DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD General

OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 26th February 2012
npumcrisz npumcrisz is offline
New User
 
Join Date: Feb 2012
Posts: 5
Default Novice Unix Questions

I'm trying to setup up a multi-wan (multi-port) router with WAP capabilities.
Completed
  • Assembled a micro-ATX with an Intel dual core processor using 1GB DRR memory and an 8GB sata flash module.
  • In addition to an embedded Gbit ethernet port included a micro-PCI 3 Gbits ports.
  • Using a riser card installed a DWA-552 card for WAP
  • Installed zeroshell 1.0beta16 and used it successfully with the exception of WAP whereby the wireless card isn't recognized.
NOW the real deal or tough part!!
  • Repartition the flash module by installing OpenBSD 5.0 install50.iso
  • Rebooted successfully with a static ipv4 address assigned to re0(10.0.0.0/8)
Incomplete
  • Assign network ids to the remaining 3 wired ports.
  • Assign the DWA-552 in master mode for WAP services.
  • Configure PF I really need this because it has support for IPv6.
  • Install and configure DNS and DHCP.
  • Enable remote access with a web based GUI.

My problem is with the incomplete portion of my task.
*I don't know how to get access to the port/package collection! I think it may be on the install50.iso CD but alias how do I install what is needed?

*Only myself would have access to the router. I thought webmin (unless there is some other freeware out there that can do better) would do a great job. Alias all I read is security problems with webmin!! So what do I do?

* If I have to download webmin (unless other). I could download it on my windows 7 computer to a usb flash drive but how do I install the package/port then on the openbsd machine?
Reply With Quote
  #2   (View Single Post)  
Old 26th February 2012
ocicat ocicat is offline
Administrator
 
Join Date: Apr 2008
Posts: 3,318
Default

Quote:
Originally Posted by npumcrisz View Post
*I don't know how to get access to the port/package collection!
Welcome!

Section 15 of the project's official FAQ gives a solid overview of the packages/ports system. The number of available packages are too many to put on the downloadable ISO images, but the FAQ will point you towards the list of accessible mirror sites.
Quote:
Assign network ids to the remaining 3 wired ports.
Section 6 of the FAQ will get you started on network-related issues.
Quote:
Configure PF
The PF User's Guide provides a solid introduction. Reading the pf(4) manpage is also advised. One of the few documents recommended which is not formally affiliated with the OpenBSD project is Hansteen's online manuscript.
Quote:
Enable remote access with a web based GUI.
You will find that the command-line tools to be well documented & highly recommended. Web-based tools have not had a stellar track record for stability or security.

Take some time to study this information. If after digesting it, you have more focused questions, feel free to post again.
Reply With Quote
  #3   (View Single Post)  
Old 26th February 2012
npumcrisz npumcrisz is offline
New User
 
Join Date: Feb 2012
Posts: 5
Default

Quote:
Originally Posted by ocicat View Post
Welcome!

You will find that the command-line tools to be well documented & highly recommended. Web-based tools have not had a stellar track record for stability or security.

Take some time to study this information. If after digesting it, you have more focused questions, feel free to post again.
Ocicat would I be able remotely configure the openbsd machine?

If I could, will that possibly be via an utility such as "VNC"? I'm still trying to get my head around VNC. That includes how to install and or use it!!

If not via utility such as VNC, which do u recommend? I'm coming from a GUI environment so anything close to that l wouldn't mind if not then sadly no problem.

As for me if l dare to say, remote is a must.
Reply With Quote
  #4   (View Single Post)  
Old 26th February 2012
ocicat ocicat is offline
Administrator
 
Join Date: Apr 2008
Posts: 3,318
Default

Quote:
Originally Posted by npumcrisz View Post
Ocicat would I be able remotely configure the openbsd machine?
There are a number of available options.
Quote:
If I could, will that possibly be via an utility such as "VNC"?
This is a graphical third-party application option -- which means that the bandwidth requirements will be higher than other options I will mention later. Nevertheless, there are a number of third-party VNC (Virtual Network Computing) applications available in the packages/ports system:

http://openports.se/search.php?so=vnc

Wikipedia has a generalized article on VNC here.

As for other options, there is the SSH protocol. OpenSSH (ssh(1)) is part of OpenBSD's base installation. SSH clients can be found on virtually operating systems including Windows (PuTTY).

VPN (Virtual Private Network) solutions also exist. OpenVPN has been ported to OpenBSD:

http://openports.se/net/openvpn

OpenVPN is also an application which has been ported to other Unix-like operating systems. You will also find several books available on use/configuration.

Wikipedia also has an article here.

IPsec is also part of OpenBSD's base installation. A number of manpages will need to be studied; starting at ipsec(4) is a good beginning. Configuring IPsec is perhaps more challenging than OpenVPN, but IPsec (as a protocol) is integrated into OpenBSD's kernel. OpenVPN is a userland third-party application.

Wikipedia has an article on IPsec here.

One of the values of VPN solutions is that this addresses "road warriors" who may be connecting to servers from any IP address. With SSH, you will need to decide how port 22 (or whatever port you choose to use...) will be exposed to the Internet.
Quote:
As for me if l dare to say, remote is a must.
This is not a problem. While you are free to use graphical environments, they require more network resources. There also have been occasional security issues in the past. The other options I have mentioned are based on fundamental protocols, & may give you more latitude in terms of how you connect remotely.

Last edited by ocicat; 26th February 2012 at 07:30 PM.
Reply With Quote
  #5   (View Single Post)  
Old 27th February 2012
npumcrisz npumcrisz is offline
New User
 
Join Date: Feb 2012
Posts: 5
Default

Quote:
Originally Posted by ocicat View Post
There are a number of available options.

As for other options, there is the SSH protocol. OpenSSH (ssh(1)) is part of OpenBSD's base installation.

VPN (Virtual Private Network) solutions also exist.

OpenVPN is also an application which has been ported to other Unix-like operating systems.

IPsec is also part of OpenBSD's base installation. A number of manpages will need to be studied; starting at ipsec(4) is a good beginning. Configuring IPsec is perhaps more challenging than OpenVPN, but IPsec (as a protocol) is integrated into OpenBSD's kernel. OpenVPN is a userland third-party application.

One of the values of VPN solutions is that this addresses "road warriors" who may be connecting to servers from any IP address. With SSH, you will need to decide how port 22 (or whatever port you choose to use...) will be exposed to the Internet.

The other options I have mentioned are based on fundamental protocols, & may give you more latitude in terms of how you connect remotely.
ssh protocol
Alright I installed putty-0.62-installer.exe but is openssh enabled by default? I understand it may be install in the base installation but is it enabled?

vpn protocol
I installed securepointsslvpn_rc4.exe but is openvpn enabled by default?

IPsec
Am lost, how do l use this to remotely configure the openbsd server? Is this enabled in the base installation?
Reply With Quote
  #6   (View Single Post)  
Old 27th February 2012
ocicat ocicat is offline
Administrator
 
Join Date: Apr 2008
Posts: 3,318
Default

Quote:
Originally Posted by npumcrisz View Post
I understand it may be install in the base installation but is it enabled?
This depends upon whether what choice you made during installation. Section 4.5.2 of the FAQ discusses where:
Code:
Start sshd(8) by default? [yes] _
Quote:
I installed securepointsslvpn_rc4.exe but is openvpn enabled by default?
securepointsslvpn_rc4.exe is a Windows executable which you would install on Windows. You would not install it on OpenBSD. OpenVPN is a third-party application available in packages. It is not installed by default on OpenBSD. After installation, you will need to configure it yourself.
Quote:
Is this enabled in the base installation?
IPsec is integrated into OpenBSD's kernel, however, you will have to configure it yourself if this is your choice of VPN.

In general, we do not recommend documentation found on the Internet which was not published by the OpenBSD project. Frequently, it is out of date, incorrect, or incomplete. However, since you are still wrapping your head around IPsec, the following may give you some perspective:

http://www.kernel-panic.it/openbsd/vpn/

Yet, note that this document was written for OpenBSD 4.6. It is not guaranteed to work with OpenBSD 5.0. My recommendation is to read the article, followed by reading the manpages installed on OpenBSD 5.0. Again, ipsec(4) is a good beginning point.

Just to clarify, my previous message mentioned two separate technologies for remote access:
  • SSH.
  • VPN.
If you decide to configure a VPN, OpenVPN is one choice, IPsec is another. Both do not need to be configured.
Reply With Quote
  #7   (View Single Post)  
Old 26th February 2012
daemonfowl daemonfowl is offline
bsdstudent
 
Join Date: Jan 2012
Location: DaemonLand
Posts: 834
Default

Hi Npumcrisz !
I'm a newbie like you but I can help ... :-)

Quote:
*I don't know how to get access to the port/package collection!
the OpenBSD Team encourage the use of packages rather than ports
Quote:
IMPORTANT NOTE: The ports tree is meant for advanced users. Everyone is encouraged to use the pre-compiled binary packages
choose the closest mirror from ftplist .. here
http://openbsd.org/ftp.html#ftp
if you are in n Germany for instance , do this :
Code:
  $ export PKG_PATH=ftp://ftp.spline.de/pub/OpenBSD/5.0/packages/'machine -a'/
then .. to install bash , for example ..
Code:
$ sudo pkg_add bash
you can make the PKG_PATH permanent by putting it in your ~/.profile

Last edited by daemonfowl; 27th February 2012 at 12:18 PM.
Reply With Quote
  #8   (View Single Post)  
Old 26th February 2012
jggimi's Avatar
jggimi jggimi is online now
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

OpenSSH is the tool of choice to use for remote shell access, remote file transfers, remote command execution, and the tunneling of network connections for security. It has many different capabilities.

For remote commands and file transfers, start with the man pages for the client tools: ssh(1), sftp(1), scp(1). See the man page for the server daemon sshd(8), and you will also want to review the man pages for the configuration files, config_sshd(5) and config_ssh(5).

Michael W. Lucas has just published a book, SSH Mastery. See www.openbsd.org/books.html for more information.
Reply With Quote
  #9   (View Single Post)  
Old 27th February 2012
denta denta is offline
Shell Scout
 
Join Date: Nov 2009
Location: Sweden
Posts: 95
Default

I would also suggest using ssh/sshd for remote access. I mean, what would the typical VNC usage be? VNC in, and then open a terminal to to the admin tasks? If thats the case, you might aswell just stick with ssh/sshd.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Unix Popularity ninjatux Off-Topic 147 21st January 2014 09:49 PM
College, Unix, and careers! bsdsys_x86 Off-Topic 8 18th October 2008 09:59 PM
dos to unix linefeeds matt Programming 10 10th September 2008 10:02 PM
a tour through UNIX sources Oliver_H Off-Topic 2 25th June 2008 08:37 PM
Recommendation of the UNIX.COM Forums vermaden Off-Topic 53 24th June 2008 07:01 PM


All times are GMT. The time now is 11:44 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick