| bancroft | ravage: I tried your suggestions, here are the results. Not only did none of the changes work, but even running 1.8.31 on ubuntu 22.04 thanks to the PPA didn't work with the same error | 00:15 |
|---|---|---|
| bancroft | when I comparedthe libraries they appear to be the same, now i'm about to try 1.8.31 on ubuntu 18 for sanity | 00:17 |
| Bazyar | hello! | 00:31 |
| bancroft | ok so 1.8.31 works on ubuntu 18.04 but not on 22.04 :/ | 00:31 |
| Bazyar | I couldn't find a channel for just Microstack, what would the best channel for support be? | 00:31 |
| arraybolt3 | Bazyar: Probably an Openstack-related channel. | 00:33 |
| arraybolt3 | #openstack might be it. | 00:34 |
| arraybolt3 | If nothing else, they may be able to point you to the right channel. | 00:34 |
| Bazyar | I'll try there, thanks! | 00:39 |
| === chris14_ is now known as chris14 | ||
| === kostkon_ is now known as kostkon | ||
| wingarmac | Hi all ! | 04:38 |
| wingarmac | Can anyone help me with a wireguard issue on ubuntu server 22.04 ? I can reach with pings any computer of my VPN (even one on another ISP nat router) but my mobile phone connected on mobile data doesn't response back | 04:39 |
| wingarmac | any clue ? | 04:39 |
| wingarmac | I've a fixed public IP on my isp nat router | 04:39 |
| wingarmac | My server is the only to retain all peers | 04:40 |
| arraybolt3 | wingarmac: Can you describe better what you're trying to do? I can't tell if you're pinging from or to your mobile phone. | 04:40 |
| wingarmac | the others have only the server as peers | 04:40 |
| arraybolt3 | Like, are you trying to use your phone to connect to your VPN and then ping systems on the VPN network? | 04:40 |
| wingarmac | I ping from server to pĥone with its VPN IP | 04:40 |
| arraybolt3 | Are you sure your phone is even able to ping back? | 04:41 |
| arraybolt3 | I don't know if Android (or whatever else) is able to send ICMP packets. | 04:41 |
| wingarmac | No, I'm not sure how it works on a mobile | 04:41 |
| arraybolt3 | I'm assuming your phone is on the VPN network. | 04:41 |
| wingarmac | yes | 04:41 |
| wingarmac | I've made simillar settings as for the distant computer that works and is behind his own isp nat router | 04:42 |
| wingarmac | I just gave him a new IP and added his identity to the peers on the server | 04:43 |
| arraybolt3 | Do you have physical access to the phone at the moment? | 04:43 |
| wingarmac | yes, all the devices mentioned | 04:43 |
| arraybolt3 | I'm suspecting that if all devices other than the phone work, it may be because your phone isn't designed to be pinged, in which case it's expected that you're not able to ping it. | 04:43 |
| arraybolt3 | I'd take the phone, disconnect it from the VPN, enable its hotspot, connect to it with your laptop so that they're on the same local network, then try pinging it. | 04:43 |
| wingarmac | any other way to see if the communication is working right ? | 04:43 |
| arraybolt3 | Or connect them both to the same physical network and try pinging it. | 04:43 |
| arraybolt3 | wingarmac: You could install an SSH server app maybe. | 04:44 |
| arraybolt3 | Then try to SSH into the phone. | 04:44 |
| arraybolt3 | But we're getting a bit beyond Ubuntu support and into Android support at this point (assuming it's an Android phone) :P | 04:44 |
| wingarmac | The goal is to be able to reach it when its on mobile data. So I do not understand why I should do that ? | 04:44 |
| arraybolt3 | wingarmac: You need to know if the phone is even able to send ICMP packets in response to a ping. If it can't do that even under ideal conditions, then of course it won't do it over a VPN. | 04:45 |
| arraybolt3 | If the phone won't respond to pings, it's expected that it won't respond to pings in any circumstance. | 04:45 |
| wingarmac | okay, I understand, and it is right. This is more wireguard related as ubuntu itself, since the other devices work | 04:45 |
| arraybolt3 | Makes sense. | 04:45 |
| arraybolt3 | If you *are* able to ping the phone when your device and phone are on the same physical network, then we probably have a problem with either how the phone connects to the VPN, or possibly with the server. | 04:46 |
| wingarmac | I'll wait t'ill someone answers on the wireguard channel in that case ... No choice. | 04:46 |
| arraybolt3 | (Though if the phone does respond to pings when its on the same physical network, I would suspect the VPN app that you're using on the phone as the next likely culprit. Perhaps it blocks ICMP traffic. | 04:46 |
| arraybolt3 | wingarmac: If you install an SSH server app onto the phone, you can then try to SSH to the phone's IP and that will test the connection. | 04:47 |
| wingarmac | I remember I could ping my phone when It was not on VPN but on wifi lan normal. So the suposition about ICM packets isn't right. I'll try it again to be sure | 04:47 |
| wingarmac | arraybolt3 I'll try that to | 04:48 |
| wingarmac | arraybolt3 you see, when I connect the mobile (VPN disabled everywhere) on wifi to my lan, I can use the ping. So it isn't the phone that is not able to respond. | 04:50 |
| wingarmac | It's something that goes wrong to get the packets to the server somehow | 04:50 |
| wingarmac | arraybolt3 but when I put the phone on mobile data, I go to whatsmyip.com and try to ping my server to this IP, It is stuck | 04:52 |
| wingarmac | So I presume their is some kind of blocking on the mobile data side. | 04:53 |
| wingarmac | I wonder how it works for other VPN services. Since I've tested NordVPN before, and it did work even when my phone was on mobile data. I could ping to it. | 04:54 |
| wingarmac | So I presume I'll continue my search. Maybe a small dns service could do the trick. Like dsnmasq. | 04:55 |
| arraybolt3 | wingarmac: For some reason I thought this was a VPN you controlled. | 04:55 |
| arraybolt3 | If you're trying to ping a phone from a laptop with the phone on mobile data and both devices on a VPN owned by someone else entirely, then it's probably a problem with whatever VPN service you're using, in which case you'd want to ask them for help. | 04:56 |
| wingarmac | arraybolt3 what do you mean by that ? "I thought this was a VPN you controlled." | 04:56 |
| arraybolt3 | wingarmac: I meant, I thought you were running a VPN server on an Ubuntu Server instance and were connecting to it, thus why this was an Ubuntu Server problem. | 04:57 |
| arraybolt3 | I'm probably missing something about the setup here, but without knowing what you're trying to do and what your setup looks like, I won't be able to give very meaningful help. | 04:57 |
| wingarmac | arraybolt3 You're wrong. The laptop is peer 3 and the mobile phone is peer 4 | 04:57 |
| arraybolt3 | Yeah I don't know what that means :P | 04:58 |
| arraybolt3 | Start from the top. What all is between your computer and your phone? A server you own? A VPN service? A combination of the two? | 04:58 |
| arraybolt3 | What does "peer 3" and "peer 4" mean? What are peers 1 and 2, and how do they play into your setup? | 04:59 |
| wingarmac | https://ibb.co/CmfKMYB This is working on VPN, I now want to add my mobile to the same private network (please do not complicate it with the FQDN for now, just adding the mobile to the VPN is the intention now) | 05:01 |
| wingarmac | using its mobile data connection | 05:01 |
| arraybolt3 | OK, and lan1 is trying to ping the phone? | 05:02 |
| wingarmac | srv | 05:02 |
| arraybolt3 | Ah, OK. | 05:02 |
| arraybolt3 | And is srv a VPN server or no? | 05:03 |
| arraybolt3 | I'm just trying to figure out how srv factors into the equation other than being the machine you're trying to ping from. | 05:03 |
| wingarmac | Since wireguard is peer to peer, I can't realy call it a server, but yes, since it is the only one that has all peer keys into his setup and should be the center for all. | 05:04 |
| arraybolt3 | OK, that makes sense. I think I get it now. | 05:04 |
| wingarmac | the other peers have only the server in the peer section of the wireguard conf file | 05:04 |
| arraybolt3 | So how are you connecting the phone to the VPN? | 05:05 |
| arraybolt3 | I'm assuming you're using the WireGuard app. | 05:05 |
| wingarmac | I've copied the same setup for it as the wan1 in the picture, but change the IP and keys for the respective unit. | 05:06 |
| wingarmac | since it is also on a distant connection it has the local IP range of my network added a secondary in the AllowedIPs = | 05:07 |
| wingarmac | example AllowedIPs = 10.0.0.4/32,192.168.1.0/24 | 05:07 |
| wingarmac | This has worked for the wan1 | 05:08 |
| wingarmac | but doesn't seem to solve the issue for the mobile | 05:08 |
| arraybolt3 | OK so, your "server" has all the peer keys and is the "center" server, this may be silly but did you remember to add your phone to the server's config? | 05:08 |
| arraybolt3 | I'm guessing you did. | 05:08 |
| wingarmac | I did of course. It's not like I have an all fleet to manage | 05:08 |
| arraybolt3 | I'd start by testing things with an SSH Android app. Android doesn't let any apps run as root, so I'm wondering if maybe Wireguard is somehow not allowed to send the ICMP traffic to the Android OS underneath. But an SSH app will use a port high enough to not require root access to bind to, and might work? This is a shot in the dark, I've never used Wireguard, but that's my current suspicion. | 05:10 |
| wingarmac | I'll take a closer look to this SSH Android app | 05:11 |
| arraybolt3 | I've personally used this one before: https://play.google.com/store/apps/details?id=org.galexander.sshd&hl=en_US&gl=US | 05:12 |
| wingarmac | will putty ssh do it? there are so many ... | 05:12 |
| wingarmac | don't you have a suggestion? | 05:13 |
| arraybolt3 | You need a *server* app. | 05:13 |
| arraybolt3 | I use SimpleSSHD, which I linked to above. | 05:13 |
| arraybolt3 | *used | 05:13 |
| wingarmac | installed, what or how should I use it to debug the problem ? | 05:17 |
| wingarmac | I did just re-enable wireguard on both and opened SimpleSSHD | 05:18 |
| arraybolt3 | wingarmac: Try SSH'ing into the phone now. | 05:19 |
| arraybolt3 | You don't need to actually log in, you just need to see if the connection can be established. | 05:20 |
| wingarmac | On the mobile the server is started. I did ssh vpn_IP_mobile -p 5555 on the server side but nothing happens. | 05:22 |
| arraybolt3 | And the server is on port 5555? I expected it would be on 2222. | 05:23 |
| wingarmac | yes | 05:23 |
| wingarmac | vpn is set to use 5555 | 05:23 |
| arraybolt3 | OK, so that probably means all incoming traffic is being blocked. | 05:23 |
| wingarmac | I think so to | 05:23 |
| arraybolt3 | wingarmac: But which port is SimpleSSHD set to listen on? | 05:24 |
| wingarmac | how to see that ? | 05:24 |
| arraybolt3 | There should be a Settings button somewhere. (Sorry, been a while since I've used it and I don't have a phone anymore so I can't test it.) | 05:24 |
| wingarmac | I see only IP's on screen and start/stop button | 05:24 |
| arraybolt3 | There isn't a triple-dots somewhere in the upper-right corner? | 05:25 |
| arraybolt3 | Or near the top of the screen? | 05:25 |
| wingarmac | I need to set it on the same port as VPN ? | 05:25 |
| arraybolt3 | Doesn't the VPN basically join the phone to the same network as the othr machines? | 05:25 |
| arraybolt3 | I'd try to SSH to the phone using it's IP on the Wireguard network. | 05:26 |
| wingarmac | yes, no error its connected | 05:26 |
| arraybolt3 | Oh. That may be the problem all along. | 05:26 |
| arraybolt3 | If you're going to whatismyip to find the phone's IP, that probably won't work - it will show the public IP of your router most likely. | 05:26 |
| arraybolt3 | You'd have to find what IP the Wireguard network has assigned to the phone. | 05:27 |
| wingarmac | The wan IP you mean by that ? | 05:27 |
| arraybolt3 | wingarmac: Did you mention whatismyip earlier? | 05:27 |
| arraybolt3 | Sorry, I'm tried and losing track of things. | 05:27 |
| arraybolt3 | *tired | 05:27 |
| arraybolt3 | wingarmac: Blah. You know what I'm trying to say. Try to SSH to the phone using it's Wireguard IP and the port that SimpleSSHD is listening on (probably port 2222). So change the -p 5555 to -p 2222 and see if that works. | 05:28 |
| arraybolt3 | (I'm getting frustrated with myself, not you.) | 05:28 |
| wingarmac | Well when opening SimpleSSHD, it shows my LAN range VPN IP and a public IP, I presume its the one you're talking wbout | 05:28 |
| arraybolt3 | Yeah. | 05:29 |
| arraybolt3 | Most likely. | 05:29 |
| wingarmac | arraybolt3 I do not mind, you're kind helping me. That's enough to be greatfull | 05:29 |
| arraybolt3 | Thanks :) | 05:29 |
| wingarmac | ssh 10.0.0.4 -p 2222 | 05:31 |
| wingarmac | ssh: connect to host 10.0.0.4 port 2222: No route to host | 05:31 |
| wingarmac | root@ubserv:~# ssh 100.80.5.57 -p 2222 | 05:31 |
| wingarmac | ^C | 05:31 |
| wingarmac | the last command just get stuck, I did CTRL+C | 05:32 |
| arraybolt3 | Blah. OK, no route to host... /me looks up what that means, I've seen this before | 05:32 |
| arraybolt3 | Yeah so basically it's saying that the phone can't be found on the network. Shocker. | 05:34 |
| arraybolt3 | So here's a question - from the phone, can you ping the server? | 05:34 |
| arraybolt3 | Over the VPN. | 05:34 |
| arraybolt3 | I'm wondering if maybe the Wireguard app is only meant to allow outgoing connections and not incoming ones. | 05:35 |
| wingarmac | https://ibb.co/txt1yhK is what I get on the mobile | 05:36 |
| wingarmac | I tried both IP4 wan and lan, but none did work. | 05:37 |
| wingarmac | How do I ping from the mobile to the server ? | 05:37 |
| arraybolt3 | wingarmac: Hmm, right, because the phone doesn't have `ping` built in most likely... | 05:38 |
| arraybolt3 | Blah. There's an app on F-Droid called Termux that will let you run Linux terminal commands on the phone, but I don't know how much you want to trust a random Internet stranger's recommendation to download a random app that isn't in Google Play. | 05:40 |
| arraybolt3 | https://termux.dev/en/ if you are interested. | 05:40 |
| arraybolt3 | (The Google Play version is outdated and not recommended.) | 05:40 |
| wingarmac | It's installing | 05:40 |
| wingarmac | By the way, do you think that I could solve it with the use of DNSmasq. Since I will need to attach my domainname to my private network, I presume I'll need to install it. Isn't it ? | 05:41 |
| wingarmac | So I thought the solution might cme with the setup of it as aninternal DNS server on lan | 05:42 |
| arraybolt3 | I have no idea if another server will fix it. | 05:43 |
| arraybolt3 | I have very limited experience with most of this and am mostly resorting to universal troubleshooting tactics. | 05:44 |
| wingarmac | it will route the packets to the right computer after entering the nat router. That's what I've been told. | 05:44 |
| wingarmac | I thought I could prevent any other server install, but at some point it might be a prerequisite to make what I'm intend to work. | 05:45 |
| wingarmac | arraybolt3 Anyway, thank you again so far ! It's really appreciated ! Cheers | 05:47 |
| arraybolt3 | wingarmac: Thanks for your patience, and I hope we're able to make this work. | 05:47 |
| wingarmac | :) I will ! | 05:48 |
| === nihe_ is now known as nihe | ||
| athos | Hi bryceh! I was thinking about doing a php clean up in lunar proposed (update excuses) before the feature freeze | 13:03 |
| athos | however, there are lots of packages there which were changed to depend on php8.2 (universe packages) | 13:04 |
| athos | What is the approach you would take for those? Just let them be carried to mm (next cycle) or patch each package to depend on php8.1 and revert those patches once we start the 8.2 migration? | 13:05 |
| === shokohsc69 is now known as shokohsc6 | ||
| === chris15 is now known as chris14 | ||
| === lord_black is now known as lord_daemon | ||
| bryceh | yep, in the situation we're in this release those can probably be ignored, unless they look like they have necessary changes, in which case yeah you can attempt to delta them to downgrade. In the latter case I'd stage in a PPA in case the underlying source does actually need something in php8.2 to build or autopkgtest. | 17:54 |
| === chris14_ is now known as chris14 | ||
| === chris15 is now known as chris14 | ||
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!