Re: seeing carp interface state change for unknown reason ; cluestick hunting
Thanks for the response. I've mounted a ramdisk at /mnt and have run "doas route -n monitor > /mnt/route.monitor" in a tmux session for a few days. Here are some details: erl3-01$ grep carp1 route.monitor | sort | uniq -c 91 RTM_ADD: Add Route: len 192, priority 146, table 0, if# 6, name carp1, pid: 0, seq 0, errno 0 428 RTM_ADD: Add Route: len 192, priority 18, table 0, if# 6, name carp1, pid: 0, seq 0, errno 0 43 RTM_DELETE: Delete Route: len 192, priority 146, table 0, if# 6, name carp1, pid: 0, seq 0, errno 0 478 RTM_DELETE: Delete Route: len 192, priority 18, table 0, if# 6, name carp1, pid: 0, seq 0, errno 0 31 RTM_IFINFO: iface status change: len 168, if# 6, name carp1, link: backup, mtu: 1500, flags: 31 RTM_IFINFO: iface status change: len 168, if# 6, name carp1, link: invalid, mtu: 1500, flags: 31 RTM_IFINFO: iface status change: len 168, if# 6, name carp1, link: master, mtu: 1500, flags: 1 RTM_RESOLVE: Route created by cloning: len 192, priority 146, table 0, if# 6, name carp1, pid: 0, seq 0, errno 0 385 RTM_RESOLVE: Route created by cloning: len 192, priority 18, table 0, if# 6, name carp1, pid: 0, seq 0, errno 0 erl3-01$ grep vlan100 route.monitor | sort | uniq -c 31 RTM_IFINFO: iface status change: len 168, if# 8, name vlan100, link: active, mtu: 1500, flags: 31 RTM_IFINFO: iface status change: len 168, if# 8, name vlan100, link: no carrier, mtu: 1500, flags: erl3-01$ grep cnmac2 route.monitor | sort | uniq -c 57 RTM_ADD: Add Route: len 192, priority 3, table 0, if# 3, name cnmac2, pid: 0, seq 0, errno 0 57 RTM_DELETE: Delete Route: len 192, priority 3, table 0, if# 3, name cnmac2, pid: 0, seq 0, errno 0 31 RTM_IFINFO: iface status change: len 168, if# 3, name cnmac2, link: active, mtu: 1500, flags: 31 RTM_IFINFO: iface status change: len 168, if# 3, name cnmac2, link: no carrier, mtu: 1500, flags: It looks like the underlying cnmac2 interface is flapping...so, that's a bummer. As generally underpowered as this machine is, might the kernel be overwhelmed with other tasks, and have a watchdog timeout mark the cnmac2 interface as down (due to some expired timeout)? Just grasping for something here...my next steps are to swap this unit out with the other one (to try and eliminate hardware failure of THIS unit). Any other suggestions? On Mon, Feb 1, 2021 at 3:04 AM David Gwynne wrote: > > > > > On 1 Feb 2021, at 6:02 pm, Bryan Stenson wrote: > > > > Hi all - > > > > I'm trying to setup a pair of ERL3 octeon routers in master/standby > > mode via carp/pfsync to route traffic from my internal lan to the > > internet. I've seen strange behavior wrt carp on these machines, so > > in an attempt to reduce the problem, I've removed one completely. > > > > Even with only a single box (ERL3-01) on the network configured as a > > carp member, the carp interface state periodically changes (as seen > > from ifstated(8)). > > > > I'm wondering if disconnecting the other ERL3 device is a valid isolated > > test. > > 1. Will/might this cause issues with the carp device, as it cannot > > determine state from any other host? > > If carp state flaps around while it is the only device on the network, that > would imply the parent device is flapping around. > > > 2. Will/might this cause issues as it cannot send/receive pfsync > > updates (the other node is disconnected). > > pfsync doesn't really care about carp state. > > > 3. Is there something else in my setup causing carp to fail here? > > I'd be running "route monitor" and looking for link state changes on the carp > parent interface. > > > 4. Could this be hardware/temperature related to this ERL3? Wouldn't > > I see an additional error in dmesg if the physical device (cnmac2) > > failed periodically? > > > > I'd appreciate any pointers here...I feel like I'm missing something dumb. > > My first ideas are above. If it turns out the carp parent is stable we can > try come up with something else. > > dlg > > > > > Thanks in advance. > > > > Bryan > > > > Here are some of my configs. If I've missed including something > > critical to help describe my setup, please let me know and I'll add > > it. > > > > ## Help me OBSD-Misc Kenobi. You're my only hope. ## > > > > erl3-01# uname -a > > OpenBSD erl3-01.siliconvortex.com 6.8 GENERIC#522 octeon > > > > erl3-01# dmesg > > ... > > carp1: state transition: BACKUP -> MASTER > > carp1: state transition: BACKUP -> MASTER > > carp1: state transition: BACKUP -> MASTER > > carp1: state transition: BACKUP -> MASTER > > carp1: s
seeing carp interface state change for unknown reason ; cluestick hunting
Hi all - I'm trying to setup a pair of ERL3 octeon routers in master/standby mode via carp/pfsync to route traffic from my internal lan to the internet. I've seen strange behavior wrt carp on these machines, so in an attempt to reduce the problem, I've removed one completely. Even with only a single box (ERL3-01) on the network configured as a carp member, the carp interface state periodically changes (as seen from ifstated(8)). I'm wondering if disconnecting the other ERL3 device is a valid isolated test. 1. Will/might this cause issues with the carp device, as it cannot determine state from any other host? 2. Will/might this cause issues as it cannot send/receive pfsync updates (the other node is disconnected). 3. Is there something else in my setup causing carp to fail here? 4. Could this be hardware/temperature related to this ERL3? Wouldn't I see an additional error in dmesg if the physical device (cnmac2) failed periodically? I'd appreciate any pointers here...I feel like I'm missing something dumb. Thanks in advance. Bryan Here are some of my configs. If I've missed including something critical to help describe my setup, please let me know and I'll add it. ## Help me OBSD-Misc Kenobi. You're my only hope. ## erl3-01# uname -a OpenBSD erl3-01.siliconvortex.com 6.8 GENERIC#522 octeon erl3-01# dmesg ... carp1: state transition: BACKUP -> MASTER carp1: state transition: BACKUP -> MASTER carp1: state transition: BACKUP -> MASTER carp1: state transition: BACKUP -> MASTER carp1: state transition: BACKUP -> MASTER carp1: state transition: BACKUP -> MASTER erl3-01# tail mbox Mon, 1 Feb 2021 06:49:26 + (UTC) From: Charlie Root Date: Mon, 1 Feb 2021 06:49:25 + (UTC) To: root@localhost Subject: carp master changed Message-ID: <515eb74cff427...@erl3-01.siliconvortex.com> Status: RO master is now erl3-01.siliconvortex.com erl3-01# sysctl -a | grep carp net.inet.carp.allow=1 net.inet.carp.preempt=1 net.inet.carp.log=2 erl3-01# cat /etc/hostname.carp1 #carp for lan side 192.168.122.1/23 carpdev vlan100 vhid 1 pass somethinglongandsecret erl3-01# cat /etc/hostname.vlan100 vnetid 100 parent cnmac2 up erl3-01# cat /etc/hostname.cnmac2 inet 192.168.1.253 255.255.254.0 erl3-01# cat /etc/hostname.pfsync0 up syncdev cnmac1 erl3-01# cat /etc/hostname.cnmac1 inet 10.10.200.1 255.255.255.252 erl3-01# cat /etc/ifstated.conf # Initial State init-state auto # Macros if_carp_up="carp1.link.up" if_carp_down="!carp1.link.up" state auto { if $if_carp_up { set-state master } if $if_carp_down { set-state backup } } state master { init { run "echo master is now `hostname` | mail -s 'carp master changed' root@localhost" } if $if_carp_down { set-state backup } } state backup { init { run "echo backup is now `hostname` | mail -s 'carp master changed root@localhost" } if $if_carp_up { set-state master } } erl3-01# cat /etc/pf.conf # adopted from https://www.openbsd.org/faq/pf/example1.html wan_dev = cnmac0 lan_dev = cnmac2 carp_dev = vlan100 pfsync_dev = cnmac1 table { 0.0.0.0/8 10.0.0.0/8 127.0.0.0/8 169.254.0.0/16 \ 172.16.0.0/12 192.0.0.0/24 192.0.2.0/24 224.0.0.0/3 \ 192.168.0.0/16 198.18.0.0/15 198.51.100.0/24\ 203.0.113.0/24 } # carp pass quick on $lan_dev proto carp keep state (no-sync) # pfsync pass quick on $pfsync_dev proto pfsync keep state (no-sync) set block-policy drop set loginterface $wan_dev set skip on lo0 match in all scrub (no-df random-id max-mss 1440) # redirect DNS queries to localhost pass in quick on { $carp_dev $lan_dev } proto { udp tcp } from any to any port domain rdr-to 192.168.1.253 port domain # NAT to the world match out on $wan_dev inet from !($wan_dev:network) to any nat-to ($wan_dev:0) antispoof quick for { $wan_dev } # martians block in quick on $wan_dev from to any block return out quick on $wan_dev from any to block all # manage buffer bloat queue outq on $wan_dev flows 1024 bandwidth 3M max 3M qlimit 1024 default queue inq on $lan_dev flows 1024 bandwidth 45M max 45M qlimit 1024 default pass out quick inet pass in on { $carp_dev $lan_dev } inet
Re: dynamic dns updates for clients in my home network?
I've thought about this as welland would love to use native OpenBSD tools for the job. Just a design idea: 1. Use dhcpd(8) synchronization (https://man.openbsd.org/dhcpd.8#SYNCHRONISATION) to send details of dhcp leases to a DNS creator/listener. 2. The dns creator/listener creates/updates the zone file, and 3. Send a SIGHUP to nsd(8) (https://man.openbsd.org/nsd.8#SIGHUP) to reload the zone details. Issues to consider: 1. hostname collisions - what happens (what should happen?) when more than one dhcp client has the same hostname? 2. what should ttl on these A records be? probably something much less than the dhcp lease duration (depending on how aggressive clients are at renewing soon-to-be-expired leases). I'm sure there are a thousand other things to consider here...thoughts/ideas? On Sat, Apr 25, 2020 at 3:10 PM Raymond, David wrote: > > I use dnsmasq (an openbsd package) on the gateway for my lab ethernet > network and it works great with minimal configuration as a local DNS > server. At home I have a Synology wireless router which does the same > as long as you tell it to make DNS reservations. Your mileage may > vary with cheaper routers. One could in principle use dnsmasq even in > this case, but I haven't tried it. > > > Dave Raymond > > On 4/25/20, bofh wrote: > > Hi, > > I searched through the archives and saw a couple of discussions about using > > Dnsmasq from a long time ago. > > > > Is that the best way to let the stuff in my home to have valid dns entries > > in my home network? > > > > How difficult is it to get the OpenBSD provided dhcpd and unbound to do > > this? > > > > Thanks. > > > > > -- > David J. Raymond > david.raym...@nmt.edu > http://physics.nmt.edu/~raymond >
user-agent spoofing info; working around site "requirements"
most of you already know this. tldr - inferring system requirements from the "user-agent" http header is useless/dangerous/silly, and your site/page stop (nothing new here...not sure why certain sites trust the user-provided data). This is not OpenBSD specific, but hopefully helpful for anyone wanting their system to "just work" when accessing a site requiring a certain operating system, or browser. Here are some details for those who might be suffering from the same stupid "required operating systems" limitation my bank imposes... Given: - the bank has a HTTP interface - the bank "requires" a specific browser/version - the bank "requires" a specific set of closed-source operating systems - OpenBSD ships recent browsers (chromium, firefox, etc) Problem: When logging into said financial institution, the page declines to work correctly because I don't have an operating system on their list. Solution: Spoof (add/modify) "user-agent" http header (via browser plugin, for example), to include a common user-agent used by one of the aforementioned "required operating systems". This seems to work, for me, at my bank: Mozilla/5.0 (iPhone; CPU iPhone OS 9_2 like Mac OS X) AppleWebKit/601.1 (KHTML, like Gecko) CriOS/47.0.2526.70 Mobile/13C71 Safari/601.1.46 Why this works: Your browser sends a user-agent with browser/OS details in the request. This means you can modify those details before you send your request. Effectively, it's an unverified claim. So take advantage of it, and claim what you want/need. :) Bryan
FDE: converting passphrase to usb key
I currently have FDE installed using a passphrase, but would like to update this to using a usb key. Is this possible? Or, should I just wipe/re-install? Thanks.
Re: recent troubles with iwn(4)
sorry about that...here's the most recent one: Sep 11 06:31:13 e530c /bsd: iwn0: sending probe_req to 80:2a:a8:57:5e:17 on channel 6 mode 11n Sep 11 06:31:15 e530c ntpd[87584]: DNS lookup tempfail Sep 11 06:31:16 e530c dhclient[9122]: iwn0: writev(DHCPREQUEST): No buffer space available Sep 11 06:31:18 e530c /bsd: iwn0: RUN -> SCAN Sep 11 06:31:18 e530c /bsd: iwn0: end active scan Sep 11 06:31:18 e530c /bsd: iwn0: - 00:0d:67:7d:a9:431 +172 54M ess no! rsn! "CableWiFi"! Sep 11 06:31:18 e530c /bsd: iwn0: - 08:86:3b:b6:2f:801 +182 54M ess privacy rsn "belkin.f80"! ... On Wed, Sep 11, 2019 at 7:53 AM Stefan Sperling wrote: > > On Wed, Sep 11, 2019 at 12:16:06AM -0700, Bryan Stenson wrote: > > doh...I don't know why I didn't think of that... > > > > Good news, with 'ifconfig iwn0 debug' set, once the strange behavior > > starts, I see LOTS of repeated messages, the pattern happens about > > once every 4 seconds, and dumps the following into /var/log/messages: > > > > ... > > # continuous spamming of /var/log/messages from after the network has > > been in the troubled/failed state for a while > > You snipped the exciting part. > > I need to know why it decides to do a transition of the form: > > RUN -> something > > This should be somewhere at the top of this stream of output.
Re: recent troubles with iwn(4)
e530c /bsd: iwn0: - 8c:0f:6f:eb:24:78 11 +201 54M ess privacy rsn "Cleveland-Bales Casa"! Sep 10 09:00:11 e530c /bsd: iwn0: - 90:c7:92:4f:28:801 +175 54M ess privacy rsn "HOME-2882"! Sep 10 09:00:11 e530c /bsd: iwn0: - 92:95:51:c7:c9:db 11 +172 54M ess privacy rsn! ""! Sep 10 09:00:11 e530c /bsd: iwn0: - 96:0f:6f:e7:84:181 +191 54M ess no! rsn! "xfinitywifi"! Sep 10 09:00:11 e530c /bsd: iwn0: - 96:c7:92:4f:28:801 +172 54M ess no! rsn! "xfinitywifi"! Sep 10 09:00:11 e530c /bsd: iwn0: - 9a:0f:6f:e7:84:181 +192 54M ess privacy rsn ""! Sep 10 09:00:11 e530c /bsd: iwn0: - 9a:0f:6f:eb:24:78 11 +200 54M ess privacy rsn ""! Sep 10 09:00:11 e530c /bsd: iwn0: - 9c:3d:cf:43:74:8a8 +172 54M ess privacy rsn "NETGEAR18"! Sep 10 09:00:11 e530c /bsd: iwn0: - a2:0f:6f:e7:84:181 +192 54M ess privacy rsn! ""! Sep 10 09:00:11 e530c /bsd: iwn0: - a2:0f:6f:eb:24:78 11 +199 54M ess privacy rsn! ""! Sep 10 09:00:11 e530c /bsd: iwn0: - a4:56:cc:cd:e6:891 +174 54M ess privacy rsn "No ID"! Sep 10 09:00:11 e530c /bsd: iwn0: - a4:56:cc:cd:e6:8c1 +172 54M ess privacy rsn ""! Sep 10 09:00:11 e530c /bsd: iwn0: - a4:56:cc:cd:e6:8d1 +173 54M ess privacy rsn! "OutOfService"! Sep 10 09:00:11 e530c /bsd: iwn0: - a4:56:cc:cd:e6:8e1 +174 54M ess privacy rsn! ""! Sep 10 09:00:11 e530c /bsd: iwn0: - aa:93:5b:0c:9b:3d6 +184 54M ess no! rsn! "xfinitywifi"! Sep 10 09:00:11 e530c /bsd: iwn0: - ae:93:5b:0c:9b:3d6 +193 54M ess privacy rsn ""! Sep 10 09:00:11 e530c /bsd: iwn0: - b0:39:56:23:b4:6b8 +172 54M ess privacy rsn "Meul"! Sep 10 09:00:11 e530c /bsd: iwn0: - b0:93:5b:0c:9b:3d6 +191 54M ess privacy rsn "2wernergals"! Sep 10 09:00:11 e530c /bsd: iwn0: - b2:93:5b:0c:9b:3d6 +191 54M ess privacy rsn! "OutOfService"! Sep 10 09:00:11 e530c /bsd: iwn0: - b6:93:5b:0c:9b:3d6 +190 54M ess privacy rsn! ""! Sep 10 09:00:11 e530c /bsd: iwn0: - cc:40:d0:17:22:c31 +182 54M ess privacy rsn "Cleveland-Bales Casa 5_2GEXT"! Sep 10 09:00:11 e530c /bsd: iwn0: - d8:97:ba:be:19:706 +170 54M ess privacy rsn! "CUSPNet_2.4"! Sep 10 09:00:11 e530c /bsd: iwn0: - e8:37:7a:be:c4:a71 +173 54M ess privacy rsn "CenturyLink3718"! Sep 10 09:00:11 e530c /bsd: iwn0: SCAN -> AUTH Sep 10 09:00:11 e530c /bsd: iwn0: sending auth to 80:2a:a8:57:5e:17 on channel 6 mode 11g Sep 10 09:00:15 e530c /bsd: iwn0: AUTH -> SCAN Sep 10 09:00:16 e530c /bsd: iwn0: end active scan ... This scan repeats about once every 4 seconds. A few other data points (forgive me if this is obvious...I mostly wanted to share my general thoughts on what I've look into): * I wondered if this was triggered by dhcp lease renewal (iwn0 uses IPv4 dhcp only, bad packet or something), but I have observed the iwn0 driver in the "troubled" state well before my current lease expires. * timing seems odd : once the iwn0 stops working, it takes a while for the "scan" log entries (above) to appear in /var/log/messages (gathering specific data on this now, but it seems to be at least 10s of minutes). * I have verified there are no states in the firewall, other than those marked "SINGLE:NO_TRAFFIC" from my machine attempting to query DNS. * During the repeated scans above, `tcpdump` reports no UDP traffic for this iwn0. tl;dr - 1.) I still don't know what's triggering this. 2.) When it's triggered, it takes a while to report anything in /var/log/messages 3.) Once it does, iwn seems to be in a 4-5 second loop, continuously scanning all APs. 4.) I'm able to reset the driver via "doas ifconfig iwn0 down; doas sh /etc/netstart iwn0" and it all works again...for a while (see #1). Thank you for reading this far. Any other pointers/suggestions? So many opportunities to learn. :) Bryan On Mon, Sep 9, 2019 at 9:23 AM Stefan Sperling wrote: > > On Sun, Sep 08, 2019 at 08:31:55PM +, Bryan Stenson wrote: > > Hi all - > > > > I'm writing to "misc" rather than "bugs" as I'm not yet sure this is a > > bug. I'm hoping to help triage this with assistance from this list. > > > > I'm running -CURRENT and the iwn(4) driver for my wireless card. Over > > the past year, this has been working great, but recently (within the > > last month or so), I've had issues where the NIC just stops working > > after a few hours of usage. I don't have a solid steps for > > reproduction. > > > > I realize "stops working" is not a very accurate account here...but > > I'm confused on how to get more descriptive informat
recent troubles with iwn(4)
Hi all - I'm writing to "misc" rather than "bugs" as I'm not yet sure this is a bug. I'm hoping to help triage this with assistance from this list. I'm running -CURRENT and the iwn(4) driver for my wireless card. Over the past year, this has been working great, but recently (within the last month or so), I've had issues where the NIC just stops working after a few hours of usage. I don't have a solid steps for reproduction. I realize "stops working" is not a very accurate account here...but I'm confused on how to get more descriptive information of the problem. When it stops, "ifconfig" shows iwn0 with an IP address, but I'm unable to ping. Additionally, I'm not seeing any warnings/messages in "dmesg" about the device...so I'm confused. A simple "ifconfig iwn0 down; sh /etc/netstart iwn0" seems to fix the problem, but I haven't had to do that in the past...it just feels like a recent change (iwn(4) work?) has put me in this state. I'm really wanting to help here. How can I run the iwn(4) in debug mode, or increase logging verbosity? And/or, should I try to capture packets via tcpdump? And/or, can I run an older bsd.mp (without having to downgrade packages to older versions) in order to try and "bisect" where the problem may have been introduced? The following are my kernel and wireless details: # uname -a OpenBSD e530c.siliconvortex.com 6.6 GENERIC.MP#289 amd64 # pcidump -v ... 3:0:0: Intel Centrino Wireless-N 2230 0x: Vendor ID: 8086, Product ID: 0888 0x0004: Command: 0006, Status: 0010 0x0008: Class: 02 Network, Subclass: 80 Miscellaneous, Interface: 00, Revision: c4 0x000c: BIST: 00, Header Type: 00, Latency Timer: 00, Cache Line Size: 10 0x0010: BAR mem 64bit addr: 0xf2d0/0x2000 0x0018: BAR empty () 0x001c: BAR empty () 0x0020: BAR empty () 0x0024: BAR empty () 0x0028: Cardbus CIS: 0x002c: Subsystem Vendor ID: 8086 Product ID: 4262 0x0030: Expansion ROM Base Address: 0x0038: 0x003c: Interrupt Pin: 01 Line: 0b Min Gnt: 00 Max Lat: 00 0x00c8: Capability 0x01: Power Management State: D0 0x00d0: Capability 0x05: Message Signalled Interrupts (MSI) Enabled: yes 0x00e0: Capability 0x10: PCI Express Link Speed: 2.5 / 2.5 GT/s, Link Width: x1 / x1 0x0100: Enhanced Capability 0x01: Advanced Error Reporting 0x0140: Enhanced Capability 0x03: Device Serial Number Serial Number: 6036dded4a81 With humility, an open mind, and eagerness to learn/help: Bryan
Re: mounting an existing softraid/crypto partition for install/update
YESS!! Thank you qwerjkl... I can confirm, "bioctl -c C -l ... softraid0" seems to have picked up the existing partition...and after a "cd /dev && sh MAKEDEV sd2", the installer was picked up the device (sd2), and I was able to get back to a working system. Thanks again! On Mon, Jun 3, 2019 at 7:30 PM Benny wrote: > I have done that two days ago. When you use bioctl -c ... -l ... softraid0 > on an existing raid configuration, it will map the raid volume to another > sd device. You will be prompted for a password if your raid level is > crypto. This will _not_ create another raid or overwrite your data, unless > you typed something wrong. Don't forget to MAKEDEV sd1 for the new sd. > > qwerjkl > > ‐‐‐ Original Message ‐‐‐ > On Monday, June 3, 2019 7:17 PM, Bryan Stenson > wrote: > > > Hi all - > > > > I'm running -CURRENT on a SSD with FDE encryption using softraid/crypto > > with a passphrase entered via the keyboard at boot. It worked great. > > Then, I upgraded to a build that had a broken bootloader (reported to be > > fixed now: "Re: amd64 snapshot very broken (Jun 1 02:24:13)"). Per that > > thread, I'm trying to boot from temp boot media to update to the fixed > > image. > > > > I've tried booting both snapshots/amd64/install65.fs and > > snapshots/amd64/miniroot65.fs, and while it appears the bootloader > > recognizes my softraid crypto device, it's clearly not mounting the > crypto > > device (I'm not prompted for a passphrase), and by the time I get to the > > install script, it shows: > > > > Available disks are: . > > Which disk is the root disk? ('?' for details) > > > > Asking for details, both my SSD (sd0) and temp boot media (sd1) are > shown, > > but I'm not able to see the encrypted device. > > > > I've dropped to a shell, and created the device (it wasn't there) via "cd > > /dev && sh MAKEDEV sd0", and can see my RAID partition via "disklabel > sd0". > > > > But, now I'm stuck/confused...I'm trying to figure it out by following: > > https://www.openbsd.org/faq/faq14.html#softraidFDE > > > > Do I re-create the softraid/crypto with something like "bioctl -c C sd0a > > softraid0"? Or, will this will wipe out the existing data and give me a > > fresh new partition to install to? > > > > How can I mount the existing crypto volume for use by the installer? > > (Also, am I asking the right questions here?) > > > > Any suggestions/clarifications would be greatly appreciated. Thank you > for > > your time. > > > > Bryan > > >
mounting an existing softraid/crypto partition for install/update
Hi all - I'm running -CURRENT on a SSD with FDE encryption using softraid/crypto with a passphrase entered via the keyboard at boot. It worked great. Then, I upgraded to a build that had a broken bootloader (reported to be fixed now: "Re: amd64 snapshot very broken (Jun 1 02:24:13)"). Per that thread, I'm trying to boot from temp boot media to update to the fixed image. I've tried booting both snapshots/amd64/install65.fs and snapshots/amd64/miniroot65.fs, and while it appears the bootloader recognizes my softraid crypto device, it's clearly not mounting the crypto device (I'm not prompted for a passphrase), and by the time I get to the install script, it shows: Available disks are: . Which disk is the root disk? ('?' for details) Asking for details, both my SSD (sd0) and temp boot media (sd1) are shown, but I'm not able to see the encrypted device. I've dropped to a shell, and created the device (it wasn't there) via "cd /dev && sh MAKEDEV sd0", and can see my RAID partition via "disklabel sd0". But, now I'm stuck/confused...I'm trying to figure it out by following: https://www.openbsd.org/faq/faq14.html#softraidFDE Do I re-create the softraid/crypto with something like "bioctl -c C sd0a softraid0"? Or, will this will wipe out the existing data and give me a fresh new partition to install to? How can I mount the existing crypto volume for use by the installer? (Also, am I asking the right questions here?) Any suggestions/clarifications would be greatly appreciated. Thank you for your time. Bryan