Hello,
I am please to announce that I stop providing amd64 / i386 stable packages for
OpenBSD on my personal repository https://stable.perso.pw/ but I’ll now provide
powerpc packages (and only those).
I drop the two architectures as the project now provide official packages. (I’m
involved here :P)
Hi,
I’m happy to announce the OpenBSD project will now provide -stable binary
packages. This mean, if you run last release (syspatch applied or not),
pkg_add -u will update packages to get security fixes.
Remember to restart services that may have been updated, to be sure to run new
binaries.
Link to official
announcement
If for some reasons you want to visualize your bandwidth traffic on an
interface (in or out) in a terminal with a nice graph, here is a small script
to do so, involving ttyplot, a nice software making graphics in a terminal.
The following will works on OpenBSD.
You can install ttyplot by pkg_add ttyplot
as root, ttyplot package appeared
since OpenBSD 6.5.
For Linux, the ttyplot official website
contains tons of examples.
Example
Output example while updating my packages:
IN Bandwidth in KB/s
↑ 1499.2 KB/s#
│ #
│ #
│ #
│ ##
│ ##
│ 1124.4 KB/s##
│ ##
│ ##
│ ##
│ ##
│ ##
│ 749.6 KB/s ##
│ ##
│ ##
│ ## #
│ ## # # # # ##
│ ## # ### # ## # # # ## ## # # ##
│ 374.8 KB/s ## ## #### # # ## # # ### ## ## ### # ## ### # # # # ## # ##
│ ## ### ##### ########## ############# ### # ## ### ##### #### ## ## ###### ## ##
│ ## ### ##### ########## ############# ### #### ### ##### #### ## ## ## ###### ## ###
│ ## ### ##### ########## ############## ### #### ### ##### #### ## ## ######### ## ####
│ ## ### ##### ############################## ######### ##### #### ## ## ############ ####
│ ## ### #################################################### #### ## #####################
│ ## ### #################################################### #############################
└────────────────────────────────────────────────────────────────────────────────────────────────────→
# last=422.0 min=1.3 max=1499.2 avg=352.8 KB/s Fri Jul 19 08:30:25 2019
github.com/tenox7/ttyplot 1.4
In the following command, we will use trunk0 with INBOUND traffic as the
interface to monitor.
At the end of the article, there is a command for displaying both in and out at
the same time, and also instructions for customizing to your need.
Article update: the following command is extremely long and complicated, at
the end of the article you can find a shorter and more efficient version,
removing most of the awk code.
You can copy/paste this command in your OpenBSD system shell, this will produce
a graph of trunk0 inbound traffic.
{ while :; do netstat -i -b -n ; sleep 1 ; done } | awk 'BEGIN{old=-1} /^trunk0/ { if(!index($4,":") && old>=0) { print ($5-old)/1024 ; fflush ; old = $5 } if(old==-1) { old=$5 } }' | ttyplot -t "IN Bandwidth in KB/s" -u "KB/s" -c "#"
The script will do an infinite loop doing netstat -ibn
every second and
sending that output to awk.
You can quit it with Ctrl+C.
Explanations
Netstat output contains total bytes (in or out) since system has started so awk
needs to remember last value and will display the difference between two
output, avoiding first value because it would make a huge spike (aka the total
network transfered since boot time).
If I decompose the awk script, this is a lot more readable.
Awk is very readable if you take care to format it properly as any source code!
#!/bin/sh
{ while :;
do
netstat -i -b -n
sleep 1
done
} | awk '
BEGIN {
old=-1
}
/^trunk0/ {
if(!index($4,":") && old>=0) {
print ($5-old)/1024
fflush
old = $5
}
if(old==-1) {
old = $5
}
}' | ttyplot -t "IN Bandwidth in KB/s" -u "KB/s" -c "#"
Customization
- replace trunk0 by your interface name
- replace both instances of $5 by $6 for OUT traffic
- replace /1024 by /1048576 for MB/s values
- remove /1024 for B/s values
- replace 1 in sleep 1 by another value if you want to have the value every
n seconds
IN/OUT version for both data on the same graph + simpler
Thanks to leot on IRC, netstat can be used in a lot more efficient way and remove all the awk parsing!
ttyplot supports having two graphs at the same time, one being in opposite color.
netstat -b -w 1 -I trunk0 | awk 'NR>3 { print $1/1024; print $2/1024; fflush }' | ttyplot -2 -t "IN/OUT Bandwidth in KB/s" -u "KB/s" -c "#"
Introduction
If you ever wanted to make a twitch stream from your OpenBSD system, this is
now possible, thanks to OpenBSD developer thfr@ who made a wrapper named
fauxstream using ffmpeg with relevant parameters.
The setup is quite easy, it only requires a few steps and searching on Twitch
website two informations, hopefully, to ease the process, I found the links for
you.
You will need to make an account on twitch, get your api key (a long string of
characters) which should stay secret because it allow anyone having it to
stream on your account.
Preparation steps
- Register / connect on twitch
- Get your Stream API key at
https://www.twitch.tv/YOUR_USERNAME/dashboard/settings (from this page you
can also choose if twitch should automatically saves streams as videos for
14 days)
- Choose your nearest server from this page
- Add in your shell environnement a variable TWITCH=rtmp://SERVER_FROM_STEP_3/YOUR_API_KEY
- Get fauxstream with
cvs -d anoncvs@anoncvs.thfr.info:/cvs checkout -P projects/fauxstream/
chmod u+x fauxstream/fauxstream
- Allow recording of the microphone
- Allow recording of the output sound
Once you have all the pieces, start a new shell and check the $TWITCH variable
is correctly set, it should looks like
rtmp://live-ams.twitch.tv/app/live_2738723987238_jiozjeoizaeiazheizahezah
(this is not a real api key).
Using fauxstream
fauxstream script comes with a README.md file containing some useful
informations, you can also check the usage
View usage:
$ ./fauxstream
Starting a stream
When you start a stream, take care your API key isn’t displayed on the
stream! I redirect stderr to /dev/null so all the output containing the
key is not displayed.
Here is the settings I use to stream:
$ ./fauxstream -m -vmic 5.0 -vmon 0.2 -r 1920x1080 -f 20 -b 4000 $TWITCH 2> /dev/null
If you choose a smaller resolution than your screen, imagine a square of that
resolution starting at the top left corner of your screen, the content of this
square will be streamed.
I recommend bwm-ng package (I wrote a ports of the week article about it)
to view your realtime bandwidth usage, if you see the bandwidth reach a fixed
number this mean you reached your bandwidth limit and the stream is certainly
not working correctly, you should lower resolution, fps or bitrate.
I recommend doing a few tries before you want to stream, to be sure it’s ok.
Note that the flag -a
may be be required in case of audio/video
desynchronization, there is no magic value so you should guess and try.
Adding webcam
I found an easy trick to add webcam on top of a video game.
$ mpv --no-config --video-sync=display-vdrop --framedrop=vo --ontop av://v4l2:/dev/video1
The trick is to use mpv to display your webcam video on your screen and use the
flag to make it stay on top of any other window (this won’t work with cwm(1)
window manager). Then you can resize it and place it where you want. What you
see is what get streamed.
The others mpv flags are to reduce lag between the webcam video stream and the
display, mpv slowly get a delay and after 10 minutes, your webcam will be
lagging by like 10 seconds and will be totally out of sync between the action
and your face.
Don’t forget to use chown to change the ownership of your video device to your
user, by default only root has access to video devices. This is reset upon
reboot.
Viewing a stream
For less overhead, people can watch a stream using mpv
software, I think this
will require youtube-dl
package too.
Example to view me streaming:
$ mpv https://www.twitch.tv/seriphyde
This would also work with a recorded video:
$ mpv https://www.twitch.tv/videos/447271018
Hello,
I HATE Discord.
Discord users keep telling about their so called discord server, which is
not dedicated to them at all. And Discord has a very bad quality and a lot of
voice distorsion.
Why not run your very own mumble server with high voice quality and low
latency and privacy respect? This is very easy to setup on OpenBSD!
Mumble is an open source voip client, it has a client named Mumble (available
on various operating system) and at least Android, the server part is murmur
but there is a lightweight server named umurmur. People authentication is done
through certificate generated locally and automatically accepted on a server,
and the certificate get associated with a nickname. Nobody can pick the same
nickname as another person if it’s not the same certificate.
How to install?
# pkg_add umurmur
# rcctl enable umurmurd
# cp /usr/local/share/examples/umurmur/umurmur.conf /etc/umurmur/
We can start it as this, you may want to tweak the configuration file to add a
password to your server, or set an admin password, create static channels,
change ports etc….
You may want to increase the max_bandwidth
value to increase audio quality,
or choose the right value to fit your bandwidth. Using umurmur on a DSL line is
fine up to 1 or 2 remote people. The daemon uses very little CPU and very
little memory. Umurmur is meant to be used on a router!
