Merge pull request #3 from rojoka/master

Update
This commit is contained in:
stebifan 2016-01-10 12:46:39 +01:00
commit 6ec93b7499
17 changed files with 767 additions and 139 deletions

View File

@ -0,0 +1,84 @@
/*
* This is an example configuration file.
*/
# Yes, even shell-like comments work...
# Configure logging
#log syslog { debug, trace, info, remote, warning, error, auth, fatal, bug };
#log stderr all;
#log "tmp" all;
#log syslog all;
#debug protocols all;
# Override router ID
router id 10.188.255.5;
protocol direct {
interface "*";
};
protocol kernel {
device routes;
import all;
export all;
kernel table 42;
};
protocol device {
scan time 8;
};
function is_default() {
return (net ~ [0.0.0.0/0]);
};
# own network
function is_self_net() {
return (net ~ [ 10.188.0.0/16+ ]);
}
# freifunk ip ranges in general
function is_freifunk() {
return net ~ [ 10.0.0.0/8+,
104.0.0.0/8+
];
}
filter hostroute {
if net ~ 185.66.193.105/32 then accept;
reject;
};
# Uplink über ff Rheinland
template bgp uplink {
local as 65066;
import where is_default();
export filter hostroute;
next hop self;
multihop 64;
default bgp_local_pref 200;
};
protocol bgp ffrl_bb_a_ak_ber from uplink {
source address 100.64.2.151;
neighbor 100.64.2.150 as 201701;
};
protocol bgp ffrl_bb_b_ak_ber from uplink {
source address 100.64.2.153;
neighbor 100.64.2.152 as 201701;
};
protocol bgp ffrl_bb_a_ix_dus from uplink {
source address 100.64.2.155;
neighbor 100.64.2.154 as 201701;
};
protocol bgp ffrl_bb_b_ix_dus from uplink {
source address 100.64.2.157;
neighbor 100.64.2.156 as 201701;
};

View File

@ -0,0 +1,84 @@
/*
* This is an example configuration file.
*/
# Yes, even shell-like comments work...
# Configure logging
#log syslog { debug, trace, info, remote, warning, error, auth, fatal, bug };
#log stderr all;
#log "tmp" all;
#log syslog all;
#debug protocols all;
# Override router ID
router id 10.188.255.6;
protocol direct {
interface "*";
};
protocol kernel {
device routes;
import all;
export all;
kernel table 42;
};
protocol device {
scan time 8;
};
function is_default() {
return (net ~ [0.0.0.0/0]);
};
# own network
function is_self_net() {
return (net ~ [ 10.188.0.0/16+ ]);
}
# freifunk ip ranges in general
function is_freifunk() {
return net ~ [ 10.0.0.0/8+,
104.0.0.0/8+
];
}
filter hostroute {
if net ~ 185.66.193.106/32 then accept;
reject;
};
# Uplink über ff Rheinland
template bgp uplink {
local as 65066;
import where is_default();
export filter hostroute;
next hop self;
multihop 64;
default bgp_local_pref 200;
};
protocol bgp ffrl_bb_a_ak_ber from uplink {
source address 100.64.2.159;
neighbor 100.64.2.158 as 201701;
};
protocol bgp ffrl_bb_b_ak_ber from uplink {
source address 100.64.2.161;
neighbor 100.64.2.160 as 201701;
};
protocol bgp ffrl_bb_a_ix_dus from uplink {
source address 100.64.2.163;
neighbor 100.64.2.162 as 201701;
};
protocol bgp ffrl_bb_b_ix_dus from uplink {
source address 100.64.2.165;
neighbor 100.64.2.164 as 201701;
};

View File

@ -0,0 +1,82 @@
# Configure logging
#log syslog { debug, trace, info, remote, warning, error, auth, fatal, bug };
#log stderr all;
#log "tmp" all;
#log syslog all;
#debug protocols all;
# Override router ID
router id 10.188.255.5;
protocol direct {
# interface "*"; # Restrict network interfaces it works with
# interface "bat0", "gre-*", "eth*", "lo"; # Restrict network interfaces it works with
interface "bat0", "gre-*", "lo"; # Restrict network interfaces it works with
}
protocol kernel {
device routes;
import all;
export all; # Default is export none
kernel table 42; # Kernel table to synchronize with (default: main)
}
protocol device {
scan time 10; # Scan interfaces every 10 seconds
}
function is_default() {
return (net ~ [::/0]);
}
# own networks
function is_self_net() {
return net ~ [ fda0:747e:ab29:7405::/64+ ];
}
# freifunk ip ranges in general
function is_freifunk() {
return net ~ [ fc00::/7{48,64},
2001:bf7::/32+];
}
filter hostroute {
if net ~ 2a03:2260:121::/48 then accept;
reject;
}
# Uplink zum FF Rheinland
template bgp uplink {
local as 65066;
import where is_default();
export filter hostroute;
gateway recursive;
}
protocol bgp ffrl_bb_a_ak_ber from uplink {
source address 2a03:2260:0:155::2;
neighbor 2a03:2260:0:155::1 as 201701;
}
protocol bgp ffrl_bb_b_ak_ber from uplink {
source address 2a03:2260:0:156::2;
neighbor 2a03:2260:0:156::1 as 201701;
}
protocol bgp ffrl_bb_a_ix_dus from uplink {
source address 2a03:2260:0:157::2;
neighbor 2a03:2260:0:157::1 as 201701;
}
protocol bgp ffrl_bb_b_ix_dus from uplink {
source address 2a03:2260:0:158::2;
neighbor 2a03:2260:0:158::1 as 201701;
}

