Grex General Conference

Item 4: Grex System Problems - Fall 2015/Winter 2016

Entered by cfadm on Thu Dec 31 16:42:13 2015:

18 new of 223 responses total.

#206 of 223 by lar on Thu Mar 12 11:15:09 2020:

..not that we even have an outgoing smtp server that I can see.

#207 of 223 by tod on Thu Mar 12 20:30:34 2020:

re #204
Agreed about mutt

#208 of 223 by kentn on Fri Mar 13 02:12:10 2020:

I've used mh, nmh, pine, alpine, and now mutt. Mutt isn't hard to learn and
seems to work okay for me so I've stuck with it.

#209 of 223 by cunnings on Fri Mar 13 03:01:25 2020:

I like alpine and use in almost everywhere. The menus aren't a distraction,
I operate efficiently via muscle memory. IMO it's easier to navigate through
my many folders dedicated to various email lists, and setting up new filters
is easy using the setup menu. I've used mutt in the past, it's ok, and I like
the vim-like key bindings. MM on TOPS-20 is nice too.

#210 of 223 by tod on Fri Mar 13 04:40:39 2020:

MM is like a fine wine and requires a VT52 for full appreciation.

#211 of 223 by cross on Thu Mar 19 16:57:03 2020:

resp:205 `export MAIL=$HOME/Mailbox`

#212 of 223 by lar on Tue Mar 24 02:06:14 2020:

re#211 
thanks!

How can I validate my account?

#213 of 223 by tfurrows on Tue Mar 24 18:49:57 2020:

#200, cross, what would Grex use instead of OpenBSD?

#214 of 223 by kentn on Tue Mar 24 19:14:12 2020:

Re 212:  I think you might mean "verify" your account.  Your account is
already validated.  To verify an account on Grex, you need to provide
acceptable identification.  This can, for example, be a copy of a
state-issued valid ID like a driver's license or by using a validated
PayPal account to purchase a minimal membership (e.g. $1).  Validated
PayPal accounts are determined by PayPal.  As you might expect that
generally means they know your real identity and there is a bank account
or credit card connected with the PayPal account.  Since verified users
have more access to the internet, verification allows Grex to identify
people who cause problems, if an agency, like the FBI, come calling (and
believe me they have contactd grex before about particular users).

#215 of 223 by cross on Wed Mar 25 18:47:28 2020:

resp:213 Probably FreeBSD.

#216 of 223 by kentn on Sat Nov 14 22:58:12 2020:

I noted today that one of my computers wouldn't connect to grex via
ssh while another would.  They are different versions of FreeBSD (11.4
worked, 12.1 didn't). Same setups of ssh_config.

Anyway changing the MTU for 12.1 fixed it, which is a bit weird.  I had
to edit /etc/dhclient.conf and supersede the interface-mtu setting that
normally is set to 1500 by DHCP and setting it to 1400 helped.  Probably
this is due to the ciphers that get picked in the ssh connection.
Each computer picks a different one (using the same setup).  So more
investigations to do.

I had noted someone else had seen something similar in the past couple
weeks.

#217 of 223 by papa on Mon Nov 16 00:02:46 2020:

resp:216

I've posted more details on the trouble here: item:garage:60

#218 of 223 by kentn on Mon Nov 16 01:49:10 2020:

Thanks, papa.

#219 of 223 by tonster on Mon Nov 16 19:04:42 2020:

My guess is that it might have to do with the method now used for
accessing Grex. I recently canceled my AT&T service, which allowed me to
have static IP's at home. With that now gone, I've established a VPN
between my servers in Azure and home, and am routing grex (and m-net)
via static IP's I've got in Azure and home over that VPN tunnel. Exactly
why this is working without incident for some ssh clients and not others
I'm unsure, but that is the change that was made in the past week when
this started.

#220 of 223 by tod on Wed Nov 18 02:18:47 2020:

re #219
This is excellent - curious how that is setup.
I have a nat behind a nat at my office and want the pi there available
for sshd from home and elsewhere.  Not sure how to go about it.

#221 of 223 by tonster on Sat Dec 5 22:10:28 2020:

resp:220: What I did was created a vm at home to route the tunnel, and
established a strongswan tunnel between the two sites. I then created an
iptables rule to create a route to my network via the tunnel:

-A POSTROUTING -s 10.0.0.0/24 -d 192.168.0.0/20 -j MASQUERADE

and the opposite on the other end of the tunnel:

-A POSTROUTING -s 192.168.0.0/20 -d 10.0.0.0/24  -j MASQUERADE

For the Azure side, I also route the additional bound IP's over the
tunnel back home via:

-A PREROUTING -d 10.0.0.9/32 -j DNAT --to-destination 192.168.0.110
-A POSTROUTING -d 192.168.0.110/32 -j SNAT --to-source 10.0.0.9

strongswan starts on boot, and I've put the iptables rules in the
appropriate file for the OS (ubuntu/centos), so everything comes up on
boot and strongswan monitors the tunnel so it automatically restarts
should it drop. It ended up working out quite well, and it was much
easier to get it running than I'd expected.

#222 of 223 by tod on Sat Dec 12 05:40:45 2020:

re #221
Very tidy, indeed.  Thanks for the rundown!

#223 of 223 by kentn on Tue Feb 21 16:19:26 2023:

The machine grex is running on had more disk space added yesterday. That
took it offline and made it appear the SSH security info had changed.
It's back up now and everything should be back the way it was before the
changes.  Thanks go to Tony for keeping grex going.

There are no more items selected.

You have several choices: