--- Log opened Mon Apr 30 00:00:03 2018 00:12 < liveuser1> is thbis channel public logged? 00:13 < liveuser1> is this channel public logged? 00:14 < linext> i upgraded my wifi from 300N to AC 00:15 < linext> it went from 8 MBps to 18 00:21 < liveuser1> the drone showed up 00:22 < liveuser1> is this channel publicly logged? 00:23 < liveuser1> purpleunicorn: you receiving teamcare also? 00:23 < liveuser1> teamsters follow you areund attempting to humble you for all they "we" do to be helpin 00:24 < liveuser1> yelling errorpine and lies in your face 10% or more of waking hours 00:24 < liveuser1> check in with GANDI get a butt inspection then eat slop on the 8th floor with morons yelling 00:25 < liveuser1> apparently the police now help to steal google passwords 00:25 < liveuser1> then the guards will push overt black racism on you 00:25 < purpleunicorn> Wth are you talking about liveuser1 and what is teamcare 00:26 < liveuser1> teams of helpers everwhere 00:26 < purpleunicorn> I already knew the police did shady shit like that anyway liveuser1 00:26 < liveuser1> murderers robbers psychopathic cleptos 00:26 < liveuser1> teams everwhere 00:26 < purpleunicorn> Umm okay 00:26 < liveuser1> teamcare 00:26 < liveuser1> they be caring about what is in yo wallet 00:26 < Evidlo> livuser1 is fresh from the ward 00:26 < purpleunicorn> Are you trying to scare me or be a troll 00:27 < liveuser1> ONE REPUGNANT! 00:27 < liveuser1> thats it walk around on concrete blocks in the middle of a wasteland 00:28 < liveuser1> you dont need to do anything wrong the botnets attack 00:28 < lupine> I mean, he's not wrong 00:28 < liveuser1> find you mabe getting forcefed liver killer with teamcare professionals collecting thpusands for doing it 00:33 < purpleunicorn> I have no clue what you’re talking about liveuser1 I’m sorry 00:34 < Lling> Is slow start restart just resetting the cwnd to default and start again since network conditions might have changed during the idle period or does it do something else? 00:36 < liveuser1> where are you at purpleunicorn bonne taire? 00:40 < liveuser1> a cracker is mostly a losing position 00:41 < liveuser1> say dropbear electricbear any rate limiting and the time to crack makes nearly every attempt notpracticle 00:42 < liveuser1> is something somehow changes the shadow algorithm shadowed passords break 00:44 < liveuser1> you ever watched chimps and baboons at a zoo? 00:44 < liveuser1> they get this apparently uncontrollable urge to scream 00:45 < compdoc> wouldnt you? 00:45 < liveuser1> how would you like to give it a cell phone and show it the 911 button 00:45 < liveuser1> instant chimp bosses 00:49 < liveuser1> thus the police are a far greater enemy than criminals 00:49 < liveuser1> more dangerous and more effective at doing damage to any soul 01:21 < liveuser1> a simple enough question was asked 01:21 < liveuser1> how watching for dhcp pulls 01:22 < liveuser1> for AmericA 01:22 < liveuser1> you n I 01:23 < liveuser1> I and I 01:24 < liveuser1> how watching for dhcp pulls 01:25 < liveuser1> btw 01:25 < liveuser1> what Seth does is calculate... 01:25 < liveuser1> beyond the blades apex edge 01:27 < liveuser1> a big heart bleed isn't it 01:27 < liveuser1> putting Seth's business out there 01:33 < liveuser1> privmsg for old ceremonial execution protocols 01:33 < liveuser1> have we yet learned beyond the shadow of a doubt 01:35 < liveuser1> can AM radio damage the skull? 01:35 <+danieldg> AM radios, like most solid object, can damage the skull due to direct impact 01:40 <+catphish> danieldg: sorry :) 01:43 <+danieldg> np, I should not taunt the trolls ;) 01:44 <+catphish> sadly i doubt it was even listening 01:52 < Mr_Midnight> but taunting the trolls can be fun 01:52 < ZedHeadTed|> That guy might've been schizophrenic or something. 01:52 < ZedHeadTed|> His sentences made little to no sense half the time, and he threw out some names and seemed paranoid on various things. 01:53 < redrabbit> sad 01:54 < ZedHeadTed|> s/sad/fascinating/ 02:27 < craig1998x> if anyone is willing to assist me in the cisco channel i need your help :( 02:38 < drac_boy> hi 02:45 < craig1998x> hi 03:25 < Mead> craig1998x , you still need help? 03:36 < Nautilus> Can anyone tell me where my WPS PIN would be on my netgear? See page 14 here: https://www.downloads.netgear.com/files/GDC/WNDR3400V2/WNDR3400v2_UM_23JAN2013.pdf 03:39 < Mead> Nautilus: on the back/bottom with the serial number or whatever 03:40 < Nautilus> the SN is the pin? 03:40 < Mead> no, but if it is written on it, it is would be on that same decal 03:41 < Nautilus> ok, I'm not seeing it. 03:41 < Mead> it might be changeable and in the web interface 03:41 < Nautilus> see the sample label in that pdf 03:41 < Nautilus> ok I'll look in there more 03:49 < Nautilus> I was going to try WPS instead of manual network setup for a Dlink camera, it doesn't find -any- wireless networks, but should be. 03:50 < Nautilus> and of course after 2+ hours trying, when I say that it works. 03:54 < Nautilus> but won't connect :( 03:55 < Mr_Midnight> what model dlink camera? what encryption are you using? 03:56 < Nautilus> DCS-936L, use to have one on this router a few months ago, worked great. 2.4GHz, WPA2-PSK [AES] 03:57 < Nautilus> they're currently within 18" of each other 04:02 < Mr_Midnight> hmm... supports the encryption type... is this a new camera? could the Wi-Fi card be having an issue? 04:03 < Mr_Midnight> are you on the latest firmware? 04:04 < Nautilus> bought a 3 pack and tried all 3. Cant update firmware until it's connected 04:04 < Nautilus> its a new refurb 04:05 < ScriptGeek> I have the alfa awus036nh with a TP-Link 8dbi omnidirectional antenna and it appears the RSSI is too lame to provide decent throughput. I'm looking at a couple of products that might help. https://www.amazon.com/Tupavco-TP511-Antenna-Wireless-Directional/dp/B008FH5UTG and https://www.amazon.com/KW-3016N-Outdoor-Wireless-Adapter-Antenna/dp/B019Z28CE4 04:05 < Mr_Midnight> Nautilus: didn't know if it had a lan connection for setup 04:05 < Nautilus> retrying with WPS right now 04:05 < ScriptGeek> The 1st link is just an antenna; whereas, the 2nd link is a USB adapter + antenna 04:06 < ScriptGeek> The Tupavco costs quite a bit more even though it's just an antenna 04:06 < ScriptGeek> But I'm wondering which product would be the better solution 04:08 < ScriptGeek> anyone have any opinions? 04:17 < ouemt> Hey, I'm really new to anything beyond the basics. Just bought a Ubiquiti ER-4, and while it's working well, I can't figure out why it won't let me assign static IPs like 10.0.2.2, but It will let me assing 10.0.1.2. Can someone suggest what I'm missing? 04:17 < ouemt> lovely typo there 04:19 < ScriptGeek> I think I'm going to get the Tupavco TP511 antenna and see how it works. Thanks, guys 04:20 < Nautilus> ScriptGeek: can't help ya myself 04:20 < Nautilus> ouemt: is your netmask 255.255.255.0? 04:22 < ScriptGeek> Anyone know of a nice base I could put it on or should I just nail it to an old board and hope for the best? 04:22 < ouemt> Nautilus: the ethernet interface is set o 10.0.1.1/22, and I have 2 DHCP servers set up for 10.0.1.0/24 and 10.0.2.0/24 04:23 < Nautilus> ouemt: ah ok, just checking. can't help ya anymore myself 04:24 < ouemt> Nautilus: thanks for trying 04:24 < ouemt> I'm not even really sure what to google for at this point, lol 04:25 < ScriptGeek> ouemt, I wonder if there's some weirdness going on with subnetting or maybe there's an IP conflict 04:25 < Nautilus> edge routing is past me ;) 04:26 < ouemt> ScriptGeek: shouldn't be an IP conflict, as the only DHCP address going out appear to be from 10.0.1.0/24 04:33 < Nautilus> oh geez this camera UI doesn't take spaces in the wifi key 04:37 < two27> Can anyone help me out? I'm writing a paper and I need to design a network, security, and WAN connectivity 04:40 < superkuh> Help vampire type question. 04:40 < two27> Huh 04:40 < superkuh> Very broad, no detail, just stating an intention vaguely. 04:42 < two27> So he's the confusing part the project is really vague in its paramaters. It just says to make a design for an organization of 100 computer users in three locations, location one: 2 buildings 25 users in each, location 2: one building 15 users, location 3: one building 35 users 04:42 < two27> It doesn't factor in distance or cost 04:45 < two27> I'm thinking I'll just say all three locations are 100 miles apart perhaps 05:13 < Nautilus> Finally have that dlink camera connected. After it finally saw the wifi I didnt notice that spaces in the key were not getting accepted, so the key was too short. Had to change the key in the router (sheesh) 05:47 < winsoff> Does windows support IPSEC inherently? 05:52 < skyroveRR> winsoff: yes. 06:00 < Guest90210> What is the best firewall for Linux? 06:00 < skyroveRR> iptables 06:01 < Guest90210> What is the command for viewing logs? 06:02 < skyroveRR> All logs go to /var/log, check it out. 06:02 < skyroveRR> * /var/log/* 06:02 < Guest90210> I think someone is getting past the firewall. 06:02 < skyroveRR> Congratulate them instead of suing them. 06:03 < Karyon> firewalld 06:03 < Guest90210> So the companies that use Linux have custom firewalls? 06:03 < skyroveRR> Why wouldn't they? 06:05 < Guest90210> How do I customize ip tables. 06:05 < Guest90210> How do I customize iptables. 06:06 < Hooloovo0> have you read the documentation yet? 06:06 < Guest90210> Oops wrong question. 06:06 < skyroveRR> Guest90210: google it. 06:06 < Hooloovo0> there's some pretty decent tutorials 06:06 < Guest90210> I'll got look at the code. Thanks. 