Hi, I'm trying to get a NixOS VM up and running on OpenBSD, but I'm struggling to set up networking.

I'm following the instructions at dataswamp.org/~solene/2021-05-

I followed the steps, but substituted with my IPs.

I used 192.168.0.167/24 in place of 192.168.1.151/24 in the tutorial and for router's IP 192.168.0.1 in place of 192.168.1.254

Unable to access the network. Any pointers will be appreciated.

Follow

Okay, I've found familug.github.io/using-virtua
Will try this in the meantime.

At this point, I would like to get either Alpine Linux or NixOS working.

I want to be able to use /some/ Linux distribution to run certain software that OpenBSD cannot.

· · Web · 1 · 0 · 0

@samebchase can you ping the OpenBSD host using my setup?

@solene no, but I was able to do the reverse.

For the time being, I tried using an old router to create an ethernet interface by creating a repeater, but this is proving too painful and slow. In the past, I remember that changing the channel caused less interference, but I'm not able to figure out how.

In the FAQ, there are 4 options for networking. openbsd.org/faq/faq16.html#VMM

Assuming, I only have wireless n/w for the time being, shouldn't Option 2 listed there work fine? I'm trying that now.

@solene
gist.github.com/samebchase/992

PF rules are there.

I'm guessing I need to add:

```
match out on egress from 100.64.0.0/10 to any nat-to (egress)
pass in proto { udp tcp } from 100.64.0.0/10 to any port domain \
rdr-to $dns_server port domain
```
to them.

@samebchase if you want to see if pf is making troubles, you can add a pass in quick on tap or disable pf and see if you can ping the host from the VM :)

I don't know your rulesets but you may need to allow some stuff ;)

@solene Okay now I've started with vmctl -L option, and now I am able to ping host from VM, and VM from host using the IP listed for the tap0 interface. 🙏 🤩

Now, I am not able to connect to the internet from inside the VM, so I will add those PF rules given in the FAQ, or just temporarily disable PF altogether, and see if it is working.

@samebchase I'll review my text to see if I made a mistake somewhere

@solene Okay, now I have added the PF rules exactly as given in the FAQ reloaded by pf -f /etc/pf.conf For $dns_server I've given the IP of my router, not sure if that is correct.

enabled IP forwarding by running sysctl net.inet.ip.forwarding=1

Now, I am able to ping the VM from host on 100.64.1.3 and from the VM I am able to ping the tap0 interface on 100.64.1.2 and this is added to /etc/resolv.conf as well.

Current state of files: gist.github.com/samebchase/992

@solene However not able to access the internet. I was briefly able to, but now I am unable to again. :blobpats:

@solene Good news, after doing a pf flush all, I am able to access the internet from inside the VM. Running `nixos-install` now. Hopefully, it's able to fetch all the packages it needs.

@samebchase Nice! What did you do wrong?

Or what was wrong in my guide?

@solene PF flush all did the trick. From what I understand as PF is a stateful Firewall, my hunch is that it got into some intermediate state. (Can this happen? Just a guess from my side...)

I'm using the vanilla configs mentioned by you in your post, and Option 2 mentioned in the networking part of the virtualization FAQ.

My headaches basically were due to not having ethernet, so I can't do the bridge config that your post mentions.

Truly, I am grateful for all the help. 🤩 🙏 2:30 AM now.

@redcepelin @solene
I did `pfctl -F all`.

Is there a better way?

@solene Also, enabling IP forwarding for ipv6 is required. Just simple IP forwarding for ipv4 was not working.

@samebchase @solene -F all removes all rules, reinstall them with pfctl -f /etc/pf.conf afterwards
Sign in to participate in the conversation
Mastodon

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!