heh funny but scary the thought of php still being around 25 years from now is horrifying At least PHP has been y2038-safe for awhile now hahaha LOL Hmm. Trying to remember how to see the console of a bare metal box is that the IPMI URL? I remember seeing some sort of virtual java thingy before... but not sure how to get to it RandalSchwartz: you need to connect to the management VPN (with your ARP OpenVPN credentials) then you can use IPMI or the HTTP management interface I think the URL (with RFC1918 address) is in the ARP portal ahh... yes, the VPN now I remember Hmm. still not connecting.... complained about not having the latest java yeah. then you have to white list the self signed jnlp then it works. occasionally. (I'm on OS X, however) randal: i used virtualbox i think and old java Yeah, I'm on OSX too i had problems from linux and windows too iirc i hate java. i think it works with java6 but not java7? i sohuld probably try it again Is there trouble? kvr23 having issues? anyone know? Erick-, ahh looks like it my vps is down too yup are you on kvr23? there's something on twitter saying that it's being investigated. (i'm not on kvr) err kvr23 thanks! how do you whitelist the self signed jnlp? Oooh... it worked eventually. I can see the preview image is there a way to connect to that console? like with the VPS using VNC? oh preview always worked the vnc type thing is what i ahd issues with good luck :) ahh... something like Remote Control -> Console Redirection -> Launch Console for which I'm also getting that error message. maybe i shoudl try it too I downloaded the latest java... maybe that'll work i think older is better i couldn't choose which which is why i used virtualbox iirc private key password verification failed now i have to remember my private key oh got it After updating java, I no longer get the same error message. no error message, but it still doesn't seem like it's launching my console I'm going to email support@ it looks like i'm still trying to get vpn up it seems TLS key negotiation failed to occur within 60 seconds (check your network connectivity) UDPv4 link local: [undef] UDPv4 link remote: [AF_INET]208.79.89.251:1194 hmm i wonder if that's the reason the link local thing is just because it was set to nobind i'm still stuck on the vpn hah whats the difference between TUN and TAP when talking about OpenVPN ? tun and tap are both userland interfaces to the TCP/IP stack in the kernel layer 3 and layer 2 tunnels respectively ^ that tap = layer 2, with ethernet frames and all tun = layer 3, simple point-to-point ip, routing tap is good for bridging disperate networks that require the same broadcast domain (also some platforms have quirks, notably windows) And both sides must be configured identically often use of tap is discouraged due to the overhead of the Ethernet frame And the overhead of useless/needless broadcast traffic ^ would my use case determine which one to use, for instance: I need an IP on my local subnet (via VPN) and access to machines whose default gateway is different from my pfSense box a diagram would probably help here > I need an IP on my local subnet (via VPN) if by "local subnet" you mean, an IP in the same broadcast domain you need to use TAP if I get an ip outside the broadcast domain, machines would need to know how to get back to it using a route of some sort? yea you'd need a route on your default gateway (or upstream) that sends traffic across your vpn But typically, pfSense handles all that for you ;) That's what she said!! 9 out of 10 times, you want tun pfSense is not my internet gateway however methinks a diagram may be in order www.asciiflow.com its running in a VM behind a Mikrotik NAT i never did figure out why my openvpn stopped working i tried from windows too, and it broke there too. I blame up_the_irons >.> <.< i imagine it's because i'm running recent openvpn? 2.3.5 i can't think of any other reason. it used to work. tcpdump to the rescue? i did mercutio: Do you have any other active openvpn traffic? Openvpn defaults to binding to :1194 for its source port, and if that conflicted... s/tcp/udp udpdump to the rescue? lol i keep sending packets at arp, and getting nothing in response. Then that sounds like an ARP problem brycec: nothing else, and it gets through the first part. yeah hopefully up_the_irons turns up sometime and i can ask him what he sees. i did try tcp but it seems to be disabled, port just hangs. fwiw, I get no response either your openvpn isn't working you mean? so I'm inclined to think it's a bigger issue I mean I can't get a response from ARP's openvpn with udp? (I don't have creds, but I can't get *any* response) yes And I know openvpn works from this system well RandalSchwartz was having issues with ipmi and my memory was hazy, so i wanted to check out the ipmi again yeah but his vpn was working, because he had ipmi issues not vpn issues. And do you both connect to 208.79.89.251 ? actually that's the other thing you should be able to do RandalSchwartz you should be able to do ipmi serial console. vpn1.cust.arpnetworks.com yeah that ip bryce I don't know what ipmi serial console is I only know about using VNC to see the console you use ipmitool and get a serial console basically i dunno if it's setup or not right... this is all mystery words to me I've never used a serial console on freebsd ipmitool -I lanplus -H -U -P -o intelplus sol activate it's eotmhing like that normally Also, requires there to be something on the serial port :P yeah mercutio: I knew what IP you used, since you announced that earlier. . Question is about what IP RandalSchwartz connects to :p so... if it worked, it would show some sort of login? oh brycec :) yeah RandalSchwartz: if you have a tty running on that serial port, yes SOL Session operational. Use ~? for help it'll say that first but since you didn't know about it in the first place... we'll assume you haven't configured that :p yeah it's godawful i hate ipmi but it tends to work once it's setup, and i'm pretty sure up_the_irons set it up because i seem to remember being happily surprised :) up_the_irons setup the IPMI stuff probably, but since you're responsible for your own install, he wouldn't have configured a tty the user/pass there is the same as the web behind the VPN or is it my root user/pass? should be the same as the web, I'd assume it's the same as the ipmi login on web interface i'm pretty sure I suppose I could follow this: https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/serialconsole-setup.html (since you're still connecting to the IPMI/BMC - it's not your root user/pass until you get a prompt from your box) So long as FreeBSD recognizes the serial device 10.1 added some more IPMI serial device support too Ugh... this looks like if I do something wrong, I'll break it it should work in bios regardless and then it won't boot oh brycec ? and I won't be able to see it not boot mercutio: https://www.freebsd.org/releases/10.1R/relnotes.html The uart(4) driver has been updated to include support for the Intel® Lynx Point KT AMT serial port. [r266436] and neil would be very mad i've got this problem with serial console slowing down normal console i/o this box is still 8.4 though on more than one system it's bloody annoying so 10.x doesn't matter. :) i wish people would make it async on hp i just use textcons which is also lame serial, by definition, is synchronous... yeah but the normal video output goes at serial speed too so like if you have serial enabled you can see the screen drawing grub etc right that's on linux Hmm. I wonder how up_the_irons set up that box.... because he'd probably have to do what I'm doing... look at some console somewehre. i can't remember what bsd is like tl;dr serial drawing is slow. brycec: it's not that serial is slow, it's that if you have serial enabled normal video is slow too It's slower than plain text because there are a bunch of invisible drawing characters taking up space Ah I understand what you meant that's what i meant about it should be async :) but yeah the normal bios should work, and i imagine thef reebsd boot loeader works that ascii tool is confusing and you can probably do some command to do serial you can also reboot with ipmi and access sensors and stuff s/i a/i, a/ you can also reboot with ipmi, and access sensors and stuff brycec: I started making a diagram but ended up way more complicated than I need (rebooting is not a requisite for accessing sensors, hence the comma addtion) brycec: grr :/ Maybe that's just the nature of your problem, mnathani :P I have 2 interfaces on the pfSense box LAN and WAN WAN will accept the VPN connection but I need the WAN to also host the local LAN would I bridge LAN and WAN to achieve this? "but I need the WAN to also host the local LAN" wtf?? Also, you just said you have two interfaces... "but I need the WAN to also host the local LAN" suggests you have one. I'm very confused. vpn router on a stick i'm a bit confused by what mnathani is saying nothing really connected to the LAN side you can use a wan interface with lan as well in general but i imagine pfsense might get in the way pfSense doesn't require a LAN interface, it can work with just a single interface (it's in the setup wizard) you stick extra arp traffic on the wan interface, and arp limits might hurt you YER A WIZARD brycec WAN = 10.10.100.100/16 LAN 172.16.100.1/24 does the wan use dhcp? but the hosts I need to access are 10.10.25.25/16 static WAN so yeah, you just have a gateway on the wan and you just have nat from lan segment to wan segment So long as the pfSense box has a route to 10.10/16 (it does), then a VPN client can access/route to that. or you might not need nat depending on the other end the wan end could have as route to 172.16.100.0/24 will my remote VPN client get a TAP ip from the 10.10.0.0/16 subnet? mnathani: it would get an IP from a private ip pool and its connection to 10.10/16 would be NAT'd (by default) why do you have openvpn on a /16 ? just route through it, don't bridge. the pfsense is not the default gatway for other Windows hosts oh Doesn't matter adding static routes in windows sucks :/ VPN subnet -> pfSense -> WAN IP -> whatever host And those windows hosts would see a connection from the pfSense box's wan IP if it's going to a modem/router, you can add a static route on the modem to the pfsense box. so no extra routes needed ok, cool Internet router is Mikrotik brycec: but the other way around won't work? other way round being... ? tl;dr pfSense is a nat'ing firewall/router. And the VPN traffic is no different than if it were LAN. It has its own subnet, gets nat'd through the pfsense, etc That's how VPN gets configured by default in pfSense (if you need to bridge networks for whatever reason, need routed access to vpn clients etc you're in for a long night :p) asciiflow'd http://sprunge.us/ibDD so yeah. good day for freebsd \o/ (ref http://freebsdfoundation.blogspot.com.au/2014/11/freebsd-foundation-announces-generous.html) wow haven't herad of whatsapp oh it's like the iphone thing? with direct video calling over internet etc to your normal mobile contacts i think err like facetime IIRC Facebook bought them for billions of dollars So I guess that explains the influx of cash to the guy :p Could not locate the CA reference for the server certificate. Failed to export config files! pfSense troubleshooting spiel: Do you have a CA setup? Did you assign the CA to the OpenVPN server definition? "...Facebook announced its acquisition of WhatsApp Inc. on February 19, 2014, for US$19 billion" wtf @exch 19000000000 USD JPY 19000000000 USD -> 2215593800000 JPY (as of Mon, 17 Nov 2014 16:00:43 -0800) he should donate more than a million then :) do any of you use whatsapp? it may be one of those regional things. I do not like hardly anyone here used AIM I feel age/generation plays a bigger role today than regions but people did use ICQ >.> heh. i used to use micq and it kept breaking do you use jabber bryce? I have XMPP accounts on several servers, yes figured :) including jabber.org, somewhere WhatsApp came about long after I was out of school, and all my messaging was either Facebook (friends/family) or office xmpp i have icq, aim, msn, gtalk, skype, jabber now but i basically just use jabber and skype i like it how you can just easily run your own server and it can connect to other servers. I use xmpp and irc ^ primarily heh i don't include irc in that for some reason oh and silc to a lesser extent it'd be nice to see more people shift off skype but the echo cancelling and video works pretty well I got pfsense to send me the cert and config file but now I cant connect mikrotik is forwarding the udp port to the pfsense External Public IP (UDP 11511) <-> Pfsense 1195 UDP http://pastebin.com/A2J72FKV I see a lot of highlights for me... !mnathani @mnathani mnathani: Have you checked whether Windows Firewall is enabled and dropping packets? 1,952 results found. Here's #388 Feb 11, 2014 10:47:31 brycec: do you have a guide you could link to that describes how you setup the ipv6 tunnel using ARP? turned out it was the pfSense firewall up_the_irons: people having trouble connecting to the Metal VPN sorry been behind today guys... kvr23 also took a dump (but power cycle seems to have fixed it) it's nice if brycebot echoed the twitter stuff in here i have no idea how complicated that is though it could be that someone's cert has expired how long do they last? the client end does not show a useful error when that happens 1 year mercutio: Twitter made that against the TOS oh these files are timestamped 2nd november brycec: oh? this year or last? that sucks last so yeah, i think it's just out of date probably and yheah nothing useful was shown, it looked like your end was ignoring brycec: really? so you can't echo stuff from someone's twitter feed? Not After : Nov 2 01:53:58 2014 GMT up_the_irons: it's "complicated" but boils down to it being illegal to ingest and regurgitate to broadcast twitter. (because they want twitter to stay on twitter.com, that sort of thing) so i need a new csr, up_the_irons ? Services like ifttt.com had to pare down their Twitter integration substantially brycec: i hardly ever use twitter... that is annoying :) brycec: ah ok, makes sense i guess... mercutio: yup mercutio: just send me a CSR using same method as last time support@ yip i'll sign and send back I mean, i could still do it... not like I'm going to get caught, but it's a bunch of code I don't feel like writing/updating. yeah brycec: understand. i know to check twitter before irc if there's an immediate issue. i assume up_the_irons doesn't want to get distracted I get tweets sms'd to me brycec: sounds painful :) (from the accounts that matter, like bsdvps) oh you can do that? Yes my supermarket keeps emailing me in the middle of the night. @google twitter sms notification 2,020,000 total results returned for 'twitter sms notification', here's 3 Twitter Help Center | Receiving SMS notifications for Tweets and ... (https://support.twitter.com/articles/20169920-receiving-sms-notifications-for-tweets-and-interactions) If you've already added your mobile phone to your account, you can now enable notifications for whenever someone you follow Tweets or @mentions you ... How to Receive SMS/Text Alerts from Twitter - YouTube (http://www.youtube.com/watch?v=v69hPJZc1qQ) May 22, 2012 ... This short video will describe how to set up your twitter account so that you can receive sms/text msg alerts from certain twitter updates. ... Configuring the Notification Center on the iPhone by MegaFlyingToast 3,766 views · 27: ... Twitter Help Center | Enabling mobile notifications (https://support.twitter.com/articles/20169887-enabling-mobile-notifications) If you'd like to receive Twitter notifications to your device, you can attach a phone number to your account for updates via SMS. i dunno how you're meant to deal with this media thing. like i like to have emails on my phone, i just don't like people to email me at 1 am. i suppose i need more email addresses. with some way to disable sound for unimportant messages at night yeah i switched to multiple accounts. alerts & notifications go to the e-mail account i have set up on my phone, all my regular mail goes to my normal e-mail account (that isn't on my phone) I use gmail filters to forward to a separate acccount, emails from actual people that notify me on my phone My phone is just on silent, plain and simple I would go nuts if I got an alert for all email on my main account *nod* before this i did server-side filtering... emails from certain people went into my inbox, anything that fell through to the end of the filters went into a different folder I still have both accounts on the phone, the main one simply does not notify i could still pull them up on my phone if i wanted to but i didn't get notified about them jlgaddis: i want htings like advertising going to my phone/tablet, just without sound at night. holy crap, i never knew about tweets / sms i don't have html mail for my normal email. that could be useful... heh, when i first started using twitter, it was only web and sms You will now receive mobile notifications for @arpnetworks's tweets ^ And now when shit hits the fan, you'll get an out-of-band notification even if it's not your server Sure. But it's a very quiet feed anyways i think i know how to solve it on tablet actually, just multiple user accounts. Why not just put it on silent? Not to mention disabling notifications for accounts you don't need to be notified of? cos i have alerts that get emailed to me too i'm making a new account now :) it doesn't seem like email has a way to set quiet hours instead of phone in general but yeah i can turn off alerts for my main mail I set IPv4 Local Network/s = 10.10.0.0/16, however a route does not show up in my OpenVPN client Granted alerts don't play much of a role in my work, but all of my urgent alerting is done through Pushover, which is exempt from the phone silence because it uses the "alarm" "channel" (In fact, my phone is on silent 100% of the time. Any notifications I care about get pushed to my watch.) (hooray smartwatches) smartwatch heh do you sleep with it on? No, I do not. That's what she said!! can anyone confirm if Liquidweb Storm VPS offerings utilize VMware? I was under the impression it used Xen afaik, they use xen i'll confirm for you, give me a minute k staticsafe: i managed to hit #59 on connery today for daily score, haha mnathani: actually..kvm i have acct credit w/them, so i spooled up a 1GB instance and got this output w/virt-what: even their cloud offerings? [root@textbox ~]# virt-what kvm this is a storm server thanks for taking the trouble no problem at all I had 2 live chat sessions with them i could have sworn it was xen one said custom VMware Nathani 06:28:24 pm I am curious as to what visualization technology you use for the VPS offerings Steven Siepierski 06:28:39 pm We use all of our own VM Ware Nathani 06:29:08 pm so you do not us XEN? *use sorry for the *spam* whats the default swap like on a 1GB instance? no idea, i already tore it down, haha i'd guess it's going to be 256, 512 or 1024mb one live agent said you set it yourself: you have root access it's possible they don't assign swap, but i didn't check another said, yea it will swap when it runs of out memory before it crashes they also still don't assign ipv6 no worries >> "It will have 1GB of RAM and would use some SWAP if that is exceeded, I'm not sure exactly how much it could handle before the server were to crash. " << mnathani: ? why are you getting some dodgy vps from people with broken english? haha, it's not dodgy liquidweb is one of the biggest hosting companies in the us they typically have good support, but their chat people aren't great oh dreamhost are dodgy and they're huge yeah, they're bad haha i just went to their web site i've had good experiences w/liquidweb via clients who insisted on using them rather disturbing which? and login is over top of contact us dreamhost looks fine on mine way off on the right i use 200% zoom. with 1440p, so it's like 1280x720 when i zoom to 200% it does a responsive thing to look like a mobile site same res here most web sites seem to be designed for about 720p these days in chrome the guy with the 1970's mustache and comb over is what's actually disturbing... yep, used chromium yeah up_the_irons: ^^^ that's exactly what i thought when it loaded hahahah yaeh that's what was disturbing me first. lol hahaha liquid web provides a 60 sec response time for phone support is that good? and you get an admin not some helpdesk triage person interesting. i've hit so many web hosting issues over the years. it seems to be surprisingly complicated. hah the girl under learn more is disturbing too wow liquid web vps pricing starts at $50/month and when it says 1 cpu does it mean 1 cpu core https://www.liquidweb.com/ why do they have pictures of desktop towers? :/ it's what they use or what they used in 97 it's hard to know oh one interesting thing is they throw in a cheap ssd. on their dedicated servers. kingston ssds are known to be pretty bad I ran unix bench on a dedicated I have good? http://pastebin.com/EyPJNCQg not sure first time I ever ran something like that this dedicated has RAID 1 SSD hardware or software? hardware is that v2 cpu? oh and you might like this: 30 minute repair time from when a failure is detected in hardware guarantee reinstall etc is wehat takes time model name : Intel(R) Xeon(R) CPU E31240 @ 3.30GHz grr why does it make it hard to know Intel(R) Xeon(R) CPU E3-1240 V2 @ 3.40GHz ok v2 does show as v2 and v1 doesn't show as v1 so yeah arp has better cpu on dedicated :) bandwidth is about the same unless you do heaps of incoming which isn't normal hmm that's not the current unixbench version i better run the older one too damn, dedicated servers are expensive they use more power jlgaddis /tmp/cc8fwUjo.o:ubgears.c:(.text.unlikely+0x738): more undefined references to `sincos' follow did you have to do something special oh it looks like it needs -lm this server was provisioned like 2 years ago : Processor: Intel Xeon E3-1240 Quad Core Sandy Bridge | RAM: 8GB DDR3 SDRAM | SSD: 2 X 256GB SSD in RAID 1 | HD2: 500GB SATA Backup Drive oh yip I installed a bunch of perl and dev tools on centos 6 it's cool they were doing ssd's two years ago. yeah i saw your kernel was old how long does this take to run mnathani: what's that cost, out of curiosity? cost was interesting we paid a setup up front to reduce the monthly i've got a pair of 1u servers in our datacenter that are waaaaay underutilized. i really should be doing more with them. if i wasn't so lazy i'd move my last few little websites off of this vps and save myself $20/month, heh $350 setup fee, $274 recurring monthly damn recently we renegotiated it down to $220 monthly Its a managed, cPanel server i've got a pair of sun fire x4100 m2's. one is 2 x Dual-Core AMD Opteron(tm) Processor 2218 HE CPUs (2.6 GHz), 16 GB RAM, 2 x 146 GB 15K SAS, 4 x GbE. the other is pretty much the same but w/ 20 GB RAM and 4 x 146 GB. and they pretty much do nothing really... one is my web server and the other my mail server. opteron 218 HE is old right? err 2218 i've got another one in my garage but no hdd's in it (i took the 2 out of it and put it in the other box) yeah they're like 5 or 6 yrs old probably are you paying for power? no they're in our dc so it doesn't matter i suppose yeah it doesn't cost me anything i have i3 something they double as my test machines for work i3-2100. and tbh as a dedicated server it seems pretty fast. but i pretty much just use vm's anymore oh it's faster than those amds hah yeah i've only got four cores in each. and they're only 2.6ghz i think i was just looking at passmark i3-2100 is over twice as fast as single dual core but passmark isn't necessarily the best test. i'm running unixbench on 3 hosts atm :) ahhh, here we go. 2 cores per cpu, 2600mhz, 128kb l1, 1024kb l2, 68w i'm up to pipe throughput this seems to take ages. oh I did run it on a $10 VPS here at ARP for fun : http://pastebin.com/mAfeEVYD does it take like half an hour to run or osmething? 383 seems a bit low i've run this before, and i think it's normally over 1000? oh was this bsd? a good 15 minutes, if I remember correctly nope linux that was Centos 5 process creation looks slow, i think that's normally faster. i'll run it as soon as poudriere is done why is there no file benchmark? vps was on : kvr15 that's what i'm on :) I ran it with flags that disabled file benchmark to be nice to other users? I am rerunning it on the liquidweb box with no flags I wanted a quicker result was that before or after the kvm update? ahh yeah i am wanting it quicker atm too :) This is where I came across it in the first place: http://www.webhostingtalk.com/showthread.php?t=924581 cpu load went pretty high the last time I ran it: like 30 and 50 [00:02:49] ====>> [03][00:00:00] Starting build of benchmarks/unixbench [00:02:51] ====>> [03][00:00:02] Finished build of benchmarks/unixbench: Failed: fetch grrr you want 5.1.2 so we can compare wget https://byte-unixbench.googlecode.com/files/unixbench-5.1.2.tar.gz i had to add -lm to Makefile to compile it fetch: ftp://ftp3.us.freebsd.org/pub/FreeBSD/ports/distfiles/unixbench-4.1.0.tgz: File unavailable (e.g., file not found, no access) you don't want 4.1 anyway gee, no wonder why... only thing in that directory is a readme.txt i've run it on opensolaris and openbsd before it's pretty portable.