From 42359c21c59a01e82348752dbe22d3a35d09bb59 Mon Sep 17 00:00:00 2001 From: Dante Catalfamo Date: Fri, 10 Jul 2020 17:42:47 -0400 Subject: Huge work on DHCP article --- content/posts/WIP-openbsd-dhcp-server/index.org | 136 +++++++++++++++++++++++- 1 file changed, 134 insertions(+), 2 deletions(-) (limited to 'content') diff --git a/content/posts/WIP-openbsd-dhcp-server/index.org b/content/posts/WIP-openbsd-dhcp-server/index.org index 0578f87..80fdfd1 100644 --- a/content/posts/WIP-openbsd-dhcp-server/index.org +++ b/content/posts/WIP-openbsd-dhcp-server/index.org @@ -1,8 +1,140 @@ #+TITLE: How to Setup a DHCP server on OpenBSD -#+DATE: 2020-07-07T19:22:38-04:00 +#+DATE: 2020-07-10T16:10:09-04:00 #+DRAFT: true -#+DESCRIPTION: +#+DESCRIPTION: Cofiguring dhcpd for a small home network on OpenBSD #+TAGS[]: openbsd dhcp #+KEYWORDS[]: openbsd dhcp #+SLUG: #+SUMMARY: + +[[https://www.openbsd.org/faq/faq4.html#Download][OpenBSD]] makes a great router. It's simplicity and ease of +configuration makes it perfect for network infrastructure +applications. On top of that, everything you could possibly need to +build a network of any size is built into the base system, plus its +man pages and examples cover everything you'd need to know. You can +easily configure most everything on the system without having to ever +look it up online. + +While I've been an OpenBSD user for years, I'm finally in the process +of replacing the router provided by my ISP with a [[{{< ref "pcengines-comparison" >}}][PC Engines APU2E4]] +running [[{{< ref "installing-openbsd-on-pcengines" >}}][OpenBSD]]. + +One of the key services that I have to setup for this is the DHCP +server, which is responsible for giving out IP addresses to machines +when they join the network. + +This task is incredibly easy on OpenBSD, as it comes with =dhcpd= on +the base system. The OpenBSD project provides excellent documentation +for this system under [[http://man.openbsd.org/dhcpd][=dhcpd(8)=]] for the DHCP server itself, +[[http://man.openbsd.org/dhcpd.conf.5][=dhcpd.conf(5)=]] for the configuration file, and [[http://man.openbsd.org/dhcpd.leases.5][=dhcpd.leases(5)=]] for +the lease database format. + +The example we'll be going over in this post will be extremely simple, +as it's only for a small home network without any advanced options. I +encourage you to read the man pages if you're ever setting up your +own, as I might not cover what you need to know here. + +For my case, I'll be handing out IP addresses in the =192.168.0.0/24= +subnet, with addresses =192.168.0.30= through =192.168.0.200= assigned +with DHCP. The gateway router will be at the address =192.168.0.1=. + +I will assign the devices on the network the =home.local= domain. I'll +use =192.168.0.23= as the DNS server, as I have a caching DNS server +which filters out advertisers setup at that address, with =8.8.8.8= as +the secondary DNS server in case my DNS server ever goes down. + +To jumpstart the configuration, I'll first copy the file from +=/etc/examples/dhcpd.conf= to =/etc/dhcpd.conf= so I don't have to +start from scratch. + +#+BEGIN_SRC shell +doas cp /etc/examples/dhcpd.conf /etc/ +#+END_SRC + +Then I'll edit the file with =mg=, an emacs-like editor that comes +with OpenBSD. + +#+BEGIN_SRC shell +doas mg /etc/dhcpd.conf +#+END_SRC + +Here's the finished configuration file. + +#+BEGIN_SRC +# Network: 192.168.0.0/255.255.255.0 +# Domain name: home.local +# Name servers: 192.168.0.23 and 8.8.8.8 +# Default router: 192.168.0.1 +# Addresses: 192.168.0.30 - 192.168.0.200 +# +option domain-name "home.local"; +option domain-name-servers 192.168.0.23, 8.8.8.8; + +subnet 192.168.0.0 netmask 255.255.255.0 { + option routers 192.168.0.1; + + range 192.168.0.30 192.168.0.200; + default-lease-time 604800; + max-lease-time 2592000; + + host example-static-client { + hardware ethernet 22:33:44:55:66:77; + fixed-address 192.168.0.201; + } +} +#+END_SRC + +The comments at the top are just to help understand the file at a +glance, and don't serve any practical function. + +An =option= can be specified globally or per-subnet. They can also be +specified per-client for [[https://en.wikipedia.org/wiki/Bootstrap_Protocol][BOOTP]] clients, but I won't be covering that. +Here I set the domain name and DNS servers globally. + +#+BEGIN_SRC +option domain-name "home.local" +option domain-name-servers 192.168.0.23, 8.8.8.8; +#+END_SRC + +Then I declare the configuration for my subnet. + +#+BEGIN_SRC +subnet 192.168.0.0 netmask 255.255.255.0 { + +} +#+END_SRC + +and put the subnet-specific configuration inside the braces. You may +specify as many subnets as you need in the configuration file, +although for a home networkl like this I only need one. + +Inside of the subnet configuration block, I set the gateway router and +the range of IPs I'll be handing out with DHCP. + +#+BEGIN_SRC +option routers 192.168.0.1; + +range 192.168.0.30 192.168.0.200; +#+END_SRC + +I also specify the default lease time and max lease time. The default +lease time is the number of seconds the DHCP server will hold a lease +for a client if the client doesn't ask for a specific lease length, +and the max lease length is the maximum allowed lease length. + +#+BEGIN_SRC +default-lease-time 604800; +max-lease-time 2592000; +#+END_SRC + +Finally I have an example client configuration. Here the client with +the MAC address =22:33:44:55:66:77= will all ways be given the IP +=192.168.0.201=. This is useful when you want to assign a specific IP +to a certain client without having to manually configure the IP. + +#+BEGIN_SRC +host example-static-client { + hardware ethernet 22:33:44:55:66:77; + fixed-address 192.168.0.201; +} +#+END_SRC -- cgit v1.2.3