sec(4) for Route Based IPSec VPNs

A new tool for creating flexible, route based site to site virtual private networks (site-to-site VPNs) is entering its call for testing phase on OpenBSD-current...

https://undeadly.org/cgi?action=article;sid=20230704094238

#network #vpn #sec

🐡 OpenBSD 7.4 released! #release

OpenBSD Webzine issues 14, 15, 16.

- https://webzine.puffy.cafe/issue-14.html
- https://webzine.puffy.cafe/issue-15.html
- https://webzine.puffy.cafe/issue-16-special-octopenbsd-2023.html

#webzine #news

Install OpenBSD 7.3 on Proxmox (BIOS/UEFI and Cloud-init).

I thought it was an opportunity to take stock of the different methods of installing OpenBSD on our favorite hypervisor. We will consider different scenarios depending on the types of BIOS available under Proxmox (OVMF, SEABIOS); different OpenBSD installation images; and, finally, we'll talk about the thorny subject of OpenBSD's compatibility with Cloud-init...

https://forum.proxmox.com/threads/install-openbsd-7-3-on-proxmox-bios-uefi-and-cloud-init.133063/

#virtualization #proxmox #install

Collection of videos recorded at EuroBSDcon 2023 in Coimbra Portugal.

- How OpenBSD’s malloc helps the developer
- Practical Use of OpenBSD Routing Domains with Redundant Firewalls
- OpenBSD Ports and Packages: making things faster and easier
- A Haskell Binding for OpenBSD Pledge
- Using OpenBSD relayd(8) as an Application Layer Gateway
- OpenBSD Attack Mitigations
- The OpenBSD Installer

EuroBSDcon playlist - https://www.youtube.com/playlist?list=PLskKNopggjc7s6nAMxKF0tAO77ZIowZdx

#video #eurobsdcon

Creating an OpenBSD Wireguard VPN Gateway.

A couple of years ago I published a blog post about creating an OpenBSD VPN gateway using OpenVPN. I've recently switched from an OpenVPN-based VPN provider to one that uses Wireguard. As a result I've had to redo my VPN gateway...

https://blog.lambda.cx/posts/openbsd-wireguard-vpn-gateway/

#wireguard #network #vpn

OpenBSD workstation hardening.

I wanted to share a list of hardening you can do on your OpenBSD workstation, and explaining the threat model of each change...

https://dataswamp.org/~solene/2023-12-31-hardened-openbsd-workstation.html

#security #system

OpenBSD KDE Plasma Desktop.

The KDE Plasma 5.27 is available on OpenBSD -current and will be part of the next release 7.5...

https://rsadowski.de/posts/2024-01-09-openbsd-kde/

#kde #desktop

Use OpenBSD in web browser.

I have created a service that allows you to use OpenBSD (and other operating systems) in a web browser. The URL to the service is instantworkstation.com. Hope it may be useful to you...

https://www.reddit.com/r/openbsd/comments/1ad1puz/use_openbsd_in_web_browser/

#browser #system

OpenBSD system-call pinning

... In December, De Raadt sent a patch to the OpenBSD mailing list expanding OpenBSD's restrictions on the locations from which a process can make system calls...

https://lwn.net/SubscriberLink/959562/0578b8e463f790c1/

#pinsyscalls #syscall

OpenBSD wallpapers.

This repository is a collection of cool and fresh wallpapers designed specifically for OpenBSD enthusiasts...

https://github.com/raffaelschneider/openbsd-wallpapers

P. S. Some of them are really amazing

Some OpenBSD features that aren't widely known.

In this blog post, you will learn about some OpenBSD features that can be useful, but not widespread. They often have a niche usage, but it's important to know they exist to prevent you from reinventing the wheel...

https://dataswamp.org/~solene/2024-02-20-rarely-known-openbsd-features.html

#system #security

Tech Independence

Tech independence is not depending on any particular company or software. The only tools you need are the common open source basics built into any Linux or BSD operating system — free public-domain tools that are not owned by anyone, and can run on any computer.

Learn a few of these basic tools, and you can run your own private server on any computer forever, for the rest of your life. Host your own website and email. Keep your own contacts and calendars synced with your phone. Back up and sync your photos, movies, and music to your own private storage. No more subscriptions needed.

You can ignore all the companies offering “solutions”, even if they are free, because they take away self-reliance. The point is to know how to do it yourself, not to have somebody do it for you. It’s worth a little up-front work, like learning how to drive.

Below are simple step-by-step instructions that work. Instead of drowning you in options, it uses an operating system called OpenBSD...

https://sive.rs/ti

#services #system

KISS high-availability with OpenBSD.

My HA solution for Web and Gemini is based on DNS (OpenBSD's nsd) and a simple shell script (OpenBSD's ksh and some little sed and awk and grep). All software used here is part of the OpenBSD base system and no external package needs to be installed - OpenBSD is a complete operating system...

https://foo.zone/gemfeed/2024-04-01-KISS-high-availability-with-OpenBSD.html

#web #nsd #ksh

OpenBSD 7.5 released! #release

Re: lcamtuf on the recent xz debacle

Just for clarity, does anyone know what "Unix-like operating systems" would be affected by this?

None. TLDR: The build process of the backdoor explicitly aborts on platforms other than Linux x86-64...

https://marc.info/?l=openbsd-misc&m=171227941117852&w=2

#security #xz

20 years since "and we're just starting": undeadly.org turns 20.

It's been 20 years since the first undeadly.org post appeared...

https://www.undeadly.org/cgi?action=article;sid=20240409044953

#undeadly