00:33:29 moin 00:36:01 i installed freebsd on a VM on proxmox, after i setup the network on the freebsd system, i cant reach the internet from my server, i added also default router(gateway) 00:47:35 what card comes up inside freebsd? vtnet0 ? 00:49:51 Thoraxx: ^ 00:50:00 yes 00:51:24 and how did you configure it? 00:51:30 dhcp? static? 00:51:55 static 00:53:31 what is it? is it up? what's the default route? 00:55:26 if i type ifconfig, there is status:active 00:56:30 and you have a resolv.conf with a working name server? 00:56:55 yes 00:57:21 the nameserver from my serverprovider 00:57:31 can you ping the nameserver 00:57:45 this is like, the most basic of network diagnosis 00:58:39 also without showing me, it's hard to see if all is well, or you, i don't know, typoded the default gateway 00:58:53 but if the info seems correct it sounds like it's on the proxmox side 00:59:31 you mean the problem is in proxmox? 00:59:53 do other guests on the same network work? 01:00:15 yes my debian server works 01:00:28 and the windows server also 01:01:41 what gateway do these VMs use? your lan gateway or another one? 01:02:02 < rtprio> can you ping the nameserver 01:02:08 < rtprio> what is it? is it up? what's the default route? 01:02:19 both the same, that i get from my provider 01:03:01 if i ping the ip from the nameserver, it tell me "no route to host" 01:03:42 what's `netstat -rna |grep default` show 01:04:20 nothing 01:04:36 then i'm sorry to say you don't have a default route 01:04:45 what is the default rout supposed to be? 01:05:21 the gateway that i get from my provider is 89.163.212.1 01:05:46 so your whole lan is a routable ip range? 01:07:18 on the freebsd vm, type; `route add default 89.163.212.1` and try to connect to the internet 01:07:18 what you mean exactly? sry that i dont understand 01:07:48 i mean it's not 192.168.1.1 or any of the 'usual' LAN default router addresses 01:08:04 rfc 1918 01:08:32 "add net default: gateway 89.163.212.1 fib 0: Invalid argument" comes up 01:08:55 Thoraxx: can you show the output of 'ip addr' and 'ip route show' on the Debian system? 01:09:19 can you pastebin `ifconfig vtnet0`? according to route, you don't have an ip on that network 01:11:17 rtprio sry its a screenshot, because from the proxmox console window i cant copy text: https://imgur.com/a/7x5A03O 01:12:04 why does the ip address start with 5 if the gatway starts with 89 ? 01:12:34 and what the heck is up with your netmask? 01:12:47 it's a /32. also not helping 01:13:07 this is why 10 minutes ago i wanted to see this 01:13:28 o_O 01:19:56 i might also like to see how your debian system is configured 01:28:53 https://imgur.com/a/935f1Rr 01:31:23 and that's how your provider told you to do it? 01:31:33 yes 01:31:42 and on the debian system it works 02:11:02 really stumped by this issue where mesa keeps falling back to llvmpipe. I don't even know where to look for diagnostic stuff. dmesg doesn't give me much of a hint 02:27:06 well I figured out how to reliably trigger it. any time the VT switches away from X11 and back, whether manually or during suspend/resume, the iris driver breaks for some reason and it goes to llvmpipe 02:36:24 how do I safely turn off dhclient so I can disconnect ethernet without damaging it? (I've seen PCs in the past this damaged them if you disconnected it beforehand on some OS) 02:37:55 darwin: if you're really concerned about that, just set the interface down before disconnecting. stopping dhclient will do nothing to stop it passing traffic or being electrically active 02:39:57 ok 02:40:00 thanks 03:11:42 so I found this that sounds ever so slightly like the issue that I'm dealing with: https://forums.freebsd.org/threads/no-3d-accelerated-graphics-in-xorg-after-suspend-resume-on-lenovo-ideapad-520s.85543/ 03:11:43 Title: No 3D accelerated graphics in Xorg after suspend/resume on Lenovo Ideapad 520S | The FreeBSD Forums 03:12:06 gonna try out the debug.acpi.max_threads variable I think 03:14:11 will also give reset_video a shot though from what I remember reading it causes issues almost as often as it helps 03:30:07 guess none of that helps with the whole thing of switching VTs, once I'm in X11 I basically can't switch out 03:30:33 tried the xf86-video-intel driver and it has the same issue in addition to bringing back the fault errors 03:56:24 after more looking, this seems exactly the issue I'm having: https://github.com/freebsd/drm-kmod/issues/175 03:56:27 Title: amdgpu: Acceleration disabled by VT switch · Issue #175 · freebsd/drm-kmod · GitHub 03:56:27 