--- Log opened Sun Apr 29 00:00:02 2018 02:06 < giaco> Hello 02:08 < giaco> I have machine A (client) and machine B (server). B is visible to A only though a client-server tunnel application where A is still the client and B is still the server. So I first run the tunnel app and connect A to B, then I run openvpn server on B listening to the tunnel destination port and openvpn client on A connecting to the tunnel entry. Everything runs smoothly if A does not redirect all the traffic to B. I want al 02:08 < giaco> l the traffic to be redirected, but if I push "redirect-gateway def1 bypass-dhcp" in openvpn the tunnel collapses and so the VPN. Any solution? Thank you 02:09 < giaco> please mind, openvpn is not required, I just need to redirect all traffic from A to B passing trough the tunnel application 02:10 < drac_boy> hi 02:11 < drac_boy> any of you here ever dealt with draytek? just a bit curious about what their support would be like 02:26 < dogbert2> the adafruit USB serial to TTL (GND, TX, RX) works great for the Libre Computer :) 02:44 < drac_boy> rather quiet here today 02:46 < dogbert2> yeah...whazzup? 02:46 < drac_boy> not much beside trying figure out the cards for a possible router box .. you? 02:50 < drac_boy> dogbert2 and yeah I dunno but its probably either freebsd or pfsense depending on how the latter can take the hardware combination in question 02:54 < dogbert2> messing around with my libre computer...attached the USB serial to TTL UART cable to a USB port on the back of the desktop...has 4 pins, pwr, gnd, tx, rx 02:55 < drac_boy> and why ttl btw? :) 02:58 < dogbert2> take a look at the SBC: https://libre.computer/products/boards/aml-s905x-cc/ (onboard 3 pin UART) for console access when you f**k up something 02:59 < dogbert2> the adafruit cable has 4 pins...power (red), tx (white), rx (green) and gnd (black) 02:59 < dogbert2> so I leave the red wire/pin disconnected since the board has power via a wall wart 03:13 < drac_boy> anyway going off for now 03:16 < dogbert2> l8r 03:55 < Antares> PayPal hackdynamics@mail.ru - дайте пожалуйста кто сколько может, на совт нехватает :( 06:03 < mellotto> :) 06:03 < mellotto> hi there 06:03 < skyroveRR> Hello :) 06:11 < Project86__> Is it possible to have a point 2 point VPN tunnel between 2 machines (no internet on client machine), but ALSO have a regular VPN server to the internet on the main machine (machine 1) simultaneously? 06:12 < Project86__> Offline client connect to server via p2p WiFi, which in turn accesses internet and relays info back to machine 1 06:13 < Project86__> I'm sure I need 2 WiFi modules. But can it be done? 06:14 < fryguy> Project86__: that's called a router 06:15 < Project86__> A VPN'd router? 06:16 < Project86__> I know VPN server machine can be routed through, but didn't know if it could do 2 seperate VPN tunnel types at once 06:16 < fryguy> you can 06:17 < fryguy> a VPN is just another network connection 06:17 < fryguy> it's possible to have lots and lots of network connections 06:17 < Project86__> Any good tuts you could point me to for OpenVPN to accomish this type of config? 06:18 < fryguy> try reading the basic openvpn documentation first of all 06:18 < fryguy> and then maybe ask a more specific question 06:18 < fryguy> also, consider using ipsec instead of openvpn. it might be more appropriate. 06:18 < Project86__> I skimmed through it.. 06:19 < fryguy> might be time for a more in depth read 06:23 < Project86__> A more specific scenario. VPN client (machine 2) will be offline, and need to connect back to server (machine 1) to relay internet activity back to client. Allowing me to connect to offline client (now getting internet from server) with my phone, or other device to also tunnel traffic between connected devices (phones) through the client. I'll read though. 06:28 < Project86__> From what you say about that basically being a router, I'm guessing both machines will need to be set up as routers. 1 offline just as a p2p AP, and another linked to that router p2p that has internet access 06:28 < Project86__> Thanks fry 06:38 < giaco> how can I select the iperf3 listening port in UDP mode? The --port option is only accepted in TCP mode 06:52 < meingtsla> giaco: iperf3 -s -p . Note that iperf3 by design establishes a tcp control connection prior to running a udp test, so you won't see iperf3 listening on that udp port in netstat or ss outputs. 06:53 < giaco> meingtsla: didn't know that, thank you. I need to find another tool as I have to test a icmp tunnel accepting udp connections at both ends 07:47 < tmerr> my head... 07:56 < jcarpenter2> tmerr: networking will do that 07:56 < jcarpenter2> all those subnets and gateways 07:56 < jcarpenter2> and link layers and application layers 07:59 < tmerr> i heard about WebRTC and have ended up in a rabbit hole trying to understand why any of this would work in a million years. 08:30 < Kaidok5797> Hello there! This might not be a networking issue, but I think it is. I have setup a local wordpress environment on a spare computer. I have it assiged a static IP on my local network. I can reach the local wordpress just fine on all devices in my local network by typing in the IP address I assigned it. Being that its wordpress.. I went to install a theme using the Wordpress theme library. 08:30 < Kaidok5797> I get the error " An unexpected error occurred. Something may be wrong with WordPress.org or this server’s configuration." 08:31 < Kaidok5797> I get the same issue when trying to access the wordpress plugin library 08:36 < mgolisch> check that computers network settings 08:36 < Kaidok5797> What would I be looking for? 08:36 < Kaidok5797> I've looked in there.. everything seems to be in order 08:36 < mgolisch> can it access the internet? 08:37 < Kaidok5797> yes 08:39 < Kaidok5797> whoa 08:39 < Kaidok5797> ok 08:39 < Kaidok5797> so without me doing anything at all 08:39 < Kaidok5797> just closing browser window on test device 08:40 < Kaidok5797> and reopining it now works 08:40 < Kaidok5797> I tried that already once hmm 08:40 < Kaidok5797> bizzare 08:40 < Kaidok5797> but its working now 08:40 < Kaidok5797> so thanks anway mgolisch 09:08 < tmerr> Trying to understand UDP hole punching https://en.wikipedia.org/wiki/UDP_hole_punching#Flow 09:09 < tmerr> So it sounds like sending an outgoing UDP packet is sufficient for the router's firewall to allow responses to come back for the now known (IP, port), (IP, port) UDP conversation? 09:10 < tmerr> i am mainly wondering about common home routers (or whatever you call them) that everyone has 09:14 < phocking> tmerr: even though udp is stateless, firewalls/routers are not 09:14 < phocking> they typically will add a mapping on the same port to go back to whatever node originated the request 09:16 < tmerr> thanks phlocking, wow. any idea how long i should expect the TTL of an entry in the mapping to be? on the order of seconds, minutes, hours? 09:16 < tmerr> assuming it's purely time based 09:17 < phocking> are you writing software or something? just make sure to use the same port that it comes in on for a response to take advantage of the firewall/router state tables 09:20 < phocking> https://en.wikipedia.org/wiki/UDP_hole_punching 09:20 < tmerr> not at the moment. though WebRTC has caught my interest, and relies on UDP hole punching, so i'm trying to make sense of its limitations 09:21 * GenteelBen adds "UDP hole punching" to his list of interview jargon 09:21 < GenteelBen> Oh lawd, WebRTC. 09:21 < GenteelBen> That disaster. 09:23 < tmerr> Lol, is something bad about it? 09:23 < tmerr> Other than defying every intuition I have about networking 09:24 < phocking> i figure if it needs to be stateful there is a protocol for that, and if it needs to be stateless there is a protocol for that lulz 09:27 < tmerr> I can't tell what's stopping someone from building a peer-to-peer CDN for static files on top of webRTC 09:45 < tmerr> Nevermind, it's been done 10:00 < takeshikovacs> hey guys. hopefully somebody can point me in the right direction. I have several windows 10 laptops which have are having problems with wifi. access point acts as bridge (via LAN) to the ipfire router. DHCP is done by the router. laptops are getting IPs fine, I can ping the AP and the router, but I can not ping anything outside the subnet of the router (DMZ and internet). sometimes it does work after 5 minutes, sometimes 10:03 < takeshikovacs> one linux laptop and all android devices on the same network are working just fine. I really have no idea what setting could cause this behaviour on the windows machine and I also don't know what else to look for. flushing dns, ipconfig release and renew are also not helping. 10:03 < takeshikovacs> what can I do to analyze this problem? any ideas/suggestions? 10:03 < CWNE88> if you can ping the gateway, can you ping the gateway at the same time as it's not able to ping further outside the subnet? 10:04 < CWNE88> and what's the error message... no host, or no route to host? 10:04 < detha> what does tracert 8,8,8,8 do ? 10:04 < takeshikovacs> yup, ping to the AP and gateway are working just fine. ping to 8.8.8.8 are not working 10:04 < CWNE88> takeshikovacs: what's the error message? 10:04 < anddam> hello again 10:05 < CWNE88> does it just time out, or does it say no route to host? 10:05 < takeshikovacs> error message is a timeout while executing (paraphrasing here as it is in german) 10:05 < anddam> so about 12 hours I was looking into accessing an old AP, with either dd-wrt or openwrt from several years ago flashed on it, possibly with a manually edited configuration that is non-working. 10:06 < CWNE88> then problem does sound like it's after your gateway 10:06 < CWNE88> can you packet capture on the uplink side of the gateway to see if it's reaching there? 10:06 < anddam> I connect the AP to my computer via ethernet, after starting tcpdump -v on the interface, and I get https://gist.github.com/anddam/cf276cebc64827a917797ca6b820431d 10:07 < takeshikovacs> tracert also just gives a timeout, for all hops. 10:07 < takeshikovacs> any recommendation for the packet capture? linux cli 10:07 < anddam> my computer has 192.168.1.16 address and I see the AP is doing traffic as .1.1, but then when trying to ping or access its web interface I get a "Destination host unreachable" 10:08 < CWNE88> tcpdump host x.x.x.x <-- client IP 10:08 < CWNE88> see what arrives 10:08 < takeshikovacs> great, thanks. will do 10:08 < anddam> question: looking at the log and given that the computer iface has been manually set to .1.16 , am I correct saying the AP is configured with .1.1? 10:14 < takeshikovacs> https://paste.debian.net/1022522/ <--while pinging the gateway and afterwards 8.8.8.8 10:15 < CWNE88> I don't see any ICMP there 10:15 < CWNE88> ping from the router to 8.8.8.8 10:16 < CWNE88> check its route table 10:17 < takeshikovacs> well ping from router to 8.8.8.8 works, otherwise I wouldn't be able to write with you :P 10:18 < CWNE88> well how it it getting lost? 10:18 < CWNE88> can you tcpdump on the inside of the router and see if it even made it that far? 10:18 < CWNE88> actually.... 10:19 < CWNE88> it can ping gateway because it's on same subnet, but these windows hosts might have a different default route that ISN'T that router, hence when destined outside your network, they're not trying to go through that gateway, hence you see no sign of the ICMP packets 10:19 < CWNE88> check route table on the windows boxes 10:19 < takeshikovacs> coming, one second. need to find a usb stick :P 10:27 < takeshikovacs> https://paste.debian.net/1022523/ <-- it's in german unfortunately. 10:27 < CWNE88> what's with the 192.168.0.133 ? 10:28 < CWNE88> is that the local interface address? 10:28 < takeshikovacs> local ip of the laptop with windows where it is not working. 10:28 < CWNE88> it would be... so is 192.168.0.1 the actual gateway IP? 10:28 < CWNE88> what does tcpdump.... or wireshark on that client say for ICMP when you try to ping 8.8.8.8? 10:29 < takeshikovacs> yup, 0.1 is the gateway. 10:30 < CWNE88> well basically you'll have to check each step and see where it goes missing, starting with a capture at that client 10:32 < takeshikovacs> wireshark on that machine is going to be a problem since it is a company laptop without admin rights. I'll try the private one now and get a dump from wireshark 10:33 < CWNE88> and the AP is just an AP right? no layer 3 stuff? 10:37 < takeshikovacs> yup, It's just a fritzbox AP without anything fancy in it. 10:40 < CWNE88> well, follow the captures from end to end and see where it goes missing 10:41 < takeshikovacs> https://paste.debian.net/1022527/ <---- this is route print on the same laptop. first entry when it is NOT working, second when it is working. 201 is the client IP. the only difference I can see is the ipv6 stuff, which, to be honest, I know nothing about. 10:42 < CWNE88> you haven't got a duplicate IP or something stupid have you? 10:42 < CWNE88> check ARP table on router 10:42 < CWNE88> although you pinged it anyway, so that won't be it... forget that 10:42 < takeshikovacs> god I hope not! but good point, let me check. 