Merge 57e6976ca9 into 6e11ce3510
This commit is contained in:
stebifan
commit
78c80dd7a8
@ -4,10 +4,10 @@ option domain-name "fftdf";
|
||||
default-lease-time 300;
|
||||
max-lease-time 3600;
|
||||
log-facility local7;
|
||||
subnet 10.188.0.0 netmask 255.255.0.0 {
|
||||
subnet {{ sn_mesh_IPv4_net }} netmask 255.255.224.0 {
|
||||
authoritative;
|
||||
range {{ sn_dhcp_range }};
|
||||
option domain-name-servers {{ sn_mesh_IPv4 }}, {{ sn_dhcp_dns_v4 }};
|
||||
option domain-name-servers {{ sn_mesh_IPv4 }};
|
||||
option routers {{ sn_mesh_IPv4 }};
|
||||
option interface-mtu {{ sn_mtu }};
|
||||
interface bat0;
|
||||
|
||||
@ -6,17 +6,10 @@ authoritative;
|
||||
default-lease-time 300;
|
||||
max-lease-time 600;
|
||||
|
||||
#option dhcp6.name-servers {{ sn_mesh_IPv6 }};
|
||||
option dhcp6.name-servers {{ sn_mesh_IPv6 }}, {{ sn_dhcp_dns_v6 }};
|
||||
option dhcp6.name-servers {{ sn_mesh_IPv6 }};
|
||||
|
||||
option dhcp6.domain-search "fftdf";
|
||||
|
||||
subnet6 2a03:2260:121::/64 {
|
||||
#
|
||||
# # Range for clients
|
||||
# range6 2a03:2260:121::201 2a03:2260:121::ffff;
|
||||
#
|
||||
# # Range for clients requesting a temporary address
|
||||
# range6 2a03:2260:121::/64 temporary;
|
||||
subnet6 {{ sn_mesh_IPv6_net }} {
|
||||
}
|
||||
|
||||
|
||||
22
files/fftdf/db.fftdf
Normal file
22
files/fftdf/db.fftdf
Normal file
@ -0,0 +1,22 @@
|
||||
;; db.fftdf
|
||||
;; Forwardlookupzone für .fftdf
|
||||
;;
|
||||
$TTL 600
|
||||
@ IN SOA fftdf. root.fftdf. (
|
||||
2015584543 ; Serial
|
||||
8H ; Refresh
|
||||
2H ; Retry
|
||||
4W ; Expire
|
||||
3H ) ; NX (TTL Negativ Cache)
|
||||
|
||||
@ IN NS {{ sn_hostname }}.infra.fftdf.
|
||||
IN A {{ sn_mesh_ipv4 }}
|
||||
IN AAAA {{ sn_mesh_ipv6 }}
|
||||
localhost IN A 127.0.0.1
|
||||
IN AAAA ::1
|
||||
nextnode IN A 10.188.0.1
|
||||
IN AAAA 2a03:2260:121::1
|
||||
;; Update Servers
|
||||
update1.infra IN AAAA 2a03:2260:121::22
|
||||
update2.infra IN AAAA 2a03:2260:121::23
|
||||
update3.infra IN AAAA 2a03:2260:121::24
|
||||
6
files/fftdf/fftdf.conf
Normal file
6
files/fftdf/fftdf.conf
Normal file
@ -0,0 +1,6 @@
|
||||
// Zone declarations for Freifunk Troisdorf
|
||||
|
||||
zone "fftdf" {
|
||||
type master;
|
||||
file "/etc/bind/fftdf/db.fftdf";
|
||||
};
|
||||
@ -1,5 +1,8 @@
|
||||
#!/bin/sh
|
||||
# Version 6
|
||||
# Version 8
|
||||
|
||||
sleep 120
|
||||
|
||||
# Der servername muss mit einer einstelligen Zahl aufhoeren!!!!!
|
||||
communityname="troisdorf"
|
||||
server="troisdorf1 troisdorf2 troisdorf3 troisdorf4 troisdorf5 troisdorf6 troisdorf7 troisdorf8 troisdorf9"
|
||||
@ -11,12 +14,12 @@ communitymacaddress="a2:8c:ae:6f:f6"
|
||||
tunnelPrefix=10
|
||||
sessionPrefix=1
|
||||
# Netzwerkteil des Netzes, ohne abschliessenden Punkt
|
||||
communitynetwork="10.188"
|
||||
#communitynetwork="10.188"
|
||||
# IPv6 network
|
||||
#communitynetworkv6="fda0:747e:ab29:7405:255::"
|
||||
communitynetworkv6="2a03:2260:121::"
|
||||
#communitynetworkv6="2a03:2260:121::"
|
||||
# Drittes Octet des serverbereichs
|
||||
octet3rd="255"
|
||||
#octet3rd="255"
|
||||
# CIDR muss /16 sein
|
||||
localserver=$(/bin/hostname)
|
||||
batadv=/usr/local/sbin/batadv-vis
|
||||
@ -24,30 +27,32 @@ batctl=/usr/local/sbin/batctl
|
||||
ip=/sbin/ip
|
||||
dig=/usr/bin/dig
|
||||
|
||||
for i in $server; do
|
||||
(
|
||||
for j in $server; do
|
||||
if [ $i != $j ]; then
|
||||
if [ $i = $localserver ]; then
|
||||
ip l2tp add tunnel remote $($dig +short $j.$domain) local $(/bin/hostname -I | /usr/bin/cut -f1 -d' ') tunnel_id $tunnelPrefix${i#$communityname}${j#$communityname} peer_tunnel_id $tunnelPrefix${j#$communityname}${i#$communityname} encap udp udp_sport 300${i#$communityname}${j#$communityname} udp_dport 300${j#$communityname}${i#$communityname}
|
||||
ip l2tp add session name l2tp-$j tunnel_id $tunnelPrefix${i#$communityname}${j#$communityname} session_id $sessionPrefix${i#$communityname}${j#$communityname} peer_session_id $sessionPrefix${j#$communityname}${i#$communityname}
|
||||
#ip link set address $communitymacaddress:${i#$communityname}${j#$communityname} dev l2tp-$j
|
||||
ip link set dev l2tp-$j mtu $mtu
|
||||
ip link set up l2tp-$j
|
||||
$batctl if add l2tp-$j
|
||||
fi
|
||||
fi
|
||||
done
|
||||
)
|
||||
done
|
||||
#for i in $server; do
|
||||
#(
|
||||
# for j in $server; do
|
||||
# if [ $i != $j ]; then
|
||||
# if [ $i = $localserver ]; then
|
||||
# ip l2tp add tunnel remote $($dig +short $j.$domain) local $(/bin/hostname -I | /usr/bin/cut -f1 -d' ') tunnel_id $tunnelPrefix${i#$communityname}${j#$communityname} peer_tunnel_id $tunnelPrefix${j#$communityname}${i#$communityname} encap udp udp_sport 300${i#$communityname}${j#$communityname} udp_dport 300${j#$communityname}${i#$communityname}
|
||||
# ip l2tp add session name l2tp-$j tunnel_id $tunnelPrefix${i#$communityname}${j#$communityname} session_id $sessionPrefix${i#$communityname}${j#$communityname} peer_session_id $sessionPrefix${j#$communityname}${i#$communityname}
|
||||
# #ip link set address $communitymacaddress:${i#$communityname}${j#$communityname} dev l2tp-$j
|
||||
# ip link set dev l2tp-$j mtu $mtu
|
