--- Log opened Sun Jun 17 00:00:01 2018
00:01 < jvwjgames> i tried yes and veresa yes that what i needed thanks
00:02 < tds> if that showed the right prefix, then yeah, time to go grumble at their support
00:03 < jvwjgames> uh-oh
00:03 < jvwjgames> it's blank
00:03 < jvwjgames> my config error
00:06 < varesa> }8]: https://i.imgur.com/ZKzCOm0.png
00:08 < }8]> thanks varesa, easier to understand that way :)
00:09 < tds> }8]: is the actual use case firefox, and do you control the vpn server?
00:13 < }8]> firefox. i dont control a server. wouldnt know where to begin to be honest. im not a networking guy at all
00:17 < jvwjgames> I nuked pfsense and will be going with ubuntu 18.08 and istalling bird directly
00:17 < jvwjgames> it should be easier that way since they have documentation on it
00:19 < tds> that seems like a slightly extreme approach to fixing a quagga issue, but I'll support the move to bird at least :)
00:30 < varesa> what about FRR? :)
00:34 < tds> oh oops, I think he was already on frr actually, I just kept saying quagga
00:35 < Apachez> 18.08 ?
00:35 < varesa> tbh I've only tried FRR once but couldn't get it to work. I'm pretty sure that was an user error of course
00:36 < varesa> went back to quagga from centos repositories which worked out of the box for me
00:36 < jvwjgames> 18.04 is what i meant sorry
00:37 < tds> 18.08 is the special future version you need to get packages for bird2 ;)
00:40 < Apachez> 18.10 perhas
00:41 < Apachez> p
00:42 < varesa> spaces: do you happen to be online?
00:46 < vavkamil> hey I have a git question
00:47 < vavkamil> how can I deploy local git repo to remote server
00:51 < mgolisch> maybe search for a git channel then..
00:54 < lupine> don't. git isn't a deployment tool
00:54 < lupine> unless you're a particular kind of devops insane
01:16 < brawze1> I'm having issues with an Ubuntu server image I was handed from Google Cloud. Is it possible to wipe all the certificates and start over with the default certificates Ubuntu has?
01:19 < Apachez> sure
01:20 < brawze1> Apachez, how would I go about doing that?
01:21 < Apachez> its in /etc/ca-certificates and /etc/ssl
01:21 < Apachez> and then you just reinstall the correct package
01:22 < Apachez> apt-get install ca-certificates
01:22 < Apachez> apt-get install ca-certificates-java
01:22 < Apachez> apt-get install ca-certificates-mono
01:22 < Apachez> perhaps run a purge first
01:22 < Apachez> apt-cache remove certificates --purge
01:22 < Apachez> apt-cache remove certificates-java --purge
01:22 < Apachez> apt-cache remove certificates-mono --purge
01:22 < Apachez> and then look in the /etc/ca-certficates and /etc/ssl directories
01:30 < brawze1> Apachez, if I purge/delete these, wouldn't apt-get have issues trusting the package server?
01:54 < mgolisch> not sure but i dont think it uses https for accessing the package repos atleast not by default
02:15 < xtrWrithe> hi, i have a rare issue on iproute2 monitoring an 80211 monitor , it says unknown message (81) and NETCONF LINK goes down, what is this related to?
02:17 < friend_of_candy> hi
02:25 < Apachez> brawze1: why would it?
02:25 < Apachez> it uses http if I recall it correctly and then verify with pgp signatures
02:26 < knight33> I'm at a point in my career where not knowing networking is killing me. I'm Ops too. Even basic troubleshooting alludes me, like seeing if packets are being dropped, and recently, a route table with an incorrect IP. Where can I learn these things? LinuxAcademy and YouTube aren't really helping me, everything is so conceptual. I need real world knowledge.
02:28 < friend_of_candy> you could look into wireshark first, it shows all packages going through the network
02:29 < friend_of_candy> it is a good tool for troubleshooting
02:30 < xtrWrithe> knight33: i could help you, just send a PM
02:42 < jvwjgames> I am having no luck
02:42 < jvwjgames> can someone please help me or try to help me via teamviewer
02:43 < xtrWrithe> jvwjgames: tell me about sir
02:43 < jvwjgames> it is on bgp
02:44 < tds> jvwjgames: what state is it in, is bird starting, is the bgp session coming up?
02:44 < xtrWrithe> what is the OS?
02:44 < jvwjgames> i found out i was using a v4 address to announce a v6 space so that was my bad to start with
02:44 < jvwjgames> pfsense but i am using frr
02:44 < tds> hmm, I guess that should still work with multiprotocol bgp, depends on their routers supporting it though
02:44 < tds> oh wait, are you back on pfsense now?
02:44 < xtrWrithe> bpgd right?
02:44 < jvwjgames> ya
02:45 < jvwjgames> i found it to be harder to use quagga direclty
02:48 < tds> jvwjgames: so is the session coming up, are you advertising your subnet now?
02:49 < jvwjgames> no not yet :(
02:49 < jvwjgames> and vultr still hasen't responded
02:50 < tds> oh, did you think the issue was on their end?
02:50 < jvwjgames> i thought but i think it is on my end
02:51 < jvwjgames> tds do you have teamveiwer
02:51 < tds> no, sorry
02:51 < tds> iirc that has some pile of wine insanity to run on linux
02:53 < tds> jvwjgames: can you upload your frr config to paste.debian.net or somewhere similar?
02:53 < jvwjgames> ya
02:53 < tds> output of "show bgp neighbors <ip>" would be useful as well
02:55 < jvwjgames> https://paste.ee/p/AgXHb
02:58 < jvwjgames> https://paste.ee/p/Z461N
02:58 < jvwjgames> let me know if that helps
03:01 < tds> are you able to open a tcp connection to that ip on port 179?
03:01 < tds> ie try telnet 2001:19f0:ffff::1 179
03:05 < tds> oh actually, "OPEN Message Error/Unsupported Capability" sounds interesting, might be worth restarting the session and doing a packet capture to see the actual open message?
03:05 < tds> could also just decode the hex that quagga's given if you can be bothered
03:05 < jvwjgames> can't telnet connect failed
03:08 < jvwjgames> hex also can't be decoded it's encrypted
03:08 < tds> oh yeah, if it's using tcp with md5 signatures then I guess that'll fail
03:09 < tds> if you're using tcpdump you'll need to provide it with the password as well to validate the signatures
03:10 < meingtsla> due to NOTIFICATION sent leads me to believe that your side is sending the notification in response to something the other side is sending
03:12 < tds> http://bgpaste.convergence.cx/ can decode that open message for you
03:13 < jvwjgames> still failing to decode
03:14 < tds> decodes for me, you need to include the "message received..." line, then all the hex
03:16 < jvwjgames> ok dewcoded
03:16 < jvwjgames> but don't understand what the problem is
03:19 < tds> I'm not familiar with quagga, but it seems odd that it includes "For address family: IPv4 Unicast" there
03:20 < tds> if your router is only advertising support for ipv4 and their open message only advertises support for ipv6, then "Unsupported Capability" sounds about right
03:20 < jvwjgames> if you want i can give you acce3ss to my bgp router to look at config directly
03:21 < jvwjgames> i am trying to advertise v6 not v4
03:23 < Apachez> how rude
03:24 < Apachez> how do you think those with v4 feels then?
03:24 < meingtsla> ha
03:33 < jvwjgames> the md5 password does that have to be an md5 format
03:33 < meingtsla> No
03:33 < jvwjgames> ok cuase the line with the password is failing
03:34 < meingtsla> Speaking to what tds was saying, you need to "activate" the v6 neighbor under address-family ipv6 unicast, and "no ___ activate" the v4 neighbor under address-family ipv4 unicast. I am not certain that is what's causing the session to tear down, but you will need to do this anyway for your use case.
03:34 < meingtsla> What do you mean the line with the password is failing.
03:36 < jvwjgames> var/etc/openbgpd/bgpd.conf:9: syntax error
03:37 < jvwjgames> tcp md5sig password BuXXXXXXXXXXXXXXXee-XXXXXXXXXXXXXXXXXXXX!
03:38 < jvwjgames> the pass does have the - and the !
03:38 < jvwjgames> could that be why
03:38 < meingtsla> Line 9 being "router bgp 64798"?
03:39 < jvwjgames> could that be whyno
03:40 < jvwjgames> no line 9 is tcp md5sig password BuXXXXXXXXXXXXXXXee-XXXXXXXXXXXXXXXXXXXX!
03:41 < tds> is that the same file you uploaded earlier? (https://paste.ee/p/AgXHb)
03:41 < meingtsla> I was going off https://paste.ee/p/AgXHb, so if the file is changes you might want to show it.
03:41 < tds> I thought openbgpd had a completely different config syntax to quagga/frr, but I may be getting mixed up
03:42 < jvwjgames> no i switched to using OpenBGPD
03:42 < Apachez> ClosedBGPD then?
03:42 < jvwjgames> yes i will upload file now
03:43 < tds> seems like we're playing a game of how many bgp daemons can be tested in one evening :)
03:43 < jvwjgames> https://paste.ee/p/GqQYy
03:43 < jvwjgames> sorry i will stay with this one it seems light and simple to navigate
03:43 < jvwjgames> the other one had too many options
03:46 < meingtsla> Maybe put the password in quotation marks ""
03:49 < Apachez> "secretpassword"
03:49 < Apachez> "secretpa"ssword"
03:53 < tds> I can see your /48 now, so something obviously worked :)
03:53 < jvwjgames> ya i fixed it
03:53 < strixdio> hmm, so, if I wanted a high performance bridge for my pfsense as a 2ndary WAN, what do you all recommend?
