OpenBSD | ISAKMPD | x509 certificate authentication

Prepare OpenBSD Prepare the network interfaces. Delete /etc/mygate when using dhcp. Create /etc/sysctl.conf. net.inet.esp.enable=1 # Enable the ESP IPsec protocol net.inet.ah.enable=1 # Enable the AH IPsec protocol net.inet.ip.forwarding=1 # Enable IP forwarding for the host. net.inet.ipcomp.enable=1 # Optional: compress IP datagrams Create /etc/rc.conf.local isakmpd_flags=”” # Avoid keynote(4) policy checking ipsec=YES # Load ipsec.conf(5) rules Some […]

Postfix | TLS | main.cf settings

##### TLS settings ###### tls_ssl_options = NO_COMPRESSION tls_high_cipherlist=EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA tls_random_source = dev:/dev/urandom ### outgoing connections ### #smtp_tls_security_level=encrypt smtp_tls_security_level=may smtp_tls_loglevel = 1 smtp_tls_cert_file=/etc/postfix/cert.pem smtp_tls_key_file=/etc/postfix/key.pem smtp_tls_mandatory_protocols = !SSLv2, !SSLv3 smtp_tls_mandatory_ciphers=high smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache ### incoming connections ### #smtpd_tls_security_level=encrypt smtpd_tls_security_level=may smtpd_tls_received_header = yes smtpd_tls_loglevel = 1 smtpd_tls_cert_file=/etc/postfix/cert.pem smtpd_tls_key_file=/etc/postfix/key.pem smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3 smtpd_tls_mandatory_ciphers=high smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache

OpenBSD | isakmpd | Public key authentication

Prepare OpenBSD Prepare the network interfaces. Delete /etc/mygate when using dhcp. Create /etc/sysctl.conf. net.inet.esp.enable=1 # Enable the ESP IPsec protocol net.inet.ah.enable=1 # Enable the AH IPsec protocol net.inet.ip.forwarding=1 # Enable IP forwarding for the host. net.inet.ipcomp.enable=1 # Optional: compress IP datagrams Create /etc/rc.conf.local isakmpd_flags=”” # Avoid keynote(4) policy checking ipsec=YES # Load ipsec.conf(5) rules Some […]