#arpnetworks 2012-12-27,Thu

↑back Search ←Prev date Next date→ Show only urls(Click on time to select a line by its url)

WhoWhatWhen
up_the_ironsup_the_irons drops a pin [02:34]
.... (idle for 16mn)
mercutioHold both shift keys down at once and type "THE QUICK BROWN FOX JUMPS OVER THE LAZY DOG" [02:50]
........ (idle for 37mn)
up_the_ironsmercutio: why both? [03:27]
..... (idle for 21mn)
***alexstanford2 has quit IRC (Read error: Connection reset by peer)
alexstanford has joined #arpnetworks
[03:48]
mercutioup_the_irons: it's to do with what keys get through ... some keyboards block some keys with both shift keys down.
at least two keyboards have had the same pattern.
so it's not random or anything.
by "some keyboards" i mean most common membrane type keyboards.
For some reason most keyboards seem to get "BROWN" fine.
[03:57]
......................... (idle for 2h3mn)
***CESSMASTER has quit IRC (Ping timeout: 244 seconds)
CESSMASTER has joined #arpnetworks
[06:04]
...... (idle for 29mn)
kraigumercutio: I think it's called key rollover
https://en.wikipedia.org/wiki/Rollover_%28key%29
the keyboard I have at work is quite proud to boast about N-key rollover
[06:34]
........ (idle for 39mn)
***DDevine has joined #arpnetworks [07:13]
DDevineGreetings.
I don't mean to jump to conclusions, but I am setting up openvpn and it looks like my traffic is not being forwarded or something.
Is there anything on this end that might get in the way?
I'm actually connected through OpenVPN right now - so I have some basic connectivity.
[07:13]
....... (idle for 34mn)
***mercutio has quit IRC (Ping timeout: 265 seconds) [07:50]
......... (idle for 40mn)
DDevineDDevine is very confused. [08:30]
RandalSchwartzconfused? [08:30]
DDevineEverything in this OpenVPN setup seems fine, except that it does not work. [08:31]
RandalSchwartzfirewall? [08:31]
DDevineDoesn't work even when I turn it off.
and I have triple checked net.ipv4.ip_forward
[08:32]
RandalSchwartzturn it off? [08:32]
DDevineI can connect, but traffic is not being routed properly.
The routes are being pushed to the client just fine and my routing table looks good.
DNS is being pushed to the client.
OpenVPN logs on client and server look good.
[08:33]
easymacCan your client ping the server?
(through the tunnel of course)
[08:41]
DDevineYep
I can connect to the server and everything - I just can't connect ot anything else (including the DNS servers)
[08:45]
brycec(ooooh activity! it's been so quiet... up_the_irons just had to make a sound I guess)
DDevine: Is your server subsequently nat'ing the traffic? or are you just trying to straight route through it? if so, then your traffic is leaving the server with the private openvpn IP and that's... well.. private, unroutable, data won't be able to return.
(assuming the ARP router even lets that traffic leave since it's not in your subnet)
[08:57]
DDevineIt should be natting. [09:01]
brycectcpdump ;) [09:01]
DDevineI put in the rule iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o eth0 -j MASQUERADE [09:02]
brycecbrycec doesn't know iptables beyond basic firewalling
brycec prefers pf
[09:03]
DDevinetcpdump suggests that the ping from the client is going out to the DNS server. [09:08]
brycecwith what source ip? [09:08]
DDevineMy server's IP. [09:09]
brycecbut you're not seeing a response from the dns server?
something's funny :/ but at this point I'm out of my depth
[09:10]
DDevineYeah the server gets a reply from the DNS but the client never does. [09:14]
***er|c has quit IRC (Quit: respawning)
eryc has joined #arpnetworks
[09:23]
........... (idle for 53mn)
valleyfox has joined #arpnetworks [10:16]
............. (idle for 1h4mn)
mercutio has joined #arpnetworks [11:20]
............. (idle for 1h4mn)
mercutiogah, i hate these any request dns attacks [12:24]
........ (idle for 37mn)
***dzup has quit IRC (Ping timeout: 260 seconds) [13:01]
dzup has joined #arpnetworks [13:14]
............ (idle for 55mn)
lx1 has left "WeeChat 0.3.9.2" [14:09]
........... (idle for 52mn)
scottschecter has joined #arpnetworks [15:01]
........ (idle for 37mn)
niner has joined #arpnetworks [15:38]
...... (idle for 26mn)
niner has quit IRC (Quit: Leaving) [16:04]
........ (idle for 35mn)
alexstanford2 has joined #arpnetworks
alexstanford has quit IRC (Ping timeout: 248 seconds)
[16:39]
.... (idle for 19mn)
alexstanford2 has quit IRC (Read error: Connection reset by peer)
alexstanford has joined #arpnetworks
dzup has quit IRC (Ping timeout: 265 seconds)
dzup has joined #arpnetworks
[16:59]
DDevineWent to sleep, woke up. OpenVPN doesn't even connect anymore... [17:13]
mercutioDDevine: you can't connect into the openvpn at all?
or can't route once you're using it?
maybe your router is screwing with udp
[17:13]
***DDevine has quit IRC (Ping timeout: 265 seconds) [17:20]
............................ (idle for 2h17mn)
mnathaniup_the_irons: does Geotrust allow a single wildcard SSL cert to be used on different server with different IP addresses? [19:37]
..... (idle for 24mn)
brycecmnathani: the CA won't care what IP's are hosting the certificate, you can even install the cert on multiple servers and multiple IP's. It only matters when it comes to matching the CN [20:01]
mnathaniApparently there are CAs that license the cert per IP or per Server preventing you from doing that
I know it would work
[20:03]
brycec... never heard of that...
Didn't even know it was possible
[20:03]
mnathaniCerts could get revoked if found to be using multiple Ips [20:03]
brycecheh so they'd have to catch me... :P [20:04]
mikeputnamwildcard cert bandits! [20:04]
mnathaniSuprised me when I found out about it too. Though wildcard certs were meant to be used on multiple servers [20:04]
mikeputnammost CA's charge premium prices for wildcard certs
for that reason
[20:05]
brycecI used to have a wildcard cert from godaddy, didn't have any such restriction, was deployed across a handful of servers
That they do
But we had so many subdomains (support., intranet., clients., etc) that needed SSL certs that it was cheaper and easier
[20:05]
..... (idle for 21mn)
***alexstanford has quit IRC (Ping timeout: 248 seconds) [20:26]
mnathaniFrom digicert.com: -> Most SSL certificates are only licensed for one physical server. With DigiCert's unlimited server license, you can use your WildCard certificate on as many servers as you want. You can even generate separate certificates with unique key pairs for each server. It's the ultimate in flexibility. [20:38]
........ (idle for 38mn)
***alexstanford has joined #arpnetworks [21:16]
..... (idle for 24mn)
valleyfox has quit IRC (Remote host closed the connection)
valleyfox has joined #arpnetworks
valleyfox has quit IRC (Remote host closed the connection)
valleyfox has joined #arpnetworks
[21:40]
valleyfox has quit IRC (Quit: ZNC - http://znc.in) [21:54]
.............. (idle for 1h8mn)
milkimilki signs up for a wildcard cert for *.* [23:02]

↑back Search ←Prev date Next date→ Show only urls(Click on time to select a line by its url)