I've read about pudriere and how it replaces the soon to be deprecated portsnap, and I do plan on using poudriere. But first I wanted to make sure ports worked. I fixed the distfiles warning by logging in as root and creating the dir (which before didn't work, now it did, don't know what changed), but still if I try to run make install on any port, I manually created /usr/ports/distfiles as root, but when running make install as non-priviledge user, I

get that distfiles is not writable by me, even though I am on the wheel group, and after running make install I get asked by su for the root password, I don't know what I am missing

could you share what are your distfiles folder permissions? I have 755 with owner root and group wheel

You always have to run make install as root.

All other steps can be run as a regular user.

ah, gotcha, though that the su asking for the password handled which parts of make run as root and which as regular user, thanks

On my machine I get "drwxr-xr-x 58 root wheel 2579 Aug 25 06:23 distfiles"

many thanks

ibs yes, with screen.font variable (it will take glyph size)

ibs test it out on loader ok prompt first

Schamschula: not really, you can use the SU_CMD (e.g. setting it to use 'sudo') and have the ports framework automatically switch to using root when needed (I have my distfiles directory owned by regular user)

kevans: what were you responding to when you said PEBCAK?

my guess would be you messing up your wg config (as the alternative would be some strange bug in our wg implementation)

general *NIX question, is it common across unixes for different users to see, via process list, full command-line invocations used by other user processes?

dch: you can change that with security.bsd.see_other_{uids,gids}

right, on FreeBSD this is covered already

(I set it to 0 for jails)

dch, I think it's a tunable setting on most *nix OSes.

I've used a lot of different *nix OSes over the years, but currently only have a handful of FreeBSD & Linux instances to look at.

yeah me too, very small sample size compared to 15+ years ago

polarian: yeah, what nimaje said

tsoome_: Worked like a charm. Thank you!

yw

Howdy, folks!

Ditto.

Oh and yeah, "nicholaus04" = Tiny11 PC, "nicholaus104" = My main FreeBSD PC.

Even then. On this one, i'm just testing out irssi via MSYS2, and it works pretty darn well.

Well then, i'll just DC off of my Tiny11 PC, and let my main FreeBSD pc take over this nickname.

There we go.

Howdy sir :-)

kevans: I am confused

Alright problem, always on VPN config on FreeBSD, wg tunnel to router on the internal server works for everything apart from on the subnet, which makes sense as the subnet is a /24, which means LAN to LAN traffic isn't tunneled back to router... which is ok but also for this setup the wg tunnel is to overlay ontop of WPA (which isn't that secure) for the wifi... aka hardening of wifi

the route for the subnet (/24) CAN NOT be removed... which means any traffic to that will go via the physical interface due to the routing table...

because of DHCP the /24 can't be switched to /32 to remove it from the subnet and thus packets *should* be tunneled... this would require setting the IP manually which is not ideal and will then break public wifi networks which is the exact reason you want always on VPN (so you do not need to toggle it all the time)

sssoooo you want each wifi client to set up its own wireguard tunnel to the router, and even when speaking to other devices on the same network, to do so through its wireguard tunnel to the router

except if you use the same wifi network for each device, they will notice they are on the same network and talk directly to each other when they need to. to fix this you want them to think they are alone

but then you have to make some kind of provision for each one ahead of time and you don't want to do that.

Mmmmm.... configure your dhcpd with a bunch of small subnets, one for each device (but not bound specifically to that device--just if you anticipate 10 devices, make 10 subnets). make the pool for each subnet contain only one client address. give the router an ip address inside each tiny subnet. configure wireguard for each tiny subnet.