Troisdorf-Supernode

Aus Freifunk Rheinland e.V.
Version vom 29. Juli 2015, 10:17 Uhr von Stefan.hoffmann90 (Diskussion | Beiträge) (Die Seite wurde neu angelegt: „= Bemerkungen = Server die sich im Mesh mit diesem Howto anmelden, werden in der Map nur mit der MAC Adresse angezeigt. Bitte meldet euch und Teilt und den Na…“)
(Unterschied) ← Nächstältere Version | Aktuelle Version (Unterschied) | Nächstjüngere Version → (Unterschied)
Zur Navigation springen Zur Suche springen

Bemerkungen

Server die sich im Mesh mit diesem Howto anmelden, werden in der Map nur mit der MAC Adresse angezeigt. Bitte meldet euch und Teilt und den Namen des Servers mit, damit dieser in die Aliases.json eingetragen werden kann.

Installation

Grundlage: Debian 7

Edit /etc/apt/sources.list

nano  /etc/apt/sources.list 

and add this:

deb http://repo.universe-factory.net/debian/ sid main
deb http://http.debian.net/debian wheezy-backports main

Add Keys:

gpg --keyserver pgpkeys.mit.edu --recv-key  16EF3F64CB201D9C
gpg -a --export 16EF3F64CB201D9C | apt-key add -

Update and install:

apt-get update
apt-get install git make gcc build-essential linux-headers-$(uname -r) pkg-config libgps-dev libnl-3-dev libjansson-dev fastd openvpn isc-dhcp-server

Install Batman, batctl and alfred

cd /tmp

git clone git://git.open-mesh.org/batman-adv.git
cd batman-adv
git checkout v2014.3.0
make
make install

cd ../

git clone http://git.open-mesh.org/batctl.git
cd batctl
git checkout v2014.3.0
make
make install

cd ../

git clone http://git.open-mesh.org/alfred.git
cd alfred
git checkout v2014.3.0
make 
make install

Configuration:

Fastd

Generate fastd Keys

fastd Keys bereits fertig. Bitte bei Stefan anfragen

Add Directories

mkdir /etc/fastd/tro
mkdir /etc/fastd/servers
mkdir /etc/fastd/servers/tro

Add your Secret:

nano /etc/fastd/tro/secret.conf
secret "SECRETKEY";

fastd Config:

nano /etc/fastd/tro/fastd.conf
bind *SERVERIP*:53840;
bind [*IPv6IP*]:53840; #Only if available 
include "secret.conf";
include peers from "/etc/fastd/servers/tro";
interface "fastd-tro";
log level info;
method "aes128-gcm";
method "salsa2012+umac";
method "salsa2012+gmac";
method "xsalsa20-poly1305";
mtu 1312;

on verify "
/etc/fastd/tro/fastd-blacklist.sh $PEER_KEY
";

on up "
 modprobe batman-adv
 ip link set address xx:xx:xx:xx:xx dev fastd-tro #Bitte MAC Adresse aus Auflistung der Supernodes verwenden
 ip link set up dev fastd-tro
 batctl -m bat0 if add fastd-tro
 batctl -m bat0 it 5000
 batctl -m bat0 bl enable
 ip rule add from all fwmark 0x1 table 42
 ip link set up dev bat0
 ip addr add 10.188.0.[51-54]/16 broadcast 10.188.255.255 dev bat0 #Change IP to a available Address in the mesh network
 ip -6 addr add fda0:747e:ab29:7405::[51-54]/64 dev bat0 #Change IP to a available Address in the mesh network
 ";

fastd-blacklist.sh

#!/bin/bash
PEER_KEY=$1

if /bin/grep -Fq $PEER_KEY /etc/fastd/tro/fastd-blacklist.json; then
	exit 1
else
	exit 0
fi

fastd-blacklist.json

{
  "peers": 
 [
   {
     "pubkey": "5f4965072a034996589112e0101fcaa30360e8d36b22fd86f5d0512effd85286",
     "comment": "2015-08-01 interconnecting CHRlS"
   },
   {
     "pubkey": "13ffef2d2535c4d391a15e53303a4979e524d7c9e5473a7596b59899e950cf8d",
     "comment": "2015-09-01 interconnecting CHRlS"
   },
   {
     "pubkey": "d05810068dfbe559463de2ba6cee861c3a910560f446c78fd4479f4a508e052d",
     "comment": "Bridged communities! //CyrusFox"
   }
 ]
}


