[06:39:34]
<orhtej2> Infra is down?
[07:39:58]
<srs> Ce fut un grand moment !!
[07:39:58]
<srs> https://xmpp.chapril.org/upload/372c0444f9fc7749461eb6787ff63ace89416c01/9A29l5iyFyWult7eJj8b/C587A54B-0B72-42E8-B5E1-B76096D2FD48.jpg
[09:49:04]
<miro5001> Kezako?
[11:54:25]
<Léo[m]> Hi everyone (Bonjour tout le monde !)
J'ai d'étranges soucis d'IP depuis que j'ai suivi ce tuto/ I got some stranges issues with my VPS on OVH since i follow this instructions : https://help.ovhcloud.com/csm/fr-vps-configuring-ipv6?id=kb\_article\_view&sysparm\_article=KB0047576.
So, this is the 50-cloud-init i got on the /network/interfaces.d/ :
```
auto lo
iface lo inet loopback
dns-nameservers 213.186.33.99
auto ens3
iface ens3 inet dhcp
accept_ra 0
mtu 1500
# control-alias ens3
iface ens3 inet6 static
address IPV6/56
post-up route add -A inet6 default gw 2001:41d0:701:1100::1 || true
pre-down route del -A inet6 default gw 2001:41d0:701:1100::1 || true
iface ens3 inet static
address IPV4/24
```
The weird thing is, when i restart network, it show errors and said it's in failed state BUT diagnostic and ipv4 and IPV6 work correctly on my VPS.... for a little time. When after a while, for some reasons it loose the IPV4 and just have the IPV6 (and when it's like that, my selfhosted app got a lots of errors)
Log for systemctl network :
```
Feb 08 11:44:52 caddiesoundsystem.live dhclient[1079346]: Error printing text.
Feb 08 11:44:52 caddiesoundsystem.live ifup[1079346]: Error printing text.
Feb 08 11:44:52 caddiesoundsystem.live dhclient[1079346]: bound to IPV4 -- renewal in 32803 seconds.
Feb 08 11:44:52 caddiesoundsystem.live ifup[1079346]: bound to IPV4 -- renewal in 32803 seconds.
Feb 08 11:44:52 caddiesoundsystem.live ifup[1079389]: Sending network state change signal to nslcd...done.
Feb 08 11:44:52 caddiesoundsystem.live ifup[1079427]: RTNETLINK answers: File exists
Feb 08 11:44:52 caddiesoundsystem.live ifup[1079335]: ifup: failed to bring up ens3
Feb 08 11:44:52 caddiesoundsystem.live systemd[1]: networking.service: Main process exited, code=exited, status=1/FAILURE
Feb 08 11:44:52 caddiesoundsystem.live systemd[1]: networking.service: Failed with result 'exit-code'.
Feb 08 11:44:52 caddiesoundsystem.live systemd[1]: Failed to start networking.service - Raise network interfaces.
```
Can i got a little help around here, because i tried to follow some debian docs around this, but no succes or a least not a stable one. Thanks a lot ! 🙏
[12:54:18]
<rodinux> C'est un VPS ou un dédié ?
[12:54:21]
<rodinux> H
[12:59:43]
<rodinux> sur un kimsuffi où pas d'ipv6 configurer au départ, j'ai suvi ce très bon tutto https://mondedie.fr/d/11360-mettre-en-place-lipv6-sur-un-kimsufi
[13:13:12]
<rodinux> Avec ces valeurs
```
auto eth0
iface eth0 inet6 static
mtu 1500
address YOUR_IPV6
netmask IPV6_PREFIX
post-up /sbin/ip -6 route add IPV6_GATEWAY dev eth0
post-up /sbin/ip -6 route add default via IPV6_GATEWAY dev eth0
pre-down /sbin/ip -6 route del default via IPV6_GATEWAY dev eth0
pre-down /sbin/ip -6 route del IPV6_GATEWAY dev eth0
```
[13:13:57]
<rodinux> Dans le cas d'un vps chez OVH, donc le tutto dont tu parles, normalement on laisse le fichier par défaut `/etc/network/interfaces.d/50-cloud-init` et in créer un fichier `/etc/network/interfaces.d/51-cloud-init-ipv6` que pour l'IPv6...
[13:17:47]
<rodinux> it depends also if debian 11 or Debian 12 ! for debian 12 is a netplan conf !
[13:19:55]
<rodinux> the default files for cloud-init in debian 12 should then be on `/etc/netplan/50-cloud-init.yml`
[13:34:16]
<Ralph> I hate online.net in this regard. You can get IPv6 SLAAC on some Systems and on other Systems they give you a /56. But they only give you Reverse-DNS for SLAAC, for the /56 you have to run your own two dns servers for a delegation. sort of overkill udn you cant use their secondary for the reverse-zone
[13:34:27]
<Ralph> (sorry for the rant)
[14:59:58]
<Hook> I’m noticing some external clients (port scanners, Chinese IPs etc.) connecting to my Adguard Home, and find it confusing what to do about it.
[15:00:27]
<Hook> I already noticed that what the app readme says and what the default settings actually are do not align:
https://github.com/YunoHost-Apps/adguardhome_ynh/issues/200
[15:02:35]
<Hook> So I set _Bind to public IP addresses?_ and _Enable DNS-over-HTTPS/TLS/QUIC?_ to _No_, as the readme says should be the default.
[15:02:47]
<Hook> But I still get those connections. Any idea how to set it up right?
[15:03:33]
<Aleks (he/him/il/lui)> "connections" are just "connections", something exposed to the internet will be scanned by bots, that's just the way it is
[15:04:08]
<Aleks (he/him/il/lui)> a server exposed to the internet is like having a shop in the street, you don't really get to choose who can and cant look at your shop
[15:10:20]
<Hook> Aleks (he/him/il/lui) (Aleks (he/him/il/lui) (@Alekswag:matrix.org) , that makes sense, yes. But how do I know what’s OK and when I’m taking needless risks?
[15:13:12]
<Aleks (he/him/il/lui)> idk but yeah that "bind to public ip addresses" stuff should do some network magic to disable the possibility of even connecting i suppose
[15:13:47]
<Aleks (he/him/il/lui)> do you have any specific log or stuff about what you mean by "external clients connecting to adguard home"
[16:28:04]
<Hook> https://aria.im/_bifrost/v1/media/download/ARFq6k-X7VQCDZ72f5Zj7jdO7VY1SLqTJOthxRG-P9bLgrPFaD6P64ohfrBuD6IWnctq3sdvi9RtcS_NXoBO5pZCeU64oU8QAG1hdHJpeC5vcmcvSGhHYnlSQkpDUmRCRkpDc0hEWVFMdW9R
[16:29:02]
<Hook> (the expected clients – i.e. my laptop and my brother’s PC are just above on the list, so not in the screenshot)
[16:32:08]
<@err404:matrix.numericore.com> I configured fail2ban to ban immediately every request returning an http error 400
[16:33:28]
<@err404:matrix.numericore.com> And also error 404 if they try to much (like scan for unprotected files)
[16:39:09]
<Hook> 𝔼𝕣𝕣𝟜𝟘𝟜 any instructions or tutorial that I can follow, you’d recommend?
[16:40:15]
<Hook> Currently it seems to be 0.02% of traffic to AdGuard that’s not “mine”, but I just want to make sure that this is not a problem waiting to happen.
[16:41:59]
<@err404:matrix.numericore.com> I will give you my files, in few hours when I will be on my computer
[16:44:21]
<@err404:matrix.numericore.com> But you can search on the web something like ''fail2ban error 400''
[16:54:58]
<Hook> 𝔼𝕣𝕣𝟜𝟘𝟜: no hurry, thanks
[17:00:35]
<@err404:matrix.numericore.com> I not understand why http error 400 are not banned by defaut in fail2ban