Setup SoftEther and configure Offshore 100% Logless VPN server on FreeBSD 12.2 (Windows 10 as clients)


by Özgür Kazanççı · January 11th, 2021 · My FreeBSD Tutorials

Bonum Diem.

I’m going to install SoftEther VPN server on FreeBSD 12.2 today, through FreeBSD packages, and deeply dig into it, configure it being completely offshore, 100% logless.

SoftEther is an alternative and fast VPN Server software created by the people @ University of Tsukuba, Japan. It uses SSL-VPN (over HTTPS), and since it uses the TCP 443 (https) port, blocking SoftEther by firewalls is much more difficult, than any other VPN server softwares around.
Continue reading Setup SoftEther and configure Offshore 100% Logless VPN server on FreeBSD 12.2 (Windows 10 as clients)

Setup ssh chat (an SSHd-based chat server) on OpenBSD


by Özgür Kazanççı · January 1st, 2021 · My OpenBSD Tutorials

Hey there. New year – first article. I’d like to talk about ssh-chat by shazow/Andrey Petrov, today. “ssh-chat” is a cross-platform, very interesting instant messaging chat daemon/SSH server, written in GoLang, giving opportunity to make private and group chats with other Linux/*BSD users over SSH.

Connecting to the port it listens, instead of a shell, you get a fancy, retro, IRC-like chat prompt, with actually really cool terminal color themes! So, once we launch it, what we’ll get is a chat prompt rather than a usual shell. Therefore it enables to chat securely over an SSH connection.

Here are the details on how I installed it on my OpenBSD VPS;

(Before you go all-through, you might wish to test it; just ssh into the hostname: ssh.chat on port 22 and see how beautifully it works there!)

First step ever: Bring your Puffy some love and always syspatch it! <3
Continue reading Setup ssh chat (an SSHd-based chat server) on OpenBSD

rcctl-stat: a tiny script to show the state of all services in one-go


by Özgür Kazanççı · December 28th, 2020 · My OpenBSD Tutorials

rcctl-stat is a tiny, cute script by Dante Catalfamo, bringing OpenBSD users the ability to show the state(s) of all services, in one-go. I prefer the coloured version.

root@~ > wget -O rcctl-stat.sh https://raw.githubusercontent.com/dantecatalfamo/rcctl-stat/color/rcctl-stat

root@~ > chmod +x rcctl-stat.sh
root@~ > ./rcctl-stat.sh

Continue reading rcctl-stat: a tiny script to show the state of all services in one-go

Secure WireGuard VPN server setup on OpenBSD (and configure Windows 10 clients to connect through it)


by Özgür Kazanççı · December 19th, 2020 · My OpenBSD Tutorials

OpenBSD now includes an in-kernel WireGuard implementation wg(4).

Well, the WireGuard VPN protocol has been available on OpenBSD as a port for a while; Puffy has actually had user-land support for WireGuard using WireGuard-go, an implementation in Go, and later as the wiresep port in C, -both using tun devices-, which incurs a slight penalty for crossing the kernel/userspace border for each packet, much like OpenVPN and others.

Since OpenBSD version 6.8, WireGuard being in-kernel, comes installed by default, brings an implementation way much faster. It also means we can skip using extra software and use base-only utilities for a very simple, easy configuration.

So, obviously for this write-up we’ll need -at least- version 6.8 of OpenBSD installed. And after OpenBSD 6.8 installation is done, using the newly released in-kernel wg(4) driver with only base utilities, we’ll implement a very secure, fast and stable VPN server for any OpenBSD/MacOS/Linux/Windows clients.

Our VPN server will be OpenBSD, and as for the client, I’ll go with Windows 10 Enterprise LTSC 2019 (Long Term Servicing Channel) in this write-up of mine. What is a Windows 10 LTSC?

Continue reading Secure WireGuard VPN server setup on OpenBSD (and configure Windows 10 clients to connect through it)

Block spammers/abusive IP addresses with Pf-badhost in OpenBSD. A ‘must have’ security tool! *UPDATED*


by Özgür Kazanççı · December 8th, 2020 · My OpenBSD Tutorials

Updated to: v0.5!
I’d like to introduce pf-badhost, by Jordan Geoghegan.

Pf-badhost is a very practical, robust, stable and lightweight security script for network servers.

It’s compatible with BSD based operating systems such as {Open,Free,Net,Dragonfly}BSD and MacOS. It prevents potentially-bad IP addresses that could possibly attack your servers (and waste your bandwidth and fill your logfiles), by blocking all those IPs contacting your server, and therefore it makes your server network/resources lighter and the logs of important services running on your server become simpler, more readable and efficient.

But how does it do all this?

Continue reading Block spammers/abusive IP addresses with Pf-badhost in OpenBSD. A ‘must have’ security tool! *UPDATED*

IRIX 6.5.22 Emulation: An interesting guide that will help you setup an emulated SGI (Silicon Graphics Indy) with a 100MHz MIPS R4600, 128MB of RAM, and 24-bit XL graphics, through MAME.

Refer to: https://sgi.neocities.org/ 
Also: http://forums.irixnet.org/thread-1012-page-18.html 

Monster IPs – Let’s jail them!


by Özgür Kazanççı · December 6th, 2020 · My OpenBSD Tutorials

I love logs. (By the way, greetings, after very-very long time!)

I love reading log files, deeply investigating them.

I dedicate a large amount of my time to reading log files of the servers I’ve been managing since decades. While they actually do work fine as they should, I still investigate them and check for their health – through the logs – from time to time.

And within all those log files, there’re always *bad guyz* scanning the servers I manage/administrate. Brute-forcing ports, spamming&relay-checking SMTP servers, scanning entire ports, trying to hack e-mail accounts, filling SSH’s/FTP’s auth. log files, et cetera.

I usually collect&merge them into a text file and while they usually waste disk, I/O and bandwidth, I block them by OpenBSD’s great PF.

Today, I wanted to share them in public. The IPs are here for your reference/usage. They were/are rapidly filling logs!

Continue reading Monster IPs – Let’s jail them!

Configuring MariaDB/MySQL server to only use UNIX socket – OpenBSD 6.4


by Özgür Kazanççı · November 25th, 2018 · My OpenBSD Tutorials

Hello there.

Today, I’m going to explain configuring MariaDB/MySQL server to only use UNIX socket – ignoring the TCP networking. This will prevent MariaDB/MySQL from using any TCP/IP communication, setting only Unix socket locally&connecting through it, and that brings better security and much better connection performance.

Unix sockets are faux-files, so they’re accessible ONLY from/within the local server.
Continue reading Configuring MariaDB/MySQL server to only use UNIX socket – OpenBSD 6.4

Pale Blue Dot – Carl Sagan


by Özgür Kazanççı · September 4th, 2018 · Literature&Poetry
Pale Blue Dot
Pale Blue Dot

Look again at that dot. That’s here. That’s home. That’s us.
On it everyone you love, everyone you know, everyone you ever heard of, every human being who ever was, lived out their lives.

Continue reading Pale Blue Dot – Carl Sagan