I recently installed a new of OpenBSD 6.2 server. As part of that install, I needed to install Filebeat to forward logs to an ELK server (Elasticsearch, Logstash and Kibana).

The process to install and configure are much simpler then previous OpenBSD versions (as covered here) because Go 1.7 is now a simple binary package install.

The following steps assumes you have installed OpenBSD 6.2 and will cover dependent package and Filebeat installation, and configuration of Filebeat.

(more…)

tl;dr

The following instructions describe how to remotely connect to a network over an IPsec / L2TP VPN through an OpenBSD server, using native clients on macOS and iOS.

There are many VPN appliances commercially available that provide a nice UI and often come with an expensive support contract. If you are willing to roll up your sleeves a little and don’t mind using the command line, it is possible to create your own VPN server with OpenBSD.

(more…)

Being able to remotely connect to my home network over VPN has always been on my ‘nice to have’ list. It allows easier access to resources and direct ssh (rather then hoping through the gateway). I have recently updated the OpenBSD server I used for VPN to 6.0 and thought I would share the configuration and settings.

(more…)

In an effort to improve monitoring, I setup an ELK (Elasticsearch, Logstash, Kibana) server and setup my different servers to forward their logs. Filebeat is typically installed on the servers to do the forwarding and normally this installation is pretty straight forward.

However, Filebeat is dependent on Go 1.7 and OpenBSD 6.0 only provides 1.6 as a binary package.

The following steps will setup an OpenBSD ports build machine, update the ports to current, build the required packages; then copy the packages to the target OpenBSD server, install the packages, install and configure Filebeat.

(more…)

If you have ever had a server exposed to the Internet, you will often see attempts to login to ssh on port 22.

After improving my log monitoring, these login attempts annoyed me enough to take action. So I installed Fail2ban.

Fail2ban monitors logs and will add ip addresses to your firewall to block based on rules. Fail2ban is written in Python and available for several platforms and can monitor different logs (not just ssh).

I have setup Fail2ban to watch for 3 failed logins (one failed login will allow 3 password attempts) and then block that IP address for 1 day.

The following instructions are for:

OpenBSD 6.0
Fail2ban 0.9.5

The instructions also assume that you have an OpenBSD server running with ssh port 22 exposed to the Internet and use Packet Filter (PF) for your firewall.

(more…)