Brian A. Seklecki | 1 Dec 04:28 2007

Update RAIDFrame-Enabled ISO for 4.2

Updated diff, ISO image, build instructions.

http://people.collaborativefusion.com/~seklecki/obsd_wRAIDFrame.html

Note:  There's a small problem with my regex in install.sub that prevents 
scanning of RAIDFrame boot lines in dmesg.boot.

The work-around from the bsd.rd shell is to:

$ export MDDKDEVS="/^raid[0-9]/p"
$ ./upgrade

Its ugly but it works.  Also, don't forget to:

$ cd /dev
$ sh MAKEDEV raid0
$ sh MAKEDEV raid1

...beforehand.  Tested a 4.0-stable to 4.2-stable upgrade (2x)

~BAS

Jake Conk | 1 Dec 04:33 2007
Picon

pflog filling up /var mount every 2-3 days!

Hello,

I have my /var partitioned out to be 150mb which I thought was a
enough but every 2-3 days it gets full because I end up with a pflog
file that is ridiculously large! Right now I have one that is 53.6mb
and I have gotten them larger like 100mb +!! Because of this my /var
partition fills up and other programs have problems witting logs and
stuff... Here is an example:

$ ls -lah /var/log/ | grep pflog
-rw-------   1 root  wheel  98.0K Nov 30 18:02 pflog
-rw-------   1 root  wheel  53.6M Nov 30 02:00 pflog.0
-rw-------   1 root  wheel   1.3M Nov 30 02:00 pflog.0.gz
-rw-------   1 root  wheel   2.2M Nov 30 01:00 pflog.1.gz
-rw-------   1 root  wheel   1.7M Nov 30 00:00 pflog.2.gz
-rw-------   1 root  wheel   1.7M Nov 29 23:00 pflog.3.gz
-rw-------   1 root  wheel   7.0M Nov 29 20:25 pflog.bad.630d9931

I have to keep coming here each couple of days to check if that is
full and delete them. My question is, is this normal and I just
created my /var mount too small? I think the fact that my pflog is
that big is the actual problem, does anyone know of a way to fix this?

Thanks,
- Jake

NetOne - Doichin Dokov | 1 Dec 04:47 2007

Re: pflog filling up /var mount every 2-3 days!

Jake Conk P=P0P?P8QP0:
> Hello,
>
> I have my /var partitioned out to be 150mb which I thought was a
> enough but every 2-3 days it gets full because I end up with a pflog
> file that is ridiculously large! Right now I have one that is 53.6mb
> and I have gotten them larger like 100mb +!! Because of this my /var
> partition fills up and other programs have problems witting logs and
> stuff... Here is an example:
>
> $ ls -lah /var/log/ | grep pflog
> -rw-------   1 root  wheel  98.0K Nov 30 18:02 pflog
> -rw-------   1 root  wheel  53.6M Nov 30 02:00 pflog.0
> -rw-------   1 root  wheel   1.3M Nov 30 02:00 pflog.0.gz
> -rw-------   1 root  wheel   2.2M Nov 30 01:00 pflog.1.gz
> -rw-------   1 root  wheel   1.7M Nov 30 00:00 pflog.2.gz
> -rw-------   1 root  wheel   1.7M Nov 29 23:00 pflog.3.gz
> -rw-------   1 root  wheel   7.0M Nov 29 20:25 pflog.bad.630d9931
>
> I have to keep coming here each couple of days to check if that is
> full and delete them. My question is, is this normal and I just
> created my /var mount too small? I think the fact that my pflog is
> that big is the actual problem, does anyone know of a way to fix this?
>
> Thanks,
> - Jake
Perhaps you want to see what's inside it? Look at your pf.conf, see what 
you're logging and if you do need it to be logged. Remove anything 
unnecessary, setup newsyslogd to rotate it - there are plenty of options 
to solve your problem. It's all in the FAQ / man pages.
(Continue reading)

Daniel Ouellet | 1 Dec 04:58 2007
Picon

Re: pflog filling up /var mount every 2-3 days!

Jake Conk wrote:
> I have to keep coming here each couple of days to check if that is
> full and delete them. My question is, is this normal and I just
> created my /var mount too small? I think the fact that my pflog is
> that big is the actual problem, does anyone know of a way to fix this?

Well, may be I read that wrong, but if you are going there only every 
few days to look if the file is filling your drive, then I guess you are 
not looking at the logs, so stop logging then and your problem will be 
gone. (;>

Or just log what you really need.

And yes, your var was obviously to small if you fill it up every few 
days. So log else where on a bigger partition.

Plenty of solution, but the most obvious one based on your comment is to 
stop logging as doesn't look like you look at the content of it.

Brian A. Seklecki | 1 Dec 05:46 2007

Re: VPN Concentrator

On Fri, 30 Nov 2007, Khalid Schofield wrote:

> Hi,
> I'd like to make a VPN Concentrator using openbsd. I want users to be
> able to authenticate using usernames and passwords and to either nat
> the users or give them an ip from our main dhcp server via a bridge.

That's a tall order.  In Cisco-land a VPNC3000k will run you $5k plus 
SMARTNet.  You'll need isakmpd(8) policies.  You'll need dhclient-server 
relay support.  You'll need XAuth authentication (Possibly via PAM). 
You'll need IPSEC NAT-T.  Maybe tie it all together with LDAP and PKI.

Brian A. Seklecki | 1 Dec 05:41 2007

Re: pflog filling up /var mount every 2-3 days!

On Fri, 30 Nov 2007, Jake Conk wrote:

> Hello,
>
> I have my /var partitioned out to be 150mb which I thought was a

You're probably getting a lot of log hits on a "default block log all" at 
the end of your rules.  You can prevent a lot of crud by doing "block 
quicks" w/o log statements for the following:

-) Multicast crud (Apple users)
-) Windows NetBIOS/CIFS Broadcast crap
-) IPv6

Good examples can be found.

~BAS

visc | 1 Dec 06:37 2007
Picon

Re: VPN Concentrator

On 30-Nov-07, at 2:13 AM, Khalid Schofield wrote:

> Hi,
> I'd like to make a VPN Concentrator using openbsd. I want users to be
> able to authenticate using usernames and passwords and to either nat
> the users or give them an ip from our main dhcp server via a bridge.
>
> If I have say a mac user at home wanting to connect into my network
> using the built in mac os client how should I set up the vpn server?
> Will it auth using usernames and passwords or is certificates only
> simple way to authenticate to the vpn server?
>
> How would I know which is better to use for this application out of
> PPTP or IPsec?
>
> Any and all input welcome.
>
> Khalid
>
>
I'm embarking down the same path for what it's worth, but I'm actually  
doing it to eventually get rid of my Cisco 3005. My main structure  
though is ipsec between static fixed devices/locations and I don't  
need to worry about supporting  PPTP or L2TP over IPSEC, or supplying  
addresses- yet.

I think Brian A. Seklecki's response:
> `That's a tall order.  In Cisco-land a VPNC3000k will run you $5k  
> plus SMARTNet.  You'll need isakmpd(8) policies.  You'll need  
> dhclient-server relay support.  You'll need XAuth authentication  
(Continue reading)

Bret | 1 Dec 06:02 2007
Picon

ral-rt2860 wireless mini-pci

Greetings
I am trying to use the SparkLan WMIR-215GN in a Soekris 5501. The 
mini-pci is not seen as a rt2860 chipset.

The dmesg follows:

OpenBSD 4.2 (GENERIC) #375: Tue Aug 28 10:38:44 MDT 2007
    deraadt <at> i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Geode(TM) Integrated Processor by AMD PCS ("AuthenticAMD" 
586-class) 500 MHz
cpu0: FPU,DE,PSE,TSC,MSR,CX8,SEP,PGE,CMOV,CFLUSH,MMX
real mem  = 536440832 (511MB)
avail mem = 511070208 (487MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 20/71/05, BIOS32 rev. 0  <at>  0xfac40
pcibios0 at bios0: rev 2.0  <at>  0xf0000/0x10000
pcibios0: pcibios_get_intr_routing - function not supported
pcibios0: PCI IRQ Routing information unavailable.
pcibios0: PCI bus #0 is the last bus
bios0: ROM list: 0xc8000/0xa800
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 1 function 0 "AMD Geode LX" rev 0x30
glxsb0 at pci0 dev 1 function 2 "AMD Geode LX Crypto" rev 0x00: RNG AES
vr0 at pci0 dev 6 function 0 "VIA VT6105M RhineIII" rev 0x96: irq 11, 
address 00:00:24:c9:29:4c
ukphy0 at vr0 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI 
0x004063, model 0x0034
vr1 at pci0 dev 7 function 0 "VIA VT6105M RhineIII" rev 0x96: irq 5, 
address 00:00:24:c9:29:4d
(Continue reading)

Daniel Melameth | 1 Dec 07:01 2007

Re: ral-rt2860 wireless mini-pci

On 11/30/07, Bret <bret42 <at> frontiernet.net> wrote:
> I am trying to use the SparkLan WMIR-215GN in a Soekris 5501. The
> mini-pci is not seen as a rt2860 chipset.
>
> The dmesg follows:
>
> OpenBSD 4.2 (GENERIC) #375: Tue Aug 28 10:38:44 MDT 2007

I believe initial work for the rt2860 chipset is only in -current at
this time--you might want to give the latest snapshot a spin.

Jason Dixon | 1 Dec 06:57 2007
Picon

Re: VPN Concentrator

On Dec 1, 2007, at 12:37 AM, visc wrote:

> On 30-Nov-07, at 2:13 AM, Khalid Schofield wrote:
>
>> Hi,
>> I'd like to make a VPN Concentrator using openbsd. I want users to be
>> able to authenticate using usernames and passwords and to either nat
>> the users or give them an ip from our main dhcp server via a bridge.
>>
>> If I have say a mac user at home wanting to connect into my network
>> using the built in mac os client how should I set up the vpn server?
>> Will it auth using usernames and passwords or is certificates only
>> simple way to authenticate to the vpn server?
>>
>> How would I know which is better to use for this application out of
>> PPTP or IPsec?
>>
>> Any and all input welcome.
>>
>> Khalid
>>
> I'm embarking down the same path for what it's worth, but I'm  
> actually doing it to eventually get rid of my Cisco 3005. My main  
> structure though is ipsec between static fixed devices/locations and  
> I don't need to worry about supporting  PPTP or L2TP over IPSEC, or  
> supplying addresses- yet.
>
> I think Brian A. Seklecki's response:
>> `That's a tall order.  In Cisco-land a VPNC3000k will run you $5k  
>> plus SMARTNet.  You'll need isakmpd(8) policies.  You'll need  
(Continue reading)


Gmane