OpenVPN routing with BIRD on FreeBSD

openvpntechThis tutorial by user Felix J. Ogris shows us how to get OpenVPN routing with BIRD set up on FreeBSD.

Original: http://www.ogris.de/howtos/freebsd-openvpn-bird.html

If you run OpenVPN as an unprivileged user and/or in a chroot environment, it can’t dynamically modify routes. This becomes a problem if you run multiple OpenVPN daemons, no matter whether they run on the same box or on different servers. When a client disconnects from one instance and later connects to another instance, you have to update your internal routing information for that client. To solve this, I’ve been using the BIRD Internet Routing Daemon.
The relevant part of my /usr/local/etc/openvpn.conf looks like this:

mode server
chroot /usr/local/etc/openvpn/chroot
client-connect /bin/cc.sh
client-disconnect /bin/cc.sh
script-security 2
user openvpn
group openvpn

Note that the location of the client-connect and client-disconnect script /bin/cc.sh is relative to the chroot directory /usr/local/etc/openvpn/chroot, which contains three subdirectories:

drwxr-xr-x  2 root  wheel    bin
drwxr-xr-x  2 root  wheel    ccd
drwxrwxr-x  2 root  openvpn  tmp
  • bin contains three tools:
    -r-xr-xr-x  1 root  wheel  cc.sh
    -r-xr-xr-x  2 root  wheel  nc
    -r-xr-xr-x  2 root  wheel  sh
    

    I copied sh from /rescue/sh, while nc was hardlinked to sh. All binaries in /rescue are statically linked, so they’ll work even in a chroot environment.

  • ccd contains my client config files, each containing an ifconfig-push and optionally one or more iroute statements for a particular client. Those files are owned and writeable by root only.
  • tmp contains the control socket for BIRD, and a dynamically created config file for each OpenVPN client.

When an OpenVPN client connects, cc.sh reads its ip address and routes from the config file in ccd, writes this information in BIRD compatible syntax to the config file in tmp, and informs BIRD to reload its configuration.
When a client disconnects, cc.sh just empties the config file in tmp, and reloads BIRD.
My /usr/local/etc/bird.conf looks like this:

[Read more…]

Phoronix is 11 Years Old

phoronix-advertisePhoronix, a website dedicated to bringing Linux related and open source news, is now 11 years old. They have highlighted several FreeBSD related articles as some of the most popular Phoronix articles, out of 15,000+. Congrats and thank you Phoronix for your contributions to the FreeBSD and open-source community.

Sony’s PlayStation 4 Is Running Modified FreeBSD 9
The operating system at the heart of Sony’s PlayStation 4 is FreeBSD 9.0.

FreeBSD 10 To Use Clang Compiler, Deprecate GCC
As indicated by the Q1-2012 FreeBSD Status Report, LLVM’s Clang compiler is quickly replacing GCC for this popular BSD operating system. The developers are also making much progress in a GNU-free C++11 stack. For FreeBSD 10 they’re aiming for Clang as the default C/C++ compiler, deprecate GCC, and to have a BSD-licensed C++ stack.

Ubuntu vs. OpenSolaris vs. FreeBSD Benchmarks
Over the past few weeks we have been providing several in-depth articles looking at the performance of Ubuntu Linux. We had begun by providing Ubuntu 7.04 to 8.10 benchmarks and had found the performance of this popular Linux distribution to become slower with time and that article was followed up with Mac OS X 10.5 vs. Ubuntu 8.10 benchmarks and other articles looking at the state of Ubuntu’s performance. In this article, we are now comparing the 64-bit performance of Ubuntu 8.10 against the latest test releases of OpenSolaris 2008.11 and FreeBSD 7.1.

FreeBSD 8.0 vs. Ubuntu 9.10 Benchmarks
Canonical will be releasing Ubuntu 9.10 at the end of next month while the final release of FreeBSD 8.0 is also expected within the next few weeks. With these two popular free software operating systems both having major updates coming out at around the same time, we decided it warranted some early benchmarking as we see how the FreeBSD 8.0 and Ubuntu 9.10 performance compares.

Original – http://www.phoronix.com/scan.php?page=news_item&px=Phoronix-11-Popularity

FreeBSD 10.2 Release Process

lacisbsdsigned

The developers of FreeBSD have laid out plans to release version 10.2 in August 2015. Check the table to see the release dates for each build.

Introduction

This is the release schedule for FreeBSD 10.2. For more information about the release engineering process, please see the Release Engineering section of the web site.

General discussions about the pending release and known issues should be sent to the public freebsd-stable mailing list. MFC requests should be sent to re@FreeBSD.org.

Schedule

Action Expected Actual Description
Initial release schedule announcement 26 February 2015 Release Engineers send announcement email to developers with a rough schedule.
Release schedule reminder 20 May 2015 21 May 2015 Release Engineers send reminder announcement e-mail to developers with updated schedule.
Code slush begins 19 June 2015 Release Engineers announce that all further commits to the stable/10 branch will not require explicit approval, however new features should be avoided.
Code freeze begins 3 July 2015 Release Engineers announce that all further commits to the stable/10 branch will require explicit approval. Certain blanket approvals will be granted for narrow areas of development, documentation improvements, etc.
BETA1 builds begin 10 July 2015 First beta test snapshot.
BETA2 builds begin 17 July 2015 Second beta test snapshot.
BETA3 builds begin * 24 July 2015 Third beta test snapshot.
releng/10.2 branch 31 July 2015 Subversion branch created; future release engineering proceeds on this branch.
RC1 builds begin 31 July 2015 First release candidate.
stable/10 thaw 1 August 2015 The code freeze on the stable/10 branch is lifted.
RC2 builds begin 7 August 2015 Second release candidate.
RC3 builds begin * 14 August 2015 Third release candidate.
RELEASE builds begin 21 August 2015 10.2-RELEASE builds begin.
RELEASE announcement 31 August 2015 10.2-RELEASE press release.
Turn over to the secteam releng/10.2 branch is handed over to the FreeBSD  Security Officer Team in one or two weeks after the announcement.

“*” indicates “as-needed” items.

Original: https://www.freebsd.org/releases/10.2R/schedule.html

Lumina Desktop Status Update/FAQ

Ken Moore provides us a comprehensive status update on his Lumina desktop environment project.

http://blog.pcbsd.org/wp-content/uploads/2015/04/Lumina-v0.8.4-release-2.png?w=660

Original: http://blog.pcbsd.org/2015/05/lumina-desktop-status-updatefaq/

With the amount of changes to the Lumina desktop environment and the increasing number of questions/comments we are receiving, I thought it would be a good time to post a status report about it and answer many of the commonly asked questions.

As always, please post any bug reports or feature requests on the PC-BSD Bug tracker.

If you wish to get involved in the development of the Lumina Desktop Environment, you can find the source code in our repository on GitHub.

Lumina Desktop FAQ/Status Update:

What is the Lumina Desktop Environment?

  • The Lumina Desktop Environment (sometimes referred to as Lumina-DE or just Lumina) is a BSD-licensed, FreeDesktop-compliant graphical interface for a desktop operating system.
  • It has been written from scratch in C++/Qt5 (it is not based on any existing DE code-base). It uses Fluxbox for the window management in the background and xscreensaver for screensaver/screenlocking functionality. The only other runtime dependencies are a couple of small X11 utilities (xnumlock, xbrightness, xterm, xrandr).
  • This results in a very lightweight, very smooth desktop experience with minimal system overhead.

What is the current development status?

  • While the current version (0.8.4) is still considered to be “Beta” quality, that is primarily because there are still a couple external utilities which have not had in-house replacements written yet (Fluxbox and xscreensaver primarily).
  • In its current state it is very stable and completely usable on a daily basis for both developers and non-developers alike.
  • The only caveat for its “beta” status is that since there are some backend systems which are still in major development, we reserve the right to break a user’s customized settings during the transition to these new systems (the window manager and screensaver settings are where I anticipate this happening once the replacement systems are in place). However, we already have a good track record of backwards compatibility with older settings formats, and will continue to work on ensuring a smooth transition between different versions of the desktop (even during heavy development/backend changes).

What are some of the features of Lumina?

[Read more…]

FreeBSD Mastery: ZFS

FreeBSD Mastery: ZFS author Michael W. Lucas has released volume 7 of his book, along with co-author Allan Jude.

Data Storage for the 21st Century and Beyond!

The first of two ZFS books, by critically acclaimed author Michael W Lucas and FreeBSD developer Allan Jude

ZFS, the fast, flexible, self-healing filesystem, revolutionized data storage. Leveraging ZFS changes everything about managing FreeBSD systems.

FreeBSD Mastery: ZFS

With FreeBSD Mastery: ZFS, you’ll learn to:

  • select hardware for ZFS systems
  • arrange your storage for optimal performance
  • configure datasets that match your enterprise’s needs
  • repair and monitor storage pools
  • expand your storage
  • use compression to enhance performance
  • determine if deduplication is right for your data
  • understand how copy-on-write changes everything
  • snapshot filesystems
  • automatically rotate snapshots
  • clone filesystems
  • optimize how ZFS uses and manages space
  • customize FreeBSD ZFS installs

Whether you’re a long-term FreeBSD administrator or a new user, FreeBSD Mastery: ZFS will help you simplify storage.

Master ZFS with FreeBSD Mastery: ZFS

“If you’re a FreeBSD (or Linux, or Unix) sysadmin, then you need this book.” — Slashdot, on FreeBSD Mastery: Storage Essentials

Get the book now!

Print and ebook bundle? If you buy the print from Amazon, you can get the ebook for $2.99.

Get the ebook from:

Print

Original: https://www.michaelwlucas.com/nonfiction/freebsd-mastery-zfs

Another Data Center Site Visit – NYI

Glen Barber at the FreeBSD Foundation made a visit to New York Internet data center, which houses some FreeBSD servers. Follow them along on their journey through the internet’s closets:

Original: http://freebsdfoundation.blogspot.com/2015/05/another-data-center-site-visit-nyi.html

No Systems Administrators Were Harmed While Writing This Blog Entry

Mmm…  Freshly-unboxed servers.  There really is nothing better to wake up to in the morning.

Well, okay, coffee.  But new servers – definitely second.

In late April, the FreeBSD Foundation generously purchased more machines to keep the FreeBSD.org infrastructure operating smoothly.  While the new servers are not yet in production (a task the Cluster Administrators will undertake while at BSDCan in June), we have planned far in advance what we intend to do with the new hardware.

In mid-May, I spent several days at our East-Coast US colocation facility, racking, cabling, installing, and configuring the new servers.

As They Say in Real-Estate: Colocation, Colocation, Colocation

The new hardware is located at New York Internet in Bridgewater, New Jersey, who generously provides colocation services to the FreeBSD Project.  They have an amazing staff, and whether we are on-site or working with them through their ticket system, are always friendly, knowledgeable, and of course, helpful.

New Hardware Specs

[Read more…]

PC-BSD 10.1.2: an Interview with Kris Moore

Mark VonFange interviews developer Kris Moore about PC-BSD 10.1.2 and what’s in store for future releases.

Original: http://blog.pcbsd.org/2015/05/pc-bsd-10-1-2-an-interview-with-kris-moore/

PC-BSD 10.1.2 has been released, so we thought we’d talk to project lead, Kris Moore, to see what’s in store!

KrisMug2015

Q: What new features and improvements are available in PC-BSD 10.1.2?

This quarterly update got a LOT of new features, partly so we would have time to really play with them before the 10.2 release later this summer.  Most of them are security and privacy focused, but there are some other neat things as well.  In no particular order, these are some of the best ones:

* PersonaCrypt – Our new privacy utility that offers a few cool new features.

In its default mode, it can setup your entire user $HOME directory on a geli-backed external device, such as a fast SSD Flash Stick (Using the 256GB Corsair Flash Voyager GTX here). At the login screen, you will then enter your normal user password, along with a decryption password to mount your home-directory. The GELI key is split in two, so you can “pair” the memory stick with your system, so even if the stick is stolen, and somebody gets the password, it is still worthless without the “paired” system. Another benefit of this technology is that you can bring your work with you when you travel between desktops, or jump from a desktop to laptop. I’m using it now for conferences and being on the road, since all my development work and important data is on my $HOME, meaning I can just unplug and keep working on my laptop without  having to keep files in sync.

Another side of PersonaCrypt is something we call “Stealth” mode, which allows you to do a desktop login with a one-time GELI-key encrypted $HOME directory with no personal data. Think of it as privacy mode  in a web-browser, but for your entire desktop session. This also plays nicely with the following new feature.

* Tor transparent proxy support

10.1.2 includes an easy way to switch between your normal internet connectivity, and “Tor” mode by clicking a single button on the system tray. In Tor mode, the firewall acts as a transparent proxy, forcing all internet traffic to be routed through the Tor network, including DNS requests. All other traffic which may expose your system on the internet is blocked. This goes a step beyond just running Tor as a browser proxy, since you can’t always trust plugins (cough *flash/java*) and other apps to behave properly.

* 4K Monitor support

[Read more…]

For FreeBSD automatic installation of using bsdinstall [ZFS Operations]

This tutorial by user kunst1080 shows us how to get an FreeBSD automatic installation set up using bsdinstall. *Note that this is a translated article.

Original: http://kunst1080.hatenablog.com/entry/2015/05/30/181955, translated:  http://kunst1080.hatenablog.com/entry/2015/05/31/221431

bsdinstall-config-components

Now, we take a look at how to install to ZFS using bsdinstall.

Installation of ZFS in an auto layout

As it is described in the manual, to the first half (PREAMBLE), if describe the environment variable “ZFSBOOT_DISKS” instead of “PARTITIONS”, ZFS allows you to install to.

However, care must be taken of the following two points.

  • If you want to automatically install, set environment variable “nonInteractive”.
  • It needs to be export environment variables “ZFSBOOT_DISKS” and “nonInteractive”.

In particular, care must be taken with regard to the second point.

(I tried to read freebsd/script at master · freebsd/freebsd · GitHub, I am feeling that because DISTRIBUTIONS has been export, but such ZFSBOOT_DISKS has not been export, …… and it is the cause)

First half (PREAMBLE)

[Read more…]

How to Run a Django Site with Apache, mod_wsgi, and MySQL on FreeBSD 10.1

This tutorial by FreeBSD user Chad Stovern (DigitalOcean) shows us how to get a Django website set up with Apache, mod_wsgi, and MySQL on FreeBSD 10.1.

Original: https://www.digitalocean.com/community/tutorials/how-to-run-a-django-site-with-apache-mod_wsgi-and-mysql-on-freebsd-10-1

django apache_software_foundation_logo_3074   mysql-logo

Introduction

This article shows you how to deploy a web application using Django, the popular Python framework. The beauty of developing with popular web frameworks is that a lot of repetitious work has been done for you, so you can focus on building your site.

Whether you’re a developer or not, it’s great to know that the core of what you’re running on your Droplet has undergone the scrutiny of a large open-source community and should be less susceptible to large security holes.

One thing that is not inherently simple is knowing how to get these web frameworks up and running outside of your own development or testing environment. In this article we’ll show you how to do just that, using a standard Apache, mod_wsgi, and MySQL stack running on top of FreeBSD 10.1.

Goals

  • Install and configure a Python virtual environment for your Django site
  • Create and configure a sample Django site for testing
  • Configure a simple and secure MySQL server
  • Configure a simple Apache virtual host that will serve your Django site
  • Test that the newly minted site works properly

Prerequisites

Before you begin this guide you’ll need the following:

  • A FreeBSD 10.1 Droplet
  • Access to your root account or an account with sudo privileges following this tutorial
  • A working knowledge of how to edit text files from the command line
  • The Bash shell environment, since we’ll be using Virtualenv later on this tutorial. Follow the instructions in the Changing the Default Shell section of the How To Get Started with FreeBSD 10.1 tutorial. You may need to log out and log in again to get the Bash shell for your freebsd user