+# OpenBSD Router #
+
+These notes describe the creation of an OpenBSD router with firewall, NAT,
+DHCP, caching DNS, and AutoSSH tunnel.
+
+The four ports of the router are connected to four subnets:
+
+ em0 - 192.168.0.3/24 - internet connection
+ em1 - 192.168.1.1/24 - personal subnet
+ em2 - 192.168.2.1/24 - vintage computing subnet
+ em3 - 192.168.3.1/24 - guest subnet
+
+# Hardware #
+
+This router is based on a PC Engines [APU4](https://pcengines.ch/apu4c4.htm)
+with a 1 GHz, quad-core AMD GX-412TC CPU, 4 GB RAM and quad Intel i211AT NICs.
+
+The two photos below are shamelessly stolen from the PC Engines website since
+I forgot to take photos before installing the PCB in the case.
+
+%%BEGIN_GALLERY%%
+openbsd_router/apu4b4_front.jpg|Front
+openbsd_router/apu4b4_rear.jpg|Rear
+%%END_GALLERY%%
+
+Total costs for the project in 2019 were:
+
+| Price | Part Num. | Description |
+| :------ | :---------- | :-------------- |
+| $117.50 | apu4c4 | PC Engines APU4 |
+| $9.40 | case1d4redu | Enclosure |
+| $4.10 | ac12vus2 | AC Adapter |
+| $12.80 | msata16h | 16 GB mSATA SSD |
+| $16.20 | NA | Shipping |
+
+The CPU requires a thermal connection to the case. Although everything
+necessary is included with the order, the thermal pad should be replaced any
+time the PCB is removed from the case. Suitable replacements should be 0.5mm
+thick and have a thermal conductivity of 6 W/mK or better.
+
+# OpenBSD Installation #
+
+Download `installXX.fs` from <https://openbsd.org> and `dd` to a USB flash drive.
+These notes are for `amd64/install65.fs` downloaded on 20190918.
+
+Connect a serial terminal configured for `115200 8N1` to the APU4. At the
+appropriate prompt, press `F10` and boot from the USB drive. Upon reaching the
+`boot>` prompt, we must tell the installer to use the serial port for the
+console.
+
+ boot> stty com0 115200
+ boot> set tty com0
+
+After this, proceed to install OpenBSD as on any other x64 server. A complete
+installation log through first boot is included at the bottom of these notes.
+
+After installation is complete, the date may be incorrect, prompting errors
+during package installation.
+
+ # pkg_add -v nmap
+ ftp: SSL write error: certificate verification failed: certificate is not yet valid
+
+If the clock is too far out of sync, manual intervention may be required.
+
+ # rcctl stop ntpd
+ # ntpd -d -s
+ # date
+ <confirm>
+ # rcctl enable ntpd
+ # rcctl start ntpd
+
+Setup all network interfaces and enable IP forwarding since this is a router.
+
+ # echo 'net.inet.ip.forwarding=1' >> /etc/sysctl.conf
+ # echo 'inet 192.168.1.1 255.255.255.0' > /etc/hostname.em1
+ # echo 'inet 192.168.2.1 255.255.255.0' > /etc/hostname.em2
+ # echo 'inet 192.168.3.1 255.255.255.0' > /etc/hostname.em3
+
+Edit `/etc/ssh/sshd_config` and configure `sshd` to listen only on the private
+network interface.
+
+ ListenAddress 192.168.1.1
+
+Disable a few services that aren't necessary in this application by adding
+these lines to `/etc/rc.conf.local`.
+
+ sndiod_flags=NO
+ slaacd_flags=NO
+ smtpd_flags=NO
+
+# DHCP Server #
+
+A simple DHCP configuration for each subnet.
+
+ # rcctl enable dhcpd
+ # rcctl set dhcpd flags em1 em2 em3
+ # ed /etc/dhcpd.conf
+ a
+ subnet 192.168.1.0 netmask 255.255.255.0 {
+ option routers 192.168.1.1;
+ option domain-name-servers 192.168.1.1;
+ range 192.168.1.100 192.168.1.200;
+ }
+ subnet 192.168.2.0 netmask 255.255.255.0 {
+ option routers 192.168.2.1;
+ option domain-name-servers 192.168.2.1;
+ range 192.168.2.100 192.168.2.200;
+ }
+ subnet 192.168.3.0 netmask 255.255.255.0 {
+ option routers 192.168.3.1;
+ option domain-name-servers 192.168.3.1;
+ range 192.168.3.100 192.168.3.200;
+ }
+ w
+ 453
+ q
+ # rcctl restart dhcpd
+ dhcpd(ok)
+
+# Firewall #
+
+The firewall configuration is located at `/etc/pf.conf` and can be reloaded
+with `pfctl` (see below). While the configuration itself is commented, the
+general idea is that `em0` is the public connection to the internet, `em1`,
+`em2`, and `em3` are private networks accessing the internet through NAT.
+Additionally, although hosts on `em1` should be able to reach anything, hosts
+on `em2` or `em3` should only be able to reach the internet.
+
+ # Subgeniuskitty Firewall Config
+ # Last updated on 20190918
+
+ # Interfaces:
+ # em0: Internet connection
+ # em1: Personal network
+ # em2: Vintage computing network
+ # em3: Guest network
+
+ # Non-routable IPv4 addresses (per RFC 5735 section 4).
