|
Farking Bastage posted:A recent version of RouterOS would randomly and unfixably poo poo all your GRE tunnels. HAHAHA! I'm glad I don't have to deal with that now. I would be loving livid. 
|
#
?
Sep 16, 2016 16:00
|
|
|
|
| # ? Apr 20, 2024 03:34 |
|
|
Sepist posted:That's surprising, the 6500 is one of the most bullet proof devices cisco ever made. I've seen them sitting around for 14 years running catOS before a fan dies (which of course requires downtime because the someone ran the cables to both sides covering the fan module). This. I've literally never had issues with a 6500 chassis with redundant sups. What was the bug in particular? I have seen an instance where someone had redundant sups but never bothered to enter the two lines required in order to turn on SSO. Eventually the primary fell over and welp. I currently have an undiagnosed bug with an ASA that is inserting strange mysterious static routes in its own routing table seemingly at random to route the connected MPLS interface subnet towards the outside interface, breaking all MPLS bound traffic when it does so. Cisco wanted me to setup a local syslog server (which normally is over the MPLS) so I could get logs as they couldn't figure out what the gently caress with the tech support files. Instead of doing all of that I put in this beautiful route to the MPLS network next hop: code: The Cisco guy seemed a little salty that I just slapped a lovely bandaid on it and called it good, but eh I don't want to setup another syslog server so go find some other customer to be your bug testing environment.
Nuclearmonkee fucked around with this message at 16:22 on Sep 16, 2016 |
|
#
?
Sep 16, 2016 16:19
|
|
|
It's not your job to be Cisco's QA/bug testing team, screw them.
|
|
#
?
Sep 16, 2016 16:24
|
|
|
GnarlyCharlie4u posted:heh We ran into some really weird mikrotik problems at my last job. It got even worse after I posted that. We ran into 3 bugs: DHCP ACK/OFFER for phones were being dropped by the firewall - fixed by disabling hardware offload CAPWAP discovery responses would get dropped by the firewall - fixed by disabling hardware offload and a reload DHCP ACK/OFFER for clients were being dropped by the firewall - Had to failover to the secondary unit, no amount of disables would fix this one Apparently the hardware accelerated FIB (don't know the real term) become corrupt for some routes somehow and persist through reboots, and for the last one they don't even know WTF.
|
|
#
?
Sep 16, 2016 17:04
|
|
|
Farking Bastage posted:I'd like to extend a personal gently caress YOU to apple for killing PPTP in MacOS and making me reconfigure all 60-ish VPN routers I have. PPTP has been considered broken from a security standpoint for many years now. This is a good thing. You shouldn't be using it.
|
|
#
?
Sep 16, 2016 17:34
|
|
|
wolrah posted:PPTP has been considered broken from a security standpoint for many years now. This is a good thing. You shouldn't be using it.
|
|
#
?
Sep 16, 2016 17:52
|
|
|
Farking Bastage posted:I'd like to extend a personal gently caress YOU to apple for killing PPTP in MacOS and making me reconfigure all 60-ish VPN routers I have. So you've been running an insecure VPN solution for your users? Think of this as a lesson in actually securing your network (which is your job and probably aren't doing properly at that) and not causing problems later on. https://www.youtube.com/watch?v=vWXP3DvH8OQ
|
|
#
?
Sep 16, 2016 18:18
|
|
|
Farking Bastage posted:I'd like to extend a personal gently caress YOU to apple for killing PPTP in MacOS and making me reconfigure all 60-ish VPN routers I have.  I mean, maybe you should've reconfigured them 4 years ago?
|
|
#
?
Sep 16, 2016 18:23
|
|
|
|
|
#
?
Sep 16, 2016 18:25
|
|
|
Ugh I have a relative who has been running PPTP to their old DD-WRT router with mac clients. It's just a 3 person business but I expect I'll be getting that phone call and do not look forward to trying to upgrade the stupid thing. Last time I was there I tried changing it but there was some kind of bug in OpenVPN on the current version of DD-WRT and I threw up my hands rather than gently caress with it. Has anyone gotten that working or am I better off just getting them to buy something like a 5506x? It comes with two licenses which would be enough.
|
|
#
?
Sep 16, 2016 18:31
|
|
|
Nuclearmonkee posted:Ugh I have a relative who has been running PPTP to their old DD-WRT router with mac clients. It's just a 3 person business but I expect I'll be getting that phone call and do not look forward to trying to upgrade the stupid thing. I had an issue with my previous router and DD-WRT not running OpenVPN properly, if you figure it out let me know.
|
|
#
?
Sep 16, 2016 18:57
|
|
|
MF_James posted:I had an issue with my previous router and DD-WRT not running OpenVPN properly, if you figure it out let me know. gently caress
|
|
#
?
Sep 16, 2016 18:59
|
|
|
The only thing I ever think of when I hear PPTP.
|
|
#
?
Sep 16, 2016 20:07
|
|
|
Colonial Air Force posted:The only thing I ever think of when I hear PPTP.  also as I am about to have a baby boy in 2 months, this is surprisingly relevant to my interests
|
|
#
?
Sep 16, 2016 20:12
|
|
|
Farking Bastage posted:I'd like to extend a personal gently caress YOU to apple for killing PPTP in MacOS and making me reconfigure all 60-ish VPN routers I have. Good, stop using insecure garbage.
|
|
#
?
Sep 16, 2016 20:29
|
|
|
Docjowles posted:
It happens. A lot.
|
|
#
?
Sep 16, 2016 20:31
|
|
|
CrazyLittle posted:It happens. A lot. Yeah, so I hear. Our first was a girl and while that comes with many other challenges, "literally getting pee sprayed on your face at every diaper change" was not one of them. So I am 100% seriously interested in these goofy rear end things 
|
|
#
?
Sep 16, 2016 20:34
|
|
|
Docjowles posted:Yeah, so I hear. Our first was a girl and while that comes with many other challenges, "literally getting pee sprayed on your face at every diaper change" was not one of them.
|
|
#
?
Sep 16, 2016 21:04
|
|
|
CrazyLittle posted:It happens. A lot. The pptp barely helps. It redirects the stream into a cone that fires downward in every direction for a few seconds until it's blasted off, then you still get soaked in humiliation. The true key is to have the new diaper ready as a shield. But even then, nothing will ever prepare you for the moment the poo poo-cannon goes off. Submit yourself to the eventual horror now.
|
|
#
?
Sep 16, 2016 21:14
|
|
|
Sepist posted:
Problems with the hardware acceleration have presented in various forms and bugs since like 2010. Which ironically is about the same time they announced that they would no longer be developing OpenVPN in favor of SSTP.
|
|
#
?
Sep 16, 2016 21:21
|
|
|
Working in IT: Everything is bad in different ways
|
|
#
?
Sep 16, 2016 21:42
|
|
|
Back on topic, WiFi anyone? I'm running a Meraki eval of one of their routers with wifi built-in (for a small biz customer of mine) and lol, the auto-channel selection clearly chose badly.
|
|
#
?
Sep 16, 2016 22:12
|
|
|
Fudge posted:Well, nslookup just won't function if the DNS server isn't reachable. Which is weird because you're saying you can still ping devices with just their IPs. How many DCs do you have? Are all of these devices domain-joined? When I say I can ping, I also mean that I can also access file shares or rdp into any other machine on the network, but only by IP address. Neither short names or fqdn's resolve due to dns timeout. Everything is domain joined. There is one onsite dc, and two offsite. Yea, we are using the built in Windows Vpn client. The vpn is managed by our meraki, but authenticates with AD.
|
|
#
?
Sep 16, 2016 22:14
|
|
|
Are you provisioning VPN clients with DNS servers in the IKE payload/L2TP? If you tracert to those DNS servers from your client, does the route look like you'd expect it to?
|
|
#
?
Sep 16, 2016 22:22
|
|
|
The Fool posted:When I say I can ping, I also mean that I can also access file shares or rdp into any other machine on the network, but only by IP address. Neither short names or fqdn's resolve due to dns timeout. We run meraki without any issues. What subnets do you have in your network? Are you split tunneling?
|
|
#
?
Sep 16, 2016 22:24
|
|
|
I'm trying to help a friend with a website issue. Old website is www.example.com New website is www.example.org When you type example.com into the address bar it redirects to www.example.org When you type www.example.com it doesn't redirect. Any idea on what I need to say to the hosting provider to get them to fix this?
|
|
#
?
Sep 16, 2016 22:33
|
|
|
Dr. Arbitrary posted:I'm trying to help a friend with a website issue.
|
|
#
?
Sep 16, 2016 22:42
|
|
|
Assuming the DNS is resolving to the correct server, it sounds like someone has forgotten to write the redirect rule to cover the www. subdomain.
|
|
#
?
Sep 16, 2016 22:53
|
|
|
Thanks Ants posted:Assuming the DNS is resolving to the correct server, it sounds like someone has forgotten to write the redirect rule to cover the https://www. subdomain. I was kinda thinking that based on what I saw by googling. I've never done this aspect of IT. .htaccess isn't publicly viewable, is it?
|
|
#
?
Sep 16, 2016 22:58
|
|
|
Dr. Arbitrary posted:I was kinda thinking that based on what I saw by googling.
|
|
#
?
Sep 16, 2016 22:59
|
|
|
I think you guys zeroed in on the problem. They're clearly making changes right now. You guys are the best!
|
|
#
?
Sep 16, 2016 23:16
|
|
|
I cannot help but giggle and not take seriously anyone who says "whack" instead of "backslash".
|
|
#
?
Sep 16, 2016 23:31
|
|
|
CLAM DOWN posted:I cannot help but giggle and not take seriously anyone who says "whack" instead of "backslash". My references say the correct term is 'backslat' http://www.muppetlabs.com/~breadbox/intercal-man/tonsila.html
|
|
#
?
Sep 16, 2016 23:33
|
|
|
CLAM DOWN posted:I cannot help but giggle and not take seriously anyone who says "whack" instead of "backslash". Be careful about that if you go to New York, someone might backslash you.
|
|
#
?
Sep 16, 2016 23:38
|
|
The Fool posted:When I say I can ping, I also mean that I can also access file shares or rdp into any other machine on the network, but only by IP address. Neither short names or fqdn's resolve due to dns timeout. I'd run Wireshark on a client and the DC. Solved a problem with it today where McAfee firewall was blocking all UDP traffic to a physical VM host with a DC on it  Helped me narrow it down because the packets were going out and there was no UDP traffic on the DC
|
|
|
#
?
Sep 16, 2016 23:39
|
|
|
Those Mikrotik PPTP setups weren't my call  I just have to change it now in the middle of a total shitstorm. e: holy loving avatar Farking Bastage fucked around with this message at 23:43 on Sep 16, 2016 |
|
#
?
Sep 16, 2016 23:40
|
|
|
Also if I'm not mistaken Meraki devices have some native packet capture feature
|
|
|
#
?
Sep 16, 2016 23:42
|
|
|
Farking Bastage posted:e: holy loving avatar Man, people are ready to throw cash at lowtax at the drop of a hat.
|
|
#
?
Sep 16, 2016 23:51
|
|
|
Judge Schnoopy posted:The pptp barely helps. It redirects the stream into a cone that fires downward in every direction for a few seconds until it's blasted off, then you still get soaked in humiliation. Remove diaper, blow air at them quickly or wipe them with a wet wipe and immediately put the diaper back on before they pee. It's the shock of the temperature change. Nothing you can do about the poo poo cannon though.
|
|
#
?
Sep 17, 2016 00:19
|
|
|
|
| # ? Apr 20, 2024 03:34 |
|
|
Farking Bastage posted:Those Mikrotik PPTP setups weren't my call On the plus side, you end up with a better setup when it's done. Sucks if it wasn't under your control until it became your problem to solve though. Congrats on getting someone to spend  over a single post, usually that takes a few pages of back and forth argument. It's not like you defended using PPTP, just bitched about having to change it.
|
|
#
?
Sep 17, 2016 01:02
|
|