03:53 < strixdio> high performance as in, long range.
03:54 < jvwjgames> i found out that i had to put the pass and a few other things under neighbor perams
03:54 < jvwjgames> not above it
03:57 < jvwjgames> thanks tds and everyone for dealing with me and my struggles lol thanks so very much
03:58 < jvwjgames> one last questrion if i made another bgp router and advertised another prefix am i considered multi-homed cause i am trying to get an ASN from ARIN
04:02 < Pimpernel_> testing
04:11 < mwd> how big would the entire dns database be?
04:12 < light> 7
04:13 < scientes> mwd, https://github.com/yarrick/iodine
04:13 < scientes> mwd, https://code.kryo.se/iodine/
04:14 < mwd> that's a cool project
04:15 < mwd> just 7?
04:15 < mwd> it's got to be bigger than that.
04:16 < scientes> mwd, if you were paying attention its impossible
04:16 < scientes> you couldn't tunnel through it unless it was infinite in size
04:18 < mwd> hmmmm
04:25 < Aviyah> Anyone in here at the moment?
04:25 < tds> jvwjgames: no, for multihoming you'd be announcing the same prefix to multiple different upstreams/peers
05:14 <+pppingme> Aviyah nope, totally empty, the 1245 users listed are all fake..
05:22 < Aviyah> Lol
05:23 < mwd> no fake, we're the best users, you're fake
05:23 < Aviyah> Hey, pppingme, are you a network engineer?
05:23 < Aviyah> Or are you, mwd?
05:23 < Aviyah> I purchased some very inexpensive repeaters and unfortunatey they have a WPS that cannot be disabled. It is pretty dumb.
05:24 < mwd> i am not, just a network amateur
05:24 < Aviyah> I was wondering what might be my options with corrupting the WPS in these repeaters via editing the firmware.
05:25 < Aviyah> Why on earth would any reputable manufacturer disallow their customers to take down a stupid vulnerability like WPS?
05:25 < mwd> you're supposed to buy new one
05:25 < mwd> hm too slow
05:25 <+pppingme> where'd he go
05:26 < mwd> to a farm, upstate
05:47 < jvwjgames> i can announce the same 2602:FE5D:1::/48 and it won't cause routing issues
05:49 < jvwjgames> tds or routing conflicts
05:51 <+pppingme> jvwjgames do you own that?
05:51 < jvwjgames> yes
05:52 <+pppingme> then why would you think it'd cause issues?
05:53 < jvwjgames> i just thought that advertising the same2602:FE5D:1:: prefix would tell routers it over here no wait it's over here i was just making sure
05:54 <+pppingme> so you're advertising it from two connections? or two locations? or what?
05:56 < jvwjgames> two locations
05:56 < jvwjgames> vultr and another host or another vultr location
06:38 < ricemuffinball> [21:36] <ricemuffinball> my voip box needs to use html to make changes such as :  http://192.168.1.110/admin/resync?http://websitename.com/test.xml
06:38 < ricemuffinball> [21:37] <ricemuffinball> but instead of  http://websitename.com/test.xml  can i do local harddrive
07:04 < spaces> I worked in the garden, or actually my forest, yesterday... don't ;)
08:05 < The_Ku_Klux_Klan> i need a vpn tunnel the nsa cant crack
08:05 < The_Ku_Klux_Klan> for site-to-site
08:05 < The_Ku_Klux_Klan> is a really long PSK good or do i need certs?
08:09 < melissa666> The_Ku_Klux_Klan, you should use telnet
08:09 < melissa666> and then kill yourself
08:16 < The_Ku_Klux_Klan> melissa666: why?
08:17 < The_Ku_Klux_Klan> is my nickname offensive?
08:17 < melissa666> The_Ku_Klux_Klan, I'm sure you think of reasons every day. Just trust yourself.
08:17 < melissa666> You can do it, and it will be better afterwards.
08:18 < The_Ku_Klux_Klan> melissa666: You are a low effort troll.  Welcome to my ignore list.
08:19  * melissa666 slow claps
08:21 < VincentHoshino> are you the same person that just used aN offensive nick on AFternet?
08:54  * spaces is back to savas this channel by adding some sexyness again ;) 
09:01 < hiya> What is wrong with Google's state of Geo-location?
09:01 < m0dshalp> lads, i bought a gaming pc a few months ago. it has one hdmi port, and the other hdmi port isn't working (it's covered in tape, it was like this when i got it). should i take it back and ask for it to be repaired or is this something to do with the motherboard i bought with it?
09:02 < hiya> It shows as Germany for Swedish IP
09:02 < m0dshalp> i can't hook up 3 gaming monitors because of this
09:02 < hiya> and Sweden of its IPv6 counterpart
09:02 < hiya> its messed up
09:03 < senaps> anybody able to help me with this https://serverfault.com/questions/916381/centos-7-persistent-static-route ? i need to write settings to file.
09:03 < senaps> it's driving me crazy. i have done all the configurations exactly like the docs, and it doesn't work.
09:08  * azonenberg looks up from MAC address table debugging
09:16 < spaces> hiya it sucks big time
09:16 < hiya> spaces, ok man
09:16 < spaces> hiya I just switched to my own OSRM server
09:16 < spaces> they have a difference in the API and GeoCoder in data as well
09:20 < hiya> spaces, Yes man
09:20 < hiya> iplocation.net makes it clear we can have multiple geo-location per IP
09:20 < hiya> depending on what database we use
09:22  * azonenberg is still geolocated in new jersey or DC sometimes
09:22 < azonenberg> And i live on the west coast
09:22 < azonenberg> So, geoip databases are far from perfect :p
09:23 < spaces> hiya determing geo on IP is failsy
09:28 < spaces> azonenberg the paid ones are pretty ok
09:28 < spaces> but you go wrong when you are using a VPN for an example
09:28 < azonenberg> well duh
09:28 < azonenberg> this is more like, i pull up google maps
09:29 < azonenberg> and it puts me on the wrong end of the continent
09:42 < spaces> do you really think an IP lives somewhere ?
09:44 < skyroveRR> Inside a home.
09:44 < skyroveRR> Or office.
09:45 < spaces> skyroveRR maybe it hides somewhere ;)
09:45 < spaces> in the basement or so ?
09:49 < senaps> anybody able to help me with this https://serverfault.com/questions/916381/centos-7-persistent-static-route ? i need to write settings to file.it's driving me crazy. i have done all the configurations exactly like the docs, and it doesn't work.
09:57 < Li> is it possible to take internet connect from wifi to rPi-wireless card to rPi-ethernet to adsl-modem|switch|accesspoint-ethernet and put it again on another wifi ssid?
09:57 < kidn3ys> Li: anything is possible, a better question would be: why would you do that to yourself?
09:57 < azonenberg> li: sounds like it's doable with some bridging fun, but yes
09:57 < azonenberg> why would you want to do that?
10:01 < kidn3ys> good morning everyone
10:04 < spaces> kidn3ys we have to wait and see if it was good this afternoon!
10:05 < kidn3ys> I've done exactly zero work the last 3 days and I don't think that will change in the next hour so -- I'm willing to call it at this point.
10:07 < spaces> hehe I have had suchs days as well but friday I was damn productive again and yesterday afternoon I have worked in the garden/forest with the brushcutter
10:10 < tya99> hmm i implemented my VLANs though I am seeing some errors on boot
10:10 < tya99> RTNETLINK answers: File exists
10:10 < tya99> run-parts: /etc/network/if-pre-up.d/vlan: exit status 2
10:11 < tya99>  my interfaces file looks like this https://dpaste.de/Y7CS (standard busybox
10:11 < tya99> the interfaces do seem to be coming up though https://dpaste.de/hOH7
10:11 < tya99> i looked at my distributor's wiki page for it and they show an example https://wiki.alpinelinux.org/wiki/Vlan
10:13 < tya99> and yes i see the 8021q module in /proc/modules
10:13 < senaps> anyone aware if centos doesn't read `etc/sysconfig/network-script/route-X` ??i can't get it right no matter how i try.
10:19 < tya99> my switch is configured like this https://i.imgur.com/BR9Bp0l.png
10:23 < kidn3ys> tya99: you're tagging vlan 1 on your switch but not on your alpine box
10:24 < tya99> mm yeah i should make that E
10:24 < kidn3ys> err, should be U
10:24 < tya99> because i can't see any reason untagged packets should come in the router
10:24 < kidn3ys> well you have an address on eth0 with no tags
10:24 < tya99> at this point i doubt that is responsible for that error
10:25 < tya99> should i remove that interface?
10:25 < kidn3ys> if you aren't usin git.
10:25 < kidn3ys> using it*
10:25 < tya99> won't I need it to have vlans on it?
10:25 < tya99> hmm might do that then
10:25 < kidn3ys> doesn't need an address on it
10:25 < tya99> i did notice something
10:26 < tya99> removing   vlan-raw-device eth0
10:26 < tya99> silenced that error
10:26 < tya99> RTNETLINK answers: File exists
10:26 < kidn3ys> tya99: you installed the vlan package? ('apk add vlan')
10:26 < tya99> but i do still see run-parts: /etc/network/if-pre-up.d/vlan: exit status 2
10:26 < tya99> for each interface
10:26 < tya99> kidn3ys: yeah i do have the vlan package
10:26 < tya99> and i have 8021q module loaded
10:26 < tya99> i checked in /proc/modules to be sure
10:28 < tya99> i commented out the address, netmask and broadcast for eth0 as i'm not using them
10:28 < tya99> just leaving
10:28 < tya99> auto eth0
10:28 < tya99> iface eth0 inet static
10:28 < tya99> that interface is only between the router and switch
10:29 < tya99> hmm
10:29 < tya99> ifup: don't have all variables for eth0/inet
10:29 < tya99> then the three:
10:29 < tya99> run-parts: /etc/network/if-pre-up.d/vlan: exit status 2
10:30 < tya99> it was on here I read: http://www.microhowto.info/howto/configure_an_ethernet_interface_as_a_vlan_trunk_on_debian.html
10:30 < tya99> the thing about vlan-raw-device
10:30 < tya99> Disadvantages of this approach are that there is more to go wrong, and it does not allow for multiple interfaces with the same VLAN number.
10:30 < tya99> wait that shouldn't be an issue
10:31 < tya99> i have multiple VLANs (Different numbers) on the same interface
10:31 < tya99> not the same thing as what they were talking about
10:31 < kidn3ys> i would try removing the 'iface eth0 inet static' as well
10:31 < tya99> mm i thought i needed that i shall try it though :D
10:35 < tya99> okay so that seems to have worked
10:35 < tya99> although i am still seeing that run-parts error
10:35 < tya99> run-parts: /etc/network/if-pre-up.d/vlan: exit status 1
10:35 < kidn3ys> that's a different status than before
10:35 < tya99> i noticed the status now changed to a "1" from a "2"
10:35 < tya99> yep
10:38 < kidn3ys> tya99: if you cat that 'vlan' file -- is there something in it?
10:38 < tya99> that's how my interfaces came up https://dpaste.de/xbg9
10:39 < tya99> it looks like a shell script
10:39 < kidn3ys> pastebin it?
10:40 < tya99> https://dpaste.de/Tpqh
10:42 < kidn3ys> you sure there isn't anything after that run-parts line?
10:43 < tya99> nope
10:46 < spaces> kidneys I'm so damn sexy!
10:46 < spaces> is happens when you have two instead of one :P
10:47 < kidn3ys> tya99: hrm -- i don't see anything else wrong
10:48 < tya99> in fact i took a photo of it https://imgur.com/f8b601f3-59a4-41a8-b896-d0dddcb0fcab
10:49 < tya99> openrc does indicate its an error with the ugly [ !! ]
10:49 < tya99> next to it
10:49 < tya99> maybe i can do something to that vlan script to get more information
10:52 < tya99> oops something happend to that link
10:53 < tya99> https://i.imgur.com/HnTy76b.jpg
10:56 < Li> kidn3ys: since anything is doable then why should be a reason to do it? "to myself"!!!
10:57 < kidn3ys> Li: you CAN jump off a bridge right?
10:57 < kidn3ys> Li: does that mean you should?
10:58 < tya99> ill try putting one vlan in there
10:58 < tya99> and see if it does it
10:59 < Li> I've tried some linux distro(s) GUI to share internet connection from wireless to ethernet interfaces some do like ubuntu mate while other don't like debian? my question how to use one of those terminal commands route/share wifi to ethernet
10:59 < tya99> you'd just have to use ip add route
11:00 < kidn3ys> tya99: yea -- kinda down to commenting out lines to see if you can get it to go away at this point
11:00 < Li> kidn3ys: many people do that on daily bases, so why do you assume I'm not one of those?
11:00 < tya99> you could also do it with iptables ie forward
11:00 < tya99> from one interface to the other, that would be more likely on a router
11:00 < kidn3ys> Li: good luck with your bridging
11:01 < tya99> kidn3ys: yes when i did it for one interface i still saw the error
11:01 < tya99> just once instead of 3 times :)
11:11 < spaces> I advise everyone to work from bed!
11:13 < spaces> li ?
11:13 < tya99> spaces: i should take my router to bed
11:13 < spaces> tya99 it can keep you warm
11:13 < tya99> which is connected to my switch and modem
11:14 < spaces> catphish what has Li done ?
11:14 < tya99> sadly my main WAN link is down until i fix this
11:14 < spaces> tya99 but you have internets
11:14 < tya99> yeah that's through my phone
11:14 < tya99> not really ideal
11:14 < spaces> which is really 2018!
11:15 <+catphish> kidn3ys: nb. you can't do that with bridging, has to be routed
11:16 < spaces> yap needs to be routed
11:17 < tya99> i was right about something!
11:17 < kidn3ys> catphish: my original question still stands -- why would you do that?
11:17 <+catphish> kidn3ys: why would you want to share a wifi connection to ethernet? plenty of reasons
11:18 <+catphish> kidn3ys: most obvious: you have a device that has no wifi, and want to use it somewhere that only has wifi connectivity
11:18 < kidn3ys> sorry, im talking about the string of devices he's listed out.
11:18 < tya99> where is my ★
11:18 <+catphish> i don't think i saw that
11:19 < kidn3ys> catphish: "from wifi to rPi-wireless card to rPi-ethernet to  adsl-modem|switch|accesspoint-ethernet and put it again on another wifi ssid?
11:20 <+catphish> kidn3ys: well that's a little mad
11:20 < kidn3ys> I rest my case.
11:22 <+catphish> well Li isn't welcome here anyway
11:22 <+catphish> so i wouldn't worry
11:23 < kidn3ys> catphish: heh, why is that?
11:23 <+catphish> very poor conduct in the past
11:23 < kidn3ys> ah
11:47 < tya99> kidn3ys: i wonder
11:47 < tya99> if the problem was
11:47 < tya99> looking at https://wiki.alpinelinux.org/wiki/Vlan
11:47 < tya99> i didn't add that second bit
11:47 < tya99> ie
11:47 < tya99> auto vlan8
11:47 < tya99> iface vlan8 inet static
11:47 < tya99> just the iface eth0.8 part
11:48 < kidn3ys> tya99: the pastebin you sent me shows the 'auto vlanX' bit
11:51 < pikaro> what's the actual practical relevance of spf / dkim / dmarc, to ask provocatively? everywhere you look, configuration guides say to enable reporting, but never use any of them for rejection. you can even send to gmail with bad dkim, and everybody just seems to ignore spf entirely. do any of you actually enforce these policies?
11:52 < pikaro> (if mail is OT here, please direct me to another channel)
11:54 < detha> pikaro: not many places reject outright, but they do a 'move to spam folder' or whatever their equivalent is
11:55 < kidn3ys> pikaro: I used to. I got tired of telling other organizations how to fix their setups though. It's just had poor adoption.
11:56 < JPT> SPF is hard to enforce since people may forward email to other addresses. DKIM tells you if that mail got sent from an "authorized" server, but not all organizations have dkim set up for all of their mailservers.
11:57 < JPT> DMARC builds on SPF+DKIM and its reporting feature may help you understand how emails sent from your servers/domain actually look like.
11:57 < kidn3ys> ^^ especially if they outsource marketing campaigns and the like
11:58 < JPT> Unfortunately, email itself is very flexible. That's why even if an email matches the senders SPF and DKIM policy, it may just be spam. And if an email does not match SPF or DKIM policy of the sender domain, that does not indicate that it is spam.
12:01 < JPT> Personally, i would like to see a new system that takes over the current email system while still being peer to peer and also solving most of our existing problems with sender address spoofing and spam.
12:01 < pikaro> isn't srs supposed to address forwarding? and you can just add your marketer to the spf rr like people do for salesforce et al. that's like five minutes of work
12:01 < JPT> SRS solves forwarding issues regarding SPF, but unless you set it up on your server and everyone else does that, too, it will not help everyone.
12:02 < JPT> Also, in case people forward email, SRS will make YOU look like YOU are the sender of that spam mail that got forwarded.
12:02 < JPT> So ... it's not perfect.
12:02 < tya99> kidn3ys: i think i discovered also what is causing it the iface inet6 static section for each vlan's IPv6 address
12:03 < JPT> So far, i have only seen a hand full of domains that make use of -all in their SPF policy. Apart from a few banks, one was a paypal domain.
12:03 < pikaro> I get that it's not that easy with a bare-bones server - I'm currently trying to get the whole shebang working with sendmail. but with professional products, all of these are easy - at least with the ones I worked with, which is to say nor exchange. maybe that's part of the reason.
12:05 < JPT> pikaro: You're trying to set up a mailserver using that giant sendmail daemon? If you like sendmail, that's fine. But if you don't, maybe consider taking a look at postfix
12:05 < pikaro> jpt, postfix is next, this is for learning
12:05 < JPT> Alright. :)
12:19 < tya99> kidn3ys: https://dpaste.de/ctCm
12:19 < tya99> the problem i seem to be having is: # Seems to cause error :(
12:20 < tya99> or if i have that auto vlan2 section uncommented
12:20 < tya99> the interface seems to have come up without the auto vlan2 bit
12:21 < tya99> ie https://dpaste.de/32s4
12:27 < tya99> mm maybe i should not have it like i do
12:27 < tya99> ie auto eth0.X
12:28 < tya99> looking at this one https://wiki.debian.org/NetworkConfiguration#Caveats_when_using_bridging_and_vlan they don't have it there
12:34 < tya99> ill try this https://unix.stackexchange.com/questions/128439/good-detailed-explanation-of-etc-network-interfaces-syntax
13:27 < tya99> hmm
14:24 < kixem> how can i see a host's name from an IP? (from linux)
14:24 < light> nslookup
14:24 < TandyUK> dig -x
14:24 < TandyUK> assuming working dns anyway
14:25 < kixem> i mean in a LAN. which doesnt have dns..
14:25 < light> your DHCP server may be adding the names to a DNS service on your router
14:26 < TandyUK> ssh in and type 'hostname' is theother way lol
14:27 < TandyUK> tbf, you dont even need to log in, it'll probably say the hostname on the ssh banner
14:28 < kixem> when i use the android app fing it will show the hostnames... i dont know how ..
14:28 < light> DNS.
14:29 < kixem> but when i try in linux with nslookup --> no results
14:30 < tya99> it maybe your distribution does not have that installed
14:30 < tya99> does dig work?
14:30 < kixem> neather dig
14:30 < tya99> what distribution are you using?
14:31 < kixem> ubuntu mate. i have nslookup and dig installed
14:31 < Fieldy> wut
14:31 < tya99> i thought you said you didn't have those
14:32 < kixem> i have them . but they dont show the hostnames in the LAN
14:32 < kixem> i think dns doesnt exist in the LAN
14:32 < tya99> nslookup and dig are in the dnsutils package https://packages.ubuntu.com/bionic/amd64/dnsutils/filelist
14:32 < tya99> maybe you have no dns servers
14:32 < tya99> to do any lookups
14:33 < kixem> probably. but how does fing show the hostnames?
14:33 < tya99> show us the output of "systemd-resolve --status"
14:34 < tya99> those tools need to be able to contact DNS servers to give you the hostnames
14:34 < kixem> systemd-resolve: unrecognized option '--status'
14:34 < detha> ehm, mdns / samba stuffs maybe?
14:34 < kixem> i'm talking about hostnames in a private LAN
14:35 < tya99> oh well that won't be on DNS then
14:35 < light> not on public DNS, but most home routers will store that information
14:35 < tya99> yes
14:36 < light> query specifically against your router
14:36 < kixem> how?
14:36 < light> nslookup host router
14:36 < tya99> nslookup and dig won't find those they will do searches in whatever DNS server dhcp has given you
14:37 < tya99> and your router probably gave you your ISPs dns server
14:37 < tya99> not all routers support mDNS
14:37 < tya99> https://en.wikipedia.org/wiki/Multicast_DNS
14:39 < kixem> light, i tried it and : ;; connection timed out; no servers could be reached
14:39 < tya99> https://askubuntu.com/questions/161377/how-can-i-discover-the-hostnames-for-all-the-machines-on-my-lan
14:39 < tya99> seems like a way of doing it
14:39 < light> pastebin the output and the output of ip a
14:40 < tds> did the hostname that app gave you include .local?
14:43 < kixem> nbtscan works with netbios instead of dns but this gave me no results too.
14:44 < light> this sounds like a layer 8 problem
14:44 < kixem> no .local
14:44 < tds> do you have access to any of the machines which the app was able to see the hostname of?
14:44 < tds> if so, might just be worth trying running a packet capture on those to see how it discovered them
14:45 < light> my money is via DNS
14:45 < kixem> or find the the open ports they listen..
14:49 < tds> lol, just tried that app, it seems to think I'm not connected to a wifi network at all
14:51 < tds> yeah, it looks like it just does rdns lookups, but I think it'll do netbios as well
14:53 < tds> kixem: if you tap on one of the devices in question, is the hostname you were thinking of listed as "hostname" or "netbios name"?
14:53 < kixem> tap?
14:54 < tds> on the app
14:59 < kixem> tds: hostname
14:59 < tds> i'm pretty sure it gets that via a rdns lookup in that case
14:59 < kixem> so, how do i rdns in linux?
14:59 < light> nslookup
14:59 < tds> dig, nslookup, host, whatever
15:00 < kixem> i tried nslookup..
15:00 < light> 20 minutes ago I told you to pastebin
15:03 < TandyUK> kixem: what are you atually trying to achieve, atm this feels very much X-Y problem to me
15:03 < TandyUK> like _why_ are you trying to find the hostname of a random system on your lan
15:03 < TandyUK> you know its ip, so what relevance does the name even have?
15:06 < CoolerY> hey i am trying to do some basic get requests manually
15:06 < CoolerY> but for some reason the server isn't responding
15:07 < CoolerY> this is my request
15:07 < CoolerY> const httpReq = 'GET / HTTP/1.1\r\nHost: www.example.com\r\nConnection: keep-alive\r\n\r\n';
15:07 < kixem> https://pastebin.com/LMJjNy6U
15:07 < scientes> don't use \r
15:07 < CoolerY> i am doing this in nodejs, for some reason the server doesn't send anything back and there is no error either
15:07 < tds> kixem: what's the content of /etc/resolv.conf?
15:07 < tds> since you're connected to two networks, it seems likely you're using the dns resolver for the wrong one
15:07 < light> 127.0.1.1 as your DNS?
15:07 < tds> oh oops, missed that :)
15:07 < CoolerY> i am using net.connect(80, 'www.example.com');
15:08 < tds> sounds like dnsmasq?
15:08 < CoolerY> scientes, why not
15:08 < scientes> also you don't need to put in the keep-alive part CoolerY
15:08 < shtrb> CoolerY, \n maybe be converted to \r\n if not sent in a binary way
15:08 < kixem> nameserver 127.0.1.1   search local
15:08 < CoolerY> i am sending by    socket.write(Buffer.from(httpReq, 'ascii'));
15:09 < light> kixem: ip r
15:09 < CoolerY> i put in keep-alive because i thought maybe it was because i didn't send FIN
15:09 < CoolerY> that the server wasn't responding
15:09 < shtrb> you should get a redirect
15:09 < CoolerY> i have handlers on data and error and end and close events of the socket
15:10 < scientes> CoolerY, pm me your host
15:10 < CoolerY> none of them get called
15:10 < CoolerY> scientes, my host?
15:10 < kixem> https://pastebin.com/qgkquSKB
15:10 < light> CoolerY: have you tested your code with netcat?
15:10 < CoolerY> oh i should mention i am doing this in repl.it
15:10 < scientes> CoolerY, what light said
15:11 < CoolerY> light, no i can't access netcat on repl.it
15:11 < light> CoolerY: test locally
15:11 < tds> kixem: as a guess, what happens if you run "host 192.168.42.1 192.168.42.1"?
15:11 < CoolerY> light, locally it works perfectly
15:12 < kixem> tds: ;; connection timed out; no servers could be reached
15:12 < compdoc> .
15:13 < tds> kixem: do you know the ip of the dns resolver on the 192.168.42.0/24 network?
15:14 < kixem> no. how can i find it?
15:14 < tds> assuming you're using network-manager, that will probably know it if you're getting an address via dhcp
15:15 < tds> what's the output of "nmcli connection show"?
15:15 < CoolerY> hmm
15:15 < CoolerY> somehow i got it to work
15:15 < tds> and then the output of nmcli connection show "<one of those connection names>" | grep -i dns
15:15 < CoolerY> https://repl.it/repls/PriceyDarkorangeLoopfusion
15:15 < kixem> primary dns 8.8.8.8
15:16 < tds> where did you find that?
15:16 < TandyUK> kixem: this is why it doesnt work, google doesnt know your local hosts, yu need a dns server locally, possibly in your 'router', which in turn then asks something like google or you isp
15:16 < tds> you should see a like like IP4.DNS[1]  192.168.42... or IP6.DNS[1]  ...
15:17 < TandyUK> i didnt see you answer my question about _why_ you are trying to find the hostname for a local ip
15:17 < light> look at the DNS your phone is assigned
15:17 < kixem> right click ---> connection information
15:18 < tds> hurricane electric's app will list your dns resolver under interface information
15:30 < kixem> tried hurricane electric's app. doesnt show dns...
15:31 < kixem> ok .th thig is since i tried nslookup with server parameter and it sais  ";; connection timed out; no servers could be reached" then there is no dns-server running on the router.
15:32 < kixem> so fing finds the hostnames with some other way..
15:33 < kixem> i give up
15:58 < jvwjgames> i found out that the password is causing an issue on openbgp on pfsense cause when i changed the password the error went away and openbgp started up
15:59 < jvwjgames> so i am trying to get vultr to change the password but they haven't responded to my ticket for almost 8 hours
15:59 < jvwjgames> openbgp was working fine i rebooted and now it won't come back up
16:03 < tya99> hopefully some hero can solve my woes https://lists.alpinelinux.org/alpine-user/0366.html
16:03 < jvwjgames> nevermind i fixed it i put "" in and it fixed it
16:09 < tds> tya99: is there any reason why you have duplicate interfaces eg eth0.2 and vlan2 with vlan-raw-device?
16:09 < tds> normally you'd just use one of those two methods, not both
16:09 < tya99> i had wondered about that
16:09 < tya99> a couple of guides on the internet did both including this wiki article
16:10 < tya99> oh shit i misread that
16:10 < tya99> https://wiki.alpinelinux.org/wiki/Vlan derp
16:10 < tya99> didn't see the word alternative
16:10 < tya99> i wonder which is better?
16:10 < tds> oops, at least that's an easy fix :)
16:10 < tds> I prefer the eth0.2 syntax, it's easier to tell which physical interface it is
16:10 < tya99> in any case i was still seeing the same error with the ipv6 addressing
16:11 < tya99> yeah
16:11 < tya99> i had commented that out
16:12 < tya99> and i was still seeing: run-parts: /etc/network/if-pre-up.d/vlan: exit status 2
16:13 < tds> can you upload the full config with only one type of vlan interface now?
16:13 < tds> oh, I can see that Dagger is helping in #ipv6 now, cool :)
16:13 < tya99> yeah i will try that
16:13 < tya99> also someone said you can use CIDR notation
16:13 < tya99> i hate netmask 255.255.255.0
16:14 < tya99> die die die
16:14 < tya99> :P
16:46 < AlexPortable> my situation is switch1, port 1 goes to router, port 2 goes to switch2. on switch2: port 1 goes to switch1, port 2 is private network (vlan 3), port 5 is guest network (vlan 6). what should be tagged, untagged and member ?
16:50 < kidn3ys> AlexPortable: do you have subinterfaces on the router?
16:50 < AlexPortable> what are subinterfaces?
16:51 < AlexPortable> router has no vlan support
16:51 < kidn3ys> k, so you mentioned you have a 'private network' and a 'guest network' but only one port in each...
16:52 < kidn3ys> what are the devices that go into those ports?
16:52 < AlexPortable> well there are more ports on the router
16:52 < AlexPortable> but at least these ports
16:52 < AlexPortable> erm on the switches
16:53 < jvwjgames> is there a way to make a cool 3d network map like HE has
16:53 < kidn3ys> so port 5 and port 2 on switch 2 go to the router?
16:54 < AlexPortable> switch2 is connected to switch1, not to the router
16:54 < AlexPortable> wait ill draw it
16:55 < kidn3ys> AlexPortable: no, i follow it.. is one of your switches a L3 switch?
16:56 < AlexPortable> not entirely sure
16:56 < kidn3ys> ok then
16:57 < kidn3ys> so switch 1 port 1 should be tagged for whatever VLAN the clients that use the router as the gateway are in (call it VLAN X). port 2 should be tagged for X,3 and 6.
16:58 < kidn3ys> on switch 2, port 1 should be tagged for X,3 and 6. port 2 should be untagged for 3, port 5 should be untagged for 6.
16:59 < AlexPortable> https://imgur.com/a/xP2P3vL
16:59 < AlexPortable> what do you mean "port 2 should be untagged for 3" ?
17:00 < Apachez> he is drunk
17:00 < kidn3ys> i fucking hope so.
17:00 < Apachez> switch2:
17:00 < Apachez> int1: tagged: X, 3, 6, untagged: none
17:00 < Apachez> int2: tagged: none, untagged: 3
17:00 < Apachez> int5: tagged: none, untagged: 6
17:03 < dogbert2> hey Apachez
17:07 < AlexPortable> so i basically only have to tag a port when there's another switch connected to it that understands vlans ?
17:09 < tds> doesn't have to be a switch, could be a computer, router, whatever, just needs to understand vlan tags
17:11 < AlexPortable> then what are untagged ports for?
17:11 < tds> devices that don't understand/expect tagged frames
17:12 < tds> so that'll likely be most devices on your network
17:12 < AlexPortable> and PVID ?
17:13 < tds> that's the default tag the switch will add to any untagged ethernet frame it receives
17:14 < AlexPortable> receives for that port, or from the port?
17:15 < tds> received from the device attached to that port
17:18 < Apachez> hi ddoggybert
17:18 < Apachez> AlexPortable: didnt we lecture you about this the other night?
17:18 < Apachez> an ethernet frame is normally untagged
17:19 < Apachez> but witht he 802.1q standard it can be tagged with 4 bytes
17:19 < Apachez> which identifies which vlan this frame belongs to when you send it to another device
17:19 < Apachez> for a single interface only one vlan can be untagged
17:19 < Apachez> but you can have 0 to many tagged vlans
17:20 < Apachez> now regarding tagged/untagged or trunk/access (cisco lingo)
17:20 < Apachez> some devices wants to define to which vlan an untagged frame should be considered belonging to if such arrives
17:21 < Apachez> this is essentially the same as untagged vlan for that interface
17:21 < Apachez> but some calls this pvid
17:22 < Apachez> even if you use tagged frames there will be untagged frames for CDP, LLDP, LACP, RTP etc
17:25 < AlexPortable> but why is PVID needed, if I already setup the port to be a member of the desired vlan?
17:28 < Apachez> depends on vendor
17:28 < Apachez> allied telesis doesnt need it if you configure the interface to only accept tagged frames
17:28 < Apachez> but in cisco world you cant do that
17:28 < Apachez> it will aleways accept untagged frames too
17:28 < Apachez> so question is which vlan should incoming untagged frames be put to?
17:28 < AlexPortable> how about basic soho stuff?
17:28 < Apachez> thats what PVID defines
17:50 <+catphish> AlexPortable: you coud argue that if a port is only a member of one vlan, the pvid should be implied from that, but to keep things standard, you often have to specify it anyway
17:50 <+catphish> if it's a member of multiple vlans then of course you need to specify which vlan to apply to untagged packets that arrive  on that port
17:52 <+catphish> i like to think of VLAN settings on a port as being 3 things: 1) which vlans should exit this port, and should they have a tag on them when they do 2) which vlans should be allowed to enter this port 3) which vlan should we associate packets that enter this port and have no tag yet
17:53 <+catphish> oftem (1) and (2) are grouped into the same thing thing (just called VLAN membership, with each VLAN being specified as tagged or untagged for outbound frames) and (3) is PVID
17:54 <+catphish> other times you have terms like "access port" where you specify only one VLAN, and this satisfies all 3 settings at once
18:02 < BullHorn> hello. i used to run a PPTP VPN server on my own machine but recently my ISP blocked port 1723 probably for security reasons. i dont think theres a way to natively run a L2TP VPN server on windows
18:02 < BullHorn> any advice how to make this happen?
18:05 < Mr_Midnight> BullHorn: You could use OpenVPN... https://community.openvpn.net/openvpn/wiki/Easy_Windows_Guide
18:05 < BullHorn> is this a 100% free solution btw?
18:07 < Mr_Midnight> For up to 2 connected devices
18:07 < Mr_Midnight> https://openvpn.net/index.php/access-server/pricing.html
18:07 < tya99> BullHorn: openvpn is also a lot more secure
18:07 < tya99> and yes openvpn is free open source
18:08 < BullHorn> thanks ill try it
18:08 < tds> those limits only apply to openvpn access server, the open source version doesn't have any limits like that
18:08 < BullHorn> i also just heard about SoftEther VPN, is that not recommended?
18:08 < tya99> Mr_Midnight: that is a support contact
18:08 < tds> ^
18:08 < tds> iirc that gets you a appliance with a fancy ui and commercial support
18:08 < tya99> yeah
18:09 < tds> if you don't need that, you can just configure ovpn yourself
18:09 < tya99> nearly every vpn provider uses openvpn though
18:10 < Mr_Midnight> tya99: It says Support and Updates included but it is a license fee per connected device past the 2 free connected devices if you read the page
18:10 < tya99> yeah for their appliance
18:10 < tya99> not for the software itself
18:10 < tya99> you can run an openvpn server and client on anything you want for free
18:10 < tya99> its only if you want their fancy rackmount thing with a SLA
18:11 < tya99> which some business might do
18:11 < tds> I don't think it's only a physical appliance, I think they do VMs as well?
18:11 < tds> but yeah, for most use cases just installing the open source version yourself will be fine
18:12 < BullHorn> that guide must be outdated because the first step is already wrong ._.
18:13 < BullHorn> Navigate to the C:\Program Files\OpenVPN\easy-rsa folder -- it doesn't exist inside the OpenVPN folder rip me
18:14 < Mr_Midnight> BullHorn: check C:\Program Files (x86)
18:14 < BullHorn> i did
18:14 < Mr_Midnight> hmm.. odd
18:15 < BullHorn> ill just get easy-rsa manually and hope its the same
18:16 < tya99> there will be plenty of documentation out there for openvpn servers
18:16 < tya99> i've not set one up myself but i know it can be done
18:16 < tya99> i do however know that PPTP and L2TP should be avoided in preference to openvpn or ipsec
18:17 < tya99> But PPTP is widely regarded as obsolete. Microsoft developed and implemented it as far back as Windows 95 and Windows NT. Researchers first found flaws in the protocol’s cryptography in 1998. By 2012, several vulnerabilities had surfaced and the encryption could be broken with relative ease using widely available tools.
18:17 < tya99> https://www.comparitech.com/blog/vpn-privacy/the-pptp-vpn-protocol-is-not-secure-use-these-alternatives-instead/
18:18 < BullHorn> yeah i need to find an up-to-date guide though, the preparatory steps are outdated
18:18 < tya99> In short, don’t use PPTP if you care at all about security when setting up a VPN. Instead, opt for a more secure protocol: OpenVPN, L2TP/IPSec, SSTP, or IKEv2.
18:18 < tya99> SSTP i think is proprietary microsoft stuff
18:25 < BullHorn> ill go ask in #openvpn maybe they have direct advice for that out-dated guide
18:25 < BullHorn> thanks for pointing me in the right direction nonetheless :)
18:29 < dogbert2> just got this for $98 at Frys - https://www.frys.com/product/9028547?nearbyStoreName=false&site=sunemail061718
18:30 < tya99> so i have this network with 3 VLANs described here https://lists.alpinelinux.org/alpine-user/0366.html
18:30 < tya99> would i need a L2 or L3 switch
18:30 < tya99> the tldr version is currently i am using iptables+iproute and:
18:30 < tya99> Traffic from 192.168.2.0/24 hosts destined to go out ppp0
18:30 < tya99> Traffic from 192.168.3.0/24 hosts destined to go out of tun0
18:30 < tya99> Traffic from 192.168.4.0/24 hosts not to be forwarded.
18:31 < tya99> the difference is now i want to implement 3 VLANs, 2, 3, 4
18:31 < tya99> https://i.imgur.com/hDBLc8G.png Note the router is plugged into port 1
18:31 < tya99> will traffic get from the other untagged ports to the tagged port and thus the router without me having to do anything on the switch like adding routes
18:32 < tya99> ie if a packet comes from host 192.168.2.55 (workstation) > switch > router > switch > printer (192.168.4.23) for example
18:32 < tya99> that is technically inter-vlan routing
18:33 < tya99> which would sort of indicate i should configure my switch in L3 ie with routes
18:33 < tya99> because it is more efficient to do so than the router
18:33 < tya99> obviously the purpose of VLAN 2 and 3, has to go to the router because it has to go out of the network
18:33 < djph> "more efficient"
18:34 < tya99> because a switch would be able to move higher volumes of packets quicker
18:34 < djph> depends on whether the switch is on-par with the router
18:34 < tya99> than a router
18:34 < djph> nah
18:34 < tya99> not that i really care because i have next to zero inter-vlan traffic
18:34 < tya99> so i would think a L2 configuration would be fine
18:35 < tya99> maybe in a corporate or large network then i could improve things by say having routes that mean that the workstation doesn't have to send its packets to the router?
18:35 < djph> sure, you can stick everything on the same subnet and keep it all in the same L2 domain.
18:35 < dogbert2> hey djph
18:35 < djph> yo
18:35 < tya99> so if they are on different subnets like i've described
18:35 < tya99> will they still get to the router?
18:35 < djph> then you have to route.
18:35 < djph> sure
18:35 < dogbert2> just got this for $98 at Frys - https://www.frys.com/product/9028547?nearbyStoreName=false&site=sunemail061718 (makes a nice linux dev box)
18:36 < tya99> is dogbert2 a robot spammer?
18:36 < djph> $100? nice
18:36 < Apachez> tya99: I think so
18:36 < tya99> i had some guy kang0 ask me for schools that teach english
18:36 < tya99> and wanted to know where i lived and shit in pm
18:36 < tya99> because apparently he can't use google
18:36 < Mr_Midnight> yeah kang0 PM'd me too
18:37 < Mr_Midnight> I just ignored it
18:37 < tya99> but he can speak english enough to ask me that shit
18:37 < dogbert2> yeah...the intel NUC I was looking at (smaller form factor) would have cost me $250 (with memory and SSD)
18:39 < tya99> so djph do you think i would need routes?
18:39 < tya99> or the packets would simply get 'lost'
18:39 < tya99> without ever making it to the router
18:40 < tds> well whatever is routing needs routes, so an l3 switch needs routes, l2 doesn't
18:41 < tds> an l3 switch just moves your inter-vlan routing directly onto the switch, rather than doing it on a router attached to the switch
18:41 < tya99> what if i want the router to do it
18:41 < tya99> which is in port 1
18:42 < tds> then you need routes on the router, but the switch doesn't care about routing, it only needs to know about vlans
18:43 < tya99> right
18:43 < tya99> that's what i thought
18:43 < tya99> and i do have those routes on the router
18:44 < tya99> ie /sbin/ip route add 192.168.2.0/24 dev eth0 table LAN
18:46 < tya99> would allow a packet to go from one subnet to another
18:47 < detha> that does not look right. on linux box with a couple of vlan interfaces you shouldn't have to manually add routes
18:48 < tya99> i have three routing tables
18:48 < tya99> i should have mentioned that
18:49 < tya99> https://wiki.alpinelinux.org/wiki/Linux_Router_with_VPN_on_a_Raspberry_Pi#.2Fetc.2Fiproute2.2Frt_tables
18:49 < tya99> but that example uses aliased ips on the same interface. I am basically trying to do the same thing as that article but with VLANs
18:49 < tya99> (note the picture above it)
18:50 < tya99> i did get it working so I know it works
18:50 < detha> that looks like a rather complex and very specific setup
18:51 < tya99> well when i came across it i decided that's what I wanted :P
18:51 < tya99> except i wanted to expand upon it and implement IPv6
18:52 < tya99> which would be impossible without VLANs because SLAAC would broadcast to all three 'aliases' because they have the same link local
18:52 < tya99> but with VLANs i can set it to prefix delegate on one interface (eth0.2 in this case)
18:52 < tya99> and use ULA NAT66 on eth0.3 (for the VPN)
18:53 < tya99> and just ULA no NAT (because there's no routes out of the network for eth0.4)
18:54 < tya99> so my impression is i can keep my switch in L2 mode and just configure the VLANs as I have done
18:54 < tya99> if I don't mind all packets passing through the router
18:55 < tya99> at least according to that https://community.fs.com/blog/layer-2-switch-vs-layer-3-switch-which-one-do-you-need.html
18:55 < detha> you can, if it is all low-bandwidth stuff
18:56 < tya99> yes
18:56 < tya99> a single print job here and there isn't going to be a lot of bandwidth :)
18:56 < tya99> i should also add this isn't a commericial application, rather more an experiment
18:56 < tya99> if i was doing this commercially i would not have a VPN thing on the router
18:57 < tya99> i'd probably have something on the switch behind the router to do that
18:57 < tya99> which seems to be the way that most enterprise places do VPN stuff
18:57 < tya99> ie with dedicated concentrators/access servers
18:58 < tya99> and because my WAN link is only 30mbit the raspberry pi has more than enough cpu for it
18:59 < tya99> a crappy FTTN link
19:02 < tya99> detha: i think i understand now anyway
19:02 < tya99> because it would know from the host's default gateway
19:02 < tya99> eg if the packet from 192.168.2.55, and has the default gateway of 192.168.2.1
19:03 < tya99> the switch is going to know it has to send it to that router
19:03 < tya99> although L2 doesn't care about IP addresses...
19:08 < detha> effectively, yes. .2.55 is going to send an ARP request for .2.1, router responds, .2.55 now knows the router's MAC address, and sends the packet there. Switch just sees a packet for that MAC address, and sends it to the router.
19:09 < tya99> ah!
19:09 < tya99> thanks for explaining that :)
19:10 < tya99> i guess what made it complicated for me is that i actually have an L3 switch :)
19:10 < tya99> just the L3 bits are not enabled
19:11 < AlexPortable> catphish: thanks for the explaination
19:12 < tya99> i was having a look at the EdgeOS web interface and there's a lot of features there
19:12 < tya99> in any case if i want to explore creating inter-vlan routes at a later date i always can
19:16 < AlexPortable> is it bad to use a router as a switch?
19:16 < tya99> they are two different things
19:17 < AlexPortable> well it's just that a router with 8 ports is cheaper than a switch with 4 ports
19:17 < tya99> in consumer equipment routers usually include switch
19:17 < tya99> keep in ind
19:17 < tya99> not all switches truly have dedicated 8 ports
19:17 < tya99> sometimes internally they use VLANs
19:18 < tya99> i found that when researching openwrt equipment
19:18 < AlexPortable> wha do you mean?
19:18 < tya99> they can have a software switch inside
19:18 < AlexPortable> ah like that
19:19 < AlexPortable> well, is mikrotik consumer equipment?
19:19 < tya99> TP-link tends to do that
19:19 < AlexPortable> is there a list of tp-link models that do this?
19:19 < tya99> it would dpend
19:20 < tya99> https://wiki.openwrt.org/toh/tp-link/td-w8980 i think that might be one such model
19:20 < tya99>  The XWAY VRX286 SoC features an internal configurable Infineon Gigabit Ethernet switch that connects all the physical Ethernet ports together.
19:21 < tya99> so they aren't actually 'separate ethernet ports' as in interfaces
19:21 < AlexPortable> but is this only the case for routers, or also for switches?
19:21 < tya99> well in that kind of hardware they act as both
19:21 < tya99> not for commericial stuff
19:21 < tya99> and i doubt microtik would do that
19:21 < AlexPortable> i mean when you get a tp-link 'switch' without routing capabilities
19:22 < tya99> then that wouldn't be like that no
19:22 < tya99> it would be those all in one consumer wifi-modem router things
19:22 < tya99> that might choose to do it that way
19:22 < tya99> but those usually blow for any kind of performance
19:22 < AlexPortable> blow as in positive?
19:23 < tya99> now as in suck
19:23 < detha> tya99: https://i.mt.lv/routerboard/files/RB1100AHx4v4-170816141042.png
19:24 < detha> Those 2.5Gb links to the control plane are mapped as vlan1..5 for port 1..5
19:24 < tya99> heh
19:26 < AlexPortable> how about this? https://i.mt.lv/routerboard/files/Block-RB2011UAS-2HnD.pdf
19:27 < detha> probably still the same. 2011 performance between port groups sucks.
19:28 < detha> well, anything that hits control plane
19:28 <+catphish> i wonder why they used 3 separate switches, that seems like a poor design
19:28 < detha> cheap silicon....
19:29 < detha> 6-port ASIC is what goes into most consumer 4 LAN + 1 WAN + CPU multi-function devices
19:30 <+catphish> so, intel are releasing a graphics card, this is cool, i hope this means we can finally have good linux graphics support
19:30 < AlexPortable> so would it make sense to replace a consumer 8 port switch with the 2011 one?
19:30 < tya99> well it depends on your bandwidth needs
19:31 < detha> if you need a switch? no.
19:31 < tya99> that too
19:31 <+catphish> or maybe not
19:32 < AlexPortable> i need a switch, and something that gives me more vlan capabilities (as in routing between two vlans, but not allowing outside internet access for devices in the vlan)
19:32 < detha> intel has been fairly good with linux support; not like the 'either you run a blob we give you, or you have horrible performance' like some vendors
19:32 < detha> ehm, if it routes, it's not a switch
19:33 < tya99> AlexPortable: https://community.fs.com/blog/layer-2-switch-vs-layer-3-switch-which-one-do-you-need.html
19:33 < tya99> you might find that interesting
19:33 <+catphish> detha: intel provide proper documentation for their hardware
19:33 <+catphish> do writing drivers is easy
19:33 <+catphish> *so
19:34 < detha> For some value of easy.... graphics drivers are somewhat complicated these days
19:34 < AlexPortable> according to the arcile i need a layer 3 switch
19:34 <+catphish> well that's probably true, but there are people who are good at it :)
19:35 < detha> true. and intel has been fairly good with giving examples/reference implementations
19:36 < AlexPortable> well, i just thought it would be easier to get the 2011, and not having to get a small router, and then another switch after that again
19:36 < AlexPortable> or is it possible to setup a vlan in such a way that the device can access other devices, but not access the internet?
19:36 < detha> 2011 is a cheap 'universal router/switch/firewall/...' device
19:37 < AlexPortable> How about RB951G-2HnD ?
19:38 < detha> similar, the xx1 says it's got a radio, not all 2011 models have that
19:38 < AlexPortable> they both have wifi
19:42 < liveuser33> join ##commplex
19:43 < liveuser33> #frs14
19:45 < AlexPortable> But will these devices perform worse than the average Netgear/consumer grade networking switch with VLAN capabilities?
19:46 < detha> if you use it just as an L3 switch, probably not
19:47 < liveuser33> youd think somebody with a mind shouldve designed the android phones
19:48 < liveuser33> like turning off radios in low power mode
19:48 < liveuser33> having a seperate charger and two batteries
19:48 < liveuser33> for avoiding em interference
19:49 < liveuser33> and USB option for a real keyboard
19:49 < liveuser33> some sort of standardized microphone jack
19:50 < liveuser33> inlaid power button so it is not pressed in the pocket
19:50 < liveuser33> thatd been evidence a mind was at work
19:51 < liveuser33> yeah?
19:52 < liveuser33> instead it is someginf like swarms of transient bugs
19:52 < liveuser33> then upgrade the phone/cpu
19:52 < liveuser33> new swarm
19:53 < liveuser33> higher clock rate
19:53 < liveuser33> more frequent nonsense
19:53 < liveuser33> increases in mindless attacks
20:21 < moriarty--> https://www.bloomberg.com/news/articles/2018-06-17/bitcoin-could-break-the-internet-central-banks-overseer-says - is this a reasonable assumption? that the associated communication volume of bitcoin network will grind the internet to a halt?
20:37 <+catphish> moriarty--: it doesn't seem to be backed up with any calculations, so i would bee inclined to assume it's false until i saw more informtation, seems more like an offhand guess
20:37 < moriarty--> catphish, cheers
20:37 <+catphish> "it would eventually overwhelm everything from individual smartphones to servers" this is telling that whoever wrote this doesn't know how either bitcoin nor the internet works
20:38 <+catphish> with that said, bitcoin does have serious scaling issues
20:38 <+catphish> it's just that i don't think the author of this article understands them enough to make statements about the nature of the problems
20:38 < Apachez> more likely that they eat up all the power for no use
20:39 < Apachez> I still havent seen any commercially coin mining company who is taking care of the heat being produced
20:39 < Apachez> they just vent it out into the air
20:39 <+catphish> the power thing is ridiculous :(
20:39 < Apachez> I mean some complain on AC users during summers
20:39 < Apachez> causing distrubtions of the power grid
20:39 < Apachez> but AC have at least a use for the owner
20:39 < Apachez> this shit just vents it out
20:40 < Apachez> how it looks like https://www.youtube.com/watch?v=kRzY13KIZDw
20:42 < moriarty--> catphish, that's a reasonable statement yes
20:42 < moriarty--> Apachez, i wonder if hot/cold aisle is still a thing
20:42 <+catphish> it is
20:42 <+catphish> it's probably the most common method to cool data centres, at least shared ones
20:43 < Apachez> moriarty--: hot-hot and cold-cold yes
20:43 < Apachez> but those are open space
20:43 < Apachez> so I dunno
20:44 < Apachez> but the other way would overheat the end rows
20:44 < Apachez> like if you have hot-cold hot-cold hot-cold
20:44 < Apachez> the last one will have like +100C as inlet airtemp :P
20:44 < moriarty--> lol
20:44 < Apachez> so its less worse to have hot-cold cold-hot hot-cold cold-hot
20:44 < Apachez> and have them to push air onto each others asses
20:44 <+catphish> Apachez: it just alternates hot-cold, it's not very complicated afaik
20:44 < Apachez> downside comes if one row stops
20:45 < Apachez> so you get air pushed backwards sort of speak
20:45 < Apachez> catphish: when you have hot-cold hot-cold hot-cold the last row will get very hot air blown at its "cold" side
20:45 <+catphish> no
20:46 <+catphish> each row of racks is just at 180 degrees to the previous row, so if you're in a cold isle, you have the front of racks on both sides if you
20:46 <+catphish> and if you're in a hot isle you have the back of the racks
20:46 <+xand> aisle :)
20:46 <+catphish> xand: was it you that did this to me last time too?
20:46 <+xand> did what :(
20:46 < Apachez> https://news.bitcoin.com/wp-content/uploads/2016/05/KnCMinerDataCenter-1.jpg
20:47 <+catphish> oh, this is the second time in recent weeks i've used the word isle incorrectly
20:47 <+catphish> someone corrected me last time too
20:47 < Apachez> https://www.va.se/globalassets/bilder/foretag/kncminer-kncminer.jpg?width=1100&height=600&mode=crop&
20:47 <+xand> I suppose you could have an island of racks
20:47 < Apachez> looks like hot-cold cold-hot hot-cold cold-hot to me
20:47 < Apachez> and then you push the airvent from the side
20:47 <+xand> you wouldn't put racks all the same way round Apachez
20:47 <+xand> :X
20:48 < Apachez> xand: ?
20:48 <+catphish> Apachez: it's like this: https://cdn.ttgtmedia.com/digitalguide/images/Misc/jb_sdc_4.jpg
20:48 < Apachez> xand: well thats what I said, having hot-cold hot-cold hot-cold is a very bad idea
20:48 <+xand> who does that?
20:48 < Apachez> xand: because the last row would then on its cold side have very hot inlet air
20:48 <+catphish> each rack is 180 degrees to the last one
20:48 < Apachez> xand: catphish seems like it
20:48 <+xand> ...
20:48 <+xand> nope
20:49 < Apachez> catphish: you dont have any lame perforated tiles here, just looks at the pics =)
20:49 < Apachez> its a concrete floor
20:49 < Apachez> former helicopter hangars
20:49 <+xand> look at my awesome rack https://pbs.twimg.com/media/DesGK-HWsAA1Wgv.jpg:large
20:49 <+catphish> i really don't think that's relevant
20:49 < Apachez> https://medier.talentum.com/ponIltIpIv-1464608652/media/3ishr2-knc-miner-700-394-ny-teknik.jpg/alternates/FREE_640/knc-miner-700-394-ny-teknik.jpg
20:49 <+catphish> nice rack xand, if you know what i mean
20:49 < Apachez> another pic that shows that its hot-cold cold-hot hot-cold cold-hot
20:49 <+xand> 3D printed corners
20:50 <+catphish> Apachez: what?
20:50 <+catphish> that's just one aisle, it doesn't show anything
20:50 <+xand> I've not bothered actually putting anything in it yet :(
20:50 < Apachez> catphish: combine it with the other two pics and you will see
20:50 <+xand> the fans are facing each other
20:50 <+catphish> you have a cold aisle that faces the front of 2 rows, and a hot aisle that faces the back of 2 rows, it's not complicated!
20:50 <+catphish> and they alternate
20:51 < Apachez> omg you are thick
20:51 <+xand> stupid cryptocurrency :(
20:51 < Apachez> the hot-cold cold-hot is how it looks like when you looks at the rows from the side
20:51 < moriarty--> xand, stupid why :(
20:51 <+xand> massive waste of electricity
20:51 <+catphish> Apachez: why are you counting each aisle twice?
20:51 <+xand> and hardware
20:51 < Apachez> |hotside-coldside|  *here you can walk*  |coldside-hotside|  *here you can walk*  |hotside-coldside|  *here you can walk*  |coldside-hotside|  *here you can walk*
20:52 <+catphish> Apachez: that's correct
20:52 <+xand> #latestagecapitalism
20:52 <+catphish> the place you walk is calles an aisle
20:52 <+xand> yes
20:52 < moriarty--> xand, just like gaming is a waste of electricity? :)
20:52 <+xand> moriarty--: no
20:52 <+catphish> so it's hot aisle, cold aisle, hot aisle, cold aisle
20:52  * Apachez bitchslaps catphish 
20:52 <+catphish> Apachez: i think we agree, you're just describing it in a way that most people don't
20:52 <+xand> aisles you can walk down, separating the isles of racks :>
20:53 <+catphish> :D
20:53 <+catphish> xand: see, i learned how to spell it now!
