VPN zentral: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
(→Wie) |
(sicherheitskopie vom aktuellen stand 8-)) |
||
| Zeile 100: | Zeile 100: | ||
LinkQualityMult 10.63.254.214 0.1 | LinkQualityMult 10.63.254.214 0.1 | ||
} | } | ||
| + | </pre> | ||
| + | |||
| + | ===Skript bzw. fertiges Programm=== | ||
| + | * nach <tt>/etc/init.d/S52.weimarnetz.vpn_starten</tt> kopieren... | ||
| + | <pre> | ||
| + | #!/bin/sh | ||
| + | |||
| + | THIS="$(nvram get wifi_ipaddr|cut -d'.' -f3)" | ||
| + | OLSR="/etc/local.olsrd.conf" | ||
| + | CFG="/etc/vtund.conf" | ||
| + | VPN="10.63.254" | ||
| + | SRV="214" | ||
| + | LST="41 82 42 37 62 54 135 87 1" | ||
| + | # 0) 41 jens/rembrandt | ||
| + | # 1) 82 jakob2a | ||
| + | # 2) 42 kraska | ||
| + | # 3) 37 lennerhardt/wbode13 | ||
| + | # 4) 62 trierer65 | ||
| + | # 5) 54 kunstturm | ||
| + | # 6) 135 saxman/schwansee | ||
| + | # 7) 87 alfi/weimarwest | ||
| + | # 8) 1 liszt18a | ||
| + | # 9) ????? | ||
| + | CNT="-1" | ||
| + | |||
| + | rm $OLSR | ||
| + | rm $CFG | ||
| + | killall vtund | ||
| + | |||
| + | if [ "$THIS" = "214" ] | ||
| + | then | ||
| + | echo >$CFG "default {" | ||
| + | echo >>$CFG " proto udp;" | ||
| + | echo >>$CFG " type tun;" | ||
| + | echo >>$CFG " compress no;" | ||
| + | echo >>$CFG " encrypt no;" | ||
| + | echo >>$CFG " keepalive yes;" | ||
| + | echo >>$CFG " multi yes;" | ||
| + | echo >>$CFG " stat no;" | ||
| + | echo >>$CFG "}" | ||
| + | for CLIENT in $LST | ||
| + | do let CNT+=1 | ||
| + | echo >>$CFG "client$CNT {" | ||
| + | echo >>$CFG " passwd bla;" | ||
| + | echo >>$CFG " device tun$CNT;" | ||
| + | echo >>$CFG " up {" | ||
| + | echo >>$CFG " program \"ip addr add $VPN.$THIS peer $VPN.$CLIENT dev %%; ip link set %% mtu 1450 up\";" | ||
| + | echo >>$CFG " };" | ||
| + | echo >>$CFG "}" | ||
| + | echo >>$OLSR "Interface \"tun$CNT\"" | ||
| + | echo >>$OLSR "{" | ||
| + | echo >>$OLSR "HelloInterval 5.0" | ||
| + | echo >>$OLSR "HelloValidityTime 90.0" | ||
| + | echo >>$OLSR "TcInterval 3.0" | ||
| + | echo >>$OLSR "TcValidityTime 270.0" | ||
| + | echo >>$OLSR "MidInterval 15.0" | ||
| + | echo >>$OLSR "MidValidityTime 270.0" | ||
| + | echo >>$OLSR "HnaInterval 15.0" | ||
| + | echo >>$OLSR "HnaValidityTime 90.0" | ||
| + | echo >>$OLSR " " | ||
| + | echo >>$OLSR "Ip4Broadcast $VPN.$CLIENT" | ||
| + | echo >>$OLSR "}" | ||
| + | #iptables -I POSTROUTING -t nat -o tun$CNT -j MASQUERADE | ||
| + | done | ||
| + | vtund -s | ||
| + | else | ||
| + | CNT=0;for IP in $LST;do if [ "$IP" = "$THIS" ];then NUMMER=$CNT;fi;let CNT+=1;done | ||
| + | echo >$CFG "client$NUMMER {" | ||
| + | echo >>$CFG " passwd bla;" | ||
| + | echo >>$CFG " device tun$NUMMER;" | ||
| + | echo >>$CFG " persist yes;" | ||
| + | echo >>$CFG " up {" | ||
| + | echo >>$CFG " program \"ip addr add dev %% $VPN.$THIS peer $VPN.$SRV; ip link set %% mtu 1450 up\";" | ||
| + | echo >>$CFG " };" | ||
| + | echo >>$CFG "}" | ||
| + | echo >>$OLSR "Interface \"tun$NUMMER\"" | ||
| + | echo >>$OLSR "{" | ||
| + | echo >>$OLSR "HelloInterval 5.0" | ||
| + | echo >>$OLSR "HelloValidityTime 90.0" | ||
| + | echo >>$OLSR "TcInterval 3.0" | ||
| + | echo >>$OLSR "TcValidityTime 270.0" | ||
| + | echo >>$OLSR "MidInterval 15.0" | ||
| + | echo >>$OLSR "MidValidityTime 270.0" | ||
| + | echo >>$OLSR "HnaInterval 15.0" | ||
| + | echo >>$OLSR "HnaValidityTime 90.0" | ||
| + | echo >>$OLSR " " | ||
| + | echo >>$OLSR "Ip4Broadcast $VPN.214" | ||
| + | echo >>$OLSR "LinkQualityMult $VPN.214 0.1" | ||
| + | echo >>$OLSR "}" | ||
| + | vtund client$NUMMER 141.54.160.25 | ||
| + | fi | ||
| + | |||
| + | sleep 120 | ||
</pre> | </pre> | ||
Version vom 28. September 2006, 19:18 Uhr
Warum
- Damit alle DSLer einen zusaetzlichen Nachbarn bekommen, wird
- ein VPN Router im Internet (=M18) aufgestellt.
- Strecken ueber viele Hops werden dann durch den Tunnel geleitet.
Wie
- die Software der Wahl ist vtun
- es wird ein unauthentifizierter, unverschluesselter und unkomprimierter Tunnel gegraben
- unten beschriebene Funktion wird in die Firmware eingebaut und kann per "Mausklick" angeschaltet werden
Teilnehmer
- folgende Strecken werden mittlerweile ueberbrueckt:
- M18 --- Rembrandtweg
- M18 --- Jakob2a
- M18 --- Trierer65
- M18 --- WilhelmBode13
Installation
- Installation mit: ipkg update; ipkg install vtund
- KonfigDatei ist dann /etc/vtund.conf
Konfiguration (Server)
- Server steht in der M18 und ist ein normaler Linksys mit oeffentlicher IP-Adresse
- Freifunk-IP ist die 10.63.254.214 auf dem VPN-Interface
- die Clients sind dann jeweils die 254.41 und 254.82
- Aufruf mit: vtund -s
- Konfigdatei /etc/vtund.conf
default {
proto udp;
type tun;
compress no;
encrypt no;
keepalive yes;
multi yes;
stat no;
}
client0 {
passwd bla;
device tun0;
up {
program "ip addr add 10.63.254.214 peer 10.63.254.41 dev %%; ip link set %% mtu 1450 up";
};
}
client1 {
passwd bla;
device tun1;
up {
program "ip addr add 10.63.254.214 peer 10.63.254.82 dev %%; ip link set %% mtu 1450 up";
};
}
- Konfigdatei /etc/local.olsrd.conf fuer das Interface tun0, die anderen werden entsprechend angehangen
Interface "tun0"
{
HelloInterval 5.0
HelloValidityTime 90.0
TcInterval 3.0
TcValidityTime 270.0
MidInterval 15.0
MidValidityTime 270.0
HnaInterval 15.0
HnaValidityTime 90.0
Ip4Broadcast 10.63.254.41
}
Konfiguration (Client)
- Client ist jeder Internetuebergabepunkt (z.b. ein DSLer)
- Aufruf mit: vtund vpn 141.54.160.25
client0 {
passwd bla;
device tun0;
persist yes;
up {
program "ip addr add dev %% 10.63.254.41 peer 10.63.254.214; ip link set %% mtu 1450 up";
};
}
- Konfigdatei /etc/local.olsrd.conf
Interface "tun0"
{
HelloInterval 5.0
HelloValidityTime 90.0
TcInterval 3.0
TcValidityTime 270.0
MidInterval 15.0
MidValidityTime 270.0
HnaInterval 15.0
HnaValidityTime 90.0
Ip4Broadcast 10.63.254.214
LinkQualityMult 10.63.254.214 0.1
}
Skript bzw. fertiges Programm
- nach /etc/init.d/S52.weimarnetz.vpn_starten kopieren...
#!/bin/sh
THIS="$(nvram get wifi_ipaddr|cut -d'.' -f3)"
OLSR="/etc/local.olsrd.conf"
CFG="/etc/vtund.conf"
VPN="10.63.254"
SRV="214"
LST="41 82 42 37 62 54 135 87 1"
# 0) 41 jens/rembrandt
# 1) 82 jakob2a
# 2) 42 kraska
# 3) 37 lennerhardt/wbode13
# 4) 62 trierer65
# 5) 54 kunstturm
# 6) 135 saxman/schwansee
# 7) 87 alfi/weimarwest
# 8) 1 liszt18a
# 9) ?????
CNT="-1"
rm $OLSR
rm $CFG
killall vtund
if [ "$THIS" = "214" ]
then
echo >$CFG "default {"
echo >>$CFG " proto udp;"
echo >>$CFG " type tun;"
echo >>$CFG " compress no;"
echo >>$CFG " encrypt no;"
echo >>$CFG " keepalive yes;"
echo >>$CFG " multi yes;"
echo >>$CFG " stat no;"
echo >>$CFG "}"
for CLIENT in $LST
do let CNT+=1
echo >>$CFG "client$CNT {"
echo >>$CFG " passwd bla;"
echo >>$CFG " device tun$CNT;"
echo >>$CFG " up {"
echo >>$CFG " program \"ip addr add $VPN.$THIS peer $VPN.$CLIENT dev %%; ip link set %% mtu 1450 up\";"
echo >>$CFG " };"
echo >>$CFG "}"
echo >>$OLSR "Interface \"tun$CNT\""
echo >>$OLSR "{"
echo >>$OLSR "HelloInterval 5.0"
echo >>$OLSR "HelloValidityTime 90.0"
echo >>$OLSR "TcInterval 3.0"
echo >>$OLSR "TcValidityTime 270.0"
echo >>$OLSR "MidInterval 15.0"
echo >>$OLSR "MidValidityTime 270.0"
echo >>$OLSR "HnaInterval 15.0"
echo >>$OLSR "HnaValidityTime 90.0"
echo >>$OLSR " "
echo >>$OLSR "Ip4Broadcast $VPN.$CLIENT"
echo >>$OLSR "}"
#iptables -I POSTROUTING -t nat -o tun$CNT -j MASQUERADE
done
vtund -s
else
CNT=0;for IP in $LST;do if [ "$IP" = "$THIS" ];then NUMMER=$CNT;fi;let CNT+=1;done
echo >$CFG "client$NUMMER {"
echo >>$CFG " passwd bla;"
echo >>$CFG " device tun$NUMMER;"
echo >>$CFG " persist yes;"
echo >>$CFG " up {"
echo >>$CFG " program \"ip addr add dev %% $VPN.$THIS peer $VPN.$SRV; ip link set %% mtu 1450 up\";"
echo >>$CFG " };"
echo >>$CFG "}"
echo >>$OLSR "Interface \"tun$NUMMER\""
echo >>$OLSR "{"
echo >>$OLSR "HelloInterval 5.0"
echo >>$OLSR "HelloValidityTime 90.0"
echo >>$OLSR "TcInterval 3.0"
echo >>$OLSR "TcValidityTime 270.0"
echo >>$OLSR "MidInterval 15.0"
echo >>$OLSR "MidValidityTime 270.0"
echo >>$OLSR "HnaInterval 15.0"
echo >>$OLSR "HnaValidityTime 90.0"
echo >>$OLSR " "
echo >>$OLSR "Ip4Broadcast $VPN.214"
echo >>$OLSR "LinkQualityMult $VPN.214 0.1"
echo >>$OLSR "}"
vtund client$NUMMER 141.54.160.25
fi
sleep 120