--- Log opened Sat Jun 16 00:00:00 2018 00:00 < discipulus> Mainly work, yeah, but also services like netflix and hbo. They don't include every show in my country. 00:01 < discipulus> So I'm using openvpn 00:03 < discipulus> Its not a hugh deal, but it's been going on for so long it's become great annoyance for me... My statusbar gets messed up by this and I have to reload i3 after 5-10 seconds after each boot. 00:04 < discipulus> Does anyone have an idea as how to troubleshoot this? Or to speed up the connection process? 00:30 < atsu> discipulus: It may sound kind of simple, but have you tried static'ing an IP address on your LAN 00:31 < tds> might also be worth looking through syslog to see when network-manager started, when it got a dhcp lease, etc 00:40 < Noteme> Shouldn't a usb wifi card work just fine connected to a usd extension cable? Hmn, somehow linux doesn't even seem to detect it 00:41 < discipulus> atsu: No, I have not. Can I do that, since I'm I have openvpn enabled at startup? 00:41 < xamithan> Probably not, those extension cables sometimes lead to lower power 00:42 < Noteme> The cable is around 2.5m long, is it too long for an unshielded cable? 00:42 < discipulus> tds: You mean journalctl? 00:42 < Noteme> (actually don't know if it's shielded or not, looks like it is) 00:43 < xamithan> It shouldn't matter if it is a quality cable. I just know those extension cables suck because I use one to charge my phone and it only gets half the Ma 00:43 < Noteme> that could be the problem 00:45 < Noteme> the thing is the wifi signal is really weak and it could be due to the card being surrounded by metal from the computer case 00:45 < Noteme> don't know if that affects the signal, does it? 00:45 < xamithan> Does that matter if the card isn't even detected ? 00:46 < Noteme> I'm talking about the card without the extension cable 00:46 < xamithan> Are you sure it isn't just drivers or the module isn't loaded in the kernel ? 00:46 < xamithan> metal doesn't really give interference, crazy wallpaper, microwaves, baby monitors, anything in the same Ghz range does 00:47 < xamithan> But a computer case metal isn't going to be like 4-6 inches thick 00:47 < Noteme> yeah it's not, and I connect it on the fron usb port so it's not even covered if that makes any sense 00:47 < Noteme> but still, the signal is really weak 00:48 < Noteme> maybe the problem is it has a cheap antenna? 00:48 < Noteme> my phone next to it has full wifi signal for instance, 00:48 < xamithan> Maybe, can you replace it with a directional one? 00:48 < Noteme> don't have one 00:49 < xamithan> usb wifi tends to be low power too, since it can only draw so much from the port 00:49 < BenderRodriguez> So question 00:49 < BenderRodriguez> Why is it that network hardware vendors are moving everything to subscriptions 00:49 < BenderRodriguez> even going as far as rendering a perfectly functional piece of switching or routing equipment dysfunctional if a subscription ends 00:49 < Noteme> xamithan, I have a spare android phone, do you happen to know if it can be used as a usb wifi card? that would be awesome 00:49 < Noteme> I mean, connecting through it to the router 00:50 < xamithan> There is appts out there like fqrouter that'll do a repeater 00:51 < Noteme> no that, I'm talking about completely removing the wifi usb card 00:51 < Noteme> and plug the phone to the computer 00:51 < xamithan> Oh so like tethering? 00:51 < Noteme> yeah 00:51 < Noteme> https://play.google.com/store/apps/details?id=com.mstream.e2t 00:51 < Noteme> looks like this does that ^ 00:52 < xamithan> Some android versions can do that native 00:53 < Noteme> this is a nexus 5 with android 4.x, it's pretty raw compared to other brands, I doubt it does it natively 00:53 < xamithan> 4.4.x could do it native 00:53 < Noteme> oh I should check then, one sec 00:53 < xamithan> I used to run some app called foxfi though 00:54 < Noteme> foxfi is for this purpose we're talking about? 00:54 < Noteme> oh wow, it got updated at some point. it's android 6.0.1 00:54 < xamithan> Yeah if you search for wifi tether there is tons of them 00:55 < xamithan> I just know foxfi because it worked without root 00:55 < discipulus> tds: Might this has something to do with it: 00:56 < discipulus> Jun 15 23:53:16 archlinux systemd-udevd[455]: link_config: autonegotiation is unset or enabled, the speed and duplex are not writable. 00:57 < atsu> sounds kinda like bad driver 00:59 < pcfreak30> I currently have an interesting problem. I have a fiber to gigbit ethernet modem that i get over 600 mbps. however over the router i get < 200. i am looking at building a custom rasberry pi based router. Any suggestions on setting up networking so that i dont loose speed? I have verifid my eithernet cable is gigbit and used it to the modem. 01:00 < atsu> But that's just my impulsive reaction 01:00 < lupine> an rpi-based router will not do the speed 01:00 < atsu> yeah 01:00 < atsu> rpi is bad for that purpose 01:01 < atsu> gigabit speed needs a gigabit router. Not cheap. 01:01 < Noteme> xamithan, looks like foxfi now is called pdanet, which doesn't run on linux 01:02 < discipulus> atsu Any thoughts on how to solve the issye? 01:02 < pcfreak30> atsu: router claims to have gigbit ports. looking at making a custom linux based router so i can have control, thus why i though rasberry pi, SOC device to work with 01:03 < discipulus> atsu: This issue is really starting to bug me out 01:03 < pcfreak30> getting tired of cunsumer hardware that has glitchy firmware 01:03 < atsu> pcfreak30, You had the right idea with the platform, just not the performance of it 01:03 < djph> rPi doesn't have the horsepower to sustain gbit 01:04 < atsu> pcfreak30, You could consider Ubiquiti for wired performance but that's still a little of "the man" 01:05 < pcfreak30> http://www.speedtest.net/result/7396982036 http://www.speedtest.net/result/7397013256 01:05 < djph> a cheap something would be like a UBNT Edgerouter (ERL, ER-4, ER-6, etc) or a Mikrotik ... something (I don't really follow 'tik) 01:05 < pcfreak30> 1st is my modem, second is with my router. im about to swap cables to test again 01:05 < pcfreak30> But basically want a linux system that can be a gigbit router 01:06 < pcfreak30> I have fiber wiring and should be able to get 80 MB/s download based on math 01:06 < xamithan> I like the odroid boards for gigabit 01:06 < djph> Edgerouters run Debian :) 01:06 < atsu> pcfreak30: Maybe consider pfsense? With a normal PC 01:06 < djph> otherwise, sure, you can build your own *nix / pfSense box 01:07 < pcfreak30> Im looking to do a custom built one. My brain has been on hacking routers for to long 01:07 < atsu> Yeah Ubiquiti runs Debain but it's a lot of non-open code 01:07 < pcfreak30> I just want to run like openwrt on a custom system and control it but not kill speed 01:07 < atsu> You should probably look into pfsense 01:08 < pcfreak30> yea heard of pfsense/opensense but they seem more of firewall than a router 01:08 < atsu> Kinda the same thing 01:08 < pcfreak30> even if they sort of blend together with packet filtering 01:08 < xamithan> They are both, and it can do vpn, cache server, proxy, etc. 01:08 < xamithan> I think it even has a captive portal feature 01:09 < pcfreak30> Yea. Even if a router and firwall use the same methods it can mean a system is targeted for one purpose and makes others secondary. My primary purpose is routing 01:09 < pcfreak30> thus why im not looking at a firewall os/system immediately 01:09 < atsu> When you get into just routing, things become complicated 01:10 < pcfreak30> yea, i know. ip math still makes my head hurt 01:10 < atsu> Like things targeted for ISPs 01:10 < xamithan> If you want to keep it simple why not just go freebsd or other variant 01:10 < xamithan> only setup what you need 01:10 < pcfreak30> never used bsd but would be interesting. have most experiuence in centos/debian stuff 01:10 < atsu> That's a good suggestion 01:11 < xamithan> Thats what pfsense is based on 01:11 < djph> "just routing" is gonna hit ISP-grade stuff. You *only* option is router + firewall (pfSense, UBNT, 'tik, etc.) 01:11 < pcfreak30> But it comes down to the fact i need the right hardware that hand handle gigbit traffic coming from a single gigbit modem 01:11 < pcfreak30> so technically its 1 ethernet port shared to a router, to a network 01:12 < pcfreak30> and not kill it to 1/6 of the speed 01:12 < pcfreak30> If I dont have that then os is mooty 01:12 < pcfreak30> moot* 01:12 < xamithan> Just make sure it has a good CPU it should do fine 01:13 < pcfreak30> my concern with pi was it had only usb 2.0 ports 01:13 < pcfreak30> which is a concvert for usb 3.0 to ethernet 01:13 < pcfreak30> concern* 01:13 < xamithan> pi processor isn't going to do gig though 01:13 < atsu> pcfreak30: Ubiquiti and Mikrotik both have non-open hardware accel platforms based on Linux that can do what you want. But if you want real open, that is user friendly, openwrt or pfsense are the top contenders 01:14 < pcfreak30> yea i know. i have enough exp to know the software I beed 01:14 < pcfreak30> just not the ideal SoC hardware 01:14 < pcfreak30> as building a custom pc just as a router seems.. overkill 01:14 < atsu> It really isn't, for gigabit 01:15 < pcfreak30> as is i seem i will need to return the amazon order of my pi + usb adapters 01:15 < pcfreak30> was ~110 01:15 < atsu> gigabit, you're either in software or hardware. Software means a ton of CPU. Hardware usually means closed source 01:15 < pcfreak30> cheaper than the 420 router im returning which looked cool but really didnt help me 01:16 < pcfreak30> Thank god for amazon return policies :D 01:16 < xamithan> You could get a nice server for that a gen or two behind 01:16 < pcfreak30> lol 01:16 < atsu> That's always how it is in the routing world. Software or hardware 01:16 < pcfreak30> my pc is a 3k server. 16 logical cpu's, 3 tb storage among other things 01:17 < xamithan> Make a virtual router then ;P 01:17 < pcfreak30> its technically a desktop but as powerful as a decent saerver 01:17 < atsu> xamithan Doesn't have a bad idea 01:17 < xamithan> I got a virtual pfsense at home, bridged into my NIC 01:17 < mgolisch> yeah been doing that for years 01:18 < xamithan> Not much else to do with a 4ghz 16core desktop 01:18 < pcfreak30> Would it be practical to run in virtualbox and actually route via that, or would that be a performance killer? 01:19 < xamithan> I wouldn't use virtualbox, but yeah its practical 01:19 < pcfreak30> Ok.. what do you use for a virtualization then? 01:19 < xamithan> kvm on nix or hyper-v windows 01:19 < pcfreak30> virt-manager? 01:20 < xamithan> virsh, virt-manager, proxmox, ovirt, whatever frontend you want 01:20 < pcfreak30> now my worry is if i can get my internal wifi card to act in AC/adhoc mode so that it can take clients 01:22 < pcfreak30> ehhh. just realized I couldnt use my own pc... 01:22 < pcfreak30> I dual boot windows and since i use mdadm.. winblows cant use my raid... even if it could run kvm that would a a PITA to manage 2 copies of a router 01:23 < xamithan> Why isn't your windows virtual too? 01:23 < pcfreak30> because i need it for gaming 01:23 < xamithan> passthrough has come a long way 01:24 < pcfreak30> and the tech to pass through a gpu requires a second gpu and is fuckle 01:24 < pcfreak30> fickle 01:24 < pcfreak30> i only have 1 gpu card 01:24 < xamithan> True, but most intel has onboard 01:24 < pcfreak30> yup. im amd :P 01:24 < xamithan> :-* 01:24 < pcfreak30> ive researched all that. its a custom built pc 01:25 < pcfreak30> So.. i need to know what the minimum cpu power needed is for gigbit 01:25 < pcfreak30> And can base builting a unit off that 01:28 < xamithan> Looks like a i3, anything newer than a haswell can do gigabit fine 01:47 < Celmor> I'm looking for a cisco router/firewall software to be run in a VM are there such images available as download or does anyone have experience with something like that? 01:48 < xamithan> purely cisco? or cisco-like ? 