You are not logged in.
- Topics: Active | Unanswered
#76 Re: Hardware & System Configuration » openvpn server and client on same box » 2018-06-15 22:37:21
OK, i get it now. Yes, in that case the default route makes sense and your internal VPN server should also have "redirect-gateway def1" (sorry i thought you had access to the external one when asking to remove that). Well, that's going to be a bit ugly then but something along the lines of the following should work:
echo 200 isp >> /etc/iproute2/rt_tables
iptables -A PREROUTING -i eth0 -t mangle -p udp --sport [YOUR-INTERNAL-VPN-SERVER-PORT] -j MARK --set-mark 1
ip rule add fwmark 1 table isp
ip route add default via 192.168.x.1 dev eth0 table ispObviously can't really test it but it should basically mark packets coming from your internal VPN server and add a rule to make them use an entirely different routing table which does nothing but send the packets through your ISP instead of the external VPN. Rationale being: I think the problem isn't really not being able to reach the box from out side (the packets arrive just fine) the packets that the internal VPN server sends back to it's outer client get routed through the external VPN instead of being routed through your ISP as the client expects.
#77 Re: Hardware & System Configuration » openvpn server and client on same box » 2018-06-15 21:35:09
devuser wrote:"redirect-gateway def1" (that is what route-nopull would ignore if you could not control the server config) is not what you want at all.
What I'd really like to do is use the external VPN service as something like a proxy for devices connected on all the interfaces.
Devices on tunX connect to the box from outside the local network. Ideally, the flow of information would be something like this:
1) Laptop at a coffee shop connects to this box at home (tunX). It performs this by connecting to my ISP's public IP address.
2) The box at home does some filtering and monitoring, then redirects the packets through the VPN service (tunY).
3) The box receives the reply from tunY, filters/monitors, and uses tunX to send the packets to my laptop at the coffee shop.The problem is that, when tun1 is up, step 1 doesn't happen on the laptop at the coffee shop -- it hangs while trying to connect. So, if this is impossible for devices on tunX, then as a fallback, I'd like to use it for at least wlanX and ethX, and ignore tunX altogether.
So basically you want to have all all outgoing traffic directed towards the internet go over tunY?
Could you please remove all routing related config (including redirect-gateway def1) from client and server and post the output of route -n?
With push "redirect-gateway def1" removed from server.conf, the output is the same as what I posted earlier:
Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 10.8.y.1 128.0.0.0 UG 0 0 0 tunY 0.0.0.0 192.168.x.1 0.0.0.0 UG 0 0 0 ethX 10.8.x.0 10.8.x.2 255.255.255.0 UG 0 0 0 tunX 10.8.x.2 0.0.0.0 255.255.255.255 UH 0 0 0 tunX 10.8.y.0 0.0.0.0 255.255.255.0 U 0 0 0 tunY xx.xx.xxx.xx 192.168.x.1 255.255.255.255 UGH 0 0 0 ethX 128.0.0.0 10.8.y.1 128.0.0.0 UG 0 0 0 tunY 169.xxx.0.0 0.0.0.0 255.255.0.0 U 1000 0 0 ethX 192.168.x.0 0.0.0.0 255.255.255.0 U 0 0 0 ethX 192.168.y.0 0.0.0.0 255.255.255.0 U 0 0 0 wlanX
That's kinda strange since tunY still is the default route but i'll wait with drawing any conclusions until i know for sure if you actually want to route traffic to the internet over it or not.
Really, if you want to connect to the internet over tunY is the main question at this point since as is it's configured to do so by these routes (which act as a default route):
0.0.0.0 10.8.y.1 128.0.0.0 UG 0 0 0 tunY
128.0.0.0 10.8.y.1 128.0.0.0 UG 0 0 0 tunYIf you just want packets toward 10.8.y.0/24 to go over tunY this route is enough
10.8.y.0 0.0.0.0 255.255.255.0 U 0 0 0 tunYand we have to figure out why it even adds the default route or at least stop it from doing so.
