1 f9df8ec9 2024-02-04 jrmu version=pmwiki-2.3.20 ordered=1 urlencoded=1
2 f9df8ec9 2024-02-04 jrmu agent=w3m/0.5.3+git20230121
4 5127fd58 2021-12-17 jrmu charset=UTF-8
6 5127fd58 2021-12-17 jrmu ctime=1626112103
7 f9df8ec9 2024-02-04 jrmu host=104.167.242.140
8 5127fd58 2021-12-17 jrmu name=Hostnameif.Static
10 f9df8ec9 2024-02-04 jrmu targets=Vmctl.Usage,Openbsd.Ping,Openbsd.Netcat,Openbsd.Traceroute
11 f9df8ec9 2024-02-04 jrmu text=(:title Configuring Static Networking:)%0a%0aIf you are running a server, it is best to configure static networking%0arather than DHCP. DHCP may cause your IP addresses to change in an%0aunpredictable manner, which is a serious problem for servers.%0a%0a'''WARNING''': Warn any connected users before attempting to change your%0anetworking. Any mistakes in network configuration can cause all your%0aservices to get disconnected. You may first want to practice on a test%0aserver before attempting on production. Be prepared to have%0a[[vmctl/usage|serial console]] access in case ssh stops working.%0a%0a!! hostname.if%0a%0aOpenBSD requires one [[https://man.openbsd.org/hostname.if|hostname.if]] per networking interface, where the letters 'if' are replaced with an abbreviation followed by a device number. For example, if you have a [[https://man.openbsd.org/vio|virtio]] networking interface, it will be abbreviated by [[https://man.openbsd.org/vio|vio]], so you will need an /etc/hostname.vio0 file.%0a%0aInside /etc/hostname.if (replace @@if@@ with your device), you should put something similar to the following lines:%0a%0a[@%0ainet 192.168.1.2 255.255.255.0%0ainet alias 192.168.1.3 255.255.255.255%0ainet6 2001:0db8:0000:0000:0000:0000:0000:0000 48%0ainet6 alias 2001:0db8:0000:0000:9b1d:3511:387e:143a 48%0a@]%0a%0aNote: Do '''not''' use the same IP addresses as above. Use the real IP addresses you were assigned by your ISP.%0a%0aLet's look at the first two lines:%0a%0a[@%0ainet 192.168.1.2 255.255.255.0%0ainet alias 192.168.1.3 255.255.255.255%0a@]%0a%0aThe first line will set the device to use the static IP 192.168.1.2 with%0asubnet mask 255.255.255.0. The second line will allow the device to use a%0asecond static IP, 192.168.1.3. It will be aliased to the first, but with%0athe subnet mask 255.255.255.255.%0a%0aIt makes sense to have an aliased IP address when two or more IP addresses%0ashare the exact same networking interface. For example, unfiltered IPv4%0aaddresses are commonly aliased to DDoS filtered IPv4 addresses.%0a%0aLet's look at lines 3 and 4:%0a%0a[@%0ainet6 2001:0db8:0000:0000:0000:0000:0000:0000 48%0ainet6 alias 2001:0db8:0000:0000:9b1d:3511:387e:143a 48%0a@]%0a%0aThe first line sets the device to use the static IPv6 address 2001:0db8::%0awith a /48 subnet, and the second one creates another IPv6 address%0a2001:0db8:0000:0000:9b1d:3511:387e:143a with a /48 subnet, aliased to the%0afirst IPv6 address. Each time you need a new IPv6 address, just add a new%0aaliased IPv6 address. In this way, you can create dozens of unique IPv6%0aaddresses so that each user on a shell account or bouncer can get a unique%0aIPv6 address.%0a%0a'''WARNING''': The subnet mask (in the above example 48) must match the%0aassigned prefix length given by your ISP.%0a%0aIn the file /etc/mygate, you specify the default gateway:%0a%0a[@%0a192.168.1.1%0a2001:0db8:0000:0000::1%0a@]%0a%0aThe default gateway is the router that your server is connected to. This%0ais where all the IP packets from your server will immediately forward its%0apackets to. The default gateway will be provided by your ISP.%0a%0aTo restart networking, run:%0a%0a[@%0a$ doas sh /etc/netstart%0a@]%0a%0aIf this doesn't properly reset the networking, you can do the following:%0a%0a'''WARNING''': This will disconnect all network connections. Make sure you%0ahave [[vmctl/usage|serial console]] access before attempting this.