VPN zentral: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
(→Wie) |
(sicherheitskopie vom aktuellen stand 8-)) |
||
Zeile 100: | Zeile 100: | ||
LinkQualityMult 10.63.254.214 0.1 | LinkQualityMult 10.63.254.214 0.1 | ||
} | } | ||
+ | </pre> | ||
+ | |||
+ | ===Skript bzw. fertiges Programm=== | ||
+ | * nach <tt>/etc/init.d/S52.weimarnetz.vpn_starten</tt> kopieren... | ||
+ | <pre> | ||
+ | #!/bin/sh | ||
+ | |||
+ | THIS="$(nvram get wifi_ipaddr|cut -d'.' -f3)" | ||
+ | OLSR="/etc/local.olsrd.conf" | ||
+ | CFG="/etc/vtund.conf" | ||
+ | VPN="10.63.254" | ||
+ | SRV="214" | ||
+ | LST="41 82 42 37 62 54 135 87 1" | ||
+ | # 0) 41 jens/rembrandt | ||
+ | # 1) 82 jakob2a | ||
+ | # 2) 42 kraska | ||
+ | # 3) 37 lennerhardt/wbode13 | ||
+ | # 4) 62 trierer65 | ||
+ | # 5) 54 kunstturm | ||
+ | # 6) 135 saxman/schwansee | ||
+ | # 7) 87 alfi/weimarwest | ||
+ | # 8) 1 liszt18a | ||
+ | # 9) ????? | ||
+ | CNT="-1" | ||
+ | |||
+ | rm $OLSR | ||
+ | rm $CFG | ||
+ | killall vtund | ||
+ | |||
+ | if [ "$THIS" = "214" ] | ||
+ | then | ||
+ | echo >$CFG "default {" | ||
+ | echo >>$CFG " proto udp;" | ||
+ | echo >>$CFG " type tun;" | ||
+ | echo >>$CFG " compress no;" | ||
+ | echo >>$CFG " encrypt no;" | ||
+ | echo >>$CFG " keepalive yes;" | ||
+ | echo >>$CFG " multi yes;" | ||
+ | echo >>$CFG " stat no;" | ||
+ | echo >>$CFG "}" | ||
+ | for CLIENT in $LST | ||
+ | do let CNT+=1 | ||
+ | echo >>$CFG "client$CNT {" | ||
+ | echo >>$CFG " passwd bla;" | ||
+ | echo >>$CFG " device tun$CNT;" | ||
+ | echo >>$CFG " up {" | ||
+ | echo >>$CFG " program \"ip addr add $VPN.$THIS peer $VPN.$CLIENT dev %%; ip link set %% mtu 1450 up\";" | ||
+ | echo >>$CFG " };" | ||
+ | echo >>$CFG "}" | ||
+ | echo >>$OLSR "Interface \"tun$CNT\"" | ||
+ | echo >>$OLSR "{" | ||
+ | echo >>$OLSR "HelloInterval 5.0" | ||
+ | echo >>$OLSR "HelloValidityTime 90.0" | ||
+ | echo >>$OLSR "TcInterval 3.0" | ||
+ | echo >>$OLSR "TcValidityTime 270.0" | ||
+ | echo >>$OLSR "MidInterval 15.0" | ||
+ | echo >>$OLSR "MidValidityTime 270.0" | ||
+ | echo >>$OLSR "HnaInterval 15.0" | ||
+ | echo >>$OLSR "HnaValidityTime 90.0" | ||
+ | echo >>$OLSR " " | ||
+ | echo >>$OLSR "Ip4Broadcast $VPN.$CLIENT" | ||
+ | echo >>$OLSR "}" | ||
+ | #iptables -I POSTROUTING -t nat -o tun$CNT -j MASQUERADE | ||
+ | done | ||
+ | vtund -s | ||
+ | else | ||
+ | CNT=0;for IP in $LST;do if [ "$IP" = "$THIS" ];then NUMMER=$CNT;fi;let CNT+=1;done | ||
+ | echo >$CFG "client$NUMMER {" | ||
+ | echo >>$CFG " passwd bla;" | ||
+ | echo >>$CFG " device tun$NUMMER;" | ||
+ | echo >>$CFG " persist yes;" | ||
+ | echo >>$CFG " up {" | ||
+ | echo >>$CFG " program \"ip addr add dev %% $VPN.$THIS peer $VPN.$SRV; ip link set %% mtu 1450 up\";" | ||
+ | echo >>$CFG " };" | ||
+ | echo >>$CFG "}" | ||
+ | echo >>$OLSR "Interface \"tun$NUMMER\"" | ||
+ | echo >>$OLSR "{" | ||
+ | echo >>$OLSR "HelloInterval 5.0" | ||
+ | echo >>$OLSR "HelloValidityTime 90.0" | ||
+ | echo >>$OLSR "TcInterval 3.0" | ||
+ | echo >>$OLSR "TcValidityTime 270.0" | ||
+ | echo >>$OLSR "MidInterval 15.0" | ||
+ | echo >>$OLSR "MidValidityTime 270.0" | ||
+ | echo >>$OLSR "HnaInterval 15.0" | ||
+ | echo >>$OLSR "HnaValidityTime 90.0" | ||
+ | echo >>$OLSR " " | ||
+ | echo >>$OLSR "Ip4Broadcast $VPN.214" | ||
+ | echo >>$OLSR "LinkQualityMult $VPN.214 0.1" | ||
+ | echo >>$OLSR "}" | ||
+ | vtund client$NUMMER 141.54.160.25 | ||
+ | fi | ||
+ | |||
+ | sleep 120 | ||
</pre> | </pre> |
Version vom 28. September 2006, 19:18 Uhr
Warum
- Damit alle DSLer einen zusaetzlichen Nachbarn bekommen, wird
- ein VPN Router im Internet (=M18) aufgestellt.
- Strecken ueber viele Hops werden dann durch den Tunnel geleitet.
Wie
- die Software der Wahl ist vtun
- es wird ein unauthentifizierter, unverschluesselter und unkomprimierter Tunnel gegraben
- unten beschriebene Funktion wird in die Firmware eingebaut und kann per "Mausklick" angeschaltet werden
Teilnehmer
- folgende Strecken werden mittlerweile ueberbrueckt:
- M18 --- Rembrandtweg
- M18 --- Jakob2a
- M18 --- Trierer65
- M18 --- WilhelmBode13
Installation
- Installation mit: ipkg update; ipkg install vtund
- KonfigDatei ist dann /etc/vtund.conf
Konfiguration (Server)
- Server steht in der M18 und ist ein normaler Linksys mit oeffentlicher IP-Adresse
- Freifunk-IP ist die 10.63.254.214 auf dem VPN-Interface
- die Clients sind dann jeweils die 254.41 und 254.82
- Aufruf mit: vtund -s
- Konfigdatei /etc/vtund.conf
default { proto udp; type tun; compress no; encrypt no; keepalive yes; multi yes; stat no; } client0 { passwd bla; device tun0; up { program "ip addr add 10.63.254.214 peer 10.63.254.41 dev %%; ip link set %% mtu 1450 up"; }; } client1 { passwd bla; device tun1; up { program "ip addr add 10.63.254.214 peer 10.63.254.82 dev %%; ip link set %% mtu 1450 up"; }; }
- Konfigdatei /etc/local.olsrd.conf fuer das Interface tun0, die anderen werden entsprechend angehangen
Interface "tun0" { HelloInterval 5.0 HelloValidityTime 90.0 TcInterval 3.0 TcValidityTime 270.0 MidInterval 15.0 MidValidityTime 270.0 HnaInterval 15.0 HnaValidityTime 90.0 Ip4Broadcast 10.63.254.41 }
Konfiguration (Client)
- Client ist jeder Internetuebergabepunkt (z.b. ein DSLer)
- Aufruf mit: vtund vpn 141.54.160.25
client0 { passwd bla; device tun0; persist yes; up { program "ip addr add dev %% 10.63.254.41 peer 10.63.254.214; ip link set %% mtu 1450 up"; }; }
- Konfigdatei /etc/local.olsrd.conf
Interface "tun0" { HelloInterval 5.0 HelloValidityTime 90.0 TcInterval 3.0 TcValidityTime 270.0 MidInterval 15.0 MidValidityTime 270.0 HnaInterval 15.0 HnaValidityTime 90.0 Ip4Broadcast 10.63.254.214 LinkQualityMult 10.63.254.214 0.1 }
Skript bzw. fertiges Programm
- nach /etc/init.d/S52.weimarnetz.vpn_starten kopieren...
#!/bin/sh THIS="$(nvram get wifi_ipaddr|cut -d'.' -f3)" OLSR="/etc/local.olsrd.conf" CFG="/etc/vtund.conf" VPN="10.63.254" SRV="214" LST="41 82 42 37 62 54 135 87 1" # 0) 41 jens/rembrandt # 1) 82 jakob2a # 2) 42 kraska # 3) 37 lennerhardt/wbode13 # 4) 62 trierer65 # 5) 54 kunstturm # 6) 135 saxman/schwansee # 7) 87 alfi/weimarwest # 8) 1 liszt18a # 9) ????? CNT="-1" rm $OLSR rm $CFG killall vtund if [ "$THIS" = "214" ] then echo >$CFG "default {" echo >>$CFG " proto udp;" echo >>$CFG " type tun;" echo >>$CFG " compress no;" echo >>$CFG " encrypt no;" echo >>$CFG " keepalive yes;" echo >>$CFG " multi yes;" echo >>$CFG " stat no;" echo >>$CFG "}" for CLIENT in $LST do let CNT+=1 echo >>$CFG "client$CNT {" echo >>$CFG " passwd bla;" echo >>$CFG " device tun$CNT;" echo >>$CFG " up {" echo >>$CFG " program \"ip addr add $VPN.$THIS peer $VPN.$CLIENT dev %%; ip link set %% mtu 1450 up\";" echo >>$CFG " };" echo >>$CFG "}" echo >>$OLSR "Interface \"tun$CNT\"" echo >>$OLSR "{" echo >>$OLSR "HelloInterval 5.0" echo >>$OLSR "HelloValidityTime 90.0" echo >>$OLSR "TcInterval 3.0" echo >>$OLSR "TcValidityTime 270.0" echo >>$OLSR "MidInterval 15.0" echo >>$OLSR "MidValidityTime 270.0" echo >>$OLSR "HnaInterval 15.0" echo >>$OLSR "HnaValidityTime 90.0" echo >>$OLSR " " echo >>$OLSR "Ip4Broadcast $VPN.$CLIENT" echo >>$OLSR "}" #iptables -I POSTROUTING -t nat -o tun$CNT -j MASQUERADE done vtund -s else CNT=0;for IP in $LST;do if [ "$IP" = "$THIS" ];then NUMMER=$CNT;fi;let CNT+=1;done echo >$CFG "client$NUMMER {" echo >>$CFG " passwd bla;" echo >>$CFG " device tun$NUMMER;" echo >>$CFG " persist yes;" echo >>$CFG " up {" echo >>$CFG " program \"ip addr add dev %% $VPN.$THIS peer $VPN.$SRV; ip link set %% mtu 1450 up\";" echo >>$CFG " };" echo >>$CFG "}" echo >>$OLSR "Interface \"tun$NUMMER\"" echo >>$OLSR "{" echo >>$OLSR "HelloInterval 5.0" echo >>$OLSR "HelloValidityTime 90.0" echo >>$OLSR "TcInterval 3.0" echo >>$OLSR "TcValidityTime 270.0" echo >>$OLSR "MidInterval 15.0" echo >>$OLSR "MidValidityTime 270.0" echo >>$OLSR "HnaInterval 15.0" echo >>$OLSR "HnaValidityTime 90.0" echo >>$OLSR " " echo >>$OLSR "Ip4Broadcast $VPN.214" echo >>$OLSR "LinkQualityMult $VPN.214 0.1" echo >>$OLSR "}" vtund client$NUMMER 141.54.160.25 fi sleep 120