OpenBSD

FullBGP at Home

did you always wanted to have a fullbgp table at home once ? Over your DSL / CM / LTE or whatever connection ? here a little howto :)

Setup VM

Install a VM with OpenBSD. Add 1 CPU, 1 GB RAM, 20 GB Disk, nothing special

Check our Upstream Provider

Check the Page from Lukasz and spend him a Beer if you ever meet him. He also mentioned my Post in his Slides (Thanks Lukas)

Serial Console & TTYs

assuming you have a apu2|apu3|apu4 from pcengines or a virtual machine running on KVM/Qemu. And you don’t have vga/dvi/hdmi whatever kind of video output. of course, you can install and run OpenBSD (or Linux) on this boxes.

Prepare USB Stick

write openbsdxx.img to an USB Stick. On MacOS, you can use Balena Etcher for example.

boot.conf

if you wanna install from an USB Stick, set the correct Port and Speed before booting.

Tunnel IPv4 over IPv6

let’s do the opposite. you have some ipv6 connectifity and need to transport ipv4

Host A (IPv6 only)

root@hosta ~# ifconfig vio0
vio0: flags=208843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,AUTOCONF6> mtu 1500
        lladdr 56:00:02:e7:9d:e5
        index 1 priority 0 llprio 3
        groups: egress
        media: Ethernet autoselect
        status: active
        inet6 fe80::5400:2ff:fee7:9de5%vio0 prefixlen 64 scopeid 0x1
        inet6 2a05:f480:1400:7b6:a9e0:6a15:217:cc5c prefixlen 64 autoconf pltime 604627 vltime 2591827
        inet6 2a05:f480:1400:7b6:446d:acb7:5fe4:450f prefixlen 64 autoconf autoconfprivacy pltime 86046 vltime 172537

root@hosta ~# i3
IPv4: !NETWORK
IPv6: 2a05:f480:1400:7b6:446d:acb7:5fe4:450f

Host B (Ipv6 only)

root@hostb ~# ifconfig vio0
vio0: flags=208843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,AUTOCONF6> mtu 1500
        lladdr 56:00:02:e7:9d:f4
        index 1 priority 0 llprio 3
        groups: egress
        media: Ethernet autoselect
        status: active
        inet6 fe80::5400:2ff:fee7:9df4%vio0 prefixlen 64 scopeid 0x1
        inet6 2001:19f0:6801:1e3b:7982:92b4:5c8d:edfb prefixlen 64 autoconf pltime 604403 vltime 2591603
        inet6 2001:19f0:6801:1e3b:e6f:24db:27f7:de37 prefixlen 64 autoconf autoconfprivacy pltime 85502 vltime 171928

root@hostb ~# i3
IPv4: !NETWORK
IPv6: 2001:19f0:6801:1e3b:e6f:24db:27f7:de37

Configure GIF Interfaces

Host A

ifconfig gif0 inet6 tunnel 2a05:f480:1400:7b6:a9e0:6a15:217:cc5c 2001:19f0:6801:1e3b:7982:92b4:5c8d:edfb
ifconfig gif0 inet alias 10.0.0.1 10.0.0.2

Host B

ifconfig gif0 inet6 tunnel 2001:19f0:6801:1e3b:7982:92b4:5c8d:edfb 2a05:f480:1400:7b6:a9e0:6a15:217:cc5c
ifconfig gif0 inet alias 10.0.0.2 10.0.0.1

or make them persistent

Tunnel IPv6 over IPv4

let’s assume you need ipv6 connectifity somewhere … You can use some Tunnelbrokers or your run OpenBSD on your Boxes and want todo it on your own. Here some hints.

Server with DualStack

you need a Maschine out in the Internet which is DualStacked

stoege@dualstack$ i3
IPv4: 11.22.33.44
IPv6: 2001:db8:100::100

Host with IPv4 only

stoege@ipv4 host ~# i3
IPv4: 55.66.77.88
IPv6: !NETWORK

and you want to bring IPv4 to the second host

Configure GIF Interfaces

Server

cat << 'EOF' > /etc/hostname.gif0
# IPv4 Tunnel to Host
tunnel 11.22.33.44 55.66.77.88
inet6 alias 2001:db8::1 128
dest 2001:db8:::2
EOF

sh /etc/netstart gif0

IPv4 Host

cat << 'EOF' > /etc/hostname.gif0
# IPv4 Tunnel to Dualstack
tunnel 55.66.77.88 11.22.33.44
inet6 alias 2001:db8::2 128
dest 2001:db8:::1
!route -n add -inet6 default 2001:db8:::1
EOF

sh /etc/netstart gif0

Enable IPv4 and IPv6 Forwarding

you know, the sysctl stuff and so ..

Wireguard on (current | 6.8 and higher )

Wireguard on OpenBSD

OpenBSD added wg to the Kernel a while ago … why not have a look into and do some speedtests … ?

Setup

CLIENT1 — WireGuard — CLIENT2

and running tcpbench between Client1 and Client2

Fireup VMs

Stage 3 VM’s on my litte Proxmox Server (Intel NUC)

host nic ip wg nic ip
Client1 em0 192.168.108.7 wg0 10.0.0.1
WireGuard em0 192.168.108.8 wg0 10.0.0.2
Client2 em0 192.168.108.0 wg0 10.0.0.3

wg_overlay: 10.0.0.0/24

OpenBSD & PHP Stuff 7.4

Install NGINX & PHP

pkg_add nginx php--%7.4
rcctl enable nginx php74_fpm

Edit php.ini

sed -i s'/date.timezone = UTC.*/date.timezone = Europe\/Zurich/'  /etc/php-7.4.ini
sed -i s'/short_open_tag = Off.*/short_open_tag = On/'  /etc/php-7.4.ini

Stop 7.3 & Start 7.4

rcctl stop php73_fpm
rcctl restart nginx php74_fpm

Uninstall PHP 7.3

pkg_del php--%7.3
pkg_del -a

Any Comments ?

sha256: 850d0140d76843ff867fcf764ff3313d19cf8d967c611e180b6a264e7bc274c4

Gitolite

You wanna host your own Git Repositories ? Have a look at Gitolite. It does all for you :)

Install GitoLite

pkg_add gitolite

Add git user

root@gitserver ~# adduser -silent
Enter username []: git
Enter full name []: git repo user
Enter shell bash csh git-shell ksh nologin sh [ksh]:
Uid [1001]:
Login group git [git]:
Login group is ``git''. Invite git into other groups: guest no
[no]:
Login class authpf bgpd daemon default pbuild staff unbound
[default]:
Enter password []:
Disable password logins for the user? (y/n) [n]: y

Name:        git
Password:    ****
Fullname:    git repo user
Uid:         1001
Gid:         1001 (git)
Groups:      git
Login Class: default
HOME:        /home/git
Shell:       /bin/ksh
OK? (y/n) [y]: y
Added user ``git''
Add another user? (y/n) [y]: n

Basic Setup

Setup Repo, add your key

Git

Some Git Commands

Customizing Git

Switch from “Master” to Main globally

git config --global init.defaultBranch main

Merge two Repos “merge unrelated histories”

git pull origin master --allow-unrelated-histories
git push
git pull

add local Folder and Push to Upstream

echo "# test" >> README.md
git init
git config init.defaultBranch main
git add README.md
git commit -m "first commit"
git branch -M main
git remote add origin [email protected]:stoege/test.git
git push -u origin main

Find deleted file, sort uniq

git log --all --pretty=format: --name-only --diff-filter=D | sort -u
bla
bla.yml
doit.sh
files.conf.j2
...

Find deleted File

git log --diff-filter=D --summary

commit abcecadce91af3814662fa6a04d0f12e361f0574
Date:   Sun May 31 23:19:59 2020 +0200

    update

 delete mode 100644 master/sed.tcpdump

commit 81ae58d70c27d02eb2f65beed4fe0b571073f087
Date:   Fri May 29 16:06:14 2020 +0200

    update

Restore deleted File

git checkout 81ae58d70c27d02eb2f65beed4fe0b571073f087 sed.tcpdump

Remove Sensitive Data

git filter-branch --force --index-filter \
'git rm --cached --ignore-unmatch .geheimesfile' \
--prune-empty --tag-name-filter cat -- --all

git push origin --force --all

git push origin --force --tags

Remove last Commit

will remove the last Commit from your current branch

OpenBSD 6.7

OpenBSD 6.7 appeared today

OpenBSD has two new releases every year. historically, on 1. Mai and 1. November. With a few small execptions in the past Check Wikipedia

so, then latest OS appeared today: OpenBSD 6.7

Perform a Full Upgrade (incl. X Stuff)

sysupgrade -r

Run the Script (on your own risk !)

doas su -
mkdir /root/bin
ftp -o /root/bin/upgrade_to_67.sh https://blog.stoege.net/scripts/upgrade_to_67.sh
chmod 740 /root/bin/upgrade_to_67.sh
# /root/bin/upgrade_to_67.sh

or use some custom Script (just Xbase and not other X Stuff)

doas su -
mkdir /root/bin

cat <<'EOF' > /root/bin/upgrade_to_67.sh
#!/bin/sh

prepare () {

  echo "let's upgrade to 6.7 ..."

  userdel named
  groupdel named
  rm -rf /var/named  # backup the data if still needed

  rm -rf /usr/libdata/perl5/*/Storable \
    /usr/libdata/perl5/*/arybase.pm \
    /usr/libdata/perl5/*/auto/arybase \
    /usr/libdata/perl5/B/Debug.pm \
    /usr/libdata/perl5/Locale/{Codes,Country,Currency,Language,Script}* \
    /usr/libdata/perl5/Math/BigInt/CalcEmu.pm \
    /usr/libdata/perl5/unicore/To/_PerlWB.pl \
    /usr/libdata/perl5/unicore/lib/GCB/EB.pl \
    /usr/libdata/perl5/unicore/lib/GCB/GAZ.pl \
    /usr/share/man/man3p/B::Debug.3p \
    /usr/share/man/man3p/Locale::{Codes*,Country,Currency,Language,Script}.3p \
    /usr/share/man/man3p/Math::BigInt::CalcEmu.3p \
    /usr/share/man/man3p/arybase.3p

  rm -f /usr/sbin/{dig,host,nslookup}

}

download() {

  local _response=$(sysupgrade -n)

  if [[ $_response == *reboot ]]; then
    echo "\nInstalled! Let's reboot ...\n"
    rm /home/_sysupgrade/{comp,xf,xs}*
  else
    echo "Nothing todo ..."
  fi

}

install() {
  reboot
}

postwork() {

  echo "let's do some postwork after upgrade to 6.7 ..."

  cd /dev
  ./MAKEDEV all

  _boot=$(mount |awk -F'[/ ]' '/ on \/ / {print $3}')
  installboot ${_boot%?}

  sysmerge

  fw_update

  syspatch

  pkg_add -Vu

}

# Main
local _ver=$(uname -r)

if [ "$_ver" == "6.6" ]; then

  prepare
  download
  install

elif [ "$_ver" == "6.7" ]; then

  postwork

fi

exit 0
EOF

chmod 740 /root/bin/upgrade_to_67.sh
# /root/bin/upgrade_to_67.sh

Checks

you should do a few checks afterwards:

OpenBSD Add Storage

you’ve got a maschine and you’re running out of disk space. attach a new disk like this:

# fdisk -i sd1  Note: Substitue sd1 for your disk. ...
# disklabel -E sd1
> p m
> a a
> quit
# newfs sd1a
# mkdir /data
# mount /dev/sd1a /data/

and make permament in /etc/fstab

Any Comments ?

sha256: 56abce0047522e2a79b987cb878a8ef2a8e27ae9aa9e6e2266d58d8afd254793