%0a%0a[@%0a$ doas ifconfig if0 down && doas route flush && doas sh /etc/netstart%0a@]%0a%0aNote: Make sure to replace if0 with your actual device.%0a%0a!! ifconfig%0a%0aNew IPv4 addresses can be added on the fly, without rebooting, by using%0aifconfig:%0a%0a[@%0a$ doas ifconfig if0 alias 192.168.1.3 255.255.255.255%0a@]%0a%0aFor IPv6:%0a%0a[@%0a$ doas ifconfig if0 inet6 2001:0db8::2/48%0a@]%0a%0aTo delete an IPv4 address:%0a%0a[@%0a$ doas ifconfig if0 192.168.1.3 delete%0a@]%0a%0aTo delete the IPv6 address:%0a%0a[@%0a$ doas ifconfig if0 inet6 2001:0db8::2/48 delete%0a@]%0a%0aNote: replace if0 with your specific interface, and replace the IP addresses and subnet masks.%0a%0aAfter adding an IP address, make sure to test it using [[openbsd/ping|ping]], [[openbsd/netcat|netcat]], and [[openbsd/traceroute|traceroute]].%0a%0aFor example:%0a%0a[@%0a$ ping -I 192.168.1.3 8.8.8.8%0a$ ping6 -I 2001:0db8::2 2607:f8b0:400a:80a::200e%0a@]%0a%0aIf after waiting 30 seconds, ping shows 100%25 packet loss, then networking has failed.%0a
12 f9df8ec9 2024-02-04 jrmu time=1707016918
13 5127fd58 2021-12-17 jrmu title=Configuring Static Networking
14 f9df8ec9 2024-02-04 jrmu author:1707016918=jrmu
15 f9df8ec9 2024-02-04 jrmu diff:1707016918:1707016641:=128c128%0a%3c If after waiting 30 seconds, ping shows 100%25 packet loss, then networking has failed.%0a---%0a> If ping does not work%0a
16 f9df8ec9 2024-02-04 jrmu host:1707016918=104.167.242.140
17 f9df8ec9 2024-02-04 jrmu author:1707016641=jrmu
18 f9df8ec9 2024-02-04 jrmu diff:1707016641:1707016564:=102c102%0a%3c $ doas ifconfig if0 inet6 2001:0db8::2/48%0a---%0a> $ doas ifconfig if0 inet6 2001:0db8::/48%0a114c114%0a%3c $ doas ifconfig if0 inet6 2001:0db8::2/48 delete%0a---%0a> $ doas ifconfig if0 inet6 2001:0db8::/48 delete%0a120,128d119%0a%3c %0a%3c For example:%0a%3c %0a%3c [@%0a%3c $ ping -I 192.168.1.3 8.8.8.8%0a%3c $ ping6 -I 2001:0db8::2 2607:f8b0:400a:80a::200e%0a%3c @]%0a%3c %0a%3c If ping does not work%0a
19 f9df8ec9 2024-02-04 jrmu host:1707016641=104.167.242.140
20 f9df8ec9 2024-02-04 jrmu author:1707016564=jrmu
21 f9df8ec9 2024-02-04 jrmu diff:1707016564:1707015453:=15,18c15,18%0a%3c OpenBSD requires one [[https://man.openbsd.org/hostname.if|hostname.if]] per networking interface, where the letters 'if' are replaced with an abbreviation followed by a device number. For example, if you have a [[https://man.openbsd.org/vio|virtio]] networking interface, it will be abbreviated by [[https://man.openbsd.org/vio|vio]], so you will need an /etc/hostname.vio0 file.%0a%3c %0a%3c Inside /etc/hostname.if (replace @@if@@ with your device), you should put something similar to the following lines:%0a%3c %0a---%0a> OpenBSD requires one [[https://man.openbsd.org/hostname.if|hostname.if]] per networking interface, where the letters 'if' are replaced with an abbreviation followed by a device number. For example, if you have a virtio networking interface, it will be abbreviated by vio, so you will need an /etc/hostname.vio0 file.%0a> %0a> Inside /etc/hostname.if (where you replace if with your device), you should put something similar to the following lines:%0a> %0a21c21%0a%3c inet alias 192.168.1.3 255.255.255.255%0a---%0a> inet alias 192.168.1.3 255.255.255.0%0a23a24,27%0a> inet6 alias 2001:0db8:0000:0000:1465:fed1:8daf:66ff 48%0a> inet6 alias 2001:0db8:0000:0000:11b4:4a36:2941:d6bd 48%0a> inet6 alias 2001:0db8:0000:0000:ad2c:5b99:2b1a:89d1 48%0a> inet6 alias 2001:0db8:0000:0000:921d:28ad:4729:8d93 48%0a26,27c30,31%0a%3c Note: Do '''not''' use the same IP addresses as above. Use the real IP addresses you were assigned by your ISP.%0a%3c %0a---%0a> Note: Do '''not''' use those exact IP addresses. Use the real IP addresses you were assigned by your ISP.