LibReSSL CHACHA20/POLY1305

[Renaud Allard]

Hello,

I am trying this on 5.6-stable.
Is there a way to list all POLY1305/CHACHA20 based ciphers which are 
enabled?


For example, if I try with RSA:
# openssl ciphers RSA
AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:IDEA-CBC-SHA:RC4-SHA:RC4-MD5:DES-CBC3-SHA:DES-CBC-SHA:NULL-SHA256:NULL-SHA:NULL-MD5

But with the others:
# openssl ciphers POLY1305
Error in cipher list1082963419196:error:1410D0B9:SSL 
routines:SSL_CTX_set_cipher_list:no cipher 
match:/usr/src/lib/libssl/ssl/../../libssl/src/ssl/ssl_lib.c:1312:

# openssl ciphers CHACHA20
Error in cipher list
32850802282556:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no 
cipher match:/usr/src/lib/libssl/ssl/../../libssl/src/ssl/ssl_lib.c:1312:


However, trying something like this works:
# openssl ciphers  ECDHE-ECDSA-CHACHA20-POLY1305
ECDHE-ECDSA-CHACHA20-POLY1305

The idea is to be able to enable them in configuration files of services 
without having to list them all by hand (which might change).


Thanks

Re: LibReSSL CHACHA20/POLY1305

[Renaud Allard]

Hello,

On 11/14/2014 09:04 AM, Renaud Allard wrote:

Hello,

I am trying this on 5.6-stable.
Is there a way to list all POLY1305/CHACHA20 based ciphers which are
enabled?

For example, if I try with RSA:
# openssl ciphers RSA
AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:IDEA-CBC-SHA:RC4-SHA:RC4-MD5:DES-CBC3-SHA:DES-CBC-SHA:NULL-SHA256:NULL-SHA:NULL-MD5


But with the others:
# openssl ciphers POLY1305
Error in cipher list1082963419196:error:1410D0B9:SSL
routines:SSL_CTX_set_cipher_list:no cipher
match:/usr/src/lib/libssl/ssl/../../libssl/src/ssl/ssl_lib.c:1312:
# openssl ciphers CHACHA20
Error in cipher list
32850802282556:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no
cipher match:/usr/src/lib/libssl/ssl/../../libssl/src/ssl/ssl_lib.c:1312:

However, trying something like this works:
# openssl ciphers  ECDHE-ECDSA-CHACHA20-POLY1305
ECDHE-ECDSA-CHACHA20-POLY1305

The idea is to be able to enable them in configuration files of services
without having to list them all by hand (which might change).

Thanks




Replying to my own mail...

Here is a patch:
--- lib/libssl/src/ssl/ssl_ciph.c.old   Fri Nov 14 09:30:56 2014
+++ lib/libssl/src/ssl/ssl_ciph.c   Fri Nov 14 09:49:47 2014
@@ -433,6 +433,10 @@
.name = SSL_TXT_CAMELLIA,
.algorithm_enc = SSL_CAMELLIA128|SSL_CAMELLIA256,
},
+   {
+   .name = SSL_TXT_CHACHA20,
+   .algorithm_enc = SSL_CHACHA20POLY1305,
+   },

/* MAC aliases */
{


Now openssl ciphers CHACHA20 works as intended
# openssl ciphers CHACHA20
ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305

Re: LibReSSL CHACHA20/POLY1305

[Jonathan Gray]

On Fri, Nov 14, 2014 at 10:04:16AM +0100, Renaud Allard wrote:
 Hello,
 
 On 11/14/2014 09:04 AM, Renaud Allard wrote:
 Hello,
 
 I am trying this on 5.6-stable.
 Is there a way to list all POLY1305/CHACHA20 based ciphers which are
 enabled?
 
 For example, if I try with RSA:
 # openssl ciphers RSA
 AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:IDEA-CBC-SHA:RC4-SHA:RC4-MD5:DES-CBC3-SHA:DES-CBC-SHA:NULL-SHA256:NULL-SHA:NULL-MD5
 
 
 But with the others:
 # openssl ciphers POLY1305
 Error in cipher list1082963419196:error:1410D0B9:SSL
 routines:SSL_CTX_set_cipher_list:no cipher
 match:/usr/src/lib/libssl/ssl/../../libssl/src/ssl/ssl_lib.c:1312:
 # openssl ciphers CHACHA20
 Error in cipher list
 32850802282556:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no
 cipher match:/usr/src/lib/libssl/ssl/../../libssl/src/ssl/ssl_lib.c:1312:
 
 However, trying something like this works:
 # openssl ciphers  ECDHE-ECDSA-CHACHA20-POLY1305
 ECDHE-ECDSA-CHACHA20-POLY1305
 
 The idea is to be able to enable them in configuration files of services
 without having to list them all by hand (which might change).
 
 Thanks
 
 
 
 Replying to my own mail...
 
 Here is a patch:
 --- lib/libssl/src/ssl/ssl_ciph.c.old   Fri Nov 14 09:30:56 2014
 +++ lib/libssl/src/ssl/ssl_ciph.c   Fri Nov 14 09:49:47 2014
 @@ -433,6 +433,10 @@
 .name = SSL_TXT_CAMELLIA,
 .algorithm_enc = SSL_CAMELLIA128|SSL_CAMELLIA256,
 },
 +   {
 +   .name = SSL_TXT_CHACHA20,
 +   .algorithm_enc = SSL_CHACHA20POLY1305,
 +   },
 
 /* MAC aliases */
 {
 
 
 Now openssl ciphers CHACHA20 works as intended
 # openssl ciphers CHACHA20
 ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305

This is already present in rev 1.68/-current
http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib/libssl/src/ssl/ssl_ciph.c.diff?r2=1.68r1=1.67f=u

Re: LibReSSL CHACHA20/POLY1305

[Renaud Allard]

On 11/14/2014 10:12 AM, Jonathan Gray wrote:


Now openssl ciphers CHACHA20 works as intended
# openssl ciphers CHACHA20
ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305


This is already present in rev 1.68/-current
http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib/libssl/src/ssl/ssl_ciph.c.diff?r2=1.68r1=1.67f=u



So now, I have set in nginx.conf this
ssl_ciphers !aNULL:AES256:AES128:CHACHA20:@STRENGTH;

But using sslscan, I still get:
FailedTLSv1  256 bits  ECDHE-ECDSA-CHACHA20-POLY1305

Is that somewhere else?

Re: LibReSSL CHACHA20/POLY1305

[Jérémie Courrèges-Anglas]

Renaud Allard ren...@allard.it writes:

 On 11/14/2014 10:12 AM, Jonathan Gray wrote:

 Now openssl ciphers CHACHA20 works as intended
 # openssl ciphers CHACHA20
 ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305

 This is already present in rev 1.68/-current
 http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib/libssl/src/ssl/ssl_ciph.c.diff?r2=1.68r1=1.67f=u


 So now, I have set in nginx.conf this
 ssl_ciphers !aNULL:AES256:AES128:CHACHA20:@STRENGTH;

 But using sslscan, I still get:
 FailedTLSv1  256 bits  ECDHE-ECDSA-CHACHA20-POLY1305

I guess it means that you didn't feed with nginx an ecdsa cert.

 Is that somewhere else?


-- 
jca | PGP: 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE

Re: LibReSSL CHACHA20/POLY1305

[Renaud Allard]

On 11/14/2014 01:28 PM, Jérémie Courrèges-Anglas wrote:

Renaud Allard ren...@allard.it writes:


On 11/14/2014 10:12 AM, Jonathan Gray wrote:

Now openssl ciphers CHACHA20 works as intended
# openssl ciphers CHACHA20
ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305

This is already present in rev 1.68/-current
http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib/libssl/src/ssl/ssl_ciph.c.diff?r2=1.68r1=1.67f=u



So now, I have set in nginx.conf this
 ssl_ciphers !aNULL:AES256:AES128:CHACHA20:@STRENGTH;

But using sslscan, I still get:
 FailedTLSv1  256 bits  ECDHE-ECDSA-CHACHA20-POLY1305

I guess it means that you didn't feed with nginx an ecdsa cert.


OK, indeed, but those ones are also failing:
FailedTLSv1  256 bits  ECDHE-RSA-CHACHA20-POLY1305
FailedTLSv1  256 bits  DHE-RSA-CHACHA20-POLY1305

And that one is working:
Accepted  TLSv1  256 bits  ECDHE-RSA-AES256-SHA

Temperature

[Etienne]

Hello list,

I seem to have a little hardware related problem. I have been using a
Lenovo x120e for some time, and OpenBSD ran nicely on it until April. As
soon as I upgraded to 5.5, and from quite early after kernel loading,
the console started showing and repeating at regular intervals:

 acpitz0: critical temperature reached 93C, shutting down
 acpithinkpad0: Unknown event 0x6022

(93C is just a typical value, I've seen any between 92 and 98). I
usually have just the time to log in before the system logs me out and
shuts down. This laptop normally runs at around 80°C, and I think the
temperature reading in OpenBSD is correct, because I get similar
warnings
and temperature values when I reboot immediately into another OS.

Booting on 5.6 bsd.rd and upgrading the system went fine, but as soon as
I restarted the system, the same situation happened. Feeling
adventurous,
I tried to disable acpitz* during the boot process, which made the
messages
go away. The system ran just below 100°C (as reported by sysctl) for
some time without any problem, until I didn't want to take the risk for
any longer and shut it down manually. I also have an x100e from the same
brand, quite similar even if older and slower, which does _NOT_ show the
same symptoms. I'm attaching the dmesg and sysctl hw.sensors output of
both
machines running 5.6.

Has anyone been running 5.5 and 5.6 on a x120e? Any clues on what I
should
do to diagnose the problem any better?

Cheers!

--
Étienne
OpenBSD 5.6 (GENERIC.MP) #333: Fri Aug  8 00:20:21 MDT 2014
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 1861025792 (1774MB)
avail mem = 1802760192 (1719MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.5 @ 0xf09b0 (43 entries)
bios0: vendor LENOVO version 6XET45WW (1.28 ) date 09/17/2010
bios0: LENOVO 35089CU
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP TCPA SSDT APIC MCFG HPET SLIC
acpi0: wakeup devices PB5_(S5) OHC0(S3) OHC1(S3) OHC2(S3) OHC3(S3) OHC4(S3) 
P2P_(S5) LID_(S3)
acpitimer0 at acpi0: 3579545 Hz, 32 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: AMD Athlon(tm) Neo X2 Dual Core Processor L335, 1597.30 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,CX16,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,3DNOWP
cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 256KB 64b/line 
16-way L2 cache
cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative
cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 199MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: AMD Athlon(tm) Neo X2 Dual Core Processor L335, 1596.00 MHz
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,CX16,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,3DNOWP
cpu1: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 256KB 64b/line 
16-way L2 cache
cpu1: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative
cpu1: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 21, 24 pins
acpimcfg0 at acpi0 addr 0xe000, bus 0-3
acpihpet0 at acpi0: 14318180 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 2 (PB5_)
acpiprt2 at acpi0: bus 4 (P2P_)
acpiprt3 at acpi0: bus 1 (AGP_)
acpiec0 at acpi0
acpicpu0 at acpi0: C3, C2, PSS
acpicpu1 at acpi0: PSS
acpitz0 at acpi0: critical temperature is 92 degC
acpibtn0 at acpi0: PWRB
acpibtn1 at acpi0: SLPB
acpithinkpad0 at acpi0
acpiac0 at acpi0: AC unit online
acpibat0 at acpi0: BAT1 model 42T4787 serial   626 oem SONY
acpibtn2 at acpi0: LID_
cpu0: PowerNow! K8 1597 MHz: speeds: 1600 800 MHz
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 AMD RS780 Host rev 0x00
ppb0 at pci0 dev 1 function 0 AMD RS780 PCIE rev 0x00
pci1 at ppb0 bus 1
radeondrm0 at pci1 dev 5 function 0 ATI Radeon HD 3200 rev 0x00
drm0 at radeondrm0
radeondrm0: apic 2 int 18
ppb1 at pci0 dev 5 function 0 AMD RS780 PCIE rev 0x00: msi
pci2 at ppb1 bus 2
re0 at pci2 dev 0 function 0 Realtek 8168 rev 0x03: RTL8168D/8111D (0x2800), 
msi, address c8:0a:a9:6a:6c:6b
rgephy0 at re0 phy 7: RTL8169S/8110S PHY, rev. 2
ppb2 at pci0 dev 6 function 0 AMD RS780 PCIE rev 0x00: msi
pci3 at ppb2 bus 3
Realtek 8192SE rev 0x10 at pci3 dev 0 function 0 not configured
ahci0 at pci0 dev 17 function 0 ATI SBx00 SATA rev 0x00: apic 2 int 22, AHCI 
1.1
scsibus1 at ahci0: 32 targets
sd0 at scsibus1 targ 0 lun 0: ATA, ST9250315AS, 0020 SCSI3 0/direct fixed 
naa.5000c50022882f8c
sd0: 238475MB, 512 bytes/sector, 488397168 sectors
ohci0 at pci0 dev 18 function 0 ATI SB700 USB rev 0x00: apic 2 int 16, 
version 1.0, legacy 

Re: Temperature

[Brian Callahan]

On 11/14/14 13:27, Etienne wrote:

Hello list,

I seem to have a little hardware related problem. I have been using a
Lenovo x120e for some time, and OpenBSD ran nicely on it until April. As
soon as I upgraded to 5.5, and from quite early after kernel loading,
the console started showing and repeating at regular intervals:

  acpitz0: critical temperature reached 93C, shutting down
  acpithinkpad0: Unknown event 0x6022

(93C is just a typical value, I've seen any between 92 and 98). I
usually have just the time to log in before the system logs me out and
shuts down. This laptop normally runs at around 80°C, and I think the
temperature reading in OpenBSD is correct, because I get similar
warnings
and temperature values when I reboot immediately into another OS.

Booting on 5.6 bsd.rd and upgrading the system went fine, but as soon as
I restarted the system, the same situation happened. Feeling
adventurous,
I tried to disable acpitz* during the boot process, which made the
messages
go away. The system ran just below 100°C (as reported by sysctl) for
some time without any problem, until I didn't want to take the risk for
any longer and shut it down manually. I also have an x100e from the same
brand, quite similar even if older and slower, which does _NOT_ show the
same symptoms. I'm attaching the dmesg and sysctl hw.sensors output of
both
machines running 5.6.

Has anyone been running 5.5 and 5.6 on a x120e? Any clues on what I
should
do to diagnose the problem any better?


I'm running OpenBSD -current on my X120e. Temperature is around 68-72C 
unless I'm doing something very CPU intensive (but then it never gets up 
higher than around 82C).


Not sure what to tell you to diagnose it.


Cheers!

--
Étienne
OpenBSD 5.6 (GENERIC.MP) #333: Fri Aug  8 00:20:21 MDT 2014
 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 1861025792 (1774MB)
avail mem = 1802760192 (1719MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.5 @ 0xf09b0 (43 entries)
bios0: vendor LENOVO version 6XET45WW (1.28 ) date 09/17/2010
bios0: LENOVO 35089CU
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP TCPA SSDT APIC MCFG HPET SLIC
acpi0: wakeup devices PB5_(S5) OHC0(S3) OHC1(S3) OHC2(S3) OHC3(S3) OHC4(S3) 
P2P_(S5) LID_(S3)
acpitimer0 at acpi0: 3579545 Hz, 32 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: AMD Athlon(tm) Neo X2 Dual Core Processor L335, 1597.30 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,CX16,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,3DNOWP
cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 256KB 64b/line 
16-way L2 cache
cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative
cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 199MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: AMD Athlon(tm) Neo X2 Dual Core Processor L335, 1596.00 MHz
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,CX16,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,3DNOWP
cpu1: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 256KB 64b/line 
16-way L2 cache
cpu1: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative
cpu1: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 21, 24 pins
acpimcfg0 at acpi0 addr 0xe000, bus 0-3
acpihpet0 at acpi0: 14318180 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 2 (PB5_)
acpiprt2 at acpi0: bus 4 (P2P_)
acpiprt3 at acpi0: bus 1 (AGP_)
acpiec0 at acpi0
acpicpu0 at acpi0: C3, C2, PSS
acpicpu1 at acpi0: PSS
acpitz0 at acpi0: critical temperature is 92 degC
acpibtn0 at acpi0: PWRB
acpibtn1 at acpi0: SLPB
acpithinkpad0 at acpi0
acpiac0 at acpi0: AC unit online
acpibat0 at acpi0: BAT1 model 42T4787 serial   626 oem SONY
acpibtn2 at acpi0: LID_
cpu0: PowerNow! K8 1597 MHz: speeds: 1600 800 MHz
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 AMD RS780 Host rev 0x00
ppb0 at pci0 dev 1 function 0 AMD RS780 PCIE rev 0x00
pci1 at ppb0 bus 1
radeondrm0 at pci1 dev 5 function 0 ATI Radeon HD 3200 rev 0x00
drm0 at radeondrm0
radeondrm0: apic 2 int 18
ppb1 at pci0 dev 5 function 0 AMD RS780 PCIE rev 0x00: msi
pci2 at ppb1 bus 2
re0 at pci2 dev 0 function 0 Realtek 8168 rev 0x03: RTL8168D/8111D (0x2800), 
msi, address c8:0a:a9:6a:6c:6b
rgephy0 at re0 phy 7: RTL8169S/8110S PHY, rev. 2
ppb2 at pci0 dev 6 function 0 AMD RS780 PCIE rev 0x00: msi
pci3 at ppb2 bus 3
Realtek 8192SE rev 0x10 at pci3 dev 0 function 0 not configured
ahci0 at pci0 dev 17 function 0 ATI SBx00 SATA rev 0x00: apic 2 int 22, AHCI 
1.1
scsibus1 at 

Re: Temperature

[Martin Brandenburg]

Etienne etienne.m...@magickarpet.org wrote:

 Hello list,
 
 I seem to have a little hardware related problem. I have been using a
 Lenovo x120e for some time, and OpenBSD ran nicely on it until April. As
 soon as I upgraded to 5.5, and from quite early after kernel loading,
 the console started showing and repeating at regular intervals:
 
  acpitz0: critical temperature reached 93C, shutting down
  acpithinkpad0: Unknown event 0x6022
 
 (93C is just a typical value, I've seen any between 92 and 98). I
 usually have just the time to log in before the system logs me out and
 shuts down. This laptop normally runs at around 80??C, and I think the
 temperature reading in OpenBSD is correct, because I get similar
 warnings
 and temperature values when I reboot immediately into another OS.
 
 Booting on 5.6 bsd.rd and upgrading the system went fine, but as soon as
 I restarted the system, the same situation happened. Feeling
 adventurous,
 I tried to disable acpitz* during the boot process, which made the
 messages
 go away. The system ran just below 100??C (as reported by sysctl) for
 some time without any problem, until I didn't want to take the risk for
 any longer and shut it down manually. I also have an x100e from the same
 brand, quite similar even if older and slower, which does _NOT_ show the
 same symptoms. I'm attaching the dmesg and sysctl hw.sensors output of
 both
 machines running 5.6.
 
 Has anyone been running 5.5 and 5.6 on a x120e? Any clues on what I
 should
 do to diagnose the problem any better?
 
 Cheers!
 

I have no trouble running 5.6 and had no trouble running 5.5 on my
x120e. Is your computer actually getting up to 92 degC? I do run with
apmd -L, which helps to reduce temperature, but that's still insane.

-- Martin

OpenBSD 5.6 (GENERIC.MP) #2: Tue Oct 28 11:13:59 CET 2014

r...@stable-56-amd64.mtier.org:/binpatchng/work-binpatch56-amd64/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 16736387072 (15961MB)
avail mem = 16282083328 (15527MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.6 @ 0xf9ba0 (60 entries)
bios0: vendor LENOVO version 8FET27WW (1.11 ) date 03/24/2011
bios0: LENOVO 0596CTO
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP SLIC HPET APIC MCFG UEFI UEFI SSDT SSDT UEFI
acpi0: wakeup devices PB4_(S4) PB5_(S4) PB6_(S4) PB7_(S4) OHC1(S3) EHC1(S3) 
OHC2(S3) EHC2(S3) OHC3(S3) EHC3(S3) OHC4(S3) SBAZ(S4) GEC_(S4) P2P_(S5) 
SPB0(S4) SPB1(S4) [...]
acpitimer0 at acpi0: 3579545 Hz, 32 bits
acpihpet0 at acpi0: 14318180 Hz
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: AMD E-350 Processor, 41193.33 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,MWAIT,SSSE3,CX16,POPCNT,NXE,MMXX,FFXSR,PAGE1GB,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,IBS,SKINIT,ITSC
cpu0: 32KB 64b/line 2-way I-cache, 32KB 64b/line 8-way D-cache, 512KB 64b/line 
16-way L2 cache
cpu0: 8 4MB entries fully associative
cpu0: DTLB 40 4KB entries fully associative, 8 4MB entries fully associative
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 199MHz
cpu0: mwait min=64, max=64, C-substates=0.0.0.0.0, IBE
cpu1 at mainbus0: apid 1 (application processor)
cpu1: AMD E-350 Processor, 1596.60 MHz
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,MWAIT,SSSE3,CX16,POPCNT,NXE,MMXX,FFXSR,PAGE1GB,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,IBS,SKINIT,ITSC
cpu1: 32KB 64b/line 2-way I-cache, 32KB 64b/line 8-way D-cache, 512KB 64b/line 
16-way L2 cache
cpu1: 8 4MB entries fully associative
cpu1: DTLB 40 4KB entries fully associative, 8 4MB entries fully associative
cpu1: smt 0, core 1, package 0
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 21, 24 pins
ioapic0: misconfigured as apic 0, remapped to apid 2
acpimcfg0 at acpi0 addr 0xf800, bus 0-31
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (PB4_)
acpiprt2 at acpi0: bus -1 (PB5_)
acpiprt3 at acpi0: bus 1 (PB6_)
acpiprt4 at acpi0: bus -1 (PB7_)
acpiprt5 at acpi0: bus 2 (P2P_)
acpiprt6 at acpi0: bus 3 (SPB0)
acpiprt7 at acpi0: bus -1 (SPB1)
acpiprt8 at acpi0: bus -1 (SPB2)
acpiprt9 at acpi0: bus -1 (SPB3)
acpiec0 at acpi0
acpicpu0 at acpi0: C2, PSS
acpicpu1 at acpi0: C2, PSS
acpitz0 at acpi0: critical temperature is 92 degC
acpibtn0 at acpi0: PWRB
acpibtn1 at acpi0: SLPB
acpithinkpad0 at acpi0
acpiac0 at acpi0: AC unit online
acpibat0 at acpi0: BAT1 model 42T4785 serial   223 type LION oem SANYO
acpibtn2 at acpi0: LID_
cpu0: 41193 MHz: speeds: 1600 1280 800 MHz
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 AMD AMD64 14h Host rev 0x00
radeondrm0 at pci0 dev 1 function 0 ATI Radeon HD 6310 rev 0x00
drm0 at radeondrm0
radeondrm0: msi
azalia0 at pci0 dev 1 function 1 ATI Radeon HD 6310 HD 

Re: Temperature

[Etienne]

On 2014-11-14 18:27, Etienne wrote:


Hello list,


Sorry for answering to myself, that was my first post and I didn't 
expect the attachements to be concatenated after my message. Please let 
me reformat:


x100e# dmesg
OpenBSD 5.6 (GENERIC.MP) #333: Fri Aug  8 00:20:21 MDT 2014
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 1861025792 (1774MB)
avail mem = 1802760192 (1719MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.5 @ 0xf09b0 (43 entries)
bios0: vendor LENOVO version 6XET45WW (1.28 ) date 09/17/2010
bios0: LENOVO 35089CU
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP TCPA SSDT APIC MCFG HPET SLIC
acpi0: wakeup devices PB5_(S5) OHC0(S3) OHC1(S3) OHC2(S3) OHC3(S3) 
OHC4(S3) P2P_(S5) LID_(S3)

acpitimer0 at acpi0: 3579545 Hz, 32 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: AMD Athlon(tm) Neo X2 Dual Core Processor L335, 1597.30 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,CX16,NXE,MMXX,FFXSR,LONG,

3DNOW2,3DNOW,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,3DNOWP
cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 256KB 
64b/line 16-way L2 cache
cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully 
associative
cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully 
associative

mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 199MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: AMD Athlon(tm) Neo X2 Dual Core Processor L335, 1596.00 MHz
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,CX16,NXE,MMXX,FFXSR,LONG,

3DNOW2,3DNOW,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,3DNOWP
cpu1: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 256KB 
64b/line 16-way L2 cache
cpu1: ITLB 32 4KB entries fully associative, 8 4MB entries fully 
associative
cpu1: DTLB 32 4KB entries fully associative, 8 4MB entries fully 
associative

ioapic0 at mainbus0: apid 2 pa 0xfec0, version 21, 24 pins
acpimcfg0 at acpi0 addr 0xe000, bus 0-3
acpihpet0 at acpi0: 14318180 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 2 (PB5_)
acpiprt2 at acpi0: bus 4 (P2P_)
acpiprt3 at acpi0: bus 1 (AGP_)
acpiec0 at acpi0
acpicpu0 at acpi0: C3, C2, PSS
acpicpu1 at acpi0: PSS
acpitz0 at acpi0: critical temperature is 92 degC
acpibtn0 at acpi0: PWRB
acpibtn1 at acpi0: SLPB
acpithinkpad0 at acpi0
acpiac0 at acpi0: AC unit online
acpibat0 at acpi0: BAT1 model 42T4787 serial   626 oem SONY
acpibtn2 at acpi0: LID_
cpu0: PowerNow! K8 1597 MHz: speeds: 1600 800 MHz
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 AMD RS780 Host rev 0x00
ppb0 at pci0 dev 1 function 0 AMD RS780 PCIE rev 0x00
pci1 at ppb0 bus 1
radeondrm0 at pci1 dev 5 function 0 ATI Radeon HD 3200 rev 0x00
drm0 at radeondrm0
radeondrm0: apic 2 int 18
ppb1 at pci0 dev 5 function 0 AMD RS780 PCIE rev 0x00: msi
pci2 at ppb1 bus 2
re0 at pci2 dev 0 function 0 Realtek 8168 rev 0x03: RTL8168D/8111D 
(0x2800), msi, address c8:0a:a9:6a:6c:6b

rgephy0 at re0 phy 7: RTL8169S/8110S PHY, rev. 2
ppb2 at pci0 dev 6 function 0 AMD RS780 PCIE rev 0x00: msi
pci3 at ppb2 bus 3
Realtek 8192SE rev 0x10 at pci3 dev 0 function 0 not configured
ahci0 at pci0 dev 17 function 0 ATI SBx00 SATA rev 0x00: apic 2 int 
22, AHCI 1.1

scsibus1 at ahci0: 32 targets
sd0 at scsibus1 targ 0 lun 0: ATA, ST9250315AS, 0020 SCSI3 0/direct 
fixed naa.5000c50022882f8c

sd0: 238475MB, 512 bytes/sector, 488397168 sectors
ohci0 at pci0 dev 18 function 0 ATI SB700 USB rev 0x00: apic 2 int 16, 
version 1.0, legacy support
ohci1 at pci0 dev 18 function 1 ATI SB700 USB rev 0x00: apic 2 int 16, 
version 1.0, legacy support

ehci0 at pci0 dev 18 function 2 ATI SB700 USB2 rev 0x00: apic 2 int 17
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 ATI EHCI root hub rev 2.00/1.00 addr 1
ohci2 at pci0 dev 19 function 0 ATI SB700 USB rev 0x00: apic 2 int 18, 
version 1.0, legacy support

ehci1 at pci0 dev 19 function 2 ATI SB700 USB2 rev 0x00: apic 2 int 19
usb1 at ehci1: USB revision 2.0
uhub1 at usb1 ATI EHCI root hub rev 2.00/1.00 addr 1
piixpm0 at pci0 dev 20 function 0 ATI SBx00 SMBus rev 0x3c: SMI
iic0 at piixpm0
spdmem0 at iic0 addr 0x51: 2GB DDR2 SDRAM non-parity PC2-5300CL5 SO-DIMM
azalia0 at pci0 dev 20 function 2 ATI SBx00 HD Audio rev 0x00: apic 2 
int 16

azalia0: codecs: Conexant/0x5066
audio0 at azalia0
pcib0 at pci0 dev 20 function 3 ATI SB700 ISA rev 0x00
ppb3 at pci0 dev 20 function 4 ATI SB600 PCI rev 0x00
pci4 at ppb3 bus 4
pchb1 at pci0 dev 24 function 0 AMD AMD64 0Fh HyperTransport rev 0x00
pchb2 at pci0 dev 24 function 1 AMD AMD64 0Fh Address Map rev 0x00
pchb3 at pci0 dev 24 function 2 AMD AMD64 0Fh DRAM Cfg rev 0x00
kate0 at pci0 dev 24 function 3 AMD AMD64 0Fh Misc Cfg rev 0x00: core 
rev BH-G2

usb2 at ohci0: USB revision 1.0
uhub2 at 

Re: Temperature

[trondd]

Did a fan die?  Or are you blocking the vent somehow?

I killed a laptop like that once by putting it on my lap.  Turned out the
fan vent was on the bottom and the laptop needed to be on a flat surface.
Usually called a desk.  So I don't know why it was classified as a laptop.
:)

Tim.

Re: LibReSSL CHACHA20/POLY1305

[Renaud Allard]

On 14/11/14 13:28, Jérémie Courrèges-Anglas wrote:
 Renaud Allard ren...@allard.it writes:

 On 11/14/2014 10:12 AM, Jonathan Gray wrote:
 Now openssl ciphers CHACHA20 works as intended
 # openssl ciphers CHACHA20

ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-PO
LY1305
 This is already present in rev 1.68/-current

http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib/libssl/src/ssl/ssl_ciph.c.di
ff?r2=1.68r1=1.67f=u


 So now, I have set in nginx.conf this
  ssl_ciphers !aNULL:AES256:AES128:CHACHA20:@STRENGTH;

 But using sslscan, I still get:
  FailedTLSv1  256 bits  ECDHE-ECDSA-CHACHA20-POLY1305
 I guess it means that you didn't feed with nginx an ecdsa cert.

It seems that the problem is in sslscan itself. When I use Qualys SSL
labs to test, it successfully lists CHACHA20 ciphers.

[demime 1.01d removed an attachment of type application/pkcs7-signature which 
had a name of smime.p7s]

Re: Temperature

[Etienne]

On 2014-11-14 18:56, Gregor Best wrote:


(93C is just a typical value, I've seen any between 92 and 98). I
usually have just the time to log in before the system logs me out and
shuts down. This laptop normally runs at around 80??C, and I think the
temperature reading in OpenBSD is correct, because I get similar
warnings
and temperature values when I reboot immediately into another OS.
[...]


So running on another OS for a longer time has the temperature of your
laptop staying at around 80C? That sounds awfully high. Maybe you just 
need
to clean out the fans and airways inside the laptop and the timing is 
just

a coincidence.

Just make sure the fan does not turn (by blocking it with a toothpick 
or

the like) when blowing compressed air through the case or vacuuming out
dustbunnies so the bearing does not get damaged.


Thanks everybody for the feedback and advices. I think it's fair to 
conclude my machine has a unique problem not related to the model (I 
bought it as a used machine, maybe the previous owner messed something). 
I'm still surprised by the 20°C difference between OpenBSD and Linux, 
and by the fact it was apparently working fine on 5.4.


I'll see how much I can clean it up/change the paste before trying 
anything else.


Cheers!

--
Étienne

Re: Temperature

[patrick keshishian]

Hi,

On 11/14/14, Etienne etienne.m...@magickarpet.org wrote:
 Hello list,

 I seem to have a little hardware related problem. I have been using a
 Lenovo x120e for some time, and OpenBSD ran nicely on it until April. As
 soon as I upgraded to 5.5, and from quite early after kernel loading,
 the console started showing and repeating at regular intervals:

  acpitz0: critical temperature reached 93C, shutting down
  acpithinkpad0: Unknown event 0x6022

I don't believe I have ever seen the issue you describe with
my x120e.

hw.vendor=LENOVO
hw.version=ThinkPad X120e

hw.sensors.acpitz0.temp0=75.00 degC (zone temperature)
hw.sensors.acpithinkpad0.temp0=75.00 degC
hw.sensors.acpithinkpad0.temp1=0.00 degC
hw.sensors.acpithinkpad0.temp2=75.00 degC
hw.sensors.acpithinkpad0.temp3=0.00 degC
hw.sensors.acpithinkpad0.temp4=0.00 degC
hw.sensors.acpithinkpad0.temp5=0.00 degC
hw.sensors.acpithinkpad0.temp6=27.00 degC
hw.sensors.acpithinkpad0.temp7=0.00 degC
hw.sensors.km0.temp0=75.88 degC

hw.sensors.acpithinkpad0.fan0=441 RPM


 (93C is just a typical value, I've seen any between 92 and 98). I
 usually have just the time to log in before the system logs me out and
 shuts down. This laptop normally runs at around 80°C, and I think the
 temperature reading in OpenBSD is correct, because I get similar
 warnings
 and temperature values when I reboot immediately into another OS.

That may be a hint that something may be wrong
with your cooling. Dust blockage, etc.


 Booting on 5.6 bsd.rd and upgrading the system went fine, but as soon as
 I restarted the system, the same situation happened. Feeling
 adventurous,
 I tried to disable acpitz* during the boot process, which made the
 messages
 go away. The system ran just below 100°C (as reported by sysctl) for
 some time without any problem, until I didn't want to take the risk for
 any longer and shut it down manually. I also have an x100e from the same
 brand, quite similar even if older and slower, which does _NOT_ show the
 same symptoms. I'm attaching the dmesg and sysctl hw.sensors output of
 both
 machines running 5.6.

 Has anyone been running 5.5 and 5.6 on a x120e? Any clues on what I
 should
 do to diagnose the problem any better?

As I say, I never have had this issue with x120e, which I've
been using for over 3 years with OpenBSD, mainly following
snapshots.

Running older snapshot atm:
$ sysctl kern.version
kern.version=OpenBSD 5.6-current (GENERIC.MP) #368: Tue Sep  9 00:28:20 MDT 2014
t...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP

I have a Gateway LT31 (?) that used to have similar issue as
you describe. After first cold boot, it would immediately
shutdown because of temperature warning. Next boot, it
would be fine.

However, since the last snapshot I put on it, from Sep. It
hasn't exhibited this behavior. Then again, the Gateway isn't
used much; so it could be that I've been lucky.

--patrick


 Cheers!