01:49 < xamithan> I've used quagga before in bsd 01:49 < Celmor> some cisco made software 01:49 < xamithan> they got their cisco VIRL stuff 01:49 < xamithan> Seems expensive to me 01:50 < Celmor> what's the cost for? all I want is the image for evaluation purposes 01:51 < xamithan> I don't really know, seems like they got ova images on their development site: http://www.packetu.com/2014/07/05/using-ciscos-devnet-one-vm-free-router-lab/ 01:55 < Celmor> seems the links on that side are dead 01:57 < xamithan> Yeah it is from 2014, I'm sure it is still somewhere on the dev cisco site. You could always use something like GNS3 too 02:06 < scientes> if the manual says "MoCA 1.1 an 02:06 < scientes> d 2.0" does that mean it DOESN"T support bonded moca 2.0? 02:16 < rtmataeu34> how do you guys get that fancy unaffiliated thing on there 02:16 < Barones__> Hi, I was wondering about the ISP network topology, because enterprise and datacenter have a topology, what are the most common ISP topologies that are really implemented in ISPs? 02:17 < Celmor> rtmataeu34, entry 02:17 < Celmor> https://freenode.net/kb/answer/cloaks * 02:17 < scientes> Why won't frontier give me FiOS when my neighbor has it? 02:17 < rtmataeu34> Celmor: appreciated didnt know what they were referred to 02:18 < Celmor> you can request them on #freenode 02:18 < Celmor> or ask anything freenode/irc related 02:19 < rtmataeu34> ok 02:19 < rtmataeu34> cool 02:33 < Barones> Hi, Does the three layer topology is the most common to ISP topologies? 02:44 < strixdio> hmm, I'm using pfsense and when I put my DNS to openDNS, nothing seems to be working. When I use 1.1.1.1 or 8.8.8.8, it resolves fine. 02:44 < strixdio> any thoughts? 02:47 < Win7ine> @strixdio, the issue is with openDNS likely 02:48 < strixdio> kinda thought so, someone was telling me I need ACLs for pfsense 02:49 < strixdio> I'm really exhausted and feeling a bit ill, so I thought I was missing something and was going to get some rest, but it was bothering me... 02:51 < Win7ine> Calm down, logic tell you mostly whats up but when you are tired and down. Go and have a rest 02:51 < compdoc> ACLs? 02:51 < strixdio> yeah I'm calm, just not thinking straight lol. 02:52 < WrinkledCheese_> I read calm down and then start backing reading and was liek, noone's having a flipper... FAKE NEWS 02:52 < strixdio> lol! 02:53 < WrinkledCheese_> I was ready to pop some corn 02:53 * WrinkledCheese_ is fighting with PAM 02:53 < WrinkledCheese_> Anyone know PAM? 02:53 < WrinkledCheese_> I think this is not the right channel for this. 02:54 < WrinkledCheese_> Anyone know where I might get some PAM help? 02:54 < Win7ine> PAM? 02:55 < WrinkledCheese_> Pluggable Authentication Module ( I think ) 02:55 < Win7ine> goto OEM 02:56 < WrinkledCheese_> Empty 02:56 < WrinkledCheese_> You mean #OEM 02:56 < Win7ine> $OEM 02:57 < winsoff> Have we come up with a syntax for declaring network structures/topologies over IRC? 02:59 < WrinkledCheese_> Why not use the SDN syntax? 03:01 < pcfreak30> would a dual core cpu suffice for processing gigbit traffic (one incoming port, 4 network ports + wifi)? 03:02 < WrinkledCheese_> depends on nic 03:03 < WrinkledCheese_> and what you mean by processing 03:04 < pcfreak30> as in handle the traffic without lowering network speed 03:04 < pcfreak30> nic would be gigbit on the motherboard 03:04 < WrinkledCheese_> By handle you mean act as a router? 03:04 < pcfreak30> + a pcie card 03:04 < pcfreak30> yes 03:04 < pcfreak30> sorry 03:05 < WrinkledCheese_> Okay. T^hat heavily depends on the nic. Onboard is probably broadcom, but should handle near 1Gbps no problem ( 700Mbit maybe ) 03:05 < WrinkledCheese_> Done properly CPU isn't your issue, depends on NIC. 03:07 < pcfreak30> WrinkledCheese_: https://pcpartpicker.com/list/hmLt3b thats what im at now, am i going overkill :P 03:07 < WrinkledCheese_> What are you building? 03:07 < WrinkledCheese_> A system as a router? 03:08 < pcfreak30> yes. 03:08 < WrinkledCheese_> It's got Intel LAN, that's a good sign. 03:08 < pcfreak30> the ethernet seems to be Giga PHY Intel® I219V 03:09 < WrinkledCheese_> But the power consumption of this system is excessive 03:09 < WrinkledCheese_> Is all it's going to do is route? 03:09 < pcfreak30> i bought a 420 netgear router and am returning it. bought a rasberry pi and returning when i get it. need a system i can control that doesnt giver me `/6th speed 03:09 < pcfreak30> 1/6th 03:10 < pcfreak30> I found one problem is a bad cable which ive ordered. 03:10 < pcfreak30> But need to ensure the hardware can handle the traffic 03:11 < pcfreak30> And for the most part yes. im thinking about having it run plex.tv over a vpn though. my pc currently does THAT 03:11 < WrinkledCheese_> So it has the intel h310 chipset im unfamiliar with. says 5 GT/s, which should most certainly handle 1Gbps. However...1Gbps is significant. I'm curious what you need 1Gbps for. 03:11 < pcfreak30> Overall just an open linux router that doesnt crap pout the connection :P 03:12 < pcfreak30> streaming 03:12 < WrinkledCheese_> streaming to how many devices? 03:12 < pcfreak30> wifi to 2 tv's, 2 phones, 2 thernet connections right now 03:12 < pcfreak30> ethernet* 03:13 < WrinkledCheese_> I doubt your issue is networking gear. 03:13 < pcfreak30> wait 3 actusally 03:13 < pcfreak30> Well I know the drop is due to a cable 03:13 < pcfreak30> But im trying to ensure a custom made router to get what i want for control doesnt impact me 03:14 < pcfreak30> As in getting a shitty hardware component. 03:14 < WrinkledCheese_> I would focus on streaming provider power and just get a decent switch for half that price 03:15 < WrinkledCheese_> I had no problems with off the shelf routers for streaming to multiple devices. I found the encoder hardware to be my bottleneck 03:15 < pcfreak30> ? while i know whatt a switch does, but never owned oner, a switch would create a network or no? 03:16 < WrinkledCheese_> 4 of the ports on a linksys router are a switch 03:16 < pcfreak30> ah 03:16 < pcfreak30> the key is I want it open. im looking at openwrt. ive hacked enough linksys routers 03:16 < pcfreak30> Dont want to break open a router just make what i want 03:17 < pcfreak30> So im looking for control (ssh, root) while ensuring it can be powerful enough but not overkill 03:18 < WrinkledCheese_> What you have there seems overkill, HOWEVER, it depends on how much CPU time you give the traffic as that Celeron isn't going to do you any favours, Doesn't matter what the CPU is, when you start sending it to the OS, you kill performance. Even on $10K cards 03:19 < pcfreak30> So you think i need an i3 or i5? as for processing time i plan to have it run a vpn likely but it wont have many secondary dutie\s 03:20 < WrinkledCheese_> I would invest in a $80 Intel 4 port 1Gbit card that supports netmap. They are good cards. It's been a while so I can't give you models specifically. 03:21 < pcfreak30> WrinkledCheese_: https://pcpartpicker.com/products/wired-network-card/#p=4&e=16&sort=price&page=1 03:21 < pcfreak30> sorry forgot it has a filter on 03:21 < WrinkledCheese_> Once you start putting it to the OS ( eg VPN ) you will kill performance, regardless of the card and CPU untill you get in the insane dollars. 03:21 < pcfreak30> 50 https://pcpartpicker.com/product/Lsdqqs/intel-wired-network-card-expi9404ptl 03:22 < pcfreak30> I understand a vpn will harm peformance 03:22 < WrinkledCheese_> significantly 03:22 < pcfreak30> Just trying to ensure vanilla routing wont 03:22 < pcfreak30> I cant complain if a vpn drops my speed by 50% 03:22 < spaces> WrinkledCheese_ you make me hungry! 03:22 < WrinkledCheese_> spaces, eat cheese free nachos 03:23 < WrinkledCheese_> ./...now I'm hungry 03:23 < WrinkledCheese_> thanks spaces 03:23 < spaces> hehe 03:23 < spaces> wtf I'm so happy today! 03:23 < WrinkledCheese_> that's good. I'm out of beer and hungry 03:24 < WrinkledCheese_> pcfreak I don't think that is a good investment. 03:24 * spaces hands WrinkledCheese_ a Zot beer 03:24 * spaces hands WrinkledCheese_ some of his cheese chips 03:24 < WrinkledCheese_> cheese chips? 03:24 < pcfreak30> WrinkledCheese_: so my mobo is fine having a intel ethernet. i plan on getting a intel gb 4 port card. question is do i need to go up or down on the cpu? 03:24 < spaces> WrinkledCheese_ yes! 03:25 < WrinkledCheese_> pcfreak30, I don't know. I've only worked with Xeon and Opteron's with networking and even then ANYTHING to the CPU, such as VPN killed performance by 50-90% 03:26 < pcfreak30> WrinkledCheese_: I understand, assume no vpn :) 03:26 < WrinkledCheese_> EG a 10Gbit card drops to 2Gbit when sending traffic to virtual interfaces in the kernel in FreeBSD 03:27 < WrinkledCheese_> On a Zeon. 03:27 < WrinkledCheese_> Xeon 03:27 < pcfreak30> I read online that it should be atleast 3.0 ghz, and while i can just upgrade, i rather get it right the 1st time if you have input :) 03:27 < WrinkledCheese_> Research a decent router 03:27 < WrinkledCheese_> they'r epurpose built 03:28 < WrinkledCheese_> save yourself a few hundrend $ 03:28 < pcfreak30> been there 03:28 < pcfreak30> i prefer to pay for the control 03:28 < WrinkledCheese_> You're going to. 03:28 < pcfreak30> and not have shitty firmware where i gottsa power cycle to unglitch wifi 03:28 < pcfreak30> it gets old 03:29 < WrinkledCheese_> Look in the commercial space 03:29 < WrinkledCheese_> Or find a card that has buit in routing. 03:29 < pcfreak30> yea i believe that can go to 600-2k easily i think vs ~500 for custom made 03:30 < WrinkledCheese_> don't forget to include power costs in that TCO 03:33 < WrinkledCheese_> anyway I'm out of beer and tired. Find a decent router. You can get sub $500 routers which are quite good. 03:33 < WrinkledCheese_> And you can get openwrt or ddwrt on pretty much anything. 03:33 < WrinkledCheese_> ....don't quote me on that 03:45 < ALowther> Does anybody have any thoughts/experience comparing the performance of Netgear 1750AC vs MikroTik hAP ac^2? 04:34 < jvwjgames> I have my prefix routed using vultr is it possible to tunnel to my server at vultr and bgp peer that way or no 05:08 < winsoff> Okay, perhaps I have some fundamental misunderstanding, here, but how exactly does a ping (ICMP echo) request go from one host on a LAN to another host on said LAN? Does it have to head UP to the router? How does the packet get crafted without the device knowing already what mac address it needs to go to? If switches do not have arp tables, it would have to go past the switch and up to the router, right? What's in the destination mac field, then? 05:08 < winsoff> I guess I could test this by firing up wireshark, but I don't know if I'm the idiot, here. 05:11 < light> ICMP isn't special 05:11 < mgolisch> if its in the same network it does have to go through the router/gateway 05:11 < light> s/does/doesn't/ 05:12 < mgolisch> oh yeah sorry 05:13 < light> ARP is used to map MAC addresses to IP addresses 05:18 < winsoff> light, but it's possible that I don't have the mac address for the destination, right? 05:18 < Harlock> it's ip 05:18 < light> when you boot your computer your ARP table is empty 05:18 < light> you learn about machines on the network as you go 05:18 < winsoff> So say the gw is 192.168.1.1. I'm 192.168.1.2, and the dest is 192.168.1.3. If I don't know 192.168.1.3's mac address, does every operating system FIRST send out an arp request? How does it know to send out an arp request or to just give up? 05:19 < Harlock> if it's not on the same network it's directed by the routing table as usual 05:19 < light> ARP stands for address resolution protocol 05:19 < winsoff> Harlock, what doesn't make sense is that I don't know how a computer can tell if a certain device is on the network it's currently on, or if it's going to be outside of the network. Is this determined by the subnet mask? 05:19 < light> yes 05:19 < winsoff> Hmm. 05:19 < light> it's a bitwise operation 05:20 < Harlock> it's just routing as normal like any othe rprotocol 05:20 < winsoff> And so the operating system has some control flow, where if the destination is on the same network, it performs an arp lookup or arp request, but is this even necessary? 