Re: WPA support / creating a cf image (SOLVED)
I got it working now. Looks like the wrap system simulates some kind of C/H/S in lba mode. OpenBSD is still telling me that I'm in C/H/S mode: Using drive 0, partition 3; Loading;. But more important is that: 01F0 Master 848A SAMSUNG CF/ATA Phys C/H/S 1010/16/63 Log C/H/S 505/32/63 The log values seems to be identical on every CF card (except Cylinder). My two CF cards are totally different: 128MB - C/H/S 498/16/32 512MB - C/H/S 1010/16/63 I'm able to boot both cards with the sme image (created with the flashdist wrapper script - gzip image - written with phydiskwrite under windows). I set cylinders to 60 to get an 60MB image and everything is working fine now. Btw, why do I not need to change the bios setting for the m0n0wall image? Any idea? Regards Hagen Volpers >> I understand this is a problem of target systems translating C/H/S >> values differently. There is no problem in dynamicly using OpenBSD's >> idea of C/H/S values at build time. However, OpenBSD on two different >> machines can provide completely different C/H/S values on the exact >> same card. Correct me if im wrong. > [...] > > Just because flashdist asks for C/H/S doesn't mean that the image be applied > to a card with that exact C/H/S. This was the case before OpenBSD switched > to the LBA based MBR. Now, as long as the CF image fits on the card, it should > boot. It should boot, but it doesn't. I'm using a WRAP system and: [...] Using drive 0, partition 3; Loading;. [...] For some reason I cannot use LBA (even if I switch in WRAP bios). I wasn't able to figure out how. If I use your script everything is working... What I don't understand is, why other systems work (m0n0wall for example). Any idea? Regards Hagen Volpers
Re: WPA support / creating a cf image
>> I understand this is a problem of target systems translating C/H/S >> values differently. There is no problem in dynamicly using OpenBSD's >> idea of C/H/S values at build time. However, OpenBSD on two different >> machines can provide completely different C/H/S values on the exact >> same card. Correct me if im wrong. > [...] > > Just because flashdist asks for C/H/S doesn't mean that the image be applied > to a card with that exact C/H/S. This was the case before OpenBSD switched > to the LBA based MBR. Now, as long as the CF image fits on the card, it should > boot. It should boot, but it doesn't. I'm using a WRAP system and: [...] Using drive 0, partition 3; Loading;. [...] For some reason I cannot use LBA (even if I switch in WRAP bios). I wasn't able to figure out how. If I use your script everything is working... What I don't understand is, why other systems work (m0n0wall for example). Any idea? Regards Hagen Volpers
Re: WPA support / creating a cf image
Jeff Quast [EMAIL PROTECTED] wrote: > > I understand this is a problem of target systems translating C/H/S > values differently. There is no problem in dynamicly using OpenBSD's > idea of C/H/S values at build time. However, OpenBSD on two different > machines can provide completely different C/H/S values on the exact > same card. Correct me if im wrong. > OpenBSD can display different C/H/S if you use it on USB and then direct on an ATA bus. The USB chip provides a completely different geometry than the ATA firmware on the CF card does. That is not just because you are using it on "two different machines", it's because the USB controller supplies different information than the actual CF card does over ATA. If you use a PCMCIA-CF adapter, you'll always get the same geometry that you get on a Soekris because in both cases OpenBSD can talk to the CF's ATA firmware directly. Just because flashdist asks for C/H/S doesn't mean that the image be applied to a card with that exact C/H/S. This was the case before OpenBSD switched to the LBA based MBR. Now, as long as the CF image fits on the card, it should boot.
Re: WPA support / creating a cf image
Hello Jeff, > Misc, first of all: my name is Hagen... :-) I have one account for every mailing list and I cannot change display name (exchange disadvantage)... ;-) > Please make sure to update the firmware on your wrap, as you hadn't > mentioned it. pcengines.ch walks through this. It is quite simple. The > tinybios revision is usually (..always) out of date. Some features > listed in the tinybios that come on the wrap don't always work, or > work correctly. Thanks for your tip, but I have tinyBios 1.11 installed (the last one mentioned on pcengines site). I created a new etherboot image because of an pxeboot bug. So everything should be up to date. I created mbr several times on two cf cards - fdisk / installboot. I wasn't able to change to lba mode. I don't know why (I changed wrap bios settings also). There is always the ;... :/ I don't where I made a mistake (if there is one). I haven't found a site where someone was able to boot a wrap system without using C/H/S. Looks like openbsds bootloader isn't able to boot a wrap system in lba mode. I'm only wondering why freebsd / linux seems to be able to. I'll go ahead building my system (basing on flashdist), perhaps I'll try to get rid of the C/H/S problem afterwards. > Good luck, let us know how it works out? I think I'll need that... ;-) Let me know if you have further tips / ideas. I'll let you know if I found a solution. > Jeffrey Quast Regards Hagen Volpers
Re: WPA support / creating a cf image
Thanks for that tip. I wrote a bootsector to my cf card and booted. But it looks like biosboot isn't able to use lba (; instead of .), even if I change wrap bios setting to lba. I wasn't able to figure out why. At the moment I'm playing around with grub and lilo to find out if these have the same problem with the wrap system. I'll ask on the m0n0wall mailinglist how they solved that issue, perhaps I can find a solution there... :/ Regards Hagen Volpers -Urspr|ngliche Nachricht- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Stuart Henderson Gesendet: Donnerstag, 3. August 2006 22:00 An: misc@openbsd.org Betreff: Re: WPA support / creating a cf image On 2006/08/03 14:47, Jeff Quast wrote: > values differently. There is no problem in dynamicly using OpenBSD's > idea of C/H/S values at build time. However, OpenBSD on two different > machines can provide completely different C/H/S values on the exact yes, this was a bit of a pain for this type of thing until biosboot(8) got changed to use LBA a couple of years ago.
Re: WPA support / creating a cf image
On Thursday 03 August 2006 22:13, openbsd misc wrote: > that's exacly what I'm doing at the moment... :-) But that doesn't create > an image. The problem is in short: C/H/S. I haven't had any problems installing the standard install on a cf-ide adapter in one machine and using it in another. I guess you could then just create a disk image from the cf and use that in the future. --- Lars Hansson
Re: WPA support / creating a cf image
On 2006/08/03 14:47, Jeff Quast wrote: > values differently. There is no problem in dynamicly using OpenBSD's > idea of C/H/S values at build time. However, OpenBSD on two different > machines can provide completely different C/H/S values on the exact yes, this was a bit of a pain for this type of thing until biosboot(8) got changed to use LBA a couple of years ago.
Re: WPA support / creating a cf image
My plan is to build a default flashdist. Afterwards I want to build tgz to install additional files. But that all doesn't make sense as long as you aren't able to create a simple image that can be written to every CF card running on every system (as long as the kernel supports the hardware). I found this comment in flashdist.sh: # This script contains a stupid method which occasionally works to make this # media bootable on a destination which uses a different c/h/s translation # than the host system. Of course, this is really just a hack. This # hack is no longer necessary with OpenBSD's newer LBA MBR, but left in place # because it does no harm. At the moment I try to figure out how to change the image MBR to LBA. I hope that's the correct way. Regards Hagen Volpers -Urspr|ngliche Nachricht- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Ryan Corder Gesendet: Donnerstag, 3. August 2006 21:08 An: Jeff Quast Cc: misc@openbsd.org Betreff: Re: WPA support / creating a cf image On Thu, 2006-08-03 at 14:47 -0400, Jeff Quast wrote: > I understand this is a problem of target systems translating C/H/S > values differently. There is no problem in dynamicly using OpenBSD's > idea of C/H/S values at build time. However, OpenBSD on two different > machines can provide completely different C/H/S values on the exact > same card. Correct me if im wrong. > > I don't think rolling your own would help in this way. > > I've heavily modified flashdist.sh to work in a different manner... I > don't like the idea of building a "complete system" thats a mangled > version of OpenBSD that needs to be maintained and provided for you. > This is the common 'giving the people what they want' distrobution > format, and making those of us who want to modify it even the > slightest bit work that much harder. > > I've changed the format of flashdist to accept an "overlay/" > directory, containing any /etc/, /bsd, /usr/local, etc. additions or > changes to overlay over the target CF card after a default install > (extracting basesets). that's exactly where I was going with it. I too have heavily modified flashdist.sh for my own needs and my stuff sounds similar to yours...an overlay type of setup. the problem that the original poster is facing is that the script he is using does everything for him...including setting up and partitioning the CF. What would be nice is for similar script or program that just gathered everything up that is required for the system to run and create an image out of that. Let the user handle setting up the individual CF cards and just provide an image of the "hard drive" contents to be flashed over via dd. -- Ryan Corder <[EMAIL PROTECTED]> Systems Engineer, NovaSys Health LLC. 501-219- ext. 646 [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: WPA support / creating a cf image
On Thu, 2006-08-03 at 14:47 -0400, Jeff Quast wrote: > I understand this is a problem of target systems translating C/H/S > values differently. There is no problem in dynamicly using OpenBSD's > idea of C/H/S values at build time. However, OpenBSD on two different > machines can provide completely different C/H/S values on the exact > same card. Correct me if im wrong. > > I don't think rolling your own would help in this way. > > I've heavily modified flashdist.sh to work in a different manner... I > don't like the idea of building a "complete system" thats a mangled > version of OpenBSD that needs to be maintained and provided for you. > This is the common 'giving the people what they want' distrobution > format, and making those of us who want to modify it even the > slightest bit work that much harder. > > I've changed the format of flashdist to accept an "overlay/" > directory, containing any /etc/, /bsd, /usr/local, etc. additions or > changes to overlay over the target CF card after a default install > (extracting basesets). that's exactly where I was going with it. I too have heavily modified flashdist.sh for my own needs and my stuff sounds similar to yours...an overlay type of setup. the problem that the original poster is facing is that the script he is using does everything for him...including setting up and partitioning the CF. What would be nice is for similar script or program that just gathered everything up that is required for the system to run and create an image out of that. Let the user handle setting up the individual CF cards and just provide an image of the "hard drive" contents to be flashed over via dd. -- Ryan Corder <[EMAIL PROTECTED]> Systems Engineer, NovaSys Health LLC. 501-219- ext. 646 [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: WPA support / creating a cf image
On 8/3/06, Ryan Corder <[EMAIL PROTECTED]> wrote: On Thu, 2006-08-03 at 18:40 +0200, openbsd misc wrote: > Ok, that didn't work. You can create an image. But image will only work on identical > cf-cards (same C/H/S). Is that an openbsd specific problem (bootloader) or no, it is a limitation of the software used to create the image, not OpenBSD. It collects C/H/S information as part of the build, therefore will only work with a CF of that size. maybe time to roll your own. I understand this is a problem of target systems translating C/H/S values differently. There is no problem in dynamicly using OpenBSD's idea of C/H/S values at build time. However, OpenBSD on two different machines can provide completely different C/H/S values on the exact same card. Correct me if im wrong. I don't think rolling your own would help in this way. I've heavily modified flashdist.sh to work in a different manner... I don't like the idea of building a "complete system" thats a mangled version of OpenBSD that needs to be maintained and provided for you. This is the common 'giving the people what they want' distrobution format, and making those of us who want to modify it even the slightest bit work that much harder. I've changed the format of flashdist to accept an "overlay/" directory, containing any /etc/, /bsd, /usr/local, etc. additions or changes to overlay over the target CF card after a default install (extracting basesets). Also it uses an argument-provided 'settings.rc' file that sets CF card sizes, with base sets, etc. etc... If anybody is interested in this, let me know, I could use some testing. The point is, instead of a giant script providing hand-tweaks to do your pf anchor, wpa, etc... why not just set it up in this kind of format? Make your own baseset along-side the other base sets and provide it on a local FTP site. If you have different CF card sizes and target systems, just copy the settings.rc file to one of another name and different C/H/S values. Sorry if this is off-topic, it hardly answers the original posters question (preparing disklabel and images in windows (just as off topic))
Re: WPA support / creating a cf image
On Thu, 2006-08-03 at 13:11 -0500, Matthew R. Dempsky wrote: > What does authpf+VPN provide in this use case that VPN alone doesn't? I'd imagine an extra layer comprising user-based authorization. A compromised machine that can establish an IPSEC tunnel offers no checks as to who is actually gaining access. AuthPF (ideally with OTP), in this case would add that authorization. -- Ryan Corder <[EMAIL PROTECTED]> Systems Engineer, NovaSys Health LLC. 501-219- ext. 646 [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: WPA support / creating a cf image
From: [EMAIL PROTECTED] > On Thu, Aug 03, 2006 at 11:27:16PM +1000, Shane J Pearson wrote: > > What about an open wireless network, which does not allow > anything to > > be routed out of the OpenBSD WAP unless it is authpf > authorised. Then > > only VPN traffic. > > What does authpf+VPN provide in this use case that VPN alone doesn't? Not exposing your VPN software (e.g. OpenVPN, ISAKMP daemon, etc.) to untrusted users. DS
Re: WPA support / creating a cf image
On Thu, Aug 03, 2006 at 11:27:16PM +1000, Shane J Pearson wrote: > What about an open wireless network, which does not allow anything to > be routed out of the OpenBSD WAP unless it is authpf authorised. Then > only VPN traffic. What does authpf+VPN provide in this use case that VPN alone doesn't?
Re: WPA support / creating a cf image
On Thu, 2006-08-03 at 18:40 +0200, openbsd misc wrote: > Ok, that didn't work. You can create an image. But image will only work on identical > cf-cards (same C/H/S). Is that an openbsd specific problem (bootloader) or how can > I get rid of that? > I need an image that works on every cf-card. Any idea? I don't want to switch to > freebsd... no, it is a limitation of the software used to create the image, not OpenBSD. It collects C/H/S information as part of the build, therefore will only work with a CF of that size. maybe time to roll your own. -- Ryan Corder <[EMAIL PROTECTED]> Systems Engineer, NovaSys Health LLC. 501-219- ext. 646 [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: WPA support / creating a cf image
Ok, that didn't work. You can create an image. But image will only work on identical cf-cards (same C/H/S). Is that an openbsd specific problem (bootloader) or how can I get rid of that? I need an image that works on every cf-card. Any idea? I don't want to switch to freebsd... Regards Hagen Volpers -Urspr|ngliche Nachricht- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von openbsd misc Gesendet: Donnerstag, 3. August 2006 16:13 An: [EMAIL PROTECTED] Cc: misc@openbsd.org Betreff: Re: WPA support / creating a cf image Hello, that's exacly what I'm doing at the moment... :-) But that doesn't create an image. The problem is in short: C/H/S. But it looks like I already answered my question within the question ;-). m0n0wall is using phydiskwrite (which was written to be able to flash cf cards under windows): * FreeBSD: gzcat net45xx-xxx.img | dd of=/dev/rad[n] bs=16k where n = the ad device number of your CF card (check dmesg); use net48xx-xxx.img for net4801 and wrap-xxx.img for WRAP instead (ignore the warning about trailing garbage - it's because of the digital signature) * Linux: gunzip -c net45xx-xxx.img | dd of=/dev/hdX bs=16k where X = the IDE device name of your CF card (check with hdparm -i /dev/hdX) - some adapters, particularly USB, may show up under SCSI emulation as /dev/sdX (ignore the warning about trailing garbage - it's because of the digital signature) * Windows: physdiskwrite net45xx-xxx.img I'll try to create an image using flashdist (some modifications needed, but I hope that's not to hard ;-)), gzip it and then I'll try to write it to an cf card using windows. Regards Hagen Volpers Von: Ryan Corder [mailto:[EMAIL PROTECTED] Gesendet: Do 03.08.2006 14:41 An: openbsd misc Cc: misc@openbsd.org Betreff: Re: WPA support / creating a cf image On Wed, 2006-08-02 at 23:23 +0200, openbsd misc wrote: > My question is, if there is a way to create such an image. For > me it looks like an openbsd specific problem as it is > posible with freebsd (www.m0n0.ch/wall). Perhaps here is > someone who is an idea. quite possible and easy to do, check out flashdist: http://www.nmedia.net/~chris/soekris [...]
Re: WPA support / creating a cf image
On Thu, 2006-08-03 at 23:27 +1000, Shane J Pearson wrote: > What about an open wireless network, which does not allow anything to > be routed out of the OpenBSD WAP unless it is authpf authorised. Then > only VPN traffic. exactly...that would be ideal. -- Ryan Corder <[EMAIL PROTECTED]> Systems Engineer, NovaSys Health LLC. 501-219- ext. 646 [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
WG: WPA support / creating a cf image
Sorry, wrong recipient. ;-) see below... Von: openbsd misc Gesendet: Do 03.08.2006 16:15 An: Shane J Pearson Betreff: AW: WPA support / creating a cf image Hello, my problem is, that I need the vpn at bootime. I cannot build a vpn from client to server, only from openbsd to headoffice. I'm not a fan of wireless lan, but my customers want it... The only way is to put an access point next to the wrap system, but I want an all-in-one solution, because it has to be customer-friendly. Are there any reasons why wpa is not implemented for now? Von: [EMAIL PROTECTED] im Auftrag von Shane J Pearson Gesendet: Do 03.08.2006 15:27 An: misc Misc Betreff: Re: WPA support / creating a cf image On 2006.08.03, at 10:41 PM, Ryan Corder wrote: > First, get past the notion of "secure" wireless...it doesn't > exist. The best solution for a "more secure" wireless network > is for you to implement a WEP-encrypted environment and establish > a VPN over it. What about an open wireless network, which does not allow anything to be routed out of the OpenBSD WAP unless it is authpf authorised. Then only VPN traffic. This couldn't be considered secure enough? Shane
Re: WPA support / creating a cf image
On Thu, 2006-08-03 at 16:13 +0200, openbsd misc wrote: > I'll try to create an image using flashdist (some modifications needed, but I hope that's not to hard ;-)), gzip it and then I'll try to write it to an cf card using windows. check the flashdist homepage again. There is a link to a wrapper script that allows you to create an image. later. ryanc -- Ryan Corder <[EMAIL PROTECTED]> Systems Engineer, NovaSys Health LLC. 501-219- ext. 646 [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: WPA support / creating a cf image
