= OpenBSD Router Jordan Williams [email protected] :experimental: :icons: font ifdef::env-github[] :tip-caption: 💡 :note-caption: ℹ️ :important-caption: ❗ :caution-caption: 🔥 :warning-caption: ⚠️ endif::[] :dhcpd: https://man.openbsd.org/dhcpd[dhcpd] :dhcpcd: https://roy.marples.name/projects/dhcpcd[dhcpcd] :mrouted: https://man.openbsd.org/mrouted[mrouted] :OpenBSD: https://www.openbsd.org/[OpenBSD] :PF: https://www.openbsd.org/faq/pf/index.html[PF] :Protectli: https://protectli.com[Protectli] :rad: https://man.openbsd.org/rad[rad] :snmpd: https://man.openbsd.org/snmpd[snmpd] :sshd: https://man.openbsd.org/sshd[sshd] :Unbound: https://nlnetlabs.nl/projects/unbound/about/[Unbound]
The configuration for my {OpenBSD} home router. I use a {Protectli} vault, which I highly recommend.
// https://sha256.net/dhcpv6-pd-first-steps.html
// todo Provide additional static, local IPv6 addresses through DHCPv6 on my local network.
// Then provide IPv6 addresses for the DNS servers on the router.
// This will require using ISC's kea, kea package, instead of the local dhcp server.
// todo NTP
.Features
- Firewall
- DHCP
- IPv6
- Multicast
- VLAN
- DNS caching
- DNS over TLS
- Remote access via SSH
- Support for Matter IoT devices
- Monitoring via SNMP
.Services
- {dhcpd}
- {dhcpcd}
- {mrouted}
- {PF}
- {rad}
- {snmpd}
- {sshd}
- {Unbound}
== Overview
todo Describe VLAN configuration and how everything ties together.
todo Discuss issues preferring IPv6 over IPv4.
== Usage
. Install OpenBSD. The process is documented in the https://www.openbsd.org/faq/faq4.html[OpenBSD FAQ - Installation Guide] No graphical utilities are needed.
. Install the necessary packages.
+
[,sh]
doas pkg_add dhcpcd fish git tailscale tmux vim
. Clone the repository.
+
[,sh]
git clone https://github.com/jwillikers/openbsd-router
. Change to the project's directory.
+
[,sh]
cd openbsd-router
. Install or symlink everything. Someday, Id like to create a better way to automate this. And care really needs to be taken when modifying the doas configuration. I should add special instructions for that as well.
. Add the authentication and encryption passphrases for the SNMPv3 user in the /etc/snmpd.users.conf file.
+
./etc/etc/snmpd.users.conf
[source]
user "monitor" auth hmac-sha256 authkey "" enc aes enckey ""
. Set ownership on the snmpd configuration files.
+
[,sh]
doas chown root:_snmpd /etc/snmpd.conf /etc/snmpd.users.conf
. Set permissions on the snmpd configuration files.
+
[,sh]
doas chmod u=w,g=r,o= /etc/snmpd.conf /etc/snmpd.users.conf
. Reboot to finish the installation.
== Verify Configuration Files
snmpd:: doas snmpd -n
== Code of Conduct
The project's Code of Conduct is available in the link:CODE_OF_CONDUCT.adoc[] file.
== License
This project is licensed under the https://creativecommons.org/licenses/by-sa/4.0/legalcode[Creative Commons Attribution-ShareAlike 4.0 International License].
© 2023-2024 Jordan Williams
== Authors
mailto:{email}[{author}]