A robust, integrated Reticulum Network Stack (RNS) deployment for OpenBSD.
This project provides the necessary components (OpenBSD port, rc.d service script, helper utilities, documentation) to install, configure, and manage the Reticulum Network Stack daemon (rnsd) as a first-class service on OpenBSD. It aims to create a reliable, secure, and manageable system suitable for acting as a core component in a Reticulum network – the "Akita Node."
Current Status: Beta
- Introduction
- Features
- Target Platform
- Prerequisites
- Installation
- Configuration
- Usage
- Important Verification Notes
- Documentation
- Contributing
- License
- Disclaimer
Reticulum is a modern, cryptography-based network stack designed for resilience and independence. The Akita Reticulum Master Node project packages and integrates Reticulum (rnsd and associated tools) tightly into the OpenBSD operating system, leveraging its security focus, stability, and system administration tools like the ports collection, rc.d, and pf.
This allows organizations and individuals to deploy professional, purpose-driven Reticulum nodes that can function reliably as gateways, routers, firewalls, bridges, and servers within an RNS network. This project is maintained by Akita Engineering (www.akitaengineering.com).
- Easy Installation: Packaged as a standard OpenBSD port (
net/akita-rns). - Standard Service Management: Includes an
rc.dscript (/etc/rc.d/akita-rnsd) for easy service control viarcctl(8). - Dynamic Firewall Integration: Automatically generates and loads basic
pf(4)rules into a dedicated anchor (akita-rnsd) based on the enabled interfaces in the Reticulum configuration. - Centralized Configuration: Uses standard OpenBSD locations (
/etc/reticulum/config). - Enhanced Diagnostics: Improved
rcctl status akita-rnsdoutput includingrnsstatusinfo; logs daemon output tosyslog(3). - Dedicated User: Runs
rnsdas an unprivileged user (_reticulum) created by the port. - Leverages Reticulum: Builds upon RNS's core strengths: end-to-end encryption, mesh capabilities, multi-transport operation.
- Leverages OpenBSD: Benefits from OpenBSD's security track record, robust networking stack, and powerful
pf(4)firewall.
- Operating System: OpenBSD (intended for the latest stable release; requires testing).
- A running OpenBSD system.
- Root access for installation and configuration.
- (Optional - for building from source): The OpenBSD ports tree checked out under
/usr/ports. Basic familiarity with using the ports system.
It is recommended to install using the OpenBSD ports tree.
- Place Port Files: Copy the
openbsd-portdirectory contents from this repository into/usr/ports/net/akita-rnson your OpenBSD system (you may need to create theakita-rnsdirectory). - Verify Placeholders: Critically, check and potentially modify the
Makefilein/usr/ports/net/akita-rnsto ensure thecomms/py-serialpath is correct for your system and that the UID/GID902is available in/usr/ports/infrastructure/db/user.list. - Update Ports Tree: Ensure your
/usr/portstree is generally up-to-date. - Navigate & Install:
This command will fetch dependencies, compile if necessary, create the
cd /usr/ports/net/akita-rns make makesum # Download source archive and record checksum # Recommended: make generate-plist # Generate an accurate PLIST make install clean_reticulumuser/group, and install theakita-rnspackage.
Once packages are built and available on mirrors:
pkg_add akita-rns
After installation, follow these steps:
Create Storage Directory (if needed):
mkdir -p /var/reticulum/storage # Or your configured storage_path parent
chown _reticulum:_reticulum /var/reticulum /var/reticulum/storage
chmod 700 /var/reticulum /var/reticulum/storage
cp /usr/local/share/examples/akita-rns/reticulum-config/config.sample \
/etc/reticulum/config
Modify /etc/reticulum/config according to your needs:
- Set
sharing_scope: system(REQUIRED for status integration) - Set
storage_path: /var/reticulum/storage(or match created directory) - Define your desired Reticulum interfaces (UDP, Serial, TUN, etc.)
- Refer to the
reticulum-config(5)man page and the Official Reticulum Documentation
The service automatically generates PF rules based on your Reticulum configuration. These rules are loaded into a dedicated PF anchor.
mkdir -p /etc/pf.anchors
Add the following lines once to your main /etc/pf.conf file:
# Anchor for Reticulum rules managed by rc.d script
anchor "akita-rnsd"
load anchor "akita-rnsd" from "/etc/pf.anchors/akita-rnsd"
pfctl -f /etc/pf.conf
Note: The service script automatically generates and loads PF rules when starting. Rules are based on enabled interfaces in your Reticulum configuration. You can disable PF rule generation for specific interfaces by setting pf_managed: false in the interface configuration. Review generated rules in /etc/pf.anchors/akita-rnsd and adjust as needed for your security requirements.
cp /usr/local/share/examples/akita-rns/rc.d/akita-rnsd /etc/rc.d/akita-rnsd
chmod +x /etc/rc.d/akita-rnsd
Add the following lines to enable and configure the service:
akita_rnsd_flags="-c /etc/reticulum/config" # Or other rnsd flags
pkg_scripts="akita-rnsd" # Add service name to list of pkg scripts to start
Optional configuration variables:
akita_rnsd_user: Override the default_reticulumuser (not recommended)akita_rnsd_config: Override the default config path/etc/reticulum/config
Manage the rnsd service using rcctl(8):
- Enable service:
rcctl enable akita-rnsd - Start service:
rcctl start akita-rnsd - Stop service:
rcctl stop akita-rnsd - Check status:
rcctl status akita-rnsd(includes detailedrnsstatusoutput) - Reload service:
rcctl reload akita-rnsd(regenerates PF rules and sends SIGHUP if supported) - Disable service:
rcctl disable akita-rnsd - Check config basics:
rcctl check akita-rnsd(validates config file and dependencies)
Logs are automatically redirected to syslog(3) and typically stored in /var/log/daemon with the tag akita-rnsd. The service script includes startup error checking and will warn if the daemon fails to start.
If the service fails to start:
- Check
/var/log/daemonfor error messages taggedakita-rnsd - Verify the configuration file exists and is valid YAML:
rcctl check akita-rnsd - Ensure the
_reticulumuser has proper permissions for the storage directory - Verify PF rules were generated correctly:
pfctl -a akita-rnsd -s rules - Check that
sharing_scope: systemis set in/etc/reticulum/configfor status integration
The port attempts to use UID/GID 902 (placeholder). VERIFY this ID is free in /usr/ports/infrastructure/db/user.list before building. Modify the Makefile if a different UID/GID is needed.
The port depends on:
security/py-cryptography- Cryptographic operationscomms/py-serial- Serial interface supportdatabases/py-yaml- Configuration parsing and PF rule generation
VERIFY the comms/py-serial path is correct for your system using pkg_info -Q py-serial. Modify the Makefile if needed.
For a correct package listing:
- Run
make makesumto download and verify the source archive checksum - Run
make generate-plistin the port directory to generate an accurate PLIST - Review the generated PLIST before final installation
- Man Pages:
akita(7),rnsd(8),reticulum-config(5) - This Repository: Contains examples and setup details.
- Package README: Located at
/usr/local/share/doc/pkg-readmes/akita-rns-<version> - Official Reticulum Documentation: Reticulum Manual
See CONTRIBUTING.md.
Licensed under the terms of the BSD-2. See the LICENSE file.
This software is provided "as is", without warranty. Proper verification and thorough testing are required for usage on your target system.