[00:08] *** au has joined #arpnetworks [00:25] *** heavysixer has quit IRC (Read error: Connection reset by peer) [00:25] *** heavysixer has joined #arpnetworks [00:25] *** ChanServ sets mode: +o heavysixer [00:36] *** coobra has quit IRC (Ping timeout: 255 seconds) [00:36] *** coobra has joined #arpnetworks [00:36] *** coobra has quit IRC (Changing host) [00:36] *** coobra has joined #arpnetworks [00:53] *** cubelogic has quit IRC (Remote host closed the connection) [01:30] *** ivan-kanis has joined #arpnetworks [01:39] up_the_irons: really you want a phone book type icon [01:41] i c [01:41] i chose "database_table" [01:41] up_the_irons: ha, that was going to be a suggestion [01:42] haha [01:46] hmmm lets see how fast I can ruin my systems networking :P [01:47] on the other hand, it worked... [01:47] hmmmm [02:04] *** LT has joined #arpnetworks [03:56] palaCios8 [06:15] *** bharatak has joined #arpnetworks [07:20] *** rgouveia has quit IRC (Ping timeout: 252 seconds) [07:20] *** rgouveia has joined #arpnetworks [07:20] *** rgouveia has quit IRC (Changing host) [07:20] *** rgouveia has joined #arpnetworks [07:50] *** fink has joined #arpnetworks [08:31] *** phrac has quit IRC (Quit: Lost terminal) [08:37] since it's dns related, magic eightball would be perfect [08:37] (icon) [08:44] *** fink has quit IRC (Quit: fink) [09:39] *** HighJinx has quit IRC (Quit: Leaving) [09:40] *** heavysixer has quit IRC (Quit: heavysixer) [09:53] *** cubelogic has joined #arpnetworks [09:56] *** robotarmy has joined #arpnetworks [10:17] *** LT has quit IRC (Quit: Leaving) [10:23] lol [10:24] re: last night and inetd.conf, that's kinda funny. I'm sure ftp-proxy gets used far more than echo/daytime do. [10:28] i thought that [10:28] how is ftp-proxy handled now? [10:28] isn't it magically in pf now or something [10:30] *** heavysixer has joined #arpnetworks [10:30] *** ChanServ sets mode: +o heavysixer [10:38] *** HighJinx has joined #arpnetworks [10:45] up_the_irons: page_white_edit [10:57] *** ivan-kanis has quit IRC (Remote host closed the connection) [11:15] incompetant management are prob the only thing in my life that make me wana jump off a bridge [11:16] vcs_: bad software? :-) [11:16] no [11:17] they forgot to include 2 months of work in a bid till the deadline [11:17] and then realized they needed it [11:17] then supprise, i have to do it in 2 weeks [11:17] lol [11:17] fuck my life [11:21] that sucks [11:28] *** bharatak has quit IRC (Quit: leaving) [12:05] yep [12:05] welcome to programming [12:05] i would not recomend it as a career path to anyone despite how fun the actual work is [12:06] code monkey think maybe managre want to write goddamn login page himself [12:07] i dont expect my manager to do anything but plan/execute the project correctly [12:08] and providing me with proper documentation about what i am working on [12:08] (before the project is due) [12:08] also, when i have a deadline that is really close [12:09] its a song ok [12:09] they always love to take me off of it and put me on something else [12:09] then place the blame on me [12:09] for missing it [12:09] lol [12:10] the worst kinds of managers expect the coders to effectively manage the project [12:10] to do their management work for them [12:10] oh [12:14] *** fink has joined #arpnetworks [12:15] I also don't recommend programming as a career path because then you would be competing with me for jobs. [12:15] haha [12:16] do you enjoy working 16 hour days 7 days a week? then the programming profession is for you! [12:16] mike-burns, the definition of modesty :P [12:17] actually, in re-reading that.. I probably took it a different way than it was meant :P [12:17] * jpalmer took it as "I'm the best, and you'd be competing with me" heh [12:17] Heh, and I definitely meant the opposite. [12:20] mike-burns: if i quit, you still have to face the biggest competition of all [12:20] offshoring [12:20] :P [12:20] until they quit, i think you are out of luck [12:21] Also my job seems to be very different from yours, vcs_ . [12:21] I work 40-hour weeks and don't have outsourcing as competition. [12:22] i do embedded development, linux drivers/apps, board bringup, stuff like that [12:23] lately ive been doing video muxing/demuxing [12:29] sounds interesting [12:29] it is awesome [12:30] the hours are not [12:30] at least i am doing something i like though [12:30] that's true, that's always important [12:31] and at least i have a job [12:31] lol [12:33] yeah :) [12:35] hm.. got a few questions I'd like to ask you guys.. 1) is the anti-spam adequate on gmail/google apps free? 2) have you tried filing your taxes online and what do you think about it? [12:35] heh [12:36] 1. most spam is filtered, its pretty adequate [12:36] 2. my mom is a cpa :P [12:36] I'm trying to get a business going, selling stuff on ebay, so I'm trying to get by on very little money at the moment [12:36] vcs_: cool, and darn :) [12:38] kinda funny. I filled out the state sales and use tax return with all zeros [12:39] laziness got the better of me, so I haven't gotten things together to sell the first thing [12:40] but on the other hand, I didn't understand most of that stuff, and I don't really have the money to pay someone that does :P [12:40] haha [12:40] i know the feeling [12:41] even right now I feel like I need to drink a gallon of coffee or something, but maybe that's a different feeling heh [12:42] of course I've been sleeping crazy weird hours lately [12:42] same here, im supposed to get to work at 9 [12:42] but usually i walk in at 12 [12:42] today's my first 'regular day' in probably a week [12:42] but they can't fire me [12:42] at 12? sheesh :P [12:42] and my sleep schedule gets off working their crazy hours [12:42] so i dont feel guilty [12:43] my subconscious does not allow me to wake up really without 6 hours of sleep [12:43] that's good enough for me [12:43] i dont even hear my alarm [12:43] there are limits of the human body [12:43] I totally get that [12:44] i dont feel guilty about it either and they cannot fire me because they can't replace me [12:44] it's like that one day I was at work for nearly 12 hours and had nothing to eat [12:44] yeah, i eat one meal a day [12:44] my schedule is so off [12:44] but I guess I had to learn the hard way I need to be more vocal [12:44] boss should have known, but there you go [12:45] problem is i am the only one in the company who can do alot of administration stuff, as well as anything linux/unix related [12:46] on one hand, I wish I had your job, and on the other, I see it as a repeat of the same crap I went through [12:46] lol [12:46] eventually i will have a good idea [12:46] and work from home :P [12:46] not that I know how to program linux drivers and what not :) [12:46] one fine day [12:46] but until then [12:47] that's sort of my goal too [12:47] if i had a huge reserve of money [12:47] i would just work on OSS projects all day [12:47] same here [12:53] btw, if you ever want to consider partnering up or anything, I'm good at general system administration, networking, PHP/MySQL.. I've setup DNS, mail, web, and asterisk servers. wireless access points, routers, switches, QoS, and I dabble in C from time to time [12:54] or if anyone is looking to fill a position, I'm 100% available [12:54] mattx86: I use gapps free, and think the spam filtering is great. as for taxes, a decent accountant is worth their weight in gold. seriously, if you're a small time operation (which, most are at first) you can likely have your taxes done for a very reasonable cost. as you get bigger, their services can grow with you. [12:55] mattx86: where are you located? the company I work for is looking for linux savvy people. [12:56] mattx86: you have .0387994 seconds to respond! [12:57] lol [12:57] jpalmer: well, I'm thinking/hoping that atleast my state sales and use tax return is good the way I filled it out, but I'll definitely being filing with H&R block or similar next year. I was wondering about filing my personal pre-sole-proprietor federal tax return online soon [12:57] jpalmer: lol sorry :) [12:57] jpalmer: I'm in north-west TN, Union City to be exact [12:58] mattx86: where do you live? [12:58] oops stupid i have to read farther [12:58] mattx86: I'm not sure if remote is OK or not. I could find out, but if you're interested, shoot me a /msg. we use DNS, web, mail, freeswitch (rather than asterisk), and deal with wifi, and general networking extensively. [12:58] currently, I'm packaging open source software for Alpine Linux, writing documentation for them, and attempting to start a business selling computer products on ebay [12:59] ix33: Union City, TN, USA [12:59] (We're in florida, about 100 miles south of tampa) [12:59] mattx86: live near a big airport? (memphis i assume?) [12:59] jpalmer: you know what, I have a cousin and other family in florida.. I could perhaps move [13:00] *** robotarmy has quit IRC (Read error: Connection reset by peer) [13:00] mattx86: shoot me a /msg, seriously. [13:00] jpalmer: awesome, will do [13:00] ix33: kinda.. memphis is a 2-hour drive from here [13:00] *** robotarmy has joined #arpnetworks [13:00] ix33: brother uses it when it comes in from japan and what not [13:01] he's ok btw [13:01] glad to hear it [13:01] yikes, brother in japan? hope you've contacted him in the last couple days. [13:01] hope he lives in s/w japan... [13:01] thats good to hear. you answered before I said it ;) [13:02] yeah, he lives in Nagoya, where he said it was a 4.0 there.. office shook pretty good, but didn't come down on them or anything [13:02] said nothing in his appartment seems to have moved even an inch, but still feels the aftershocks there [13:04] mattx86: hope you find a spot. i can never find good people when we have a position open. [13:04] ix33: me too [13:05] *** robotarmy has quit IRC (Remote host closed the connection) [13:05] *** robotarmy has joined #arpnetworks [13:08] *** schmir has joined #arpnetworks [13:31] hmm. I have a directory that contains enough entries that it's 2.5GB long [13:31] mistake on my part... just want to delete it recursively now [13:31] I wonder what the easiest way is [13:32] find BAD -ls -delete # seems like one way [13:32] *** schmir has quit IRC (Ping timeout: 252 seconds) [13:32] * jpalmer ponders tricking up_the_irons into sending me a server, and claiming I'll be the florida leg of ARP :P [13:37] * jpalmer could use some modernish hardware in the home lab :P I'm currently sitting on HP DL380's (G4) which can't do 64bit guests. [13:38] *** schmir has joined #arpnetworks [13:41] :) [13:46] jpalmer: do you do any data center work down in florida? [13:47] up_the_irons: not much these days, but I was joking :P I was going to steal the server and use it in my home lab. heh [13:47] jpalmer: LOL [13:47] up_the_irons: I used to do a fair amount, a couple years ago [13:47] gotcha [13:48] at one point, I was going to try and start a business similar to ARP, but using vmware ESX/ESXi, and allowing people to have as many VM's as they wanted within their assigned resource pool. [13:48] ah cool [14:00] up_the_irons - my task for two weekends from now is to bring up v6 for all of neil's machines [14:00] I remember there's two ways to get the routes to work... the easy way, and the way I'm doing it. :) [14:00] heh [14:00] would it be useful for me to use rtadvd? [14:00] and would that let me route to a /48 on my laptop? [14:00] or maybe a /64 from my allocation? [14:01] or will I always need a static default route for my v6, like with v4? [14:02] RandalSchwartz: cool [14:03] RandalSchwartz: we don't run rtadvd so i'm not sure if it would be useful to you [14:03] You don't need RA's to route v6, it just provides automated configuration of them. [14:03] if you want to control your own routing, then what you want is for us to route your /48 over a link-local address, then you can further route from there [14:04] I think that's what I'm doing on red. [14:04] but it was the ugly fe80::[mac addr] [14:04] not a nice fe80::1 [14:05] yeah - /^rootbeer@red.stonehenge.com$/ DUNNO [14:05] oops [14:06] yeah - ipv6_defaultrouter=fe80::5054:ff:fe27:9007%em0 [14:06] bad paste sorry [14:07] so do I just put in a support@ to enable fe80::2 routing on all three of those boxes? [14:07] and then I point my default route at fe80::1 [14:08] and another thing... it looks like squeak.org will be moving, probably to an ARP box [14:08] I was touting the advantages in the board call today [14:12] oh sweet :) [14:12] RandalSchwartz: are all three boxes under the same account? (and thus, same VLAN) [14:12] yeah, all under insightcruises.com [14:13] but they're on different kvm's [14:13] dunno if that matters. [14:13] doesn't matter [14:14] they all have nearby ipv4 addresses [14:14] but separate v6 assignments, I thought [14:14] could be wrong :) [14:15] RandalSchwartz: so this is how it works -- the /48 can be routed to only one next-hop (naturally), so you have to pick a VM that will act as a router for the other two. obviously, if this VM goes down, then the other two lose connectivity. Generally speaking, this is another reason why routing over link-local is not the default option, and only for those comfortable with this fact :) [14:15] RandalSchwartz: if they are under the same account, they'll share the /48 [14:15] i've never given more than one /48 to a VLAN (was never justified) [14:15] sure [14:16] it's already 65536 x the size of the current v4 space :) [14:16] no wait... even bigger [14:16] the numbers just keep staggering me :) [14:16] At some point you just end up sounding like Carl Sagan. [14:17] a single /48 is big enough for 65536 segments, all using autoconfig [14:17] wait - does that mean link locals for all my boxes see each other? [14:18] RandalSchwartz: Only if you don't want to do routing, which I think you'll pretty much have to do in this case. [14:19] if I carve off a separate /64 for each of the boxes, can I route through the virtual router? [14:20] as in, can I treat them as all being on individual segments within my "organization"? [14:20] RandalSchwartz: yes, link-local's should all see each other. they are on the same /64 [14:20] then your router would just need to add all three routes. [14:21] Hmm. this must be a solved problem. [14:21] RandalSchwartz: but a route can only have one next-hop, unless you're doing some round-robin failover (and the other side needs to support it) [14:21] I don't like the idea of having a specific box [14:21] brb phone [14:22] maybe that means ARP should be running rtadvd and pick up the routes automatically [14:22] I'm told that "just works" most of the time [14:23] That might get kind of messy with VPSes, sicne you'd have to do different RA's for each VPS. [14:24] rtadvd tends to work with /64 best [14:24] pilgrimd: messy? its dead simple. one rtadvd, no conf necessary, using the /64 on the vlan for the allocation and the vps's link local address for the 64bit euid [14:25] if one wishes one's vps to have a specific link local address, then one only needs to do something akin to 'inet6 fe80::dead:beef' in e.g. openbsd's hostname.em0 file at the top [14:25] toddf: Oh ok, I'm not familiar with how your hosts do up the networking. [14:25] RandalSchwartz: that "just works" with one route (usually a /64), but if you want to further subnet a route (say a /48), then _something_ has to be the next-hop router, and _that_ box does the further subnetting. think about it like in IPv4 and /30's. A /30 between two routers, then the upstream routes all block(s) to the downstream over the /30. the downstream /30 is still _one_ machine. [14:25] if you require failover, that is usually when bgp or ospf come in the picture [14:25] pilgrimd: this is not how my hosts do networking this is how rtadvd/rtsol interact. period. [14:26] up_the_irons: but there is only one 'router' per address family on a given vlan, right? [14:27] * toddf has setup rtadvd to run on a carp(4) interface before, but it requires pinging the default gateway before using it to get to remote subnets, bleh [14:30] brb [14:34] * toddf is used to failover meaining carp(4) but should look into ospfd/ospf6d some year [15:03] toddf: yes, only one router per address family [15:40] *** schmir has quit IRC (Remote host closed the connection) [15:58] *** bob__ is now known as bob^^ [16:23] *** robotarmy has quit IRC (Remote host closed the connection) [16:42] *** schmir has joined #arpnetworks [16:44] *** schmir has quit IRC (Remote host closed the connection) [17:09] *** fink has quit IRC (Quit: fink) [17:40] *** fink has joined #arpnetworks [17:40] *** fink has quit IRC (Client Quit) [18:44] *** robotarmy has joined #arpnetworks [18:52] *** unix_usr has joined #arpnetworks [18:52] hey all [18:53] anyone know if there's any upstream network issue which would prevent running openvpn as a server to have client connect in and get a private IP ? [18:53] *** HighJinx has quit IRC (Read error: Operation timed out) [18:54] unix_usr: poenvpn works on my vps [18:54] I get connection, but no ping :S [18:54] jpalmer - what's your server config like ? [18:55] basic openvpn server, nothing fancy. [18:55] I basically want client _X_ to dial into openvpn running as server on my VPS, get an 10.X ip address, and have my VPS be able to connect back to that client using that 10.X ip ... [18:56] sounds pretty straightforward. in answer to your question, no there is nothing on the ARPnetworks side that will prevent that from occuring [18:56] :S .... something in my vps perhaps .... [18:57] possibly. the guys in #openvpn are pretty good, maybe they can help? [18:57] I have a dedicated static IP here at home - run a small server from using FreeBSD 8.1 - copied config file and it just works ... put same config/certs on VPS box - no go.... [18:57] connects fine and all, just no ping [18:57] using non standard port? [19:03] how are you mapping from your public IP to your openvpn range? [19:03] or are you just tryhing to get to it from 10.x ? [19:04] randal - I'm basically trying to get access to the client, from the vps [19:04] so client 'dials' in - gets 10.10.8.6 - VPS routes from 10.10.8.1 [19:04] can you ping the IP from the VPS? [19:04] I want a CGI script on the VPS then, to pull data from 10.10.8.6 [19:05] the client is behind NAT - [19:05] unix_usr: the network that the client is on, does it happen to also use the 10.10.x.x subnet? [19:05] yeah, maybe you have route conflicts [19:05] no - client is on a 172.24.x network [19:05] that's why I use 10.77/16, unlikely to conflict :) [19:06] if I copy the openvpn.conf file + certs from VPS -> my server here at home, then tell the client to connect to my home as remote site - works 100% [19:06] unix_usr: I'd suggest starting client and server in debug mode, and see what (if any) errors show [19:06] nothing that makes sense to me :$ [19:06] whole bunch of RwrW ... [19:07] are you pushign a route to your client? [19:07] once conenction establishes, I get RwRw when I ping (server spits out r's and w's) [19:07] as in, is it sending all traffic up to the openvpn? [19:07] yes - pushing two routes to client [19:07] no - not all.... [19:07] * RandalSchwartz waits for more explanation [19:09] one sec... [19:10] entire client config: [19:10] client [19:10] dev tun [19:11] proto tcp [19:11] remote my-server-2 1194 [19:11] resolv-retry infinite [19:11] nobind [19:11] user nobody [19:11] group nobody [19:11] persist-key [19:11] persist-tun [19:11] ca ca.crt [19:11] cert dakkota.crt [19:11] key dakkota.key [19:11] cipher BF-CBC [19:11] where my-server == my actual server hostname [19:11] yeah - where's the route push? [19:12] if the client virtual address is 10.10.8.6, how does he know how to get to 10.10.8.1 ? [19:12] netstat -rn: [19:12] or anything else on that box [19:12] since the processes are likely to use the "primary" box address [19:12] very likely a public addr [19:13] so they connect from 123.45.6.7 [19:13] has route for 10.10.8.0/24 [19:13] how will 10.10.8.6 know how to route back? [19:13] you need to push a route for all local nets [19:13] at least [19:13] that route exists [19:13] on the client? [19:13] symmetric? [19:14] 10.10.8.0/24 via gateway 10.10.8.5 [19:14] on the client [19:14] and... [19:14] how to get to 123.45.6.7 ? [19:14] uses it's default route .... [19:14] or whatever your "major" address is for the box [19:14] and you permit that in through the outer firewall? [19:14] as in, you have a loosey goosey firewall? [19:14] right now firewall == open [19:15] this is new VPS ... not 'production' [19:15] yeah, this is too much to diagnose remotely sorry [19:15] too many variables [19:15] thanks though :$ [19:15] I'm guessing you have a routing problem [19:15] can you ping your client from your VPS? [19:15] nope [19:16] that's the first thing to solve [19:16] it's either a route problem at the VPS [19:16] (check there) [19:16] or a openvpn issue [19:16] I bet the server's 10.10.8.1 isn't /24 [19:16] I can run the EXACT server config, from a different machine (not VPS @ arpnetworks, but FreeBSD 8.1 at home with public static IP) - no change to config except listen address ... works fine [19:16] stop telling me "it works somewhere else" [19:17] that's irrlevant [19:17] server doesn't have local config - openvpn is adding that [19:17] you need to look at THIS box and how THIS is set up [19:17] yes - is openvpn adding the right route? [19:17] I am not manually configuring 10.10.8.x anywhere [19:17] ifconfig the openvpn interface [19:17] make sure it's /24 [19:17] one sec... [19:17] will bring back up client / server and take a look at routing tables.... [19:17] if not, it won't hear the 10.10.8.5 traffic [19:18] wait... there should be a route [19:18] netstat -rn better have a route to 10.10.8/24 [19:18] via the interface for openvpn [19:19] (tun0 for me) [19:22] *** cubelogic has quit IRC (Ping timeout: 255 seconds) [19:23] bah, having trouble getting powerdns to axfr to the authoritative servers (BIND/named). i guess that is what i get for using BIND [19:23] tun0: flags=8051 metric 0 mtu 1500 [19:23] options=80000 [19:23] inet 10.10.8.6 --> 10.10.8.5 netmask 0xffffffff [19:23] Opened by PID 56630 [19:23] and netstat -rn: 10.10.8.0/24 gateway 10.10.8.5 [19:24] can't ping 10.10.8.5 nor 10.10.8.1 from client [19:25] from server, cannot ping 10.10.8.5 / 10.10.8.6 [19:26] if you can't ping 10.10.8.6, openvpn is broken [19:26] server showing: 10.10.8.0/24 10.10.8.2 [19:26] you should check its error log [19:26] oh - that's weirder [19:26] it thinks it needs to go to 10.10.8.2 not .5 [19:26] server shows: tun0: flags=8051 metric 0 mtu 1500 [19:26] options=80000 [19:26] inet6 fe80::6025:ea39:563a:251a%tun0 prefixlen 64 scopeid 0x4 [19:26] inet 10.10.8.1 --> 10.10.8.2 netmask 0xffffffff [19:26] nd6 options=3 [19:26] Opened by PID 65677 [19:27] server can't ping 10.10.8.2, but can ping 10.10.8.1 [19:27] so on both server and client, they can ping their half of the tunnel, but not the remote [19:29] only thing that sticks out in the logfile: Need IPv6 code in mroute_extract_addr_from_packet [19:32] their half but not the remote - could be either routes or openvpn not up [19:33] client side route look ok? [19:33] yes [19:33] server side route? [19:33] just changed subnet - try a different one "in case" ... [19:35] now have server 10.77.8.1 --> 10.77.8.2, route 10.77.8.0/24 10.77.8.2 client: 10.77.8.6 --> 10.77.8.5, route 10.77.8.0/24 via 10.77.8.5 [19:36] that doesn't make sense [19:36] they shouldn't have different IPs [19:37] they should be symmetric [19:37] server 8.1 -> 8.2 [19:37] client 8.2 -> 8.1 [19:37] that'll certainly break things [19:37] openvpn puts them into /30 - 4 IP apart [19:37] not sure how to change that :$ [19:38] I'm going off of the how-to on openvpn.net .... [19:38] lol - I'm a programmer damnit, not a network tech! :( [19:39] well - if the two ends of your tunnel have different address ideas, that'll certainly not work. :) [19:40] oh - hmm. maybe that is the right thing [19:41] right... because server needs to push all 10.77.8 traffic into openvpn [19:42] like I said - something network-sided... pretty sure it's not a config issue :S [19:43] only real diff I have between home and VPS is the firewall... [19:43] VPS has pf, home is using ipfw [19:43] but both have 'allow everything via everything' rules right now... [19:44] pass in all flags S/SA keep state [19:44] pass out all flags S/SA keep state [19:51] going to revert back to IPFW instead of PF - see if maybe something wacky going on there... [20:06] you *do* have ip-forwarding on VPS, right? [20:06] ... gateway_enable=YES [20:07] ... http://www.isgsp.net/freebsd/freebsd-openvpn.html [20:08] ... sysctl -a |grep net.inet.ip.f [20:11] sysctl net.inet.ip.forwarding = 1 on both ends [20:12] unix_usr: to get rid of the /30, use topology subnet [20:12] ? [20:12] the /30 default, is to work around some windows networking issues. [20:12] 02:38:37 openvpn puts them into /30 - 4 IP apart [20:12] 02:38:49 not sure how to change that :$ [20:13] yes I know - found that reading somewhere ... but couldn't figure out how to undo it :S [20:13] to change it: topology subnet [20:16] link is up [20:16] ifconfig server = 10.10.8.1 / client = 10.10.8.2 [20:17] both have route via their local if to 10.10.8.0/24 [20:17] both can ping their local IP - neither can ping the remote [20:17] :( [20:20] *** HighJinx has joined #arpnetworks [20:20] can even connect a second client ... [20:20] which gets 10.10.8.3 [20:21] but still not able to ping :S [20:21] if I make client2 == server, then client1 and server (now == client2) - all conenct fine [20:27] unix_usr - did you add "topology subnet"? [20:27] actually - I don't have that [20:28] I do have "server 10.77.77.0 255.255.255.0" though [20:28] tried topology subnet ... [20:28] still no-go [20:29] I have clientA + clientB + VPS [20:29] I swapped configs, making clientB = server, connecting to it from clientA + VPS [20:29] works fine in that direction :S [20:30] so VPS can connect as a client to another machine using same config, but cannot act as a server :S [20:30] really weird ... [20:30] all I can say at this point is "works for me" [20:30]