projects / website_subgeniuskitty.com / blame
? search:
summary | tags | clone url | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Importing some older note files.
[website_subgeniuskitty.com] / data / notes / openbsd_router / index.md
CommitLineData
0fb93fcc
AT		 1# OpenBSD Router #
2
3These notes describe the creation of an OpenBSD router with firewall, NAT,
4DHCP, caching DNS, and AutoSSH tunnel.
5
6The four ports of the router are connected to four subnets:
7
8 em0 - 192.168.0.3/24 - internet connection
9 em1 - 192.168.1.1/24 - personal subnet
10 em2 - 192.168.2.1/24 - vintage computing subnet
11 em3 - 192.168.3.1/24 - guest subnet
12
13# Hardware #
14
15This router is based on a PC Engines [APU4](https://pcengines.ch/apu4c4.htm)
16with a 1 GHz, quad-core AMD GX-412TC CPU, 4 GB RAM and quad Intel i211AT NICs.
17
18The two photos below are shamelessly stolen from the PC Engines website since
19I forgot to take photos before installing the PCB in the case.
20
21%%BEGIN_GALLERY%%
22openbsd_router/apu4b4_front.jpg|Front
23openbsd_router/apu4b4_rear.jpg|Rear
24%%END_GALLERY%%
25
26Total costs for the project in 2019 were:
27
28| Price | Part Num. | Description |
29| :------ | :---------- | :-------------- |
30| $117.50 | apu4c4 | PC Engines APU4 |
31| $9.40 | case1d4redu | Enclosure |
32| $4.10 | ac12vus2 | AC Adapter |
33| $12.80 | msata16h | 16 GB mSATA SSD |
34| $16.20 | NA | Shipping |
35
36The CPU requires a thermal connection to the case. Although everything
37necessary is included with the order, the thermal pad should be replaced any
38time the PCB is removed from the case. Suitable replacements should be 0.5mm
39thick and have a thermal conductivity of 6 W/mK or better.
40
41# OpenBSD Installation #
42
43Download `installXX.fs` from <https://openbsd.org> and `dd` to a USB flash drive.
44These notes are for `amd64/install65.fs` downloaded on 20190918.
45
46Connect a serial terminal configured for `115200 8N1` to the APU4. At the
47appropriate prompt, press `F10` and boot from the USB drive. Upon reaching the
48`boot>` prompt, we must tell the installer to use the serial port for the
49console.
50
51 boot> stty com0 115200
52 boot> set tty com0
53
54After this, proceed to install OpenBSD as on any other x64 server. A complete
55installation log through first boot is included at the bottom of these notes.
56
57After installation is complete, the date may be incorrect, prompting errors
58during package installation.
59
60 # pkg_add -v nmap
61 ftp: SSL write error: certificate verification failed: certificate is not yet valid
62
63If the clock is too far out of sync, manual intervention may be required.
64
65 # rcctl stop ntpd
66 # ntpd -d -s
67 # date
68 <confirm>
69 # rcctl enable ntpd
70 # rcctl start ntpd
71
72Setup all network interfaces and enable IP forwarding since this is a router.
73
74 # echo 'net.inet.ip.forwarding=1' >> /etc/sysctl.conf
75 # echo 'inet 192.168.1.1 255.255.255.0' > /etc/hostname.em1
76 # echo 'inet 192.168.2.1 255.255.255.0' > /etc/hostname.em2
77 # echo 'inet 192.168.3.1 255.255.255.0' > /etc/hostname.em3
78
79Edit `/etc/ssh/sshd_config` and configure `sshd` to listen only on the private
80network interface.
81
82 ListenAddress 192.168.1.1
83
84Disable a few services that aren't necessary in this application by adding
85these lines to `/etc/rc.conf.local`.
86
87 sndiod_flags=NO
88 slaacd_flags=NO
89 smtpd_flags=NO
90
91# DHCP Server #
92
93A simple DHCP configuration for each subnet.
94
95 # rcctl enable dhcpd
96 # rcctl set dhcpd flags em1 em2 em3
97 # ed /etc/dhcpd.conf
98 a
99 subnet 192.168.1.0 netmask 255.255.255.0 {
100 option routers 192.168.1.1;
101 option domain-name-servers 192.168.1.1;
102 range 192.168.1.100 192.168.1.200;
103 }
104 subnet 192.168.2.0 netmask 255.255.255.0 {
105 option routers 192.168.2.1;
106 option domain-name-servers 192.168.2.1;
107 range 192.168.2.100 192.168.2.200;
108 }
109 subnet 192.168.3.0 netmask 255.255.255.0 {
110 option routers 192.168.3.1;
111 option domain-name-servers 192.168.3.1;
112 range 192.168.3.100 192.168.3.200;
113 }
114 w
115 453
116 q
117 # rcctl restart dhcpd
118 dhcpd(ok)
119
120# Firewall #
121
122The firewall configuration is located at `/etc/pf.conf` and can be reloaded
123with `pfctl` (see below). While the configuration itself is commented, the
124general idea is that `em0` is the public connection to the internet, `em1`,
125`em2`, and `em3` are private networks accessing the internet through NAT.
126Additionally, although hosts on `em1` should be able to reach anything, hosts
127on `em2` or `em3` should only be able to reach the internet.
128
129 # Subgeniuskitty Firewall Config
130 # Last updated on 20190918
131
132 # Interfaces:
133 # em0: Internet connection
134 # em1: Personal network
135 # em2: Vintage computing network
136 # em3: Guest network
137
138 # Non-routable IPv4 addresses (per RFC 5735 section 4).
