[09:57] *** RandalSchwartz has quit IRC (Quit: joining via adium because upgrading server)
[09:58] *** RandalSchwartz has joined #arpnetworks
[09:58] * RandalSchwartz waves at the channel
[10:02] <RandalSchwartz> looks like I can still get to my console… that's a good thing
[10:07] <RandalSchwartz> pkg upgrade done, rebooting
[10:09] <jbum> i could use some help if anyone's up
[10:09] <RandalSchwartz> what kind of help?
[10:10] <jbum> i did a release-upgrade yesterday. it installed a bunch of stuff and the rebooted.  after the reboot it took a loooong time to come back, and i thought it was dead, so i did a reboot via the console. now it's on the rescue mode installer main menu
[10:10] <RandalSchwartz> is that linux?
[10:10] <jbum> ubuntu
[10:10] <RandalSchwartz> yeah, sorry, I don't run linux anywhre
[10:10] <jbum> np thanks!
[10:13] <mkb> jbum: which sort of Linux
[10:14] <jbum> Ubuntu 14.04
[10:15] <mkb> I don't know anything about Ubuntu but if they're using grub2 there's all sorts of contortions the OS must do to get a new kernel to boot
[10:15] <mkb> see what the kernel list looks like at boot
[10:16] <mkb> if it is really busted your files are probably still there at least...
[10:19] <RandalSchwartz> alright!  distro updated to FreeBSD 9.3-RELEASE-p24
[10:20] <RandalSchwartz> only a few weeks after the CVE came out :)
[10:21] <RandalSchwartz> heading back to reboot my tmux + emacs + irc client
[10:21] *** RandalSchwartz has quit IRC (Quit: Leaving.)
[10:22] *** RandalSchwartz has joined #arpnetworks
[10:22] <RandalSchwartz> there we are.
[10:23] <mkb> does emacs + irc client mean erc?
[10:25] <RandalSchwartz> no
[10:25] <RandalSchwartz> irc.el
[10:25] <RandalSchwartz> older, but I know it better because I contributed to it
[10:25] <mkb> heh
[10:25] <RandalSchwartz> missing some modern features though
[11:45] <brycec> There's really not much "modern" to IRC though
[12:22] <RandalSchwartz> what's the simplest way of giving my laptop ipv6 using my arp v6 connectivity?
[12:23] <brycec> considering your laptop is mobile, probably OpenVPN
[12:23] <RandalSchwartz> ahh, that's right openvpn does v6 nw
[12:24] <brycec> since a gif tunnel would have you updating both sides whenever you changed external IP's. Plus gif would require external IP's on both sides.
[12:24] <brycec> That it does. I've used it extensively in fact - whenever I VPN to my home, I get an IPv6 address :D
[12:25] <brycec> From the OpenVPN side, it's as simple as adding the right server-ipv6 line to the server
[12:25] <brycec> (might be a route push too, can't recall its syntax though)
[12:30] <RandalSchwartz> what would Iuse for my v6 server address
[12:31] <RandalSchwartz> the /64 that's already routed to my box?
[12:31] <RandalSchwartz> inet6 2607:f2f8:3080:: prefixlen 64
[12:31] <RandalSchwartz> or should it be a part of the /48 that's not the /64?
[12:36] <RandalSchwartz> or wait... the whole /48 is routed to me, so I could use 2607:f2f8:3080:beef::/64, right?
[12:43] <brycec> Correct it will need to be a whole /64, slicked from a larger subnet
[12:43] <brycec> *sliced
[12:44] <RandalSchwartz> so like my second example?
[12:44] <brycec> Right
[12:45] <brycec> Incidentally, :beef: is the same subnet I use for my OpenVPN :D
[12:45] <brycec> push "route-ipv6 2000::/3"
[12:45] <BryceBot> That's what she said!!
[12:45] <brycec> BryceBot: no
[12:45] <BryceBot> Oh, okay... I'm sorry. 'push "route-ipv6 2000::/3"'
[12:45] <brycec> ^ That's the server line to default all ipv6 traffic over the openvpn connection
[12:46] <RandalSchwartz> Hmm.  missing a route
[12:47] <RandalSchwartz> oh - not just server-ipv6?
[12:47] <RandalSchwartz> need both lines?
[12:49] <RandalSchwartz> still don't have default v6 route
[12:50] <RandalSchwartz> yeah... it didn't add the route
[12:53] <brycec> Yes you need both lines
[12:53] <brycec> With those two lines, it "Just Works" for me. You might have client-side issues, maybe? OpenVPN's -v is your friend
[12:53] <RandalSchwartz> where does 2000::/3 come rom
[12:54] <RandalSchwartz> is that "all public routable"?
[12:54] <brycec> Yep
[12:54] <brycec> Aggregatable Global Unicast Addresses
[12:54] <RandalSchwartz> still not seeing that route
[12:54] <brycec> If you had ::0/0 that covers link-local traffic and the like. Some OS will still behave properly, others will not.
[12:55] <brycec> https://community.openvpn.net/openvpn/wiki/IPv6
[12:55] <brycec> guess you might need tun-ipv6 too
[12:55] <brycec> (which I have too, just forgot about)
[12:55] <RandalSchwartz> that's implied by server-ipv6
[12:55] <RandalSchwartz> as a push or a local?
[12:55] <RandalSchwartz> I'm getting the right /64 addrs
[12:56] <brycec> just local in my config
[12:58] <RandalSchwartz> do you have any of those rtadv things running?