#78 Re: Hardware & System Configuration » openvpn server and client on same box » 2018-06-15 18:35:31
I don't think you have to set anything routing related in OpenVPNs config. The routes on tunX and tunY were fine as far as i can tell (besides the default route pointing torwards tunY obviously). If i understand what you want to do correctly "redirect-gateway def1" (that is what route-nopull would ignore if you could not control the server config) is not what you want at all. Could you please remove all routing related config (including redirect-gateway def1) from client and server and post the output of route -n?
#79 Re: Installation » [Solved] Ascii upgrade (also) messed up this Devuan Jessie » 2018-06-15 11:49:23
Hello:
Altoid wrote:Hello:
I was able to start X, got the full desktop but still no Kb or mouse (it's plugged into the USB Kb).
So the problem persists. =^/Anyone?
Sorry, i am pretty much at loss here as i've never seen something like this before. The only thing i can recommend is checking Xorg.log for anything suspicious in relation the input devices. Maybe the "paused" message i mentioned earlier or if there is any indication of failure to detect the mouse/keyboard. Another thing that comes to mind is if you maybe have an actual X config that might be broken (outdated?) for some reason? This seemingly being related to X in general makes me think it has be somehow fixable by adjusting the config.
#80 Re: Devuan » thank you devuan community devuan developers and linux creators » 2018-06-15 11:05:39
Can't take any credit here but i am glad to hear about your positive experience. Who would have thought Linux to be such a good gaming experience with Devuan coming out on top being the icing on the cake?
I am not much of a gamer but i fully agree with Devuan being a good choice for people who want to actually understand what their system is doing. That is a very strong point for me also. On my personal setup i am down to having to get rid of dbus (which translates to finding alternatives or building my own packages for audacious and spacefm) and there be zero funky processes left. Loving it.
Also i am quite positive regarding the future of Devuan. As you say the community is great and i think it will only grow over time as more and more people taking refuge from all the damage systemd has done and thereby improving the (wo)men power behind the project.
Anyways, best luck with your season (even if i am not entirely sure what that is tbh)! Hope you'll do great and make Devuan proud! 
#81 Re: Other Issues » Strange symbol in Devuan grub menu? » 2018-06-15 08:14:08
Don't worry. People here seem generally very friendly towards other distributions. Haven't seen a single snide remark yet. Not even any jokes regarding the usual stereotypes.
#82 Re: Hardware & System Configuration » The keyboard shortcut system does not detect the brightness button » 2018-06-15 08:05:40
Which keyboard shortcut system do you mean? Also do you maybe have acpid installed? Do the keys work for changing the brightness?
#83 Re: Other Issues » Strange symbol in Devuan grub menu? » 2018-06-14 23:31:05
Please someone remind me to add derogatory icons for all other systems to the boot menu if i ever happen to release an OS. I like this idea
#84 Re: Installation » extlinux install from Devuan ASCII installer shell. » 2018-06-14 07:54:07
devuser wrote:devuan_dk_fan wrote:$ startxI wish there was something similar for Devuan, thus avoiding the login manager for those users that like to keep it simple.
I might miss something here but startx exists on Devuan?
Yes, but the process I was describing doesn't work with Debian based systems, as there is no xwmconfig. The closest to that is running
# dpkg-reconfigure gdmbut that just switches between login managers and not window managers.
I see. How about this:
#!/bin/sh
SES="$( update-alternatives --list x-session-manager )"
C=1; for S in $SES; do
echo "$C: $S"
C=$(( $C + 1 ))
done
echo
S=''; while true; do
echo -n 'Select window manager [1]: '
read I
echo "$I" | grep -q '[^0-9]' && continue
if [ -z "$I" ]; then
S=1
break;
fi
if [ "$I" -gt 0 ] && [ "$I" -lt $C ]; then
S=$I
break
fi
done
CMD="$( echo "$SES" | head -n$S | tail -n1 )"
echo "$CMD" > "$HOME/.wm"
echo "Default WM set to $CMD."Then you could just do something like:
alias startx='startx "$( cat "$HOME/.wm" )"'#85 Re: Installation » extlinux install from Devuan ASCII installer shell. » 2018-06-14 07:17:04
$ startxI wish there was something similar for Devuan, thus avoiding the login manager for those users that like to keep it simple.
