#networking

Haha ok

Tell them electricity problems

Easy workaround

Powerline is down

Network related issues always working

Yeah, bit even if it's a technical problem it lowers my score so I have a lesser chance to get a bonus :D

😂

Alright, shutting down

And it didn't work :(

I'm gonna make a sanity check and see if it's turned on in BIOS

Indeed it is

@upbeat flint at least you get a bonus

But why oh why doesn't it work

ideally you would want to check if the packet actually reached the compuer

but that would require a network tap or a switch with port mirroring and then use wireshark to anaylze traffic

that. I've been always helping my relatives and friends a lot with computer stuff. But whenever someone asks me to help them I always say the same thing: I can help you as long as it's not network or printer related

but that would require a network tap or a switch with port mirroring and then use wireshark to anaylze traffic
@peak cloak wouldn't wireshark alone do the trick?

I mean you could see if it would work with the computer turned on, but not when it's turned off

@peak cloak ECMP with per-packet set. C'mon Present, you should know

what

The image you posted

oh lol

I boy, I think it was a Windows problem. My network card didn't have permission to turn the computer on 😄

gonna try it now

Still nothing

so you cna turn it from router -> pc?

How would I do it

How do I use router to send the packet

Seriously, I have no clue

you would need a router than you can actually access

like use the file system

command line

muh ubnt 👀

You and your computer @upbeat flint
https://c.tenor.com/8dcVdWgPs5cAAAAM/finding-nemo-wake-up.gif

You and your computer @upbeat flint
https://c.tenor.com/8dcVdWgPs5cAAAAM/finding-nemo-wake-up.gif
@lean pebble that's actually funny xd

I guess I'm going to have to get up from need every time I want to access my pc then :(

Anyone know a thing or two about Linux & databases (postgres specifically)
On a locally hosted database I can use the psql shell either through a TCP connection via localhost or through a unix domain socket
Is it possible to connect pgAdmin to the database via unix domain socket, or will that only run through TCP?

@upbeat flint Just a quick google they mentioned turning off fast startup in Win 10 which might be worth a shot
Control Panel\All Control Panel Items\Power Options\System Settings uncheck fast startup

@upbeat flint Just a quick google they mentioned turning off fast startup in Win 10 which might be worth a shot
Control Panel\All Control Panel Items\Power Options\System Settings uncheck fast startup
@hollow marlin I always have it off, causes it causes variety of problems and my system boots super quick anyways

and I assume you did the tweak for network card

yep

@waxen scroll so... How should I handle this situation where almost all the emails I get sent by my coworkers always get cc'd to the supervisor?

It seems this always happen even when it does not involve the supervisor

to your supervisor? is it shared supervisor with them?

guys I have a network question, i have 2 routers
ISP one - Altice Fibergateway GR241AG
My router - Dlink Dir 880L
I want to use my router has the main one and the ISP one just to connect the TV box and the TV
The ISP is in bridge and mine is connected to it via RJ45

How can I create a mesh of wireles network, instead of having to trade networks when i move around the house?

you would need AP's that have a central controller for seamless roaming

setting the up the dlink one has an AP wont work?

you could have 2 seperate SSID's and devices should choose the strongest one

i have 2 SSID's

no, for seamless roaming over one SSID you would need a controller

but since the distance is not that far it wont disconnect, jus stays with 1 bar of power

you may need to adjust TX power

lower TX power so it's so low the phone would disconenct

will try

so that controller is crazy expensive im betting

nope

you just need AP's that support being controlled

Like unifi

or Omada

Omada controller is free actually, you can just download the software to run on your server

Or you can buy a dedicated box

Or for mirotik, which uses CAPsMan

i see tp link has Onemesh

that's mesh

you want seamless roaming right?

so the two AP's are connected via ethernet?

yeah you are talking about this

https://www.tp-link.com/pt/home-networking/access-point/tl-wa1201/

nope

ew

🤣

xD

https://www.tp-link.com/us/business-networking/omada-sdn-access-point/eap225/

being Pepega right now

that's what I have

tp-link consumer products are kinda bad

ubiquity are kinda nice

so are mikrotik

that is 80€

not that bad

https://mikrotik.com/product/cap_ac

btw unrelated question

is ethernet over power

works? or is prone to interferance?

powerline?

yeah

yeah it's prone to interference

so like turning on a high power device can mess with it

and a AP is it better to go router cable to AP

then AP connecting via wireless right?

