Troisdorf-Supernode
Zur Navigation springen
Zur Suche springen
Bemerkungen
Server die sich im Mesh mit diesem Howto anmelden, werden in der Map nur mit der MAC Adresse angezeigt. Bitte meldet euch und Teilt und den Namen des Servers mit, damit dieser in die Aliases.json eingetragen werden kann.
Installation
Grundlage: Debian 7
Edit /etc/apt/sources.list
nano /etc/apt/sources.list
and add this:
deb http://repo.universe-factory.net/debian/ sid main deb http://http.debian.net/debian wheezy-backports main
Add Keys:
gpg --keyserver pgpkeys.mit.edu --recv-key 16EF3F64CB201D9C gpg -a --export 16EF3F64CB201D9C | apt-key add -
Update and install:
apt-get update apt-get install git make gcc build-essential linux-headers-$(uname -r) pkg-config libgps-dev libnl-3-dev libjansson-dev fastd openvpn isc-dhcp-server
Install Batman, batctl and alfred
cd /tmp git clone git://git.open-mesh.org/batman-adv.git cd batman-adv git checkout v2014.3.0 make make install cd ../ git clone http://git.open-mesh.org/batctl.git cd batctl git checkout v2014.3.0 make make install cd ../ git clone http://git.open-mesh.org/alfred.git cd alfred git checkout v2014.3.0 make make install
Configuration:
Fastd
Generate fastd Keys
fastd Keys bereits fertig. Bitte bei Stefan anfragen
Add Directories
mkdir /etc/fastd/tro mkdir /etc/fastd/servers mkdir /etc/fastd/servers/tro
Add your Secret:
nano /etc/fastd/tro/secret.conf secret "SECRETKEY";
fastd Config:
nano /etc/fastd/tro/fastd.conf
bind *SERVERIP*:53840; bind [*IPv6IP*]:53840; #Only if available include "secret.conf"; include peers from "/etc/fastd/servers/tro"; interface "fastd-tro"; log level info; method "aes128-gcm"; method "salsa2012+umac"; method "salsa2012+gmac"; method "xsalsa20-poly1305"; mtu 1312; on verify " /etc/fastd/tro/fastd-blacklist.sh $PEER_KEY "; on up " modprobe batman-adv ip link set address xx:xx:xx:xx:xx dev fastd-tro #Bitte MAC Adresse aus Auflistung der Supernodes verwenden ip link set up dev fastd-tro batctl -m bat0 if add fastd-tro batctl -m bat0 it 5000 batctl -m bat0 bl enable ip rule add from all fwmark 0x1 table 42 ip link set up dev bat0 ip addr add 10.188.0.[51-54]/16 broadcast 10.188.255.255 dev bat0 #Change IP to a available Address in the mesh network ip -6 addr add fda0:747e:ab29:7405::[51-54]/64 dev bat0 #Change IP to a available Address in the mesh network ";
fastd-blacklist.sh
#!/bin/bash PEER_KEY=$1 if /bin/grep -Fq $PEER_KEY /etc/fastd/tro/fastd-blacklist.json; then exit 1 else exit 0 fi
fastd-blacklist.json
{
"peers":
[
{
"pubkey": "5f4965072a034996589112e0101fcaa30360e8d36b22fd86f5d0512effd85286",
"comment": "2015-08-01 interconnecting CHRlS"
},
{
"pubkey": "13ffef2d2535c4d391a15e53303a4979e524d7c9e5473a7596b59899e950cf8d",
"comment": "2015-09-01 interconnecting CHRlS"
},
{
"pubkey": "d05810068dfbe559463de2ba6cee861c3a910560f446c78fd4479f4a508e052d",
"comment": "Bridged communities! //CyrusFox"
}
]
}
Add Server connection:
nano /etc/fastd/servers/tro/SERVERNAME
key "PUBLIC KEY OF SERVER"; remote "IP OR DNS OF SERVER" port 53840;
////////////////////////////Availabe Servers//////////////////////////////////////
key "6eae041199ee627689bfa026afbd8a9ab299eca8aed4144321d098cffd62668e"; remote "1.wupper.ffrl.de" port 53842;
key "b7f319d59d8383ba813c3503416bca45f70852e4d207b1743bb6cdca1e30d9f5"; remote "2.wupper.ffrl.de" port 53842;
key "c8f3d1d10b0d6389e39c3c3cb08adfa3123e821fd5bfd6262d2161d80ee4b06c"; remote "3.wupper.ffrl.de" port 53842;
key "5e7fa122990dbc34b8cae7ece2cd4ef919d3f8c23a674b7bbcf05bfebe6a6e8a"; remote "4.wupper.ffrl.de" port 53842;
//////////////////////////////////////////////////////////////////////////////////
OpenVPN
Openvpn Config gibts bei Stefan
DHCP
/etc/dhcp/dhcpd.conf
ddns-update-style none;
option domain-name "fftdf";
default-lease-time 300;
max-lease-time 3600;
log-facility local7;
subnet 10.188.0.0 netmask 255.255.0.0 {
authoritative;
range 10.188.XXX.1 10.188.XXX.254;
option domain-name-servers 10.188.1.100, 10.188.1.23;
option routers 10.188.1.[51-54];
interface bat0;
}
Check Gateway Script
Läuft per Cron jede minute
#!/bin/bash
INTERFACE=mullvad # Set to name of VPN interface
shopt -s nullglob
# Test whether gateway is connected to the outer world via VPN
ping -q -I $INTERFACE 8.8.8.8 -c 4 -i 1 -W 5 >/dev/null 2>&1
if test $? -eq 0; then
NEW_STATE=server
else
NEW_STATE=off
fi
# Iterate through network interfaces in sys file system
for MESH in /sys/class/net/*/mesh; do
# Check whether gateway modus needs to be changed
OLD_STATE="$(cat $MESH/gw_mode)"
[ "$OLD_STATE" == "$NEW_STATE" ] && continue
echo $NEW_STATE > $MESH/gw_mode
echo 92MBit/92MBit > $MESH/gw_bandwidth
logger "batman gateway mode changed to $NEW_STATE"
# Check whether gateway modus has been deactivated
if [ "$NEW_STATE" == "off" ]; then
# Shutdown DHCP server to prevent renewal of leases
/usr/sbin/service isc-dhcp-server stop
fi
# Check whether gateway modus has been activated
if [ "$NEW_STATE" == "server" ]; then
# Restart DHCP server
/usr/sbin/service isc-dhcp-server start
fi
exit 0
done
if [ "$NEW_STATE" == "server" ]; then
/usr/sbin/service isc-dhcp-server status 2>&1> /dev/null
if $? -ne 0
then
/usr/sbin/service isc-dhcp-server restart
fi
fi
if [ "$NEW_STATE" == "off" ]; then
/usr/sbin/service isc-dhcp-server status 2>&1> /dev/null
if $? -eq 0
then
/usr/sbin/service isc-dhcp-server stop
fi
fi
Ich habe bei meinen Servern das Problem, das die Dienste nicht in Richtiger Rheienfolge geladen werden und desswegen nichts funktioniert. Desswegen habe ich noch ein script, welches beim rebooten ausgeführt wird und die Dienste Richtig startet.
nano ~/fastdreboot.sh
#!/bin/sh sleep 60 && /etc/init.d/fastd restart && \ (\ killall alfred killall batadv-vis sleep 5 && alfred -i bat0 > /dev/null 2>&1 & \ sleep 15 && batadv-vis -i bat0 -s > /dev/null 2>&1 & \ )
Dieses einfach nach dem Reboot ausführen.