View File

@ -0,0 +1,82 @@
# Configure logging
#log syslog { debug, trace, info, remote, warning, error, auth, fatal, bug };
#log stderr all;
#log "tmp" all;
#log syslog all;
#debug protocols all;
# Override router ID
router id 10.188.255.6;
protocol direct {
# interface "*"; # Restrict network interfaces it works with
# interface "bat0", "gre-*", "eth*", "lo"; # Restrict network interfaces it works with
interface "bat0", "gre-*", "lo"; # Restrict network interfaces it works with
}
protocol kernel {
device routes;
import all;
export all; # Default is export none
kernel table 42; # Kernel table to synchronize with (default: main)
}
protocol device {
scan time 10; # Scan interfaces every 10 seconds
}
function is_default() {
return (net ~ [::/0]);
}
# own networks
function is_self_net() {
return net ~ [ fda0:747e:ab29:7405::/64+ ];
}
# freifunk ip ranges in general
function is_freifunk() {
return net ~ [ fc00::/7{48,64},
2001:bf7::/32+];
}
filter hostroute {
if net ~ 2a03:2260:121::/48 then accept;
reject;
}
# Uplink zum FF Rheinland
template bgp uplink {
local as 65066;
import where is_default();
export filter hostroute;
gateway recursive;
}
protocol bgp ffrl_bb_a_ak_ber from uplink {
source address 2a03:2260:0:159::2;
neighbor 2a03:2260:0:159::1 as 201701;
}
protocol bgp ffrl_bb_b_ak_ber from uplink {
source address 2a03:2260:0:15a::2;
neighbor 2a03:2260:0:15a::1 as 201701;
}
protocol bgp ffrl_bb_a_ix_dus from uplink {
source address a03:2260:0:15b::2;
neighbor 2a03:2260:0:15b::1 as 201701;
}
protocol bgp ffrl_bb_b_ix_dus from uplink {
source address 2a03:2260:0:15c::2;
neighbor 2a03:2260:0:15c::1 as 201701;
}

View File

@ -26,7 +26,7 @@ LoadPlugin processes
LoadPlugin users LoadPlugin users
LoadPlugin uptime LoadPlugin uptime
LoadPlugin interface LoadPlugin interface
LoadPugin filecount LoadPlugin filecount
<Plugin "filecount"> <Plugin "filecount">
<Directory "/opt/freifunk/tunneldigger_interfaces"> <Directory "/opt/freifunk/tunneldigger_interfaces">
Instance "tunneldigger-connections" Instance "tunneldigger-connections"

View File

@ -1,4 +1,4 @@
# Version 1.2 # Version 1.3
ddns-update-style none; ddns-update-style none;
option domain-name "fftdf"; option domain-name "fftdf";
default-lease-time 300; default-lease-time 300;
@ -7,8 +7,9 @@ log-facility local7;
subnet 10.188.0.0 netmask 255.255.0.0 { subnet 10.188.0.0 netmask 255.255.0.0 {
authoritative; authoritative;
range {{ sn_dhcp_range }}; range {{ sn_dhcp_range }};
option domain-name-servers {{ sn_mesh_IPv4 }}, {{ sn_dhcp_dns }}; option domain-name-servers {{ sn_mesh_IPv4 }}, {{ sn_dhcp_dns_v4 }};
option routers {{ sn_dhcp_router }}; option routers {{ sn_mesh_IPv4 }};
option interface-mtu {{ sn_mtu }};
interface bat0; interface bat0;
} }
include "/opt/freifunk/static-dhcp/static.conf"; include "/opt/freifunk/static-dhcp/static.conf";

22
files/dhcpd6.conf.j2 Normal file
View File

@ -0,0 +1,22 @@
# Enable RFC 5007 support (same than for DHCPv4)
allow leasequery;
authoritative;
default-lease-time 300;
max-lease-time 600;
#option dhcp6.name-servers {{ sn_mesh_IPv6 }};
option dhcp6.name-servers {{ sn_mesh_IPv6 }}, {{ sn_dhcp_dns_v6 }};
option dhcp6.domain-search "fftdf";
subnet6 2a03:2260:121::/64 {
#
# # Range for clients
# range6 2a03:2260:121::201 2a03:2260:121::ffff;
#
# # Range for clients requesting a temporary address
# range6 2a03:2260:121::/64 temporary;
}

View File

@ -1,57 +0,0 @@
#!/bin/sh
# Server name ending must be a single digit number
communityname="troisdorf"
server="troisdorf0 {{ sn_hostname }}"
domain="freifunk-troisdorf.de"
mtu={{ sn_mtu }}
# community MAC address, without the last Byte (:)!
communitymacaddress="a2:8c:ae:6f:f6"
# Network part of the network, without the trailing dot
communitynetwork="10.188"
# IPv6 network
communitynetworkv6="fda0:747e:ab29:7405:255::"
# Third octet from the server range
octet3rd="255"
# CIDR muss /16 sein
localserver=$(/bin/hostname)
# files
batadv=/usr/local/sbin/batadv-vis
alfred=/usr/local/sbin/alfred
batctl=/usr/local/sbin/batctl
for i in $server; do
(
for j in $server; do
if [ $i != $j ]; then
if [ $i = $(/bin/hostname) ]; then
/sbin/ip link add $j type gretap local $(/bin/hostname -I | /usr/bin/cut -f1 -d' ') remote $(/usr/bin/dig +short $j.$domain) dev eth0 nopmtudisc
# /sbin/ip link add $j type gretap local $(/bin/hostname -I | /usr/bin/cut -f1 -d' ') remote $(/usr/bin/dig +short $j.$domain) dev eth0
/sbin/ip link set dev $j mtu $mtu
# /sbin/ip link set address $communitymacaddress:${i#$communityname}${j#$communityname} dev $j
# /sbin/ip link set address $communitymacaddress$:0${localserver#$communityname} dev $j
/sbin/ip link set address $communitymacaddress$:${localserver#$communityname}0 dev $j
/sbin/ip link set $j up
$batctl if add $j
fi
fi
done
)
done
# configure bat0
/sbin/ip link set address $communitymacaddress$:0${localserver#$communityname} dev bat0
/sbin/ip link set up dev bat0
/sbin/ip addr add $communitynetwork.$octet3rd.${localserver#$communityname}/16 broadcast $communitynetwork.255.255 dev bat0
/sbin/ip -6 addr add fda0:747e:ab29:7405:255::${localserver#$communityname}/64 dev bat0
/usr/bin/killall alfred
/usr/bin/killall batadv-vis
/bin/sleep 5
$alfred -i bat0 > /dev/null 2>&1 &
/bin/sleep 15
$batadv -i bat0 -s > /dev/null 2>&1 &
/usr/sbin/service bind9 restart

View File

@ -0,0 +1,80 @@
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
source /etc/network/interfaces.d/*
# The loopback network interface
auto lo
iface lo inet loopback
up ip address add 185.66.193.105/32 dev lo
iface lo inet6 loopback
up ip address add 2a03:2260:121::105/48 dev lo
# The primary network interface
allow-hotplug eth0
iface eth0 inet dhcp
iface eth0 inet6 static
address 2a01:4f8:c17:173b::2
netmask 64
gateway fe80::1
# GRE Tunnel zum Rheinland Backbone
# - Die Konfigurationsdaten werden vom Rheinland Backbone vergeben und zugewiesen
# Berlin Router A
auto gre-bb-a.ak.ber
iface gre-bb-a.ak.ber inet static
address 100.64.2.151
netmask 255.255.255.254
pre-up ip tunnel add $IFACE mode gre local 172.31.1.100 remote 185.66.195.0 ttl 255
post-up ip link set $IFACE mtu 1400
post-down ip tunnel del $IFACE
iface gre-bb-a.ak.ber inet6 static
address 2a03:2260:0:155::2/64
netmask 64
# Berlin Router B
auto gre-bb-b.ak.ber
iface gre-bb-b.ak.ber inet static
address 100.64.2.153
netmask 255.255.255.254
pre-up ip tunnel add $IFACE mode gre local 172.31.1.100 remote 185.66.195.1 ttl 255
post-up ip link set $IFACE mtu 1400
post-down ip tunnel del $IFACE
iface gre-bb-b.ak.ber inet6 static
address 2a03:2260:0:156::2/64
netmask 64
# Duesseldorf Router A
auto gre-bb-a.ix.dus
iface gre-bb-a.ix.dus inet static
address 100.64.2.155
netmask 255.255.255.254
pre-up ip tunnel add $IFACE mode gre local 172.31.1.100 remote 185.66.193.0 ttl 255
post-up ip link set $IFACE mtu 1400
post-down ip tunnel del $IFACE
iface gre-bb-a.ix.dus inet6 static
address 2a03:2260:0:157::2/64
netmask 64
# Duesseldorf Router B
auto gre-bb-b.ix.dus
iface gre-bb-b.ix.dus inet static
address 100.64.2.157
netmask 255.255.255.254
pre-up ip tunnel add $IFACE mode gre local 172.31.1.100 remote 185.66.193.1 ttl 255
post-up ip link set $IFACE mtu 1400
post-down ip tunnel del $IFACE
iface gre-bb-b.ix.dus inet6 static
address 2a03:2260:0:158::2/64
netmask 64

