rwp: i agree with you

mzar: Still not trusting native encryption on this end.

which end do you trust it on?

hi mason

rwp

Am I just doing something wrong or does freebsd kernel panic and crash a lot?

way more then Linux

I don't think I'm doing anything particular niche

just vnet jails managed by iocage

ipv6 networking

I'm using ECC memory

and hardware watchdogs

but

you know 'server grade' hardware. Supposed to be more stable then the cheapo consumer stuff

zfs

but it seems like i'm kpanicing every other month

or experiencing really bad bugs. SOmetimes the kpanics happen more often

the other day, I just just running impitool trying to look at sensors and reboot the bmc, but it wasn't working so I unloading the ipmi kernel module and when I loading it back

boom, kpanic

this time the crash was so bad though that it couldn't even finish writing backtrace to the crt

I'm even afraid to stop jails now for fear of kpanicing the whole system

I think there's been a bug open related to it since like, 2014? I'll have to check but I'm not sure what the problem is. If people don't know what's causing it or there's just nobody to fund maintaince of those kernel features

my bad looks like 2019 not 2014

Is there something wrong with my hardware?

sfox: if you get regular kernel panics - what do the crashdumps tell you?

page table faults

Also, whereas ECC memory is nice and server-grade-ish indeed - many BMCs are (absolutely, utterly) not

YMMV but I categorically refuse to have any linking between the OS and the IPMI, regardless of which it is

If the OS wants to talk to the IPMI, it will talk to it over the frickin network, just like everyone else

The worst ones are those that "share" a physical network interface between IPMI and OS. Absolute nightmare

Nasty stuff, that page fault in the ipv6 code

Do you have any understanding of it?

Alver, I have the option to use a dedicated port for ipmi. Would doing that increase system stability vs sharing the igb0 port?

also is there any way to fix the bmc?

it's a proprietary bnc from asrock rack

sfox, as long as you set an explicit policy and not "auto" I think you will be fine

I had a server on auto where the BMC decided to hijack a port different from its usual after a reboot

that could have been a real disaster

never again

also it had been in operation about 4 years without issue before the problem occured

sigh

freebsd just crashed again on my laptop after using ifconfig to tell wifi to use channel 146

and unplugging the wifi because the wifi card hanged

reBuild Rust errrrry daaaay!

sfox: i find, particularly on rpi products, that freebsd (current, no-debug) is way more stable than raspios, which was designed for it. thats the primary reason for using it on this hardware

it just keeps on going

i had to tune it - dont extect a general purpose server os to work ideally straight out of the box

it only need booting after a make/buildworld sequence

i'm not running on a raspberry pi

i also have amd64, on neterprise hardware. same principle, same results apply

on internet-exposed stuff i run -current, keep an eye on current@ cnd cgit

sfox: for yr laptop, id recommend looking at detailed dmesg output and making a custom kernel config file, with only whays needed

GENERIC might not work for you

what is a whays and is a custom kernel really necessary to stop it from crashing?

and laptops are a mess with any os, i chose mine carefully. thinkpad

it's a thinkpad

you might have some stuff clashing with other stuff. with laptops, it's the wild west

what's the model?

mmmm anybody use linux-chrome on freebsd? I am unable to set duckduckgo as the default / only search engine

how old is it?

dch: i use ungoogled-chromium

f451: very new, about a week old

T430

f451: I use ungoogled-chromium by default but this specific issue is one where I *need* the linux variant

that alone might be a reason - a dmesg would be helpful

dch: aha

sfox: dmesgd.nycbug.org

sure

specifically, dmesg -a . parse the output to remove information you'd rather not share then paste it there

ok, I added it manually. it seems the usual extension doesn't appear in the search engines list.

i have a thinkpad works great with freebsd/openbsd but it's like a decade old and theres still no wifi ac/ax support (i think) in either

its my #1 sadness with freebsd. no fast wifi. almost everything else is just fine. hope more progress can be made on this in future.

i submitted it

sfox: now when you eg post a problem to one of the freebsd mailing lists you can reference that url

sfox: when it crashes, whats produced on the console?

nothing

the laptop just freezes and reboots itself

is it getting hot?

on the server the usual kpanic screen followed by a memory dump

no the thermals are fine

i even repasted it not too long ago

where is it - also what freebsd version

for the laptop id try -current as it has all the debugging turned on

basically boot to it, paste the dmsg like oyu did before

for the server also - os rev/verasion, dmesg etc anyone would need that in order to help

for the kpanic post to bsd.to

rtprio: I don't trust it on any end, least of all mine.