%0a> %0a32c36%0a%3c inet alias 192.168.1.3 255.255.255.255%0a---%0a> inet alias 192.168.1.3 255.255.255.0%0a35,43c39,42%0a%3c The first line will set the device to use the static IP 192.168.1.2 with%0a%3c subnet mask 255.255.255.0. The second line will allow the device to use a%0a%3c second static IP, 192.168.1.3. It will be aliased to the first, but with%0a%3c the subnet mask 255.255.255.255.%0a%3c %0a%3c It makes sense to have an aliased IP address when two or more IP addresses%0a%3c share the exact same networking interface. For example, unfiltered IPv4%0a%3c addresses are commonly aliased to DDoS filtered IPv4 addresses.%0a%3c %0a---%0a> The first line will set the device to use the static IP 192.168.1.2 with subnet mask 255.255.255.0. The second line will allow the device to use a second static IP, 192.168.1.3. It will be aliased to the first and have the same subnet mask.%0a> %0a> It makes sense to have an aliased IP address when two or more IP addresses share the exact same networking interface. You will see this being done if you have one normal IPv4 address and a DDoS filtered IPv4 address. Both of them actually share the same networking interface, so the unfiltered IPv4 address is actually an alias of the filtered one.%0a> %0a51,61c50,51%0a%3c The first line sets the device to use the static IPv6 address 2001:0db8::%0a%3c with a /48 subnet, and the second one creates another IPv6 address%0a%3c 2001:0db8:0000:0000:9b1d:3511:387e:143a with a /48 subnet, aliased to the%0a%3c first IPv6 address. Each time you need a new IPv6 address, just add a new%0a%3c aliased IPv6 address. In this way, you can create dozens of unique IPv6%0a%3c addresses so that each user on a shell account or bouncer can get a unique%0a%3c IPv6 address.%0a%3c %0a%3c '''WARNING''': The subnet mask (in the above example 48) must match the%0a%3c assigned prefix length given by your ISP.%0a%3c %0a---%0a> The first line sets the device to use the static IPv6 address 2001:0db8:: with a /48 subnet, and the second one creates another IPv6 address 2001:0db8:0000:0000:9b1d:3511:387e:143a with a /48 subnet, aliased to the first IPv6 address. Each time you need a new IPv6 address, just add a new aliased IPv6 address. In this way, you can create dozens of unique IPv6 addresses so that each user on a shell account or bouncer can get a unique IPv6 address.%0a> %0a69,72c59,60%0a%3c The default gateway is the router that your server is connected to. This%0a%3c is where all the IP packets from your server will immediately forward its%0a%3c packets to. The default gateway will be provided by your ISP.%0a%3c %0a---%0a> The default gateway is the router that your server is connected to. This is where all the IP packets from your server will immediately forward its packets to. The default gateway will be provided by your ISP.%0a> %0a81,83c69,70%0a%3c '''WARNING''': This will disconnect all network connections. Make sure you%0a%3c have [[vmctl/usage|serial console]] access before attempting this.%0a%3c %0a---%0a> '''WARNING''': This will definitely disconnect all network connections.%0a> %0a85c72,74%0a%3c $ doas ifconfig if0 down && doas route flush && doas sh /etc/netstart%0a---%0a> $ doas ifconfig if0 down%0a> $ doas route flush%0a> $ doas sh /etc/netstart%0a88,89c77,78%0a%3c Note: Make sure to replace if0 with your actual device.%0a%3c %0a---%0a> Note: Make sure to replace if0 with your real device.%0a> %0a92,94c81,82%0a%3c New IPv4 addresses can be added on the fly, without rebooting, by using%0a%3c ifconfig:%0a%3c %0a---%0a> You can add new IPv4 addresses on the fly, without rebooting, by using ifconfig:%0a> %0a96c84%0a%3c $ doas ifconfig if0 alias 192.168.1.3 255.255.255.255%0a---%0a> $ doas ifconfig if0 alias 192.168.1.3 255.255.255.0%0a119c107%0a%3c After adding an IP address, make sure to test it using [[openbsd/ping|ping]], [[openbsd/netcat|netcat]], and [[openbsd/traceroute|traceroute]].%0a---%0a> To test if an IP address is working, you can use [[openbsd/ping|ping]], [[openbsd/netcat|netcat]], and [[openbsd/traceroute|traceroute]].%0a
22 f9df8ec9 2024-02-04 jrmu host:1707016564=104.167.242.140
23 f9df8ec9 2024-02-04 jrmu author:1707015453=jrmu
24 f9df8ec9 2024-02-04 jrmu diff:1707015453:1707010960:=3,12c3,15%0a%3c If you are running a server, it is best to configure static networking%0a%3c rather than DHCP. DHCP may cause your IP addresses to change in an%0a%3c unpredictable manner, which is a serious problem for servers.%0a%3c %0a%3c '''WARNING''': Warn any connected users before attempting to change your%0a%3c networking. Any mistakes in network configuration can cause all your%0a%3c services to get disconnected. You may first want to practice on a test%0a%3c server before attempting on production. Be prepared to have%0a%3c [[vmctl/usage|serial console]] access in case ssh stops working.%0a%3c %0a---%0a> Most computer users don't have to deal with networking because they use%0a> DHCP, where the router automatically figures out and assigns IP addresses%0a> to each device. If you are running a server, however, it's important to%0a> configure static networking so that your IP addresses don't change in an%0a> unpredictable manner. Static networking is preferred to get reliable IPv4%0a> and IPv6 networking.%0a> %0a> '''WARNING''': Make sure you warn any connected users before attempting to%0a> change your networking. Any mistakes here can cause all your services to%0a> get disconnected. You may first want to practice on a test server before%0a> attempting on production. Be prepared to have [[vmctl/usage|serial%0a> console]] access in case ssh stops working.%0a> %0a15c18%0a%3c OpenBSD requires one [[https://man.openbsd.org/hostname.if|hostname.if]] per networking interface, where the letters 'if' are replaced with an abbreviation followed by a device number. For example, if you have a virtio networking interface, it will be abbreviated by vio, so you will need an /etc/hostname.vio0 file.%0a---%0a> OpenBSD requires one hostname.if per networking interface, where the letters 'if' are replaced with an abbreviation followed by a device number. For example, if you have a virtio networking interface, it will be abbreviated by vio, so you will need an /etc/hostname.vio0 file.%0a
25 f9df8ec9 2024-02-04 jrmu host:1707015453=104.167.242.140
26 f9df8ec9 2024-02-04 jrmu author:1707010960=jrmu
27 f9df8ec9 2024-02-04 jrmu diff:1707010960:1653282074:=3,14c3,7%0a%3c Most computer users don't have to deal with networking because they use%0a%3c DHCP, where the router automatically figures out and assigns IP addresses%0a%3c to each device. If you are running a server, however, it's important to%0a%3c configure static networking so that your IP addresses don't change in an%0a%3c unpredictable manner. Static networking is preferred to get reliable IPv4%0a%3c and IPv6 networking.%0a%3c %0a%3c '''WARNING''': Make sure you warn any connected users before attempting to%0a%3c change your networking. Any mistakes here can cause all your services to%0a%3c get disconnected. You may first want to practice on a test server before%0a%3c attempting on production. Be prepared to have [[vmctl/usage|serial%0a%3c console]] access in case ssh stops working.%0a---%0a> Most computer users don't have to deal with networking because they use DHCP, where the router automatically figures out and assign IP addresses to each device. However, if you are running a server, it's important to configure static networking so that your IP addresses don't change in an unpredictable manner. Static networking is preferred to get reliable IPv4 and IPv6 networking.%0a> %0a> If you chose DHCP when first installing OpenBSD, you will need to follow the steps below to configure the networking manually.%0a> %0a> '''WARNING''': Make sure you warn any connected users before attempting to change your networking. Any mistakes here can cause all your users to get disconnected. If you are worried about making mistakes, you should practice first on a separate server. Please also be prepared to use the serial console ([[openbsd/buyvm|BuyVM]] or [[openbsd/vmmuser|training VPS]]) in case ssh stops working.%0a
