--- Log opened Sun Apr 29 00:00:02 2018
02:06 < giaco> Hello
02:08 < giaco> I have machine A (client) and machine B (server). B is visible to A only though a client-server tunnel application where A is still the client and B is still the server. So I first run the tunnel app and connect A to B, then I run openvpn server on B listening to the tunnel destination port and openvpn client on A connecting to the tunnel entry. Everything runs smoothly if A does not redirect all the traffic to B. I want al
02:08 < giaco> l the traffic to be redirected, but if I push "redirect-gateway def1 bypass-dhcp" in openvpn the tunnel collapses and so the VPN. Any solution? Thank you
02:09 < giaco> please mind, openvpn is not required, I just need to redirect all traffic from A to B passing trough the tunnel application
02:10 < drac_boy> hi
02:11 < drac_boy> any of you here ever dealt with draytek? just a bit curious about what their support would be like
02:26 < dogbert2> the adafruit USB serial to TTL (GND, TX, RX) works great for the Libre Computer :)
02:44 < drac_boy> rather quiet here today
02:46 < dogbert2> yeah...whazzup?
02:46 < drac_boy> not much beside trying figure out the cards for a possible router box .. you?
02:50 < drac_boy> dogbert2 and yeah I dunno but its probably either freebsd or pfsense depending on how the latter can take the hardware combination in question
02:54 < dogbert2> messing around with my libre computer...attached the USB serial to TTL UART cable to a USB port on the back of the desktop...has 4 pins, pwr, gnd, tx, rx
02:55 < drac_boy> and why ttl btw? :)
02:58 < dogbert2> take a look at the SBC: https://libre.computer/products/boards/aml-s905x-cc/ (onboard 3 pin UART) for console access when you f**k up something
02:59 < dogbert2> the adafruit cable has 4 pins...power (red), tx (white), rx (green) and gnd (black)
02:59 < dogbert2> so I leave the red wire/pin disconnected since the board has power via a wall wart
03:13 < drac_boy> anyway going off for now
03:16 < dogbert2> l8r
03:55 < Antares> PayPal hackdynamics@mail.ru - дайте пожалуйста кто сколько может, на совт нехватает :(
06:03 < mellotto> :)
06:03 < mellotto> hi there
06:03 < skyroveRR> Hello :)
06:11 < Project86__> Is it possible to have a point 2 point VPN tunnel between 2 machines (no internet on client machine), but ALSO have a regular VPN server to the internet on the main machine (machine 1) simultaneously?
06:12 < Project86__> Offline client connect to server via p2p WiFi, which in turn accesses internet and relays info back to machine 1
06:13 < Project86__> I'm sure I need 2 WiFi modules. But can it be done?
06:14 < fryguy> Project86__: that's called a router
06:15 < Project86__> A VPN'd router?
06:16 < Project86__> I know VPN server machine can be routed through, but didn't know if it could do 2 seperate VPN tunnel types at once
06:16 < fryguy> you can
06:17 < fryguy> a VPN is just another network connection
06:17 < fryguy> it's possible to have lots and lots of network connections
06:17 < Project86__> Any good tuts you could point me to for OpenVPN to accomish this type of config?
06:18 < fryguy> try reading the basic openvpn documentation first of all
06:18 < fryguy> and then maybe ask a more specific question
06:18 < fryguy> also, consider using ipsec instead of openvpn. it might be more appropriate.
06:18 < Project86__> I skimmed through it..
06:19 < fryguy> might be time for a more in depth read
06:23 < Project86__> A more specific scenario.  VPN client (machine 2) will be offline, and need to connect back to server (machine 1) to relay internet activity back to client. Allowing me to connect to offline client (now getting internet from server) with my phone, or other device to  also tunnel traffic between connected devices (phones) through the client. I'll read though.
06:28 < Project86__> From what you say about that basically being a router, I'm guessing both machines will need to be set up as routers. 1 offline just as a p2p AP, and another linked to that router p2p that has internet access
06:28 < Project86__> Thanks fry
06:38 < giaco> how can I select the iperf3 listening port in UDP mode? The --port option is only accepted in TCP mode
06:52 < meingtsla> giaco: iperf3 -s -p <port number>.  Note that iperf3 by design establishes a tcp control connection prior to running a udp test, so you won't see iperf3 listening on that udp port in netstat or ss outputs.
06:53 < giaco> meingtsla: didn't know that, thank you. I need to find another tool as I have to test a icmp tunnel accepting udp connections at both ends
07:47 < tmerr> my head...
07:56 < jcarpenter2> tmerr: networking will do that
07:56 < jcarpenter2> all those subnets and gateways
07:56 < jcarpenter2> and link layers and application layers
07:59 < tmerr> i heard about WebRTC and have ended up in a rabbit hole trying to understand why any of this would work in a million years.
08:30 < Kaidok5797> Hello there! This might not be a networking issue, but I think it is. I have setup a local wordpress environment on a spare computer. I have it assiged a static IP on my local network. I can reach the local wordpress just fine on all devices in my local network by typing in the IP address I assigned it.  Being that its wordpress.. I went to install a theme using the Wordpress theme library.
08:30 < Kaidok5797> I get the error " An unexpected error occurred. Something may be wrong with WordPress.org or this server’s configuration."
08:31 < Kaidok5797> I get the same issue when trying to access the wordpress plugin library
08:36 < mgolisch> check that computers network settings
08:36 < Kaidok5797> What would I be looking for?
08:36 < Kaidok5797> I've looked in there.. everything seems to be in order
08:36 < mgolisch> can it access the internet?
08:37 < Kaidok5797> yes
08:39 < Kaidok5797> whoa
08:39 < Kaidok5797> ok
08:39 < Kaidok5797> so without me doing anything at all
08:39 < Kaidok5797> just closing browser window on test device
08:40 < Kaidok5797> and reopining it now works
08:40 < Kaidok5797> I tried that already once hmm
08:40 < Kaidok5797> bizzare
08:40 < Kaidok5797> but its working now
08:40 < Kaidok5797> so thanks anway mgolisch
09:08 < tmerr> Trying to understand UDP hole punching https://en.wikipedia.org/wiki/UDP_hole_punching#Flow
09:09 < tmerr> So it sounds like sending an outgoing UDP packet is sufficient for the router's firewall to allow responses to come back for the now known (IP, port), (IP, port) UDP conversation?