Is there a more reliable connection then standard USB for automotive or 'high vibration' environments?

what do people use for PIM-SM routing on freebsd? FRR?

mountainman1312: have you tried pkg auto and pkg noauto?

ivy, i'm not sure what that is

sfox: it's a protocol for routing multicast traffic between different L2 segments

i think you use mld for that but i'm not sure

IGMP/MLD is for configuring multicast on a single L2 segment, it doesn't work over layer 3 boundaries (as far as i know)

PIM routers listen for IGMP/MLD advertisements to find out what multicast traffic needs to be routed

layer3 is routing

yes

that's not a switch's job

i did not use the word "switch"?

>routing multicast traffic between different L2 segments

you inferred it with this statement

okay, you know how an L3 router is responsible for routing unicast traffic between different L2 segments? and such router might use OSPF/BGP/whatever to do that? an L3 multicast router routes multicast traffic between different L2 segments and it might use PIM-SM to do this

PIM-SM is basically the multicast equivalent to OSPF (although not quite since it relies on an existing unicast IGP, but close enough)

my bad, I didn't know you could multicast to different l2 segments. I thought multicast was restricted to specific l2 segments unless you used proxies. Interesting information.

I don't know the software to do this on freebsd

ah no. there is a multicast address range for "this L2 segment only" but multicast in general can be routed

although not over the internet since no one supports it, but inside an internal network

mzar: it was a route issue, so wg-quick sets the default gateway to be via wg interface and then it sets a route to wg addr via the physical interface gateway

when wifi changes or iface is brought down, the route is lost and must be re-added...

polarian: did you see my reply on net@ about your wireguard thing btw?

so is there a way to hook into wpa_supplicant to run a route command on wifi network connection?

(/etc/start.if.*)

ivy: net@ mailing list?

y

I never posted to net@

or at least I don't remember doing so

oh wait, this was questions@

ah yes... I did post there :)

it was a wireguard question so i assumed net :-p

polarian: lists.freebsd.org/archives/freebsd-questions/2024-October/005823.html

ah I hadn't seen your email yet, its in the 82 emails I have flagged as "to read"

ivy: ah... right useful

but wg0 isn't an issue if you enabled wireguard rc

but... on the other hand... start_if is called each time the iface is modified correct? or brought up and down (would ssid change trigger start_if?)

if so, then sticking this in .wlan0 would ensure the route is always added

it's called by rc.d, so if you run /etc/rc.d/netif start wg0 for example

oo... not ideal then

wpa_supplicant does not invoke it as far as i know, but perhaps you could script that

still cant deal with the ssid changes...

why do SSID changes affect your wireguard interfaces?

im attempting to achieve always on vpn

so any non-wg traffic, going to anything other than the vpn address on udp port 51820 is dropped by pf :)

but currently I restart wireguard every time I change ssid etc

in fact... a script which checks that wg0 exists (execute ifconfig and grep wg0 and strip everything after the whitespace) then adds the route back again could be written pretty easily

then just call this script when wpa_supplicant changes ssid (after figuring out how to hook into it), and when the physical interface goes down and back up (start_if would work for this, thanks for the suggestion)

in theory this should be possible with multiple fibs but i don't know how you'd make dhclient add the route to the right fib

that's how i set up the jail i use for downloading linux ISOs via bittorrent, but that's static config, not dhcp

fuck dhclient, don't need it :)

the physical interface will handle that, you just ifconfig and grep/awk out the gateway it picks up

oh, you use multiple ssids but no dhcp?

