W dream

Posted on Sunday, 29th November 2009 by Balazs

Problem
It is necessary for some users to have all their traffic directed through the OpenVPN concentrator. The number one reason for such a configuration is to protect the HTTP traffic over unsecured WiFi (a.k.a. hotspots).
Solution
Add to the bottom of the connecting client’s configuration file (typically under /etc/openvpn/clients.d the following line:
push “redirect-gateway”

Share and Enjoy:

Tags: OpenVPN, Schimo, Tunnelblick, VPN
Posted in Linux, Mac OS X, OpenBSD | Comments (Comments)

Posted on Thursday, 29th October 2009 by Balazs

Overview
In order to help OpenBSD developers understand what systems people are running OpenBSD on, it is recommended to send them the system information, as well as the hardware sensor information.
Steps

Log on to your OpenBSD box
At the prompt, run:
# (dmesg; sysctl hw.sensors) | mail -s “type of machine” dmesg@openbsd.org

References

tech at openbsd.org mailing list

Share and Enjoy:

Tags: dmesg
Posted in OpenBSD | Comments (Comments)

Posted on Thursday, 29th October 2009 by Balazs

Overview
One of the neat aspects of OSX is that it has all the classic Unix tools available. Linux users know that dd is the command line tool to flash a CF card or a USB drive on Linux. Here is how to use dd on the Mac.
Steps

Open a command line tool (terminal or [...]

Tags: CF, USB
Posted in Mac OS X, OpenBSD | Comments (Comments)

Posted on Tuesday, 30th June 2009 by Balazs

Premise
Setting up VPN with IPsec using public / private key authentication between two networks using OpenBSD firewalls.
Concept
Each VPN concentrator will have the public key fo the other machine, and one of the VPN concentrators will be designated as the active requester. The other will be set up in a passive role, to accept the [...]

Tags: isakmp, VPN
Posted in OpenBSD | Comments (Comments)

Posted on Friday, 29th May 2009 by Balazs

Bruce Guenter’s cvm librairies use Linux style sockets. That is usually fine on OpenBSD, except that the cvm_udp code opens a socket, and then uses sendto() which implicitly reoppens the socket. OpenBSD doesn’t like that, so here is the patch to fix cvm-0.18:
— client.c.org Fri Feb 20 12:07:55 [...]

Tags: cvm, Qmail, Vmailmgr
Posted in OpenBSD | Comments (Comments)

Posted on Friday, 29th May 2009 by Balazs

There is no single source that describes the proper installation of Qmail on OpenBSD, but there are multiple sources that combined provide a good picture:
http://marc.theaimsgroup.com/?l=openbsd-misc&m=106872052209964&w=1
http://www.sancho2k.net/filemgmt_data/files/qmail.html
http://multivac.cwru.edu./spf/
http://multivac.cwru.edu./fs/#tricks
Kludge e-mail server

Share and Enjoy:

Tags: Qmail, Vmailmgr
Posted in OpenBSD | Comments (Comments)

Posted on Friday, 29th May 2009 by Balazs

I found this solution in the summary of a related thread on misc@openbsd.org (mailing list).
Thanks for the various assists on this, I’m glad to say that the problem I was having is now solved. I am now successfully interworking dynamically addressed (DHCP) Win2K-pro and XP clients with OpenBSD isakmpd using X.509 certificate-based authentication. I [...]

Tags: VPN
Posted in OpenBSD | Comments (Comments)

Posted on Friday, 29th May 2009 by Balazs

Here are some of the resources we found useful to learn more about VPNs in general and on OpenBSD specifically:

FreeSWAN Project Documentation
Braindead RSA
OpenBDS Support

Share and Enjoy:

Tags: VPN
Posted in OpenBSD | Comments (Comments)

Posted on Friday, 29th May 2009 by Balazs

I found this solution on the misc@ list, and just slightly had to update it:
Getting Perl/CGI to work in a chroot’d Apache environment :

Intentions

Let me start off by saying that allowing Perl/CGI in a server
environment is generally a not good idea, unless you like to
spend all of your time auditing the Perl/CGI scripts on [...]

Tags: Apache, chroot
Posted in OpenBSD | Comments (Comments)

Posted on Friday, 29th May 2009 by Balazs

IP audit web is an excellent tool to monitor traffic on a given interface, and create daily and monthly statistics. It is really made of 2 components: – IPAudit – IPAudit-web As of this writing the latest version is IPAudit-Web-1.0BETA9. It contains both packages bundled.
Here are the steps to follow:
wget http://umn.dl.sourceforge.net/sourceforge/ipaudit/ipaudit-web-1.0BETA9.tar.gz
tar xvzf ipaudit-web-1.0BETA9.tar.gz
cd ipaudit-web-1.0BETA9/compile/src
vi [...]

Tags: IP
Posted in OpenBSD | Comments (Comments)