1534295105 Q * Aiken Remote host closed the connection
1534303703 Q * FireEgl Ping timeout: 480 seconds
1534304289 J * FireEgl Fire_OFTC@2001:470:e56c:1:4015:1cd6:5300:2f32
1534308070 J * Aiken ~Aiken@b951.h.jbmb.net
1534318251 Q * FireEgl Ping timeout: 480 seconds
1534318842 J * FireEgl Fire_OFTC@2001:470:e56c:1:4015:1cd6:5300:2f32
1534322505 Q * transacid Quit: reboot
1534327701 Q * FireEgl Ping timeout: 480 seconds
1534333245 J * FireEgl Fire_OFTC@2001:470:e56c:1:b023:461e:794d:7ceb
1534336269 Q * romster Quit: Leaving
1534336321 Q * Aiken Remote host closed the connection
1534339574 J * romster ~romster@158.140.215.184
1534358842 Q * fstd_ Read error: Connection reset by peer
1534358850 J * fstd ~fstd@xdsl-78-35-64-25.netcologne.de
1534359231 J * transacid ~transacid@transacid.de
1534359322 J * fstd_ ~fstd@xdsl-78-34-125-225.netcologne.de
1534359707 Q * fstd Ping timeout: 480 seconds
1534361756 J * Hurga ~hurga@000131c9.user.oftc.net
1534361918 P * Hurga 
1534361960 J * Hurga ~hurga@000131c9.user.oftc.net
1534362839 F * Bertl_oO +v Hurga
1534362842 Q * transacid Ping timeout: 480 seconds
1534362855 F * Bertl_oO +v FireEgl
1534362858 F * Bertl_oO +v fstd_
1534362863 F * Bertl_oO +v funnel_
1534362868 F * Bertl_oO +v gnarface
1534362873 F * Bertl_oO +v mcp
1534362876 F * Bertl_oO +v romster
1534362885 F * Bertl_oO +v yang_
1534362885 M * Hurga Thanks Bertl.
1534362902 J * transacid ~transacid@transacid.de
1534362911 M * Bertl_oO you're welcome!
1534362959 M * Hurga Is there a way to run OpenVPN with TAP interface in a guest? The docs only talk about TUN.
1534362991 M * Guy- Hurga: it shouldn't really matter whether it's tun or tap, I think
1534363026 M * Guy- you should definitely give the guest its own network namespace in either case
1534363073 M * Hurga Please explain... its own IP?
1534363094 M * Guy- no, its own namespace, as in https://lwn.net/Articles/531114/
1534363118 M * Guy- or, more specifically, https://lwn.net/Articles/219794/
1534363213 M * Bertl_oO you can also run OpenVPN without network namespaces with a preallocated tun
1534363214 M * Hurga Sorry, I'm not a developer. 
1534363229 M * Bertl_oO but there are some restrictions to that
1534363230 M * Guy- Hurga: you don't need to be a developer, but it helps to understand how things work
1534363263 M * Guy- Bertl_oO: I guess you can, but I don't think it's very useful -- OpenVPN needs to be able to add routes, for example, and if you allow it to do that, you might as well run it in the host context
1534363285 M * Guy- Hurga: you may find this ML thread helpful: http://archives.linux-vserver.org/201610/0001.html
1534363341 M * Hurga Guy-: well it talks about patches and I have no idea how it relates to linux-vserver. I've been using linux-vserver since 2001 or somesuch, but that doesn't mean I know how everything works... 
1534363354 M * Hurga ah, the last link looks helpful.
1534363417 M * Hurga but since  no one replied...
1534363998 M * Guy- Hurga: no patches are involved; but I think you need working knowledge of what network namespaces are, how they work and what they are (can be) used for
1534364019 M * Guy- if you don't like the lwn article, there are many others; Google is your frind
1534364021 M * Guy- *friend, even
1534364104 M * Guy- once you have that, you'll need to know how you give your guest its own network namespace, which is where the great flower page and the linked thread come in
1534364138 M * Guy- I can't give you cookbook-like help because I have never done this, I only know what the solution would look like
1534364185 M * Hurga Yeah, thanks. I guess I can figure it out, but it looks like a dead end for what I want to do anyway. 
1534364206 M * Hurga But it's interesting stuff... I wish I had more time.
1534364210 M * Guy- would you like to share with us what you want to do? maybe we can suggest a solution
1534364296 Q * fstd_ Remote host closed the connection
1534364316 M * Hurga I wanted to use a vserver guest as an OpenVPN endpoint for internet connection. I prefer not to have too much stuff runnign on the host, but it doesn't look like it would make a lot of difference, security-wise, and just makes the config more complex.
1534364338 M * Guy- I would tend to agree
1534364361 M * Guy- it adds a lot of complexity with relatively little benefit
1534364383 M * Guy- there are howtos for setting up openvpn in its own network namespace, of that I'm fairly certain
1534364387 M * Bertl_oO depends on _why_ you want to put the VPN in a container
1534364414 M * Guy- yes, obviously if the reason is that you'd like a dedicated vpn link for that container, that's a different thing
1534364432 M * Guy- but from what you say I gather the vpn link would be for the entire host
1534364505 M * Hurga as I said, just an endpoint for some other location. Doesn't really matter if it runs on the host on in the guest,
1534364529 M * Hurga  I just prefer to have as little running on the server as possible to keep things tidy.
1534365204 J * Aiken ~Aiken@2001:44b8:2168:1000:b26e:bfff:fe2a:b951
1534365417 M * Bertl_oO for simple isolation and a well known constant connection, Linux-VServer is probably a good choice after all, even without namespaces
1534370185 Q * Aiken Remote host closed the connection
1534370202 J * Aiken ~Aiken@2001:44b8:2168:1000:b26e:bfff:fe2a:b951
1534372298 Q * Aiken Remote host closed the connection
1534372369 J * Aiken ~Aiken@2001:44b8:2168:1000:b26e:bfff:fe2a:b951