139 table <martians> { 0.0.0.0/8 10.0.0.0/8 127.0.0.0/8 169.254.0.0/16 \
140 172.16.0.0/12 192.0.0.0/24 192.0.2.0/24 224.0.0.0/4 \
141 192.168.0.0/16 198.18.0.0/15 198.51.100.0/24 \
142 203.0.113.0/24 }
143
144 # Drop instead of returning a TCP RST.
145 set block-policy drop
146
147 # Log statistics for internet interface.
148 set loginterface egress
149
150 # No processing on any loopback packets.
151 set skip on lo0
152
153 # Normalize and defragment
154 match in all scrub (no-df random-id max-mss 1440)
155
156 # NAT for the LAN
157 match out on egress inet from !(egress:network) to any nat-to (egress:0)
158
159 # Spoofers and Martians
160 antispoof quick for { egress em1 em2 em3 }
161 block in quick on egress from <martians> to any
162 block return out quick on egress from any to <martians>
163
164 # Policy: deny by default.
165 block all
166
167 # Allow outbound IPv4 traffic.
168 pass out quick inet
169
170 # Allow em1 to reach any port
171 pass in quick from em1:network to any
172
173 # Only allow em2 to reach the internet, not other internal networks.
174 block in quick from em2:network to em0:network
175 block in quick from em2:network to em1:network
176 block in quick from em2:network to em3:network
177 pass in quick from em2:network to any
178
179 # Only allow em3 to reach the internet, not other internal networks.
180 block in quick from em3:network to em0:network
181 block in quick from em3:network to em1:network
182 block in quick from em3:network to em2:network
183 pass in quick from em3:network to any
184
185A few simple `pfctl` commands:
186
187 # pfctl -f /etc/pf.conf Load the pf.conf file
188 # pfctl -nf /etc/pf.conf Parse the pf.conf file, but don't load it
189 # pfctl -sr Show the current ruleset
190 # pfctl -ss Show the current state table
191 # pfctl -si Show filter stats and counters
192 # pfctl -sa Show everything
193
194# DNS Cache #
195
196The sample configuration below should be located at `/var/unbound/etc/unbound.conf`.
197
198 # Subgeniuskitty DNS Cache Config
199 # Last updated on 20190918
200
201 server:
202 interface: 127.0.0.1
203 interface: 192.168.1.1
204 interface: 192.168.2.1
205 interface: 192.168.3.1
206 access-control: 127.0.0.0/8 allow
207 access-control: 192.168.1.0/24 allow
208 access-control: 192.168.2.0/24 allow
209 access-control: 192.168.3.0/24 allow
210 do-not-query-localhost: no
211 hide-identity: yes
212 hide-version: yes
213 forward-zone:
214 name: "." # use for ALL queries
215 forward-addr: 8.8.8.8 # Google's public DNS server
216
217After the configuration is ready, enable the daemon.
218
219 # rcctl enable unbound
220
221Unbound can also serve DNS entries directly.
222
223 # Serve zones authoritatively from Unbound to resolver clients.
224 # Not for external service.
225 #
226 #local-zone: "local." static
227 #local-data: "mycomputer.local. IN A 192.0.2.51"
228 #local-zone: "2.0.192.in-addr.arpa." static
229 #local-data-ptr: "192.0.2.51 mycomputer.local"
230
231# AutoSSH Tunnel #
232
233AutoSSH creates and sustains SSH tunnels. This router will use it to build a
234tunnel through another host with a public IP address.
235
236 # pkg_add -v autossh
237 Update candidates: quirks-3.124 -> quirks-3.124
238 quirks-3.124 signed on 2019-09-16T08:18:29Z
239 autossh-1.4g: ok
240 Extracted 72468 from 72794
241 # ^D
242 $ ssh-keygen
243 Generating public/private rsa key pair.
244 Enter file in which to save the key (/home/ataylor/.ssh/id_rsa): /home/ataylor/.ssh/rtunnel_nopwd
245 Enter passphrase (empty for no passphrase): <empty>
246 Enter same passphrase again: <empty>
247 Your identification has been saved in /home/ataylor/.ssh/rtunnel_nopwd.
248 Your public key has been saved in /home/ataylor/.ssh/rtunnel_nopwd.pub.
249 The key fingerprint is:
250 SHA256:Dh3H+q3WTKq5nhvmbBSBRiLmzxk9ZTV4jIBMiaiv4BE ataylor@gandalf.subgeniuskitty.com
251 The key's randomart image is:
252 +---[RSA 3072]----+
253 | .o+o+ooo=o |
254 |.o..+ooo+.o. |
255 |. . ..o .oo |
256 |.E o o o.+ |
257 | .. + . S. |
258 |... o.. .. |
259 |o.. .+ .=. |
260 |.. +.+o.o |
261 | oX=. |
262 +----[SHA256]-----+
263
264Copy the resulting `rtunnel_nopwd.pub` key into `~/.ssh/authorized_hosts` on
265the far end of the tunnel, in this case `backdoor.subgeniuskitty.com`. Verify
266that you can login without a password, as in the example below.
267
268 $ ssh -i /home/ataylor/.ssh/rtunnel_nopwd ataylor@backdoor.subgeniuskitty.com
269
270Edit `/etc/rc.local` to start the tunnel at boot. For example:
271
272 echo 'building autossh tunnel to backdoor.subgeniuskitty.com'
273 /usr/local/bin/autossh -N -M 10200 \
274 -o "PubkeyAuthentication=yes" \
275 -o "PasswordAuthentication=no" \
276 -i /home/ataylor/.ssh/rtunnel_nopwd \
277 -R 6600:localhost:22 \
278 ataylor@backdoor.subgeniuskitty.com &
279
280# Installation Log: OpenBSD 6.5 on APU4 #
281
282 PC Engines apu4
283 coreboot build 20190402
284 BIOS version v4.0.24
285
286 <screen clears>
287
288 SeaBIOS (version rel-1.12.0.1-0-g393dc9c)
289
290 Press F10 key now for boot menu
291
292 Select boot device:
293
294 1. USB MSC Drive PNY USB 3.0 FD
295 2. ata0-0: Hoodisk SSD ATA-11 Hard-Disk (15272 MiBytes)
296 3. Payload [memtest]
297 4. Payload [setup]
298
299 Booting from Hard Disk...
300 Using drive 0, partition 3.
301 Loading......
302 probing: pc0 com0 com1 com2 com3 mem[639K 3582M 496M a20=on]
303 disk: hd0+ hd1+*
304 >> OpenBSD/amd64 BOOT 3.43
305 boot> stty com0 115200
306 boot> set tty com0
307 switching console to com>> OpenBSD/amd64 BOOT 3.43
308 boot>
309 0
310 cannot open hd0a:/etc/random.seed: No such file or directory
311 booting hd0a:/6.5/amd64/bsd.rd: 3683153+1524736+3888856+0+593920 [367459+128+450384+299805]=0xa51258
312 entry point at 0x1001000
313 Copyright (c) 1982, 1986, 1989, 1991, 1993
314 The Regents of the University of California. All rights reserved.
315 Copyright (c) 1995-2019 OpenBSD. All rights reserved. https://www.OpenBSD.org
316
317 OpenBSD 6.5 (RAMDISK_CD) #3: Sat Apr 13 14:55:38 MDT 2019
318 deraadt@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/RAMDISK_CD
319 real mem = 4261203968 (4063MB)
320 avail mem = 4128083968 (3936MB)
321 mainbus0 at root
322 bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xdffd7020 (7 entries)
323 bios0: vendor coreboot version "v4.0.24" date 02/04/2019
324 bios0: PC Engines apu4
325 acpi0 at bios0: rev 2
326 acpi0: tables DSDT FACP SSDT APIC HEST SSDT SSDT HPET
327 acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat
328 cpu0 at mainbus0: apid 0 (boot processor)
329 cpu0: AMD GX-412TC SOC, 998.24 MHz, 16-30-01
330 cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,CX16,\
331 SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,\
332 3DNOWP,OSVW,IBS,SKINIT,TOPEXT,DBKP,PERFTSC,PCTRL3,ITSC,T
333 cpu0: 32KB 64b/line 2-way I-cache, 32KB 64b/line 8-way D-cache, 2MB 64b/line 16-way L2 cache
334 cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative
335 cpu0: DTLB 40 4KB entries fully associative, 8 4MB entries fully associative
336 cpu0: apic clock running at 99MHz
337 cpu0: mwait min=64, max=64, IBE
338 cpu at mainbus0: not configured
339 cpu at mainbus0: not configured
340 cpu at mainbus0: not configured
341 ioapic0 at mainbus0: apid 4 pa 0xfec00000, version 21, 24 pins
342 ioapic1 at mainbus0: apid 5 pa 0xfec20000, version 21, 32 pins, remapped
343 acpiprt0 at acpi0: bus 0 (PCI0)
344 acpiprt1 at acpi0: bus 1 (PBR4)
345 acpiprt2 at acpi0: bus 2 (PBR5)
346 acpiprt3 at acpi0: bus 3 (PBR6)
347 acpiprt4 at acpi0: bus 4 (PBR7)
348 acpiprt5 at acpi0: bus -1 (PBR8)
349 acpicpu at acpi0 not configured
350 "PNP0C0C" at acpi0 not configured
351 "PNP0A08" at acpi0 not configured
352 acpicmos0 at acpi0
353 pci0 at mainbus0 bus 0
