Re: Strange permissions issue with virt-install + UEFI
On 5/13/2022 6:53 PM, David wrote: On Sat, 14 May 2022 at 10:57, Matt Ventura wrote: On one box (Debian 11.3), my virt-install script works fine: virt-install [...] However, on another box, the same command (minus the final --network option) gives me this: [...] Could not open '/var/lib/libvirt/qemu/nvram/openwisp_VARS.fd': Permission denied [...] Any ideas? You don't mention which user is running the 'virt-install' commands. I suggest to think about that. https://wiki.debian.org/KVM says: In order to manage virtual machines as a regular user, that user needs to be added to the libvirt group: # adduser libvirt On both machines, check that the user (who is running the virt-install command) is a member of group=libvirt. Run: groups | grep libvirt I'm not sure if this is the answer, but it is the first thing I would check. Also, test if that user can read the file openwisp_VARS.fd via its full path. On the broken machine, it fails even if I run it as root. Root isn't a member of libvirt on either machine, but root is root, so it shouldn't be getting permission denied either way. Perhaps the file is being created as libvirt-qemu, but the plain old libvirt user needs to access it too? That's the only thing I can think of, since root ignores permissions anyway. I did try to `su` into the libvirt-qemu user, and the path was reachable via the full absolute path. I could create, modify, read, and delete files in that dir. Some searching pointed to it being an AppArmor problem, but AA is enabled on both. Matt Ventura
Strange permissions issue with virt-install + UEFI
Hi, On one box (Debian 11.3), my virt-install script works fine: virt-install --virt-type kvm --name $NEWVM --locationhttp://ftp.us.debian.org/debian/dists/bullseye/main/installer-amd64 --extra-args "netcfg/hostname=$NEWVM" -v \ --os-variant debian11 --disk size=30,pool=vmvol,bus=scsi,discard=unmap,cache=writeback,io=threads --disk size=4,pool=vmvol-nobackup,bus=scsi,discard=unmap,cache=unsafe,io=threads \ --memory 8196 --initrd-inject=preseed.cfg --noautoconsole --boot uefi --graphics spice --video virtio --controller=scsi,model=virtio-scsi --network=bridge=virbr1,model=virtio However, on another box, the same command (minus the final --network option) gives me this: ERROR internal error: process exited while connecting to monitor: 2022-05-14T00:11:48.169264Z qemu-system-x86_64: -blockdev \ {"driver":"file","filename":"/var/lib/libvirt/qemu/nvram/openwisp_VARS.fd","node-name":"libvirt-pflash1-storage","auto-read-only":true,"discard":"unmap"}: \ Could not open '/var/lib/libvirt/qemu/nvram/openwisp_VARS.fd': Permission denied Domain installation does not appear to have been successful. First idea was to check the perms of the /var/lib/libvirt-qemu/nvram directory. On both boxes, it is owned by user+group libvirt-qemu, mode 0755. The files themselves seem to be owned by libvirt-qemu:libvirt-qemu as well. On the failing box, the new file /is/ created: -rw--- 1 libvirt-qemu libvirt-qemu 540672 May 13 16:39 openwisp_VARS.fd So, I'm really not sure why it thinks it's failing, but it aborts the installation regardless. Any ideas? Matt Ventura
Correct way to build in-tree module?
Hi, I'd like to build a module that is in-tree, but not enabled by the Debian kernel by default (module 'pmbus', selected by CONFIG_PMBUS). I would rather not build an entire custom kernel just for one module. Most of the resources out there are for building *out of tree* modules, but this is in-tree. Or, they tell you how to do a one-time build of the module, but not how to get it into DKMS or anything that would keep the module up to date as you install new kernel versions. The module is not listed in module-assistant either. So, what is the right (or at least, best) way to do this, that won't break on a kernel update? Thanks, Matt
Re: Thin Mate window edges
On 3/2/2016 2:51 PM, Russell Gadd wrote: I have just installed Jessie with the Mate desktop. My screen is 1920 x 1080. I find grabbing the edges or corner of a window with the mouse pointer in order to extend it is very fiddly. Is this due to the border being very thin? Are there any options to make this easier, such as choosing a window style with thicker borders? Not a solution to the border problem, but alt-rightclick drag allows you to resize windows (in some window managers) without having to grad the border. Matt Ventura
Re: sexist content in the package openclipart2-png
On 01/05/2016 04:24 AM, Brad Rogers wrote: On Tue, 5 Jan 2016 10:21:02 +0900 Joel Rees wrote: Hello Joel, of the clipart out into a separate package so that a child looking for a general image of a woman won't bump into a male sexual fantasy Not aimed at any person, just observation. By putting "sensitive" images in a separate package, one *highlights* them, thus enabling those children one's intention it is to protect, to find them a good deal more easily. Whether that's preferable to lumping the images in with a more generalised package is up for debate. It's a two edged sword; Damned if you do, and damned if you don't. Either way, somebody gets upset/annoyed. :-( Yes, you might end up highlighting it, but what I assumed from the OP is not that the children were looking for clipart packages, but rather looking through clipart that the parent had already installed. So separating it would still help in that situation. If I were searching for inappropriate imagery, 'apt-cache search' is one of the last places I'd look. Matt
Re: How to make "headless" system?
On 11/07/2015 12:36 PM, Dennis Wicks wrote: Greetings; I have a number of older PCs that I use for testing/local webservers, fileservers, backup machines and other stuff. A couple of these have "glass ttys", ie. no graphics at all, and others have old low-res monitors of 800x600 at best. Also, they are all in the basement, which is a trip I don't like to make very often! I want to force these systems to support hi-res 1680x1050 or better so I can VNC to them from my main machine and be able to use graphic software to operate and maintain these machines. Right now I mostly use ssh and it can be a real pain! Can anybody tell me how to accomplish this or point me to a "How To" somewhere? I am running Jessie and XFCE. Many TIA!! Dennis If you absolutely must have a full X running on the machines, you can use xvfb to create a "fake" X that doesn't actually display anywhere, and use VNC to access it. There's also xvnc which is specifically for use over VNC.
Re: Regarding Hotspot configuration
On 10/24/2015 01:26 AM, Sven Arvidsson wrote: On Fri, 2015-10-23 at 14:38 -0700, Matt Ventura wrote: I'm not sure about that, I just told n-m to create a new network, and it did ad-hoc even though my card supports AP mode. Can you check in iwconfig to confirm it's actually an AP? iwconfig does say master mode. What card is it? With my Intel 7260 (which works as an AP if I use hostapd directly), n-m only wants to create an ad-hoc network. Does it present you with the option to create an AP mode network? Matt Ventura
Re: Regarding Hotspot configuration
On 10/23/2015 08:56 PM, Himanshu Shekhar wrote: Got it! My wireless driver is "wl", and "iw list" shows that it doesn't supports "ap" mode. Also, I have browsed Linux_Drivers_page <http://linuxwireless.org/en/users/Drivers/> and Wikipedia_article <https://en.wikipedia.org/wiki/Comparison_of_open-source_wireless_drivers> about the same, and found that there were no "wl" drivers, but something like "wl***". My "iw list" and "lspci -v" outputs are attached. Please have a look at them. Also, I didn't mention that my hardware has bluetooth and wireless combined, and bluetooth doesn't work. It would be great if anyone could suggest the proper drivers. Thanks for help! Regards, Himanshu Shekhar Looking at that, it doesn't look like it supports AP mode. If it does, it would say "AP" and/or "AP/VLAN" under "Supported interface modes". Matt Ventura
Re: Regarding Hotspot configuration
On 10/23/2015 01:39 PM, Sven Arvidsson wrote: On Fri, 2015-10-23 at 19:13 +0530, Himanshu Shekhar wrote: I have spent couple of hours about using hotspot on my Debian laptop. The hotspotd method didn't work. So, I tried ap-hotspot after knowing that the hotspot which the GNOME network manager starts is an ad-hoc network which Android cannot identify. I only made a very quick test, but on my laptop the "hotspot" NetworkManager creates is visible on my Android phone. I think NM only uses ad-hoc if your network driver doesn't support anything else. I'm not sure about that, I just told n-m to create a new network, and it did ad-hoc even though my card supports AP mode. Can you check in iwconfig to confirm it's actually an AP?
Re: Regarding Hotspot configuration
On 10/23/2015 06:43 AM, Himanshu Shekhar wrote: I have spent couple of hours about using hotspot on my Debian laptop. The hotspotd method didn't work. So, I tried ap-hotspot after knowing that the hotspot which the GNOME network manager starts is an ad-hoc network which Android cannot identify. So, I began searching for solution for creating Infrastructure network, and eventually found that there was no simple way, like a click and hotspot started. Also, some googling suggested "iw list" which would expose device's capability, and didn't mention ap in the list. However, I have used ap using Connectify in Windows on the same device. Any help will be appreciated! -- Regards Himanshu Shekhar IIIT-Allahabad IRM2015006 Post the output of 'iw list'. It's entirely possible that the driver and/or firmware used in the windows drivers support AP mode while the ones in Debian do not. It also might not have AP support on all bands. Matt Ventura
Re: Adapter Names on Stretch
On 8/28/2015 11:32 PM, Tixy wrote: On Sat, 2015-08-29 at 10:06 +1200, Chris Bannister wrote: On Fri, Aug 28, 2015 at 10:22:58AM -0500, David Wright wrote: Quoting Ric Moore (wayward4...@gmail.com): From my own experience, if you replace a network card, udev will automagically name it /dev/eth +1 so eth0 becomes eth1. I'm using eth1 right now. Bugs the hell out of me but the network works, :) That's because you didn't clear the previous card's eth0 entry in /etc/udev/rules.d/70-persistent-net.rules before you booted up the new card. I think you can delete the file and it will get regenerated on boot. Well, it used to be that way, probably best to save a copy first in case it doesn't work that way any more. It does on Jessie. Just been bringing up several boards using the same filesystem image and needed to do this myself. Which reminds me, I should add a command to rc.local to delete all udev rules at boot. (Idea is that I can swap out boards if they fail and keep the same disk image - which is on SD card). You can also just delete the udev rule that generates the persistent interface names to begin with. Matt Ventura
Re: VLAN config on Jessie
On 8/1/2015 1:30 AM, Andrew Wood wrote: On 30/07/15 23:14, Arno Schuring wrote: This configures an untagged connection, which is not the same as vlan 1. Also, there's no need to set that broadcast address manually, it's inferred from the netmask. auto eth1.2 iface eth1.2 inet static address 192.168.100.254 netmask 255.255.255.0 vlan-raw-device eth1 I want vlan 1 to be the default hence I decared it as eth1 not eth1.1 That is most likely wrong. You set a "default interface" by configuring the default gateway with the lowest metric. Other than that, there's no "default" between network interfaces. Im not talking about the default route Im talking about how it should handle ethernet frames with no vlan tag arriving on eth1 Before going any further, you should know that having tagged and untagged frames on the same port is far from best practices. You either want to have a port be an untagged member of a single vlan, or a tagged member of one or more vlans. It's hard to tell at this point if that's what's actually causing the problem or if that's unrelated. Matt Ventura -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/55bd657e.7060...@mattventura.net
Re: VLAN config on Jessie
On 07/30/2015 01:43 PM, Andrew Wood wrote: Can I please clarify the correct way to configure VLANS on Jessie as Im having problems with DHCPD giving out IP addresses for the wrong VLAN subnet but only for certain clients - Windows 7, & Apple iOS whereas Debian clients and Windows XP clients are working fine. Ive got a Jessie machine acting as a router with eth0 being the WAN connection to the internet and eth1 being the LAN connection with 2 VLANS on it (VLAN1 has addresses 192.168.10.x and VLAN2 192.168.100.x) If I assign addresses statically on the clients its all fine but on Wifi via DHCP the Wifi AP is set to map two separate SSIDs to the two VLANS and in such cases the clients use DHCP. As I say, if a Debian or Windows XP client connects via wifi it works fine but if a Windows 7 client connects to VLAN2s SSID DHCPD is giving it an IP on VLAN1 and then nothing works. This is the /etc/network/interfaces file: auto eth0 iface eth0 inet dhcp #LAN (MZ) auto eth1 iface eth1 inet static address 192.168.10.254 broadcast 192.168.10.255 netmask 255.255.255.0 up /etc/network/if-up.d/iptables auto eth1.2 iface eth1.2 inet static address 192.168.100.254 netmask 255.255.255.0 vlan-raw-device eth1 I want vlan 1 to be the default hence I decared it as eth1 not eth1.1 however I did try that and it reversed the problem - vlan1 gets vlan2 ip addresses! Whats the correct way to do this please? Thanks Andrew Could you post the DHCPD config? Matt Ventura -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/55ba985a.1070...@mattventura.net
Re: Free GNU/Linux intro class for teens advice? Purchase box? Squeak/Smalltalk programming
On 7/6/2015 5:12 PM, Marc D Ronell wrote: I am working toward teaching a free introductory class to teens on GNU/Linux and the philosophy of free software at the Newton Free Library in MA this coming September. For the class, the participants will need access to GNU/Linux. After reviewing some options, including sdf.org, virtual machines, Chromebooks, etc., I am considering just asking participants to purchase a dedicated laptop and installing the OS. I may be able to direct students to install fests in the area before the class starts. I am not sure that this is the best idea, but it offers significant advantages including a potentially working box as part of the results of the course. As a test, I purchased a laptop (Toshiba Satellite C75-B7180) on sale for $350 at our local Microcenter in Cambridge and was able to load GNU/Linux for my son. I am thinking of working some programming assignments in Squeak (Smalltalk), but maybe C is a better choice for an OS class? Has anyone tried running a GNU/Linux intro class for teens? Can anyone share their experiences, thoughts or suggestions? Feedback based on actual experience would be most helpful, I think, but I would appreciate any insights. Thanks for your thoughts, Marc May I ask why you decided against virtualization? It might be something that can be worked around. Matt Ventura -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/559c0400.1060...@mattventura.net
Re: Colorized Prompts Problem
On 5/4/2015 7:57 AM, Thomas H. George wrote: On Mon, May 04, 2015 at 06:54:40AM +, Bonno Bloksma wrote: Hi, I entered the following in .bashrc PS1='\033[01;33m\h:\w\$ \033[00m' to colorize the prompt (very handy to find the prompt when a command fills the console screen with lines of text) The only problem occurs when the next entry is more than one line. In that case the entry wraps around without moving to a new line. I had the same problem using the prompt I found at first, I think it is the same you are using. It seems there is a problem in closing the ANSI code string. Someone else gave me this: PS1='\[\e[0;31m\]${debian_chroot:+($debian_chroot)}\h:\w\$\[\e[m\] ' This does not have the problem, I have been using this now for over a year, no problems at all. Bonno Bloksma Thank you, this works while nothing else did. The sequences to start and end coloring are different and the colors are different too. In the prompt I was initially using 33 resulted in a bright yellow prompt. With this prompt 33 results in a dull rust color prompt. No matter, it works. The bright yellow is the bold version of that color. The "1" causes it to be bold, so just change the 0;33m to 1;33m. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/55478ee3.5080...@mattventura.net
Re: Installing Jessie on a computer that current has Windows 7 on it
On 03/10/2015 02:00 PM, Paul E Condon wrote: Comments? Suggestions of things to try? Boot the installer up to the point where it reads the disks. Do a 'dd if=/dev/zero of=/dev/sda bs=512 count=1M' to try to forcibly erase the boot sector and any EFI stuff that might be on the disk. If that fails, then it might come down to some BIOS settings. Matt Ventura -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/54ff6d33.4010...@mattventura.net
Re: Installing Jessie on a computer that current has Windows 7 on it
On 3/9/2015 9:07 PM, Paul E Condon wrote: I have NO interest in dual boot. I simply want to wipe the disk and install Jessie. I have last weeks weekly build of debian-testing-i3k6-xfce-CD-1.iso. I starts nicely like I have seen many times before, but when I get to partitoning the HD there is trouble. It won't overwrite the NTFS partitions that contain Windows 7. I think I have read about this and there is some special trick, but I can't find it. Please, someone. Help. Point me to the directions. Does creating a new partition table work? In the text based installer, try pressing enter on the disk itself (not the partition). You can also hop over to a TTY and manually use fdisk to do it (fdisk /dev/, o, w, then sort out partitioning in the installer). Matt Ventura -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/54fea5c4.4010...@mattventura.net
Re: Strange entry in my routing table.
On 03/04/2015 03:18 PM, Juan R. de Silva wrote: Here is my routing table: 0.0.0.0 192.168.25.68 0.0.0.0 UG0 00 eth0 192.168.24.0 0.0.0.0 255.255.252.0 U 1 00 eth0 The first entry IS my default gateway as I expected. The second line, however, is something I cannot neither recognize nor explain. It obviously belongs to something on a different LAN segment, which I do not have. I mean I do not have any subnets on my LAN. I tried to ping 192.168.24.0 with no response. Trying 'ping -b 192.168.24.255' gives me only my own LAN IP address with "Destination Host Unreachable". The wireless on my router is disabled from GUI interface. The router is flashed with dd-wrt. Should I assume my router has been hacked and re- flash it? Can somebody help me to understand this, please? Looks perfectly fine to me. 192.168.24.0 with a netmask of 255.255.252.0 (a /22 subnet) means the address range is 192.168.24.0 - 192.168.27.255. Both your PC and router are on this network. Generally, an internet-connected interface will always have two entries, one for the network itself (the second line here) and one for the gateway (the first line). -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/54f79f62.3050...@mattventura.net
Re: Anti-spam recommendations
On 2/4/2015 10:00 AM, Mark Carroll wrote: I'm moving a Debian mail server installation over to a different machine environment and I figure that I may as well take the opportunity for a fresh install and rethink. I've been using greylistd to good effect, but I'd be surprised if it keeps working so well long-term. I have long lists of aliases in Exim and perhaps more automated use of throwaway addresses could have value; I haven't really thought that through. What are people expecting will work well in the future for rejecting spam at the MTA? E.g., SpamAssassin's performance, use of IP blacklists, etc. I can live with some spam, if I am fairly sure I'm not wrongly rejecting anything. I'm happy to look at anything conveniently packaged for jessie. -- Mark IMO, it depends on the level of spam you're getting. The first step is reverse DNS checking [0]. This will filter out about 80% of spam right off the bat. Next step would be a blacklist. I personally use SORBS but it can get a little sensitive sometimes (it threw the server for this list on the blacklist once) but overall it's pretty good. Spamassassin or some other filtering mechanism that actually examines messages can be used as a last resort if you're still having issues with spam. Remember, most spammers aren't trying that hard to bypass anti-spam measures. They'd rather just go for the low-hanging fruit and spam unprotected systems. [0]: http://en.wikipedia.org/wiki/Forward-confirmed_reverse_DNS Matt Ventura -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/54d264de.5010...@mattventura.net
Problem with recent updates+sleep+screen locking
I just updated my unstable system. It was set to not lock my screen upon suspend/resume, and it still is. However, now it locks after resuming anyway. I'm using xfce but am running Gnome screensaver for certain reasons, which I suspect is related to the problem. I'm guessing gnome-screensaver simply no longer respects whatever setting the xfce settings system is changing. I assumed that there would be some kind of setting for this in gnome-control-panel, but there isn't anything related to screensaver, nor do any of the Power settings seem to have any bearing on locking. Is there any way to get gnome screensaver to not lock on suspend/resume? Thanks, Matt Ventura -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/54d1d7fd.7030...@mattventura.net
Re: network newbie seeks help combining routesets for VPN tunnel
On 1/25/2015 5:13 AM, Tom Roche wrote: Tom Roche Sat, 24 Jan 2015 16:00:37 -0500 [1] (envvar names translated to `bash`ian) [The "original routeset" on the client/laptop:] 1: default via 192.168.1.1 dev eth0 proto static 2: 169.254.0.0/16 dev eth0 scope link metric 1000 3: 192.168.1.0/24 dev eth0 proto kernel scope link src ${LOCAL_ETH0_IPN} [OpenVPN routeset, overwrites the original routeset:] 1: 0.0.0.0/1 via ${OPEN_VPN_ENDPT_IPN} dev tun0 # inherited from "original" route#=1? 2: default via 192.168.1.1 dev eth0 proto static 3: 10.8.0.1 via ${OPEN_VPN_ENDPT_IPN} dev tun0 4: ${OPEN_VPN_ENDPT_IPN} dev tun0 proto kernel scope link src 10.8.0.6 5: 128.0.0.0/1 via ${OPEN_VPN_ENDPT_IPN} dev tun0 # inherited from "original" route#=2? 6: 169.254.0.0/16 dev eth0 scope link metric 1000 7: ${OPEN_VPN_PUBLIC_IPN} via 192.168.1.1 dev eth0 # inherited from "original" route#=3? 8: 192.168.1.0/24 dev eth0 proto kernel scope link src ${LOCAL_ETH0_IPN} [F5VPN routeset, overwrites the OpenVPN routeset:] 1: 0.0.0.0/1 via ${F5_VPN_ENDPT_IPN} dev ppp0 proto none metric 1 # inherited from "original" route#=1? 2: default via 192.168.1.1 dev eth0 proto static 3: 10.144.0.1 dev ppp0 proto kernel scope link src ${F5_VPN_ENDPT_IPN} 4: 128.0.0.0/1 via ${F5_VPN_ENDPT_IPN} dev ppp0 proto none metric 1 5: ${F5_VPN_PUBLIC_IPN} via ${OPEN_VPN_ENDPT_IPN} dev tun0 proto none metric 1 Matt Ventura Sat, 24 Jan 2015 19:26:48 -0800 [2] (slightly reformatted) [The new routeset] should look like: new routeset option 1: [192.168.1.0/24 dev eth0 proto kernel scope link src ${LOCAL_ETH0_IPN}] ${OPEN_VPN_PUBLIC_IPN} via 192.168.1.1 dev eth0 ${F5_VPN_PUBLIC_IPN} via ${OPEN_VPN_ENDPT_IPN} dev tun0 ... 0.0.0.0/0 via ${F5_VPN_ENDPT_IPN} dev ppp0 ... Come to think of it, the set of routes that the F5 VPN puts in place should work, needing only the addition of ${OPEN_VPN_PUBLIC_IPN} via 192.168.1.1 dev eth0 What I wrote above is the cleanest possible set of routes that would still work, but just adding that one route should fix the existing one. I think you would want to add it just before starting the OpenVPN, otherwise do it right after. Well, the OpenVPN client sets that route itself: the problem is, the F5VPN client overwrites it (see above). So I'd need to add it after starting the F5VPN client, producing something like new routeset option 2: F5VPN routes with 1 added route: 1: 0.0.0.0/1 via ${F5_VPN_ENDPT_IPN} dev ppp0 proto none metric 1 2: default via 192.168.1.1 dev eth0 proto static 3: 10.144.0.1 dev ppp0 proto kernel scope link src ${F5_VPN_ENDPT_IPN} 4: 128.0.0.0/1 via ${F5_VPN_ENDPT_IPN} dev ppp0 proto none metric 1 5: ${OPEN_VPN_PUBLIC_IPN} via 192.168.1.1 dev eth0 6: ${F5_VPN_PUBLIC_IPN} via ${OPEN_VPN_ENDPT_IPN} dev tun0 proto none metric 1 Is that the correct order? After starting the F5 VPN, you might need to [also] re-add the 192.168.1.0/24 dev eth0 ... src ${LOCAL_ETH0_IPN} so that would be option 3: F5VPN routes with 2 added routes: 1: 192.168.1.0/24 dev eth0 proto kernel scope link src ${LOCAL_ETH0_IPN} 2: 0.0.0.0/1 via ${F5_VPN_ENDPT_IPN} dev ppp0 proto none metric 1 3: default via 192.168.1.1 dev eth0 proto static 4: 10.144.0.1 dev ppp0 proto kernel scope link src ${F5_VPN_ENDPT_IPN} 5: 128.0.0.0/1 via ${F5_VPN_ENDPT_IPN} dev ppp0 proto none metric 1 6: ${OPEN_VPN_PUBLIC_IPN} via 192.168.1.1 dev eth0 7: ${F5_VPN_PUBLIC_IPN} via ${OPEN_VPN_ENDPT_IPN} dev tun0 proto none metric 1 Is that the correct order? thanks again, Tom Roche [1]: https://lists.debian.org/debian-user/2015/01/msg00882.html [2]: https://lists.debian.org/debian-user/2015/01/msg00892.html Yes. Although the OpenVPN client shouldn't be adding those unless it was configured to do so (or the server pushed instructions to do so), or you're using some frontend like network-manager in which case you'd want to configure that frontend to not do that. Matt Ventura -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/54c55592.5060...@mattventura.net
Re: network newbie seeks help combining routesets for VPN tunnel
On 1/24/2015 6:59 PM, Tom Roche wrote: Tom Roche Sat, 24 Jan 2015 16:00:37 -0500 [1] (envvar names translated to `bash`ian) [The "original routeset" on the client/laptop:] 1: default via 192.168.1.1 dev eth0 proto static 2: 169.254.0.0/16 dev eth0 scope link metric 1000 3: 192.168.1.0/24 dev eth0 proto kernel scope link src LOCAL_ETH0_IPN [OpenVPN routeset, overwrites the original routeset:] 1: 0.0.0.0/1 via OPEN_VPN_ENDPT_IPN dev tun0 # inherited from "original" route#=1? 2: default via 192.168.1.1 dev eth0 proto static 3: 10.8.0.1 via OPEN_VPN_ENDPT_IPN dev tun0 4: OPEN_VPN_ENDPT_IPN dev tun0 proto kernel scope link src 10.8.0.6 5: 128.0.0.0/1 via OPEN_VPN_ENDPT_IPN dev tun0 # inherited from "original" route#=2? 6: 169.254.0.0/16 dev eth0 scope link metric 1000 7: OPEN_VPN_PUBLIC_IPN via 192.168.1.1 dev eth0 # inherited from "original" route#=3? 8: 192.168.1.0/24 dev eth0 proto kernel scope link src LOCAL_ETH0_IPN [F5VPN routeset, overwrites the OpenVPN routeset:] 1: 0.0.0.0/1 via F5_VPN_ENDPT_IPN dev ppp0 proto none metric 1 # inherited from "original" route#=1? 2: default via 192.168.1.1 dev eth0 proto static 3: 10.144.0.1 dev ppp0 proto kernel scope link src F5_VPN_ENDPT_IPN 4: 128.0.0.0/1 via F5_VPN_ENDPT_IPN dev ppp0 proto none metric 1 5: F5_VPN_PUBLIC_IPN via OPEN_VPN_ENDPT_IPN dev tun0 proto none metric 1 [my proposed new routeset:] # 1st route in Hartge's Trinity == OpenVPN route#=1 (compare with F5VPN route#=1) 1: 0.0.0.0/1 via OPEN_VPN_ENDPT_IPN dev tun0 # inherited from "original" route#=1 == OpenVPN route#=2 == F5VPN route#=2 2: default via 192.168.1.1 dev eth0 proto static # OpenVPN route#=3 3: 10.8.0.1 via OPEN_VPN_ENDPT_IPN dev tun0 # OpenVPN route#=4 , but what is the difference between 'src' and 'via'? 4: OPEN_VPN_ENDPT_IPN dev tun0 proto kernel scope link src 10.8.0.6 # F5VPN route#=3 5: 10.144.0.1 dev ppp0 proto kernel scope link src F5_VPN_ENDPT_IPN # 2nd route in Hartge's Trinity == OpenVPN route#=5 (compare with F5VPN route#=4) 6: 128.0.0.0/1 via OPEN_VPN_ENDPT_IPN dev tun0 # inherited from "original" route#=2 == OpenVPN route#=6 (absent in F5VPN routeset) 7: 169.254.0.0/16 dev eth0 scope link metric 1000 # OpenVPN route#=7 8: OPEN_VPN_PUBLIC_IPN via 192.168.1.1 dev eth0 # almost F5VPN route#=5 ... but which dev should this take? eth0, ppp0, tun0? 9: F5_VPN_PUBLIC_IPN via OPEN_VPN_ENDPT_IPN dev proto none metric 1 # inherited from "original" route#=3 == OpenVPN route#=8 (absent in F5VPN routeset) 10: default via 192.168.1.1 dev eth0 proto static Matt Ventura Sat, 24 Jan 2015 15:04:55 -0800 [2] (slightly rearranged) Basically, your final routing table, in plain English, always tricky, that plain English :-) should look like this: Please correct me where I get it wrong: 1. Traffic to 192.168.1.0/24 should go through eth0 192.168.1.0/24 dev eth0 proto kernel scope link src ${LOCAL_ETH0_IPN} which is original route#=3 == OpenVPN route#=8 #1 shouldn't ever be touched by either VPN. OpenVPN respects it, but F5VPN removes it! 2. Traffic to the OpenVPN server's external IP should go through eth0 to 192.168.1.1 ${OPEN_VPN_PUBLIC_IPN} via 192.168.1.1 dev eth0 which is OpenVPN route#=7 #2 is something you'll probably need to manually add before (or after, not sure) starting the F5 VPN. I should be able to script that (more below). 3. Traffic to the F5 VPN server's external IP (I assume this is the 134.x.x.x one) (correct, though F5_VPN_PUBLIC_IPN changes per-connection, hence the parameterization) should go through the OpenVPN ptp endpoint (10.8.0.5) on dev=tun0? I.e. ${F5_VPN_PUBLIC_IPN} via ${OPEN_VPN_ENDPT_IPN} dev tun0 proto none metric 1 If so, that's F5VPN route#=5 4. All other traffic should go through the F5 VPN's ptp endpoint (10.144.x.x). Does '128.0.0.0/1' == 'all other traffic'? If so, 128.0.0.0/1 via ${F5_VPN_ENDPT_IPN} dev ppp0 proto none metric 1 is F5VPN route#=4 The F5 client seems to be adamant about having route #4 in place, so we don't need to worry about that. OK. As mentioned above, you should remove the default routing to the OpenVPN server i.e., proposed route#={1, 3, 4}, which are also OpenVPN route#={1, 3, 4} and just have [F5_VPN_PUBLIC_IPN] route through the 10.8.0.5, rather than 0/1 and 128/1. i.e., F5VPN route#=5. But then (IIUC) we're routing 128.0.0.0/1 but not 0.0.0.0/1. If so, does 0.0.0.0/1 not need routed? (And why did I not take the networking elective when I got my BSCS ?-( Meanwhile, assuming I understand correctly, it sounds like, after I start the F5VPN client on my client/laptop, I need to produce the routes given above with something like the foll
Re: network newbie seeks help combining routesets for VPN tunnel
ually serviced by `dev ppp0`). Question 3: What am I missing? Conversely, what do I have that is superfluous? Your assistance is appreciated! Tom Roche [1]: https://bitbucket.org/tlroche/linode_jumpbox_config/wiki/Home#rst-header-intended-solution [2]: https://lists.debian.org/debian-user/2015/01/msg00830.html [3]: https://lists.debian.org/debian-user/2015/01/msg00831.html [4]: https://bitbucket.org/tlroche/linode_jumpbox_config/wiki/Home#rst-header-f5nap [5]: https://en.wikipedia.org/wiki/Thesis,_antithesis,_synthesis [6]: https://bitbucket.org/tlroche/linode_jumpbox_config/wiki/Home#rst-header-productive-past [7]: https://bitbucket.org/tlroche/linode_jumpbox_config/wiki/Home#rst-header-f5vpn-only-connection Well, you don't need the 169 route unless you're actually doing something with link-local addresses. You may want to just reconfigure the OpenVPN to not be used as a default route, but rather to just route traffic for any IPs needed for the operation of the F5 VPN to go through the OpenVPN. There's no real need for the OpenVPN link to ever be a default route since the F5 VPN overrides that. Basically, your final routing table, in plain English, should look like this: 1. Traffic to 192.168.1.0/24 should go through eth0 2. Traffic to the OpenVPN server's external IP should go through eth0 to 192.168.1.1 3. Traffic to the F5 VPN server's external IP (I assume this is the 134.x.x.x one) should go through the OpenVPN ptp endpoint (10.8.0.5) 4. All other traffic should go through the F5 VPN's ptp endpoint (10.144.x.x). The F5 client seems to be adamant about having route #4 in place, so we don't need to worry about that. As mentioned above, you should remove the default routing to the OpenVPN server and just have 134.x.x.x route through the 10.8.0.5, rather than 0/1 and 128/1. #2 is something you'll probably need to manually add before (or after, not sure) starting the F5 VPN. #1 shouldn't ever be touched by either VPN. Matt Ventura -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/54c42517.2060...@mattventura.net
Re: SIOCDELRT, or: proper syntax to delete default route for an interface?
On 01/23/2015 04:05 AM, Sven Hartge wrote: Matt Ventura wrote: me@client:~$ date ; sudo route -n Thu Jan 22 11:48:48 EST 2015 Kernel IP routing table Destination Gateway Genmask Flags Metric RefUse Iface 0.0.0.0 10.144.15.100 128.0.0.0 UG1 00 ppp0 0.0.0.0 192.168.1.1 0.0.0.0 UG0 00 eth0 10.144.0.1 0.0.0.0 255.255.255.255 UH0 00 ppp0 128.0.0.0 10.144.15.100 128.0.0.0 UG1 00 ppp0 134.67.15.3010.8.0.5255.255.255.255 UGH 1 00 tun0 Try it with 0.0.0.0 instead of default. I didn't notice that the netmask was 128.0.0.0 rather than 0.0.0.0. Not sure why it would do that or if that has some kind of special meaning. VPN clients normally use two routes as "default" route: 0.0.0.0/128.0.0.0(or 0.0.0.0/1) 128.0.0.0/128.0.0.0 (or 128.0.0.0/1) This way, the VPN client does not need to replace the existing default route. Because those two new route are more specific than 0/0, all packages are routed into the tunnel and not to the old default gateway. If the VPN client crashes (or the tunnel interfaces is removed) those two routes are automatically removed too and the old default route is active again. If the client replaced the old default route then you would be left with a system without any default route, because the new one would have been deleted together with the tunnel interface. Grüße, Sven. Well, that confirms my original suspicion. The F5 VPN is throwing its default route over the original one, and that's causing traffic to the OpenVPN server to try to route over the F5 VPN. Obviously this doesn't work because the traffic to the F5 VPN needs to go through the OpenVPN link, so it becomes circular. What you need to do is add a route, something like: route add gw 192.168.1.1 dev eth0 so that the traffic to the OpenVPN server can be routed properly. Matt Ventura -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/54c2b359.7000...@mattventura.net
Re: SIOCDELRT, or: proper syntax to delete default route for an interface?
On 1/22/2015 3:55 PM, Tom Roche wrote: summary: me@client:~$ sudo route del default ppp0 SIOCDELRT: No such process me@client:~$ sudo route del default dev ppp0 SIOCDELRT: No such process me@client:~$ sudo route del -net default dev ppp0 SIOCDELRT: No such process me@client:~$ sudo route del -net default gw 10.144.15.234 dev ppp0 SIOCDELRT: No such process me@client:~$ sudo route del -net default netmask 128.0.0.0 gw 10.144.15.234 dev ppp0 SIOCDELRT: No such process me@client:~$ sudo route del -net default gw 0.0.0.0 dev ppp0 SIOCDELRT: No such process me@client:~$ sudo route del -net default netmask 255.255.255.255 gw 0.0.0.0 dev ppp0 SIOCDELRT: No such process details: I'm trying to debug a VPN-related misconfiguration on a laptop (call it "the client") which is running me@client:~$ cat /etc/debian_version jessie/sid me@client:~$ uname -rv 3.11-2-amd64 #1 SMP Debian 3.11.8-1 (2013-11-13) me@client:~$ gcc --version | head -n 1 gcc (Debian 4.8.2-1) 4.8.2 me@client:~$ sudo route --version [sudo] password for tlroche: net-tools 1.60 route 1.98 (2001-04-15) +NEW_ADDRT +RTF_IRTT +RTF_REJECT +I18N AF: (inet) +UNIX +INET +INET6 +IPX +AX25 +NETROM +X25 +ATALK +ECONET +ROSE HW: +ETHER +ARC +SLIP +PPP +TUNNEL -TR +AX25 +NETROM +X25 +FR +ROSE +ASH +SIT +FDDI +HIPPI +HDLC/LAPB +EUI64 On this client, I have started an OpenVPN client (after previously starting an OpenVPN server in the cloud), logged into a remote-access website, and used that site's web UI to connect to an F5 SSL VPN (which I want to tunnel through the OpenVPN). (More details on the design goal here[1] and the problem configuration here[2].) This produces me@client:~$ date ; sudo ifconfig Thu Jan 22 11:48:43 EST 2015 eth0 Link encap:Ethernet HWaddr inet addr:192.168.1.142 Bcast:192.168.1.255 Mask:255.255.255.0 inet6 addr: UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:10224715 errors:0 dropped:0 overruns:0 frame:0 TX packets:6011530 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:12886933501 (12.0 GiB) TX bytes:677423768 (646.0 MiB) Interrupt:20 Memory:f260-f262 loLink encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:497 errors:0 dropped:0 overruns:0 frame:0 TX packets:497 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:51273 (50.0 KiB) TX bytes:51273 (50.0 KiB) # Note I get slightly different IP#s for interface=ppp0 each time I run this scenario. ppp0 Link encap:Point-to-Point Protocol inet addr:10.144.15.234 P-t-P:10.144.0.1 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 RX packets:6 errors:0 dropped:0 overruns:0 frame:0 TX packets:18 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:3 RX bytes:56 (56.0 B) TX bytes:2418 (2.3 KiB) tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet addr:10.8.0.6 P-t-P:10.8.0.5 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 RX packets:4 errors:0 dropped:0 overruns:0 frame:0 TX packets:4 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:304 (304.0 B) TX bytes:304 (304.0 B) me@client:~$ date ; sudo route -n Thu Jan 22 11:48:48 EST 2015 Kernel IP routing table Destination Gateway Genmask Flags Metric RefUse Iface 0.0.0.0 10.144.15.100 128.0.0.0 UG1 00 ppp0 0.0.0.0 192.168.1.1 0.0.0.0 UG0 00 eth0 10.144.0.1 0.0.0.0 255.255.255.255 UH0 00 ppp0 128.0.0.0 10.144.15.100 128.0.0.0 UG1 00 ppp0 134.67.15.3010.8.0.5255.255.255.255 UGH 1 00 tun0 Once at that point, I'm directed[3] (IIUC) to delete the default route being set by the F5VPN, for debugging. Furthermore, I need to do this quickly, because (and this is the problem with the current misconfiguration) the misconfiguration causes the OpenVPN tunnel to fail quickly, which breaks the situation I want to debug. Hence it is quite infuriating that I cannot seem to find the correct `route` syntax to do this: me@client:~$ sudo route del default ppp0 SIOCDELRT: No such process me@client:~$ sudo route del default dev ppp0 SIOCDELRT: No such process me@client:~$ sudo route del -net default dev ppp0 SIOCDELRT: No such process me@client:~$ sudo route del -net default gw 10.144.15.234 dev ppp0 SIOCDELRT: No such process me@client:~$ sudo route del -net default netmask 128.0.0.0 gw 10.144.15.234 dev ppp0 SIOCDELRT: No such process me@client:~$
Re: network newbie seeks assistance debugging iptables for VPN tunnel
On 1/22/2015 9:43 AM, Tom Roche wrote: summary: Smells like progress! If I'm guessing correctly, the `route` changes imposed by connecting to the F5VPN[3] are conflicting with my server/jumpbox's current `iptables` (through which my client seeks to tunnel[7]. Does that claim seem warranted? If so, how to fix the server firewall? details: Matt Ventura Wed, 21 Jan 2015 09:58:38 -0800 [1] First thing to check would be the routing table while the VPN is active. Tom Roche Wed, 21 Jan 2015 16:33:43 -0500 [2] The `route -n` for while the OpenVPN connection is active is here[3], which is part of a longer section[4] with "all the gory details" ... Matt Ventura Wed, 21 Jan 2015 22:18:57 -0800 [5] I meant the routing table when the F5 VPN is active, when the connectivity breaks. The bad news is, I should have realized that :-) The good news is, that seems quite revealing, esp in the now-upgraded context of the revised connectivity-debugging scenario[3] (which I also reran to verify results): connecting to the F5VPN (after logging into the remote-access website) creates an interface=ppp0 and extensively rewrites the routing table! https://bitbucket.org/tlroche/linode_jumpbox_config/downloads/client_networking_investigation.txt ### 4. After connecting to F5VPN (requires login to remote-access website) ... me@client:~$ date ; sudo route -n Thu Jan 22 11:48:48 EST 2015 Kernel IP routing table Destination Gateway Genmask Flags Metric RefUse Iface 0.0.0.0 10.144.15.100 128.0.0.0 UG1 00 ppp0 0.0.0.0 192.168.1.1 0.0.0.0 UG0 00 eth0 10.144.0.1 0.0.0.0 255.255.255.255 UH0 00 ppp0 128.0.0.0 10.144.15.100 128.0.0.0 UG1 00 ppp0 134.67.15.3010.8.0.5255.255.255.255 UGH 1 00 tun0 So now I'm guessing that: 1. (from `whois 134.67.15.30`) 134.67.15.30 is the agency's VPN server. 2. I need to reconcile the above `route`ing with my server's current firewall config[6]: https://bitbucket.org/tlroche/linode_jumpbox_config/downloads/server_iptables_L.txt Chain INPUT (policy ACCEPT) target prot opt source destination fail2ban-ssh tcp -- anywhere anywhere multiport dports ssh ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere Chain FORWARD (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT all -- 10.8.0.0/24 anywhere REJECT all -- anywhere anywhere reject-with icmp-port-unreachable ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain fail2ban-ssh (1 references) target prot opt source destination DROP all -- 222.186.34.202 anywhere RETURN all -- anywhere anywhere So my questions are: 1. Am I guessing correctly? 2. If so, how to reconcile the `route`ing change imposed by the F5VPN with my server's current firewall config[6]? Thanks again for your prompt assistance, Tom Roche [1]: https://lists.debian.org/debian-user/2015/01/msg00733.html [2]: https://lists.debian.org/debian-user/2015/01/msg00744.html [3]: https://bitbucket.org/tlroche/linode_jumpbox_config/downloads/client_networking_investigation.txt [4]: https://bitbucket.org/tlroche/linode_jumpbox_config/wiki/OpenVPN_install#rst-header-dns-problem [5]: https://lists.debian.org/debian-user/2015/01/msg00761.html [6]: https://bitbucket.org/tlroche/linode_jumpbox_config/downloads/server_iptables_L.txt [7]: https://bitbucket.org/tlroche/linode_jumpbox_config/wiki/Home#rst-header-intended-solution I'm assuming ppp0 is the F5 VPN interface. Try deleting the first entry in the routing table after bringing up the F5 VPN (something like 'route del default ppp0' if memory serves) and see if it fixes the problem. This will probably break connectivity to the VPN until you restart it, but see if you can access the internet in general. Also, another option would be to simply run the F5 VPN client on the linode. Matt Ventura -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/54c1485e.2060...@mattventura.net
Re: network newbie seeks assistance debugging iptables for VPN tunnel
On 1/21/2015 1:33 PM, Tom Roche wrote: Tom Roche Wed, 21 Jan 2015 12:50:04 -0500 [1] I need to tunnel one SSL VPN (F5, running on one debian host) through another (OpenVPN, running on another debian host), but lose networking (e.g., `ping`) after the F5 VPN connects. I'm not sure whether this is due to my firewall/iptables or VPN configuration, but suspect the former. Unfortunately I am not knowledgeable regarding networking, so I'd appreciate any assistance you could provide. ... slightly revised ASCII art <-MY CONTROL AGENCY CONTROL-> firewall +--+ +---+ +---+ | +-+ | laptop + | | linode + | | remote-access | | | cluster | | F5NAP + |<--> | OpenVPN |<--> | website + |<-|-> | node(s) | | OpenVPN | | server + | | F5VPN server | | | | | client | | security | | | | | | +--+ +---+ +-------+ | +-+ Matt Ventura Wed, 21 Jan 2015 09:58:38 -0800 [2] First thing to check would be the routing table while the VPN is active. The `route -n` for while the OpenVPN connection is active is here[3], which is part of a longer section[4] with "all the gory details" ... and thanks! your prompt assistance is appreciated, Tom Roche [1]: https://lists.debian.org/debian-user/2015/01/msg00732.html [2]: https://lists.debian.org/debian-user/2015/01/msg00733.html [3]: https://bitbucket.org/tlroche/linode_jumpbox_config/downloads/client_networking_investigation.txt [4]: https://bitbucket.org/tlroche/linode_jumpbox_config/wiki/OpenVPN_install#rst-header-dns-problem Sorry, I meant the routing table when the F5 VPN is active, when the connectivity breaks. Matt Ventura -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/54c09651.3070...@mattventura.net
Re: network newbie seeks assistance debugging iptables for VPN tunnel
On 1/21/2015 9:50 AM, Tom Roche wrote: [note: following contains ASCII art in the middle, and footnoted links at the end] summary: I need to tunnel one SSL VPN (F5, running on one debian host) through another (OpenVPN, running on another debian host), but lose networking (e.g., `ping`) after the F5 VPN connects. I'm not sure whether this is due to my firewall/iptables or VPN configuration, but suspect the former. Unfortunately I am not knowledgeable regarding networking, so I'd appreciate any assistance you could provide. details: I need to remotely (off the physical LAN) SSH into some firewalled compute clusters to do environmental modeling (e.g., this[1]). Formerly I could do this from my debian laptop using the cluster-provider-mandated F5VPN[2]. However, access policy changed[3] (notably to require a single registered IP#), so I can no longer do this "directly" (i.e., just running the F5VPN from my laptop). I seek to adapt to the new policy (and resume work on my project) by implementing a VPN tunnel "through" a debian linode. Design details here[4], but my design can be roughly summarized with the following ASCII art (appropriately rendered here[4]): First thing to check would be the routing table while the VPN is active. If the VPN client doesn't automatically add a route for the VPN server through your normal gateway, but does add a default route through the VPN, then it will break your connectivity because it's trying to send all traffic through the VPN, including the traffic to the actual VPN server. Post your 'route' table and I'll have a look. Matt Ventura -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/54bfe8ce.9010...@mattventura.net
Re: wifi connection tool?
On 12/30/2014 07:26 AM, Mart van de Wege wrote: Andrei POPESCU writes: On Lu, 29 dec 14, 15:58:06, Vincent Lefevre wrote: This is for Network Manager (which I'm not using since it handles the full network configuration, but I already have my own for Ethernet, and I don't want it to be broken). If I'm not mistaken it can be configured to not handle connections already handled by ifupdown. Network devices which are configured in /etc/network/interfaces will typically be managed by ifupdown. Such devices will by default be marked as "unmanaged" in NetworkManager. >From /usr/share/doc/network-manager/README.Debian I used to run a configuration like that, so I can confirm that this works indeed. (For completeness' sake: I used to have the static network config of my workstation configured on the box itself, until I decided that it would be a lot simpler to just set up a static association on my DHCP server and just let NM handle all the network issues on my clients) Mart In addition, if you'd like to manually tell n-m to not manage interfaces, you can add a section like this to your /etc/NetworkManager/NetworkManager.conf: [keyfile] unmanaged-devices=mac:01:02:03:04:05:06;mac:00:11:22:33:44:55 -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/54a2f7fe.4010...@mattventura.net
Re: Image cloning software
On 12/15/2014 03:26 PM, Miroslav Skoric wrote: On 12/09/2014 11:11 PM, Andrei POPESCU wrote: You should probably provide more details about the installation to be cloned and hardware where the clone will be used. Kind regards, Andrei Here it is: 'Source 1' hardware: Desktop CPU Celeron 400 MHz, RAM 224 MB, HDD 21 GB (a half of a 41 GB ATA Maxtor) 'Source 1' OS: Debian 6.0.10 (Gnome, KDE, LXDE, Xfce), LILO dual-boot with Windows XP 'Source 2' hardware: Compaq Presario CQ56 CPU Pentium Dual-Core T4500 2.30 GHz, RAM 1.37 GB, HDD 320 GB (encrypted LVM) 'Source 2' OS: only Debian 7.7 (Gnome, KDE, LXDE, Xfce), LILO 'Target' hardware: Desktop CPU AMD Athlon 1.1 GHz, RAM 512 MB, HDD 41 GB (a half of a 82 GB ATA Maxtor) 'Target' OS: LILO for dual-boot with Windows XP Regards, M. Going from an older CPU to a newer one shouldn't cause problems, and going from a newer one to an older one is fine as long as it's not extremely old. You might want to check and make sure that whatever kernel is being used on Source 2 will support the CPU on Target. Memory shouldn't ever cause problems, unless a machine simply doesn't have enough. Dual booting also shouldn't be that difficult. I'm not sure if LILO automatically picks up on your Windows install and adds it as a boot option, but I know GRUB does. The only issue is the hard drive space. Going from a smaller hard drive to a larger one isn't a problem (dd the partition contents, then use the appropriate resize program such as resize2fs), but going from a larger partition to a smaller one is harder. Your best bet is to grab another hard drive (well, you'll need one to boot off of anyway so you can copy partitions around), copy the partition there, resize it down to the minimum, copy it to the final disk, then resize it up to the full partition size. Lastly, install the bootloader. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/54902bd3.9050...@mattventura.net
Re: Headless server just got suspended by updating systemd
On 11/23/2014 8:31 PM, John Hasler wrote: Joel Rees writes: So, what should Patrick file the bug against? I'd file against udev. That may not be correct but if not the maintainers will sort it out. Just explain that you are not certain of the exact package and why. I think the bug here IMO is that a system simply shouldn't *do* things in general without me telling it to. If I close the lid of my laptop, unless I have told it to suspend when I do so, then it shouldn't suspend. I should be telling my machine to do the things I want it to do, not telling it to not do the things I don't want it to do. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/5472bb06.6030...@mattventura.net
Re: Headless server just got suspended by updating systemd
On 11/23/2014 2:36 PM, Patrick Wiseman wrote: I am NOT starting another flamewar about systemd, but I was just upgrading a headless system (an old T61p laptop which has no functioning screen any more but which otherwise runs well and which I use as an internal webserver) by running aptitude in an ssh session. All went well until udev got upgraded, when I lost contact with the server and could not ping it. Looking at the laptop, I noticed that the suspend indicator was on, even though I have had power management ignore the lid switch. I opened the lid and it resumed. I was able again to ping and ssh into the server. However, 'w' told me that the machine had been up for 85 days, which meant it was time to reboot. I did that - it took a VERY long time to come back up, compared with how quickly it used to reboot - but when I closed the lid, it suspended again. It turns out that logind, a piece of systemd, has taken over power management by default. Editing /etc/systemd/logind.conf so that it contains "HandleLidSwitch=ignore" and restarting logind (with 'sudo systemctl restart systemd-logind')[1] has corrected the problem. My situation is probably rather unusual and so others may not run into the same problem, but just in case, this information may help. Patrick [1]See http://unix.stackexchange.com/questions/52643/how-to-disable-auto-suspend-when-i-close-laptop-lid, which I found by Googling. What version of udev was it running before the upgrade? -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/547290ae.2090...@mattventura.net
Re: What provides /dev/disk/by-uuid?
On 11/19/2014 12:10 PM, Sven Joachim wrote: On 2014-11-19 20:45 +0100, Matt Ventura wrote: What module/script/thing actually provides /dev/disk/by-uuid and by-label? Those are created by udev, the rules are in the file /lib/udev/rules.d/60-persistent-storage.rules. I'm asking because I disabled some things in my kernel config and now I no longer have those (neither before mounting root nor when fully booted). If I go back to my old kernel config, it works fine. What do I need to put in my kernel or initramfs to get these working? You did not specify which udev version you have, but the one in Jessie needs CONFIG_DEVTMPFS=y. See /usr/share/doc/systemd/README.gz (if systemd is installed) for other requirements. Cheers, Sven I'm using unstable. udevd --version says 215. I tried restarting udev manually but they didn't appear, and that script is in place (in the booted system, not sure about the initramfs). -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/546cfa7f.4050...@mattventura.net
Re: What provides /dev/disk/by-uuid?
On 11/19/2014 12:02 PM, Andrei POPESCU wrote: On Mi, 19 nov 14, 11:45:40, Matt Ventura wrote: What module/script/thing actually provides /dev/disk/by-uuid and by-label? I'm asking because I disabled some things in my kernel config and now I no longer have those (neither before mounting root nor when fully booted). If I go back to my old kernel config, it works fine. What do I need to put in my kernel or initramfs to get these working? You could post the diff between the configs, I'm sure some of the people building their own kernels will spot it ;) Kind regards, Andrei I think this is it, although I doubt anyone wants to look through this whole thing. http://termbin.com/lw1y In hindsight I probably should have done this more incrementally. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/546cf9d3.3060...@mattventura.net
What provides /dev/disk/by-uuid?
What module/script/thing actually provides /dev/disk/by-uuid and by-label? I'm asking because I disabled some things in my kernel config and now I no longer have those (neither before mounting root nor when fully booted). If I go back to my old kernel config, it works fine. What do I need to put in my kernel or initramfs to get these working? -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/546cf364.1000...@mattventura.net
Re: running two CPU's in parallel with e.g. Beowulf in the same box.....
On 11/18/2014 10:29 AM, Michael Fothergill wrote: Dear Folks, Out of interest, if I installed two Kaveri motherboads side by side in the same box (if there would be enough room e.g. in a HAF-x box, could I use something like Beowulf to run them in tandem? Could I not set it up so that I could run one board most of the time and only switch on the power (and Beowulf) when I wanted to do so? How well would the two APU's work together? Regards Michael Fothergill Tempus fugit , sed Latini etiam sugit You'll run into issues with power. Unless you're going to stuff 2 power supplies in the case, you have to buy or create splitters for the main power connector and the CPU power connector. You won't be able to have one on and the other off, at least not completely, because you're powering them with a single power supply. Then you've still got the issue of the case not really supporting two motherboards. You're probably better off getting two small cases and just having two separate machines. Then, you can have one power off the other and turn it back on with wake-on-lan as necessary.
Re: "Lennart Poettering Linux" -- some real eye openers here ... don't be blindsided!
On 11/9/2014 11:01 PM, Matthias Urlichs wrote: Hi, Andrew McGlashan: Forwarding a message "as is" from another mailing list ... very relevant to Linux and the systemd dilemma. No, it is not. Sorry, but requiring an up-to-date kernel (or any other infrastructure you rely on) instead of maintaining workarounds and compatibility code in perpetuity makes perfect sense. If you don't like that choice, you have a lot of legitimate options * use another init * use an older version of systemd * upgrade your kernel * back-port the features you want/need Note that bitching about upstream choices on debian-vote is not included in this list. The problem is that option #1 is becoming less and less viable due to more and more packages pulling in systemd dependencies, sometimes completely unecessarily from a functionality standpoint. I use systemd on a laptop and a desktop (voluntarily, not because of dependencies), but it's fairly clear that there are enough reasons for systemd to not be forced on people. I find it quite ironic that people are complaining about a GR being used to force a decision on people when this whole thing started because systemd is being forced on people. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/5460797c.8000...@mattventura.net
Re: Best way to "pin" a kernel
I'm just doing 'make deb-pkg' on the kernel, and installing the resulting package. From what I can tell, update-grub isn't treating it special in any way, just picking the highest-numbered kernel. It looks like my best bet is to probably change the behavior in the 10_linux script to only choose from kernel version numbers that have my custom suffix to be the highest kernel. On 09/12/2014 05:57 AM, Jonathan Dowland wrote: On Thu, Sep 11, 2014 at 08:27:46AM -0700, Matt Ventura wrote: Quick question: I want Debian to not switch Grub2 to a new kernel when I update it, since I have a custom kernel on a particular machine. When I install a new kernel from apt, I don't want to immediately use it. What's the cleanest way of doing this? How does your custom kernel get into the grub2 configuration - i.e. which bit of /etc/grub.d defines the custom kernel boot instructions? If it's a custom file (XX_custom) that you wrote yourself, make sure it is numbered lower than the files which generate the lines for Debian/other kernels, it will then be the 'first' OS that is defined. I think '06_' would be suitablly low (the first OS-defining configuration item in my directory is 10_linux, so you'd want earlier than that, but after some of the pre-OS boiler plate, the latest of which for me is 05_debian_theme). Grub2 defaults to the first item (this is configurable in /etc/default/grub). Once you've made the necessary changes run update-grub to generate the grub2 config file. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/54133846.20...@mattventura.net
Best way to "pin" a kernel
Quick question: I want Debian to not switch Grub2 to a new kernel when I update it, since I have a custom kernel on a particular machine. When I install a new kernel from apt, I don't want to immediately use it. What's the cleanest way of doing this? Matt Ventura -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/5411bf72.9050...@mattventura.net
Re: Make n-m not touch WWAN
On 9/5/2014 7:24 PM, B wrote: On Fri, 05 Sep 2014 19:12:32 -0700 Matt Ventura wrote: I'll probably file a bug report somewhere about this, but in the meantime, is there a way to just get it to ignore the card? Or does enabling mobile broadband in the menu activate the card without really doing anything? I don't want it using any unnecessary cpu/mem/power compared to before the update that broke this. Ace Ventura You can fill a bug if you want, but I don't think it one. The problem is the MODEM is apparently not dissociable from the GPS. If it is really so, you're stuck. They're dissociable in that they share a control channel (ttyUSB0 = control, ttyUSB1 = data, ttyUSB2 = GPS output) and they share the rfkill. However, before some update at some point (I don't know where exactly because ironically I used to have my rc.local rfkill the card to save some battery life since I didn't need GPS), n-m would allow me to leave the card in that state where I don't "Mobile Broadband" in the menu is disabled, but it didn't rfkill the card. If having MB enabled but not connected to any network does exactly the same thing, then that would be an acceptable solution to my problem. I can live with this regression since it's a bit of a corner case, but there's definitely at least one bug in all of this: it shouldn't be removing the option to (re)enable the card because it no longer sees it. Matt Ventura -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/540a750e.4000...@mattventura.net
Re: Make n-m not touch WWAN
On 9/5/2014 2:10 PM, Michael Biebl wrote: Am 05.09.2014 21:14, schrieb Matt Ventura: I don't recall this happening until recent updates, but on my laptop with testing installed, any time network-manager starts/restarts, it will rfkill my WWAN card. I use the card exclusively as a GPS, so I want n-m to pretend it doesn't exist. Is there something like unmanaged-devices but for WWAN cards? You could try something like [keyfile] unmanaged-devices=mac:00:11:22:33:44:55 in /etc/NetworkManager/NetworkManager.conf But the problem is that the card doesn't actually expose any network interface until I tell n-m to actually connect to a cellular network with the card (I don't have a plan for the card so it obviously fails). Even then, it's just a ppp interface with no MAC address, so I don't know what I would put in the config. This bug seems to be deeper though. When I rfkill unblock the card, after some time the option in n-m applet's context menu to enable mobile broadband will appear. However, if I enable this option and disable it, it will rfkill the card and I will lose that option to toggle it in the menu. It looks like this is a bug with how n-m handles the card. The card (Sierra Wireless MC5725) will drop off the USB entirely, so I guess n-m thinks the card is gone and doesn't give me the option to re-enable it. As for why it disables it to begin with, it appears that if you have the "Mobile Broadband" option disabled in the menu, it will rfkill the card for you. Except in this case, it becomes a chicken-and-egg problem because it ends up hiding the card from itself and thinking it doesn't exist, thus not giving me the option to enable it to begin with. I'll probably file a bug report somewhere about this, but in the meantime, is there a way to just get it to ignore the card? Or does enabling mobile broadband in the menu activate the card without really doing anything? I don't want it using any unnecessary cpu/mem/power compared to before the update that broke this. Matt Ventura -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/540a6d90.5060...@mattventura.net
Make n-m not touch WWAN
I don't recall this happening until recent updates, but on my laptop with testing installed, any time network-manager starts/restarts, it will rfkill my WWAN card. I use the card exclusively as a GPS, so I want n-m to pretend it doesn't exist. Is there something like unmanaged-devices but for WWAN cards? Matt Ventura -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/540a0baf.8050...@mattventura.net
Re: IP Forwarding to Windows machine
On 8/8/2014 12:04 AM, Mike McClain wrote: I've been trying to get my hand rolled iptables firewall to masquerade traffic on the LAN to/from a Win2K box. I've gotten it to the point that I can ping from the boxes both ways, smbclient can move files both ways and the Win2K box can ping Google's IP address but DNS lookup fails even though I've used the same DNS server in the Win2K box as on my Debian box which access the Inet via dialup. IE says "Cannot find server or DNS error." I've read every HOWTO and the iptables man pages several times but am at a loss. Suggestions? Thanks, Mike Can you post the exact output of the nslookup attempt from the win2k box? Thanks, Matt Ventura -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/53e5a085.6010...@mattventura.net
xfwm troubles and systemd questions
1. My xfwm4 seems to remember what workspaces I have windows on for the next time I open them. The problem is, I don't want it to do this because it will do things like open a window on another workspace minimized so I can't even see where it is without flipping through every workspace. I want all new windows to simply appear on the current workspace. 2. Is there a way to tell systemd (or whatever controls backlight) which backlight to use with brightness up/down keys? I have /sys/class/acpi_video0 and intel_backlight, and I'd rather it use the intel_backlight since it lets the backlight go down to 0 and has better resolution. 3. Is there a way to tell systemd or whatever else is managing my screen to do absolutely nothing when the laptop lid is closed, not even turning off the backlight? The hardware already does this so I have no need for any software to try to manage the backlight. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/53c02f86.7000...@mattventura.net
Re: Clone GPT partition table - with Lenny ?
On 7/6/2014 1:56 PM, B wrote: On Sun, 06 Jul 2014 13:41:15 -0700 Matt Ventura wrote: You don't need to know, you just use dd over the entire disk (i.e. sda instead of sda1). Yup. Just to be clear, you're trying to copy the entire disk with all its partitions, right? I think you also read too fast, apparently he just wanna have the same partition table. Which RAID doesn't care, eg: dsk0 partition = 100 (sectors, GB, whatever) dsk1 " = 101 or 4242.42 RAID will only pick 100 on dsk1 partition to achieve its work. This was mandatory from the very beginning, as HDz, even from the same brand, had not the same number of heads, track , etc . Well if he just needs the partition table but no data (it sounded like that, but I don't understand the reason for doing that), then according to wikipedia he should copy the first 34*512 bytes and the last 33*512 bytes onto the new disk. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/53b9bd87.7040...@mattventura.net
Re: Clone GPT partition table - with Lenny ?
On 7/6/2014 1:37 PM, Steve Litt wrote: On Sun, 6 Jul 2014 22:20:55 +0200 B wrote: On Sun, 06 Jul 2014 20:54:10 +0100 Ron Leach wrote: Is there, in Lenny, a command or tool for cloning a GPT? Use dd, it'll take a looong time but you'll have a bit copy. But... How do you know how much to copy? GPT partitions vary in length. SteveT Steve Litt* http://www.troubleshooters.com/ Troubleshooting Training * Human Performance You don't need to know, you just use dd over the entire disk (i.e. sda instead of sda1). Just to be clear, you're trying to copy the entire disk with all its partitions, right? -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/53b9b46b.8010...@mattventura.net
Re: wifi & bluetooth deactivation problem
On 7/4/2014 2:16 PM, B wrote: On Fri, 4 Jul 2014 22:36:43 +0200 B wrote: Ze ozer problem iz: I'd like to independently turn on/off wifi& bt. I answer myself: rfkill block wifi||bluetooth but LEDs stays on, which isn't very useful :(( Check if the LEDs in question are accessible through /sys/class/leds -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/53b761ac.4000...@mattventura.net
Re: flakey wifi access
On 6/30/2014 5:20 PM, Brian Flaherty wrote: On 06/29/2014 07:50 PM, tom arnall wrote: my wicd agent is unable to connect to wifi at mcDonald's, both in mexico and the states. it's fine with my home wifi and the coffee shop i go to. it also fails on the network at the campus where i teach in mexico. I had used wicd for months without problems, but last spring, I was unable to get on a WPA/WPA2 access point. The password was correct. Several other devices were connected. After a few days, I was able to get a cable connection and install networkmanager. I tried it and worked without problem. Didn't have time to work out what the issue was and I'm still just using networkmanager. In my case, the issue was with the underlying driver with the card plus wicd's poor handling of failures. The connection would drop, but wicd would continue to try to do DHCP on the connection, so it would sit there for a while spinning its wheels. Networkmanager would actually see the failures and restart the connection process until it worked. Using NM instead of wicd can be a good way to cover up driver issues. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/53b20422.5080...@mattventura.net
Re: GTK crashing X?
