--- Log opened Fri Apr 06 00:00:35 2018 00:23 < SovietBeer> can i use udp for reliable and in-order communication within localhost only? 00:24 < joebobjoe> why isn't ipsec used more 00:24 < joebobjoe> it seems like a great technology 00:29 < joebobjoe> encryption everywhere, and we finally get rid of unholy glut of overbearing network administrators who place their ungodly "middleboxes" everywhere 00:29 < joebobjoe> it's bullshit 00:46 < Eryn_1983_FL> hey peeps have you guys ever done webex on linux? 00:55 < drac_boy> hi 00:58 < orlock> joebobjoe: Because it can be an annoying pain in the ass to deal with 01:02 < drac_boy> have to recheck but just for nat alone (without logging or any firewall) with a few bandwidth-light computers you could pretty much use anything even a P6 cpu if you wanted to? :) 01:02 < joebobjoe> orlock: from whose perspective? 01:08 < orlock> joebobjoe: Anybody who has had to deal with it in any substantial manner? 01:10 < orlock> joebobjoe: Interoperability hiccups/issues, evolving standards, implementation choices.. 01:11 < orlock> joebobjoe: No ides what you mean by "middlebox" either 01:11 < orlock> Unless you mean a SSL intercept MitM type proxy? 01:12 < orlock> And in which case if you think that is both "overbearing" but also consider ipse everywhere a "good thing" you should go and have a chat with your overbearing network/security admins and see the issues they are trying to deal with 01:16 < orlock> for example... Got a fancy Meraki firewall? 01:16 < orlock> that supports ipsec 01:16 < orlock> got an Azure cloud service you want to have a secure tunnel to? That supports ipsec as well 01:17 < orlock> Oh no.. Meraki's only support IKEv1! 01:17 < orlock> etc 01:17 < joebobjoe> I'm not vouching for ipsec because I am a pro-encryption fanatic, but because it would prevent this terrible trend of interfering with network traffic at a higher level than ip 01:18 < joebobjoe> like blocking tcp ports 01:18 < orlock> Bastards going to be bastards. 01:18 < joebobjoe> firewalling based on tcp flows 01:18 < joebobjoe> nat 01:18 < orlock> And at some point you need to exchange a level of trust with the peer 01:19 < orlock> i _am_ a pro encryption fanatic 01:19 < orlock> and i'm also likely to be one of those overbearing network admins 01:20 < orlock> How can you be sure that your peer is the peer it says it is? 01:20 < orlock> The guys behind some of the linux ipsec stack were working on ways to do it 01:21 < orlock> with DNS based key transfer 01:21 < orlock> "Opportunistic Encryption" 01:21 < joebobjoe> the shitty ca-based pki 01:21 < joebobjoe> that should be replaced by dns 01:21 < orlock> But honestly, what you are complaining about - i havent seen in practice 01:21 < orlock> and i'd be cracking the shits if i had 01:22 < joebobjoe> ok, this is what specifically started my hate 01:22 < orlock> .. So you trust your DNS resolvers? 01:22 < orlock> You know that new resolver IP? 01:22 < orlock> I've been getting botnet scans from that subnet. 01:23 < joebobjoe> you talking about 1.1.1.1? 01:23 < joebobjoe> what new resolver ip? 01:23 < orlock> yes 01:23 < joebobjoe> so, the source packets are forged 01:23 < orlock> How? 01:24 < joebobjoe> I dunno, because some... middle box... somewhere should be catching it? 01:24 < orlock> And whats the point of forging a source addrss if theres not going to be any return. 01:24 < xamithan> ^ lol 01:24 < orlock> It's worth pointing out at this point, that my local NIC is the one that's providing that 1.1.1.1 address 01:25 < joebobjoe> huh 01:25 < orlock> joebobjoe: 1.1.1.1 belongs to APNIC. I'm in Australia 01:27 < orlock> i men, all of the really obviously dodgy/hijacked network ranges i've seen have been based out of the Uk and RIPE for some reason 01:27 < joebobjoe> someone is trying to trick you into sending traffic to yoruself? 01:27 < orlock> They literally have bogus companies registered for them 01:28 < orlock> joebobjoe: No.. 1.1.1.0/24 was historically an R&D range used by apnic, who had basically said "ANy crap you see from this range is likely spoofed, not us" 01:28 < orlock> the WHOIS notice regarding that changed less than a week ago with the announcement of 1.1.1.1 01:29 < orlock> previously it was ot constantly published via AS 01:29 < orlock> now obviously, it has to be 01:29 < joebobjoe> ok, but this doesn't have anything to do with my initial complaint 01:30 < orlock> Except you said that CA based PKI should somehow be replaced by DNS 01:31 < orlock> But DNS isnt really trustworthy yet 01:31 < orlock> It's a hard problem 01:31 < joebobjoe> are you insinuating that 1.1.1.0/24 is itself infected? 01:31 < joebobjoe> well that still isn't related to what I was originally trying to say 01:32 < joebobjoe> and, yea, ultimately there should be some sort of distributed ledger-based solution 01:33 < orlock> Deal with BGP/ASN's much? 01:33 < joebobjoe> but pki is already based on integrity of dns, e.g., letsencrypt 01:33 < orlock> No, it's not 01:33 < ntd> dane? 01:34 < joebobjoe> orlock: letencrypt trusts you based on showing that you have control over the ip pointed to by dns? 01:35 < joebobjoe> orlock: but no, I have no experience with internet infrastructures 01:36 < joebobjoe> my initial rant/complaint stems from how local network admin is done these days... 01:37 < joebobjoe> my local university is getting ipv6 but doesn't offer ipv6 addresses to its network users 01:37 < joebobjoe> and when they do, they are going to somehow block incoming connections 01:38 < tds> for a client network blocking incoming connections sounds reasonable to me, you can't rely on every computer to be running its own firewall 01:39 < AustinS> joebobjoe, that's because, rightfully so, they probably don't trust all the students to not have something malicious on any of their devices 01:39 < AustinS> i wouldn't.. 01:40 < joebobjoe> yea they already require that I install some kind of spyware program before I can even connect 01:40 < AustinS> (or using it to act as a server to something, using up resources of the network/abusing it) 01:40 < AustinS> cause i definitely would've done that if my school gave me a public IP that was open lol 01:40 < joebobjoe> then meter usage 01:40 < AustinS> well that part is dumb, not the network part 01:41 < joebobjoe> but don't inspect my packets or install software 01:42 < ntd> "here's a root ca, import it" <- unis these days :) 01:42 < joebobjoe> and it is trivial to get around such restrictions, just run some sort of reverse proxy that tells me to establish the connection to the outside first 01:42 < joebobjoe> ntd: wait, couldn't that theoretically give them traffic interception abilities 01:42 < joebobjoe> of encrypted traffic? 01:42 < tds> yes, lots of places do mitm on all ssl traffic 01:43 < tds> (so if they try and install a cert on your device, just refuse to use the network) 01:43 < joebobjoe> I hope they get hacked 01:44 < Eryn_1983_FL> is that all the trafffice right? 01:44 < tds> well if they're mitming you and get hacked, someone else could probably read all your ssl traffic, so I wouldn't hope for that ;) 01:44 < Eryn_1983_FL> so your traffic goes pc > univeristy server> uni-router> web> ? 01:44 < joebobjoe> orlock: I should have modified my initial rant, not just ipsec, but ipsec + ipv6 01:45 < Eryn_1983_FL> mmmmm 01:45 < Eryn_1983_FL> yeah no.. 01:45 < Eryn_1983_FL> love off campus you will feel better but be poor.. 01:46 < joebobjoe> if all traffic were just ipv6 + ipsec, there would be no nat, no blocking what should be my right to access ports on my own computer 01:46 < joebobjoe> no monitoring my transport layer "flows" 01:48 < comet23> Anyone here hack? 01:48 < joebobjoe> no 01:49 < pekster> https://sourcefoundry.org/hack/ . Probably not what you meant though… 01:50 < mateothegreat> pekster: thats hack-ing fo sho 01:50 < pekster> It's a core component of mine, to be sure :) 01:51 < comet23> Hacking is breaking into computers and shit in order to make money 01:51 < pekster> RMS disagrees, and I favor his view over yours in this case, as I most others here I suspect 01:52 < comet23> You have to do it over the internet and you can’t have physical access to the computer and nobody could have hacked the thing the same way you just hacked it or else that’s cheating 01:52 < comet23> You know? Hacking! 01:52 < cmj> wow, like that great movie? 01:52 * pekster goes back to hacking on some troublesome Java 01:52 < cmj> heh 01:52 < pekster> cmj: His mom musta' bought him a 'puter for Christmas! :P 01:53 < mateothegreat> I don't think he's old enough to have the hackers movie street cred 01:53 < mateothegreat> comet23: that would be called "blackhat" hacking 01:53 < comet23> No that’s what everyone calls hacking 01:53 < mateothegreat> unless of course you're being paid and have permission 01:54 < comet23> Permission or not that’s hacking 01:54 < mateothegreat> comet23: do you know the difference between good and evil 01:54 < comet23> You can’t be evil when you hack because nobody dies 01:54 < comet23> Nobody’s life gets affected 01:54 < cmj> did you skip the movie wargames? 01:54 < mateothegreat> this isn't real 01:55 < mateothegreat> you must not be real either given the ineptitude 01:55 < comet23> It’s all wavelengths that can get reverted 01:55 < Eryn_1983_FL> tell that to the people who hack power grids.. 01:55 < thejohnnyapol> What if somebody retrieved your social security number through the equifax leak and opened up a bunch of fradulent cards and sent you into financial ruin? 01:55 < thejohnnyapol> Is that not hurting you? 01:55 < Eryn_1983_FL> or pace makers, 01:55 < Eryn_1983_FL> or cars... 01:55 < Eryn_1983_FL> air planes, 01:55 < comet23> Tell them that it wasn’t you and sue equifax on a contingency basis 01:55 < cmj> 15-20 years ago it was a battle of trying to reclaim the word hacker, everyone tried to push 'cracker' but then race and snacks were an issue 01:55 < comet23> If they don’t revert the information 01:55 < comet23> Then you profit 01:56 < mateothegreat> thejohnnyapol: then you watch the lifelock infomercial and sign up .. problem solvd.. 4ever! 01:56 < Eryn_1983_FL> hahah yeah good luck on that 01:56 < mateothegreat> comet23: what does revert the information mean 01:56 < comet23> Cracker is also a very racist term you racist cmj 01:56 < comet23> Putting it to how it was before 01:56 < comet23> It takes a few seconds 01:56 < cmj> point made 01:56 < mateothegreat> certified 01:56 < orlock> comet23: You mean like, with an axe? 01:57 < comet23> No like with a computer and a brand 01:57 < comet23> Brane* 01:57 < orlock> comet23: it's actually a really ineffecient way to split wood honestly. I find a sledgehammer and a wedge much easier 01:58 < thejohnnyapol> mateothegreat: "it's like a bike lock, ya know, but for your life" 01:58 < thejohnnyapol> ;) 01:58 * orlock watches more Mikrotik botnet traffic 01:58 < thejohnnyapol> is it another IoT botnet or are we back to consumer pcs? 01:59 < orlock> thejohnnyapol: Depends on your definition of IoT - they are a router vendor, but the OS is also available to run on x86 gear/VM's 02:00 < thejohnnyapol> orlock: ah okay I gotcha. 02:00 < orlock> thejohnnyapol: But it's exploitable via publically open ports on devices commonly used as an internet firewall/gateway 02:01 < thejohnnyapol> It's scary through UDP amplification / reflection attacks how a silly little device can cause so much damage 02:01 < orlock> the firmware to close the RCE was released over a year ago.... 02:01 < thejohnnyapol> that's the thing that's tough with those kinds of devices - plenty of them are forgotten and will probably sooner break than have a security patch applied 02:06 < mast> I have a simple question for anyone who's worked with Dell Poweredge cable management arms? 02:07 < orlock> have them, btu dont use the arms usually 02:14 < mast> orlock great. I've been trying to find any documentation on this, but I"ve never used them myself before and I'd like to use them with non-dell hardware 02:14 < mast> Are they designed specifically for Dell rails? As in, they only attach to Dell style sliding rails? Its difficult to tell from what I've looked at. I only ask, as I can get a pair for $5 02:15 < mast> I see that there is some kind of bracket that the rail arms clip to 02:16 < orlock> I woud not even bother thinking about it 02:17 < orlock> You know what's good? 02:17 < orlock> Velcro tape. 02:17 < orlock> Avoid cable ties. 02:18 < orlock> You can get rolls of velcro, hook on one side, loop on the other 02:18 < theology> how can i find out more on how to deal with latency in game networking? 02:18 < orlock> If you buy it from a gardening supply shop, it's also really cheap. Fits pefectly through the holes in rack's 02:18 < theology> real-time games 02:20 < orlock> theology: It really depends on the specifics.. there's predictive stuff in some games 02:21 < orlock> theology: https://en.wikipedia.org/wiki/QuakeWorld 02:21 < orlock> also, jitter vs latency 02:25 < orlock> Hmm 02:25 < orlock> Is there a way i can see what network connections a specific windows app is making? 02:26 < ||cw> orlock: netstat can do that 02:27 < mast> I already have everything velcroed 02:27 < orlock> ||cw: Not working for what i;m trying to do in this case. Using with netstat and wireshark 02:27 < mast> I realize this is like the equivalent of a fashion accessory, I just like the idea of being able to slide my servers out without disconnecting everything orlock 02:28 < orlock> Been here years. 02:28 < orlock> never had to slide a server out that wasnt being decomissioned anyway... 02:29 < orlock> But hell, if you want to try it, go for it.. 02:29 < orlock> If you were local, i'd just give you some :) 02:29 < mast> Thanks. Can't really go for it if I don't know they're work or not :) 02:30 < mast> Not a big deal though 02:31 < ||cw> orlock: wireshark should show it for sure 02:32 < orlock> ||cw: Wireshark wont know about the app 02:33 < orlock> netstat -b will , but that's reliant on netstat being running _at that time_ 02:33 < orlock> apparently Microsoft Network Monitor will do it 02:33 < orlock> .. I think the software i'm trying to debug is just broken 02:33 < orlock> and is lying about making network connections 02:34 < orlock> It either is supposed to autoprobe the network for 3d printers 02:34 < orlock> or let me put in an IP 02:34 < orlock> as far as i can tell, it's not doing either 03:25 < ScriptGeek> Anyone know if this thing is as good as they say it is? https://goo.gl/By8L2f 03:27 < Criggie> No. 03:28 < Criggie> Its just an external aerial 03:28 < Criggie> migh tbe slightly better than stock, but theres no more power going through it. 03:28 < ScriptGeek> thanks 03:29 < Criggie> To be honest - wireless problems are fixed by installing ethernet cables 03:29 < Criggie> :-) 03:29 < mast> :P 03:30 < ScriptGeek> true, unless wired options are not possible 03:30 < orlock> i was going to say, i dont know who they are or what they are saying 03:30 < Criggie> ScriptGeek: extra weird.... why would your booster aerial have a directional and two omnis ? That's nuts 03:31 < Criggie> Does it have three cables coming out of it or just one ? 03:31 < Criggie> Oh its a USB wireless ethernet adapter 03:31 < Criggie> I'd expewct the omnis to be onto one radio and the directional to be on a different radio 03:32 < ScriptGeek> I have the alfa awus036nh and a 8dbi omni antenna. It does better than my built in laptop adapter, but would still like to see some good range 03:32 < Criggie> It reminds me of those TV booster aerials for inside. 03:32 < Criggie> Well, an aerial outside the laptop's housing will be better than one inside the housing 03:32 < ScriptGeek> that thing looks pretty hokey to me 03:36 < ScriptGeek> I guess I need a small directional antenna with a mount that has a small base with a modest 3 trillion dbi gain 03:37 < ScriptGeek> it also needs to be able to pickup all 4 bars of signal while sitting on the opposite sided of the moon, in that super cold crater, which is the coldest part of the solar system, as far as NASA knows 03:39 < ScriptGeek> it also needs to have no more than 20ms of signal propagation, despite the moon being over 1.3 light seconds away 03:39 < orlock> ScriptGeek: You would need one at each end? 03:40 < ScriptGeek> I'm just being obnoxious and a little facetious... Would like an antenna with good range and not a hassle to setup for a mobile application 03:41 < orlock> Ahh, so not for a fixed point to point link then? 03:41 < ScriptGeek> correct 03:42 < orlock> mobile-but-directional's a bit of an odd requirement 03:43 < ScriptGeek> yeah, I suppose. Maybe there's another way to achieve the desired result with bigger omni 03:43 < ScriptGeek> would need a nice vehicle mount, though 03:44 < orlock> pair of steppers 03:44 < orlock> $12 worth of electronics from china... 03:45 < ScriptGeek> what do you mean by steppers? 03:45 < orlock> stepper motors 03:46 < orlock> use them to do things like.. point things in certain directions 03:46 < redrabbit> ScriptGeek: get a yagi antenna 03:46 < ScriptGeek> but where would I get the electronics to run the steppers and the housings to put the motors in? 03:47 < orlock> Damn, doesnt everybdy just have a 3d printer lying around yet? 03:48 < ScriptGeek> redrabbit: I've seen those yagi antennas... not sure how it would actually work. Any way it would work decent inside a vehicle while pointing through the window glass? 03:48 < orlock> and the electronics - microcontroller, driver, board, the works, is about $12 from china 03:48 < ScriptGeek> orlock: and $50 of electronics to build the 3D printer? 03:49 < orlock> ... "Damn, doesnt everybdy just have a 3d printer lying around yet?" 03:49 < orlock> :) 03:49 < redrabbit> anyone there tried a standing desk? 03:49 < redrabbit> the motorized type 03:50 < ScriptGeek> no, can't work in this application 03:50 < ScriptGeek> I wonder if a tinfoil hat would help me 03:50 < redrabbit> wrap your feet with it 03:50 < mast> I have redrabbit they are fun. I'm fine with sitting though. I have friends who swear by them though 03:50 < redrabbit> main point is i can lower the desk more mast 03:51 < redrabbit> but standing a bit sounds good 03:51 < mast> I like the variety of both, but I think standing for most of the time would make me mental 03:51 < redrabbit> yeah 03:52 < redrabbit> i found one for about 340€ shipped off amazon 03:52 < redrabbit> not bad 03:52 < orlock> ScriptGeek: What is it that you are trying to do anyway? That's a 2.4Ghz style wifi adaptor 03:52 < redrabbit> well its just the feet 03:52 < orlock> not the sort of thing you would use if you were driving anyway 03:52 < mast> redrabbit that seems a bit steep for the feet 03:53 < ScriptGeek> orlock: I want to be able to sit outside a laundromat or McDonald's or coffee shop and access their wifi 03:53 < redrabbit> i mean everything but the top platte 03:53 < redrabbit> i have one already 03:53 < redrabbit> ScriptGeek: yagi 03:54 < redrabbit> + tripod 03:54 < ScriptGeek> I had a few camera tripods that I recently got rid of... dammit 03:54 < redrabbit> mast: https://www.amazon.fr/gp/product/B01HRLP1BM/ 03:55 < redrabbit> ScriptGeek: i managed 750 meters link with my yagi 03:55 < redrabbit> no line of sight 03:55 < ScriptGeek> redrabbit: that's awesome, what was your setup? 03:55 < redrabbit> + alfa awus036h 03:55 < redrabbit> that's all 03:56 < ScriptGeek> nice 03:56 < ScriptGeek> I have the alfa awus036nh 03:56 < redrabbit> its fine 03:56 < mast> redrabbit huh. I guess these things area just more expensive than I would have thought 03:56 < redrabbit> i have one that is in a white tube 03:56 < redrabbit> "bazooka" whatever 03:57 < redrabbit> it is quite big 03:57 < ScriptGeek> redrabbit: how did you have the antenna setup? was the signal going through the windshield glass? 03:57 < redrabbit> higher the gain, the harded it is to point 03:57 < redrabbit> ScriptGeek: outdoor to outdoor 03:58 < redrabbit> signal was like 4/5 bars 80% quality 03:58 < redrabbit> no drops 03:58 < redrabbit> its rural though 03:58 < redrabbit> so the air is quite clean 03:59 < ScriptGeek> redrabbit: 750 meters is pretty good for that quality 03:59 < redrabbit> yes 03:59 < ScriptGeek> and only running 1 watt 03:59 < redrabbit> ap is some routerboard AP on a pole 03:59 < redrabbit> on top off a small building 04:00 < redrabbit> its a free wifi ap 04:00 < ScriptGeek> oh, that's one heck of an advantage 04:00 < redrabbit> i run a small auto login script 04:00 < redrabbit> so i have free internet where im there 04:00 < redrabbit> there is no 3G/4G indoors 04:01 < redrabbit> only outdoors 04:01 < ScriptGeek> I want to keep it stealthy, so nobody gets weird around some creep hanging out in the parking lot lol 04:01 < mast> #hacktheplanet 04:01 < redrabbit> so that setup is great 04:01 < redrabbit> ScriptGeek: get a small yagi 04:01 < redrabbit> and put some black tshirt on it 04:02 < redrabbit> get an usb extention cord 04:02 < ScriptGeek> redrabbit: I didn't know they came in different sizes? 04:02 < redrabbit> they do 04:02 < redrabbit> all sorts 04:03 < ScriptGeek> I wouldn't know which one to get... I mean, in a car space is limited and yagis look pretty huge 04:03 < redrabbit> a small one 04:05 < ScriptGeek> redrabbit: this one? https://www.newegg.com/Product/Product.aspx?Item=9SIA3M31GS4511&cm_re=yagi_2.4-_-9SIA3M31GS4511-_-Product 04:05 < orlock> ScriptGeek: It's a style, not a size 04:05 < redrabbit> this one is fine 04:06 < redrabbit> get a tripod 04:06 < redrabbit> you need something to point it 04:07 < redrabbit> or its useless 04:07 < redrabbit> or diy something 04:07 < ScriptGeek> 2x4 lumber =p 04:07 < orlock> automate a directional to scan for open AP's 04:08 < redrabbit> lol for scan i do some biking 04:08 < redrabbit> with a cellphone holder 04:08 < ScriptGeek> orlock: I looked around for something that would do that, but I didn't find anything 04:08 < redrabbit> its efficient af 04:08 < redrabbit> wiggle 04:08 < redrabbit> or wifi scanner 04:08 < orlock> https://www.aliexpress.com/item/Free-shipping-NEW-CNC-shield-v4-engraving-machine-3pcs-A4988-Nano-with-cable-kit-for-Arduino/32259813480.html 04:08 < redrabbit> there's a shitton of open stuff 04:09 < ScriptGeek> redrabbit: sounds like a fun hobby lol 04:09 < redrabbit> its fun once in a while 04:09 < TV`sFrank> redrabbit again quit goofball trolling for attention, imbecile 04:09 < orlock> i used to do it a long time ago 04:09 < redrabbit> idk about doing that full time 04:09 < redrabbit> TV`sFrank: fuck off 04:09 < orlock> redrabbit: i managed to get a news article published from my findings heh 04:10 < orlock> fuck, that was over a decade ago 04:10 < ScriptGeek> orlock: that looks like it would work for the electronics to run the stepper motors... it would also work for the 3D printer I would have to build so that I could build the other thing lol 04:11 < redrabbit> motorized setup sounds good 04:11 < orlock> Nah, it's missing a stepper driver for the printer. 04:11 < orlock> You need X,Y,Z and extruder 04:11 < ScriptGeek> oh damm, you're right 04:11 < orlock> thats built for an engraver - X,Y,Z and spindle 04:11 < orlock> i've got one to drive a computerised telescope mount 04:12 < ScriptGeek> that's awesome 04:12 < ScriptGeek> this sounds like it would take me a lot of time to build, though 04:14 < ScriptGeek> how about building a drone that flies up high to get a better wifi signal and then relay it back to me 04:14 < Criggie> A balloon would be better 04:14 < Criggie> then ytou can run power up the cable 04:14 < ScriptGeek> 12 minutes of flight time ftw 04:14 < orlock> Well, if you are worried about poaching internet from the laundromat, i assume you have no job and therefore lots of free time, right? 04:15 < ScriptGeek> do the rich waste all their money because they have lots of it? 04:16 < redrabbit> well in crowded airwaves going higher wont solve it without directional antennas 04:16 < ScriptGeek> yeah, it would have to be an automated flying machine with a directional antenna on it 04:17 < redrabbit> i have about 3data plans personally its about the lols 04:18 < redrabbit> 20gb dual sim + 50gb 04:18 < ScriptGeek> that could work... or I could just get a comcast account and connect to their many aps they have all over town 04:18 < Criggie> Wow - I get 100 Mbytes/month 04:18 < ScriptGeek> redrabbit: what kind of thing is that? 04:18 < Criggie> then its 50c / MB overage 04:18 < ScriptGeek> ouch 04:19 < redrabbit> automating the login process to free hotspots is always amusing 04:19 < Criggie> ScriptGeek: downside of that, you'd have to pay comcast money, and they're evil. 04:19 < ScriptGeek> Criggie: yeah, they definitely suck 04:20 < redrabbit> i pay 5€ for the 20gb and 12€ for the 50 04:20 < ScriptGeek> maybe I could just get a big ass motorized antenna on my car 04:20 < ScriptGeek> redrabbit: is that a cell phone service? 04:20 < Criggie> If you can afford to run a car then you've got money spare. 04:20 < redrabbit> ScriptGeek: yeah 04:21 < redrabbit> its still overpriced tbh 04:21 < redrabbit> i dont even use a gb most of the time 04:21 < ScriptGeek> I've got money to lean on for a while. I'd just like to get on with my plan to work on my skills and get another decent job 04:21 < redrabbit> i mostly need the multiple sims 04:22 < redrabbit> not a lot of data 04:22 < ScriptGeek> I use about 1gb of data on my phone 04:22 < ScriptGeek> I think I have up to 5gb to use before they cap me 04:23 < ScriptGeek> I'm not really sure, I haven't kept up with all their changes they've been doing over the years 04:25 < ScriptGeek> It used to be unlimited with a 5gb cap. Go over the cap and they cut your speed for a month. Go over twice in 6 months time and they cut it permanently 04:25 < redrabbit> awus036h is the range king 04:25 < TV`sFrank> welcome to ScriptGeek's blog 04:25 < redrabbit> its worth getting one to compare 04:25 < redrabbit> TV`sFrank: stfu 04:28 * orlock breaks out the popcorn 04:28 < mateothegreat> pass the butter 04:29 < mateothegreat> oo you got m&m's, yea that too 04:30 < ScriptGeek> Sounds like I'm a pretty interesting lunatic 04:32 < ScriptGeek> redrabbit: I was just checking this out: https://null-byte.wonderhowto.com/how-to/guide-wi-fi-cards-and-chipsets-0167915/ 04:32 < TV`sFrank> s/interesting/lonely/g 04:33 < redrabbit> are you projecting right now buddy? 04:33 < ScriptGeek> They say the atheros chipset is the bestest and the alfa awus036nha is the one to get 04:33 < orlock> TV`sFrank: Because your life is obviously full of interesting things going on? 04:36 < ScriptGeek> I just ran across this link: https://null-byte.wonderhowto.com/how-to/buy-best-wireless-network-adapter-for-wi-fi-hacking-2017-0178550/ 04:36 < ScriptGeek> It has my adapter on it, I'm famous! lol 04:41 < ScriptGeek> I can even plug it into a cute little fuzzy Raspberry Pi 04:41 < redrabbit> i haqve 04:42 < redrabbit> i have the awus036nha as well 04:42 < redrabbit> the range is not better its a bit worse 04:42 < ScriptGeek> awww darn it 04:42 < redrabbit> but speeds are better 04:42 < redrabbit> its a tradeoff 04:42 < ScriptGeek> range is king in my application, tho 04:42 < redrabbit> if you are closer, its better 04:43 < redrabbit> awus036h 04:43 < ScriptGeek> it would be nice to be able to sit on top of a hill and scavenge all the wifi lol 04:44 < redrabbit> i have some packet cap of a free wifi public auth if you want to try to reverse the code 04:44 < ScriptGeek> not sure what that is... I feel like a noob haha 04:45 < redrabbit> anyway awus036h has the better range 04:46 < redrabbit> it uses 10x as muchpower though 04:46 < ccqwtxt> I have that one and it's really resource intensive 04:46 < redrabbit> on battery the awus036nha is better for long runs 04:47 < ccqwtxt> eh wait I have awus036nh 04:47 < ScriptGeek> ccqwtxt: that's the one I have 04:48 < ScriptGeek> I just read a bunch of stuff and now I'm not any smarter... this requires some background before diving into. 04:50 < redrabbit> no you build that by diving 04:51 < orlock> Wow ##mikrotik is an abandoned channel full of insecure fuckwits 04:51 < TV`sFrank> 04:51 < ScriptGeek> that wonderhowto.com article says the adapter I have is " a b/g/n adapter with an absurd amount of range" 04:52 < ccqwtxt> +1 to redrabbit on building by diving 04:52 < ScriptGeek> how do we give points? 