354 pchb0 at pci0 dev 0 function 0 "AMD AMD64 16h Root Complex" rev 0x00
355 pchb1 at pci0 dev 2 function 0 "AMD AMD64 16h Host" rev 0x00
356 ppb0 at pci0 dev 2 function 1 "AMD AMD64 16h PCIE" rev 0x00: msi
357 pci1 at ppb0 bus 1
358 em0 at pci1 dev 0 function 0 "Intel I211" rev 0x03: msi, address 00:0d:b9:52:f4:34
359 ppb1 at pci0 dev 2 function 2 "AMD AMD64 16h PCIE" rev 0x00: msi
360 pci2 at ppb1 bus 2
361 em1 at pci2 dev 0 function 0 "Intel I211" rev 0x03: msi, address 00:0d:b9:52:f4:35
362 ppb2 at pci0 dev 2 function 3 "AMD AMD64 16h PCIE" rev 0x00: msi
363 pci3 at ppb2 bus 3
364 em2 at pci3 dev 0 function 0 "Intel I211" rev 0x03: msi, address 00:0d:b9:52:f4:36
365 ppb3 at pci0 dev 2 function 4 "AMD AMD64 16h PCIE" rev 0x00: msi
366 pci4 at ppb3 bus 4
367 em3 at pci4 dev 0 function 0 "Intel I211" rev 0x03: msi, address 00:0d:b9:52:f4:37
368 ccp0 at pci0 dev 8 function 0 "AMD Cryptographic Co-processor v3" rev 0x00
369 xhci0 at pci0 dev 16 function 0 "AMD Bolton xHCI" rev 0x11: msi, xHCI 1.0
370 usb0 at xhci0: USB revision 3.0
371 uhub0 at usb0 configuration 1 interface 0 "AMD xHCI root hub" rev 3.00/1.00 addr 1
372 ahci0 at pci0 dev 17 function 0 "AMD Hudson-2 SATA" rev 0x40: apic 4 int 19, AHCI 1.3
373 ahci0: port 0: 6.0Gb/s
374 scsibus0 at ahci0: 32 targets
375 sd0 at scsibus0 targ 0 lun 0: <ATA, Hoodisk SSD, SBFM> SCSI3 0/direct fixed t10.ATA_Hoodisk_SSD_K2TTC7A11253904_
376 sd0: 15272MB, 512 bytes/sector, 31277232 sectors, thin
377 ehci0 at pci0 dev 18 function 0 "AMD Hudson-2 USB2" rev 0x39: apic 4 int 18
378 usb1 at ehci0: USB revision 2.0
379 uhub1 at usb1 configuration 1 interface 0 "AMD EHCI root hub" rev 2.00/1.00 addr 1
380 ehci1 at pci0 dev 19 function 0 "AMD Hudson-2 USB2" rev 0x39: apic 4 int 18
381 usb2 at ehci1: USB revision 2.0
382 uhub2 at usb2 configuration 1 interface 0 "AMD EHCI root hub" rev 2.00/1.00 addr 1
383 "AMD Hudson-2 SMBus" rev 0x42 at pci0 dev 20 function 0 not configured
384 "AMD Hudson-2 LPC" rev 0x11 at pci0 dev 20 function 3 not configured
385 sdhc0 at pci0 dev 20 function 7 "AMD Bolton SD/MMC" rev 0x01: apic 4 int 16
386 sdhc0: SDHC 2.0, 50 MHz base clock
387 sdmmc0 at sdhc0: 4-bit, sd high-speed, mmc high-speed, dma
388 pchb2 at pci0 dev 24 function 0 "AMD AMD64 16h Link Cfg" rev 0x00
389 pchb3 at pci0 dev 24 function 1 "AMD AMD64 16h Address Map" rev 0x00
390 pchb4 at pci0 dev 24 function 2 "AMD AMD64 16h DRAM Cfg" rev 0x00
391 pchb5 at pci0 dev 24 function 3 "AMD AMD64 16h Misc Cfg" rev 0x00
392 pchb6 at pci0 dev 24 function 4 "AMD AMD64 16h CPU Power" rev 0x00
393 pchb7 at pci0 dev 24 function 5 "AMD AMD64 16h Misc Cfg" rev 0x00
394 isa0 at mainbus0
395 com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
396 com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
397 com2 at isa0 port 0x3e8/8 irq 5: ns16550a, 16 byte fifo
398 umass0 at uhub0 port 2 configuration 1 interface 0 "PNY Technologies USB 3.0 FD" rev 3.00/1.00 addr 2
399 umass0: using SCSI over Bulk-Only
400 scsibus1 at umass0: 2 targets, initiator 0
401 sd1 at scsibus1 targ 1 lun 0: <PNY, USB 3.0 FD, > SCSI4 0/direct removable serial.154b00b25C3C10D19D29
402 sd1: 119743MB, 512 bytes/sector, 245235199 sectors
403 uhub3 at uhub1 port 1 configuration 1 interface 0 "vendor 0x0438 product 0x7900" rev 2.00/0.18 addr 2
404 uhub4 at uhub2 port 1 configuration 1 interface 0 "vendor 0x0438 product 0x7900" rev 2.00/0.18 addr 2
405 softraid0 at root
406 scsibus2 at softraid0: 256 targets
407 root on rd0a swap on rd0b dump on rd0b
408 erase ^?, werase ^W, kill ^U, intr ^C, status ^T
409
410 Welcome to the OpenBSD/amd64 6.5 installation program.
411 (I)nstall, (U)pgrade, (A)utoinstall or (S)hell? I
412 At any prompt except password prompts you can escape to a shell by
413 typing '!'. Default answers are shown in []'s and are selected by
414 pressing RETURN. You can exit this program at any time by pressing
415 Control-C, but this can leave your system in an inconsistent state.
416
417 Terminal type? [vt220]
418 System hostname? (short form, e.g. 'foo') gandalf
419
420 Available network interfaces are: em0 em1 em2 em3 vlan0.
421 Which network interface do you wish to configure? (or 'done') [em0]
422 IPv4 address for em0? (or 'dhcp' or 'none') [dhcp] 192.168.0.3
423 Netmask for em0? [255.255.255.0]
424 IPv6 address for em0? (or 'autoconf' or 'none') [none]
425 Available network interfaces are: em0 em1 em2 em3 vlan0.
426 Which network interface do you wish to configure? (or 'done') [done]
427 Default IPv4 route? (IPv4 address or none) 192.168.0.1
428 add net default: gateway 192.168.0.1
429 DNS domain name? (e.g. 'example.com') [my.domain] subgeniuskitty.com
430 DNS nameservers? (IP address list or 'none') [none] 192.168.0.1
431
432 Password for root account? (will not echo)
433 Password for root account? (again)
434 Start sshd(8) by default? [yes]
435 Change the default console to com0? [yes]
436 Available speeds are: 9600 19200 38400 57600 115200.
437 Which speed should com0 use? (or 'done') [115200] 115200
438 Setup a user? (enter a lower-case loginname, or 'no') [no] ataylor
439 Full name for user ataylor? [ataylor] Aaron Taylor
440 Password for user ataylor? (will not echo)
441 Password for user ataylor? (again)
442 WARNING: root is targeted by password guessing attacks, pubkeys are safer.
443 Allow root ssh login? (yes, no, prohibit-password) [no] no
444
445 Available disks are: sd0 sd1.
446 Which disk is the root disk? ('?' for details) [sd0] ?
447 sd0: ATA, Hoodisk SSD, SBFM t10.ATA_Hoodisk_SSD_K2TTC7A11253904_ (14.9G)
448 sd1: PNY, USB 3.0 FD serial.154b00b25C3C10D19D29 (116.9G)
449 Available disks are: sd0 sd1.
450 Which disk is the root disk? ('?' for details) [sd0] sd0
451 No valid MBR or GPT.
452 Use (W)hole disk MBR, whole disk (G)PT or (E)dit? [whole] W
453 Setting OpenBSD MBR partition to whole sd0...done.
454 The auto-allocated layout for sd0 is:
455 # size offset fstype [fsize bsize cpg]
456 a: 384.1M 64 4.2BSD 2048 16384 1 # /
457 b: 548.3M 786784 swap
458 c: 15272.1M 0 unused
459 d: 494.6M 1909664 4.2BSD 2048 16384 1 # /tmp
460 e: 688.8M 2922656 4.2BSD 2048 16384 1 # /var
461 f: 1534.1M 4333248 4.2BSD 2048 16384 1 # /usr
462 g: 524.5M 7475168 4.2BSD 2048 16384 1 # /usr/X11R6
463 h: 1726.4M 8549312 4.2BSD 2048 16384 1 # /usr/local
464 i: 1393.7M 12085024 4.2BSD 2048 16384 1 # /usr/src
465 j: 5307.3M 14939232 4.2BSD 2048 16384 1 # /usr/obj
466 k: 2663.0M 25808608 4.2BSD 2048 16384 1 # /home
467 Use (A)uto layout, (E)dit auto layout, or create (C)ustom layout? [a] c
468 Label editor (enter '?' for help at any prompt)
469 sd0> ?
470 Available commands:
471 ? | h - show help n [part] - set mount point
472 A - auto partition all space p [unit] - print partitions
473 a [part] - add partition q - quit & save changes
474 b - set OpenBSD boundaries R [part] - resize auto allocated partition
475 c [part] - change partition size r - display free space
476 D - reset label to default s [path] - save label to file
477 d [part] - delete partition U - undo all changes
478 e - edit drive parameters u - undo last change
479 g [d|u] - [d]isk or [u]ser geometry w - write label to disk
480 i - modify disklabel UID X - toggle expert mode
481 l [unit] - print disk label header x - exit & lose changes
482 M - disklabel(8) man page z - delete all partitions
483 m [part] - modify partition
484
485 Suffixes can be used to indicate units other than sectors:
486 'b' (bytes), 'k' (kilobytes), 'm' (megabytes), 'g' (gigabytes) 't' (terabytes)
487 'c' (cylinders), '%' (% of total disk), '&' (% of free space).
488 Values in non-sector units are truncated to the nearest cylinder boundary.
489 sd0> p
490 OpenBSD area: 64-31262490; size: 31262426; free: 31262426
491 # size offset fstype [fsize bsize cpg]
492 c: 31277232 0 unused
493 sd0> a
494 partition: [a]
495 offset: [64]
496 size: [31262426] 8G
497 FS type: [4.2BSD]
498 mount point: [none] /
499 sd0> a
500 partition: [b]
501 offset: [16787904]
502 size: [14474586] 1G
503 FS type: [swap]
504 sd0> a
505 partition: [d]
506 offset: [18892440]
507 size: [12370050] 1G
508 FS type: [4.2BSD]
509 mount point: [none] /tmp
510 sd0> a
511 partition: [e]
512 offset: [20996928]
513 size: [10265562] 1G
514 FS type: [4.2BSD]
515 mount point: [none] /var
516 sd0> a
517 partition: [f]
518 offset: [23101440]
519 size: [8161050] 1G
520 FS type: [4.2BSD]
521 mount point: [none] /home
522 sd0> a
523 partition: [g]
524 offset: [25205984]
525 size: [6056506]
526 FS type: [4.2BSD]
527 mount point: [none] /usr
528 sd0> p
529 OpenBSD area: 64-31262490; size: 31262426; free: 34
530 # size offset fstype [fsize bsize cpg]
531 a: 16787840 64 4.2BSD 2048 16384 1 # /
532 b: 2104536 16787904 swap
533 c: 31277232 0 unused
534 d: 2104480 18892448 4.2BSD 2048 16384 1 # /tmp
535 e: 2104512 20996928 4.2BSD 2048 16384 1 # /var
536 f: 2104544 23101440 4.2BSD 2048 16384 1 # /home
537 g: 6056480 25205984 4.2BSD 2048 16384 1 # /usr
538 sd0> w
539 sd0> q
540 No label changes.
541 /dev/rsd0a: 8197.2MB in 16787840 sectors of 512 bytes
542 41 cylinder groups of 202.47MB, 12958 blocks, 25984 inodes each
543 /dev/rsd0f: 1027.6MB in 2104544 sectors of 512 bytes
544 6 cylinder groups of 202.47MB, 12958 blocks, 25984 inodes each
545 /dev/rsd0d: 1027.6MB in 2104480 sectors of 512 bytes
546 6 cylinder groups of 202.47MB, 12958 blocks, 25984 inodes each
547 /dev/rsd0g: 2957.3MB in 6056480 sectors of 512 bytes
548 15 cylinder groups of 202.47MB, 12958 blocks, 25984 inodes each
549 /dev/rsd0e: 1027.6MB in 2104512 sectors of 512 bytes
550 6 cylinder groups of 202.47MB, 12958 blocks, 25984 inodes each
551 Available disks are: sd1.
552 Which disk do you wish to initialize? (or 'done') [done]
553 /dev/sd0a (ad5e78601fae8b9b.a) on /mnt type ffs (rw, asynchronous, local)
554 /dev/sd0f (ad5e78601fae8b9b.f) on /mnt/home type ffs (rw, asynchronous, local, nodev, nosuid)
555 /dev/sd0d (ad5e78601fae8b9b.d) on /mnt/tmp type ffs (rw, asynchronous, local, nodev, nosuid)
556 /dev/sd0g (ad5e78601fae8b9b.g) on /mnt/usr type ffs (rw, asynchronous, local, nodev)
557 /dev/sd0e (ad5e78601fae8b9b.e) on /mnt/var type ffs (rw, asynchronous, local, nodev, nosuid)
558
559 Let's install the sets!
560 Location of sets? (disk http or 'done') [http] disk
561 Is the disk partition already mounted? [yes] no
562 Available disks are: sd0 sd1.
563 Which disk contains the install media? (or 'done') [sd1] sd1
564 a: 920512 1024 4.2BSD 2048 16384 16142
565 i: 960 64 MSDOS
566 Available sd1 partitions are: a i.
567 Which sd1 partition has the install sets? (or 'done') [a] a
568 Pathname to the sets? (or 'done') [6.5/amd64]
569
570 Select sets by entering a set name, a file name pattern or 'all'. De-select
571 sets by prepending a '-', e.g.: '-game*'. Selected sets are labelled '[X]'.
572 [X] bsd [X] base65.tgz [X] game65.tgz [X] xfont65.tgz
573 [X] bsd.mp [X] comp65.tgz [X] xbase65.tgz [X] xserv65.tgz
574 [X] bsd.rd [X] man65.tgz [X] xshare65.tgz
575 Set name(s)? (or 'abort' or 'done') [done] -game*
576 [X] bsd [X] base65.tgz [ ] game65.tgz [X] xfont65.tgz
577 [X] bsd.mp [X] comp65.tgz [X] xbase65.tgz [X] xserv65.tgz
578 [X] bsd.rd [X] man65.tgz [X] xshare65.tgz
579 Set name(s)? (or 'abort' or 'done') [done] -x*
580 [X] bsd [X] base65.tgz [ ] game65.tgz [ ] xfont65.tgz
581 [X] bsd.mp [X] comp65.tgz [ ] xbase65.tgz [ ] xserv65.tgz
582 [X] bsd.rd [X] man65.tgz [ ] xshare65.tgz
583 Set name(s)? (or 'abort' or 'done') [done] done
584 Directory does not contain SHA256.sig. Continue without verification? [no] yes
585 Installing bsd 100% |**************************| 15163 KB 00:00
586 Installing bsd.mp 100% |**************************| 15248 KB 00:00
587 Installing bsd.rd 100% |**************************| 9984 KB 00:00
588 Installing base65.tgz 100% |**************************| 190 MB 00:26
589 Extracting etc.tgz 100% |**************************| 260 KB 00:00
590 Installing comp65.tgz 100% |**************************| 71916 KB 00:14
591 Installing man65.tgz 100% |**************************| 7385 KB 00:01
592 Location of sets? (disk http or 'done') [done] done
593
594 What timezone are you in? ('?' for list) [Canada/Mountain] US/Pacific
595 Saving configuration files... done.
596 Making all device nodes... done.
597 Multiprocessor machine; using bsd.mp instead of bsd.
598 Relinking to create unique kernel... done.
599
600 CONGRATULATIONS! Your OpenBSD install has been successfully completed!
601
602 When you login to your new system the first time, please read your mail
603 using the 'mail' command.
604
605 Exit to (S)hell, (H)alt or (R)eboot? [reboot]
606
607 <remove USB flash drive>
608
609
610
611 SeaBIOS (version rel-1.12.0.1-0-g393dc9c)
612
613 Press F10 key now for boot menu
614
615 Booting from Hard Disk...
616 Using drive 0, partition 3.
617 Loading......
618 probing: pc0 com0 com1 com2 com3 mem[639K 3582M 496M a20=on]
619 disk: hd0+
620 >> OpenBSD/amd64 BOOT 3.43
621 switching console to com>> OpenBSD/amd64 BOOT 3.43
622 boot> 0
623
624 booting hd0a:/bsd: 10688280+2458640+344096+0+675840 [677254+128+856800+597186]=0xf8d9b0
625 entry point at 0x1001000
626 [ using 2132400 bytes of bsd ELF symbol table ]
