Freifunk-Gateway aufsetzen/keyxchangev2 VERALTET: Unterschied zwischen den Versionen
Aus Freifunk Franken
Keine Bearbeitungszusammenfassung |
|||
| Zeile 12: | Zeile 12: | ||
post-up ip addr add 10.83.8.1/22 dev $IFACE | post-up ip addr add 10.83.8.1/22 dev $IFACE | ||
post-up ip -6 addr add fe80::1/128 dev $IFACE | post-up ip -6 addr add fe80::1/128 dev $IFACE | ||
post-up ip -6 addr add fd43:5602:29bd:4::1/64 dev $IFACE | |||
# Regeln, wann die fff Routing-Tabelle benutzt werden soll: | # Regeln, wann die fff Routing-Tabelle benutzt werden soll: | ||
post-up ip rule add iif $IFACE table fff | post-up ip rule add iif $IFACE table fff | ||
Version vom 18. September 2017, 14:09 Uhr
Hier landen die ersten Infos was für Gateways bei KeyxchangeV2 geändert werden muss. Es sind nur Beispieldateien und müssen pro Hood unbedingt angepasst werden! Ungetestet!
network
/etc/network/interfaces
device: bat0
iface bat0 inet manual
post-up ifconfig $IFACE up
##Einschalten post-up:
# IP des Gateways am B.A.T.M.A.N interface:
post-up ip addr add 10.83.8.1/22 dev $IFACE
post-up ip -6 addr add fe80::1/128 dev $IFACE
post-up ip -6 addr add fd43:5602:29bd:4::1/64 dev $IFACE
# Regeln, wann die fff Routing-Tabelle benutzt werden soll:
post-up ip rule add iif $IFACE table fff
post-up ip rule add from 10.0.0.0/8 table fff
post-up ip rule add to 10.0.0.0/8 table fff
# Route in die Fuerther Hood:
post-up ip route replace 10.83.0.0/22 dev $IFACE proto static table fff
# Start des DHCP Servers:
post-up invoke-rc.d isc-dhcp-server restart
##Ausschalten post-down:
# Loeschen von oben definieren Routen, Regeln und Interface:
post-down ip route del 10.83.0.0/22 dev $IFACE table fff
post-down ip rule del from 10.0.0.0/8 table fff
post-down ip rule del to 10.0.0.0/8 table fff
post-down ip rule del iif $IFACE table fff
post-down ifconfig $IFACE down
# VPN Verbindung in die Fuerther Hood
iface ffffuerthVPN inet manual
post-up batctl -m bat0 if add $IFACE
post-up ifconfig $IFACE up
post-up ifup bat0
post-down ifdown bat0
post-down ifconfig $IFACE down
fastd
root@vm3-gw-cd1:/etc/fastd/fff.fuerth# cat down.sh #!/bin/sh /sbin/ifdown $INTERFACE root@vm3-gw-cd1:/etc/fastd/fff.fuerth# cat fff.fuerth.conf # Log warnings and errors to stderr log level error; # Log everything to a log file log to syslog as "ffffuerth" level info; # Set the interface name interface "ffffuerthVPN"; # Support xsalsa20 and aes128 encryption methods, prefer xsalsa20 #method "xsalsa20-poly1305"; #method "aes128-gcm"; method "null"; # Bind to a fixed port, IPv4 only bind any:10004; # fastd need a key but we don't use them secret "c00a286249ef5dc5506945f8a3b413c0928850214661aab866715203b4f2e86a"; # Set the interface MTU for TAP mode with xsalsa20/aes128 over IPv4 with a base MTU of 1492 (PPPoE) # (see MTU selection documentation) mtu 1426; on up "/etc/fastd/fff.fuerth/up.sh"; on post-down "/etc/fastd/fff.fuerth/down.sh"; secure handshakes no; on verify "/etc/fastd/fff.fuerth/verify.sh"; root@vm3-gw-cd1:/etc/fastd/fff.fuerth# cat up.sh #!/bin/sh /sbin/ifup $INTERFACE root@vm3-gw-cd1:/etc/fastd/fff.fuerth# cat verify.sh #!/bin/sh return 0 root@vm3-gw-cd1:/etc/fastd/fff.fuerth#
babel
root@vm3-gw-cd1:/etc/fastd/fff.fuerth# cat /etc/babeld.conf # For more information about this configuration file, refer to # # babeld(8) # interface vm1fffgwcd1 wired true max-rtt-penalty 128 export-table 10 import-table 10 # redistribute local ip ::/0 le 0 metric 128 redistribute metric 128 # redistribute local ip 10.0.0.0/8 # redistribute local deny # local-port 33123 # #local-port-readwrite 34567 # root@vm3-gw-cd1:/etc/fastd/fff.fuerth#
radvd
root@vm3-gw-cd1:/etc/fastd/fff.fuerth# cat /etc/radvd.conf
interface bat0 {
AdvSendAdvert on;
MinRtrAdvInterval 60;
MaxRtrAdvInterval 300;
AdvDefaultLifetime 0;
prefix fd43:5602:29bd:4::/64 {
AdvOnLink on;
AdvAutonomous on;
};
route fc00::/7 {
};
};
