digitalocean FreeBSD droplet network config gone after pkg update

Sort answer:

Boot to single user mode, edit /etc/rc.d/digitalocean
Change this line

# REQUIRE: var


# REQUIRE: var ldconfig

Long story:

I got a FreeBSD droplet in digitalocean, created long time ago. After a manual package maintenance and reboot, network of this droplet is gone.

During boot process, I also noticed these two unusual lines:

Shared object "" not found, required by ""
Shared object "" not found, required by "python2.7"

Of course these files are there, also confirmed by “ldconfig -p” output. Maybe this issue is related with rc order? After quick fix above applied, my droplet works again.


Slow or failed SMB, samba (nmb), mDNSResponder, avahi (mdns) based name resolution over wifi

Modern wifi router / access point devices got a multicast rate limit option, with default low value, like 1M. Usually this is OK. But if your daily work needs samba or mdns based name resolution heavily, the default value may be too low. Raise it a higher value should help.

macOS Sierra, ssh key passphrase, and the Keychain

Tell macOS Sierra to stop Keychaining ssh key passphrase.

The behavior of ssh, ssh-agent and ssh-add, changed in macOS Sierra. There is no GUI pop up asking for ssh key passphrase to store the identity in ssh-agent. Instead, ssh asks you for the passphrase via command line prompt, then stores the passphrase in the Keychain. The worst part is, there’s no clue to delete that via Keychain Access. This isn’t quite right. Usually we expect ssh-agent stores our keys only, and the system will forget the identity after reboot. The concept is, the program can only remember the key but not the passphrase.

For people who want the old behavior, simply put these three lines in your ~/.ssh/config:

Host *
  UseKeychain no
  AddKeysToAgent yes

UseKeychain is a macOS only parameter, default yes. AddKeysToAgent is a new parameter introduced in OpenSSH 7, default no.

How about the passphrase previously stored in the Keychain?

First, using ssh-add to load your key into the agent again.
Then, using ssh-add -K -d to delete the key in agent and the passphrase in Keychain. Finally, using ssh-add -K to make sure nothing will be automatically loaded.

For those who still feel unhappy, find these files by find and delete them:

cd ~
find ./ -name "keychain-2.db*"

Though there’re some other stuff encrypted in it. Make sure there’s a backup before delete them.

Workaround for gogoc and freenet6 keepalive engine problem.

So many years passed, even after end of gogo6 project, still nobody found this out. Does anyone really use gogoc / freenet6 in daily life? Reason? icmp_echo_id in p_engine is uint16_t.

--- gogoc-tsp/src/net/icmp_echo_engine.c~	2016-07-22 15:16:32.382995000 +0800
+++ gogoc-tsp/src/net/icmp_echo_engine.c	2016-07-22 15:16:44.244691000 +0800
@@ -238,7 +238,7 @@
   p_engine->clbk_recv = recv_clbk;

   // Initialize engine socket variables.
-  p_engine->icmp_echo_id = pal_getpid();
+  p_engine->icmp_echo_id = pal_getpid() % 65536;
   p_engine->icmp_saf = af;
   switch( p_engine->icmp_saf )

Add utun support for gogoCLIENT

With some copy and paste work, it’s working now.

Utun support: utun works like OpenBSD’s tun. We need to take care of the first 4 bytes. That’s all.
Openssl: Since El Capitan, openssl headers are removed. So, use macports’s headers.

Code is on github


% sw_vers
ProductName: Mac OS X
ProductVersion: 10.11
BuildVersion: 15A284

Build gogoc on OS X El Capitan

According to and test on OS X El Capitan with XCode 7.0.1, it’s not possible to build gogoc now. A quick fix for building this useful tiny utility, is to make use of macports. This is a quick hack. Need to do some research to understand how people deal with OS X without openssl header files.

diff -ruN gogoc-1_2-RELEASE~/gogoc-tsp/Makefile gogoc-1_2-RELEASE/gogoc-tsp/Makefile
--- gogoc-1_2-RELEASE~/gogoc-tsp/Makefile	2010-03-08 03:49:54.000000000 +0800
+++ gogoc-1_2-RELEASE/gogoc-tsp/Makefile	2015-10-03 21:09:45.000000000 +0800
@@ -61,7 +61,7 @@
 	$(PWD)/conf \
 LD_LIBRARIES=-lgogocpal -lgogocconfig -lgogocmessaging

% sw_vers
ProductName: Mac OS X
ProductVersion: 10.11
BuildVersion: 15A284

Using HiNet IPv6 tunnel broker on OS X.

HiNet is a popular ISP in Taiwan. Its IPv6 tunnel broker still works in year 2015. Why do I still need the tunnel broker, since the ISP provides native IPv6 service already? Because…

  1. I need IPv6 to work, apparently.
  2. I can only use native support in my home. Not in my office, not in my friend’s apartment.. etc.
  3. stf does not work behind NAT.

Okay it’s easy.

  1. You need gogoc-1_2-RELEASE.tar.gz. It’s ok to just pick it up from a FreeBSD distfile mirror.
  2. You need Xcode.
  3. You need tuntaposx.
  4. A little patch for gogoc-tsp/platform/darwin/tsp_local.c
    --- gogoc-1_2-RELEASE~/gogoc-tsp/platform/darwin/tsp_local.c 2010-03-08 04:08:27.000000000 +0800
    +++ gogoc-1_2-RELEASE/gogoc-tsp/platform/darwin/tsp_local.c 2015-09-12 03:31:50.000000000 +0800
    @@ -57,7 +57,7 @@
    void tspSetEnv(char *Variable, char *Value, int Flag)
    Display(LOG_LEVEL_3, ELInfo, "tspSetEnv", GOGO_STR_ENV_PRINT_VALUE, Variable, Value);
    - setenv(Variable, Value, Flag);
    + if ( Value != NULL ) setenv(Variable, Value, Flag);
    }// --------------------------------------------------------------------------
  5. Config it properly and run it.

Now it’s okay to test by Chrome. Navigate to Okay to ping6 -c3 also.

If you want it work in Firefox, Safari, you need a workaroud. Assign a static IPv6 IP in your en0 or en1. A documentary IP 2001:db8::1/64 will work. It’s a OS X problem.


% sw_vers -productVersion
% cc -v
Apple LLVM version 7.0.0 (clang-700.0.72)
Target: x86_64-apple-darwin14.5.0
Thread model: posix