Before getting on to why use OpenBSD, let's start by covering what it actually is. It is a free, UNIX-based operating system designed with security and best practices front and centre. In fact, many security professionals consider OpenBSD the most secure operating system . It comes with support for many platforms (including all popular Intel and ARM processors — it even runs on a Raspberry Pi). Much ubiquitous security-related software, available on other systems, was built by the OpenBSD project. This includes OpenSSH, LibreSSL (forked from OpenSSL) and pf, a firewall used in macOS and the pfSense Open Source Firewalls and OpenSMTPD.
The no-compromise approach to security and integration of cutting-edge security technology make OpenBSD a first choice for building firewalls and private networking services. Examples are VPNs, web hosts and relays, and firewalls. Security is really the main selling point. The system is secure by default , meaning you can install OpenBSD as a novice and have a secure system without having to modify any configuration or change any settings.
OpenBSD probably wouldn't be the first choice for a non-tech person looking to run generalist productivity apps. Although it ships with a lot of software useful for building a secure VPN or firewall, you might struggle to get all of your favourite apps working on it. The OS does come with gcc and other compilers, so you can build open source software you need, but this isn't for everyone.
If you are currently using Windows or macOS and are looking for something more secure, it might be better to try Ubuntu Linux as a stepping stone to OpenBSD. If this is you, start by creating a virtual Ubuntu installation on your Mac using VirtualBox . This will let you keep your existing setup and try Linux without having to own another computer.
If you are ready to make the jump to OpenBSD, let's look at some handy commands and where to get help when you get stuck.
Here are three handy commands which OpenBSD newbies will need:
sudoif you are coming from Linux, go for
pkg_add— install and upgrade packages using the in-built package management tool.
syspatch— check for and install OS updates.
To search for available packages, there is also the
pkg_info -Q wireguard to search for WireGuard
packages and then to install one for example,
The best source of documentation is the man pages. As an example, in a post on How to Set up Cloudflare Warp on OpenBSD, we mentioned the “wg” man page a source of further information on configuring a WireGuard interface on OpenBSD. As well as
being available online, the man pages can be accessed locally, on your machine. Opt in for
including them when installing the system. You just use the
man command to bring up a
page. Sticking with the WireGuard example, from the command line you would just enter the command:
These man pages are well written and offer very detailed documentation on how to use specific features. They should be the first port of call when debugging. They are also particularly useful if you are coming to OpenBSD from a Linux background as, although many popular commands exist, sometimes the flags and switches differ from their Linux equivalents. It goes without saying this is an invaluable resource when troubleshooting.
The best way to keep up-to-date with OpenBSD developments is to subscribe to some mailing lists . The most important is probably the “announce” which keeps you abreast of security advisories as well as general announcements. The “misc” list is also a good one to subscribe, it has general user questions. You might consider submitting a question if you are still stuck on an issue after doing your research.
I hope you have you found this post useful. Please let me know if there is anything else you think I should have included. Also get in touch if you have recently started trying OpenBSD, keen to hear how you use your setup and how you found the switch. Finally, feel free to share the post on your social media accounts for all your followers who might find it useful. You can get in touch via @askRodney on Twitter and also askRodney on Telegram . Alternatively, see further ways to get in touch with Rodney Lab. If you have found this post useful and can afford even a small contribution, please consider supporting me through Buy me a Coffee.