| === elastic_dog is now known as Guest8345 | ||
| === adendrag33 is now known as adendrag3 | ||
| === adendrag332 is now known as adendrag33 | ||
| === adendrag332092 is now known as adendrag33209 | ||
| === adendrag332091 is now known as adendrag33209 | ||
| michele | I'm using needrestart with the configuration "automatically restart daemons". However, my logs say: Services to be restarted: | 10:11 |
|---|---|---|
| michele | systemctl restart nginx.service | 10:11 |
| michele | Even though it does not restart nginx. | 10:11 |
| michele | How can I understand why? | 10:11 |
| punkgeek | Hello, I want to forward l2tp connection from a middle server (like tunnel), i'm using the following iptables command but it doesn't work, any suggestion? | 13:28 |
| punkgeek | sudo sysctl net.ipv4.ip_forward=1 | 13:28 |
| punkgeek | iptables -t nat -A POSTROUTING -p udp --match multiport --sports 1701,500,4500,50 -j MASQUERADE | 13:28 |
| punkgeek | iptables -t nat -A PREROUTING -p udp --match multiport --sports 1701,500,4500,50 -j DNAT --to-destination #ip | 13:28 |
| sdeziel | punkgeek: did you intend to use *source* ports? I'm not sure why you handle UDP ports 50, 500 and 4500? Feels like some confusion with IPsec/IKE | 14:21 |
| punkgeek | sdeziel: What do you mean about source ports? as I understand, l2tp use 1701 port | 14:23 |
| sdeziel | punkgeek: `--sports` tells IPtables to match on source port numbers | 14:23 |
| sdeziel | and it's more common to match on destination ports `--dports` | 14:24 |
| sdeziel | because the source ports can be rewritten by say NAT/masquerading | 14:24 |
| sdeziel | punkgeek: could you elaborate on what you want to do? The big picture. | 14:27 |
| punkgeek | sdeziel: yes sorry, I wrote the mistake command in here. I'm using dports but it didn't work and here is the tcpdump output: | 14:28 |
| punkgeek | IP #My_IP.33807 > #middle_server.1701: l2tp:[TLS](0/0)Ns=0,Nr=0 *MSGTYPE(SCCRQ) *PROTO_VER(1.0) *FRAMING_CAP(AS) *BEARER_CAP() FIRM_VER(1680) *HOST_NAME(Alireza-LP) VENDOR_NAME(xelerance.com) *ASSND_TUN_ID(34711) *RECV_WIN_SIZE(8) | 14:28 |
| punkgeek | IP #My_IP.33807 > #VPN_server.1701: l2tp:[TLS](0/0)Ns=0,Nr=0 *MSGTYPE(SCCRQ) *PROTO_VER(1.0) *FRAMING_CAP(AS) *BEARER_CAP() FIRM_VER(1680) *HOST_NAME(Alireza-LP) VENDOR_NAME(xelerance.com) *ASSND_TUN_ID(34711) *RECV_WIN_SIZE(8) | 14:28 |
| punkgeek | IP #My_IP.33807 > #middle_server.1701: l2tp:[TLS](0/0)Ns=1,Nr=0 *MSGTYPE(StopCCN) *ASSND_TUN_ID(34711) *RESULT_CODE(1/0 Server closing) | 14:28 |
| punkgeek | IP #My_IP.33807 > #VPN_server.1701: l2tp:[TLS](0/0)Ns=1,Nr=0 *MSGTYPE(StopCCN) *ASSND_TUN_ID(34711) *RESULT_CODE(1/0 Server closing) | 14:29 |
| punkgeek | sdeziel: I want to connect to an l2tp server outside of our country but because of Iranian government censorship, it is blocked. So i want to use a tunnel server | 14:30 |
| sdeziel | punkgeek: are you using IPsec/L2TP? | 14:31 |
| punkgeek | sdeziel: yes, without preshared key | 14:32 |
| sdeziel | punkgeek: are you connecting to a VPN provider or a box you've setup yourself? | 14:32 |
| punkgeek | sdeziel: it is my vpn server. I can access it from outside of country but my friends are not able from inside. | 14:34 |
| sdeziel | punkgeek: I would suggest you look at wireguard or if you insist/need to use IPsec, use IKEv2 which let go of the overly complex IPsec/L2TP combo | 14:36 |
| === elastic_dog is now known as Guest2898 | ||
| === pizzaiolo is now known as pizza | ||
| baldpope | I recently installed landscape server on-permise, however I'm seeing errors when inviting other admins via email, but I saw no way to configure an smtp server in landscape, I'd assume it's just using the on box ssmtp.conf / client? | 18:11 |
| znf | the hell is landscape | 18:28 |
| znf | Oh, I see | 18:29 |
| znf | meh. 10 machines free, rest $$ | 18:30 |
| baldpope | yea just wanted to check it out | 18:34 |
| baldpope | can do some of the same things with ansible, but having a dashboard is nice | 18:34 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!