Re: OpenBSD/iwn(4) support for WPA2/PEAP/MSCHAPv2?
On Wed, Jan 23, 2013 at 5:41 PM, Erling Westenvik
erling.westen...@gmail.com wrote:
I need to connect my ThinkPad T500 running 5.2 current to the wifi
network here at my university. E.g. the eduroam network which is
available at most universities through, at least, Europe. After Googling
around for a while I'm not sure whether OpenBSD yet has support for WPA2
and PEAP/MSCHAPv2. And if it does: if someone could provide me with a
sample ifconfig?
I haven't checked wpa_supplicant for a while, but you can find it in
ports and some people actually seem to use it with OpenBSD.
You can even find examples, the following is from a university in
Germany
(http://www.rz.rwth-aachen.de/aw/cms/rz/Themen/unsere_dienste/kommunikation/netzbetrieb/dienste/wlan/installation/~sib/openbsd/?lang=de):
network={
ssid=eduroam
key_mgmt=WPA-EAP
eap=TTLS
identity=tim-acco...@rwth-aachen.de
anonymous_identity=tim-acco...@rwth-aachen.de
password=PASSWORT-FÜR-TIM-ACCOUNT
ca_cert=/etc/certs/eduroam-chain.pem
phase2=auth=PAP
}
But, again, I haven't tested it myself.
Reyk
Re: OpenBSD/iwn(4) support for WPA2/PEAP/MSCHAPv2?
On 24 January 2013 10:45, Reyk Floeter r...@openbsd.org wrote:
On Wed, Jan 23, 2013 at 5:41 PM, Erling Westenvik
erling.westen...@gmail.com wrote:
I need to connect my ThinkPad T500 running 5.2 current to the wifi
network here at my university. E.g. the eduroam network which is
available at most universities through, at least, Europe. After Googling
around for a while I'm not sure whether OpenBSD yet has support for WPA2
and PEAP/MSCHAPv2. And if it does: if someone could provide me with a
sample ifconfig?
I haven't checked wpa_supplicant for a while, but you can find it in
ports and some people actually seem to use it with OpenBSD.
You can even find examples, the following is from a university in
Germany
(http://www.rz.rwth-aachen.de/aw/cms/rz/Themen/unsere_dienste/kommunikation/netzbetrieb/dienste/wlan/installation/~sib/openbsd/?lang=de):
network={
ssid=eduroam
key_mgmt=WPA-EAP
eap=TTLS
identity=tim-acco...@rwth-aachen.de
anonymous_identity=tim-acco...@rwth-aachen.de
password=PASSWORT-FÜR-TIM-ACCOUNT
ca_cert=/etc/certs/eduroam-chain.pem
phase2=auth=PAP
}
But, again, I haven't tested it myself.
Reyk
Interesting. Didn't know that works with wlan too. Thanks for the
info, although I am not able to test it in the near future.
--
Sincerely,
Ville Valkonen
integer divide fault trap on latest snapshot i386
Hi I got kernel panic after boot UP kernel inside my virtual machine with latest i386 snapshot (22 Jan 2013) while bsd.mp is ok. UP kernel from previous installed snapshot (14 July 2012) boot ok. http://ompldr.org/vaDdhNw/Screen%20Shot%202013-01-24%20at%201.06.11%20PM.png http://ompldr.org/vaDdhOA/Screen%20Shot%202013-01-24%20at%201.07.30%20PM.png P.S. VM configuration is following: 1 vCPU, 256 vRAM -- sergeyb@
Re: OpenBSD/iwn(4) support for WPA2/PEAP/MSCHAPv2?
On Thu, 24 Jan 2013, Reyk Floeter wrote: From: Reyk Floeter r...@openbsd.org To: Erling Westenvik erling.westen...@gmail.com Cc: Misc misc@openbsd.org Date: Thu, 24 Jan 2013 08:45:46 Subject: Re: OpenBSD/iwn(4) support for WPA2/PEAP/MSCHAPv2? On Wed, Jan 23, 2013 at 5:41 PM, Erling Westenvik erling.westen...@gmail.com wrote: I need to connect my ThinkPad T500 running 5.2 current to the wifi network here at my university. E.g. the eduroam network which is available at most universities through, at least, Europe. After Googling around for a while I'm not sure whether OpenBSD yet has support for WPA2 and PEAP/MSCHAPv2. And if it does: if someone could provide me with a sample ifconfig? I haven't checked wpa_supplicant for a while, but you can find it in ports and some people actually seem to use it with OpenBSD. ... Comments in the DESCR file for your port of wpa_supplicant state: wpa_supplicant is the implementation of an IEEE 802.1X supplicant. This port is for wired authentication only (Ethernet PAE) and does not support the wireless WPA/WPA2 functionality. I tried using the example from Aachen to try to get wireless WPA/WPA2 to work. This was some time ago, but I never got it to work here. Of course that could well be a reflection on my lack of skills. The setup here is similar to that described by the original requestor. If I plug in a USB wireless device into my desktop and run a scan I see: anquetil.bath.ac.uk ?// ./wifiprobe rum0 wifiprobe: Wireless access selection for device: rum0 Available public networks . . . . . . . . . . score --- 1 BUCS-WiFi111 2 BTOpenzone 111 3 BTOpenzone 111 4 BUCS-WiFi111 Available secured networks --- 5 eduroam 111 6 eduroam 111 Select network 0 anquetil.bath.ac.uk ?// The BUCS-WiFi network is our unsecured network. You have to authenticate to use it. The BTOpenzone network is there for visitors to use if they can't access via eduroam. I believe you need an account to use BTOpenzone. -- Dennis Davis, BUCS, University of Bath, Bath, BA2 7AY, UK d.h.da...@bath.ac.uk Phone: +44 1225 386101
Re: Android mobile - OpenBSD IPSEC
On 2013-01-24, Jan Lambertz jd.arb...@googlemail.com wrote:
Hi,
Running OpenBSD 5.2 AMD64 release as homeserver.
Got Andoid 2.3 Samsung Mobile.
Want to connect via vpn IPSEC.
Config:
ike passive esp tunnel from any to any \
main auth hmac-sha1 enc des \
quick auth hmac-sha1 enc des \
srcid dstid (testted different things here without effect) \
psk test123
Also changed any to any to more concise settings, without effect.
local ip and peer any didnt help, too.
Jan 24 08:41:37 puffy isakmpd[10830]: attribute_unacceptable:
ENCRYPTION_ALGORITHM: got 3DES_CBC, expected DES_CBC
Jan 24 08:41:37 puffy isakmpd[10830]: attribute_unacceptable:
ENCRYPTION_ALGORITHM: got 3DES_CBC, expected DES_CBC
Jan 24 08:41:38 puffy isakmpd[10830]: responder_recv_HASH_SA_NONCE: peer
proposed invalid phase 2 IDs: initiator id 10.166.112.90, responder id
178.26.160.62
Jan 24 08:41:38 puffy isakmpd[10830]: dropped message from 89.204.138.90
port 51210 due to notification type INVALID_ID_INFORMATION
Jan 24 08:41:50 puffy isakmpd[10830]: responder_recv_HASH_SA_NONCE: peer
proposed invalid phase 2 IDs: initiator id 10.166.112.90, responder id
178.26.160.62
Jan 24 08:41:50 puffy isakmpd[10830]: dropped message from 89.204.138.90
port 51210 due to notification type INVALID_ID_INFORMATION
Jan 24 08:41:58 puffy isakmpd[10830]: responder_recv_HASH_SA_NONCE: peer
proposed invalid phase 2 IDs: initiator id 10.166.112.90, responder id
178.26.160.62
Jan 24 08:41:58 puffy isakmpd[10830]: dropped message from 89.204.138.90
port 51210 due to notification type INVALID_ID_INFORMATION
89.204.138.90 seems to be the mobile
10.166.112.90 ?? whats this ?
btw. im using the standard vpn client built in android. before i can
connect i have to enter a username / pw (not psk). is ipsec about username
/ pw stuff ? could find it anywhere in the manuals.
thanks
The standard Android vpn client uses l2tp/ipsec. Here are some files
from a working setup with Android 4.1.2; I'm pretty sure similar worked
with Android 3.x, no idea about 2.x.
/etc/ipsec.conf
ike passive esp transport \
proto udp from $SERVER_IP to any port 1701 \
main auth hmac-sha enc aes group modp1024 \
quick auth hmac-sha enc aes \
psk somepsk
.
/etc/npppd/npppd.conf
authentication LOCAL type local {
users-file /etc/npppd/npppd-users
}
tunnel L2TP_ipv4 protocol l2tp {
listen on $SERVER_IP
}
ipcp IPCP {
pool-address 172.28.15.128-172.28.15.255
dns-servers 172.28.15.2
}
interface pppx0 address 172.28.15.1 ipcp IPCP
bind tunnel from L2TP_ipv4 authenticated by LOCAL to pppx0
.
/etc/npppd/npppd-users
someuser:\
:password=blahblah:\
:framed-ip-address=172.28.15.50:
.
/etc/sysctl.conf
net.pipex.enable=1
net.inet.ip.forwarding=1
Re: Could this be a faulty NIC?
