Digitalocean images freebsd

From wikinotes

FreeBSD is officially supported by digitalocean.
This page documents some quirks and workarounds.

Login

login as freebsd on first build

Enabling IPV6

DigitalOcean offers 16x free ipv6 addresses with each droplet.
This has instructions, also see the Official digitalocean ipv6 guide.

1. Set Static IPs, and default routes

You can find the IP addresses, and netmasks on your droplet's Network page. 

# /etc/rc.conf

defaultrouter="${IPV4_DEFAULTROUTER}"
ipv6_defaultrouter="${IPV6_DEFAULTROUTER}"
ipv6_activate_all_interfaces="yes"

ifconfig_vtnet0="inet ${IPV4_ADDR} netmask ${NETMASK}"
ifconfig_vtnet0_ipv6="inet6 ${IPV6_ADDR} prefixlen 64"

2. Enable IPV6 gateway

If moving packets between network inferfaces, enable gateway for ipv6. 

# /etc/rc.conf

# if moving packets between ifaces
gateway_enable="YES"
ipv6_gateway_enable="YES"

3. Create network interface aliases for all ipv6 addresses.

If you plan to use more than one of the 16 assigned ipv6 addresses, create network interface aliases for them. 

# /etc/rc.conf

# create public ipv6 aliases
ifconfig_vtnet0_alias0="inet6 ${YOUR_DO_IPV6}:f002 prefixlen 64"

# OR
ifconfig_vtnet0_aliases="\
                      inet6 ${YOUR_DO_IPV6}:f002 prefixlen 64 \
                      inet6 ${YOUR_DO_IPV6}:f003 prefixlen 64 \
                      inet6 ${YOUR_DO_IPV6}:f004 prefixlen 64 \
                      inet6 ${YOUR_DO_IPV6}:f005 prefixlen 64 \
                      inet6 ${YOUR_DO_IPV6}:f006 prefixlen 64 \
                      inet6 ${YOUR_DO_IPV6}:f007 prefixlen 64 \
                      inet6 ${YOUR_DO_IPV6}:f008 prefixlen 64 \
                      inet6 ${YOUR_DO_IPV6}:f009 prefixlen 64 \
                      inet6 ${YOUR_DO_IPV6}:f00a prefixlen 64 \
                      inet6 ${YOUR_DO_IPV6}:f00b prefixlen 64 \
                      inet6 ${YOUR_DO_IPV6}:f00c prefixlen 64 \
                      inet6 ${YOUR_DO_IPV6}:f00d prefixlen 64 \
                      inet6 ${YOUR_DO_IPV6}:f00e prefixlen 64 \
                      inet6 ${YOUR_DO_IPV6}:f00f prefixlen 64"

4. Create network aliases for ipv4 jails (if not vnet jails)

If hosting regular non vnet jails, you may need to create ipv6 aliases for your jails. 

# /etc/rc.conf

# create private ipv4 clone addrs
cloned_interfaces="${cloned_interfaces} lo1"
ifconfig_lo1_aliases="\
                      inet 192.168.32.1/24 \
                      inet 192.168.32.2/24 \
                      inet 192.168.32.3/24 \
                      inet 192.168.32.4/24 \
                      inet 192.168.32.5/24 \
                      inet 192.168.32.6/24 \
                      inet 192.168.32.7/24 \
                      inet 192.168.32.8/24 \
                      inet 192.168.32.9/24 \
                      inet 192.168.32.10/24 \
                      inet 192.168.32.11/24 \
                      inet 192.168.32.12/24 \
                      inet 192.168.32.13/24 \
                      inet 192.168.32.14/24 \
                      inet 192.168.32.15/24"

5. Adjust firewall

Make sure your firewall allows expected traffic through ipv6 

sudo pfctl -sr  # examine rules

6. Restart your network and test 

# restart networking
sudo service netif restart
sudo service routing restart

After adding ip aliases, I needed to reboot to be able to SSH again.


WARNING:

In FreeBSD-12.1 images, digitalocean adds their own service that wipes your network config every reboot.
disabling the service in /etc/rc.conf had no effect.
I needed to rename the service to stop it from wiping my network configuration. 

mv /usr/local/etc/rc.d/digitalocean /usr/local/etc/rc.d/digitalocean.orig


Retrieved from "http://willpittman.net:8080/index.php?title=Digitalocean_images_freebsd&oldid=26623"