TL;DR
OpenBSD Amsterdam are really awesome. A lot of people are saying this around the nerd globe, and it is true.
Introduction / Why OpenBSD
I started way way way too late in joining the normal nerds in having an own blog where I would write about technical stuff. I have a lot of opinions mostly on politics and other stuff. Maybe for some time in the future though…
Why did I start this? Well, I don’t know.
I have three PCs at home. An iMac 14,2 from 2013, a Macbook Air 6,2 from 2014 and a crappy old Lenovo Z580 with a magnetic spinning HD.
I used to run Debian 10, then 11 then 12 and even 13 testing on those. It all worked quite well.
Some 15 years back I first came into contact with the BSDs, FreeBSD and OpenBSD. I liked FreeBSD quite well, and especially the Handbook was very impressive. It reminded me a bit of linux in that it tries do do everything under the sun.
OpenBSD did not try this and does not do that even today.
The result is a very simple system, that can be at least in principle understood in its entierty.
I liked that a lot even then.
Now after all these years with Debian I got bored and wanted to revisit the BSDs. FreeBSD even got to the point of a linux clone which I shyed away from quickly.
OpenBSD is still pretty much in the game and will stay relevant because of its clear focus.
So I thought why not give it a shot. I installed it on all my PCs and it mostly works very well.
The iMac has an Nvidia card so no graphics acceleration there, but I could not care less. The Macbook Air needs a wifi dongle, because the internal chip is not supported. Also suspend does not work, but hibernate does. With the Lenovo z580 everything just works, even the webcam and microphone.
OpenBSD Amsterdam
The reason why I decided to use a VPS is to try out as much as can be done with OpenBSD with a default installation under the addition of as less packages as possible. I wanted to run a web server with httpd, relayd and set up an own VPN with wireguard. I also wanted to learn pf again, because I think it is the best and most elegant software in packet filtering out there.
So I quickly learned that there were basically two options for OpenBSD in hosting vultr and OpenBSD Amsterdam. Through their website I learned that it is very niche and there is quite a number of OpenBSD developers and freaks who use it. So I figured: why not
Setup a VM with OpenBSD Amsterdam
Getting a VM was as simple as filling out the form online. One hour later I received an email by Mischa with the credentials. Everything works as expected.
Login the VM
You login via ssh:
ssh username@xx.xx.xx.xx
The username was provided by you in the online form. The login works with you entering your passphrase for the ssh key provided through the online form.
After logging in for the first time you will want to change your user and root password. The password for these users is given to you as the last entry in the file:
cat ~/.ssh.authorized_keys
Ooops firewall
When playing with the firewall rules and going from the default to a blocking policy I accidentally locked myself out of the VM. This happened, because I closed port tcp 22 for ssh.
Fortunately in such a case you can save your ass by logging into the server that hosts your VM directly. Let us say your VM resides on server 14.
ssh -p number username@server14.openbsd.amsterdam
The port number is not 22. It is given to you in Mischa’s mail. After being on the server you now can issue
vmctl console vm11
Let us say you have VM number 11.
Now you can log into the VM as root or username and password. Fix your pf.conf, reload the firewall with pfctl -f /etc/pf.conf and check if logging into your VM directly per ssh works again. And voila.
Reinstall your VM
So you want to reinstall your VM, but it is not bricked. Then perform the following steps:
Log into the physical server. Reboot the vm. At the boot prompt choose to boot from bsd.rd to start the installer.
ssh -p number username@server14.openbsd.amsterdam
server14$ vmctl console vm11
vm11$ reboot
boot> boot bsd.rd
Make sure to select also the sitexx.tgz set when selecting the sets.
Reinstall your VM if it is completely broken
So, you have totally bricked your VM. Don’t worry you can help yourself:
Log into the physical server:
ssh -p number username@server14.openbsd.amsterdam
server14$ ftp https://mirror.openbsd.amsterdam/pub/OpenBSD/7.6/amd64/bsd.rd
server14$ vmctl stop vm11
server14$ vmctl start -c -b ./bsd.rd vm11
Now perform a normal install. In the end do not forget to delete the bsd.rd file from the server.
server14$ rm bsd.rd
server14$ exit
Sources for inspiration
Many thanks to these two people.
Fantastic Blog of Solene Rapenne
Conclusion
OpenBSD Amsterdam is a fantastic service. I am running this website with it as well as a wireguard VPN.