Are explicit pf rules for DHCP required to properly handle dhclient & pf interface binding?

My machine, at boot, doesn't route properly until I restart pf. I was just using rcorder to look at the relationship between pf and dhclient.

is gpu passthrough with one GPU like a laptop possible yet? with bhyve

I've heard `-s 10:0,passthru,43/0/0` to bhyve is supposed to work (where 43/0/0 is the device as listed in `pciconf -v -l`), though I caveat emptor, as I haven't tried it yet.

Hmm, well that was interesting.

My router gets an IP from my ISP via DHCP. The same interface also has a static IP alias that my ISP assigned me (for self-hosted services, etc).

If I set ifconfig_em0="SYNCDHCP" and ifconfig_em0_alias0="inet 1.2.3.4/250", it works fine (for the most part, I've been having to restart pf once after boot because it wasn't routing).

...but I'm switching to dhcpcd for dual-stack IPv4 & IPv6, and dhclient last I checked doesn't handle IPv6. But even with ifconfig_em0_alias0="..." set and no ifconfig_em0="SYNCDHCP" (because dhcpcd is handling it), then it appears em0 gets configured with the static IP as the primary IP on em0 and the DHCP-assigned IP is added as an alias.

I need it to use the DHCP IP for NAT, but (em0:0) is essentially "Exclude any IP aliases" and not "Use the first IP on the interface".

So basically the static IP is being set as the primary IP on the interface and the DHCP-assigned IP is the alias, and I need it the other way around. Currently working around it via a bit of a hack (dhcpcd user hook that adds the static IP as an alias after the DHCP IP has been assigned).

If anyone knows of another (better) way to do it, I'm all ears.

i am waiting for dhcpcd merged in base

That'll be nice.

Actually, do you know if a way to set both a static IP and still for it to use DHCP on an interface?

I was reading the man page for it but didn't see a way to do that. I tried doing `static ip_address=...` and "dhcp4", but that didn't do it.

_xor: yes you ned anothre dhcp client for ipv6... net/dual-dhclient

basically it runs both the builtin dhclient and the isc one for v6

does ifconfig_em0_alias0="dhcp" not work?

angry_vincent: the plan is for it to happen for 14.0 so it can only be a matter of… weeks

rtprio: Oh yeah, I forgot about net/dual-dhclient. Is that recommended though over dhcpcd? I was under the impression that dhcpcd should be the preferred client, especially since it'll eventually be merged into base.

rtprio: ...and ifconfig_em0_alias0 works, but I need the DHCP-provided address to be the primary IP, not the alias.

i wouldn't worry about what might be in base in the future.

if you want both dhcp for v4 and v6 you need the dual-client

which just calls both clients

i would stick with ifconfig_em0="SYNCDHCP" and ifconfig_em0_alias0="inet 1.2.3.4/250", and figure out why pf needs restarted / adjust the config so it does not

kinda of a weird network; tbh

i missed this message from the surprise null root password thread lists.freebsd.org/archives/freebsd-current/2023-May/003784.html

Title: Re: Surprise null root password

rtprio: ...but dhcpcd handles both, and when I looked at dual-dhclient, it didn't seem as flexible as dhcpcd, which is why I went with the latter.

meena: let's surprise bob by logging as root after breaking into his basement

rtprio: My ISP does it that way where a DHCP request needs to get a dynamic IP first and then they route the static IP to that DHCP-assigned IP on their network to mine.

that is wacky

I mean it works as I have it setup now, it's just somewhat hacky, but not that big of a deal.

Which one would perform faster overall; FreeBSD as host and a FreeBSD running in Jail, or FreeBSD as host and a FreeBSD running as bhyve/vm?

Jail would be faster than the one in vm?

Yeah, I tried assigning the static IP to a separate netif on the box, but that didn't work unfortunately and from some quick reading of their support page, it seems like they route it to the MAC address they have registered for your dynamic IP.

tercaL: yes, jail would be faster. but they both have advantages and disadvantages

_xor: sounds quite hacky; how much for a full /28. or simplify furthr with just a single static ip

It's a single static IP.

dependant on weird dhcp routing

and mac access

With my previous ISP, I had a really good deal on a /28 static block. The installation tech even called and confirmed it before activating it. I was standing there and he was on the phone with management saying, "Uh...he has a /28. I'm looking at the paperwork right now, it's accurate. He got it cheap. Whatever, I'm activating it."

That ISP was cable though and their reliability + service sucked. It was flakey. New ISP is gigabit fiber and rarely ever goes down.

This is "business service", and they "require use of their box" (router) with it. I hated that thing, so I cloned the MAC and set em0 on my FreeBSD box to it. Then removed the box and plugged the CAT5 directly into my FreeBSD box. Works fine.

huh

They dig a conduit to go from their local NAP to the side of my house and bury single mode fiber in it. Then from the side of the house they bring it inside into my basement to an ONT unit, which is what turns it from fiber to copper CAT5. That CAT5 is technically supposed to be plugged into the router they give you to get access.

They do tech support with it too where they can remote into the router, etc. I initially tried just plugging the CAT5 directly into my box, but it wasn't getting an IP from them. So I grabbed the MAC off of their router and changed the MAC on em0 to it, then tried again, and it worked.

I asked them about it later and they told me that "business class" customers are required to use their router. They told me this when I tried to return the router they gave me, for which they charge $10/mo on my bill. I still have that stupid thing downstairs.

my fiber router subversion was quite a bit easier

just punch in the credentials on pppoe, set mtu and away we go

i left the ont when i sold the house

It didn't even occur to me that I could potentially take that, though I doubt it in my case.

Are you in the US?

i was; it was centurylink

Figures. ISPs here really do try to uh...take advantage.

pretty great for their introductory rate($50?), rather overpriced once that ran out($130)

hey

someone knows when atime of a dir gets updated?

I'm paying $90/mo for 1GbE symmetric fiber with a static IP.

that sounds perfect

static ipv4?

Can't complain given that before I was paying $120/mo for cable that was getting around 200/75 and avg latency would jump randomly during peak hours (oversold local nodes). Though the only real positive was the /28 static that came with it.

gustik: check out man lstat

Yes, static IPv4.

ok

They support IPv6 too, I just hadn't gotten around to configuring it until recently. I'm almost learning more details about IPv6 while I'm at it.

yes

sadly i was looking at starlink; i hate the idea of it, but it's the only thing out here

you need to get prefix delegation working then

because IPv6 does not give you a set of ip's like DHCP, but IPv6 does DHCPv6 PD

rtprio: Where are you? (not like GPS coords, I don't want to hide in your bushes and peek through your window)

gustik: Yup, getting most of that setup.

i'm on a sailboat in the south pacific. tahiti.

I was going to try to use ND instead of DHCPv6, but I don't think ND will do everything I need to do.

and that's very nice this prefix delegation stuff, because if your ISP allows you to get more prefixes, then you can get one dynamic and one static

My ISP delegates a /56.

ISPs do not do neighbor discovery

I meant internally on my LAN

yes, usually you get DHCPv6 PD /56

what's PD again?

but that's dynamic

prefix delegation

Prefix Delegation

I'm not 100% sure if my prefix is static though :/

you get a /56 prefix and you can assign then /64 where you need it

I need to confirm whether it is or not.

I hope it's a GUA.

another tip is to use DHCPCD

i've used rtadvd; i don't think ive ever dealt with PD

because that's the only software that's actually working

Heh

I think you and rtprio should have a chat :P

ISC DHCP does work too, but not without manual

rtadvd does not do PD

isc-dhcp-client you mean?

prefix delegation is DHCPv6 stuff

yes, ISC is not a good choice any more

PD doesn't require DHCPv6 (though that's how they hand it out to you from their end), as far as I know anyway.

but is it really necessary? how many home networks are complicated enough to need multiple /64's

I could handle internal PD on my LAN using ND, I thought. From what I read anyway.

gustik: I actually setup dhcpcd earlier tonight (again)

you can not do it other way, than PD because each LAN needs own /64 ... if you have a wifi LAN and home LAN, that's how you do it

i had mixed results with v6 at home

IPv6 is nicer to deal with in terms of multicast.

I mean it's multicast by default.

But not having to deal with IGMP and all of that junk is nice.

yes, but that's not important how it looks like compared to what, I do not have an own IPv4 any more, we ran out, so IPv6 is how you connect nowadays everything

I mean "nowadays" ... should have been like that for 20 years already

gustik: you're underestimating how lazy software developers are

love to bind *:443 and have it work

I do not care about that much, see the only device that does not do IPv6 here is my old printer (the new one does IPv6 too)

in practice: it may bind to v6 address or v4 or both who knows

even VoIP telephones now do IPv6

and may depend on OS

I have a SNOM

I'll be happy if my static IP includes both IPv4 and IPv6.

it should be

I'll be annoyed if the IPv6 isn't a static delegation and they want to milk the opportunity to bump my bill up for no good reason.

that should not be a problem

because the expensive thing is the IPv4

Do you use a broker for IPv4?

I see the problem in not being able to find out, besides by testing, or asking on tech support how the ISP has configured it

because sometimes you need to send some specific DUID with DHCPv6 so that you get the right PD static prefix

otherwise it might change (and that would be dynamic then)

I'll figure it out, not a huge deal. Though I'm wondering if it would be better and/or cheaper to get a IPv6/IPv4 tunnel and get rid of the static IP I get now.

Ah, good point.

I do not think so

we were tunneling for 20 years like this

at some point it has to work and the ISPs should be interested in this even if stuff breaks, because only so they get to know how it works

_xor, "broker" as in an entity that gives you IPv4 address from its collection to use yourself?

Basically.

Ok. /me nods

My static IPv4 doesn't add that much too my bill currently, so I'm going to keep it. Just contemplating other potential options.

gustik is most likely right though, it's probably not worth it. Especially if it's not that much more expensive.

you also have to think about the other side

the sooner you open up this question the better

I have here in Slovakia have had DSLite since 2014

and ISP is Orange (french telecom)

so they got first hand experience with me

2015-2017 I had DOCSIS 3 in Nuermberg / Germany where I got from KMS (Kabel Medien Serivce) a IPv4 and IPv6 PD over DHCP (but not static) however, it was real dualstack

and the speciality here on Orange line is that it is PPPoE (VDSL2)

which rules out ISC DHCP client because it can not do DHCPv6 PD over PPPoE (there are patches for that)

that's why I always tell ppl to use DHCPCD because that works out of the box most cases

cheers

i started backing up my ssd for a freebsd and linux dual boot again... ext2 sucks tbh

transfer speeds went from 100 mb/s all the way to 7 mb/s when i started transferring my flac music folder

Hi! It's probably not the best place to ask this, but is there a way to generate RSA 4096 bits certificates by default with acme.sh (on FreeBSD obviously)? I found out about the `-k 4096` flag, but if there's a way to make it the default, it would be nice. Thanks a lot in advance :)

patch the script? the defaults are in a pretty obvious place

Yeah, I thought about that, but what about updates? They're going to either override my default or keep the old script, which, in both cases, is not good.

make your own wrapper myacme.sh

or just an alias

putting DEFAULT...=whatever in ~acme.sh/account.conf should probably work too

daemon: yeah, it kinda feels like duct tape but I'll do that if I've got no other options :/

RhodiumToad: I tried that too but it doesn't seem to work.

