Re: amd64 OpenBSD 6.2 doesn't see hard disks when controller in RAID mode
Hi, On Wed, Oct 11, 2017, at 12:28, Eric Furman wrote: > > I disagree, but that's just my opinion. > And just because something is "a default BIOS configuration in all > modern > desktop computers" doesn't mean it's a good thing. > To add another case point, at least on his system (HP Z230) it's an option at all. I haven't tried openbsd yet but illumos has similar problem on my HP Z210 (older version of same series) with RAID mode. The only options available in BIOS are IDE or RAID mode.
Re: amd64 OpenBSD 6.2 doesn't see hard disks when controller in RAID mode
On Tue, Oct 10, 2017, at 04:29 PM, Rostislav Krasny wrote: > I think it's worth to be supported. The RAID mode of storage > controller seems to be a default BIOS configuration in all modern > desktop computers. I think most desktop users don't configure any real > RAID and continue to use their disks as separate devices. If at least > this RAID configuration is supported it would be a great progress. I disagree, but that's just my opinion. And just because something is "a default BIOS configuration in all modern desktop computers" doesn't mean it's a good thing.
Re: How to allow __set_tcb in pledge
Thank you for your answer! On 6 oct. 2017 à 20:13 +0200, Theo de Raadt , wrote: > > I'm trying to use pledge to protect a go program. > > > > The exec aborts with abort trap: core dump > > > > Ktrace and /var/log/messages say that the __set_tcb > > syscall is denied. > > > > Can I configure pledge to allow such syscall ? > > In post-6.2, this is now allowed. It wasn't allowed earlier > due to an oversight. After recompiling the kernel with STABLE 6.2, no such problem anymore. > > (Same question for mlock and mlockall) > > Uhm, those are not going to be allowed. They are precisely the > type of operations you should do before pledge. Ok, makes sense to set up the memory protection before indeed. Now I got another problem: - golang tries to set default socket options (see sockopt_bsd.go in go source) such as: syscall.SetsockoptInt(s, syscall.IPPROTO_IPV6, syscall.IPV6_V6ONLY, boolint(ipv6only)) - Boom, core dump with pledge. - And pledge source code has that cute « notyet » thingie: 1282 #ifdef notyet 1283 case IPV6_V6ONLY: 1284 #endif What does that mean ?... Regards, Stephane
Re: 6.2 starts nsd before slaacd binds ipv6 address
On Mon, Oct 09, 2017 at 06:31:06PM +, lists+m...@ggp2.com wrote: > Hello all - > > I don't feel this warrants a bug report, but nevertheless feel that this > behavior is inconsistent with the way dhclient works. I have a vultr there is a school of thought that says dhclient should not delay the boot process until it has a lease (or times out after what? 30 seconds?) > server running nsd/OpenBSD 6.2, and I suspect that the move to slaacd > from kernel code in 6.1 is what has broken my nsd config (it fails to > start on boot now). sure, you got lucky before, the kernel did the stateless address auto configuration dance faster and won the race against nsd. slaacd is losing. But if your router solicitations had been delayed nsd might have one the race against the kernel... > > Vultr uses dhcp/autoconf for ipv4/ipv6, and nsd worked perfectly on Uhm, no. vultr *supports* dhcp/autoconf. But they assign a static v4 address and a v6 /64 subnet from which you are free to choose any address(es) you want. They tell you that you get your gateway from router advertisements in v6. > OpenBSD 6.1. In my nsd.conf, I specify the outbound ipv4/ipv6 > addresses, and the idea is that the interface addresses are assigned > before nsd is started. This was the case in oBSD 6.1. However, in 6.2, > it seems that slaacd is assigning the ipv6 address after nsd starts. > This leads to error messages such as: > > nsd[15166]: xfrd: could not bind source address:port to socket: Can't assign > requested address > > I've gotten around this by using the ipv4 address for xfr's, and having > nsd listen on ::1@8053 (unbound has :53) for ipv6 & redirecting with pf. I would suggest to use static IPs for servers as a better work around. Also note that vultr gives you a full /64 v6 subnet, no need to dick around with different port numbers. Of course depends on what you are doing... > > I *think* the proper behavior should be that daemons wait on slaacd to > attempt to solicit/bind first, similar to dhclient. > ah, but it's not the daemons that wait, dhclient is delaying. > I do admit that I've been tinkering with ipv6 a lot lately and twisting > all the knobs, but hopefully this is helpful info as we transition more > ipv6 dominant internet. > -- I'm not entirely sure you are real.
Re: amd64 OpenBSD 6.2 doesn't see hard disks when controller in RAID mode
I think it's worth to be supported. The RAID mode of storage controller seems to be a default BIOS configuration in all modern desktop computers. I think most desktop users don't configure any real RAID and continue to use their disks as separate devices. If at least this RAID configuration is supported it would be a great progress. BTW attaching the dmesg output when booted from the 6.2 installation media in RAID mode. On Tue, Oct 10, 2017 at 10:08 PM, Theo de Raadt wrote: > This is kind of intentional, since noone has put effort into making > softraid understand the disk-binding logic found in the BIOS-RAID > sectors. Maybe we should reconsider, dunno. > >> I've just tried to install the amd64 OpenBSD 6.2 and it doesn't see >> hard disks when controller in RAID mode (BIOS configuration). If I >> change it to AHCI mode (in BIOS) it can see them. >> >> Although I don't use RAID capabilities I can't switch to the AHCI mode >> because I have Windows 7 installed when the storage controller was in >> RAID mode (default in my BIOS). >> >> Is it a know bug/limitation? Various Linuxes and FreeBSD 11.1 work >> properly with my disk controller and see all the disks, even in RAID >> mode. >> >> My hardware: >> HP Z230 desktop with Intel C226 chipset, Intel Core i7 4790 CPU and 16 >> GB of RAM. >> Hard disks: >> [1] 238GB SanDisk SD8SBAT256G1122 (SSD) >> [2] 931GB Western Digital WDC WD10EZEX-60M2NA0 (SATA) >> >> Installation media: >> install62.fs flashed on a USB drive. OpenBSD 6.2 (RAMDISK_CD) #132: Tue Oct 3 21:26:51 MDT 2017 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/RAMDISK_CD real mem = 16835059712 (16055MB) avail mem = 16321089536 (15565MB) mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xc08d2018 (85 entries) bios0: vendor Hewlett-Packard version "L51 v01.55" date 10/18/2016 bios0: Hewlett-Packard HP Z230 Tower Workstation acpi0 at bios0: rev 2 acpi0: tables DSDT FACP APIC FPDT SSDT SSDT SSDT MCFG HPET SSDT SSDT SSDT SLIC MSDM ASF! TCPA DMAR acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz, 3592.14 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SENSOR,ARAT cpu0: 256KB 64b/line 8-way L2 cache cpu0: TSC frequency 3592143080 Hz cpu0: apic clock running at 99MHz cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4, IBE cpu at mainbus0: not configured cpu at mainbus0: not configured cpu at mainbus0: not configured cpu at mainbus0: not configured cpu at mainbus0: not configured cpu at mainbus0: not configured cpu at mainbus0: not configured ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 1 (RP01) acpiprt2 at acpi0: bus 2 (RP04) acpiprt3 at acpi0: bus -1 (P0P2) acpiprt4 at acpi0: bus -1 (PEG0) acpiec0 at acpi0: not present acpicpu at acpi0 not configured acpipwrres at acpi0 not configured acpipwrres at acpi0 not configured acpitz at acpi0 not configured acpitz at acpi0 not configured "INT3F0D" at acpi0 not configured "PNP0F03" at acpi0 not configured "IFX0102" at acpi0 not configured "PNP0C0C" at acpi0 not configured "PNP0C14" at acpi0 not configured "PNP0C0B" at acpi0 not configured "PNP0C0B" at acpi0 not configured pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 "Intel Core 4G Host" rev 0x06 "Intel HD Graphics 4600" rev 0x06 at pci0 dev 2 function 0 not configured "Intel Core 4G HD Audio" rev 0x06 at pci0 dev 3 function 0 not configured xhci0 at pci0 dev 20 function 0 "Intel 8 Series xHCI" rev 0x05: msi usb0 at xhci0: USB revision 3.0 uhub0 at usb0 configuration 1 interface 0 "Intel xHCI root hub" rev 3.00/1.00 addr 1 em0 at pci0 dev 25 function 0 "Intel I217-LM" rev 0x05: msi, address c4:34:6b:5c:cc:16 ehci0 at pci0 dev 26 function 0 "Intel 8 Series USB" rev 0x05: apic 2 int 16 usb1 at ehci0: USB revision 2.0 uhub1 at usb1 configuration 1 interface 0 "Intel EHCI root hub" rev 2.00/1.00 addr 1 "Intel 8 Series HD