04:53 < redrabbit> TV`sFrank: you are a sad person 04:56 < ScriptGeek> it would be better to have an antenna array... like have a bunch of motorized antennas that stick out of my car everywhere, I just push a button and have it grow into a porcupine 04:56 < redrabbit> or 4 pannel antennas 04:56 < redrabbit> no motors 04:56 < redrabbit> +4 cards 04:57 < redrabbit> ideal/realistic 04:57 < ScriptGeek> that would be much more reasonable and much less ridiculous lol 04:57 < redrabbit> stick out off the roof window 04:58 < ScriptGeek> I don't have a sun roof, though... maybe I should have bought the other car 04:58 < ScriptGeek> but the other car had twice the miles on it and it was more ragged 04:58 < redrabbit> eh its only fun once in a while 04:59 < ScriptGeek> here we go: https://www.amazon.com/Wireless-Directional-Antenna-Booster-Connector/dp/B00VK0FFKO/ref=pd_sbs_147_4?_encoding=UTF8&pd_rd_i=B00VK0FFKO&pd_rd_r=0FTF7ADC3MBFZT3VY3V4&pd_rd_w=dfVML&pd_rd_wg=vrtFt&psc=1&refRID=0FTF7ADC3MBFZT3VY3V4 05:00 < ScriptGeek> it might not fit, though 05:00 < redrabbit> i have one its fine 05:00 < ScriptGeek> well, it might not fit inside the car lol 05:00 < redrabbit> maybe mines shorter 05:01 < redrabbit> yeah 05:01 < ScriptGeek> it says it's rated for 30 watts... so it'll be effective with my measly 1 watt? 05:01 < redrabbit> better are thoses inside a plastic tube 05:01 < ScriptGeek> oh, so like a yagi inside a tube? 05:01 < redrabbit> yeah 05:06 < ScriptGeek> I tried taping some aluminum foil halfway around a plastic water bottle and putting my omni directional antenna inside it and I was able to get a stronger signal, but it was unwieldy making it impractical 05:17 < ccqwtxt> I'm slowly building up my home lab; just got my hands on a free 26-port gigabit smart switch with PoE 05:21 < orlock> ccqwtxt: Cisco "SG" switch? 05:21 < ccqwtxt> ding ding you got it 05:21 < ScriptGeek> that's pretty cool, what are you going to do with it? 05:22 < orlock> ccqwtxt: You know how i guessed that? 05:22 < orlock> ccqwtxt: Theres a reason it was free 05:22 < ccqwtxt> sigh 05:22 < ccqwtxt> so tell me then 05:23 < orlock> ignore the cisco logo, it's not usefull for any sort of "home lab" work that you would use a cisco for 05:24 < ccqwtxt> ScriptGeek That's a great question... I do DevOps stuff all in the cloud by day, not much chance to work with network hardware yet in my young career. Maybe I'll set up a raspberry pi cluster and just poke around a little 05:24 < orlock> and as far as being "managed" the management is a pile of crap 05:24 < ccqwtxt> bleh 05:24 < orlock> If you want to get all devopsy with your network configuration, it's not the sort of switch you want 05:24 < ccqwtxt> That's too bad 05:25 < orlock> If you just want to redistribute PoE to your IP cameras or something though so yo ucan run them all from UPS, it should do 05:25 < ScriptGeek> ccqwtxt: what sort of DevOps stuff? Is that like special forces clandestine black ops, Tom Clancy style? 05:25 < ccqwtxt> orlock, sounds like you've had to deal with this thing a little too much 05:26 < ccqwtxt> ScriptGeek heh well I guess I wear a lot of black 05:26 < orlock> ScriptGeek: speaking of rpi, you may run into issues getting any "high performanc" wifi adaptors to work on the rpi 05:26 < ScriptGeek> orlock: rpi? 05:26 < ccqwtxt> raspberry pi 05:26 < ScriptGeek> oh 05:27 < orlock> DevOps means that you tweak a script and redeploy a server to change one line in an apache config 05:27 < orlock> servers as cattle vs pets 05:27 < ScriptGeek> orlock: aww, that sounds sad =( 05:27 < mateothegreat> lol nice one 05:27 < ccqwtxt> I do terminate lots of orphans 05:27 < orlock> automated builds and deploys, dont fix the server, fix the script that builds them 05:27 < mateothegreat> my servers are pets, loved by ansible 05:28 < ccqwtxt> mine are puppets I kick 05:28 < mateothegreat> but I'm an abuser 05:28 < orlock> ScriptGeek: rasberry pi's have marginal USB power, or they did, at least 05:28 < ScriptGeek> sounds like good jobs, tho 05:28 < ScriptGeek> orlock: how about the new rpi 3? 05:29 < ccqwtxt> ScriptGeek-- re Ops, I love it tbh 05:29 < ScriptGeek> I think it's still stuck in the dark ages of usb 2.0, tho 05:31 < ScriptGeek> oh wow, check this out: https://www.zdnet.com/article/raspberry-pi-clone-libre-renegade-35-gets-you-android-usb-3-0-and-4k-video/ 05:34 < orlock> ScriptGeek: not rpi, but i really like the gl.inet pocket routers 05:34 < ccqwtxt> So, orlock, if my free switch is sad, do you have recommendations for a nice homelab switch? 05:34 < orlock> Something that runs IOS, usually? 05:35 < ccqwtxt> Oh this pocket router look nice 05:35 < orlock> they run OpenWRT from the factory 05:35 < orlock> lots of different models too with different hardware changes 05:39 < ScriptGeek> which pocket router? 05:39 < orlock> https://www.gl-inet.com/ 05:39 < Kingrat> i would say for a homelab, get what you are comfortable with or if possible get something similar to stuff you will be working with 05:40 < ScriptGeek> orlock: wow, that's pretty cool, they're like miniature computers that look upgradable 05:40 < orlock> ccqwtxt: if you are working Devops, surely you can just grab a reporposed cisco from work? 05:40 < ccqwtxt> We're 100% in the cloud-- tiny company 05:40 < orlock> not really upgradable 05:41 < orlock> s/in the cloud/on somebody elses computers/ 05:41 < ccqwtxt> yup 05:41 < ccqwtxt> so, somebody else's switches far away that I can't grab 05:42 < ScriptGeek> you can't just virtually grab it? =p 05:42 < ccqwtxt> I'll... send a GET request... 05:42 < ccqwtxt> (womp..) 05:42 < mateothegreat> 403 05:42 < mateothegreat> bill is past due, got decomm'ed 05:42 < ccqwtxt> Naturally 05:44 < ScriptGeek> orlock: I have dumb question... what do you do with those routers? 05:44 < orlock> Some go on robots 05:45 < orlock> but usually as general purpose network glue 05:45 < ScriptGeek> interesting 05:45 < orlock> to do things like bridge an EoP network to wireless 05:45 < orlock> and then to break the EoP back out to wireless at the other end 05:46 < orlock> as the EoP runs over a cable into a building thats otherwise a faraday cage due to its construction 05:46 < ScriptGeek> makes sense 05:46 < orlock> used to use one as my main internet gateway till i upgraded to a 1900ACS 05:49 < fnDross> anyone know much about lede? 05:50 < fnDross> trying to see if i can send all clients dns to opendns, except for the xbox's mac 05:51 < ScriptGeek> dunno about that. Have you heard of pi holes? 05:51 < fnDross> ie: config tag 'lan' option mac '!xx:xboxmac:xx' list dhcp_option'6,opendns1,opendns2' 05:52 < ccqwtxt> Isn't LEDE being remerged into OpenWrt? 05:52 < fnDross> ive been tinkering with an arduino nano before i had todo something about my routers 05:53 < ScriptGeek> Idk much about openwrt, but I've messed with ddwrt quite a bit 05:54 < ScriptGeek> I even installed some newer version of ddwrt on an old netgear router that wasn't supposed to handle it 05:54 < xz> hi there. I'm in corporate environment. I have 2 machines inside the lab. I plugged both of them to network, they got IP from IT owned router that I have no access to. Now I can ssh to one of them from desk (different network) no problem, but another one is unaccesible. I run traceroute from desk and there is 6 hops between me and that *working* ma 05:54 < xz> chine, but the other not-working machine just times out after 3 hops. What can I do in that situation? 05:54 < ccqwtxt> fnDross I'm pretty sure if you're considering LEDE at this point it's more worthwhile to go with OpenWrt. But I don't know that much about LEDE. 05:54 < xz> and could it be maybe hostname related? they are similar Ubuntu 16.04 machines 05:55 < fnDross> lede=openwrt 05:55 < ScriptGeek> xz: running a firewall on one of them? 05:55 < xz> ScriptGeek, I disabled ufw already, iptables have no entries 05:56 < ScriptGeek> running antivirus? 05:56 < fnDross> ccqwtxt: openwrt split, lede was born...lede takes over openwrt prj 05:56 < fnDross> from what ive heard 05:56 < ccqwtxt> hm very interesting 05:57 < xz> ScriptGeek, I haven't installed any antivirus, it's pretty much vanilla Ubuntu. I think it might be firewall related somehow just don't know what else to check other than ufw/iptables 05:57 < fnDross> the very interesting part has been the path of BS ive been doing to stay online 05:57 < ScriptGeek> xz: I wish I knew more about Ubuntu/Linux to help more 05:58 < mateothegreat> xz: did you compare the routing tables? 05:58 < xz> mateothegreat, nope, how do I go about that? 05:58 < mateothegreat> otherwise, swap the ports.. the switch/router could be blocking your second box 05:58 < xz> netstat -r ? 05:59 < ScriptGeek> The gateway for one machine might not be sending to the right ip, like mateothegreat is getting at 05:59 < mateothegreat> xz, route -n ... ip route .. netstat -r 05:59 < xz> I actually tried disconnecting/connecting, swapping cable between the two, changing MAC address on the faulty one 05:59 < xz> still no luck 05:59 < mateothegreat> check the interface for errors 05:59 < fnDross> bad electricity in my unit now, keep blowing pc's/psu, routers with hackable fw, too slow hw / slow 566mhz pcs 05:59 < xz> ok routing tables are significantly different 05:59 < mateothegreat> heh 06:00 < mateothegreat> pastebin if you need a second eye 06:00 < ccqwtxt> fnDross that sounds like a nightmare... 06:01 < orlock> xz: Are your Corp. IT overloards aware of both systems? They dont require MAC whitelisting or x509 certs or thing slike that? 06:01 < orlock> Maybe per-port macs stuff 06:01 < orlock> etc etc 06:02 < orlock> xz: also, log a ticket. 06:02 < Criggie> fnDross: time to UPS everything you care about. 06:02 < orlock> log a ticket log a ticket, LOG A TICKET. 06:02 < mateothegreat> you got that ticket number 06:02 < orlock> If there's no ticket number, the problem doesnt exist. 06:03 < ScriptGeek> that's harsh 06:03 < orlock> mateothegreat gets it 06:03 < xz> orlock, I don't think so. Our IT is not the brightest one in the world and I usually just connected machines to the wall socket and that was enough. The ticket will go to puerto rico and end up there. 06:03 < fnDross> been in a rut for a bit now, so $$ isnt there to properly do things... buyin used routers for 3.99/4.99 06:03 < xz> https://paste.pound-python.org/raw/0qeFLkutk2sWSxgH0P9p/ 06:03 < xz> ScriptGeek, ^ 06:04 < orlock> -n that please 06:04 < orlock> for pure numeric's 06:04 < mateothegreat> xz, you have 3 default routes going out your 3 interfaces 06:04 < mateothegreat> disable them 06:05 < fnDross> Criggie: already have 1 ups for the routers/modem/server in the basement 06:05 < fnDross> server as in pos notebook 06:06 < ScriptGeek> point of sale notebook? 06:06 < fnDross> piece of sh*t 06:07 < ScriptGeek> teehee 06:07 < ccqwtxt> sometimes a POS system is both 06:07 < Criggie> perfection of service 06:07 < xz> mateothegreat, ok, I did route del default 3 times 06:07 < fnDross> acer aspire netbook i think it is 06:07 < Criggie> I did it twice, by mistake, on a remote firewall. 06:07 < Criggie> had to phone custy and ask for a reboot, twice. 06:08 < ScriptGeek> fnDross: I have one of those, it's a D255E I think, maxed out with 2GB ram 06:08 < mateothegreat> xz: so now add a default route matching the gateway rnb7a-asdfasdf like on your other box 06:08 < ScriptGeek> intel atom cpu, entire system uses 9 watts on max load, 6 watts idle 06:09 < fnDross> ScriptGeek: i had to fix mine with another dead netbook 06:09 < ScriptGeek> fnDross: awww =( rip poor netbook 06:09 < fnDross> previous owner dropped one, killed hd, and punched the screen of the other 06:10 < ScriptGeek> fnDross: lol 06:10 < ccqwtxt> foo maxed out with 2gb of ram 06:10 < fnDross> and the battery wont charge XD 06:10 < ccqwtxt> I got a 2007-era ThinkPad from work; they sold it to me for like 50 bucks 06:10 < ccqwtxt> I love it. 06:10 < Criggie> worth it! Got any more ? 06:11 < fnDross> right now im on a p4t 1.5ghz 2gb ide hd 06:11 < ccqwtxt> I need to get some money together to put an SSD in it, etc, but it's amazing. Nah, just the one 06:11 < ScriptGeek> I wonder if it's easy to build a custom battery for those... like get a bunch of those AA lithium iron batteries and stuff them inside the old lithium ion battery case 06:11 < ccqwtxt> yeesh 06:11 < Epic|> I got two t420s for $25 06:12 < Epic|> Guy put a USB key in a slow backwards. They won't boot with shorted USB pins 06:12 < Epic|> Slow\slot 06:12 < ccqwtxt> oh no way 06:12 < fnDross> firefox doesnt like the internet being on this rig 06:12 < xz> mateothegreat, it says 'unknown host' and doesn't add that route :/ 06:12 < ScriptGeek> how do you put anything USB in backwards? 06:12 < ccqwtxt> Are you replacing the USB plugs? 06:13 < ccqwtxt> ScriptGeek that's a good practical question that I have too lol 06:13 < fnDross> youtube takes about 45/50sec-2mins to load 06:13 < mateothegreat> he has beastly hands 06:13 < mateothegreat> xz: are you sure this box does not work when you swap cables/ports with the working one?? 06:14 < mateothegreat> xz: are you using dhcp? 06:14 < Epic|> Scriptgeek, force 06:14 < Epic|> Use enough force and it scrapes the conductors off the board 06:14 < ScriptGeek> awwww, that's too bad =( 06:14 < Epic|> Pin. W\e 06:14 < Epic|> I just straightened them out 06:14 < ccqwtxt> Jeez. Guy must've had an anger problem 06:14 < xz> mateothegreat, current configuration is: wall socket (1) goes to switch (2) then switch (2) goes to working box + not-working box 06:15 < xz> mateothegreat, then not-working box is also connected to another wall socket 06:15 < Epic|> Or retard strength 06:15 < ccqwtxt> it happens 06:15 < xz> maybe it's some spanning tree problem? should I disconnect one cable from not-working box? 06:15 < mateothegreat> unplug everything, connect only the cable and port to get your box on the LAN 06:15 < mateothegreat> you're probably routing to the same place anyway 06:16 < mateothegreat> unplug the extras, reboot 06:16 < xz> ok so I will unplug spare cable and have it be connected only to switch (1) the same way working box is connected, does that make sense? 06:16 < xz> sorry, switch (2) I meant 06:17 < mateothegreat> exactly 06:17 < xz> ok 06:17 < xz> that will take a while, it's a server that boots 10min 06:17 < mateothegreat> my prolliants do the same heh 06:17 < mateothegreat> you could just restart networking .. but a reboot would probably do some good 06:18 < fnDross> ccqwtxt: from learning linux/lede/deeper networking(aside from stock fw) this is the hell ive managed to put together >> https://ibin.co/3wZx0gWjNDUu.jpg 06:19 < Epic|> https://rover.ebay.com/rover/0/0/0?mpre=https%3A%2F%2Fwww.ebay.com%2Fulk%2Fitm%2F173103653990 06:19 < Epic|> Good lrice 06:19 < fnDross> on a phone/pc when i had one 06:20 < xz> mateothegreat, so now only one interface is connected and machine is booting 06:21 < mateothegreat> xz, good work 06:21 < xz> it's a great machine btw. 88 cores with NVMe supermicro 06:21 < xz> and 128GB RAM 06:21 < xz> or 160 06:22 < fnDross> ccqwtxt: also dont have it jtag'd/serial, so if the config is wrong.. i have to reflash it via wan port 06:22 < mateothegreat> I'll send you an address.. I need to inspect it :) 06:22 < Epic|> Which system? 06:22 < Epic|> I love supermicro 06:22 < fnDross> (isp issues 3 ips) 06:23 < ccqwtxt> fnDross this looks like it was fun to put together 06:23 < ccqwtxt> and 2 xboxes heyy 06:26 < xz> Epic|, that's what is says on the sticker: S2600CW2W-IDD 06:26 < xz> Epic|, but it was custom built with extra NVMe card and couple other things 06:27 < Epic|> $? 06:27 < fnDross> just need a couple final touches with dnsmasq syntax 06:28 < xz> Epic|, my dept paid for it $2500 06:28 < xz> Epic|, but it's worth probably much more than that 06:28 < xz> Epic|, they have some deals 06:28 < fnDross> send all clients on 2.0/ to opendns family, except the xbox 06:28 < xz> ok after rebooting with single interface connected now it's working back again, hurray! 06:29 < Epic|> I don't think that's the supermicro part nunber 06:29 < xz> maybe it was some spanning tree problem after all? 06:29 < xz> yeah it seems like a motherboard model 06:30 < orlock> spanning tree should only have kicked in if they were bridged 06:34 < mateothegreat> xz, having multiple interfaces, and multiple **default** routes is not a good thing.. I'd disable allowing the other interfaces to alter the routing table 06:35 < mateothegreat> you can do that in networkmanager or running `nmtui` or by editing the networking script/conf 06:35 < fnDross> ccqwtxt: so this IS setup right/sorta..? 06:36 < xz> mateothegreat, thanks for your help! 06:37 * mateothegreat bows 06:52 < grawity> having multiple default routes is perfectly fine as long as they're in different routing tables, or if they're ipv6 source-specific routes 06:52 < grawity> networkmanager is slowly adding support for policy routing to implement the former 07:16 < Logg> how do I configure dnsmasq (as a dns server) to service multiple subnets? I can ping it, and I get an ip address from the same computer, and other computers on the same subnet can look up dns entries, but from a second subnet, it doesn't work 07:17 < applefarts> logg it is a easy to configure dhcp server and dns forwarder 07:18 < grawity> Logg: elaborate on "doesn't work" 07:19 < grawity> have you checked whether dnsmasq is receiving the queries, and whether it's sending replies, and whether they go via the right interface 07:19 < phirephly> Logg, a pastebin of your config would be helpful. I dont remember what the defaults of listen-address, etc are. 07:20 < Logg> I think it's just an empty config honestly. But what "doesn't work" mean, if I type "nslookup" on a windows computer connected to the second subnet, "DNS request timed out." 07:21 < phirephly> lol. k. I'm stumped then 07:21 < applefarts> your computer has a virus 07:22 < Logg> :thinking_face: 07:22 < grawity> I'd be surprised if it acted as a completely open resolver with an empty config 07:22 < applefarts> no 07:22 < Logg> I chose dnsmasq because of how easy it was to make it start working. Just add entries to /etc/hosts and it knows what to do. 07:22 < Logg> So I haven't touched the config. 07:22 < phirephly> then it's nowhere near empty 07:23 < phirephly> the default config is like 600 lines 07:23 < Logg> well, every line in /etc/dnsmasq.conf looks commented out, except conf-dir, which points to an empty directory. I can pastebin it though 07:26 < phirephly> the output of "ifconfig" and which subnet it works on/doesnt work on would also help your chances of getting help 07:27 < grawity> or `ip addr` if it's Linux, because ifconfig lies 07:27 < phirephly> fair. I'm still purging ifconfig from my muscle memory 07:27 < Logg> It's Centos 7, yeah. 07:29 < orlock> phirephly: damnn it's hard isnt it 07:29 < orlock> 2 decades down the drain 07:30 < orlock> Like trying to see a service name by typing in /etc/init.d/ and hitting tab a few times 07:30 < grawity> hey feel free to fix all the bugs in it and continue using it forever 07:31 < orlock> grawity: Got an example of an ifconfig issue? Purely curiousitys sake 07:31 < phirephly> grawity, pftht. I don't even have time to fix bugs in software I'm listed as the maintainer for 07:31 < Logg> https://pastebin.com/ve5eERdN my empty dnsmasq.conf 07:31 < Logg> output of "ls -a /etc/dnsmasq.d" is ". .." 07:31 < grawity> orlock: doesn't show more than the 1st IP address per interface, if they don't have :aliases 07:32 < orlock> i wonder when distro's will start correcting the location of the ping source code 07:32 < grawity> or rather the API it uses to retrieve IP addresses has no concept of "multiple addresses" as far as I know 07:33 < Logg> output of `ip a`: https://pastebin.com/raw/jzq7qXq6 The server runs as a vm host with eno2 bridged on eno2br1 to the virtual machine. the server runs on eno1. 07:35 < phirephly> both of these interfaces are on the same subnet? 07:35 < grawity> it's indeed the same 10.10./16 :| 07:35 < grawity> orlock: same with `route` and fancy routes (like ECMP); it'll show you the first nexthop and that's it 07:36 < Logg> the other subnet that I want it to work from is 10.20/16. Router on a stick already working, can route between the two subnets. 07:36 < grawity> huh in fact you have *three* interfaces belonging to the same /16 07:36 < grawity> well in that case investigate especially the last part of what I said earlier 07:36 < grawity> do your replies go through the correct interface? 07:37 * phirephly quietly backs away due to this list of interfaces 07:37 < grawity> do you have a specific route for 10.20./16 or does it just follow the default route 07:37 < Logg> Do I use wireshark to confirm that or... 07:37 < grawity> either that or tcpdump 07:37 < grawity> might start with `ip route get 10.20.123.123` though 07:37 < Logg> a specific route for 10.20/16 where? 07:38 < phirephly> I'm willing to bet dnsmasq doesn't service DNS requests from not directly attached subnets by default. That might be how they prevent being an open resolver by default 07:38 < Logg> well that's what I was thinking phirephly 07:38 < grawity> easy to find out 07:38 < Logg> never used tcpdump before. 07:42 < phirephly> --local-service: Accept DNS queries only from hosts whose address is on a local subnet, ie a subnet for which an interface exists on the server. This option only has effect if there are no --interface --except-interface, --listen-address or --auth-server options. It is intended to be set as a default on installation, to allow unconfigured installations to be useful but also safe from being used for DNS amplification attacks. 07:42 < phirephly> Logg, Specify some listen addresses or interfaces 07:43 < phirephly> that disables the default of only serving directly connected subnets 07:46 < Logg> Okay, I'll try it, phirephly. tcpdump is an interesting program. I can see the dns server receiving dns requests. teamviewer is apparently very upset it's not online. 07:47 < ccqwtxt> Logg try this https://jvns.ca/tcpdump-zine.pdf 07:47 < Logg> lol, I will definitely read this later 07:47 < ccqwtxt> Lots of stick figures, but to the point 07:48 < grawity> no, http://packetlife.net/media/library/12/tcpdump.pdf is "to the point" 07:48 < ccqwtxt> depends which point, how pointy of a point 07:49 < Logg> I figured out a command that works. https://pastebin.com/raw/5SqqEVD1 07:50 < grawity> so queries are arriving; do you see replies on *any* interface? that is, not just eno1 07:50 < Logg> lots of incoming, I think none outgoing. and pings are apparently going out eno2 07:50 < grawity> though it's likely to be --local-service as phirephly mentioned 07:50 < Logg> yeah, I definitely want to try that, but tcpdump is really cool 07:51 < orlock> if you think tcpdump is cool, you should see wireshark 07:51 < orlock> Not creat for command line though 07:51 * tcpdump is glad you guys think he's coo. 07:51 < grawity> orlock: if you think that, you should see tshark 07:51 < phirephly> tcpdump, you da real MVP 07:51 < grawity> Logg: try --log-queries=extra in dnsmasq 07:51 < orlock> Oh, i know tshark. 07:51 < Logg> I use wireshark, but tcpdump is a commandline program which is great 07:52 < tcpdump> grawity: if you think that you should see pornhub. 07:52 < orlock> tshark usually just annoys me though, because its not tcpdump :) 07:52 < Logg> grawity, will try t. 07:52 < orlock> but generally, different usage cases 07:52 < orlock> tcpdump for obtaining data 07:53 < orlock> wireshark for sitting there staring at dumps and muttering under my breath 07:57 < Logg> grawity, no lines in /var/log/messages generated by dnsmasq about the computer on the second subnet I'm doing dns lookups on 07:57 < Logg> with that command line option --log-queries=extra 07:58 < Logg> will try what phirephly suggested 08:00 < applefarts> fav wireshark cli :: tshark -i int -c 100 -w 100packets.pcap 08:20 < pd2000> what are the naming conditions for changing a mac address value ? 08:34 < cluelessperson> hi all 08:34 < cluelessperson> could someone help me understand ipv6? 08:34 < cluelessperson> I'm trying to set it up with my unifi stuff 08:35 < cluelessperson> https://test-ipv6.com/ reports no ipv6 address detected 08:35 < cluelessperson> I think I'm stuck at DHCPv6 ? 08:39 < Ayeitzabee> cluelessperson, Does your ISP support IPv6? 08:39 < cluelessperson> Ayeitzabee: I believe so, I connected my laptop directly to the wall and got an ipv6 address 08:39 < cluelessperson> and that testing site reports it works 08:39 < cluelessperson> I"m unfamiliar with ipv6 though 08:39 < Ayeitzabee> IPv6 could be enabled on your lan but disabled on your WAN 08:40 < Logg> ipv6 addresses can be generated automatically. getting an ipv6 address doesn't mean it came from a dhcpv6 server 08:40 < cluelessperson> Ayeitzabee: ^ It seemed to work on the WAN directly, I just enabled it on the LAN 08:40 < orlock> pd2000: What do you mean? You can get a list of the assigned prefixes? 08:41 < Ayeitzabee> cluelessperson, What do you mean by WAN directly? It would first have to be NAT-ed through your router 08:41 < Ayeitzabee> (you)--->{Router}---->(internet) 08:42 < Logg> you don't HAVE to use NAT Ayeitzabee 08:42 < Ayeitzabee> Unless you are bridging and external IP then yes you do Log1x 08:42 < cluelessperson> Ayeitzabee: I literally connected to the ehternet jack in the wall and received an ip address from the ISP 08:42 < Ayeitzabee> Logg * 08:42 < pd2000> When spoofing mac address , what are the conditions that I can change the value to? 08:43 < Logg> pd2000, hexadecimal, 12 characters. 08:43 < Ayeitzabee> cluelessperson, What country do you live in? 08:43 < cluelessperson> Ayeitzabee: US ? 08:43 < Ayeitzabee> Is it your place? 08:44 < Ayeitzabee> Or like a school or something? 08:44 < cluelessperson> yes? 08:44 < Ayeitzabee> How many devices would you say you have connected onto the internet right now 08:44 < Ayeitzabee> Through your houses internet? 08:44 < cluelessperson> what kind of questions are these? 08:45 < Ayeitzabee> I am trying to figure out what type of network you have 08:45 < cluelessperson> Ayeitzabee: ISP Fiber Modem -> Cisco Switch -> My Given a public IPV4/6 address 08:45 < pd2000> But it doesn't exactly show what I had changed the value to , it changes the value but shows something else 08:45 < cluelessperson> the cisco switch may be acting as a router 08:45 < cluelessperson> and DHCP server 08:45 < cluelessperson> uncertain 08:45 < Ayeitzabee> The modem will be acting as the DHCP server 08:45 < orlock> Ayeitzabee: Maybe he has the point of view that every host on the internet may potentially want to connect to his TV. 08:46 < Ayeitzabee> orlock ahahaha or straight into his PC 08:46 < pd2000> also in some tutorial its written that while spoofing mac address , the first 2 letters should be DE 08:46 < orlock> Its not his LAN connecting to the internet.. the internet is conecting to his LAN! ;) 08:46 < cluelessperson> Ayeitzabee: ? 08:46 < Ayeitzabee> cluelessperson, Run a traceroute with IPV4 turned off on the computer and tell me what it does 08:47 < Ayeitzabee> orlock, I am the internet what are you talking about 08:47 < cluelessperson> not turning off ipv4 08:47 < orlock> pd2000: Well, if you are "spoofing" it, then you are spoofing.. 08:47 < Logg> pd2000, nonsense. the first 3 hextets belong to a hardware manufacturer, so if you want it to look "legit", use a real one. the last 3 hextets can be any value. 08:47 < orlock> pd2000: thats likely DEADBEEF as a semi-joke 08:48 < Ayeitzabee> cluelessperson, run a trace route to 2001:4860:4860::8888 08:48 < Logg> but you can use any string of hexadecimal, it doesn't matter pd2000 08:48 < orlock> or a reference to DEADBEEF 08:49 < orlock> use D4EC0C 08:49 < orlock> Pretend to be a motor bike! 08:49 < cluelessperson> Ayeitzabee: Like I said, I'm *trying* to configure it on the local lan 08:49 < orlock> make Broom Broom noises 08:49 < cluelessperson> you went off the tangent about ISP supporting it 08:49 < cluelessperson> it does 08:49 < Ayeitzabee> cluelessperson, Well turn on IPv6 on your modem away you go 08:49 < Ayeitzabee> But there is not point to using IPv6 locally 08:49 < cluelessperson> Ayeitzabee: That makes no sense 08:50 < orlock> Ayeitzabee: Sure there is 08:50 < orlock> Ayeitzabee: So you can let everybody connect directly to your TV without wasting precious ipv4 space 08:50 < Ayeitzabee> "Oh yeah, I have 100000000000 machines connected at once" 08:50 < Ayeitzabee> cluelessperson, What is hosting your DHCP? 08:50 < Ayeitzabee> ipconfig /all will tell you your DHCP server 08:50 < orlock> Ayeitzabee: s/ there is not point/i see no point/ 08:51 < orlock> Just because _you_ dont think theres a reason doesnt mean theres no reason 08:51 < Ayeitzabee> Maybe on like a botlan it would be useful 08:51 < orlock> cluelessperson: but he's asking the right questions - this all comes down to yuor local router/DHCP server 08:52 < cluelessperson> orlock: Which I'm trying to configure 08:52 < Ayeitzabee> What is your DHCP server? 08:52 < Ayeitzabee> Is it the modem? 08:52 < cluelessperson> I'm using a Unifi Security Gateway 08:52 < orlock> cluelessperson: So.. Configure it? 08:53 < orlock> https://help.ubnt.com/hc/en-us/articles/115005868927-UniFi-How-to-Implement-IPv6-with-DHCPv6-and-Prefix-Delegation-on-USG 08:53 < Ayeitzabee> ^ 08:53 < cluelessperson> I'm stuck at DHCPv6, DHCPv6 range 08:53 < orlock> cluelessperson: If DHCPv6 was selected on WAN then prefix delegation will be used for "IPv6 Interface Type". 08:54 < Ayeitzabee> cluelessperson, https://www.networkworld.com/article/2228449/microsoft-subnet/microsoft-subnet-ipv6-addressing-subnets-private-addresses.html 08:54 < orlock> If static was chosen on WAN, the options for IPv6 gateway/subnet must be filled in along with applying the correct DHCPv6 range if desired. 08:54 < Ayeitzabee> If you want to know what to set the address as 08:54 < Ayeitzabee> God I really don't see why everyone wanks over IPv6 so much, sure its great for WAN but inside LAN it is just a pain 08:54 < orlock> cluelessperson: https://help.ubnt.com/hc/en-us/articles/115005868927-UniFi-How-to-Implement-IPv6-with-DHCPv6-and-Prefix-Delegation-on-USG is how to do what you are asking in 8 steps 08:55 < orlock> Ayeitzabee: Some of us deal with bigger networks than others. 08:55 < cluelessperson> orlock: thanks, I'm guessing I'm just trying to understand which is appropriate 08:55 < cluelessperson> Ayeitzabee: Dude, If you replace IPV4 entirely with IPV6 you don't have to bother with natting at all 08:55 < cluelessperson> You can just firewall devices 08:55 < cluelessperson> no more subnetting 08:55 < orlock> cluelessperson: Do you statically configure your WAN ipv6, or get it via dhcpv6? 08:55 < cluelessperson> and I'm sure other shit 08:57 < cluelessperson> orlock: I don't know how to statically define my WAN's ipv6, and I think it only worked when I did dhcp6, now I'm attempting to configure the USG's "DHCPv6 Range" but it's unclear what what looks like. 08:57 < Ayeitzabee> ;_; 08:58 < Ayeitzabee> Thinking about not NAT-ing a LAN network makes me cringe 08:58 < Ayeitzabee> LETS ROUTE ALL THE ADDRESS 08:59 < cluelessperson> what? 08:59 < Ayeitzabee> HOLY FUCK WHY IS MY FRIDGE BUYING DILDOS OFF AMAZON 08:59 < Ayeitzabee> addresses* 08:59 < cluelessperson> Ayeitzabee: and you think it won't do that on IPv4? 08:59 < Logg> Ayeitzabee, firewall 09:02 < pd2000> ok the first 3 hextet should be from my original vendor and next 3 can be anything ? 09:03 < Logg> pd2000, that's what I said, yes. and also "the first 3 hextets can actually be anything too, they just might not be assigned" 09:04 < Logg> some hardware doesn't support mac spoofing. if you're having trouble spoofing, look into that possibility. 09:05 < pd2000> it actually changes but not to what i really want it to 09:07 < Logg> sounds like buggy driver/hardware or you aren't seeing the MAC correctly (don't take a random gui's word for it) 09:08 < pd2000> i am using registry to change it and checking it through cmd 09:09 < Logg> check with wireshark or some other network monitor 09:10 < Logg> and investigate if anyone has successfully spoofed mac on your network card 09:31 < TandyUK> Ayeitzabee: wtf is wrong with not using NAT (preferably ever)? 09:31 <+xand> what TandyUK said 09:32 < Logg> they forgot firewalls exist. simple misunderstanding 09:32 <+xand> NAT is a horrid bodge that breaks stuff 09:32 * xand looks around his uni campus with 1000s of devices with proper IPv4 addresses 09:37 < TandyUK> would be nice if someone could teach sonicwall how routing works 09:37 * TandyUK cringed when we got sonicwall tech to remote in and figure out wtf ipv6 wasnt working 09:37 < TandyUK> then saw him looking at the ipv6 nat policies page 09:39 <+xand> ew 09:39 < TandyUK> i mean why does that config page even exist 09:39 < TandyUK> its just wrong lol 09:39 < TandyUK> NPT I can just about deal with, and this makes a lot of sense 09:39 < Logg> so that vintage hardware made 4000 years ago will still work when the human population spans thousands of galaxies 09:40 < TandyUK> but the fact it lets you configure 1:1 nat policies in ipv6 just makes me lol 09:41 < TandyUK> sonicwall tz400 on latest firmware this is btw 09:49 < Ihaveadigbick> Hey, I have got an OpenBSD VPS on Vultr. I am trying to run OpenBGPD. The configuration looks fine, the remote host is reachable by telnet, the password is correct but it is not exchanging anything with Vultr router. Is there anything I might have missed? 09:49 < cluelessperson> Question, how am I supposed to know my IPv6 address block from my ISP? 09:50 < TandyUK> how are you allocating ipv6? 09:50 < TandyUK> if its SLAAC, theres no need for you to 'know' 09:50 < TandyUK> your router just figures it out 09:50 < TandyUK> if you want to statically assign stuff, your isp should have told you 2 ipv6 ranges, a /64 (or possibly /128) for use on the WAN side only 09:51 < TandyUK> and another somewhere between a /48 and /56, or possibly (and wrongly) a /64, which is routed to you over the WAN side 09:52 < cluelessperson> TandyUK: what I seem to be stuck on is DHCPv6 range 09:52 < TandyUK> you then pick ranges form this routed subnet to allocate to your networks 09:52 < cluelessperson> not sure what to enter 09:52 < TandyUK> ok need more info 09:52 < Ihaveadigbick> Can't you choose SLAAC? 09:52 < TandyUK> what exactly are you tring to configure, the LAN or WAN side? 09:52 < TandyUK> WAN should just be 'auto' aka SLAAC 09:52 < TandyUK> no dhcp involved whatsoever 09:53 < cluelessperson> TandyUK: Unifi Security Gateway (USG) WAN and LAN 09:53 < cluelessperson> no natting 09:53 < TandyUK> ok so wan, enable ipv6, SLAAC, and done 09:54 < TandyUK> lan side, enabled ipv6, and there should be some sort of box to enable Router Advertisement (RA) on your LAN, and tell it to do PD aka Prefix Delegation on the primary ipv6 address 09:54 < TandyUK> the router will then pick a /64 from whatever is routed to you over WAN, and advertise itself as a router to hosts on the lan 09:54 < Ihaveadigbick> Okay, the first things I did: (1) Installing OpenBSD 09:54 < TandyUK> well it'll pick based on your settings, but this should be a /64 09:55 < TandyUK> at its core, enabling ipv6 on lan shoudl be "tick, ipv6 on wan", "tick, ipv6 on lan", "click apply" 09:55 < TandyUK> thats literally it 09:55 < TandyUK> on top of that, you more than likely need some firewall rules to allow, eg lan ipv6 hosts to speak to the WAN 09:56 < TandyUK> and some rules to allow icmpv6 traffic inbound (at least certain types) 09:57 < cluelessperson> ping6 google.com 09:57 < cluelessperson> From sea15s12-in-x0e.1e100.net icmp_seq=1 Destination unreachable: Beyond scope of source address 09:57 < TandyUK> ok, and what ipv6 address do you have? 09:58 < Ihaveadigbick> (2) Checked connectivity. Ping ipv6.google.com works fine. (3) Pinging the router works. netcat works to the port, too. (4) Setting up config. BGPD is stuck at connect. the 09:58 < TandyUK> pastebin 'ip a' and 'route -n' output 09:58 < cluelessperson> TandyUK: fe80 looks like a local 09:59 < TandyUK> fe80:: is link local 09:59 < TandyUK> you dont have a public ipv6 then 09:59 < TandyUK> ie, RA isnt working 09:59 < TandyUK> does your router have proper connectivity on its wan 10:00 < TandyUK> and can ping6 google? 10:00 < cluelessperson> TandyUK: perhaps I need to reconnect after saving, will BRB 10:00 < TandyUK> just check your router first 10:00 < cluelessperson> TandyUK: not sure how yet 10:00 < TandyUK> no point testing your stuff behind router until you know _it_ works 10:01 < TandyUK> wel lfind the diagnostics > ping page on your router 10:01 < TandyUK> or ssh or whatever 10:01 < cluelessperson> brb 10:03 < pd2000> should we only can replace numbers to numbers and letters to letters while spoofing mac address ? 10:03 < TandyUK> pd2000: huh??? a MAC is in Hex 10:04 < Logg> pd2000, https://en.wikipedia.org/wiki/MAC_address 10:05 < Ihaveadigbick> pd2000: No. It's 0-9, a-f (hex). 10:05 < pd2000> okkk 10:25 < ^7heo> moin catphish 10:28 <+catphish> hello sirs 10:46 < TandyUK> mornin 10:49 < cluelessperson> TandyUK: sorry for disappearing so long 10:49 < cluelessperson> So yeah, not sure what the ipv6 address range getting handed down to the USG is 10:50 < cluelessperson> looks like eth0 shows an ipv4 address, and an ipv6 local address 10:53 <+xand> cluelessperson: you got the latest unifi controller that actually supports ipv6? 10:54 < cluelessperson> xand: I believe so. It's in the options and the firmware is fully updated 10:54 < cluelessperson> xand: oh, controller, definitely. installed freshly from their apt repo today 11:27 < TandyUK> its possible your isp isnt doing SLAAC 11:28 < TandyUK> what type of connection is your WAN? 11:28 < TandyUK> some uk isps are using pppoe with v6, and if you get the pppoe bit wrong, theres no ipv6 allocated 11:29 < cluelessperson> TandyUK: I'm not sure what to tell you for the type of connection 11:29 < TandyUK> some radius hack with the login, username@adsl.isp.co.uk == ipv4 only, but username@dualstack.isp.co.uk == ipv4/6 dual 11:29 < djph> TandyUK: well, he lives up to his nick :) 11:29 < TandyUK> lol 11:29 < cluelessperson> TandyUK: I didn't have to enter any username 11:30 <+catphish> TandyUK: that's clever 11:30 < TandyUK> its annoying lol 11:30 < TandyUK> connect to adsl. and you just dont get any ipv6 at all 11:31 < cluelessperson> TandyUK: this is Fiber Modem -> Their Cisco Switch -> My Ethernet port 11:32 < TandyUK> ok so is "Fibre modem" and "Their Cisco Switch" suporting and actually configured to pass ipv6 to you? 11:32 < TandyUK> speak to whoever "they" are 11:33 < cluelessperson> I believe so, because when I disabled IPv4 on my laptop, and set IPv6 to DHCPv6, it worked. (none of my Unifi stuff was in the loop) 11:34 < TandyUK> so you had to be using DHCPv6 rather than SLAAC? 11:34 < TandyUK> thats probably why it doesnt work, you need to tell the unifi to obtain its wan ip via shcpv6, and request a prefix delegation 11:35 < cluelessperson> when I attempt to configure the Unifi device with DHCPv6, it requests a DHCPv6 Range 11:35 < TandyUK> then it will get a /64 which it can route to you, and your machine behind the unifi allocates an ip from 11:35 < TandyUK> make sure youre configuring it on WAN, not a DHCPv6 server for your LAN 11:35 < TandyUK> its DHCPv6 client on WAN you are looking for 11:36 < TandyUK> probably in however it words "how do i get an ip" 11:36 < TandyUK> but on your WAN side 11:36 < cluelessperson> That is set, WAN IPV6 Connection type DHCPv6 11:36 < cluelessperson> (the other option is static) 11:36 <+catphish> wow, office365 is down :( 11:36 <+catphish> bad times 11:37 < djph> you sound surprised 11:37 <+catphish> more annoyance than surprise, my org uses it 11:37 <+catphish> although we're already migrating away 11:38 < TandyUK> erm its fine here 11:39 < frederik_> Can dnsmasq be used to relay WAN requests to a different DNS system while resolving LAN requests? 11:39 < cluelessperson> TandyUK: from the terminal, the security gateway appears to ping6 google fine 11:40 < cluelessperson> frederik_: yes, unsure how though 11:41 < djph> frederik_: should be able to, yes. Usually it's called "split-horizon" DNS 11:41 < frederik_> cluelessperson: Do you know what that type of system is called? 11:41 < frederik_> djph: perfect! 11:41 < TandyUK> ok, so post the details of its interfaces and ip assignments 11:41 < TandyUK> if its wan is working and such, next look at your lan, and how it is handing out ipv6 11:42 < TandyUK> on wan it should do dhcp, but needs to specify that it wants a prefix delegated to it for it to route 11:42 < TandyUK> otherwise the dhcp is just handing it an ip to use, rather than a subnet t odelegate to clients behind it 11:43 < frederik_> Would it accomplish sort of the same thing to have my router push my LAN DNS and, say, OpenDNS' servers to the clients on my network? 11:43 < cluelessperson> prefix delegation size is set to 64 on wan 11:44 < RtMF> frederik_: basically, the idea is to have it just straight-up proxy for some hosts while behaving otherwise as a normal recursive resolver authoritative for the domains/zones it knows? 11:44 < djph> frederik_: not really, no 11:44 < frederik_> RtMF: Yes 11:44 * RtMF glances at the early days of 74.207.244.165, back when it was uh....d 11:44 < RtMF> damn I forget 11:45 < RtMF> 45.56.90.76? 11:46 < frederik_> djph: No? What would happen in that case? Clients could potentially end up querying OpenDNS for something my LAN DNS should've resolved? 11:46 < RtMF> .xh was on dnsmasq for a very short while 11:59 < Logg> 8.0.0.85 13:11 < rendar> usually when i connect to a server_host:tcp_port, the kernel chooses the local port that i will use to connect to, but, can i choose it? if so, how? 13:17 < grawity> rendar: you can bind() to the desired local address and/or port before connecting 13:18 < orlock> some apps let you choose, some dont 13:19 < rendar> ok 13:20 < rendar> grawity: i know that, i often use bind(), i meant with those programs i'm not developing them 13:20 < grawity> you're not making the connection, the program is 13:20 < grawity> if the program doesn't call bind() itself, find a way to inject that call 13:21 < rendar> this is my question: a way to inject bind() call, i was wondering if there are some tools to do that 13:21 < grawity> Linux has tools based on LD_PRELOAD, Windows has tools based on hell knows what 13:21 <+catphish> does anyone know what an SMS message centre number does? 13:21 < orlock> our you could probably hack it via /proc 13:21 <+catphish> it's always puzzled me 13:21 < orlock> heya catphish 13:21 < orlock> you UK right? 13:22 <+catphish> i am not technically the UK, but i do live thee 13:22 <+catphish> *there 13:22 < ^7heo> dude 13:22 < ^7heo> this is internet. 13:23 < ^7heo> you can't write clever things and expect people not to interpret it as if it were dumb and full of typos. 13:23 <+catphish> oh yeah, sorry, yes i uk 13:23 < ^7heo> thanks. 13:24 <+catphish> i also eu 13:24 < grawity> well from a quick google, it seems to serve similar purposes to a SMTP server, e.g. store and redeliver if the recipient is unreachable 13:28 < orlock> catphish: I've mentioned the weird stuff faking being Uk before, right? 13:28 < orlock> i've noticed i think 4 or 5? 13:28 <+catphish> maybe 13:29 < orlock> UK domain registered to physical UK location with legit UK business behind it 13:29 < orlock> well, not legit 13:29 < orlock> but registered with companies house 13:30 < orlock> and netblock's from RIP 13:30 < orlock> RIPE 13:30 < orlock> but it's all bogus 13:36 < orlock> i wonder if it's happening elsewhere, or only the UK? or maybe the UK's the only place i notice? 13:47 < searchingchinese> r there any chinese speaker here 13:47 < searchingchinese> how do I find chinese speaker 13:48 < Logg> there's about a billion in china I've heard 13:48 < moog> :) 13:49 < ^7heo> I have a pair of chinese speakers 13:49 < ^7heo> but I left them at work. 13:49 < searchingchinese> but I need help translating "chi" 13:49 < ^7heo> however, they were 10 bucks 13:49 < searchingchinese> I think google translate translated it wrong 13:49 < ^7heo> so you can probably find any quite easily. 13:51 < helpmyhomework> what is the meaning of "chi" in chinese 13:53 < Logg> helpmyhomework, https://en.wikipedia.org/wiki/Qi 13:53 < helpmyhomework> no no no 13:53 < moog> g00gle said that "Chī" seems to be "Eat" 13:54 < helpmyhomework> I mean "chi" not Qi 13:54 < helpmyhomework> my friend said it means "go to" 13:54 < helpmyhomework> is it true? 13:55 < Logg> chi and qi, I think it's the same word. but this is ##networking not #chinese-help. 13:56 < helpmyhomework> oh I apologize. but goodbye 13:56 < helpmyhomework> I found it 13:57 < Logg> ok, have a good one. 14:07 < alanhuang> that was strange 14:07 < kbaegis> Anyone here know how to setup docker on ovs? 14:07 < alanhuang> for the record, "chi" and "qi" are different words 14:08 < wiresharked> What is OVS? 14:08 < alanhuang> and there are a number of different definitions of "chi" depending on tone 14:10 < Logg> noted, alanhuang 14:11 < Logg> wiresharked, probably https://en.wikipedia.org/wiki/Open_vSwitch 14:11 < wiresharked> So OFDMA does improve performance a little bit in 802.11ax, but of course the increase in performance is small 14:31 < wiresharked> Logg: So 802.11ax won't go out of the draft stage until 2019 14:33 < jax> hello 14:34 < jax> hm, one network device has just become unresponsive 14:34 < jax> i got 2 IPs on that NIC. is there a way to tell why it is not working anymore? 14:34 < wiresharked> jax: Does the NIC have an APIPA address? 14:34 < jax> the IPs are on the same subnet 99.22.68.111 and 99.22.68.222 14:34 < jax> assigned via iproute2 to the same NIC 14:35 < jax> no APIPA 14:35 < jax> two IPs assigned fix 14:35 < jax> it was working for the last 90 days... 14:39 < wiresharked> jax: The DHCP lease could be screwed up. You should check your settings 14:41 < jax> it is not via dhcp, it is statically assigned 14:41 < wiresharked> jax: Then the NIC might need to go in the trash 14:43 < Logg> or one of the network devices along the way 14:43 < wiresharked> Logg: Has he done a traceroute? 14:44 < Logg> don't ask me 14:44 < wiresharked> jax: What does traceroute state? 14:48 < jax> nevermind… figured it out 14:49 < jax> a subscription for an IP expired, so it wasn't being routed anymore 14:49 < jax> duh 14:49 < wiresharked> jax: So the static lease was expired 14:56 < spice_boy1> is anyone good with making applications in librenms? 15:00 < ne2k> I saw "PHP/MySQL-based" and stopped reading 15:04 < djph> ne2k: better than "IIS/MSSQL-based" 15:04 < ne2k> djph, there is that 15:04 < djph> ... but that's not exactly a high bar either :) 15:28 <+catphish> spice_boy1: "making applications in librenms"? 15:28 <+catphish> isn't it just a simple monitoring tool? 15:29 < spice_boy1> catphish they call applications specific things you can poll for 15:29 < spice_boy1> and have your own little daemon running on the host to monitor 15:29 <+catphish> ah ok, cool 15:40 < Purec> it's not specifically software networking related but what do you call those structures that is set on the floor to lay wirings under, typically server rack lies on top of this structure with flooring as well of course. 16:32 < TandyUK> raised flooring with cabletray underneath? 16:32 < TandyUK> or cabletray suspended from the ceiling? 16:32 < ^7heo> nah raised flooring with people underneath 16:32 < ^7heo> cable goes on top. 16:32 < TandyUK> 'containment solutions' is a common name for it here if youre looking to buy some 16:33 < TandyUK> cable containment that is 16:33 < TandyUK> theres also basket rather than cabletray 16:33 < TandyUK> https://uk.rs-online.com/web/c/cables-wires/cable-conduit-trunking-routing/cable-trays-baskets/ 16:33 < TandyUK> this shit 16:35 < djph> just make sure to loosen the floor tiles when the PHB wants to take a tour 16:42 < UncleDrax> I like to secretly replace one floor tile with a printed-on-paper replica 16:43 < UncleDrax> Winner gets a Workman's Comp claim paid vacation! 16:43 < bezaban> hehe, a friend realized why having some black and some white floor tiles was a bad idea 16:43 < bezaban> "I'll just step on this black tile.. OH NO, HOLE" 16:43 < UncleDrax> ya, prob not a great idea 16:44 <+catphish> https://pbs.twimg.com/media/ChinzjeWgAAeS2x.jpg:large 16:45 < UncleDrax> sounds legit 16:45 < UncleDrax> i dunno if hte title being truncated on the bottom is on purpose, but if so, it adds to the flavour 16:49 < djph> I think so 17:02 < karab44> hello 17:07 < karab44> some unknown smartphone appears from time to time on my network devices on Windows 10 17:07 < TandyUK> change your wifi password then 17:07 < karab44> I can only see its macaddress 17:07 < karab44> there are no ip or anything 17:07 < karab44> now another, different one, 17:08 < bezaban> I think windows does that for 'nearby devices' or something 17:08 < bezaban> seen quite a few posts on 'zomg somebody is hacking my wifi' 17:08 < TandyUK> i like my 14 year old laptop with no wifi/bluetooth/etc :P 17:08 < bezaban> but I wouldn't know as I haven't touched windows in quite a while 17:08 < TandyUK> runs windows 10 quite happily 17:08 < nickster> Best network security protocol is no networking :D 17:09 < karab44> the funny part is that my two devices that are connected to the same network are not visible 17:09 < TandyUK> and no screen, keyboard or mouse 17:09 < karab44> yeah it can't be hacked if it's turned off 17:09 < nickster> ^ 17:09 < TandyUK> you sure lol 17:09 < TandyUK> it cant be hacked if its not plugged in 17:10 < TandyUK> how off is off? 17:10 < karab44> just like stuxnet? 17:10 < TandyUK> as in plugged into the main, not a lan lol 17:10 < TandyUK> mains* 17:11 < TandyUK> things like wake on lan shoudl give you the clue that 'off' might not be quite as off as you think it is 17:12 < TandyUK> and IME with its lovely exploits 17:18 < _Pilot_> Hi. I’m sure you guys are very familiar with this issue. I’m trying to connect to a WPA2 in fedora 26 over a 17:18 < _Pilot_> Sorry, on phone. I’m trying to connect to WPA2 enterprise network but whenever I try to connect I just keep getting prompted for a password and never actually stay connected 17:19 < _Pilot_> Logs show I’m associating and authenticating before immediately disconnecting for reason 3. I do not have power saving enabled for the card 17:20 < _Pilot_> I’m trying to set up a wpa_supplicant conf, I get “device busy” errors, “wlp0s1 file needs to be deleted” errors, or some IOSET etc error 17:20 < Mattx> Hi all 17:21 < Mattx> Is there a way to benchmark an api endpoint? 17:21 < Mattx> I'm getting 10ms latency on my own benchmark, I want to know if I can improve that 17:21 < _Pilot_> *in trying to set up. Also, I found something on setting up an /etc/network/interfaces file but when I saw that that doesn’t even exist I decided to get on here 17:21 < Mattx> Specially since they have load balance so I'm connecting to a different server each time 17:21 < Mattx> I'm guessing there should be ways to get data even faster than that 17:31 < ||cw> Mattx: what are you trying to get from the benchmark? 17:32 < mawk> I need to port a 6LoWPAN stack to RTEMS 17:32 < ||cw> if it's an http api, the normal http bench tools should work for most things 17:35 < _Pilot_> Update: I created a wpa supplicant conf file with dubious success: running the conf with wpa_supplicant appears to enter the same assoc-auth-deauth loop 17:36 < _Pilot_> No, correction. I’m getting EAP-TLV result failure, authentication failed 17:39 < _Pilot_> Setting a driver to wext is what’s causing the ioctl error. I have a Ralink card 17:41 < _Pilot_> Using nl80211 doesn’t cause the ioctl error but I still can’t connect for the same reason 17:41 < Mattx> ||cw, the problem is this. I'm getting 10ms delays between I send the call and I get the response (I keep the connection open so it's not taking into account handshake etc) 17:41 < Mattx> I'm looking for a way to reduce that time if it's possible 17:42 < ||cw> Mattx: oh, well that's benchmarking the code, add some timestamp logging and figure out what the slow part is 17:42 < ||cw> you can't really figure that out externally, you have to use what your development stack gives you 17:43 < Mattx> it's only getting data from that server again and again, there's no much to benchmark on my side 17:43 < ||cw> if you're lucky, it has a profiler 17:43 < Mattx> but I think that maybe there are still ways to reduce it. for instance they do load balancing so they should have a faster (ie closer) server, I'm checking that 17:43 < ||cw> Mattx: what's you ping? 17:44 < Mattx> also not ferrifying ssl certificates should work, but not so much 17:44 < Mattx> not verifying * 17:44 < Mattx> they don't respond ping packages it seems 17:45 < ||cw> wait, 10 milliseconds? over the wide Internet? 17:45 < ||cw> <30ms is excellent 17:45 < Mattx> no, I'm running on an aws server next to them :P 17:46 < Mattx> (supposedly, don't know for sure because as I mention it seems they rented multiple servers in the same cluster) 17:46 < ||cw> so you're expecting sub-1ms network latency then? 17:46 < Mattx> sub 10ms 17:46 < ||cw> no, pure network, not the API 17:46 < Mattx> 1ms would be absolutely great, but anything below 10ms is better 17:46 < Mattx> oh ok, then yes 17:47 < ||cw> well, if you don't have access to profile the code on the server, you'll need to work with whoever can 17:47 < Mattx> I don't have access to their code but I can do whatever I want on my side. like choosing a specific server, resolving the address locally, etc 17:47 < _Pilot_> Had the wrong password lol. I got it now 17:48 < _Pilot_> Thanks for the help guys!! 17:48 < Mattx> ||cw, getting the ping latency would be great, that would be kind of a lower limit right? 17:48 < ||cw> yeah 17:48 < Mattx> I think there was a way to make a server respond to pings 17:49 < Mattx> even if they ignore the packages 17:49 < ||cw> thre are tools to ping a port instead of ICMP 17:51 < Mattx> I'm looking for that, let me see 17:52 < ||cw> nping is one, from nmap 17:54 < Mattx> nping is not available in aws (amazon linux or whatever it's called) 17:54 < Mattx> weird 17:55 < ||cw> it's part of nmap 17:55 < Mattx> never mind, it's part of nmap 17:55 < Mattx> yeah, just realized that 17:56 < rexwin_> I am getting Error 522 Connection timed out when I try to pull a page that is javascript but the website works fine. It works in US machine but not from my machine in Asia 17:58 < ||cw> rexwin_: so a browser works fine from asia? or not? 17:59 < rexwin_> browser works fine from asia just a Javascript page is not loading and gives 522 error 17:59 < ||cw> could be some firewall? 18:00 < rexwin_> I disabled the local firewall and checked and issue persists 18:01 < Mattx> Max rtt: 0.317ms | Min rtt: 0.239ms | Avg rtt: 0.264ms 18:01 < ||cw> ok, then it's in the code itself 18:02 < Mattx> probably their code yeah, mine does nothing except benchmarks 18:02 < rexwin_> how come the US machine loads the javascript without issues then? 18:03 < djph> some gateway in between chokes on it 18:04 < djph> ... isn't 522 bad gateway? 18:09 < Apachez> fermented gateway 18:11 < UncleDrax> HTTP 522 / Connection Timed out. I'd guess whatever is hosting that javascript include is treating the orginating IP from asia differently (or there's an intermediary network mucking with it) 18:11 < UncleDrax> although taht's appearently specifically a Cloudflare thing 18:11 < UncleDrax> so prob Cloudflare is just blocking it 18:12 < ||cw> rexwin_: local firewall isn't the only firewall. 18:14 < tsukuyomi> then I used aireplay-ng deauth 100 -a 08:86:30:74:22:76 wlan0mon to deauth the deauthenticate (I have my smartphone next to the router and I have noticed it deauthenticated successfully)then I used aireplay-ng deauth 100 -a 08:86:30:74:22:76 wlan0mon to deauth the deauthenticate (I have my smartphone next to the router and I have noticed it deauthenticated successfully) 18:14 < tsukuyomi> ops, wrong channel, my bad 18:17 < mikedd> so my dad is making a sort of pseudo-coworking space. He has 12 computers and what he wants is that whenever someone logs into any one of them with their user, they will access a drive space somewhere on the cloud. That way any user can use any computer and have the same files and installed programs available. 18:17 < mikedd> does anyone have...any idea how that is even called? 18:17 < mikedd> I don't even have an idea what to search for on google 18:17 < mikedd> he doesn't just want files...cause then like dropbox/gdrive or whatever 18:17 < skyroveRR> mikedd: NAS. Network Attached Storage. 18:17 < mikedd> he wants the whole user environment 18:18 < skyroveRR> Are you looking at a dropbox alternative to run from home, mikedd ? 18:18 < UncleDrax> that's more like a Remote Desktop enviroment then? 18:18 < UncleDrax> log in - get your 'own' desktop wherever you log in from ? 18:18 < skyroveRR> "installed programs available".... oops. 18:18 < mikedd> not sure..he said he would prefer to have it on the cloud so he doesn't have to maintain any servers locally 18:18 < mikedd> UncleDrax, yes, pretty much 18:18 < skyroveRR> Ohh. 18:19 < mikedd> I remember our university infrastructure was like that...I could go in the library and log in to any computer. the c: drive was the local one and the D drive or whatever was my space in the entire network 18:20 < mikedd> except he wants installed programs and user settings (wallpaper/screensaver etc) to be loaded from the cloud as well 18:20 < mikedd> not just files/docs 18:20 < UncleDrax> so there's a buncha commerical producst in that space.. like Citrix and VMWare's Virtual Desktop Infatstruvture. free-versions would likely be leveraging unix's X-terminal features 18:20 < UncleDrax> (I don't know what exists in the FOSS space specifically) 18:21 < mikedd> hm, fair enough 18:21 < mikedd> I'm looking at citrix, I've heard that name before...thank you :) 18:22 < mikedd> the type of users he will have will make light usage of it. Document processing, some accounting apps and most likely some moderate/intense internet browsing 18:23 < mikedd> basically, coworking space but without specifically reserved spaces. more like, first come first served 18:23 < mikedd> thus the need for that kind of infrastructure that he wants 18:23 < UncleDrax> in short, you have a central server that holds everyone's "desktop" (or creates it on the fly), and each "desktop" that someone logs into is a dumb-terminal that just connects to that remote device 18:23 < mikedd> that sounds about right 18:24 < orlock> ... is he asking for a webserver? 18:24 < skyroveRR> orlock: o.o 18:24 < UncleDrax> there are several ppl that make "dumb"-terminals. really they would just be super-low-end PCs that has a NIC, and a keyboard/mouse/video 18:24 < UncleDrax> since the terminal isn't doing any computing itself.. it's all on the central server 18:24 < orlock> skyroveRR: hah hah, only serious... 18:25 < tsukiyomi> does anyone have experience with the aircrack suite? 18:25 < orlock> i remember working with citrix only thin clients a few times 18:25 < skyroveRR> tsukiyomi: we won't help you break into your neighbour's wifi. 18:25 < mikedd> UncleDrax, that's also what I imagined he would need when i talked to him 18:25 < tsukiyomi> I don't need to, I have my own wifi and router. 18:26 < ||cw> mikedd: does he have a gigabit Internet connection? 18:26 < tsukiyomi> you're quick at making the wrong assumptions, skyroveRR 18:26 < UncleDrax> mikedd: poke around the Internet or maybe someone will know of a FOSS solution in that space that is turn-key 18:26 < ||cw> hosting desktops in the cloud is going to get pricey 18:27 < mikedd> ||cw, yep, we live in Romania..pretty much everyone has that :P 18:27 < UncleDrax> i'd host local,, or if you want to use 'cloud' term.. on a private cloud 18:27 < mikedd> yeah I told him the same thing...it'll get super costy to host stuff on the cloud 18:27 < ||cw> LTSP is the standard FOSS diskless client system, but you still need a local server to handle the dhcp/pxe/tftp parts at the very least 18:27 < UncleDrax> depends on your need though 18:27 < Logg> a VPS in "the cloud" 18:28 < ||cw> from experience, it can get laggy on 100mbit lan with more than a few users, internet latency is likely to be ugly 18:29 < mikedd> he has a friend who works at a company called Flex...they do some kind of network provisioning or something? apparently they met up and the dude is gonna get back to him in a few days with a price and a plan 18:29 < ||cw> but it also sounds like he wants windows dekstops? if he just wants roaming user profile, Active Directory does that well, and you can host than with Samba, no windows server needed 18:29 < mikedd> yeah, all MSWindows 18:29 < ||cw> I'm not sure if that Samba AD server can be remote, but I don't see why not with the right DNS configs 18:31 < ||cw> but for < 20 simultaneous users you could host that on a desktop-class PC with a simple mdadm mirrored disk to provide some uptime reliability 18:31 < mikedd> This is all..very over my head, haha. But thanks for all the great advice :) 18:32 < mikedd> I'm taking down notes of all this 18:33 < djph> ... how much you have to burn for licensing/ 18:33 < djph> ? 18:33 < djph> because ... ouch, that's gonna cost you ... 18:34 < ||cw> or, if he doens't want to get too deep into configing stuff, buy a synology NAS, it has a directory server, though i don't know if it does roaming profiles. 18:34 < ||cw> djph: samba AD doesn't cost any licensing at all 18:35 < djph> ||cw: no, but apparently msft redid their os licensing to be a clusterfuck 18:36 < ||cw> yeah, windows server standard 2016+ is per core now, with a 16 core minimum 18:36 * ||cw just bought one 18:37 < ||cw> but lower versions are cheaper, and 12 users would be fine on a lower version, if they wanted to stay all windows for some reason 18:37 < Epic|> Haha 16 core min 18:37 < ||cw> well, 12 devices, I'd go per-device CAL in this case 18:37 < Epic|> They went per core due to virtualizing 18:38 < Epic|> Hence vmwares cores per socket configuration opions 18:38 < ||cw> Epic|: yeah, i get 2 VM installs for my 16 core buy 18:38 < ||cw> even though my hosts are only 8 core :( 18:38 < ||cw> still, it's about $10 less than last time I bought 2012, so really I'm not complaining 18:38 < detha> how long until virtualization products sprout options to 'misrepresent' # cores? 18:39 < ||cw> detha: no, it's hardware cores. what the OS sees is irrelevant 18:39 < ||cw> in an audit they'll look at the actual CPU 18:39 < UncleDrax> how long? i thought you could do that now 18:40 < Epic|> It is annoying to have to specify cores for a guest 18:40 < Epic|> Should be specify max GHz, reserve, priority 18:40 < UncleDrax> most HV solutions allow 'defaults'. if the problem is the actual click-clicking 18:40 < ||cw> yeah, you can tell a guest it as 1 cpu and 4 cores, or 4 1 core cpu's, in most cases it performs exactly the same 18:40 < detha> ||cw: orchestration..... preaudit scripts to temporarily limit # cores, postaudit scripts to push it up again 18:41 < ||cw> Ghz != cores 18:41 < Epic|> I want my winderz vm to have all the GHz to rrencode video but I also want nas to have all the perf it needs 18:41 < Epic|> These things are at odds 18:41 < ||cw> vmwre allows that 18:41 < ||cw> you can overcommit and set priorities 18:42 < ||cw> like, if you have 8 cores, you could assign 6 to the encoding vm and 6 to the nas VM, and set the NAS higher priority 18:43 < UncleDrax> or some HVs have resource-pool shares and junk 18:44 < Epic|> Yeah but there's also a performance pe alty in setting high core counts due to requiring an equal number of cores to be open for threads 18:44 < hweaving> Hail 18:45 < UncleDrax> well ya there will be some overhead/penalty for running a thing as a VM. (although it's pretty small these days) 18:45 < hweaving> I'm using ye olde inet_pton() to convert a text IPv6 address (fe80::1:2:3 or whatever) into a binary address (in_addr6 inside a sockaddr_in6). Is there any best practice to do this functionality but ALSO include support for attached interfaces ala "fe80::1:2:3%eth3"? 18:45 < Epic|> I haven't tried it 18:46 < Epic|> I have 2 physical cores \ 4 threads unallocated 18:47 < Dagger> hweaving: getaddrinfo()? 18:47 < hweaving> Dagger: checking man page... 18:47 < Dagger> don't you kinda need getaddrinfo anyway, since you don't in general know in advance what address family the address is going to be in? 18:49 < hweaving> Dagger: For my program I know only IPv6 addresses are supported 18:49 < hweaving> Dagger: I'm...not very smart. I just realized sin6_scope_id presumably represents the interface that in text form would be "%eth3" 18:51 < pekster> That's part of what getaddrinfo() does for you so you don't have to set up any of that address-family-specific "stuff" 18:51 < hweaving> Cheers for the dumb question, putting this together now... 18:51 < pekster> In most cases, when you see hard-coding of AF_INET or AF_INET6 into general address parsing, the result is highly non-portable code that often requires fixing later. In can still be useful, but be careful when doing it so you know why you are 18:52 < Dagger> pekster: that's the rough conclusion that I came to as well: that if you find yourself writing AF_INET or AF_INET6 into your code, you're doing something wrong 18:53 < Dagger> the APIs are all designed to handle arbitrary address families, so you shouldn't need to be hardcoding anything 18:54 < Dagger> (although there are certainly cases where you need it, e.g. if you wanted to explicitly print "v4" vs "v6" into a log or something) 18:54 < hweaving> In my case IPv4 should be literally unsupported, otherwise I agree 18:55 < pekster> And that's fine, since the addrinfo** you get back will only include the results from the API call 19:00 < pekster> If you didn't already see, the `addrinfo* hints` input allows you to restrict what you're looking for in the event the input is a DNS name that is a dual-stacked host and you explicitly want to pick the family to use 19:06 < hweaving> pekster: yep, I found the hints and am now using them 19:25 < superkuh> Anyone ever dealt with qq.com before? Their email servers apparently have a blacklist for my email server (which has no problems with any mailserver blacklists outside of china). Is it realistic or useful to even begin trying to contact them to get off? 19:25 < skyroveRR> Hey superkuh 19:25 < superkuh> Maybe I shouldn't have put all those China-baiting keywords on my domain index webpage. :| 19:26 < superkuh> tiananmen square 1989, Emperor Xi, etc. 19:27 < hweaving> lol 19:29 < theatomheart> Your China's Social Credit score has dipped too low. To the blacklist wit you 19:30 < fr0tzed> superkuh, Xi Jing at his finest :) 19:32 < quantum> Has anyone used this systemd approach for starting a Hurricane IPV6 tunnel? https://wiki.archlinux.org/index.php/IPv6_tunnel_broker_setup 19:33 < quantum> I do end up with the he-ipv6 interface, but the tunnel fails. 19:34 < quantum> I haven't made any provision for the he-ipv6 interface in Shorewall because I don't understand this mechanism. 19:35 < quantum> Is he-ipv6 to be set as an 'outside' interface, like eth0, in the firewall? 19:36 < quantum> There are no IPV6 IPs in 'ip route'. 19:38 < fr0tzed> quantum, nop sorry. but it looks interesting :) 19:38 < Dagger> run the commands manually and see what happens 19:38 * quantum wishes it worked... 19:38 < Dagger> yes, it's an outside interface 19:40 < quantum> O. I just noticed I don't have net.ipv6.ip_forward = 1. Also I'll set it in Shorewall6. 19:48 < Dagger> you'll need that for forwarding, but not for just bringing the tunnel up 19:50 < quantum> Dagger: Fixed those things, and I now get name service, but: PING google.com(sea15s07-in-x0e.1e100.net (2607:f8b0:400a:800::200e)) 56 data bytes 19:50 < quantum> From Quantum-1-pt.tunnel.tserv14.sea1.ipv6.he.net (2001:470:a:c3::2) icmp_seq=1 Destination unreachable: Address unreachable 19:50 < quantum> ping: sendmsg: Operation not permitted 19:51 < quantum> (This is on my router) 19:51 < lernin> i am learning about loss rate and deriving it for calculating throughput of sawtooth, but it is unclear to me how to calculate it. Suppose I want to send 30 segments but lost 6 due to time outs, is the packet loss rate 6/30 or 6/36? So, is it # of packets lost/ total # of packets sent or # of packets lost / # of unique packets sent 19:51 < hweaving> Dagger: pekster: Any idea why my scope is never getting set with getaddrinfo()? Even if I put a fake interface like "fe80::1:2:3%eth42", getaddrinfo() returns no error, and scope stays at 0. Using a real interface does the same thing. 19:53 < Dagger> quantum: eh... *waves hands* firewall? 19:53 < quantum> Does seem like usually the case. But no dmesg's. I'll look further. 19:54 < Celmor> I've configured iptables and nm using traditional NIC names (eth0, eth1) but since I'm using a USB NIC and have it always plugged in the names are swapped, the USB NIC receives eth0 and PCI receives eth1, anyone seen that behavior before? 19:55 < Apachez> Celmor: there is a kernel variable if you want to use friendly names or not 19:55 < Celmor> not familiar with it, I specificaly disabled "friendly names" though by masking /etc/udev/rules.d/80-net-setup-link.rules 19:55 < Celmor> according to https://wiki.archlinux.org/index.php/Network_configuration#Revert_to_traditional_device_names 19:56 < Celmor> I'm just wondering why the names are now suddenly swapped 19:56 < Celmor> and since I'm using static IPs I wonder how they got assigned if the names are swapped, 19:59 < Apachez> net.ifnames=0 biosdevname=0 19:59 < Celmor> if I look at `ip addr` and nm configuration IP configuration is just switched https://puu.sh/zXAws/8686a72ec3.png 20:00 < Celmor> Apachez, I know how to get "friendly names" back, that's not the problem 20:00 < DrunkRhino> Is there any easy way using dnsmasq to associate an ipv6 address with it's corresponding ipv4 host? I'm running a pi-hole with the DHCP server enabled for v4 and the SLAAC+RA option turned on for v6, but I can only resolve the hosts v4 addresses 20:02 < Celmor> guess I have to switch to friendly names to fix this 20:03 < mast> Anyone have experience with cisco 2960's? Specifically POE? 20:04 < hweaving> pekster: Dagger: Update, my parser wasn't parsing the '%' part so that's fixed. However, now I'm confused because the port number in sockaddr_in6 is getting filled in with a network byte order port as expected 20:04 < hweaving> BUT, the scope is still in system byte order. I suppose that's because the scope isn't a value that's going over the network? 20:05 < pekster> hweaving: Right, at least on my Linux here, that ipv6(7) manpage documents that `uint32_t sin6_scope_id` is a (32-bit) "interface index" as defind by netdevice(7) 20:05 < pekster> hweaving: In otherwords, if you're not trying to actually parse the interface per the API in netdevice(7), don't worry about what it is 20:06 < pekster> "the kernel just deals with it", and if you care you need to use your system's API to inquire further as to what it is and what interface it's actually associated with. Unless you do, it's to be treated as an opaque 32-bit value 20:06 < Dagger> hweaving: just as I finished writing a test program too 20:06 < hweaving> pekster: that's not in my manpage ubt fair enough 20:06 < hweaving> At any rate the value makes sense on my system now if I don't mess with it -- interface 6 if you start indexing at 1 20:07 < pekster> Right, I said that's just how it shows up here; your interface may vary if POSIX permits it (Ubuntu 17.10, fwiw) 20:07 < Dagger> hweaving: the scope is meaningless outside of the local system, so there'd be little point sending it out on the wire 20:09 < pekster> "The sin6_scope_id field is a 32-bit integer that identifies a set of interfaces as appropriate for the scope of the address carried in the sin6_addr field." ref: http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/netinet_in.h.html 20:09 < hweaving> Roger, I'm very close to having things connected 20:09 < pekster> That's as much "official" info as you'll get without further inquiring with your particular distro APIs 20:09 < hweaving> I thought I understood the basics here but I'm finding myself ignorant of certain ipv6 details. This has been educational 20:15 < hweaving> UDP messages getting through now :D 20:16 < Apachez> run to the hills! 20:41 < UncleDrax> But on this battlefield no one wins? 20:46 < Demos[m]> Config management: discuss 20:47 < Demos[m]> Also oh man so many implementations screw up scope ids 20:47 < Demos[m]> Like mdns_minimal and avahi 20:49 < UncleDrax> what's to discuss? conf mgmt is a thing people should do, but not as many actually do. 20:49 < UncleDrax> oh you want like specifics. 20:50 < UncleDrax> (I am firmly in the category of 'not doing it but I should be'.. to certain levels and expections of the concept. :/ 20:50 < Demos[m]> Yeah like I’ve been setting up puppet but like really I feel like it’s just another layer to learn 20:51 < Demos[m]> Would rather just write the damn config files ya know 20:51 < Demos[m]> I guess salt was plush 20:51 < Demos[m]> *okish 20:53 < Demos[m]> And fuck a lot of these config Mgmt things are hard af to audit 20:54 < Demos[m]> And also holy cow line puppets packaging is insane 20:55 < UncleDrax> ya i personally wouldn't setup somethig like puppet for my env. i'd stick to ansible or something. 20:57 < UncleDrax> puppet would, imo, as you are finding out, seem to be an entirely new system to manage a system. and I don't have the resources/time to learn and manage puppet :/ .. that goes double for drinking the Chef koolaid :] 20:57 < UncleDrax> gimmie another meat-sack at the office, and I'd totally use it though 21:04 < davidebeatrici> Hello 21:05 < davidebeatrici> I have a VPN server on a VPS 21:06 < davidebeatrici> I forwarded some ports to a client, as explained in https://unix.stackexchange.com/a/55845 21:06 < davidebeatrici> They work correctly 21:07 < UncleDrax> *blink* a random success story? that's pretty uncommon around here. Excellent. good to hear! 21:07 < davidebeatrici> Yes, indeed! 21:07 < davidebeatrici> However, I'm wondering if it's possible to automatically forward the ports when there's a service listening on the client's computer 21:08 < davidebeatrici> That would be mainly to avoid the necessity of setting up a static IP for the client 21:12 < UncleDrax> xinetd does that sorta thing .. i'm not an expert on it however. 21:13 < Demos[m]> I like foreman tho 21:13 < Demos[m]> Also like I want to have almost all per host policy managed by LDAP / FreeIPA / samba 21:13 < detha> xinetd is for local services. If I read the question correctly, you want connections to to VPN server to say port 80 to automagically forward to the client? 21:13 < davidebeatrici> detha: Exactly 21:14 < davidebeatrici> So that a client only has to forward the ports in his router 21:14 < detha> That sounds dangerous. What if two clients connect and both are listening on port 80? 21:15 < davidebeatrici> I think that the port should be reserved to the first connected client 21:15 < Demos[m]> Something something ipv6 something something 21:16 < davidebeatrici> Unfortunately my VPS doesn't have IPv6 21:16 < UncleDrax> you should complain (just so your VPS provider has a tick mark next to 'someone asked for it').. 21:17 < davidebeatrici> Basically, without IPv6 I can't achieve what I would like to have? 21:17 < detha> Nothing I can think of that would do that out of the box. You could slap something together with connect scripts and nmap, or some uono daemon, but it sounds somewhat brittle 21:18 < davidebeatrici> Indeed 21:18 < detha> *upnp 21:20 < clueless1erson> So, I passed out last night 21:20 < clueless1erson> TandyUK: and now the interfaces are showing an IPV6 address on the WAN port 21:22 < clueless1erson> brb 21:24 < davidebeatrici> detha: https://www.hackviking.com/single-board-computers/pi-make-a-vpn-gateway-with-upnp-port-forwarding/ 21:24 < davidebeatrici> linux-igd 21:26 < davidebeatrici> OR MiniUPnP 21:32 < Demos[m]> I read that as "got drunk, deployed ipv6" 21:33 < qman__> there are worse ways to spend an evening, certainly 21:39 < clueless1erson> Demos[m]: it woudln't show an IPv6 address 21:39 < clueless1erson> then it has one in the morning. :( 21:57 < nobody> hi :) 21:59 < fr0tzed> nobody, hi 22:00 < nobody> hi fr0tzed 22:07 < davidebeatrici> detha: Ah, big problem... 22:07 < davidebeatrici> Unfortunately pfSense doesn;t have a UPnP Client 22:07 < davidebeatrici> *doesn't 22:08 < detha> davidebeatrici: hmm. that puts a bit of a spanner in the works if the client is pfsense 22:09 < davidebeatrici> :( 22:10 < davidebeatrici> I guess UPnP is not a choice... 22:11 < davidebeatrici> Any other ideas? 22:12 < detha> If the server is openvpn, I would try to do it with per-client connect scripts in .../ccd/ I think 22:13 < davidebeatrici> SoftEtherVPN 22:13 < davidebeatrici> I think I will stick to forward the ports manually 22:13 < davidebeatrici> As I already wrote a script to do it :) 22:14 < MACscr> whats the point in having different firewall rules for ipv6 and ipv4? I find it annoying to always have to do double entry for rules that i need added 22:14 < qman__> they're different networks 22:15 < qman__> even if you run dual stack, they have different sources and destinations, and NAT can come into play 22:16 < ||cw> it's like when you had different settings for IP and IPX. they are just different. I guess you could have a firewall front end that takes some abstract rules and translates that to both, but that's more a Q for your firewall vendor 22:17 < BarBQ> Q: 172.16.0.1/24 (R1) -L2 Switch- 172.16.0.2/16 (R2). Why does the ping come through from R1 to R2 and vice versa? 22:17 < tds> MACscr: the nice solution to that mess is to run single stack v6 rather than dual stack :) 22:30 < BarBQ> Someone that can explain it to me? 22:33 < compdoc> BarBQ, https://documentation.meraki.com/MS/Layer_3_Switching/Layer_3_versus_Layer_2_Switch_for_VLANs 22:40 < cluelessperson> wtf 22:40 < cluelessperson> When I restart my router, it takes forever to get an IPV6 address 22:41 < UncleDrax> define: forever 22:42 < macgyver_> if I have an adsl modem/router can I convert 1 ethernet port to 2 ethernet ports to connect 2 different pc s? 22:43 < macgyver_> what adaptor do I need? 22:43 < cluelessperson> UncleDrax: I fell asleep, and when I woke up, it had an ipv6 address 22:46 < ||cw> macgyver_: you need a network switch 22:47 < macgyver_> if I dont have switch can I split one ethernet port in 2 ethernet ports? 22:47 < ||cw> no 22:48 < macgyver_> if one ethernet port is output of a switch can I split it in 2 ports? 22:49 < ThinkOfANick> No 22:49 < mast> No macgyver you cannot 22:49 < ThinkOfANick> You can't 22:49 < mast> you would need a switch for that 22:49 < ||cw> you can't split an ethernet ports. you can daisy chain network switches 22:50 <+pppingme> there is no such thing as an "ethernet splitter", I don't care that you found them on amazon or ebay.. If you want to take one drop and feed more than one device, you need a switch.. 22:51 < ||cw> and with the right combination of switching, bridging, and routing, there's no real limit on how many ethernet ports you can connect thought to your modem 22:51 < cluelessperson> macgyver_: No, you need a switch 22:51 < cluelessperson> macgyver_: Splitters don't exist. 22:51 < macgyver_> ok 22:52 < cluelessperson> macgyver_: a "splitter" would just be layman talk for a 3 port switch 22:52 < ThinkOfANick> pppingme: Splitters are a thing, kind of. For example cat5e not all the wires in the cabling are used 22:52 < ||cw> the things called an ethernet splitter only let you connect 2 100Mbit ports through a single cable. you still need 2 switch ports. 22:54 < macgyver_> which is the best way to connect a personal laptop from the office to a pc from home? should I make a vpn between them? 22:54 < tds> you can do qsfp+ breakout as well, which is sorta like a splitter 22:55 < ||cw> tds: yeah but that's a quad port device to begin with 22:56 < ||cw> macgyver_: connect how, what's your goal 22:56 < ThinkOfANick> macgyver_: Sounds like you mean a remote connection, which has nothing to do with ethernet 22:56 < macgyver_> yes this is a second question 22:56 < macgyver_> not the same 22:57 < ThinkOfANick> macgyver_: If it's a Windows machine, use the default remote desktop app, but make sure your security settings are set up well 22:57 < macgyver_> yes 2 windows machines 22:57 < ThinkOfANick> Too many unsecured NASes nowadays with MD5 unsalted passwords 23:13 < WebWalker3D_> Normally, I use UniFi WAP, but am finding I am needing a lot of them to cover about 8k sqft of metal office building. In my endeavors to find something more practical, I ran across comdial for a WAP. My previous knowledge was they are a phone tech company?? The actual product is http://us.comtrend.com/products/wap-pc1750w/ Can anyone give me insight on this unit, or the products in general? I have zero knowledge of Comdial 23:13 < WebWalker3D_> products, but one review I saw said they had it in a 10k space with full coverage. 23:13 < UncleDrax> ya unf too many people thought MD5's were an encryption scheme 23:15 < ||cw> well, there's ideal coverage, and acceptable coverage 23:17 < ||cw> WebWalker3D_: how do those specs compare to the UAP-LR? 23:18 < WebWalker3D_> Honestly, I’ve found even with the UAP-LR I’m slapping them basically in every room. I haven’t compared to the Comdial stats yet as I literally knew nothing of Comdial 23:19 < WebWalker3D_> I switched to the UAP-LR when the standard UAP running in the hallways failed horribly 23:20 < ||cw> UAP-LR says 512mW 23:20 < WebWalker3D_> Vs 560 for Comdial 23:21 < ||cw> which is less than half a dB or so... 23:21 < WebWalker3D_> That doesn’t seem significantly different, at least enough to see a major difference over the UAP-LR 23:23 < ||cw> those antenna might do better, but maybe not too. indoor is tough, especially with metal construction 23:23 < ||cw> then there's the management aspect 23:23 < WebWalker3D_> Okay, maybe my question should be this. Given the scenario already drawn, what solution (short of wired) would be more practical for full coverage of about 8k sqft? 23:24 < WebWalker3D_> I mean, if I’m going to slap an AP in each room, I might as well go wired 23:27 < ||cw> I have a UAP-pro easily covering 2000 sqft, in an office with metal stud walls. and older UAPs out in the shop. idk the distance, but I'm sure it's more than 4K for each AP 23:28 < ||cw> I don't know what you're challenges are, but here I also have all PCs wired, the wifi is for cell phones, which are more tolerant of a weak signal, and the occasional laptop 23:28 < WebWalker3D_> The other issue is there’s so much “crap” in the walls and ceilings because it’s an old warehouse converted into slice and dice office space. 23:29 < michael_mbp> hey all, anyone here with Ubiquiti Unifi Switch experience? 23:29 < WebWalker3D_> It needs to be wireless strictly due to being a paid service that works in the entire building 23:29 < michael_mbp> Trying to figure out how to switch VLANs the upstream router may not be aware of? 23:30 < WebWalker3D_> I suppose the challenge is I won’t get paid to wire the entire building, And I would likely be doing a bunch of work for nothing. 23:32 < ||cw> WebWalker3D_: this is where spectrum analyzers come in handy. it may just be that having them in the hall is a problem, and moving to a room would cover multiple rooms, maybe more than it's covering now. 23:33 < ||cw> the UAPs site survey feature might help a little 23:34 < WebWalker3D_> I had been using a WiFi analyzer to check drop offs, and it was disappointing unless I had a UAP in each room 23:35 < WebWalker3D_> I really think it’s an issue of the 40 other wireless networks in the building, and a lot of crap in the walls, etc. but if I’m hearing you correctly, Ubiquity is still the most viable/practical, right? 23:36 < ||cw> 40 other networks is going to be a problem 23:36 < ||cw> nothing is going to do well in that 23:37 < DrunkRhino> Anyone have experience in getting dnsmasq to resolve hostnames to IPv6 addresses as well as IPv4? I'm trying to get a Pi 2 set up with pi-hole adblocking/dns using its DHCP server 23:38 < WebWalker3D_> 5ghz will not be impacted by the saturated 2.4ghz spectrum, right? If not, most modern devices with AC would be fine as the network saturation is on 2.4ghz. Or am I now grasping at straws? 23:39 < Irritiable|LT> WebWalker3D_: 5GHz shouldn't be affected by 2.4GHz. Make sure you DISABLE the 20/40MHz co-existence option on your router (enabled BY DEFAULT by law). 23:40 < WebWalker3D_> Hmm, I’ll look into that. Thank you 23:40 < mast> My rails should arrive in t-minus 2 hours 23:40 < Irritiable|LT> Welcome. 23:42 < ||cw> DrunkRhino: been a while, but i think unless dnsmasq is handing out the IPs, you'd need to create a file for the names 23:42 < ||cw> or use ra ? 23:43 < DrunkRhino> ||cw, the latter is what I've been trying to do without much success 23:44 < DrunkRhino> If I disable RA on my router, and try to enable it on the pi everything goes from using a 2601: to falling back to an fe80: 23:51 < DrunkRhino> I've been flipping back and forth between the dnsmasq.conf on my machine, the router, and a generated one from the pi and I can't quite figure out where to go from here --- Log closed Sat Apr 07 00:00:36 2018