Upload
others
View
11
Download
0
Embed Size (px)
Citation preview
Deploy Dual Stack FreeBSD 10.3 Instance in AWS
Lawrence E. Hughes Sixscape Communications Pte Ltd.
13 July 2017
This assumes you have already created an AWS account and a dual stack VPC on AWS.
Log in to your AWS account at aws.amazon.com and sign into the console:
Provide a name for this instance and click Use this name
Click advanced EC2 Launch instance wizard
FreeBSD is not included in the basic AMIs. Click AWS Marketplace
Enter FreeBSD and click the spyglass icon
Accept default choice (t2.micro), click Next: Configure Instance Details (at bottom of screen)
Click Launch Instance
Review details of Instance. Click on Edit Instance Details
Choose your configured subnet.
Enable Auto-Assign Public IP.
Enable Auto-assign IPv6 IP.
Now click on Add Storage (at top)
Increase storage from 10 GB to 30 GB (still free)
Click 7. Review (at top) – click Launch (at bottom right)
You need to create a keypair for cryptographic authentication to your new instance
Select Create a new key pair. Name it KP1. Click Download Key Pair.
Your new keypair is downloaded in PEM format.
Now click Launch Instance.
Your instance has launched.
Click the View Instances link (lower right)
Name your instance “FreeBSD1”.
Details are at the bottom:
Converting Your Private Key Using PuTTYgen
PuTTY does not natively support the private key format (.pem) generated by Amazon EC2. PuTTY has a
tool named PuTTYgen, which can convert keys to the required PuTTY format (.ppk). You must convert
your private key into this format (.ppk) before attempting to connect to your instance using PuTTY.
To convert your private key
1. Start PuTTYgen (for example, from the Start menu, choose All Programs > PuTTY > PuTTYgen).
2. Under Type of key to generate, choose RSA.
If you're using an older version of PuTTYgen, choose SSH-2 RSA.
3. Choose Load. By default, PuTTYgen displays only files with the extension .ppk. To locate
your.pem file, select the option to display files of all types.
4. Select your .pem file for the key pair that you specified when you launch your instance, and then
choose Open. Choose OK to dismiss the confirmation dialog box.
5. Choose Save private key to save the key in the format that PuTTY can use. PuTTYgen displays a
warning about saving the key without a passphrase. Choose Yes.
Note
A passphrase on a private key is an extra layer of protection, so even if your private key is
discovered, it can't be used without the passphrase. The downside to using a passphrase
is that it makes automation harder because human intervention is needed to log on to an
instance, or copy files to an instance.
6. Specify the same name for the key that you used for the key pair (for example, my-key-pair).
PuTTY automatically adds the .ppk file extension.
Your private key is now in the correct format for use with PuTTY. You can now connect to your instance
using PuTTY's SSH client.
Install the net/dual-dhclient port:
# pkg install dual-dhclient
Add accept_rtadv to the appropriate ifconfig line in your /etc/rc.conf file, e.g.,
ifconfig_DEFAULT="SYNCDHCP accept_rtadv"
Add two more lines to your /etc/rc.conf file:
ipv6_activate_all_interfaces="YES"
dhclient_program="/usr/local/sbin/dual-dhclient"
Reboot
# reboot
$ ifconfig -a
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
inet 127.0.0.1 netmask 0xff000000
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
xn0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=503<RXCSUM,TXCSUM,TSO4,LRO>
ether 0a:3b:75:73:10:22
inet6 fe80::83b:75ff:fe73:1022%xn0 prefixlen 64 scopeid 0x2
inet 172.31.3.107 netmask 0xfffff000 broadcast 172.31.15.255
inet6 2600:1f14:611:b600:7a4c:222c:e115:c43d prefixlen 64
nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
media: Ethernet manual
status: active
You now have auto configured IPv4 and IPv6 addresses. Try pinging outside nodes: $ ping 4.2.2.2
PING 4.2.2.2 (4.2.2.2): 56 data bytes
64 bytes from 4.2.2.2: icmp_seq=0 ttl=44 time=23.272 ms
64 bytes from 4.2.2.2: icmp_seq=1 ttl=44 time=23.270 ms
64 bytes from 4.2.2.2: icmp_seq=2 ttl=44 time=23.248 ms
^C
--- 4.2.2.2 ping statistics ---
8 packets transmitted, 8 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 23.195/23.262/23.294/0.030 ms
$ ping6 2001:470:20::2
PING6(56=40+8+8 bytes) 2600:1f14:611:b600:7a4c:222c:e115:c43d --> 2001:470:20::2
16 bytes from 2001:470:20::2, icmp_seq=0 hlim=46 time=23.103 ms
16 bytes from 2001:470:20::2, icmp_seq=1 hlim=46 time=23.173 ms
16 bytes from 2001:470:20::2, icmp_seq=2 hlim=46 time=23.253 ms
^C
--- 2001:470:20::2 ping6 statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 23.103/23.176/23.253/0.061 ms