thorongil: you probably want a nullfs mount

i put a script in .local/bin/ and chmod +x it. i can type the first few chars of it, tab, and it gets completed. but if i type sudo then the first few chars, it doesn't get completed. is my bash not configured right or the prob elsewhere?

demido: I don't know if "configured" is the right word, but it's a shell completion feature thing.

ok weird, so i got completion working with sudo, but it says sudo: myscript: command not found. but i can take the oneliner from within the script and run it with sudo and it works fine

then if i just run myscript, the no permission error msg is right for the oneliner inside

ah sudo printenv doesn't show /home/demido/.local/bin/ in PATH

but this works on freebsd 14.1 i think, did sudo behavior change recently or as of 14.2?

ah secure path

yep

getz: thanks, that looks like exactly what i need

im trying to set up a freebsd box to be a wireguard (vpn) server. i created /usr/local/etc/wireguard/wg0.conf and enabled/started the service. from the client i try to ping www.freebsd.org but don't get a response. do i need to do more than what i already did?

is the machine in the server role configured to act as a router?

ah no. so i added gateway_enable="YES" and net.inet.ip.forwarding=1 to /etc/rc.conf and rebooted. anything else i need to do?

must be because after reboot ping still isn't working

add these pf rules? paste.debian.net/1348986

yeah, as you use a private subnet there you need NAT too, can you reach some other host in the subnet of your "server" (should work without nat too if you configured routing for your network correctly (as in that "server" routes the wg subnet))

got it!

tyvm

i have a tiny vm with only 1G ram running zfs just fine. there any problem with setting arc max to something small like 256M?

im trying to load 1.2.3.4:40000 which should hit a vps running wireguard server and forward it to its wireguard client on the same port. python3 -m http.server 40000 on the wireguard client never gets the request and the browser load times out. i'm using pf on wireguard server to port forward and its rule is: rdr on $pubif proto tcp from

any to $pubip port 40000:40100 -> $wgclientip

ugh was pf blocked nvm

wait maybe not

i bet my nat line is the prob

not sure how tho

well, how is your network structured? how do you want to fit wg into it? (drawing could help)

from my lan here, a computer (wg client) connects to vps (wg server) to pass all of its traffic through, and the wg server port forwards a certain range back to the wg client

that's my goal nimaje and only the last part isn't working

so you probably don't have another machine at the vps side to test that it correctly routes stuff coming from/to wg at least?

nimaje well from the wg client i can ping out and traceroute that it's going through wg server. but from browser machine to wg client through wg server port forwarding, it's not working

atleast doesn't seem to be

demido: ok, so your network looks something like draw.chat/dc2nunxvf91n1m2w6spflu0nn…mj:a6be1afae1805bef9e24062958130084 and you tested that red arrow, but it didn't work? (and in the other direction it did work?)

ya

does the package reach the vps?

man that drawin gtool sucks

i tried to fill in more info i gotta find something better

was the first working collaborative drawing tool I found and just hoped it is ok

missing 1 part of wireguard + port forwarding setup please help: doc termbin.com/pte0 diagram miro.com/diagramming/online/board/u…en=9HFJuZHF2MjcJh7gPSvcOJdUyMgwZNcK

made mistake in doc...

termbin.com/qiic updated

hm, the rdr rule seems to be the address translation rule you want, can you test without the nat rule?

maybe but will that allow laptop wg client traffic out through vps wg server still?

Hi, buds, my MaXX interactive desktop is running great on the second day of use! I have a new screenshot of MaXX on Oracle Linux 9.5 for you: gist.github.com/adriankiess/da7ab856a24437e2987c993b2b6f37e4 — MaXX is a re-implementation of the 5Dwm window manager for SGI IRIX. It is also available for FreeBSD! docs.maxxinteractive.com

nimaje i have tcpdump -i wg0 on laptop wg client, and i can see in it when i ping out from wg client, but nothing shows in it when i try to open url in phone browser. so vps wg server isn't forwarding traffic to wg client?

nimaje that worked!!!!

i commented out nat rule and now i can open url

but now i can't ping out from laptop wg client. so i guess the nat and rdr rules are fighting?

if the nat rule is too general, maybe i should make it more specific?

or what's the solution so both can work?

changing rdr to rdr pass, and enabling nat rule, now it all works

!!

but i feel i should still make nat rule more specific

i have a working wg server, wg client, and port forwarding setup: doc termbin.com/uj26 diagram miro.com/diagramming/online/board/u…en=9HFJuZHF2MjcJh7gPSvcOJdUyMgwZNcK how can i make it even better though please?

(nimaje tyvm for help figuring that out)

crap it was working now it's not again wtf

stateful pf just needed a restart (not reload) now it's working again heh

ok i gotta get some sleep and come back and tighten this up. ty for helping so much

what needed pf restart eh?

that takes every state off, nevermind that fw would be not working then, eg maybe being open

can't remember any case where this was required in any of my machines since 5?

well it wasn't working then after service pf stop/start it was *shrug*

i'm too tired to finish it tonight tho. gonna sleep and tighten it up tomorow

gnight

might as well reboot box then to verify it works

that's reasonable sometimes

yes, but only sometimes

ketas: we are now in sync, how does your FreeBSD run new sine wave ?

*run on

not yet

2025-02-09 18:00:00 +02:00

:p

ha... it's a process

i saw swings to 49.6hz and 50.2hz purposefully being done today, never seen it since forever i guess

how do you check it? PV plant at home ?

nah, sadly i didn't connect any equipment nor do i have any of pv

no idea what baltic-grid.sympower.net uses

i think they have dedicated precision tool

it would be 24h to prepare island operation, 2h to disconnect from old area, 33h to run independently, of which 3h normal operation, 6h offpeak tests, 6h normal peak hours, 9h offpeak tests, 9h usual + preparing sync with new area, 6h tests in new grid, after which it resumes everyday mode

forums.freebsd.org/threads/partitio…-aligned-warning.96735/#post-689209 any idea why gpart backup/restore doesn't create the same layout on the 2nd disk ?

i have a tiny vm with only 1G ram running zfs just fine. there any problem with setting arc max to something small like 256M?

do you need to set it at all?

I have not had problems leaving zfs tuning for arc to be totally dynamic.

a couple weeks ago i was able to install sopel, an IRC bot, with pkg on 14.2-RELEASE (latest, but either should work). freshports reflects it exists still. but pkg (2.0.5) can't seem to find the package. weird

i used pkg install py311-sopel, and it worked fine. now testing in a new jail, it's nowhere to be found

scoobybejesus: How did you make the new jail? It's a separate world generally.

same command with a different IP. bastille create [name] [IP]. the jail is new, but the pkg repo the two jails use is the same one

bastille create [name] [release] [IP] actually. but yeah, identical process in each. and another 15-20 packages were installed fine. pkg just doesn't see the sopel package

sopel had an update a few days ago. maybe the package is being updated as we speak

i guess i will pip install it in a virtualenv in the meantime, but the pkg sure was convenient

i guess i'll try leaving arc max dynamic