Re: news from my hacked box
On Wed, Apr 1, 2020 at 10:29 PM Cord wrote: > > Hi, > I found something that in my opinion are nearly evidences. > For those who doesn't know my story please read past messages: > https://marc.info/?a=15535526152=1=2 > Well, as I said previously my laptop was been hacked then I bought a new > laptop because my suspicious are that the uefi or other firmware was been > hacked (I reinstalled openbsd various times) > The old laptop had a wifi usb dongle to connect to the wifi router. > Now the new laptop has a wifi chip that works properly on opnebsd. > The inner IF is iwm0. > And I discovered differences on wifi performance between the on board IF and > the old usb dongle. > Of course the tests were been made from exactly the same physical place. > The following are the results (I used speedtest-cli): > iwm0 with vpn download: 0,46 mbit/s upload: 0,55 mbit/s > iwm0 without vpn download: 0,50 mbit/s upload: 2,53 mbit/s > urtwn0 with vpn download: 20,88 mbit/s upload: 8,49 mbit/s > urtwn0: without vpn download: 24,83 mbit/s upload 9,27 mbit/s > > The following are the results pinging 8.8.8.8 with -c 500: > 500 packets transmitted, 500 packets received, 0.0% packet loss > iwm0: round-trip min/avg/max/std-dev = 18.761/6372.615/72372.495/14987.007 ms > urtwn0: round-trip min/avg/max/std-dev = 24.068/36.489/878.218/48.120 ms > > As I know the traffic shaping is configured by pf with pf.conf, the following > is my pf.conf (I'm sorry I'm not a genius of pf): > ---/etc/pf.conf > if="urtwn0" > #if="iwm0" > dns="{8.8.8.8}" > myvpn="{x.x.x.x, x.x.x.x, x.x.x.x, x.x.x.x, x.x.x.x}" > weird="{239.255.255.250, 224.0.0.1}" > pany="{udp, tcp}" > set skip on tun0 > set skip on lo > set block-policy drop > set loginterface $if > block quick inet6 > block quick on $if from any to $weird > pass quick proto icmp > pass out quick on $if proto $pany from $if to $dns > pass out quick on $if proto udp from $if to $myvpn > pass out quick on $if proto tcp from $if to my01-other-vpn.com > pass out quick on $if proto tcp from $if to my02-other-vpn.com > pass out quick on $if proto tcp from $if to my03-other-vpn.com > block drop in on ! lo0 proto tcp to port 6000:6010 > block drop out log proto {tcp udp} user _pbuild > block log quick on $if > -- > > Other strange things that happens on my laptop are the following: > 1) sometimes my openvpn (2 times on 5) fail authentication even I use a saved > file authentication data and pass it the data with --auth-user-pass > /my/path/pass > Then in my opinion it's impossible fails the authentication. > 2) sometimes KeePassXC fails authentication on random site. If I copy the > password and paste it by hand it works. > 3) and of course there are people that can spy me and modify suggested videos > on youtube. Please do not comment this because I know it's very subjective. > > As I said previously in my opinion there is 0day on how is implemented the > tcp/ip stack in the kernel. > And the vulnerability can be exploited by a mitm attack from the home router. > Thank you Cord. Hello Cord, and thank you for the interesting messages. Just a thought: Do you have any wall paintings, and have you noticed something different about them since you got hacked? You see, I once talked to a man at the local library who was looking for literature about computer viruses and he mentioned that the virus had somehow spread out from the USB ports in his computer onto his paintings, which had now become dull and grey. His family told him that he was imagining things and refused to help him, that's why he was at the library to search for information. If your computer has been hacked, maybe it is by the same virus. Kind regards, Anders
Re: Faking the same LAN over the Internet
You could also consider using etherip(4). I think the etherip(4) interface might be more NAT tolerant but I am not really sure.
Re: Faking the same LAN over the Internet
yes, if your openbsd device is not your broadband router then consider below. brief how to, actual implementation left to individual admin step one, have a relatively low cost virtual host provider step two, using virtual host provider to determine data center with lowest combined latency between your 2(or more) endpoints step three, create ipsec tunnels between endpoints and VM server step four, create egre or eiop or whatever use chose between the various endpoints across ipsec tunnel On Wed, Apr 1, 2020 at 11:45 AM Tom Smyth wrote: > > Hi Chris, Dianna, > > Gre is great and fast and a hell of a lot faster than OpenVPN... > However and it is a Big However... > Gre does not typically work Across NATs > > L2 GRE tunnel interfaces u can run on OpenBSD > include eoip(4) egre(4), etherip(4) > > > On Wed, 1 Apr 2020 at 17:58, Chris Bennett > wrote: > > > > On Wed, Apr 01, 2020 at 07:01:15AM -0600, Diana Eichert wrote: > > > have you considered looking at native OpenBSD tools? > > > > > > https://man.openbsd.org/egre.4 > > > > > > > Wow! I had no idea about this. > > The manual page seems to be very clear, too. > > > > I have 2 servers at different ISPs and from home I almost always connect > > over my phone's hotspot. > > > > I will definitely be learning this! > > > > Thanks! > > > > Chris Bennett > > > > > > > -- > Kindest regards, > Tom Smyth. > -- - Past hissy-fits are not a predictor of future hissy-fits. Nick Holland(06 Dec 2005) To announce that there must be no criticism of the president, or that we are to stand by the president, right or wrong, is not only unpatriotic and servile, but is morally treasonable to the American public. - Theodore Roosevelt(1918)
Re: Recommendations for video call/conferencing server on OpenBSD?
On Wed, Apr 01, 2020 at 11:36:07PM +0200, Jan Betlach wrote: > I am using jitsi.org and tox.chat (on Linux VM). Have you by any chance tried to get jitsi running natively on OpenBSD? That would be my preference, if possible (especially as said server is not exactly "high end"...) Cheerio, Thomas -- - Thomas Ribbrockhttp://www.ribbrock.org/ "You have to live on the edge of reality - to make your dreams come true!"
Re: Recommendations for video call/conferencing server on OpenBSD?
Hi, I am using jitsi.org and tox.chat (on Linux VM). Jan On 1 Apr 2020, at 22:53, T. Ribbrock wrote: > Hi all, > > with more and more colleagues and friends sitting at home, I'm > considering installing some video call/conferencing software on my > existing OpenBSD server. > > I currently have Nextcloud installed on that server, so the easiest > option was the Nexcloud Talk plugin, which I'm playing with now. > > Nonetheless, I'd be curious about what others use/recommend for video > calls/conferencing - any suggestions? > > Thanks in advance, > > Thomas
Recommendations for video call/conferencing server on OpenBSD?
Hi all, with more and more colleagues and friends sitting at home, I'm considering installing some video call/conferencing software on my existing OpenBSD server. I currently have Nextcloud installed on that server, so the easiest option was the Nexcloud Talk plugin, which I'm playing with now. Nonetheless, I'd be curious about what others use/recommend for video calls/conferencing - any suggestions? Thanks in advance, Thomas
Re: reviewing what is available
Hi Luke, Luke A. Call wrote on Wed, Apr 01, 2020 at 01:36:49PM -0600: > On 04-01 12:47, Chris Bennett wrote: >> On Wed, Apr 01, 2020 at 07:01:15AM -0600, Diana Eichert wrote: >>> have you considered looking at native OpenBSD tools? >>> https://man.openbsd.org/egre.4 >> Wow! I had no idea about this. > I think you know more about obsd than I do, but in case it's useful to > anyone else: > > I didn't know about egre(4) either, but I am trying to go > gradually thru the process of seeing "what is there" by browsing to > man.openbsd.org, putting a single period (".") in the search field, > choose a section, click apropos, and methodically reading. As jmc@ made me aware recently, an equal sign (or even better: Nm=) is faster than a period because it doesn't need to evaluate a regular expression for each and every manual page in the database. ;-) By the way, you can do that from the command line, too, no need to access the Internet: $ man -s 2 -ak Nm= then type :tNAME and hit the "enter" key. If you aleady know about the stuff shown at the top of the screen, just hit the t key once, or as many times as the top of the screen seems familiar. Even if you decide to study something and move around with arrows up and down and search with the "/" and "?" keys, hitting the "t" key again later will get you to next manual page from the place that you last jumped to with "t". If you get very confused as to where you stopped and whether you maybe skipped anything, hit "T" (= Shift-t) until you see something familiar, then move forward again with "t" as before. The "man -s 2 -ak Nm=" feature has been working for a long time, for multiple -stable releases, but for the ":tNAME" and "t" sugar, you nead a *really* current -current, as in, from a few minutes ago, or tomorrow's (amd64) snapshots, or later for slower architectures. Enjoy, Ingo > Lots of good > stuff and some surprises (for me at least) in there. If I hadn't > done that once with debian (years ago), I wouldn't know about touch(1), > for example, and a bunch of other things. > > Again, you know more than I, so no insult intended. :)
news from my hacked box
Hi, I found something that in my opinion are nearly evidences. For those who doesn't know my story please read past messages: https://marc.info/?a=15535526152=1=2 Well, as I said previously my laptop was been hacked then I bought a new laptop because my suspicious are that the uefi or other firmware was been hacked (I reinstalled openbsd various times) The old laptop had a wifi usb dongle to connect to the wifi router. Now the new laptop has a wifi chip that works properly on opnebsd. The inner IF is iwm0. And I discovered differences on wifi performance between the on board IF and the old usb dongle. Of course the tests were been made from exactly the same physical place. The following are the results (I used speedtest-cli): iwm0 with vpn download: 0,46 mbit/s upload: 0,55 mbit/s iwm0 without vpn download: 0,50 mbit/s upload: 2,53 mbit/s urtwn0 with vpn download: 20,88 mbit/s upload: 8,49 mbit/s urtwn0: without vpn download: 24,83 mbit/s upload 9,27 mbit/s The following are the results pinging 8.8.8.8 with -c 500: 500 packets transmitted, 500 packets received, 0.0% packet loss iwm0: round-trip min/avg/max/std-dev = 18.761/6372.615/72372.495/14987.007 ms urtwn0: round-trip min/avg/max/std-dev = 24.068/36.489/878.218/48.120 ms As I know the traffic shaping is configured by pf with pf.conf, the following is my pf.conf (I'm sorry I'm not a genius of pf): ---/etc/pf.conf if="urtwn0" #if="iwm0" dns="{8.8.8.8}" myvpn="{x.x.x.x, x.x.x.x, x.x.x.x, x.x.x.x, x.x.x.x}" weird="{239.255.255.250, 224.0.0.1}" pany="{udp, tcp}" set skip on tun0 set skip on lo set block-policy drop set loginterface $if block quick inet6 block quick on $if from any to $weird pass quick proto icmp pass out quick on $if proto $pany from $if to $dns pass out quick on $if proto udp from $if to $myvpn pass out quick on $if proto tcp from $if to my01-other-vpn.com pass out quick on $if proto tcp from $if to my02-other-vpn.com pass out quick on $if proto tcp from $if to my03-other-vpn.com block drop in on ! lo0 proto tcp to port 6000:6010 block drop out log proto {tcp udp} user _pbuild block log quick on $if -- Other strange things that happens on my laptop are the following: 1) sometimes my openvpn (2 times on 5) fail authentication even I use a saved file authentication data and pass it the data with --auth-user-pass /my/path/pass Then in my opinion it's impossible fails the authentication. 2) sometimes KeePassXC fails authentication on random site. If I copy the password and paste it by hand it works. 3) and of course there are people that can spy me and modify suggested videos on youtube. Please do not comment this because I know it's very subjective. As I said previously in my opinion there is 0day on how is implemented the tcp/ip stack in the kernel. And the vulnerability can be exploited by a mitm attack from the home router. Thank you Cord.
