OpenBSD Router

The configuration for my OpenBSD home router. I use a Protectli vault, which I highly recommend.

Features

• Firewall

• DHCP

• IPv6

• Multicast

• VLAN

• DNS caching

• DNS over TLS

• Remote access via SSH

• Support for Matter IoT devices

• Monitoring via SNMP

Services

• dhcpd

• dhcpcd

• mrouted

• PF

• rad

• snmpd

• sshd

• Unbound

Overview

todo Describe VLAN configuration and how everything ties together.

todo Discuss issues preferring IPv6 over IPv4.

Usage

1. Install OpenBSD. The process is documented in the OpenBSD FAQ - Installation Guide No graphical utilities are needed.

2. Install the necessary packages.

   doas pkg_add dhcpcd fish git tailscale tmux vim

3. Clone the repository.

   git clone https://github.com/jwillikers/openbsd-router

4. Change to the project’s directory.

   cd openbsd-router

5. Install or symlink everything. Someday, Id like to create a better way to automate this. And care really needs to be taken when modifying the doas configuration. I should add special instructions for that as well.

6. Add the authentication and encryption passphrases for the SNMPv3 user in the /etc/snmpd.users.conf file.

   /etc/etc/snmpd.users.conf

   user "monitor" auth hmac-sha256 authkey "******" enc aes enckey "******"

7. Set ownership on the snmpd configuration files.

   doas chown root:_snmpd /etc/snmpd.conf /etc/snmpd.users.conf

8. Set permissions on the snmpd configuration files.

   doas chmod u=w,g=r,o= /etc/snmpd.conf /etc/snmpd.users.conf

9. Reboot to finish the installation.

Verify Configuration Files

snmpd

doas snmpd -n

Code of Conduct

The project’s Code of Conduct is available in the CODE_OF_CONDUCT.adoc file.

License

This project is licensed under the Creative Commons Attribution-ShareAlike 4.0 International License.

© 2023-2024 Jordan Williams

Authors

Jordan Williams