*BSDThis forum is for the discussion of all BSD variants.
FreeBSD, OpenBSD, NetBSD, etc.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
# These steps are not necessary if you've already used openssl.
# On the contrary, I've executed some stuff:
# - checked if variables into openssl.cnf were ok for me
# - replaced dir variable ./demoCA with /root/CA (/root with 700 permission)
# - changed certificate dir from $dir/cacert.pem to $dir/certs/cacert.pem
# - created some dirs/files, in according with the config file
# - created the self-signed certificate
cp /usr/share/examples/openssl/openssl.cnf /etc/openssl
mkdir -p /root/CA/private
mkdir -p /root/CA/certs
mkdir -p /root/CA/crl
mkdir -p /root/CA/newcerts
echo 1000 > /root/CA/serial
openssl req -new -x509 -keyout /root/CA/private/cakey.pem -out /root/CA/certs/cacert.pem -days 3650
# Ok, now we can generate the certificate for the server
openssl genrsa -out /root/CA/private/netbsd4vpn.key 1024
openssl req -new -key /root/CA/private/netbsd4vpn.key -out /root/CA/crl/netbsd4vpn.req
openssl ca -in /root/CA/crl/netbsd4vpn.req -out /root/CA/certs/netbsd4vpn.pem -days 1000
openssl dhparam -out dh1024.pem 1024
# Certificate for my android phone
openssl req -nodes -new -newkey rsa:1024 -keyout /root/CA/private/phone.key -out /root/CA/crl/phone.req -days 1000
openssl ca -in /root/CA/crl/phone.req -out /root/CA/certs/phone.crt -md sha1 -days 1000
# Enable IP fowarding
echo "net.inet.ip.forwarding=1" >> /etc/sysctl.conf
# Into /usr/pkg/etc/openvpn/server.conf, change:
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 22.214.171.124"
# And now modify phone.ovpn with:
remote yourServerIp yourServerPort
# ca ca.crt # you must comment it
# cert client.crt # you must comment it
# key client.key # you must comment it
set CLIENT_CERT 0
# Move phone.ovpn into android sd and import it with openvpn app
# Add the nat rule in /etc/pf.conf (into /etc/rc.conf, pf=YES)
nat on your_interface from 10.8.0.0/24 to any -> your_interface
A fast tutorial to install lighttpd with ssl on NetBSD.
# Download pkgsrc, where pkgsrc-20xxQy is the stable branch (for example, pkgsrc-2014Q1)
# Untar it into /usr
tar -xzf pkgsrc.tar.gz -C /usr
# Enable ssl option into mk.conf
echo "PKG_OPTIONS.lighttpd=ssl" >> /etc/mk.conf
# Compile lighttpd
cp /usr/pkg/share/examples/rc.d/lighttpd /etc/rc.d/
echo "lighttpd=YES" >> /etc/rc.conf
# Verify if lighttpd uses ssl
$> lighttpd -v
lighttpd/1.4.35 (ssl) - a light and fast webserver
Build-Date: May 11 2014 11:46:34
# Verify if lighttpd user and group have been created.
useradd -s /sbin/nologin -g lighttpd lighttpd
# You can find any configuration files under /usr/pkg/etc/lighttpd/
# The default path which you insert your index file is /srv/www/htdocs
# In fact into lighttpd.conf, you can see:
# var.server_root = "/srv/www"
# server.document-root = server_root + "/htdocs"
# To enable SSL for the whole server, uncomment:
ssl.engine = "enable"
ssl.pemfile = "/whatyouwant/lighttpd/lighttpd.pem"
# Generate the self-signed certificate
openssl req -new -x509 -keyout lighttpd.pem -out lighttpd.pem -days 3650 -nodes
chmod 400 lighttpd.pem
# Let's go