Ok, I fired up a connection both to the wireless and wired IPs, then ran du / continually. The interrupts on rl0 didn't register, but the interrupts on ral0 skyrocketed. On Thu, Jan 24, 2013 at 1:21 AM, Tomas Bodzar tomas.bod...@gmail.comwrote: On Wed, Jan 23, 2013 at 12:43 PM, Aaron Mason simplersolut...@gmail.com wrote: HI all Got an old HP Compaq NX9040 laptop that I've repurposed as a wireless client router running OpenBSD 5.1. I've installed a Ralink RT2560 wireless card I salvaged from a broken D-Link print server. The wireless has IP address 192.168.2.251, and the NIC has IP 172.16.1.254. My problem is if I connect to anything on the 172.16.1/24 network, even the router's NIC address, it drops out after a few minutes. If I connect to the wireless IP, it's rock solid. The onboard network card is a shitty Realtek 8139 card you find on most laptops. Could it just be that the onboard NIC's gone to the dogs, or could there be more at play here? I don't see any errors appear in dmesg when the dropout occurs. Try to look with netstat -i, netstat -s for interface or protocol errors. With vmstat -i or default screen of systat if there's not some interrupt storm. Full dmesg: OpenBSD 5.1 (GENERIC) #160: Sun Feb 12 09:46:33 MST 2012 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Celeron(R) M processor 1400MHz (GenuineIntel 686-class) 1.40 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,TM,SBF real mem = 233238528 (222MB) avail mem = 219344896 (209MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 07/07/04, BIOS32 rev. 0 @ 0xfd740, SMBIOS rev. 2.31 @ 0xdf010 (28 entries) bios0: vendor Hewlett-Packard version BF.04M1 date 07/07/2004 bios0: Hewlett-Packard \M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^?\M^? apm0 at bios0: Power Management spec V1.2 acpi at bios0 function 0x0 not configured pcibios0 at bios0: rev 2.1 @ 0xfd740/0x8c0 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdf20/192 (10 entries) pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82371FB ISA rev 0x00) pcibios0: PCI bus #3 is the last bus bios0: ROM list: 0xc/0xcc00! 0xcd000/0x1000 0xdf000/0x1000! 0xe/0x4000! cpu0 at mainbus0: (uniprocessor) pci0 at mainbus0 bus 0: configuration mode 1 (bios) mem address conflict 0xdf0/0x400 pchb0 at pci0 dev 0 function 0 Intel 82855GM Host rev 0x02 Intel 82855GM Memory rev 0x02 at pci0 dev 0 function 1 not configured Intel 82855GM Config rev 0x02 at pci0 dev 0 function 3 not configured vga1 at pci0 dev 2 function 0 Intel 82855GM Video rev 0x02 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) intagp0 at vga1 agp0 at intagp0: aperture at 0xe800, size 0x800 inteldrm0 at vga1: irq 10 drm0 at inteldrm0 Intel 82855GM Video rev 0x02 at pci0 dev 2 function 1 not configured uhci0 at pci0 dev 29 function 0 Intel 82801DB USB rev 0x03: irq 10 uhci1 at pci0 dev 29 function 1 Intel 82801DB USB rev 0x03: irq 11 uhci2 at pci0 dev 29 function 2 Intel 82801DB USB rev 0x03: couldn't map interrupt ehci0 at pci0 dev 29 function 7 Intel 82801DB USB rev 0x03: irq 11 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1 ppb0 at pci0 dev 30 function 0 Intel 82801BAM Hub-to-PCI rev 0x83 pci1 at ppb0 bus 1 mem address conflict 0xdf01000/0x1000 mem address conflict 0xdf02000/0x1000 rl0 at pci1 dev 0 function 0 Realtek 8139 rev 0x10: irq 10, address 00:c0:9f:57:68:77 rlphy0 at rl0 phy 0: RTL internal PHY cbb0 at pci1 dev 1 function 0 TI PCI1520 CardBus rev 0x01: couldn't map interrupt cbb1 at pci1 dev 1 function 1 TI PCI1520 CardBus rev 0x01: couldn't map interrupt ral0 at pci1 dev 6 function 0 Ralink RT2560 rev 0x01: irq 11, address 00:13:d3:73:00:bb ral0: MAC/BBP RT2560 (rev 0x04), RF RT2525 TI TSB43AB21 FireWire rev 0x00 at pci1 dev 7 function 0 not configured ichpcib0 at pci0 dev 31 function 0 Intel 82801DBM LPC rev 0x03: 24-bit timer at 3579545Hz pciide0 at pci0 dev 31 function 1 Intel 82801DBM IDE rev 0x03: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility pciide0: channel 0 disabled (no drives) atapiscsi0 at pciide0 channel 1 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: PHILIPS, CDRW/DVD CDD5263, UH89 ATAPI 5/cdrom removable cd0(pciide0:1:0): using PIO mode 4, DMA mode 2 ichiic0 at pci0 dev 31 function 3 Intel 82801DB SMBus rev 0x03: irq 5 iic0 at ichiic0 spdmem0 at iic0 addr 0x50: 256MB DDR SDRAM non-parity PC2100CL2.5 auich0 at pci0 dev 31 function 5 Intel 82801DB AC97 rev 0x03: irq 5, ICH4 AC97 ac97: codec id 0x43585430 (Conexant CXT48) ac97: codec features reserved, headphone, 18 bit DAC, 18 bit
Re: OpenBSD/iwn(4) support for WPA2/PEAP/MSCHAPv2?
Reyk Floeter r...@openbsd.org writes:
On Wed, Jan 23, 2013 at 5:41 PM, Erling Westenvik
erling.westen...@gmail.com wrote:
I need to connect my ThinkPad T500 running 5.2 current to the wifi
network here at my university. E.g. the eduroam network which is
available at most universities through, at least, Europe. After Googling
around for a while I'm not sure whether OpenBSD yet has support for WPA2
and PEAP/MSCHAPv2. And if it does: if someone could provide me with a
sample ifconfig?
I haven't checked wpa_supplicant for a while, but you can find it in
ports and some people actually seem to use it with OpenBSD.
You can even find examples, the following is from a university in
Germany
(http://www.rz.rwth-aachen.de/aw/cms/rz/Themen/unsere_dienste/kommunikation/netzbetrieb/dienste/wlan/installation/~sib/openbsd/?lang=de):
This webpage shows something that looks like a FreeBSD configuration,
only with s/Free/Open/.
network={
ssid=eduroam
key_mgmt=WPA-EAP
eap=TTLS
identity=tim-acco...@rwth-aachen.de
anonymous_identity=tim-acco...@rwth-aachen.de
password=PASSWORT-FÜR-TIM-ACCOUNT
ca_cert=/etc/certs/eduroam-chain.pem
phase2=auth=PAP
}
But, again, I haven't tested it myself.
I don't think they have either. :)
Reyk
--
Jérémie Courrèges-Anglas
GPG Key Fingerprint: 61DB D9A0 00A4 67CF 2A90 8961 6191 8FBF 06A1 1494
Re: OpenBSD/iwn(4) support for WPA2/PEAP/MSCHAPv2?
On Wed, Jan 23, 2013 at 08:37:29PM +0100, Gregor Best wrote: Web interfaces can be automated... I use the following to log into the unsecured WIFI at UPB: curl -k -F buttonClicked=4 -F username=FOO -F password=PASS https://webauth/login.html; Great! Thanks! : ) Erling
Re: OpenBSD/iwn(4) support for WPA2/PEAP/MSCHAPv2?
On Thu, Jan 24, 2013 at 08:57:50AM +0100, Alexander Hall wrote: When I need eduroam, I connect my android phone via usb/urndis and let the phone handle the WPA2 enterprise stuff. Yes, my Android phone connects to eduroam but I did not think about the possibility of connecting my laptop to the phone via usb. Would you mind to share your config for doing that? Erling
Re: OpenBSD/iwn(4) support for WPA2/PEAP/MSCHAPv2?
Erling Westenvik wrote: On Thu, Jan 24, 2013 at 08:57:50AM +0100, Alexander Hall wrote: When I need eduroam, I connect my android phone via usb/urndis and let the phone handle the WPA2 enterprise stuff. Yes, my Android phone connects to eduroam but I did not think about the possibility of connecting my laptop to the phone via usb. Would you mind to share your config for doing that? Last time I tried, it was like... - plug the usb cable - dhclient urndis0
Re: OpenBSD/iwn(4) support for WPA2/PEAP/MSCHAPv2?
wpa_supplicant is the implementation of an IEEE 802.1X supplicant.
This port is for wired authentication only (Ethernet PAE) and does
not support the wireless WPA/WPA2 functionality.
Well, might be true for openbsd, but I assume it is not.
On frebsd laptop I use it as prefered way to make connec-
tion.
network={
ssid=insert
scan_ssid=1
proto=RSN
pairwise=CCMP
key_mgmt=WPA-PSK
psk=insert
}
This differs from example I've seen on the thread, but works
flawlessly. To use it I just run it with:
wpa_supplicant -i wlan0 -c /etc/wpa_supplicant.conf -B
Best regards
Zoran
Re: Android mobile - OpenBSD IPSEC
Ohh i see. I totally missed the l2tp stuff. I thought android could do plain ipsec or ipsec with l2tp. I think things will flow now. Thank you
Re: OpenBSD/iwn(4) support for WPA2/PEAP/MSCHAPv2?
