Any openvpn experts?

[Paul Goyette]

Hello, all!

I've just installed a new computer (Y) in my remote location.  The 
previous machine (X) is still in place (and will remain indefinitely).


Both machines sit behind an IPv4-only ISP-provided NAT device, so I 
don't have any IPv6 connectivity and I don't have a fixed IPv4 address.


I've been using openvpn to establish a tunnel to another machine (Z), 
over which I can provide IPv6 connectivity.  I use a pre-shared key for 
this tunnel, as I really don't understand how to deal with SSL certs.


I'd like to have the (Z) machine handle two tunnels, one each from (X) 
and (Y).  It seems that the only way for this to work is to run in 
"server" mode, but that doesn't seem to handle pre-shared keys.


Any suggestions on how to make this work?  I'd really prefer to run two 
instances of openvpn on the (Z) machine.


If I really have to set-up SSL, can anyone provide a true step-by-step 
cookbook for someone like me who can't even spell SSL?  :)



Thanks in advance!



+--+--++
| Paul Goyette | PGP Key fingerprint: | E-mail addresses:  |
| (Retired)| FA29 0E3B 35AF E8AE 6651 | paul at whooppee.com   |
| Kernel Developer | 0786 F758 55DE 53BA 7731 | pgoyette at netbsd.org |
+--+--++

Re: installing on a VPS

[Al Zick]

On Sep 6, 2016, at 4:59 PM, Manuel Bouyer wrote:


On Tue, Sep 06, 2016 at 01:11:50PM -0400, Al Zick wrote:
Okay, I tried disabling the re driver with userconf. I booted up  
and it
seemed to work fine. However, after many reboots, while it was  
booting I did
get one rtk0: watchdog timeout. I am not sure if this is anything  
to be

concerned about or not.


If it's only one it should be harmless.



There is also the issue of resizing the / partition. I use  
disklabel -e wd0.

Then "A", next I change the size of partitions. I already had added
resize_root=YES to my rc.conf, but it didn't resize. After trying  
many
different things, I was able to corrupt the root partition, so now  
it only

boots if I run fsck_ffs manually.


Do you have log option for / in the fstab ?
If so that's why resize_root didn't work.

You can remove log from fstab, reboot and once root has been resized,
add log back.


I really don't know what I have wrong. So, I included my fstab and  
disklabel for wd0


# cat /etc/fstab
# NetBSD /targetroot/etc/fstab
# See /usr/share/examples/fstab/ for more examples.
/dev/wd0a   /   ffs rw   1 1
/dev/wd0b   noneswapsw,dp0 0
kernfs  /kern   kernfs  rw
ptyfs   /dev/ptsptyfs   rw
procfs  /proc   procfs  rw
#/dev/cd0a  /cdrom  cd9660  ro,noauto
tmpfs   /var/shmtmpfs   rw,-m1777,-sram%25



# disklabel wd0
# /dev/rwd0d:
type: unknown
disk: wd0
label:
flags:
bytes/sector: 512
sectors/track: 63
tracks/cylinder: 16
sectors/cylinder: 1008
cylinders: 16644
total sectors: 335544320
rpm: 3600
interleave: 1
trackskew: 0
cylinderskew: 0
headswitch: 0   # microseconds
track-to-track seek: 0  # microseconds
drivedata: 0

16 partitions:
#sizeoffset fstype [fsize bsize cpg/sgs]
 a: 32715547263 4.2BSD   2048 16384 0  # (Cyl.   
0*- 324559*)
 b:   8388608 327155535   swap # (Cyl.  
324559*- 332881*)
 c: 33554425763 unused  0 0# (Cyl.   
0*- 332881*)
 d: 335544320 0 unused  0 0# (Cyl.   
0 - 332881*)


# grep resize /etc/rc.conf
resize_root=YES

# df -h
Filesystem Size   Used  Avail %Cap Mounted on
/dev/wd0a  7.3G   1.9G   5.0G  27% /
kernfs 1.0K   1.0K 0B 100% /kern
ptyfs  1.0K   1.0K 0B 100% /dev/pts
procfs 4.0K   4.0K 0B 100% /proc
tmpfs  2.0G 0B   2.0G   0% /var/shm

Like I said not sure what I have wrong.

Kind Regards,
Al

Re: installing on a VPS

[Hubert Feyrer]

On Tue, 6 Sep 2016, Al Zick wrote:

There is also the issue of resizing the / partition.


The raspberry pi port uses a rc.d script that resizes the / partition to 
fill the whole disk. I guess that one can be borrowed.


See src/etc/rc.d/resize_root


 - Hubert

Re: installing on a VPS

[Swift Griggs]

Al,
  I have a friend who recently worked at Rackspace. Here is what he said, 
just in case it helps (I forwarded your original question to him):

Swift's Pal Says: 
> I'm sure it's possible to get the netbsd kernel/basic userland running 
> echo 'hello world' to the console, seeing as the virtual machine gives 
> you direct access to a virtual block device. But Even then I'm not 100% 
> sure it'd work because Rackspace uses a lot of custom PV drivers in its 
> xen implementation. E.g. there's a "supervisor domain" on each xenserver 
> that notifies an API when a customer dom's 'nova-agent' has started. 
> They do this over the xenbus. NetBSD won't have that in a vanilla build, 
> so in the rackspace console you'd see a vm in 'unknown' status; you 
> can't even see the console when it's in this state.

> TL;DR: Rackspace makes sure that the linuxes they support can boot and 
> be controlled by all their special services - they didn't design wide,
> just deep."

Perhaps this doesn't apply to you if you are renting a "real" server at 
Rackspace instead of renting a virtualized guest. YMMV.

-Swift

Re: installing on a VPS

[Manuel Bouyer]

On Tue, Sep 06, 2016 at 01:11:50PM -0400, Al Zick wrote:
> Okay, I tried disabling the re driver with userconf. I booted up and it
> seemed to work fine. However, after many reboots, while it was booting I did
> get one rtk0: watchdog timeout. I am not sure if this is anything to be
> concerned about or not.

If it's only one it should be harmless.

> 
> There is also the issue of resizing the / partition. I use disklabel -e wd0.
> Then "A", next I change the size of partitions. I already had added
> resize_root=YES to my rc.conf, but it didn't resize. After trying many
> different things, I was able to corrupt the root partition, so now it only
> boots if I run fsck_ffs manually.

Do you have log option for / in the fstab ?
If so that's why resize_root didn't work.

You can remove log from fstab, reboot and once root has been resized,
add log back.

-- 
Manuel Bouyer 
 NetBSD: 26 ans d'experience feront toujours la difference
--

Re: installing on a VPS

[Al Zick]

Hi,


On Sep 5, 2016, at 9:03 AM, Manuel Bouyer wrote:


On Sun, Sep 04, 2016 at 05:38:14PM -0400, Al Zick wrote:

Hello,

Thank you for emailing me.

After many failures, I finally found a way to get the NetBSD  
kernel to boot.

Rackspace would not boot the xen kernel. It would crash before it was
completely loaded. The generic kernel boots.

I thought that at this point I would be through the worst of  
installing
NetBSD on rackspace, but there is a new issue. The network seems  
to stop
working for a few seconds and then it goes back to normal.  
Checking the

dmesg I get this:

# dmesg | grep re0
re0 at pci0 dev 4 function 0: RealTek 8139C+ 10/100BaseTX (rev. 0x20)
re0: interrupting at ioapic0 pin 32
re0: Ethernet address bc:76:4e:20:7a:b8
re0: using 64 tx descriptors
rlphy0 at re0 phy 0: Realtek internal PHY
re0: watchdog timeout
re0: watchdog timeout
re0: watchdog timeout
re0: watchdog timeout

After searching about this, it seems this exists in more than just  
NetBSD.


Here is a link:
http://openbsd-archive.7691.n7.nabble.com/XenServer-and-re0- 
watchdog-timeout-td219092.html


From what they say the best way to solve this problem is to change  
the
network card that the virtualizer is emulating. I put in a support  
ticket at
rackspace to see if they can do this. I am not sure that this will  
be an

option with rackspace. Is there a better solution?


You can try disabling the re driver in the kernel (either by  
rebuilding a

kernel, or with userconf). The rtk driver should then be used.


Okay, I tried disabling the re driver with userconf. I booted up and  
it seemed to work fine. However, after many reboots, while it was  
booting I did get one rtk0: watchdog timeout. I am not sure if this  
is anything to be concerned about or not.


There is also the issue of resizing the / partition. I use disklabel - 
e wd0. Then "A", next I change the size of partitions. I already had  
added resize_root=YES to my rc.conf, but it didn't resize. After  
trying many different things, I was able to corrupt the root  
partition, so now it only boots if I run fsck_ffs manually.


Some where on one of NetBSD's list I read where someone had created  
am image to install on rackspace (and probably others). They asked  
where to put the image, but I can't seem to find where that image is  
kept.


Kind Regards,
Al