lSystem:
- KVM
- 4 Kerne Intel Xeon E312xx
- 1GB ECC RAM
- 1GBit/s Ethernet
- 50GB HDD
OS:
- Debian 8.1
- Minimal, Netinstall
Netzwerk:
- albufer4.ffka.net
- 5.9.128.123 (Public IPv4)
- 2a01:4f8:161:608f:5:9:128:123 (Public IPv6)
- 185.66.194.13 (Freifunk Rheinland e.V. IPv4)
- Tunnel
- albufer0.ffka.net
- 78.46.150.244
- 192.168.100.34
- 2a03:2260:a:ffff:192:168:100:22
- albufer1.ffka.net
- 144.76.47.106
- 192.168.100.10
- 2a03:2260:a:ffff:192:168:100:a
- albufer2.ffka.net
- 78.47.79.227
- 192.168.100.37
- 2a03:2260:a:ffff:192:168:100:25
- albufer3.ffka.net
- 78.47.144.219
- 192.168.100.13
- 2a03:2260:a:ffff:192:168:100:d
Konfiguration:
/etc/network/interfaces
source /etc/network/interfaces.d/*.cfg
auto lo
iface lo inet loopback
iface lo inet static
address 185.66.194.13
netmask 255.255.255.255
iface lo inet6 static
address 2a03:2260:a::5
netmask 128
auto eth0
iface eth0 inet static
address 5.9.128.123
netmask 255.255.255.255
# Zebra Bug Workaround
# gateway 5.9.59.137
up route add -net 0.0.0.0/1 gw 5.9.59.137
up route add -net 128.0.0.0/1 gw 5.9.59.137
# End
pointopoint 5.9.59.137
pre-up iptables-restore /etc/iptables/rules.v4
pre-up iptables-restore /etc/iptables/rules.v6
iface eth0 inet6 static
address 2a01:4f8:161:608f:5:9:128:123
netmask 128
# Zebra Bug Workaround
# gateway fe80::0
up ip -6 route add ::/1 via fe80::0 dev eth0
up ip -6 route add 8000::/1 via fe80::0 dev eth0
# End
/etc/network/interfaces.d/freifunk.cfg
auto tun-alb-0
iface tun-alb-0 inet static
address 192.168.100.34
netmask 255.255.255.252
mtu 1476
pre-up modprobe ip_gre
pre-up ip tunnel add tun-alb-0 mode gre local 5.9.128.123 remote 78.46.150.244 ttl 64 dev eth0
iface tun-alb-0 inet6 static
address 2a03:2260:a:ffff:192:168:100:22
netmask 126
post-up ip -6 route add table freifunk 2a03:2260:a:ffff:192:168:100:20/126 dev tun-alb-0
auto ftun-a0
iface ftun-a0 inet manual
pre-up ip link add ftun-a0 type gretap local 5.9.128.123 remote 78.46.150.244 ttl 64 dev eth0 key 111
post-up ip link set dev ftun-a0 up
post-up batctl -m bat0 if add ftun-a0
post-down ip link del ftun-a0
auto tun-alb-1
iface tun-alb-1 inet static
address 192.168.100.10
netmask 255.255.255.252
mtu 1476
pre-up modprobe ip_gre
pre-up ip tunnel add tun-alb-1 mode gre local 5.9.128.123 remote 144.76.47.106 ttl 64 dev eth0
iface tun-alb-1 inet6 static
address 2a03:2260:a:ffff:192:168:100:a
netmask 126
post-up ip -6 route add table freifunk 2a03:2260:a:ffff:192:168:100:8/126 dev tun-alb-1
auto ftun-a1
iface ftun-a1 inet manual
pre-up ip link add ftun-a1 type gretap local 5.9.128.123 remote 144.76.47.106 ttl 64 dev eth0 key 111
post-up ip link set dev ftun-a1 up
post-up batctl -m bat0 if add ftun-a1
post-down ip link del ftun-a1
auto tun-alb-2
iface tun-alb-2 inet static
address 192.168.100.37
netmask 255.255.255.252
mtu 1476
pre-up modprobe ip_gre
pre-up ip tunnel add tun-alb-2 mode gre local 5.9.128.123 remote 78.47.79.227 ttl 64 dev eth0
iface tun-alb-2 inet6 static
address 2a03:2260:a:ffff:192:168:100:25
netmask 126
post-up ip -6 route add table freifunk 2a03:2260:a:ffff:192:168:100:24/126 dev tun-alb-1
auto ftun-a2
iface ftun-a2 inet manual
pre-up ip link add ftun-a2 type gretap local 5.9.128.123 remote 78.47.79.227 ttl 64 dev eth0 key 111
post-up ip link set dev ftun-a2 up
post-up batctl -m bat0 if add ftun-a2
post-down ip link del ftun-a2
auto tun-alb-3
iface tun-alb-3 inet static
address 192.168.100.13
netmask 255.255.255.252
mtu 1476
pre-up modprobe ip_gre
pre-up ip tunnel add tun-alb-3 mode gre local 5.9.128.123 remote 78.47.144.219 ttl 64 dev eth0
iface tun-alb-3 inet6 static
address 2a03:2260:a:ffff:192:168:100:d
netmask 126
post-up ip -6 route add table freifunk 2a03:2260:a:ffff:192:168:100:c/126 dev tun-alb-3
auto ftun-a3
iface ftun-a3 inet manual
pre-up ip link add ftun-a3 type gretap local 5.9.128.123 remote 78.47.144.219 ttl 64 dev eth0 key 111
post-up ip link set dev ftun-a3 up
post-up batctl -m bat0 if add ftun-a3
post-down ip link del ftun-a3
Pakete installieren:
echo "deb http://repo.universe-factory.net/debian/ sid main" > /etc/apt/sources.list.d/freifunk.list
apt-key adv --keyserver keyserver.ubuntu.com --recv 16EF3F64CB201D9C
apt-get install batctl bridge-utils fastd git host iproute iproute2 iptables iptables-persistent iputils-ping isc-dhcp-client isc-dhcp-common isc-dhcp-server mmv mosh mtr-tiny ntp openssh-client openssh-server quagga radvd resolvconf software-properties-common sudo tcpdump tinc vim whois
/etc/iproute2/rt_tables
255 local
254 main
253 default
0 unspec
16 freifunk
/etc/environment
VTYSH_PAGER=more
/etc/quagga/daemons
zebra=yes
bgpd=yes
ospfd=yes
ospf6d=yes
ripd=no
ripngd=no
isisd=no
babeld=no
Quagga Konfigurationen vorbereiten:
cp /usr/share/doc/quagga/examples/bgpd.conf.sample /etc/quagga
cp /usr/share/doc/quagga/examples/zebra.conf.sample /etc/quagga
cp /usr/share/doc/quagga/examples/ospfd.conf.sample /etc/quagga
cp /usr/share/doc/quagga/examples/ospf6d.conf.sample /etc/quagga && cd /etc/quagga
mmv '*.sample' '#1'
vtysh - a integrated shell for Quagga routing software:
vtysh -d zebra (Öffnet eine interaktive Shell, zabra, bgpd und ospf)
show running-config (Zeigt die aktuell genutzte Konfiguration an)
write memory (Speichert die Konfiguration initial, später Änderungen)
configure terminal (Öffnet den Konfigurationsmodus)
Tabelle für Routing Tables definieren:
ffka-albufer4# configure terminal
ffka-albufer4(config)# table 16
ffka-albufer4(config)# exit
ffka-albufer4# write memory
Log File Location festlegen:
ffka-albufer4# configure terminal
ffka-albufer4(config)# log file /var/log/quagga/ospfd.log
ffka-albufer4(config)# exit
ffka-albufer4# write memory
IPv4
Metric:
ffka-albufer4# configure terminal
ffka-albufer4(config)# interface tun-alb-0
ffka-albufer4(config-if)# ip ospf cost 100
ffka-albufer4(config)# interface tun-alb-1
ffka-albufer4(config-if)# ip ospf cost 100
ffka-albufer4(config)# interface tun-alb-2
ffka-albufer4(config-if)# ip ospf cost 100
ffka-albufer4(config)# interface tun-alb-3
ffka-albufer4(config-if)# ip ospf cost 100
ffka-albufer4(config-if)# exit
ffka-albufer4(config)# exit
ffka-albufer4# write memory
Router ID und Addressen:
ffka-albufer4# configure terminal
ffka-albufer4(config)# router ospf
ffka-albufer4(config-router)# ospf router-id 185.66.194.13
ffka-albufer4(config-router)# network 185.66.194.13/32 area 0.0.0.0
ffka-albufer4(config-router)# network 192.168.100.8/30 area 0.0.0.0
ffka-albufer4(config-router)# network 192.168.100.12/30 area 0.0.0.0
ffka-albufer4(config-router)# network 192.168.100.32/30 area 0.0.0.0
ffka-albufer4(config-router)# network 192.168.100.36/30 area 0.0.0.0
ffka-albufer4(config-router)# exit
ffka-albufer4(config)# exit
ffka-albufer4# write memory
Prüfen ob man alle anderen Albufer sehen kann:
ffka-albufer4# show ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface RXmtL RqstL DBsmL
185.66.194.10 1 Full/DROther 31.287s 192.168.100.9 tun-alb-1:192.168.100.10 0 0 0
185.66.194.12 1 Full/DROther 36.830s 192.168.100.14 tun-alb-3:192.168.100.13 0 0 0
185.66.194.9 1 Full/DROther 36.610s 192.168.100.33 tun-alb-0:192.168.100.34 0 0 0
185.66.194.11 1 Full/DROther 32.068s 192.168.100.38 tun-alb-2:192.168.100.37 0 0 0
IPv6
Metric:
ffka-albufer4# configure terminal
ffka-albufer4(config)# interface lo
ffka-albufer4(config-if)# ipv6 ospf6 passive
ffka-albufer4(config-if)# interface tun-alb-0
ffka-albufer4(config-if)# ipv6 ospf6 network point-to-point
ffka-albufer4(config-if)# ipv6 ospf6 cost 100
ffka-albufer4(config-if)# ipv6 ospf6 network point-to-point
ffka-albufer4(config-if)# interface tun-alb-1
ffka-albufer4(config-if)# ipv6 ospf6 cost 100
ffka-albufer4(config-if)# ipv6 ospf6 network point-to-point
ffka-albufer4(config-if)# interface tun-alb-2
ffka-albufer4(config-if)# ipv6 ospf6 cost 100
ffka-albufer4(config-if)# ipv6 ospf6 network point-to-point
ffka-albufer4(config-if)# interface tun-alb-3
ffka-albufer4(config-if)# ipv6 ospf6 cost 100
ffka-albufer4(config-if)# ipv6 ospf6 network point-to-point
ffka-albufer4(config-if)# interface tun-alb-0
ffka-albufer4(config-if)# exit
ffka-albufer4(config)# exit
ffka-albufer4# write memory
Router ID und Addressen:
ffka-albufer4# configure terminal
ffka-albufer4(config)# router ospf6
ffka-albufer4(config-ospf6)# router-id 185.66.194.13
ffka-albufer4(config-ospf6)# interface lo area 0.0.0.0
ffka-albufer4(config-ospf6)# interface tun-alb-0 area 0.0.0.0
ffka-albufer4(config-ospf6)# interface tun-alb-1 area 0.0.0.0
ffka-albufer4(config-ospf6)# interface tun-alb-2 area 0.0.0.0
ffka-albufer4(config-ospf6)# interface tun-alb-3 area 0.0.0.0
ffka-albufer4(config-ospf6)# exit
ffka-albufer4(config)# exit
Prüfen ob man alle anderen Albufer sehen kann:
ffka-albufer4# show ipv6 ospf6 neighbor
Neighbor ID Pri DeadTime State/IfState Duration I/F[State]
185.66.194.9 1 00:00:38 Full/PointToPoint 00:04:41 tun-alb-0[PointToPoint]
185.66.194.10 1 00:00:30 Full/PointToPoint 00:18:49 tun-alb-1[PointToPoint]
185.66.194.11 1 00:00:36 Full/PointToPoint 00:03:19 tun-alb-2[PointToPoint]
185.66.194.12 1 00:00:36 Full/PointToPoint 00:04:09 tun-alb-3[PointToPoint]
Bridge Setup:
/etc/network/interfaces.d/bridge.cfg
auto br0
iface br0 inet static
address 10.214.0.7
netmask 255.255.224.0
bridge_ports none
up ip route add 10.214.0.0/19 dev br0 table freifunk
up ip rule add to 10.214.0.0/19 table freifunk
up ip rule add from 10.214.0.0/19 table freifunk
up ip rule add to 185.66.194.8/29 table freifunk
up ip rule add from 185.66.194.8/29 table freifunk
iface br0 inet6 static
address fdf7:6d4f:b77a:cafe::7
netmask 64
pre-up echo 0 > /proc/sys/net/ipv6/conf/br0/accept_dad
up ip -6 addr add 2a03:2260:a:a::5/64 dev br0
up ip -6 route add 2a03:2260:a:a::/64 dev br0 table freifunk
up ip -6 rule add to 2a03:2260:a::/48 table freifunk
up ip -6 rule add from 2a03:2260:a::/48 table freifunk
up ip -6 route add fdf7:6d4f:b77a:cafe::/64 dev br0 table freifunk
up ip -6 rule add to fdf7:6d4f:b77a:cafe::/64 table freifunk
up ip -6 rule add from fdf7:6d4f:b77a:cafe::/64 table freifunk
up ip -6 addr add fe80::1/64 dev br0 preferred_lft 0
/etc/network/interfaces.d/batman.cfg
allow-hotplug bat0
iface bat0 inet6 manual
pre-up modprobe batman-adv
post-up ip link set dev bat0 up
post-up brctl addif br0 bat0
post-up batctl -m bat0 it 10000
post-up batctl -m bat0 gw server 50000/50000
/etc/modules-load.d/modules.conf
batman-adv
bgp:
ffka-albufer4(config)# router bgp 65081
ffka-albufer4(config-router)# bgp router-id 185.66.194.13
ffka-albufer4(config-router)# network 10.214.0.0/16
ffka-albufer4(config-router)# network 185.66.194.8/29
ffka-albufer4(config-router)# network 185.66.194.13/32
ffka-albufer4(config-router)# exit
ffka-albufer4(config)# exit
ffka-albufer4# write memory
ffka-albufer4# configure terminal
ffka-albufer4(config)# router bgp 65081
ffka-albufer4(config-router)# address-family ipv6
ffka-albufer4(config-router-af)# bgp router-id 185.66.194.13
ffka-albufer4(config-router-af)# network 10.214.0.0/16
ffka-albufer4(config-router-af)# network 185.66.194.8/29
ffka-albufer4(config-router-af)# network 185.66.194.13/32
ffka-albufer4(config-router-af)# neighbor ibgp_v4 peer-group
ffka-albufer4(config-router-af)# neighbor ibgp_v4 update-source 185.66.194.13
ffka-albufer4(config-router-af)# neighbor ibgp_v4 next-hop-self
ffka-albufer4(config-router-af)# neighbor ibgp_v4 soft-reconfiguration inbound
ffka-albufer4(config-router-af)# neighbor ibgp_v4 route-map ibgp_v4_in in
ffka-albufer4(config-router-af)# neighbor ibgp_v4 route-map ibgp_v4_out out
ffka-albufer4(config-router-af)# neighbor ibgp_v6 peer-group
ffka-albufer4(config-router-af)# neighbor ibgp_v6 remote-as 65081
ffka-albufer4(config-router-af)# neighbor ibgp_v6 update-source 2a03:2260:a::5
ffka-albufer4(config-router-af)# no neighbor ibgp_v6 activate
ffka-albufer4(config-router-af)# neighbor 185.66.194.9 remote-as 65081
ffka-albufer4(config-router-af)# neighbor 185.66.194.9 peer-group ibgp_v4
ffka-albufer4(config-router-af)# neighbor 185.66.194.9 description "albufer0.ffka.net"
ffka-albufer4(config-router-af)# neighbor 185.66.194.10 remote-as 65081
ffka-albufer4(config-router-af)# neighbor 185.66.194.10 peer-group ibgp_v4
ffka-albufer4(config-router-af)# neighbor 185.66.194.10 description "albufer1.ffka.net"
ffka-albufer4(config-router-af)# neighbor 185.66.194.11 remote-as 65081
ffka-albufer4(config-router-af)# neighbor 185.66.194.11 peer-group ibgp_v4
ffka-albufer4(config-router-af)# neighbor 185.66.194.11 description "albufer2.ffka.net"
ffka-albufer4(config-router-af)# neighbor 185.66.194.12 remote-as 65081
ffka-albufer4(config-router-af)# neighbor 185.66.194.12 peer-group ibgp_v4
ffka-albufer4(config-router-af)# neighbor 185.66.194.12 description "albufer3.ffka.net"
ffka-albufer4(config-router-af)# network 2a03:2260:a::/48
ffka-albufer4(config-router-af)# network 2a03:2260:a:b::/64
ffka-albufer4(config-router-af)# network fdf7:6d4f:b77a:cafe::/64
ffka-albufer4(config-router-af)# neighbor ibgp_v6 activate
ffka-albufer4(config-router-af)# neighbor ibgp_v6 next-hop-self
ffka-albufer4(config-router-af)# neighbor ibgp_v6 soft-reconfiguration inbound
ffka-albufer4(config-router-af)# neighbor ibgp_v6 route-map ibgp_v6_in in
ffka-albufer4(config-router-af)# neighbor ibgp_v6 route-map ibgp_v6_out out
ffka-albufer4(config-router-af)# neighbor 2a03:2260:a::1 peer-group ibgp_v6
ffka-albufer4(config-router-af)# neighbor 2a03:2260:a::2 peer-group ibgp_v6
ffka-albufer4(config-router-af)# neighbor 2a03:2260:a::3 peer-group ibgp_v6
ffka-albufer4(config-router-af)# neighbor 2a03:2260:a::4 peer-group ibgp_v6
ffka-albufer4(config-router-af)# exit-address-family
ffka-albufer4(config-router)#
ffka-albufer4(config)# route-map ibgp_v4_out permit 10
ffka-albufer4(config-route-map)# match ip address prefix-list ibgp_announce_v4
ffka-albufer4(config-route-map)# route-map ibgp_v4_in permit 10
ffka-albufer4(config-route-map)# match ip address prefix-list ibgp_accept_v4
ffka-albufer4(config-route-map)# route-map ibgp_v4_in deny 100
ffka-albufer4(config-route-map)# route-map ibgp_v6_out permit 10
ffka-albufer4(config-route-map)# match ipv6 address prefix-list ibgp_announce_v6
ffka-albufer4(config-route-map)# set ipv6 next-hop global 2a03:2260:a::6
ffka-albufer4(config-route-map)# route-map ibgp_v6_in permit 10
ffka-albufer4(config-route-map)# match ipv6 address prefix-list ibgp_accept_v6
ffka-albufer4(config-route-map)# route-map ibgp_v6_in deny 100
ffka-albufer4(config-route-map)# exit
ffka-albufer4(config)# ip prefix-list ibgp_accept_v4 seq 5 permit any
ffka-albufer4(config)# ip prefix-list ibgp_accept_v4 seq 100 deny any
ffka-albufer4(config)# ip prefix-list ibgp_announce_v4 seq 5 permit any
ffka-albufer4(config)# ip prefix-list ibgp_announce_v4 seq 100 deny any
ffka-albufer4(config)# ipv6 prefix-list ibgp_accept_v6 seq 5 permit any
ffka-albufer4(config)# ipv6 prefix-list ibgp_accept_v6 seq 100 deny any
ffka-albufer4(config)# ipv6 prefix-list ibgp_announce_v6 seq 5 permit any
ffka-albufer4(config)# ipv6 prefix-list ibgp_announce_v6 seq 100 deny any
ffka-albufer4(config)# exit
ffka-albufer4# show ip bgp sum
ffka-albufer4# show bgp summary
ffka-albufer4# show ip bgp neighbors 185.66.194.11 received-routes
iptables:
/etc/iptables/rules.v6
*filter
:INPUT ACCEPT [92:7937]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [55:5961]
-A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
COMMIT
/etc/iptables/rules.v4
*nat
:PREROUTING ACCEPT [22:1357]
:INPUT ACCEPT [22:1357]
:OUTPUT ACCEPT [14:947]
:POSTROUTING ACCEPT [14:947]
-A POSTROUTING -s 10.214.0.0/19 -o tun-alb-0 -j SNAT --to-source 185.66.194.13
-A POSTROUTING -s 10.214.0.0/19 -o tun-alb-1 -j SNAT --to-source 185.66.194.13
-A POSTROUTING -s 10.214.0.0/19 -o tun-alb-2 -j SNAT --to-source 185.66.194.13
-A POSTROUTING -s 10.214.0.0/19 -o tun-alb-3 -j SNAT --to-source 185.66.194.13
-A POSTROUTING -s 185.66.194.13/32 -o icvpn -j SNAT --to-source 10.214.0.7
COMMIT
*filter
:INPUT ACCEPT [89:7962]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [102:9578]
-A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
COMMIT
/etc/sysctl.conf
net.ipv4.ip_forward = 1
net.ipv4.conf.all.rp_filter = 0
net.ipv4.conf.default.rp_filter = 0
net.ipv6.conf.all.forwarding = 1
net.ipv6.conf.all.autoconf = 0
net.ipv6.conf.default.autoconf = 0
net.ipv6.conf.eth0.autoconf = 0
net.ipv6.conf.all.accept_ra = 0
net.ipv6.conf.default.accept_ra = 0
net.ipv6.conf.eth0.accept_ra = 0
net.bridge.bridge-nf-call-arptables = 0
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.core.rmem_max = 1024000
radvd:
/etc/radvd.conf
interface br0 {
IgnoreIfMissing on;
AdvSendAdvert on;
MinRtrAdvInterval 10;
MaxRtrAdvInterval 30;
AdvSourceLLAddress off;
AdvManagedFlag off;
AdvOtherConfigFlag off;
AdvReachableTime 0;
AdvRetransTimer 0;
AdvCurHopLimit 64;
AdvHomeAgentFlag off;
AdvDefaultPreference medium;
prefix fdf7:6d4f:b77a:cafe::/64 {
AdvValidLifetime 10800;
AdvPreferredLifetime 3600;
AdvOnLink on;
AdvAutonomous on;
};
prefix 2a03:2260:a:a::/64 {
AdvValidLifetime 10800;
AdvPreferredLifetime 3600;
AdvOnLink on;
AdvAutonomous on;
};
RDNSS 2a03:2260:a:a::5 {
AdvRDNSSLifetime 300;
};
DNSSL freifunk-karlsruhe.de {
AdvDNSSLLifetime 300;
};
};
DHCP:
/etc/dhcp/dhcpd.conf
ddns-update-style none;
default-lease-time 600;
max-lease-time 7200;
log-facility local7;
subnet 10.214.48.0 netmask 255.255.248.0 {
range 10.214.48.1 10.214.55.254;
option routers 10.214.0.7
option domain-name-servers 10.214.0.3
}
fastd:
/etc/fastd/ffka/fastd.conf
bind any:10000 interface "eth0";
interface "mesh-vpn";
user "nobody";
mode tap;
method "salsa2012+umac";
method "salsa2012+gmac";
method "null+salsa2012+umac";
mtu 1406;
include "secret.conf";
secure handshakes yes;
log to syslog level debug;
hide mac addresses yes;
hide ip addresses yes;
status socket "
/var/tmp/fastd.ffka.sock
";
on verify "
/etc/fastd/fastd-blacklist.sh $PEER_KEY
";
include peers from "
peers
";
on up "
ip link set dev $INTERFACE address aa:ff:ca:ca:fe:01
ip link set dev $INTERFACE up
ifup bat0
batctl if add $INTERFACE
";
Backbone:
much more voodoo..