**** BEGIN LOGGING AT Sun Jun 10 03:00:05 2018 Jun 10 03:05:40 https://tools.ietf.org/id/draft-jenkins-cnsa-cert-crl-profile-00.html Jun 10 03:19:40 i just realized that ar71xx is still at 4.9 and ipt-offload requires 4.14 - is there any way to take advantage of that concept on ar71xx? Jun 10 03:21:45 :( Jun 10 03:23:43 maybe it's just a matter of adding dts to ath79 then Jun 10 03:23:45 * m4t crosses fingers Jun 10 03:50:32 https://wiki.openwrt.org/inbox/howto/opencpe Jun 10 03:50:37 hm, looks cute Jun 10 03:57:20 m4t: anything, including flow-offloading, could theoretically be backported to kernel 4.9 - but it'll take more time and effort (especially if you want to get it right) than porting your device to ath79 (or taking the cheap way out of bumping ar71xx to kernel 4.14, hint, open pull requests, hint) Jun 10 03:58:01 yeah im taking a lot at wndr3800.dtsi now and about to compile - i think the only difference between that and my wndr3700v2 is 128mb vs 64mb ram Jun 10 03:58:17 my main router is rspro though, i dont wanna mess around with it quite yet Jun 10 03:58:24 *taking a look Jun 10 03:58:30 hnyman has an open pull request for the wndr3800, fixing some essential stuff Jun 10 03:58:39 ah thanks Jun 10 03:58:46 is it on github? Jun 10 03:58:52 or patchwork Jun 10 03:58:57 https://github.com/openwrt/openwrt/pull/1026 Jun 10 03:59:00 thx Jun 10 03:59:17 fix LED and button gpio values to match ar71xx Jun 10 03:59:25 yeah maybe the led values *are* the same then hah Jun 10 03:59:33 i noticed a couple were switched compared to the mach file Jun 10 04:10:42 oh hrm someone is already working on rspro. i shoulda scrolled down, had this tab open for a while https://forum.lede-project.org/t/is-anybody-working-on-linux-4-14-for-ar71xx-platform-porting-guide-to-ath79/13013/210 Jun 10 04:13:06 it's a little difficult to keep track among the different trees/ pull and that thread Jun 10 04:48:12 hey it boots on the wndr3700v2 Jun 10 04:48:14 Linux OpenWrt 4.14.48 #0 Sun Jun 10 03:52:39 2018 mips GNU/Linux Jun 10 04:48:18 but no wireless as has been mentioned Jun 10 04:52:32 that might be fixable, but you'd need to work on the dts and import some of the staging pulls Jun 10 04:56:37 ah gotcha Jun 10 06:42:17 hmm thats a bit offtopic... is a java dev around here? im trying to compile a package with ant and get a bunch of package not found errors. is there a way to tell to ant to download those packages automatically? Jun 10 06:48:39 probably in Jun 10 06:48:42 #java Jun 10 06:48:43 :D Jun 10 07:19:04 I wonder what the naming will be for 18.06... Maybe something like "Miraculous Merger"? :P Jun 10 09:53:07 * ldir falling into bleeding edge traps in dnsmasq so you don't have to - latest patch introduces some 'fun' Jun 10 10:07:13 ever the selfless sacrificer Jun 10 10:08:25 does procd have any awareness of filesystem mount state? Jun 10 10:12:25 ie. can it be told 'wait for a mount point before attempting to start a process'? Jun 10 10:17:13 ef me locked out of my vps again :( Jun 10 11:23:47 ldir: ping Jun 10 11:24:02 https://arstechnica.com/information-technology/2018/06/vpnfilter-malware-infecting-50000-devices-is-worse-than-we-thought/ Jun 10 11:24:30 "Williams said he has seen no evidence VPNFilter has infected devices running Tomato, Merlin WRT, and DD-WRT firmware, but that he can't rule out that possibility." Jun 10 11:24:35 where's openwrt? Jun 10 11:24:38 ))) Jun 10 11:27:27 https://arstechnica.com/information-technology/2018/05/hackers-infect-500000-consumer-routers-all-over-the-world-with-malware/ Jun 10 11:28:08 The primary method involved downloading images stored on Photobucket.com and extracting an IP address from six integer values used for GPS latitude and longitude stored in the EXIF field of the image. Jun 10 11:28:13 that is pretty good Jun 10 11:28:18 will give them that Jun 10 11:28:47 but its nice to see the russian government still can't be trusted :d Jun 10 11:28:49 D Jun 10 11:28:49 ldjdl Jun 10 11:29:21 cat or infant? :P Jun 10 11:29:57 food and tiny keyboard :D Jun 10 11:30:05 even in this fleeting digital world there are some things that remain constant :^) Jun 10 11:30:12 heh Jun 10 11:30:28 russia not being trustworthy. Jun 10 11:30:37 :D Jun 10 11:31:02 computers breaking :'( Jun 10 11:31:04 i don't think anyone has ever actually trusted them :D Jun 10 11:31:41 you guys watch too much cnn Jun 10 11:32:18 I don't watch any CNN Jun 10 11:32:20 its garbage Jun 10 11:32:35 jwh: much to the contrary. i prefer fox Jun 10 11:32:38 well, aside from the trump jabs, thats the only good thing they do Jun 10 11:32:52 but i agree cnn can't be trusted xD Jun 10 11:33:00 fox is much much worse than cnn :d Jun 10 11:33:01 j/k, not watching fox. Jun 10 11:33:17 ironically RT is actually pretty good Jun 10 11:33:23 rotten tomatoes? Jun 10 11:33:27 russia today Jun 10 11:33:42 world news i watch euronews Jun 10 11:33:44 the international one though, not the entirely state controleld one Jun 10 11:33:47 controlled Jun 10 11:34:08 name web sate eronews.com Jun 10 11:34:20 euronews Jun 10 11:34:24 i was in russia in may. they sell calendars with putin hugging dogs Jun 10 11:34:36 lol Jun 10 11:34:45 i don't see any healthy democracy doing that... maybe the GOP would, who knows. Jun 10 11:34:48 yeah euronews, france24 etc Jun 10 11:39:27 stintel: why is transip such crap when it comes to a vps? Jun 10 11:39:42 Borromini: never even heard of transip :) Jun 10 11:39:53 how much are you paying and what are you running on it ? Jun 10 11:39:59 it's a big dutch provider from what i know... Jun 10 11:40:09 my brother pays. i don't care. but ovh was a few euros a month Jun 10 11:40:29 I stopped bothering with vm providers, digitalocean and vultr cover the main locations (also vultr supply me with bgp, so I can do my nice anycast) Jun 10 11:40:31 and they prep their images, and you can use your own keyboard layout instead of everything non-US breaking shit :( Jun 10 11:40:40 got a couple of ovh ones, pretty good Jun 10 11:40:49 jwh: yeah i'm regretting transip. Jun 10 11:40:56 but my brother wanted everything together Jun 10 11:40:57 I'm renting a dedi @ soyoustart (ovh) and have a tiny ARM VM at scaleway for having a nameserver in a different network / location Jun 10 11:42:10 have to run, laterz Jun 10 11:42:30 huaracheguarache: pong Jun 10 11:42:49 god. Jun 10 11:45:42 Borromini: are you pinging god now? Jun 10 11:45:51 he has forsaken me :( Jun 10 11:46:02 i can't blame him though :P Jun 10 11:46:02 oh well Jun 10 11:56:45 i have upwel, but i have in ips CGNAT 10.8. ... for my router no scan and cannot connect from outside Jun 10 12:19:20 ldir: in the wireguard luci app there's a tickbox to: Create routes for allowed IPs for this peer Jun 10 12:19:36 ldir: do you know what that entails? Jun 10 12:29:11 lantiq xrx200 HH5A, r7106, kernel 4.14.48, shows WAN IP in overview, and briefly sees the internet, but as soon as page loads WAN IP disconnects Jun 10 12:48:44 heh, password on this device was "admin:admin" Jun 10 12:49:23 guess having to resolder things to get a console was considered sufficient obstacle Jun 10 12:49:38 despite it being bad practice it seems it's still widespread... Jun 10 12:50:44 blogic: Anything left to do for the Fritz450E? mkresin reviewed it yesterday and imho it is in a good state. Also planning on taking a look on the ath79 subtarget next week. Jun 10 12:51:10 ath79 :) :) :) Jun 10 12:52:49 stuck on kernel 4.4.x - poor gl-ar300m getting no love :( Jun 10 12:53:16 some strange off-by-one problem reading NAND Jun 10 14:28:18 ARM openwrt depends from ARM Debian? Jun 10 14:30:27 no Jun 10 14:31:35 i mean Debian drop ARM 32 bit = openwrt drop ARM Openwrti, R Pi 32 - ok Jun 10 14:31:49 good Jun 10 14:35:02 drop = refused Jun 10 14:38:25 build #697 of armvirt/64 is complete: Failure [failed pkgbuild] Build details are at http://phase1.builds.lede-project.org/builders/armvirt%2F64/builds/697 blamelist: Martin Schiller , Kevin Darbyshire-Bryant , Florian Eckert , Sven Eckelmann , Jeremiah McConnell Jun 10 14:38:25 Jun 10 14:39:20 what Jun 10 14:41:23 what, when and why Jun 10 14:46:59 what = what did you say, or what are you doing, or what ... Jun 10 14:53:31 what https://www.youtube.com/watch?v=Vd0fmoLlBrc Jun 10 14:54:36 huaracheguarache: It puts in specific routes for those peers over the wireguard interface. The question you really want answered is 'under what circumstance would I want to do this?' Jun 10 14:57:55 I have no idea on that.. probably a question for the wireguard channel. Jun 10 14:58:38 who? Jun 10 15:04:07 ldir: is there a wireguard channel on this server? Jun 10 15:06:58 oh, I found it: #wireguard Jun 10 15:07:34 thanks for the pointer =) Jun 10 16:22:45 updated openwrt/upstream, https://sdwalker.github.io/uscan/index.html Jun 10 17:10:25 tftp is so annoying. have dnsmasq serving tftp from /var/ftpd, works fine, but have to copy files there. Jun 10 17:10:42 tell dnsmasq to serve /home/blah/openwrt/bin and it just refuses. Jun 10 17:10:54 files and paths are all world readable and world execute on dirs in both places. Jun 10 17:11:00 "security" fail Jun 10 17:13:58 tftp is pesky Jun 10 17:14:16 tp-link? Jun 10 17:14:18 "LZMA: Prossible old LZMA format, trying to decompress.." Jun 10 17:14:24 nice typo in the source Jun 10 17:15:01 Borromini: _possssibly_ my fault from having a migrated /home. turned out everything _under_ my $HOME was world +rx, but not /home/karlp itself :( Jun 10 17:15:18 * karlp builds all the broadcom images and tries them to see which has the suitable format :) Jun 10 17:16:44 hehe Jun 10 17:23:49 andddd tftp strikes again. file paths are too long for the little brane CFE Jun 10 17:28:16 hrm, just get a crash on everyone I've tried so far : https://zerobin.net/?1cc72e690968c098#0wryL43yEXVb64oblC2fcCpi2r2tQ+wvms1fHMFLubo= Jun 10 18:41:25 anyone on ipv6 here that could test if my website works on ipv6? not on ipv6 myself. Jun 10 18:41:33 ldir: you gotta have ipv6. Jun 10 18:43:01 you could msg me or link your website here Jun 10 18:43:39 volatilesystems.org thanks Jun 10 18:43:45 should do http -> https Jun 10 18:43:59 'lo Jun 10 18:44:06 but lighttpd isn't simple with ipv4/6 combined apparently >_> Jun 10 18:44:07 hi blogic Jun 10 18:44:17 ipv6-test.com Jun 10 18:44:24 says, yeah, all good. Jun 10 18:44:26 i am on a gprs link with a 2,5s ping :-D Jun 10 18:44:44 * blogic tries opening his mail client Jun 10 18:44:49 drmr: yeah, i tried a similar site, but i see my http server only listening on :80 while i'm forcing https Jun 10 18:45:08 v:~$ nc -v 2a01:7c8:fff7:142:5054:ff:fe81:dadf 80 Jun 10 18:45:10 2a01:7c8:fff7:142:5054:ff:fe81:dadf ([2a01:7c8:fff7:142:5054:ff:fe81:dadf]:80) open Jun 10 18:45:12 GET / HTTP/1.0 Jun 10 18:45:14 Host: volatilesystems.org Jun 10 18:45:16 it's just hanging. Jun 10 18:45:25 salcedo: yeah because of hsts. Jun 10 18:45:27 thanks for testing Jun 10 18:46:40 works fine for me Jun 10 18:47:07 CrazyLemon: really? thanks. Jun 10 18:48:48 hm..is there a way i could force ipv6 on chrome? maybe i'm not doing this right :) Jun 10 18:48:53 refuses connection on 443 though. Jun 10 18:49:12 using ipv6 Jun 10 18:49:37 $ curl -6 https://volatilesystems.org Jun 10 18:49:37 curl: (7) Failed connect to volatilesystems.org:443; Connection refused Jun 10 18:50:08 works fine using ipv4, works fine using ipv6 on 80. Jun 10 18:50:41 that's what i'd expect since :443 is only open on ipv4 somehow Jun 10 18:50:47 i'll have to dig further Jun 10 18:52:30 "you need to go deeper." Jun 10 18:53:18 i'll ignore the double entendre ;) Jun 10 18:57:08 blogic: Just like the grand old days of dialup, eh? Jun 10 19:01:34 * ldir makes modem noises Jun 10 19:28:57 huaracheguarache: did you get an answer on wireguard? Jun 10 19:29:47 drmr: could you give it another shot? Jun 10 19:29:53 shift+ctrl+r preferably Jun 10 19:31:56 should work both on ipv6 and ipv4 now Jun 10 19:32:40 yeah, works now. Jun 10 19:33:03 $ curl -v -s -6 https://volatilesystems.org > /dev/null Jun 10 19:33:09 thanks man Jun 10 19:33:33 gives me your letsencrypt cert, 200 ok and 8476 content length. Jun 10 19:33:50 weird thing is it now only shows 443 on an IPv6 socket but it works on IPv4 as well so... i think it's all good :) Jun 10 19:34:47 80 gives me a 301 to https. Jun 10 19:34:53 both on 4 and 6. Jun 10 19:34:59 so, all good. Jun 10 19:35:13 ^_^ Jun 10 20:18:19 ldir: no, the wireguard channel seems pretty quiet Jun 10 20:21:40 ldir: I don't know if you can answer this, but is it bad practise to put the wireguard interface in the LAN firewall zone? Jun 10 20:22:09 /etc/init.d/firewall disable && /etc/init.d/firewall stop..... Jun 10 20:22:14 no more problems with zones Jun 10 20:22:56 I'm not sure I would want to do that Jun 10 20:24:00 I personally wouldn't do it, but then because of wireguard's crypto-key routing, you *know* that whatever packets appear on the interface are valid. Jun 10 20:24:39 I'm cut'n'pasting bits of my config for you to have a nose at... 5 mins or so. Jun 10 20:24:59 thanks =) Jun 10 20:41:00 https://pastebin.com/VgGLZgye Jun 10 20:41:17 it seems to work but I doubt it's perfect Jun 10 20:45:14 what's the benefit of giving it a separate zone? Jun 10 20:46:09 fear of not doing so. Not really knowing what I'm doing! Jun 10 20:46:59 all other vpn configs I've seen create interfaces and put them in a vpn zone. Habit? Jun 10 20:46:59 yeah, that's what I worry about, that I somehow configure things in an unsafe way without being aware of it Jun 10 20:47:55 Ok, I'll try creating a separate zone =) Jun 10 20:48:29 in a separate zone you can fine tune the access rights Jun 10 20:48:39 but it's a really interesting idea of *not* putting the wg if in a vpn zone but instead in the lan zone. Jun 10 20:51:25 you would definitely need peer specific routes added to the routing table so that the single IP in question was routed over the wg interface and not over the normal/default. Jun 10 22:37:42 progress: https://zerobin.net/?d26b8f0e33730e22#Vz6OiUXbBlsC0Wg0uvBA7m8Awst9Oh+scfxwBBnW3JM= Jun 10 23:18:45 oh. i got competition Jun 10 23:19:04 diizzy's trying to get on my level Jun 10 23:53:03 is htis the "who can 'maintain' the most packages" ? Jun 11 00:31:38 that comment was premature Jun 11 00:32:16 I'm updating packages in the openwrt/packages repo. Uscan used to say ~50 packages were out of date until it got updated Jun 11 00:32:26 sorry Jun 11 00:32:27 ~50% Jun 11 01:17:07 hey Jun 11 01:18:10 in the kernel.org sysctl doc: nf_conntrack_buckets Size of hash table. If not specified as parameter during module loading, the default size is calculated by dividing total memory by 16384 to determine the number of buckets Jun 11 01:19:46 On my system with 512mb ram this is set to 8192. multiplied by 16384 = 128 mb? **** ENDING LOGGING AT Mon Jun 11 03:00:02 2018