0

OpenBSD IPsec Tunnel Guide

This guide will explain how to setup a site-to-site IPsec tunnel (i.e., tunnel mode IPsec) between two OpenBSD gateways. Throughout this document there are example configs shown, some of which contain secret key data. DO NOT use these example keys! Create your own (as shown) and keep them private. Table of Contents Introduction The Tools Terminology Building a Site-to-Site Tunnel Starting isakmpd Allowing IPsec Traffic Through pf(4) Filtering Traffic on the Tunnel Adding Redundancy Troubleshooting The Tools OpenBSD ships with all the tools needed to begin using IPsec.

0

Installing Olive 7.1

Olive refers to a regular PC that's running Juniper Networks’ JUNOS software. Juniper developed Olive early on so they could perform testing of JUNOS during development. These days Olive is deprecated in favor of cheap, low-end M and J-series routers.

0

OpenBSD CARP Notes

CARP is the Common Address Redundancy Protocol. It's a secure, free alternative to the Virtual Router Redundancy Protocol and the Hot Standby Router Protocol. CARP was created and is maintained by the OpenBSD project. The notes here apply to OpenBSD 5.0 and higher. Protocol Information Virtual MAC Address The virtual MAC is in the format 00-00-5e-00-01-XX where the last octet is filled in by the CARP vhid. IP Protocol CARP uses IP protocol number 112 (0x70).

0

OpenBSD OpenBGPD Notes

OpenBGPD is a free, open-source implementation of the Border Gateway Protocol Version 4. It was created and is maintained by the OpenBSD project. The notes here apply to OpenBGPD as found in OpenBSD 4.0 and higher. Path Selection Process OpenBGPD will only ever install one route in the route table for a particular destination network (prefix). If OpenBGPD receives information about that prefix from more than one peer, a decision must be made on which one to use.

0

OpenBSD SNMP MIBs

The following SNMP MIBs and the accompanying code that extend the Net-SNMP daemon allow administrators to query information from various OpenBSD subsystems. Currently, stats can be queried from: Packet Filter The kernel sensors framework Common Address Redundancy Protocol (CARP) These MIBs are being integrated into OpenBSD's own snmpd. OpenBSD 5.1 has the kernel sensor and CARP MIBs. OpenBSD 5.1-current has and the future 5.2 release will have the pf MIB.

0

NetPacket PERL Module Enhancements

NetPacket provides a base class for a cluster of modules related to decoding and encoding of network protocol packets. Each NetPacket descendant module knows how to encode and decode packets for the network protocol it implements. Protocols that NetPacket can encode/decode include IPv4, TCP, UDP, ICMP, Ethernet, and ARP. I've written three additional modules for NetPacket that allow the encoding/decoding of IPv6, ICMPv6, and OpenBSD's Packet Filter binary log files. I've also made numerous changes to existing modules, including fixing spelling mistakes, bug fixes, and documentation enhancements.

0

Monitoring Postfix

The goal here is to monitor servers running Postfix to determine the number of email messages delivered locally and abroad and to graph that data. The data will be made available via Net-SNMP for collection using your NMS of choice. Postfix homepage: http://www.postfix.org/ Basis for this Work The methods outlined below are based on the work of Craig Sanders http://taz.net.au/postfix/mrtg/. Some things that are done different here: Only one database file is used for storing the data instead of two.

0

Monitoring BIND9

The goal here is to monitor DNS servers running BIND version 9 and graph the various statistics that it records about itself. The statistics will be made available to the Net-SNMP daemon by a script. From there, the data can be polled by whatever NMS you choose to use. Table of Contents Getting Stats from BIND Serving Stats via SNMP Download for BIND 9.4 Download for BIND 9.6 and Newer Notes