Unofficial Guide to Install OpenBSD on a Dedicated Server

Posted by face on October 14, 2007

Update: I have dumped for poor customer service and slow connectivity to my "100Mbps" dedicated server. I now lease my servers from and couldn't be happier.
I used to lease 6 dedicated servers from 1&1. I used to like 1and1 because they had an excellent network backbone that peers with about everyone (though now it is slow and I think oversold where my dedicated servers were). Combined with their raw network speed is all the automated tools I need for self service (serial console, web based hard boot, web based rescue boot into linux, web based reimage, dns). Customer service is adequate if you have no problems (24x7 fast to answer the phone, however, they can't do much as their systems are automated and they don't have two way communication with Admins). is German engineered...go figure. They offer managed services as well (windows) but if you are reading this guide you probably don't need that!

I love OpenBSD because it is lean, fast, secure, free, and did I mention secure. I started using OpenBSD many years ago for firewalls. These days I use it for everything that doesn't need massive thread scaling (java or MySQL at high load MP hardware). What a bonus to have the best firewall on the market built into every server.

This Guide comes with no guarantee or warranty, either expressly or implied, that this guide will work as expected, or at that this Guide will even work at all.

I noticed is leasing AMD based servers these days. While the process in this guide should work, all the binaries in this guide are currently i386.


  1. Get/Make a OpenBSD boot image with serial port console at 57600 baud.
  2. Boot your 1and1 server from the boot image.
  3. Install OpenBSD.
  4. Post Installation Tasks.

jump to end

back to contents
1. Get/Make a OpenBSD Boot image with serial port console at 57600 baud.

The first thing you will need is a i386 OpenBSD boot image with the console directed to the serial port. You can use mine below. OpenBSD provides the original boot image cdrom41.fs with the console sent to video card and keyboard.

Here are the steps I used to create these boot images:
       cdrom39serial.fs (i386)
       cdrom40serial.fs (i386)
       cdrom41serial.fs (i386)
       cdrom42serial.fs (i386 - built from 4.2-stable)

Before OpenBSD 4.2, a cdrom41.fs was included in the distribution so you could just grab it from the OpenBSD ftp server. However, starting with 4.2, it is no longer included in the distribution set. You can try the following with floppy42.fs from the distribution. However, what I did was grab a copy of cdrom42.fs left around when following 4.2-stable. You will find it after a build on your filesystem at /usr/obj/distrib/i386/ramdisk_cd/cdrom42.fs

# Asumption, you have just built 4.2 from source code:

cp /usr/obj/distrib/i386/ramdisk_cd/cdrom42.fs /tmp/cdrom42serial.fs
cd /tmp
sudo su
vnconfig -c svnd0 cdrom42serial.fs
mount /dev/svnd0a /mnt
mkdir /mnt/etc
echo "set tty com0" > /mnt/etc/boot.conf
echo "stty com0 57600" >> /mnt/etc/boot.conf
umount /dev/svnd0a
vnconfig -u svnd0

If you don't have a running BSD system, follow the guide and wget mine below. My boot image is OpenBSD's with only above changes.

You can view one of these cd boot images from linux with the following command:

modprobe loop ufs
mount -o loop,ro -t ufs -o ufstype=44bsd cdrom42serial.fs /mnt

back to contents
2. Boot your 1and1 server from the boot image.

WARNING: THESE NEXT STEPS DESTROY ALL FILESYSTEMS ON YOUR 1and1 HARD DISK First, back up anything you want to keep on your 1and1 server. This step will destroy the partition table on the HD and make it difficult to get any old data. Though if this is a virgin system you just rented from 1and1, you don't need to save anything and can skip any backups.

Now connect to the console of your 1and1 server in a terminal window (i.e. ssh to the special user at from your 1and1 web based control panel and enter the special password copied from the control panel).

Now that you have saved anything you want of your old linux system, go to the 1and1 control panel and use the recover tool to reboot into 'Linux Rescue System (debian/woody - 2.6.x)'. You should be able to watch it boot on the serial console. Note: the 2.4 rescue option doesn't have enough space on the ramdisk to temporarily store the bsd boot image, so use the 2.6 rescue. An alternative to using space on the ramdisk is to put cdrom41serial.fs on the hard drive before you start. Then mount the hard drive from rescue mode, cd to the correct directory and continue with the dd command below).

So now log onto the 2.6 rescue system as root and paste the following commands:

dd if=cdrom42serial.fs of=/dev/hda bs=64k
Now reset your system to boot in normal mode through 1and1's control panel. The familiar OpenBSD install kernel should boot up one your serial console.

back to contents
3. Install OpenBSD.

You are now going to do a network (ftp or http) install. You should still buy your OpenBSD CDs and T-shirts, as well as give donations.

The install is standard except for the following exceptions:

  • Your partition table thinks your hard drive is the size of a some cd boot image
  • You need some manual network configuration to install.
  • During the install you should select 'yes' to start ntpd.
  • During the install you should select 'yes' serial console.
  • During the install you should set the serial console 57600.

  • For the standard part of the install here is the OpenBSD install guide.

    The partition table on wd0 from the cd image we dd'ed will confuse the OpenBSD installer. The first time you configure the root disk (wd0), saying yes use the entire disk will not work. To get around this, simply say yes, use entire disk. Then after it drops you into disklabel run the commands 'z' followed by 'w', followed by 'q'. This will zero the partition table and quit disklabel. The OpenBSD installer will say "ERROR: No root partition (wd0a)." and loop back and now you can now say "Yes" use *all* wd0 for OpenBSD and lay out your partition table as normal (i.e use 'a' to add partitions). Please see the disklabel drive layout section in the typescript that goes with this guide.

