00:01:22 demido, ditch AOL dial-up, go broadband 00:01:59 is there a torrent alternative? 00:02:06 those are typically faster 00:02:08 i have fiber that's not the issue 00:02:16 lol, I just jk :p 00:07:45 wg server cpu does take a hit. i was mashing return in top to try to get a realtime view and its average was like 30% idle. sometimes as low as 0, high as 50 ish. wg client mostly idle 00:17:31 is there a more precise, faster running cpu utilization prog for fbsd than top? 00:18:04 demido: It looks like you're hosting the WG server in a jail? (There's nothing wrong with that.) When you try to fetch the same ISO from that jail, do you get the speeds you'd expect? 00:18:38 no wg server is running in a VPS tho 00:18:41 Also, how are you connecting to WG from the client? Is it via wifi? Wireless? Wired? Wired on the same network? 00:18:54 wired from my lan across inet to VPS host 00:20:25 You're saying client (without WG) can rx/tx fast as well as VPS rx/tx (without WG) can also transfer fast. But, just between the two (with WG) transfers slowly? 00:20:57 ya 00:21:09 and even this iperf test shows pretty fast over tunnel between them which is weird 00:21:31 How are you performing the transfers? What protocol? 00:21:43 What happens when you try to, say, scp something between the two? 00:21:46 from wg client, if i sftp to wg server (i think that goes over tunnel too?) i can dl iso from wg server fast 00:21:55 lemme try 00:22:53 If you're using 0.0.0.0/0 as the allowed IP's from the client, that will route everything through WG. So, yep. 00:22:58 ya sftp to 10.10.11.1 (wg server, over tunnel) it's fast 00:23:26 sftp or scp? 00:23:31 sftp 00:24:04 I suppose it doesn't really matter. That means WG (or encryption or compression or whatever else over WG) isn't the problem. There's something else. 00:24:35 ffs what could it be 00:24:47 What are you doing that's going slow? 00:25:11 when from wg client i try to curl freebsd ISO (debian ISO too) through wg server it's slow 00:25:16 like 80 hours to dl slow 00:25:39 Are you sure it isn't the source of the ISO? 00:25:59 If you try to pull the same ISO from the WG server, what happens? 00:26:06 well that's what i thought but i did the same curl downloads from wg server directly and it was fast 00:27:03 elsheepo: Opinions: All are worth using. NetBSD provides a lot of tech to the other two. OpenBSD is upstream for some nifty ideas. FreeBSD has the best ZFS integration, although NetBSD's not far behind. Dragonfly is kind of innovative and a nice community. 00:27:49 demido: If you fetch the ISO to the WG server, then transfer from WG server to client (however you see fit) does it go slow? 00:29:13 well that's what i did with the sftp test 00:29:21 i sftp transferred the wg server iso down to client 00:29:40 should i try to sftp direct from freebsd site from wg client? 00:32:08 demido: Yes. Absolutely you should. 00:32:09 got d/c 00:32:16 is it sftp download.freebsd.org or? 00:32:25 i tried and it said port 22 network unreachable 00:33:31 Probably no sftp option since FTP has been pretty dead for years (and may the culprit here. Not sure.) 00:33:45 Just try something like "fetch https://download.freebsd.org/releases/ISO-IMAGES/14.2/FreeBSD-14.2-RELEASE-amd64-disc1.iso" 00:34:02 Or "curl -O https://download.freebsd.org/releases/ISO-IMAGES/14.2/FreeBSD-14.2-RELEASE-amd64-disc1.iso" # if fetch doesn't exist on the client.) 00:34:23 well ya that's what im doing to see that it's slow. curl -GL url -O 00:37:23 demido: No matter what you try to pull from the internet while using the WG gateway from the client, it's slow? 00:37:35 But, between both the client and the server, it's fast? 00:38:41 yep 00:39:32 and you see my 'whole' pf config in https://termbin.com/et91 so i don't think i have that messed up 00:39:47 Well, I'd say it's definitely not WG then. Likely something else that monitoring the traffic. 00:39:50 https://termbin.com/07dl is networking info from wg client (a debian box) 00:39:59 I saw that. Doesn't look like it would cause any problems. 00:40:13 ya hmm 00:40:47 my isp never throttles anything so i don't think it's that. i contact vps provider but all they said was cpu was getting pegged and to upgrade. said they don't filter any net traffic 00:40:49 But, it could also be a limitation on concurrent traffic from the VPS. Perhaps they won't allow certain transfers like that to stop people from doing what you're trying to do? 00:41:53 Hrm. If CPU is getting pegged, that'd definitely be a problem. I'm not sure why it would be. Not like the VPS would be doing much just transferring traffic. 