05:21 < winsoff> Couldn't they just send the data up to the router and have the router handle it? 05:21 < light> why would the router have anything to do with it? 05:21 < light> who says there's a router? 05:21 < light> or even just one, there could be a dozen different routers on the lan 05:21 < winsoff> Because the router handles extranet traffic. I'm just saying for the sake of the operating system on my machine's need to fill in the destmac 05:22 < winsoff> If it doesn't want to use arp, it could just use the mac of the router 05:22 < light> no 05:22 < winsoff> No? Isn't that how extranet traffic works? 05:22 < light> that wouldn't make sense 05:22 < Harlock> you don't need to think about macs, that is handled all for you 05:22 < light> there's no point sending packets to a router when they're on the same lan segment 05:22 < winsoff> When I send messages to 1.1.1.1, the frame layer has the MAC of my router, right? 05:23 < light> if your lan is 192.168.1.0/24 and your destination IP is .3 then 192.168.1.3 && 255.255.255.0 = 192.168.1.0 which tells you the destination IP is on the same network 05:23 < light> s/&&/&/g 05:23 < winsoff> I know there's not a "reason," which is why I'm creating a reason. Would it work if I was trying to avoid using ARP for the sake of this conversation? 05:23 < light> you can't avoid using ARP 05:23 < light> unless you hard code MACs 05:23 < light> how do you think you communicate with the router? 05:23 < winsoff> Right. 05:24 < winsoff> Yes, an ARP request is sent at the beginning that establishes the gateway's mac for the sole purpose of using that mac for the destmac field in all traffic meant to go either to that router OR TO OTHER DEVICES outside of the network, right? 05:25 < winsoff> But if, magically, arp wasn't working, I'm just wondering if sending traffic with the destip set as 192.168.1.3 and the destmac as the router's (the one that is 192.168.1.1's) would actually end up going to 192.168.1.3 eventually. 05:25 < light> it would, but the reply would go direct because you're on the same lan 05:25 < Harlock> if it is outside the collision domain the end point mac doesn;t matter 05:27 < Harlock> actually you can do weird routing if something is in the collision domain but outside the broadcast domain 05:28 < Harlock> so i'll say instead if it is outside the broadcast domain the end point mac doesn;t matter 05:29 < winsoff> Would this work if the destmac was actually for 192.168.1.4? Would the system just drop the packet, or if I made the destmac FF:FF:FF:FF:FF:FF? 05:29 < winsoff> like, can I send broadcast frames meant for a specific IP and still have it work? 05:32 <+pppingme> if you can't resolve arp, you WANT the host to drop the packet, not throw it on the lan anyway 05:33 < light> yolo 05:33 < winsoff> pppingme, I'm just saying as a last-ditch/experimental case. 05:34 <+pppingme> not resolving arp was your last ditch, the host isn't active.. 05:35 < winsoff> Ah, I mean that if I was just avoiding arp for the sake of, again, experiment. I'm just curious if there are alternative routes around ARP, since it's interesting to see. 05:35 < winsoff> For example, if someone was poisoning ARP, but the router had a hard-coded ARP table, you could just send all of the traffic to them, or another host with a similar table. 05:36 < winsoff> However, I was wondering if this would actually work: if these things would then be updated and sent to the right mac, or if it would be all for naught. Again, all just theoretical, for the sake of me learning how these implementations actually work. 05:38 <+pppingme> if you already know the mac of another host, you can add a static entry to your host.. 05:38 < dogbert2> dang a lot of fireball whiskey was spilled on a freeway 05:39 <+pppingme> one of the biggest issues I see is that good switches will do broadcast storm supression.. 05:39 <+pppingme> and that will break whatever you think you've found a workaround to.. 05:41 < dogbert2> yeah...though disable spanning tree should work also 05:41 < epaphus> Hi, can I ask a wifi AP issue here? 05:41 < dogbert2> or turn the link into a trunk port 05:41 <+pppingme> epaphus maybe 05:42 < Maarten> there is something in the topic about asking questions ;) 05:43 < epaphus> I have 40 users on a 2.4Ghz AP. Mostly are idle cell phones that average dont hit 1-3mbits. I dont have signal strength issues, and my WAN is fiber. Wired works perfect, so its the wifi. I cant get more then 4mbits with speeds tests. Is it because the amount of concurrent users? 05:44 < light> what speed are they connected at? 05:45 <+pppingme> epaphus its shared bandwidth, so there are two things to consdier.. first, if all other users are idle, they aren't likely to have much of an impact, second (and probably more important), since it is shared bandwidth, that means you're sharing the same "air time" with all your neighbors.. 05:45 <+pppingme> what AP are you using and how many do you have? 05:46 < epaphus> I have 1 AP, iam using a NETGEAR WNR3500L N300 Open-Source Gigabit WiFi Router running Tomato linux. Its connected to a 50mbits fiber line. 05:47 <+pppingme> epaphus how big of an area? 05:47 < epaphus> 6x3 meters. they are all cluttered. 05:48 < epaphus> rather, 12x12 meters. sorry 05:48 < epaphus> I did do a site survey and iam using a segment that is not being used by other APs. Ive tried several others. Same result 05:49 < Hoolootwo> what kind of AP is it? 05:49 <+pppingme> do you mean channel?? 05:50 < Hoolootwo> no, old wrt54gs aren't going to handle 40 devices well 05:50 < epaphus> pppingme, yes, channel. 05:50 < Hoolootwo> oh, wnr3500 should be decent enough 05:50 < epaphus> Hoolootwo, please see the specs. Yeah it has good cpu. and ram. 05:51 < epaphus> CPU is under 1% utlization 05:51 < Maarten> epaphus, you have to remember that wifi is shared, so if you have a bunch of cell phones on there that have facebook, instagram, and whatever apps running that gives them notifications, you aren't going to have a lot of room to spare. 05:51 < Hoolootwo> still, 50mbps isn't going to be a huge draw 05:51 < epaphus> Maarten, we agree, but i see the graphs, they dont take more then 3mbits concurrently. 05:51 < Hoolootwo> err 40 phones shouldn't pull 50mbps 05:52 < Harlock> get a few ubiquiti ap ac pros 05:52 < Hoolootwo> though you can start to get problems with congestion of the band, since only one device can talk to the router at the time 05:52 <+pppingme> just because you don't see any ap's, doesn't mean there aren't any on the same or neighboring channels, nor does it mean there isn't non-wifi 2.4ghz traffic from other sources 05:53 < Hoolootwo> a time, even 05:53 < epaphus> and sometimes, at midday i get 4-5 packet loss... so it makes matters worse. Packet loss the other hours is 1-2% 05:53 < Spice_Boy> use a spec an 05:53 < Spice_Boy> and look 05:53 <+pppingme> where is the AP in the area? is it clsoe to the middle, or one side or what? 05:53 < Spice_Boy> layer 1 05:53 < epaphus> Hoolootwo, oh ok... so it does matter if they appear idle.. they could still be congesting the channel? 05:53 < Spice_Boy> could be hidden nodes, with collisions galore 05:53 < Spice_Boy> anything 05:53 < Hoolootwo> are they all connected at any given time? 05:54 < epaphus> pppingme, in a side. Still I go close by, and i dont get more then the 4mbits. 05:54 < Maarten> epaphus, for 40 users though.... I would not use only one AP. Like harlock suggested, you may want to use 2 or 3 Ubiquiti Unifi AC Pro AP's (about $120 a pop) and place them strategically around your office spaces. (I take it 40 user is a place of business, not an extremely large family) 05:54 < Hoolootwo> I know my phone disconnects from wifi when idle 05:54 < Hoolootwo> so that wouldn't be much of a problem 05:54 < Hoolootwo> but before (when network-adb-ing), I set it to stay connected all the time 05:55 <+pppingme> epaphus there's two things I'd consider doing... experiment with channels.. what channel are you using now? 05:55 < epaphus> Iam using Channel 2, with 20Mhz. Ive pretty much experimented with all 11 of them. 05:55 <+pppingme> and second, I'd roll a 2nd AP 05:55 <+pppingme> believe it or not, you're best to stick with 1, 6, 11 05:56 < epaphus> Not all devices can see 11, right? 05:56 < epaphus> for wireless N. 05:56 < Spice_Boy> only use 1,6, 11 05:56 < Spice_Boy> and hope others around you do the same 05:56 <+pppingme> ch11 isn't an issue 05:57 <+pppingme> you're in usa, or where? 05:57 < epaphus> I will experiment with that then. 05:57 < Maarten> epaphus, you also have to remember that 2.4 Ghz and 5 Ghz alike are license-free frequencies, so anyone making consumer electronics can make things that interfere. Bluetooth runs on 2.4 Ghz, can you imagine half of those users having a bluetooth headset? Also, baby monitors. Microwaves in the break room. Cordless phone handsets. Drones and other toys. And we haven't even talked about the phones that might have their AP mode enabled, and all the 05:57 < Maarten> neighboring networks you don't see.... Beleive me: ONE AP isn't cutting it for 40 users. 05:57 < epaphus> Central America. 05:57 <+pppingme> you're still ok on those channels 05:57 < Maarten> And yes, use 1, 6 or 11 - not "in between" channels. 05:57 <+pppingme> I'd go ahead and roll a 2nd AP, then your users will kinda distribute across them, probably no need to force it 05:57 < Spice_Boy> 5GHz is starting to get messy these days with damn motion sensors 05:58 <+pppingme> Spice_Boy in all countries? 05:58 < Hoolootwo> really? 05:58 < Hoolootwo> the 5ghz band is HUGE 05:58 < Spice_Boy> pppingme: I can only speak for Australia, but there's a particular brand that keeps showing up 05:59 < epaphus> Okey, thanks for the feedback guys... one more thing. if i get a second AP , and because the area is so tight.. cant i force certain non VIP users to be connected to that node? Again iam using Tomato, similar to DD-wrt 06:00 < epaphus> and WDS 06:00 < Spice_Boy> why are you using WDS? Aren't all the APs cabled up to the switch? 06:01 <+pppingme> no good reason to use WDS in most cases, especially yours.. 06:01 <+pppingme> pull a cable 06:03 < epaphus> I havent began using WDS just yet. I had planned to do that because of cabling... So I can have in the future both APs sharing the same SSID with no WDS , instead just a cabled? 06:03 < epaphus> How does that work though. 06:03 < Maarten> I would run a cable to each AP you install 06:04 < epaphus> How do I get two APs cabled, but share the same SSID though so they dont conflict 06:05 <+pppingme> thats the whole idea.. they won't conflict.. clients will (somewhat randomly) land on *either one* 06:06 <+pppingme> so you'll get a random distribution of users across both ap's, thus half-ing the load on each AP, and doubling your overall wifi bandwidth 06:06 <+pppingme> you want everything between them to be identical except channel 06:07 < epaphus> ahh perfect. 06:07 < epaphus> I didnt know it would be random.. I thoguht they would all connect to the nearest. nice. 06:08 < Harlock> clients will prefer better signal 06:09 < Spice_Boy> for consumer stuff though, they may 'stick' to one AP even if you move to another 06:09 < Spice_Boy> unless you can turn off low bitrates for example 06:09 <+pppingme> they will prefer the stronger signal (so you should put one on each side of your office), but your office is so small (you said 45ft x 45ft, right??), that won't be a big issue.. 06:09 < epaphus> Okey. got it. 06:17 < epaphus> If I want to arrange the load myself, is there any way I can force some devices to one AP ... even if there are other APs that share the same SSID? 06:23 <+pppingme> epaphus the easiest way is to use diff ssid's, there are a few things you can do on some os's (not phones and not windows) that you can "guide" 06:23 <+pppingme> but the biggest things you can do is to wire EVERYTHING you can, that means tv's, desktops, laptops that dont' really move, all of that.. 06:24 < epaphus> oki. thank you 07:02 < Apachez> https://twitter.com/ArvidSkogh/status/1007720159350583297 07:04 < kidn3ys> that's pretty damn close. 07:30 < Apachez> lennart os: https://lists.freedesktop.org/archives/systemd-devel/2018-June/040855.html 07:31 < kidn3ys> seems like hes not a fan of systemd 07:40 < kidn3ys> so bored. 08:00 < kidn3ys> anyone here good with multicast? 08:04 < Spice_Boy> what do you need? 08:06 < kidn3ys> trying to understand if the RP readdresses the pim joins it receives -- more specifically, how does it try to guarantee that the shared path tree is used? 08:06 < Spice_Boy> it shouldn't readdress anything as far as I know, just enables the flow across VLANs for a specific multicast group 08:08 < kidn3ys> Looking at a sparse mode example where the RP wouldn't be in the shortest path tree. 08:19 < Obis72> Which GNU/Linux distro is good or a home server? 08:19 < kidn3ys> Obis72: whats your experience with linux? 08:19 < Obis72> pretty good so far 08:20 < kidn3ys> I mean, how much do you have? 08:20 < Obis72> I have run and installed it on several computer including a raspberry pi over several years, i think proably 5 to ten years of average joe experience 08:20 < Obis72> using a bit of bash here and there for say turining off bluetooth 08:20 < kidn3ys> gotcha, i'd suggest either centos or ubuntu 08:21 < Obis72> thanks man 08:21 < kidn3ys> they are generally pretty friendly 08:21 < varesa> Obis72: if you ran raspbian on the berry then ubuntu might be more familiar to you 08:21 < Obis72> which distro would you recommend on purely technical terms if user freindlyness was of no concern? 08:21 < Obis72> i was thinking of debian 08:21 < kidn3ys> ubuntu is debian based 08:22 < varesa> for servery stuff I personally prefer CentOS because of the RHEL ties and tooling 08:23 < kidn3ys> ^^ documentation is typically very good for centos because of thoes ties 08:24 < Obis72> do you install a text-only version of the distro for your server? 08:24 < kidn3ys> Obis72: regarding your 'purely technical terms' question I'd probably have to have a good reason to run something that wasn't friendly 08:25 < varesa> text only yes 08:25 < kidn3ys> same 08:25 < varesa> and mostly remote-SSH-only, local console being only for emergencies 08:26 < varesa> though even for home stuff I've been moving towards automation so even SSH access gets less used 08:26 < kidn3ys> if you're not 100% comfortable not having a gui of some kind you can run vnc over ssh as well 08:26 < Obis72> automation? 08:26 < Obis72> what do you do exactly? 08:27 < varesa> tools like puppet or ansible, ansible being easier to approach if you're interested in trying something out 08:27 < Obis72> kidn3ys without gui it is easier, as you dont have to go looking for things 08:27 < Obis72> and everything is in one place 08:27 < Obis72> i mean with man and the like 08:27 < kidn3ys> for a server, i agree -- just offering up a suggestion 08:28 < Obis72> is debian per se bad for a server? 08:28 < varesa> they're a bit different though. With puppet I have a management server that has 'definitions' for all the other servers. I can add a role 'webserver' to a host and next time it fetches its own definition, it'll basically configure itself to be a web server 08:28 < Obis72> oh 08:28 < varesa> debian isn't bad. I'm not quite sure about the differences between ubuntu/debian for server use so I can't say which one I'd recommend over the other though 08:29 < kidn3ys> varesa: i haven't played with puppet at all, does the management server use SSH to configure the server? 08:29 < Obis72> i think i am gonna go with debian as i dont really trust ubuntu like that 08:29 < Obis72> since it is the same under the hood either way... 08:29 < varesa> kidn3ys: it is a pull-type architecture. You install an agent on the nodes that'll fetch the config over some protocol 08:29 < Obis72> did you come up with that protocol? 08:30 < kidn3ys> gotcha, maybe ill play with that today. i've got 11 more hours of nothing to do :( 08:30 < varesa> Obis72: nah, it's a fairly widely used tool in the enterprise world 08:31 < Obis72> varesa: I see 08:31 < varesa> kidn3ys: I prefer the pull-type to ansibe's push since that allows me to have for example end devices that connect to my network over a VPN without a need for a static IP or dynamic DNS 08:32 < kidn3ys> makes sense 08:32 < kidn3ys> varesa: you mentioned using it at home -- do you also use it at work? 08:33 < varesa> I actually have half a dozen raspberry pis connected to 3G/4G phoning home with OpenVPN doing just hat :) 08:33 < varesa> yeah, work is using puppet as well 08:33 < kidn3ys> how many servers do you manage with it? 08:33 < varesa> though I picked puppet at home before I worked here. Originally picked it up when I labbed with RH Satellite 6 / Foreman 08:35 < kidn3ys> I see, I only have a handful of linux servers at work. Have a hard time justifying a management box for 2-3 servers that all have unique purposes. 08:35 < varesa> let me see 08:35 < varesa> it still is nice to have the configuration documented 08:36 < varesa> rebuilding unique boxes after they've been running for over 5 years is one of the worst things that a sysadmin might have to do 08:36 < kidn3ys> probably true 08:36 < varesa> trying to find all the processes, configs, automations, cron-scripts, etc. that the old box has 08:37 < varesa> and if you configure it using ansible/puppet/chef/whatever you kind of have a self documenting changelog 08:37 < kidn3ys> makes sense 08:39 < Obis72> What kinda stuff do you run on your hoeserver aside from the usual lamp 08:40 < Obis72> that is your homeserver 08:40 < Obis72> you run your own mail? 08:42 < varesa> kidn3ys: ~1k hosts across a few different puppet envs at work 08:43 < kidn3ys> ah, neat -- easy to justify then =P 08:44 < varesa> for my hobby/homelab stuff ~100 hosts across stuff at my home, AWS and a few locations :P 08:46 < Obis72> varesa how did you get first into networking? 08:47 < varesa> dunno really, kinda grew into it 08:49 < varesa> my first computer time (games mostly) was split 50/50 between windows 98 and Redhat Linux (some version) 08:50 < varesa> got a knoppix live cd (some games respin) and was configuring IPs, netmasks and gateways to get it to internet before I a) understood more than a word or two of English (not my native lang) b) had any idea what a network mask or a gateway was 08:51 < kidn3ys> sounds very familiar =P 08:51 < GenteelBen> Your English is better than most people's on IRC, varesa. 08:51 < GenteelBen> It's normally, "HOW TO CONFIGURE NETMASK ON KNOPPIX LIVE CD???" 08:51 < Obis72> probably because of your interest in networking 08:52 < GenteelBen> And then they quit 30 seconds later. 08:52 < varesa> GenteelBen: thanks :P We have good education 08:52 < kidn3ys> varesa: where are you from? 08:52 < GenteelBen> In sunny Finland? 08:52 < varesa> yup 08:52 < GenteelBen> I thought you'd be too busy watching the Western Wall for Russian invaders. 08:53 < GenteelBen> *Eastern 08:53 < kidn3ys> I'm on the other side of that Eastern wall currently. 08:54 < Obis72> kidn3ys watching for finish invaders? 08:54 < kidn3ys> Obis72: just trying not to get trampled by futbol hooligans 08:54 < GenteelBen> Maybe this channel can bring both sides together. 08:54 < GenteelBen> kidn3ys: Putin will be happy so long as the refs he bribed/blackmailed do their part. 08:55 * varesa has never been to Russia but has some Russian friends who he regularly sees at various places in the world 08:55 < Obis72> kidn3ys: as long as there is no stampede you are fine 08:55 < GenteelBen> kidn3ys how is Russia handling this mass influx of minorities? Gays, blacks etc. aren't really the flavour of the month in glorious mother Russia under Putin. 08:56 < Obis72> GenteelBen awesome choice of topic 08:56 < kidn3ys> GenteelBen: hard to say -- I live in California, here on a work visa. 08:56 < varesa> a little fact about my IT hobby past that always makes even myself go WTF is the fact that I pretty clearly remember when VMware discontinued the GSX product and made us use the Server 2.0 that had a terrible web GUI at the time 08:56 < Obis72> poe's law ... 08:56 < GenteelBen> "work visa" --> spy 08:57 < GenteelBen> I remember GSX, varesa. 08:57 < GenteelBen> I also remember putting it on my CV... 08:57 < kidn3ys> I didn't say what kind of work =P 08:57 < GenteelBen> "Designed and deployed VMware GSX" 08:57 < varesa> Server 2.0 was released somewhere around 2009 08:57 < varesa> And I'm 22 right now 08:57 < GenteelBen> That's why I make sure I re-write my CV every 4-5 years. 08:58 < varesa> So I was spinning up servers on VMware and cursing at their bad web UI at 10?!? 08:58 < kidn3ys> For the most part, all the Russian citizens I've run into have been really nice and helpful -- because I'm usually lost.. 08:58 < GenteelBen> Make sure you list products which you could've actually used. I used to read release histories and choose a product I could've conceivably have used. 08:58 < GenteelBen> E.g. don't list a software version which was deprecated while you were still in school. 08:59 < kidn3ys> eh, if you're from the states it would make sense that your school has deprecated software though. 08:59 < kidn3ys> that would be a fun game to play with interviewers though 09:01 < varesa> I was hired by a company halfway though my first year of university. The interviewer said that if I knew even half the stuff on my CV I'll get hired 09:01 < GenteelBen> Yeah but you want to have played with software you know could still be in use in companies you want to work for. 09:02 < GenteelBen> I think the first VMware vSphere version I actually installed was 4.0? But in my old CV from like 7 years ago I mentioned I'd done ESX 3.5 and earlier (I hadn't). 09:04 < varesa> ah, ESX 3.0. Having to boot up a windows machine to diagnose why that one windows VM you RDP into for management is not working since at least with the free version there was no web or any linux-compatible management 09:04 < varesa> so I ran the fat client in a VM on the server which worked for most of the time 09:05 * varesa wonders why the hell he was configuring VMware ESX at 12 years old 09:06 < kidn3ys> Hrm, i think it was pre ESX. I remember working with a "VMWare Server" something or other product that only ran on top of Windows and resembles VMware workstation/virtualbox. 09:07 < varesa> sounds like GSX but IIRC that ran on linux as well 09:08 < kidn3ys> Hrm, maybe, that doesn't ring a bell though. 09:08 < varesa> could be something else or older as well 09:09 < varesa> I think Server 1.0 also had a local GUI 09:09 < varesa> while server 2.0 went web UI 09:19 < GenteelBen> VMware Server was formerly GSX, kidn3ys. 09:19 < GenteelBen> What most people call vSphere is actually ESXi + vCenter, and before ESXi was ESX. 09:21 < kidn3ys> GenteelBen: I'm thinking of a windows product specifically. 09:21 < TandyUK> I wish vmware hadnt abandoned vsphere client 09:21 < TandyUK> makes 6.5 a total non starter for me 09:21 < kidn3ys> why? 09:22 < TandyUK> because it was so much more reliable, and user friendly than this bullshit web ui they have now 09:22 < TandyUK> why the fuck would I want flash on my pc 09:22 < kidn3ys> Eh, i think the webui is the way to go but ill agree that its friendliness could use some work 09:23 < varesa> wasn't the old client 'virtual infrastructure client' and the flash ui 'vsphere client'? 09:23 < TandyUK> i know theres some manual hack i can do to put some thml5 ui on, but its still not a patch on an actual application 09:23 < varesa> TandyUK: also they're discontinuing the flash UI 09:23 < varesa> the HTML5 UI comes stock with it 09:23 < varesa> though not fully featured in 6.5, I think 6.7 is supposed to be better 09:23 < TandyUK> kinda good sign, but i still like haveing a workstation with all the management tools pre loaded 09:24 < TandyUK> and not reliant on a browser at all 09:24 < kidn3ys> I've got to upgrade to 6.5 when I get back to the real world =/ 09:24 < varesa> I for one don't miss needing a separate windows system to run the client a one bit :p 09:24 < Maarten> 6.7 is much better I upgraded my home esxi server, but not my work production environment yet 09:25 < TandyUK> agreed the appliance for vcenter is an improvement 09:25 < kidn3ys> someone over in #vmware mentioned that 6.7 will support multisite embedded psc's too 09:26 < varesa> yeah, I remember something like that as well 09:26 < varesa> not that big of a deal for me but I guess that saves a bit of RAM not needing two appliances 09:26 < kidn3ys> I'm running 5.5 with 'embedded' SSO now -- super annoyed that I have to build an external PSC to upgrade. 09:27 < varesa> I'm not completely sure but wasn't the embedded setup possible with 6.x as well but not recommended? 09:27 < kidn3ys> not supported for multisite deployments in 6.5 09:28 < kidn3ys> and I think enhanced link mode isn't available if you do that either 09:28 < kidn3ys> enhanced linked* 09:28 < kidn3ys> it was ok for 6.0 but deprecated for 6.5 if I remember right 09:29 < varesa> I know it was deprecated but I was under the assumption that it still was technically possible 09:31 < kidn3ys> could be! 09:31 < varesa> not that you'd want to run unsupported configurations in production 09:31 < kidn3ys> true 09:34 < spaces> morning! 09:34 < kidn3ys> morning 09:34 < varesa> morning! 09:35 < varesa> Obis72: You asked what I run on my home servers. https://imgur.com/a/wViIS 09:35 < varesa> (oh, he left) 09:36 < kidn3ys> that's impressive =P 09:36 * varesa feels his lab is not representative of average home servers 09:37 < kidn3ys> I think it's bigger than my production environment 09:37 < spaces> heh sick :P 09:37 < spaces> but hje does the same as I do, for every service a VM 09:38 < varesa> that's actually a bit old. I've scaled my elasticsearch cluster to two nodes and added a new node to the openshift (~kubernetes) cluster 09:38 < varesa> *elasticsearch to three nodes 09:38 < spaces> varesa weren't you a RH dev ? 09:38 < spaces> yeah because you can see how scaling/HA works directly 09:38 < varesa> nope, just an active user of the opensource versions of their products 09:39 < spaces> yeah that is what I remember 09:39 * spaces as well 09:39 < varesa> pic is missing keycloak (another RH product) as well, which I deployed for SSO 09:39 < spaces> but why do you run ESXi then ? and oVirt (anymore) ? 09:40 < varesa> can login to (currently only) Jira and Confluence with a kerberos ticket 09:40 < varesa> I wish we had the same at work 09:40 < varesa> I went VMware for vSAN 09:40 < varesa> after a bit less than successful experiment with ovirt on glusterfs 09:41 < spaces> yeah I know you had issues but that was a long time ago 09:41 < spaces> during 2014 or so ? 09:41 * spaces sets mode: -v catphish 09:41 < varesa> 2016 sounds a bit closer 09:41 * spaces sets mode: +V catphish 09:42 < spaces> yeah could be as well, I'm an early bird @ oVIrt 09:42 < varesa> I have been considering moving back to ovirt since the VMware flash UI has been getting a bit on my nerves lately 09:43 < varesa> also achieving free incremental block/VM level backups from vSAN seems to be an impossible task 09:43 < varesa> I just wish ovirt would support the equivalent of Linked mode vCenters 09:43 < varesa> e.g. multiple sites with their own engines all managed with a single login 09:43 < spaces> huh you can ? 09:44 < spaces> oh engines 09:44 < spaces> yes that is not possible (yet) 09:44 < spaces> but also not needed if the engine fails HV's should be able to run 09:44 < spaces> I would love HA engines 09:44 < varesa> yeah, I want the sites to be able to function independently if another site or the VPN in between is down 09:44 < spaces> yes indeed 09:45 < spaces> same here 09:45 < varesa> where function includes management capability 09:45 < spaces> on what kind of HV are you running this set of VM's ? 09:46 < spaces> I do miss foreman btw 09:46 < varesa> 4x whitebox builds with single E5-2650Lv2 CPUs and some 64-128GB of RAM 09:46 < spaces> :) 09:46 < varesa> 480GB SSD + 2-3TB of HDD for vSAN 09:46 < spaces> paid by your employer ? 09:46 < varesa> nah. Cheap ebay deals though :) 09:47 < spaces> hehe nice 09:47 < varesa> like at the current prices there is no way I would have been able to afford even half of that RAM 09:47 < spaces> bought them new ? 09:47 < varesa> cases, PSUs and CPU fans are new :P 09:47 < varesa> some SATA cables as well 09:47 * spaces got a dell 2x 710, 2x 510 and a Equallogic for free :D 09:47 < spaces> + switching 09:48 < kidn3ys> I'd just be annoyed by the power bill. 09:49 < varesa> I've got a fixed utility cost so power is basically free 09:49 < kidn3ys> Oh, that's handy. 09:49 < varesa> but the small student studio apartment heats up pretty easily 09:49 < kidn3ys> makes sense 09:49 < varesa> so I try to keep the heat output low 09:50 < kidn3ys> doing DPM? 09:50 < kidn3ys> I don't recall if that was supported with vSAN or not. 09:51 < kidn3ys> ah, looks like no 09:51 < spaces> yeah this company has power in their rack left 09:51 < varesa> DPM? 09:51 < kidn3ys> distributed power management 09:52 < kidn3ys> power up/shutdown hosts based on resource utilization 09:52 < spaces> DPM ? 09:52 < kidn3ys> ^^ 09:53 < spaces> oh yeah you can do with oVirt... I never did as oVirt keeps one running without hosts or they stay off 09:53 < kidn3ys> I've got it running in my lab -- makes sense it would require shared storage though. 09:53 < spaces> sure it does, failover 09:53 < spaces> kidn3ysyou rin oVirt ? 09:54 < spaces> varesa all my core runs RH my own servers run all Ubuntu 09:54 < kidn3ys> spaces: no, vmware 09:54 < varesa> I think it is should be supported but my workload is fairly static so I'm fine with manual power management 09:54 < spaces> varesa I even run the IPA backend servers on Centos and the API one on Fedora to make sure I'm up-to-date 09:54 < varesa> and currently I'm using most of the RAM in the cluster so I don't really have any extra resources to turn off 09:54 < kidn3ys> I honestly just wanted to see it work one time, just never circled back to turn it off =P 09:55 < spaces> hehe 09:55 < varesa> I also noticed that RAM distribution of 128GB, 64GB, 64GB, 64GB was a fairly stupid idea 09:56 < kidn3ys> heh, have to juggle things around quite a bit? 09:56 < spaces> how do you mean ? they need to have all the same 09:56 * spaces was running 14 nodes with 32G 09:56 < varesa> Let's say I have a memory utilization of 200GB/320GB and I want to shut down host #1 09:57 < varesa> I could shut down any of the hosts #2-#4 but there is not enough space in the rest of the cluster to fit that 128GB worth of VMs 09:58 < varesa> If I did 96, 96, 64, 64 there shouldn't be an issue 09:58 < varesa> (well the issue wouldn't be that big) 10:01 < varesa> I also run a mesh of IPsec tunnels with BGP running over them between 4 sites :) 10:02 < kidn3ys> heh, what for? 10:03 < varesa> site to site access of course 10:03 < varesa> :) 10:03 < kidn3ys> what's at the sites I mean =P 10:03 < varesa> It was originally OSPF over tunnels between my apartment, a few servers at my parents, AWS and a dedicated server elsewhere 10:03 < varesa> switched to BGP for some experience 10:04 < varesa> *very originally* it was just a single tunnel between my parents' place (while I lived there) and AWS where I had an instance or two 10:04 < varesa> then I moved away and it became a triangle 10:05 < varesa> then I added the dedicated server I got for cheap into the mix and got a fourth point 10:07 < spaces> varesa oVirt manages it :) 10:07 < spaces> virtualization is not more costefective as people think 10:07 < spaces> it's HA 10:08 < varesa> manages what? 10:08 < spaces> if you can start VM's in a "too full cluster", depends on the policy you set 10:09 < varesa> I'm pretty sure that vSphere also allows some setting to prevent that 10:09 < spaces> but I know the problem, that is why I scale horizontal like crazy so every VM is x3 on 3 different hosts 10:11 < kidn3ys> it absolutely is cost effective. to achieve the same level of redundancy would cost quite a bit more if you were to not virtualize it 10:12 < kidn3ys> whether you need redundancy or not is really the question 10:12 * varesa can't imagine buying a 100 servers 10:13 < spaces> nah imn the past more services were combined on the same baremetals 10:13 < spaces> it's nasty to maintain 10:14 < kidn3ys> hit and miss 10:14 < varesa> yeah, I know 10:15 < spaces> oeh less hypo/hypo 10:15 < varesa> nowadays I try to keep it at VM or container per application unless there are 2-3 that are related and tightly integrated 10:15 < spaces> oops 10:15 < spaces> hypo/hyper 10:15 < varesa> makes changes, updates, etc. soo much easier 10:16 < varesa> no conflicts or other weirdness, touching one thing breaking another, etc. 10:16 < spaces> varesa indeed, but foreman it! 10:16 < varesa> also don't have to change default ports since every application ever wants to bind to 8080 by default 10:16 < spaces> foreman sucks with Esxi because their API sucks (ESXi) 10:17 < varesa> and that seems to be defined in 4 different XMLs somewhere in certain java apps. Oh, did I mention that those XMLs revert to default on updates 10:18 < varesa> man, those java apps do some weird stuff 10:19 < spaces> hehe but java itself it not that bad! 10:19 < spaces> it's damn solid 10:19 < varesa> putting JIRA behind a reverse proxy breaks some labels in the web frontend ('Gadgets' might become something like _LBL_GADGETS_EN) 10:20 < spaces> JIRA itself sucks in my opinion 10:20 < varesa> since apparently the *backend* wants to connect to itself through the public URL. But some recent version of java didn't support TLSv1.3 by default so it failed to negotiate a common cipher with nginx 10:20 < spaces> what a beast 10:21 < varesa> like WTF, why does the backend process have to loop back to itself through the reverse proxy/load balancer. And the only issue I've seen that cause is some internationalisation breaking 10:21 < varesa> I kinda like how configurable the workflows in JIRA are 10:22 < varesa> how you can model a lot of processes in it 10:22 < varesa> Like at work we use it for tracking orders/shipments, service requests/support cases, ops work, incident management, helpdesk, etc. 10:23 < varesa> sure, some of those might have better options but the real power comes from being able to easily link those objects together 10:23 < spaces> @ puppet I always have a fight with it 10:24 < varesa> the experience depends a lot on how the workflows are set up 10:25 < varesa> like for example one issue I have here at work is that the transitions are forced from created->backlog->in progress->resolved, you can't directly resolve an issue 10:25 < varesa> that's fine until you for some reason have a mass of 15 tickets you want to bulk resolve. F u then 10:26 < spaces> hehe 10:26 < varesa> somebody decided that they want to enforce the process (tm) and prevent people from taking shortcuts 10:26 < spaces> was Jira FOSS ? 10:27 < varesa> nope 10:27 < varesa> also for organizations of any relevant size they're quite expensive 10:27 < varesa> while the 10 user license is $10/year 10:28 < spaces> yeah I hate that 10:28 < spaces> I just setup a OSRM server because IO want to be FOSS :D 10:29 < varesa> I prefer FOSS over paid commercial products as long as they're at least close enough in features/usability 10:30 < varesa> for Jira I've heard of a few bigger companies trying to find even paid alternatives but not really finding anything that compares 10:32 < varesa> 2001 users, 51 service desk agents? You'd be paying $80,300 / year to atlassian for jira+confluence 10:33 < varesa> not to mention that you probably will need a few plugins that for that amount of users cost something like $4k - $15k / year each 10:34 < varesa> so $100k-150k yearly isn't unrealistic 10:42 < spaces> varesa that is why I didn't do graphhopper but went OSRM ;) 10:44 < spaces> varesa where are you testing this software all for ?