BTW, has anyone had any more success with using a NetBSD KASLR kernel? Using the instructions from https://wiki.netbsd.org/security/kaslr/ only results in a page fault:
Thanks for cloudbsd.xyz and also for suggesting unitedbsd.com on cloudbsd.com.
I read cloudbsd.xyz. I thought it would be a lot of fun to try it!
I plan to post here my quick recipe listing the steps I used to install from @cmeerw's NetBSD 10 image and update to what seems like self-compiled NetBSD-current. The post is done -- I just want to run through the steps once more to double check.
Then I hope to try your cloudbsd.xyz install method. Haha, I bet fifty cents I can generate a question or two or three!
Bonus points for non-Americanized (sic) spelling.
An interesting quick read (excluding the code), that (IMHO) is well written/formatted. A few corrections..
pivot_chroot on the other end will actually swap mounting points.
-->
pivot_root on the other hand will actually swap mounting points.
..understanding quite straightforward.
to be swapped, once everything is ready.
(might read a bit better)
..go further: use an emulator
..tools to be developped
..the processus processes
(said phonetically? )
Well done though!
(I wisnae being a totally pedant )
It wisnae me! A big boy done it and ran away.
NVMe2G for life! until death (the end is nigh)
An interesting quick read (excluding the code), that (IMHO) is well written/formatted.
Well done though!
First, thanks for the compliment on the article
A few corrections..
No
I don't want be brutal, but did not come here to seek for grammar feedbacks.
I already got feedbacks on that early on and only came because people looked interested and I like to share.
English is not my first language and was never good at writing/formulations even in my mother-tongue.
In my experience everyone have (and often colliding) feedbacks on potential corrections.
There is a time where it is relentless not to "cut the losses" and where it has to stop.
Otherwise in 4 years from now, someone's gonna come back again telling me to change something.
I was open to grammar feedbacks while it was fresh, not any-more.
(I wisnae being a totally pedant )
I know this comes out of a good intent.
However 4 months after publication, this becomes irrelevant and annoying.
I'm happy to share interesting things and that is what mattered/matters.
I'll take the feedback anyway, but no guaranty in terms of publishing the changes on the short term.
Bonus points for non-Americanized (sic) spelling.
I try my best, currently living in Scotland.
wisnae
Always happy talking with a Scottish fellow.
Nb: The pivot_root part was hard to write to keep some clarity without writing an essay just on that.
Nb2: Yeah maybe I'm a bit susceptible regarding my writing abilities.
I don't want be brutal, but did not come here to seek for grammar feedbacks.
LES uses an advanced biomechanical AI for spelling and grammar corrections.
The feature is now fully automated so users needn't make a request or tick any options for it to be activated.
It is also hard-coded, so can't be disabled.
I think we see fewer providers offering NetBSD images because NetBSD isn't requested as often as other BSDs.
I used @cmeerw's NetBSD 10 image because it was readily available thanks to the courtesy of Linveo. Some providers won't install custom OS images, so their customers are stuck with what's available. That's why @naguam developed CloudBSD.xyz, so people could install NetBSD without needing any customization on the provider side.
Even if I had installed using a NetBDSD-current image, I still would have to go through pretty much the same steps to keep the image up-to-date. All I have to do now to stay up-to-date is run cvs update, rebuild, reinstall, and reboot. I'm sure there are times when the build breaks or the reboot fails, but in my limited experience of a few years, I don't recall a build or a reboot failure.
If I misunderstood your question, please ask again.
@Crab said: May I ask what was your experience with them? What made you go back to Slack?
With @Crab, may I please join in asking what was your experience with the BSDs and what made you go back to Slack?
FWIW, I like Slackware too! Darkstar, my old server in Texas, ran Slackware-current. Everything worked great! Maybe LES needs a Slackware thread? @AuroraZero also likes Slack, or so I hear. I vote for making a Slackware thread!
In case anybody has been trying to set up FreeBSD as a VPN server and has been struggling with somewhat lackluster network performance with virtio drivers (e1000 actually work very well in KVM), keep on reading.
Despite @linveo having excellent network performance on their nodes, the VPN download has been very slow (~1Mbps), and I wanted to get to the bottom of it.
First, I thought that there's something to do with my firewall/NAT settings and I tried regular ipfw, ipfw in-kernel and pf, but they all shared the same symptoms: download is crawling, but upload is good.
Second, I was wondering whether the network driver has something to do with it and it absolutely does. I tried virtio with other providers and the same download performance issue kept occurring. Some control panels allow you to use e1000, which is not necessarily provide you the greatest performance, but is a reliable driver and with that VPN connections sped up significantly.
@linveo has excellent network performance on his nodes, but VirtFusion they use doesn't allow to change the network driver, so I kept looking for some clues and I stumbled upon this thread:
After a reboot, I was very happy and relieved to see that the download speeds increased drastically, over 100x! YMMW, but give it a try if you have had similar issues.
Also please note that I did try OpenVPN and Wireguard just to see whether there could be something to do with the actual VPN implementation, but both were actually behaving the same way.
TL;DR: If you have download performance problems with FreeBSD and either OpenVPN or Wireguard VPN server, try the /boot/loader.conf settings provided above.
It was the VPN problems i had.. 1st i had firewalls problems could not get any internet, and after makin that work; slow speeds. I know that network is good and should receive better speeds but that was slow. So now is rock solid
Comments
I've been through this pain. Ended up with IPFW more down to the (potential) integration with Webmin, than any other reason.
It wisnae me! A big boy done it and ran away.
NVMe2G for life! until death (the end is nigh)
BTW, has anyone had any more success with using a NetBSD KASLR kernel? Using the instructions from https://wiki.netbsd.org/security/kaslr/ only results in a page fault:
@cmeerw Maybe I could build KASLR and try it if my building KASLR seems like it somehow might be helpful?
No, the string "KASLR" probably isn't random! /s
K = kernel
A = Address
S = Space
L = Layout
R = Randomization
Address space layout randomization
https://en.wikipedia.org/wiki/Address_space_layout_randomization
Kernel address space layout randomization
https://lwn.net/Articles/569635/
I hope everyone gets the servers they want!
Opinions will vary but I’ve used PF for many years with success.
Hi,
I am the author of https://cloudbsd.xyz.
I saw people got interested in here so I created an account.
If you got questions do not hesitate.
For you information as I saw the question being asked, systemctl isolate is equivalent to telinit with sysv.
Systemd targets are equivalent to sysv runlevels.
In my case it is because it is an easy way to shutdown everything that's not a rescue ssh shell.
Cheers,
Hello @naguam!
Wow! Nice to meet you!
Thanks for cloudbsd.xyz and also for suggesting unitedbsd.com on cloudbsd.com.
I read cloudbsd.xyz. I thought it would be a lot of fun to try it!
I plan to post here my quick recipe listing the steps I used to install from @cmeerw's NetBSD 10 image and update to what seems like self-compiled NetBSD-current. The post is done -- I just want to run through the steps once more to double check.
Then I hope to try your cloudbsd.xyz install method. Haha, I bet fifty cents I can generate a question or two or three!
Thanks again for joining us here at LES!
Best!
Tom
I hope everyone gets the servers they want!
Bonus points for non-Americanized (sic) spelling.
An interesting quick read (excluding the code), that (IMHO) is well written/formatted. A few corrections..
-->
(might read a bit better)
(said phonetically? )
Well done though!
(I wisnae being a totally pedant )
It wisnae me! A big boy done it and ran away.
NVMe2G for life! until death (the end is nigh)
First, thanks for the compliment on the article
No
I don't want be brutal, but did not come here to seek for grammar feedbacks.
I already got feedbacks on that early on and only came because people looked interested and I like to share.
English is not my first language and was never good at writing/formulations even in my mother-tongue.
In my experience everyone have (and often colliding) feedbacks on potential corrections.
There is a time where it is relentless not to "cut the losses" and where it has to stop.
Otherwise in 4 years from now, someone's gonna come back again telling me to change something.
I was open to grammar feedbacks while it was fresh, not any-more.
I know this comes out of a good intent.
However 4 months after publication, this becomes irrelevant and annoying.
I'm happy to share interesting things and that is what mattered/matters.
I'll take the feedback anyway, but no guaranty in terms of publishing the changes on the short term.
I try my best, currently living in Scotland.
Always happy talking with a Scottish fellow.
Nb: The pivot_root part was hard to write to keep some clarity without writing an essay just on that.
Nb2: Yeah maybe I'm a bit susceptible regarding my writing abilities.
I'm always in awe of guys like you and @bikegremlin when it comes to your comms. skills.
The quoting of ..
.. was primarily to save confusion, due to the typo.
It wisnae me! A big boy done it and ran away.
NVMe2G for life! until death (the end is nigh)
LES uses an advanced biomechanical AI for spelling and grammar corrections.
The feature is now fully automated so users needn't make a request or tick any options for it to be activated.
It is also hard-coded, so can't be disabled.
Relja of House Novović, the First of His Name, King of the Plains, the Breaker of Chains, WirMach Wolves pack member
BikeGremlin's web-hosting reviews
Why people do not create some templates ready made for it?
I believe in the good luck. Harder than I work luckier i get.
Hi @Chievo!
Sorry for the late reply. I think you are asking why people do not create templates ready made for NetBSD-current.
At https://nycdn.netbsd.org/pub/NetBSD-daily/HEAD/202410301200Z/images/ you can see that there are NetBSD-current images prepared every few days.
I think we see fewer providers offering NetBSD images because NetBSD isn't requested as often as other BSDs.
I used @cmeerw's NetBSD 10 image because it was readily available thanks to the courtesy of Linveo. Some providers won't install custom OS images, so their customers are stuck with what's available. That's why @naguam developed CloudBSD.xyz, so people could install NetBSD without needing any customization on the provider side.
Even if I had installed using a NetBDSD-current image, I still would have to go through pretty much the same steps to keep the image up-to-date. All I have to do now to stay up-to-date is run
cvs update
, rebuild, reinstall, and reboot. I'm sure there are times when the build breaks or the reboot fails, but in my limited experience of a few years, I don't recall a build or a reboot failure.If I misunderstood your question, please ask again.
Best wishes!
Tom
I hope everyone gets the servers they want!
Sadly after 2 months tinkering with BSD's i just could not resist and went back to this beauty on Linveo
ServerStatus , slackvpn <-- openVPN auto install script for Slackware 15
May I ask what was your experience with them? What made you go back to Slack?
@emperor
With @Crab, may I please join in asking what was your experience with the BSDs and what made you go back to Slack?
FWIW, I like Slackware too! Darkstar, my old server in Texas, ran Slackware-current. Everything worked great! Maybe LES needs a Slackware thread? @AuroraZero also likes Slack, or so I hear. I vote for making a Slackware thread!
I hope everyone gets the servers they want!
In case anybody has been trying to set up FreeBSD as a VPN server and has been struggling with somewhat lackluster network performance with virtio drivers (e1000 actually work very well in KVM), keep on reading.
Despite @linveo having excellent network performance on their nodes, the VPN download has been very slow (~1Mbps), and I wanted to get to the bottom of it.
First, I thought that there's something to do with my firewall/NAT settings and I tried regular ipfw, ipfw in-kernel and pf, but they all shared the same symptoms: download is crawling, but upload is good.
Second, I was wondering whether the network driver has something to do with it and it absolutely does. I tried virtio with other providers and the same download performance issue kept occurring. Some control panels allow you to use e1000, which is not necessarily provide you the greatest performance, but is a reliable driver and with that VPN connections sped up significantly.
@linveo has excellent network performance on his nodes, but VirtFusion they use doesn't allow to change the network driver, so I kept looking for some clues and I stumbled upon this thread:
https://www.reddit.com/r/freebsd/comments/jqa4vw/wireguard_vpn_very_slow_on_freebsd/
They advised to put these lines into /boot/loader.conf:
hw.vtnet.0.tso_disable="1"
hw.vtnet.tso_disable="1"
hw.vtnet.lro_disable="1"
hw.vtnet.0.lro_disable="1"
hw.vtnet.csum_disable="1"
hw.vtnet.0.csum_disable="1"
After a reboot, I was very happy and relieved to see that the download speeds increased drastically, over 100x! YMMW, but give it a try if you have had similar issues.
Also please note that I did try OpenVPN and Wireguard just to see whether there could be something to do with the actual VPN implementation, but both were actually behaving the same way.
TL;DR: If you have download performance problems with FreeBSD and either OpenVPN or Wireguard VPN server, try the /boot/loader.conf settings provided above.
You sexy biatch!!!!
Free Hosting at YetiNode | Cryptid Security | URL Shortener | LaunchVPS | ExtraVM | Host-C | In the Node, or Out of the Loop?
It was the VPN problems i had.. 1st i had firewalls problems could not get any internet, and after makin that work; slow speeds. I know that network is good and should receive better speeds but that was slow. So now is rock solid
ServerStatus , slackvpn <-- openVPN auto install script for Slackware 15