Do the Unearthed Arcana Tunnel Fighter Fighting Style and the Arcane Archer Fighter’s Grasping Arrow features trigger when standing from prone?

The Light, Dark, Underdark! Unearthed Arcana includes the Tunnel Fighter Fighting Style which states:

[…] As a bonus action, you can enter a defensive stance that lasts until the start of your next turn. While in your defensive stance, you can make opportunity attacks without using your reaction, and you can use your reaction to make a melee attack against a creature that moves more than 5 feet while within your reach.

And the Arcane Archer Fighter’s Grasping Arrow Arcane Shot feature states:

[…] The creature hit by the arrow takes an extra 2d6 poison damage, its speed is reduced by 10 feet, and it takes 2d6 slashing damage the first time on each turn it moves 1 foot or more without teleporting […]

What happens if the creature in question is currently prone, and stands from prone? Does this activate the Tunnel Fighter’s opportunity attack? Does this activate the 2d6 poison damage from Grasping Arrow?


Note I am aware that the following Q/A already exists:

  • Does standing up from prone trigger the damage from Booming Blade?

But I was told in my answer to another question that I cannot generalize answers there to conclude that standing from prone does not count as moving. So I am asking these separately instead.

I wanted to ask the question “Does standing from prone count as moving?” but was told that “There is no reason for the question “Does X count as Y?” to have a consistent, universally applicable answer.” and so have asked this instead.

Is it possible to tunnel my whole linux machine through http proxy?

For some reason i access my internet through a HTTP proxy.

Is there a way to tunnel my whole Linux machine (currently am using ubuntu 18.04) through http proxy.

If i change proxy setting in the Ubuntu Network Settings the http proxy only works on the browsers. Other apps are left out.

My current workaround is using a Linux VPN CLI which allows connecting through a http_proxy then tunnel the whole machine through VPN traffic (a service i really dont need)…this is also a bit costly since i have to pay for the VPN.

I am guessing using stunnel might work since i noted Linux VPN CLI use stunnel??

How can I troubleshoot when an IPV6 tunnel stops working?

Assuming the configuration hasn’t changed, how can I start troubleshooting? I woke up to not being able to ping IPv6 addresses.

Things to keep in mind:

  • IP Address didn’t change. Public IP Address matches tunnelbroker.net
  • My configuration looks exactly like this
  • I can ping the tunnel endpoint 184.105.253.10
  • Didn’t change firewall nor any configuration overnight
  • Using Ubuntu server 19.04

This is the relevant firewall rule I have up for this configuration:e

Chain ufw-user-input (1 references) pkts bytes target     prot opt in     out     source           destination 8444 1302K ACCEPT     41   --  *      *       184.105.253.10       0.0.0.0/0 

ip a

3: enp36s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000     link/ether 00:1b:21:c8:3c:f1 brd ff:ff:ff:ff:ff:ff     inet6 fe80::21b:21ff:fec8:3cf1/64 scope link        valid_lft forever preferred_lft forever 4: sit0@NONE: <NOARP> mtu 1480 qdisc noqueue state DOWN group default qlen 1000     link/sit 0.0.0.0 brd 0.0.0.0 5: ipv6tunnel@NONE: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1480 qdisc noqueue state UNKNOWN group default qlen 1000     link/sit 192.168.0.1 peer 184.105.253.10     inet6 2001:x:1f0e:x::2/64 scope global        valid_lft forever preferred_lft forever     inet6 fe80::c0a8:1/64 scope link        valid_lft forever preferred_lft forever 6: lan@enp36s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000     link/ether 00:1b:21:c8:3c:f1 brd ff:ff:ff:ff:ff:ff     inet 192.168.0.1/26 brd 192.168.0.63 scope global lan        valid_lft forever preferred_lft forever     inet6 2001:x:1f0f:x:21b:21ff:fec8:3cf1/64 scope global dynamic mngtmpaddr noprefixroute        valid_lft 86337sec preferred_lft 14337sec     inet6 fe80::21b:21ff:fec8:3cf1/64 scope link        valid_lft forever preferred_lft forever 7: wan@enp36s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000     link/ether 00:1b:21:c8:3c:f1 brd ff:ff:ff:ff:ff:ff     inet 183.x.x.x/24 brd 47.187.53.255 scope global dynamic wan        valid_lft 1459sec preferred_lft 1459sec     inet6 fe80::21b:21ff:fec8:3cf1/64 scope link        valid_lft forever preferred_lft forever 

ip -6 route

::1 dev lo proto kernel metric 256 pref medium 2001:x:1f0e:x::/64 dev ipv6tunnel proto kernel metric 256 pref medium 2001:x:1f0f:x::/112 dev tun0 proto kernel metric 256 pref medium 2001:x:1f0f:x::/64 dev lan proto ra metric 1024 expires 86143sec pref medium fe80::/64 dev ipv6tunnel proto kernel metric 256 pref medium fe80::/64 dev enp36s0 proto kernel metric 256 pref medium fe80::/64 dev wan proto kernel metric 256 pref medium fe80::/64 dev lan proto kernel metric 256 pref medium fe80::/64 dev tun0 proto kernel metric 256 pref medium default via 2001:x:1f0e:x::1 dev ipv6tunnel proto static metric 1024 pref medium 

netstat -rnf inet6

    Kernel IP routing table Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface 0.0.0.0         183.x.x.1     0.0.0.0         UG        0 0          0 wan 183.x.x.0     0.0.0.0         255.255.255.0   U         0 0          0 wan 183.x.x.1     0.0.0.0         255.255.255.255 UH        0 0          0 wan 192.168.0.0     0.0.0.0         255.255.255.192 U         0 0          0 lan 

How can I start troubleshooting? Rebooting always fixes the problem but it’s not an ideal solution because I have services on the router that need to have 100% uptime.

Ubuntu L2GRE tunnel with proxy or open vpn?

I have a question, topology looks like this: I need to put client into gre tunnel

So, Client (access-point) supports only L2GRe and L2TP. I have to tak it in the GRE tunnel which is established between Ubuntu in AWS and APP_with_Gre_server. What should i use to do that? Requirements: no encryption, can not establish L2GRE tunnel directly from Client to APP-Server (due to NAT and security policy of the network). How to cope with that?

Thanks in advance! 🙂

Tunnel or Bridge to Get to Windsor Train Station

Two other travelers and I are catching the 5:45 train from Windsor to Toronto this Friday. We are coming from Detroit and are wondering whether it is better to plan on taking the tunnel bus over or have a fourth person drive us over the bridge and drop us off at the station.

I’m worried about how much time to give for crossing the boarder and getting to the train station since it’s going to be during rush hour. In addition, I’m not sure how much extra effort it is to go from the tunnel station to the train station. Similarly, I am not sure if it is not suspicious to have a friend say that they’re dropping three people off at the train station and then coming back at the boarder.

My questions are: 1. How much time does it take to cross during peak rush-hour for either method 2. How difficult is it to have a fourth person drive to the station and drop us off and how long does it take 3. How difficult is it to get from the tunnel station in Windsor to the train station and how long does it take

K8S: a tunnel between a pod and a node

I need to deploy an application which works as a CCM (cloud controller manager), so it needs to have access to the master servers.

I have a K8S cluster that has been set up by Kubespray, all my nodes are running kubelet that takes configuration from /etc/kubernetes/kubelet.conf. The kubelet.conf is shown below:

apiVersion: v1 clusters: - cluster:     certificate-authority-data: ***     server: https://localhost:6443   name: default-cluster contexts: - context:     cluster: default-cluster     namespace: default     user: default-auth   name: default-context current-context: default-context kind: Config preferences: {} users: - name: default-auth   user:     client-certificate: /var/lib/kubelet/pki/kubelet-client-current.pem     client-key: /var/lib/kubelet/pki/kubelet-client-current.pem 

This configuration file and the certificates are being provided to the CCM service, I added the following volumes and mountpoints to the deployment YAML:

      containers:       - name: cloud-controller-manager         image: swisstxt/cloudstack-cloud-controller-manager:v0.0.1         # Command line arguments: https://kubernetes.io/docs/reference/command-line-tools-reference/cloud-controller-manager/         command:         - /root/cloudstack-ccm         - --cloud-provider=external-cloudstack         - --cloud-config=/config/cloud-config         - --kubeconfig=/var/lib/kubelet/kubelet.conf # Connection Params         - --v=4         volumeMounts:         - name: config-volume           mountPath: /config         - name: kubeconfig-config-file           mountPath: /var/lib/kubelet/kubelet.conf         - name: kubernetes-pki-volume           mountPath: /var/lib/kubelet/pki         - name: kubernetes-config-volume           mountPath: /var/lib/kubernetes       volumes:       - name: config-volume         configMap:           name: cloud-controller-manager-config       - name: kubeconfig-config-file         hostPath:           path: /etc/kubernetes/kubelet.conf       - name: kubernetes-pki-volume         hostPath:           path: /var/lib/kubelet/pki       - name: kubernetes-config-volume         hostPath:           path: /var/lib/kubernetes 

So far, so good.

My problem is that my kubelet.conf is having the following sentence: .clusters.cluster.server: https://localhost:6443. So, kubelet is configured to interact with the master servers via a proxy-server that has been set up by Kubespray to distribute the connections between the master services.

So, when the CCM application inspect the kubelet.conf it understands that it should communicate with the master servers via https://localhost:6443, but inside of the pod of this application localhost:6443 is not being listened by this proxy server, so CCM can’t use localhost:6443 to communicate with the master server, as localhost:6443 is accessible only from the node itself.

Here’s the question: is there a way to make the node’s localhost:6443 accessible from the pod? The only idea I have at this moment is to set up an SSH-tunnel between the pod and the node it’s running at, but I don’t like it, because (1) it requires to propagate some RSA-key on all the nodes and add it on every new node, (2) I have no idea on how to find out the IP-address of the node from behalf of a container.

Thanks for reading this rant. I’ll be very grateful for all the ideas and clues.

Debian Split Tunnel allow specific website [on hold]

I have Debian 8.0 OS, when i remove the tick on (use default gateway on remote network) in windows OS, the split tunnel works perfect i can ping “Virtual private network” network and use internet not the “Virtual private network” Internet. But i have a website i can log in from specific IP for security and my “Virtual private network” server is from these white listed IP, so if i want to use the internet in “Virtual private network” server only to access this specific website how can i do it? it didn’t work with the IP add route

Please any help…. Urgent