[00:38] *** Ehtyar has quit IRC (Quit: I was raided by the FBI and all I got to keep was this lousy quit message!) [00:55] *** LT has joined #arpnetworks [01:03] *** amdprophet has joined #arpnetworks [02:29] *** LT has quit IRC (Remote host closed the connection) [04:19] *** ix33 has quit IRC (Ping timeout: 272 seconds) [04:19] *** ix33 has joined #arpnetworks [05:50] *** nestea has quit IRC (Quit: ()) [05:50] *** nestea has joined #arpnetworks [05:50] *** heavysixer has joined #arpnetworks [05:50] *** ChanServ sets mode: +o heavysixer [05:51] *** nestea has quit IRC (Client Quit) [05:53] *** nestea has joined #arpnetworks [05:53] *** nestea has quit IRC (Client Quit) [05:53] *** nestea has joined #arpnetworks [05:54] *** nestea has quit IRC (Client Quit) [06:21] *** qbit_ has joined #arpnetworks [06:21] bah - keep forgetting to add you guys to my autojoin list :D [06:41] win2 [06:41] heh [06:47] *** meingtsla has quit IRC (Quit: Leaving) [06:49] *** meingtsla has joined #arpnetworks [06:52] *** ziyourenxiang has joined #arpnetworks [07:31] *** dferris_ is now known as dferris [07:34] *** toddf has quit IRC (Read error: Operation timed out) [07:35] *** toddf has joined #arpnetworks [07:35] *** ChanServ sets mode: +o toddf [07:37] *** heavysixer has quit IRC (Read error: Connection reset by peer) [08:03] *** Guest90612 has quit IRC (Changing host) [08:03] *** Guest90612 has joined #arpnetworks [08:03] *** Guest90612 is now known as phlux [08:15] *** ziyourenxiang has quit IRC (Quit: ziyourenxiang) [08:16] *** phlux has quit IRC (Quit: Reconnecting) [08:16] *** phlux has joined #arpnetworks [08:42] *** raptelan has quit IRC (Remote host closed the connection) [09:10] *** himuraken has quit IRC (Ping timeout: 252 seconds) [09:18] *** toorop has quit IRC (Ping timeout: 244 seconds) [09:24] *** himuraken has joined #arpnetworks [09:31] *** toorop has joined #arpnetworks [09:42] *** gift__ has quit IRC (Remote host closed the connection) [09:43] *** gift__ has joined #arpnetworks [10:19] *** _awyeah__ has quit IRC (Remote host closed the connection) [10:28] *** zeshoem has quit IRC (Ping timeout: 246 seconds) [10:29] *** heavysixer has joined #arpnetworks [10:29] *** ChanServ sets mode: +o heavysixer [11:15] how come OpenBSD systat misbehaves in my arp vps? [11:16] *** HighJinx has quit IRC (Ping timeout: 244 seconds) [11:18] anyone have trouble with freebsd-update? I've been getting this contastantly the last few weeks: http://dpaste.com/758314/ [11:18] misbehaves how? I'm not familiar with running it on openbsd, but I've seen other issues.. that may not be specific to openbosd [11:19] it never populates the fields with stats [11:20] pjs: IIRC, they added IPv6 AAAA records a few weeks ago. is your IPv6 either disabled, or configured correctly? [11:20] jpalmer, I never configured it.. [11:20] i tried running it with a interval of 1 sec and the clock display ticks but no data. then this: > The alternate system clock has died! [11:21] pjs: I'd specifically disable IPv6 then, and see if it works. [11:21] mikeputnam: ahh, not familiar with that particular issue. probably not going to be much help :/ [11:21] top works normally [11:22] not a big deal really, more curiosity [11:24] *** HighJinx has joined #arpnetworks [11:25] jpalmer, silly question.. I see the rc.conf entries to disable ipv6, but is it possible without requiring a reboot? [11:27] pjs: remove the default route for v6, and it won't be used (and if you never set it up, then most likely there is not v6 default anyway) [11:29] up_the_irons netstat -rn does show some v6 routes.. [11:29] pjs: can you ping update5.freebsd.org? over ipv4? [11:29] I have a feeling it's timing out before your networking stack is trying to fall back to ipv4 [11:29] Yup [11:30] what happens if you ping6 the same host? [11:30] PING6(56=40+8+8 bytes) 2607:f2f8:a548::2 --> 2001:4978:1:420::cc09:3750 [11:30] ping6: sendmsg: Operation not permitted [11:30] pjs: the v6 default will be ::0 [11:31] pjs: is your firewall blocking some v6? [11:31] pjs: I'd run a tcpdump, and see if it's bein attempted over v4 or v6 [11:31] that message looks like the traffic is being administratively blocked. [11:31] up_the_irons default 2607:f2f8:a548::1 UGS em0 (my default) [11:32] ahh, could be.. I didn't specifically permit v6 [11:32] pjs: looks right [11:32] *** dj_goku_ has joined #arpnetworks [11:32] *** dj_goku_ has quit IRC (Changing host) [11:32] *** dj_goku_ has joined #arpnetworks [11:33] man my v6 fu is non-existant [11:33] *** dj_goku has quit IRC (Read error: Connection reset by peer) [11:34] up_the_irons / jpalmer - my default out going rule is "pass out on $ext_if proto { tcp, udp, icmp } from any to any modulate state" (pf) do I need to specify v6 in there? [11:34] my pf fu is non-existent ;) [11:35] pjs: I'm not sure how to completely disable v6 on fbsd.. I haven't done much