Episode 50

VPN, My Dear Watson

Download Subscribe
00:00:00
/
01:27:29
RSS Feed Download (60.1 MB) Link with Timestamp

August 13th, 2014

1 hr 27 mins 29 secs

Link with Timestamp

Download MP3 (60.1 MB)

Your Hosts
Tags
kansai openssl libressl rump kernels meetbsd nas network attached storage ixsystems freenas mini freenas xorg x11 xenocara tls lzo zfs exploit mitigation security ssh tunnel openvpn vps vpn interview bsd guide howto tutorial pcbsd dragonflybsd netbsd openbsd freebsd

About this Episode

It's our 50th episode, and we're going to show you how to protect your internet traffic with a BSD-based VPN. We'll also be talking to Robert Watson, of the FreeBSD core team, about security research, exploit mitigation and a whole lot more. The latest news and answers to all of your emails, on BSD Now - the place to B.. SD.

This episode was brought to you by

iXsystems - Enterprise servers and storage for open sourceTarsnap - online backups for the truly paranoid

Headlines

MeetBSD 2014 is approaching

  • The MeetBSD conference is coming up, and will be held on November 1st and 2nd in San Jose, California
  • MeetBSD has an "unconference" format, which means there will be both planned talks and community events
  • All the extra details will be on their site soon
  • It also has hotels and various other bits of useful information - hopefully with more info on the talks to come
  • Of course, EuroBSDCon is coming up before then ***

First experiences with OpenBSD

  • A new blog post that leads off with "tired of the sluggishness of Windows on my laptop and interested in experimenting with a Unix-like that I haven't tried before"
  • The author read the famous "BSD for Linux users" series (that most of us have surely seen) and decided to give BSD a try
  • He details his different OS and distro history, concluding with how he "eventually became annoyed at the poor quality of Linux userland software"
  • From there, it talks about how he used the OpenBSD USB image and got a fully-working system
  • He especially liked the simplicity of OpenBSD's "hostname.if" system for network configuration
  • Finally, he gets Xorg working and imports all his usual configuration files - seems to be a happy new user! ***

NetBSD rump kernels on bare metal (and Kansai OSC report)

  • When you're developing a new OS or a very specialized custom solution, working drivers become one of the hardest things to get right
  • However, NetBSD's rump kernels - a very unique concept - make this process a lot easier
  • This blog post talks about the process of starting with just a rump kernel and expanding into an internet-ready system in just a week
  • Also have a look back at episode 8 for our interview about rump kernels and what exactly they do
  • While on the topic of NetBSD, there were also a couple of very detailed reports (with lots of pictures!) of the various NetBSD-themed booths at the 2014 Kansai Open Source Conference that we wanted to highlight ***

OpenSSL and LibreSSL updates

  • OpenSSL pushed out a few new versions, fixing multiple vulnerabilities (nine to be precise!)
  • Security concerns include leaking memory, possible denial of service, crashing clients, memory exhaustion, TLS downgrades and more
  • LibreSSL released a new version to address most of the vulnerabilities, but wasn't affected by some of them
  • Whichever version of whatever SSL you use, make sure it's patched for these issues
  • DragonFly and OpenBSD are patched as of the time of this recording but, even after a week, NetBSD and FreeBSD are not (outside of -CURRENT) ***

Interview - Robert Watson - rwatson@freebsd.org

FreeBSD architecture, security research techniques, exploit mitigation

Tutorial

Protecting traffic with a BSD-based VPN

News Roundup

A FreeBSD-based CGit server

  • If you use git (like a certain host of this show) then you've probably considered setting up your own server
  • This article takes you through the process of setting up a jailed git server, complete with a fancy web frontend
  • It even shows you how to set up multiple repos with key-based user separation and other cool things
  • The author of the post is also a listener of the show, thanks for sending it in! ***

Backup devices for small businesses

  • In this article, different methods of data storage and backup are compared
  • After weighing the various options, the author comes to an obvious conclusion: FreeNAS is the answer
  • He praises FreeNAS and the FreeNAS Mini for their tight integration, rock solid FreeBSD base and the great ZFS featureset that it offers
  • It also goes over some of the hardware specifics in the FreeNAS Mini ***

A new Xenocara interview

  • As a follow up to last week's OpenSMTPD interview, this Russian blog interviews Matthieu Herrb about Xenocara
  • If you're not familiar with Xenocara, it's OpenBSD's version of Xorg with some custom patches
  • In this interview, he discusses how large and complex the upstream X11 development is, how different components are worked on by different people, how they test code (including a new framework) and security auditing
  • Matthieu is both a developer of upstream Xorg and an OpenBSD developer, so it's natural for him to do a lot of the maintainership work there ***

Building a high performance FreeBSD samba server

  • If you've got to PXE boot several hundred Windows boxes to upgrade from XP to 7, what's the best solution?
  • FreeBSD, ZFS and Samba obviously!
  • The master image and related files clock in at over 20GB, and will be accessed at the same time by all of those clients
  • This article documents that process, highlighting some specific configuration tweaks to maximize performance (including NIC bonding)
  • It doesn't even require the newest or best hardware with the right changes, pretty cool ***

Feedback/Questions