> 10:45 < varesa> kind of a difficult question, most of it is just for playing around with it in my own infra 10:45 < varesa> or just to learn something (like openshift or openstack) 10:45 < varesa> most of it is really just to learn the stuff 10:46 < spaces> yeah nice! 13:03 < javi404> google died 13:15 < kidn3ys> lies 13:25 < spaces> I wanted to say that I'm sexy! 13:25 < spaces> no lies there at all! 13:26 < spaces> kidn3ys go play with your loner kidney :P 13:26 < nyash> Hi. Does anyone know if a looking glass webpage exists for e.g. AS8075 (Microsoft)? Search yields no results unfortunately. 13:31 < spaces> check he.net 13:38 < lone-wolf> These omni antenna of 25dbi is cheat? 13:39 < lone-wolf> Ore 13:39 < lone-wolf> Or there omni antenna of 25dbi? 13:42 < detha> I guess it us theoretically possible, with an 0.1 degree pancake profile. In practice? No such thing. 13:49 <+catphish> lone-wolf: even if such an antenna existed, i can't imagine it would be useful for anything 13:51 <+catphish> nyash: probably not if google doesn't turn it up :( 13:56 < Apachez> yeah the higher gain the smaller the vertical sector becomes 13:57 < Apachez> because we are limited to TX Power in the wifi definitions 13:57 < Apachez> otherwise you could just ramp up the TX power but then cancer would start to popup everywhere in the signals path :P 13:59 < detha> Ne'er mind the cancer. Go high enough, and it starts raining roasted pigeons 14:02 < winsoff> Hunger AND spotty wifi solved in one simple step. 14:04 < jvwjgam40> can I get a ripe ASN or does it have to be with ARIN? 14:05 < detha> RIPE is .eu. So if you register is through a .eu branch or subsidiary, why not? 14:06 < spaces> I really hate all these bees you have with these Canon camera's on a balancestand think they need and can record everything unneeded on festivals... one camera is enough! 14:09 < jvwjgam40> so basically if the address space was not from the ripe region then no 14:10 < detha> if your registered address is not in the RIPE region then probably no. IP space can be transfered between ARIN and RIPE 14:13 <+catphish> Apachez: microwaves don't cause cancer at any power, they just burn stuff, which is also unleasant 14:13 < AmazonJungle> hello 14:13 < AmazonJungle> can i ask a question 14:14 <+catphish> jvwjgam40: you can only get an ASN from a registry in a region where you have a company 14:14 <+catphish> detha: " IP space can be transfered between ARIN and RIPE" < err no 14:14 < AmazonJungle> anyone here know shit about managed networks 14:14 < AmazonJungle> and setting up one 14:15 <+catphish> AmazonJungle: "shit", maybe 14:15 <+catphish> AmazonJungle: what do you mean by "managed network"? 14:15 < AmazonJungle> how do i give different users access to my payroll system 14:15 < CappyT> Hi everyone, i'm having a bad time setting up a vpn to circumvent the captive portal of my organization... Tried openvpn but sucks (30mbit even without encryption) anyone knows a VPN protocol which can traverse a squid proxy (requires setting some headers)? 14:15 < AmazonJungle> like 14:16 < detha> catphish: yes it can. Takes a ton of paperwork, but it is possible. 14:16 < AmazonJungle> i want to give other users access 14:16 < fluctuation> hello 14:16 < fluctuation> is this message encrypted 14:16 <+catphish> fluctuation: no 14:16 < AmazonJungle> fluctuation: yes 14:17 < fluctuation> i need to send something secret 14:17 < detha> fluctuation: maybe 14:17 < CappyT> @fluctuation: well, depends on what you mean by "encrypted" 14:17 < minasota> How is possible that dig +short myip.opendns.com @resolver1.opendns.com returns a different IP than ping whoami.akamai.net -c 1 14:17 <+catphish> fluctuation: try gpg 14:17 < CappyT> or omemo 14:17 < fluctuation> yo 14:18 <+catphish> myip.opendns.com and whoami.akamai.net aren't ythe same thing 14:18 <+catphish> *the 14:18 < fluctuation> My messages are not encrypted 14:18 < fluctuation> Im in danger 14:18 < CappyT> lol 14:18 < minasota> catphish: sure, but they both should return the same address no? 14:18 < AmazonJungle> how do i set up a managed network on windows 10 14:19 <+catphish> minasota: no, in fact myip.opendns.com doesn't even exist 14:19 <+catphish> oh, it does if you request it from that particular hostname 14:19 < minasota> catphish: ok, so I'm confused... yes, inside the router so I need to query that way 14:20 <+catphish> so, dig +short myip.opendns.com @resolver1.opendns.com works for me, it gives me my own IP 14:20 < minasota> yeah 14:20 < minasota> try the other and see if the last line Address is different 14:21 <+catphish> whoami.akamai.net gives me a different IP, just a couple of digits higher than my actual IP 14:21 <+catphish> i have absolutely no idea how that works :| 14:21 < minasota> ok 14:21 <+catphish> how can whoami.akamai.net work out my IP? :| 14:21 < fluctuation> Wow 14:22 < fluctuation> this message is encrypted now 14:22 <+catphish> sort of 14:22 < AmazonJungle> yeh its encrypted 14:22 <+catphish> i mean, its encrypted in some places 14:22 < AmazonJungle> u can say your secret msg now 14:22 < fluctuation> All of our messages are encrypted 14:22 < fluctuation> and none can read it besides us 14:23 < fluctuation> unless the IRC owner logs this chat 14:23 < detha> catphish: both are customised DNS servers, they return the address the request came in from 14:23 <+catphish> minasota: i use google DNS, so my guess it google somehow passes along your IP to akamai, but maybe anonymized 14:23 < fluctuation> We are safe to talk in this chat 14:23 < detha> try dig @8.8.8.8 whoami.akamai.com, gives one or another google address 14:24 < minasota> catphish: I use opendns, was checking my vpn for leaks and not sure which result to trust 14:24 <+catphish> detha: yeah i'm getting google addresses now 14:25 <+catphish> detha: but rather creepy, when i ran "ping whoami.akamai.net" earlier, it knew my ip almost exactly 14:25 < fluctuation> This message is encrypted 14:26 < detha> there are DNS options that send the original requester IP for geoloc, 8.8.8.8 sends those, 1.1.1.1 I think doesn't 14:26 <+catphish> detha: guess that explains it, it was slightly offset from my real ip though 14:27 < minasota> nslookup -q=A resolver.dnscrypt.org seems to give same results as whoami, but dig gives vpn address the other two give dont :| 14:27 < detha> yeah. those are 'slightly anonymized' 14:28 < detha> there is a mask length indicating how many bits from the original IP to include 14:28 <+catphish> minasota: if you only send traffic through your vpn there's no way your ip can be visible, so either you aren't doing that, or you have something cached 14:28 <+catphish> detha: cool 14:28 < minasota> I was under the assumption that whoami and nslookup would return the same ip as dig 14:28 <+catphish> seemingly not 14:28 <+catphish> dig seems to prevent the behaviour 14:29 < minasota> ah 14:30 < minasota> So, if checking for dns leaks, what result is true. Or are you all saying whoami and nslook up on those servers is slightly encrypted? 14:30 < minasota> err, slightly anonymized 14:30 < Apachez> there are so many ways to do dns leaking 14:31 < Apachez> one example is getting two domains (or one domain and 2 subdomains) 14:31 < Apachez> set ttl to something short like 60 or below 14:31 < Apachez> then one request to domain1 is 1 and domain2 is 0 14:31 < spaces> Apachez for your there is only one, you are incontinent 14:31 < detha> minasota: if anything gives you a result at or near your real IP, you have a leak 14:31 < Apachez> it will take some time but you will be able to exfiltrate data without being noticed 14:32 < minasota> detha: ok, thanks 14:32 < Apachez> spaces: leave my bladder out of this mkey? 14:33 < CappyT> if someone can help, i will be extremely grateful: https://serverfault.com/questions/916939/vpn-protocol-that-support-http-proxy-and-custom-headers 14:34 <+catphish> minasota: if you're only sending packets through a vpn then i this wouldn't be a problem at all 14:34 <+catphish> minasota: focus on the path your dns packets are taking 14:35 < minasota> catphish: will do, thanks for the help 14:36 < spaces> Apachez I thought you agreed it's good to discuss your issues and be open about it since last session 14:37 < Apachez> spaces: your definition of open is tubgirlrated 14:37 < Apachez> CappyT: both ssl-vpn and ipsec-vpn would do 14:38 < spaces> Apachez you like my hot tub, as they do as well ;) 14:39 < dogbert2> hey Apachez 14:40 < spaces> dogbert2 he is sensitive today 14:41 < spaces> don't tickle him 14:41 < dogbert2> LOL 14:41 < spaces> or her 14:41 < spaces> we don't know yet 14:52 < miezoy> #BACK 15:20 < Apachez> hi dogbert2 15:20 < Apachez> dogbert2: go fetch! 15:20 * Apachez points a laserpointer at spaces balls 15:20 * dogbert2 dues not chase balls :P 16:12 < Apachez> Europe's GDPR is Killing Email Marketing, to the Disappointment of No One https://gizmodo.com/europes-gdpr-is-killing-email-marketing-to-the-disappo-1826880645 16:39 < AlexPortable> I have RxBadPkt increasing on one port, what can be the issue? 16:41 < detha> bad crimping, plugs, cables, interference, bad transmitter on the other end. in that order. 16:41 < AlexPortable> plugs can also go bad? 16:43 < detha> dirt, oxidation, cracked plastic. yes they can. 16:43 < Mattx> catphish, I've spent the last few hours looking for a java http client that supports pipelining... it turned out to be not so well supported :( 16:43 * Fieldy cringes at java 16:44 * detha plays https://www.youtube.com/watch?v=omG-hZfN6zk 16:44 < Mattx> I'm using OkHttp but it doesn't support pipelining, looks like Netty does but omg, its api is so raw 16:52 <+catphish> Mattx: you're unlikely to find many APIs that support it, on the other hand it's not hard to write your own if you need to 16:52 <+catphish> i can't imagine a "raw" http library being hard to use 16:52 < Mattx> it's not an http lib, that's the problem 16:52 <+catphish> ah 16:53 < Mattx> it's kind of a framework for implementing any client or server 16:53 <+catphish> well then you'll need to write the http requests, which isn't that hard, but then why use a library at all, just use a plain socket :) 16:55 < Mattx> I'm checking now some wrappers that use netty to implement http clients, there may be something already working and well tested 16:56 < Mattx> yeah, I could, but that would take some time 16:59 < Mattx> i can't imagine a "raw" http library being hard to use 16:59 < Mattx> you should check Apache HTTP client, it really sucks at user friendliness ^ 17:00 <+catphish> well if it was that hard i'd just make my own 17:00 < Mattx> Netty official http client is pretty similar in that sense 17:01 < Mattx> https://hc.apache.org/httpcomponents-core-ga/httpcore/examples/org/apache/http/examples/ElementalHttpGet.java 17:01 < Mattx> that can be done in one line in okhttp for instance :P 17:01 < Mattx> let alone a more complex example 17:02 <+catphish> that looks easy enough 17:03 <+catphish> anyway, good luck, hope it's not too much work in the end 17:03 < Mattx> oh look, they even have an example for pipelining https://hc.apache.org/httpcomponents-core-ga/httpcore-nio/examples/org/apache/http/examples/nio/PipeliningHttpClient.java 17:04 < Mattx> "Please note that this example represents a minimal HTTP client implementation. It does not support HTTPS as is." 17:04 < Mattx> haha 17:04 < Mattx> "You either need to provide BasicNIOConnPool with a connection factory that supports SSL or use a more complex HttpAsyncClient." 17:05 < Mattx> that's what I'm talking about. you have to provide everything. in that sense its api is "raw" 17:08 <+catphish> i don't really know java anyway 17:08 < wizzi> Hello, is there a way to blocking someone from my network 17:08 < wizzi> ? 