--- Log opened Sat Apr 07 00:00:36 2018 00:10 < AvidWolf43> hi guys 00:10 < AvidWolf43> how can i verify a VIP's config if its working properly 00:15 < Holo> DrunkRhino you need to set up RDNSS 00:16 < Holo> https://tools.ietf.org/html/rfc6106 00:19 < DrunkRhino> Holo, I'm not 100% sure how you mean. I suppose for this second I'd settle for at least getting the pi handing out RA's properly in lieu of the router, but I'll be damned if I can figure out exactly how. 00:20 < RukusX7> hello! I have an emby media server and i want to safely allow remote access to it via the web. I was told I might want to grant ti read only access to my network. What does this entail? how might a i google search something like that? i am not sure where to begin 00:23 < DrunkRhino> Holo, would it help if I pasted the .conf files (or relevant sections thereof)? 00:24 < Holo> DrunkRhino --enable-ra 00:25 < DrunkRhino> Holo, that was my first assumption, but tossing that in the .conf and restarting dnsmasq didn't seem to do the trick. 00:25 < Holo> are you advertising for the ipv6 range? 00:26 < DrunkRhino> The dhcp .conf generated by pi-hole shows it should be? 00:27 < lightslategrey> Hi! Which netmask (/prefix) "195.149.80.0 - 195.149.82.255" (768 addresses) network have? 00:27 < ^7heo> /join #homework 00:28 < Holo> #dhcp-range=1234::2, 1234::500, 64, 12h 00:29 < Holo> # Enable DHCPv6. 00:29 < Holo> at least that is what the conf example says 00:29 < lightslategrey> I don't know much about networks and can't figure out what netmask is for that network because 768 is not power of two 00:31 <+pppingme> lightslategrey 195.149.80.0/22 195.149.80.0 - 195.149.83.255 00:31 < Holo> DrunkRhino and possibly enable-ra 00:31 < Holo> I do not use dnsmasq 00:32 < DrunkRhino> Holo, I'd tried mimicking the conf from the router for both those, but no dice. Ah well 00:33 < lightslategrey> pppingme: but it's ...82.255 not ...83.255 00:33 <+pppingme> there is no prefix that covers that range, something its typo'd 00:33 < atsu> Or it's a trick homework question 00:33 <+pppingme> 195.149.80.0/23 195.149.80.0 - 195.149.81.255 00:33 < lightslategrey> pppingme: it's not type it is actual existing network that's why I am asking 00:34 < pekster> Two independent prefixes would cover it, or maybe only the lower 75% of that network is "in use" with the remaining high-segment /24 unallocated, or not assigned or such 00:34 <+pppingme> just because a prefix covers a particular range doesn't mean you *have* to use the whole range.. 00:34 < pekster> You could use 10/8 on a LAN and only use 2 addresses, though that's quite a waste ;) 00:35 < atsu> And it sucks when you go to setup site-to-site VPNs with someone using 10. 00:35 <+pppingme> most people have a /24 at home (256 ip's) but only have a dozen devices 00:35 < Holo> pppingme you need to use a /4 00:35 < Holo> :P 00:36 < pekster> I have a dozen or so devices on at least 4 x /24's :P 00:37 < Holo> DrunkRhino no idea, I would have to set up dnsmasq and see what is going on 00:38 < lightslategrey> pekster: I don't understand, why "195.149.80.0 - 195.149.82.255" assigned exactly in this way (not as separate networks) and are owners of this network actually able to use it? 00:39 < jmuia> I have a question about getting asynchronous errors, particularly ICMP errors, on a connected UDP socket. This thread 00:39 < jmuia> quotes Stevens in that they should be propagated if the socket is connected. I'm seeing destination unreachable but not 00:39 < jmuia> time exceeded ICMP responses make it back to my socket (I can see them in Wireshark). I'm on OS X. Am I 00:39 < jmuia> misunderstanding something? 00:39 <+pppingme> i'm looking at that now, they seem to just own three consecutive /24's (or maybe a /23 and /24 that follows), that does NOT make it a single prefix 00:39 < pekster> lightslategrey: That's not a single CIDR network range, though it's within the 192.149.80.0/22 network, and also by definition inside any network larger than that, but not smaller 00:39 < jmuia> https://www.ietf.org/mail-archive/web/behave/current/msg10927.html 00:40 < DrunkRhino> Holo, I figured that'd be the case. Seems all my fussing with the pi messed up a few other things so I think I'm just going to start from a fresh build of arch ARM. 00:40 <+pppingme> there's a separate entry for the /23: % Information related to '195.149.80.0/23AS8881' 00:40 <+pppingme> so I was right, they own a /23 and a /24 00:41 < Holo> DrunkRhino or with your luck they are not following a RFC 00:42 < Holo> -.- 00:42 < Holo> your devices that is 00:42 < lightslategrey> pppingme: you mean ripe just of combined different networks into that strange wrapper inetnum entry? 00:43 < pekster> whois reports the top & bottom /24 out of the "range" as a direct-assignment to 2 different entities 00:43 <+pppingme> appears so 00:43 < DrunkRhino> Holo, could be! I'll have plenty of time to pore over the configs as everything gets reinstalled. 00:43 < pekster> CWB-1 vs IUU. The middle /24 (at least going by the .0 final IP component) reports no whois info at all 00:43 < Holo> DrunkRhino this is why i like my cisco routers :P 00:44 < DrunkRhino> And now that I think of it, once I finish I should probably make a fresh image of the sd card so I can have a known-good backup config... 00:44 < Holo> I can just power-cycle them if I do not like my config and did not save it 00:44 < DrunkRhino> Holo, lucky :P 00:45 < Holo> DrunkRhino they are great for home lab setups 00:46 < Holo> ill test shit on the firewalled cisco lab network before adding it to my normal home network 00:46 < Holo> its also my playbox 00:47 < DrunkRhino> Holo, I think my setup is more mad science than test lab, lol. 00:48 < Holo> DrunkRhino you could build a nice Fe setup for like $300 00:48 < Holo> not Gbit speeds 00:48 < Holo> but good enough 00:49 < Holo> then again you need to know how to manage cisco routers 00:50 < DrunkRhino> Holo, maybe one of these days! In the meantime this craziness suits me fine, most of this is for giggles/practice. 02:01 < jamesc> so i have a device connected to my mac via a bridge interface 02:02 < jamesc> i can ping the bridge from the device but i can't ping the internet 02:03 < electricmilk> jamesc, Can you ping 8.8.8.8 ? 02:03 < jamesc> no 02:03 < jamesc> Destination Hos Unreachable 02:03 < jamesc> Host 02:04 < jamesc> i can from my mac 02:04 < jamesc> not the device though 02:04 < electricmilk> Honestly I have no idea. Sorry 02:04 < electricmilk> Perhaps firewall settings? 02:04 < electricmilk> Could try disabling mac os firewall 02:04 < electricmilk> (temporarily) 02:07 <+pppingme> jamesc this is a phycial device plugged into a 2nd nic, or a virtual device, or what? 02:07 < jamesc> raspberry pi zero 02:07 < jamesc> connected to mac via usb 02:08 <+pppingme> does the pi have a gateway set? what did you set the gateway to? 02:09 < jamesc> im pretty sure i have set it as 192.168.2.1 02:09 < jamesc> which is the bridge interface 02:09 < jamesc> i can ping that from my pi zero 02:10 <+pppingme> if its truly bridged, it needs to be set to your router, not the ip of the bridgge.. 02:10 <+pppingme> bridges are layer2, they could care less about ip routing 02:19 < jamesc> i can ping the router even 02:19 < jamesc> from the pi 02:19 < jamesc> why can't i ping google? 02:19 < Mattx> Backkk 02:19 < Mattx> https://i.imgur.com/UqXTJVB.png 02:20 < Mattx> This is the latency of 1000 calls to an endpoint. how do you explain those peaks? 02:20 < Mattx> It should be around 10ms all of them, don't know what is happening 02:21 < Mattx> I'm sending 1000 http requests through the same http connection, I also tried with multiple persistent connections to the same server and distributing the calls randomly, but it's the same 02:26 < Epic|> Yay first 10gbe at home 02:26 < Epic|> Pretty decent 02:38 < Mattx> ||cw, you still around? maybe you know 03:36 <+pppingme> holy $%^& Backpage.com just got fried 03:37 < Peng_> Oh no, the IRS 03:42 <+pppingme> I doubt its the irs 03:42 < compdoc> craigslist got rid of their personal section a week ago 03:42 < compdoc> its a new law 03:42 <+pppingme> sounds like they knew this was coming 03:42 <+pppingme> what new law? 03:42 < compdoc> if sex trafficinbg happens on your site, youre responsible 03:43 < compdoc> something like that 03:43 <+pppingme> that could affect a lot of dating sites 03:43 <+pppingme> those are big money 03:44 < Peng_> pppingme: The Reuters screenshot said it was the IRS, among other agencies. 03:44 < thejohnnyapol> the law is the FOSTA / SESTA 03:44 < thejohnnyapol> the EFF has a nice article on it here: https://www.eff.org/deeplinks/2018/03/how-congress-censored-internet 03:44 <+pppingme> Peng_ thats a generic screen that all the agencies use 03:44 < db`> hey ppl! 03:45 <+pppingme> I"ve seen it before 03:45 < db`> I got an ubuntu 16. I had ppptp enabled. I recently shifted it to another node and now I got a new IP. But when I try to connect to PPTP vpn it shows up err 619 03:45 < db`> any clue? 03:45 < db`> I am able to connect to other PPTP vpns i got on other vps. 03:45 < db`> just not this one. 03:46 < db`> http://prntscr.com/j200xh 03:46 < db`> Any help is greatly appreciated. 04:12 < Demos[m]> Guess who just got their lab connected to the ipv6 internet 04:13 < vict0ria> china 04:26 < cluelessperson> from linux, how do you test ipv6 functionality? 04:26 < cluelessperson> back sorry 04:27 < Peng_> Ping something? Connect to Freenode? I dunno. 04:32 < cluelessperson> Yeah, so I'm trying to ask, what are the typical commands to test ipv6 functionality? 04:32 < cluelessperson> can I run a test client that grabs an ip, dhcp, etc? 04:34 < vict0ria> no clue but I found this: https://docs.oracle.com/cd/E19859-01/820-3253-12/ipv6.html 04:35 < atsu> A lot of devices use SLAAC 04:37 < atsu> What you test really depends on what you're testing for 04:38 < Demos[m]> Is it bad to use Slaac and dhcpv6 in the same subnet 04:38 < atsu> Nope 04:38 < Demos[m]> Is it bad to add slaac addresses to dns? 04:40 < atsu> Add them to DNS? What? 04:40 < Demos[m]> Just for domain joined hosts 04:40 < Demos[m]> Have them use slaac and nsupdate with gssapi 04:44 < jvwjgames_> i have a question is there a channel for hardware support 04:44 < atsu> What kind of hardware? 04:44 < Demos[m]> I think so but just ask 04:44 < jvwjgames_> for a dell pweredge server 04:44 < atsu> Yeah, ask. 04:45 < cluelessperson> atsu: Yes, but in Ubuntu here, it says "Automatic" and "Automatic(addresses only)" and "Automatic DHCP" 04:45 < Demos[m]> Heh speaking of which one of our DGX1 boxes is failing to init a gpu 04:45 < cluelessperson> atsu: so I can't tell if the working option on my laptop was SLAAC or not? 04:45 < jvwjgames_> Dell poweredge 1950 the PSU's light up and the server light's up but when i push the power button nothing happens 04:46 < jvwjgames_> so power supply and server are getting power but won't turn on 04:48 < cluelessperson> jvwjgames_: any LEDs or beeping? 04:48 < atsu> cluelessperson, More often than not, client devices will use SLAAC. I mean, that's all a lot of devices support. I'm not sure how to force Ubuntu to SLAAC but you could wireshark it regardless 04:49 < jvwjgames_> yes LED on front light's up and the main board lights up and PSU light in back is on but will not power on fan's or do anything 04:49 < jvwjgames_> is there a way to bypass a power button 04:50 < jvwjgames_> cause i am trying to get a server up and running 04:51 < atsu> Tried taking out ram sticks? 04:51 < jvwjgames_> yes 04:51 < atsu> One flash then off? 04:52 < jvwjgames_> i think 04:52 < cluelessperson> Well, my unifi USG shows an IPV6 address, but it's not on the WAN port 04:52 < atsu> That is not a good sign 04:53 < atsu> jvwjgames_ 04:53 < atsu> You don't have another 1950? 04:54 < atsu> Does the power button do anything? I'm confused 04:55 < amNoob> Hey guys, I'm looking for some wisdom, I'm trying to create an enterprise (like) secure network in the home for developing. The goal is to completely micro manage the network from hardware -> software 04:56 < HEROnymous> amNoob, ooook. 04:56 < cluelessperson> amNoob: I like unifi stuff, but I'm struggling with ipv6 at the moment 04:56 < vict0ria> youd prob like cisco network simulator... idk the site for it, someone might know 04:56 < atsu> cluelessperson, Is your USG your router? 04:56 < cluelessperson> atsu: yes 04:57 < amNoob> Is there any hardware, or software, or systems, that you guys stand by as being bulletproof? 04:57 < HEROnymous> amNoob, yes, but it's all very expensive. 04:57 < atsu> Not having a WAN IPv6 address kind of puts a stop to things 04:57 < cluelessperson> amNoob: If you start with Unifi equipment, you will need minimum. USG, Switch, Cloud Key, AP 04:57 < HEROnymous> cluelessperson, cloud key is definitely not a minimum requirement. 04:58 < atsu> amNoob, Nothing is bulletproof 04:58 < cluelessperson> amNoob: Approximate minimum price, USG $106, Switch $109, Cloud Key $70, AP, $150 => $500 with tax 04:58 < jvwjgames_> yes i have two 1950's 3 PSu's and both 1950's do the same thing both lighjt up but power button does nothing 04:58 < jvwjgames_> i can feel the power button clicking 04:59 < cluelessperson> amNoob: You can remove the cloud key, but it makes controlling everything from the gui easy. 04:59 < cluelessperson> HEROnymous: for a newb, it's sorta needed 04:59 < atsu> jvwjgames_, Wat. Two systems do it? 04:59 < amNoob> Thanks fellas, and what do you guys reckon, is the weakest link in a network or system? 04:59 < HEROnymous> cluelessperson, you can just install the unifi controller locally and you'll be fine 04:59 < jvwjgames_> yes 04:59 < cluelessperson> amNoob: the human 04:59 < HEROnymous> amNoob, humans. 