175 – Syscons does not recover X graphics mode https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=175 07:23:25 i have same issue. upgraded jail from 12 to 13.2 and pkg unable to fetch pkg: http://pkgmir.geo.freebsd.org/FreeBSD:12:amd64/quarterly/meta.txz: Not Found https://forums.freebsd.org/threads/updated-from-system-11-2-to-13-1.86903/ 07:23:26 Title: Updated from system 11.2 to 13.1. | The FreeBSD Forums 07:26:17 ivaat: what does 'file /usr/bin/uname' say? 07:26:23 let me try from host side with forcing 07:32:36 this worked: freebsd-update -b /usr/local/jails/webprod62 --currently-running 12.3-RELEASE -r 13.2-RELEASE upgrade and freebsd-update -b /usr/local/jails/webprod62 install 07:33:01 previously i did run freebsd-update fetch on guest. dumb me 07:43:01 also the yesterday php issue. on that jail i upgraded this way: freebsd-update -r 13.1-RELEASE upgrade and freebsd-update install 07:43:19 i now remember there was something going on with files merging and i cancelled that 07:44:22 ended up with broken system i assume which just worked http 200 but php blang from web.. i have this jail around.. perhaps i can master it.. to figure out 07:45:05 but php blank* 07:45:27 now new jail upgraded from host. php works correctly 08:53:38 Hi, I was wondering if someone knows how well or not well supported is conda in FreeBSD. Another question is if there is any iniciative to track the development/support of the new Intel NPUs 08:54:02 (since the GPU train seems to have been lost time ago) 16:25:05 Anyone know why an NFS mount (over a VPN) would make an entire system almost unusably slow? 16:25:08 Something to do with IO? 17:13:22 I'm working on vnet jails, currently the jail does not have network. I'm trying to understand how all of the pieces fit together. 17:13:26 The handbook has a line: 17:13:27 $gateway = "192.168.1.1"; 17:13:34 Where does this IP address come from? 17:13:51 I'm thinking I need a different value here, but I don't know what it would be. 17:14:04 That's not supposed to be the public IP of the host, is it? 17:15:22 matthewp: It's the default route. What's appropriate there will depend on your network configuration. 17:15:44 My jails share the hosts network stack so I don't specify the GW. 17:15:53 Should it match `defaultrouter`? 17:16:01 defaultrouter in /etc/rc.conf i mean 17:16:14 mynam: Having their own stack and your gateway setting are largely unrelated concepts. 17:16:39 mason: By sharing the stack, the routes are shared no? 17:16:46 Thus no need to set the GW on the jail 17:17:56 mynam: Maybe I'm confused, but in general using VNET and having a distinct stack means your networking inside the jail has to be coherent and complete. If you want to lob out packets to something not on your local network, you're very likely to need a path for them. 17:18:17 I don't want to share a stack because i'd like each jail to have their own postgresql, for example, and not have to worry about giving them all different ports for that. 17:19:45 mason: I missed where matthewp said vnet :) 17:22:17 no worries 17:23:05 matthewp: Give me a second and I'll update some docs I've been working on but that've been set aside. 17:24:24 Blah, not finding the working copy I was updating. Hunting around a bit. 17:25:11 I tried setting $gateway to the external ip address (and also the defaultrouter inside the jail) but that did not work, jail actually wouldn't start. 17:27:30 oh interesting, the defaultrouter in the host is not the same as its ip 17:27:58 but it's also not a 192.* number 17:29:10 matthewp: It's going to be hugely helpful to you to review the networking concepts. The Wikipedia page might be a little too dense, but https://en.wikipedia.org/wiki/IP_routing has some useful stuff. 17:29:11 Title: IP routing - Wikipedia 17:29:27 Still whipping up some modifications to a guide that might be useful. 17:32:16 I think I mostly understand those concepts. 17:34:39 matthewp: Here, apologies if I've bungled anything in my edits, but https://wiki.freebsd.org/MasonLoringBliss/JailsEpair-wip is a work in progress example of doing DHCP-based vnet jails on FreeBSD 14: https://wiki.freebsd.org/MasonLoringBliss/JailsEpair-wip 17:34:40 Title: MasonLoringBliss/JailsEpair-wip - FreeBSD Wiki 17:35:19 ok, this will be helpful, thank you 17:35:33 matthewp: I stalled a bit getting sick, and also I'm digging for a way to allow jail config to be able to reference a dynamic Jail ID for doling out epairs more dynamically. 17:36:12 I suspect I'll have to submit a patch to make this possible, but the idea is "I've got a jail config snippet in /etc/jail.conf.d and I don't have to hardcode an epair number" 17:36:12 Sorry to hear that you got sick, hope you feel better 17:37:01 Not yet. Despite masking for years, after almost four years without it, we've finally (despite the masks) contracted COVID. My lungs aren't working right but I've avoided the hospital so far. Wife's a bit worse than me. Kids are largely better with a couple weird lingering symptoms. 17:38:08 Anyway, right before it hit us I was starting to dig into how to get jail configs access to a dynamic JID, which will mean you can take a config snippet and move it between jail hosts without having to reassign the epair manually during the move. 17:38:10 Oh sorry to hear that, hope you are able to rest 17:38:41 matthewp: Eh, I'm lucky in that I work remotely or I'd be in trouble. I'm generally getting enough sleep, though, and just taking things slow. Thank you. 17:39:32 If I'm both ambitious and successful I'll get a patch in for this so we have it out of the box in FreeBSD 15. We'll see. 17:40:55 your bridge ips are 10.*, mine are 192.* (because i followed some other guide). Are these significant? 17:42:50 matthewp: You'll want to amend the details to match your local config. So, if you're on 192, then yeah, adapt those examples. 17:43:31 well i don't know if i'm on 192 17:43:35 how do I find out? 17:43:37 what config? 17:43:45 The basic notion is that if you have a DHCP server on your network, and a bridge on your host, this will simplify your config. 17:44:29 I have a bridge on my host because I added one. I don't, however, know if its configured correctly. 17:44:35 matthewp: You'll have a better time if you get comfortable with your network. What is giving our addresses, for instance? 17:45:43 Yeah that's a good place to start. My assumption was, I have an IP addressed for my computer, assigned by my network (in this case a VPS), and that everything else should be completely internal. 17:46:09 matthewp: VPS isn't a networking concept. Are you doing all this on a public VPS? 17:46:11 I don't want my VPS provider to need to know about all of my jails. I just assumed it could all be contained within my box, is that not true? 17:46:42 public VPS in that it's on the public internet? Yes. 17:47:12 matthewp: Ah, this changes things. You probably don't want vnet on your VPS... It'd be a very different config. My stuff assumes you're on an open network but chances are you only have one address available to your VPS. 17:47:29 Hm 17:47:34 That's surprising 17:47:36 You might be able to use vnet if you do something interesting with NAT on your host, but I've never tried it. 17:48:38 Well I wanted my VPS to be its own internal network. 17:48:47 If you do NAT, you can reasonably talk to the same port on each jail where each jail has a distinct internal address. 17:48:50 But if that's not what vnet is for, that's good to know! 17:48:51 Yeah. 17:49:04 So, my guide isn't going to help a ton with that unfortunately. 17:49:10 That's ok 17:49:15 So I should not be looking to vnet at all? 17:49:22 Maybe? Let me dig for a sec. 17:50:11 matthewp: I haven't fully read or vetted this, but this appears to tackle the situation you've got: https://www.boucek.me/blog/freebsd-jails-with-vnet-and-nat/ 17:50:12 Title: FreeBSD jails with VNET and NAT · boucek.me 17:52:36 That doesn't seem to bad, i'll try it 17:54:22 In the NAT section, is that passing port 22124 to the jail? 17:57:56 matthewp: I'm no PF expert, but that appears to be passing power 22124 on the host to one of the internal addresses, presumably same port. 17:58:10 yeah that's what im assuming 17:58:28 so if I don't need to pass any ports to the jail, i would exclude that line 17:58:44 I assume the line before it is what allows the jail to access the network 17:58:57 If you're not passing any ports back, are you just accessing the jails from the host? 17:59:21 yes, the host has an HTTP server that it will proxy to jails 17:59:41 That will simplify things a bit, then. 18:00:22 in most cases at least, i might some day add a jail that runs something other than web servers, so knowing how to pass ports is great 18:01:18 matthewp: It's entirely possible this might all be accomplished without vnet. I think the limitation of "one PostgreSQL per system without vnet" is out of date. 18:02:01 Example: https://forums.freebsd.org/threads/postgresql-in-jail.51528/ 18:02:02 Title: Solved - PostgreSQL in Jail | The FreeBSD Forums 18:03:04 I'd try with traditional jail networking, myself, each jail just sitting on a 127 address. 