{"id":15148642,"url":"https://github.com/jwillikers/openbsd-router","last_synced_at":"2025-10-24T05:30:21.554Z","repository":{"id":214881967,"uuid":"729595758","full_name":"jwillikers/openbsd-router","owner":"jwillikers","description":"The configuration for my OpenBSD home router.","archived":false,"fork":false,"pushed_at":"2024-11-27T14:03:52.000Z","size":58,"stargazers_count":6,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-02-06T01:11:49.148Z","etag":null,"topics":["bsd","config","dhcp","dns","firewall","ipv6","matter","multicast","networking","openbsd","pf","router","unbound","vlan"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jwillikers.png","metadata":{"files":{"readme":"README.adoc","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":"CODE_OF_CONDUCT.adoc","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-12-09T18:17:05.000Z","updated_at":"2024-12-20T03:27:54.000Z","dependencies_parsed_at":"2024-03-24T22:31:24.271Z","dependency_job_id":"1916237d-0bb1-41df-88c3-a0b3640b9d16","html_url":"https://github.com/jwillikers/openbsd-router","commit_stats":{"total_commits":20,"total_committers":1,"mean_commits":20.0,"dds":0.0,"last_synced_commit":"7c4cf66fa1f1fea89bc63bd200c7dfbe1edfee73"},"previous_names":["jwillikers/openbsd-router"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jwillikers%2Fopenbsd-router","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jwillikers%2Fopenbsd-router/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jwillikers%2Fopenbsd-router/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jwillikers%2Fopenbsd-router/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jwillikers","download_url":"https://codeload.github.com/jwillikers/openbsd-router/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":237915423,"owners_count":19386724,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bsd","config","dhcp","dns","firewall","ipv6","matter","multicast","networking","openbsd","pf","router","unbound","vlan"],"created_at":"2024-09-26T13:21:23.042Z","updated_at":"2025-10-24T05:30:21.549Z","avatar_url":"https://github.com/jwillikers.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"= OpenBSD Router\nJordan Williams \u003cjordan@jwillikers.com\u003e\n:experimental:\n:icons: font\nifdef::env-github[]\n:tip-caption: :bulb:\n:note-caption: :information_source:\n:important-caption: :heavy_exclamation_mark:\n:caution-caption: :fire:\n:warning-caption: :warning:\nendif::[]\n:dhcpd: https://man.openbsd.org/dhcpd[dhcpd]\n:dhcp6leased: https://man.openbsd.org/dhcp6leased.8[dhcp6leased]\n:mrouted: https://man.openbsd.org/mrouted[mrouted]\n:OpenBSD: https://www.openbsd.org/[OpenBSD]\n:OpenBSD-version: 7.6\n:PF: https://www.openbsd.org/faq/pf/index.html[PF]\n:Protectli: https://protectli.com[Protectli]\n:rad: https://man.openbsd.org/rad[rad]\n:snmpd: https://man.openbsd.org/snmpd[snmpd]\n:sshd: https://man.openbsd.org/sshd[sshd]\n:Unbound: https://nlnetlabs.nl/projects/unbound/about/[Unbound]\n\nThe configuration for my {OpenBSD} home router.\nI use a {Protectli} vault, which I highly recommend.\n\n// https://sha256.net/dhcpv6-pd-first-steps.html\n// todo Provide additional static, local IPv6 addresses through DHCPv6 on my local network.\n// Then provide IPv6 addresses for the DNS servers on the router.\n// This will require using ISC's kea, `kea` package, instead of the local dhcp server.\n\n.Features\n* Firewall\n* DHCP\n* IPv6\n* Multicast\n* VLAN\n* DNS caching\n* DNS over TLS\n* Remote access via SSH\n* Support for Matter IoT devices\n* Monitoring via SNMP\n\n.Services\n* {dhcpd}\n* {dhcp6leased}\n* {mrouted}\n* {PF}\n* {rad}\n* {snmpd}\n* {sshd}\n* {Unbound}\n\n== Overview\n\nThis configuration is intended for OpenBSD {OpenBSD-version}.\nEgress is on port `em0`, which is connected to my ISP.\nThe rest of the physical interfaces are combined using a virtual ethernet bridge.\nAdditional VLAN's are used to isolate different parts of the network.\nThese are described in the \u003c\u003cVLANs\u003e\u003e table.\n\n.VLANs\n[cols=\"1,2\"]\n|===\n| VLAN\n| Purpose\n\n| 2\n| Wireless guest network\n\n| 3\n| IoT\n\n| 4\n| Work\n|===\n\nThe egress interface obtains an IPv6 address using stateless address autoconfiguration.\nAn additional IPv6 prefix is obtained from my ISP using prefix-delegation for the bridge network.\nThe primary network and each VLAN receive a `/64` prefix cut from the delegated prefix.\n\n== Usage\n\n. Install OpenBSD.\nThe process is documented in the https://www.openbsd.org/faq/faq4.html[OpenBSD FAQ - Installation Guide]\nNo graphical utilities are needed.\n\n. Install the Git necessary.\n+\n[,sh]\n----\ndoas pkg_add git\n----\n\n. Clone the repository.\n+\n[,sh]\n----\ngit clone https://github.com/jwillikers/openbsd-router\n----\n\n. Change to the project's directory.\n+\n[,sh]\n----\ncd openbsd-router\n----\n\n. Copy the `etc/snmpd.conf.template` file to `etc/snmpd.conf`.\n+\n[,sh]\n----\ncp etc/snmpd.conf.template etc/snmpd.conf\n----\n\n. Restrict permissions on `etc/snmpd.conf`.\n+\n[,sh]\n----\nchmod 0600 etc/snmpd.conf\n----\n\n. Add the authentication and encryption passphrases for the SNMPv3 user in the `etc/snmpd.conf` file.\n+\n.etc/snmpd.conf\n[source]\n----\nuser \"monitor\" auth hmac-sha256 authkey \"******\" enc aes enckey \"******\"\n----\n\n. Install everything.\n+\n[,sh]\n----\ndoas ./install.sh\n----\n\n== Validate Configuration Files\n\nThe `validate.sh` script can be used to validate some of the configuration files.\nRun it to ensure everything is hunky dory.\n\n[,sh]\n----\ndoas ./validate.sh\n----\n\n== Update\n\nThe `update.sh` script is a convenience for running commands to update the OpenBSD system.\nIt will initiate upgrades of the system to new major versions, in addition to applying system patches and updating packages.\nRun it as follows.\n\n[,sh]\n----\ndoas ./update.sh\n----\n\nFor details on upgrading between major versions, find corresponding upgrade guide on the https://www.openbsd.org/faq/[OpenBSD Frequently Asked Questions page].\n\n== Code of Conduct\n\nThe project's Code of Conduct is available in the link:CODE_OF_CONDUCT.adoc[] file.\n\n== License\n\nThis project is licensed under the https://creativecommons.org/licenses/by-sa/4.0/legalcode[Creative Commons Attribution-ShareAlike 4.0 International License].\n\n© 2023-2025 Jordan Williams\n\n== Authors\n\nmailto:{email}[{author}]\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjwillikers%2Fopenbsd-router","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjwillikers%2Fopenbsd-router","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjwillikers%2Fopenbsd-router/lists"}