627 Copyright (c) 1982, 1986, 1989, 1991, 1993
628 The Regents of the University of California. All rights reserved.
629 Copyright (c) 1995-2019 OpenBSD. All rights reserved. https://www.OpenBSD.org
630
631 OpenBSD 6.5 (GENERIC.MP) #3: Sat Apr 13 14:48:43 MDT 2019
632 deraadt@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
633 real mem = 4261208064 (4063MB)
634 avail mem = 4122431488 (3931MB)
635 mpath0 at root
636 scsibus0 at mpath0: 256 targets
637 mainbus0 at root
638 bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xdffd7020 (7 entries)
639 bios0: vendor coreboot version "v4.0.24" date 02/04/2019
640 bios0: PC Engines apu4
641 acpi0 at bios0: rev 2
642 acpi0: sleep states S0 S1 S2 S3 S4 S5
643 acpi0: tables DSDT FACP SSDT APIC HEST SSDT SSDT HPET
644 acpi0: wakeup devices PWRB(S4) PBR4(S4) PBR5(S4) PBR6(S4) PBR7(S4) PBR8(S4) UOH1(S3) UOH3(S3) UOH5(S3) XHC0(S4)
645 acpitimer0 at acpi0: 3579545 Hz, 32 bits
646 acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat
647 cpu0 at mainbus0: apid 0 (boot processor)
648 cpu0: AMD GX-412TC SOC, 998.27 MHz, 16-30-01
649 cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,CX16,\
650 SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,\
651 3DNOWP,OSVW,IBS,SKINIT,TOPEXT,DBKP,PERFTSC,PCTRL3,ITSC,T
652 cpu0: 32KB 64b/line 2-way I-cache, 32KB 64b/line 8-way D-cache, 2MB 64b/line 16-way L2 cache
653 cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative
654 cpu0: DTLB 40 4KB entries fully associative, 8 4MB entries fully associative
655 cpu0: smt 0, core 0, package 0
656 mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
657 <missed recording a few lines here due to overflow>
658 cpu2: DTLB 40 4KB entries fully associative, 8 4MB entries fully associative
659 cpu2: smt 0, core 2, package 0
660 cpu3 at mainbus0: apid 3 (application processor)
661 cpu3: AMD GX-412TC SOC, 998.14 MHz, 16-30-01
662 cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,CX16,\
663 SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,\
664 3DNOWP,OSVW,IBS,SKINIT,TOPEXT,DBKP,PERFTSC,PCTRL3,ITSC,T
665 cpu3: 32KB 64b/line 2-way I-cache, 32KB 64b/line 8-way D-cache, 2MB 64b/line 16-way L2 cache
666 cpu3: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative
667 cpu3: DTLB 40 4KB entries fully associative, 8 4MB entries fully associative
668 cpu3: smt 0, core 3, package 0
669 ioapic0 at mainbus0: apid 4 pa 0xfec00000, version 21, 24 pins
670 ioapic1 at mainbus0: apid 5 pa 0xfec20000, version 21, 32 pins, remapped
671 acpihpet0 at acpi0: 14318180 Hz
672 acpiprt0 at acpi0: bus 0 (PCI0)
673 acpiprt1 at acpi0: bus 1 (PBR4)
674 acpiprt2 at acpi0: bus 2 (PBR5)
675 acpiprt3 at acpi0: bus 3 (PBR6)
676 acpiprt4 at acpi0: bus 4 (PBR7)
677 acpiprt5 at acpi0: bus -1 (PBR8)
678 acpicpu0 at acpi0: C2(0@400 io@0x1771), C1(@1 halt!), PSS
679 acpicpu1 at acpi0: C2(0@400 io@0x1771), C1(@1 halt!), PSS
680 acpicpu2 at acpi0: C2(0@400 io@0x1771), C1(@1 halt!), PSS
681 acpicpu3 at acpi0: C2(0@400 io@0x1771), C1(@1 halt!), PSS
682 acpibtn0 at acpi0: PWRB
683 acpipci0 at acpi0 PCI0: 0x00000000 0x00000011 0x00000001
684 acpicmos0 at acpi0
685 cpu0: 998 MHz: speeds: 1000 800 600 MHz
686 pci0 at mainbus0 bus 0
687 pchb0 at pci0 dev 0 function 0 "AMD AMD64 16h Root Complex" rev 0x00
688 pchb1 at pci0 dev 2 function 0 "AMD AMD64 16h Host" rev 0x00
689 ppb0 at pci0 dev 2 function 1 "AMD AMD64 16h PCIE" rev 0x00: msi
690 pci1 at ppb0 bus 1
691 em0 at pci1 dev 0 function 0 "Intel I211" rev 0x03: msi, address 00:0d:b9:52:f4:34
692 ppb1 at pci0 dev 2 function 2 "AMD AMD64 16h PCIE" rev 0x00: msi
693 pci2 at ppb1 bus 2
694 em1 at pci2 dev 0 function 0 "Intel I211" rev 0x03: msi, address 00:0d:b9:52:f4:35
695 ppb2 at pci0 dev 2 function 3 "AMD AMD64 16h PCIE" rev 0x00: msi
696 pci3 at ppb2 bus 3
697 em2 at pci3 dev 0 function 0 "Intel I211" rev 0x03: msi, address 00:0d:b9:52:f4:36
698 ppb3 at pci0 dev 2 function 4 "AMD AMD64 16h PCIE" rev 0x00: msi
699 pci4 at ppb3 bus 4
700 em3 at pci4 dev 0 function 0 "Intel I211" rev 0x03: msi, address 00:0d:b9:52:f4:37
701 ccp0 at pci0 dev 8 function 0 "AMD Cryptographic Co-processor v3" rev 0x00
702 xhci0 at pci0 dev 16 function 0 "AMD Bolton xHCI" rev 0x11: msi, xHCI 1.0
703 usb0 at xhci0: USB revision 3.0
704 uhub0 at usb0 configuration 1 interface 0 "AMD xHCI root hub" rev 3.00/1.00 addr 1
705 ahci0 at pci0 dev 17 function 0 "AMD Hudson-2 SATA" rev 0x40: apic 4 int 19, AHCI 1.3
706 ahci0: port 0: 6.0Gb/s
707 scsibus1 at ahci0: 32 targets
708 sd0 at scsibus1 targ 0 lun 0: <ATA, Hoodisk SSD, SBFM> SCSI3 0/direct fixed t10.ATA_Hoodisk_SSD_K2TTC7A11253904_
709 sd0: 15272MB, 512 bytes/sector, 31277232 sectors, thin
710 ehci0 at pci0 dev 18 function 0 "AMD Hudson-2 USB2" rev 0x39: apic 4 int 18
711 usb1 at ehci0: USB revision 2.0
712 uhub1 at usb1 configuration 1 interface 0 "AMD EHCI root hub" rev 2.00/1.00 addr 1
713 ehci1 at pci0 dev 19 function 0 "AMD Hudson-2 USB2" rev 0x39: apic 4 int 18
714 usb2 at ehci1: USB revision 2.0
715 uhub2 at usb2 configuration 1 interface 0 "AMD EHCI root hub" rev 2.00/1.00 addr 1
716 piixpm0 at pci0 dev 20 function 0 "AMD Hudson-2 SMBus" rev 0x42: SMBus disabled
717 pcib0 at pci0 dev 20 function 3 "AMD Hudson-2 LPC" rev 0x11
718 sdhc0 at pci0 dev 20 function 7 "AMD Bolton SD/MMC" rev 0x01: apic 4 int 16
719 sdhc0: SDHC 2.0, 50 MHz base clock
720 sdmmc0 at sdhc0: 4-bit, sd high-speed, mmc high-speed, dma
721 pchb2 at pci0 dev 24 function 0 "AMD AMD64 16h Link Cfg" rev 0x00
722 pchb3 at pci0 dev 24 function 1 "AMD AMD64 16h Address Map" rev 0x00
723 pchb4 at pci0 dev 24 function 2 "AMD AMD64 16h DRAM Cfg" rev 0x00
724 km0 at pci0 dev 24 function 3 "AMD AMD64 16h Misc Cfg" rev 0x00
725 pchb5 at pci0 dev 24 function 4 "AMD AMD64 16h CPU Power" rev 0x00
726 pchb6 at pci0 dev 24 function 5 "AMD AMD64 16h Misc Cfg" rev 0x00
727 isa0 at pcib0
728 isadma0 at isa0
729 com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
730 com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
731 com2 at isa0 port 0x3e8/8 irq 5: ns16550a, 16 byte fifo
732 pcppi0 at isa0 port 0x61
733 spkr0 at pcppi0
734 lpt0 at isa0 port 0x378/4 irq 7
735 wbsio0 at isa0 port 0x2e/2: NCT5104D rev 0x53
736 vmm0 at mainbus0: SVM/RVI
737 uhub3 at uhub1 port 1 configuration 1 interface 0 "Advanced Micro Devices product 0x7900" rev 2.00/0.18 addr 2
738 uhub4 at uhub2 port 1 configuration 1 interface 0 "Advanced Micro Devices product 0x7900" rev 2.00/0.18 addr 2
739 vscsi0 at root
740 scsibus2 at vscsi0: 256 targets
741 softraid0 at root
742 scsibus3 at softraid0: 256 targets
743 root on sd0a (ad5e78601fae8b9b.a) swap on sd0b dump on sd0b
744 Process (pid 1) got signal 31
745 Automatic boot in progress: starting file system checks.
746 /dev/sd0a (ad5e78601fae8b9b.a): file system is clean; not checking
747 /dev/sd0f (ad5e78601fae8b9b.f): file system is clean; not checking
748 /dev/sd0d (ad5e78601fae8b9b.d): file system is clean; not checking
749 /dev/sd0g (ad5e78601fae8b9b.g): file system is clean; not checking
750 /dev/sd0e (ad5e78601fae8b9b.e): file system is clean; not checking
751 pf enabled
752 starting network
753 reordering libraries: done.
754 openssl: generating isakmpd/iked RSA keys... done.
755 ssh-keygen: generating new host keys: RSA DSA ECDSA ED25519
756 starting early daemons: syslogd pflogd ntpd.
757 starting RPC daemons:.
758 savecore: no core dump
759 checking quotas: done.
760 clearing /tmp
761 kern.securelevel: 0 -> 1
762 creating runtime link editor directory cache.
763 preserving editor files.
764 starting network daemons: sshd smtpd sndiod.
765 running rc.firsttime
766 Path to firmware: http://firmware.openbsd.org/firmware/6.5/
767 Installing: vmm-firmware
768 Checking for available binary patches...
769 ftp: SSL write error: certificate verification failed: certificate is not yet valid
770 starting local daemons: cron.
771 Tue Dec 12 16:50:18 PST 2017
772
773 OpenBSD/amd64 (gandalf.subgeniuskitty.com) (tty00)
774
775 login:
Content for http://www.subgeniuskitty.com.