 --
 Étienne
 OpenBSD 5.6 (GENERIC.MP) #333: Fri Aug  8 00:20:21 MDT 2014
 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
 real mem = 1861025792 (1774MB)
 avail mem = 1802760192 (1719MB)
 mpath0 at root
 scsibus0 at mpath0: 256 targets
 mainbus0 at root
 bios0 at mainbus0: SMBIOS rev. 2.5 @ 0xf09b0 (43 entries)
 bios0: vendor LENOVO version 6XET45WW (1.28 ) date 09/17/2010
 bios0: LENOVO 35089CU
 acpi0 at bios0: rev 2
 acpi0: sleep states S0 S3 S4 S5
 acpi0: tables DSDT FACP TCPA SSDT APIC MCFG HPET SLIC
 acpi0: wakeup devices PB5_(S5) OHC0(S3) OHC1(S3) OHC2(S3) OHC3(S3) OHC4(S3)
 P2P_(S5) LID_(S3)
 acpitimer0 at acpi0: 3579545 Hz, 32 bits
 acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
 cpu0 at mainbus0: apid 0 (boot processor)
 cpu0: AMD Athlon(tm) Neo X2 Dual Core Processor L335, 1597.30 MHz
 cpu0:
 FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,CX16,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,3DNOWP
 cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 256KB
 64b/line 16-way L2 cache
 cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully
 associative
 cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully
 associative
 mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
 cpu0: apic clock running at 199MHz
 cpu1 at mainbus0: apid 1 (application processor)
 cpu1: AMD Athlon(tm) Neo X2 Dual Core Processor L335, 1596.00 MHz
 cpu1:
 FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,CX16,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,3DNOWP
 cpu1: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 256KB
 64b/line 16-way L2 cache
 cpu1: ITLB 32 4KB entries fully associative, 8 4MB entries fully
 associative
 cpu1: DTLB 32 4KB entries fully associative, 8 4MB entries fully
 associative
 ioapic0 at mainbus0: apid 2 pa 0xfec0, version 21, 24 pins
 acpimcfg0 at acpi0 addr 0xe000, bus 0-3
 acpihpet0 at 

Re: Temperature

[Mike Larkin]

On Fri, Nov 14, 2014 at 11:59:26AM -0800, patrick keshishian wrote:
 Hi,
 
 On 11/14/14, Etienne etienne.m...@magickarpet.org wrote:
  Hello list,
 
  I seem to have a little hardware related problem. I have been using a
  Lenovo x120e for some time, and OpenBSD ran nicely on it until April. As
  soon as I upgraded to 5.5, and from quite early after kernel loading,
  the console started showing and repeating at regular intervals:
 
   acpitz0: critical temperature reached 93C, shutting down
   acpithinkpad0: Unknown event 0x6022
 
 I don't believe I have ever seen the issue you describe with
 my x120e.
 
 hw.vendor=LENOVO
 hw.version=ThinkPad X120e
 
 hw.sensors.acpitz0.temp0=75.00 degC (zone temperature)
 hw.sensors.acpithinkpad0.temp0=75.00 degC
 hw.sensors.acpithinkpad0.temp1=0.00 degC
 hw.sensors.acpithinkpad0.temp2=75.00 degC
 hw.sensors.acpithinkpad0.temp3=0.00 degC
 hw.sensors.acpithinkpad0.temp4=0.00 degC
 hw.sensors.acpithinkpad0.temp5=0.00 degC
 hw.sensors.acpithinkpad0.temp6=27.00 degC
 hw.sensors.acpithinkpad0.temp7=0.00 degC
 hw.sensors.km0.temp0=75.88 degC
 
 hw.sensors.acpithinkpad0.fan0=441 RPM
 
 
  (93C is just a typical value, I've seen any between 92 and 98). I
  usually have just the time to log in before the system logs me out and
  shuts down. This laptop normally runs at around 80?C, and I think the
  temperature reading in OpenBSD is correct, because I get similar
  warnings
  and temperature values when I reboot immediately into another OS.
 
 That may be a hint that something may be wrong
 with your cooling. Dust blockage, etc.
 
 
  Booting on 5.6 bsd.rd and upgrading the system went fine, but as soon as
  I restarted the system, the same situation happened. Feeling
  adventurous,
  I tried to disable acpitz* during the boot process, which made the
  messages
  go away. The system ran just below 100?C (as reported by sysctl) for
  some time without any problem, until I didn't want to take the risk for
  any longer and shut it down manually. I also have an x100e from the same
  brand, quite similar even if older and slower, which does _NOT_ show the
  same symptoms. I'm attaching the dmesg and sysctl hw.sensors output of
  both
  machines running 5.6.
 
  Has anyone been running 5.5 and 5.6 on a x120e? Any clues on what I
  should
  do to diagnose the problem any better?
 
 As I say, I never have had this issue with x120e, which I've
 been using for over 3 years with OpenBSD, mainly following
 snapshots.
 
 Running older snapshot atm:
 $ sysctl kern.version
 kern.version=OpenBSD 5.6-current (GENERIC.MP) #368: Tue Sep  9 00:28:20 MDT 
 2014
 t...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
 
 I have a Gateway LT31 (?) that used to have similar issue as
 you describe. After first cold boot, it would immediately
 shutdown because of temperature warning. Next boot, it
 would be fine.
 
 However, since the last snapshot I put on it, from Sep. It
 hasn't exhibited this behavior. Then again, the Gateway isn't
 used much; so it could be that I've been lucky.
 

I fixed the bogus shutdowns at the last hackathon (the ones where acpitz(4) 
would
return temperatures in the 4000-5000K range).

-ml

 --patrick
 
 
  Cheers!
 
  --
  ?tienne
  OpenBSD 5.6 (GENERIC.MP) #333: Fri Aug  8 00:20:21 MDT 2014
  dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
  real mem = 1861025792 (1774MB)
  avail mem = 1802760192 (1719MB)
  mpath0 at root
  scsibus0 at mpath0: 256 targets
  mainbus0 at root
  bios0 at mainbus0: SMBIOS rev. 2.5 @ 0xf09b0 (43 entries)
  bios0: vendor LENOVO version 6XET45WW (1.28 ) date 09/17/2010
  bios0: LENOVO 35089CU
  acpi0 at bios0: rev 2
  acpi0: sleep states S0 S3 S4 S5
  acpi0: tables DSDT FACP TCPA SSDT APIC MCFG HPET SLIC
  acpi0: wakeup devices PB5_(S5) OHC0(S3) OHC1(S3) OHC2(S3) OHC3(S3) OHC4(S3)
  P2P_(S5) LID_(S3)
  acpitimer0 at acpi0: 3579545 Hz, 32 bits
  acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
  cpu0 at mainbus0: apid 0 (boot processor)
  cpu0: AMD Athlon(tm) Neo X2 Dual Core Processor L335, 1597.30 MHz
  cpu0:
  FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,CX16,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,3DNOWP
  cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 256KB
  64b/line 16-way L2 cache
  cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully
  associative
  cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully
  associative
  mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
  cpu0: apic clock running at 199MHz
  cpu1 at mainbus0: apid 1 (application processor)
  cpu1: AMD Athlon(tm) Neo X2 Dual Core Processor L335, 1596.00 MHz
  cpu1:
  FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,CX16,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,3DNOWP
  cpu1: 64KB 64b/line 2-way I-cache, 64KB 64b/line 

