Changes to the settings at this HUB have been made, if anyone is having
issues with their feed please let me know.

--- Mystic BBS v1.12 A46 2020/08/26 (Windows/32)
* Origin: Agency BBS | Dunedin, New Zealand | agency.bbs.nz (21:1/101)

After much ado I think I have finally sorted IPv6 connectivity to the 1/100 HUB.

This also means 21:1/101 should be reachable via IPv6 as is 3:770/1

21:1/10 is still running on a different system an is only IPv4 connected at this time.

agency.bbs.nz
ipv6.agency.bbs.nz
net1.fsxnet.nz

should all work (I hope)

--- Mystic BBS v1.12 A47 2021/09/29 (Linux/64)
* Origin: Agency BBS | Dunedin, New Zealand | agency.bbs.nz (21:1/101)

On 13 Oct 2021, Avon said the following...

After much ado I think I have finally sorted IPv6 connectivity to the 1/100 HUB.

Yup, looks reachable now from my end, except for port 24556:

--------------------- POLL v1.12 A47 2021/09/29 Wed, Oct 13 2021 (loglevel 1) + 2021.10.13 03:51:40 Poll BINKP node via address lookup: 21:1/100
+ 2021.10.13 03:51:40 1-Polling 21:1/100 on slot 1 via BINKP
+ 2021.10.13 03:51:40 1-Connecting to agency.bbs.nz on port 24554
+ 2021.10.13 03:51:41 1-Using address 2001:0470:000D:0123::0200
+ 2021.10.13 03:51:41 1-Connected by IPV6 to 2001:0470:000D:0123::0200
+ 2021.10.13 03:51:46 1-System Agency + Risa HUB
+ 2021.10.13 03:51:46 1-SysOp Paul Hayton
+ 2021.10.13 03:51:46 1-Location Dunedin, New Zealand
+ 2021.10.13 03:51:46 1-Mailer binkd/1.1a-112/Linux binkp/1.1
+ 2021.10.13 03:51:47 1-Authorization failed
+ 2021.10.13 03:51:48 Polled 1 systems

--------------------- POLL v1.12 A47 2021/09/29 Wed, Oct 13 2021 (loglevel 1) + 2021.10.13 03:52:02 Poll BINKP node via address lookup: 21:1/100
+ 2021.10.13 03:52:02 1-Polling 21:1/100 on slot 1 via BINKP
+ 2021.10.13 03:52:02 1-Connecting to agency.bbs.nz on port 24555
+ 2021.10.13 03:52:03 1-Using address 2001:0470:000D:0123::0200
+ 2021.10.13 03:52:03 1-Connected by IPV6 to 2001:0470:000D:0123::0200
+ 2021.10.13 03:52:09 1-System Agency BBS
+ 2021.10.13 03:52:09 1-Location Dunedin, New Zealand
+ 2021.10.13 03:52:09 1-SysOp Avon
+ 2021.10.13 03:52:09 1-Mailer Mystic/1.12A47 binkp/1.0
+ 2021.10.13 03:52:10 1-Remote Queue: 0 files 0 bytes
+ 2021.10.13 03:52:10 1-Session ended (0 sent, 0 rcvd, 0 skip)
+ 2021.10.13 03:52:10 Polled 1 systems

--------------------- POLL v1.12 A47 2021/09/29 Wed, Oct 13 2021 (loglevel 1) + 2021.10.13 03:52:21 Poll BINKP node via address lookup: 21:1/100
+ 2021.10.13 03:52:21 1-Polling 21:1/100 on slot 1 via BINKP
+ 2021.10.13 03:52:21 1-Connecting to agency.bbs.nz on port 24556
+ 2021.10.13 03:52:21 1-Using address 2001:0470:000D:0123::0200
+ 2021.10.13 03:52:27 1-Unable to connect
+ 2021.10.13 03:52:28 Polled 1 systems


Jay

... Today is the first day of the rest of the mess.

--- Mystic BBS v1.12 A47 2021/09/29 (Raspberry Pi/32)
* Origin: Northern Realms (21:3/110)

On 13 Oct 2021, Avon said the following...

