lucky: i'll be ordering a new server in beginning of June, putting it together, and popping it online; i will have slots open up before then, most likely, and preorder@arpnetworks.com is your friend [6~ Opps fail :( RandalSchwartz: well, we all know perl sucks :p thems fightin words up_the_irons: aye, I sent an email there about a week ago up_the_irons: to which I received a reply this morning :) uhh.. I may have just fixed my issue with ccache on amd64. blame it on me installing 'minimal' and missing the lib32 libraries :( Hmm.. How would one easily manage nsd and/or outbound? If I, for example, want to put them in separate jails how do you mean manage? s/outbound/unbound/ cedwards: Zone files for nsd :) I guess there's not that much administration with unbound once you get it up and running i run bind in a jail at home... just point my client(s) to the jail IP, and ezjail-admin console jailname to get in and update things. Right But I thought it would be cool with some kind of interface for it :) nice. with my distcc/ccache setup (all P4 machines), my buildworld is down to about 4min and my buildkernel is under 1min Cool I'm still amazed that I have less ping to the vps over ipv6 than ipv4 routing is fun ;) hehe bob^^: The thing is I don't even have native ipv6 at home .D Got it through sixxs (Wich btw I think is awesome) yeah, i still haven't bothered with ipv6 at home either I can't get ipv6 (tunneled) at home because my router sucks. i think it's time to get a new one. cedwards: What connection do you have? dxtr: DSL at home. leasing the crappy router they had. I've got a wrt54gl flashed with Tomato if you wanna buy it :D dxtr: my ISP doesn't support ipv6 either, so I'd _have_ to tunnel, but I need a new router first. Ofcourse I live in Sweden. If you come get it in person I'll buy you a beer You'll the the router for $30, the trip might cost $1000 (+/- some).. But you'll save in $4 by getting a beer for free You'll get the* Sounds like a decent deal That's better than the deal JetBlue was offering! Vacation is priceless :D mike-burns: Hm? or perhaps you deliver it personally and I'll buy you a beer cedwards: Unfortunately I don't do home deliveries ... But if I did it would probably be the best home deliveries in the world dxtr: JetBlue was offering $10 plane tickets the other day. US-only I think, and no router or beer. mike-burns: well that sucks it sucks that I'm the only Swede here (And one of few europeans.. Or am I wrong?) I rarely meet people in my area on IRC. Would be awesome to go to Waynes, drink some coffee and IRC \o/ i'm in the UK but yeah, i think most in this channel are US-based I think I need more coffee i know plenty of swedes who use irc though - they're all over on quakenet :) Yeah, I know loads of swedes both on Quakenet and EFNet :p But Sweden is huge dxtr: and ircnet. Gah. I want a job! beh hrm wtf is my nickserv password. hunter2 is my guess heh. ohh. their DNS resolution isn't working ;) ? Say something fun one can do with a freebsd box and a openbsd box Preferrably connecting them together somehow :) use either as a network gateway and use pf to route to the second for a set of services in jails? Actually the openbsd is a router But with a little more capacity than my router needs Dual-core atom 330 1GB RAM 300GB hdd Etc, :P torrent seed box? :) I've thought the thought so to speak But that's not cool enough :P create your own private tracker? ..i dunno. I've got rtadvd, ntpd, unbound, nsd, dhcpd and an httpd running on it Oh yeah... rtorrent too :D i still need to try unbound/nsd. They are just plain awesome I can honestly say I don't regret throwing out bind :) By the way, what I'd like to do with the boxes are somehow distributing the resources (distcc would be awesome for my ports needs!) I setup ccache/distcc over the last two days. my builds are fast now. Cool :) which reminds me I need to submit my port for ccache-3.0pre1. Oh yeah, cedwards I'm having problems with openvpn. I'm guessing it's a firewall problem. Do you have any experience with ip forwarding in freebsd? I've not used openvpn before.. another one on my list. do you have the net.ipv4.forward (or whatever) set to 1 in sysctl? net.inet.ip.forwarding = 1 And I've got a NAT rule in pf http://www.dxtr.cc/~dexter/pf.conf That's my pf rules tail the pflog while you try to connect to verify if it is a firewall issue.. Right :) I'll do that or tcpdump and make sure it is actually hitting the interface Yeah, I've tcpdumped I makes it from tun0 to em0 But stops there And I've pinged another server of mine, tcpdumped there and got nothing So the packets definitly gets lost at em0 Any ideas? I've got gateway_enable="YES" in rc.conf too - but that won't do anything until I reboot maybe you need to reboot YOu just have to run /etc/rc.d/routing to activate that thing. mike-burns: Right No luck :/ btw. pkg_cutleaves > * useful :D not seen pkg_cutleaves before It really helps you clean up when you delete packages. pf syntax is quite readable Hmm... STILL no luck Rebooted the vps (For several reason) What's funny is that I can't even access the ip addresses on em0 (Ping them that is) So... what could be the problem? :P freebsd? Yeah can you pastebin your /etc/rc.conf section? or if it's really short, just add it here? :) What