FullBGP at Home

did you always wanted to have a fullbgp table at home once ? Over your DSL / CM / LTE or whatever connection ? here a little howto :) Setup VM Install a VM with OpenBSD. Add 1 CPU, 1 GB RAM, 20 GB Disk, nothing special Check our Upstream Provider Check the Page from Lukasz and spend him a Beer if you ever meet him. Edit your Config set the router-id to your Public IP.

OpenBSD 6.8

will be released in Nov 2020 … expect an update during this time :) sha256: de21329ae3787e6300e7da3896ae5c26357ca2263723f5cf9c95d90a2debcc4d

Git Clear your History

Clear History have you ever checked in some binarys, confidential stuff or something else by mistake ? Git will keep all your history, that’s their design and purpose. how ever, if you need to cleanup once, here is a short tutorial. Kill Git Config cd myrepo cat .git/config -> note down the url rm -rf .git Create New Repo git init git add . git commit -m "Removed history, ..." Push Remote git remote add origin git@host/yourrepo <- URL you noted down above git push -u --force origin master All in One _url=$(git remote -v |awk '/fetch/ { print $2 }') rm -rf .

Serial Console & Ttys

assuming you have a apu2|apu3|apu4 from pcengines or a virtual machine running on KVM/Qemu. And you don’t have vga/dvi/hdmi whatever kind of video output. of course, you can install and run OpenBSD (or Linux) on this boxes. boot.conf if you wanna install from an USB Stick, set the correct Port and Speed before booting. boot> stty com0 115200 boot> set tty com0 or put these settings ins in the boot.conf on your tftp server.

Bug in OpenSSH / Config Checker

stumpled upon a bug in openssh … did a small config change in sshd_config, deployed it with ansible … and lost connectifity to all these boxes immediately … and of course, i did a config check before reloading the sshd daemon, and the config check was fine. i can’t belife that nobody else found this before, as it’s really simple to reproduce. and it’s working with openbsd, debian, centos and mostly on all system which have opensshd implemented (and that’s a lot of …)

Gluerecords

https://serverfault.com/questions/142344/how-to-test-dns-glue-record Check GlueRecords host:~ $ dig +short ch. NS c.nic.ch. a.nic.ch. h.nic.ch. f.nic.ch. g.nic.ch. b.nic.ch. e.nic.ch. host:~ $ dig +norec @a.nic.ch. noflow.ch. NS ; <<>> DiG 9.10.6 <<>> +norec @a.nic.ch. noflow.ch. NS ; (2 servers found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29211 ;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 3, ADDITIONAL: 4 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ;; QUESTION SECTION: ;noflow.

Checkmk

Some Install Notes https://checkmk.de/cms_install_packages_debian.html download and scp check-mk-enterprise-1.6.0p15.demo_0.buster_amd64.deb -> enterprise microkernel, 2 x 10 Hosts download and scp check-mk-raw-1.6.0p15_0.buster_amd64.deb -> raw edition, nagios kernel ssh root@localhost apt-get install dpkg-sig libnet-snmp-perl snmp wget https://checkmk.com/support/Check_MK-pubkey.gpg gpg --import Check_MK-pubkey.gpg dpkg-sig --verify /tmp/check-mk-enterprise-1.6.0p15.demo_0.buster_amd64.deb apt-get install gdebi-core gdebi /tmp/check-mk-raw-1.6.0p15_0.buster_amd64.deb omd version omd create mysite omd config oder omd restore /tmp/mysite.tar.gz sha256: 0f3424920db7da1942842c4ae9f04d4b366d3113f8e858dba37fae3fca123f86

Tunnel IPv4 over IPv6

let’s do the opposite. you have some ipv6 connectifity and need to transport ipv4 Host A (IPv6 only) root@hosta ~# ifconfig vio0 vio0: flags=208843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,AUTOCONF6> mtu 1500 lladdr 56:00:02:e7:9d:e5 index 1 priority 0 llprio 3 groups: egress media: Ethernet autoselect status: active inet6 fe80::5400:2ff:fee7:9de5%vio0 prefixlen 64 scopeid 0x1 inet6 2a05:f480:1400:7b6:a9e0:6a15:217:cc5c prefixlen 64 autoconf pltime 604627 vltime 2591827 inet6 2a05:f480:1400:7b6:446d:acb7:5fe4:450f prefixlen 64 autoconf autoconfprivacy pltime 86046 vltime 172537 root@hosta ~# i3 IPv4: !

Tunnel IPv6 over IPv4

let’s assume you need ipv6 connectifity somewhere … You can use some Tunnelbrokers or your run OpenBSD on your Boxes and want todo it on your own. Here some hints. Server with DualStack you need a Maschine out in the Internet which is DualStacked stoege@dualstack$ i3 IPv4: 11.22.33.44 IPv6: 2001:db8:100::100 Host with IPv4 only stoege@ipv4 host ~# i3 IPv4: 55.66.77.88 IPv6: !NETWORK and you want to bring IPv4 to the second host

Wireguard on (current | 6.8 and higher )

Wireguard on OpenBSD OpenBSD added wg to the Kernel a while ago … why not have a look into and do some speedtests … ? Setup CLIENT1 — WireGuard — CLIENT2 and running tcpbench between Client1 and Client2 Fireup VMs Stage 3 VM’s on my litte Proxmox Server (Intel NUC) host nic ip wg nic ip Client1 em0 192.168.108.7 wg0 10.0.0.1 WireGuard em0 192.