Re: Temperature

[patrick keshishian]

On 11/14/14, Mike Larkin mlar...@azathoth.net wrote:
 On Fri, Nov 14, 2014 at 11:59:26AM -0800, patrick keshishian wrote:
 Hi,

 On 11/14/14, Etienne etienne.m...@magickarpet.org wrote:
  Hello list,
 
  I seem to have a little hardware related problem. I have been using a
  Lenovo x120e for some time, and OpenBSD ran nicely on it until April.
  As
  soon as I upgraded to 5.5, and from quite early after kernel loading,
  the console started showing and repeating at regular intervals:
 
   acpitz0: critical temperature reached 93C, shutting down
   acpithinkpad0: Unknown event 0x6022

 I don't believe I have ever seen the issue you describe with
 my x120e.

 hw.vendor=LENOVO
 hw.version=ThinkPad X120e

 hw.sensors.acpitz0.temp0=75.00 degC (zone temperature)
 hw.sensors.acpithinkpad0.temp0=75.00 degC
 hw.sensors.acpithinkpad0.temp1=0.00 degC
 hw.sensors.acpithinkpad0.temp2=75.00 degC
 hw.sensors.acpithinkpad0.temp3=0.00 degC
 hw.sensors.acpithinkpad0.temp4=0.00 degC
 hw.sensors.acpithinkpad0.temp5=0.00 degC
 hw.sensors.acpithinkpad0.temp6=27.00 degC
 hw.sensors.acpithinkpad0.temp7=0.00 degC
 hw.sensors.km0.temp0=75.88 degC

 hw.sensors.acpithinkpad0.fan0=441 RPM


  (93C is just a typical value, I've seen any between 92 and 98). I
  usually have just the time to log in before the system logs me out and
  shuts down. This laptop normally runs at around 80?C, and I think the
  temperature reading in OpenBSD is correct, because I get similar
  warnings
  and temperature values when I reboot immediately into another OS.

 That may be a hint that something may be wrong
 with your cooling. Dust blockage, etc.


  Booting on 5.6 bsd.rd and upgrading the system went fine, but as soon
  as
  I restarted the system, the same situation happened. Feeling
  adventurous,
  I tried to disable acpitz* during the boot process, which made the
  messages
  go away. The system ran just below 100?C (as reported by sysctl) for
  some time without any problem, until I didn't want to take the risk for
  any longer and shut it down manually. I also have an x100e from the
  same
  brand, quite similar even if older and slower, which does _NOT_ show
  the
  same symptoms. I'm attaching the dmesg and sysctl hw.sensors output of
  both
  machines running 5.6.
 
  Has anyone been running 5.5 and 5.6 on a x120e? Any clues on what I
  should
  do to diagnose the problem any better?

 As I say, I never have had this issue with x120e, which I've
 been using for over 3 years with OpenBSD, mainly following
 snapshots.

 Running older snapshot atm:
 $ sysctl kern.version
 kern.version=OpenBSD 5.6-current (GENERIC.MP) #368: Tue Sep  9 00:28:20
 MDT 2014
 t...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP

 I have a Gateway LT31 (?) that used to have similar issue as
 you describe. After first cold boot, it would immediately
 shutdown because of temperature warning. Next boot, it
 would be fine.

 However, since the last snapshot I put on it, from Sep. It
 hasn't exhibited this behavior. Then again, the Gateway isn't
 used much; so it could be that I've been lucky.


 I fixed the bogus shutdowns at the last hackathon (the ones where acpitz(4)
 would
 return temperatures in the 4000-5000K range).

Nice!

--patrick

Contributing

[Jeremy]

Hello,

I very much believe the OpenBSD is important and needs support. I am not a
programmer, and I do not have money to donate. What other ways are there to
contribute?

I remember the website used to list ways to contribute in various ways, but
I can only seem to find monetary donations on the website now.

Could someone kindly steer me in the correct direction.

-Jeremy

Re: Contributing

[ian kremlin]

If you are fluent in two or more languages you might be able to help
out with translations. Bug-hunting (with proper reporting habits!) is
always appreciated too.

On Fri, Nov 14, 2014 at 6:33 PM, Jeremy dyr...@gmail.com wrote:
 Hello,

 I very much believe the OpenBSD is important and needs support. I am not a
 programmer, and I do not have money to donate. What other ways are there to
 contribute?

 I remember the website used to list ways to contribute in various ways, but
 I can only seem to find monetary donations on the website now.

 Could someone kindly steer me in the correct direction.

 -Jeremy

Re: Contributing

[Ted Unangst]

On Fri, Nov 14, 2014 at 18:37, ian kremlin wrote:
 If you are fluent in two or more languages you might be able to help
 out with translations. Bug-hunting (with proper reporting habits!) is
 always appreciated too.

I think the translation effort is dead. Better to help out by teaching
English to those who don't know it. :)

 I very much believe the OpenBSD is important and needs support. I am not a
 programmer, and I do not have money to donate. What other ways are there to
 contribute?

 I remember the website used to list ways to contribute in various ways, but
 I can only seem to find monetary donations on the website now.

Testing. I think people get caught up in what to test or how to
test, but it's pretty simple. Use OpenBSD for whatever you want to
use it for. The more people just using it, the more likely it will
just work for others too.

Or pick a random program out of /usr/bin. Read the man page. Do you
know what it does or are you confused?

Re: Contributing

[ag@gmail]

 On Nov 14, 2014, at 4:24 PM, Ted Unangst t...@tedunangst.com wrote:
 
 On Fri, Nov 14, 2014 at 18:37, ian kremlin wrote:
 If you are fluent in two or more languages you might be able to help
 out with translations. Bug-hunting (with proper reporting habits!) is
 always appreciated too.
 
 I think the translation effort is dead. Better to help out by teaching
 English to those who don't know it. :)

Yeah, that nicely sums up the l10n efforts. No offense to non-English speakers 
(I am too), but I feel the time spent in i18n and l10n efforts can be better 
utilized someone else. Heck, it's easy to learn English than aim for all 
language support.

 
 I very much believe the OpenBSD is important and needs support. I am not a
 programmer, and I do not have money to donate. What other ways are there to
 contribute?
 
 I remember the website used to list ways to contribute in various ways, but
 I can only seem to find monetary donations on the website now.
 
 Testing. I think people get caught up in what to test or how to
 test, but it's pretty simple. Use OpenBSD for whatever you want to
 use it for. The more people just using it, the more likely it will
 just work for others too.
 
 Or pick a random program out of /usr/bin. Read the man page. Do you
 know what it does or are you confused?

That's the best way to start.

-Amarendra

Concurrent L2TP/IPSEC connections for Windows Clients behind a shared NAT

[James McGoodwin]

Hi all,

I believe this is one of those “i think the answer is no, but need to ask”
situations.

