Category Archives: FreeBSD

FreeBSD related posts

Review of my first FreeBSD Workshop in Landshut on 15 May 2015

Last Friday I held the first FreeBSD workshop in our new location in Landshut. It was a lot of fun for the 12 participantPicture of FreeBSD workshop in Landshut Germany 15. May 2015 and me.


The first workshop introduced the FreeBSD basics and the installation procedure. It was a hands on workshop which means that everyone had a device or virtual machine on which he followed the first steps to setup the FreeBSD operation system. My part was to introduce the options and and answer questions. Additional to that, I tried to help with decisions when to use ZFS or when its better to stick with UFS, or do I need a firewall or what is the difference between RELEASE, STABLE and CURRENT. The workshop started at 6pm and we ended on 9:30pm, so more than 3 hours of FreeBSD fun.

To answer some more questions in detail, I will setup more workshops this year. Some of the people asked to make a single workshop about Jails and ZFS. This are very interesting features of FreeBSD and nearly everyone was interested to hear more about them.

This is the current line up, the dates will follow as they are fixed:

  1. First steps with FreeBSD (done – 15. May 2015)
  2. Jails a FreeBSD power feature
  3. ZFS a short introduction
  4. PXE setup environment for multiple FreeBSD machines
  5. Ansible and FreeBSD
  6. Firewalling on FreeBSD, short introduction to PF and IPFW. Introduction to Opnsense and Pfsense.
  7. Automated role out of a complete company network (dns, dhcp, fileserver, webserver, firewall) based on FreeBSD within 30 minutes. (kind a bring it all together)

If you know FreeBSD yourself, think about setting up a local event at your location, too! Landshut is just a smaller city 70km away from Munich and only with meetup and some mailing lists post 12 people were interested in my workshop. Start your own and share your knowledge with others and learn more yourself this way. I am happy to share all my presentations. I wrote them in English but held them in German to make it easier to reuse them.

If you want to keep in touch with all the other events we are organized at the in Landshut, you should join the meetup group here. All events are free and open!

FreeBSD event in Landshut – Germany

Today I want to announce that I will organize a small FreeBSD workshop on 15 May 2015 in our new location in Landshut near Munich, Germany. The is a center of IT-companies and software developers. My company called BayCIX is one of the five founders of the Beside our daily business we planed to have tech talks and events from the beginning. Now that the building is finished and we have the infrastructure working, we will start with two meetups.

Follow our meetup site to check out the first meetup on 30. April and my FreeBSD workshop on 15. May:

As the name indicates, it takes place in a series of FreeBSD related workshops to introduce people to the FreeBSD system. I will bring some hardware to show where FreeBSD can run on and explain the basics.

If you’re located in Bavaria, feel free to join me and have some fun with FreeBSD.

Run KeePass with mono on FreeBSD 10.1

Using a password safe can make the life much easier. You can store your passwords encrypted for each service and if you need a new password, there is a password generator included as well.

To have the same password safe on all Linux/Mac/BSD machines you can use KeePass. It is a mono based software. O.k is not sexy but does its job quite well.

Install dependencies for KeePass on FreeBSD 10.1

pkg install mono libgdiplus

Download KeePass

Download the KeePass portable version!

Download KeePass for FreeBSD



Run KeePass

After you extracted KeePass to the place you want, run it with mono:

mono KeePass.exe

or use your file browser to execute the KeePass.exe file with mono. This works for me with dolphin in KDE.

KeePass with mono on FreeBSD 10.1

Hope this helps to make your life easier with managing passwords.

One bad thing is that KeeFox seems not to be working on FreeBSD, yet. KeeFox is a nice integration into your Firefox browser to automatically fill forms with the stored password for that site. I didn’t investigate maybe you have some time to find an alternative or make it work on FreeBSD.

FreeBSD getting into development and make your own release to test changes

When I installed FreeBSD, I stumbled over a bug with my T420. I now want to help fix it or to implement a workaround for my T420 to use it with gpt and ZFS-Root, Therefor  I needed to setup a development environment for FreeBSD on my Thinkpad. To make this process easier for others I will write down all the points that helped me and collect all in this post. Please see this post as work in progress as I may change or add some points in future.

Getting familiar with the names and versioning of FreeBSD

The latest release is 10.1 as I am writing this. The ongoing new development is always done in the so called HEAD or CURRENT tree. This is the latest stuff which will lead to the next major version 11.0 some day. Since FreeBSD uses subversion, all the source code of the base system is organized within this source code versioning system. I will explain how to build your CURRENT image from the source code here, this should enable you to build every other version or self patched version by your own. Please consider that a CURRENT system is for development or very experienced people who want to follow the latest changes. You will not get much help in official places if it comes to problems which are only connected to CURRENT as some times there are uncompleted features or bugs introduced. It should not happen put some times it can.

If you want to have a more stable system with some fixes that are back ported to the latest release version you can use the STABLE branch. I personally run STABLE on the machines I am working on. STABLE as it name indicates is quite stable. The patches and new features included are tested and ported to stable after they where some time in CURRENT.

Release is what you want if you need a super stable system. This is bullet proven stuff only touched by security fixes. If you have no need to run something newer, this is what makes you happy for production. To be even more paranoid you can skip the .0 releases as well of a new major version. New major versions bring bigger changes and may have a different behavior or feeling. Keep in mind that your staff need some time to adapt to new changes, too. A lot of companies skip .0 releases of any software they can avoid it for production. That is not a bad idea. You will have the most fun in production if everything is just working ūüėČ

Setup a development environment

You need FreeBSD to develop FreeBSD. That’s not quit surprising, but if you want to build a CURRENT system you need to use a CURRENT system as base. So today I use a 11 snapshot image to build my latest current images from source code.

I will come over the points I found hard to find in the documentation. The people on the FreeBSD IRC channel helped me a lot to find the locations where the documentation is. In many cases you need to know what you’re searching. It is easy to find the correct documentation if you are more familiar with the wording, but still first use a search engine to try to find the information yourself. It helps a lot if you searched the docs by yourself. You will learn more by doing it and people are more friendly if they recognize that you already have spend some time to help yourself.

Some more details and examples are collected by TJ from BSDNow can be found here:

From now on I assume you have a working FreeBSD – CURRENT system installed and running.

Install necessary packages or ports

To check out the source code you will need to use subversion. Install it using pkg or ports.

As mentioned by FAndrey you don’t need to install subversion client anymore. FreeBSD comes with svnlite in base system since FreeBSD 10. So if you don’t want svn you can use svnlite without installing an additional package or port. Thanks for that hint.

Using pkg:

pkg install subversion

Using ports

cd /usr/src/contrib/subversion
make install clean

Start populating /usr/src

The source code is managed in a subversion repository. There are some mirrors around so you can use one of them near to your location. As I am from Europe I will use one of the mirror located here. Find a mirror next to your location in the mirrors list:

Very important is that you verify the fingerprint of your mirror and only use the encrypted  connection!

svn co /usr/src/ 

Depending on the speed of your internet connection this will take a while. Grab a cup of coffee or tee.

If everything worked fine, your /usr/src should look like this:

-rw-r--r-- 1 root wheel 6.0K Nov 15 18:04 COPYRIGHT
-rw-r--r-- 1 root wheel 734B Nov 15 18:04 LOCKS
-rw-r--r-- 1 root wheel 6.3K Nov 15 18:04 MAINTAINERS
-rw-r--r-- 1 root wheel 18K Nov 15 18:04 Makefile
-rw-r--r-- 1 root wheel 62K Nov 15 18:26 Makefile.inc1
-rw-r--r-- 1 root wheel 287K Nov 15 18:26
-rw-r--r-- 1 root wheel 3.1K Nov 15 18:13 README
-rw-r--r-- 1 root wheel 42K Nov 15 18:04 UPDATING
drwxr-xr-x 42 root wheel 44B Nov 15 18:04 bin
drwxr-xr-x 9 root wheel 11B Nov 15 18:26 cddl
drwxr-xr-x 87 root wheel 87B Nov 15 18:23 contrib
drwxr-xr-x 5 root wheel 6B Nov 15 18:12 crypto
drwxr-xr-x 26 root wheel 95B Nov 15 18:04 etc
drwxr-xr-x 14 root wheel 16B Nov 15 18:13 games
drwxr-xr-x 5 root wheel 9B Nov 15 18:13 gnu
drwxr-xr-x 8 root wheel 105B Nov 15 18:13 include
drwxr-xr-x 9 root wheel 12B Nov 15 18:24 kerberos5
drwxr-xr-x 106 root wheel 108B Nov 15 18:26 lib
drwxr-xr-x 37 root wheel 42B Nov 15 18:04 libexec
drwxr-xr-x 13 root wheel 17B Nov 15 18:12 release
drwxr-xr-x 4 root wheel 6B Nov 15 18:13 rescue
drwxr-xr-x 91 root wheel 99B Nov 15 18:13 sbin
drwxr-xr-x 7 root wheel 9B Nov 15 18:13 secure
drwxr-xr-x 29 root wheel 31B Nov 15 18:25 share
drwxr-xr-x 53 root wheel 54B Nov 15 18:11 sys
drwxr-xr-x 3 root wheel 6B Nov 15 18:24 tests
drwxr-xr-x 15 root wheel 19B Nov 15 18:14 tools
drwxr-xr-x 258 root wheel 265B Nov 15 18:13 usr.bin
drwxr-xr-x 212 root wheel 220B Nov 15 18:25 usr.sbin

This is how you did the initial check out of the source code. You will need to update the tree from time to time to get the latest version of the source code. How the FreeBSD project is using subversion to control all the changes is explained very well in this video from Stefan Sperling, Subversion for FreeBSD developers which was recorded on EuroBSDcon 2014 in Sofia.

Configure your make.conf

The make.conf file contains the default make options. This files is important to be adjusted to your system and needs.

In my case it looks like this for my workstation:




Make your changes or add a patch

You have the complete source code in your /usr/src directory. Browse it or add a patch you made. All base components are in this tree. There are some additional tools to build and manage the source code as well. Check the MAINTAINERS file to see who is the contact for a patch you created and publish it on the mailing list to get it reviewed and maybe added to the upstream version of FreeBSD after discussion.


Build world and build your custom kernel

To have a system build with this options we will follow the documentation to rebuild world and kernel. This page is very detailed and should help you to do all necessary tasks:


Make your own FreeBSD-CURRENT install media

We are on a BSD system. The best source for information is the system itself. Try to search the man pages. The most BSD developers care a lot about documentation of their stuff and that the necessary information to run there programs are delivered in the man pages.

man release

In that man page the release scripts a very well documented. You can create your own install media images to test you changes or have your customized installation media for you environment.

Did I missed something? Let me know!

This is work in progress and I will update it with pleasure if you’re missing something. Ping me and I will try to add some more sections or if you miss some links or hints.


Create a screen recording on FreeBSD with kdenlive and external USB mic

This tutorial shows you how you can use kdenlive on FreeBSD to create a screen cast. I am using a Maya 22 USB to record speech from a Rode microphone. This works fine, too.

1. Install the software


If you have ffmpeg already installed you need to check if you had the X11GRAB option enabled. You will need it to allow kdenlive to record from your screen.

cd /usr/ports/multimedia/ffmpeg
make config

Enable X11GRAB option and SDL (


make deinstall
make reinstall

Install kdenlive

Use pkg:

pkg install kdenlive

Use ports:

cd /usr/ports/multimedia/kdenlive

make install clean

2. Modify audio options if you want to record your speech and the screen at the same time

Run kdenlive and follow the wizard to configure it the first time. After that a new empty project will be shown in the main window of kdenlive.

FreeBSD-kdenlive Select Record Monitor and open the configure window with the symbol right to the record button.



Select the profile with audio if you want to record your voice or other audio input while capturing the monitor. We need to modify this capturing options for FFmpeg here. I am not using pulse audio which is set by default in kdenlive. I use the oss input device which is in my case /dev/dsp9 for my Maya USB 22 interface. In your case this is a different dsp device.


After you have modified this options you can now record your first video with audio. If you don’t want to have audio recorded just select the other profile and you don’t need to make any changes.

I hope this will lead to more true FreeBSD made screen casts.

Here my first screen record using FreeBSD and kdenlive:

FreeBSD 10.1 using UEFI

This tutorial is about installing the latest stable FreeBSD 10.1 with UEFI and run a desktop with KDE with a NVIDIA video card.

Before Install

With my motherboard is does not work to boot UEFI if the CMS compatibly mode is turned off completely. Someone else second this problem with the same motherboard I am using. If you’re facing a similar problem, please report it to the mailing list.¬†

So even if you install using the UEFI image you maybe have to turn your UEFI/CMS mode to “both”.

ZFS is not possible with UEFI. Keep in mind that this installation with UEFI forces you to use UFS up to now! The UEFI loader is not able to load the ZFS root partition up to now.

Install base system

The installation is quite straight forward. Just boot, select what you want and the target disk. Select UFS filesystem and go for it.

Setup pkg

If you want to go with the prebuild packages setup pkg by running the command and run pkg update.

Install Xorg, KDE and nvidia-drivers

I used the binary packages except for the nvidia-drivers. There is a conflict between some KDE packages and nvidia-drivers ( You need to build the nvidia drivers without doc option and it will work to install everything correctly.

Install Xorg and KDE

pkg install xorg kde

Build kde4-workspace without  option

cd /usr/ports/x11/kde4-workspace
make config








Disable the “OpenGL ES 2.0 support” here to not get some file conflicts between nvidia-drivers version of some files and the¬†libEGL ones.

Configure system

Configure X

Here is my xorg.conf I created it useing “X -configure” and removed the duplicated parts and set the driver to nvidia

Section "ServerLayout"
 Identifier " Configured"
 Screen 0 "Screen0" 0 0
 InputDevice "Mouse0" "CorePointer"
 InputDevice "Keyboard0" "CoreKeyboard"

Section "Files"
 ModulePath "/usr/local/lib/xorg/modules"
 FontPath "/usr/local/lib/X11/fonts/misc/"
 FontPath "/usr/local/lib/X11/fonts/TTF/"
 FontPath "/usr/local/lib/X11/fonts/OTF/"
 FontPath "/usr/local/lib/X11/fonts/Type1/"
 FontPath "/usr/local/lib/X11/fonts/100dpi/"
 FontPath "/usr/local/lib/X11/fonts/75dpi/"

Section "Module"
 Load "dbe"
 Load "dri"
 Load "dri2"
 Load "extmod"
 Load "record"
 Load "glx"

Section "InputDevice"
 Identifier "Keyboard0"
 Driver "kbd"

Section "InputDevice"
 Identifier "Mouse0"
 Driver "mouse"
 Option "Protocol" "auto"
 Option "Device" "/dev/sysmouse"
 Option "ZAxisMapping" "4 5 6 7"

Section "Monitor"
 Identifier "Monitor0"
 VendorName "Monitor Vendor"
 ModelName "Monitor Model"

Section "Device"
 Identifier "Card0"
 Driver "nvidia"
 BusID "PCI:2:0:0"

Section "Screen"
 Identifier "Screen0"
 Device "Card0"
 Monitor "Monitor0"
 SubSection "Display"
 Viewport 0 0
 Depth 1
 SubSection "Display"
 Viewport 0 0
 Depth 4
 SubSection "Display"
 Viewport 0 0
 Depth 8
 SubSection "Display"
 Viewport 0 0
 Depth 15
 SubSection "Display"
 Viewport 0 0
 Depth 16
 SubSection "Display"
 Viewport 0 0
 Depth 24

Setting different keyboard layout than the default “qwerty” for KDM

I want to have a different keyboardlayout at login time with KDM and later in KDE. Changing it for KDE itself is not a big deal. Just open the system settings -> input devices and add the keyboard layout you want.


To Change it in KDM at login time this was more a pain to find the correct configuration file. But here is how to do it. As root user open the file: /usr/local/share/config/kdm/Xsetup and add the following line:

setxkbmap -model pc105 -layout de

Of course replace the de with the layout you prefer!

For the record. Adding the hal policy as mentioned in other places on the web, did not work for KDM on my FreeBSD 10.1 STABLE system.

Configure rc.conf to load nvidia start dbus and hald and kdm

There is a problem loading the nvidia driver when you’re using UEFI

Because of this bug I added the load of nvidia driver into the rc.conf. I am not sure if this is the recommended way for the future but it works for me quite well.

This leads to the following additional lines for the rc.conf


Configure sysctl.conf for Chrome and set the correct Audio device for me


Thats it. If I missed something just let me know.

Install FreeBSD 10.1 or FreeBSD 11 – CURRENT on Thinkpad T420

This post is about installing FreeBSD 10.1 RC2 or FreeBSD 11 – CURRENT on a Thinkpad T420 with Intel graphics. This is for testing only up to now!

Work around the BIOS/UEFI bug:

The T420 comes with an unpatched BIOS/UEFI bug which prevents to boot from a default GPT partitioned harddisk or USB flash drive. I am not 100% sure but it looks like a bug on all T420, T520 and W520 models so not only the T420.

The bug seems to look at the first partition and if this partition is not what it expects it does not recognize it and fails to boot.To boot from USB you need to use the UEFI images. Since the first partition on a UEFI boot media is an UEFI partition if I am correct this works around the problem.

If you want to read more about the details, ask your search engine for: “T420 gpt boot problem”. The internet is full of it and there are further information what you else can do to work around this bug. There are tutorials for other systems or how to create a custom partition layout that works, too.

I will show you a way to work with the installer here. This prevents you from installing on a ZFS root with GPT, since the UEFI boot loader code doesn’t support ZFS root volumes, yet. This will change in future but lets go with ZFS and a MBR for now.


Allan Jude has committed a fix to be included with 10.2 for the gpt command to apply a workaround for this problem. If you’re using the installer, it should detect if you have an effected model and should apply the patch. Let me know if you have problems with it or if this fixed the problem for you. Thanks to Allan to make this fix happen!

Hardware support for my model:

  • Intel Graphics o.k
  • Intel Wifi o.k
  • ACPI Brightness control o.k (with -CURRENT) / not o.k (with 10.1 RC2)
  • Power support o.k

Download the installation media

For FreeBSD 11 download image available here:

For FreeBSD 10.1 RC2 download the UEFI image available here (The not UEFI image will not boot on the T420!):

Prepare T420

Configure your BIOS/UEFI to boot both, UEFI and legacy boot with UEFI in first order.

Install FreeBSD minimal

Boot with default options:

Choose Install:


Select your keyboard layout. Please have in mind, if you encrypt your hard disk you have to know how you type your passphrase on the us keyboardlayout at boot time. Ping me if there is a way to change the keyboard layout at boot time.


Set the hostname for your machine.


Choose the components you want to have installed now.


Harddisk setup

Select ZFS while installation and change the gpt default option to mbr. If you need it choose encryption for your system and for the swap partition. You always should encrypt your hard disk on mobile devices. If you loose your laptop or it gets stolen at least your data is protected.




Because I have only one disk for FreeBSD in my T420 there is no redundancy and I choose stripe here.


Select the harddisk you want install to. Here this is a VBOX HaRDDISK because I did a replay to make the screenshots ūüėČ


This is the point of no return!


Choose a long and strong passphrase for your disk encryption!


Remember the long and strong passphrase the first time ūüėČ


Now the sytem will generate and initialize the filesystem with your encryption keys.


Now the installation process installs the selected components as usual.


Set a strong root password and add you user to the system.


Here select the services you want to have started at boot time. I use all of them here.


The rest is not really interesting. Exit the process and reboot the machine when done.


Install packages

Login in to your new system and install the first packages and make some modifications to the system.

pkg update
 pkg install xorg sudo tmux vim

Modify base configuration

Add the following lines to /etc/rc.conf


Hald and DBus are required to make X working correctly. The next two options are some power saving options which should improve your battery life. My T420 runs 4h+ with the standard battery and i3 as window manager. The last option enables the mid mouse button scrolling with the TrackPoint.

Add the following lines to /boot/loader.conf


The first options are related to the new vt. This will enable you to switch between X and your console again. Without this after starting X I was not able to switch back to console.

acpi_ibm and acpi_video enables some features like extra keys on the IBM/Lenovo notebooks. With FreeBSD 11 – CURRENT acpi_video enabled the brightness control. With the 10.1 RC2 it does not work up to now. I am not sure if this will be merged into 10.1 but stay tuned at least 11 will bring this to you.

The last three options are power tuning options again. Read more here:

Configure System for Xorg installation

X -configure
cp /root/ /etc/X11/xorg.conf

 Configure i3 to be your desktop environment

Install need packages or build it from ports:

pkg install i3 i3lock i3status dmenu
vi ~/.xinitrc

Install some useful software

Firefox is the quite well known browser, Thunderbird the email client and Hexchat is a XChat fork that works quite well.

pkg install firefox thunderbird hexchat

Set keyboard layout

Create the file: /usr/local/etc/hal/fdi/policy/x11-input.fdi

<?xml version="1.0" encoding="ISO-8859-1"?>
<deviceinfo version="0.2">
    <match key="info.capabilities" contains="input.keyboard">
      <merge key="input.x11_options.XkbModel" type="string">pc105</merge>
      <merge key="input.x11_options.XkbLayout" type="string">de</merge>

This does not work for KDM!

In KDM this didn’t work for me. To set the keyboard layout correct in KDM you need to add the following line to: /usr/local/share/config/kdm/Xsetup

setxkbmap -model pc105 -layout de

Of course you need to replace the de with the layout you prefer. The layout in KDE itself can be modified using the system settings configuration of you input device as mentioned in this post.

Update 1

In a previous version of this Blog post I mentioned to use slim as login manager. I ran into some bugs with it and tried to find the source code and project page to get them fixed, but it looks like the project is dead and not developed further. Please stop using it if you do and choose one of the many other options around (XDM, GDM, KDM, Entrance, LXDM, MDM, Qingy).

Update 2

I added the mouse scrolling configuration option the the /etc/rc.conf file to make the scrolling working with the TrackPoint or mid mouse button.

Some more details howto configure your nginx server with SSL

The guys from did a great job by putting together a tutorial with some more details on a proper Nginx configuration and a very good choice for SSL parameters. There where some parts I didn’t know neither and the tutorial is create as always.

If you want to configure a web server with SSL/TLS support and you’re not sure what parameters to set for SSL/TLS, watch their tutorial at the end of the episode and you will learn a lot.

Here the link to the video:

And here the link to the tutorial for nginx and SSL/TLS:

If you don’t know them yet, take you some time to browser trough their videos!

Beside this you can check your SSL/TLS configuration using the ssllabs test to improve your current settings or check frequently to not miss a newly found vulnerability:



Problem with booting pfSense from USB Stick

On an appliance I reinstalled with pfSense I was facing a problem booting the system from an usb stick.

The system was not able to mount the partition correctly because it wasn’t present at that time. For me this looks like a timing Problem. The system booted without a problem if I didn’t connect the USB stick directly. I used an USB-hub while installation and booting from that USB stick while it was connected through this hub worked like a charm.

My Problem was similar to this.

The fix was quite easy. I booted the system using the USB-hub and modified the loader.conf

I just had to add this at the end of the file:

and everything worked fine even if I connected the USB stick directly to the appliance.

Hope this helps you if you’re facing a similar problem.