section of it? :) the part related to em0 you said you're having problems with ping, right? or is it a pf problem? It's a pf and openvpn problem :P ahh yeah - I have openvpn and pf too So... How'd you do it? :D what have you tried? What haven't I tried? ... vpn_net = "10.77.77.0/24" ... nat on $ext_if from $vpn_net to any -> ($ext_if:0) ext_if = "em0" Yeah, I'm familiar with pf and nat that's the essentials nat on em0 from 10/8 to any -> dxtr.cc what is the meaning of "->" in pf? Thats how mine looks up_the_irons: It kinda means "read the man page" ;) it's just that part of the nat syntax it could probably be left out. mostly syntax sugar I think ok might be that you can put more things after "any" and it needs to know when you're done :) No, but seriously up_the_irons, I think '-> addr' generally means "translate to this address" dxtr: ok Massivel simplified, etc. Massively* I've never really given it a thought. It's so obvious to me I just cut-n-paste it so what's the problem? Does the link come up? RandalSchwartz: I can connnect, I can access the vpn server (10.9.8.1)... but that's it I can't access anything outside tun0 Holy shit I know what it is what does your openvpn conf have? heh always helps to describe it oops - he's gone must've worked :) Ok. I am total fail at CVS, yet I'm trying to submit a port update. I've downloaded the original tarball from cvsweb. what I need to do is create a cvs diff of the original and my version. any suggestions? (note: I've lightly used svn, but mostly used git, so cvs seems.. strange to me) heh if you can't see the other side of the vpn it means your routing and/or forwarding on the other side is fucked up. if he ever comes back he needs to post vpn configs as well as the pf config. Okay Got it working! :D what was the problem? erg! pebkac ;) I can't get this send-pr to go through because it's coming from username@hostname.domain.tld, and hostname isn't resolvable/valid. freakin' sendmail thinking of redoing my mail server. Right now I use qmail, dspam, and some rbls. Suggestions on software? (postfix, exim, dovecot, etc...) I'm looking for something well documented, simple, and good on spam :) I haven't gone down this road in a long time... postfix + dovecot + amavisd-new + postgrey I've set that up repeatedly now could even help out if you got stuck postfix is the state of the art in mail delivery all the right knobs, but mostly correct in defaults I setup a slick postfix + dovecot + postgresql + webmail + amavis + postgrey + rbl/xbl + strict postfix filtering +... yeah - I use zen rbl zen.spamhaus.org helps quite a bit, as does postgrey nice postgrey actually helps a ton. yup, until you can't get mail from a multi-outbound host :) so the whitelists unfortunately have to be applied to the big ones and those are also a big source of spam postgrey doesn't implement mapping, sadly just whitelist ok. I don't know how I'm supposed to submit this freebsd PR if I can't get stinking mail to work right :( I've seen others that say "if you see it from any of 3.4/16, that's the same as any other 3.4/16" is the PR about mail? :) if so, ho ho the irony RandalSchwartz: ha ha. it's a port update, but as I said it's showing it's coming from my unresolvable internal hostname so freebsd.org rejects it. ssh machine.that.is.properlyconfigured.net sendmail -t middlehost -> me who is middlehost? RandalSchwartz: Probably some firewall rules .) an egress mailer, for example for a large corp alright, so where's the problem? large corp sends you an email, you reject it. what they do with the bounce is their problem. right, and egressmailer then bounces it to... "From:" and the "From:" guy gets a blowback I don't want to blowback that's a problem with egressmailer though, not you. Yeah - but it's still Very Real I know, I get a lot of blowback like that keep in mind, I've been merlyn@stonehenge.com for almost two decades no doubt, but... still. You're (hypothetically) bouncing something correctly. Someone else is dropping the ball. so I'm in almost every list of "use these million names for fake from" they should fix that, it's no reason for you to cripple your setup. I'd rather just swallow the virus to each their own, I guess :) ok - then the equivalent is me doing post-queue it's exactly the same setup me doing post queue is exactly the same as mail coming through an egress mailer both can lead to blow back unless they are set to DISCARD there's no way around blowback er... that's true, but it's a misleading statement both can lead to blowback, but only one is actually your fault. fault isn't to be assigned here it's part of a larger system if you return spam, you risk blowback no matter at what level well it sort of is, otherwise reductio ad absurdum, I won't deliver to internet hosts because it might lead to blowback and as a victim of a lot of blowback, I won't be creating more of that fair enough. Hmm How would I do in openbsd to route certain IPs (eg 192.168.0.17/28) through a certain interface And route the rest through another? I know the Linux way. Not sure how similar it is.. route add, I think as in, it's part of the routing table route add 10/8 tun0 I think how well that works varies by OS. I know Solaris is a dick about routing subnets don't get me started on Slowlaris. I've got a guy at work who swears it was coded by the almighty himself. sudo route add -host 192.168.2.4 10.9.8.13 That didn't work And tun0 instead of 10.9.8.13 didn't work My problem is: I want to route some LAN clients through my openvpn interface maybe you want to rdr them? no - that decides based on outgoing you want nat, which rewrites it wait. what are you trying to do? if you want it to work, you'll need to nat them since the packet has to know where to return so the outbound IP better be your external IF this all gets so much simpler with v6 no more nat. thank gawd. :d So this isn't possible with ipv4? it is but you have to NAT Just nat it to tun0? Sounds reasonable well - I'm still not getting the topolgy can you draw it with "graphviz" for me? :) Sure. Hold on a minute :) RandalSchwartz: http://www.dxtr.cc/~dexter/pub/topology.png That's kinda what I want to achieve I have no idea what net numbers you want there, or why openvpn is in th emix or why uroboros has two ways to the internet or whether openvpn is running *on* uroboros, in which case, not sure how dir655 gets to it without talking to uroboros so I'd say, diagram, mostly fail :( anyway, gotta drive. see ya later haha, I couldn't come up with a good way to illustrate that I wanted just dir655 to go from uroboros through openvpn Alright :) layers, man... colored layers /me goes Yeah, right that graph is a nightmare ;) I think what you're trying to say is that you have a lan on 192.168.2.0/24, of which uroboros is the gateway and uroboros and bowser are linked by openvpn on 192.168.3.0/24? ... except inexplicably you have a second 192.168.3.0 behind dir655? jdoe: oh, you saw the second test graph I did :p But yeah, I wanna route 192.168.3.0/24 over openvpn I can't give any useful suggestions because your graph is crazy-confusing ;) Haha, yeah :D I've never done any real graphs before.. And I generally suck at making explanatory stuff (Is it called explanatory?) But in short: Uroboros is my router, bowser is my vps 192.168.3.0/24 is my wlan And I want to route 192.168.3.0/24 through tun0 in uroboros (openvpn) so what's 192.168.2? Those are my own stuff connected with a wire And there are no specific reasons for doing this - It's just educational ) :) there are some reasons not to though, I think having different subnets will fuck up broadcast traffic, for example. uh... sec, maybe my openvpn config can be of some assistance... In this situation I don't care that much for broadcast traffic between 192.168.2 and 192.168.3 http://pastebin.com/Cq0j8Wbp if you want it, copy it now because it expires in a day. I only have a single subnet at home, but what that does is openvpn server on 11.22.33.44 openvpn client running on my home gateway. gateway's ip is 10.200.0.1 (and as far as the tunnel is concerned, also 10.100.100.2) yeah when it's running, server is accessible from the lan as 10.100.100.1 and the entire lan is accessible from the server by their real ips. (10.200.0.whatever) jdoe: any particular reason why you have openvpn in /etc rather than /usr/local/etc? fink: because it's linux and that's where it goes on linux adjust paths for your os as necessary :) oh, sorry i thought you were bsd my vps is vpn endpoint is another machine, it and the gateway are debian. do you find that confusing , switching between setups/ no I admin linux, solaris, bsd and windows machines on a daily basis. you get used to it, I guess. And you make a habit of using things that are the same between oses ... like pkill and friends. <3 well, and it helps that I'm pretty new with Solaris, stops me from wading in over my head ;) hehe Well, I'm going to bed now hi, what should i do if the vnc details provided in my control panel do not actually work? tried with three different clients bill```: error? nothing, the remote just hangs up none of the three clients provided an error i can telnet to the host/port in question and am able to successfully establish a connection, but no dice when using an actual vnc client bill```: what is your VNC host and port 1 sec up_the_irons: kvr08.arpnetworks.com on port 6029 i had asked in a support ticket about this a few days ago, but no reply bill```: http://support.arpnetworks.com/faqs/vps/out-of-band-management bill```: note the "only one connection" part appears you have another connection open somewhere. given you've used three clients, this seems fitting :) yes, i had read about that before, but i had never initiated a vps connection the first time and it still failed so any infected host on the internet port scanning machines could in theory lock me out from using vnc on my own server? :-| bill```: right now it is hanging, which usually means it needs to drop whatever it is holding onto. I think I remember your support email, and I replied saying I connected fine :) bill```: no, the connection must actually be established. if they don't know your password, it cannot be established gotcha since it's been days, and you were the first person to successfully connect, shouldn't it have timed out by now? and he ran... bill```: I think there is a bug in the timeout. If the connection is not properly shutdown (you kill your VNC client instead of telling it to end the session), it may hang DaCa: so behind your OpenBSD spamd, what are you running as the MTA?