Bastien Durel | 27 Mar 18:31 2015

icmp6 get dropped on gif tunnel

I have an openbsd router with 2 upstreams (one pppoe (pppoe0 on sis1),
one ipoe (sis0)).

I have a sixxs(6-in-4) tunnel (gif0).
If the gif tunnel is on one of my providers (pppoe0), it works well. 

gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1280
        description: Sixxs
        priority: 0
        groups: gif egress
        tunnel: inet ->
        inet6 fe80::200:24ff:fecf:42ac%gif0 ->  prefixlen 64 scopeid 0xc
        inet6 2001:6f8:202:19c::2 -> 2001:6f8:202:19c::1 prefixlen 128

the 2001:6f8:3c8::/48 subnet which is routed via this tunnel

This provider gives me native Ipv6, so the tunnel is pretty useless, and
I want to put it on the other provider, which doesn't.

But when I move it on the other provider, the tunnel basicly works (I
can ping an inside box (2001:6f8:3c8:42:xxx) from the outside), but the
router does not answer to ping, on the tunnel endpoint Ipv6
(2001:6f8:202:19c::2) nor on any other interface (in 2001:6f8:3c8::/48).

Then sixxs count it as down, and will disable it if nothing is done. I
can ping from router to remote tunnel endpoint (2001:6f8:202:19c::1),
but remote tunnel endpoint does not get any answer when it ping my
router endpoint. nor does can I ping it from outside. 

(Continue reading)

Comète | 27 Mar 11:19 2015

Intel I211 NIC not working on Shuttle DS57U with latest snapshot


i've just installed the latest snapshot on this new fanless little
machine with 2 NICs (one I218-LM and another with I211 chipset) and the I211
is not detected, dmesg returning: "EEPROM Checksum is not valid". I've looked
at "man em" and saw I211 was supported.

Any idea ?

Thank you.

OpenBSD 5.7-current (GENERIC.MP) #896: Thu Mar 26 14:56:12 MDT 2015
    todd <at>
real mem = 2009530368 (1916MB)
avail mem = 1944829952 (1854MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.8  <at>  0xec2f0 (81 entries)
bios0: vendor American Megatrends Inc. version "1.05" date 01/16/2015
bios0: Shuttle Inc. DS57U
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: wakeup devices PEGP(S4) PEG0(S4) PEGP(S4) PEG1(S4) PEGP(S4) PEG2(S4) PXSX(S4) RP01(S4)
PXSX(S4) RP02(S4) PXSX(S4) RP03(S4) PXSX(S4) RP04(S4) PXSX(S4) RP05(S4) [...]
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
(Continue reading)

Bernd Schoeller | 27 Mar 10:25 2015

Intel 5th gen NUC graphics support

Hi -

I just aquired an Intel NUC (NUC5i5RYK) to use as my main OpenBSD 
desktop system.

After getting kernel panics when booting 5.6, using a SNAPSHOT seems to 
work well (panic was: lapic_set_lvt: bad pin value 228). The next hurdle 
I have to overcome is getting accelerated X to work. There is also no 
support for a framebuffer console (which is probably related).

I think the critical part of the X11 output (full dump below) is:

[    30.163] (II) AIGLX: Screen 0 is not DRI2 capable
[    30.163] (EE) AIGLX: reverting to software rendering

Is the new graphics chipset already supported in OpenBSD, and I just 
have the configuration wrong? Or will I have to wait for support? 
Anything I can do to help development?


PS: Two other observations: the kernel takes rather long to load (15 
seconds) and I get this line of strange symbols in the dmesg below.


OpenBSD 5.7-current (GENERIC.MP) #895: Wed Mar 18 18:55:03 MDT 2015
deraadt <at>
real mem = 8453918720 (8062MB)
(Continue reading)

Some Developer | 27 Mar 09:03 2015

C++14 and C11 support sucks in OpenBSDs default compiler - any chance of Clang in base?

I'm not entirely aware of the changes that the OpenBSD developers have 
made to the version of GCC that ships with OpenBSD but is there any work 
being done on including Clang in OpenBSD base?

It has a BSD compatible license unlike GCC. It has its own debugger with 
the same license unlike GDB.

So what are the reasons why OpenBSD has so far shunned Clang and LLDB? 
Is it missing some extra security features that the OpenBSD team have 
added to their version of GCC?

Any info is appreciated.

R0me0 *** | 27 Mar 03:11 2015


jin&hitman&Barracuda | 26 Mar 21:15 2015

Leap seconds

As you know, the leap second issue will occour on 29th. June. I saw
articles on some Linux distro's web page. It looks like there is a bug on
the Linux kernel and it was effected on 2012.

I would like to ask, is there anything which i should do on my OpenBSD 5.6 ?

Sorry for my English

L.R. D.S. | 26 Mar 19:55 2015

Set PKG_PATH using Time Zone?

Is really boring write the package repository everytime we install. 
Why not set the repository using the Time Zone as a reference?
For example, if you set Japan as your zone, then run
export PKG_PATH='uname -r'/packages/'uname -m'/

rizz2pro . | 26 Mar 19:07 2015

Change routes with multipath?

Hello everyone,

I hope I posted this in the right area, I don't usually join mailing lists
so I am still a bit of a noob.

Anyways, hoping someone could help me out. I am coming up empty on my
searches figuring this out.

If I have 2 default gateways configured with priorities, how would I modify
the priorities using "route change"? I would prefer not to have to delete
the route and re-add them.

$ sudo route add -mpath default -priority 1
$ sudo route add -mpath default -priority 15
$ sudo netstat -rn | grep default
# default        UGS        3     3308     -     1 em0
# default         UGS        0        0     -    15 em1

If I try to change priorities:

$ sudo route change -mpath default -priority 1
# route: writing to routing socket: No such process
# change net default: gateway not in table

Any hints as to how I can change priority on a default multipath route? I
would appreciate it greatly.

Thanks for reading.
(Continue reading)

Predrag Punosevac | 26 Mar 18:21 2015

L2TP using Npppd and IPsec

Hi Misc,

I need to provide secure access to a web application running on my
servers to handful typical desktop users. I am thinking of requiring
them to have L2TP/IPSec VPN tunnel before they can browse my
application. HTTPS is not good enough due to the nature of the

Why L2TP? I am not a Windows uses but it seems that it should be trivial
to setup client side
and avoid customer service requests, on another hand I am reading man
pages for npppd and ipsec on 5.7 and Giovanni's slides from two years

for the talk he gave at BSDCan IIRC. I don't need to use RADIUS just a
local authentication database. It is in the base and it seems very easy
to configure. 

Is anybody running similar setup in production? Any caveats? Any other
advises before I take a plunge.


P.S. I have quite a bit experience with OpenVPN server on OpenBSD but  
in my experience getting credentials to a Windows client is pain because
a typical user knows only to double click and I don't know now to
(Continue reading)

Alexei Malinin | 26 Mar 13:50 2015

httpd cgi (5.6-stable)


I'm trying to get working cgi programs with OpenBSD-5.6 stable httpd on default /var/www but without success:

# cat /var/www/logs/httpd-access.log - - [26/Mar/2015:15:30:24 +0300] "GET / HTTP/1.1" 200 376 ""
"Mozilla/5.0 (X11; OpenBSD amd64; rv:22.0) Gecko/20100101 Firefox/22.0" - - [26/Mar/2015:15:30:24 +0300] "GET /favicon.ico HTTP/1.1" 404 0 ""
"Mozilla/5.0 (X11; OpenBSD amd64; rv:22.0) Gecko/20100101 Firefox/22.0" - - [26/Mar/2015:15:30:24 +0300] "GET /favicon.ico HTTP/1.1" 404 0 ""
"Mozilla/5.0 (X11; OpenBSD amd64; rv:22.0) Gecko/20100101 Firefox/22.0" - - [26/Mar/2015:15:30:27 +0300] "GET /cgi-bin/bgplg HTTP/1.1" 500 0 ""
"Mozilla/5.0 (X11; OpenBSD amd64; rv:22.0) Gecko/20100101 Firefox/22.0" - - [26/Mar/2015:15:31:22 +0300] "GET / HTTP/1.1" 200 376 ""
"Mozilla/5.0 (X11; OpenBSD amd64; rv:22.0) Gecko/20100101 Firefox/22.0" - - [26/Mar/2015:15:31:24 +0300] "GET /cgi-bin/bgplg HTTP/1.1" 500 0 ""
"Mozilla/5.0 (X11; OpenBSD amd64; rv:22.0) Gecko/20100101 Firefox/22.0" - - [26/Mar/2015:15:31:26 +0300] "GET /cgi-bin/bgplg HTTP/1.1" 500 0 ""
"Mozilla/5.0 (X11; OpenBSD amd64; rv:22.0) Gecko/20100101 Firefox/22.0"

Please tell me what I'm doing wrong?

My environment:

# cat /etc/httpd.conf
# Macros

(Continue reading)

Or Elimelech | 26 Mar 11:40 2015

Dell R630 with PERC H730

Hello Misc

I am trying to install OpenBSD 5.6 on the above machine.

1. While using Lifecycle controller and deploy OS I get weird disk layout with
MSDos partition which cannot be removed.
2. While trying to init the raid myself through the raid controller and init
the raid 1 I see <none> in the disks while trying to install

Has anyone encountered this issue?


[demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]