Networking (OpenBSD)

From Wiki
Jump to navigation Jump to search

General

  • Default gateway: /etc/mygate
  • Interface dependend configuration files:
    • /etc/hostname.DEV and DEV is the name of the device, like em0
    • Owner and group has to be root:wheel
    • Activate a new config: sh /etc/netstart DEV

CARP

The Common Address Redundancy Protocol allows multiple machines in a network to share a set of IP addresses, mostly used to provide failover redundancy.

  • The configuration needs to be done on all participating machines
  • File /etc/hostname.carp0:
vhid 1 pass PASSWORD carpdev DEV advskew 100 IP netmask NETMASK
  • Change PASSWORD, DEV, IP and NETMASK

Interface Aliases

Aliases are used to bind multiple IP addresses to one physical interface.

  • Set: ifconfig em0 alias 172.16.0.1/24
  • Show: ifconfig em0 or ifconfig -A

Link Aggregation (IEEE 802.1AX / IEEE 802.3ad)

Combines one or more Ethernet interfaces to one new logical device using the Link Aggregation Control Protocol (LACP).

# ifconfig aggr0 create
# ifconfig aggr0 trunkport em0
# ifconfig aggr0 trunkport em1
# ifconfig aggr0 192.168.1.1/24
# ifconfig aggr0 up

MAC spoofing

  • ifconfig em0 lladdr 00:11:22:33:44:55

Network Access Control (IEEE 802.1X)

NAC on a wired network:

  • First install wpa-supplicant: pkg_add wpa_supplicant
  • Create the file /etc/wpa_supplicant.conf:
ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=wheel

ap_scan=0
network= {
  key_mgmt=IEEE8021X
  eap=PEAP
  identity="username"
  password="password"
  phase2="autheap=MSCHAPV2"
}
  • Activate with: wpa_supplicant -c /etc/wpa_supplicant.conf -D wired -i em0
  • Or add it to /etc/rc.conf.local:
wpa_supplicant_flags=-i em0 -c /etc/wpa_supplicant.conf -D wired

Static Routes

Always use the -n flag to disable the name resolution (route works much faster)!

  • Default gateway: route -n add -inet 0.0.0.0/0 192.168.1.1
  • Show routes: route -n show
  • Clear the routing table: route -n flush
  • IP-Forwarding: sysctl net.inet.ip.forward=1

VLANs (IEEE 802.1Q)

Logical network separation on layer two.

  • Console:
    • ifconfig em0 up
    • ifconfig vlan100 create
    • ifconfig vlan100 vlan 100 vlandev em0
    • ifconfig vlan2 inet 192.168.100.10 netmask 255.255.255.0
  • File: /etc/hostname.vlan100
vlan 100 vlandev em0
inet 192.168.100.10/24
description "VLAN 100"
up

Wake on LAN

  • ifconfig em0 wol
  • arp -W 11:22:33:44:55:66 em1

Wireless LAN

  • WPA2-PSK:
    • ifconfig iwn0 up
    • ifconfig iwn0 join <SSID> wpakey <KEY>
    • dhclient iwn0