tech stuff.

OpenBSD Embedded Router

with 4 comments

The excellent flashrd project makes easy work of installing OpenBSD as an embedded platform.  I had an excellent experience installing OpenBSD 5.0 on a PCEngines ALIX 2d13 using a 4GB CF.  A rough outline of the steps follows.

I performed these steps from an OpenBSD VM running under VirtualBox with the CF device attached via a raw disk vmdk. A raw disk vmdk can be created with the following (dangerous) command on OS X. Be sure you get the device correct.

% VBoxManage internalcommands createrawvmdk -filename /Users/mcuser/VMs/disk2_cf4g.vmdk -rawdisk /dev/disk2

  1. Download the appropriate flashrd from the above site, and make the OpenBSD install sets available to your VM. I just mounted OpenBSD CD 1 in the VM.
  2. Untar the OpenBSD release packages into a directory.  The xbase package isn’t strictly necessary, but omitting it can sometimes cause silly dependency problems (with avahi, for example).
    # mkdir /root/openbsd
    # cd /root/openbsd
    # for tb in base etc man xbase; do
    > tar xzpf /mnt/5.0/i386/${tb}50.tgz
    > done
  3. Make sure the kernel source in /usr/src is for the version of OpenBSD you’re installing to flash.
  4. Increase the default size of /usr in flashrd. Our CF is at least 4GB, and we want room to install some packages. Edit flashrd and look for the vndsize variable. Change the value corresponding to /usr in vnddirs to 1638400 sectors, which is 800 MB. With flashrd-20110421 that looks like:
    export vnddirs="root bin etc sbin usr"  # must match vnddirs= in stand/rc and fstab
    export vndsize="102400 auto 102400 auto 1638400"        # min partition sizes (or auto) (in 512 byte sectors)
  5. Run the flashrd script. The ALIX TinyBIOS uses 38400 baud by default, so we might as well make the console match.
    # cd flashrd-YYYYMMDD
    # ./flashrd -disk wd1 /root/openbsd
    # ./cfgflashrd -disk wd1 -rdroot szez-ARCH.DATE -com0 38400

    Note that cfgflashrd is going to ask you for the "New physical device name". This is the device name as it will be seen by the ALIX, not your build host. For me this is wd0, not wd1.

  6. Copy some useful packages to the flash. Most of the packages listed above are on OpenBSD CD1, but some must be downloaded.
    # mkdir -p /flash && mount /dev/wd1a /flash
    # mkdir -p /flash/pkg/5.0
    # cd /mnt/5.0/packages/i386/
    # for pkg in avahi bzip2 curl cvsps dbus dnsmasq gdbm gettext git glib2 \
      libdaemon libgamin libiconv lzo2 openvpn p5-Error pcre pftop python \
      rsync sqlite3 symon-mon vim zsh; do
          cp $pkg-*.tgz /flash/pkg/5.0
      done

The flashrd scripts will put /var and /tmp on memory filesystems, / on a ram disk, and the rest of the partitions in a vnd filesystem.  The CF itself will be mounted on /flash.  The vnd filesystem makes it surprisingly easy to upgrade the devices in situ.  (Easy in theory.  I haven’t tried it yet.)  Details on upgrading and everything else can be found in the FAQ.

Once installed, all of the vnd filesystems are mounted read-only to protect them from those less-than-graceful restarts that are so common with an embedded router.  The ro and rw scripts make for easy system changes, though, and I take advantage of the /flash mount to version control the config files outside of the vnd filesystem.

I’m very happy with the finished product.  OpenBSD really makes an excellent router, and the project leads the way in usable security.

2011/11/10: Updated for OpenBSD 5.0

Advertisements

Written by Lee Verberne

2011/06/12 at 10:43

Posted in BSD

Tagged with

4 Responses

Subscribe to comments with RSS.

  1. Hi,

    Can you send me your email address,need some help on this project.

    Faisal Ghulam

    2011/06/21 at 02:20

  2. Hello,

    You’r apparenttly the only person who did that setup + documentation.
    I tried to reproduce your steps but I can’t make it boot/get serial console working.

    Could you please contact me through my email address, would be wonderfull :)

    Thanks

    Henry-Nicolas Tourneur

    2011/10/24 at 23:29

    • Yeah, my write up here isn’t particularly detailed. Maybe i’ll expand it. Where did you run into trouble?

      verb

      2011/10/25 at 09:11

  3. Have you been able to try do an upgrade in the meantime? – Would be interesting to know how you did – i.e. for saving your configuration and for example locally added package.

    Mathieu

    2012/06/04 at 03:25


Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: