev 0 function 0 "Intel PRO/1000 PT (82571EB)" rev 0x06: apic  
5 int 16, address 00:15:1a:6e:06:aa
em1 at pci2 dev 0 function 1 "Intel PRO/1000 PT (82571EB)" rev 0x06:

Re : Error while copying data from another disk

[Mik J]

> On Tue, 15 May 2012 17:33:02 +0100 (BST)

> Mik J wrote:
> 
>>  to recover
the rest of my files (50% left) while the disk doesn't 
> complain

Hello,

I
wanted to give a feedback. I have copied all my directories except one that
was generating the errors that I wrote in my first mail.
The directory
contained some qemu images and freebsd isos and other files like that, and
those were not critical for me.

So I followed the instructions from this page
http://caoua.org/alex/obsd/badsect.html
There was 7 sectors that were
generating errors and I wrote 0 on them and now every time I try to read these
sectors with dd it doesn't generate any error message.

Then I remounted the
partition and did a copy for this directory on my new disk and I have the
following error.
cp: /mnt/oldhome/xxx/Virtualisation/QEmu/FreeBSD/doc/doc.gd:
Bad file descriptor
I don't know what is this error but it's probably due to
the 7 sectors I have manipulated.

Since I don't have any data to recover I
will try to read how to test the whole disk for bad sectors and proceed the
same way.
After this as you suggested I will not use this disk for important
data.

I will also look at all tools and programs you all suggested me.

Thank
you

Re: ikev2 between openbsd and windows

[Mike Belopuhov]

On Wed, May 16, 2012 at 10:00 PM, Peter J. Philipp  wrote:
> On Mon, May 14, 2012 at 12:53:34PM +0200, Mike Belopuhov wrote:
>> 4) Install the server certificate on the server:
>>
>>ikectl ca vpn certificate 10.1.0.1 install
>>
>> 5) To export the client certificate in a ZIP'ed PFX format, you need
>>to install zip utility (pkg_add -i zip).
>>
>>ikectl ca vpn certificate 10.5.0.1 export
>>
>
> Does the .tgz file need to be extracted at all on the server?

On the server? No. For the server certificate you just do the "install".

> I've tried
> and tried for too long and my certificates are out of sync I think, is
there
> a command to delete everything and just keep the original blank iked
structure
> so that one can start over without old certificates in the way?
>

I guess you can do "ikectl ca vpn delete" and that should remove most
of the stuff that gets in the way.

>> 6) Transfer 10.5.0.1.zip to the Windows host and load the certificates
>>by doubleclicking on them.  Make sure that certificates are valid
>>in the MMC Certificates Snap-In.
>
> This gave me a huge headache.  I tried using MMC (as administrator and
other
> user) but my vpn client stayed at 13806 error.  Perhaps VPN wasn't meant
for
> people like me.
>

As Pavel described, you shouldn't doubleclick as I said because
then windows will install it to the user certificates. Quoting Pavel:
"MMC and the local computer account switch should be used
instead."   I believe he refers to the Certificates snap-in.  It asks
you this question when you add it to the MMC.

Re: ikev2 between openbsd and windows

[Peter J. Philipp]

On Mon, May 14, 2012 at 12:53:34PM +0200, Mike Belopuhov wrote:
> 4) Install the server certificate on the server:
> 
>ikectl ca vpn certificate 10.1.0.1 install
> 
> 5) To export the client certificate in a ZIP'ed PFX format, you need
>to install zip utility (pkg_add -i zip).
> 
>ikectl ca vpn certificate 10.5.0.1 export
> 

Does the .tgz file need to be extracted at all on the server?  I've tried
and tried for too long and my certificates are out of sync I think, is there
a command to delete everything and just keep the original blank iked structure
so that one can start over without old certificates in the way?

> 6) Transfer 10.5.0.1.zip to the Windows host and load the certificates
>by doubleclicking on them.  Make sure that certificates are valid
>in the MMC Certificates Snap-In.

This gave me a huge headache.  I tried using MMC (as administrator and other
user) but my vpn client stayed at 13806 error.  Perhaps VPN wasn't meant for 
people like me. 

> 7) Configure iked to do RSA auth w/o EAP (for the start):
> 
> ikev2 "win7" passive esp \
> from 192.168.0.0/24 to 192.168.1.0/24 local any peer any \
> srcid 10.1.0.1 \
> config address 192.168.1.100 \
> config name-server 192.168.0.1
> 
>Here, 192.168.0.0/24 is a network client is getting access to,
>192.168.1.0/24 is a "DHCP"-like network from which client is
>getting an ip address (192.168.1.100 specifically).  Please
>note, that the code to turn this awkwardness into real (DHCP-like)
>address pool specification is not written yet.  Note that srcid
>has to match the host that the certificate is issued to, otherwise
>windows will refuse to connect. 
> 
>Once you do that you can load iked and see that it hooks up the
>server certificate (in the iked -dvv output that is).
> 
> 7) Now on the windows box, go to the Network Connections Center
>and create an IKEv2 VPN connection with the client.  Make sure
>to check the Certificate radio button on the Security tab in
>the connection properties, so that you won't do EAP.
> 
> 8) Start the connection.
> 
> 9) Profit!!!
> 
> PS.
> 
> If someone thinks that this might be turned into some sort of a
> howto or FAQ entry or whatever, please feel free to reuse any
> piece of text.  Attribution is welcomed but not required.

Would love to write something if it worked considering I've struck out
so many times with this.

-peter

Re: bnx support

[Stuart Henderson]

On 2012-05-15, Brad Smith  wrote:
> http://marc.info/?l=openbsd-tech&m=133160147815932&w=2

No negative impact on bge(4) BCM5704C. Jumbos worked before, tested rx
and tx, and still work afterwards.

OpenBSD 5.1-current (GENERIC.MP) #17: Wed May 16 19:42:42 BST 2012
st...@symphytum.spacehopper.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 1072627712 (1022MB)
avail mem = 1021775872 (974MB)
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.3 @ 0xf8dc0 (60 entries)
bios0: vendor American Megatrends Inc. version "080011" date 11/17/2005
bios0: Supermicro H8SSL
acpi0 at bios0: rev 0
acpi0: sleep states S0 S1 S5
acpi0: tables DSDT FACP APIC OEMB
acpi0: wakeup devices P1P2(S1) USB0(S1) USB1(S1) USB2(S1) PS2K(S1) PS2M(S1) 
SLPB(S1)
acpitimer0 at acpi0: 3579545 Hz, 32 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: AMD Opteron(tm) Processor 146, 1995.26 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW,LAHF
cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 1MB 64b/line 
16-way L2 cache
cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative
cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative
cpu0: AMD erratum 89 present, BIOS upgrade may be required
cpu0: apic clock running at 199MHz
ioapic0 at mainbus0: apid 1 pa 0xfec0, version 11, 16 pins
ioapic1 at mainbus0: apid 2 pa 0xfec01000, version 11, 16 pins
ioapic2 at mainbus0: apid 3 pa 0xfec02000, version 11, 16 pins
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 1 (P0P1)
acpiprt2 at acpi0: bus 2 (P1P2)
acpicpu0 at acpi0
acpibtn0 at acpi0: PWRB
acpibtn1 at acpi0: SLPB
pci0 at mainbus0 bus 0
ppb0 at pci0 dev 1 function 0 "ServerWorks HT-1000 PCI" rev 0x00
pci1 at ppb0 bus 1
ppb1 at pci1 dev 13 function 0 "ServerWorks HT-1000 PCIX" rev 0xb2
pci2 at ppb1 bus 2
em0 at pci2 dev 1 function 0 "Intel PRO/1000MT (82546EB)" rev 0x01: apic 2 int 
4, address 00:11:0a:59:5a:64
em1 at pci2 dev 1 function 1 "Intel PRO/1000MT (82546EB)" rev 0x01: apic 2 int 
5, address 00:11:0a:59:5a:65
bge0 at pci2 dev 3 function 0 "Broadcom BCM5704C" rev 0x10, BCM5704 B0 
(0x2100): apic 2 int 8, address 00:30:48:56:6b:76
brgphy0 at bge0 phy 1: BCM5704 10/100/1000baseT PHY, rev. 0
bge1 at pci2 dev 3 function 1 "Broadcom BCM5704C" rev 0x10, BCM5704 B0 
(0x2100): apic 2 int 9, address 00:30:48:56:6b:77
brgphy1 at bge1 phy 1: BCM5704 10/100/1000baseT PHY, rev. 0
piixpm0 at pci0 dev 2 function 0 "ServerWorks HT-1000" rev 0x00: polling 
disabled
pciide0 at pci0 dev 2 function 1 "ServerWorks HT-1000 IDE" rev 0x00: DMA
wd0 at pciide0 channel 0 drive 0: 
wd0: 2-sector PIO, LBA, 999MB, 2047248 sectors
wd0(pciide0:0:0): using PIO mode 4, DMA mode 2, Ultra-DMA mode 2
pcib0 at pci0 dev 2 function 2 "ServerWorks HT-1000 LPC" rev 0x00
ohci0 at pci0 dev 3 function 0 "ServerWorks HT-1000 USB" rev 0x01: apic 1 int 
10, version 1.0, legacy support
ohci1 at pci0 dev 3 function 1 "ServerWorks HT-1000 USB" rev 0x01: apic 1 int 
10, version 1.0, legacy support
ehci0 at pci0 dev 3 function 2 "ServerWorks HT-1000 USB" rev 0x01: apic 1 int 10
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 "ServerWorks EHCI root hub" rev 2.00/1.00 addr 1
vga1 at pci0 dev 5 function 0 "ATI Rage XL" rev 0x27
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
pchb0 at pci0 dev 24 function 0 "AMD AMD64 0Fh HyperTransport" rev 0x00
pchb1 at pci0 dev 24 function 1 "AMD AMD64 0Fh Address Map" rev 0x00
pchb2 at pci0 dev 24 function 2 "AMD AMD64 0Fh DRAM Cfg" rev 0x00
kate0 at pci0 dev 24 function 3 "AMD AMD64 0Fh Misc Cfg" rev 0x00
isa0 at pcib0
isadma0 at isa0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
com0: console
com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
usb1 at ohci0: USB revision 1.0
uhub1 at usb1 "ServerWorks OHCI root hub" rev 1.00/1.00 addr 1
usb2 at ohci1: USB revision 1.0
uhub2 at usb2 "ServerWorks OHCI root hub" rev 1.00/1.00 addr 1
mtrr: Pentium Pro MTRR support
uhidev0 at uhub1 port 2 configuration 1 interface 0 " USB Keyboard" rev 
1.10/3.10 addr 2
uhidev0: iclass 3/1
ukbd0 at uhidev0: 8 modifier keys, 6 key codes
wskbd1 at ukbd0 mux 1
wskbd1: connecting to wsdisplay0
uhidev1 at uhub1 port 2 configuration 1 interface 1 " USB Keyboard" rev 
1.10/3.10 addr 2
uhidev1: iclass 3/0, 2 report ids
uhid0 at uhidev1 reportid 1: input=1, output=0, feature=0
uhid1 at uhidev1 reportid 2: input=3, output=0, feature=0
vscsi0 at root
scsibus0 at vscsi0: 256 targets
softraid0 at root
scsibus1 at softraid0: 256 targets
root on wd0a (00dcccfbf24041ba.a) swap on wd0b dump on wd0b

Re: bnx support

[Stuart Henderson]

On 2012-05-15, Brad Smith  wrote:
> On 15/05/12 5:44 PM, Per-Olov Sjvholm wrote:
>> Hi
>>
>> Looking at the man page for em and bnx drivers
>>
>> On "em" I can read it supports jumbo frames. But "bnx" man page says nothing
>> about this. Does it mean it's just missing in the man page or is it the fact
>> that "bnx" wont support jumbo frames?
>
> The hardware is capable. The driver currently does not have support.
>
> A diff was posted but it has not been commited yet. Any further testing
> would be useful.
>
> http://marc.info/?l=openbsd-tech&m=133160147815932&w=2
>

Haven't tried jumbos but with the default 1500 MTU this diff breaks

bnx0 at pci4 dev 0 function 0 "Broadcom BCM5716" rev 0x20: apic 0 int 16
bnx0: address 00:26:b9:78:99:b1
brgphy0 at bnx0 phy 1: BCM5709 10/100/1000baseT PHY, rev. 8

- approx 50% packet loss on Rx, even with simple small pings.

The brgphy diff by itself (i.e. revert the if_bnx.c part) works ok on this
machine but obviously it also needs testing on other nics with jumbo support
using the brgphy, e.g. bge(4) BCM570[0134], I might be able to try it on a
BCM5704C in a bit.

OpenBSD 5.1-current (GENERIC.MP) #16: Wed May 16 17:04:51 BST 2012
st...@symphytum.spacehopper.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 4284059648 (4085MB)
avail mem = 4147662848 (3955MB)
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.6 @ 0xbf79c000 (62 entries)
bios0: vendor Dell Inc. version "1.1.4" date 10/30/2009
bios0: Dell Inc. PowerEdge R210
acpi0 at bios0: rev 2
acpi0: sleep states S0 S4 S5
acpi0: tables DSDT FACP APIC SPCR HPET DMAR MCFG WD__ SLIC ERST HEST BERT EINJ 
TCPA SSDT
acpi0: wakeup devices PCI0(S5) USBA(S0) USBB(S0)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Xeon(R) CPU X3430 @ 2.40GHz, 2394.31 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,NXE,LONG,LAHF
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: apic clock running at 132MHz
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Xeon(R) CPU X3430 @ 2.40GHz, 2393.98 MHz
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,NXE,LONG,LAHF
cpu1: 256KB 64b/line 8-way L2 cache
cpu2 at mainbus0: apid 4 (application processor)
cpu2: Intel(R) Xeon(R) CPU X3430 @ 2.40GHz, 2393.98 MHz
cpu2: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,NXE,LONG,LAHF
cpu2: 256KB 64b/line 8-way L2 cache
cpu3 at mainbus0: apid 6 (application processor)
cpu3: Intel(R) Xeon(R) CPU X3430 @ 2.40GHz, 2393.98 MHz
cpu3: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,NXE,LONG,LAHF
cpu3: 256KB 64b/line 8-way L2 cache
ioapic0 at mainbus0: apid 0 pa 0xfec0, version 20, 24 pins
acpihpet0 at acpi0: 14318179 Hz
acpimcfg0 at acpi0 addr 0xe000, bus 0-255
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 1 (LYD0)
acpiprt2 at acpi0: bus -1 (LYD2)
acpiprt3 at acpi0: bus -1 (HVD0)
acpiprt4 at acpi0: bus -1 (HVD2)
acpiprt5 at acpi0: bus 4 (PEX0)
acpiprt6 at acpi0: bus -1 (PEX4)
acpiprt7 at acpi0: bus -1 (PEX5)
acpiprt8 at acpi0: bus 5 (COMP)
acpicpu0 at acpi0: C3, C2, C1
acpicpu1 at acpi0: C3, C2, C1
acpicpu2 at acpi0: C3, C2, C1
acpicpu3 at acpi0: C3, C2, C1
ipmi at mainbus0 not configured
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel Core DMI" rev 0x11
ppb0 at pci0 dev 3 function 0 "Intel Core PCIE" rev 0x11: msi
pci1 at ppb0 bus 1
ppb1 at pci1 dev 0 function 0 "Intel 41210 PCIE-PCIX" rev 0x09
pci2 at ppb1 bus 2
em0 at pci2 dev 4 function 0 "Intel PRO/1000MT (82546EB)" rev 0x03: apic 0 int 
17, address 00:12:c0:08:39:ee
em1 at pci2 dev 4 function 1 "Intel PRO/1000MT (82546EB)" rev 0x03: apic 0 int 
17, address 00:12:c0:08:39:ef
ppb2 at pci1 dev 0 function 2 "Intel 41210 PCIE-PCIX" rev 0x09
pci3 at ppb2 bus 3
em2 at pci3 dev 4 function 0 "Intel PRO/1000MT (82546EB)" rev 0x03: apic 0 int 
17, address 00:12:c0:08:39:ec
em3 at pci3 dev 4 function 1 "Intel PRO/1000MT (82546EB)" rev 0x03: apic 0 int 
17, address 00:12:c0:08:39:ed
em4 at pci3 dev 5 function 0 "Intel PRO/1000MT (82546EB)" rev 0x03: apic 0 int 
18, address 00:12:c0:08:39:ea
em5 at pci3 dev 5 function 1 "Intel PRO/1000MT (82546EB)" rev 0x03: apic 0 int 
18, address 00:12:c0:08:39:eb
"Intel Core Management" rev 0x11 at pci0 dev 8 function 0 not configured
"Intel Core Scratch" rev 0x11 at pci0 dev 8 function 1 not configured
"Intel Core Control" rev 0x11 at pci0 dev 8 function 2 

Re: Openbsd 5.1 Review on Distrowatch

[Ralph Ellis]

On 05/16/12 08:14, Mihai Popescu wrote:

Ralph Ellis wrote:
I understand that Intel is much more open with their documentation and 
specifications.

As someone said, it is "open for business." As for the review, I'm
asking myself why people publish a review and then ask for opinions.
It should be the other way around, not making statements about OpenBSD
without checking and then ... you know.

Actually, the main purpose of the review was to make people more aware 
of some of the advancements and improvements in OpenBSD. My first 
experiences with OpenBSD 4.4 were not too positive. Even though I have 
used computers since before MS-DOS was invented (bought) by Microsoft 
and have used CP/M, FreeBSD, Solaris, Linux, all versions of Windows, 
etc., I found that the creation of a functional desktop with OpenBSD 
required large amounts of jumping through hoops.
This time, setting up a functional OpenBSD setup was more like a day and 
the hardware recognition was much better.  There were no "show stopper" 
issues that prevent someone from using it as an everyday desktop.
The audience for the article is less the internal OpenBSD community but 
the wider computer audience out there who may not have looked at OpenBSD 
before. Posting on the mailing list is more  letting the community know 
that the review is out there.

Thanks
Ralph Ellis

Re: libc.so.64.1?

[Emilio Perea]

On Wed, May 16, 2012 at 10:21:58AM -0500, Emilio Perea wrote:
> On Wed, May 16, 2012 at 02:22:34PM +0200, Manuel Giraud wrote:
> > 
> > I've just tried to update and it seems that the current
> > snapshots/i386/base51.tgz doesn't contains /usr/lib/libc.so.64.1.  If
> > that's to be expected following -current, i'll wait a couple of day
> > before re-update.
> > 
> There does not seem to be any libc.so.* on the current snapshot, so it
> would be a good idea to wait.  (Wish I had! :-)
> 
I should have clarified this is only on the i386 snapshot.  The amd64
snapshot (and I assume all others) are fine.

Re: libc.so.64.1?

[Emilio Perea]

On Wed, May 16, 2012 at 02:22:34PM +0200, Manuel Giraud wrote:
> 
> I've just tried to update and it seems that the current
> snapshots/i386/base51.tgz doesn't contains /usr/lib/libc.so.64.1.  If
> that's to be expected following -current, i'll wait a couple of day
> before re-update.
> 
There does not seem to be any libc.so.* on the current snapshot, so it
would be a good idea to wait.  (Wish I had! :-)

Re: Load balancing and fail-over

[Stuart Henderson]

On 2012-05-16, Russell Garrison  wrote:
>> On Wed, May 16, 2012 at 9:40 AM, Indunil Jayasooriya
>>  wrote:
>
>>> If yes, How to ping external internet host when that link is DOWN? I find
>>> it difficult?
>>>
>>> I tried it with below commands
>>>
>>>
>>> ping -I WAN1_if_ip www.google.lk
>>>
>>> ping -I WAN2_if_ip www.google.lk
>>>
>>>
>>> Some times it works? some times it does NOT?
>>>
>>> Could you pls explain why?

Route lookups are based on the *destination* address not the source
address, you could add a route for a certain destination via a
certain interface to send packets out that way.

> I have been asked by management a few times about why some pings fail
> when you ping things like google servers and core routers at the ISP.

Management might need to set the TOS bits.

ping -T i_am_management_my_packets_are_important_dammit www.google.com

If they are really important they can use -i0.0001 -e to be sure
people pay attention. Needs root but they are probably logged
in like that already, right? :)

> The short answer I give is that things like that are too busy being
> the Internet to respond to all the ping traffic that doesn't do
> anything to enable them to be the Internet. Best advice is to consult
> your routing tables or contact your ISP and have your ifstated ping
> the far-end of your internet connection. Those systems are typically
> less busy and have a higher expectation of answering all pings while
> up.

"far-end of your internet connection" tends to be a router, which are
usually one of the worst things to be pinging, something like a
local web or ntp server might be a better idea.

Re: trunk0 with dual stack

[Stuart Henderson]

On 2012-05-16, Bogdan Andu  wrote:
> It is possible to build an interface aggregation on dual stack
> systems?

Of course, trunk works just the same as a standard interface in this
respect.

> /etc/hostname.trunk0 such that it will look like this:
> trunkproto failover
> trunkport bge0 trunkport bge1 192.168.18.133 netmask 255.255.255.0
> inet6
> 2e03:5a80:0:4::133 prefixlen 64

prefixlen 64 is default, no need to include it, and inet6 goes on the
same line as the address.  I'd use something like this

trunkproto failover
trunkport bge0 trunkport bge1
inet 192.168.18.133 255.255.255.0
inet6 2e03:5a80:0:4::133


> ! route add -inet6 default2e03:5a80:0:4::1

just add 2e03:5a80:0:4::1 to /etc/mygate

Re: ikev2 between openbsd and windows

[Mike Belopuhov]

On Wed, May 16, 2012 at 17:30 +0400, Pavel Shvagirev wrote:
> 
> Thank you very much for the detailed reply. It helped a lot, though I
> have something to add.
> 
> > 6) Transfer 10.5.0.1.zip to the Windows host and load the certificates
> >by doubleclicking on them.
> You should not import the cert by doubleclicking on it - it will import
> to the current user's facility instead of a local computer. That will
> cause 13806 errormessage telling that there is no appropriate computer
> certificate etc. MMC and the local computer account switch should be
> used instead.
> 

Yes, I admit I have just tested the possibility of installing
certificates and hoped that user certs will work just fine.
We have a tool to do the right thing automatically, so I didn't
bother to test this part.  Shame on me (:

> > 7) Configure iked to do RSA auth w/o EAP (for the start):
> >
> > ikev2 "win7" passive esp \
> > from 192.168.0.0/24 to 192.168.1.0/24 local any peer any \
> > srcid 10.1.0.1 \
> > config address 192.168.1.100 \
> > config name-server 192.168.0.1
> >
> >Here, 192.168.0.0/24 is a network client is getting access to,
> >192.168.1.0/24 is a "DHCP"-like network from which client is
> >getting an ip address (192.168.1.100 specifically).  Please
> >note, that the code to turn this awkwardness into real (DHCP-like)
> >address pool specification is not written yet.  Note that srcid
> >has to match the host that the certificate is issued to, otherwise
> >windows will refuse to connect. 
> >
> >Once you do that you can load iked and see that it hooks up the
> >server certificate (in the iked -dvv output that is).
> This is the most intriguing part :)
> 
>ikev2 "win7" esp \
>from 172.16.2.0/24 to 0.0.0.0/0 \
>peer 10.0.0.0/8 local 192.168.56.0/24 \
>eap "mschap-v2" \
>config address 172.16.2.1 \
>tag "$name-$id"
> 
> This example is from the man page. `config address' is in the range of
> `from source', not from the destination subnet. Are you sure it sould be
> like you said?
> 

Yes, I'm sure.  The syntax was changing over time but in the end the
"from" network is always the network behind the host running iked
regardless of whether it's initiator or responder.  Here's a config
I use at the moment for my testing:

ikev2 "win7" passive esp \
   from 10.1.0.2 to 10.1.0.5 local any peer any \
   srcid 172.23.55.126 \
   config address 10.1.0.5 \
   config name-server 10.1.0.2

10.1.0.2 is configured as "ifconfig lo1 10.1.0.2/24" on openbsd.

Man page should be updated.

> How do I manage the `DHCP-like' addresses? Is this address range where
> the client should be granted an IP from OR is that a client's local
> private network? I found that dhcpd cannot run on enc0 interface. How do
> you manage that?
> 

No, DHCP is NOT involved at all. IKEv2 does it itself. I said that you
can only configure one IP address per "ikev2" rule atm and the address
pool code is not written (but it should/will be).

> Now the negotiation seems to be complete but still the connection can
> not be established due to various reasons:
> 
> 1. Windows side stops on error #31 "Attached device is not working
> properly" (looks like a Windows problem though). Have you seen that?
> 

Nope.

> 2. Doesn't work EAP mode - Windows stops on "Checking username and
> password" error. Then #13803, 1931...
> 

Well, as I said, try certificates first.  Disable EAP.

> > If someone thinks that this might be turned into some sort of a
> > howto or FAQ entry or whatever, please feel free to reuse any
> > piece of text.  Attribution is welcomed but not required.
> Your instructoins really did the trick - I got rid of those anoying
> troubles that were caused by strictly following the manuals... I think
> it should have been written in more detail, covering in detail _every_
> network part (with its role) that participate in the negotiation. 'cause
> sometimes it has contradicting points. Probably it is a matter of
> individual perception, nevertheless I had what I had as well as tons of
> others struggling with that in mail lists across the web =)
> 

Everyone is encouraged to contribute to this thread so that we can
work out an unambiguous instruction.

> Thanks.
> 
> -- 
> Best regards,
> Pavel Shvagirev
> skype: pavel.shvagirev

Fab Faya Newsletter 14 - Bamboo Brasov / Bucarest / Romania

[Fab Faya Official newsletter]

Newsletter #14















Don't want to receive this e-mail ? Send your adress with the word
"Delete" and your e-mail adress to newslett...@fabfaya.com

http://www.fabfaya.com
i...@fabfaya.com
Fab Faya Official website

Don't want to receive this e-mail ?
Send your adress with the word "Delete"
and your e-mail adress to newslett...@fabfaya.com

Re: release failing to build. hardware related?

[Christian Weisgerber]

In article <4fb37187.4010...@sanity.de>, Marc Peters  wrote:

> > You have the disktab file from the i386 arch installed on a amd64
> > system.
> 
> i reinstalled the box as i upgraded it and went to amd64 (mid April).
> this was sucked in by my etc-backup. Didn't know, that it would cause
> problems to pull this directory in.

See /usr/src/etc/etc.* for /etc files that vary by architecture.

-- 
Christian "naddy" Weisgerber  na...@mips.inka.de

libc.so.64.1?

[Manuel Giraud]

Hi,

I've just tried to update and it seems that the current
snapshots/i386/base51.tgz doesn't contains /usr/lib/libc.so.64.1.  If
that's to be expected following -current, i'll wait a couple of day
before re-update.

Re: ikev2 between openbsd and windows

[Pavel Shvagirev]

Thank you very much for the detailed reply. It helped a lot, though I
have something to add.

> 6) Transfer 10.5.0.1.zip to the Windows host and load the certificates
>by doubleclicking on them.
You should not import the cert by doubleclicking on it - it will import
to the current user's facility instead of a local computer. That will
cause 13806 errormessage telling that there is no appropriate computer
certificate etc. MMC and the local computer account switch should be
used instead.

> 7) Configure iked to do RSA auth w/o EAP (for the start):
>
> ikev2 "win7" passive esp \
> from 192.168.0.0/24 to 192.168.1.0/24 local any peer any \
> srcid 10.1.0.1 \
> config address 192.168.1.100 \
> config name-server 192.168.0.1
>
>Here, 192.168.0.0/24 is a network client is getting access to,
>192.168.1.0/24 is a "DHCP"-like network from which client is
>getting an ip address (192.168.1.100 specifically).  Please
>note, that the code to turn this awkwardness into real (DHCP-like)
>address pool specification is not written yet.  Note that srcid
>has to match the host that the certificate is issued to, otherwise
>windows will refuse to connect. 
>
>Once you do that you can load iked and see that it hooks up the
>server certificate (in the iked -dvv output that is).
This is the most intriguing part :)

   ikev2 "win7" esp \
   from 172.16.2.0/24 to 0.0.0.0/0 \
   peer 10.0.0.0/8 local 192.168.56.0/24 \
   eap "mschap-v2" \
   config address 172.16.2.1 \
   tag "$name-$id"

This example is from the man page. `config address' is in the range of
`from source', not from the destination subnet. Are you sure it sould be
like you said?

How do I manage the `DHCP-like' addresses? Is this address range where
the client should be granted an IP from OR is that a client's local
private network? I found that dhcpd cannot run on enc0 interface. How do
you manage that?

Now the negotiation seems to be complete but still the connection can
not be established due to various reasons:

1. Windows side stops on error #31 "Attached device is not working
properly" (looks like a Windows problem though). Have you seen that?

2. Doesn't work EAP mode - Windows stops on "Checking username and
password" error. Then #13803, 1931...

> If someone thinks that this might be turned into some sort of a
> howto or FAQ entry or whatever, please feel free to reuse any
> piece of text.  Attribution is welcomed but not required.
Your instructoins really did the trick - I got rid of those anoying
troubles that were caused by strictly following the manuals... I think
it should have been written in more detail, covering in detail _every_
network part (with its role) that participate in the negotiation. 'cause
sometimes it has contradicting points. Probably it is a matter of
individual perception, nevertheless I had what I had as well as tons of
others struggling with that in mail lists across the web =)

Thanks.

-- 
Best regards,
Pavel Shvagirev
skype: pavel.shvagirev

Re: release failing to build. hardware related?

[Marc Peters]

On 05/16/2012 10:27 AM, Antoine Jacoutot wrote:
> But you can force a full comparison using `-d' as per sysmerge(8).
> 

Solved my problems, thank you all.

marc

Re: Load balancing and fail-over

[C. Bensend]

> I have been asked by management a few times about why some pings fail
> when you ping things like google servers and core routers at the ISP.
> The short answer I give is that things like that are too busy being
> the Internet to respond to all the ping traffic that doesn't do
> anything to enable them to be the Internet. Best advice is to consult
> your routing tables or contact your ISP and have your ifstated ping
> the far-end of your internet connection. Those systems are typically
> less busy and have a higher expectation of answering all pings while
> up.

ICMP ECHOREQ is about the lowest form of life out there on the
intertubes.  Some routers will pass it, some won't, and if a
router is busy along the way it's the first thing that is dropped.

I've had to answer that question many times over the years.  My
standard response has been "pings are not important in the grand
scheme of things.  If there is any congestion along the path, it
may be discarded for the greater good."


-- 
"The problem with quotes on the internet is that it's very hard to
verify their authenticity."   -- Abraham Lincoln

Re: Openbsd 5.1 Review on Distrowatch

[Mihai Popescu]

> Ralph Ellis wrote:
> I understand that Intel is much more open with their documentation and 
> specifications.

As someone said, it is "open for business." As for the review, I'm
asking myself why people publish a review and then ask for opinions.
It should be the other way around, not making statements about OpenBSD
without checking and then ... you know.

Re: Load balancing and fail-over

[Russell Garrison]

> On Wed, May 16, 2012 at 9:40 AM, Indunil Jayasooriya
>  wrote:

>> If yes, How to ping external internet host when that link is DOWN? I find
>> it difficult?
>>
>> I tried it with below commands
>>
>>
>> ping -I WAN1_if_ip www.google.lk
>>
>> ping -I WAN2_if_ip www.google.lk
>>
>>
>> Some times it works? some times it does NOT?
>>
>> Could you pls explain why?
>>

I have been asked by management a few times about why some pings fail
when you ping things like google servers and core routers at the ISP.
The short answer I give is that things like that are too busy being
the Internet to respond to all the ping traffic that doesn't do
anything to enable them to be the Internet. Best advice is to consult
your routing tables or contact your ISP and have your ifstated ping
the far-end of your internet connection. Those systems are typically
less busy and have a higher expectation of answering all pings while
up.

Re: Load balancing and fail-over

[Tomas Bodzar]

On Wed, May 16, 2012 at 9:40 AM, Indunil Jayasooriya
 wrote:
> Hi,
>
> I am looking for a Load balancing and fail-over setup. So I am working on
> below 2 subjects
>
>
> How can I do equal-cost multipath routing?
>
> http://www.openbsd.org/faq/faq6.html
>
>
>
> Load Balance Outgoing Traffic
>
> http://www.openbsd.org/faq/pf/pools.html#outexample
>
>
> My first question is how to do failover when one link goes down?
>
> Can I do it with ping and ifstated ?

You can and check man trunk as well.

>
> If yes, How to ping external internet host when that link is DOWN? I find
> it difficult?
>
> I tried it with below commands
>
>
> ping -I WAN1_if_ip www.google.lk
>
> ping -I WAN2_if_ip www.google.lk
>
>
> Some times it works? some times it does NOT?
>
> Could you pls explain why?
>
>
> If it does NOT ping, How to do failover?
>
>
> So, Now, I am trying with snmpwalk command. I think it is OKAY? B your
> comments?
>
> I found a URL here?
>
> http://old.nabble.com/Re:-ifstated-and-ping-p15546523.html
>
>
> Then, the other question is that when loadbalancing works as expected ,
>
> I will have to send https via one link as described in Openbsd site.
>
> Pls see below.
>
> http://www.openbsd.org/faq/pf/pools.html#outexample
>
> # B keep https traffic on a single connection; some web applications,
> # B especially "secure" ones, don't allow it to change mid-session
> pass in on $int_if proto tcp from $lan_net to port https \
> B  B route-to ($ext_if1 $ext_gw1)
>
>
> Then, If that link goes down, when, failiver happnes, How to send that
> https traffic via other link?
>
> I think delete that rule and add another rule like this? am I right?
>
> pass in on $int_if proto tcp from $lan_net to port https \
> B  B route-to ($ext_if2 $ext_gw2)
>
>
> If I am right, How to delete the existing rule and add other rule when
> failover happens?
>
>
> Hope to hear from you.
>
>
>
>
> --
> Thank you
> Indunil Jayasooriya

Re: release failing to build. hardware related?

[Marc Peters]

On 05/16/2012 10:46 AM, Dan Harnett wrote:
> On Wed, May 16, 2012 at 10:05:18AM +0200, Marc Peters wrote:
>> /tmp # cat /etc/disktab
>>
>> #   $OpenBSD: disktab,v 1.21 2010/10/19 20:23:53 deraadt Exp $
>>
>> floppy288|3in|3.5in High Density Floppy, 2.88MB:\
>> :dt=floppy:ty=floppy:se#512:nt#2:rm#300:ns#36:nc#80:\
>> :pa#5760:oa#0:ba#4096:fa#512:ta=4.2BSD: \
>> :pb#5760:ob#0:\
>> :pc#5760:oc#0:
> [...]
> 
> 
> You have the disktab file from the i386 arch installed on a amd64
> system.
> 

i reinstalled the box as i upgraded it and went to amd64 (mid April).
this was sucked in by my etc-backup. Didn't know, that it would cause
problems to pull this directory in.

trunk0 with dual stack

[Bogdan Andu]

Hello,

It is possible to build an interface aggregation on dual stack
systems?

I want my trunk0 interface to be bound to ipv4 and to ipv6 address
and I don't know:

1. If this is possible, and
2. if it si possible how do I
make the setup permanent?

Currently the trunk0 interface works with IPv4
address and has the following setup:
$ cat /etc/hostname.bge0
up
$ cat
/etc/hostname.bge1
up
$ cat /etc/hostname.trunk0 
trunkproto failover
trunkport bge0 trunkport bge1 192.168.18.133 netmask 255.255.255.0
$  ifconfig
bge0: flags=8b43 mtu
1500
lladdr 00:00:00:00:00:00
priority: 0
trunk:
trunkdev trunk0
media: Ethernet autoselect (1000baseT full-duplex)
status: active
inet6 fe80::225:64ff:fe3b:a6e7%bge0 prefixlen
64 scopeid 0x1
bge1:
flags=8b43 mtu 1500
lladdr 00:00:00:00:00:00
priority: 0
trunk: trunkdev
trunk0
media: Ethernet autoselect (none)
status: no carrier
inet6 fe80::225:64ff:fe3b:a6e6%bge1 prefixlen 64 scopeid 0x2
trunk0:
flags=8843 mtu 1500
lladdr
00:25:64:3b:a6:e6
priority: 0
trunk: trunkproto failover
trunkport bge1 
trunkport bge0 master,active
groups: trunk egress
media: Ethernet autoselect
   
status: active
inet 192.168.18.133 netmask 0xff00 broadcast
192.168.18.255
inet6 fe80::225:64ff:fe3b:a6e6%trunk0 prefixlen 64
scopeid 0x5


The solution I can think of is to modify the file
/etc/hostname.trunk0 such that it will look like this:
trunkproto failover
trunkport bge0 trunkport bge1 192.168.18.133 netmask 255.255.255.0
inet6
2e03:5a80:0:4::133 prefixlen 64

! route add -inet6 default2e03:5a80:0:4::1
In this way I hope trunk0 interface will be bounded to ip4 and ip6 address.
Is this the correct setup or the solution is wrong?

Thank you very much.

The
system is OpenBSD 5.1 amd64 smp


Bogdan

Re: release failing to build. hardware related?

[Dan Harnett]

On Wed, May 16, 2012 at 10:05:18AM +0200, Marc Peters wrote:
> /tmp # cat /etc/disktab
> 
> #   $OpenBSD: disktab,v 1.21 2010/10/19 20:23:53 deraadt Exp $
> 
> floppy288|3in|3.5in High Density Floppy, 2.88MB:\
> :dt=floppy:ty=floppy:se#512:nt#2:rm#300:ns#36:nc#80:\
> :pa#5760:oa#0:ba#4096:fa#512:ta=4.2BSD: \
> :pb#5760:ob#0:\
> :pc#5760:oc#0:
[...]


You have the disktab file from the i386 arch installed on a amd64
system.

Re: release failing to build. hardware related?

[Antoine Jacoutot]

On Wed, May 16, 2012 at 10:05:18AM +0200, Marc Peters wrote:
> On 05/15/2012 05:43 PM, Otto Moerbeek wrote:
> > On Tue, May 15, 2012 at 11:35:59AM -0400, Ted Unangst wrote:
> > 
> >> On Tue, May 15, 2012 at 17:03, Marc Peters wrote:
> >>> Hi list,
> >>>
> >>> i am trying to built a 5.1 release which fails at
> >>
> >>> disklabel -w vnd0 floppy576
> >>> disklabel: unknown disk type: floppy576
> >>
> >> Your /etc/disklabel is missing something.
> > 
> > In other words, incomplete ugrade. See upgrade guide: 
> > http://www.openbsd.org/faq/upgrade51.html
> > 
> > -Otto
> > 
> 
> Thanks for enlightening me :).
> 
> I wonder, why sysmerge is failing on me:
> 
> root@router
> /tmp # sysmerge -s etc51.tgz -x xetc51.tgz
> ===> Populating temporary root under /var/tmp/sysmerge.iQVVtZVllw/temproot
> ===> Starting comparison
> ===> Comparison complete
> ===> Checking directory hierarchy permissions (running mtree(8))
> ===> Removing /var/tmp/sysmerge.iQVVtZVllw
> root@router
> /tmp # ls /etc/disktab
> 
> /etc/disktab
> root@router
> /tmp # cat /etc/disktab
> 
> #   $OpenBSD: disktab,v 1.21 2010/10/19 20:23:53 deraadt Exp $
> 
> floppy288|3in|3.5in High Density Floppy, 2.88MB:\
> :dt=floppy:ty=floppy:se#512:nt#2:rm#300:ns#36:nc#80:\
> :pa#5760:oa#0:ba#4096:fa#512:ta=4.2BSD: \
> :pb#5760:ob#0:\
> :pc#5760:oc#0:
> 
> floppy|floppy3|3in|3.5in High Density Floppy:\
> :dt=floppy:ty=floppy:se#512:nt#2:rm#300:ns#18:nc#80:\
> :pa#2880:oa#0:ba#4096:fa#512:ta=4.2BSD: \
> :pb#2880:ob#0:\
> :pc#2880:oc#0:
> 
> floppy5|5in|5.25in High Density Floppy:\
> :dt=floppy:ty=floppy:se#512:nt#2:rm#300:ns#15:nc#80:\
> :pa#2400:oa#0:ba#4096:fa#512:ta=4.2BSD: \
> :pb#2400:ob#0:bb#4096:fb#512:\
> :pc#2400:oc#0:bc#4096:fc#512:
> 
> rdroot|ramdiskroot|RAM-disk root FS image:\
> :ty=ramdisk:se#512:nt#2:ns#128:nc#16:\
> :pa#3872:oa#0:ta=4.2BSD:ba#4096:fa#512:\
> :pb#0:ob#0:tb=swap:\
> :pc#3872:oc#0:
> root@router
> /tmp # tar -xzf etc51.tgz ./etc/disktab
> root@router
> /tmp # cat etc/disktab
> #   $OpenBSD: disktab,v 1.11 2010/07/06 08:26:23 pirofti Exp $
> 
> floppy576|3in|3.5in High Density Floppy, 5.76MB:\
> :dt=floppy:ty=floppy:se#512:nt#2:rm#300:ns#36:nc#160:\
> :pa#11520:oa#0:ba#4096:fa#512:ta=4.2BSD: \
> :pb#11520:ob#0:\
> :pc#11520:oc#0:
> 
> floppy288|3in|3.5in High Density Floppy, 2.88MB:\
> :dt=floppy:ty=floppy:se#512:nt#2:rm#300:ns#36:nc#80:\
> :pa#5760:oa#0:ba#4096:fa#512:ta=4.2BSD: \
> :pb#5760:ob#0:\
> :pc#5760:oc#0:
> 
> floppy|floppy3|3in|3.5in High Density Floppy:\
> :dt=floppy:ty=floppy:se#512:nt#2:rm#300:ns#18:nc#80:\
> :pa#2880:oa#0:ba#4096:fa#512:ta=4.2BSD: \
> :pb#2880:ob#0:\
> :pc#2880:oc#0:
> 
> rdroot|ramdiskroot|RAM-disk root FS image:\
> :ty=ramdisk:se#512:nt#2:ns#140:nc#16:\
> :pa#4480:oa#0:ta=4.2BSD:ba#4480:fa#512:\
> :pb#0:ob#0:tb=swap:\
> :pc#4480:oc#0:
> 
> Shouldn't sysmerge at least ask what to do with the differing files? Am
> i doing something?

No, not if you told sysmerge in the past to not update the file. I will then 
only ask you again if the file in the sets has changed.
The rationnal is that you don't want sysmerge to always ask you to update a 
file that you already said you didn't want to update (because you have local 
changes or whatever); sysmerge will only ask you again if you want to update 
the file if it has changed in the sets since the last time you said 'no'.
But you can force a full comparison using `-d' as per sysmerge(8).

-- 
Antoine

Re: update http://www.openbsdsupport.org/

[Todd Alan Smith]

On Wed, May 16, 2012 at 3:03 AM, Wesley  wrote:
> Hi,
>
> OpenBSD FAQ is a very good starting point.
> But it will be famous if http://www.openbsdsupport.org/ can be updated.

>From that page:

Note: The content published here in no way implies that the OpenBSD
project or any member of the OpenBSD team sanctions or approves of
such use. Do not complain to them if you find anything obsolete here.
If you do find it unusable, inexact, obsolete or simply bad, then your
help would be welcome to make it better. Send in your new document.

Re: release failing to build. hardware related?

[Marc Peters]

On 05/15/2012 05:43 PM, Otto Moerbeek wrote:
> On Tue, May 15, 2012 at 11:35:59AM -0400, Ted Unangst wrote:
> 
>> On Tue, May 15, 2012 at 17:03, Marc Peters wrote:
>>> Hi list,
>>>
>>> i am trying to built a 5.1 release which fails at
>>
>>> disklabel -w vnd0 floppy576
>>> disklabel: unknown disk type: floppy576
>>
>> Your /etc/disklabel is missing something.
> 
> In other words, incomplete ugrade. See upgrade guide: 
> http://www.openbsd.org/faq/upgrade51.html
> 
>   -Otto
> 

Thanks for enlightening me :).

I wonder, why sysmerge is failing on me:

root@router
/tmp # sysmerge -s etc51.tgz -x xetc51.tgz
===> Populating temporary root under /var/tmp/sysmerge.iQVVtZVllw/temproot
===> Starting comparison
===> Comparison complete
===> Checking directory hierarchy permissions (running mtree(8))
===> Removing /var/tmp/sysmerge.iQVVtZVllw
root@router
/tmp # ls /etc/disktab

/etc/disktab
root@router
/tmp # cat /etc/disktab

#   $OpenBSD: disktab,v 1.21 2010/10/19 20:23:53 deraadt Exp $

floppy288|3in|3.5in High Density Floppy, 2.88MB:\
:dt=floppy:ty=floppy:se#512:nt#2:rm#300:ns#36:nc#80:\
:pa#5760:oa#0:ba#4096:fa#512:ta=4.2BSD: \
:pb#5760:ob#0:\
:pc#5760:oc#0:

floppy|floppy3|3in|3.5in High Density Floppy:\
:dt=floppy:ty=floppy:se#512:nt#2:rm#300:ns#18:nc#80:\
:pa#2880:oa#0:ba#4096:fa#512:ta=4.2BSD: \
:pb#2880:ob#0:\
:pc#2880:oc#0:

floppy5|5in|5.25in High Density Floppy:\
:dt=floppy:ty=floppy:se#512:nt#2:rm#300:ns#15:nc#80:\
:pa#2400:oa#0:ba#4096:fa#512:ta=4.2BSD: \
:pb#2400:ob#0:bb#4096:fb#512:\
:pc#2400:oc#0:bc#4096:fc#512:

rdroot|ramdiskroot|RAM-disk root FS image:\
:ty=ramdisk:se#512:nt#2:ns#128:nc#16:\
:pa#3872:oa#0:ta=4.2BSD:ba#4096:fa#512:\
:pb#0:ob#0:tb=swap:\
:pc#3872:oc#0:
root@router
/tmp # tar -xzf etc51.tgz ./etc/disktab
root@router
/tmp # cat etc/disktab
#   $OpenBSD: disktab,v 1.11 2010/07/06 08:26:23 pirofti Exp $

floppy576|3in|3.5in High Density Floppy, 5.76MB:\
:dt=floppy:ty=floppy:se#512:nt#2:rm#300:ns#36:nc#160:\
:pa#11520:oa#0:ba#4096:fa#512:ta=4.2BSD: \
:pb#11520:ob#0:\
:pc#11520:oc#0:

