iked log messages when no traffic is on vpn tunnel
Hello Misc, I configured a site-to-site vpn between OpenBSD 6.3 device with iked and Microsoft Azure. The VPN tunnel works fine however when there is no traffic on the vpn my /var/log/daemon is spammed every 2 seconds with the following : Jun 19 22:59:13 obsd iked[33937]: ikev2_recv: INFORMATIONAL request from responder :500 to :500 policy 'Azure EUW' id 108, 88 bytes Jun 19 22:59:13 obsd iked[33937]: ikev2_msg_send: INFORMATIONAL response from :500 to :500 msgid 108, 88 bytes My iked.conf is : ikev2 "Azure EUW" \ active esp \ from 172.31.254.0/24 to 172.21.0/24 \ from 172.31.254.0/24 to 172.21.10/24 \ peer local \ ikesa enc aes-256 auth hmac-sha2-384 group ecp384 prf hmac-sha2-384 \ childsa enc aes-256 auth hmac-sha1 group ecp384 \ psk "somethingverysecret" Is there something I did wrong ? Met vriendelijke groet/Kind Regards, Peter van Oord van der Vlies
Re: 6.3 just died (not for the first time)
Hi Harald, > >please check the threads on the b...@openbsd.org mailing list. The patch >posted by Martin Pieuchot seemst to help. Its running on my hosts for >5 days without any hiccup. I applied them also on my systems on the 22 and they are still stable. So it seems this works. Kind Regards, Peter
Re: 6.3 just died (not for the first time)
Hello, Anyone found an solution for this or is there more information required ? This night it happened 2 times in less then 3 hours time. Please let me know. Running 6.3 with all syspatches applied. Kind Regards, Peter van Oord van der Vlies On 15/05/2018, 23:30, "owner-m...@openbsd.org on behalf of Harald Dunkel" wrote: Hi folks, 6.3 just died. Last words: login: kernel: protection fault trap, code=0 Stopped at export_sa+0x5c: movl0(%rcx),%ecx ddb{0}> show panic the kernel did not panic ddb{0}> trace export_sa(10,800033445e70) at export_sa+0x5c pfkeyv2_expire(813d4c00,813d4c00) at pfkeyv2_expire+0x14e tdb_timeout(800033446020) at tdb_timeout+0x39 softclock_thread(0) at softclock_thread+0xc6 end trace frame: 0x0, count: -4 ddb{0}> show registers rdi 0x800033445e98 rsi 0x813d4c00 rbp 0x800033445e70 rbx 0x800033445e98 rdx 0x81abdff0cpu_info_full_primary+0x1ff0 rcx 0xdeadbeefdeadbeef rax 0x81387510 r8 0x120 r90x81aa58d8netlock r10 0x r11 0x800033445ea0 r12 0x81387500 r13 0x3 r14 0x813d4c00 r15 0x90 rip 0x8121fefcexport_sa+0x5c cs 0x8 rflags 0x10282__ALIGN_SIZE+0xf282 rsp 0x800033445e70 ss 0x10 export_sa+0x5c: movl0(%rcx),%ecx ddb{0}> ps PID TID PPIDUID S FLAGS WAIT COMMAND 74371 82200 1 0 30x82 ttyopngetty 64133 371566 1 0 30x100083 ttyin getty 73177 400616 1 0 30x100083 ttyin getty 2198 160363 1 0 30x100083 ttyin getty 66943 62449 1 0 30x100083 ttyin getty 77195 409193 1 0 30x100083 ttyin getty 30152 89639 1 0 30x100083 ttyin getty 54326 20290 1 0 30x100098 poll cron 813086330 1 0 30x80 kqreadapmd 21604 251912 61088 74 30x100092 bpf pflogd 61088 386173 1 0 30x80 netio pflogd 38994 395332 22137623 30x90 nanosleep zabbix_agentd 92334 256603 22137623 30x90 selectzabbix_agentd 5776 303931 22137623 30x90 netconzabbix_agentd 71818 109922 22137623 30x90 selectzabbix_agentd 28432 430198 22137623 30x90 nanosleep zabbix_agentd 55014 131036 54187 74 30x100092 bpf pflogd 54187 404660 1 0 30x80 netio pflogd 32954 132161 74424 74 30x100092 bpf pflogd 74424 72323 1 0 30x80 netio pflogd 22137 193504 1623 30x90 wait zabbix_agentd 230166037 1 0 30x80 poll openvpn 27849 148250 1 0 30x80 poll openvpn 78572 192037 1 0 30x80 poll openvpn 83974 209100 1 0 30x80 poll openvpn 1297 379204 1 99 30x100090 poll sndiod 72635 52767 1110 30x100090 poll sndiod 59204 423537 1 62 30x100090 bpf spamlogd 51694 290283 46867 62 30x100090 piperdspamd 76899 369277 46867 62 30x100090 poll spamd 46867 52758 1 62 30x100090 nanosleep spamd 51631 64028 1109 30x90 kqreadftp-proxy 74489 238300 13002 95 30x100092 kqreadsmtpd 69227 383337 13002103 30x100092 kqreadsmtpd 95912 255952 13002 95 30x100092 kqreadsmtpd 52092 398675 13002 95 30x100092 kqreadsmtpd 15268 264170 13002 95 30x100092 kqreadsmtpd 23823 51587 13002 95 30x100092 kqreadsmtpd 13002 289905 1 0 30x100080 kqreadsmtpd 39875 399764 1 0 30x80 selectsshd 84492 73143 16575 68 70x90sasyncd 16575 267935 1 0 30x80 selectsasyncd 5600 244082 24905 68 70x10isakm
Re: 6.3 just died (not for the first time)
I have seen the same error here on a host around 2 days after the upgrade to 6.3 inclusing patches. The keyboard wasnt working for me but the panic was the same. Op 15 mei 2018 om 23:30 heeft Harald Dunkel mailto:harald.dun...@aixigo.de>> het volgende geschreven: Hi folks, 6.3 just died. Last words: login: kernel: protection fault trap, code=0 Stopped at export_sa+0x5c: movl0(%rcx),%ecx ddb{0}> show panic the kernel did not panic ddb{0}> trace export_sa(10,800033445e70) at export_sa+0x5c pfkeyv2_expire(813d4c00,813d4c00) at pfkeyv2_expire+0x14e tdb_timeout(800033446020) at tdb_timeout+0x39 softclock_thread(0) at softclock_thread+0xc6 end trace frame: 0x0, count: -4 ddb{0}> show registers rdi 0x800033445e98 rsi 0x813d4c00 rbp 0x800033445e70 rbx 0x800033445e98 rdx 0x81abdff0cpu_info_full_primary+0x1ff0 rcx 0xdeadbeefdeadbeef rax 0x81387510 r8 0x120 r90x81aa58d8netlock r10 0x r11 0x800033445ea0 r12 0x81387500 r13 0x3 r14 0x813d4c00 r15 0x90 rip 0x8121fefcexport_sa+0x5c cs 0x8 rflags 0x10282__ALIGN_SIZE+0xf282 rsp 0x800033445e70 ss 0x10 export_sa+0x5c: movl0(%rcx),%ecx ddb{0}> ps PID TID PPIDUID S FLAGS WAIT COMMAND 74371 82200 1 0 30x82 ttyopngetty 64133 371566 1 0 30x100083 ttyin getty 73177 400616 1 0 30x100083 ttyin getty 2198 160363 1 0 30x100083 ttyin getty 66943 62449 1 0 30x100083 ttyin getty 77195 409193 1 0 30x100083 ttyin getty 30152 89639 1 0 30x100083 ttyin getty 54326 20290 1 0 30x100098 poll cron 813086330 1 0 30x80 kqreadapmd 21604 251912 61088 74 30x100092 bpf pflogd 61088 386173 1 0 30x80 netio pflogd 38994 395332 22137623 30x90 nanosleep zabbix_agentd 92334 256603 22137623 30x90 selectzabbix_agentd 5776 303931 22137623 30x90 netconzabbix_agentd 71818 109922 22137623 30x90 selectzabbix_agentd 28432 430198 22137623 30x90 nanosleep zabbix_agentd 55014 131036 54187 74 30x100092 bpf pflogd 54187 404660 1 0 30x80 netio pflogd 32954 132161 74424 74 30x100092 bpf pflogd 74424 72323 1 0 30x80 netio pflogd 22137 193504 1623 30x90 wait zabbix_agentd 230166037 1 0 30x80 poll openvpn 27849 148250 1 0 30x80 poll openvpn 78572 192037 1 0 30x80 poll openvpn 83974 209100 1 0 30x80 poll openvpn 1297 379204 1 99 30x100090 poll sndiod 72635 52767 1110 30x100090 poll sndiod 59204 423537 1 62 30x100090 bpf spamlogd 51694 290283 46867 62 30x100090 piperdspamd 76899 369277 46867 62 30x100090 poll spamd 46867 52758 1 62 30x100090 nanosleep spamd 51631 64028 1109 30x90 kqreadftp-proxy 74489 238300 13002 95 30x100092 kqreadsmtpd 69227 383337 13002103 30x100092 kqreadsmtpd 95912 255952 13002 95 30x100092 kqreadsmtpd 52092 398675 13002 95 30x100092 kqreadsmtpd 15268 264170 13002 95 30x100092 kqreadsmtpd 23823 51587 13002 95 30x100092 kqreadsmtpd 13002 289905 1 0 30x100080 kqreadsmtpd 39875 399764 1 0 30x80 selectsshd 84492 73143 16575 68 70x90sasyncd 16575 267935 1 0 30x80 selectsasyncd 5600 244082 24905 68 70x10isakmpd 24905 484997 1 0 30x80 netio isakmpd 15412 155977 1 0 30x100080 poll ntpd 71665 62722 35888 83 30x100092 poll ntpd 35888 382324 1 83 30x100092 poll ntpd 79699 454922 42559 74 30x100092 bpf pflogd 42559 472293 1 0 30x80 netio pflogd 90864 469513 67456 73 30x100090 kqreadsyslogd 67456 146341 1 0 30x100082
Re: Failed syspatch 63-007 on i386 (verified but gzip i/o error)
Same here. Best Regards, Peter van Oord van der Vlies - Dear misc@, I do not know which mailing list is the best one for such report, so I start here. Syspatch worked properly for 63-006 but syspatch fails on 63-007. I tried without rebooting after 006 and after rebooting. Both situation shows the same error pasted below. Kernel relinked properly after applying 006. Syspatch worked well for both on my other machine which is an amd64. Is it necessary to provide more than the dmesg for the machine ? HTH raph $ doas syspatch Get/Verify syspatch63-007_libcryp... 100% |***| 5312 KB00:10 Installing patch 007_libcrypto gzip: stdin: Input/output error tar: End of archive volume 1 reached OpenBSD 6.3 (GENERIC) #2: Sun May 6 19:34:57 CEST 2018 r...@syspatch-63-i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Pentium(R) M processor 1.10GHz ("GenuineIntel" 686-class) 1.10 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,TM,PBE,NXE,EST,TM2,PERF real mem = 1333088256 (1271MB) avail mem = 1294856192 (1234MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: date 12/25/05, BIOS32 rev. 0 @ 0xffe90, SMBIOS rev. 2.3 @ 0xf81a0 (45 entries) bios0: vendor Dell Inc. version "A05" date 12/25/2005 bios0: Dell Inc. Latitude X1 acpi0 at bios0: rev 0 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP APIC ASF! MCFG SSDT SSDT SSDT acpi0: wakeup devices LID_(S3) PBTN(S4) PCI0(S5) USB0(S0) USB1(S0) USB2(S0) USB4(S0) USB3(S0) MODM(S3) PCIE(S4) NIC_(S5) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges cpu0: apic clock running at 99MHz ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 24 pins , remapped to apid 1 acpimcfg0 at acpi0 addr 0xe000, bus 0-255 acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 2 (PCIE) acpicpu0 at acpi0: !C3(100@185 io@0x1016), !C3(250@85 io@0x1015), !C2(500@1 io@0x1014), C1(1000@1 halt), PSS acpitz0 at acpi0: critical temperature is 95 degC acpiac0 at acpi0: AC unit offline acpibat0 at acpi0: BAT0 model "DELL 00" serial 3840 type LION oem "PSm" acpibtn0 at acpi0: LID_ acpibtn1 at acpi0: PBTN acpibtn2 at acpi0: SBTN acpivideo0 at acpi0: VID_ acpivideo1 at acpi0: VID2 bios0: ROM list: 0xc/0xf800! 0xcf800/0x800 cpu0: Enhanced SpeedStep 1098 MHz: speeds: 1100, 800, 600 MHz pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 "Intel 82915GM Host" rev 0x03 inteldrm0 at pci0 dev 2 function 0 "Intel 82915GM Video" rev 0x03 drm0 at inteldrm0 intagp0 at inteldrm0 agp0 at intagp0: aperture at 0xc000, size 0x1000 inteldrm0: apic 1 int 16 inteldrm0: 1280x768, 32bpp wsdisplay0 at inteldrm0 mux 1: console (std, vt100 emulation) wsdisplay0: screen 1-5 added (std, vt100 emulation) "Intel 82915GM Video" rev 0x03 at pci0 dev 2 function 1 not configured ppb0 at pci0 dev 28 function 0 "Intel 82801FB PCIE" rev 0x03: apic 1 int 16 pci1 at ppb0 bus 1 bge0 at pci1 dev 0 function 0 "Broadcom BCM5751" rev 0x01, BCM5750 A1 (0x4001): apic 1 int 16, address 00:13:72:6a:8c:dc brgphy0 at bge0 phy 1: BCM5750 10/100/1000baseT PHY, rev. 0 uhci0 at pci0 dev 29 function 0 "Intel 82801FB USB" rev 0x03: apic 1 int 16 uhci1 at pci0 dev 29 function 1 "Intel 82801FB USB" rev 0x03: apic 1 int 17 uhci2 at pci0 dev 29 function 2 "Intel 82801FB USB" rev 0x03: apic 1 int 18 uhci3 at pci0 dev 29 function 3 "Intel 82801FB USB" rev 0x03: apic 1 int 19 ehci0 at pci0 dev 29 function 7 "Intel 82801FB USB" rev 0x03: apic 1 int 16 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 configuration 1 interface 0 "Intel EHCI root hub" rev 2.00/1.00 addr 1 ppb1 at pci0 dev 30 function 0 "Intel 82801BAM Hub-to-PCI" rev 0xd3 pci2 at ppb1 bus 2 cbb0 at pci2 dev 1 function 0 "Ricoh 5C476 CardBus" rev 0xb3: apic 1 int 19 "Ricoh 5C552 Firewire" rev 0x08 at pci2 dev 1 function 1 not configured sdhc0 at pci2 dev 1 function 2 "Ricoh 5C822 SD/MMC" rev 0x17: apic 1 int 17 sdhc0: SDHC 1.0, 33 MHz base clock sdmmc0 at sdhc0: 4-bit, sd high-speed, mmc high-speed iwi0 at pci2 dev 3 function 0 "Intel PRO/Wireless 2200BG" rev 0x05: apic 1 int 17, address 00:13:c
Re: ipv6 nd
Hello Misc, Below worked now after i upgraded to openbsd 6.3, no config changes done since it was running 6.2 /etc/dhcpcd.conf ipv6only duid persistent option rapid_commit noipv6rs option interface_mtu require dhcp_server_identifier allowinterfaces pppoe0 vether6 interface pppoe0 ia_pd 2 vether6/1 #slaac private Van: Peter van Oord van der Vlies Verzonden: dinsdag 20 maart 2018 00:27 Aan: misc@openbsd.org Onderwerp: ipv6 nd Hello Misc, Today i replaced my cisco 881 because it wasn't able to handle the bandwidth anymore. I had a working ipv6 setup for years with the following relevant part from my cisco wan interface config part: ipv6 address autoconfig ipv6 enable ipv6 nd ra interval 30 ipv6 dhcp client pd my_prefix rapid-commit On my obsd wan interface i did ifconfig pppoe0 inet6 autoconf but i am not getting any global address. Anyone here that can set me into the right direction ? Thanks! Peter
Re: ipv6 nd
On Tue, Mar 20, 2018 at 08:47:26AM +0100, Mischa wrote: > > On 20 Mar 2018, at 08:41, Marc Peters wrote: > > > > I use dhcpcd for on the WAN Interface to receive the prefix delegation. On > > the internal network, i use slaac with rtadvd. The README for dhcpcd > > provides the necessary information. > > Is dhcpd able to pickup IPv6? I thought this needed to be done with > wide-dhcpv6? > The one thing I don't like about IPv6 at the moment, the trouble you need to > go through to get a IPv6 address on a PPPoE interface. :( > > Mischa > > Yes, it is: > https://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/ports/net/dhcpcd/pkg/README?rev=1.5&content- > type=text/plain&only_with_tag=HEAD > At the moment, i only have a link-local address on the external interface > configured, which gets it router via slaac and router > advertisements. The > external addresses are only on the internal facing interface and on these > hosts. I tried with dhcpcd, my configuration for dhcpcd.conf is: #controlgroup wheel #hostname #clientid ipv6only duid persistent option rapid_commit noipv6rs option interface_mtu require dhcp_server_identifier allowinterfaces pppoe0 vether6 interface pppoe0 ia_pd 2 vether6/1 #slaac private No prefixes received. Thanks Peter
Re: ipv6 nd
On Tue, Mar 20, 2018 at 12:19:09AM +, Peter van Oord van der Vlies wrote: > > > > Is slaacd or a dhcpv6 client running? > > Yes i tried with slaacd > Does `slaacctl show interface $if` reflect that a router advertisement > has been received? No, only this : #slaacctl show interface pppoe0 pppoe0: index: 10 running: yes privacy: yes lladdr: 00:00:00:00:00:00 inet6: fe80::200:24ff:fed0:1db0%pppoe0 > -- > 0x7D964D3361142ACF
Re: ipv6 nd
> Is slaacd or a dhcpv6 client running? Yes i tried with slaacd > -- > 0x7D964D3361142ACF On Mon, Mar 19, 2018, at 16:27, Peter van Oord van der Vlies wrote: > Hello Misc, > > > Today i replaced my cisco 881 because it wasn't able to handle the > bandwidth anymore. > > > I had a working ipv6 setup for years with the following relevant part > from my cisco wan interface > > config part: > > ipv6 address autoconfig > > ipv6 enable > > ipv6 nd ra interval 30 > > ipv6 dhcp client pd my_prefix rapid-commit > > On my obsd wan interface i did ifconfig pppoe0 inet6 autoconf but i am not > getting any global address. > > Anyone here that can set me into the right direction ? > > Thanks! > > Peter > >
ipv6 nd
Hello Misc, Today i replaced my cisco 881 because it wasn't able to handle the bandwidth anymore. I had a working ipv6 setup for years with the following relevant part from my cisco wan interface config part: ipv6 address autoconfig ipv6 enable ipv6 nd ra interval 30 ipv6 dhcp client pd my_prefix rapid-commit On my obsd wan interface i did ifconfig pppoe0 inet6 autoconf but i am not getting any global address. Anyone here that can set me into the right direction ? Thanks! Peter
isakmp crash
Hello Misc, I have 2 firewalls in a failover setup running site-to-site vpn tunnels. Once in a while ISAKMP stops, not always i can find the stop error but 2 times i have seen now this error : sendmsg (48, 0x7f7dee10, 0): No buffer space available The systems are on OpenBSD 6.0 now but on 5.9 we had the same issue. Anyone know a fix/workaround for this ? Br, Peter
Re: hotmail rejecting messages relay=mx4.hotmail.com., dsn=5.1.2, stat=Host unknown (Unknown error: 275)
> Op 23 mei 2015 om 17:54 heeft Peter Fraser het volgende > geschreven: > > Any message sent to send mail seems to be rejected. The mx4 name changes, but > the rejection is always the same. > It would be nice to know what the unknown error is > > Does anyone have any idea what is causing the problems Since friday we have the same problem on different servers. I am happy to see this is a global issue... > > I am currently using OpenBSD 5.5 with sendmail > (I know I should update it but I haven't got around to it yet) > I am with openbsd 5.5 too, lower versions also but havent checked yet.
IPSEC with redundant remote peer address
Hello List, Does anyone know a way to built a setup when remote IPSEC endpoint got a failover setup on the IPSEC side ? On cisco IOS it's possible to configure multiple peers, when a peer dies it will try the other on the list. Anyone tried to fix this when the remote end is a cisco IOS device and other side is openbsd box ? Kind Regards, Peter
Re: Is Soekris OpenBSD friendly?
for sure it’s a good device with openbsd, only price is sometimes an issue. I have been using it for more then 8 years now and works great, never had an hardware failure. Even the oldest devices are still up and running but are getting to slow.. On 16 Nov 2013, at 01:03, SmithS wrote: > Greetings misc@. After coming across a link[1] to make an OpenBSD > router using a "Soekris" device, I think I will make one. Does anyone > else have this hardware and can verify all the components work? > I think Intel NICs are good, but everything else? I have never heard > of this brand before so I want to be safe before buying. The model > number[2] is "6501-30" > > [1] http://www.bsdnow.tv/tutorials/openbsd-router > [2] https://soekris.com/products/net6501/net6501-30-board-case.html > > greetz, > SmithS
Re: www.openbsd.org down?
http://www.isup.me/www.openbsd.org it's down ( also from the netherlands ) On Jun 25, 2013, at 1:17 PM, Killman BOFH wrote: > http://www.isup.me/openbsd.org > > > *Enterprise Networks* > Blog: unixlegion.com > GPG Key: *0xBBDC0CDE* > OpenNIC Project: opennic.sle.ec > *IT Security - ISO 27000 - Packet Core* > Phone: +593 995 956811 | +593 07 2952-763 > This email and any files transmitted with it are confidential and intended > solely for the use of the individual or entity to whom they are addressed. > If you have received this email in error please notify the system manager. > > > On Tue, Jun 25, 2013 at 6:13 AM, Killman BOFH wrote: > >> Apparently a problem with DNS A record >> >> www.openbsd.org is down but openbsd.org is up! >> >> >> >> >> >> *Enterprise Networks* >> Blog: unixlegion.com >> GPG Key: *0xBBDC0CDE* >> OpenNIC Project: opennic.sle.ec >> *IT Security - ISO 27000 - Packet Core* >> Phone: +593 995 956811 | +593 07 2952-763 >> This email and any files transmitted with it are confidential and intended >> solely for the use of the individual or entity to whom they are addressed. >> If you have received this email in error please notify the system manager. >> >> >> On Tue, Jun 25, 2013 at 6:05 AM, Johan Mellberg >> wrote: >> >>> 25 jun 2013 kl. 12:53 skrev "Nenhum_de_Nos" : >>> On Tue, June 25, 2013 06:56, Yusof Khalid - FreeBSD / OpenBSD wrote: > Yeah can't access from here (Kuala Lumpur, MY) Can't access from Brazil. matheus -- >>> Ok, now it's down from Sweden too.
Re: OpenSMTPD getting closer to stable ;-)
Hello Gilles, For me it was already stable since OpenBSD 4.9 :) Using it as relay for 27 webservers for commercial shops online ( we donate by buying openbsd cd's ). Not rebooted the system 189 days ( before it was done for some virtual machine migration ). Below the stats : # smtpctl show stats control.sessions=9310 control.sessions.active=1 control.sessions.maxactive=1 mda.sessions=0 mda.sessions.active=0 mda.sessions.maxactive=0 mta.sessions=406827 mta.sessions.active=0 mta.sessions.maxactive=92 lka.sessions=944281 lka.sessions.active=0 lka.sessions.maxactive=20 lka.sessions.mx=0 lka.sessions.host=406827 lka.sessions.cname=537454 lka.sessions.failure=92372 parent.uptime=16414555 queue.inserts.local=0 queue.inserts.remote=317091 runner=466848 runner.active=0 runner.maxactive=95 runner.bounces=39744 runner.bounces.active=0 runner.bounces.maxactive=28 ramqueue.hosts.active=0 ramqueue.batches.active=0 ramqueue.messages.active=0 ramqueue.envelopes.active=0 ramqueue.hosts.maxactive=85 ramqueue.batches.maxactive=501 ramqueue.messages.maxactive=388 ramqueue.envelopes.maxactive=561 ramqueue.size=0 ramqueue.size.max=772620 smtp.errors.delays=0 smtp.errors.linetoolong=13 smtp.errors.read_eof=88224 smtp.errors.read_system=185 smtp.errors.read_timeout=4 smtp.errors.tempfail=0 smtp.errors.toofast=0 smtp.errors.write_eof=0 smtp.errors.write_system=0 smtp.errors.write_timeout=0 smtp.sessions=170563 smtp.sessions.inet4=130629 smtp.sessions.inet6=0 smtp.sessions.aborted=88409 smtp.sessions.active=0 smtp.sessions.maxactive=29 smtp.sessions.timeout=4 smtp.sessions.smtps=0 smtp.sessions.smtps.active=0 smtp.sessions.smtps.maxactive=0 smtp.sessions.starttls=0 smtp.sessions.starttls.active=0 smtp.sessions.starttls.maxactive=0 Keep up the good work ! Kind Regards, Peter van Oord van der Vlies Van: owner-m...@openbsd.org [owner-m...@openbsd.org] namens Gilles Chehade [gil...@poolp.org] Verzonden: maandag 20 augustus 2012 23:01 Aan: misc@openbsd.org CC: t...@openbsd.org Onderwerp: OpenSMTPD getting closer to stable ;-) Dear misc@ and tech@, We are getting closer to a stable version of OpenSMTPD and now would be the perfect time for you to start stress-testing and trying to crash it in various ways to make sure it is rock-solid. Eric's recent commits brought to the daemon a brand new scheduler and mta logic which we started working on during the last hackaton, and that is much much much more efficient than what we had before. It just needs to be heavily tested ;-) What's in -current now is very very close to what we want for the first release, minus minor bugfixes and one additional feature we'll work on. There will be no major feature written and committed for our very first release, so just make sure that you test it enough so that we can reach the quality you'd expect from us. Please let us know if it works fine for you or if you hit bugs. You can mail us three (eric@, chl@, gilles@). Do no spam the lists ;-) Thanks -- Gilles Chehade https://www.poolp.org @poolpOrg
Re: Unbound in base
Hello, Why replacing bind ? Kind Regards Peter - Oorspronkelijk bericht - Van: Bjvrn Ketelaars [mailto:bjorn.ketela...@hydroxide.nl] Verzonden: Monday, February 13, 2012 10:35 PM Aan: misc@openbsd.org ; t...@openbsd.org Onderwerp: Unbound in base Hello, After some recent discussions [1, 2] on the topic of unbound in base, and (more important) really liking the idea of an alternative for BIND in base, I made a start with fitting the different pieces of the puzzle. What is finished: 1.) Integration of ldns 1.6.12 and unbound 1.4.15 and writing of relevant Makefile wrappers. Wrapper script also compiles and installs drill; 2.) Testing (read: does it compile and work) on AMD64. Stuart Henderson had some good remarks on integrating the above [3]. What do you guys think of the following: What to do with the BIND tools (dig/host/nslookup)? Unbound offers drill. From drill.1: "The name drill is a pun on dig. With drill you should be able get even more information than with dig.". Proposal therefore is to replace the BIND tools with drill. Do we run unbound-anchor automatically? if so, how do we handle possibly not having working DNS at that time to resolve data.iana.org (http://data.iana.org) (http://data.iana.org)? >From unbound-anchor.8 I understand that unbound-anchor can be run from the command line, or run as part of startup scripts _before_ the actual (unbound) DNS server is started. So there is no need for DNS. Proposal therefor is to run unbound-anchor automatically before starting the unbound daemon (rc_pre in unbound rc-script). How and when do we automatically generate unbound-control keys? if so, where should that be done? b& >From unbound-control.8: The script unbound-control-setup generates these control keys in the default run directory. If you change the access control permissions on the key files you can decide who can use unbound-control. Run the script under the same username as you have configured in unbound.conf or as root, so that the daemon is permitted to read the files, for example with: sudo -u unbound unbound-control-setup. If you have not configured a username in unbound.conf, the keys need read permission for the user credentials under which the daemon is started. The script preserves private keys present in the directory. After running the script as root, turn on control-enable in unbound.conf. The unbound-control-script can be called from rc->make_keys(). The knob 'control-enable' can be set as default. After tar/gzip the source files and Makefile wrappers weigh ~4.6MB. A bit to large to send to this list. if anyone feels like looking at the workb&do not hesitate to mail me. Again, what do you guys think? Kind regards, BjC6rn [1] http://marc.info/?l=openbsd-misc&m=132205020820910&w=2 [2] http://marc.info/?l=openbsd-tech&m=132573371521516&w=2 [3] http://marc.info/?l=openbsd-misc&m=132217547525487&w=2
Re: bgpctl shiw rib out displaying incorrect information
>flags destination gateway lpref med aspath origin >AI*> 10.0.1.0/24 172.29.1.200 100 0 i >current1# What is incorrect on this ?
HP DL320 G6 shared network adapter not working
Hello misc, I am installing several HP DL320G6 servers and see there are some problems with the Network Adapter that is shared with ILO2 . When openbsd boots the ILO adapter becomes unavailable and within openbsd the interface bge0 is not usable. It's connected at 10BaseT but in real it's connected at 1000baseT . Ifconfig : bge0: flags=8802 mtu 1500 lladdr 1c:c1:de:f9:c6:50 priority: 0 media: Ethernet autoselect (10baseT full-duplex) status: active See below dmesg output : OpenBSD 4.9 (GENERIC.MP) #794: Wed Mar 2 07:19:02 MST 2011 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC.MP cpu0: Intel(R) Xeon(R) CPU E5502 @ 1.87GHz ("GenuineIntel" 686-class) 1.87 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3 ,CX16,xTPR,PDCM,DCA,SSE4.1,SSE4.2,POPCNT real mem = 3747340288 (3573MB) avail mem = 3675897856 (3505MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 12/31/99, BIOS32 rev. 0 @ 0xf, SMBIOS rev. 2.7 @ 0xdf7fe000 (134 entries) bios0: vendor HP version "W07" date 01/29/2011 bios0: HP ProLiant DL320 G6 acpi0 at bios0: rev 2 acpi0: sleep states S0 S4 S5 acpi0: tables DSDT FACP SPCR MCFG HPET SPMI ERST APIC SRAT BERT HEST DMAR SSDT SSDT SSDT acpi0: wakeup devices PCI0(S4) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimcfg0 at acpi0 addr 0xe000, bus 0-63 acpihpet0 at acpi0: 14318179 Hz acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 16 (boot processor) cpu0: apic clock running at 133MHz cpu1 at mainbus0: apid 20 (application processor) cpu1: Intel(R) Xeon(R) CPU E5502 @ 1.87GHz ("GenuineIntel" 686-class) 1.87 GHz cpu1: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3 ,CX16,xTPR,PDCM,DCA,SSE4.1,SSE4.2,POPCNT ioapic0 at mainbus0: apid 8 pa 0xfec0, version 20, 24 pins ioapic1 at mainbus0: apid 0 pa 0xfec8, version 20, 24 pins acpiprt0 at acpi0: bus 1 (IP2P) acpiprt1 at acpi0: bus 3 (NIB1) acpiprt2 at acpi0: bus 4 (IPT5) acpiprt3 at acpi0: bus -1 (PRB2) acpiprt4 at acpi0: bus 10 (PT07) acpiprt5 at acpi0: bus 7 (PT03) acpiprt6 at acpi0: bus 13 (PT01) acpiprt7 at acpi0: bus 0 (PCI0) acpicpu0 at acpi0: C3, C3, C1 acpicpu1 at acpi0: C3, C3, C1 acpitz0 at acpi0: critical temperature 31 degC bios0: ROM list: 0xc/0xb000 0xcb000/0x4000! 0xcf000/0x1a00 ipmi at mainbus0 not configured pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 "Intel 5500 Host" rev 0x13 ppb0 at pci0 dev 1 function 0 "Intel X58 PCIE" rev 0x13 pci1 at ppb0 bus 13 bnx0 at pci1 dev 0 function 0 "Broadcom BCM5709" rev 0x20: apic 0 int 4 (irq 7) bnx1 at pci1 dev 0 function 1 "Broadcom BCM5709" rev 0x20: apic 0 int 16 (irq 11) ppb1 at pci0 dev 3 function 0 "Intel X58 PCIE" rev 0x13 pci2 at ppb1 bus 7 ppb2 at pci0 dev 7 function 0 "Intel X58 PCIE" rev 0x13 pci3 at ppb2 bus 10 ciss0 at pci3 dev 0 function 0 "Hewlett-Packard Smart Array" rev 0x01: apic 0 int 6 (irq 7) ciss0: 1 LD, HW rev 2, FW 3.00/3.00, 64bit fifo rro scsibus0 at ciss0: 1 targets sd0 at scsibus0 targ 0 lun 0: SCSI3 0/direct fixed sd0: 286070MB, 512 bytes/sec, 585871964 sec total pchb1 at pci0 dev 13 function 0 vendor "Intel", unknown product 0x343a rev 0x13 pchb2 at pci0 dev 13 function 1 vendor "Intel", unknown product 0x343b rev 0x13 pchb3 at pci0 dev 13 function 2 vendor "Intel", unknown product 0x343c rev 0x13 pchb4 at pci0 dev 13 function 3 vendor "Intel", unknown product 0x343d rev 0x13 pchb5 at pci0 dev 13 function 4 "Intel 5520/X58 QuickPath" rev 0x13 pchb6 at pci0 dev 13 function 5 "Intel 5520 QuickPath" rev 0x13 pchb7 at pci0 dev 13 function 6 vendor "Intel", unknown product 0x341a rev 0x13 pchb8 at pci0 dev 14 function 0 vendor "Intel", unknown product 0x341c rev 0x13 pchb9 at pci0 dev 14 function 1 vendor "Intel", unknown product 0x341d rev 0x13 pchb10 at pci0 dev 14 function 2 vendor "Intel", unknown product 0x341e rev 0x13 pchb11 at pci0 dev 14 function 3 vendor "Intel", unknown product 0x341f rev 0x13 pchb12 at pci0 dev 14 function 4 vendor "Intel", unknown product 0x3439 rev 0x13 "Intel X58 Misc" rev 0x13 at pci0 dev 20 function 0 not configured "Intel X58 GPIO" rev 0x13 at pci0 dev 20 function 1 not configured "Intel X58 RAS" rev 0x13 at pci0 dev 20 function 2 not configured uhci0 at pci0 dev 26 function 0 "Intel 82801JI USB" rev 0x00: apic 8 int 20 (irq 5) uhci1 at pci0 dev 26 function 1 "Intel 82801JI USB" rev 0x00: apic 8 int 23 (irq 7) uhci2 at pci0 dev 26 function 2 "Intel 82801JI USB" rev 0x00: apic 8 int 22 (irq 10) ehci0 at pci0 dev 26 function 7 "Intel 82801JI USB" rev 0x00: apic 8 int 22 (irq 10) usb0 at ehci0: USB revision 2.0 uhub0 at usb0 "Intel EHCI root hub" rev 2.00/1.00 addr 1 ppb3 at pci0 dev 28 function 0 "Intel 82801JI PCIE" rev 0x00 pci4 at ppb3 bus 2 ppb4 at pci4 dev 0 function 0 "ServerW
strange problem when using aliases
Hello All, There is a strange issue when using aliases on a network interface and the client is using the alias address as default gateway. For example i have : trunk0: flags=8943 mtu 1500 lladdr 00:18:fe:2e:e4:81 priority: 0 trunk: trunkproto failover trunkport em1 trunkport em0 master,active groups: trunk media: Ethernet autoselect status: active inet 10.135.166.7 netmask 0xff00 broadcast 10.135.166.255 inet6 fe80::218:feff:fe2e:e481%trunk0 prefixlen 64 scopeid 0x9 inet 10.135.166.3 netmask 0x broadcast 10.135.166.3 inet 10.135.166.17 netmask 0x broadcast 10.135.166.17 Now when the client uses the address 10.135.166.3 as default gateway and use some application that is running on a server behind the router 10.135.166.1 the application works slow or sometimes not even working. When i change the gateway to 10.135.166.7 it works perfectly . Can anyone tell me what i am doing wrong ? Thanks! Peter
routing issue with carp
Hello list, I have a setup with 2 firewalls (openbsd 4.7 MP ) and using carp for redundancy. All systems are using the ip number of the inside carp interface as default gateway. There is another router in that subnet that is used to reach another network so i have static route to that network on the firewall systems. For example : clients are in network 10.1.1.0/24 and carp interface ip is 10.1.1.3 and the other router in het network is 10.1.1.1 . Both firewalls also have a ip number on the physical interface in that subnet, for example firewall1 has 10.1.1.7 and firewall2 has 10.1.1.8. The static route on the firewalls is 10.0.0.0/8 via 10.1.1.1 . Now the problem is that not all traffic goes very well to the 10.0.0.0/8 network, most of the traffic takes longer to complete or connections are broken sometimes. The clients are using a terminal client to reach a AS400 system and when they do some print jobs it takes 10 or 20 times much longer to complete that print. The weird thing about this is that when set the client gateway to 10.1.1.7 ( assuming that one is the master) there are no problems , also when i created a static route on the client for 10.0.0.0/8 via 10.1.1.1 . Any have clue how to fix this without placing the other router in a different subnet or using static routes on the clients ? Many thanks, Peter
Re: Boxes hanging intermittently. Anybody seen such ?
For me the same issue on a couple of boxes. The only common thing for me is : - Soekris - SpamAssassin - Clamav-milter - PF + spamd - Sendmail Most of the boxes runs without any problems for years and sometimes it dies... Peter On Mon, 17 Aug 2009, Michal wrote: Is there a set time when this will happen, say after it's been up for ~5 hours, or is it completely random, 2 days one time, 1 hour another -Original Message- From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of Andres Salazar Sent: 17 August 2009 01:29 To: misc@openbsd.org Subject: Boxes hanging intermittently. Anybody seen such ? Hello, During the past week two boxes two boxes on the same network have stopped responding, they carry OpenBSD 4.5 i386 and I have logged at every possible log to find out why this occurs however I havent been able to spot anything unusual. All of the sudden they just stop responding requests. What these freezes do have in common is that when the boxes are reached via the KVM they present the login screen, they allow text to be entered in the login field... but upon hitting enter for it to ask the password thats when it just hangs. Iam afraid this will keep on happening and I woudl like to know if anybody has experienced this before.. these have been perfectly working boxes and it would be just odd both would have the same problem in the same few days. Upon a reboot everything returns to normal. Thank you. Andres
Re: undeadly.org IPv6 reachability
On Sun, 16 Aug 2009, Denis Fondras wrote: Hello Misc, Since a few day, I can't connect to Undeadly.org over IPv6 (works well over v4). For me the same, takes forever to load the page. gr, peter
Re: Ultrabasic guide to NAT
On Fri, 3 Jul 2009, Manuel Ravasio wrote: I'm still missing a point: how do I map more than 1 IP address on a single physical interface? Is there something like Linux' and Solaris' ifconfig [interface]:1 blah blah blah ? ifconfig ifname alias ipnumber 255.255.255.255
apache DOS tool
Hi, Today i some pages are publishing news about a apache DOS tool for example (http://isc.sans.org/diary.html?storyid=6601) and http://ha.ckers.org/blog/20090617/slowloris-http-dos/ Does this applies to the openbsd apache to ? Peter
Re: slim and capable hardware for firewalls use
The HP DL360 works very well. We are running more then 40 of those systems for more then 5 years now. I have tried some DL320 but they are not that fast as the 360's and i don't like ATA/SATA . On Mon, 15 Jun 2009, Peter N. M. Hansteen wrote: I've been asked to hunt for hardware that meets roughly these specs: * preferably in a 1u, space for two autonomous machines with as many Ethernet interfaces as will physically fit the form factor * Gigabit capable Anything else is really just a bonus, 'works with OpenBSD' is a must, onboard graphics, sound etc is totally irellevant, humans will interact physically with this only rarely if we do this right. The location is in northern Europe, anybody who is not scared of shipping there is fine with us. Any war stories, notes or anecdotes (including don't do this, go for $foo instead) welcome. The amount of misleadingly tagged webshop pages stuffed to the brim with inane animated and barely related ads sort of got to me at one point. All the best, Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.