09:10 < tmerr> i am mainly wondering about common home routers (or whatever you call them) that everyone has
09:14 < phocking> tmerr: even though udp is stateless, firewalls/routers are not
09:14 < phocking> they typically will add a mapping on the same port to go back to whatever node originated the request
09:16 < tmerr> thanks phlocking, wow. any idea how long i should expect the TTL of an entry in the mapping to be? on the order of seconds, minutes, hours?
09:16 < tmerr> assuming it's purely time based
09:17 < phocking> are you writing software or something? just make sure to use the same port that it comes in on for a response to take advantage of the firewall/router state tables
09:20 < phocking> https://en.wikipedia.org/wiki/UDP_hole_punching
09:20 < tmerr> not at the moment. though WebRTC has caught my interest, and relies on UDP hole punching, so i'm trying to make sense of its limitations
09:21  * GenteelBen adds "UDP hole punching" to his list of interview jargon
09:21 < GenteelBen> Oh lawd, WebRTC.
09:21 < GenteelBen> That disaster.
09:23 < tmerr> Lol, is something bad about it?
09:23 < tmerr> Other than defying every intuition I have about networking
09:24 < phocking> i figure if it needs to be stateful there is a protocol for that, and if it needs to be stateless there is a protocol for that lulz
09:27 < tmerr> I can't tell what's stopping someone from building a peer-to-peer CDN for static files on top of webRTC
09:45 < tmerr> Nevermind, it's been done
10:00 < takeshikovacs> hey guys. hopefully somebody can point me in the right direction. I have several windows 10 laptops which have are having problems with wifi. access point acts as bridge (via LAN) to the ipfire router. DHCP is done by the router. laptops are getting IPs fine, I can ping the AP and the router, but I can not ping anything outside the subnet of the router (DMZ and internet). sometimes it does work after 5 minutes, sometimes
10:03 < takeshikovacs> one linux laptop and all android devices on the same network are working just fine. I really have no idea what setting could cause this behaviour on the windows machine and I also don't know what else to look for. flushing dns, ipconfig release and renew are also not helping.
10:03 < takeshikovacs> what can I do to analyze this problem? any ideas/suggestions?
10:03 < CWNE88> if you can ping the gateway, can you ping the gateway at the same time as it's not able to ping further outside the subnet?
10:04 < CWNE88> and what's the error message... no host, or no route to host?
10:04 < detha> what does tracert 8,8,8,8 do ?
10:04 < takeshikovacs> yup, ping to the AP and gateway are working just fine. ping to 8.8.8.8 are not working
10:04 < CWNE88> takeshikovacs: what's the error message?
10:04 < anddam> hello again
10:05 < CWNE88> does it just time out, or does it say no route to host?
10:05 < takeshikovacs> error message is a timeout while executing (paraphrasing here as it is in german)
10:05 < anddam> so about 12 hours I was looking into accessing an old AP, with either dd-wrt or openwrt from several years ago flashed on it, possibly with a manually edited configuration that is non-working.
10:06 < CWNE88> then problem does sound like it's after your gateway
10:06 < CWNE88> can you packet capture on the uplink side of the gateway to see if it's reaching there?
10:06 < anddam> I connect the AP to my computer via ethernet, after starting tcpdump -v on the interface, and I get https://gist.github.com/anddam/cf276cebc64827a917797ca6b820431d
10:07 < takeshikovacs> tracert also just gives a timeout, for all hops.
10:07 < takeshikovacs> any recommendation for the packet capture? linux cli
10:07 < anddam> my computer has 192.168.1.16 address and I see the AP is doing traffic as .1.1, but then when trying to ping or access its web interface I get a "Destination host unreachable"
10:08 < CWNE88> tcpdump host x.x.x.x    <-- client IP
10:08 < CWNE88> see what arrives
10:08 < takeshikovacs> great, thanks. will do
10:08 < anddam> question: looking at the log and given that the computer iface has been manually set to .1.16 , am I correct saying the AP is configured with .1.1?
10:14 < takeshikovacs> https://paste.debian.net/1022522/  <--while pinging the gateway and afterwards 8.8.8.8
10:15 < CWNE88> I don't see any ICMP there
10:15 < CWNE88> ping from the router to 8.8.8.8
10:16 < CWNE88> check its route table
10:17 < takeshikovacs> well ping from router to 8.8.8.8 works, otherwise I wouldn't be able to write with you :P
10:18 < CWNE88> well how it it getting lost?
10:18 < CWNE88> can you tcpdump on the inside of the router and see if it even made it that far?
10:18 < CWNE88> actually....
10:19 < CWNE88> it can ping gateway because it's on same subnet, but these windows hosts might have a different default route that ISN'T that router, hence when destined outside your network, they're not trying to go through that gateway, hence you see no sign of the ICMP packets
10:19 < CWNE88> check route table on the windows boxes
10:19 < takeshikovacs> coming, one second. need to find a usb stick :P
10:27 < takeshikovacs> https://paste.debian.net/1022523/ <-- it's in german unfortunately.
10:27 < CWNE88> what's with the 192.168.0.133 ?
10:28 < CWNE88> is that the local interface address?
10:28 < takeshikovacs> local ip of the laptop with windows where it is not working.
10:28 < CWNE88> it would be... so is 192.168.0.1 the actual gateway IP?
10:28 < CWNE88> what does tcpdump.... or wireshark on that client say for ICMP when you try to ping 8.8.8.8?
10:29 < takeshikovacs> yup, 0.1 is the gateway.
10:30 < CWNE88> well basically you'll have to check each step and see where it goes missing, starting with a capture at that client
10:32 < takeshikovacs> wireshark on that machine is going to be a problem since it is a company laptop without admin rights. I'll try the private one now and get a dump from wireshark
10:33 < CWNE88> and the AP is just an AP right? no layer 3 stuff?
10:37 < takeshikovacs> yup, It's just a fritzbox AP without anything fancy in it.
10:40 < CWNE88> well, follow the captures from end to end and see where it goes missing
10:41 < takeshikovacs> https://paste.debian.net/1022527/ <---- this is route print on the same laptop. first entry when it is NOT working, second when it is working. 201 is the client IP. the only difference I can see is the ipv6 stuff, which, to be honest, I know nothing about.
10:42 < CWNE88> you haven't got a duplicate IP or something stupid have you?
10:42 < CWNE88> check ARP table on router
10:42 < CWNE88> although you pinged it anyway, so that won't be it... forget that
10:42 < takeshikovacs> god I hope not! but good point, let me check.
10:42 < CWNE88> just capture each step and see where it's missing
10:51 < detha> takeshikovacs: looking at that, isn't 'working' going 4-over-6 through that teredo tunnel? See what one of the  'what is my IP' sites gives you
10:58 < takeshikovacs> detha: nope, standard ip from the gateway. but I found something weird while looking at wireshark with a filter on ICMP. i saw a LOT of requests from the two pioneer receiver that are on the same subnet with ICMP requests to the local machine. I disconnected them and now it is working immediately on both machines. although that doesn't mean much. could just be coincidence. problem is, I also haven't figured out a way to 
10:59 < takeshikovacs> could be that it is working now and stops working again tomorrow. btw. once the laptop(s) are online, the connection is rock solid. it only occurs  after shutting them down/hibernating. sometimes. :P
11:08 < takeshikovacs> ok, I'm dropping the ICMP requests for the pioneer receivers now. maybe that'll help, although I doubt it.
11:09 < detha> takeshikovacs: no idea then, one of those 'check everything step by step, verify ARP tables to make sure what you think you are seeing is indeed what you are seeing'
11:10 < takeshikovacs> yeah, that will be my next, but like I said. first it has to stop working again.
11:11 < takeshikovacs> detha: thank you very much for your help and time though!
11:11 < takeshikovacs> CWNE88: same goes for you. thank you!
11:58 < slavka`> hey all
12:03 < drac_boy> hi
12:08 < currybullen> a swedish ISP started logging customer traffic a couple of years back since the law required it. to protect their customers anonymity they started offering a free VPN to all customers. however, the VPN they offer does not use encryption. i fail to see how the use of this VPN would circumvent the effects of the ISP traffic logging. am i missing something?
12:09 < currybullen> oh wait, im stoopid, i just realized how
12:10 < currybullen> if the ISP is only mandated to log IP adresses it will only log the IP of the VPN
12:30 < slavka`> hey guys, when doing scp or rsync on a centos7 server... it seems to start pretty fast, but after a few seconds status becomes `stalled`, i have tried limiting speed with `-l` and using different cyphers but same behaviour... anyone can offer some insight would be appreciated
12:35 < detha> slavka`: MTU?
12:36 < slavka`> far as i know its 1500 , i dont know much about that setting
12:47 < detha> slavka`: what is between you and the server?
12:47 < slavka`> far as i know the server is a VM
12:48 < slavka`> im ssh ing in... doing scp between one vm and another on the same physical machine
12:50 < detha> how much does it copy before it stalls?
12:50 < slavka`> diff every time... also depending on what options i use...
12:50 < slavka`> without any options ~160mb
12:51 < detha> 160MB ? How large is that file?
13:03 < slavka`> bout 1200mb
15:21 < Celmor> I'm trying to troubleshoot a problem related to my network setup with iperf but it keeps aborting and client prints 'iperf3: error - received an unknown control message'
15:23 < Celmor> https://ptpb.pw/Oz-G
15:27 < Celmor> so something seems wrong with the binary for windows seems the iperf tool for linux works fine
15:33 < redrabbit> works fine here
15:39 < Celmor> was a version mismatch
15:43 < kopper> Ishaq` [~Ishaq@2001:1af8:4700:a110:1::*b00b*] has quit [Quit: Unexpected Leave!]
15:43 < kopper> Teehee
16:57 < Sefid_par> I have Q about POS (Payment (Point Of Sale) equipment. I have shared my internet from wifi to eth0. But when I connect the POS to eth0, It says Cannot connect to the internet. I have checked the eth0 by wireshark but saw no packets passing. The provider says that, It could connect to the network preivously. I need help. I need connect POS to the internet.
17:00 < petemc> Sefid_par: does the POS have an ip address?
17:01 < dogbert2> no IP address, no access...wlan0 on my libre computer was being a PITA until about 5 mins ago...now it starts automactically on system restarts
17:01 < Sefid_par> petemc: In fact, I think no. I have tested it on a switch. The switch LED was ON but I saw no device using DHCP list or arp command
17:27 < variable> bah! my dhcp server refuses to give me a consistent IP even though its configured to do so by mac address
18:08 < comet23> what are the easiest to use tools for network monitoring and credential harvesting on your own network?
18:08 < comet23> (basically i have kids in my house and i want to monitor their online activities and get their passwords and stuff to make sure they're not doing anything bad)
18:08 < variable> comet23: there is a really useful tool for that
18:08 < variable> but its not commonly recomended on technical forums
18:08 < variable> even though its better than anything else
18:09 < drathir> comet23: static ip assigment and dns blocking...
18:09 < variable> comet23: its called "open and honest communication"
18:09 < variable> talk with your kids
18:09 < comet23> they're not my kids
18:09 < variable> don't surveil them
18:09 < drathir> variable: thats a  *TRAP* ^^
18:09 < comet23> the nsa is doing it so there's no reason why we shouldn't apply surveillance on our own networks
18:10 < comet23> i don't want to do dns blocking, i want to make sure they can get on any site and then i want to capture cookie and login details
18:10 < drathir> comet23: You wanna raise monsters breaking trust?
18:11 < comet23> they're not my kids i really don't care if they get struck by lightning
18:11 < drathir> comet23: thats thats naughty even in my standards... ;/
18:12 < drathir> comet23: why do You care to access their accounts? identify thiefts is nope by me...
18:13 < comet23> it's not identity theft when it's in your own network
18:13 < variable> ...
18:13 < comet23> i captured their cookies and i am accessing their emails as we're chatting here
18:13 < drathir> comet23: secure the network block access...
18:13 < comet23> no
18:14 < drathir> comet23: thats naughty spying on own users w/o reason given even with reason first always good to ask for permssion still...
18:16 < redrabbit> wtf is wrong with you
18:16 < redrabbit> creep
18:16 < variable> redrabbit: I like your nick
18:16 < redrabbit> thanks
18:18 < drathir> comet23: no offence but that way of tink smell to me stalking/bullying scenario...  i hope im wrong...
18:20 < comet23> no stalking just making sure there's nothing bad going on in my network
18:21 < n0c> anyone here deployed zerotier in your enterprise at small-medium scale?
18:21 < drathir> comet23: anyway i give You mine ideas of problem solutions... no offence but i will not wish You gl with future search...
18:21 < n0c> (like the first couple tiers of their entitlement)
18:22 < redrabbit> how is that even legal
18:22 < drathir> comet23: easy TOS and accounting will solve Your issues... and in TOS clearly state that connections are logged if You does that...
18:23 < redrabbit> id sue your ass down to the ground
18:23 < comet23> i'm making a tos page right now and removing the password and i'm setting up a proxy server to monitor all traffic
18:23 < drathir> redrabbit: in some countries even dns manipulation is illegal... aka domain blacklisting by isp...
18:25 < Project86__> Just saw a commercial for Experian, the offer free dark web scan now. I was shooketh, when did this begin? Do all 3 monitor dark web now? And how?
18:25 < drathir> comet23: i hope You will required parent advosory confirm at kids sign or adult only access with clearly described TOS...
18:26 < tds> also, if you want to capture pretty much anything useful these days you'll need to MITM SSL and install your own root CA on every device
18:26 < redrabbit> pretty sure its illegal in the eu
18:26 < redrabbit> no matter what the tos is
18:27 < comet23> well they're adult kids
18:27 < comet23> like in their 20s lol
18:28 < grawity> lol that makes it even worse
18:28 < redrabbit> creepy as fuck dude
18:28 < redrabbit> gtfo
18:29 < tds> if your aim is to get these people to learn about networking and tunnel their way out of your network, that sounds like a good way of going about it ;)
18:31 < drathir> redrabbit: as i know traffic record probably yes but connection info ip and dates are leggal mostly when tos clearly described that...
18:32 < drathir> thats its god example of network security matter...
18:34 < drathir> using public hotspots or rgue random routers could end soo badly...
18:35 < drathir> rogue*
18:52 <+catphish> don't feed the trolls
18:55 < drathir> catphish: k, but that sounds for me more as true story sadly... ;/
19:07 < Ignacy> Hey guys, what are the FTP ports? is that 21/TCP and 20/UDP? My books are not specific enough. I'm setting up an FTP server on amazon and need to open the required ports.
19:07 < Ignacy> I'm not sure whether port 20 used TCP or UDP
19:07 <+xand> use HTTP or SFTP instead of FTP
19:08 < `whoami`> Ignacy: if I might suggest you to use sftp
19:08 < `whoami`> oh
19:08 < Ignacy> I want it available from a web browser. Can I host small (~30MiB) files trough http?
19:08 < crR5> why do we use arp -a command
19:09 <+xand> Ignacy: yes.
19:09 < redrabbit> Ignacy: sure
19:09 < crR5> what arp does, why it convert ip to mac addresses
19:09 < `whoami`> Ignacy: sure, even multiple Gb
19:09 <+xand> crR5: why? because that's why it was created
19:09 < Ignacy> ah ok, thanks for clearing it up. Looks like I made a mistake planning what I wanted to do.
19:10 <+xand> all you should know about FTP ;) https://mywiki.wooledge.org/FtpMustDie
19:10 < Ignacy> ah greycat, I've met this guy.
19:10 < crR5> +xand: what is the reason if it converts ip to mac
19:12 < shtrb|laptop> Ignacy, ftp have three ports (20,21 and data depending on passive or active mode)
19:13 < shtrb|laptop> but nuke it and use a sane protocol such as sftp
19:14 < Ignacy> @shtrb|laptop `whoami` ok, now I've realised trying to get ftp was a mistake, and what I really need is http server.
19:14 < drathir> Ignacy: ftp is weak idea bc need a range of ports hard to deal wit fw...
19:15 < drathir> wit/with*
19:15 <+catphish> Ignacy: like others, i'd strongly recommend using SFTP instead, if you need to use FTP, it requires opening a wide range of ports
19:15 < shtrb|laptop> Ignacy, the only reason to use ftp today is that you can't handle anything else and you are asking to be hacked
19:15 <+catphish> Ignacy: oh, just saw about web browser, you definitely want http
19:16 <+catphish> Ignacy: you can host *any* sized files with http :)
19:16 < drathir> or just YOu mirror and dont care ;p
19:16 < Ignacy> I thought about sftp, but getting non-linux people to install an sftp client, configure it, get everyone an username sounds too complicated.
19:16 <+catphish> Ignacy: if you're just sharing files, use http
19:16 < `whoami`> filezilla handles sftp pretty well
19:17 < Ignacy> but then I'd have to explain public/private key cryptography to couple people that I'm trying to convince that programming is EASY
19:17 < drathir> Ignacy: sftp its wide protocol... easy clients even with keys...
19:18 <+catphish> you can use sftp with passwords too
19:18 <+catphish> however, http is still the correct choice here
19:18 < Ignacy> but that wouldn't work if PasswordAuthentification is no
19:18 < drathir> Ignacy: connecting honestly isnt too diff than ftp ones... but more secure and easier bypass by fw... and as catphish its similar user pass as ftp does too possible...
19:19 <+catphish> Ignacy: obviously not
19:19 <+catphish> but if you were security conscious enough to disable passwords on ssh, you wouldn't dream of using ftp :)
19:20 < drathir> Ignacy: keys are most secure in theory as You familiar with m$ probaly could craft client with configuration build in just un7zip...
19:21 <+catphish> so, you want to share files with people, and you want them to authenticate? if so, you want a web server (apache is well documented) and .htpasswd (a way to set per-user passwords in apache, and other web servers)
19:21 < Ignacy> ok point taken. I actually thought about setting what drathir just said, so I could get my whole family's ebooks in one place to make it easier to share.
19:21 < drathir> Ignacy: but easier just easy guide with pictures, bitvisessh/filezilla are not so had ones...
19:22 <+catphish> there are other options of course, like dropbox
19:22 < Ignacy> catphish, I want to host a book first, so people could easily download it. sftp server is a later plan, for something completely different
19:22 <+catphish> great for synchronizing files between several users
19:23 < drathir> Ignacy: no offence i not wanna that sounds badly, but even kid should able to configue them with step by step guide...
19:23 <+catphish> http is the best option for hosting files
19:23 < drathir> Ignacy: and does once and use...
19:24 < shtrb|laptop> Ignacy, you can setup webdav (already installed in windows)
19:24 < drathir> Ignacy: but yea ony for one file just http+cdn im even reccomend...
19:24 < shtrb|laptop> and they can always do net use \\SSL@...
19:24 < nolove> anyone using cisco virl here?
19:25 < drathir> Ignacy: cdn will speedup a file delivery or use such providers like megaupload/dropbox to migrate traffic...
19:25 < shtrb|laptop> choose your cdn wiesly (make sure it's TOS is ok by you)
19:26 <+catphish> cdn, that escalated fast
19:26 < shtrb|laptop> it's dirty cheap and they do everything for you
19:26 < drathir> catphish: for book i think is good idea, to offload server...
19:27 < drathir> catphish: kinda tatic content stilll...
19:27 < drathir> tatic/static*
19:28 < drathir> and for book ~50M probably even free plans could fit but that guess...
19:29 <+catphish> drathir: for something where latency doesn't matter, a CDN is huge overkill unless you're seeing pretty large traffic
19:29 < shtrb|laptop> Is he allowed to put that on a CDN ? now with the copyright inforcement could be an annoyance
19:32 < lupine> best to avoid CDNs
19:33 < drathir> catphish: yep that true, depen on book at start of project 'if good book' the hit could be big and sad to see http server timeouts... later traffic probably goes down...
19:35 <+catphish> drathir: plausible
19:35 <+catphish> lets be honest, if the book is a huge hit, amazon are distributing it :)
19:37 < redrabbit> dl.free.fr to host files
19:40 < drathir> catphish: yep if paid one or amazon welcoming free content too ?
19:40 <+catphish> drathir: i think they do free books too
19:42 < drathir> catphish: oh in that case probably that even best idea and website just a backup...
19:43 < drathir> for webste visitors eg...
19:46 < Ignacy> I just wanted to send some book to 6 friends. Hosting service I've used deleted the files before everyone could get them. But thanks for the info about CDN, I'll consider the pros and cons.
19:46 < Ignacy> And the book was too big to send it over email.
19:46 < redrabbit> try dl.free.fr
19:46 < Ignacy> kk
19:47 < redrabbit> it's ran by an isp and no bs
19:56 < crR5> what happens at different layers when i send a mail from outlook to some mail address
19:57 <+catphish> crR5: that's a short question with a very long answer
19:58 < crR5> +catphish: yeah i can understand. try helping me? :)
19:59 <+catphish> crR5: lots of things happen, at its simplest, the sending email server does an MX DNS lookup to find the destination server to send to based on the domain name of the email address, then it makes a tcp connection on port 25 to one of the servers discovered, and sends the email using smtp protocol
19:59 < crR5> +catphish: what are the layers used here? does it send from application layer?
20:00 <+catphish> all the layers are always used
20:00 < crR5> ah ok
20:01 < crR5> +catphish: any good resources to dig more into that
20:02 <+catphish> so in the case of sending an email, you have the application layer protocol (SMTP), which sits on top of the transport layer protocol (TCP) which sits on top of the network layer protocol (IP), which is on top of the data link protocol (ethernet), and finally the physical protocol (also ethernet, tha cable)
20:03 < crR5> +catphish: so at the other end the mail is probably decrypted again at the application layer? or still all the layers are used?
20:05 < crR5> does checksum happen too?
20:11 < Celmor> there's no decryption as there's no encryption by default, servers could use TLS for transportation though but there's no encryption in the "email"/smtp protocoll
20:11 < Celmor> you could use s/mime but that's a layer above
20:12 <+catphish> crR5: i think you're asking way too many questions at once
20:13 < crR5> thought of getting this thing cleared :)
20:14 < detha> might as well ask 'How does this internet thing work?'
20:16 < shtrb|laptop> Quadratic equation , the rest is just explanation
20:17 < shtrb|laptop> *Faynman had a lecture when he said you describe all physics by a quadratic equation and some interpritaions
20:18 < lupine> Celmor: eh, starttls is part of the smtp protocol
20:19 <+catphish> it is indeed
20:19 < Celmor> I meant it's not part of the same "layer" as he meant
20:19 < shtrb|laptop> it is ? SMTP can pass over others (3207 is not smtp purly)
20:20 < Celmor> shouldn't have said smtp
20:21 < shtrb|laptop> encrypted SMTP and inter server traffic is rarly setup
20:22 <+catphish> sometimes layers don't make perfect sense
20:23 < shtrb|laptop> no it's absolutly is, I just think the person try to gain to much without having good foundations
20:33 <+catphish> my isp hasn't responded to my email about why whey're offering such crappy upload speeds [sadface]
20:34 < Apachez> ubiquiti sending from space :) https://www.youtube.com/watch?v=j_d1bs28qgg
20:35 < shtrb|laptop> catphish, ip over truck ?
20:36 <+catphish> nope, all ethernet, hence my confusion
20:36 < shtrb|laptop> catphish, what about slppp ?
20:44 < detha> catphish: so, probably there is no valid technical reason. Optimists would say 'we limit the upload speeds so compromised clients can not do too much damage to the interwebz', pessimists would say 'It's so we can sell you an 'Enterprise Subscription' with symmetric speeds.
20:46 <+catphish> detha: there's a few possible reasons, not sure which one they'll choose, hopefully they'll sell me something better than 10% though
20:47 < shtrb|laptop> there is also , we use the overbooking system and screw the customers
20:47 <+catphish> well all connections are oversold, that's 100% unavoidable
20:47 < shtrb|laptop> having a 10 to 1 is the normal in many places (1-1 is no longer the norm)
20:48 <+catphish> but 10% seems unnecessary on a symmetric network
20:48 < shtrb|laptop> in such cases the ISP should be sued to smiterness
20:48 < shtrb|laptop> "symmetric"
20:48 <+catphish> although there were some suggestions why they might want to do it
20:48 <+catphish> asymmetric backhaul commit, content caches
20:49 <+catphish> well hopefully they'll tell me why, and offer me something a little closed to symmetric
20:49 < liveuser1> which deb package holds an mDNS server?
20:50 <+catphish> liveuser1: avahi i think
20:51 < shtrb|laptop> I think you will need avahi-daemon (no need for the rest)
20:51 < shtrb|laptop> liveuser1, avahi-daemon (the rest are extras)
20:54 < liveuser1> shtrb|laptop: testing
20:55 < shtrb|laptop> it will be the same between testing and sid
20:55 < shtrb|laptop> and stable
20:56 < liveuser1> shtrb|laptop: is avahi-daemon enough to run rouge
20:56 < tds> catphish: if you don't ever get a decent response from them, can you just take it to ofcom?
20:57 < tds> I can't remember if they actually do anything useful about it, though
20:57 < shtrb|laptop> I have no idea what is your need
20:57 < shtrb|laptop> liveuser1, ^
20:58 < liveuser1> the funny thing is dnsmasq does dhcp
20:58 <+catphish> tds: not at all, there's no limit to what they can offer, that's a matter between them and the customer, and 10:1 is pretty standard (because of DSL)
20:59 < liveuser1> and the question is about to be is mDNS a dns relay
20:59 <+catphish> tds: but because there's no technical necessity for it, i want to know why they're doing it
20:59 < liveuser1> or a dnsmasq
20:59 < shtrb|laptop> liveuser1, mDNS and dnsmasq have different use cases
20:59 <+catphish> it makes no sense to leave huge parts of your infrastructure unused for no reason, when you could offer it to customers to use
20:59 < liveuser1> did you see my question about the dnsmasq, whatever is built into NetworkManager that allows a adhoc dhcp server to issue addresses
21:00 <+catphish> i'm sure there *is* a reason, just don't know what it is
21:00 < tds> catphish: ah, I misread your original message, I thought they were advertising certain speeds but providing less than that
21:00 < shtrb|laptop> no
21:00 < tds> so yeah, that's an annoying situation to be in :/
21:00 < liveuser1> is there any way to view when an address is issued or attach an alarm "bell" or something
21:01 < shtrb|laptop> liveuser1, well yes , you have hookds and avahi-autopid responsible for the mess network-manager do when dhcp timeouts
21:01 <+catphish> tds: nope, they provide precisely what they offer :)
21:01 < tds> wasn't it a relatively small local provider?
21:01 < tempate> Hello. I'm trying to connect to a locally hosted website from the Internet and not being able to. I understand all I need to do is to map one of my router's port, e.g. 80, to point to my web's direction, i.e. 192.168.1.x:8080. After setting that up on my router (Livebox) I look up my ip with my phone's data and get nothing. Any ideas what may be going wrong?
21:02 < quantum> How is it, that I can plug a managed switch into another managed switch, and see traffic on th activity lights, but not be able to ping the cascaded switch?  Same CIDR.
21:02 < tds> if you have any chance of getting a better service and/or a proper explanation, I'd have thought that kind of provider would give you it :)
21:02 < liveuser1> it'd be better if the dhcp server was called dhcpd and the mDNS server were called dnsmasq or mdns
21:02 < liveuser1> Instead the dhcp server is called dnsmasq and the dnsmasq is called mdns
21:02 < liveuser1> That is what it looks like
21:03 < shtrb|laptop> liveuser1, dnsmasq can share dhcp and dns but if you wish to go hardcore bind9 +isc-dhcp-server
21:03 <+catphish> tds: yes
21:04 < liveuser1> shtrb|laptop: does that require dropping NetworkManager?
21:04 <+catphish> tds: i'm meeting them next week, so will nag them then, the main concern i have is that i currently have 100/50, but they're reworked their packages and changing it to 100/10, so i want to negotiate a compromise
21:04 < shtrb|laptop> no it's irrelevent
21:05 < tds> catphish: ah, good luck
21:05 < shtrb|laptop> liveuser1, but network-manager is a client (UI) you could choose any client you like
21:05 <+catphish> it seems silly that because of tech like VDSL, ISPs are in the habit of offering such asymmetric links, especially in the world of user generated content
21:05 <+catphish> on the other hand, 100/10 is still much better than anyone else can offer me, and i cal upgrade it to 350/35 :)
21:06 < shtrb|laptop> catphish, even on other links they allow it
21:06 < tds> here my upload bandwidth is great, it's download that tends to drop an awful lot at peak times
21:06 <+catphish> i'm still very happy with the service :)
21:06 <+catphish> shtrb|laptop: what do you mean?
21:06 < shtrb|laptop> wait for altice to arrive , they will make xfinity look like a generous ISP
21:07 < tds> but I guess that's what happens when you have hundreds of students and they all watch netflix/whatever at the same time with only a few bonded gig links :P
21:07 < shtrb|laptop> catphish, I mean that some ISPs (altice I'm looking at you) will deliver asymetric speed even on DSL
21:07 <+catphish> shtrb|laptop: well that requires a rather special kind of DSL
21:07 <+catphish> and understandably most customers would prefer the faster download speeds
21:08 < shtrb|laptop> tds , if only there was some kind of protocol that would allow content distribution
21:08 <+catphish> (when the bandwidth has to be divided between the two)
21:09 <+catphish> 10:1 needs to stop being the normal though, people upload stuff!
21:09 < tds> shtrb|laptop: I'd guess all of that kind of traffic is served from on-net cdns anyway, but that'll be out at janet rather than internal to the uni
21:10 < shtrb|laptop> tds, if they can connect the unis to eurodrom they would be willing to connect to a cdn
21:11 < shtrb|laptop> there is also a good chance that a uni will be connected to internet2 (high speed inter uni connection)
21:12 < tds> what do you mean? afaik eduroam is just a large authentication system, effectively
21:12 <+catphish> i don't really understand janet
21:13 < tds> but yeah, I think that the bandwidth capacity issues are just internal to the uni (and possibly just the firewalls being terrible), not the uplinks to janet at all
21:13 < drac_boy> hi
21:13 <+catphish> why would someone connect to janet rather than just taking transit like normal?
21:13 < shtrb|laptop> tds eduroam is a roaming (not only auth) , you can access your local shared files (from your uni )
21:14 < shtrb|laptop> If you have a eduroam account you can come to any uni and get access to your uni service (inlucing access to WiFi or as WISP)
21:15 < shtrb|laptop> is janet the UK answer for internet2 ?
21:15 < tds> "you can access your local shared files" - I know various people running their own eduroam APs, there's certainly no special routing that allows you access services internal to your home institution as far as I'm aware
21:16 < shtrb|laptop> \_()_/ I could sware off that I was able to just access the local services when and could access internet in forigen facility
21:17 < shtrb|laptop> it's just an ipsec but I was able to access their WiFi network and just work (without a local account )
21:17 < shtrb|laptop> * I think it was an ipsec over their WiFi
21:18 < tds> catphish: I guess the logic is that if universities are running high bandwidth links between themselves anyway, they might as well run it as a centralised project that provides both internal connectivity and to the rest of the internet?
21:18 < liveuser1> so with NetworkManager as it is, guessing issuing dhcp calls with dnsmasq, how can one watch for dhcp pulls
21:18 < liveuser1> does NM need to be restarted in debug mode?
21:18 < tds> I know that quite a few uk unis are registering as full LIRs themselves though (idk if they're getting transit from janet and/or other providers)
21:18 <+catphish> tds: maybe they just agree to do it, it does seem like a good idea, but seems like it wouldn't necessarily be commercially seisible
21:19 <+catphish> *sensible
21:19 <+catphish> it may be that they connect to both janet, and other transit, and provide connectivity both ways
21:19 <+catphish> i don't really know the commercial arrangements, xand would know
21:20 < tds> I am slightly tempted to ask if they can do v6 transit to halls, but I suspect that the answer would be no ;)
21:20 <+catphish> unis should definitely be able to do that
21:21 < liveuser1> tds was that a binary transit?
21:21 <+catphish> assuming they have their own networks to the halls, it would be technically possible
21:21 <+catphish> then it comes down to what they can be bothered to configure
21:22 < tds> we don't even have v6 in halls at all right now, so I'm sure they wouldn't do bgp sessions over this network
21:23 <+catphish> tds: shame, it really all comes down to what expertise they have in house i'm sure
21:23 < tds> yeah, they are slowly rolling it out (and did a large and very quick deployment to eduroam), so it's getting there
21:24 < tds> I just run everything back over tunnels anyway, so I have working v6 on my own stuff :)
21:43 < phinxy> Is there a device that expands 1 ethernet interface to multiple ones?  My computer now has two ethernet interfaces, I would like more but there is no bus like PCI available
21:43 < lupine> it's called a switch
21:43 < phinxy> haha ok
21:43 < lupine> you might also be able to get away with VLANs
21:43 < lupine> depending on what you're doing
21:44 < phinxy> routing .. masquerading.. NAT
21:45 <+catphish> phinxy: switch
21:45 < drac_boy> phinxy to extend on that .. to turn one port into several its a switch/hub but if you want individual ips (eg theres no nat upstream) then its a router .. different OSI layers if you want to get technical ;)
21:51 < drac_boy> either way I'm off for a while atm
22:00 < galaxie> Hi, I'm trying to set up a few proxies and stuff that is essentially: X <-> Y <-> Z, where X = local computer, Y = a publicly accessible server, and Z are clients to that server
22:01 < galaxie> I just do not know what to search for. Reverse proxies probably are not the specific thing I'm looking for, for X <-> Y there.
22:03 < galaxie> Because X is behind a firewall, I wanted to make a reverse proxy, but the server I use is based on Django/Twisted and I don't know how to setup a reverse proxy on it, so I need something to connects to X and Y and passes traffic through it.
22:07 < redrabbit> nginx
22:08 < JPT> or maybe haproxy if you need more
22:08 < JPT> even apache can do it with mod_proxy
22:09 < galaxie> Yes, I'm aware those tools might work - I just don't know what I'm looking for.
22:09 < galaxie> Should I Google reverse proxies? Because apparently they have to listen somewhere, and I don't want that. I want it to connect to X, then to Y, then pass traffic between the two.
22:10 < JPT> A reverse proxy scenario usually looks like this: X -> Y -> Z (Where X is a client pc, Y is the proxy and Z is the webserver, -> indicating the direction of the tcp connection)
22:11 < galaxie> That's what I thought. Since I cannot figure out how to reverse proxy Django, it would have another intermediate somewhere.
22:11 < JPT> If both your webserver and your clients are behind a firewall, you may want to look into tools like a vpn to enable your proxy to establish connections to your webserver
22:11 < JPT> Your webserver usually does not care if a browser is sending their request or if it is passed through a reverse proxy
22:12 < galaxie> It's not HTTP, actually. Just plain TCP.
22:12 < galaxie> Do they call these things MitM proxies?? Or what?
22:12 < JPT> haproxy can do things like passing through tcp connections
22:13 < JPT> mitm proxy sounds like a thing, yes
22:13 < redrabbit> lookup "nginx reverse proxy"
22:13 < bezaban> ssh reverse tunnel can expose ports on external ip address as well as localhost
22:13 < bezaban> and can be initated from the firewalled side
22:13 < bezaban> (assuming it allows traffic outbound)
22:14 < galaxie> The problem with that is it listens locally - like, that's fine, as long as it connects as a client to X and as a client to Y.
22:14 < bezaban> well, port forwarding I mean, not a reverse tunnel
22:15 < bezaban> but that can be helpful too for remote access
22:17 < galaxie> I want it so that Y can type in data, X gets it, X replies, Y gets it, and if that works, I'm good.
22:17 < galaxie> But X is the server, and Y is the client, and X is behind a firewall. What's that called?
22:18 < bezaban> a tunnel
22:19 < galaxie> No reverse tunnel? Just a tunnel?
22:20 < JPT> A tunnel can work both ways. See ssh -L and ssh -R in your ssh manpage :)
22:22 < bezaban> galaxie: are any of the machines linux?
22:24 < galaxie> Both are.
22:24 < bezaban> neat
22:27 < galaxie> I don't think either -R or -L would work. My server is supposed to be the server, not a client.
22:27 < galaxie> X (server) <-> Y (also server) <-> Z (clients)
22:28 < JPT> Who establishes TCP connections to who? And who is behind a firewall that does not allow such TCP connections?
22:28 < galaxie> I want it so that the gateway pretends its a client, connects to X, then to Y, then passes traffic between them.
22:29 < galaxie> My local computer. It's behind a firewall and it's the server.
22:30 < galaxie> Y, I can take care of the firewall. X, not at all. X needs a reverse proxy or reverse tunnel or whatever so that X becomes a server that's accessible by Y, so it's accessible by Z.
22:30 < JPT> Okay, so to recap: Any client on the internet shall be able to establish a TCP connection to your publicly available server. This server shall then somehow put that connection through to your firewalled computer?
22:31 < galaxie> Yes.
22:32 < JPT> If your local computer ssh'd into that public server with ssh, you could use -R to tunnel the server port from your local computer through to that server.
22:32 < galaxie> And I think my router/firewall for X uses NAT, because all of our computers here use the same public IP.
22:32 < galaxie> But how would I connect the local SSH to my server?
22:32 < JPT> You could also use a vpn tool like tinc or openvpn to establish a more permanent tunnel that may be easier to take care of
22:33 < JPT> In this scenario, you would run an ssh command like this on your local computer: ssh public_server -R localaddress:80:remoteaddress:80 or something. The details may vary a bit.
22:34 < galaxie> Could you use socat or netcat or nc for that?
22:35 < JPT> netcat/nc only establishes one tcp connection. It might be possible to come up with something that involves netcat, but i don't think it's straight forward.
22:36 < galaxie> socat can do its fork thing
22:37 < bezaban> galaxie: set GatewayPorts yes in /etc/ssh/sshd_config, make sure your app is listening to localhost on machine X, then ssh -R <remoteport>:<remote-ip>:<local port> <remote-ip>
22:37 < JPT> My recommendation is this: Run a VPN between your local pc and that public server. On your local pc, have your server component listen to the vpn interface. On your public server, run something like nginx as a tcp (or http) proxy and have it put incoming requests/connections through to that vpn interface address
22:38 < bezaban> if the firewall is open on remote server for the given port you app should be accessible
22:38 < bezaban> priviliged port (>1024) will need elevated permissions to open, so better stick with something above that
22:39 < galaxie> does sshd_config config for ssh too??
22:40 < bezaban> to automate the setup you could add a passphrase less ssh key and restrict it to run this forwarding, it would also have to retry the connection, so would have to make it a systemd service or implement some retry logic
22:40 < bezaban> sshd_config is config for the ssh server (sshd)
22:40 < galaxie> bezaban: run SSH on localhost?
22:40 < bezaban> this needs to be added server side
22:40 < bezaban> galaxie: no
22:41 < galaxie> bezaban: but how can Y connect to X if X if behind a firewall?
22:41 < bezaban> run the app you are tunnelling locally
22:41 < galaxie> bezaban: I meant, run SSH on X or Y?
22:41 < bezaban> galaxie: through the ssh tunnel
22:41 < bezaban> galaxie: tunnel needs to be started from the only side you can, which is on X
22:41 < redrabbit> or use openvpn
22:42 < bezaban> openvpn works too, but not really sure that is much easier :)
22:43 < galaxie> bezaban: Authentication failed?
22:43 < bezaban> need to do a little pki 101, which is confusing for many :) As opposed to editing one ssh option and running a command
22:43 < redrabbit> it depends
22:43 < bezaban> galaxie: try googling that
22:43 < redrabbit> for me it's esier
22:44 < redrabbit> easier
22:44 < galaxie> bezaban: what's it supposed to authenticate to anyways?
22:44 < bezaban> ssh approach doesn't need any server side config except for a flag in sshd_config, and you don't have to do the NAT on the server side
22:45 < bezaban> galaxie: your ssh server
22:45 < redrabbit> its designed to run as a service
22:45 < bezaban> the remote machine
22:45 < galaxie> bezaban: which SSH server? Ah.
22:45 < galaxie> bezaban: the one running what? SSHD??
22:45 < bezaban> might need user@ in there
22:45 < bezaban> and you need to open the port on the remote server
22:46 < bezaban> (also restart ssh after editing sshd_config)
22:46 < bezaban> sshd*
22:46 < galaxie> bezaban: the remote port's open... ah.. restart local SSHD?
22:46 < bezaban> remote. after you edited the config. on the remote
22:47 < galaxie> bezaban: why remote? is GatewayPorts for remote or local?
22:47 < bezaban> galaxie: remote
22:47 < bezaban> galaxie: read what I've said above
22:47 < bezaban> I've never said anything but remote
22:48 < galaxie> bezaban: but you said to run the SSH command locally?
22:48 < bezaban> galaxie: yes, because you're connecting to the remote
22:48 < bezaban> as you asked once already
22:48 < galaxie> bezaban: also, am I supposed to authenticate using passwords??
22:49 < galaxie> bezaban: it's basically complaining it can't use public key, which we don't have
22:49 < bezaban> galaxie: I've also answered that..
22:49 < bezaban> 22:40 < bezaban> to automate the setup you could add a passphrase less ssh key and  restrict it to run this forwarding, it would also have to retry the  connection, so would have to make it a systemd service or implement  some retry logic
22:50 < galaxie> bezaban: well, can I use passwords instead? the guy who has root on Y isn't here yet
22:51 < bezaban> galaxie: yes, but you don't need root for that
22:51 < bezaban> I'm leaving now. Good luck
22:58 < apb1963> ubuntu 16.04; I need to access my wireless printer.  Therefore, I'm assuming I need to bridge my wireless net (of one PC, 2 androids and the printer) with my internal (wired) LAN (of currently one PC functioning as a router/AP/DNS/firewall, etc.)  I have found links that describe a way to do it with either layer 2 or 3, with different methods for each.  One uses proxy arp, the other ebtables & bridge-utils.  I'm leaning toward the proxy arp
22:58 < apb1963> solution but would like some input on that decision from people that have experience doing this.  The first link is https://wiki.debian.org/BridgeNetworkConnectionsProxyArp#Bridging_Network_Connections_with_Proxy_ARP  The second link is referred to on that page.
23:01 < monoxane> oooooor you could use a router or just have one network
23:02 < bezaban> apb1963: just expose it as a service on the router
23:02 < apb1963> bezaban, I have no idea how to do that
23:02 < bezaban> samba would work I think, share the remote printer resource, cups could probably do it too
23:04 < bezaban> ubuntu is the router?
23:04 < apb1963> yes
23:10 < santost12> The openvpn server i configured to run on 443/tcp yesterday worked for a few hours well... today I was trying to use it and now it is slow. Sometimes the connection would be reset every 5 minutes. That happened a few times but not very often. Could someone recommend a good way to obfuscate the traffic? Ive heard of obfs4 + openvpn server. Is there anything else?
23:10 < apb1963> OK, the problem at this very moment is wireless net is the printer is not getting an IP
23:10 < apb1963> s/wireless net is//
23:11 < `whoami`> santost12: it's probably not related to openvpn being obfuscated or not, but some firewall/proxy/... that resets the cnx if it's beeing kept alive for too long
23:12 < `whoami`> what I mean is obfuscation probably won't help
23:12 < santost12> what is a cnx
23:12 < `whoami`> connexion
23:12 < santost12> cnx = connection
23:12 < santost12> lag
23:12 < santost12> sorry
23:13 <+catphish> sorry about this ^7heo - just an experiment
23:14 <+catphish> ok, it didn't work anyway, never mind
23:20 < santost12> is there something similar to obfs that makes my traffic look like a bunch of plaintext HTTP?
23:21 < santost12> i want to try both anyways and see how well it works
23:32 < `whoami`> i'd ask #tor @ irc.oftc.net for things that specific (about your plaintext http)
23:33 < santost12> ok. thanks
--- Log closed Mon Apr 30 00:00:03 2018