OpenBSD VirtualBox Guest Installation

Introduction

Note: This tutorial assumes that you have gone through the steps contained herein: TFTP Server for OpenBSD Installation.

I have also set up my VirtualBox guest to redirect console output to a serial port. This was mostly to make it easier to document, but is a handy feature to have. I may explain how to do this in a future tutorial.

I recently decided to convert my Debian Squeeze router to OpenBSD 4.9 - so I want this machine to perform the following tasks:

  • Act as a gateway for machines on my LAN
  • Block unwanted traffic from the WAN
  • Transparently route HTTP requests through a caching Squid proxy
  • And finally, forward certain ports from the internal network.

Previously, the Debian Squeeze installation I had was using Shoreline Firewall. Shorewall is essentially software used to write netfilter (iptables) rules based on somewhat simpler configuration files.

We'll eventually be using PF on OpenBSD to replace this functionality.

Frankly, this part of the tutorial won't provide as concise instructions as the Installation Guide, but I wanted to document this for my own purposes. It could perhaps be useful to someone, so I will keep it here for posterity.

VirtualBox configuration

Because I'll be replacing the machine that essentially provides my internet connectivity - and since I know very little about OpenBSD at this point - I'll need to thoroughly test the configuration before deploying it. I chose to do this on VirtualBox. I've set up a VM with 2 NICs, 128MB of RAM and a 4GB hard drive. This roughly mirrors the setup on my physical machine.

I've chosen to boot using PXE, as I don't like to make coasters every six months when I decide to install or test a new operating system. Having a look at the some of the discussions on the internet regarding installing OpenBSD from USB media shed new light on the inherent pitfalls involved with this, so I decided against it.

Booting from a PXE-supported network card requires setting up a TFTP server, and serving the installation files from there. Setting up the TFTP server is beyond the scope of this particular document, but if you've completed the steps linked to in the introduction, you'll have that set up already.

I also mirrored the file sets I wanted installed on a local web server. This is not entirely necessary, as one can use any of the publically-available mirrors to do a network install. It's simply much faster if it's hosted locally. The document linked to in the introduction also addresses this.

Having previously set up the TFTP server, as well as mirroring all the required files on my web server, it's simply a matter of editing the VM to boot from the network. Go to Settings -> Network for your VM. Please make sure that you have 2 adaptors enabled for the purposes of this HOWTO. I have checked Cable connected only on the first adaptor for the time being, as we will be manually setting up the 2nd interface and I don't want the OpenBSD installer to touch it, for now. Enable the network adapter, ensuring that the Attached to drop-down box is set to Bridged Adapter. Name should be eth0, or whatever your primary NIC is named on the host machine. Do the same for Adapter 2. If you are using a very old version of VirtualBox for some odd reason, you can check out my (outdated) VirtualBox Networking tutorial, which describes the process of manually setting up these bridged network interfaces. A recent VirtualBox installation should take care of this automatically, however.

Booting with PXE

Once you've set up the NICs, go to System -> Motherboard. Under Boot Order, ensure that Network is checked, and click the up/down arrows to manipulate the priority of the boot devices. For the installation, you'll want Network to take priority over any other boot device. Click OK, and proceed to start the VM.

If you've setup the TFTP server correctly, you'll see the following in the console:

>> OpenBSD/i386 PXEBOOT 3.15
boot>
booting tftp:/4.9/i386/bsd.rd: 5916924+952288 [61+225184+213383]=0x6f83e0
entry point at 0x200120

Installation

After booting, the kernel messages will scroll by, ultimately leaving you with the following prompt:

Welcome to the OpenBSD/i386 4.9 installation program.
(I)nstall, (U)pgrade or (S)hell? i

Type 'i' and press Enter. Next, the installer will prompt you for your keyboard layout, or your terminal type if you're using the serial console method I will describe in a future document. The defaults should be sufficient.

Next, we want to input the system hostname. We're just going to call this system openbsd.

System hostname? (short form, e.g. 'foo') openbsd

Next step is to configure the network interfaces. Since my eventual setup will be grabbing an address from my ISP, we'll want to choose DHCP for the first (and only) interface we're going to setup during the install.

Available network interfaces are: em0 em1 vlan0.
Which one do you wish to configure? (or 'done') [em0]

IPv4 address for em0? (or 'dhcp' or 'none') [dhcp]

Issuing hostname-associated DHCP request for em0.
DHCPDISCOVER on em0 to 255.255.255.255 port 67 interval 1
DHCPOFFER from 10.0.0.2 (XX:XX:XX:XX:XX:XX)
DHCPREQUEST on em0 to 255.255.255.255 port 67
DHCPACK from 10.0.0.2 (XX:XX:XX:XX:XX:XX)
bound to 10.0.0.100 -- renewal in 300 seconds.

We won't be using IPv6 in this install.

IPv6 address for em0? (or 'rtsol' or 'none') [none]

Next, the installer wants to know if we'll be configuring the other interface. We're going to manually do this later.

Available network interfaces are: em0 em1 vlan0.
Which one do you wish to configure? (or 'done') [done]

Using DNS domainname noware.local
Using DNS nameservers at 10.0.0.2

We don't want to do any further manual configuration, so:

Do you want to do any manual network configuration? [no]

Further configuration

We're then asked to enter a root password. Set this to whatever you like. After this, we're asked if we want to start SSH and NTP by default. Choose the defaults (SSH enabled, NTP disabled). We can manually set up NTP later on.

As this is a headless machine, we won't be needing X:

Do you expect to run the X Window System? [yes] no

In my case, I'm using the serial console, so I want the default console to be com0 (this is the first serial device, COM1 on Windows and /dev/ttyS0 on Linux). You may or may not want to choose this option. I will describe how to set up the serial console in VirtualBox in a later document. You may want to choose 'no' if this is not a necessary configuration for you.

Change the default console to com0? [no] yes
Available speeds are: 9600 19200 38400 57600 115200.
Which one should com0 use? (or 'done') [9600]

The default speed is more than sufficient, and probably the safest bet.

Next we'll set up a user account. This user will be part of the wheel group, and able to escalate privileges to superuser, given the root password we entered earlier.

Setup a user? (enter a lower-case loginname, or 'no') [no] localhorse
Full user name for localhorse? [localhorse]

We're asked for the password, and then asked if we want to disable root SSH access. This is probably a wise idea, unless you have a specific reason why you'd need SSH access for root. So let's disable it.

Since you set up a user, disable sshd(8) logins to root? [yes]

I'm in Alberta, Canada, so I'll set the timezone to MST:

What timezone are you in? ('?' for list) [Canada/Mountain]

Disk setup

Next we'll set up the hard disk.

Available disks are: wd0.
Which one is the root disk? (or 'done') [wd0]

There's only one disk we've created for this VM, so choose that. It will list the partition information, and ask us what area of the disk we'd like to use. We're going to say, "to hell with the partitions on there!" and use the whole disk. Be warned, if you're running this on a real machine this will erase the existing partitions. In our case, it's just the VM's fake hard drive.

Use (W)hole disk, use the (O)penBSD area, or (E)dit the MBR? [OpenBSD] w

For our 4GB drive, this is the disk layout OpenBSD suggests using:

Setting OpenBSD MBR partition to whole wd0...done.
The auto-allocated layout for wd0 is:
#                size           offset  fstype [fsize bsize  cpg]
  a:           902.9M               64  4.2BSD   2048 16384    1 # /
  b:           256.0M          1849248    swap
  c:          4096.0M                0  unused
  d:          2505.7M          2373536  4.2BSD   2048 16384    1 # /usr
  e:           430.0M          7505280  4.2BSD   2048 16384    1 # /home
Use (A)uto layout, (E)dit auto layout, or create (C)ustom layout? [a]

You may want a separate partition for /var as well. For the purposes of this tutorial, the defaults are fine and we'll just go with the auto layout.

File sets

The OpenBSD installer will now proceed to create the partitions and file systems. Now it wants to know where our file sets are. We'll pull them off the same machine we ran the TFTP server from, but if you haven't set up your webserver to do this, you can just use the default.

Let's install the sets!
Location of sets? (cd disk ftp http or 'done') [cd] http

HTTP/FTP proxy URL? (e.g. 'http://proxy:8080', or 'none') [none]
Server? (hostname, list#, 'done' or '?') [ftp.OpenBSD.org] 10.0.0.2
Server directory? [pub/OpenBSD/4.9/i386]

Once that's been entered, it will look on the webserver for the file sets. Again, if everything was setup properly, it will ask you to select which sets to install. Just go with the defaults, which is every set but bsd.mp, for multiprocessor systems.

Each of the file sets will be downloaded and installed. Once that's done, it will ask us again which file sets to install, in case we've missed anything. We haven't. Select the default, done.

Finishing up

Given that you've entered the right time zone, the default time setting should be sufficient as well.

Time appears wrong.  Set to 'Tue Sep 13 06:01:17 MDT 2011'? [yes]

We're done!

As the installer now instructs you to do, type reboot and hit enter.

syncing disks... done
rebooting...

Once the VM starts loading the PXE install image again, go ahead and give it a power-off command. Go back into your settings and adjust the boot order so that the fake hard disk is given priority.

Once we start the VM again, it will boot into our new OpenBSD installation! Many kernel messages will scroll by, and finally the system will generate our new SSH keys. This could take some time, but once it's done we have a fully running system and we are now ready to get down to work.


Last edited by localhorse on Oct. 3, 2011, 11:35 a.m. MST

 
The content on this site is copyright © 2005-2011 Danny Campbell. Thanks to the irssi team for the GPL-licensed CSS code. The Noware site is built with django-cms, running on the Django platform. Django is a Python web framework, which is being served using mod_wsgi on apache2. The database backend for Django is stored on a MySQL server. All of this is running on the wonderful GNU/Linux distribution, Debian.