Centroid.EU Blog

(this blog is mostly encrypted - adults only)

IKE between OpenBSD and FreeBSD

August 15th, 2017

I got IPSEC working between OpenBSD 6.1 and FreeBSD 10.3 with the openiked port. The policy management is not right on FreeBSD and I had to tune it with an extra "ipsec-fixup" file. Here is what I did:

root@psi:~ # cat ipsec-fixup.setkey 
spdflush;
spdadd 108.61.211.139/32 159.203.29.105/32 any -P out ipsec esp/tunnel/\
108.61.211.139-159.203.29.105/require;
spdadd 159.203.29.105/32 108.61.211.139/32 any -P out ipsec esp/tunnel/\
159.203.29.105-108.61.211.139/require;
root@psi:~ #

and I had to modify iked rc.d startup file to add this routine:

start_postcmd="iked_poststart"
...
iked_poststart()
{
        if [ -f /root/ipsec-fixup.setkey ] ; then
                (sleep 15 && /sbin/setkey -f /root/ipsec-fixup.setkey) &
        fi
}

That will fix the IPSEC on every start/restart. If this helped you at all Cheers!

0 comments

It would make a difference to me

August 12th, 2017

If Germany had it's own space program it would make a difference to me. Currently Germany is doing space science and exploration under the ESA umbrella which is many european nations. The launch sites are in Kazakhstan and in Kourou. So every satellite that ever goes up is shipped to those far places where we can't see a launch. In fact we're entirely oblivious to it, we don't know what's going on. And we don't have everything we need, if we did have that we'd have a space race. If a politician in Germany wants to win he'll say "I promise, before this decade is out (before 2030) we'll put a man on the moon and return him safely" and it would make that person get elected. Imagine that! If Germany started a space programme today from literally scratch and made it happen within 13 years. German technology, german people and german dreams. Yes it's a little nationalist thinking but so what? Think of the things that Germany doesn't have! And what we could have.

0 comments

Dead Bird on my Balcony

August 11th, 2017

Today, just as I was going to hang up my laundry I noticed a dead bird on my balcony under the drying rack. I kinda freaked out because I had to throw it out with the garbage and didn't give it a burial. At least it's getting incinerated in a few weeks time. That's sorta like a cremation. I didn't make a picture because the bird doesn't deserve to be shown in its dead state. I think it was a bird from the tit family but it was clad in a sparrows feathers, I was 100% sure it wasn't a sparrow though.

So here is to you, dead bird, I raise my glass (of diet coke) to you! Rest in Peace!

0 comments

It's actually been a perfect summer

August 10th, 2017

Just wanted to say I didn't find this summer too hot, or too cold. It is just perfect, for me. I'm looking forward to my vacation which will be end of month.

0 comments

Donated to OpenBSD

August 8th, 2017

I have donated 35 EUR to OpenBSD for jca@ who helped me on the misc@ mailing list. I asked Theo who gets the money to buy jca@ a drink next time they meet. Thanks a million, or 35 EUR! ;-).

0 comments

SOHCAHTOA.bc

August 7th, 2017

I have made a helper define, with the help of #openbsd on efnet, on SOHCAHTOA functions. In order to solve this problem, I use the following defines with bc:

define soh(o, h) {
        return (r2d(as(o/h)))
}

define cah(a, h) {
        return (r2d(ac(a/h)))
}

define toa(o, a) {
        return (r2d(a(o/a)))
}

define as(x) {
       return a(x / sqrt(1 - x^2))
}

define ac(x) {
        return a(sqrt(1 - x^2) / x)
}

define r2d(x) {
        return (x * 180/(4 * a(1)))
}

define d2r(x) {
        return (x * ((2 * a(2^10000)) / 180))
}

So then...I calculate:

beta$ bc -l sohcahtoa.bc
toa(35, 65)
28.30075576600637815925

seems to be the answer on the problem noted above. Yay.

0 comments

I tip my hat to SHA2017

August 06th, 2017

This morning a hacker scanned my delphinusdnsd server from SHA2017, why?

Aug  6 05:06:45 chi delphinusdnsd[38628]: on descriptor 11 interface  \
"78.47.14.22" header from 151.216.93.11 has no question, drop
Aug  6 05:06:45 chi delphinusdnsd[38628]: question on descriptor 11 \
interface "78.47.14.22" from 151.216.93.11, did not have question of 1 \
replying format error

Sorry about the incomplete log. I don't have much traffic so I watch the log. The IP in question is dns for the sha2017.camp. domain.

;; QUESTION SECTION:
;11.93.216.151.in-addr.arpa.    IN      PTR

;; AUTHORITY SECTION:
93.216.151.in-addr.arpa. 600    IN      SOA     ns1.sha2017.camp. \ 
root.sha2017.camp. 2016121900 10800 3600 604800 3600

Just to let hackers know. I'm not rich. I don't have connections. So you're not exactly a Robin Hood if you're hacking me. SHA2017 conference's home page is found here.

0 comments

The private space race

July 30th, 2017

Most rich people don't get rich in a vacuum. They employ people to make their money. Well all that is gonna change with artificial intelligence and robots. There might be 10% employees of what they used to employ, in the near future. The rest will be laid off. Those 10% will be high technologists who work on fixing the robots and computer systems. The hard work will be conducted by robots.

When people are ready to leave earth it will likely be the rich. They'll settle on the moon, they'll settle mars and they'll mine the asteroid belt, with you guessed it, robots. So nothing has changed except that living on mars makes you instantly poor unless you have high technology to help you get the resources that a human being needs.

What's going to happen to the poor people on earth? We'll be living in ghettos most likely, bunched together in big cities like sardines with promises of being picked in a lottery to go to space. We'll be monitored 24/7 in our 80 square meter apartments and medicated when there is the slightest hint of depression. When people get drift that the rich are using all the resources to get off this planet and leaving us behind there'll be chaos.

We have to think about whether this is the future we want. Because this is what's happening. We are the people farms. What is a worthwhile pasttime when AI outsmarts us? What is a worthwhile profession when robots outdo us? Do you think we'll all end up playing tennis and bone each other 24/7? Get. Real. I'm majorly pissed off really, not because I don't get to go to the moon, no, because there is no meaningful work that I can persue that isn't already done by a machine.

A 2 class system will erupt, us and them and it's all lies and trickery. The movies 2001 Space Oddisey and Terminator are not warnings signs, we've already passed them. They are here.

0 comments

Finished the story of Goldflipper

July 29th, 2017

Check it out here.

0 comments

Dmesg from zeta.centroid.eu

July 27th, 2017

Zeta is my new firewall/router at home. It's slower than the APU1 that I had in its place before but it gave a lot more ports (+5) so I'M very happy about that. Also it's a MIPS64 which should keep the footprint of crackers lower that would be able to break into this host which is a plus.

Copyright (c) 1982, 1986, 1989, 1991, 1993
	The Regents of the University of California.  All rights reserved.
Copyright (c) 1995-2017 OpenBSD. All rights reserved.  https://www.OpenBSD.org

OpenBSD 6.1-current (GENERIC.MP) #0: Sat Jul 22 21:28:07 UTC 2017
    visa@octeon:/usr/src/sys/arch/octeon/compile/GENERIC.MP
real mem = 2147483648 (2048MB)
avail mem = 2113355776 (2015MB)
mainbus0 at root
cpu0 at mainbus0: CN61xx CPU rev 0.1 800 MHz, Software FP emulation
cpu0: cache L1-I 512KB D 8KB 64 way, L2 1024KB 8 way
cpu1 at mainbus0: CN61xx CPU rev 0.1 800 MHz, Software FP emulation
cpu1: cache L1-I 512KB D 8KB 64 way, L2 1024KB 8 way
clock0 at mainbus0: int 5
iobus0 at mainbus0
simplebus0 at iobus0: "soc"
octciu0 at simplebus0
cn30xxsmi0 at simplebus0
cn30xxsmi1 at simplebus0
com0 at simplebus0: ns16550a, 64 byte fifo
com0: console
com1 at simplebus0: ns16550a, 64 byte fifo
octmmc0 at simplebus0
sdmmc0 at octmmc0: 8-bit, mmc high-speed
octuctl0 at iobus0 base 0x118006f000000 irq 56
ehci0 at octuctl0
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 configuration 1 interface 0 "Octeon EHCI root hub" rev 2.00/1.00 addr 1
ohci0 at octuctl0, version 1.0
usb1 at ohci0: USB revision 1.0
uhub1 at usb1 configuration 1 interface 0 "Octeon OHCI root hub" rev 1.00/1.00 addr 1
octrng0 at iobus0 base 0x1400000000000 irq 0
cn30xxgmx0 at iobus0 base 0x1180008000000
cnmac0 at cn30xxgmx0: SGMII, address 24:a4:3c:06:9f:12
ukphy0 at cnmac0 phy 4: Generic IEEE 802.3u media interface, rev. 3: OUI 0x180361, model 0x0004
cnmac1 at cn30xxgmx0: SGMII, address 24:a4:3c:06:9f:13
ukphy1 at cnmac1 phy 5: Generic IEEE 802.3u media interface, rev. 3: OUI 0x180361, model 0x0004
cnmac2 at cn30xxgmx0: SGMII, address 24:a4:3c:06:9f:14
ukphy2 at cnmac2 phy 6: Generic IEEE 802.3u media interface, rev. 3: OUI 0x180361, model 0x0004
cnmac3 at cn30xxgmx0: SGMII, address 24:a4:3c:06:9f:15
ukphy3 at cnmac3 phy 7: Generic IEEE 802.3u media interface, rev. 3: OUI 0x180361, model 0x0004
cn30xxgmx1 at iobus0 base 0x1180010000000
cnmac4 at cn30xxgmx1: SGMII, address 24:a4:3c:06:9f:16
ukphy4 at cnmac4 phy 0: Generic IEEE 802.3u media interface, rev. 3: OUI 0x180361, model 0x0004
cnmac5 at cn30xxgmx1: SGMII, address 24:a4:3c:06:9f:17
ukphy5 at cnmac5 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI 0x180361, model 0x0004
cnmac6 at cn30xxgmx1: SGMII, address 24:a4:3c:06:9f:18
ukphy6 at cnmac6 phy 2: Generic IEEE 802.3u media interface, rev. 3: OUI 0x180361, model 0x0004
cnmac7 at cn30xxgmx1: SGMII, address 24:a4:3c:06:9f:19
ukphy7 at cnmac7 phy 3: Generic IEEE 802.3u media interface, rev. 3: OUI 0x180361, model 0x0004
/dev/ksyms: Symbol table not valid.
umass0 at uhub0 port 1 configuration 1 interface 0 "SanDisk Ultra USB 3.0" rev 2.10/1.00 addr 2
umass0: using SCSI over Bulk-Only
scsibus0 at umass0: 2 targets, initiator 0
sd0 at scsibus0 targ 1 lun 0:  SCSI4 0/direct removable \
serial.07815591241023103380
sd0: 118464MB, 512 bytes/sector, 242614272 sectors
scsibus1 at sdmmc0: 2 targets, initiator 0
sd1 at scsibus1 targ 1 lun 0:  SCSI2 0/direct removable
sd1: 3776MB, 512 bytes/sector, 7733248 sectors
vscsi0 at root
scsibus2 at vscsi0: 256 targets
softraid0 at root
scsibus3 at softraid0: 256 targets
boot device: sd0
root on sd0a (08e1253cf19e0676.a) swap on sd0b dump on sd0b
WARNING: No TOD clock, believing file system.
WARNING: CHECK AND RESET THE DATE!
cpu1 launched

I have given it a 128 GB USB stick as its disk even though the internal flash card is detected as sd1. The people involved in this architecture are super! They really should be congratulated to make this architecture happen. I did have some problems with threaded programs on this firewall but I moved those to my amd64 router venus (the program was BIND 9.10.5)... Here is the listing of ports, I have utilized all eight:

cnmac0: flags=8843 mtu 1500
        lladdr 24:a4:3c:06:9f:12
        description: eth4 - FritzBox LTE
        index 1 priority 0 llprio 3
        media: Ethernet autoselect (100baseTX full-duplex)
        status: active
        inet 192.168.78.1 netmask 0xffffff00 broadcast 192.168.78.255
cnmac1: flags=8843 mtu 1526
        lladdr 24:a4:3c:06:9f:13
        description: eth5 - Telekom VDSL
        index 2 priority 0 llprio 3
        media: Ethernet autoselect (1000baseT full-duplex)
        status: active
        inet 192.168.16.1 netmask 0xffffff00 broadcast 192.168.16.255
cnmac2: flags=8b43 mtu 1500
        lladdr 24:a4:3c:06:9f:14
        description: eth6 - mercury
        index 3 priority 0 llprio 3
        media: Ethernet autoselect (1000baseT full-duplex)
        status: active
        inet 192.168.70.1 netmask 0xffffff00 broadcast 192.168.70.255
        inet6 fe80::26a4:3cff:fe06:9f14%cnmac2 prefixlen 64 scopeid 0x3
        inet6 2001:db8::121 prefixlen 64
cnmac3: flags=8b43 mtu 1500
        lladdr 24:a4:3c:06:9f:15
        description: eth7 - venus
        index 4 priority 0 llprio 3
        media: Ethernet autoselect (1000baseT full-duplex)
        status: active
        inet 192.168.42.1 netmask 0xffffff00 broadcast 192.168.42.255
cnmac4: flags=8843 mtu 1500
        lladdr 24:a4:3c:06:9f:16
        description: eth0 - Access Point to uranus
        index 5 priority 0 llprio 3
        media: Ethernet autoselect (1000baseT full-duplex)
        status: active
        inet 192.168.179.1 netmask 0xffffff00 broadcast 192.168.179.255
        inet6 fe80::26a4:3cff:fe06:9f16%cnmac4 prefixlen 64 scopeid 0x5
        inet6 2001:db8:0:10::111 prefixlen 64
cnmac5: flags=8843 mtu 1500
        lladdr 24:a4:3c:06:9f:17
        description: eth1 - AREA52U uplink
        index 6 priority 0 llprio 3
        media: Ethernet autoselect (100baseTX full-duplex)
        status: active
        inet 192.168.43.1 netmask 0xffffff00 broadcast 192.168.43.255
cnmac6: flags=8b43 rdomain 2 mtu 1500
        lladdr 24:a4:3c:06:9f:18
        description: eth2 - AREA52U host from bridge
        index 7 priority 0 llprio 3
        media: Ethernet autoselect (1000baseT full-duplex)
        status: active
cnmac7: flags=8b43 rdomain 3 mtu 1500
        lladdr 24:a4:3c:06:9f:19
        description: eth3 - AREA52U B.A.T.M.A.N.
        index 8 priority 0 llprio 3
        media: Ethernet autoselect (1000baseT full-duplex)
        status: active

Notice the order between cnmac0 and eth0 differ, hence I have labeled the ports. There also exists some vlan's and bridges that I bridge batman and other stuff together and pass it on to venus or mercury. Cheers!

0 comments