Nov 132009

Wireless changes under FreeBSD 8.x I recently upgraded my laptop (ThinkPad X61s) to FreeBSD 8.0-PRERELEASE. Along the way, I had a problem with wireless. This is because wireless has changed. Details The symptoms arrived with this command: # /etc/rc.d/wpa_supplicant start ath0 Starting wpa_supplicant. ioctl[SIOCG80211, op 98, len 32]: Invalid argument ELOOP: remaining socket: sock=5 eloop_data=0x800e0b1c0 user_data=0x800e070f0 handler=0x421840 /etc/rc.d/wpa_supplicant: WARNING: failed to start wpa_supplicant The solution, add these lines to /etc/rc.conf: wlans_ath=”wlan0″ ifconfig_wlan0=”WPA DHCP” You no longer directly access the wireless device. In my case, I have the following chipset (as discovered via pciconf -lv): ath0@pci0:3:0:0: class=0x020000 card=0x058a1014 chip=0x1014168c rev=0x01 hdr=0x00 vendor = ‘Atheros Communications Inc.’ device = ‘Atheros AR5212 802.11abg wireless (AR5212)’ class = network subclass = ethernet I found this post and Colin Percival confirmed that the solution had worked for him. Just FYI.

Oct 262009

Using newsyslog to rotate backups newsyslog(8) allows you to maintain system log files to manageable sizes. Log files record various system activities and can be useful when diagnosing problems. The system adds to the end of the file and they can be read in chronological order from top to bottom. If this growth is not monitored and limited, storage space will be eventually exhausted. This is where newsyslog.conf(8) helps. newsyslog(8) uses the concept of rotation. Old data is removed and new data added to a fresh empty file. You decide how much data you want to keep, how often, etc, and newsyslog does the rest. newsyslog(8) can be choose to archive based upon three reasons: size elapsed time time of day The motivation The problem I’m solving is not log files, but it is disk space related to files. On a daily basis, the databases are dumped to disk and then copied from the database […]

Oct 192009

Removing Firefox 2 Firefox is a pretty popular browser. It runs quickly. It has a lot of plugsin. I use Web Developer and Firebug myself. However. All software ages. Hah, even this website ages. Firefox 2 has a number of unfixed (to my knowledge) bug. Solution: use Firefox 3. Sometimes it is just time to move on. Case in point: have you seen this? # portaudit Affected package: firefox-,1 Type of problem: mozilla — multiple vulnerabilities. Reference: <> 1 problem(s) in your installed packages found. You are advised to update or deinstall the affected package(s) immediately. How to fix: upgrade. However, it’s not that easy. There are a few dependants. I found the solution in the Internet. 😉 The failed attempt Here is how I’d normally try fixing this: # portupgrade firefox ** Port marked as IGNORE: www/firefox: is forbidden: too many security issues ** Listing the failed packages (-:ignored / *:skipped / […]

Dec 022008

Obscuring smtp auth headers Privacy is sometimes of concern to mail users. You may be making use of a mail server from a remote location. MTA (Mail Transport Agents), such as Postfix, is often referred as as the outgoing mail server. MTAs include information regarding where you sent this email from. This is standard procedure. Some people prefer not to include such information in their outgoing email. Fortunately, there is an easy way to do this. I started down this road after reading a thread in the Postfix Users mailing list concerning this issue. I particularly liked the post by Sahil Tandon which point at postfix-anon. The concept is pretty simple: find the header and replace it. That part is pretty simple. What I found hard was customizing and testing the solution. The issue The issue can be illustrated by the following header extracted from a recent point I made to the Bacula users mailing […]

Nov 292008

OpenVPN – creating a routed VPN In this article, I will show you how I created a routed VPN using OpenVPN. In this network, multiple clients can attach to the server, each of which has access to the network attached to the server. Each client can also contact any other client, subject to firewall rules. In my case, I wanted a way for all my servers (on the internet, in data centers) to contact my CVS repository behind my firewall at home. Given that home has a dynamic IP address, it complicates matters. A VPN solves this issue and provides several benefits. I have outlined the problems in my other diary and I urge you to read that before proceeding. It will provide valuable background as to why I have chosen this particular solution. Acknowledgements Two people have been of great help while I struggled with OpenVPN. ecrist and krzee have both pointed me to […]

Nov 272008

Creating your own Certificate Authority In this article, I write about creating your own Certificate Authority (CA) and generating certificates and keys for an OpenVPN server and multiple clients. It is based around the the OpenVPN How To and the README provided with that package. There is an abundance of material for creating a CA. Why bother? I bother because getting this right is easy. It’s easy if you know the goals and how to accomplish them. However, getting there is often trial and error. I don’t want to do the error bit the next time I need to do this. The added bonus is neither do you. You can use these steps. For another view on creating certificates, see FreeBSD OpenVPN Server HowTo. The goals Why use your own CA? Creating your own CA means that you have complete control. You do not have to obtain certificates from third parties. You can create them […]

Nov 272008

OpenVPN – getting it running This article is about OpenVPN, a full-featured open source SSL VPN solution. I first started using OpenVPN in December 2006. That is nearly two years ago. I took some notes but I never published anything until today. My original use for OpenVPN was easy access to my home network while away from home. For this is was wonderful. Being able to ssh “directly” to my machines, cvsup, etc, was very convenient. NOTE: The solution here is rather simplistic. It allows for a single client to connect to a single server. You cannot do multiple clients with this setup. If you need multiple clients, try reading my aritcle on creating a routed VPN. Today, my goals have changed somewhat. I still want to use OpenVPN to get into my office network. In this article, I will refer to the VPN server as the office network (after all, it is my home […]

Oct 052008

Removing dead mailing lists from Mailman I first starting writing about mailing lists in February 1999. The list in question first started in April of that year. That is 9.5 years old this month. But for the last few years, the list has fallen into disuse and it was more than a year ago that I suggested the list be shut down. The time has arrived. The archives will remain online, but the list itself will disappear. Remove the lists This step removes the mailing lists from mailman: [dan@nyi:/usr/local/mailman] $ sudo ./bin/rmlist adsl Not removing archives. Reinvoke with -a to remove them. Removing list info [dan@nyi:/usr/local/mailman] $ sudo ./bin/rmlist broadband Not removing archives. Reinvoke with -a to remove them. Removing list info [dan@nyi:/usr/local/mailman] $ sudo ./bin/rmlist adsl-chat Not removing archives. Reinvoke with -a to remove them. Removing list info [dan@nyi:/usr/local/mailman] $ I am not removing the archives. We’ll keep them around for a while. Hmmm, […]

Aug 302008

gmirror – recovering from a failed HDD I like RAID. On my development server, I use both hardware and software RAID. For hardware RAID on FreeBSD, I like 3Ware. For software RAID, I tend to use gmirror, because I don’t need more than RAID-1. Some time ago I added two 120GB HDD to this system. One was SATA, one was PATA. They were joined together via gmirror. Tonight I received some errors that one of the drives was failing. I replaced the drive, and recovered the mirror. I’ll show you what I did, mostly so I know what to do the next time it happens, but also so you can see what to do as well. You may wish to read Adding gmirror to an existing installation first. The errors The errors I encountered were (reformatted to better fit): Aug 30 00:10:20 ngaio kernel: ad0: FAILURE – READ_DMA status=51<READY,DSC,ERROR> error=40<UNCORRECTABLE> LBA=82797535 Aug 30 00:10:20 ngaio […]

Jul 062008

ezjail – A jail administration framework I want to set up some jails. They will each be very similar. They will each be used to test a slightly different configuration of Bacula. My tool of choice is ezjail, available in the ports tree. With ezjail, I can: create a jail flavour, upon which the creation of other jails can be based centrally update the jail’s ports tree The above does not fully describe the neat things you can do with ezjail. Read below to discover more fun and interesting things. DISCLAIMER: I installed ezjail several months ago. I am only now getting around to documenting and writing about it. I may have omitted some steps. If so, I apologize; please let me know. While creating my jails I used the following references: Jail administration framework The Quick-N-Dirty Guide to ezjail in FreeBSD AppserverJailsHOWTO Installation of ezjail First step installation: cd /usr/ports/sysutils/ezjail make install clean Remember […]