--- Log opened Fri Apr 20 00:00:04 2018 --- Day changed Fri Apr 20 2018 00:00 < jvwjgames> I just recived a new server that can have 192GB of ram max 00:00 < Criggie> jvwjgames: right-sizing VMs based on need and usage is a good idea, 00:00 < k2gremlin> Aeso, Would be easier to find out the number of B's we manage lol 00:00 < Criggie> Our devs like to throw moar resources at problems rather than fixing their code 00:00 < Aeso> jvwjgames, I'd also wager he's wrong about CPU cores. Most servers are horrendously signle-threaded. 00:01 < Demos[m]> Same 00:01 < Demos[m]> We have two 160core 2TB RAM boxes running matlab 00:01 < Criggie> yeah - one thread for their main thread, one for the kernel, one for your other processes ? 00:02 < jvwjgames> game is Unturned 00:02 < k2gremlin> that one is proably multi thread 00:02 < k2gremlin> its a bit newer 00:05 < jvwjgames> odes that mean multiple cores 00:05 < jvwjgames> does* 00:05 < k2gremlin> im digging 00:08 < k2gremlin> Unturned looks like it was only coded for single core 00:08 < k2gremlin> Maybe 1 core for the game process and 1 core for all the other overhead? 00:08 < k2gremlin> He only need 2 cores max 00:09 < jvwjgames> ok thanks 00:11 < orlock> Its not like changing core count is hard... 00:12 < Aeso> on that note, I really wish one of the big cloud hosters would offer low core count, high clockspeed VPSes 00:13 < jvwjgames> how high of a clock speed 00:14 < Aeso> jvwjgames, most hosters are optimizing for the maximum number of clients per host to save on capex overhead. But more cores does no good on single-threaded, real-time workloads like game servers. 00:14 < jvwjgames> how much are vps prices these days 00:15 < Aeso> cheap as chips, if you don't have specific performance requirements 00:15 < Aeso> $3-5 USD/mo for the small ones 00:15 < drac_boy> hi 00:15 < jvwjgames> oh cause i chage only $10/month you get a website and a vps server 00:16 < Aeso> jvwjgames, seems like a reaonsble deal, though I'm not really your target audience with a deal like that. 00:28 < orlock> If you dont want a "real" hypervisor, $10 a year in some cases 00:46 < ossifrage> Any fios gbit users here? Have you noticed horrible youtube performance in the last few weeks (and it seems to be getting worse?) 00:47 < Quatermass> lawlthrottlez 00:48 < ossifrage> It is really bad on my ipad, and mostly bad on my desktop (it is not a wireless network issue, I get >50MB/s when downloading to the ipad from a local source) 00:49 < orlock> have you tried complaining to your isp? 00:50 < ossifrage> orlock, complaining to verizon, I might as well go outside and yell at a rock 00:50 < Quatermass> Have you tried yelling at a rock? 00:51 < ossifrage> I tried banging my head against the rock. 00:51 < Quatermass> Nice 00:51 < orlock> At least they didnt ask you to pay for your dedicate youtube bandwidth 00:52 < ossifrage> bittorrent works great though as does ssh/rsync to my VPS, so there is that 00:52 < Quatermass> they're obviously throttling youtube 00:52 < redrabbit> use the vps as a vpn 00:52 < Quatermass> now that SOME fracking imbecile killed net neutrality 00:52 < redrabbit> or use he ipv6 tunnel 00:53 < redrabbit> he.com 00:53 < ossifrage> From sniffing the ipad traffic it seems like something weird is happening with QUIC 00:53 < ossifrage> But I'm having trouble trusting the packet traces when I sniff the UBNT hardware 00:56 < SoniEx2> what happens if you use a leaf cert to sign another cert? 00:57 < tds> SoniEx2: that shouldn't be possible, the extensions for key usage restrict what it can be used for (eg to verify a user/domain, or to sign other keys) 00:57 < SoniEx2> what happens if you do it anyway? 00:58 < tds> I'd expect any decent implementation to not trust the cert you just signed, but I guess give it a go if you're interested 01:01 < orlock> SoniEx2: It's dependant on the root cert configuration iirc 01:02 < SoniEx2> ok I don't expect it to be trusted either, but I mean does the cert go through? 01:02 < SoniEx2> that's all that really matters, can I use the cert if I ignore all TLS errors? 01:02 < orlock> i may have missed something 01:02 < orlock> but which root cert? 01:02 < SoniEx2> (not that there's much point to that, but... I'm doing something weird) 01:02 < tds> why do you want to sign with a leaf cert in the first place? 01:03 < SoniEx2> ~reasons~ 01:03 < SoniEx2> mainly I wanna say "this server/service trusts this third-party" 01:03 < orlock> set up your own CA 01:03 < orlock> or letsencrypt 01:04 < tds> I'd say a much better solution is to have a page served over SSL with that as a statement, and a proper trusted cert for the third party, maybe? 01:04 < SoniEx2> it's complicated 01:05 < SoniEx2> the web isn't very scalable tho 01:05 < orlock> https://tools.ietf.org/html/rfc5280#section-4.2.1.9 01:06 < orlock> pathLenConstraint 01:06 < orlock> That should be your only issue 01:07 < orlock> tds: maybe i missed somerthing, i didnt see http specifically mentioned anywhere 01:07 < orlock> http/https 01:07 < orlock> not that it should matter 01:07 < tds> ah, good point 01:08 < wiresharked> djph: So I know that some HP computers can automatically update the BIOS over the network 01:09 < orlock> we sign certificates with an intermediate/leaf cert 01:09 < orlock> so the master/root private key can be under lock and key, offline 01:09 < orlock> and the trusted root ca is deployed via one method everythwre 01:10 < orlock> the leaf/intermediate cert that's actually used for signing is deployed alongside the signed certificates in another way 01:10 < tds> ah, maybe I misunderstood something, but isn't a leaf the cert at the end of the chain? 01:10 < SoniEx2> ok I'll ignore that and make an ever-so-slightly-incompatible TLS implementation 01:10 < SoniEx2> because I need it 01:10 < orlock> .. Of course you do.... 01:10 < SoniEx2> because *fuck* TLS honestly who designed this shit it's so completely broken wtf 01:11 < wiresharked> SoniEx2: Do you know about TLS 1.3? 01:11 < orlock> SoniEx2: Sounds like you dont quite understand it 01:11 < SoniEx2> I don't want to know 01:11 < wiresharked> Well it's an experimental setting in Chrome 01:11 < orlock> but without you actually saying what the problem is apart from "~reasons~" its impossible to say 01:13 < Peng_> wiresharked: I think TLS 1.3 is on by default now 01:13 < guest09328> I need to set up a remote-desktop server on one side (Windows 8), which will be accessed from a client, through a remote-access IPsec VPN on the other side (Windows XP). The Windows 8 machine will be behind an ASA 5505. Can i use RDP in this case (remotely accessing a Win8 machine from XP)? Should i permit something other than inbound RDP connections to the outside interface? 01:13 < wiresharked> Peng_: In chrome 65? 01:13 < Peng_> wiresharked: Yes. Unless it's only a % of users. https://www.chromestatus.com/feature/5712755738804224 01:13 < Peng_> wiresharked: Well, draft 23 01:14 < Peng_> Ah. https://www.chromium.org/Home/tls13 01:14 < wiresharked> Peng_: And 802.11ax is still in the drafting stage, but ASUS has announced an ax router 01:14 < wiresharked> *testing stage* 01:21 < cthulchu> folks, need your advice on OSI 01:21 < cthulchu> we have tcp and it's 4 01:21 < cthulchu> we have http and it's 7 01:21 < cthulchu> I wonder if TLS is 6 01:23 < wiresharked> cthulchu: You are correct. TLS is indeed layer 6 of the OSI model 01:24 < orlock> and i've never once heard anybody care aside from layer 2 or 3 01:24 < cthulchu> yeah, it makes little sense above 4, but I'm a big fan 01:26 < SoniEx2> orlock: this is a rough outline of what I'm doing https://gist.github.com/SoniEx2/a12fbdb6d20f9f0567ebe37474b0ac52 01:27 < SoniEx2> call me crazy all you want but I want co-op CDNs 01:29 < tds> I know some services already use http CDNs (eg steam) which can also help with caching, I'd be interested to know how they do verification 01:31 < SoniEx2> they just run their own CDN, or fully trust the CDN they use 01:31 < orlock> eh 01:31 < orlock> when you say "valid" CA 01:31 < SoniEx2> the CDN could turn evil at any point 01:31 < orlock> what does that mean 01:31 < orlock> trusted? 01:31 < orlock> trusted by the browser? 01:31 < orlock> trusted by the OS? 01:31 < SoniEx2> orlock: it's a rough outline 01:32 < SoniEx2> there are lots of pedantry issues you can throw at it 01:32 < orlock> for example - Firefox will not , by default, trust the OS's certificate store 01:32 < SoniEx2> solution: don't be pedantic 01:32 < tds> I'd seriously hope steam don't just rely on that, otherwise you can happily serve up any files to clients downloading games ;) 01:32 < wiresharked> orlock: He means that if you have an invalid certificate, the browser or the OS cannot prove who owns the server, and is considered unsafe 01:33 < orlock> SoniEx2: no, i think the solution in that case is to leave it up to people who realise that level of pedantry is required to end up with a working solution 01:33 < SoniEx2> orlock: the CDN certificate is not signed by a CA, but rather it's signed by the proper owner's certificate 01:33 < SoniEx2> the proper owner's certificate is then signed by, say, let's encrypt 01:34 < SoniEx2> the fact that the CDN's certificate is signed by the proper owner's certificate means you can trust the CDN certificate to be the CDN's and you can trust the owner's certificate to be the owner's 01:35 < SoniEx2> it's only used for the signature, we just don't want to give the CDN a real valid certificate 01:35 < SoniEx2> (because, if the CDN had a real valid certificate, it could do whatever with it) 01:36 < orlock> well, certificates are trusted for different uses 01:36 < orlock> and are you using valid and trusted interchangably? 01:37 < orlock> i manage a CA, and the systems i manage trust it because it told them to 01:37 < SoniEx2> basically, there's an "end-to-end" certificate, also used to sign cached messages, and a "point-to-point" certificate, which is the CDN's certificate 01:37 < lupine> I can strongly recommend solving this by turning the CDN off 01:38 < SoniEx2> lupine: it's for DDoS protection 01:38 < lupine> that's no excuse 01:38 < SoniEx2> ugh 01:38 < SoniEx2> I hate network ppl 01:38 < SoniEx2> they never fix anything 01:38 < lupine> I'm not a network people ^^ 01:38 < Peng_> I put a CDN in front of a CDN so I could CDN while I CDNed. 01:38 < SoniEx2> if you're a dev and you want things fixed, you need to fix it yourself 01:39 < drac_boy> soniex2 you're maybe asking the wrong type .. I'm actually a "good" network ppl :P 01:39 < lupine> seriously. DDoSes come and go. CDNs are forever 01:39 < orlock> SoniEx2: thats because you made the problem yourself in the first place 01:39 < lupine> until they do a switter on you, anyway 01:39 < orlock> dont complain because other people dont want to fix your fuckups? 01:39 < SoniEx2> orlock: I didn't make CDNs 01:39 < SoniEx2> if I had, they wouldn't be broken 01:39 < lupine> lol 01:40 < SoniEx2> lupine: switter is precisely the reason I'm "fixing CDNs" 01:40 < SoniEx2> I want co-op CDNs 01:40 < SoniEx2> I want CDNs that can't do a cloudflare 01:40 < Peng_> How? 01:40 < SoniEx2> https://gist.github.com/SoniEx2/a12fbdb6d20f9f0567ebe37474b0ac52 01:41 < SoniEx2> half-trust the CDN, full-trust the second-party 01:41 < SoniEx2> the CDN is a MITM waiting to happen, so let's fix it 01:41 < lupine> co-ops have the same legal liabilities as profiteering scum 01:42 < Peng_> Oh. Putting TLS in the TLS 01:42 < SoniEx2> lupine: distributed co-ops are impossible to take down 01:42 < SoniEx2> you have 20 independent parts 01:42 < lupine> that's not due to them being co-ops though 01:42 < lupine> it's due to them being distributed 01:42 < SoniEx2> exactly 01:42 < lupine> although previous distributed systems have failed heavily, of course 01:42 < SoniEx2> CDNs are useless if they aren't distributed 01:42 < lupine> mostly because people immediately fill them with child porn 01:43 < SoniEx2> so basically, CDNs are already distributed 01:43 < SoniEx2> we just need to tweak things a little 01:43 < SoniEx2> as I said, https://gist.github.com/SoniEx2/a12fbdb6d20f9f0567ebe37474b0ac52 01:43 < lupine> much better is to remove the need for a CDN at all 01:43 < SoniEx2> wanna run a CDN? make one, ask ppl to use it 01:43 < orlock> dont trust anything 01:43 < lupine> it is good to have the liability with the producer 01:43 < SoniEx2> you could run a small CDN for a country 01:44 < orlock> your computer is already pwn3d 01:44 < SoniEx2> they sign your CDN as trusted, you cache their signed responses 01:44 < SoniEx2> where they is the second-party 01:44 < lupine> no thanks 01:45 < SoniEx2> it just means anyone can run CDNs and you just need to add ppl's CDNs to a DNS 01:45 < SoniEx2> you could easily have 10 CDNs for the same website 01:45 < SoniEx2> they'd be all in different countries and things 01:45 < SoniEx2> the load-balancing would be amazing 01:45 < SoniEx2> etc 01:45 < lupine> this is easily the worst idea in the history of ever 01:45 < SoniEx2> it really fixes CDNs once and for all 01:46 < lupine> and I should know. I've been there for all of it 01:46 < SoniEx2> it makes them work and makes them work safely 01:46 < Logg> What do you think this means? https://i.imgur.com/F1J8ZQb.png Is it acting as an access port on VLAN10, or is it acting as a trunk allowing traffic on both VLAN 1 and VLAN 10? 01:46 < SoniEx2> serving 10 requests for cacheable content, rather than a thousand? sign me up 01:47 < xamithan> Looks like just a vlan 10 access to me 01:47 < Criggie> I utterly loathe web GUIs on switches, PLUS 3switch makers that have their own nique jargon 01:47 < Criggie> Logg: That looks like a trunk port with vlan10 tagged and vlan1 untagged to me 01:48 < xamithan> HP switches are even worse 01:48 < Criggie> xamithan: yeah - but that's why you use the CLI 01:48 < Criggie> If you don't have a CLI, you got a budget switch :) 01:48 < Logg> yeah, this switch only lets you set ip address over the console port. After that, it's this web interface only. 01:49 < Criggie> Logg: well... its still better than nothing. 01:49 < xamithan> I avoid messing with them unless a client asks. Yes they buy crappy SOHO switches that are web only 01:49 < Criggie> I rmeember working with VLANs over an unmanaged switch... it mostly worked. 01:50 < Criggie> procurve's not bad, cisco's okay but pricey. Don't like 3com. Juniper is totally different format to everythign else, but good once you're used to it. 01:50 < Criggie> and fuck SMC for their weird names 01:50 < Criggie> SMC switch had a... "general port"which was neither a tagged trunk and not an access port 01:50 < orlock> fuck do SMC still exist? 01:51 < Criggie> I think... tried to flush all that from my brain years ago. 01:51 < Criggie> orlock: sadly, yes. 01:51 < Criggie> It didn't help tht the switch I was configuring was 1000 km away and I had to go through the switch to get to the switch. 01:51 < xamithan> I want to work with some of those names I see on job descriptions. Like palo alto 01:52 < Criggie> yeah there's a cost barrier tere 01:53 < xamithan> More like coast barrier. As all that is on west coast 01:53 < orlock> doesnt matter the brand, some idiots still going to fuck the config 01:53 < Logg> web interface won't let me take vlan 1 off any of the ports. not sure that I understand the point of vlans if every host is a mandatory member of the same vlan1. Then you can just bleed between vlans... 01:53 < Criggie> I did some sonicwall training, and it looked nice. But uying the actual hardware was beyond budget and never ahppened. 01:54 < Logg> like "why claim to support vlans" if you're going to put every port on a common vlan 01:54 < Criggie> Logg: a proper switch would allow you to set any vlanID as an untagged vlan on a trunk, or no untagged vlan on a trunk 01:55 < Criggie> there was a "best practice" suggestion that used to be "leave every port as access in a null VLAN that goes nowhere until the port gets configured" 01:55 < Criggie> but that's more a service provider cockup-preventer technique 01:55 < xamithan> But that would disable nubs from using switches 01:55 < Criggie> yeah - if your network is done right you have a management vlan and only qualified sysadmins can get into it 02:00 < orlock> Criggie: Somebody here decided portfast on every switch was the way to go. 02:01 < xamithan> telnet on every switch is the way to go 02:01 < orlock> I'm starting to think that was not a good choice 02:02 < orlock> people have a habit of creating loops, and with portfast enabled, there's basically no way to stop it, it seems 02:02 * orlock swears at splunk a bit 02:05 < SoniEx2> this may be more helpful https://cybre.space/@SoniEx2/99888776145802885 02:05 < SoniEx2> I should setup a mailing list at some point 02:05 < SoniEx2> maybe 02:17 < orlock> It almost sounds like what you are really trying to do is re-implement bittorrent 02:18 < SoniEx2> I mean it's basically the same 02:18 < SoniEx2> this just gives you slightly more control 03:10 < dogbert2> m0000000000000000000000! 03:38 < dirac1> moo 03:59 < dogbert2> m00000! 04:01 < Quatermass> Meh. How did wogbert2 get off my /ignore list 04:57 < be2pal> Just wanna clear my idea about this 04:57 < be2pal> Does manual ip address always require subnet/ subnet mask ? 04:59 < be2pal> And how system recognizes/works with devices having same ip address in a given network 05:13 < Sircle> My http site does not redirects to httpS. Is there anything wrong with configs? https://pastebin.mozilla.org/9083482 05:17 < Sircle> nevermind ^ 05:29 <@pppingme> yes, 05:29 <@pppingme> be2pal yes, without a mask, an IP is meaningless for a local host 05:33 <@pppingme> be2pal what are you trying to do? 05:41 < winsoff_> Alright, was at a client's today, and they've got a 5ghz link back to the ISP. 05:42 < winsoff_> Does every wireless situation have a double-nat nightmare? I did a tracert, and it ran to 192.168.1.1 (the netgear consumer gateway installed by the ISP), and then to 10.0.0.1 (the ubnt edgerouter) 05:42 < Quatermass> Cool story 05:43 < k2gremlin> Wins.. even ISPs like Cox run double Nat.. 05:43 < winsoff_> Quatermass: Can I just put the consumer gateway into AP mode? 05:43 < k2gremlin> IE: I could hit their 10.X.X.X IP 8 states away lol 05:43 < k2gremlin> Depends.. 05:43 < k2gremlin> whats the WAN side of their router look like? 05:43 < k2gremlin> does the router get a public IP? 05:43 < Quatermass> winsoff_: I'll use your story in my blog 05:44 < winsoff_> k2gremlin: Well, it's weird, because when I try to go to a foscam's dyndns address (cheap chinese IP camera), I get a login to the edgerouter page, which is weird. 05:44 < k2gremlin> lol Quatermass 05:44 < winsoff_> k2gremlin: yeah, it does--or I hope so. I haven't tested any of their other clients 05:44 < k2gremlin> not weird at all.. means they have exteran web access on their router 05:44 < k2gremlin> on 80 05:44 < k2gremlin> external 05:45 < winsoff_> you'd think it weird, since that's a massive security issue 05:45 < k2gremlin> even forward 80 on some routers doesnt work 05:45 < k2gremlin> Could set the camera to 8080 and dyndns:8080 05:45 < k2gremlin> some crap like that 05:45 < k2gremlin> but if the router has a public IP on the WAN interface, than no it cant be just an AP or bridge 05:46 < k2gremlin> Do they have any sort of server? 05:46 < k2gremlin> Reason I ask is because using something like a pfSense VM as the edge router may be an option lol 05:46 < k2gremlin> lots of fun to be had there 05:46 < winsoff_> Actually, if I'm getting the edgerouter's login, then the dynamic dns they're running is thinking the edgerouter's wan address, not the local router's address, is the target, so is that because of the double-nat situation? 05:47 < k2gremlin> edge router being the companys router? 05:47 < winsoff_> i'll have to double check again--they shut the doors for today 05:47 < k2gremlin> or the ISP? 05:47 < winsoff_> the isp's 05:47 < k2gremlin> wtf 05:47 < winsoff_> the topology, to my knowledge 05:47 < k2gremlin> Is it a cisco web interface? 05:47 < winsoff_> is that it's small ass home gamer gateway (ap+router) -> 5ghz ubnt link equipment -> home base edgerouter 05:47 < k2gremlin> did an ISP really leave that shit on? 05:47 < winsoff_> it's the edgeos login dude 05:47 < winsoff_> lol 05:47 < winsoff_> why the fuck did you think i was like "this is a problem" 05:48 < k2gremlin> lmfao 05:48 < winsoff_> lollin 05:48 < k2gremlin> wtf 05:48 < k2gremlin> whats the dyndns? 05:48 < k2gremlin> I gotta see this 05:48 < winsoff_> nah the dyndns was a foscam situation and it's not on wifi 05:48 < winsoff_> i can't remember the ip 05:48 < winsoff_> but i can grab it later; probably an hour 05:48 < k2gremlin> :/ 05:48 < k2gremlin> I wont be here 05:48 < k2gremlin> lol 05:48 < winsoff_> i bet your lol's don't last that long 05:48 < winsoff_> knew it 05:48 < winsoff_> lol 05:49 < winsoff_> well, actually 05:49 < winsoff_> give me a second 05:49 < k2gremlin> Need to work with the ISP.. if your putting in the IP address of the customers crappy gamer router WAN IP.. and getting an ISP loging.... 05:49 < k2gremlin> somethings wrong 05:49 < winsoff_> right, let's see from the outside here 05:49 < winsoff_> brb 05:53 < k2gremlin> times ticking.. I got a few more mins before I pop smoke 05:54 < Quatermass> For something that s/he's been going on about non stop for the past 20 minutes you'd think s/he'd have the ip/fqdn remembered 05:55 < k2gremlin> Quatermass, lmfao 05:55 < k2gremlin> or using dyndns... its a name 05:55 < k2gremlin> even easier 05:56 < winsoff_> k2gremlin: back--hmm 05:57 < winsoff_> k2gremlin: https://198.144.109.254/ 05:57 < winsoff_> So what's not making sense is I guess I'm _not_ getting an individual wan ip 05:57 < winsoff_> which is also lol 05:57 < winsoff_> because wtf is their topology if not an asn 05:58 < k2gremlin> Looks like they have their shit router... tied to an ISP device on site that they lease from the ISP 05:58 < k2gremlin> thats an ISP device.. 05:58 < k2gremlin> I bet you its on site and they dont even know it 05:58 < winsoff_> nah it can't be 05:58 < k2gremlin> its on the customer side of the dmarc 05:59 < winsoff_> this is a really small business--it's a netgear babby mode router+ap combo that heads up to a ubiquiti m5 link 05:59 < winsoff_> i don't know what baby ISPs call the next link up--the receiving station or whatever 06:00 < winsoff_> but does this mean that each client of this fucking isp is on the same 255.0.0.0 subnet? (internal network is 10.0.0.0) 06:00 < winsoff_> because, if so, then fucking why 06:00 < k2gremlin> Yea this suck is probably in a closet or in the ceiling or something 06:00 < winsoff_> fucking lol 06:01 < k2gremlin> nah the WAN IP is part of a /23 06:01 < k2gremlin> which is about right for ISPs 06:01 < k2gremlin> your double natted behind the public IP at the site 06:01 < k2gremlin> no two ways around it 06:02 < LissajousPattern> what are keep alive packets? 06:02 < k2gremlin> Im going to let that one speak for itself 06:03 < k2gremlin> But I am out.. winsoff_ good luck. Find out what the WAN interface of their gamer router is plugged into :) 06:03 < LissajousPattern> what about spurious retransmission? 06:03 < k2gremlin> http://lmgtfy.com/?q=spurious+retransmission 06:04 < Quatermass> Are people generally too lazy to use search engines now? 06:04 < LissajousPattern> Quatermass, well sometimes 06:04 < Quatermass> Wow. Just...wow. 06:05 < LissajousPattern> hahaha 06:05 < LissajousPattern> I guess you would be surprised 06:05 < LissajousPattern> but I am not too lazy I will just google. 06:06 < LissajousPattern> snore 06:37 < winsoff_> how the fuck do you vpn behind a double nat 06:51 <@pppingme> winsoff_ outbound only 06:51 < winsoff_> pppingme: Sad. 06:51 < winsoff_> pppingme: it can't be hard for them to remove the double-nat issue, right 06:51 <@pppingme> not if they have more customers than ip's 06:52 < LissajousPattern> well figured out that I kept getting random RST packets being sent to me 06:52 < linux_probe> lol 06:52 < LissajousPattern> ha 06:53 < LissajousPattern> which is what keeps disconnecting me from IRC 06:53 < linux_probe> magical random resets dont just occur for no reason 06:53 < LissajousPattern> yeah I hear you 06:53 < linux_probe> so, what was doing it? 06:54 < LissajousPattern> linux_probe, could it be a misconfiguration? 06:54 < linux_probe> if it's server side dropping/sending you a reset for not responding to pings maybe 06:54 < LissajousPattern> to be honest I have yet to boil it down all the way 06:55 < LissajousPattern> I am trying to figure this out as we speak 06:55 < LissajousPattern> I am currently on a mobile hotspot 4g lte 06:55 < linux_probe> lol, no wonder 06:55 < LissajousPattern> well 06:55 < LissajousPattern> its all I have right now 06:56 < LissajousPattern> why would I get random resets just because of that though? 06:57 < LissajousPattern> tbh I dont know a whole lot about networking at all 06:57 < winsoff_> i mean, i'm not an ISP, but couldn't they just move to ipv6, pppingme 06:57 < winsoff_> ubnt supports it, right? 06:57 < LissajousPattern> so I am kinda learning as I go 06:58 < LissajousPattern> oh could you get a RST if the network is trying to switch between regular 4g and lte? 06:59 < LissajousPattern> which I do not think is happening but just kinda though of it 07:06 < linux_probe> the 4g lte company not wanting you to stay connected and trickling data? 07:07 < LissajousPattern> maybe but idk? 07:10 < LissajousPattern> just did a speed test and its between 8-10 Mbps 07:10 < LissajousPattern> so thats pretty typical of a 4glte connection right? 07:15 < linux_probe> it shoould be way faster than 3g 07:15 < linux_probe> sounds like youre getting 3g speeds 07:17 < linux_probe> \then again, it is a wireless connection, only the best of signal, and signal to noise ratio + low congestion of the nodes will get you faster 07:17 < linux_probe> oh Mbps 07:17 < linux_probe> swore you psted Kbps 07:17 < linux_probe> palmfaces 07:20 < LissajousPattern> np 07:20 < LissajousPattern> but thats pretty much on par with 4g lte right? 07:20 < linux_probe> sounds about average for that, with the magical " up to" 5-Mbps 07:21 < LissajousPattern> yeah the fine print as it were 07:21 < LissajousPattern> I am getting up to 10 07:21 < linux_probe> on par with congested maybe not so great fo signal 07:22 < ramkamx_> greetings 07:23 < ramkamx_> i'm having issues with a range extender. it wrecks part of my network. I'd like to understand why. anyone cares to help? 07:24 < LissajousPattern> spurious emissions probably acting like a jamming device 07:25 < LissajousPattern> it all really depends on the type of extender and if it has decent filtering etc 07:26 < ramkamx_> That's my network. https://imgur.com/uFgPAie and whenever i hookup the range extender, the second router goes bazoonga. Can't ping it from anywhere, except when connected to the range extender, which gives me ping times faster than the router itself. Like if i was pinging the loopback... 07:27 < linux_probe> lol 07:28 < linux_probe> range extender, there's your issue =p 07:29 < ramkamx_> yeah, figured that out 07:29 < ramkamx_> but why? 07:29 < linux_probe> why do you have so many wifi routers? 07:29 < ramkamx_> because i need them :-) 07:30 < linux_probe> and "gasP" a range extender! 07:30 < linux_probe> range exender more or less instantly throws away 1/2 your bandwidth 07:31 < ramkamx_> ok ok, but it fixes other problems 07:32 < linux_probe> doesnt seem so lol 07:32 < ramkamx_> what i'm trying to figure out is why it's completely stalling my second router (i can't even access its admin page, even if i'm connected to its own wifi! like if it was stuck in an infinite loop) 07:33 < ramkamx_> linux_probe: yeah you're right 07:33 < ramkamx_> but i like to understand what's happening :-) 07:33 < linux_probe> sounds like you have something configed wrong 07:33 < ramkamx_> bet i do 07:34 < linux_probe> on that router 2 are you using the wan port or a lan port? 07:34 < ramkamx_> the wan 07:34 < linux_probe> so it's actually doing NAT and firewalling too 07:35 < linux_probe> a seemingly silly setup =p 07:37 < ramkamx_> nat yeah probably (though lan and wan are on the same ip's, but i'm sure that my understanding of networking is poor), firewalling, hum, less sure of what it's doing 07:37 < linux_probe> uhhh 07:38 < ramkamx_> though, if i connect to the wan of router 2, i should be able to access the config website no? 07:38 < ramkamx_> seems i cant 07:38 < ramkamx_> let me check. will disconnect for a sec 07:43 < linux_probe> whast the reason for having two whole networks? 07:52 < winsoff_> what's the reason behind not being on ipv6? 07:52 < Quatermass> winsoff_: You're like a dog with a bone. OCD much? 07:52 < winsoff_> Quatermass: you've provided nothing but noise. 07:52 < Quatermass> Was going to say the same about you 07:53 < winsoff_> If you want to LARP, you have to do it in real life. 07:53 < Quatermass> Take your meds 07:53 < Quatermass> And take your own advice 07:53 < winsoff_> Quatermass: You can have an ipv6-only network up to a customer's demarc, and then have dual-stack on the 'last mile,' right? 07:55 < azizLIGHT> how much ping to my LAN router is normal? 07:55 < LissajousPattern> azizLIGHT, single digits is good 07:56 < LissajousPattern> like 2ms 07:56 < LissajousPattern> 3ms 07:56 < LissajousPattern> depending on how close you are too I think 07:56 < azizLIGHT> i see avg 3 ms, but worst 8 ms 07:56 < winsoff_> azizLIGHT: what's your topology 07:56 < winsoff_> what devices and cables are between you and the ping target 07:57 < azizLIGHT> the computer i ping from, goes through a router configured as access point, then a moca adapter, then cable coax wires through the wall, then another moca adaptor to receive, then plugged into the router which im pinging 07:57 < azizLIGHT> everything else is gigabit eth 07:58 < azizLIGHT> worst i see is 11 ms now 07:59 < LissajousPattern> I would imagine having the moca adapter inline may add a little latency 08:00 < LissajousPattern> also depends on the quality of your cabling 08:00 < LissajousPattern> how long he runs are and so on 08:00 < azizLIGHT> sent 380 packets, avg of 3 ms, best 2 ms, worst 11 ms, standard deviation 0.93 08:01 < Quatermass> It's wifi or cabled? 08:01 < LissajousPattern> eth 08:01 < azizLIGHT> cabled gigabit eth, along with moca/coax cables between rooms 08:01 < Quatermass> hmm 08:05 < azizLIGHT> prettyping output: https://i.imgur.com/at7fYU2.png 08:05 < azizLIGHT> smol blips mean what 08:25 < Quatermass> Always wondered what the point of having a clock if you join the network, and autojoin channels, uncloaked 08:25 < Quatermass> cloak* 08:27 < HEROnymous> much cloak, so vanity 08:28 < HEROnymous> back in my day, we used rdns for vanity hostnames 08:28 < HEROnymous> but then kids on residential connections who couldn't control their own rdns and didn't know how to setup a vps or bnc or whatever complained a lot ;) 08:30 < LissajousPattern> well problem solved 08:31 < LissajousPattern> wouldn't you know it was user error the whole time 08:32 < Quatermass> lol big surprise 08:33 < linux_probe> lol, the idea is connect to server, cloak, then join channels 08:33 < linux_probe> many clients suck 08:47 < LissajousPattern> Quatermass, I know go figure the saga continues... 08:48 < LissajousPattern> I have a tendency to over complicate things at times 08:48 < LissajousPattern> which in a nut shell is what hapeened 08:48 < LissajousPattern> happened* 09:30 < Apachez> Quatermass: wanna hug? 09:31 < Apachez> Stupid bitch. 09:31 < Apachez> :D 10:17 < Guest13749> hello there is a big problem with data retention 10:19 < Guest13749> welcome Andrew_0010bit do you care to fix the data retention problem? 10:20 < Quatermass> Guest13749: Turn that off. 10:20 * at0m logs Guest13749 10:20 < Guest13749> there is a round robin style of server usage with freenode 10:20 < Quatermass> Guest13749: If you have a freenode issue please move it to #freenode 10:21 < Guest13749> this is networking 10:21 < Quatermass> Very good. 10:21 < Guest13749> now identifying which nodes are hard and which are softvirt is difficult 10:22 < Quatermass> Guest13749: Again, if you have a freenode issue move it to #freenode 10:22 < Quatermass> And at least TRY to make sense 10:22 < Quatermass> Otherwise people will disregard you completely. Like I am about to/ 10:22 < Guest13749> you need a Kevin type scenario 10:22 < Quatermass> Meh, another whackjob loose on freaknode 10:22 < Guest13749> you aren't allowing strategic talk 10:24 < Guest13749> waiting for plonk from #root 10:24 < Guest13749> chanop send plonjk /invite 10:24 < Guest13749> chanop send plonk /invite 10:25 < be2pal> pppingme: hi, just setting up ip camera from CP Plus. Nvr works fine. Connect to Cisco switch sg300 is where I got stuck. Accessing Cisco switch Web UI requires to be in same subnet mask 10:26 < be2pal> pppingme: IP camera is set as default IP but not sure its in 255.255.255.0. I cant simply access IP camera via switch. 10:26 < Guest13749> you need to listen to the scenario so strategy can be discussed 10:28 < Guest13749> the police are easily handled any liar makes a false claim something was stolen 10:28 < Guest13749> the scenario is for discussing how to mitigate this problem 10:29 < Guest13749> if anybody with a cell phone can move men with guns there needs to be some solution in order to have security 10:30 < Guest13749> if the network is to be secure at the physical layer 10:30 < Guest13749> police are the problem 10:31 < Guest13749> any of the millions of cell phones press emergency call and lie and physical layer is forced away from the network 10:32 < Guest13749> Andrew_0010bit: do you have any suggestions on how to remove the police handle 10:32 < Guest13749> every sick moron that touches a cell phone essentially has two guns at thier disposal 10:33 < Guest13749> two guns and some sort of contorted disconnect of responsibility 10:33 < Guest13749> as if it is not them holding the guns at your skull 10:33 < Guest13749> that connection is not made though focus not on it but the solution 10:36 < Guest13749> "the connection is not made" generally, society doesn't accept responsibility when it is proxied by costumed killers 10:36 < Guest13749> how to solve it? 10:37 < Guest13749> ExplotDB has proven the police a malfactor 10:37 < Guest13749> simple exploit, any lie and press emergency call 10:37 < yawkat> with dhcp, can i send dhcp requests as unicast? is there a tool / option to dhcpcd to do this? 10:38 < yawkat> my problem is that dhcp requests that cross a particular cisco router are eaten and id like to know if this is due to dhcp or due to broadcast 10:38 < Guest13749> how to solve the problem of physical threat to the network 10:38 < Guest13749> call this bug "police" 10:39 < Guest13749> can this bug be logged? 10:40 < Guest13749> at0m: can you do a bug log? 10:40 < Emperorpenguin> yawkat: DHCP only works across switches not routers 10:40 < chessG> at0m: what sort of log 10:40 < Emperorpenguin> Unless you're using proxy DHCP or something 10:40 < yawkat> Emperorpenguin: yea sorry this is vlan-internal. the routing part is irrelevant i think. 10:41 < Emperorpenguin> Ok 10:41 < yawkat> it's just a cisco router hardware-wise, but it shouldnt do any routing in this case. 10:42 < chessG> how to solve the problem? 10:42 < Quatermass> chessG: I think what s/he meant was NOT log, as no one really logs idiot gubberish 10:42 < yawkat> hm i guess i could netcat some other broadcast thing and see if that goes through 10:42 < chessG> Andrew_0010bit: any solutions compute? 10:44 < Quatermass> chessG: You are disturbing the flow of chat here by injecting gibberish as you have done since you joined. If you have a networking question please ask it, otherwise kindly keep silent hile other users discuss their networking issues. 10:47 < ne2k> wotty wotty? 10:47 < ne2k> yawkat, dhcp requests are always sent as unicast 10:48 < ne2k> oh, hang on, am I wrong? 10:49 < ne2k> requests are allowed to be unicast or broadcast, apparently 10:49 < yawkat> er sorry i meant discover 10:50 < ne2k> yawkat, yes, you can send a discover by unicast too if you wish 10:50 < ne2k> yawkat, what's your actual problem again? I missed the start 10:50 < yawkat> but this is odd. if im not using socat incorrectly, *all* udp, both unicast and multicast, is blocked by the switch 10:50 < yawkat> ne2k: i have a cisco router, and im not getting dhcp through it on a particular vlan. 10:50 < ne2k> yawkat, why would dhcp go through a router? 10:50 < ne2k> (unless you're using dhcp relay) 10:51 < yawkat> ne2k: it's just router hardware. it's on the same vlan. 10:51 < yawkat> as in, no routing should happen here. 10:51 < ne2k> yawkat, I don't understand what you mean by "I'm not getting dhcp through it" 10:52 < ne2k> describe the setup 10:53 < ne2k> ah, I know why requests are normally broadcast, it's so if you have multiple servers, the ones you are not requesting from still get the request so they can withdraw their offers and return them to the pool 10:53 < yawkat> i have two devices connected on the router (one not directly but i dont think thats the problem). both ports are trunks. on one vlan, i cannot send dhcp packets from one to the other. 10:54 < ne2k> yawkat, so, what, the router is bridging the vlans on the two physical interfaces? 10:55 < ne2k> I'm not following exactly what the setup is 10:55 < yawkat> it's kind of difficult to explain :D 10:55 < ne2k> maybe a sketch? 10:56 < yawkat> sec 10:56 < ne2k> or, list all the devices, all the interfaces on all the devices, and all the interconnections between interfaces 10:56 < ne2k> list vlan interfaces; and give the addresses and netmasks of the interfaces, or list bridges and bridge interfaces. 10:59 < yawkat> ne2k: here's a diagram (short url) https://s.yawk.at/nC1B 11:00 < yawkat> i am pretty sure that the problem is on the cisco devices, since ive not touched the ubnt switch in a while and noone else has access there. people do have access to the router and cisco switch though, and i dont know what they changed 11:00 < ne2k> yawkat, ok, so you want user device and dhcp server to communicate on vlan9 11:00 < yawkat> exactly. 11:00 < yawkat> tcp (ssh) goes through, but dhcp doesnt 11:01 < yawkat> and if im not failing at socat, all udp doesnt 11:01 < ne2k> yawkat, and is the router configured to bridge eth0.9 and eth1.9? (linux-like) 11:01 < yawkat> bridge as in pass through traffic? well i assume so, since tcp works on that vlan. 11:01 < ne2k> assume is not a good way to do networking 11:02 < yawkat> yea :/ but i dont see how else tcp could work. through normal routing? but 9 is a purely layer 2 vlan. 11:03 < yawkat> as in, configured 'no ip address' 'no ip redirects' 11:03 < ne2k> yawkat, there is no other type of VLAN than a layer 2 VLAN 11:03 < ne2k> LAN is a L2 construct 11:03 < yawkat> well yea, but the router can route between vlans, but it shouldnt here since it shouldnt be aware of the l3 on the vlan 11:04 < yawkat> oh, ping/icmp also works fine. 11:04 < ne2k> yawkat, how can ssh and ping work from client device to dhcp server when client device hasn't got an IP address yet? 11:05 < yawkat> i have statically assigned one 11:05 < yawkat> for testing 11:05 < ne2k> yawkat, ok, so what are the address, netmask and gateway of client device and dhcpserver.9 11:05 < yawkat> my idea is this: someone enabled some cisco filtering feature for dhcp and/or udp and forgot to exclude this vlan (i am seeing a similar problem on another vlan not in the graph). 11:05 < yawkat> sec 11:06 < yawkat> 192.168.1.3 is the dhcp server. 192.168.1.0/24 is the net. 192.168.1.10 is the client device. 11:06 < ne2k> is ubiquiti switch dumb? 11:06 < ne2k> oh, no, it's vlan 11:07 < yawkat> that. 11:07 < ne2k> can you do packet dump on cisco eth1.9? 11:07 < ne2k> to see if dhcp discover is arriving? 11:07 < yawkat> sec 11:08 < ne2k> yawkat, does ciscoswitch or ubntswitch support port mirroring, or can you break the chain temporarily for testing and do a packet capture along the line? 11:08 < ne2k> if you can break the chain for testing it's a lot easier 11:10 < yawkat> well nevermind. the mentioned collegue decided to wake up and fix the stuff he broke when changing to vtp3... 11:11 < yawkat> but i think i will still try the port mirroring. it would be useful for future debugging. 11:11 < yawkat> thank you! 11:11 < sandman13> On this document: https://sflow.org/sflow_version_5.txt section 4.2.1, second paragraph mentions about receiver table, but on which end does it exist? 11:11 < sandman13> sFlow Agent side or sFlow Collector side? 11:11 < sandman13> I am confused on this 11:11 < yawkat> i suppose then it *was* an issue on the cisco trunk. 12:38 < shtrb|laptop> What would be a good way to address routing network to an android VM + usbip - I thought about ssh +L and a VM inside NAT but maybe someone has a better idea ,(the goal is to be able to create a voice call over whatsapp in a vm from a dumb terminal with a headset and ssh) I intened to put an android-x86 in a vbox with a NAT interface and usbip and direct audio to the vm over usbip and connect over VNC (the easit approach I could think off) 12:40 < shtrb|laptop> maybe someone already handled such an issue here before ? 12:45 < thothcastel_> can a dmvpn hub & spoke be configured to have 3 spokes while only holding one public IP address and one fibre connection on the hub? 12:48 < Roq> thothcastel_: yeah 12:49 < Roq> You map the public ip of the hub with nhrp on the spokes, and use that as the NHS 12:50 < thothcastel_> I am now logged onto an asa 5525 which possibly already has dmvpn configured and is possibly a hub 12:50 < thothcastel_> how can I check and confirm such a thing? 12:50 < Roq> I don't know ASAs sorry 12:51 < thothcastel_> nhrp is for dynamic ip addresses 12:51 < thothcastel_> in this case it will be static ip addresses for each site 12:54 < Roq> Do you need dynamic tunnels between the spokes? 12:55 < Roq> If you don't, look into mGRE config (which is also used for dmvpn) 12:56 < thothcastel_> basically I have a hub and 1 spoke, but I need to setup a separate hub and spoke with the primary hub being a spoke of the secondary hub - possible? 12:57 < thothcastel_> DC01 asa5525 is a hub to site1 asa5525 spoke 1 12:58 < thothcastel_> now I iwll need a new site2 but this site 2 needs to have 2 connections - 1 to site1 and 1 to DC01 12:59 < thothcastel_> some traffic to be routed through site1 and some through DC01 13:10 < thothcastel_> basically the question is: can a current hub of a hub and spoke network also act as a spoke for a separate hub and spoke network??? 13:43 < k2gremlin> thothcastel_, you still around? 13:57 < k2gremlin> thothcastel_, http://prntscr.com/j7spxx is it setup like this? 13:57 < AlexPortable> want to setup a wifi network for guests, currently i have isp modem/router. how would I get to work? 13:58 < k2gremlin> If so, the answer is yes. This can work. 13:58 < thothcastel_> hey 13:59 < djph> AlexPortable: scrapping the ISP kit. 13:59 < light> hey 13:59 < k2gremlin> AlexPortable, 1. Get rid of the ISP/Modem combo. Get a dedicated modem, and a decent multichannel WiFi router. Most of the newer mid to top end WiFi routers have guest networks that can be enabled 13:59 < AlexPortable> it's not possible yet to get your own modem 14:00 < k2gremlin> what ISP? 14:00 < k2gremlin> and its always possible lol 14:00 < djph> AlexPortable: then installing something that's capable of doing what you want -> e.g. Ubiquiti UniFi, or AmpliFi, or I guess the "top end" of consumer kit ... 14:00 < thothcastel_> k2gremlin: yes that was my question 14:00 < AlexPortable> if you have the guest network the guests can't access my home network right? 14:00 < k2gremlin> thothcastel_, Diagram accurate? 14:01 < thothcastel_> but your diagram is making me re-think 14:01 < djph> k2gremlin: technically with AT&T here it isn't. stupid ATT gateway has to be in the network (although, it's just set to bridge mode) 14:01 < AlexPortable> k2gremlin: local dutch one 14:01 < shtrb|laptop> AlexPortable, some ISP routers have a "guest" WiFi that can be enabled by a click 14:01 < AlexPortable> not on mine 14:02 < thothcastel_> is there a limit as to how many spokes a hub can hold with an ASA5525-x and 1fibre link and 1 public ip address only?? 14:02 < k2gremlin> AlexPortable, correct, if the Router/WiFi AP has a guest network feature, than usuaully you can select if the guest network can reach your LAN or not 14:02 < shtrb|laptop> AlexPortable, in such case strap a raspberi with a hostpad and start acting as a second router behind your ISP router 14:02 < k2gremlin> thothcastel_, using a gre multipoint.. 14:02 < k2gremlin> all depends on the traffic each spoke is using 14:03 < AlexPortable> would this also work when I have another wifi/switch combination behind the normal router? 14:03 < shtrb|laptop> AlexPortable, but the ISP level routers usually have that intellectually chalenged option hidden in a sub menu 14:03 < shtrb|laptop> AlexPortable, yes , just another level of NAT (if that is your choice) 14:03 < k2gremlin> Only make it more difficult to do things like port forwarding and such but yes it will work AlexPortable 14:03 < shtrb|laptop> AlexPortable, , don't expect VoIP and streaming to work as expected 14:04 < thothcastel_> maybe I can get the 'Newhub' to actually be a New spoke and connect this newspoke to a another spoke directly? possible? 14:04 < AlexPortable> well i want everything to work just fine 14:04 < AlexPortable> so best i can do is set the router to bridge mode, and get my own (wifi) router 14:05 < k2gremlin> thothcastel_, http://prntscr.com/j7su59 ? 14:05 < shtrb|laptop> AlexPortable, if you already have your own router it might have an option for guest and host WiFi and then based on how paranoid you are you can setup the guest setup 14:06 < shtrb|laptop> AlexPortable, at several conventions guest would get their own router straped to a prepaid sim card to prevent guest snooping around 14:07 < k2gremlin> thothcastel_, You could do a little static routing on newspoke1 to allow newspoke2 to connect to the gre tunnel on the hub 14:07 < shtrb|laptop> (*) connected via a modem, not someone using duct tape to connect a simcard to a router 14:07 < k2gremlin> through newspoke1 14:07 < AlexPortable> won't that cost a lot of data? 14:07 < k2gremlin> or create a P2P tunnel between newspoke1 and newspoke2 and advertise that up to the hub 14:08 < k2gremlin> AlexPortable, Yes set the ISP to bridge.. get your own Router/Wifi 14:08 < k2gremlin> A lot more flexibility that way 14:09 < AlexPortable> https://imgur.com/a/lJlUteq 14:10 < shtrb|laptop> AlexPortable, that's depend on your country a ~€50 prepaid card (I think it's a 10 GiB worth of data) would last for a day (which should be enough ) 14:10 < AlexPortable> not sure if i should 'replace' the router/modem, or the switch/ap 14:10 < shtrb|laptop> AlexPortable, why do you have so many steps ? 14:10 < thothcastel_> k2gremlin: 14:10 < thothcastel_> https://pasteboard.co/Hhu7fcE.jpg 14:10 < AlexPortable> because the router/modem is too far away 14:11 < thothcastel_> yes similar to what you have there 14:11 < AlexPortable> i mean for wifi 14:11 < AlexPortable> bottom switch is for the first floor, right switch/ap is for devices and for wifi 14:11 < k2gremlin> AlexPortable, http://prntscr.com/j7sx9y icons not correct but this topology should work 14:12 < AlexPortable> well my wifi shouldn't be in the router/modem place, dont have coverage then when i want to use it 14:12 < thothcastel_> actually USA New Spoke2 is already a spoke of original HUB 14:12 < k2gremlin> thothcastel_, old spoke have connections direct to mpls and old hub? 14:12 < thothcastel_> and my question is whether NewSpoke1 can be attached to USANewSpoke2 14:13 < thothcastel_> yes 14:13 < AlexPortable> k2gremlin my own wifi shouldn't be in the router/modem place, dont have coverage then when i want to use it. guest wifi is fine there 14:14 < thothcastel_> because in fact, what we are calling WEB1 on your diagram or the oldspoke1 on my diagram - it is meant to be ZSCALER 14:14 < thothcastel_> so basically the case is: I have an MPLS cloud where a DMVPN hub is already configured with various spokes including one in the usa 14:15 < thothcastel_> and I need to add a new site but this time we need to have this new site with a direct vpn connection to 3 locations - to the MPLS cloud, to the ZSCALER and to the USA site 14:15 < djph> AlexPortable: mind drawing a diagram (unless I missed the link) of your network / home / whatever ... that doesn't make sense. 14:16 < djph> AlexPortable: nevermind, missed it in the scrollback 14:16 < k2gremlin> djph, it doesn't help much :) 14:17 < djph> k2gremlin: indeed not ... but ... meh 14:17 < thothcastel_> so my doubt is whether it is better to setup this new site as a new hub or as a spoke of the mainhub - and if to be a spoke of the main hub, then will it be possible to also have the other 2 direct connections from this new site to the USA and to the zscaler 14:17 < k2gremlin> AlexPortable, http://prntscr.com/j7t0m7 might need some more hardware... 14:18 < k2gremlin> thothcastel_, Can you draw it up? 14:18 < k2gremlin> So we can clearly see what links you are proposing 14:18 < AlexPortable> k2gremlin: and then setup the router/wifi with 2 vlans? 14:18 < djph> AlexPortable: so, If I'm understanding your description and the diagram right. "Router/Modem" is (for example) on the first floor (or maybe in the basement), and covers that area well enough. On the second floor (or the far end of the house), where you have the "switch/ap" marked, is supposed to be "just for your stuff" 14:18 < k2gremlin> Yep 14:19 < shtrb|laptop> AlexPortable, you can use pi to setup several vlans at once 14:19 < AlexPortable> djph: yes 14:19 < AlexPortable> shtrb|laptop: how would that work? 14:20 < k2gremlin> It just becomes a small router 14:20 < AlexPortable> i thought it wasnt powerful enough for this 14:20 < shtrb|laptop> it is 14:20 < k2gremlin> how many users on the guest network at a time? 14:20 < AlexPortable> not sure 14:21 < AlexPortable> i think maximum 5 14:21 < shtrb|laptop> I used a raspberi pi 1 with 4 users wihtout an issue (irc , ssh and vnc ) 14:21 < shtrb|laptop> but I don't have any streaming services to test (not my cup of tea ) 14:21 < djph> AlexPortable: sounds like you may be looking for a Ubiquiti AmpliFi ( general "consumer" oriented) system, or UniFi (a little more "prosumer/small business" oriented) system. 14:22 < AlexPortable> would it also be possible to setup a guest network on the switch/ap (in my diagram)? 14:22 < AlexPortable> as in; how would that be separated from the rest of the network 14:22 < AlexPortable> djph: those ubiquiti devices are a bit too expensive 14:22 < djph> What kit do you have right now? Anything, or this is all just a plan? 14:23 < AlexPortable> i have what i was drawing 14:24 < djph> AlexPortable: okay, and the make/model of the devices are ... what? 14:25 < AlexPortable> have a few devices laying around, not sure which i'll use 14:26 < djph> AlexPortable: here's the thing, "general consumer kit that you bought at BestBuy (or whatever the local equivalent is)" likely will not do what you need. 14:26 < shtrb|laptop> maybe he can use LeDE over it ? 14:27 < djph> *will not support what you want to do. Hence asking what you have (because then we can confirm it) 14:27 < djph> shtrb|laptop: LEDE works on dumb-switches? :) 14:27 < AlexPortable> well what i have now doesn't support it for sure 14:27 < djph> AlexPortable: Okay, and what kind of a budget do you have to do what you want? 14:27 < AlexPortable> as less as possible 14:28 < shtrb|laptop> djph, I have a "dumb" switch that can run LEDE (it just how much dumb it is ) 14:28 < AlexPortable> will something like a Ubiquiti EdgeRouter X be fine? 14:28 < djph> okay - $350 plus tax, and you've got everything you described. 14:28 < shtrb|laptop> AlexPortable, if you have a router /modem laying around and you don't afraid to get dirty give us the info and we can guide you if it support LEDE / openwrt 14:28 < djph> ER-X would be a good router, or a good 5-port VLAN-aware switch. Won't do WiFi for you though (but a UBNT UAP-AC-LITE would). 14:29 < lupine> none of the ER stuff is any good 14:29 < shtrb|laptop> djph, that's sound as an overkill (a $350) 14:29 < Mattx> Hi all. Anyone with experience in AWS? Let me explain my issue 14:29 < Mattx> I want to setup 4 public IPs on an instance, and I'm checking the docs here https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-eni.html#AvailableIpPerENI 14:29 < Mattx> Those "IPv4 Addresses per Interface" on the table, are them public or private IPs? 14:29 < djph> shtrb|laptop: it's an AmpliFi HD setup (the AmpliFi router + 2x additional APs) 14:29 < Mattx> Can I really setup more than one public ip per network interface? 14:30 < shtrb|laptop> a good old tp link with WR841ND cost ~$50 14:30 < djph> shtrb|laptop: and it'll only do 802.11n 14:31 < shtrb|laptop> I'm not saying it's not good, I'm saying it is too good (and cost a lot ) 14:32 < shtrb|laptop> 841Nd can do 802.11g and 802.11n (because it's old) I chose it because it was the first result I got 14:32 < djph> shtrb|laptop: Given his needs (WiFi at somewhere away from the demarc), he's going to need more than just the one AP. 14:32 < djph> so, "here, this system does everything you want without faffing around" 14:33 < shtrb|laptop> ah ok 14:33 < mAniAk-_-> Mattx: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/MultipleIP.html?shortFooter=true 14:33 < djph> shtrb|laptop: that is, wifi at the router, plus remotes, plus a guest WLAN. 14:34 < shtrb|laptop> djph, as I said a $350 just sound too much (nothing more) 14:34 < djph> shtrb|laptop: yeah, the price of 802.11ac and "easy" solutions. 14:34 < AlexPortable> I can also maybe only replace the router, setup a vlan for guest network, and connect an old wifi router to that port 14:35 < shtrb|laptop> I wounder how ac routers really do with the new buildings (with the mesh inside them ) 14:35 < Mattx> mAniAk-_-, omg your nick is so hard to autocomplete :P 14:35 < shtrb|laptop> *mesh inside the wall 14:35 < djph> shtrb|laptop: I mean, you could do it for $200 or so (ER-X-SFP + 2x UAP-AC-LITE), but there's "not-consumer-friendly" configuring that needs to happen :) 14:35 < shtrb|laptop> Mattx, just use tab 14:35 < shtrb|laptop> djph, null modem to the people ! 14:35 < Mattx> I know, but there are too many ma* nicks 14:36 < djph> shtrb|laptop: likely not well. Although I've got plaster-over-mesh here, and it does alright 14:36 * shtrb|laptop hides in his retirement house 14:36 < shtrb|laptop> djph, what's a plaster-over-mesh ? 14:36 < Mattx> mAniAk-_-, I just launched an instance which allows up to 2 interface with 2 ips and yeah, they're private just checked 14:36 < shtrb|laptop> I had to use a cable because WiFi was just not passing over that wall 14:37 < Mattx> the thing is I then created an additional interface, but it won't get a public ip 14:37 < Mattx> unless I assign to it an elastic ip 14:38 < Mattx> maybe I'm doing it wrong, but it makes sense to me they come with a free public ip 14:38 < Mattx> unless you want to set an elastic ip, in which case you pay extra 14:39 < mAniAk-_-> Mattx: you can get a public ip assigned per interface at instance start if it's enabled on the subnet 14:39 < mAniAk-_-> Mattx: but not more than one per interface 14:39 < mAniAk-_-> Mattx: you can also add one elastic ip per interface 14:41 < djph> shtrb|laptop: plaster over "expanded metal" mesh (instead of wood lath) -- this stuff http://www.qunkun.net/uploads/allimg/180310/1-1P3101G054Z7.jpg 14:41 < shtrb|laptop> djph, I have no idea what I'm looking at :-( 14:42 < djph> shtrb|laptop: it's a picture of the mesh that's in my walls. right pain in the ass when I need to cut a hole for an electrical box 14:43 < djph> well, a generic internet picture of the stuff anyway 14:43 < AlexPortable> when I would get a cheap router, how do i know if it'll be capable of replacing my current ISP router? 14:43 < shtrb|laptop> I was talking about http://www.concrete-mesh.com/img/rectangular-reinforcing-mesh-rib.jpg but with concrete around it 14:44 < shtrb|laptop> AlexPortable, do you intened for to replace the modem part too ? 14:44 < AlexPortable> not possible, i can only set the modem/router to bridge mode 14:44 < AlexPortable> er wait, yes. 14:44 < AlexPortable> all the modem will do is demodulation of coax 14:45 < shtrb|laptop> I'm asking if you intended to disconnect the ISP stuff ,and use your own 14:45 < AlexPortable> set ISP stuff to 'bridge mode' 14:45 < djph> shtrb|laptop: ah, that's just rebar 14:45 < djph> shtrb|laptop: well, a "mesh" of rebar, but ... well, rebar. You're gonna have more problems with the whole "concrete wall" thing than the rebar 14:46 < shtrb|laptop> djph, rebar or not , my WiFi doesn't like that and refuse to coporate 14:48 < AlexPortable> how about DrayTek Vigor 2130 ? 14:49 < shtrb|laptop> http://www.visus.pt/mirrors/draytek/Vigor2130/Manual/UG-Vigor2130-V1.2.pdf ? 14:49 < AlexPortable> yes, but without the antennae 14:52 < Andrew_0010bit> Why the hell did I get tagged when that rando was going on about a war against Freenode's server data retention and the police? 14:52 < Andrew_0010bit> I don't think I've said anything in here for a minute or two. 14:52 < shtrb|laptop> it support up to 4 SSID (which may be isolated) , which is a good sign but the fact it is not list in openwrt is not a very good meter 14:53 < shtrb|laptop> Andrew_0010bit, ask in #freenode 14:53 < ne2k> Andrew_0010bit, about four hours ago? 14:54 < ne2k> Andrew_0010bit, I think you had just joined. I thought it was a bot, tbh 14:54 < Andrew_0010bit> OH 14:54 < Andrew_0010bit> You're right. I do seem to rejoin automatically around that time. 14:55 < Andrew_0010bit> Real Clockwork Orange stuff, man. 14:56 < ne2k> still haven't read or seen it 14:57 < ne2k> kurokkuwaaku ooranji 14:57 < Andrew_0010bit> It's a very weird movie. 14:57 < Andrew_0010bit> I'm sure the book isn't much different. 14:57 < ne2k> anything networking-oriented occurring? 14:59 < AlexPortable> do i need openwrt shtrb|laptop ? 14:59 < shtrb|laptop> only if you have some time to waste to learn new tricks 14:59 < AlexPortable> i do 14:59 < AlexPortable> but do i need those tricks? 15:00 < shtrb|laptop> google LEDE and openwrt to see if you need it 15:00 < shtrb|laptop> it is only you who can answer that question 15:00 < AlexPortable> well i need vlan support 15:02 < shtrb|laptop> vlan already presented in that version (without a third party firmware) 15:11 < Andrew_0010bit> Guess he answered his own question./ 15:11 < Andrew_0010bit> I love how he asked it, though. "But do I need those tricks?" 15:12 < Mattx> Mattx: you can get a public ip assigned per interface at instance start if it's enabled on the subnet 15:12 < Mattx> mAniAk-_-, doesn't seem to work. I created another instance, then an interface in the same subnet, I attached it to the instance 15:12 < Mattx> and what happens is that it doesn't even get ONE public IP 15:12 < Mattx> no public ip in either interface 15:13 < mAniAk-_-> Mattx: is it enabled? 15:13 < mAniAk-_-> on the subnet 15:13 < Mattx> then I removed the second interface and reboted the instance and now it get one public ip (on the attached interface) 15:13 < Mattx> s/removed/detached/ 15:14 < Mattx> mAniAk-_-, it is, it was a newly created instance in that subnet. I don't even know how to disable it from that subnet so I didn't change that 15:15 < shtrb|laptop> Andrew_0010bit, he might be using IRC over a shitty interface (as I do many times) 15:16 < Mattx> what is weird is that with two interfaces the instance doesn't get even one pubic IP 15:16 < Mattx> I was expecting at least one interface to work just fine 15:17 < Mattx> mAniAk-_-, btw, if the interface and the instance are in different subnets it doesn't let you attach it, so yeah it was on the same one 15:17 < Andrew_0010bit> shtrb|laptop: that, or he made changes to his VLAN setup while still trying to talk it over. Been there, done that. 15:18 < mAniAk-_-> Mattx: "auto-assign public ip" is this enabled on the subnet? 15:18 < Mattx> yes 15:18 < Andrew_0010bit> That's one of those, "Raise your hand if you've never broken your network connectivity trying to setup VLANs." kind of situations. 15:18 < Andrew_0010bit> And if you raise your hand, you have a flat network and should be ashamed of yourself. 15:19 < shtrb|laptop> Or the great let me just adjust that small radius interface that my WiFi uses .. .oh feces how can I fix that now ?! 15:20 < shtrb|laptop> sorry autoreplace it expected to be oh shit` 15:21 < Mattx> mAniAk-_-, launched it again just in case, same happened 15:21 < Mattx> any idea? 15:22 < Mattx> I can click on the net interface on ec2 console and associate an address, but for that I need to create elastic ips 15:23 < Andrew_0010bit> shtrb|laptop, if you've never said "Oh feces!" in the heat of the moment, you haven't lived in this world long enough. 15:25 < shtrb|laptop> That could be interpreted in so many different ways , (an old chap after a constipation period ) Oh feced! (happy person), A person joging in the park stepping in something squishy, an It person opening a router to understand to see why it stoped working oh feces (the old PS3 problem) 15:27 < shtrb|laptop> I mean PS3 had been so nasty with that issue that you can still find ads saying "IF YOU HAVE FUCKING ROACHES LIVING IN YOUR PS3, I WILL SEND IT BACK" 15:28 < acresearch> people, i have installed openconnect to attempt to use my university cisco vpn, but i get an error saying You need to provide a suitable --csd-wrapper argument, i have downloaded a bash script from cisco that (supposidly installes the anyconnect client in linux, but only for debian and redhat based linux and not arch). it is possible to extract the required certificate from it? 15:28 < acresearch> any help? 15:28 < shtrb|laptop> mofo - bugs can live inside pc too ?! 15:29 < shtrb|laptop> acresearch, post the script if possible 15:29 < acresearch> shtrb|laptop: i am not sure if i should, could have sensitive information that might get me fired if i post it, sorry, i don't want to lose my job 15:30 < shtrb|laptop> acresearch, in such case read your script to see where it install or uncompress files ) 15:30 < mAniAk-_-> Mattx: hmm no, only used elastic ip's 15:30 < shtrb|laptop> a cert would be either embeded in the script or downloaded 15:31 < Mattx> mAniAk-_-, hmn, those are paid, I need many of them. I planed to just create multiple interfaces and get ips for free :( 15:32 < Mattx> I'm probably doing something wrong, it doesn't make sense neither interface gets a public ip when attached together 15:34 < shtrb|laptop> acresearch, search for base64 coded / HEREDOC in the script 15:35 < acresearch> shtrb|laptop: ok, it is around 4,000 lines long, is there a string that can help me find what i am looking for faster? 15:35 < acresearch> shtrb|laptop: oh ok 15:36 < shtrb|laptop> If you see something that look like binary -> extract it, if you see a alpha numeric string (long one ) it could be a base64 , if you see cat << 'SOMETHING it's a HEREDOC, if you CERT ... it's emebeded 15:36 < shtrb|laptop> the things I could think of 15:37 < shtrb|laptop> it could be also an embded as XML so ... 15:37 < acresearch> shtrb|laptop: ok only the script headding is bash the rest seems to be binary (i get strange symbols when i open it in a text editor) 15:37 < easy_ref123> ssh'ing to an unknown host I get a SHA256 fingerprint. What is SHA'd to make this fingerprint? 15:38 < shtrb|laptop> acresearch, that sound like an embded binary (check sher ) 15:38 < acresearch> shtrb|laptop: it is between --ARCHIVE binary --ARCHIVE 15:38 < shtrb|laptop> does it have something like MARKER: binary ... end 15:38 < acresearch> shtrb|laptop: hmmmm 15:38 < Ljod> hi i am getting eap-identity unknown from freeradius after processing a access-request with a eap tlp type equal to 2 (user password). the client trying auth is in ttls-eap mode. what gives? i have another client which is running eap-tls and its working fine. 15:38 < Mattx> mAniAk-_-, "Regardless of how you've configured the auto-assign public IP feature, you can assign a public IP address to an instance that has a single, new network interface with a device index of eth0." 15:39 < Mattx> that's it 15:39 < acresearch> shtrb|laptop: sorry it is --BEGIN ARCHIVE-- BINARY --END ARCHIVE-- 15:39 < Mattx> the "auto assign ip" feature doesn't work when you have multiple net interfaces attached 15:41 < acresearch> shtrb|laptop: yes it has MARKER 15:41 < GodOfSea> Hello 15:43 < acresearch> shtrb|laptop: i found the certificate. is it .pem? 15:43 < shtrb|laptop> acresearch, that embded binary (or self extracting script) - you should be able to extract it 15:43 < shtrb|laptop> acresearch, yes a .pem is a certificate 15:43 < acresearch> shtrb|laptop: and it looks like a gpg text inside? 15:44 < shtrb|laptop> That I can not answer 15:44 < acresearch> shtrb|laptop: can i use it with openconnect? 15:44 < GodOfSea> I got a network of servers . I am trying to send some files from server 3 to server 5 using scp .( They are connected to the same switch)But Everytime I get " no route to server" . But if I try to do the same from my pc . It works 15:45 < GodOfSea> No clue . what to do next 15:45 < shtrb|laptop> acresearch, openconnect -c certificate.pem https://vpn.mycompany.com/ 15:46 < acresearch> shtrb|laptop: Loading certificate failed. Aborting. 15:46 < Chewza> GodOfSea are they on the same VLANs? Same IP Ranges? 15:47 < acresearch> shtrb|laptop: Failed to determine type of private key 15:48 < shtrb|laptop> don't know , run the script to exctrat the data manually 15:48 < shtrb|laptop> in a vm 15:48 < mAniAk-_-> Mattx: should work for the first interface 15:49 < acresearch> shtrb|laptop: in vm? 15:49 < kerframil> easy_ref123: the public host key 15:49 < shtrb|laptop> Virtual Machine (to prevent any possible damage) 15:49 < Mattx> mAniAk-_-, yes it does, but if you have a second one it's as if you disable the auto assign feature 15:49 < GodOfSea> yes they are on the same ip range 15:49 < acresearch> shtrb|laptop: its ok i have a frech install of antergos, i don't care if it gets damaged, i just want to solve this issue 15:49 < acresearch> shtrb|laptop: how so i extract the binary? 15:50 < shtrb|laptop> if you don't care you can just run it and copy the affected files 15:50 < detha> GodOfSea: firewalls? 15:50 < GodOfSea> yeah . 15:51 < acresearch> shtrb|laptop: ok i ran the whole script, sudo sh FILENAME.sh 15:51 < GodOfSea> server 5 . (destination is heavily firewalled, imo . ping blocked) 15:51 < acresearch> shtrb|laptop: it seems it went without errors but the program won't open (as expected) 15:51 < acresearch> where should i go now? look for the program itseld? 15:52 < shtrb|laptop> check for any traces that the installation have done (where it installed etc) 15:52 < detha> GodOfSea: copy it through your machine, scp -3 server:/file server5:/file 15:53 < GodOfSea> That I can do , of course , bit of a last resort 15:53 < GodOfSea> any reason why its happening ? 15:53 < acresearch> shtrb|laptop: i have /opt/cisco/ contains anyconnect and vpn 2 directories 15:53 < shtrb|laptop> acresearch, you might get extra help in #debian or #arch to see how to extract the data 15:53 < acresearch> shtrb|laptop: oh ok 15:53 < shtrb|laptop> anyconnect != openconnect 15:54 < GodOfSea> I even added the ssh keys of both the server to each other 15:54 < detha> check firewall rules on server5, see why it would be blocking server3 but not your machine 15:54 < Mattx> cool, now I have two public ips associated with the same net interface. any way to check that worked? 15:54 < acresearch> shtrb|laptop: yes i understand, i am looking for anyconnect any information that i can use with openconnect right? 15:54 < GodOfSea> its not using iptables but a cisco firewall 15:54 < detha> (also check outbound rules on server3, but that's less likely) 15:54 < detha> check the rules on the cisco 15:55 < GodOfSea> ok thanks. 15:55 < shtrb|laptop> acresearch, I just don't know , sorry 15:55 < GodOfSea> This is a new gig. highly paid for a 19 years old. dont wanna screw this up. so I came here :D 15:56 < GodOfSea> Peace !! 15:56 < acresearch> shtrb|laptop: ok what about the required information to connect, if the certificate cannot be used, what other information i can use? what should i be looking for? 15:56 < shtrb|laptop> expect to have a certificate , a CA (optional) and a destination where to connecct 15:57 < shtrb|laptop> if your client connects using a cert and you can not extract it (or it's in the wrong format) you are out of luck (but you can try to convert the cert using openssl client ) 16:03 < acresearch> shtrb|laptop: so i only need the certificate ha? nothing else? i found "A" certificate, so it could that one but in a different format? 16:05 < shtrb|laptop> a minimum of one certificate (one or more) 16:05 < acresearch> shtrb|laptop: i see 16:05 < shtrb|laptop> you also need to check if the pem file is valid 16:05 < acresearch> shtrb|laptop: how? 16:13 < acresearch> shtrb|laptop: i think i have to correct certificate, but there is something else required to use it, maybe a private key which i cannot find 16:25 < acresearch> shtrb|laptop: i have been asking in #bash about the binary but they say this is not a bash issue, any idea where i can go to find out more about this client? 16:26 < Mattx> so I finally got two public ips on eth0, now the thing is, how do I select what ip to use when opening a socket? 16:26 < Mattx> if they were on two different net interfaces I would do so by selecting one interface or the other through local address 16:26 < shtrb|laptop> acresearch, you need to ask correctly (how to exctract an embeded binary from a bash script would be a good start) 16:26 < Mattx> no idea when both are on the same address 16:26 < acresearch> shtrb|laptop: oh ok 16:27 < Chewza> Mattx you'll probably need a sub interface 16:27 < Chewza> not sure what router you're using 16:27 < johnjay1> hey i can ping every website except google which resolves to 0.0.0.30 16:27 < shtrb|laptop> acresearch, you can try using openssl client with the pem you got to extract info (ask at #arch for more details how to use it or at #debian if you are willing to run it ) 16:27 < Mattx> Chewza, it an instance in AWS 16:27 < johnjay1> i'm on my linux box, any ideas how to diagnos? 16:27 < djph> you dun fucked up your DNS 16:27 < TotallyNotKim> ^this 16:28 < Mattx> Chewza, I only have eth configured 16:28 < johnjay1> i set some custom dns on my router but i changed it back 16:28 < acresearch> shtrb|laptop: i see ok let me try openssl 16:28 < johnjay1> now it is 8.8.8.8 16:28 < Mattx> it makes sense to have a sub interface but somehow they don't create one? not sure 16:28 < TotallyNotKim> johnjay1: check /etc/hosts 16:28 < TotallyNotKim> johnjay1: query a sane dns server directly and check the result 16:29 < TotallyNotKim> johnjay1: also check if dhcp somehow transfered your "custom" dns to /etc/resolv.conf 16:30 < djph> probably just cached the fubar entry 16:30 < johnjay1> is there a way to force linux to reupdate the dns or something? 16:31 < djph> which DNS service are you using? 16:31 < djph> bind, dnsmasq, nscd, something else 16:33 < acresearch> shtrb|laptop: ok openssl also asks for a private key, 16:33 < shtrb|laptop> \_()_/ 16:33 < shtrb|laptop> you need someone to play with that script to extract the data for you 16:34 < TheTallest> Is it possible to have radvd advertise the dns server as the routers local link ip in a slaac setup? 16:36 < djph> shtrb|laptop: or, he just needs to read the script and understand what it's doing ... then do it himself. 16:37 < shtrb|laptop> that's too 16:39 < Andrew_0010bit> Who's having SSL problems? 16:39 < Andrew_0010bit> I love diagnosing those. 16:40 < shtrb|laptop> acresearch ^ 16:40 < acresearch> djph: Andrew_0010bit i am 16:41 < acresearch> seems i found a cisco vpn certificate to use with openconnect , but it requires a private key which i cannot find 16:41 < Andrew_0010bit> What is your end goal? 16:41 < djph> pretty sure it'd be "your" private key that you use to identify to the remote VPN server... 16:43 < Andrew_0010bit> Most likely ^ 16:43 < acresearch> Andrew_0010bit: to connect to my university through VPN to use out supercomputer (uni uses cisco anyconnect which for some reason fails to work with openconnect) 16:44 < Andrew_0010bit> Your university's IT staff can direct you on all matters concerning connecting to their supercomputers. 16:45 < acresearch> Andrew_0010bit: guess what they said when i apprached them 16:45 < acresearch> Andrew_0010bit: "why are you useing linux, you should be using windows" ! 16:46 < djph> odd that "vpn to get to supercomputers" has "no linux knowledge" 16:47 < acresearch> djph: funny thing, the supercomputer uses linux !!! 16:47 < djph> that's kind of the point there, acresearch 16:49 < ||cw> the point also is that's a uni provided computer that was issued with windows and *someone* wiped it and put linux on it 16:50 < djph> wait, it's a uni-provided PC? 16:50 < ||cw> "here's your supported platform" 'lel I do what I want' 16:50 < ||cw> djph: yeah 16:50 < ||cw> from yesterday 16:51 < djph> ahh, I missed *that* part then. Figured it was just a kid with his PC trying to get on Uni VM... not kid fubar'ing a uni PC 16:52 < ||cw> I mean, there's no good technical reason that the linux vpn client couldn't be used, if you are given the settings and such 16:52 < ||cw> but uni first level support likely isn't going to have that in their regurgitation KB 16:53 < ||cw> and they are probably using web deploy which masks a lot of that 16:53 < djph> I bet 16:53 < acresearch> ||cw: ahhhh these small things that stop an entire project, been at this for 2 weeks ! 16:53 < ||cw> acresearch: basically, you need to make friends with a real admin at the uni 16:53 < acresearch> ||cw: how would he help me? 16:54 < ||cw> he'd be able to tell you where to find your private key 16:54 < shtrb|laptop> can someone get to the point that openconnect and anyconnect are two differetn applications ?! 16:54 < ||cw> likely the answer is to go back to windows and extract it from the config 16:54 < shtrb|laptop> acresearch, try to setup anyconnect first on your dist and then move to anyconnect 16:54 < djph> ^ 16:54 < shtrb|laptop> if possible 16:54 < acresearch> ||cw: ?? he is not part of the cisco company, wount the private key be something that cisco issues? 16:55 < ||cw> acresearch: no 16:55 < djph> not when you need your "user" private key ... 16:55 < ||cw> it's your auth token set for your uni account on the vpn server 16:55 < shtrb|laptop> acresearch, the private key is nomally not given to a user but a public or certificate and the user should have a client cert or connection credentials 16:56 < acresearch> shtrb|laptop: looks very confusing 16:56 < ||cw> shtrb|laptop: other way around, but yeah 16:56 < acresearch> if openconnect and openssl are asking about a private with the ceritificate, it should be somewhere in the client right? which mean i should be able to find it right? 16:57 < shtrb|laptop> acresearch, forget about openconnect try using anyconnect now 16:58 < ||cw> acresearch: the way you do it with ssh is your client generates a private and public key pair, then you use password auth or some other trusted method to give the server your public key. 16:58 < ||cw> then you can auth that way, without the password auth 16:59 < acresearch> ||cw: that is just too confusing, :-( 16:59 < djph> acresearch: no, it means that the client is *looking* for your private certificate SOMEWHERE ON YOUR MACHINE 16:59 < shtrb|laptop> can you spin a windows VM ? 16:59 < ||cw> acresearch: you need to have the private key that the server already trusts, or find a way to give it a new public key, which from what you've said, isn't going to happen without making friends and getting favors 16:59 < shtrb|laptop> :D 17:00 < shtrb|laptop> ||cw, normally admins just give pesky user a pair that they can use (yes the admin has your private key ) 17:00 * shtrb|laptop was such a pesky user not so long ago 17:01 < ||cw> from experience, just use what your class uses. go back to windows. dual boot if you like for other tasks. if you want a *nix like env on windows, install git for windows, it comes with a nice terminal and all the handy cli tools 17:01 < djph> shtrb|laptop: "was"? 17:01 < shtrb|laptop> no longer with them 17:01 < AlexPortable> beacon period, rts teshold, fragmentation treshold, dtim interval, wlan partition, wmm enable, short gi. what should i put in these settings? 17:01 < djph> AlexPortable: 42. 17:02 < acresearch> ||cw: there is no way arround this ha? i have to go back to windows? 17:02 < shtrb|laptop> or to know what you need to setup 17:02 < shtrb|laptop> you can setup anyconnect on linux 17:02 < ||cw> acresearch: well, it's the easy way. and you won't have to translate instructions 17:02 < shtrb|laptop> acresearch, https://faq.oit.gatech.edu/content/how-do-i-install-cisco-anyconnect-client-linux <- 17:02 < AlexPortable> djph beacon is set to 100, rts and frag. are set to 2346 17:03 < ||cw> set it up on windows and understand anyconnect there, extract config items to make it go on linux 17:03 < shtrb|laptop> why do I read that each time as bacon ? 17:03 < djph> AlexPortable: should be fine values. 17:03 < djph> shtrb|laptop: because it's just about lunchtime? 17:03 < AlexPortable> how about short gi? 17:04 < djph> AlexPortable: 'yes' 17:04 < djph> ... or are you after the value? 17:06 < johnjay1> i'm confused. my dns for google was completely messed up last night and this morning 17:06 < johnjay1> but after i install dnstools and bind9tools it's normal now 17:06 < johnjay1> did apt-get installing dnstools magically fix my dns? 17:06 < AlexPortable> djph: it's a yes or a no 17:06 < AlexPortable> not sure if i need it or not 17:08 < djph> AlexPortable: short gi is (IIRC) 40 ns, and allows for higher throughput (i.e. 300mbps on 802.11n / 40 MHz channel) 17:08 < djph> *400ns 17:09 < AlexPortable> what are the default speeds? 17:09 < djph> with a regular guard interval (800ns), the connection will (IIRC) be somewhat more reliable, but you won't have as high of throughput. 17:10 < AlexPortable> i prefer a reliable connection since my wifi is always bad 17:11 < djph> suggest you read up on the guard interval though, and the specifics on what "reliability" it provides 17:21 < shtrb|laptop> AlexPortable, archive=$(grep --text --line-number 'BEGIN ARCHIVE:$' $0)\n | tar -xvf - 17:21 < ||cw> johnjay1: maybe just the TTL expired in the mean time? 17:21 < shtrb|laptop> that should exctract the embeded data (hoping it's really just a tar file) 17:22 < shtrb|laptop> tail -n +$((archive + 1)) yourscript.sh | tar -xvf - 17:26 < acresearch> ||cw: if i successfully installed anyconnect would i be able to extract the private key then? or a better certificate? 17:29 < shtrb|laptop> What would be a good way to address routing network to an android VM + usbip - I thought about ssh +L and a VM inside NAT but maybe someone has a better idea ,(the goal is to be able to create a voice call over whatsapp in a vm from a dumb terminal with a headset and ssh) I intend to put an android-x86 in a vbox with a NAT interface and usbip and direct audio to the vm over usbip and connect over VNC (the easit approach I could think off) 17:30 < qman> private keys are not contained in certificate 17:30 < qman> s 17:30 < qman> they're used to generate certificates 17:30 < acresearch> qman: oh 17:31 < qman> depending on the format, you can package a private key and certiifcate in the same file, but they're not the same thing 17:32 < acresearch> qman: oh 17:32 < acresearch> interesting 17:32 < acresearch> qman: so i my computer generated a certificate, there must be a private key somehwere in my computer that generated this certificate right? 17:33 < qman> yes 17:34 < acresearch> qman: is there a spesific file name or string that will allow me to search for this private key? 17:34 < qman> no, you have to specify what key to use when you generate it 17:34 < qman> how was it generated? what tool did you use? 17:34 < acresearch> qman: anyconnect 17:35 < acresearch> qman: it got generated while installing the client 17:36 < qman> it looks like on windows, it uses windows' certificate store 17:36 < qman> but beyond that I couldn't tell you 17:36 < qman> I have never used it and google doesn't give any easy results 17:38 < acresearch> qman: hmmm i am prepareing a USB live for ubuntu 17.10 (the program got installed in 16.04 but all my other programs are now out of date) so I am trying to predict whether it will work on ubuntu 18.04 or not when it comes out next week 17:38 < acresearch> qman: if it installs on ubuntu 17.10, what should i be looking for? 17:39 < qman> you'll have to find cisco documentation or support 17:40 < ||cw> acresearch: 18.04 should be in feature freeze already 17:40 < ||cw> but cisco isn't going to support it. you need to learn how it all works normally first 17:43 < shtrb|laptop> I love ##networking when people will prepare an ancient usb live to install a propierty software because uni IT couldn't prepare a tutorial how to setup their software on decent free software (but instead create a dumy proff installation script) 17:45 < acresearch> shtrb|laptop: yes tell me about it :-( haha 17:45 < acresearch> ||cw: i don't know how it work, and there is no information that explains how it works 17:45 < djph> shtrb|laptop: so what you're saying is ... "the kid needs to learn bash, so he can read the "dummy-proof install script" 17:45 < shtrb|laptop> djph, not just bash 17:46 < djph> shtrb|laptop: fine, shell, whatever 17:46 < shtrb|laptop> no no, it's not even normal bash it has embded binary data inside (I hope it's heredoc) 17:46 < shtrb|laptop> djph, it's more of a rant over the IT guys 17:46 < shtrb|laptop> or gals 17:46 < Demos[m]> Yeah. I hate install scripts and whatnot 17:47 < djph> shtrb|laptop: heh 17:47 < Demos[m]> I actually tend to run them with a really confined selinux context 17:47 < shtrb|laptop> I offered to install that in a vm 17:47 < acresearch> shtrb|laptop: nope they are all guys, lazy windows oriented guys ! 17:48 < Andrew_0010bit> shtrb|laptop over there being sexist and shit. 17:48 < shtrb|laptop> you should never assume a person identity 17:48 < Andrew_0010bit> It's the Internet, there are no women on the Internet. 17:48 < shtrb|laptop> or gender or OS preference 17:48 < Andrew_0010bit> Everyone knows this. 17:48 < acresearch> haha 17:48 < Demos[m]> Man for all its weirdness o really like our it dept 17:48 < Andrew_0010bit> Right, I'd be pissed if someone accused me of being a Windows Admin. 17:49 < Andrew_0010bit> I am a Systems Administrator. 17:49 < Andrew_0010bit> SYSTEMS 17:49 < Andrew_0010bit> Yes, I use AD because why not? 17:49 < acresearch> ok i have to go try install anyconnect on ubuntu 17.10 be back in 30 minutes 17:49 < Andrew_0010bit> But I run up fourteen Linux servers now. 17:49 < Demos[m]> Esp considering they manage to run a 60,000 person org 17:50 < Andrew_0010bit> It's less than 1,000 here. 17:50 < Andrew_0010bit> But still. 17:50 < shtrb|laptop> Demos[m], did you just read their LDAP file ? 17:50 < shtrb|laptop> you know we create o=Person even for an application ? 17:51 < djph> Andrew_0010bit: you're a windows admin. 17:51 < Andrew_0010bit> You take that back, you cuck. 17:51 < Demos[m]> No we have waaaay more people in ldap 17:51 < djph> make me :P 17:51 < Demos[m]> On the order of like 200,000 17:52 < shtrb|laptop> Andrew_0010bit, https://www.youtube.com/watch?v=2AdrmfjAhn0 17:52 < Demos[m]> Hint: it’s a university 17:52 < shtrb|laptop> Demos[m], did you create an LDAP entry for each auther in each book ? 17:53 < Andrew_0010bit> LOL, shtrb|laptop. 17:53 < shtrb|laptop> You asked for a cock, I delivered a big black cock 17:53 < Andrew_0010bit> I said cuck! 17:53 < Andrew_0010bit> CUCK! 17:53 < Demos[m]> All the alumni since they first deployed ldap are in there 17:53 < Andrew_0010bit> Technically, yes, Demos[m]. 17:54 < Andrew_0010bit> But you don't ACTIVELY support them. 17:54 < Andrew_0010bit> Seems like there should be a purge of accounts eventually. 17:54 < Demos[m]> Which woulda been in ~1993 17:54 < shtrb|laptop> Does anyone actually use the aluminy facilities after they graduate 17:54 < Andrew_0010bit> Maybe there IS a problem with Data Retention and we should issue fake emergency calls to distract the police from Freenode's round robin of servers. 17:55 < shtrb|laptop> And I'm saying more than ariving to the reunion once a decade 17:55 < Andrew_0010bit> By breaking the physical layer the police use. 17:55 < AlexPortable> 2.4 GHz, 20 or 40 MHz? 17:56 < Demos[m]> Yeah there’s some stuff. I think email is retained essentially forever and theees alumni vpn access 17:57 < djph> I know I still use my uni email 17:57 < Demos[m]> Anyway I’m dealing with IT just for one lab and we’re pretty independent 17:57 * shtrb|laptop account is no longer exist :-( 17:57 < Andrew_0010bit> Shoot, I'm in a hurry to close stuff out. 17:58 < djph> granted, I think the *only* thing it still handles is my steam acct 17:58 < shtrb|laptop> djph, you used your uni account for steam ?! 17:59 < djph> shtrb|laptop: sure, I was in uni when steam started 17:59 < Andrew_0010bit> Oh damn. 17:59 < djph> or well, shortly after 18:00 < Andrew_0010bit> Let me ask you guys this. 18:00 < Andrew_0010bit> When Half Life 2 first came out, right? 18:00 < shtrb|laptop> at least it's the dean 18:00 < Andrew_0010bit> And Steam was just kinda taking off. 18:00 < djph> steam was what, beginning of '04? 18:00 < Andrew_0010bit> There was a game that came out for cheap and/or free called Prey. 18:00 < Andrew_0010bit> Had an Indian guy who got abducted. 18:00 < Andrew_0010bit> I loved it, played it all the way through. 18:00 < Andrew_0010bit> What happened to it, and is the new Prey in any way related? 18:01 < djph> ah, no, it was September '03 18:01 < djph> Andrew_0010bit: no idea; no idea. 18:01 < Andrew_0010bit> I haven't even bothered to Google. It just came up in this conversation and I thought I'd try. 18:01 < Andrew_0010bit> 2006 video game, I see. 18:02 < djph> so steam came out about a year before I started using it ... but then again I didn't have a cc til college anyway, so meh 18:02 < djph> in either event, uni email was the thing to do 18:02 < shtrb|laptop> you just reminded me of an old game "America's Army" was the first game that just worked on linux for me 18:02 < Andrew_0010bit> The game went gold on June 28, 2006,[20] and was released in North America on July 11, 2006, and on July 14, 2006, in Europe. Prey was the only major title to utilize the new Triton distribution system, which went out of business mere months after the game's launch. Following the demise of Triton, Prey moved to distribution via Steam. 18:02 < Demos[m]> The new prey is unrelated, but quite good 18:02 < Demos[m]> There was a direct sexual but it fell through 18:03 < Demos[m]> sequal 18:03 < Demos[m]> :) 18:03 < shtrb|laptop> Demos[m], https://en.wikipedia.org/wiki/Prey_(2006_video_game) ? 18:04 < Demos[m]> Yeah 18:05 < Andrew_0010bit> During its 2016 E3 press conference, Bethesda announced a Prey to be developed by Arkane Studios, for release in 2017 on Windows, PlayStation 4, and Xbox One. The new game is said to be a re-imagining of the Prey intellectual property rather than a sequel or remake.[41] 18:05 < Andrew_0010bit> Yeah. It's a re-imagining. 18:05 < Andrew_0010bit> Okay, I'll put it on my wishlist, because I really liked that game. 18:10 < drathir> Andrew_0010bit: more impresive is Kara quantic dreams based engine game sadly at consoles only... 18:11 < acresearch> bad news anyconnect fails to work in ubuntu 17.10 as well 18:11 < acresearch> there seems to be no way to make it work except on windows 18:11 < drathir> Andrew_0010bit: Detroid named in theory... 18:13 < shtrb|laptop> acresearch, do you mean it failed to connect with what you have extracted or when you run the file ? 18:14 < acresearch> shtrb|laptop: it successfully installs but fails to open the program 18:15 < Ignacy> not sure if I should ask here or on sysadmin, I've got this weird problem with two different hdd's connected over USB 18:16 < Ignacy> transfer speed over LAN Ethernet was fine at first - ~8MiB/s. now it dropped to ~19KiB/s 18:16 < AlexPortable> 2.4 GHz, 20 or 40 MHz? 18:16 < Ignacy> no idea why. I've tried copying with scp, sftp, mounting over sshfs, rsync 18:16 < drathir> Andrew_0010bit: https://www.youtube.com/watch?v=IEPzofGKSNE and moore... short of kara a one video there included too... 18:17 < AlexPortable> Ignacy: are the HDDs itself good? 18:17 < Ignacy> I thought it was a raspberry PI problem, so I've got an used dell fx160 thin client PC 18:17 < Ignacy> drives work normally when connecting to the desktop that I'm using 18:18 < AlexPortable> Connected the same way? 18:18 < Ignacy> with raspberry, the top speed was bit lower at first, but then it dropped to the same ~19kbs 18:18 < Ignacy> You think it might be the SATA to USB dongle? 18:18 < drathir> Ignacy: You sure rpi not kill psu ? 18:19 < Ignacy> Now it's connected to dell Optiflex x160 18:19 < Ignacy> with dualcore intel atom, and it's own gigabit ethernet controler 18:19 < Ignacy> and separate USB controlers 18:19 < drathir> Ignacy: te same sympthoms? 18:20 < Ignacy> yes, speed was ok the first time, then it dropped dramatically, and stays at the same level of ~19kbps 18:20 < acresearch> shtrb|laptop no it fails to run the program 18:20 < Ignacy> marian-disk.img 0% 779MB 19.7KB/s 1747:52:35 18:20 < drathir> Ignacy: if possible try to connect hdd directly or to different hdd bay... 18:21 < Ignacy> the thing is I'm using a SATA to USB connector. Optiflex has a free SATA spot on MOBO, but has some funny power connector, I'm waiting for it to arrive. 18:22 < drathir> Ignacy: if directly will behave the same way its looks for me like dead chipset check smart to when directly connected... 18:22 < Ignacy> But I just got a new idea, will try to put the filesystem on the partition again. 18:22 < Ignacy> ahh ok 18:22 < drathir> Ignacy: to debug the best exclude any parts between possible causing errors... 18:24 < acresearch> i was talking to someone before i left 30 minutes ago but i forgot his nick name i think it started with a D 18:24 < AlexPortable> Anyone can help me with WiFi? 18:24 < drathir> Ignacy: hdd bays sadly possible to report false smart data... 18:24 < Ignacy> https://www.itsajten.se/uploads/14-7431_4.jpg 18:26 < drathir> Ignacy: yep avoid in debuging any kind of that tools especially china based... 18:27 < drathir> Ignacy: You just will save a time really... less between easier to find of reason of not working... 18:28 < Ignacy> k! thanks! I thought that the 20kbps would mean something. Like some kind of connection optimization that started suddenly. 18:29 < drathir> Ignacy: that could be even transformer unstable powering that usb-sata switcher... 18:30 < Ignacy> aaah 18:30 < drathir> Ignacy: slowdowns mostly driver /not ntfs3g onboard/dying hdd controller in my opinion... 18:31 < Ignacy> system used was ext4 18:31 < drathir> Ignacy: with assumption directly connected to mb... 18:32 < drathir> Ignacy: unless its china noname hdd than try set fat that could help, but dont think so its a case there... 18:32 < Ignacy> However, for the weekend, I've got a SATA power male to female extender, so I could use the USB thingy to power the HDD and, and connect trough SATA to the motherboard 18:33 < acresearch> ||cw: i think i might be close to finding the private key: https://supportforums.cisco.com/t5/firewalling/finding-license-private-key/td-p/2568742 18:33 < acresearch> ||cw: but the commands do not work, maybe because it is an old post? something changed? 18:33 < Ignacy> it's samsung mobile 1TB. I've got it on promotion, but the other drives were WD Black and WD Blue 18:35 < drathir> Ignacy: if wdblack on list 99% its converter ^^ 18:35 < Andrew_0010bit> drathir, that looks awesome 18:35 < drathir> Andrew_0010bit: yeep i know the game play trailers even more mindblow ones... 18:37 < jvwjgames> is MS aka latemcy affected by CPU cores 18:37 < jvwjgames> latency* 18:40 < acresearch> ||cw: this command "show crypto key mypubkey rsa" does not work, maybe it is a windows DOS command? 18:40 < ||cw> no, "show" should be a cisco cli command, possible after you run some interactive utility? 18:41 < Andrew_0010bit> drathir, I watched about half of it and just stopped. I'm like, "Okay. I dig it. No need to spoil the rest." Haha. 18:42 < acresearch> ||cw: there is no cli in the client (when i tested in on ubuntu 16.04) 18:44 < drathir> Ignacy: blue if old could causing issues samsung the same, but all will throw smart errors... 18:49 < Ignacy> I've did something new now. Connected the drive to MOBO Sata slot, and took power, using extender, from the USB dongle. 18:50 < Ignacy> OMG, just remembered that I've set up partitions from this disk in /etc/fstab. It's not going to boot now xD 18:50 < drathir> Ignacy: highly not reccomended if You not want fry mobo... 18:52 < cu_cucambur> I created a bridge and connected the vm host and a container to it. The host and container were assigned public static ips (that's the same mask of the router) the vm host can ping the physical host 18:52 < cu_cucambur> and it can ping the container too 18:52 < cu_cucambur> however, the physical host can't ping the container. Although, it can arping it and acquire it's mac address 18:53 < cu_cucambur> when the container pings the physical host the ping requests reach the physical host but it can't return to the container 18:54 < cu_cucambur> Anyone have a clue what's happening? 18:54 < jim> hi... how can I find which interface has the default route? 18:54 < Ignacy> drathir: it's a disposable dell fx160, bought on sale for 30USD. It's not going to be that bad :P 18:55 < VoidShift> I just downloaded the PiCroft image for pi3, upon internet connection setup, it asks me to use a seperate device and connect to "mycroft" (so acts as AP), then when connected, it asks me to connect to internet (home router AP) before it is online. Does this mean it's an AP and a device that connects to AP simultaneously? Or is it just switching? And why go about it this way? 18:57 < VoidShift> (To clay, step 2, connecting to internet, was done on PiCroft. But the first step, it acted as AP) 18:57 < VoidShift> *clarify 18:58 < acresearch> ||cw: turns out it is a firmware command 19:01 < ||cw> acresearch: so on the VPN server. like I said, make a friend :) 19:02 < acresearch> ||cw: i told you i tried, they said to use windows 19:02 < ||cw> I don't mean "call support" 19:02 < kang00> Hi 19:02 < jim> hi 19:02 < skyroveRR> hi 19:03 < acresearch> ||cw: haha :-) 19:04 < kang00> Where are you from jim 19:06 < acresearch> ||cw: will attempt ubuntu 16.04 :-( 19:06 < VoidShift> Well, while them 2 are busy trynna hook up and take long walks on the beach... Anyone familiar with PiCroft? 19:09 < ||cw> VoidShift: I know of it, what's it have to with networking? 19:18 < VoidShift> ||cw: my initial question covered that 19:18 < VoidShift> 11:55 AM I just downloaded the PiCroft image for pi3, upon internet connection setup, it asks me to use a seperate device and connect to "mycroft" (so acts as AP), then when connected, it asks me to connect to internet (home router AP) before it is online. Does this mean it's an AP and a device that connects to AP simultaneously? Or is it just switching? And why go about it this way? 19:25 < VoidShift> Why not just have a "select network" in the PiCroft before connecting to it with a device? 19:25 < VoidShift> I'm just trying to figure out the purpose 19:27 < AlexPortable> how can a router have 300 mbps while it only has 100 mbps ports? 19:27 < ||cw> I believe it switches. if it can't connect to what's config'd it makes it own AP so you can configure it. this way you can switch networks without a monitor or serial connection 19:28 < ||cw> AlexPortable: 300Mbps wifi does not mean you get 300Mbs data speeds 19:29 < VoidShift> ||cw: thank you. That makes since. And also answers the followup question of could I use a similar process to connect a headless pi3 set up 19:29 < VoidShift> *sense 19:29 < AlexPortable> ||cw: what then 19:29 < ||cw> AlexPortable: and the wired and wireless is a different network, so it can have different speeds 19:29 < AlexPortable> oh so it's 300 mbps between wireless clients 19:30 < ||cw> AlexPortable: usually more like 100-150 at best, 300 is the raw max rate before wifif chatter overhead 19:31 < Mead> I just logged into my bouncer, what wifi standard? N? 19:31 < AlexPortable> me? yes 19:32 < VoidShift> ||cw: is it possible to act as both simultaneously? Or would that require a 2nd WiFi card? 19:32 < acresearch> ||cw: ok i installed anyconnect on 16.04 -- it only installs on this distro 19:32 < ||cw> I'm not sure, it might be. 19:32 < ||cw> acresearch: yeah I'd expect that 19:32 < acresearch> ||cw: but even after connecting i still cannot find the private key 19:33 < ||cw> acresearch: and again, 17.xx+ have some major changes. I would not expect system services for 16.04 to work in all cases 19:34 < acresearch> ||cw: what type of changes, what would cause a bash script to not work (or half work)? 19:34 < ||cw> it's not putting the files where they need to be 19:34 < acresearch> if a name directory change or location i can fix that etc... 19:34 < ||cw> and depending on what files, the file formats may be different 19:34 < ||cw> or even not supported at all 19:35 < acresearch> dam 19:35 < Apachez> avici seems to have died 19:38 < cu_cucambur> jim, write route in terminal it's usually the first one with destination value as default 19:39 < cu_cucambur> the first column on the left has the interface entry 19:41 < acresearch> ||cw: and they will not be supporting 18.04 either ha? 19:41 < acresearch> ||cw: so i am really stuck? i really have to leave linux to windoes? 19:41 < qman> if they won't support it and you can't figure it out on your own, then yes 19:42 < acresearch> qman: is it figurable? 19:42 < qman> I don't know, it's not my problem 19:42 < qman> never used it before 19:42 < VoidShift> So can you put a wireless card in AP mode without also putting it into monitor mode? I thought monitor mode was needed to switch it to AP 19:43 < acresearch> qman: make sure you never do 19:43 < Andrew_0010bit> qman, while this sounds pretty cutthroat, it's true. A lot of these tech issues we don't worry about because they're not ours. Running a mixed system, I can use either Linux or Windows to do what I need to get done. 19:43 < redrabbit> win10 is fine 19:43 < Andrew_0010bit> Like, I don't know IIS at all. Nor do I care to, I use Apache. 19:43 < redrabbit> whatever works 19:43 < redrabbit> debian is good too 19:44 < redrabbit> ..for servers 19:44 < acresearch> would i be able to install anyconnect on wine? 19:44 < Andrew_0010bit> I use Lighttpd on my Pi. 19:44 < ||cw> acresearch: almost certainly not. 19:44 < Andrew_0010bit> acresearch, you're getting into a whole 'nother world of butthurt by trying it on Wine. I promise you. 19:44 < Andrew_0010bit> I have NEVER had any luck with Wine doing what other people have gotten it to do. 19:44 < acresearch> Andrew_0010bit: actually i have a RasPI 19:44 < redrabbit> yeah id stick to windows 19:44 < acresearch> can i setup my own VPN into the uni? 19:44 < redrabbit> what are you trying to accomplish 19:44 < qman> wine works pretty well, but you're not going to have much luck configuring the network stack from within it 19:45 < Andrew_0010bit> And that's after hours and hours of reading and trying. 19:45 < nemith> Andrew_0010bit │ Like, I don't know IIS at all. Nor do I care to, I use Apache. <-- this seem like a direct converation from 1998 19:45 < nemith> not 2018 19:45 < Andrew_0010bit> nemith, do you use IIS religiously? 19:45 < redrabbit> apache is #1 19:45 < redrabbit> works fine 19:45 < nemith> no but Apache vs IIS was a big deal in 1998 19:45 < Andrew_0010bit> OH! 19:45 < Andrew_0010bit> nginx is great for large servers, but I have NEVER run one. 19:45 < qman> I've done lots of apache and IIS 19:45 < nemith> but in 2018 both are kinda dated and not as widely used 19:45 < acresearch> redrabbit: i am trying to use cisco VPN,,, and no it does not work with openconnect (my particular vpn) 19:45 < ||cw> I use apache and IIS. each has their advantage and weakness. these days i rarely use apache on windows though, iis is much better than it used to be 19:45 < redrabbit> i run both apache and nginx 19:46 < Andrew_0010bit> Debian is now on every server I own. 19:46 < redrabbit> same 19:46 < qman> I've used plenty of other webservers to a lesser extent including nginx and lighttpd 19:46 < Andrew_0010bit> Except for Plex. 19:46 < nemith> IIS is for .NET shops, not really good outside of that 19:46 < VoidShift> acresearch: use OpenVPN on ur pi? 19:46 < qman> don't try to run PHP on IIS 19:46 < qman> it's a bad time 19:46 < ||cw> I also use nginx and lighttpd, different projects with different priorities 19:46 < ||cw> qman: works great for me 19:46 < acresearch> VoidShift: openvpn does not work either because of group something i tried before and never worked with me 19:46 < Andrew_0010bit> If you can get your Pi inside their Supercomputer network with outside connectivity, then yes. 19:47 < acresearch> VoidShift: how can i setup a pi? or my computer at the office to vpn into it? 19:47 < ||cw> qman: fastcgi is stable and plenty fast 19:47 < Andrew_0010bit> But you have to break that physical layer to make it happen, and they probably have firewalls preventing it. You'd have to recon it. 19:47 < UncleDrax> One of my biggest pet peeves is vendors that say thier SW only works on windows.. but it's running on Apache TomKat and Java. 19:47 < acresearch> Andrew_0010bit: no i can't get into the supercomuter 19:47 < Andrew_0010bit> If you can't access it from where you are, you most likely are not going to be able to access it outside of physically inserting your PI to its subnet and bypassing its security protocols. 19:48 < acresearch> Andrew_0010bit: i don't get it, forget the pi what about my office computer? 19:48 < Andrew_0010bit> If you just need to set up a VPN into your dorm room and they don't block 1194, you're good. But it won't get you any closer to that supercomputer. 19:48 < Andrew_0010bit> IT can set up your office computer to access the supercomputer. 19:48 < qman> ||cw: I've done it a few times before, it does work, but it was never good 19:48 < acresearch> Andrew_0010bit: well i can access the supercomputer from any computer within the campus 19:49 < qman> lots of weird issues and bugs to work around 19:49 < ||cw> acresearch: think of this as training for the real world. reality often gives you an environment you don't care for that you have to work within anyway 19:49 < Andrew_0010bit> ||cw, this. 19:49 < Andrew_0010bit> If you can access it from your office computer, you can plug your Pi in to the same network in your office and be able to VPN into it. 19:50 < ||cw> qman: I have no complains with php 7.1 under iis on win8.1 and win2012 19:50 < Andrew_0010bit> acresearch, http://lmgtfy.com/?q=Set+up+OpenVPN+on+Raspberry+Pi 19:50 < acresearch> ||cw: last week i gave a talk to my research team and convinced them all to move to linux, i want to do my homework before i go back to them and tell them we cannot use linux and go back to windows instead. 19:51 < drathir> linux ++ 19:51 < cu_cucambur> lol 19:52 < qman> ||cw: the stuff I worked on was older, PHP 4 and 5 on windows 2000, 2003, and 2008 19:52 < ||cw> maybe you can take that talk and your team's support to whoever is in charge of the VPN and get them to support linuix 19:52 < drathir> m$ - 19:52 < acresearch> ||cw: i did, guess what they said... 19:52 < weyland|yutani> what kind of vpn isnt supported on linux? 19:52 < ||cw> "they" 19:52 < drathir> weyland|yutani: good quesyion ^^ exe ones? 19:52 < acresearch> weyland|yutani: anyconnect (my university partcularly - and no does not work with openconnect) 19:53 < acresearch> ||cw: the IT 19:53 < ||cw> weyland|yutani: it's supported by teh vendor, just the user doens't have the info they need from the admin to make it go 19:53 < VoidShift> acresearch: what Andrew said, if u have access from office computer, set up vpn on it and just dial into VPN. If the firewalls stop you, try using something like pwnat or ngrok 19:53 < acresearch> VoidShift: ok i will have to read on them 19:53 < qman> yeah, when I was in college the wifi didn't support linux, it was a cisco PEAP setup but they botched it somehow and wpa_supplicant couldn't connect 19:54 < Andrew_0010bit> qman, if it were me, I'd say it was by design. 19:54 < Andrew_0010bit> I don't want kids on the network on Linux. Makes it a LOT easier for them to bypass protocols I have in place. 19:55 < weyland|yutani> Andrew_0010bit, unless someone finds out what kind of vpn config it is 19:55 < qman> Andrew_0010bit: it was pretty obvious that they were incompetent, rather than deliberately blocking things 19:56 < qman> they had this system that was supposed to block certain activity, but it was very badly implemented 19:56 < weyland|yutani> acresearch, i guess its some kind of weird ipsec config 19:56 < weyland|yutani> <--- hates ipsec 19:56 < qman> if you hit three or four ports it would blacklist your MAC address 19:56 < qman> indefinitely 19:56 < acresearch> weyland|yutani: i am not sure, i am trying to find out, but what i did find is the certificate, but it won't work without the private key which i am still looking for 19:57 < ||cw> qman: softmac to the rescue? 19:57 < qman> so one of my classmates created a script on a VM that changed MACs, got a new IP, and hit those ports, rinse repeat 19:57 < ||cw> lol 19:57 < qman> subnet exhausted 19:57 < drathir> weyland|yutani: ipsec i heard is normal if working anything before get it work its a nightmare ;p 19:57 < qman> wifi down 19:57 < qman> the next week that system was gone 19:57 < weyland|yutani> drathir, can i quote you for future reference plus every update breaks something 19:58 < VoidShift> Speaking of pwnat and ngrok, I know they're both used to bypass firewalls and port blocking, but other than that, what are their differences, and advantages/disadvantages over the other? 19:59 < drathir> weyland|yutani: yea most lts possible required ^^ 19:59 < VoidShift> I just figured ngrok was a more commercial version (so obviously 3rd party is a disadvantage) 20:00 * drathir likes cjdns for avoiding nats... 20:00 < Andrew_0010bit> qman, sounds like you have some smart classmates. 20:00 < Andrew_0010bit> have/had? 20:01 < qman> yeah, we had a pretty good group 20:01 < qman> this was more than ten years ago now 20:02 < drathir> deauth more annoying i guess... 20:04 < VoidShift> Haven't heard of cjdns 20:05 < Andrew_0010bit> Man, I set up a WIPS daemon with our APs and didn't say a word to anyone about it. 20:05 < drathir> VoidShift: probably bc its not per se a vpn client its little more... 20:05 < Andrew_0010bit> I'll just hear people mutter, "Why isn't my hotspot working?" 20:06 < VoidShift> drathir: go onnn... 20:07 < VoidShift> Don't spare the dirty little details 20:07 * Andrew_0010bit nipple tweaking intensifies 20:09 * VoidShift rectal loosening happens 20:10 < VoidShift> I'll just go look it up since he went quiet 20:10 < acresearch> weyland|yutani: i found an ssl private key in my computer, but it did not work 20:13 < Andrew_0010bit> weyland|yutani, isn't that from Deus Ex? 20:13 < VoidShift> Oh. My. Cjdns looks spiffy. Even tuts for pi. I like. 20:18 < Andrew_0010bit> Crap. Now I have to go look it up. 20:18 < Harlock> Andrew_0010bit you are sabotaging peoples cell phone hotspots? 20:18 < Harlock> Andrew_0010bit it's from the "alien" universe 20:18 < Andrew_0010bit> Harlock, to be fair, they're not even supposed to have them on. 20:19 < Andrew_0010bit> Dang it. I knew I'd heard it from somewhere. 20:20 < Harlock> it's written company policy? 20:23 < acresearch> ||cw: weyland|yutani Andrew_0010bit I FUCKING FOUND IT !!!! i found the private key !!!!! 20:24 < Harlock> i would also verify it doesn't affect anyone outside of company property 20:25 < Andrew_0010bit> Harlock, it does not. Everything is keyed pretty low. 20:25 < Andrew_0010bit> WHAAAT! Look at acresearch doing it. Did you verify it worked? 20:26 < acresearch> Andrew_0010bit: well it is asking me for a passphrase 20:26 < acresearch> Andrew_0010bit: a PEM passphrase 20:26 < Andrew_0010bit> D'oh! 20:40 < VoidShift> acresearch: what webserver? 21:28 < acresearch> VoidShift: sorry for the late replay, was having dinner, cisco anyconnect vpn 21:41 < brutuz> anyone familiar with srx? 21:56 < OnePunchPanda> Hey all, would anyone be able to answer a question I have about sending HTTP Responses to a Browser? 22:12 < drac_boy> hi 22:18 < jim> cu_cucambur, thanks... and... I want to do it with the iproute2 stuff, not the route that came with net-tools... as these might go away soon 22:19 < drac_boy> any of you know if netapp network cards are specifically made just for that app or can they be treated as normal cards too? 22:19 < jim> the original question being: how can I find which interface has the default route, using ip and friends (not ifconfig & friends)? 22:21 < drac_boy> this for a low price is why I have to ask https://www.amazon.ca/4-Ports-GigaBit-Ethernet-Network-X1007A-R5/dp/B01M2UMPMJ/ 22:27 < ||cw> drac_boy: is that a PCI-X slot? 22:28 < ||cw> how old is your server? 22:29 < ||cw> yeah, that's either PCI-X or custom, that's why it's cheap 22:30 < ||cw> BTW, that card is $15 USD on newegg 22:36 < qman> quad gigabit PCIe intel NICs are cheap on amazon too 22:36 < drac_boy> qman and that still doesn't answer the question ;) 22:43 < ||cw> drac_boy: you have a PCI-X slot? 22:44 < ||cw> there's no mention of then not working with linux, and that's usually a good sign, but no guarantee. 22:44 < drac_boy> I wouldn't know seeing its probably apparent noone knows about netapp sorry? :-> 22:44 < ||cw> it's most likely a broadcom 22:44 < ||cw> drac_boy: you're asking about buying that card, if you don't have a PCI-X slot, you can't use it anyway 22:45 < ||cw> last time I dealt with PCI-X was P4 xeon and socket 940 opteron era. pretty damned old now. 22:46 < qman> yeah, unless you have a server board that's over 12 years old, you probably don't have a PCI-X slot 22:46 <@pppingme> there were like six servers built with pci-x slots.. last I heard, all six were out of commission.. 22:46 < ||cw> pppingme: I have one still going strong, sadly 22:47 <@pppingme> ok, five are out of commission.. 22:47 < qman> so do I 22:47 < ||cw> supermicro with dual opteron 265.. nearly bullet proof 22:47 < qman> I have new gear to replace it but haven't gotten around to doing the work 22:47 * ||cw hopes it dies now 22:47 < qman> same thing, dual opterons, DDR2 22:48 < drac_boy> did supermicro contract out to netapp? 22:48 < ||cw> no, but they did and still do contract to other vendors. 22:48 < ||cw> Scale uses them 22:54 < drac_boy> ok I guess unless anyone else says otherwise eventually I'll assume its a non-network card from what I can even find describing netapp 22:54 < drac_boy> thanks anyhow 22:55 <@pppingme> Its a network card for sure, but the MB's that it fits in are pretty rare 22:55 < Guest90550> Sup guys! 22:56 <@pppingme> It wouldn't surprise me if at one time that nic sold for close to $1000 or more 22:56 < drac_boy> so its not specific to netapp apps then? 22:56 <@pppingme> its pci-x... do you have a pci-x motherboard? 22:57 < Guest90550> Got any opinions on the best vpn service for stealth? 22:57 < ||cw> drac_boy: PCI-X is nto specific to netapps. it's just OLD 22:59 < drac_boy> pppingme depends on if its a normal card or specific to netapp .. thats all I can say 22:59 <@pppingme> it should work on any motherboard with pci-x slots, regardless of who made the motherboard 23:00 < qman> drivers may be another story, depends on whether they used a common chipset or if it's something special 23:01 < ||cw> drac_boy: google can tell you it's broadcom based. that deons't mean netapp didn't bastardize it though 23:03 < drac_boy> llcw heh well the only reason I asked is because when I tried look up the # online and filter out the stores that described nothing more than just the card name alone it seem like the only three sites I found quoted something about 'for netapp processing' .. almost seem to sound as if it wasn't a network card but given the very small sampling I was 23:03 < drac_boy> doubting that 23:04 <@pppingme> when I google "X1007A-R5 linux" I don't see anyone complaining it doesn't work.. 23:04 <@pppingme> Its very definitely a 4 port ethernet nic, OS support might be a different question 23:06 <@pppingme> its cheap, buy it, slap it in, see what happens... if it doesn't work, just resell it on ebay 23:06 <@pppingme> you'll probably make money on the deal 23:07 < drac_boy> pppingme but anyhow as for os support .. yeah I would had rather prefer just sticking to intel or realtek as much as possible (save for any plain/fast ethernet card that can present itself as generic NEC one) but to our own opinion and experience I guess :) 23:08 < ||cw> drac_boy: is to need a PCI-X 4 port, this one is safer and cheaper. https://www.ebay.ca/itm/Silicom-PXG4BPi-Quad-Port-Copper-Gb-NIC-CARD-Adapter-PCI-X/330843263225?hash=item4d07cb90f9:g:~MIAAMXQhpdRwfhw 23:08 < ||cw> but I really question that you need PCI-X 23:08 < drac_boy> either way as for a quad-eth card on pci-x .. hmm well I've seen the occassional core-dated xeon boards that still have the odd pcix&pcie slots mix onboard 23:09 < drac_boy> but for myself I would had probably only wanted dual or quad fast ethernet over pci instead .. if I was to look 23:09 < ||cw> yes but do you have one? 23:09 < ||cw> you can't do quad on PCI. PCI is only 1Gbos anyway. 23:10 < ||cw> 133 MB/s to be specific 23:12 < drac_boy> no? 4x100mb plus add another 10% for overhead .. thats still below half of pci32/33 (assuming storage is a separate bus to the board's chipset tho) 23:13 < ||cw> oh, 100mbit? yeah you can do that. but not 4x gigE 23:14 < ||cw> this still the camera thing? 23:14 < drac_boy> yeah true .. mind you I still dunno who really bought gige pci cards when these were around for a while .. I mean thats practically the entire bus (assuming you didn't have audio/etc already sapping it) 23:15 < drac_boy> but anyhow hmm..one sec as I wonder how many 10gb you can get on pcie... 23:15 < ||cw> because you can get better than 100Mbit. 23:16 < ||cw> 3.x x16 is 15.75 GB/s, so it deoends how many lanes your controller has 23:16 < drac_boy> heh seem you would need a pcie 3.0 x8 slot to get unbottlenecked 4x10gb if you ever had a need for such thing :) 23:16 < ||cw> and that's Bytes 23:17 < ||cw> 126.24 Gbs. so like 12 per x16 slot 23:17 < drac_boy> yeah I assumed in theory four 10gb would be 5GB/s total .. x8 comes to 7.8 23:17 < ||cw> but transaction processing is probably going to the bottleneck. 23:19 < drac_boy> anyway was a bit of funny talk but fi you don't mind I kinda need to go off for a while .. have to fry some supper soon too :-s 23:20 < drac_boy> have fun with others in here ok? 23:21 < Harlock> i still have my adaptec duralan quad port ethernet i won in their online contest 23:25 < Epic|> Drac is such a strange boy 23:26 < ||cw> seems to know enough to be dangerous --- Log closed Sat Apr 21 00:00:52 2018