# rcctl start umurmurd
If you have a restrictive firewall (I hope so), you will have to open the ports
TCP and UDP 64738.
How to connect to it?
The client is named Mumble and is packaged under OpenBSD, we need to install it:
# pkg_add mumble
The first time you run it, you will have a configuration wizard that will take
only a couple of minutes.
Don’t forget to set the sysctl kern.audio.record to 1 to enable audio
recording, as OpenBSD did disable audio input by default a few releases ago.
You will be able to choose a push-to-talk mode or voice level to activate and
quality level.
Once the configuration wizard is done, you will have another wizard for
generating the certificate. I recommend choosing “Automatically create a
certificate”, then validate and it’s done.
You will be prompted for a server, click on “Add new”, enter the name server so
you can recognized it easily, type its hostname / IP, its port and your
nickname and click OK.
Congratulations, you are now using your own private VOIP server, for real!
This blog post is an update (OpenBSD 6.5 at that time) of this very same
article I published in June 2018. Due to rtadvd replaced by rad, this text
was not useful anymore.
I subscribed to a VPN service from the french association Grifon (Grifon
website[FR] to get an IPv6 access to the world and play
with IPv6. I will not talk about the VPN service, it would be pointless.
I now have an IPv6 prefix of 48 bits which can theorically have 280 addresses.
I would like my computers connected through the VPN to let others computers in
my network to have IPv6 connectivity.
On OpenBSD, this is very easy to do. If you want to provide IPv6 to Windows
devices on your network, you will need one more.
In my setup, I have a tun0 device which has the IPv6 access and re0 which is my
LAN network.
First, configure IPv6 on your lan:
# ifconfig re0 inet6 autoconf
that’s all, you can add a new line “inet6 autoconf” to your file
/etc/hostname.if
to get it at boot.
Now, we have to allow IPv6 to be routed through the differents
interfaces of the router.
# sysctl net.inet6.ip6.forwarding=1
This change can be made persistent across reboot by adding
net.inet6.ip6.forwarding=1
to the file /etc/sysctl.conf
.
Automatic addressing
Now we have to configure the daemon rad to advertise the we are routing,
devices on the network should be able to get an IPv6 address from its
advertisement.
The minimal configuration of /etc/rad.conf is the following:
interface re0 {
prefix 2a00:5414:7311::/48
}
In this configuration file we only define the prefix available, this is
equivalent to a dhcp addresses range. Others attributes could provide DNS
servers to use for example, see rad.conf man page.
Then enable the service at boot and start it:
# rcctl enable rad
# rcctl start rad
Tweaking resolv.conf
By default OpenBSD will ask for IPv4 when resolving a hostname (see
resolv.conf(5) for more explanations). So, you will never have IPv6
traffic until you use a software which will request explicit IPv6
connection or that the hostname is only defined with a AAAA field.
# echo "family inet6 inet4" >> /etc/resolv.conf.tail
The file resolv.conf.tail is appended at the end of resolv.conf
when dhclient modifies the file resolv.conf.
Microsoft Windows
If you have Windows systems on your network, they won’t get addresses
from rad. You will need to deploy dhcpv6 daemon.
The configuration file for what we want to achieve here is pretty
simple, it consists of telling what range we want to allow on DHCPv6
and a DNS server. Create the file /etc/dhcp6s.conf
:
interface re0 {
address-pool pool1 3600;
};
pool pool1 {
range 2a00:5414:7311:1111::1000 to 2a00:5414:7311:1111::4000;
};
option domain-name-servers 2001:db8::35;
Note that I added “1111” into the range because it should not be on the
same network than the router. You can replace 1111 by what you want, even CAFE
or 1337 if you want to bring some fun to network engineers.
Now, you have to install and configure the service:
# pkg_add wide-dhcpv6
# touch /etc/dhcp6sctlkey
# chmod 400 /etc/dhcp6sctlkey
# echo SOME_RANDOM_CHARACTERS | openssl enc -base64 > /etc/dhcp6sctlkey
# echo "dhcp6s -c /etc/dhcp6s.conf re0" >> /etc/rc.local
The openbsd package wide-dhcpv6 doesn’t provide a rc file to
start/stop the service so it must be started from a command line, a
way to do it is to type the command in /etc/rc.local
which is run at
boot.
The openssl command is needed for dhcpv6 to start, as it requires a
base64 string as a secret key in the file /etc/dhcp6sctlkey.