Install iwn driver Lenovo X1 Carbon

0 "USB DISK" rev 2.00/1.00 addr 6 umass0: using SCSI over Bulk-Only scsibus4 at umass0: 2 targets, initiator 0 sd1 at scsibus4 targ 1 lun 0: SCSI0 0/direct removable serial.01ab012345678AB12345 sd1: 1920MB, 512 bytes/sector, 3932544 sectors How can I install firmware for this wireless card please? Kind regards Axel

Re: Install iwn driver Lenovo X1 Carbon

Thank you for your feedback. I do not use any captive portal and my Internet connection is stable (I never experienced these checksum problem for another files). I uninstalled those packages ('partial-iwn-firmware-5.10p0' and 'partial-iwn-firmware-5.10p0.1' to 'partial-iwn-firmware-5.10p0.7'), as s

Re: 5.5 upgrade and wpi Firmware

Riccardo > > Hi Ricardo, Have you checked here : http://firmware.openbsd.org/firmware/5.5/ ? I can find this file: wpi-firmware-3.2p1.tgz Kind regards, Axel

4.3 and acpi

Hi there, recently I've upgraded OpenBSD 4.2 to 4.3. And it seems, that acpi and the BIOS of my Asus M6Ne laptop don't like each other that much. Without doing anything, OpenBSD 4.3 presents this at boot: OpenBSD 4.3 (GENERIC) #3: Sat Apr 12 23:47:41 CEST 2008 [EMAIL PROTECTED]:/usr/src/sys

Re: 4.3 and acpi

Stuart Henderson spacehopper.org> writes: > > On 2008-04-15, axel keuchel web.de> wrote: > > apm0 at bios0: Power Management spec V1.2 > > apm0: AC on, no battery > > acpi at bios0 function 0x0 not configured > > [etc. pp.] > > > > You see, acpi

Intel i354 Quad GbE network adapter failed on 5.5-RELEASE

this problem. Looking at HEAD --- src/sys/dev/pci/if_em.c 2014/02/22 04:41:31 1.277 +++ src/sys/dev/pci/if_em.c 2014/08/26 11:01:21 1.288 shows lot og activity. Any patch for 5.5 welcome. Thanks, Axel --- PGP-Key:29E99DD6 ☀ +49 151 2300 9283 ☀ computing @ chaos claudius

Re: Intel i354 Quad GbE network adapter failed on 5.5-RELEASE

ut. Ports/packages are not yet ready for 5.6 and I wanted to avoid the porting effort, which was significant in the past. I’m just trying a patch against CURRENT. . . Axel -— PGP-Key:29E99DD6 ☀ +49 151 2300 9283 ☀ computing @ chaos claudius

Re: Intel i354 Quad GbE network adapter failed on 5.5-RELEASE

Unable to initialize the hardware - - - Complete debug output available on request. Axel --- PGP-Key:29E99DD6 ☀ +49 151 2300 9283 ☀ computing @ chaos claudius

[RESOLVED] Re: Intel i354 Quad GbE network adapter failed on 5.5-RELEASE

ting to follow). Thanks, Axel --- PGP-Key:29E99DD6 ☀ +49 151 2300 9283 ☀ computing @ chaos claudius

Re: Intel i354 Quad GbE network adapter failed on 5.5-RELEASE

Am 30.08.2014 um 13:46 schrieb Axel Rau : > Am 29.08.2014 um 08:11 schrieb Jonathan Gray : > >> Initial support for the i347 phy was added back in March but that wasn't >> part of 5.5. I suspect you want something along the lines of the >> following patch: >

Re: Intel i354 Quad GbE network adapter failed on 5.5-RELEASE

Am 02.09.2014 um 15:45 schrieb Axel Rau : > The i347 device (em5) has a hardware-MAC of 00:60:e0:5a:75:45, but shows up > above as 00:60:e0:5a:75:39. > The answer to the pppoe server with MAC address 00:30:88:1f:18:9a is being > sent to MAC 00:30:75:39:00:30 instead. Nobody any

Re: Intel i354 Quad GbE network adapter failed on 5.5-RELEASE

I tested this on other hardware: It has nothing to do with i354. It’s a bug in the vlan driver which has already been reported here http://marc.info/?l=openbsd-misc&m=139903544321689&w=2 Axel Am 02.09.2014 um 15:45 schrieb Axel Rau : > Am 30.08.2014 um 13:46 schrieb Axel Rau

prices of cdset in eu

to get the executable path, i need to check my grafx port i guess :) Kind regards, Axel Scheepers

Re: prices of cdset in eu

On Mon, Mar 03, 2014 at 10:59:00PM +0100, Peter N. M. Hansteen wrote: > Axel Scheepers writes: > > > Can anyone tell me about the difference in price regarding a cdset in EU? > > > > original ca $50 36.41 (CA) > > mensys eur 50,- vat incl. 60.50 (NL) >

kernel logs "v_type 1" and "f_type 1"

A firewall box (dual Atom N270, 2GB, 5 nics, running 5.8-current (GENERIC.MP) #1219) suddenly started logging v_type 1 f_type 1 (up to 40 times/sec) and stopped routing. The effect went away after disconnecting all but one nic. Any help appreciated, Axel --- PGP-Key:29E99DD6 ☀

Re: kernel logs "v_type 1" and "f_type 1"

Hi Ville, > Am 09.05.2016 um 18:04 schrieb Ville Valkonen : > > On 9 May 2016 at 16:03, Axel Rau wrote: >> A firewall box (dual Atom N270, 2GB, 5 nics, running 5.8-current > (GENERIC.MP) >> #1219) >> suddenly started logging >>v_type 1 >>

6.0 sppp does not answer PPPoE-Discovery code offer

0-B2224180702381 tag AC-Cookie, length 16 \200g\260jE\320\217\020\334w\265\223\372\020\000\331 tag Service-Name, length 0 . . . Any help appreciated. Thanks, Axel PS: Details: root@gw2:/etc # cat hostname.em5 # em5 inet 192.168.178.3 255.255.255.0 NONE up description "descr

Re: 6.0 sppp does not answer PPPoE-Discovery code offer

> Am 07.01.2017 um 20:01 schrieb Axel Rau : > > Hi, > > while trying to switch my Vigor130 to pppoe pass through and let my > OpenBSD firewall handle the pppoe stuff, I get: Turning on debug shows: Jan 8 17:48:05 gw1 /bsd: pppoe0 (8863) state=1, session=0x0 output -> ff:f

[RESOLVED] Re: 6.0 sppp does not answer PPPoE-Discovery code offer

Updating the firmware of the Vigor130 box from 3.7.9_m7 to 3.7.9.4_m7 solved the problem. > . . . > It seems that sppp does not work with vlan pseudi device. Anybody fixing that? Axel --- PGP-Key:29E99DD6 ☀ computing @ chaos claudius

pf on 5.6: rule counter with proto esp not working

] [ Inserted: uid 0 pid 2528 State Creations: 1 ] I could not find any preceding rule with proto esp (or empty proto). What am I doing wrong? Axel PS: Cross posted from p...@benzedrine.cx, where mail did not show up --- PGP-Key:29E99DD6 ☀ +49 151 2300 9283 ☀ computing @ chaos claudius

pppoe broken on either 5.7 or on if Intel 82541GI ?

_pw up dest 0.0.0.1 link1 !/sbin/route add default -ifp pppoe0 0.0.0.1 - - - Please advice, Axel PS: dmesg attached: OpenBSD 5.7 (GENERIC.MP) #1: Sun May 31 02:57:03 CEST 2015 r...@vm-obsd-32-build.in.chaos1.de:/usr/src/sys/arch/i386/compile/GENERIC .MP cpu0: Intel(R) Atom(TM) CPU N270 @ 1.60GHz (&q

Re: pppoe broken on either 5.7 or on if Intel 82541GI ?

Am 05.06.2015 um 12:40 schrieb Axel Rau : > A similar box with identical configuration running 5.7-RELEASE on > „Intel 82541GI" rev 0x05: > hardware fails so: Anybody running 5.7 successfully on an Intel 82541GI interface? Axel --- PGP-Key:29E99DD6 ☀ +49 151 2300 9283 ☀ com

Re: Message arrived but could not be stored

> From: Kapetanakis Giannis > Subject: upgrade 6.2 snapshots to 6.3 release > To: "misc@openbsd.org" > > The complete message as received is appended. > <1524134256-7446-4192_4_2526> Thanks, Axel --- PGP-Key:29E99DD6 ☀ computing @ chaos claudius

ping blocked for 12 minutes

1500 fe80::%em2/ fe80::260:e0ff:fe 587989351 4377 408807684 0 0 em2 1500 2a05:bec0:f 2a05:bec0:ff::27 587989351 4377 408807684 0 0 Are they related? If this is no rate-limiting feature, what else may be the reason? Any help appreciated, Axel PS: # dmesg OpenBSD 6.2

Re: ping blocked for 12 minutes

> Am 17.05.2018 um 11:47 schrieb Axel Rau : > > Hi, > > a firewall box blocks ICMP packets (from icinga2 hostalive4 check_command) > for 12 minutes. > This happens nearly every night. mtr shows 100% loss on the last hop. Forwarded traffic is not affected but all traffic

Loading of pf rule hangs

inute rule loading completes. The file exists and contains valid ips. At the end there was an empty line. May this be the reason? Axel --- PGP-Key: CDE74120 ☀ computing @ chaos claudius

pf: block drop not working

What is wrong in my setup? Thanks, Axel --- PGP-Key: CDE74120 ☀ computing @ chaos claudius signature.asc Description: Message signed with OpenPGP

Re: pf: block drop not working

> Am 05.05.2021 um 13:30 schrieb Tom Smyth <mailto:tom.sm...@wirelessconnect.eu>>: > > black_whole vs black_hole > > check the table name … Thanks a lot! Axel --- PGP-Key: CDE74120 ☀ computing @ chaos claudius signature.asc Description: Message signed with OpenPGP

fighting amplification attack --was: Re: pf: block drop not working

query with high frequency? Thanks, Axel --- PGP-Key: CDE74120 ☀ computing @ chaos claudius signature.asc Description: Message signed with OpenPGP

Re: fighting amplification attack --was: Re: pf: block drop not working

und_dns_options label "dns inbound" Is this not possible with udp? Axel --- PGP-Key: CDE74120 ☀ computing @ chaos claudius signature.asc Description: Message signed with OpenPGP

functional difference of isakmpd and iked

, the other 2 are road warriors, where IP of others changes about once a month. As this is an operational setup, moving from isakmpd to iked seems to be a challenge. (-: Can the transition be done without loosing functionality? Axel PS: To illustrate further, I include the connections from

Re: functional difference of isakmpd and iked

> Am 09.03.2022 um 11:44 schrieb Axel Rau : > > are both able to support the same network topologies with both IPv4 and IPv6? Seems to be a difficult question. What can I do to get an answer / a comment of one of the experts? Axel --- PGP-Key: CDE74120 ☀ computing @ chaos claudius

Re: functional difference of isakmpd and iked

> Am 11.03.2022 um 14:32 schrieb Tobias Heider : > > looks like your setup should also work with iked. So I will try this in a few weeks and report back. Thanks for responding, Axel --- PGP-Key: CDE74120 ☀ computing @ chaos claudius

Routing between VPNs broken

tried to work around with a host route. I refused to use routing protocols in the past, because I dont’t like them on the firewall. What is the recommended reliable solution for this scenario? ospf? Any help very appreciated, Axel --- PGP-Key: CDE74120 ☀ computing @ chaos claudius

Re: Routing between VPNs broken

After rebooting the client, everything works as expected. Until next re-keeing, where it stops working. Axel --- PGP-Key: CDE74120 ☀ computing @ chaos claudius signature.asc Description: Message signed with OpenPGP

Re: Routing between VPNs broken

route > defined before it falls through to the IPsec routes and sends the traffic > through that. > > It's a long shot but hope it helps Axel --- PGP-Key: CDE74120 ☀ computing @ chaos claudius signature.asc Description: Message signed with OpenPGP

Wrong net in vlan

is wrong here? Thanks, Axel --- PGP-Key: CDE74120 ☀ computing @ chaos claudius signature.asc Description: Message signed with OpenPGP

Re: Wrong net in vlan

subnet 172.16.12.0 netmask 255.255.255.0 { option routers 172.16.12.1; range 172.16.12.100 172.16.12.200; } - - - >From /etc/rc.conf.local: - - - dhcpd_flags="em0 em3 vlan11 vlan12 vlan13 vlan14 vlan15 vlan16" - - - Axel --- PGP-Key: CDE74120 ☀ c

Re: Wrong net in vlan

Hi all. > Am 16.11.2020 um 11:09 schrieb Axel Rau : > > - - - > From /etc/rc.conf.local: > - - - > dhcpd_flags="em0 em3 vlan11 vlan12 vlan13 vlan14 vlan15 vlan16" > - - - I have still no resolution. dhcpd preovides always an address from the subnet 172.16.11/24 r

Re: Wrong net in vlan

I think, the problem is that all vlans share the same lladr (see recent ifconfigs). To allow dhcpd to distinguish the vlans, I have to set the mac addresses manually. Will try this later. Axel --- axel@chaos1.de PGP-Key:29E99DD6 computing @ chaos claudius > Am 18.11.2020 um 00

Re: Wrong net in vlan

> Am 18.11.2020 um 11:00 schrieb Stuart Henderson : > > On 2020-11-18, Axel Rau wrote: >> I think, the problem is that all vlans share the same lladr (see recent >> ifconfigs). >> To allow dhcpd to distinguish the vlans, I have to set the mac addresses >>

[RESOLVED] Re: Wrong net in vlan

Hi Stuart, > Am 18.11.2020 um 13:20 schrieb Stuart Henderson : > > On 2020/11/18 12:48, Axel Rau wrote: >> From /etc/dhcpd.conf: >> - - - >> shared-network WLAN-NET { > > This is your problem. Oh yes. The art of carefully reading . . . Thanks a lot, Axel --

Neighbor Solicitation packets try to go out on enc0

select (1000baseT full-duplex) status: active inet 172.16.14.1 netmask 0xff00 broadcast 172.16.14.255 inet6 fe80::260:e0ff:fe5a:7543%vlan14 prefixlen 64 scopeid 0x10 inet6 ??:??:??:34::a prefixlen 64 What is going wrong here? Axel --- PGP-Key: CDE74120 ☀ computing @

Re: Neighbor Solicitation packets try to go out on enc0

Routers don't forward neighbour solicitation messages. So this is a bug? Axel --- PGP-Key: CDE74120 ☀ computing @ chaos claudius signature.asc Description: Message signed with OpenPGP

[RESOLVED] Re: Neighbor Solicitation packets try to go out on enc0

> inet6 ??:??:??:34::a prefixlen 64 I forgot the reflexive bypassrule: flow esp out from ??:??:??:30::/60 to ??:??:??:30::/60 type bypass Axel --- PGP-Key: CDE74120 ☀ computing @ chaos claudius signature.asc Description: Message signed with OpenPGP

CARP with /30 ?

Hi all, does a CARP setup with 2 firewll boxes with an upstream /30 transfer net i feasible? E.g. 5.6.7.232/30 5.6.7.232 if box1 5.6.7.233 upstream router 5.6.7.234 if box2 5.6.7.235 if CARP Quick answer would be very helpfull. Thanks, Axel --- PGP-Key: CDE74120 ☀ computing @ chaos

Re: IPsec 4.9>4.9 VPN

Am 22.07.2011 um 00:13 schrieb Mikeal Clark: > 163350.058716 Default ike_phase_1_recv_ID: received remote ID other than > expected 1.2.3.4 I think, you need srcid 1.2.3.4 dstid 5.6.7.8 on site A ike. Axel --- PGP-Key:29E99DD6 b +49 151 2300 9283 b computing @ chaos claudius

routing problem with 2nd default route via ipsec

GENERIC snapshot from about 2011-06-08. I have net.inet.ip.multipath=1 What am I doing wrong? Time to start using rdomains / multiple rtables? Axel --- PGP-Key:29E99DD6 b +49 151 2300 9283 b computing @ chaos claudius

Re: routing problem with 2nd default route via ipsec

s that those multicasts should go out on dc1 not come in. Axel --- PGP-Key:29E99DD6 b +49 151 2300 9283 b computing @ chaos claudius

Re: routing problem with 2nd default route via ipsec

Am 28.07.2011 um 13:23 schrieb Axel Rau: > all CARP traffic from its carp2) go to enc0, like this: What may cause IPv4 CARP traffic to not go out on its parent device but on enc0 instead? IPv6 CARP and other CARP devises behave as expected. Axel --- PGP-Key:29E99DD6 b +49 151 2300 9283

HA: pair of firewalls, 2 switches and 1 server

| |+-+em1| | +---+ +--+ Switches must have Spanning Tree support (RSTP), so I hope a pair of Netgear GS108T can do this. Any proposals highly appreciated, Axel --- axel@chaos1.de PGP-Key:29E99DD6 +49 151 2300 9283 computing @ chaos claudius

Re: HA: pair of firewalls, 2 switches and 1 server

Am 18.05.2010 um 14:20 schrieb Leonardo Carneiro - Veltrac: > IMHO, the second scenario you draw solves the problem in a very elegant way. Beside, STP and RSTP-enabled switches are becoming less expansive in the last years. Yes, but what carps/trunks do I need? Axel --- axel@chaos1.de

Re: HA: pair of firewalls, 2 switches and 1 server

of the single switch dies, I'm loosing. Also a 2nd server is in the pipeline... Axel --- axel@chaos1.de PGP-Key:29E99DD6 +49 151 2300 9283 computing @ chaos claudius

