ffdo
/
wiki


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155
							# Installation
- <https://www.tumfatig.net/20200530/openbsd-6-7-on-pc-engines-apu4d4/>
- <https://hofmeyr.de/OpenBSD%20on%20APU4/>

# Allgemein


# Interfaces
/etc/hostname.em0
    
    rdomain 1
    inet 192.168.2.50 255.255.255.0      # Die statische IP-Adresse im eigenen lokalen Netz
    inet6 autoconf

/etc/hostname.lo2

    inet 193.43.220.131 255.255.255.255  # Die Public-IP der APU

/etc/hostname.tap1

    inet 192.168.38.1 255.255.255.0      # Die statische IP-Adresse im tap1-Netz (lan)

/etc/hostname.tap2

    inet 193.43.220.163 255.255.255.224  # Die statische IP-Adresse im tap2-Netz (wan)

# Tinc

    etc/tinc/
    |-- lan
    |   |-- hosts
    |   |   |-- apu
    |   |   `-- laptop
    |   |-- rsa_key.priv
    |   `-- tinc.conf
    `-- wan
        |-- hosts
        |   |-- city
        |   |-- hoerde
        |   `-- nordstadt
        |-- rsa_key.priv
        `-- tinc.conf

/etc/tinc/wan/tinc.conf

    Name = city
    Device = /dev/tap2
    Mode = switch
    AddressFamily = ipv4
    BindToAddress = 192.168.2.50
    Port = 656
    ConnectTo = nordstadt
    ConnectTo = hoerde

Damit beide tinc Instanzen parallel laufen können musste das dazugehörige rc-Skript angepasst werden. 

z.B.: /etc/rc.d/tincd_wan

    #!/bin/ksh

    daemon="/usr/local/sbin/tincd"
    daemon_flags="-U _tinc --chroot --net=wan"
    daemon_rtable="1"

    . /etc/rc.d/rc.subr

    rc_stop() {
            /usr/local/sbin/tincd -k --net=wan
    }

    rc_cmd $1

Analog dazu auch /etc/rc.d/tincd_lan anlegen und beide enablen.

    rcctl enable tincd_wan
    rcctl enable tincd_lan

# Bird

/etc/bird.conf

    router id 193.43.220.131;

    define AS35675_all = [
            193.43.220.0/23
            ];

    define AS35675_any = [
            193.43.220.0/23+
            ];

    protocol device device0 {
            scan time 10;
    }


    /* wg. BSD: */
    protocol direct direct0 {
            ipv4;
    }

    protocol kernel kernel0 {
            learn on;
            scan time 120;
            ipv4 {
                    import all;
                    export where source != RTS_DEVICE;
            };
    }


    ipv4 table fib1table;

    protocol kernel kernel1 {
            kernel table 1;
            learn on;
            scan time 120;
            ipv4 {
                    table fib1table;
                    import all;
                    export where source != RTS_DEVICE;
            };
    }

    protocol static static1 {
            ipv4 {
                    table fib1table;
            };
            route 0.0.0.0/0 via 192.168.2.2;
    }

    protocol ospf ospfwan {
            ipv4 {
                    import all;
                    export where net ~ AS35675_any;
            };
            area 0.0.0.0 {
                    stubnet 193.43.220.131/32 { cost 1; };
                    interface "tap2" {
                            type broadcast;
                            cost 100;
                    };
            };
    }

Den bird enablen.

    rcctl enable bird

# Sonstiges

/etc/sysctl.conf

    net.inet.ip.forwarding=1