| ↑back Search ←Prev date Next date→ Show only urls | (Click on time to select a line by its url) |
| Who | What | When |
|---|---|---|
| *** | au has joined #arpnetworks | [00:08] |
| .... (idle for 17mn) | ||
| heavysixer has quit IRC (Read error: Connection reset by peer)
heavysixer has joined #arpnetworks ChanServ sets mode: +o heavysixer | [00:25] | |
| coobra has quit IRC (Ping timeout: 255 seconds)
coobra has joined #arpnetworks coobra has quit IRC (Changing host) coobra has joined #arpnetworks | [00:36] | |
| .... (idle for 17mn) | ||
| cubelogic has quit IRC (Remote host closed the connection) | [00:53] | |
| ........ (idle for 37mn) | ||
| ivan-kanis has joined #arpnetworks | [01:30] | |
| G | up_the_irons: really you want a phone book type icon | [01:39] |
| up_the_irons | i c
i chose "database_table" | [01:41] |
| G | up_the_irons: ha, that was going to be a suggestion | [01:41] |
| up_the_irons | haha | [01:42] |
| G | hmmm lets see how fast I can ruin my systems networking :P
on the other hand, it worked... hmmmm | [01:46] |
| .... (idle for 17mn) | ||
| *** | LT has joined #arpnetworks | [02:04] |
| ....................... (idle for 1h52mn) | ||
| Zuul | palaCios8 | [03:56] |
| ............................ (idle for 2h19mn) | ||
| *** | bharatak has joined #arpnetworks | [06:15] |
| .............. (idle for 1h5mn) | ||
| rgouveia has quit IRC (Ping timeout: 252 seconds)
rgouveia has joined #arpnetworks rgouveia has quit IRC (Changing host) rgouveia has joined #arpnetworks | [07:20] | |
| ....... (idle for 30mn) | ||
| fink has joined #arpnetworks | [07:50] | |
| ......... (idle for 41mn) | ||
| phrac has quit IRC (Quit: Lost terminal) | [08:31] | |
| tooth | since it's dns related, magic eightball would be perfect
(icon) | [08:37] |
| *** | fink has quit IRC (Quit: fink) | [08:44] |
| ............ (idle for 55mn) | ||
| HighJinx has quit IRC (Quit: Leaving)
heavysixer has quit IRC (Quit: heavysixer) | [09:39] | |
| cubelogic has joined #arpnetworks
robotarmy has joined #arpnetworks | [09:53] | |
| ..... (idle for 21mn) | ||
| LT has quit IRC (Quit: Leaving) | [10:17] | |
| jdoe | lol
re: last night and inetd.conf, that's kinda funny. I'm sure ftp-proxy gets used far more than echo/daytime do. | [10:23] |
| ix33 | i thought that
how is ftp-proxy handled now? isn't it magically in pf now or something | [10:28] |
| *** | heavysixer has joined #arpnetworks
ChanServ sets mode: +o heavysixer | [10:30] |
| HighJinx has joined #arpnetworks | [10:38] | |
| jpalmer | up_the_irons: page_white_edit | [10:45] |
| *** | ivan-kanis has quit IRC (Remote host closed the connection) | [10:57] |
| .... (idle for 18mn) | ||
| vcs_ | incompetant management are prob the only thing in my life that make me wana jump off a bridge | [11:15] |
| rgouveia | vcs_: bad software? :-) | [11:16] |
| vcs_ | no
they forgot to include 2 months of work in a bid till the deadline and then realized they needed it then supprise, i have to do it in 2 weeks lol fuck my life | [11:16] |
| mattx86 | that sucks | [11:21] |
| *** | bharatak has quit IRC (Quit: leaving) | [11:28] |
| ........ (idle for 37mn) | ||
| vcs_ | yep
welcome to programming i would not recomend it as a career path to anyone despite how fun the actual work is | [12:05] |
| Husky | code monkey think maybe managre want to write goddamn login page himself | [12:06] |
| vcs_ | i dont expect my manager to do anything but plan/execute the project correctly
and providing me with proper documentation about what i am working on (before the project is due) also, when i have a deadline that is really close | [12:07] |
| Husky | its a song ok | [12:09] |
| vcs_ | they always love to take me off of it and put me on something else
then place the blame on me for missing it lol the worst kinds of managers expect the coders to effectively manage the project to do their management work for them | [12:09] |
| Husky | oh | [12:10] |
| *** | fink has joined #arpnetworks | [12:14] |
| mike-burns | I also don't recommend programming as a career path because then you would be competing with me for jobs. | [12:15] |
| vcs_ | haha
do you enjoy working 16 hour days 7 days a week? then the programming profession is for you! | [12:15] |
| jpalmer | mike-burns, the definition of modesty :P
actually, in re-reading that.. I probably took it a different way than it was meant :P jpalmer took it as "I'm the best, and you'd be competing with me" heh | [12:16] |
| mike-burns | Heh, and I definitely meant the opposite. | [12:17] |
| vcs_ | mike-burns: if i quit, you still have to face the biggest competition of all
offshoring :P until they quit, i think you are out of luck | [12:20] |
| mike-burns | Also my job seems to be very different from yours, vcs_ .
I work 40-hour weeks and don't have outsourcing as competition. | [12:21] |
| vcs_ | i do embedded development, linux drivers/apps, board bringup, stuff like that
lately ive been doing video muxing/demuxing | [12:22] |
| mattx86 | sounds interesting | [12:29] |
| vcs_ | it is awesome
the hours are not at least i am doing something i like though | [12:29] |
| mattx86 | that's true, that's always important | [12:30] |
| vcs_ | and at least i have a job
lol | [12:31] |
| mattx86 | yeah :)
hm.. got a few questions I'd like to ask you guys.. 1) is the anti-spam adequate on gmail/google apps free? 2) have you tried filing your taxes online and what do you think about it? heh | [12:33] |
| vcs_ | 1. most spam is filtered, its pretty adequate
2. my mom is a cpa :P | [12:36] |
| mattx86 | I'm trying to get a business going, selling stuff on ebay, so I'm trying to get by on very little money at the moment
vcs_: cool, and darn :) kinda funny. I filled out the state sales and use tax return with all zeros laziness got the better of me, so I haven't gotten things together to sell the first thing but on the other hand, I didn't understand most of that stuff, and I don't really have the money to pay someone that does :P | [12:36] |
| vcs_ | haha
i know the feeling | [12:40] |
| mattx86 | even right now I feel like I need to drink a gallon of coffee or something, but maybe that's a different feeling heh
of course I've been sleeping crazy weird hours lately | [12:41] |
| vcs_ | same here, im supposed to get to work at 9
but usually i walk in at 12 | [12:42] |
| mattx86 | today's my first 'regular day' in probably a week | [12:42] |
| vcs_ | but they can't fire me | [12:42] |
| mattx86 | at 12? sheesh :P | [12:42] |
| vcs_ | and my sleep schedule gets off working their crazy hours
so i dont feel guilty my subconscious does not allow me to wake up really without 6 hours of sleep | [12:42] |
| mattx86 | that's good enough for me | [12:43] |
| vcs_ | i dont even hear my alarm
there are limits of the human body | [12:43] |
| mattx86 | I totally get that | [12:43] |
| vcs_ | i dont feel guilty about it either and they cannot fire me because they can't replace me | [12:44] |
| mattx86 | it's like that one day I was at work for nearly 12 hours and had nothing to eat | [12:44] |
| vcs_ | yeah, i eat one meal a day
my schedule is so off | [12:44] |
| mattx86 | but I guess I had to learn the hard way I need to be more vocal
boss should have known, but there you go | [12:44] |
| vcs_ | problem is i am the only one in the company who can do alot of administration stuff, as well as anything linux/unix related | [12:45] |
| mattx86 | on one hand, I wish I had your job, and on the other, I see it as a repeat of the same crap I went through | [12:46] |
| vcs_ | lol
eventually i will have a good idea and work from home :P | [12:46] |
| mattx86 | not that I know how to program linux drivers and what not :) | [12:46] |
| vcs_ | one fine day
but until then | [12:46] |
| mattx86 | that's sort of my goal too | [12:47] |
| vcs_ | if i had a huge reserve of money
i would just work on OSS projects all day | [12:47] |
| mattx86 | same here | [12:47] |
| btw, if you ever want to consider partnering up or anything, I'm good at general system administration, networking, PHP/MySQL.. I've setup DNS, mail, web, and asterisk servers. wireless access points, routers, switches, QoS, and I dabble in C from time to time
or if anyone is looking to fill a position, I'm 100% available | [12:53] | |
| jpalmer | mattx86: I use gapps free, and think the spam filtering is great. as for taxes, a decent accountant is worth their weight in gold. seriously, if you're a small time operation (which, most are at first) you can likely have your taxes done for a very reasonable cost. as you get bigger, their services can grow with you.
mattx86: where are you located? the company I work for is looking for linux savvy people. mattx86: you have .0387994 seconds to respond! lol | [12:54] |
| mattx86 | jpalmer: well, I'm thinking/hoping that atleast my state sales and use tax return is good the way I filled it out, but I'll definitely being filing with H&R block or similar next year. I was wondering about filing my personal pre-sole-proprietor federal tax return online soon
jpalmer: lol sorry :) jpalmer: I'm in north-west TN, Union City to be exact | [12:57] |
| ix33 | mattx86: where do you live?
oops stupid i have to read farther | [12:58] |
| jpalmer | mattx86: I'm not sure if remote is OK or not. I could find out, but if you're interested, shoot me a /msg. we use DNS, web, mail, freeswitch (rather than asterisk), and deal with wifi, and general networking extensively. | [12:58] |
| mattx86 | currently, I'm packaging open source software for Alpine Linux, writing documentation for them, and attempting to start a business selling computer products on ebay
ix33: Union City, TN, USA | [12:58] |
| jpalmer | (We're in florida, about 100 miles south of tampa) | [12:59] |
| ix33 | mattx86: live near a big airport? (memphis i assume?) | [12:59] |
| mattx86 | jpalmer: you know what, I have a cousin and other family in florida.. I could perhaps move | [12:59] |
| *** | robotarmy has quit IRC (Read error: Connection reset by peer) | [13:00] |
| jpalmer | mattx86: shoot me a /msg, seriously. | [13:00] |
| mattx86 | jpalmer: awesome, will do
ix33: kinda.. memphis is a 2-hour drive from here | [13:00] |
| *** | robotarmy has joined #arpnetworks | [13:00] |
| mattx86 | ix33: brother uses it when it comes in from japan and what not
he's ok btw | [13:00] |
| ix33 | glad to hear it | [13:01] |
| jpalmer | yikes, brother in japan? hope you've contacted him in the last couple days. | [13:01] |
| ix33 | hope he lives in s/w japan... | [13:01] |
| jpalmer | thats good to hear. you answered before I said it ;) | [13:01] |
| mattx86 | yeah, he lives in Nagoya, where he said it was a 4.0 there.. office shook pretty good, but didn't come down on them or anything
said nothing in his appartment seems to have moved even an inch, but still feels the aftershocks there | [13:02] |
| ix33 | mattx86: hope you find a spot. i can never find good people when we have a position open. | [13:04] |
| mattx86 | ix33: me too | [13:04] |
| *** | robotarmy has quit IRC (Remote host closed the connection)
robotarmy has joined #arpnetworks schmir has joined #arpnetworks | [13:05] |
| ..... (idle for 23mn) | ||
| RandalSchwartz | hmm. I have a directory that contains enough entries that it's 2.5GB long
mistake on my part... just want to delete it recursively now I wonder what the easiest way is find BAD -ls -delete # seems like one way | [13:31] |
| *** | schmir has quit IRC (Ping timeout: 252 seconds) | [13:32] |
| jpalmer | jpalmer ponders tricking up_the_irons into sending me a server, and claiming I'll be the florida leg of ARP :P | [13:32] |
| jpalmer could use some modernish hardware in the home lab :P I'm currently sitting on HP DL380's (G4) which can't do 64bit guests. | [13:37] | |
| *** | schmir has joined #arpnetworks | [13:38] |
| mattx86 | :) | [13:41] |
| up_the_irons | jpalmer: do you do any data center work down in florida? | [13:46] |
| jpalmer | up_the_irons: not much these days, but I was joking :P I was going to steal the server and use it in my home lab. heh | [13:47] |
| up_the_irons | jpalmer: LOL | [13:47] |
| jpalmer | up_the_irons: I used to do a fair amount, a couple years ago | [13:47] |
| up_the_irons | gotcha | [13:47] |
| jpalmer | at one point, I was going to try and start a business similar to ARP, but using vmware ESX/ESXi, and allowing people to have as many VM's as they wanted within their assigned resource pool. | [13:48] |
| up_the_irons | ah cool | [13:48] |
| RandalSchwartz | up_the_irons - my task for two weekends from now is to bring up v6 for all of neil's machines
I remember there's two ways to get the routes to work... the easy way, and the way I'm doing it. :) | [14:00] |
| jpalmer | heh | [14:00] |
| RandalSchwartz | would it be useful for me to use rtadvd?
and would that let me route to a /48 on my laptop? or maybe a /64 from my allocation? or will I always need a static default route for my v6, like with v4? | [14:00] |
| up_the_irons | RandalSchwartz: cool
RandalSchwartz: we don't run rtadvd so i'm not sure if it would be useful to you | [14:02] |
| pilgrimd | You don't need RA's to route v6, it just provides automated configuration of them. | [14:03] |
| up_the_irons | if you want to control your own routing, then what you want is for us to route your /48 over a link-local address, then you can further route from there | [14:03] |
| RandalSchwartz | I think that's what I'm doing on red.
but it was the ugly fe80::[mac addr] not a nice fe80::1 yeah - /^rootbeer@red.stonehenge.com$/ DUNNO oops yeah - ipv6_defaultrouter=fe80::5054:ff:fe27:9007%em0 bad paste sorry so do I just put in a support@ to enable fe80::2 routing on all three of those boxes? and then I point my default route at fe80::1 and another thing... it looks like squeak.org will be moving, probably to an ARP box I was touting the advantages in the board call today | [14:04] |
| up_the_irons | oh sweet :)
RandalSchwartz: are all three boxes under the same account? (and thus, same VLAN) | [14:12] |
| RandalSchwartz | yeah, all under insightcruises.com
but they're on different kvm's dunno if that matters. | [14:12] |
| up_the_irons | doesn't matter | [14:13] |
| RandalSchwartz | they all have nearby ipv4 addresses
but separate v6 assignments, I thought could be wrong :) | [14:14] |
| up_the_irons | RandalSchwartz: so this is how it works -- the /48 can be routed to only one next-hop (naturally), so you have to pick a VM that will act as a router for the other two. obviously, if this VM goes down, then the other two lose connectivity. Generally speaking, this is another reason why routing over link-local is not the default option, and only for those comfortable with this fact :)
RandalSchwartz: if they are under the same account, they'll share the /48 i've never given more than one /48 to a VLAN (was never justified) | [14:15] |
| RandalSchwartz | sure
it's already 65536 x the size of the current v4 space :) no wait... even bigger the numbers just keep staggering me :) | [14:15] |
| pilgrimd | At some point you just end up sounding like Carl Sagan. | [14:16] |
| RandalSchwartz | a single /48 is big enough for 65536 segments, all using autoconfig
wait - does that mean link locals for all my boxes see each other? | [14:17] |
| pilgrimd | RandalSchwartz: Only if you don't want to do routing, which I think you'll pretty much have to do in this case. | [14:18] |
| RandalSchwartz | if I carve off a separate /64 for each of the boxes, can I route through the virtual router?
as in, can I treat them as all being on individual segments within my "organization"? | [14:19] |
| up_the_irons | RandalSchwartz: yes, link-local's should all see each other. they are on the same /64 | [14:20] |
| RandalSchwartz | then your router would just need to add all three routes.
Hmm. this must be a solved problem. | [14:20] |
| up_the_irons | RandalSchwartz: but a route can only have one next-hop, unless you're doing some round-robin failover (and the other side needs to support it) | [14:21] |
| RandalSchwartz | I don't like the idea of having a specific box | [14:21] |
| up_the_irons | brb phone | [14:21] |
| RandalSchwartz | maybe that means ARP should be running rtadvd and pick up the routes automatically
I'm told that "just works" most of the time | [14:22] |
| pilgrimd | That might get kind of messy with VPSes, sicne you'd have to do different RA's for each VPS. | [14:23] |
| toddf | rtadvd tends to work with /64 best
pilgrimd: messy? its dead simple. one rtadvd, no conf necessary, using the /64 on the vlan for the allocation and the vps's link local address for the 64bit euid if one wishes one's vps to have a specific link local address, then one only needs to do something akin to 'inet6 fe80::dead:beef' in e.g. openbsd's hostname.em0 file at the top | [14:24] |
| pilgrimd | toddf: Oh ok, I'm not familiar with how your hosts do up the networking. | [14:25] |
| up_the_irons | RandalSchwartz: that "just works" with one route (usually a /64), but if you want to further subnet a route (say a /48), then _something_ has to be the next-hop router, and _that_ box does the further subnetting. think about it like in IPv4 and /30's. A /30 between two routers, then the upstream routes all block(s) to the downstream over the /30. the downstream /30 is still _one_ machine.
if you require failover, that is usually when bgp or ospf come in the picture | [14:25] |
| toddf | pilgrimd: this is not how my hosts do networking this is how rtadvd/rtsol interact. period.
up_the_irons: but there is only one 'router' per address family on a given vlan, right? toddf has setup rtadvd to run on a carp(4) interface before, but it requires pinging the default gateway before using it to get to remote subnets, bleh | [14:25] |
| up_the_irons | brb | [14:30] |
| toddf | toddf is used to failover meaining carp(4) but should look into ospfd/ospf6d some year | [14:34] |
| ...... (idle for 29mn) | ||
| up_the_irons | toddf: yes, only one router per address family | [15:03] |
| ........ (idle for 37mn) | ||
| *** | schmir has quit IRC (Remote host closed the connection) | [15:40] |
| .... (idle for 18mn) | ||
| bob__ is now known as bob^^ | [15:58] | |
| ...... (idle for 25mn) | ||
| robotarmy has quit IRC (Remote host closed the connection) | [16:23] | |
| .... (idle for 19mn) | ||
| schmir has joined #arpnetworks
schmir has quit IRC (Remote host closed the connection) | [16:42] | |
| ...... (idle for 25mn) | ||
| fink has quit IRC (Quit: fink) | [17:09] | |
| ....... (idle for 31mn) | ||
| fink has joined #arpnetworks
fink has quit IRC (Client Quit) | [17:40] | |
| ............. (idle for 1h4mn) | ||
| robotarmy has joined #arpnetworks | [18:44] | |
| unix_usr has joined #arpnetworks | [18:52] | |
| unix_usr | hey all
anyone know if there's any upstream network issue which would prevent running openvpn as a server to have client connect in and get a private IP ? | [18:52] |
| *** | HighJinx has quit IRC (Read error: Operation timed out) | [18:53] |
| jpalmer | unix_usr: poenvpn works on my vps | [18:54] |
| unix_usr | I get connection, but no ping :S
jpalmer - what's your server config like ? | [18:54] |
| jpalmer | basic openvpn server, nothing fancy. | [18:55] |
| unix_usr | I basically want client _X_ to dial into openvpn running as server on my VPS, get an 10.X ip address, and have my VPS be able to connect back to that client using that 10.X ip ... | [18:55] |
| jpalmer | sounds pretty straightforward. in answer to your question, no there is nothing on the ARPnetworks side that will prevent that from occuring | [18:56] |
| unix_usr | :S .... something in my vps perhaps .... | [18:56] |
| jpalmer | possibly. the guys in #openvpn are pretty good, maybe they can help? | [18:57] |
| unix_usr | I have a dedicated static IP here at home - run a small server from using FreeBSD 8.1 - copied config file and it just works ... put same config/certs on VPS box - no go....
connects fine and all, just no ping | [18:57] |
| Husky | using non standard port? | [18:57] |
| RandalSchwartz | how are you mapping from your public IP to your openvpn range?
or are you just tryhing to get to it from 10.x ? | [19:03] |
| unix_usr | randal - I'm basically trying to get access to the client, from the vps
so client 'dials' in - gets 10.10.8.6 - VPS routes from 10.10.8.1 | [19:04] |
| RandalSchwartz | can you ping the IP from the VPS? | [19:04] |
| unix_usr | I want a CGI script on the VPS then, to pull data from 10.10.8.6
the client is behind NAT - | [19:04] |
| jpalmer | unix_usr: the network that the client is on, does it happen to also use the 10.10.x.x subnet? | [19:05] |
| RandalSchwartz | yeah, maybe you have route conflicts | [19:05] |
| unix_usr | no - client is on a 172.24.x network | [19:05] |
| RandalSchwartz | that's why I use 10.77/16, unlikely to conflict :) | [19:05] |
| unix_usr | if I copy the openvpn.conf file + certs from VPS -> my server here at home, then tell the client to connect to my home as remote site - works 100% | [19:06] |
| jpalmer | unix_usr: I'd suggest starting client and server in debug mode, and see what (if any) errors show | [19:06] |
| unix_usr | nothing that makes sense to me :$
whole bunch of RwrW ... | [19:06] |
| RandalSchwartz | are you pushign a route to your client? | [19:07] |
| unix_usr | once conenction establishes, I get RwRw when I ping (server spits out r's and w's) | [19:07] |
| RandalSchwartz | as in, is it sending all traffic up to the openvpn? | [19:07] |
| unix_usr | yes - pushing two routes to client
no - not all.... | [19:07] |
| RandalSchwartz | RandalSchwartz waits for more explanation | [19:07] |
| unix_usr | one sec...
entire client config: client dev tun proto tcp remote my-server-2 1194 resolv-retry infinite nobind user nobody group nobody persist-key persist-tun ca ca.crt cert dakkota.crt key dakkota.key cipher BF-CBC where my-server == my actual server hostname | [19:09] |
| RandalSchwartz | yeah - where's the route push?
if the client virtual address is 10.10.8.6, how does he know how to get to 10.10.8.1 ? | [19:11] |
| unix_usr | netstat -rn: | [19:12] |
| RandalSchwartz | or anything else on that box
since the processes are likely to use the "primary" box address very likely a public addr so they connect from 123.45.6.7 | [19:12] |
| unix_usr | has route for 10.10.8.0/24 | [19:13] |
| RandalSchwartz | how will 10.10.8.6 know how to route back?
you need to push a route for all local nets at least | [19:13] |
| unix_usr | that route exists | [19:13] |
| RandalSchwartz | on the client?
symmetric? | [19:13] |
| unix_usr | 10.10.8.0/24 via gateway 10.10.8.5
on the client | [19:14] |
| RandalSchwartz | and...
how to get to 123.45.6.7 ? | [19:14] |
| unix_usr | uses it's default route .... | [19:14] |
| RandalSchwartz | or whatever your "major" address is for the box
and you permit that in through the outer firewall? as in, you have a loosey goosey firewall? | [19:14] |
| unix_usr | right now firewall == open
this is new VPS ... not 'production' | [19:14] |
| RandalSchwartz | yeah, this is too much to diagnose remotely sorry
too many variables | [19:15] |
| unix_usr | thanks though :$ | [19:15] |
| RandalSchwartz | I'm guessing you have a routing problem
can you ping your client from your VPS? | [19:15] |
| unix_usr | nope | [19:15] |
| RandalSchwartz | that's the first thing to solve
it's either a route problem at the VPS (check there) or a openvpn issue I bet the server's 10.10.8.1 isn't /24 | [19:16] |
| unix_usr | I can run the EXACT server config, from a different machine (not VPS @ arpnetworks, but FreeBSD 8.1 at home with public static IP) - no change to config except listen address ... works fine | [19:16] |
| RandalSchwartz | stop telling me "it works somewhere else"
that's irrlevant | [19:16] |
| unix_usr | server doesn't have local config - openvpn is adding that | [19:17] |
| RandalSchwartz | you need to look at THIS box and how THIS is set up
yes - is openvpn adding the right route? | [19:17] |
| unix_usr | I am not manually configuring 10.10.8.x anywhere | [19:17] |
| RandalSchwartz | ifconfig the openvpn interface
make sure it's /24 | [19:17] |
| unix_usr | one sec...
will bring back up client / server and take a look at routing tables.... | [19:17] |
| RandalSchwartz | if not, it won't hear the 10.10.8.5 traffic
wait... there should be a route netstat -rn better have a route to 10.10.8/24 via the interface for openvpn (tun0 for me) | [19:17] |
| *** | cubelogic has quit IRC (Ping timeout: 255 seconds) | [19:22] |
| up_the_irons | bah, having trouble getting powerdns to axfr to the authoritative servers (BIND/named). i guess that is what i get for using BIND | [19:23] |
| unix_usr | tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500
options=80000<LINKSTATE> inet 10.10.8.6 --> 10.10.8.5 netmask 0xffffffff Opened by PID 56630 and netstat -rn: 10.10.8.0/24 gateway 10.10.8.5 can't ping 10.10.8.5 nor 10.10.8.1 from client from server, cannot ping 10.10.8.5 / 10.10.8.6 | [19:23] |
| RandalSchwartz | if you can't ping 10.10.8.6, openvpn is broken | [19:26] |
| unix_usr | server showing: 10.10.8.0/24 10.10.8.2 | [19:26] |
| RandalSchwartz | you should check its error log
oh - that's weirder it thinks it needs to go to 10.10.8.2 not .5 | [19:26] |
| unix_usr | server shows: tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500
options=80000<LINKSTATE> inet6 fe80::6025:ea39:563a:251a%tun0 prefixlen 64 scopeid 0x4 inet 10.10.8.1 --> 10.10.8.2 netmask 0xffffffff nd6 options=3<PERFORMNUD,ACCEPT_RTADV> Opened by PID 65677 server can't ping 10.10.8.2, but can ping 10.10.8.1 so on both server and client, they can ping their half of the tunnel, but not the remote only thing that sticks out in the logfile: Need IPv6 code in mroute_extract_addr_from_packet | [19:26] |
| RandalSchwartz | their half but not the remote - could be either routes or openvpn not up
client side route look ok? | [19:32] |
| unix_usr | yes | [19:33] |
| RandalSchwartz | server side route? | [19:33] |
| unix_usr | just changed subnet - try a different one "in case" ...
now have server 10.77.8.1 --> 10.77.8.2, route 10.77.8.0/24 10.77.8.2 client: 10.77.8.6 --> 10.77.8.5, route 10.77.8.0/24 via 10.77.8.5 | [19:33] |
| RandalSchwartz | that doesn't make sense
they shouldn't have different IPs they should be symmetric server 8.1 -> 8.2 client 8.2 -> 8.1 that'll certainly break things | [19:36] |
| unix_usr | openvpn puts them into /30 - 4 IP apart
not sure how to change that :$ I'm going off of the how-to on openvpn.net .... lol - I'm a programmer damnit, not a network tech! :( | [19:37] |
| RandalSchwartz | well - if the two ends of your tunnel have different address ideas, that'll certainly not work. :)
oh - hmm. maybe that is the right thing right... because server needs to push all 10.77.8 traffic into openvpn | [19:39] |
| unix_usr | like I said - something network-sided... pretty sure it's not a config issue :S
only real diff I have between home and VPS is the firewall... VPS has pf, home is using ipfw but both have 'allow everything via everything' rules right now... pass in all flags S/SA keep state pass out all flags S/SA keep state | [19:42] |
| going to revert back to IPFW instead of PF - see if maybe something wacky going on there... | [19:51] | |
| .... (idle for 15mn) | ||
| RandalSchwartz | you *do* have ip-forwarding on VPS, right?
... gateway_enable=YES ... http://www.isgsp.net/freebsd/freebsd-openvpn.html ... sysctl -a |grep net.inet.ip.f | [20:06] |
| unix_usr | sysctl net.inet.ip.forwarding = 1 on both ends | [20:11] |
| jpalmer | unix_usr: to get rid of the /30, use topology subnet | [20:12] |
| unix_usr | ? | [20:12] |
| jpalmer | the /30 default, is to work around some windows networking issues.
02:38:37 <unix_usr> openvpn puts them into /30 - 4 IP apart 02:38:49 <unix_usr> not sure how to change that :$ | [20:12] |
| unix_usr | yes I know - found that reading somewhere ... but couldn't figure out how to undo it :S | [20:13] |
| jpalmer | to change it: topology subnet | [20:13] |
| unix_usr | link is up
ifconfig server = 10.10.8.1 / client = 10.10.8.2 both have route via their local if to 10.10.8.0/24 both can ping their local IP - neither can ping the remote :( | [20:16] |
| *** | HighJinx has joined #arpnetworks | [20:20] |
| unix_usr | can even connect a second client ...
which gets 10.10.8.3 but still not able to ping :S if I make client2 == server, then client1 and server (now == client2) - all conenct fine | [20:20] |
| RandalSchwartz | unix_usr - did you add "topology subnet"?
actually - I don't have that I do have "server 10.77.77.0 255.255.255.0" though | [20:27] |
| unix_usr | tried topology subnet ...
still no-go I have clientA + clientB + VPS I swapped configs, making clientB = server, connecting to it from clientA + VPS works fine in that direction :S so VPS can connect as a client to another machine using same config, but cannot act as a server :S really weird ... | [20:28] |
| RandalSchwartz | all I can say at this point is "works for me"
you're using client certs right | [20:30] |
| unix_usr | ping / connect / etc fine when VPS = client, home=server ... but no-go if I swap their configs and VPS=server, home=client | [20:30] |
| RandalSchwartz | are you looking at the logs from when your client tries to connect? | [20:30] |
| unix_usr | yeah - says connected...
get some annoying IPv6 warnings... but otherwise looks the same as I would expect :| | [20:30] |
| RandalSchwartz | where's your server config? | [20:31] |
| unix_usr | in: /usr/local/etc/openvpn/ | [20:31] |
| RandalSchwartz | yes, but where I can see it. :) | [20:31] |
| unix_usr | so is the clients | [20:31] |
| RandalSchwartz | you pasted client config | [20:32] |
| unix_usr | oh ... :S - not have it anywhere ... one sec... | [20:32] |
| RandalSchwartz | how about server.
wait - why proto tcp? that would... SUCK tcp over tcp. very bad openvpn *wants* to be over UDP in fact, that's one of its big wins is that it works nicely on UDP so you never get into tcp-over-tcp | [20:32] |
| unix_usr | UDP not play nice with client being behind NAT :( | [20:34] |
| RandalSchwartz | uh, say what? | [20:34] |
| unix_usr | local 206.xxx.xxx.xxx
proto tcp dev tun topology subnet | [20:34] |
| RandalSchwartz | works JUST FINE | [20:34] |
| unix_usr | ca ca.crt
cert server.crt key server.key # This file should be kept secret dh dh1024.pem server 10.10.8.0 255.255.255.0 ifconfig-pool-persist ipp.txt push "route 206.xxx.xxx.xxx 255.255.255.248" client-to-client ;duplicate-cn keepalive 10 90 cipher BF-CBC # Blowfish (default) ;comp-lzo max-clients 10 user nobody | [20:34] |
| RandalSchwartz | I'm behind NAT all the time
and UDP works JUST FINE all modern NAT are relatively stateful, even for UDP as long as the first packets are from the inside and you have keep-alive where's your cert lines? ... ca /usr/local/etc/openvpn/keys/ca.crt stuff like that oh, they're there maybe the paths need to be absolute did you look in the openvpn server log? | [20:34] |
| unix_usr | certs are ok
they are in /usr/local/etc/openvpn/ | [20:36] |
| RandalSchwartz | whoa... is your "push" line literal?
you didn't show it's a comment | [20:36] |
| unix_usr | the rc.d script locals to that dir first | [20:36] |
| RandalSchwartz | mine reads # push "route 192.168.0.0 255.255.255.0"
commented out | [20:36] |
| unix_usr | push line was masked...
not really 'xxx.xxx' | [20:37] |
| RandalSchwartz | try taking it out though | [20:37] |
| unix_usr | as was listen ip | [20:37] |
| RandalSchwartz | if you're only routing to 10.x | [20:37] |
| unix_usr | I did - no change | [20:37] |
| RandalSchwartz | where's "daemon"
mine has daemon in it | [20:37] |
| *** | robotarmy has quit IRC (Remote host closed the connection) | [20:38] |
| RandalSchwartz | oops... gotta go. | [20:38] |
| unix_usr | daemon is passed on command line from rc.d | [20:39] |
| RandalSchwartz | ok - I have mine in my file
RandalSchwartz wanders off | [20:39] |
| ...... (idle for 26mn) | ||
| unix_usr | Randal - took your sample... changed my subnet to 10.77.77.0 - works.
go figure. must be some use of the same subnet somewhere in arpnetworks.com :S | [21:06] |
| *** | unix_usr has left | [21:11] |
| .... (idle for 17mn) | ||
| Zuul_ has joined #arpnetworks
Zuul has quit IRC (Ping timeout: 276 seconds) | [21:28] | |
| unix_usr has joined #arpnetworks | [21:43] | |
| unix_usr | hey all - anyone from support here?
or anyone know how long a "reset to defaults" should take ? does it mean a complete re-stage ? | [21:43] |
| RandalSchwartz | and that's why I use a weird number. :)
have you also switched to UDP? | [21:46] |
| unix_usr | UDP a no-go...
10.77.77.0 also a no go I have two VPS w/ arpnetworks.... works fine on A, not on B both in same subnet, running same configuration .... thinking I messed with this one too much :$ but cdrom is no longer 'insertted' / attached either :( | [21:47] |
| RandalSchwartz | wait - I'm now confused
<unix_usr> Randal - took your sample... changed my subnet to 10.77.77.0 - - works. so why are you now saying "no go" | [21:49] |
| unix_usr | yeah - I was on wrong machine :|
lol - VPS A / VPS B both configured to have same hostname/etc ... mixed up my terminal windows :S VPS B is new - staging it to replace VPS A | [21:49] |
| *** | unix_usr has quit IRC (Quit: unix_usr) | [22:04] |
| ............ (idle for 55mn) | ||
| Jareth has quit IRC (Read error: Connection reset by peer) | [22:59] | |
| ....... (idle for 33mn) | ||
| heavysixer has quit IRC (Ping timeout: 264 seconds) | [23:32] | |
| heavysixer has joined #arpnetworks
ChanServ sets mode: +o heavysixer | [23:39] | |
| ↑back Search ←Prev date Next date→ Show only urls | (Click on time to select a line by its url) |