Re: [gentoo-user] iproute2 reference

[Grant Taylor]

On 06/10/2018 01:13 PM, Grant Taylor wrote:
I'll respond later with more details as to what I do to run various 
things in Network Namespaces.


I create the following directories ("mkdir -p" type thing):

 - /run/mountns/$NSname
 - /run/netns/$NSname
 - /utsns/$NSname

First I create the Namespace:

   unshare --mount/run/mountns/$NSname --net=/run/netns/$NSname 
--uts=/run/utsns/$NSname /bin/true


Then I change the hostname inside of the Namespace:

   nsenter  --mount/run/mountns/$NSname --net=/run/netns/$NSname 
--uts=/run/utsns/$NSname /bin/hostname $NSname


Then I start what ever process I want to inside of the Namespace:

   nsenter  --mount/run/mountns/$NSname --net=/run/netns/$NSname 
--uts=/run/utsns/$NSname /path/to/daemon…


I reuse the nsenter methodology above to go into the Namespace and run 
what ever I want.  I can enter an interactive shell inside of the 
Namespace using the following:


   nsenter  --mount/run/mountns/$NSname --net=/run/netns/$NSname 
--uts=/run/utsns/$NSname /bin/bash


I see no reason that you couldn't run a VPN inside of a Namespace.  It 
might actually make things easier.  The VPN could route everything (from 
that Namespace) through the VPN.  Then you just need to pick what you 
route to the VPN's Namespace.


Note:  What I'm doing is quite similar to containers with the major 
exception that all of the files are based on the parent (default / main 
/ unnamed) Namespace.  (It's my understanding that…) Containers use this 
same methodology with namespaces, just with a full file system that is 
an OS image unto themselves.  Which means that they need to be 
maintained as separate OS images and have the proper care and feeding. 
My preferred method means that the Namespaces inherit all the files from 
the parent (…) Namespace.  (Sort of like Solaris's sparse zones.)




--
Grant. . . .
unix || die

Re: [gentoo-user] Enable "regular" network traffic when using VPN

[Grant Taylor]

On 06/10/2018 12:30 PM, Mick wrote:
If NAT'ed between guest and host and then NAT'ed again at the home 
router, you are double NAT'ed.


Or possibly triple NATed if your ISP is using Carrier Grade NAT.

At least that's one definition of "double NAT".  I tend to use a 
different definition, one where you're NATing source and destination in 
a single device.  As opposed to doing a single NAT operation on multiple 
devices.


As far as I know VPNs will not work through a double NAT situation, 
unless you use your gateway or host as the VPN end point and then 
setup port forwarding to the host from there.


I see no reason why SSL or SSH based VPNs wouldn't work perfectly fine 
through many layers of NAT.


I also think that it should be possible to get IPSec VPNs to work 
through multiple layers of NAT.  You'd need to account for the AH issues 
or ESP without AH.


Each layer of NAT makes VPNs more difficult, but not impossible.

Depending on the type of VPN, each layer of NAT may mean that you must 
be the only person using that type of VPN to avoid confusing the NAT / 
breaking all of that type of VPN.


Bridge the host to guest adaptors and you should be good to go (once 
any other conventionla VPN configuration problem is solved).  :-)


Hilco's issue was what is routed through the VPN, not a problem with 
establishing said VPN.




--
Grant. . . .
unix || die

Re: [gentoo-user] Enable "regular" network traffic when using VPN

[Hilco Wijbenga]

On Sun, Jun 10, 2018 at 11:08 AM Wol's lists  wrote:
>
> On 10/06/18 17:53, Mick wrote:
> > On Sunday, 10 June 2018 01:31:50 BST Hilco Wijbenga wrote:
> >> Okay, with all that advice, I gave it another try. I'm also setting up
> >> a VirtualBox for my WFH stuff and VB wants to use 10.0.0.0 for its
> >> networking. I've changed this to 172.16.0.0 so now I can easily tell
> >> that network from work network (which seems to use 10.25.0.0)
> >>
> >> I wanted to add a route to NetworkManager's VPN connection. It wants
> >> Address, Network, Gateway, and Metric so I gave it "10.0.0.0",
> >> "255.0.0.0" (this one shows up automatically), "207.x.y.z", "1". But
> >> then VPN fails to start with the complaint that the configuration is
> >> invalid.
> >>
> >> So I tried what I think is the same on the CL:
> >>
> >> $> route add -net 10.0.0.0/8 gw "207.x.y.z" metric 1
> >> SIOCADDRT: Network is unreachable
> >>
> >> So apparently, it's not quite as straightforward as I thought it might be.
> >> :-)
> >
> > Ahh!  If you're trying to set this up within a VM, this adds a whole new 
> > layer
> > of complexity.  I assume you're setting up a bridge between host and guest
> > device(s)?
> >
> No if he's assigned 172.16/16 to the VM network he hasn't. VB defaults
> to a NAT'd network and it's always given me grief. I was going to
> suggest he switched to bridged.
>
> In settings, change the network adaptor type to bridged, and then the VM
> will get its settings and IP address from the DHCP server serving the
> local network. Makes things MUCH easier.

I've changed it to "Bridged Adapter" but the behaviour is exactly the
same as before. I'm guessing I still need an extra "route" (or two).
Any ideas about that?

Re: [gentoo-user] Enable "regular" network traffic when using VPN

[Hilco Wijbenga]

On Sun, Jun 10, 2018 at 11:31 AM Mick  wrote:
>
> On Sunday, 10 June 2018 19:07:59 BST Wol's lists wrote:
> > On 10/06/18 17:53, Mick wrote:
> > > On Sunday, 10 June 2018 01:31:50 BST Hilco Wijbenga wrote:
> > >> Okay, with all that advice, I gave it another try. I'm also setting up
> > >> a VirtualBox for my WFH stuff and VB wants to use 10.0.0.0 for its
> > >> networking. I've changed this to 172.16.0.0 so now I can easily tell
> > >> that network from work network (which seems to use 10.25.0.0)
> > >>
> > >> I wanted to add a route to NetworkManager's VPN connection. It wants
> > >> Address, Network, Gateway, and Metric so I gave it "10.0.0.0",
> > >> "255.0.0.0" (this one shows up automatically), "207.x.y.z", "1". But
> > >> then VPN fails to start with the complaint that the configuration is
> > >> invalid.
> > >>
> > >> So I tried what I think is the same on the CL:
> > >>
> > >> $> route add -net 10.0.0.0/8 gw "207.x.y.z" metric 1
> > >> SIOCADDRT: Network is unreachable
> > >>
> > >> So apparently, it's not quite as straightforward as I thought it might
> > >> be.
> > >>
> > >> :-)
> > >
> > > Ahh!  If you're trying to set this up within a VM, this adds a whole new
> > > layer of complexity.  I assume you're setting up a bridge between host
> > > and guest device(s)?
> >
> > No if he's assigned 172.16/16 to the VM network he hasn't. VB defaults
> > to a NAT'd network and it's always given me grief. I was going to
> > suggest he switched to bridged.
> >
> > In settings, change the network adaptor type to bridged, and then the VM
> > will get its settings and IP address from the DHCP server serving the
> > local network. Makes things MUCH easier.
> >
> > Cheers,
> > Wol
>
> If NAT'ed between guest and host and then NAT'ed again at the home router, you
> are double NAT'ed.  As far as I know VPNs will not work through a double NAT
> situation, unless you use your gateway or host as the VPN end point and then
> setup port forwarding to the host from there.  Bridge the host to guest
> adaptors and you should be good to go (once any other conventionla VPN
> configuration problem is solved).  :-)

In what sense does it "not work"? I can connect just fine.

If I change VB's networking to "Bridged Adapter" I don't get any
different behaviour.

(I would prefer to avoid fooling around with my main OS's networking
so the VB route seems "safer".)

Re: [gentoo-user] Enable "regular" network traffic when using VPN

[Hilco Wijbenga]

On Sun, Jun 10, 2018 at 10:03 AM Grant Taylor
 wrote:
>
> On 06/09/2018 06:31 PM, Hilco Wijbenga wrote:
> > Okay, with all that advice, I gave it another try. I'm also setting
> > up a VirtualBox for my WFH stuff and VB wants to use 10.0.0.0 for its
> > networking. I've changed this to 172.16.0.0 so now I can easily tell
> > that network from work network (which seems to use 10.25.0.0)
> >
> > I wanted to add a route to NetworkManager's VPN connection. It wants
> > Address, Network, Gateway, and Metric so I gave it "10.0.0.0", "255.0.0.0"
> > (this one shows up automatically), "207.x.y.z", "1". But then VPN fails
> > to start with the complaint that the configuration is invalid.
> >
> > So I tried what I think is the same on the CL:
> >
> > $> route add -net 10.0.0.0/8 gw "207.x.y.z" metric 1
> > SIOCADDRT: Network is unreachable
> >
> > So apparently, it's not quite as straightforward as I thought it might
> > be. :-)
>
> I think you're actually quite close.
>
> I believe the reason NetworkManager's VPN and the route command are
> complaining are the same.
>
> Routing almost always wants the next hop, not the ultimate destination.
>
> Think about it this way, if you ask for directions in an unfamiliar
> building, do you want to be told that you need to go to the office
> across the hall from Mary?  Or do you want to be told, take the elevator
> tot he 4th floor, turn left, and go to the office across the haul from
> Mary, she has a big sign on her office.
>
> "Across the haul from Mary" by itself is useless and unactionable.  The
> directions that start with the elevator in the lobby is actionable.  ;-)

Okay, that makes sense, I suppose. What is the next hop? I've googled
and googled but I did not find any examples of how to set this up.
AFAICT, you're simply supposed to check the "Use only for resources on
this connection" checkbox and you're done.

Re: [gentoo-user] [Maybe OT]: Instability of system

[Alan Mackenzie]

Hello again, Dale.

On Sun, Jun 10, 2018 at 11:23:14 -0500, Dale wrote:
> Mick wrote:
> > On Sunday, 10 June 2018 14:06:22 BST Alan Mackenzie wrote:

> >> The shop I bouught everything from seems to have gone out of business,
> >> with both its telephone number and its website having been down for a
> >> sustained period.  So I'm unlikely to be able to get the processor
> >> exchanged for an unbuggy one.  Shelling out for a new processor out of my
> >> own pocket seems too much of a long shot to justify the money (~400
> >> Euros) and the time.

> >> So it's looking like I'm not going to be getting the problem fixed any
> >> time soon.  :-(
> > All may not be lost, yet.

> > Since this is arguably a manufacturing fault of the CPU, you should have 
> > some 
> > consumer rights over it.  Try contacting AMD directly for RMA, as long as 
> > it 
> > is still under the *manufacturer's* warranty and you have your receipt.



> Plus trying to talk to them may lead to them knowing what the problem
> is.  Whether it is mobo or CPU, knowing which one would help.  They may
> have heard of this issue before.

> To, OP.  I was hoping you found a solution.  Maybe you will at some
> point,  You have certainly eliminated a lot of potential causes.  I
> can't recall if you have or not, have you tried a different version of
> the kernel?  In the past, I've upgraded to a new kernel and it be
> buggy.  I go back to a older version until I see a new update then try
> again.  Generally it works.  Don't know if it was a kernel bug or just
> some stray code that something didn't like but . . .

I've been running on my (no longer quite so) new box since about last
August.  I don't recall crashes from that long ago, though that could be
to do with my memory.

I've just configured and build a 4.17.0 kernel (thanks for the
suggestion!), having previously been running on 4.15.15 for quite some
time.  Maybe this will help.  We'll see.

> Dale

> :-)  :-) 

-- 
Alan Mackenzie (Nuremberg, Germany).

Re: [gentoo-user] iproute2 reference

[Grant Taylor]

On 06/10/2018 12:22 PM, Andrew Udvare wrote:
Is it possible to have a VPN clent set up in one of these namespaces 
and route certain traffic through it from the main stack?


I see no reason why it couldn't.

It may be entertaining to start and stop the VPN client.

I'll respond later with more details as to what I do to run various 
things in Network Namespaces.


Aside:  Containers are functionally similar to, and use, Network 
Namespaces as well as other namespaces; process, uts, mount, etc.




--
Grant. . . .
unix || die

Re: [gentoo-user] Enable "regular" network traffic when using VPN

[Mick]

On Sunday, 10 June 2018 19:07:59 BST Wol's lists wrote:
> On 10/06/18 17:53, Mick wrote:
> > On Sunday, 10 June 2018 01:31:50 BST Hilco Wijbenga wrote:
> >> Okay, with all that advice, I gave it another try. I'm also setting up
> >> a VirtualBox for my WFH stuff and VB wants to use 10.0.0.0 for its
> >> networking. I've changed this to 172.16.0.0 so now I can easily tell
> >> that network from work network (which seems to use 10.25.0.0)
> >> 
> >> I wanted to add a route to NetworkManager's VPN connection. It wants
> >> Address, Network, Gateway, and Metric so I gave it "10.0.0.0",
> >> "255.0.0.0" (this one shows up automatically), "207.x.y.z", "1". But
> >> then VPN fails to start with the complaint that the configuration is
> >> invalid.
> >> 
> >> So I tried what I think is the same on the CL:
> >> 
> >> $> route add -net 10.0.0.0/8 gw "207.x.y.z" metric 1
> >> SIOCADDRT: Network is unreachable
> >> 
> >> So apparently, it's not quite as straightforward as I thought it might
> >> be.
> >> 
> >> :-)
> > 
> > Ahh!  If you're trying to set this up within a VM, this adds a whole new
> > layer of complexity.  I assume you're setting up a bridge between host
> > and guest device(s)?
> 
> No if he's assigned 172.16/16 to the VM network he hasn't. VB defaults
> to a NAT'd network and it's always given me grief. I was going to
> suggest he switched to bridged.
> 
> In settings, change the network adaptor type to bridged, and then the VM
> will get its settings and IP address from the DHCP server serving the
> local network. Makes things MUCH easier.
> 
> Cheers,
> Wol

If NAT'ed between guest and host and then NAT'ed again at the home router, you 
are double NAT'ed.  As far as I know VPNs will not work through a double NAT 
situation, unless you use your gateway or host as the VPN end point and then 
setup port forwarding to the host from there.  Bridge the host to guest 
adaptors and you should be good to go (once any other conventionla VPN 
configuration problem is solved).  :-)

-- 
Regards,
Mick

signature.asc
Description: This is a digitally signed message part.

Re: [gentoo-user] kswapd0 100% CPU with swapoff and no memory demands on system

[Dale]

chin chong wrote:
> unsubscribe
>

It doesn't work that way for this mailing list.  Try this:

List-Unsubscribe:  

Hope that helps.

Dale

:-)  :-)  

Re: [gentoo-user] iproute2 reference

[Andrew Udvare]

On 06/10/2018 12:58 PM, Grant Taylor wrote:
> It helps if I actually add the foot note.
> 
> On 06/10/2018 10:38 AM, Grant Taylor wrote:
>> I will say that you'll likely need other systems [1] to test things
>> like tunnels to / between.
> 
> [1] You can easily have one machine be multiple systems via Network
> Namespaces.
> 
> I routinely use Network Namespaces to mess with networking in my
> virtualization lab.  Think of Network Namespaces as micro TCP/IP stacks
> in the Linux kernel.  Each can be configured completely independent of
> the others.

Is it possible to have a VPN clent set up in one of these namespaces and
route certain traffic through it from the main stack?



signature.asc
Description: OpenPGP digital signature

Re: [gentoo-user] kswapd0 100% CPU with swapoff and no memory demands on system

[chin chong]

unsubscribe

On Sat, May 3, 2014 at 10:16 AM, Chris Stankevitz  wrote:

> Hello,
>
> I have a small system:
>
> - 6GB drive
>
> - ext4 partition mounted readonly
>
> - swap partition that is not listed in fstab and not enabled.  (I will
> swapon it every few weeks or so if I need it for a large compile job)
>
> - 2 GB RAM
>
> When the system boots it processing video from a USB camera.  The
> program dynamically allocates and releases memory while it runs, but
> stores no data in memory or on disk (read-only).  The memory usage
> does not grow over time.
>
> When things are going well, top looks like so:
>
> ===
>
> Tasks:  68 total,   1 running,  67 sleeping,   0 stopped,   0 zombie
> %Cpu0  : 88.3 us, 11.7 sy,  0.0 ni,  0.0 id,  0.0 wa,  0.0 hi,  0.0 si,
> 0.0 st
> %Cpu1  : 25.5 us,  2.3 sy,  0.0 ni, 72.1 id,  0.0 wa,  0.0 hi,  0.0 si,
> 0.0 st
> %Cpu2  :  6.0 us,  0.7 sy,  0.0 ni, 93.3 id,  0.0 wa,  0.0 hi,  0.0 si,
> 0.0 st
> %Cpu3  : 25.7 us,  2.3 sy,  0.0 ni, 72.0 id,  0.0 wa,  0.0 hi,  0.0 si,
> 0.0 st
> KiB Mem:   1861644 total,   161648 used,  166 free, 6948 buffers
> KiB Swap:0 total,0 used,0 free,57728 cached
>
>   PID USER  PR  NIVIRTRESSHR S  %CPU %MEM TIME+ COMMAND
>  2129 root  20   0 1774440  81712  25388 S 160.0  4.4  25:55.46 obt
>   705 root  20   0   0  0  0 S   1.0  0.0   0:07.87 kswapd0
>  2049 ueyed 20   0  620472  14092  13652 S   1.0  0.8   0:09.34
> ueyeusbd
>
>
> 
>
>
> Q1: Why does the kswapd0 process from time to time take up 100% CPU?
>
> Q2: Why does top show "cached swap" eventhough I do not have swap mounted?
>
> Q3: Is there anything I can do to prevent kswapd0 from using CPU on my
> system?  e.g. disable SWAP in the kernel config
>
> I suspect the answer to Q1 is:
>
> a) kernel is not configured properly for my hardware
>  or
> b) there is some bad side effect to my readonly root fs
>
> Thank you,
>
> Chris
>
>

Re: [gentoo-user] Enable "regular" network traffic when using VPN

[Wol's lists]

On 10/06/18 17:53, Mick wrote:

On Sunday, 10 June 2018 01:31:50 BST Hilco Wijbenga wrote:

Okay, with all that advice, I gave it another try. I'm also setting up
a VirtualBox for my WFH stuff and VB wants to use 10.0.0.0 for its
networking. I've changed this to 172.16.0.0 so now I can easily tell
that network from work network (which seems to use 10.25.0.0)

I wanted to add a route to NetworkManager's VPN connection. It wants
Address, Network, Gateway, and Metric so I gave it "10.0.0.0",
"255.0.0.0" (this one shows up automatically), "207.x.y.z", "1". But
then VPN fails to start with the complaint that the configuration is
invalid.

So I tried what I think is the same on the CL:

$> route add -net 10.0.0.0/8 gw "207.x.y.z" metric 1
SIOCADDRT: Network is unreachable

So apparently, it's not quite as straightforward as I thought it might be.
:-)


Ahh!  If you're trying to set this up within a VM, this adds a whole new layer
of complexity.  I assume you're setting up a bridge between host and guest
device(s)?

No if he's assigned 172.16/16 to the VM network he hasn't. VB defaults 
to a NAT'd network and it's always given me grief. I was going to 
suggest he switched to bridged.


In settings, change the network adaptor type to bridged, and then the VM 
will get its settings and IP address from the DHCP server serving the 
local network. Makes things MUCH easier.


Cheers,
Wol

Re: [gentoo-user] Enable "regular" network traffic when using VPN

[Grant Taylor]

On 06/10/2018 10:53 AM, Mick wrote:
Ahh!  If you're trying to set this up within a VM, this adds a whole 
new layer of complexity.  I assume you're setting up a bridge between 
host and guest device(s)?


Yes, VMs can add additional complexity to the situation.  However I 
suspect that's not the problem in this case.  The nice thing about VPNs 
is that they are tunnels from points A and A.  So as long as A knows how 
to get to Z and vice versa, things should be good. A needs to know to 
pass through B to get to Z and Z needs to know to pass through Y to get 
to A.


About the only caveat that comes to mind is if things like IPSec are in 
use and there are things between A and Z that interfere with the IPSec 
traffic.  (Maliciously or accidentally.)



Grant may be better equipped to answer here how to configure this,


~deer~in~the~headlights~look~  "Huh?  What?  Me‽"  *gulp* … *dry*mouth*


it is beyond my amateurish skills ...


You're not as amateurish as you pretend to think you are.  ;-)



--
Grant. . . .
unix || die

Re: [gentoo-user] Enable "regular" network traffic when using VPN

[Grant Taylor]

On 06/09/2018 06:31 PM, Hilco Wijbenga wrote:
Okay, with all that advice, I gave it another try. I'm also setting 
up a VirtualBox for my WFH stuff and VB wants to use 10.0.0.0 for its 
networking. I've changed this to 172.16.0.0 so now I can easily tell 
that network from work network (which seems to use 10.25.0.0)


I wanted to add a route to NetworkManager's VPN connection. It wants 
Address, Network, Gateway, and Metric so I gave it "10.0.0.0", "255.0.0.0" 
(this one shows up automatically), "207.x.y.z", "1". But then VPN fails 
to start with the complaint that the configuration is invalid.


So I tried what I think is the same on the CL:

$> route add -net 10.0.0.0/8 gw "207.x.y.z" metric 1 
SIOCADDRT: Network is unreachable


So apparently, it's not quite as straightforward as I thought it might 
be. :-) 


I think you're actually quite close.

I believe the reason NetworkManager's VPN and the route command are 
complaining are the same.


Routing almost always wants the next hop, not the ultimate destination.

Think about it this way, if you ask for directions in an unfamiliar 
building, do you want to be told that you need to go to the office 
across the hall from Mary?  Or do you want to be told, take the elevator 
tot he 4th floor, turn left, and go to the office across the haul from 
Mary, she has a big sign on her office.


"Across the haul from Mary" by itself is useless and unactionable.  The 
directions that start with the elevator in the lobby is actionable.  ;-)




--
Grant. . . .
unix || die

Re: [gentoo-user] iproute2 reference

[Grant Taylor]

It helps if I actually add the foot note.

On 06/10/2018 10:38 AM, Grant Taylor wrote:
I will say that you'll likely need other systems [1] to test things like 
tunnels to / between.


[1] You can easily have one machine be multiple systems via Network 
Namespaces.


I routinely use Network Namespaces to mess with networking in my 
virtualization lab.  Think of Network Namespaces as micro TCP/IP stacks 
in the Linux kernel.  Each can be configured completely independent of 
the others.


I was using Network Namespaces about 12 hours ago to test what I 
determined was a bug in VirtualBox.  (KVM didn't exhibit the same behavior.)


I used the "ip" command to create a pair of vEth (virtual Ethernet) links:

   ip link add veth0 type veth peer name veth1
   ip link add veth2 type veth peer name veth3

I then created a new Network Namespace:

   ip netns add myNetNS

Then I moved two of the vEth interfaces to the vEth links into myNetNS.

   ip link set veth1 netns myNetNS
   ip link set veth3 netns myNetNS

Then I brought all the interfaces up:

   ip link set veth0 up
   ip link set veth2 up
   ip netns exec myNetNS ip link set veth1 up
   ip netns exec myNetNS ip link set veth3 up

Then I bound IPs to three of the vEth interfaces:

   ip addr add 192.0.2.1/24 dev veth0
   ip netns exec myNetNS ip addr add 192.0.2.254/24 dev veth1
   ip netns exec myNetNS ip addr add 198.51.100.254/24 dev veth3

Then I added a route to my workstation (main / default / nameless NetNS) 
to point to the remote 198.51.100.0/24 network:


   ip route add 198.51.100.0/24 via 192.0.2.254

That gave me what I needed to continue troubleshooting my VirtualBox 
issue.  I was able to have both VBox and KVM glom onto the veth2 
interface and put the guest at 198.51.100.1/24 IP address using 
198.51.100.254 as it's default gateway.


This meant that I had a micro routed connection from my workstation 
(main / default / nameless NetNS) to the VM that I was testing.


I do things like this weekly.  Almost all of the configuration uses the 
"ip" command.  IMHO the biggest issue is that you have to understand 
what you want to do and then translate it to the proper ip commands to 
do it.  You need that high level blueprint (if you will) so that you can 
then implement it with the "ip" command.  This is why you need at least 
a basic understanding of networking to fully take advantage of the "ip" 
command.




--
Grant. . . .
unix || die

Re: [gentoo-user] Enable "regular" network traffic when using VPN

[Mick]

On Sunday, 10 June 2018 01:31:50 BST Hilco Wijbenga wrote:
> Okay, with all that advice, I gave it another try. I'm also setting up
> a VirtualBox for my WFH stuff and VB wants to use 10.0.0.0 for its
> networking. I've changed this to 172.16.0.0 so now I can easily tell
> that network from work network (which seems to use 10.25.0.0)
> 
> I wanted to add a route to NetworkManager's VPN connection. It wants
> Address, Network, Gateway, and Metric so I gave it "10.0.0.0",
> "255.0.0.0" (this one shows up automatically), "207.x.y.z", "1". But
> then VPN fails to start with the complaint that the configuration is
> invalid.
> 
> So I tried what I think is the same on the CL:
> 
> $> route add -net 10.0.0.0/8 gw "207.x.y.z" metric 1
> SIOCADDRT: Network is unreachable
> 
> So apparently, it's not quite as straightforward as I thought it might be.
> :-)

Ahh!  If you're trying to set this up within a VM, this adds a whole new layer 
of complexity.  I assume you're setting up a bridge between host and guest 
device(s)?

Grant may be better equipped to answer here how to configure this, it is 
beyond my amateurish skills ...

-- 
Regards,
Mick

signature.asc
Description: This is a digitally signed message part.

Re: [gentoo-user] iproute2 reference

[Grant Taylor]

On 06/10/2018 07:15 AM, Peter Humphrey wrote:

Hello list,


Hi,

I'm trying to learn how to use the "ip" command to manage routing on 
one of my boxes, which has two Ethernet interfaces.


Cool.  There's a LOT that you can do.

I will say that you'll likely need other systems [1] to test things like 
tunnels to / between.


There's a LOT that you can do with ip & ilk.  Fair warning, you're 
getting close to "tc".  ;-)


Can anyone recommend suitable reading material? I don't mind paying for 
a book, provided that it's reasonably up to date and won't bury me in a 
morass of bit patterns, OSI transport layers and so on. Just the stuff 
that a network admin would need.


I don't know of anything that focuses on the "ip" command in particular. 
 But I always found the old Linux Networking HOWTO (NET3-4-HOWTO) to be 
a good place to start for networking concepts.  Then you can fairly 
easily map them  to the "ip" command.


The "ip" command can also get into things like bridging which can be fun.

Proxy ARP is directly related, but I think outside the scope of the "ip" 
command.


If you thing you're going to be messing with a lot of this and have 
questions I'd recommend that you join the Linux Advanced Routing and 
Traffic Control (LARTC) mailing list.  It's not as active as it was a 
decade ago, but there are a few of us regularly answering questions there.


If you care about IPv6 (IMHO you should at least familiarize yourself 
with it) I'd suggest going through the free training that Hurricane 
Electric offers.  You can also get a free tunnel from them to be able to 
play with IPv6.  You'll likely end up using the "ip" command to 
establish said tunnel.  ;-)



TiA.


You're welcome.

Feel free to drop me an email if you have questions.



--
Grant. . . .
unix || die

Re: [gentoo-user] iproute2 reference

[Peter Humphrey]

On Sunday, 10 June 2018 16:52:48 BST Mick wrote:
> On Sunday, 10 June 2018 16:22:18 BST Andrew Udvare wrote:
> > > On 2018-06-10, at 09:15, Peter Humphrey  wrote:
--->8
> To thumb through the man pages you need to extend man ip with the OBJECT.
> Same applies with --help pages.
> 
> For example, to read the help page of 'ip address':
> 
>  ip address help
> 
> the corresponding man page is:
> 
>  man ip-address

Yes, I've explored what's installed with iproute2, and no, Andrew, I'm not 
using systemd - thanks anyway.

I want to control routing, specifically, on a multi-home box. Distilling the 
man pages is going to take me a long time and a lot of effort, which is why I 
hoped to find an easier way to absorb what I need to know.

-- 
Regards,
Peter.

Re: [gentoo-user] [Maybe OT]: Instability of system

[Dale]

Mick wrote:
> On Sunday, 10 June 2018 14:06:22 BST Alan Mackenzie wrote:
>
>> The shop I bouught everything from seems to have gone out of business,
>> with both its telephone number and its website having been down for a
>> sustained period.  So I'm unlikely to be able to get the processor
>> exchanged for an unbuggy one.  Shelling out for a new processor out of my
>> own pocket seems too much of a long shot to justify the money (~400
>> Euros) and the time.
>>
>> So it's looking like I'm not going to be getting the problem fixed any
>> time soon.  :-(
> All may not be lost, yet.
>
> Since this is arguably a manufacturing fault of the CPU, you should have some 
> consumer rights over it.  Try contacting AMD directly for RMA, as long as it 
> is still under the *manufacturer's* warranty and you have your receipt.
>


Plus trying to talk to them may lead to them knowing what the problem
is.  Whether it is mobo or CPU, knowing which one would help.  They may
have heard of this issue before.

To, OP.  I was hoping you found a solution.  Maybe you will at some
point,  You have certainly eliminated a lot of potential causes.  I
can't recall if you have or not, have you tried a different version of
the kernel?  In the past, I've upgraded to a new kernel and it be
buggy.  I go back to a older version until I see a new update then try
again.  Generally it works.  Don't know if it was a kernel bug or just
some stray code that something didn't like but . . .

Dale

:-)  :-) 

Re: [gentoo-user] iproute2 reference

[Mick]

On Sunday, 10 June 2018 16:22:18 BST Andrew Udvare wrote:
> > On 2018-06-10, at 09:15, Peter Humphrey  wrote:
> > 
> > Hello list,
> > 
> > I'm trying to learn how to use the "ip" command to manage routing on one
> > of my boxes, which has two Ethernet interfaces.
> 
> If you're using systemd, you can set it up with systemd.network in
> /etc/systemd/network. I do this on my router. However I was unable to get
> my IPv6 6rd tunnel working this way. For IPv4 DHCP or static it works fine.
> 
> https://www.freedesktop.org/software/systemd/man/systemd.network.html
> https://wiki.archlinux.org/index.php/Systemd-networkd#Configuration_examples
> > Can anyone recommend suitable reading material? I don't mind paying for a
> > book, provided that it's reasonably up to date and won't bury me in a
> > morass of bit patterns, OSI transport layers and so on. Just the stuff
> > that a network admin would need.
> 
> man ip (relatively minimal, but not as minimal as ip --help)
> 
> https://www.cyberciti.biz/faq/linux-ip-command-examples-usage-syntax/ is in
> my bookmarks
> 
> https://access.redhat.com/sites/default/files/attachments/rh_ip_command_chea
> tsheet_1214_jcs_print.pdf
> 
> bash-completion comes with ip command support.
> 
> My script to set up my IPv6 6rd tunnel on my router:
> 
> ip tunnel del sit-6rd
> ip tunnel add sit-6rd mode sit local "$IPV4_ADDR" ttl 64 dev enp1s0f0
> ip tunnel 6rd dev sit-6rd 6rd-prefix 2602::/24
> 
> ip link set sit-6rd mtu 1480
> ip link set sit-6rd up
> 
> ip -6 addr add "$IPV6_ADDR" dev sit-6rd
> ip -6 route add 2000::/3 via "::$IPV4_BR_ADDR"
> ip -6 route add default via "::$IPV4_BR_ADDR"
> 
> Andrew

To thumb through the man pages you need to extend man ip with the OBJECT.  
Same applies with --help pages.

For example, to read the help page of 'ip address':

 ip address help

the corresponding man page is:

 man ip-address

-- 
Regards,
Mick

signature.asc
Description: This is a digitally signed message part.

Re: [gentoo-user] nvidia-drivers-396.24-r1

[T ed Ozolins]

On 18-06-09 10:22 PM, Philip Webb wrote:

I updated to the latest stable Nvidia-drivers-396.24-r1 ,
rebooted & 'startx' :
the result was an X error "No devices detected ... no screens found".
Downgrading to 390.48 got X working again.
Nothing to see on the Forum or among Gentoo 'nvidia' bugs.
My kernel is 4.9.16-gentoo.

Has anyone else run into this ?  Any other advice or comments ?


Last time that happened here, I ended up buying a newer nvidia card.

--
Ted Ozolins
Cranbrook, BC

Re: [gentoo-user] iproute2 reference

[Andrew Udvare]

> On 2018-06-10, at 09:15, Peter Humphrey  wrote:
> 
> Hello list,
> 
> I'm trying to learn how to use the "ip" command to manage routing on one of 
> my 
> boxes, which has two Ethernet interfaces.

If you're using systemd, you can set it up with systemd.network in 
/etc/systemd/network. I do this on my router. However I was unable to get my 
IPv6 6rd tunnel working this way. For IPv4 DHCP or static it works fine.

https://www.freedesktop.org/software/systemd/man/systemd.network.html
https://wiki.archlinux.org/index.php/Systemd-networkd#Configuration_examples

> 
> Can anyone recommend suitable reading material? I don't mind paying for a 
> book, provided that it's reasonably up to date and won't bury me in a morass 
> of bit patterns, OSI transport layers and so on. Just the stuff that a 
> network 
> admin would need.

man ip (relatively minimal, but not as minimal as ip --help)

https://www.cyberciti.biz/faq/linux-ip-command-examples-usage-syntax/ is in my 
bookmarks

https://access.redhat.com/sites/default/files/attachments/rh_ip_command_cheatsheet_1214_jcs_print.pdf

bash-completion comes with ip command support.

My script to set up my IPv6 6rd tunnel on my router:

ip tunnel del sit-6rd
ip tunnel add sit-6rd mode sit local "$IPV4_ADDR" ttl 64 dev enp1s0f0
ip tunnel 6rd dev sit-6rd 6rd-prefix 2602::/24

ip link set sit-6rd mtu 1480
ip link set sit-6rd up

ip -6 addr add "$IPV6_ADDR" dev sit-6rd
ip -6 route add 2000::/3 via "::$IPV4_BR_ADDR"
ip -6 route add default via "::$IPV4_BR_ADDR"

Andrew

Re: [gentoo-user] [Maybe OT]: Instability of system

[Mick]

On Sunday, 10 June 2018 14:06:22 BST Alan Mackenzie wrote:

> The shop I bouught everything from seems to have gone out of business,
> with both its telephone number and its website having been down for a
> sustained period.  So I'm unlikely to be able to get the processor
> exchanged for an unbuggy one.  Shelling out for a new processor out of my
> own pocket seems too much of a long shot to justify the money (~400
> Euros) and the time.
> 
> So it's looking like I'm not going to be getting the problem fixed any
> time soon.  :-(

All may not be lost, yet.

Since this is arguably a manufacturing fault of the CPU, you should have some 
consumer rights over it.  Try contacting AMD directly for RMA, as long as it 
is still under the *manufacturer's* warranty and you have your receipt.

-- 
Regards,
Mick

signature.asc
Description: This is a digitally signed message part.

[gentoo-user] iproute2 reference

[Peter Humphrey]

Hello list,

I'm trying to learn how to use the "ip" command to manage routing on one of my 
boxes, which has two Ethernet interfaces.

Can anyone recommend suitable reading material? I don't mind paying for a 
book, provided that it's reasonably up to date and won't bury me in a morass 
of bit patterns, OSI transport layers and so on. Just the stuff that a network 
admin would need.

TiA.

-- 
Regards,
Peter.

Re: [gentoo-user] [Maybe OT]: Instability of system

[Alan Mackenzie]

Hello, Dale

On Wed, Jun 06, 2018 at 13:51:24 -0500, Dale wrote:
> Alan Mackenzie wrote:
> > Hello, Dale.

> > Sorry for not replying earlier, I've had a rotten week.



> >> Dale


> No problem.  I have my days too.  :/ 

> Did you find the problem and get it fixed?  Just curious. 

I haven't found or fixed the problem, no.  I took the cover off my
machine to check for dust, but there was suspiciously little there (the
machine had been in use for ~9 months at the time).

I was interested to hear that John gets the same problem, with the same
CPU (an early Ryzen 1700X) and the same make of motherboard (an Asus
X370).  When I say "interested", I really mean "disheartened".  It sounds
like a problem with the processor or the motherboard, or (even worse),
the interaction between the two.  It seems the problem only happens when
Linux (not Windows) is running, and I didn't managed to find anything in
the logs, either, with a brief search.

The machine isn't overheating, or anything like that.  Besides, the
crashes happen at random, usually with low machine load, not whilst I'm
building LibreOffice.  It actually rebooted during booting a week or so
ago, and if I recall correctly, none of the kernel's booting messages had
yet appeared on the screen.  That suggests, though vaguely, that the MB
is at fault.

The shop I bouught everything from seems to have gone out of business,
with both its telephone number and its website having been down for a
sustained period.  So I'm unlikely to be able to get the processor
exchanged for an unbuggy one.  Shelling out for a new processor out of my
own pocket seems too much of a long shot to justify the money (~400
Euros) and the time.

So it's looking like I'm not going to be getting the problem fixed any
time soon.  :-(

Thanks to you, and everybody else, for all the help and suggestions.

> Dale

> :-)  :-) 

-- 
Alan Mackenzie (Nuremberg, Germany).

[gentoo-user] Building kernel with floppy support

[Shea Alterio]

Hi everybody

I've got a mini form factor Pentium 4 I just acquired. I have a huge amount
of floppy disks to make backup images of as well as write to new floppies.
Yeah I know, floppies suck, but i thought i could use Gentoo on it to make
the process less painful. This is a plain internal floppy drive so not a
USB one.  Do you need build any packages with floppy support or just make
sure it's in the kernel? When i was doing some googling to see if i would
have issues trying to do floppy stuff with the latest kernels, it seemed
like that could be a potential issue.

I will do my main compiling on my main PC then send it to the P4 to keep it
from burning itself up. haha.