https://netmaker.org logo
#netmaker
Title
# netmaker
b

bored-island-21407

07/10/2022, 2:57 PM
what were you doing at the time? can you paste logs?
m

mysterious-forest-94789

07/10/2022, 3:08 PM
Didn'
Didn't realize it was here
Sorry
b

bored-island-21407

07/10/2022, 3:09 PM
np
can you paste the output of wg show (remove private/public keys) or just
wg show all listen-port
and can you paste the output of netclient pull -vvv -n
journalctl -u netclient
m

mysterious-forest-94789

07/10/2022, 3:17 PM
Just a lot of checkins and a few peer updates. On startup I see a few iptables bad rule errors due to a rule missing, I assume it is because of the missing wg interfaces
Yep, it matches that interface
had a few timeouts but I assume it was during the time of a restart or a docker reload
b

bored-island-21407

07/10/2022, 3:18 PM
how many networks on this node?
how many are working?
m

mysterious-forest-94789

07/10/2022, 3:18 PM
5
4
b

bored-island-21407

07/10/2022, 3:19 PM
and you did the pull on the one that was not working?
m

mysterious-forest-94789

07/10/2022, 3:19 PM
yes
Hmm.... I see a note in here about a local port change
let me see what it is supposed to be
b

bored-island-21407

07/10/2022, 3:20 PM
run journalctl -fu netclient in one terminal and run the pull command in another terminal ..... are there any errors in the journalctl output
m

mysterious-forest-94789

07/10/2022, 3:24 PM
Just one of these
b

bored-island-21407

07/10/2022, 3:25 PM
I think you need to leave and rejoin that network
m

mysterious-forest-94789

07/10/2022, 3:25 PM
Looks like from the down interface
I am having the same issue on another network
on another node
I've manually started interfaces using wg-quick and I get address in use error
b

bored-island-21407

07/10/2022, 3:26 PM
you should not manually start interfaces
m

mysterious-forest-94789

07/10/2022, 3:26 PM
I know, but this is for testing
netclient shows the same thing
b

bored-island-21407

07/10/2022, 3:27 PM
where .... you have not shown me a log with the error from netclient yet... only the wg-quick command
m

mysterious-forest-94789

07/10/2022, 3:27 PM
The information I showed you was from netclient
b

bored-island-21407

07/10/2022, 3:28 PM
the error is from wg-quick
m

mysterious-forest-94789

07/10/2022, 3:28 PM
but the output was from netclient
b

bored-island-21407

07/10/2022, 3:28 PM
no, the output was from wg-quick
m

mysterious-forest-94789

07/10/2022, 3:29 PM
the output was from the execution of netclient
just netclient pull
all networks
b

bored-island-21407

07/10/2022, 3:30 PM
i need more of the logs to know what was happening at the time and what listen ports are already in use and the network cidr of all wireguard networks
m

mysterious-forest-94789

07/10/2022, 3:36 PM
Okay, lets see..
Without dumping pages worth of content, netclient flags either one of these interfaces depending on when it comes up and manually does the same thing...
I'll pull the current configs.. sec..
That one will start by itself
This one will start by itself as well
However, if one is up, the other will show address in use
Sorry for the formatting, I'm viewing it through a web vnc
b

bored-island-21407

07/10/2022, 3:42 PM
Will have to get back to you, busy with something
m

mysterious-forest-94789

07/10/2022, 3:43 PM
Okay, no worries. I need to get ready for work myself. I have to run for about 2 hours and I'll be back after 11:30 Pacific
b

bored-island-21407

07/10/2022, 3:44 PM
Can you provide the network range and listen ports for all of your networks. Ie net1. 10.10.10.0/24 port 51820
m

mysterious-forest-94789

07/10/2022, 3:49 PM
Okay, it varies a little bit for each node as not all networks are on each node and I simply went with the next port in the range, so ports between all peers don't match.
However, I can give you this specific one for now.
b

bored-island-21407

07/10/2022, 3:50 PM
Just want info for one node
m

mysterious-forest-94789

07/10/2022, 3:51 PM
It's in the screenshot 10.0.10.0/24 port 51823 and 10.0.15.0/24 port 51822
b

bored-island-21407

07/10/2022, 3:52 PM
But you said 5 netwo8
m

mysterious-forest-94789

07/10/2022, 3:52 PM
Yes, but the rest work without issue. These two seem to conflict somehow
b

