Walkthroughs, tutorials, and scripting, focused on OpenBSD development.

Using wireguard on OpenBSD

By Finde Labs |  Jan 27, 2019  | openbsd, networking, wireguard, vpn

Earlier this week, I was casually discussing various VPN’s with my colleagues. I’ve tried my hand at OpenVPN a couple times in my life, but was turned off by the complicated setup, poor iOS compatibility (at the time), and slow reconnection speeds. The conversation quickly came to revolve around a relative newcomer to the VPN world: wireguard. With the promise of ease of use, minimalistic code base, proven security, wireguard threatens to take the VPN world by storm.

Continue Reading...

Compiling CWM on Linux

By Finde Labs |  Jan 25, 2019  | linux, cwm, source, compiling

I tried once, very briefly, to find a binary package for cwm on RHEL7. Maybe I was bored, or maybe I was just curious, but I figured out how to compile the cwm portable on Linux. It turned out to be a simple process of figuring out what packages were required to build cwm from source.

Continue Reading...

Deploying httpd with acme-client with Ansible

By Finde Labs |  Jan 24, 2019  | openbsd, ansible, configuration

Having the ability to rebuild a server/router from scratch in minutes with confidence, versus slaving over all your configs, trying to get everything working is life changing. I can’t remember how many times I’ve rebuilt a computer, only to run into an issue that I KNOW I’ve fixed before… over a year ago. With ansible, all the work goes into the first deployment, giving you the ability to redeploy a server at a moments notice.

OpenBSD does require some extra options to work properly, as ansible seems to work best with Linux. Hopefully my struggles can help some of you.

Continue Reading...

OpenBSD with tmux

By Finde Labs |  Jan 24, 2019  | openbsd, scripting, tmux, terminal-multiplexing

Being able to take off from work, and the next morning, be able to hop back into my tmux session from the day before is truly lifechanging. I used a custom screen config for a little while before stumbling across tmux. I read into tmux one day at work, and was simply amazed at how much easier it was to configure than screen! This led me to conduct an in-depth comparison between tmux and screen. Did you know, screen has some 254 known bugs? Some go back to 2005 the last time I checked.

Tmux is an active project that is significantly easier to configure, and just as stable in my experiance.

Continue Reading...

Configuring acme-client on OpenBSD

By Finde Labs |  Jan 22, 2019  | openbsd, encryption, httpd, acme-client

I hate spending money on things I don’t absolutely have to. Maybe that’s why I like opensource. I also like encryption. Therefore, I really like acme-client on OpenBSD. They have such an easy setup for generating your own SSL certs for use by a web server. In the article, I will walk through not only the basic configs that I’ve used. I am also writing a follow-up article that will illustrate how to create a quick ansible playbook that will do all the heavy lifting for you.

Continue Reading...

Using ifstated to watch an egress link

By Finde Labs |  Jan 19, 2019  | openbsd, ifstated, scripting

While developing my own OpenBSD router, I stumbled across a built-in service called ifstated. Previously, I was using a cronjob to run a script every five minutes to check the status of pppoe0. However, ifstated is able to do everything that my script could, in a more powerful way.

The inspiration for this configuration file originated heavily from calomel’s tutorial. I did modify a handful of items though, to better tailor it to my own router’s design.

Continue Reading...