Language Selection

English French German Italian Portuguese Spanish

Unscrewed; a Story About OpenBSD

Filed under
BSD

If you’re in the packet delivery business, and you’ve never tired OpenBSD, then you’re really missing out. Pretty much everything you care about as a network guy on production networks is configured via a virtual interface. This includes CARP, IPSEC, and all manner of encapsulation and tunneling protocols. This is awesome because all the tools designed to work on interfaces, like tcpdump, work on these virtual interfaces too. So if I want to get a look at my VPN traffic, I can tcpdump enc0.

Which brings up another great point, with OpenBSD, your packet inspection and general network troubleshooting toolbox is way better. Nmap, Argus, sflow, tcpdump, snort, daemonlogger, and etc.. all the best tools are right there on your router if you want them. No need to use a packet tap, because your router is the packet tap.

OpenBSD has myriad built-in daemons for OSPF, BGP, and every other router protocol, as well as application-layer protocol proxies. OpenBSD is by far the fastest, easiest way to setup an ftp proxy that I know of. It also has a kernel-space packet filter called PF, which is crazy feature-rich and and easy to use. If you can console configure an ASA, or are an iptables user, you’ll pick up PF’s syntax in about 15 minutes. All the normal stuff like NAT, redirection, and forwarding are there. Further, PF can do things like policy routing, where you tag packets based on criteria you choose, and then make routing decisions later based on those tags. PF has packet queuing and prioritization built-in, so you can make some classes of traffic more important than others.

Read more

More in Tux Machines

today's howtos

6-Way Enterprise Focused Linux Distribution Comparison With An Intel Core i9, Dual Xeon Gold Systems

Here's our latest Linux distribution comparison with this time looking at the out-of-the-box performance of six Linux distributions while running a range of enterprise/workstation-focused benchmarks while using two systems. One system is a high-end Core i9 7980XE desktop system and the other a Tyan 1U Xeon Scalable server with dual Xeon Gold 6138 processors. Read more

Security: FOSS Versus Windows

Linux/Android hacker SBC with hexa-core Rockchip SoC debuts at $75

The Vamrs “RK3399 Sapphire” SBC is on sale for $75, or $349 for a full kit. Vamrs is also prepping an RK3399-based “Rock960” 96Boards SBC. Rockchip’s RK3399 is one of the most powerful ARM-based system-on-chips available on hacker boards, featuring two server-class Cortex-A72 cores clocked to up to 2.0GHz, as well as four Cortex-A53 at up to 1.42GHz and a quad-core Mali-T864 GPU. The hexa-core SoC has appeared on T-Firefly’s Firefly-RK3399 SBC and RK3399 Coreboard computer-on-module, as well as Videostrong’s VS-RD-RK3399 SBC and Theobroma’s RK3399-Q7 Qseven module. Now we have a new contender: Shenzhen based Vamrs, which built the limited edition Rockchip RK3399 Sapphire SBC as the official RK3399 dev board for Rockchip, is now re-launching the board, which features a 40-pin Raspberry Pi compatible connector, with “many in stock” for a discounted price of $75. Read more