↑back Search ←Prev date Next date→ Show only urls | (Click on time to select a line by its url) |
Who | What | When |
---|---|---|
*** | RandalSchwartz has quit IRC (Quit: joining via adium because upgrading server)
RandalSchwartz has joined #arpnetworks | [09:57] |
RandalSchwartz | RandalSchwartz waves at the channel
looks like I can still get to my console… that's a good thing | [09:58] |
pkg upgrade done, rebooting | [10:07] | |
jbum | i could use some help if anyone's up | [10:09] |
RandalSchwartz | what kind of help? | [10:09] |
jbum | i did a release-upgrade yesterday. it installed a bunch of stuff and the rebooted. after the reboot it took a loooong time to come back, and i thought it was dead, so i did a reboot via the console. now it's on the rescue mode installer main menu | [10:10] |
RandalSchwartz | is that linux? | [10:10] |
jbum | ubuntu | [10:10] |
RandalSchwartz | yeah, sorry, I don't run linux anywhre | [10:10] |
jbum | np thanks! | [10:10] |
mkb | jbum: which sort of Linux | [10:13] |
jbum | Ubuntu 14.04 | [10:14] |
mkb | I don't know anything about Ubuntu but if they're using grub2 there's all sorts of contortions the OS must do to get a new kernel to boot
see what the kernel list looks like at boot if it is really busted your files are probably still there at least... | [10:15] |
RandalSchwartz | alright! distro updated to FreeBSD 9.3-RELEASE-p24
only a few weeks after the CVE came out :) heading back to reboot my tmux + emacs + irc client | [10:19] |
*** | RandalSchwartz has quit IRC (Quit: Leaving.)
RandalSchwartz has joined #arpnetworks | [10:21] |
RandalSchwartz | there we are. | [10:22] |
mkb | does emacs + irc client mean erc? | [10:23] |
RandalSchwartz | no
irc.el older, but I know it better because I contributed to it | [10:25] |
mkb | heh | [10:25] |
RandalSchwartz | missing some modern features though | [10:25] |
................. (idle for 1h20mn) | ||
brycec | There's really not much "modern" to IRC though | [11:45] |
........ (idle for 37mn) | ||
RandalSchwartz | what's the simplest way of giving my laptop ipv6 using my arp v6 connectivity? | [12:22] |
brycec | considering your laptop is mobile, probably OpenVPN | [12:23] |
RandalSchwartz | ahh, that's right openvpn does v6 nw | [12:23] |
brycec | since a gif tunnel would have you updating both sides whenever you changed external IP's. Plus gif would require external IP's on both sides.
That it does. I've used it extensively in fact - whenever I VPN to my home, I get an IPv6 address :D From the OpenVPN side, it's as simple as adding the right server-ipv6 line to the server (might be a route push too, can't recall its syntax though) | [12:24] |
RandalSchwartz | what would Iuse for my v6 server address
the /64 that's already routed to my box? inet6 2607:f2f8:3080:: prefixlen 64 or should it be a part of the /48 that's not the /64? | [12:30] |
or wait... the whole /48 is routed to me, so I could use 2607:f2f8:3080:beef::/64, right? | [12:36] | |
brycec | Correct it will need to be a whole /64, slicked from a larger subnet
*sliced | [12:43] |
RandalSchwartz | so like my second example? | [12:44] |
brycec | Right
Incidentally, :beef: is the same subnet I use for my OpenVPN :D push "route-ipv6 2000::/3" | [12:44] |
BryceBot | That's what she said!! | [12:45] |
brycec | BryceBot: no | [12:45] |
BryceBot | Oh, okay... I'm sorry. 'push "route-ipv6 2000::/3"' | [12:45] |
brycec | ^ That's the server line to default all ipv6 traffic over the openvpn connection | [12:45] |
RandalSchwartz | Hmm. missing a route
oh - not just server-ipv6? need both lines? still don't have default v6 route yeah... it didn't add the route | [12:46] |
brycec | Yes you need both lines
With those two lines, it "Just Works" for me. You might have client-side issues, maybe? OpenVPN's -v is your friend | [12:53] |
RandalSchwartz | where does 2000::/3 come rom
is that "all public routable"? | [12:53] |
brycec | Yep
Aggregatable Global Unicast Addresses | [12:54] |
RandalSchwartz | still not seeing that route | [12:54] |
brycec | If you had ::0/0 that covers link-local traffic and the like. Some OS will still behave properly, others will not.
https://community.openvpn.net/openvpn/wiki/IPv6 guess you might need tun-ipv6 too (which I have too, just forgot about) | [12:54] |
RandalSchwartz | that's implied by server-ipv6
as a push or a local? I'm getting the right /64 addrs | [12:55] |
brycec | just local in my config | [12:56] |
RandalSchwartz | do you have any of those rtadv things running? | [12:58] |
brycec | For reference, this is my full openvpn server config http://sprunge.us/ZgER (It's not exactly "bare-bones" so there's lots that doesn't apply to getting ipv6 working.)
I do, but they don't get routed over th vpn brycec goes afk | [12:59] |
RandalSchwartz | I figure at some point, I should be seeing a route to 2000::/3
but not happening | [12:59] |
brycec | RandalSchwartz: you should see in your openvpn client's verbose output (at least --verb 4) the parsing of information from the server, including pushed routes and addresses
brycec goes afk for real now | [13:00] |
RandalSchwartz | Oh! typo
push "route-ipv6 2000://3" No buena Ok... with the typo fixed, I can ping my server, but nothing beyond do I need to add a default route on the server? | [13:01] |
mnathani_ | linux has ipv6 routing / forwarding setting
not sure about freebsd | [13:04] |
RandalSchwartz | well - that's weird
yeah - I have a default outbound route that says "here arp, go find 'em" via the link local maybe I need to advertise the new /64 somewhere? but I thought it automatically goes to me because of the /48 | [13:04] |
brycec | Yeah for inbound. Do you have your server setup for forwarding? Any firewalling blocking it? If you tcpdump on your external interface, do you see the ip6 traffic, indicating that everything I mentioned is working right and it's something else? | [13:13] |
mnathani_ | > /etc/rc.conf >> ipv6_router_enable="YES" | [13:14] |
brycec | net.inet6.ip6.forwarding: 1, net.inet6.ip6.redirect: 1, etc | [13:15] |
RandalSchwartz | ipv6_gateway_enable=YES | [13:15] |
brycec | (I can't really help with configuring the server's OS as that get into specifics that I just don't know, sorry.) | [13:16] |
RandalSchwartz | no parameter called router_enable
so maybe arp isn't routing the whole /48 to me | [13:16] |
brycec | (Remember mnathani_, RandalSchwartz is running 9.x)
RandalSchwartz: mtr shows that it is | [13:16] |
RandalSchwartz | that would make sense
hmm well... something isn't letting it bend the corner | [13:17] |
brycec | But seriously, check with tcpdump, see whether any ip6 traffic is being routed out or not.
Double check that the tun interface for your server has the IP's assigned too. It should, openvpn usually does that automatically. But it's worth checking. | [13:17] |
mnathani_ | is your default gateway somthing like fe80::1 ? | [13:18] |
RandalSchwartz | yeah - they all looked good on both sides
yes | [13:18] |
brycec | (Yeah of course it looked good on both sides - you said you could ping the server at least) | [13:18] |
mnathani_ | on the ARP server end | [13:18] |
RandalSchwartz | yes - that would be one of the two sides. :) | [13:18] |
brycec | If the arp end weren't configured right, then he'd have 0 traffic whatsoever
(0 ipv6 traffic, that is) | [13:18] |
RandalSchwartz | anyway - this isn't an urgent need... I'm just working out how to upgrade my 8.x syntax to 9.x | [13:19] |
mnathani_ | I was sondering if this was still only the /64 rather than the entire /48 | [13:19] |
RandalSchwartz | and figured I'd also see if I could get the VPN to work | [13:20] |
mnathani_ | s/sond/wond | [13:20] |
BryceBot | <mnathani_> I was wondering if this was still only the /64 rather than the entire /48 | [13:20] |
RandalSchwartz | I've got other things to do today... but thank you for the help already.
you *did* prove that something in the /48 but not the /64 is routed right? | [13:20] |
brycec | Right | [13:21] |
RandalSchwartz | ok - so the real question is whether I'm routing outbound then | [13:21] |
brycec | Bingo. Hence why I keep telling you to tcpdump :P | [13:21] |
RandalSchwartz | yeah - I'll do that next time I get curious about this. :)
that'd be dumping the fe80 | [13:22] |
brycec | I'd say "tcpdump -i em0 -nn network 2607:f2f8:3080:beef::/64" or so
Either you see the traffic leaving your box and you figure out why it's not routing correctly, check the addresses etc. Or it's not leaving your box and you have an internal configuration issue to sort out. | [13:22] |
............ (idle for 56mn) | ||
*** | DaCa has quit IRC (Quit: WeeChat 1.0)
toeshred has quit IRC (Ping timeout: 272 seconds) DaCa has joined #arpnetworks | [14:19] |
........ (idle for 39mn) | ||
toeshred has joined #arpnetworks | [14:58] | |
................................................................................ (idle for 6h38mn) | ||
mnathani_ has quit IRC (Read error: Connection reset by peer) | [21:36] | |
..... (idle for 22mn) | ||
mnathani_ has joined #arpnetworks | [21:58] | |
.... (idle for 18mn) | ||
mnathani_ has quit IRC (Read error: Connection reset by peer) | [22:16] | |
.... (idle for 19mn) | ||
mnathani_ has joined #arpnetworks | [22:35] | |
...... (idle for 29mn) | ||
jbum has quit IRC (Read error: Connection reset by peer)
jbum has joined #arpnetworks | [23:04] |
↑back Search ←Prev date Next date→ Show only urls | (Click on time to select a line by its url) |