VPN zentral-Server-skript: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
K (skripte! heja! fein!) |
Glenn (Diskussion | Beiträge) (katspec Kategorie:Ideen) |
||
(3 dazwischenliegende Versionen von 2 Benutzern werden nicht angezeigt) | |||
Zeile 10: | Zeile 10: | ||
fkt_write_olsrd_conf() { | fkt_write_olsrd_conf() { | ||
fkt_infotext "generating olsrd.conf ..." | fkt_infotext "generating olsrd.conf ..." | ||
− | + | cp /etc/olsrd.conf_head /etc/olsrd.conf | |
− | awk '/ifup/ {print $3,$12}' /etc/vtund.conf | + | awk '/ifup/ {print $3,$12}' /etc/vtund.conf| |
+ | while read IFACE NODE | ||
+ | do | ||
+ | cat>>/etc/olsrd.conf<<EOF | ||
+ | |||
+ | Interface "$IFACE" { | ||
+ | HelloInterval 50.0 | ||
+ | HelloValidityTime 900.0 | ||
+ | TcInterval 30.0 | ||
+ | TcValidityTime 2700.0 | ||
+ | MidInterval 150.0 | ||
+ | MidValidityTime 2700.0 | ||
+ | HnaInterval 150.0 | ||
+ | HnaValidityTime 900.0 | ||
+ | |||
+ | Ip4Broadcast 10.63.$NODE.253 | ||
+ | LinkQualityMult default 0.1 | ||
+ | } | ||
+ | EOF | ||
+ | done | ||
+ | } | ||
+ | |||
+ | fkt_netcount_start() { | ||
+ | fkt_infotext "installing netfilter counters ..." | ||
+ | iptables -N vpn_user_outgoing | ||
+ | iptables -N vpn_olsr_outgoing | ||
+ | iptables -N vpn_user_incoming | ||
+ | iptables -N vpn_olsr_incoming | ||
+ | iptables -I OUTPUT -o tap+ -j vpn_user_outgoing | ||
+ | iptables -I OUTPUT -o tap+ -p udp --sport 698 -j vpn_olsr_outgoing | ||
+ | iptables -I INPUT -i tap+ -j vpn_user_incoming | ||
+ | iptables -I INPUT -i tap+ -p udp --dport 698 -j vpn_olsr_incoming | ||
+ | awk '/ifup/ {print $3}' /etc/vtund.conf| | ||
+ | while read IFACE | ||
+ | do | ||
+ | iptables -I vpn_user_outgoing -i $IFACE -j ACCEPT | ||
+ | iptables -I vpn_olsr_outgoing -i $IFACE -j ACCEPT | ||
+ | iptables -I vpn_user_incoming -i $IFACE -j ACCEPT | ||
+ | iptables -I vpn_olsr_incoming -i $IFACE -j ACCEPT | ||
+ | |||
+ | done | ||
+ | } | ||
+ | |||
+ | fkt_netcount_stop() { | ||
+ | fkt_infotext "deleting netfilter counters ..." | ||
+ | iptables -D OUTPUT -o tap+ -j vpn_user_outgoing | ||
+ | iptables -D OUTPUT -o tap+ -p udp --sport 698 -j vpn_olsr_outgoing | ||
+ | iptables -D INPUT -i tap+ -j vpn_user_incoming | ||
+ | iptables -D INPUT -i tap+ -p udp --dport 698 -j vpn_olsr_incoming | ||
+ | iptables -F vpn_olsr_outgoing | ||
+ | iptables -F vpn_user_outgoing | ||
+ | iptables -F vpn_olsr_incoming | ||
+ | iptables -F vpn_user_incoming | ||
+ | iptables -X vpn_olsr_outgoing | ||
+ | iptables -X vpn_user_outgoing | ||
+ | iptables -X vpn_olsr_incoming | ||
+ | iptables -X vpn_user_incoming | ||
} | } | ||
Zeile 47: | Zeile 103: | ||
start) | start) | ||
fkt_write_olsrd_conf | fkt_write_olsrd_conf | ||
+ | fkt_netcount_start | ||
fkt_start_vtund | fkt_start_vtund | ||
fkt_start_olsrd | fkt_start_olsrd | ||
Zeile 53: | Zeile 110: | ||
fkt_kill_olsrd | fkt_kill_olsrd | ||
fkt_kill_vtund | fkt_kill_vtund | ||
+ | fkt_netcount_stop | ||
;; | ;; | ||
restart) | restart) | ||
Zeile 65: | Zeile 123: | ||
;; | ;; | ||
esac | esac | ||
+ | </pre> | ||
+ | |||
+ | =Datei: /etc/olsrd.conf_head= | ||
+ | <pre> | ||
+ | DebugLevel 0 | ||
+ | IpVersion 4 | ||
+ | AllowNoInt yes | ||
+ | Pollrate 0.05 | ||
+ | TcRedundancy 2 | ||
+ | MprCoverage 7 | ||
+ | UseHysteresis no | ||
+ | LinkQualityFishEye 0 | ||
+ | LinkQualityWinSize 100 | ||
+ | LinkQualityDijkstraLimit 0 5.0 | ||
+ | LinkQualityLevel 2 | ||
+ | |||
+ | # | ||
+ | # Achtung! Aenderungen nur in /etc/olsrd.conf_head machen! Siehe /etc/init.d/vpn! | ||
+ | # | ||
+ | |||
+ | #LoadPlugin "olsrd_quagga.so.0.2.2" | ||
+ | #{ | ||
+ | # PlParam "redistribute" "bgp" | ||
+ | #} | ||
+ | |||
+ | Hna4 { | ||
+ | 10.63.30.252 255.255.255.252 | ||
+ | 10.63.30.0 255.255.255.240 | ||
+ | 104.63.30.0 255.255.255.240 | ||
+ | 104.61.0.0 255.255.0.0 | ||
+ | } | ||
+ | |||
+ | IpcConnect { | ||
+ | MaxConnections 1 | ||
+ | Host 127.0.0.1 | ||
+ | Net 10.63.0.0 255.0.0.0 | ||
+ | } | ||
+ | Interface "venet0" { | ||
+ | HelloInterval 5.0 | ||
+ | HelloValidityTime 90.0 | ||
+ | TcInterval 3.0 | ||
+ | TcValidityTime 270.0 | ||
+ | MidInterval 15.0 | ||
+ | MidValidityTime 270.0 | ||
+ | HnaInterval 15.0 | ||
+ | HnaValidityTime 90.0 | ||
+ | |||
+ | Ip4Broadcast 10.63.30.254 | ||
+ | LinkQualityMult default 0.1 | ||
+ | } | ||
</pre> | </pre> | ||
Zeile 85: | Zeile 193: | ||
stonebridge {device tap11 ; passwd ff ; up{program "/etc/init.d/vpn ifup %% 39 ";};} | stonebridge {device tap11 ; passwd ff ; up{program "/etc/init.d/vpn ifup %% 39 ";};} | ||
heller_und_pfennig {device tap12 ; passwd ff ; up{program "/etc/init.d/vpn ifup %% 224 ";};} | heller_und_pfennig {device tap12 ; passwd ff ; up{program "/etc/init.d/vpn ifup %% 224 ";};} | ||
+ | </pre> | ||
− | + | [[Kategorie:Ideen]] |
Aktuelle Version vom 11. März 2008, 07:58 Uhr
Datei: /etc/init.d/vpn
#!/bin/sh fkt_infotext() { logger -p daemon.info -t $0 $1 echo $1 } fkt_write_olsrd_conf() { fkt_infotext "generating olsrd.conf ..." cp /etc/olsrd.conf_head /etc/olsrd.conf awk '/ifup/ {print $3,$12}' /etc/vtund.conf| while read IFACE NODE do cat>>/etc/olsrd.conf<<EOF Interface "$IFACE" { HelloInterval 50.0 HelloValidityTime 900.0 TcInterval 30.0 TcValidityTime 2700.0 MidInterval 150.0 MidValidityTime 2700.0 HnaInterval 150.0 HnaValidityTime 900.0 Ip4Broadcast 10.63.$NODE.253 LinkQualityMult default 0.1 } EOF done } fkt_netcount_start() { fkt_infotext "installing netfilter counters ..." iptables -N vpn_user_outgoing iptables -N vpn_olsr_outgoing iptables -N vpn_user_incoming iptables -N vpn_olsr_incoming iptables -I OUTPUT -o tap+ -j vpn_user_outgoing iptables -I OUTPUT -o tap+ -p udp --sport 698 -j vpn_olsr_outgoing iptables -I INPUT -i tap+ -j vpn_user_incoming iptables -I INPUT -i tap+ -p udp --dport 698 -j vpn_olsr_incoming awk '/ifup/ {print $3}' /etc/vtund.conf| while read IFACE do iptables -I vpn_user_outgoing -i $IFACE -j ACCEPT iptables -I vpn_olsr_outgoing -i $IFACE -j ACCEPT iptables -I vpn_user_incoming -i $IFACE -j ACCEPT iptables -I vpn_olsr_incoming -i $IFACE -j ACCEPT done } fkt_netcount_stop() { fkt_infotext "deleting netfilter counters ..." iptables -D OUTPUT -o tap+ -j vpn_user_outgoing iptables -D OUTPUT -o tap+ -p udp --sport 698 -j vpn_olsr_outgoing iptables -D INPUT -i tap+ -j vpn_user_incoming iptables -D INPUT -i tap+ -p udp --dport 698 -j vpn_olsr_incoming iptables -F vpn_olsr_outgoing iptables -F vpn_user_outgoing iptables -F vpn_olsr_incoming iptables -F vpn_user_incoming iptables -X vpn_olsr_outgoing iptables -X vpn_user_outgoing iptables -X vpn_olsr_incoming iptables -X vpn_user_incoming } fkt_start_vtund() { fkt_infotext "starting vtun-daemon ..." vtund -f /etc/vtund.conf -s } fkt_start_olsrd() { fkt_infotext "starting olsr-daemon ..." olsrd -f /etc/olsrd.conf -d 0 } fkt_kill_olsrd() { fkt_infotext "ending olsrd-process ..." PID=$(pidof olsrd) test ! -z "$PID" && kill $PID } fkt_kill_vtund() { fkt_infotext "ending vtund-process ..." PID=$(pidof vtund) test ! -z "$PID" && kill $PID } fkt_interface_up() { fkt_infotext "starting interface $1 for node $2 ..." ip addr add dev $1 10.63.$2.254/30 brd 10.63.$2.255 ip link set $1 mtu 1450 up fkt_infotext "setting host-routes for node $2 ..." ip route add 10.63.$2.253 dev $1 } case $1 in start) fkt_write_olsrd_conf fkt_netcount_start fkt_start_vtund fkt_start_olsrd ;; stop) fkt_kill_olsrd fkt_kill_vtund fkt_netcount_stop ;; restart) $0 stop $0 start ;; ifup) fkt_interface_up $2 $3 ;; *) echo "Usage: $0 (start|stop|restart|ifup INTERFACE NODE)" ;; esac
Datei: /etc/olsrd.conf_head
DebugLevel 0 IpVersion 4 AllowNoInt yes Pollrate 0.05 TcRedundancy 2 MprCoverage 7 UseHysteresis no LinkQualityFishEye 0 LinkQualityWinSize 100 LinkQualityDijkstraLimit 0 5.0 LinkQualityLevel 2 # # Achtung! Aenderungen nur in /etc/olsrd.conf_head machen! Siehe /etc/init.d/vpn! # #LoadPlugin "olsrd_quagga.so.0.2.2" #{ # PlParam "redistribute" "bgp" #} Hna4 { 10.63.30.252 255.255.255.252 10.63.30.0 255.255.255.240 104.63.30.0 255.255.255.240 104.61.0.0 255.255.0.0 } IpcConnect { MaxConnections 1 Host 127.0.0.1 Net 10.63.0.0 255.0.0.0 } Interface "venet0" { HelloInterval 5.0 HelloValidityTime 90.0 TcInterval 3.0 TcValidityTime 270.0 MidInterval 15.0 MidValidityTime 270.0 HnaInterval 15.0 HnaValidityTime 90.0 Ip4Broadcast 10.63.30.254 LinkQualityMult default 0.1 }
Datei: /etc/vtund.conf
default {type ether; compress no; encrypt no; keepalive no; multi no; stat no; } j2a {device tap0 ; passwd ff ; up{program "/etc/init.d/vpn ifup %% 82 ";};} rembrandt {device tap1 ; passwd ff ; up{program "/etc/init.d/vpn ifup %% 41 ";};} l18a_roof {device tap2 ; passwd ff ; up{program "/etc/init.d/vpn ifup %% 1 ";};} rex {device tap3 ; passwd ff ; up{program "/etc/init.d/vpn ifup %% 54 ";};} ranger {device tap4 ; passwd ff ; up{program "/etc/init.d/vpn ifup %% 20 ";};} Bode {device tap5 ; passwd ff ; up{program "/etc/init.d/vpn ifup %% 37 ";};} hababusch {device tap6 ; passwd ff ; up{program "/etc/init.d/vpn ifup %% 33 ";};} t65uplink {device tap7 ; passwd ff ; up{program "/etc/init.d/vpn ifup %% 62 ";};} weimarwest {device tap8 ; passwd ff ; up{program "/etc/init.d/vpn ifup %% 87 ";};} trierer7 {device tap9 ; passwd ff ; up{program "/etc/init.d/vpn ifup %% 120 ";};} m18-ping02 {device tap10 ; passwd ff ; up{program "/etc/init.d/vpn ifup %% 2 ";};} stonebridge {device tap11 ; passwd ff ; up{program "/etc/init.d/vpn ifup %% 39 ";};} heller_und_pfennig {device tap12 ; passwd ff ; up{program "/etc/init.d/vpn ifup %% 224 ";};}