06:13 < Nautilus> I have my dlink camera working pretty well now, it's on a DHCP address in the .2 to .99 DHCP range. If I want to give it a static IP do I just set the device to a .xxx and the router will see it? 06:14 < skyroveRR> Nautilus: bind the mac. 06:14 < skyroveRR> Inside DHCP. 06:15 < Nautilus> aka Address Reservation? 06:15 < skyroveRR> Yes. 06:16 < Nautilus> That'd be fine but I'd like to change the IP first, not sure if my router lets me do that 06:16 < Ben64> it does 06:17 < Nautilus> well, not sure the UI lets me. 06:17 < Ben64> it does 06:18 < craig1998x> you like cisco? 06:20 < Nautilus> benah yes, when I set the reservation, ty for making me look closer! 06:20 < Nautilus> Ben64: ^ 06:21 < Ben64> cool 06:26 < littlepython_> if i do curl -X GET http://d2qn5ag4ypxct0.cloudfront.net 06:26 < littlepython_> i get temporary redirect message 06:38 < Nautilus> Ben64: Another Q. I have .91 reserved for the device but it's still showing on .10 - whats the best plan, unplug it for a bit and repower? 06:39 < Nautilus> I assume it still has a lease on .10 06:42 < Nautilus> well lets see what happens :) 06:45 < Project86__> 2 part question: Are there a such thing as free cloud hosting services? For a vpn. (Doubtful, but jw). And secondly, how bad of an ode would it be to set up your own webpage on tor since it's free hosting? 06:45 < Project86__> *idea, not "ode" 07:04 < fnDross> any of you deal much with Xbox one?? it keeps changing its connection speed between 10/100 and 100/1000 when the xbox is off 07:06 < fnDross> and could xb--100/1000----> switch >---10/100-->router, cause the data to be throttled, causing the router to reboot? 07:07 < fnDross> i replaced a dir-601(cause it kept rebooting) with dir-615.... and even its rebooting 07:11 < Nautilus> Ben64: darn, it came back up on .10 presumably because of a lease on the IP, any general thoughts towards getting around that? Cant seem to set lease time or force to the reserved addy. 07:45 < ScriptGeek> Has anyone here heard of the Yagi Cantenna WiFi antenna? 07:45 < ScriptGeek> I guess it's a yagi antenna inside of a plastic tube 08:47 < Boyeto> is it fucked up if I setup an internal dns record on public dns servers? 08:47 < Boyeto> ie, 192.168.1.10 test.mysite.tld 08:48 < Boyeto> ? 08:49 < Hooloovo0> sort of 08:49 < Hooloovo0> it might work for you 08:49 < Hooloovo0> but it definitely won't work for other people 08:49 < Nautilus> thats a reserved space for local use, right? 08:49 < Hooloovo0> it's one of those things that's 'allowed' but not done 08:50 < Hooloovo0> right, nobody else can access your internal space 08:51 < Hooloovo0> so it might lead to their internal space, but not the one you intended 08:53 < detha> as long as it is for your internal use only, I don't see a problem. But the more sensible thing would be to have your internal DNS serve it in some local zone 08:59 < CuriosTiger> Or use DNS views to make sure you only serve that address up to your internal clients. 09:00 < CuriosTiger> For example, you could have a view "Internal" that you use from queries inside 192.168.0.0/16 and a view "External" that you use for everyone else. 09:03 < Boyeto> thanks for the replies 09:04 < Peng_> It's 2018, just use IPv6. ;-) 09:05 < Boyeto> yeah lol, I'll keep putting that off for another few decades 09:09 < Boyeto> wow, IPv6 has been around since 1998. So we've put it off for 2 decades already 09:38 < ASmith> My server is connecting locally and through tor browsers and through a domain callup on the system containing the server but not on a browser on my workstation and I suspect not to other remote peers, any ideas or suggestions on what is blocking the connection? 09:39 < ASmith> http://tascloud.me is the domain.name pointing back to the local server 10:13 < ASmith> Anyone here able to help me figure out why my apache server is connecting locally via a browser, connecting remotely via tor and connecting through a domain.name on the system running the server but the same domain.name check on a browser on the workstation fails to connect? 11:14 < LostInWeb> ASmith, the tascloud.me is binded to 10.53.10.6 and this is a private IP address. 11:15 < ASmith> yes, that was a earlier test, its working back on the same system with a browser that is running the server 11:15 < ASmith> however thank you for looking at that, I'll continue thrashing out the remaining issues 11:16 < ASmith> that is my VPN gateway IP on a remote server via tun0 LostInWeb 11:56 < heller_> hey guys 11:57 < heller_> what is the reason for a laptop to drop from wireless after about 10s os fuse 11:57 < heller_> It does not disconnect or anything, it just disconnects from the network 11:57 < heller_> router can ping the client device for 3-10s and then it cant ping anymore 11:58 < heller_> but laptop claims to be on the wifi still 12:07 < Apachez> that lying bitch! 12:07 < Apachez> close the lid? 12:07 < Apachez> inform your laptop of who is the boss? 12:07 < Apachez> pull its batteries 12:14 < takeshikovacs> CWNE88: I was here yesterday with a problem where windows laptops couldn't get a network connection reliably. You were actually right with the suggestion about duplicate ip adresses in my network. 12:16 < takeshikovacs> I disconnected one lan over power adapter and it started working immediately. Turns out, I have a switch (tp link tl sg108e) behind that adapter which has an ip adress and I was not aware of that. dhcp was disabled and it got the same ip as my router/gateway. enabled dhcp for it and everything is working now. 12:17 < takeshikovacs> so, thanks again for your help yesterday. Although I still don't understand why it was only a problem for my windows clients. but all that matters now is that it works now. 13:09 < hseg> Hi. Have two devices connected to the same AP (at uni, not an admin): phone (android) and laptop (arch linux). Both manage to get an IP address, but only one (the phone) is capable of pinging out. What gives? 13:12 < djph> hseg: talk to yout IT, they may have some requirement for devices that identify as "computers" (i.e. windows / linux / mac) 13:12 < `whoami`> hseg: are you using a personal password to connect to that ap ? 13:13 < `whoami`> nvm 13:13 < hseg> Nope. Simple PSK 13:13 < hseg> Will call them up, thanks 13:13 < light> sure the phone isn't pinging via the cell tower? 13:14 < hseg> Disabled cellular for that reason. 13:15 < light> run a trace from the laptop 13:15 < hseg> Doesn't get past gateway 13:15 < light> what if you change it to ICMP? 13:15 < hseg> ICMP? ping? packets just get dropped 13:16 < light> traceroute is UDP by default 13:17 < light> compare the nic configs 13:20 < Apachez> how do you disable just the cellular? 13:20 < Apachez> if you mean flightmode you will kill wifi too 13:20 < Apachez> so thats why your phone cannot ping 13:20 < light> the phone is the one that can ping 13:20 < Apachez> default packet type for traceroute depends on os 13:21 < Apachez> windows uses icmp as deault 13:21 < Apachez> while *nix uses 3xxxx as udp 13:21 < Apachez> port 3xxxx something 13:21 < Apachez> 34xxx I think 13:21 < Apachez> well check the obvious then 13:21 < Apachez> do you have a local firewall on your laptop? 13:21 < Apachez> how is that configured? 13:21 < Apachez> if you connect with rj45 can you ping then? 13:22 < Apachez> when you ping the default gw does its arp show up in the laptop arp table? 13:22 < Apachez> run tcpdump on the laptop 13:22 < Apachez> do you see icmp echo request leaving? 13:22 < Apachez> do you see any icmp echo reply arrive? 13:22 < Apachez> try pinging some neutral host like ping.sunet.se or so 13:22 < Apachez> does dns works? 13:22 < Apachez> etc.. 13:23 < Apachez> I mean you perhaps configured dns statically on your laptop to be 8.8.8.8 but your isp is blocking that and only allowing their own resolvers (which you get through the dhcp reply) 13:43 < hseg> Weird. A bit of turning on and off made the problem disappear. Trying again to make sure it's gone for good. 14:13 < linuxconformer> guys if i have two services running on a server, a service1 makes requests to service2, if the service2 port is block outside of the VPS, will that cause issues? 14:17 < detha> linuxconformer: that would depend on how 'blocked outside of the VPS' is implemented. Most firewall setups have a 'allow lo0 to lo0' rule as first rule 14:18 < linuxconformer> detha: i'm not exactly sure tbh, my vps is on openstack, not familiar with the networking config 14:19 < detha> linuxconformer: "it's complex". just try it, if it works it works, if it doesn't kick whoever set up the vps 14:19 < hseg> looking at http://ix.io/1969, I see the difference is in whether I use ipv6 or not in dhcpcd, with no-ipv6 giving me the correct gateway 14:22 < detha> hseg: why do you have two dhcp servers on your network? 14:23 < hseg> Don't know - not an admin. 14:23 < hseg> Will give these logs to IT here. 14:24 < hseg> Just for my own edification, wouldn't mind help understanding this output 14:25 < detha> You get offers from 182.17.12.1, and from 192.168.1.1. Those appear to be different servers. Later on one appears to be a cisco (probably legit), the other one TP-link (probably rogue AP someone plugged in) 14:31 < hseg> Hm. Lemme see if I can find the PA 14:31 < hseg> AP 14:33 < joro_> hi guys, i have a question... if a switch broadcast all the data in LAN, does the router do the same thing ? 14:33 < hseg> Any way I can get the MAC of that AP? 14:34 < detha> arp -an |grep 192.168.1.1 14:35 < hseg> Hm. Don't have that, will ask $vendor what alternative they use 14:35 < detha> altho, is this on a wireless interface? if so, the AP might be correct, and something is bridging, or you are connected to a misconfigured AP 14:36 < detha> regardless, there should be one DHCP server, not two 14:36 < hseg> This is wireless 14:36 < hseg> Sounds like they're trying to add ipv6 support and having linux machines failing. 