#arpnetworks 2015-09-26,Sat

↑back Search ←Prev date Next date→ Show only urls(Click on time to select a line by its url)

WhoWhatWhen
***RandalSchwartz has quit IRC (Quit: joining via adium because upgrading server)
RandalSchwartz has joined #arpnetworks
[09:57]
RandalSchwartzRandalSchwartz waves at the channel
looks like I can still get to my console… that's a good thing
[09:58]
pkg upgrade done, rebooting [10:07]
jbumi could use some help if anyone's up [10:09]
RandalSchwartzwhat kind of help? [10:09]
jbumi did a release-upgrade yesterday. it installed a bunch of stuff and the rebooted. after the reboot it took a loooong time to come back, and i thought it was dead, so i did a reboot via the console. now it's on the rescue mode installer main menu [10:10]
RandalSchwartzis that linux? [10:10]
jbumubuntu [10:10]
RandalSchwartzyeah, sorry, I don't run linux anywhre [10:10]
jbumnp thanks! [10:10]
mkbjbum: which sort of Linux [10:13]
jbumUbuntu 14.04 [10:14]
mkbI don't know anything about Ubuntu but if they're using grub2 there's all sorts of contortions the OS must do to get a new kernel to boot
see what the kernel list looks like at boot
if it is really busted your files are probably still there at least...
[10:15]
RandalSchwartzalright! distro updated to FreeBSD 9.3-RELEASE-p24
only a few weeks after the CVE came out :)
heading back to reboot my tmux + emacs + irc client
[10:19]
***RandalSchwartz has quit IRC (Quit: Leaving.)
RandalSchwartz has joined #arpnetworks
[10:21]
RandalSchwartzthere we are. [10:22]
mkbdoes emacs + irc client mean erc? [10:23]
RandalSchwartzno
irc.el
older, but I know it better because I contributed to it
[10:25]
mkbheh [10:25]
RandalSchwartzmissing some modern features though [10:25]
................. (idle for 1h20mn)
brycecThere's really not much "modern" to IRC though [11:45]
........ (idle for 37mn)
RandalSchwartzwhat's the simplest way of giving my laptop ipv6 using my arp v6 connectivity? [12:22]
brycecconsidering your laptop is mobile, probably OpenVPN [12:23]
RandalSchwartzahh, that's right openvpn does v6 nw [12:23]
brycecsince a gif tunnel would have you updating both sides whenever you changed external IP's. Plus gif would require external IP's on both sides.
That it does. I've used it extensively in fact - whenever I VPN to my home, I get an IPv6 address :D
From the OpenVPN side, it's as simple as adding the right server-ipv6 line to the server
(might be a route push too, can't recall its syntax though)
[12:24]
RandalSchwartzwhat would Iuse for my v6 server address
the /64 that's already routed to my box?
inet6 2607:f2f8:3080:: prefixlen 64
or should it be a part of the /48 that's not the /64?
[12:30]
or wait... the whole /48 is routed to me, so I could use 2607:f2f8:3080:beef::/64, right? [12:36]
brycecCorrect it will need to be a whole /64, slicked from a larger subnet
*sliced
[12:43]
RandalSchwartzso like my second example? [12:44]
brycecRight
Incidentally, :beef: is the same subnet I use for my OpenVPN :D
push "route-ipv6 2000::/3"
[12:44]
BryceBotThat's what she said!! [12:45]
brycecBryceBot: no [12:45]
BryceBotOh, okay... I'm sorry. 'push "route-ipv6 2000::/3"' [12:45]
brycec^ That's the server line to default all ipv6 traffic over the openvpn connection [12:45]
RandalSchwartzHmm. missing a route
oh - not just server-ipv6?
need both lines?
still don't have default v6 route
yeah... it didn't add the route
[12:46]
brycecYes you need both lines
With those two lines, it "Just Works" for me. You might have client-side issues, maybe? OpenVPN's -v is your friend
[12:53]
RandalSchwartzwhere does 2000::/3 come rom
is that "all public routable"?
[12:53]
brycecYep
Aggregatable Global Unicast Addresses
[12:54]
RandalSchwartzstill not seeing that route [12:54]
brycecIf you had ::0/0 that covers link-local traffic and the like. Some OS will still behave properly, others will not.
https://community.openvpn.net/openvpn/wiki/IPv6
guess you might need tun-ipv6 too
(which I have too, just forgot about)
[12:54]
RandalSchwartzthat's implied by server-ipv6
as a push or a local?
I'm getting the right /64 addrs
[12:55]
brycecjust local in my config [12:56]
RandalSchwartzdo you have any of those rtadv things running? [12:58]
brycecFor reference, this is my full openvpn server config http://sprunge.us/ZgER (It's not exactly "bare-bones" so there's lots that doesn't apply to getting ipv6 working.)
I do, but they don't get routed over th vpn
brycec goes afk
[12:59]
RandalSchwartzI figure at some point, I should be seeing a route to 2000::/3
but not happening
[12:59]
brycecRandalSchwartz: you should see in your openvpn client's verbose output (at least --verb 4) the parsing of information from the server, including pushed routes and addresses
brycec goes afk for real now
[13:00]
RandalSchwartzOh! typo
push "route-ipv6 2000://3"
No buena
Ok... with the typo fixed, I can ping my server, but nothing beyond
do I need to add a default route on the server?
[13:01]
mnathani_linux has ipv6 routing / forwarding setting
not sure about freebsd
[13:04]
RandalSchwartzwell - that's weird
yeah - I have a default outbound route that says "here arp, go find 'em"
via the link local
maybe I need to advertise the new /64 somewhere?
but I thought it automatically goes to me because of the /48
[13:04]
brycecYeah for inbound. Do you have your server setup for forwarding? Any firewalling blocking it? If you tcpdump on your external interface, do you see the ip6 traffic, indicating that everything I mentioned is working right and it's something else? [13:13]
mnathani_> /etc/rc.conf >> ipv6_router_enable="YES" [13:14]
brycecnet.inet6.ip6.forwarding: 1, net.inet6.ip6.redirect: 1, etc [13:15]
RandalSchwartzipv6_gateway_enable=YES [13:15]
brycec(I can't really help with configuring the server's OS as that get into specifics that I just don't know, sorry.) [13:16]
RandalSchwartzno parameter called router_enable
so maybe arp isn't routing the whole /48 to me
[13:16]
brycec(Remember mnathani_, RandalSchwartz is running 9.x)
RandalSchwartz: mtr shows that it is
[13:16]
RandalSchwartzthat would make sense
hmm
well... something isn't letting it bend the corner
[13:17]
brycecBut seriously, check with tcpdump, see whether any ip6 traffic is being routed out or not.
Double check that the tun interface for your server has the IP's assigned too. It should, openvpn usually does that automatically. But it's worth checking.
[13:17]
mnathani_is your default gateway somthing like fe80::1 ? [13:18]
RandalSchwartzyeah - they all looked good on both sides
yes
[13:18]
brycec(Yeah of course it looked good on both sides - you said you could ping the server at least) [13:18]
mnathani_on the ARP server end [13:18]
RandalSchwartzyes - that would be one of the two sides. :) [13:18]
brycecIf the arp end weren't configured right, then he'd have 0 traffic whatsoever
(0 ipv6 traffic, that is)
[13:18]
RandalSchwartzanyway - this isn't an urgent need... I'm just working out how to upgrade my 8.x syntax to 9.x [13:19]
mnathani_I was sondering if this was still only the /64 rather than the entire /48 [13:19]
RandalSchwartzand figured I'd also see if I could get the VPN to work [13:20]
mnathani_s/sond/wond [13:20]
BryceBot<mnathani_> I was wondering if this was still only the /64 rather than the entire /48 [13:20]
RandalSchwartzI've got other things to do today... but thank you for the help already.
you *did* prove that something in the /48 but not the /64 is routed right?
[13:20]
brycecRight [13:21]
RandalSchwartzok - so the real question is whether I'm routing outbound then [13:21]
brycecBingo. Hence why I keep telling you to tcpdump :P [13:21]
RandalSchwartzyeah - I'll do that next time I get curious about this. :)
that'd be dumping the fe80
[13:22]
brycecI'd say "tcpdump -i em0 -nn network 2607:f2f8:3080:beef::/64" or so
Either you see the traffic leaving your box and you figure out why it's not routing correctly, check the addresses etc. Or it's not leaving your box and you have an internal configuration issue to sort out.
[13:22]
............ (idle for 56mn)
***DaCa has quit IRC (Quit: WeeChat 1.0)
toeshred has quit IRC (Ping timeout: 272 seconds)
DaCa has joined #arpnetworks
[14:19]
........ (idle for 39mn)
toeshred has joined #arpnetworks [14:58]
................................................................................ (idle for 6h38mn)
mnathani_ has quit IRC (Read error: Connection reset by peer) [21:36]
..... (idle for 22mn)
mnathani_ has joined #arpnetworks [21:58]
.... (idle for 18mn)
mnathani_ has quit IRC (Read error: Connection reset by peer) [22:16]
.... (idle for 19mn)
mnathani_ has joined #arpnetworks [22:35]
...... (idle for 29mn)
jbum has quit IRC (Read error: Connection reset by peer)
jbum has joined #arpnetworks
[23:04]

↑back Search ←Prev date Next date→ Show only urls(Click on time to select a line by its url)