====== OpenBSD install DW5821e Snapdragon X20 LTE T77W968 ======
===== Установка пакетов OpenBSD =====
#
# Информация о пакетах
#
pkg_info vi
#
# поиск пакетов
#
pkg_info -aQ nano
===== Подключение к провайдеру t2 =====
После установки OpenBSD я пробросил в виртуалку модем и добавил один файлик с настройками интерфейса umb0
И tele2 сразу же подключился и работает ))
#
# Установил nano
#
pkg_add nano
#
# собственно, сам файл
#
cat /etc/hostname.umb0
apn internet.tele2.ru
inet autoconf
===== Установка времени по Москве =====
Все известные временные зоны находятся в директории **/usr/share/zoneinfo/**
#
# All TZ list
ls /usr/share/zoneinfo/
Переводим время на московское
ln -sf /usr/share/zoneinfo/Europe/Moscow /etc/localtime
# Проверяем - дата по Москве!
date
===== openbsd ospfd enable =====
#
# Не работает ospfctl
#
ospfctl s s
ospfctl: connect: /var/run/ospfd.sock.0: Connection refused
cat /etc/ospfd.conf
hi="5"
area 0.0.0.0 {
interface em0 {
hello-interval $hi
}
}
chmod 640 /etc/ospfd.conf
/etc/rc.d/ospfd start
#
# работает!
#
openbsd# ospfctl s s
Router ID: 7.6.18.72
Uptime: 00:00:08
RFC1583 compatibility flag is disabled
SPF delay is 1000 msec(s), hold time between two SPFs is 5000 msec(s)
Number of external LSA(s) 0 (Checksum sum 0x0)
Number of areas attached to this router: 1
Area ID: 0.0.0.0
Number of interfaces in this area: 1
Number of fully adjacent neighbors in this area: 0
SPF algorithm executed 1 time(s)
Number LSA(s) 1 (Checksum sum 0x98a5)
Если не запускается, то нужно посмотреть логи демона при старте
#
# startlog
#
/etc/rc.d/ospfd -fd start
===== openBSD NAT enable =====
#
# openBSD NAT enable
#
echo 'net.inet.ip.forwarding=1' >> /etc/sysctl.conf
sysctl net.inet.ip.forwarding=1
===== openBSD несколько конфигов openvpn =====
#
# openBSD 2 or more openvpn configs
#
cat /etc/hostname.tun1
up
!/usr/local/sbin/openvpn --daemon --config /etc/openvpn/first.conf
cat /etc/hostname.tun2
up
!/usr/local/sbin/openvpn --daemon --config /etc/openvpn/second.conf
===== openBSD restart pf =====
#
# openbsd restart pf - reload pf config
#
pfctl -f /etc/pf.conf
===== pftl =====
==== PF reload test load ====
# Loading PF Rules
# Load /etc/pf.conf:
pfctl -f /etc/pf.conf
# Test the rules: (parse /etc/pf.conf but dont load it)
pfctl -n -f /etc/pf.conf
# Load only the FILTER rules:
pfctl -R -f /etc/pf.conf
# Load only the NAT rules:
pfctl -N -f /etc/pf.conf
# Load only the OPTION rules:
pfctl -O -f /etc/pf.conf
==== PF flush rules ====
#
# Flush ALL:
#
pfctl -F all
# Flush only the RULES:
pfctl -F rules
# Flush only QUEUE:
pfctl -F queue
# Flush only NAT:
pfctl -F nat
# Flush all statistics that are not part of any rule:
pfctl -F info
# Clear all counters:
pfctl -z
==== Output PF Info ====
#
# Output PF Information
#
# Show filter information:
pfctl -s rules
# or
pfctl -sr
# Show filter information for which FILTER rules hit:
pfctl -v -s rules
# Filter information as above and prepend rule numbers:
pfctl -vvsr show
# Show NAT information, for which NAT rules hit:
pfctl -v -s nat
# Show NAT information for interface xl1:
pfctl -s nat -i xl1
# Show QUEUE information:
pfctl -s queue
# Show LABEL information:
pfctl -s label
# Show contents of the STATE table:
pfctl -s state
# Show statistics for state tables and packet normalization:
pfctl -s info
# Show everything:
pfctl -s all
==== PF Tables ====
#
# Работа с таблицами PF Tables #
#
# Show table obxod:
pfctl -t obxod -T show
# View global information about all tables:
pfctl -vvsTables
# Add entry to table obxod
pfctl -t obxod -T add 192.168.0.5
# Add a network to table obxod:
pfctl -t obxod -T add 192.168.0.0/16
# Delete nework from table obxod:
pfctl -t obxod -T delete 192.168.0.0/16
# Remove all entries from table obxod:
pfctl -t obxod -T flush
# Delete table obxod entirely:
pfctl -t obxod -T kill
# Reload table obxod on the fly:
pfctl -t obxod -T replace -f /etc/obxod
# Find ip address 192.168.0.140 in table obxod:
pfctl -t obxod -T test 192.168.0.140
# Load a new table definition:
pfctl -T load -f /etc/pf.conf
# Output stats for each ip address in table obxod:
pfctl -t obxod -T show -vi
# Reset all counters for table obxod:
pfctl -t obxod -T zero
===== Restart Network Interface =====
#
# OpenBSD Restart Network Interface
#
sh /etc/netstart [-n] em0
===== Ping via routes =====
#
# OpenBSD Ping via Routes
#
openbsd# ifconfig tun1
tun1: flags=8051 rdomain 1 mtu 1500
index 5 priority 0 llprio 3
groups: tun
status: active
inet 192.168.227.3 --> 192.168.227.1 netmask 0xffffff00
# Проверяем, есть ли связь внутри туннеля
#
route -T 1 exec ping 192.168.227.1
# Направляем трафик в тунель
#
route -T 1 add 0.0.0.0/0 192.168.227.1
route -T 1 exec ping 8.8.8.8
===== OpenBSD netstat =====
#
# Маршруты для T 1 (rdomain 1)
#
openbsd# netstat -T 1 -r -n
Routing tables
Internet:
Destination Gateway Flags Refs Use Mtu Prio Iface
default 192.168.227.1 UGS 0 31 - 8 tun1
192.168.227.1 192.168.227.3 UHh 1 4 - 8 tun1
192.168.227.3 192.168.227.3 UHl 0 55 - 1 tun1
openbsd# netstat -T 0 -r -n
Routing tables
Internet:
Destination Gateway Flags Refs Use Mtu Prio Iface
default 7.6.11.85 UG 7 171373 - 14 umb0
224/4 127.0.0.1 URS 0 55 32768 8 lo0
7.6.11.84 7.6.11.84 UHl 0 1852 - 1 umb0
7.6.11.85 7.6.11.84 UHh 1 1 - 14 umb0
10.20.30/24 10.20.30.200 UCn 2 59922 - 4 em0
10.20.30.1 08:00:27:c8:8c:93 UHLc 0 30323 - 3 em0
10.20.30.200 bc:24:11:15:19:59 UHLl 0 135 - 1 em0
10.20.30.241 20:10:4a:20:01:49 UHLc 2 103397 - 3 em0
10.20.30.255 10.20.30.200 UHb 0 260 - 1 em0
127/8 127.0.0.1 UGRS 0 0 32768 8 lo0
127.0.0.1 127.0.0.1 UHhl 1 2 32768 1 lo0
[[https://www.openbsd.org/faq|openbsd FAQ]]
[[https://www.openbsdhandbook.com/pf/cheat_sheet/|OpenBSD Handbook]]