--- Log opened Tue Oct 30 00:00:41 2018
00:15 -!- Mirage [~mirage@raw.thehippo.net] has quit [Ping timeout: 252 seconds]
00:21 -!- Corydon76 [~quassel@zett.abyt.es] has quit [Ping timeout: 272 seconds]
00:22 -!- Mirage [~mirage@ra.thehippo.net] has joined #se2600
00:22 -!- mode/#se2600 [+o Mirage] by ChanServ
00:23 -!- Corydon76 [~quassel@zett.abyt.es] has joined #se2600
00:23 -!- mode/#se2600 [+o Corydon76] by ChanServ
00:27 -!- Corydon76 [~quassel@zett.abyt.es] has quit [Client Quit]
01:17 -!- robogoat [~robogoat@163.172.136.88] has quit [Ping timeout: 245 seconds]
01:19 -!- robogoat [~robogoat@163.172.136.88] has joined #se2600
01:28 -!- robogoat [~robogoat@163.172.136.88] has quit [Ping timeout: 272 seconds]
02:00 -!- robogoat [~robogoat@163.172.136.88] has joined #se2600
03:05 -!- robogoat [~robogoat@163.172.136.88] has quit [Ping timeout: 246 seconds]
03:12 -!- robogoat [~robogoat@163.172.136.88] has joined #se2600
03:21 -!- robogoat [~robogoat@163.172.136.88] has quit [Ping timeout: 252 seconds]
03:59 -!- robogoat [~robogoat@163.172.136.88] has joined #se2600
06:05 <@Dolemite> mr0ning, be0tches and h0ez!
06:05  * aestetix hugs Dolemite 
07:37 -!- Corydon76 [~quassel@zett.abyt.es] has joined #se2600
07:37 -!- mode/#se2600 [+o Corydon76] by ChanServ
08:39 -!- Synx_hm [~synx@70-231-38-7.lightspeed.nsvltn.sbcglobal.net] has joined #se2600
08:39 -!- Synx_hm [~synx@70-231-38-7.lightspeed.nsvltn.sbcglobal.net] has quit [Changing host]
08:39 -!- Synx_hm [~synx@unaffiliated/synx-hm/x-1623004] has joined #se2600
08:39 < Synx_hm> ugh OpenVZ is a pain in the dick
08:39 < Synx_hm> i really want to play with wireguard too bad openvz is stuck in the stone age kernel
09:06 <@Corydon76> Synx_hm: why not work with a KVM virtual machine?
09:07 < Synx_hm> im on a good deal with my VPS that if i changed to KVM would triple the cost at this point :(
09:08 <@Corydon76> What are the relevant specs of your VPS?
09:08 < Synx_hm> 4.5euros per month for 2TB bandwidth VPS on a 1Gbps wan link... 50GB drive space, 2GB ram
09:09 <@_NSAKEY> Synx_hm: That stone age kernel is what the VM host is running. OpenVZ shares the host's kernel and libc with the guests.
09:09 <@_NSAKEY> Probably some other bits too, but those are the ones I can remember.
09:09 < Synx_hm> _NSAKEY, ya i read the kernels are patched and kept mostly up to date but openvz stuck with the 2.6.32 release to patch
09:09 <@Corydon76> dasunt: https://my.hiformance.com/cart.php?a=confproduct&i=0
09:10 < PigBot> Shopping Cart - HiFormance (at my.hiformance.com) http://tinyurl.com/ycerh2gf
09:10 <@_NSAKEY> I once made the mistake of compiling .debs on my desktop and copying them over to some OpenVZ boxes, thinking they would install just fine. Turns out, the host for my VMs was using Debian Squeeze or something similar based on the kernel version, but my desktop and guests were running Wheezy.
09:11 <@Corydon76> Errr, Synx_hm, see link above
09:11 < Synx_hm> ha ya, at least im on ubuntu 16.04 now on this
09:11 < Synx_hm> Corydon76, just checked it out, cant tell if they are metered links or not
09:11 <@_NSAKEY> So I had a frankendebian situation, with Squeeze's kernel/libc, and the dpkg complained hilariously because it expected a newer libc.
09:13 <@Corydon76> Synx_hm: same specs, 2TB bandwidth per month
09:14 < Synx_hm> Corydon76, ya i just saw that their HF-1 package and other packages show 2TB per month just the cheaper ones didn't show a BW limit
09:14 < Synx_hm> hrm
09:14 < Synx_hm> not that it really matters but im using an overseas VPS to tunnel torrent traffic through but i dont go on public trackers so probably dont need to worry as much
09:14 <@Corydon76> LowEndBox.com is my goto for cheap deals on VPSes
09:17 < Synx_hm> Corydon76, that where you found the hiformance one?
09:17 <@Corydon76> Yes
09:17 <@Corydon76> Just stick a few specs in the search box, and start looking
09:18 <@Corydon76> If you don't find something you like, wait a week, and look again
09:18 -!- Synx_ [~synx@70-231-38-7.lightspeed.nsvltn.sbcglobal.net] has joined #se2600
09:18 < Synx_> Corydon76, that where you found the hiformance one?
09:19 < Synx_> fucking ubnt wifi ap keeps kicking me off
09:19 <@Corydon76> Yes
09:19 < Synx_> cool
09:19 < Synx_> well im unemployed at the moment and paid this VPS thru feb so when that time is up ill check out lowendbox
09:19 < Synx_> thank you
09:19 < Synx_> id very much like to get on wireguard
09:20 <@Corydon76> Synx_: might log in to the web interface and check for a firmware update.  They're usually pretty good.
09:21 <@Corydon76> I need to spend some time and get my VLANs configured on the new switch
09:21 -!- Synx_hm [~synx@unaffiliated/synx-hm/x-1623004] has quit [Ping timeout: 252 seconds]
09:22 <@Corydon76> Because the APs otherwise blanket the house
09:23 < Synx_> Corydon76, ya i nuked my controller container a few months back so ill have to re-associate the ap with a new controller and see if the firmware can be updated
09:23 < Synx_> oddly this started when i upgraded pfsense so wondering if its something related to dns in pfsense
09:24 < Synx_> but im trunking way to many vlans to the AP anyways so i need to fix that might as well associate the ap with a new controller
09:24 < Synx_> also been meaning to put in some drops so i can ceiling mount the ap and outdoor mount another one with PoE
09:24 <@Corydon76> I threw SSH keys into the controller, so I could run reassociation cron tabs on the controller
09:24 < Synx_> nice
09:25 -!- Synx_ is now known as Synx_hm
09:25 -!- Synx_hm [~synx@70-231-38-7.lightspeed.nsvltn.sbcglobal.net] has quit [Changing host]
09:25 -!- Synx_hm [~synx@unaffiliated/synx-hm/x-1623004] has joined #se2600
09:26 <@Corydon76> Here's one of my crontab commands: /usr/bin/ssh ubnt@10.1.10.221 mca-cli-op set-inform http://10.1.10.97:8081/inform >/dev/null 2>&1
09:26 <@Corydon76> 221 is one of my APs.  97 is the controller address
09:27 < aestetix> ok so
09:27 < aestetix> have any of you actually used an occulus rift?
09:27 <@Corydon76> Oh, and I altered the configuration on the controller, so that it used alternate ports, because it conflicted with existing servers
09:27 < aestetix> https://nwn.blogs.com/nwn/2018/10/vr-active-users-steam-september-2018-road-to-vr.html
09:28 < aestetix> I saw this article, and realized I have never seen one, nor know anyone who has one
09:28 -!- PigBot [~PigBot@wilpig.org] has quit [Read error: Connection reset by peer]
09:28 <@Corydon76> aestetix: I only have the Samsung one.  Honestly, it was way too much hype for what it turned out to be.
09:29 <@Corydon76> I want the VR rig like what they had in Lawnmower Man.
09:29 < Synx_hm> Corydon76, any idea if G.729 was opened or public domain'd recently, i had to purchase a license for it years ago for asterisk but i swear i read something this year that it was free now
09:29 < Synx_hm> Corydon76, lol now there is a movie i have not thought about in a long ass time
09:30 <@Corydon76> Synx_hm: It should have expired in 2014, but that assumes there were no submarine patents
09:30 < Synx_hm> oh interesting
09:30 <@Corydon76> https://en.wikipedia.org/wiki/G.729
09:31 <@Corydon76> 2017 expiration means there WERE some submarine patents
09:31 < Synx_hm> ya
09:31 < Synx_hm> PSQM testing under ideal conditions yields Mean Opinion Scores of 4.04 for G.729a
09:32 < Synx_hm> i have done extensive testing with PESQ so perhaps PSQM nets a slight different result but even at 1 single call network load i have never seen G.729a reach PESQ scores of 4.0, its almost always 3.5
09:33 <@Corydon76> Oh, and the same applies to G.723.1
09:34 < Synx_hm> never seen 723 in production use
09:34 <@Corydon76> 723.1's patent licensing was cost-prohibitive for all but the biggest players
09:34 <@Corydon76> But it did have better compression than even G.729
09:34 < Synx_hm> even 729 was rare honestly only those on limited bw links were using it to boost their call center concurrency numbers
09:35 <@Corydon76> All of them do depend upon having reliable links, though.  Lose a packet here and there, and performance suffers greatly
09:36 <@Corydon76> That's what made iLBC such a great innovation
09:36 < Synx_hm> speaking of voice compression for phone calls, i had no idea until i read it yesterday that googles speech to text api has a specific mode for phone calls that is trained i assume against compressed audio
09:36 <@Corydon76> iLBC is designed such that it can lose a packet here and there and not suffer
09:37 < Synx_hm> Corydon76, speaking of packet loss, the number of customers i worked with doing SIP over TCP was nuts, looks like cisco decided it was a good default so everybody was doing it. I gave up explaining that SIP has its own ACKing after the first few months
09:37 <@Corydon76> SIP over TCP is incredibly good for signal.  Not so great for voice, though.
09:38 <@Corydon76> You need that realtime stream for voice
09:38 < Synx_hm> i guess the only good thing about SIP over TCP is the PBX knows right away if the endpoint drops (tcp socket disconnect) instead of having to wait xseconds for a [re]register method to update state
09:39 < Synx_hm> right im just saying its a bit redundant since SIP already acks its messages so even in UDP you have mostly reliable re-transmit minus a few messages but per the spec all the request methods will retransmit
09:39 <@Corydon76> Uh, you still have a timeout in the TCP stream.  It's just embedded several layers down in the OS, not readily accessible to the application.
09:39 < Synx_hm> sure but its likely lower than a 120sec [re]register interval
09:39 < Synx_hm> especially if the phone gracefully reboots then the fin should be instant
09:40 <@Corydon76> There's arguments on both sides.  For UDP, you can deal with a connection that gets laggy
09:40 <@Corydon76> TCP, however, will drop the connection
09:41 <@Corydon76> But it's still better to ensure that you have a reliable connection than to deal with all of these shenanigans
09:41 <@Corydon76> Packet reordering is a PITA
09:41 <@Corydon76> I'd much rather let the OS deal with packet reordering than try to do that in the application
09:42 < Synx_hm> fair
09:42 < Synx_hm> ok ive got to go mix up some mortar and lay the last bit of stone down on this retaining wall im building
09:43 < Synx_hm> well last bit of rebuilding the part of the wall that failed haven't even started on the new wall ugh, doing mortar one 5gal bucket at a time blows almost as much as hunting down rock in the yard
09:43 <@Corydon76> Synx_hm: I hope you remembered to put a drain at the bottom of the wall, so it only retains soil, not water.
09:44 < Synx_hm> 4 in gravel base, backfilling in front of wall with gravel and landscape fabric and also a tile drain all the way across :)
09:44 <@Corydon76> Excellent.  Good to hear.
09:44 < Synx_hm> but thanks for looking out
09:45 <@Corydon76> I've been thinking about doing the same at the bottom of my front lawn, because cutting the grass where it gets steep is a PITA
09:47 <@Corydon76> If I could afford it, I'd stick a grate across the drainage ditch, so visitors could park in front of the house without blocking traffic.
09:47 <@Corydon76> But I'd probably need permission from the city to do that.
09:47 < Synx_hm> i like to live by `better to ask forgiveness than to ask permission`
09:56 <@Corydon76> That works in some circumstances, but government tends to be relentless.
10:33 -!- Synx_hm [~synx@unaffiliated/synx-hm/x-1623004] has quit [Ping timeout: 240 seconds]
10:34 -!- strages [uid11297@gateway/web/irccloud.com/x-zmzfabrxpvwybcoa] has joined #se2600
11:03 -!- Synx_hm [~Synx_hm@unaffiliated/synx-hm/x-1623004] has joined #se2600
11:47 < Synx_hm> i think im going about this all wrong
11:49 < Synx_hm> i have a VPS and i want to establish a point to point tunnel between the VPS and my home gateway/firewall (freebsd) such that i can jump on a vlan at home get an IP assigned by my local router but route packets out the vpn link and from the VPS to the wan, also need the VPS to be able to route packets back after masquerade/mangle to the subnet my local router dishes out
11:50 < Synx_hm> i had be doing openvpn on the VPS as server, then using openvpn client on my local router and setting up routing on the VPS such that portforward back could route to my local subnet
11:50 < Synx_hm> but perhaps i should have the VPS be the client not the server?
11:51 <@Corydon76> No, the VPS should be the server
11:51 < Synx_hm> basically like a dual WAN setup where some traffic routes out the VPS link (via my local wan encrypted) some out my local wan unencrypted
11:51 < Synx_hm> ok thats what ive got going cool
11:51 <@Corydon76> You just need to set up the NAT correctly
11:51 < Synx_hm> ya, i just need to get fucking striesand to install correctly then i can deal with nat ;)
11:51 < Synx_hm> i can do it with openvpn-as but im tired of using that
11:52 < aestetix> dooododiedodooododoooodoooo.... barbara streisand
11:53 <@Corydon76> You just need the rule on the server: iptables -A POSTROUTING -o tun0 -j MASQUERADE
11:53 <@Corydon76> Assuming that your traffic is being encrypted via tun0
11:54 < Synx_hm> what do i do for the routing instead of NAT back to my local subnet, the vpn client and my local subnet are different networks
11:54 <@Corydon76> That may be wrong.  That's what I'm using on my local end of the openvpn to encrypt local traffic
11:54 < Synx_hm> iirc there is a openvpn config option to setup routing in openvpn-as not sure if it just adds the vpn client as a gateway to x subnet
11:54 < Synx_hm> oh i see
11:55 < Synx_hm> you are nat'ing at the local gateway
11:55 <@Corydon76> Ask Dagmar. Dagmar knows all when it comes to firewall rules.
11:55 < Synx_hm> in my prior setup i was just using routing to get all the way to the vpn server then nat there
11:55 <@Corydon76> I still have to look it up whenever I'm formulating, then I promptly forget, because I don't tweak the firewall for years.
11:57 <@Corydon76> You do need a NAT on the remote end, because your local packet IPs, even if they're distinctive, need to present as if they are the server's external IP.
11:58 <@Corydon76> You probably could get away with a single NAT, as long as the remote end is aware of the remote network IPs
11:58 <@Corydon76> Err, remote end is aware of your LAN IPs
11:58 < Synx_hm> right, but i was not NAT'ing at the near end. VPN client subnet 5.5.0.0/24 my local subnet 10.0.0.0/24 and the packet would exit my laptop hit my gateway at 10.0.0.1 and instead of being NATd be routed via the VPN gateway ip of 5.5.0.1
11:58 < Synx_hm> then NAT there
11:59 < Synx_hm> yup
11:59 < Synx_hm> thats what i was doing
11:59 < Synx_hm> then the remote end would have a route setup back to my local gateway vpn client at 5.5.0.2 for example
11:59 <@Corydon76> But you still have to ensure that the remote VPS is aware of your LAN addresses, so it can force the packets back through the tunnel when they traverse the NAT inwards
11:59 < Synx_hm> so all NAT was done once at the vpn server
11:59 < Synx_hm> yup
12:00 < Synx_hm> also it caused some funkyness with NAT port forward rules such that i had to enforce DNAT in iptables
12:00 < Synx_hm> otherwise packets arriving back at my local box that did not have a prior state (so port forwarded packets) would show the 5.5.0.1 IP instead of the correct source IP
12:02 <@Corydon76> That should all work, as long as your VPN is being set up on the LAN gateway
12:02 < Synx_hm> correct
12:03 <@Corydon76> I have mine set up on a different machine, so I have to alter DHCP to hand out that alternate gateway to the machines I want to route through the VPN
12:04 < Synx_hm> oh i hadn't thought about doing it that way
12:04 < Synx_hm> do you give your local clients dhcp addresses that are inside the VPN client addr pool?
12:04 <@Corydon76> Well, I have machines here that I don't want to "see" the network on the remote end of the VPN
12:05 <@Corydon76> Kind of like that, except that I generally only override the gateway option
12:06 <@Corydon76> I don't put them on a separate subnet
12:06 < Synx_hm> got ya
12:07 <@Corydon76> Once I get the VLANs set up, all of this is going to be much simpler from the user perspective
12:07 <@Corydon76> Everybody will be able to print to the common printers; everybody will be able to see each other, but only those on the secure VLAN will be able to go out the VPN.