28 f9df8ec9 2024-02-04 jrmu host:1707010960=104.167.242.140
29 6b6b0dbf 2022-05-24 jrmu author:1653282074=theguest
30 6b6b0dbf 2022-05-24 jrmu diff:1653282074:1653276691:=3,4c3,6%0a%3c Most computer users don't have to deal with networking because they use DHCP, where the router automatically figures out and assign IP addresses to each device. However, if you are running a server, it's important to configure static networking so that your IP addresses don't change in an unpredictable manner. Static networking is preferred to get reliable IPv4 and IPv6 networking.%0a%3c %0a---%0a> Most computer users don't have to deal with networking because they use DHCP, where the router automatically figures out and assigns networking settings to each device, such as: the client's IP address, default gateway and DNS servers. %0a> %0a> However, if you are running a server, it's important to configure static networking so that your IP addresses don't change in an unpredictable manner. Static networking is preferred to get reliable IPv4 and IPv6 networking.%0a> %0a12a15,20%0a> It is this file that controls if this interface is configured to use DHCP (see [[https://man.openbsd.org/dhclient.8 | dhclient(8)]]) for its network configuration OR uses a Static config (however a Static config requires editing other config-files as well). %0a> %0a> '''Note''': If you chose DHCP when first installing OpenBSD, then your hostname.if will probably contain just one line: '[@inet autoconf@]' or '[@dhcp@]' (which is just an alias for '[@inet autoconf@]'). IPV6 would use the (extra) line: '[@inet6 autoconf@]'. %0a> %0a> !!! Setting up Static Networking%0a> %0a47a56,61%0a> !! Default Gateway%0a> %0a> The default gateway is the router that your server is connected to. This is where all the IP packets from your server will immediately forward its packets to. The default gateway will be provided by your ISP.%0a> %0a> Since we disabled the DHCP client, we must also now manually config the default gateway.%0a> %0a55,58c69,77%0a%3c The default gateway is the router that your server is connected to. This is where all the IP packets from your server will immediately forward its packets to. The default gateway will be provided by your ISP.%0a%3c %0a%3c To restart networking, run:%0a%3c %0a---%0a> You should have received the gateway addres(ses) from your provider. In the example above you see an IP4 and IP6 address.%0a> %0a> %0a> !! DNS Servers%0a> %0a> Unless you already specified your custom DNS servers or set up your own local DNS such as [[Unbound/configure | Unbound]], then your system now no longer knows what DNS server to query (since the DHCP-client is now disabled). %0a> %0a> In the file /etc/resolv.conf we add our nameservers, such as in the example below:%0a> %0a60c79,80%0a%3c $ doas sh /etc/netstart%0a---%0a> lookup file bind%0a> nameserver 9.9.9.9%0a62a83,95%0a> The keyword '[@nameserver@]' is followed by the IP4/IP6 address of the DNS server that you want your system to use. As always, check the ([[https://man.openbsd.org/resolv.conf.5 | manpage]]) for additional options.%0a> %0a> '''Note''': '[@lookup@]' specifies which databases should be searched, and the order to do so. [@bind@] = Query a domain name server [@file@] = Search for entries in /etc/hosts.%0a> %0a> %0a> !! Restart Networking%0a> %0a> To restart networking, run:%0a> %0a> [@%0a> $ doas sh /etc/netstart%0a> @]%0a> %0a73c106,113%0a%3c Note: Make sure to replace if0 with your real device.%0a---%0a> '''Note''': Make sure to replace if0 with your real device.%0a> %0a> '''HINT''': Obviously, if you do this over ssh, your network would go down after the first command, disallowing you from entering the commands to get the network back up. We put the commands on one line seperated by a semicolon to pass all three so that we may reconnect after the network is back up.%0a> %0a> [@%0a> $ doas ifconfig if0 down; doas route flush; doas sh /etc/netstart%0a> @]%0a> %0a
