The One Euro OpenBSD Server

September 22, 2024

For quite some time I have been on the lookout for a cheap, small virtual server for one or two toy projects. My unspoken requirements were the ability to install OpenBSD, having IPv6, and that the hoster is not completely shady.

While lowering the bar for “cheap”, picking all three seems to become quite difficult. Unfortunately, since most hosters use some Linux QEMU/KVM stack nowadays, OpenBSD’s installability was almost always the least problematic.

Without further ado, except, of course, stating that I have not received any money from this hoster for this post, I will name them once and then only describe technical details, hopefully transferable to other hosting scenarios.

The hoster is STRATO, one of the bigger and older ones in Germany, and they offer so called “Budget Linux V-Servers”, where the cheapest, VC 1-1, comes with 1 vCore, 1G RAM, 10G storage, and one IPv4 plus one IPv6 address for one Euro per month.

This may sound weak by today’s standards, but it is enough for me. Maybe a little more storage would be nice, but for one Euro I cannot complain (or even buy a bread roll anymore).

Install OpenBSD From Linux

Most hoster offer a selection of (sometimes outdated) GNU/Linux distributions, but a BSD option is uncommon. This, however, is no problem as one can utilize a Linux - I prefer Debian - to install OpenBSD.

The used technique is not novel and I have read variants in various places, noticeable this older misc@ mailing list post.

Start by booting the (still Linux) VM and download the bsd.rd file of the latest OpenBSD release.

root@debian:~# wget -O /openbsd.rd \
  https://cdn.openbsd.org/pub/OpenBSD/7.5/amd64/bsd.rd

Then take a look at the partitions and find out which partition of which “disk” contains /openbsd.rd.

root@debian:~# fdisk -l
[snip]

Device      Start      End  Sectors  Size Type
/dev/vda1  262144 20971486 20709343  9.9G Linux root (x86-64)
/dev/vda14   2048     8191     6144    3M BIOS boot
/dev/vda15   8192   262143   253952  124M EFI System

For me, there is only one disk and the entire Linux file system resides on the first partition.

This information is enough to create a new GRUB boot record, stating that on

• the first disk (zero-based) - hd0 -
• the first partition (one-based now, of course) - hd0,1-
• contains a file named /openbsd.rd.

With this information, a boot entry like the following can be appended to /etc/grub.d/40_custom.

root@debian:~# tail -n4 /etc/grub.d/40_custom
menuentry "OpenBSD" {
  set root=(hd0,1)
  kopenbsd /openbsd.rd
}

Since a human being will be using GRUB later, the GRUB_TIMEOUT should be a reasonable number. For me, a later overwrite in /etc/default/grub.d/15_timeout.cfg set this variable to zero. As the last file wins, make sure it contains GRUB_TIMEOUT=10.

root@debian:~# vi /etc/default/grub{,.d/*}

Finalize the setup on the Linux side by updating GRUB based on the changes just made.

root@debian:~# update-grub

Install From GRUB

Now is the perfect moment to launch the hoster’s web-based VNC console. When it is up and running - showing the Debian login - type a final reboot in your session and wait for the VNC console to show GRUB. If it shows up, select “OpenBSD” and proceed.

For me, the installation wizard just worked and I mostly went with the suggestions.

The only limitation - perhaps due to an incorrect keyboard layout - was the unavailability of the “Shift” modifier key, but only for special characters. So I was unable to get a list of all mirror servers, just went with the first one by typing 1.

Finishing Touch on OpenBSD

After the installation succeeded, reboot into your freshly installed OpenBSD. Congratulations!

There are a few things one might want to do first, like, e.g., installing patches via syspatch or configuring sshd to only accept public key-based logins via PasswordAuthentication no. But this is out of this post’s scope.

However, at least for my specific hosting situation, one tweak to the network configuration was necessary. On OpenBSD (at least for now, being at 7.5), the dynamic address configuration supports DHCP for IPv4 and SLAAC for IPv6. My hoster, however, stated that DHCPv6 is necessary for the IPv6 configuration. Not wanting to install another DHCP client just for that, I searched the web for older documentation and found a configuration without the need for DHCPv6.

Setting the IPv6 address shown in the hoster’s web interface with a prefix length of 128 - being one address, not a block - and using fe80::1 as the gateway was enough to make it work. Interestingly, a very similar setup was necessary for another machine at a totally different hoster.

user@openbsd:~> doas cat /etc/hostname.vio0
inet autoconf
inet6 2001:db8::1 128  # Put your IPv6 address here!
!route add -inet6 default fe80::1%vio0

Outlook

The new server is running smoothly so far. I have not experienced any hiccups, network issues or the like. Since one of its first tasks is hosting this blog, find out how it works in the future.