View File

@ -0,0 +1,85 @@
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
source /etc/network/interfaces.d/*
# The loopback network interface
auto lo
iface lo inet loopback
up ip address add 185.66.193.106/32 dev lo
iface lo inet6 loopback
up ip address add 2a03:2260:121::106/48 dev lo
# The primary network interface
allow-hotplug eth0
#iface eth0 inet dhcp
iface eth0 inet static
address 46.4.138.189
netmask 255.255.255.192
gateway 46.4.138.129
dns-nameserver 213.133.100.100 213.133.99.99 213.133.98.98
iface eth0 inet6 static
address 2a01:4f8:11d:600::189
netmask 59
gateway 2a01:4f8:11d:600::1
# GRE Tunnel zum Rheinland Backbone
# - Die Konfigurationsdaten werden vom Rheinland Backbone vergeben und zugewiesen
# Berlin Router A
auto gre-bb-a.ak.ber
iface gre-bb-a.ak.ber inet static
address 100.64.2.159
netmask 255.255.255.254
pre-up ip tunnel add $IFACE mode gre local 46.4.138.189 remote 185.66.195.0 ttl 255
post-up ip link set $IFACE mtu 1400
post-down ip tunnel del $IFACE
iface gre-bb-a.ak.ber inet6 static
address 2a03:2260:0:159::2/64
netmask 64
# Berlin Router B
auto gre-bb-b.ak.ber
iface gre-bb-b.ak.ber inet static
address 100.64.2.161
netmask 255.255.255.254
pre-up ip tunnel add $IFACE mode gre local 46.4.138.189 remote 185.66.195.1 ttl 255
post-up ip link set $IFACE mtu 1400
post-down ip tunnel del $IFACE
iface gre-bb-b.ak.ber inet6 static
address 2a03:2260:0:15a::2/64
netmask 64
# Duesseldorf Router A
auto gre-bb-a.ix.dus
iface gre-bb-a.ix.dus inet static
address 100.64.2.163
netmask 255.255.255.254
pre-up ip tunnel add $IFACE mode gre local 46.4.138.189 remote 185.66.193.0 ttl 255
post-up ip link set $IFACE mtu 1400
post-down ip tunnel del $IFACE
iface gre-bb-a.ix.dus inet6 static
address 2a03:2260:0:15b::2/64
netmask 64
# Duesseldorf Router B
auto gre-bb-b.ix.dus
iface gre-bb-b.ix.dus inet static
address 100.64.2.165
netmask 255.255.255.254
pre-up ip tunnel add $IFACE mode gre local 46.4.138.189 remote 185.66.193.1 ttl 255
post-up ip link set $IFACE mtu 1400
post-down ip tunnel del $IFACE
iface gre-bb-b.ix.dus inet6 static
address 2a03:2260:0:15c::2/64
netmask 64

View File

@ -1,50 +1,51 @@
#!/bin/bash #!/bin/bash
INTERFACE=eth0 # Set to name of VPN interface # Version 1.5
shopt -s nullglob # Parameter setzen
GATEWAY1ext=185.66.193.105
GATEWAY2ext=185.66.193.106
GATEWAY1=10.188.255.5
GATEWAY2=10.188.255.6
GATEWAY1v6=2a03:2260:121::255:5
GATEWAY2v6=2a03:2260:121::255:6
IP=/sbin/ip
PING=/bin/ping
BATCTL=/usr/local/sbin/batctl
# Test whether gateway is connected to the outer world via VPN #if [ "hostname = troisdorf1 | troisdorf2" ]
ping -q -I $INTERFACE 8.8.8.8 -c 4 -i 1 -W 5 >/dev/null 2>&1 if [ $(hostname) = "troisdorf1" ] || [ $(hostname) = "troisdorf2" ]
then
if test $? -eq 0; then DEFAULT_GATEWAY=$GATEWAY1
NEW_STATE=server DEFAULT_GATEWAYext=$GATEWAY1ext
FALLBACK_GATEWAY=$GATEWAY2
FALLBACK_GATEWAYext=$GATEWAY2ext
DEFAULT_GATEWAYv6=$GATEWAY1v6
FALLBACK_GATEWAYv6=$GATEWAY2v6
else else
NEW_STATE=off DEFAULT_GATEWAY=$GATEWAY2
DEFAULT_GATEWAYext=$GATEWAY2ext
FALLBACK_GATEWAY=$GATEWAY1
FALLBACK_GATEWAY=$GATEWAY1ext
DEFAULT_GATEWAYv6=$GATEWAY2v6
FALLBACK_GATEWAYv6=$GATEWAY1v6
fi fi
# Iterate through network interfaces in sys file system if $PING -c 1 $DEFAULT_GATEWAYext
for MESH in /sys/class/net/*/mesh; do
# Check whether gateway modus needs to be changed
OLD_STATE="$(cat $MESH/gw_mode)"
[ "$OLD_STATE" == "$NEW_STATE" ] && continue
echo $NEW_STATE > $MESH/gw_mode
echo 92MBit/92MBit > $MESH/gw_bandwidth
logger "batman gateway mode changed to $NEW_STATE"
# Check whether gateway modus has been deactivated
if [ "$NEW_STATE" == "off" ]; then
# Shutdown DHCP server to prevent renewal of leases
/usr/sbin/service isc-dhcp-server stop
fi
# Check whether gateway modus has been activated
if [ "$NEW_STATE" == "server" ]; then
# Restart DHCP server
/usr/sbin/service isc-dhcp-server start
fi
exit 0
done
if [ "$NEW_STATE" == "server" ]; then
/usr/sbin/service isc-dhcp-server status 2>&1> /dev/null
if $? -ne 0
then then
/usr/sbin/service isc-dhcp-server restart $IP route replace default via $DEFAULT_GATEWAY table 42
fi $IP -6 route replace default via $DEFAULT_GATEWAYv6 table 42
fi $BATCTL gw server 100Mbit/100Mbit
if [ "$NEW_STATE" == "off" ]; then echo "Gateway erreichbar"
/usr/sbin/service isc-dhcp-server status 2>&1> /dev/null else
if $? -eq 0 if $PING -c 1 $FALLBACK_GATEWAYext
then then
/usr/sbin/service isc-dhcp-server stop $IP route replace default via $FALLBACK_GATEWAY table 42
$IP -6 route replace default via $FALLBACK_GATEWAYv6 table 42
$BATCTL gw server 80Mbit/80Mbit
echo "Nun FALLBACK_GATEWAY"
else
$BATCTL gw off
#Kein Gateway erreichbar, batctl gw off
fi fi
fi fi

