Installing OpenBSD on a Soekris Net5501-70

Jurjen Bokma

May 2008


    1. Install Minicom on the PC.

      apt-get install minicom

  1. It is time to follow the steps in the installation manual.

Procedure 55.  Configuring the OpenBSD box
  1. adduser username

  2. <snip>
    # User privilege specification
    root    ALL=(ALL) SETENV: ALL
    username  ALL=(ALL) ALL
    <snip>
          

  3. Put in ~/.profile a stanza

    PKGPATH=ftp://ftp.nluug.nl/pub/OpenBSD/4.3/packages/i386
    export PKGPATH
          

    and re-source the file:

    . ~/.profile

    [Note]Note

    Even though the OpenBSD documentation on the package management tools doesn't mention it, the ftp client does support HTTP. So you can just fill in an http url in the PKG_PATH. This is especially convenient when ftp is blocked by a firewall en no proxy has been set up.



  4. sudo pkg_add -v syslog-ng-1.6.8
    sudo pkg_add -v isc-dhcp-server-3.1.0

          

  5. Make sure the SSH daemon doesn't listen on the WAN interfaces. For now, make it listen on all LAN NICs, including the config NIC (later on we can remove all but the config NIC). Add the following lines to /etc/ssh/sshd_config:

    ListenAddress 10.0.12.1
    ListenAddress 10.1.154.1
    ListenAddress 192.168.5.4
          

  6. The package isc-dhcpd-3.1.0 that we installed has not replaced the DHCP daemon executable /usr/sbin/dhcpd that was in the file set base43.tgz. Instead, a new file /usr/local/sbin/dhcpd was added that contains the daemon we want to use.

    Follow this tutorial to get it running, chrooted and all.

    Fun! Now we have a perfectly chrooted DHCP server, but it won't pass the PXELinux options to the clients, so PXELinux loads the default config files. That was not the idea. This is a consequence of the patches OpenBSD applied to the daemon. So we install another instance of OpenBSD (on a vritual machine, and this time with the compiler on it), and fetch the source of the ISC dhcp daemon. This compiles without error, and we copy just the dhcpd binary to the router. Now this of course doesn't support opening all files as root and then dropping privileges, so we leave the chroot out for the moment. But is does support PXELinux all right.



[26] Do use your favourite mirror

[27] The options --with-dlz-postgres --with-dlz-bdb --with-dlz-mysql --with-dlz-ldap would've been nice too, but I'm not wasting my time on options I'm not sure I'm going to use here