OpenBSD

Keychain

Need a small and smart utility to manage you ssh keys under linux ? got some scripts and cronjobs which requires an local ssh key ? have a look at keychain ! Install Software $ sudo apt-get install keychain edit startup Scripts $HOME/.bashrc / $HOME/.bash_profile / /etc/profile cat << 'EOF' >> $HOME/.bashrc # Keychain Startup eval `keychain --eval id_ed25519` EOF check service $ keychain $ ssh-add -L sha256: 3e33fcf6e85d374fe4e3b365c96c4a0d0270d99768af09f7ec8612209008ad04

OpenBSD 6.8

OpenBSD 6.8 released OpenBSD has two new releases every year. historically, on 1. Mai and 1. November. With a few small execptions in the past Check Wikipedia so, then latest OS appeared today: OpenBSD 6.8 Perform a Full Upgrade (incl. X Stuff) sysupgrade -r Run the Script (on your own risk !) doas su - mkdir /root/bin ftp -o /root/bin/upgrade_to_68.sh https://puffy.nolink.ch/scripts/upgrade_to_68.sh chmod 740 /root/bin/upgrade_to_68.sh # /root/bin/upgrade_to_68.sh # *** reboot *** # /root/bin/upgrade_to_68.

Nginx

Assuming you have a Website with some higher load, higher demand for availability, or both of them. You can do the following: Duplicate your Webserver (and the Content of Course) as much as you need Put a Loadbalancer in Front the Webserver, best in Combination with a Firewall Ruleset Terminate TLS on the Loadbalancer once, or on each Webserver directly. Whatever you prefer. You can also double the Loadbalancer with two Boxes the get redundancy on this level.

SSH Server behind Firewall

got a Server behing NAT / Firewall ? Need Shell access to … ? Server behind NAT/FW user@server$ ssh -R 1234:localhost:22 my.public.jumpbox Access Server ssh my.public.jumpbox user@jumpbox$ ssh -p 1234 localhost user@server$ and you’re in :) sha256: a2d421e9b998a6ecc2d1764036662585199c760809bef98dd88174c8d1609fcf

Relayd

another component of OpenBSD is relayd. it’s an integrated Loadbalancer & Proxy Service, like F5, Nginx and Others. But just like other BSD Services, straight, simple and easy to use … wanna see … ? Setup 4 VM’s, one Loadbalancer and 3 Webserver. The Webserver should server the same content, while the Loadbalancer checks if a Webserver is running and redirects traffic to the host or not. the configuration on the loadbalancer is simple like that:

FullBGP at Home

did you always wanted to have a fullbgp table at home once ? Over your DSL / CM / LTE or whatever connection ? here a little howto :) Setup VM Install a VM with OpenBSD. Add 1 CPU, 1 GB RAM, 20 GB Disk, nothing special Check our Upstream Provider Check the Page from Lukasz and spend him a Beer if you ever meet him. Edit your Config set the router-id to your Public IP.

Tunnel IPv4 over IPv6

let’s do the opposite. you have some ipv6 connectifity and need to transport ipv4 Host A (IPv6 only) root@hosta ~# ifconfig vio0 vio0: flags=208843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,AUTOCONF6> mtu 1500 lladdr 56:00:02:e7:9d:e5 index 1 priority 0 llprio 3 groups: egress media: Ethernet autoselect status: active inet6 fe80::5400:2ff:fee7:9de5%vio0 prefixlen 64 scopeid 0x1 inet6 2a05:f480:1400:7b6:a9e0:6a15:217:cc5c prefixlen 64 autoconf pltime 604627 vltime 2591827 inet6 2a05:f480:1400:7b6:446d:acb7:5fe4:450f prefixlen 64 autoconf autoconfprivacy pltime 86046 vltime 172537 root@hosta ~# i3 IPv4: !

Tunnel IPv6 over IPv4

let’s assume you need ipv6 connectifity somewhere … You can use some Tunnelbrokers or your run OpenBSD on your Boxes and want todo it on your own. Here some hints. Server with DualStack you need a Maschine out in the Internet which is DualStacked stoege@dualstack$ i3 IPv4: 11.22.33.44 IPv6: 2001:db8:100::100 Host with IPv4 only stoege@ipv4 host ~# i3 IPv4: 55.66.77.88 IPv6: !NETWORK and you want to bring IPv4 to the second host

Wireguard on (current | 6.8 and higher )

Wireguard on OpenBSD OpenBSD added wg to the Kernel a while ago … why not have a look into and do some speedtests … ? Setup CLIENT1 — WireGuard — CLIENT2 and running tcpbench between Client1 and Client2 Fireup VMs Stage 3 VM’s on my litte Proxmox Server (Intel NUC) host nic ip wg nic ip Client1 em0 192.168.108.7 wg0 10.0.0.1 WireGuard em0 192.

Bigdata

How to Process Large Files … ? Large is a variable Term, 700 GB is large for me, while it could be a small peace for others. Assuming you need to count the lines … this simple Task can take minutes ! Size [user@host /tmp]$ du -sh bigfile 745G bigfile Wordcount -> 10 min if you need to count the lines, use the wordcount command and you get the exact number … but you have to wait for minutes, depending in your disk subsystem and the file size of course