On Thu, Jan 24, 2013 at 10:47 AM, Dennis Davis d.h.da...@bath.ac.uk wrote: I haven't checked wpa_supplicant for a while, but you can find it in ports and some people actually seem to use it with OpenBSD. ... Comments in the DESCR file for your port of wpa_supplicant state: wpa_supplicant is the implementation of an IEEE 802.1X supplicant. This port is for wired authentication only (Ethernet PAE) and does not support the wireless WPA/WPA2 functionality. Yes, I know, I once made the port based on Jussi's work. The problem was that OpenBSD didn't support WPA at this point, only WEP, so wpa_supplicant was only useful for Ethernet PAE. But we have WPA now and the wpa_supplicant port was also updated. If the current version doesn't support OpenBSD's WPA ioctls yet, it should be possible to add them to get WPA Enterprise to work. Reyk
Shaping VLANs
Hi all, my setup is a firewall/router for a network in which I have a lot of VLANs. WAN connection is only one so bandwith is a concern. WAN connection is 10Mbit/s. Is there a way to shape N VLANs as a whole while having some other VLAN with a minimum guarantee ? I mean: - N VLANs share the bandwith with no limits nor guarantee (max 10Mbit/s cumulative) - a specific VLAN (104) get a minimum of 2Mbit/s (guaranteed) - another specific VLAN (105) get a minimum of 4Mbit/s (guaranteed) Every VLAN is permitted to get all the bandwith but 104 and 105 always can get their minimum. Please can you give some advice on how to configure hfsc to do this ? I cannot figure how to tell hfsc about the total bandwith to share between many interfaces Thanks in advanceLeonardo
Re: OpenBSD/iwn(4) support for WPA2/PEAP/MSCHAPv2?
On Thu, Jan 24, 2013 at 04:12:09PM +0100, Jérémie Courrèges-Anglas wrote: Last time I tried, it was like... - plug the usb cable - dhclient urndis0 That worked too. Thanks! ; ) Erling
usb sd1: second stage boot hangs loading kernel (i386/hp elitebook)
Hello misc@ Target machine is a work laptop so unfortunately I can't change the main bios settings or touch the main hard drive (sd0). I'm using the bios 'one time boot' menu to boot from an external 250Gb usb hard drive as sd1. First and second stage boot both load successfully (see below) but the second stage hangs when trying to load the kernel. Everything works if I boot /bsd from cd0a via 'boot -a' to put root and swap on sd1, but clearly this isn't ideal. I've tried a couple of different USB hard drives with the same result. Thanks in advance for any ideas or suggestions. Martin == Transcript of boot == sing drive 0, partition 3. Loading... probing: pc0 com0 pci mem[635K 3013M 992M a20=on] disk: hd0+ hd1+* OpenBSD/i386 BOOT 3.18 boot machine diskinfo DiskBIOS# TypeCyls Heads SecsFlags Checksum hd0 0x80label 1023 255 63 0x2 0xd30e9578 [external USB HD] hd1 0x81label 1022 255 63 0x0 0xf6c0c43e [internal HD] boot set OpenBSD/i386 BOOT 3.18 Addr0x0 howto device hd0a tty pc0 image /bsd timeout 0 db_console unset boot ls /bsd -rw-r--r-- 0,0 9045137 hd0a:/bsd boot boot booting hd0a:/bsd: / [hangs] = fdisk sd1 = Disk: sd1geometry: 30401/255/63 [488397168 Sectors] Offset: 0Signature: 0xAA55 Starting Ending LBA Info: #: id C H S - C H S [ start:size ] --- 0: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused 1: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused 2: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused *3: A6 0 1 2 - 30400 254 63 [ 64: 488392001 ] OpenBSD = disklabel sd1 = # /dev/rsd1c: type: SCSI disk: SCSI disk label: HM250HI duid: cfc615af6c04aea8 flags: bytes/sector: 512 sectors/track: 63 tracks/cylinder: 255 sectors/cylinder: 16065 cylinders: 30401 total sectors: 488397168 boundstart: 64 boundend: 488392065 drivedata: 0 16 partitions: #size offset fstype [fsize bsize cpg] a: 2097152 64 4.2BSD 2048 163841 # / b: 6697560 2097216swap # none c:4883971680 unused d: 8388576 8794784 4.2BSD 2048 163841 # /tmp e: 20735136 17183360 4.2BSD 2048 163841 # /var f: 4194304 37918496 4.2BSD 2048 163841 # /usr g: 2097152 42112800 4.2BSD 2048 163841 # /usr/X11R6 h: 20971520 44209952 4.2BSD 2048 163841 # /usr/local i: 4194304 65181472 4.2BSD 2048 163841 # /usr/src j: 4194304 69375776 4.2BSD 2048 163841 # /usr/obj k:414821888 73570112 4.2BSD 4096 327681 # /home dmesg (booted from cd0a) OpenBSD 5.2 (GENERIC) #278: Wed Aug 1 10:04:16 MDT 2012 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC RTC BIOS diagnostic error b5clock_battery,config_unit,memory_size,invalid_time cpu0: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz (GenuineIntel 686-class) 2.50 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36, CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,NXE,LONG,SSE3,PCLMUL,MWAI T,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,x2APIC,POPCN T,AES,XSAVE,AVX,LAHF real mem = 3160715264 (3014MB) avail mem = 3098234880 (2954MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 09/14/11, SMBIOS rev. 2.6 @ 0xbcd95000 (27 entries) bios0: vendor Hewlett-Packard version 68SCF Ver. F.27 date 06/14/2012 bios0: Hewlett-Packard HP EliteBook 8460p [...] pci0 at mainbus0 bus 0: configuration mode 1 (bios) [...] ehci1 at pci0 dev 29 function 0 Intel 6 Series USB rev 0x04: apic 0 int 16 usb1 at ehci1: USB revision 2.0 uhub1 at usb1 Intel EHCI root hub rev 2.00/1.00 addr 1 [...] ahci0 at pci0 dev 31 function 2 Intel 6 Series AHCI rev 0x04: msi, AHCI 1.3 scsibus0 at ahci0: 32 targets sd0 at scsibus0 targ 0 lun 0: ATA, SAMSUNG MZ7PC128, CXM0 SCSI3 0/direct fixed naa.5002538043584d30 sd0: 122104MB, 512 bytes/sector, 250069680 sectors, thin cd0 at scsibus0 targ 1 lun 0: hp, CDDVDW SN-208BB, HH03 ATAPI 5/cdrom removable [...] uhub5 at uhub1 port 1 Intel Rate Matching Hub rev 2.00/0.00 addr 2 umass0 at uhub5 port 2 configuration 1 interface 0 Iomega Storage rev 2.00/1.00 addr 3 umass0: using SCSI over Bulk-Only scsibus1 at umass0: 2 targets, initiator 0 sd1 at scsibus1 targ 1 lun 0: SAMSUNG, HM250HI, SCSI2 0/direct fixed serial.059b047019FC15231FFF sd1: 238475MB, 512 bytes/sector, 488397168 sectors [...] root device (default cd0a): sd1a swap device
Re: vether0
Steven Kovalsky [kovalsky1...@gmail.com] wrote: The need for additional nic (for nat) i created vether0 vether0 has 10.254.254.17/29 address On the other host set ip addres 10.254.254.18/29 From this host i can't ping 10.254.254.17 and from 10.254.254.17-10.254.254.18 net.inet.ip.forwarding=1 I need vether0 to nat vpn traffic to vpn concentrator Is it the right way? Probably not. vether is designed to be used as a member of a bridge interface, so that you can inject ethernet-framed packets into a bridge. Perhaps you want to look at tun or gre ?
Re: Arpresolve route without link local address
Hi, I added those two lines after block lines in my pf.conf: pass quick from (self) to 94.26.7.0/24 set queue b_ack pass quick from 94.26.7.0/24 to (self) set queue b_ack I'm still get the same error. Also I found that permanent static MAC disappear when dhclient recieve a leases from my ISP DHCP server. In fact every static MAC that I set is gone after dhclient leases. Is that normal? [ns]~$ cat /etc/ether.mac XX.XX.XX.33 00:50:45:5f:16:58 permanent 192.168.1.2 6c:f0:49:00:7f:9b permanent [ns]~$ sudo arp -da sudo arp -Ff /etc/ether.mac [ns]~$ arp -na ? (XX.XX.XX.33) at 00:50:45:5f:16:58 on em0 permanent static ? (192.168.1.2) at 6c:f0:49:00:7f:9b on vlan41 permanent static After 5 min, when dhclient recieve leases: [ns]~$ arp -na ? (XX.XX.XX.33) at 00:50:45:5f:16:58 on em0 ? (192.168.1.2) at 6c:f0:49:00:7f:9b on vlan41 Vlan41 is on top of em1. Shoud I report this behavior as bug? dmesg: OpenBSD 5.2-current (GENERIC) #19: Mon Jan 21 17:55:18 MST 2013 t...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC cpu0: AMD Athlon(TM) XP1600+ (AuthenticAMD 686-class, 256KB L2 cache) 1.42 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE,MMXX,3DNOW2,3DNOW real mem = 402112512 (383MB) avail mem = 384552960 (366MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 03/03/03, BIOS32 rev. 0 @ 0xf0d00, SMBIOS rev. 2.3 @ 0xf2bc0 (46 entries) bios0: vendor Award Software, Inc. version ASUS A7V266-C ACPI BIOS Rev 1014 date 03/03/2003 bios0: ASUSTeK Computer INC. A7V266-C apm0 at bios0: Power Management spec V1.2 acpi at bios0 function 0x0 not configured pcibios0 at bios0: rev 2.1 @ 0xf/0x1572 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf14b0/192 (10 entries) pcibios0: PCI Interrupt Router at 000:17:0 (VIA VT82C586 ISA rev 0x00) pcibios0: PCI bus #1 is the last bus bios0: ROM list: 0xc/0x8000 0xc8000/0x1000 0xcc000/0x1000 cpu0 at mainbus0: (uniprocessor) pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 VIA VT8366 PCI rev 0x00 viaagp0 at pchb0: v2 agp0 at viaagp0: aperture at 0xfe80, size 0xe40 ppb0 at pci0 dev 1 function 0 VIA VT8366 AGP rev 0x00 pci1 at ppb0 bus 1 vga1 at pci0 dev 12 function 0 S3 ViRGE DX/GX rev 0x01 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) em0 at pci0 dev 13 function 0 Intel PRO/1000MT (82540EM) rev 0x02: irq 11, address 00:07:e9:10:32:a8 em1 at pci0 dev 15 function 0 Intel PRO/1000MT (82540EM) rev 0x02: irq 10, address 00:07:e9:10:2a:20 viapm0 at pci0 dev 17 function 0 VIA VT8233A ISA rev 0x00: SMI iic0 at viapm0 lm1 at iic0 addr 0x2d: AS99127F viapm0: 24-bit timer at 3579545Hz pciide0 at pci0 dev 17 function 1 VIA VT82C571 IDE rev 0x06: ATA133, channel 0 configured to compatibility, channel 1 configured to compatibilit y wd0 at pciide0 channel 0 drive 0: WDC WD800JB-00ETA0 wd0: 16-sector PIO, LBA48, 76319MB, 156301488 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5 pciide0: channel 1 disabled (no drives) uhci0 at pci0 dev 17 function 2 VIA VT83C572 USB rev 0x23: irq 12 uhci1 at pci0 dev 17 function 3 VIA VT83C572 USB rev 0x23: irq 12 usb0 at uhci0: USB revision 1.0 uhub0 at usb0 VIA UHCI root hub rev 1.00/1.00 addr 1 usb1 at uhci1: USB revision 1.0 uhub1 at usb1 VIA UHCI root hub rev 1.00/1.00 addr 1 isa0 at mainbus0 isadma0 at isa0 com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo com0: console com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pcppi0 at isa0 port 0x61 spkr0 at pcppi0 npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 mtrr: Pentium Pro MTRR support vscsi0 at root scsibus0 at vscsi0: 256 targets softraid0 at root scsibus1 at softraid0: 256 targets root on wd0a swap on wd0b dump on wd0b
Re: OpenBSD/iwn(4) support for WPA2/PEAP/MSCHAPv2?
Erling Westenvik erling.westen...@gmail.com wrote: On Thu, Jan 24, 2013 at 08:57:50AM +0100, Alexander Hall wrote: When I need eduroam, I connect my android phone via usb/urndis and let the phone handle the WPA2 enterprise stuff. Yes, my Android phone connects to eduroam but I did not think about the possibility of connecting my laptop to the phone via usb. Would you mind to share your config for doing that? IIRC: 1. Enable tethering on the phone 2. Connect phone 3. sudo dhclient urndis0 Done. :-) /Alexander
Re: firefox crashes
On 01/23/13 01:43, Salil Wadnerkar wrote: Hi, On my amd64 machine, firefox crashes regularly after some time. [...] $ uname -a OpenBSD passport.my.domain 5.2 GENERIC.MP#17 amd64 I am on OpenBSD current and I have my system and packages updated just yesterday. Thanks Salil Your firefox does not crash by itself. It is wiped out by the system when the process size reaches the maximum memory size you allowed to be requested by your user. Already seen with 5.1, 5.2 and if what i'm remembering is correct 5.0. (No change made on any binaries). Memory size can increase a lot when using a lot of tabs at the same time, or after loading pages overloaded with crappy scripts for advertisement display. All this modulates the delay before firefox relaunch... Sorry for my poor english wording. Not my native language.
