[2026-05-14T05:46:30Z] kris_: I'm definitely misusing "gateway" here [2026-05-14T05:46:38Z] it's the lil bouncer thing I have [2026-05-14T05:46:42Z] the thin client [2026-05-14T05:47:20Z] I'm using it for a few other private services and designed it so that it's (mostly) the only access outside people have to my network [2026-05-14T05:47:31Z] also did the whole isolation thing with the managed switch [2026-05-14T05:52:44Z] oh okay so its just a server [2026-05-14T05:55:08Z] yea [2026-05-14T05:55:32Z] my actual gateway stays the openwrt one [2026-05-14T05:55:49Z] ...under the """ONT""" my ISP gave me [2026-05-14T05:56:13Z] (really just a router with a web setting named "ONT Mode", it's not an actual ont) [2026-05-14T06:00:56Z] my bouncer is on my local server, it's not on a vlan or anything but it isnt exposed to the internet directly [2026-05-14T06:01:08Z] egress is done through an ephemeral ramdisk alpine install linked up with a vpn provider to hide my IP [2026-05-14T06:01:19Z] i access this remotely through wireguard running on my router [2026-05-14T06:01:39Z] ohhhh that's really cool [2026-05-14T06:01:53Z] yeah i have like 7 different virtual machines routed through that one egress point [2026-05-14T06:01:55Z] also PSA about ramdisk alpine installs [2026-05-14T06:02:04Z] lets me use 1 vpn connection for all this stuff [2026-05-14T06:02:07Z] just found out that DHCPv6 is basically broken out of the box there [2026-05-14T06:02:21Z] or even SLAAC now that I think about it [2026-05-14T06:02:42Z] dhcpcd makes a weird kind of DUID which is expected to be stored persistently somewhere [2026-05-14T06:03:12Z] it's *supposed* to fallback to a deterministic one but from my experiments it can't really tell an overlayfs from a real storage thing [2026-05-14T06:03:25Z] so you have to turn the `duid` line in the config to `duid ll` [2026-05-14T06:03:42Z] ngl i have ipv6 disabled on my network [2026-05-14T06:03:45Z] oh right [2026-05-14T06:03:53Z] nevermind then lmao [2026-05-14T06:03:54Z] though good to know [2026-05-14T06:04:00Z] incase i enable it at some point (unlikely) [2026-05-14T06:04:12Z] I'm accumulating quite a few notes (and bugs???) [2026-05-14T06:04:22Z] I should really dump them somewhere or even better put them in the wiki [2026-05-14T06:04:28Z] in the case of alpine [2026-05-14T06:04:36Z] like, this is COMPLETELY undocumented afaict [2026-05-14T06:05:08Z] on the whole web. I guess ephemeral ipv6 stable address SLAAC boxes aren't exactly a common usecase [2026-05-14T06:06:43Z] kinda surprising how unbelievably underdocumented this is given alpine initially came into existence as a distro to run from RAM [2026-05-14T06:06:49Z] waaa [2026-05-14T06:07:00Z] that explains why it's so good at that... when it works [2026-05-14T06:07:10Z] this is completely mindboggling indeed [2026-05-14T06:07:38Z] it works well for me for the things ive used it for, im pretty sure i already sent you this but i doc'd my entire setup here: https://kris.sh/posts/alpine-diskless-install/ [2026-05-14T06:08:01Z] WAIT [2026-05-14T06:08:07Z] I FOUND THIS ONLINE ALREADY [2026-05-14T06:08:12Z] LIKE YESTERDAY [2026-05-14T06:08:19Z] I DIDN'T READ THE DOMAIN LMFAO [2026-05-14T06:08:42Z] lmfao [2026-05-14T06:09:09Z] unfortunately the most problematic setup I have is also the most complex [2026-05-14T06:09:21Z] and I could barely find similar docs online [2026-05-14T06:09:26Z] usually how that goes [2026-05-14T06:09:46Z] at some point i need to document my openbsd router setup and make it public because there was precisely 0 accurate documentation on this [2026-05-14T06:10:01Z] please do [2026-05-14T06:10:05Z] we need more router stacks [2026-05-14T06:10:24Z] openwrt is cool and all but if we don't have variety setups will fossilize and everything outside the beaten path WILL break [2026-05-14T06:10:34Z] yeah i want this to be more common, openbsd is the only OS ive ever used as a router that i don't think blows complete and utter sack [2026-05-14T06:10:47Z] for the task, i mean [2026-05-14T06:11:14Z] just curious, you setup the thing from cli or do generic router web uis exist [2026-05-14T06:11:24Z] don't remember if you already explained me that [2026-05-14T06:11:44Z] idk if any exist, part of why i did this was to avoid webuis [2026-05-14T06:11:51Z] oh lol [2026-05-14T06:12:01Z] won't lie, LUCI is hella comfy [2026-05-14T06:12:11Z] i think if i show you my configs itll rock your brain lol [2026-05-14T06:12:26Z] the entire thing is configured in /etc/dhcpd.conf and /etc/pf.conf [2026-05-14T06:12:32Z] outside of the interfaces on the box themselves [2026-05-14T06:12:38Z] it's extremely clean and everything you need is already installed [2026-05-14T06:12:44Z] luci is a fucking mess compared [2026-05-14T06:12:54Z] what's pf [2026-05-14T06:12:59Z] packet filter, openbsds firewall [2026-05-14T06:13:05Z] ohh nice [2026-05-14T06:13:12Z] just curious, does nat go there too? [2026-05-14T06:13:19Z] a bit like netfilter, I think? [2026-05-14T06:13:24Z] in the pf config? yes [2026-05-14T06:13:34Z] i don't want to share my 1:1 config so ill have to edit one that i can make public tomorrow [2026-05-14T06:13:42Z] oh yea nw [2026-05-14T06:14:10Z] but like, very cool indeed [2026-05-14T06:14:40Z] uh [2026-05-14T06:14:45Z] would you look at that [2026-05-14T06:14:46Z] https://github.com/toru-mano/openbsd-pf-map-e-ce [2026-05-14T06:14:57Z] someone implemented map-e on openbsd [2026-05-14T06:15:13Z] why in the world is my ISP's setup similar to Japanese ISPs [2026-05-14T06:15:21Z] I still can't phatom that [2026-05-14T06:17:55Z] https://reviews.freebsd.org/D29468 mh [2026-05-14T06:18:26Z] Last time you told me that you weren't sure if map-e was a thing on *BSDs. Turns out that it actually is? [2026-05-14T06:18:30Z] That would be really nifty [2026-05-14T06:23:30Z] yeah, i dont think this applies to me atm so I've never really looked into it but very cool