OpenBSD Router
These notes describe the creation of an OpenBSD router with firewall, NAT, DHCP, caching DNS, and AutoSSH tunnel.
The four ports of the router are connected to four subnets:
em0 - 192.168.0.3/24 - internet connection
em1 - 192.168.1.1/24 - personal subnet
em2 - 192.168.2.1/24 - vintage computing subnet
em3 - 192.168.3.1/24 - guest subnet
Hardware
This router is based on a PC Engines APU4 with a 1 GHz, quad-core AMD GX-412TC CPU, 4 GB RAM and quad Intel i211AT NICs.
The two photos below are shamelessly stolen from the PC Engines website since I forgot to take photos before installing the PCB in the case.
Total costs for the project in 2019 were:
Price | Part Num. | Description |
---|---|---|
$117.50 | apu4c4 | PC Engines APU4 |
$9.40 | case1d4redu | Enclosure |
$4.10 | ac12vus2 | AC Adapter |
$12.80 | msata16h | 16 GB mSATA SSD |
$16.20 | NA | Shipping |
The CPU requires a thermal connection to the case. Although everything necessary is included with the order, the thermal pad should be replaced any time the PCB is removed from the case. Suitable replacements should be 0.5mm thick and have a thermal conductivity of 6 W/mK or better.
OpenBSD Installation
Download installXX.fs
from https://openbsd.org and dd
to a USB flash drive.
These notes are for amd64/install65.fs
downloaded on 20190918.
Connect a serial terminal configured for 115200 8N1
to the APU4. At the
appropriate prompt, press F10
and boot from the USB drive. Upon reaching the
boot>
prompt, we must tell the installer to use the serial port for the
console.
boot> stty com0 115200
boot> set tty com0
After this, proceed to install OpenBSD as on any other x64 server. A complete installation log through first boot is included at the bottom of these notes.
After installation is complete, the date may be incorrect, prompting errors during package installation.
# pkg_add -v nmap
ftp: SSL write error: certificate verification failed: certificate is not yet valid
If the clock is too far out of sync, manual intervention may be required.
# rcctl stop ntpd
# ntpd -d -s
# date
<confirm>
# rcctl enable ntpd
# rcctl start ntpd
Setup all network interfaces and enable IP forwarding since this is a router.
# echo 'net.inet.ip.forwarding=1' >> /etc/sysctl.conf
# echo 'inet 192.168.1.1 255.255.255.0' > /etc/hostname.em1
# echo 'inet 192.168.2.1 255.255.255.0' > /etc/hostname.em2
# echo 'inet 192.168.3.1 255.255.255.0' > /etc/hostname.em3
Edit /etc/ssh/sshd_config
and configure sshd
to listen only on the private
network interface.
ListenAddress 192.168.1.1
Disable a few services that aren’t necessary in this application by adding
these lines to /etc/rc.conf.local
.
sndiod_flags=NO
slaacd_flags=NO
smtpd_flags=NO
DHCP Server
A simple DHCP configuration for each subnet.
# rcctl enable dhcpd
# rcctl set dhcpd flags em1 em2 em3
# ed /etc/dhcpd.conf
a
subnet 192.168.1.0 netmask 255.255.255.0 {
option routers 192.168.1.1;
option domain-name-servers 192.168.1.1;
range 192.168.1.100 192.168.1.200;
}
subnet 192.168.2.0 netmask 255.255.255.0 {
option routers 192.168.2.1;
option domain-name-servers 192.168.2.1;
range 192.168.2.100 192.168.2.200;
}
subnet 192.168.3.0 netmask 255.255.255.0 {
option routers 192.168.3.1;
option domain-name-servers 192.168.3.1;
range 192.168.3.100 192.168.3.200;
}
w
453
q
# rcctl restart dhcpd
dhcpd(ok)
Firewall
The firewall configuration is located at /etc/pf.conf
and can be reloaded
with pfctl
(see below). While the configuration itself is commented, the
general idea is that em0
is the public connection to the internet, em1
,
em2
, and em3
are private networks accessing the internet through NAT.
Additionally, although hosts on em1
should be able to reach anything, hosts
on em2
or em3
should only be able to reach the internet.
# Subgeniuskitty Firewall Config
# Last updated on 20190918
# Interfaces:
# em0: Internet connection
# em1: Personal network
# em2: Vintage computing network
# em3: Guest network
# Non-routable IPv4 addresses (per RFC 5735 section 4).
table <martians> { 0.0.0.0/8 10.0.0.0/8 127.0.0.0/8 169.254.0.0/16 \
172.16.0.0/12 192.0.0.0/24 192.0.2.0/24 224.0.0.0/4 \
192.168.0.0/16 198.18.0.0/15 198.51.100.0/24 \
203.0.113.0/24 }
# Drop instead of returning a TCP RST.
set block-policy drop
# Log statistics for internet interface.
set loginterface egress
# No processing on any loopback packets.
set skip on lo0
# Normalize and defragment
match in all scrub (no-df random-id max-mss 1440)
# NAT for the LAN
match out on egress inet from !(egress:network) to any nat-to (egress:0)
# Spoofers and Martians
antispoof quick for { egress em1 em2 em3 }
block in quick on egress from <martians> to any
block return out quick on egress from any to <martians>
# Policy: deny by default.
block all
# Allow outbound IPv4 traffic.
pass out quick inet
# Allow em1 to reach any port
pass in quick from em1:network to any
# Only allow em2 to reach the internet, not other internal networks.
block in quick from em2:network to em0:network
block in quick from em2:network to em1:network
block in quick from em2:network to em3:network
pass in quick from em2:network to any
# Only allow em3 to reach the internet, not other internal networks.
block in quick from em3:network to em0:network
block in quick from em3:network to em1:network
block in quick from em3:network to em2:network
pass in quick from em3:network to any
A few simple pfctl
commands:
# pfctl -f /etc/pf.conf Load the pf.conf file
# pfctl -nf /etc/pf.conf Parse the pf.conf file, but don't load it
# pfctl -sr Show the current ruleset
# pfctl -ss Show the current state table
# pfctl -si Show filter stats and counters
# pfctl -sa Show everything
DNS Cache
The sample configuration below should be located at /var/unbound/etc/unbound.conf
.
# Subgeniuskitty DNS Cache Config
# Last updated on 20190918
server:
interface: 127.0.0.1
interface: 192.168.1.1
interface: 192.168.2.1
interface: 192.168.3.1
access-control: 127.0.0.0/8 allow
access-control: 192.168.1.0/24 allow
access-control: 192.168.2.0/24 allow
access-control: 192.168.3.0/24 allow
do-not-query-localhost: no
hide-identity: yes
hide-version: yes
forward-zone:
name: "." # use for ALL queries
forward-addr: 8.8.8.8 # Google's public DNS server
After the configuration is ready, enable the daemon.
# rcctl enable unbound
Unbound can also serve DNS entries directly.
# Serve zones authoritatively from Unbound to resolver clients.
# Not for external service.
#
#local-zone: "local." static
#local-data: "mycomputer.local. IN A 192.0.2.51"
#local-zone: "2.0.192.in-addr.arpa." static
#local-data-ptr: "192.0.2.51 mycomputer.local"
AutoSSH Tunnel
AutoSSH creates and sustains SSH tunnels. This router will use it to build a tunnel through another host with a public IP address.
# pkg_add -v autossh
Update candidates: quirks-3.124 -> quirks-3.124
quirks-3.124 signed on 2019-09-16T08:18:29Z
autossh-1.4g: ok
Extracted 72468 from 72794
# ^D
$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/ataylor/.ssh/id_rsa): /home/ataylor/.ssh/rtunnel_nopwd
Enter passphrase (empty for no passphrase): <empty>
Enter same passphrase again: <empty>
Your identification has been saved in /home/ataylor/.ssh/rtunnel_nopwd.
Your public key has been saved in /home/ataylor/.ssh/rtunnel_nopwd.pub.
The key fingerprint is:
SHA256:Dh3H+q3WTKq5nhvmbBSBRiLmzxk9ZTV4jIBMiaiv4BE ataylor@gandalf.subgeniuskitty.com
The key's randomart image is:
+---[RSA 3072]----+
| .o+o+ooo=o |
|.o..+ooo+.o. |
|. . ..o .oo |
|.E o o o.+ |
| .. + . S. |
|... o.. .. |
|o.. .+ .=. |
|.. +.+o.o |
| oX=. |
+----[SHA256]-----+
Copy the resulting rtunnel_nopwd.pub
key into ~/.ssh/authorized_hosts
on
the far end of the tunnel, in this case backdoor.subgeniuskitty.com
. Verify
that you can login without a password, as in the example below.
$ ssh -i /home/ataylor/.ssh/rtunnel_nopwd ataylor@backdoor.subgeniuskitty.com
Edit /etc/rc.local
to start the tunnel at boot. For example:
echo 'building autossh tunnel to backdoor.subgeniuskitty.com'
/usr/local/bin/autossh -N -M 10200 \
-o "PubkeyAuthentication=yes" \
-o "PasswordAuthentication=no" \
-i /home/ataylor/.ssh/rtunnel_nopwd \
-R 6600:localhost:22 \
ataylor@backdoor.subgeniuskitty.com &
Installation Log: OpenBSD 6.5 on APU4
PC Engines apu4
coreboot build 20190402
BIOS version v4.0.24
<screen clears>
SeaBIOS (version rel-1.12.0.1-0-g393dc9c)
Press F10 key now for boot menu
Select boot device:
1. USB MSC Drive PNY USB 3.0 FD
2. ata0-0: Hoodisk SSD ATA-11 Hard-Disk (15272 MiBytes)
3. Payload [memtest]
4. Payload [setup]
Booting from Hard Disk...
Using drive 0, partition 3.
Loading......
probing: pc0 com0 com1 com2 com3 mem[639K 3582M 496M a20=on]
disk: hd0+ hd1+*
>> OpenBSD/amd64 BOOT 3.43
boot> stty com0 115200
boot> set tty com0
switching console to com>> OpenBSD/amd64 BOOT 3.43
boot>
0
cannot open hd0a:/etc/random.seed: No such file or directory
booting hd0a:/6.5/amd64/bsd.rd: 3683153+1524736+3888856+0+593920 [367459+128+450384+299805]=0xa51258
entry point at 0x1001000
Copyright (c) 1982, 1986, 1989, 1991, 1993
The Regents of the University of California. All rights reserved.
Copyright (c) 1995-2019 OpenBSD. All rights reserved. https://www.OpenBSD.org
OpenBSD 6.5 (RAMDISK_CD) #3: Sat Apr 13 14:55:38 MDT 2019
deraadt@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/RAMDISK_CD
real mem = 4261203968 (4063MB)
avail mem = 4128083968 (3936MB)
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xdffd7020 (7 entries)
bios0: vendor coreboot version "v4.0.24" date 02/04/2019
bios0: PC Engines apu4
acpi0 at bios0: rev 2
acpi0: tables DSDT FACP SSDT APIC HEST SSDT SSDT HPET
acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: AMD GX-412TC SOC, 998.24 MHz, 16-30-01
cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,CX16,\
SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,\
3DNOWP,OSVW,IBS,SKINIT,TOPEXT,DBKP,PERFTSC,PCTRL3,ITSC,T
cpu0: 32KB 64b/line 2-way I-cache, 32KB 64b/line 8-way D-cache, 2MB 64b/line 16-way L2 cache
cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative
cpu0: DTLB 40 4KB entries fully associative, 8 4MB entries fully associative
cpu0: apic clock running at 99MHz
cpu0: mwait min=64, max=64, IBE
cpu at mainbus0: not configured
cpu at mainbus0: not configured
cpu at mainbus0: not configured
ioapic0 at mainbus0: apid 4 pa 0xfec00000, version 21, 24 pins
ioapic1 at mainbus0: apid 5 pa 0xfec20000, version 21, 32 pins, remapped
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 1 (PBR4)
acpiprt2 at acpi0: bus 2 (PBR5)
acpiprt3 at acpi0: bus 3 (PBR6)
acpiprt4 at acpi0: bus 4 (PBR7)
acpiprt5 at acpi0: bus -1 (PBR8)
acpicpu at acpi0 not configured
"PNP0C0C" at acpi0 not configured
"PNP0A08" at acpi0 not configured
acpicmos0 at acpi0
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "AMD AMD64 16h Root Complex" rev 0x00
pchb1 at pci0 dev 2 function 0 "AMD AMD64 16h Host" rev 0x00
ppb0 at pci0 dev 2 function 1 "AMD AMD64 16h PCIE" rev 0x00: msi
pci1 at ppb0 bus 1
em0 at pci1 dev 0 function 0 "Intel I211" rev 0x03: msi, address 00:0d:b9:52:f4:34
ppb1 at pci0 dev 2 function 2 "AMD AMD64 16h PCIE" rev 0x00: msi
pci2 at ppb1 bus 2
em1 at pci2 dev 0 function 0 "Intel I211" rev 0x03: msi, address 00:0d:b9:52:f4:35
ppb2 at pci0 dev 2 function 3 "AMD AMD64 16h PCIE" rev 0x00: msi
pci3 at ppb2 bus 3
em2 at pci3 dev 0 function 0 "Intel I211" rev 0x03: msi, address 00:0d:b9:52:f4:36
ppb3 at pci0 dev 2 function 4 "AMD AMD64 16h PCIE" rev 0x00: msi
pci4 at ppb3 bus 4
em3 at pci4 dev 0 function 0 "Intel I211" rev 0x03: msi, address 00:0d:b9:52:f4:37
ccp0 at pci0 dev 8 function 0 "AMD Cryptographic Co-processor v3" rev 0x00
xhci0 at pci0 dev 16 function 0 "AMD Bolton xHCI" rev 0x11: msi, xHCI 1.0
usb0 at xhci0: USB revision 3.0
uhub0 at usb0 configuration 1 interface 0 "AMD xHCI root hub" rev 3.00/1.00 addr 1
ahci0 at pci0 dev 17 function 0 "AMD Hudson-2 SATA" rev 0x40: apic 4 int 19, AHCI 1.3
ahci0: port 0: 6.0Gb/s
scsibus0 at ahci0: 32 targets
sd0 at scsibus0 targ 0 lun 0: <ATA, Hoodisk SSD, SBFM> SCSI3 0/direct fixed t10.ATA_Hoodisk_SSD_K2TTC7A11253904_
sd0: 15272MB, 512 bytes/sector, 31277232 sectors, thin
ehci0 at pci0 dev 18 function 0 "AMD Hudson-2 USB2" rev 0x39: apic 4 int 18
usb1 at ehci0: USB revision 2.0
uhub1 at usb1 configuration 1 interface 0 "AMD EHCI root hub" rev 2.00/1.00 addr 1
ehci1 at pci0 dev 19 function 0 "AMD Hudson-2 USB2" rev 0x39: apic 4 int 18
usb2 at ehci1: USB revision 2.0
uhub2 at usb2 configuration 1 interface 0 "AMD EHCI root hub" rev 2.00/1.00 addr 1
"AMD Hudson-2 SMBus" rev 0x42 at pci0 dev 20 function 0 not configured
"AMD Hudson-2 LPC" rev 0x11 at pci0 dev 20 function 3 not configured
sdhc0 at pci0 dev 20 function 7 "AMD Bolton SD/MMC" rev 0x01: apic 4 int 16
sdhc0: SDHC 2.0, 50 MHz base clock
sdmmc0 at sdhc0: 4-bit, sd high-speed, mmc high-speed, dma
pchb2 at pci0 dev 24 function 0 "AMD AMD64 16h Link Cfg" rev 0x00
pchb3 at pci0 dev 24 function 1 "AMD AMD64 16h Address Map" rev 0x00
pchb4 at pci0 dev 24 function 2 "AMD AMD64 16h DRAM Cfg" rev 0x00
pchb5 at pci0 dev 24 function 3 "AMD AMD64 16h Misc Cfg" rev 0x00
pchb6 at pci0 dev 24 function 4 "AMD AMD64 16h CPU Power" rev 0x00
pchb7 at pci0 dev 24 function 5 "AMD AMD64 16h Misc Cfg" rev 0x00
isa0 at mainbus0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
com2 at isa0 port 0x3e8/8 irq 5: ns16550a, 16 byte fifo
umass0 at uhub0 port 2 configuration 1 interface 0 "PNY Technologies USB 3.0 FD" rev 3.00/1.00 addr 2
umass0: using SCSI over Bulk-Only
scsibus1 at umass0: 2 targets, initiator 0
sd1 at scsibus1 targ 1 lun 0: <PNY, USB 3.0 FD, > SCSI4 0/direct removable serial.154b00b25C3C10D19D29
sd1: 119743MB, 512 bytes/sector, 245235199 sectors
uhub3 at uhub1 port 1 configuration 1 interface 0 "vendor 0x0438 product 0x7900" rev 2.00/0.18 addr 2
uhub4 at uhub2 port 1 configuration 1 interface 0 "vendor 0x0438 product 0x7900" rev 2.00/0.18 addr 2
softraid0 at root
scsibus2 at softraid0: 256 targets
root on rd0a swap on rd0b dump on rd0b
erase ^?, werase ^W, kill ^U, intr ^C, status ^T
Welcome to the OpenBSD/amd64 6.5 installation program.
(I)nstall, (U)pgrade, (A)utoinstall or (S)hell? I
At any prompt except password prompts you can escape to a shell by
typing '!'. Default answers are shown in []'s and are selected by
pressing RETURN. You can exit this program at any time by pressing
Control-C, but this can leave your system in an inconsistent state.
Terminal type? [vt220]
System hostname? (short form, e.g. 'foo') gandalf
Available network interfaces are: em0 em1 em2 em3 vlan0.
Which network interface do you wish to configure? (or 'done') [em0]
IPv4 address for em0? (or 'dhcp' or 'none') [dhcp] 192.168.0.3
Netmask for em0? [255.255.255.0]
IPv6 address for em0? (or 'autoconf' or 'none') [none]
Available network interfaces are: em0 em1 em2 em3 vlan0.
Which network interface do you wish to configure? (or 'done') [done]
Default IPv4 route? (IPv4 address or none) 192.168.0.1
add net default: gateway 192.168.0.1
DNS domain name? (e.g. 'example.com') [my.domain] subgeniuskitty.com
DNS nameservers? (IP address list or 'none') [none] 192.168.0.1
Password for root account? (will not echo)
Password for root account? (again)
Start sshd(8) by default? [yes]
Change the default console to com0? [yes]
Available speeds are: 9600 19200 38400 57600 115200.
Which speed should com0 use? (or 'done') [115200] 115200
Setup a user? (enter a lower-case loginname, or 'no') [no] ataylor
Full name for user ataylor? [ataylor] Aaron Taylor
Password for user ataylor? (will not echo)
Password for user ataylor? (again)
WARNING: root is targeted by password guessing attacks, pubkeys are safer.
Allow root ssh login? (yes, no, prohibit-password) [no] no
Available disks are: sd0 sd1.
Which disk is the root disk? ('?' for details) [sd0] ?
sd0: ATA, Hoodisk SSD, SBFM t10.ATA_Hoodisk_SSD_K2TTC7A11253904_ (14.9G)
sd1: PNY, USB 3.0 FD serial.154b00b25C3C10D19D29 (116.9G)
Available disks are: sd0 sd1.
Which disk is the root disk? ('?' for details) [sd0] sd0
No valid MBR or GPT.
Use (W)hole disk MBR, whole disk (G)PT or (E)dit? [whole] W
Setting OpenBSD MBR partition to whole sd0...done.
The auto-allocated layout for sd0 is:
# size offset fstype [fsize bsize cpg]
a: 384.1M 64 4.2BSD 2048 16384 1 # /
b: 548.3M 786784 swap
c: 15272.1M 0 unused
d: 494.6M 1909664 4.2BSD 2048 16384 1 # /tmp
e: 688.8M 2922656 4.2BSD 2048 16384 1 # /var
f: 1534.1M 4333248 4.2BSD 2048 16384 1 # /usr
g: 524.5M 7475168 4.2BSD 2048 16384 1 # /usr/X11R6
h: 1726.4M 8549312 4.2BSD 2048 16384 1 # /usr/local
i: 1393.7M 12085024 4.2BSD 2048 16384 1 # /usr/src
j: 5307.3M 14939232 4.2BSD 2048 16384 1 # /usr/obj
k: 2663.0M 25808608 4.2BSD 2048 16384 1 # /home
Use (A)uto layout, (E)dit auto layout, or create (C)ustom layout? [a] c
Label editor (enter '?' for help at any prompt)
sd0> ?
Available commands:
? | h - show help n [part] - set mount point
A - auto partition all space p [unit] - print partitions
a [part] - add partition q - quit & save changes
b - set OpenBSD boundaries R [part] - resize auto allocated partition
c [part] - change partition size r - display free space
D - reset label to default s [path] - save label to file
d [part] - delete partition U - undo all changes
e - edit drive parameters u - undo last change
g [d|u] - [d]isk or [u]ser geometry w - write label to disk
i - modify disklabel UID X - toggle expert mode
l [unit] - print disk label header x - exit & lose changes
M - disklabel(8) man page z - delete all partitions
m [part] - modify partition
Suffixes can be used to indicate units other than sectors:
'b' (bytes), 'k' (kilobytes), 'm' (megabytes), 'g' (gigabytes) 't' (terabytes)
'c' (cylinders), '%' (% of total disk), '&' (% of free space).
Values in non-sector units are truncated to the nearest cylinder boundary.
sd0> p
OpenBSD area: 64-31262490; size: 31262426; free: 31262426
# size offset fstype [fsize bsize cpg]
c: 31277232 0 unused
sd0> a
partition: [a]
offset: [64]
size: [31262426] 8G
FS type: [4.2BSD]
mount point: [none] /
sd0> a
partition: [b]
offset: [16787904]
size: [14474586] 1G
FS type: [swap]
sd0> a
partition: [d]
offset: [18892440]
size: [12370050] 1G
FS type: [4.2BSD]
mount point: [none] /tmp
sd0> a
partition: [e]
offset: [20996928]
size: [10265562] 1G
FS type: [4.2BSD]
mount point: [none] /var
sd0> a
partition: [f]
offset: [23101440]
size: [8161050] 1G
FS type: [4.2BSD]
mount point: [none] /home
sd0> a
partition: [g]
offset: [25205984]
size: [6056506]
FS type: [4.2BSD]
mount point: [none] /usr
sd0> p
OpenBSD area: 64-31262490; size: 31262426; free: 34
# size offset fstype [fsize bsize cpg]
a: 16787840 64 4.2BSD 2048 16384 1 # /
b: 2104536 16787904 swap
c: 31277232 0 unused
d: 2104480 18892448 4.2BSD 2048 16384 1 # /tmp
e: 2104512 20996928 4.2BSD 2048 16384 1 # /var
f: 2104544 23101440 4.2BSD 2048 16384 1 # /home
g: 6056480 25205984 4.2BSD 2048 16384 1 # /usr
sd0> w
sd0> q
No label changes.