31 6b6b0dbf 2022-05-24 jrmu host:1653282074=38.87.162.129
32 178c1e37 2022-05-23 jrmu author:1653276691=theguest
33 178c1e37 2022-05-23 jrmu csum:1653276691=added third piece of the task: dns
34 178c1e37 2022-05-23 jrmu diff:1653276691:1643159348:=3,6c3,4%0a%3c Most computer users don't have to deal with networking because they use DHCP, where the router automatically figures out and assigns networking settings to each device, such as: the client's IP address, default gateway and DNS servers. %0a%3c %0a%3c However, if you are running a server, it's important to configure static networking so that your IP addresses don't change in an unpredictable manner. Static networking is preferred to get reliable IPv4 and IPv6 networking.%0a%3c %0a---%0a> Most computer users don't have to deal with networking because they use DHCP, where the router automatically figures out and assigns IP addresses to each device. However, if you are running a server, it's important to configure static networking so that your IP addresses don't change in an unpredictable manner. Static networking is preferred to get reliable IPv4 and IPv6 networking.%0a> %0a15,20d12%0a%3c It is this file that controls if this interface is configured to use DHCP (see [[https://man.openbsd.org/dhclient.8 | dhclient(8)]]) for its network configuration OR uses a Static config (however a Static config requires editing other config-files as well). %0a%3c %0a%3c '''Note''': If you chose DHCP when first installing OpenBSD, then your hostname.if will probably contain just one line: '[@inet autoconf@]' or '[@dhcp@]' (which is just an alias for '[@inet autoconf@]'). IPV6 would use the (extra) line: '[@inet6 autoconf@]'. %0a%3c %0a%3c !!! Setting up Static Networking%0a%3c %0a56,61d47%0a%3c !! Default Gateway%0a%3c %0a%3c The default gateway is the router that your server is connected to. This is where all the IP packets from your server will immediately forward its packets to. The default gateway will be provided by your ISP.%0a%3c %0a%3c Since we disabled the DHCP client, we must also now manually config the default gateway.%0a%3c %0a69,77c55,58%0a%3c You should have received the gateway addres(ses) from your provider. In the example above you see an IP4 and IP6 address.%0a%3c %0a%3c %0a%3c !! DNS Servers%0a%3c %0a%3c Unless you already specified your custom DNS servers or set up your own local DNS such as [[Unbound/configure | Unbound]], then your system now no longer knows what DNS server to query (since the DHCP-client is now disabled). %0a%3c %0a%3c In the file /etc/resolv.conf we add our nameservers, such as in the example below:%0a%3c %0a---%0a> The default gateway is the router that your server is connected to. This is where all the IP packets from your server will immediately forward its packets to. The default gateway will be provided by your ISP.%0a> %0a> To restart networking, run:%0a> %0a79,80c60%0a%3c lookup file bind%0a%3c nameserver 9.9.9.9%0a---%0a> $ doas sh /etc/netstart%0a83,95d62%0a%3c The keyword '[@nameserver@]' is followed by the IP4/IP6 address of the DNS server that you want your system to use. As always, check the ([[https://man.openbsd.org/resolv.conf.5 | manpage]]) for additional options.%0a%3c %0a%3c '''Note''': '[@lookup@]' specifies which databases should be searched, and the order to do so. [@bind@] = Query a domain name server [@file@] = Search for entries in /etc/hosts.