OpenBSD is a fun platform to immerse in software, networking, security, and Operating Systems principals. Although many users choose to use it for their desktop, it is also not too shabby filling in as the foundation for Border (Edge) Systems such as Firewalls and Gateway Servers.
The OpenBSD focus on documentation in man(ual) pages, and online Frequently Asked Questions(FAQ) is a great foundation for you to experiment, and maintain.
These notes reference how we got/keep OpenBSD up and running. It is partly a reflection of our journey, and may be totally wrong for your context. Verify what you read here through the official OpenBSD documentation, ask questions on the mailing lists, use search engines such as Google or Bing and Practise Safe Computing ™.
Putting together an OpenBSD box is fun and easy, although there are a few hurdles that can seem daunting for the new user. The installation process is well defined, documented. We include here a few areas that might be interesting to review before a system install (especially for new users.) Likewise, we try to put here general issues to consider when planning to roll-out a consistent deployment of OpenBSD.
Communication Services Chat | Mail | VoIP | VPN | Web | Miscellaneous Communication Services on the Internet include the perennial Web Presence, as well as the mundane Mail Service to Secured Virtual Private Networks (VPN) over the Public Internet. But the Internet is a wild ‘dangerous’ place and OpenBSD is a great platform for securing communication resources. OpenBSD is at the forefront of standardising security focused methodologies of whole-system development.
Border and Gateway Systems OpenBSD is an established, tested, system for Edge, or Border devices. You may have to use your local search engine, or watch the mailing lists, but if you want to write your own [marketing brochures](“aka do your own research”), OpenBSD is a practical and solid solution for many edge device, and border systems. These notes will not help you build a secure system, but will hopefully provide some strategy for monitoring or debugging your configuration.
System Monitoring Several tools are used for monitoring IT Services, including host/device status, and network status. We’ll look here at a few areas that may help you monitor your IT Services. Announcements Host / Device Status Network Performance For many, resorting to commercial products is a valid decision depending on availability of expertise to install, maintain, make use of open source resources. The following are some of the tools (and their category) we have successfully deployed.
How to use these Guides ? As discussed in the Site Directions these notes are morphing (or evolving) from my own needs to record what I’ve gone through, and make it possible for me to rebuild or reinstall a configuration with OpenBSD. In this context, I have a few close friends who find these notes [in]valuable(?) so I continue to review the notes when possible. Read It in the context of greater OpenBSD documentation Do not copy / paste Use a Test Environment/Network Have Fun I have tried to go back and add some minimal set of information with each guide/note (such as version of OpenBSD it was installed with.
A little network knowledge really does help time: One of our clients was having serious problems with installing and getting Microsoft Lync to work. The previous Support organisation spent a couple of months on the problem and gave up, but the user never gave up. When we took on the contract to provide support, our support technicians could get the accounts to work outside the customers environment, and intermittently at the customers site.
Build and Consistency
Preview | Install | Compiling | Consistency
Putting together an OpenBSD box is fun and easy, although there are a few hurdles that can seem daunting for the new user. The installation process is well defined, documented. We include here a few areas that might be interesting to review before a system install (especially for new users.)
Likewise, we try to put here general issues to consider when planning to roll-out a consistent deployment of OpenBSD.
Chat | Mail | VPN | Web | Miscellaneous
Your first step in connecting your new OpenBSD box, to anything, is to read the OpenBSD FAQ 6 - Networking document. And then, read it again.
Afterwards, we can explore end-user communication services with your OpenBSD.
- Chat/Jabber XMPP Server
- Mail Services
- Virtual Private Networks
- File/Print Sharing with Windows clients
- Miscellaneous such as FTP, MySQL
E-mail may just be the lifeblood of the Internet, unless you’re younger than 25. Various tools come together to provide what is generally termed an E-mail Server, (MTA) and we bring together some of these key tools on OpenBSD.
- SMTP Server, using Sendmail or Postfix
- Client access (POP3, IMAP, TLS server) using Dovecot
- Virtual Accounts
VPN - Virtual Private Networks
Install and configure a VPN using OpenVPN
- Configuring your OpenVPN Server
- Generating, maintaining Certificates
- Wide Area Network - WAN using OpenVPN, with a sample configuration
- Connecting Windows Client
Configure the base Apache Server and complementary services such as.
- Caching for access control and service utilisation.
- Content Filter for access control
- SSL Certificates for setting up your own SSL sites.
Gateways and Perimeter Systems
High Availability | Firewall | Routing
OpenBSD is a great tool for securing your borders and gateways and comes pre-configured with foundation tools for such services.
With the base install of OpenBSD you can readily configure border services such as a Packet Filtering Firewall (pf), Encrypted VPNs (ipsec), and routing gateways (bgpd).
In this section, we review facilities in OpenBSD common in our border system deployments such as redundancy.
Maintenance involves a lot of monitoring, not only monitoring your host resources, but other factors that together define the service delivery you wish to supply. Monitoring involves passive accumulation of events, and the decision process from these.
The Other Road
It’s important to re-iterate that the OpenBSD project extends a good effort to documenting it’s toolkit. The OpenBSD FAQ 6 - Networking is required reading. When you know your sh*t, you can refer back to the FAQ to
- Get your box up and running, and keeping it that way
- Get your box connected, and stay that way
The FAQ is a good guide and foundation knowledge that will serve you well as most services your configure or install will need Network access.