/dev/rsd0a: 8197.2MB in 16787840 sectors of 512 bytes
41 cylinder groups of 202.47MB, 12958 blocks, 25984 inodes each
/dev/rsd0f: 1027.6MB in 2104544 sectors of 512 bytes
6 cylinder groups of 202.47MB, 12958 blocks, 25984 inodes each
/dev/rsd0d: 1027.6MB in 2104480 sectors of 512 bytes
6 cylinder groups of 202.47MB, 12958 blocks, 25984 inodes each
/dev/rsd0g: 2957.3MB in 6056480 sectors of 512 bytes
15 cylinder groups of 202.47MB, 12958 blocks, 25984 inodes each
/dev/rsd0e: 1027.6MB in 2104512 sectors of 512 bytes
6 cylinder groups of 202.47MB, 12958 blocks, 25984 inodes each
Available disks are: sd1.
Which disk do you wish to initialize? (or 'done') [done]
/dev/sd0a (ad5e78601fae8b9b.a) on /mnt type ffs (rw, asynchronous, local)
/dev/sd0f (ad5e78601fae8b9b.f) on /mnt/home type ffs (rw, asynchronous, local, nodev, nosuid)
/dev/sd0d (ad5e78601fae8b9b.d) on /mnt/tmp type ffs (rw, asynchronous, local, nodev, nosuid)
/dev/sd0g (ad5e78601fae8b9b.g) on /mnt/usr type ffs (rw, asynchronous, local, nodev)
/dev/sd0e (ad5e78601fae8b9b.e) on /mnt/var type ffs (rw, asynchronous, local, nodev, nosuid)
Let's install the sets!
Location of sets? (disk http or 'done') [http] disk
Is the disk partition already mounted? [yes] no
Available disks are: sd0 sd1.
Which disk contains the install media? (or 'done') [sd1] sd1
a: 920512 1024 4.2BSD 2048 16384 16142
i: 960 64 MSDOS
Available sd1 partitions are: a i.
Which sd1 partition has the install sets? (or 'done') [a] a
Pathname to the sets? (or 'done') [6.5/amd64]
Select sets by entering a set name, a file name pattern or 'all'. De-select
sets by prepending a '-', e.g.: '-game*'. Selected sets are labelled '[X]'.
[X] bsd [X] base65.tgz [X] game65.tgz [X] xfont65.tgz
[X] bsd.mp [X] comp65.tgz [X] xbase65.tgz [X] xserv65.tgz
[X] bsd.rd [X] man65.tgz [X] xshare65.tgz
Set name(s)? (or 'abort' or 'done') [done] -game*
[X] bsd [X] base65.tgz [ ] game65.tgz [X] xfont65.tgz
[X] bsd.mp [X] comp65.tgz [X] xbase65.tgz [X] xserv65.tgz
[X] bsd.rd [X] man65.tgz [X] xshare65.tgz
Set name(s)? (or 'abort' or 'done') [done] -x*
[X] bsd [X] base65.tgz [ ] game65.tgz [ ] xfont65.tgz
[X] bsd.mp [X] comp65.tgz [ ] xbase65.tgz [ ] xserv65.tgz
[X] bsd.rd [X] man65.tgz [ ] xshare65.tgz
Set name(s)? (or 'abort' or 'done') [done] done
Directory does not contain SHA256.sig. Continue without verification? [no] yes
Installing bsd 100% |**************************| 15163 KB 00:00
Installing bsd.mp 100% |**************************| 15248 KB 00:00
Installing bsd.rd 100% |**************************| 9984 KB 00:00
Installing base65.tgz 100% |**************************| 190 MB 00:26
Extracting etc.tgz 100% |**************************| 260 KB 00:00
Installing comp65.tgz 100% |**************************| 71916 KB 00:14
Installing man65.tgz 100% |**************************| 7385 KB 00:01
Location of sets? (disk http or 'done') [done] done
What timezone are you in? ('?' for list) [Canada/Mountain] US/Pacific
Saving configuration files... done.
Making all device nodes... done.
Multiprocessor machine; using bsd.mp instead of bsd.
Relinking to create unique kernel... done.
CONGRATULATIONS! Your OpenBSD install has been successfully completed!
When you login to your new system the first time, please read your mail
using the 'mail' command.
Exit to (S)hell, (H)alt or (R)eboot? [reboot]
<remove USB flash drive>
SeaBIOS (version rel-1.12.0.1-0-g393dc9c)
Press F10 key now for boot menu
Booting from Hard Disk...
Using drive 0, partition 3.
Loading......
probing: pc0 com0 com1 com2 com3 mem[639K 3582M 496M a20=on]
disk: hd0+
>> OpenBSD/amd64 BOOT 3.43
switching console to com>> OpenBSD/amd64 BOOT 3.43
boot> 0
booting hd0a:/bsd: 10688280+2458640+344096+0+675840 [677254+128+856800+597186]=0xf8d9b0
entry point at 0x1001000
[ using 2132400 bytes of bsd ELF symbol table ]
Copyright (c) 1982, 1986, 1989, 1991, 1993
The Regents of the University of California. All rights reserved.
Copyright (c) 1995-2019 OpenBSD. All rights reserved. https://www.OpenBSD.org
OpenBSD 6.5 (GENERIC.MP) #3: Sat Apr 13 14:48:43 MDT 2019
deraadt@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 4261208064 (4063MB)
avail mem = 4122431488 (3931MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xdffd7020 (7 entries)
bios0: vendor coreboot version "v4.0.24" date 02/04/2019
bios0: PC Engines apu4
acpi0 at bios0: rev 2
acpi0: sleep states S0 S1 S2 S3 S4 S5
acpi0: tables DSDT FACP SSDT APIC HEST SSDT SSDT HPET
acpi0: wakeup devices PWRB(S4) PBR4(S4) PBR5(S4) PBR6(S4) PBR7(S4) PBR8(S4) UOH1(S3) UOH3(S3) UOH5(S3) XHC0(S4)
acpitimer0 at acpi0: 3579545 Hz, 32 bits
acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: AMD GX-412TC SOC, 998.27 MHz, 16-30-01
cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,CX16,\
SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,\
3DNOWP,OSVW,IBS,SKINIT,TOPEXT,DBKP,PERFTSC,PCTRL3,ITSC,T
cpu0: 32KB 64b/line 2-way I-cache, 32KB 64b/line 8-way D-cache, 2MB 64b/line 16-way L2 cache
cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative
cpu0: DTLB 40 4KB entries fully associative, 8 4MB entries fully associative
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
<missed recording a few lines here due to overflow>
cpu2: DTLB 40 4KB entries fully associative, 8 4MB entries fully associative
cpu2: smt 0, core 2, package 0
cpu3 at mainbus0: apid 3 (application processor)
cpu3: AMD GX-412TC SOC, 998.14 MHz, 16-30-01
cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,CX16,\
SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,\
3DNOWP,OSVW,IBS,SKINIT,TOPEXT,DBKP,PERFTSC,PCTRL3,ITSC,T
cpu3: 32KB 64b/line 2-way I-cache, 32KB 64b/line 8-way D-cache, 2MB 64b/line 16-way L2 cache
cpu3: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative
cpu3: DTLB 40 4KB entries fully associative, 8 4MB entries fully associative
cpu3: smt 0, core 3, package 0
ioapic0 at mainbus0: apid 4 pa 0xfec00000, version 21, 24 pins
ioapic1 at mainbus0: apid 5 pa 0xfec20000, version 21, 32 pins, remapped
acpihpet0 at acpi0: 14318180 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 1 (PBR4)
acpiprt2 at acpi0: bus 2 (PBR5)
acpiprt3 at acpi0: bus 3 (PBR6)
acpiprt4 at acpi0: bus 4 (PBR7)
acpiprt5 at acpi0: bus -1 (PBR8)
acpicpu0 at acpi0: C2(0@400 io@0x1771), C1(@1 halt!), PSS
acpicpu1 at acpi0: C2(0@400 io@0x1771), C1(@1 halt!), PSS
acpicpu2 at acpi0: C2(0@400 io@0x1771), C1(@1 halt!), PSS
acpicpu3 at acpi0: C2(0@400 io@0x1771), C1(@1 halt!), PSS
acpibtn0 at acpi0: PWRB
acpipci0 at acpi0 PCI0: 0x00000000 0x00000011 0x00000001
acpicmos0 at acpi0
cpu0: 998 MHz: speeds: 1000 800 600 MHz
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "AMD AMD64 16h Root Complex" rev 0x00
pchb1 at pci0 dev 2 function 0 "AMD AMD64 16h Host" rev 0x00
ppb0 at pci0 dev 2 function 1 "AMD AMD64 16h PCIE" rev 0x00: msi
pci1 at ppb0 bus 1
em0 at pci1 dev 0 function 0 "Intel I211" rev 0x03: msi, address 00:0d:b9:52:f4:34
ppb1 at pci0 dev 2 function 2 "AMD AMD64 16h PCIE" rev 0x00: msi
pci2 at ppb1 bus 2
em1 at pci2 dev 0 function 0 "Intel I211" rev 0x03: msi, address 00:0d:b9:52:f4:35
ppb2 at pci0 dev 2 function 3 "AMD AMD64 16h PCIE" rev 0x00: msi
pci3 at ppb2 bus 3
em2 at pci3 dev 0 function 0 "Intel I211" rev 0x03: msi, address 00:0d:b9:52:f4:36
ppb3 at pci0 dev 2 function 4 "AMD AMD64 16h PCIE" rev 0x00: msi
pci4 at ppb3 bus 4
em3 at pci4 dev 0 function 0 "Intel I211" rev 0x03: msi, address 00:0d:b9:52:f4:37