%0a%3c %0a%3c %0a%3c !! Restart Networking%0a%3c %0a%3c To restart networking, run:%0a%3c %0a%3c [@%0a%3c $ doas sh /etc/netstart%0a%3c @]%0a%3c %0a106,113c73%0a%3c '''Note''': Make sure to replace if0 with your real device.%0a%3c %0a%3c '''HINT''': Obviously, if you do this over ssh, your network would go down after the first command, disallowing you from entering the commands to get the network back up. We put the commands on one line seperated by a semicolon to pass all three so that we may reconnect after the network is back up.%0a%3c %0a%3c [@%0a%3c $ doas ifconfig if0 down; doas route flush; doas sh /etc/netstart%0a%3c @]%0a%3c %0a---%0a> Note: Make sure to replace if0 with your real device.%0a
35 178c1e37 2022-05-23 jrmu host:1653276691=38.87.162.129
36 894a97ee 2022-01-26 jrmu author:1643159348=forero
37 894a97ee 2022-01-26 jrmu csum:1643159348=fix minor grammar mistake
38 894a97ee 2022-01-26 jrmu diff:1643159348:1626112286:minor=3c3%0a%3c Most computer users don't have to deal with networking because they use DHCP, where the router automatically figures out and assigns IP addresses to each device. However, if you are running a server, it's important to configure static networking so that your IP addresses don't change in an unpredictable manner. Static networking is preferred to get reliable IPv4 and IPv6 networking.%0a---%0a> Most computer users don't have to deal with networking because they use DHCP, where the router automatically figures out and assign IP addresses to each device. However, if you are running a server, it's important to configure static networking so that your IP addresses don't change in an unpredictable manner. Static networking is preferred to get reliable IPv4 and IPv6 networking.%0a
39 894a97ee 2022-01-26 jrmu host:1643159348=181.53.13.19
40 5127fd58 2021-12-17 jrmu author:1626112286=jrmu
41 5127fd58 2021-12-17 jrmu diff:1626112286:1626112103:=7c7%0a%3c '''WARNING''': Make sure you warn any connected users before attempting to change your networking. Any mistakes here can cause all your users to get disconnected. If you are worried about making mistakes, you should practice first on a separate server. Please also be prepared to use the serial console ([[openbsd/buyvm|BuyVM]] or [[openbsd/vmmuser|training VPS]]) in case ssh stops working.%0a---%0a> '''WARNING''': Make sure you warn any connected users before attempting to change your networking. Any mistakes here can cause all your users to get disconnected. If you are worried about making mistakes, you should practice first on a separate server. Please also be prepared to use VNC in case ssh stops working.%0a
42 5127fd58 2021-12-17 jrmu host:1626112286=38.87.162.8
43 5127fd58 2021-12-17 jrmu author:1626112103=jrmu
44 5127fd58 2021-12-17 jrmu diff:1626112103:1626112103:=1,103d0%0a%3c (:title Configuring Static Networking:)%0a%3c %0a%3c Most computer users don't have to deal with networking because they use DHCP, where the router automatically figures out and assign IP addresses to each device. However, if you are running a server, it's important to configure static networking so that your IP addresses don't change in an unpredictable manner. Static networking is preferred to get reliable IPv4 and IPv6 networking.%0a%3c %0a%3c If you chose DHCP when first installing OpenBSD, you will need to follow the steps below to configure the networking manually.%0a%3c %0a%3c '''WARNING''': Make sure you warn any connected users before attempting to change your networking. Any mistakes here can cause all your users to get disconnected. If you are worried about making mistakes, you should practice first on a separate server. Please also be prepared to use VNC in case ssh stops working.%0a%3c %0a%3c !! hostname.if%0a%3c %0a%3c OpenBSD requires one hostname.if per networking interface, where the letters 'if' are replaced with an abbreviation followed by a device number. For example, if you have a virtio networking interface, it will be abbreviated by vio, so you will need an /etc/hostname.vio0 file.