--- Log opened Sat Jun 02 00:00:41 2018
00:13 < spaces> Everyone in sexy shape ?
00:14 < jhave> Hello
00:15 < jhave> Any idea to a good router setup to handle 400-500 gamers/users ?
00:16 < jhave> the network and internet connection is 10G/SPF+
00:22 < djph> USRobotics v.92 modems
00:23 < atsu> You might want to do some segmenting instead of just trying to do one connection and one router, for the most reliability. Many DDoS/booter services out there that sore gamers like to use
00:23 < djph> ^^
00:26 < admiralspark> ugh
00:26 < admiralspark> network collective went paid
00:26 < djph> ?
00:26 < admiralspark> https://thenetworkcollective.com/membership-account/membership-levels/
00:27 < admiralspark> $5 doesn't seem like much, but I'm at something stupid like $200/month going out to all of these microtransaction membership sites
00:27 < admiralspark> need to cut back, not add more
00:28 < atsu> Ew. I really like their podcasts too
00:29 < atsu> $250/year seems a bit steep
00:59 < jadesoturi> Hi all. Not sure if this is the right place to ask, but I'll try anyway. I'm on vacation in Marrakech and the hotel WiFi requires authentication through a portal. However, it seems to redirect all traffic through a proxy or something, resulting in invalid certificate error on Chrome and Firefox.  Also, when connecting to irc instead of the IP to my znc, it tries to connect to something called "controller.access.network" though still on my znc p
01:00 < jadesoturi> The WiFi is spotty at best and there is a huge packet loss always..
01:00 < jadesoturi> The thing is because of the certificate error, I can't login to my email or my school portal. And I have some home exams that I need to send in.
01:01 < atsu> It still gives you an invalid cert after logging in? Usually that just happens when it's trying to redirect you to the login splash page
01:01 < jadesoturi> Is there something clever I can do to try and bypass this? I have nordvpn but connecting to it does not seem to help. Still same error.
01:02 < jadesoturi> Yes. Even after i sign in its still does not work.
01:02 < jadesoturi> Or...
01:02 < jadesoturi> Sometimes it works. For a few seconds
01:02 < jadesoturi> Like with the irc
01:02 < tds> if they're sending spoofed dns replies for the initial redirect, is it possible that you're caching those?
01:02 < jadesoturi> Hmm maybe. How could I check?
01:02 < spaces> I get the feeling that the bitcoin is gonna die
01:03 < atsu>  "ipconfig /flushdns" if on windows
01:03 < jadesoturi> I'm on arch
01:03 < tds> what's the output of "host google.com"?
01:03 < tds> (ignore all the mail is handled by lines)
01:03 < jadesoturi> Looks like I don't have the host command...
01:04 < tds> ah, try dig +short google.com ?
01:04 < jadesoturi> Sorry same story :/ no dig command either..
01:04 < Dagger> try `getent ahosts google.com | grep STREAM`
01:04 < jhave> A cheep server 1U half deep with 10+ cores
01:04 < jhave> Any idea ?
01:04 < Dagger> (which has the bonus of using getaddrinfo() rather than directly talking to DNS, so it'll match the lookups that programs do)
01:05 < tds> ah, good point, I should probably start using that :)
01:05 < jadesoturi> 172.217.18.238  STREAM google.com
01:05 < jadesoturi> 2a00:1450:4016:808::200e STREAM
01:06 < tds> those ips are owned by google, so it looks like they're not spoofing replies at least
01:07 < atsu> Not sure why your VPN wouldn't solve this, if it's setup properly and connected
01:07 < jadesoturi> well. aint that something. now i actually managed to open mail.google.com as well..  but sometimes it gives me DNS PROBE DOMAIN FINISHED error and sometimes cert common name invalid..
01:07 < jadesoturi> hang on. ill try connecting to vpn agian
01:07 < atsu> and not leaking DNS
01:08 < jadesoturi> im not sure. im using openvpn with the ovpn files from nordvpn in the cli.. halv the time connection never gets setup because timeout or packet loss..
01:08 < jadesoturi> like now. cant connec.t stops at UDP link remote: (AF_INET)someip:1194
01:11 < jadesoturi> I'm not sure what's the deal really. Half the time it gives errors. Then works for s few minutes and stops and stars giving DNS probe errors.
01:13 < jadesoturi> Sometimes a custom error page comes up saying something about a misconfigured DNS asking me to change the site address and try again.
01:15 < localhorse> will it work to read /proc/net/arp to get the ip of the device at the other end of the ethernet cable? (when directly connected)
01:15 < jadesoturi> But I've checked my resolve.conf and the DNS set there is the IP of the router /gateway here.  I tried setting g 1.1.1.1 as DNS but that doesn't work either
01:15 < localhorse> before having sent any packets to it
01:16 < atsu> localhorse, From a networking standpoint, no.
01:16 < localhorse> atsu: is there any way to get its ip? :)
01:16 < jadesoturi> cat /proc/net/arp returns 10.2.0.1 which is the same IP it sets in resolv.conf
01:17 < atsu> localhorse, Wireshark if it's talking, or tcpdump
01:17 < localhorse> atsu: i mean from code
01:17 < localhorse> on a rpi
01:17 < localhorse> without those tools being installed
01:18 < atsu> jadesoturi, You may want to try modifying your VPN to use an IP to connect instead of depending on DNS. On hotspots like this, as tds suggested, it's suspect to filtering and modification
01:19 < jadesoturi> I'm pretty sure the ovpn file uses IP and not host.
01:19 < atsu> Check. I'm not sure because I don't use Nord. opvn files are just plaintext
01:19 < tds> localhorse: do you know what the device on the other end is, eg is it running a dhcp server or anything like that?
01:20 < localhorse> tds: it's an industrial device, not running a dhcp server
01:20 < jadesoturi> atsu, yes it uses IP. Remote 82.102.22.237 1194
01:21 < tds> localhorse: hmm, that's difficult unless it's actively sending out traffic
01:21 < localhorse> it's not sending out traffic without being queried first
01:21 < localhorse> and for that, i need its ip
01:22 < jadesoturi> It looks like the problem is that the connection is to weak, so that  it disconnect the WiFi after a while(nobpavkets go through at least) then I reconnect and it works for s little while then drops again... Like I'm on my cell writing this now, as the laptop disconnected from znc
01:23 < jadesoturi> And when it reconnects it uses some time to resuthenticste which causes the cert error and DNS probe error.
01:24 < jadesoturi> Isn't there a way to bypass these hotspot authbstuff and just get a direct pipe out?
01:25 < atsu> jadesoturi, Doesn't sound like it, the way that it's setup. Sounds like it's aware of the wifi connection, so you need to get a stronger signal
01:25 < tds> localhorse: hmm, for v6 I guess you could ping the all nodes multicast address and you should get back a link local of the other device one (if it has one), I can't think of a nice solution for v4 other than doing arp requests for the whole of v4 space
01:26 < jadesoturi> atsu, not sure what you mean with "it's aware of the WiFi connection"
01:26 < tds> I'd expect most embedded devices (depending on what it is) to still make some connections out (eg ntp), so it might be worth trying to capture those
01:27 < jadesoturi> The signal seems strong(4 out of 5 bars) but prolly too much interference...?
01:27 < jadesoturi> My cell seems to be able to keep the connection alive for longer/more stable but the laptop lags out pretty quickly...
01:27 < localhorse> tds: no, it's a device from the 80s, the time has to be told to it
01:28 < tds> heh, I guess no v6 either then
01:29 < localhorse> tds: isn't it enough to scan the link-local space? 169.254.0.0/16
01:29 < atsu> localhorse, Is this device directly plugged in or is there a switch or router inbetween
01:29 < tds> localhorse: if you know it has a link local address, sure
01:30 < localhorse> i want to support both cases but if it's not link-local, i'll just scan my_ip/8 at the port that the device listens
01:31 < localhorse> because there might be multiple devices in that case
01:31 < TandyUK> if its that old, it might repsond to a ping to the broadcast address, which would cut down the number of scans
01:32 < atsu> Whenever I need to find an IP of a device I usually wireshark or tcpdump and just look for ARP requests from that device. Usually everything tries to phone something and to do so, it needs ARP
01:33 < tds> yeah, that normally works nicely, but it sounds like it might not in this case :/
01:33 < azonenberg_work> So this is interesting
01:33 < azonenberg_work> i ran some simulations for how big a mac address table needs to be for a given sized network
01:33 < azonenberg_work> It's larger than you'd think
01:33 < localhorse> TandyUK: so my_ip with 255 as last byte?
01:34 < tds> it'll depend on the subnet mask
01:34 < TandyUK> if it has any config, if it tries to talk to _anything_ at the very least it needs to fire an ARP request to get the gateways MAC
01:34 < localhorse> it doesn't seem to respond when i ping 192.168.1.255..
01:34 < azonenberg_work> on a 24+4 port switch, for example, with 32 addresses per port (reasonable if you have interfaces going to other switches, wifi APs, VM servers, etc)
01:34 < TandyUK> so provided youre plugged in, and have wireshark running, you should see that
01:34 < azonenberg_work> You need a 16K entry mac table to get a 1% chance of address collisions
01:35 < azonenberg_work> even though you only have 896 addresses max
01:35 < localhorse> tds: the inverse of the subnet mask?
01:35 < azonenberg_work> http://paste.debian.net/plain/1027648
01:36 < TandyUK> localhorse: its a try it and see, im not sure what would happen for example if you set your ip/mask to 10.0.0.1/0 and then fired off a ping -b to every /24's .255
01:36 < TandyUK> id kinda expect the target device to get the packet, and then fire off some sort of response
01:36 < atsu> If said device has a /24 subnet mask and you're outside of it, you're not going to get a response
01:36 < atsu> So you would have to change your IP to be inside
01:37 < TandyUK> you dont need to 'get it' if youre the only thing on the cable
01:37 < TandyUK> it has nowhere else to send it
01:37 < TandyUK> so in layer 2 at leastm, youd see something
01:37 < TandyUK> hopefully with enoguh clues in to figure outwhat range it is using
01:38 < Apachez> Horratio stop that!
01:38 < atsu> Outside of it's subnet, it's going to assume it has to use a gateway to reach back
01:39 < TandyUK> right, so again, if it tries to respond, its going to send _something_ down the cable
01:39 < TandyUK> which youre looking at with wireshark
01:39 < TandyUK> (in promiscuous mode)
01:39 < atsu> I don't think you would get a response
01:39 < atsu> maybe if you scripted constant IP changes
01:40 < tds> yeah, I reckon that might work if you kept changing your ip
01:40 < tds> though you run the risk of picking the same ip as the device
01:40 < TandyUK> yeah if you change ip for sure
01:40 < TandyUK> but i didnt think the source mask affected how a device processes a packet it recieves
01:41 < TandyUK> it would just see "10.0.0.1" tried to ping me, assumign no firewall, send a response, whether thats direct, or via its gateway
01:41 < atsu> yeah, it would affect it. If you're not inside that subnet, there's no way to talk back
01:41 < TandyUK> whichever it does, your laptop or whatever with wireshark is the only thing on the end of the cable, so whatever it sends, yo usee
01:42 < TandyUK> **in layer 3**
01:42 < TandyUK> who cares what the layer 3 is, when yo uarel isten to everythign at layer 2
01:42 < TandyUK> from there you can inspect the packet, and at least see the devices ip
01:42 < atsu> IPs are layer 3
01:42 < TandyUK> subnet youd potentially still need ot figure out
01:43 < TandyUK> yes
01:43 < TandyUK> you SEND a layer 3 packet.
01:43 < atsu> Things don't talk outside of subnet masks
01:43 < TandyUK> you listen for the layer 2 response
01:43 < TandyUK> after setting your subnet to /0
01:43 < TandyUK> you are the world as far as you are concerned
01:43 < atsu> subnet masks have to match for that to happen, on both devices
01:44 < atsu> If it is /24 without a gateway, you will get nothing
01:44 < TandyUK> oh agree, no gateway = screwed
01:44 < TandyUK> ut if it has a gateway, it shoudl in theory try to send the data via it
01:45 < tds> if you've set your mask to a /10, and you try to ping the broadcast address of a random /24 in that, surely it'll just arp for that address, rather than sending it to the broadcast mac address?
01:45 < spaces> this sucks, google geocoder JS query differs in result comparing to a PHP call using the directions API
01:45 < tds> I guess you could probably manually generate the ethernet frame with a bit of effort, idk if the device would respond though
01:46 < atsu> A device will not try to ARP request outside of it's subnet mask
01:46 < TandyUK> tds: good point, though im sure arping could help you out there
01:46 < atsu> Generally speaking
01:46 < atsu> Because outside of subnet = "Oh, I should use a gateway to reach that"
01:46 < TandyUK> or jus tscripted to manually add it to arps database, ping, remove, repeat
01:47 < TandyUK> s/database/table before someone moans at me lol
01:48 < TandyUK> it csnt be that hard to do, i have an IP camera tester, which is essentially an android tablet, with fuck off battery, and a single poe port
01:48 < atsu> Could script sub interfaces on every /24 possible of RFC 1918, if you don't run into some sort of OS limit
01:48 < TandyUK> i can plug it into _any_ camera, regardless of its ip, and my testers ip, and it will do a scan and within 30 seconds (after the cam has finished booting at least) find it
01:48 < TandyUK> so whoever made that figured out an easy way to do this :)
01:49 < TandyUK> ofci cant actualyl talk to the cam at that point, i have to go set the testers ip appropriately first
01:50 < TandyUK> but i can see generally make and model (derived from mac i assume), along with its ip
01:52 < tds> TandyUK: good shout, your theory is right, just tried on a linux box and pinging the subnet broadcast address (with a static neighbour entry for the broadcast mac) will cause it to arp for the default gateway
01:52 < atsu> TandyUK, Interesting. Not sure what that would use
01:52 < jadesoturi> atsu: ok. So this is weird. I'm connected and authenticated to the WiFi, have vpn setup but when trying to access websites I get a custom error page saying" if you see this page you have been incorrectly redirected. Either you are not behind a controller or you are connected to a controller with misconfigured DNS parameters(missing DNS entry for controller.access.network in the DNS server)"
01:52 < tds> (if the source address for the ping is outside the subnet, that is)
01:52 < atsu> Maybe other than just sniffing ARP, or perhaps more easily doing LLDP or CDP
01:53 < tds> yeah, I'd suspect lldp for something that quick
01:54 < atsu> jadesoturi, Sounds like you're leaking DNS or not connected completely to the VPN
01:55 < tds> what's the content of /etc/resolv.conf?
01:55 < jadesoturi> How can I check if I'm leaking DNS? I would Google but can't :/
01:55 < jadesoturi> Hang on...
01:55 < atsu> A good question
01:56 < TandyUK> LLDP or similar is quie possible actually, i deal mainly in hkvision, and i they ship with "Enable Multicast Discovery" turned on
01:56 < TandyUK> no clue if the other brands it has worked on have similar defaults or not
01:56 < jadesoturi> tds, [jadesoturi@blackTAB ~]$ cat /etc/resolv.conf
01:56 < jadesoturi> # Generated by NetworkManager
01:56 < jadesoturi> search access.network
01:56 < jadesoturi> nameserver 10.2.0.1
01:56 < jadesoturi> sorry for posting. cant acces paste sites:/
01:57 < atsu> yeah that doesn't sound like something Nord would of installed
01:57 < tds> it looks like you may still be using their dns resolver, I'd try switching that to eg 8.8.8.8/1.1.1.1/whatever
01:57 < tds> I guess nord could have 10. space routed over the vpn with resolvers listening there, seems unlikely though
01:57 < atsu> yeah
01:58 < TandyUK> and i hate my mates choice of ip range... 172.16.85. all my fingers want to type is 172.168.5.
01:58 < jadesoturi> No this is set by the WiFi connection...
01:58 < jadesoturi> Not by Nord.
01:58 < tds> ah yeah, I'd change that in that case
01:58 < atsu> If you use NetworkManager, you could just hardcode it to 1.1.1.1 in there
01:59 < jadesoturi> What should I set search to?
01:59 < tds> it's possible nord are sending you dns resolvers, you'd either need hook scripts for openvpn to use them, or use the network-manager openvpn plugin
01:59 < atsu> Otherwise modifying /etc/resolv.conf may just get overwritten
01:59 < tds> (the network manager option being the proper way to do it)
01:59 < atsu> jadesoturi, Search doesn't matter
02:00 < atsu> jadesoturi, That's just for local hostnames, which you shouldn't care about in your case
02:02 < jadesoturi> yeah. looks like networkmanager setup helped.. it added to other nameservers above the one added by wifi..
02:02 < jadesoturi> lets see if it keeps stable now ;P
02:02 < atsu> jadesoturi, Best of luck
02:03 < jadesoturi> thank you so much for you patience and help! the weird thing is i tried hardcoding 1.1.1.1 into the resolv.conf earlier today, but that didnt help. but i think it was due to the spotty wifi connection dropping packets when trying to reach 1.1.1.1 or the reauth that happens when the wifi disconnects/reconnets..
02:03 < jadesoturi> looks to be working fine now:)
02:04 < atsu>  /etc/resolv.conf among other things will just get overwritten by stuff like Network Manager
02:05 < atsu> So you manually change it and *poof*, Network Manager steps in
02:06 < jadesoturi> Yeah, prolly what happened when it reconnected and then 1.1.1.1 was removed.
02:06 < atsu> Yup
02:07 < tds> with networkmanager and similar it's normally best to do all network changes with that tool, rather than doing them manually
02:07 < tds> otherwise you'll end up fighting with it like that over what dns servers to use or whatever :)
02:07 < atsu> Exactly
02:08 < tds> (unless it's old fashioned /etc/network/interfaces and ifupdown, in which case you may have to make changes manually and update the file, and hope it all works on reboot)
02:09 < atsu> Even with Ubuntu Server and Debain without Network Manager, you shouldn't edit /etc/resolv.conf directly. You're suppose to do DNS in /etc/network/interfaces
02:10 < atsu> I can't think of any OS where you're directly suppose to edit that file anymore
02:12 < tds> hmm, I still have static resolvers put in resolv.conf on most of my machines, I may be doing it wrong though
02:12 < tds> that's without resolvconf installed, though
02:13 < atsu> Yeah, the "correct" way is to put DNS entries into interfaces
02:14 < atsu> That's how I do it on most my servers
02:14 < tds> how does that actually get applied, ifupdown hook scripts that call resolvconf or something?
02:15 < atsu> It does work, because I haven't directly edited resolv.conf in a long time
02:15 < atsu> How, not sure on details
02:18 < atsu> That's with usual bare Ubuntu Server or Debian install without anything extra
02:19 < tds> ah yeah, I think it is an ifupdown hook script for resolvconf
02:20 < tds> is /etc/resolv.conf a symlink on all your machines?
02:22 < atsu> I don't think so? Ugh, you're making me login to systems on a Friday :P
02:23 < tds> heh
02:24 < atsu> yeah it is a symbolic
02:25 < tds> ah, that makes sense, none of my stuff has resolvconf installed
02:25 < atsu>  /etc/resolv.conf -> ../run/resolvconf/resolv.conf < This seems to be the case for Ubuntu Server
02:25 < atsu> Ah
02:26 < atsu> That's just default Ubuntu Server 14.04 and 16.04. Both seem to be that way
02:26 < tds> my stuff is debian, the default for my lxc containers is to not have resolvconf by default, I can't remember what the default for an official install from the iso is though
02:26  * tds will find out once this install finishes
02:27 < atsu> Personally I like Ubuntu Server because LTS means I don't have to reload or do a massive upgrade as much
02:28 < atsu> but I have a lot of random servers
02:29 < tds> ah yeah, the default for debian is just a plain /etc/resolv.conf file, not managed by resolvconf or anything
02:30 < atsu> Interesting
02:30 < tds> it managed to find my resolver though, which is interesting
02:30 < Drakonan> ok so i have a router / bridge question
02:30 < Peng_> tds: so it is managed by something :P
02:30 < Drakonan> how much less resource intensive is it to be a bridge vs a router
02:30 < tds> heh, I think that was put there by the installer
02:31 < tds> since changes were preserved after a reboot
02:31 < Peng_> Ah
02:31 < atsu> Drakonan, Homework?
02:31 < Drakonan> no just curious...
02:31 < Drakonan> i have a modem that is crappy and im wanting to convert it to a bridge and use a dedicated router
02:32 < Drakonan> (actual router router not even wlan)
02:32 < Drakonan> and will prob use a third leg with an ap
02:32 < tds> and I guess the installer may be using something to intercept RAs and find the resolver, then write it out to the file?
02:32 < atsu> Drakonan, You're going to be forwarding a whole lot more with bridging versus route
02:33 < atsu> Drakonan, Okay then that's a different question
02:34 < Drakonan> im having a hard time thinking about this... i shouldnt be because i know how a bridge works ive been a ccna before...
02:34 < Drakonan> but dsl frames are coming in and is it forwarding everything?
02:34 < Drakonan> how does it know what NOT forward?
02:35 < tds> Peng_: aha, the installer uses udhcpc, I think that writes to /etc/resolv.conf then the installer copies that over to the new install
02:35 < Drakonan> at least it has a gigabit interface and so will the other side
02:35 < Drakonan> was just curious about state tables if it had to maintain state for anything
02:35 < Drakonan> or if it was pretty dumb
02:36 < Drakonan> im hoping i wont have to log in there much anymore after bridging because it... it doesnt lock up but the console stops working right after a while
02:37 < Drakonan> i can log in to the first page (so the password works) but it's like it cant maintain the session state of my web sessoin and link i click from there results in a new login page
02:37 < Drakonan> if i reboot im good
02:38 < Drakonan> i bought an espressobin
02:39 < Peng_> tds: Ah. That sounds nice. :-)
02:43 < Drakonan> but so i guess all the frames coming in from the dsl goes through to the ethernet side?
02:43 < Drakonan> i guess that's not a problem at all
02:43 < Drakonan> 20mb vs gigabit
02:44 < Drakonan> and that will connect back to my espressobin pfsense i hope box
03:11 < nickermire> exit
03:14 < azonenberg_work> Hmmmm
03:14 < azonenberg_work> So the best way i can think of for implementing broadcasts in a layer-2 switch fabric
03:14 < azonenberg_work> is to do a global barrier synchronization
03:14 < azonenberg_work> i dont like it
03:15 < azonenberg_work> Basically, stop forwarding new packets momentarily
03:15 < azonenberg_work> Wait until all in-progress packets have progressed through the fabric
03:15 < azonenberg_work> (at least, all packets going to ports that are receiving the L2 broad/multicast)
03:15 < azonenberg_work> Then read the packet out of the ingress queue and push it to every exit queue at once
03:16 < azonenberg_work> through multiple paths in the fabric
03:16 < azonenberg_work> Once that packet is forwarded, return to normal switch operation
03:19 < azonenberg_work> I mean, the total time that the fabric is blocked is (worst case) one MTU
03:19 < azonenberg_work> So it's not THAT slow
03:19 < azonenberg_work> but time in which packets that could be forwarded aren't moving is bad
03:19 < azonenberg_work> Even if broad/multicast traffic is (should be at least) a very small fraction of overall traffic
03:20 < TandyUK> maybe do a seperate counter, so every 50 packets or something, it checks a different type of queue
03:21 < TandyUK> so there would be a consistent tick at which every switch checks for, and sends these packets, or if that queue is empty, gets a normal packet
03:21 < TandyUK> or in hardwar,e more likely just skips that cycle
03:21 < TandyUK> so no thats worse actually, as youd always lose the cycle
03:37 < spaces> people on stackoverflow are real bitches
03:37 < spaces> it's all negative if you ask something, it's even worse then IRC these days
03:37 < spaces> moderators that cannot understand why someone asks something, it's a real weird medium these days
03:38 < spaces> that userbased moderation system sucks also big time
03:50 < Seraph> Hello
06:01 < vegii> Now this is weird. I've been having connection issues on my desktop and after some time and doing things I should have done in my home network long ago, I realized that the issue is on the 10/100 link to a wifi-client router and there's nothing wrong with the CCA cable itself but 4 of 8 contacts on the 8p8c connector are not shiny gold and rather corroded. I put a few drops of isopropyl alcohol on it and it's happily working again. Does it happen often
06:01 < vegii> and what's causing this corrosion? How do you prevent it?
06:11 < zenix_2k2> one question, is every subnet mask of every device inside a LAN the same ?
06:12 < zenix_2k2> i can't really tell in which case one is different from another
06:12 < rewt> they should be
06:12 < zenix_2k2> but are they ?
06:12 < rewt> it's possible, but not recommended, to set them different
06:14 < zenix_2k2> but also when 2 devices connect to a switch, is that called a LAN ?
06:14 < rewt> yes
06:15 < zenix_2k2> cause i heard somewhere that there is a case where a subnet mask from one device is different to another in a switch
06:15 < rewt> it's possible, but not recommended, to set them different
06:15 < rewt> the subnet mask tells the device if it should send packets direct or via a router
06:15 < rewt> that's all
06:16 < zenix_2k2> by "setting them different", you mean in switches only or also with routers and access point ?
06:18 < zenix_2k2> still getting a bit confused with subnet stuffs
06:20 < rewt> switches have no such setting
06:20 < rewt> each device has an ip and a subnet
06:20 < rewt> that's where you configure it
06:22 < zenix_2k2> oh, then how about routers and access point ?
06:22 < rewt> routers as also devices
06:22 < rewt> anything with an ip address
08:27 < gde33> where can we see some visualization of internet speed distribution? (I dont mean average or high/low by country)
08:40 < sielicki> I need a temporary hack to forward SSDP between two networks, I have ssh access to a machine on one lan and I have my machine on the other, any ideas on doing this without configuring something heavy?
08:45 < detha> sielicki: does it have to be sstp?
08:46 < detha> ah, misread, ssdp. that's multicast, needs L2 tunnel
08:47 < sielicki> the story is I have a firetv stick here with me at a family member's place, and I have a directv app sideloaded onto it so that I can stream select directv channels, but some channels are blocked without registering the device on the same network as the actual DVR device
08:47 < sielicki> I'm only assuming it uses SSDP to discover the box and do the process
08:48 < detha> openvpn tap is the lightest I can think of
08:48 < ben8472> you can use zerotier
08:48 < ben8472> https://www.zerotier.com/
08:48 < detha> or that yes, but that needs setting up accounts etc.
08:49 < ben8472> thats like 1 minute of work (just use your google acc as login)
08:49 < ben8472> the dvr runs on win/linux/mac ?
08:50 < sielicki> the DVR is a set top box, I have no idea what it runs honestly
08:50 < sielicki> probably freerts
08:50 < detha> ben8472: not all people /have/ those accounts, or want them to be linked to zerotier
08:50 < ben8472> ok than its not that easy with zerotier unless you use it to bridge the networks
08:50 < sielicki> https://la11111.wordpress.com/2012/09/24/layer-2-vpns-using-ssh/
08:51 < ben8472> detha : than you can always setup an account without google, its 1.5 minutes of work than ..
