***: heavysixer has quit IRC (Read error: Connection reset by peer)
heavysixer has joined #arpnetworks
ChanServ sets mode: +o heavysixer
coobra has quit IRC (Ping timeout: 255 seconds)
coobra has joined #arpnetworks
coobra has quit IRC (Changing host)
coobra has joined #arpnetworks
cubelogic has quit IRC (Remote host closed the connection)
ivan-kanis has joined #arpnetworks
G: up_the_irons: really you want a phone book type icon
up_the_irons: i c
i chose "database_table"
G: up_the_irons: ha, that was going to be a suggestion
up_the_irons: haha
G: hmmm lets see how fast I can ruin my systems networking :P
on the other hand, it worked...
hmmmm
***: LT has joined #arpnetworks
Zuul: palaCios8
***: bharatak has joined #arpnetworks
rgouveia has quit IRC (Ping timeout: 252 seconds)
rgouveia has joined #arpnetworks
rgouveia has quit IRC (Changing host)
rgouveia has joined #arpnetworks
fink has joined #arpnetworks
phrac has quit IRC (Quit: Lost terminal)
tooth: since it's dns related, magic eightball would be perfect
(icon)
***: fink has quit IRC (Quit: fink)
HighJinx has quit IRC (Quit: Leaving)
heavysixer has quit IRC (Quit: heavysixer)
cubelogic has joined #arpnetworks
robotarmy has joined #arpnetworks
LT has quit IRC (Quit: Leaving)
jdoe: lol
re: last night and inetd.conf, that's kinda funny. I'm sure ftp-proxy gets used far more than echo/daytime do.
ix33: i thought that
how is ftp-proxy handled now?
isn't it magically in pf now or something
***: heavysixer has joined #arpnetworks
ChanServ sets mode: +o heavysixer
HighJinx has joined #arpnetworks
jpalmer: up_the_irons: page_white_edit
***: ivan-kanis has quit IRC (Remote host closed the connection)
vcs_: incompetant management are prob the only thing in my life that make me wana jump off a bridge
rgouveia: vcs_: bad software? :-)
vcs_: no
they forgot to include 2 months of work in a bid till the deadline
and then realized they needed it
then supprise, i have to do it in 2 weeks
lol
fuck my life
mattx86: that sucks
***: bharatak has quit IRC (Quit: leaving)
vcs_: yep
welcome to programming
i would not recomend it as a career path to anyone despite how fun the actual work is
Husky: code monkey think maybe managre want to write goddamn login page himself
vcs_: i dont expect my manager to do anything but plan/execute the project correctly
and providing me with proper documentation about what i am working on
(before the project is due)
also, when i have a deadline that is really close
Husky: its a song ok
vcs_: they always love to take me off of it and put me on something else
then place the blame on me
for missing it
lol
the worst kinds of managers expect the coders to effectively manage the project
to do their management work for them
Husky: oh
***: fink has joined #arpnetworks
mike-burns: I also don't recommend programming as a career path because then you would be competing with me for jobs.
vcs_: haha
do you enjoy working 16 hour days 7 days a week? then the programming profession is for you!
jpalmer: mike-burns, the definition of modesty :P
actually, in re-reading that.. I probably took it a different way than it was meant :P
-: jpalmer took it as "I'm the best, and you'd be competing with me" heh
mike-burns: Heh, and I definitely meant the opposite.
vcs_: mike-burns: if i quit, you still have to face the biggest competition of all
offshoring
:P
until they quit, i think you are out of luck
mike-burns: Also my job seems to be very different from yours, vcs_ .
I work 40-hour weeks and don't have outsourcing as competition.
vcs_: i do embedded development, linux drivers/apps, board bringup, stuff like that
lately ive been doing video muxing/demuxing
mattx86: sounds interesting
vcs_: it is awesome
the hours are not
at least i am doing something i like though
mattx86: that's true, that's always important
vcs_: and at least i have a job
lol
mattx86: yeah :)
hm.. got a few questions I'd like to ask you guys.. 1) is the anti-spam adequate on gmail/google apps free? 2) have you tried filing your taxes online and what do you think about it?
heh
vcs_: 1. most spam is filtered, its pretty adequate
2. my mom is a cpa :P
mattx86: I'm trying to get a business going, selling stuff on ebay, so I'm trying to get by on very little money at the moment
vcs_: cool, and darn :)
kinda funny. I filled out the state sales and use tax return with all zeros
laziness got the better of me, so I haven't gotten things together to sell the first thing
but on the other hand, I didn't understand most of that stuff, and I don't really have the money to pay someone that does :P
vcs_: haha
i know the feeling
mattx86: even right now I feel like I need to drink a gallon of coffee or something, but maybe that's a different feeling heh
of course I've been sleeping crazy weird hours lately
vcs_: same here, im supposed to get to work at 9
but usually i walk in at 12
mattx86: today's my first 'regular day' in probably a week
vcs_: but they can't fire me
mattx86: at 12? sheesh :P
vcs_: and my sleep schedule gets off working their crazy hours
so i dont feel guilty
my subconscious does not allow me to wake up really without 6 hours of sleep
mattx86: that's good enough for me
vcs_: i dont even hear my alarm
there are limits of the human body
mattx86: I totally get that
vcs_: i dont feel guilty about it either and they cannot fire me because they can't replace me
mattx86: it's like that one day I was at work for nearly 12 hours and had nothing to eat
vcs_: yeah, i eat one meal a day
my schedule is so off
mattx86: but I guess I had to learn the hard way I need to be more vocal
boss should have known, but there you go
vcs_: problem is i am the only one in the company who can do alot of administration stuff, as well as anything linux/unix related
mattx86: on one hand, I wish I had your job, and on the other, I see it as a repeat of the same crap I went through
vcs_: lol
eventually i will have a good idea
and work from home :P
mattx86: not that I know how to program linux drivers and what not :)
vcs_: one fine day
but until then
mattx86: that's sort of my goal too
vcs_: if i had a huge reserve of money
i would just work on OSS projects all day
mattx86: same here
btw, if you ever want to consider partnering up or anything, I'm good at general system administration, networking, PHP/MySQL.. I've setup DNS, mail, web, and asterisk servers. wireless access points, routers, switches, QoS, and I dabble in C from time to time
or if anyone is looking to fill a position, I'm 100% available
jpalmer: mattx86: I use gapps free, and think the spam filtering is great. as for taxes, a decent accountant is worth their weight in gold. seriously, if you're a small time operation (which, most are at first) you can likely have your taxes done for a very reasonable cost. as you get bigger, their services can grow with you.
mattx86: where are you located? the company I work for is looking for linux savvy people.
mattx86: you have .0387994 seconds to respond!
lol
mattx86: jpalmer: well, I'm thinking/hoping that atleast my state sales and use tax return is good the way I filled it out, but I'll definitely being filing with H&R block or similar next year. I was wondering about filing my personal pre-sole-proprietor federal tax return online soon
jpalmer: lol sorry :)
jpalmer: I'm in north-west TN, Union City to be exact
ix33: mattx86: where do you live?
oops stupid i have to read farther
jpalmer: mattx86: I'm not sure if remote is OK or not. I could find out, but if you're interested, shoot me a /msg. we use DNS, web, mail, freeswitch (rather than asterisk), and deal with wifi, and general networking extensively.
mattx86: currently, I'm packaging open source software for Alpine Linux, writing documentation for them, and attempting to start a business selling computer products on ebay
ix33: Union City, TN, USA
jpalmer: (We're in florida, about 100 miles south of tampa)
ix33: mattx86: live near a big airport? (memphis i assume?)
mattx86: jpalmer: you know what, I have a cousin and other family in florida.. I could perhaps move
***: robotarmy has quit IRC (Read error: Connection reset by peer)
jpalmer: mattx86: shoot me a /msg, seriously.
mattx86: jpalmer: awesome, will do
ix33: kinda.. memphis is a 2-hour drive from here
***: robotarmy has joined #arpnetworks
mattx86: ix33: brother uses it when it comes in from japan and what not
he's ok btw
ix33: glad to hear it
jpalmer: yikes, brother in japan? hope you've contacted him in the last couple days.
ix33: hope he lives in s/w japan...
jpalmer: thats good to hear. you answered before I said it ;)
mattx86: yeah, he lives in Nagoya, where he said it was a 4.0 there.. office shook pretty good, but didn't come down on them or anything
said nothing in his appartment seems to have moved even an inch, but still feels the aftershocks there
ix33: mattx86: hope you find a spot. i can never find good people when we have a position open.
mattx86: ix33: me too
***: robotarmy has quit IRC (Remote host closed the connection)
robotarmy has joined #arpnetworks
schmir has joined #arpnetworks
RandalSchwartz: hmm. I have a directory that contains enough entries that it's 2.5GB long
mistake on my part... just want to delete it recursively now
I wonder what the easiest way is
find BAD -ls -delete # seems like one way
***: schmir has quit IRC (Ping timeout: 252 seconds)
-: jpalmer ponders tricking up_the_irons into sending me a server, and claiming I'll be the florida leg of ARP :P
jpalmer could use some modernish hardware in the home lab :P I'm currently sitting on HP DL380's (G4) which can't do 64bit guests.
***: schmir has joined #arpnetworks
mattx86: :)
up_the_irons: jpalmer: do you do any data center work down in florida?
jpalmer: up_the_irons: not much these days, but I was joking :P I was going to steal the server and use it in my home lab. heh
up_the_irons: jpalmer: LOL
jpalmer: up_the_irons: I used to do a fair amount, a couple years ago
up_the_irons: gotcha
jpalmer: at one point, I was going to try and start a business similar to ARP, but using vmware ESX/ESXi, and allowing people to have as many VM's as they wanted within their assigned resource pool.
up_the_irons: ah cool
RandalSchwartz: up_the_irons - my task for two weekends from now is to bring up v6 for all of neil's machines
I remember there's two ways to get the routes to work... the easy way, and the way I'm doing it. :)
jpalmer: heh
RandalSchwartz: would it be useful for me to use rtadvd?
and would that let me route to a /48 on my laptop?
or maybe a /64 from my allocation?
or will I always need a static default route for my v6, like with v4?
up_the_irons: RandalSchwartz: cool
RandalSchwartz: we don't run rtadvd so i'm not sure if it would be useful to you
pilgrimd: You don't need RA's to route v6, it just provides automated configuration of them.
up_the_irons: if you want to control your own routing, then what you want is for us to route your /48 over a link-local address, then you can further route from there
RandalSchwartz: I think that's what I'm doing on red.
but it was the ugly fe80::[mac addr]
not a nice fe80::1
yeah - /^rootbeer@red.stonehenge.com$/ DUNNO
oops
yeah - ipv6_defaultrouter=fe80::5054:ff:fe27:9007%em0
bad paste sorry
so do I just put in a support@ to enable fe80::2 routing on all three of those boxes?
and then I point my default route at fe80::1
and another thing... it looks like squeak.org will be moving, probably to an ARP box
I was touting the advantages in the board call today
up_the_irons: oh sweet :)
RandalSchwartz: are all three boxes under the same account? (and thus, same VLAN)
RandalSchwartz: yeah, all under insightcruises.com
but they're on different kvm's
dunno if that matters.
up_the_irons: doesn't matter
RandalSchwartz: they all have nearby ipv4 addresses
but separate v6 assignments, I thought
could be wrong :)
up_the_irons: RandalSchwartz: so this is how it works -- the /48 can be routed to only one next-hop (naturally), so you have to pick a VM that will act as a router for the other two. obviously, if this VM goes down, then the other two lose connectivity. Generally speaking, this is another reason why routing over link-local is not the default option, and only for those comfortable with this fact :)
RandalSchwartz: if they are under the same account, they'll share the /48
i've never given more than one /48 to a VLAN (was never justified)
RandalSchwartz: sure
it's already 65536 x the size of the current v4 space :)
no wait... even bigger
the numbers just keep staggering me :)
pilgrimd: At some point you just end up sounding like Carl Sagan.
RandalSchwartz: a single /48 is big enough for 65536 segments, all using autoconfig
wait - does that mean link locals for all my boxes see each other?
pilgrimd: RandalSchwartz: Only if you don't want to do routing, which I think you'll pretty much have to do in this case.
RandalSchwartz: if I carve off a separate /64 for each of the boxes, can I route through the virtual router?
as in, can I treat them as all being on individual segments within my "organization"?
up_the_irons: RandalSchwartz: yes, link-local's should all see each other. they are on the same /64
RandalSchwartz: then your router would just need to add all three routes.
Hmm. this must be a solved problem.
up_the_irons: RandalSchwartz: but a route can only have one next-hop, unless you're doing some round-robin failover (and the other side needs to support it)
RandalSchwartz: I don't like the idea of having a specific box
up_the_irons: brb phone
RandalSchwartz: maybe that means ARP should be running rtadvd and pick up the routes automatically
I'm told that "just works" most of the time
pilgrimd: That might get kind of messy with VPSes, sicne you'd have to do different RA's for each VPS.
toddf: rtadvd tends to work with /64 best
pilgrimd: messy? its dead simple. one rtadvd, no conf necessary, using the /64 on the vlan for the allocation and the vps's link local address for the 64bit euid
if one wishes one's vps to have a specific link local address, then one only needs to do something akin to 'inet6 fe80::dead:beef' in e.g. openbsd's hostname.em0 file at the top
pilgrimd: toddf: Oh ok, I'm not familiar with how your hosts do up the networking.
up_the_irons: RandalSchwartz: that "just works" with one route (usually a /64), but if you want to further subnet a route (say a /48), then _something_ has to be the next-hop router, and _that_ box does the further subnetting. think about it like in IPv4 and /30's. A /30 between two routers, then the upstream routes all block(s) to the downstream over the /30. the downstream /30 is still _one_ machine.
if you require failover, that is usually when bgp or ospf come in the picture
toddf: pilgrimd: this is not how my hosts do networking this is how rtadvd/rtsol interact. period.
up_the_irons: but there is only one 'router' per address family on a given vlan, right?
-: toddf has setup rtadvd to run on a carp(4) interface before, but it requires pinging the default gateway before using it to get to remote subnets, bleh
up_the_irons: brb
-: toddf is used to failover meaining carp(4) but should look into ospfd/ospf6d some year
up_the_irons: toddf: yes, only one router per address family
***: schmir has quit IRC (Remote host closed the connection)
bob__ is now known as bob^^
robotarmy has quit IRC (Remote host closed the connection)
schmir has joined #arpnetworks
schmir has quit IRC (Remote host closed the connection)
fink has quit IRC (Quit: fink)
fink has joined #arpnetworks
fink has quit IRC (Client Quit)
robotarmy has joined #arpnetworks
unix_usr has joined #arpnetworks
unix_usr: hey all
anyone know if there's any upstream network issue which would prevent running openvpn as a server to have client connect in and get a private IP ?
***: HighJinx has quit IRC (Read error: Operation timed out)
jpalmer: unix_usr: poenvpn works on my vps
unix_usr: I get connection, but no ping :S
jpalmer - what's your server config like ?
jpalmer: basic openvpn server, nothing fancy.
unix_usr: I basically want client _X_ to dial into openvpn running as server on my VPS, get an 10.X ip address, and have my VPS be able to connect back to that client using that 10.X ip ...
jpalmer: sounds pretty straightforward. in answer to your question, no there is nothing on the ARPnetworks side that will prevent that from occuring
unix_usr: :S .... something in my vps perhaps ....
jpalmer: possibly. the guys in #openvpn are pretty good, maybe they can help?
unix_usr: I have a dedicated static IP here at home - run a small server from using FreeBSD 8.1 - copied config file and it just works ... put same config/certs on VPS box - no go....
connects fine and all, just no ping
Husky: using non standard port?