We’ve built out an L2TP/IPSEC environment whose goal is to provide VDI access
to
subsidiaries and support client connections from  MacOS, Windows, Unix,
Linux,
et all.

For MacOS and *nix, client connections happening as expected with multiple
concurrent VPN sessions behind a single shared NAT device.

However Windows clients are limited to only one connection at a time.
Subsequent
connections cause the current session to die and be replaced by the new one.

Our environment details are below.
For the sake of siplicity, below are the configs for the PSK variant of our
RAS
environment.

Here's what I think is happening: Windows clients used a fixed source port
for
their outbound L2TP connections to VPN servers. And since L2TP is encypted
inside ESP, the NAT device cant translate the connection to some other
ephemeral port. So the connection looks like this:

[client]clientIP:UDP/1701 -- [office firewall]OfficeIP:UDP/1701 --
[Ras]SerivceIP:UDP/1701

Isakmpd reports this when multiple windows clients connect at once:

IPSEC Connections:
FLOWS:
flow esp in proto udp from OFFICE_IP port l2tp to RAS_IP port l2tp
peer OFFICE_IP srcid ras.rakuten-it.com type use
flow esp out proto udp from RAS_IP port l2tp to OFFICE_IP port l2tp
peer OFFICE_IP srcid ras.rakuten-it.com type require

SAD:
esp transport from OFFICE_IP to RAS_IP spi 0x2aa4e054 auth hmac-sha1
enc aes
esp transport from RAS_IP to OFFICE_IP spi 0x636b2bdd auth hmac-sha1
enc aes
esp transport from RAS_IP to OFFICE_IP spi 0xc38a28d8 auth hmac-sha1
enc aes
esp transport from OFFICE_IP to RAS_IP spi 0xc6612448 auth hmac-sha1
enc aes
esp transport from RAS_IP to OFFICE_IP spi 0xc83c49d6 auth hmac-sha1
enc aes
esp transport from OFFICE_IP to RAS_IP spi 0xea3ad136 auth hmac-sha1
enc aes

In short, many security associations (for each windows client) but only one
actual flow.

Isakmpd doesn’t have a way to distinguish between the connections as it
renegotiates
their keys.

As a result, when the ipsec session renegotiates it's keys, these sessions die
one by one until only a single session remains.


I've seen a number of discussions here and other places that describe just
this
problem: Windows Clients may have only one session at a time. Other OS types
are
fine.

One particular one that caught my attention was by Yasuoka Masahik three
years
ago:
http://openbsd.7691.n7.nabble.com/NPPPD-L2TP-IPsec-problems-td79729.html#a797
32


The thing I haven't found yet is what's a good approach to solving the
problem.

Is there a way to keep the L2TP/IPSEC vpn and also support windows?

Some configuration that I've overlooked?

Does iked handle NAT-T better than isakmpd for this scenario?



Thank you in advance for any advice offered. It's deeply deeply appreciated.



James McGoodwin

jmcgood...@kobo.com  |  www.kobo.com
135 Liberty St. Suite 101, Toronto ON, M6K 1Y7


-Environment Configurations --

Platform:
$  uname -a
OpenBSD mras1.rakuten-it.com 5.6 GENERIC#0 i386

isakmpd:
$  sudo cat /etc/ipsec.conf

ext_carp_ip=PUBLIC_IP_ADDRESS_OF_RAS_SERVICE

ike passive esp transport proto udp from $ext_carp_ip to any port 1701 \
main auth hmac-sha1 enc 3des group modp1024 \
quick auth hmac-sha1 enc aes \
psk redacted


npppd:
$  sudo cat /etc/npppd/npppd.conf
set user-max-session 5

authentication LOCAL_B type local {
users-file /etc/npppd/npppd-users
}

tunnel L2TP_ipv4 protocol l2tp {
listen on PUBLIC_IP_ADDRESS_OF_RAS_SERVICE
}

ipcp IPCP_B {
pool-address 192.168.128.2-192.168.191.254
dns-servers server1_ip server2_ip
}

interface tun0  address 192.168.128.1 ipcp IPCP_B
interface pppx0 address 192.168.128.1 ipcp IPCP_B

bind tunnel from L2TP_ipv4 authenticated by LOCAL_B to tun0

pf (fragments below) :
$ sudo cat /etc/pf.conf

nclude /etc/pf/macros.conf

set skip on { lo enc0 }
set limit states 10
set block-policy return

EXT_IF=bnx0
TUN0_IF=tun0

l2tp_port=1701
ipsec_ports={ 500, 4500 }
ipsec_isakmp_port=500
ipsec_nat_port=4500

ext_carp_ip=PUBLIC_IP_ADDRESS_OF_RAS_SERVICE
int_carp_ip=10.0.70.10
intra_net=10.0.0.0/8
VDI=10.90.0.0/19
l2tp_intra_net=192.168.64.0/18
l2tp_vdi_net=192.168.128.0/18

match in  on enc0 all scrub (no-df max-mss 1326)
match out on enc0 all scrub (no-df max-mss 1326)

match out log on $EXT_IF inet from !$EXT_IF to any nat-to $ext_carp_ip
match out log on $INT_IF inet from { $l2tp_intra_net $l2tp_vdi_net }
to $intra_net  nat-to $int_carp_ip

# ISAKMP and 

Re: Concurrent L2TP/IPSEC connections for Windows Clients behind a shared NAT

[Ryan Slack]

Is there any reason to not use iked and skip the whole L2TP bit?
I've found the built in Windows ikev2 VPN to work better then the older
L2TP.

Re: Static routing question

[Jon Radel]

On 11/10/14, 2:46 PM, Peter Hessler wrote:
 As I said before.

 _This_ _Is_ _Not_ _Possible_.

 Period.


Wellif you're doing bridging on the Linux setup you're trying to
replace, but don't realize it, forget to mention that the Cisco actually
*does* have an address in the /29 the Free/OpenBSD box lives on twice,
and then have a conceptual breakdown between layer 2 and layer 3, you
might end up where the OP is.  At least that's the conclusion I've
tentatively come to given the parallel conversation on
freebsd-questions.  :-)

I think he's trying to do a bump-on-the-wire firewall.

Here's OP's network diagram from freebsd-questions, with one correction
based on a later clarification:



  +---+
  | Cisco |
  +-+-+
|if: 189.92.72.9/29
|
|em0: 189.92.72.10/255.255.255.248
  +-+---+
  | FreeBSD |
  +-+---+
|em1: 189.92.72.11/255.255.255.248

|
|
  +-+--+
  | Switch |+-+
  ++|  MAIL   |
|---+-+
 bnx0: 189.72.92.12/255.255.255.248


Looks like a stereotypical bump-on-the-wire bridging firewall to me.

Dante:  see http://www.openbsd.org/faq/faq6.html#Bridge   And in OpenBSD
I'd address only one of the interfaces (or none of them if you wish to
increase security by forcing all management to be done from the
console).  And it's not routing.  So don't try to use routes.


--Jon Radel
j...@radel.com

[demime 1.01d removed an attachment of type application/pkcs7-signature which 
had a name of smime.p7s]