Freifunk-Gateway aufsetzen/keyxchangev2 VERALTET: Unterschied zwischen den Versionen
Aus Freifunk Franken
(Die Seite wurde neu angelegt: „Hier landen die ersten Infos was für Gateways bei KeyxchangeV2 geändert werden muss: == network == == fastd == == babel == == radvd == == http ==“) |
Keine Bearbeitungszusammenfassung |
||
| Zeile 1: | Zeile 1: | ||
Hier landen die ersten Infos was für Gateways bei KeyxchangeV2 geändert werden muss | Hier landen die ersten Infos was für Gateways bei KeyxchangeV2 geändert werden muss. Es sind nur Beispieldateien und müssen pro Hood unbedingt angepasst werden! Ungetestet! | ||
== network == | == network == | ||
/etc/network/interfaces | |||
<pre> | |||
device: bat0 | |||
iface bat0 inet manual | |||
post-up ifconfig $IFACE up | |||
##Einschalten post-up: | |||
# IP des Gateways am B.A.T.M.A.N interface: | |||
post-up ip addr add 10.83.8.1/22 dev $IFACE | |||
post-up ip -6 addr add fe80::1/128 dev $IFACE | |||
# Regeln, wann die fff Routing-Tabelle benutzt werden soll: | |||
post-up ip rule add iif $IFACE table fff | |||
post-up ip rule add from 10.0.0.0/8 table fff | |||
post-up ip rule add to 10.0.0.0/8 table fff | |||
# Route in die Fuerther Hood: | |||
post-up ip route replace 10.83.0.0/22 dev $IFACE proto static table fff | |||
# Start des DHCP Servers: | |||
post-up invoke-rc.d isc-dhcp-server restart | |||
##Ausschalten post-down: | |||
# Loeschen von oben definieren Routen, Regeln und Interface: | |||
post-down ip route del 10.83.0.0/22 dev $IFACE table fff | |||
post-down ip rule del from 10.0.0.0/8 table fff | |||
post-down ip rule del to 10.0.0.0/8 table fff | |||
post-down ip rule del iif $IFACE table fff | |||
post-down ifconfig $IFACE down | |||
# VPN Verbindung in die Fuerther Hood | |||
iface ffffuerthVPN inet manual | |||
post-up batctl -m bat0 if add $IFACE | |||
post-up ifconfig $IFACE up | |||
post-up ifup bat0 | |||
post-down ifdown bat0 | |||
post-down ifconfig $IFACE down | |||
</pre> | |||
== fastd == | == fastd == | ||
<pre> | |||
root@vm3-gw-cd1:/etc/fastd/fff.fuerth# cat down.sh | |||
#!/bin/sh | |||
/sbin/ifdown $INTERFACE | |||
root@vm3-gw-cd1:/etc/fastd/fff.fuerth# cat fff.fuerth.conf | |||
# Log warnings and errors to stderr | |||
log level error; | |||
# Log everything to a log file | |||
log to syslog as "ffffuerth" level info; | |||
# Set the interface name | |||
interface "ffffuerthVPN"; | |||
# Support xsalsa20 and aes128 encryption methods, prefer xsalsa20 | |||
#method "xsalsa20-poly1305"; | |||
#method "aes128-gcm"; | |||
method "null"; | |||
# Bind to a fixed port, IPv4 only | |||
bind any:10004; | |||
# fastd need a key but we don't use them | |||
secret "c00a286249ef5dc5506945f8a3b413c0928850214661aab866715203b4f2e86a"; | |||
# Set the interface MTU for TAP mode with xsalsa20/aes128 over IPv4 with a base MTU of 1492 (PPPoE) | |||
# (see MTU selection documentation) | |||
mtu 1426; | |||
on up "/etc/fastd/fff.fuerth/up.sh"; | |||
on post-down "/etc/fastd/fff.fuerth/down.sh"; | |||
secure handshakes no; | |||
on verify "/etc/fastd/fff.fuerth/verify.sh"; | |||
root@vm3-gw-cd1:/etc/fastd/fff.fuerth# cat up.sh | |||
#!/bin/sh | |||
/sbin/ifup $INTERFACE | |||
root@vm3-gw-cd1:/etc/fastd/fff.fuerth# cat verify.sh | |||
#!/bin/sh | |||
return 0 | |||
root@vm3-gw-cd1:/etc/fastd/fff.fuerth# | |||
</pre> | |||
== babel == | == babel == | ||
<pre> | |||
root@vm3-gw-cd1:/etc/fastd/fff.fuerth# cat /etc/babeld.conf | |||
# For more information about this configuration file, refer to | |||
# # babeld(8) | |||
# | |||
interface vm1fffgwcd1 wired true max-rtt-penalty 128 | |||
export-table 10 | |||
import-table 10 | |||
# redistribute local ip ::/0 le 0 metric 128 | |||
redistribute metric 128 | |||
# redistribute local ip 10.0.0.0/8 | |||
# redistribute local deny | |||
# | |||
local-port 33123 | |||
# #local-port-readwrite 34567 | |||
# | |||
root@vm3-gw-cd1:/etc/fastd/fff.fuerth# | |||
</pre> | |||
== radvd == | == radvd == | ||
<pre> | |||
root@vm3-gw-cd1:/etc/fastd/fff.fuerth# cat /etc/radvd.conf | |||
interface bat0 { | |||
AdvSendAdvert on; | |||
MinRtrAdvInterval 60; | |||
MaxRtrAdvInterval 300; | |||
AdvDefaultLifetime 0; | |||
prefix fd43:5602:29bd:4::/64 { | |||
AdvOnLink on; | |||
AdvAutonomous on; | |||
}; | |||
route fc00::/7 { | |||
}; | |||
}; | |||
</pre> | |||
== http == | == http == | ||
Version vom 18. September 2017, 14:08 Uhr
Hier landen die ersten Infos was für Gateways bei KeyxchangeV2 geändert werden muss. Es sind nur Beispieldateien und müssen pro Hood unbedingt angepasst werden! Ungetestet!
network
/etc/network/interfaces
device: bat0
iface bat0 inet manual
post-up ifconfig $IFACE up
##Einschalten post-up:
# IP des Gateways am B.A.T.M.A.N interface:
post-up ip addr add 10.83.8.1/22 dev $IFACE
post-up ip -6 addr add fe80::1/128 dev $IFACE
# Regeln, wann die fff Routing-Tabelle benutzt werden soll:
post-up ip rule add iif $IFACE table fff
post-up ip rule add from 10.0.0.0/8 table fff
post-up ip rule add to 10.0.0.0/8 table fff
# Route in die Fuerther Hood:
post-up ip route replace 10.83.0.0/22 dev $IFACE proto static table fff
# Start des DHCP Servers:
post-up invoke-rc.d isc-dhcp-server restart
##Ausschalten post-down:
# Loeschen von oben definieren Routen, Regeln und Interface:
post-down ip route del 10.83.0.0/22 dev $IFACE table fff
post-down ip rule del from 10.0.0.0/8 table fff
post-down ip rule del to 10.0.0.0/8 table fff
post-down ip rule del iif $IFACE table fff
post-down ifconfig $IFACE down
# VPN Verbindung in die Fuerther Hood
iface ffffuerthVPN inet manual
post-up batctl -m bat0 if add $IFACE
post-up ifconfig $IFACE up
post-up ifup bat0
post-down ifdown bat0
post-down ifconfig $IFACE down
fastd
root@vm3-gw-cd1:/etc/fastd/fff.fuerth# cat down.sh #!/bin/sh /sbin/ifdown $INTERFACE root@vm3-gw-cd1:/etc/fastd/fff.fuerth# cat fff.fuerth.conf # Log warnings and errors to stderr log level error; # Log everything to a log file log to syslog as "ffffuerth" level info; # Set the interface name interface "ffffuerthVPN"; # Support xsalsa20 and aes128 encryption methods, prefer xsalsa20 #method "xsalsa20-poly1305"; #method "aes128-gcm"; method "null"; # Bind to a fixed port, IPv4 only bind any:10004; # fastd need a key but we don't use them secret "c00a286249ef5dc5506945f8a3b413c0928850214661aab866715203b4f2e86a"; # Set the interface MTU for TAP mode with xsalsa20/aes128 over IPv4 with a base MTU of 1492 (PPPoE) # (see MTU selection documentation) mtu 1426; on up "/etc/fastd/fff.fuerth/up.sh"; on post-down "/etc/fastd/fff.fuerth/down.sh"; secure handshakes no; on verify "/etc/fastd/fff.fuerth/verify.sh"; root@vm3-gw-cd1:/etc/fastd/fff.fuerth# cat up.sh #!/bin/sh /sbin/ifup $INTERFACE root@vm3-gw-cd1:/etc/fastd/fff.fuerth# cat verify.sh #!/bin/sh return 0 root@vm3-gw-cd1:/etc/fastd/fff.fuerth#
babel
root@vm3-gw-cd1:/etc/fastd/fff.fuerth# cat /etc/babeld.conf # For more information about this configuration file, refer to # # babeld(8) # interface vm1fffgwcd1 wired true max-rtt-penalty 128 export-table 10 import-table 10 # redistribute local ip ::/0 le 0 metric 128 redistribute metric 128 # redistribute local ip 10.0.0.0/8 # redistribute local deny # local-port 33123 # #local-port-readwrite 34567 # root@vm3-gw-cd1:/etc/fastd/fff.fuerth#
radvd
root@vm3-gw-cd1:/etc/fastd/fff.fuerth# cat /etc/radvd.conf
interface bat0 {
AdvSendAdvert on;
MinRtrAdvInterval 60;
MaxRtrAdvInterval 300;
AdvDefaultLifetime 0;
prefix fd43:5602:29bd:4::/64 {
AdvOnLink on;
AdvAutonomous on;
};
route fc00::/7 {
};
};