08:52 < sielicki> gonna give this a shot and then go unplug the WAP here and setup my laptop as an AP, bridge the wireless interface on my laptop to the resulting tap device, and then hopefully the firestick should get an IP on the subnet at the other place and the association should go through smoothly
08:53 < ben8472> sielicki : for future use, it might be possible to tie together a plex server with your dvr
08:54 < sielicki> it's not a self-managed DVR type deal, it's a directv box
08:54 < sielicki> the nice bit is that the data is prorated when you stream if you're an AT&T customer, the absolute only reason I bother with this at all
08:54 < ben8472> yes, but if you can access it via network, plex might be able to use it as a dvr device
08:54 < sielicki> nah, it's all encrypted and such, it's not accessible like that.
08:54 < ben8472> ok
08:54 < sielicki> I'm a fan of emby.media, by the way, check it out if you're ever dissatisfied with plex
08:55 < ben8472> to be honest, i had a emby subscription for a year now or so just to support their development
08:56 < ben8472> i might go over sooner or later, i dislike a few things on plex, but it works for the most part and i didnt want to get into the work of actually switching over yet ;)
08:56 < sielicki> it's really a miracle that Plex has been widely adopted while being such a closed service
08:56 < sielicki> While we're on the subject, I find it absolutely amazing that the alt.bin's on usenet still distribute as rar when it's a proprietary and less performant than free alternatives
09:08 < ben8472> the 2 biggest issues i have with plex are that transcoding cant be turned off, even if the hardware can't handle it, no lets transcode anyways
09:08 < ben8472> and that it relies so much on their servers
09:58 < zerox10C> Boxee could have been everything Plex was but they sold it off to Samsung??? - And that ended that.
09:58 < zerox10C> Ya samsung.
09:58 < zerox10C> Dang that was in 2013.
09:59 < zerox10C> Plex and Boxee looked basically identical back then.
16:12 < LtL> Question: if i register a domain and point it to my vps website, will my irc server on the same machine work? i.e. will the irc server just show the ip or the domain name? will the irc server still function at the same address?
16:14 < LtL> i don't think see why it wouldn't work, or would i need to configure a sub domain…
16:15 < aditya6502> it would
16:16 < LtL> aditya6502: it would work, or it would need a subdomain?
16:16 < aditya6502> it would work
16:17 < LtL> aditya6502: ok, so just point to the vps and all is good?
16:17 < aditya6502> yep
16:17 < LtL> aditya6502: thank you sir/or ms  :)]
18:32 < VincentHoshino> so someone thought it would be a good idea to give a VM on my network the same IP as the default router/gateway....
19:05 < djph> was tgat someone you?
19:06 < VincentHoshino> nope just one of my lusers
19:06 < djph> heh
19:08 < VincentHoshino> figured out why network went boom when I looked at console log ... arp: MAC is using my IP address ....
19:30 < Android> test
19:31 < Android> test
19:34 < wm-dd30> https://imgur.com/gallery/C3qaO28
20:01 < ldiamond> I'm trying to do TCP/SSH through an ICMP tunnel using ptunnel
20:01 < ldiamond> It does not seem to work even though ICMP is open
20:02 < ldiamond> otherwise, is there any TCP ports typically open?
20:04 < tds> most networks will allow 80/443, though you may have better luck with 443 as sometimes 80 can go via a caching proxy
20:05 < ldiamond> those are redirected to a captive portal
20:13 < tds> tunnelling over dns might work
20:15 < ldiamond> tds, any proper tools you know that does that (on linux?)
20:15 < ldiamond> I tried Softether but could not get it to work. It's basically undocumented
20:16 < tds> I'd probably see if udp/53 is unfiltered first, if so I'd just do openvpn on 53
20:46 < goldstar> On my nix box I've a primary int eth0, and a secondary macvlan int peth1. I can route any IPs on peth1 via eth0, but not directly using peth1 to upstream. Does anyone know how I can change this ?
21:10 < Apachez> anyone else got a shaky experience from twitter for the past hour or so?
21:24 < godSend23> if a service like squarespace says i can choose a domain name, do you still need to buy/reserve it from goDaddy for at least 1yr?
21:26 < rewt> godaddy isn't the only registrar
21:26 < Goop> Namecheap is an excellent registrar. I'd recommend it to anyone.
21:27 < Goop> I purchased a wireless router at a second hand store, how do I modify it to send/receive to a friend that lives a few miles away?
21:28 < Adluc> namecheap.com for domains
21:28 < Adluc> Goop: you need a pair of ubiquity or mikrotik PoE powered antennas
21:28 < Goop> Adluc, How do I DIY it to make it cheaper?
21:28 < Adluc> Goop: https://www.ubnt.com/products/#airmax
21:29 < Adluc> buy some from 802.11n from local sites selling used hardware
21:29 < Adluc> *some
21:29 < Adluc> Goop: in my case: https://www.bazos.sk/search.php?hledat=ubiquity&rubriky=www&hlokalita=&humkreis=25&cenaod=&cenado=&Submit=H%C4%BEada%C5%A5&kitx=ano
21:29 < Adluc> you shall find similar site
21:30 < Goop> godSend23, sorry, if you want a good domain registrar, go with Namecheap. If you don't have your own server/website, might trade quality for the features GoDaddy provides. Not sure if there are competitors, but I have my own service and I think GoDaddy sucks.
21:31 < godSend23> oh ok
21:31 < godSend23> but squarespace is offering me a domain
21:31 < godSend23> is that diff than a registrar?
21:31 < tds> I think squarespace are a full registrar, if they include a domain in your package for free then I'd just use that
21:32 < godSend23> oh ok
21:32 < Goop> godSend23, what do you need as an end result, how much work do you want to put into a website, and how much are you willing to pay monthly/yearly?
21:32 < Goop> I assume you want a website.
21:32 < godSend23> didn't realize that
21:33 < godSend23> yes
21:33 < godSend23> thanks tds
21:33 < godSend23> and goop
21:33 < Goop> godSend23, are you Linux system adminstrator and/or web developer? That will determine what I'd recommend for you.
21:34 < godSend23> prob more the latter
21:34 < DoctorDick> If you have to say provably, you're not either
21:34 < DoctorDick> Probably*
21:35 < DoctorDick> Just pay a company to host for you
21:40 < Goop> godSend23, do you already have the domain "example.com" (as an example), or is this something you don't have anything for already, and would like to start a website?
21:41 < godSend23> i bought one from google domain
21:50 < Groupers> Hi. I’m looking for an LTE/Ethernet bridge but CradlePoint is way out of my pricerange. Any suggestions? Just wanting to use it as a failover plugged into a ubiquiti router, so routing/wifi/more than one wiired ethernet are unnecessary
21:51 < Groupers> Was thinking about a USB modem plugged into an openwrt VM but I’m concerned about reliability
21:52 < javi404> Groupers: I would go with VyOS instead of openwrt
21:52 < javi404> not sure about support for USB modems
21:53 < javi404> Groupers: also, I bet there is some ubiquity hardware that supports LTE USB devices, but I haven't looked at their latest gear.
21:54 < Groupers> I just want to plug in a Verizon sim and go but the only thing i found was a cradlepoint $670 thing
21:55 < godSend23> ???
21:55 < Groupers> I’ll look at vyos
21:58 < Goop> Yo, I'm trying to hack this wireless router I got at a second-hand. How would I go about attaching a yagi antenna when there's no external antenna option available?
21:58 < Groupers> I figured this would be a common enough thing but I can’t find anything decent that doesn’t cost a fortune
22:03 < godSend23> i have a website on squarespace
22:03 < godSend23> but better to switch over to namecheap?
23:28 < redrabbit> would you pay for something like pia for a vpn service or just use the isps tubes
23:28 < redrabbit> tbh i have a hard time seeing the pros
23:29 < redrabbit> its not even the cost
23:30 < batch> isps tubes? what you mean with that redrabbit
23:30 < redrabbit> potential slow down, capchas
23:30 <+pppingme> there's no point to a hide your ass vpn if thats what you're referring to..
23:30 < redrabbit> just using your isp without vpn
23:31 < redrabbit> right
23:31 < redrabbit> https://www.privateinternetaccess.com/ that kind of service
23:31 < redrabbit> is it worth it
23:32 < redrabbit> its hardly going to improve anything vs using my own vpn servs
23:33 < redrabbit> exept ""anonymity""
23:43 <+pppingme> what are you hoping to achieve? these hide your ass style vpn's don't provide any kind of security, no anonymity, and make it EASIER to track you..
23:43 < redrabbit> nothing
23:44 < redrabbit> i have a hard time seeing the point of theses
23:44 < redrabbit> so this vpn biz is hot air
23:46 < Stranger789> with nordvpn on my location there is huge difference on ping and hops
23:47 < Stranger789> for example if pinging google
23:48 < redrabbit> guess i should setup secured dns and call it a day
23:49 < Stranger789> Greek backbone server results:
23:49 < Stranger789> ping 8.8.8.8
23:49 < Stranger789> NO_VPN : rtt min/avg/max/mdev = 28.721/30.163/32.423/1.401 ms
23:50 < Stranger789> With: rtt min/avg/max/mdev = 3.816/5.902/8.202/1.479 ms
23:50 < redrabbit> odd
23:52 < Stranger789> and you dont wanna know about hops
23:53 < tds> I guess that can happen if there's a local peering between the VPN provider and your ISP, but then your ISP has poor peering out to other networks (eg google in that case)
23:54 < tds> I'd expect that to be relatively unusual though, unless your isp is tiny or something
--- Log closed Sun Jun 03 00:00:28 2018