@eyedeekay
&kytv
&zzz
+R4SAS
+RN
+RN_
+T3s|4
+dr|z3d
+hk
+orignal
+postman
+wodencafe
Arch
DeltaOreo
FreeRider
FreefallHeavens
Irc2PGuest19353
Irc2PGuest46029
Irc2PGuest64530
Irc2PGuest77854
Nausicaa
Onn4l7h
Onn4|7h
Over1
Sisyphus
Sleepy
Soni
T3s|4_
Teeed
aargh3
acetone_
anon4
b3t4f4c3
bak83_
boonst
cancername
cumlord
dr4wd3_
eyedeekay_bnc
hagen_
khb
mittwerk
not_bob_afk
plap
poriori_
profetikla
rapidash
shiver_
solidx66
u5657_1
uop23ip
w8rabbit
weko_
x74a6
not_bob
zzz: i2psnark standalone works well with android i2p.
zzz
dr|z3d, StormyCloud, I'm still having no luck at all with one of your two routers
dr|z3d
one has ipv6 disabled on the router, otherwise they're identically configured.
zzz
ipv6 was never a problem on those routers
zzz
the problem was only on their infrastructure and only on i2pd
dr|z3d
ipv6 is fail on one of the systems right now, hence ipv6 disabled. leaving that to stormy to work out.
dr|z3d
what errors are you seeing?
zzz
do you have enough monitoring to see if they have similar traffic?
zzz
just can't connect to the ipv4-only one at all, same problem as a few days ago
zzz
ok works now. I think it may be a problem with multihome+ratchet
zzz
will investigate
dr|z3d
roger that
zzz
could be ugly
dr|z3d
never seen any issue like it on purokishi.
dr|z3d
traffic monitoring, we have bandwidth usage graphs for both instances, so not super accurate, but both are receiving traffic.
zzz
ooooooooooooooh
zzz
did you guys copy the i2ptunnel.config.d/xxx file from one to the other?
dr|z3d
the whole install was copied over and a new set of router keys created on instance 2.
zzz
I think you have the same ratchet keys on both of them
zzz
from the ls debug page:
zzz
Encryption Key: ECIES_X25519 CtoaPuLPcXBavZX8cNkg…
zzz
the LS expires but the ratchet session didn't, then I get a new LS, it's the other one, try to talk to the other one with the same ratchet session
zzz
can you verify by looking at the LS debug pages on the two routers that they have the same LS encryption key?
zzz
CtoaPuL...
dr|z3d
same leaseset, same key, yes.
dr|z3d
same routing key as well, as you'd expect.
dr|z3d
so where's the button in the UI to create a new ratchet key? :)
dr|z3d
I wasn't aware this was an issue tbh, though I dodged the bullet on purokishi by recreating the proxy tunnel and doing a clean install for each instance.
zzz
I never thought about it either
zzz
you'll need to stop one of the routers, delete the option.i2cp.leaseSetPrivateKey line in the i2ptunnel.config.d/xxx file, and restart
dr|z3d
maybe keys like this that should be unique could be tied to the router id in some way, so if the router id changes, new keys are generated?
dr|z3d
stop the router, or just stop the tunnel?
zzz
not sure. you can try stopping the tunnel but I dont think it will work
dr|z3d
or stop the tunnel manager webapp, perhaps? ok, will try.
zzz
and I think after restarting the router you'll have to go to the i2ptunnel edit page and click save to persist the new keys in the config file
zzz
not sure though
zzz
anyway, you know how to see if it worked, look for CtoaPul... on the LS page, or something new
dr|z3d
yup, give me a few moments, I'll let you know when it's done.
zzz
there's just this window between when the LS expires and the ratchet session expires, combined with bad luck to get the other LS after expiration, where this happens
dr|z3d
good catch, wouldn't have occurred to me that this was ever an issue.
dr|z3d
so can we somehow tie these keys to the routerid and auto-regenerate if that changes?
zzz
it's definitely a footgun, and putting the privkey in the config file was never a great choice, but I'm not sure how much effort it deserves to avoid it
dr|z3d_
what about generating a new key every time the tunnel starts? any downside?
dr|z3d_
also, we now have a new ratchet key.
zzz
the reason we persist it is to hide router restarts
dr|z3d_
-> 0Vef
dr|z3d_
ah, that makes sense.
dr|z3d_
well, either tying it to the routerid or just providing a button in the UI would be sufficient.
zzz
as I said you may need to edit/save in i2ptunnel config to get it persisted, but not really important since you're zero-hop anyway
dr|z3d
yeah, done that.
zzz
yeah I see 0Vef
dr|z3d
ok, one less thing to impede your enjoyment of the outproxy at least :)
zzz
so you confirmed that your purokishi's have different keys?
zzz
wonder if this affects anybody else...
dr|z3d
I'm pretty sure they have, since I didn't clone installs
zzz
ok. guess I'll put a post up on my forum
dr|z3d
I'm now wondering if part of DreadfulParis' issues stem from this, separate from the floodfill throttling.
zzz
thought he was on i2pd
dr|z3d
he is.. so issue is non-existent then?
zzz
I don't know if or how i2pd persists keys
zzz
for my post, was restarting the tunnel sufficient?
dr|z3d
no
dr|z3d
nor stopping the tunnel manager.
zzz
thx
dr|z3d
stop i2p, delete key, then start server.
dr|z3d
*start i2p
dr|z3d
I took issue with DreadfulParis over his claims that java i2p is trash, so he may well be taking I2P+ for a spin now I've given him some pointers. we'll see.
zzz
it's really not necessary, it's not a requirement to realign somebody's worldview before answering their questions
zzz
I'm not offended
dr|z3d
> it's necessary for me to make sure that misinformation isn't being propagated due to lack of understanding or incorrect assumptions. have an opinion by all means, just make sure it's an informed opinion before you start telling world + dog :)
zzz
sure, it's not the greatest strategy to come in hot
dr|z3d
dread.i2p/post/7bed5faf9131649168a5/#c-853cbaa051c4880f58 for some context.
dr|z3d
while we're on the subject of forums, no idea what whitehat talking about re https errors. parallel universe.
dr|z3d
there's no tunable logic there, anyways. the proxy software either sends an error, or the browser takes over.
zzz
I think I'm about ready to put the outproxy on the monthly meeting agenda so I need to talk to StormyCloud
zzz
dr|z3d, StormyCloud, I just tested with telnet and I did get the HTTP error page for CONNECT. I don't think that's correct
zzz
let's check the RFCs....
dr|z3d
nothing doing.
zzz
huh?
dr|z3d
problem exists upstream. like I just said, no tunables.
zzz
this is not tuning. this is about correctness
zzz
but I'm guessing, let's research...
dr|z3d
so what I'm telling you is there's nothing that can be configured on the proxy software, so if there's an issue, the issue is out of our purview.
dr|z3d
if you're telneting to exit.stormycloud, the http error's to be expected, in any event, surely.
zzz
no, I'm telnetting to the local http client proxy
dr|z3d
ok, which amounts to the same thing.
dr|z3d
telnet -> http -> endpoint exit.stormycloud -> expect an http formatted error.
dr|z3d
what I got from whitehat's post on zzz.i2p is that he was getting proxy error message over https. that shouldn't happen. pretty sure it can't happen.
zzz
happened for me
zzz
telnet localhost 4444
zzz
CONNECT lkajsflkjalfkjalkjflkjslkjsalfkj.com HTTP/1.1
zzz
<cr><cr>
dr|z3d
ok, I should say with the notable exception of when you're connecting directly to the outproxy host.
dr|z3d
what the RFC says I have no idea, but that's what the proxy software does. if it's violating RFCs, oh well. beyond out control :)
zzz
I'm not. That's the standard proxy request
zzz
looking at RFC 7231 now
dr|z3d
I don't get that when making a bogus https request in the browser. the browser displays its own error message.
zzz
right, because it got an error
zzz
and not a TLS handshake
dr|z3d
so it seems to me that it's performing as it should.
zzz
after reviewing the rfc, it appears to be legal
dr|z3d
hooray \o/
zzz
it's a big waste of bandwidth as it won't be displayed
zzz
I'll respond to whitehat
dr|z3d
compresses to around 20K, not a huge waste of bandwidth.
dr|z3d
and it'll be displayed, albeit as html code and not rendered :)
zzz
you said you get a browser error message
zzz
thats what I get too
zzz
but we're talking error responses to CONNECT
dr|z3d
I don't think it's worth worrying about.
dr|z3d
If the error's sent to the browser and ignored, oh well. 20K, no big shakes.
zzz
right. it's not a problem until it is. meeh's proxy would cascade into congestion collapse due to the huge error page
zzz
whether 20K is over or under the threshold for collapse based on a given request load and failure rate, probably won't ever know unless it happens
dr|z3d
yeah, except I don't think you're even being sent the error for connect in the browser. I'm not seeing that here.
dr|z3d
0 bytes being sent, aka the browser handles the error before the proxy sends anything.
dr|z3d
check your firefox network tab if you don't believe me :)
dr|z3d
that suggests to me the proxy will only send the full error message over CONNECT as a fallback, in the event the client doesn't handle the error itself.
zzz
no
zzz
tested with telnet, thats what I got
dr|z3d
right, because telnet doesn't have error handling built in for http/https.
dr|z3d
unlike a web browser, which does.
zzz
the browser just isn't displaying it, because it's not a TLS handshake
zzz
you are sending it
dr|z3d
ok, well, non-issue as far as I'm concerned. break the proxy and you can have your money back :)
zzz
ok, starting super-evil testing now
StormyCloud
oO super evil
dr|z3d
aka midget porn. ;)
StormyCloud
I dont judge you do you lol
dr|z3d
:)
dr|z3d
I was being intentionally ridiculous.
zzz
super evil test fail
dr|z3d
you failed at your attempt to be super evil, or?
obscuratus
I'm playing around with Java-17, and having trouble building i2p (pack200 errors of course)
obscuratus
What are the recommended build targets for java-17
dr|z3d
anything without pack200 :)
dr|z3d
what do you want, an update or a full install?
obscuratus
My current java-8/11 builds use the "pkg" target. I guess that's full?
dr|z3d
none of the full install targets use pack200 afaik.
dr|z3d
nor ant updater
obscuratus
So, for example, the "installer" or "installer-linux" targets?
dr|z3d
those should be fine. not much gained from the -linux target over the standard multi-platform installer.
dr|z3d
anything using pack200 should have the 200 suffix in the build target name.
obscuratus
Nuts! Still getting an error that looks like pack200 error.
obscuratus
Using the "updater" target gets me further. No pack200 errors, but then my package manager isn't finding everything where it's expected with using the "pkg" target.
zzz
pkg does not build a "package", it builds an izpack installer
obscuratus
I need to check. My package manager uses the "pkg" target, but I'm suspicious it discards the izpack installer, and simply uses the stuff that was built to go into the installer.
zzz
and what is your "package manager" ?
obscuratus
I'm on Gentoo, so it's called "portage" here.
zzz
preppkg-linux-only is probably the target you want, to skip all the izpack and windows stuff
obscuratus
zzz: OK, I'll give that a try then. It does look like it's just discarding the installer.
obscuratus
zzz: Thanks, that looks like it might be it. It built without error.
zzz
ok, great