|
Farking Bastage posted:A recent version of RouterOS would randomly and unfixably poo poo all your GRE tunnels. HAHAHA! I'm glad I don't have to deal with that now. I would be loving livid. ![]()
|
![]() |
|
![]()
|
# ? Jun 10, 2024 15:20 |
Sepist posted:That's surprising, the 6500 is one of the most bullet proof devices cisco ever made. I've seen them sitting around for 14 years running catOS before a fan dies (which of course requires downtime because the someone ran the cables to both sides covering the fan module). This. I've literally never had issues with a 6500 chassis with redundant sups. What was the bug in particular? I have seen an instance where someone had redundant sups but never bothered to enter the two lines required in order to turn on SSO. Eventually the primary fell over and welp. I currently have an undiagnosed bug with an ASA that is inserting strange mysterious static routes in its own routing table seemingly at random to route the connected MPLS interface subnet towards the outside interface, breaking all MPLS bound traffic when it does so. Cisco wanted me to setup a local syslog server (which normally is over the MPLS) so I could get logs as they couldn't figure out what the gently caress with the tech support files. Instead of doing all of that I put in this beautiful route to the MPLS network next hop: code:
![]() Nuclearmonkee fucked around with this message at 16:22 on Sep 16, 2016 |
|
![]() |
|
It's not your job to be Cisco's QA/bug testing team, screw them.
|
![]() |
|
GnarlyCharlie4u posted:heh We ran into some really weird mikrotik problems at my last job. It got even worse after I posted that. We ran into 3 bugs: DHCP ACK/OFFER for phones were being dropped by the firewall - fixed by disabling hardware offload CAPWAP discovery responses would get dropped by the firewall - fixed by disabling hardware offload and a reload DHCP ACK/OFFER for clients were being dropped by the firewall - Had to failover to the secondary unit, no amount of disables would fix this one Apparently the hardware accelerated FIB (don't know the real term) become corrupt for some routes somehow and persist through reboots, and for the last one they don't even know WTF.
|
![]() |
|
Farking Bastage posted:I'd like to extend a personal gently caress YOU to apple for killing PPTP in MacOS and making me reconfigure all 60-ish VPN routers I have. PPTP has been considered broken from a security standpoint for many years now. This is a good thing. You shouldn't be using it.
|
![]() |
|
wolrah posted:PPTP has been considered broken from a security standpoint for many years now. This is a good thing. You shouldn't be using it.
|
![]() |
|
Farking Bastage posted:I'd like to extend a personal gently caress YOU to apple for killing PPTP in MacOS and making me reconfigure all 60-ish VPN routers I have. So you've been running an insecure VPN solution for your users? Think of this as a lesson in actually securing your network (which is your job and probably aren't doing properly at that) and not causing problems later on. https://www.youtube.com/watch?v=vWXP3DvH8OQ
|
![]() |
|
Farking Bastage posted:I'd like to extend a personal gently caress YOU to apple for killing PPTP in MacOS and making me reconfigure all 60-ish VPN routers I have. ![]() I mean, maybe you should've reconfigured them 4 years ago?
|
![]() |
|
![]()
|
![]() |
Ugh I have a relative who has been running PPTP to their old DD-WRT router with mac clients. It's just a 3 person business but I expect I'll be getting that phone call and do not look forward to trying to upgrade the stupid thing. Last time I was there I tried changing it but there was some kind of bug in OpenVPN on the current version of DD-WRT and I threw up my hands rather than gently caress with it. Has anyone gotten that working or am I better off just getting them to buy something like a 5506x? It comes with two licenses which would be enough.
|
|
![]() |
|
Nuclearmonkee posted:Ugh I have a relative who has been running PPTP to their old DD-WRT router with mac clients. It's just a 3 person business but I expect I'll be getting that phone call and do not look forward to trying to upgrade the stupid thing. I had an issue with my previous router and DD-WRT not running OpenVPN properly, if you figure it out let me know.
|
![]() |
MF_James posted:I had an issue with my previous router and DD-WRT not running OpenVPN properly, if you figure it out let me know. gently caress
|
|
![]() |
|
The only thing I ever think of when I hear PPTP.
|
![]() |
|
Colonial Air Force posted:The only thing I ever think of when I hear PPTP. ![]() also as I am about to have a baby boy in 2 months, this is surprisingly relevant to my interests
|
![]() |
|
Farking Bastage posted:I'd like to extend a personal gently caress YOU to apple for killing PPTP in MacOS and making me reconfigure all 60-ish VPN routers I have. Good, stop using insecure garbage.
|
![]() |
|
Docjowles posted:
It happens. A lot.
|
![]() |
|
CrazyLittle posted:It happens. A lot. Yeah, so I hear. Our first was a girl and while that comes with many other challenges, "literally getting pee sprayed on your face at every diaper change" was not one of them. So I am 100% seriously interested in these goofy rear end things ![]()
|
![]() |
|
Docjowles posted:Yeah, so I hear. Our first was a girl and while that comes with many other challenges, "literally getting pee sprayed on your face at every diaper change" was not one of them.
|
![]() |
|
CrazyLittle posted:It happens. A lot. The pptp barely helps. It redirects the stream into a cone that fires downward in every direction for a few seconds until it's blasted off, then you still get soaked in humiliation. The true key is to have the new diaper ready as a shield. But even then, nothing will ever prepare you for the moment the poo poo-cannon goes off. Submit yourself to the eventual horror now.
|
![]() |
|
Sepist posted:
Problems with the hardware acceleration have presented in various forms and bugs since like 2010. Which ironically is about the same time they announced that they would no longer be developing OpenVPN in favor of SSTP.
|
![]() |
|
Working in IT: Everything is bad in different ways
|
![]() |
|
Back on topic, WiFi anyone?![]() I'm running a Meraki eval of one of their routers with wifi built-in (for a small biz customer of mine) and lol, the auto-channel selection clearly chose badly.
|
![]() |
|
Fudge posted:Well, nslookup just won't function if the DNS server isn't reachable. Which is weird because you're saying you can still ping devices with just their IPs. How many DCs do you have? Are all of these devices domain-joined? When I say I can ping, I also mean that I can also access file shares or rdp into any other machine on the network, but only by IP address. Neither short names or fqdn's resolve due to dns timeout. Everything is domain joined. There is one onsite dc, and two offsite. Yea, we are using the built in Windows Vpn client. The vpn is managed by our meraki, but authenticates with AD.
|
![]() |
|
Are you provisioning VPN clients with DNS servers in the IKE payload/L2TP? If you tracert to those DNS servers from your client, does the route look like you'd expect it to?
|
![]() |
|
The Fool posted:When I say I can ping, I also mean that I can also access file shares or rdp into any other machine on the network, but only by IP address. Neither short names or fqdn's resolve due to dns timeout. We run meraki without any issues. What subnets do you have in your network? Are you split tunneling?
|
![]() |
|
I'm trying to help a friend with a website issue. Old website is www.example.com New website is www.example.org When you type example.com into the address bar it redirects to www.example.org When you type www.example.com it doesn't redirect. Any idea on what I need to say to the hosting provider to get them to fix this?
|
![]() |
|
Dr. Arbitrary posted:I'm trying to help a friend with a website issue.
|
![]() |
|
Assuming the DNS is resolving to the correct server, it sounds like someone has forgotten to write the redirect rule to cover the www. subdomain.
|
![]() |
|
Thanks Ants posted:Assuming the DNS is resolving to the correct server, it sounds like someone has forgotten to write the redirect rule to cover the https://www. subdomain. I was kinda thinking that based on what I saw by googling. I've never done this aspect of IT. .htaccess isn't publicly viewable, is it?
|
![]() |
|
Dr. Arbitrary posted:I was kinda thinking that based on what I saw by googling.
|
![]() |
|
I think you guys zeroed in on the problem. They're clearly making changes right now. You guys are the best!
|
![]() |
|
I cannot help but giggle and not take seriously anyone who says "whack" instead of "backslash".
|
![]() |
|
CLAM DOWN posted:I cannot help but giggle and not take seriously anyone who says "whack" instead of "backslash". My references say the correct term is 'backslat' http://www.muppetlabs.com/~breadbox/intercal-man/tonsila.html
|
![]() |
|
CLAM DOWN posted:I cannot help but giggle and not take seriously anyone who says "whack" instead of "backslash". Be careful about that if you go to New York, someone might backslash you.
|
![]() |
The Fool posted:When I say I can ping, I also mean that I can also access file shares or rdp into any other machine on the network, but only by IP address. Neither short names or fqdn's resolve due to dns timeout. I'd run Wireshark on a client and the DC. Solved a problem with it today where McAfee firewall was blocking all UDP traffic to a physical VM host with a DC on it ![]()
|
|
![]() |
|
Those Mikrotik PPTP setups weren't my call ![]() e: holy loving avatar Farking Bastage fucked around with this message at 23:43 on Sep 16, 2016 |
![]() |
Also if I'm not mistaken Meraki devices have some native packet capture feature
|
|
![]() |
|
Farking Bastage posted:e: holy loving avatar Man, people are ready to throw cash at lowtax at the drop of a hat.
|
![]() |
Judge Schnoopy posted:The pptp barely helps. It redirects the stream into a cone that fires downward in every direction for a few seconds until it's blasted off, then you still get soaked in humiliation. Remove diaper, blow air at them quickly or wipe them with a wet wipe and immediately put the diaper back on before they pee. It's the shock of the temperature change. Nothing you can do about the poo poo cannon though.
|
|
![]() |
|
![]()
|
# ? Jun 10, 2024 15:20 |
|
Farking Bastage posted:Those Mikrotik PPTP setups weren't my call On the plus side, you end up with a better setup when it's done. Sucks if it wasn't under your control until it became your problem to solve though. Congrats on getting someone to spend ![]()
|
![]() |