like a repeater

umm

https://cdn.discordapp.com/attachments/387022787480387605/777319486004396042/20201101_115841.jpg

example of my setup

the thing on the middle shelf in the middle is my router

it just routes

this is a cheap alternative

but not sure

no switching, no wireless

thing on the right in red is a pi

runs my controllers and DNS

on the left is my modem

and on the top is a PoE switch

one of those cables goes to my AP

just one cable, because it's providing power already as well

and all the other cables go elsewhere to the house

i want to set up a pi hole also

so ur POE goes to the AP to provide Power and ethernet

yeah

yeah, that pi is running pihole as well:
my dns setup works like this:
Client -> Pi-hole -> Router -> Upsteam (quad9, google, cf)

so this way I can resolve local hostnames as well

i might get a tp link AP

mtik is also nice

to manage the wifi, i still need the 2nd router to use has a switch

to connect both pcs

just get a switch

I think you may be double-NATing right now

which is kinda bad

its cheaper not to get one 😄 and use a router for it and disable its wifi

im not the 1st router the ISP one is in bridge

its "not there"

wait, I'm kinda confused, can you show a diagram

i can try

something like this

what's the bridge? wifi bridge?

bridge mode 😄

"Bridge mode is the configuration that disables the NAT feature on the modem and allows a router to function as a DHCP server without an IP Address conflict. Connecting multiple routers can extend the Wi-Fi coverage in your office/home."

oh, perfect

you aren't double NATing

basically my 2nd router is 192.168.0.1

my MAIN shoud be 192.168.1.254

but if i try to connect to it i cant

since its in bridge mode

you should still be able to

he does not give any ip to any device on the 4th port

if you configure the router to be on the same subnet

the others he does

to the devices on the 4th lan port its like a bypass or wtv the router doesnt exist of some sorts

you can't connect to it because I assume it's a /24 network so your PC thinks it can't connect to something outside of the /24 range and forwards the reqeusts to your actual router, which doesn't have a route to the ip you are trying to access

thats why the 2nd router is dealing IP above 100, and the 1st one below ( I set it up that way) not to get double ip's or that manbo jambo

huh

yeah its that i guess

just disable DHCP

only one router should do DHCP

i have dhcp on the 2nd

and disabled on the 1st

i think

weird, I would have the primary router (the one doing NAT) do DHCP as well

the one doing nat is the 2nd 😄

what

then how is TV or wifi 2 connecting to the internet

well i think it just disables it on 4 lan port

i guess 😄

boy is that messy

https://i.stack.imgur.com/mVvBw.png

so only one port is in bridge mode?

yes

Bridge mode is all or nothing. I have not seen outside cli configuration to specify a port for bridge

its the firmware like that

only the 4th port can be in bridge

ok, but then how are the devices on that router connecting

I'm soo confused

you still have 2 seperate networks

wireless only

no like 2 seperate subnets, aka networks

that im not sure

what's the ip on these devices

@waxen scroll yes shared supervisor

and what's the ip on these

192.168.0.197

https://conteudos.meo.pt/meo/Documentos/Manuais/Routers/FiberGateway-Manual-Utilizador-V4.0-3.PDF

if you can translate to english

thats the isp router manual

what's the ip on the other devices?

and the subnet mask

or CIDR

This setup makes little sense. Either the ISP allows multiple IPs, one for modem and one for router somehow bridged off port 4 or the devices off the modem are pulling publics. Going to need a lot more info or like Present said, IPs of the devices

What are we talking about?

some werid network setup I'm trying to understand

Tell me

scroll up

Why 2 routers?

🤔

Why 2 subnets ?

exactly

I understand the 2 routers, limited hardware

Just reconfigure router 2 to be in the same subnet

but they aren't configured correctly

I noticed that

After he said r2 192.168.0.1/24
And main 192.168.1.254/24 ? O_o

From 1.254 to what ?

1.508 o_O

Or he mistakes with the subnet

well i think it just disables it on 4 lan port
@thick minnow I think that netgear home router don't have such advanced option like this

i think
@thick minnow don't think check

basically my 2nd router is 192.168.0.1
@thick minnow disable this dhcp you have DHCP on your main router

Can you export your routers configs ?

Both of them

And send us / me ?

These are basic consumer routers, export is asking too much from these devices

Lol

That's why I wondered how he could configure lan4 to bridge

From cli

Its the ISPs modem, I said it typically is only possible that way. I don't think he can access CLI

Basically it just connecting lan 4 to wan1 of the main router

For give it bridge

After he disabled all of the second router fiber / ptm / atm / adsl vdsl stuff

You want to leave the modem in router mode then just disable DHCP and set bridge on the second router and plug the modem into the router. It shouldn't be this complicated

Ya

I bet that netgear can export config files if my bridge can do it

you can, but only in a binary format

so it's only for backup

Exactly, doubt netgear even knows what a config is

Not true, my dlink have option for a real config file

yeah, d-link does

netgear doesn't

It's a basic router

I had netgear that had to

I think I dropped it away

actually, even my d-link switch can't

just a binary backup file

Wired

I still hope that I'll get my new cisco home switches tomorrow alongside with my new screen

Gonna switch my old tplink switch and my second router that now used only as switch for my basement

Did they modify where you set the VLAN tags for wifi SSID in the latest Unifi releases?