RandalSchwartz: how are you mapping from your public IP to your openvpn range?
or are you just tryhing to get to it from 10.x ?
unix_usr: randal - I'm basically trying to get access to the client, from the vps
so client 'dials' in - gets 10.10.8.6 - VPS routes from 10.10.8.1
RandalSchwartz: can you ping the IP from the VPS?
unix_usr: I want a CGI script on the VPS then, to pull data from 10.10.8.6
the client is behind NAT -
jpalmer: unix_usr: the network that the client is on, does it happen to also use the 10.10.x.x subnet?
RandalSchwartz: yeah, maybe you have route conflicts
unix_usr: no - client is on a 172.24.x network
RandalSchwartz: that's why I use 10.77/16, unlikely to conflict :)
unix_usr: if I copy the openvpn.conf file + certs from VPS -> my server here at home, then tell the client to connect to my home as remote site - works 100%
jpalmer: unix_usr: I'd suggest starting client and server in debug mode, and see what (if any) errors show
unix_usr: nothing that makes sense to me :$
whole bunch of RwrW ...
RandalSchwartz: are you pushign a route to your client?
unix_usr: once conenction establishes, I get RwRw when I ping (server spits out r's and w's)
RandalSchwartz: as in, is it sending all traffic up to the openvpn?
unix_usr: yes - pushing two routes to client
no - not all....
-: RandalSchwartz waits for more explanation
unix_usr: one sec...
entire client config:
client
dev tun
proto tcp
remote my-server-2 1194
resolv-retry infinite
nobind
user nobody
group nobody
persist-key
persist-tun
ca ca.crt
cert dakkota.crt
key dakkota.key
cipher BF-CBC
where my-server == my actual server hostname
RandalSchwartz: yeah - where's the route push?
if the client virtual address is 10.10.8.6, how does he know how to get to 10.10.8.1 ?
unix_usr: netstat -rn:
RandalSchwartz: or anything else on that box
since the processes are likely to use the "primary" box address
very likely a public addr
so they connect from 123.45.6.7
unix_usr: has route for 10.10.8.0/24
RandalSchwartz: how will 10.10.8.6 know how to route back?
you need to push a route for all local nets
at least
unix_usr: that route exists
RandalSchwartz: on the client?
symmetric?
unix_usr: 10.10.8.0/24 via gateway 10.10.8.5
on the client
RandalSchwartz: and...
how to get to 123.45.6.7 ?
unix_usr: uses it's default route ....
RandalSchwartz: or whatever your "major" address is for the box
and you permit that in through the outer firewall?
as in, you have a loosey goosey firewall?
unix_usr: right now firewall == open
this is new VPS ... not 'production'
RandalSchwartz: yeah, this is too much to diagnose remotely sorry
too many variables
unix_usr: thanks though :$
RandalSchwartz: I'm guessing you have a routing problem
can you ping your client from your VPS?
unix_usr: nope
RandalSchwartz: that's the first thing to solve
it's either a route problem at the VPS
(check there)
or a openvpn issue
I bet the server's 10.10.8.1 isn't /24
unix_usr: I can run the EXACT server config, from a different machine (not VPS @ arpnetworks, but FreeBSD 8.1 at home with public static IP) - no change to config except listen address ... works fine
RandalSchwartz: stop telling me "it works somewhere else"
that's irrlevant
unix_usr: server doesn't have local config - openvpn is adding that
RandalSchwartz: you need to look at THIS box and how THIS is set up
yes - is openvpn adding the right route?
unix_usr: I am not manually configuring 10.10.8.x anywhere
RandalSchwartz: ifconfig the openvpn interface
make sure it's /24
unix_usr: one sec...
will bring back up client / server and take a look at routing tables....
RandalSchwartz: if not, it won't hear the 10.10.8.5 traffic
wait... there should be a route
netstat -rn better have a route to 10.10.8/24
via the interface for openvpn
(tun0 for me)
***: cubelogic has quit IRC (Ping timeout: 255 seconds)
up_the_irons: bah, having trouble getting powerdns to axfr to the authoritative servers (BIND/named). i guess that is what i get for using BIND
unix_usr: tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500
options=80000<LINKSTATE>
inet 10.10.8.6 --> 10.10.8.5 netmask 0xffffffff
Opened by PID 56630
and netstat -rn: 10.10.8.0/24 gateway 10.10.8.5
can't ping 10.10.8.5 nor 10.10.8.1 from client
from server, cannot ping 10.10.8.5 / 10.10.8.6
RandalSchwartz: if you can't ping 10.10.8.6, openvpn is broken
unix_usr: server showing: 10.10.8.0/24 10.10.8.2
RandalSchwartz: you should check its error log
oh - that's weirder
it thinks it needs to go to 10.10.8.2 not .5
unix_usr: server shows: tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500
options=80000<LINKSTATE>
inet6 fe80::6025:ea39:563a:251a%tun0 prefixlen 64 scopeid 0x4
inet 10.10.8.1 --> 10.10.8.2 netmask 0xffffffff
nd6 options=3<PERFORMNUD,ACCEPT_RTADV>
Opened by PID 65677
server can't ping 10.10.8.2, but can ping 10.10.8.1
so on both server and client, they can ping their half of the tunnel, but not the remote
only thing that sticks out in the logfile: Need IPv6 code in mroute_extract_addr_from_packet
RandalSchwartz: their half but not the remote - could be either routes or openvpn not up
client side route look ok?
unix_usr: yes
RandalSchwartz: server side route?
unix_usr: just changed subnet - try a different one "in case" ...
now have server 10.77.8.1 --> 10.77.8.2, route 10.77.8.0/24 10.77.8.2 client: 10.77.8.6 --> 10.77.8.5, route 10.77.8.0/24 via 10.77.8.5
RandalSchwartz: that doesn't make sense
they shouldn't have different IPs
they should be symmetric
server 8.1 -> 8.2
client 8.2 -> 8.1
that'll certainly break things
unix_usr: openvpn puts them into /30 - 4 IP apart
not sure how to change that :$
I'm going off of the how-to on openvpn.net ....
lol - I'm a programmer damnit, not a network tech! :(
RandalSchwartz: well - if the two ends of your tunnel have different address ideas, that'll certainly not work. :)
oh - hmm. maybe that is the right thing
right... because server needs to push all 10.77.8 traffic into openvpn
unix_usr: like I said - something network-sided... pretty sure it's not a config issue :S
only real diff I have between home and VPS is the firewall...
VPS has pf, home is using ipfw
but both have 'allow everything via everything' rules right now...
pass in all flags S/SA keep state
pass out all flags S/SA keep state
going to revert back to IPFW instead of PF - see if maybe something wacky going on there...
RandalSchwartz: you *do* have ip-forwarding on VPS, right?
... gateway_enable=YES
... http://www.isgsp.net/freebsd/freebsd-openvpn.html
... sysctl -a |grep net.inet.ip.f
unix_usr: sysctl net.inet.ip.forwarding = 1 on both ends
jpalmer: unix_usr: to get rid of the /30, use topology subnet
unix_usr: ?
jpalmer: the /30 default, is to work around some windows networking issues.
02:38:37 <unix_usr> openvpn puts them into /30 - 4 IP apart
02:38:49 <unix_usr> not sure how to change that :$
unix_usr: yes I know - found that reading somewhere ... but couldn't figure out how to undo it :S
jpalmer: to change it: topology subnet
unix_usr: link is up
ifconfig server = 10.10.8.1 / client = 10.10.8.2
both have route via their local if to 10.10.8.0/24
both can ping their local IP - neither can ping the remote
:(
***: HighJinx has joined #arpnetworks
unix_usr: can even connect a second client ...
which gets 10.10.8.3
but still not able to ping :S
if I make client2 == server, then client1 and server (now == client2) - all conenct fine
RandalSchwartz: unix_usr - did you add "topology subnet"?
actually - I don't have that
I do have "server 10.77.77.0 255.255.255.0" though
unix_usr: tried topology subnet ...
still no-go
I have clientA + clientB + VPS
I swapped configs, making clientB = server, connecting to it from clientA + VPS
works fine in that direction :S
so VPS can connect as a client to another machine using same config, but cannot act as a server :S
really weird ...
RandalSchwartz: all I can say at this point is "works for me"
you're using client certs right
unix_usr: ping / connect / etc fine when VPS = client, home=server ... but no-go if I swap their configs and VPS=server, home=client
RandalSchwartz: are you looking at the logs from when your client tries to connect?
unix_usr: yeah - says connected...
get some annoying IPv6 warnings... but otherwise looks the same as I would expect :|
RandalSchwartz: where's your server config?
unix_usr: in: /usr/local/etc/openvpn/
RandalSchwartz: yes, but where I can see it. :)
unix_usr: so is the clients
RandalSchwartz: you pasted client config
unix_usr: oh ... :S - not have it anywhere ... one sec...
RandalSchwartz: how about server.
wait - why proto tcp?
that would... SUCK
tcp over tcp. very bad
openvpn *wants* to be over UDP
in fact, that's one of its big wins
is that it works nicely on UDP
so you never get into tcp-over-tcp
unix_usr: UDP not play nice with client being behind NAT :(
RandalSchwartz: uh, say what?
unix_usr: local 206.xxx.xxx.xxx
proto tcp
dev tun
topology subnet
RandalSchwartz: works JUST FINE
unix_usr: ca ca.crt
cert server.crt
key server.key # This file should be kept secret
dh dh1024.pem
server 10.10.8.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "route 206.xxx.xxx.xxx 255.255.255.248"
client-to-client
;duplicate-cn
keepalive 10 90
cipher BF-CBC # Blowfish (default)
;comp-lzo
max-clients 10
user nobody
RandalSchwartz: I'm behind NAT all the time
and UDP works JUST FINE
all modern NAT are relatively stateful, even for UDP
as long as the first packets are from the inside
and you have keep-alive
where's your cert lines?
... ca /usr/local/etc/openvpn/keys/ca.crt
stuff like that
oh, they're there
maybe the paths need to be absolute
did you look in the openvpn server log?
unix_usr: certs are ok
they are in /usr/local/etc/openvpn/
RandalSchwartz: whoa... is your "push" line literal?
you didn't show it's a comment
unix_usr: the rc.d script locals to that dir first
RandalSchwartz: mine reads # push "route 192.168.0.0 255.255.255.0"
commented out
unix_usr: push line was masked...
not really 'xxx.xxx'
RandalSchwartz: try taking it out though
unix_usr: as was listen ip
RandalSchwartz: if you're only routing to 10.x
unix_usr: I did - no change
RandalSchwartz: where's "daemon"
mine has daemon in it
***: robotarmy has quit IRC (Remote host closed the connection)
RandalSchwartz: oops... gotta go.
unix_usr: daemon is passed on command line from rc.d
RandalSchwartz: ok - I have mine in my file
-: RandalSchwartz wanders off
unix_usr: Randal - took your sample... changed my subnet to 10.77.77.0 - works.
go figure.
must be some use of the same subnet somewhere in arpnetworks.com :S
***: unix_usr has left
Zuul_ has joined #arpnetworks
Zuul has quit IRC (Ping timeout: 276 seconds)
unix_usr has joined #arpnetworks
unix_usr: hey all - anyone from support here?
or anyone know how long a "reset to defaults" should take ?
does it mean a complete re-stage ?
RandalSchwartz: and that's why I use a weird number. :)
have you also switched to UDP?
unix_usr: UDP a no-go...
10.77.77.0 also a no go
I have two VPS w/ arpnetworks.... works fine on A, not on B
both in same subnet, running same configuration ....
thinking I messed with this one too much :$
but cdrom is no longer 'insertted' / attached either :(
RandalSchwartz: wait - I'm now confused
<unix_usr> Randal - took your sample... changed my subnet to 10.77.77.0 - - works.
so why are you now saying "no go"
unix_usr: yeah - I was on wrong machine :|
lol - VPS A / VPS B
both configured to have same hostname/etc ... mixed up my terminal windows :S
VPS B is new - staging it to replace VPS A
***: unix_usr has quit IRC (Quit: unix_usr)
Jareth has quit IRC (Read error: Connection reset by peer)
heavysixer has quit IRC (Ping timeout: 264 seconds)
heavysixer has joined #arpnetworks
ChanServ sets mode: +o heavysixer