In this comprehensive tutorial, I provide a detailed guide on how to build and install the NBDE server Tang on OPNsense. Tang offers an additional layer of security for a server environment by securely managing encryption keys. We walk through each step of the process, from compiling Tang to configuring it on OPNsense.

Learn how to implement Network Bound Disk Encryption using Clevis and Tang on a Fedora 37 system, with the added security of OpenWRT as an authentication server. This guide covers the installation of Tang on an OpenWRT router, the setup of Clevis and its associated dracut module on the client, and the binding of a LUKS volume to the Tang instance.

Introduction Since my keyboard and mouse are paired to my computer via Bluetooth and I always encrypt my hard drives with LUKS2, I ran into a chicken egg problem. At this early boot stage, the entire Bluetooth stack is not yet responsive. As a result, I can’t enter my password. The simplest solution is a wired keyboard, but then I would have multiple keyboards on the table and thus less space.

This script checks if the FRITZ!Box has a valid ssl certificate and renews it with certbot if necessary. In order to upload the certificate to the FRITZ!Box, a separate user must be created in the webinterface beforehand. It makes sense to call the script regularly (e.g. every 7 days) by a cronjob. A further development could be the dispatch of a mail when the certificate is renewed. #!/bin/bash # parameters USERNAME="fritzuser" PASSWORD="*********" CERTPATH="/root" CERTPASSWORD="" FQDN=fritzbox.