12:07 < Synx_hm> :) thats how i do it, one vlan is segragated for VPN only outbound traffic so soon as you plug into a port thats upstream tagged as the vpn link 100% of your traffic is forced out the VPN
12:07 < Synx_hm> sure saves on the dns leaking headache
12:09 <@Corydon76> I could probably do a 3rd VLAN, actually, one for dedicated VPN traffic.  Right now, it's just certain subnets that go through the VPN, not everything.
12:09 < Synx_hm> thats how i do it
12:10 < Synx_hm> also have the vlan trunked into the unifi ap so i have a separate ssid that is VPN only
12:10 < Synx_hm> kinda handy for testing ingress back into my local network
12:13 <@Corydon76> That was my plan, as well.  I love that the APs are VLAN-aware
12:14 < Synx_hm> agreed its lovely, i dont use it all the time but when i do its golden to have
12:14 < Synx_hm> and you can segregate off guest traffic ;)
12:15 <@Corydon76> Yep, guest traffic gets a completely different subnet
12:31 <@xray> funny you all are talking about this. I was discussing this very issue on another channel. Decided to add a Ubiquiti Edgerouter to my existing Ubiquiti AP for the very reason you are discussing.
12:32 <@xray> I also need to segregate IoT, network management and BMC to seperate VLANS.
12:36 <@Dolemite> I swear, you folks have some complicated home network setups.   I just need to be able to stream my midget pr0n in 2160p.
12:37 <@xray> I'm an infosec engineer, telecommute, and do infosec research.
12:38 <@xray> Plus it is how you learn new things
12:38 <@Dolemite> But can you still stream your midget pr0n collection at 2160p?
12:38 <@xray> who has time for pr0n
12:38 <@xray> to many things to hack to little time
12:38 <@Dolemite> midget, apparently, since they keep making so much of it
12:38 <@xray> I'll have to take your word for it
12:39 < Synx_hm> lol
12:50 <@Evilpig> hahahah.  so that vecd.org site from last week.  turns out the university owned it, they purposely let it lapse in feb.  a spammer picked it up and set up shop after that.
12:51 <@Evilpig> xray: there's always time for midget pr0n.  this is why we have multiple monitors.  multi-tasking
12:53 <@Evilpig> also saw the new macbook air over lunch.  that thing looks nice since they dind't bring that useless touchbar over
13:07 -!- K`Tetch_ [~no@47.39.211.239] has joined #se2600
13:10 -!- K`Tetch [~no@unaffiliated/ktetch] has quit [Ping timeout: 252 seconds]
13:33 -!- Synx_hm [~Synx_hm@unaffiliated/synx-hm/x-1623004] has quit [Ping timeout: 245 seconds]
13:38 -!- Synx_hm [~Synx_hm@unaffiliated/synx-hm/x-1623004] has joined #se2600
14:19 -!- Synx_hm [~Synx_hm@unaffiliated/synx-hm/x-1623004] has quit [Quit: Leaving]
14:55 <@Corydon76> NOTE TO SELF: The next time you are in a Halloween costume store, do not compliment the employee on their “ridiculously funny redneck teeth”, unless you are 100% sure they are fake costume teeth.
15:11 <@Mirage> I was in Target the other night walking past the grocery section when I heard someone running up behind and then past me.  It was a kid probably 7-8 years old wearing a hotdog suit from their Halloween section who was looking for his mother in the aisle not far in front of me.  Both the mother and I both laughed about the whole "hotdog running through the grocery section" scenario.
15:24 -!- K`Tetch [~no@unaffiliated/ktetch] has joined #se2600
15:27 <@Mirage> Just got an email about this, if anyone is interested: https://www.amazon.jobs/en/jobs/578831/sr-cloud-technical-account-manager
15:28 -!- K`Tetch_ [~no@47.39.211.239] has quit [Ping timeout: 240 seconds]
16:45 -!- v4mp [~v4mp@unaffiliated/v4mp] has joined #se2600
17:08 -!- K`Tetch_ [~no@47.39.211.239] has joined #se2600
17:11 -!- K`Tetch [~no@unaffiliated/ktetch] has quit [Ping timeout: 240 seconds]
20:22 -!- strages [uid11297@gateway/web/irccloud.com/x-zmzfabrxpvwybcoa] has quit [Quit: Connection closed for inactivity]
--- Log closed Wed Oct 31 00:00:42 2018