01:05:51 rwp: i agree with you 02:52:40 mzar: Still not trusting native encryption on this end. 04:14:15 which end do you trust it on? 08:31:58 hi mason 08:32:04 rwp 08:32:48 Am I just doing something wrong or does freebsd kernel panic and crash a lot? 08:33:04 way more then Linux 08:33:14 I don't think I'm doing anything particular niche 08:33:31 just vnet jails managed by iocage 08:33:38 ipv6 networking 08:34:09 I'm using ECC memory 08:34:13 and hardware watchdogs 08:34:14 but 08:34:38 you know 'server grade' hardware. Supposed to be more stable then the cheapo consumer stuff 08:34:48 zfs 08:35:00 but it seems like i'm kpanicing every other month 08:35:24 or experiencing really bad bugs. SOmetimes the kpanics happen more often 08:36:04 the other day, I just just running impitool trying to look at sensors and reboot the bmc, but it wasn't working so I unloading the ipmi kernel module and when I loading it back 08:36:07 boom, kpanic 08:36:27 this time the crash was so bad though that it couldn't even finish writing backtrace to the crt 08:36:49 I'm even afraid to stop jails now for fear of kpanicing the whole system 08:37:40 I think there's been a bug open related to it since like, 2014? I'll have to check but I'm not sure what the problem is. If people don't know what's causing it or there's just nobody to fund maintaince of those kernel features 08:40:06 my bad looks like 2019 not 2014 08:40:06 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=238326 08:43:16 Is there something wrong with my hardware? 09:41:29 sfox: if you get regular kernel panics - what do the crashdumps tell you? 09:41:48 page table faults 09:44:39 Also, whereas ECC memory is nice and server-grade-ish indeed - many BMCs are (absolutely, utterly) not 09:45:24 YMMV but I categorically refuse to have any linking between the OS and the IPMI, regardless of which it is 09:45:43 If the OS wants to talk to the IPMI, it will talk to it over the frickin network, just like everyone else 09:46:57 The worst ones are those that "share" a physical network interface between IPMI and OS. Absolute nightmare 09:51:06 Nasty stuff, that page fault in the ipv6 code 09:54:18 Do you have any understanding of it? 09:54:48 Alver, I have the option to use a dedicated port for ipmi. Would doing that increase system stability vs sharing the igb0 port? 09:55:06 also is there any way to fix the bmc? 09:55:14 it's a proprietary bnc from asrock rack 10:37:50 sfox, as long as you set an explicit policy and not "auto" I think you will be fine 10:39:04 I had a server on auto where the BMC decided to hijack a port different from its usual after a reboot 10:39:23 that could have been a real disaster 10:39:42 never again 10:40:12 also it had been in operation about 4 years without issue before the problem occured 10:40:54 sigh 10:41:13 freebsd just crashed again on my laptop after using ifconfig to tell wifi to use channel 146 10:41:32 and unplugging the wifi because the wifi card hanged 10:51:07 * f451 looks at local pkg builders 10:51:40 reBuild Rust errrrry daaaay! 10:54:32 sfox: i find, particularly on rpi products, that freebsd (current, no-debug) is way more stable than raspios, which was designed for it. thats the primary reason for using it on this hardware 10:54:42 it just keeps on going 10:55:21 i had to tune it - dont extect a general purpose server os to work ideally straight out of the box 10:56:00 it only need booting after a make/buildworld sequence 11:00:52 i'm not running on a raspberry pi 11:02:18 i also have amd64, on neterprise hardware. same principle, same results apply 11:03:08 on internet-exposed stuff i run -current, keep an eye on current@ cnd cgit 11:05:30 sfox: for yr laptop, id recommend looking at detailed dmesg output and making a custom kernel config file, with only whays needed 11:05:44 GENERIC might not work for you 11:06:18 what is a whays and is a custom kernel really necessary to stop it from crashing? 11:06:30 and laptops are a mess with any os, i chose mine carefully. thinkpad 11:06:36 it's a thinkpad 11:07:01 you might have some stuff clashing with other stuff. with laptops, it's the wild west 11:07:26 what's the model? 11:07:33 mmmm anybody use linux-chrome on freebsd? I am unable to set duckduckgo as the default / only search engine 11:07:36 how old is it? 11:08:11 dch: i use ungoogled-chromium 11:08:25 f451: very new, about a week old 11:08:34 T430 11:08:51 f451: I use ungoogled-chromium by default but this specific issue is one where I *need* the linux variant 11:08:56 that alone might be a reason - a dmesg would be helpful 11:09:09 dch: aha 11:11:31 sfox: https://dmesgd.nycbug.org/ 11:11:50 sure 11:12:57 specifically, dmesg -a . parse the output to remove information you'd rather not share then paste it there 11:13:53 ok, I added it manually. it seems the usual extension doesn't appear in the search engines list. 11:14:05 i have a thinkpad works great with freebsd/openbsd but it's like a decade old and theres still no wifi ac/ax support (i think) in either 11:17:56 its my #1 sadness with freebsd. no fast wifi. almost everything else is just fine. hope more progress can be made on this in future. 11:18:14 * dch currently watching netflix on FreeBSD CURRENT for example 11:18:52 i submitted it 11:19:19 https://dmesgd.nycbug.org/index.cgi?do=view&id=7992 11:25:01 sfox: now when you eg post a problem to one of the freebsd mailing lists you can reference that url 11:27:44 sfox: when it crashes, whats produced on the console? 11:27:50 nothing 11:28:02 the laptop just freezes and reboots itself 11:28:16 is it getting hot? 11:28:23 on the server the usual kpanic screen followed by a memory dump 11:28:27 no the thermals are fine 11:28:34 i even repasted it not too long ago 11:28:52 where is it - also what freebsd version 11:30:24 for the laptop id try -current as it has all the debugging turned on 11:30:54 basically boot to it, paste the dmsg like oyu did before 11:32:46 for the server also - os rev/verasion, dmesg etc anyone would need that in order to help 11:33:48 for the kpanic post to https://bsd.to 11:54:06 rtprio: I don't trust it on any end, least of all mine. 12:37:37 Is there a more reliable connection then standard USB for automotive or 'high vibration' environments? 12:50:56 what do people use for PIM-SM routing on freebsd? FRR? 13:31:45 mountainman1312: have you tried pkg auto and pkg noauto? 13:40:31 ivy, i'm not sure what that is 13:41:24 sfox: it's a protocol for routing multicast traffic between different L2 segments 13:42:20 https://en.wikipedia.org/wiki/Protocol_Independent_Multicast 13:42:48 i think you use mld for that but i'm not sure 13:43:26 IGMP/MLD is for configuring multicast on a single L2 segment, it doesn't work over layer 3 boundaries (as far as i know) 13:44:05 PIM routers listen for IGMP/MLD advertisements to find out what multicast traffic needs to be routed 13:45:07 layer3 is routing 13:45:15 yes 13:45:17 that's not a switch's job 13:45:37 i did not use the word "switch"? 13:45:50 >routing multicast traffic between different L2 segments 13:46:35 you inferred it with this statement 13:47:08 okay, you know how an L3 router is responsible for routing unicast traffic between different L2 segments? and such router might use OSPF/BGP/whatever to do that? an L3 multicast router routes multicast traffic between different L2 segments and it might use PIM-SM to do this 13:47:37 PIM-SM is basically the multicast equivalent to OSPF (although not quite since it relies on an existing unicast IGP, but close enough) 13:48:51 my bad, I didn't know you could multicast to different l2 segments. I thought multicast was restricted to specific l2 segments unless you used proxies. Interesting information. 13:49:07 I don't know the software to do this on freebsd 13:49:18 ah no. there is a multicast address range for "this L2 segment only" but multicast in general can be routed 13:49:28 although not over the internet since no one supports it, but inside an internal network 16:26:50 mzar: it was a route issue, so wg-quick sets the default gateway to be via wg interface and then it sets a route to wg addr via the physical interface gateway 16:33:12 when wifi changes or iface is brought down, the route is lost and must be re-added... 16:33:31 polarian: did you see my reply on net@ about your wireguard thing btw? 16:33:34 so is there a way to hook into wpa_supplicant to run a route command on wifi network connection? 16:33:39 (/etc/start.if.*) 16:34:46 ivy: net@ mailing list? 16:35:18 y 16:35:26 I never posted to net@ 16:35:33 or at least I don't remember doing so 16:35:39 oh wait, this was questions@ 16:35:45 ah yes... I did post there :) 16:35:45 it was a wireguard question so i assumed net :-p 16:36:09 polarian: https://lists.freebsd.org/archives/freebsd-questions/2024-October/005823.html 16:36:58 ah I hadn't seen your email yet, its in the 82 emails I have flagged as "to read" 16:38:26 ivy: ah... right useful 16:38:42 but wg0 isn't an issue if you enabled wireguard rc 16:39:14 but... on the other hand... start_if is called each time the iface is modified correct? or brought up and down (would ssid change trigger start_if?) 16:39:30 if so, then sticking this in .wlan0 would ensure the route is always added 16:39:42 it's called by rc.d, so if you run /etc/rc.d/netif start wg0 for example 16:39:52 oo... not ideal then 16:39:58 wpa_supplicant does not invoke it as far as i know, but perhaps you could script that 16:39:59 still cant deal with the ssid changes... 16:40:12 why do SSID changes affect your wireguard interfaces? 16:40:14 im attempting to achieve always on vpn 16:40:58 so any non-wg traffic, going to anything other than the vpn address on udp port 51820 is dropped by pf :) 16:41:24 but currently I restart wireguard every time I change ssid etc 16:42:33 in fact... a script which checks that wg0 exists (execute ifconfig and grep wg0 and strip everything after the whitespace) then adds the route back again could be written pretty easily 16:43:17 then just call this script when wpa_supplicant changes ssid (after figuring out how to hook into it), and when the physical interface goes down and back up (start_if would work for this, thanks for the suggestion) 16:44:21 in theory this should be possible with multiple fibs but i don't know how you'd make dhclient add the route to the right fib 16:44:44 that's how i set up the jail i use for downloading linux ISOs via bittorrent, but that's static config, not dhcp 16:45:07 fuck dhclient, don't need it :) 16:45:26 the physical interface will handle that, you just ifconfig and grep/awk out the gateway it picks up 16:45:27 oh, you use multiple ssids but no dhcp? 16:45:45 route add 16:45:48 done 16:46:00 this needs to be done on network switches, or phy being brought back up 16:46:16 then abandoning wireguard-tools is possible 16:46:30 and just setconf in start_if.wg0 as you recommended 16:47:05 but currently I calling service wireguard restart (calls wg-quick down and wg-quick up) manually each time I lose network access... which is a pain! 16:47:22 i'm not sure if i completely understand what you're doing but maybe you would be interested in the wireguard client i use here 16:47:43 not to mention everytime I doas I have to type in my password and my uni has doggy wifi which reconnects every few mins... I literally have to doas service wireguard restart every 5 mins... painful! 16:50:32 ivy: ok so my setup explained, I have a wireguard client (well in this case server) on my server router (running OpenBSD) which handles the networking for my server network and my personal wifi (I live with others they have their own broadband, I piggy back my server network which is technically business internet), my ISP is completely unfiltered and only logs minimally, but the most important 16:50:34 part is preventing MITM and dns spoofing on public wifi networks, so my devices are permanently connected to my server network (pf handles the isolation on the router), I validate my own dns and all packets go via a trusted router. always on vpn is easy on android, its a toggle under vpn, its also pretty easy on Linux, however it seems less common on *BSD and I haven't seen a decent guide on 16:50:36 wireguard let alone always-on-vpn 16:51:10 in fact if_wg is almost undocumented anywhere other than the man pages, I found it within the src tree which is when I realised FreeBSD DOES have kernel support for wireguard, any guides I have seen use wireguard-go (userspace) 16:52:03 as its always on vpn wireguard needs to reconnect on network changes, iface changing is not needed to be done yet (I dont use ethernet on my laptop currently, on wifi, but this is also a TODO) 16:53:51 I was complaining about freebsd dropping packets when wifi network changes, or when wlan0 goes down and up, and I was told it could be a route issue, I was lazy and didn't look into it until this morning when I dumped the routing table when wireguard stopped working (netstat -rn > net1.log) and then after I restarted it (netstat -rn > net2.log) and then diff net1.log net2.log showed the exact line 16:53:53 missing, the route to send wg packets out the physical interface 16:54:19 so I tested it, route and it worked! 16:54:30 so now I need to figure out how to automate it... 16:54:41 so I popped back here for suggestions :) 16:58:52 I don't know which guides you read? I searched "wireguard freebsd" on google and the first four results explain wireguard_enable. one specifically says not to use wireguard-go 17:06:46 polarian: you can run the route command on the 'ifup' or whatever wg calls it 17:07:04 rtprio: thats on ifup though 17:07:11 not when the underlying iface changes 17:07:23 wireguard depends on the route to denote which iface it goes out via 17:09:00 and how often is that changing? 17:09:20 so can you use a dhclient hook? 17:22:50 sfox, o/ The only time I ever had a FreeBSD kernel panic is when I had a mismatched radeonkms driver. That's completely understood and explained. 17:24:03 sfox, I had a graphics memory related pause chunk pause chunk problem in 14.0 which has a bug found and fixed in 14.1-RELEASE-p5 so suffered through that until then but it is fixed now. 18:22:42 hi all, what may be the reason my freshly install of FreeBSD 14.1 cannot access the internet and how can I troubleshoting it ? I can ping my router 192.168.100.1 but I cannot ping the outside for eg. 1.1.1.1, I have the following lines inside /etc/rc.conf `ifconfig_em0="inet 192.168.100.15 netmask 255.255.255.0"` `defaultrouter="192.168.100.1"` 18:24:02 ifconfig says status: active, inet 192.168.100.15 18:29:51 the command `pciconf -lv | grep -A1 -B3 network` returns `device = Ethernet Connection(3) I218-LM` 18:42:35 zoraj: and the route is in place? 18:42:50 Check with netstat -rn 18:49:26 zoraj: if the route is in place and you can see packets to the internet being sent to the router, then the router would be the usual suspect. 18:50:41 Alver: this is the result of netstat command https://imgur.com/com/a/we8V9eT 18:51:37 I have a dozen of device connected to this router without problem 18:52:39 PS4, Ubuntu box, Phone via wifi... without any problem 18:54:02 surprisingly, the BSD box can only ping the router and not any others machines, which is a bit weird to me 18:55:06 zoraj: that link doesn't seem to work 18:55:58 zoraj: instead of netmask x.x.x.x try using the address/24 notation 18:57:09 sorry guys, the link is https://imgur.com/a/we8V9eT 18:57:25 ok CowboyNeal, going to do it right now 19:05:25 still no internet even after reboot, here is my rc.conf https://imgur.com/a/5vfmzvf 19:09:14 what is the output of "ifconfig em0"? 19:12:47 here it is https://imgur.com/a/y6qslOe 19:12:50 Since the installation worked I deduce that networking worked at installation time. 19:13:12 That image paste fails. 19:13:55 You say that "ping 192.168.100.1" is working for you on your system? 19:14:30 What is in your /etc/resolv.conf file? (People often have broken DNS and think it is networking that is broken instead.) 19:14:39 Does "host example.com" 19:14:50 Does "host example.com" work for you? Or is that failing? 19:15:36 sorry :(, here is the link https://imgur.com/a/y6qsIOe 19:16:07 polarian: that's not surprising; I am glad you troubleshot it with 100% success 19:16:22 rwp, host google.com fails, no output 19:16:41 connection timeout, no servers could be reached 19:17:08 yes, pinging the router (192.168.100.1) works 19:17:27 if I try to ping any other machine, it fails miserably 19:18:49 I kind of think that the network didn't work during the installation, because when I tried to install the handbook, nothing happened 19:19:31 You can "ping -c3 8.8.8.8"?? If that works then your networking is functioning correctly. Move on to the DNS configuration problem. 19:20:09 What is in your /etc/resolv.conf file? 19:20:39 no, I am not able to ping the internet, so ping 8.8.8.8 fails 19:21:34 inside resolv.conf are `nameserver 1.1.1.1` and `nameserver 8` 19:21:42 .8.8.8` 19:21:42 Then the problem is either that your router is not functioning, it might be blocking you. Or maybe you have chosen the wrong subnet for it? 19:22:35 Those nameserver lines seem reasonable. But you say ping 8.8.8.8 fails (try pinging 1.1.1.1 too) and therefore DNS can't work. Back to debugging networking. 19:22:56 Is it possible you are behind a "captured portal" which blocks you until you agree to the EULA? 19:23:10 https://en.wikipedia.org/wiki/Captive_portal 19:24:26 ping 1.1.1.1 fails, I have root access to the router, I can see that the IP address of the my BSD box is listed there among any other machines connected to the network, there is no specific setup, every machines in my home has 192.168.100.x as ip address without any issue 19:24:37 The detail that ping to the router works but not past the router puts the focus of blame on the router. But you said you just installed the system and networking must have been working at that point. These details are in conflict with each other. Does not make sense. 19:25:58 I'm lost too, something that should be trivial, get stucked for 2 days 19:26:06 I might try using DHCP as a debug test. From /etc/rc.conf remove defaultrouter and the current ifconfig_$INTERFACENAME line. Change the ifconfig line to "SYNCDHCP" and let it DHCP an address. 19:26:10 zoraj: all other hosts are on wifi connection? 19:27:10 I suspect that a DHCP test will have some detail of the configuration different than the current static IP assignment. 19:27:11 yuripv: all my machines(PS4, Ubuntu, BSD) are wired, except phones and tablet 19:28:10 I'm going to try the SYNCDHCP thing and will let you know 19:29:26 i didn't see if you could ping the router? 19:29:47 and if so, was the default route set? 19:33:24 Just an fyi but DHCP and SYNCDHCP are both DHCP but SYNCDHCP will wait at boot time for the address assignment and then will continue. If dhcp fails it will timeout and boot anyway. DHCP without the sync will just boot immediately and then dhcp in the background, meaning that you might be logged in and waiting for the dhcp action to complete which can be confusing when people are debugging dhcp. 19:33:26 rtprio: you could find here that the machine could ping itself (.15) and the router (.1) https://imgur.com/a/jXQZGhE 19:33:48 did you have the output of `netstat -rna` ? 19:34:06 or did you have defaultrouter= set in rc.conf ? 19:34:58 yes I have defaultrouter="192.168.100.1" in my config file 19:35:29 I'm going to try what rwp point me out about SYNCDHCP 19:36:18 hrm 19:36:27 In https://imgur.com/a/netstat-we8V9eT it shows a ping to 192.168.100.188 failing but that is on the same subnet and if 192.168.100.1 works then 192.168.100.188 should work too, right? Is that machine really up? This is another data point in conflict. 19:37:35 At least some of other systems use DHCP I presume and they are working so I think this machine using DHCP should also configure correctly and work. If you get anything that works then you can use it to deduce the correct settings for a static IP assignment. 19:38:03 yes that machine (192.168.100.188) works, it's a local pihole DNS server 19:50:16 rwp: changing to `ifconfig_em0="SYNCDHCP"` even after reboot didn't work, here is the boot messages and the ping https://imgur.com/a/CJXwJ7F 19:52:01 did it get an ip or nah 19:52:38 nope 19:55:03 bizarre; so it appears you have a deaf network card 20:16:55 zoraj: does internet work in installer, or you only installed cached packages? 20:17:59 and try route get 1.1.1.1, and tcpdump 20:18:50 rtprio: maybe... that might work... 20:21:38 Hello71: I only installed the bare minimum, cached package, I used the FreeBSD-14.1-RELEASE-amd64-disc1.iso and the only time it asked for internet was when I attemped to install the handbook 20:27:48 https://imgur.com/a/Q4BwTvT 20:28:06 brb 20:32:11 zoraj, So strange! That DHCP does not work, and if anything would then it would, would cause me to double check EVERYTHING. I would swap network cables. I would try "grasping at straws" because right now all you have is straw to grasp at. 20:32:35 Hi all, my FreeBSD server hosted under a cheap OVH brand (kimsufi) refuses to boot. I can't access any sort of KVM (that machine was old, not grandfathered into modern niceties) and I only have access to a Linux 6.1.51 rescue system. That rescue has zfs(8) but zpool(8) fails with: https://x0.at/Givj.txt . I have checked smartctl(8), nothing seems 20:32:35 amiss (https://x0.at/6iss.txt). On a scale from 0 to , how screwed am I? 20:34:08 It's recoverable. But it will take some effort and some clever recovery techniques. 20:34:31 Then 10pm+ might not be the right time to start working on it 20:34:38 The server ZFS is newer than the ZFS in the recovery and therefore you can't *directly* use the recovery to mount it. 20:35:02 This late at night for you maybe not. But we can talk about possible options and then you can sleep on it and choose one to do tomorrow. :-) 20:35:18 but there's hope, and that's good. rwp -- manpages or pointers that I can read tomorrow? 20:35:37 I am digging through my notes... stand by 20:36:34 That's not to put anyone else off who might have an immediate suggestion. I am going to a linux rescue boot kvm freebsd recovery path. 20:37:04 The feature isn't that new: https://cgit.freebsd.org/src/commit/?id=3e4ed4213d7b 20:38:43 moviuro, Read through this: https://gist.github.com/ctsrc/9a72bc9a0229496aab5e4d3745af0bb9 20:39:24 debdrup, Then would that rescue system be very old? 20:39:44 rwp: sounds like it 20:40:23 Committed to FreeBSD 2023-04-20 but the Linux image would be using OpenZFS but I could definitely see the rescue image being older than a year causing this problem. 20:42:39 moviuro, That reference I cited is for installing but if you can install then you can rescue. Use the rescue system with qemu to boot a small mfsbsd system and then in that virtual system mount your zfs drives and use that access to see why it isn't booting and repair it. 20:43:33 This is the type of situation where I would always try it locally on my local system and work through the process once or twice before attempting it remotely. 20:44:25 But if you are careful this seems very recoverable. Or at the absolute worst you would be able to mount the disks and perform a backup of your data so that you would have all of your data that was there regardless. 21:22:19 thanks rwp, I'll read through it after I get some shut-eye 21:23:42 you could just transfer the block device containing the zpool as raw data, to another system that can import the pool 21:24:19 if it's not too large 22:06:59 if the disk is small, just send it to another server. for large disk, probably kexec to new kernel is easiest 22:09:05 actually, isn't nbd easiest and fastest 22:11:30 * kevans double checks what channel he's in re: kexec 22:11:47 ahh 23:03:52 Hello i would like to install and use freebsd, but i did an installation and i can not access it by ssh root, how could do it please? 23:07:01 permit root login in sshd's config file 23:07:13 or create a user account and login to that 23:15:25 Thanks the user can ssh, but i can not use root 23:22:27 halcon, Are you trying to use "su -"? Users must be in the wheel group in order to be allowed to "su -" to root. Log in on the console as root. Add your non-root halcon user account to the wheel group. Then log back in as you halcon and then you will be able to execute "su -" to become root. 23:24:27 halcon, If you are trying to ssh in as root at ssh time that is blocked by default now. To allow set "PermitRootLogin prohibit-password" or "PermitRootLogin yes" as you desire and restart sshd. 23:24:44 random question which is slightly offtopic, but when licencing work, a lot of the BSD licences (in fact I think all licences) contain the word "software" in it, so does that mean using 2-clause BSD does not cover your README, and any documentation or non-code within the repository? 23:24:56 or could you still argue that you waived copyright within the repository for these too? 23:26:58 IANAL but some projects which audit rigorously require an explicit copyright license in README and other text files for that file so as to remove all doubt about it. And most often an all permissive doc license such as one of the Creative Commons ones is used for documentation files. I do not know FreeBSD's project guidelines for it. 23:27:24 https://cgit.freebsd.org/doc/tree/COPYRIGHT?id=f9763bfd87 from the look of it they modify the licence 23:28:35 ok thanks, i am going to do a reinstallation, time is wrong, city too, my laptop is amd64 and i said 32 23:28:47 rwp: creative commons is huge and complicated, just like the GPL, I am simply wanting to 0BSD some docs about a project of mine but I am unsure if this is going to work or not