On 6/30/2014 4:29 PM, Brian wrote: On Mon 30 Jun 2014 at 15:41:48 -0700, Matt Ventura wrote: The card shows up as: 01:09.0 VGA compatible controller: Advanced Micro Devices, Inc. [AMD/ATI] Rage XL PCI (rev 27) I'm hesitant to apt-get --purge autoremove since it wants to remove systemd. If I install xorg and fvwm, it works fine. I can run xclock, it shows up, and I can move it around. When I install xfce4, then startx crashes with the segfault at 0xc, signal 11. You weigh up http://lists.opensuse.org/archive/opensuse-bugs/2014-02/msg02602.html and the links in it and see if there is anything comparable in the BTS. Then go from there. Thanks, the "ExaNoComposite" option worked for me. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/53b1f6bc.1080...@mattventura.net
Re: GTK crashing X?
On 6/30/2014 2:54 PM, Brian wrote: On Mon 30 Jun 2014 at 13:12:01 -0700, Matt Ventura wrote: On 6/30/2014 10:43 AM, Brian wrote: 6. Hopefully report success. :) ... Could be hardware, I suppose. Switch to a tty with CTL-ALT-F1. Login as a user and get the video card data from the command 'lspci'. While you are out of X ALT-F2 gives you another console to log in as root and remove lightdm with apt-get purge lightdm Because I like to be tidy I'd now return the machine to a more or less basic configuration apt-get purge fonts* x11-* dbus xfce4* followed by apt-get --purge autoremove Now apt-get install xorg fvwm and, as a user startx How does this go? If ok 'apt-get install xfce4' and 'startx'. The card shows up as: 01:09.0 VGA compatible controller: Advanced Micro Devices, Inc. [AMD/ATI] Rage XL PCI (rev 27) I'm hesitant to apt-get --purge autoremove since it wants to remove systemd. If I install xorg and fvwm, it works fine. I can run xclock, it shows up, and I can move it around. When I install xfce4, then startx crashes with the segfault at 0xc, signal 11. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/53b1e7ac.1060...@mattventura.net
Re: GTK crashing X?
On 6/30/2014 10:43 AM, Brian wrote: On Mon 30 Jun 2014 at 10:23:38 -0700, Matt Ventura wrote: Well, all I did was netinstall stable with xfce, log in once, add testing repos, and dist-upgrade. I could just try directly netinstalling testing, and if it's broken out of the box then it's almost certainly a bug, right? You could try: 1. Install without choosing Xfce. Untick the desktop item when asked to select software. 2. You'll boot into a tty. Login and and change sources.lst to "jessie". 3. Update, upgrade and dist-upgrade. 4. Reboot. Login and apt-get task-xfce-desktop or apt-get xfce4 lightdm The first gives you what d-i gives you. The second has fewer packages but is fine. I'd choose the latter. 5. Reboot. 6. Hopefully report success. :) Nope, installed lightdm after doing a dist-upgrade and rebooting, still has the same issue. Starts X, displays a cursor for a couple seconds, then crashes and repeatedly tries to restart lightdm. I'm still wondering if it has something to do with the video card, since another issue is that when I dist-upgrade and it upgrades GRUB, it tries to do a graphical boot, but it gets the monitor refresh rate wrong and can't display the menu. I have to manually set it to a lower resolution (native is 1280x1024) to get it to work. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/53b1c491.1050...@mattventura.net
Re: GTK crashing X?
On 6/30/2014 11:53 AM, rob wrote: On 29/06/14 19:16, Matt Ventura wrote: I've got a pretty old machine (Celeron 2.8 GHz, ATI rage XL). It's been running Debian fine for years, but I reinstalled recently. Installed stable (chose XFCE as desktop environment), everything worked fine (lightdm worked, xfce worked). Did a dist-upgrade to testing (also tried unstable), and now neither lightdm nor xfce works (lightdm goes into an endless crash loop, xfce sends me back to the login screen). I can manually start an X server, and it can display basic programs like xclock fine. But as soon as I start a GTK application (or at least I think it's GTK causing the problem), X crashes with "Segmentation fault at address 0xc" "Fatal server error: Caught signal 11 (Segmentation fault). Server aborting". There's nothing in the log immediately before the error other than the backtrace. There doesn't appear to be a problem with any of those components individually, since xfce and individual applications will both run perfectly fine if I display them on another machine's X, so I'm not even sure what to file a bug under. Which gtk application(s)? I have the issue with chromium, (as a start-up application), since an upgrade on 18/06. Which video drivers are you using, xorg-xserver-video-* or AMD(ATI)? rob Well, lightdm itself crashes it. I also tried with various xfce applications like thunar and the xfce panel. Gnome applications also seem to crash it. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/53b1b5cc.7090...@mattventura.net
Re: GTK crashing X?
On 6/30/2014 10:13 AM, Brian wrote: On Mon 30 Jun 2014 at 09:11:01 -0700, Matt Ventura wrote: The system otherwise works completely fine. Packages operations work fine, so I don't think that's where the problem lies. There was no downgrading, just upgraded to testing and it didn't work, figured I might as well check if it was fixed in unstable since it was a fresh install so there was nothing to lose. It looks like stable has 1:7.7+3~deb7u1 for xserver-xorg, 2.24.10-2 for gtk2, and 3.4.2-7 for gtk3. Testing has 1:7.7+7, 2.24.23-1, and 3.12.2-1+b1. Unstable is the same except gtk2 is 2.24.23-1. Considering we don't know exactly where you started from and your upgrading is not repeatable (making thoughts of bugs premature), what are your thoughts now? 1. Reinstall stable and stick with it? (After all, it worked). 2. Go for Jessie? (In a slightly different way than previously). Well, all I did was netinstall stable with xfce, log in once, add testing repos, and dist-upgrade. I could just try directly netinstalling testing, and if it's broken out of the box then it's almost certainly a bug, right? There's some other issues that I'd like to report (and/or workaround) as well so I'm holding off on reinstalling stable. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/53b19d1a.5080...@mattventura.net
Re: GTK crashing X?
On 6/30/2014 4:12 AM, Chris Bannister wrote: On Sun, Jun 29, 2014 at 11:16:58AM -0700, Matt Ventura wrote: I've got a pretty old machine (Celeron 2.8 GHz, ATI rage XL). It's been running Debian fine for years, but I reinstalled recently. Installed stable (chose XFCE as desktop environment), everything worked fine (lightdm worked, xfce worked). Did a dist-upgrade to testing (also tried unstable), and now Did you downgrade to testing from unstable? neither lightdm nor xfce works (lightdm goes into an endless crash loop, xfce sends me back to the login screen). I can manually start an X server, and it can display basic programs like xclock fine. But as soon as I start a GTK application (or at least I think it's GTK causing the problem), X crashes with "Segmentation fault at address 0xc" "Fatal server error: Caught signal 11 (Segmentation fault). Server aborting". There's nothing in the log immediately before the error other than the backtrace. There doesn't appear to be a problem with any of those components individually, since xfce and individual applications will both run perfectly fine if I display them on another machine's X, so I'm not even sure what to file a bug under. I'd check the package versions from what you say above about trying stable unstable and testing. Is the system in a sane state? i.e. does an apt-get update/upgrade occur without issue? Just as an aside, if stable was working fine why did you upgrade? The system otherwise works completely fine. Packages operations work fine, so I don't think that's where the problem lies. There was no downgrading, just upgraded to testing and it didn't work, figured I might as well check if it was fixed in unstable since it was a fresh install so there was nothing to lose. It looks like stable has 1:7.7+3~deb7u1 for xserver-xorg, 2.24.10-2 for gtk2, and 3.4.2-7 for gtk3. Testing has 1:7.7+7, 2.24.23-1, and 3.12.2-1+b1. Unstable is the same except gtk2 is 2.24.23-1. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/53b18c15.2080...@mattventura.net
Re: flakey wifi access
I've had something similar happen, but it turned out that the problem wasn't wicd but rather the driver for the card itself. Can you check if the problem occurs with something other than wicd? Also, what wifi card? On 6/29/2014 7:50 PM, tom arnall wrote: my wicd agent is unable to connect to wifi at mcDonald's, both in mexico and the states. it's fine with my home wifi and the coffee shop i go to. it also fails on the network at the campus where i teach in mexico. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/53b0d2cc.1010...@mattventura.net
GTK crashing X?
I've got a pretty old machine (Celeron 2.8 GHz, ATI rage XL). It's been running Debian fine for years, but I reinstalled recently. Installed stable (chose XFCE as desktop environment), everything worked fine (lightdm worked, xfce worked). Did a dist-upgrade to testing (also tried unstable), and now neither lightdm nor xfce works (lightdm goes into an endless crash loop, xfce sends me back to the login screen). I can manually start an X server, and it can display basic programs like xclock fine. But as soon as I start a GTK application (or at least I think it's GTK causing the problem), X crashes with "Segmentation fault at address 0xc" "Fatal server error: Caught signal 11 (Segmentation fault). Server aborting". There's nothing in the log immediately before the error other than the backtrace. There doesn't appear to be a problem with any of those components individually, since xfce and individual applications will both run perfectly fine if I display them on another machine's X, so I'm not even sure what to file a bug under. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/53b0581a.8050...@mattventura.net