mercutio: Hold both shift keys down at once and type "THE QUICK BROWN FOX JUMPS OVER THE LAZY DOG" up_the_irons: mercutio: why both? ***: alexstanford2 has quit IRC (Read error: Connection reset by peer)
alexstanford has joined #arpnetworks mercutio: up_the_irons: it's to do with what keys get through ... some keyboards block some keys with both shift keys down.
at least two keyboards have had the same pattern.
so it's not random or anything.
by "some keyboards" i mean most common membrane type keyboards.
For some reason most keyboards seem to get "BROWN" fine. ***: CESSMASTER has quit IRC (Ping timeout: 244 seconds)
CESSMASTER has joined #arpnetworks kraigu: mercutio: I think it's called key rollover
https://en.wikipedia.org/wiki/Rollover_%28key%29
the keyboard I have at work is quite proud to boast about N-key rollover ***: DDevine has joined #arpnetworks DDevine: Greetings.
I don't mean to jump to conclusions, but I am setting up openvpn and it looks like my traffic is not being forwarded or something.
Is there anything on this end that might get in the way?
I'm actually connected through OpenVPN right now - so I have some basic connectivity. ***: mercutio has quit IRC (Ping timeout: 265 seconds) -: DDevine is very confused. RandalSchwartz: confused? DDevine: Everything in this OpenVPN setup seems fine, except that it does not work. RandalSchwartz: firewall? DDevine: Doesn't work even when I turn it off.
and I have triple checked net.ipv4.ip_forward RandalSchwartz: turn it off? DDevine: I can connect, but traffic is not being routed properly.
The routes are being pushed to the client just fine and my routing table looks good.
DNS is being pushed to the client.
OpenVPN logs on client and server look good. easymac: Can your client ping the server?
(through the tunnel of course) DDevine: Yep
I can connect to the server and everything - I just can't connect ot anything else (including the DNS servers) brycec: (ooooh activity! it's been so quiet... up_the_irons just had to make a sound I guess)
DDevine: Is your server subsequently nat'ing the traffic? or are you just trying to straight route through it? if so, then your traffic is leaving the server with the private openvpn IP and that's... well.. private, unroutable, data won't be able to return.
(assuming the ARP router even lets that traffic leave since it's not in your subnet) DDevine: It should be natting. brycec: tcpdump ;) DDevine: I put in the rule iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o eth0 -j MASQUERADE -: brycec doesn't know iptables beyond basic firewalling
brycec prefers pf DDevine: tcpdump suggests that the ping from the client is going out to the DNS server. brycec: with what source ip? DDevine: My server's IP. brycec: but you're not seeing a response from the dns server?
something's funny :/ but at this point I'm out of my depth DDevine: Yeah the server gets a reply from the DNS but the client never does. ***: er|c has quit IRC (Quit: respawning)
eryc has joined #arpnetworks
valleyfox has joined #arpnetworks
mercutio has joined #arpnetworks mercutio: gah, i hate these any request dns attacks ***: dzup has quit IRC (Ping timeout: 260 seconds)
dzup has joined #arpnetworks
lx1 has left "WeeChat 0.3.9.2"
scottschecter has joined #arpnetworks
niner has joined #arpnetworks
niner has quit IRC (Quit: Leaving)
alexstanford2 has joined #arpnetworks
alexstanford has quit IRC (Ping timeout: 248 seconds)
alexstanford2 has quit IRC (Read error: Connection reset by peer)
alexstanford has joined #arpnetworks
dzup has quit IRC (Ping timeout: 265 seconds)
dzup has joined #arpnetworks DDevine: Went to sleep, woke up. OpenVPN doesn't even connect anymore... mercutio: DDevine: you can't connect into the openvpn at all?
or can't route once you're using it?
maybe your router is screwing with udp ***: DDevine has quit IRC (Ping timeout: 265 seconds) mnathani: up_the_irons: does Geotrust allow a single wildcard SSL cert to be used on different server with different IP addresses? brycec: mnathani: the CA won't care what IP's are hosting the certificate, you can even install the cert on multiple servers and multiple IP's. It only matters when it comes to matching the CN mnathani: Apparently there are CAs that license the cert per IP or per Server preventing you from doing that
I know it would work brycec: ... never heard of that...
Didn't even know it was possible mnathani: Certs could get revoked if found to be using multiple Ips brycec: heh so they'd have to catch me... :P mikeputnam: wildcard cert bandits! mnathani: Suprised me when I found out about it too. Though wildcard certs were meant to be used on multiple servers mikeputnam: most CA's charge premium prices for wildcard certs
for that reason brycec: I used to have a wildcard cert from godaddy, didn't have any such restriction, was deployed across a handful of servers
That they do
But we had so many subdomains (support., intranet., clients., etc) that needed SSL certs that it was cheaper and easier ***: alexstanford has quit IRC (Ping timeout: 248 seconds) mnathani: From digicert.com: -> Most SSL certificates are only licensed for one physical server. With DigiCert's unlimited server license, you can use your WildCard certificate on as many servers as you want. You can even generate separate certificates with unique key pairs for each server. It's the ultimate in flexibility. ***: alexstanford has joined #arpnetworks
valleyfox has quit IRC (Remote host closed the connection)
valleyfox has joined #arpnetworks
valleyfox has quit IRC (Remote host closed the connection)
valleyfox has joined #arpnetworks
valleyfox has quit IRC (Quit: ZNC - http://znc.in) -: milki signs up for a wildcard cert for *.*