Any openvpn experts?
Hello, all! I've just installed a new computer (Y) in my remote location. The previous machine (X) is still in place (and will remain indefinitely). Both machines sit behind an IPv4-only ISP-provided NAT device, so I don't have any IPv6 connectivity and I don't have a fixed IPv4 address. I've been using openvpn to establish a tunnel to another machine (Z), over which I can provide IPv6 connectivity. I use a pre-shared key for this tunnel, as I really don't understand how to deal with SSL certs. I'd like to have the (Z) machine handle two tunnels, one each from (X) and (Y). It seems that the only way for this to work is to run in "server" mode, but that doesn't seem to handle pre-shared keys. Any suggestions on how to make this work? I'd really prefer to run two instances of openvpn on the (Z) machine. If I really have to set-up SSL, can anyone provide a true step-by-step cookbook for someone like me who can't even spell SSL? :) Thanks in advance! +--+--++ | Paul Goyette | PGP Key fingerprint: | E-mail addresses: | | (Retired)| FA29 0E3B 35AF E8AE 6651 | paul at whooppee.com | | Kernel Developer | 0786 F758 55DE 53BA 7731 | pgoyette at netbsd.org | +--+--++
Re: installing on a VPS
On Sep 6, 2016, at 4:59 PM, Manuel Bouyer wrote: On Tue, Sep 06, 2016 at 01:11:50PM -0400, Al Zick wrote: Okay, I tried disabling the re driver with userconf. I booted up and it seemed to work fine. However, after many reboots, while it was booting I did get one rtk0: watchdog timeout. I am not sure if this is anything to be concerned about or not. If it's only one it should be harmless. There is also the issue of resizing the / partition. I use disklabel -e wd0. Then "A", next I change the size of partitions. I already had added resize_root=YES to my rc.conf, but it didn't resize. After trying many different things, I was able to corrupt the root partition, so now it only boots if I run fsck_ffs manually. Do you have log option for / in the fstab ? If so that's why resize_root didn't work. You can remove log from fstab, reboot and once root has been resized, add log back. I really don't know what I have wrong. So, I included my fstab and disklabel for wd0 # cat /etc/fstab # NetBSD /targetroot/etc/fstab # See /usr/share/examples/fstab/ for more examples. /dev/wd0a / ffs rw 1 1 /dev/wd0b noneswapsw,dp0 0 kernfs /kern kernfs rw ptyfs /dev/ptsptyfs rw procfs /proc procfs rw #/dev/cd0a /cdrom cd9660 ro,noauto tmpfs /var/shmtmpfs rw,-m1777,-sram%25 # disklabel wd0 # /dev/rwd0d: type: unknown disk: wd0 label: flags: bytes/sector: 512 sectors/track: 63 tracks/cylinder: 16 sectors/cylinder: 1008 cylinders: 16644 total sectors: 335544320 rpm: 3600 interleave: 1 trackskew: 0 cylinderskew: 0 headswitch: 0 # microseconds track-to-track seek: 0 # microseconds drivedata: 0 16 partitions: #sizeoffset fstype [fsize bsize cpg/sgs] a: 32715547263 4.2BSD 2048 16384 0 # (Cyl. 0*- 324559*) b: 8388608 327155535 swap # (Cyl. 324559*- 332881*) c: 33554425763 unused 0 0# (Cyl. 0*- 332881*) d: 335544320 0 unused 0 0# (Cyl. 0 - 332881*) # grep resize /etc/rc.conf resize_root=YES # df -h Filesystem Size Used Avail %Cap Mounted on /dev/wd0a 7.3G 1.9G 5.0G 27% / kernfs 1.0K 1.0K 0B 100% /kern ptyfs 1.0K 1.0K 0B 100% /dev/pts procfs 4.0K 4.0K 0B 100% /proc tmpfs 2.0G 0B 2.0G 0% /var/shm Like I said not sure what I have wrong. Kind Regards, Al
Re: installing on a VPS
On Tue, 6 Sep 2016, Al Zick wrote: There is also the issue of resizing the / partition. The raspberry pi port uses a rc.d script that resizes the / partition to fill the whole disk. I guess that one can be borrowed. See src/etc/rc.d/resize_root - Hubert
Re: installing on a VPS
Al, I have a friend who recently worked at Rackspace. Here is what he said, just in case it helps (I forwarded your original question to him): Swift's Pal Says: > I'm sure it's possible to get the netbsd kernel/basic userland running > echo 'hello world' to the console, seeing as the virtual machine gives > you direct access to a virtual block device. But Even then I'm not 100% > sure it'd work because Rackspace uses a lot of custom PV drivers in its > xen implementation. E.g. there's a "supervisor domain" on each xenserver > that notifies an API when a customer dom's 'nova-agent' has started. > They do this over the xenbus. NetBSD won't have that in a vanilla build, > so in the rackspace console you'd see a vm in 'unknown' status; you > can't even see the console when it's in this state. > TL;DR: Rackspace makes sure that the linuxes they support can boot and > be controlled by all their special services - they didn't design wide, > just deep." Perhaps this doesn't apply to you if you are renting a "real" server at Rackspace instead of renting a virtualized guest. YMMV. -Swift
Re: installing on a VPS
On Tue, Sep 06, 2016 at 01:11:50PM -0400, Al Zick wrote: > Okay, I tried disabling the re driver with userconf. I booted up and it > seemed to work fine. However, after many reboots, while it was booting I did > get one rtk0: watchdog timeout. I am not sure if this is anything to be > concerned about or not. If it's only one it should be harmless. > > There is also the issue of resizing the / partition. I use disklabel -e wd0. > Then "A", next I change the size of partitions. I already had added > resize_root=YES to my rc.conf, but it didn't resize. After trying many > different things, I was able to corrupt the root partition, so now it only > boots if I run fsck_ffs manually. Do you have log option for / in the fstab ? If so that's why resize_root didn't work. You can remove log from fstab, reboot and once root has been resized, add log back. -- Manuel BouyerNetBSD: 26 ans d'experience feront toujours la difference --
Re: installing on a VPS
Hi, On Sep 5, 2016, at 9:03 AM, Manuel Bouyer wrote: On Sun, Sep 04, 2016 at 05:38:14PM -0400, Al Zick wrote: Hello, Thank you for emailing me. After many failures, I finally found a way to get the NetBSD kernel to boot. Rackspace would not boot the xen kernel. It would crash before it was completely loaded. The generic kernel boots. I thought that at this point I would be through the worst of installing NetBSD on rackspace, but there is a new issue. The network seems to stop working for a few seconds and then it goes back to normal. Checking the dmesg I get this: # dmesg | grep re0 re0 at pci0 dev 4 function 0: RealTek 8139C+ 10/100BaseTX (rev. 0x20) re0: interrupting at ioapic0 pin 32 re0: Ethernet address bc:76:4e:20:7a:b8 re0: using 64 tx descriptors rlphy0 at re0 phy 0: Realtek internal PHY re0: watchdog timeout re0: watchdog timeout re0: watchdog timeout re0: watchdog timeout After searching about this, it seems this exists in more than just NetBSD. Here is a link: http://openbsd-archive.7691.n7.nabble.com/XenServer-and-re0- watchdog-timeout-td219092.html From what they say the best way to solve this problem is to change the network card that the virtualizer is emulating. I put in a support ticket at rackspace to see if they can do this. I am not sure that this will be an option with rackspace. Is there a better solution? You can try disabling the re driver in the kernel (either by rebuilding a kernel, or with userconf). The rtk driver should then be used. Okay, I tried disabling the re driver with userconf. I booted up and it seemed to work fine. However, after many reboots, while it was booting I did get one rtk0: watchdog timeout. I am not sure if this is anything to be concerned about or not. There is also the issue of resizing the / partition. I use disklabel - e wd0. Then "A", next I change the size of partitions. I already had added resize_root=YES to my rc.conf, but it didn't resize. After trying many different things, I was able to corrupt the root partition, so now it only boots if I run fsck_ffs manually. Some where on one of NetBSD's list I read where someone had created am image to install on rackspace (and probably others). They asked where to put the image, but I can't seem to find where that image is kept. Kind Regards, Al