route add <phy> <vpn addr> <gateway>

done

this needs to be done on network switches, or phy being brought back up

then abandoning wireguard-tools is possible

and just setconf in start_if.wg0 as you recommended

but currently I calling service wireguard restart (calls wg-quick down and wg-quick up) manually each time I lose network access... which is a pain!

i'm not sure if i completely understand what you're doing but maybe you would be interested in the wireguard client i use here

not to mention everytime I doas I have to type in my password and my uni has doggy wifi which reconnects every few mins... I literally have to doas service wireguard restart every 5 mins... painful!

ivy: ok so my setup explained, I have a wireguard client (well in this case server) on my server router (running OpenBSD) which handles the networking for my server network and my personal wifi (I live with others they have their own broadband, I piggy back my server network which is technically business internet), my ISP is completely unfiltered and only logs minimally, but the most important

part is preventing MITM and dns spoofing on public wifi networks, so my devices are permanently connected to my server network (pf handles the isolation on the router), I validate my own dns and all packets go via a trusted router. always on vpn is easy on android, its a toggle under vpn, its also pretty easy on Linux, however it seems less common on *BSD and I haven't seen a decent guide on

wireguard let alone always-on-vpn

in fact if_wg is almost undocumented anywhere other than the man pages, I found it within the src tree which is when I realised FreeBSD DOES have kernel support for wireguard, any guides I have seen use wireguard-go (userspace)

as its always on vpn wireguard needs to reconnect on network changes, iface changing is not needed to be done yet (I dont use ethernet on my laptop currently, on wifi, but this is also a TODO)

I was complaining about freebsd dropping packets when wifi network changes, or when wlan0 goes down and up, and I was told it could be a route issue, I was lazy and didn't look into it until this morning when I dumped the routing table when wireguard stopped working (netstat -rn > net1.log) and then after I restarted it (netstat -rn > net2.log) and then diff net1.log net2.log showed the exact line

missing, the route to send wg packets out the physical interface

so I tested it, route <phy> <vpn addr> <gateway addr> and it worked!

so now I need to figure out how to automate it...

so I popped back here for suggestions :)

I don't know which guides you read? I searched "wireguard freebsd" on google and the first four results explain wireguard_enable. one specifically says not to use wireguard-go

polarian: you can run the route command on the 'ifup' or whatever wg calls it

rtprio: thats on ifup though

not when the underlying iface changes

wireguard depends on the route to denote which iface it goes out via

and how often is that changing?

so can you use a dhclient hook?

sfox, o/ The only time I ever had a FreeBSD kernel panic is when I had a mismatched radeonkms driver. That's completely understood and explained.

sfox, I had a graphics memory related pause chunk pause chunk problem in 14.0 which has a bug found and fixed in 14.1-RELEASE-p5 so suffered through that until then but it is fixed now.

hi all, what may be the reason my freshly install of FreeBSD 14.1 cannot access the internet and how can I troubleshoting it ? I can ping my router 192.168.100.1 but I cannot ping the outside for eg. 1.1.1.1, I have the following lines inside /etc/rc.conf `ifconfig_em0="inet 192.168.100.15 netmask 255.255.255.0"` `defaultrouter="192.168.100.1"`

ifconfig says status: active, inet 192.168.100.15

the command `pciconf -lv | grep -A1 -B3 network` returns `device = Ethernet Connection(3) I218-LM`

zoraj: and the route is in place?

Check with netstat -rn

zoraj: if the route is in place and you can see packets to the internet being sent to the router, then the router would be the usual suspect.

Alver: this is the result of netstat command imgur.com/com/a/we8V9eT

I have a dozen of device connected to this router without problem

PS4, Ubuntu box, Phone via wifi... without any problem

surprisingly, the BSD box can only ping the router and not any others machines, which is a bit weird to me

zoraj: that link doesn't seem to work

zoraj: instead of netmask x.x.x.x try using the address/24 notation

sorry guys, the link is imgur.com/a/we8V9eT

ok CowboyNeal, going to do it right now

still no internet even after reboot, here is my rc.conf imgur.com/a/5vfmzvf

what is the output of "ifconfig em0"?

here it is imgur.com/a/y6qslOe

Since the installation worked I deduce that networking worked at installation time.

That image paste fails.

You say that "ping 192.168.100.1" is working for you on your system?

What is in your /etc/resolv.conf file? (People often have broken DNS and think it is networking that is broken instead.)

Does "host example.com"

Does "host example.com" work for you? Or is that failing?

sorry :(, here is the link imgur.com/a/y6qsIOe

polarian: that's not surprising; I am glad you troubleshot it with 100% success

rwp, host google.com fails, no output

connection timeout, no servers could be reached

yes, pinging the router (192.168.100.1) works

if I try to ping any other machine, it fails miserably

I kind of think that the network didn't work during the installation, because when I tried to install the handbook, nothing happened

You can "ping -c3 8.8.8.8"?? If that works then your networking is functioning correctly. Move on to the DNS configuration problem.

What is in your /etc/resolv.conf file?

no, I am not able to ping the internet, so ping 8.8.8.8 fails

inside resolv.conf are `nameserver 1.1.1.1` and `nameserver 8`

.8.8.8`

Then the problem is either that your router is not functioning, it might be blocking you. Or maybe you have chosen the wrong subnet for it?

Those nameserver lines seem reasonable. But you say ping 8.8.8.8 fails (try pinging 1.1.1.1 too) and therefore DNS can't work. Back to debugging networking.

Is it possible you are behind a "captured portal" which blocks you until you agree to the EULA?

ping 1.1.1.1 fails, I have root access to the router, I can see that the IP address of the my BSD box is listed there among any other machines connected to the network, there is no specific setup, every machines in my home has 192.168.100.x as ip address without any issue

The detail that ping to the router works but not past the router puts the focus of blame on the router. But you said you just installed the system and networking must have been working at that point. These details are in conflict with each other. Does not make sense.

I'm lost too, something that should be trivial, get stucked for 2 days

I might try using DHCP as a debug test. From /etc/rc.conf remove defaultrouter and the current ifconfig_$INTERFACENAME line. Change the ifconfig line to "SYNCDHCP" and let it DHCP an address.

zoraj: all other hosts are on wifi connection?

I suspect that a DHCP test will have some detail of the configuration different than the current static IP assignment.

yuripv: all my machines(PS4, Ubuntu, BSD) are wired, except phones and tablet

I'm going to try the SYNCDHCP thing and will let you know

i didn't see if you could ping the router?

and if so, was the default route set?

Just an fyi but DHCP and SYNCDHCP are both DHCP but SYNCDHCP will wait at boot time for the address assignment and then will continue. If dhcp fails it will timeout and boot anyway. DHCP without the sync will just boot immediately and then dhcp in the background, meaning that you might be logged in and waiting for the dhcp action to complete which can be confusing when people are debugging dhcp.

rtprio: you could find here that the machine could ping itself (.15) and the router (.1) imgur.com/a/jXQZGhE

did you have the output of `netstat -rna` ?

or did you have defaultrouter= set in rc.conf ?

yes I have defaultrouter="192.168.100.1" in my config file

I'm going to try what rwp point me out about SYNCDHCP

hrm

In imgur.com/a/netstat-we8V9eT it shows a ping to 192.168.100.188 failing but that is on the same subnet and if 192.168.100.1 works then 192.168.100.188 should work too, right? Is that machine really up? This is another data point in conflict.

At least some of other systems use DHCP I presume and they are working so I think this machine using DHCP should also configure correctly and work. If you get anything that works then you can use it to deduce the correct settings for a static IP assignment.

yes that machine (192.168.100.188) works, it's a local pihole DNS server

rwp: changing to `ifconfig_em0="SYNCDHCP"` even after reboot didn't work, here is the boot messages and the ping imgur.com/a/CJXwJ7F

did it get an ip or nah

nope

bizarre; so it appears you have a deaf network card

zoraj: does internet work in installer, or you only installed cached packages?

and try route get 1.1.1.1, and tcpdump

rtprio: maybe... that might work...

