LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Other *NIX Forums > *BSD
User Name
Password
*BSD This forum is for the discussion of all BSD variants.
FreeBSD, OpenBSD, NetBSD, etc.

Notices

Reply
 
Search this Thread
Old 02-21-2014, 12:58 PM   #31
JWJones
Member
 
Registered: Jun 2009
Location: Cascadia
Distribution: Slackware, LinuxBBQ, OpenBSD, Mac OSX
Posts: 723

Rep: Reputation: 187Reputation: 187

Quote:
Originally Posted by hitest View Post
In OpenBSD PF is enabled by default, but, /etc/pf.conf needs to be edited so that the firewall will protect your machine. This simple set-up works for my OpenBSD desktop machine.

Code:
block all
pass out keep state
Ah, good one, thanks!
 
Old 02-21-2014, 02:33 PM   #32
Xrandr
LQ Newbie
 
Registered: Feb 2014
Posts: 8

Rep: Reputation: 6
Quote:
Originally Posted by replica9000 View Post
An alternative to using xorg.conf to do this would be adding this line to your .xinitrc
Code:
xset fp+ /usr/local/lib/X11/fonts/webfonts
Thanks. I noticed the improvements already.

+1

Last edited by Xrandr; 02-21-2014 at 02:34 PM.
 
Old 05-19-2014, 08:07 AM   #33
kooru
Senior Member
 
Registered: Sep 2012
Location: Italy
Distribution: Slackware, NetBSD
Posts: 1,342
Blog Entries: 5

Rep: Reputation: 266Reputation: 266Reputation: 266
On my NetBSD home server I've installed openvpn to use it with my android phone.
Useful when I use a public wifi.
Here below, a basic howto.

# Install openvpn
pkg_add -v openvpn
cp /usr/pkg/share/examples/rc.d/openvpn /etc/rc.d/
echo "openvpn=YES" >> /etc/rc.conf

# These steps are not necessary if you've already used openssl.
# On the contrary, I've executed some stuff:
# - checked if variables into openssl.cnf were ok for me
# - replaced dir variable ./demoCA with /root/CA (/root with 700 permission)
# - changed certificate dir from $dir/cacert.pem to $dir/certs/cacert.pem
# - created some dirs/files, in according with the config file
# - created the self-signed certificate
cp /usr/share/examples/openssl/openssl.cnf /etc/openssl
cd /etc/openssl
mkdir -p /root/CA/private
mkdir -p /root/CA/certs
mkdir -p /root/CA/crl
mkdir -p /root/CA/newcerts
touch /root/CA/index.txt
touch /root/CA/serial
echo 1000 > /root/CA/serial
openssl req -new -x509 -keyout /root/CA/private/cakey.pem -out /root/CA/certs/cacert.pem -days 3650

# Ok, now we can generate the certificate for the server
openssl genrsa -out /root/CA/private/netbsd4vpn.key 1024
openssl req -new -key /root/CA/private/netbsd4vpn.key -out /root/CA/crl/netbsd4vpn.req
openssl ca -in /root/CA/crl/netbsd4vpn.req -out /root/CA/certs/netbsd4vpn.pem -days 1000
cd /usr/pkg/etc/openvpn
openssl dhparam -out dh1024.pem 1024

# Certificate for my android phone
cd /etc/openssl
openssl req -nodes -new -newkey rsa:1024 -keyout /root/CA/private/phone.key -out /root/CA/crl/phone.req -days 1000
openssl ca -in /root/CA/crl/phone.req -out /root/CA/certs/phone.crt -md sha1 -days 1000

# Enable IP fowarding
echo "net.inet.ip.forwarding=1" >> /etc/sysctl.conf

# Into /usr/pkg/etc/openvpn/server.conf, change:
ca /root/CA/certs/cacert.pem
cert /root/CA/certs/netbsd4vpn.pem
key /root/CA/private/netbsd4vpn.key
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 208.67.222.222"

# Build phone.ovpn
mkdir /root/CA/vpnclient
cp /usr/pkg/share/examples/openvpn/config/client.conf /root/CA/vpnclient
mv /root/CA/vpnclient/client.conf /root/CA/vpnclient/phone.ovpn
echo "set CLIENT_CERT 0" >> /root/CA/vpnclient/phone.ovpn
echo "<ca>" >> /root/CA/vpnclient/phone.ovpn
cat /root/CA/certs/cacert.pem | grep -A 100 "BEGIN CERTIFICATE" | grep -B 100 "END CERTIFICATE" >> /root/CA/vpnclient/phone.ovpn
echo "</ca>" >> /root/CA/vpnclient/phone.ovpn
echo "<cert>" >> /root/CA/vpnclient/phone.ovpn
cat /root/CA/certs/phone.crt | grep -A 100 "BEGIN CERTIFICATE" | grep -B 100 "END CERTIFICATE" >> /root/CA/vpnclient/phone.ovpn
echo "</cert>" >> /root/CA/vpnclient/phone.ovpn
echo "<key>" >> /root/CA/vpnclient/phone.ovpn
cat /root/CA/private/phone.key | grep -A 100 "BEGIN PRIVATE KEY" | grep -B 100 "END PRIVATE KEY" >> /root/CA/vpnclient/phone.ovpn
echo "</key>" >> /root/CA/vpnclient/phone.ovpn

# And now modify phone.ovpn with:
proto udp
remote yourServerIp yourServerPort
mute-replay-warnings
# ca ca.crt # you must comment it
# cert client.crt # you must comment it
# key client.key # you must comment it
set CLIENT_CERT 0

# Move phone.ovpn into android sd and import it with openvpn app

# Add the nat rule in /etc/pf.conf (into /etc/rc.conf, pf=YES)
nat on your_interface from 10.8.0.0/24 to any -> your_interface

# Reboot and have fun

Last edited by kooru; 05-19-2014 at 08:31 AM.
 
2 members found this post helpful.
Old 05-19-2014, 10:36 PM   #34
moisespedro
Senior Member
 
Registered: Nov 2013
Location: Brazil
Distribution: Slackware
Posts: 1,070

Rep: Reputation: 125Reputation: 125
How is this thread not a sticky?
 
Old 06-22-2014, 01:32 PM   #35
hitest
Senior Member
 
Registered: Mar 2004
Location: Prince Rupert, B.C., Canada
Distribution: Slackware, OpenBSD
Posts: 4,249

Original Poster
Rep: Reputation: 574Reputation: 574Reputation: 574Reputation: 574Reputation: 574Reputation: 574
Quote:
Originally Posted by pan64 View Post
why do you need a reboot?
Did a little experiment and as it turns out a reboot is not needed. Thanks for the observation.
 
Old 07-03-2014, 06:07 PM   #36
JWJones
Member
 
Registered: Jun 2009
Location: Cascadia
Distribution: Slackware, LinuxBBQ, OpenBSD, Mac OSX
Posts: 723

Rep: Reputation: 187Reputation: 187
OpenBSD has a curses-based package manager, with which you can browse by catagory (much like with Synaptic in Debian-based distros). To get it:

Code:
sudo pkg_add pkg_mgr
There it is on the left:
Attached Images
File Type: png pkgmgr_openbsd.png (142.5 KB, 22 views)
 
3 members found this post helpful.
Old 07-23-2014, 04:49 AM   #37
kooru
Senior Member
 
Registered: Sep 2012
Location: Italy
Distribution: Slackware, NetBSD
Posts: 1,342
Blog Entries: 5

Rep: Reputation: 266Reputation: 266Reputation: 266
A fast tutorial to install lighttpd with ssl on NetBSD.

Code:
# Download pkgsrc, where pkgsrc-20xxQy is the stable branch (for example, pkgsrc-2014Q1)
ftp ftp://ftp.NetBSD.org/pub/pkgsrc/pkgsrc-20xxQy/pkgsrc.tar.gz

# Untar it into /usr
tar -xzf pkgsrc.tar.gz -C /usr

# Enable ssl option into mk.conf
echo "PKG_OPTIONS.lighttpd=ssl" >> /etc/mk.conf

# Compile lighttpd
cd /usr/pkgsrc/www/lighttpd
make
make install
make clean
make clean-depends
cp /usr/pkg/share/examples/rc.d/lighttpd /etc/rc.d/
echo "lighttpd=YES" >> /etc/rc.conf 

# Verify if lighttpd uses ssl
$> lighttpd -v
lighttpd/1.4.35 (ssl) - a light and fast webserver
Build-Date: May 11 2014 11:46:34

# Verify if lighttpd user and group have been created.
# Otherwise:
groupadd lighttpd
useradd -s /sbin/nologin -g lighttpd lighttpd

# You can find any configuration files under /usr/pkg/etc/lighttpd/
# The default path which you insert your index file is /srv/www/htdocs
# In fact into lighttpd.conf, you can see:
# var.server_root = "/srv/www"
# server.document-root = server_root + "/htdocs"
#
# To enable SSL for the whole server, uncomment:
ssl.engine = "enable"
ssl.pemfile = "/whatyouwant/lighttpd/lighttpd.pem"

# Generate the self-signed certificate
cd /whatyouwant/lighttpd/
openssl req -new -x509 -keyout lighttpd.pem -out lighttpd.pem -days 3650 -nodes
chmod 400 lighttpd.pem

# Let's go
/etc/rc.d/lighttpd start
Links:
https://wiki.netbsd.org/lighttpd_on_netbsd/
http://wiki.netbsd.org/pkgsrc/how_to_use_pkgsrc/
http://www.netbsd.org/docs/pkgsrc/users-guide.html
http://redmine.lighttpd.net/projects/1/wiki/Docs_SSL

Last edited by kooru; 07-23-2014 at 04:54 AM.
 
1 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: FreeBSD/PC-BSD 9.1 Benchmarked Against Linux, Solaris, BSD LXer Syndicated Linux News 0 12-19-2012 07:31 PM
LXer: PC BSD 8.0 release made BSD much easier for desktop use | Installation and scre LXer Syndicated Linux News 0 02-26-2010 09:30 AM
PC BSD, Open BSD, or Free BSD ? Alexvader *BSD 5 02-08-2010 01:40 AM
Video For BSD --- New project to develop V4L compatible drivers for BSD Fritz_Katz *BSD 5 07-20-2008 12:53 AM
LXer: PC-BSD : A user friendly BSD flavor geared for the desktop LXer Syndicated Linux News 0 02-04-2006 04:01 PM


All times are GMT -5. The time now is 01:29 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration