Re: Problem with WireGuard on OpenBSD 7.3

[Stuart Henderson]

On 2023-05-04, Odd Martin Baanrud  wrote:
> Hello,
>
> Ok, now I finally got it running.
> I decided to bring up the wg interface using hostname.wg0, and start 
> WireGuard from /etc/rc.local.

You don't need anything from rc.local, or the wireguard-tools package,
the whole thing can be done using tools built-in to the OS.

And that is what you want, because after updating the OS, you might have
problems running old packages until they're updated too.

> This machine also acts as the router for my lan/wlan, so I already have a 
> “match out” rule to enable NAT for those interfaces in pf.
> Will this rule also do NAT from the wg if?
> The rule is:
> “match out on egress inet from !egress nat-to (egress)

The "egress" interface group is an automatic group to which interfaces
are added when a default route points via them. Firstly the "on egress"
will be expanded by pfctl when loading the ruleset, so that route would
need to exist at the right time. Secondly the "nat-to (egress)" will
dynamically look up members of the egress group when a packet is tested
against the ruleset, and if more than one interface is in "egress" will
round-robin between them, which is not what you want.

Say you have the main internet connection on ixl0 and wireguard on wg0
and want to NAT packets on both. In that case you could use

match out on em0 inet from !egress nat-to (em0)
match out on wg0 inet from !egress nat-to (wg0)

Or, as the wg interface is probably not going to change address
unexpectedly you can cut out the repeated runtime address lookup by
omitting the brackets

match out on em0 inet from !egress nat-to (em0)
match out on wg0 inet from !egress nat-to wg0

(similarly if em0 has a fixed address not dhcp, you can skip the runtime
lookup there too).

But you don't _have_ to nat packets going over wg, that depends on what
you want to do with it and how your onfigure it.

> I have also added a pass in rule for external connections.
> “pass in quick inet proto udp to $wg_port”

wg packets can flow in either direction and there might sometimes be a
delay between packets (say if there are network prpblems) long enough
for the firewall state entry to timeout. So you might like to remove
the "in".

> I have a default block policy, so I guess I’ll need to open for traffic in 
> both directions on the wg interface?

Yes.

> I have a server running behind the router.
> Will I be able to access it from the VPN with this setup, or do I need to 
> implement rules for that purpoce?

You'll need firewall rules that permit the traffic to the server (wg
doesn't bypass the firewall). You'll also need to decide whether you
want to use nat/rdr rules using a single router address over the wg
tunnel, or whether you want to carry a range of addresses and access the
server using its own address.

Re: Problem with WireGuard on OpenBSD 7.3

[Sonic]

On Thu, May 4, 2023 at 9:45 AM Janne Johansson  wrote:

> Apart from that, you either use /usr/local/bin/wg(-quick) to set up
> your wireguard interface OR hostname.wg0 not calling one from the
> other.


Thanks for that. Seems every website I've found uses calling
/usr/local/bin/wg from the hostname.wg file. And I've been running it
like this since Wireguard was put in the kernel. However, I decided to
try hostname.wg only and it works a treat. As an added benefit the
wireguard-tools package is not even needed.

Chris

Re: Problem with WireGuard on OpenBSD 7.3

[Odd Martin Baanrud]

Hello,

Ok, now I finally got it running.
I decided to bring up the wg interface using hostname.wg0, and start WireGuard 
from /etc/rc.local.

This machine also acts as the router for my lan/wlan, so I already have a 
“match out” rule to enable NAT for those interfaces in pf.
Will this rule also do NAT from the wg if?
The rule is:
“match out on egress inet from !egress nat-to (egress)
I have also added a pass in rule for external connections.
“pass in quick inet proto udp to $wg_port”

I have a default block policy, so I guess I’ll need to open for traffic in both 
directions on the wg interface?

I have a server running behind the router.
Will I be able to access it from the VPN with this setup, or do I need to 
implement rules for that purpoce?

Regards, Martin

Re: PC Engines APU platform EOL

[Abel Abraham Camarillo Ojeda]

On Thu, May 4, 2023 at 1:33 PM Olaf Schreck  wrote:

> > > The edgerouter 6p works with OpenBSD/octeon and has a rackmount
> bracket.
>
> > Wow. And it has a serial port. with an RJ45 connector. Hopefully the
> RS232
> > pinouts are nicely documented somewhere. Cannot seem to find those
> details
> > right now.
>
> I have an edgerouter lite with this RJ45 serial port.  Works just fine with
> the blue "Cisco" serial cables.
>

I have an edgerouter lite but made a hole in the case and connected a usb
HUB on it, can boot from it,
plus a upd device, plus a 3.5 Sata HDD (with external power, i put some
notes on the sata - usb adapter so
people connect first the adapter to power then to the usb hub...)

Re: PC Engines APU platform EOL

[Olaf Schreck]

> > The edgerouter 6p works with OpenBSD/octeon and has a rackmount bracket.

> Wow. And it has a serial port. with an RJ45 connector. Hopefully the RS232
> pinouts are nicely documented somewhere. Cannot seem to find those details
> right now.

I have an edgerouter lite with this RJ45 serial port.  Works just fine with
the blue "Cisco" serial cables.

Re: PC Engines APU platform EOL

[Stefan Sperling]

On Fri, May 05, 2023 at 03:42:37AM +1000, Damian McGuckin wrote:
> On Thu, 4 May 2023, Stefan Sperling wrote:
> 
> > The edgerouter 6p works with OpenBSD/octeon and has a rackmount bracket.
> 
> Wow. And it has a serial port. with an RJ45 connector. Hopefully the RS232
> pinouts are nicely documented somewhere. Cannot seem to find those details
> right now.

A cisco style rj45 serial cable works.

> I wonder whether the Edgerouter 8 with double the RAM is a wiser choice?
> 
> I will go and read the installation instructions for OpenBSD.
> 
> I see there was some feedback in 2018 from Bryan. He used an SSD mounted
> over the USB port (and had some issues). Looks like it works at up to about
> 450Mbps. Probably enough. Probably should test it against 7.3 then.

I have had one in production for 2 years until the USB stick failed.
It was working reliably up to that point.

An SSD would probably need an external power supply. I tried without
one and saw I/O errors. But I don't see why it wouldn't work with a
USB 3 to SATA adapter that also provides sufficient power.

Re: PC Engines APU platform EOL

[Damian McGuckin]

On Thu, 4 May 2023, Stefan Sperling wrote:


The edgerouter 6p works with OpenBSD/octeon and has a rackmount bracket.


Wow. And it has a serial port. with an RJ45 connector. Hopefully the RS232
pinouts are nicely documented somewhere. Cannot seem to find those details
right now.

I wonder whether the Edgerouter 8 with double the RAM is a wiser choice?

I will go and read the installation instructions for OpenBSD.

I see there was some feedback in 2018 from Bryan. He used an SSD mounted 
over the USB port (and had some issues). Looks like it works at up to 
about 450Mbps. Probably enough. Probably should test it against 7.3 then.


Thanks - Damian

Pacific Engineering Systems International . 20D Grose St, Glebe NSW 2037
Ph:+61-2-8571-0847 .. Fx:+61-2-9692-9623 | unsolicited email not wanted here
Views & opinions here are mine and not those of any past or present employer

Re: PC Engines APU platform EOL

[Stefan Sperling]

On Thu, May 04, 2023 at 09:45:27AM -0400, David Higgs wrote:
> On Thu, Apr 20, 2023 at 1:30 AM fRANz  wrote:
> 
> > On Wed, Apr 19, 2023 at 11:30 AM Martin Schröder 
> > wrote:
> >
> > > https://www.pcengines.ch/eol.htm
> > > The end is near for APUs :-(
> >
> > :(
> > Happy apu2 & apu4 user here.
> > Are there other OpenBSD friendly options?
> > Regards,
> > -f
> >
> 
> Someday I'll need to replace my APU and prefer not to wade through
> aliexpress.  If there aren't any spares left, it looks like the ODROID H3
> with the expansion NIC board might be a good match for my needs.
> https://www.hardkernel.com/shop/odroid-h3/
> https://www.hardkernel.com/shop/h2-net-card/
> 
> Someone recently posted a dmesg too:
> https://marc.info/?l=openbsd-misc&m=168182784030477&w=2
> 
> I've got no particular affinity for x86 hardware.  Has anyone found an
> equivalent that can run arm64 with a minimum of installation fussiness and
> 3x NICs?

The edgerouter 6p works with OpenBSD/octeon and has a rackmount bracket.

Re: PC Engines APU platform EOL

[Johan Huldtgren]

On 2023-05-04  5:18, Stuart Henderson wrote:
> 
> You'll open up many more options if you allow a quiet fan for rackmount,
> or allow using a non-rackmount box on a rack shelf.

I'm in the same boat where I need to replace my current apu4s with a
new rackmounted solution. The research I've done so far brings me to
the same conclusion as Stuart, rackmounted and fanless solutions are
few and far between. One option I did see was that the Protecli
which was mentioned earlier in this thread sells a shelf(1) which you
can use to attach up to two vault devices to.

However I'm leaning towards finding a rack mounted solution with quiet
fans, I have a 4U server(2) I bought years ago with large fans which is
very quiet, but that is obviously overkill to replace my apus with. I'll
finally mention that I have an HP DL360 (few generations old) which is
suprisingly quiet most of the time as well.

thanks,

.jh

(1) https://protectli.com/product/rack-mount-shelf/
(2) https://silentpc.com/servers/

Re: PC Engines APU platform EOL

[Stuart Henderson]

On 2023/05/04 10:25, Johan Huldtgren wrote:
> On 2023-05-04  5:18, Stuart Henderson wrote:
> > 
> > You'll open up many more options if you allow a quiet fan for rackmount,
> > or allow using a non-rackmount box on a rack shelf.
> 
> I'm in the same boat where I need to replace my current apu4s with a
> new rackmounted solution. The research I've done so far brings me to
> the same conclusion as Stuart, rackmounted and fanless solutions are
> few and far between. One option I did see was that the Protecli
> which was mentioned earlier in this thread sells a shelf(1) which you
> can use to attach up to two vault devices to.
> 
> However I'm leaning towards finding a rack mounted solution with quiet
> fans, I have a 4U server(2) I bought years ago with large fans which is
> very quiet, but that is obviously overkill to replace my apus with. I'll
> finally mention that I have an HP DL360 (few generations old) which is
> suprisingly quiet most of the time as well.
> 
> thanks,
> 
> .jh
> 
> (1) https://protectli.com/product/rack-mount-shelf/
> (2) https://silentpc.com/servers/

Unless you have dust problems or a big requirement to avoid moving
parts that you can't mitigate by just having more fans than the minimum
requirement, fanless might well not be necessary, a low airflow fan can
be pretty quiet and will make a huge difference to cooling compared to
no fan.

(BTW another thing to watch out for with fanless machines; in some
cases the machine is fanless but there's a separate PSU which is not!)

Re: PC Engines APU platform EOL

[Andrew Klaus]

I'm in the midst of testing the R86S as an alternative to my APU. My 
biggest issues so far with it:


- No UART port, or even one to solder a header to. That means you're 
stuck with HDMI during install or to do any rescue work.


- The SFPs in the taller version are Mellanox ConnectX-3s, which aren't 
supported in OpenBSD like the 4s and 5s. My ISP does fibre to the home, 
so I was hoping to directly connect my SFP to my firewall, bypassing my 
modem entirely. If you don't need SFP support, then the 2.5GbE ports 
seem to be supported.


Otherwise it does seem like a very capable machine.

On 5/4/23 00:23, Damian McGuckin wrote:

On Thu, 4 May 2023, Maksim Rodin wrote:


Is there any problem with fanless x86_64 mini PCs with several NICs,
sold on aliexpress?


Maybe, or give up on the rackmount and buy the R86S, as in

https://www.aliexpress.com/i/1005004765507664.html

An alternative is to buy 3 APU4s now 3 to cover failures and spares over
the next few years. Hopefully, they still have some left.

Thanks - Damian

Pacific Engineering Systems International . 20D Grose St, Glebe 
NSW 2037
Ph:+61-2-8571-0847 .. Fx:+61-2-9692-9623 | unsolicited email not 
wanted here
Views & opinions here are mine and not those of any past or present 
employer

Re: PC Engines APU platform EOL

[David Higgs]

On Thu, Apr 20, 2023 at 1:30 AM fRANz  wrote:

> On Wed, Apr 19, 2023 at 11:30 AM Martin Schröder 
> wrote:
>
> > https://www.pcengines.ch/eol.htm
> > The end is near for APUs :-(
>
> :(
> Happy apu2 & apu4 user here.
> Are there other OpenBSD friendly options?
> Regards,
> -f
>

Someday I'll need to replace my APU and prefer not to wade through
aliexpress.  If there aren't any spares left, it looks like the ODROID H3
with the expansion NIC board might be a good match for my needs.
https://www.hardkernel.com/shop/odroid-h3/
https://www.hardkernel.com/shop/h2-net-card/

Someone recently posted a dmesg too:
https://marc.info/?l=openbsd-misc&m=168182784030477&w=2

I've got no particular affinity for x86 hardware.  Has anyone found an
equivalent that can run arm64 with a minimum of installation fussiness and
3x NICs?

--david

Re: Problem with WireGuard on OpenBSD 7.3

[Janne Johansson]

Den tors 4 maj 2023 kl 15:08 skrev Odd Martin Baanrud :
> inet 10.0.6.1 0xfgffgf00 NONE up !/usrlocal/bin/wg setconf wg0 
> /etc/wireguard/wg0.conf

While multiple slashes combine into one, having /usr... seems like
a weird thing to put in the config.
Apart from that, you either use /usr/local/bin/wg(-quick) to set up
your wireguard interface OR hostname.wg0 not calling one from the
other.
If you go for hostname.wg0, read up on the "man ifconfig" section
about wireguard tunnels and skip the wg0.conf. If you go for
wg/wg-quick, you can call it from rc.local or something.

> Accourding to hostname.if(5), !-commands must work in single-user mode, if 
> they should be executed.
> If this is the case, why is ‘wg’ in /usr/local/bin?

..which solves this "mystery" too.

-- 
May the most significant bit of your life be positive.

Re: Problem with WireGuard on OpenBSD 7.3

[matthew j weaver]

On Thu, May 4, 2023, at 08:06, Odd Martin Baanrud wrote:
> https://ianix.com/wireguard/openbsd-howto.html

  This tutorial has one installing a port ("wireguard-tools"), and then making 
one's wireguard interface depend on that package. I am not sure why it does 
that, but that one problem with your configuration.

  Ports install with a prefix of /usr/local/ by default.

  I am unfamiliar with the wireguard-tools package, but it's unnecessary for 
configuring wg(4) interfaces:

  https://man.openbsd.org/wg

  weaver

Re: Problem with WireGuard on OpenBSD 7.3

[Josh Grosse]

On Thu, May 04, 2023 at 03:06:13PM +0200, Odd Martin Baanrud wrote:
> Hello,
> 
> I???m configuring a WireGuard server on an OpenBSD 7.3 machine, using this 
> howto:
> https://ianix.com/wireguard/openbsd-howto.html
> 
> I don???t get the wg0 interface up.
> The hostname.wg0 contains:
> inet 10.0.6.1 0xfgffgf00 NONE up !/usrlocal/bin/wg setconf wg0 
> /etc/wireguard/wg0.conf

0xfgffgf00 is an invalid netmask, as it is not hexadecimal (0-f).  Your netmask 
should be one of:

a. address/subnet CIDR notation
b. decimal notation
c. hexadecimal notation

https://en.wikipedia.org/wiki/IP_address#Subnetworks

Problem with WireGuard on OpenBSD 7.3

[Odd Martin Baanrud]

Hello,

I’m configuring a WireGuard server on an OpenBSD 7.3 machine, using this howto:
https://ianix.com/wireguard/openbsd-howto.html

I don’t get the wg0 interface up.
The hostname.wg0 contains:
inet 10.0.6.1 0xfgffgf00 NONE up !/usrlocal/bin/wg setconf wg0 
/etc/wireguard/wg0.conf

And when I try to bring wg0 up with /etc/netstart, I get the following:
# sh /etc/netstart wg0
ifconfig: !/usr/local/bin/wg: bad value

Accourding to hostname.if(5), !-commands must work in single-user mode, if they 
should be executed.
If this is the case, why is ‘wg’ in /usr/local/bin?

Regards, Martin

Re: High Interrupt After 7.3 Upgrade

[Samuel Jayden]

Hi again,

Just for the record:
I've downgraded to OpenBSD 7.2 (reinstalled) and everything is working like
a charm again.
I don't know what is wrong with 7.3 but ipi interrupt rate is too much and
somehow OpenBSD performance is too bad..
Thanks for reading.


On Tue, May 2, 2023 at 9:24 PM Samuel Jayden 
wrote:

> Hello misc,
>
>
> My firewall just slowed down after upgrading from 7.2 to 7.3.
>
> When I look at some values on the system I’ve realized there are high
> interrupts on it.
>
>
> Total Interrupts are over 40.000
>
> em1 is over 4000
>
> em2 is over 3000
>
> Clock is nearly 2000
>
> ipi over 30.000
>
>
> But there are no Ierrs, Oerrs or Colls on those interfaces.
>
>
> You can find some hardware information and my question is where to start
> for debugging?
>
> Why IPI is so heavy?
>
> Can it be related via this notice from 73.html
>
> ‘’Added support for per-CPU counters to evcount(9)
> . Useful for counting events that are
> prone to occur simultaneously across multiple CPUs, like clock interrupts
> and IPIs.’’
>
> Thanks.
>
>
>
> # sysctl hw.model
>
> hw.model=Intel(R) Xeon(R) CPU D-1548 @ 2.00GHz
>
> # sysctl hw.ncpuonline
>
>
>
> hw.ncpuonline=8
>
>
> # uptime
>
>
>
>  9:08PM  up 13 mins, 1 user, load averages: 2.06, 1.98, 1.38
>
>
> OpenBSD 7.3 (GENERIC.MP) #1125: Sat Mar 25 10:36:29 MDT 2023
>
> dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
>
> real mem = 34237882368 (32651MB)
>
> avail mem = 33180819456 (31643MB)
>
> random: good seed from bootblocks
>
> mpath0 at root
>
> scsibus0 at mpath0: 256 targets
>
> mainbus0 at root
>
> bios0 at mainbus0: SMBIOS rev. 3.0 @ 0x7bd0 (101 entries)
>
> bios0: vendor American Megatrends Inc. version "AHBA" date 10/03/2018
>
> bios0: Lanner Inc. NCA4010D
>
> efi0 at bios0: UEFI 2.4
>
> efi0: American Megatrends rev 0x5000b
>
> acpi0 at bios0: ACPI 5.0
>
> acpi0: sleep states S0 S5
>
> acpi0: tables DSDT FACP APIC FPDT FIDT TCPA MCFG UEFI DBG2 HPET MSCT SLIT
> SRAT WDDT SSDT SSDT SSDT PRAD DMAR
>
> acpi0: wakeup devices XHCI(S0) EHC1(S0) EHC2(S0) RP01(S0) RP02(S0)
> RP03(S0) RP04(S0) RP05(S0) RP06(S0) RP07(S0) RP08(S0) BR1A(S0) BR1B(S0)
> BR2A(S0) BR2B(S0) BR2C(S0) [...]
>
> acpitimer0 at acpi0: 3579545 Hz, 24 bits
>
> acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
>
> cpu0 at mainbus0: apid 0 (boot processor)
>
> cpu0: Intel(R) Xeon(R) CPU D-1548 @ 2.00GHz, 1995.41 MHz, 06-56-03
>
> cpu0:
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,PQM,RDSEED,ADX,SMAP,PT,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
>
> cpu0: 32KB 64b/line 8-way D-cache, 32KB 64b/line 8-way I-cache, 256KB
> 64b/line 8-way L2 cache, 12MB 64b/line 12-way L3 cache
>
> cpu0: smt 0, core 0, package 0
>
> mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
>
> cpu0: apic clock running at 99MHz
>
> cpu0: mwait min=64, max=64, C-substates=0.2.1.2, IBE
>
> cpu1 at mainbus0: apid 2 (application processor)
>
> cpu1: Intel(R) Xeon(R) CPU D-1548 @ 2.00GHz, 1995.45 MHz, 06-56-03
>
> cpu1:
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,PQM,RDSEED,ADX,SMAP,PT,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
>
> cpu1: 32KB 64b/line 8-way D-cache, 32KB 64b/line 8-way I-cache, 256KB
> 64b/line 8-way L2 cache, 12MB 64b/line 12-way L3 cache
>
> cpu1: smt 0, core 1, package 0
>
> cpu2 at mainbus0: apid 4 (application processor)
>
> cpu2: Intel(R) Xeon(R) CPU D-1548 @ 2.00GHz, 1995.49 MHz, 06-56-03
>
> cpu2:
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,PQM,RDSEED,ADX,SMAP,PT,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
>
> cpu2: 32KB 64b/line 8-way D-cache, 32KB 64b/line 8-way I-cache, 256KB
> 64b/line 8-way L2 cache, 12MB 64b/line 12-way L3 cache
>
> cpu2: smt 0, core 2, package 0
>
> cpu3 at mainbus0: apid 6 (application processor)
>
> cpu3: Intel(R) Xeon(R) CPU D-1548 @ 2.00GHz, 1995.58 MHz, 06-56-03
>
> cpu3:
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PG

Re: PC Engines APU platform EOL

[Anders Andersson]

On Thu, May 4, 2023 at 8:24 AM Damian McGuckin  wrote:
>
> On Thu, 4 May 2023, Maksim Rodin wrote:
>
> > Is there any problem with fanless x86_64 mini PCs with several NICs,
> > sold on aliexpress?
>
> Maybe, or give up on the rackmount and buy the R86S, as in
>
> https://www.aliexpress.com/i/1005004765507664.html
>
> An alternative is to buy 3 APU4s now 3 to cover failures and spares over
> the next few years. Hopefully, they still have some left.
>
> Thanks - Damian

The R86S looks cute, but on closer inspection it has a fan. They even
crammed *two* fans in there for the taller version. That doesn't
necessarily mean it makes a lot of noise, but if fanless is a strict
requirement for other reasons it's out.

Re: OpenBSD with GRUB2

[Philipp Buehler]

Am 04.05.2023 09:31 schrieb Luca Di Gregorio:

To be honest, I don't know if the modification of GRUB in Debian is 
needed.

Or, installing with Whole disk MBR (w) is enough.
But it works, OpenBSD is automatically started at reboot.


The modification in grub configuration would make it possible to boot
into the installer via grub menu. your logbook doesn't make use of that; 
you

just go via grub console again.

For the persistency of the then installed OpenBSD is installboot(8) and 
so to
make EFI/BIOS to find the bootloader again, you needed "Whole disk" (as 
Benjamin

already wrote).

in short: grubconsole OR grub.conf to boot installer-bsd.rd and "whole 
disk"
to wipe all debian/grub parts and make installboot writing in the 
correct location


HTH,
--
pb

Re: OpenBSD with GRUB2

[Luca Di Gregorio]

I achieved it by modifying GRUB when the VPS is still Debian.
Debian version: 11

At reboot, press 'c' for the GRUB command line
grub> ls
(hd0) (hd0,gpt3) (hd0,gpt2) (hd0,gpt1)

grub> set root=(hd0,gpt2)
grub> ls /
... grub/ vmlinuz... initrd.img...

It means that (hd0,gpt2) is the /boot directory in Debian

grub> reboot

Reboot to Debian

Append the following to the file /etc/grub.d/40_custom:
menuentry "OpenBSD" {
set root=(hd0,gpt2)
   kopenbsd /bsd
}

In /etc/default/grub:

#GRUB_DEFAULT=0
GRUB_DEFAULT=2
#OpenBSD is the third entry

Run the command update-grub

Get bsd.rd and move to /boot

Reboot and press 'c' for the GRUB command line
grub> set root=(hd0,gpt2)
grub> kopenbsd /bsd.rd
grub> boot

Install OpenBSD with the option Whole disk MBR (w)

In disklabel, offset of 'a' partition must be 64.

To be honest, I don't know if the modification of GRUB in Debian is needed.
Or, installing with Whole disk MBR (w) is enough.
But it works, OpenBSD is automatically started at reboot.

When OpenBSD is running:
# disklabel -p g sd0
...
16 partitions:
#size   offset  fstype [fsize bsize   cpg]
  a:19.0G   64  4.2BSD   2048 16384 12960 # /
  b: 1.0G 39857248swap# none
  c:20.0G0  unused

Il giorno gio 4 mag 2023 alle ore 09:13 Benjamin Stürz <
benni+open...@stuerz.xyz> ha scritto:

> On 03.05.23 10:52, Luca Di Gregorio wrote:
> > I'm trying to install OpenBSD on a VPS with Debian/GRUB2.
> > I get bsd.rd, in GRUB2 I launch the installer with:
> > set root=(hd0,X)
> > kopenbsd /bsd.rd
> > boot
> >
> > The installation is ok, but GRUB2 still remains.
> > So, when I reboot, GRUB2 menu appears, and OpenBSD can be started only
> with:
> > set root=(hd0,X)
> > kopenbsd /bsd
> > boot
> >
> > I would like to automatically start OpenBSD at reboot.
> >
> > Is it possible to overwrite GRUB2 in the installation process?
> > Or, is it possible to add a GRUB2 entry in OpenBSD?
>
> Hi Luca,
>
> it should be possible,
> if you choose "Whole disk MBR (w)" or "Whole disk GPT (g)"
> before partitioning.
>
> Be aware that this will also erase your Debian install too.
>
> Best regards,
> Benjamin Stürz
>
>