google cloud platform – Unable to reach OpenVPN DNS /Public IP URL

Has anyone seen these error before with OpenVPN.

Secure Connection Failed

An error occurred during a connection to openvpn.example.com. PR_END_OF_FILE_ERROR

    The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
    Please contact the website owners to inform them of this problem.

I looked at the log file :/var/log/ openvpnas.log I found the following:

2021-09-14T19:58:23+0000 (stdout#info) (OVPN 0) OUT: 'Tue Sep 14 19:58:23 2021 myip:11301 Connection reset, restarting (0)'
2021-09-14T19:58:23+0000 (stdout#info) (OVPN 0) OUT: 'Tue Sep 14 19:58:23 2021 myip:11301 SIGUSR1(soft,connection-reset) received, client-instance restarting'
2021-09-14T19:59:13+0000 (stdout#info) (OVPN 0) OUT: 'Tue Sep 14 19:59:13 2021 TCP connection established with (AF_INET)myip:10603'
2021-09-14T19:59:13+0000 (stdout#info) (OVPN 0) OUT: 'Tue Sep 14 19:59:13 2021 Socket flags: TCP_NODELAY=1 succeeded'
2021-09-14T19:59:13+0000 (stdout#info) (OVPN 0) OUT: 'Tue Sep 14 19:59:13 2021 myip:10603 WARNING: Bad encapsulated packet length from peer (5635), which must be > 0 and <= 1627 -- please ensure that --tun-mtu or -
-link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- (Attempting restart...)'
2021-09-14T19:59:13+0000 (stdout#info) (OVPN 0) OUT: 'Tue Sep 14 19:59:13 2021 myip:10603 Connection reset, restarting (0)'
2021-09-14T19:59:13+0000 (stdout#info) (OVPN 0) OUT: 'Tue Sep 14 19:59:13 2021 myip:10603 SIGUSR1(soft,connection-reset) received, client-instance restarting'

It seems like my request is making it to the instance as per logs in the GCP logging

{
insertId: “148f4tog64jclgg”
jsonPay

load: {
connection: {
dest_ip: "*******"
dest_port: 443
protocol: 6
src_ip: "*********"
src_port: ****
}
disposition: "ALLOWED"
instance: {

but have no idea why its getting dropped. Has anyone experience similar?

dnd 5e – Can I hit a creature that has a reach larger than mine but is using itself to hit me?

By the RAW, no, but it’s a DM call

There is nothing specific in the rules about readying an action to strike a creature with reach when it comes in to attack with a body part, and the rule is that you can only make melee attacks against creatures that are within your reach. Despite the attacker having a long reach, its body is way over there, so by default, you can’t do this. However, a DM could certainly to decide to allow it based on the situation at hand.

It’s reasonable to say that you can chop at a limb as it comes towards you; but it’s equally reasonable to say that a dragon’s claw is too heavily scaled and moving too fast during an attack to present a target for a melee attack.

Now, if you’re being grappled by an Enormous Tentacle, it’s pretty hard to argue against being able to attack it, since it’s literally wrapped around your body; but again, this is down to the DM and the exact scenario at the table. There’s no official rule that says this is possible, but that’s why we have human DMs at the table.

linux networking – How to configure a hypervisor such that a KVM/QEMU virtual machine can reach hosts connected to the same trunk bridge?

1 Problem

My goal is that all LAN traffic is routed through a virtual machine (VM) acting as a router and firewall. Other VMs on the same hypervisor should also be routed through the firewall VM. See the following network sketch. Physical hosts connected to the trunk bridge can ping each other successfully, but VMs could not be reached yet.

2 Details

Network configuration on the hypervisor:

# =======
# Bridges
# =======
# ---------------------
# VLAN bridge br-vlan-3
# ---------------------
ip link add name br-vlan-3 type bridge
ip addr add 10.66.3.11/24 dev br-vlan-3
ip link set dev br-vlan-3 up

# ---------------------
# Trunk bridge Upstream
# ---------------------
ip link add name br-trunk-up type bridge vlan_filtering 1 vlan_default_pvid 0
ip link set br-trunk-up up

# ---------------
# Trunk bridge VM
# ---------------
ip link add name br-trunk-vm type bridge vlan_filtering 1 vlan_default_pvid 0
ip link set br-trunk-vm up

# =====
# Hosts
# =====

# Set physical devices up
ip link set enp5s0 up
ip link set enp9s0f0 up
ip link set enp9s0f1 up
ip link set enp9s0f2 up
ip link set enp9s0f3 up


# ----------------------
# desktop.3 br-vlan-3
# ----------------------
ip link add link enp9s0f1 name enp9s0f1.3 type vlan id 3
ip link set dev enp9s0f1.3 master br-vlan-3
ip link set enp9s0f1.3 up

# --------------------------
# desktop.100 br-trunk-vm
# --------------------------
ip link add link enp9s0f1 name enp9s0f1.100 type vlan id 100
ip link set enp9s0f1.100 master br-trunk-vm
ip link set enp9s0f1.100 up
bridge vlan add vid 100 dev enp9s0f1.100 master
bridge vlan add vid 100 dev br-trunk-vm self

bridge vlan add vid 100 dev fw.100 pvid 100

Network map

=======
DESKTOP
=======
localhost:user ~ $  ip a
2: enp34s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:d8:61:c4:b1:af brd ff:ff:ff:ff:ff:ff
4: br-vlan-100: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 1a:b1:36:43:f0:e4 brd ff:ff:ff:ff:ff:ff
    inet 10.66.100.44/24 scope global br-vlan-100
       valid_lft forever preferred_lft forever
7: enp.100@enp34s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-vlan-100 state UP group default qlen 1000
    link/ether 00:d8:61:c4:b1:af brd ff:ff:ff:ff:ff:ff
    
localhost:~ # cat /proc/net/vlan/enp.100 
enp.100  VID: 100        REORDER_HDR: 1  dev->priv_flags: 1221
         total frames received            0
          total bytes received            0
      Broadcast/Multicast Rcvd            0

      total frames transmitted          287
       total bytes transmitted        53964
Device: enp34s0
INGRESS priority mappings: 0:0  1:0  2:0  3:0  4:0  5:0  6:0 7:0
 EGRESS priority mappings: 


==========
HYPERVISOR
==========
bridge name     bridge id               STP enabled     interfaces
br-vlan-100             8000.1ab13643f0e4       no              enp.100

(root@fedora system)# ip a  
4: enp9s0f1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether a0:36:9f:5d:09:19 brd ff:ff:ff:ff:ff:ff
13: br-trunk-vm: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 56:7e:22:6a:23:2d brd ff:ff:ff:ff:ff:ff
16: enp9s0f1.100@enp9s0f1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-trunk-vm state UP group default qlen 1000
    link/ether a0:36:9f:5d:09:19 brd ff:ff:ff:ff:ff:ff
21: fw.100: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-trunk-vm state UNKNOWN group default qlen 1000
    link/ether fe:54:00:3e:97:72 brd ff:ff:ff:ff:ff:ff
    
    
(root@fedora system)# brctl show dev br-trunk-vm
bridge name     bridge id               STP enabled     interfaces
br-trunk-vm             8000.567e226a232d       no              enp9s0f1.100
                                                        fw.100
                                                        fw.103
                                                        fw.3


===============
VIRTUAL MACHINE 
===============                                                                    
(root@fedora system)# bridge vlan show
port              vlan-id  
br-trunk-vm       100
enp9s0f1.100      100
virbr0            1 PVID Egress Untagged
fw.100            100 PVID Egress Untagged


2: enp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 52:54:00:3e:97:72 brd ff:ff:ff:ff:ff:ff
    inet 10.66.100.10/24 scope global enp1s0
       valid_lft forever preferred_lft forever

Libvirt XML network configuration of the firewall VM:

<interface type='bridge'>
  <mac address='52:54:00:3e:97:72'/>
  <source bridge='br-trunk-vm'/>
  <target dev='fw.100'/>
  <model type='virtio'/>
  <address type='pci' domain='0x0000' bus='0x01' slot='0x00' function='0x0'/>
</interface>

3 Attempts

I tried configuring both a tagged and untagged NIC on the firewall VM. For the tagged NIC I created a VLAN bridge on the firewall VM and created a virtual tap device from the virtual tap fw.100 with the VLAN 100: vlan100@fw.100. Then I set the trunk port of vlan100@fw.100 to master: bridge vlan add vid 100 dev vlan100@fw.100 master. For the untagged NIC approach I configured no VLAN on the firewall VM and set its trunk port to PVID 100 untagged bridge vlan add vid 100 dev fw.100 pvid 100 untagged. In both cases I could not ping between the desktop host and the firewall VM.

This issue happens only with the libvirt KVM/QEMU virtual machine. Two physical VLAN tagged hosts connected to the hypervisor’s trunk bridge as master can ping each other.

What's the best way you can reach your audience faster

Growing your business can be very difficult without returning customers.

Our products and services revolve around these special people. So, knowing how to attract and retain them is very important.

Traffic to your business can be organic or paid.

.

kubernetes – Cannot reach pod from pod in some machines but tunnel in node is reached

I have a pod with a cluster IP of 10.233.70.35 in a bare metal Kubernetes 1.19 cluster with Calico 3.16.9 as CNI. Let’s call this Pod A. In most nodes (which is different from the node of Pod A), a pod (Pod B) in the same Kubernetes namespace can reach Pod A as shown in the pcap on the node where Pod A is below:

# tcpdump -vv -i calib33bd7211a6|grep 10.233.109.62
tcpdump: listening on calib33bd7211a6, link-type EN10MB (Ethernet), capture size 262144 bytes
    10.233.109.62.60372 > 10.233.70.35.tproxy: Flags (S), cksum 0x16af (correct), seq 2138999970, win 64240, options (mss 1460,sackOK,TS val 2089146656 ecr 0,nop,wscale 7), length 0
    10.233.70.35.tproxy > 10.233.109.62.60372: Flags (S.), cksum 0xc961 (incorrect -> 0x579e), seq 3985188010, ack 2138999971, win 65160, options (mss 1460,sackOK,TS val 4061902615 ecr 2089146656,nop,wscale 7), length 0
    10.233.109.62.60372 > 10.233.70.35.tproxy: Flags (.), cksum 0x82fd (correct), seq 1, ack 1, win 502, options (nop,nop,TS val 2089146656 ecr 4061902615), length 0
# tcpdump -vv -i tunl0|grep 10.233.109.62
tcpdump: listening on tunl0, link-type RAW (Raw IP), capture size 262144 bytes
    10.233.109.62.34294 > 10.233.70.35.tproxy: Flags (S), cksum 0xbd5b (correct), seq 1964000002, win 64240, options (mss 1460,sackOK,TS val 1018637359 ecr 0,nop,wscale 7), length 0
    10.233.70.35.tproxy > 10.233.109.62.34294: Flags (S.), cksum 0xc961 (incorrect -> 0x7b0b), seq 1667300057, ack 1964000003, win 65160, options (mss 1460,sackOK,TS val 4061982287 ecr 1018637359,nop,wscale 7), length 0
    10.233.109.62.34294 > 10.233.70.35.tproxy: Flags (.), cksum 0xa66a (correct), seq 1, ack 1, win 502, options (nop,nop,TS val 1018637359 ecr 4061982287), length 0
    10.233.109.62.34294 > 10.233.70.35.tproxy: Flags (F.), cksum 0x592f (correct), seq 1, ack 1, win 502, options (nop,nop,TS val 1018657129 ecr 4061982287), length 0
    10.233.70.35.tproxy > 10.233.109.62.34294: Flags (F.), cksum 0xc959 (incorrect -> 0x0bec), seq 1, ack 2, win 510, options (nop,nop,TS val 4062002057 ecr 1018657129), length 0
    10.233.109.62.34294 > 10.233.70.35.tproxy: Flags (.), cksum 0x0bf3 (correct), seq 2, ack 2, win 502, options (nop,nop,TS val 1018657130 ecr 4062002057), length 0

However, in some machines (which is again different from the node of Pod A), a pod (Pod C) in the same k8s namespace cannot reach Pod A although it is able to reach the the tunnel of Pod A‘s node as shown below:

# tcpdump -vv -i calib33bd7211a6|grep 10.233.82.51
tcpdump: listening on calib33bd7211a6, link-type EN10MB (Ethernet), capture size 262144 bytes
# tcpdump -vv -i tunl0|grep 10.233.82.51
tcpdump: listening on tunl0, link-type RAW (Raw IP), capture size 262144 bytes
    10.233.82.51.35038 > 10.233.70.35.tproxy: Flags (S), cksum 0xc924 (correct), seq 2532090843, win 64240, options (mss 1460,sackOK,TS val 3899329055 ecr 0,nop,wscale 7), length 0
    10.233.82.51.35038 > 10.233.70.35.tproxy: Flags (S), cksum 0xc529 (correct), seq 2532090843, win 64240, options (mss 1460,sackOK,TS val 3899330074 ecr 0,nop,wscale 7), length 0
    10.233.82.51.35038 > 10.233.70.35.tproxy: Flags (S), cksum 0xbd49 (correct), seq 2532090843, win 64240, options (mss 1460,sackOK,TS val 3899332090 ecr 0,nop,wscale 7), length 0
    10.233.82.51.35038 > 10.233.70.35.tproxy: Flags (S), cksum 0xacc9 (correct), seq 2532090843, win 64240, options (mss 1460,sackOK,TS val 3899336314 ecr 0,nop,wscale 7), length 0
    10.233.82.51.35038 > 10.233.70.35.tproxy: Flags (S), cksum 0x8cc9 (correct), seq 2532090843, win 64240, options (mss 1460,sackOK,TS val 3899344506 ecr 0,nop,wscale 7), length 0
    10.233.82.51.35038 > 10.233.70.35.tproxy: Flags (S), cksum 0x4dc9 (correct), seq 2532090843, win 64240, options (mss 1460,sackOK,TS val 3899360634 ecr 0,nop,wscale 7), length 0
    10.233.82.51.35038 > 10.233.70.35.tproxy: Flags (S), cksum 0xc9c8 (correct), seq 2532090843, win 64240, options (mss 1460,sackOK,TS val 3899394426 ecr 0,nop,wscale 7), length 0

What could I do to fix this such that Pod A is reachable by any pod in any of the nodes?

All of the nodes are in the same subnet but spread across two L2 switches. This issue seems to occur for some of the nodes in one of the switches however since Pod A‘s machine was reached by the tunnel, this observation is irrelevant.

How to reach a url from an intranet?

I have an internal network with IP address of 10.0.1.x which has no gateway this is on VLAN 10 with no gateway. And no path to the internet.
I have a windows 10 computer with two NICs, one NIC on the 10.0.1 and one on the 10.10.1 network which goes to the internet.
How can I use this windows 10 machine to serve as a proxy for the intranet that need to connect to this one url?
Are there any tools to accomplish this?

TIA

Does BFGminer halt processing if ASIC miners reach a high temperature?

From the README of BFGminer, I see:

The totals line shows the following:
 6/32   75.0C | 171.3/170.8/171.2Gh/s | A:729 R:8+0(.01%) HW:0/.81%

Each column is as follows:
  The number of devices and processors currently mining
  Hottest temperature reported by any processor

I don’t see the temperature column.

Does this mean I have the incorrect Windows drivers?

Does it mean I need to pass a parameter to BFGminer?