View File

@ -0,0 +1,58 @@
#!/bin/sh
# Version 6
# Der servername muss mit einer einstelligen Zahl aufhoeren!!!!!
communityname="troisdorf"
#server="troisdorf1 troisdorf2 troisdorf3 troisdorf4 troisdorf5 troisdorf6 troisdorf7 troisdorf8 troisdorf9"
server="troisdorf7 {{ sn_hostname }}"
domain="freifunk-troisdorf.de"
mtu={{ sn_mtu }}
# community MAC address, without the last Byte (:)!
communitymacaddress="a2:8c:ae:6f:f6"
tunnelPrefix=10
sessionPrefix=1
# Netzwerkteil des Netzes, ohne abschliessenden Punkt
communitynetwork="10.188"
# IPv6 network
#communitynetworkv6="fda0:747e:ab29:7405:255::"
communitynetworkv6="2a03:2260:121::"
# Drittes Octet des serverbereichs
octet3rd="255"
# CIDR muss /16 sein
localserver=$(/bin/hostname)
batadv=/usr/local/sbin/batadv-vis
alfred=/usr/local/sbin/alfred
batctl=/usr/local/sbin/batctl
ip=/sbin/ip
dig=/usr/bin/dig
for i in $server; do
(
for j in $server; do
if [ $i != $j ]; then
if [ $i = $localserver ]; then
ip l2tp add tunnel remote $($dig +short $j.$domain) local $(/bin/hostname -I | /usr/bin/cut -f1 -d' ') tunnel_id $tunnelPrefix${i#$communityname}${j#$communityname} peer_tunnel_id $tunnelPrefix${j#$communityname}${i#$communityname} encap udp udp_sport 300${i#$communityname}${j#$communityname} udp_dport 300${j#$communityname}${i#$communityname}
ip l2tp add session name l2tp-$j tunnel_id $tunnelPrefix${i#$communityname}${j#$communityname} session_id $sessionPrefix${i#$communityname}${j#$communityname} peer_session_id $sessionPrefix${j#$communityname}${i#$communityname}
#ip link set address $communitymacaddress:${i#$communityname}${j#$communityname} dev l2tp-$j
ip link set dev l2tp-$j mtu $mtu
ip link set up l2tp-$j
$batctl if add l2tp-$j
fi
fi
done
)
done
# Rest starten
$ip link set address $communitymacaddress:0${localserver#$communityname} dev bat0
$ip link set up dev bat0
$ip addr add $communitynetwork.$octet3rd.${localserver#$communityname}/16 broadcast $communitynetwork.255.255 dev bat0
$ip -6 addr add $communitynetworkv6$octet3rd:${localserver#$communityname}/64 dev bat0
/usr/bin/killall alfred
/usr/bin/killall batadv-vis
/bin/sleep 5
$alfred -i bat0 > /dev/null 2>&1 &
/bin/sleep 15
$batadv -i bat0 -s > /dev/null 2>&1 &
/usr/sbin/service bind9 restart
/usr/local/sbin/batctl gw client 3

View File

@ -1,9 +1,9 @@
#!/bin/sh #!/bin/sh
# Version 5 # Version 6
# Der servername muss mit einer einstelligen Zahl aufhoeren!!!!! # Der servername muss mit einer einstelligen Zahl aufhoeren!!!!!
communityname="troisdorf" communityname="troisdorf"
server="troisdorf1 troisdorf2 troisdorf3 troisdorf4 troisdorf5 troisdorf6 troisdorf7 troisdorf8 troisdorf9" server="troisdorf1 troisdorf2 troisdorf3 troisdorf4 troisdorf5 troisdorf6 troisdorf7 troisdorf8 troisdorf9"
#server="troisdorf0 {{ sn_hostname }}" #server="troisdorf7 {{ sn_hostname }}"
domain="freifunk-troisdorf.de" domain="freifunk-troisdorf.de"
mtu={{ sn_mtu }} mtu={{ sn_mtu }}
# community MAC address, without the last Byte (:)! # community MAC address, without the last Byte (:)!
@ -13,7 +13,8 @@ sessionPrefix=1
# Netzwerkteil des Netzes, ohne abschliessenden Punkt # Netzwerkteil des Netzes, ohne abschliessenden Punkt
communitynetwork="10.188" communitynetwork="10.188"
# IPv6 network # IPv6 network
communitynetworkv6="fda0:747e:ab29:7405:255::" #communitynetworkv6="fda0:747e:ab29:7405:255::"
communitynetworkv6="2a03:2260:121::"
# Drittes Octet des serverbereichs # Drittes Octet des serverbereichs
octet3rd="255" octet3rd="255"
# CIDR muss /16 sein # CIDR muss /16 sein
@ -46,7 +47,7 @@ $ip link set address $communitymacaddress:0${localserver#$communityname} dev bat
#$ip link set address $communitymacaddress:ff dev bat0 #$ip link set address $communitymacaddress:ff dev bat0
$ip link set up dev bat0 $ip link set up dev bat0
$ip addr add $communitynetwork.$octet3rd.${localserver#$communityname}/16 broadcast $communitynetwork.255.255 dev bat0 $ip addr add $communitynetwork.$octet3rd.${localserver#$communityname}/16 broadcast $communitynetwork.255.255 dev bat0
$ip -6 addr add $communitynetworkv6${localserver#$communityname}/64 dev bat0 $ip -6 addr add $communitynetworkv6$octet3rd:${localserver#$communityname}/64 dev bat0
/usr/bin/killall alfred /usr/bin/killall alfred
/usr/bin/killall batadv-vis /usr/bin/killall batadv-vis
@ -55,3 +56,4 @@ $alfred -i bat0 > /dev/null 2>&1 &
/bin/sleep 15 /bin/sleep 15
$batadv -i bat0 -s > /dev/null 2>&1 & $batadv -i bat0 -s > /dev/null 2>&1 &
/usr/sbin/service bind9 restart /usr/sbin/service bind9 restart
/usr/local/sbin/batctl gw server 100Mbit/100Mbit

View File

@ -3,7 +3,8 @@ interface bat0 {
IgnoreIfMissing on; IgnoreIfMissing on;
MaxRtrAdvInterval 200; MaxRtrAdvInterval 200;
RDNSS {{ sn_mesh_IPv6 }} {}; RDNSS {{ sn_mesh_IPv6 }} {};
prefix fda0:747e:ab29:7405::/64 { # prefix fda0:747e:ab29:7405::/64 {
prefix 2a03:2260:121::/64 {
AdvOnLink on; AdvOnLink on;
AdvAutonomous on; AdvAutonomous on;
AdvRouterAddr on; AdvRouterAddr on;

View File

@ -0,0 +1,68 @@
#!/bin/sh
curl -X POST --data-urlencode 'payload={"text": "{{ sn_hostname }} is rebooted", "channel": "#technik", "username": "{{ sn_hostname }}", "icon_emoji": ":floppy_disk:"}' https://hooks.slack.com/services/{{ slack_token }}
# Block RFC1918 and APIPA destination via WAN
/sbin/iptables -P OUTPUT ACCEPT
for i in 10.0.0.0/8 172.16.0.0/12 169.254.0.0/16 192.168.0.0/16; do
/sbin/iptables -A OUTPUT -o eth0 -d $i -j DROP
done
# Activate IP forwarding
/sbin/sysctl -w net.ipv6.conf.all.forwarding=1
/sbin/sysctl -w net.ipv4.ip_forward=1
# restart when kernel panic
/sbin/sysctl kernel.panic=1
# Routing table 42
/bin/grep 42 /etc/iproute2/rt_tables || /bin/echo 42 ffrl >> /etc/iproute2/rt_tables
# Set table for traffice with mark 4
/bin/ip rule add fwmark 0x4 table 42
/bin/ip -6 rule add fwmark 0x4 table 42
# Set mark 4 to Freifunk traffic
/sbin/iptables -t mangle -A PREROUTING -s 10.0.0.0/8 ! -d 10.0.0.0/8 -j MARK --set-mark 4
#/sbin/ip6tables -t mangle -A PREROUTING -s 2a03:2260:121::/48 ! -d 2a03:2260:121::/48 -j MARK --set-mark 4
/sbin/ip6tables -t mangle -A PREROUTING -s 2a03:2260:121::/64 ! -d 2a03:2260:121::/64 -j MARK --set-mark 4
# NAT on eth0
/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
# NAT on GRE Freifunk interface
#/sbin/iptables -t nat -A POSTROUTING -o gre-+ -j SNAT --to-source 185.66.193.105
/sbin/iptables -t nat -A POSTROUTING -o gre-+ -j SNAT --to-source {{ sn_ffrl_IPv4 }}
# MTU
/sbin/iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o gre-+ -j TCPMSS --set-mss 1312
/sbin/ip6tables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o gre-+ -j TCPMSS --set-mss 1312
# All from FF IPv4 via routing table 42
/bin/ip rule add from {{ sn_ffrl_IPv4 }}/32 lookup 42
/bin/ip -6 rule add from 2a03:2260:121::/64 lookup 42
# Allow MAC address spoofing
/sbin/sysctl net.ipv4.conf.bat0.rp_filter=0
sleep 5
# stop tunneldigger
/bin/systemctl disable tunneldigger
/bin/systemctl stop tunneldigger
# restart bird
/bin/systemctl start bird
/bin/systemctl start bird6
/bin/systemctl enable bird
/bin/systemctl enable bird6
# stop radvd
/bin/systemctl disable radvd
/bin/systemctl stop radvd
# restart DHCP
/bin/systemctl disable isc-dhcp-server
/bin/systemctl stop isc-dhcp-server
exit 0