00:42:36 I have to leave to meet some friends for a bit, but I'll be back later. Hopefully, you figure it out. If not, maybe I'll be able to help poke around a little more. 00:43:00 well i guess wireguard eats some cpu *shrug* 00:43:03 ok tyvm 00:43:09 have fun 01:34:30 ok you guys won't believe this 01:34:46 so i tried https://forums.freebsd.org/threads/wireguard-vpn-slow-speed.73490/post-584231 and the speed from wg client is now almost as good as from wg server. cpu usage goes up to same amount on wg server, ~35-40% usage, whether downloading from wg server or wg client 01:35:21 why do i have to disable those things to get freebsd to be a decent wireguard server? and that was 3 years ago but still not fixed? 01:39:42 https://sourceopen.com/index.php/howto-fix-slow-networking-with-a-wireguard-server-in-a-freebsd-jail-on-a-vps-and-slow-downloads-in-a-jail-on-a-vps/ 02:05:43 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=235607 02:30:02 i narrowed it down to only needing hw.vtnet.csum.disable="1" and wg client downloading ISO about as fast as wg server can 02:57:10 man thats an annoying default value 02:58:08 i've always seen it recommended to disable NIC hardware offload stuff, when is it ever useful? 03:28:57 ya sure wish the bugs could just get fixed 03:33:53 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=259249 03:33:57 all the same issue it seems 03:38:00 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=165059 03:41:24 anyone know if Tom Jones is on any irc networks? he seems interested in fixing the issue and i wanna offer to help him 03:41:54 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=165059#c34 03:45:40 demido: yeah, he goes by [tj] on efnet (and here, too, perhaps) 03:47:16 note that he's scottish, so ~GMT-ish 03:48:44 * kevans double checks that that's basically public knowledge and that he didn't just out Tom as scottish 03:50:49 i mean, he basically spells that out on the front page of his website, so that seems fine 03:57:54 ok tyvm i'll reach out and hopefully we can put 15 years of this bug to rest 03:59:29 kevans know if efnet has a working webchat url? the network seems almost dead 04:03:59 pw groupmod super_bowl_lix_champions -d chiefs 04:05:21 ah yea all those sweaty guys in tights fighting over balls for millions of dollars it's so heterosexual 04:18:35 someone didn't get invited to the cookout 04:19:50 s/cookout/cockout 04:21:54 open question, have anyone looked seriously into having the freebsd kernel do native kubernetes, or is that just a step too far inbetween linux and *bsd 04:22:04 I sort of expect it is 04:22:53 BarnabasDK from what ive seen theres a patch to run the kube control plane on bsd but theres no supported container runtime yet so you cant run workers 04:22:55 and understandibly so, but it would still be nice 04:23:08 I played around with the idea a while ago but gave up lol 04:23:32 no it ties closely to the kernel 04:23:58 monoxane, makes sense 04:27:22 I am a developer, not that good though 04:28:07 BarnabasDK: I'm assuming it's still available using bhyve? (not a dev myself) 04:28:14 I just think the debian core os is getting more and more cluttered, and if you could run your images in FreeBSD it would be super cool 04:28:30 bhyve, yes, but then it is a linux kernel on top of a bsd kernel 04:28:38 oh if you're after a slim linux distro for kube, just use talos :P 04:28:39 copy 04:28:50 literally only has kube + containerd + an api for management 04:29:09 I know I could run a linux kernel via bhyve 04:29:20 but yea it would be nice to be able to run it on bsd with linux compatibility and jails instead of cgroups 04:29:25 it is sort of crossing the stream to get water 04:29:26 but no one has made it work yet 04:29:47 jails are great, the freebsd kind that is 04:29:55 I use jails all the time 04:30:21 https://github.com/samuelkarp/runj is like half way there but also an abandoned PoC 04:30:31 I was just wondering 04:30:32 I'm trying to talk my local sheriff's office into running FreeBSD because the 'jails are free' :Þ 04:31:20 here is a question then , in the old days you could run freebsd with a debian core, would that do kubernetes in that use? 04:31:50 as an experiment 04:35:07 I know kubernetes does so much more, but to be honest I think Jails has so far fulfilled every need I have had 04:35:41 so it is more of a compliancy question 04:37:38 and