10:42 < CWNE88> just capture each step and see where it's missing 10:51 < detha> takeshikovacs: looking at that, isn't 'working' going 4-over-6 through that teredo tunnel? See what one of the 'what is my IP' sites gives you 10:58 < takeshikovacs> detha: nope, standard ip from the gateway. but I found something weird while looking at wireshark with a filter on ICMP. i saw a LOT of requests from the two pioneer receiver that are on the same subnet with ICMP requests to the local machine. I disconnected them and now it is working immediately on both machines. although that doesn't mean much. could just be coincidence. problem is, I also haven't figured out a way to 10:59 < takeshikovacs> could be that it is working now and stops working again tomorrow. btw. once the laptop(s) are online, the connection is rock solid. it only occurs after shutting them down/hibernating. sometimes. :P 11:08 < takeshikovacs> ok, I'm dropping the ICMP requests for the pioneer receivers now. maybe that'll help, although I doubt it. 11:09 < detha> takeshikovacs: no idea then, one of those 'check everything step by step, verify ARP tables to make sure what you think you are seeing is indeed what you are seeing' 11:10 < takeshikovacs> yeah, that will be my next, but like I said. first it has to stop working again. 11:11 < takeshikovacs> detha: thank you very much for your help and time though! 11:11 < takeshikovacs> CWNE88: same goes for you. thank you! 11:58 < slavka`> hey all 12:03 < drac_boy> hi 12:08 < currybullen> a swedish ISP started logging customer traffic a couple of years back since the law required it. to protect their customers anonymity they started offering a free VPN to all customers. however, the VPN they offer does not use encryption. i fail to see how the use of this VPN would circumvent the effects of the ISP traffic logging. am i missing something? 12:09 < currybullen> oh wait, im stoopid, i just realized how 12:10 < currybullen> if the ISP is only mandated to log IP adresses it will only log the IP of the VPN 12:30 < slavka`> hey guys, when doing scp or rsync on a centos7 server... it seems to start pretty fast, but after a few seconds status becomes `stalled`, i have tried limiting speed with `-l` and using different cyphers but same behaviour... anyone can offer some insight would be appreciated 12:35 < detha> slavka`: MTU? 12:36 < slavka`> far as i know its 1500 , i dont know much about that setting 12:47 < detha> slavka`: what is between you and the server? 12:47 < slavka`> far as i know the server is a VM 12:48 < slavka`> im ssh ing in... doing scp between one vm and another on the same physical machine 12:50 < detha> how much does it copy before it stalls? 12:50 < slavka`> diff every time... also depending on what options i use... 12:50 < slavka`> without any options ~160mb 12:51 < detha> 160MB ? How large is that file? 13:03 < slavka`> bout 1200mb 15:21 < Celmor> I'm trying to troubleshoot a problem related to my network setup with iperf but it keeps aborting and client prints 'iperf3: error - received an unknown control message' 15:23 < Celmor> https://ptpb.pw/Oz-G 15:27 < Celmor> so something seems wrong with the binary for windows seems the iperf tool for linux works fine 15:33 < redrabbit> works fine here 15:39 < Celmor> was a version mismatch 15:43 < kopper> Ishaq` [~Ishaq@2001:1af8:4700:a110:1::*b00b*] has quit [Quit: Unexpected Leave!] 15:43 < kopper> Teehee 16:57 < Sefid_par> I have Q about POS (Payment (Point Of Sale) equipment. I have shared my internet from wifi to eth0. But when I connect the POS to eth0, It says Cannot connect to the internet. I have checked the eth0 by wireshark but saw no packets passing. The provider says that, It could connect to the network preivously. I need help. I need connect POS to the internet. 17:00 < petemc> Sefid_par: does the POS have an ip address? 17:01 < dogbert2> no IP address, no access...wlan0 on my libre computer was being a PITA until about 5 mins ago...now it starts automactically on system restarts 17:01 < Sefid_par> petemc: In fact, I think no. I have tested it on a switch. The switch LED was ON but I saw no device using DHCP list or arp command 17:27 < variable> bah! my dhcp server refuses to give me a consistent IP even though its configured to do so by mac address 18:08 < comet23> what are the easiest to use tools for network monitoring and credential harvesting on your own network? 18:08 < comet23> (basically i have kids in my house and i want to monitor their online activities and get their passwords and stuff to make sure they're not doing anything bad) 18:08 < variable> comet23: there is a really useful tool for that 18:08 < variable> but its not commonly recomended on technical forums 18:08 < variable> even though its better than anything else 18:09 < drathir> comet23: static ip assigment and dns blocking... 18:09 < variable> comet23: its called "open and honest communication" 18:09 < variable> talk with your kids 18:09 < comet23> they're not my kids 18:09 < variable> don't surveil them 18:09 < drathir> variable: thats a *TRAP* ^^ 18:09 < comet23> the nsa is doing it so there's no reason why we shouldn't apply surveillance on our own networks 18:10 < comet23> i don't want to do dns blocking, i want to make sure they can get on any site and then i want to capture cookie and login details 18:10 < drathir> comet23: You wanna raise monsters breaking trust? 18:11 < comet23> they're not my kids i really don't care if they get struck by lightning 18:11 < drathir> comet23: thats thats naughty even in my standards... ;/ 18:12 < drathir> comet23: why do You care to access their accounts? identify thiefts is nope by me... 18:13 < comet23> it's not identity theft when it's in your own network 18:13 < variable> ... 18:13 < comet23> i captured their cookies and i am accessing their emails as we're chatting here 18:13 < drathir> comet23: secure the network block access... 18:13 < comet23> no 18:14 < drathir> comet23: thats naughty spying on own users w/o reason given even with reason first always good to ask for permssion still... 18:16 < redrabbit> wtf is wrong with you 18:16 < redrabbit> creep 18:16 < variable> redrabbit: I like your nick 18:16 < redrabbit> thanks 18:18 < drathir> comet23: no offence but that way of tink smell to me stalking/bullying scenario... i hope im wrong... 18:20 < comet23> no stalking just making sure there's nothing bad going on in my network 18:21 < n0c> anyone here deployed zerotier in your enterprise at small-medium scale? 18:21 < drathir> comet23: anyway i give You mine ideas of problem solutions... no offence but i will not wish You gl with future search... 18:21 < n0c> (like the first couple tiers of their entitlement) 18:22 < redrabbit> how is that even legal 18:22 < drathir> comet23: easy TOS and accounting will solve Your issues... and in TOS clearly state that connections are logged if You does that... 18:23 < redrabbit> id sue your ass down to the ground 18:23 < comet23> i'm making a tos page right now and removing the password and i'm setting up a proxy server to monitor all traffic 18:23 < drathir> redrabbit: in some countries even dns manipulation is illegal... aka domain blacklisting by isp... 18:25 < Project86__> Just saw a commercial for Experian, the offer free dark web scan now. I was shooketh, when did this begin? Do all 3 monitor dark web now? And how? 18:25 < drathir> comet23: i hope You will required parent advosory confirm at kids sign or adult only access with clearly described TOS... 18:26 < tds> also, if you want to capture pretty much anything useful these days you'll need to MITM SSL and install your own root CA on every device 18:26 < redrabbit> pretty sure its illegal in the eu 18:26 < redrabbit> no matter what the tos is 18:27 < comet23> well they're adult kids 18:27 < comet23> like in their 20s lol 18:28 < grawity> lol that makes it even worse 18:28 < redrabbit> creepy as fuck dude 18:28 < redrabbit> gtfo 18:29 < tds> if your aim is to get these people to learn about networking and tunnel their way out of your network, that sounds like a good way of going about it ;) 18:31 < drathir> redrabbit: as i know traffic record probably yes but connection info ip and dates are leggal mostly when tos clearly described that... 18:32 < drathir> thats its god example of network security matter... 18:34 < drathir> using public hotspots or rgue random routers could end soo badly... 18:35 < drathir> rogue* 18:52 <+catphish> don't feed the trolls 18:55 < drathir> catphish: k, but that sounds for me more as true story sadly... ;/ 19:07 < Ignacy> Hey guys, what are the FTP ports? is that 21/TCP and 20/UDP? My books are not specific enough. I'm setting up an FTP server on amazon and need to open the required ports. 19:07 < Ignacy> I'm not sure whether port 20 used TCP or UDP 19:07 <+xand> use HTTP or SFTP instead of FTP 19:08 < `whoami`> Ignacy: if I might suggest you to use sftp 19:08 < `whoami`> oh 19:08 < Ignacy> I want it available from a web browser. Can I host small (~30MiB) files trough http? 19:08 < crR5> why do we use arp -a command 19:09 <+xand> Ignacy: yes. 19:09 < redrabbit> Ignacy: sure 19:09 < crR5> what arp does, why it convert ip to mac addresses 19:09 < `whoami`> Ignacy: sure, even multiple Gb 19:09 <+xand> crR5: why? because that's why it was created 19:09 < Ignacy> ah ok, thanks for clearing it up. Looks like I made a mistake planning what I wanted to do. 19:10 <+xand> all you should know about FTP ;) https://mywiki.wooledge.org/FtpMustDie 19:10 < Ignacy> ah greycat, I've met this guy. 19:10 < crR5> +xand: what is the reason if it converts ip to mac 19:12 < shtrb|laptop> Ignacy, ftp have three ports (20,21 and data depending on passive or active mode) 19:13 < shtrb|laptop> but nuke it and use a sane protocol such as sftp 19:14 < Ignacy> @shtrb|laptop `whoami` ok, now I've realised trying to get ftp was a mistake, and what I really need is http server. 19:14 < drathir> Ignacy: ftp is weak idea bc need a range of ports hard to deal wit fw... 19:15 < drathir> wit/with* 19:15 <+catphish> Ignacy: like others, i'd strongly recommend using SFTP instead, if you need to use FTP, it requires opening a wide range of ports 19:15 < shtrb|laptop> Ignacy, the only reason to use ftp today is that you can't handle anything else and you are asking to be hacked 19:15 <+catphish> Ignacy: oh, just saw about web browser, you definitely want http 19:16 <+catphish> Ignacy: you can host *any* sized files with http :) 19:16 < drathir> or just YOu mirror and dont care ;p 19:16 < Ignacy> I thought about sftp, but getting non-linux people to install an sftp client, configure it, get everyone an username sounds too complicated. 19:16 <+catphish> Ignacy: if you're just sharing files, use http 19:16 < `whoami`> filezilla handles sftp pretty well 19:17 < Ignacy> but then I'd have to explain public/private key cryptography to couple people that I'm trying to convince that programming is EASY 19:17 < drathir> Ignacy: sftp its wide protocol... easy clients even with keys... 19:18 <+catphish> you can use sftp with passwords too 19:18 <+catphish> however, http is still the correct choice here 19:18 < Ignacy> but that wouldn't work if PasswordAuthentification is no 19:18 < drathir> Ignacy: connecting honestly isnt too diff than ftp ones... but more secure and easier bypass by fw... and as catphish its similar user pass as ftp does too possible... 19:19 <+catphish> Ignacy: obviously not 19:19 <+catphish> but if you were security conscious enough to disable passwords on ssh, you wouldn't dream of using ftp :) 19:20 < drathir> Ignacy: keys are most secure in theory as You familiar with m$ probaly could craft client with configuration build in just un7zip... 19:21 <+catphish> so, you want to share files with people, and you want them to authenticate? if so, you want a web server (apache is well documented) and .htpasswd (a way to set per-user passwords in apache, and other web servers) 19:21 < Ignacy> ok point taken. I actually thought about setting what drathir just said, so I could get my whole family's ebooks in one place to make it easier to share. 19:21 < drathir> Ignacy: but easier just easy guide with pictures, bitvisessh/filezilla are not so had ones... 19:22 <+catphish> there are other options of course, like dropbox 19:22 < Ignacy> catphish, I want to host a book first, so people could easily download it. sftp server is a later plan, for something completely different 19:22 <+catphish> great for synchronizing files between several users 19:23 < drathir> Ignacy: no offence i not wanna that sounds badly, but even kid should able to configue them with step by step guide... 19:23 <+catphish> http is the best option for hosting files 19:23 < drathir> Ignacy: and does once and use... 19:24 < shtrb|laptop> Ignacy, you can setup webdav (already installed in windows) 19:24 < drathir> Ignacy: but yea ony for one file just http+cdn im even reccomend... 19:24 < shtrb|laptop> and they can always do net use \\SSL@... 19:24 < nolove> anyone using cisco virl here? 19:25 < drathir> Ignacy: cdn will speedup a file delivery or use such providers like megaupload/dropbox to migrate traffic... 19:25 < shtrb|laptop> choose your cdn wiesly (make sure it's TOS is ok by you) 19:26 <+catphish> cdn, that escalated fast 19:26 < shtrb|laptop> it's dirty cheap and they do everything for you 19:26 < drathir> catphish: for book i think is good idea, to offload server... 19:27 < drathir> catphish: kinda tatic content stilll... 19:27 < drathir> tatic/static* 19:28 < drathir> and for book ~50M probably even free plans could fit but that guess... 19:29 <+catphish> drathir: for something where latency doesn't matter, a CDN is huge overkill unless you're seeing pretty large traffic 19:29 < shtrb|laptop> Is he allowed to put that on a CDN ? now with the copyright inforcement could be an annoyance 19:32 < lupine> best to avoid CDNs 19:33 < drathir> catphish: yep that true, depen on book at start of project 'if good book' the hit could be big and sad to see http server timeouts... later traffic probably goes down... 19:35 <+catphish> drathir: plausible 19:35 <+catphish> lets be honest, if the book is a huge hit, amazon are distributing it :) 19:37 < redrabbit> dl.free.fr to host files 19:40 < drathir> catphish: yep if paid one or amazon welcoming free content too ? 19:40 <+catphish> drathir: i think they do free books too 19:42 < drathir> catphish: oh in that case probably that even best idea and website just a backup... 19:43 < drathir> for webste visitors eg... 19:46 < Ignacy> I just wanted to send some book to 6 friends. Hosting service I've used deleted the files before everyone could get them. But thanks for the info about CDN, I'll consider the pros and cons. 19:46 < Ignacy> And the book was too big to send it over email. 19:46 < redrabbit> try dl.free.fr 19:46 < Ignacy> kk 19:47 < redrabbit> it's ran by an isp and no bs 19:56 < crR5> what happens at different layers when i send a mail from outlook to some mail address 19:57 <+catphish> crR5: that's a short question with a very long answer 19:58 < crR5> +catphish: yeah i can understand. try helping me? :) 19:59 <+catphish> crR5: lots of things happen, at its simplest, the sending email server does an MX DNS lookup to find the destination server to send to based on the domain name of the email address, then it makes a tcp connection on port 25 to one of the servers discovered, and sends the email using smtp protocol 19:59 < crR5> +catphish: what are the layers used here? does it send from application layer? 20:00 <+catphish> all the layers are always used 20:00 < crR5> ah ok 20:01 < crR5> +catphish: any good resources to dig more into that 20:02 <+catphish> so in the case of sending an email, you have the application layer protocol (SMTP), which sits on top of the transport layer protocol (TCP) which sits on top of the network layer protocol (IP), which is on top of the data link protocol (ethernet), and finally the physical protocol (also ethernet, tha cable) 20:03 < crR5> +catphish: so at the other end the mail is probably decrypted again at the application layer? or still all the layers are used? 20:05 < crR5> does checksum happen too? 20:11 < Celmor> there's no decryption as there's no encryption by default, servers could use TLS for transportation though but there's no encryption in the "email"/smtp protocoll 20:11 < Celmor> you could use s/mime but that's a layer above 20:12 <+catphish> crR5: i think you're asking way too many questions at once 20:13 < crR5> thought of getting this thing cleared :) 20:14 < detha> might as well ask 'How does this internet thing work?' 20:16 < shtrb|laptop> Quadratic equation , the rest is just explanation 20:17 < shtrb|laptop> *Faynman had a lecture when he said you describe all physics by a quadratic equation and some interpritaions 20:18 < lupine> Celmor: eh, starttls is part of the smtp protocol 20:19 <+catphish> it is indeed 20:19 < Celmor> I meant it's not part of the same "layer" as he meant 20:19 < shtrb|laptop> it is ? SMTP can pass over others (3207 is not smtp purly) 20:20 < Celmor> shouldn't have said smtp 20:21 < shtrb|laptop> encrypted SMTP and inter server traffic is rarly setup 20:22 <+catphish> sometimes layers don't make perfect sense 20:23 < shtrb|laptop> no it's absolutly is, I just think the person try to gain to much without having good foundations 20:33 <+catphish> my isp hasn't responded to my email about why whey're offering such crappy upload speeds [sadface] 20:34 < Apachez> ubiquiti sending from space :) https://www.youtube.com/watch?v=j_d1bs28qgg 20:35 < shtrb|laptop> catphish, ip over truck ? 20:36 <+catphish> nope, all ethernet, hence my confusion 20:36 < shtrb|laptop> catphish, what about slppp ? 20:44 < detha> catphish: so, probably there is no valid technical reason. Optimists would say 'we limit the upload speeds so compromised clients can not do too much damage to the interwebz', pessimists would say 'It's so we can sell you an 'Enterprise Subscription' with symmetric speeds. 20:46 <+catphish> detha: there's a few possible reasons, not sure which one they'll choose, hopefully they'll sell me something better than 10% though 20:47 < shtrb|laptop> there is also , we use the overbooking system and screw the customers 20:47 <+catphish> well all connections are oversold, that's 100% unavoidable 20:47 < shtrb|laptop> having a 10 to 1 is the normal in many places (1-1 is no longer the norm) 20:48 <+catphish> but 10% seems unnecessary on a symmetric network 20:48 < shtrb|laptop> in such cases the ISP should be sued to smiterness 20:48 < shtrb|laptop> "symmetric" 20:48 <+catphish> although there were some suggestions why they might want to do it 20:48 <+catphish> asymmetric backhaul commit, content caches 20:49 <+catphish> well hopefully they'll tell me why, and offer me something a little closed to symmetric 20:49 < liveuser1> which deb package holds an mDNS server? 20:50 <+catphish> liveuser1: avahi i think 20:51 < shtrb|laptop> I think you will need avahi-daemon (no need for the rest) 20:51 < shtrb|laptop> liveuser1, avahi-daemon (the rest are extras) 20:54 < liveuser1> shtrb|laptop: testing 20:55 < shtrb|laptop> it will be the same between testing and sid 20:55 < shtrb|laptop> and stable 20:56 < liveuser1> shtrb|laptop: is avahi-daemon enough to run rouge 20:56 < tds> catphish: if you don't ever get a decent response from them, can you just take it to ofcom? 20:57 < tds> I can't remember if they actually do anything useful about it, though 20:57 < shtrb|laptop> I have no idea what is your need 20:57 < shtrb|laptop> liveuser1, ^ 20:58 < liveuser1> the funny thing is dnsmasq does dhcp 20:58 <+catphish> tds: not at all, there's no limit to what they can offer, that's a matter between them and the customer, and 10:1 is pretty standard (because of DSL) 20:59 < liveuser1> and the question is about to be is mDNS a dns relay 20:59 <+catphish> tds: but because there's no technical necessity for it, i want to know why they're doing it 20:59 < liveuser1> or a dnsmasq 20:59 < shtrb|laptop> liveuser1, mDNS and dnsmasq have different use cases 20:59 <+catphish> it makes no sense to leave huge parts of your infrastructure unused for no reason, when you could offer it to customers to use 20:59 < liveuser1> did you see my question about the dnsmasq, whatever is built into NetworkManager that allows a adhoc dhcp server to issue addresses 21:00 <+catphish> i'm sure there *is* a reason, just don't know what it is 21:00 < tds> catphish: ah, I misread your original message, I thought they were advertising certain speeds but providing less than that 21:00 < shtrb|laptop> no 21:00 < tds> so yeah, that's an annoying situation to be in :/ 21:00 < liveuser1> is there any way to view when an address is issued or attach an alarm "bell" or something 21:01 < shtrb|laptop> liveuser1, well yes , you have hookds and avahi-autopid responsible for the mess network-manager do when dhcp timeouts 21:01 <+catphish> tds: nope, they provide precisely what they offer :) 21:01 < tds> wasn't it a relatively small local provider? 21:01 < tempate> Hello. I'm trying to connect to a locally hosted website from the Internet and not being able to. I understand all I need to do is to map one of my router's port, e.g. 80, to point to my web's direction, i.e. 192.168.1.x:8080. After setting that up on my router (Livebox) I look up my ip with my phone's data and get nothing. Any ideas what may be going wrong? 21:02 < quantum> How is it, that I can plug a managed switch into another managed switch, and see traffic on th activity lights, but not be able to ping the cascaded switch? Same CIDR. 21:02 < tds> if you have any chance of getting a better service and/or a proper explanation, I'd have thought that kind of provider would give you it :) 21:02 < liveuser1> it'd be better if the dhcp server was called dhcpd and the mDNS server were called dnsmasq or mdns 21:02 < liveuser1> Instead the dhcp server is called dnsmasq and the dnsmasq is called mdns 21:02 < liveuser1> That is what it looks like 21:03 < shtrb|laptop> liveuser1, dnsmasq can share dhcp and dns but if you wish to go hardcore bind9 +isc-dhcp-server 21:03 <+catphish> tds: yes 21:04 < liveuser1> shtrb|laptop: does that require dropping NetworkManager? 21:04 <+catphish> tds: i'm meeting them next week, so will nag them then, the main concern i have is that i currently have 100/50, but they're reworked their packages and changing it to 100/10, so i want to negotiate a compromise 21:04 < shtrb|laptop> no it's irrelevent 21:05 < tds> catphish: ah, good luck 21:05 < shtrb|laptop> liveuser1, but network-manager is a client (UI) you could choose any client you like 21:05 <+catphish> it seems silly that because of tech like VDSL, ISPs are in the habit of offering such asymmetric links, especially in the world of user generated content 21:05 <+catphish> on the other hand, 100/10 is still much better than anyone else can offer me, and i cal upgrade it to 350/35 :) 21:06 < shtrb|laptop> catphish, even on other links they allow it 21:06 < tds> here my upload bandwidth is great, it's download that tends to drop an awful lot at peak times 21:06 <+catphish> i'm still very happy with the service :) 21:06 <+catphish> shtrb|laptop: what do you mean? 21:06 < shtrb|laptop> wait for altice to arrive , they will make xfinity look like a generous ISP 21:07 < tds> but I guess that's what happens when you have hundreds of students and they all watch netflix/whatever at the same time with only a few bonded gig links :P 21:07 < shtrb|laptop> catphish, I mean that some ISPs (altice I'm looking at you) will deliver asymetric speed even on DSL 21:07 <+catphish> shtrb|laptop: well that requires a rather special kind of DSL 21:07 <+catphish> and understandably most customers would prefer the faster download speeds 21:08 < shtrb|laptop> tds , if only there was some kind of protocol that would allow content distribution 21:08 <+catphish> (when the bandwidth has to be divided between the two) 21:09 <+catphish> 10:1 needs to stop being the normal though, people upload stuff! 21:09 < tds> shtrb|laptop: I'd guess all of that kind of traffic is served from on-net cdns anyway, but that'll be out at janet rather than internal to the uni 21:10 < shtrb|laptop> tds, if they can connect the unis to eurodrom they would be willing to connect to a cdn 21:11 < shtrb|laptop> there is also a good chance that a uni will be connected to internet2 (high speed inter uni connection) 21:12 < tds> what do you mean? afaik eduroam is just a large authentication system, effectively 21:12 <+catphish> i don't really understand janet 21:13 < tds> but yeah, I think that the bandwidth capacity issues are just internal to the uni (and possibly just the firewalls being terrible), not the uplinks to janet at all 21:13 < drac_boy> hi 21:13 <+catphish> why would someone connect to janet rather than just taking transit like normal? 21:13 < shtrb|laptop> tds eduroam is a roaming (not only auth) , you can access your local shared files (from your uni ) 21:14 < shtrb|laptop> If you have a eduroam account you can come to any uni and get access to your uni service (inlucing access to WiFi or as WISP) 21:15 < shtrb|laptop> is janet the UK answer for internet2 ? 21:15 < tds> "you can access your local shared files" - I know various people running their own eduroam APs, there's certainly no special routing that allows you access services internal to your home institution as far as I'm aware 21:16 < shtrb|laptop> \_()_/ I could sware off that I was able to just access the local services when and could access internet in forigen facility 21:17 < shtrb|laptop> it's just an ipsec but I was able to access their WiFi network and just work (without a local account ) 21:17 < shtrb|laptop> * I think it was an ipsec over their WiFi 21:18 < tds> catphish: I guess the logic is that if universities are running high bandwidth links between themselves anyway, they might as well run it as a centralised project that provides both internal connectivity and to the rest of the internet? 21:18 < liveuser1> so with NetworkManager as it is, guessing issuing dhcp calls with dnsmasq, how can one watch for dhcp pulls 21:18 < liveuser1> does NM need to be restarted in debug mode? 21:18 < tds> I know that quite a few uk unis are registering as full LIRs themselves though (idk if they're getting transit from janet and/or other providers) 21:18 <+catphish> tds: maybe they just agree to do it, it does seem like a good idea, but seems like it wouldn't necessarily be commercially seisible 21:19 <+catphish> *sensible 21:19 <+catphish> it may be that they connect to both janet, and other transit, and provide connectivity both ways 21:19 <+catphish> i don't really know the commercial arrangements, xand would know 21:20 < tds> I am slightly tempted to ask if they can do v6 transit to halls, but I suspect that the answer would be no ;) 21:20 <+catphish> unis should definitely be able to do that 21:21 < liveuser1> tds was that a binary transit? 21:21 <+catphish> assuming they have their own networks to the halls, it would be technically possible 21:21 <+catphish> then it comes down to what they can be bothered to configure 21:22 < tds> we don't even have v6 in halls at all right now, so I'm sure they wouldn't do bgp sessions over this network 21:23 <+catphish> tds: shame, it really all comes down to what expertise they have in house i'm sure 21:23 < tds> yeah, they are slowly rolling it out (and did a large and very quick deployment to eduroam), so it's getting there 21:24 < tds> I just run everything back over tunnels anyway, so I have working v6 on my own stuff :) 21:43 < phinxy> Is there a device that expands 1 ethernet interface to multiple ones? My computer now has two ethernet interfaces, I would like more but there is no bus like PCI available 21:43 < lupine> it's called a switch 21:43 < phinxy> haha ok 21:43 < lupine> you might also be able to get away with VLANs 21:43 < lupine> depending on what you're doing 21:44 < phinxy> routing .. masquerading.. NAT 21:45 <+catphish> phinxy: switch 21:45 < drac_boy> phinxy to extend on that .. to turn one port into several its a switch/hub but if you want individual ips (eg theres no nat upstream) then its a router .. different OSI layers if you want to get technical ;) 21:51 < drac_boy> either way I'm off for a while atm 22:00 < galaxie> Hi, I'm trying to set up a few proxies and stuff that is essentially: X <-> Y <-> Z, where X = local computer, Y = a publicly accessible server, and Z are clients to that server 22:01 < galaxie> I just do not know what to search for. Reverse proxies probably are not the specific thing I'm looking for, for X <-> Y there. 22:03 < galaxie> Because X is behind a firewall, I wanted to make a reverse proxy, but the server I use is based on Django/Twisted and I don't know how to setup a reverse proxy on it, so I need something to connects to X and Y and passes traffic through it. 22:07 < redrabbit> nginx 22:08 < JPT> or maybe haproxy if you need more 22:08 < JPT> even apache can do it with mod_proxy 22:09 < galaxie> Yes, I'm aware those tools might work - I just don't know what I'm looking for. 22:09 < galaxie> Should I Google reverse proxies? Because apparently they have to listen somewhere, and I don't want that. I want it to connect to X, then to Y, then pass traffic between the two. 22:10 < JPT> A reverse proxy scenario usually looks like this: X -> Y -> Z (Where X is a client pc, Y is the proxy and Z is the webserver, -> indicating the direction of the tcp connection) 22:11 < galaxie> That's what I thought. Since I cannot figure out how to reverse proxy Django, it would have another intermediate somewhere. 22:11 < JPT> If both your webserver and your clients are behind a firewall, you may want to look into tools like a vpn to enable your proxy to establish connections to your webserver 22:11 < JPT> Your webserver usually does not care if a browser is sending their request or if it is passed through a reverse proxy 22:12 < galaxie> It's not HTTP, actually. Just plain TCP. 22:12 < galaxie> Do they call these things MitM proxies?? Or what? 22:12 < JPT> haproxy can do things like passing through tcp connections 22:13 < JPT> mitm proxy sounds like a thing, yes 22:13 < redrabbit> lookup "nginx reverse proxy" 22:13 < bezaban> ssh reverse tunnel can expose ports on external ip address as well as localhost 22:13 < bezaban> and can be initated from the firewalled side 22:13 < bezaban> (assuming it allows traffic outbound) 22:14 < galaxie> The problem with that is it listens locally - like, that's fine, as long as it connects as a client to X and as a client to Y. 22:14 < bezaban> well, port forwarding I mean, not a reverse tunnel 22:15 < bezaban> but that can be helpful too for remote access 22:17 < galaxie> I want it so that Y can type in data, X gets it, X replies, Y gets it, and if that works, I'm good. 22:17 < galaxie> But X is the server, and Y is the client, and X is behind a firewall. What's that called? 22:18 < bezaban> a tunnel 22:19 < galaxie> No reverse tunnel? Just a tunnel? 22:20 < JPT> A tunnel can work both ways. See ssh -L and ssh -R in your ssh manpage :) 22:22 < bezaban> galaxie: are any of the machines linux? 22:24 < galaxie> Both are. 22:24 < bezaban> neat 22:27 < galaxie> I don't think either -R or -L would work. My server is supposed to be the server, not a client. 22:27 < galaxie> X (server) <-> Y (also server) <-> Z (clients) 22:28 < JPT> Who establishes TCP connections to who? And who is behind a firewall that does not allow such TCP connections? 22:28 < galaxie> I want it so that the gateway pretends its a client, connects to X, then to Y, then passes traffic between them. 22:29 < galaxie> My local computer. It's behind a firewall and it's the server. 22:30 < galaxie> Y, I can take care of the firewall. X, not at all. X needs a reverse proxy or reverse tunnel or whatever so that X becomes a server that's accessible by Y, so it's accessible by Z. 22:30 < JPT> Okay, so to recap: Any client on the internet shall be able to establish a TCP connection to your publicly available server. This server shall then somehow put that connection through to your firewalled computer? 22:31 < galaxie> Yes. 22:32 < JPT> If your local computer ssh'd into that public server with ssh, you could use -R to tunnel the server port from your local computer through to that server. 22:32 < galaxie> And I think my router/firewall for X uses NAT, because all of our computers here use the same public IP. 22:32 < galaxie> But how would I connect the local SSH to my server? 22:32 < JPT> You could also use a vpn tool like tinc or openvpn to establish a more permanent tunnel that may be easier to take care of 22:33 < JPT> In this scenario, you would run an ssh command like this on your local computer: ssh public_server -R localaddress:80:remoteaddress:80 or something. The details may vary a bit. 22:34 < galaxie> Could you use socat or netcat or nc for that? 22:35 < JPT> netcat/nc only establishes one tcp connection. It might be possible to come up with something that involves netcat, but i don't think it's straight forward. 22:36 < galaxie> socat can do its fork thing 22:37 < bezaban> galaxie: set GatewayPorts yes in /etc/ssh/sshd_config, make sure your app is listening to localhost on machine X, then ssh -R :: 22:37 < JPT> My recommendation is this: Run a VPN between your local pc and that public server. On your local pc, have your server component listen to the vpn interface. On your public server, run something like nginx as a tcp (or http) proxy and have it put incoming requests/connections through to that vpn interface address 22:38 < bezaban> if the firewall is open on remote server for the given port you app should be accessible 22:38 < bezaban> priviliged port (>1024) will need elevated permissions to open, so better stick with something above that 22:39 < galaxie> does sshd_config config for ssh too?? 22:40 < bezaban> to automate the setup you could add a passphrase less ssh key and restrict it to run this forwarding, it would also have to retry the connection, so would have to make it a systemd service or implement some retry logic 22:40 < bezaban> sshd_config is config for the ssh server (sshd) 22:40 < galaxie> bezaban: run SSH on localhost? 22:40 < bezaban> this needs to be added server side 22:40 < bezaban> galaxie: no 22:41 < galaxie> bezaban: but how can Y connect to X if X if behind a firewall? 22:41 < bezaban> run the app you are tunnelling locally 22:41 < galaxie> bezaban: I meant, run SSH on X or Y? 22:41 < bezaban> galaxie: through the ssh tunnel 22:41 < bezaban> galaxie: tunnel needs to be started from the only side you can, which is on X 22:41 < redrabbit> or use openvpn 22:42 < bezaban> openvpn works too, but not really sure that is much easier :) 22:43 < galaxie> bezaban: Authentication failed? 22:43 < bezaban> need to do a little pki 101, which is confusing for many :) As opposed to editing one ssh option and running a command 22:43 < redrabbit> it depends 22:43 < bezaban> galaxie: try googling that 22:43 < redrabbit> for me it's esier 22:44 < redrabbit> easier 22:44 < galaxie> bezaban: what's it supposed to authenticate to anyways? 22:44 < bezaban> ssh approach doesn't need any server side config except for a flag in sshd_config, and you don't have to do the NAT on the server side 22:45 < bezaban> galaxie: your ssh server 22:45 < redrabbit> its designed to run as a service 22:45 < bezaban> the remote machine 22:45 < galaxie> bezaban: which SSH server? Ah. 22:45 < galaxie> bezaban: the one running what? SSHD?? 22:45 < bezaban> might need user@ in there 22:45 < bezaban> and you need to open the port on the remote server 22:46 < bezaban> (also restart ssh after editing sshd_config) 22:46 < bezaban> sshd* 22:46 < galaxie> bezaban: the remote port's open... ah.. restart local SSHD? 22:46 < bezaban> remote. after you edited the config. on the remote 22:47 < galaxie> bezaban: why remote? is GatewayPorts for remote or local? 22:47 < bezaban> galaxie: remote 22:47 < bezaban> galaxie: read what I've said above 22:47 < bezaban> I've never said anything but remote 22:48 < galaxie> bezaban: but you said to run the SSH command locally? 22:48 < bezaban> galaxie: yes, because you're connecting to the remote 22:48 < bezaban> as you asked once already 22:48 < galaxie> bezaban: also, am I supposed to authenticate using passwords?? 22:49 < galaxie> bezaban: it's basically complaining it can't use public key, which we don't have 22:49 < bezaban> galaxie: I've also answered that.. 22:49 < bezaban> 22:40 < bezaban> to automate the setup you could add a passphrase less ssh key and restrict it to run this forwarding, it would also have to retry the connection, so would have to make it a systemd service or implement some retry logic 22:50 < galaxie> bezaban: well, can I use passwords instead? the guy who has root on Y isn't here yet 22:51 < bezaban> galaxie: yes, but you don't need root for that 22:51 < bezaban> I'm leaving now. Good luck 22:58 < apb1963> ubuntu 16.04; I need to access my wireless printer. Therefore, I'm assuming I need to bridge my wireless net (of one PC, 2 androids and the printer) with my internal (wired) LAN (of currently one PC functioning as a router/AP/DNS/firewall, etc.) I have found links that describe a way to do it with either layer 2 or 3, with different methods for each. One uses proxy arp, the other ebtables & bridge-utils. I'm leaning toward the proxy arp 22:58 < apb1963> solution but would like some input on that decision from people that have experience doing this. The first link is https://wiki.debian.org/BridgeNetworkConnectionsProxyArp#Bridging_Network_Connections_with_Proxy_ARP The second link is referred to on that page. 23:01 < monoxane> oooooor you could use a router or just have one network 23:02 < bezaban> apb1963: just expose it as a service on the router 23:02 < apb1963> bezaban, I have no idea how to do that 23:02 < bezaban> samba would work I think, share the remote printer resource, cups could probably do it too 23:04 < bezaban> ubuntu is the router? 23:04 < apb1963> yes 23:10 < santost12> The openvpn server i configured to run on 443/tcp yesterday worked for a few hours well... today I was trying to use it and now it is slow. Sometimes the connection would be reset every 5 minutes. That happened a few times but not very often. Could someone recommend a good way to obfuscate the traffic? Ive heard of obfs4 + openvpn server. Is there anything else? 23:10 < apb1963> OK, the problem at this very moment is wireless net is the printer is not getting an IP 23:10 < apb1963> s/wireless net is// 23:11 < `whoami`> santost12: it's probably not related to openvpn being obfuscated or not, but some firewall/proxy/... that resets the cnx if it's beeing kept alive for too long 23:12 < `whoami`> what I mean is obfuscation probably won't help 23:12 < santost12> what is a cnx 23:12 < `whoami`> connexion 23:12 < santost12> cnx = connection 23:12 < santost12> lag 23:12 < santost12> sorry 23:13 <+catphish> sorry about this ^7heo - just an experiment 23:14 <+catphish> ok, it didn't work anyway, never mind 23:20 < santost12> is there something similar to obfs that makes my traffic look like a bunch of plaintext HTTP? 23:21 < santost12> i want to try both anyways and see how well it works 23:32 < `whoami`> i'd ask #tor @ irc.oftc.net for things that specific (about your plaintext http) 23:33 < santost12> ok. thanks --- Log closed Mon Apr 30 00:00:03 2018