in fbsd-land with it. I'm more of a centos guy the last 2-3 years due to work. [11:35] heh ok cool.. I'll read the man page [11:35] you're probably blocking icmp6, which is required for things like neighbor discovery to work [11:36] I think twobithacker is probably right, i just had a support ticket about this a week ago, and the customer's pf was blocking the ND packets [11:36] twobithacker ahh, ok.. I am allowing icmp "pass in inet proto icmp all icmp-type echoreq keep state" but not mentioning icmp6 [11:39] yeah, IPv6 requires more than that to function, you need to allow at least neighbrsol and neighbradv, and maybe routersol/routeradv, and toobig is highly recommended (since v6 can't be fragmented on the path) [11:39] I find it easier to just allow all icmp6 [11:39] I'd add a temp rule to allow all ipv6 in/out, and see if that addresses your update issue. let smake sure we're on the right path, before builind g a fulle pf rule set. [11:40] wow, I kin tipe. [11:40] ok, yea.. let me test that [11:40] lol [11:40] currently in a meeting. ignore my poor typing and sporadic repsonses. :P [11:41] http://pastebin.ca/2160604 <- my fairly minimal pf.conf, if anyone's interested [11:42] twobithacker thanks.. helps me with the icmp6 change [11:43] jpalmer: depends on how thoroughly you want to remove it :P [11:45] jdoe: I more meant 'disbable' so that the OS doesn't try to prefer it over v4. Ideally, you'd have dual stack working correctly. but barring that, prever v4 over a broken v6 config [11:47] ah [11:47] jpalmer, well I can now ping6 update5.freebsd.org but freebsd-update fetch still fails (same as before, only much quicker now heh) [11:50] *** HighJinx has quit IRC (Ping timeout: 252 seconds) [11:53] *** HighJinx has joined #arpnetworks [11:57] Anyone in here know anything about verifying SSL certs? [11:59] maybe, what are you trying to do? [12:02] *** dj_goku_ has quit IRC (Ping timeout: 245 seconds) [12:07] *** dj_goku has joined #arpnetworks [12:18] *** Yamazaki-kun has quit IRC (Ping timeout: 272 seconds) [12:20] *** HighJinx has quit IRC (Ping timeout: 244 seconds) [12:22] pjs: were you able to get a tcpdump? is it trying v4 or v6? [12:23] pjs: find the ipv4 address for one of the update servers, stick it in /etc/hosts, and see if it works? [12:24] *** Yamazaki-kun has joined #arpnetworks [12:25] *** HighJinx has joined #arpnetworks [12:49] jpalmer, good idea.. I'll toy with it some more tomorrow. I got a handful of tickets to take care of.. thanks for all the help though! [12:49] jpalmer, twobithacker, up_the_irons - really appreciate it! :) [12:50] *** HighJinx has quit IRC (Ping timeout: 244 seconds) [12:53] *** HighJinx has joined #arpnetworks [13:50] *** HighJinx has quit IRC (Ping timeout: 244 seconds) [13:53] *** HighJinx has joined #arpnetworks [14:06] *** HighJinx has quit IRC (Ping timeout: 246 seconds) [14:14] *** HighJinx has joined #arpnetworks [14:21] *** HighJinx has quit IRC (Ping timeout: 256 seconds) [14:24] *** HighJinx has joined #arpnetworks [14:36] *** zeshoem has joined #arpnetworks [15:11] *** CESSMASTER has joined #arpnetworks [16:24] *** Ehtyar has joined #arpnetworks [16:25] *** ryk has quit IRC (Ping timeout: 265 seconds) [16:26] *** ryk has joined #arpnetworks [16:37] *** HighJinx has quit IRC (Ping timeout: 240 seconds) [16:39] *** HighJinx has joined #arpnetworks [17:06] *** HighJinx has quit IRC (Ping timeout: 244 seconds) [17:09] *** HighJinx has joined #arpnetworks [17:36] *** HighJinx has quit IRC (Ping timeout: 244 seconds) [17:37] *** HighJinx has joined #arpnetworks [18:06] *** swaj has joined #arpnetworks [18:06] *** swaj has quit IRC (Changing host) [18:06] *** swaj has joined #arpnetworks [18:07] *** swaj has left [18:27] *** HighJinx has quit IRC (Ping timeout: 265 seconds) [18:28] *** HighJinx has joined #arpnetworks [19:08] *** HighJinx has quit IRC (Ping timeout: 240 seconds) [19:10] *** HighJinx has joined #arpnetworks [20:29] *** kennyz has quit IRC (Read error: Operation timed out) [20:29] *** milki has quit IRC (Read error: Operation timed out) [20:29] *** milki has joined #arpnetworks [20:29] *** kennyz has joined #arpnetworks [20:57] *** pjs has quit IRC (Quit: EPIC5-1.1.2[1638] - amnesiac : brb) [21:01] *** pjs has joined #arpnetworks [21:37] *** HighJinx has quit IRC (Ping timeout: 245 seconds) [21:40] *** HighJinx has joined #arpnetworks [21:56] *** dj_goku_ has joined #arpnetworks [21:56] *** dj_goku_ has quit IRC (Changing host) [21:56] *** dj_goku_ has joined #arpnetworks [21:58] *** dj_goku has quit IRC (Ping timeout: 246 seconds) [22:01] *** dj_goku_ has quit IRC (Ping timeout: 248 seconds) [22:01] *** dj_goku has joined #arpnetworks [22:01] *** dj_goku has quit IRC (Changing host) [22:01] *** dj_goku has joined #arpnetworks [22:22] *** HighJinx has quit IRC (Ping timeout: 244 seconds) [22:33] *** HighJinx has joined #arpnetworks