OpenBSD is a fun platform to immerse in software, networking, security, and Operating Systems principals. Even more so if you're delusional, into gratification through pain, deprivation, self-learning. Although many users choose to use it for their desktop, and it's not too shaby filling in as the foundation for Border (Edge) Systems such as Firewalls and Gateway Servers.
These notes reference how we got/keep OpenBSD up and running. Verify what you read here through the OpenBSD supported documentation systems described above, ask questions on their mailing lists, use search engines such as Google or Bing and Practise Safe Computing (tm).
- Build and Consistency
- Communications Systems
- Configuration Maintenance
- Gateway, Border Systems
- Monitoring it all
Build and Consistency
Putting together an OpenBSD box is fun and easy, although there are a few hurdles that can seem daunting for the new user. The installation process is well defined, documented. We include here a few areas that might be interesting to review before a system install (especially for new users.)
Likewise, we try to put here general issues to consider when planning to roll-out a consistent deployment of OpenBSD.
Afterwards, we can explore end-user communication services with your OpenBSD.
- Chat/Jabber XMPP Server
- Mail Services
- Virtual Private Networks
- File/Print Sharing with Windows clients
- Miscellaneous such as FTP, MySQL
E-mail may just be the lifeblood of the Internet, unless you're younger than 25. Various tools come together to provide what is generally termed an E-mail Server, (MTA) and we bring together some of these key tools on OpenBSD.
- SMTP Server, using Sendmail or Postfix
- Client access (POP3, IMAP, TLS server) using Dovecot
- Virtual Accounts
VPN - Virtual Private Networks
Install and configure a VPN using OpenVPN
- Configuring your OpenVPN Server
- Generating, maintaining Certificates
- Wide Area Network - WAN using OpenVPN, with a sample configuration
- Connecting Windows Client
Configure the base Apache Server and complementary services such as.
- Caching for access control and service utilisation.
- Content Filter for access control
- SSL Certificates for setting up your own SSL sites.
Gateways and Perimeter Systems
OpenBSD is a great tool for securing your borders and gateways and comes pre-configured with foundation tools for such services.
In this section, we review facilities in OpenBSD common in our border system deployments such as redundancy.
Maintenance involves a lot of monitoring, not only monitoring your host resources, but other factors that together define the service delivery you wish to supply. Monitoring involves passive accumulation of events, and the decision process from these.
The Other Road
It's important to re-iterate that the OpenBSD project extends a good effort to documenting it's toolkit. The OpenBSD FAQ 6 - Networking is required reading. When you know your sh*t, you can refer back to the FAQ to
- Get your box up and running, and keeping it that way
- Get your box connected, and stay that way
The FAQ is a good guide and foundation knowledge that will serve you well as most services your configure or install will need Network access.