lambda.cx blog Sharing notes with the internet
Posts with the tag openbsd:

Creating a VPN Gateway with OpenBSD 6.7

The Problem Say you have an account with a VPN provider. Maybe there are a limit to how many connections you can have with one account. Maybe you want to put more machines than you have connections on the account. Or maybe you want to put a large number of machines of the connection, maybe some FreeBSD Jails, LXC containers, or VMs, and you don't want to download the VPN profiles, sign in and configure them all individually.

Fixing OpenBSD 6.7 httpd MIME Types

On OpenBSD's httpd, there are only a select few MIME types that are recognized by default. According to httpd.conf(5), those types are: ext/css, text/html, text/plain, image/gif, image/png, image/jpeg, image/svg+xml, and application/javascript. Everything else is said to be of type application/octet-stream by default. This is OK for most static hosting situations, but can be challenging for some common attachment types. For example, I recently made a blog post that had an attached PDF.

Talk: An Introduction to OpenBSD

I recently gave a talk at work to help introduce OpenBSD to my colleagues. It's a broad introduction to the fundamentals of security in OpenBSD, as well as some basic system administration tips and suggestions anyone coming from a Linux background might find useful. It's roughly split up into four sections; the history of OpenBSD, what sets it apart from other operating systems, a guided installation, and the system administration introduction.

Compiling Rakudo Star on OpenBSD 6.7

EDIT: After writing this post, tyil, the maintainer of rakudo star, reached out to me and added proper OpenBSD compatibility. The portion of this post dedicated to working around the failing downloads can now be ignored, and rstar now includes a warning if the user doesn't have a login class set. EDIT: The development version of Rakudo Star targets Rakudo 2020.07 instead of 2020.02, which has uses even more memory than the staff login class is allowed.

Setting up a DHCP server on OpenBSD 6.7

OpenBSD makes a great router. It's simplicity and ease of configuration makes it perfect for network infrastructure applications. Everything you need to build a network of any size is built into the base system, plus its man pages and examples cover everything you'd need to know. While I've been an OpenBSD user for years, I'm finally in the process of replacing the router provided by my ISP with a PC Engines APU2E4 running OpenBSD.

Installing OpenBSD 6.7 on a PC Engines APU2

If you're interested in the PC Engines APU2 line and what the differences are between models, I've covered it in a previous post here. I recently purchased a new PC Engines APU2E4 to use as a home router. I purchased the kit, which includes the board, case, and power supply from CorpShadow. I also ordered the DB9F to USB adapter (Silicon Labs CP2104), so I don't need to get a separate null modem connector.

How To Stop mg From Littering

If you've been an OpenBSD user for any period of time, you probably know what mg is. For those who don't know, mg stands for MicroGnuEmacs. It's a small clone of Emacs maintained by the OpenBSD team that's included with the base system. Being an Emacs user, I love that mg is part of the OpenBSD base system. It's great to have an editor that has familiar keybinds on a system that I haven't had the time to install any packages on.

Let's Encrypt on OpenBSD 6.7

So I have an OpenBSD server serving a static website using httpd(8). I've been thinking for a while I should add an SSL certificate, but never got around to it because it was just a small hobby website and it didn't require any real attention. Today while watching one of the OpenBSD tutorials at BSDCan, I thought it was finally time. Since configuring everything else in OpenBSD is so easy, this must be easy too, right?

Issues with OpenVPN on OpenBSD 6.7

EDIT: (August 22, 2020) Theo Buehler has kindly reached out to me and informed me that this issue has just been fixed in a syspatch, and that OpenVPN now works correctly. Hi. Regarding https://blog.lambda.cx/posts/openvpn-issues-openbsd/, the issue you describe in this post should be fixed in 6.7-stable. It boils down to this: ProtonVPN appears to require clients to use P-521 for the TLSv1.3 key exchange.