Re: vlan configuration: off-topic
On Fri, 2008-01-18 at 11:49 -0200, John Nietzsche wrote: > Dear gentleman, > > i am starting with vlan topic right now. I am in need to get two dell > powerconnect 2724 switches to implement 3 vlan. I know how to The Dee PC2724 cant move its mgmnt vlan from VLAN1, and *BSD vlan(1) wont transmit VLAN 1 as tagged (per spec). The work around is to assign VLAN1's IP on your *BSD gear to the physical interface of your VLAN trunk. I'm about to remove the last of any/all Dell switches from my network -- an announcement which I'm sure Dell will censure from their forums. Ass - Holes. ~BAS
Re: Watching the prgress of dd if=drive1 of=drive2
On Sat, 2008-02-23 at 12:15 -0800, Jon wrote: > I'm using dd to clone a drive. How can I watch the progress of this or > see the transfer rate in real time? It should accept SIGINFO (control+G) on most terminals. You may also be able to compile progress(1) ~BAS IMPORTANT: This message contains confidential information and is intended only for the individual named. If the reader of this message is not an intended recipient (or the individual responsible for the delivery of this message to an intended recipient), please be advised that any re-use, dissemination, distribution or copying of this message is prohibited. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system.
Re: Thank you: Re: Watching the prgress of dd if=drive1 of=drive2
On Sat, 2008-02-23 at 13:46 -0800, Jon wrote: > on some learning paths here. This mailing list is awesome. Thank you. just remember that when 4.3 CD pre-release-sales are announced :) IMPORTANT: This message contains confidential information and is intended only for the individual named. If the reader of this message is not an intended recipient (or the individual responsible for the delivery of this message to an intended recipient), please be advised that any re-use, dissemination, distribution or copying of this message is prohibited. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system.
Re: openbsd router hardware
On Mon, 2007-12-24 at 13:29 +0100, Joerg Zinke wrote: > Hi, > > I'm looking for hardware to install an openbsd based dsl-router. > I already searched the list archives and looked at WRAP and Soekris, > but it seems that they do not match my requirements: > > - fanless > - as small as possible - Soekris - Routerboard - Axiomtek - ARInfotek - Nexcom - Advantech - Acrosser - Win Enterprises I think that we can agree that you really want to avoid VIA-anything. You really get what you pay for. Some set top models I've looked at: http://www.axiomtek.com/products/ViewProduct.asp?view=470 http://www.nexcom.com/product/productshow.jsp?iid=11&pid=919 http://www.advantech.com/products/Tabletop-Intel-Pentium-MProcessor-based-Platformwith-4-PCIe-LAN-Ports-MINIPCI-Expansion-Onboard/mod_1-2JKJKY.aspx http://www.acrosser.com/Product/Networking% 20applicance/VPN-V-Series/Firewall_eden_m9923.html http://www.arinfotek.com/product/product.asp?idx=2002&pid=11 ~BAS > - at least 2, better 3 ethernet ports > - a wlan-card (as access point in hostap mode) > - mainboard and other hardware should work with openbsd of course, > would be nice to see output from hw.sensors* > - storage should have at least 10GB, I think this leads to a real > ide/sata-disk (maybe 2.5") > - vga-output (because I have no other machine with a serial port to do > the installation) > - lcd-display (something that is supported by lcdproc, which seems to > work fine on openbsd) > > Not a requirement, but nice-to-have: usb-2.0 port(s). > > Does anyone know a company or vendor which builds such an > (openbsd-)ready system fulfilling the above requirements? > > Or did I need to start buying all pieces (maybe mini-itx based?) and > assembly them on my own? > > Any hints? > > Regards, > > Joerg > > > > > > > IMPORTANT: This message contains confidential information and is intended only for the individual named. If the reader of this message is not an intended recipient (or the individual responsible for the delivery of this message to an intended recipient), please be advised that any re-use, dissemination, distribution or copying of this message is prohibited. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system.
Re: Simple OBSD/Samba sharing/restart question
On Mon, 2008-03-31 at 12:36 -0400, Dan Brosemer wrote: > But should you need to stop and start it, just kill off the [sn]mbd > processes and fire them off manually. Use /etc/rc.local as your command line flag/switch reference point. ~BAS IMPORTANT: This message contains confidential information and is intended only for the individual named. If the reader of this message is not an intended recipient (or the individual responsible for the delivery of this message to an intended recipient), please be advised that any re-use, dissemination, distribution or copying of this message is prohibited. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system.
Re: make build fails for OPENBSD_4_4 on i386
On Fri, 2008-08-08 at 13:59 +0200, Miod Vallat wrote: > Until the cd-rom are actually created and the release is announced, > tags are Just trying to be helpful in reporting a build-problem during the releng cycle. If there's a better venue for such reports, lets have it :) ~BAS IMPORTANT: This message contains confidential information and is intended only for the individual named. If the reader of this message is not an intended recipient (or the individual responsible for the delivery of this message to an intended recipient), please be advised that any re-use, dissemination, distribution or copying of this message is prohibited. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system.
Re: Installing the latest snapshot freezes on i386
On Tue, 2007-10-23 at 01:42 -0700, Reza Muhammad wrote: > Hi all, > > I just recently purchased a brand new HP Pavilion > G3035L Desktop PC (spec: > http://www.anugrahpratama.com/product/21/1092/HP-Pavilion-G3035L-Desktop-PC). > It's using Intel Core Duo processor. I tried to > install OpenBSD's latest snapshot to this machine last > night. The thing is it freezes and it wouldn't > install. Here's the messages I got from my screen: Try interrupting boot and booting into the real-time kernel config [OpenBSD banner] boot> boot -c ukc> verbose ukc> enable apci0 ukc> disable apm0 ukc> exit ~BAS > ehci0: timed out waiting for BIOS > usb0 at ehci0: USB revision 2.0 > > Does anyone know what the problem is? Are some of the > hardware aren't supported by OpenBSD? What should I do > so this machine can run OpenBSD? > > Thanks for the help. I appreciate it. > > -Reza > Tired of spam? Yahoo! Mail has the best spam protection around > http://mail.yahoo.com
Re: SUMMARY: Still unable to get Cyclades Z serial ports working with OpenBSD
On Thu, 2007-10-25 at 14:39 -0700, Don Jackson wrote: > no channels at > tached Well, "no channels attached" tells me its a hardware issue (cables`n`shit), or the software failing to properly probe the hardware. Does it work in another system under another platform (Linux LiveCD, etc.). I use the Y-Series on NetBSD and its finiky. There are times when my systems refuse to post the BIOS until I re-seat the card. cy0 at pci0 dev 15 function 0: Cyclades-Y multiport serial cy0: interrupting at irq 7 cy0: 16 channels (ttyCY000..ttyCY015) <-- !!! NOTE THIS !!! ~BAS
Re: CEF / MLS (WAS: Re: em(4) - IFCAP_VLAN_MTU & IFCAP_VLAN_HWTAGGING ?)
On Mon, 2007-10-22 at 12:04 +0200, Henning Brauer wrote: > * Claudio Jeker <[EMAIL PROTECTED]> [2007-10-22 08:17]: > > Fragment Reassembly does not happen in the forwarding plane, it happens on > > the end system. By doing "flow" based forwarding on the router you're no > > longer able to do all the additional checks that pf(4) is doing in its > > stateful forwarding path. > > and we don't actually need these on a non-edge router. I'd go so far > to say they hurt in that case. I agree. Just to confirm... you do not encourage the use of fragment reassembly at forwarding points other than the network periphery? We recently ran into some intermittent TCP connection stalls in a network where end point systems were behind as many a three PF systems end-point to end-point. "pfctl -x loud" had a direct correlation to the stalls and reassemble debug activity output. We didn't debug it too much because there was a mix of 3.7, 3.9, and 4.1 systems and we wanted to standardize on 4.2 before filing any superfluous bug reports. ~BAS > > > There is probably a huge market out there for a commodity standards > > > based hardware (if it could be done) > > I doubt it, the necessary HW is just to expensive and complex. > > I totlly agree with the statement that there is a huge market for > that - but getting supported, fully working hardware at reasonable > prices for it is indeed a gigantic challenge.
Re: Problem with MP on 4.2
> > first try to enable acpi and see what happens. > > > > Thanks. Enabling acpi did not make a difference, but then I disabled > apm and it's working. Right -- all of the example ukc> output shows how to enable acpi0 but no one ever shows how to disable apm0. ~BAS > > Abdul > > > HTH, > > Stijn
Re: OpenBSD 4.2 RAIDFrame mirror
On Thu, 2007-10-25 at 10:50 +0200, Dominik Zalewski wrote: > Dear All, > > I have a machine with two Maxtor 160GB hard disks. I've installed OpenBSD 4.2 > on first one and I would like to use second one as a mirror. If you really want to kick as the dead horse, I can probably roll a 4.2 install image that has RAIDFrame in the RD, so you can set it up property at install time. You best bet is an entry-level bio(4) manageable hardware RAID Controller. ~BAS > As far as I understood I will have to repartition and reinstall whole system > to enable second disk as a mirror. All I want is to have software RAID 1.
Re: OpenBSD Sound
On Wed, 2007-10-31 at 14:51 +, Tomas Bodzar wrote: > And still one thing > > When I was try OpenBSD (I think that was 3.8),I use WindowMaker,Xmms and lots Some *BSD systems are adjusting PCM driver support to allow multiple process to open /dev/dsp / /dev/audio multiple times in-exclusively, mitigating the needs for piss-poor software API multiplex'ing solutions a-la ARTS/ESD. ~BAS
Re: OpenBSD 4.2 hardware recommendation
On Sat, 2007-11-03 at 00:20 +0300, VP wrote: > Hello! > > I have a network with 100 users and 7 servers and current firewall > need to be replaced. I want to by brand server due to company policy. "Brand" as in put your company name on the hardware > It can be SPARC or x86. > But vendors don't officially support OpenBSD with their hardware. > We need tower server with 1 proccessor, 2 gigs of RAM, 2 SCSI disks > and 2 power supply. Does anyone recommend brand server which supports For a _firewall_ ?! Are you sure you don't want something more opt for forwarding packets? Or is this a multi-function system? ~BAS > OpenBSD?
Re: Custom Kernel for 4.2 upgrade
On Fri, 2007-11-02 at 20:21 +, Stuart Henderson wrote: > On 2007/11/02 14:45, Jason Murray wrote: > > I have a 4.1 box that uses RAIDFrame so I need to compile a customer kernel > > in order to upgrade. I know this is not supported, but it has worked (minus > > the one gotcha) for me from 3.6 until 4.1 so I expect it will work for 4.2. I can build you a custom 4.2 release with bsd.rd install images w/ RAIDFrame support, if needed. I need to put together a 4.2 build box anyway ~BAS
Re: OpenBSD 4.2 hardware recommendation
On Sat, 2007-11-03 at 00:42 +0300, VP wrote: > >> It can be SPARC or x86. > >> But vendors don't officially support OpenBSD with their hardware. > >> We need tower server with 1 proccessor, 2 gigs of RAM, 2 SCSI disks > >> and 2 power supply. Does anyone recommend brand server which supports > > > For a _firewall_ ?! Are you sure you don't want something more opt for > > forwarding packets? Or is this a multi-function system? > If you can live w/o RAID, i recommend advantech.com or nexcom.com Network Security Appliance product lines. ~BAS > Of course, server must have min 2 good integrated NIC's. > It will be firewall with IDS. Which options you mean?
Re: Clamav
On Mon, 2007-11-05 at 10:49 -0500, Peter Fraser wrote: > get updates on the virus signatures. I was going to put Well how many local patches are there? Did you try to bump the port to the version you want? Just update the Makefile & distinfo and see if the patches apply cleanly. ~BAS
Re: 4.2 won't boot after fresh installation
> Ok, just tried rebooting with your suggestion of: > > boot -c > disable fdc* > boot > > Actually, I had to "quit" instead of "boot" > > It stopped at the same place: fd0 at fdc0 drive 0: 1.44MB 80cyl, 2 head, 18 > sec Enable "verbose" in ukc. It often shows silent probes that fail and lock the system before they can print out that they've failed. ~BAS > Perhaps I should say that is the last line visible. > > This box is just a home pc on a single hd, 1 primary partition for openbsd > and 3 logical partitions for linux. > It is not a server to/for anything. This one is just for home stuff connected > to internet on cable. > > I will try another fresh install and save the dmesg after installation and > after rebooting (if successful). > > Thanks again.
Re: OpenBSD isakmpd and pf vs Cisco PIX or ASA
On Mon, 2007-11-05 at 07:23 +0100, Martin Toft wrote: > On Mon, Nov 05, 2007 at 01:29:05AM +0100, Cabillot Julien wrote: > > Have you try openbsd 4.2 ? PF have been really improved in this > > release. pf(4) has nothing to do with isakmpd(8), except as it relates to recent addition of routing tags. - PIX/ASA is going to get you a default packet "ASA" forwarding based on interface weights - PIX/ASA is going to guarantee easily setup and functional Hybrid-XAUTH VPN Road-warrior clients - PIX has functional object-groups/group-object inheritance - PIX/ASA has proprietary serial console fail-over (which is marginally faster than waiting for CARP) - PIX/ASA has some magical black-box inline transparent protocol "fixups" - PIX has a 4 hour SmartNet support contract option - PIX/ASA has a SNMP MIB tree (Which we are working to catch up on) I don't know about ASA, but the 5xx PIX doesn't support IPv6 Otherwise they're both software-based stateful IP packet forwarding engines running on i386 with NAT and IPSec and 802.1q support. OpenBSD will always scale better because you can run it on the harwdare platform of your choice. ~BAS > 1. VPN is computationally heavy -- is your hardware fast enough? > > 2. Try playing with queueing in PF to handle some types of traffic >faster than others. AFAIK, it is normal to find this kind of >configuration in commercial, black-box solutions, disguised as buzzy >slogans like "Built-in QoS Super-Routing" :-) > > Just my two cents. > > Martin
Re: PF problems
On Tue, 2007-11-13 at 14:17 -0200, Kleber Rocha wrote: > 10.1.1.78 tries to access the ip 10.1.100.210 on port 8080, the If xl0 faces 10.1.1.0 (outside) and bge0 faces your local (inside) 10.1.100.0/24, then your "pass in" statement will create a state associated with inbound traffic. However, it will not automatically create an associated stateful "outbound" connection out/in your bge0. This is a common misunderstanding with pf(4) as a transit device. Default-block in policy routers have to have a default "pass out keep state" rule to get this PIX/ASA style behavior that most are used to. ~BAS
Re: 4.1 fresh install dc0: failed to force tx and rx to idle state
> I have cut and pasted the output from ifconfig and dmesg below. > I do have a non tulip nic I might try tomorrow. Try a -current kernel. If it occurs, obtain a backtrace / kernel core dump and post it. Possibly file a PR if it is warranted. It might not get fixed quickly, so grab an xl(4)/fxp(4) from the 100-stack. ~BAS
Re: How to test if pfsync is working?
On Sun, 2007-12-02 at 01:14 -0800, Jake Conk wrote: > Hello, > > I have pfsync setup between two servers and they're connected to each The command that you're look for is: $ sudo netstat -s state | grep -A 17 pfsync pfsync: 0 packets received (IPv4) 0 packets received (IPv6) 0 packets discarded for bad interface 0 packets discarded for bad ttl 0 packets shorter than header 0 packets discarded for bad version 0 packets discarded for bad HMAC 0 packets discarded for bad action 0 packets discarded for short packet 0 states discarded for bad values 0 stale states 0 failed state lookup/inserts 0 packets sent (IPv4) 0 packets sent (IPv6) 0 send failed due to mbuf memory error 0 send error As for keeping your config in sync, I recommend bracket-expanding and scp(1)'ing the file over using a periodic script. ~BAS
Re: IPSEC bridge and pf
On Sun, 2007-12-02 at 19:08 -0500, tim wrote: > my current pf configuration and add the use of the IPSEC bridge to > that set up. Just check "tcpdump -vvv -n -s 192 -i pflog0". Probably "pass quick proto ipencap all" etc.
Re: Routing issue with VPN tunnel
On Mon, 2008-12-15 at 00:06 +, Danial wrote: > I don't like responding to my own thread but I really need > help with this one, so I'll try to rephrase the question: Just about every userland utility has the ability to specify source transmit addresses (bind(4) function) If not, we can add it. It's probably the second-most-asked question on the Net-SNMP mailing lists (because of all of the embedding, likely) ~BAS > > The remote tunnel endpoint expects traffic originating from IMPORTANT: This message contains confidential information and is intended only for the individual named. If the reader of this message is not an intended recipient (or the individual responsible for the delivery of this message to an intended recipient), please be advised that any re-use, dissemination, distribution or copying of this message is prohibited. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system.
Re: HIFN 7955 Support in OpenBSD 4.6 on AMD Geode LX800 System
On 2/18/2010 7:21 AM, Liam Farr wrote: Hi, I thought that the system might be using the built in crypto in the AMD Geode CPU instead of the HIFN and have used "config -e -o bsd.new /bsd" to disable glxsb (glxsb0 at pci0 dev 1 function 2 "AMD Geode LX Crypto" rev 0x00: RNG AES) in the kernel, and booted the new kernel config however this makes no difference. LF: FreeBSD had a cool utility alled "cryptotstats" that poll()'d usage stats out of the kernel for debugging. http://www.freebsd.org/cgi/cvsweb.cgi/src/tools/tools/crypto/ It was written by Sam Leffer. I've been meaning to port it over to NetBSD/OpenBSD. LMK and I'll jump in. ~BAS
Re: HIFN 7955 Support in OpenBSD 4.6 on AMD Geode LX800 System
On 2/18/2010 12:47 PM, Ryan Corder wrote: Essentially, on these lower-power devices, the cost of moving the data to and from the crypto card across the PCI bus negates most performance gains you would achieve trying to offload it. Right Where as on servers, these devices only offer a benefit of the CPU is saturated and this permits for work offload, allowing the main system to use CPU for other things. Unfortunately, its often less expensive to buy more cores on production servers than to put an $800 crypto card in. But if you're doing lots of stuff on your AMD Geode appliance ...you may find it beneficial. That's why you see crypto card manufacturers getting into things like HSMs and other products now, because the heyday of helping out a Pentium-III server with a Crypto Accelerator is over. ~BAS