[00:50] <SynfulAck> Anyone know how to allow local lan traffic to a server(16.04) while its connected to a vpn(this case Private Internet Access). I think what i did last time but on centos was use the nm-cli utility and create some route and or metric change to make it prefer a method?
[00:51] <SynfulAck> Not familiar with ubuntu to know what to use if thats the case.
[01:21] <dpb1> I do something like this in /etc/network/interfaces
[01:21] <dpb1>     post-up route add -host 8.8.8.8 gw 10.10.0.1
[01:21] <dpb1> (where host is some resource I want to add through my local router)
[01:22] <dpb1> *access through my local router
[03:43] <SynfulAck> dpb1, wb a more general catchall like -network 172.31.255.254 255.240.0.0 and etc to include all of the ipv4 private address space. Not sure i quite understand how that statement affects the network cause id assume if every private ip address was included it might just starting routing everything how it orignally was...
[03:46] <SynfulAck> i think i messed up that statement but you get the idea.
[07:51] <SynfulAck> dpb1, looks like it works using -net. Thx. Although if any problems came up relating to networking not sure i could make sense of this routing table lol...
[11:08] <mojtaba> Hello, I am using netcat to test a port that I have opened using ufw. But still it says Connection refused.
[11:08] <mojtaba> On VPS I ran: netcat -l 63263
[11:08] <mojtaba> on my laptop: netcat -n -v 167.114.185.238 63263
[11:09] <mojtaba> but I got (tcp) failed: Connection refused
[11:09] <mojtaba> Any idea?
[11:09] <mojtaba> ufw status: 63263                      ALLOW       Anywhere
[11:13] <kiokoman> mojtaba: there is something listening on that port ?
[11:16] <mojtaba> netcat
[11:30] <kiokoman> mojtaba: netcat is trying to connect to that port, but there must be something on the other side listening to that call else u get connection refused
[11:31] <kiokoman> even if it's open
[11:34] <RoyK> mojtaba: try tshark -f "port 63263" on the server side
[11:34] <RoyK> mojtaba: just to check if the traffic gets through
[11:40] <mojtaba> RoyK: netcat is listening on the server side!
[11:40] <mojtaba> by netcat -l 63263
[11:43] <tomreyn> mojtaba: try the netcat command you run on the client, but this time run it on the server (unmodified). does the listening netcat show the incoming connection?
[11:44] <mojtaba> tomreyn: What do you mean?
[11:44] <RoyK> mojtaba: sure, just thought it would be interesting to see if traffic ever arrives to the server
[11:44] <tomreyn> mojtaba: also, i think the command to make netcat listen would be: netcat -l -p 63263
[11:44] <tomreyn> mojtaba: opn your server, run this for listening: netcat -l -p 63263
[11:44] <mojtaba> tomreyn: Yes, -p flag was missing.
[11:45] <tomreyn> mojtaba: now, also on your server, run this: netcat -n -v 167.114.185.238 63263
[11:46] <tomreyn> does the connection get established according to both client and server netcat?
[11:47] <mojtaba> tomreyn: The flag -p was missing. but it is working now.
[11:47] <mojtaba> I was configuring openvpn, but the problem that I was facing was that, the connection was refused.
[11:47] <tomreyn> mojtaba: oh ok. i was thinking you meant you just forgot to write "-p" here
[11:48] <tomreyn> so everything works now, nice.
[11:48] <mojtaba> tomreyn: Have you any experience with openvpn?
[11:48] <mojtaba> :)
[11:48] <tomreyn> not much, a bit
[11:49] <tomreyn> others probably have more, just ask your questions.
[11:49] <mojtaba> I am getting Connection refused on port 63263/tcp
[11:51] <tomreyn> mojtaba: didnt you just say you solved this issue?
[11:52] <tomreyn> mojtaba: i mean, with netcat listening on your server and your laptop connecting to that it works, right?
[13:11] <Neo4> who know how to open port?
[13:12] <Neo4> I want this 51413
[13:12] <Neo4> put to my firewall in modem and can't see
[13:16] <Neo4> I tested port and it's closed https://ibb.co/j1jLAo
[13:16] <Neo4> in transmission
[13:17] <Neo4> I created torrent file and trying to get it on virtual computer but it doesn't work
[13:18] <tomreyn> you need to have something listen on this port (and on the correct network interface, and the correct IP address, or all of them) AND have no firewalls blocking it.
[13:18] <Neo4> tomreyn: do you know how create torrents file in ubuntu?
[13:18] <tomreyn> also, the ip protocol needs to be the same on server and client, e.g. tcp, udp, ...
[13:19] <tomreyn> most bittorrent applications will offer to do it for you or do it automatically.
[13:20] <Neo4> this is my file kselax.ru/Selection_066.png.torrent
[13:20] <Neo4> on virtual machine I wait and can't download
[13:22] <tomreyn> there's no tracker information on this torrent file.
[13:26] <Neo4> tomreyn: I added these trakers manually
[13:26] <Neo4> https://paste.ubuntu.com/p/wDCDcp8YjB/
[13:26] <Neo4> in my seed file and in virtual machine
[13:26] <Neo4> anyway didn't work
[13:27] <Neo4> tomreyn: https://ibb.co/nrkJVo
[13:28] <Neo4> I think my transmission works only accept files and not give
[13:28] <Neo4> https://github.com/transmission/transmission/wiki/Why-is-my-port-closed%3F
[13:28] <Neo4> or here
[13:28] <Neo4> https://ubuntuforums.org/showthread.php?t=2347463
[13:29] <Neo4> Need somehow open port 51413
[13:32] <tomreyn> Neo4: here's how you test whether your server port is firewalled: on the server, stop bittorrent. then run "nc -l -u -vv -p 51413"; now run this on a different computer, such as your desktop / laptop (which needs to connect to the server over the internet): "nc -vv -u -p 51413 SERVERIP" - replace SERVERIP by the public IP address of your server before you do.
[13:33] <tomreyn> the client should then connect to the server and any text you type on the client needs to actually show up on the server, and vice versa.
[13:34] <tomreyn> if all of this works then you have verified that your server port is not firewalled. if it does not work then your server port is probably firewalled. inspect "iptabes -L", if there's nothing clocking connections then talk to your server hosting provider.
[13:35] <tomreyn> *b*locking
[13:35] <tomreyn> (not 'clocking')
[13:36] <Neo4> this  nc -vv -u -p 51413 46.200.157.129 shows error
[13:36] <Neo4> nc -l -u -vv -p 51413 this works
[13:37] <Neo4> when off bittorrent show port is free
[13:37] <Neo4> when bittorren on port is busy
[13:37] <Neo4> tomreyn: this I did from my VPS
[13:37] <Neo4> https://paste.ubuntu.com/p/PNNgtChGKS/
[13:49] <Neo4> here something about ports
[13:49] <Neo4> https://transmissionbt.com/help/gtk/2.8x/html/preferences.html#network
[13:52] <Neo4> where that automatically map port? there not exists item
[13:52] <Neo4> https://transmissionbt.com/help/gtk/2.8x/html/portforward.html
[14:00] <tomreyn> Neo4: sorry, the command for client was incorrect, use: nc -vv -u 46.200.157.129 51413
[14:01] <Neo4> tomreyn: https://paste.ubuntu.com/p/KF7sBhxdwt/
[14:01] <Neo4> mean port opened
[14:01] <Neo4> transmission closed, now I'll open and test
[14:02] <Neo4> equal result
[14:02] <Neo4> transmission test show closed port
[14:04] <Neo4> tomreyn: see https://ibb.co/fDAzLo
[14:04] <tomreyn> Neo4: so your netcat client claims it connected fine to the server, but since this is udp (and not tcp) this statement is not reliable. this is why i'm saying you need to type text on the client and server netcat and make sure it is printed on the other end.
[14:04] <Neo4> if you have transmission  you can test yours port
[14:04] <tomreyn> keep transmission off during these tests
[14:05] <Neo4> I'll try
[14:05] <Neo4> I think all right with ports
[14:05] <tomreyn> that's because only one application can listen on a port at a time.
[14:32] <Neo4> Can somebody reach this page? http://46.200.157.129
[14:32] <Neo4> What is there?
[14:32] <Neo4> tomreyn: try this url
[14:33] <Neo4> I see for router need strong password, anybody can reach it
[14:38] <jon_> Hi all. Would this be a good place to ask a question about ssh (on ubuntu-server)?
[14:40] <Neo4> jon_: yes
[14:40] <Neo4> jon_: what the problem?
[14:40] <jon_> I can't ssh (Permission denied (publickey)) until after I log in at console.
[14:43] <jon_> Neo4, PubKeyAuthentication is yes, PasswordAuthentication is no
[14:44] <Neo4> jon_: yes, after installing ssh key to your server
[14:44] <Neo4> it will forbid use password
[14:45] <jon_> well pubkey auth works but just not after reboot and before a console log in.
[14:47] <jon_> Neo4: timeout for that addr on 80 and 443
[14:47] <Neo4> jon_: you need this variable
[14:47] <Neo4> PasswordAuthentication no
[14:47] <Neo4> PubkeyAuthentication yes
[14:47] <Neo4> ChallengeResponseAuthentication no
[14:49] <jon_> Neo4, those variables are set that way
[14:49] <Neo4> jon_: check status
[14:49] <Neo4> sudo systemctl status ssh.service
[14:50] <Neo4> should be enaubled
[14:50] <Neo4> it very top
[14:50] <Neo4> or make
[14:50] <Neo4> sudo systemctl enable ssh.service
[14:51] <jon_> is enabled
[14:51] <Neo4> jon_: good it means it will run after each reload automatically
[14:51] <tomreyn> jon_: unable to login via ssh until you logged in on the console, that's not something i've run into before. are you sure this is related?
[14:51] <Neo4> try make login to server using ssh key
[14:51] <Neo4> ssh -i path_to_your_public_key your_user@ip_addres
[14:51] <tomreyn> do auth.log records look different pre and post console login?
[14:52] <Neo4> jon_: if you can connect, change forbid password, put thouse three varialbes, restart server. and check promt it password or only public key
[14:53] <tomreyn> the only way i could imagine the console login coming into play there is if the system enters some sleep mode before you do.
[14:53] <jon_> tomreyn, I'm not sure but that's what happens. Websearching retuns nothing so seems very obscure. It's a vm on ESXi but not sure if that's relavent.
[14:54] <tomreyn> jon_: so how about auth.log?
[14:54] <tomreyn> also, does the system boot up completely?
[14:55] <tomreyn> Neo4: it is not an sshd configuration issue.
[14:55] <Neo4> you don't off ssh password, just set up ssh key and reload server, and check if you can go using key
[14:55] <tomreyn> it's also not an issue with how he authenticates.
[14:56] <jon_> checking...
[14:56] <Neo4> tomreyn: maybe his ssh off and he can't log in
[14:56] <Neo4> ok
[14:56] <tomreyn> we can rule this out since it works after console login, iwith unmodified sshd configuration and ssh client authentication
[15:01] <jon_> before console login auth.log shows: Connection closed by <ip> port <port> [preauth]
[15:02] <jon_> dmesg looks ok
 about is the client ip
[15:05] <jon_> abouve
[15:11] <tomreyn> jon_: are you sure the system is fully booted by the time you login to the console? can you show "systemd-analyze blame" and "systemd-analyze critical-chain"?
[15:12] <tomreyn> i meant to ask: are you sure the system is fully booted by the time you try to ssh in first?
[15:17] <jon_> systemd-analyze results: https://pastebin.com/dl/TCg94Mu7
[15:17] <jon_> hold on
[15:17] <jon_> https://pastebin.com/TCg94Mu7
[15:18] <tomreyn> same url
[15:18] <jon_> second one without /dl
[15:19] <tomreyn> oh right. please use paste.ubuntu.com or some pastebin which doesn't require the other party to work around riddles in the future.
[15:20] <jon_> I believe it's fully booted. Trying to log in after a minute or an hour is the same.
[15:21] <jon_> Thanks. Didn't know paste.ubuntu.com existed.
[15:22] <tomreyn> (pastebin.com can't be accessed from tor without solving a google captcha and accepting their cookies, has referer checks preventing direct access to some locations, requires filling a captcha to post in some cases.)
[15:23] <jon_> They must not like you :), doesn't do that to me. https://paste.ubuntu.com/p/q8ZNH38yYz/
[15:23] <tomreyn> must be that. ;) okay the systemd boot looks fine, and i'm still not sure what the problem could be.
[15:24] <jon_> And I block everything google.
[15:24] <tomreyn> at this point i guess i'll just back up the ssh configuration and reinstall it.
[15:24] <tomreyn> at this point i guess i'll just back up the ssh configuration and *purge and* reinstall openssh-server.
[15:26] <jon_> ok. purging and installing...
[15:26] <tomreyn> also its dependencies
[15:27] <tomreyn> first purge openssh-server and everything related, then install it all again.
[15:30] <jon_> ok. Do you mean autoremove after purge?
[15:30] <tomreyn> jon_: --purge autoremove is good, yes.
[15:33] <tomreyn> i'd also purge libssl1.0.0, then install again, maybe the openssh client, too, and maybe also the pam libs. apt-cache show openssh-server | grep ^Depends: | head -n1
[15:43] <jon_> tomreyn, trying to remove libssl1.0.0 complains about python-apt-common and errors out
[15:44] <jon_> "umnet dependencies"
[15:50] <tomreyn> jon_: right, it could break your system, maybe don't do it. if you still want to do it you'd need to purge uit using dpkg --purge
[15:52] <jon_> tomreyn, yes I was using using apt. I tried only purging openssh-server and reinstalling to the same result.
[15:52] <jon_> I have a snapshot so here goes....
[15:58] <chamar> elezium
[16:06] <jon_> tomreyn, I tried the default sshd_config and was able to log in via password. Going to compare configs. Thank you very much for your help and time. I'll post back here if I figure it out.
[16:07] <jon_> Neo4, thanks for the help.
[16:22] <SmirGel> In my NAS server I've tried to make the HDD to go sleep after 5 hours of idle and seagate ironwolf seems to be ignoring all the commands.
[16:50] <trippeh_> hum. isc-dhcp-server6 keeps crashing on bionic
[16:50] <trippeh_> ../../../lib/isc/heap.c:251: REQUIRE(idx >= 1 && idx <= heap->last) failed, back trace
[18:37] <jon_> tomreyn, this ssh thing is so strange. With Password and PubKey on, it asks for a password the first time after reboot but uses pubkey after that. Same as before I guess but it could ask for the password the first time.
[18:37] <jon_> *couldn't
[18:37] <jon_> oh well
[19:15] <jon_> tomreyn, Turns out /home is encrypted which needs the password to unlock before sshd can read authorized_keys. I moved that file out of home, pointed the config to and it works now. No .bashrc anymore but that is minor. Thanks again.
[19:15] <jon_> Neo4, Turns out /home is encrypted which needs the password to unlock before sshd can read authorized_keys. I moved that file out of home, pointed the config to and it works now. No .bashrc anymore but that is minor. Thanks again.
[19:16] <Neo4> jon_: ok
[19:17] <Neo4> jon_: can't torrent make
[19:17] <Neo4> https://forum.transmissionbt.com/viewtopic.php?f=1&t=19086
[19:18] <Neo4> can create torrent file and can't load using it from virtual machine
[19:19] <jon_> Neo4, I don't know about torrents. Is it specific to that or can you not download any file?
[19:20] <tomreyn> jon_: nice trick there
[19:20] <Neo4> jon_: yes, download can,and with torrent you can select any file and create your own torrent file, then put it to torrent site
[19:21] <Neo4> for example if you have 50Gb books collection you can easy share it on your site
[19:22] <jon_> How are you trying to download it? wget?
[19:22] <Neo4> or even a a few terrabaits with torrent not problem
[19:22] <Neo4> double click on file
[19:23] <Neo4> jon_: this file http://kselax.ru/Selection_066.png.torrent
[19:23] <Neo4> it won't work
[19:23] <Neo4> I need to try in windows using mtorrent
[19:25] <jon_> so you're in a vm that's running on vmware?
[19:25] <Neo4> from this site I can download, but can't share http://rutracker.org/forum/index.php
[19:26] <Neo4> jon_: no, seed runs on my local computer and on vm I run one more transmission and try download
[19:26] <Neo4> I don't know how it should work
[19:27] <Neo4> there exists trackers, it might any computer who has file say tracker site that he has full file and can give access to dowload. This calls seed
[19:28] <jon_> No idea. Torrents are out of my wheelhouse at this time.
[19:28] <Neo4> and user who don't have file say tracker site that they want to download, and might tracker sites connect seeds with leetches
[19:28] <Neo4> jon_: ok, :)
[19:28] <Neo4> this is very interesting theme