isolated seen in the FreeBSD community, maybe the one ting that could really stur up trouble :-) 04:38:05 or bsd community I guess 04:44:48 in speculation, what would be the largest gaps in compability 04:46:22 as you see it 04:49:13 I really dont get why a lot of bsd people are so upset that people want something like kube 04:49:21 its fundamentally totally different from jails themselves 04:49:32 jails are just cgroups, kube is an abstraction and management layer on top 04:50:51 monoxane, I agree 04:52:10 I am just fresh out of a project where the customer sold themselves as "linux" eksperts, this apparantly including bsd 04:52:52 and no, you could not run their native images from kubernets on freebsd .. 04:53:00 obviously 04:53:39 making the sw run in jails in place was easy 04:54:12 1:1 compability would still be nice 04:57:02 I don't even know if it is possible 04:57:14 in theory 05:06:24 ya k8s is picking up lots of steam. fbsd really needs to support it 05:09:11 it would move into a real alternative to linux 05:09:31 Freebsd 05:09:39 sorry 05:10:15 also with aws / gce etc 05:10:46 a much better choice I think 05:14:20 I 100% would have gone freebsd over linux if I could have ran kube on it 05:14:27 but for now im on alpine for my servers 05:15:45 It's such a deeply unpleasant environment. I like that there are alternatives. 05:16:14 is it that bad? never used it but hear a lot of ppl liking it 05:18:12 It's overengineered, heavy, complex. 05:18:22 And surprisingly fragile. 05:18:37 know anything that's clearly better? 05:18:46 Traditional application deployment. 05:19:36 There are some cases that benefit nicely from automatic scaling, but people shove *everything* into K8S. 05:49:06 k8s? docker? what is this, 2020 all over again? 05:49:35 fink what's the better current day stack? 05:49:59 nothing, they all suck, and that's just the honest truth 06:00:20 eh I used to think the same but after playing around with it for a while its become pretty easy 06:00:52 sure its a fairly complex beast but theres a lot of really slim implementations now, some even a single binary that contains everything you need off the bat 06:01:20 its just very nice to be able to write a single yaml file and have the entire application deployed from that, no ansible junk, no state drift, its just what it says it is 06:25:01 oh, i agree with the concept, and it's great, but i completely disagree with the implementation, it's far too complex... k8s reminds me of node, if any one tiny thing breaks, the whole thing comes crashing down 10:10:15 yay, yaml, one of the best designed data formats ever or something like that https://ruudvanasseldonk.com/2023/01/11/the-yaml-document-from-hell (how can someone seriously think about using yaml? was it even designed to be used or as a joke?) 10:13:03 ya yaml is trash but we're in an era where we all know our options suck, but we don't have a clearly superior alternative yet 10:13:23 stuff like cue, nickel, dhal, are frontier options but nothing within reach yet 10:13:33 ive used ucl a lot it's ok but not perfect either 10:14:11 well you can just write json 10:14:16 yaml is a superset of json after all 10:15:05 but yea yaml sucks shit 10:19:35 how about using xml? 10:19:43 yaml is not a superset of json https://metacpan.org/pod/JSON::XS#JSON-and-YAML 10:24:00 json has its own problems. i think nit's the norway problem and other stuff 10:24:19 then there's the conflation of data interchange and config formats 10:24:27 it's all fucked 10:24:56 i like xml and xhtml but iirc parsing is pretty heavy 10:25:10 yea, at least yaml is fairly easy to parse 10:25:17 and also fairly easy to write if you're not doing cursed things 10:25:48 one of the big reasons cue hasn't taken off imo is that its basically just writing actual code, and if I wanted to do that I'd write junk to interact with the protobuf api using native structs 10:46:10 I really love KDL 10:53:31 why? 11:42:26 hi 11:42:36 I just set up my very first jail 11:43:00 which I plan to use to try using the ports collection, since my host system uses packages and mixing packages and ports isn't recommended 11:43:09 and I was wondering while reading the handbook 11:43:50 you need git to download the ports tree, so if you don't have a copy of it already you need to install git with pkg 11:44:12 is there any chance that would lead to issues 11:48:32 monoxane: honestly, for the right use case code for configuration is based. It‘s way better than a DSL in your yaml haha 11:49:18 Does someone know why Sway or labwc require polkit? They shouldn’t need it, when using seatd 12:39:45 is vm-bhyve not maintained anymore? custom networking has apparently been broken since december with no comment from the maintainer: https://github.com/churchers/vm-bhyve/issues/570 12:47:08 ivy someone merged a pr 4 hours ago so its probably just not the highest priority in the maintainers life 12:49:01 hmm, that's a shame as all my non-sriov VMs rely on that :-/ 13:06:05 ivy: you can still use a personal fork with the canges you need :D 13:51:37 * Ove_ jumpfarts in sanderps face 13:55:30 wtf 13:59:52 ketas: ? 14:05:17 * Ove_ slaps sanderp with a large fart trout 14:45:00 yep, abandoned channel 15:07:34 mzar: Hardly. 15:36:05 becrel: Mixing packages and ports is generally fine if you keep to the same branch. That said, if you're doing a packaging jail, you might also want to look at Poudriere. 17:12:18 so, i suddenly see "laundry" memory, and i thought that should go down over time... 17:59:44 Demosthenex: Yeah, that seems like it should be the case. I found a nice definition of laundry memory here: https://wiki.freebsd.org/Memory 18:01:53 laundering is not that easy 18:02:26 mason: i saw that... but i thought it would drop 18:02:51 https://demosthenes.org/gtnh/localhost/localhost/memory.html 18:03:05 i can't explain why the laundry is staying after the java appserver restarted at 6 am 18:04:30 pardon, it restarted yesterday at 1300, and again today at 0600. new JVM arguments for memory is all i can think of 18:04:53 in a jail, java runs as non-root user 20:38:28 I have a FreeBSD system at home. I have a personal iPad which I want to use for connectivity back to home, regardless of where I am. Mostly for SSH and web testing. Would setting up a VPN help with that? The FBSD system running the VPN would be the same system I would need SSH access to as well. 20:41:15 mns: I do that with tailscale 20:41:40 how's tailscale work eli5? 20:42:28 It's wireguard made easy 20:51:14 I have an exit node inside my home lan, so our phones can reach the home boxes from anywhere 20:52:46 i want a wireguard postup/predown that does 2 things: first, only allow public internet traffic over 192.168.1.0/24 (vpn) and only allow private traffic over 192.168.0.0/24 (lan). is termbin.com/z2o1 correct? 20:54:14 iptables? I haven't the faintest clue 20:54:40 mns,does the ipad use openssh? bash? This might be interesting: https://github.com/chvostek/shelltools/blob/master/sshswitch 20:56:55 I have a couple of disks that used to belong to a zfs mirror pool (freebsd zroot). Both disks was detached from the pool. I want to take those two disks into another machine and import the pool, but I get "no pools available". gpart show shows that ada0p3 and ada1p3 has freebsd-zfs. So, I should be able to somehow access the data right? 20:59:04 ghoti: iPad uses something called Termius, does the basics of what I want, which is connect via SSH. 20:59:22 vkarlsen: what do you mean an exit node inside the home lan? 20:59:36 vkarlsen: I'll take a look at tailscale 21:01:15 mns: I have a device at home that runs tailscale and has the role of an exit node. The other nodes (our phones) route all their traffic via that exit node at home, so they can reach all hosts on the lan at home (including the ad-filtering dns resolver) 21:05:34 vkarlsen: nice! That way I could print from my phone when I'm physically away! 21:06:22 mns: Yeah, it's like being home wherever you go 21:18:33 vkarlsen: that's exactly what I want 21:18:46 to be home, no matter where I am 21:20:34 another option is to run opnsense on hardware, wireguard is lightweight and easy to configure 21:35:21 Demosthenex: Hm, that's interesting. I checked earlier, and my fileserver has ~360M of laundry, and it still does now. 21:59:27 deimosBSD: thanks, I'll look at that as well 23:02:54 mns: if you're only connecting a few devices, and you can setup ssh pubkey auth, then you can setup wg auth. it's really easy. wg will even dump a qrcode for mobile devices. just use native fbsd wg. 23:03:16 tailscale/headscale are great if you have hundreds of devices 23:03:55 or more 23:15:20 oh its deimosBSD 23:15:38 ssh don't leak secrets in plaintext ;) 23:45:19 deimosBSD: yeah its just a few devices that I need to setup that will have access to the homelab 23:46:25 you could even setup wg to do split tunnel or select networks if you don't want all traffic routed through home 23:46:33 * deimosBSD states the obvious