Re: bird crashes kernel
It's probably worth capturing output of route -n monitor while this is happening. Userland-triggerable kernel panic is definitely a bug of some sort, so please send it to bugs@. On 2020-04-01, Bastien Durel wrote: > Hello, > > I tried to replace ospfd & ospf6d by bird, as they don't seem to handle > wireguard tunnels well, but soon after bird starts (or stops), I get a > panic (copied from console): > > fremen# /etc/rc.d/bird stop > > birduvm_fault(0xfd813f96b000, 0x18, 0, 1) -> e > fatal page fault in supervisor mode > trap type 6 code 0 rip 81a49c6b cs 8 rflags 10206 cr2 18 cpl 0 rsp > 8000336d08c0 > gsbase 0x81f44ff0 kgsbase 0x0 > panic: trap type 6, code=0, pc=81a49c6b > Starting stack trace... > panic() at panic+0x11b > kerntrap(8000336d0810) at kerntrap+0x114 > alltraps_kern_meltdown(6,28001,0,0,815b2dd0,18) at > alltraps_kern_meltdown+0x7b > ml_purge(18) at ml_purge+0x1b > arp_rtrequest() at arp_rtrequest+0x180 > rtm_output(814b6600,8000336d0ad0,8000336d0a28,40,0) at > rtm_output+0x41d > route_output(fd808b525500,fd813212c090,0,0) at route_output+0x329 > route_usrreq(fd813212c090,9,fd808b525500,0,0,800033566548) at > route_usrreq+0x207 > sosend(fd813212c090,0,8000336d0d28,0,0,80) at sosend+0x383 > dofilewritev(800033566548,5,8000336d0d28,0,8000336d0e00) at > dofilewritev+0xf9 > sys_write(800033566548,8000336d0da0,8000336d0e00) at > sys_write+0x51 > syscall(8000336d0e70) at syscall+0x389 > Xsyscall(6,4,1eee94104820,4,1eee9c8370d8,1eeec4584c80) at Xsyscall+0x128 > end of kernel > end trace frame: 0x7f7f62c0, count: 244 > End of stack trace. > syncing disks...10 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 giving up > > Here is the dmesg : > > [...] > arpresolve: 10.42.42.0: route contains no arp information > arpresolve: 10.42.42.0: route contains no arp information > arpresolve: 10.42.42.0: route contains no arp information > uvm_fault(0xfd813f96b000, 0x18, 0, 1) -> e > fatal page fault in supervisor mode > trap type 6 code 0 rip 81a49c6b cs 8 rflags 10206 cr2 18 cpl 0 rsp > 8000336d08c0 > gsbase 0x81f44ff0 kgsbase 0x0 > panic: trap type 6, code=0, pc=81a49c6b > Starting stack trace... > panic() at panic+0x11b > kerntrap(8000336d0810) at kerntrap+0x114 > alltraps_kern_meltdown(6,28001,0,0,815b2dd0,18) at > alltraps_kern_meltdown+0x7b > ml_purge(18) at ml_purge+0x1b > arp_rtrequest() at arp_rtrequest+0x180 > rtm_output(814b6600,8000336d0ad0,8000336d0a28,40,0) at > rtm_output+0x41d > route_output(fd808b525500,fd813212c090,0,0) at route_output+0x329 > route_usrreq(fd813212c090,9,fd808b525500,0,0,800033566548) at > route_usrreq+0x207 > sosend(fd813212c090,0,8000336d0d28,0,0,80) at sosend+0x383 > dofilewritev(800033566548,5,8000336d0d28,0,8000336d0e00) at > dofilewritev+0xf9 > sys_write(800033566548,8000336d0da0,8000336d0e00) at > sys_write+0x51 > syscall(8000336d0e70) at syscall+0x389 > Xsyscall(6,4,1eee94104820,4,1eee9c8370d8,1eeec4584c80) at Xsyscall+0x128 > end of kernel > end trace frame: 0x7f7f62c0, count: 244 > End of stack trace. > syncing disks...presolve: 10.42.42.0: route contains no arp informat > OpenBSD 6.6 (GENERIC.MP) #7: Thu Mar 12 11:55:22 MDT 2020 > > r...@syspatch-66-amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP > real mem = 4196302848 (4001MB) > avail mem = 4056403968 (3868MB) > mpath0 at root > scsibus0 at mpath0: 256 targets > mainbus0 at root > bios0 at mainbus0: SMBIOS rev. 2.8 @ 0x8ce22000 (85 entries) > bios0: vendor American Megatrends Inc. version "5.12" date 11/23/2018 > bios0: Default string Default string > acpi0 at bios0: ACPI 6.0 > acpi0: sleep states S0 S3 S5 > acpi0: tables DSDT FACP APIC FPDT FIDT MCFG SSDT SSDT HPET SSDT SSDT UEFI > SSDT LPIT SSDT SSDT SSDT SSDT DBGP DBG2 SSDT DMAR ASF! WSMT > acpi0: wakeup devices RP09(S3) PXSX(S3) RP10(S3) PXSX(S3) RP11(S3) PXSX(S3) > RP12(S3) PXSX(S3) RP13(S3) PXSX(S3) RP01(S3) PXSX(S3) RP02(S3) PXSX(S3) > RP03(S3) PXSX(S3) [...] > acpitimer0 at acpi0: 3579545 Hz, 24 bits > acpimadt0 at acpi0 addr 0xfee0: PC-AT compat > cpu0 at mainbus0: apid 0 (boot processor) > cpu0: Intel(R) Celeron(R) CPU 3855U @ 1.60GHz, 1596.83 MHz, 06-4e-03 > cpu0: > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,SGX,ERMS,INVPCID,RDSEED,SMAP,CLFLUSHOPT,PT,MD_CLEAR,TSXFA,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN > cpu0: 256KB 64b/line 8-way L2 cache > cpu0: smt 0, core 0, package 0 > mtrr: Pentium Pro MTRR support, 10 var
Re: [OpenIKED] current session list
On Wed, 1 Apr 2020 08:50:41 - (UTC) Stuart Henderson wrote: > On 2020-04-01, Radek wrote: > > Hi @misc, > > is there any equivalent of "npppctl sessions all/brief" for iked(8)? > > How can I get the list of currently connected roadwarriors? They use CA. > > "ipsecctl -sa" shows IPs only, but I need to know who is who. > > If you're not running recent -current, update (either the whole OS or > just iked+ikectl), something changed recently (possibly "Copy EAP ID to > new SA when rekeying IKE SA") that resulted in me seeing EAP-MSCHAPv2 > usernames in a typical ipsecctl -sa, hopefully it will help for CA client > certs too. (Perhaps not surprisingly there have been quite a lot of > recent improvements to iked in -current). > > Thank you Stuart. I'm running 6.6. Unfortunately, the VPN box became quite important because of recent remote work policy and I don't wan't to "touch" it now as it works as expected. I manage this box remotely and I can't take the risk that sth goes wrong with update. This box has recently got increase the number of iked(8) users and I just wanted to have a better view of them. That was the reason of my question. I will wait for the next release and replace the box in - hopefully - better circumstances. It is good to see that iked(8) improves regularly from one release to another. -- Radek
reviewing what is available (was Re: Faking the same LAN over the Internet
On 04-01 12:47, Chris Bennett wrote: > On Wed, Apr 01, 2020 at 07:01:15AM -0600, Diana Eichert wrote: > > have you considered looking at native OpenBSD tools? > > https://man.openbsd.org/egre.4 > > Wow! I had no idea about this. I think you know more about obsd than I do, but in case it's useful to anyone else: I didn't know about egre(4) either, but I am trying to go gradually thru the process of seeing "what is there" by browsing to man.openbsd.org, putting a single period (".") in the search field, choose a section, click apropos, and methodically reading. Lots of good stuff and some surprises (for me at least) in there. If I hadn't done that once with debian (years ago), I wouldn't know about touch(1), for example, and a bunch of other things. Again, you know more than I, so no insult intended. :) -- Luke Call Peace, tech, help, ideas: http://lukecall.net (Updated 2020-03-13. Feedback welcome; https is on todo list.)
Re: Faking the same LAN over the Internet
Hi Chris, Dianna, Gre is great and fast and a hell of a lot faster than OpenVPN... However and it is a Big However... Gre does not typically work Across NATs L2 GRE tunnel interfaces u can run on OpenBSD include eoip(4) egre(4), etherip(4) On Wed, 1 Apr 2020 at 17:58, Chris Bennett wrote: > > On Wed, Apr 01, 2020 at 07:01:15AM -0600, Diana Eichert wrote: > > have you considered looking at native OpenBSD tools? > > > > https://man.openbsd.org/egre.4 > > > > Wow! I had no idea about this. > The manual page seems to be very clear, too. > > I have 2 servers at different ISPs and from home I almost always connect > over my phone's hotspot. > > I will definitely be learning this! > > Thanks! > > Chris Bennett > > -- Kindest regards, Tom Smyth.
Re: Faking the same LAN over the Internet
On Wed, Apr 01, 2020 at 07:01:15AM -0600, Diana Eichert wrote: > have you considered looking at native OpenBSD tools? > > https://man.openbsd.org/egre.4 > Wow! I had no idea about this. The manual page seems to be very clear, too. I have 2 servers at different ISPs and from home I almost always connect over my phone's hotspot. I will definitely be learning this! Thanks! Chris Bennett
Re: Faking the same LAN over the Internet
have you considered looking at native OpenBSD tools? https://man.openbsd.org/egre.4
bird crashes kernel
Hello, I tried to replace ospfd & ospf6d by bird, as they don't seem to handle wireguard tunnels well, but soon after bird starts (or stops), I get a panic (copied from console): fremen# /etc/rc.d/bird stop birduvm_fault(0xfd813f96b000, 0x18, 0, 1) -> e fatal page fault in supervisor mode trap type 6 code 0 rip 81a49c6b cs 8 rflags 10206 cr2 18 cpl 0 rsp 8000336d08c0 gsbase 0x81f44ff0 kgsbase 0x0 panic: trap type 6, code=0, pc=81a49c6b Starting stack trace... panic() at panic+0x11b kerntrap(8000336d0810) at kerntrap+0x114 alltraps_kern_meltdown(6,28001,0,0,815b2dd0,18) at alltraps_kern_meltdown+0x7b ml_purge(18) at ml_purge+0x1b arp_rtrequest() at arp_rtrequest+0x180 rtm_output(814b6600,8000336d0ad0,8000336d0a28,40,0) at rtm_output+0x41d route_output(fd808b525500,fd813212c090,0,0) at route_output+0x329 route_usrreq(fd813212c090,9,fd808b525500,0,0,800033566548) at route_usrreq+0x207 sosend(fd813212c090,0,8000336d0d28,0,0,80) at sosend+0x383 dofilewritev(800033566548,5,8000336d0d28,0,8000336d0e00) at dofilewritev+0xf9 sys_write(800033566548,8000336d0da0,8000336d0e00) at sys_write+0x51 syscall(8000336d0e70) at syscall+0x389 Xsyscall(6,4,1eee94104820,4,1eee9c8370d8,1eeec4584c80) at Xsyscall+0x128 end of kernel end trace frame: 0x7f7f62c0, count: 244 End of stack trace. syncing disks...10 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 9 giving up Here is the dmesg : [...] arpresolve: 10.42.42.0: route contains no arp information arpresolve: 10.42.42.0: route contains no arp information arpresolve: 10.42.42.0: route contains no arp information uvm_fault(0xfd813f96b000, 0x18, 0, 1) -> e fatal page fault in supervisor mode trap type 6 code 0 rip 81a49c6b cs 8 rflags 10206 cr2 18 cpl 0 rsp 8000336d08c0 gsbase 0x81f44ff0 kgsbase 0x0 panic: trap type 6, code=0, pc=81a49c6b Starting stack trace... panic() at panic+0x11b kerntrap(8000336d0810) at kerntrap+0x114 alltraps_kern_meltdown(6,28001,0,0,815b2dd0,18) at alltraps_kern_meltdown+0x7b ml_purge(18) at ml_purge+0x1b arp_rtrequest() at arp_rtrequest+0x180 rtm_output(814b6600,8000336d0ad0,8000336d0a28,40,0) at rtm_output+0x41d route_output(fd808b525500,fd813212c090,0,0) at route_output+0x329 route_usrreq(fd813212c090,9,fd808b525500,0,0,800033566548) at route_usrreq+0x207 sosend(fd813212c090,0,8000336d0d28,0,0,80) at sosend+0x383 dofilewritev(800033566548,5,8000336d0d28,0,8000336d0e00) at dofilewritev+0xf9 sys_write(800033566548,8000336d0da0,8000336d0e00) at sys_write+0x51 syscall(8000336d0e70) at syscall+0x389 Xsyscall(6,4,1eee94104820,4,1eee9c8370d8,1eeec4584c80) at Xsyscall+0x128 end of kernel end trace frame: 0x7f7f62c0, count: 244 End of stack trace. syncing disks...presolve: 10.42.42.0: route contains no arp informat OpenBSD 6.6 (GENERIC.MP) #7: Thu Mar 12 11:55:22 MDT 2020 r...@syspatch-66-amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 4196302848 (4001MB) avail mem = 4056403968 (3868MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.8 @ 0x8ce22000 (85 entries) bios0: vendor American Megatrends Inc. version "5.12" date 11/23/2018 bios0: Default string Default string acpi0 at bios0: ACPI 6.0 acpi0: sleep states S0 S3 S5 acpi0: tables DSDT FACP APIC FPDT FIDT MCFG SSDT SSDT HPET SSDT SSDT UEFI SSDT LPIT SSDT SSDT SSDT SSDT DBGP DBG2 SSDT DMAR ASF! WSMT acpi0: wakeup devices RP09(S3) PXSX(S3) RP10(S3) PXSX(S3) RP11(S3) PXSX(S3) RP12(S3) PXSX(S3) RP13(S3) PXSX(S3) RP01(S3) PXSX(S3) RP02(S3) PXSX(S3) RP03(S3) PXSX(S3) [...] acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Celeron(R) CPU 3855U @ 1.60GHz, 1596.83 MHz, 06-4e-03 cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,SGX,ERMS,INVPCID,RDSEED,SMAP,CLFLUSHOPT,PT,MD_CLEAR,TSXFA,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN cpu0: 256KB 64b/line 8-way L2 cache cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges cpu0: apic clock running at 24MHz cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1.1.1, IBE cpu1 at mainbus0: apid 2 (application processor) cpu1: Intel(R) Celeron(R) CPU 3855U @ 1.60GHz, 1596.29 MHz, 06-4e-03 cpu1:
Re: [OpenIKED] current session list
On 2020-04-01, Radek wrote: > Hi @misc, > is there any equivalent of "npppctl sessions all/brief" for iked(8)? > How can I get the list of currently connected roadwarriors? They use CA. > "ipsecctl -sa" shows IPs only, but I need to know who is who. If you're not running recent -current, update (either the whole OS or just iked+ikectl), something changed recently (possibly "Copy EAP ID to new SA when rekeying IKE SA") that resulted in me seeing EAP-MSCHAPv2 usernames in a typical ipsecctl -sa, hopefully it will help for CA client certs too. (Perhaps not surprisingly there have been quite a lot of recent improvements to iked in -current).
Re: Faking the same LAN over the Internet
Use OpenVPN in bridged mode or if it's too complicated for you to set it up you can give a shot for Hamachi which was made for exactly this. There is one caveat regarding using the bridged mode in openvpn that there is more packet overhead than if you would be using the routed tun network but I guess it will be more than enough for your application. Other thing can be broadcast storm some misbehavior of bridge interfaces (like sometimes your FW thinks the packet come in on br0 sometimes on tap0), mtu problems that is also why ovpn team wants to remove the bridged mode so enjoy it while you can :) ‐‐‐ Original Message ‐‐‐ On Tuesday, March 31, 2020 11:34 AM, Chris Rawnsley wrote: > In the period of The Great Isolation, a friend and I wish to play > a game that has LAN-only multiplayer. We, however, live in different > locations and, more importantly, different LANs. An often cited > approach to solving this is to set up a VPN and connect the two > devices to it. This requires that both devices run a VPN client > that connects to the third device that manages the connection. And > then, hey presto! You have a "LAN". > > The complication I have found is that we are both using a Nintendo > Switch (NinSw) and this device comes without a VPN client. Initially, > I thought it would be possible to use a VPN client on a computer > which was wired in over Ethernet and then share the wireless to the > NinSw. This setup would be mirrored on the other side. The diagram > below tries to make this clearer. Search for "Where my thinking" > to skip over this. > > || > | | .. > | | ) ) ) |:| |:| > || `' .---/::\\ [NinSw] | [laptop] | [VPN] | > | \\ / | _\\__/_`-| ... |[uplink]// mirrored on the other side > `` > [gateway] > > Where my thinking comes stuck is how the wired connection is shared > to the NinSw over wireless. The laptop, running MacOS in the case > of my friend, will setup its own NAT to isolate the wireless > connections from the uplink. The NinSw is then unable to receive > an IP from the VPN and therefore not appear as part of the same > network. > > Ignoring the particular case of how "Internet Connection Sharing" > works on MacOS, would it be possible to setup some "VPN bridge" > (yes, I made that up) on OpenBSD where it handles the details of > the VPN connection but forwards the IP address to another device? > > If anyone has more insight into this and can point me in the right > direction I would be grateful. Similarly if there's been a mistake > in my thinking please point it out as that could help too. > > > - > > Chris Rawnsley > > P.S. the game in question is Civilization 6 and, yes, they very > annoyingly restricted it to LAN-only multiplayer...
16gb nvme (optane) : install target : supported?
is installation to a 16gb optane disk (built-in to my laptop) supported? currently running ubuntu 18.04 and it runs really well off the optane. even gives me an additional 1 hour of battery usage.
[OpenIKED] current session list
Hi @misc, is there any equivalent of "npppctl sessions all/brief" for iked(8)? How can I get the list of currently connected roadwarriors? They use CA. "ipsecctl -sa" shows IPs only, but I need to know who is who. -- Radek