Installation

• https://www.tumfatig.net/20200530/openbsd-6-7-on-pc-engines-apu4d4/
• https://hofmeyr.de/OpenBSD%20on%20APU4/

Allgemein

Interfaces

/etc/hostname.em0

rdomain 1
inet 192.168.2.50 255.255.255.0      # Die statische IP-Adresse im eigenen lokalen Netz
inet6 autoconf

/etc/hostname.lo2

inet 193.43.220.131 255.255.255.255  # Die Public-IP der APU

/etc/hostname.tap1

inet 192.168.38.1 255.255.255.0      # Die statische IP-Adresse im tap1-Netz (lan)

/etc/hostname.tap2

inet 193.43.220.163 255.255.255.224  # Die statische IP-Adresse im tap2-Netz (wan)

Tinc

etc/tinc/
|-- lan
|   |-- hosts
|   |   |-- apu
|   |   `-- laptop
|   |-- rsa_key.priv
|   `-- tinc.conf
`-- wan
    |-- hosts
    |   |-- city
    |   |-- hoerde
    |   `-- nordstadt
    |-- rsa_key.priv
    `-- tinc.conf

/etc/tinc/wan/tinc.conf

Name = city
Device = /dev/tap2
Mode = switch
AddressFamily = ipv4
BindToAddress = 192.168.2.50
Port = 656
ConnectTo = nordstadt
ConnectTo = hoerde

Damit beide tinc Instanzen parallel laufen können musste das dazugehörige rc-Skript angepasst werden.

z.B.: /etc/rc.d/tincd_wan

#!/bin/ksh

daemon="/usr/local/sbin/tincd"
daemon_flags="-U _tinc --chroot --net=wan"
daemon_rtable="1"

. /etc/rc.d/rc.subr

rc_stop() {
        /usr/local/sbin/tincd -k --net=wan
}

rc_cmd $1

Analog dazu auch /etc/rc.d/tincd_lan anlegen und beide enablen.

rcctl enable tincd_wan
rcctl enable tincd_lan

Bird

/etc/bird.conf

router id 193.43.220.131;

define AS35675_all = [
        193.43.220.0/23
        ];

define AS35675_any = [
        193.43.220.0/23+
        ];

protocol device device0 {
        scan time 10;
}


/* wg. BSD: */
protocol direct direct0 {
        ipv4;
}

protocol kernel kernel0 {
        learn on;
        scan time 120;
        ipv4 {
                import all;
                export where source != RTS_DEVICE;
        };
}


ipv4 table fib1table;

protocol kernel kernel1 {
        kernel table 1;
        learn on;
        scan time 120;
        ipv4 {
                table fib1table;
                import all;
                export where source != RTS_DEVICE;
        };
}

protocol static static1 {
        ipv4 {
                table fib1table;
        };
        route 0.0.0.0/0 via 192.168.2.2;
}

protocol ospf ospfwan {
        ipv4 {
                import all;
                export where net ~ AS35675_any;
        };
        area 0.0.0.0 {
                stubnet 193.43.220.131/32 { cost 1; };
                interface "tap2" {
                        type broadcast;
                        cost 100;
                };
        };
}

Den bird enablen.

rcctl enable bird

Sonstiges

/etc/sysctl.conf

net.inet.ip.forwarding=1