DS Router with openBSD 7.0 – Henschel.Network

Motivation

RFC1925 (12)
An operating system, that has network close capabilities and delivers most packets by default
easy to configure
easy to maintain
~~improve network speed~~ secure
reduce complexity

Installation

PXE Boot with console

if you don’t have a VGA/DVI/DP/HDMI output, then you probably need console access via COM0 or similar. In my case I’ve used a APU from pc engines for a test router.

Download the following files from a mirror:

bsd.rd
pxeboot

Create a folder “etc” and a file “boot.conf” into the folder with the following content:

stty com0 115200
set tty com0
boot tftp:/bsd.rd

I’ve added the following configuration to my existing ISC-DHCP-Server config file:

allow booting;
allow bootp;
host testrouter {
	hardware ethernet 06:66:de:ad:be:ef;
	filename "pxeboot";
	next-server 10.66.66.66;
}

I know now that it is also possible to press tab when you use the ISO image and put the content from the “boot.conf” file into, at least the first two lines. It might be easier for most of you. 😉

Interfaces

on my “egress” interface I have configured the following in /etc/hostname.re0

autoconf
inet6 autoconf -temporary eui64

then my internal (w)LAN interfaces:

inet 10.66.66.1 255.255.255.0
inet6 fe80::1/64
up

I think it’s nicer having a default gateway address of fe80::1 instead of fe80::0200:00ff:fe00:b0b0 (e.g.)

more information can be found here.

DHCPv6 PD (prefix delegation) with dhcpcd

in my config file /etc/dhcpcd.conf, the following content configures the egress interface and also my (w)LAN interfaces:

ipv6only
noipv6rs
waitip 6
duid
persistent

interface re0
	ipv6rs
	ia_na 1
	ia_pd 0 re1/1 re2/2 athn0/3 vlan301/10

more information can be found here.

Router Advertisements

I’ve created a config file “/etc/rad.conf”:

dns {
	nameserver 2606:4700:4700::1111
	nameserver 2606:4700:4700::1001
}

interface re1
interface re2
interface athn0
interface vlan661
interface vlan662

more information can be found here.

Firewalling with pf

I’m not really familiar with that firewall, I just put some links here:

example (v4)
extension based on example (+v6)
getting started – useful commands
firewall generator and also useful commands

Conclusion

I’ve not yet tested openBSD in production, just in my lab environment. ~~As soon as I got experience in my prod environment, I’ll keep this thread updated.~~

I’ll not test it in prod environment because of no increased speed vs. linux (ubuntu).