+ table <martians> { 0.0.0.0/8 10.0.0.0/8 127.0.0.0/8 169.254.0.0/16 \
+ 172.16.0.0/12 192.0.0.0/24 192.0.2.0/24 224.0.0.0/4 \
+ 192.168.0.0/16 198.18.0.0/15 198.51.100.0/24 \
+ 203.0.113.0/24 }
+
+ # Drop instead of returning a TCP RST.
+ set block-policy drop
+
+ # Log statistics for internet interface.
+ set loginterface egress
+
+ # No processing on any loopback packets.
+ set skip on lo0
+
+ # Normalize and defragment
+ match in all scrub (no-df random-id max-mss 1440)
+
+ # NAT for the LAN
+ match out on egress inet from !(egress:network) to any nat-to (egress:0)
+
+ # Spoofers and Martians
+ antispoof quick for { egress em1 em2 em3 }
+ block in quick on egress from <martians> to any
+ block return out quick on egress from any to <martians>
+
+ # Policy: deny by default.
+ block all
+
+ # Allow outbound IPv4 traffic.
+ pass out quick inet
+
+ # Allow em1 to reach any port
+ pass in quick from em1:network to any
+
+ # Only allow em2 to reach the internet, not other internal networks.
+ block in quick from em2:network to em0:network
+ block in quick from em2:network to em1:network
+ block in quick from em2:network to em3:network
+ pass in quick from em2:network to any
+
+ # Only allow em3 to reach the internet, not other internal networks.
+ block in quick from em3:network to em0:network
+ block in quick from em3:network to em1:network
+ block in quick from em3:network to em2:network
+ pass in quick from em3:network to any
+
+A few simple `pfctl` commands:
+
+ # pfctl -f /etc/pf.conf Load the pf.conf file
+ # pfctl -nf /etc/pf.conf Parse the pf.conf file, but don't load it
+ # pfctl -sr Show the current ruleset
+ # pfctl -ss Show the current state table
+ # pfctl -si Show filter stats and counters
+ # pfctl -sa Show everything
+
+# DNS Cache #
+
+The sample configuration below should be located at `/var/unbound/etc/unbound.conf`.
+
+ # Subgeniuskitty DNS Cache Config
+ # Last updated on 20190918
+
+ server:
+ interface: 127.0.0.1
+ interface: 192.168.1.1
+ interface: 192.168.2.1
+ interface: 192.168.3.1
+ access-control: 127.0.0.0/8 allow
+ access-control: 192.168.1.0/24 allow
+ access-control: 192.168.2.0/24 allow
+ access-control: 192.168.3.0/24 allow
+ do-not-query-localhost: no
+ hide-identity: yes
+ hide-version: yes
+ forward-zone:
+ name: "." # use for ALL queries
+ forward-addr: 8.8.8.8 # Google's public DNS server
+
+After the configuration is ready, enable the daemon.
+
+ # rcctl enable unbound
+
+Unbound can also serve DNS entries directly.
+
+ # Serve zones authoritatively from Unbound to resolver clients.
+ # Not for external service.
+ #
+ #local-zone: "local." static
+ #local-data: "mycomputer.local. IN A 192.0.2.51"
+ #local-zone: "2.0.192.in-addr.arpa." static
+ #local-data-ptr: "192.0.2.51 mycomputer.local"
+
+# AutoSSH Tunnel #
+
+AutoSSH creates and sustains SSH tunnels. This router will use it to build a
+tunnel through another host with a public IP address.
+
+ # pkg_add -v autossh
+ Update candidates: quirks-3.124 -> quirks-3.124
+ quirks-3.124 signed on 2019-09-16T08:18:29Z
+ autossh-1.4g: ok
+ Extracted 72468 from 72794
+ # ^D
+ $ ssh-keygen
+ Generating public/private rsa key pair.
+ Enter file in which to save the key (/home/ataylor/.ssh/id_rsa): /home/ataylor/.ssh/rtunnel_nopwd
+ Enter passphrase (empty for no passphrase): <empty>
+ Enter same passphrase again: <empty>
+ Your identification has been saved in /home/ataylor/.ssh/rtunnel_nopwd.
+ Your public key has been saved in /home/ataylor/.ssh/rtunnel_nopwd.pub.
+ The key fingerprint is:
+ SHA256:Dh3H+q3WTKq5nhvmbBSBRiLmzxk9ZTV4jIBMiaiv4BE ataylor@gandalf.subgeniuskitty.com
+ The key's randomart image is:
+ +---[RSA 3072]----+
+ | .o+o+ooo=o |
+ |.o..+ooo+.o. |
+ |. . ..o .oo |
+ |.E o o o.+ |
+ | .. + . S. |
+ |... o.. .. |
+ |o.. .+ .=. |
+ |.. +.+o.o |
+ | oX=. |
+ +----[SHA256]-----+
+
+Copy the resulting `rtunnel_nopwd.pub` key into `~/.ssh/authorized_hosts` on
+the far end of the tunnel, in this case `backdoor.subgeniuskitty.com`. Verify
+that you can login without a password, as in the example below.
+
+ $ ssh -i /home/ataylor/.ssh/rtunnel_nopwd ataylor@backdoor.subgeniuskitty.com
+
+Edit `/etc/rc.local` to start the tunnel at boot. For example:
+
+ echo 'building autossh tunnel to backdoor.subgeniuskitty.com'
+ /usr/local/bin/autossh -N -M 10200 \
+ -o "PubkeyAuthentication=yes" \
+ -o "PasswordAuthentication=no" \
+ -i /home/ataylor/.ssh/rtunnel_nopwd \
+ -R 6600:localhost:22 \
+ ataylor@backdoor.subgeniuskitty.com &
+
+# Installation Log: OpenBSD 6.5 on APU4 #
+
+ PC Engines apu4
+ coreboot build 20190402
+ BIOS version v4.0.24
+
+ <screen clears>
+
+ SeaBIOS (version rel-1.12.0.1-0-g393dc9c)
+
+ Press F10 key now for boot menu
+
+ Select boot device:
+
+ 1. USB MSC Drive PNY USB 3.0 FD
+ 2. ata0-0: Hoodisk SSD ATA-11 Hard-Disk (15272 MiBytes)
+ 3. Payload [memtest]
+ 4. Payload [setup]
+
+ Booting from Hard Disk...
+ Using drive 0, partition 3.
+ Loading......
+ probing: pc0 com0 com1 com2 com3 mem[639K 3582M 496M a20=on]
+ disk: hd0+ hd1+*
+ >> OpenBSD/amd64 BOOT 3.43
+ boot> stty com0 115200
+ boot> set tty com0
+ switching console to com>> OpenBSD/amd64 BOOT 3.43
+ boot>
+ 0
+ cannot open hd0a:/etc/random.seed: No such file or directory
+ booting hd0a:/6.5/amd64/bsd.rd: 3683153+1524736+3888856+0+593920 [367459+128+450384+299805]=0xa51258
+ entry point at 0x1001000
+ Copyright (c) 1982, 1986, 1989, 1991, 1993
+ The Regents of the University of California. All rights reserved.
+ Copyright (c) 1995-2019 OpenBSD. All rights reserved. https://www.OpenBSD.org
+
+ OpenBSD 6.5 (RAMDISK_CD) #3: Sat Apr 13 14:55:38 MDT 2019
+ deraadt@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/RAMDISK_CD
+ real mem = 4261203968 (4063MB)
+ avail mem = 4128083968 (3936MB)
+ mainbus0 at root
+ bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xdffd7020 (7 entries)
+ bios0: vendor coreboot version "v4.0.24" date 02/04/2019
+ bios0: PC Engines apu4
+ acpi0 at bios0: rev 2
+ acpi0: tables DSDT FACP SSDT APIC HEST SSDT SSDT HPET
+ acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat
+ cpu0 at mainbus0: apid 0 (boot processor)
+ cpu0: AMD GX-412TC SOC, 998.24 MHz, 16-30-01
+ cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,CX16,\
+ SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,\
+ 3DNOWP,OSVW,IBS,SKINIT,TOPEXT,DBKP,PERFTSC,PCTRL3,ITSC,T
+ cpu0: 32KB 64b/line 2-way I-cache, 32KB 64b/line 8-way D-cache, 2MB 64b/line 16-way L2 cache
+ cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative
+ cpu0: DTLB 40 4KB entries fully associative, 8 4MB entries fully associative
+ cpu0: apic clock running at 99MHz
+ cpu0: mwait min=64, max=64, IBE
+ cpu at mainbus0: not configured
+ cpu at mainbus0: not configured
+ cpu at mainbus0: not configured
+ ioapic0 at mainbus0: apid 4 pa 0xfec00000, version 21, 24 pins
+ ioapic1 at mainbus0: apid 5 pa 0xfec20000, version 21, 32 pins, remapped
+ acpiprt0 at acpi0: bus 0 (PCI0)
+ acpiprt1 at acpi0: bus 1 (PBR4)
+ acpiprt2 at acpi0: bus 2 (PBR5)
+ acpiprt3 at acpi0: bus 3 (PBR6)
+ acpiprt4 at acpi0: bus 4 (PBR7)
+ acpiprt5 at acpi0: bus -1 (PBR8)
+ acpicpu at acpi0 not configured
+ "PNP0C0C" at acpi0 not configured
+ "PNP0A08" at acpi0 not configured
+ acpicmos0 at acpi0
+ pci0 at mainbus0 bus 0
+ pchb0 at pci0 dev 0 function 0 "AMD AMD64 16h Root Complex" rev 0x00
+ pchb1 at pci0 dev 2 function 0 "AMD AMD64 16h Host" rev 0x00
+ ppb0 at pci0 dev 2 function 1 "AMD AMD64 16h PCIE" rev 0x00: msi
+ pci1 at ppb0 bus 1
+ em0 at pci1 dev 0 function 0 "Intel I211" rev 0x03: msi, address 00:0d:b9:52:f4:34
+ ppb1 at pci0 dev 2 function 2 "AMD AMD64 16h PCIE" rev 0x00: msi
+ pci2 at ppb1 bus 2
+ em1 at pci2 dev 0 function 0 "Intel I211" rev 0x03: msi, address 00:0d:b9:52:f4:35
+ ppb2 at pci0 dev 2 function 3 "AMD AMD64 16h PCIE" rev 0x00: msi
+ pci3 at ppb2 bus 3
+ em2 at pci3 dev 0 function 0 "Intel I211" rev 0x03: msi, address 00:0d:b9:52:f4:36
+ ppb3 at pci0 dev 2 function 4 "AMD AMD64 16h PCIE" rev 0x00: msi
+ pci4 at ppb3 bus 4
+ em3 at pci4 dev 0 function 0 "Intel I211" rev 0x03: msi, address 00:0d:b9:52:f4:37
+ ccp0 at pci0 dev 8 function 0 "AMD Cryptographic Co-processor v3" rev 0x00
+ xhci0 at pci0 dev 16 function 0 "AMD Bolton xHCI" rev 0x11: msi, xHCI 1.0
+ usb0 at xhci0: USB revision 3.0
+ uhub0 at usb0 configuration 1 interface 0 "AMD xHCI root hub" rev 3.00/1.00 addr 1
+ ahci0 at pci0 dev 17 function 0 "AMD Hudson-2 SATA" rev 0x40: apic 4 int 19, AHCI 1.3
+ ahci0: port 0: 6.0Gb/s
+ scsibus0 at ahci0: 32 targets
+ sd0 at scsibus0 targ 0 lun 0: <ATA, Hoodisk SSD, SBFM> SCSI3 0/direct fixed t10.ATA_Hoodisk_SSD_K2TTC7A11253904_
+ sd0: 15272MB, 512 bytes/sector, 31277232 sectors, thin
+ ehci0 at pci0 dev 18 function 0 "AMD Hudson-2 USB2" rev 0x39: apic 4 int 18
+ usb1 at ehci0: USB revision 2.0
+ uhub1 at usb1 configuration 1 interface 0 "AMD EHCI root hub" rev 2.00/1.00 addr 1
+ ehci1 at pci0 dev 19 function 0 "AMD Hudson-2 USB2" rev 0x39: apic 4 int 18
+ usb2 at ehci1: USB revision 2.0
+ uhub2 at usb2 configuration 1 interface 0 "AMD EHCI root hub" rev 2.00/1.00 addr 1
+ "AMD Hudson-2 SMBus" rev 0x42 at pci0 dev 20 function 0 not configured
+ "AMD Hudson-2 LPC" rev 0x11 at pci0 dev 20 function 3 not configured
+ sdhc0 at pci0 dev 20 function 7 "AMD Bolton SD/MMC" rev 0x01: apic 4 int 16
+ sdhc0: SDHC 2.0, 50 MHz base clock
+ sdmmc0 at sdhc0: 4-bit, sd high-speed, mmc high-speed, dma
+ pchb2 at pci0 dev 24 function 0 "AMD AMD64 16h Link Cfg" rev 0x00
+ pchb3 at pci0 dev 24 function 1 "AMD AMD64 16h Address Map" rev 0x00
+ pchb4 at pci0 dev 24 function 2 "AMD AMD64 16h DRAM Cfg" rev 0x00
+ pchb5 at pci0 dev 24 function 3 "AMD AMD64 16h Misc Cfg" rev 0x00
+ pchb6 at pci0 dev 24 function 4 "AMD AMD64 16h CPU Power" rev 0x00
+ pchb7 at pci0 dev 24 function 5 "AMD AMD64 16h Misc Cfg" rev 0x00
+ isa0 at mainbus0
+ com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
+ com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
+ com2 at isa0 port 0x3e8/8 irq 5: ns16550a, 16 byte fifo
+ umass0 at uhub0 port 2 configuration 1 interface 0 "PNY Technologies USB 3.0 FD" rev 3.00/1.00 addr 2
+ umass0: using SCSI over Bulk-Only
+ scsibus1 at umass0: 2 targets, initiator 0
+ sd1 at scsibus1 targ 1 lun 0: <PNY, USB 3.0 FD, > SCSI4 0/direct removable serial.154b00b25C3C10D19D29
+ sd1: 119743MB, 512 bytes/sector, 245235199 sectors
+ uhub3 at uhub1 port 1 configuration 1 interface 0 "vendor 0x0438 product 0x7900" rev 2.00/0.18 addr 2
+ uhub4 at uhub2 port 1 configuration 1 interface 0 "vendor 0x0438 product 0x7900" rev 2.00/0.18 addr 2
+ softraid0 at root
+ scsibus2 at softraid0: 256 targets
+ root on rd0a swap on rd0b dump on rd0b
+ erase ^?, werase ^W, kill ^U, intr ^C, status ^T
+
+ Welcome to the OpenBSD/amd64 6.5 installation program.
+ (I)nstall, (U)pgrade, (A)utoinstall or (S)hell? I
+ At any prompt except password prompts you can escape to a shell by
+ typing '!'. Default answers are shown in []'s and are selected by
+ pressing RETURN. You can exit this program at any time by pressing
+ Control-C, but this can leave your system in an inconsistent state.
+
+ Terminal type? [vt220]
+ System hostname? (short form, e.g. 'foo') gandalf
+
+ Available network interfaces are: em0 em1 em2 em3 vlan0.
+ Which network interface do you wish to configure? (or 'done') [em0]
+ IPv4 address for em0? (or 'dhcp' or 'none') [dhcp] 192.168.0.3
+ Netmask for em0? [255.255.255.0]
+ IPv6 address for em0? (or 'autoconf' or 'none') [none]
+ Available network interfaces are: em0 em1 em2 em3 vlan0.
+ Which network interface do you wish to configure? (or 'done') [done]
+ Default IPv4 route? (IPv4 address or none) 192.168.0.1
+ add net default: gateway 192.168.0.1
+ DNS domain name? (e.g. 'example.com') [my.domain] subgeniuskitty.com
+ DNS nameservers? (IP address list or 'none') [none] 192.168.0.1
+
+ Password for root account? (will not echo)
+ Password for root account? (again)
+ Start sshd(8) by default? [yes]
+ Change the default console to com0? [yes]
+ Available speeds are: 9600 19200 38400 57600 115200.
+ Which speed should com0 use? (or 'done') [115200] 115200
+ Setup a user? (enter a lower-case loginname, or 'no') [no] ataylor
+ Full name for user ataylor? [ataylor] Aaron Taylor
+ Password for user ataylor? (will not echo)
+ Password for user ataylor? (again)
+ WARNING: root is targeted by password guessing attacks, pubkeys are safer.
+ Allow root ssh login? (yes, no, prohibit-password) [no] no
+
+ Available disks are: sd0 sd1.
+ Which disk is the root disk? ('?' for details) [sd0] ?
+ sd0: ATA, Hoodisk SSD, SBFM t10.ATA_Hoodisk_SSD_K2TTC7A11253904_ (14.9G)
+ sd1: PNY, USB 3.0 FD serial.154b00b25C3C10D19D29 (116.9G)
+ Available disks are: sd0 sd1.
+ Which disk is the root disk? ('?' for details) [sd0] sd0
+ No valid MBR or GPT.
+ Use (W)hole disk MBR, whole disk (G)PT or (E)dit? [whole] W
+ Setting OpenBSD MBR partition to whole sd0...done.
+ The auto-allocated layout for sd0 is:
+ # size offset fstype [fsize bsize cpg]
+ a: 384.1M 64 4.2BSD 2048 16384 1 # /
+ b: 548.3M 786784 swap
+ c: 15272.1M 0 unused
+ d: 494.6M 1909664 4.2BSD 2048 16384 1 # /tmp
+ e: 688.8M 2922656 4.2BSD 2048 16384 1 # /var
+ f: 1534.1M 4333248 4.2BSD 2048 16384 1 # /usr
+ g: 524.5M 7475168 4.2BSD 2048 16384 1 # /usr/X11R6
+ h: 1726.4M 8549312 4.2BSD 2048 16384 1 # /usr/local
+ i: 1393.7M 12085024 4.2BSD 2048 16384 1 # /usr/src
+ j: 5307.3M 14939232 4.2BSD 2048 16384 1 # /usr/obj
+ k: 2663.0M 25808608 4.2BSD 2048 16384 1 # /home
+ Use (A)uto layout, (E)dit auto layout, or create (C)ustom layout? [a] c
+ Label editor (enter '?' for help at any prompt)
+ sd0> ?
+ Available commands:
+ ? | h - show help n [part] - set mount point
+ A - auto partition all space p [unit] - print partitions
+ a [part] - add partition q - quit & save changes
+ b - set OpenBSD boundaries R [part] - resize auto allocated partition
+ c [part] - change partition size r - display free space
+ D - reset label to default s [path] - save label to file
+ d [part] - delete partition U - undo all changes
+ e - edit drive parameters u - undo last change
+ g [d|u] - [d]isk or [u]ser geometry w - write label to disk
+ i - modify disklabel UID X - toggle expert mode
+ l [unit] - print disk label header x - exit & lose changes
+ M - disklabel(8) man page z - delete all partitions
+ m [part] - modify partition
+
+ Suffixes can be used to indicate units other than sectors:
+ 'b' (bytes), 'k' (kilobytes), 'm' (megabytes), 'g' (gigabytes) 't' (terabytes)
+ 'c' (cylinders), '%' (% of total disk), '&' (% of free space).
+ Values in non-sector units are truncated to the nearest cylinder boundary.
+ sd0> p
+ OpenBSD area: 64-31262490; size: 31262426; free: 31262426
+ # size offset fstype [fsize bsize cpg]
+ c: 31277232 0 unused
+ sd0> a
+ partition: [a]
+ offset: [64]
+ size: [31262426] 8G
+ FS type: [4.2BSD]
+ mount point: [none] /
+ sd0> a
+ partition: [b]
+ offset: [16787904]
+ size: [14474586] 1G
+ FS type: [swap]
+ sd0> a
+ partition: [d]
+ offset: [18892440]
+ size: [12370050] 1G
+ FS type: [4.2BSD]
+ mount point: [none] /tmp
+ sd0> a
+ partition: [e]
+ offset: [20996928]
+ size: [10265562] 1G
+ FS type: [4.2BSD]
+ mount point: [none] /var
+ sd0> a
+ partition: [f]
+ offset: [23101440]
+ size: [8161050] 1G
+ FS type: [4.2BSD]
+ mount point: [none] /home
+ sd0> a
+ partition: [g]
+ offset: [25205984]
+ size: [6056506]
+ FS type: [4.2BSD]
+ mount point: [none] /usr
+ sd0> p
+ OpenBSD area: 64-31262490; size: 31262426; free: 34
+ # size offset fstype [fsize bsize cpg]
+ a: 16787840 64 4.2BSD 2048 16384 1 # /
+ b: 2104536 16787904 swap
+ c: 31277232 0 unused
+ d: 2104480 18892448 4.2BSD 2048 16384 1 # /tmp
+ e: 2104512 20996928 4.2BSD 2048 16384 1 # /var
+ f: 2104544 23101440 4.2BSD 2048 16384 1 # /home
+ g: 6056480 25205984 4.2BSD 2048 16384 1 # /usr
+ sd0> w
+ sd0> q
+ No label changes.
+ /dev/rsd0a: 8197.2MB in 16787840 sectors of 512 bytes
+ 41 cylinder groups of 202.47MB, 12958 blocks, 25984 inodes each
+ /dev/rsd0f: 1027.6MB in 2104544 sectors of 512 bytes
+ 6 cylinder groups of 202.47MB, 12958 blocks, 25984 inodes each
+ /dev/rsd0d: 1027.6MB in 2104480 sectors of 512 bytes
+ 6 cylinder groups of 202.47MB, 12958 blocks, 25984 inodes each
+ /dev/rsd0g: 2957.3MB in 6056480 sectors of 512 bytes
+ 15 cylinder groups of 202.47MB, 12958 blocks, 25984 inodes each
+ /dev/rsd0e: 1027.6MB in 2104512 sectors of 512 bytes
+ 6 cylinder groups of 202.47MB, 12958 blocks, 25984 inodes each
+ Available disks are: sd1.
+ Which disk do you wish to initialize? (or 'done') [done]
+ /dev/sd0a (ad5e78601fae8b9b.a) on /mnt type ffs (rw, asynchronous, local)
+ /dev/sd0f (ad5e78601fae8b9b.f) on /mnt/home type ffs (rw, asynchronous, local, nodev, nosuid)
+ /dev/sd0d (ad5e78601fae8b9b.d) on /mnt/tmp type ffs (rw, asynchronous, local, nodev, nosuid)
+ /dev/sd0g (ad5e78601fae8b9b.g) on /mnt/usr type ffs (rw, asynchronous, local, nodev)
+ /dev/sd0e (ad5e78601fae8b9b.e) on /mnt/var type ffs (rw, asynchronous, local, nodev, nosuid)
+
+ Let's install the sets!
+ Location of sets? (disk http or 'done') [http] disk
+ Is the disk partition already mounted? [yes] no
+ Available disks are: sd0 sd1.
+ Which disk contains the install media? (or 'done') [sd1] sd1
+ a: 920512 1024 4.2BSD 2048 16384 16142
+ i: 960 64 MSDOS
+ Available sd1 partitions are: a i.
+ Which sd1 partition has the install sets? (or 'done') [a] a
+ Pathname to the sets? (or 'done') [6.5/amd64]
+
+ Select sets by entering a set name, a file name pattern or 'all'. De-select
+ sets by prepending a '-', e.g.: '-game*'. Selected sets are labelled '[X]'.
+ [X] bsd [X] base65.tgz [X] game65.tgz [X] xfont65.tgz
+ [X] bsd.mp [X] comp65.tgz [X] xbase65.tgz [X] xserv65.tgz
+ [X] bsd.rd [X] man65.tgz [X] xshare65.tgz
+ Set name(s)? (or 'abort' or 'done') [done] -game*
+ [X] bsd [X] base65.tgz [ ] game65.tgz [X] xfont65.tgz
+ [X] bsd.mp [X] comp65.tgz [X] xbase65.tgz [X] xserv65.tgz
+ [X] bsd.rd [X] man65.tgz [X] xshare65.tgz
+ Set name(s)? (or 'abort' or 'done') [done] -x*
+ [X] bsd [X] base65.tgz [ ] game65.tgz [ ] xfont65.tgz
+ [X] bsd.mp [X] comp65.tgz [ ] xbase65.tgz [ ] xserv65.tgz
+ [X] bsd.rd [X] man65.tgz [ ] xshare65.tgz
+ Set name(s)? (or 'abort' or 'done') [done] done
+ Directory does not contain SHA256.sig. Continue without verification? [no] yes
+ Installing bsd 100% |**************************| 15163 KB 00:00
+ Installing bsd.mp 100% |**************************| 15248 KB 00:00
+ Installing bsd.rd 100% |**************************| 9984 KB 00:00
+ Installing base65.tgz 100% |**************************| 190 MB 00:26
+ Extracting etc.tgz 100% |**************************| 260 KB 00:00
+ Installing comp65.tgz 100% |**************************| 71916 KB 00:14
+ Installing man65.tgz 100% |**************************| 7385 KB 00:01
+ Location of sets? (disk http or 'done') [done] done
+
+ What timezone are you in? ('?' for list) [Canada/Mountain] US/Pacific
+ Saving configuration files... done.
+ Making all device nodes... done.
+ Multiprocessor machine; using bsd.mp instead of bsd.
+ Relinking to create unique kernel... done.
+
+ CONGRATULATIONS! Your OpenBSD install has been successfully completed!
+
+ When you login to your new system the first time, please read your mail
+ using the 'mail' command.
+
+ Exit to (S)hell, (H)alt or (R)eboot? [reboot]
+
+ <remove USB flash drive>
+
+
+
+ SeaBIOS (version rel-1.12.0.1-0-g393dc9c)
+
+ Press F10 key now for boot menu
+
+ Booting from Hard Disk...
+ Using drive 0, partition 3.
+ Loading......
+ probing: pc0 com0 com1 com2 com3 mem[639K 3582M 496M a20=on]
+ disk: hd0+
+ >> OpenBSD/amd64 BOOT 3.43
+ switching console to com>> OpenBSD/amd64 BOOT 3.43
+ boot> 0
+
+ booting hd0a:/bsd: 10688280+2458640+344096+0+675840 [677254+128+856800+597186]=0xf8d9b0
+ entry point at 0x1001000
+ [ using 2132400 bytes of bsd ELF symbol table ]
+ Copyright (c) 1982, 1986, 1989, 1991, 1993
+ The Regents of the University of California. All rights reserved.
+ Copyright (c) 1995-2019 OpenBSD. All rights reserved. https://www.OpenBSD.org
+
+ OpenBSD 6.5 (GENERIC.MP) #3: Sat Apr 13 14:48:43 MDT 2019
+ deraadt@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
+ real mem = 4261208064 (4063MB)
+ avail mem = 4122431488 (3931MB)
+ mpath0 at root
+ scsibus0 at mpath0: 256 targets
+ mainbus0 at root
+ bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xdffd7020 (7 entries)
+ bios0: vendor coreboot version "v4.0.24" date 02/04/2019
+ bios0: PC Engines apu4
+ acpi0 at bios0: rev 2
+ acpi0: sleep states S0 S1 S2 S3 S4 S5
+ acpi0: tables DSDT FACP SSDT APIC HEST SSDT SSDT HPET
+ acpi0: wakeup devices PWRB(S4) PBR4(S4) PBR5(S4) PBR6(S4) PBR7(S4) PBR8(S4) UOH1(S3) UOH3(S3) UOH5(S3) XHC0(S4)
+ acpitimer0 at acpi0: 3579545 Hz, 32 bits
+ acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat
+ cpu0 at mainbus0: apid 0 (boot processor)
+ cpu0: AMD GX-412TC SOC, 998.27 MHz, 16-30-01
+ cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,CX16,\
+ SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,\
+ 3DNOWP,OSVW,IBS,SKINIT,TOPEXT,DBKP,PERFTSC,PCTRL3,ITSC,T
+ cpu0: 32KB 64b/line 2-way I-cache, 32KB 64b/line 8-way D-cache, 2MB 64b/line 16-way L2 cache
+ cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative
+ cpu0: DTLB 40 4KB entries fully associative, 8 4MB entries fully associative
+ cpu0: smt 0, core 0, package 0
+ mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
+ <missed recording a few lines here due to overflow>
+ cpu2: DTLB 40 4KB entries fully associative, 8 4MB entries fully associative
+ cpu2: smt 0, core 2, package 0
+ cpu3 at mainbus0: apid 3 (application processor)
+ cpu3: AMD GX-412TC SOC, 998.14 MHz, 16-30-01
+ cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,CX16,\
+ SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,\
+ 3DNOWP,OSVW,IBS,SKINIT,TOPEXT,DBKP,PERFTSC,PCTRL3,ITSC,T
+ cpu3: 32KB 64b/line 2-way I-cache, 32KB 64b/line 8-way D-cache, 2MB 64b/line 16-way L2 cache
+ cpu3: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative
+ cpu3: DTLB 40 4KB entries fully associative, 8 4MB entries fully associative
+ cpu3: smt 0, core 3, package 0
+ ioapic0 at mainbus0: apid 4 pa 0xfec00000, version 21, 24 pins
+ ioapic1 at mainbus0: apid 5 pa 0xfec20000, version 21, 32 pins, remapped
+ acpihpet0 at acpi0: 14318180 Hz
+ acpiprt0 at acpi0: bus 0 (PCI0)
+ acpiprt1 at acpi0: bus 1 (PBR4)
+ acpiprt2 at acpi0: bus 2 (PBR5)
+ acpiprt3 at acpi0: bus 3 (PBR6)
+ acpiprt4 at acpi0: bus 4 (PBR7)
+ acpiprt5 at acpi0: bus -1 (PBR8)
+ acpicpu0 at acpi0: C2(0@400 io@0x1771), C1(@1 halt!), PSS
+ acpicpu1 at acpi0: C2(0@400 io@0x1771), C1(@1 halt!), PSS
+ acpicpu2 at acpi0: C2(0@400 io@0x1771), C1(@1 halt!), PSS
+ acpicpu3 at acpi0: C2(0@400 io@0x1771), C1(@1 halt!), PSS
+ acpibtn0 at acpi0: PWRB
+ acpipci0 at acpi0 PCI0: 0x00000000 0x00000011 0x00000001
+ acpicmos0 at acpi0
+ cpu0: 998 MHz: speeds: 1000 800 600 MHz
+ pci0 at mainbus0 bus 0
+ pchb0 at pci0 dev 0 function 0 "AMD AMD64 16h Root Complex" rev 0x00
+ pchb1 at pci0 dev 2 function 0 "AMD AMD64 16h Host" rev 0x00
+ ppb0 at pci0 dev 2 function 1 "AMD AMD64 16h PCIE" rev 0x00: msi
+ pci1 at ppb0 bus 1
+ em0 at pci1 dev 0 function 0 "Intel I211" rev 0x03: msi, address 00:0d:b9:52:f4:34
+ ppb1 at pci0 dev 2 function 2 "AMD AMD64 16h PCIE" rev 0x00: msi
+ pci2 at ppb1 bus 2
+ em1 at pci2 dev 0 function 0 "Intel I211" rev 0x03: msi, address 00:0d:b9:52:f4:35
+ ppb2 at pci0 dev 2 function 3 "AMD AMD64 16h PCIE" rev 0x00: msi
+ pci3 at ppb2 bus 3
+ em2 at pci3 dev 0 function 0 "Intel I211" rev 0x03: msi, address 00:0d:b9:52:f4:36
+ ppb3 at pci0 dev 2 function 4 "AMD AMD64 16h PCIE" rev 0x00: msi
+ pci4 at ppb3 bus 4
+ em3 at pci4 dev 0 function 0 "Intel I211" rev 0x03: msi, address 00:0d:b9:52:f4:37
+ ccp0 at pci0 dev 8 function 0 "AMD Cryptographic Co-processor v3" rev 0x00
+ xhci0 at pci0 dev 16 function 0 "AMD Bolton xHCI" rev 0x11: msi, xHCI 1.0
+ usb0 at xhci0: USB revision 3.0
+ uhub0 at usb0 configuration 1 interface 0 "AMD xHCI root hub" rev 3.00/1.00 addr 1
+ ahci0 at pci0 dev 17 function 0 "AMD Hudson-2 SATA" rev 0x40: apic 4 int 19, AHCI 1.3
+ ahci0: port 0: 6.0Gb/s
+ scsibus1 at ahci0: 32 targets
+ sd0 at scsibus1 targ 0 lun 0: <ATA, Hoodisk SSD, SBFM> SCSI3 0/direct fixed t10.ATA_Hoodisk_SSD_K2TTC7A11253904_
+ sd0: 15272MB, 512 bytes/sector, 31277232 sectors, thin
+ ehci0 at pci0 dev 18 function 0 "AMD Hudson-2 USB2" rev 0x39: apic 4 int 18
+ usb1 at ehci0: USB revision 2.0
+ uhub1 at usb1 configuration 1 interface 0 "AMD EHCI root hub" rev 2.00/1.00 addr 1
+ ehci1 at pci0 dev 19 function 0 "AMD Hudson-2 USB2" rev 0x39: apic 4 int 18
+ usb2 at ehci1: USB revision 2.0
+ uhub2 at usb2 configuration 1 interface 0 "AMD EHCI root hub" rev 2.00/1.00 addr 1
+ piixpm0 at pci0 dev 20 function 0 "AMD Hudson-2 SMBus" rev 0x42: SMBus disabled
+ pcib0 at pci0 dev 20 function 3 "AMD Hudson-2 LPC" rev 0x11
+ sdhc0 at pci0 dev 20 function 7 "AMD Bolton SD/MMC" rev 0x01: apic 4 int 16
+ sdhc0: SDHC 2.0, 50 MHz base clock
+ sdmmc0 at sdhc0: 4-bit, sd high-speed, mmc high-speed, dma
+ pchb2 at pci0 dev 24 function 0 "AMD AMD64 16h Link Cfg" rev 0x00
+ pchb3 at pci0 dev 24 function 1 "AMD AMD64 16h Address Map" rev 0x00
+ pchb4 at pci0 dev 24 function 2 "AMD AMD64 16h DRAM Cfg" rev 0x00
+ km0 at pci0 dev 24 function 3 "AMD AMD64 16h Misc Cfg" rev 0x00
+ pchb5 at pci0 dev 24 function 4 "AMD AMD64 16h CPU Power" rev 0x00
+ pchb6 at pci0 dev 24 function 5 "AMD AMD64 16h Misc Cfg" rev 0x00
+ isa0 at pcib0
+ isadma0 at isa0
+ com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
+ com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
+ com2 at isa0 port 0x3e8/8 irq 5: ns16550a, 16 byte fifo
+ pcppi0 at isa0 port 0x61
+ spkr0 at pcppi0
+ lpt0 at isa0 port 0x378/4 irq 7
+ wbsio0 at isa0 port 0x2e/2: NCT5104D rev 0x53
+ vmm0 at mainbus0: SVM/RVI
+ uhub3 at uhub1 port 1 configuration 1 interface 0 "Advanced Micro Devices product 0x7900" rev 2.00/0.18 addr 2
+ uhub4 at uhub2 port 1 configuration 1 interface 0 "Advanced Micro Devices product 0x7900" rev 2.00/0.18 addr 2
+ vscsi0 at root
+ scsibus2 at vscsi0: 256 targets
+ softraid0 at root
+ scsibus3 at softraid0: 256 targets
+ root on sd0a (ad5e78601fae8b9b.a) swap on sd0b dump on sd0b
+ Process (pid 1) got signal 31
+ Automatic boot in progress: starting file system checks.
+ /dev/sd0a (ad5e78601fae8b9b.a): file system is clean; not checking
+ /dev/sd0f (ad5e78601fae8b9b.f): file system is clean; not checking
+ /dev/sd0d (ad5e78601fae8b9b.d): file system is clean; not checking
+ /dev/sd0g (ad5e78601fae8b9b.g): file system is clean; not checking
+ /dev/sd0e (ad5e78601fae8b9b.e): file system is clean; not checking
+ pf enabled
+ starting network
+ reordering libraries: done.
+ openssl: generating isakmpd/iked RSA keys... done.
+ ssh-keygen: generating new host keys: RSA DSA ECDSA ED25519
+ starting early daemons: syslogd pflogd ntpd.
+ starting RPC daemons:.
+ savecore: no core dump
+ checking quotas: done.
+ clearing /tmp
+ kern.securelevel: 0 -> 1
+ creating runtime link editor directory cache.
+ preserving editor files.
+ starting network daemons: sshd smtpd sndiod.
+ running rc.firsttime
+ Path to firmware: http://firmware.openbsd.org/firmware/6.5/
+ Installing: vmm-firmware
+ Checking for available binary patches...
+ ftp: SSL write error: certificate verification failed: certificate is not yet valid
+ starting local daemons: cron.
+ Tue Dec 12 16:50:18 PST 2017
+
+ OpenBSD/amd64 (gandalf.subgeniuskitty.com) (tty00)
+
+ login: