Recent Changes - Search:
Hostnameif /

Configuring Static Networking

Most computer users don't have to deal with networking because they use DHCP, where the router automatically figures out and assign IP addresses to each device. However, if you are running a server, it's important to configure static networking so that your IP addresses don't change in an unpredictable manner. Static networking is preferred to get reliable IPv4 and IPv6 networking.

If you chose DHCP when first installing OpenBSD, you will need to follow the steps below to configure the networking manually.

WARNING: Make sure you warn any connected users before attempting to change your networking. Any mistakes here can cause all your users to get disconnected. If you are worried about making mistakes, you should practice first on a separate server. Please also be prepared to use the serial console (BuyVM or training VPS) in case ssh stops working.

hostname.if

OpenBSD requires one hostname.if per networking interface, where the letters 'if' are replaced with an abbreviation followed by a device number. For example, if you have a virtio networking interface, it will be abbreviated by vio, so you will need an /etc/hostname.vio0 file.

Inside /etc/hostname.if (where you replace if with your device), you should put something similar to the following lines: 

inet 192.168.1.2 255.255.255.0
inet alias 192.168.1.3 255.255.255.0
inet6 2001:0db8:0000:0000:0000:0000:0000:0000 48
inet6 alias 2001:0db8:0000:0000:9b1d:3511:387e:143a 48
inet6 alias 2001:0db8:0000:0000:1465:fed1:8daf:66ff 48
inet6 alias 2001:0db8:0000:0000:11b4:4a36:2941:d6bd 48
inet6 alias 2001:0db8:0000:0000:ad2c:5b99:2b1a:89d1 48
inet6 alias 2001:0db8:0000:0000:921d:28ad:4729:8d93 48

Note: Do not use those exact IP addresses. Use the real IP addresses you were assigned by your ISP.

Let's look at the first two lines: 

inet 192.168.1.2 255.255.255.0
inet alias 192.168.1.3 255.255.255.0

The first line will set the device to use the static IP 192.168.1.2 with subnet mask 255.255.255.0. The second line will allow the device to use a second static IP, 192.168.1.3. It will be aliased to the first and have the same subnet mask.

It makes sense to have an aliased IP address when two or more IP addresses share the exact same networking interface. You will see this being done if you have one normal IPv4 address and a DDoS filtered IPv4 address. Both of them actually share the same networking interface, so the unfiltered IPv4 address is actually an alias of the filtered one.

Let's look at lines 3 and 4: 

inet6 2001:0db8:0000:0000:0000:0000:0000:0000 48
inet6 alias 2001:0db8:0000:0000:9b1d:3511:387e:143a 48

The first line sets the device to use the static IPv6 address 2001:0db8:: with a /48 subnet, and the second one creates another IPv6 address 2001:0db8:0000:0000:9b1d:3511:387e:143a with a /48 subnet, aliased to the first IPv6 address. Each time you need a new IPv6 address, just add a new aliased IPv6 address. In this way, you can create dozens of unique IPv6 addresses so that each user on a shell account or bouncer can get a unique IPv6 address.

In the file /etc/mygate, you specify the default gateway: 

192.168.1.1
2001:0db8:0000:0000::1

The default gateway is the router that your server is connected to. This is where all the IP packets from your server will immediately forward its packets to. The default gateway will be provided by your ISP.

To restart networking, run: 

$ doas sh /etc/netstart

If this doesn't properly reset the networking, you can do the following:

WARNING: This will definitely disconnect all network connections. 

$ doas ifconfig if0 down
$ doas route flush
$ doas sh /etc/netstart

Note: Make sure to replace if0 with your real device.

ifconfig

You can add new IPv4 addresses on the fly, without rebooting, by using ifconfig: 

$ doas ifconfig if0 alias 192.168.1.3 255.255.255.0

For IPv6: 

$ doas ifconfig if0 inet6 2001:0db8::/48

To delete an IPv4 address: 

$ doas ifconfig if0 192.168.1.3 delete

To delete the IPv6 address: 

$ doas ifconfig if0 inet6 2001:0db8::/48 delete

Note: replace if0 with your specific interface, and replace the IP addresses and subnet masks.

To test if an IP address is working, you can use ping, netcat, and traceroute?.