OpenBSD

Borgbackup

Backup, Linux, Scripts, OpenBSD
Prerequisite you need a remote Borg Server (Unix/Linux Machine with Borg installed) valid User and Key for SCP Transferaaaa SSH Key -> /backup/id_ed25519 Create Local Folder test -d /backup || (mkdir /backup; chmod 700 /backup) Borg Backup Script cat << 'EOF2' > /backup/borg.sh #!/usr/bin/env bash # BorgBackup Script, v1.0, 2024-04-09, by @stoege # Remote server details REMOTE_USER="borguser" REMOTE_HOST="your.remote.borg.server" REMOTE_REPO="mysamplerepo" # Local directory to backup LOCAL_DIR="/" # List of directories to exclude EXCLUDE_DIRS=( "*/.

OpenBSD Bridge

Bridge, Network, OpenBSD
Bridge Interfaces on APU Let’s assume you have an APU2/3/4 and you wanna Bridge some of it’s Interfaces, em0/em1/em2 Create Bridge, add Interfaces cat << 'EOF' > /etc/hostname.bridge0 add vether0 add em0 add em1 add em2 up EOF Create Interfaces echo "up" >> /etc/hostname.em0 echo "up" >> /etc/hostname.em1 echo "up" >> /etc/hostname.em2 Create L3 Interface cat << 'EOF' > /etc/hostname.vether0 inet autoconf inet6 autoconf -temporary -soii up EOF Bring Up all together sh /etc/netstart or do a simpy reload

OpenBSD 7.5

OpenBSD, Release, 7.5
OpenBSD 7.5 finally released The 56th Release of OpenBSD was announced. My Upgrade Script is available here. Highlights added support for various new hardware, numerous performance improvements and of course security enhancements. IPv6 support in ppp(4) see the Post on Undeadly for more Details, or the OpenBSD Page … Script doas su - cd /root ftp https://blog.stoege.net/scripts/{.helpers,upgrade_to_75.sh} chmod u+x upgrade_to_75.sh Execute do the Upgrade ./upgrade_to_75.sh after the reboot Upgrade Packages just run the Script again

PF Basics

OpenBSD, Pf, Ruleset
Basic Ruleset Full Connectifity v4/v6 allow SSH in from RFC1918 allow all outgoing # Backup cp /etc/pf.conf /etc/pf.conf.bak-$(date "+%s") # Paste new Ruleset cat << 'EOF' > /etc/pf.conf ####################################################################################################################### # # OpenBSD PF Template # ####################################################################################################################### ######################## ### DEFAULT SETTINGS ### ######################## set block-policy drop set limit states 100000 set limit table-entries 1000000 set optimization normal set ruleset-optimization none set skip on { lo0 enc0 } set syncookies adaptive (start 25%, end 12%) ######################## ### MACROS ### ######################## # log block lb = "log" # log pass lp = "log" ######################## ### NORMALIZATION ### ######################## match inet scrub (no-df max-mss 1380) match inet6 scrub (max-mss 1360) ######################## ### Block all / uRPF ### ######################## block log block in log quick from urpf-failed label uRPF ############################ ### DHCP & IPv6 Stuff ### ############################ # Allow DHCP pass $lp quick inet proto udp from any port 68 to 255.

OpenBSD RDomains

APU, Mikrotik, Networking, OpenBSD, Routing
Intro Let’s assume you have a Mikrotik Router which got a Mgmt Interface with IP: ‘192.168.88.1/24’ and DHCP Server enabled. You wann Access the Router via HTTP/HTTPS while offering Internet Services for the Mikrotik Router. You have an APU and OpenBSD running. What do you do ? Setup 2 NIC’s em0: dhcp client, default route, rdomain 0 em3: dhcp client, rdomain 3 Interfaces Interface em0 cat << 'EOF' > /etc/hostname.em0 # Public Internet inet autoconf inet6 autoconf EOF Interface em3

OpenBSD - USB

Disk, OpenBSD, Usb
dmesg show disks dmesg |grep ^sd. sd0 at scsibus1 targ 0 lun 0: <ATA, KingFast, T031> t10.ATA_KingFast_04xxxxxxxxxxxx sd0: 114473MB, 512 bytes/sector, 234441648 sectors, thin sd1 at scsibus4 targ 1 lun 0: <JetFlash, Transcend 8GB, 1100> removable serial.85xxxxxxxxxxxxxxxxxx sd1: 7450MB, 512 bytes/sector, 15257600 sectors Show DiskLabel sysctl hw.disknames hw.disknames=sd0:9axxxxxxxxxxxxxx,sd1:60xxxxxxxxxxxxxx Show Disklabel sd1 disklabel sd1 disklabel sd1 # /dev/rsd1c: type: SCSI disk: SCSI disk label: Transcend 8GB duid: 60xxxxxxxxxxxxxx flags: bytes/sector: 512 sectors/track: 63 tracks/cylinder: 255 sectors/cylinder: 16065 cylinders: 949 total sectors: 15257600 boundstart: 64 boundend: 15257600 16 partitions: # size offset fstype [fsize bsize cpg] c: 15257600 0 unused Fdisk kill everything

Hetzner - Arm64 OpenBSD

Arm64, Hetzner, OpenBSD
OpenBSD on ARM64 at Hetzner DC Price/Performance is unbeatable at Hetzner for arm64 virtual machines. A Server (CAX21) with 4 CPU, 8 GB RAM, 80 GB Disk, 20 TB Traffic/month cost around 7 Euros/Month. Let’s build a Template for OpenBSD. Here is how todo it: Get Server with CAX21 (4 CPU, 8 GB RAM, 80 GB Disk), with Debian or Ubuntu Menu “ISO-Images”, mount Image “OpenBSD 7.4-current 2023-11-03 (arm64)” Reboot the VM Install OpenBSD as usual Disk: sd0 Use (W)hole disk (E)dit auto layout Delete all Partitions execpt Partition “i” (MSDOS) Build Disk Layout as you like.

APU - Firmware Upgrade

APU, Firmware, OpenBSD
intro as we all know, the apu’s from pcengines are eol. but it’s worth to bring the existing ones to the latest firmware. if you have openbsd running on your boxes, you can upgrade it with like this: add packages doas pkg_add -i flashrom pciutils set hostname based on apu version and mac of em0 type=$(dmesg |grep ^bios0: |tail -1 |sed 's/.*gines //') mac=$(ifconfig em0 |awk '/lladdr/ {print $2}' |awk -F':' '{printf "%s-%s-%s\n",$4, $5, $6}') echo "${type}-${mac}" |tee /etc/myname; hostname $(cat /etc/myname) sample

Python Versions

Debian, Python, OpenBSD
History Long time ago, there were huge discussions about Python 2.7 or Python 3.xx. Fortunately, these times are gone and we’ve all gotten over the hurdle to Python 3. But are you on 3.6, 3.7, 3.8 ? or even 3.11 or 3.12 ? That’s the current Version you should use for your daily Projects ? Status of Python versions A good indicator is this Website: https://devguide.python.org/versions/ OpenBSD It’s also recommended to check what our Operating System is installing by default, or what you can get from their Package Repository.

OpenBSD 7.4

OpenBSD, Release, 7.4
OpenBSD 7.4 finally released Today, the 55th Release of OpenBSD was announced. My Upgrade Script is available here. Highlights vmd(8) has moved to a multi-process model for virtio(4) block and network devices malloc(3) now has built-in leak detection In OpenSSH 9.5, ssh-kengen(1) generates Ed25519 keys by default sec(4) for Route Based IPSec VPNs see the Post on Undeadly for more Details, or the OpenBSD Page … Script doas su - cd /root ftp https://blog.