I mean it does not bother the main acme.sh and updates will all work fine

Yeah

and you can also do stuff like cat the appropriate certs together for whatever pem format <some service> wants

sorry, ~acme/.acme.sh/account.conf

in what way did it not work?

and did you try and configure the account key size or the domain key size?

and in any event, renewing a cert keeps the old key (size and all)

RhodiumToad: Like, I had put `DEFAULT_DOMAIN_KEY_LENGTH=4096` in /var/db/acme/.acme.sh/account.conf and, after generating a whole new certificate, it made a 2048bits cert.

mm

I'll try again, maybe I made a typo or something

Nope, still 2048 bits.

An alias will do I guess lol

Thanks a lot :)

remember to run it as the acme user

[Wed May 31 17:18:45 UTC 2023] Use DEFAULT_DOMAIN_KEY_LENGTH=4096

worked for me

RhodiumToad: Yeah, I ran it as acme (using the standard `acme.sh --issue --dns dns_<registrar> -d <domain>`) with DEFAULT_DOMAIN_KEY_LENGTH=4096 in /var/db/acme/.acme.sh/account.conf but it still gave 2048bits certs. Weird.

worked perfectly for me

Heh

I wrote "The Itanic" on it with a black marker.

Intel fab'ed them until 2017?!

Oh wow, didn't realize FreeBSD support was there until 2018: "FreeBSD (unsupported since 31 October 2018)"

i see

i'm planning to switch again to freebsd - this time as a dual boot with linux for ai stuff

currently on linux, should i partition linux and then install freebsd or install freebsd before linux?

although im on systemd-boot and would rather have grub for dual booting

dammit, I hate ambiguous specifications

parappa: are you using EFI or not?

ok, so i have zrepl making snapshots are routine intervals, but why do the snapshot names use UTC? how can i make it be my timezone?

@RhodiumToad yeah im on uefi

I know nothing of grub; is it being run as an EFI program?

Random example of booting FreeBSD on UEFI from GRUB: bpa.st/O4ZTI

Title: View paste O4ZTI

That shows potential fallback if a disk is missing, for example.

i see

im planning to make my disk mostly freebsd

if you already have a linux install that you want to keep, then all you need to do is ensure that you have enough disk space not assigned to any partition to install freebsd into.

yeah i do

currently backuing up my stuff and planning to hopefully like

resize my linux partition since ill only really use linux for ai stuff

when you install freebsd on a uefi system, it will install both bootx64.efi (which is probably where your grub is now?) and freebsd/loader.efi

im on systemd-boot rn

sadly

RhodiumToad: Grub mostly goes into vendor-specific directories lately.

whatever

bootx64.efi is where EFI starts unless you have explicitly told it to use some other program, afaik

Most systems install variables that tend not to include the default/fallback.

anyway. it should make little difference which order you do the installs in, as long as you leave enough space when partitioning to include the other OS.

puddinghead: Maybe see about migrating to grub first, and then it's trivial to dual-boot Linux and FreeBSD.

yeah im planning to reinstall with grub first

then dualboot either arch or endeavour os with freebsd since archs been the distro thats made ai stuff easiest

i absolutely hate how debian handles python

archs made it easy in comparison, you can freely use either python tools install by either pacman or pip while debian bans you from using either unless you install miniconda/anaconda lol

I get around that by avoiding Python like the plague.

mason: yep

yeah that seems about right

Hi, this is a zfs related question. In a server I have a pool with only one disk (8tb) that is reaching its full capacity. Now I want to replace it with one with 12Tb. What should I do in this case (I replaced disks in arrays many times, but never when there's only one drive).

attach the new one into a mirror, let it resilver, detach the old one, zpool online -e ...

otis: zpool attach datos ada1 ada2 ?

you can test this with file based pool first.

I get this: cannot attach ada2 to ada1: no such device in pool.

zpool status ?

tsoome: the status is ONLINE. The difference is the current drive shows as gptid/... instead of ada1

zpool attach needs current drive. You are telling that pool should set up mirror consisting of existing disk and new one.

it seems to be working with gptid

Why would anyone use zfs with a single drive?

That's just silly.

CrtxReavr: because its a TrueNAS server used as a replica for the main server

So a replica that's a single point of failure?