View File

@ -2,17 +2,6 @@
curl -X POST --data-urlencode 'payload={"text": "{{ sn_hostname }} is rebooted", "channel": "#technik", "username": "{{ sn_hostname }}", "icon_emoji": ":floppy_disk:"}' https://hooks.slack.com/services/{{ slack_token }} curl -X POST --data-urlencode 'payload={"text": "{{ sn_hostname }} is rebooted", "channel": "#technik", "username": "{{ sn_hostname }}", "icon_emoji": ":floppy_disk:"}' https://hooks.slack.com/services/{{ slack_token }}
# Stop tunneldigger until bat0 is up
/usr/sbin/service tunneldigger stop
# Set unreachable for table 200
#/bin/ip route add unreachable 0.0.0.0/0 table iffy
#while ! ping -c 1 -W 1 {{ sn_iffy_traffic }}; do
# echo "Waiting for {{ sn_iffy_traffic }} - network interface might be down..."
# sleep 5
#done
# Block RFC1918 and APIPA destination via WAN # Block RFC1918 and APIPA destination via WAN
/sbin/iptables -P OUTPUT ACCEPT /sbin/iptables -P OUTPUT ACCEPT
for i in 10.0.0.0/8 172.16.0.0/12 169.254.0.0/16 192.168.0.0/16; do for i in 10.0.0.0/8 172.16.0.0/12 169.254.0.0/16 192.168.0.0/16; do
@ -22,36 +11,47 @@ done
# Activate IP forwarding # Activate IP forwarding
/sbin/sysctl -w net.ipv6.conf.all.forwarding=1 /sbin/sysctl -w net.ipv6.conf.all.forwarding=1
/sbin/sysctl -w net.ipv4.ip_forward=1 /sbin/sysctl -w net.ipv4.ip_forward=1
# restart when kernel panic
/sbin/sysctl kernel.panic=1 /sbin/sysctl kernel.panic=1
# Routing table 200 for traffic above port 1023 # Stop tunneldigger until bat0 is up
#/bin/grep 200 /etc/iproute2/rt_tables || /bin/echo 200 iffy >> /etc/iproute2/rt_tables /usr/sbin/service tunneldigger stop
# Routing table 42
/bin/grep 42 /etc/iproute2/rt_tables || /bin/echo 42 ffrl >> /etc/iproute2/rt_tables
# Set table for traffice with mark 4 # Set table for traffice with mark 4
#/bin/ip rule add fwmark 0x4 table iffy /bin/ip rule add fwmark 0x4 table 42
/bin/ip -6 rule add fwmark 0x4 table 42
# Set mark 4 to traffic above port 1023 # Set mark 4 to Freifunk traffic
#/sbin/iptables -t mangle -A PREROUTING -p tcp --dport 1024:65535 -s 10.0.0.0/8 ! -d 10.0.0.0/8 -j MARK --set-mark 4 /sbin/iptables -t mangle -A PREROUTING -s 10.0.0.0/8 ! -d 10.0.0.0/8 -j MARK --set-mark 4
#/sbin/iptables -t mangle -A PREROUTING -p udp --dport 1024:65535 -s 10.0.0.0/8 ! -d 10.0.0.0/8 -j MARK --set-mark 4 /sbin/ip6tables -t mangle -A PREROUTING -s 2a03:2260:121::/48 ! -d 2a03:2260:121::/48 -j MARK --set-mark 4
/sbin/ip6tables -t mangle -A PREROUTING -s 2a03:2260:121::/64 ! -d 2a03:2260:121::/64 -j MARK --set-mark 4
# NAT on eth0 # NAT on eth0
/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE /sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
# All from FF IPv4 via routing table 42
/bin/ip rule add from 185.66.193.104/30 lookup 42
/bin/ip -6 rule add from 2a03:2260:121::/64 lookup 42
# Allow MAC address spoofing # Allow MAC address spoofing
/sbin/sysctl net.ipv4.conf.bat0.rp_filter=0 /sbin/sysctl net.ipv4.conf.bat0.rp_filter=0
# Set gateway for table 200
#/bin/ip route replace default via {{ sn_iffy_traffic }} table iffy
sleep 5 sleep 5
# Start tunneldigger # Start tunneldigger
/usr/sbin/service tunneldigger restart /bin/systemctl restart tunneldigger
/bin/systemctl enable tunneldigger
# radvd restart # radvd restart
/usr/sbin/service radvd restart /bin/systemctl restart radvd
/bin/systemctl enable radvd
# restart DHCP # restart DHCP
/usr/sbin/service isc-dhcp-server restart /bin/systemctl restart isc-dhcp-server
/bin/systemctl enable isc-dhcp-server
exit 0 exit 0

View File

@ -9,7 +9,7 @@
user: root user: root
gather_facts: False gather_facts: False
vars: vars:
snversion: master_v1.9.3 snversion: master_v2.1
batmanversion: v2015.2 batmanversion: v2015.2
common_required_packages: common_required_packages:
- git - git
@ -62,6 +62,8 @@
- authorized_keys - authorized_keys
logrotate_config: logrotate_config:
- logrotate.conf - logrotate.conf
tunneld_stats_file:
- collectd_td_stat.sh
tasks: tasks:
@ -95,12 +97,12 @@
poll: 0 poll: 0
ignore_errors: true ignore_errors: true
when: sethostname.changed when: sethostname.changed
- name: waiting for server to come back - name: waiting for server to come back (1st)
local_action: local_action:
wait_for wait_for
host={{ inventory_hostname }} host={{ inventory_hostname }}
port=22 port=22
delay=15 delay=20
timeout=300 timeout=300
when: hosts.changed when: hosts.changed
when: sethostname.changed when: sethostname.changed
@ -194,13 +196,24 @@
copy: src=./files/{{ item }} dest=/opt/freifunk owner=root group=root mode=0500 copy: src=./files/{{ item }} dest=/opt/freifunk owner=root group=root mode=0500
with_items: check_gw_script with_items: check_gw_script
register: check_gw register: check_gw
when: sn_exit is undefined
- name: Add cron job with check gateway script - name: Add cron job with check gateway script
cron: name=check_gw job="/opt/freifunk/keepalive.sh > /dev/null 2>&1" user="root" cron: name=check_gw job="/opt/freifunk/keepalive.sh > /dev/null 2>&1" user="root"
when: check_gw.changed when: check_gw.changed
- name: Tunneldigger stats
copy: src=./files/{{ item }} dest=/opt/freifunk owner=root group=root mode=0500
with_items: tunneld_stats_file
register: tunneld_stats
when: sn_exit is undefined
- name: Add cron job tunneldigger stats
cron: name=tunneld_stats job="/opt/freifunk/collectd_td_stat.sh > /dev/null 2>&1" user="root"
when: tunneld_stats.changed
- name: Copy dhcpd template file - name: Copy dhcpd template file
template: src=./files/dhcpd.conf.j2 dest=/etc/dhcp/dhcpd.conf owner=root group=root mode=0444 template: src=./files/dhcpd.conf.j2 dest=/etc/dhcp/dhcpd.conf owner=root group=root mode=0444
register: dhcpd register: dhcpd
- name: Clone static DHCP config - name: Clone static DHCP config
git: repo=https://github.com/Freifunk-Troisdorf/static-dhcp git: repo=https://github.com/Freifunk-Troisdorf/static-dhcp
dest=/opt/freifunk/static-dhcp dest=/opt/freifunk/static-dhcp
@ -208,7 +221,6 @@
- name: Add cron static DHCP - name: Add cron static DHCP
cron: name=StaticDHCP minute="*" job="/opt/freifunk/static-dhcp/dhcp-update.sh" cron: name=StaticDHCP minute="*" job="/opt/freifunk/static-dhcp/dhcp-update.sh"
when: dhcpd.changed when: dhcpd.changed
- name: Restart dhcpd - name: Restart dhcpd
service: name=isc-dhcp-server state=restarted service: name=isc-dhcp-server state=restarted
when: dhcpd.changed when: dhcpd.changed
@ -217,8 +229,14 @@
cron: name=backbone special_time=reboot job="/opt/freifunk/l2tp_backbone.sh" cron: name=backbone special_time=reboot job="/opt/freifunk/l2tp_backbone.sh"
- name: Add cron startup script - name: Add cron startup script
cron: name=startup special_time=reboot job="/opt/freifunk/sn_startup.sh" cron: name=startup special_time=reboot job="/opt/freifunk/sn_startup.sh"
- name: Copy backbone script - name: Copy backbone script
template: src=./files/l2tp_backbone.sh.j2 dest=/opt/freifunk/l2tp_backbone.sh owner=root group=root mode=0544 template: src=./files/l2tp_backbone.sh.j2 dest=/opt/freifunk/l2tp_backbone.sh owner=root group=root mode=0544
when: sn_exit is undefined
- name: Copy backbone script
template: src=./files/l2tp_backbone.sh.exit.j2 dest=/opt/freifunk/l2tp_backbone.sh owner=root group=root mode=0544
when: sn_exit is defined
- name: Collectd template file - name: Collectd template file
template: src=./files/collectd.conf.j2 dest=/etc/collectd/collectd.conf owner=root group=root mode=0444 template: src=./files/collectd.conf.j2 dest=/etc/collectd/collectd.conf owner=root group=root mode=0444
register: collectd register: collectd
@ -227,6 +245,7 @@
when: collectd.changed when: collectd.changed
- name: configure startup script - name: configure startup script
template: src=./files/sn_startup.sh.j2 dest=/opt/freifunk/sn_startup.sh owner=root group=root mode=0500 template: src=./files/sn_startup.sh.j2 dest=/opt/freifunk/sn_startup.sh owner=root group=root mode=0500
when: sn_exit is undefined
- name: SSH authorized_keys - name: SSH authorized_keys
copy: src=./files/{{ item }} dest=/root/.ssh owner=root group=root mode=0400 copy: src=./files/{{ item }} dest=/root/.ssh owner=root group=root mode=0400
with_items: authorized_keys with_items: authorized_keys
@ -243,6 +262,22 @@
template: src=./files/alfred.sh.j2 dest=/opt/freifunk/alfred.sh owner=root group=root mode=0544 template: src=./files/alfred.sh.j2 dest=/opt/freifunk/alfred.sh owner=root group=root mode=0544
- name: Add cron job with alfred info script - name: Add cron job with alfred info script
cron: name=alfred_info job="/opt/freifunk/alfred.sh > /dev/null 2>&1" user="root" cron: name=alfred_info job="/opt/freifunk/alfred.sh > /dev/null 2>&1" user="root"
- name: Interface configuration with ffrl gre tunnel
copy: src=./files/interfaces-{{ sn_hostname }} dest=/etc/network/interfaces owner=root group=root mode=0544
when: sn_exit is defined
- name: Exit node startup script
template: src=./files/sn_startup.exit.sh.j2 dest=/opt/freifunk/sn_startup.sh owner=root group=root mode=0500
when: sn_exit is defined
- apt: update_cache=yes
- name: Install bird
apt: state=installed pkg=bird
when: sn_exit is defined
- name: Bird configuration
copy: src=./files/bird-{{ sn_hostname }}.conf dest=/etc/bird/bird.conf owner=bird group=bird mode=0444
when: sn_exit is defined
- name: Bird configuration
copy: src=./files/bird6-{{ sn_hostname }}.conf dest=/etc/bird/bird6.conf owner=bird group=bird mode=0444
when: sn_exit is defined
- name: Reboot the server finally - name: Reboot the server finally
shell: sleep 2 && shutdown -r now "Ansible updates triggered" shell: sleep 2 && shutdown -r now "Ansible updates triggered"
async: 1 async: 1
@ -256,7 +291,7 @@
wait_for wait_for
host={{ inventory_hostname }} host={{ inventory_hostname }}
port=22 port=22
delay=15 delay=20
timeout=300 timeout=300
when: tunneldigger.changed when: tunneldigger.changed
- name: Send notification message via Slack - name: Send notification message via Slack