Re: postscreen spamassassin haproxy multi-homed server

[Jeremy Ardley]

On 20/3/22 6:41 am, Jeremy Ardley wrote:


Does anybody have a working example of postfix with postscreen and
spamassassin all working together?


I have now found that 'pass' stanzas for each SMTP IP on a multi-homed machine 
are ignored. The only pass stanza that is used is the generic SMTP handler

smtpd pass  -   -   y   -   -   smtpd
 -o content_filter=spamassassin

However the individual stanzas that call postscreen do work (possibly the 
keyfiles specified in main.cf are used instead of the -o?)

192.0.2.1:smtp  inet  n   -   y   -   1  postscreen
 -o smtpd_client_connection_count_limit=100
 -o smtpd_tls_key_file=/etc/letsencrypt/live/mail.example.com/privkey.pem
 -o smtpd_tls_cert_file=/etc/letsencrypt/live/mail.example.com/fullchain.pem

2001:db8::1:smtp  inet  n   -   y   -   1   postscreen
 -o smtpd_client_connection_count_limit=100
 -o smtpd_tls_key_file=/etc/letsencrypt/live/mail.example.com/privkey.pem
 -o smtpd_tls_cert_file=/etc/letsencrypt/live/mail.example.com/fullchain.pem

--

Jeremy



OpenPGP_signature
Description: OpenPGP digital signature

postscreen spamassassin haproxy multi-homed server

[Jeremy Ardley]

Does anybody have a working example of postfix with postscreen and 
spamassassin all working together?


 * In the first instance on a single homed machine.
 * Then on a multi-homed machine so stanzas are individual to each IP
   address.
 * And finally a version that also works with haproxy.

I've spent several days on this. As far as I can tell, if postscreen is 
used then spamassassin is silently ignored.


 -o content_filter=spamassassin

is ignored

while

 -o smtpd_tls_key_file=

is still used.


--
Jeremy



OpenPGP_signature
Description: OpenPGP digital signature

Re: update, reboot required?

[Charles Curley]

On Sat, 19 Mar 2022 07:31:04 -0700
Peter Ehlert  wrote:

> I now have both needrestart and needrestart-session installed.
> 
> Question: do either run in the background?

Apt calls needrestart, so it isn't necessary to run it in the
background.

Unattended upgrades will inform you of which processes it restarted,
which it did not restart, and whether a reboot is required. I have it
set a reboot on some of my machines, but not on machines that have
encrypted storage which require a passphrase to boot.

-- 
Does anybody read signatures any more?

https://charlescurley.com
https://charlescurley.com/blog/

Re: update, reboot required?

[Lee]

On 3/19/22, Peter Ehlert wrote:
>
> On 3/19/22 06:32, piorunz wrote:
>> On 19/03/2022 10:02, songbird wrote:
>>
>>>there is also package debian-goodies which has the
>>> command checkrestart.  i'm not sure which is better.
>>>
>>
>> All I know is that needrestart works for me, it correctly prompts for
>> computer reboot after kernel upgrade; and offers to restart various
>> services if reboot is not required.
>
> thanks.
>
> I now have both needrestart and needrestart-session installed.
>
> Question: do either run in the background?

Seems like that isn't necessary:
  https://github.com/liske/needrestart
  There are some hook scripts in the ex/ directory (to be used with
apt and dpkg.
  The scripts will call needrestart after any package installation/upgrades.

Regards,
Lee

Re: "Could not display mtp://XXXXX" error no such interface 'org.gtk.vfs.mount' on object at path /org/gtk/vfs/mount/1"

[Mike Kupfer]

Ottavio Caruso wrote:

> Why is it always a pain to mount my Android phone on my Laptop?

Do you have mtp-tools installed? I found that mounting my phone got a
lot more reliable after I installed that package.

best regards,
mike

Re: update, reboot required?

[Lee]

On 3/19/22, piorunz wrote:
> On 19/03/2022 02:32, Lee wrote:
>> How to tell if I need to reboot the machine after updating the software?
>
> install "needrestart" package.
>
> Description: needrestart checks which daemons need to be restarted after
> library upgrades.
>   It is inspired by checkrestart from the debian-goodies package.

Yes!  Thank you!!

It seems to me that "checks which daemons need to be restarted
(needrestart)" won't catch as much as "check which processes need to
be restarted (checkrestart)" so I'll try both but I'm probably going
with checkrestart

Thanks again
Lee

>
>   Features:
>- supports (but does not require) systemd
>- binary blacklisting (i.e. display managers)
>- tries to detect required restarts of interpreter based daemons
>  (supports Java, Perl, Python, Ruby)
>- tries to detect required restarts of containers (docker, LXC)
>- tries to detect pending kernel upgrades
>- tries to detect pending microcode upgrades for Intel CPUs
>- could be used as nagios check_command
>- fully integrated into apt/dpkg using hooks
>
> --
> With kindest regards, Piotr.
>
> ⢀⣴⠾⠻⢶⣦⠀
> ⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system
> ⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org/
> ⠈⠳⣄
>
>

Bug 895378 has been fixed on Ubuntu, will it get to Debian?

[Richmond]

This bug:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895378

sky2: sky2: did not recover correctly after waking up from S3

seems to be fixed on Ubuntu here:

https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1798921

Will this fix get to Debian? I guess it will go up to kernel maintainers
and down again but I don't know how this works.

Re: iwd + systemd-networkd + resolvconf wrinkles

[Brian]

On Sat 19 Mar 2022 at 10:15:45 -0500, David Wright wrote:

> On Fri 18 Mar 2022 at 20:57:38 (+), Brian wrote:
> > On Sun 13 Mar 2022 at 20:04:06 -0500, David Wright wrote:
> > 
> > [...]
> > 
> > > Install iwd, and resolvconf if necessary. You may then need to reboot
> > > if the wifi interface has already been renamed by the kernel, ie if
> > > it's not wlan0. (With buster, there's a missing file that needs adding
> > > first; see below).
> > 
> > It is systemd/udev that renames the interface.
> 
> Sorry, I was paraphrasing my notes and accidentally missed a bit out.
> It should have said: "if the wifi interface has already been renamed
> from the kernel's name", whereupon the  id est  makes sense.

Indeed it does.
 
> > This is standard procedure.
> 
> I would say no more than that systemd and udev have reached a truce
> on how and what to rename an interface to.

:)

> > iwd decides it knows better and, no matter what, does
> > it. I have never met this sort of behavior with wpasupplicant.
> > 
> > So we will be more forceful and have
> > 
> >   net.ifnames=1
> > 
> > on GRUB's kernel command line. My choice is ignored by iwd. Why does
> > it not want an interface to be renamed by systemd/udev?
> 
> https://iwd.wiki.kernel.org/interface_lifecycle
> 
> explains iwd's philosophy on interfaces, and the last section covers
> why it's not desirable for udev to attempt to rename them.

The link you give, the Debian bug report and the README.Debian in
unstable's iwd package all provide excellent information.

In truth, it is not a biggie for my intended use of iwd on some
non-roaming machines, although it did break my /e/n/i. A couple of
edits fixed that.

-- 
Brian.

Re: update, reboot required?

[Brad Rogers]

On Sat, 19 Mar 2022 10:15:27 -0400
Cindy Sue Causey  wrote:

Hello Cindy,

>admin emails sent to them as a potential remedy. It's on my to-do to
>play around with those emails to see if that catches those upgrade
>messages..

What they include is advisory notices that get thrown up (when using
synaptic, at any rate) that block updating until you've read(1) the
message and cleared the box by clicking the 'Okay' button.  Those emails
don't include the log report of the upgrade.

(1) For certain values of 'read'  I mean, not everyone reads them, never
mind understand them.  They just hit 'Okay' and proceed, then whine when
something breaks because they didn't read such important advice.

-- 
 Regards  _
 / )  "The blindingly obvious is never immediately apparent"
/ _)rad   "Is it only me that has a working delete key?"
I'm surfing on a wave of nostalgia for an age yet to come
Nostalgia - Buzzcocks


pgp_utstb3eQn.pgp
Description: OpenPGP digital signature

Re: iwd + systemd-networkd + resolvconf wrinkles

[David Wright]

On Fri 18 Mar 2022 at 20:57:38 (+), Brian wrote:
> On Sun 13 Mar 2022 at 20:04:06 -0500, David Wright wrote:
> 
> [...]
> 
> > Install iwd, and resolvconf if necessary. You may then need to reboot
> > if the wifi interface has already been renamed by the kernel, ie if
> > it's not wlan0. (With buster, there's a missing file that needs adding
> > first; see below).
> 
> It is systemd/udev that renames the interface.

Sorry, I was paraphrasing my notes and accidentally missed a bit out.
It should have said: "if the wifi interface has already been renamed
from the kernel's name", whereupon the  id est  makes sense.

> This is standard procedure.

I would say no more than that systemd and udev have reached a truce
on how and what to rename an interface to.

> iwd decides it knows better and, no matter what, does
> it. I have never met this sort of behavior with wpasupplicant.
> 
> So we will be more forceful and have
> 
>   net.ifnames=1
> 
> on GRUB's kernel command line. My choice is ignored by iwd. Why does
> it not want an interface to be renamed by systemd/udev?

https://iwd.wiki.kernel.org/interface_lifecycle

explains iwd's philosophy on interfaces, and the last section covers
why it's not desirable for udev to attempt to rename them.

Cheers,
David.

Re: iwd + systemd-networkd + resolvconf wrinkles

[David Wright]

On Fri 18 Mar 2022 at 14:08:36 (-0500), Nicholas Geovanis wrote:
> On Thu, Mar 17, 2022, 11:57 PM David Wright wrote:
> > On Thu 17 Mar 2022 at 12:12:28 (+), Thomas Pircher wrote
> > >
> > > Cool. If you just type resolvectl, it will show you which information it
> > > got on each interface.
> >
> > This is machine F, where /etc/resolv.conf is a file, containing
> > 192.168.1.1 :
> >
> > $ resolvectl
> > Global
> >  Protocols: +LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported
> >   resolv.conf mode: foreign
> > Current DNS Server: 192.168.1.1
> >DNS Servers: 192.168.1.1
> >
> > Link 2 (enp2s2)
> > Current Scopes: none
> >  Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS
> > DNSSEC=no/unsupported
> >
> > Link 5 (wlp2s4)
> > Current Scopes: LLMNR/IPv4 LLMNR/IPv6
> >  Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS
> > DNSSEC=no/unsupported
> > $ host www.google.com
> > www.google.com has address 142.250.138.105
> > www.google.com has address 142.250.138.103
> > www.google.com has address 142.250.138.106
> > www.google.com has address 142.250.138.99
> > www.google.com has address 142.250.138.104
> > www.google.com has address 142.250.138.147
> > www.google.com has IPv6 address 2607:f8b0:4000:80e::2004
> > $ host www.lionunicorn.co.uk
> > www.lionunicorn.co.uk has address 149.255.60.149
> > $
> >
> > Those responses were instantaneous. (I don't think I should expect
> > resolvectl query   to work here.)
> >
> > And this is machine R, with systemd-resolved running:
> >
> > $ ls -l /etc/resolv.conf
> > lrwxrwxrwx [ … ] /etc/resolv.conf ->
> > ../run/systemd/resolve/stub-resolv.conf
> > $ resolvectl
> > Global
> >Protocols: +LLMNR +mDNS -DNSOverTLS DNSSEC=no/unsupported
> > resolv.conf mode: stub
> >
> > Link 2 (enp1s0)
> > Current Scopes: none
> >  Protocols: -DefaultRoute +LLMNR -mDNS -DNSOverTLS
> > DNSSEC=no/unsupported
> >
> > Link 4 (wlan0)
> > Current Scopes: DNS LLMNR/IPv4
> >  Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS
> > DNSSEC=no/unsupported
> > Current DNS Server: 192.168.1.1
> >DNS Servers: 192.168.1.1
> > $ host www.google.com
> > www.google.com has address 142.251.32.196
> > www.google.com has IPv6 address 2607:f8b0:4023:1002::63
> > www.google.com has IPv6 address 2607:f8b0:4023:1002::67
> > www.google.com has IPv6 address 2607:f8b0:4023:1002::93
> > www.google.com has IPv6 address 2607:f8b0:4023:1002::69
> > ;; connection timed out; no servers could be reached
> >
> > $ resolvectl query www.google.com
> > www.google.com: 2607:f8b0:4000:805::2004   -- link: wlan0
> > 142.251.46.132 -- link: wlan0
> >
> 
> Your machine F seems to resolve almost entirely IPv4 addresses for that
> host.
> But your machine R resolves almost exclusively IPv6 addresses for it.
> 
> Could there be an identical hostname assigned to both IPv4 and IPv6
> interfaces?

At this end? I only see:

$ ip -4 a
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group 
default qlen 1000
inet 127.0.0.1/8 scope host lo
   valid_lft forever preferred_lft forever
4: wlan0:  mtu 1500 qdisc noqueue state UP 
group default qlen 1000
inet 192.168.1.17/24 scope global noprefixroute wlan0
   valid_lft forever preferred_lft forever
$ ip -6 a
1: lo:  mtu 65536 state UNKNOWN qlen 1000
inet6 ::1/128 scope host 
   valid_lft forever preferred_lft forever
$ 

and the usual autoconfigured link addresses.

In my router, IPv6 is set to disabled.

> In general you want DNS queries to resolve with  less than 500msec network
> latency. Above 1500 to 1700 msec the applications start breaking and
> network timeouts are hit.
> 
> Trimming the rest of your email...
> 
> -- Information acquired via protocol DNS in 33.6ms.
> > -- Data is authenticated: no
> > .
> >
> > Cheers,
> > David.
> >

Cheers,
David.

Re: iwd + systemd-networkd + resolvconf wrinkles

[Nicholas Geovanis]

On Sat, Mar 19, 2022 at 7:33 AM Brian  wrote:

> On Fri 18 Mar 2022 at 20:57:38 +, Brian wrote:
>
> > On Sun 13 Mar 2022 at 20:04:06 -0500, David Wright wrote:
> >
> > [...]
> >
> > > Install iwd, and resolvconf if necessary. You may then need to reboot
> > > if the wifi interface has already been renamed by the kernel, ie if
> > > it's not wlan0. (With buster, there's a missing file that needs adding
> > > first; see below).
> >
> > It is systemd/udev that renames the interface. This is standard
> > procedure. iwd decides it knows better and, no matter what, does
> > it. I have never met this sort of behavior with wpasupplicant.
> >
> > So we will be more forceful and have
> >
> >   net.ifnames=1
> >
> > on GRUB's kernel command line. My choice is ignored by iwd. Why does
> > it not want an interface to be renamed by systemd/udev?
>
> Now sorted:
>
>   https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=941652


Surprised to see that took 25 months to sort out.
And a little surprised to read this written by M. Biebl on 4 Nov 2019:
"So the mere fact that iwd was installed changed the way the interfaces
are named. You don't actually have to enable/start iwd."

because that does not follow the so-called "Principle of Least
Surprise".

Short story: iwd is faster than udev.
>
> --
> Brian.
>
>

Re: update, reboot required?

[Greg Wooledge]

On Sat, Mar 19, 2022 at 10:04:59AM -0500, Nicholas Geovanis wrote:
> On Fri, Mar 18, 2022 at 9:35 PM Greg Wooledge  wrote:
> 
> > On Fri, Mar 18, 2022 at 10:32:49PM -0400, Lee wrote:
> > > How to tell if I need to reboot the machine after updating the software?
> >
> > Reboots are needed if you got a new kernel, or new firmware, or new
> > microcode, or a new version of the dbus package (because dbus cannot
> > be restarted).
> >
> 
> And if there was an upgrade to a major C/C++ library, you may find a
> message that
> running processes using those libraries will be running on the older
> library versions.

Yes.  That's why apt will offer to restart services for you.

> Only newly started processes invoke the new versions. So if a library bug
> is causing you
> a current problem, init itself or kernel-space code may need to be
> reloaded. So a reboot.

Huh?  No, you don't need to reboot to restart these processes.  Unless
one of them happens to be dbus.

You *can* reboot, if you want.  If you're unsure, that's always the
safest choice.

Re: update, reboot required?

[Nicholas Geovanis]

On Fri, Mar 18, 2022 at 9:35 PM Greg Wooledge  wrote:

> On Fri, Mar 18, 2022 at 10:32:49PM -0400, Lee wrote:
> > How to tell if I need to reboot the machine after updating the software?
>
> Reboots are needed if you got a new kernel, or new firmware, or new
> microcode, or a new version of the dbus package (because dbus cannot
> be restarted).
>

And if there was an upgrade to a major C/C++ library, you may find a
message that
running processes using those libraries will be running on the older
library versions.
Only newly started processes invoke the new versions. So if a library bug
is causing you
a current problem, init itself or kernel-space code may need to be
reloaded. So a reboot.

Re: update, reboot required?

[Peter Ehlert]

On 3/19/22 06:32, piorunz wrote:

On 19/03/2022 10:02, songbird wrote:


   there is also package debian-goodies which has the
command checkrestart.  i'm not sure which is better.


   songbird


All I know is that needrestart works for me, it correctly prompts for
computer reboot after kernel upgrade; and offers to restart various
services if reboot is not required.


thanks.

I now have both needrestart and needrestart-session installed.

Question: do either run in the background?



--
With kindest regards, Piotr.

⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system
⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org/
⠈⠳⣄

Re: update, reboot required?

[Cindy Sue Causey]

On 3/19/22, Greg Wooledge  wrote:
> On Sat, Mar 19, 2022 at 10:55:03AM +0100, Toni Mas Soler wrote:
>> I restart Dbus from time to time. Actually, I stop Dbus if i don't
>> need, that is when I do not use X (almost allways).
>> Do you mean my action is not effective?
>
> The fact that you're "almost always" not using X is probably relevant
> here.
>
> See
> 
> for some discussion.  Or just google "cannot restart dbus" as I did
> to find many more such discussions.
>
> My own knowledge of the topic came mainly from reading the output
> of apt-get as it was upgrading dbus, and telling me that I would have
> to reboot, because it can't restart dbus by itself.
>
> I don't know why other people aren't reading that output.


I've wondered that same thing as I watch messages scroll by (when I
happen to have not looked away from the terminal). Some upgrades have
all kinds of advisories tucked into that scrolling that rips by.

Unattended upgrades always come to mind as a place for where those
messages would go unseen. It has also come to mind that users have
admin emails sent to them as a potential remedy. It's on my to-do to
play around with those emails to see if that catches those upgrade
messages..

PS I've seen those dbus ones rip by. Seems like I played with
restarting something related in just the last couple weeks. I don't
remember the experience feeling very successful. :D

Cindy :)
-- 
Talking Rock, Pickens County, Georgia, USA
* runs with birdseed *

Re: update, reboot required?

[piorunz]

On 19/03/2022 10:02, songbird wrote:


   there is also package debian-goodies which has the
command checkrestart.  i'm not sure which is better.


   songbird


All I know is that needrestart works for me, it correctly prompts for
computer reboot after kernel upgrade; and offers to restart various
services if reboot is not required.

--
With kindest regards, Piotr.

⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system
⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org/
⠈⠳⣄

Re: update, reboot required?

[Greg Wooledge]

On Sat, Mar 19, 2022 at 10:55:03AM +0100, Toni Mas Soler wrote:
> I restart Dbus from time to time. Actually, I stop Dbus if i don't
> need, that is when I do not use X (almost allways).
> Do you mean my action is not effective?

The fact that you're "almost always" not using X is probably relevant
here.

See 

for some discussion.  Or just google "cannot restart dbus" as I did
to find many more such discussions.

My own knowledge of the topic came mainly from reading the output
of apt-get as it was upgrading dbus, and telling me that I would have
to reboot, because it can't restart dbus by itself.

I don't know why other people aren't reading that output.

Re: update, reboot required?

[songbird]

piorunz wrote:
> On 19/03/2022 02:32, Lee wrote:
>> How to tell if I need to reboot the machine after updating the software?
>
> install "needrestart" package.
>
> Description: needrestart checks which daemons need to be restarted after
> library upgrades.
>   It is inspired by checkrestart from the debian-goodies package.
>
>   Features:
>- supports (but does not require) systemd
>- binary blacklisting (i.e. display managers)
>- tries to detect required restarts of interpreter based daemons
>  (supports Java, Perl, Python, Ruby)
>- tries to detect required restarts of containers (docker, LXC)
>- tries to detect pending kernel upgrades
>- tries to detect pending microcode upgrades for Intel CPUs
>- could be used as nagios check_command
>- fully integrated into apt/dpkg using hooks


  there is also package debian-goodies which has the
command checkrestart.  i'm not sure which is better.


  songbird

Re: iwd + systemd-networkd + resolvconf wrinkles

[Brian]

On Fri 18 Mar 2022 at 20:57:38 +, Brian wrote:

> On Sun 13 Mar 2022 at 20:04:06 -0500, David Wright wrote:
> 
> [...]
> 
> > Install iwd, and resolvconf if necessary. You may then need to reboot
> > if the wifi interface has already been renamed by the kernel, ie if
> > it's not wlan0. (With buster, there's a missing file that needs adding
> > first; see below).
> 
> It is systemd/udev that renames the interface. This is standard
> procedure. iwd decides it knows better and, no matter what, does
> it. I have never met this sort of behavior with wpasupplicant.
> 
> So we will be more forceful and have
> 
>   net.ifnames=1
> 
> on GRUB's kernel command line. My choice is ignored by iwd. Why does
> it not want an interface to be renamed by systemd/udev?

Now sorted:

  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=941652

Short story: iwd is faster than udev.

-- 
Brian.

Re: Under each of these scenarios, what is the neatest and simplest way to manipulate the /etc/network/interfaces file?

[Eduardo M KALINOWSKI]

On 19/03/2022 09:06, Stella Ashburne wrote:

No thank you. I won't touch NetworkManager or its variants with a ten foot 
pole. Why?

Reason #1

[quote] I am sorry but we do not support NetworkManager.

I would go so far as to say do not use it at all .. but Linux distros think it 
is some sort of magic ..[end quote]

Reply by TinCanTech, Forum Team, to the original post "Can connect via terminal, but 
not with NetworkManager" (URL: https://forums.openvpn.net/viewtopic.php?t=26802)

Reason #2

[quote] Due to multiple, critical  problems in network-manager-openvpn which after years have not 
been solved we recommend to NOT use it. Please understand that we will not provide support to 
network-manager-openvpn. In GNU/Linux we recommend that you run our free and open source software 
"Eddie", or our free and open source software "Hummingbird", or OpenVPN 
directly [end quote]

A notice posted by the staff of AirVPN under the title "Using AirVPN with Debian 
Network Manager (NOT RECOMMENDED)" (URL: 
https://airvpn.org/forums/topic/11416-using-airvpn-with-debian-network-manager-not-recommended/
)

Eduardo, I do use VPNs frequently in my line of work and always use the 
community edition of OpenVPN to connect to VPN servers directly.


Unfortunately I cannot say whether your use case will work with NM. I 
occasionally use a wireguard firewall, but I don't think I've used 
OpenVPN with NM.


However, note that the posts are from 2014 and 2018. A lot might have 
changed since then.



--
Why is it that we rejoice at a birth and grieve at a funeral?  It is because we
are not the person involved.
-- Mark Twain, "Pudd'nhead Wilson's Calendar"

Eduardo M KALINOWSKI
edua...@kalinowski.com.br

Re: Under each of these scenarios, what is the neatest and simplest way to manipulate the /etc/network/interfaces file?

[hdv@gmail]

On 2022-03-19 13:19, Eduardo M KALINOWSKI wrote:

On 19/03/2022 09:06, Stella Ashburne wrote:
No thank you. I won't touch NetworkManager or its variants with a ten 
foot pole. Why?


Reason #1

[quote] I am sorry but we do not support NetworkManager.

I would go so far as to say do not use it at all .. but Linux distros 
think it is some sort of magic ..[end quote]


Reply by TinCanTech, Forum Team, to the original post "Can connect via 
terminal, but not with NetworkManager" (URL: 
https://forums.openvpn.net/viewtopic.php?t=26802)


Reason #2

[quote] Due to multiple, critical  problems in network-manager-openvpn 
which after years have not been solved we recommend to NOT use it. 
Please understand that we will not provide support to 
network-manager-openvpn. In GNU/Linux we recommend that you run our 
free and open source software "Eddie", or our free and open source 
software "Hummingbird", or OpenVPN directly [end quote]


A notice posted by the staff of AirVPN under the title "Using AirVPN 
with Debian Network Manager (NOT RECOMMENDED)" (URL: 
https://airvpn.org/forums/topic/11416-using-airvpn-with-debian-network-manager-not-recommended/ 


)

Eduardo, I do use VPNs frequently in my line of work and always use 
the community edition of OpenVPN to connect to VPN servers directly.


Unfortunately I cannot say whether your use case will work with NM. I 
occasionally use a wireguard firewall, but I don't think I've used 
OpenVPN with NM.


However, note that the posts are from 2014 and 2018. A lot might have 
changed since then.


I think the chances of that are quite good. If only because I've been 
using the combination of NM and OpenVPN for about 5 years now and it's 
been ages ago I've had trouble with it.


Grx HdV

Re: Under each of these scenarios, what is the neatest and simplest way to manipulate the /etc/network/interfaces file?

[Stella Ashburne]

Mon cheri

Thanks for your reply.

> Sent: Saturday, March 19, 2022 at 3:17 PM
> From: "Tim Woodall" 
> To: "Stella Ashburne" 
> Cc: "debian-user mailing list" 
> Subject: Re: Under each of these scenarios, what is the neatest and simplest 
> way to manipulate the /etc/network/interfaces file?
>

>
> You can use mapping lines to achieve the same thing.
>

Oh dear, it seems complicated to me.

Best regards.

Stella

Re: Under each of these scenarios, what is the neatest and simplest way to manipulate the /etc/network/interfaces file?

[Stella Ashburne]

Mon cheri

> Sent: Saturday, March 19, 2022 at 7:13 PM
> From: "Eduardo M KALINOWSKI" 
> To: debian-user@lists.debian.org
> Subject: Re: Under each of these scenarios, what is the neatest and simplest 
> way to manipulate the /etc/network/interfaces file?
>
>
> That's exactly the kind of situation that NetworkManager is made for. It
> gained a bad reputation when it was released, but seems to have improved
> - I've been using it for years without issues.
>
> There's a command-line interface (nmcli), so you don't need a desktop
> environment.
>

No thank you. I won't touch NetworkManager or its variants with a ten foot 
pole. Why?

Reason #1

[quote] I am sorry but we do not support NetworkManager.

I would go so far as to say do not use it at all .. but Linux distros think it 
is some sort of magic ..[end quote]

Reply by TinCanTech, Forum Team, to the original post "Can connect via 
terminal, but not with NetworkManager" (URL: 
https://forums.openvpn.net/viewtopic.php?t=26802)

Reason #2

[quote] Due to multiple, critical  problems in network-manager-openvpn which 
after years have not been solved we recommend to NOT use it. Please understand 
that we will not provide support to network-manager-openvpn. In GNU/Linux we 
recommend that you run our free and open source software "Eddie", or our free 
and open source software "Hummingbird", or OpenVPN directly [end quote]

A notice posted by the staff of AirVPN under the title "Using AirVPN with 
Debian Network Manager (NOT RECOMMENDED)" (URL: 
https://airvpn.org/forums/topic/11416-using-airvpn-with-debian-network-manager-not-recommended/
)

Eduardo, I do use VPNs frequently in my line of work and always use the 
community edition of OpenVPN to connect to VPN servers directly.

Best regards.

Stella

Re: update, reboot required?

[l0f4r0]

Hi,

19 mars 2022, 12:16 de edua...@kalinowski.com.br:

> The needrestart package will offer to restart services affected when there'a 
> a library update, and it also warns you when the kernel has been udpated (and 
> a reboot is necessary). It just doesn't warn you about microcode updates, 
> AFAIK.
>
Advanced mode indicates if the processor microcode seems to be up-to-date or 
not.
See below:

# needrestart -m a
Scanning processes...   

  
Scanning processor microcode... 

  
Scanning linux images...

  

Running kernel seems to be up-to-date.

The processor microcode seems to be up-to-date.

No services need to be restarted.

No containers need to be restarted.

No user sessions are running outdated binaries.

Best regards,
l0f4r0

Re: update, reboot required?

[Eduardo M KALINOWSKI]

On 18/03/2022 23:47, Lee wrote:

So
it would be nice if there was some program that would just say that I
needed to reboot


The needrestart package will offer to restart services affected when 
there'a a library update, and it also warns you when the kernel has been 
udpated (and a reboot is necessary). It just doesn't warn you about 
microcode updates, AFAIK.



--
On-line, adj.:
The idea that a human being should always be accessible to a computer.

Eduardo M KALINOWSKI
edua...@kalinowski.com.br

Re: Under each of these scenarios, what is the neatest and simplest way to manipulate the /etc/network/interfaces file?

[Eduardo M KALINOWSKI]

On 18/03/2022 23:14, Stella Ashburne wrote:

Hi

There are instances in which my machine is connected to a mobile hotspot. And 
in some situations, it's connected to a smartphone via USB tethering. And when 
I'm in the office, I may connect it to a LAN cable.

Below are the contents of my /etc/network/interfaces file:

[...]

1. At the moment, if I wish to change to using a mobile hotspot from USB 
tethering, I'll edit the /etc/network/interfaces file, uncomment the applicable 
lines under #The primary network interface for wireless connections and place a 
# in front of all the lines under #The primary network interface for USB 
tethering

Instead of carrying out the above steps, is there a neater and simpler way?


That's exactly the kind of situation that NetworkManager is made for. It 
gained a bad reputation when it was released, but seems to have improved 
- I've been using it for years without issues.


There's a command-line interface (nmcli), so you don't need a desktop 
environment.



--
On-line, adj.:
The idea that a human being should always be accessible to a computer.

Eduardo M KALINOWSKI
edua...@kalinowski.com.br

Re: update, reboot required?

[Toni Mas Soler]

I restart Dbus from time to time. Actually, I stop Dbus if i don't
need, that is when I do not use X (almost allways).
Do you mean my action is not effective?


Toni Mas

Missatge de piorunz  del dia ds., 19 de març 2022 a les 5:55:
>
> On 19/03/2022 02:32, Lee wrote:
> > How to tell if I need to reboot the machine after updating the software?
>
> install "needrestart" package.
>
> Description: needrestart checks which daemons need to be restarted after
> library upgrades.
>   It is inspired by checkrestart from the debian-goodies package.
>
>   Features:
>- supports (but does not require) systemd
>- binary blacklisting (i.e. display managers)
>- tries to detect required restarts of interpreter based daemons
>  (supports Java, Perl, Python, Ruby)
>- tries to detect required restarts of containers (docker, LXC)
>- tries to detect pending kernel upgrades
>- tries to detect pending microcode upgrades for Intel CPUs
>- could be used as nagios check_command
>- fully integrated into apt/dpkg using hooks
>
> --
> With kindest regards, Piotr.
>
> ⢀⣴⠾⠻⢶⣦⠀
> ⣾⠁⢠⠒⠀⣿⡁ Debian - The universal operating system
> ⢿⡄⠘⠷⠚⠋⠀ https://www.debian.org/
> ⠈⠳⣄
>

Re: Under each of these scenarios, what is the neatest and simplest way to manipulate the /etc/network/interfaces file?

[Tim Woodall]

ifdown usb0

edit file

ifup wlo1

Will avoid the need to reboot.


You can use mapping lines to achieve the same thing.

mapping eth0
script /usr/local/sbin/map-scheme

iface eth0_home inet static
address 192.168.1.3
netmask 255.255.255.0
gateway 192.168.1.254

iface eth0_work inet dhcp

and the map-scheme script needs to output eth0_home or eth0_work
depending on where the machine thinks it is.

(In this case I'd ping the home gatwway to detect. $1 will be eth0 in
the script)

On my laptop I have:

mapping intwlan0
script /usr/local/sbin/map-scheme.wlan
map 88:03:55:E0:AC:7F Brandon EE-kbfcwm
map B4:FB:E4:4D:28:4B MarshamCourt MarshamCourt
map 78:8A:20:2A:BE:C6 MarshamCourt MarshamCourt
map any unknown Avanti_Free_WiFi
map any hotel BWGarstangCountryHotel

and my script looks for access points to connect to.

This was written way back in the dark ages where real men used the
console - but it still works today :-)



On Sat, 19 Mar 2022, Stella Ashburne wrote:


Hi

There are instances in which my machine is connected to a mobile hotspot. And 
in some situations, it's connected to a smartphone via USB tethering. And when 
I'm in the office, I may connect it to a LAN cable.

Below are the contents of my /etc/network/interfaces file:

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

source /etc/network/interfaces.d/*

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
#allow-hotplug enx61s07
#iface enx60a4b79d7f48 inet static
#   address 192.168.1.35/24
#   gateway 192.168.1.1
   # dns-* options are implemented by the resolvconf package, if installed
#   dns-nameservers 1.1.1.1 8.8.8.8


# The primary network interface for USB tethering
allow-hotplug usb0
iface usb0 inet dhcp static
address 192.168.42.35
gateway 192.168.42.1
   # dns-* options are implemented by the resolvconf package, if installed
dns-nameservers 1.1.1.1 8.8.8.8

# The primary network interface for wireless connections
#allow-hotplug wlo1
#iface wlo1 inet dhcp static
# wpa-ssid Osia27
# wpa-psk string-of-alphanumberice-characters
# address 192.168.43.28
# gateway 192.168.43.1
# dns-nameservers 1.1.1.1 8.8.8.8

Questions:

1. At the moment, if I wish to change to using a mobile hotspot from USB 
tethering, I'll edit the /etc/network/interfaces file, uncomment the applicable 
lines under #The primary network interface for wireless connections and place a 
# in front of all the lines under #The primary network interface for USB 
tethering

Instead of carrying out the above steps, is there a neater and simpler way?

2. What is the command to type in a terminal after I have made changes to the 
/etc/network/interfaces file without rebooting my machine?

Best regards.

Stella