[12:59] <brycec> For reference, this is my full openvpn server config http://sprunge.us/ZgER  (It's not exactly "bare-bones" so there's lots that doesn't apply to getting ipv6 working.)
[12:59] <brycec> I do, but they don't get routed over th vpn
[12:59] * brycec goes afk
[12:59] <RandalSchwartz> I figure at some point, I should be seeing a route to 2000::/3
[12:59] <RandalSchwartz> but not happening
[13:00] <brycec> RandalSchwartz: you should see in your openvpn client's verbose output (at least --verb 4) the parsing of information from the server, including pushed routes and addresses
[13:00] * brycec goes afk for real now
[13:01] <RandalSchwartz> Oh!  typo
[13:01] <RandalSchwartz> push "route-ipv6 2000://3"
[13:01] <RandalSchwartz> No buena
[13:03] <RandalSchwartz> Ok... with the typo fixed, I can ping my server, but nothing beyond
[13:03] <RandalSchwartz> do I need to add a default route on the server?
[13:04] <mnathani_> linux has ipv6 routing / forwarding setting
[13:04] <mnathani_> not sure about freebsd
[13:04] <RandalSchwartz> well - that's weird
[13:04] <RandalSchwartz> yeah - I have a default outbound route that says "here arp, go find 'em"
[13:04] <RandalSchwartz> via the link local
[13:05] <RandalSchwartz> maybe I need to advertise the new /64 somewhere?
[13:05] <RandalSchwartz> but I thought it automatically goes to me because of the /48
[13:13] <brycec> Yeah for inbound. Do you have your server setup for forwarding? Any firewalling blocking it? If you tcpdump on your external interface, do you see the ip6 traffic, indicating that everything I mentioned is working right and it's something else?
[13:14] <mnathani_> > /etc/rc.conf >> ipv6_router_enable="YES"
[13:15] <brycec> net.inet6.ip6.forwarding: 1, net.inet6.ip6.redirect: 1, etc
[13:15] <RandalSchwartz> ipv6_gateway_enable=YES
[13:16] <brycec> (I can't really help with configuring the server's OS as that get into specifics that I just don't know, sorry.)
[13:16] <RandalSchwartz> no parameter called router_enable
[13:16] <RandalSchwartz> so maybe arp isn't routing the whole /48 to me
[13:16] <brycec> (Remember mnathani_, RandalSchwartz is running 9.x)
[13:17] <brycec> RandalSchwartz: mtr shows that it is
[13:17] <RandalSchwartz> that would make sense
[13:17] <RandalSchwartz> hmm
[13:17] <RandalSchwartz> well... something isn't letting it bend the corner
[13:17] <brycec> But seriously, check with tcpdump, see whether any ip6 traffic is being routed out or not.
[13:17] <brycec> Double check that the tun interface for your server has the IP's assigned too. It should, openvpn usually does that automatically. But it's worth checking.
[13:18] <mnathani_> is your default gateway somthing like fe80::1 ?
[13:18] <RandalSchwartz> yeah - they all looked good on both sides
[13:18] <RandalSchwartz> yes
[13:18] <brycec> (Yeah of course it looked good on both sides - you said you could ping the server at least)
[13:18] <mnathani_> on the ARP server end
[13:18] <RandalSchwartz> yes - that would be one of the two sides. :)
[13:18] <brycec> If the arp end weren't configured right, then he'd have 0 traffic whatsoever
[13:19] <brycec> (0 ipv6 traffic, that is)
[13:19] <RandalSchwartz> anyway - this isn't an urgent need... I'm just working out how to upgrade my 8.x syntax to 9.x
[13:19] <mnathani_> I was sondering if this was still only the /64 rather than the entire /48
[13:20] <RandalSchwartz> and figured I'd also see if I could get the VPN to work
[13:20] <mnathani_> s/sond/wond
[13:20] <BryceBot> <mnathani_> I was wondering if this was still only the /64 rather than the entire /48
[13:20] <RandalSchwartz> I've got other things to do today... but thank you for the help already.
[13:20] <RandalSchwartz> you *did* prove that something in the /48 but not the /64 is routed right?
[13:21] <brycec> Right
[13:21] <RandalSchwartz> ok - so the real question is whether I'm routing outbound then
[13:21] <brycec> Bingo. Hence why I keep telling you to tcpdump :P
[13:22] <RandalSchwartz> yeah - I'll do that next time I get curious about this. :)
[13:22] <RandalSchwartz> that'd be dumping the fe80
[13:22] <brycec> I'd say "tcpdump -i em0 -nn network 2607:f2f8:3080:beef::/64" or so
[13:23] <brycec> Either you see the traffic leaving your box and you figure out why it's not routing correctly, check the addresses etc. Or it's not leaving your box and you have an internal configuration issue to sort out.
[14:19] *** DaCa has quit IRC (Quit: WeeChat 1.0)
[14:19] *** toeshred has quit IRC (Ping timeout: 272 seconds)
[14:19] *** DaCa has joined #arpnetworks
[14:58] *** toeshred has joined #arpnetworks
[21:36] *** mnathani_ has quit IRC (Read error: Connection reset by peer)
[21:58] *** mnathani_ has joined #arpnetworks
[22:16] *** mnathani_ has quit IRC (Read error: Connection reset by peer)
[22:35] *** mnathani_ has joined #arpnetworks
[23:04] *** jbum has quit IRC (Read error: Connection reset by peer)
[23:05] *** jbum has joined #arpnetworks