Re: [gentoo-user] [OT] What is the best open-source VPN server for Linux?

2018-04-04 Thread R0b0t1 
On Wed, Apr 4, 2018 at 3:18 PM, gevisz  wrote:
> A friend of mine asked me to recommend him an open-source
> VPN-server for Linux but unfortunately I never used one.
>

If not https://www.wireguard.com/, I recommend OpenVPN. You could try
to set up IPsec if you wanted.

> After some googling, I have found OpenVPN but do not know
> if it is the best choice that suits his purposes, namely to access
> local network that does not have its own fixed IP from the outside.
>
> To be more precise: the local network to be accessed to from the
> outside is part of another local network. The latter (outer) network
> has its own fixed IP but the former (inner) network gets its IP via DHCP.
> So, it is impossible to connect to a computer in the inner network
> from the outside directly.
>
> The computer in local network to be connected runs Windows.
> The said friend of mine have tried to run some VPN server from
> Windows but it somehow hangs the "inner" computer when
> his "outer" computer has problems connecting to the Internet.
>
> So, now his idea is
> 1) to run a virtual machine in the "inner" (Windows) computer,
> 2) to install into this virtual machine very lightweight Linux server
> only to run in it a VPN-server that should help him to connect
> from the outside to the "inner" host (Windows) computer, which
> has its fixed IP within the inner local network.
>

I'm not sure this makes sense. Firstly, in the case of OpenVPN at
least, there is a Windows client and associated signed fake network
device drivers. Perhaps if using Wireguard you might want to connect
through a VM to your VPN; I am not sure if there is a Windows client.

Secondly - you need the VPN server to be running on a computer which
is globally accessible. If your friend is in the US or some parts of
Europe their home line may not be behind NAT, and would work if set up
properly. In general most networks you connect to will not work. You
will always need one computer which is not behind NAT.

Cheers,
 R0b0t1

Re: [gentoo-user] [OT] What is the best open-source VPN server for Linux?

2018-04-04 Thread Mick 
On Wednesday, 4 April 2018 23:02:20 BST Grant Taylor wrote:
> On 04/04/2018 02:18 PM, gevisz wrote:
> > A friend of mine asked me to recommend him an open-source VPN-server
> > for Linux but unfortunately I never used one.
> 
> That's a loaded ask.
> 
> > After some googling, I have found OpenVPN but do not know if it is the
> > best choice that suits his purposes, namely to access local network that
> > does not have its own fixed IP from the outside.
> 
> Okay

This may be solvable, if the public facing gateway can be configured to 
forward the requisite ports/protocols to the LAN where the host is located.


> > To be more precise: the local network to be accessed to from the outside
> > is part of another local network. The latter (outer) network has its
> > own fixed IP but the former (inner) network gets its IP via DHCP.  So,
> > it is impossible to connect to a computer in the inner network from the
> > outside directly.
> 
> Is this toplolgy accurate?
> 
> (Client)---(Internet)---(OR)---(IR)---(Host)

The OR can port forward the incoming VPN connection to the IR.  The IR can 
then act as a VPN gateway for the inner LAN.


> I'm guessing that your friend (client) wants to access something (host)
> on the inner network.  But to do so requires passing through the
> Internet through Outer Router (with a static IP on the outside (left))
> and through the Inner Router (which has a dynamic IP on the outside
> (left) obtained via DHCP)).  Is that correct?
> 
> What sort of control does your friend have on the OR & IR?
> 
> Is NAT in use on either OR or IR?
> 
> What sort of
> 
> > The computer in local network to be connected runs Windows.  The said
> > friend of mine have tried to run some VPN server from Windows but it
> > somehow hangs the "inner" computer when his "outer" computer has problems
> > connecting to the Internet.
> 
> Are you saying that the Host in the diagram above is running Windows?
> Or are you referring to a different system?
> 
> > So, now his idea is
> > 1) to run a virtual machine in the "inner" (Windows) computer,
> > 2) to install into this virtual machine very lightweight Linux server
> > only to run in it a VPN-server that should help him to connect from the
> > outside to the "inner" host (Windows) computer, which has its fixed IP
> > within the inner local network.
> 
> The VM may or may not be needed.
> 
> Assuming that NAT is in play on OR and IR (worst case), then just about
> /any/ form of VPN initiating from the outside will be fraught with
> uphill battles.
> 
> It is likely possible that your friend can reconfigure both OR and IR to
> forward a port from the Internet to Host.  But that will likely mean
> that IR will need to have a static IP on it's outside interface.  -  I'm
> guessing this can't be done or that it would have already been done.
> 
> I think that your friend's best bet is to have the IR initiate an
> outbound VPN to something on the Internet that the Client can then
> initate connections to.  (I'm happily using a $5/month Linode VPS to do
> this.)
> 
> There may be ways to make this work without having the Host initiate
> outbound connections, but I'm not sure what they would be.
> 
> As for which VPN, a number of people like OpenVPN.  I personally prefer
> OpenSSH's ability to do a routed (L3) (or bridged L2) VPN.  (I've got
> SSH exposed already, so it's one less port to expose.)  I see a number
> of people bragging about WireGuard.  Of course there are the old PPTP /
> L2TP / IPSec, though I would avoid them for this install.  I'm sure
> there are a number of other VPN technologies that I'm not thinking of.

PPTP has been insecure for years and best be avoided.

L2TP within IPSec is OK, but check what crypto the MSWindows uses.  Last time 
I looked Win7 was not strong enough.

IKEv2 + IPSec with strong crypto for both, is my personal preference for 
gateway-to-gateway VPNs.

MSWindows also has SSTP (because MSoft had to create their own clone of 
OpenVPN).  I think there's a Linux VPN client which will work with that:

 net-misc/sstp-client

but have never tried it.

Of course, if the above network topology suggested by Grant is correct, then 
you will likely be limited by whatever VPN software comes with IR.

In all cases, make sure you use TLS RSA/SHA2 certificates for both client and 
VPN gateway authentication.

Finally, check out Wireguard.  It was designed from the ground up to overcome 
the complexity of previous VPN solutions.  I have not tried it out yet, but 
will be next time I have to set up a VPN tunnel with a non-legacy router.

-- 
Regards,
Mick

signature.asc
Description: This is a digitally signed message part.

Re: [gentoo-user] sddm no longer working

2018-04-04 Thread Bill Kenworthy 
On 04/04/18 23:14, Alexander Puchmayr wrote:
> Hi there,
>
> After last update, on one machine sddm-0.17.0-r1 no longer does not anything 
> anymore. Systemd starts the service, and systemctl status shows that the sddm 
> is running, and also ps jax shows a running sddm. 
>
> apollo ~ # systemctl status sddm
> ● sddm.service - Simple Desktop Display Manager
>Loaded: loaded (/lib/systemd/system/sddm.service; enabled; vendor preset: 
> disabled)
>Active: active (running) since Wed 2018-04-04 16:41:28 CEST; 2s ago
>  Docs: man:sddm(1)
>man:sddm.conf(5)
>  Main PID: 8350 (sddm)
>CGroup: /system.slice/sddm.service
>└─8350 /usr/bin/sddm
>
> Apr 04 16:41:28 apollo systemd[1]: Started Simple Desktop Display Manager.
> Apr 04 16:41:28 apollo sddm[8350]: Initializing...
> Apr 04 16:41:28 apollo sddm[8350]: Logind interface found
> Apr 04 16:41:28 apollo sddm[8350]: Starting...
>
> But thats all. It does not create a log file (/var/log/sddm.log not touched, 
> no 
> entry), it does not start X (no process). It seems like sddm is starting and 
> waiting for something I don't know.
>
> Any ideas?
>
> Thanks,
>   Alex
>
>
Had something similar (non-systemd) - make sure you complete all the X
updates, run revdep-rebuild and then re-emerge sddm.


BillK

Re: [gentoo-user] [OT] What is the best open-source VPN server for Linux?

2018-04-04 Thread Grant Taylor 

On 04/04/2018 02:18 PM, gevisz wrote:
A friend of mine asked me to recommend him an open-source VPN-server 
for Linux but unfortunately I never used one.


That's a loaded ask.

After some googling, I have found OpenVPN but do not know if it is the 
best choice that suits his purposes, namely to access local network that 
does not have its own fixed IP from the outside.


Okay

To be more precise: the local network to be accessed to from the outside 
is part of another local network. The latter (outer) network has its 
own fixed IP but the former (inner) network gets its IP via DHCP.  So, 
it is impossible to connect to a computer in the inner network from the 
outside directly.


Is this toplolgy accurate?

(Client)---(Internet)---(OR)---(IR)---(Host)

I'm guessing that your friend (client) wants to access something (host) 
on the inner network.  But to do so requires passing through the 
Internet through Outer Router (with a static IP on the outside (left)) 
and through the Inner Router (which has a dynamic IP on the outside 
(left) obtained via DHCP)).  Is that correct?