17:08 <+catphish> it always looks extremely verbose 17:09 <+catphish> wizzi: what kind of someone? 17:09 <+catphish> ethernet? wifi? external? 17:09 < detha> well-written java isn't that more verbose than, say, C++. Java culture is to add verbosity and layers 17:09 <+catphish> the answer is: lock your doors, change the keys, and use a firewall, respectively 17:10 < wizzi> catphish, wifi 17:10 <+catphish> wizzi: change your keys, and don't tell them 17:11 < wizzi> can i block them with iptables ? 17:11 <+catphish> wizzi: if your key is public, then you may be able to block them by MAC, it's not secure but it'll probably work 17:11 <+catphish> look on your access point for MAC blacklisting 17:12 <+catphish> wizzi: you could also configure DHCP to give that MAC a specific IP then firewall it 17:13 < wizzi> catphish, "look on your access point for MAC blacklisting" how can i do that ? 17:13 <+catphish> look 17:14 <+catphish> browse around the interface looking 18:47 < nosmelc> I see some desktop computers that have built-in 802.11ac wireless. I assume that means I'd need a router that supports the 5GHz band? 18:51 < DoctorDick> nosmelc, You need a router that supports AC, if you want to use AC 18:51 < DoctorDick> 802.11N also supports 5Ghz 18:52 < scientes> is mimo mandatory with ac? 18:52 < scientes> mu-mimo 19:02 < nosmelc> So will a 802.11ac laptop/desktop connect to a 802.11n router that's not dual band? 19:03 < scientes> yes 19:03 < scientes> but at reduced speed 19:04 < nosmelc> scientes, at n speed? 19:05 < Kingrat> mu-mimo is typically on whats called a wave 2 device 19:05 < Kingrat> wave 1 is regular mimo 19:07 < scientes> is wave 1 ac1200 and wave 2 ac1750? 19:08 < scientes> IOW how do i tell the difference 19:09 < scientes> ok my device is wave 1 19:10 < scientes> is ac the same range as n? 20:27 < pikaro> I stupidly got myself blacklisted by t-online.de, probably by sending a test mail from a new server before having a ptr record. does anyone know if that's temporary of if I have to proactively delist myself? 20:30 < rewt> try emailing them 20:31 <+catphish> pikaro: the rejection message may include instructions 20:32 <+catphish> pikaro: also, it's very likely to be a temporary ban if all you did was a config error 20:32 < pikaro> catphish, pretty much just "Ask your postmaster" 20:32 < Mattx> does anybody know how to use openssl correctly? I'm testing something but it gets disconnected immediately, without waiting for a response 20:32 < Mattx> cat request.test | openssl s_client -crlf -connect 123.123.123.123:443 20:33 <+catphish> Mattx: yeah that happens 20:33 < pikaro> catphish, I'm hoping it's just the config error - spf / dkim / dmarc were all set and the mail just said "BL" 20:33 <+catphish> Mattx: try just running it manually and pasting the content in 20:33 < Mattx> that works yeah 20:33 < Mattx> I supposed there is an option to keep it listening? 20:33 <+catphish> it's a weird problem with shells that i don't understand 20:33 <+catphish> but it often happens 20:34 <+catphish> basically: you can't pipe stuff to interactive apps like that 20:34 <+catphish> not sure how to make it non interactive 20:49 < AlexPortable> What is the difference between Q VLAN and Q PVID ? 20:56 < VincentHoshino> you know the one thing I wish they would change in the DOCSIS specs? report the SNR and recieve power back in the ranging response! 21:24 < Guest32107> Hello! I am from Kiev. Does anyone want to chat? 21:24 < DocScrutinizer05> duh 21:25 < DocScrutinizer05> sigyn was pretty pissed eh? 22:04 < Apachez> "Black Widow catches a rat" NOPE! NOPE! NOPE! *runs away screaming* 22:06 < Apachez> AlexPortable: its somewhat blurry depending on vendor, but in short PVID often means "which VLAN should an incoming untagged frame belong to" 22:06 < Apachez> PVID is also the one used for protocols who isnt vlan dependent 22:06 < Apachez> like RTP, LACPDU etc 22:06 < Apachez> CDP, LLDP and whatelse 22:08 < rtmataeu34> oh heres a silly question- any wiresharkers on linux out there? my capture cache got full and drove myself nuts looking for why the root partition got filled 22:08 < Apachez> there is a capture cache? 22:08 < Apachez> where? 22:08 < rtmataeu34> i guess its in my imagination 22:08 < Apachez> usually I use tcpdump with -s0 and -w file.pcap to do longrun captures 22:08 < Apachez> and perhaps add the syntax to cycle it every 100 meg or so 22:09 < Apachez> I thought wireshark captured to ram only 22:09 < rtmataeu34> but there should be a directory where the files are going- theres supposed to be an option to do that to WS 22:09 < Apachez> na thats when you save the capture 22:09 < rtmataeu34> rotate captures 22:09 < Apachez> thats why you got a capture filter 22:09 < Apachez> so you dont capture junk 22:09 < rtmataeu34> well it happens even when im just normally capturing without saving anything 22:09 < Apachez> and then save whatever you anaylized in wireshark 22:09 < rtmataeu34> which seems nuts to me* 22:09 < Apachez> if you want to do a save only then there is no need to run wireshark 22:10 < Apachez> just run tcpdump with -s0 and -w file.pcap and perhaps add the syntax to dump every 100 meg into a new file (or 1 Gbyte depending on how much ram you have to later on open the file(s)) 22:10 < rtmataeu34> ok 22:10 < rtmataeu34> assuming thats not the only CL way to do this 22:11 < rtmataeu34> ? 22:11 < rtmataeu34> probably will need to educate myself before asking any more malformed questions 22:28 < spaces> Apachez ;) 22:31 * spaces throws a Black Widow @ Apachez 22:31 < spaces> she is old and hairy :P 22:47 < jvwjgames> is there a bgp channel 22:51 < tds> I'm not aware of anything like that - there are a few for individual bgp daemons (eg I'm in #bird, looks like there's one for quagga, another for exabgp), but I don't know of anything generic 22:51 < jvwjgames> ok cause i need help with bgp 22:52 < tds> if you want to learn about bgp, dn42 can be useful as a playground, and they have an irc channel as well (#dn42 on hackint) 22:52 <+catphish> jvwjgames: this is probably the place to ask unless you are having issues with s specific router / software 22:52 < Apachez> or zebos 22:53 < jvwjgames> i have used dn42 it's great 22:57 < jvwjgames> i am anouncing my ipv6 prefix but i can't get to it via traceroute 22:57 < phirephly> jvwjgames, Do you see it showing up in other network's looking glasses? 22:57 < ntd> what do you plan on doing with them ipv6 addresses? make all the devices addressable from inet? 22:58 < jvwjgames> yes 22:58 < phirephly> jvwjgames, Are you sure your transit provider is accepting that prefix? Are they using prefix filtering on your connection 22:58 < phirephly> derp, then yes 22:58 < ntd> like that smart fridge, toaster and water closet? 22:58 < phirephly> can you not trace route it from many locations or just one other place? 22:59 < phirephly> who's your transit provider and where are you trying to traceroute to it from? Maybe suffering from the HE/Cogent bisection 22:59 < ntd> cause ipv6+internet of shit is, in a few years gonna be remembered as being equally dumb as smoking 23:00 < jvwjgames> vultr 23:00 < phirephly> ntd, Just because IPv6 doesnt force you to run a stateful firewall on your edge doesnt mean you shouldnt 23:00 < ntd> word 23:00 < phirephly> jvwjgames, You're both advertising to vultr and tracerouting from vultr? 23:01 < ntd> but people be busy with snap streaks and all, who needs a firewall in 2018? not mobile devices, that's for sure 23:01 < jvwjgames> advertising but tracerouting from home 23:01 < tds> i'd give it a poke from vultr's looking glass to start 23:02 < tds> it's not especially useful, you can only run traceroutes iirc, but it's better than nothing 23:03 < phirephly> if you dont mind sending me your prefix I can try tracerouting it from my AS 23:03 < tds> ^ happy to help here as well :) 23:03 < ntd> got teamviewer? :P 23:04 < jvwjgames> yes 23:04 < jvwjgames> 2602:FE5D:1:: 23:04 < tds> I can't see that from my network 23:05 < phirephly> nor can I. Which looking glasses can you see that prefix in? 23:05 < jvwjgames> i can't see it from vultr either 23:06 < jvwjgames> but i thought my bgp router said it was advertising 23:06 < phirephly> ok, but I asked if you saw it on other network's looking glass and you said yes. Did I misunderstand? 23:08 < jvwjgames> i was saying yes to me having TeamViewer 23:09 < jvwjgames> sorry the miscommunication 23:09 < tds> phirephly: I only just thought, are you the person running that little IX from a he rack? 23:09 < phirephly> then you need to make sure your router is advertising it to vultr and vultr is accepting it 23:10 < phirephly> tds, Yep. :) FCIX. We're actually expanding into a second building soon. Already got the dark fiber, switch, and optics donated 23:10 < tds> phirephly: ah cool, I knew I recognised the username from somewhere, it only just clicked :) 23:10 < phirephly> we're upgrading from our 6506 to a pair of Arista 7050S-64s 23:11 < tds> oh shiny - iirc were you originally just running it off your own router, so are those dedicated switches for fcix? 23:12 < phirephly> yeah. was a vlan on my router, will now be a dedicated switch for the FCIX data plane. 23:12 < jvwjgames> Network Next Hop Metric LocPrf Weight Path 23:12 < jvwjgames> *> 2602:fe5d:1::/48 :: 0 32768 i 23:13 < jvwjgames> that's what my router shows and it says BGP Session established 23:14 < phirephly> for which command? 23:15 < jvwjgames> BGP IPv6 Routes 23:15 < phirephly> what actual command did you run to get that table? 23:16 < seven-eleven> hi, do people configure cisco routers from CLI or GUI? 23:16 < phirephly> seven-eleven, All CLI for me 23:16 <+catphish> jvwjgames: who are you announcing it to? 23:16 < jvwjgames> it is on my pfsense gui onFRR it is not a command 23:16 < jvwjgames> vultr 23:17 < seven-eleven> phirephly, mhmk, im fiddling around with packettracer, then I'll try CLI too 23:17 <+catphish> jvwjgames: i also don't see that route 23:17 < jvwjgames> hmmm 23:18 < phirephly> you sent a letter of auth to Vultr to accept this prefix? 23:18 <+catphish> seven-eleven: cli, or a script of some kind 23:18 < jvwjgames> yes it is listed in there BGP settings i have 23:19 <+catphish> jvwjgames: i'd contact them, tell them you're announcing it, ask them to confirm if they're accepting it 23:19 <+catphish> because it's not working 23:19 <+catphish> jvwjgames: what router are you using? 23:20 <+catphish> you should be able to list the prefixes you're exporting 23:20 < phirephly> I've never run BGP on pfsense, so I don't think I can be of much help here 23:20 < jvwjgames> pfsense 23:20 <+catphish> oh, no idea then :( 23:21 < tds> frr should have a console available (listening on a local socket) with a cisco-y cli, if it's anything like quagga 23:21 <+catphish> it's non trivial though to configure filters correctly 23:21 < phirephly> catphish, It's super easy; just don't configure any. :-P 23:21 < phirephly> oh wait, maybe not with FRR 23:21 <+catphish> lol 23:21 < }8]> hi guys. i have 1 wired ethernet adapter (eth0) with internet access. is it possible to create a `virtual` ethernet adapter (like eth1), and have it connect to a vpn? so if i want regular internet access, i have it on eth0 and if i want vpn access i have it on eth1. or does that require 2 physical adapters? i was told that you can do it with 1 adaper and systemd 23:22 < AlexPortable> Apachez: well in the PVID setting I can set which port should have which vlan id, whats the difference between tagged then? 23:22 <+catphish> }8]: many vpn clients will create an adapter 23:22 < Apachez> sure but that is often broken design 23:22 < Apachez> suddently your dns queries goes over eth0 because eth1 went down 23:22 < Apachez> or such 23:22 <+catphish> }8]: for example openvpn will create an interface tun0 23:22 <+catphish> this is a virtual interface that sends all traffic down the vpn, as you need 23:23 < Apachez> AlexPortable: tagged = 4 bytes are added to each ethernet frame according to 802.1Q 23:23 < Apachez> these 4 bytes contains the vlan id tag 23:23 < tds> jvwjgames: if you're able to get a shell on pfsense, you may be able to run vtysh and get a quagga console? 