I might miss something here but startx exists on Devuan?
#86 Re: Off-topic » In what country are you right Now ? » 2018-06-14 07:13:01
devuser wrote:If someone is interested in germanic languages i think dutch would be easier for english speakers than german as it doesn't have the gender/article madness and often seems closer to english than the german translations.
No, but it has quite a few words (and sentences for that matter!) that can have more then one meaning, all depending on context! This is highly confusing for those not raised with Dutch as their native language
True, dutch probably has it's very own set of pitfalls. Ik spreek nederlands een kleen betje but it's (very) far from enough to be able to hold a conversation so idiomatic expressions are beyond me.
I know, we have quite a few of those* where I work. In fact, so much so that the company offers them Dutch language lessons during company time, twice a week! I don't need that, as you may have guessed from my nick
I have to admit i had this vague feeling 
#87 Re: Hardware & System Configuration » If samba is not installed ... [solved] » 2018-06-13 14:12:54
You generally should not have to remove packages simply because they are not needed. I admit there is a strong urge to do it for minimalism obsessed people like me but usually it's completely harmless to have a couple superfluous packages. If they are really superfluous and not dependencies - even if useless - of something you want to keep is also another question (you would see it when you try to remove them and your package manager wants to remove some seemingly unrelated packages too).
#88 Re: Installation » extlinux install from Devuan ASCII installer shell. » 2018-06-13 12:39:14
That's indeed weird. I have no idea how chroot ends up trying to execute /bin/bash/sh. I've played around with busybox's chroot a bit and couldn't find a way to make it print anything but what was passed on the commandline. Out of pure curiousity: Could you try /bin/sh instead of /bin/bash and see what happens? Also does /mnt/bin/bash actually exist? If so is there anything special about it like it being a symlink or something like that?
Edit: fsmithred ninja'd me and probably has more of an idea what he's talking about than i do.
#89 Re: Hardware & System Configuration » openvpn server and client on same box » 2018-06-12 23:58:37
Yeah, the routing is just one part of the puzzle. Forwarding is the other. I guess the routing is fine beyond the superfluous default route though. The clients-lose-internet symptom is a dead giveaway and lots of OpenVPN server howtos assume the user wants run NAT and have the default route push in their configs which iirc is simply called something like push def1 so it's easy to miss that one doesn't really need this when following those.
#90 Re: Installation » [Solved] Ascii upgrade (also) messed up this Devuan Jessie » 2018-06-12 22:54:54
A quick search yielded nothing really relevant but there was an interesting Debian bug report from an user who found his keyboard broken after logging out of his xsession. He found "paused 1" messages relating to the input devices in Xorg.log. Might be worth checking for that. Sadly the report doesn't list any solution. The user just switched from slim to lightdm.
Beyond that it might be an idea to try narrowing the problem down. I'd try disabling slim (i guess this should work: update-rc.d slim disable) and see if your keyboard works after a normal boot. If it does try startx. If it still works clearly slim is the culprit.
#91 Re: Hardware & System Configuration » openvpn server and client on same box » 2018-06-12 21:24:04
Tbh i don't think i fully understood your post but those entries are OpenVPNs way of setting a default route:
0.0.0.0 10.8.y.1 128.0.0.0 UG 0 0 0 tunY
128.0.0.0 10.8.y.1 128.0.0.0 UG 0 0 0 tunYSince they are more specific they override this route:
0.0.0.0 192.168.x.1 0.0.0.0 UG 0 0 0 ethXAs for this route:
xx.xx.xxx.xx 192.168.x.1 255.255.255.255 UGH 0 0 0 ethXI guess xx.xx.xxx.xx is actually the IP of the VPN server you are connecting to, right? It's added by OpenVPN to keep routing packets to the VPN server over the external interface. Otherwise the new default route would break the connection to the server.
Bottom line: Unless you want to route packets to the internet over tunY (in which case you should give your VPN server some NAT ability) you should adjust your OpenVPN client config to ignore the default route pushed by the server. https://community.openvpn.net/openvpn/w … ectGateway has some information on how to ignore it. Of course if you control the server you could edit it's config to not push a route (or at least not such a broad one) also.
#92 Re: Installation » [Solved] Ascii upgrade (also) messed up this Devuan Jessie » 2018-06-12 12:21:40
Not sure if i can help much but a couple general questions: At what point the keyboard doesn't respond? In GUI? Can you still login to a text console? Also what kind of keyboard is it? Does it maybe need some non-free package (the instructions don't have non-free enabled which i figure you might have had before upgrading)? Said PCLinuxOS drive is in the same PC as the Devuan one (as in same keybaord, same port)?
#93 Re: Hardware & System Configuration » openvpn server and client on same box » 2018-06-12 06:36:46
I have a feeling the VPN server you are connecting to might be pushing you a default route and thereby killing your internet connection by taking packets that should really go to eth0. I'd inspect the output of route -n before and after connecting to the VPN. If the default route gets taken over you might have your culprit and you can adjust your VPN client config to ignore the pushed route.
Edit: Iirc OpenVPN does not actually replace the default route but adds 2 /1 routes and thereby takes precedence (should show up as 0.0.0.0 and 128.0.0.0) so it might not be obvious what is happening.
#94 Re: Installation » my jessie -> ascii dist-upgrade experience » 2018-06-12 06:28:20
I know this is supposed to work, in theory, but is it recommended to try debian 8 -> devuan ascii upgrade on a remote (ssh) machine? Will I lose ssh connectivity during the upgrade process, what other things should I be aware of before attempting it?
I don't think you'd lose your SSH connection as even if SSH gets restarted or removed it won't kill your active connection (no guaranties though). Also the last posts in this thread (https://dev1galaxy.org/viewtopic.php?id=2125) might be of interest. Hope this helps at least a little.
#95 Re: DIY » using live build - not getting far » 2018-06-11 20:21:02
No direct experience with live build, sorry. But from trying to build a custom debian installer ages ago i vaguely remember having to create a gpg keypair that would become the default key. Just look at the gpg man page iirc it's pretty easy.
#96 Re: Other Issues » (Un)Limited TTL for mirror Release files » 2018-06-10 09:40:07
Thanks for that. I was hoping for an easier solution as I'd have to type in every command by hand on any newly installed system and I'm one very lazy bu99er
(I'm a big fan of tab-completion and bash history scrolling
Well, you could always put it in apt's config or add an alias to your shell. You'd just have to remember to remove it before delivering the system but i agree somehow working around it on the mirror would be nicer but sadly i have no idea about how to do that.
#97 Re: Devuan » Why Devuan? » 2018-06-10 09:35:23
Wow! Great read. Don't think this can be expressed much better.
#98 Re: Installation » Post Install House Keeping » 2018-06-09 14:08:42
Post install house keeping to me is making the web browser safe to use
That's a good one. To me a system that doesn't have at least NoScript, Random User Agent Spoofer (brilliant but sadly abandoned - gotta check if some fork has appeared by now continuing development) and and some adblocker installed just feels scary.
#99 Re: Other Issues » (Un)Limited TTL for mirror Release files » 2018-06-09 13:15:20
I am not entirely sure if that helps in your situation but adding
-o Acquire::Check-Valid-Until=falseto your apt-get update command would ignore the TTL i think.
#100 Re: News & Announcements » Devuan 2.0 ASCII Stable » 2018-06-09 08:14:21
Congrats dev team! 
Board footer