Re: HA: pair of firewalls, 2 switches and 1 server

at do you mean? Are there other possibilities to connect the boxes with the above functionality? Axel --- axel@chaos1.de PGP-Key:29E99DD6 +49 151 2300 9283 computing @ chaos claudius

Re: HA: pair of firewalls, 2 switches and 1 server

Am 20.05.2010 um 00:04 schrieb Henning Brauer: * Axel Rau [2010-05-19 10:34]: Now the question: Can I put a trunk on top of a carp? you put carp on top of the trunk of course. OK. Can I have a trunk connected to 2 different switches then? Axel --- axel@chaos1.de PGP-Key:29E99DD6 +49

Re: HA: pair of firewalls, 2 switches and 1 server

:) I try to keep things simple usually. Thanks to all for the advice. Axel --- axel@chaos1.de PGP-Key:29E99DD6 +49 151 2300 9283 computing @ chaos claudius

Re: HA: pair of firewalls, 2 switches and 1 server

Thanks for this detailed elaboration, Reyk. A few questions: Am 20.05.2010 um 22:07 schrieb Reyk Floeter: On Thu, May 20, 2010 at 07:02:23PM +0200, Axel Rau wrote: Now the question: Can I put a trunk on top of a carp? you put carp on top of the trunk of course. OK. Can I have a trunk

Re: HA: pair of firewalls, 2 switches and 1 server

failover laggport em0 laggport em1 up fbsd# ifconfig vlan2 create fbsd# ifconfig vlan2 vlan 2 vlandev lagg0 10.1.2.10 netmask 255.255.255.0 up fbsd# route add default 10.1.2.1 Axel --- axel@chaos1.de PGP-Key:29E99DD6 +49 151 2300 9283 computing @ chaos claudius

Re: HA: pair of firewalls, 2 switches and 1 server

Am 21.05.2010 um 01:53 schrieb Tomoyuki Sakurai: You need additional two OSPF routers for L3 redundancy (claudio@ explained why in a paper). Thanks for the hint, Tomoyuki. I have now ospfd running on both firewalls, which was one necessary stop towards success. Axel --- axel@chaos1.de

Re: HA: pair of firewalls, 2 switches and 1 server

Am 21.05.2010 um 12:55 schrieb Axel Rau: Am 20.05.2010 um 22:07 schrieb Reyk Floeter: I will try the following with unmanaged switches, no RST: On fbsd: fbsd# ifconfig em0 up fbsd# ifconfig em1 up fbsd# ifconfig lagg0 create fbsd# ifconfig lagg0 laggproto failover laggport em0 laggport

Migrating from isakmpd to iked: interface name not recognized

for pppoe0 /etc/iked.conf: 26: could not parse host specification . ifconfig pppoe0 | grep inet shows: inet 79.243.41.99 --> 87.186.224.28 netmask 0xffff Clueless: Axel --- axel@chaos1.de PGP-Key:29E99DD6 +49 151 2300 9283 computing @ chaos claudius

Re: Migrating from isakmpd to iked: interface name not recognized

Am 13.12.2010 um 18:50 schrieb Axel Rau: no IP address found for pppoe0 This happens with all devices, I have tried. Anybody succeeded in using an interface name as argument of option local? This is 4.8 stable on i386 generic. Axel --- axel@chaos1.de PGP-Key:29E99DD6 +49 151

Re: Migrating from isakmpd to iked: interface name not recognized

Am 14.12.2010 um 17:23 schrieb Mike Belopuhov: mask2prefixlen functions are taken from bgpd. OK? Thanks, Axel --- axel@chaos1.de PGP-Key:29E99DD6 +49 151 2300 9283 computing @ chaos claudius

instable vpn after upgrading to 4.8

500 interface carp0 flushmode startup sharedkey 0xdeadbeefdeadbeefdeadbeefdeadbeef peer 172.16.127.2 # PR6357: sasyncd(8) treats whitespace after comments as EOF in sasyncd.conf # sasyncd.conf at gw1 Any help welcome, Axel --- axel@chaos1.de PGP-Key:29E99DD6 +49 151 2300 9283

Re: instable vpn after upgrading to 4.8

Am 20.12.2010 um 12:50 schrieb Axel Rau: After upgrading to 4.8 (stable) the vpn starts blocking in one direction after 2 days of uptime of the gateway pair. Today it took only 2 hours to start blocking. Blocking cab be prevented by keeping a ping running. Axel --- axel@chaos1.de PGP-Key