Introducing veb(4) - a new Virtual Ethernet Bridge
In this commit, David Gwynne (dlg@) adds a new veb(4) driver to the tree. David's goal is to replace the old bridge(4) driver...
https://undeadly.org/cgi?action=article;sid=20210223111210
#network
In this commit, David Gwynne (dlg@) adds a new veb(4) driver to the tree. David's goal is to replace the old bridge(4) driver...
https://undeadly.org/cgi?action=article;sid=20210223111210
#network
pftable-rs
A small Rust library for managing pf tables on OpenBSD.
https://github.com/d3npa/pftables-rs
#pf #security #network
A small Rust library for managing pf tables on OpenBSD.
https://github.com/d3npa/pftables-rs
#pf #security #network
In this guide we're going to take a look at how we can use cheap and "low end" hardware to build an amazing OpenBSD router with firewalling capabilities, segmented local area networks, DNS with domain blocking, DHCP and more.
We will use a setup in which the router segments the local area network (LAN) into three separate networks, one for the grown-ups in the house, one for the children, and one for public facing servers (a DMZ), such as a private web server or mail server. We will also look at how we can use DNS to block out ads, porn, and other websites on the Internet. The OpenBSD router can also be used on small to mid-size offices.
https://openbsdrouterguide.net/
#hardware #system #network
We will use a setup in which the router segments the local area network (LAN) into three separate networks, one for the grown-ups in the house, one for the children, and one for public facing servers (a DMZ), such as a private web server or mail server. We will also look at how we can use DNS to block out ads, porn, and other websites on the Internet. The OpenBSD router can also be used on small to mid-size offices.
https://openbsdrouterguide.net/
#hardware #system #network
pfstat on OpenBSD: analyze stream on IPv4 and IPv6 through PF.
pfstat is a project made by Daniel Hartmeir to generate graphic statistiques about the network stream through the firewall PF.
https://framagit.org/sh-web/hugo/doc.huc.fr.eu.org/raw/master/content/en/monitor/pfstat-openbsd.md
#network #firewall #pf
pfstat is a project made by Daniel Hartmeir to generate graphic statistiques about the network stream through the firewall PF.
https://framagit.org/sh-web/hugo/doc.huc.fr.eu.org/raw/master/content/en/monitor/pfstat-openbsd.md
#network #firewall #pf
Fair Internet bandwidth management on a network using OpenBSD.
The point of this article is to explain how to use OpenBSD as a router on your network to allow the Internet access to be used fairly by devices on the network to guarantee everyone they will have at least a bit of Internet to continue working flawlessly.
I will use the queuing features from the OpenBSD firewall PF (Packet Filter) which relies on the CoDel network scheduler algorithm, which seems to bring all the features we need to do what we want.
https://dataswamp.org/~solene/2021-08-30-openbsd-qos-lan.html
#network #pf
The point of this article is to explain how to use OpenBSD as a router on your network to allow the Internet access to be used fairly by devices on the network to guarantee everyone they will have at least a bit of Internet to continue working flawlessly.
I will use the queuing features from the OpenBSD firewall PF (Packet Filter) which relies on the CoDel network scheduler algorithm, which seems to bring all the features we need to do what we want.
https://dataswamp.org/~solene/2021-08-30-openbsd-qos-lan.html
#network #pf
Full WireGuard setup with OpenBSD.
We want all our network traffic to through a WireGuard VPN tunnel automatically, both WireGuard client and server are running OpenBSD, how to do that? While I thought it was simple at first, it soon became clear that the "default" part of the problem was not easy to solve, fortunately there are solutions...
https://dataswamp.org/~solene/2021-10-09-openbsd-wireguard-exit.html
#vpn #wireguard #network
We want all our network traffic to through a WireGuard VPN tunnel automatically, both WireGuard client and server are running OpenBSD, how to do that? While I thought it was simple at first, it soon became clear that the "default" part of the problem was not easy to solve, fortunately there are solutions...
https://dataswamp.org/~solene/2021-10-09-openbsd-wireguard-exit.html
#vpn #wireguard #network
What are the VPN available on OpenBSD.
I wanted to write this text for some time, a list of VPN with encryption that can be used on OpenBSD. I really don't plan to write about all of them but I thought it was important to show the choices available when you want to create a VPN between two peers/sites.
https://dataswamp.org/~solene/2021-12-11-openbsd-vpn.html
#vpn #network
I wanted to write this text for some time, a list of VPN with encryption that can be used on OpenBSD. I really don't plan to write about all of them but I thought it was important to show the choices available when you want to create a VPN between two peers/sites.
https://dataswamp.org/~solene/2021-12-11-openbsd-vpn.html
#vpn #network
Wireguard all the things.
The good thing about wireguard besides its security is that it keeps things very simple plus OpenBSD simplicity makes the whole environment easy to setup even with crossing platform, such us iOS, Android, Windows, Linux and so on. For this setup you need only "libqrencode" and "wireguard-tools" to create qr codes to import the vpn configuration on your devices, so for this we do...
https://x61.sh/log/2022/01/20220104T122904-wireguard.html
#network #vpn #wireguard
The good thing about wireguard besides its security is that it keeps things very simple plus OpenBSD simplicity makes the whole environment easy to setup even with crossing platform, such us iOS, Android, Windows, Linux and so on. For this setup you need only "libqrencode" and "wireguard-tools" to create qr codes to import the vpn configuration on your devices, so for this we do...
https://x61.sh/log/2022/01/20220104T122904-wireguard.html
#network #vpn #wireguard
👍7
Native IPv6 with OpenBSD and Aussie Broadband
We are coming on two decades since IPv6 became a recognised standard and generally available but it is still not being widely adopted by people and organisations that have easy access to IPv4 address space. Even if you have a native IPv4 address, it will typically be in the form of some CG-NAT or other NAT on your customer premises equipment (CPE)...
https://www.tubsta.com/2022/03/native-ipv6-with-openbsd-and-aussie-broadband/
#network #ipv6
We are coming on two decades since IPv6 became a recognised standard and generally available but it is still not being widely adopted by people and organisations that have easy access to IPv4 address space. Even if you have a native IPv4 address, it will typically be in the form of some CG-NAT or other NAT on your customer premises equipment (CPE)...
https://www.tubsta.com/2022/03/native-ipv6-with-openbsd-and-aussie-broadband/
#network #ipv6
👍3
Heap Overflow in OpenBSD's slaacd via Router Advertisement
In this blog post we analyze a heap overflow vulnerability we discovered in the IPv6 stack of OpenBSD, more specifically in its slaacd daemon. This issue, whose root cause can be found in the mishandling of Router Advertisement messages containing a DNSSL option with a malformed domain label, was patched by OpenBSD on March 21, 2022. A proof-of-concept to reproduce the vulnerability is provided.
https://blog.quarkslab.com/heap-overflow-in-openbsds-slaacd-via-router-advertisement.html
#security #network #slaacd
In this blog post we analyze a heap overflow vulnerability we discovered in the IPv6 stack of OpenBSD, more specifically in its slaacd daemon. This issue, whose root cause can be found in the mishandling of Router Advertisement messages containing a DNSSL option with a malformed domain label, was patched by OpenBSD on March 21, 2022. A proof-of-concept to reproduce the vulnerability is provided.
https://blog.quarkslab.com/heap-overflow-in-openbsds-slaacd-via-router-advertisement.html
#security #network #slaacd
👍3🎉1
Doing stupid things (with packets and OpenBSD).
Several articles about OpenBSD on server: https://doing-stupid-things.as59645.net/
#system #network #mail
Several articles about OpenBSD on server: https://doing-stupid-things.as59645.net/
#system #network #mail
👍5
iblock: block scanner TCP connections under OpenBSD.
iblock is a software whose purpose is to detect TCP connections, on specific ports, in order to block the corresponding IP addresses, through Packet Filter...
https://doc.huc.fr.eu.org/en/monitor/iblock-openbsd/
#network
iblock is a software whose purpose is to detect TCP connections, on specific ports, in order to block the corresponding IP addresses, through Packet Filter...
https://doc.huc.fr.eu.org/en/monitor/iblock-openbsd/
#network
👍3🔥1
PFRE.
PFRE is a packet filter rule editor for OpenBSD/pf. PFRE is expected to be used by beginners and system administrators alike. The UTMFW and PFFW projects use PFRE on their web administration interfaces. If you don't want to install PFRE yourself, you can download the installation files of UTMFW or PFFW to test drive PFRE easily...
https://github.com/sonertari/PFRE
#pf #firewall #network
PFRE is a packet filter rule editor for OpenBSD/pf. PFRE is expected to be used by beginners and system administrators alike. The UTMFW and PFFW projects use PFRE on their web administration interfaces. If you don't want to install PFRE yourself, you can download the installation files of UTMFW or PFFW to test drive PFRE easily...
https://github.com/sonertari/PFRE
#pf #firewall #network
👍7
🇫🇷 [FR] Installation de pare-feu redondants avec OpenBSD. Tutorial from Matthieu Herb. #video #network
Replay JRES
Installation de pare-feu redondants avec OpenBSD
Auteurs : Matthieu Herrb, Tuto long, Résumé :, Pré-requisConnaissances de base sur : les systèmes de type Unix (Linux, *BSD,…), les protocoles réseau TCP/IP, la sécurité des systèmes d'information, être capable d'utiliser un système en ligne de commande,…
👍5
A Few of My Favorite Things About The OpenBSD Packet Filter Tools.
The OpenBSD packet filter PF was introduced a little more than 20 years ago as part of OpenBSD 3.0. We'll take a short tour of PF features and tools that I have enjoyed using...
https://bsdly.blogspot.com/2022/09/a-few-of-my-favorite-things-about.html
#firewall #network #pf
The OpenBSD packet filter PF was introduced a little more than 20 years ago as part of OpenBSD 3.0. We'll take a short tour of PF features and tools that I have enjoyed using...
https://bsdly.blogspot.com/2022/09/a-few-of-my-favorite-things-about.html
#firewall #network #pf
👍13🔥3😱1
Dynamic host configuration, please.
In the article, Florian details the steps to modern OpenBSD dynamic host configuration, including interface configuration, name resolution, routing and more...
- https://undeadly.org/cgi?action=article;sid=20230308060219
- https://sha256.net/dynamic_host_configuration_please.html
#network #dns
In the article, Florian details the steps to modern OpenBSD dynamic host configuration, including interface configuration, name resolution, routing and more...
- https://undeadly.org/cgi?action=article;sid=20230308060219
- https://sha256.net/dynamic_host_configuration_please.html
#network #dns
❤12👍1🥰1
dhcpd.leases dashboard
A simple dashboard for the dhcpd.leases file of the OpenBSD dhcpd server that is very easy to deploy and use...
https://github.com/facelessfish/dhcpd-leasesd
#dhcp #dhcpd #network
A simple dashboard for the dhcpd.leases file of the OpenBSD dhcpd server that is very easy to deploy and use...
https://github.com/facelessfish/dhcpd-leasesd
#dhcp #dhcpd #network
❤17👍7🙏3
sec(4) for Route Based IPSec VPNs
A new tool for creating flexible, route based site to site virtual private networks (site-to-site VPNs) is entering its call for testing phase on OpenBSD-current...
https://undeadly.org/cgi?action=article;sid=20230704094238
#network #vpn #sec
A new tool for creating flexible, route based site to site virtual private networks (site-to-site VPNs) is entering its call for testing phase on OpenBSD-current...
https://undeadly.org/cgi?action=article;sid=20230704094238
#network #vpn #sec
🔥15👍3❤2👏2🤮1
Creating an OpenBSD Wireguard VPN Gateway.
A couple of years ago I published a blog post about creating an OpenBSD VPN gateway using OpenVPN. I've recently switched from an OpenVPN-based VPN provider to one that uses Wireguard. As a result I've had to redo my VPN gateway...
https://blog.lambda.cx/posts/openbsd-wireguard-vpn-gateway/
#wireguard #network #vpn
A couple of years ago I published a blog post about creating an OpenBSD VPN gateway using OpenVPN. I've recently switched from an OpenVPN-based VPN provider to one that uses Wireguard. As a result I've had to redo my VPN gateway...
https://blog.lambda.cx/posts/openbsd-wireguard-vpn-gateway/
#wireguard #network #vpn
🔥13👍2