Audio" rev 0x05 at pci0 dev 27 function 0 not configured ppb0 at pci0 dev 28 function 0 "Intel 8 Series PCIE" rev 0xd5: msi pci1 at ppb0 bus 1 ppb1 at pci0 dev 28 function 3 "Intel 8 Series PCIE" rev 0xd5: msi pci2 at ppb1 bus 2 ppb2 at pci2 dev 0 function 0 "ITExpress IT8893E PCIE-PCI" rev 0x52 pci3 at ppb2 bus 3 ehci1 at pci0 dev 29 function 0 "Intel 8 Series USB" rev 0x05: apic 2 int 23 usb2 at ehci1: USB revision 2.0 uhub2 at usb2 configuration 1 interface 0 "Intel EHCI root hub" rev 2.00/1.00 addr 1 "Intel C226 LPC" rev 0x05 at pci0 dev 31 function 0 not configured pciide0 at pci0 dev 31 function 2 "Intel 82801H RAID" rev 0x05: DMA, channel 0 wired to native-PCI, channel 1 wired to native-PC
Re: ftp.eu.openbsd.org
On Tue, Oct 10, 2017 at 08:08:56PM +0200, Tony Sarendal wrote: > Not looking so good. > > tonsar@jump0.swe1$ ftp ftp.eu.openbsd.org > Trying 193.156.26.18... > Connected to ftp.eu.openbsd.org (193.156.26.18). > 220 jj-prod-obsdmirror.inet6.se FTP server ready. > Name (ftp.eu.openbsd.org:tonsar): ftp > 331 Guest login ok, send your email address as password. > Password: > 230 Guest login ok, access restrictions apply. > Remote system type is UNIX. > Using binary mode to transfer files. > ftp> dir > 227 Entering Passive Mode (192,168,0,13,204,157) > ^C $ ftp ftp.eu.openbsd.org Trying 193.156.26.18... Connected to ftp.eu.openbsd.org. 220 jj-prod-obsdmirror.inet6.se FTP server ready. Name (ftp.eu.openbsd.org:juanfra): anonymous 331 Guest login ok, send your email address as password. Password: 230 Guest login ok, access restrictions apply. Remote system type is UNIX. Using binary mode to transfer files. ftp> ls 150 Opening ASCII mode data connection for '/bin/ls'. total 16 drwxr-xr-x 56 1001 5000 1024 Oct 10 20:31 OpenBSD lrwxr-xr-x 1 0 11 Aug 21 08:35 pub -> . 226 Transfer complete. Run the ftp client with the passive mode enabled. It's the default on OpenBSD. -- Juan Francisco Cantero Hurtado http://juanfra.info
Re: Trouble with VMM/VMD
On 10/10/17 11:57, Roar Waagsbø wrote: > Hi. > > Sorry. > > Its my first report. > > Im not even sure its a bug or if its me doing something wrong. > > The logs arent saying much either, besides the one line I posted. > > Roar > > On Oct 10, 2017 5:21 PM, "Mike Larkin" wrote: > >> On Tue, Oct 10, 2017 at 02:39:05PM +0200, Roar Waagsbř wrote: >>> Hi. >>> >>> I starting using openbsd a while back and I was told on #openbsd@freenode >>> that vmm was the way to go, and not use qemu. >>> >>> I want to use openbsd on my host machine. >>> >>> I setup two vms and it worked fine. >>> >>> After about a week I noticed that one of my vms was shutdown. >>> >>> I started it back up again and didnt give it much thought. >>> >>> After a few days my other vm was shut down. >>> >>> Then after a few days again both my vms was shutdown. >>> >>> Today I upgraded the host to a new -current snapshot (10/10/2017) >>> >>> And when I start my vm now, it says that it starts successfully, then >> after >>> a few seconds it is shutdown again. >>> >>> I started vmd with -d (tried -dv but it said that -v wasnt an options, >> even >>> though man vmd say so) >>> >>> And the only thing /var/log/daemon says was: >>> >>> vmd2: vm2 even trhead exited unexpectedly. >>> >>> Am I missing something? >>> >>> Or am I doing anything wrong? >>> >>> Regards Roar >> >> Your bug report is horrible. >> >> man sendbug >> >> -ml >> Roar, Let's start with this: * You said you are running -current (2017-10-10), which architecture (amd64 or i386)? A dmesg would be good. * What are your VM params (i.e. how did you start them)? Do you have a vm.conf file you can share? * What guest VMs are you running? * How many vmd's are you running? (asking because of the "vmd2: " line) There should be only one. If you are going to run vmd in the foreground, make sure no other vmd instances are running. I don't understand your comment about '-v' since not only is it present in the usage of vmd but also in the man page (man vmd). los@rollo:% doas vmd -h vmd: unknown option -- h usage: vmd [-dnv] [-D macro=value] [-f file] Either way, run vmd in the foreground with '-dvvv' as in: doas vmd -dvvv Once you're able to share all of that info then we can start the process of troubleshooting. +--+ Carlos
Re: amd64 OpenBSD 6.2 doesn't see hard disks when controller in RAID mode
This is kind of intentional, since noone has put effort into making softraid understand the disk-binding logic found in the BIOS-RAID sectors. Maybe we should reconsider, dunno. > I've just tried to install the amd64 OpenBSD 6.2 and it doesn't see > hard disks when controller in RAID mode (BIOS configuration). If I > change it to AHCI mode (in BIOS) it can see them. > > Although I don't use RAID capabilities I can't switch to the AHCI mode > because I have Windows 7 installed when the storage controller was in > RAID mode (default in my BIOS). > > Is it a know bug/limitation? Various Linuxes and FreeBSD 11.1 work > properly with my disk controller and see all the disks, even in RAID > mode. > > My hardware: > HP Z230 desktop with Intel C226 chipset, Intel Core i7 4790 CPU and 16 > GB of RAM. > Hard disks: > [1] 238GB SanDisk SD8SBAT256G1122 (SSD) > [2] 931GB Western Digital WDC WD10EZEX-60M2NA0 (SATA) > > Installation media: > install62.fs flashed on a USB drive. >
Re: Trouble with VMM/VMD
Hi. Sorry. Its my first report. Im not even sure its a bug or if its me doing something wrong. The logs arent saying much either, besides the one line I posted. Roar On Oct 10, 2017 5:21 PM, "Mike Larkin" wrote: > On Tue, Oct 10, 2017 at 02:39:05PM +0200, Roar Waagsbř wrote: > > Hi. > > > > I starting using openbsd a while back and I was told on #openbsd@freenode > > that vmm was the way to go, and not use qemu. > > > > I want to use openbsd on my host machine. > > > > I setup two vms and it worked fine. > > > > After about a week I noticed that one of my vms was shutdown. > > > > I started it back up again and didnt give it much thought. > > > > After a few days my other vm was shut down. > > > > Then after a few days again both my vms was shutdown. > > > > Today I upgraded the host to a new -current snapshot (10/10/2017) > > > > And when I start my vm now, it says that it starts successfully, then > after > > a few seconds it is shutdown again. > > > > I started vmd with -d (tried -dv but it said that -v wasnt an options, > even > > though man vmd say so) > > > > And the only thing /var/log/daemon says was: > > > > vmd2: vm2 even trhead exited unexpectedly. > > > > Am I missing something? > > > > Or am I doing anything wrong? > > > > Regards Roar > > Your bug report is horrible. > > man sendbug > > -ml >
ftp.eu.openbsd.org
Not looking so good. tonsar@jump0.swe1$ ftp ftp.eu.openbsd.org Trying 193.156.26.18... Connected to ftp.eu.openbsd.org (193.156.26.18). 220 jj-prod-obsdmirror.inet6.se FTP server ready. Name (ftp.eu.openbsd.org:tonsar): ftp 331 Guest login ok, send your email address as password. Password: 230 Guest login ok, access restrictions apply. Remote system type is UNIX. Using binary mode to transfer files. ftp> dir 227 Entering Passive Mode (192,168,0,13,204,157) ^C /T
Re: reordering libraries:/etc/rc[443]: ./test-ld.so: Permission denied
On Wed, 27 Sep 2017 21:43:48 -0500 > Why is this happening, and is there anything that I should do to > correct > The system has been getting more and more dynamic to make attackers fumble in the dark. > the "Permission denied" error? If you prefer then add: /sbin/mount -uo noexec /tmp to /etc/rc.local The new pledge powers that have been mentioned recently potentially make noexec more useful ;) I am moving all potentially problematic fstab changes such as ro to /etc/rc.local (/sbin/mount -urf /), letting the devs use the system during boot as they would their own system.
amd64 OpenBSD 6.2 doesn't see hard disks when controller in RAID mode
Hi, I've just tried to install the amd64 OpenBSD 6.2 and it doesn't see hard disks when controller in RAID mode (BIOS configuration). If I change it to AHCI mode (in BIOS) it can see them. Although I don't use RAID capabilities I can't switch to the AHCI mode because I have Windows 7 installed when the storage controller was in RAID mode (default in my BIOS). Is it a know bug/limitation? Various Linuxes and FreeBSD 11.1 work properly with my disk controller and see all the disks, even in RAID mode. My hardware: HP Z230 desktop with Intel C226 chipset, Intel Core i7 4790 CPU and 16 GB of RAM. Hard disks: [1] 238GB SanDisk SD8SBAT256G1122 (SSD) [2] 931GB Western Digital WDC WD10EZEX-60M2NA0 (SATA) Installation media: install62.fs flashed on a USB drive.
Re: Trouble with VMM/VMD
On Tue, Oct 10, 2017 at 02:39:05PM +0200, Roar Waagsbø wrote: > Hi. > > I starting using openbsd a while back and I was told on #openbsd@freenode > that vmm was the way to go, and not use qemu. > > I want to use openbsd on my host machine. > > I setup two vms and it worked fine. > > After about a week I noticed that one of my vms was shutdown. > > I started it back up again and didnt give it much thought. > > After a few days my other vm was shut down. > > Then after a few days again both my vms was shutdown. > > Today I upgraded the host to a new -current snapshot (10/10/2017) > > And when I start my vm now, it says that it starts successfully, then after > a few seconds it is shutdown again. > > I started vmd with -d (tried -dv but it said that -v wasnt an options, even > though man vmd say so) > > And the only thing /var/log/daemon says was: > > vmd2: vm2 even trhead exited unexpectedly. > > Am I missing something? > > Or am I doing anything wrong? > > Regards Roar Your bug report is horrible. man sendbug -ml
Issue with ipsec tunnels on 6.2
Hello, Since the upgrade to OpenBSD 6.2 (from 6.1). One of my tunnels is not working anymore (it was working on 6.1) There are 2 things which differ from the other (working) ones: Both hosts are natted, and one host is i386 (instead of amd64). I can see packets leaving the source server and entering the destination one. leaving: Oct 10 16:20:20.456154 e4:11:5b:d4:4a:6e c4:ea:1d:45:50:2c 0800 194: 192.168.254.2.4500 > 91.183.56.68.4500:udpencap: esp 192.168.254.2 > 91.183.56.68 spi 0x1b3c3f1f seq 155 len 152 (DF) arriving: Oct 10 16:20:20.474021 08:76:ff:e5:24:82 00:04:a7:08:9a:c6 0800 194: 91.183.56.64.4500 > 172.20.254.254.4500:udpencap: esp 91.183.56.64 > 172.20.254.254 spi 0x1b3c3f1f seq 155 len 152 (DF) [tos 0x38] However, if I sniff enc0 on the source host, I can see the packets, but on the destination host, I don't see anything on enc0 besides the NAT-T keepalives. Has anyone seen such an issue? Best Regards
Re: softraid crypto with keydisk and password
On Tue, Oct 10, 2017 at 11:13:45PM +1100, tomr wrote: > Well... there's nothing in the FAQ about using a keydisk at all, and > there's no hints in bioctl(8) about using both a keydisk and a password > together. That's because using both isn't a supported use case yet. In the current design and implementation, there's either a passphrase or a keydisk, but never both. > The last comment on this thread describes what I'd like to do, which is > to somehow have a keydisk *and* a passphrase: > https://undeadly.org/cgi?action=article&sid=20131112031806 Please understand that I don't have any interest in supporting such hacks. If you use them and they work for you, that's fine of course. I'd rather see a patch that makes this feature a proper part of the design and implementation. I don't need this feature. But if you write a patch to implement it properly, I will review your patch.
Trouble with VMM/VMD
Hi. I starting using openbsd a while back and I was told on #openbsd@freenode that vmm was the way to go, and not use qemu. I want to use openbsd on my host machine. I setup two vms and it worked fine. After about a week I noticed that one of my vms was shutdown. I started it back up again and didnt give it much thought. After a few days my other vm was shut down. Then after a few days again both my vms was shutdown. Today I upgraded the host to a new -current snapshot (10/10/2017) And when I start my vm now, it says that it starts successfully, then after a few seconds it is shutdown again. I started vmd with -d (tried -dv but it said that -v wasnt an options, even though man vmd say so) And the only thing /var/log/daemon says was: vmd2: vm2 even trhead exited unexpectedly. Am I missing something? Or am I doing anything wrong? Regards Roar
Re: softraid crypto with keydisk and password
On 09/28/17 17:58, Stefan Sperling wrote: > On Thu, Sep 28, 2017 at 04:15:20AM +0200, Erling Westenvik wrote: >> On Thu, Sep 28, 2017 at 09:11:49AM +1000, tomr wrote: >>> I remember seeing a post, I think on undeadly.org, which went through >>> having the bootloader on password-encrypted usb drive, that also >>> contains a keyfile for the main disk. It said something like "I also >>> wanted the laptop to appear broken, and the disk full of random data, if >>> the usb drive wasn't present - rather than stopping at a password prompt" >> >> Here you go: >> >> http://www.undeadly.org/cgi?action=article&sid=20110530221728 > > Hi, I am the author of this undeadly article. > It is now very old and full of outdated information. > > Follow this FAQ section instead: > http://www.openbsd.org/faq/faq14.html#softraid Well... there's nothing in the FAQ about using a keydisk at all, and there's no hints in bioctl(8) about using both a keydisk and a password together. The last comment on this thread describes what I'd like to do, which is to somehow have a keydisk *and* a passphrase: https://undeadly.org/cgi?action=article&sid=20131112031806
Re: l2tp client
On Mon, Oct 09, 2017 at 08:03:54PM -0500, Daniel Boyd wrote: > I’ve just started a job where I will be working from home a bunch, so I would > like to configure my home router as an ipsec/l2tp client and to push the > routes from my work network to all computers on my home network. i.e. a > site-to-site VPN. > > I have found a bunch of documentation for configuring OpenBSD as a ipsec/l2tp > server, but not as much as a client. > > I assume I’ll need the xl2tpd package… When I connect a Mac, iOS device, or > PC, the VPN requires a username, password and a secret. > > Can anyone point me in the direction of some documentation to get started? > > Thanks! > > Daniel Boyd If you install the xl2tpd package you'll find a README file with instructions in /usr/local/share/doc/pkg-readmes/
Re: l2tp client
On 2017-10-10, Daniel Boyd wrote: > I’ve just started a job where I will be working from home a bunch, so I would > like to configure my home router as an ipsec/l2tp client and to push the > routes from my work network to all computers on my home network. i.e. a > site-to-site VPN. > > I have found a bunch of documentation for configuring OpenBSD as a ipsec/l2tp > server, but not as much as a client. > > I assume I’ll need the xl2tpd package… When I connect a Mac, iOS device, or > PC, the VPN requires a username, password and a secret. > > Can anyone point me in the direction of some documentation to get started? > > Thanks! > > Daniel Boyd > Yes you'll need xl2tpd and pppd(8) for ipsec/l2tp client. Be warned, it doesn't work particularly well. If the other side is under your control, use pretty much anything else instead. Plain IKEv1 (isakmpd/ipsec.conf), IKEv2 (iked/iked.conf), OpenVPN, or openconnect (with ocserv or cisco anyconnect on the server side) - all will work more reliably and be easier to configure than L2TP+IPsec client on OpenBSD.
Re: gtar: ambiguous package
On 2017-10-09, Todd C. Miller wrote: > On Mon, 09 Oct 2017 17:24:53 +0200, Max Power wrote: > >> Hi guys, and wishes for the new release, Thank You Theo. >> >> Installing gtar ask me: >> Ambiguos: choose package for gtar >> a 0: >> 1: gtar-1.28p1 >> 2: gtar-1.28p1-static >> Your choice: >> >> Ok, but differece between 'normal' and 'static'...? > > Packages with the -static suffix are statically linked and do not > depend on shared libraries. This means that the binary is not > affected by changes in the shared libraries, which can be handy for > development. It is also consistent with the OpenBSD tar/pax which > is also statically linked. > > Chances are it won't make a difference to you and the non-static > package will be a bit smaller. If you want to script this (or use with config management systems) and don't want to be presented with the choice, use "gtar--" as the package name, e.g. "pkg_add gtar--".
Re: Switching swap partition
On Tue, Oct 10, 2017, at 10:22, leo_...@volny.cz wrote: > Instead of sd0b? Then it appears fine. Yes, that was my point, everything seemed fine until I found that line in dmesg. > >> You might want to keep sd0b around as a dump partition though, just in > >> case it ever panics before going multiluser... > > > > The point of this operation was to reclaim that space for other use ;-) > > You could even just shrink it significantly -- I don't think a dump at > early boot would take up *that* much space... Good suggestion, I might do it like that indeed. Thanks! Frank
RE: Switching swap partition
Haai, "Frank Groeneveld" wrote: > > swapctl -l always lists /dev/sd1b correctly. Instead of sd0b? Then it appears fine. >> You might want to keep sd0b around as a dump partition though, just in >> case it ever panics before going multiluser... > > The point of this operation was to reclaim that space for other use ;-) You could even just shrink it significantly -- I don't think a dump at early boot would take up *that* much space... --schaafuit.
Re: Switching swap partition
On Tue, Oct 10, 2017, at 09:48, leo_...@volny.cz wrote: > It'd seem more wrong to me if it'd try to swap to a nonexistent > partition ;) Just in case, what is the output of 'swapctl -l' straight > after boot, preferably when still single-user? swapctl -l always lists /dev/sd1b correctly. > You might want to keep sd0b around as a dump partition though, just in > case it ever panics before going multiluser... The point of this operation was to reclaim that space for other use ;-) Frank
6.2-RELEASE with single disk FDE hangs on serial console after wrong passphrase
Hi misc, I have a PC Engines apu2b4 with one 16 GB ssd, for installation or reboot reasons I am connected via serial console. Here is the boot screen: (dmesg below) = PC Engines apu2 coreboot build 20170831 BIOS version v4.0.12 4080 MB ECC DRAM SeaBIOS (version rel-1.10.2.1) Press F10 key now for boot menu Booting from Hard Disk... Using drive 0, partition 3. Loading.. probing: pc0 com0 com1 com2 com3 mem[638K 3582M 496M a20=on] disk: hd0+ sr0* >> OpenBSD/amd64 BOOT 3.33 Passphrase: accidentially pressed Enter bcrypt_pbkdf failed open(sr0a:/etc/boot.conf): Operation not permitted should be loaded for com0 switching boot> Passphrase: given the right passphrase booting sr0a:/bsd: 8520476+2544648+241408+0+675840 [662700+82+702264+484833]=0xd32ce8 entry point at 0x1000158 hangs forever = Hint: After entering empty or wrong passphrase and at least the correct passphrase, should reload /etc/boot.conf (with correct permissions set ? ) Workaround: Giving 'stty com0 115200' and 'set tty com0' at the bootprompt and given afterwards the correct passphrase, seems to work and system switches to com0 and boots up. If you are too slow, system tries to boot and hangs on the console. But it's annoying after the hang, that you have (especially for APUx devices) to pull the AC cable and put it back again. Provokes fs checks on crypto device. This is not a hard bug and I am very good with 6.2-RELEASE, the fastest and best up to now. Congratulations to the developers, great great work. Regards, Stefan Kapfhammer dmesg: OpenBSD 6.2 (GENERIC.MP) #134: Tue Oct 3 21:22:29 MDT 2017 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 4261076992 (4063MB) avail mem = 4124921856 (3933MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xdffb7020 (7 entries) bios0: vendor coreboot version "v4.0.12" date 08/31/2017 bios0: PC Engines apu2 acpi0 at bios0: rev 2 acpi0: sleep states S0 S1 S2 S3 S4 S5 acpi0: tables DSDT FACP SSDT APIC HEST SSDT SSDT HPET acpi0: wakeup devices PWRB(S4) PBR4(S4) PBR5(S4) PBR6(S4) PBR7(S4) PBR8(S4) UOH1(S3) UOH3(S3) UOH5(S3) XHC0(S4) acpitimer0 at acpi0: 3579545 Hz, 32 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: AMD GX-412TC SOC, 998.27 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,TOPEXT,ITSC,BMI1 cpu0: 32KB 64b/line 2-way I-cache, 32KB 64b/line 8-way D-cache, 2MB 64b/line 16-way L2 cache cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu0: DTLB 40 4KB entries fully associative, 8 4MB entries fully associative cpu0: TSC frequency 998270800 Hz cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges cpu0: apic clock running at 99MHz cpu0: mwait min=64, max=64, IBE cpu1 at mainbus0: apid 1 (application processor) cpu1: AMD GX-412TC SOC, 998.13 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,TOPEXT,ITSC,BMI1 cpu1: 32KB 64b/line 2-way I-cache, 32KB 64b/line 8-way D-cache, 2MB 64b/line 16-way L2 cache cpu1: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu1: DTLB 40 4KB entries fully associative, 8 4MB entries fully associative cpu1: smt 0, core 1, package 0 cpu2 at mainbus0: apid 2 (application processor) cpu2: AMD GX-412TC SOC, 998.13 MHz cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,TOPEXT,ITSC,BMI1 cpu2: 32KB 64b/line 2-way I-cache, 32KB 64b/line 8-way D-cache, 2MB 64b/line 16-way L2 cache cpu2: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu2: DTLB 40 4KB entries fully associative, 8 4MB entries fully associative cpu2: smt 0, core 2, package 0 cpu3 at mainbus0: apid 3 (application processor) cpu3: AMD GX-412TC SOC, 998.13 MHz cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,TOPEXT,ITSC,BMI1
RE: Switching swap partition
Haai, "Frank Groeneveld" wrote: > I recently switched the swap partition on a server from sd0b to sd1b. > I've modified /etc/fstab accordingly and after a reboot swapctl -l lists > it as being the only used swap partition correctly. Today I noticed this > line in dmesg: > root on sd0a (4340b9bfa4cdde0a.a) swap on sd0b dump on sd0b FWIW, I believe these are just boot-time defaults. > It still lists the old partition (which I modified to be of the > "unknown" type in the disklabel, but removing the partition doesn't fix > it either) as being the swap partition. How can I change this? I found a > kernel compile option, but recompiling a kernel because I want swap on a > different partition seems wrong. It'd seem more wrong to me if it'd try to swap to a nonexistent partition ;) Just in case, what is the output of 'swapctl -l' straight after boot, preferably when still single-user? You might want to keep sd0b around as a dump partition though, just in case it ever panics before going multiluser... --schaafuit.
Switching swap partition
I recently switched the swap partition on a server from sd0b to sd1b. I've modified /etc/fstab accordingly and after a reboot swapctl -l lists it as being the only used swap partition correctly. Today I noticed this line in dmesg: root on sd0a (4340b9bfa4cdde0a.a) swap on sd0b dump on sd0b It still lists the old partition (which I modified to be of the "unknown" type in the disklabel, but removing the partition doesn't fix it either) as being the swap partition. How can I change this? I found a kernel compile option, but recompiling a kernel because I want swap on a different partition seems wrong. Thanks for any hints! Frank
Re: reordering libraries:/etc/rc[443]: ./test-ld.so: Permission denied
On 09/28/2017 06:34 AM, Philip Guenther wrote: > On Wed, 27 Sep 2017, Theodore Wynnychenko wrote: > ... >> Thank you for the information. I removed the “noexec” flag from fstab >> and the error has disappeared. >> >> But, I am also surprised by the requirement that /tmp _not_ be mounted >> noexec for this to function correctly. I recall reading that it was >> best to mount filesystems with the most restrictive settings possible >> for that specific filesystem, and that /tmp should be mounted with >> (essentially) nothing set (ie: nodev, nosuid, noexec). >> >> Am I incorrect or has something changed in this regard? >> >> It seems to me that, as a general rule, making /tmp noexec is a good >> thing from a security standpoint; but I admit that I don’t know enough >> about this to be sure. >> >> Anyway, I just added a line to rc.local to remount temp as noexec at the >> end of the boot so that rc would work without errors and that /tmp is >> noexec once the system is up. > > To quote a co-worker: "What problem are you trying to solve?" > Or, in this case: What attack/threat vector are you trying to block? > > What on your system is running with (a) ability to exec (think pledge(2)), > *and* (b) access to /tmp but *without* write access to other directories > (like $HOME) that aren't mounted noexec? > > If the answer is "nothing", then marking /tmp as noexec is only annoying > you. > > Sorry to revive an "old" post, but I am trying to understand the logic. On a desktop, I fully agree with you, it's generally useless. But on my servers, I have a lot of processes which can write into their home directories, but those directories are noexec as well. Why would you need to allow any process to exec things that are not in controlled paths? As an example, let's say I have dovecot running, why would I let dovecot run anything besides its own processes that have been written by root and it cannot modify? Many exploits try to drop binaries into /tmp by default. Also, remounting /tmp noexec doesn't work if your /tmp is mfs AFAIK.