7.5 Updated!

June 22th, 2024, proudly hosted by ARP Networks. Follow me on Twitter.


Forked from NetBSD. Theo de Raadt is the founder and leader of the OpenBSD project. The first OpenBSD release 1.1/CVS appeared on October 18, 1995.

why use openbsd?

openbsd use cases

  • Firewall (PF)
  • Router
  • Mailserver (OpenSMTPD)
  • Webserver (httpd)
  • Hypervisor (vmd)
  • NAS (softraid)
  • As a desktop

openbsd innovations

Software and ideas developed or maintained by the OpenBSD project: https://www.openbsd.org/innovations.html

openbsd version numbers

  • Semiannual release cycle
  • New release is incremented by 0.1

openbsd flavors

  • -release, shipped every six months
  • -stable, -release plus patches (support for 7.4 & 7.5)
  • -current, active development branch

cvs repository

Choose your repository at: https://www.openbsd.org/anoncvs.html


CVSweb is a WWW interface for CVS repositories with which you can browse a file hierarchy on your browser to view each file's revision history in a very handy manner: https://cvsweb.openbsd.org

manual pages

            # How to read a man page, for example foo(5) ?
            man 5 foo


Or view it on your browser at: https://man.openbsd.org

supported hardware

Some dmesgs


Really simple, ready in 5 minutes (KISS). The response file is emailed to the root user on next boot.

Get more information: https://www.openbsd.org/faq/faq4.html


For a full unattended install/upgrade process, you can easily use autoinstall(8).

filesystem overview

OpenBSD use by default FFS2 (Enhanced Fast File System).

Read: newfs(8)

networking configuration files

/etc/myname Default hostname
/etc/mygate Default gateway
/etc/hosts Known hosts on the network
/etc/resolv.conf Resolver (DNS)
/etc/hostname.if Configuration for each network interface, for example: /etc/hostname.bge0
Read: myname(5), mygate(5), hostname.if(5), resolv.conf(5), hosts(5)


            # Display the current configuration of network interfaces

            # Set DHCP for 're0' interface, on the fly
            ifconfig re0 autoconf

            # Perform network (re)initialisation
            sh /etc/netstart


networking (set at startup)

Example 1: configure static IP address for re0

            ## File: /etc/hostname.re0

Don't forget to run sh /etc/netstart re0 to apply changes to running system.

networking (set at startup)

Example 2: configure DHCP for bge0

            ## File: /etc/hostname.bge0
            inet autoconf

Don't forget to run sh /etc/netstart bge0 to apply changes to running system.

networking (set at startup)

Example 3: configure wireless

            # First, see a list of available wireless networks:
            ifconfig iwn0 scan


            ## File: /etc/hostname.iwn0
            nwid ACCESS_POINT_NAME wpakey THE_SECRET_KEY
            inet autoconf

            # Or, for multiple access points
            join AT_HOME wpakey THE_SECRET_KEY
            join AT_WORK wpakey THE_SECRETKEY
            inet autoconf

Don't forget to run sh /etc/netstart iwn0 to apply changes to running system.


            # Show the routing table (ipv4)
            route -n show -inet

            # Show the routing table (ipv6)
            route -n show -inet6

            # Delete all gateway entries from the routing table
            route -n flush


packet filter (pf)

(Useful commands)

            # Disable PF
            pfctl -d

            # Check the rules
            pfctl -nf /etc/pf.conf

            # Enable PF and load the rules
            pfctl -ef /etc/pf.conf

            # Just load the rules (apply changes)
            pfctl -f /etc/pf.conf

            # View the loaded rules
            pfctl -s rules

Read: pfctl(8)

pf ruleset sample

            ## File: /etc/pf.conf
            # Protect a laptop (allow only ping/ssh from anywhere)

            set skip on lo
            block log all
            pass in on egress inet proto icmp all icmp-type echoreq
            pass in on egress inet proto tcp from any to any port ssh
            pass out

Read: pf.conf(5)

debugging pf with tcpdump

            tcpdump -nettti pflog0

Read: tcpdump(8)

pf user's guide


PF and Networking Tutorial (AsiaBSDCon 2024)

user management

          # Manually
          user [add|del|info|mod] foobar

          # Add users interactively

          # Remove users interactively

Read: adduser(8), rmuser(8)

group management

File: /etc/group

            group [add|del|info|mod] foobar

Members in wheel group can use su(1) to become root.
Read: group(8), group(5), rmgroup(8)

sudo replaced with doas(1)

            ## File: /etc/doas.conf
            # Permit the user 'marc' to reboot the box
            permit nopass marc as root cmd /sbin/reboot


            # Marc can now reboot the box
            $ doas reboot

Read: doas(1), doas.conf(5)
Try doas mastery (blog).

package installation

            # By default, the /etc/installurl file already contains an OpenBSD mirror server URL

            # Search for packages
            pkg_info -Q foobar

            # For example, to install Squid
            pkg_add squid

            # Update packages
            pkg_add -u

Look in /usr/local/share/doc/pkg-readmes for extra documentation.
Read: pkg_info(1), pkg_add(1), installurl(5)

package management

            # List packages installed

            # List files installed by a package
            pkg_info -L foobar

            # View install-message for a specific package
            pkg_info -M foobar

Read: pkg_info(1), packages(7)

package management

            # Delete a Package
            pkg_delete foobar

            # Show unused dependencies
            pkg_delete -an

            # Delete unused dependencies
            pkg_delete -a

            # Delete all except 'nginx'
            pkg_delete -X nginx

Read: pkg_delete(1)

install non-free firmware packages


Firmware is downloaded from release-specific directories at: http://firmware.openbsd.org/firmware
Read: fw_update(8)

managing daemons & services

File: /etc/rc.conf.local

            rcctl [enable|disable|start|stop|reload|restart] foobar

            # For example, to start the apmd(8) daemon for CPU scaling, you might do
            rcctl enable apmd
            rcctl set apmd flags -A
            rcctl start apmd

Read: rcctl(8), rc.conf(8), rc.conf.local(8)

What's enabled on your system?

            rcctl ls on

Read: rcctl(8)

running scripts at startup

File: /etc/rc.local

Read: rc(8), rc.firsttime(8), rc.local(8), rc.securelevel(8)

updating openbsd (-stable)

Any security or reliability fixes can be found at:

Errata patches are generated for the 2 last releases (7.4, 7.5).

tools for updating openbsd (-stable)

Use syspatch(8) to update your kernel and userland, available for the 2 last releases.

And pkg_add -u to update packages.

upgrading openbsd

To upgrade 7.3 to 7.5, you need to follow instructions from: https://www.openbsd.org/faq/upgrade74.html
and then

sysupgrade(8), is a utility to upgrade OpenBSD to the next release or a new snapshot.

list obsolete files between OpenBSD upgrades

            pkg_add sysclean


Run sysclean to generate a list of obsolete elements. Review the list and manually remove unwanted files. Be careful.

openbsd filesystem

The most important to know!
/ Root directory
/home User home directories
/root Default home directory for the superuser
/mnt A temporary mount point

openbsd filesystem

/etc System configuration files and scripts
/etc/examples Example configuration files for base system daemons
/etc/skel (dot) files for new accounts
/etc/signify Key files used for signify(1)

openbsd filesystem

/tmp Cleaned after a reboot
/var/tmp Symbolic link to the system /tmp
/var/log Log files
/var/run pid, socket files, utmp, dmesg.boot

openbsd filesystem

/var/db Database files
/var/www chroot directory for httpd(8)
/var/www/htdocs Web repository for httpd(8)
/usr/local Third-party software goes here
/usr/src BSD and/or local source files
Read: hier(7)

openbsd kernels

Kernel executable (the operating system loaded into memory at boot-time).

In case of multiple processors, installer will rename /bsd to /bsd.sp and finally /bsd.mp to /bsd

openbsd kernels

Kernel executable, a resume from hibernation (handled by the bootloader).

openbsd kernels

Old kernel, next boot it will use the new kernel /bsd (kernel relinking).

openbsd kernels

Kernel executable for single processor machines.

openbsd kernels

Kernel executable for multiprocessor machines.

openbsd kernels


Installation kernel. The built-in RAM disk contains utilities which can be run without an external file system, so this kernel is useful for limited system maintenance too.

kernel troubleshooting

config(8) allows editing of the kernel binary specified by infile. Devices may be enabled, disabled, or modified without recompiling, by editing the kernel executable. Editing can also be done at boot-time, using the in-kernel editor, as described in boot_config(8).

*These changes will be lost during upgrades and prevent a newly linked kernel from being installed at boot time. To avoid this, use the bsd.re-config(5) configuration file.

system tuning

sysctl.conf(5) sysctl variables to set at system startup
sysctl(8) get or set kernel state
config(8) modify a kernel

setting laptop hibernation (sysctl)

machdep.lidaction=0 do nothing
machdep.lidaction=1 suspend
machdep.lidaction=2 hibernate

full openbsd startup described!

OpenBSD system startup

system maintenance

doas pkg_check -F Checks that there are no other random objects under /usr/local
doas dmesg -s Review rc(8) system startup messages
ldd foobar List dynamic object dependencies
df -h See disk usage
top -s .1 Check load (cpu/mem)
Read: pkg_check(8), dmesg(8), ldd(1), ld.so(1), df(1), top(1)

system maintenance

reset reset your terminal when it gets messed up by control sequences
rcctl ls on what is enabled on your system
doas rcctl ls started what is running on your system
Read: tset(1), reset(1), rcctl(8)

ktrace/kdump sample usage

ktrace -f ping.out \ ping openbsd.org proceed process tracing
kdump -f ping.out interprets the data from ktrace into a human readable format
Read: ktrace(1), kdump(1)

useful packages

screenfetch Display system information in the terminal
w3m Text-based web browser
noice minimalistic file browser

useful packages

pstree List processes as a tree
tmate Share your terminal on the web without open any ports
testdisk Scan and repair disk partitions

presentations & papers


getting more help

FAQ: https://www.openbsd.org/faq/
Manual page: afterboot(8)
Web IRC Channel: #openbsd
Mailing list: misc@

You can manage your OpenBSD mailing list membership at lists.openbsd.org.

openbsd vps hosting

It's time to create your own OpenBSD VM !

ARP Networks logo

OpenBSD Amsterdam logo

** bonus content

Join us on Telegram!
(Nice people, I promise.)


You can contribute, giving me your Feedback