In this article I show you how you can run the IRC bouncer pounce(1) on a public reachable server. pounce is part of the IRC suite developed by June McEnroe. You may want to give the other pieces of the suite a try, especially the IRC client catgirl(1).| BSD How To
This article shows how to use IPsec transport mode to protect traffic between two hosts on the Internet. Transport mode comes in handy if you want to encrypt traffic between two publicly reachable hosts without the hassle of a full-blown VPN.| BSD How To
Yes, another post about setting up a mail server. I know, there are plenty similar posts already out there... This one is about setting up a mail server on an Internet facing host. It will accept and send mails for a domain, store the accepted mails locally and deliver them using POP3. This is a rather lengthy post because there are quite some pieces to put together.| BSD How To
This post is about configuring nsd(8) as a public name server for your own domain, providing DNS over TLS (DoT). Everything needed for this task is already there in OpenBSD base installation. You don't need to install a single additional package for this.| BSD How To
The title of this post sounds simple. But what I describe in this one goes further than just configure and start httpd(8) and you're done. It is about integrating all the required parts of OpenBSD base into a fully functioning web server that scores an A+ at SSL Labs Server Test using a free certificate from Let's Encrypt.| BSD How To
What sounds like a good idea at first will take revenge on you sooner or later. The mean thing is that, long after the installation of the system, something might break and you won't even be able to figure out that a missing installation set is the reason for this. Spare yourself the hassle and follow the sane defaults of OpenBSD by installing all the sets on every system.| BSD How To
This post is about updating the firmware on the PC Engines APU boards. Most people are afraid of bricking such boards with firmware updates. Indeed, it is easy to brick a board if you try to update the firmware along the way of doing something else. But if you pay attention to what you do and follow the instructions closely you will benefit from bugfixes and improvements that come along with the updates.| BSD How To
Recently, I got the task to build a malware scan server which supports ICAP at work. Actually we use RedHat Enterprise Linux as OS. But c-icap isn't available as package in one of the trustworthy repositories, so I decided to use OpenBSD for the task. The malware scan server uses ClamAV as malware scanner and c-icap als ICAP server, providing an interface for other products that support ICAP such as Squid.| BSD How To
You can find some great tools on suckless.org. Recently I've discovered sic - simple irc client. After staying away from IRC for a while because of too much frustration with the common IRC clients like irssi and weechat I gave sic a shot. In this post I show you how I have integrated sic with base tools to make IRC usable again.| BSD How To
Lately my private Nextcloud instance got short on disk space. The data is stored in an iSCSI LUN on a Synology Disk Station. Nextcloud runs on an OpenBSD server. In this how to I describe the steps I havve taken to increase the size of the LUN.| BSD How To
After the installation of Nextcloud you check for security and setup warnings in the administration panel. Although you followed the pkg-readme for Nextcloud to the point you get some yellow entries there. In this article I show you how you can get rid of these.| BSD How To
If you use cwm(1) as your window manager you probably also use its feature ssh-menu. The maintainer of cwm(1) wants to get rid of this feature because it actually doesn't belong into a window manager. In this article I show you a simple way to replace ssh-menu by dmenu.| BSD How To
You have setup relayd(8) in front of your httpd(8) server(s). Now you check /var/www/logs/access.log and realize that the only client IP you see in it is the IP of your relayd(8) server. In this post I show you a way to deal with this situation.| BSD How To
This post shows you how to install on OpenBSD. It uses httpd(8) as webserver, PHP, and MariaDB as database.| BSD How To
In this post I show you how you can configure Nextcloud to use syslogd(8) instead of its default log file /var/www/nextcloud/data/nextcloud.log.| BSD How To
Are you annoyed of the bruteforce attacks against your SSH daemon? Are you looking for an easy way to block offending IPs on OpenBSD without installing an intrusion prevention system? In this post I present you a small shell script which uses tools from OpenBSDs base to achieve IP blocking.It has proven effective against slow bruteforce attacks.| BSD How To
This is a very bad idea as some OpenBSD users with this configuration have learned after the upgrade from 6.3 to 6.4. OpenBSD offers you sane defaults. Sane does not only mean secure, it also means future-proof. Go for the defaults or live with the consequences.| BSD How To
In this post I desribe an easy way to authenticate against a central user database like Active Directory using the RADIUS protocol. In a mixed environment this makes it possible to login to OpenBSD using the username and password of an user account in Active Directory.| BSD How To
In this post I show you how to configure carp(4) on virtual machines that run on. The setup will consist of two VMs running OpenBSD -current. Each VM gets one single vNIC.| BSD How To
In this post I show you how you can save and restore pf(4) tables. This is useful to preserve the content of dynamically built tables during reboots of OpenBSD.| BSD How To
OpenBSD comes with unbound(8) and nsd(8) in base. This post shows you how to combine these two tools to provide DNS for an internal network including an internal DNS zone.| BSD How To
I show you how you can boot bsd.rd over the network. OpenBSD brings along all the tools you need for this in the base system. You need only one additional box that works as the server for DHCP and TFTP| BSD How To
In this post I show you an easy way to provide urandom(4) for your Nextcloud instance running on OpenBSD. This provides high quality random numbers to Nextcloud and silences the error message that the device is not accessible| BSD How To
I create a simple status bar that shows useful information like display birghtness, network status and battery status. A shell script uses tools from the OpenBSD base to collect the information and write it to stdout. The tool lemonbar from ports will read the information on stdin and displayed it formated in customizable bar| BSD How To
In this post I show you how to leverage SFTP for publishing your web pages. All you need for this is OpenSSH and a dedicated user with a keypair for authentication. Of course I have tested the commands I show you in this post on OpenBSD| BSD How To
In this post I show you how you can leverage rebound(8) to provide a central DNS cache for the VMs on your OpenBSD host running vmm(4)/vmd(8)| BSD How To
In this post I show you how you can configure OpenSSH on OpenBSD to allow passwords with two factor authentication (2FA). I use the login_otp module from Reyk Flöter for this.| BSD How To
Moving services, e.g. SSH, to another TCP port than the default one is security by obscurity. In the short term this prevents attacks. But the attackers will not take long to find out that your service is listening to another port.| BSD How To
When I created the Atom feed for this site I wanted to use UUIDs in the id tags of the file. I looked for an easy way to generate a new UUID. So I wrote the shell script uuid.sh.| BSD How To
This post shows you how to automate the mounting of removable storage. This can be a USB stick, a SD card or iSCSI LUNs. OpenBSD has a very handy daemon for this task in the base system: hotplugd(8)| BSD How To
In this post I show you how I made the backward and forward keys work on my mouse and trackball. You can use this as a template to make any key on a pointing device execute any action you want. It is all about remapping keys on pointing devices the right way.| BSD How To
In this post I describe how to write a shell script that provides you with a list of available OpenVPN connections to choose from. The script uses only tools available on OpenBSD. You don’t need to install any other package than OpenVPN. You can use the mechanism of this script to present a choice for something else than OpenVPN.| BSD How To
BSDHowTo.ch| www.bsdhowto.ch
BSDHowTo.ch| www.bsdhowto.ch