    The network has some special configuration that 1and1 uses to keep people from sniffing their neighbors. Linux dhcp seems to figure this all out automatically but OpenBSD does not. During the install we configure the network for dhcp and set the manual configuration option as well. Please see the network configuration section of the typescript that goes with this guide. Once you drop into the shell for manual configuration cut and paste the following commands:
    route add -llinfo -iface -net -ifp vr0
    route add -net default
    ping -c 1
    Of course the ping should work. If not make sure /etc/resolv.conf is correct. Now complete the OpenBSD installation. Don't forget to select the serial console option and 57600 baud rate during the install. After your "CONGRATULATIONS!" halt the system and press any key to reboot. Note: Sometimes during this reboot, some systems will not come back and I have to reset it with the 1and1 control panel.

    back to contents
    4. Post Installation Tasks.

    Log back onto the serial console as root after it boots (you have no network yet). The following commands will switch off dhcp and fix your network boot configuration for 1and1 to be static. Here is the typescript that goes with this guide.
    echo inet `ifconfig vr0  | sed -n 's/.*inet \(.*\) netmask.*/\1/p'` NONE  > /etc/hostname.vr0
    echo '!route add -llinfo -iface -net -ifp vr0' >> /etc/hostname.vr0
    echo > /etc/mygate
    Now Lets get your network running and install a firewall:
    route add -llinfo -iface -net -ifp vr0
    route add -net default
    ping -c 1
    lynx -source > /etc/pf.conf
    lynx -source > /etc/ntpd.conf
    echo 'pf=' >> /etc/rc.conf.local
    pfctl -f /etc/pf.conf # Add -e if you didn't already enable pf above
    # I assume you want a web server on this box
    echo 'httpd_flags=' >> /etc/rc.conf.local
    If you have a HyperThreaded box, configure the multi-processor kernel:
    echo 'set image' >> /etc/boot.conf
    Now reboot. The system should come back up and be on line. Again sometimes, this first reboot doesn't and I need to reset to Normal system in the control panel. After I get it back the system will reboot normally.

    Your almost done, now you should patch OpenBSD to the latest eratta. As I maintain several boxes, I follow stable and then make a new patched release set to install on my other boxes (of course then you can skip all the ip6 steps with your patched release). After you have a patched kernel running, you can enable ip6 if you want by removing the block ip6 line from /etc/pf.conf.

    In a nutshell this is how I make a patched release (Note: This cvs update and compile take lots of cpu time and bandwidth. An alternative is applying patches by hand). :
    # Assming you have downloaded the src to /tmp
    csh  # I use tcsh added with pkg_add and PKG_PATH...hence the csh syntax bellow
    setenv CVSROOT ""# pls choose your mirror
    cd /usr/src
    tar xpfz /tmp/src.tar.gz
    tar xpfz /tmp/sys.tar.gz
    cd /usr
    cvs -q up -P -rOPENBSD_4_2 src  # This will take a while
    cd src/sys/arch/i386/conf
    /usr/sbin/config config GENERIC.MP # Use GENERIC for non HT or Dual CPU
    cd /guides/
    make clean && make depend && make
    # if you did not do the 'set image' step above, then just 'make install'
    rm -f /
    ln / /
    cp bsd /nbsd
    mv /nbsd /
    # Log back in as root after reboot, you should see the kernel now
    # has a name like "OpenBSD 4.2-stable (GENERIC.MP) #0".  The -stable means
    # the eratta patches where applied.
    cd /usr/src
    rm -rf /usr/obj/*
    cd /usr/src
    make obj
    cd /usr/src/etc && env DESTDIR=/ make distrib-dirs
    cd /usr/src
    make build
    # This will take a while
    # When the build completes, your system is up to date.  If you have
    # only 1 machine, you are done.  However, I need patched distribution sets
    # for my other boxes:
    # assuming you are in csh
    setenv DESTDIR /usr/dest
    setenv RELEASEDIR /usr/rel
    cd /usr/src/distrib/crunch && make obj depend all install
    test -d ${DESTDIR} && mv ${DESTDIR} ${DESTDIR}.old && rm -rf ${DESTDIR}.old &
    mkdir -p ${DESTDIR} ${RELEASEDIR}
    cd /usr/src/etc
    make release

    If it all worked, let the folks at OpenBSD know:

    You are done! Go get some sleep.

    Here are vanilla configuration files that would work at (about what your's look like after completing this guide: just change in the files below to your IP from 1and1. Leave all other numbers the same).

    /etc/rc.conf.local /etc/hostname.vr0 /etc/pf.conf /etc/mygate /etc/ntpd.conf

    Here is another link to my 57600 serial console cd boot images:
    cdrom39serial.fs (i386) (md5: a56f49835d6739d4b22de505d327158c)
    cdrom40serial.fs (i386) (md5: 186f9fde8320343bf66a348d07b56098)
    cdrom41serial.fs (i386) (md5: 3c472a842a286f1c63f2b47746372eb8)
    cdrom42serial.fs (i386) (md5: ec83af2cce71afcc7b449f05617e2f53)

    Here is the typescript for this guide.

    I don't recommend ordering anything from 1&1. All their customer service can do is say we will send a message to an Admin, Please check back in 24 hours...


    Thanks for stopping by.

    ©2006-2007 MyUtil
    back to top

    Digg! Delicious! Technorati Blinklist Furl Reddit

    Leave a response