What

Are you talking to me or the other guy

anyone good at networking ?
I am looking to get something like a wireless access point or something that would extend my internet but i do not want to connect to a diffrent ssid like i got vodafone wifi i wana be on that wifi at all times even when im connected to a wap thats idk tp-ap or something
how can i do this
or what kind of a device do i need
https://www.amazon.co.uk/TP-Link-Gigabit-Controller-Software-EAP225/dp/B01LRQW0GM/ref=sr_1_3?crid=3VSXTS7OD9D9N&dchild=1&keywords=wireless+access+point+tp+link&qid=1605558880&sprefix=wireless+access+point+tp%2Caps%2C172&sr=8-3 something like this ?

@warm drift I have that

You said you want to extend it

that will work, but not with seamless roaming on the same ssid, iirc

what you want is the same brand of AP (Omada) using the Omada controller

never heard of omada what would u recommend i can take ethernet cable to anywhere I just want 1 device to cover the wifi deadzones of my house

omada is a tplink brand

that AP you posted is an Omada

ahhh yea

you would want 2 AP's though

1 to replace your current wifi AP, you would keep the router turn off wifi

and then another 1 to extend the range

and then if you have some sort of computer you can use as a server for the controller or buy a dedicated controller

I don't think you can do roaming on one SSID without a controller

i see ok ill look into that thank you

@little schooner linus manager tips

sounds like you need to confront your coworker

or if you wanna be sneaky ask manager "i noticed so-and-so copies you on all emails. is there a reason? maybe a request to CC you on all emails I didn't see?"

if manager is all 💁 tell coworker to cut the crap

managers are there to manage people, not participate in their work to the little details

unfortunately at your work level you get a lot of managers and coworkers of low quality

I wish I had good internet :(

Samsung sells internet, did you try them?

No

💁

The highest I've ever seen my internet is 31mbps download and 8mbps upload.

@waxen scroll k I'll give that a shot

@little schooner when you get higher you can make important decisions as a non-manager and generally manager leaves you alone

While my LTE gets like 57mbps download and 2.5 upload

The highest I've ever seen my internet is 31mbps download and 8mbps upload.
@mellow vale well upload better than mine

I got 150Mbps up / down for 3 months than my cellular company blocked it and downgraded it.
I downloaded games from steam with it because I had so much problems with my home network.

good evening or whatever there is guys

Use iredmail

Great tool

I'm using it for over a year now

You have free and paid version

plz don't self host public email

It's only private mails

yeah ok, then it's fine

Transferring all the shit and spam I get to there

Auto forwarding and removing from my main email

But iredmail is awesome

yo i need help why do i get 90/60 even do i have 300/60 i only see this issue on pc and not my laptop

im using ethernet btww

what cable?

Bruh i get 20 10

could be EM interference

So what i get from what is my ip is

Its changing every few days

So idk if i can connect to my router even with vps/vpn set up since i dont know the ip to connect to at first place

yeah you probably have dhcp on wan its normal. it generally costs more to get a static IP from ISP.

Is there smth i could do with python
For example. On mobile phone, run a code to get current ip everyday on 6 am

dynamic dns exists

dynamic dns exists
Is it free

yep, cloudflare, dynu dns, he.net

some routers even support it

Ddns?

yes

well.. you need a domain name first

except for dynu

no-ip also works

bascially when your public ip changes it sends a request to the dns server to change the A record specified with the new ip

https://www.zerotier.com/ also

that's a type of vpn /tunnel

I know that program

Do i need to use secondary routers ddns or the main one

main one

the one that has a public ip interface

Oh

Nvm both of it support ddns anyway

You guys recommend any service?

Btw i cant have a device larger than pi 0 running 24/7 since my parent is asian

I use dns.he.net

you need a domain name already though

@worthy stirrup you have a regular pi with an actual ethernet port? I wouldn't run any servers over wifi

Only pi i have is pi 0 wh

And its just for pihole

Since i run server on my laptop

I have a pi for DNS and wifi Ap controller

Or after this, i might run it on my old pc with only way to connect to internet is lan

What

Btw my pi is right next to my main router

https://cdn.discordapp.com/attachments/623265423533801483/770431306970038302/20201026_193753.jpg

same

I could go buy rj45 to usb adapter and connect my pi 0 to the router via lan tho

Since pi 0 here is like 25 usd

My country have a dumb tax for electronics
EV is taxxed 200-1000% the og price

that's really high

Yeah

They have a deal with petrol company

Anyway

I could go buy rj45 to usb adapter and connect my pi 0 to the router via lan tho
You recommend this or should i just use the same way of pi 0wh wifi

I always use ethernet whenever possible, just more reliable.

^^

What elsw can i do with pi 0w tho

I only have it for pi hole atm

run a web server

like a website

For what purpose tho

fun and learning

Idk what id do with website

pi0 is very limiting though

Ye

made more for embedded systems

kinda like arduino

but pi0 runs an OS

my friend made a chat app

When i bought it + case it cost me like 66 usd

you can't really run a vpn, too weak

Is he.net free to use?

in what way?

Ddns

they have multiple services

https://dns.he.net/ is free to use, so long as whatever you're using it with supports it.

yeah, dns is free. You need to already have purchased a domain name tho

Is the domain one time or temp

it's a subscription

Welp

are you a student

Yes

12th grade

cool, then you can get one for free for one year via github student dev pacl

Do i need school email for that

https://education.github.com/pack

yeah

Since none of that exist in high school for my country

Only uni

And id be grad in like march next year

Can i use smth like weebly.com for that

no, you need a domain name, dynu or no-ip I think provide free subdomains

Oh

If i use no ip for free, what do they mean by confirm every 30 day

Do i have to click 1 link they send to me every 30 day to keep my subdomain

you need to press a button on their website or something, I only ever used dynu for a bit

Ok

I know that my router support no ip
No idea about dynu tho

you can setup your pi to do it as well

If i use no ip for free, what do they mean by confirm every 30 day
@worthy stirrup you get an email every 25-30 days saying "yo dawg, are you like, still using these dynamic DNS entries? if so, click here, pass Google ReCaptcha, then click again. (or pay us money.)"

Morning

Since i dont recognize that name when i was messing around in my router setting

Good

Thats fine with me

you can setup your pi to do it as well
@peak cloak pi 0 can do that?

Btw current sd card in my pi 0 only have like 8 gb

dynu uses a HTTP api

https://www.dynu.com/en-US/DynamicDNS/IP-Update-Protocol

https://www.dynu.com/DynamicDNS/IPUpdateClient

Wait dynu is 100% free?

Are they like mozilla or smth

there are some limitations, but yeah kinda

Like what?

I forgot

oh

limited DNS entries

up to 5

that's why I switched to cloudflare and then to he.net

What does that mean

Cf is nice

these are dns entries

the first 6 aren't that important as a beginner

the last one is a cname

Man the TTL is so high gosh

default values lol

Gosh too high

You could manage dns entries via Google domains if you bought from there

Good and fast dns updates

So u recommend dynu over no ip?

i mean I never used no ip, so I can't compare

Last time I used no ip was 10 years ago with maplestory private server 🤣

Was nice

But it changed alot since than idk how they're now

What about dynu

i does what it needs to

Is it still free

it's not like you are buying something, you can always switch

yeah

Can u help me search for manual of gn542vf skyworth

Nvm

By dynu is it dyndns

I guess its not

@worthy stirrup https://www.dynu.com/en-US

@peak cloak herro

oh, you are back

Yeah, only here though

I am done with everyone else on LTT

incompetence > 9000

@peak cloak Got that guy from last week set up with his hEX S and 3 cAP ac's

took us 4 hours

oh nice

He's happy :)

Only problem we ran into

he bought an SFP to RJ45 module

but it was not detecting a link

Module was detected

CABLE MATTERS brand

fyi

hmm, did you figure it out, of did it just not work

Well, we tried everything

disable auto negotiate

still no link detected

also no MAC was listed

so I concluded incompatible

yep

power company is front of my neighbors house, hopefully they don't mess something up

hehe

@peak cloak lol we made an oof

so we just copied a backup from one cAP

to the other

and then they both had same MAC

oh lol

yeah.. so scripts. no backups

@peak cloak apparently, not all the APs he got had same frequency restrictions

they clashed, and CAPs was complaining about region locks

didnt work until we set the region from united states to united states3

It worked with one AP, but then adding a 2nd one, made it complain

ah ok

power guy doing something with the live wires

h m m

didnt work until we set the region from united states to united states3
@tame carbon I had to change to US3 on my hAP ac2 before my devices would stop constantly disconnecting. Many of my devices hated using the freq in US region

@hollow marlin apparently US3 is the 'latest' regulation by the FCC

if you aren't using it, you're actually violating the law O.o

That is correct

lol

and mtik forums I read something similair, about US3 giving best performance

compared to other frequency bands, not playing ball with newer client chipsets

I will declare my backyard independent

and make a law that places no restrictions on antenna gain

and then fry every braincell in the area with a 20kW wifi antenna

ofcourse, I will be wearing my tinfoil hat

I think it mentioned most modern devices have an list of FCC approved channels and if any noise is heard outside the wifi signal it would immediately shut it down for compliance. Most my devices would all drop at the same time which makes sense but how much truth is behind that, not sure, never dug deeper

@hollow marlin CAPsMAN straight up refused

in all red text, "region lock"

He should just get US and non-US models
I got 6 hAP ac2 from my last work place when they were switching to new deployments and it was 3 EU/3 US. So if I ran into that Id just toss the EU in because it can be set to "no f's given". But Id hate to do that because my 3 US ones were the first batches with 256mb ram instead of 128mb 💦

DRC is best region

Someone knows how to cancel vlans on cisco g250 switch

I need this switch will be able to get my router dhcp and pass it to the other devices.
Right now I'm stuck with it

Last time I used cisco was 3 years ago

well just change the vlan settings

Now I lost the access to it

xD

factory reset?

I just connected the second one

I'll factory reset the second one later

@lean pebble you don't cancel VLANs. If you do not want tagging you just set the ports you want to VLAN 1 or change the VLAN you want to native

Well factory reset to this one to

When I change something in this vlan automatically I lost the option to manage it ... And then factory reset

My lans should be trunk or access ?
I always forget that

um, it depends

I don't thing you fully understand vlans

ports going to end-devices should be access

this means there will be no vlan tags on them

I didn't touch vlans for 3 years so.. probably forgot

Port VLANs and Tagged VLANs

big difference

I just want to get my router DHCP

https://wiki.mikrotik.com/images/c/c7/Basic_vlan_switching.png

Port VLANs are ether2 and ether3 in this image

tagged vlans are on ether1

Now I get the same IP for all ports

IP

if you just want a basic switch you only want one vlan

wat

So it's make no sense

I thought we were doing vlan

not routing

No no

I don't want vlan

That's the problem

Vlan come by default with my switch

then have only one vlan and have them all be access so nothing is tagged

every switch has "vlans", it's just vlan 1

^

no vlan means vlan 1

Ok but look at the photo I sent

Just set it to 'access' on vlan1

should work

Ok

if you just want a basic flat network switch just make everything access on one vlan, vlan 1

That what I wanted to know access or trunk 😅

@lean pebble Look at that image

That multicolored line, is a trunk

you don't want that

Ok

trunk tags the packets with the the vlan number, you only want trunk to other network devices such as AP's or routers

@peak cloak imagine this channel without you or @hollow marlin

I still consider myself a noob

@peak cloak everything up to layer 2/3 I can do

stuff above, gets hard xD

I'm familiar with fortigate because I use it on daily basis 😅

firewalling makes my head spin

especially when you have multiple networks on the same router

Not using switches too much

switches are ez

@lean pebble VLANs are not that difficult, think of it this way:

you have a physical network, (which we call vlan1)

I was good at it 3 years ago

I think of it as multiple small switches within one big switch

At my studies

and then, ontop of that physical network we can allocate up to 4096 additional 'virtual' networks

and all it really does, it just change a number in the packet

from 1 to something else

tagging and untagging traffic, just means we set or reset that number

untagging means set it to 1

But I still consider it as weird that this switch gets the same IP for all ports

a L2 switch doesn't have an ip

Switches don't use IP

@lean pebble very likely that the DHCP server on your network, gives out the same IP to the same MAC address when you connect it

I have connected it to my network

so even if its on a different port, the MAC address is the same

so the DHCP server gives you the same IP

This one does have ip for the gui

Management

@lean pebble yes, its a managed switch.

But switching itself, does not use IP

yep, that ip is just for a mini computer inside of the switch

separate from the actual switching

Should I enable the dhcp relay? 🤔

I think not

no

Ok

there should only be one DHCP per vlan

Just wanted to make sure

DHCP requests use the broadcast domain

so every device on the network can see those messages

if you have two DHCP servers, it will cause issues

Relays are only required if you are on different vlans

on my mikrotik I have multiple DHCP servers

for each network

Ah I don't need this option at home yet

https://i.imgur.com/T2QgLrr.png

fancyness

my dhcp-routed server, gives out public IPs :D

I don't use like 80% of these

But its a small pool

only like 7 addresses

What is LAG

First time I see this

NIC teaming

https://en.wikipedia.org/wiki/Link_aggregation

its a bit of a finecky technology

I'm no fan of link aggregation, especially on 1G copper

just use faster links.

So not needed

isn't LAG more for failover

Other umbrella terms used to describe the method include trunking,[1] bundling,[2] bonding,[1] channeling[3] or teaming. These umbrella terms encompass not only vendor-independent standards such as Link Aggregation Control Protocol (LACP) for Ethernet defined in IEEE 802.1AX or the previous IEEE 802.3ad, but also various proprietary solutions.

Failover occurs automatically: When a link fails and there is (for example) a media converter between the devices, a peer system will not perceive any connectivity problems. With static link aggregation, the peer would continue sending traffic down the link causing the connection to fail.

@peak cloak need to have a POG protocol

makes your internet faster using magic packets

I just need a faster internet

Vdsl2 🤢

https://cdn.discordapp.com/attachments/776722183119699988/777646103775674368/IMG-20200922-WA0001.jpg

:)

Your home?

Yep

Why do you need a server at home ?

Plex ?

NAS, Games, and I also use it for business

There's some customer software running on this

Oh

Well I fucked up my switch again haha

I use a pi server for dns an an optiplex for lab

@lean pebble that server is just consumer parts

its a Ryzen 2600

with 16GB DDR4

but it has a dual 10gbit network card

My server is r9 3950x 32gb ddr4

Network card 10gb in the box outside

🤣

Oh and this server also monitors and records 4 cameras

secure the warehouse

behind our house

@lean pebble https://i.imgur.com/7lbjm4R.png

This is an older card though, still uses PCIe 2.0

I have to

In the box

I can't connect it to my pc

But it does 2x 10gbit :)

My gpus blocking the spot

😂

I got that issue on my server lol

its a mini ITX board

has only 1 PCIe slot

I got 4 but my huge gpu takes all the space

That machine was built on a budget and ment to be low power

that Ryzen 2600 uses only like 35 watts

most expensive part was the memory

DDR4 ECC @ 2400MHz

This switch automatically decide to trunk my ports

Thank you cisco

@lean pebble you don't need any vlans

just restore factory settings

and plug devices in .

you don't need any configuration

Restored

Not working

Do you have an interface overview you can screenshot?

like a big list

of all your ports

with the vlan info in it

Ya

send a screenshot, not a photograph

Now I don't have wifi horray

Dammit the switch ACL

Wtf

I just connected my tenda APs to this switch and boom not wifi

Fixed

All the problem was the spamming tree

@lean pebble all ports are untagged

1U = vlan 1 untagged

you should configure those ports to all be access

is this the right channel to discuss ddos protection etc?

@open coral that's a first

but if anywhere, here. yes

@lean pebble all ports are untagged
@tame carbon now all works

cool

But only 1 problem

Those switches still gets the same IP like wtf

1.25 both

@lean pebble you only have one switch?

2

Same vendor

@lean pebble how do they get their IP

DHCP

Both?

Double check

Ya

spoke a little in tech chat 1 but people look at different channels lol.
Basically got a dedicated server & a vpn with 1 host, 2 different servers.
Thinking of buying a server pc at home but my issue is ddos protection. would a vpn hinder the performance much?

just can't justify the specs for cost/m

@open coral Forward proxy yeah

You can do that

but will it hinder the performance much?

Its a tunnel, so its as fast as the slowest link in the chain

literally after looking up the dedi specs it would cost me £700 to build 😂

and i have 900mbps internet but the vpn is only at 250ish

but 250 should be more than enough

@open coral get a small VPS

and use that as a public endpoint

preferably one that is close to your ISP (for lowest ping)

well the ping on that datacenter is 12-13 for me

which is good

@open coral this wont protect from layer 7 DDoS attacks

you can still overload a webserver easily

webserver?

as an example

it doesn't have a website

just a game server

layer 7 just means you attack the application, not the network

sorry used to people talking about L7 on websites

lol

@open coral really depends what kind of game you are hosting

I've got a big dedicated machine with OVH

its DayZ

They do antiddos and layer 7 filtering for minecraft xD

the point is i am trying to cut long term cost

paying £160 a month for a dedi that costs 700 to build.

By self hosting a server?

160 pounds/month

but you are forgetting

the space, the electricity, the data, the maintenance

ddos protection expensive

Datacenter hosting takes care of more than just the hardware

Thats why it seems expensive

If you do a full breakdown of the costs, centralized hosting in the cloud is cheaper

yea ik but still a pc shouldnt have maintenance issues for multiple years

but DIY server @ home is more fun

xD

i just need to find a way for decent ddos protection

then i will explore the idea

@open coral best I can offer, is a forward proxy on a VPS (on a fast network)

It won't protect you from your service going down

but it at least masks your own IP, and allows you to drop the proxy and restore internet

well if i upgrade my pc next year i will do a test run on that then

pity ddos is a thing

Did you get spammed by some kids then?

worst I've had to deal with was ~20gbit/s

nah but i ran game servers in the past and have experience with it haappening

OVH's filter service is capable of anti-ddos up to 240gbit/s

had 140gbps hit our Arma 2 game server years ago

fuck

ikr

ovh struggled to mitigate it 😂

yeah you wont be able to protect yourself from that

not unless you have an unobtainium creditcard

so lets look at it this way

if ovh could mitigate that attack on a dedi, i couldn't do a forward proxy cheap ovh vps?

wouldn't it do the same thing?

OVH doesnt offer VAC on all their machines

ah

only the HA servers (enterprise)

and the gameserver lineup

that makes sense

But those have a steep entry price

and pretty sure that the gameservers OVH provides are limited to 250mbit/s

250mbit/s of post-filter traffic

My vpn has mitigated a 80gbps before but that has protection up to 100gbps

Antiddos is just a dick-measuring contest

whoever has the bigger pipe wins

then you just need some fancy appliance to do the actual filtering

hmm

i just wish there was a cheaper alternative 😂

i don't expect to make money off my game server

https://i.imgur.com/F0JrQMU.png

But these things cost a fortune

i bet

my biggest price factor is the cpu i have to go with...

the benefit that companies like OVH have, is that they have many entry points to their network, scattered across the globe

and their filters operate on the edge routers

this is why they can filter so effectively

they just prevent the data from even entering their network

makes sense

its annoying xD

i can't really go with ovh for my server either

https://www.ovh.co.uk/images/dedicated/reseau-ovh-europe.jpg

OVH's backbone in europe ^

those purple circles are public edges

its a pity ovh don't venture into more cpu's

@open coral businesses with your concerns

would go for a private rack solution

so you have your own rack in a datacenter

but expensive AF lol

just trying to get the most performance

ovh for dayz sucks

its all about the core speed

so xeon processor sucks apart from 1 type

don't they have OC'ed i7s ?

the i9 9900k & 10900k are the best for dayz

beat all but 1 xeon

oof

these chips are old.

https://i.imgur.com/W6zgqlv.png

Hetzner has some of the fast cpus

😂

OVH. make the 3950X happen

They made dual 64 epyc's happen tho 😰

or 5900X

@open coral never knew arma2 servers are that CPU heavy

someone with experience with dayz servers told me the only xeon that beats the i9 9900k/10900k at server performance is - Xeon E-2288G

not arma 2

dayz standalone

oh

that game is dead to me

its been revived

I bought it during preorder

since they added modding

i was the same till 2 months ago

all big streamers been playing it since mods have been introduced

I call it: Running simulator

its grown big again

Because there's no itemspawns near the coast at all

ever since they updated the spawning algorithms

there is now

well i am talking about modded servers

modded dayz standalone is like dayz overpoch

hence why its popular again

mh. I saw some footage the other week

they did some UI improvements

will show you an example

mh. never forget

balota airport sniping

with a mosin

good times

yea, loot is completely customized on servers now

cool

@open coral first time I got to that prison island

unlooted.

I was geared up to the max after that

xD

then I got killed by some guy who logged in

I hate people who hop servers to gear up

ez loot https://gyazo.com/d2e484e6892ec21e95d16719907643ec

😂

thats more like it

during my playthroughs I only find zuccinis

yea thats my server. its got to be balanced but yea

but honestly try out modded servers

its completely different

helicopters, cars, supercars, boats

custom base building.

lol. I've driven a vehicle once

it was a bus

loads of stuff like dayz epoch/overpoch

driving in dayz sucks

@open coral do you have a trader?

yepo

cool, yeah that's one thing that was missing from standalone

@open coral back to the question at hand

Datacenter level internet is more robust than home internet

so you can at least get 1 layer of hardening by using a tunnel

players wont be too happy, because of the increase in ping

1 is ok 1 not accessible

Waiting for him to reboot

All fixed

Vlan 1 was on strange static

my wifi bad

use lan

Someone knows how to make all my mouse buttons work with synergy?

you have to map them

@lean pebble you can configure them as hotkeys

How do I do that first time with synergy

server settings

https://i.imgur.com/qEEO21b.png

https://wiki.archlinux.org/index.php/synergy#mouse_fixed_in_certain_games

People game on synergy?

i kno rite?

What if the game captures the mouse? It would never reach the other screens

And for the games where mouse dragging hides the pointer and the game takes full control

It can't jump over to the next screen

I had that problem

When playing league, and accidentally drags my pointer to my other pc

league minimized and can't be opened again until I close the synergy on the client pc

PITA

but I don't play on the client pc.

(although yea, about "capture")

I currently have a full UniFi setup and I am running out of switch ports. I want to get a switch to add to my current network. Any suggestions? I'm looking for something used.

https://wiki.archlinux.org/index.php/synergy#mouse_fixed_in_certain_games
@tame carbon it wasn't on game it was that half of the mouse 🐀 keys wasn't recognized by windows at all with synergy.

But I have got it fixed with evdev

I am sure I ask here, but I am encountering a problem

I am trying to port forward some things (following an guide for Ark Survival Evolved so I can play with friends, and not use official servers and get constantly destroyed cause the alpha tribe thinks me having a duck is an avenger-level threat)

I have opened the firewall and access to the advanced settings, where there's the Inbound rules. I set three different rules to allow port forwarding, but whenever I exit the window, the three rules does not save

get constantly destroyed cause the alpha tribe
This is the real problem

Is cat8 cable worth installing or should I stick to cat6 for regular to not so much gaming?

I mean do you even have devices that have cat8

Idk. I have a 800€ potato HP gaming laptop

And my router is a Arris Connectbox from my isp Ziggo

Then u don't need Cat 8, unless you want to upgrade everything to support Cat 8

Any Mikrotik gurus online right now?

Need to setup transparent bridge interface to strip off PPPoE authentication for my firewall, it doesn't support hardware acceleration on PPPoE authenticated interfaces

don't want routing between them which I could do, just want to strip off that PPPoE

@strange silo wat

PPPoE interfaces behave like regular interfaces

you can attach them to a bridge as a port

https://i.imgur.com/xtwP47X.png

Set it to the port that the PPPoE server can be reached at

after that, just add it as a bridge port

cool, was thinking it should be this simple

I just really don't ever use Mikrotik

most of these things are dead simple on mtik

ISP won't disable PPPoE for me so forced down this path

PPPoE is a common way ISPs identify subscribers

stupid fortgate not supporting PPPoE hw offload

Alternative is DHCP & VLAN

That's what my ISP does

it may be common but they don't actually need it

DSL uses PPPoA

PPP over ATM

my other connection on the same wholesale network does not use PPPoE

Mh?

it's all a shared network here, ISPs are just retailers

Copper though?

no fibre

mh

GPON

Do you have a seperate ONT ?

