Contributed by merdely on from the puffy-invades-venice dept.
OpenCON 2007 in Venice starts Saturday. But Friday provides attendees with a choice of two tutorials (out of four): Alessio Pennasilico's Introduction to OpenBSD or Peter N. M. Hansteen's PF Tutorial in the early part of the day and a Ports Tutorial by Bernd Ahlers or Felix Kronlage's talk on VPN Technologies in the later part of the day.
I was able to sit in on the tutorial on PF and the one on Ports. Darrin Chandler attended the VPN talk. Accounts from three of the tutorials follow. If you were able to attend Alessio's talk, please leave a comment.
The PF Tutorial started with a background of PF's history. Peter went through the basics of writing rules, making ftp work, not blocking icmp, securing wifi, hoststated, spamd, DMZs and carp. Not only was it a great introduction to PF for new users but covered more advanced topics for existing PF users. And the talk was a great companion for his upcoming book.
In the afternoon, I sat in on Bernd's Porting Tutorial. He spoke about basic porting philosophies and where our ports structure came from. He highlighted different the components of a port (directories and files) and then went through many of the parts of the Makefile. With audience participation, Bernd then led a demonstration of creating, building and packaging a new port. Since the demonstration included a very simple port, he covered more complex porting issues like reviewing the make configure output to fix errors and prevent unwanted dependencies and implementing FLAVORs and MULTI_PACKAGES.
Darrin attended VPN Technologies available on OpenBSD by Felix Kronlage:
Felix began with a high level overview of VPNs, and moved quickly into explanations of isakmpd and ipsecctl. It became very obvious that ipsecctl provides an extremely easy and functional interface. He then treated us to a working demonstration and walked us through the config files. For many common situations you can start from scratch and go to a working VPN in 5 minutes. I'd heard this before, but seeing it in action made me a believer.
Then Felix quickly showed how to make a "poor man's" VPN using OpenSSH. We didn't spend much time there, but once again the configuration was very simple, involving only creating a tunnel on each side and one ssh command.
Last came a good look at OpenVPN. For most situations the VPN solutions in the base install will be preferable, OpenVPN offers some solutions for corner cases such as VPN through an http proxy or handling Windows clients easily. It's a very flexible tool that can be adapted to a large variety of situations. I'd always avoided OpenVPN in the past, but I'll be keeping it in mind for those odd situations.
(Comments are closed)