This how-to assumes that you are a somewhat experienced FreeBSD user, and understand how to use dd carefully to avoid data loss. It also assumes that you are able to restore your system to a working configuration if anything goes wrong.
There is a Synopsis/Condensed Version below for the experienced and impatient.
This nano FreeBSD server provides more granular control on my local network. It was built utilizing FreeBSD12.1 RPI3 SD Card Image available at https://www.freebsd.org/where.html
1. Download the image, unzip it, and insert the Micro SD card into a reader connected to your FreeBSD desktop or laptop computer.
2. Identify which device is the card by running “dmesg”. The output will look similar to this:
You can see in this example that the Micro SD card is /dev/da4. If you downloaded the image to your Downloads folder in your home directory, you would dd the card like this:
3. At this point, the card can be inserted into the Raspberry, it will boot and run headless. Network settings are acquired via dhcp, the default credential are freebsd/freebsd and root/root. Change these!
If you need to, you can mount the card's root partition while it’s still in the reader and change some settings before booting it:
Add options to its /etc/rc.conf, eg. static IP, if needed. Changing much else, such as attempting usernames and passwords, may cause the boot to fail or leave you locked out of the system. Additionally, there’s no need to grow the file system to fill the free space left on the card, settings in rc.conf will do that on first boot.
4. From here you can install unbound, dnscrypt-proxy, and dhcpd.
6. Add the following lines in /etc/rc.conf:
7. Create a /usr/local/etc/unbound/unbound.conf file. Here’s an example for dual stack local lan you can edit to your liking: https://pastebin.com/bpMpwJzq
Run
8. Create a /usr/local/etc/dhcpd.conf. Here’s an example for a lan: https://pastebin.com/m353wb0R
9. Start the services
Conclusion: All services should be running at this point. Mine has been working quite well, up for 3 weeks, has sped up DNS, and obviously nice to have fast encrypted DNS and FQDN for all lan hosts.
SYNOPSIS/CONDENSED VERSION
(where X=the Micro SD dev)
Insert the Micro SD Card in the Raspberry Pi3 and boot. It’s network settings set via dhcp, ssh to it, credentials are raspberry/raspberry. If you want to add additional settings before you start your pi, there’s more detailed documentation below.
And add the following line /usr/local/etc/pkg.conf:
Caveats: It was necessary to unmount /tmp to install pkg and the other binaries to prevent the installations from failing due to “filesystem full” complaints. I remounted /tmp after installing the binaries I wanted.
Add the following lines in /etc/rc.conf:
Create an /usr/local/etc/unbound/unbound.conf Example: https://pastebin.com/bpMpwJzq
Create a /usr/local/etc/dhcpd.conf. Example: https://pastebin.com/m353wb0R
Services should be running.
There is a Synopsis/Condensed Version below for the experienced and impatient.
This nano FreeBSD server provides more granular control on my local network. It was built utilizing FreeBSD12.1 RPI3 SD Card Image available at https://www.freebsd.org/where.html
1. Download the image, unzip it, and insert the Micro SD card into a reader connected to your FreeBSD desktop or laptop computer.
2. Identify which device is the card by running “dmesg”. The output will look similar to this:
#dmesg
May 15 19:52:12 kernel: da4 at umass-sim0 bus 0 scbus8 target 0 lun 4
May 15 19:52:12 kernel: da4: <Generic- USB3.0 CRW-SD/MS 1.00> Removable Direct Access SPC-2 SCSI device
May 15 19:52:12 kernel: da4: Serial Number 201006010301
May 15 19:52:12 kernel: da4: 80.000MB/s transfers
May 15 19:52:12 kernel: da4: 60272MB (123437056 512 byte sectors)
May 15 19:52:12 kernel: da4: quirks=0x2<NO_6_BYTE>
You can see in this example that the Micro SD card is /dev/da4. If you downloaded the image to your Downloads folder in your home directory, you would dd the card like this:
#dd if=~/Downloads/FreeBSD-12.1-RELEASE-arm64-aarch64-RPI3.img of=/dev/da4 bs=64k3. At this point, the card can be inserted into the Raspberry, it will boot and run headless. Network settings are acquired via dhcp, the default credential are freebsd/freebsd and root/root. Change these!
If you need to, you can mount the card's root partition while it’s still in the reader and change some settings before booting it:
#mount /dev/da4s2 /mntAdd options to its /etc/rc.conf, eg. static IP, if needed. Changing much else, such as attempting usernames and passwords, may cause the boot to fail or leave you locked out of the system. Additionally, there’s no need to grow the file system to fill the free space left on the card, settings in rc.conf will do that on first boot.
4. From here you can install unbound, dnscrypt-proxy, and dhcpd.
#pkg install unbound
#pkg install dnscrypt-proxy
#pkg install dhcpd
6. Add the following lines in /etc/rc.conf:
Code:
ifconfig_lo0_alias0="inet 127.0.0.2 netmask 0xffffffff"
dnscrypt_proxy_enable=YES
dnscrypt_proxy_flags="-a 127.0.0.2"
dnscrypt_proxy_resolver="soltysiak"
unbound_enable=”YES”
unbound_flags="-c /usr/local/etc/unbound/unbound.conf"
dhcpd_enable=YES7. Create a /usr/local/etc/unbound/unbound.conf file. Here’s an example for dual stack local lan you can edit to your liking: https://pastebin.com/bpMpwJzq
Run
#unbound-control-setup8. Create a /usr/local/etc/dhcpd.conf. Here’s an example for a lan: https://pastebin.com/m353wb0R
9. Start the services
#service unbound start
#service dnscrypt-proxy start
#service dhcpd start
Conclusion: All services should be running at this point. Mine has been working quite well, up for 3 weeks, has sped up DNS, and obviously nice to have fast encrypted DNS and FQDN for all lan hosts.
SYNOPSIS/CONDENSED VERSION
#wget [URL]http://download.raspbsd.org/FreeBSD-aarch64-12.0-GENERIC-313109M.img.gz[/URL]
#dd if=/path-to/FreeBSD-aarch64-12.0-GENERIC-313109M.img of=/dev/daX bs=64k
(where X=the Micro SD dev)
Insert the Micro SD Card in the Raspberry Pi3 and boot. It’s network settings set via dhcp, ssh to it, credentials are raspberry/raspberry. If you want to add additional settings before you start your pi, there’s more detailed documentation below.
#env ABI=FreeBSD:11:aarch64 pkg bootstrapAnd add the following line /usr/local/etc/pkg.conf:
Code:
ABI = "FreeBSD:11:aarch64";Caveats: It was necessary to unmount /tmp to install pkg and the other binaries to prevent the installations from failing due to “filesystem full” complaints. I remounted /tmp after installing the binaries I wanted.
#pkg install unbound
#pkg install dnscrypt-proxy
#pkg install dhcpd
Add the following lines in /etc/rc.conf:
Code:
ifconfig_lo0_alias0="inet 127.0.0.2 netmask 0xffffffff"
dnscrypt_proxy_enable=YES
dnscrypt_proxy_flags="-a 127.0.0.2"
dnscrypt_proxy_resolver="soltysiak"
unbound_enable=”YES”
unbound_flags="-c /usr/local/etc/unbound/unbound.conf"
dhcpd_enable=YESCreate an /usr/local/etc/unbound/unbound.conf Example: https://pastebin.com/bpMpwJzq
Create a /usr/local/etc/dhcpd.conf. Example: https://pastebin.com/m353wb0R
#unbound-control-setup
#service unbound start
#service dnscrypt-proxy start
#service dhcpd start
Services should be running.
Last edited: