Insecurity by transparency
Blog post February 2022
Publishing security fixes on open-source platforms creates an opportunity for attackers to exploit the underlying vulnerabilities, which exceeds the usual case of not-yet-patched systems.
Configuring StrongSwan through swanctl.conf
Blog post November 2021
StrongSwan's new configuration file, swanctl.conf, introduces clearer terminology and thus simplifies setting up remote access.
Sending and processing ARP requests/responses using BPF (updated)
Blog post November 2020
Being between layers 2 and 3, ARP is handled by the operating system; but it can be useful to control ARP for checking ARP cache validity or finding hosts. BPF allows you to do so on BSD systems.
Prevent your OpenBSD shared-memory objects from being axed by daily(8)
Blog post June 2020
The temporary files that underly shared-memory objects will be destroyed by system maintenance after a week, unless you update file times to prevent this.
Building an OpenBSD VPN server with iked and OpenSSL
Blog post April 2020
OpenBSD comes with a great IKEv2 server: iked. But the front-end ikectl has its limitations. It is easy to run iked with the underlying OpenSSL directly.