280 VMs deployed and 20 available 🐡
Your VM is a clean install of OpenBSD 6.5-release. You can ssh into it:
$ ssh username@XXX.XXX.XXX.XXX OpenBSD 6.5 (GENERIC) #3: Sat Apr 13 14:42:43 MDT 2019 ... $
Get the password from ~/.ssh/authorized_keys and switch to root.
$ awk '{print$NF}' .ssh/authorized_keys
XXXXXXXXXXXXXXXXXXXXXXXXXX
$ su -
Password:
#
Add your username to /etc/doas.conf:
# echo 'permit username' > /etc/doas.conf #
Update /etc/pf.conf, test, and load it:
# echo 'pass in quick proto { icmp, icmp6 } all' >> /etc/pf.conf
# pfctl -nf /etc/pf.conf
# pfctl -f /etc/pf.conf
# pfctl -sr
block return all
pass all flags S/SA
block return in on ! lo0 proto tcp from any to any port 6000:6010
block return out log proto tcp all user = 55
block return out log proto udp all user = 55
pass in quick proto icmp all
pass in quick proto ipv6-icmp all
#
Check 6.5 errata and apply available patches.
# syspatch ... Relinking to create unique kernel... done; reboot to load the new kernel Errata can be reviewed under /var/syspatch # reboot Connection to XXX.XXX.XXX.XXX closed by remote host.
There are currently a couple of known issues.
It's possible the clock to drift at some point. When this becomes severe you can also add a workaround in cron for it:
*/15 * * * * /usr/sbin/rdate -s pool.ntp.org
The issue is known to the OpenBSD developers and they are investigating solutions.
The other issue which can cause some headache is connectivity loss. As a workaround run ping from cron:
*/5 * * * * /sbin/ping -c3 <your gateway> > /dev/null
Alternative is to run ping in tmux with something like:
@reboot /usr/bin/tmux new -d 'while true; do ping -i5 <your gateway>; done' \;