%0a%3c %0a%3c Inside /etc/hostname.if (where you replace if with your device), you should put something similar to the following lines:%0a%3c %0a%3c [@%0a%3c inet 192.168.1.2 255.255.255.0%0a%3c inet alias 192.168.1.3 255.255.255.0%0a%3c inet6 2001:0db8:0000:0000:0000:0000:0000:0000 48%0a%3c inet6 alias 2001:0db8:0000:0000:9b1d:3511:387e:143a 48%0a%3c inet6 alias 2001:0db8:0000:0000:1465:fed1:8daf:66ff 48%0a%3c inet6 alias 2001:0db8:0000:0000:11b4:4a36:2941:d6bd 48%0a%3c inet6 alias 2001:0db8:0000:0000:ad2c:5b99:2b1a:89d1 48%0a%3c inet6 alias 2001:0db8:0000:0000:921d:28ad:4729:8d93 48%0a%3c @]%0a%3c %0a%3c Note: Do '''not''' use those exact IP addresses. Use the real IP addresses you were assigned by your ISP.%0a%3c %0a%3c Let's look at the first two lines:%0a%3c %0a%3c [@%0a%3c inet 192.168.1.2 255.255.255.0%0a%3c inet alias 192.168.1.3 255.255.255.0%0a%3c @]%0a%3c %0a%3c The first line will set the device to use the static IP 192.168.1.2 with subnet mask 255.255.255.0. The second line will allow the device to use a second static IP, 192.168.1.3. It will be aliased to the first and have the same subnet mask.%0a%3c %0a%3c It makes sense to have an aliased IP address when two or more IP addresses share the exact same networking interface. You will see this being done if you have one normal IPv4 address and a DDoS filtered IPv4 address. Both of them actually share the same networking interface, so the unfiltered IPv4 address is actually an alias of the filtered one.%0a%3c %0a%3c Let's look at lines 3 and 4:%0a%3c %0a%3c [@%0a%3c inet6 2001:0db8:0000:0000:0000:0000:0000:0000 48%0a%3c inet6 alias 2001:0db8:0000:0000:9b1d:3511:387e:143a 48%0a%3c @]%0a%3c %0a%3c The first line sets the device to use the static IPv6 address 2001:0db8:: with a /48 subnet, and the second one creates another IPv6 address 2001:0db8:0000:0000:9b1d:3511:387e:143a with a /48 subnet, aliased to the first IPv6 address. Each time you need a new IPv6 address, just add a new aliased IPv6 address. In this way, you can create dozens of unique IPv6 addresses so that each user on a shell account or bouncer can get a unique IPv6 address.%0a%3c %0a%3c In the file /etc/mygate, you specify the default gateway:%0a%3c %0a%3c [@%0a%3c 192.168.1.1%0a%3c 2001:0db8:0000:0000::1%0a%3c @]%0a%3c %0a%3c The default gateway is the router that your server is connected to. This is where all the IP packets from your server will immediately forward its packets to. The default gateway will be provided by your ISP.%0a%3c %0a%3c To restart networking, run:%0a%3c %0a%3c [@%0a%3c $ doas sh /etc/netstart%0a%3c @]%0a%3c %0a%3c If this doesn't properly reset the networking, you can do the following:%0a%3c %0a%3c '''WARNING''': This will definitely disconnect all network connections.%0a%3c %0a%3c [@%0a%3c $ doas ifconfig if0 down%0a%3c $ doas route flush%0a%3c $ doas sh /etc/netstart%0a%3c @]%0a%3c %0a%3c Note: Make sure to replace if0 with your real device.%0a%3c %0a%3c !! ifconfig%0a%3c %0a%3c You can add new IPv4 addresses on the fly, without rebooting, by using ifconfig:%0a%3c %0a%3c [@%0a%3c $ doas ifconfig if0 alias 192.168.1.3 255.255.255.0%0a%3c @]%0a%3c %0a%3c For IPv6:%0a%3c %0a%3c [@%0a%3c $ doas ifconfig if0 inet6 2001:0db8::/48%0a%3c @]%0a%3c %0a%3c To delete an IPv4 address:%0a%3c %0a%3c [@%0a%3c $ doas ifconfig if0 192.168.1.3 delete%0a%3c @]%0a%3c %0a%3c To delete the IPv6 address:%0a%3c %0a%3c [@%0a%3c $ doas ifconfig if0 inet6 2001:0db8::/48 delete%0a%3c @]%0a%3c %0a%3c Note: replace if0 with your specific interface, and replace the IP addresses and subnet masks.%0a%3c %0a%3c To test if an IP address is working, you can use [[openbsd/ping|ping]], [[openbsd/netcat|netcat]], and [[openbsd/traceroute|traceroute]].%0a
45 5127fd58 2021-12-17 jrmu host:1626112103=38.87.162.8