CrtxReavr: Yes, also there is a backup on a 3rd machine.

Speaking strictly for myself: Because it provides features that UFS doesn't - yet, at least. Plus, it's future-proof if I decide to have the CD/DVD in my laptop replaced with an extra disk.

CrtxReavr: I know this isn't perfect, but way better than no backup at all

For a single drive, it just seems like ZFS as A LOT of overhead that's unnecessary.

Plus, you can migrate to larger drive, using UFS and other, simpler tools.

dd, gpart, growfs, Et al.

But you do you.

i would definitely use zfs on a single drive.

I just updated from 12 to 13 and then ran a "zpool update" and got he message, "

"Pool 'zroot' has the bootfs property set, you might need to update the boot code. See gptzfsboot(8) and loader.efi(8) for details."

wasn't clear to me from those man pages what my move was.

Do I need to update the boot code? How can I tell? What is teh right way to update it?

of course dvl already has an article: dan.langille.org/2021/05/22/updatin…y-freebsd-12-2-host-to-freebsd-13-0

Title: Updating my FreeBSD 12.2 host to FreeBSD 13.0 – Dan Langille's Other Diary

no efi partition listed in his `gpart show` tho. mine has one.

A quick question I see Freebsd 14 is CURRENT - and I understand that first beta is out - this means it will become RELEASE without going to STABLE ? ---- also - once FreeBSD 14 reaches RC - if in CURRENT - can it be upgraded to Release when that happen ?

acu: er, there is no 14 beta out

but generally, for cutting a new release off of main, you start with some alpha builds, then branch out to stable, then branch stable -> releng and beta builds start

docs.freebsd.org/en/articles/freebsd-releng we have an article on release engineering too

Title: FreeBSD Release Engineering | FreeBSD Documentation Portal

thanks kevans and debdrup --- I was looking at freebsd.org/releases/14.0R/schedule

Title: FreeBSD 14.0 Release Process | The FreeBSD Project

right note the 'actual' column on that page

re updates the table as these things are actually done, so '-' / 'delayed' means it's not actually happened as expected

in this case, largely openssl3 induced

14-STABLE has been delayed, there should be some announcement about it somewhere

I see thanks

is there any tool to make a bootable live FreeBSD system on an usb stick (similar to nomadbsd) ? --- I want to do that for Freebsd ---

I have seen Michael Dexter has few appliances - I wonder if imagine.sh is actually doing that ?

Title: GitHub - michaeldexter/occambsd: An application of Occam's razor to FreeBSD

The VM-IMAGE(s) are bastically live, but without fancy MFS things. Do you need read-mostly or for all changes to be lost on reboot?

They also support BIOS/UEFI out of the box, beating the majority of other operating systems on the planet.

I have not looked at the "diskless" feature for some time, which is intended for NFS use.

michaeldexter, thanks a bunch for the work and answer ---- I want to make it easier for students to get in FreeBSD realm - having a usb stick with it booting a native FreeBSD would be lowering the entrance threshold - I like NomadBSD aproach - you boot in a Desktop Environment (I wish they use Enlightnement or Lumina since they are only two BSD licensed DE) --- but also I like that I can install any application in the Live USB - and it persists - then I can just

click a button to fully install in the desktop if I want.... sorry I am too verbose ..

I see to massive roadblocks for bringing fresh blood into FreeBSD - one is a simple GUI to Virtualization virt-manager is GPL and it did not work when I tried --- the only solution I have seen was clonos clonos.convectix.com based on github.com/cbsd/cbsd ---

Title: Free Open-Source Hosting Platform «ClonOS»

freebsd does not need any 'fresh blood' it's fine with the blood it has

is this a joke ?

acu: How high a priority is a Desktop?

acu: nope

RhodiumToad: just updating you since you put so much time into this, doing an install of 13.2 onto the boot drives (but preserving the old pool on the other drives) has worked so far. I've moved a few things back, fingers crossed...

hmmm, `sysctl machdep.bootmethod` says BIOS tho