20:54 < Apachez> https://pbs.twimg.com/media/CXU6AsqWkAEPmLY.jpg:large
20:55 < Apachez> xand: dont you walk up an aisle? ;)
20:55 <+xand> depends which way you walk
20:55 <+catphish> i did that when i got wedded
20:56 <+catphish> i walked a very short way up the isle of great britain
20:57 <+catphish> i suspect cold aisle containment is used in almost all data centres, not too many reasons not to
20:58 <+catphish> though i build a large server room once that uses per-rack heat extraction instead
20:58 <+xand> at my current/almost former work... we've been promised cold aisle containment for about 5 years
20:59 < Apachez> nowadays you also got those condensed aisles
20:59 < Apachez> where you isolate the hot side
20:59 < Apachez> and try to remove that
20:59 < Apachez> and the open air is the "cold" side
21:00 <+xand> yeah can also do hot aisle containment
21:00 <+xand> main thing is to separate them
21:00 < Apachez> how that knc place in boden looks like today https://www.youtube.com/watch?v=W43Vl8FeIfA&feature=youtu.be&t=8m52s
21:00 < Apachez> they went bankrupt (is that even possible when doing coins?) and genesismining is the new owner
21:00 <+catphish> i used these: https://cdn2.bigcommerce.com/server900/b18w/products/44379/images/57095/APC_COOLING_Door_Inside__06299.1435082126.500.750.jpg?c=2
21:01 <+catphish> they do hot aisle containment inside the rack and pipe air up into the ceiling
21:01 <+xand> that picture is ... what
21:02 <+catphish> it's a rear door for an apc rack
21:03 < Apachez> they seem in the above clip have reversed it
21:03 < Apachez> so the cold side is isolated
21:03 < Apachez> and hot aisle is open air
21:03 <+catphish> cold is normally the isolated one
21:05 < Apachez> I have seen both
21:06 < Apachez> the point of having "cold" as open air is that you can reach the servers and whatelse frontside easy
21:06 < Apachez> no need to squeeze into an isolated space
21:07 <+catphish> Apachez: i've never known a cold aisle to be cramped
21:08 <+xand> you need space at the front to pull servers out...
21:08 < mentayolo> hey there
21:08 < mentayolo> anybody got a nice hostname?
21:08 < AlexPortable> Changed the cable, but still RxBadPkt 2059
21:08 < AlexPortable> 2071
21:09 <+xand> mentayolo: what kind of question is what?
21:09 <+xand> *that
21:09 < mentayolo> was gonna set up a new machine tonight and wanted a cool hostname
21:10 < rewt> can't go wrong with google.com
21:10 < mentayolo> nah something unique man
21:11 < rewt> not.google.com
21:11 < mentayolo> not gonna joke but that would actually sound unique
21:12 < mentayolo> anyhow I meant like the user name
21:13 < mentayolo> anyway doesn't matter, nice to meet you guys, this is my first time on an IRC
21:14 <+catphish> attractive man in a hot aisle: https://i.imgur.com/B7nAxyF.jpg
21:14 <+xand> is it you?
21:14 <+catphish> i was looking for a cold aisle picture but couldn't find one
21:14 <+catphish> xand: in a manner of speaking, yes
21:15 <+xand> er?
21:15 <+catphish> but yes, it is
21:17 <+xand> I just spent 6500 on a train ticket :(
21:17 <+catphish> 6500 what?
21:17 <+catphish> pence?
21:18 < rewt> monetary units
21:18 <+xand> pounds :(
21:18 <+catphish> whathow?
21:18 <+xand> largest debit card transaction I've ever done
21:18 <+catphish> did you buy the train?
21:18 <+xand> that's a year
21:18 <+catphish> i bought a new car once with a 12,000 debit card transaction, that was fun
21:18 <+xand> season ticket
21:19 < AlexPortable> try paying it in cash
21:19 <+xand> they don't take cash on websites
21:19 <+catphish> xand: 125 a week? that's painful
21:19 < Tegu> not even if you throw money at screen?
21:19 <+catphish> where are you traveling?
21:19 < detha> xand: isn't bitcoin a form of cash?
21:19 <+catphish> only bitcoin cach
21:19 <+xand> cash is coins and notes
21:20 <+xand> london
21:20 < Tegu> also, how long distance is it? seems rather high even for a year
21:20 <+catphish> xand: thought it might be, got a new job lined up?
21:20 <+xand> yep :)
21:20 <+catphish> oh yeah i think you already told me
21:20 <+catphish> cool
21:20 <+xand> yes trains are a ripoff in the UK
21:20 <+xand> it's 50 miles or so
21:20 <+catphish> thats quite a long way i guess
21:21 <+xand> luckily most of that is on the fastest train in the country :P
21:21 <+catphish> i spend 50 a week on petrol, but that's only 17 miles (each way)
21:21 <+catphish> it would probably be cheaper if i didn't drive like a knob
21:21 <+xand> need to take two trains. the second one is free due to weird ticketing rules
21:22 <+catphish> handy
21:22 <+xand> st pancras -> blackfriars costs 0
21:22 <+xand> if you have a ticket to either
21:22 <+xand> or rather to london terminals
21:22 <+catphish> why not just get a ticket to where you want to go?
21:22 <+catphish> or is it cheaper to get the wrong ticket?
21:23 <+catphish> and abuse the free train
21:23 <+xand> you can't get a ticket specifically to blackfriars
21:23 <+catphish> how odd
21:23 <+xand> AFAIK
21:23 <+catphish> i thought you could buy a ticket to anywhere
21:23 <+xand> most big london stations are grouped together
21:24 <+catphish> weird
21:24 <+xand> catphish: apparently you can buy a ticket to there but not from here
21:25 <+xand> or if you could, it would cost more
21:25 <+catphish> i see
21:25 <+catphish> i discovered once there are some places you're not supposed to buy tickets
21:25 <+xand> oh?
21:26 <+catphish> i once tried to buy a ticket inside clapham junction from clapham junction
21:27 <+catphish> they looked at me like i was an alien and asked where i'd come from
21:27 <+xand> er
21:27 <+xand> inside the barriers?
21:27 <+catphish> yes
21:27 <+catphish> i guess normally if you're changing you already have a ticket to your final destination
21:27 <+catphish> but for some reason i didn't
21:28 <+xand> I thought those ticket places were for if you were naughty and hadn't bought one
21:28 <+catphish> i bought a ticket to clapham junction and figured i'd decide what to do once i got there
21:28 <+xand> right
21:28 < d3fragg3d> so anyone used mpd before? I am on linux and I have mpd working on a machine, then on th client machine I can connect to mpd via telnet, however when I try to connect via ncmpcpp it syas connection refused. Was looking for some advice, been googling and trying to fix this for a couple of days now
21:28 <+catphish> xand: i suspect that was the problem, they're used to people buying tickets half way through the journey
21:28 <+catphish> after failing to buy it earlier
21:28 < d3fragg3d> (not sure if this is a networking issue btw, so if I am too far offtopic, fair enough :))
21:29 <+catphish> took me a while to get the hang of london transport, but i love it now
21:29 <+catphish> especially with contactless it's magic
21:29 <+xand> I have just ordered an oyster card :X
21:30 <+catphish> why bother? just use a debit card
21:30 <+xand> because with my season ticket you get 1/3 off ... if you use an oyster card, not conctactless
21:30 <+catphish> oh ok
21:30 <+xand> which is a bit annoying
21:30 <+catphish> less messy on your bank statement too :)
21:32 < mentayolo> does the log file show anything
21:32 <+catphish> d3fragg3d: are you using an ip or a hostname?
21:32 <+catphish> d3fragg3d: make sure both are connecting to the same ip and port i guess
21:35 < d3fragg3d> catphish: yeah no worries, might actually be a client issue so I will just check that.
21:50 < tds> xand: I've had to do warwickshire -> cambridge before, it's horribly expensive for an open return at peak times since you have to go via london :/
21:51 < tds> yeah, just looked, £216
22:07 < d3fragg3d> yeah it was a client issue, curious, I have openVPN running, however I want to try out mpds tcp pulse audio option, firstly how well do you think this will work over openvpn? and secondly, at the moment the server is not aware of the clients (via openvpn) ip address (I cant see or ping it) how possible is it to connect to the client from the openvpn server? I need to be able to do that from the mpd
22:07 < d3fragg3d> config you see for this option, it needs an IP
22:12 < mentayolo>  
22:27 < seven-eleven> is there only asynchronous ethernet or also synchronous in use?
22:28 < linux_probe> uhhhh
22:28  * linux_probe yawns and facepalms
22:28 < Apachez> there are various modifications
22:30 < seven-eleven> https://en.wikipedia.org/wiki/Synchronous_Ethernet
22:32 < seven-eleven> do you know if synchronous ethernet is used only in few scenarios, like mobile networks, or also in OTN?
22:33 < Apachez> OTN isnt really syncrhronous ethernet per se
22:33 < Apachez> but you got syncrhonous in phone world
22:33 < Apachez> SDH rings
22:33 < seven-eleven> yeaah, OTN should be able to be fed with everything?
22:34 < Apachez> and also timedivision in cellphone networks
22:36 < seven-eleven> yeah they do SyncE in OTN too https://ieeexplore.ieee.org/document/6419206/
--- Log closed Mon Jun 18 00:00:02 2018