OpenBSD 6.9 Router Benchmarks.
I've been using OpenBSD for my home router/gateway for years, and have run it on a number of different types of hardware. I recently got Verizon's gigabit service which is advertised at up to 940 Mb/s download and 880 Mb/s upload speeds, so I decided to benchmark some of the routers I have laying around. The contestants are:
- Ubiquiti EdgeRouter Lite: dual core 500 Mhz Cavium Octeon, Cavium ethernet using cnmac driver
- PC Engines APU4: quad core 1 GHz AMD GX-412TC Jaguar, Intel i211AT ethernet with em driver
- Ubiquiti EdgeRouter 4: quad core 1 GHz Cavium Octeon, Cavium ethernet with cnmac driver
- Supermicro E300-8D: quad core 2.2 GHz Intel Xeon D-1518 (SMT disabled), Intel I210 ethernet with em driver
https://kernelpanic.life/hardware/openbsd-router-benchmarks.html
#hardware
I've been using OpenBSD for my home router/gateway for years, and have run it on a number of different types of hardware. I recently got Verizon's gigabit service which is advertised at up to 940 Mb/s download and 880 Mb/s upload speeds, so I decided to benchmark some of the routers I have laying around. The contestants are:
- Ubiquiti EdgeRouter Lite: dual core 500 Mhz Cavium Octeon, Cavium ethernet using cnmac driver
- PC Engines APU4: quad core 1 GHz AMD GX-412TC Jaguar, Intel i211AT ethernet with em driver
- Ubiquiti EdgeRouter 4: quad core 1 GHz Cavium Octeon, Cavium ethernet with cnmac driver
- Supermicro E300-8D: quad core 2.2 GHz Intel Xeon D-1518 (SMT disabled), Intel I210 ethernet with em driver
https://kernelpanic.life/hardware/openbsd-router-benchmarks.html
#hardware
Opening a Garage Door Using OpenBSD on a Raspberry Pi.
OpenBSD lets one control the GPIO pins on a Raspberry Pi. Controlling a garage door is simple: connect the GPIO output pin to one side of a relay's coil, connect the 5 volt output of the Pi to the other side of the relay's coil, and connect wires from your garage's wall console to the relay's common and "normally closed" ports. Running the program below opens or closes the door. Since the Pi will be connected to the garage wall console, you'll want to enable sshd. I've named my Pi "garage" and my program "og," so I can open the door remotely with
#hardware
OpenBSD lets one control the GPIO pins on a Raspberry Pi. Controlling a garage door is simple: connect the GPIO output pin to one side of a relay's coil, connect the 5 volt output of the Pi to the other side of the relay's coil, and connect wires from your garage's wall console to the relay's common and "normally closed" ports. Running the program below opens or closes the door. Since the Pi will be connected to the garage wall console, you'll want to enable sshd. I've named my Pi "garage" and my program "og," so I can open the door remotely with
ssh garage /home/sven/bin/og
https://undeadly.org/cgi?action=article;sid=20210527120047#hardware
Rolling Back OpenBSD PF Changes.
If you have ever done something dumb in a firewall config and locked yourself out of a machine, you will appreciate the ability to automatically roll a configuration back to a previous version after a timeout period. This is something that commercial routers and firewall devices from Cisco, Juniper, and others have implemented, though their solutions cover more than just the firewall itself.
https://kernelpanic.life/software/rolling-back-openbsd-pf-changes.html
#pf #firewall
If you have ever done something dumb in a firewall config and locked yourself out of a machine, you will appreciate the ability to automatically roll a configuration back to a previous version after a timeout period. This is something that commercial routers and firewall devices from Cisco, Juniper, and others have implemented, though their solutions cover more than just the firewall itself.
https://kernelpanic.life/software/rolling-back-openbsd-pf-changes.html
#pf #firewall
OpenBSD Mail Server (3 Part Series).
- Rspamd installation and OpenSMTPD configuration on it on OpenBSD
- Rspamd monitoring with OpenBSD relayd
- DKIM Migration: Rpamd instead of DKIMproxy out on OpenBSD / OpenSMTPD
#mail #rspamd
- Rspamd installation and OpenSMTPD configuration on it on OpenBSD
- Rspamd monitoring with OpenBSD relayd
- DKIM Migration: Rpamd instead of DKIMproxy out on OpenBSD / OpenSMTPD
#mail #rspamd
Filtering spam using Rspamd and OpenSMTPD on OpenBSD.
I recently used Spamassassin to get ride of the spam I started to receive but it proved to be quite useless against some kind of spam so I decided to give rspamd a try and write about it. rspamd can filter spam but also sign outgoing messages with DKIM, I will only care about the anti spam aspect.
https://dataswamp.org/~solene/2021-07-13-smtpd-rspamd.html
#mail #rspamd
I recently used Spamassassin to get ride of the spam I started to receive but it proved to be quite useless against some kind of spam so I decided to give rspamd a try and write about it. rspamd can filter spam but also sign outgoing messages with DKIM, I will only care about the anti spam aspect.
https://dataswamp.org/~solene/2021-07-13-smtpd-rspamd.html
#mail #rspamd
My Fanless OpenBSD Desktop.
After the disappointment of my X1 Nano and learning that all future Intel “Evo”-branded laptops would lack S3 suspend, I started thinking about returning to my M1 MacBook full-time or building an OpenBSD desktop. I chose the latter, building my first desktop machine in many years...
https://jcs.org/2021/07/19/desktop
#desktop #hardware
After the disappointment of my X1 Nano and learning that all future Intel “Evo”-branded laptops would lack S3 suspend, I started thinking about returning to my M1 MacBook full-time or building an OpenBSD desktop. I chose the latter, building my first desktop machine in many years...
https://jcs.org/2021/07/19/desktop
#desktop #hardware
clionly.host - A free OpenBSD Shell accountIt is a free OpenBSD shell account available to anyone who can generate and use the new FIDO/U2F backed SSH keys: https://clionly.host
https://www.reddit.com/r/openbsd/comments/ouppmd/clionlyhost_a_free_openbsd_shell_account_for/
#link #service
In this guide we're going to take a look at how we can use cheap and "low end" hardware to build an amazing OpenBSD router with firewalling capabilities, segmented local area networks, DNS with domain blocking, DHCP and more.
We will use a setup in which the router segments the local area network (LAN) into three separate networks, one for the grown-ups in the house, one for the children, and one for public facing servers (a DMZ), such as a private web server or mail server. We will also look at how we can use DNS to block out ads, porn, and other websites on the Internet. The OpenBSD router can also be used on small to mid-size offices.
https://openbsdrouterguide.net/
#hardware #system #network
We will use a setup in which the router segments the local area network (LAN) into three separate networks, one for the grown-ups in the house, one for the children, and one for public facing servers (a DMZ), such as a private web server or mail server. We will also look at how we can use DNS to block out ads, porn, and other websites on the Internet. The OpenBSD router can also be used on small to mid-size offices.
https://openbsdrouterguide.net/
#hardware #system #network
OpenBSD on the Framework Laptop.
Framework is a new company offering a laptop that is designed to be repairable and upgradeable, both in terms of internal components like the screen and motherboard, and in pluggable expansion cards.
https://jcs.org/2021/08/06/framework
#hardware #install #system
Framework is a new company offering a laptop that is designed to be repairable and upgradeable, both in terms of internal components like the screen and motherboard, and in pluggable expansion cards.
https://jcs.org/2021/08/06/framework
#hardware #install #system
pfstat on OpenBSD: analyze stream on IPv4 and IPv6 through PF.
pfstat is a project made by Daniel Hartmeir to generate graphic statistiques about the network stream through the firewall PF.
https://framagit.org/sh-web/hugo/doc.huc.fr.eu.org/raw/master/content/en/monitor/pfstat-openbsd.md
#network #firewall #pf
pfstat is a project made by Daniel Hartmeir to generate graphic statistiques about the network stream through the firewall PF.
https://framagit.org/sh-web/hugo/doc.huc.fr.eu.org/raw/master/content/en/monitor/pfstat-openbsd.md
#network #firewall #pf
Recent and not so recent changes in OpenBSD that make life better (and may turn up elsewhere too).
Known to be "functional, free and secure by default", the OpenBSD operating system has played an important role in open source for more than a quarter century. It has also been fairly central to what I have done for the last two decades and some. What follows is my personal view of what life with OpenBSD has been like, with an emphasis on moments and developments that I feel made life, or at least my life, better.
https://bsdly.blogspot.com/2021/08/recent-and-not-so-recent-changes-in.html
#system
Known to be "functional, free and secure by default", the OpenBSD operating system has played an important role in open source for more than a quarter century. It has also been fairly central to what I have done for the last two decades and some. What follows is my personal view of what life with OpenBSD has been like, with an emphasis on moments and developments that I feel made life, or at least my life, better.
https://bsdly.blogspot.com/2021/08/recent-and-not-so-recent-changes-in.html
#system
Dynamic DNS Daemon for OpenBSD.
dyndnsd is a Dynamic-DNS daemon for OpenBSD. It is minimal, lightweight, intuitive, and generic/extensible enough to support any Dynamic-DNS provider.
https://github.com/mario-campos/dyndnsd
#dns #dyndns
dyndnsd is a Dynamic-DNS daemon for OpenBSD. It is minimal, lightweight, intuitive, and generic/extensible enough to support any Dynamic-DNS provider.
https://github.com/mario-campos/dyndnsd
#dns #dyndns
k2k21: hackathon. Aug 29 - Sep 4, 2021. Burg Liebenzell, Germany.
https://www.openbsd.org/hackathons.html
#hackathon
https://www.openbsd.org/hackathons.html
#hackathon
Fair Internet bandwidth management on a network using OpenBSD.
The point of this article is to explain how to use OpenBSD as a router on your network to allow the Internet access to be used fairly by devices on the network to guarantee everyone they will have at least a bit of Internet to continue working flawlessly.
I will use the queuing features from the OpenBSD firewall PF (Packet Filter) which relies on the CoDel network scheduler algorithm, which seems to bring all the features we need to do what we want.
https://dataswamp.org/~solene/2021-08-30-openbsd-qos-lan.html
#network #pf
The point of this article is to explain how to use OpenBSD as a router on your network to allow the Internet access to be used fairly by devices on the network to guarantee everyone they will have at least a bit of Internet to continue working flawlessly.
I will use the queuing features from the OpenBSD firewall PF (Packet Filter) which relies on the CoDel network scheduler algorithm, which seems to bring all the features we need to do what we want.
https://dataswamp.org/~solene/2021-08-30-openbsd-qos-lan.html
#network #pf
EuroBSDCon 2021 is Online. September 17-19, 2021.
As such, EuroBSDCon 2021 will be an online conference. Details on the practicalities will be provided closer to the event.
https://2021.eurobsdcon.org/
#conference
As such, EuroBSDCon 2021 will be an online conference. Details on the practicalities will be provided closer to the event.
https://2021.eurobsdcon.org/
#conference
Support OpenBSD’s pledge(2), unveil(2) in programming languages.
Some years ago OpenBSD 5.9 bring support of pledge(2) and later OpenBSD 6.4 bring support of unveil(2) system calls. Initially only C/C++ applications had possibility to use these system calls. Later people from community added support to many other programming languages that allows to use pledge(2) and uneil(2) in the most popular languages. Table below helps to understand status of it’s support in these languages...
https://bronevichok.ru/posts/pledge.html
#pledge #unveil
Some years ago OpenBSD 5.9 bring support of pledge(2) and later OpenBSD 6.4 bring support of unveil(2) system calls. Initially only C/C++ applications had possibility to use these system calls. Later people from community added support to many other programming languages that allows to use pledge(2) and uneil(2) in the most popular languages. Table below helps to understand status of it’s support in these languages...
https://bronevichok.ru/posts/pledge.html
#pledge #unveil