ccp0 at pci0 dev 8 function 0 "AMD Cryptographic Co-processor v3" rev 0x00
xhci0 at pci0 dev 16 function 0 "AMD Bolton xHCI" rev 0x11: msi, xHCI 1.0
usb0 at xhci0: USB revision 3.0
uhub0 at usb0 configuration 1 interface 0 "AMD xHCI root hub" rev 3.00/1.00 addr 1
ahci0 at pci0 dev 17 function 0 "AMD Hudson-2 SATA" rev 0x40: apic 4 int 19, AHCI 1.3
ahci0: port 0: 6.0Gb/s
scsibus1 at ahci0: 32 targets
sd0 at scsibus1 targ 0 lun 0: <ATA, Hoodisk SSD, SBFM> SCSI3 0/direct fixed t10.ATA_Hoodisk_SSD_K2TTC7A11253904_
sd0: 15272MB, 512 bytes/sector, 31277232 sectors, thin
ehci0 at pci0 dev 18 function 0 "AMD Hudson-2 USB2" rev 0x39: apic 4 int 18
usb1 at ehci0: USB revision 2.0
uhub1 at usb1 configuration 1 interface 0 "AMD EHCI root hub" rev 2.00/1.00 addr 1
ehci1 at pci0 dev 19 function 0 "AMD Hudson-2 USB2" rev 0x39: apic 4 int 18
usb2 at ehci1: USB revision 2.0
uhub2 at usb2 configuration 1 interface 0 "AMD EHCI root hub" rev 2.00/1.00 addr 1
piixpm0 at pci0 dev 20 function 0 "AMD Hudson-2 SMBus" rev 0x42: SMBus disabled
pcib0 at pci0 dev 20 function 3 "AMD Hudson-2 LPC" rev 0x11
sdhc0 at pci0 dev 20 function 7 "AMD Bolton SD/MMC" rev 0x01: apic 4 int 16
sdhc0: SDHC 2.0, 50 MHz base clock
sdmmc0 at sdhc0: 4-bit, sd high-speed, mmc high-speed, dma
pchb2 at pci0 dev 24 function 0 "AMD AMD64 16h Link Cfg" rev 0x00
pchb3 at pci0 dev 24 function 1 "AMD AMD64 16h Address Map" rev 0x00
pchb4 at pci0 dev 24 function 2 "AMD AMD64 16h DRAM Cfg" rev 0x00
km0 at pci0 dev 24 function 3 "AMD AMD64 16h Misc Cfg" rev 0x00
pchb5 at pci0 dev 24 function 4 "AMD AMD64 16h CPU Power" rev 0x00
pchb6 at pci0 dev 24 function 5 "AMD AMD64 16h Misc Cfg" rev 0x00
isa0 at pcib0
isadma0 at isa0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
com2 at isa0 port 0x3e8/8 irq 5: ns16550a, 16 byte fifo
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
wbsio0 at isa0 port 0x2e/2: NCT5104D rev 0x53
vmm0 at mainbus0: SVM/RVI
uhub3 at uhub1 port 1 configuration 1 interface 0 "Advanced Micro Devices product 0x7900" rev 2.00/0.18 addr 2
uhub4 at uhub2 port 1 configuration 1 interface 0 "Advanced Micro Devices product 0x7900" rev 2.00/0.18 addr 2
vscsi0 at root
scsibus2 at vscsi0: 256 targets
softraid0 at root
scsibus3 at softraid0: 256 targets
root on sd0a (ad5e78601fae8b9b.a) swap on sd0b dump on sd0b
Process (pid 1) got signal 31
Automatic boot in progress: starting file system checks.
/dev/sd0a (ad5e78601fae8b9b.a): file system is clean; not checking
/dev/sd0f (ad5e78601fae8b9b.f): file system is clean; not checking
/dev/sd0d (ad5e78601fae8b9b.d): file system is clean; not checking
/dev/sd0g (ad5e78601fae8b9b.g): file system is clean; not checking
/dev/sd0e (ad5e78601fae8b9b.e): file system is clean; not checking
pf enabled
starting network
reordering libraries: done.
openssl: generating isakmpd/iked RSA keys... done.
ssh-keygen: generating new host keys: RSA DSA ECDSA ED25519
starting early daemons: syslogd pflogd ntpd.
starting RPC daemons:.
savecore: no core dump
checking quotas: done.
clearing /tmp
kern.securelevel: 0 -> 1
creating runtime link editor directory cache.
preserving editor files.
starting network daemons: sshd smtpd sndiod.
running rc.firsttime
Path to firmware: http://firmware.openbsd.org/firmware/6.5/
Installing: vmm-firmware
Checking for available binary patches...
ftp: SSL write error: certificate verification failed: certificate is not yet valid
starting local daemons: cron.
Tue Dec 12 16:50:18 PST 2017
OpenBSD/amd64 (gandalf.subgeniuskitty.com) (tty00)
login: