dery has quit [Remote host closed the connection]
dery has joined #kisslinux
DetourNe- has joined #kisslinux
DetourNetworkUK has quit [Read error: Connection reset by peer]
DetourNe- is now known as DetourNetworkUK
Ozymandias42_ has joined #kisslinux
Ozymandias42 has quit [Ping timeout: 265 seconds]
Ozymandias42_ is now known as Ozymandias42
averymt has quit [Remote host closed the connection]
_whitelogger has joined #kisslinux
floorcrawler has quit [Read error: Connection reset by peer]
floorcrawler has joined #kisslinux
dery has quit [Remote host closed the connection]
dery has joined #kisslinux
<
dery>
kris_: I'm definitely misusing "gateway" here
<
dery>
it's the lil bouncer thing I have
<
dery>
the thin client
<
dery>
I'm using it for a few other private services and designed it so that it's (mostly) the only access outside people have to my network
<
dery>
also did the whole isolation thing with the managed switch
<
kris_>
oh okay so its just a server
<
dery>
my actual gateway stays the openwrt one
<
dery>
...under the """ONT""" my ISP gave me
<
dery>
(really just a router with a web setting named "ONT Mode", it's not an actual ont)
<
kris_>
my bouncer is on my local server, it's not on a vlan or anything but it isnt exposed to the internet directly
<
kris_>
egress is done through an ephemeral ramdisk alpine install linked up with a vpn provider to hide my IP
<
kris_>
i access this remotely through wireguard running on my router
<
dery>
ohhhh that's really cool
<
kris_>
yeah i have like 7 different virtual machines routed through that one egress point
<
dery>
also PSA about ramdisk alpine installs
<
kris_>
lets me use 1 vpn connection for all this stuff
<
dery>
just found out that DHCPv6 is basically broken out of the box there
<
dery>
or even SLAAC now that I think about it
<
dery>
dhcpcd makes a weird kind of DUID which is expected to be stored persistently somewhere
<
dery>
it's
*supposed* to fallback to a deterministic one but from my experiments it can't really tell an overlayfs from a real storage thing
<
dery>
so you have to turn the `duid` line in the config to `duid ll`
<
kris_>
ngl i have ipv6 disabled on my network
<
dery>
nevermind then lmao
<
kris_>
though good to know
<
kris_>
incase i enable it at some point (unlikely)
<
dery>
I'm accumulating quite a few notes (and bugs???)
<
dery>
I should really dump them somewhere or even better put them in the wiki
<
dery>
in the case of alpine
<
dery>
like, this is COMPLETELY undocumented afaict
<
dery>
on the whole web. I guess ephemeral ipv6 stable address SLAAC boxes aren't exactly a common usecase
<
kris_>
kinda surprising how unbelievably underdocumented this is given alpine initially came into existence as a distro to run from RAM
<
dery>
that explains why it's so good at that... when it works
<
dery>
this is completely mindboggling indeed
<
dery>
I FOUND THIS ONLINE ALREADY
<
dery>
LIKE YESTERDAY
<
dery>
I DIDN'T READ THE DOMAIN LMFAO
<
dery>
unfortunately the most problematic setup I have is also the most complex
<
dery>
and I could barely find similar docs online
<
kris_>
usually how that goes
<
kris_>
at some point i need to document my openbsd router setup and make it public because there was precisely 0 accurate documentation on this
<
dery>
we need more router stacks
<
dery>
openwrt is cool and all but if we don't have variety setups will fossilize and everything outside the beaten path WILL break
<
kris_>
yeah i want this to be more common, openbsd is the only OS ive ever used as a router that i don't think blows complete and utter sack
<
kris_>
for the task, i mean
<
dery>
just curious, you setup the thing from cli or do generic router web uis exist
<
dery>
don't remember if you already explained me that
<
kris_>
idk if any exist, part of why i did this was to avoid webuis
<
dery>
won't lie, LUCI is hella comfy
<
kris_>
i think if i show you my configs itll rock your brain lol
<
kris_>
the entire thing is configured in /etc/dhcpd.conf and /etc/pf.conf
<
kris_>
outside of the interfaces on the box themselves
<
kris_>
it's extremely clean and everything you need is already installed
<
kris_>
luci is a fucking mess compared
<
kris_>
packet filter, openbsds firewall
<
dery>
just curious, does nat go there too?
<
dery>
a bit like netfilter, I think?
<
kris_>
in the pf config? yes
<
kris_>
i don't want to share my 1:1 config so ill have to edit one that i can make public tomorrow
<
dery>
but like, very cool indeed
<
dery>
would you look at that
<
dery>
someone implemented map-e on openbsd
<
dery>
why in the world is my ISP's setup similar to Japanese ISPs
<
dery>
I still can't phatom that
<
dery>
Last time you told me that you weren't sure if map-e was a thing on *BSDs. Turns out that it actually is?
<
dery>
That would be really nifty
<
kris_>
yeah, i dont think this applies to me atm so I've never really looked into it but very cool
fultilt has quit [Quit: Leaving]
sjalv has quit [Ping timeout: 244 seconds]
sjalv has joined #kisslinux
Ozymandias42 has quit [Ping timeout: 256 seconds]
Ozymandias42 has joined #kisslinux
Ozymandias42 has quit [Ping timeout: 244 seconds]
Ozymandias42 has joined #kisslinux
Ozymandias42 has quit [Read error: Connection reset by peer]
Ozymandias42 has joined #kisslinux
Ozymandias42 has quit [Read error: Connection reset by peer]
Ozymandias42 has joined #kisslinux
Ozymandias42 has quit [Remote host closed the connection]
Ozymandias42 has joined #kisslinux
fultilt has joined #kisslinux