Dies ist eine alte Version des Dokuments!
Kurzanleitung für Ubuntu 14.04 Server
Freifunk Repo zufügen und benötigte Pakete installieren
add-apt-repository ppa:freifunk-mwu/freifunk-ppa echo "deb http://repo.universe-factory.net/debian/ sid main" > /etc/apt/sources.list.d/freifunk.list apt-key adv --keyserver keyserver.ubuntu.com --recv 16EF3F64CB201D9C aptitude update aptitude remove bind9 aptitude install conntrack dnsmasq isc-dhcp-relay bridge-utils batctl fastd batman-adv-dkms openvpn tinc vnstat vnstati
Test ob modprobe batman-adv eine Fehler ergibt, dann gibt es Probleme mit dem Kernel.
Routing aktivieren
/etc/sysctl.conf
net.ipv4.ip_forward=1 net.ipv6.conf.all.forwarding=1 net.netfilter.nf_conntrack_max = 500000
sysctl -p /etc/sysctl.conf
Policyrouting vorbereiten
/etc/iproute2/rt_tables
70 stuttgart 50 othergw
Interfaces einrichten (IPs und Mac/hwaddress anpassen!!!)
/etc/network/interfaces
auto eth1 iface eth1 inet6 manual hwaddress 02:00:36:03:08:01 auto br0 iface br0 inet static hwaddress 02:00:39:03:08:01 address 10.190.128.81 netmask 255.255.192.0 pre-up /sbin/brctl addbr $IFACE up /sbin/ip address add fd21:b4dc:4b03::a38:0801/64 dev $IFACE post-down /sbin/brctl delbr $IFACE # be sure all incoming traffic is handled by the appropriate rt_table post-up /sbin/ip rule add iif $IFACE table stuttgart priority 7000 pre-down /sbin/ip rule del iif $IFACE table stuttgart priority 7000 # default route is unreachable post-up /sbin/ip route add unreachable default table stuttgart post-down /sbin/ip route del unreachable default table stuttgart # ULA route mz for rt_table stuttgart post-up /sbin/ip -6 route add fd21:b4dc:4b03::/64 proto static dev $IFACE table stuttgar post-down /sbin/ip -6 route del fd21:b4dc:4b03::/64 proto static dev $IFACE table stuttgar allow-hotplug vpn0 iface vpn0 inet6 manual hwaddress 02:00:38:03:08:01 pre-up /sbin/modprobe batman-adv post-up /usr/sbin/batctl -m bat0 if add $IFACE post-up /usr/sbin/batctl -m bat0 if add eth1 post-up /sbin/ip link set dev bat0 up allow-hotplug bat0 iface bat0 inet6 manual pre-up /sbin/modprobe batman-adv post-up /sbin/brctl addif br0 $IFACE post-up /usr/sbin/batctl -m $IFACE it 10000 post-up /usr/sbin/batctl -m $IFACE gw server 50mbit/10mbit pre-down /sbin/brctl delif br0 $IFACE
VPN/Fastd einrichten
mkdir -p /etc/fastd/vpn0/peers cd /etc/fastd/vpn0/peers wget https://raw.githubusercontent.com/freifunk-stuttgart/peers-ffs/master/vpn03/peers/gw08 fastd --generate-key > /etc/fastd/vpn0/gateway.key echo -n "key" >/etc/fastd/vpn0/gateway.pub cat /etc/fastd/vpn0/gateway.key | tail -1 | awk '{print " \""$2"\";"}' >>/etc/fastd/vpn0/gateway.pub echo -n "secret" >/etc/fastd/vpn0/secret.conf cat /etc/fastd/vpn0/gateway.key | head -1 | awk '{print " \""$2"\";"}' >>/etc/fastd/vpn0/secret.conf cat /etc/fastd/vpn0/secret.conf
Ergebis sollte eine Zeile sein die so aussieht:
secret "1234567890123456789012345678901234567890123456789012345678901234";
VPN/Fastd einrichten
/etc/fastd/vpn0/fastd.conf
interface "vpn0"; method "salsa2012+umac"; # new method (faster) mtu 1406; include "secret.conf"; include peers from "peers";
Key generieren, alternativ vorhandenen nehmen
dnsmasq konfigurieren
/etc/dnsmasq.d/allgemein
interface=br05 interface=bat05 interface=vpn05 bind-interfaces log-facility=/var/log/dnsmasq.log
/etc/dnsmasq.d/dhcp (IPs anpassen!!!)
dhcp-authoritative #log-dhcp domain=freifunk-stuttgart.de dhcp-range=set:ffs05,10.191.48.21,10.191.55.253,255.255.192.0,5m dhcp-option=tag:ffs05,3,10.191.48.1 dhcp-option=tag:ffs05,option:dns-server,10.191.48.1,10.191.56.1 dhcp-option=tag:ffs05,option:ntp-server,10.191.48.1 dhcp-range=set:ffs05v6,::,constructor:br05,slaac,ra-only,5m dhcp-option=tag:ffs05v6,option6:dns-server,fd21:b4dc:4b05::a38:57 enable-ra ra-param=br05,low,60,0
/etc/dnsmasq.d/dns
no-resolv no-hosts cache-size=4096 #log-queries # .ffs/ffstg.de Weiterleitung server=/ffs/172.21.2.60 server=/ffstg.de/51.254.139.175 # Forward DNS requests via wan-vpn server=85.214.20.141 #@tun0 # FoeBud server=213.73.91.35 #@tun0 # dnscache.berlin.ccc.de server=141.1.1.1 #@tun0 # server=8.8.8.8 #@tun0 # Google server=8.8.4.4 #@tun0 # Google
Openvpn Berlin (anderer Anbieter wie CyberGhost)
/etc/openvpn/freifunk.conf
# Datei von Berlin (xxxxxxx-udp.ovpn) rein kopieren oder umbenennen # folgende Zeilen am Anfang hinzufügen route-noexec script-security 2 up "openvpn-up" down "openvpn-down"
/etc/openvpn/openvpn-up
#!/bin/sh ip rule add from $ifconfig_local table stuttgart priority 9970 # Routen kopieren von Tabelle main ip route show table main | grep -v ^default | while read ROUTE ; do ip route add table stuttgart $ROUTE ; done # default route in table stuttgart ip route add 0.0.0.0/1 via $route_vpn_gateway dev $dev table stuttgart ip route add 128.0.0.0/1 via $route_vpn_gateway dev $dev table stuttgart # NAT aktivieren (2 Moeglichkeiten), wird benötigt wenn NICHT Berlin #iptables -t nat -A POSTROUTING -o $dev -j MASQUERADE #iptables -t nat -A POSTROUTING -o $dev -j SNAT --to-source $ifconfig_local #sysctl -w net.netfilter.nf_conntrack_max=500000 exit 0
/etc/openvpn/openvpn-down
#!/bin/sh ip rule del from $ifconfig_local table stuttgart priority 9970 # NAT deaktivieren, wird benötigt wenn NICHT Berlin #iptables -t nat -D POSTROUTING -o $dev -j MASQUERADE #iptables -t nat -D POSTROUTING -o $dev -j SNAT --to-source $ifconfig_local exit 0
chmod +x /etc/openvpn/openvpn-*
reboot
gw setup howto