Insecurity by transparency

Blog post February 2022

Publishing security fixes on open-source platforms creates an opportunity for attackers to exploit the underlying vulnerabilities, which exceeds the usual case of not-yet-patched systems.

Configuring StrongSwan through swanctl.conf

Blog post November 2021

StrongSwan's new configuration file, swanctl.conf, introduces clearer terminology and thus simplifies setting up remote access.

Sending and processing ARP requests/responses using BPF (updated)

Blog post November 2020

Being between layers 2 and 3, ARP is handled by the operating system; but it can be useful to control ARP for checking ARP cache validity or finding hosts. BPF allows you to do so on BSD systems.

Prevent your OpenBSD shared-memory objects from being axed by daily(8)

Blog post June 2020

The temporary files that underly shared-memory objects will be destroyed by system maintenance after a week, unless you update file times to prevent this.

Building an OpenBSD VPN server with iked and OpenSSL

Blog post April 2020

OpenBSD comes with a great IKEv2 server: iked. But the front-end ikectl has its limitations. It is easy to run iked with the underlying OpenSSL directly.