Configuring Static Networking

If you are running a server, it is best to configure static networking rather than DHCP. An improperly configured DHCP server may cause your IP addresses to change in an unpredictable manner, a serious problem for servers.

WARNING: Warn any connected users before attempting to change your networking. Any mistakes in network configuration can cause all your services to get disconnected. You may first want to practice on a test server before attempting on production. Be prepared to have serial console access in case ssh stops working.

hostname.if

OpenBSD requires one hostname.if per networking interface, where the letters 'if' are replaced with an abbreviation followed by a device number. For example, if you have a virtio networking interface, it will be abbreviated by vio, so you will need an /etc/hostname.vio0 file.

Inside /etc/hostname.if (replace if with your device), you should put something similar to the following lines:

inet 192.168.1.2 255.255.255.0
inet alias 192.168.1.3 255.255.255.255
inet6 2001:0db8:0000:0000:0000:0000:0000:0000 48
inet6 alias 2001:0db8:0000:0000:9b1d:3511:387e:143a 48

Note: Do not use the same IP addresses as above. Use the real IP addresses you were assigned by your ISP.

Let's look at the first two lines:

inet 192.168.1.2 255.255.255.0
inet alias 192.168.1.3 255.255.255.255

The first line will set the device to use the static IP 192.168.1.2 with subnet mask 255.255.255.0. The second line will allow the device to use a second static IP, 192.168.1.3. It will be aliased to the first, but with the subnet mask 255.255.255.255.

It makes sense to have an aliased IP address when two or more IP addresses share the exact same networking interface. For example, unfiltered IPv4 addresses are commonly aliased to DDoS filtered IPv4 addresses.

Let's look at lines 3 and 4:

inet6 2001:0db8:0000:0000:0000:0000:0000:0000 48
inet6 alias 2001:0db8:0000:0000:9b1d:3511:387e:143a 48

The first line sets the device to use the static IPv6 address 2001:0db8:: with a /48 subnet, and the second one creates another IPv6 address 2001:0db8:0000:0000:9b1d:3511:387e:143a with a /48 subnet, aliased to the first IPv6 address. Each time you need a new IPv6 address, just add a new aliased IPv6 address. In this way, you can create dozens of unique IPv6 addresses so that each user on a shell account or bouncer can get a unique IPv6 address.

WARNING: The subnet mask (in the above example 48) must match the assigned prefix length given by your ISP.

In the file /etc/mygate, you specify the default gateway:

192.168.1.1
2001:0db8:0000:0000::1

The default gateway is the router that your server is connected to. This is where all the IP packets from your server will immediately forward its packets to. The default gateway will be provided by your ISP.

To restart networking, run:

$ doas sh /etc/netstart

If this doesn't properly reset the networking, you can do the following:

WARNING: This will disconnect all network connections. Make sure you have serial console access before attempting this.

$ doas ifconfig if0 down && doas route flush && doas sh /etc/netstart

Note: Make sure to replace if0 with your actual device.

ifconfig

New IPv4 addresses can be added on the fly, without rebooting, by using ifconfig:

$ doas ifconfig if0 alias 192.168.1.3 255.255.255.255

For IPv6:

$ doas ifconfig if0 inet6 2001:0db8::2/48

To delete an IPv4 address:

$ doas ifconfig if0 192.168.1.3 delete

To delete the IPv6 address:

$ doas ifconfig if0 inet6 2001:0db8::2/48 delete

Note: replace if0 with your specific interface, and replace the IP addresses and subnet masks.

After adding an IP address, make sure to test it using ping, netcat, and traceroute?.

For example:

$ ping -I 192.168.1.3 8.8.8.8
$ ping6 -I 2001:0db8::2 2607:f8b0:400a:80a::200e

If after waiting 30 seconds, ping shows 100% packet loss, then networking has failed.