iked log messages when no traffic is on vpn tunnel
Hello Misc, I configured a site-to-site vpn between OpenBSD 6.3 device with iked and Microsoft Azure. The VPN tunnel works fine however when there is no traffic on the vpn my /var/log/daemon is spammed every 2 seconds with the following : Jun 19 22:59:13 obsd iked[33937]: ikev2_recv: INFORMATIONAL request from responder :500 to :500 policy 'Azure EUW' id 108, 88 bytes Jun 19 22:59:13 obsd iked[33937]: ikev2_msg_send: INFORMATIONAL response from :500 to :500 msgid 108, 88 bytes My iked.conf is : ikev2 "Azure EUW" \ active esp \ from 172.31.254.0/24 to 172.21.0/24 \ from 172.31.254.0/24 to 172.21.10/24 \ peer local \ ikesa enc aes-256 auth hmac-sha2-384 group ecp384 prf hmac-sha2-384 \ childsa enc aes-256 auth hmac-sha1 group ecp384 \ psk "somethingverysecret" Is there something I did wrong ? Met vriendelijke groet/Kind Regards, Peter van Oord van der Vlies
Re: 6.3 just died (not for the first time)
Hi Harald, > >please check the threads on the b...@openbsd.org mailing list. The patch >posted by Martin Pieuchot seemst to help. Its running on my hosts for >5 days without any hiccup. I applied them also on my systems on the 22 and they are still stable. So it seems this works. Kind Regards, Peter
Re: 6.3 just died (not for the first time)
Hello,
Anyone found an solution for this or is there more information required ?
This night it happened 2 times in less then 3 hours time.
Please let me know.
Running 6.3 with all syspatches applied.
Kind Regards,
Peter van Oord van der Vlies
On 15/05/2018, 23:30, "owner-m...@openbsd.org on behalf of Harald Dunkel"
wrote:
Hi folks,
6.3 just died. Last words:
login: kernel: protection fault trap, code=0
Stopped at export_sa+0x5c: movl0(%rcx),%ecx
ddb{0}> show panic
the kernel did not panic
ddb{0}> trace
export_sa(10,800033445e70) at export_sa+0x5c
pfkeyv2_expire(813d4c00,813d4c00) at pfkeyv2_expire+0x14e
tdb_timeout(800033446020) at tdb_timeout+0x39
softclock_thread(0) at softclock_thread+0xc6
end trace frame: 0x0, count: -4
ddb{0}> show registers
rdi 0x800033445e98
rsi 0x813d4c00
rbp 0x800033445e70
rbx 0x800033445e98
rdx 0x81abdff0cpu_info_full_primary+0x1ff0
rcx 0xdeadbeefdeadbeef
rax 0x81387510
r8 0x120
r90x81aa58d8netlock
r10 0x
r11 0x800033445ea0
r12 0x81387500
r13 0x3
r14 0x813d4c00
r15 0x90
rip 0x8121fefcexport_sa+0x5c
cs 0x8
rflags 0x10282__ALIGN_SIZE+0xf282
rsp 0x800033445e70
ss 0x10
export_sa+0x5c: movl0(%rcx),%ecx
ddb{0}> ps
PID TID PPIDUID S FLAGS WAIT COMMAND
74371 82200 1 0 30x82 ttyopngetty
64133 371566 1 0 30x100083 ttyin getty
73177 400616 1 0 30x100083 ttyin getty
2198 160363 1 0 30x100083 ttyin getty
66943 62449 1 0 30x100083 ttyin getty
77195 409193 1 0 30x100083 ttyin getty
30152 89639 1 0 30x100083 ttyin getty
54326 20290 1 0 30x100098 poll cron
813086330 1 0 30x80 kqreadapmd
21604 251912 61088 74 30x100092 bpf pflogd
61088 386173 1 0 30x80 netio pflogd
38994 395332 22137623 30x90 nanosleep zabbix_agentd
92334 256603 22137623 30x90 selectzabbix_agentd
5776 303931 22137623 30x90 netconzabbix_agentd
71818 109922 22137623 30x90 selectzabbix_agentd
28432 430198 22137623 30x90 nanosleep zabbix_agentd
55014 131036 54187 74 30x100092 bpf pflogd
54187 404660 1 0 30x80 netio pflogd
32954 132161 74424 74 30x100092 bpf pflogd
74424 72323 1 0 30x80 netio pflogd
22137 193504 1623 30x90 wait zabbix_agentd
230166037 1 0 30x80 poll openvpn
27849 148250 1 0 30x80 poll openvpn
78572 192037 1 0 30x80 poll openvpn
83974 209100 1 0 30x80 poll openvpn
1297 379204 1 99 30x100090 poll sndiod
72635 52767 1110 30x100090 poll sndiod
59204 423537 1 62 30x100090 bpf spamlogd
51694 290283 46867 62 30x100090 piperdspamd
76899 369277 46867 62 30x100090 poll spamd
46867 52758 1 62 30x100090 nanosleep spamd
51631 64028 1109 30x90 kqreadftp-proxy
74489 238300 13002 95 30x100092 kqreadsmtpd
69227 383337 13002103 30x100092 kqreadsmtpd
95912 255952 13002 95 30x100092 kqreadsmtpd
52092 398675 13002 95 30x100092 kqreadsmtpd
15268 264170 13002 95 30x100092 kqreadsmtpd
23823 51587 13002 95 30x100092 kqreadsmtpd
13002 289905 1 0 30x100080 kqreadsmtpd
39875 399764 1 0 30x80 selectsshd
84492 73143 16575 68 70x90sasyncd
16575 267935 1 0 30x80 selectsasyncd
5600 244082 24905 68 70x10isakm
Re: 6.3 just died (not for the first time)
I have seen the same error here on a host around 2 days after the upgrade to
6.3 inclusing patches.
The keyboard wasnt working for me but the panic was the same.
Op 15 mei 2018 om 23:30 heeft Harald Dunkel
mailto:harald.dun...@aixigo.de>> het volgende
geschreven:
Hi folks,
6.3 just died. Last words:
login: kernel: protection fault trap, code=0
Stopped at export_sa+0x5c: movl0(%rcx),%ecx
ddb{0}> show panic
the kernel did not panic
ddb{0}> trace
export_sa(10,800033445e70) at export_sa+0x5c
pfkeyv2_expire(813d4c00,813d4c00) at pfkeyv2_expire+0x14e
tdb_timeout(800033446020) at tdb_timeout+0x39
softclock_thread(0) at softclock_thread+0xc6
end trace frame: 0x0, count: -4
ddb{0}> show registers
rdi 0x800033445e98
rsi 0x813d4c00
rbp 0x800033445e70
rbx 0x800033445e98
rdx 0x81abdff0cpu_info_full_primary+0x1ff0
rcx 0xdeadbeefdeadbeef
rax 0x81387510
r8 0x120
r90x81aa58d8netlock
r10 0x
r11 0x800033445ea0
r12 0x81387500
r13 0x3
r14 0x813d4c00
r15 0x90
rip 0x8121fefcexport_sa+0x5c
cs 0x8
rflags 0x10282__ALIGN_SIZE+0xf282
rsp 0x800033445e70
ss 0x10
export_sa+0x5c: movl0(%rcx),%ecx
ddb{0}> ps
PID TID PPIDUID S FLAGS WAIT COMMAND
74371 82200 1 0 30x82 ttyopngetty
64133 371566 1 0 30x100083 ttyin getty
73177 400616 1 0 30x100083 ttyin getty
2198 160363 1 0 30x100083 ttyin getty
66943 62449 1 0 30x100083 ttyin getty
77195 409193 1 0 30x100083 ttyin getty
30152 89639 1 0 30x100083 ttyin getty
54326 20290 1 0 30x100098 poll cron
813086330 1 0 30x80 kqreadapmd
21604 251912 61088 74 30x100092 bpf pflogd
61088 386173 1 0 30x80 netio pflogd
38994 395332 22137623 30x90 nanosleep zabbix_agentd
92334 256603 22137623 30x90 selectzabbix_agentd
5776 303931 22137623 30x90 netconzabbix_agentd
71818 109922 22137623 30x90 selectzabbix_agentd
28432 430198 22137623 30x90 nanosleep zabbix_agentd
55014 131036 54187 74 30x100092 bpf pflogd
54187 404660 1 0 30x80 netio pflogd
32954 132161 74424 74 30x100092 bpf pflogd
74424 72323 1 0 30x80 netio pflogd
22137 193504 1623 30x90 wait zabbix_agentd
230166037 1 0 30x80 poll openvpn
27849 148250 1 0 30x80 poll openvpn
78572 192037 1 0 30x80 poll openvpn
83974 209100 1 0 30x80 poll openvpn
1297 379204 1 99 30x100090 poll sndiod
72635 52767 1110 30x100090 poll sndiod
59204 423537 1 62 30x100090 bpf spamlogd
51694 290283 46867 62 30x100090 piperdspamd
76899 369277 46867 62 30x100090 poll spamd
46867 52758 1 62 30x100090 nanosleep spamd
51631 64028 1109 30x90 kqreadftp-proxy
74489 238300 13002 95 30x100092 kqreadsmtpd
69227 383337 13002103 30x100092 kqreadsmtpd
95912 255952 13002 95 30x100092 kqreadsmtpd
52092 398675 13002 95 30x100092 kqreadsmtpd
15268 264170 13002 95 30x100092 kqreadsmtpd
23823 51587 13002 95 30x100092 kqreadsmtpd
13002 289905 1 0 30x100080 kqreadsmtpd
39875 399764 1 0 30x80 selectsshd
84492 73143 16575 68 70x90sasyncd
16575 267935 1 0 30x80 selectsasyncd
5600 244082 24905 68 70x10isakmpd
24905 484997 1 0 30x80 netio isakmpd
15412 155977 1 0 30x100080 poll ntpd
71665 62722 35888 83 30x100092 poll ntpd
35888 382324 1 83 30x100092 poll ntpd
79699 454922 42559 74 30x100092 bpf pflogd
42559 472293 1 0 30x80 netio pflogd
90864 469513 67456 73 30x100090 kqreadsyslogd
67456 146341 1 0 30x100082
Re: Failed syspatch 63-007 on i386 (verified but gzip i/o error)
Same here.
Best Regards,
Peter van Oord van der Vlies
-
Dear misc@,
I do not know which mailing list is the best one for such report, so I
start here.
Syspatch worked properly for 63-006 but syspatch fails on 63-007. I
tried without rebooting after 006 and after rebooting. Both situation
shows the same error pasted below. Kernel relinked properly after
applying 006.
Syspatch worked well for both on my other machine which is an amd64.
Is it necessary to provide more than the dmesg for the machine ?
HTH
raph
$ doas syspatch
Get/Verify syspatch63-007_libcryp... 100% |***| 5312
KB00:10
Installing patch 007_libcrypto
gzip: stdin: Input/output error
tar: End of archive volume 1 reached
OpenBSD 6.3 (GENERIC) #2: Sun May 6 19:34:57 CEST 2018
r...@syspatch-63-i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Pentium(R) M processor 1.10GHz ("GenuineIntel" 686-class)
1.10 GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,TM,PBE,NXE,EST,TM2,PERF
real mem = 1333088256 (1271MB)
avail mem = 1294856192 (1234MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: date 12/25/05, BIOS32 rev. 0 @ 0xffe90, SMBIOS rev. 2.3
@ 0xf81a0 (45 entries)
bios0: vendor Dell Inc. version "A05" date 12/25/2005
bios0: Dell Inc. Latitude X1
acpi0 at bios0: rev 0
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP APIC ASF! MCFG SSDT SSDT SSDT
acpi0: wakeup devices LID_(S3) PBTN(S4) PCI0(S5) USB0(S0) USB1(S0) USB2(S0)
USB4(S0) USB3(S0) MODM(S3) PCIE(S4) NIC_(S5)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 99MHz
ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 24 pins
, remapped to apid 1
acpimcfg0 at acpi0 addr 0xe000, bus 0-255
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 2 (PCIE)
acpicpu0 at acpi0: !C3(100@185 io@0x1016), !C3(250@85 io@0x1015), !C2(500@1
io@0x1014), C1(1000@1 halt), PSS
acpitz0 at acpi0: critical temperature is 95 degC
acpiac0 at acpi0: AC unit offline
acpibat0 at acpi0: BAT0 model "DELL 00" serial 3840 type LION oem "PSm"
acpibtn0 at acpi0: LID_
acpibtn1 at acpi0: PBTN
acpibtn2 at acpi0: SBTN
acpivideo0 at acpi0: VID_
acpivideo1 at acpi0: VID2
bios0: ROM list: 0xc/0xf800! 0xcf800/0x800
cpu0: Enhanced SpeedStep 1098 MHz: speeds: 1100, 800, 600 MHz
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "Intel 82915GM Host" rev 0x03
inteldrm0 at pci0 dev 2 function 0 "Intel 82915GM Video" rev 0x03
drm0 at inteldrm0
intagp0 at inteldrm0
agp0 at intagp0: aperture at 0xc000, size 0x1000
inteldrm0: apic 1 int 16
inteldrm0: 1280x768, 32bpp
wsdisplay0 at inteldrm0 mux 1: console (std, vt100 emulation)
wsdisplay0: screen 1-5 added (std, vt100 emulation)
"Intel 82915GM Video" rev 0x03 at pci0 dev 2 function 1 not configured
ppb0 at pci0 dev 28 function 0 "Intel 82801FB PCIE" rev 0x03: apic 1 int 16
pci1 at ppb0 bus 1
bge0 at pci1 dev 0 function 0 "Broadcom BCM5751" rev 0x01, BCM5750 A1
(0x4001): apic 1 int 16, address 00:13:72:6a:8c:dc
brgphy0 at bge0 phy 1: BCM5750 10/100/1000baseT PHY, rev. 0
uhci0 at pci0 dev 29 function 0 "Intel 82801FB USB" rev 0x03: apic 1 int 16
uhci1 at pci0 dev 29 function 1 "Intel 82801FB USB" rev 0x03: apic 1 int 17
uhci2 at pci0 dev 29 function 2 "Intel 82801FB USB" rev 0x03: apic 1 int 18
uhci3 at pci0 dev 29 function 3 "Intel 82801FB USB" rev 0x03: apic 1 int 19
ehci0 at pci0 dev 29 function 7 "Intel 82801FB USB" rev 0x03: apic 1 int 16
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 configuration 1 interface 0 "Intel EHCI root hub" rev
2.00/1.00 addr 1
ppb1 at pci0 dev 30 function 0 "Intel 82801BAM Hub-to-PCI" rev 0xd3
pci2 at ppb1 bus 2
cbb0 at pci2 dev 1 function 0 "Ricoh 5C476 CardBus" rev 0xb3: apic 1 int 19
"Ricoh 5C552 Firewire" rev 0x08 at pci2 dev 1 function 1 not configured
sdhc0 at pci2 dev 1 function 2 "Ricoh 5C822 SD/MMC" rev 0x17: apic 1 int 17
sdhc0: SDHC 1.0, 33 MHz base clock
sdmmc0 at sdhc0: 4-bit, sd high-speed, mmc high-speed
iwi0 at pci2 dev 3 function 0 "Intel PRO/Wireless 2200BG" rev 0x05: apic 1
int 17, address 00:13:c
Re: ipv6 nd
Hello Misc, Below worked now after i upgraded to openbsd 6.3, no config changes done since it was running 6.2 /etc/dhcpcd.conf ipv6only duid persistent option rapid_commit noipv6rs option interface_mtu require dhcp_server_identifier allowinterfaces pppoe0 vether6 interface pppoe0 ia_pd 2 vether6/1 #slaac private Van: Peter van Oord van der Vlies Verzonden: dinsdag 20 maart 2018 00:27 Aan: misc@openbsd.org Onderwerp: ipv6 nd Hello Misc, Today i replaced my cisco 881 because it wasn't able to handle the bandwidth anymore. I had a working ipv6 setup for years with the following relevant part from my cisco wan interface config part: ipv6 address autoconfig ipv6 enable ipv6 nd ra interval 30 ipv6 dhcp client pd my_prefix rapid-commit On my obsd wan interface i did ifconfig pppoe0 inet6 autoconf but i am not getting any global address. Anyone here that can set me into the right direction ? Thanks! Peter
Re: ipv6 nd
On Tue, Mar 20, 2018 at 08:47:26AM +0100, Mischa wrote: > > On 20 Mar 2018, at 08:41, Marc Peters wrote: > > > > I use dhcpcd for on the WAN Interface to receive the prefix delegation. On > > the internal network, i use slaac with rtadvd. The README for dhcpcd > > provides the necessary information. > > Is dhcpd able to pickup IPv6? I thought this needed to be done with > wide-dhcpv6? > The one thing I don't like about IPv6 at the moment, the trouble you need to > go through to get a IPv6 address on a PPPoE interface. :( > > Mischa > > Yes, it is: > https://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/ports/net/dhcpcd/pkg/README?rev=1.5&content- > type=text/plain&only_with_tag=HEAD > At the moment, i only have a link-local address on the external interface > configured, which gets it router via slaac and router > advertisements. The > external addresses are only on the internal facing interface and on these > hosts. I tried with dhcpcd, my configuration for dhcpcd.conf is: #controlgroup wheel #hostname #clientid ipv6only duid persistent option rapid_commit noipv6rs option interface_mtu require dhcp_server_identifier allowinterfaces pppoe0 vether6 interface pppoe0 ia_pd 2 vether6/1 #slaac private No prefixes received. Thanks Peter
Re: ipv6 nd
On Tue, Mar 20, 2018 at 12:19:09AM +, Peter van Oord van der Vlies wrote: > > > > Is slaacd or a dhcpv6 client running? > > Yes i tried with slaacd > Does `slaacctl show interface $if` reflect that a router advertisement > has been received? No, only this : #slaacctl show interface pppoe0 pppoe0: index: 10 running: yes privacy: yes lladdr: 00:00:00:00:00:00 inet6: fe80::200:24ff:fed0:1db0%pppoe0 > -- > 0x7D964D3361142ACF
Re: ipv6 nd
> Is slaacd or a dhcpv6 client running? Yes i tried with slaacd > -- > 0x7D964D3361142ACF On Mon, Mar 19, 2018, at 16:27, Peter van Oord van der Vlies wrote: > Hello Misc, > > > Today i replaced my cisco 881 because it wasn't able to handle the > bandwidth anymore. > > > I had a working ipv6 setup for years with the following relevant part > from my cisco wan interface > > config part: > > ipv6 address autoconfig > > ipv6 enable > > ipv6 nd ra interval 30 > > ipv6 dhcp client pd my_prefix rapid-commit > > On my obsd wan interface i did ifconfig pppoe0 inet6 autoconf but i am not > getting any global address. > > Anyone here that can set me into the right direction ? > > Thanks! > > Peter > >
ipv6 nd
Hello Misc, Today i replaced my cisco 881 because it wasn't able to handle the bandwidth anymore. I had a working ipv6 setup for years with the following relevant part from my cisco wan interface config part: ipv6 address autoconfig ipv6 enable ipv6 nd ra interval 30 ipv6 dhcp client pd my_prefix rapid-commit On my obsd wan interface i did ifconfig pppoe0 inet6 autoconf but i am not getting any global address. Anyone here that can set me into the right direction ? Thanks! Peter
isakmp crash
Hello Misc, I have 2 firewalls in a failover setup running site-to-site vpn tunnels. Once in a while ISAKMP stops, not always i can find the stop error but 2 times i have seen now this error : sendmsg (48, 0x7f7dee10, 0): No buffer space available The systems are on OpenBSD 6.0 now but on 5.9 we had the same issue. Anyone know a fix/workaround for this ? Br, Peter
Re: hotmail rejecting messages relay=mx4.hotmail.com., dsn=5.1.2, stat=Host unknown (Unknown error: 275)
> Op 23 mei 2015 om 17:54 heeft Peter Fraser het volgende > geschreven: > > Any message sent to send mail seems to be rejected. The mx4 name changes, but > the rejection is always the same. > It would be nice to know what the unknown error is > > Does anyone have any idea what is causing the problems Since friday we have the same problem on different servers. I am happy to see this is a global issue... > > I am currently using OpenBSD 5.5 with sendmail > (I know I should update it but I haven't got around to it yet) > I am with openbsd 5.5 too, lower versions also but havent checked yet.
IPSEC with redundant remote peer address
Hello List, Does anyone know a way to built a setup when remote IPSEC endpoint got a failover setup on the IPSEC side ? On cisco IOS it's possible to configure multiple peers, when a peer dies it will try the other on the list. Anyone tried to fix this when the remote end is a cisco IOS device and other side is openbsd box ? Kind Regards, Peter
Re: Is Soekris OpenBSD friendly?
for sure it’s a good device with openbsd, only price is sometimes an issue. I have been using it for more then 8 years now and works great, never had an hardware failure. Even the oldest devices are still up and running but are getting to slow.. On 16 Nov 2013, at 01:03, SmithS wrote: > Greetings misc@. After coming across a link[1] to make an OpenBSD > router using a "Soekris" device, I think I will make one. Does anyone > else have this hardware and can verify all the components work? > I think Intel NICs are good, but everything else? I have never heard > of this brand before so I want to be safe before buying. The model > number[2] is "6501-30" > > [1] http://www.bsdnow.tv/tutorials/openbsd-router > [2] https://soekris.com/products/net6501/net6501-30-board-case.html > > greetz, > SmithS
Re: www.openbsd.org down?
http://www.isup.me/www.openbsd.org it's down ( also from the netherlands ) On Jun 25, 2013, at 1:17 PM, Killman BOFH wrote: > http://www.isup.me/openbsd.org > > > *Enterprise Networks* > Blog: unixlegion.com > GPG Key: *0xBBDC0CDE* > OpenNIC Project: opennic.sle.ec > *IT Security - ISO 27000 - Packet Core* > Phone: +593 995 956811 | +593 07 2952-763 > This email and any files transmitted with it are confidential and intended > solely for the use of the individual or entity to whom they are addressed. > If you have received this email in error please notify the system manager. > > > On Tue, Jun 25, 2013 at 6:13 AM, Killman BOFH wrote: > >> Apparently a problem with DNS A record >> >> www.openbsd.org is down but openbsd.org is up! >> >> >> >> >> >> *Enterprise Networks* >> Blog: unixlegion.com >> GPG Key: *0xBBDC0CDE* >> OpenNIC Project: opennic.sle.ec >> *IT Security - ISO 27000 - Packet Core* >> Phone: +593 995 956811 | +593 07 2952-763 >> This email and any files transmitted with it are confidential and intended >> solely for the use of the individual or entity to whom they are addressed. >> If you have received this email in error please notify the system manager. >> >> >> On Tue, Jun 25, 2013 at 6:05 AM, Johan Mellberg >> wrote: >> >>> 25 jun 2013 kl. 12:53 skrev "Nenhum_de_Nos" : >>> On Tue, June 25, 2013 06:56, Yusof Khalid - FreeBSD / OpenBSD wrote: > Yeah can't access from here (Kuala Lumpur, MY) Can't access from Brazil. matheus -- >>> Ok, now it's down from Sweden too.
Re: OpenSMTPD getting closer to stable ;-)
Hello Gilles, For me it was already stable since OpenBSD 4.9 :) Using it as relay for 27 webservers for commercial shops online ( we donate by buying openbsd cd's ). Not rebooted the system 189 days ( before it was done for some virtual machine migration ). Below the stats : # smtpctl show stats control.sessions=9310 control.sessions.active=1 control.sessions.maxactive=1 mda.sessions=0 mda.sessions.active=0 mda.sessions.maxactive=0 mta.sessions=406827 mta.sessions.active=0 mta.sessions.maxactive=92 lka.sessions=944281 lka.sessions.active=0 lka.sessions.maxactive=20 lka.sessions.mx=0 lka.sessions.host=406827 lka.sessions.cname=537454 lka.sessions.failure=92372 parent.uptime=16414555 queue.inserts.local=0 queue.inserts.remote=317091 runner=466848 runner.active=0 runner.maxactive=95 runner.bounces=39744 runner.bounces.active=0 runner.bounces.maxactive=28 ramqueue.hosts.active=0 ramqueue.batches.active=0 ramqueue.messages.active=0 ramqueue.envelopes.active=0 ramqueue.hosts.maxactive=85 ramqueue.batches.maxactive=501 ramqueue.messages.maxactive=388 ramqueue.envelopes.maxactive=561 ramqueue.size=0 ramqueue.size.max=772620 smtp.errors.delays=0 smtp.errors.linetoolong=13 smtp.errors.read_eof=88224 smtp.errors.read_system=185 smtp.errors.read_timeout=4 smtp.errors.tempfail=0 smtp.errors.toofast=0 smtp.errors.write_eof=0 smtp.errors.write_system=0 smtp.errors.write_timeout=0 smtp.sessions=170563 smtp.sessions.inet4=130629 smtp.sessions.inet6=0 smtp.sessions.aborted=88409 smtp.sessions.active=0 smtp.sessions.maxactive=29 smtp.sessions.timeout=4 smtp.sessions.smtps=0 smtp.sessions.smtps.active=0 smtp.sessions.smtps.maxactive=0 smtp.sessions.starttls=0 smtp.sessions.starttls.active=0 smtp.sessions.starttls.maxactive=0 Keep up the good work ! Kind Regards, Peter van Oord van der Vlies Van: owner-m...@openbsd.org [owner-m...@openbsd.org] namens Gilles Chehade [gil...@poolp.org] Verzonden: maandag 20 augustus 2012 23:01 Aan: misc@openbsd.org CC: t...@openbsd.org Onderwerp: OpenSMTPD getting closer to stable ;-) Dear misc@ and tech@, We are getting closer to a stable version of OpenSMTPD and now would be the perfect time for you to start stress-testing and trying to crash it in various ways to make sure it is rock-solid. Eric's recent commits brought to the daemon a brand new scheduler and mta logic which we started working on during the last hackaton, and that is much much much more efficient than what we had before. It just needs to be heavily tested ;-) What's in -current now is very very close to what we want for the first release, minus minor bugfixes and one additional feature we'll work on. There will be no major feature written and committed for our very first release, so just make sure that you test it enough so that we can reach the quality you'd expect from us. Please let us know if it works fine for you or if you hit bugs. You can mail us three (eric@, chl@, gilles@). Do no spam the lists ;-) Thanks -- Gilles Chehade https://www.poolp.org @poolpOrg
Re: Unbound in base
Hello, Why replacing bind ? Kind Regards Peter - Oorspronkelijk bericht - Van: Bjvrn Ketelaars [mailto:bjorn.ketela...@hydroxide.nl] Verzonden: Monday, February 13, 2012 10:35 PM Aan: misc@openbsd.org ; t...@openbsd.org Onderwerp: Unbound in base Hello, After some recent discussions [1, 2] on the topic of unbound in base, and (more important) really liking the idea of an alternative for BIND in base, I made a start with fitting the different pieces of the puzzle. What is finished: 1.) Integration of ldns 1.6.12 and unbound 1.4.15 and writing of relevant Makefile wrappers. Wrapper script also compiles and installs drill; 2.) Testing (read: does it compile and work) on AMD64. Stuart Henderson had some good remarks on integrating the above [3]. What do you guys think of the following: What to do with the BIND tools (dig/host/nslookup)? Unbound offers drill. From drill.1: "The name drill is a pun on dig. With drill you should be able get even more information than with dig.". Proposal therefore is to replace the BIND tools with drill. Do we run unbound-anchor automatically? if so, how do we handle possibly not having working DNS at that time to resolve data.iana.org (http://data.iana.org) (http://data.iana.org)? >From unbound-anchor.8 I understand that unbound-anchor can be run from the command line, or run as part of startup scripts _before_ the actual (unbound) DNS server is started. So there is no need for DNS. Proposal therefor is to run unbound-anchor automatically before starting the unbound daemon (rc_pre in unbound rc-script). How and when do we automatically generate unbound-control keys? if so, where should that be done? b& >From unbound-control.8: The script unbound-control-setup generates these control keys in the default run directory. If you change the access control permissions on the key files you can decide who can use unbound-control. Run the script under the same username as you have configured in unbound.conf or as root, so that the daemon is permitted to read the files, for example with: sudo -u unbound unbound-control-setup. If you have not configured a username in unbound.conf, the keys need read permission for the user credentials under which the daemon is started. The script preserves private keys present in the directory. After running the script as root, turn on control-enable in unbound.conf. The unbound-control-script can be called from rc->make_keys(). The knob 'control-enable' can be set as default. After tar/gzip the source files and Makefile wrappers weigh ~4.6MB. A bit to large to send to this list. if anyone feels like looking at the workb&do not hesitate to mail me. Again, what do you guys think? Kind regards, BjC6rn [1] http://marc.info/?l=openbsd-misc&m=132205020820910&w=2 [2] http://marc.info/?l=openbsd-tech&m=132573371521516&w=2 [3] http://marc.info/?l=openbsd-misc&m=132217547525487&w=2
Re: bgpctl shiw rib out displaying incorrect information
>flags destination gateway lpref med aspath origin >AI*> 10.0.1.0/24 172.29.1.200 100 0 i >current1# What is incorrect on this ?
HP DL320 G6 shared network adapter not working
Hello misc,
I am installing several HP DL320G6 servers and see there are some problems
with the Network Adapter that is shared with ILO2 .
When openbsd boots the ILO adapter becomes unavailable and within openbsd the
interface bge0 is not usable. It's connected at 10BaseT but in real it's
connected at 1000baseT .
Ifconfig :
bge0: flags=8802 mtu 1500
lladdr 1c:c1:de:f9:c6:50
priority: 0
media: Ethernet autoselect (10baseT full-duplex)
status: active
See below dmesg output :
OpenBSD 4.9 (GENERIC.MP) #794: Wed Mar 2 07:19:02 MST 2011
dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC.MP
cpu0: Intel(R) Xeon(R) CPU E5502 @ 1.87GHz ("GenuineIntel" 686-class) 1.87
GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3
,CX16,xTPR,PDCM,DCA,SSE4.1,SSE4.2,POPCNT
real mem = 3747340288 (3573MB)
avail mem = 3675897856 (3505MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 12/31/99, BIOS32 rev. 0 @ 0xf,
SMBIOS rev. 2.7 @ 0xdf7fe000 (134 entries)
bios0: vendor HP version "W07" date 01/29/2011
bios0: HP ProLiant DL320 G6
acpi0 at bios0: rev 2
acpi0: sleep states S0 S4 S5
acpi0: tables DSDT FACP SPCR MCFG HPET SPMI ERST APIC SRAT BERT HEST
DMAR SSDT SSDT SSDT
acpi0: wakeup devices PCI0(S4)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimcfg0 at acpi0 addr 0xe000, bus 0-63
acpihpet0 at acpi0: 14318179 Hz
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 16 (boot processor)
cpu0: apic clock running at 133MHz
cpu1 at mainbus0: apid 20 (application processor)
cpu1: Intel(R) Xeon(R) CPU E5502 @ 1.87GHz ("GenuineIntel" 686-class) 1.87
GHz
cpu1:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3
,CX16,xTPR,PDCM,DCA,SSE4.1,SSE4.2,POPCNT
ioapic0 at mainbus0: apid 8 pa 0xfec0, version 20, 24 pins
ioapic1 at mainbus0: apid 0 pa 0xfec8, version 20, 24 pins
acpiprt0 at acpi0: bus 1 (IP2P)
acpiprt1 at acpi0: bus 3 (NIB1)
acpiprt2 at acpi0: bus 4 (IPT5)
acpiprt3 at acpi0: bus -1 (PRB2)
acpiprt4 at acpi0: bus 10 (PT07)
acpiprt5 at acpi0: bus 7 (PT03)
acpiprt6 at acpi0: bus 13 (PT01)
acpiprt7 at acpi0: bus 0 (PCI0)
acpicpu0 at acpi0: C3, C3, C1
acpicpu1 at acpi0: C3, C3, C1
acpitz0 at acpi0: critical temperature 31 degC
bios0: ROM list: 0xc/0xb000 0xcb000/0x4000! 0xcf000/0x1a00
ipmi at mainbus0 not configured
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 0 function 0 "Intel 5500 Host" rev 0x13
ppb0 at pci0 dev 1 function 0 "Intel X58 PCIE" rev 0x13
pci1 at ppb0 bus 13
bnx0 at pci1 dev 0 function 0 "Broadcom BCM5709" rev 0x20: apic 0 int 4 (irq
7)
bnx1 at pci1 dev 0 function 1 "Broadcom BCM5709" rev 0x20: apic 0 int 16 (irq
11)
ppb1 at pci0 dev 3 function 0 "Intel X58 PCIE" rev 0x13
pci2 at ppb1 bus 7
ppb2 at pci0 dev 7 function 0 "Intel X58 PCIE" rev 0x13
pci3 at ppb2 bus 10
ciss0 at pci3 dev 0 function 0 "Hewlett-Packard Smart Array" rev 0x01: apic 0
int 6 (irq 7)
ciss0: 1 LD, HW rev 2, FW 3.00/3.00, 64bit fifo rro
scsibus0 at ciss0: 1 targets
sd0 at scsibus0 targ 0 lun 0: SCSI3 0/direct fixed
sd0: 286070MB, 512 bytes/sec, 585871964 sec total
pchb1 at pci0 dev 13 function 0 vendor "Intel", unknown product 0x343a rev
0x13
pchb2 at pci0 dev 13 function 1 vendor "Intel", unknown product 0x343b rev
0x13
pchb3 at pci0 dev 13 function 2 vendor "Intel", unknown product 0x343c rev
0x13
pchb4 at pci0 dev 13 function 3 vendor "Intel", unknown product 0x343d rev
0x13
pchb5 at pci0 dev 13 function 4 "Intel 5520/X58 QuickPath" rev 0x13
pchb6 at pci0 dev 13 function 5 "Intel 5520 QuickPath" rev 0x13
pchb7 at pci0 dev 13 function 6 vendor "Intel", unknown product 0x341a rev
0x13
pchb8 at pci0 dev 14 function 0 vendor "Intel", unknown product 0x341c rev
0x13
pchb9 at pci0 dev 14 function 1 vendor "Intel", unknown product 0x341d rev
0x13
pchb10 at pci0 dev 14 function 2 vendor "Intel", unknown product 0x341e rev
0x13
pchb11 at pci0 dev 14 function 3 vendor "Intel", unknown product 0x341f rev
0x13
pchb12 at pci0 dev 14 function 4 vendor "Intel", unknown product 0x3439 rev
0x13
"Intel X58 Misc" rev 0x13 at pci0 dev 20 function 0 not configured
"Intel X58 GPIO" rev 0x13 at pci0 dev 20 function 1 not configured
"Intel X58 RAS" rev 0x13 at pci0 dev 20 function 2 not configured
uhci0 at pci0 dev 26 function 0 "Intel 82801JI USB" rev 0x00: apic 8 int 20
(irq 5)
uhci1 at pci0 dev 26 function 1 "Intel 82801JI USB" rev 0x00: apic 8 int 23
(irq 7)
uhci2 at pci0 dev 26 function 2 "Intel 82801JI USB" rev 0x00: apic 8 int 22
(irq 10)
ehci0 at pci0 dev 26 function 7 "Intel 82801JI USB" rev 0x00: apic 8 int 22
(irq 10)
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 "Intel EHCI root hub" rev 2.00/1.00 addr 1
ppb3 at pci0 dev 28 function 0 "Intel 82801JI PCIE" rev 0x00
pci4 at ppb3 bus 2
ppb4 at pci4 dev 0 function 0 "ServerW
strange problem when using aliases
Hello All, There is a strange issue when using aliases on a network interface and the client is using the alias address as default gateway. For example i have : trunk0: flags=8943 mtu 1500 lladdr 00:18:fe:2e:e4:81 priority: 0 trunk: trunkproto failover trunkport em1 trunkport em0 master,active groups: trunk media: Ethernet autoselect status: active inet 10.135.166.7 netmask 0xff00 broadcast 10.135.166.255 inet6 fe80::218:feff:fe2e:e481%trunk0 prefixlen 64 scopeid 0x9 inet 10.135.166.3 netmask 0x broadcast 10.135.166.3 inet 10.135.166.17 netmask 0x broadcast 10.135.166.17 Now when the client uses the address 10.135.166.3 as default gateway and use some application that is running on a server behind the router 10.135.166.1 the application works slow or sometimes not even working. When i change the gateway to 10.135.166.7 it works perfectly . Can anyone tell me what i am doing wrong ? Thanks! Peter
routing issue with carp
Hello list, I have a setup with 2 firewalls (openbsd 4.7 MP ) and using carp for redundancy. All systems are using the ip number of the inside carp interface as default gateway. There is another router in that subnet that is used to reach another network so i have static route to that network on the firewall systems. For example : clients are in network 10.1.1.0/24 and carp interface ip is 10.1.1.3 and the other router in het network is 10.1.1.1 . Both firewalls also have a ip number on the physical interface in that subnet, for example firewall1 has 10.1.1.7 and firewall2 has 10.1.1.8. The static route on the firewalls is 10.0.0.0/8 via 10.1.1.1 . Now the problem is that not all traffic goes very well to the 10.0.0.0/8 network, most of the traffic takes longer to complete or connections are broken sometimes. The clients are using a terminal client to reach a AS400 system and when they do some print jobs it takes 10 or 20 times much longer to complete that print. The weird thing about this is that when set the client gateway to 10.1.1.7 ( assuming that one is the master) there are no problems , also when i created a static route on the client for 10.0.0.0/8 via 10.1.1.1 . Any have clue how to fix this without placing the other router in a different subnet or using static routes on the clients ? Many thanks, Peter
Re: Boxes hanging intermittently. Anybody seen such ?
For me the same issue on a couple of boxes. The only common thing for me is : - Soekris - SpamAssassin - Clamav-milter - PF + spamd - Sendmail Most of the boxes runs without any problems for years and sometimes it dies... Peter On Mon, 17 Aug 2009, Michal wrote: Is there a set time when this will happen, say after it's been up for ~5 hours, or is it completely random, 2 days one time, 1 hour another -Original Message- From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of Andres Salazar Sent: 17 August 2009 01:29 To: misc@openbsd.org Subject: Boxes hanging intermittently. Anybody seen such ? Hello, During the past week two boxes two boxes on the same network have stopped responding, they carry OpenBSD 4.5 i386 and I have logged at every possible log to find out why this occurs however I havent been able to spot anything unusual. All of the sudden they just stop responding requests. What these freezes do have in common is that when the boxes are reached via the KVM they present the login screen, they allow text to be entered in the login field... but upon hitting enter for it to ask the password thats when it just hangs. Iam afraid this will keep on happening and I woudl like to know if anybody has experienced this before.. these have been perfectly working boxes and it would be just odd both would have the same problem in the same few days. Upon a reboot everything returns to normal. Thank you. Andres
Re: undeadly.org IPv6 reachability
On Sun, 16 Aug 2009, Denis Fondras wrote: Hello Misc, Since a few day, I can't connect to Undeadly.org over IPv6 (works well over v4). For me the same, takes forever to load the page. gr, peter
Re: Ultrabasic guide to NAT
On Fri, 3 Jul 2009, Manuel Ravasio wrote: I'm still missing a point: how do I map more than 1 IP address on a single physical interface? Is there something like Linux' and Solaris' ifconfig [interface]:1 blah blah blah ? ifconfig ifname alias ipnumber 255.255.255.255
apache DOS tool
Hi, Today i some pages are publishing news about a apache DOS tool for example (http://isc.sans.org/diary.html?storyid=6601) and http://ha.ckers.org/blog/20090617/slowloris-http-dos/ Does this applies to the openbsd apache to ? Peter
Re: slim and capable hardware for firewalls use
The HP DL360 works very well. We are running more then 40 of those systems for more then 5 years now. I have tried some DL320 but they are not that fast as the 360's and i don't like ATA/SATA . On Mon, 15 Jun 2009, Peter N. M. Hansteen wrote: I've been asked to hunt for hardware that meets roughly these specs: * preferably in a 1u, space for two autonomous machines with as many Ethernet interfaces as will physically fit the form factor * Gigabit capable Anything else is really just a bonus, 'works with OpenBSD' is a must, onboard graphics, sound etc is totally irellevant, humans will interact physically with this only rarely if we do this right. The location is in northern Europe, anybody who is not scared of shipping there is fine with us. Any war stories, notes or anecdotes (including don't do this, go for $foo instead) welcome. The amount of misleadingly tagged webshop pages stuffed to the brim with inane animated and barely related ads sort of got to me at one point. All the best, Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