Re: getting apps en masse
there are ways, including pkg_add it seems that's not good enough, and i'm guessing it's because downloading-installing isn't parallelized... you can use other clients; ftp, http, rsync, afs (lol) to download packages On Thu, Jan 24, 2013 at 9:00 PM, John Newton johnnewto...@yahoo.com wrote: Sirs: Is there a way to download whole multipage chunks of the Apps from any of the mirrors? I need to study them at my leisure offline and the one-by-one method is tedious. Thanks from john
man -k sendmail in section 1
I noticed that apropos sendmail states that it is from Section 1 of the man pages, but it should be in Section 8. This is found on an AMD64 5.2 and also on the web interface. man 8 sendmail works, but man 1 sendmail doesn't (as expected). Chris
Re: Interface and trunking performance
Reply @Thomas Bodzar Why i386 on 12GB of RAM? Did you test amd64 and best option current? Because it's an old Xeon CPU which doesn't support amd64 instructions (only ia64). You think that 870Mbps is bad for 1Gbps card No, I don't. I Think it's quite low for an aggregation of two 1Gbps card (4Gbps throughput in FDx) Maybe you want to try roundrobin option of http://www.openbsd.org/cgi-bin/man.cgi?query=trunkapropos=0sektion=0manpath=OpenBSD \ +Currentarch=i386format=html to aggregate traffic instead of load balance or I \ don't understand. Load balance seems more appropriate because it's a smart algorithm based on @MAC src+dst, @IP src+dst and Vlan ID, like my switch when it's configured with base algorithm (advanced use src and dst port). But why not, round robin should work too. I've tried it but it's extremely slow (less than 100Mbps) maybe CPU usage ? As mentioned, I have also tried with LACP (configured on both side) without breaking the 870Mbps. Thanks for help. Reply @Robert Blacquiere trunk loadbalance ports handle traffic in a specific way. The logaritm is based on source - destination hashes by default and it keeps them over the a single interface, till interface is dropped. A loadbalance algorithm should split the traffic even if congestion doesn't occur. But it doesn't still work, if I use a tool like NetPerf the generated traffic should exceed the capacity of one GigCard, generate drops, and therefore use the second GigCard ? If you want to maximize thru put you need to use round robin logaritm on both ends. If you only do it on OpenBSD it will cause multiple links used for sending but selective for recieving. That's why my switch is also configured with aggregation, with an algorithm based on @MAC src+dst, @IP src+dst. And 870 Mbps is a respectible speed for a gig card. You are right, but for trunking (with loadbalance or LACP algorithm) it should be double. Thanks for help. I understand the doubts about my configuration, but the performance results through switches or with direct links between the two server was the same. Initially I doubted of my configuration on the OpenBSD side, but it was good according man trunk. After that I doubted of my configuration on the switches side, but it was good, the default algorithm is based on @MAC src+dst, @IP src+dst. So I have tested this other ways: With advanced algorithm based on @MAC src+dst, @IP src+dst, IP port src+dst on switch side and loadbalance on the OpenBSD side. Same results. With LACP (configured on both side). Same results. (LACP was well established). With Round Robin on OpenBSD side and default algorithm on switch side. Less than 100Mbps. Without switches, direct link between the two OpenBSD box. With Loadbalance, LACP, Round Robin, same results as previous tests. I considered that trunk driver wasn't working and tried with two separated direct link (see experiment 5). Same result ! Two separate links should work at 1Gbps each, not ~870Mbps in total (repartition was round 80/20). So it isn't the trunk driver, but a lower problem like em drivers. Or maybe, this is normal on OpenBSD to doesn't exceed ~870Mbps... ? Somebody has checked OpenBSD at higher speed, maybe with EM driver (Intel NIC) ? Thanks Xinform3n 2013/1/23 Robert Blacquiere open...@blacquiere.nl: On Tue, Jan 22, 2013 at 04:02:04PM +0100, Patrick Vultier wrote: Hi, I tried to use two OpenBSD systems as network load with iperf and netperf. Each server is equipped with two Intel dual NIC gigabit (plus one embedded gigabit NIC), two Xeon 3.2GHz H.T., 12GB RAM and OpenBSD 5.2 i386. My problem, I can't exceed ~ 870Mbps with multiple interface as reported in the experiments (see below). (PF was disabled for all experiment). Why am I blocked at ~ 1Gbps limit ? Is this normal ? EM drivers ? Kernel performance ? ... ? Thanks for your help. Xinform3n snip trunk loadbalance ports handle traffic in a specific way. The logaritm is based on source - destination hashes by default and it keeps them over the a single interface, till interface is dropped. If you want to maximize thru put you need to use round robin logaritm on both ends. If you only do it on OpenBSD it will cause multiple links used for sending but selective for recieving. And 870 Mbps is a respectible speed for a gig card. Regards Robert
