Hello, I want to use OpenBSD as firewall for a configuration where every hosts is isolated.
For example, let's say I have 1.0.0.0/24 subnet and 2000::/56 subnet. I want each host to have a single ip for ipv4, and a /64 for ipv6. On the layer 2 side, I can configure a single VLAN for each host, I can either show each VLAN to the OpenBSD router as different VLAN or I an use PVLAN to have a single VLAN on the OpenBSD side. Now, with ipv6 it's easy, I can create a /64 for each host, but for ipv4 it's trickier. I'd like to use as few IP as I can and I think the lowest I can do is to use 2 IP per host. I was wondering if you had general advices on what was the best configuration. I looked at hetzner, and for ipv4, they use point to point ethernet, so the host has ip in 1.0.0.24 with route to 1.0.0.23/32. It uses Linux's SystemD "[Address] Peer" configuration and I am not sure exactly what it entails. For ipv6 it uses fe80::1 as gateway which is also a bit weird as I would expect the gateway to be on the same subnet. The general idea is to be able to manage all firewalling between hosts using pf. Regards -- Nicolas Goy Developer and Engineer Goyman SA