How to create secure remote access with zero trust policy This short how-to should give you some ideas on how to create secure web access to your web services without VPN. First of all: You can stop reading (and probably using Internet after all) if you don’t trust any content providers. I will use Cloudflare, OPNsense, Solokeys and Github for this Demo. You need a fixed IP-address or just use Cloudflare’s DynDNS service as well.

UPDATE 21/09/19: Everything has been comitted and merged upstream. So you can simply run: pkg install opensearch STALE Want to try out OpenSearch on FreeBSD? Right now there is no official support or port for OpenSearch on FreeBSD, so I created a small hotfix for a demo installation. As I like to run everything on BastilleBSD I added basic support for jails as well (due to missing default loopback interface).

In case your poudriere ports are no longer beeing updated via poudriere ports -u : Did you hear about the Git migration? The easiest way should be deleting the old ports tree and refetch it. poudriere ports -d default poudriere ports -c -m git+https Done.

Upgrade BastilleBSD jails from source Using bastille upgrade 12.1-RELEASE 12.2-RELEASE is the prefered way of upgrading. If you need to do that air-gapped or with a special release (like -HEAD) you can use this tutorial. before you start: make sure your host system is not behind the jails release svnlite checkout https://svn.freebsd.org/base/head /usr/src If you want to fetch a special branch you can svnlite checkout one of the following branches: ‘release/12.

Create a jailed Ubuntu Linux with Bastille on FreeBSD 12.2 Make sure Bastille is installed and configured. click here This is not offically supported, so don’t use it in production! update 2021/02/11: Auto Installer You could try the following POC for automated jail creation: DO NOT USE THIS IN PRODUCTION! THIS MIGHT BREAK YOUR RUNNING INSTALLATION git clone -b linux_compat https://github.com/hackacad/bastille cd bastille && make install bastille bootstrap bionic bastille create -L linuxjail bionic (ipaddress) (interface) bastille console linuxjail Manual installation This how-to is based on

HowTo create jails with Bastille 0.8 TDLR of https://github.com/BastilleBSD/bastille/ (updated for Bastille 0.8.20210115) install bastille Bastille is very active so make sure you switch to latest pkg mirror vim /etc/pkg/FreeBSD.conf FreeBSD: { url: "pkg+http://pkg.FreeBSD.org/${ABI}/latest", mirror_type: "srv", signature_type: "fingerprints", fingerprints: "/usr/share/keys/pkg", enabled: yes } enable bastille sysrc bastille_enable=YES create virtual network bridge sysrc cloned_interfaces+=lo1 sysrc ifconfig_lo1_name="bastille0" service netif cloneup edit /etc/pf.conf (add the lines without #) ext_if="em0" set block-policy return scrub in on $ext_if all fragment reassemble set skip on lo table <jails> persist nat on $ext_if from <jails> to any -> ($ext_if) ## Enable dynamic rdr (see below) bastille 0.

This a short how-to for creating a FreeBSD pkg mirror using BastilleBSD and Poudriere. Two things: Yes! This is not a full how to for creating a mirror, but I assume you’re able to spawn a webserver and move files on the filesystem. Yes! You could do more automation using templates. At the time we started playing with poudriere with bastille didn’t have the features it has now (0.8). on the jail host: Bastille is very active so make sure you switch to latest pkg mirror