Operating System Installation

This section provides a basic overview of the steps required to install and configure a Gateway operating system. It should not be considered a substitute for the operating system documentation. When in doubt, please consult the official documentation for more information.

Before beginning your Gateway operating system installation, you will first need to obtain the appropriate installation media for your hardware. There are many Linux distributions and several NetBSD and FreeBSD versions to choose from. In this document, we describe how to use Fedora Core 6, FreeBSD 6.2 or NetBSD 3.1 to build a working VPN Gateway. Please visit the web site of your preferred operating system to download and burn the corresponding ISO images as CDs.

If you are unfamiliar with Fedora Core 6, it is recommended that you read the Installation Guide before beginning the installation. Once you feel comfortable, boot the Gateway computer using the first installation disc. You will be presented with a boot prompt to select a user interface mode. We will be using the text based installation mode so enter the following at the boot prompt and press enter.

The Fedora Core text installer should now be loaded. The arrow and tab keys can be used to navigate the dialogs. The space key can be used to toggle options and the enter key can be used to activate the button selections.

The fist dialog presented will ask you if you would like to test the CD media before installation. If the CD burning software you used already verified the CD media, select Skip to continue with the installation. Otherwise, select OK and follow the prompts to perform the testing. Once you are presented with a Welcome screen, press the Enter key to continue.

To select the language, use the arrow keys to navigate up and down. Once your desired language is highlighted, use the tab key to select OK and press Enter to continue. This guide assumes the English option will be selected.

To select your keyboard model, use the arrow keys to navigate up and down. Once your desired model is highlighted, use the tab key to select OK and press Enter to continue.

The installer program will now examine your hard drive partitions. In the event that there is no partition table, the installer will ask you if you would like to initialize one. If so, use the tab key to select Yes and press Enter to continue. If you have an existing partition table, you will select the Remove all partitions on selected drives and create default layout option. Use the tab key to select Ok and press Enter to continue. The installer will then ask you to confirm the deletion of all partitions, use the tab key to select Yes and press Enter to continue. When asked if you to review the Layout, select No and press Enter to continue. Depending on your available memory, you may be asked if to enable the swap space immediately. If so, use the tab key to select Yes and press Enter to continue.

The installer program will now ask you to enter configuration information for your network interfaces. We will only be concerned with eth0 and eth1 which will be used as the public and private gateway interfaces.

Linux Interface Name	Gateway Interface	IP Address	Prefix
eth0	public	10.1.1.1	24
eth1	private	10.1.2.1	24

For eth0, use the arrow and space keys to highlight and disable both the Use dynamic IP configuration (DHCP) and Enable IPv6 support options. Make sure the Activate on boot option is enabled. Then use the arrow keys to select the IPv4 address field and enter the public address as 10.1.1.1 with a Prefix of 24. Use the tab key to select Ok and press Enter to continue.

For eth1, use the arrow and space keys to highlight and disable both the Use dynamic IP configuration (DHCP) and Enable IPv6 support options. Make sure the Activate on boot option is enabled. Then use the arrow keys to select the IPv4 address field and enter the private address as 10.1.2.1 with a Prefix of 24. Use the tab key to select Ok and press Enter to continue.

The installer program will now ask you to enter some optional network settings. If you plan to connect the private interface of your gateway to an existing IP network, it is recommended that you use the appropriate parameters for these options. If you plan to isolate the test environment completely from your existing network, you can leave these options blank.

The installer program will now ask you to enter the hostname configuration. Since DHCP will not be used, select the manual option and enter a hostname value in the field provided. You can use any name you want but for the purposes of this document, we will use the hostname fedora. After entering your hostname, use the tab key to select Ok and press Enter to continue.

To select your Time Zone, use the arrow keys to navigate up or down. Once your desired zone is highlighted, use the tab key to select OK and press Enter to continue.

To enter the root password, type a password you won't forget into the provided field. You will need to retype the password again in the next field to ensure no mistakes were made. A strong password with at least eight characters including one upper case and one numeric is recommended. Once you have finished, use the tab key to select OK and press Enter to continue.