14:38 < hseg> For future reference, in iproute2, the command is ip neighbor show 14:40 < hseg> Getting macs: 172.17.1.12=00:0b:cd:ce:3e:ca, 192.168.1.1=50:c7:bf:b1:0a:bc, fe80::523d...=50:3d:e5:06:40:d0 fe80::52c7...=50:c7:bf:b1:0a:bc 14:41 < hseg> Which macvendors.com notes are HP, TP-Link, Cisco and TP-Link, respectively. 14:44 <+catphish> joro_: i don't think that question makes sense 14:45 <+catphish> joro_: a switch receives frames, and sends them out of all ports, unless it recognises the destination, in which case it sends it to a specific port, a router doesn't do anything like this, it always knows the port for each destination IP 14:45 < joro_> catphish, ok i dont get anything.. it's so complicated 14:45 <+catphish> joro_: focus on one layer at a time 14:45 <+catphish> like ethernet 14:46 < joro_> catphish, would you explain ? 14:48 < hseg> OK, am thoroughly confused. 14:48 < hseg> Oh, well. Not my problem. 14:48 < drathir> mornin/evenin... 14:48 < hseg> Thanks! 14:48 < hseg> You too. 14:53 < regdude> Hi! I have stacked a bunch of CIsco switches, connected GE1->GE3, G2->G4 and Im testing RSTP. When I remove one cable I can see that one of them sends out between switches a BPDU with cost=20000 while other BPDUs only have cost=0. This is not only Cisco, I have seen other vendors doing this as well. Does anyone know the reason? 14:56 < djph> regdude: which cable(s) are you removing that trigger the bpdu cost=20000? 14:59 < regdude> djph: I should probably check which is the root bridge and everything, but my guess is that the designated port for the root bridge sends out this BPDU 14:59 < regdude> I unplug and plug back in GE2, which is second in priority for RSTP 15:01 < regdude> hmm, Agreement and Proposal flags, haven't seen those before 15:01 < djph> as in "noticed" them, or .. ? 15:01 < djph> I mean, you SHOULD get a "one path is stupid expensive, so turn it off" type message 15:02 < regdude> now I need to check on different switches, I think I haven't seen them before anywhere else 15:03 < regdude> should the root bridge send out anything besides cost=0? I mean, cost to root from root is 0 15:05 < djph> I think so ... 15:05 < regdude> oh, that is non-bridge that sends it out 15:05 < djph> but if it's got multiple downstream connections, it WILL be telling (N-1) of them that the path is extremely costly. 15:07 < skyroveRR> hiya drathir 15:07 < regdude> true, but is it really needed. This happens when I plug in the cable back, so yes, you are most probably right about why it sends out 15:07 < skyroveRR> err djph 15:07 < djph> yo 15:08 < djph> regdude: of course it is. If all the links were cost=0, you'd have a network loop. 15:08 < endeebee> Hello friends. Just got my first IT job and got a task to inventory our connected hosts. Anybody have any idea where to start? I would think to start enumerating, but how do i check which active subnets to try and enumerate 15:09 <+xand> look on the routers 15:09 < endeebee> any way to do it from my workstation assuming I have domain and local admin? 15:09 < regdude> djph: that is what BPDUs from root bridge are meant for, RSTP should not send BPDUs to upstream switches since those BPDUs have a lower priority and cost 15:10 < Spice_Boy> endeebee: nmap 15:10 < regdude> must be some other reason 15:10 < djph> regdude: right ... but also switches can be at the same level 15:10 < mAniAk-_-> endeebee: depends a bit on what type of device you are putting in that inventory and what information about them you need 15:10 < djph> regdude: honestly though, I forget "how" the reconvergence works. 15:11 < regdude> djph: I thought I knew until I saw that weird BPDU 15:12 < djph> regdude: yeah, it's been a long time since I've looked into it, so like I have a recollection of what should be happening ... but 15:16 < regdude> for some reasons Cisco does not set the TCN either, that is also strange 15:19 < endeebee> @maniAk: for the time being, just need to enumerate them alland their IP, then go check the physical location 15:19 < endeebee> After i have done inventory advanced scanning may be required, but for now im more interested in host/net discovery 15:19 < dogbert2> hey djph 15:20 < mAniAk-_-> endeebee: servers or clients? active directory? 15:20 < endeebee> cleints and servers 15:20 < endeebee> basically they want me to enumerate all the NICs 15:20 < endeebee> I plan to use namp, but dont want to scan the entire RFC1918 address space 15:22 < mAniAk-_-> endeebee: usually easier to handle clients via the AD, we use lldp for servers 15:22 < mAniAk-_-> endeebee: but if you just need a list of mac's you can use snmp to poll network devices, or something like librenms which will put that in database for you 15:23 < mAniAk-_-> nmap scanning wont tell you very much 15:23 < endeebee> mAniAk-_-: ty I will try and abuse the active directory listing. 15:23 < endeebee> My main issue is there are linux, mac, windows, and a host of other platforms on the net 15:23 < endeebee> My ORG is incredably large 15:23 < endeebee> multile universities 15:24 < mAniAk-_-> which is why you should use client enrollment 15:24 < endeebee> I didnt design the legacy system 15:24 < regdude> djph: https://www.cisco.com/c/en/us/td/docs/optical/15000r6_2/ethernet/guide/454_327/r62ethgd/462swstp.pdf (page 11), that is the agreement that it sends out to the root bridge, the cost probably has no effect 15:30 < kottt> planning to upgrade the network in my apt. I've got an Edgerouter Lite, a Ubiquiti UAP-AC-Lite, and an old Asus RT-N66u. Wondering whether it would be worthwhile to keep using the RT-N66u in AP mode alongside the AC-Lite, or if that's just asking for trouble 15:32 < mAniAk-_-> if you need it for coverage, sure, shouldn't be a problem 15:32 < mAniAk-_-> same ssid, pw, different channel 15:32 < kottt> will devices roam between them in that setup? 15:33 < mAniAk-_-> yes 15:38 < kottt> Thanks, mAniAk-_- 15:43 < dreadkopp> hey networking guys! maybe someone might help me with that. I asked in #pfsense however couldn't solve the problem yet. i made a diagram of the current setup: https://www.draw.io/?lightbox=1&highlight=0000ff&edit=_blank&layers=1&nav=1&title=Untitled%20Diagram.xml#R7V1bc5s4FP41nmkf6kGI62OSbbc70%2B50prPd3aeMDIrNBpAX5DjeX78SSDZIJHENBhs7Dw4cxO37znd0O8A 15:43 < dreadkopp> E3iXPv2ZoufhKQhxPTCN8nsBfJqZpehCyf9yyKS0AQLu0zLMoFLad4Xv0HxZGQ1hXUYjzWkFKSEyjZd0YkDTFAa3ZUJaRdb3YA4nrZ12iOdYM3wMU69Y%2Fo5AuSqtnujv7ZxzNF%2FLMwPHLLTMUPM4zskrF%2BSYmfCj%2Bys0JkscSN5ovUEjWFRP8OIF3GSG0XEqe73DMwZWwlft9emHr9roznNK9dnDKPZ5QvMLykosLoxsJRnE7mO9gTODtehFR%2FH2JAr51zfhntgVNYrYG2KI4HM4ofn7xmsD2TpkLYZJgmm1YEbEDFNgI53E9sb7eMQF9YVtUWDAdYUSC%2Ffn20 15:43 < dreadkopp> DsE2IIA4QVA7NMD5INp1CGBvqVBAqDVgIlrOu0xkW5fgQCHTC9ilWR0QeYkRfHHnfW2DlIFEHbT2eYvbp%2FacvVvUaxY%2BYaziF0jzoTxH0zpRsQItKKEmXan%2FELIsoY0v7LXcWY3QlZZIEoJeinK5liUcprZyHCMaPRUP3orXN92tRDliyYQWdxY8iLJ85yH4Cla53CKArpClDDcbh%2BiOL4jMV9mh4G26Vt37KpuWekwYnDIbSlJcVdOatedFLi6bl1nautO6negW%2Fg2lipmQZQHZJqvIxoscD6N0QZn9%2BZ9hhNC8X1pr6NeY0OB2ICO57ucGpqRR1zZIioAuUV 15:43 < dreadkopp> WKAzLW454xKqdL2iG428kj2hEUrZtRiglSaXATRzN%2BQbKvf2WrGgcpewcsvYzuuHQ8RQKfZ1CYACdQbsDBq2DGcQZu%2Bt8ygjB5fJlsfYBuFDKShBn2TpxFtR5c8wOopjXZe1w3GDv6MG%2BjBwton2x602WoU2lwJJEKc0rR%2F7GDVXOgFtjzK431NhCecgdBdtr24uVPdp1zWpK2G8hqSjA96x9zbw%2FvjQ92Va9udVUk1m6miyvgygINJ5OVk2urqZBxCQrf0GX2bGU3KuUDpfSgErSaTpZJXknoiTg1Gsl2bD79EJ5F4LXyreWnneV3qHSA8owSq%2FSg%2BcjPf9 15:43 < dreadkopp> EpAdNRXruT0rP7VZ6%2FlV6h0pvO6AxhPSsLqVXHavzrdpo3dQbZrxOThEMLljLVQTrvyFYy3itfGvBSmCuiv15xVrWgIq1j6JYUFerPZBa5ezd0Gp1lOoVGq%2Br1TNAq%2FJyIqkzdYOrug9Vtz1kfez0oO6BtG2eiLZdW9G29YZWTaNVefBW09wDr5VvHwvMayw4NBa4Kvd9xoJO59GPLG54IuL2lYpbjmvs2y9WyrcX38EzzVfxeQNWxGCPYfzeE3ssR5m43Yan6sStVEAVkm22TytM9hhf7RsT2xgWkz3yv15PQ8gpSkOUhfcLktPL0vcHE6jcWQ3cHSkRAbTOILlg6mw 15:43 < dreadkopp> le6tP4uAZTReAhvmCMma0aBjt7eHXQfnDc9t8NUnK8ezeWh%2FmdXD28MFZYzjarqNuh09A22Aw3qBOUyezYCcxpi59cJAqSJ78qogD5oXdASOZfz5tLLNh7KnydNSRHbzd%2BA4KApzn98Wo1oV4t8xgBg2DOQ1Pe0Crg%2FhuaJycrjdbDd78ApSde7McDD1XoNyWOB2W2aFkrVpvzPco%2BcdWx9M9hz8Zc6kRSabUuU6NmF4jVKd5WEcWnt0QoXp7CPLgAdcL927Hr4cdx%2BjRuzvNWTqydzc89OUNUa24Mp1deUjvpWpFTca3Ok6uh8dJTVEe695u67mT3MC6fw6sq3n 15:43 < dreadkopp> gnbN%2BRkkITSSCth3BXlhUk4M7Z%2FGMHrptZLFtB6gXFtWk0c5ZPKdBmSYWzXNgUU0P7JpF65wGI5pYHCZp8ydZVPPAumax5RPzwOYv6bmsDojythDLF4xWOiC%2BQLX2spAuUin1zKXfUta2TDF3GX4Y0%2BDvJUsmphPzjuEsY0tzur3zCqsMAaXrWCdFvCOnyqAwIYFzgNOiXasRkERhWMi9KW%2BqHgI6IOTDdt5LyX2sJXE0vTmri9e36LkJmC700DgetIEynQN7RFtm69TR1gd7x4T2cGDrWQAMbL16GA3YQE2S7xNsswlsPUNsNGCb3oBg65OdDGx96Ho0YFvqWxH 15:43 < dreadkopp> 6BFufx2Fg6yOpowHbHtKz9WkFBrY%2B4jkasN0hK0i978TA1gcaRwO25ylgNz2icCyw9QdZnmbZiBvaykNDtuH2h7XezWRYj7iZbbmWArbZH9h6D3JG0nDEnu0qYaRP15Yvy6679og7NRrYfo9gN%2FQg0wtybKfhHe5Hw1rvQD7RFNMRu7apwu30CLfehSzgHnElCdQnUvqEW%2B9EFnCPOJgo6ZW9oq33Ij%2BTnE6Z6Y%2FZKqUrtgC8qcFIMW6KPX8kOT9nhtnvvzhhBT49PiXjJUcbBbflG%2Biq74xv4geADj5N4eg9z%2BVDjtOc4%2F%2FjKyfqy83vnJ0iT5CXjBD 15:43 < dreadkopp> %2FFSHKeJcSPmMkPiTDkOFfmmE%2FouVpzFZ8cx6l85gfMo0Cfmske%2BTHeohSzE%2BRY0pZie3JiiPISsd413zw92whxijMpXWB0dOmAD945N%2BnYZtJccnvJqaDEk5fMYHlM6e03%2FPzfkZZuC597W6Bg8d8xTzNIA8PMUH8ZGGUo1mMw%2BnWPdn17%2FzzKWKeQ4obKD52UN4CM7FfDAyeT2iEBPMdSpQWOF5OR%2BzLchfhyl5Dr970zQZXdruINXq%2FfhdjnDLGlB4t3S8gyTLGFMcb4YvjpcZWqtxGamBTlDmgGmCruy8wlakEu%2B9cwY%2F%2FAw%3D%3D 15:44 < dreadkopp> my problem is that as soon as i set pfsense LAN to vtnet2 (aka the interfac behind the bond) i get heavy package loss. another ubuntu VM at the same bridge behind the bond works completely fine though 15:45 < `whoami`> dreadkopp: maybe put that URL in some URL shortener, it got splitted in like +10 parts. I higly doubt anyone will bother to copy/paste all the chunks 15:45 < dreadkopp> oh .... didn't do for me... but sure XD 15:46 < dreadkopp> goo.gl/L1GzmV 15:46 < `whoami`> thanks for them :p 15:47 < endeebee> Anybody know how to find name of AD domain and domain extension on win 15:49 < rewt> dreadkopp, irc has a limit of about 250 characters maximum per message, including headers, so your client automatically splits the lines when sending, even if it shows the whole thing to you in 1 message 15:50 < aditya7400> is anyone here looking for or knows someone who is looking to hire a junior sysadmin> 15:50 < Aeso> endeebee, you looking for the domain of the user or the computer? They don't always match fwiw 15:51 < endeebee> Aeso What dont always match? If i type `wmic computersystem get domain` it should give result i want no? 15:52 < Aeso> endeebee, that will give the domain of the computer, yes. But the domain the computer is part of and the domain of the user logged in aren't always the same 15:52 < dreadkopp> rewt i just crtl+c / crtl+v -ed without checking the length of the link 15:53 < dreadkopp> aditya7400 solve my problem and i think about it haha 15:53 < aditya7400> dreadkopp: are you serious or are you kidding 15:53 < Aeso> aditya7400, haha typically suggests kidding 15:54 < aditya7400> at this point i cant tell 15:54 < dreadkopp> not in the position to offer you a job, but i would have thought about it - as i said XD 15:54 < aditya7400> i just failed every fucking exam i ever wrote 15:55 < aditya7400> im fucked 15:56 < kottt> maybe a switch loop? 15:56 < Aeso> aditya7400, eh, in the real world no one cares about exams 15:56 < regdude> dreadkopp: from your description you might be dealing with packer misordering, try using different transmit hash policies on the bond 15:57 < Aeso> ^ this 15:57 < Aeso> also if you're not using LACP, verify both ends are using the same hash algorithm 15:57 < aditya7400> Aeso: they do seem to care if you have a college degree and i literally cannot get into a single one 15:57 < Aeso> aditya7400, nah, that's bullshit too 15:57 < aditya7400> apparently i can get into US colleges but im too broke for those 15:57 < dreadkopp> regdude okay, lemme see into that / how to do that. to me it is weird that the ubuntu vm works flawlessly though 15:57 < Aeso> you only need a degree if you want to move into management some day 15:58 < aditya7400> and how exactly is someone going to hire me 15:59 < regdude> dreadkopp: I haven't created bonds on Ubuntu, each distro seems have a different network daemon and can use different default values. But it is just a guess. You can verify this theory by replacing the bond with a single link. If everything works, then bond is the issue and packet ordering issues are very likely to cause packet drops 16:00 < Aeso> aditya7400, in almost all IT fields, experience is king: Go work helpdesk or L1 tech in a NOC or work for an MSP, etc for a couple years and your experience will carry you from there. 16:00 < aditya7400> Aeso: where? 16:00 < aditya7400> do you know any place that will hire me? 16:00 < Aeso> aditya7400, there are at least thousands of companies wherever you are, and almost all of them need IT support 16:01 < dreadkopp> regdude : when i replace the bond with a single nic it works fine. however when i connect a ubuntu vm to the bridge behind the bond that one works a-okay as well. only the pfsense vm at the bridge behind the bond fails. Host is reachable via the bridge behind the bond as well 16:01 < aditya7400> Aeso: try finding an indian company that hires a high schooler 16:01 < dreadkopp> for transmit hash policy i found that it is only for balance-xor and 802.3ad, while i am using balance-alb 16:02 < djph> aditya7400: any of the callcenters with people who read from scripts and can't do anything to actually help the caller. Or, y'know, anywhere looking for help 16:02 < Aeso> aditya7400, I don't have any statistics on hand but I'd wager you're pretty wrong about that 16:03 < aditya7400> literally everyone has a college degree 16:03 < djph> Aeso: although, if he is indeed only a kid in highschool, it may be a bit more difficult. 16:04 < aditya7400> the only thing im halfway good at is something i learned completely by myself (networking and sysadmin) and theres 0 formal proof of this 16:05 < Aeso> aditya7400, I was in the exact same boat 5 years ago. College dropout, looking for anyone who would at least let me sit for an interview so I could show them 16:05 < aditya7400> at least you got into collge 16:05 < regdude> dreadkopp: actually you noted that >95% packet loss, that is not very common for xmit policy issues, that is more likely to be a traffic loop, is RSTP even enabled in your network? 16:05 < Aeso> it just takes perseverance 16:05 <+catphish> aditya7400: where are you? perhaps i missed that, kinda important 16:05 < kottt> aditya7400: certifications exist specifically to prove that you know what you know 16:05 < aditya7400> im in india 16:06 < aditya7400> but i have the option of moving to the US (citizen) 16:06 <+catphish> aditya7400: i don't have a degree :) 16:06 < kottt> pretty sure certs are still available in India? 16:06 < aditya7400> i guess 16:06 < dreadkopp> regdude not that i am aware of ... currently we got a old ipfire installation managing the network which i like to replace with pfsense 16:06 < aditya7400> like technical certs? 16:07 < kottt> https://www.comptia.org/international/india/home Sure. 16:07 <+catphish> you can either do some technical certs, or you can just keep applying for entry level jobs until you get lucky 16:07 < Aeso> ^ 16:07 <+catphish> or you can persist with school and try to get a degree, i wouldn't go to the usa for that, seems like a waste of money 16:07 < aditya7400> theres no indian school which will take me 16:08 < kottt> A+ is super basic technical cert, basically shows that you have a pulse and can troubleshoot a problem, but it's a step up from nothing. 16:08 < kottt> a lot of people shit on certs but in the absence of a degree they seem like a pretty good alternative, to me 16:08 < aditya7400> huh 16:09 <+catphish> aditya7400: well if you can't do school, you'll just have to try to get an entry level job, keep applying, be willing to move, all of USA + all of india is a big area :) 16:09 < aditya7400> time to apply i guess 16:09 <+catphish> certs are a good option to help with the applications 16:09 < aditya7400> how competitive is the sysadmin market anyway 16:09 <+catphish> IMO sysadmin is not a job any more 16:09 <+catphish> everything is devops now 16:10 <+xand> er 16:10 <+xand> not everywhere :) 16:10 < regdude> dreadkopp: well running such a network without RSTP is not a good idea, visually it seems that you have a physical loop, you should check the logs (do Ubuntu tell you about loops in dmesg?) and check the stats, you might see 1kk bytes from a single packet. On the other hand, unlikely, but possible, the bonding mode might not be a good option for your traffic, try switching to LACP or balance-xor (both are very common) 16:10 <+xand> depends what you mean by sysadmin I suppose 16:11 < dreadkopp> regdude: lemme go to the devils cave aka our server room and lemme double check the cables :) 16:11 < Aeso> fuck devops. Devops positions are inevitably filled by programmers who are in _way_ over their heads 16:11 < dreadkopp> back in a few 16:11 <+catphish> i'm thinking of the software-as-a-service environment, i would never hire anyone just to manage servers, i'd expect them to be writing software too 16:11 <+catphish> but maybe in other environment there are roles just for systems management 16:12 < Aeso> catphish, if your business model is one where you have a short list of services that are easily containerized, sure 16:13 < Aeso> the bulk of companies don't operate in that space, though 16:13 <+catphish> Aeso: there's some truth in that, but it's far more efficient than having people who are great at servers but don't do much, and others who write code with no regard for the systems it will run on 16:13 < regdude> dreadkopp: I mean in your diagram it seems like you have a loop, but there is no way for us to know which ports are allowed to forward traffic from each port 16:13 <+catphish> Aeso: i'm totally skipping over the perhaps more typical corporate environment though 16:14 <+catphish> i come from a background of "everyone does everything", because my company started with 2 people 16:14 < dreadkopp> regdude in the diagram you see a loop ? 16:14 < regdude> dreadkopp: well everything seems to be connected to ... everything 16:15 < detha> catphish: the typical devops person can sort of configure a server, but has no clue about server hardware, part numbers for stuff that fits together, etc. 16:15 <+catphish> consequently i expect my developers to be sysadmins too, i'm sure this isn't the case everywhere 16:15 < detha> small-scale, devops works. larger scale, things get so specialised one person can not do everything any more 16:16 <+catphish> detha: frankly, i don't think that stuff is necessary, i just buy servers from dell, they arrive assembled, devs don't need to care how the hardware works, that's linux's job :) 16:16 < Aeso> catphish, lol, because linux and the applications running on it will totally maintain themselves, and ship with security-focused defaults 16:17 < detha> that's the typical 'it runs slow? oh, throw more $$$ at hardware' solution. Works for 10s of servers, costs $$$ when you order 1000s 16:17 <+catphish> Aeso: i don't understand what you're implying 16:18 < kottt> catphish: the implication is that you're ignoring the issue of software maintenance and having people who know best practices of server administration 16:18 <+catphish> kottt: i don't think i implied that at all :| 16:18 <+catphish> all i said was that i expected this of developers 16:18 < kottt> yes but you didnt specifically say every single thing that you account for so you left yourself open to criticism 16:18 <+xand> catphish: there are too many webdevs-trying-to-sysadmin people around, who have NFI what they're doing with OS stuff and make a complete balls-up/security nightmare 16:18 <+xand> see: NPM 16:18 < kottt> because this is the internet 16:19 <+catphish> kottt: lol 16:19 <+catphish> i also didn't mention my fire protection policies 16:19 < kottt> clearly an arsonist 16:19 <+catphish> but please don't assume i don't have any :_ 16:19 < Aeso> catphish, I mean everyone who's hiring is looking for these types. But frankly as someone who cleaned up the messes 'devops' makes on contract for a couple of years, those types are not _nearly_ as prevalent as the positions available 16:20 <+xand> then there's the people who hate any kind of config management (Puppet etc) and need to be shot 16:20 < detha> there are very few devs that can be trusted with prod servers. And I say this coming from a 'everybody does everything' environment. 16:21 <+catphish> xand: that is absolutely true :) but for the most part, people can learn in time if properly assisted 16:21 <+catphish> of course, one doesn't expect the new javascript guy to configure new systems 16:21 <+catphish> but i think an integrated approach leads to better understanding, and more eyes on security 16:22 < Aeso> tell that to the multiple companies I ran across dumping every single version of their code and build into unsecured S3 buckets 16:22 < kottt> xand: can you qualify your assertion about NPM and security nightmares? 16:22 < kottt> i'm curious 16:23 < kottt> and not finding anything on google that seems to back it up 16:23 < detha> hahahahahaha. Admittedly, it enables the devs to remove those pesky security features getting in the way quicker 16:23 <+xand> kottt: pls wait 16:23 < kottt> sure 16:23 <+catphish> npm, where developers can randomly install random 3rd party software by accident 16:23 <+xand> https://www.reddit.com/r/sysadmin/comments/7zdoq3/warning_sudo_npm_will_chown/ 16:23 <+catphish> the same sadly applies to most high level programming language package managers :( 16:24 <+catphish> i use ruby, it has rubygems, you can easily have dependencies with dependencies that you never notice / audit / have any idea who wrote them 16:24 <+xand> yeah that's another problem 16:24 < kottt> kind of a commentary on the state of software development in general, isn't it? 16:25 < detha> nobody builds software from scratch any more. So you trust compilers, libraries, tools, ... Why not trust some random node.js on the internet? 16:25 < Aeso> to be fair, I'm not saying it can't be done. There are definitely people out there who can do both. But you'd better be _really_ sure your devops team are as good as you think 16:25 <+xand> curl | sudo bash 16:25 < kottt> :Z 16:25 < detha> no different from 'install repo key for X project', add repo, {yum,apt-get} install foo 16:26 < detha> Both give full trust to something only identified by the SSL cert on some website. 16:27 < kottt> alright, but what if we put it all on the blockchain? 16:27 < detha> Now you are talking 16:27 < ^7heo> hodl it baby 16:29 < linuxconformer> what are ingress and egress? 16:29 < linuxconformer> wrt networking/connections 16:30 < Aeso> linuxconformer, ingress = packets in, egress = packets out 16:30 < Aeso> from the perspective of the device you're configuring, of course 16:30 < ^7heo> this should be renamed ##flossworkingIcantgooglewelp 16:30 < linuxconformer> Aeso: how does that work wrt ports? e.g. if i have egress for all ports, and ingress for port 80 16:30 < kottt> floss??? 16:31 < kottt> linuxconformer: what context is this? 16:31 < linuxconformer> kottt: openstack security group roles 16:32 < regdude> probably firewall, I think there was an option where you select to which ports to listen on WAN and LAN side 16:32 < kottt> so like a firewall rule? 16:32 < kottt> in that case, ingress 80, egress all ports means you'll listen on 80 (and allow that traffic) and respond on any port selected by the server 16:32 < kottt> and that egress will be allowed out, by the policy 16:33 < dreadkopp> regdude when saying that everything is connected to ... everything you specifically point at vtnet1 dn vtnet2 of the pfsense machine ? only one of those interfaces is used at a time though 16:35 < regdude> dreadkopp: no, I think you draw every single port as a single device and then connected them with a line, now that is confusing 16:37 < L_user> hey 16:37 < L_user> relatively simple question (i think, i hope) 16:37 < L_user> my home network is capable of 1000 mbps across the board 16:38 < L_user> so why is it when i ftp, the most i seem to get is.. oh 130 if im lucky 16:38 < regdude> MB/s? 16:38 < L_user> bits 16:38 < mAniAk-_-> L_user: limited by disk speed? 16:38 < mAniAk-_-> 130bits per second? 16:39 < L_user> disk speed is the bottleneck? plausible enough 16:39 < regdude> does your router has a switch chip built-in? 16:39 < L_user> regdude: good question 16:39 < mAniAk-_-> L_user: see what you get with iperf3 16:39 < L_user> dsl-2890al 16:40 < regdude> the SoC has a switch chip, but did D-Link implement it properly... 16:40 < regdude> wait, wired or wireless? 16:40 < Roq> Are you transfering over wireless by any chance? Sounds close the 150mbits 16:41 < L_user> i am indeed going through a standalone switch anyway 16:41 < L_user> regdude: totally wired. 16:42 < regdude> it is possible that D-Link has not properly allocated switch buffers, but can't find if they even use the switch chip. If this is the issue, you should not see problems with UDP traffic 16:42 < regdude> easiest way for you will be to run iperf in TCP and in UDP 16:44 < regdude> 130Mbps that is about 16MB/s, too low even for a 10 year old HDD 16:44 < L_user> just to make sure im downloading the right program and not a virus... 16:45 < L_user> https://iperf.fr/iperf-download.php 16:45 < regdude> wow, they even have it for windows, never even checked. Yes, these will be the right ones 16:46 < regdude> I think you will have some difficulties using them if you are not familiar with iperf, the first thing to note is that you need two PCs 16:47 < L_user> oh. 16:47 < Aeso> L_user, this might seem like a dumb question but we're talking about a local FTP server, right? 16:47 < L_user> can a switch slow down speeds 16:47 < L_user> the only dumb question is the one thats not asked 16:47 < L_user> but yes, localalized 16:48 < mfreitag> yes a switch can slow down speeds a few ways 16:48 < Aeso> do a packet capture during a transfer, even tiny amounts of packet loss can cause big dips in TCP throughput 16:48 < L_user> its basically my computer, desktop running windows 10, using filezilla, through a loong ethernet cable, into a small switch, through another loong ethernet cable into my router, THEN another ethernet cable outta my router into my playstation 3 16:48 < L_user> so its going through a switch and a router before it gets to my playstation 16:49 < mfreitag> sometimes if you overrun a buffer or something or the switch dies, mainly a switch slows things down if you've got one that only does 100Mbps but everything else can do 1Gbps 16:49 < regdude> is it a smart switch? if so, then MAC learning should not even let traffic go through the router 16:49 < mfreitag> use that 100Mbps switch with 1Gbps and anything connecting to that will do 1Gbps 16:49 < regdude> but I have seen a few cheap switches having hard time with TCP, though because of 1G->100Mbps 16:50 < L_user> i think it is 16:50 < L_user> i only got it 2 or 3 yrs ago its pretty 'new' 16:50 < mfreitag> one of my friends once got very confused by that distinction, I showed him some netgear 1Gbps switches and he wondered where the $40 one was 16:51 < L_user> https://acatana.com.au/assets/images/medialibrary/content/catalog/1638/97248/cf/035.jpg 16:51 < L_user> its this little fucker 16:51 < Aeso> lololol 16:51 <+catphish> L_user: wow, that's some serious cost saving 16:51 < L_user> its all i needed 16:51 < Aeso> I wouldn't trust that thing as far as I could throw it 16:51 < mfreitag> this is why I don't use dlink ever 16:52 < L_user> :P it works. the one before that was like 10 yrs old and 5 times the size 16:52 <+catphish> i've never even seen an 8p4c socket before 16:52 <+catphish> but it probably works 16:52 <+catphish> the switch ICs are cheap and reliable 16:52 < Aeso> L_user, apparently it doesn't, given you're here talking to us about throughput :P 16:52 < mfreitag> get yourself one of these they're great I've had mine like seven years http://www.netguardstore.com/GS105.asp 16:52 < L_user> one thing i could try which is dead simple not sure why i didnt try it before is just power cycle it 16:52 <+catphish> i like those netgears, use them for my home stuff 16:53 < regdude> it is a smart switch, traffic does not even go to your router 16:53 < L_user> mfreitag: i have something that looks like that but havent plugged it in yet. let me show you 16:53 <+catphish> regdude: afaik there's no such a thing as a switch without MAC learnin 16:53 < fnDross> any of you deal much with Xbox one?? it keeps changing its connection speed between 10/100 and 100/1000 when the xbox is off 16:53 <+catphish> even the most basic switch will do it 16:53 < detha> that'd be called a hub 16:53 < mfreitag> I'm at a university where our housing department once asked for a recommendation for a switch to stock up on so they could lend out to students, I told them to stock up on the FS105's without hesitation 16:53 < tds> those unmanaged netgears are alright, the lower end smart ones do some stupid things though 16:54 < Aeso> catphish, regdude, yeah, that would be a hub at that point, not a switch 16:54 < fnDross> and could xb--100/1000----> switch >---10/100-->router, cause the data to be throttled, causing the router to reboot? 16:54 < regdude> catphish: oh, there is, the sexier female on the ad the less MAC table size 16:54 <+catphish> detha, Aeso not quite 16:54 < mfreitag> fnDross yeah it does that I never really bothered with it, doesn't hurt anything so I just let it be 16:54 <+catphish> the mac table might be small, but it pretty much always exists 16:54 < fnDross> i replaced a dir-601(cause it kept rebooting) with dir-615.... and even its rebooting 16:55 <+catphish> fnDross: sounds like bad switch, NIC, or cable 16:55 < detha> actually, with proper SDN the switch doesn't do MAC learning any more 16:55 < mfreitag> fnDross catphish my xbone switches itself between 10/100 and 100/1000 when powered down all the time 16:56 < Apachez> https://www.youtube.com/watch?v=7PH5bwXKApo those of you (muricans) who complain at UPS and FEDEX, watch THIS deliveryboy in action =) 16:56 <+catphish> what is "100/1000" ? :| 16:56 < fnDross> switch is brand new go-sw-5g... so i have it narrowed down to both routers are toast, bad power, bad cable causing high resistance 16:56 < L_user> mfreitag: https://www.netgear.com/support/product/RP114.aspx 16:56 <+catphish> mfreitag: i suppose it's quite possible it uses 100Mbps for sleep, and gig when its awake, can't think why though :( 16:56 < L_user> mfreitag: thats what i have but havent plugged in yet. someone gave it to me who was moving overseas. what you think. yay or neigh 16:57 < mfreitag> catphish "100/1000" for me is the lights on my GS105 show the xbox is connected at 1Gbps 16:58 <+catphish> mfreitag: oh ok, probably related to the LED color 16:58 < mfreitag> also catphish ask Microsoft why it does that :P 16:58 < endeebee> friends, when i run dsquery ou i get a list of items like "OU=Dep,OU=comuters,OU=Independant,DC=example,DC=com" 16:58 <+catphish> might be a power saving thing 16:58 < fnDross> so it is normal for XB but not networking in general 16:58 <+catphish> 100Mbps needs less power i imagine 16:58 < endeebee> does this mean there is an OU "dep.comouters.independant" on "example.com" 16:59 <+catphish> i've seen servers negotiate 100Mbps when pwoered off, and gigabit when powered on, but never flap between the two, but the xbone probably wakes up periodically when it's off 16:59 <+catphish> to check for updates etc 16:59 < fnDross> seems timed at 1-1.5sec toggle 17:01 < fnDross> cant wait to put all this crap in the basement, finish arduino->make money-> buy real stuff 17:01 < dreadkopp> regdude well... seems like i have solved my problem .... the nics *maybe* where connected to random switches. plugging them all into one => works 17:01 < endeebee> How is this intrepreted OU=Sales,OU=Usuarios,DC=mycompany,DC=ecu,DC=co is it like "Sales.Usuarios" OU exists on "mycompany.ecu.co" 17:02 < L_user> mfreitag: what you reckon 17:04 < fnDross> mfreitag: you tried different cables? all i have are the crap 'heres ur modem/router' cord -quality cords =D 17:07 < fnDross> save me time and mostly money.... xb--cat5--sw--cat5e--router 17:13 < mfreitag> L_user that's... special. And fnDross yes I'm sure my cables are good my Fluke DSX says so 17:16 <+catphish> i wonder why a server sending frames round-robin between 2 switch ports causes packet loss 17:18 <+catphish> it's certainly not ideal, but i wonder why it causes problems 17:19 < L_user> mfreitag: is this thing a router or just a switch 17:20 < L_user> also just making sure, *all* ports on a switch like this are 1gb? 17:21 < djph> L_user: a switch like what? 17:22 < mfreitag> L_user my GS105 is just a five port gigabit switch, the Fluke DSX is an $11,000 USD cable tester 17:22 < fnDross> holly crap :O 17:23 < mfreitag> it's not exactly mine it belongs to my workplace but we've solved so many strange issues so quickly with that thing 17:24 < mfreitag> like "this host keeps dropping off the network" because the port was flapping but why was the port flapping? tested it with the Fluke and one side had too much cross talk between the green and orange pairs, wire map passed with flying colors 17:24 < mfreitag> repunched the jack, retested the cable, no more cross talk, no more host going offline 17:25 < mfreitag> that thing is *amazing* 17:26 < mfreitag> and I brought my home patch cables in and tested them with that and they're all fine 17:26 < mfreitag> going between 100Mbps and 1Gbps at odd intervals when powered down is just in the normal behavior of an Xbox One 17:28 < fnDross> i still have plans of replacing most cords tho...some of the wires(not metal) are showing from the main jacket 17:29 < fnDross> want to find something to make short 2-3 inch cables with the option of using yellow/red/orange & blue (depending on thier purpose) 17:31 <@pppingme> catphish frames have same mac addr? 17:31 < fnDross> locally only have the option to A) buy a whole spool or B) take in my crap cords.. and still end up with no color coding 17:32 <@pppingme> fnDross What are these cables for? Ethernet has a one meter minimum, so if this is device to device, you'll have issues 17:32 < localhorse> does anyone here have an idea why my websocket connection doesn't work over wifi? https://users.rust-lang.org/t/websocket-connection-timeout-problems-over-wifi-off-topic/16978 17:35 < aditya7400> localhorse: .... 17:35 < aditya7400> if you havent made a dumb mistake 17:35 < aditya7400> consider exorcism 17:35 < fnDross> pppingme: for connecting the routers together(is a short distance not enough resistance leaving too high of a voltage?) 17:35 < localhorse> aditya7400: what do you mean? :) which dumb mistake could i have made? 17:35 < Aeso> pppingme, say what now? Minimum 1m? 17:35 < fnDross> routers are mounted on a small shelf 17:36 < aditya7400> localhorse: im not sure 17:36 < aditya7400> did you piss off any supernatural beings lately 17:37 < localhorse> aditya7400: i hope not.. 17:37 < Aeso> 1000BASE-T specifies that max receive power is higher than the max transmit power 17:38 < Aeso> why would there be a minimum cable length? 17:38 < localhorse> aditya7400: i really need to get this working .. i have a life performance soon.. 17:38 < fnDross> i figured having all the excess length on the bottom of the shelf was a bad thing in the regards to crosstalk/RF 17:38 < localhorse> live* 17:38 < aditya7400> shit 17:38 < aditya7400> i feel you 17:38 <@pppingme> It has nothing to do with resistance, its a timing issue, google it 17:38 < aditya7400> but i have no idea 17:38 < skyroveRR> Hi pppingme 17:39 < fnDross> so im guessing that patch panels use some sort of TTL or something to correct that? 17:41 <@pppingme> patch panels are a passive device, they don't touch anything at L2 or L3, so no TTL changes 17:41 < fnDross> but they use short cords dont they..? 17:42 <@pppingme> think about that.. in that case, they are just extensions.. so if you have a 1/2 meter cord between switch and patch panel PLUS 20 meters of cable behind the patch panel to its endpoint, you effectively have a 20.5 meter cable.. 17:47 < Aeso> pppingme, I can't find anything in the specs of the standard or any of the common PHY chips that indicate a minimum length 17:48 < Aeso> so unless you can link me a credible source that explains this issue, I'm going to have to call BS 17:48 < L_user> [01:21] L_user: a switch like what? - https://www.netgear.com/support/product/RP114.aspx 17:50 < ||cw> pppingme: only think I can find that is certain cable testers, and probably most certifiers, have a 1M min because measuring shorter would need a serious bump in hardware specs 17:50 <+catphish> pppingme: yes 17:51 <+catphish> pppingme: one mac flapping between ports at a high rate 17:51 < ||cw> but that's measurement, not operation, which are only related at a theoretical level 17:54 < fnDross> anyone cite info? want to know which direction to go.. 17:54 < L_user> fnDross: one direction 17:54 < fnDross> cause that rodin coil on the bottom of the router shelf is probably a huge RF issue 17:55 <@pppingme> google "reflected FEXT" for details, its a real thing 17:56 <@pppingme> and 568b standards do warn against it, annex K I believe 17:57 < fnDross> L_user: https://www.youtube.com/watch?v=LCIlL50OOXk << probably what my cables are doing 17:57 <@pppingme> google "annex k reflected fext" 17:57 < psprint> Hello. If I have typical network created by a wifi router. Is there such thing in this network: sending directly from host A to host B? Because it looks like everything has to go through gateway anyway. So first packet sent always has ethernet frame directed towards gateway? 17:58 <@pppingme> psprint it goes through the AP, not the router.. a typical consumer router consists of about 5 parts.. router, firewall, switch, AP, and so on.. 17:58 < Emperorpenguin> psprint: no 17:59 < psprint> Emperorpenguin: so how does arp-scan work? Because it has to direct its "Who has 192.168.0.10" ethernet/ARP frame towards all hosts in network 18:00 < Emperorpenguin> Yes well that's broadcast 18:00 < Emperorpenguin> It's not going TO the router 18:00 < Emperorpenguin> It's going to everyone 18:01 < fnDross> "For Category 5e and 6, there is no minimum length requirement. ANSI/TIA/EIA-568-B.2-1 in Annex K does give a warning about reflected FEXT on shorter links with minimally compliant components. The obvious solution is not to purchase minimally compliant components. In the early days of Cat 6 when vendors were struggling to do better than marginally compliant, short links were an issue. 18:01 < fnDross> Today, this is not an issue if you stay with a main stream vendor." cite: https://networkengineering.stackexchange.com/questions/7483/minimum-ethernet-cable-length?utm_medium=organic&utm_source=google_rich_qa&utm_campaign=google_rich_qa 18:03 < fnDross> so both are right, depending on hw 18:04 <@pppingme> Its always best to assume that you're on the bottom edge of being compliant, and if you're making your own cables, YOU AREN'T COMPLIANT... 18:05 < Aeso> pppingme, well, you haven't tested anyways. That doesn't mean you can't still be compliant 18:05 < Aeso> at least w.r.t. the performance characteristics 18:06 < ScriptGeek> If RSSI is lousy, but signal strength is good, would this indicate lots of interference? 18:08 <@pppingme> ScriptGeek lousy rssi means you have a crap or weak signal.. they essentially mean the same thing 18:08 < fnDross> so would putting the excess cord length into a couple of those shielded bags new hardware comes in, have any affect? 18:09 < ScriptGeek> pppingme, awesome, thank you 18:11 < ScriptGeek> I'm running a program called WirelessNetView and it shows some networks running similar RSSI values, but the program shows it's signal % is much lower. What could this mean? 18:18 < ||cw> ScriptGeek: signal % is based on a receiver sensitivity (dBm) assumption. likely the 2 are just using different values 18:19 < ScriptGeek> makes sense 18:22 < psprint> pppingme: AP looks like if it was a kind of switch, but you enumerated switch separately. What does AP? 18:35 <@pppingme> psprint ap=access point, its what bridges wifi clients to ethernet (the switch) 18:36 < psprint> ahso, it's a bridge 18:36 <@pppingme> yep 18:43 < guest09328> A Cisco-device related question, but anyway, 18:43 < guest09328> When i am configuring ICMP under Device Management -> Management Access -> ICMP, what am i actually doing? Am i configuring Access Rules or? When i am configuring the ASA with the following commands via CLI: policy-map icmp_policy;class icmp-class;inspect icmp; , how is that related to the stateful ICMP inspection on the ASA - is this the commands that "enables" the stateful ICMP inspection or? When i am configuring ICMP inbou 18:43 < guest09328> ->Access Rules, how is this related to the stateful ICMP inspection on the ASA? 18:48 < ScriptGeek> Do you think this is a good buy? https://www.simplewifi.com/products/yagi 18:51 < drathir> skyroveRR: hi, hi... 18:55 <@pppingme> ScriptGeek closeups look cheap, you can see seams, it should be one piece 18:55 <@pppingme> it doesn't look like much more than a pringles cantenna... 18:56 < purplex88> what are edge switches and how they are different from normal one? i heard there's a "core" switch too 18:56 < purplex88> is there a simple difference e.g. where they are used 18:56 < Phil-Work> purplex88, they usually differ in spec 18:57 < kenlumbo> looks like a pringles can clone ;) 18:57 < ScriptGeek> pppingme, the outside is just plastic, though. I'm not sure why they call it a cantenna with the plastic housing, seems like they should have just called it a yagi 18:57 < purplex88> Phil-Work: why its called core and edge? 18:57 < kenlumbo> purplex88: take a look at a diagram, you can see why it's called edge and core 18:57 < kenlumbo> edge, on the edge... 18:57 < kenlumbo> core, in the core... 18:58 <@pppingme> my point is, for that price, there should NOT be a seam, especially on the outdoor version 18:58 < Phil-Work> purplex88, edge switches tend to sit at the edge of your network and connect to other networks 18:58 < ||cw> if it's actually a yagi the plastic "can" should be a radio-transparent cover 18:58 < Phil-Work> core switches tend to sit in the middle of your network and connect to your devices 18:58 < Phil-Work> if you have a 2 tier switching architecture, you'll also have access switches which hang off the core 18:58 < drathir> purplex88: probably more power needed for edge ones and are used at connection to other networks AS probably too... 18:59 < purplex88> edge e.g. the point where something enters my network? 18:59 < purplex88> connection to internet 18:59 < Phil-Work> purplex88, broadly, yes 18:59 < drathir> purplex88: yep You peering other external AS... 18:59 < kenlumbo> could be 18:59 < kenlumbo> take a look at a network diagram 19:00 < purplex88> so core switches might be at center and as it seems they are maybe more powerful 19:00 < kenlumbo> because they need to pass more traffic, yes 19:00 < kenlumbo> and possibly handle more protocol changes 19:00 < kenlumbo> etc.. 19:01 < purplex88> then it means my router at home is edge router 19:01 < drathir> purplex88: nope core one in my opinion are just for Your internal infra mostly under one As number... 19:02 < purplex88> theres another terms called "access node" and "service node" 19:03 < kenlumbo> purplex88: yes on the edge router, from a ISP standpoint it would be considered a CPE, and the router you are peering with (or using as default gateway) is a edge router 19:03 < kenlumbo> again, from the ISP perspective 19:04 < kenlumbo> https://en.wikipedia.org/wiki/Customer-premises_equipment 19:07 < anddam> hello 19:08 < purplex88> its misleading definition of core switch: "Core switches serve as the gateway to a wide area network (WAN) or the Internet".. 19:08 < purplex88> https://www.techopedia.com/definition/28787/core-switch-networking 19:08 < kenlumbo> they can 19:09 < kenlumbo> and you often have to traverse through a core switch to get to the tubes 19:09 < kenlumbo> but you would most likely hand off to your core router prior 19:10 < purplex88> but core is not the edge (gateway) as name says 19:10 < kenlumbo> http://www.osyon.com/img/Enterprise_Solution.jpg 19:10 < kenlumbo> see, edge to the devices 19:11 < kenlumbo> then need to go through the core to get to the tubes 19:11 < kenlumbo> generally you don't connect devices such as a PC/laptop/phone/etc.. to your core switch 19:11 < kenlumbo> it's too expensive, ports cost too much 19:11 < kenlumbo> so you get cheaper edge switches that don't need to process that much 19:12 < kenlumbo> you have to think of edge and core at each OSI layer 19:13 < fnDross> Aeso / pppingme; https://ibin.co/40BiL0nelpGO.jpg <--shouldn't i be fixing that RF ball at the bottom? 19:13 < anddam> can someone help me figuring out what is the issue while I try to connect to this 192.168.1.1 device? https://gist.github.com/anddam/e819cae9dcb9f472fc2a456df18e68c7 19:13 < Aeso> fnDross, if your cables are standards compliant, you should be fine 19:13 < anddam> the device is an AP directly connected via eth to my laptop, I'm connected to inet via the wifi interface 19:13 < fnDross> not sure what the final end result of the short cable dis 19:13 < Aeso> some shorter cables certainly wouldn't hurt 19:14 < anddam> the AP is supposedly running an old openwrt image, it pushes some UDP package with src 192.168.1.1 but then I cannot reach it 19:14 < purplex88> kenlumbo: what are tubes? 19:15 < kenlumbo> https://www.youtube.com/watch?v=f99PcP0aFNE 19:15 < fnDross> that bottom router is the XB/consoles router.... 19:15 < kenlumbo> series of them ;) 19:15 < fnDross> its the one that keeps rebooting 19:16 < fnDross> hmmmmm 19:16 < fnDross> could those cables RF ground to my freezer? 19:17 < purplex88> kenlumbo: lol what 19:17 < kenlumbo> US Senator 19:18 < kenlumbo> whenever talking technical about something, always refer to "the internet" as a "series of tubes", or "tubes" for short ;) 19:18 < kenlumbo> afk for a bit, pm me if you need anything else 19:18 < tds> anddam: netstat is deprecated, what's the output of ip route and ip neigh? 19:20 < anddam> tds: update the gist, please 19:20 < anddam> that FAILED doesn't look good 19:21 < tds> what is usben0? an ethernet interface? 19:21 < anddam> it's an usb-to-eth adapter 19:21 < tds> you could do a packet capture, but I suspect you'll just see arp requests going out and not any response 19:21 < anddam> this notebook doesn't have a builtin ethernet NIC 19:22 < anddam> tds: this is a tcpdump on the interface (before I renamed it) https://gist.github.com/anddam/cf276cebc64827a917797ca6b820431d 19:23 < fnDross> Aeso; could those cables RF ground to my freezer? 19:23 < anddam> you can see requests from 192.168.1.1, that's how I guess it's the configured IP address 19:25 < anddam> tds: I'm not big on networking, but two directly-connected devices with 192.168.1/24 configuration should be able to ping themselves, unless something is very off, like the AP dropping everything or so 19:25 < anddam> could a cheap adapter actually require a twisted eth cable? as in no auto-sensing 19:25 < tds> the source of those arp requests also being 192.168.1.1 seems odd 19:25 < tds> Request who-has 192.168.1.1 tell 192.168.1.1 19:26 < tds> Ah, I'm guessing the ones at the bottom of the capture were after you started pinging? 19:26 < obcecado> it is checking for duplicate addresses 19:26 < anddam> tds: correct 19:26 < drathir> anddam: more recently used devices support autocrossing but be aware with poe... 19:27 < anddam> I was hoping to be able to access this via network, otherwise I should go over the serial port and I don't have the required cable 19:27 < anddam> but I cannot figure what's wrnog 19:27 < anddam> let me check a different cable 19:28 < hweaving> Has anyone here used recvmmsg()? And do you have any idea why it might return out-of-order packet information and/or incorrect length information in msg_len? 19:28 < meth> Hallo 19:29 < drathir> anddam: both devices need different ip from /24 range ofc... 19:29 < hweaving> For example if I expect a length of 2000, 2000, 80, 2000, 2000, 2000, 80 I might see something like 2000 80 80 2000 when recvmmsg() returns with only a few packets. Normally it returns with a lot more. 19:29 < meth> How much I supposed to receive on FTTC VDSL2 mode? 19:30 < anddam> drathir: in fact I set my notebook .1.16 19:30 < drathir> meth: but how much what? 19:30 < meth> Down and up stream 19:30 < hweaving> Even weirder, tcpdump and Wireshark report the packets ARE in order. 