floppy288|3in|3.5in High Density Floppy, 2.88MB:\
:dt=floppy:ty=floppy:se#512:nt#2:rm#300:ns#36:nc#80:\
:pa#5760:oa#0:ba#4096:fa#512:ta=4.2BSD: \
:pb#5760:ob#0:\
:pc#5760:oc#0:

floppy|floppy3|3in|3.5in High Density Floppy:\
:dt=floppy:ty=floppy:se#512:nt#2:rm#300:ns#18:nc#80:\
:pa#2880:oa#0:ba#4096:fa#512:ta=4.2BSD: \
:pb#2880:ob#0:\
:pc#2880:oc#0:

rdroot|ramdiskroot|RAM-disk root FS image:\
:ty=ramdisk:se#512:nt#2:ns#140:nc#16:\
:pa#4480:oa#0:ta=4.2BSD:ba#4480:fa#512:\
:pb#0:ob#0:tb=swap:\
:pc#4480:oc#0:

Shouldn't sysmerge at least ask what to do with the differing files? Am
i doing something?

marc

Load balancing and fail-over

[Indunil Jayasooriya]

Hi,

I am looking for a Load balancing and fail-over setup. So I am working on
below 2 subjects


How can I do equal-cost multipath routing?

http://www.openbsd.org/faq/faq6.html



Load Balance Outgoing Traffic

http://www.openbsd.org/faq/pf/pools.html#outexample


My first question is how to do failover when one link goes down?

Can I do it with ping and ifstated ?

If yes, How to ping external internet host when that link is DOWN? I find
it difficult?

I tried it with below commands


ping -I WAN1_if_ip www.google.lk

ping -I WAN2_if_ip www.google.lk


Some times it works? some times it does NOT?

Could you pls explain why?


If it does NOT ping, How to do failover?


So, Now, I am trying with snmpwalk command. I think it is OKAY?  your
comments?

I found a URL here?

http://old.nabble.com/Re:-ifstated-and-ping-p15546523.html


Then, the other question is that when loadbalancing works as expected ,

I will have to send https via one link as described in Openbsd site.

Pls see below.

http://www.openbsd.org/faq/pf/pools.html#outexample

#  keep https traffic on a single connection; some web applications,
#  especially "secure" ones, don't allow it to change mid-session
pass in on $int_if proto tcp from $lan_net to port https \
route-to ($ext_if1 $ext_gw1)


Then, If that link goes down, when, failiver happnes, How to send that
https traffic via other link?

I think delete that rule and add another rule like this? am I right?

pass in on $int_if proto tcp from $lan_net to port https \
route-to ($ext_if2 $ext_gw2)


If I am right, How to delete the existing rule and add other rule when
failover happens?


Hope to hear from you.




-- 
Thank you
Indunil Jayasooriya

Re: Thank you for an awsome product...

[Tomas Bodzar]

On Wed, May 16, 2012 at 8:55 AM, Peter Laufenberg 
wrote:
> if you ssh from Windows try Bitvise Tunnelier instead of putty. If you ssh
from *nix... just use ssh.

Fine for individual use, problematic in bigger environment because of
license/price

>
> -- p
>
>> B  B  Hello, And thank you for an awsome product... B  B  B  B  B  B I am a
novice,
>>(just starting out in the linux/unix/bsd world), been a windows server guy
and
>>3d modeler/animator, graphic artist for the last 20 years.I was always
afraid
>>of unix, until recently, I purchased two sun netra x1's, a V100, & a V20z
from
>>ebay cheap with the hopes of learing this new world (for me anyway's) and
>>setting up a inexpensive render farm. B  B  B Being completely new to UNIX,
I
>>have learned LOM on these systems, and have successfully installed openBSD
on
>>these systems with little trouble. I of course did my homework on google,
and
>>there is a great deal of information on what to do. Trial and error, but I
>>have learned so much in the last couple of weeks. I can remote into these
>>systems with puTTY now that the network is setup. B  B  B I would like to
add,
>>this was the only OS that installed on my SPARC IIe systems without any
>>issues! I tried netBSD, freeBSD, and some other crap, and all error out
before
>>install starts. Solaris 11 Express installed fine, (for me a major learning
>>curve) but I learned from google forums. Unfortunatley, solaris 11 finale
>>release does not run on older architectures, and was removed. But I found
you
>>guys! B  B  B I just want to express my grattitude for all of your efforts,
and
>>when I can afford it, I will make some donations to help, (only working
part
>>time at the moment) I am really excited to have accesss to all of the low
cost
>>older servers and be able to implement them into a working secure
environment!
>>I love it!!! Thanks again for all of your hard work, I am sold, and will
>>continue to learn this, I am not affraid of Unix anymore!
>>Michael J. Summerfield
>>Cocoa Florida
>>Graphic Artist - 3D Modeler - 3D Content Provider
>>
>>
>>
>>
>>
>> http://www.turbosquid.com/Search/Artists/imagetek?referral=imagetek

Re: Thank you for an awsome product...

[Peter Laufenberg]

if you ssh from Windows try Bitvise Tunnelier instead of putty. If you ssh from 
*nix... just use ssh.

-- p

> Hello, And thank you for an awsome product...I am a novice,
>(just starting out in the linux/unix/bsd world), been a windows server guy and
>3d modeler/animator, graphic artist for the last 20 years.I was always afraid
>of unix, until recently, I purchased two sun netra x1's, a V100, & a V20z from
>ebay cheap with the hopes of learing this new world (for me anyway's) and
>setting up a inexpensive render farm.  Being completely new to UNIX, I
>have learned LOM on these systems, and have successfully installed openBSD on
>these systems with little trouble. I of course did my homework on google, and
>there is a great deal of information on what to do. Trial and error, but I
>have learned so much in the last couple of weeks. I can remote into these
>systems with puTTY now that the network is setup.  I would like to add,
>this was the only OS that installed on my SPARC IIe systems without any
>issues! I tried netBSD, freeBSD, and some other crap, and all error out before
>install starts. Solaris 11 Express installed fine, (for me a major learning
>curve) but I learned from google forums. Unfortunatley, solaris 11 finale
>release does not run on older architectures, and was removed. But I found you
>guys!  I just want to express my grattitude for all of your efforts, and
>when I can afford it, I will make some donations to help, (only working part
>time at the moment) I am really excited to have accesss to all of the low cost
>older servers and be able to implement them into a working secure environment!
>I love it!!! Thanks again for all of your hard work, I am sold, and will
>continue to learn this, I am not affraid of Unix anymore!
>Michael J. Summerfield
>Cocoa Florida
>Graphic Artist - 3D Modeler - 3D Content Provider
>
>
>
>
>
> http://www.turbosquid.com/Search/Artists/imagetek?referral=imagetek