**** BEGIN LOGGING AT Sun May 23 02:59:57 2010
May 23 08:02:12 <lbt> o/
May 23 08:03:44 <thiago_home> hey lbt
May 23 08:03:51 <lbt> morning :)
May 23 08:08:13 <Stskeeps> morn lbt
May 23 08:11:08 * lbt is digging in kerberos/nfs4 this morning....
May 23 08:12:05 <lbt> it should be easier than this ;)
May 23 08:13:42 <Stskeeps> your internal network being kerberos and nfs4? :P
May 23 08:13:53 <lbt> *nod* ... nearly
May 23 08:13:56 <lbt> and ldap
May 23 08:13:58 <lbt> :)
May 23 08:14:06 <lbt> what could possibly go wrong?
May 23 08:17:45 <Tm_T> I read that "ntfs" for a second
May 23 08:17:55 <lbt> eek
May 23 08:18:14 <Tm_T> had to doublecheck after your last question (:
May 23 08:18:52 <lbt> trust me, there's enough caveats around krb5/nfs4 ...
May 23 08:18:59 * Stskeeps should set up vpn for his home network.
May 23 08:19:23 <lbt> kinda neat though.... and I would like to use krb5 on maemo.org and meego.com
May 23 08:19:33 <lbt> Stskeeps: openvpn is nice
May 23 08:19:48 * thiago_home likes openvpn
May 23 08:19:50 <lbt> and the little n900 applet is just..... mmmm
May 23 08:20:08 <thiago_home> it's easy to set up, pretty secure, and works through most NATs
May 23 08:20:08 <Stskeeps> also has to be proxy friendly since when i use it abroad, i'm often behind :P
May 23 08:20:41 <thiago_home> proxies usually require TCP connections
May 23 08:20:50 <thiago_home> openvpn can do it, but IP-over-TCP is a bad idea
May 23 08:20:52 <lbt> best bet is to use 443
May 23 08:21:43 <lbt> you *can* setup 2 openvpn services to the same vlan... one tcp, one udp  but I wouldn't start there :)
May 23 08:22:37 * thiago_home needs to use port 443 for other things
May 23 08:23:16 <thiago_home> openvpn on Maemo5, however, doesn't add the routes it should
May 23 08:23:42 <lbt> I think the wiki notes how to fix that
May 23 08:34:48 <tmzt> lbt: did you ever get policy routing to work with openvpn? like use a computer on the network as a gateway without losing local network connectivity?
May 23 08:36:03 <lbt> on the N900?
May 23 08:36:15 <tmzt> on linux
May 23 08:36:36 <lbt> mmm
May 23 08:36:38 <lbt> yes
May 23 08:38:02 <lbt> I use my laptop in hotels with both internet and home lan
May 23 08:38:36 <tmzt> I just continually get locked out of the local network when messing with ip rule
May 23 08:39:17 <lbt> mmm, sounds like a routing conflict
May 23 08:40:28 <lbt> your vpn server config possibly?
May 23 08:40:57 <tmzt> well this was on the server side
May 23 08:41:12 <tmzt> trying to dual home but also serve as a gateway through the vpn
May 23 08:41:56 <tmzt> so I had two networks connected through vpn, tried both openvpn and ipsec/strongswan
May 23 08:42:02 <lbt> my firewall has : ppp0/eth0/tun0
May 23 08:43:40 <lbt> ppp0=internet eth0=10.0.0.0/24 tun0=10.20.20.0/24
May 23 08:44:03 <tmzt> but you have the internet uplink on the same machine as the ipsec/openvpn gateway?
May 23 08:44:16 <tmzt> my problem is I'm trying to use this with an existing (ddwrt) router
May 23 08:44:21 <tmzt> but run the vpn on a x86 pc
May 23 08:46:28 <lbt> so are you NATing into tun0
May 23 08:47:09 <tmzt> well I was hoping just to ip route 172.16.0.0/16 via 192.168.1.x which is the vpn gateway
May 23 08:47:25 <tmzt> in any case it didn't know how to route the packets through tun
May 23 08:47:48 <lbt> so you were going to ask the internet nicely if you could have traffic for 172.16.0.0/16 ? :)
May 23 08:47:56 <tmzt> no
May 23 08:48:23 <lbt> so how would a client "out there" connect to the x86 box?
May 23 08:48:40 <tmzt> I was bridging two networks over vpn
May 23 08:48:49 <tmzt> not the road warrior case
May 23 08:49:08 <lbt> so your x86 connected to 2 vpns
May 23 08:49:24 <tmzt> there was an x86 box on each end of the vpn
May 23 08:49:33 <lbt> OK...
May 23 08:49:48 <lbt> I understand now
May 23 08:50:09 <lbt> so you need to bridge tun0/tun1 not route...
May 23 08:50:24 <tmzt> so my uv network had 172.16.2.x/24 and my fn network had 192.168.1.x/24
May 23 08:50:52 <tmzt> yeah, that seemed to be an option but adding the interface to the bridge lost ssh connectivity with the box which I'm connected remotely to
May 23 08:51:11 <lbt> No, I think you want to route from A to B via a host X
May 23 08:51:16 <tmzt> I'm trying to understand why linux policy routing wouldn't work, why I need bridging in the first place
May 23 08:51:20 <tmzt> yes
May 23 08:52:03 <lbt> so you need to define X.b as a route for A on nw B and X.a as a route for B on nw A
May 23 08:52:17 <lbt> X.b is the tun on nw B
May 23 08:52:28 <lbt> X cannot do this
May 23 08:53:07 <lbt> typically a DHCP server on B would set a default route and the default route would know that X.b is the route for B
May 23 08:53:20 <tmzt> what I was trying to do is if the packet is for dest 172.16.2.x send it through tun0, other wise send it to 192.168.1.1 over eth0
May 23 08:53:45 <tmzt> do this on both ends and then a ping should work, but it doesn't
May 23 08:53:47 <lbt> that would happen 'naturally'
May 23 08:54:02 <tmzt> obviously the box I'm pinging on both ends needed the return route through the vpn gateway
May 23 08:54:20 <lbt> hold on... "both ends" ?
May 23 08:54:40 <tmzt> to get full connectivity I should be able to ping a box on either network
May 23 08:54:52 <tmzt> from any box on either network that had the proper routes
May 23 08:55:13 <lbt> OK, as you say things my mental image of your topology has to adapt
May 23 08:55:53 <lbt> you have 2 networks A and B
May 23 08:55:58 <tmzt> yes
May 23 08:56:12 <lbt> one of them, B, has an openvpn server
May 23 08:56:21 <tmzt> yes
May 23 08:56:37 <lbt> that is set to offer B to clients
May 23 08:56:45 <tmzt> yes
May 23 08:56:53 <lbt> that server runs in bridge mode
May 23 08:56:56 <lbt> it has to
May 23 08:57:03 <lbt> both eth0 and tun0 are on B
May 23 08:57:29 <lbt> on A you have a vpn client (X) to B
May 23 08:57:42 <lbt> X has eth0  on A and tun0 on B
May 23 08:57:46 <lbt> X is a router
May 23 08:57:57 <tmzt> right
May 23 08:58:21 <lbt> when X can ping anything on A and anything on B then your VPN works
May 23 08:58:39 <tmzt> yes
May 23 08:59:07 <lbt> then you need to tell the clients on A that X is the route for B
May 23 08:59:08 <tmzt> the problem is A and B each have an internet gateway that is not the same box as the vpn gateway, connected by a switch
May 23 08:59:17 <tmzt> yes
May 23 08:59:32 <lbt> "connected by a switch"
May 23 08:59:40 <tmzt> on the same ethernet network
May 23 08:59:43 <lbt> hold on...
May 23 08:59:54 <lbt> in a sane setup... :)
May 23 09:00:19 <lbt> you'd tell the default router on A that X was the route to B
May 23 09:00:27 <lbt> and the default router on B that X was the route to A
May 23 09:00:31 <lbt> however....
May 23 09:01:04 <lbt> if the default routers already think they have routes to A and B then you may have an issue
May 23 09:01:20 <lbt> at that point you need to weight the routes
May 23 09:02:05 <tmzt> but I want to put those weighted routes on all the machines on A and B and not on the routers
May 23 09:02:41 <lbt> no need
May 23 09:03:03 <lbt> the machines will send to the router which will redirect to a different IP on the same LAN
May 23 09:03:19 <tmzt> okay, that makes sense
May 23 09:03:30 <lbt> :)
May 23 09:04:01 <tmzt> so the packets go from a box to the gateway which looks up the static route to the vpn gateway, get encapsulated and go back to the gateway?
May 23 09:04:13 <lbt> not quite
May 23 09:04:48 <lbt> box->gw and the gateway says "not me, you want X"...
May 23 09:04:51 <lbt> box->X
May 23 09:05:01 <tmzt> what protocol is that?
May 23 09:05:06 <lbt> IP
May 23 09:05:32 <tmzt> didn't know there was a control message that did that
May 23 09:06:07 <lbt> I don't think it's RIP but it might be
May 23 09:06:44 <tmzt> why do I need a routing protocol if I have a static route?
May 23 09:07:16 <lbt> or you can setup static routes on every machine on A and B
May 23 09:07:30 <lbt> do you use a hosts file or DNS ?
May 23 09:07:37 <tmzt> hosts/static
May 23 09:07:46 <lbt> fair enough then :)
May 23 09:07:49 <tmzt> there aren't that many machines on either network
May 23 09:08:16 <lbt> *nod* ... wasn't sure ... in general you'd use the same approach I think
May 23 09:08:23 <tmzt> this still doesn't explain why linux isn't consulting the rpb when it receives a packet
May 23 09:08:43 <lbt> rpb?
May 23 09:09:18 <tmzt> if my gateway has the static route to the remote network it would have to be routing the packets
May 23 09:09:24 <tmzt> rpdb sorry
May 23 09:10:12 <lbt> if you have 2 routes from A to B then yes you need to weight them
May 23 09:10:57 <tmzt> if briding eth0/tun0 works then I just add those to /etc/network/interfaces (all ubuntu matchines) and it should work?
May 23 09:11:05 <tmzt> so no ip rule stuff
May 23 09:11:29 <lbt> there is no iptables
May 23 09:11:44 <lbt> but you may use the ip command to do "ip route add"
May 23 09:11:52 <tmzt> only on the gateway, and ipsec uses iptables but openvpn doesn't
May 23 09:12:21 <tmzt> yeah, no iptables
May 23 09:12:48 <lbt> that's vpn-implementation specific.... ignoring that, no other machines need iptables
May 23 09:12:54 <tmzt> right
May 23 09:15:24 <lbt> biab.. painting... good luck :)
May 23 14:01:05 <rashid> 'Morning
May 23 17:07:21 <tmzt> lbt: it works, thanks. just needed to use a bridge on both ends and assign the vpn link ip to the br0:1 instead of tap0
May 23 17:07:53 <lbt> OK - that'll work too :)
May 23 17:09:38 <tmzt> still need a route on each device, I might try adding it on the gateway next
May 23 17:39:05 <javispedro> what, meego already killed HAL?
May 23 17:40:17 <javispedro> well, I guess someone had to do it first...
May 23 17:41:15 <Stskeeps> so did ubuntu, didn't they?
May 23 17:41:33 <javispedro> oh, indeed.
May 23 17:47:22 <th0br0> lbt: how's the obs coming along?
May 23 17:54:47 <TSCHAKeee> so, what is being used instead of HAL?
May 23 17:56:03 <lbt> th0br0: I think we're going to get web access RSN so we can get selected people to start to try it out
May 23 17:56:16 <lbt> devkit
May 23 17:57:38 <lbt> http://hal.freedesktop.org/docs/DeviceKit/index.html AFAIK
May 23 17:57:57 <javispedro> but devkit is also depreciated!
May 23 17:58:04 <javispedro> ;P now it's udev-extra
May 23 17:58:09 <javispedro> (had to read that on wikipedia :P )
May 23 17:58:14 <lbt> heh
May 23 17:58:21 <lbt> "DeviceKit can be considered a simple D-Bus frontend to udev"
May 23 17:58:47 * lbt has kerberos and nfsv4 .... what else matters?
May 23 17:59:23 * lbt wants his n900 to nfs-mount home storage via kerberos...
May 23 17:59:38 <lbt> Stskeeps: I hope your meego port to the n900 has nfs4 in the kernel
May 23 18:02:26 <Stskeeps> i think it might
May 23 21:44:02 <vnix> Hi, I have trouble booting meego using my pendrive
May 23 21:44:07 <vnix> can anyone assist me plz?
May 23 21:51:02 <Erkan_Yilmaz> vnix state your problem exactly, otherwise no one will answer
May 23 22:54:13 <trem> nite all, sweet dreams
May 23 23:16:43 <CosmoHill> http://forums.kustompcs.co.uk/showthread.php?t=49296
May 24 00:40:37 <CosmoHill> my hard drives are 33'C, 37'C and 39'C
May 24 00:43:19 <cure`> i think one of my backup drives is overheating
May 24 00:43:38 <cure`> its gone a few hours after boot
May 24 00:43:43 <cure`> no message, nothing
May 24 00:44:07 <cure`> or its just about to die
May 24 00:51:49 <cure`> think i'll treat myself to a nas in the process, am low on hd space anyway
May 24 01:01:34 <CosmoHill> cyas
May 24 01:15:25 <Termana> good morning
May 24 01:44:15 <GAN900> Um
May 24 01:44:26 <GAN900> What's up with the QA contact?
May 24 01:52:20 <GAN900> w00t_, oops, duped your email.
May 24 02:36:37 <tmzt> lbt: got what you were saying
May 24 02:36:37 <tmzt> From 192.168.1.1: icmp_seq=2 Redirect Host(New nexthop: 192.168.1.5)
May 24 02:36:38 <tmzt> From 192.168.1.5: icmp_seq=2 Redirect Host(New nexthop: 10.8.0.2)
May 24 02:36:38 <tmzt> 64 bytes from 172.16.2.65: icmp_seq=2 ttl=62 time=37.0 ms
**** ENDING LOGGING AT Mon May 24 02:59:56 2010