OK, I think I fixed this. Seems some un-marked dependancy needed updating. But
forcing all packages to be updated with:
pkg_add -D installed -u
has cause python to start working again.
-Matt
> On 7 Aug 2017, at 14:19, Matt Hamilton wrote:
>
> Hi All,
> I upgraded a machine to
local, nodev, wxallowed)
/dev/sd0e on /var type ffs (local, noatime, nodev, nosuid)
-Matt
—
Matt Hamilton
Quernus
m...@quernus.co.uk
+44 117 325 3025
64 Easton Business Centre
Felix Road, Easton
Bristol, BS5 0HE
Quernus Ltd is a company registered in England and Wales. Registered number:
09076246
dred dollars worth of x86
kit occupying about 8 litres of space and quietly sipping a few tens of watts
of power to even the most entry level iSeries or zSeries? I think this shows
just how far off the mark this thread has come.
-Matt
â
Matt Hamilton
Quernus
m...@quernus.co.uk
+44 117 325
h someone who is starting to learn and wanted to know
which OS, OpenBSD or FreeBSD would be best for their requirements. I don’t feel
putting forward an idea that you could run OpenBSD as a VM and have both is so
unreasonable.
-Matt
—
Matt Hamilton
Quernus
m...@quernus.co.uk
+44 117 325 3025
49b Easton Business Centre
Felix Road, Easton
Bristol, BS5 0HE
Quernus Ltd is a company registered in England and Wales. Registered number:
09076246
FreeBSD can offer out of the
box.
-Matt
â
Matt Hamilton
Quernus
m...@quernus.co.uk
+44 117 325 3025
49b Easton Business Centre
Felix Road, Easton
Bristol, BS5 0HE
Quernus Ltd is a company registered in England and Wales. Registered number:
09076246
t contains an OpenBSD VM in it as a guest
doesnât (IMHO) significantly affect itâs security.
-Matt
â
Matt Hamilton
Quernus
m...@quernus.co.uk <mailto:m...@quernus.co.uk>
+44 117 325 3025
49b Easton Business Centre
Felix Road, Easton
Bristol, BS5 0HE
Quernus Ltd is a company reg
gaining more operational
> features, rather than greater quality.
Yup. Alas, utopia doesnât exist. We all have to make compromises and
prioritise our requirements and trade offs. For me, this is a very nice blend
of security, manageability and convenience for my use-case. YMMV.
> I k
::1 2001:41c8:11a:5::1
traceroute6 to 2001:41c8:11a:5::1 (2001:41c8:11a:5::1) from
2001:470:1f1d:301::1, 64 hops max, 60 byte packets
1 2001:41c8:11a:5::1 (2001:41c8:11a:5::1) 32.884 ms 32.795 ms 32.316 ms
#
-Matt
> On 23 Sep 2015, at 22:31, Matt Hamilton wrote:
>
> Hi all,
>
the external interface. Traceroute6
also shows all intermediate hops, i.e. no tunnel.
Is it because, being IPv6, the networks on each end can route to each other (as
opposed to on IPv4 normally they are RFC1918 networks) so OpenBSD send the
packets the ‘easy’ route?
-Matt
—
Matt Hamilton
Quernu
fic at all.
Any ideas what to check next?
-Matt
—
Matt Hamilton
Quernus
m...@quernus.co.uk
+44 117 325 3025
49b Easton Business Centre
Felix Road, Easton
Bristol, BS5 0HE
Quernus Ltd is a company registered in England and Wales. Registered number:
09076246
I've been further looking at this, trying to work out where to 'fix'
it.
Various options seem to be:
1) Get the tun interface to re-calculate the TCP checksums
2) Get pf to have a flag telling it to calculate the checksums always
for a given rule
3) Get OpenVPN to calculate the checksums at some
Matt Hamilton netsight.co.uk> writes:
>
> Hi All,
> I just been upgrading a router from OpenBSD 5.1 to 5.4 and hit a
> big problem
Doh! I meant 5.5, not 5.4.
Digging about it looks like the following change by Henning may
shed some light:
http://cvsweb.openbsd.org/cgi-bin
Hi All,
I just been upgrading a router from OpenBSD 5.1 to 5.4 and hit a big problem
I'm finding that in certain circumstance TCP packets have incorrect checksums.
I know some checksum work was done recently, so maybe something has
gone awry (or I've missed something simple).
I have OpenVPN list
sven falempin gmail.com> writes:
>
> The manual say the information is extracted from the state table.
> So you should have seen the info.
>
> First: are you sure the information wasnt in the udp pflow packets ? maybe
> the collector was wrong.
> Second: man says < controlled by the mtu.>>
The
Hi All,
We use pflow with pf to export packets to a collector for billing/monitoring
purposes. The problem we have is that someone at the weekend had a very
long running scp connection over several days that transferred a TB
of data. The data was not logged via pflow until the state expired, so
Hi All,
From what I've read previously I've seen that ospfd will advertise
routes on carp interfaces that are in the BACKUP state. Is this
still the case these days with 5.2? Whilst I'm sure I can do some
magic with ifstated, I just wanted to make sure I'm not solving
something that is already fi
Hi All,
Does pfsync require firewalls to have the same firewall rules on all
hosts in the sync group? May seem an odd thing to ask, but I have a
situation in which I have two firewalls on different sides of my
network, each one connected to a different external
network. Occasionally due to BGP wei
James Shupe hermetek.com> writes:
> I've been running it to peer with 3 IPv4 peers and 3 IPv6 peers (full
> views) and another partial IPv4 view with 12k routes (actually: varying
> amounts of peers over the years, but that's the current setup) since 4.5
> without needing any cron jobs to watch o
Philip Guenther gmail.com> writes:
> Roger. To paraphrase: in order for such a process to be able to dump
> core, do the following:
>
> Create /var/empty/var/crash/ and chown it to the user that the
> [chroot'ed priv-sep'ed process] runs
> as, then set the kern.nosuidcoredump sysctl to 2.
Henning Brauer bsws.de> writes:
> > OpenBSD 5.1/amd64:
> > May 29 05:55:09 fw1 bgpd[21316]: Lost child: route decision engine
> > terminated; signal 11
>
> now that is bad. sig11 = segfault, Must Not Happen (tm).
> can you get us a backtrace? stuart, can we document the steps to do so
> somewher
Otto Moerbeek drijf.net> writes:
> According to you previous message, you are getting a different
> behaviour on the 5.1 box. A segfault is not the same as running out of mem.
I agree. It seems strangely co-incidental though that bgpd on both version
of OpenBSD died within minutes of each other
Otto Moerbeek drijf.net> writes:
>
> On Tue, May 29, 2012 at 08:57:54AM +0000, Matt Hamilton wrote:
>
> > Hi all,
> >
> > More bgpd problems last night :( This happened last night on two of our
> > routers. One running an old version of OpenBSD (4.3) and
Stuart Henderson spacehopper.org> writes:
> cron job to restart it, with a random delay to avoid two machines
> coming back up at the same time when all the routers at a site
> fail together...
So you just check it every minute to see if it is alive?
It seems to me to be a pretty fundamental de
Hi all,
More bgpd problems last night :( This happened last night on two of our
routers. One running an old version of OpenBSD (4.3) and one running
5.1. Is there anyone out there actually using bpgd in production? How
do you deal with it quitting everytime something unexpected happens on
the netw
Claudio Jeker diehard.n-r-g.com> writes:
> The "dispatch_rtmsg[change] mpath route not found" is a fatal error (bgpd
> quits because of this). The problem seems to be a multipath route that is
> changed but bgpd can not find the route in its own table and freaks out.
> I have not seen this happe
Hi All,
I've recently setup up a series of 6 OpenBSD boxes all running 5.1/amd64
and connected together via an HP switch. The all run ospfd and bgpd.
They each connect out to different external networks and most speak BGP
to external peers.
I keep seeing bgpd just quitting of its own accord.
Hi All,
I'm wondering if anyone has found an elegant solution to the problem
I'm having with interaction between CARP and OSPF. I have a pair of
routers in a failover config. On one side they speak OSPF to a set of
other routers and on the other side use CARP to provide a default
gateway to a set
Matt Hamilton netsight.co.uk> writes:
>
> OK, this might just be my misunderstanding of OSPF, so just want to
> run this by you and see if it is a mistake on my behalf. Let me try
> and explain:
Nevermind... after battling this for several hours, I manage to work it
out 5 min
OK, this might just be my misunderstanding of OSPF, so just want to
run this by you and see if it is a mistake on my behalf. Let me try
and explain:
In this case I have a number of routers (OpenBSD 5.0 boxes running
ospfd and bgpd, except .106 which is a Cisco) which all share a common
network to
Aha! I have finally solved this. I've no idea *why* it is happening, but
it seems the order of the lines in /etc/hostname.carp119 is an issue.
It seems that the inet config needs to come after the carp details. See
below:
# ifconfig carp119 destroy
# cat /etc/hostname.carp119
carpdev vlan
Stuart Henderson spacehopper.org> writes:
> I setup carp-on-vlan-on-trunk-on-bnx0/1 on an R210-II running 5.1
> the other day, no trouble. In this case they're webservers so I didn't
> set net.inet.ip.forwarding in sysctl.conf and i'm using ip balancing
> rather than simple carp failover.
OK, so
BARDOU Pierre mipih.fr> writes:
>
> Hello,
>
> I have dozens of CARP interfaces over VLAN interfaces over LACP trunk
> interfaces over physical EM/BGE/BNX. Carp is in multicast mode, multicast
> routing is disabled. Works like a charm with various OpenBSD versions since
> 4.4 to 5.0.
OK, that
Kapetanakis Giannis edu.physics.uoc.gr> writes:
>
> On 23/04/12 17:13, Matt Hamilton wrote:
> > So it appears there is somewhere a problem with multicast packets being
> > filtered out somewhere.
> >
> > This is all running with pfctl -d
> >
> > -Mat
OK, A few more tests done. It seems it is the multicast being blocked.
If I use carppeer then it starts to
work and I can see packets on the vlan interface with tcpdump.
So here is my ifconfig setup:
# ifconfig -a
lo0: flags=8049 mtu 33152
priority: 0
groups: lo
inet6 ::
David Goldsmith sans.org> writes:
> I believe the "inet" option is missing a 3rd component. After the
> CARP IP and the netmask, you also need the 'last' IP for the subnet,
> in your case it would be 213.133.66.71 (on both servers).
>
> On our servers, we have something like:
>
> inet 10.3.2
David Goldsmith sans.org> writes:
> > Any ideas why this might be happening? I'm probably doing
> > something stupid, but can't spot it.
>
> Please show the contents of the /etc/hostname.carp119 file on
> both servers.
on box A:
# cat /etc/hostname.carp119
inet 213.133.66.67 255.255.255.248
> Any ideas why this might be happening? I'm probably doing something
> stupid, but can't spot it.
I forgot to add, that pf is disabled (pfctl -d) and if you didn't spot it in
the
previous message, all interfaces have -inet6 on them to get rid of inet6
in case that is an issue (I've read a few
Hi All,
I'm in the process of setting up a pair of OpenBSD 5.0 boxes as
intra-vlan routers. Each one will be configured with approx 100
vlans. I'm just trying to test my setup at the moment, and
AFAICS the carp packets are not being sent :(
Here is the ifconfig outputs:
# ifconfig bnx0
Camiel Dobbelaar sentia.nl> writes:
> Can you post the output of "netstat -m" and a dmesg?
# netstat -m
94 mbufs in use:
88 mbufs allocated to data
3 mbufs allocated to packet headers
3 mbufs allocated to socket names and addresses
87/938/8192 mbuf 2048 byte clusters in u
Camiel Dobbelaar sentia.nl> writes:
> Can you show the output of:
> - ifconfig carp
> - ifconfig -g carp
> - netstat -s -p carp
> - sysctl net.inet.carp
Ahhh... actually, I noticed mbuf memory error with one of these:
# netstat -s -p carp
carp:
3112793 packets received (IPv4)
0
I'm also getting strange weirdnesses with carp on 5.0. I too upgraded
from quite an old 4.x version (4.6 IIRC).
The main thing I'm seeing is my master and backup switching back and
forth quite a few times. This is a pair of firewalls with carp
running on both the inside and outside firewall interf
es to hopefully get everything that doesn't
match into the queue d3 and then I can view what is going on with
tcpdump and pflog, but I still seem to be missing something.
Any ideas?
-Matt
--
Matt Hamilton [EMAIL PROTECTED]
Netsight Internet Solutions, Ltd
Matt
On 8 Feb 2007, at 11:14, Matt Hamilton wrote:
Hi all,
Just been trying to track down why CARP keeps unexpectedly
failing over to the backup (a pair of firewalls) and I noticed
(OpenBSD/i386 3.9) that there have been some mbuf errors:
# netstat -s -p carp
carp:
98 packets
]
[ qlength: 0/ 50 borrows: 0 suspends: 0 ]
So no dropped packets there.
Any ideas?
-Matt
--
Matt Hamilton [EMAIL PROTECTED]
Netsight Internet Solutions, Ltd.Business Vision on the Internet
http://www.netsight.co.uk
1 mbuf allocated to packet headers
3 mbufs allocated to socket names and addresses
558/930/6144 mbuf clusters in use (current/peak/max)
2032 Kbytes allocated to network (61% in use)
0 requests for memory denied
0 requests for memory delayed
0 calls to protocol drain ro
dless of if its parent can borrow from root? Is this a
bug, or am I not understanding something? Is this something that
hfsc might address?
-Matt
--
Matt Hamilton [EMAIL PROTECTED]
Netsight Internet Solutions, Ltd.Business Vision on the Internet
dropping ICMP ttl exceeded messages back to the sender?
Currently the firewall seems to be doing 2-4000 pps.
Any ideas?
-Matt
--
Matt Hamilton [EMAIL PROTECTED]
Netsight Internet Solutions, Ltd.Business Vision on the Internet
http://
NERIC by default as far as I can see.
-Matt
--
Matt Hamilton [EMAIL PROTECTED]
Netsight Internet Solutions, Ltd.Business Vision on the Internet
http://www.netsight.co.uk +44 (0)117 9090901
Web Design | Zope/Plone Develo
vendor 0x product 0x (class prehistoric subclass
miscellaneous, rev 0x00) at cardbus1 dev 0 function 6 not configured
unknown vendor 0x product 0x (class prehistoric subclass
miscellaneous, rev 0x00) at cardbus1 dev 0 function 7 not configured
dkcsum: wd0 matches BIOS drive 0x80
r
49 matches
Mail list logo
