[02:34] * up_the_irons drops a pin [02:50] Hold both shift keys down at once and type "THE QUICK BROWN FOX JUMPS OVER THE LAZY DOG" [03:27] mercutio: why both? [03:48] *** alexstanford2 has quit IRC (Read error: Connection reset by peer) [03:48] *** alexstanford has joined #arpnetworks [03:57] up_the_irons: it's to do with what keys get through ... some keyboards block some keys with both shift keys down. [03:57] at least two keyboards have had the same pattern. [03:57] so it's not random or anything. [03:58] by "some keyboards" i mean most common membrane type keyboards. [04:01] For some reason most keyboards seem to get "BROWN" fine. [06:04] *** CESSMASTER has quit IRC (Ping timeout: 244 seconds) [06:05] *** CESSMASTER has joined #arpnetworks [06:34] mercutio: I think it's called key rollover [06:34] https://en.wikipedia.org/wiki/Rollover_%28key%29 [06:34] the keyboard I have at work is quite proud to boast about N-key rollover [07:13] *** DDevine has joined #arpnetworks [07:13] Greetings. [07:14] I don't mean to jump to conclusions, but I am setting up openvpn and it looks like my traffic is not being forwarded or something. [07:14] Is there anything on this end that might get in the way? [07:16] I'm actually connected through OpenVPN right now - so I have some basic connectivity. [07:50] *** mercutio has quit IRC (Ping timeout: 265 seconds) [08:30] * DDevine is very confused. [08:30] confused? [08:31] Everything in this OpenVPN setup seems fine, except that it does not work. [08:31] firewall? [08:32] Doesn't work even when I turn it off. [08:32] and I have triple checked net.ipv4.ip_forward [08:32] turn it off? [08:33] I can connect, but traffic is not being routed properly. [08:33] The routes are being pushed to the client just fine and my routing table looks good. [08:33] DNS is being pushed to the client. [08:36] OpenVPN logs on client and server look good. [08:41] Can your client ping the server? [08:41] (through the tunnel of course) [08:45] Yep [08:45] I can connect to the server and everything - I just can't connect ot anything else (including the DNS servers) [08:57] (ooooh activity! it's been so quiet... up_the_irons just had to make a sound I guess) [08:58] DDevine: Is your server subsequently nat'ing the traffic? or are you just trying to straight route through it? if so, then your traffic is leaving the server with the private openvpn IP and that's... well.. private, unroutable, data won't be able to return. [08:59] (assuming the ARP router even lets that traffic leave since it's not in your subnet) [09:01] It should be natting. [09:01] tcpdump ;) [09:02] I put in the rule iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o eth0 -j MASQUERADE [09:03] * brycec doesn't know iptables beyond basic firewalling [09:03] * brycec prefers pf [09:08] tcpdump suggests that the ping from the client is going out to the DNS server. [09:08] with what source ip? [09:09] My server's IP. [09:10] but you're not seeing a response from the dns server? [09:10] something's funny :/ but at this point I'm out of my depth [09:14] Yeah the server gets a reply from the DNS but the client never does. [09:23] *** er|c has quit IRC (Quit: respawning) [09:23] *** eryc has joined #arpnetworks [10:16] *** valleyfox has joined #arpnetworks [11:20] *** mercutio has joined #arpnetworks [12:24] gah, i hate these any request dns attacks [13:01] *** dzup has quit IRC (Ping timeout: 260 seconds) [13:14] *** dzup has joined #arpnetworks [14:09] *** lx1 has left "WeeChat 0.3.9.2" [15:01] *** scottschecter has joined #arpnetworks [15:38] *** niner has joined #arpnetworks [16:04] *** niner has quit IRC (Quit: Leaving) [16:39] *** alexstanford2 has joined #arpnetworks [16:40] *** alexstanford has quit IRC (Ping timeout: 248 seconds) [16:59] *** alexstanford2 has quit IRC (Read error: Connection reset by peer) [16:59] *** alexstanford has joined #arpnetworks [17:00] *** dzup has quit IRC (Ping timeout: 265 seconds) [17:01] *** dzup has joined #arpnetworks [17:13] Went to sleep, woke up. OpenVPN doesn't even connect anymore... [17:13] DDevine: you can't connect into the openvpn at all? [17:13] or can't route once you're using it? [17:14] maybe your router is screwing with udp [17:20] *** DDevine has quit IRC (Ping timeout: 265 seconds) [19:37] up_the_irons: does Geotrust allow a single wildcard SSL cert to be used on different server with different IP addresses? [20:01] mnathani: the CA won't care what IP's are hosting the certificate, you can even install the cert on multiple servers and multiple IP's. It only matters when it comes to matching the CN [20:03] Apparently there are CAs that license the cert per IP or per Server preventing you from doing that [20:03] I know it would work [20:03] ... never heard of that... [20:03] Didn't even know it was possible [20:03] Certs could get revoked if found to be using multiple Ips [20:04] heh so they'd have to catch me... :P [20:04] wildcard cert bandits! [20:04] Suprised me when I found out about it too. Though wildcard certs were meant to be used on multiple servers [20:05] most CA's charge premium prices for wildcard certs [20:05] for that reason [20:05] I used to have a wildcard cert from godaddy, didn't have any such restriction, was deployed across a handful of servers [20:05] That they do [20:05] But we had so many subdomains (support., intranet., clients., etc) that needed SSL certs that it was cheaper and easier [20:26] *** alexstanford has quit IRC (Ping timeout: 248 seconds) [20:38] From digicert.com: -> Most SSL certificates are only licensed for one physical server. With DigiCert's unlimited server license, you can use your WildCard certificate on as many servers as you want. You can even generate separate certificates with unique key pairs for each server. It's the ultimate in flexibility. [21:16] *** alexstanford has joined #arpnetworks [21:40] *** valleyfox has quit IRC (Remote host closed the connection) [21:41] *** valleyfox has joined #arpnetworks [21:42] *** valleyfox has quit IRC (Remote host closed the connection) [21:46] *** valleyfox has joined #arpnetworks [21:54] *** valleyfox has quit IRC (Quit: ZNC - http://znc.in) [23:02] * milki signs up for a wildcard cert for *.*