From Noisebridge
Jump to: navigation, search


flashrd is an OpenBSD installer tailored for flash-backed devices that have at least 1Gb of flash and 128Mb of RAM. Here's the project's homepage.

Installing flashrd[edit]

Download the flashrd binary images.

Backup the existing flash cards using dd.

dd the new flashrd images to the existing flash cards.

Mount the flash cards, boot into single user mode, or boot the flash card using qemu, then modify /etc/ttys as follows:

< tty00 "/usr/libexec/getty std.9600" unknown off
> tty00 "/usr/libexec/getty std.9600" vt220 on secure

Add this to /flash/etc/boot.conf: (/flash is on /dev/wd0a)

set timeout 5
stty com0 9600
set tty com0

Plug the flash cards into the existing devices, boot as follows:

boot> set tty com0
switching console to com0
                         >> OpenBSD/i386 BOOT 3.02
boot> boot
booting hd0a:/bsd: 10707316+1055248 [52+360656+344597]=0xbe4014
entry point at 0x200120

Usage notes[edit]

To boot the older flash images, "boot -s" and then "/stand/rc" or "sh /etc/rc". If you need to use the network, remember to do "pfctl -d".

Once you have a serial console on the new image, copy /etc/hostname.*, /etc/ssh/*key*, and /root/.ssh/authorized_keys to the new image from the old image. Upon reboot you should be able to log in.

Files to copy from /etc:

hosts x
dhcpd.conf x
resolv.conf x
myname x
rc.conf.local x
pf.conf x
localtime x
snmpd.conf x
rtadvd.conf x
master.passwd x
ntpd.conf x
passwd x
ttys x
sysctl.conf x
mygate x
dnsmasq.conf x

Packages to install:

export PKG_PATH=ftp://ftp.openbsd.org/pub/OpenBSD/4.7/packages/i386/
pkg_add -v dnsmasq lsof curl bash iperf isc-dhcp-server net-snmp ngrep bwm-ng

Tunnel configuration[edit]

Sonic has a example ipv6 tunnel configuration generator for OpenBSD, but it only gives the pre-4.7 syntax. Here's how r00ter is configured, and these settings should work for any 4.7 or up installation, including recent flashrd builds.

Note that regardless of what the ISP tells you to use as your subnet, you have to use a prefix length of /64 for automatic address configuration to work. If you have a DHCPv6 server you can do whatever you want, though.


inet6 2001:05a8:0004:5630::0001/64






inet6 alias 2001:5a8:0:1::ac7 prefixlen 127

/etc/pf.conf: You also have to make sure that any nat rules for your regular IPv4 traffic explicitly say "inet" only instead of all protocols, otherwise pf will try to nat the ipv6 packets too.

pass in quick on gif0 inet6 keep state
pass in quick on $ext_if proto ipv6
pass out quick on $ext_if proto ipv6