Setting up IPSec over GRE on OpenBSD

Posted on May 17, 2007 by jeff

This document will explain howto set up an IPSec encrypted GRE tunnel on OpenBSD. In the document, both end points are OpenBSD 4.1 systems, however it should be fairly straight forward to implement on other systems.

To start, I would advise disabling pf on gre0 and enc0 until you have the encrypted tunnel working, this will eliminate pf from any toubleshooting you may have to do, you can do that by adding the following in /etc/pf.conf, make sure you re-load the pf rules.

set skip on enc0
set skip on gre0

 
Now, on to the tutorial…
Continue reading

Posted in Networking, OpenBSD, Papers, Security | 6 Comments

Q: How do I add a user to the wheel group in OpenBSD or NetBSD?

Posted on April 28, 2007 by jeff

A: Beyond simply editing /etc/group with your favorite text editor, adding a user to the wheel group can be achieved in a few different ways.

To place a user in the wheel account when her account is first created, you would run

   $ sudo useradd -G wheel jdoe

 
Note: The above also creates the jdoe group automatically, use the -g argument if you wish her default group to be different.

If the user already exists and you wish to add her to the wheel group, you would run

   $ sudo user mod -G wheel jdoe

 

Posted in Answers, NetBSD, OpenBSD, System Administration | 2 Comments

Q: How do I encrypt file transfers with dd and netcat?

Posted on March 9, 2007 by jeff

A: This question came to us in response to the article Backup Files and Partitions with dd and netcat.

Encrypting these files transfers is quite simple.

As in the previous article, we will setup the server to listen on port 9999 and redirect output to “backup.file”

server$ nc -l -p 9999 | openssl aes-256-cbc -salt -d > file.backup
enter aes-256-cbc decryption password:

 
Once you’ve entered a password, netcat will sit there waiting for data and automatically terminate once it has received the file.

On the client side, the commands are similar, but rather than telling OpenSSL to decrypt the traffic, we’ll ask it to encrypt. We’ll assume the netcat server is 10.0.0.2.

client$ openssl aes-256-cbc -salt -e < file-to-transfer | nc 10.0.0.2 9999
enter aes-256-cbc encryption password:
Verifying - enter aes-256-cbc encryption password:

Continue reading

Posted in Answers, DragonFlyBSD, FreeBSD, NetBSD, OpenBSD, Security, System Administration | 1 Comment