demido, ditch AOL dial-up, go broadband

is there a torrent alternative?

those are typically faster

i have fiber that's not the issue

lol, I just jk :p

wg server cpu does take a hit. i was mashing return in top to try to get a realtime view and its average was like 30% idle. sometimes as low as 0, high as 50 ish. wg client mostly idle

is there a more precise, faster running cpu utilization prog for fbsd than top?

demido: It looks like you're hosting the WG server in a jail? (There's nothing wrong with that.) When you try to fetch the same ISO from that jail, do you get the speeds you'd expect?

no wg server is running in a VPS tho

Also, how are you connecting to WG from the client? Is it via wifi? Wireless? Wired? Wired on the same network?

wired from my lan across inet to VPS host

You're saying client (without WG) can rx/tx fast as well as VPS rx/tx (without WG) can also transfer fast. But, just between the two (with WG) transfers slowly?

ya

and even this iperf test shows pretty fast over tunnel between them which is weird

How are you performing the transfers? What protocol?

What happens when you try to, say, scp something between the two?

from wg client, if i sftp to wg server (i think that goes over tunnel too?) i can dl iso from wg server fast

lemme try

If you're using 0.0.0.0/0 as the allowed IP's from the client, that will route everything through WG. So, yep.

ya sftp to 10.10.11.1 (wg server, over tunnel) it's fast

sftp or scp?

sftp

I suppose it doesn't really matter. That means WG (or encryption or compression or whatever else over WG) isn't the problem. There's something else.

ffs what could it be

What are you doing that's going slow?

when from wg client i try to curl freebsd ISO (debian ISO too) through wg server it's slow

like 80 hours to dl slow

Are you sure it isn't the source of the ISO?

If you try to pull the same ISO from the WG server, what happens?

well that's what i thought but i did the same curl downloads from wg server directly and it was fast

elsheepo: Opinions: All are worth using. NetBSD provides a lot of tech to the other two. OpenBSD is upstream for some nifty ideas. FreeBSD has the best ZFS integration, although NetBSD's not far behind. Dragonfly is kind of innovative and a nice community.

demido: If you fetch the ISO to the WG server, then transfer from WG server to client (however you see fit) does it go slow?

well that's what i did with the sftp test

i sftp transferred the wg server iso down to client

should i try to sftp direct from freebsd site from wg client?

demido: Yes. Absolutely you should.

got d/c

is it sftp download.freebsd.org or?

i tried and it said port 22 network unreachable

Probably no sftp option since FTP has been pretty dead for years (and may the culprit here. Not sure.)

Just try something like "fetch download.freebsd.org/releases/ISO-I…reeBSD-14.2-RELEASE-amd64-disc1.iso"

Or "curl -O download.freebsd.org/releases/ISO-I…reeBSD-14.2-RELEASE-amd64-disc1.iso" # if fetch doesn't exist on the client.)

well ya that's what im doing to see that it's slow. curl -GL url -O

demido: No matter what you try to pull from the internet while using the WG gateway from the client, it's slow?

But, between both the client and the server, it's fast?

yep

and you see my 'whole' pf config in termbin.com/et91 so i don't think i have that messed up

Well, I'd say it's definitely not WG then. Likely something else that monitoring the traffic.

termbin.com/07dl is networking info from wg client (a debian box)

I saw that. Doesn't look like it would cause any problems.

ya hmm

my isp never throttles anything so i don't think it's that. i contact vps provider but all they said was cpu was getting pegged and to upgrade. said they don't filter any net traffic

But, it could also be a limitation on concurrent traffic from the VPS. Perhaps they won't allow certain transfers like that to stop people from doing what you're trying to do?

Hrm. If CPU is getting pegged, that'd definitely be a problem. I'm not sure why it would be. Not like the VPS would be doing much just transferring traffic.

I have to leave to meet some friends for a bit, but I'll be back later. Hopefully, you figure it out. If not, maybe I'll be able to help poke around a little more.

well i guess wireguard eats some cpu *shrug*

ok tyvm

have fun

ok you guys won't believe this

so i tried forums.freebsd.org/threads/wireguard-vpn-slow-speed.73490/post-584231 and the speed from wg client is now almost as good as from wg server. cpu usage goes up to same amount on wg server, ~35-40% usage, whether downloading from wg server or wg client

why do i have to disable those things to get freebsd to be a decent wireguard server? and that was 3 years ago but still not fixed?

i narrowed it down to only needing hw.vtnet.csum.disable="1" and wg client downloading ISO about as fast as wg server can

man thats an annoying default value

i've always seen it recommended to disable NIC hardware offload stuff, when is it ever useful?

ya sure wish the bugs could just get fixed

all the same issue it seems

anyone know if Tom Jones is on any irc networks? he seems interested in fixing the issue and i wanna offer to help him

demido: yeah, he goes by [tj] on efnet (and here, too, perhaps)

note that he's scottish, so ~GMT-ish

i mean, he basically spells that out on the front page of his website, so that seems fine

ok tyvm i'll reach out and hopefully we can put 15 years of this bug to rest

kevans know if efnet has a working webchat url? the network seems almost dead

pw groupmod super_bowl_lix_champions -d chiefs

ah yea all those sweaty guys in tights fighting over balls for millions of dollars it's so heterosexual

someone didn't get invited to the cookout

s/cookout/cockout

open question, have anyone looked seriously into having the freebsd kernel do native kubernetes, or is that just a step too far inbetween linux and *bsd

I sort of expect it is

BarnabasDK from what ive seen theres a patch to run the kube control plane on bsd but theres no supported container runtime yet so you cant run workers

and understandibly so, but it would still be nice

I played around with the idea a while ago but gave up lol

no it ties closely to the kernel

monoxane, makes sense

I am a developer, not that good though

BarnabasDK: I'm assuming it's still available using bhyve? (not a dev myself)

I just think the debian core os is getting more and more cluttered, and if you could run your images in FreeBSD it would be super cool

bhyve, yes, but then it is a linux kernel on top of a bsd kernel

oh if you're after a slim linux distro for kube, just use talos :P

copy

literally only has kube + containerd + an api for management

I know I could run a linux kernel via bhyve

but yea it would be nice to be able to run it on bsd with linux compatibility and jails instead of cgroups

it is sort of crossing the stream to get water

but no one has made it work yet

jails are great, the freebsd kind that is

I use jails all the time

github.com/samuelkarp/runj is like half way there but also an abandoned PoC

I was just wondering

I'm trying to talk my local sheriff's office into running FreeBSD because the 'jails are free' :Þ

here is a question then , in the old days you could run freebsd with a debian core, would that do kubernetes in that use?

as an experiment

I know kubernetes does so much more, but to be honest I think Jails has so far fulfilled every need I have had

so it is more of a compliancy question

and isolated seen in the FreeBSD community, maybe the one ting that could really stur up trouble :-)

or bsd community I guess

in speculation, what would be the largest gaps in compability

as you see it

I really dont get why a lot of bsd people are so upset that people want something like kube

its fundamentally totally different from jails themselves

jails are just cgroups, kube is an abstraction and management layer on top

monoxane, I agree

I am just fresh out of a project where the customer sold themselves as "linux" eksperts, this apparantly including bsd

and no, you could not run their native images from kubernets on freebsd ..

obviously

making the sw run in jails in place was easy

1:1 compability would still be nice

I don't even know if it is possible

in theory

ya k8s is picking up lots of steam. fbsd really needs to support it

it would move into a real alternative to linux

Freebsd

sorry

also with aws / gce etc

a much better choice I think

I 100% would have gone freebsd over linux if I could have ran kube on it

but for now im on alpine for my servers

It's such a deeply unpleasant environment. I like that there are alternatives.

is it that bad? never used it but hear a lot of ppl liking it

It's overengineered, heavy, complex.

And surprisingly fragile.

know anything that's clearly better?

Traditional application deployment.

There are some cases that benefit nicely from automatic scaling, but people shove *everything* into K8S.

k8s? docker? what is this, 2020 all over again?

fink what's the better current day stack?

nothing, they all suck, and that's just the honest truth

eh I used to think the same but after playing around with it for a while its become pretty easy

sure its a fairly complex beast but theres a lot of really slim implementations now, some even a single binary that contains everything you need off the bat

its just very nice to be able to write a single yaml file and have the entire application deployed from that, no ansible junk, no state drift, its just what it says it is

oh, i agree with the concept, and it's great, but i completely disagree with the implementation, it's far too complex... k8s reminds me of node, if any one tiny thing breaks, the whole thing comes crashing down

yay, yaml, one of the best designed data formats ever or something like that ruudvanasseldonk.com/2023/01/11/the-yaml-document-from-hell (how can someone seriously think about using yaml? was it even designed to be used or as a joke?)

ya yaml is trash but we're in an era where we all know our options suck, but we don't have a clearly superior alternative yet

stuff like cue, nickel, dhal, are frontier options but nothing within reach yet

ive used ucl a lot it's ok but not perfect either

well you can just write json

yaml is a superset of json after all

but yea yaml sucks shit

how about using xml?

yaml is not a superset of json metacpan.org/pod/JSON::XS#JSON-and-YAML

json has its own problems. i think nit's the norway problem and other stuff

then there's the conflation of data interchange and config formats

it's all fucked

i like xml and xhtml but iirc parsing is pretty heavy

yea, at least yaml is fairly easy to parse

and also fairly easy to write if you're not doing cursed things

one of the big reasons cue hasn't taken off imo is that its basically just writing actual code, and if I wanted to do that I'd write junk to interact with the protobuf api using native structs

I really love KDL

why?

hi

I just set up my very first jail

which I plan to use to try using the ports collection, since my host system uses packages and mixing packages and ports isn't recommended

and I was wondering while reading the handbook

you need git to download the ports tree, so if you don't have a copy of it already you need to install git with pkg

is there any chance that would lead to issues

monoxane: honestly, for the right use case code for configuration is based. It‘s way better than a DSL in your yaml haha

Does someone know why Sway or labwc require polkit? They shouldn’t need it, when using seatd

is vm-bhyve not maintained anymore? custom networking has apparently been broken since december with no comment from the maintainer: churchers/vm-bhyve #570

ivy someone merged a pr 4 hours ago so its probably just not the highest priority in the maintainers life

hmm, that's a shame as all my non-sriov VMs rely on that :-/

ivy: you can still use a personal fork with the canges you need :D

wtf

ketas: ?

yep, abandoned channel

mzar: Hardly.

becrel: Mixing packages and ports is generally fine if you keep to the same branch. That said, if you're doing a packaging jail, you might also want to look at Poudriere.

so, i suddenly see "laundry" memory, and i thought that should go down over time...

Demosthenex: Yeah, that seems like it should be the case. I found a nice definition of laundry memory here: wiki.freebsd.org/Memory

laundering is not that easy

mason: i saw that... but i thought it would drop

i can't explain why the laundry is staying after the java appserver restarted at 6 am

pardon, it restarted yesterday at 1300, and again today at 0600. new JVM arguments for memory is all i can think of

in a jail, java runs as non-root user

I have a FreeBSD system at home. I have a personal iPad which I want to use for connectivity back to home, regardless of where I am. Mostly for SSH and web testing. Would setting up a VPN help with that? The FBSD system running the VPN would be the same system I would need SSH access to as well.

mns: I do that with tailscale

how's tailscale work eli5?

It's wireguard made easy

I have an exit node inside my home lan, so our phones can reach the home boxes from anywhere

i want a wireguard postup/predown that does 2 things: first, only allow public internet traffic over 192.168.1.0/24 (vpn) and only allow private traffic over 192.168.0.0/24 (lan). is termbin.com/z2o1 correct?

iptables? I haven't the faintest clue

mns,does the ipad use openssh? bash? This might be interesting: github.com/chvostek/shelltools/blob/master/sshswitch

I have a couple of disks that used to belong to a zfs mirror pool (freebsd zroot). Both disks was detached from the pool. I want to take those two disks into another machine and import the pool, but I get "no pools available". gpart show shows that ada0p3 and ada1p3 has freebsd-zfs. So, I should be able to somehow access the data right?

ghoti: iPad uses something called Termius, does the basics of what I want, which is connect via SSH.

vkarlsen: what do you mean an exit node inside the home lan?

vkarlsen: I'll take a look at tailscale

mns: I have a device at home that runs tailscale and has the role of an exit node. The other nodes (our phones) route all their traffic via that exit node at home, so they can reach all hosts on the lan at home (including the ad-filtering dns resolver)

vkarlsen: nice! That way I could print from my phone when I'm physically away!

mns: Yeah, it's like being home wherever you go

vkarlsen: that's exactly what I want

to be home, no matter where I am

another option is to run opnsense on hardware, wireguard is lightweight and easy to configure

Demosthenex: Hm, that's interesting. I checked earlier, and my fileserver has ~360M of laundry, and it still does now.

deimosBSD: thanks, I'll look at that as well

mns: if you're only connecting a few devices, and you can setup ssh pubkey auth, then you can setup wg auth. it's really easy. wg will even dump a qrcode for mobile devices. just use native fbsd wg.

tailscale/headscale are great if you have hundreds of devices

or more

oh its deimosBSD

ssh don't leak secrets in plaintext ;)

deimosBSD: yeah its just a few devices that I need to setup that will have access to the homelab

you could even setup wg to do split tunnel or select networks if you don't want all traffic routed through home