23:23 < Apachez> frames without those 4 bytes of 802.1Q tag is called untagged 23:23 < }8]> yeah thats what im using now, openvpn. it creates tun0 but it takes over eth0 too. if i check a whatismyip from a shell, its the vpn ip 23:23 < tds> then just press ? lots of times until you've worked out how the commands work :) 23:23 <+catphish> AlexPortable: pvid is just what tag to assign to incoming frames that don't have a tag alreedy 23:23 < Apachez> on a modern manageable switch you can allow for: only untagged frames, only tagged frames or both 23:24 < Apachez> cisco usually only supports "only untagged" or "both" 23:24 <+catphish> }8]: no it doesn't, you're misunderstanding something 23:24 < Apachez> only untagged with cisco lingo is "switchport mode access" 23:24 < Apachez> while "both" with cisco lingo is "switchport mode trunk" 23:25 < Apachez> you can filter for incoming vlan id's on ciscos but I dont think that applies for the untagged traffic 23:25 <+catphish> }8]: your routing table determines which direction packets go, when you connect to the vpn, the routing table will be updated to send packets via tun0 23:25 < Apachez> allied telesis for example supports to only allow tagged frames 23:25 < Apachez> "switchport tagged-frames only" 23:25 < jvwjgames> ok i typed that command a consle came up 23:25 < Apachez> or whatever their syntax is to only allow for incoming tagged frames 23:25 < Apachez> and then you can have the switchport allowed vlan 1, 2, 3 23:26 < }8]> catphish - so openvpn tells eth0 to route through tun0 instead of 192.168.1.1 (my lan gateway or whatever) 23:26 < }8]> ? 23:26 < tds> phirephly / jvwjgames: as far as I know that shell should behave very like a cisco one, so you might be able to help at this point? 23:26 <+catphish> }8]: no, it tells your whole computer to route through tun0 23:26 < tds> as I said, I can never remember the cisco commands, I just push ? lots :) 23:27 < AlexPortable> my situation is switch1, port 1 goes to router, port 2 goes to switch2. on switch2: port 1 goes to switch1, port 2 is private network (vlan 3), port 5 is guest network (vlan 6). what should be tagged, untagged and member ? 23:27 <+catphish> }8]: routing table (you can view it with "ip route" is system wide 23:27 < Apachez> or netstat -rn 23:27 <+catphish> }8]: it doesn't matter how many interfaces you have, the system uses the routing table to decide where to send things 23:27 < }8]> catphish - right, ok, so thats why i wanted to make a `virtual` adapter and make openvpn bind/route through that instead of the whole computer 23:28 <+catphish> }8]: you mean you just don't want packets to go through the vpn by default? 23:28 <+catphish> openvpn likely has an option for that (not to update the default route) 23:28 < Mr_Midnight> }8]: you should be able to configure your VPN settings to allow for 'split tunneling' or 'split horizon' and then only traffic destined for the other side of the VPN will go through the VPN 23:29 <+catphish> }8]: what traffic do you want to go through the vpn? 23:31 < }8]> for example, only traffic from firefox goes through the vpn. anything else i do would go through regular net.. so if i whatismyip in firefox i get the vpn ip, but if i curl whatismyip from a shell, i get my isp ip 23:31 <+catphish> }8]: that's actually nearly impossile :( 23:31 <+catphish> operating systems route all applications the same way 23:32 <+catphish> unless you go to a lot of effort to set up network namespaces 23:32 < }8]> it cant be impossible cuz even regular ping lets you choose which interface to use 23:32 <+catphish> there's no way to make the routing table differentiate based on application 23:32 <+catphish> }8]: no it doesn't 23:32 < }8]> yes, network namespaces! thats what the guy mentioned who said you only need 1 adapter 23:33 < tds> if you control the vpn server then you'll likely have a far better time setting up a socks proxy/similar and setting just firefox to use that, otherwise you'll end up doing insane things like policy routing based on uid or something 23:33 <+catphish> you're confusing selecting source ip with selecting an interface to send traffic through 23:33 < phirephly> }8], this seems like a lot of effort to do something rather strange. What are you actually trying to do? 23:33 <+catphish> applications can't select a route to send traffi 23:33 < }8]> ping -I interface (interface is either an address, or an interface name.) 23:33 <+catphish> *traffic 23:33 <+catphish> }8]: yeah that's nonsense :) 23:34 <+catphish> i mean, its not nonsense 23:34 <+catphish> you just didnt read the rest 23:34 < phirephly> no, ping can bind to specific interfaces, but that's because it's doing a single very specific low level network action. Not browsing the internet 23:34 <+catphish> If interface is an address, it sets source address to specified interface address. 23:35 <+catphish> phirephly: that's not the point, choosing a source address still doesn't select an interfce 23:35 < tds> you can policy route based on source address if you want, good luck setting firefox to use a specific source address though 23:35 <+catphish> indeed 23:35 <+catphish> }8]: at this point, you probably want to just believe us that this is impossible 23:35 < phirephly> yeah. ping and firefox are two different beasts 23:36 <+catphish> but it you really need it, you'll need a vm, container, or network namespaces 23:36 <+catphish> phirephly: regardless, neither of them can choose an interface to send traffic through 23:36 < }8]> lets rewind here.. so youre telling me that if i use openvpn, my whole system either has to go through the vpn, or not at all. all or nothing. its impossible to have access to both the vpn and regular isp simutaneously. is that what youre saying? 23:37 < jvwjgames> phirephly: you able to help me? 23:37 <+catphish> }8]: yes 23:37 <+catphish> }8]: actually you can use the vpn for selected *destinations* 23:38 <+catphish> or you can use firewall rules to select different routes 23:38 <+catphish> but you can't do it based on applicatiokn 23:38 <+catphish> for example many people have a vpn that sends traffic with a destination of their company nework over the vpn, and everything else to the public internet 23:39 <+catphish> but that's destination, that's the only thing routing tables choose based on 23:40 < phirephly> }8], why not just run everything through your VPN? 23:40 < }8]> if thats what i wanted, i wouldnt be inquiring 23:41 < phirephly> yeah, and I'm questioning why you want it 23:41 < }8]> because i dont like all or nothing. i like to have more control than that 23:42 <+catphish> }8]: As the philosopher Jagger once said: You can't always get what you want 23:43 < Mr_Midnight> But if you try sometimes, you just might find, you get what you need! 23:43 <+catphish> :) 23:43 < Apachez> Or as the wise man Bruce Willis said: Jippiekayeyh motherfucker! 23:44 < seven-eleven> }8], as catphish and Mr_Midnight said, you can split tunneling, then use iptables fwmarks and ip rules to create exception and should be routed through your WAN gateway and not tun0. but now you want to except a local application which doesn't go through the routing chain i think, so you should use network namespaces 23:44 < MatCat> I have a WRT54G version 8, I am sharing my internet in Win 10 from PDANET+ to ethernet which bridges to the router, I have it setup to static from that WAN connection, however it acts like dialup, and only the first packet it seems of any interent request ever makes it through, any idea how to solve this? 23:44 < }8]> im trying to find a link he gave me 23:45 <+catphish> somteimes it's easier just to make a vm and route all traffic from that through the vpn 23:45 < }8]> seven-eleven - yes, the guy i talked to before mentioned network namespaces but catphish is saying its impossible 23:45 <+catphish> it's definitely possible with network namespaces 23:45 < tds> you missed his message just after that, "but it you really need it, you'll need a vm, container, or network namespaces" :) 23:46 < seven-eleven> }8], or you could rewrite the vpn client implementation to except firefox :D 23:46 < }8]> heres the link he showed me ... https://schnouki.net/posts/2014/12/12/openvpn-for-a-single-application-on-linux/ 23:46 <+catphish> seven-eleven: no you can't, it doesn't know the application 23:46 < seven-eleven> mhmm 23:46 <+catphish> if that uses network namespaces, it'll work :) 23:46 < varesa> namespaces in that case shouldn't even be that hard to setup 23:46 < }8]> i dont know where he gets the 10.200.200.1, 10.200.200.2, etc from 23:47 < varesa> I used to do that in networking labs at school when I had to wait for something. The main netns/routing table would have all the lab configuration while I'd create a secondary netns, move the second NIC there, run dhclient and start firefox 23:47 <+catphish> }8]: this is pretty advanced linux networking 23:48 < MatCat> any ideas on my prob? 23:49 < varesa> }8]: 10.200.200.0/24 is just an arbitrary network chose for routing the VPN traffic from the "VPN-namespace" to "normal internet namespace" 23:49 <+catphish> mad_enz: i didn't fully understand the description, are you trying to bridge between wifi and ethernet? 23:50 < varesa> I also wonder if it would be possible to run the VPN client in the main netns but move the tun0 or whatever interface to another namespace 23:50 < varesa> that'd be a whole lot simpler 23:50 < MatCat> catphish are you meaning tyo hilight me? 23:51 <+catphish> varesa: that seems the simplest approach indeed 23:51 <+catphish> MatCat: yes 23:52 < varesa> I just wonder if OpenVPN (or whatever VPN process) looses its "connection" to the virtual interface if you put them to separate namespaces. Probably not but I don't know how that it handled internally 23:52 < varesa> I'd guess the "connection" is on some other than the network layer 23:52 < MatCat> catphish I have PDANET+ on my computer, which is a USB tether bridge to my cell phone, it gives my system internet, I have a WRT54G V8 attached via WAN port to ethernet, I am using Win 10 ICS to share internet to the ethernet, on the WRT I have it set to get static from my system, however it only allows first packet through and is as slow as dial up, or even just from one system to another 23:52 < MatCat> in network 23:52 <+catphish> varesa: seems like it should work 23:53 < tds> I tried something similar (moving tap interfaces from qemu into another namespace) recently and the interface just went down upon changing the namespace, so I don't know if that would work 23:53 <+catphish> MatCat: seems like that should work, messy but i can't think why it would fail, maybe an mtu problem 23:54 < MatCat> I dunno but it sucks I can't use it 23:54 < MatCat> No idea how to fix 23:54 < MatCat> only thing on the network is an ESP32 and a cell phone and my computer 23:54 < tds> yeah, just tried it with openvpn on my desktop, doesn't seem to work :( 23:55 <+catphish> tds: shame :( 23:55 < MatCat> I can try to load the webpage I have on the ESP32 and it will load, but all the websockets stuff on it won't work 23:55 < MatCat> even just trying to load 192.168.1.100 the wrt admin page takes forever 23:55 < tds> it also meant I'd need a bridge and veth pair per vm for that qemu setup, which is just horrible :/ 23:55 < jvwjgames> can someone help me with the vtysh command please? 23:56 < }8]> varesa - so the 10.200.200.0/24 has nothing to do with his lan then? i thought maybe his was 10.x.x.x instead of 192.168.1.x like mine 23:57 < tds> jvwjgames: did you try just using the inbuilt help? 23:58 < varesa> jvwjgames: is 'vtysh# show ip bgp neighbors 1.2.3.4 advertised-routes' something you wanted (didn't really follow the conversation before) 23:58 < tds> that looks like the right kind of thing to me :) --- Log closed Sun Jun 17 00:00:01 2018