18:03:45 really? 18:09:00 How do I assign 127 addresses? 18:12:12 this is helpful: https://www.digitalocean.com/community/questions/how-do-i-know-what-ip-to-assign-to-my-freebsd-jail-to-avoid-conflicts 18:12:13 Title: How do I know what IP to assign to my FreeBSD jail to avoid conflicts? | DigitalOcean 18:23:27 SpaceBass: is the client machine slow? maybe are you running a desktop environment that has some software in it that ends up inadvertently accessing those mounts frequently because the software hasn't been written to accommodate that high latency (KDE/Dolphin comes to mind) 18:23:45 Its server (headless) 18:23:54 But it could be services hitting that NFS share... 18:24:20 rsync and sshfs are significantly faster 18:25:09 How is the share mounted to the client? fstab? At work, my coworkers defaulted to some really small rsize/wsize values that just killed performance anywhere but AIX. 18:25:51 fstab yes 18:26:02 I think nfs just doesnt work well over distance 18:26:14 Do you have it set to TCP? 18:26:19 What's the latency between the two boxes? 18:26:52 not sure what it is then. i run nfs v4 pretty vanilla on small servers without knowing much about it and it hasn't caused any issue for me on the server 18:26:53 round-trip min/avg/max/stddev = 169.990/170.285/170.600/0.226 ms 18:27:28 That's a decent distance 18:27:53 Middle of USA to Finland 18:30:20 I'd be hesitant to recommend UDP over that distance. You could force it to TCP and pull a pcap of the traffic while writing a test file, then pull that pcap into wireshark and look at the conversations. You might see a lot of waiting on replies from the remote end. 18:30:34 Ill try moving it to TCP 18:30:41 Assume it's just a mount flag? 18:31:31 Ya, in the options block add "tcp" 18:31:43 Looks like my server (TrueNAS) is TCP only already 18:31:46 Then remount it 18:32:12 Would be good to check the client side mount options too and make sure it's mounting via tcp there. 18:35:16 Will try with nconnect=16 too 18:35:32 Doing a manual test with sudo mount_nfs -o nfsv4,sec=krb5,nconnect=16 first 18:37:23 the performance is bad on the nfs server or the nfs client (which is also a server) ? 18:37:43 Just the client 18:38:07 Like I've got a terminal window totally locked up for 5 mins just waiting on ls /mnt/nfsshare 18:39:04 like mynam said probably worth looking at the packets 18:39:34 having a small read/write size over a large latency would be a source of bad performance but not to that extent 18:39:48 That's probably it... large number of files on the share 18:39:53 does your ls command ever finish? 18:39:56 And some local services on the client trying to index them 18:40:08 It will eventually 18:42:37 Tried with max number of tcp threads... no change 18:42:43 Guess were using sshfs :/ 18:43:38 you can get it working with nfs but it'll take more work and you'll need to look at the packets and other data to see what's happening 18:43:45 but sshfs is also a good option that's quicker 18:43:59 quicker to get working i mean 18:44:07 Not sure what the packets will tell me though... it'll all be encrypted right? 18:44:22 i'm talking about when it's not encapsulated in your vpn 18:44:35 sec=krb5 18:44:40 ah ok 18:44:50 well, you will still see the timing 18:45:11 I wonder how smb does 18:46:15 though actually are you sure the krb option encrypts the data? doesn't just provide authentication? 18:47:22 but yeah if it's 5 minutes wait then it could not have much to do with the network 18:47:47 if it actually finishes. if it hangs forever then that could be the network. 18:48:26 Wish there was a way to see what the system was waiting on 18:49:21 there are ways to do it but i don't know it 18:49:51 you will want to be more specific about what exactly the performance issue is when you say "the system waiting" (your ls example is one good place to start) 18:51:07 ls hanging for many minutes suggests that there is no connection or that you have an MTU blocking the larger response from being returned. but i guess it could just be performance 18:51:39 a tcpdump would tell you if it is performance 18:51:46 agreed 18:55:38 Yeah there could be an MTU issue now that I think about it 18:59:36 1500 too big, 1472 works without fragmenting 18:59:39 So not too bad 19:01:55 Careful messing with the MTU, tho the interface for the VPN will need a smaller MTU because chances are (unless you've changed it) your internet facing NIC will be set to 1500. So 1500 - the VPN overhead will give you the MTU size to use on the VPN interface. 19:03:37 The MTU on my wireguard interface is 1420. 19:03:42 If ?I change it, I'd change it on the VPN 19:03:53 There's a pfSense box on either side of the NFS server and this client 19:21:11 SpaceBass: just one hop between server and client? 19:21:36 2 19:23:24 i wouldn't expect you need to change your mtu for this 19:24:33 does every disk operation take ~5 minutes to complete or what 19:29:13 rtprio: it's over a VPN at a distance of Central US to Finland. 19:29:55 wireguard? 19:29:59 or something else 19:30:13 and does it matter the directory size when you are ls'ing? 19:31:07 SpaceBass said there's a PFSense box on either side. Been a while since I've used it but I'd guess openvpn 19:33:21 hrm 19:34:41 ~170ms of round trip latency was reported so if it's chatty, slow, fragmented, and potentially lossy... Lots of things to check. 19:35:07 nfs would not be my first or second choice across an ocean 19:35:29 using nfs4 (tcp) rather than nfs3 (udp) could be s start 19:36:14 Is there a prefence between openvpn and wireguard? I don't see any security related concerns about either project. Wireguard may be faster, openvpn has a longer history. What to choose? I just need a couple of point-to-point connections for remote backup. 19:36:49 I used OpenVPN for years, loved it, but speed wise Wireguard is much faster. 19:36:59 And depending on what you're doing, is easier to setup. 19:37:18 That's my situation as well. 19:37:39 I think wireguard lacks the TLS CA support (tho I could be wrong) so I'd probably use OpenVPN if that's required. 19:38:15 My primary use case is p2p tunnels so I don't get into the road warrior use case much. 19:39:00 Okay, thank you. Wireguard it is, for this project. 19:41:44 Huh. There was a wireguard metaport in fbsd 12, now deprecated. We go with kmod and tools? 19:41:52 yep 19:42:10 tnx. 19:42:44 freebsd rules! 19:43:39 yep 19:48:09 ${name}_chdir in rc.subr; does that go in my rc script as is, or do i modify it to match myprogram_chdir="/usr/local/www/myprogram" ? 19:54:34 perlbot paste 20:06:51 i'm sorry? 20:13:01 i'm getting kinda tired of applications that have to be run in a specific place in order to find their shit 20:14:09 What do you mean? 20:15:32 i man this node app needs to be run where i checked out the code or it won't run 20:15:49 Oh 20:15:52 Yes 20:15:54 which is giving me difficulty writing a rc script for it 20:16:02 That stuff is a compleate load of ***** 20:16:17 Node and I aren't friends tho.... 20:16:18 likwise this go app references its database like ./data 20:17:46 The last rebuild of my website, I tried something like 9 languages. I threw Node out after ~10min. Tried bun, that lasted a couple hours, but I threw that out too. TLDR, wound up with Haskell. 20:18:02 For the most part I'm done with interpreted languges 20:19:16 i find plenty of useful software in node. but it is a pain to deal with 20:19:25 Absolutely! 20:19:46 I like the browse software that's out there to find new stuff. 20:20:39 I find stuff all the time that I really want to setup. As soon as I see something that's JS, that's not just extract and run in the browser, I hit skip because the aggrivation level of dealing with it server side isn't worth it to me. 20:21:23 The latest thing I wanted to setup was video conferencing. 20:21:39 I've messed with Jitsi in the past, lovely tool but difficult to admin. 20:21:49 I found a few alternatives that were all node. 20:22:09 Would up with Galene which is Go and very simple to setup. 20:22:31 So I have Matrix+Fluffychat and Galene for the family to use. 22:03:34 is there a way to store the kernel config outside of the source tree? 22:08:09 just copy it 22:08:28 cp /usr/src/sys/amd64/your-kernel-name ~/ 22:08:38 cp /usr/src/sys/amd64/confyour-kernel-name ~/ 22:08:44 cp /usr/src/sys/amd64/conf/your-kernel-name ~/ 22:08:45 even 22:43:42 lw: build(7), see KERNCONFDIR 22:44:25 can be defined in src.conf(5) so it's consistent across builds 22:44:42 debdrup: thanks 22:46:43 Not having to branch the head of the tree and rebase to maintain out-of-tree changes makes things a lot easier. 22:48:50 yeah... although i'm wondering if it makes sense to keep doing this anyway, since it means i can easily update to a specific commit, or add local patches for testing if i need to. (this is for my build server, not local builds) 22:50:19 One thing that's really powerful is being able to, say, do an include of GENERIC and then do nooptions and nodevice to exclude things you don't want - but still get anything that's newly added.