bored-island-21407

07/10/2022, 3:52 PM
All the info is required
m

mysterious-forest-94789

07/10/2022, 3:53 PM
okay
Okay, that's the 4 on this node
gtg for now, be back at 11:30 PDT
Back
Actually, been here a while, was on the phone
b

bored-island-21407

07/10/2022, 7:17 PM
np
m

mysterious-forest-94789

07/10/2022, 7:17 PM
See anything that screams "I'm Broken!"?
b

bored-island-21407

07/10/2022, 7:19 PM
what I would like you to do is run systemctl stop netclient
m

mysterious-forest-94789

07/10/2022, 7:19 PM
Okay, I did that when I was testing the nodes manually using wg-quick
b

bored-island-21407

07/10/2022, 7:20 PM
and then run ip link del for each wireguard interface
m

mysterious-forest-94789

07/10/2022, 7:20 PM
i was doing wg-quck down /etc/netclient/config/interface.config
b

bored-island-21407

07/10/2022, 7:20 PM
and then run systemctl start netclient and show the output of journalctl -fu netclient
that works too
before you start netclient could you also paste the output of
ip a
m

mysterious-forest-94789

07/10/2022, 7:24 PM
okay
gimme a few minutes, I have a resource leak on this desktop somewhere. I need to clean up the registry real quick and reboot anyways, so I'll kill two birds with one stone.
b

bored-island-21407

07/10/2022, 7:29 PM
k
m

mysterious-forest-94789

07/10/2022, 9:11 PM
Okay, got everything ready. I'm just dumping a txt log, sec..
I'll be around, just drop a message whenever you get a moment to look it over. No rush, if nothing else, I'll wipe the whole thing out and start over, it won't be the first time and it won't be the last.....lol
b

bored-island-21407

07/11/2022, 8:04 AM
pretty sure there is a bug that is causing your issue ... should have a bugfix in next couple of days.
m

mysterious-forest-94789

07/11/2022, 1:19 PM
The port issue?
b

bored-island-21407

07/11/2022, 1:19 PM
fix is being tested by QA right now
m

mysterious-forest-94789

07/11/2022, 1:21 PM
Cool, have another issue. I tried to reduce the subnet size for the networks from /24 to /28 and I get a error when trying to edit them from the dashboard.
b

bored-island-21407

07/11/2022, 1:23 PM
hmmm. I will have to look at the code and get back to you
m

mysterious-forest-94789

07/11/2022, 1:37 PM
I'll look into the logs as well, but I need to trim the fat a bit. I have another node that's still running a netclient version that is a few releases old
It just never connected so I haven't been able to login to it and updated. I think it was a certificate problem back when I exhausted letsencrypt's threshold.
b

bored-island-21407

07/11/2022, 2:02 PM
cannot duplicate
m

mysterious-forest-94789

07/11/2022, 2:56 PM
Okay, I just updated everything. I have to jump on a call for now, but I'll be back in a bit to revisit it
I see a new update in docker
any changes to netclient?
b

bored-island-21407

07/11/2022, 7:50 PM
yes, hotfix which should fix your issue
m

mysterious-forest-94789

07/11/2022, 7:52 PM
Okay, apt-get update didn't show any new versions
b

bored-island-21407

07/11/2022, 7:52 PM
should be there 0.14.5-1
m

mysterious-forest-94789

07/11/2022, 7:53 PM
nevermind, just found it
b

bored-island-21407

07/11/2022, 7:53 PM
ok, you had me concerned there for a sec
m

mysterious-forest-94789

07/11/2022, 8:02 PM
yay! seems to be working better now, I haven't tested each network between each node yet, but it seems all of the nodes are working at least, and what wasn't working before is now.
I updated docker and updated netclient and performed a netclient pull and everything came up after a few seconds.
I also updated traefik and mq
no issues there
traefik is now running 2.8 and mq is 2.0.14-openssl
still having issues reconfiguring subnets
dumping logs to a txt file now
b

bored-island-21407

07/11/2022, 8:13 PM
the only time i have seen an error in the UI when updating the netmask of a network is when there are more nodes in the network than the netmask supports
m

mysterious-forest-94789

07/11/2022, 8:16 PM
I just created a new network and attempted to resize it and it worked fine
b

bored-island-21407

07/11/2022, 8:16 PM
i have a network with 2 nodes ---- netmaker server and one other node and I can change the netmask to a /30
m

mysterious-forest-94789

07/11/2022, 8:17 PM
I have a network at /24 and 5 nodes and I tried to change it to /27 and got an error
Even trying to change it to /24 gives an error
b

bored-island-21407

07/11/2022, 8:19 PM
what is network name .... if it was created awhile ago and has CAPS or a . (period) ... that could be the issue
m

mysterious-forest-94789

07/11/2022, 8:19 PM
Admin-VPN
b

bored-island-21407

07/11/2022, 8:19 PM
you probably can't change anything with that network name
and there is no way to change the network name unless you directly modify the database
m

mysterious-forest-94789

07/11/2022, 8:20 PM
I see I just tried creating Test-VPN and got a validation error
b

bored-island-21407

07/11/2022, 8:21 PM
we missed putting in a migration when we added the restrictions on network names
m

mysterious-forest-94789

07/11/2022, 8:22 PM
All of my networks are formatted the same way 😦
b

bored-island-21407

07/11/2022, 8:22 PM
sorry bout that
uppercase names cause problems with dns
m

mysterious-forest-94789

07/11/2022, 8:23 PM
Hmm.... I have DNS disabled and I am managing it using PiHole
b

bored-island-21407

07/11/2022, 8:24 PM
you can keep using them as is --- especially if you are not using DNS, but you will not be able to make any changes to the network
m

mysterious-forest-94789

07/11/2022, 8:24 PM
Can I rename them and make the compliant and them start working?
b

bored-island-21407

07/11/2022, 8:25 PM
there is no way to rename them except by manually changing them in the database
m

mysterious-forest-94789

07/11/2022, 8:25 PM
if I do that, then will it break anything else?
netclient interface names, etc..?
b

bored-island-21407

07/11/2022, 8:26 PM
actually, I am not sure
m

mysterious-forest-94789

07/11/2022, 8:27 PM
if altering the database will update everything across the deployment then I am fine with that, but I don't want to alter it and turn it into a dumpster fire as a result.
I'll have to update my firewall rules, but that's not the end of the world.
b

bored-island-21407

07/11/2022, 8:27 PM
i have never tried it
uncharted territory
m

mysterious-forest-94789

07/11/2022, 8:29 PM
Second thought, can I simply reset the subnet via the database?
b

bored-island-21407

07/11/2022, 8:30 PM
yes, but not sure what the side effects will be
it you change the subnet in the UI all the nodes get new IPs --- not sure how that would work with changing the database directly
m

mysterious-forest-94789

07/11/2022, 8:32 PM
Hmm....
I suppose I could just leave it as is..
I know that this isn't a critical flaw, but it does provide a higher level of security than current. I've used this feature from day one in my manual deployments, what is the overall consensus on this topic? Is it something being considered? https://github.com/gravitl/netmaker/issues/1231
b

bored-island-21407

07/11/2022, 8:40 PM
doubt it will happen any time soon; my personal opinion only .... pre-shared keys are protection against potential quantum computer brute force attacks on recorded traffic. given there are no quantum computers available yet and even if they were, the threat vector is still only hypothetical
m

mysterious-forest-94789

07/11/2022, 8:43 PM
Okay, just figured it would be somewhat simple to implement and a lot of people use it already, it would be popular. Seems it could be handled the same way that the public key exchange is now.
b

bored-island-21407

07/11/2022, 8:45 PM
it is more complicated than you think... a preshared key should only be used with two nodes. so you are going to have a huge number of keys to manage
that's probably not how most people use preshared keys (they probably just use the same preshared key for an entire network) but that is not the way they are supposed to be used
m

mysterious-forest-94789

07/11/2022, 8:48 PM
No, I agree. It is a p2p relationship
However, a simplified option would be the latter
However some people are already being critical over the existing private key generation for ext clients.
So......
Anyways, thanks for the help. Everything seems to be running smoothly now. There is peace in the world again, my parent's DNS is working and my mom stopped calling me every hour asking when the internet will be back up.....lol
Would be awesome if Pi-Hole and netmaker could be integrated
b

bored-island-21407

07/11/2022, 9:11 PM
I have never experimented with Pi -Hole so I don't really have an opinion
m

mysterious-forest-94789

07/11/2022, 9:11 PM
I think what makes pihole most appealing is it's blocklists, I have 34 million hosts blocked using it.
It's also very light on resources.
has a fully functional console with theming and more, based off of AdminLTE
I think that would be nice for the dashboard if it were ever to be changed.