GeekLAN

As v1.0.12 is finally released I’ve updated the unfinished port for the SVN builds
The todo list is kinda the same but I’m on the case this time & its fairly trivial to sort out, I just need feedback on any issues building the port & getting it up & running.

Grab the port here
If you need a main.conf to start with grab it here

29/6/08
Thanks to David Bird for working over the issues with coova on FreeBSD this weekend, the random coredump issue has been resolved & chilli_query now works properly aswell as coova itself!
I’ve updated the port, use the link above to download & test.

Looking for something to do this weekend I remembered that a few years back after reading Secure Architectures with OpenBSD I’d signed up to freenet6, I retrieved my forgotten account details & logged in to the portal to get started, then remembered why I never got off the ground with this project, the client is a PITA to setup, a quick search of the ports tree showed up net/aiccu.
The description of the port:
AICCU makes it very easy for anybody to get IPv6 connectivity
everywhere they want. It uses the TIC (Tunnel Information & Control)
protocol to request the information needed to setup a tunnel through
which the connectivity is created.

AICCU supports the following tunneling protocols:
- 6in4 static (RFC 2893)
- 6in4 heartbeat (RFC 2893 + draft-massar-v6ops-heartbeat)
- tinc (http://www.tinc-vpn.org)
- AYIYA (draft-massar-v6ops-ayiya)

As AYIYA even works from behind NAT’s, thus unless there is a very
restrictive firewall in place, anybody should be able to get IPv6
connectivity without problems and everywhere they want.

One does need a SixXS account and at least a tunnel. These
can be freely & gratis requested from the SixXS website.

Before installing the port I headed over to the SixXS website to have a nose around, the FAQ is well worth a read, it lays down the basics of the signup process quiet well.
The only hold up between signing up & getting going with your 1st tunnel is the wait for approval by the project admins which though the site says it can be as long as a week took, it only a few hours for me (even on a saturday!:))
The project works on a credit basis (there is no money inolved), costs are broken down in the FAQ, basically you start off with 25 credits, which allows you to get a tunnel for a single host setup at the cost of 15 credits.
Once you’ve been able to demonstrate that you can keep the tunnel up for seven days you’ll be credited 5 credits, this will give you enough credits to apply for a subnet.
Fingers crossed, if it all goes well I’ll be migrating my home network to IPv6 sometime next week.

The setup of the aiccu client was pretty straightforward, I just needed to provide my username & password to the config file. You don’t actually have to use the aiccu client, you can create a gif(4) manually, this is covered in the faq aswell, but seeing as I’m a n00b at this I will ditch the client once I’m more comfortable. Before you fire up the client you need to configure your firewall rules so that ipv6 traffic is allowed, most importantly icmp6, details covered in the faq.

So, now I have a tunnel setup, the next step is to find a registrar to move my domains to whom supports IPv6 records, surprisingly the big boys, tucows, 1&1, go daddy don’t (well go daddy allows the creation of AAAA records but you can’t use them for your NS records).
The FAQ once again has this covered here
Once I’ve transfered my domains across, I’ll be ditching OpenBSD 4.3 & moving to -CURRENT temporarily as Apache supports IPv6 there.

RIP Jun-ichiro “itojun” Hagino

New restore CD for the Cobalt Cube using Izumi Tsutsuis updated restore CD script

You can grab a copy here

Dell where running a special offer this week on the PowerEdge T105 servers.
For £173inc Vat & Shipping they make perfect test boxes, I placed the order on monday & they where here on thursday.
I’ve spent some of today trying ou the AMD64 flavours of FreeBSD 6.3 & 7.0-RC1, NetBSD 4.0 & 200802010002Z snapshot, OpenBSD 4.2 RELEASE & CURRENT.
One word of warning the onboard broadcom network card is a POS, you will need an additional network card installed in the system if you’re planning to have any means of connectivity to you box.
I used a cheapo intel pro/1000 GT PCI network card.

Here are some dmesgs:
FreeBSD 6.3-RELEASE AMD64
FreeBSD 7.0-RC1 AMD64
The broadcom network card was enabled in the bios but wasn’t detected by the kernel

I was unable to NetBSD 4.0 & 200802010002Z as the setup program claimed there where any disks installed.

OpenBSD 4.2-RELEASE GENERIC kernel
OpenBSD 4.2-RELEASE GENERIC.MP kernel
OpenBSD 4.2-CURRENT GENERIC kernel
The broadcom network worked fine during the install process as far as I was able to obtain a IP address from a DHCP server, upon reboot when the system went multiuser & the network card was initialised the system would panic, using the intel card instead stopped the panic onboot, but still panicked on reboot, disabling the broadcom network card in the bios solved any panics. Screenshot
I was unable to test the 4.2-CURRENT GENERIC.MP kernel as the system failed to boot, complaining about em0: watchdog timeout -- resetting
&
wd0a: device timeout writing fsbn 1885728 of 1885728-1885759 (wd0 bn 1885791; cn 11 tn 98 sn 12), retrying Screenshot

I also booted the system off the FreeBSD-CURRENT snapshot using the bootonly iso, the broadcom network card was detected but panicked when attempting to obtain a IP address via DHCP.

I’ve rolled a new restore CD using the updated scripts Izumi Tsutsui posted on port-cobalt@

You can grab a copy here

It seems I made a mistake whilst building this new build, I have rebuilt & uploaded a new copy of the image, please redownload if you grabbed a copy of this yesterdat

Using Izumi Tsutsuis restore cd script I’ve rolled a restore cd for NetBSD/cobalt 4.0
Everything should work A-OK, I’ve managed to restore my Qube2 using this image without any problems.

You can grab a copy here

dmesg output from Qube2 running NetBSD 4.0:

Copyright (c) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005,
2006, 2007
The NetBSD Foundation, Inc. All rights reserved.
Copyright (c) 1982, 1986, 1989, 1991, 1993
The Regents of the University of California. All rights reserved.

NetBSD 4.0 (GENERIC) #0: Sat Dec 15 22:05:27 PST 2007
builds@wb35:/home/builds/ab/netbsd-4-0-RELEASE/cobalt/200712160005Z-obj/home/builds/ab/netbsd-4-0-RELEASE/src/sys/arch/cobalt/compile/GENERIC
Cobalt Qube 2
total memory = 65536 KB
avail memory = 59972 KB
timecounter: Timecounters tick every 10.000 msec
mainbus0 (root)
com0 at mainbus0 addr 0x1c800000 level 3: st16650a, working fifo
com0: console
cpu0 at mainbus0: QED RM5200 CPU (0x28a0) Rev. 10.0 with built-in FPU Rev. 10.0
cpu0: 32KB/32B 2-way set-associative L1 Instruction cache, 48 TLB entries
cpu0: 32KB/32B 2-way set-associative write-back L1 Data cache
mcclock0 at mainbus0 addr 0x10000070: mc146818 compatible time-of-day clock
panel0 at mainbus0 addr 0x1f000000
gt0 at mainbus0 addr 0x14000000
pci0 at gt0
pci0: i/o space, memory space enabled, rd/line, wr/inv ok
pchb0 at pci0 dev 0 function 0: Galileo GT-64111 System Controller, rev 1
tlp0 at pci0 dev 7 function 0: DECchip 21143 Ethernet, pass 4.1
tlp0: interrupting at level 1
tlp0: Ethernet address 00:10:e0:00:fe:d5
lxtphy0 at tlp0 phy 1: LXT970 10/100 media interface, rev. 3
lxtphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
pcib0 at pci0 dev 9 function 0
pcib0: VIA Technologies VT82C586 PCI-ISA Bridge, rev 39
viaide0 at pci0 dev 9 function 1
viaide0: VIA Technologies VT82C586 (Apollo VP) ATA33 controller
viaide0: bus-master DMA support present
viaide0: primary channel configured to compatibility mode
viaide0: primary channel interrupting at irq 14
atabus0 at viaide0 channel 0
viaide0: secondary channel configured to compatibility mode
viaide0: secondary channel interrupting at irq 15
atabus1 at viaide0 channel 1
VIA Technologies VT83C572 USB Controller (USB serial bus, revision 0x02) at pci0 dev 9 function 2 not configured
Acer Labs M5237 USB 1.1 Host Controller (USB serial bus, interface 0x10, revision 0x03) at pci0 dev 10 function 0 not configured
Acer Labs M5237 USB 1.1 Host Controller (USB serial bus, interface 0x10, revision 0x03) at pci0 dev 10 function 1 not configured
Acer Labs M5237 USB 1.1 Host Controller (USB serial bus, interface 0x10, revision 0x03) at pci0 dev 10 function 2 not configured
Acer Labs M5239 USB 2.0 Host Controller (USB serial bus, interface 0x20, revision 0x01) at pci0 dev 10 function 3 not configured
Acer Labs product 0x5253 (Firewire serial bus, interface 0x10) at pci0 dev 10 function 4 not configured
tlp1 at pci0 dev 12 function 0: DECchip 21143 Ethernet, pass 4.1
tlp1: interrupting at level 2
tlp1: Ethernet address 00:10:e0:01:06:0c
lxtphy1 at tlp1 phy 1: LXT970 10/100 media interface, rev. 3
lxtphy1: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
timecounter: Timecounter "clockinterrupt" frequency 100 Hz quality 0
timecounter: Timecounter "mips3_cp0_counter" frequency 125000000 Hz quality 100
Kernelized RAIDframe activated
wd0 at atabus0 drive 0:
wd0: drive supports 16-sector PIO transfers, LBA48 addressing
wd0: 78532 MB, 159557 cyl, 16 head, 63 sec, 512 bytes/sect x 160834367 sectors
wd0: 32-bit data port
wd0: drive supports PIO mode 4, DMA mode 2, Ultra-DMA mode 6 (Ultra/133)
wd0(viaide0:0:0): using PIO mode 4, Ultra-DMA mode 2 (Ultra/33) (using DMA)
boot device: wd0
root on wd0a dumps on wd0b
root file system type: ffs


I’ve created a long overdue port of CoovaChilli for FreeBSD, this should be considered as a work in progress for a couple of reasons:
1) As the current stable release v1.0.11 doesn’t build on the BSD’s the port installs a SVN checkout of build 152 which resolves build issues with FreeBSD
2) this is a result of a couple of hours of faffing around due to me being a bit rusty, the port definitely installs & uninstalls cleanly
but doesn’t install things in the right place as far as where things should live in the BSD userland e.g the www files are installed in {PREFIX}/etc/chilli/www which is wrong + some others bits.
3) The port doesn’t include any of additional docs/configs which where included with the chillispot port, eg a PF config.
4) No testing has been done apart from the fact that it builds correctly

You can grab a copy of the port here
copy the file to /usr/ports/net-mgmt
& uncompress

Update:
Small change, the correct location of the localstate directory (/var) is passed onto configure, redownload the file if you grabbed a copy previously.

6 Months ago I bought a mini itx motherboard to replace my current ancient web server / firewall, I went for the Jetway J7F2WE1G5D-OC-PB as it was cheaper then the VIA ones & it also supports expansion via daughterboards, there’s a whole range to choose from, I went for the AD3RTLAN-G which gives you three additional gigabit interfaces which are based on the Realtek 8169 chipset. Sadly this chipset does have some limitations as mentioned in re(4) on OpenBSD
The RealTek 8169, 8169S and 8110S chips are only capable of transmitting
Jumbo frames up to 7440 bytes in size.
But I’m sure that should be good enough for a network of 1 user! =)

Hopefully within the next couple of weeks I well get OpenBSD 4.2 installed on this box & replace the current server, the only holdup for me atm is the builtin VIA Rhine-II interface doesn’t support adjustment of the mtu, which is going to cause some problems as I’m using pppoe(4) & don’t want use mssfixup in PF, using one of the gigabit interfaces instead would be a waste.

Dmesg from the 21/11/07 snapshot of -CURRENT:
OpenBSD 4.2-current (GENERIC) #452: Sun Oct 21 22:08:12 MDT 2007
deraadt@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: VIA Esther processor 1500MHz ("CentaurHauls" 686-class) 1.51 GHz
cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,APIC,SEP,MTRR,PGE,CMOV,PAT,CFLUSH,ACPI,MMX,FXSR,SSE,SSE2,TM,SBF,SSE3
cpu0: RNG AES AES-CTR SHA1 SHA256 RSA
real mem = 468152320 (446MB)
avail mem = 444747776 (424MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 10/02/07, BIOS32 rev. 0 @ 0xfa1b0, SMBIOS rev. 2.3 @ 0xf0000 (34 entries)
bios0: vendor Phoenix Technologies, LTD version "6.00 PG" date 10/02/2007
apm0 at bios0: Power Management spec V1.2
apm0: AC on, battery charge unknown
pcibios0 at bios0: rev 2.1 @ 0xf0000/0xc9e4
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfc910/208 (11 entries)
pcibios0: bad IRQ table checksum
pcibios0: PCI BIOS has 11 Interrupt Routing table entries
pcibios0: PCI Exclusive IRQs: 5 7 10 11
pcibios0: PCI Interrupt Router at 000:17:0 ("VIA VT8237 ISA" rev 0x00)
pcibios0: PCI bus #1 is the last bus
bios0: ROM list: 0xc0000/0x10000
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "VIA CN700 Host" rev 0x00
pchb1 at pci0 dev 0 function 1 "VIA CN700 Host" rev 0x00
pchb2 at pci0 dev 0 function 2 "VIA CN700 Host" rev 0x00
pchb3 at pci0 dev 0 function 3 "VIA PT890 Host" rev 0x00
pchb4 at pci0 dev 0 function 4 "VIA CN700 Host" rev 0x00
pchb5 at pci0 dev 0 function 7 "VIA CN700 Host" rev 0x00
ppb0 at pci0 dev 1 function 0 "VIA VT8377 AGP" rev 0x00
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 "VIA S3 Unichrome PRO IGP" rev 0x01: aperture at 0xf4000000, size 0x10000000
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
ral0 at pci0 dev 8 function 0 "Ralink RT2560" rev 0x01: irq 11, address 00:11:09:xx:xx:xx
ral0: MAC/BBP RT2560 (rev 0x04), RF RT2525
re0 at pci0 dev 9 function 0 "Realtek 8169" rev 0x10: RTL8169/8110SCd (0x1800), irq 7, address 00:30:18:xx:xx:xx
rgephy0 at re0 phy 7: RTL8169S/8110S PHY, rev. 2
"VIA VT6306 FireWire" rev 0x80 at pci0 dev 10 function 0 not configured
re1 at pci0 dev 11 function 0 "Realtek 8169" rev 0x10: RTL8169/8110SCd (0x1800), irq 5, address 00:30:18:xx:xx:xx
rgephy1 at re1 phy 7: RTL8169S/8110S PHY, rev. 2
re2 at pci0 dev 12 function 0 "Realtek 8169" rev 0x10: RTL8169/8110SCd (0x1800), irq 10, address 00:30:18:xx:xx:xx
rgephy2 at re2 phy 7: RTL8169S/8110S PHY, rev. 2
pciide0 at pci0 dev 15 function 0 "VIA VT6420 SATA" rev 0x80: DMA
pciide0: using irq 11 for native-PCI interrupt
pciide1 at pci0 dev 15 function 1 "VIA VT82C571 IDE" rev 0x06: ATA133, channel 0 configured to compatibility, channel 1 configured to compatibility
wd0 at pciide1 channel 0 drive 0:
wd0: 16-sector PIO, LBA48, 78532MB, 160834367 sectors
atapiscsi0 at pciide1 channel 0 drive 1
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0: SCSI0 5/cdrom removable
wd0(pciide1:0:0): using PIO mode 4, Ultra-DMA mode 6
cd0(pciide1:0:1): using PIO mode 4, Ultra-DMA mode 4
pciide1: channel 1 disabled (no drives)
uhci0 at pci0 dev 16 function 0 “VIA VT83C572 USB” rev 0×81: irq 10
uhci1 at pci0 dev 16 function 1 “VIA VT83C572 USB” rev 0×81: irq 10
uhci2 at pci0 dev 16 function 2 “VIA VT83C572 USB” rev 0×81: irq 11
uhci3 at pci0 dev 16 function 3 “VIA VT83C572 USB” rev 0×81: irq 11
ehci0 at pci0 dev 16 function 4 “VIA VT6202 USB” rev 0×86: irq 7
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 “VIA EHCI root hub” rev 2.00/1.00 addr 1
viapm0 at pci0 dev 17 function 0 “VIA VT8237 ISA” rev 0×00
iic0 at viapm0
spdmem0 at iic0 addr 0×50: 512MB DDR2 SDRAM non-parity PC2-4200CL3
auvia0 at pci0 dev 17 function 5 “VIA VT8233 AC97″ rev 0×60: irq 7
ac97: codec id 0×56494170 (VIA Technologies <70>)
ac97: codec features headphone, 18 bit DAC, 18 bit ADC, KS Waves 3D
audio0 at auvia0
vr0 at pci0 dev 18 function 0 “VIA RhineII-2″ rev 0×78: irq 10, address 00:30:18:xx:xx:xx
ukphy0 at vr0 phy 1: Generic IEEE 802.3u media interface, rev. 10: OUI 0×004063, model 0×0032
usb1 at uhci0: USB revision 1.0
uhub1 at usb1 “VIA UHCI root hub” rev 1.00/1.00 addr 1
usb2 at uhci1: USB revision 1.0
uhub2 at usb2 “VIA UHCI root hub” rev 1.00/1.00 addr 1
usb3 at uhci2: USB revision 1.0
uhub3 at usb3 “VIA UHCI root hub” rev 1.00/1.00 addr 1
usb4 at uhci3: USB revision 1.0
uhub4 at usb4 “VIA UHCI root hub” rev 1.00/1.00 addr 1
isa0 at mainbus0
isadma0 at isa0
pckbc0 at isa0 port 0×60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port 0×61
midi0 at pcppi0: spkr0 at pcppi0
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
pccom0 at isa0 port 0×3f8/8 irq 4: ns16550a, 16 byte fifo
pccom0: probed fifo depth: 15 bytes
pccom1 at isa0 port 0×2f8/8 irq 3: ns16550a, 16 byte fifo
pccom1: probed fifo depth: 15 bytes
fdc0 at isa0 port 0×3f0/6 irq 6 drq 2
biomask ffc5 netmask ffe5 ttymask ffe7
pctr: user-level cycle counter enabled
dkcsum: wd0 matches BIOS drive 0×80
root on wd0a swap on wd0b dump on wd0b

the results from md5 -t

Jetway J7F2WE1G5D-OC-PB Motherboard running OpenBSD
MD5 time trial. Processing 10000 10000-byte blocks...
Digest = 52e5f9c9e6f656f3e1800dfa5579d089
Time = 1.087264 seconds
Speed = 91973982.399859 bytes/second

8 Core MacPro running OS X 10.5
MD5 time trial. Digesting 100000 10000-byte blocks ... done
Digest = 766a2bb5d24bddae466c572bcabca3ee
Time = 2.261262 seconds
Speed = 442230944.000000 bytes/second

I’ve finally gotten around to bringing the FreeBSD port of Chillispot up to date with the current release (v1.1.0).
As v1.1.0 is considered unstable it will not overwrite v1.0 which is currently in the tree, it will instead live alongside it in net-mgmt/chillispot-dev.
I have not had a chance to test this port with any wireless clients yet but it should work in theory, the only difference between this port & the initial patch I made to make it buildable is that I’ve used an alternative method for dealing with clearenv() as pointed out by Joe Marcus Clarke

Grab a copy of the first revision of the port here

I got myself a Nokia 770 after Richard pointed me in the direction of a etailer which had them in stock dirt cheap, I’ve been using the unit for the past 2 days & all I can say is the screen is amazing, the strength of the wifi areal is really really good, its a little slow loading apps but that’s not an issue for me, I’ve got all the essentials on there, openssh, rdesktop & vncviewer, mplayer & scummvm on there plus there’s a whole load more at maemo

The tiny screen which runs at 800×400 means you can use rdesktop & every single detail on your screen is readable, something which my Axim can’t do.

I finally managed to roll out a new release of Brighton Chilli, the new release contains the following fixes & additions:
Added support for WPA & 802.11i to the kernel
Added support for Atheros chipset cards to the kernel
Fixed a typo in chilli.conf (chilli should redirect to the right file now)
Patch for chillispots hotspotlogin.cgi to enable it to work with lighttpd
Move the cgi-bin directory to /var mfs so that it’s on a writable FS allowing hotspotlogin.cgi to be edited
Added chillispot to rc.conf
Serial console redirection now works
Changed the loader logo to beastie

Whilst working on the next release of Brighton Chilli I found that if you attempt to use the stock hostspotlogin.cgi with lighttpd you’ll be presented with the following error message:
ChilliSpot Login Failed
Login must use encrypted connection.
Even though your server is setup correctly.
Apply this patch to your hostspotlogin.cgi & all should be well.

It seems the unannounced release of Chillispot 1.1.0 has a few typos in the source code aswell as use of the clearenv() function which is not available in *BSD, I’ve made a patch which sorts these problems out, test it out & send any feedback to the Chillispot mailing list

I was interviewed yesterday by Will Backman about Brighton Chilli for the BSD Talk Podcast

You can download a copy of the interview in ogg or MP3 format from here

Before you can use the CPAN shell on OpenBSD you need to install p5-LWP-UserAgent-Determined from the ports tree/packages.

Otherwise you wont be able to fetch any components properly
eg:

Fetching with Net::FTP:
ftp://cpan.sunsite.ualberta.ca/pub/CPAN/authors/01mailrc.txt.gz
Couldn't fetch 01mailrc.txt.gz from cpan.sunsite.ualberta.ca
Trying with "/usr/bin/lynx -source" to get ftp://CPAN.mirror.rafal.ca/pub/CPAN/authors/01mailrc.txt.gz
gzip: /root/.cpan/sources/authors/01mailrc.txt: unknown suffix: ignored

& the process will bomb out with MD5 checksum errors eg:


Trying with "/usr/bin/lynx -source" to get
ftp://CPAN.mirror.rafal.ca/pub/CPAN/authors/id/A/AN/ANDK/Bundle-CPAN-1.853.tar.gz
gzip: /root/.cpan/sources/authors/id/A/AN/ANDK/Bundle-CPAN-1.853.tar: unknown suffix: ignored
CPAN: Digest::MD5 loaded ok

I’d recommend removing
/root/.cpan/sources/authors/id/A/AN/ANDK/Bundle-CPAN-1.853.tar.gz. Its MD5
checksum is incorrect. Maybe you have configured your ‘urllist’ with
a bad URL. Please check this array with ‘o conf urllist’, and retry.

I normally wouldn’t say this about a Cisco product, but WOW, the 100mW transmit power on the arials means I can get coverage everywhere in my house with this card plugged into my workpad, I struggle with most spots on my Axim, PowerBook or ThinkPad with a Orinocco plugged in.
The only problem I’ve ran into so far is a bug in NetBSD 3.0 (& OpenBSD 3.9 aswell aparently). It seems that once you upgrade to the recent versions of the firmware for this card (5.60 series), the AN(4) driver fails to attach & complains about the record buffer being too small
an0 at pcmcia0 function 0:
pcic0: port 0×15000440-0×1500047f
ISA IRQ 3 -> vrgiu0 port 9, level high through
pcmcia0: card irq 3
an0: record buffer is too small, rid=ff00, size=198, len=258
an0: read caps failed
an0: failed to attach controller
an0 detached

Once I downgraded to version 5.41 the problem went away!!

an0 at pcmcia0 function 0:
pcic0: port 0×15000440-0×1500047f
ISA IRQ 3 -> vrgiu0 port 9, level high through
pcmcia0: card irq 3
an0: Cisco Systems 350 Series (firmware 5.41)
an0: 802.11 address: 00:0f:90:xx:xx:xx, channel: 1-13
an0: 11b rates: 1Mbps 2Mbps 5.5Mbps 11Mbps

Checking the NetBSD gnats database I found a PR which has a fix attached though I haven’t had a chance to try it out yet.

There is a patch for OpenBSD here which I presume is included in 4.0

To be able to connect to a Windows based PPTP VPN through a OpenBSD firewall you’ll need to make a couple of changes to allow GRE traffic through.
first add the following to /etc/sysctl.conf:
net.inet.gre.allow=1
net.inet.gre.wccp=1
net.inet.mobileip.allow=1

then add the following to the filter section in your /etc/pf.conf:
pass in on $ext_if proto gre all keep state
pass out on $ext_if proto gre all keep state

To make the changes effective without having to reboot issue the following as root:

sysctl net.inet.gre.allow=1
sysctl net.inet.gre.wccp=1
sysctl net.inet.mobileip.allow=1
pfctl -f /etc/pf.conf

Blake Crosby has a collection of scripts on his site which are handy for fetching logs and generating stats from a Google Search Appliance (the mini GSA aswell).
You’ll need to install some modules from CPAN before you get started, all the required moduled are included in a comment on each script.

Disable the onboard Broadcom chipset network card & stick a Intel i82558B chipset network card in the system, I used a Compaq NC3121 which can be picked up off ebay for next to nothing. The card doesn’t specifically have to be i82558B based, I think OS X supports the entire range of the Intel chipsets supported under the *BSD fxp driver.