View Single Post
  #6   (View Single Post)  
Old 26th November 2008
s2scott's Avatar
s2scott s2scott is offline
Package Pilot
 
Join Date: May 2008
Location: Toronto, Ontario Canada
Posts: 198
Default

Since we're talking about ports and packages, I'll offer the following "food for thought."

It is contrary to good practice to install a development environment and tools on the perimeter gateway/firewall machine. If you need to "role your own," it's unwise to do the "rolling" on the bastion machine itself.

When I have to do this, and the openVPN ports was such a case for me, I used VirtualBox (free) on another machine (Windows XP), created a 640MB RAM, 4GB disk virtual machine, installed a full-on version of openBSD into it, rolled the openVPN stuff and, then scp the results over to the bastion gateway.

This keeps the bastion box clean and purpose-specific.

The VirtualBox VM with the developer-wise openBSD instance can be stopped, started, or destroyed as needed.

There are, of course, other VM engines, but VirtualBox is the one I like because it runs on both Solaris and Windows which are my two primary desktop O/S's.

(let the this VM vs. that VM flame wars begin ).

Good luck,
/S
__________________
Never argue with an idiot. They will bring you down to their level and beat you with experience.
Reply With Quote