OpenBSD memo notes

Here I’m gonna be collecting random notes on OpenBSD, could be of help to other people as well.

This is probably going to be WIP forever, as I learn more, change configuration, etc.

I use amd64 snapshot version, you might want to use the last stable one (maybe even for a different arch)


At one of the mirrors grab either amd64/installXY.fs or amd64/installXY.iso, depending on if you want to install from a USB flash drive or burn a CD. *.fs needs to be dded to the flash drive itself directly. See Creating Install media.

There is not going to be any WIFI firmware present on the installation media, so there are a few options to choose from before booting. The media has all the “sets” to install the system from already, so it’s not really required. In case it is required however, it’s best to use Ethernet, or USB tethering on your Android (hopefully) phone, which will most likely show up as urndis0 interface and the installation process will use that. Another idea is to copy the required firmware on the media and then drop into shell after booting, doing the necessary procedures to make OpenBSD see the firmware in the right place and configure the network interface, then continuing with the installation. I haven’t gone this path.

Now reboot and go to your…

BIOS settings

Chances are, you might need to disable all the crap that isn’t going to work in OpenBSD anyway, anything you can think of that isn’t a high priority. It’s best to install the system first, then enable those things back one by one in case you need any. Thunderbolt, bluetooth, WWAN come to mind.

When it comes to hyperthreading support, keep it enabled. I tried having it disabled, OpenBSD behaved in very strange ways, eating one core to 100% at all times.

FIXME add full-disk encryption, bioctl


See /etc/examples.

cp /etc/examples/man.conf /etc/examples/doas.conf /etc/

Now you can read extra man pages and invoke doas, which is like sudo but not sudo.


# get VM some of that internet

# don't go suspending with the lid down

# very questionable considering OpenBSD disabled
# hyperthreading for a reason, but just to show
# how to enable it


# I don't use touchpad, trackpoint is my friend


That file is supposed to be modified by rcctl mostly. Check the man page.

# APM: performance mode 100%

# rcctl enable vmd
# that's for VMs later

# rcctl enable xenodm
# X server

# that's the interface we gonna use with VMs
# they will need DHCP working

# nice thing about sndio, you get loopback recording for free
sndiod_flags=-s default -m play,mon -s mon


Virtual machines. I have 9front and Alpine. Both disabled by default, they can be started like so: vmctl start 9front. Add -c to get into serial console, at least in the beginning, in case you don’t have those qcow2 images ready from somewhere else, in which case use vmctl create ....

vm "9front" {
        memory 2048M
        disk "/home/ftrvx/v/9front.qcow2"
        #cdrom "/home/ftrvx/v/9front.iso"
        owner ftrvx
        interface {
                lladdr 52:54:00:00:EE:03
                switch "uplink"

vm "alpine" {
        memory 2048M
        disk "/home/ftrvx/v/alpine.qcow2"
        #cdrom "/home/ftrvx/v/alpine-virt-3.11.3-x86_64.iso"
        owner ftrvx
        interface {
                lladdr 52:54:00:00:EE:04
                switch "uplink"

switch "uplink" {
        interface bridge0




add vether0

Run /etc/netstart vether0 and /etc/netstart bridge0 to get it up if you need it right now.


That’s the WIFI. Your interface name might have a different name, see ifconfig.

join someAPnameHere wpakey superpassword123
join someOtherAP wpakey totallydifferentpassword123


OpenVPN in case you need it, pkg_add openvpn; mkdir -p /etc/openvpn, and copy the config to that directory.

!/usr/local/sbin/openvpn --daemon --config /etc/openvpn/myvpnconfig


VMs are gonna need this service.

subnet netmask {
	# ip range to give away

	# that's host's IP address on vether0
	option routers;

	# you might want to configure something else here ofc
	option domain-name-servers;


This pretty much depends on what you want to use as your WM or DE. I use i3. Do a chmod +x ~/.xsession after editing.


export LC_CTYPE=en_US.UTF-8

# dmenu caches stuff, refresh on every session
rm -f ~/.cache/dmenu_run
# and make sure it sees everything in ~/bin
export PATH="$HOME/bin:$PATH"

# caps as ctrl
# left ctrl to switch between layouts
# right ctrl as the compose key
setxkbmap 'se(nodeadkeys),ru' -option grp:lctrl_toggle,grp_led:scroll,ctrl:nocaps,compose:rctrl

# higher key repeat rate
xset r rate 150 40

# uncomment if you have any specific settings there
#xrdb -merge ~/.Xresources

# clean things up and run i3
rm -rf /tmp/i3-*
unset I3SOCK
exec i3


plan9.ini needs console=0 in order for the vmctl console to be usable.

Makes sense to add monitor=none as well.

If you don’t like 9front to be using dhcp, provide a configuration in /lib/ndb/local. With previous virtual network config the gateway should be set: ipgw= Your VM’s ip address should be in range.



Last update: July 27, 2020 09:46AM

May 07, 2021 05:41AM
hey sigrid, probably not the best place to contact you, but idk else how to reach you. i'm subscribed to your RSS feed, which doesn't update (i think) even if you're updating them constantly. i use newsboat as my reader. perhaps i'm doing something wrong? anyway, i thought of lettting you know. take c care
Leave a comment. Email addresses are not stored.