[00:00] I installed ubuntu with software raid5 on six identical drives two days ago. It was fine while using it yesterday and rebooting it many times. Today I came in and I get raid error not enough operational devices on md0 (4/6) failed. I feel like this is so unlikely as to be impossible, and all drives are still seen in bios. [00:47] hmm that's indeed a bit weird, Pinkamena_D [00:47] unless you were unlucky and hit a set of bad drives, which happens occasionally. [00:47] check S.M.A.R.T. data, do a long self-test on each of the drives [00:48] also make sure your layering of block devices is compatible to RAID-5 === Lcawte is now known as Lcawte|Away [01:19] nacc: I was wondering about having two PPAs. A bootstrap PPA, as well as the current one. [01:20] nacc: the current one could be set up to depend on the bootstrap PPA, so anything built in the bootstrap PPA can be build-depended on. [01:20] nacc: then we might be able to prepare everything in the PPAs, ready to be rebuilt for the archive when we're ready, so then we can defer the decision. [01:20] We could even have multiple "levels" of bootstrap PPA if needed. [01:21] Just a thought - I've not thought it through fully. [01:23] rbasak: that seems reasonable. what is the benefit of having a distinct bootstrap PPA? just reducing the noise? [01:24] nacc: so that the steps to bootstrap the main archive are laid out rather than lost [01:47] rbasak: ah that makes sense [03:08] 26 packages can be updated. [03:08] 14 updates are security updates. [03:09] ^^^ the default motd has that. is there a way to display that again without creating having to exit the shell and log in again? [03:09] i can't find a way to print the default motd again, nor am i aware of an apt-get function that will show it [03:14] pacmanfan: /usr/lib/update-notifier/apt-check --human-readable - in xenial, not sure about older [03:15] pacmanfan: for the apt bit specifically. the entire motd should be just in /etc/motd [03:17] that works, thanks! [03:17] my /etc/motd is empty, i guess because i haven't added a custom one [03:18] oh, sorry [03:18] seems to be /run/motd.dynamic [03:18] /etc/motd used to be a symlink, I guess not any more [03:18] (via "grep -r motd /etc/pam.d") [03:19] * tarpman hasn't looked into this stuff in a while... [03:19] aha, that explains all the docs i found referencing /etc/motd [03:19] i'm just like "huh... that must be for custom stuff" [04:14] anyone around that can lend a hand installing ubuntu server? [04:14] specifically know why it wont see my nVidia RAID array during partition setup? [04:15] kernel cmdline: dmraid [04:16] PryMar56: could you elaborate a little bit more? [04:16] i.e. where do i enter that? [04:18] right before entering the partitoner, it asks if i want to activate the RAID drive, i hit yes, and all i see in the partitoner is the single drive thats not in the array [04:18] what is the boot media? [04:19] USB or ISO? or Hypervisor? [04:20] how do you launch the installer? [04:22] if its a CD, hit F1 and read how to customize the kernel cmdline [04:22] PryMar56: USB, metal system, not VM [04:23] i added "dmraid=true" to the cmdline, and still no joy :/ [04:24] or do i not need the [04:24] "=true" part? [04:24] to disable it, I add : nodmraid, so I guess:dmraid (is enough) [04:25] PryMar56: i will try that, thanks [04:26] KE if the installer sees your nvidia fakeraid, the device names are unique and contain nv084084~ (wild chars) [04:26] nothing like sda1, sda2 [04:26] right.. i already found that out using PartedMagic [04:28] still nothing [04:29] maybe insmod=dm-raid [04:29] the driver is called dm-raid.ko [04:29] would i be better off using the installers software RAID? [04:31] KaoticEvil, I make no value judgement about the dmraid. Once you bothered to setup the nvidia bios raid, you owe it to yourself to expt with it and make your mind up [04:32] if you change course and go with software raid, you have to erase the fakeraid meta data first [04:32] that would be fine.. no data on there at all [04:32] fresh install.. just put the hardware together today [06:03] hello, having trouble mounting a cifs share [06:03] sorry samba share from my ubuntu server [07:16] anyone mounting a samba share using active directory [07:17] though a nas4free box if possible as well === G is now known as Nigel [08:05] anyone able to assist me [08:16] nm got it === stokachu_ is now known as stokachu === chmurifree is now known as chmuri [12:39] kickinz1: I'm looking at ntp now. [12:39] kickinz1: did you have an MP in LP for it? [12:45] rbasak, not yet. [12:46] kickinz1: OK. Also I just realised you can't, since there's no repo to merge into yet. [12:47] kickinz1: shall we start as we mean to go on? I can create that now, then you can file an MP for your logical branch. I can review that with the inline comment functions, etc. [12:48] kickinz1: and then after that's done, you can file a second MP for the merge itself. [12:48] rbasak, OK [12:55] kickinz1: OK, I've created the ~ubuntu-server-dev ntp repo with your import. [12:55] kickinz1: please could you submit an MP from https://code.launchpad.net/~kick-d/ubuntu/+source/ntp/+git/ntp/+ref/logical/4.2.6.p5+dfsg-3ubuntu9/+register-merge [12:55] rbasak, yes [12:55] kickinz1: to go to the logical branch in the ~ubuntu-server-dev ntp git repo. [12:56] Thanks [12:58] Done. [13:00] kickinz1: that looks good I think. 2416 lines alarmed me, but I think they're all the CVEs so it looks like what I expected. Thanks! [13:07] rbasak, yes, most are related to CVEs. === cpaelzer_ is now known as cpaelzer_afk === smb` is now known as smb === smb is now known as Guest52432 [14:15] rbasak, how do we proceed now? [14:20] kickinz1: I'll review your merge next. [14:20] kickinz1: probably through a second MP is best. [14:20] I need to figure out what to push so that you can file one. [14:23] rbasak, maybe push new/debian (4.2.8p4+dfsg-3)? === Lcawte|Away is now known as Lcawte === cpaelzer_afk is now known as cpaelzer_ [15:56] howdy! [15:56] Guys, Is it a good idea to use different machine for databases? [15:57] I mean buy 2 dedis, 1 for application server and 1 for database? Will there be any performance lose because of network? [15:57] These 2 dedis will be on the same IP gap [15:59] mrtAkdeniz: I think the short answer is 'it depends' [15:59] how often are you hitting your db, etc. how is your network configured [15:59] mrtAkdeniz: but there is insufficient information to make any guess === JanC_ is now known as JanC [16:45] https://bugs.launchpad.net/ubuntu/+source/php5/+bug/1522422 [16:45] Launchpad bug 1522422 in php5 (Ubuntu) "Update to php 7.0" [Wishlist,Triaged] [16:46] rbasak: thanks will refer to that when questions about php 7 come up again === cpaelzer_ is now known as cpaelzer === cpaelzer is now known as cpaelzer_afk [18:05] Hey folks. I've got an x86 ubuntu server that needed an OS update. I did do-release -update (cleared out old kernels after it complained of low space in /boot), and it finished fine. On reboot, I get "no such device" errors and no grub menu. In rescue mode I can see all my data. /boot is completely empty. I edited fstab to change the uuid of /boot to /dev/sda1, and /boot looks normal. Rebooting still yields the same error. [18:05] After that reboot, I entered rescue mode again and tried the same thing... nothing in /boot this time. =-/ [18:09] update-grub complains that /boot/grub doesn't exist. I just tried remounting /boot from /dev/sda1 and via UUID in fstab. Neither way shows anything in /boot now. [18:10] I *am* using LVM, so I told rescue mode to give me a shell in the root vg. Is there anything special I need to do to get all partitions mounted? [18:13] To clarify - I'm not using recover mode from a grub menu, but via a live cd's "Repair a Broken System" [18:16] psyferre: /boot is in a LVM logical volume? [18:20] pmatulis: yes, but not on its own. It's part of the /root volume [18:21] pmatulis: It's been a while since I really got into lvm, so I may not have my head around this the right way. In Repair a Broken System, I had several options for a shell. I chose the root lvm, rather than /dev/sda5. Maybe that's incorrect? [18:23] Choosing /dev/sda5 fails to mount. [18:25] psyferre: you need to expose the lvm layer [18:32] pmatulis: Ah, now my google searches are yielding something useful. Okay, so it looks like this is basically exactly what I need to do? http://ubuntuforums.org/showthread.php?t=1347375 [18:33] psyferre: that's the idea. it's been a while for me too [18:33] pmatulis: awesome. Thank you very much for your help. I really appreciate it. [18:35] psyferre: welcome. let us know what happens [18:37] heja [18:37] gents [18:37] I have installed ubuntu 15.04 on my system. I have attached an embedded device to my system through via USB. I need to configure the usb to act as network adapter device. Any idea how this could be done. Many thanks in advance? [18:37] where is the best location of the document folder for an apache web server [18:37] pmatulis: Will do. I also found this tool: http://sourceforge.net/p/boot-repair-cd/home/Home/ Seems promising, and was recommended by howtogeek... [18:38] http://www.howtogeek.com/114884/how-to-repair-grub2-when-ubuntu-wont-boot/ [18:39] bizhan: normally the kernel either supports the usb network adapter or it doesn't. what do you see with dmesg command after inserting the device? [18:39] psyferre: you mentioned that your /boot was contained in the root fs yet you are mentioning it has a UUID, this seems contradictory [18:41] sdeziel: It's likely that I'm munging terminology. I have two volumes, root and swap. Fstab has a line for the root lvm, and a separate one for /boot. /boot is mounted via its uuid. === cpaelzer_afk is now known as cpaelzer [18:41] bizhan: please note that 15.04 reaches the end of its life in a few days https://wiki.ubuntu.com/Releases [18:42] kid4coding: /var/www is popular [18:42] pmatulis, I get some errors: [32255.895599] wlan0: no IPv6 routers present [18:42] [32451.653564] CFG80211-ERROR) wl_run_escan : Escan set error (-25) [18:42] psyferre: if /boot has a UUID it means it's a partition (likely your sda1). The PV would then likely be in sda5 [18:42] sarnold, thanks I will start the update today. [18:43] psyferre: so when you'll run your repair stuff, make sure to work from inside your root LV and have your /dev/sda1 mounted on /boot inside that root FS [18:44] sdeziel: Yes, it's definitely sda1. When I tried to mount /dev/sda1 as /boot it was empty. [18:45] psyferre: OK and if you umount it, is your data inside /boot ? [18:45] psyferre: maybe your sda1 is empty and mounting it shadows what's inside /boot from your root FS [18:47] getns [18:48] If I type #cat /etc/apache2/sites-available/mysite.conf [18:48] the document root is set to /var/www/html/ [18:48] sdeziel: Here's where I'm at currently: http://pasteboard.co/18xIWl3X.png [18:49] I have created a file .php containing a function to print out the configuration [18:49] I saved the file as info.php. When I go with my browser at http://localhost/info.php [18:49] I still get a black screen === marcoceppi is now known as marcoceppi|airpl [18:50] psyferre: looks good to me. This shows your /boot partition does have a bunch of kernels [18:50] sdeziel: everything *seems* to be proceeding logically... Not sure why /boot was empty before. It seems fine now... my last attempts were through fstab, then mount -a [18:50] psyferre: maybe it was not mounted before hence was empty? [18:51] sdeziel: Must not have been. I changed lines in fstab, then mount -a, and it was back to normal. Then rebooted. After grub failed again, I went back in recovery mode and did mount -a... nothing in /boot. [18:53] sdeziel: I must have messed something up in the process. So, my next step is drop into grub prompt, and do something like # root (hd0,0) and # setup (hd0), right? [18:54] Hmmm... guess not. "/bin/sh: 7: grub: not found" [18:55] psyferre: have your tried in the chroot you had in your recovery env? [18:57] sdeziel: Yes, If I understand you correctly. After chroot foo I checked /boot. Then I changed directory back to the root of foo and attempted to run grub [18:58] Is there any command to verify I got these modules installed [18:58] mysql-server libapache2-mod-auth-mysql php5-mysql [18:58] psyferre: yes. You might also need to mount /proc before chrooting. I vaguely recall that some version of grub needs it [18:59] kid4coding: dpkg -l| grep mysql [18:59] kid4coding: dpkg -l 'mysql*' | cat [18:59] (the pointless | cat forces dpkg to show the full version numbers) [18:59] sdeziel: ah, that makes sense. Okay, I'll give that a shot too. Thank you! [18:59] psyferre: you are welcome [19:00] sarnold: thanks for explaining the not so pointless cat :) [19:00] sdeziel :) [19:00] sdeziel: it seems that I do not have those modules [19:01] can I only install the modules above with apt [19:03] kid4coding: yes, apt should let you install those packages without problem === marcoceppi|airpl is now known as marcoc|airplane [19:08] done [19:08] thank you [19:08] Can I leave the loopback address for the binding address of mysql rather than assigning my real IP since it can change? [19:08] I leave 127.0.0.1 [19:10] kid4coding: if your PHP app is running on the same machine as your MySQL server, 127.0.0.1 will do just fine [19:12] kid4coding: if both the server and client run on the same system, that's probably better -- or there may be a named unix domain socket you could use too [19:14] I am sick and tired of Ubuntu security notices hitting my system before some official notice [19:14] you guys have you head up your ass or what [19:14] does the kernel support vlans on multiple virtual interfaces? [19:15] you look like idiots [19:16] well? [19:16] i have one firewall for a building that has multihomed businesses in it. The network is segregated by vlans. Now I want to setup a VPN server on the firewall to allow remote access.. and hints? [19:16] davidic657: what would you prefer? Get the notice only to see you cannot actually pull the patched software? [19:16] do you guys have your heads in place or not? [19:16] davidic657: with that kind of attitude who are you expecting a reply from? [19:16] I dont care [19:17] do not do the updates before notification [19:17] davidic657: who, exactly, do you think you are? [19:17] whats the thing abought the horse leavibnf etc etc [19:17] davidic657: what is the actual problem you're upset about [19:18] getting updates with no news about them, like a day later [19:18] turn off auto updates [19:18] security? [19:18] davidic657: turn on apt-listchnges [19:18] apt-listchanges [19:19] justget it together guys and stop giving excuses [19:19] davidic657: feel free to subscribe https://lists.ubuntu.com/archives/ubuntu-security-announce/2016-January/date.html [19:19] davidic657: I still don't understand your question. [19:19] davidic657: please read: http://www.ubuntu.com/about/about-ubuntu/conduct [19:19] pici you never will your better of on suse anyway [19:20] davidic657: ok - stop [19:20] stopped [19:20] davidic657: either explain your problem calmly, and we'll be happy to talk/help with it if possible [19:20] or drop it [19:20] either is fine [19:20] I believe I said stopped [19:20] ok [19:20] or did you miss that typing? [19:21] that's not stopped it's mutated [19:21] Temper: enough [19:21] Anyway..... [19:21] Temper: I've already asked you in #ubuntu to stop with this comments [19:21] pici go to suse [19:21] I'm happy where I am, thanks. [19:21] ikonia: no you didn't [19:21] Temper: ok then "please stop" [19:22] with? using !commands? [19:22] sorry to play with the bot [19:22] thanks [19:22] Temper: feel free to /msg ubottu if you want to try out !commands :) [19:22] supercalifragilisticexpialidocious really does need to be added tho.. [19:22] Temper: this stuff - we don't need to see it please [19:22] seriously relax.. [19:23] I am [19:23] please just stop with the silly comments [19:23] chilled here [19:23] ikonia: all work and no play...? [19:23] get your act together [19:23] davidic657: you too [19:23] it's a channel for ubuntu server discussion, please use it for that [19:23] Hve its why I am here [19:24] besides still waiting to see if anyone responds to my request for tips on how to VPN into a vlan environment... [19:24] maybe #openvpn? [19:24] Temper: ok, then please wait for that [19:24] I don't know what tips you want [19:24] Temper: you know that's way less likely once you fill everyone's scrollback with mindless chatter :) [19:24] just selected bridged or routed mode - bang you're done [19:25] sarnold: stop with your mindless chatter - you are ruining my chances for a response.. [19:25] Temper: I won't ask you again [19:25] Temper: stop with the stupid comments to people [19:25] ikonia: and how to you select a vlan id based on user? [19:25] Temper: you don't [19:25] Temper: you'd need to tag the tun or tap device [19:26] you'd need multiple tun or taps depending on your routing [19:26] so each user will need it's own tun/tap interface? [19:26] no [19:26] What are you actually trying to accomplish here? [19:26] you're not trying to give each user their own vlan are you ? [19:26] lol [19:26] i run a network with like 10 businesses on it [19:26] pici loves suse [19:26] ok ? [19:26] it is segmented by vlans [19:27] ok [19:27] so each user, or company user, will need access to a specific vlan id [19:27] as to not be able to access other company resources [19:27] Temper: so thats not really openvpn's problem if you look at it [19:28] you'll vpn to a "holding" area [19:28] you then need to route or bridge your traffic through to the other networks [19:28] you do that by presenting specific routes per user / group [19:28] geez [19:28] would it be better to run multiple openvpn concentrators? a different port per company? [19:28] then the devices those routes take the user through will tag for you [19:28] that is the part i am curious on.. how to do it. [19:28] or as sarnold have a vpn per network and have them vpn into their specific business unit [19:29] sarnold: explain [19:29] ikonia: what is your problem? [19:29] davidic657: your silly comments that you've been asked to stop [19:29] about what? [19:29] davidic657: drop it - contribute to the channel, be quiet, or leave [19:29] those 3 options are all that matters [19:29] Temper: what are these users authing against ? [19:30] me knowing pici is a big suse person [19:30] the whole vpn system is non-existant at this point [19:30] Temper: ok - what "would" they auth against [19:30] Temper: I'm just curious if it'd be better to run multiple instances of openvpn if the data they handle should be separated from the other users -- then each instance could get its own tun devices or whatever.. [19:30] so whatever is needed will be done [19:30] i was just going to create users and auth the vpn off the user database [19:31] pretty sure i have done that before [19:31] Temper: what is the user database ? [19:31] a database, ldap, a file ? [19:31] . /etc/passwd? [19:31] errr that doesn't seem a good option to manage multiple network entry points [19:31] yeah i was thinking it would be simpler than it is [19:31] it's not [19:32] mysql seems running [19:32] I'd suggest taking a step back from the VPN at this point and look how you would manage users on the network with multiple accounts and different network restrictions [19:32] Temper: once you have an idea of that the vpn options will be smaller and you'll be able to narrow it down to 1 or 2 realistic options [19:32] i wonder if it would work just to put each company on a different 10.10.x.x network segment and then just put the server on all vlans and use "network security" [19:32] that wouldn't auth users [19:33] i have seen it doen that the ip address range is based on the user [19:33] I still have problems with PHP to be executed from Apache [19:33] so i could maybe modify that example [19:33] I got a blank screen [19:33] that won't auth users though [19:33] no [19:33] kid4coding: error in your php [19:33] I was just printing the output of phpversion(); [19:34] still an error [19:34] kid4coding: i hate to break it to you but this isn't really a programming channel [19:34] ikonia: how can I access httpd.conf on ubuntu [19:34] if you're getting a white screen [19:34] kid4coding: in a text editor [19:34] kid4coding: nano httpd.conf [19:34] Temper: it does not exist on ubuntu [19:34] or should i have sent him to vim :) [19:34] kid4coding: try #php [19:34] kid4coding: Did you enable mod_php? [19:35] Pici: must have or he'd be getting php code [19:35] Temper: This is on-topic for this channel as long as hes just trying to get php enabled. [19:35] Temper: I am installing LAMP [19:35] kid4coding: how? [19:35] kid4coding: it's apache2.conf on ubuntu [19:35] sarnold: I am following this https://help.ubuntu.com/community/ApacheMySQLPHP [19:36] sarnold: under /etc/apache2/ I do not have httpd.conf [19:36] Is it normally located on a different path? [19:36] E486: Pattern not found: httpd [19:37] kid4coding: (a) I'd be skeptical of that wiki page, it starts out discussing a release of ubuntu from six years ago. not a great start. [19:37] kid4coding: (b) I don't see httpd.conf mentioned on that page, not sure where you found that, but it feels like a rhel or centos guide instead :) [19:38] kid4coding: this https://help.ubuntu.com/14.04/serverguide/lamp-applications.html might be a better starting point [19:38] yeah i wasn't excited to open that link either.. [19:38] kid4coding - this might be a good one too https://www.digitalocean.com/community/tutorials/how-to-install-linux-apache-mysql-php-lamp-stack-on-ubuntu-14-04 [19:38] that guide works in concept [19:38] and it is for ubuntu [19:38] kid4coding: check out the a2enmod and similar manpages [19:38] still if he is getting a blank page and not php code something is somewhat configured [19:39] now you need to check the log files [19:39] I want to open httpd.conf to define the association with .php for apache [19:39] it is doing that [19:39] as you're getting a blank page [19:39] if it wasn't associated you'd get the page displayed as text [19:40] kid4coding: probably it's something like a2enmod php5 or something. [19:40] it should already be enabled [19:40] *nod* [19:40] as if it wasn't the php would be displayed as text [19:40] it's a code error [19:40] as PHP won't display errors by default [19:40] ikonia: i am not the only one trying to do this... https://forums.openvpn.net/topic9600.html no there are no answers forthcoming yet [19:40] it says that PHP5 is already enabled [19:41] Temper: re-read what I said [19:41] there are ways to do it, but you are missing too much the basics of management to be able to do it [19:41] ikonia: to me? [19:42] kid4coding: no, temper [19:42] kid4coding: your problem is your PHP is wrong [19:42] I'm reasonably confident of that [19:42] php -v works fine from bash [19:42] kid4coding: create this test.php file [19:42] i think that should work.. hehe been a while since php [19:43] then access http://ip/test.php [19:43] kid4coding: that is not apache rending your php [19:43] kid4coding: that is nothing to do with it [19:43] kid4coding: php is the preprocessor but there is a lot going on under the hood to map that to and from apache. [19:44] i am fairly confident you have the hooks setup to send the .php file to the preprocessor but that doesn't mean it is configured correctly. if you didn't you would get the .php as a text file in the browser. [19:45] we've already covered that [19:45] but ikonia is right most likely your php is malformed... well actually - wouldn't php parse back an error? [19:45] no [19:45] ikonia: it's still nice to spell out debugging steps.. [19:45] you just get the white screen unless you turn on debugging [19:45] but as you are at a level where you can't edit a text file - that seems to be a bit of a pointless process to walk through [19:45] maybe we should just tell him how to do that? [19:46] ikonia: I am confused by what you mean here: " I'd suggest taking a step back from the VPN at this point and look how you would manage users on the network with multiple accounts and different network restrictions" [19:47] Temper: you have a network, with multiple vlans on it, and users that will need access to different ones, how will you controll auth on those networks - you can't have every user on every box in the password file [19:48] those are different levels. the vpn is just on the network level.. each business - once on thier network segment - is a completely different system [19:48] like some use mac and other use windows.. [19:48] right, but you need a way to auth them for the vpn and control their restrictions [19:48] yeah.. so at most i need to be able to support like 200 users [19:48] definitely, many things have changed [19:49] i can't just use the linux user? [19:49] you can, but is that really how you want to manage 200 users for complex auth and group privileges ? [19:49] i mean i can setup radius if you think it would be better [19:49] Gents, do you work as sys admin on Linux? [19:49] Temper: your other option is to make an exposed entry point for each network vlan and put an openvpn entry point on each one [19:49] no group privledges.. just user1 -> vlan 1 [19:50] then just manage a password file per openvpn box for only the users allowed on that network [19:50] you could do it with 1 box and virtual hosts [19:50] the whole network is on 1 box and vms [19:50] well except the mac os stuff - [19:50] right, but it's VM's so you could do it on one "vm" then [19:51] i only have one outbound ip address.. [19:51] thats ok [19:51] i guess i could put each business on a different port.. [19:51] that works [19:51] or reverse proxy it to the internal IP's [19:51] but i really want to just have 1 file for the open vpn client config and then map it by username/password [19:52] you could do that with one password file and multiple vpn instances authing off it [19:52] you would just need to make sure there was a difference in groups for the users [19:52] so you could stop openvpn1 authing users for people in the group for openvpn2 [19:52] i have never ran multiple instances of ovpn on 1 box.. [19:53] you can do it from 1 binary set, so if you update 1 vpn's binaries/libraries you update them all [19:53] it's just launching multiple instances [19:53] so you just have startupscript that essentially run openvpnserver /etc/openvpn/vpn1.conf - etc [19:54] pretty much [19:54] Temper: the openvpn init script makes it really easy to interact with each individual VPN [19:54] Temper: /etc/init.d/openvpn restart foo [19:54] foo being the instance? [19:54] this would look for /etc/openvpn/foo.conf [19:54] yes [19:54] sdeziel: does it support something like an include.d so you can put multple configs in there and it loops through them ? [19:55] ikonia: if you call /etc/init.d/openvpn restart, all of them will be stopped. The one that will start are those set to AUTOSTART in /etc/default/openvpn [19:55] so then create a virtual network (eth0:0) for each vpn instance? then map each virt net to a vlan? [19:56] ikonia: but yeah, you can drop multiple .conf under /etc/openvpn/ [19:56] sdeziel: so you just define multiple instance in the one config, or specify multiple config files, either works [19:56] ikonia: each instance has to be in a single conf file [19:56] ok, so it has to be multiple config files [19:57] still easy to manage [19:57] yup, one config per openvpn process [19:57] yeah i could just copy 1 config to another and edit the changes.. [19:57] Temper: if you have a limited amount of users, you could put your per-user config in "ccd" files [19:57] man openvpn for the gory details [19:58] thats an interesting idea, although that would make user managment more complex [19:58] sdeziel: haha no thanks! [19:58] this way you could pin each user to a static IP that you control. This would in turn allow you to restrict the access with the firewall [19:59] ikonia: indeed, no free lunch ;) [19:59] maybe it would be easier just to make a small vm per company and then just port forward from the firewall to the correct vm? [19:59] radius is supported by a plugin IIRC [19:59] Temper: that sounds like the best way [20:00] will that work with a vpn connection.. can i use ip tables to take incomming port say 3333 -> 10.10.1.50:[whatever the vpn port it by default] [20:00] then 3334 -> 10.10.1.51:[same port] [20:01] Temper: yes, will work without problem. Default port is UDP/1194 [20:01]