Add Server connection:

nano /etc/fastd/servers/tro/SERVERNAME
key "PUBLIC KEY OF SERVER";
remote "IP OR DNS OF SERVER" port 53840;

////////////////////////////Availabe Servers//////////////////////////////////////

key "6eae041199ee627689bfa026afbd8a9ab299eca8aed4144321d098cffd62668e";
remote "1.wupper.ffrl.de" port 53842;
key "b7f319d59d8383ba813c3503416bca45f70852e4d207b1743bb6cdca1e30d9f5";
remote "2.wupper.ffrl.de" port 53842;
key "c8f3d1d10b0d6389e39c3c3cb08adfa3123e821fd5bfd6262d2161d80ee4b06c";
remote "3.wupper.ffrl.de" port 53842;
key "5e7fa122990dbc34b8cae7ece2cd4ef919d3f8c23a674b7bbcf05bfebe6a6e8a";
remote "4.wupper.ffrl.de" port 53842;

//////////////////////////////////////////////////////////////////////////////////

OpenVPN

Openvpn Config gibts bei Stefan

DHCP

/etc/dhcp/dhcpd.conf

ddns-update-style none;
option domain-name "fftdf";
default-lease-time 300;
max-lease-time 3600;
log-facility local7;
subnet 10.188.0.0 netmask 255.255.0.0 {
authoritative;
range 10.188.XXX.1 10.188.XXX.254;
option domain-name-servers 10.188.1.100, 10.188.1.23;
option routers 10.188.1.[51-54];
interface bat0;
}

Check Gateway Script

Läuft per Cron jede minute

#!/bin/bash
INTERFACE=mullvad        # Set to name of VPN interface
shopt -s nullglob

# Test whether gateway is connected to the outer world via VPN
ping -q -I $INTERFACE 8.8.8.8 -c 4 -i 1 -W 5 >/dev/null 2>&1

if test $? -eq 0; then
    NEW_STATE=server
else
    NEW_STATE=off
fi

# Iterate through network interfaces in sys file system
for MESH in /sys/class/net/*/mesh; do
# Check whether gateway modus needs to be changed
OLD_STATE="$(cat $MESH/gw_mode)"
[ "$OLD_STATE" == "$NEW_STATE" ] && continue
   echo $NEW_STATE > $MESH/gw_mode
   echo 92MBit/92MBit > $MESH/gw_bandwidth
   logger "batman gateway mode changed to $NEW_STATE"

   # Check whether gateway modus has been deactivated
   if [ "$NEW_STATE" == "off" ]; then
       # Shutdown DHCP server to prevent renewal of leases
       /usr/sbin/service isc-dhcp-server stop
   fi

   # Check whether gateway modus has been activated
   if [ "$NEW_STATE" == "server" ]; then
       # Restart DHCP server
       /usr/sbin/service isc-dhcp-server start
   fi
   exit 0
done

if [ "$NEW_STATE" == "server" ]; then
   /usr/sbin/service isc-dhcp-server status 2>&1> /dev/null
   if $? -ne 0 
   then
       /usr/sbin/service isc-dhcp-server restart
   fi
fi
if [ "$NEW_STATE" == "off" ]; then
   /usr/sbin/service isc-dhcp-server status 2>&1> /dev/null
   if $? -eq 0 
   then
       /usr/sbin/service isc-dhcp-server stop
   fi
fi

Ich habe bei meinen Servern das Problem, das die Dienste nicht in Richtiger Rheienfolge geladen werden und desswegen nichts funktioniert. Desswegen habe ich noch ein script, welches beim rebooten ausgeführt wird und die Dienste Richtig startet.

nano ~/fastdreboot.sh
#!/bin/sh
sleep 60 && /etc/init.d/fastd restart && \
   (\
   killall alfred
   killall batadv-vis
   sleep 5 && alfred -i bat0 > /dev/null 2>&1 & \
   sleep 15 && batadv-vis -i bat0 -s > /dev/null 2>&1 & \
   )


Dieses einfach nach dem Reboot ausführen.