How to Install Smokeping on OpenBSD

Requiremens

• running Server with OpenBSD
• Root Permission
• FQDN with Cert

Install Software

pkg_add smokeping

Update Config

cat << 'EOF' >/etc/smokeping/config
*** General ***

owner    = YOUR NAME
contact  = [email protected]
mailhost = localhost
sendmail = /usr/sbin/sendmail
# NOTE: do not put the Image Cache below cgi-bin
# since all files under cgi-bin will be executed ... this is not
# good for images.
imgcache = /var/www/htdocs/smokeping/cache
imgurl   = cache
datadir  = /var/db/smokeping
piddir  = /var/run
cgiurl   = https://YOUR.URL.NET/smokeping/smokeping.cgi
smokemail = /etc/smokeping/smokemail
tmail = /etc/smokeping/tmail
# specify this to get syslog logging
syslogfacility = local0
# each probe is now run in its own process
# disable this to revert to the old behaviour
# concurrentprobes = no

*** Alerts ***
to = [email protected]
from = smokealert@localhost

+someloss
type = loss
# in percent
pattern = >0%,*12*,>0%,*12*,>0%
comment = loss 3 times  in a row

*** Database ***

step     = 300
pings    = 20

# consfn mrhb steps total

AVERAGE  0.5   1  28800
AVERAGE  0.5  12   9600
    MIN  0.5  12   9600
    MAX  0.5  12   9600
AVERAGE  0.5 144   2400
    MAX  0.5 144   2400
    MIN  0.5 144   2400

*** Presentation ***

template = /etc/smokeping/basepage.html

htmltitle = yes
graphborders = no

+ charts

menu = Charts
title = The most interesting destinations

++ stddev
sorter = StdDev(entries=>4)
title = Top Standard Deviation
menu = Std Deviation
format = Standard Deviation %f

++ max
sorter = Max(entries=>5)
title = Top Max Roundtrip Time
menu = by Max
format = Max Roundtrip Time %f seconds

++ loss
sorter = Loss(entries=>5)
title = Top Packet Loss
menu = Loss
format = Packets Lost %f

++ median
sorter = Median(entries=>5)
title = Top Median Roundtrip Time
menu = by Median
format = Median RTT %f seconds

+ overview 

width = 600
height = 50
range = 10h

+ detail

width = 600
height = 200
unison_tolerance = 2

"Last 3 Hours"    3h
"Last 30 Hours"   30h
"Last 10 Days"    10d
"Last 360 Days"   360d

#+ hierarchies
#++ owner
#title = Host Owner
#++ location
#title = Location

*** Probes ***

+ FPing

binary = /usr/local/sbin/fping

*** Targets ***

probe = FPing

menu = Top
title = Network Latency Grapher
remark = Welcome to the SmokePing

+ Remote
menu= Remote
title= Remote hosts

+ DNS
menu = DNS
title = DNS

++ cf
menu = 1.1.1.1
title = 1.1.1.1
host = 1.1.1.1

++ google
menu = 8.8.8.8
title = 8.8.8.8
host = 8.8.8.8

++ quad9
menu = 9.9.9.9
title = 9.9.9.9
host = 9.9.9.9
EOF

Create Folders

don’t like to set permission to 777. but it does not work without :(

How to Build your own AnyCast Network

you’re using anycast every day. all public resolvers (1.1.1.1, 8.8.8.8, 9.9.9.9) for example are anycast ip’s and hence, many servers distributed around the world which listen and announce the same ip address.

we can build a proof of concept, how to build such a network, for a few $.

Requirements

AS Number

Anycast heavily depends on BGP. So, you need a own AS Number. I got my for 15 CHF/Year from Securebit.ch. You should also keep in mind that you will not get any IPv4 addresses without buying them for the market. So, your Setup will be based on IPv6 only.

When is an anycast ip an anycast ip ?

that’s a question i was asked recently. As LTNN (Long Term Networking Nerd), i’m aware of Unicast, Multicast, Broadcast and also Anycast. so, let’s have a look into this.

hint: this article is not about how to setup your own anycast network. this may follow soon ?!?

Terminologie

Unicast 1:1

Sending a message from one sender to one recipient

Multicast 1:many

Sending a message from one sender to multiple recipients

do you know that you can forward Variables through SSH ?

sha256: a09f31ecd22a35832bb0a2d937c44853f1a7d754d60c6a41f38153d5e56ce84f

made a few Slides about SSH Agent & Agent Forwarding with https://slides.com. Do you like it ? I do …

sha256: dd15fd6475246beedee7f6c61924134c76248cf5e28d7092283475c97e9f2f50

Intro

I was wondering if you can have Wildcart Certs for certain Subdomain. Idea is to provide a Service with “myservice.auth.your.domain” which automatically requests Authentication, while the same Service “myservice.whitelist.your.domain” is reachable through some Whitelisted IP only.

As Traefik can Chain Middleware, but not implements some logic (If Whitelist -> ok, else do Basic Auth …), i have to build another solution.

let’s have a look

Prepare Folders

cd /your/traffic/rootfolder
mkdir -p config/dynamic

.env File

we need two variables, so let’s put them in the .env File

Strip Prefix

Let’s assume you have a URL “https://whoami.your.domain.de/removeme" and you wanna get rid of the “removeme” before passing the Request to the Webserver. Stripprefix is your friend …

docker-compose.yml

  whoami:
    image: containous/whoami
    labels:
      - "traefik.enable=true"
      - "traefik.http.middlewares.test-stripprefix.stripprefix.prefixes=/wegdamit,/removeme"
      - "traefik.http.routers.whoami.middlewares=test-stripprefix@docker"
      - "traefik.http.routers.whoami.rule=Host(`whoami.your.domain.de`)"
      - "traefik.http.routers.whoami.tls.certresolver=letsencrypt"
      - "traefik.http.routers.whoami.tls=true"

sha256: 0620c0c2d7ae033f2536f6797a048772e52a09119367f4864f8bb2a754d2ea57

Tailscale on Public Intrnet

Setup

Let’s build a few machines around the world and get our hands dirty with headscale / tailscale.

headscale

• amsterdam

tailscale

• stockholm
• miami
• singapore
• sydney

goal is to build a fullmesh network with all 4 tailscale clients

Headscale Server

• install OpenBSD 7.2 (needs golang 1.19) as described here

Generate Install Key

let’s generate a reusable install key for all 4 clients. It’s valid for 1 hour.

Running Headscale Server on OpenBSD

i like and widely use wireguard for my infrastructure. i’m also aware of it’s limitation and i know the tailscale project but never gave try. recently, i stumbled upon the headscale project, an opensource alternative to for the (closed) tailscale server. perfect, let’s give a try!

and, of course, i’m gooing to implement this with OpenBSD, what else ;)

Doku

• https://github.com/juanfont/headscale/blob/main/docs/running-headscale-openbsd.md
• https://zakaria.org/posts/headscale-setup.md

on the Server

compile and install server

this is working on OpenBSD 7.1, and also on the upcomming Version 7.2

If you have Docker running somehwere … bring up your Smoke Instance within Seconds ;)

Smokeping

docker run --name smoke --restart always -d -p 80:80 linuxserver/smokeping

Show Containers

docker ps

docker-test:~# docker ps
CONTAINER ID   IMAGE                   COMMAND   CREATED         STATUS         PORTS                               NAMES
8f8b872ac1c3   linuxserver/smokeping   "/init"   6 minutes ago   Up 6 minutes   0.0.0.0:80->80/tcp, :::80->80/tcp   smoke

Shell into Docker

docker exec -it smoke /bin/sh

Check Netstat

root@8f8b872ac1c3:/# netstat -an
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags       Type       State         I-Node Path
unix  2      [ ACC ]     STREAM     LISTENING     406670 s
unix  2      [ ACC ]     STREAM     LISTENING     406078 /run/apache2/fcgidsock/137.0

Preview