#networking

Yeap

Should be at least

change the lan subnet ip range tho

to something that actually makes sense

if you want to, you could get rid of the nat on the pfsense, but still have another range. That's what I did with my vyos vm

for my kubs network

and then you just configure a static route on your main home router

Mhm. Well now so i just use some random 192.168.x.x adress for example

yeah

That be good

Subnet just regular 24 /255.255.255.0

yeah

no

remember

max is 255

ip basics

Figured it out, went with 52

yeah so a /24 would be 192.168.52.1-192.168.52.255

well the .255 is the broadcast address

Yep

so the last usable address is 192.168.52.254

Yes, but now the weird thing is, im trying to acsses the pfsensr webgui, but its telling me unreachable adress

An now im for some wird reason, getting two loopback adresses on 127.0.0.1 under two ports 49669 and 49796

Well thats....

Tried pinging the other machine on the wan side, 100% loss

yeah because it's nated

so that makes sense

and the main router doesn't know about that subnet

try pinging the "wan" address

As expected i guess

yeah

but that's from pfsense itself?

wouldn't you want to try pinging from a local lan device

that's on the .222.0/24 network

Ah you mean from a loacl computer

well yeah

pinging the router

from the router

how would that help?

it's just loopback

Well that might explain

what's the ip of that device?

The computer providing the lan feed is. 102 not .105

What tha heeck

huh

you know what

pfsense may be blocking it

blocking ICMP from wan

I pinged the adress from ipconfig on the wan computer an then it had acsses, lemme try something

yes

pinging yourself

of course that would work

@thick minnow The default is to block everything on WAN so if everything is done correctly the pfSense WAN interface shouldn't respond to ICMP.

Oh, so i need to unblock that device then. But it still then dosent make sense that i cant acsses the webui to pfsense when that computer is connected to the lan side

you sure it's on lan?

in cmd show it's ip

then try pinging it

what ip are you trying anyway?

The wan ip is 192.168.52.1 and on the other computer ethernet adapter 2 is 192.168.52.2

ok

try pinging 192.168.52.1

Now thats a new one

see

there you go

you sure you set the IP of pfsense lan

correctly

it's 192.168.52.1/24

Yep

huh

And this is the wan card

Connected to that other computer

This is how i config it

idk much about pfsense

Cable is connected and everything, but when i try to ping it i get this

windows issue?

I dont understand ot

try linux

Idk maybe

why windows

windows sucks for things like this

idk much about the windows ip stack

Well, then ill have to fire up an vm, cuz i dont have any rendom computer here i can clonk linux on

yeah idk

try restarting the windows network stack

Ok

Now that was not what i expected to see

Now im restarting the laptop and rebooting pfsense, so will see now

Ok now all the dns ang gateways show up + ipv 6

Pinged the router once, got one reply

huh

well ipv6 is just link-local

you will always have a link-local ip

unless it's disabled

Well yes, that make sense. But what i dont understand is that it is connected, but i cant ping it in cmd vise versa. And i cant ping it from pfsense either. But it is connected, and the domain and ipadress on the computer connected on the wan side is correspondig with the default gateway

That looks like it fired up the IP stack and responded to the ping, then disabled ICMP or enabled a firewall and stopped responding to ping.

Ahh.

That might explain

anyone here actively use PRTG? working on a end of year exam sort of deal

trying to get a webhook to work

hey guys, i am setting up my own cloud storage and i could use a bit help

@old elkWith what?

Hey all, I'm having a problem with ssh on wsl2. I keep getting permission denied (publickey) on the pc that I'm using to connect to the wsl2 vm

@slate sonnet means your key wasn't valid

It tried authenticating with a private key

which was invalid

or didnt have permission

where my @hollow marlin at

@hollow marlin its almost midyear

you know what that means?

clueless recruiters emailing us!

They are looking for experience with Cisco routers and switches, firewalls, WAN troubleshooting, and enterprise wireless knowledge. Any experience in a network operations center is a plus as well.```

I hope all is well. I am reaching out to you in regards to a Network Engineer position in <city>, <state>. The position would be remote for the time being, and working the weekend/night shift.

keep in mind my deets are full of "network engineer. network designer"

F100

idiots.

When is a good time/number for me to give you a quick call?```

these are great too. generic. probably didnt read a damn thing

Anyone have suggestions for good WiFi hardware for my home? Im in an ancient house that has metal paneling BEHIND plaster walls, so basically every room is nearly a faraday cage.

you basically need an AP in every room

with ethernet

no mesh, just ethernet to every AP

Well, yes, but what hardware is best for that in terms of smooth roaming, adjustable power output to keep the ambient noise floor low, etc

I have Tp-link Omada

I only have one AP since wooden house, so I can't tell you how good roaming is

I’ve heard good things about the Omada hardware — I was also looking at ubiquiti. Any thoughts on how they compare?

ubiquiti is eh now

expensive

they just had a major security breach with their unifi cloud

They are kinda the "apple" of networking

Oof, security breach is no good.

where they use terms that kinda make no sense

but idk, omada may also have that

also, only omada APs are good, the switches and routers look eh

Ya I have netgear managed switches, and a home brew router and firewall setup, so no worries there

How’s the omada management software

no clue tbh, only have one AP, so never really needed it since it has a on board webui

Ah, alrighty

I once tried to do it I think

but didn't want to break the setup I think

idk what was the reason

my network wasn't as stable as it is now

now I have vlans and everything

firewall

etc.

god that's high

last time I shutoff my poe switch was when I redid the power

Niiiice.

"Greeting person who works in internet, we saw your resume and by that we mean we found you're email and know nothing about you, but have this excellent position you would be a perfect fit. It's not full time, pay is crap, and more desktop support than networking but think of the family experience you can get working for a startup that's never been out of the red"
Summed up 99% of those emails

port fowarding on unifi isn't working

i'm trying to open a port up for VPN but it doesn't seem to be open - any thoughts?

bruh

if you use the word family experience at me in regards to a job, the conversation is over.

VPN on USG/UDM? Or on a dedicated/separate device?

under cgnat?

Depending on your outbound and inbound firewall rules at the edge, you may need to create rules that allow traffic for that node.

VPN on a separate fedora box

no cgnat

ddns is working; port just won't open\

what are the first 2 octets of your wan ip?

on the router

not on google

153.196

huh no cgnat then

then firewall then

WAN IN allowing traffic + port forwarding configured

I even allowed TCP and UDP for the firewall rule and port fowarding

I've deleted the rule. tried different ports. restarted the UDM multiple times. modem is in bridge mode with the UDM getting a public IP

sure your ISP isn't blocking the ports?

yep they aren't blocking any of the ports i've tried

fedora firewall?

Hypothetically speaking, how easy is to DDOS an local isp provider server and cause massive pain and headaches to everyone?
My ISP just contacted me via sms saying they are sorry for the state of the connection that they are suffering multiple packets attack, and that will take some hours to day to fix it
So, is it something easy to do? Or they are covering up something?

doesn't work on the raspberry pi either

no, that can happen

i've gone through on the fedora server and added wireguard to fiirewalld

wg0 conf on the pi has the ip-tables rules built in

@vestal surge configure a basic L2TP tunnel on the UDM and see if it will allow connectivity

@jovial radish #networking message

a person here who works for an ISP

Blob's point of ISP shenanigans may be the issue

@vestal surge UDM, right?

Are you using new or classic settings

Oof, that’s a bigger oof
So my brother met a guy on Conan that said they were going to ddos our IP, he came running and I said “it’s just a troll, get out”
Now this shit happens, we use carrier grade nat since almost no place in this shith*lê has fixed ip at a reasonable price
I don’t know if that’s related but thanks

it all depends on how your ISP mitigates it

Thankss for this

finrod_felagund's cuts off internet for that customer

well blackholes that ip

They are horrible, there’s 2 reasonable guys there and the rest are a bunch of lazy guys
I had to configure all my Wi-Fi routers alone cuz they were having issues with double ip

wellll

that's on your end

Guess I will need to use data for a while, thanks

your eqipment shouldn't be configured by the isp

They are the only on the city that does not take 2 months to install your internet
Ps: Brazilian here

they have bigger things to do

They used to do everything from getting the Ethernet cable to wherever you want on your house, to even installing electrical sockets, they were amazing the first year
Than they fired almost everyone and it became that shit

@rocky badge classic settings on a udm (base)

l2tp doesn't work either hmm

Looks similar to this? https://blob.rocks/D3EbVBZYoe.png

l2tp now working because I'm stupid and didn't enable the radius server

😂

and yes my port forward looks a lot like that

just a different (non-standard) port

Can you try connecting to the server internally using the internal IP

I can ssh to the server?

no, connect over whatever VPN

I have to setup the rules in my firewall to let the l2tp connect to the vlan network right?

from the UDM? No

I believe it should have allow all access by default

l2tp can't even access my dns

Rule order for firewall rules will matter here

yeah there aren't any rules which should prevent anything on the LAN, secure vlan or the l2tp subnet talking to teach other 😦

only drop in LAN-IN is for iot vlan

What were you using before l2tp

I was trying to use wireguard. L2TP seems now to be working?

okay here's how I got l2tp working - I set the gateway IP as the DNS; i'm seeing the queries on my phone (as the l2tp) resolve in pi-hole using the gateway dns

Can you ping the wireguard host?

while in with the l2tp? yus

And you mentioned you set up ddns, can you verify that direct IP:port isn't working either?

yep\

tried that too 😦

Alright.

this is really odd because the l2tp tunnel is running over the ddns

That helps narrow things further

I'm assuming this is a bug with unifi and if I leave it for a few days eventually the port forwarding will play nice

thanks for your help @rocky badge & @reef gazelle 🙂

On my USG Port forwards haven't had much issue taking effect but it is a different platform

If you havent a reboot of the UDM during light hours may set things straight,

already tried that too... and force provisioned

argh! I'll come back to it later 🙂 thanks again guys

No problem at all.

i am at my Unifi Limit™️

@vestal surge last thing I'd look at is double and triple check that your IPs and ports match up. Sometimes it's small things like an extra zero that'll muck things up.

DDNS is working, a tunnel can be established using the edge as a host, and that tunnel can talk internally without issue, including the wireguard host based on our testing.

just CONNECT

should i just factory reset it?

nope, apparently waiting for like an hour fixed it.

Quick question I hope someone can answer. All last year I played on a minecraft server that was hosted by a friends PC. We took a break and when I try to join I get errors. All of my friends can still connect. When I try to ping ANY IP address outside of my own network I get request time out. Any idea what may cause my PC to be socially distancing itself from the world?

There are a lot of reasons that could be happening. Like, a LOT of reasons. Need you to kinda narrow it down a bit. I mean, you could have a firewall that's a bit too overzealous -- or a bad patch cable that isn't 100% dead yet connecting you to the network...or hardware possessed by aliens... Need more clues.

Well I can offer these bits of info, 1. the issue persists whether or not I'm on Ethernet or wifi, or even connected to my phones hotspot. 2. ive shut every firewall off and disabled every form of security my computer has to offer, even went as far as to disable my routers firewall, the issue still persisted. 3. I can still play things like minecraft for windows 10 with friends even when they host the world. I have no issues with any games in multiplayer. At this time it only seems to be giving me trouble when I want to connect to our Java server, which I've connected to hundreds of times prior to this week. the server itself has been reset, my installations of java and minecraft have been uninstalled and reinstalled.

I also have tried all general troubleshooting steps I know of and some others I found online. Even some command prompt mumbo jumbo that dealt with resetting IPs and whatnot.

does it happen on other devices on the same network? phone/laptop/etc?

So far I have tried it on my laptop as well. when i try to ping an IP address on my PC it says request time out, on the laptop it said general failure.

But it's done this on wifi, ethernet and my phones hotspot. I tried to phone hotspot as a quick troubleshoot around possible router issues but it had the same errors.

if you remove the router/access point and just plug directly into the cable (or whatever) modem, does the problem go away?

no

well we've narrowed it down to either something with your ISP or something having to do with your software setup...

since you say it happens on your laptop too, I'm wondering if your modem is acting up

i assume you've disconnected it, waited a few minutes with the power disconnected, and cold-restarted it, etc?

Something I've considered but have no way to verify is maybe a possible windows update is causing some trouble. And I thought that too but wouldn't using the phones hotspot as an alternative source of internet work around that? And yes I've tried leaving them unplugged for even as long as 30 minutes to no avail.

eh...i mean, if you're right, then no...the phone hotspot wouldn't really do much if the bug is in your network stack somewhere

if you were comfortable booting off a usb stick, I'd try with ubuntu or something and see if the problem exists sans windows

that could help you eliminate like...a LOT of possible things

(not actually installing it, just booting from the USB and seeing if you can ping stuff)

I am comfortable doing that but I need time to get it together to try it out. Unless I still have one laying around somewhere. I used to have a bootable Linux drive but it may be lost atm.

I think that will be my next step.

yeah, that would basically tell you "it's software, and it's something to do with how you've set up windows" (probably) -- and since you probably set up windows the same way on your laptop and your regular machine, it stands to reason you might have done the same thing twice maybe

Worth a shot. and then, if it works, you can always just fix the problem permanently by installing ubuntu over that silly windows install and --- /ducks and runs away (kidding, kidding)

Thanks for the help I'll see what I can do about being prompt with it to keep the suspense at bay lol

I've gotta run but good luck with everything, i hope it turns out to be something minor!

@analog plover it's stupidly simple, but have you tried the following in command prompt

ipconfig /release

ipconfig /flushdns

ipconfig /renew

it'll instruct the DHCP server for your network to release your IP back into the pool, clear out any cached DNS resolutions on host, and then ask for an IP again.

I have tried those! They did not work

yeah I thnk the issue is that my host isn't at the edge. I wanted to put an opnsense firewall infront of the udm but honestly that is just a nightmare for me. I'm not that skilled with this

l2tp is working with the ddns so I assume its just controller deciding it doesn't want to forward traffic

Please could someone let me know the cheapest Cisco ASA/ASAv devices? I am finding it difficult to navigate Cisco's website and cannot find a reseller who would sell any cisco firewalls without support

okay the plot thickens... running tcpdump on the UDM, when I check if the port is open with canyouseeme the port is closed however there is response in tcpdump (which I can't read) HOWEVER when I attempt to connect in with wireguard on the same port tcpdump reports nothing. this is checking with both tcp and udp...

okay. despite forwarding the port to the host, the port is hitting the WAN and isn't getting moved through the LAN...

@vestal surge l2tp traffic being blocked?

Are you sure you have the correct ipsec policies in your firewall?

l2tp traffic open

trying to get wireguard running on a server behind the firewall

I have a UDM and for some reason wireguard traffic on port 51820 isn't even hitting wan

even though the port is forwarded, when it comes from canyouseeme its not going from WAN to LAN

Hey guys someone familiar with sqlite3 migrate to mariadb?

@rocky badge what did rouing change his name to

House

@plain siren

Someones high

Must keep your global outage quotas high

What servers can I put into one machine using VMs
User authentication, Active domain, highly secure storage, the ability to control applications, dhcp, and DNS

When my IP was down yesterday, only Discord went down for me, but for my friend with the same Internet provider, his internet stopped completely. Any ideas why his internet would go down more than mine or why only discord stopped working for me?

no idea. the possibilities in networking are massive

Exactly, could be a local routing stuff, could be some misconfig or bug

Can be oles

inb4 Level3 went down again

like they always do

the amount of times that transatlantic traffic got knocked out last couple years, like a period where it would happen like once a month

and it took like half an hour each time before it was back

so one guy in the other group told too, like discord was acting wierd

i had no issues. mine is just working smooth

all sites working

how does it work? If i dont have public ip i cant portforward?

yes

your isp cgnats

you may have ipv6 tho

where you have MANY public ips

eh... so if i dont have public ip i cant portfoward?
yes or no

No, you cannot port forward

if i dont have public ip?

no

okay F..

what you could do is use a tunnel like ngrok or a software defined networking solution like zerotier

if i will use ngrok.. For the same price i can buy vps

xd

if your fine with running IPv6 only you could use https://www.tunnelbroker.net/

it be free

and I mean you have some sort of public IP somewhere right?

I mean your on the internet afterall

Name cheap also offers a dynamic Dns service

you can't use that if you don't have a public ip

cgnat exists

you don't have control over that

Ig yea

tunnelbroker doesn't work with cgnat

Im aware

yeah.., he's under cgnat

how would that help

never really explicately stated what he was under

not having a public ip basically means under nat

Your assuming he knows what hes talking about

bad idea

Still don't get how tunnebroker would help, but whatever

Again, assuming he knows what hes talking about.

For all you know he could mean static

True

why github is so annoying ...

in what way

in this way

remote: Invalid username or password.

No metter what I do I get this

it's not github

it's you

even if I use my account

they prob moved to ssh keys

its github with 2 of my repos

I have ssh key there

https auth was deperacated for a while

doesn't help

is your remote

a ssh remote

yeah remote by ssh

its like this only with my last 2 repos

the remote looks like this on the git git@github.com:PresentMonkey/bot.git?

yeah

what's the output of git remote show origin

I opened new repo

now its ok

tbh most of the time it's user error

well now different issue

done

I did a short guide of how to convert sqlite3 to mariadb

ok is yt down or what i cant even load a 144p video i swear

im loading for like 5 minutes and the video is stable for 3 seconds

Down detector reports say yes. Many of my streams are cutting out so its not down but something is up

It’s probably because I got mad at YouTube for continually defaulting to 480P and I started playing everything in 4K in a window smaller than 1080p

yea somethinghappened

since when did coudflare sauce get into youtube

hi guys i have a problem its i have a ethernet plugged in but it says no internet connection and when i go to network status my settings craches i have no idea wtf is happening

#tech-support but download your Ethernet drivers from the manufacturer’s website

FYI - new MikroTik beta version: !) wireless - fixed all affecting 'FragAttacks' vulnerabilities (CVE-2020-24587, CVE-2020-24588, CVE-2020-26144, CVE-2020-26146, CVE-2020-26147);

I'm really not sure how they fixed all five so quickly

especially since they aren't an issue with MikroTik specifically but are instead an issue with the wifi spec itself

@tender hazel they should give Marty Verhoef a medal

dutch security researcher pumping out one paper after the other

first he reports on KRACK, then he reports on Dragonbleed

and now FragAttacks

holy crap

new v7 beta too

What's new in 7.1beta6 (2021-May-18 14:49):

!) added support for Let's Encrypt certificate generation;
!) added L3 HW support for all CRS3xx devices;
!) added MLAG support for CRS3xx devices (CLI only);
!) ported features and fixes introduced in v6.49;
*) other minor fixes and improvements;

built in lets encrypt certificate generation

and MLAG

wait what

awesome

@tender hazel MLAG, is that for big switching clusters?

MLAG is for doing LAG across two switches

So its an extensions to the 802.11ad protocol?

uhh

802.3ad

derp

so you can have one device, and instead of two connections to one switch with load balancing, you can do two connections to two switches with load balancing

Ohhh

so its failover and aggregation

yes

noice

before you had to choose between failover and aggregation, but it is both at the same time

another Single point of failure you can get rid of

yup

switches themselves are more like the switchboard of a network

@tender hazel https://culturexchange1.files.wordpress.com/2015/06/sans-titre.png?w=1140&h=934

I've just backed up my router at home

going to try the upgrade

Never thought I'd hear that sentence

umm?

If you did backup so you can go try upgrade if not do backup don't try like I did with my old fortigate 🤣

Important thing to do to a router

Hey erina

0_o

@lean pebble another sleepness night I read

more r0ckets

Only in the southern part

Shouldve gone with a proper rack, but gotta try things when on budget i guess

Yeah racks are pricy

I got myself a used 2 post one

So no big severs will really fit in that

Just desktops on shelf's

The thing is im not sure if its worth getting a rack since it was just for a networking equipment, no server whatsoever yet

I would get that too if i have a place to put it

Ah that looks pretty fine

I need to get a patch panel

Rn it's all just going into the switch

Mistake being mounting it with a plywood, it just rip the wood off

Its worth it, also dont cheap out on those, i did with mine and..... the connection turn to 100mbit whenever i poke the cable thats plugged into the patch panel

Regrets

You have a keystone or punchdown one?

Punch down

Ah

Wait i think its keystone

The modular sockets are removable

Yeah that's keystone

gigabit going to 100M sounds like a termination fail

it always is

This is punchdown

LSA punchdown yes

Yeah and then there are different punchdown standards

https://en.wikipedia.org/wiki/Krone_LSA-PLUS

Most common one ^

66-blocks are a bit different

I verified it, not the termination

Mines keystone, and the keystones comes individually wrapped in plastic..... waste....

then it must be a cable fault somewhere else

gigabit needs 4 pairs, fast ethernet only 2

No, its something with the keystone, because all of it do that

It works on full 1000 until i poke the cable plugged into the patch panel

Its a coupler @limber elk ?

Coupler ?

Looks like this

So you need to crimp the cable

No

Ah, punchdown keystone

Hm

You used tools to punch it down?

Punchdown keystones are far better and easier than female-female (or male-male, depends on how You look at it) coupler

^

I thought it was something with the termination but no, its the socket

Punching down > crimping

And yes i use a proper punch down tool

Yeah prob bad keystone then

Flathead and hammer can also do the job

Not my proudest moment

Never tried it, i mean crimping tool only cost like $40 at least the one i have, there are cheaper one out there

I meant for punchdown, had to punch 2 wires in and forgot tool in car

Did the job

Either bad... or simply fake, i dont think AMP made something this bad

Oh, well.... i use flathead screwdriver at some point, also used utility knife, not the sharp side, the end of the blade that isnt sharpened

Sky is the limit

I mean sometimes you got to do something different when on a budget or when you dont have the right tool on hand, improvise

Its not nice to do that when you have to punch down 30 keystone at once tho

Ill drink to that

Lmao, my hand hurts from straightening the wires for punching down 24 keystone

I never straighten the wires

Guess thats a personal preference lol, i always do

anything can be a hammer

just use your imagination

Exactly

Lol true

That Mac Pro that sits in corner unused - hammer

RTX 3090 - Hammer

That guy right there - hammer

https://tenor.com/view/taps-if-you-say-so-gif-9803186

That hammer there - hammer.

If Youre really ballsy - bottle of whiskey - hammer

broken iphones

anything apple, really

Intel 11th gen CPU?

IHS can be a good surface to hammer

its made of aluminum

it would deform

it'd be a rounded hammer then

Still works tho 💁‍♂️

https://www.getdigital.eu/web/getdigital/gfx/products/__generated__resized/1100x1100/Admin_Peitsche_03.jpg

JB weld it to a T shape from wood - hammer

This is a special tool ^

its for fixing layer 8 problems

Those things hurt

I have legit slained a coworker of mine (with him agreeing) because he messed up

what's that, just loopback?

https://www.getdigital.eu/lart-network-whip-cat5-o-nine-tails.html

@peak cloak yeah

(L)UART

Problem reports like that make IT guys and tech-savvy, helpful geeks like us just criiiinge, don't they? How nice would it be if we could "teach" these pen pushers some things? But no... instead, we have to explain how the monitor has to be switched on too!

The any key of my keyboard is missing.

Argh! It's a pity physical punishment is forbidden by law these days. But a small threat doesn't get you into trouble. Just let the whip glide through your fingers or hang it behind your desk. The effect is guaranteed! This way, even the dumbest 'lusers' (loser + user... get it?!) will fear you. Maybe this way they'll learn to do a re-start before they whine "My computer doesn't wooooorrrk!"

Daily annoyance

Daily annoyance by users - use a hammer

or this whip

If that doesnt help - use a bigger hammer

more whip

Which ever is closer to hand

I'll be the BOFH

unplugs the switch every morning to make coffee

oh the joy

I have to rewrite a 120 line batch file into bash

windows users smh.

they are using node

why the fuck isnt this build step written in js, and called by npm

That would be too easy

instead

its a bunch of batch files

that copy files around and call grunt

and grunt calls npm

logic.

great, I've always wished to learn batch scripting

they are doing utter magic here, and I am now reading both batch and bash documentation to figure this out

Have a drink handy?

@gritty valley no alc here

I dont drink regardless

Prefered relaxing method is to beat users with lart?

for foo in "${TARGETS[@]}"; do

muh, bash does it better than batch

for %%foo in (item1 item2 item3) do ( ) <--- batch

can't give array items

have to list them

Ooooof

@tame carbon New ROSv7 update. L3 HW support for all CRS300s now and MLAG

!) added L3 HW support for all CRS3xx devices;
!) added MLAG support for CRS3xx devices (CLI only);
!) ported features and fixes introduced in v6.49;
*) other minor fixes and improvements;```

@hollow marlin Yeah I saw, @tender hazel shared the news earlier

but this is awesome

it means the CRS305 is now

Ah yeah, I see that now

the best 10G switch on the market

@hollow marlin I'm getting my first paycheck end of this month, I'll have more money in one go, than I've had in a long time (student lyfe)

Probably going to buy some new toys to tinker with

I can't really practice on my own production rig

@hollow marlin I am curious about the KNOT that mikrotik sells

I kinda want to have one, and see what it is capable of

Having used bash and CMD for scripting, I can assure you bash is superior in every way.

scripting in CMD for Windows

Use PowerShell for that

even worse

PowerShell is fine with the cmdlets

its not fine for a project that has to be built and executed on linux.

For stuff like Azure AD, AD, and such

Get out .

For linux lol no

Azure

but for Windows stuff

Azure is fine

Azure is microsoft

and?

I dont need no hosted cloud from them

You're not everyone ¯_(ツ)_/¯

Apps that are built for azure, can only run on azure

thats why its cancerous.

Its vendor-lockin at a high level

I stay away from microsoft-related technologies as much as I can

I remember seeing that when it was announced, first impressions reminded me of just a LTAP with GPIO slapped onto it. I know Mist on their higher APs 3x/4x have many of the same features outside GPIO and are used for IOT and tracking devices/equipment physically. Really have not seen anything in production related to it so not entirely sure

@hollow marlin BLE as well

And? If you build stuff using AWS only stuff, you're going to be locked into AWS as well

Same for Google Cloud

The only way you're not really going to be locked into a cloud is if you just use their VM services, which is not really utilizing the cloud to the fullest

@rocky badge the place i am working for has bigger issues :P

k?

Many companies are happily using AWS, Google Cloud, Azure

... ok

If you're not using G Suite or AD on prem only, you're probably also using AAD

Its not relevant to the discussion we had before

but w/e

cool

I have a bunch of batch files that need to be rewritten :P

so I can get on with building a CI pipeline

you were the one who started the Azure hate, I was just saying PowerShell is better for Windows scripting compared to CMD ¯_(ツ)_/¯

@rocky badge it gets better

cool

their current solution, builds an angular app, then packages this in an empty tomcat servlet

so they can serve.. static html.. with a servlet??

I got headaches looking at this project

I got rid of all the tomcat related things, and went back to static files, from a webserver :P

Are you allergic to logic or something

Allergic to overcomplicated workflows, that slow down the team unnessarily

a test release shouldn't take 1 hour to do

especially if you have to do them 2-3x/week

An way you can re-write the batch files to Powershell or anything else? Batch has the problem of randomly breaking depending on what Windows updates you have installed or OS version

@distant wedge a servlet instance consumes a bunch of memory compared to nginx hosting files off disk

and for an angular app, packaging it into a java servlet is unnessesary

Changing syntax and replacing exes with cmdlets

I have a Supermicro server with a HP P420i RAID card (configured to RAID 0). I am wanting to boot to an OS which is installed onto the logical volume however it doesnt show in the boot options or BIOS. Does anyone have any ideas on how to boot to the logical volume?

I would move away from the Raid Card's Configured RAID and Move to a diff RAID like Storage Spaces, md raid, ZFS Raid (These 2 linux), etc

But to answer, It most likely needs drivers

Or, its the CSM/UEFI/Legacy shenanigans

I believe (may be wrong) that i need to use the RAID card as I am using 3x SAS drives unless there is a way to just disable the RAID

by this, i mean passthrough the drives as if they were like sata

Does it let you just... not configure RAID and pass through drives

If you just dont config it

I'm not sure. tbh, I am doing all the configuration through ESXI loaded with the configuration utility, so it takes a while to do anything

Is there a JBOD option

In the BIOS? no

Are you suggesting to just delete the logical volume? or is there more to it than just that?

esxcli hpssacli cmd -q “controller slot=0 modify hbamode=on forced try this

I thought hba mode would make it worse

ill give it a go. have no data to lose

oh... I have been thinking i have the P420i but I actually have the H240. It didnt like that hbamode command so am double checking it actually supports it

it definitely supports it. just dont know why the command doesnt work - "Error: hbamode is not supported on this controller"

Ok, HBA mode is enabled. Needed to specify raidmode=off rather than hbamode=on

just rebooting to see if it works now

it's in HBA mode but still nothing in BIOS or boot menu

hmm

So it turns out ESXi Doesnt Support HBA Mode

On that controller

but it doesnt show in bios either

Which is like... trash

surely the drives would be bootable from the bios?

or have i got this all wrong?

because my aim is to get something like xcp-ng or ubuntu to boot

I am just using esxi to configure the controller as I have it installed on a usb

Looks like your controller has all sorts of funky things that cause issues:
For one: Looks like you cant boot directly to the controller, you would have to load up a "Proxy" OS like Linux that would redirect to that Controller

is that configuration or the controller?

Looks like controller Limitations

Whats your Motherboard?

sorry, where would i find this? I don't have easy physical access to the machine

shell access of esxi itsself is enough i believe

if you have admin privallages too

possibly MGA G200eW WPCM450 if thats a motherboard

doesnt look like it

any idea of the command?

seems like a onboard VGA controller

https://www.thomas-krenn.com/en/wiki/Read_out_mainboard_name

It says it's on the GUI itself

Supermicro X9DR3-F

thanks

@plain siren RIP Freenode

https://www.kline.sh/

Mr Lee has sought to assert total legal control over the network, including user data. Despite our best efforts, the legal advice the freenode staff has obtained is that the contract signed by the previous head of staff cannot be fought with a reasonable likelyhood of success.

One american loser, wrecking one of the oldest safe havens for FOSS

all of the staff has resigned

and they started a new network

can u explain what happened

@low pond click that link, and you will find out

wowww

so they sold it with our data? XD

@low pond to none other than Andrew Lee

fyi: that's the guy that owns PIA (the VPN)

Oh no :/

Its not gonna go away nor is it prob going to be fully sunsetted.

I also presume the data is in some sort of Static Encryption state that would prevent an analysis by some BigData/Marketing Engine, the data is prob only good for being used as an IRC Node

Sigh, So I have come to the conclusion of the following:
Any drives on that controller is basically only good for DAATA

Using it as a Boot drive is basically... err

do you recommend any other controllers? if thats the case, i might just switch it out

YES!

wouldnt they give the keys along also lel

They prob didnt give them in a manner it could be used with other toolkits, prob some lazy transfer with just the keys in a db

I mean the new owner is a VPN owner, he may be a bit smort (or his team) to use it in whatever way they'd like for analysis or so

Tbh anyone couldve scraped the entire freenode net to do that so yeah, but I think its prob the framework and edge networks PIA Wanted to use for Commercial and Public(PR) divulge

Freenode was... aging on its current host assets

Interesting, for reals I actually don't know freenode very well really

@plain siren most of the staff jumped ship

and they founded irc.libera.chat

this time as a registered non-profit

and not a private holding

I mean with Andrew and money now involved - things gonna go bad

THIS Is what really mattered

So, honestly you should stick with LSI

Sorry, that means nothing to me. Please could you explain what that means 🙂

HP P220i is way better than that one you have and works with HBA + Better performance

LSI Megaraid 9261-8i or -4i

9361

https://www.amazon.com/dp/B08DFG7CK7/ < even this damn thing

Don't suppose you could find a link to the LSI Megaraid 9261-4i. The 8i is rather expensive for my use case and cant find the 4i (maybe different model number?).

nvm

i didnt read the message after

but thats more expensive 😢

https://www.bargainhardware.co.uk/lsi-megaraid-sas9271-4i-zm-pcie-x8-fh-sas-raid-controller
Would this work better? It's much cheaper as its used

DAMN that mini PCIe lane path looks so satisfying

Yeah it would work, I would check ESXi's Compat list tho

help

please this is awful

what are you pinging to?

Hello

What is that

Remind me my old gre tunnel

@low pond rust

Oh :/

Oles and rust? 🤔 Interesting

Oles and dust @low pond

😠

Hey lzdandger

Hey

Olas

éRíŃà

ok my internet is really bad and my brother says its my pc because his internet if fine is that a possibility?

Hi, yes

Will someone please tell me

Why the deco software is so fucking buggy

none of the decos are experiencing problems why does it say that

Also when I try to toggle on high priority and close the app it just causally toggels it bacchon off like wtf

deco

Huh?

mesh wifi

kinda sucks

all the walls in my house are foot thick concrete i dont really have any other option

You do

and the wifi works pre gud its the app thats buggy

Mesh uses wifi to communicate between them

Power line or running Ethernet with multiple aps

so what do you propose i use

Best option imo

But if mesh works for, that's fine

really you want me to run a 30 mtr line to the roof office?

I did

Not in concrete tho

because believe it or not i did that

but the cable is not working for some reason

Recrimp it?

it goes in the concrete so we cant even remove it

Check the pair continuity?

no i know whats wrong

just that fixing it will take 10 weeks and also id have to break the east side of the house

10 weeks !!

the cable got cut in the middle sumwhere

Rip

Run another one?

so you know... mesh

i have 5 devices, and i need internet to all of them at the same time

and a tv

so i just placed decos and pulled a line from the deco in my room to my pc

works fine i guess

could have worked better imo

I have ethernet run everywhere

As needed

Tv, both parent's offices

Pc, brothers pc

To an ap in the middle of the house

wuts ur bandwith speed

300/300

From the isp

Have a hex s router

And some dlink poe managed switch

And a eap225 for wifi

i have 200/200 no poe

Well internet isn't poe

routers ate

I have poe to power my upstairs switch and ap

aah. i just use wall power lmao

Because there are only 2 lines going upstairs

So I have a poe powered switch in the wall

noic

so like what do i do

do i just buy another deco?

No clue

hmmm mayb ill just move them around

OSPFv3 is even more broken in routeros 7.1beta6 than it was in 7.1beta5

🤣 Does CartonWaffle live in a reinforced bunker?

😦 IPv6 gets all the love

Hard to troubleshoot with IPv6 using the pathping command for instance, since it only does three or four hops at most, versus IPv4 that does up to 10 hops. Its one major reason why I don't understand its appeal.

Not quite my final form yet, but I finally have it physically set up!

doubt thats the case

🤔 Doubt whats the case?

"since it only does three or four hops at most"

🤷‍♂️ That's what it showed last I did it. I'll do it again just to be sure. The hops were way less.

yeah... that's just less hops

nothing negative lol

I do not understand your logic

just did a v6 traceroute and it's more than 5 hops

that has nothing to do for pro/con v6

Well, I just did it for google, seven hops, versus ten. So if an issue arises, and you see packet loss, which one do you use?

?

just like v4

just because its less, how does affect anything

if anything

that's a benifit

many IPv6 destinations are fewer hops away than the equivalent IPv4 destination

🤔 Right but...if for instance IPv6 says packet loss at hop 5, but IPv4 says hop 8..where do you start?

Twelve hops for google using v4. 🙃

they can be routed completely differently, so you could have packet loss on v6 and none on v4 or vice versa.

your v6 could go to a different datacenter entirely

So, at that point it'd be a matter of finding out if the modem/router is using IPv6?

?

wut

Or does it matter?

I've got a question about SSL certificates. Anyone well versed in them?

yeah I know a little, just ask

if you're troubleshooting packet loss for a specific application, find out whether that application is using v4 or v6 at the time and troubleshoot that

normally things are dual stack, and happy eyeballs can sometimes somewhat randomly decide to use ipv4 or ipv6 for a destination based on what seems faster to it at the moment

That could be any application right? 🤔

yes

I see

Ok, so for an IIS server (Windows) I had to generate a CSR to get a cert created. No prob. Got it installed and working. Now it's about to expire...

So I downloaded the newer cert, but it thinks the server itself is the CA when I import it. The only way around this was to re-key the cert by generating another CSR.

Is that normal? Is a CSR have to be be generated for each cert?

but also if you see loss to an intermediate destination and it disappears afterwards, it isn't real loss

for instance if you see 25% loss or whatever to a certain hop, and that loss goes away in a future hop, it isn't real and should be ignored

🤔 Hmm, I always tell people that if they see no packet loss pinging their modem, but they see it beyond their gateway using pathping, that the issue is not on their end.

If it is an issue at all I guess

well it is

we are kinda rn talking on a internet scale

at home it will take the same path

🤔 Right

what happens is many providers rate limit pings going to their devices, so if you ping them at a certain rate you will get a percentage loss.. this isn't real loss b/c you won't have packet loss for packets that are passing through the device, it is only pings to the device itself that will show that loss

if the loss appears in like hops 5-7 and goes away in hop 8, it means that the routers at hops 5-7 have ICMP rate limiting in place

I've had it happen quite a few times where we've had customers complaining about a non existent issue because they don't know how to interpret traceroute/MTR results

and they complain that some intermediate hop doesn't respond or shows loss

W00t! Fixed an IPMI reporting issue on a Dell PowerEdge by resetting th iDRAC back to factory defaults 🙂

Hate those things

IDRACs

Unless Enterprise, then they're cool

no, but nothing short of a bazooka can get through lmao atleast concrete walls dont fuken break when u punch them like drywall

🙂 Right....well, I'd rather the outside be concrete, with the inside being dry wall if possible. Wifi is already very unreliable as is. Pretty shit technology really. Don't want to add insult to injury.

@tender hazel 🤔 Interesting...so its only if the packet loss is consistent beyond hops 5-7 that it becomes a problem?

if the packet loss is consistent beyond those hops in my example, it indicates that it is likely real packet loss, and not false packet loss created by ICMP rate limiting on those routers

you have to be able to differentiate between real packet loss and false packet loss indicators resulting from ICMP rate limiting

@tender hazel true packet loss is quite easy to see, any loss gained is consistent to any further hops

if its after the $isp router, then the only you can do is give an angry ringer to said $isp

I became an expert in packet loss when I was dealing with broken DSL lines

https://www.reddit.com/r/DataHoarder/comments/nc27fv/rescue_mission_for_scihub_and_open_science_we_are/

lmao bruh this is india no one uses drywall here

every house is brick and mortar

i know wifi is unteliable much sad

maybe lifi will pick up in the next few years

I don't think lifi or whatever would come out

Having a new standard implemted thruout the indistry is hard.

once you implemt a standard, and everyone follows it, bringing "better" versions of that is easier however,

But having a complete new standard, i doubt how well its gonna be implemted

plus, wifi6 exists if you want such good connectivity.

Still wifi6 won't help with wall penetration at all

afaik wifi6 has less wall penetration

nvidia did it

with their stupid 12 pin connector

Dont many 3rd party cards still use 8+8 anyways?

yea but founders is 12 pin

I mean that's kinda ez

And hopefully Founders only...

Its just a connector

dude but somehow innovation has to happen

Lifi is light based right?

we cant just be stuck on the same model of sharing

yea

Improvements can take place easier

Yeah I doubt seeing that being made commerically

"fiber over air" 🤣 nice "innovation"

Ikr

maybe 10 years from now gigabit internet will be only $20

That depends from regions to regions

Some places have that low rates now

rn here in bangalore its $50

laughs in 500/500 for 16Euros/month

Srsly??? How's the housing market lol

Well yeah, in parts of europe it is even as low as 20, my friend can get 10gbit for like 50 euros i believe or lesser

500/500 here is 12

dollars us

Not bad

at my current place 500/250 costs €60/mo

10 gig internet is overkill for home .
You can honestly argue gigabit is overkill

agreed

lmaoooo what bruhhh thats so much

Most people only use that bandwidth like 1% of the time

Pretty much and we have no idea how messed up each hop is going to be when touching transits. You probably cant even use that 10gbit as much

nothing is overkill when ur downloading warzone

gigabit is totally overkill unless you travel the high seas or download doom eternal every 30 minutes

rn i have 200/200 for 10 bucks

What, how does tranfering data over the ocean have to do anything with gigabit

I have 100/100 for ~€18/mo right now and that's low relatively to the rest of the market here

You have to realize, at that point the isps peering connection and the download server will be your bottleneck

^

Its not that simple

the isps pre great and im assuming activision keeps high speed storig

No

Peering

Is expensive

They will overallocate

You won't get gigabit to everywhere

Because that's how the internet works

aah

imo most bottlenecks are ISPs own backbones to exchange

Idk, I don't work for an isp

Same, just my uneducated guess

That's not where it ends, it can go even further

IP transits in its own dont support full connectiity between them

Someone knows a good company that provides storage servers that are not to expensive? In Europe.

Hetzner 60 euros 64TB

They don't have it right now

Yeah, was about to say that backhauls between exchanges even can bottleneck it all

And it usually does the more far away you go, because you touch more cables and you have no guarntee that "high" speed would be avaible

even if your ISP does 100Gbps to cogent, and then you are sure your ISP isnt doing weird throttling to ur side or say you are at your ISP's core, till the time you touch your end desitnation it wont remain 100Gbps all time

ISP's do buy all transit in bulk, but its not to deliver traffic "one location" anywya, its usually to multiple places (as multiple people are there) and thats how the 100gbps is saturatd

so technically 10Gbps is good at a home if you have a lot of family members living and they all use it, even then 1Gbps realstically is enough but instead of a house you can imagine a mall or school etc

where they are not looking for 10Gbps from one serverm rather multiple people connecting to multiple different servers around

Well yeah a 10 gig connection is good for a place with a lot of people

Something like a school for example

mmyes

and this is also a stupidly bare truth to the "fastest" internet in the world and people be like: i want it its so cool

(the whole ip transit explaination)

Yeah

Its complicated

pretty much, but interesting d:

You also forgot to account to packetloss and throttling due to routers/switches in middle 😄

Throttling yes, thats the part where the fiber connections in between two routers in ip transit can go small

packet lost, eh, that doesnt really happen with a reliable enough connection

Speed is the hard thing, but packet delivery isn't really as hard actually

Still happens

probably after all the ISP stuff, as ISP's can be really different, but at least general IP transits we see today they aren't as unrealible

Sure, yes, Im just talking about the picture as a whole not just point-to-point between client and ISP

I doubt packetloss really happens much

even then in a normal day I don't think we should be seeing packet loss or so, it's not suppost to happen no matter if you pay for a Mbit connection or the best premium stuff

If you see loss using something like ping or tr, it most likely just icmp rate limiting

Well yeah, Im not saying it happens often and whatnot, Im just saying that nothing is 100% reliable 🤷‍♂️

Exactly, usually in tracerouters you see routers in between in loss but as long as the end IP your reaching has no loss then it's not being lost

they are suppost to be 99.9% reliable tho 🙂

But that 0.1% where things go wrong - packets go missing (due to failover and so on)

Anyhow - thats just beeing picky af on my part 😄

Yeah, but still don't make a big dent

That's cogent promise

Sure nothing is 100% reliable, but it shouldnt mean that u see packet lose every damn day xD

if you do then,, yeah.

Im not saying every day - Im saying its a possibility 😄

Yeah it is yeah

true

Sounds good 100% network availability

Can I have it to ?

🤣

Mine is 55% availability until I start download files

Ready to pay good sum for it?

Exactly. That's after your crappy ISP;'s, that's a IP transit

Ready to put fiber from your country to my house in different country?

eh

no

xD

😆

go kiss your Dial up line

Only 250k miles I think

Hahaha go kiss the dust rust

just get a business connection

Nah not worth it

You think me routing fiber to you is "worth" it

😆

It's *99 the price I'm paying now

Well you're closer than North America

Google already doing it

why

Does he mean undersea cables

Because it's 6k ils for 50/50

well

Whatever it is, its expensive than "putting fiber from my country to your house in a different countror

1837.8411
USD

A month

for

50/50

wtf, what?

Or even less

20/20

Business plan

so how much do you get for what price

^internet dedicated price

😆

Not here man

where is that

I'm paying 120 ils that 37$ a month

that's prob just the price per month, not even installation or anything but verizon

For 40/4

https://www.verizon.com/business/products/internet-tv-services/internet/internet-dedicated/

I'm not in the US

yeah, I see it's after ISP's but technically we are talking dedicated. 800 is enough for 10Gbps at ip transits itself

yeah

4MBps download on 0.5 upload

oohh bruh u can get a decent gayming pc lol

every month

welcome to enterprise pricing

Forgot to add ™️

loll verizon be pulling out those fat stacks

not really

i have act fibrenet here

Any ISP. Jio at your country too

Lol here they even not publishing the internet price for dedicated / business plans

jio is cheap as fuck and you get a free 40 inch tv with ur connection

we are talking about enterprise internet

Check Jio, they have same rates around India, Last time i checked ACT They had cheaper rates in Chennai specifically but expensvide on other cities

ooooohhh the one that companies useeee

okokok my bad srry lol

Well that's technically the one your ISP itself uses 😛

But yeah, Datacenters directly use this

im planning to upgrade to jio 500/500 when it come s out

its like 12 dollars

Which state

Oh banglore, forgot

karnataka

lol

yea, I see