nullnothere
nullnothere
Comments
-
Right and I'd say no. Lots of bad things happen when (some) ICMPv6 packets are disallowed. Seems odd because if you have an upstream /48 gateway, I'd think that things are routed and of course you shouldn't need any fe80 magic. Sure, that and of course there is no MAC address here... but I've seen other instances where…
-
I'm just going back to the basics now: * wg initiated ipv6 works fine - confirms that (outward initiated) routing (and return path) is not a problem and everything is ok. * Once upstream's neigh cache expires, incoming (outside initiated IPv6 traffic, not wg initiated responses) will stop because of no reply to a NS from…
-
Aaha. OK. Suggestion. Proxy the wg0 IPv6 as well and setup the default route for the clients via that IPv6 and you should be all set. If need be setup an explicit gateway via your eth0 IPv6 address on the wg side (remember that because there's no MAC, there no possibility of using the fe80 interface to discover routes on…
-
First, I assume the wg interface does not have a MAC. That is likely going to be one of the reasons you are not having a fe80:: address for wg0 (key difference in my case with a vmbr* interface). Can you also confirm that your wg0 interface's IP is reliably/consistently reachable from the outside? This is the one proxy…
-
Hmmm... I'm thinking aloud here. * Can you check your ip6tables forward rules to confirm that there are packets coming/going (counters will help here). * The wg* interface needs to have a default gateway for IPv6 that it can reach. Because in a sense it is a "virtual" interface, it will need to use an IPv6 that is on eth0…
-
A few points: * I presume you are forwarding between eth0 and your wg* interface (and that you have the relevant forwarding sysctl's set to 1) * I think for a forwarding scenario, you need to have accept_ra=2 on eth0 * What is your gateway setup for the primary wg* interface? I'm familiar with something like this in the…
-
From what I saw of the response, it is professional, courteous and if anything very lets-avoid-needless-flame-throwing. It seems apt as a first (official) response from Stripe to you. IMHO you are doing the right thing in approaching it this way (including removing negative publicity for them via Twitter - you have got…
-
Seconded - well balanced across providers and locations. Separately though, what (IMHO) would be nice is to also have an AUS presence (I know bandwidth is expensive down under...). Similarly it would be nice if there was another/more APAC location(s) (HK or SG and/or Japan). Thank you.
-
I'm a bit puzzled as well but here are some (more possibly useless) thoughts: * Could be there's not enough RAM (128MB maybe a bit tight for some operations?) * Is this a template issue? * Crude hack - try to copy the /etc/apt/ folder (use rsync, copy recursively) from a working/good/bigger machine where apt-get update is…
-
See: https://gen.xyz/1111b Seems OK for some testing kinds of scenarios for the long term.
-
cat /proc/cpuinfo on linux and you should see: ...Model name: Common KVM processor...Flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush...... (the above is just an example). Once cpu pass through is enabled, you should see a proper CPU name instead of Common KVM processor and the Flags…
-
Exactly - as long as you stick up to your end of the bargain, they follow up on their side (along with the usually generous try with no obligations for 14 or 30 days or whatever depending on the provider). One other real nuisance with Netcup that I forgot to mention - if you don't do SEPA/Bank transfer and do Paypal, it's…
-
Well that's true of any contract. Nothing that an email won't sort out is what I think. Besides, they give you something like 14 days (I don't know the exact days) AFTER invoice is raised to pay the dues (like Hetzner and other German companies) - the contract is already in place and there's just some sort of a buffer to…
-
I have a few Netcup VPSs and while I'm no ambassador, I must say that they are very reliable and live up to their end of the contract very well. Their VPSs are very stable, and provide a really good price-resource ratio. Performance (CPU) depends a lot on whether it is their Root servers (which have dedicated cores) vs…
-
I had posted this earlier: https://talk.lowendspirit.com/discussion/comment/34241#Comment_34241 All in all no reason to worry - things work consistently as per my expectations for the resources/hardware and I've been happy with things so far. I hope that in the future there will be better CPU and also a proper /64 IPv6…
-
Why not wireguard? So the server's public IP is firewalled for SSH but accessible via the WG interface so all private and protected. Plus you can have a mesh of all your servers in the same address space reachable via multiple paths if required. Second option is to use something like https://github.com/mrash/fwknop - opens…