OpenBSD Journal

A practical guide to VPNs, IPv6, routing domains and IPSEC

Contributed by Peter N. M. Hansteen on from the networking with puffy to the sixes dept.

Crystal Kolipe writes in about a new article posted by the crew at Exotic Silicon on fun things to do with OpenBSD --
Implementing a self-managed, dual-stacked VPN.

Today we're showing you how to use iked to tunnel both IPv4 as well as IPv6 to a remote server for a self-managed VPN. We're doing all this with utilities from the OpenBSD base system so the setup is nice and sleek, completely avoiding the need to install countless programs from ports.

Not only that, but we'll also show you how to isolate the VPN traffic in it's own routing domain so it can be used only when required, (or if you're really clever like us, you can even configure more than one simultaneously).

Of course, the setup supports inbound connections too, so you can run servers from diverse physical locations whilst using the inbound address space and connectivity of the datacentre. Stuck without IPv6 or inbound connectivity at home? Not anymore! All this excitement and even more is right here waiting for you in setting up an IPv6 capable VPN. Read it today!

  1. By trig (trig) on

    I'd like to read the full article, but the site is garish and consumes an entire core just rendering in Firefox, according to its profiler, heating the laptop and running the fans high. (Is it an inside joke about web design?) Does anyone share this experience at the Exotic Silicon site, by any chance?

    Turning off stylesheets there keeps using CPU despite the plain appearance (I wonder if this is a browser bug), and results in a wall of plain text because the webpage doesn't use HTML semantics to represent an actual article with headers and so on: it's div and section soup instead, with obfuscated classes. (The "Reader Mode" of the browser doesn't work - it's not offered because the page isn't recognized as an article, which reflects the markup problems.) Does anyone experience this too? The site seems to have interesting content but unfortunately it's difficult to access.

    I'll copy & paste the page's text somewhere to struggle to read it. Maybe someone has suggestions to make it more accessible.

    1. By sneaker (sneaker) on

      go away

    2. By Bom (bom) on

      I enjoy the fresh setup of the site/text. If you don´t like the fancy stuff, visit it with lynx or some other textbased client. Information pure. Best wishes, Bom

      btw.: I miss the feature of comments without registration. The last place on the web where this was possible. Maybe you were stressed about it. I would regret that. Times change ... unfortunately not always for the better. Thx for maintain

      1. By trig (trig) on

        that's a great idea! but unfortunately ineffective in lynx & w3m at Exotic Silicon: it works for a few lines of the article at the top, but most of it including the code and asides are still tough (well, impossible) to distinguish (it's still a wall-of-text) because of the markup problems. Just as Firefox doesn't know what to do with the page without stylesheets, lynx & w3m don't either.
        Anyway, I guess whining about Exotic Silicon's presentation here is a bit off topic, pardon me!

    3. By Robert Cameron (rpcameron) on

      I agree. While Crystal's articles are usually well written and fairly thorough, reading them is definitely a challenge. Once the site loads my eyes start to bleed, and I wish I could use a reader mode, too. (I also don't know who chose the layout/colorscheme, but I'd like some of their psychedelics – and keep them away from any future designs.)

      And while I appreciate the IPv6 NAT over IPv4, why not also cover a full dual-stack example? Also, my personal experience has shown WireGuard to be easier on resources, I would have preferred to also see that addressed.


Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]