From russ at quist.ca Fri Jun 19 23:26:24 2009 From: russ at quist.ca (Russell Sutherland) Date: Fri, 19 Jun 2009 09:26:24 -0400 Subject: [flashboot] Auto generation of the isakmpd/ipsec rsa keys Message-ID: <2cb417230906190626v4248e24dj36fe967453433610@mail.gmail.com> Would it be prudent to add the following OpenBSD 4.5 code snippet: if [ X"${isakmpd_flags}" != X"NO" ]; then if [ ! -f /etc/isakmpd/private/local.key ]; then echo -n "openssl: generating new isakmpd RSA key... " if /usr/sbin/openssl genrsa -out /etc/isakmpd/private/local.key 2048 \ > /dev/null 2>&1; then chmod 600 /etc/isakmpd/private/local.key openssl rsa -out /etc/isakmpd/local.pub \ -in /etc/isakmpd/private/local.key -pubout > /dev/null 2>&1 echo done. else echo failed. fi fi echo -n ' isakmpd'; isakmpd ${isakmpd_flags} fi to the current rc.initial file? This would allow autogeneration of the isakmpd rsa keys in a fashion similar to the ssh ones. Comments? -- Russell Sutherland russ at quist.ca +1.416.696.7600 From rd at tilde.se Sat Jun 20 03:14:51 2009 From: rd at tilde.se (Rickard Dahlstrand) Date: Fri, 19 Jun 2009 19:14:51 +0200 Subject: [flashboot] Auto generation of the isakmpd/ipsec rsa keys In-Reply-To: <2cb417230906190626v4248e24dj36fe967453433610@mail.gmail.com> References: <2cb417230906190626v4248e24dj36fe967453433610@mail.gmail.com> Message-ID: Good idea, Test and send a diff to Jakob and he'll include it in the CVS. Rickard. 19 jun 2009 kl. 15.26 skrev Russell Sutherland: > Would it be prudent to add the following OpenBSD 4.5 code snippet: > > if [ X"${isakmpd_flags}" != X"NO" ]; then > if [ ! -f /etc/isakmpd/private/local.key ]; then > echo -n "openssl: generating new isakmpd RSA key... " > if /usr/sbin/openssl genrsa -out > /etc/isakmpd/private/local.key 2048 \ >> /dev/null 2>&1; then > chmod 600 /etc/isakmpd/private/local.key > openssl rsa -out /etc/isakmpd/local.pub \ > -in /etc/isakmpd/private/local.key -pubout >> /dev/null 2>&1 > echo done. > else > echo failed. > fi > fi > echo -n ' isakmpd'; isakmpd ${isakmpd_flags} > fi > > to the current rc.initial file? > > This would allow autogeneration of the isakmpd rsa keys in a fashion > similar to the ssh ones. > > Comments? > > -- > Russell Sutherland > russ at quist.ca > +1.416.696.7600 > _______________________________________________ > flashboot mailing list > flashboot at mindrot.org > https://lists.mindrot.org/mailman/listinfo/flashboot From stevesk at pobox.com Sat Jun 20 03:38:57 2009 From: stevesk at pobox.com (Kevin Steves) Date: Fri, 19 Jun 2009 10:38:57 -0700 Subject: [flashboot] Auto generation of the isakmpd/ipsec rsa keys In-Reply-To: <2cb417230906190626v4248e24dj36fe967453433610@mail.gmail.com> References: <2cb417230906190626v4248e24dj36fe967453433610@mail.gmail.com> Message-ID: <20090619173857.GA13812@steam.sbcglobal.net> On Fri, Jun 19, 2009 at 09:26:24AM -0400, Russell Sutherland wrote: : Would it be prudent to add the following OpenBSD 4.5 code snippet: : : if [ X"${isakmpd_flags}" != X"NO" ]; then : if [ ! -f /etc/isakmpd/private/local.key ]; then : echo -n "openssl: generating new isakmpd RSA key... " : if /usr/sbin/openssl genrsa -out : /etc/isakmpd/private/local.key 2048 \ : > /dev/null 2>&1; then : chmod 600 /etc/isakmpd/private/local.key : openssl rsa -out /etc/isakmpd/local.pub \ : -in /etc/isakmpd/private/local.key -pubout : > /dev/null 2>&1 : echo done. : else : echo failed. : fi : fi : echo -n ' isakmpd'; isakmpd ${isakmpd_flags} : fi : : to the current rc.initial file? : : This would allow autogeneration of the isakmpd rsa keys in a fashion : similar to the ssh ones. yes, but you should look at rc.initial for how the ssh keys are generated on /flash--it's not a cut and paste from openbsd /etc/rc. From bastien.durel at geekwu.org Tue Jun 30 02:28:08 2009 From: bastien.durel at geekwu.org (Bastien Durel) Date: Mon, 29 Jun 2009 18:28:08 +0200 Subject: [flashboot] Kernel panic when printing on serial console Message-ID: <4A48EB98.4090205@geekwu.org> Hello, I have a Soekris Net-4501 running flasboot/OpenBSD-4.5 uname -a OpenBSD fremen 4.5 SOEKRIS4501#0 i386 when I connect a NULL-modem cable to an USB serial port, I often experience kernel panics. They can be "solved" by typing 'c' on the KDB console. But I must be physically present. Sometimes it hangs when I'm remote, if the cable is plugged -- especially when the attached computer is shut down. Have you experienced these kind of problem ? Is there a trick to not suffer them ? Regards, -- Bastien Durel From yg at ygunit.net Tue Jun 30 05:06:41 2009 From: yg at ygunit.net (Yannick Gravel) Date: Mon, 29 Jun 2009 15:06:41 -0400 Subject: [flashboot] Kernel panic when printing on serial console In-Reply-To: <4A48EB98.4090205@geekwu.org> References: <4A48EB98.4090205@geekwu.org> Message-ID: <20090629150641.0ypef9l008k44c40@secure.0xff.ca> Hi Bastien, Please edit the /etc/sysctl.conf on your machine and add/adjust/uncomment the following line.. ddb.console=0 # 1=Permit entry of ddb from the console By default, you could escape to the ddb/KDB from the console. Activity on the serial port like a reboot on the other side of the serial cable can trigger that escape. I allways disable ddb.console now. Bitten too often in the past. Cheers Y. Quoting Bastien Durel : > Hello, > > I have a Soekris Net-4501 running flasboot/OpenBSD-4.5 > > uname -a > OpenBSD fremen 4.5 SOEKRIS4501#0 i386 > > when I connect a NULL-modem cable to an USB serial port, I often > experience kernel panics. > They can be "solved" by typing 'c' on the KDB console. But I must be > physically present. Sometimes it hangs when I'm remote, if the cable is > plugged -- especially when the attached computer is shut down. > > Have you experienced these kind of problem ? Is there a trick to not > suffer them ? > > Regards, > > -- > Bastien Durel > _______________________________________________ > flashboot mailing list > flashboot at mindrot.org > https://lists.mindrot.org/mailman/listinfo/flashboot >