--- Log opened Sun Jun 17 00:00:01 2018 00:01 < jvwjgames> i tried yes and veresa yes that what i needed thanks 00:02 < tds> if that showed the right prefix, then yeah, time to go grumble at their support 00:03 < jvwjgames> uh-oh 00:03 < jvwjgames> it's blank 00:03 < jvwjgames> my config error 00:06 < varesa> }8]: https://i.imgur.com/ZKzCOm0.png 00:08 < }8]> thanks varesa, easier to understand that way :) 00:09 < tds> }8]: is the actual use case firefox, and do you control the vpn server? 00:13 < }8]> firefox. i dont control a server. wouldnt know where to begin to be honest. im not a networking guy at all 00:17 < jvwjgames> I nuked pfsense and will be going with ubuntu 18.08 and istalling bird directly 00:17 < jvwjgames> it should be easier that way since they have documentation on it 00:19 < tds> that seems like a slightly extreme approach to fixing a quagga issue, but I'll support the move to bird at least :) 00:30 < varesa> what about FRR? :) 00:34 < tds> oh oops, I think he was already on frr actually, I just kept saying quagga 00:35 < Apachez> 18.08 ? 00:35 < varesa> tbh I've only tried FRR once but couldn't get it to work. I'm pretty sure that was an user error of course 00:36 < varesa> went back to quagga from centos repositories which worked out of the box for me 00:36 < jvwjgames> 18.04 is what i meant sorry 00:37 < tds> 18.08 is the special future version you need to get packages for bird2 ;) 00:40 < Apachez> 18.10 perhas 00:41 < Apachez> p 00:42 < varesa> spaces: do you happen to be online? 00:46 < vavkamil> hey I have a git question 00:47 < vavkamil> how can I deploy local git repo to remote server 00:51 < mgolisch> maybe search for a git channel then.. 00:54 < lupine> don't. git isn't a deployment tool 00:54 < lupine> unless you're a particular kind of devops insane 01:16 < brawze1> I'm having issues with an Ubuntu server image I was handed from Google Cloud. Is it possible to wipe all the certificates and start over with the default certificates Ubuntu has? 01:19 < Apachez> sure 01:20 < brawze1> Apachez, how would I go about doing that? 01:21 < Apachez> its in /etc/ca-certificates and /etc/ssl 01:21 < Apachez> and then you just reinstall the correct package 01:22 < Apachez> apt-get install ca-certificates 01:22 < Apachez> apt-get install ca-certificates-java 01:22 < Apachez> apt-get install ca-certificates-mono 01:22 < Apachez> perhaps run a purge first 01:22 < Apachez> apt-cache remove certificates --purge 01:22 < Apachez> apt-cache remove certificates-java --purge 01:22 < Apachez> apt-cache remove certificates-mono --purge 01:22 < Apachez> and then look in the /etc/ca-certficates and /etc/ssl directories 01:30 < brawze1> Apachez, if I purge/delete these, wouldn't apt-get have issues trusting the package server? 01:54 < mgolisch> not sure but i dont think it uses https for accessing the package repos atleast not by default 02:15 < xtrWrithe> hi, i have a rare issue on iproute2 monitoring an 80211 monitor , it says unknown message (81) and NETCONF LINK goes down, what is this related to? 02:17 < friend_of_candy> hi 02:25 < Apachez> brawze1: why would it? 02:25 < Apachez> it uses http if I recall it correctly and then verify with pgp signatures 02:26 < knight33> I'm at a point in my career where not knowing networking is killing me. I'm Ops too. Even basic troubleshooting alludes me, like seeing if packets are being dropped, and recently, a route table with an incorrect IP. Where can I learn these things? LinuxAcademy and YouTube aren't really helping me, everything is so conceptual. I need real world knowledge. 02:28 < friend_of_candy> you could look into wireshark first, it shows all packages going through the network 02:29 < friend_of_candy> it is a good tool for troubleshooting 02:30 < xtrWrithe> knight33: i could help you, just send a PM 02:42 < jvwjgames> I am having no luck 02:42 < jvwjgames> can someone please help me or try to help me via teamviewer 02:43 < xtrWrithe> jvwjgames: tell me about sir 02:43 < jvwjgames> it is on bgp 02:44 < tds> jvwjgames: what state is it in, is bird starting, is the bgp session coming up? 02:44 < xtrWrithe> what is the OS? 02:44 < jvwjgames> i found out i was using a v4 address to announce a v6 space so that was my bad to start with 02:44 < jvwjgames> pfsense but i am using frr 02:44 < tds> hmm, I guess that should still work with multiprotocol bgp, depends on their routers supporting it though 02:44 < tds> oh wait, are you back on pfsense now? 02:44 < xtrWrithe> bpgd right? 02:44 < jvwjgames> ya 02:45 < jvwjgames> i found it to be harder to use quagga direclty 02:48 < tds> jvwjgames: so is the session coming up, are you advertising your subnet now? 02:49 < jvwjgames> no not yet :( 02:49 < jvwjgames> and vultr still hasen't responded 02:50 < tds> oh, did you think the issue was on their end? 02:50 < jvwjgames> i thought but i think it is on my end 02:51 < jvwjgames> tds do you have teamveiwer 02:51 < tds> no, sorry 02:51 < tds> iirc that has some pile of wine insanity to run on linux 02:53 < tds> jvwjgames: can you upload your frr config to paste.debian.net or somewhere similar? 02:53 < jvwjgames> ya 02:53 < tds> output of "show bgp neighbors " would be useful as well 02:55 < jvwjgames> https://paste.ee/p/AgXHb 02:58 < jvwjgames> https://paste.ee/p/Z461N 02:58 < jvwjgames> let me know if that helps 03:01 < tds> are you able to open a tcp connection to that ip on port 179? 03:01 < tds> ie try telnet 2001:19f0:ffff::1 179 03:05 < tds> oh actually, "OPEN Message Error/Unsupported Capability" sounds interesting, might be worth restarting the session and doing a packet capture to see the actual open message? 03:05 < tds> could also just decode the hex that quagga's given if you can be bothered 03:05 < jvwjgames> can't telnet connect failed 03:08 < jvwjgames> hex also can't be decoded it's encrypted 03:08 < tds> oh yeah, if it's using tcp with md5 signatures then I guess that'll fail 03:09 < tds> if you're using tcpdump you'll need to provide it with the password as well to validate the signatures 03:10 < meingtsla> due to NOTIFICATION sent leads me to believe that your side is sending the notification in response to something the other side is sending 03:12 < tds> http://bgpaste.convergence.cx/ can decode that open message for you 03:13 < jvwjgames> still failing to decode 03:14 < tds> decodes for me, you need to include the "message received..." line, then all the hex 03:16 < jvwjgames> ok dewcoded 03:16 < jvwjgames> but don't understand what the problem is 03:19 < tds> I'm not familiar with quagga, but it seems odd that it includes "For address family: IPv4 Unicast" there 03:20 < tds> if your router is only advertising support for ipv4 and their open message only advertises support for ipv6, then "Unsupported Capability" sounds about right 03:20 < jvwjgames> if you want i can give you acce3ss to my bgp router to look at config directly 03:21 < jvwjgames> i am trying to advertise v6 not v4 03:23 < Apachez> how rude 03:24 < Apachez> how do you think those with v4 feels then? 03:24 < meingtsla> ha 03:33 < jvwjgames> the md5 password does that have to be an md5 format 03:33 < meingtsla> No 03:33 < jvwjgames> ok cuase the line with the password is failing 03:34 < meingtsla> Speaking to what tds was saying, you need to "activate" the v6 neighbor under address-family ipv6 unicast, and "no ___ activate" the v4 neighbor under address-family ipv4 unicast. I am not certain that is what's causing the session to tear down, but you will need to do this anyway for your use case. 03:34 < meingtsla> What do you mean the line with the password is failing. 03:36 < jvwjgames> var/etc/openbgpd/bgpd.conf:9: syntax error 03:37 < jvwjgames> tcp md5sig password BuXXXXXXXXXXXXXXXee-XXXXXXXXXXXXXXXXXXXX! 03:38 < jvwjgames> the pass does have the - and the ! 03:38 < jvwjgames> could that be why 03:38 < meingtsla> Line 9 being "router bgp 64798"? 03:39 < jvwjgames> could that be whyno 03:40 < jvwjgames> no line 9 is tcp md5sig password BuXXXXXXXXXXXXXXXee-XXXXXXXXXXXXXXXXXXXX! 03:41 < tds> is that the same file you uploaded earlier? (https://paste.ee/p/AgXHb) 03:41 < meingtsla> I was going off https://paste.ee/p/AgXHb, so if the file is changes you might want to show it. 03:41 < tds> I thought openbgpd had a completely different config syntax to quagga/frr, but I may be getting mixed up 03:42 < jvwjgames> no i switched to using OpenBGPD 03:42 < Apachez> ClosedBGPD then? 03:42 < jvwjgames> yes i will upload file now 03:43 < tds> seems like we're playing a game of how many bgp daemons can be tested in one evening :) 03:43 < jvwjgames> https://paste.ee/p/GqQYy 03:43 < jvwjgames> sorry i will stay with this one it seems light and simple to navigate 03:43 < jvwjgames> the other one had too many options 03:46 < meingtsla> Maybe put the password in quotation marks "" 03:49 < Apachez> "secretpassword" 03:49 < Apachez> "secretpa"ssword" 03:53 < tds> I can see your /48 now, so something obviously worked :) 03:53 < jvwjgames> ya i fixed it 03:53 < strixdio> hmm, so, if I wanted a high performance bridge for my pfsense as a 2ndary WAN, what do you all recommend? 03:53 < strixdio> high performance as in, long range. 03:54 < jvwjgames> i found out that i had to put the pass and a few other things under neighbor perams 03:54 < jvwjgames> not above it 03:57 < jvwjgames> thanks tds and everyone for dealing with me and my struggles lol thanks so very much 03:58 < jvwjgames> one last questrion if i made another bgp router and advertised another prefix am i considered multi-homed cause i am trying to get an ASN from ARIN 04:02 < Pimpernel_> testing 04:11 < mwd> how big would the entire dns database be? 04:12 < light> 7 04:13 < scientes> mwd, https://github.com/yarrick/iodine 04:13 < scientes> mwd, https://code.kryo.se/iodine/ 04:14 < mwd> that's a cool project 04:15 < mwd> just 7? 04:15 < mwd> it's got to be bigger than that. 04:16 < scientes> mwd, if you were paying attention its impossible 04:16 < scientes> you couldn't tunnel through it unless it was infinite in size 04:18 < mwd> hmmmm 04:25 < Aviyah> Anyone in here at the moment? 04:25 < tds> jvwjgames: no, for multihoming you'd be announcing the same prefix to multiple different upstreams/peers 05:14 <+pppingme> Aviyah nope, totally empty, the 1245 users listed are all fake.. 05:22 < Aviyah> Lol 05:23 < mwd> no fake, we're the best users, you're fake 05:23 < Aviyah> Hey, pppingme, are you a network engineer? 05:23 < Aviyah> Or are you, mwd? 05:23 < Aviyah> I purchased some very inexpensive repeaters and unfortunatey they have a WPS that cannot be disabled. It is pretty dumb. 05:24 < mwd> i am not, just a network amateur 05:24 < Aviyah> I was wondering what might be my options with corrupting the WPS in these repeaters via editing the firmware. 05:25 < Aviyah> Why on earth would any reputable manufacturer disallow their customers to take down a stupid vulnerability like WPS? 05:25 < mwd> you're supposed to buy new one 05:25 < mwd> hm too slow 05:25 <+pppingme> where'd he go 05:26 < mwd> to a farm, upstate 05:47 < jvwjgames> i can announce the same 2602:FE5D:1::/48 and it won't cause routing issues 05:49 < jvwjgames> tds or routing conflicts 05:51 <+pppingme> jvwjgames do you own that? 05:51 < jvwjgames> yes 05:52 <+pppingme> then why would you think it'd cause issues? 05:53 < jvwjgames> i just thought that advertising the same2602:FE5D:1:: prefix would tell routers it over here no wait it's over here i was just making sure 05:54 <+pppingme> so you're advertising it from two connections? or two locations? or what? 05:56 < jvwjgames> two locations 05:56 < jvwjgames> vultr and another host or another vultr location 06:38 < ricemuffinball> [21:36] my voip box needs to use html to make changes such as : http://192.168.1.110/admin/resync?http://websitename.com/test.xml 06:38 < ricemuffinball> [21:37] but instead of http://websitename.com/test.xml can i do local harddrive 07:04 < spaces> I worked in the garden, or actually my forest, yesterday... don't ;) 08:05 < The_Ku_Klux_Klan> i need a vpn tunnel the nsa cant crack 08:05 < The_Ku_Klux_Klan> for site-to-site 08:05 < The_Ku_Klux_Klan> is a really long PSK good or do i need certs? 08:09 < melissa666> The_Ku_Klux_Klan, you should use telnet 08:09 < melissa666> and then kill yourself 08:16 < The_Ku_Klux_Klan> melissa666: why? 08:17 < The_Ku_Klux_Klan> is my nickname offensive? 08:17 < melissa666> The_Ku_Klux_Klan, I'm sure you think of reasons every day. Just trust yourself. 08:17 < melissa666> You can do it, and it will be better afterwards. 08:18 < The_Ku_Klux_Klan> melissa666: You are a low effort troll. Welcome to my ignore list. 08:19 * melissa666 slow claps 08:21 < VincentHoshino> are you the same person that just used aN offensive nick on AFternet? 08:54 * spaces is back to savas this channel by adding some sexyness again ;) 09:01 < hiya> What is wrong with Google's state of Geo-location? 09:01 < m0dshalp> lads, i bought a gaming pc a few months ago. it has one hdmi port, and the other hdmi port isn't working (it's covered in tape, it was like this when i got it). should i take it back and ask for it to be repaired or is this something to do with the motherboard i bought with it? 09:02 < hiya> It shows as Germany for Swedish IP 09:02 < m0dshalp> i can't hook up 3 gaming monitors because of this 09:02 < hiya> and Sweden of its IPv6 counterpart 09:02 < hiya> its messed up 09:03 < senaps> anybody able to help me with this https://serverfault.com/questions/916381/centos-7-persistent-static-route ? i need to write settings to file. 09:03 < senaps> it's driving me crazy. i have done all the configurations exactly like the docs, and it doesn't work. 09:08 * azonenberg looks up from MAC address table debugging 09:16 < spaces> hiya it sucks big time 09:16 < hiya> spaces, ok man 09:16 < spaces> hiya I just switched to my own OSRM server 09:16 < spaces> they have a difference in the API and GeoCoder in data as well 09:20 < hiya> spaces, Yes man 09:20 < hiya> iplocation.net makes it clear we can have multiple geo-location per IP 09:20 < hiya> depending on what database we use 09:22 * azonenberg is still geolocated in new jersey or DC sometimes 09:22 < azonenberg> And i live on the west coast 09:22 < azonenberg> So, geoip databases are far from perfect :p 09:23 < spaces> hiya determing geo on IP is failsy 09:28 < spaces> azonenberg the paid ones are pretty ok 09:28 < spaces> but you go wrong when you are using a VPN for an example 09:28 < azonenberg> well duh 09:28 < azonenberg> this is more like, i pull up google maps 09:29 < azonenberg> and it puts me on the wrong end of the continent 09:42 < spaces> do you really think an IP lives somewhere ? 09:44 < skyroveRR> Inside a home. 09:44 < skyroveRR> Or office. 09:45 < spaces> skyroveRR maybe it hides somewhere ;) 09:45 < spaces> in the basement or so ? 09:49 < senaps> anybody able to help me with this https://serverfault.com/questions/916381/centos-7-persistent-static-route ? i need to write settings to file.it's driving me crazy. i have done all the configurations exactly like the docs, and it doesn't work. 09:57 < Li> is it possible to take internet connect from wifi to rPi-wireless card to rPi-ethernet to adsl-modem|switch|accesspoint-ethernet and put it again on another wifi ssid? 09:57 < kidn3ys> Li: anything is possible, a better question would be: why would you do that to yourself? 09:57 < azonenberg> li: sounds like it's doable with some bridging fun, but yes 09:57 < azonenberg> why would you want to do that? 10:01 < kidn3ys> good morning everyone 10:04 < spaces> kidn3ys we have to wait and see if it was good this afternoon! 10:05 < kidn3ys> I've done exactly zero work the last 3 days and I don't think that will change in the next hour so -- I'm willing to call it at this point. 10:07 < spaces> hehe I have had suchs days as well but friday I was damn productive again and yesterday afternoon I have worked in the garden/forest with the brushcutter 10:10 < tya99> hmm i implemented my VLANs though I am seeing some errors on boot 10:10 < tya99> RTNETLINK answers: File exists 10:10 < tya99> run-parts: /etc/network/if-pre-up.d/vlan: exit status 2 10:11 < tya99> my interfaces file looks like this https://dpaste.de/Y7CS (standard busybox 10:11 < tya99> the interfaces do seem to be coming up though https://dpaste.de/hOH7 10:11 < tya99> i looked at my distributor's wiki page for it and they show an example https://wiki.alpinelinux.org/wiki/Vlan 10:13 < tya99> and yes i see the 8021q module in /proc/modules 10:13 < senaps> anyone aware if centos doesn't read `etc/sysconfig/network-script/route-X` ??i can't get it right no matter how i try. 10:19 < tya99> my switch is configured like this https://i.imgur.com/BR9Bp0l.png 10:23 < kidn3ys> tya99: you're tagging vlan 1 on your switch but not on your alpine box 10:24 < tya99> mm yeah i should make that E 10:24 < kidn3ys> err, should be U 10:24 < tya99> because i can't see any reason untagged packets should come in the router 10:24 < kidn3ys> well you have an address on eth0 with no tags 10:24 < tya99> at this point i doubt that is responsible for that error 10:25 < tya99> should i remove that interface? 10:25 < kidn3ys> if you aren't usin git. 10:25 < kidn3ys> using it* 10:25 < tya99> won't I need it to have vlans on it? 10:25 < tya99> hmm might do that then 10:25 < kidn3ys> doesn't need an address on it 10:25 < tya99> i did notice something 10:26 < tya99> removing vlan-raw-device eth0 10:26 < tya99> silenced that error 10:26 < tya99> RTNETLINK answers: File exists 10:26 < kidn3ys> tya99: you installed the vlan package? ('apk add vlan') 10:26 < tya99> but i do still see run-parts: /etc/network/if-pre-up.d/vlan: exit status 2 10:26 < tya99> for each interface 10:26 < tya99> kidn3ys: yeah i do have the vlan package 10:26 < tya99> and i have 8021q module loaded 10:26 < tya99> i checked in /proc/modules to be sure 10:28 < tya99> i commented out the address, netmask and broadcast for eth0 as i'm not using them 10:28 < tya99> just leaving 10:28 < tya99> auto eth0 10:28 < tya99> iface eth0 inet static 10:28 < tya99> that interface is only between the router and switch 10:29 < tya99> hmm 10:29 < tya99> ifup: don't have all variables for eth0/inet 10:29 < tya99> then the three: 10:29 < tya99> run-parts: /etc/network/if-pre-up.d/vlan: exit status 2 10:30 < tya99> it was on here I read: http://www.microhowto.info/howto/configure_an_ethernet_interface_as_a_vlan_trunk_on_debian.html 10:30 < tya99> the thing about vlan-raw-device 10:30 < tya99> Disadvantages of this approach are that there is more to go wrong, and it does not allow for multiple interfaces with the same VLAN number. 10:30 < tya99> wait that shouldn't be an issue 10:31 < tya99> i have multiple VLANs (Different numbers) on the same interface 10:31 < tya99> not the same thing as what they were talking about 10:31 < kidn3ys> i would try removing the 'iface eth0 inet static' as well 10:31 < tya99> mm i thought i needed that i shall try it though :D 10:35 < tya99> okay so that seems to have worked 10:35 < tya99> although i am still seeing that run-parts error 10:35 < tya99> run-parts: /etc/network/if-pre-up.d/vlan: exit status 1 10:35 < kidn3ys> that's a different status than before 10:35 < tya99> i noticed the status now changed to a "1" from a "2" 10:35 < tya99> yep 10:38 < kidn3ys> tya99: if you cat that 'vlan' file -- is there something in it? 10:38 < tya99> that's how my interfaces came up https://dpaste.de/xbg9 10:39 < tya99> it looks like a shell script 10:39 < kidn3ys> pastebin it? 10:40 < tya99> https://dpaste.de/Tpqh 10:42 < kidn3ys> you sure there isn't anything after that run-parts line? 10:43 < tya99> nope 10:46 < spaces> kidneys I'm so damn sexy! 10:46 < spaces> is happens when you have two instead of one :P 10:47 < kidn3ys> tya99: hrm -- i don't see anything else wrong 10:48 < tya99> in fact i took a photo of it https://imgur.com/f8b601f3-59a4-41a8-b896-d0dddcb0fcab 10:49 < tya99> openrc does indicate its an error with the ugly [ !! ] 10:49 < tya99> next to it 10:49 < tya99> maybe i can do something to that vlan script to get more information 10:52 < tya99> oops something happend to that link 10:53 < tya99> https://i.imgur.com/HnTy76b.jpg 10:56 < Li> kidn3ys: since anything is doable then why should be a reason to do it? "to myself"!!! 10:57 < kidn3ys> Li: you CAN jump off a bridge right? 10:57 < kidn3ys> Li: does that mean you should? 10:58 < tya99> ill try putting one vlan in there 10:58 < tya99> and see if it does it 10:59 < Li> I've tried some linux distro(s) GUI to share internet connection from wireless to ethernet interfaces some do like ubuntu mate while other don't like debian? my question how to use one of those terminal commands route/share wifi to ethernet 10:59 < tya99> you'd just have to use ip add route 11:00 < kidn3ys> tya99: yea -- kinda down to commenting out lines to see if you can get it to go away at this point 11:00 < Li> kidn3ys: many people do that on daily bases, so why do you assume I'm not one of those? 11:00 < tya99> you could also do it with iptables ie forward 11:00 < tya99> from one interface to the other, that would be more likely on a router 11:00 < kidn3ys> Li: good luck with your bridging 11:01 < tya99> kidn3ys: yes when i did it for one interface i still saw the error 11:01 < tya99> just once instead of 3 times :) 11:11 < spaces> I advise everyone to work from bed! 11:13 < spaces> li ? 11:13 < tya99> spaces: i should take my router to bed 11:13 < spaces> tya99 it can keep you warm 11:13 < tya99> which is connected to my switch and modem 11:14 < spaces> catphish what has Li done ? 11:14 < tya99> sadly my main WAN link is down until i fix this 11:14 < spaces> tya99 but you have internets 11:14 < tya99> yeah that's through my phone 11:14 < tya99> not really ideal 11:14 < spaces> which is really 2018! 11:15 <+catphish> kidn3ys: nb. you can't do that with bridging, has to be routed 11:16 < spaces> yap needs to be routed 11:17 < tya99> i was right about something! 11:17 < kidn3ys> catphish: my original question still stands -- why would you do that? 11:17 <+catphish> kidn3ys: why would you want to share a wifi connection to ethernet? plenty of reasons 11:18 <+catphish> kidn3ys: most obvious: you have a device that has no wifi, and want to use it somewhere that only has wifi connectivity 11:18 < kidn3ys> sorry, im talking about the string of devices he's listed out. 11:18 < tya99> where is my ★ 11:18 <+catphish> i don't think i saw that 11:19 < kidn3ys> catphish: "from wifi to rPi-wireless card to rPi-ethernet to adsl-modem|switch|accesspoint-ethernet and put it again on another wifi ssid? 11:20 <+catphish> kidn3ys: well that's a little mad 11:20 < kidn3ys> I rest my case. 11:22 <+catphish> well Li isn't welcome here anyway 11:22 <+catphish> so i wouldn't worry 11:23 < kidn3ys> catphish: heh, why is that? 11:23 <+catphish> very poor conduct in the past 11:23 < kidn3ys> ah 11:47 < tya99> kidn3ys: i wonder 11:47 < tya99> if the problem was 11:47 < tya99> looking at https://wiki.alpinelinux.org/wiki/Vlan 11:47 < tya99> i didn't add that second bit 11:47 < tya99> ie 11:47 < tya99> auto vlan8 11:47 < tya99> iface vlan8 inet static 11:47 < tya99> just the iface eth0.8 part 11:48 < kidn3ys> tya99: the pastebin you sent me shows the 'auto vlanX' bit 11:51 < pikaro> what's the actual practical relevance of spf / dkim / dmarc, to ask provocatively? everywhere you look, configuration guides say to enable reporting, but never use any of them for rejection. you can even send to gmail with bad dkim, and everybody just seems to ignore spf entirely. do any of you actually enforce these policies? 11:52 < pikaro> (if mail is OT here, please direct me to another channel) 11:54 < detha> pikaro: not many places reject outright, but they do a 'move to spam folder' or whatever their equivalent is 11:55 < kidn3ys> pikaro: I used to. I got tired of telling other organizations how to fix their setups though. It's just had poor adoption. 11:56 < JPT> SPF is hard to enforce since people may forward email to other addresses. DKIM tells you if that mail got sent from an "authorized" server, but not all organizations have dkim set up for all of their mailservers. 11:57 < JPT> DMARC builds on SPF+DKIM and its reporting feature may help you understand how emails sent from your servers/domain actually look like. 11:57 < kidn3ys> ^^ especially if they outsource marketing campaigns and the like 11:58 < JPT> Unfortunately, email itself is very flexible. That's why even if an email matches the senders SPF and DKIM policy, it may just be spam. And if an email does not match SPF or DKIM policy of the sender domain, that does not indicate that it is spam. 12:01 < JPT> Personally, i would like to see a new system that takes over the current email system while still being peer to peer and also solving most of our existing problems with sender address spoofing and spam. 12:01 < pikaro> isn't srs supposed to address forwarding? and you can just add your marketer to the spf rr like people do for salesforce et al. that's like five minutes of work 12:01 < JPT> SRS solves forwarding issues regarding SPF, but unless you set it up on your server and everyone else does that, too, it will not help everyone. 12:02 < JPT> Also, in case people forward email, SRS will make YOU look like YOU are the sender of that spam mail that got forwarded. 12:02 < JPT> So ... it's not perfect. 12:02 < tya99> kidn3ys: i think i discovered also what is causing it the iface inet6 static section for each vlan's IPv6 address 12:03 < JPT> So far, i have only seen a hand full of domains that make use of -all in their SPF policy. Apart from a few banks, one was a paypal domain. 12:03 < pikaro> I get that it's not that easy with a bare-bones server - I'm currently trying to get the whole shebang working with sendmail. but with professional products, all of these are easy - at least with the ones I worked with, which is to say nor exchange. maybe that's part of the reason. 12:05 < JPT> pikaro: You're trying to set up a mailserver using that giant sendmail daemon? If you like sendmail, that's fine. But if you don't, maybe consider taking a look at postfix 12:05 < pikaro> jpt, postfix is next, this is for learning 12:05 < JPT> Alright. :) 12:19 < tya99> kidn3ys: https://dpaste.de/ctCm 12:19 < tya99> the problem i seem to be having is: # Seems to cause error :( 12:20 < tya99> or if i have that auto vlan2 section uncommented 12:20 < tya99> the interface seems to have come up without the auto vlan2 bit 12:21 < tya99> ie https://dpaste.de/32s4 12:27 < tya99> mm maybe i should not have it like i do 12:27 < tya99> ie auto eth0.X 12:28 < tya99> looking at this one https://wiki.debian.org/NetworkConfiguration#Caveats_when_using_bridging_and_vlan they don't have it there 12:34 < tya99> ill try this https://unix.stackexchange.com/questions/128439/good-detailed-explanation-of-etc-network-interfaces-syntax 13:27 < tya99> hmm 14:24 < kixem> how can i see a host's name from an IP? (from linux) 14:24 < light> nslookup 14:24 < TandyUK> dig -x 14:24 < TandyUK> assuming working dns anyway 14:25 < kixem> i mean in a LAN. which doesnt have dns.. 14:25 < light> your DHCP server may be adding the names to a DNS service on your router 14:26 < TandyUK> ssh in and type 'hostname' is theother way lol 14:27 < TandyUK> tbf, you dont even need to log in, it'll probably say the hostname on the ssh banner 14:28 < kixem> when i use the android app fing it will show the hostnames... i dont know how .. 14:28 < light> DNS. 14:29 < kixem> but when i try in linux with nslookup --> no results 14:30 < tya99> it maybe your distribution does not have that installed 14:30 < tya99> does dig work? 14:30 < kixem> neather dig 14:30 < tya99> what distribution are you using? 14:31 < kixem> ubuntu mate. i have nslookup and dig installed 14:31 < Fieldy> wut 14:31 < tya99> i thought you said you didn't have those 14:32 < kixem> i have them . but they dont show the hostnames in the LAN 14:32 < kixem> i think dns doesnt exist in the LAN 14:32 < tya99> nslookup and dig are in the dnsutils package https://packages.ubuntu.com/bionic/amd64/dnsutils/filelist 14:32 < tya99> maybe you have no dns servers 14:32 < tya99> to do any lookups 14:33 < kixem> probably. but how does fing show the hostnames? 14:33 < tya99> show us the output of "systemd-resolve --status" 14:34 < tya99> those tools need to be able to contact DNS servers to give you the hostnames 14:34 < kixem> systemd-resolve: unrecognized option '--status' 14:34 < detha> ehm, mdns / samba stuffs maybe? 14:34 < kixem> i'm talking about hostnames in a private LAN 14:35 < tya99> oh well that won't be on DNS then 14:35 < light> not on public DNS, but most home routers will store that information 14:35 < tya99> yes 14:36 < light> query specifically against your router 14:36 < kixem> how? 14:36 < light> nslookup host router 14:36 < tya99> nslookup and dig won't find those they will do searches in whatever DNS server dhcp has given you 14:37 < tya99> and your router probably gave you your ISPs dns server 14:37 < tya99> not all routers support mDNS 14:37 < tya99> https://en.wikipedia.org/wiki/Multicast_DNS 14:39 < kixem> light, i tried it and : ;; connection timed out; no servers could be reached 14:39 < tya99> https://askubuntu.com/questions/161377/how-can-i-discover-the-hostnames-for-all-the-machines-on-my-lan 14:39 < tya99> seems like a way of doing it 14:39 < light> pastebin the output and the output of ip a 14:40 < tds> did the hostname that app gave you include .local? 14:43 < kixem> nbtscan works with netbios instead of dns but this gave me no results too. 14:44 < light> this sounds like a layer 8 problem 14:44 < kixem> no .local 14:44 < tds> do you have access to any of the machines which the app was able to see the hostname of? 14:44 < tds> if so, might just be worth trying running a packet capture on those to see how it discovered them 14:45 < light> my money is via DNS 14:45 < kixem> or find the the open ports they listen.. 14:49 < tds> lol, just tried that app, it seems to think I'm not connected to a wifi network at all 14:51 < tds> yeah, it looks like it just does rdns lookups, but I think it'll do netbios as well 14:53 < tds> kixem: if you tap on one of the devices in question, is the hostname you were thinking of listed as "hostname" or "netbios name"? 14:53 < kixem> tap? 14:54 < tds> on the app 14:59 < kixem> tds: hostname 14:59 < tds> i'm pretty sure it gets that via a rdns lookup in that case 14:59 < kixem> so, how do i rdns in linux? 14:59 < light> nslookup 14:59 < tds> dig, nslookup, host, whatever 15:00 < kixem> i tried nslookup.. 15:00 < light> 20 minutes ago I told you to pastebin 15:03 < TandyUK> kixem: what are you atually trying to achieve, atm this feels very much X-Y problem to me 15:03 < TandyUK> like _why_ are you trying to find the hostname of a random system on your lan 15:03 < TandyUK> you know its ip, so what relevance does the name even have? 15:06 < CoolerY> hey i am trying to do some basic get requests manually 15:06 < CoolerY> but for some reason the server isn't responding 15:07 < CoolerY> this is my request 15:07 < CoolerY> const httpReq = 'GET / HTTP/1.1\r\nHost: www.example.com\r\nConnection: keep-alive\r\n\r\n'; 15:07 < kixem> https://pastebin.com/LMJjNy6U 15:07 < scientes> don't use \r 15:07 < CoolerY> i am doing this in nodejs, for some reason the server doesn't send anything back and there is no error either 15:07 < tds> kixem: what's the content of /etc/resolv.conf? 15:07 < tds> since you're connected to two networks, it seems likely you're using the dns resolver for the wrong one 15:07 < light> 127.0.1.1 as your DNS? 15:07 < tds> oh oops, missed that :) 15:07 < CoolerY> i am using net.connect(80, 'www.example.com'); 15:08 < tds> sounds like dnsmasq? 15:08 < CoolerY> scientes, why not 15:08 < scientes> also you don't need to put in the keep-alive part CoolerY 15:08 < shtrb> CoolerY, \n maybe be converted to \r\n if not sent in a binary way 15:08 < kixem> nameserver 127.0.1.1 search local 15:08 < CoolerY> i am sending by socket.write(Buffer.from(httpReq, 'ascii')); 15:09 < light> kixem: ip r 15:09 < CoolerY> i put in keep-alive because i thought maybe it was because i didn't send FIN 15:09 < CoolerY> that the server wasn't responding 15:09 < shtrb> you should get a redirect 15:09 < CoolerY> i have handlers on data and error and end and close events of the socket 15:10 < scientes> CoolerY, pm me your host 15:10 < CoolerY> none of them get called 15:10 < CoolerY> scientes, my host? 15:10 < kixem> https://pastebin.com/qgkquSKB 15:10 < light> CoolerY: have you tested your code with netcat? 15:10 < CoolerY> oh i should mention i am doing this in repl.it 15:10 < scientes> CoolerY, what light said 15:11 < CoolerY> light, no i can't access netcat on repl.it 15:11 < light> CoolerY: test locally 15:11 < tds> kixem: as a guess, what happens if you run "host 192.168.42.1 192.168.42.1"? 15:11 < CoolerY> light, locally it works perfectly 15:12 < kixem> tds: ;; connection timed out; no servers could be reached 15:12 < compdoc> . 15:13 < tds> kixem: do you know the ip of the dns resolver on the 192.168.42.0/24 network? 15:14 < kixem> no. how can i find it? 15:14 < tds> assuming you're using network-manager, that will probably know it if you're getting an address via dhcp 15:15 < tds> what's the output of "nmcli connection show"? 15:15 < CoolerY> hmm 15:15 < CoolerY> somehow i got it to work 15:15 < tds> and then the output of nmcli connection show "" | grep -i dns 15:15 < CoolerY> https://repl.it/repls/PriceyDarkorangeLoopfusion 15:15 < kixem> primary dns 8.8.8.8 15:16 < tds> where did you find that? 15:16 < TandyUK> kixem: this is why it doesnt work, google doesnt know your local hosts, yu need a dns server locally, possibly in your 'router', which in turn then asks something like google or you isp 15:16 < tds> you should see a like like IP4.DNS[1] 192.168.42... or IP6.DNS[1] ... 15:17 < TandyUK> i didnt see you answer my question about _why_ you are trying to find the hostname for a local ip 15:17 < light> look at the DNS your phone is assigned 15:17 < kixem> right click ---> connection information 15:18 < tds> hurricane electric's app will list your dns resolver under interface information 15:30 < kixem> tried hurricane electric's app. doesnt show dns... 15:31 < kixem> ok .th thig is since i tried nslookup with server parameter and it sais ";; connection timed out; no servers could be reached" then there is no dns-server running on the router. 15:32 < kixem> so fing finds the hostnames with some other way.. 15:33 < kixem> i give up 15:58 < jvwjgames> i found out that the password is causing an issue on openbgp on pfsense cause when i changed the password the error went away and openbgp started up 15:59 < jvwjgames> so i am trying to get vultr to change the password but they haven't responded to my ticket for almost 8 hours 15:59 < jvwjgames> openbgp was working fine i rebooted and now it won't come back up 16:03 < tya99> hopefully some hero can solve my woes https://lists.alpinelinux.org/alpine-user/0366.html 16:03 < jvwjgames> nevermind i fixed it i put "" in and it fixed it 16:09 < tds> tya99: is there any reason why you have duplicate interfaces eg eth0.2 and vlan2 with vlan-raw-device? 16:09 < tds> normally you'd just use one of those two methods, not both 16:09 < tya99> i had wondered about that 16:09 < tya99> a couple of guides on the internet did both including this wiki article 16:10 < tya99> oh shit i misread that 16:10 < tya99> https://wiki.alpinelinux.org/wiki/Vlan derp 16:10 < tya99> didn't see the word alternative 16:10 < tya99> i wonder which is better? 16:10 < tds> oops, at least that's an easy fix :) 16:10 < tds> I prefer the eth0.2 syntax, it's easier to tell which physical interface it is 16:10 < tya99> in any case i was still seeing the same error with the ipv6 addressing 16:11 < tya99> yeah 16:11 < tya99> i had commented that out 16:12 < tya99> and i was still seeing: run-parts: /etc/network/if-pre-up.d/vlan: exit status 2 16:13 < tds> can you upload the full config with only one type of vlan interface now? 16:13 < tds> oh, I can see that Dagger is helping in #ipv6 now, cool :) 16:13 < tya99> yeah i will try that 16:13 < tya99> also someone said you can use CIDR notation 16:13 < tya99> i hate netmask 255.255.255.0 16:14 < tya99> die die die 16:14 < tya99> :P 16:46 < AlexPortable> my situation is switch1, port 1 goes to router, port 2 goes to switch2. on switch2: port 1 goes to switch1, port 2 is private network (vlan 3), port 5 is guest network (vlan 6). what should be tagged, untagged and member ? 16:50 < kidn3ys> AlexPortable: do you have subinterfaces on the router? 16:50 < AlexPortable> what are subinterfaces? 16:51 < AlexPortable> router has no vlan support 16:51 < kidn3ys> k, so you mentioned you have a 'private network' and a 'guest network' but only one port in each... 16:52 < kidn3ys> what are the devices that go into those ports? 16:52 < AlexPortable> well there are more ports on the router 16:52 < AlexPortable> but at least these ports 16:52 < AlexPortable> erm on the switches 16:53 < jvwjgames> is there a way to make a cool 3d network map like HE has 16:53 < kidn3ys> so port 5 and port 2 on switch 2 go to the router? 16:54 < AlexPortable> switch2 is connected to switch1, not to the router 16:54 < AlexPortable> wait ill draw it 16:55 < kidn3ys> AlexPortable: no, i follow it.. is one of your switches a L3 switch? 16:56 < AlexPortable> not entirely sure 16:56 < kidn3ys> ok then 16:57 < kidn3ys> so switch 1 port 1 should be tagged for whatever VLAN the clients that use the router as the gateway are in (call it VLAN X). port 2 should be tagged for X,3 and 6. 16:58 < kidn3ys> on switch 2, port 1 should be tagged for X,3 and 6. port 2 should be untagged for 3, port 5 should be untagged for 6. 16:59 < AlexPortable> https://imgur.com/a/xP2P3vL 16:59 < AlexPortable> what do you mean "port 2 should be untagged for 3" ? 17:00 < Apachez> he is drunk 17:00 < kidn3ys> i fucking hope so. 17:00 < Apachez> switch2: 17:00 < Apachez> int1: tagged: X, 3, 6, untagged: none 17:00 < Apachez> int2: tagged: none, untagged: 3 17:00 < Apachez> int5: tagged: none, untagged: 6 17:03 < dogbert2> hey Apachez 17:07 < AlexPortable> so i basically only have to tag a port when there's another switch connected to it that understands vlans ? 17:09 < tds> doesn't have to be a switch, could be a computer, router, whatever, just needs to understand vlan tags 17:11 < AlexPortable> then what are untagged ports for? 17:11 < tds> devices that don't understand/expect tagged frames 17:12 < tds> so that'll likely be most devices on your network 17:12 < AlexPortable> and PVID ? 17:13 < tds> that's the default tag the switch will add to any untagged ethernet frame it receives 17:14 < AlexPortable> receives for that port, or from the port? 17:15 < tds> received from the device attached to that port 17:18 < Apachez> hi ddoggybert 17:18 < Apachez> AlexPortable: didnt we lecture you about this the other night? 17:18 < Apachez> an ethernet frame is normally untagged 17:19 < Apachez> but witht he 802.1q standard it can be tagged with 4 bytes 17:19 < Apachez> which identifies which vlan this frame belongs to when you send it to another device 17:19 < Apachez> for a single interface only one vlan can be untagged 17:19 < Apachez> but you can have 0 to many tagged vlans 17:20 < Apachez> now regarding tagged/untagged or trunk/access (cisco lingo) 17:20 < Apachez> some devices wants to define to which vlan an untagged frame should be considered belonging to if such arrives 17:21 < Apachez> this is essentially the same as untagged vlan for that interface 17:21 < Apachez> but some calls this pvid 17:22 < Apachez> even if you use tagged frames there will be untagged frames for CDP, LLDP, LACP, RTP etc 17:25 < AlexPortable> but why is PVID needed, if I already setup the port to be a member of the desired vlan? 17:28 < Apachez> depends on vendor 17:28 < Apachez> allied telesis doesnt need it if you configure the interface to only accept tagged frames 17:28 < Apachez> but in cisco world you cant do that 17:28 < Apachez> it will aleways accept untagged frames too 17:28 < Apachez> so question is which vlan should incoming untagged frames be put to? 17:28 < AlexPortable> how about basic soho stuff? 17:28 < Apachez> thats what PVID defines 17:50 <+catphish> AlexPortable: you coud argue that if a port is only a member of one vlan, the pvid should be implied from that, but to keep things standard, you often have to specify it anyway 17:50 <+catphish> if it's a member of multiple vlans then of course you need to specify which vlan to apply to untagged packets that arrive on that port 17:52 <+catphish> i like to think of VLAN settings on a port as being 3 things: 1) which vlans should exit this port, and should they have a tag on them when they do 2) which vlans should be allowed to enter this port 3) which vlan should we associate packets that enter this port and have no tag yet 17:53 <+catphish> oftem (1) and (2) are grouped into the same thing thing (just called VLAN membership, with each VLAN being specified as tagged or untagged for outbound frames) and (3) is PVID 17:54 <+catphish> other times you have terms like "access port" where you specify only one VLAN, and this satisfies all 3 settings at once 18:02 < BullHorn> hello. i used to run a PPTP VPN server on my own machine but recently my ISP blocked port 1723 probably for security reasons. i dont think theres a way to natively run a L2TP VPN server on windows 18:02 < BullHorn> any advice how to make this happen? 18:05 < Mr_Midnight> BullHorn: You could use OpenVPN... https://community.openvpn.net/openvpn/wiki/Easy_Windows_Guide 18:05 < BullHorn> is this a 100% free solution btw? 18:07 < Mr_Midnight> For up to 2 connected devices 18:07 < Mr_Midnight> https://openvpn.net/index.php/access-server/pricing.html 18:07 < tya99> BullHorn: openvpn is also a lot more secure 18:07 < tya99> and yes openvpn is free open source 18:08 < BullHorn> thanks ill try it 18:08 < tds> those limits only apply to openvpn access server, the open source version doesn't have any limits like that 18:08 < BullHorn> i also just heard about SoftEther VPN, is that not recommended? 18:08 < tya99> Mr_Midnight: that is a support contact 18:08 < tds> ^ 18:08 < tds> iirc that gets you a appliance with a fancy ui and commercial support 18:08 < tya99> yeah 18:09 < tds> if you don't need that, you can just configure ovpn yourself 18:09 < tya99> nearly every vpn provider uses openvpn though 18:10 < Mr_Midnight> tya99: It says Support and Updates included but it is a license fee per connected device past the 2 free connected devices if you read the page 18:10 < tya99> yeah for their appliance 18:10 < tya99> not for the software itself 18:10 < tya99> you can run an openvpn server and client on anything you want for free 18:10 < tya99> its only if you want their fancy rackmount thing with a SLA 18:11 < tya99> which some business might do 18:11 < tds> I don't think it's only a physical appliance, I think they do VMs as well? 18:11 < tds> but yeah, for most use cases just installing the open source version yourself will be fine 18:12 < BullHorn> that guide must be outdated because the first step is already wrong ._. 18:13 < BullHorn> Navigate to the C:\Program Files\OpenVPN\easy-rsa folder -- it doesn't exist inside the OpenVPN folder rip me 18:14 < Mr_Midnight> BullHorn: check C:\Program Files (x86) 18:14 < BullHorn> i did 18:14 < Mr_Midnight> hmm.. odd 18:15 < BullHorn> ill just get easy-rsa manually and hope its the same 18:16 < tya99> there will be plenty of documentation out there for openvpn servers 18:16 < tya99> i've not set one up myself but i know it can be done 18:16 < tya99> i do however know that PPTP and L2TP should be avoided in preference to openvpn or ipsec 18:17 < tya99> But PPTP is widely regarded as obsolete. Microsoft developed and implemented it as far back as Windows 95 and Windows NT. Researchers first found flaws in the protocol’s cryptography in 1998. By 2012, several vulnerabilities had surfaced and the encryption could be broken with relative ease using widely available tools. 18:17 < tya99> https://www.comparitech.com/blog/vpn-privacy/the-pptp-vpn-protocol-is-not-secure-use-these-alternatives-instead/ 18:18 < BullHorn> yeah i need to find an up-to-date guide though, the preparatory steps are outdated 18:18 < tya99> In short, don’t use PPTP if you care at all about security when setting up a VPN. Instead, opt for a more secure protocol: OpenVPN, L2TP/IPSec, SSTP, or IKEv2. 18:18 < tya99> SSTP i think is proprietary microsoft stuff 18:25 < BullHorn> ill go ask in #openvpn maybe they have direct advice for that out-dated guide 18:25 < BullHorn> thanks for pointing me in the right direction nonetheless :) 18:29 < dogbert2> just got this for $98 at Frys - https://www.frys.com/product/9028547?nearbyStoreName=false&site=sunemail061718 18:30 < tya99> so i have this network with 3 VLANs described here https://lists.alpinelinux.org/alpine-user/0366.html 18:30 < tya99> would i need a L2 or L3 switch 18:30 < tya99> the tldr version is currently i am using iptables+iproute and: 18:30 < tya99> Traffic from 192.168.2.0/24 hosts destined to go out ppp0 18:30 < tya99> Traffic from 192.168.3.0/24 hosts destined to go out of tun0 18:30 < tya99> Traffic from 192.168.4.0/24 hosts not to be forwarded. 18:31 < tya99> the difference is now i want to implement 3 VLANs, 2, 3, 4 18:31 < tya99> https://i.imgur.com/hDBLc8G.png Note the router is plugged into port 1 18:31 < tya99> will traffic get from the other untagged ports to the tagged port and thus the router without me having to do anything on the switch like adding routes 18:32 < tya99> ie if a packet comes from host 192.168.2.55 (workstation) > switch > router > switch > printer (192.168.4.23) for example 18:32 < tya99> that is technically inter-vlan routing 18:33 < tya99> which would sort of indicate i should configure my switch in L3 ie with routes 18:33 < tya99> because it is more efficient to do so than the router 18:33 < tya99> obviously the purpose of VLAN 2 and 3, has to go to the router because it has to go out of the network 18:33 < djph> "more efficient" 18:34 < tya99> because a switch would be able to move higher volumes of packets quicker 18:34 < djph> depends on whether the switch is on-par with the router 18:34 < tya99> than a router 18:34 < djph> nah 18:34 < tya99> not that i really care because i have next to zero inter-vlan traffic 18:34 < tya99> so i would think a L2 configuration would be fine 18:35 < tya99> maybe in a corporate or large network then i could improve things by say having routes that mean that the workstation doesn't have to send its packets to the router? 18:35 < djph> sure, you can stick everything on the same subnet and keep it all in the same L2 domain. 18:35 < dogbert2> hey djph 18:35 < djph> yo 18:35 < tya99> so if they are on different subnets like i've described 18:35 < tya99> will they still get to the router? 18:35 < djph> then you have to route. 18:35 < djph> sure 18:35 < dogbert2> just got this for $98 at Frys - https://www.frys.com/product/9028547?nearbyStoreName=false&site=sunemail061718 (makes a nice linux dev box) 18:36 < tya99> is dogbert2 a robot spammer? 18:36 < djph> $100? nice 18:36 < Apachez> tya99: I think so 18:36 < tya99> i had some guy kang0 ask me for schools that teach english 18:36 < tya99> and wanted to know where i lived and shit in pm 18:36 < tya99> because apparently he can't use google 18:36 < Mr_Midnight> yeah kang0 PM'd me too 18:37 < Mr_Midnight> I just ignored it 18:37 < tya99> but he can speak english enough to ask me that shit 18:37 < dogbert2> yeah...the intel NUC I was looking at (smaller form factor) would have cost me $250 (with memory and SSD) 18:39 < tya99> so djph do you think i would need routes? 18:39 < tya99> or the packets would simply get 'lost' 18:39 < tya99> without ever making it to the router 18:40 < tds> well whatever is routing needs routes, so an l3 switch needs routes, l2 doesn't 18:41 < tds> an l3 switch just moves your inter-vlan routing directly onto the switch, rather than doing it on a router attached to the switch 18:41 < tya99> what if i want the router to do it 18:41 < tya99> which is in port 1 18:42 < tds> then you need routes on the router, but the switch doesn't care about routing, it only needs to know about vlans 18:43 < tya99> right 18:43 < tya99> that's what i thought 18:43 < tya99> and i do have those routes on the router 18:44 < tya99> ie /sbin/ip route add 192.168.2.0/24 dev eth0 table LAN 18:46 < tya99> would allow a packet to go from one subnet to another 18:47 < detha> that does not look right. on linux box with a couple of vlan interfaces you shouldn't have to manually add routes 18:48 < tya99> i have three routing tables 18:48 < tya99> i should have mentioned that 18:49 < tya99> https://wiki.alpinelinux.org/wiki/Linux_Router_with_VPN_on_a_Raspberry_Pi#.2Fetc.2Fiproute2.2Frt_tables 18:49 < tya99> but that example uses aliased ips on the same interface. I am basically trying to do the same thing as that article but with VLANs 18:49 < tya99> (note the picture above it) 18:50 < tya99> i did get it working so I know it works 18:50 < detha> that looks like a rather complex and very specific setup 18:51 < tya99> well when i came across it i decided that's what I wanted :P 18:51 < tya99> except i wanted to expand upon it and implement IPv6 18:52 < tya99> which would be impossible without VLANs because SLAAC would broadcast to all three 'aliases' because they have the same link local 18:52 < tya99> but with VLANs i can set it to prefix delegate on one interface (eth0.2 in this case) 18:52 < tya99> and use ULA NAT66 on eth0.3 (for the VPN) 18:53 < tya99> and just ULA no NAT (because there's no routes out of the network for eth0.4) 18:54 < tya99> so my impression is i can keep my switch in L2 mode and just configure the VLANs as I have done 18:54 < tya99> if I don't mind all packets passing through the router 18:55 < tya99> at least according to that https://community.fs.com/blog/layer-2-switch-vs-layer-3-switch-which-one-do-you-need.html 18:55 < detha> you can, if it is all low-bandwidth stuff 18:56 < tya99> yes 18:56 < tya99> a single print job here and there isn't going to be a lot of bandwidth :) 18:56 < tya99> i should also add this isn't a commericial application, rather more an experiment 18:56 < tya99> if i was doing this commercially i would not have a VPN thing on the router 18:57 < tya99> i'd probably have something on the switch behind the router to do that 18:57 < tya99> which seems to be the way that most enterprise places do VPN stuff 18:57 < tya99> ie with dedicated concentrators/access servers 18:58 < tya99> and because my WAN link is only 30mbit the raspberry pi has more than enough cpu for it 18:59 < tya99> a crappy FTTN link 19:02 < tya99> detha: i think i understand now anyway 19:02 < tya99> because it would know from the host's default gateway 19:02 < tya99> eg if the packet from 192.168.2.55, and has the default gateway of 192.168.2.1 19:03 < tya99> the switch is going to know it has to send it to that router 19:03 < tya99> although L2 doesn't care about IP addresses... 19:08 < detha> effectively, yes. .2.55 is going to send an ARP request for .2.1, router responds, .2.55 now knows the router's MAC address, and sends the packet there. Switch just sees a packet for that MAC address, and sends it to the router. 19:09 < tya99> ah! 19:09 < tya99> thanks for explaining that :) 19:10 < tya99> i guess what made it complicated for me is that i actually have an L3 switch :) 19:10 < tya99> just the L3 bits are not enabled 19:11 < AlexPortable> catphish: thanks for the explaination 19:12 < tya99> i was having a look at the EdgeOS web interface and there's a lot of features there 19:12 < tya99> in any case if i want to explore creating inter-vlan routes at a later date i always can 19:16 < AlexPortable> is it bad to use a router as a switch? 19:16 < tya99> they are two different things 19:17 < AlexPortable> well it's just that a router with 8 ports is cheaper than a switch with 4 ports 19:17 < tya99> in consumer equipment routers usually include switch 19:17 < tya99> keep in ind 19:17 < tya99> not all switches truly have dedicated 8 ports 19:17 < tya99> sometimes internally they use VLANs 19:18 < tya99> i found that when researching openwrt equipment 19:18 < AlexPortable> wha do you mean? 19:18 < tya99> they can have a software switch inside 19:18 < AlexPortable> ah like that 19:19 < AlexPortable> well, is mikrotik consumer equipment? 19:19 < tya99> TP-link tends to do that 19:19 < AlexPortable> is there a list of tp-link models that do this? 19:19 < tya99> it would dpend 19:20 < tya99> https://wiki.openwrt.org/toh/tp-link/td-w8980 i think that might be one such model 19:20 < tya99> The XWAY VRX286 SoC features an internal configurable Infineon Gigabit Ethernet switch that connects all the physical Ethernet ports together. 19:21 < tya99> so they aren't actually 'separate ethernet ports' as in interfaces 19:21 < AlexPortable> but is this only the case for routers, or also for switches? 19:21 < tya99> well in that kind of hardware they act as both 19:21 < tya99> not for commericial stuff 19:21 < tya99> and i doubt microtik would do that 19:21 < AlexPortable> i mean when you get a tp-link 'switch' without routing capabilities 19:22 < tya99> then that wouldn't be like that no 19:22 < tya99> it would be those all in one consumer wifi-modem router things 19:22 < tya99> that might choose to do it that way 19:22 < tya99> but those usually blow for any kind of performance 19:22 < AlexPortable> blow as in positive? 19:23 < tya99> now as in suck 19:23 < detha> tya99: https://i.mt.lv/routerboard/files/RB1100AHx4v4-170816141042.png 19:24 < detha> Those 2.5Gb links to the control plane are mapped as vlan1..5 for port 1..5 19:24 < tya99> heh 19:26 < AlexPortable> how about this? https://i.mt.lv/routerboard/files/Block-RB2011UAS-2HnD.pdf 19:27 < detha> probably still the same. 2011 performance between port groups sucks. 19:28 < detha> well, anything that hits control plane 19:28 <+catphish> i wonder why they used 3 separate switches, that seems like a poor design 19:28 < detha> cheap silicon.... 19:29 < detha> 6-port ASIC is what goes into most consumer 4 LAN + 1 WAN + CPU multi-function devices 19:30 <+catphish> so, intel are releasing a graphics card, this is cool, i hope this means we can finally have good linux graphics support 19:30 < AlexPortable> so would it make sense to replace a consumer 8 port switch with the 2011 one? 19:30 < tya99> well it depends on your bandwidth needs 19:31 < detha> if you need a switch? no. 19:31 < tya99> that too 19:31 <+catphish> or maybe not 19:32 < AlexPortable> i need a switch, and something that gives me more vlan capabilities (as in routing between two vlans, but not allowing outside internet access for devices in the vlan) 19:32 < detha> intel has been fairly good with linux support; not like the 'either you run a blob we give you, or you have horrible performance' like some vendors 19:32 < detha> ehm, if it routes, it's not a switch 19:33 < tya99> AlexPortable: https://community.fs.com/blog/layer-2-switch-vs-layer-3-switch-which-one-do-you-need.html 19:33 < tya99> you might find that interesting 19:33 <+catphish> detha: intel provide proper documentation for their hardware 19:33 <+catphish> do writing drivers is easy 19:33 <+catphish> *so 19:34 < detha> For some value of easy.... graphics drivers are somewhat complicated these days 19:34 < AlexPortable> according to the arcile i need a layer 3 switch 19:34 <+catphish> well that's probably true, but there are people who are good at it :) 19:35 < detha> true. and intel has been fairly good with giving examples/reference implementations 19:36 < AlexPortable> well, i just thought it would be easier to get the 2011, and not having to get a small router, and then another switch after that again 19:36 < AlexPortable> or is it possible to setup a vlan in such a way that the device can access other devices, but not access the internet? 19:36 < detha> 2011 is a cheap 'universal router/switch/firewall/...' device 19:37 < AlexPortable> How about RB951G-2HnD ? 19:38 < detha> similar, the xx1 says it's got a radio, not all 2011 models have that 19:38 < AlexPortable> they both have wifi 19:42 < liveuser33> join ##commplex 19:43 < liveuser33> #frs14 19:45 < AlexPortable> But will these devices perform worse than the average Netgear/consumer grade networking switch with VLAN capabilities? 19:46 < detha> if you use it just as an L3 switch, probably not 19:47 < liveuser33> youd think somebody with a mind shouldve designed the android phones 19:48 < liveuser33> like turning off radios in low power mode 19:48 < liveuser33> having a seperate charger and two batteries 19:48 < liveuser33> for avoiding em interference 19:49 < liveuser33> and USB option for a real keyboard 19:49 < liveuser33> some sort of standardized microphone jack 19:50 < liveuser33> inlaid power button so it is not pressed in the pocket 19:50 < liveuser33> thatd been evidence a mind was at work 19:51 < liveuser33> yeah? 19:52 < liveuser33> instead it is someginf like swarms of transient bugs 19:52 < liveuser33> then upgrade the phone/cpu 19:52 < liveuser33> new swarm 19:53 < liveuser33> higher clock rate 19:53 < liveuser33> more frequent nonsense 19:53 < liveuser33> increases in mindless attacks 20:21 < moriarty--> https://www.bloomberg.com/news/articles/2018-06-17/bitcoin-could-break-the-internet-central-banks-overseer-says - is this a reasonable assumption? that the associated communication volume of bitcoin network will grind the internet to a halt? 20:37 <+catphish> moriarty--: it doesn't seem to be backed up with any calculations, so i would bee inclined to assume it's false until i saw more informtation, seems more like an offhand guess 20:37 < moriarty--> catphish, cheers 20:37 <+catphish> "it would eventually overwhelm everything from individual smartphones to servers" this is telling that whoever wrote this doesn't know how either bitcoin nor the internet works 20:38 <+catphish> with that said, bitcoin does have serious scaling issues 20:38 <+catphish> it's just that i don't think the author of this article understands them enough to make statements about the nature of the problems 20:38 < Apachez> more likely that they eat up all the power for no use 20:39 < Apachez> I still havent seen any commercially coin mining company who is taking care of the heat being produced 20:39 < Apachez> they just vent it out into the air 20:39 <+catphish> the power thing is ridiculous :( 20:39 < Apachez> I mean some complain on AC users during summers 20:39 < Apachez> causing distrubtions of the power grid 20:39 < Apachez> but AC have at least a use for the owner 20:39 < Apachez> this shit just vents it out 20:40 < Apachez> how it looks like https://www.youtube.com/watch?v=kRzY13KIZDw 20:42 < moriarty--> catphish, that's a reasonable statement yes 20:42 < moriarty--> Apachez, i wonder if hot/cold aisle is still a thing 20:42 <+catphish> it is 20:42 <+catphish> it's probably the most common method to cool data centres, at least shared ones 20:43 < Apachez> moriarty--: hot-hot and cold-cold yes 20:43 < Apachez> but those are open space 20:43 < Apachez> so I dunno 20:44 < Apachez> but the other way would overheat the end rows 20:44 < Apachez> like if you have hot-cold hot-cold hot-cold 20:44 < Apachez> the last one will have like +100C as inlet airtemp :P 20:44 < moriarty--> lol 20:44 < Apachez> so its less worse to have hot-cold cold-hot hot-cold cold-hot 20:44 < Apachez> and have them to push air onto each others asses 20:44 <+catphish> Apachez: it just alternates hot-cold, it's not very complicated afaik 20:44 < Apachez> downside comes if one row stops 20:45 < Apachez> so you get air pushed backwards sort of speak 20:45 < Apachez> catphish: when you have hot-cold hot-cold hot-cold the last row will get very hot air blown at its "cold" side 20:45 <+catphish> no 20:46 <+catphish> each row of racks is just at 180 degrees to the previous row, so if you're in a cold isle, you have the front of racks on both sides if you 20:46 <+catphish> and if you're in a hot isle you have the back of the racks 20:46 <+xand> aisle :) 20:46 <+catphish> xand: was it you that did this to me last time too? 20:46 <+xand> did what :( 20:46 < Apachez> https://news.bitcoin.com/wp-content/uploads/2016/05/KnCMinerDataCenter-1.jpg 20:47 <+catphish> oh, this is the second time in recent weeks i've used the word isle incorrectly 20:47 <+catphish> someone corrected me last time too 20:47 < Apachez> https://www.va.se/globalassets/bilder/foretag/kncminer-kncminer.jpg?width=1100&height=600&mode=crop& 20:47 <+xand> I suppose you could have an island of racks 20:47 < Apachez> looks like hot-cold cold-hot hot-cold cold-hot to me 20:47 < Apachez> and then you push the airvent from the side 20:47 <+xand> you wouldn't put racks all the same way round Apachez 20:47 <+xand> :X 20:48 < Apachez> xand: ? 20:48 <+catphish> Apachez: it's like this: https://cdn.ttgtmedia.com/digitalguide/images/Misc/jb_sdc_4.jpg 20:48 < Apachez> xand: well thats what I said, having hot-cold hot-cold hot-cold is a very bad idea 20:48 <+xand> who does that? 20:48 < Apachez> xand: because the last row would then on its cold side have very hot inlet air 20:48 <+catphish> each rack is 180 degrees to the last one 20:48 < Apachez> xand: catphish seems like it 20:48 <+xand> ... 20:48 <+xand> nope 20:49 < Apachez> catphish: you dont have any lame perforated tiles here, just looks at the pics =) 20:49 < Apachez> its a concrete floor 20:49 < Apachez> former helicopter hangars 20:49 <+xand> look at my awesome rack https://pbs.twimg.com/media/DesGK-HWsAA1Wgv.jpg:large 20:49 <+catphish> i really don't think that's relevant 20:49 < Apachez> https://medier.talentum.com/ponIltIpIv-1464608652/media/3ishr2-knc-miner-700-394-ny-teknik.jpg/alternates/FREE_640/knc-miner-700-394-ny-teknik.jpg 20:49 <+catphish> nice rack xand, if you know what i mean 20:49 < Apachez> another pic that shows that its hot-cold cold-hot hot-cold cold-hot 20:49 <+xand> 3D printed corners 20:50 <+catphish> Apachez: what? 20:50 <+catphish> that's just one aisle, it doesn't show anything 20:50 <+xand> I've not bothered actually putting anything in it yet :( 20:50 < Apachez> catphish: combine it with the other two pics and you will see 20:50 <+xand> the fans are facing each other 20:50 <+catphish> you have a cold aisle that faces the front of 2 rows, and a hot aisle that faces the back of 2 rows, it's not complicated! 20:50 <+catphish> and they alternate 20:51 < Apachez> omg you are thick 20:51 <+xand> stupid cryptocurrency :( 20:51 < Apachez> the hot-cold cold-hot is how it looks like when you looks at the rows from the side 20:51 < moriarty--> xand, stupid why :( 20:51 <+xand> massive waste of electricity 20:51 <+catphish> Apachez: why are you counting each aisle twice? 20:51 <+xand> and hardware 20:51 < Apachez> |hotside-coldside| *here you can walk* |coldside-hotside| *here you can walk* |hotside-coldside| *here you can walk* |coldside-hotside| *here you can walk* 20:52 <+catphish> Apachez: that's correct 20:52 <+xand> #latestagecapitalism 20:52 <+catphish> the place you walk is calles an aisle 20:52 <+xand> yes 20:52 < moriarty--> xand, just like gaming is a waste of electricity? :) 20:52 <+xand> moriarty--: no 20:52 <+catphish> so it's hot aisle, cold aisle, hot aisle, cold aisle 20:52 * Apachez bitchslaps catphish 20:52 <+catphish> Apachez: i think we agree, you're just describing it in a way that most people don't 20:52 <+xand> aisles you can walk down, separating the isles of racks :> 20:53 <+catphish> :D 20:53 <+catphish> xand: see, i learned how to spell it now! 20:54 < Apachez> https://pbs.twimg.com/media/CXU6AsqWkAEPmLY.jpg:large 20:55 < Apachez> xand: dont you walk up an aisle? ;) 20:55 <+xand> depends which way you walk 20:55 <+catphish> i did that when i got wedded 20:56 <+catphish> i walked a very short way up the isle of great britain 20:57 <+catphish> i suspect cold aisle containment is used in almost all data centres, not too many reasons not to 20:58 <+catphish> though i build a large server room once that uses per-rack heat extraction instead 20:58 <+xand> at my current/almost former work... we've been promised cold aisle containment for about 5 years 20:59 < Apachez> nowadays you also got those condensed aisles 20:59 < Apachez> where you isolate the hot side 20:59 < Apachez> and try to remove that 20:59 < Apachez> and the open air is the "cold" side 21:00 <+xand> yeah can also do hot aisle containment 21:00 <+xand> main thing is to separate them 21:00 < Apachez> how that knc place in boden looks like today https://www.youtube.com/watch?v=W43Vl8FeIfA&feature=youtu.be&t=8m52s 21:00 < Apachez> they went bankrupt (is that even possible when doing coins?) and genesismining is the new owner 21:00 <+catphish> i used these: https://cdn2.bigcommerce.com/server900/b18w/products/44379/images/57095/APC_COOLING_Door_Inside__06299.1435082126.500.750.jpg?c=2 21:01 <+catphish> they do hot aisle containment inside the rack and pipe air up into the ceiling 21:01 <+xand> that picture is ... what 21:02 <+catphish> it's a rear door for an apc rack 21:03 < Apachez> they seem in the above clip have reversed it 21:03 < Apachez> so the cold side is isolated 21:03 < Apachez> and hot aisle is open air 21:03 <+catphish> cold is normally the isolated one 21:05 < Apachez> I have seen both 21:06 < Apachez> the point of having "cold" as open air is that you can reach the servers and whatelse frontside easy 21:06 < Apachez> no need to squeeze into an isolated space 21:07 <+catphish> Apachez: i've never known a cold aisle to be cramped 21:08 <+xand> you need space at the front to pull servers out... 21:08 < mentayolo> hey there 21:08 < mentayolo> anybody got a nice hostname? 21:08 < AlexPortable> Changed the cable, but still RxBadPkt 2059 21:08 < AlexPortable> 2071 21:09 <+xand> mentayolo: what kind of question is what? 21:09 <+xand> *that 21:09 < mentayolo> was gonna set up a new machine tonight and wanted a cool hostname 21:10 < rewt> can't go wrong with google.com 21:10 < mentayolo> nah something unique man 21:11 < rewt> not.google.com 21:11 < mentayolo> not gonna joke but that would actually sound unique 21:12 < mentayolo> anyhow I meant like the user name 21:13 < mentayolo> anyway doesn't matter, nice to meet you guys, this is my first time on an IRC 21:14 <+catphish> attractive man in a hot aisle: https://i.imgur.com/B7nAxyF.jpg 21:14 <+xand> is it you? 21:14 <+catphish> i was looking for a cold aisle picture but couldn't find one 21:14 <+catphish> xand: in a manner of speaking, yes 21:15 <+xand> er? 21:15 <+catphish> but yes, it is 21:17 <+xand> I just spent 6500 on a train ticket :( 21:17 <+catphish> 6500 what? 21:17 <+catphish> pence? 21:18 < rewt> monetary units 21:18 <+xand> pounds :( 21:18 <+catphish> whathow? 21:18 <+xand> largest debit card transaction I've ever done 21:18 <+catphish> did you buy the train? 21:18 <+xand> that's a year 21:18 <+catphish> i bought a new car once with a 12,000 debit card transaction, that was fun 21:18 <+xand> season ticket 21:19 < AlexPortable> try paying it in cash 21:19 <+xand> they don't take cash on websites 21:19 <+catphish> xand: 125 a week? that's painful 21:19 < Tegu> not even if you throw money at screen? 21:19 <+catphish> where are you traveling? 21:19 < detha> xand: isn't bitcoin a form of cash? 21:19 <+catphish> only bitcoin cach 21:19 <+xand> cash is coins and notes 21:20 <+xand> london 21:20 < Tegu> also, how long distance is it? seems rather high even for a year 21:20 <+catphish> xand: thought it might be, got a new job lined up? 21:20 <+xand> yep :) 21:20 <+catphish> oh yeah i think you already told me 21:20 <+catphish> cool 21:20 <+xand> yes trains are a ripoff in the UK 21:20 <+xand> it's 50 miles or so 21:20 <+catphish> thats quite a long way i guess 21:21 <+xand> luckily most of that is on the fastest train in the country :P 21:21 <+catphish> i spend 50 a week on petrol, but that's only 17 miles (each way) 21:21 <+catphish> it would probably be cheaper if i didn't drive like a knob 21:21 <+xand> need to take two trains. the second one is free due to weird ticketing rules 21:22 <+catphish> handy 21:22 <+xand> st pancras -> blackfriars costs 0 21:22 <+xand> if you have a ticket to either 21:22 <+xand> or rather to london terminals 21:22 <+catphish> why not just get a ticket to where you want to go? 21:22 <+catphish> or is it cheaper to get the wrong ticket? 21:23 <+catphish> and abuse the free train 21:23 <+xand> you can't get a ticket specifically to blackfriars 21:23 <+catphish> how odd 21:23 <+xand> AFAIK 21:23 <+catphish> i thought you could buy a ticket to anywhere 21:23 <+xand> most big london stations are grouped together 21:24 <+catphish> weird 21:24 <+xand> catphish: apparently you can buy a ticket to there but not from here 21:25 <+xand> or if you could, it would cost more 21:25 <+catphish> i see 21:25 <+catphish> i discovered once there are some places you're not supposed to buy tickets 21:25 <+xand> oh? 21:26 <+catphish> i once tried to buy a ticket inside clapham junction from clapham junction 21:27 <+catphish> they looked at me like i was an alien and asked where i'd come from 21:27 <+xand> er 21:27 <+xand> inside the barriers? 21:27 <+catphish> yes 21:27 <+catphish> i guess normally if you're changing you already have a ticket to your final destination 21:27 <+catphish> but for some reason i didn't 21:28 <+xand> I thought those ticket places were for if you were naughty and hadn't bought one 21:28 <+catphish> i bought a ticket to clapham junction and figured i'd decide what to do once i got there 21:28 <+xand> right 21:28 < d3fragg3d> so anyone used mpd before? I am on linux and I have mpd working on a machine, then on th client machine I can connect to mpd via telnet, however when I try to connect via ncmpcpp it syas connection refused. Was looking for some advice, been googling and trying to fix this for a couple of days now 21:28 <+catphish> xand: i suspect that was the problem, they're used to people buying tickets half way through the journey 21:28 <+catphish> after failing to buy it earlier 21:28 < d3fragg3d> (not sure if this is a networking issue btw, so if I am too far offtopic, fair enough :)) 21:29 <+catphish> took me a while to get the hang of london transport, but i love it now 21:29 <+catphish> especially with contactless it's magic 21:29 <+xand> I have just ordered an oyster card :X 21:30 <+catphish> why bother? just use a debit card 21:30 <+xand> because with my season ticket you get 1/3 off ... if you use an oyster card, not conctactless 21:30 <+catphish> oh ok 21:30 <+xand> which is a bit annoying 21:30 <+catphish> less messy on your bank statement too :) 21:32 < mentayolo> does the log file show anything 21:32 <+catphish> d3fragg3d: are you using an ip or a hostname? 21:32 <+catphish> d3fragg3d: make sure both are connecting to the same ip and port i guess 21:35 < d3fragg3d> catphish: yeah no worries, might actually be a client issue so I will just check that. 21:50 < tds> xand: I've had to do warwickshire -> cambridge before, it's horribly expensive for an open return at peak times since you have to go via london :/ 21:51 < tds> yeah, just looked, £216 22:07 < d3fragg3d> yeah it was a client issue, curious, I have openVPN running, however I want to try out mpds tcp pulse audio option, firstly how well do you think this will work over openvpn? and secondly, at the moment the server is not aware of the clients (via openvpn) ip address (I cant see or ping it) how possible is it to connect to the client from the openvpn server? I need to be able to do that from the mpd 22:07 < d3fragg3d> config you see for this option, it needs an IP 22:12 < mentayolo> 22:27 < seven-eleven> is there only asynchronous ethernet or also synchronous in use? 22:28 < linux_probe> uhhhh 22:28 * linux_probe yawns and facepalms 22:28 < Apachez> there are various modifications 22:30 < seven-eleven> https://en.wikipedia.org/wiki/Synchronous_Ethernet 22:32 < seven-eleven> do you know if synchronous ethernet is used only in few scenarios, like mobile networks, or also in OTN? 22:33 < Apachez> OTN isnt really syncrhronous ethernet per se 22:33 < Apachez> but you got syncrhonous in phone world 22:33 < Apachez> SDH rings 22:33 < seven-eleven> yeaah, OTN should be able to be fed with everything? 22:34 < Apachez> and also timedivision in cellphone networks 22:36 < seven-eleven> yeah they do SyncE in OTN too https://ieeexplore.ieee.org/document/6419206/ --- Log closed Mon Jun 18 00:00:02 2018