This also means 21:1/101 should be reachable via IPv6 as is 3:770/1

Just tried our connectoin to 3:770/1 as well and it's also working:

--------------------- POLL v1.12 A47 2021/09/29 Wed, Oct 13 2021 (loglevel 1) + 2021.10.13 04:10:13 Sending to all nodes of session type ALL
+ 2021.10.13 04:10:13 Queued 1 files (305 bytes) for 3:770/1
+ 2021.10.13 04:10:13 1-Polling 3:770/1 on slot 1 via BINKP
+ 2021.10.13 04:10:13 1-Connecting to agency.bbs.nz on port 24554
+ 2021.10.13 04:10:13 1-Using address 2001:0470:000D:0123::0200
+ 2021.10.13 04:10:13 1-Connected by IPV6 to 2001:0470:000D:0123::0200
+ 2021.10.13 04:10:19 1-System Agency + Risa HUB
+ 2021.10.13 04:10:19 1-SysOp Paul Hayton
+ 2021.10.13 04:10:19 1-Location Dunedin, New Zealand
+ 2021.10.13 04:10:19 1-Mailer binkd/1.1a-112/Linux binkp/1.1
+ 2021.10.13 04:10:19 1-Sending: 07d68ce4.pkt (305 bytes)
+ 2021.10.13 04:10:20 1-Session ended (1 sent, 0 rcvd, 0 skip)
+ 2021.10.13 04:10:20 Polled 1 systems


Jay

... Da trouble wit computers is, dey got no sense of humor.

--- Mystic BBS v1.12 A47 2021/09/29 (Raspberry Pi/32)
* Origin: Northern Realms (21:3/110)

Avon wrote (2021-10-13):

After much ado I think I have finally sorted IPv6 connectivity to the
1/100 HUB.

This also means 21:1/101 should be reachable via IPv6 as is 3:770/1

🎉 🤪 🥳

---
* Origin: 1995| Invention of the Cookie. The End. (21:3/102)

On 13 Oct 2021 at 03:56a, Warpslide pondered and said...

Yup, looks reachable now from my end, except for port 24556:

Thanks Jay.

I'll check on this over the coming hours and post again when I think 24556 via IPv6 might be up.

--- Mystic BBS v1.12 A47 2021/09/29 (Linux/64)
* Origin: Agency BBS | Dunedin, New Zealand | agency.bbs.nz (21:1/101)

On 13 Oct 2021 at 04:12a, Warpslide pondered and said...

This also means 21:1/101 should be reachable via IPv6 as is 3:770/1

Just tried our connectoin to 3:770/1 as well and it's also working:

--------------------- POLL v1.12 A47 2021/09/29 Wed, Oct 13 2021 (loglevel 1) + 2021.10.13 04:10:13 Sending to all nodes of session type ALL + 2021.10.13 04:10:13 Queued 1 files (305 bytes) for 3:770/1
+ 2021.10.13 04:10:13 1-Polling 3:770/1 on slot 1 via BINKP
+ 2021.10.13 04:10:13 1-Connecting to agency.bbs.nz on port 24554

coolio, thanks! :)

--- Mystic BBS v1.12 A47 2021/09/29 (Linux/64)
* Origin: Agency BBS | Dunedin, New Zealand | agency.bbs.nz (21:1/101)

On 13 Oct 2021 at 04:27p, Oli pondered and said...

🎉 🤪 🥳

???

--- Mystic BBS v1.12 A47 2021/09/29 (Linux/64)
* Origin: Agency BBS | Dunedin, New Zealand | agency.bbs.nz (21:1/101)

Re: Re: 21:1/100
By: Avon to Oli on Thu Oct 14 2021 05:09 pm

¿ ¿ ¿

???

I'm assuming you are seeing question marks or strange characters.

In a UTF-8 terminal, they are icons :)


...δεσ∩
--- SBBSecho 3.14-Linux
* Origin: I'm playing with ANSI+videotex - wanna play too? (21:2/116)

Avon wrote (2021-10-14):

On 13 Oct 2021 at 04:27p, Oli pondered and said...

🎉 🤪 🥳

???

it's emojiish for exciting / very good / time to celebrate / party on

---
* Origin: 1995| Invention of the Cookie. The End. (21:3/102)

On 14 Oct 2021 at 04:31p, deon pondered and said...

I'm assuming you are seeing question marks or strange characters.

In a UTF-8 terminal, they are icons :)

figured it must be something like that.. yep it looks funny on my screen

--- Mystic BBS v1.12 A47 2021/09/29 (Linux/64)
* Origin: Agency BBS | Dunedin, New Zealand | agency.bbs.nz (21:1/101)

On 14 Oct 2021 at 10:00a, Oli pondered and said...

it's emojiish for exciting / very good / time to celebrate / party on

thanks sir.. indeed!

now to try and get the secure stuff working on 24553 .. not yet sure how ;-)

--- Mystic BBS v1.12 A47 2021/09/29 (Linux/64)
* Origin: Agency BBS | Dunedin, New Zealand | agency.bbs.nz (21:1/101)

Avon wrote (2021-10-14):

On 14 Oct 2021 at 10:00a, Oli pondered and said...

it's emojiish for exciting / very good / time to celebrate / party
on

thanks sir.. indeed!

now to try and get the secure stuff working on 24553 .. not yet sure how ;-)

nginx!

---
* Origin: 1995| Invention of the Cookie. The End. (21:3/102)

Avon wrote (2021-10-14):

On 14 Oct 2021 at 10:00a, Oli pondered and said...

it's emojiish for exciting / very good / time to celebrate / party
on

thanks sir.. indeed!

now to try and get the secure stuff working on 24553 .. not yet sure how ;-)

# apt-get install nginx

then add the following to /etc/nginx.conf

stream {
server {
listen 24553 ssl;
listen [::]:24553 ssl;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_certificate /srv/certs/fidonet-rsa.key;
ssl_certificate_key /srv/certs/fidonet-rsa.crt;
ssl_certificate /srv/certs/fidonet-ed25519.key;
ssl_certificate_key /srv/certs/fidonet-ed25519.crt;
proxy_pass 127.0.0.1:24554;
}
}

You also need to create a cert (can be self-signed). Of course you can put the certs in any path you like.

ecdsa cert:
$ openssl genpkey -algorithm ed25519 > fidonet-ed25519.key
$ openssl req -new -x509 -nodes -days 1200 -key fidonet-ed25519.key -out fidonet-ed25519.crt -text -subj "/CN=localhost"

rsa cert:
openssl req -new -newkey rsa -days 1200 -nodes -x509 -keyout fidonet-rsa.key -out fidonet-rsa.crt -text -subj "/CN=localhost"

Alternatively use a letsencrypt cert.

restart nginx:

$ systemctl restart nginx

---
* Origin: 1995| Invention of the Cookie. The End. (21:3/102)

On 14 Oct 2021, deon said the following...

Re: Re: 21:1/100
By: Avon to Oli on Thu Oct 14 2021 05:09 pm

¿ ¿ ¿

???

I'm assuming you are seeing question marks or strange characters.

Yup, in Mystic it looks like trying to BBS over a modem during a lightning storm... ;)

https://ibb.co/k170Cwr


Jay

... Honeymoon - the morning after the knot before.

--- Mystic BBS v1.12 A47 2021/09/29 (Raspberry Pi/32)
* Origin: Northern Realms (21:3/110)

Warpslide wrote (2021-10-14):

_ _ _

???

I'm assuming you are seeing question marks or strange characters.

Yup, in Mystic it looks like trying to BBS over a modem during a
lightning storm... ;)

https://ibb.co/k170Cwr

Looks like UTF-8 displayed as CP437. Doesn't Mystic have any UTF-8 support?

---
* Origin: 1995| Invention of the Cookie. The End. (21:3/102)

On 13 Oct 2021 at 03:56a, Warpslide pondered and said...

On 13 Oct 2021, Avon said the following...

After much ado I think I have finally sorted IPv6 connectivity to the 1/100 HUB.

Yup, looks reachable now from my end, except for port 24556:

Hi Jay

Can you test 24556 IPv6 please. I think this is now sorted.

--- Mystic BBS v1.12 A47 2021/09/29 (Linux/64)
* Origin: Agency BBS | Dunedin, New Zealand | agency.bbs.nz (21:1/101)

On 14 Oct 2021 at 11:41a, Oli pondered and said...

now to try and get the secure stuff working on 24553 .. not yet sure h ;-)

# apt-get install nginx

done this bit.

then add the following to /etc/nginx.conf

stream {
server {
listen 24553 ssl;
listen [::]:24553 ssl;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_certificate /srv/certs/fidonet-rsa.key;
ssl_certificate_key /srv/certs/fidonet-rsa.crt;
ssl_certificate /srv/certs/fidonet-ed25519.key;
ssl_certificate_key /srv/certs/fidonet-ed25519.crt;
proxy_pass 127.0.0.1:24554;
}
}

OK done, but commented out for now while I sort the certs.

Question, what is /srv dir for? This sort of stuff?

You also need to create a cert (can be self-signed). Of course you can
put the certs in any path you like.

OK, so not /srv necessarily?

ecdsa cert:
$ openssl genpkey -algorithm ed25519 > fidonet-ed25519.key
$ openssl req -new -x509 -nodes -days 1200 -key fidonet-ed25519.key -out fidonet-ed25519.crt -text -subj "/CN=localhost"

rsa cert:
openssl req -new -newkey rsa -days 1200 -nodes -x509 -keyout fidonet-rsa.key -out fidonet-rsa.crt -text -subj "/CN=localhost"

I know little about this (yet) but am I correct to assume a Lets Encrypt cert would be better / more well known? Not sure I am stating this correctly.

Why for the self signed stuff 1200 days? If I created self signed stuff how could anyone trust it compared to something like Lets Encrypt that is third party?

Alternatively use a letsencrypt cert.

Something I'm thinking (will wait until I hear from you) may be the better way to go? Also something I have not ever done but would like to learn how etc. :)

restart nginx:

$ systemctl restart nginx

OK will hold off that until I sort the certs.

Will I also need to have something configured in BinkD to talk to nginx?

I'd better read the nginx man.

--- Mystic BBS v1.12 A47 2021/09/29 (Linux/64)
* Origin: Agency BBS | Dunedin, New Zealand | agency.bbs.nz (21:1/101)

Avon wrote (2021-10-15):

then add the following to /etc/nginx.conf

stream {
server {
listen 24553 ssl;
listen [::]:24553 ssl;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_certificate /srv/certs/fidonet-rsa.key;
ssl_certificate_key /srv/certs/fidonet-rsa.crt;
ssl_certificate /srv/certs/fidonet-ed25519.key;
ssl_certificate_key /srv/certs/fidonet-ed25519.crt;
proxy_pass 127.0.0.1:24554;
}
}

OK done, but commented out for now while I sort the certs.

Without TLS it would look like this (for testing purposes):

stream {
server {
listen 24553;
listen [::]:24553;
proxy_pass 127.0.0.1:24554;
}
}

Question, what is /srv dir for? This sort of stuff?

You also need to create a cert (can be self-signed). Of course you
can put the certs in any path you like.

OK, so not /srv necessarily?

This was just the path were I put my certs. You could use /etc/nginx/certs or /etc/ssl ...

I know little about this (yet) but am I correct to assume a Lets Encrypt cert would be better / more well known? Not sure I am stating this correctly.

Yes and no. AFAIK none of the Fidonet mailers check if it's Letsencrypt or self-signed.

Why for the self signed stuff 1200 days?

No particular reason.

If I created self signed stuff
how could anyone trust it compared to something like Lets Encrypt that is third party?

TOFU, trust on first use. It's also not that important, if you make CRAM-MD5 and CRYPT mandatory, because the password is not transmitted in cleartext and CRYPT is kind of authentication of the remote site.

Alternatively use a letsencrypt cert.

Something I'm thinking (will wait until I hear from you) may be the
better way to go? Also something I have not ever done but would like to learn how etc. :)

There is nothing wrong with using letsencrypt, if you want to. Self-signed also will work fine. Just choose one and don't overthink it ... ;P

I will write more later why I prefer self-signed certs.

restart nginx:

$ systemctl restart nginx

OK will hold off that until I sort the certs.

$ nginx -t
is also very helpful for testing the config (it doesn't start nginx).

Will I also need to have something configured in BinkD to talk to nginx?

No. nginx talks to binkd. Or do you mean to make a poll from binkd to another TLS node?

I'd better read the nginx man.

and maybe disable the default http server by deleting /etc/nginx/sites-enabled/default, which is just a symlink to /etc/nginx/sites-available/default.

---
* Origin: 1995| Invention of the Cookie. The End. (21:3/102)

On 15 Oct 2021, Avon said the following...

Can you test 24556 IPv6 please. I think this is now sorted.

--------------------- POLL v1.12 A47 2021/09/29 Fri, Oct 15 2021 (loglevel 1) + 2021.10.15 06:16:56 Poll BINKP node via address lookup: 21:1/100
+ 2021.10.15 06:16:56 1-Polling 21:1/100 on slot 1 via BINKP
+ 2021.10.15 06:16:56 1-Connecting to agency.bbs.nz on port 24556
+ 2021.10.15 06:16:56 1-Using address 2001:0470:000D:0123::0200
+ 2021.10.15 06:16:56 1-Connected by IPV6 to 2001:0470:000D:0123::0200
+ 2021.10.15 06:17:03 1-System Agency + Risa HUB
+ 2021.10.15 06:17:03 1-SysOp Paul Hayton
+ 2021.10.15 06:17:03 1-Location Dunedin, New Zealand
+ 2021.10.15 06:17:03 1-Mailer binkd/1.1a-112/Linux binkp/1.1
+ 2021.10.15 06:17:03 1-Authorization failed
+ 2021.10.15 06:17:03 Polled 1 systems


It works! Here's some fireworks to celibate! :)

.''.
.''. *''* :_\/_: .
:_\/_: . .:.*_\/_* : /\ : .'.:.'.
.''.: /\ : _\(/_ ':'* /\ * : '..'. -=:o:=-
:_\/_:'.:::. /)\*''* .|.* '.\'/.'_\(/_'.':'.'
: /\ : ::::: '*_\/_* | | -= o =- /)\ ' *
'..' ':::' * /\ * |'| .'/.\'. '._____
* __*..* | | : |. |' .---"|
_* .-' '-. | | .--'| || | _| |
.-'| _.| | || '-__ | | | || |
|' | |. | || | | | | || |
___| '-' ' "" '-' '-.' '` |____ jgs~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Jay

... Gravity doesn`t exist: the earth sucks.

--- Mystic BBS v1.12 A47 2021/09/29 (Raspberry Pi/32)
* Origin: Northern Realms (21:3/110)

On 15 Oct 2021 at 06:24a, Warpslide pondered and said...

It works! Here's some fireworks to celibate! :)

Thanks and nice ACSII too :)

--- Mystic BBS v1.12 A47 2021/09/29 (Linux/64)
* Origin: Agency BBS | Dunedin, New Zealand | agency.bbs.nz (21:1/101)

On 15 Oct 2021 at 08:12a, Oli pondered and said...

OK will hold off that until I sort the certs.

$ nginx -t
is also very helpful for testing the config (it doesn't start nginx).

Have sent you a netmail. The certs don't seem to be trusted.

--- Mystic BBS v1.12 A47 2021/09/29 (Linux/64)
* Origin: Agency BBS | Dunedin, New Zealand | agency.bbs.nz (21:1/101)

Avon wrote (2021-10-17):

On 15 Oct 2021 at 08:12a, Oli pondered and said...

OK will hold off that until I sort the certs.

$ nginx -t
is also very helpful for testing the config (it doesn't start
nginx).

Have sent you a netmail. The certs don't seem to be trusted.

The example configuration was wrong, I swapped key and crt files.

wrong, this cannot work:
ssl_certificate /srv/certs/fidonet-rsa.key;
ssl_certificate_key /srv/certs/fidonet-rsa.crt;
ssl_certificate /srv/certs/fidonet-ed25519.key;
ssl_certificate_key /srv/certs/fidonet-ed25519.crt;


should be:
ssl_certificate /srv/certs/fidonet-rsa.crt;
ssl_certificate_key /srv/certs/fidonet-rsa.key;
ssl_certificate /srv/certs/fidonet-ed25519.crt;
ssl_certificate_key /srv/certs/fidonet-ed25519.key;

---
* Origin: 1995| Invention of the Cookie. The End. (21:3/102)

On 17 Oct 2021 at 07:27a, Oli pondered and said...

Have sent you a netmail. The certs don't seem to be trusted.

The example configuration was wrong, I swapped key and crt files.

thanks, will circle back to this soon, just been doing some NET admin tonight, pruning nodes that have been inactive.

--- Mystic BBS v1.12 A47 2021/09/29 (Linux/64)
* Origin: Agency BBS | Dunedin, New Zealand | agency.bbs.nz (21:1/101)