Today is a wonderful Monday and im feeling great. Just finished upgrading my virtual firewall that right virtual firewall that is running openbsd from version 4.8 to 4.9. This is just a quick tutorial on how to do just that the simple way. Note: This is my way of upgrading openbsd if you have a better way please feel free to do so nothing is stopping you, On that note lets get started. NOTE: This tutorial is now for newbies this is an advanced tutorial. if you dont know how to install openbsd please go to openbsd.org and read up on how to install open in the installation guide
Step 1. Download a copy of openbsd 4.9 bsd.rd
Step 2. Copy the bsd.rd file to the / directory you can use any method you like. i like using scp (secure copy) here is an example if you are not familiar with scp
scp bsd.rd [email protected]:/home/blah
Step 3. Power down or Reboot your box however when your at the boot prompt type in the following
bsd.rd and press the enter or return button
Step 4. following the prompts
Step 5. Enjoy your new version of Openbsd.
Random Adventures and thoughts from the mind of a Security Researcher. Hacking is not a Job its a LifeStyle
Showing posts with label OpenBsd. Show all posts
Showing posts with label OpenBsd. Show all posts
Monday, May 2, 2011
Saturday, November 27, 2010
Configuring Openvpn on Openbsd4.8
I'm in the process of setting up my virtual test network starting with my openbsd firewall running openvpn. This is a quick tutorial on how to setup and configure openvpn on openbsd 4.8 (or any other version of openbsd). Im not going to get into the details of how to install and configure openbsd. The openbsd crew has great documentation on how to install and configure the OS at http://openbsd.org/. Ok now that is out of the way lets get started on installing and configuring openvpn shall we.
############
#Disclaimer
############
This tutorial is the way that i got openvpn to work on openbsd i am not saying that this method will definitly work for you so keep that in mind when going through this tutorial.
First lets install openvpn from the ports tree in openbsd which is pretty simple by doing the following:
1. cd /usr/ports/net/openvpn
2. make && make install
3. cd /usr/local/share/examples/openvpn/easy-rsa/1.0
(Don’t bother with the 2.0 directory, I spent a good 3days hacking around with the scripts and config files there only to find they just don’t work. A big thank you goes to BasketCase on #openvpn of Freenode for pointing in the right direction at this point.
4. vi vars and set the last 6 exports to your liking
KEY_SIZE
KEY_COUNTRY
KEY_PROVINCE
KEY_CITY
KEY_ORG
KEY_EMAIL
The default KEY_SIZE is okay, but if you’re paranoid you can set it to 2048.
5. source the vars file
. ./vars
6. ./clean-all
7. Build Certificate Authority cert if your self-signing (aka not using Thawte, VeriSign etc.)
./build-ca
8. Build your Diffie/Hellman PEM file
./build-dh
9. Build your Server key. Pay attention here, this is your server/endpoint key pair.
./build-key-server
10. mkdir -p /etc/openvpn/private
11. cd /etc/openvpn/private
12. cp /usr/local/share/examples/openvpn/easy-rsa/1.0/keys/* .
13. mv *.crt ../
14. openvpn –genkey –secret ta.key
15. cd ../ && chmod -R 700 *
16. cp /usr/local/share/examples/openvpn/sample-config-files/server.conf .
17. vi server.conf to your liking.
change dev tun to dev tun0
provide explicit paths for ca, cert, key and dh
change server to an approprate subnet and mask for your vpn clients
Enable tls-auth
uncomment user and group. Dropping privileges should be done without a second thought.
18. Test it all out.
openvpn –config server.conf
19. Add the following to /etc/rc.local
if [ -x /usr/local/sbin/openvpn ]; then
echo -n ‘ openvpn ‘
/usr/local/sbin/openvpn –config /etc/openvpn/server.conf > /dev/null 2>&1
fi
That gets the server up and running.
I hope you find this tutorial helpful. and if you run into trouble after reading this guide remember google first :)
############
#Disclaimer
############
This tutorial is the way that i got openvpn to work on openbsd i am not saying that this method will definitly work for you so keep that in mind when going through this tutorial.
First lets install openvpn from the ports tree in openbsd which is pretty simple by doing the following:
1. cd /usr/ports/net/openvpn
2. make && make install
3. cd /usr/local/share/examples/openvpn/easy-rsa/1.0
(Don’t bother with the 2.0 directory, I spent a good 3days hacking around with the scripts and config files there only to find they just don’t work. A big thank you goes to BasketCase on #openvpn of Freenode for pointing in the right direction at this point.
4. vi vars and set the last 6 exports to your liking
KEY_SIZE
KEY_COUNTRY
KEY_PROVINCE
KEY_CITY
KEY_ORG
KEY_EMAIL
The default KEY_SIZE is okay, but if you’re paranoid you can set it to 2048.
5. source the vars file
. ./vars
6. ./clean-all
7. Build Certificate Authority cert if your self-signing (aka not using Thawte, VeriSign etc.)
./build-ca
8. Build your Diffie/Hellman PEM file
./build-dh
9. Build your Server key. Pay attention here, this is your server/endpoint key pair.
./build-key-server
10. mkdir -p /etc/openvpn/private
11. cd /etc/openvpn/private
12. cp /usr/local/share/examples/openvpn/easy-rsa/1.0/keys/* .
13. mv *.crt ../
14. openvpn –genkey –secret ta.key
15. cd ../ && chmod -R 700 *
16. cp /usr/local/share/examples/openvpn/sample-config-files/server.conf .
17. vi server.conf to your liking.
change dev tun to dev tun0
provide explicit paths for ca, cert, key and dh
change server to an approprate subnet and mask for your vpn clients
Enable tls-auth
uncomment user and group. Dropping privileges should be done without a second thought.
18. Test it all out.
openvpn –config server.conf
19. Add the following to /etc/rc.local
if [ -x /usr/local/sbin/openvpn ]; then
echo -n ‘ openvpn ‘
/usr/local/sbin/openvpn –config /etc/openvpn/server.conf > /dev/null 2>&1
fi
That gets the server up and running.
I hope you find this tutorial helpful. and if you run into trouble after reading this guide remember google first :)
Subscribe to:
Posts (Atom)
Cracking Kerberos Service Tickets (TGS) Using Kerberoasting
As of late I've been spending a lot of time researching and learning different techniques when it comes to attacking Active Directory En...
-
As of late I've been spending a lot of time researching and learning different techniques when it comes to attacking Active Directory En...
-
Poison has been retired i believe for at least 2 weeks now. This box was fun and special to me at the same time.This is the first box that i...