Extended Brain Storage

OpenBSD: Router

Installing, running and managing an own router is interesting and it is fun. It is not a complicated task at all. This is yet another tutorial of how to deal with it in the realm of OpenBSD...

Introduction

There are various devices and platforms OpenBSD can run on. The following tutorial was successfully tested using APU2 from PC Engines.

The APU2 device is a fan-less device that comes with either 2 or 3 gigabit interfaces and either 2 or 4 GB of DDR3-1333 DRAM. The list of the minimal configuration hardware components is as follows:

ComponentLink
APU.2C4 system boardapu2c4
Enclosure (3LAN)case1d2blku
AC adapter 12V 2A euro plugac12veur2
SSD M-Sata 16GB MLC, Phison S9 controllermsata16d

Since the device is equipped with 2 miniPCI express (one with SIM socket for 3G modem), one can be used for a WiFi interface Compex WLE200NX or WLE600VX (tested with WLE200NX only and the athn firmware). Unfortunately, the performance of the OpenBSD's drivers is not without flaws, but it works. The list of minimal WiFi components is as follows:

ComponentLink
Compex WLE200NX 802.11a/b/g/n miniPCI cardwle200nx
2x Pigtail cable I-PEX -> reverse SMApigsma
2x Antenna reverse SMA dual bandantsmadb

In order to communicate with the APU2 device, a serial interface (RS-232) needs to be available, as it lacks a graphics hardware. Not many computers are equipped with the Canon DB9 connector anymore. Luckily, a USB to RS-232 converter can be used for that purpose as well. Since the APU2 and the converter provide male connectors, a null modem cable/adapter needs to be used to connect them together.

ComponentLink
USB to RS-232 (DM9-M) converterany compatible with the operating system used
Null modem (DB9-F to DB9-F) cable/adapterany

Installation Prerequisites

The installation media can be downloaded from any of the provided mirrors. It is important to download the .fs file, e.g. ${MIRROR}/pub/OpenBSD/${VERSION}/amd64/install${VERSION}.fs. The USB disk can be created using the dd command (WILL DELETE DATA!):

$ dd if=install${VERSION}.fs of=/dev/${USBDISK} bs=4M

Note: The dd command can utilise the status=progress oflag=sync options to show the progress and make sure data is synced.

Having the drivers of USB to RS-232 convertor installed, a terminal emulation program can be used (depends on the operating system used), e.g. Putty, minicom, screen etc. The latter two do not behave well with HiDPI displays, but putty can be set up to use bigger fonts.

The serial console of APU2 works at 115200 baud rate, 8N1 (8 data bits, no parity, 1 stop bit). The OpenBSD installation media (its kernel to be more precise) is configured to direct its output to the graphic card, which is not present in APU2. Therefore, it is necessary to tell the OpenBSD installation media kernel to use the serial console after the device starts using the following commands:

stty pc0 115200
stty com0 115200
set tty com0

So, in a nutshell, the prompt and commands look as follows:

...
disk: hd0+ hd1+ sr0*
>> OpenBSD/amd64 BOOT 3.31
boot> stty pc0 115200
boot> stty com0 115200
boot> set tty com0
switching console to com0
>> OpenBSD/amd64 BOOT 3.31
boot> <ENTER>

Note: The console output setup will be saved if the OpenBSD is successfully installed in the /etc/boot.conf file. However, the three aforementioned commands need to be used every time an update (or new installation) is due. Actually, the stty pc0 115200 may not be necessary.


Installation of Plain OpenBSD

This process is fully covered in OpenBSD: Full Disk Encryption. The disk encryption (esp. on a server) has its pros & cons and it is up to everyone to decide for themselves.

Some post installation steps including several tips and tricks can be found in OpenBSD: Post Installation Steps.

The packet filtering topic is covered in OpenBSD: Packet Filtering.

Finally, the Domain Name System (DNS) resolver setup including DNSSEC and DNSCRYPT options is discussed in OpenBSD: Validating and Caching DNS Resolver.

Tags: #OpenBSD #security #privacy #router #APU #PC Engines

⏴ Previous Post Next Post ⏵