OpenBSD is a fun platform to immerse in software, networking, security, and Operating Systems principals. Even more so if you're delusional, into gratification through pain and deprivation. OpenBSD's not too shaby filling in as a General Purpose Operating System (GPOS) with some fine features to stand-in as your Firewall, Gateway Servers.

OpenBSD is well documented through Unix man(ual) pages, with a lucid online Frequently Asked Questions(FAQ)

These notes reference how we got/keep OpenBSD up and running. Verify what you read here through the OpenBSD mailing lists, Internet and practise safe Computing.

• Build and Consistency
• Communications Systems
• Configuration Maintenance
• Gateway, Border Systems
• Monitoring it all

Build and Consistency

Putting together an OpenBSD box is fun and easy, although there are a few hurdles that can seem daunting for the new user. The installation process is well defined and documented. We include here a few areas that might be interesting to review before a system install (especially for new users.)

Likewise, we try to put here general issues to consider when planning to roll-out OpenBSD to your critical infrastructure.

Secured Communications

Your first step in connecting your new OpenBSD box, to anything, is to read the OpenBSD FAQ 6 - Networking document. And then, read it again.

Afterwards, we explore sharing and securing communications services.

• File Sharing with Windows clients
• FTP Server
• Mail Services
• Virtual Private Networks

Mail Server

For example, e-mail may just be the lifeblood of the Internet, unless you're younger than 25. Various tools come together to provide what is generally termed an E-mail Server, and we bring together some of these key tools on OpenBSD.

• an SMTP Server, using Sendmail or Postfix
• Client access (POP3, IMAP, TLS server) using Dovecot

Gateways and Perimeter Systems

OpenBSD is a great tool for securing your borders and gateways and comes pre-configured with foundation tools for such services.

With the base install of OpenBSD you can readily configure border services such as a Packet Filtering Firewall (pf), Encrypted VPNs (ipsec), and routing gateways (bgpd).

In this section, we review facilities in OpenBSD common in our border system deployments such as redundancy.

Monitoring

Maintenance involves a lot of monitoring, not only monitoring your host resources, but other factors that together define the service delivery you wish to supply. Monitoring involves passive accumulation of events, and the decision process from these.