I found that my vnet jails can have access to the internet just a short moment I add external interface into the bridge of vnet jails. What could be the issue?

I am trying to give them all internet access

I can see my nat working for the short moment only

more precisely, it allowed first 20 pings

should I just make a weirdly working vnet jails system whose bridge is unplugged and unplugged every some seconds

i wonder what is going on here: le-fay.org/tmp/30d/shutdown.txt - i've seen this on a lot of systems, random processes get SIGSEGV during shutdown for no apparently reason, it feels like a bug

ivy: it sounds familiar, but I'm trying to remember why

kevans: oh god are you going to make me fix another one of your bugs

not my bug :-p

for some reason I thought we migrated to cpu 0 and went single thread before that point in shutdown/reboot, but I seem to be hallucinating that

this is (still) under Xen fwiw and i know Xen is a bit weird

but i'm sure i've seen it on native amd64 system

kevans: there may be something else going on here (with wg), the system boots with ipv6-only kernel but won't authenticate kerberos clients over the wireguard tunnel even though BGP seems to come up okay...

i suspect this might be a configuration issue though

i install node.js from ports according tutorial: docs.vultr.com/how-to-install-node-js-and-npm-on-freebsd-14-0, then in "make install" stage, it prompt error"paste.centos.org/view/3e57ce96", should i build a empty file with name "metadir.node22"?

or there are other methods to fix this ?

ivy: hmm, that's weird

i may actually sit down and debug this now because this shouldn't be happening

oh hah

remote-control:

control-enable: yes

control-interface: 127.0.0.1

control-interface: ::1

apparently this makes unbound refuse to start

my vnets can have internet access until I get a message: kernel: arp: xx:xx:xx:xx:xx:xx is using my IP address 10.xx.xx.1 on bridgefoo

where might have been configured funny here?

two or more machines are using the same IP address probably

hmmm

How are you assigning addresses to the jails behind the NAT?

I was given the second nic with the private ip 10.0.48.1 for the instance

sorry it is 10.0.48.10

what is the first NICs IP?

10.0.12.155 and 10.0.14.35

i need two ips for fib0

is this at a service you're renting?

aws

oh

si

i'm going to step aside because idk if it is smart to change the bridge or router

sorry i couldn't help more

please enlighten me in both scenarios

i would say the safe option is to change the bridge ip

hmm

I am a veezual learner. Can you show me some example?

you can restart networking with reboot: "service netif restart && service routing restart"

without*

goonmorning: are you alive?

yes and

>.<

hmm

did anything blow up?

it didn't work. Unfortunately didn't blow neither up.

I feel I have skipped too many pages of books

jauntyd it works!

thanks you

I'm going to find a paper bag

you're welcome

I don't need to go back to read. I am so happy

is this your first experience with FreeBSD?

FreeBSD srv 14.0-RELEASE-p6 FreeBSD 14.0-RELEASE-p6

\o/ i'm happy with freebsd

i'm currently running email and shared computer with that

excellent!

`shell`

i mean that

thank you, jauntyd

welcome

radhitya: you should probably upgrade as 14.0 is EOL :-d

^

ivy: ah thank you

let me try

14.s is current

er, 14.0

er

14.1

damnit

hehe

typing is hard

I've never made a mistake ;)

ok, wish me luck :)

good luck hombre

jauntyd: it is my first infra

freebsd-update fetch

src component not installed, skippesadasdasad

wish me luck

radhitya: fwiw, X.0 release usually have a slightly shorter support period than other releases

I think eating own dog food is not so effective if you don't use for work

I will be back once I get stuck

have all good days

ivy: huh?

kevin: huh what?

is that not true anymore?

i'm sure it used to be

not supposed to be, no

hmm

it would be fair to say that the status quo up until recently has been that the schedule's been fairly chaotic and that may have accidentally been the case, but with a five year branch lifetime you should've been seeing roughly one a year

the new policy offers a vast improvement where we have more firm release targets

s/targets/target dates/

just looking at en.wikipedia.org/wiki/FreeBSD_version_history#Version_history it seems like it was, but maybe that wasn't intentional

I can't speak for anything before 11.0 personally

(e.g. 6.x, 7.x)

11.x or 10.x was where the five-year stable branch model was enacted, IIRC, and 10.4/11.0 are the first releases I was around for

ah i may be remembering something from before then

yeah, I see 9.x was pretty wild. 10.x was kind of approaching our just-ending cadence

fricking zoomers, it was better when X.0 release was only supported for 3 days, etc. etc.

=D

also i never remember having a wireguard crash on 3-STABLE just fyi

(remember when you had to run -stable to get security patches? then they introduced this newfangled 'p1' stuff)

no i'm young

we should just ditch these release and make main a rolling release

formalise stabweek

so much less effort doing MFCs and stuff

there's already some wanting to move towards even greater reduction in what we MFC

not that i have a vote, but i'd be in favour of that

i think it'd be good for perception, right now I think people expect us to MFC a lot more than we do and there's some wild inconsistency from committer-to-committer in their own personal MFC policy

the other day i got a notification that someone MFC'd my netstat -W patch

ok it's a cool patch and everyone loves it, phoronic was literally demanding this be backported because stable/14 is unusable without it, but i wonder if this is really true

if the policy is to MFC much less, then we're not disappointing people as much when we just want to keep the branch stable

perhaps people could wait until 15.0 to have better netstat

oh, phoronix thought it was a good idea? must've actually been a terrible move :-)

the way i see it, main is so stable nowadays that everyone is running main

Netflix runs main, right?

so there's really no real reason to have older tags at all other than to say "this is a version of the OS we think is stable"

yeah, but they also have a really excellent engineering team to smooth operations over if they have problems

their use case may not cover everything

just tag main once a year and call it 15.0, 16.0, 17.0, etc

if any bugs come up, MFC those and call it 15.0.1

i bet this would make it *easier* to support older release for longer because you're not dealing with so many divergant branches

+ more people using main means more stable releases in the future, more testing, etc

i think it's a lot easier to make this argument with pkgbase on the horizon

can you just vote me into core@ and i will make this happen

i don't want to do source-based upgrade of a fleet. freebsd-update-server is kind of a pain to setup, but pkgbase is damn near trivial to deploy

oh yeah i've been using pkgbase forever i forget that's not standard sometimes

yeah

but it will be by 15.0 release right? :-d

I started in *checks notes* late 2016

we could just make pkgbase base and rename the entire project to PkgBSD and then release PkgBSD 1.0

follow me for more excellent releng ideas

ma'am this is RebuildLLVMBSD. please step off with your renaming ideas.

it's a good thing this isn't a venue for strictly professional discussion

god i try to contribute and you throw tomatoes at me, this is why BSD is dying

=D

okay, i've got to go snore. o/

wow now you're saying i'm so boring i send you to sleep

enjoy your life, kevin!

god this has upset me so much, i have to go downstairs and find more vodka

look upon me and despair, freebsd community, for this is what thou hast wrought

ls

eh sorry

hi radhitya

hello

morning,

I have two vnet jails and only one has internet access via a bridge. What could be the issue?

I just tested with three vnet jails and it is only the first vnet jail who can i have an internet access

os is stable but a programmer can use it unstable ;0

my sound card Realtek ALC662 have large noise, can i change sound device to Nvidia device , paste.centos.org/view/03d2d215, if it can , how to do it

xxy: try sysctl hw.snd.default_unit

has anyone tried using openiked for simple ipsec vpn? Even though the config file syntax is OK I seem to be missing something, when I start the daemon I get this error and I don't see any connection request being generated: udp_bind: failed to bypass IPsec on IKE socket: Protocol not available

ha! the ipsec module was not loaded in the kernel :')

kevans: i thought this was RebuildRustBSD ;)

evil thought: if web assembly runs clang/llvm now, how long until we can boot FreeBSD in Mozilla.

People can boot a Linux kernel there now. So when someone does the work to set it up for a FreeBSD kernel then it can be done.

zBeeble: i did that yesterday. copy.sh/v86

morgen

johnjaye: well that's slightly terrifying :D

heh. honestly i just wanted to look up a manpage. which i could probably have just done from the website anyway

hi. does anyone using luakit browser? How safe/secure is to compare to firefox, please?

i wonder how these questions end up in #freebsd

inside of a jail, what is the accurate way of determining the version of FreeBSD being used?

is there a problem with freebsd-version?

I created the jail using bastille, so I was thinking it would be 13.2-RELEASE-p8, but uname returns 14.1-RELEASE-p5, as does freebsd-version -r

I just tested in a 13.3 jail on a 14.1 host, it returns correctly

freebsd-version -u returns 13.2-RELEASE-p8

futune: freebds-version -ur return the same values for you?

*freebsd-version

with -ur it returns 14.1-RELEASE-p5 on the first line and 13.3-RELEASE-p4 on the second line, which are the correct versions for host and jail

I guess the first line might be kernel? It's the same as host, in any case

ok so jail version should be -u and host is -r.

-k would be kernel and you can't get that inside a jail

indeed, can confirm

so I can't use uname -a, I have to use freebsd-version -u when trying to determine the version of a jail

thanks for confirming. I thought I was doing something wrong. This is the first time that my jails and host OS are not the same OS

or rather, not the same OS version

no problem, hope your project goes well

uname is derived from a sysctl, so no it won't work for the userland, as sysctls come from the kernel