The installer program will now ask you to enter your package selection. Use the arrow and space keys to disable the Office and Productivity option and enable the Software Development option. You should also enable the Customize Software Selection so you have an opportunity to disable unwanted package groups. Use the tab key to select OK and press Enter to continue. When presented with the Package Group Selection screen, you can optionally disable the following package groups which are not required for the VPN Gateway to operate.

Once you have made your final selections, use the tab key to select OK and press Enter to continue.

The installer will now run a dependency check for the package list followed by a screen that informs you that the installation is about to begin. Use the tab key to select OK and press Enter to continue. You will then be presented with a dialog that lists the CDs required for the installation. Pay careful attention because the default action selected will reboot your system. Use the tab key to select Continue and press Enter. The system will now create your partitions, format the file systems, copy all required operating system files and install your selected packages. You may be prompted to insert additional CDs as the installation continues. Once complete, the installer will ask to confirm a reboot of your newly installed operating system. Remove any CDs that may be in the drive and press Enter to continue.

After the system reboots, Fedora will load the setup utility which allows you to configure several operating parameters. This same tool can be run later by typing setup from a command line using the root account. For now, you can use the Tab key to select Exit and press Enter to continue.

If you are unfamiliar with FreeBSD, it is recommended that you read the Installing FreeBSD section of the FreeBSD Handbook before beginning the installation. Once you feel comfortable, boot the Gateway computer using the first installation disc.

The fist dialog presented will ask you for your country selection. To select your country, use the arrow keys to navigate up or down. Once your desired country is highlighted, press Enter to continue.

You should now be in the root menu of the sysinstall program. The arrow and tab keys can be used to navigate the dialogs. The space key can be used to toggle options and the Enter key can be used to activate the button selections. To begin a custom installation, use the arrow keys to highlight Custom and press Enter to continue.

From the Custom Installation menu, select the Partition option and press Enter to continue. This will load the FreeBSD FDISK Partition Editor. Any existing partitions and unused space are listed in the center of the screen and a command reference is listed at the bottom of the screen. The simplest way to proceed is press the A key which will instruct FreeBSD to use the entire disc. Next, press the Q key to quit the editor. The install process will now ask you to select a boot manager option for the target drive. Because the Gateway will only be running FreeBSD, select the Standard option and press Enter to continue.

From the Custom Installation menu, select the Label option and press Enter to continue. This will load the FreeBSD Disklabel Editor. FreeBSD uses disklabels to subdivide the partition into logical sections. Any existing labels will be listed in the center of the screen and a command reference is listed at the bottom of the screen. The simplest way to proceed is press the A key which will instruct FreeBSD to use the automatic defaults. Afterwords, press the Q key to quit the editor.

From the Custom Installation menu, select the Distributions option and press Enter to continue. You will then be presented with a screen that allows you to select the distribution sets to be installed. Use the arrow keys to select the 4 Developer option and press the space key to continue. Afterwards, you will be asked if you would like to install the FreeBSD ports collection. Use the tab key to select No and press Enter to continue. Use the arrow keys to select the X Exit option and press the Enter key to continue.

From the Custom Installation menu, select the Commit option and press Enter to continue. The sysinstall program will now ask you to select an installation media. Because we are using an install CD as the media, make sure the CD/DVD option is highlighted and press the Enter key to continue. You will then be prompted with a message asking for confirmation before proceeding with the installation. Press the Enter key to continue. The system will now create your partitions, format the file systems and copy all required operating system files. Next, you will be asked if you would like to visit the general configuration menu for a chance to set any last options. Use the tab key to select Yes and press Enter to continue.

From the Configuration menu, select the Root Password Option and press Enter to continue. When prompted, type a password you won't forget and press Enter to continue. You will be prompted to repeat this process again to ensure no mistakes were made. A strong password with at least eight characters including one upper case and one numeric is recommended.

After leaving the Network Services interface, you will be placed back in the Custom Installation menu. From here, you need to select the X Exit option and press Enter to continue. Now that you are at the Main Menu, use the tab key to select the Exit Installation option and press the Enter key to continue. You will be asked to confirm. Use the tab key to select Yes and press the Enter key to continue.

FreeBSD reads its system configuration settings from files located in the /etc subdirectory. You will need to add a few lines to the rc.conf file which will contain the setting to be applied to your network adapters at boot time. Before these lines can be added, you need to discover your Ethernet device names.

FreeBSD device names are prefixed with the device driver name that supports them. For instance, a device supported by one driver may be named fxp0 while a device supported by another driver may be name bge0. To locate your network device names, use the ifconfig command to obtain a list of available network interfaces as shown below:

ifconfig

lnc0: flags=108802<BROADCAST,SIMPLEX,MULTICAST,NEEDSGIANT> mtu 1500

ether 00:0c:29:f3:f3:af

lnc1: flags=108802<BROADCAST,SIMPLEX,MULTICAST,NEEDSGIANT> mtu 1500

ether 00:0c:29:f3:f3:b9

lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384

inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4

inet6 ::1 prefixlen 128

inet 127.0.0.1 netmask 0xff000000

For our example test environment, the host will have two Ethernet devices named lnc0 and lnc1.

FreeBSD Interface Name	Gateway Interface	IP Address	NetMask
lnc0	public	10.1.1.1	255.255.255.0
lnc1	private	10.1.2.1	255.255.255.0

To configure the devices, open the /etc/rc.conf file with a text editor and add an ifconfig line for each adapter. The line will specify the device name before the equals sign followed by the network settings contained in quotes. For example, you could add lines similar to the ones shown below:

ifconfig_lnc0="10.1.1.1 netmask 255.255.255.0"

ifconfig_lnc1="10.1.2.1 netmask 255.255.255.0"

To configure the host name, open the /etc/rc.conf file with a text editor and add a hostname line that specifies the name contained in quotes. For example, you could add a line similar to the one shown below:

The Gateway will need to support packet forwarding to operate correctly. To enable this, open the /etc/rc.conf file with a text editor and add the line shown below:

If you plan to connect the private interface of your gateway to an IP network that is larger than the interface subnet, open the /etc/rc.conf file with a text editor and add a defaultrouter line that specifies the gateway address contained in quotes. For example, you could add a line similar to the one shown below:

To configure the DNS settings, open the /etc/resolv.conf file with a text editor and add a domain line that specifies the default domain name. You can also add any number of nameserver lines that specify a name server address. For example, you could add lines similar to the ones shown below:

If you are unfamiliar with NetBSD, it is recommended that you read the Example Installation section of the NetBSD guide before beginning the installation. Once you feel comfortable, boot the Gateway computer using the installation disc.

The fist dialog presented will ask you for your installation language selection. To select your language, use the arrow keys to navigate up or down. Once your desired language is highlighted, press Enter to continue. This guide assumes the English option will be selected.

To select your keyboard type, use the arrow keys to navigate up and down. Once your desired type is highlighted, use the tab key to select OK and press Enter to continue.

You should now be at the system installation tool welcome screen. The arrow and tab keys can be used to navigate the dialogs and the Enter key can be used to activate a selection. The install tool will ask you to select one of several options. Use the arrow keys to select Install NetBSD to a hard disk and press the Enter key to continue. Next, you will be prompted to confirm the operation. Use your arrow key to select Yes and press Enter to continue.

The installation tool will now ask you to select the hard disk that you would like to install the operating system on. If you have only one hard drive, press Enter to continue. Otherwise, select the first hard drive listed and press Enter to continue.

The installation tool will now ask you to select the distribution sets to be installed. Use the arrow keys to select Custom installation and press Enter to continue. When presented with the distribution set selection screen, you can optionally disable the following sets which are not required for the VPN Gateway to operate.

The installation tool will now ask you if you would like to manually edit the partition table or use the entire disk. Use the arrow keys to select the Use the entire disk option and press Enter to continue. If the installer asks you to install the NetBSD bootcode, use the arrow keys to select Yes and press Enter to continue.

The installation tool will now ask you to create one or more disk labels. NetBSD uses Disk Labels to subdivide the partition into logical sections. Use the arrow keys to select the Set sizes of NetBSD partitions option and press Enter to continue. The installation tool will load the disk label editor with the system default values. Use the arrow keys to select Accept partition sizes and press Enter to continue. Next, you will be asked to confirm your partition configuration. Select the Partition sizes ok and press Enter to continue.

The installation tool will now ask you to enter a name for your disk. It should provide a default name enclosed in brackets. Press the Enter key to continue.

The installation tool will now ask you to confirm before writing information to your hard drive. Use the arrow keys to select Yes and press Enter to continue. The installation tool will now ask you if you would like to use a normal BIOS console ( monitor and keyboard ) or a serial port as your bootblock. To leave the default Use Bios console option, use the arrow keys to select the Exit option and press the Enter key to continue. You will now be asked to select how you would like the install progress to be presented. Leave the default of Progress bar and press Enter to continue. The install tool will now ask you to select an installation media. Because we are using an install CD as the media, make sure the CD-ROM / DVD option is highlighted and press the Enter key to continue. When asked to select the device, leave the default by using the arrow keys to select Continue and press the Enter key. The system will now create your partitions, format the file systems and copy all required operating system files. The install tool should then inform you that it is finished extracting the distribution sets to your hard drive. Press the Enter keyto continue.

The installation tool will now ask you to select a time zone. The time zone lists are organized by country or region. For example, the US central time zone would be located under the US selection. Use the arrow and Enter key to highlight and select your preferred time zone. Next, use the arrow keys to select Exit and press the Enter key to continue.

The installation tool will now ask you to select a password cipher. Use the arrow keys to highlight the MD5 option and press Enter to continue.

The installation tool will now ask you if you would like to initialize the root password. Leave the default of Yes highlighted and press Enter to continue. When prompted, type a password you won't forget and press Enter to continue. You will be prompted to repeat this process again to ensure no mistakes were made. A strong password with at least eight characters including one upper case and one numeric is recommended.

The installation tool will now ask you to select a default shell. Unless you prefer another shell, use the arrow keys to highlight the /bin/sh option and press the Enter key to continue.

The installation tool will now inform you that the install is complete. Press the Enter key to return to the main install menu. Use the arrow keys to highlight the Reboot the computer option and press the Enter key.

NetBSD reads its system configuration settings from several files located in the /etc subdirectory. You will need to add a few lines to the rc.conf file which will contain the setting to be applied to your network adapters at boot time. Before these lines can be added, you need to discover your Ethernet device names.

NetBSD device names are prefixed with the device driver name that supports them. For instance, a device supported by one driver may be named fxp0 while a device supported by another driver may be name bge0. To locate your network device names, use the ifconfig command to obtain a list of available network interfaces as shown below:

ifconfig -a

pcn0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500

address: 00:0c:29:4d:fd:99

media: Ethernet autoselect (autoselect)

pcn1: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500

address: 00:0c:29:4d:fd:a3

media: Ethernet autoselect (autoselect)

lo0: flags=8009<UP,LOOPBACK,MULTICAST> mtu 33192

inet 127.0.0.1 netmask 0xff000000

For our example test environment, the host will have two Ethernet devices named pcn0 and pcn1.

NetBSD Interface Name	Gateway Interface	IP Address	NetMask
pcn0	public	10.1.1.1	255.255.255.0
pcn1	private	10.1.2.1	255.255.255.0

ifconfig_pcn0="10.1.1.1 netmask 255.255.255.0"

ifconfig_pcn1="10.1.2.1 netmask 255.255.255.0"

If you plan to connect the private interface of your gateway to an IP network that is larger than the interface subnet, open the /etc/rc.conf file with a text editor and add a defaultroute line that specifies the gateway address contained in quotes. For example, you could add a line similar to the one shown below:

The Gateway will need to support packet forwarding to operate correctly. To enable this, open the /etc/sysctl.conf file and add the following line: