Actions

History

OpenBSD IPv6-only router¶

Physical Setup (see attachment)¶

Outside
Window: ----------
Inside: apu-obsd2 | apu-obsd1 | Netgear
          (Links) | (Rechts)  | switch

Ethernet ports (emX)

 ________
|        |
|  APU   |
|        |
  |  |  |
  0  1  2

Network layout¶

apu-obsd2 (Links)¶

* em0: uplink
  gateway:  2a0a:e5c0:1:7::7/64
  transfer: 2a0a:e5c0:1:7::23/64
  net:      2a0a:e5c0:111::1/48
* em1: Netz1
  net:      2a0a:e5c0:111:1::1/64
* em2: Netz2
  net:      2a0a:e5c0:111:2::1/64

apu-obsd1 (Rechts)¶

* em0: uplink
  gateway:  2a0a:e5c0:1:7::7/64
  transfer: 2a0a:e5c0:1:7::22/64
  net:      2a0a:e5c0:110::1/48
* em1: Netz1
  net:      2a0a:e5c0:110:1::1/64
* em2: Netz2
  net:      2a0a:e5c0:110:2::1/64

Firewall¶

Forwarding all ipv6 traffic
Accepting only icmp6 + ssh to self
Not filtering packages to other machines in the network

Setup¶

1. Install OpenBSD
1.0. Flash USB (dd, whatever)
1.1. Boot from USB
1.2. Setup serial installation

boot> stty com0 115200
boot> set tty com0
boot> *enter*

1.3. Follow friendly instructions from awesome shell code
1.4. Reboot into OpenBSD

2. Setup gateway:

> echo $Gateway_IPv6 > /etc/mygate

3. Setup each network interface:

> man hostname.if
> # Hint: write ifconfig to /etc/hostname.$INTERFACE
> man ifconfig

4. Setup route advertisement

> man rad
> man rad.conf
> # Enable rad
> rcctl enable rad
> vi /etc/rad.conf
> # Start rad
> rcctl start rad

5. Setup firewall

> man pf
> man pf.conf
> # Care: don't get fancy with the ipv6 handling
> vi /etc/pf.conf
> # Load pf config
> pfctl -f /etc/pf.conf

6. Add SSH keys to authorized_keys as usual
Currently [*]: evilham + roli + nico have access to root user.
[*]: 18.10 Saturday of H4G_SE2019 [working short-title]

Put routers on the net of netz via fiber¶

Test a MikroTic router
h3. Fail at its clicky click interface¶

Test a Ubiquiti Edge Router
h3. Fail at its clicky click interface¶

Test the Netgear switch that doesn't try to be smart
h3. Succeed after 2 minutes
h3. Setup cables and devices in a neat fashion¶

Further¶

Ask roli for access if needed
Wakeup evilham if state of things is blocking
Before that, ask $InsertAwesomeBSDPersonHere for help with pf if needed (e.g. for separation of the networks).

Files (1)

Updated by Evil Ham over 5 years ago · 2 revisions

Project

General

Profile

hack4glarus » hack4glarus-2019-summer

Wiki

OpenBSD IPv6-only router¶

Physical Setup (see attachment)¶

Ethernet ports (emX)
________ | | | APU | | | | | | 0 1 2

Network layout¶

apu-obsd2 (Links)¶

apu-obsd1 (Rechts)¶

Firewall¶

Setup¶

Put routers on the net of netz via fiber¶

Test a MikroTic router
h3. Fail at its clicky click interface¶

Test a Ubiquiti Edge Router
h3. Fail at its clicky click interface¶

Test the Netgear switch that doesn't try to be smart
h3. Succeed after 2 minutes
h3. Setup cables and devices in a neat fashion¶

Further¶

Project

General

Profile

hack4glarus » hack4glarus-2019-summer

Wiki

OpenBSD IPv6-only router¶

Physical Setup (see attachment)¶

Ethernet ports (emX) ________ | | | APU | | | | | | 0 1 2

Network layout¶

apu-obsd2 (Links)¶

apu-obsd1 (Rechts)¶

Firewall¶

Setup¶

Put routers on the net of netz via fiber¶

Test a MikroTic routerh3. Fail at its clicky click interface¶

Test a Ubiquiti Edge Routerh3. Fail at its clicky click interface¶

Test the Netgear switch that doesn't try to be smarth3. Succeed after 2 minutesh3. Setup cables and devices in a neat fashion¶

Further¶

Ethernet ports (emX)
________ | | | APU | | | | | | 0 1 2

Test a MikroTic router
h3. Fail at its clicky click interface¶

Test a Ubiquiti Edge Router
h3. Fail at its clicky click interface¶

Test the Netgear switch that doesn't try to be smart
h3. Succeed after 2 minutes
h3. Setup cables and devices in a neat fashion¶