GPON modules in mikrotik don't play ball

yea ONTs are mandatory install

but I'm not bypassing it

I got an LC patch lead from my ISP xD

atm ONT goes in to a FG600C but the throughput is ass

They sent an SFP module to use

also slow on my FG60D

@strange silo dial in the PPPoE client

see if it works :)

confirmed with fortigate PPPoE hw offload is not support hence bad perf

my 60D caps out at 102Mbps 100% CPU lol

https://i.imgur.com/yfbiOfX.png

Is this what you are looking for?

mm possibly not, just want to auth the connection on the hEX and bridge it to the firewall so it gets the public IP

hEX needs to be as transparent as possible

Start by creating that PPPoE interface, verify it connects

add it to your local bridge, adjust the interface lists so it is on the WAN side

firewall config should play ball if you do it that way

https://i.imgur.com/CXsrxi6.png

that Add default route will make sure it adds an entry to the routing table

yea I've had it working as a PPPoE client before getting the IP etc, probably still has that config on it

I'm not entirely sure about the hEX's capabilities with PPPoE

all I know is that it has hw acceleration for IPsec...

but it has a beefy quadcore, so perf should be fine

I expect nothing less than 1G PPPoE

from memory it was fine

I stopped trying to get the bridge going at the time since the connection was 100/100 so it didn;t matter

now it's 1000/1000 so it does

900 going unusable lol

@strange silo https://i.imgur.com/JLTJeaL.png

You just add the PPPoE interface as a port on the bridge, so it can communicate

It behaves almost identically to the way VLANs are configured

hmm got some odd config left on here

working off a broken config sucks

hard to debug

as all networking problems are

yea i was also messing round with vpls

woops really broke it haha

mtik backups ftw

restore in case of total screwup

factory rest 🙂

I may have removed the default bridge1

RIP access

@strange silo plug into port 2

and use MAC to connect

IP is overrated

oh yea I need to use VLAN10 for this connection too

so do I need to configure that on the hEX or the fortigate hmm

err

thats fine

create a vlan interface

then create the PPPoE interface, on that vlan

so for the bridge I add pppoe interface and another eth interface?

@strange silo no, you bind the PPPoE client to an interface, either a physical or virtual one

and it itself becomes an interface

ok, just the pic you have is adding eth1 to the bridge

yeah eth1 should be your PPPoE client

it is

if you have to have a vlan encapsulating the PPPoE traffic, you bind the PPPoE interface to the vlan, and the vlan on the physical interface

oh right can only select actual physical ports

brb internet going out

@tame carbon ok pppoe is connecting and hEX has public IP and connected clients have internet access

now to bridge that over to the firewall

@strange silo clarify for me, what do you mean by that?

if clients have received a default route and can reach the internet

what more is there to bridge?

I do not want the hEX to have the public IP

the fortigate physical firewall must have it

the hEX is to only do PPPoE, nothing else

no routing, no NAT

just pass on a virtual wire, bridge, half-bridge (so many names each vendor person uses) to the firewall

most consumer routers called this feature half-bridge mode back in the ADSL PPPoA days

it's a weird config I want lol

well I don't want it, I want PPPoE turned off but they wont do it

https://forum.mikrotik.com/viewtopic.php?t=131060

"Mikrotik RouterOS does not have PPPoE Relay (half bridge) feature, yet. So you cant run your mikrotik router in half bridge mode."

RIP me

yeah..

@strange silo you could do some forwarding magic

@strange silo why the fortigate firewall though?

because it has very fast IPSec hardware offload for my S2S VPNs

mh?

faster than 400mbit?

yea

@strange silo you could set up a masquerade

and forward all vpn traffic

as long as you add the proper rules to the firewall to permit ipsec/l2tp

8Gbps IPSec

through a hEX ?

wat

no that's the 600C hardware support lol

oh

the RB4011 I have does 2gbit/s

for ipsec

http://fortinet.globalgate.com.ar/pdfs/FortiGate/FG600C_DS.pdf

it's old but damn fast

like real old

@strange silo why not just set your VPN server up as a service behind the mikrotik?

instead of trying to passthrough the PPPoE

because then it also defeats the point of having the firewall in the first place

It acts as access gateway for your local network, no?

I used it for VIP/reverse proxy etc

nghm.

firewalling, UTM etc

I have a /29 range I own so I can just setup routing from the hEX to the fortigate

neat

I got a /29 too :)

and not NAT on the hEX

statically routed through my WAN

I've been trying to avoid doing it this way

but seems only way possible