OK, I think I fixed this. Seems some un-marked dependancy needed updating. But
forcing all packages to be updated with:
pkg_add -D installed -u
has cause python to start working again.
-Matt
> On 7 Aug 2017, at 14:19, Matt Hamilton <m...@quernus.co.uk> wrote:
>
> Hi All
ev, wxallowed)
/dev/sd0e on /var type ffs (local, noatime, nodev, nosuid)
-Matt
—
Matt Hamilton
Quernus
m...@quernus.co.uk
+44 117 325 3025
64 Easton Business Centre
Felix Road, Easton
Bristol, BS5 0HE
Quernus Ltd is a company registered in England and Wales. Registered number:
09076246
ompare a few hundred dollars worth of x86
kit occupying about 8 litres of space and quietly sipping a few tens of watts
of power to even the most entry level iSeries or zSeries? I think this shows
just how far off the mark this thread has come.
-Matt
â
Matt Hamilton
Quernus
m...@quernus.co.uk
very nice blend
of security, manageability and convenience for my use-case. YMMV.
> I know lots of people are doing the same. Anyways, good luck with it
> long term.
Thanks! Iâm blogging about how it is turning out. So far seems to be working
pretty nicely.
-Matt
â
Matt Hamilton
Quernus
m...@quernus.co.uk
+44 117 325 3025
49b Easton Business Centre
Felix Road, Easton
Bristol, BS5 0HE
Quernus Ltd is a company registered in England and Wales. Registered number:
09076246
ted
to the net. Whether or not it contains an OpenBSD VM in it as a guest
doesnât (IMHO) significantly affect itâs security.
-Matt
â
Matt Hamilton
Quernus
m...@quernus.co.uk <mailto:m...@quernus.co.uk>
+44 117 325 3025
49b Easton Business Centre
Felix Road, Easton
Bristol, BS5 0HE
Quernus
software to achieve
my end goals.
This thread started with someone who is starting to learn and wanted to know
which OS, OpenBSD or FreeBSD would be best for their requirements. I don’t feel
putting forward an idea that you could run OpenBSD as a VM and have both is so
unreasonable.
-Matt
—
Matt Hamilto
C tunnel termination than FreeBSD can offer out of the
box.
-Matt
â
Matt Hamilton
Quernus
m...@quernus.co.uk
+44 117 325 3025
49b Easton Business Centre
Felix Road, Easton
Bristol, BS5 0HE
Quernus Ltd is a company registered in England and Wales. Registered number:
09076246
::1 2001:41c8:11a:5::1
traceroute6 to 2001:41c8:11a:5::1 (2001:41c8:11a:5::1) from
2001:470:1f1d:301::1, 64 hops max, 60 byte packets
1 2001:41c8:11a:5::1 (2001:41c8:11a:5::1) 32.884 ms 32.795 ms 32.316 ms
#
-Matt
> On 23 Sep 2015, at 22:31, Matt Hamilton <m...@quernus.co.uk> wrot
fic on the external interface. Traceroute6
also shows all intermediate hops, i.e. no tunnel.
Is it because, being IPv6, the networks on each end can route to each other (as
opposed to on IPv4 normally they are RFC1918 networks) so OpenBSD send the
packets the ‘easy’ route?
-Matt
—
Matt Hamilton
Quernu
fic at all.
Any ideas what to check next?
-Matt
—
Matt Hamilton
Quernus
m...@quernus.co.uk
+44 117 325 3025
49b Easton Business Centre
Felix Road, Easton
Bristol, BS5 0HE
Quernus Ltd is a company registered in England and Wales. Registered number:
09076246
I've been further looking at this, trying to work out where to 'fix'
it.
Various options seem to be:
1) Get the tun interface to re-calculate the TCP checksums
2) Get pf to have a flag telling it to calculate the checksums always
for a given rule
3) Get OpenVPN to calculate the checksums at some
Hi All,
I just been upgrading a router from OpenBSD 5.1 to 5.4 and hit a big problem
I'm finding that in certain circumstance TCP packets have incorrect checksums.
I know some checksum work was done recently, so maybe something has
gone awry (or I've missed something simple).
I have OpenVPN
Matt Hamilton matth at netsight.co.uk writes:
Hi All,
I just been upgrading a router from OpenBSD 5.1 to 5.4 and hit a
big problem
Doh! I meant 5.5, not 5.4.
Digging about it looks like the following change by Henning may
shed some light:
http://cvsweb.openbsd.org/cgi-bin/cvsweb/src
sven falempin sven.falempin at gmail.com writes:
The manual say the information is extracted from the state table.
So you should have seen the info.
First: are you sure the information wasnt in the udp pflow packets ? maybe
the collector was wrong.
Second: man says The packet size and
Hi All,
We use pflow with pf to export packets to a collector for billing/monitoring
purposes. The problem we have is that someone at the weekend had a very
long running scp connection over several days that transferred a TB
of data. The data was not logged via pflow until the state expired, so
Hi All,
From what I've read previously I've seen that ospfd will advertise
routes on carp interfaces that are in the BACKUP state. Is this
still the case these days with 5.2? Whilst I'm sure I can do some
magic with ifstated, I just wanted to make sure I'm not solving
something that is already
Hi All,
Does pfsync require firewalls to have the same firewall rules on all
hosts in the sync group? May seem an odd thing to ask, but I have a
situation in which I have two firewalls on different sides of my
network, each one connected to a different external
network. Occasionally due to BGP
James Shupe jshupe at hermetek.com writes:
I've been running it to peer with 3 IPv4 peers and 3 IPv6 peers (full
views) and another partial IPv4 view with 12k routes (actually: varying
amounts of peers over the years, but that's the current setup) since 4.5
without needing any cron jobs to
Hi all,
More bgpd problems last night :( This happened last night on two of our
routers. One running an old version of OpenBSD (4.3) and one running
5.1. Is there anyone out there actually using bpgd in production? How
do you deal with it quitting everytime something unexpected happens on
the
Stuart Henderson stu at spacehopper.org writes:
cron job to restart it, with a random delay to avoid two machines
coming back up at the same time when all the routers at a site
fail together...
So you just check it every minute to see if it is alive?
It seems to me to be a pretty fundamental
Otto Moerbeek otto at drijf.net writes:
On Tue, May 29, 2012 at 08:57:54AM +, Matt Hamilton wrote:
Hi all,
More bgpd problems last night :( This happened last night on two of our
routers. One running an old version of OpenBSD (4.3) and one running
5.1. Is there anyone out
Otto Moerbeek otto at drijf.net writes:
According to you previous message, you are getting a different
behaviour on the 5.1 box. A segfault is not the same as running out of mem.
I agree. It seems strangely co-incidental though that bgpd on both version
of OpenBSD died within minutes of each
Henning Brauer lists-openbsd at bsws.de writes:
OpenBSD 5.1/amd64:
May 29 05:55:09 fw1 bgpd[21316]: Lost child: route decision engine
terminated; signal 11
now that is bad. sig11 = segfault, Must Not Happen (tm).
can you get us a backtrace? stuart, can we document the steps to do so
Philip Guenther guenther at gmail.com writes:
Roger. To paraphrase: in order for such a process to be able to dump
core, do the following:
Create /var/empty/var/crash/ and chown it to the user that the
[chroot'ed priv-sep'ed process] runs
as, then set the kern.nosuidcoredump sysctl to
Claudio Jeker cjeker at diehard.n-r-g.com writes:
The dispatch_rtmsg[change] mpath route not found is a fatal error (bgpd
quits because of this). The problem seems to be a multipath route that is
changed but bgpd can not find the route in its own table and freaks out.
I have not seen this
Hi All,
I've recently setup up a series of 6 OpenBSD boxes all running 5.1/amd64
and connected together via an HP switch. The all run ospfd and bgpd.
They each connect out to different external networks and most speak BGP
to external peers.
I keep seeing bgpd just quitting of its own accord.
Hi All,
I'm wondering if anyone has found an elegant solution to the problem
I'm having with interaction between CARP and OSPF. I have a pair of
routers in a failover config. On one side they speak OSPF to a set of
other routers and on the other side use CARP to provide a default
gateway to a set
OK, this might just be my misunderstanding of OSPF, so just want to
run this by you and see if it is a mistake on my behalf. Let me try
and explain:
In this case I have a number of routers (OpenBSD 5.0 boxes running
ospfd and bgpd, except .106 which is a Cisco) which all share a common
network to
Matt Hamilton matth at netsight.co.uk writes:
OK, this might just be my misunderstanding of OSPF, so just want to
run this by you and see if it is a mistake on my behalf. Let me try
and explain:
Nevermind... after battling this for several hours, I manage to work it
out 5 mins after
Stuart Henderson stu at spacehopper.org writes:
I setup carp-on-vlan-on-trunk-on-bnx0/1 on an R210-II running 5.1
the other day, no trouble. In this case they're webservers so I didn't
set net.inet.ip.forwarding in sysctl.conf and i'm using ip balancing
rather than simple carp failover.
OK,
Aha! I have finally solved this. I've no idea *why* it is happening, but
it seems the order of the lines in /etc/hostname.carp119 is an issue.
It seems that the inet config needs to come after the carp details. See
below:
# ifconfig carp119 destroy
# cat /etc/hostname.carp119
carpdev
BARDOU Pierre bardou.p at mipih.fr writes:
Hello,
I have dozens of CARP interfaces over VLAN interfaces over LACP trunk
interfaces over physical EM/BGE/BNX. Carp is in multicast mode, multicast
routing is disabled. Works like a charm with various OpenBSD versions since
4.4 to 5.0.
OK,
OK, A few more tests done. It seems it is the multicast being blocked.
If I use carppeer then it starts to
work and I can see packets on the vlan interface with tcpdump.
So here is my ifconfig setup:
# ifconfig -a
lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 33152
priority: 0
Kapetanakis Giannis bilias at edu.physics.uoc.gr writes:
On 23/04/12 17:13, Matt Hamilton wrote:
So it appears there is somewhere a problem with multicast packets being
filtered out somewhere.
This is all running with pfctl -d
-Matt
Hi,
Not sure if multicast routing
David Goldsmith dgoldsmith at sans.org writes:
I believe the inet option is missing a 3rd component. After the
CARP IP and the netmask, you also need the 'last' IP for the subnet,
in your case it would be 213.133.66.71 (on both servers).
On our servers, we have something like:
inet
Hi All,
I'm in the process of setting up a pair of OpenBSD 5.0 boxes as
intra-vlan routers. Each one will be configured with approx 100
vlans. I'm just trying to test my setup at the moment, and
AFAICS the carp packets are not being sent :(
Here is the ifconfig outputs:
# ifconfig bnx0
Any ideas why this might be happening? I'm probably doing something
stupid, but can't spot it.
I forgot to add, that pf is disabled (pfctl -d) and if you didn't spot it in
the
previous message, all interfaces have -inet6 on them to get rid of inet6
in case that is an issue (I've read a few
David Goldsmith dgoldsmith at sans.org writes:
Any ideas why this might be happening? I'm probably doing
something stupid, but can't spot it.
Please show the contents of the /etc/hostname.carp119 file on
both servers.
on box A:
# cat /etc/hostname.carp119
inet 213.133.66.67
Camiel Dobbelaar cd at sentia.nl writes:
Can you show the output of:
- ifconfig carp
- ifconfig -g carp
- netstat -s -p carp
- sysctl net.inet.carp
Ahhh... actually, I noticed mbuf memory error with one of these:
# netstat -s -p carp
carp:
3112793 packets received (IPv4)
0
Camiel Dobbelaar cd at sentia.nl writes:
Can you post the output of netstat -m and a dmesg?
# netstat -m
94 mbufs in use:
88 mbufs allocated to data
3 mbufs allocated to packet headers
3 mbufs allocated to socket names and addresses
87/938/8192 mbuf 2048 byte clusters in
I'm also getting strange weirdnesses with carp on 5.0. I too upgraded
from quite an old 4.x version (4.6 IIRC).
The main thing I'm seeing is my master and backup switching back and
forth quite a few times. This is a pair of firewalls with carp
running on both the inside and outside firewall
that doesn't
match into the queue d3 and then I can view what is going on with
tcpdump and pflog, but I still seem to be missing something.
Any ideas?
-Matt
--
Matt Hamilton [EMAIL PROTECTED]
Netsight Internet Solutions, Ltd.Business Vision on the Internet
2007, at 11:14, Matt Hamilton wrote:
Hi all,
Just been trying to track down why CARP keeps unexpectedly
failing over to the backup (a pair of firewalls) and I noticed
(OpenBSD/i386 3.9) that there have been some mbuf errors:
# netstat -s -p carp
carp:
98 packets received (IPv4
]
[ qlength: 0/ 50 borrows: 0 suspends: 0 ]
So no dropped packets there.
Any ideas?
-Matt
--
Matt Hamilton [EMAIL PROTECTED]
Netsight Internet Solutions, Ltd.Business Vision on the Internet
http://www.netsight.co.uk
to packet headers
3 mbufs allocated to socket names and addresses
558/930/6144 mbuf clusters in use (current/peak/max)
2032 Kbytes allocated to network (61% in use)
0 requests for memory denied
0 requests for memory delayed
0 calls to protocol drain routines
--
Matt Hamilton
of if its parent can borrow from root? Is this a
bug, or am I not understanding something? Is this something that
hfsc might address?
-Matt
--
Matt Hamilton [EMAIL PROTECTED]
Netsight Internet Solutions, Ltd.Business Vision on the Internet
http
exceeded messages back to the sender?
Currently the firewall seems to be doing 2-4000 pps.
Any ideas?
-Matt
--
Matt Hamilton [EMAIL PROTECTED]
Netsight Internet Solutions, Ltd.Business Vision on the Internet
http://www.netsight.co.uk
function 6 not configured
unknown vendor 0x product 0x (class prehistoric subclass
miscellaneous, rev 0x00) at cardbus1 dev 0 function 7 not configured
dkcsum: wd0 matches BIOS drive 0x80
root on wd0a
rootdev=0x0 rrootdev=0x300 rawdev=0x302
--
Matt Hamilton
48 matches
Mail list logo