Hello71: I only installed the bare minimum, cached package, I used the FreeBSD-14.1-RELEASE-amd64-disc1.iso and the only time it asked for internet was when I attemped to install the handbook

brb

zoraj, So strange! That DHCP does not work, and if anything would then it would, would cause me to double check EVERYTHING. I would swap network cables. I would try "grasping at straws" because right now all you have is straw to grasp at.

Hi all, my FreeBSD server hosted under a cheap OVH brand (kimsufi) refuses to boot. I can't access any sort of KVM (that machine was old, not grandfathered into modern niceties) and I only have access to a Linux 6.1.51 rescue system. That rescue has zfs(8) but zpool(8) fails with: x0.at/Givj.txt . I have checked smartctl(8), nothing seems

amiss (x0.at/6iss.txt). On a scale from 0 to <cancel your subscription>, how screwed am I?

It's recoverable. But it will take some effort and some clever recovery techniques.

Then 10pm+ might not be the right time to start working on it

The server ZFS is newer than the ZFS in the recovery and therefore you can't *directly* use the recovery to mount it.

This late at night for you maybe not. But we can talk about possible options and then you can sleep on it and choose one to do tomorrow. :-)

but there's hope, and that's good. rwp -- manpages or pointers that I can read tomorrow?

I am digging through my notes... stand by

That's not to put anyone else off who might have an immediate suggestion. I am going to a linux rescue boot kvm freebsd recovery path.

The feature isn't that new: cgit.freebsd.org/src/commit/?id=3e4ed4213d7b

moviuro, Read through this: gist.github.com/ctsrc/9a72bc9a0229496aab5e4d3745af0bb9

debdrup, Then would that rescue system be very old?

rwp: sounds like it

Committed to FreeBSD 2023-04-20 but the Linux image would be using OpenZFS but I could definitely see the rescue image being older than a year causing this problem.

moviuro, That reference I cited is for installing but if you can install then you can rescue. Use the rescue system with qemu to boot a small mfsbsd system and then in that virtual system mount your zfs drives and use that access to see why it isn't booting and repair it.

This is the type of situation where I would always try it locally on my local system and work through the process once or twice before attempting it remotely.

But if you are careful this seems very recoverable. Or at the absolute worst you would be able to mount the disks and perform a backup of your data so that you would have all of your data that was there regardless.

thanks rwp, I'll read through it after I get some shut-eye

you could just transfer the block device containing the zpool as raw data, to another system that can import the pool

if it's not too large

if the disk is small, just send it to another server. for large disk, probably kexec to new kernel is easiest

actually, isn't nbd easiest and fastest

ahh

Hello i would like to install and use freebsd, but i did an installation and i can not access it by ssh root, how could do it please?

permit root login in sshd's config file

or create a user account and login to that

Thanks the user can ssh, but i can not use root

halcon, Are you trying to use "su -"? Users must be in the wheel group in order to be allowed to "su -" to root. Log in on the console as root. Add your non-root halcon user account to the wheel group. Then log back in as you halcon and then you will be able to execute "su -" to become root.

halcon, If you are trying to ssh in as root at ssh time that is blocked by default now. To allow set "PermitRootLogin prohibit-password" or "PermitRootLogin yes" as you desire and restart sshd.

random question which is slightly offtopic, but when licencing work, a lot of the BSD licences (in fact I think all licences) contain the word "software" in it, so does that mean using 2-clause BSD does not cover your README, and any documentation or non-code within the repository?

or could you still argue that you waived copyright within the repository for these too?

IANAL but some projects which audit rigorously require an explicit copyright license in README and other text files for that file so as to remove all doubt about it. And most often an all permissive doc license such as one of the Creative Commons ones is used for documentation files. I do not know FreeBSD's project guidelines for it.

cgit.freebsd.org/doc/tree/COPYRIGHT?id=f9763bfd87 from the look of it they modify the licence

ok thanks, i am going to do a reinstallation, time is wrong, city too, my laptop is amd64 and i said 32

rwp: creative commons is huge and complicated, just like the GPL, I am simply wanting to 0BSD some docs about a project of mine but I am unsure if this is going to work or not