This is the second part in a series of three articles describing how I created a basic DNS/DHCP/NTP server for my lab that only uses 24MB RAM and 12MB disk space.
To install OpenWRT as VM, start by downloading the latest version. At the time of writing the latest version is the 12.09 release from April 2013. A pre-build virtual disk image is available from here:
In your vSphere Web Client (or Windows Client) create a new VM. I based it on Ubuntu 32bit.
Before powering on the VM, upload the openwrt-x86-generic-combined-ext4.vmdk image to the VM’s datastore folder. Then edit the VM’s settings to reduce the vRAM down (I run mine with 24MB, but you can probably go lower), make sure that only 1 vCPU is configured, delete the VMDK that was originally attached during the creation process, and attach the OpenWRT disk.
Now that the install is complete, onto the configuration.
Power on the VM and you’ll be faced with some console output:
enter and the command prompt is displayed:
Set the password
First thing you’ll probably want to do is to set a password. By default the console will log you in as root and no password is required (it’s blank). So on the console:
This ensures that the web interface, once it’s reachable via an IP interface, will have some protection. This by itself doesn’t force a login at the console. This is a lab so I’m not that concerned, but if you want to set this up there is a script here. (I think the reason is the OpenWRT image is primarily aimed at home routers, and you’d only see this if you were attached to it via a console serial cable. Telnet and Web access forces you to log in.)
Please note: I’m only going to discuss the configuration of the VM and the host it sits on. How your hosts are connected to their switch, how the switch is configured and what it’s capable of (layer 3 switching?) is up to you.
Ordinarily, at least couple of interfaces are created (not including the loopback interface):
wan and they’re bridged together. But because we built a standard VM which only has a single vNIC, then only the
lan interface is created. This is exactly what we want because we’re not planning on using this appliance for routing or firewalling traffic (although you could if you wanted to).
By default the
lan interface is set to 220.127.116.11/24 so if the VM is on a subnet that you can connect to via this IP, then you should be able to connect with a web browser and configure everything in the GUI.
However, I want to set up DHCP for several trunked subnets and I’ve found it much quicker just to enter this straight into the config file from the outset. Here’s how I set it up.
I changed the
lan (eth0) interface to remove the bridging and set the IP address appropriately.
I also added two virtual trunked interfaces (
vms). The syntax to do this is eth0.x where x is the VLAN ID. For each virtual interface give it a name and an appropriate IP settings for that VLAN’s subnet. My
lan interface doesn’t need VLAN tagged as it sits on the switch port’s default VLAN (PVID).
Here’s how I configured mine:
config interface 'loopback' option ifname 'lo' option proto 'static' option ipaddr '127.0.0.1' option netmask '255.0.0.0'
config interface 'lan' option ifname 'eth0' option proto 'static' option netmask '255.255.255.0' option gateway '192.168.1.254' option ipaddr '192.168.1.99'
config interface 'mgt' option proto 'static' option ifname 'eth0.1000' option ipaddr '10.0.0.99' option netmask '255.255.255.0' option gateway '10.0.0.1'
config interface 'vms' option proto 'static' option ifname 'eth0.1003' option ipaddr '10.0.3.99' option netmask '255.255.255.0' option gateway '10.0.3.1'
Top tip: in
viyou can use
yyto copy (yank) a line, and
pto paste it.
Once you make any changes to the
/etc/config/network file, you need to execute:
to stop and restart the network interfaces.
VM’s trunked connection
In most cases these days, a VM is a connected to a port group in ESXi using Virtual Switch Tagging (VST) – remember the contents of this classic white paper. But here we’re getting the guest OS in the VM to tag the traffic. We don’t want the port group to act as an access port, but we want it to act like a trunk port, sending and receiving traffic on multiple VLANs. To do this, create a new port group and set it to VLAN ID 4095:
and set the port group as promiscuous:
Now, if everything is set correctly you should be able to ping each interface from something in each subnet (or from anywhere if you have layer 3 switching in your lab).
In the next post I describe how to configure NTP, DHCP and DNS services in OpenWRT.