The default instructions on the PivKey documentation site: https://pivkey.zendesk.com/hc/en-us do not provide any examples for configuring a self-signed certificate in any of the 25 slots. These instructions were tested with the PivKey C910 version, but likely most Taglio variants will work the same way.

There is support in powershell 5.1+ on currently supported Windows OS (Server 2012+/Windows 10+) configurations for generating self-signed certificates with a wide variety of configuration parameters, including support for the Microsoft Smart Card Key Storage Provider to generate keys on a smartcard.

• Reference: https://learn.microsoft.com/en-us/powershell/module/pki/new-selfsignedcertificate
• Setup mapping of generate certificate to certificate slots (see Powershell script snippet below) to automatically assign a slot by using the correct Application Policies OID configuration in in the initi

In certain environments, it is useful to have a router and firewall between two private vlans. When the WAN interface of PfSense is not able to access the internet (e.g. DNS Resolution, Update Checks, etc.) it can become sluggish to boot and configure. This guide attempts to capture configuration knobs that can improve the usability in these environments, and was written with PfSense CE 2.7.2 configuration as a baseline.

• Finish Documentation
• tcpdump -nn -i XXX pfsense at steady state air-gapped {for em0 (WAN), em1 (LAN), lo0 (loopback)} Loopback will show you all of the items that would have being queried via root.hints or other pfsense internals. Start with udp port 53 capture filter to look for DNS traffic.
• tcpdump pfsense at boot with WAN interface to look for extra ntp, dns, http, tls packets

Installation from the PfSense CE ISO file can easily be done in these environments. Download the ISO from mirror (to avoid creatin

This example provides a simple configuration for a Debian client to have a Cloudflare tunnel while not installing the official Cloudflare WARP client. Note: Tunnel transport outbound to engage.cloudlflare.com on udp/2408 is default, with a dynamic listening udp port and a fwmark for packet matching by wireguard. Any applicable firewall rules may need to be adjusted.

• Top-level GitHub project to convert cloudflare endpoint to generic wireguard configuration file: https://github.com/ViRb3/wgcf

sudo apt install openresolv wireguard-tools golang git

git clone https://github.com/ViRb3/wgcf.git

This Quickstart receipe for Qemu assumes a recent FreeBSD release (stable/13 or newer), and provides an example configuration for running arm64 (aarch64) FreeBSD guest on an amd64 FreeBSD Host. Concepts can be applied to other architectures as desired, but syntax and capabilities will vary.

• Dependancies
• Getting Started
• Example Qemu guest startup script

• Install qemu pkg install qemu or pkg instal qemu-nox11. Latest pre-built package release as of this writeup is 8.1.0
• Sufficient disk space (50+GB) on a mounted FreeBSD Host disk (e.g.: /qemu-data in this example)

Some random FreeBSD Ports information for future me

• Add BATCH=YES to prevent questions and dialog4ports(1) from slowing you down.

• config to force a configuration display/choice (even if BATCH=YES has been defined)
• fetch and fetch-recursive to download the source packages if not cached
• install and reinstall to install and force-reinstall the port and register with package database
• deinstall to uninstall/remove the port and de-register from package database
• build-depends-list, run-depends-list, all-depends-list to just list the names of the dependancies

Configuration information for the Microsocks package on FreeBSD as the existing documentation does not give sufficient details to create a secure configuration flexible enough to use for various use cases. See https://github.com/rofl0r/microsocks for the latest source code and wiki documentation. Note: The user authentication method supported by Microsocks is only plaintext, and is not protected by any layer of encryption. Please be hyper aware and use other layers of protection to secure your socks5 endpoint. (Firewall + TLS encryption with client authentication using something like stunnel).

• If you want an easy way of doing this, just look at ssh -D localhost:1080 <user@host> instead since SSH provides a native Socks5 tunnel with encryption.
• You can also use stunnel in socks5 protocol mode without Microsocks since it has native support for protocol = socks. See stunnel documentation here: https://www.stunnel.org/static/stunnel

mkdir /etc/nginx/certs
chmod 770 /etc/nginx/certs
chown root:www-data /etc/nginx/certs
groupmod -a www-data -U dhorn

echo "%www-data ALL=(ALL:ALL) NOPASSWD:/usr/sbin/service" >/etc/sudoers.d/20_nginx

I want to forget about differences between my Linux machines (running bash), and my BSD machines (running tcsh), and have user-friendly cli experience. The knobs below will cause bash/readline/less to behave more like tcsh defaults.

1. Searching through history with filters

echo '"\e[B": history-search-forward' >>~/.inputrc
echo '"\e[A": history-search-backward' >>~/.inputrc

2. Pager re-init and thus manpages causing screen to clear on quit