What sort of control does your friend have on the OR & IR?

Is NAT in use on either OR or IR?

What sort of

The computer in local network to be connected runs Windows.  The said 
friend of mine have tried to run some VPN server from Windows but it 
somehow hangs the "inner" computer when his "outer" computer has problems 
connecting to the Internet.


Are you saying that the Host in the diagram above is running Windows? 
Or are you referring to a different system?



So, now his idea is
1) to run a virtual machine in the "inner" (Windows) computer,
2) to install into this virtual machine very lightweight Linux server 
only to run in it a VPN-server that should help him to connect from the 
outside to the "inner" host (Windows) computer, which has its fixed IP 
within the inner local network.


The VM may or may not be needed.

Assuming that NAT is in play on OR and IR (worst case), then just about 
/any/ form of VPN initiating from the outside will be fraught with 
uphill battles.


It is likely possible that your friend can reconfigure both OR and IR to 
forward a port from the Internet to Host.  But that will likely mean 
that IR will need to have a static IP on it's outside interface.  -  I'm 
guessing this can't be done or that it would have already been done.


I think that your friend's best bet is to have the IR initiate an 
outbound VPN to something on the Internet that the Client can then 
initate connections to.  (I'm happily using a $5/month Linode VPS to do 
this.)


There may be ways to make this work without having the Host initiate 
outbound connections, but I'm not sure what they would be.


As for which VPN, a number of people like OpenVPN.  I personally prefer 
OpenSSH's ability to do a routed (L3) (or bridged L2) VPN.  (I've got 
SSH exposed already, so it's one less port to expose.)  I see a number 
of people bragging about WireGuard.  Of course there are the old PPTP / 
L2TP / IPSec, though I would avoid them for this install.  I'm sure 
there are a number of other VPN technologies that I'm not thinking of.


I'm using OpenSSH's VPN feature between an inside client machine to an 
external Linode VPS that functions as a midway rondevu point.




--
Grant. . . .
unix || die

[gentoo-user] [OT] What is the best open-source VPN server for Linux?

2018-04-04 Thread gevisz 
A friend of mine asked me to recommend him an open-source
VPN-server for Linux but unfortunately I never used one.

After some googling, I have found OpenVPN but do not know
if it is the best choice that suits his purposes, namely to access
local network that does not have its own fixed IP from the outside.

To be more precise: the local network to be accessed to from the
outside is part of another local network. The latter (outer) network
has its own fixed IP but the former (inner) network gets its IP via DHCP.
So, it is impossible to connect to a computer in the inner network
from the outside directly.

The computer in local network to be connected runs Windows.
The said friend of mine have tried to run some VPN server from
Windows but it somehow hangs the "inner" computer when
his "outer" computer has problems connecting to the Internet.

So, now his idea is
1) to run a virtual machine in the "inner" (Windows) computer,
2) to install into this virtual machine very lightweight Linux server
only to run in it a VPN-server that should help him to connect
from the outside to the "inner" host (Windows) computer, which
has its fixed IP within the inner local network.

Thank you for advance and sorry for a bit of offtopic.

Re: [gentoo-user] Re: Firefox and addons no longer supported question

2018-04-04 Thread Wol's lists 

On 02/04/18 21:50, Philip Webb wrote:

180402 Dale wrote:

After each period at the end of a sentence, I put in two spaces, not one.
Something I was taught years ago somewhere and still do.
I only put one after a comma tho.

That is correct professional secretarial style, which I always follow too.

I was taught to always start every paragraph with an indent. Which I 
believe is against "professional secretarial style".


Different horses, different courses. I believe the indent was dropped to 
save a keystroke, so why the double-space is there (requiring an extra 
keystroke) I don't know.


And why use secretarial style when you're typesetting? One is for 
letters, the other is typically for books ... that's the trouble with 
all this Artificial Stupidity - it blindly enforces rules that are 
irrelevant (or even wrong!!!) for the current scenario.


Cheers,
Wol

Re: [gentoo-user] sddm no longer working

2018-04-04 Thread Alexander Puchmayr 
Am Mittwoch, 4. April 2018, 17:20:17 CEST schrieb Jack:
> On 2018.04.04 11:14, Alexander Puchmayr wrote:
> > Hi there,
> > 
> > After last update, on one machine sddm-0.17.0-r1 no longer does not
> > anything anymore. Systemd starts the service, and systemctl status
> > shows that the sddm is running, and also ps jax shows a running sddm.
> > 
> > apollo ~ # systemctl status sddm
> > ● sddm.service - Simple Desktop Display Manager
> > 
> >Loaded: loaded (/lib/systemd/system/sddm.service; enabled; vendor
> > 
> > preset: disabled)
> > 
> >Active: active (running) since Wed 2018-04-04 16:41:28 CEST; 2s ago
> >
> >  Docs: man:sddm(1)
> >  
> >man:sddm.conf(5)
> >  
> >  Main PID: 8350 (sddm)
> >  
> >CGroup: /system.slice/sddm.service
> >
> >└─8350 /usr/bin/sddm
> > 
> > Apr 04 16:41:28 apollo systemd[1]: Started Simple Desktop Display
> > Manager.
> > Apr 04 16:41:28 apollo sddm[8350]: Initializing...
> > Apr 04 16:41:28 apollo sddm[8350]: Logind interface found
> > Apr 04 16:41:28 apollo sddm[8350]: Starting...
> > 
> > But thats all. It does not create a log file (/var/log/sddm.log not
> > touched, no entry), it does not start X (no process). It seems like
> > sddm is starting and waiting for something I don't know.
> > 
> > Any ideas?
> > 
> > Thanks,
> > 
> > Alex
> 
> Can you start X manually?  Is there anything relevant in
> /var/log/Xorg.0.log?

Yes, I can start X manually, and it seems to work. But sddm does not even 
start X.

> Are all sddm config files OK?

I think so. They look the same as before the update (where it worked fine)

Alex

Re: [gentoo-user] sddm no longer working

2018-04-04 Thread Jack 

On 2018.04.04 11:14, Alexander Puchmayr wrote:

Hi there,

After last update, on one machine sddm-0.17.0-r1 no longer does not  
anything anymore. Systemd starts the service, and systemctl status  
shows that the sddm is running, and also ps jax shows a running sddm.


apollo ~ # systemctl status sddm
● sddm.service - Simple Desktop Display Manager
   Loaded: loaded (/lib/systemd/system/sddm.service; enabled; vendor  
preset: disabled)

   Active: active (running) since Wed 2018-04-04 16:41:28 CEST; 2s ago
 Docs: man:sddm(1)
   man:sddm.conf(5)
 Main PID: 8350 (sddm)
   CGroup: /system.slice/sddm.service
   └─8350 /usr/bin/sddm

Apr 04 16:41:28 apollo systemd[1]: Started Simple Desktop Display  
Manager.

Apr 04 16:41:28 apollo sddm[8350]: Initializing...
Apr 04 16:41:28 apollo sddm[8350]: Logind interface found
Apr 04 16:41:28 apollo sddm[8350]: Starting...

But thats all. It does not create a log file (/var/log/sddm.log not  
touched, no entry), it does not start X (no process). It seems like  
sddm is starting and waiting for something I don't know.


Any ideas?

Thanks,
Alex
Can you start X manually?  Is there anything relevant in  
/var/log/Xorg.0.log?

Are all sddm config files OK?

[gentoo-user] sddm no longer working

2018-04-04 Thread Alexander Puchmayr 
Hi there,

After last update, on one machine sddm-0.17.0-r1 no longer does not anything 
anymore. Systemd starts the service, and systemctl status shows that the sddm 
is running, and also ps jax shows a running sddm. 

apollo ~ # systemctl status sddm
● sddm.service - Simple Desktop Display Manager
   Loaded: loaded (/lib/systemd/system/sddm.service; enabled; vendor preset: 
disabled)
   Active: active (running) since Wed 2018-04-04 16:41:28 CEST; 2s ago
 Docs: man:sddm(1)
   man:sddm.conf(5)
 Main PID: 8350 (sddm)
   CGroup: /system.slice/sddm.service
   └─8350 /usr/bin/sddm

Apr 04 16:41:28 apollo systemd[1]: Started Simple Desktop Display Manager.
Apr 04 16:41:28 apollo sddm[8350]: Initializing...
Apr 04 16:41:28 apollo sddm[8350]: Logind interface found
Apr 04 16:41:28 apollo sddm[8350]: Starting...

But thats all. It does not create a log file (/var/log/sddm.log not touched, no 
entry), it does not start X (no process). It seems like sddm is starting and 
waiting for something I don't know.

Any ideas?

Thanks,
Alex