04:59 < cluelessperson> HEROnymous: I thought you had to keep it running continually 04:59 < jvwjgames_> it is probably normal i am just confused about how to power the servers 05:00 < cluelessperson> HEROnymous: well, not continually, but should something restart, it maintains the provisioning 05:00 < atsu> cluelessperson, You can just run it as needed 05:00 < atsu> cluelessperson, But it does need a lot of updates 05:00 < cluelessperson> Problem is you have to know how to run it. :P 05:00 < vict0ria> jvwjgames_, maybe u dont have enough power 05:00 < HEROnymous> cluelessperson, nah, I run it on my workstation and only start it every couple of months to push new firmware to my uap-ac-pro. there're a few functions that do require it to run all the way. 05:00 < HEROnymous> all the time, rather 05:00 < cluelessperson> I suggest it because the $70 is worth making my life easier. 05:00 < HEROnymous> like the captive portal feature 05:00 < HEROnymous> I actually haven't ever used a cloud key 05:00 < cluelessperson> HEROnymous: exactly :P 05:01 < jvwjgames_> how would i not have enough power 05:01 < atsu> I'm still not a big Ubiquiti fan 05:01 < jvwjgames_> these servers sat for 1 year after being powered down 05:01 < cluelessperson> atsu: I love it so far except for several minor stuff 05:01 < HEROnymous> atsu, it's uh... y'know. 05:01 < vict0ria> how many watts do the servers need 05:01 < HEROnymous> probably as good as you're gonna get without either having a higher learning curve or a bigger budget. 05:02 < cluelessperson> I'm upgrading to AP Pro ($150) instead of the Lite ($80) 05:02 < cluelessperson> 150W 16p PoE Switch, instead of the 60W 8p PoE Switch 05:02 < HEROnymous> for the price, and the ease of use, ubiquiti has a lot to offer as far as the unifi line. and as far as wireless backhaul the edgemax line is pretty good too. 05:03 < cluelessperson> 3x PoE Cameras, 1x PoE AP, 3 servers, 1 desktop, 1 uplink, several randoms => 10+ Links for me 05:03 < HEROnymous> I'd take a $700 SRX300 over a $320 erpro-8, sure... but it's twice the price. 05:04 < atsu> I have an SRX. Don't hate :( 05:04 < HEROnymous> I have a lot of SRXs :P 05:05 < HEROnymous> there's a 320 with an LTE card in it sitting in front of me... and an MX80 under my desk too 05:05 < HEROnymous> lol 05:05 < cluelessperson> USG $109, $350 Switch, AP $150, CloudKey $80, 3x Cameras $190 05:05 < cluelessperson> My entire network setup for this apartment, $1259 + tax 05:05 < atsu> You just have a MX80 under your desk? 05:05 < amNoob> When you guys work in the industry, whats the most common kernel in enterprise hardware? is it more BSD like or GNU/Linux? 05:05 < HEROnymous> but y'know, ubiquiti stuff is cheap and works pretty darn well for the price point, so I've gotta give them a lot of props 05:06 < cluelessperson> amNoob: Debian, Ubuntu, Windows Server are the most common 05:06 < HEROnymous> atsu, well, among other things - that's the only juniper item down there, but there's also a set of Golf R rear brakes, an 8 port serial concentrator, and a small UPS :P 05:06 < cluelessperson> amNoob: Usually if it differs its because your DEVOPS/Sys Admin enjoys some other flavor 05:06 < amNoob> Windows? really? 05:06 < cluelessperson> amNoob: And it's a fucking BAD idea to differ without good reason 05:06 < cluelessperson> Keep things simple, modular, and easy to understand for your devs 05:07 < HEROnymous> amNoob, yeah, windows servers are probably more common than anything else overall. 05:07 < cluelessperson> amNoob: You'll find that some small business friendly shit only runs in Windows. 05:07 < atsu> amNoob, Linux by far 05:07 < HEROnymous> at work we're about 85% windows, 14% centos linux, and 1% other. 05:07 < atsu> Especially when you factor the more IoT-ish devices 05:07 < amNoob> damn, for real, I've just been studying only with unix like systems 05:07 < amNoob> man what, thats alot of windows 05:08 < cluelessperson> amNoob: We were 90% Debian, 2 windows machines. Microsoft SQL for some inventory shithole software, and Windows for Quickbooks Server 05:08 < HEROnymous> amNoob, well that's fine. if you're a newcomer to IT, don't overgeneralize. 05:08 < cluelessperson> and everyone in accounting has a hardon for quickbooks 05:08 < vict0ria> i encourage you to learn linux 05:08 < cluelessperson> amNoob: You'll find that it depends on the business. Some will be all Windows, some will be all Linu 05:08 < amNoob> I was always windows phobic, so i put it off 05:08 < cluelessperson> amNoob: I HIGHLY suggest linux over everything 05:08 < HEROnymous> cluelessperson, I have plenty of customers running quickbooks/sage/etc on vms that they rdp to, and pay us to handle security. ;) 05:09 < HEROnymous> I suggest following what you enjoy more, be it windows, linux, or something else. 05:09 < atsu> MacOS ain't bad 05:09 < cluelessperson> HEROnymous: Yes, in my case, someone setup the windows server before I started there. I ran the new windows servers in VMs 05:09 < cluelessperson> HEROnymous: VMWARE because that's what we bought into with keys (not my decision) 05:09 < cluelessperson> I would've gone for KVM 05:09 < HEROnymous> cluelessperson, hyper-v is a pretty great virt stack. 05:09 < cluelessperson> bleh 05:10 < HEROnymous> kvm is very... quaint. ;p 05:10 < atsu> Cloud is kinda nice sometimes. Not deal with all the hardware crap 05:11 < cluelessperson> atsu: Here's what's happening 05:12 < cluelessperson> A lot of company administrations treat technology as a GIMMICK rather than a WAY OF LIFE. So they underfund IT, ignore warnings, ignore advice, then eventually all their customer's data is breached, because they're fuckup sociopathic cunts that wind up blaming their overworked IT 05:12 < gtrmtx> hey everyone, this is my setup: http://pasteall.org/pic/show.php?id=8799afe9f3ad11a8fefb7c702bff54e9 the problem i am having is that if i try to go to sub.domain.com on the client side it tries to redirect me to the private address instead of continuing to present as sub.domain.com 05:12 < vict0ria> amNoob: getting certs should be a worthwhile endeavor for you if you wanna get into IT 05:12 < cluelessperson> They complain that it's hard to make money (they lie) 05:12 < gtrmtx> how do you fix that? 05:12 < cluelessperson> The RESULT, is that a lot of people develop this bullshit fear of being HACKED, like everyone else. 05:13 < HEROnymous> cluelessperson, I feel as though you have very strong feelings on the subject. 05:13 < vict0ria> amNoob, cuz anyone can claim they know something, if u got a cert, u can prove ur to ur employer that you know ur shit 05:13 < cluelessperson> So they are AFRAID and you get bullshit legislation and dumbshit executives that decide to outright CUT OFF THE INTERNET to things like hospitals to prevent breaches 05:13 < amNoob> Thanks for the input fellas, I'm not part of the industry and all of this is really helpful 05:14 < cluelessperson> So, you sabotage your own networks across the nation, and your dumbshit executives continue to get paid bullshit they don't deserve. 05:14 * cluelessperson has first hand experience. 05:14 < HEROnymous> making money is actually hard though. 05:14 < cluelessperson> HEROnymous: Yes. Notice EQUIFAX and FACEBOOK breaching your data and bleeding HIPPA violations 05:14 < vict0ria> amNoob: me either, im working on two comptia a+ certs, ;p 05:14 < cluelessperson> meanwhile, our republican bullshit government isn't holding them responsible. 05:14 < HEROnymous> facebook hasn't got any of my data. 05:15 < cluelessperson> and congress passed a law to prevent Equifax from being sued civily 05:15 < jvwjgames_> how would i not have enopugh power 05:15 < cluelessperson> https://www.reddit.com/r/news/comments/8a2egv/facebook_sent_a_doctor_on_a_secret_mission_to_ask/ 05:15 < cluelessperson> HEROnymous: ^ this should make your blood boil. 05:15 < vict0ria> jvwjgames_, idk, ive asked how many watts the servers need 05:16 < cluelessperson> HEROnymous: Long story short, Facebook is buying data illegally from hospitals and attempting to deanonymize your private data. 05:16 < cluelessperson> Which is a fucking FELONY 05:16 < cluelessperson> PER RECORD 05:16 < cluelessperson> PER PERSON 05:16 < cluelessperson> PER PATIENT 05:16 < vict0ria> if your power supply can support x amount of watts... ig you're good 2 go jvwjgames_ 05:16 < cluelessperson> /rant sorry 05:17 < HEROnymous> is anyone surprised? 05:17 < cluelessperson> HEROnymous: no, it's just increasingly sickening. 05:17 < cluelessperson> I'm fucking jaded. 05:17 < atsu> I just hope people continue to care 05:17 < HEROnymous> I don't think most people do care. 05:17 < HEROnymous> not most of the time, at least 05:18 < HEROnymous> occasionally you'll get a small number of people with the power to do something, and something might change 05:18 < cluelessperson> atsu: Dude, this is corruption and evil on a level that deserves physical violence 05:18 < cluelessperson> but the sheep eat the shit 05:18 < vict0ria> as if your data on facebook was private to begin with 05:18 < HEROnymous> but ultimately those changes, when enforced by government, tend to be fleeting - because people expect that government will do everything for them, and have abandoned the notion of doing for themselves. 05:18 < cluelessperson> vict0ria: You don't understand. It's facebook visiting your local hospitals and ERs and requesting your personal medical data. 05:18 < HEROnymous> vict0ria, we're not talking about data *on* facebook. 05:18 < cluelessperson> vict0ria: you don't get it, you don't have a choice. 05:19 < superkuh> They can ask all they want. If they don't get it there's no law broken. 05:19 < cluelessperson> superkuh: Actually, attempting to break the law is very often illegal. 05:19 < cluelessperson> and in this case, illegal. 05:19 < vict0ria> oh da fuq 05:19 < HEROnymous> superkuh, are you very certain that they didn't get it in 100% of the cases where they attempted to ? 05:19 < cluelessperson> superkuh: "I only attempted to rob the bank, your honor" 05:20 < vict0ria> first cambridge analytica, now this? 05:20 < HEROnymous> because I can point to well-documented cases of HIPAA violations where data was straight up sold by covered entities. 05:20 < jvwjgames_> is there a way past the power button 05:20 < HEROnymous> to advertisers, etc. 05:21 < cluelessperson> jvwjgames_: short the contacts on the motherboard 05:21 < vict0ria> jvwjgames_, do u have a manual lol, ive never touched a server in my life 05:21 < jvwjgames_> ya i do 05:21 < superkuh> HEROnymous, no. But luckily in the USA you have to prove guilt not innocence. So I'll wait till that happens. cluelessperson, I understand that. But asking for data is not the same as asking for the teller to hand over the money. 05:22 < cluelessperson> superkuh: poor people have to prove innocence. Rich people have to be proven guilty 05:22 < cluelessperson> socialism for the rich, capitalism for the poor 05:22 < superkuh> It's all fine and well that it's cool to care about infrastructure now and I finally get to say I don't use Facebook without blank stares or disbelief. But I'm really don't think this asking is a crime. Just unethical to the extreme. 05:23 < vict0ria> an old lady asked me if i had a facebook and was shocked when i told her i didnt, fuck facebook lol 05:23 < HEROnymous> no, it's not a criminal offense to ask for a covered entity to commit such an act. 05:23 < HEROnymous> I don't see any appeal to facebook. 05:23 < HEROnymous> I have irc. 05:24 < HEROnymous> I've had irc since ~1993 05:24 < HEROnymous> worked fine since then. 05:24 < vict0ria> peeps are driven to the likes 05:24 < vict0ria> the likes makes the brain release dopamine yadda yadda 05:25 < vict0ria> theres a vid about all the fucked up shit fb intentionally does to its users 05:25 < vict0ria> lemme see if i can find it 05:25 < superkuh> In before you link to a video on a centralized hosting service that also knows everything about you. 05:26 < vict0ria> LOL 05:26 < vict0ria> https://www.youtube.com/watch?v=d6e1riShmak 05:26 < HEROnymous> yeah, all of these california megacorps are "happy-feel-goody" in their rhetoric, and pretend like their "progressive" agenda is anything but regressive, but in reality it's just oppressive, and their ideals and values have a lot more to do with consolidating wealth and power than someone who is open about such things like Donald Trump's. 05:31 < jaelae> alertlogic!!!! 05:31 < jaelae> on a friday night 05:45 < jvwjgames_> power button bypassed no joyu still :( 05:45 < jvwjgames_> still won't power on 06:02 < CannedSpinach> is there a domain for my local network? 06:03 < skyroveRR> Wut? 06:03 < HEROnymous> maybe. 06:03 < CannedSpinach> sorry I'm trying to configure a server and there is a configuration variable it's telling me to set to "host.domain:port" 06:04 < CannedSpinach> I know the host and the port but I'm confused by the domain part 06:05 < Kingrat> you can make up your own domain if you dont have an actual you want to use 06:05 < Kingrat> like server.spinach 06:05 < skyroveRR> Just put in .cannedspinach.net and be happy with it. 06:05 < Kingrat> where spinach would be the domain 06:06 < Kingrat> or that 06:06 < CannedSpinach> it's looking more like this value is important because my client machine is telling me it can't connect to it :P 06:06 < CannedSpinach> to make things more concrete I am trying to set up a taskwarrior taskserver on a raspberry pi 06:07 < skyroveRR> K, so the server is a raspberry pi. 06:07 < skyroveRR> So how about task0.cannedspinach.net :) 06:08 < skyroveRR> BTW, do you have the B or the B+ variant, CannedSpinach, which one? 06:08 < CannedSpinach> this variable is being stored on the client side skyroveRR, it's not a creative option 06:08 < CannedSpinach> pretty sure it's a B 06:12 < CannedSpinach> I'm assuming if the output of `hostname` doesn't include a domain, then I should just do host:port? 06:14 < CannedSpinach> ah. I had the address right, I was just getting connection refused 06:14 < skyroveRR> :) 06:17 < CannedSpinach> now I need to figure out why the connection is getting refused 06:22 < CannedSpinach> I tried nmap on my server's IP address and it doesn't appear the port I want is open 06:22 < CannedSpinach> but I'm not really sure how I would open it 06:40 < SovietBeer> any idea why my webapp running on my android tablet's chrome can fetch the website assets from the server running on my laptop, over my TP-Link TL-MR3020 Portable Router but it can't connect via websockets (while any browser running on the laptop itself CAN connect via websockets too)? 06:41 < SovietBeer> and if use the wifi of my non-travel router it works from my tablet too 06:41 < SovietBeer> but how can my TP-Link TL-MR3020 Portable Router be blocking websockets? 06:41 < SovietBeer> i put openwrt on it 06:42 < cluelessperson> SovietBeer: app permissions maybe? 06:42 < SovietBeer> cluelessperson: how so? which app? 06:42 < SovietBeer> it's a web app 06:43 < cluelessperson> oh, nvm then 08:46 < cluelessperson> so the unifi security camera system thing is pretty fuckin awesome 09:42 < varesa> SovietBeer: have you tried doing a packet capture on the server/client to see if the packets a) leave at the source b) arrive at the destination 09:43 < SovietBeer> varesa: no. which tool would you succest for that? (laptop is windows 8.1) 09:43 < varesa> I think wireshark would work on windows too 09:43 < varesa> also, which android version? 09:44 < SovietBeer> varesa: 5.1.1 09:44 < varesa> okay, I read that 4.3 and older don't support websockets 09:45 < SovietBeer> varesa: but when i use my neighbor's router it works with websockets too 09:45 < varesa> ah right, missed that message 09:45 < varesa> then it's not a client or server issue (at least not totally) 09:45 < SovietBeer> yea 09:45 < varesa> but packet capture should tell you if there is traffic 09:46 < SovietBeer> but usually this router with openwrt is very good 09:46 < SovietBeer> ok 09:46 < varesa> I think you might be able to run tcpdump even on the router 09:48 < SovietBeer> ok 09:48 < varesa> I doubt you have any deep packet inspection or intrusion prevention system on the router 09:49 < varesa> unless the router/firewall actually looks at the TCP packet contents to me it seems like it should look just like an ordinary TCP stream 09:50 < SovietBeer> varesa: but aren't websockets just tcp like any http request? then how can they have problems getting through when the browser can fetch all other assets via http? 09:50 < varesa> that does sound weird 09:51 < varesa> as long as there is no DPI/IPS involved 09:51 < varesa> and I doubt OpenWRT would do anything funny with HTTP traffic, unless you have transparent HTTP proxy enabled 09:52 < SovietBeer> hm 09:54 < Android> can someone get this hex editing monkey off my back 10:01 < Demos[m]> How do I get a Linux box running radvd to autoconfigure upon seeing its own adverts? 10:05 < Demos[m]> Oh yay had to set accept_ra to 2 10:44 < georgios> hello. i wanted to know if there is some PoE injector (active?) for gigabit ethernet 10:51 < Demos[m]> Yeah there are loads 10:58 < [KaY316]> hey there guys, looking for a little bit of help plz, i have a NAS which a media server "Plex" installed on it, now there is a feature where i can remote access the nas from outside,it requires port forwarding, i tried to configure the server and router, but still no access, not sure what im doing wrong 10:59 < Ben64> choose a port on plex (or leave default), forward that port on your router, done 10:59 < [KaY316]> i did that. it 10:59 < [KaY316]> its not accessing 11:00 < Ben64> then you didn't do that 11:01 < [KaY316]> i specified the port on plex, (50000) then i went to router page and forwarded the 50000 to plex port (34200) 11:01 < poolson> hey folks im setting up an ICMP tunnel and have so far established a connection from the client to server 11:01 < poolson> and from the server i can ping the client and also ssh to the client 11:01 < poolson> however i cannot go the other way around .... heres the results from "route" ... anyone can see something from that ? im not terribly network savvy :) 11:02 < Ben64> [KaY316]: if you specified 50000 on plex then you'd need to forward 50000 to 50000 11:02 < poolson> 167.99.100.90 is the actual IP of the server 11:02 < varesa> > i specified the port on plex, (50000) 11:03 < [KaY316]> i specified 50000 on plex as a public port, plex's port is always 34200 11:03 < Ben64> no it isn't 11:03 < varesa> > forwarded to plex port (34200) 11:03 < Ben64> if you specified 50000 then it's 50000 11:03 < varesa> okay, that could be correct 11:04 < [KaY316]> i'll give it a shot 11:04 < varesa> if the 50000 isnt the port that plex binds to but a port it uses to generate external URLs 11:05 < [KaY316]> nope... still denied access 11:05 < varesa> the most likely issues (not necessarily in order) are: a) ISP is blocking ports (have you had any port/service work?) b) firewall on either the router or plex server blocks c) NAT configured incorrectly 11:08 < [KaY316]> here's my setup... Dlink ISP router has a public IP providing internet to local router--> Local Linksys router which has all the servers and PCs connected to it--> Synology NAS with Plex installed on it 11:09 < varesa> do both the routers route/NAT? Or is the second one used just as a switch? 11:09 < [KaY316]> both of them NAT 11:10 < Ben64> ew 11:10 < varesa> ew :P 11:10 < [KaY316]> ?! 11:10 < varesa> you need to a) get rid of that horrible double NAT or b) port forward the 1st router to the 2nd and the 2nd to the plex server 11:10 < [KaY316]> poor setup? 11:10 < Ben64> very poor 11:11 < varesa> in an ideal case you wouldn't need NAT at all (/me waits for IPv6) 11:12 < [KaY316]> thing is... ISP provided a very low end basic router which i really cant do much with, so i had it only to provide a uplink to the Linksys router where its much powerful 11:12 < varesa> and you pretty much never want more than one layer of NAT. It gives zero gain with a couple of drawback 11:13 < varesa> but you still rely on the ISP router to do NAT/routing 11:13 < varesa> and on top of that you have another router just repeating the same stuff 11:13 < varesa> either a) replace the ISP router with something else b) turn the ISP router into a bridge mode, bypassing NAT c) Live with what the ISP router allows you to do 11:15 < [KaY316]> so if i unplug the Dlink ISP Router, and use the Linksys instead of it (it has internet port in it) and apply the necessary config, i would only benifit from the NATing, correct? 11:17 < varesa> that's what you should do if it is possible with the ISP 11:17 < varesa> it'll allow you to properly utilise the one you bought 11:18 < varesa> if a slow car/driver is blocking the road, you won't get to the destination any faster by driving behind it in a faster car :) 11:18 < [KaY316]> great, now i'll have to change the gateway on all the devices! 11:18 < varesa> not necessarily if you use the same LAN config 11:18 < [KaY316]> they r on different pools 11:19 < [KaY316]> Dlink 192.168.1.2 ... Linksys 192.168.2.1 11:19 < varesa> and your default GW for your devices is .2.1? 11:19 < [KaY316]> 1.2 11:20 < [KaY316]> i was aiming for security at first when i started all this 11:20 < varesa> but if the Linksys does NAT then all devices connected it would have to use .2.1 11:20 < [KaY316]> the NAs was pretty expesive 11:20 < varesa> if you're using the DLink directly then the Linksys isn't NATing the traffic 11:20 < varesa> it is just switching 11:22 < [KaY316]> im not using the dlink directly, it's just providing net to the linksys thats all... but my devices wont work unless i have the dlink as the gateway! 11:23 < Ben64> if the dlink is the gateway then the linksys is doing nothing 11:26 < [KaY316]> wow.. never realized how poor my $#!t is 11:28 < varesa> [KaY316]: I believe this is what you've created by accident: https://i.imgur.com/AFtxt6m.png 11:29 < varesa> (that one line was also supposed to be green) 11:31 < [KaY316]> if this is a hardware map, then no, there's only one linksys router, which is the one after the Dlink, then comes all the PCs and NAS 11:31 < varesa> [KaY316]: they're the same box but two logical components 11:32 < [KaY316]> if i switch to one router only (linksys) will i be as protected from attacks as the previous scenario? 11:32 < [KaY316]> i just tought if i have them on different pools, seperate private from public, i would be okay! 11:32 < varesa> well right now you more or less have the ISP router in charge of security followed by a dumb switch that doesn't care 11:33 < varesa> well your second pool right now is not being used by anything 11:34 < [KaY316]> dude, yr welcome to Anydesk/TV for more details, im just a noob when it comes to this.. 11:34 < [KaY316]> im using the linksys for wireless also, it has a good range 11:34 < varesa> if you trust your linksys more than the dlink then the replacement could be an improvement in security 11:35 < varesa> what GW IP do your wireless devices get or use? 11:35 < [KaY316]> hold on 11:36 < varesa> in a typical (home) network you'd want exactly one good router at the front, followed by as many switches and dumb access points you need to connect all your devices 11:37 < varesa> but no more than one router 11:37 < [KaY316]> well, my phone is not showing me the gateway, it's connected to linksys tho, 1.140 11:38 < varesa> sounds like it might also be getting the IP/GW from the DLink 11:39 < [KaY316]> i have 2 hubs where my TV is in the living room and one in kids room where the TV and playstation is connected 11:40 < varesa> home "routers" confuse people a lot. They actually have three different components/roles. The actual router, a switch and a wireless access point 11:40 < varesa> when people want a second router to expand their network, they actually don't want a router, they want either the switch, access point or both 11:41 < varesa> routers are needed at the boundary of two networks, e.g. the internet and your LAN 11:41 < [KaY316]> i only wanted it for security... nothing more 11:41 < [KaY316]> and wireless strength 11:42 < varesa> and if for whatever reason you want to have multiple networks inside your house, double NAT is the improper way to do it. The good way to do it is using static routes on the routers so that the first router actually knows to send the traffic to the second network to the second router 11:43 < varesa> In my homelab I actually have a total of 5 different routers (some routing 10Gbps) with 20+ different IP pools but only one of the routers does NAT :) 11:44 < [KaY316]> im flabbergasted, 11:45 < [KaY316]> is that why my network speed went extremely low all of a sudden? 11:45 < varesa> but yeah, there are lots of ways you can go with your network but a) it currently isn't doing what you thought it was b) double NAT is not the way to go and doesn't really improve security in your case 11:46 < [KaY316]> i got a CAT6 cables running all through the devices, but when i transfer files from my PC to the NAS i bearly get 10MB/s 11:47 < varesa> a proper gigabit network over CAT6 should be able to transfer up to 125MB/s 11:47 < [KaY316]> i get that when transferring FROM the NAS to PC, not the other way round... 11:48 < varesa> then it sounds like the NAS isn't just able to handle the writes 11:48 < varesa> reading is almost always faster 11:49 < [KaY316]> i dont think the nas is the problem, it's a monster 11:50 < varesa> well if your network is so asymmetric then it is very broken 11:50 < [KaY316]> im bearly using 10% of its power 11:50 < varesa> well 10Mbps in a gibabit network is broken anyway, asymmetric or not 11:50 < varesa> What model, what disks, what disk/raid config? 11:51 < varesa> lot of space might not mean lots of speed and vice versa for example 11:51 < [KaY316]> DS3615sx, 12 WD disks, RAID5 11:54 < varesa> so it is actually a fairly good NAS :) 11:55 < varesa> RAID5 is quite bad for write performance but shouldn't be that bad 11:55 < varesa> if you wanted to rule some things out you could connect it directly to your computer with no network gear in the middle 11:57 < [KaY316]> i assumed since its uploading with maximum speed of 120MB/s at one end, then it wont have a problem with the other, so i assumed everthing else might be the problem 11:57 < varesa> it is something difficult to know what good/expensive, for example in the case of a NAS means 11:57 < varesa> just among the people I know IRL, depending on who is saying it, it could mean $200, $2000 or decom. from work, costs $200,000 new 11:58 < [KaY316]> anyway... first things first... demote the dlink and get the linksys up and running as a main router! 11:58 < [KaY316]> i got mine for around $4000 11:59 < [KaY316]> like 3 years ago 11:59 < varesa> yeah, now I see you mentioned synology at the beginning 11:59 < varesa> which already tells something 12:01 < [KaY316]> all of this started when people at work wanted to know what movies and shows i have and i have to tell them about each and every movie and get them imdb links and stuff, i dont want to do that anymore, i just want to give them a plex View only access where they can see my media list and thats it! 12:01 < varesa> a write in RAID5 will actually have to do a read from the disks, calculate the parity with the old+new data and write both the data and the parity down 12:02 < varesa> proper amount of lazyness makes a good engineer! 12:02 < [KaY316]> varesa, i have no idea what you just said lol i aint that technical! 12:11 < [KaY316]> are you familiar with plex?! 12:12 < varesa> nope 12:12 < [KaY316]> ok 12:13 < poolson> hey how can i delete this route 12:13 < poolson> 10.224.0.0 0.0.0.0 255.224.0.0 U 304 0 0 wlan1 12:13 < varesa> poolson: what OS? 12:13 < poolson> linux 12:14 < poolson> debian specifically 12:14 < SirLagz> poolson: have you tried deleting it with ip route? 12:14 < poolson> yep ... im just not getting it correct enough to match 12:14 < poolson> ... i think 12:14 < varesa> ip route del via 12:15 < varesa> but is that a connected-route? 12:15 < poolson> oh got it ! 12:15 < varesa> e.g. created by an IP of 10.224.x.y/15 on wlan1? 12:16 < poolson> yeah most likely .. im just messing about to see what happens 12:16 < poolson> its part of a problem im having with an ICMP tunnel im trying to use 12:16 < poolson> i have it connected .. and from the server i can ping the client and ssh to the client .. but i cant ssh to the server from the client 12:17 < varesa> I'm just assuming from the gateway of '0.0.0.0'. Either it is a configuration error or that is how your version of 'route' shows local subnets 12:18 < varesa> yeah, newer versions seem to use '0.0.0.0' 12:19 < varesa> what is your wlan1 IP address? 12:19 < poolson> hold on a sec .. ill set it up as i had it before i started messing randomly with things 12:19 < varesa> correcting myself from before, that looks like an 10.224.x.y/11 which seems awfully wide 12:22 < poolson> ok .. just so you have some context ... wlan1 is associated with a comcast modem that is like a captured portal 12:22 < poolson> im trying to use an icmp tunnel thru that 12:23 < poolson> and this is what things look like when i boot up 12:23 < poolson> https://pastebin.com/vbjPge9F 12:24 < varesa> okay, so it actually does use an /11 o_O 12:24 < poolson> on the server that i have setup for the other side of my tunnel 12:24 < poolson> there is a tun device with an ip of 10.2.0.1 12:25 < varesa> but in any case you will need that '10.224.0.0/11 via 0.0.0.0 dev wlan1' route in order to send packets to the 10.224.0.1 gateway 12:25 < varesa> to have any kind of connection at all 12:25 < ^7heo> ohai catphish_ 12:25 <+catphish_> hey :) 12:25 <+catphish> oh, i was already here 12:29 < poolson> https://pastebin.com/QLVfvtFN 12:29 < poolson> ok so here is where im at 12:29 < poolson> i pasted stuff at various stages of what i was doing 12:29 < poolson> so at this point i can ping the client from the server and also ssh from the server to the client 12:30 < poolson> but not from client to server 13:17 < Blok> I am having trouble getting multicast to travel through a gre-bridge and I am out of ideas. Anyone with hints regarding how to troubleshoot? 13:17 < orlock> damn 13:17 < orlock> no 13:18 < orlock> something not autodetecting i guess? 13:20 < X-Cyber> hi anyone? 13:21 < light> hi everyone 13:22 < survey0r> o/ 13:22 < X-Cyber> just one? '-' 13:23 < poolson> oh man .. someone solve my routing problem ! 13:23 < poolson> :) 13:24 < light> draw a picture 13:25 < poolson> you up for the task ? 13:25 < tpanarch1st> hey, got a few questions about the realm of captive portals please: I'm looking to use it with OpenWRT and to "tie" it to my second wifi on my router, it needs to be free but in return only route to a single IP address with everything else locked down, no access to other parts of my network (including the router itself), no access to the wider internet 2) If possible, I don't want a login paid or a billing module - it's intended to 13:25 < tpanarch1st> be free - is this possible. Running the latest Lede release 13:25 < poolson> ill repeat the stuff i said earlier if you are ! 13:26 < tpanarch1st> The wider context of my question is 1) Has anybody done this and 2) am I being realistic please 13:26 < tpanarch1st> (and thanks) 13:28 < tpanarch1st> a lovely guy spent a lot of time with me and we explored a solution of forwarding using firewalls, we landed on issues with the iPhone, we managed to trigger a captive portal popup for the purposes of redirecting to the forum BUT there was a cancel button and as soon as you hit cancel, the user could not then reconnect to that wifi network and get that captive portal again. There was no way to tell them to manually type in the IP 13:28 < tpanarch1st> address 13:42 < varesa> tpanarch1st: you mean you want to permanently redirect/limit all traffic to a single address? 13:42 < l00pcy4> there was iptables 13:43 < l00pcy4> it looks broke on many systems 13:43 < tpanarch1st> varesa: yes, effectively so, stops access to the web and other IP's on the LAN yes 13:43 < tpanarch1st> it's the automatic redirect bit that makes it user friendly you see 13:44 < l00pcy4> some 2.6 kernels had it working 13:44 < tpanarch1st> l00pcy4: are you talking to me :) 13:44 < l00pcy4> though after kernel 2.6 it has something like hyperthreading 13:45 < varesa> tpanarch1st: I was going to suggest a destination NAT *:80 -> yourip:80 - but then you'd have to somehow set the source address for the return traffic 13:45 < l00pcy4> blows past TCP sockets 13:45 < tpanarch1st> varesa: I don't **think** there is another way round this from a captive portal, we really did go to town on exploring a firewall set-up, the issue we had was with apple 13:46 < tpanarch1st> other than a captive portal* 13:46 < tpanarch1st> (please see issues with Apple above) 13:46 < tpanarch1st> we had to trick apple devices into thinking there was a captive portal to forward them 13:48 < l00pcy4> tpanarch1st whoever was going over IP filtering 13:50 < tpanarch1st> i don't follow l00pcy4 we actually got so far but were stumped by apple in the end! 13:52 < l00pcy4> what about Apple tpanarch1st? 13:53 < tpanarch1st> l00pcy4: have you read my requestion and information above? 13:53 < tpanarch1st> question* 13:55 < l00pcy4> repost it 14:01 < tpanarch1st> my questin has nothing to do with ip filtering 14:01 < tpanarch1st> :) 14:01 < zenix_2k2> one question, is there anyhow i can check all of the active connections on port 8080 ??? ( Ubuntu ) 14:02 < Emperorpenguin> zenix_2k2: netstat -avnp | grep 8080 14:02 < zenix_2k2> ok let's me check 14:02 < X-Cyber2> fuser -n tcp 8080 (y) 14:02 < X-Cyber2> maybe can help you (y) 14:05 < kamura> zenix_2k2: netstat is depricated 14:05 < kamura> ss -a dport = 8080 14:06 < moog> since 2001 :) 14:07 < l00pcy4> with apple or apple devices tpanarch1st 14:07 < zenix_2k2> it doesn't seem to work actually 14:07 < zenix_2k2> let's me try to make this closer to my problem 14:07 < zenix_2k2> actually i am trying to figure outs all of the active connections of a socket 14:08 < zenix_2k2> so is that possible ??? 14:08 < X-Cyber2> try fuser -n tcp 8080 if that's tcp connection 14:08 < zenix_2k2> yea i triedf 14:08 < zenix_2k2> tried* 14:08 < tpanarch1st> l00pcy4: apple devices :-S 14:09 < zenix_2k2> but it only one only when it was supposed to be 2 connections 14:09 < zenix_2k2> i bet the first one is my localhost 14:09 < l00pcy4> reask the question 14:09 < zenix_2k2> huh ??? 14:10 < zenix_2k2> "reask" doesn't seem to available on google translate 14:10 < zenix_2k2> so sorry for tat 14:13 < l00pcy4> tpanarch1st see privmsg 14:13 < zenix_2k2> Oh, you weren't talking to me 14:13 < zenix_2k2> ok srry 14:19 < poolson> DUDES I SOLVED IT ! 14:19 < poolson> it was all tied to mtu ! 14:19 < kamura> nice how did you work it out 14:19 < poolson> threw enough shit at the fan 14:20 < poolson> some eventually has to stick ! 14:20 < poolson> its an age old theory 14:20 < poolson> but yeah i just figured it would be worth tweaking that a bit 14:20 < poolson> so just lowered it from the default to 1000 14:21 < poolson> KABOOM ... worked 14:31 < Demos[m]> hm should I bug the network guys to give me more than just 2 /64s 14:35 < survey0r> poolson, good to hear. I followed that saga and hoped it would be figured out. MTU huh lol 14:40 < abdulhakeem> Something I don't quite understand about IP addressing and subnetting: Don't you really just need one external IP address that goes out to your ISP/the internet? 14:41 < Epic|> With NAT, yes 14:41 < abdulhakeem> Obviously you need your own internal IP addressing but like with the whole thing about classful vs classless, I don't quite follow why it matters because from my understanding you really only need just the one external IP address 14:41 < light> not everyone's needs are the same 15:14 < MarkusDBX> Will accessing a remote m.2 ssd on lan, over a 40GbE LAN, be almost like having it native in the same machine? 15:16 < Android_> hey 15:16 < light> hey 15:16 < Android_> why sorry about tat 15:16 < light> MarkusDBX: no 15:17 < MarkusDBX> light: but shouldn't be lots added 15:17 < light> it'll be fast, but you'll lose IOPS 15:17 < Android_> tank 15:17 < Android_> ttm 15:18 < MarkusDBX> light: I got a few machines close to each other, each having their own ssds with space left. Idea is to setup a zfs san instead 15:18 < MarkusDBX> and then using dedup 15:18 < light> doesn't seem worth it 15:18 < MarkusDBX> since 40gbe nics are not super expensive anymore 15:41 < CannedSpinach> can anyone explain this error to me? don't know anything about SSL https://paste.debian.net/1019131 15:42 < Emperorpenguin> CannedSpinach: bit hard to tell from just that 15:43 < Emperorpenguin> but I'd say... connection refused 15:44 < CannedSpinach> does that mean it's a firewall problem? 15:45 < Emperorpenguin> don't know enough abotu your specific problem to tell 15:46 < CannedSpinach> I'm trying to connect to a server on my LAN that I just set up 15:46 < CannedSpinach> so far none of my devices can connect to it besides the server itself 15:47 < detha> It's not the firewall. It possibly can't be the firewall............. It was the firewall. 15:48 < CannedSpinach> I'm just trying to figure out how to get the firewall to chill out 15:48 < abdulhakeem> https://www.cyberciti.biz/media/new/cms/2017/04/dns.jpg 15:49 < abdulhakeem> gah subnetting is the bane of my existence 15:57 < CannedSpinach> damn, I was really counting on IRC being able to help with this 15:57 < CannedSpinach> did not want to have to chuck this project in the bin 15:58 < ||cw> CannedSpinach: what IP is it listening on 15:59 < ||cw> are those errors from the client or server? 16:00 < CannedSpinach> ||cw: I'm connecting via its hostname, but I assume the IP it's listening on is 196.168.1.79 as that's how I connect via ssh 16:00 < CannedSpinach> the errors are from the client (I think) since I'm on the client's shell when I put in the openssl command 16:00 < CannedSpinach> when I do the same command from inside the ssh shell I get a normal response 16:03 < SporkWitch> CannedSpinach: typically connection refused means the port is open on the firewall but nothing is listening on it; SOP for firewall rules is to DROP not DENY 16:04 < CannedSpinach> SporkWitch: so you think maybe the server is set up wrong? 16:04 < SporkWitch> CannedSpinach: that's what that implies to me, yes 16:04 < CannedSpinach> are there maybe some diagnostics I can run to see if the server is listening at X port? 16:05 < SporkWitch> CannedSpinach: man netstat 16:06 < CannedSpinach> I don't have a manual entry for it 16:06 < CannedSpinach> I'm on Debian 16:07 < SporkWitch> probably don't have it installed, then 16:07 < SporkWitch> you'd do this on the server itself, btw 16:07 < CannedSpinach> netstat-nat maybe? 16:07 < CannedSpinach> just looking for the right package 16:08 < SporkWitch> i'd have to google to see what debian's calling it, so you should google to find what debian's calling it :) 16:08 < CannedSpinach> fine lol 16:08 < CannedSpinach> am I just looking for "Tool that displays NAT connections"? 16:09 < SporkWitch> the command is called netstat; there's a handy application on debian-based distros called "apt-file" which will let you search the name of a command and return what packages have it 16:09 < SporkWitch> (aptitude install apt-file && apt-file update) 16:11 < CannedSpinach> the manual is saying this package is obsolete :/ 16:15 < CannedSpinach> SporkWitch: according to netstat my server is listening at the port I want it to listen at 16:16 < SporkWitch> is it listening on the interface you want it to listen on? 16:20 < CannedSpinach> that's a tricky question because I'm not sure which interface I want it to be listening on 16:22 < CannedSpinach> I assume it's TCP 16:22 < CannedSpinach> and it is listening for TCP 16:22 < SporkWitch> CannedSpinach: unless you have a specific reason not to, you typically want it listening on 0.0.0.0, which would be all interfaces 16:23 < CannedSpinach> yeah 16:23 < CannedSpinach> 0.0.0.0:* 16:25 < CannedSpinach> SporkWitch: any other suggestions before I set my raspberry pi on fire and put it in the dumpster? 16:26 < SirLagz> CannedSpinach: instead of putting it in the dumpster, you should send it to me. 16:27 < CannedSpinach> sorry, can't afford to pay shipping 16:27 < CannedSpinach> plus it would be on fire 16:27 < SirLagz> well before you set it on fire :P 16:28 < SirLagz> CannedSpinach: what are you trying to do? I'm a bit confused. 16:28 < SirLagz> CannedSpinach: is something not connecting? 16:29 < CannedSpinach> I am trying to run a program called a taskserver which is basically a centrally hosted todo list that you connect to via SSL 16:29 < CannedSpinach> I have the server set up and syncing with itself but when I try to sync with other devices I get connection refused 16:29 < abdulhakeem> why not just use Google Keep 16:29 < CannedSpinach> even though they're using the same SSL files 16:29 < SirLagz> CannedSpinach: firewall off? 16:29 < ||cw> "via ssl"? ssl is just an way to encrypt sockets, it's not a connection method 16:30 < Holo> um 16:30 < CannedSpinach> SirLagz: according to SporkWitch it is probably not a firewall problem 16:30 < Holo> SSL is dead 16:30 < Holo> you should not use SSL 16:30 < Holo> Use TLS 16:30 < SirLagz> CannedSpinach: probably not, but pays to check. 16:30 < CannedSpinach> ||cw: my bad, I am new at this 16:30 < CannedSpinach> SirLagz: the thing is I have other servers running on the same device that other devices on my LAN connect to without a problem 16:30 < CannedSpinach> so I don't see why the firewall would be an issue for this specific program 16:30 < CannedSpinach> but I did try to turn the firewall off briefly and still got the same error 16:31 < ||cw> try the interactive method listed in the server instructions, maybe turn up the debug level 16:31 < CannedSpinach> https://paste.debian.net/1019131 here's the error btw 16:31 < SirLagz> CannedSpinach: from a different machine? 16:31 < ||cw> CannedSpinach: client or server ? 16:31 < SporkWitch> what's the topology look like? I thought we were dealing with a proper server, not a raspi sitting who knows where. Sounds like there might not be a good route to it 16:32 < CannedSpinach> ||cw: client 16:32 < CannedSpinach> yes different machine 16:32 < CannedSpinach> SporkWitch: the RPi is hooked up to my router by ethernet 16:32 < ||cw> CannedSpinach: are you sure this isn't trying to sue a port that's already in use? 16:33 < CannedSpinach> ||cw: highly doubt it but is there a good way to check? 16:33 < poolson> ahh success finally !! 16:33 < ||cw> netstat 16:33 < Holo> CannedSpinach can you ping the pi? 16:33 < Holo> from said client? 16:34 < CannedSpinach> Holo: I can SSH into it just fine so yeah lol 16:34 < CannedSpinach> ||cw: when the daemon is off, the port is not listening 16:35 < Holo> I am assuming a consumer router 16:35 < CannedSpinach> so I think it's fair to say the port isn't being used by anything else 16:35 < CannedSpinach> Holo: yes 16:35 < Holo> firewall? 16:35 < Holo> check the firewall on the pi 16:35 < CannedSpinach> the pi doesn't have a firewall I don't think, just the router 16:35 < Holo> CannedSpinach what os is on the pi 16:35 < SirLagz> CannedSpinach: what command line options did you start the daemon with? 16:35 < SporkWitch> worth checking, but it's giving him connection refused messages; unusual to have DENY rules instead of DROP 16:36 < CannedSpinach> Holo: raspbian stretch 16:36 < Holo> should be no firewall by default 16:36 < CannedSpinach> SirLagz: none 16:36 < SporkWitch> well, should be empty tables and default ALLOW, not "no firewall" :P 16:37 < abdulhakeem> might have to try recompiling the kernel 16:37 < Holo> well :P 16:37 < SporkWitch> .... 16:37 < Holo> taskd config --force server localhost:53589 16:37 < Holo> did you do this? 16:38 < Holo> because that is your issue if you did 16:38 < CannedSpinach> nope, server is configured to hostname 16:38 < abdulhakeem> did you try re-seating the network cable? 16:38 < SporkWitch> if we're talking about recompiling the kernel for a raspi project, something has gone seriously wrong 16:38 < CannedSpinach> network cable is obviously fine as I am SSH'd into the same machine right now 16:38 < Holo> abdulhakeem we can confirm layer 3 access 16:39 < Holo> I feel like something is wrong at the taskd config --force server localhost:53589 LV 16:39 < abdulhakeem> hmm might have to flash new BIOS image 16:39 < Holo> CannedSpinach can you access the server on the pi itself via localhost? 16:39 < CannedSpinach> running the daemon in interactive mode, I tried to sync again, got no output from the server side 16:39 < SporkWitch> can we go back to the early 90's, when the trolls were actually clever? 16:39 < CannedSpinach> still got connection refused 16:40 < CannedSpinach> Holo: yeah the pi syncs with itself fine if that's what you mean, but it uses its own hostname to do so instead of localhost 16:40 < SporkWitch> that shouldn't matter 16:40 < SporkWitch> what's the software you're trying to work with? 16:40 < CannedSpinach> it's called taskwarrior/taskserver 16:40 < Holo> https://taskwarrior.org/docs/taskserver/configure.html 16:41 < CannedSpinach> Holo: I did everything by the book when it came to configuration 16:41 < Holo> it looks like everything should work assuming the server host is properly done 16:42 < SporkWitch> how are you trying to connect to it from the client? FQDN? 16:42 < CannedSpinach> idk what that stands for 16:43 < SporkWitch> https://lmgtfy.com/?q=define+fqdn 16:43 < Holo> lets make this Simple 16:43 < survey0r> fully qualified domain name 16:43 < CannedSpinach> but my two tests are either "task sync init" which fails with "could not connect to " and an openssl command which returns a big error 16:43 < CannedSpinach> definitely not a fully qualified domain name, just 16:43 < Holo> type "hostname" on the pi 16:43 < CannedSpinach> yeah it's just raspberrypi 16:43 < CannedSpinach> which is the hostname I have it configured as 16:43 < SporkWitch> pastebin the ssl error 16:44 < CannedSpinach> posted it earlier, hold on 16:44 < CannedSpinach> https://paste.debian.net/1019131 16:44 < SirLagz> CannedSpinach: done a packet capture on the Pi when trying to connect with taskwarrior? 16:44 < Holo> CannedSpinach try raspberrypi.local 16:44 < CannedSpinach> SirLagz: I assume no but let me know if there's a way to test that 16:46 < CannedSpinach> Holo: same error, Could not connect to raspberrypi.local 53589 16:46 < Holo> taskd config --force server raspberrypi.local:53589 16:46 < Holo> hmm 16:46 < CannedSpinach> client side or server side? 16:46 < Holo> server 16:46 < SporkWitch> if he's getting ssl errors he probably has the wrong CN set on the cert 16:46 < SirLagz> CannedSpinach: a packet capture would just show the exact traffic that the Pi is getting, would make sure that taskwarrior is actually trying to connect to the correct port. 16:46 < Holo> ya 16:47 < Holo> CannedSpinach see https://taskwarrior.org/docs/taskserver/configure.html#keys 16:47 < CannedSpinach> SporkWitch: CN is set to hostname 16:48 < Holo> change the var to raspberrypi.local and regen your certs 16:49 < CannedSpinach> Holo: it's worth mentioning I tried disabling cert validation earlier and still couldn't sync 16:49 < moog> Sorry if I'm late but is your service listening to the right port ? 16:49 < SirLagz> connection refused errors would point more towards a port mismatch anyway 16:50 < SirLagz> doing a packet capture would see what port the client is trying to connect on, maybe the client or server is configured to connect to / listen on the wrong ports 16:51 < CannedSpinach> remind me how to do a packet capture? 16:51 < moog> So -> sudo ss -atnlup 16:51 < SirLagz> CannedSpinach: with tcpdump 16:51 < moog> To watch your listening ports 16:51 < SirLagz> CannedSpinach: or wireshark if you have a GUI on the Pi 16:51 < CannedSpinach> one moment, already started generating new certs 16:51 < CannedSpinach> pi is shell only unfortunately 16:52 < SirLagz> tcpdump it is then 16:53 < CannedSpinach> moog: taskd is listening at 127.0.1.1:53589 16:53 < SporkWitch> GUIs suck, CLI for life 16:53 < CannedSpinach> 53589 is the port I want 16:53 < CannedSpinach> SirLagz: just tcpdump straight into the shell? 16:53 < SirLagz> CannedSpinach: taskd is listening on 127.0.1.1 ???? 16:53 < moog> :) 16:53 < SporkWitch> redirect to a file... 16:53 < CannedSpinach> that's what it says 16:53 < moog> Do it can't be access remotely 16:53 < SirLagz> CannedSpinach: well that's listening on localhost. 16:53 < moog> So* 16:54 < Holo> lol 16:54 < moog> You welcome :p 16:54 < CannedSpinach> well now we're getting somewhere 16:54 < Holo> you need to listen on its ip address or on everything 16:54 < SirLagz> CannedSpinach: I thought SporkWitch told you to check which interface it was listening on earlier? 16:54 < CannedSpinach> now I just need to figure out how to get it to listen correctly 16:54 < CannedSpinach> SirLagz: the output of the command he gave me was 0.0.0.0:* 16:55 < SporkWitch> SirLagz: i did, but no one listens to me; they seem to like wasting time :P 16:55 < SirLagz> SporkWitch: lol 16:55 < CannedSpinach> I insist that I have been following everyone here astutely, even the troll 16:55 < CannedSpinach> I'm just bad at networks 16:56 < CannedSpinach> taskd server config variable is set to raspberrypi:53589 16:56 < CannedSpinach> I am not sure what I have to change to get it to listen on the network 16:56 < Holo> set that to raspberrypi.local 16:57 < CannedSpinach> so regen the certs you're saying 16:57 < SporkWitch> if it's listening on 127.0.1.1, that's the standard resolution for hostname/fqdn 16:57 < SirLagz> CannedSpinach: probably need to config set to :53589 16:58 < CannedSpinach> aha, now it's listening at 192.168.1.79 16:58 < moog> like 0.0.0.0 16:58 < moog> :) 16:58 < moog> ss is your friend CannedSpinach 16:58 < CannedSpinach> now I'm only getting a handshake error 16:58 < CannedSpinach> progress! 16:58 < CannedSpinach> thanks so much guys 16:58 < SirLagz> ss or netstat or lsof 16:58 < Holo> CannedSpinach what changed it? 16:58 < moog> and forget netstat 16:58 < moog> netstat is over, deprecated 16:59 < SirLagz> moog: why forget netstat? 16:59 < CannedSpinach> Holo: your suggestion worked 16:59 < Holo> good 16:59 < moog> deprecated, Cf iproute2 vs net-tools 16:59 < SirLagz> moog: ah right 16:59 < Holo> now you need to regen the certs with raspberrypi.local as the variable 16:59 < SporkWitch> was having trouble tracking down the iproute2 equivalent to netstat lol 16:59 < Holo> that should fix the handshake error 16:59 < moog> SporkWitch: I have a solution for you :) 16:59 < Holo> moog pls do tell 17:00 < moog> https://agmen.org/netsstat 17:00 < moog> with 2 s :) 17:00 < Holo> I am soo foobarred with ifconfig being gone. 17:00 < SporkWitch> not sure how that link applies except in that it happens to mentioned ss; i had a list of equivalent commands at one point, but i can't find it anymore :( 17:00 < SirLagz> SporkWitch: I forgot netstat was being deprecated lol 17:01 < SporkWitch> SirLagz: net-tools has been deprecated for quite a few years now 17:01 < CannedSpinach> thanks for making me install a depreciated package 17:01 < SirLagz> SporkWitch: yeah, just forgot that netstat was part of net-tools 17:01 < SirLagz> SporkWitch: I've been moving to ip instead of ifconfig and route, but forgot about netstat haha 17:01 < SporkWitch> CannedSpinach: it got you where you needed; i'd have given you ss if i remembered it / could find it 17:01 < CannedSpinach> but seriously I appreciate the team effort here 17:01 < CannedSpinach> if I had money I would pay you all 17:02 < moog> :) 17:06 < Holo> I feel like something is wrong at the taskd config --force server localhost:53589 LV 17:06 < Holo> told you :P 17:07 < CannedSpinach> Holo: yeah but I actually did what the guidebook said and changed it to the result of running `hostname -f` 17:08 < Holo> CannedSpinach the guidebook assumes you have it on a proper domain 17:08 < CannedSpinach> the guidebook sucks 17:08 < survey0r> hehe 17:09 < SporkWitch> "the guide assumes a normal setup" "the guide sucks"... 17:09 < CannedSpinach> idek why I use this software. I went into their IRC to tell them what a time I was having trying to get the server to run and they gave me a bunch of snooty attitude telling me I obviously didn't follow the guidebook in its entirety 17:09 < CannedSpinach> turns out I just followed the instructions too closely 17:10 < Holo> CannedSpinach no it does not suck 17:10 < abdulhakeem> I was wondering why you need to setup a server for a todo list 17:10 < abdulhakeem> just create todo.txt on your desktop 17:10 < Holo> you lack of basic networking sucks 17:10 < SporkWitch> following instructions without understanding what they're doing is a surefire way to screw things up, especially if in a non-standard setup. So yeah, it was on you for following the guide without applying critical thought to adjust for your environment 17:10 < moog> The problem is often between the manual and the chair :p 17:11 < CannedSpinach> SporkWitch: I actually went in there to ask them what exactly they meant by a CN and they redirected me back to the guide 17:11 < SporkWitch> i'd have given you a LMGTFY link :) 17:14 < Holo> https://en.wikipedia.org/wiki/.local 17:48 < Holo> CannedSpinach I hope you know that you cant access this server outside of your house 17:48 < Holo> or rather local network 17:51 * SporkWitch quickly tries to cap the can of worms Holo just opened 17:51 < Holo> SporkWitch not like there is google compute free tier 17:52 < Holo> my znc is usualy free 17:52 < CannedSpinach> Holo: yes that is my intention 17:52 < Holo> or at most 33c a month when I do a lot of thing 17:52 < CannedSpinach> I am not planning on running a server that the internet can access 17:52 < Holo> rip 17:52 < SporkWitch> i have a couple linode instances i use for kolab, bitbucket, jira, and confluence, so i just throw znc on there too 17:52 < CannedSpinach> I am too lazy about security-related stuff to let the internet touch my stuff 17:53 < moog> 127.0.1.1:53589 si the most secure to prevent internet access :p 17:53 < SporkWitch> ... 17:53 < Holo> SporkWitch I like the 99.999% up time 17:53 < SporkWitch> Holo: i like the not-google lol 17:53 < Holo> google will move my vps around on demand 17:53 < Holo> true but it beats amazon's pricing 17:53 < SporkWitch> Holo: hosting kolab on google hardware would completely defeat the point of running kolab in the first place: replacing the google apps stack lol 17:54 < Holo> hahahaha 17:54 < Holo> SporkWitch and be expensice 17:54 < Holo> expensive 17:54 < Holo> the 1 GB egress cap on the free tier is low 17:55 < SporkWitch> not particularly, and i'm actually planning on moving it all in-house once I can afford some new hardware. I've got a 1Gbps down, 100Mbps up connection now, and they'll give me static IPs at 10/ea/mo 17:55 < SporkWitch> so the end goal is to move it all in-house and just maintain a cheap 5/mo VPS SMTP server as a backup 17:55 < Holo> $0.12/GB on the google free tier :P 17:56 < Holo> adds up fast 17:56 < SporkWitch> but once again defeating the point 17:56 < Holo> lol 17:56 < SporkWitch> ah, misunderstood what you were talking about; thought you were saying linode is expensive 17:56 < Holo> ah no 17:57 < Holo> cheap 18:09 < ghxst> can I use this guide to setup load balancing on 2 nics ? http://lartc.org/howto/lartc.rpdb.multiple-links.html#AEN298 18:09 < ghxst> and what happens when 1 of the nics goes down, will all traffic automatically failover to the other one ? 18:10 < Holo> ghxst is it going to 1 router? 18:10 < Holo> err switch 18:10 < ghxst> hmm let me explain the setup 18:11 < ghxst> I have a raspberry pi with 2 4G modems attached 18:11 < ghxst> they show up as eth1 and eth2 18:11 < ghxst> with gateway 10.0.1.1 and 10.0.2.1 18:11 < Holo> then yes as you have 2 routers 18:12 < ghxst> ok thank you for defining that 18:13 < ghxst> I want traffic to be "balanced" over both nics, but fallback to 1 when 2 is down and vice versa 18:13 < ghxst> does that make sense ? 18:13 < tpanarch1st> hello, i'm running a radius server and attempting to set up coova chilli on my lede router, i'm following this tutorial https://medium.com/openwrt-iot/lede-openwrt-setting-up-coovachilli-628dcdbb1b23 but I have no idea what a radiusnasid is or a uamsecret 18:14 < tpanarch1st> i followed this tutorial to set up the radius server https://www.vultr.com/docs/install-freeradius-on-debian-7 18:24 < ghxst> Holo: are you still here? :) 18:24 < Holo> possibly 18:24 < Irritiable|LT> I doubt it. 18:24 < Irritiable|LT> Clearly an auto-reply. 18:25 < Holo> clearly 18:25 < Irritiable|LT> Holo: You are here? 18:25 < Irritiable|LT> That is an auto-reply, right? 18:25 < Irritiable|LT> Yeah, ghxst: Holo left. 18:25 < Holo> is ut? 18:25 < ghxst> we need to do a turing test :x 18:25 < Holo> lol 18:25 < Irritiable|LT> Let's bombard his auto-reply script with math questions. 18:25 < Irritiable|LT> No wait! Philosophical questions. 18:25 < Holo> one day I will have a neural network bot for auto reply 18:26 < ghxst> how about networking questions? ^^ 18:26 < Irritiable|LT> Holo: If no woman is worth being with, due to natural imperfect biologically driven hormonal responses (EG: courtship is an impossibility): Do you date males or simply nobody at all? 18:26 < Irritiable|LT> Answer me, you auto-reply! 18:26 < Holo> ... 18:26 < Irritiable|LT> See, ghxst? It's auto-reply. 18:26 < Irritiable|LT> He's not here. 18:26 < ghxst> you're missing the !8ball prefix 18:27 < Irritiable|LT> Shit. 18:27 < Irritiable|LT> !8ball Holo: Read earlier. 18:27 < Holo> are you done blowing up my phone? 18:27 < Irritiable|LT> :( 18:27 < Irritiable|LT> Holo: No 18:27 < Irritiable|LT> Holo: I 18:27 < Irritiable|LT> Holo: Am 18:27 < Irritiable|LT> Holo: Not. 18:27 < Irritiable|LT> :D 18:27 < Irritiable|LT> OK, Holo. Now I am. 18:27 < Holo> ghxst what is it? 18:27 < Irritiable|LT> I have one of those. 18:28 < Irritiable|LT> Local-only (static) IPv6 from: Laptop <-> Router 18:28 < Irritiable|LT> EF08 or something. Not entirely sure about all of that stuff. 18:28 < ghxst> If I set up load balancing on 2 nics like the guide shows, is there an implicit failover when one of them goes down ? 18:28 < tpanarch1st> anybody? 18:29 < Holo> mmm 18:30 < Holo> idk, I dont use linux for routing 18:30 < Holo> I think so 18:30 < Irritiable|LT> DHCP provided IPv6: fe80::87ed:f9ac:7d62:7faa / 64 18:30 < Irritiable|LT> Linux/Windows -- Irrelevant. 18:30 < Irritiable|LT> FE80... Not EF08. 18:31 < Irritiable|LT> I'm using a Netgear (Nighthawk) router. 18:31 < Irritiable|LT> (For completeness) I am running Lubuntu distro of Linux. 18:31 < Demos[m]> that's not dhcp 18:31 < Demos[m]> that's just a link local address 18:31 < Demos[m]> also they tend to be /128s afaik 18:32 < Irritiable|LT> Demos[m]: Router states DHCP and Linux equally states DHCP. 18:32 < Irritiable|LT> IPv4 is statically assigned currently (dual-stack). 18:33 < Holo> ghxst in theory it should work 18:33 < Holo> ghxst give it a test 18:33 < Demos[m]> one thing I found is that net.ipv6.conf..accept_ra needs to be 2 if you want to route and also get a SLAAC address on that iface 18:33 < Demos[m]> if your dhcpv6 server is giving out fc80::s then something is really wrong 18:33 < Dagger> yeah, that IP isn't from DHCP though, it'll be an autoconfigured link-local 18:34 < Irritiable|LT> Linux/Netgear both refer to it as DHCP. It's behaving like a normal IPv4 DHCP (IPv4 I am much more familiar with than IPv6). 18:34 < ghxst> ok thanks Holo I will :) 18:34 < Irritiable|LT> I've always set a static IP (IPv4) because I hate the time delay that using a DHCP assigned one takes. 18:35 < Demos[m]> lucky for you ipv6 does it faster 18:35 < Dagger> they're probably lying, then 18:35 < Holo> ghxst the reason I said in theory is because you can have multi-path that has a fallover or a multi-path that does not 18:35 < Irritiable|LT> As far as 128 goes: I've only ever seen 64 referenced. I've seen "10" used (even in Netgear's online support for another model) for FE80 (local-link or whatever IPv6 calls a statically assigned IP address). 18:35 < Holo> ghxst you may need to add a check on both routes 18:35 < Irritiable|LT> Dagger: "They?" The machines? 18:35 < Dagger> or they aren't, in which case something's rather wrong 18:36 < Apachez> linklocal 18:36 < Demos[m]> link local isn't statically assigned 18:36 < Apachez> depends on tcp stack 18:36 < Dagger> they = "Linux/Netgear" 18:36 < Apachez> its made up of the nic + mac address 18:36 < Holo> Irritiable|LT I've always set a static IP (IPv4) because I hate the time delay that using a DHCP assigned one takes. 18:36 < Irritiable|LT> Yes. This laptop's running Linux and the router is a Netgear (Nighthawk, specifically). 18:36 < Holo> um 18:36 < Apachez> nowadays some randomness to the "mac" being used due to false sense of privacy 18:36 < Demos[m]> ultimately the prefix on the fe80 doesn't matter that much because you always need a scope anyways 18:36 < Holo> are you forever disconnecting and connecting? 18:37 < Demos[m]> MACs are not used with dhcpv6 (sorta) 18:37 < Irritiable|LT> Apachez: It's just suggested that you use the router's MAC address. Any unique global ID works. My router defaults to it's own MAC address for generation. 18:37 < Holo> Demos[m] depends 18:37 < Irritiable|LT> Demos[m]: Yes and no. 18:37 < Demos[m]> clients ident to the server with a UUID that is pretty much arbritrary 18:37 < Apachez> no and yes 18:37 < Holo> it can be yes, it can be no 18:37 < Irritiable|LT> It's a general gauge (as it'll be guaranteed to work), but not a rule. 18:37 < ghxst> Holo: hmm I see :/ complicated haha 18:38 < Irritiable|LT> Anyway 18:38 < Demos[m]> but ofc the server can look at their mac 18:38 < Demos[m]> also privacy extensions and so on 18:38 < Holo> ghxst you can assign ips or let the devices create their ips 18:38 < Holo> err 18:38 < Holo> Irritiable|LT 18:38 < Irritiable|LT> To stay on topic (not sure who mentioned anything about using the MAC for a unique ID): I am trying to set a static IPv6 address on this laptop. 18:38 < Holo> ghxst ya sorry, I don't use linux for routing 18:38 < Irritiable|LT> Holo: I tried setting a static IPv6. I sort-of kind-of got one working, but was unable to ping anything. 18:38 < Irritiable|LT> I definitely do not know enough. 18:39 < Holo> Irritiable|LT lol what? 18:39 < Irritiable|LT> Holo: Precisely. :) 18:39 < Holo> a device will auto make its own ipv6 based off its mac address with a bit flipped 18:39 < ghxst> Holo: what do you use ? 18:39 < Apachez> gayporn 18:40 < Apachez> ohh that question wasnt to me 18:40 < Holo> ghxst Cisco 18:40 < Holo> I specify my routing protocols etc 18:40 < Irritiable|LT> Holo: Perhaps it's my ignorance or perhaps I missed something during all my hours of research. What I am attempting to accomplish via IPv6 would look similar to this in IPv4 (static): 192.168.1.XX2, 192.168.1.XX3, etc. 18:40 < Apachez> I spit on your routing protocols etc 18:41 < Apachez> there is nothing wrong by using static ipv6 18:41 < Holo> Irritiable|LT so you want static local ipv6? 18:41 < Irritiable|LT> Apachez: I am awar. 18:41 < Apachez> you have a very broken tcp stack if you cant do that 18:41 < Irritiable|LT> Holo: Yes. For the umpti-billionth time. Lol 18:41 < Holo> use FD80::1 etc 18:41 < Irritiable|LT> FD80 not FE80? 18:42 < Holo> Prefixes in the fd00::/8 range have similar properties as those of the IPv4 private address ranges: 18:42 < Irritiable|LT> Netgear doesn't exactly list "static" in the drop-down list. It has a "Fixed" option (I assume that's what it is). 18:43 < Holo> fe is link local 18:43 < Irritiable|LT> Then perhaps link-local is not what I've been wanting all this time. :| 18:43 < Irritiable|LT> Moment. I'll show you a S/S. 18:44 < Dagger> just leave the link-local alone. it's configured automatically by your OS; the router isn't even involved 18:44 < Holo> fe is also SLAAC 18:44 < Holo> just leave it be 18:46 < Dagger> Holo: not sure what you mean by that, unless it's "SLAAC addresses often have an 'fe' somewhere in them". fe80::/10 has nothing to do with SLAAC 18:47 < Holo> Dagger its usualy the range used in SLAAC 18:47 <+catphish> there is no range used in SLAAC 18:47 < Irritiable|LT> Holo: https://i.imgur.com/xTSRKne.png 18:48 <+catphish> SLAAC uses whatever range applies to your network 18:48 < Holo> catphish ya 18:48 <+catphish> though its operation probably depends on having link local addresses, it certainly uses them for next hop routing 18:48 < Dagger> no... no it's not. you use some public /64 for the network, and turn SLAAC on for that 18:48 < tds> do you just mean the ff:fe bit that gets used in the middle of the mac address when doing eui64 slaac? 18:48 < Dagger> you don't do SLAAC for your link-locals 18:48 < Irritiable|LT> Holo, Dagger: I am attempting to create a static IP (IPv6) between my laptop and router (as you would normally do with IPv4). 18:49 < Holo> Dagger im thinking of how link local addresses are created 18:49 < Holo> I guess I need a cup of coffee or I haven't configured ipv6 in too dam long 18:50 < Holo> I never touch ipv6 at work 18:50 < Irritiable|LT> I am assuming it would be listed as: "Fixed" for a static IP (IPv6)? 18:50 < rewt> Irritiable|LT, that screenshot shows the /64 your lan should be using... every pc/laptop should have an ip in that range, and in the fe80::/10 range 18:50 < Dagger> Holo: no SLAAC involved, they're just set automatically by the host 18:50 < Holo> ya 18:50 < Dagger> although okay, the algorithm used to do so very much resembles SLAAC 18:51 < Holo> Dagger like I said, brainfart :P 18:51 < Irritiable|LT> rewt: On the router, you are referring to the: "IPv6 Address/Prefix Length?" 18:51 < Irritiable|LT> IPv4 makes sense. IPv6 looks and feels Greek. 18:51 < Dagger> Irritiable|LT: I'd say don't bother, it's not worth the effort. just use the addresses you get from SLAAC 18:52 < tds> Irritiable|LT: one thing to consider is that if you enable slaac, each device should generate a persistent address anyway, which you can probably consider to be static (ish) 18:52 < rewt> Irritiable|LT, "Router's IPv6 Address on LAN"; the underlined portion is the prefix 18:52 < tds> if you switch to "auto config" under the lan section, everything should just pick up a slaac address (or two) and be happy 18:53 < Holo> or iface eth0 inet6 static 18:53 < Holo> address fd80::1 # replace with your static address 18:53 < Holo> and keep going on if you are hell bent on static 18:53 < Dagger> if you must, use an address like 2605:6000:1018:111::2/64 and set the default route to... the router is probably using fe80::9e3d:cfff:fec8:b4c4 18:54 < Dagger> just bear in mind that you'll need to manually change it if your ISP changes your prefix on you 18:54 < Holo> you can set you gateway 18:54 < Irritiable|LT> Dagger: The amount of effort I put into learning something is far out of scope. 18:54 < Irritiable|LT> tds: Okay. Thank you for the information. 18:54 < Irritiable|LT> rewt: You are saying the prefix (underlined portion) would be entered (router-side) as the IPv6 Prefix ("Fixed" option)? And as for the default gateway? I am assuming 192.168.1.1 doesn't fit. 18:54 < Dagger> leave the link-local alone, you *really* don't need to do anything with those 18:55 < Dagger> and you don't need to touch anything on the router to configure a static address on a client 18:55 < Holo> Dagger static ip via dhcp yay 18:55 < Holo> :P 18:55 < Dagger> but seriously, SLAAC works fine and is way less effort than manually configuring stuff 18:55 < tds> well if you really wanted to you could set a static link local address ;) 18:55 < rewt> Irritiable|LT, no, that IS the prefix, you don't enter it anywhere... your laptop will have an ip in that range 18:55 < rewt> Irritiable|LT, for default gateway, it's normal to have an fe80::* ip 18:55 < Dagger> (Linux even has `ip token` if you want to use a specific interface identifier with SLAAC) 18:56 < Irritiable|LT> :| 18:56 < Holo> Irritiable|LT mind = blown 18:56 < Irritiable|LT> Yes. More or less. IPv4 makes sense. Just to reiterate. 18:56 < Irritiable|LT> I'll take a stab at this tomorrow when I am not half asleep. 18:57 < rewt> Irritiable|LT, that drop-down on the top right is your "Internet Connection Type"... has NOTHING to do with your lan 18:57 < tds> Dagger: the token support always sounded very neat, do you know if there's syntax to use it in /etc/network/interfaces on debian yet? 18:57 < tds> Dagger: the token support always sounded very neat, do you know if there's syntax to use it in /etc/network/interfaces on debian yet? 18:57 < rewt> the "Internet Connection Type" determines how the INTERNET side of the router is configured 18:57 < Dagger> `pre-up ip token set ::2/64 dev $IFACE` is what I have 18:57 < Holo> tds use systemd :P 18:58 < Irritiable|LT> rewt: Yes. Along with that: I can (easily) slap in Google's IPv6 DNS servers. 18:58 < Irritiable|LT> Although I do that on the client-side regardless (phones included). 18:59 < Holo> Irritiable|LT what is stopping you doing that at the router lv? 18:59 < rewt> leave that drop-down as DHCP... that configures your ROUTER as getting DHCP from your ISP... has nothing to do with how your lan is generating addresses (DHCP, SLAAC, whatever) 19:00 < tds> Dagger: I was about to send "that or I'm just stuck with setting the interface to manual and doing up scripts", but then my internet died :) 19:00 < Irritiable|LT> Holo: You must select "FIXED" in order to enter a DNS server. 19:00 < Irritiable|LT> I apologize. "Auto config" enables DNS selection as well. 19:01 < Holo> I was going to say 19:01 < Irritiable|LT> Okay. Thank you. I am stepping out to make some food before bed. 19:01 < Holo> consumer routers are pure shit then lol 19:01 < Irritiable|LT> Holo: It is a cheapie-cheapie $250 router. 19:02 * Irritiable|LT stepping out 19:04 < tds> just use a linux box instead, you can do far nicer things and get decent v6 support 19:05 < SporkWitch> the real question is whether your ISP properly supports ipv6; the answer is usually "no" 19:06 < Dagger> it seems to be working well enough in this case? 19:07 < Dagger> I mean, that looks like a single /64 and I bet there's no rDNS so it's not exactly working properly, but well enough to reach the internet 19:07 < Demos[m]> hey man most US isps at least do 19:08 < Demos[m]> just last night I set up a VM farm on my system using a PD prefix and everything 19:08 < Irritiable|LT> tds: I am on a Linux distro. SporkWitch: My ISP was bought out 4mo. ago. Yes. They support IPv6. 19:08 < Irritiable|LT> 20 MB/s down. 19:08 < Irritiable|LT> $40/mo. 19:08 < SporkWitch> Irritiable|LT: i said DECENT support. Time Warner has "supported" ipv6 for years, it just only works maybe 30% of the time because they have their shit set up wrong 19:09 < Irritiable|LT> It was 10 MB/s down. They bought a new ISP in-city. Everybody grandfathered into 20 MB/s. 19:09 < SporkWitch> where are you, uganda? those prices are even worse than the US... 19:09 < Irritiable|LT> SporkWitch: Uh... I don't know what year you're referring to, but: That's pretty fucking awesome. Probably the cheapest in this state. 19:09 < Irritiable|LT> Competitor: 10 MB/s for $100/mo (the usual 'low'). 19:10 < Irritiable|LT> Cricket (phone service) is now at $30/mo. unlimited LTE (1GB 'highspeed'). 19:10 < SporkWitch> 40 bucks for 20 down? even timewarner/spectrum charges 50/mo for 100Mbps (though you're only actually going to see around 70 on a good day) 19:10 < Irritiable|LT> Oh. I thought that's what was throwing you off. 19:10 < Irritiable|LT> 100Mbps != 100MBps 19:10 < Irritiable|LT> 100Mbps = 10MB/s 19:10 < Irritiable|LT> I have 200Mbps. 19:11 < Irritiable|LT> And yes: I DO get that speed (tested thoroughly). 19:11 < SporkWitch> the assumption is that YOU made the typo; you don't measure throughput in bytes 19:11 < Irritiable|LT> Normal people do. 19:11 < Demos[m]> I've a site with full ipv6, I want to provide an ipsec vpn for both ipv6 (easy, l3) and ipv4 (not sure) clients. Is it better to do ipsec over v4 in tunnel mode or have like a 6in4 tunnel and then pass l3 ipsec over it 19:11 < Irritiable|LT> I don't tell people I have 109289124791284789217498127948127498471928471289479128424789247892174bits of harddrive space left; do you? 19:11 < Demos[m]> "regular packets but signed" 19:11 < SporkWitch> normal people don't know what they're talking about and so you assume they're always wrong (because they usually are). You are in a networking channel, use proper units 19:12 < Irritiable|LT> That's ironic. I did and you somehow confused it with the marketing scheme used to bait ignorant persons. 19:12 < SporkWitch> We aren't talking about storage, we're talking about throughput, which is measured in bits, not bytes 19:12 < Irritiable|LT> BRB food's done. 19:12 < Demos[m]> damn I get 1000/1000 for $50 19:12 < SporkWitch> Demos[m]: EU? 19:12 < Irritiable|LT> SporkWitch: I'm done discussing it with you. You are wrong, plain and simple. I've never had a 28000Kbps connection (whatever that is). 19:13 < Irritiable|LT> 28k/s 19:13 < Irritiable|LT> 28k more formally 19:13 < SporkWitch> Simply saying i'm wrong doesn't change that i'm right. 19:14 < Demos[m]> nope AT&T in the US 19:14 < Demos[m]> tryina get a 10G or 100G link to the internet at work too 19:14 < rewt> Irritiable|LT, actually he's right; throughput is measured in bits 19:15 < SporkWitch> Demos[m]: that's absolutely incredible, especially from that company. Even the locally-owned fibre start-up here charges 100/mo for 1Gbps down and 100 Mbps up' 19:15 < Demos[m]> well actually more important than that is 10G between my office and the datacenter 19:15 < rewt> the old 28k/s modems were actually 28 kilobits/second 19:15 < SporkWitch> ah, business connection in an actual business area, not a home? that'll do it 19:15 < Demos[m]> So I think my apartment has a bulk basic cable and internet (like 25mbit) deal, so that's like $30 off the top 19:16 < SporkWitch> Makes sense 19:16 < Demos[m]> it's fiber to the building and 1000BASE-T to apartments 19:16 < Demos[m]> actually getting 10G between my office and the datacenter is gunna be way harder than from the datacenter to the internet (and internet2 as it were) 19:17 < Demos[m]> but anyway! ipsec!' 19:17 < SporkWitch> Yeah, they could do that with a larger building; the local fibre ISP here is FTTH; fibre modem sitting in my living room, so no simple coax splitters, they have to splice a new drop to add another apartment 19:18 < Irritiable|LT> Google's Optic Fiber was installed in town here almost a decade ago. 19:18 < Demos[m]> they don't use a site router? 19:18 < Demos[m]> or site switch 19:18 < Irritiable|LT> Quite expensive, but affordable in the residential "HOA" areas. 19:18 < SporkWitch> of course now i need to go buy a bunch of cat7, since all i have longer than 1m is cat5 :( 19:18 < Demos[m]> are they tryina sell you like leased lines? 19:18 < Demos[m]> so I heard cat7 doesn't exist. But I have some 19:18 < Demos[m]> what's up with that 19:19 < SporkWitch> Demos[m]: i think they have a splitter in the box outside, but they run a new fibre drop from that box to the individual apartment, as opposed to copper, so it's not a simple matter of just dropping a cable in, they have to run a splice (just going by the conversations I had with them when they were doing the install) 19:19 < SporkWitch> https://en.wikipedia.org/wiki/ISO/IEC_11801#CAT7 19:20 < Demos[m]> I'm a copper killer. Every time I touch a cat6/7 cable it either dies or one of the ports crashes 19:20 < Demos[m]> a DWDM splitter prolly 19:21 < Demos[m]> yeah right but like they wire them with rj45 plugs and stuff right? 19:21 < SporkWitch> nope, not until it hits the fibre modem; forget the connector types for fibre, gimme a sec to find it 19:22 < SporkWitch> LSH i think 19:22 * SporkWitch goes to check 19:23 < SporkWitch> LSH into the modem, RJ-45 from modem to router 19:23 < Demos[m]> no no I mean cat7 not fibre 19:24 < SporkWitch> oh, yeah, cat7 is still using rj45, it's just STP instead of UTP (individual wires shielded, as well as the cable itself) 19:25 < SporkWitch> which works out to ideal for my situation; they wouldn't run the fibre to the third floor, only the second, but 99% of my electronics are on the third floor, so if i'm going to have a half dozen cables bundled together, the shielding is probably desirable 19:25 < Demos[m]> you could run a patch cable 19:25 < SporkWitch> on the upside, my current laptop has a REALLY good radio; i get about 600Mbps 19:27 < SporkWitch> could, though at that point it's easier to either add a switch on the third floor; either way i'd need additional 1GBE-rated cables, may as well just get some long, shielded ones and be covered for the future, rather than some short ones that limit options later on 19:29 < SporkWitch> i had considered picking up a POE switch, though, but those get pricey fast (I work for a voip company, would be convenience to not require power injectors for test phones, and not have to use internet connection sharing to get it online) 19:34 < Holo> SporkWitch it would cost less 19:34 < Holo> in terms of wasted power 19:35 < SporkWitch> the POE switch vs power injectors, or running one long drop, a switch, and multiple short drops vs multiple long drops? 19:36 < Irritiable|LT> For some reason: I thought you were referring to 4-cylinder engines for a minute. @_@ 19:37 < SporkWitch> why would you think we're talking about internal combustion engines in a networking channel? O.o 19:37 < grawity> since when is ##networking a networking channel 19:37 < Irritiable|LT> I sat down and saw: "the POE switch vs. power injectors." It wasn't until I thought for a minute and realized: "POE" clearly isn't referring to anything in the auto-industry, that I read the rest. 19:38 < SporkWitch> grawity: i mean, it's usually OBVIOUS when we're clearly off-topic lol 19:38 < Irritiable|LT> Fuel injection vs. carbs. I know a little bit about carbs... Fuel injectors? Yeah. 19:38 < Irritiable|LT> Sorry. I need to sleep soon. 19:38 < SporkWitch> no, VoIP phones typically use POE, so without a POE switch you need power injectors 19:40 < grawity> on a slightly related note 19:41 < grawity> is it true that networks with voip phones often have tagged vlans on the same port as regular untagged computer/workstation vlan? 19:41 < grawity> and/or is that kind of configuration common in general 19:42 < SporkWitch> grawity: we recommend setting up separate VLANs for data and voice to easily set QOS to prioritize the VoIP traffic. 19:43 < SporkWitch> But yes, it's not unusual to see both on the same physical ports. It's why pretty much all VoIP phones have a pass-through port as well, in case there's only one network port available at a desk, you can still have the phone and the workstation connected. 19:43 < strive> Neat. 19:43 < Apachez> "we" ? 19:44 < Apachez> butt plugs vs shellfish 19:44 < grawity> SporkWitch: so I'm asking because I want to enable IPv6 SLAAC on such a tagged vlan 19:44 < Apachez> you enable slaac on the vlan interface itself 19:44 < Apachez> doesnt matter if its tagged or not 19:44 < grawity> and all our Windows PCs with Intel NICs process router advertisements even if they arrived with a vlan tag 19:44 < Apachez> tagging is a physical interface feature when the frame egress/ingress on it 19:45 < grawity> which is annoying 19:47 < SporkWitch> grawity: a bit beyond my scope in my current posittion. We offer general recommendations, but it's on the customer's network admin to worry about implementation details. 19:47 < SporkWitch> grawity: i could link you the best practices guide we send our off-net (no t1 purchased through us, they provide their own data connection for the phones) customers, if you like? 19:48 < grawity> would be interesting to read in any case 19:49 < SporkWitch> let me track it down for you 19:49 < SporkWitch> grawity: this should be public-facing, not customer-only https://oneview.mitel.com/s/article/Network-Best-Practices-for-Mitel-MiCloud-Connect 19:49 < SporkWitch> there's a PDF attached that's the main guide 19:58 < Demos[m]> It is common to have tagged and untagged. I use this for a vlan to contain chineseaum ip cameras 19:59 < grawity> so my expectations that PCs should ignore tagged frames aren't unreasonable 20:00 < Apachez> they normally do 20:00 < Apachez> but meh 20:00 < grawity> not in my experience 20:00 < grawity> with Windows/Intel that is 20:00 < grawity> they get a tagged RA, set up an ipv6 address belonging to the tagged vlan, then try to use it untagged and blow up 20:02 < SporkWitch> to say windows' network stack is an abortion is an insult to all bundles of sells thrown out in biohazard bags 20:02 < SporkWitch> s/sells/cells/ 20:25 <+catphish> Irritiable|LT: MB/s is a very unusual way to express a connection speed, i'd avoid it for risk of obvious confusion with the commonly used Mb/s 20:27 < infinisil> I think we should all move to 8E6/s notation 20:27 < infinisil> That is, 8*10^6 bits per second 20:27 <+catphish> grawity: ethernet drivers can be pretty mixed in their handling of tagged packets, though for a long time i used linux with both tagged and untagged on the same NIC without issues 20:27 <+catphish> infinisil: good luck with that :) 20:28 <+catphish> but yes 20:28 < grawity> yep it's something specific to the Windows model 20:28 < Maarten> To avoid confustion, I have used Mbit/s or Mbps for decades now (or Mbyte/s) instead of the 2 letter versions of MB and Mb..... 20:28 < grawity> apparently the NIC untags in hardware and puts the VLAN ID in a special field for the packet struct 20:28 <+catphish> grawity: yeah, i don't know much about windows ethernet, but heard it can be weird about vlans 20:28 < grawity> and the Windows IPv6 code forgets to check that field 20:28 <+catphish> grawity: makes sense 20:29 < grawity> they do have a "monitor mode" that leaves the tag in place, I need to get around to deploying that now that everyone's on AD 21:28 < hukata> hi 21:42 < hukata> hello 21:47 < TTE_> Hello! I have a small problem and I'm hoping someone can help. I have a home lab running a W2k16 server connected to a Cisco 3570 Switch and a 2811 Router. There are two VLANs(30 and 40) that belong to home devices and the server, respectively. However, I cannot RDP into VLAN 40 from 30, but I can do vice versa, any ideas? Nmap shows 3389 open and firewall off. 21:47 < TTE_> Pastebinning configs shortly 21:48 < nobody> hi :) 21:48 < TTE_> https://paste.debian.net/1019207/ 21:48 < TTE_> Cisco switch int configs 21:48 < TTE_> not switch, router* 21:49 < TTE_> I can ping between networks, RDP client has ip 192.168.30.103 and server 192.168.40.20 21:58 < detha> TTE_: how does it fail? timeout, or reject immediately? 21:59 < TTE_> Times out 21:59 < TTE_> Doesn't get past the initalizing rdp 22:00 < TTE_> Firewall is completely disabled on server, nmap shows 3389 open 22:00 < detha> nmap from the same host you are trying to connect from? 22:01 < halidyne> Hello, where are IGMP packets sent to? A host or a router? 22:03 < TTE_> yes on the nmap 22:03 < TTE_> I'm pinging the the host, if that's what you mean by IGMP. I'm still a novice lol 22:03 < TTE_> But I can ping both 22:06 < detha> TTE_: wireshark on both sides, see what 3389 traffic you pick up. Doesn't sound like a routing problem, more like the target wanting to check with some authentication thing and failing, or doing hostname lookups, or something like that 22:08 < DrunkRhino> I don't suppose there's any kind of off-topic networking chat? Trying to brainstorm ideas for host/usernames after rebuilding a couple of machines. 22:09 < pekster> https://www.xkcd.com/910/ 22:11 < DrunkRhino> pekster, that just about sums up my afternoon 22:13 < DrunkRhino> Been trying to go with a (mythical/fictional) garden theme, but after eden for the domain and yggdrasil I'm stumped. 22:14 < TTE_> Nothing related to RDP shows up on wireshark 22:14 < TTE_> both ends 22:19 < TTE_> I have a a feeling my issue relates to my ACL, which is for PATting 22:19 < TTE_> my only ACL conf'd is access-list 50 permit any log 22:55 < TTE_> I got D/C'd enabling logging on my ACL... 23:08 < cluelessperson> I'm using the Unifi USG as a router 23:08 < cluelessperson> and it seems slow to DHCP ipv6 23:08 < cluelessperson> how do I speed i tup? 23:09 < SporkWitch> use more newlines to break up your single sentence, it helps 23:10 < cluelessperson> SporkWitch: sorry 23:12 < kamura> I think it's a decent way of asking a question honestly 23:12 < kamura> breaks up the sentence into the key points for easy reading 23:12 < kamura> don't have an answer unfortunatly 23:12 < SporkWitch> yeah, it doesn't; that's what punctuation is for. 23:13 < kamura> new lines are punctuation 23:14 < SporkWitch> "i'm using the unifi usg as a router." Cool story, useless by itself. "and it seems slow to DHCP ipv6" what even does that mean? Still largely useless by itself. "how do i speed it up?" Speed what up? on what? Now put it all together: we have what he's using, an issue (although unclear what exactly is up), and a request. It only makes sense together. 23:15 < SporkWitch> No, non-printable control characters are not punctuation. 23:15 < cluelessperson> SporkWitch: I've configured the USG to dhcp ipv6, I connect it to the ISP, and seems to eventually get an ipv6 address, but takes a long time. 23:15 < SporkWitch> cluelessperson: to the issue, are you saying DHCP response is slow with ipv6 enabled? 23:15 < cluelessperson> I can't tell, don't have the knowledge to test it yet 23:15 < SporkWitch> cluelessperson: gotcha, that's going to be an issue with the ISP; most don't have ipv6 configured well or properly 23:15 < kamura> I'd dissagree with your analysis but this is a networking chanel not an english lesson 23:16 < TTE_> So any reason why I can RDP from VLAN 40 to 30 but not from 30 to 40? 23:16 < TTE_> Firewalls disabled, nmap shows open ports, etc 23:16 < TTE_> only one ACL on cisco router that permits all 23:16 < SporkWitch> kamura: reality doesn't need your agreement; now have even one other person typing at the same time, and his single sentence is now interrupted multiple times and even more difficult to follow. This isn't twitter, take the extra 10 seconds to finish your thought. 23:17 < cluelessperson> SporkWitch: all I know is I can connect my ubuntu laptop to the wall, set my network manager to "automatic (addresses only?)" and I get an IPV6 address/60 23:17 < SporkWitch> TTE_: sounds like you're missing a routing entry on one side; you have a route in one direction but not the other 23:17 < cluelessperson> I attempt to set my USG to DHCPv6 and it doesn't work, it might work eventually. 23:17 < cluelessperson> it had an ipv6 when I woke up yesterday 23:17 < SporkWitch> cluelessperson: firmware up to date on the router? 23:17 < cluelessperson> latest 23:18 < kamura> I'm not falling for your bait SporkWitch 23:18 < TTE_> SporkWitch would I use a static route for that? 23:18 < SporkWitch> TTE_: can 23:18 < TTE_> it's just a home lab 23:18 < TTE_> I thought the router wuold take care of that though? 23:18 < SporkWitch> kamura: not bait, just facts of reality; always love what the retarded children these days think is "bait" or "trolling" 23:19 < TTE_> I haven't created any other routing entries at all 23:19 < SporkWitch> TTE_: only if you set it to. 23:19 < cluelessperson> So, I'm looking at Unifi's GUI and the EdgeOS CLI for the USG 23:19 < SporkWitch> TTE_: could be something else, then, but at least in my experience you usually need to explicitly enable a protocol to build its own routing table. 23:19 < kamura> nice try 23:19 < cluelessperson> I'm unfamiliar with IPv6, this ISP, and EdgeOS. :P Time to start practicing 23:20 < SporkWitch> cluelessperson: have you already googled your issue? As you're sayingit's specific to that device the odds are good that someone else has run into it 23:21 < cluelessperson> SporkWitch: several times, but a lot of them just hand commands without explainint how they work or why. I'm having to piece things together slowly 23:21 < TTE_> SporkWitch: Wouldn't this be a completed routing table to allow it?: https://paste.debian.net/1019217/ 23:21 < SporkWitch> cluelessperson: i'm not familiar with that particular model; it's not the POS all-in-one box the ISP gave you, is it? 23:22 < cluelessperson> For example, it's mentioned that WaveG supports DHCP-PD, but is DHCP == SLAAC? 23:22 < cluelessperson> SporkWitch: no. :P It's ubiquiti equipment 23:22 < tds> DHCPv6 and SLAAC are different ways of assigning addresses with v6 23:22 < tds> Some things (eg android) don't support dhcpv6, so I'd generally say to go slaac unless you have reasons not to 23:24 < SporkWitch> TTE_: that should be good; is each host using the correct default gateway (x.x.30.1 and x.x.40.1 respectively)? 23:24 < SporkWitch> TTE_: also, you said VLAN before, but I see you also have two separate subnets there; subnet != VLAN, totally different things. 23:24 < TTE_> I just have each vlan on it's own subnet 23:25 < TTE_> VLAN 30 and VLAN 40 config'd in switch 23:25 < SporkWitch> just making sure we're clear on what's going on and weren't getting things confused or conflated 23:25 < cluelessperson> tds: I'm not sure the ISP supports SLAAC 23:25 < TTE_> gateways look clear on my Laptop (V30) and Server(V40) 23:26 < cluelessperson> so that means I'd have to configure the router with DHCP 23:26 < cluelessperson> or vice versa 23:26 < TTE_> 30.1 and 40.1, respectively 23:26 < tds> cluelessperson: it's quite standard to do dhcpv6 (with prefix delegation) on your WAN but then SLAAC on your lan, so keep in mind the difference between the dhcp client on wan and server on lan 23:27 < cluelessperson> tds: Ah, so I thought they were the same thing. It looks like the ISP does DHCP, not SLAAC 23:27 < cluelessperson> question is, how do I configure the unit to do DHCP or SLAAC for this ISP 23:27 < cluelessperson> not clear which one they use 23:28 < tds> what isp is it? they may have docs online 23:28 < cluelessperson> tds: WAVE G, and good point 23:28 < tds> but in general I'd probably assume it'll be dhcpv6-pd 23:28 < cluelessperson> I didn't bother looking because ISPs in Texas were all trash 23:28 < cluelessperson> (where I was previously) 23:29 < cluelessperson> tds: Ensure that “WAN Connection Type” is set to SLAAC 23:29 < cluelessperson> " " 23:29 < cluelessperson> so I suppose that answers that 23:30 < tds> ah yeah, they delegate you a /60 via dhcpv6-pd, then you probably want to use /64s of that on your lan interfaces (and enable sending out RAs with the slaac flag set on lan) 23:30 < tds> this has some good details: https://gist.github.com/dmtucker/cf3f241cf002367825633c988ff19fcf 23:30 < cluelessperson> tds: SLAAC flag? 23:30 < tds> when your router sends router advertisements, there's a flag that can be set to tell devices to automatically generate an address (slaac) 23:31 < SporkWitch> bah, 2^32 addresses should be plenty! :P 23:32 < cluelessperson> SporkWitch: I like IPV6, it just has some growing pains 23:33 < TTE_> Sporkwitch, do I need to set the default-gateway in the VLAN settings in the switch? 23:33 < SporkWitch> possibly? i'm a bit rusty on configuring VLANs :( 23:33 < cluelessperson> tds: unfortunately, that git page doens't seem to work with what I'm thinking 23:35 < cluelessperson> tds: Can you tell me why that git page, they do 23:35 < SporkWitch> TTE_: my current job is a bit detached from actually doing configuration; the extent of my interaction with VLANs is telling customers to set them up and make sure the phones are on the right one, heh 23:35 < cluelessperson> edit interfaces ethernet eth1 dhcpv6-pd pd 0 interface eth0 { } ? 23:35 < cluelessperson> tds: Why isn't it just service slaac inside the eth1 in their example? 23:36 < cluelessperson> OH 23:36 < cluelessperson> it's prefix delegation 23:37 < cluelessperson> pd 0 { interface eth0 { service slaac } } 23:37 < cluelessperson> okay 23:37 < cluelessperson> starting to click here. It's delegating prefixes to the other interface 23:37 < tds> yeah, prefix delegation will get the /60 routed to your router, then that bit does magic to make it change the prefix on the lan link as your external delegated prefix changes 23:38 < cluelessperson> tds: Show I be witnessing the WAN interface itself having an IPV6 address? 23:38 < cluelessperson> or only a prefix/subnet thing to the other interface? 23:45 < tds> cluelessperson: you can probably either assign the wan interface an ip out of your delegated prefix, or as the guide suggests enable slaac and it may get one from the on-link prefix from the upstream router 23:46 < LunaLovegood> Is it normal that on 1000BASE-T (a Realtek and Intel one), I only get around 880 Mbps with iperf? Fast Ethernet gave me around 95 Mbps IIRC, and I've just tested a pair of Mellanox SFP+ cards at 9.88 Gbps, on the same computer. How come gigabit performs so far below spec for me? 23:47 < Apachez> LunaLovegood: realtek are known to be shitty 23:47 < SporkWitch> LunaLovegood: windows hosts? 23:47 < LunaLovegood> Linux 23:47 < Apachez> back in the days where intel nics spit out 990+ Mbps the realteks were at 300Mbps 23:47 < LunaLovegood> oh I see, thanks 23:47 < LunaLovegood> Damnit the Realtek one is built into the motherboard. 23:47 < Apachez> so I wouldnt be too surprised that you today dont get close to 1G on 1G realtek nics 23:48 < Apachez> to rule things out boot latest ubuntu on both hosts 23:48 < Apachez> and use a tp cable with no switch or such in between 23:48 < SporkWitch> cable quality and interference could also be factors 23:48 < Apachez> only if you got a very bad cable 23:48 < SporkWitch> or a long drop and lots of interference 23:48 < Apachez> netstat -s should tell you the amount of broken packets/frames 23:48 < Apachez> aka resends 23:49 < pekster> `ip -s link` is the modern way to do that, but yes, bad cabling often/usually results in obvious errors 23:50 * linux_probe likes good old ifconfig, they may burn the rest with fire, revert and improve it slightly and just bugfix 23:50 < pekster> It's broken and at best uses old interfaces, and at worst actually lies to you :\ 23:50 < linux_probe> same for the Interfaces" change 23:50 < pekster> I mean, Windows 3.1 had its place too, but it's likewise come and gone ;) 23:50 < linux_probe> burn it all with fire, improvement my ass 23:51 < linux_probe> nedless garbage buttfuckery updates, vs fixing the broken piece is what happened 23:51 < linux_probe> which introduced thousands of more issues and holes 23:52 < pekster> You're free to use a BSD where the userland has generally kept up to date with advances of the last 25 years or so 23:52 < linux_probe> why audit code and FIX things, when you can push the fudge forward by forking or ignoring it and claiming weee with new "features" or are those flaws :)) 23:52 < linux_probe> I use whatever fits the bill in general 23:53 < pekster> Sometimes a project is harder to re-write properly than start from scratch. Feel free to make different choices in projects you're involved in 23:53 < linux_probe> it seems to me computers and most electronics should cost multi-thousands and get rid of it all 23:53 < linux_probe> but they DONT start from scratch 23:54 < linux_probe> they just fork and glob junk overtop the previous junk 23:54 < Jorja> hello 23:54 < Jorja> Does anyone know how I can get an android device to obtain the ip address to connect to internet? tyhe device has connected before just fine 23:54 < pekster> Not really, in the case of net-tools vs iproute2. Almost all the low-level kernel-interfacing iocts have changed. But this conversation isn't really about that, I gather 23:55 < pekster> ioctls* 23:55 < linux_probe> oh it is, have you heard me rant about all the stupendous FUDGE that has been migrated into the kernerl yet? 23:55 < SporkWitch> linux_probe: the primary reason is that the people working on net-tools didn't bother to keep it up to date, so bitch to them, not the people that built a new, more powerful tool and actively support it. 23:55 < linux_probe> Linus needs to start cockslapping the sheeple masses 23:55 < linux_probe> :)) 23:56 < pekster> I don't have the commit handy, but net-tools devs literally authored a "fix" that basically read "this tool is incomplete so use ss instead" (instead of netstat.) They know it's broken and have next to no interest in maintaining it 23:56 < linux_probe> ok, /end rant 23:56 < pekster> More "vaporware" ;) 23:56 < linux_probe> in that sense, linux and everything based upon it is vaporware &^^ 23:57 < SporkWitch> pekster: that too lol; people bitched at them for not maintaining it, someone else is maintaining something, so they said "go use theirs, i don't feel like dealing with it" lol 23:57 < linux_probe> no money in it ;) root of all evil that $$$$ 23:57 < linux_probe> Jorja, have you paid the bill? 23:57 < linux_probe> is the wifi passphrase correct lol 23:58 < Jorja> I AM ON THE INJTERNET RIGHT NOIW SO I WOULD SAY THE BILL HAS BEEN PAID 23:58 < linux_probe> reeaaaaawwww 23:58 < linux_probe> hiss spit, spit hiss, we have a feisty one 23:59 < Jorja> And it was just connected an hour ago and nothing has changed so yes the code is right 23:59 < linux_probe> so you have android device and assuming using ISP router/modem --- Log closed Sun Apr 08 00:00:13 2018