Hello, that's exacly what I'm doing at the moment... :-) But that doesn't create an image. The problem is in short: C/H/S. But it looks like I already answered my question within the question ;-). m0n0wall is using phydiskwrite (which was written to be able to flash cf cards under windows): * FreeBSD: gzcat net45xx-xxx.img | dd of=/dev/rad[n] bs=16k where n = the ad device number of your CF card (check dmesg); use net48xx-xxx.img for net4801 and wrap-xxx.img for WRAP instead (ignore the warning about trailing garbage - it's because of the digital signature) * Linux: gunzip -c net45xx-xxx.img | dd of=/dev/hdX bs=16k where X = the IDE device name of your CF card (check with hdparm -i /dev/hdX) - some adapters, particularly USB, may show up under SCSI emulation as /dev/sdX (ignore the warning about trailing garbage - it's because of the digital signature) * Windows: physdiskwrite net45xx-xxx.img I'll try to create an image using flashdist (some modifications needed, but I hope that's not to hard ;-)), gzip it and then I'll try to write it to an cf card using windows. Regards Hagen Volpers Von: Ryan Corder [mailto:[EMAIL PROTECTED] Gesendet: Do 03.08.2006 14:41 An: openbsd misc Cc: misc@openbsd.org Betreff: Re: WPA support / creating a cf image On Wed, 2006-08-02 at 23:23 +0200, openbsd misc wrote: > My question is, if there is a way to create such an image. For > me it looks like an openbsd specific problem as it is > posible with freebsd (www.m0n0.ch/wall). Perhaps here is > someone who is an idea. quite possible and easy to do, check out flashdist: http://www.nmedia.net/~chris/soekris [...]
Re: WPA support / creating a cf image
On 2006.08.03, at 10:41 PM, Ryan Corder wrote: First, get past the notion of "secure" wireless...it doesn't exist. The best solution for a "more secure" wireless network is for you to implement a WEP-encrypted environment and establish a VPN over it. What about an open wireless network, which does not allow anything to be routed out of the OpenBSD WAP unless it is authpf authorised. Then only VPN traffic. This couldn't be considered secure enough? Shane
Re: WPA support / creating a cf image
On Wed, 2006-08-02 at 23:23 +0200, openbsd misc wrote: > My question is, if there is a way to create such an image. For > me it looks like an openbsd specific problem as it is > posible with freebsd (www.m0n0.ch/wall). Perhaps here is > someone who is an idea. quite possible and easy to do, check out flashdist: http://www.nmedia.net/~chris/soekris > I also plan to use such systems for home office situations > (I want to replace linksys, draytek etc.). They should > provide a vpn to head office. The problem is, that many > customers want wireless lan at home. We are talking about > windows xp systems that need to be online at boot time > (startup scripts etc). That means that WEP / Mac access > control is not a solution. I need WPA. I wasn't able to > find a status about that topic. WPA is not supported by OpenBSD at this time. First, get past the notion of "secure" wireless...it doesn't exist. The best solution for a "more secure" wireless network is for you to implement a WEP-encrypted environment and establish a VPN over it. later. ryanc -- Ryan Corder <[EMAIL PROTECTED]> Systems Engineer, NovaSys Health LLC. 501-219- ext. 646 [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
WPA support / creating a cf image
Hello together, I hope this is the right place for my questions. At the moment I'm playing around with OpenBSD on a WRAP system. I want it to be a firewall, reverse-proxy (for Outlook Web Access) and as VPN Gateway. My problem is, that I'm only able to install openbsd on an compact flash card using pxeboot or something like flashdist -> I always need an openbsd-system in place. I'm looking for a way to create an image that can be flashed to a cf card with windows (or other systems). As far as I know for know there is a problem with sectors, tracks etc (I'm not that familiar with these topics). My question is, if there is a way to create such an image. For me it looks like an openbsd specific problem as it is posible with freebsd (www.m0n0.ch/wall). Perhaps here is someone who is an idea. I also plan to use such systems for home office situations (I want to replace linksys, draytek etc.). They should provide a vpn to head office. The problem is, that many customers want wireless lan at home. We are talking about windows xp systems that need to be online at boot time (startup scripts etc). That means that WEP / Mac access control is not a solution. I need WPA. I wasn't able to find a status about that topic. Is there a timeline or did the openbsd team decide not to implement WPA/WPA2? Hope my english isn't that bad (I'm german) and my questions are in the right place. If not let me know and I'll place my questions somewhere else :-). Regards Hagen Volpers
