To search

Stephan Rickauer's Hacking Lab

A random guy on IT Security, Hacking, Unix and Whatnot.

Sunday, July 16 2017 16:51

OpenBSD rtables and rdomains

Today I was playing with OpenBSD routing domains the first time. Traditionally, multiple interfaces are connected to one routing table. A global switch called 'IP forwarding' will turn packet flows between all interfaces on or off. A more fine-grained control requires some kernel level packet filtering, usually done by PF on OpenBSD. However, with rdomains one can easily isolate traffic to specific routing domains, to separate networks in kernel space.

Continue reading...

Monday, August 15 2016 11:32

OpenBSD and PCEngine's APU

For quite a while, PCEngine's devices have been known to work well under OpenBSD. In the meantime, their famous Alix boards have been superseded by the next generation systems called APU. At work, we wanted to build a cheap sniffing device that could be used to tap and investigate 'interesting' traffic. An ideal use case to learn about the current state of affairs: OpenBSD on APU.

Continue reading...

Thursday, July 14 2016 16:45

Let's Encrypt on OpenBSD

UPDATE: letskencrypt has been merged into the base system of OpenBSD and renamed to acme-client

When Let's Encrypt has hit the planet and euphoria calmed down, I decided to give it a spin as soon as a clean, secure and simple OpenBSD client would be available. I may be late some months: letskencrypt has been published on Github on May 12th, 2016 and is currently available in version 0.18. I won't go into the merits of "why yet another client". Read Kristaps Dzonsons page on his beautiful design using isolated independent components. No Python. No Ruby. No Bash.

Continue reading...