19:30 < meth> suppose I am 500M away from the fiber cabinet 19:32 < drathir> meth: depend on bandwidtch rules assigned to You, best check contract of isp... 19:32 < meth> drathir, dude I'm asking technically 19:32 < meth> like VPlus is assured 300Mbps 19:33 < drathir> meth: k "dude" technically w/o eq knowledge that impssible to say - depend devices/cables/configuration... 19:34 < meth> in best case how much? 19:34 < drathir> meth: 1+0G ? 19:34 < drathir> 10+G* 19:35 < meth> what's that supposed to mean, talk to me in Mbps 19:35 < anddam> no clue, I'll get an USB serial adapter 19:36 < anddam> still open for any hint if you guys have any 19:36 < hweaving> Actually, looking more closely, recvmmsg() actually appears to be setting incorrect values 19:36 < hweaving> occasionally 19:36 < hweaving> Unless I'm missing something big 19:46 < v4l_> https://pastebin.com/VTB2LFFC why I always see an unreachable hop? 19:48 <+daemonkeeper> Because the ability to forward packets and replying to traceroute (ICMP) are different things. 19:48 < drathir> meth: vdsl2 in spec was 1G in 100m | FTTC in spec needs <300m that Your schema not qualify for both... 19:48 < v4l_> daemonkeeper: so what happened there? that hop is just skipped? 19:48 <+daemonkeeper> No, it simply does not disclose it 19:48 <+daemonkeeper> No, it simply does not disclose it's existence to you 19:49 < v4l_> ah ok, so the reply is not sent to me 19:49 < v4l_> is it normal for 8.8.8.8 or it is just from my ISP? 19:50 <+daemonkeeper> It's your ISP 19:50 < drathir> meth: Your schema qualify for FTTN... 19:50 < v4l_> ok, strange, it happens only with google dns, it is fine with quad9 or cloudflare 19:57 < drathir> meth: in short You probably will get much lover than 66/9... 19:58 < drathir> v4l_: keep in mind isp could hijack request too... 19:58 < meth> drathir, lower? so in case of FTTH I'd get 1Gbit? 19:58 < v4l_> drathir: ? 20:02 < drathir> meth: in case pure FTTH in future for sure even 10+G possible in theory... 20:03 < drathir> v4l_: isp could change dns requests even if You sending it to 8.8.8.8 but that naughty isp... 20:04 < drathir> meth: go in schema You always downgrade network speed to the slowest medium in whole path... 20:05 < drathir> meth: in Your case vdsl2 should probably be the slowest one... 20:05 < meth> that sucks tho, I thought I could be up for 100Mbps/25Mbps 20:05 < meth> FTTC sucks 20:05 < hweaving> I feel like recvmmsg() and recvmsg() aren't commonly used, I'm finding so little information. I'm having to dig throug the kernel source steps instead 20:05 < v4l_> drathir: what is ehy there is DNS over https 20:06 < v4l_> s/ehy/why/ 20:06 < drathir> meth: tecnically vdsl2 latest one are capable to max 1G but You need perfect infra <100m from dslam probably... 20:06 < meth> drathir, FTTC with twisted pairs not coaxial 20:06 < meth> that might make even shittier 20:07 < drathir> v4l_: dns over https isnt less evil in my opinion... 20:10 < ScriptGeek> Is this accurate? 22dBi from an omni: https://www.amazon.com/Ultra-22-dBi-Wireless-Antenna-Sender/dp/B0796PQ98T/ref=pd_day0_147_8 20:11 < redrabbit> its a pos 20:12 < redrabbit> not too expensive so its ok 20:12 < redrabbit> def. not 22 dBi. 20:14 < ScriptGeek> I have a 8bDi TP-link omni and it's not quite spiffy enough to get the job done. Might as well go overkill to find a solution. lol 20:14 < detha> 22dBi omni? I want to see that in real life 20:16 < ac_slater> guys, opinions on the dlink dsr-250 ? 20:16 < ScriptGeek> idk, I'm thinking a panel antenna is gonna get a better signal, but there's so many variables in manufacturing and false advertising 20:19 < detha> ScriptGeek: what do you need it for? 20:19 < pr3c0g> hey everyone, i'm in need of some help regarding a intel wireless wifi link 3945 20:20 < pr3c0g> on linux rfkill output says no on everything, but "ifconfig wlp4s0 up output" is "operation not possible due to RF-kill" 20:20 < djph> even if it wasn't a lie, you'd have to turn the TX on the AP down a shitton to stay legal 20:21 < pr3c0g> * "ifconfig wlp4s0 up" output's SIOCSIFFLAGS: Operation not possible due to RF-kill 20:21 < ScriptGeek> detha, Trying to access public wifi from a distance 20:23 < detha> ScriptGeek: get something like https://www.amazon.com/Altelix-Directional-Parabolic-Connector-Resistant/dp/B06ZYSRDJT/ref=sr_1_fkmr2_1?ie=UTF8&qid=1525112551&sr=8-1-fkmr2&keywords=ubiquity+2.4+grid 20:24 < ScriptGeek> detha, that would definitely get the job done lol 20:24 < MACscr> so i have an ubiquiti edgerouter that is acting as a basic gateway for my management network. I plan to set it up as a vpn server so that i access about 4 vlans. Right now Im simply using an openvpn server on a linux container instead. i want to be able to access the vpn as easily as possible and it not be overly complicated. Think i use pptp, l2tp/ipsec, or stick with openvpn, but configure it on the edgerouter? 20:25 < djph> MACscr: don't use pptp. 20:25 < djph> MACscr: otherwise, ovpn or ipsec 20:25 < djph> *use ovpn or ipsec 20:25 < s7r> I don't have IPv6 on my server unless i connect to the vpn. but this also adds ipv6 route ::\0 and routes all my server's traffic via the tunnel. what route should i put there so that I can be reached on the v6 of the vpn but not forward all traffic by default? 20:25 < MACscr> seems the encryptions for a lot of vpns are overcomplicated as far as the setup. wish it was as easy as simply proving an ssh pub key, etc 20:26 < bartoc> well, there's wireguard, but it's quite new 20:26 < MACscr> providing* 20:26 < ScriptGeek> detha, I would also like to add some info I omitted.. This is for a vehicle 20:30 < detha> ScriptGeek: that limits your options quite a bit. You probably won't get better than ~12 dBi 20:30 < djph> MACscr: so then just copy your server.conf to the ER and call it a day 20:30 < MACscr> djph sounds like a plan. appreciate the tip 20:31 < MACscr> guess all i need to do then is setup the vlans 20:31 < ScriptGeek> detha, ~12dBi for any antenna? 20:31 < djph> detha: next issue, it's in a mobile vehicle with no LOS, and he has to connect to it over a distance of several hundred meters, AND his country limits him to under 30 dB EIRP 20:31 < detha> yeah. mobile means omni, and you won't get better than 12-14 dBi with omnis 20:32 < djph> detha: (I hope I'm just making that up) 20:32 < detha> djph: and through a lead-glass window...... 20:35 < tds> s7r: normally I'd be hesitant to suggest how to disable v6, but you have a few options - I guess you could add an ip6tables rule to reject any output connections with a ctstate new, or mark them and then use rules to have a separate routing table for that traffic with no default v6 route 20:35 < pr3c0g> any help :( ? 20:36 < s7r> the problem is tds, I'd like to connect 3 concurrent tunnels each with its own /64 ipv6 subnet. and i was wondering if there is any route i could use for each tunnel so that it will teach the server to only use it for vpn traffic 20:36 < s7r> right now if i try to make updates from the mirror it goes via the tunnel v6, because v6 is preferred over v4. this is good, but not suitable in my use case. 20:37 < ||cw> pr3c0g: have you tried your distro or rfkill support channels? 20:37 < s7r> basically i don't even want v6 connectivity for my outgoing traffic, i just want to host a web server and have AAAA record (listen on v6) 20:37 < tds> ah, if you want to have multiple tunnels, you'll need to mess with connmarks and multiple routing tables 20:37 < tds> but what I suggested a second ago should allow incoming connections to be established over v6, but block outgoing ones 20:39 < s7r> the problem is, if i remove the ::\0 ipv6 route, the tunnel does not work any more. i cannot receive ping6 from outside world. 20:39 < s7r> i am not sure why 20:39 < tds> if you only want to change the preference of v4 vs v6 rather than block it completely, you should be able to change /etc/gai.conf 20:40 < tds> if you don't have a default v6 route, then you won't be able to send packets back to any incoming connections over v6, so it won't work 20:40 < pr3c0g> ||cw: sorry, what do you mean distro/rfkill support channels? if you mean the distro channel, i've tried 2 different ones, at the moment is lubuntu but it doesn't matter which one, as I noticed this problem on windows, and am trying to fix it on linux 20:40 < tds> hence as I mentioned earlier, you may want to have multiple routing tables (and a default route in one and not the other), then use marks to switch between them 20:41 < s7r> tds: that sounds complicated, i guess? 20:41 < s7r> i understand logically why i need a v6 default route. i just thought it can be different from ::\0 and still receive traffic from the outside world 20:42 <+catphish> morning 20:43 < pr3c0g> hi 20:44 < s7r> tds: what is the easiest way to create multiple routing tables? 20:44 < s7r> is there some tool with gui that will allow me to do this? 20:44 < tds> s7r: you'll still receive incoming connections (syn packets for tcp), but a connection will never be able to establish since you can't send any traffic back to them 20:45 < s7r> yea i understand the perfectly valid point yeah. if I had native v6 from my ISP i could not use this gateway on the tunnel i guess 20:46 < pr3c0g> I have no idea how to revert this hardware