[03:23] Anyone know a semi-quick/simple way to install OpenVPN on Ubuntu Server(Kinda similar to how PiVPN is easy to install) [04:38] I have a vm that's inaccessable... it's in emergency and asking for a root password... but as we know, ubuntu doesn't have a default root pass... what do I do here?!?! [04:40] it's a server 18.04 vm on a xen host (not xenserver, straight xen project), so I can't just boot an ISO, I tried, it doesn't boot === disposable3 is now known as disposable2 === lotuspsychje_ is now known as lotuspsychje [07:25] Hi guys [08:31] A start job is running for raise network interfaces (5 mins 1 sec) [08:31] can you help me [08:48] Hi, when i login via SSH to my server it says "67 packages can be updated", but when I run apt upgrade it says 0 packages to upgrade? [09:00] Seems completely broken somewhere! https://pastebin.com/ump3RWZu [09:00] can anyone assist? [09:36] Think its the MOTD [09:36] anyone know how to force update it ? [10:20] ren0v0: what's the output of running /usr/lib/update-notifier/apt-check? That's what the motd uses. [10:22] ren0v0: I think you can remove /var/lib/update-notifier/updates-available but it gets recreated daily (or something like that) anyway [10:22] ren0v0: via /etc/update-motd.d/90-updates-available [15:12] Hi guys [15:12] Need help [15:13] I have a problem in installing pihole docker version on ubuntu server 18 [15:13] It says that port 53 is alrrady used [15:16] Anyone can help me? [15:51] technoob: perhaps fix your connection first. [15:51] How? [15:51] technoob: your connection that's making you disconnect from IRC I mean [15:51] I see [15:51] nobody here is gonna play parrots to repeat stuff said when you were disconnected [15:52] Its because of my phone [15:52] that said.... on a certain IP address (like localhost), there can be only one process listening at a port number [15:52] by default ubuntu uses systemd-resolved as local resolver (and before that dnsmasq) which are all taking port 53. So if you want something else to listen on that : combo, you'll have to disable whatever is running right now. [15:52] My phone keeps on disconnecting sorry [15:53] I see [15:54] How do i disable those running? I tried netstat and i see dnsmasq and systemd resolver [15:54] Those 2 are listening [15:55] they can't both be listening on the same ip:port combo [15:55] iirc systemd-resolved is not at 127.0.0.1, right? [15:59] Im not sure what ip it was [15:59] My server is off right now [15:59] So couldnt check [15:59] But dnsmasq and the resolver have different ip [15:59] But same port [16:01] it listens _of course_ ;-) at 127.0.0.53 [16:04] Backflow [16:04] blackflow [16:05] technoob: alright so, you have two options here. One, use pihole as the only resolver, or two, tell resolved to use pihole as its "upstream" (since resolved is just stub) [16:06] option two should be most simple one, requiring only a change in /etc/systemd/resolved.conf, adding a proper DNS= line. That also requires your pihole docker to run at another ip [16:07] Ill try the easy one [16:07] So what dns should i add or change in conf [16:11] blackflow [16:12] to the IP where the pihole is listening on [16:12] why don't you learn to create a network in docker, then have your pihole docker use a specific ip on your network, without having to gut ubuntu's resolv system [16:12] there we go.... the parrot game [16:12] technoob: why don't you learn to create a network in docker, then have your pihole docker use a specific ip on your network, without having to gut ubuntu's resolv system [16:13] technoob: and set DNS= to the IP where the pihole is listening on [16:14] mybalzitch i see. I could do that too but im really new to sysadmin and alot of things are so confusing [16:14] Thats why im asking [16:15] But i will take into consideration your advice as i too also dont like to gut ubuntus default configuration [16:16] That was the reason why i opted to use a docker so that there is minimal changes done to the original env [16:16] Forgive me if i have used wrong terms [16:16] blackflow thanks ill try that maybe later as i need to get some shut eye [16:30] Hi everyone. [16:31] What is the best way to setup a VM as a vpn-router? has someone a guide on hand? I tried now serveral times and problems with dnsmasq openvpn and dnsleaks are coming back, im stuck. [16:33] kab0m: debian or ubuntu. last you asked about resolv.conf was for debian. the two have very different default network settings paradigms. [16:34] blackflow: i tried with both debian and ubuntu...no success so far...atm im happy with any of those two systems.i just need to get things running [16:34] *i would be hapyp with guides for any of those systems [16:35] kab0m: what I'd personally do, and what I _do_ actually, is replace the default resolving stack wiht a local bind resolver. you can use unbound as well. which includes a static /etc/resolv.conf . most flexible, best control, no leaks. In contrast, there's been a plenty of reports about systemd-resolved not playing nicely with VPNs [16:36] default stuffs in ubuntu are complex layers upon layers of reinvented or badly invented software. [17:39] blackflow: thanks for the hints ;) do you maybe have a guide or a tutorial which i can use to start with? [17:40] nothing in my bookmarks, sorry [18:38] Pici: we miss ubottu - could you have a look? [19:46] is there a minimum disksize for a ubuntu-server installation? because i tried with 5gb and i couldn't select the disk as it is greyed out in the installer? [19:47] thats a bit small [19:47] I mean disk is cheap......I would think at least 20 [19:48] Ussat: i think 20gig a bit overpowered for a little service thats running on this thing. [19:49] well then choose what you want [19:49] like I said disk is cheap [19:49] https://help.ubuntu.com/community/Installation/SystemRequirements#Ubuntu_Server_.28CLI.29_Installation states 5GB should be enough...but the installer says nothing about [19:50] ... [19:50] Ussat: btw its a VM [19:50] so use 10 [19:58] 10 works fine for a basic installation without many services [19:59] 10G was the key, thanks Ussat and tomreyn [20:00] I just thin provision all my vm's and dont worry about it. If you give it 100G it doesnt matter, only uses what it needs [20:13] thanks Pici, it's back [22:06] kab0m: 2GB should do for a server - I have that on a few VMs [22:07] the base install for a server takes up 1GB or perhaps 1,2GB [22:08] plus swap [22:08] RoyK: Strange...i couldn't install it with 5GB as the installer greyed out the disk and i had to up the size to at least 9GB..how did you pass the ubuntu-server installer with that small disk? [22:08] you want a bit of swap [22:08] kab0m: was this the new installer or the old one? [22:09] RoyK: the latest ubuntu-18.04.2-live-server-amd64.iso [22:09] use the old installer [22:10] you really don't need nine gigs for a basic server installation [22:10] which one is the installer and what exactly is the difference? [22:10] and then - take a copy of that installation and use it again [22:10] the new installer is fancy and flashy and - well - sucks [22:11] they made a new one to make everything flashy and forgot about making it useful [22:11] hate it when that happens [22:11] even for ubuntu desktop, you won't need 9 gigs for a base install [22:12] RoyK: Ok good to know :D where can i find the "old" installer? and does it have any disadvantages? [22:12] RoyK: LOL iirc the desktop installer now requires at least 20GB ore something like that? ^^ [22:13] its just insane [22:13] kab0m: "traditional installer" on ubuntu.com download [22:13] kab0m: that's just bit weird [22:13] anyone here [22:14] o/ [22:14] no [22:15] looking for websites or book recommendations that go in depth on securing 18.04. My searches give pretty basic security info and looking to see if community has some recommendations [22:16] RoyK: well, i fell for the shiny new installer as canonical has hidden the traditional very well on their download page as i see now^^ [22:16] It's because the installer uses an image which is generated at 8G. [22:16] If you're using a VM, using an installer is like being in the dark ages. Use a cloud image. [22:16] kab0m, RoyK: ^ [22:17] rbasak: ahhh thanks for the insight. ahm ok, where can i find the cloud images...also on ubuntu.com? [22:17] cloud-images.ubuntu.com, but rather than using it direct, use tooling that uses an image. [22:17] Try vagrant or multipass or uvtool. [22:19] rbasak: tbh i have my vms running in virtualbox lol i guess something like unraid etc would be a better idea...but that would mean i would have to migrate everything, which i try to avoid atm [22:19] vagrant supports virtualbox natively I think. [22:19] Though vagrant images aren't suitable for production use unless they've changed how they do things. [22:22] rbasak: is vagrant some kind of esxi vsphere clone? [22:33] vagrant is a tool for automating VM install and configuration [22:34] it has a virtualbox provider by default, but there's also other ones. I use the libvirt provider quite often to bring up VMs on KVM for testing purposes. [22:34] the ISOs for the installer are also pretty easy to snag from archive.ubuntu.com [22:45] thanks ec0 [23:06] no problem! [23:12] So obviously I have UFW enabled on my Ubuntu Server, i have it to allow SSH, and Apache as I use it as a Web Server and a SFTP Server. I recently installed PiHole onto it so I can use my RaspberryPi for other nifty and fun things. Anyway, since I have the PiHole as my DHCP server and such, I would need to allow ports 67, and 68 correct? Would I also need to allow DNS(53)? [23:15] yes if you are serving dns to the restof the network [23:15] (which you probably will want to) [23:25] Ok, Thank you. Now my other question is, if I 'ufw allow 67' it will add it to v6 as well, is that necessary or is there a way not add it to v6 [23:30] or does it really not matter? === Bodenhaltung_ is now known as Bodenhaltung [23:46] Exmix, no, The excellent thing about UFW is that enables the firewall on both IP stacks [23:51] So it doesn't matter if the v6 is there or not, gotcha. Thanks OerHeks