||||
# ip link set up l2tp-$j
|
||||
# $batctl if add l2tp-$j
|
||||
# fi
|
||||
# fi
|
||||
# done
|
||||
#)
|
||||
#done
|
||||
|
||||
# Rest starten
|
||||
$ip link set address $communitymacaddress:0${localserver#$communityname} dev bat0
|
||||
$ip link set up dev bat0
|
||||
$ip addr add $communitynetwork.$octet3rd.${localserver#$communityname}/16 broadcast $communitynetwork.255.255 dev bat0
|
||||
$ip -6 addr add $communitynetworkv6$octet3rd:${localserver#$communityname}/64 dev bat0
|
||||
$ip route add {{ snx_ffrl_IPv4 }}/32 via {{ snx_mesh_IPv4 }} table 42
|
||||
$ip route add {{ snx_ffrl_IPv4 }}/32 via {{ snx_mesh_IPv4 }}
|
||||
$ip addr add {{ sn_mesh_IPv4 }}/19 broadcast {{ sn_mesh_IPv4_brcast }} dev bat0
|
||||
$ip -6 addr add {{ sn_mesh_IPv6 }}/64 dev bat0
|
||||
$ip route add 10.188.0.0/16 via {{ sn_mesh_IPv4_xfer }} table 42
|
||||
$ip route add 10.188.0.0/16 via {{ sn_mesh_IPv4_xfer }}
|
||||
$ip -6 route add 2a03:2260:121::/56 via {{ sn_mesh_IPv6_xfer }} table 42
|
||||
$ip -6 route add 2a03:2260:121::/56 via {{ sn_mesh_IPv6_xfer }}
|
||||
|
||||
/usr/bin/killall batadv-vis
|
||||
/bin/sleep 15
|
||||
|
||||
51
files/l2tp_broker-backup.cfg
Normal file
51
files/l2tp_broker-backup.cfg
Normal file
@ -0,0 +1,51 @@
|
||||
[broker]
|
||||
; IP address the broker will listen and accept tunnels on
|
||||
address={{ ansible_default_ipv4.address }}
|
||||
; Ports where the broker will listen on
|
||||
port={{ sn_l2tp_tb_backup_port }}
|
||||
; Interface with that IP address
|
||||
interface=eth0
|
||||
; Maximum number of cached cookies, required for establishing a
|
||||
; session with the broker
|
||||
max_cookies=1024
|
||||
; Maximum number of tunnels that will be allowed by the broker
|
||||
max_tunnels=150
|
||||
; Tunnel port base
|
||||
port_base=25000
|
||||
; Tunnel id base
|
||||
tunnel_id_base=500
|
||||
; Tunnel timeout interval in seconds
|
||||
tunnel_timeout=60
|
||||
; Should PMTU discovery be enabled
|
||||
pmtu_discovery=false
|
||||
; Namespace (for running multiple brokers); note that you must also
|
||||
; configure disjunct ports, and tunnel identifiers in order for
|
||||
; namespacing to work
|
||||
namespace=backup
|
||||
|
||||
[log]
|
||||
; Log filename
|
||||
filename=/var/log/tunneldigger-broker-backup.log
|
||||
; Verbosity
|
||||
verbosity=DEBUG
|
||||
; Should IP addresses be logged or not
|
||||
log_ip_addresses=false
|
||||
|
||||
[hooks]
|
||||
; Arguments to the session.{up,pre-down,down} hooks are as follows:
|
||||
;
|
||||
; <tunnel_id> <session_id> <interface> <mtu> <endpoint_ip> <endpoint_port> <local_port>
|
||||
;
|
||||
; Arguments to the session.mtu-changed hook are as follows:
|
||||
;
|
||||
; <tunnel_id> <session_id> <interface> <old_mtu> <new_mtu>
|
||||
;
|
||||
|
||||
; Called after the tunnel interface goes up
|
||||
session.up=/srv/tunneldigger/bataddif.sh
|
||||
; Called just before the tunnel interface goes down
|
||||
session.pre-down=/srv/tunneldigger/batdelif.sh
|
||||
; Called after the tunnel interface goes down
|
||||
session.down=
|
||||
; Called after the tunnel MTU gets changed because of PMTU discovery
|
||||
session.mtu-changed=
|
||||
@ -1,6 +0,0 @@
|
||||
zone "fftdf" {
|
||||
type slave;
|
||||
masters { 10.188.1.100; };
|
||||
file "/var/lib/bind/db.fftdf";
|
||||
};
|
||||
|
||||
10
files/named.conf.local
Normal file
10
files/named.conf.local
Normal file
@ -0,0 +1,10 @@
|
||||
//
|
||||
// Do any local configuration here
|
||||
//
|
||||
|
||||
// Consider adding the 1918 zones here, if they are not used in your
|
||||
// organization
|
||||
//include "/etc/bind/zones.rfc1918";
|
||||
|
||||
// Include Freifunk Troisdorf (fftdf) zones
|
||||
include "/etc/bind/fftdf/fftdf.conf";
|
||||
@ -3,8 +3,7 @@ interface bat0 {
|
||||
IgnoreIfMissing on;
|
||||
MaxRtrAdvInterval 200;
|
||||
RDNSS {{ sn_mesh_IPv6 }} {};
|
||||
# prefix fda0:747e:ab29:7405::/64 {
|
||||
prefix 2a03:2260:121::/64 {
|
||||
prefix {{ sn_mesh_IPv6_net }} {
|
||||
AdvOnLink on;
|
||||
AdvAutonomous on;
|
||||
AdvRouterAddr on;
|
||||
|
||||
@ -19,11 +19,11 @@ curl -X POST --data-urlencode 'payload={"text": "{{ sn_hostname }} is rebooted",
|
||||
|
||||
# Set mark 4 to Freifunk traffic
|
||||
/sbin/iptables -t mangle -A PREROUTING -s 10.0.0.0/8 ! -d 10.0.0.0/8 -j MARK --set-mark 4
|
||||
/sbin/ip6tables -t mangle -A PREROUTING -s 2a03:2260:121::/64 ! -d 2a03:2260:121::/64 -j MARK --set-mark 4
|
||||
/sbin/ip6tables -t mangle -A PREROUTING -s 2a03:2260:121::/48 ! -d 2a03:2260:121::/48 -j MARK --set-mark 4
|
||||
|
||||
# All from FF IPv4 via routing table 42
|
||||
/bin/ip rule add from {{ sn_ffrl_IPv4 }}/32 lookup 42
|
||||
/bin/ip -6 rule add from 2a03:2260:121::/64 lookup 42
|
||||
/bin/ip -6 rule add from {{ sn_mesh_IPv6_net }} lookup 42
|
||||
|
||||
# Allow MAC address spoofing
|
||||
/sbin/sysctl net.ipv4.conf.bat0.rp_filter=0
|
||||
|
||||
9
files/start-broker-backup.sh
Normal file
9
files/start-broker-backup.sh
Normal file
@ -0,0 +1,9 @@
|
||||
#!/bin/bash
|
||||
|
||||
WDIR=/srv/tunneldigger
|
||||
VIRTUALENV_DIR=/srv/tunneldigger
|
||||
|
||||
cd $WDIR
|
||||
source $VIRTUALENV_DIR/bin/activate
|
||||
|
||||
bin/python broker/l2tp_broker.py l2tp_broker-backup.cfg
|
||||
9
files/tunneldigger-backup.service
Normal file
9
files/tunneldigger-backup.service
Normal file
@ -0,0 +1,9 @@
|
||||
[Unit]
|
||||
Description = Start tunneldigger L2TPv3 broker
|
||||
After = network.target
|
||||
|
||||
[Service]
|
||||
ExecStart = /srv/tunneldigger/start-broker-backup.sh
|
||||
|
||||
[Install]
|
||||
WantedBy = multi-user.target
|
||||
@ -3,7 +3,6 @@
|
||||
# ansible troisdorf4 -u root -m raw -a "apt-get update && apt-get install python -y"
|
||||
|
||||
- name: Install Freifunk Troisdorf super node
|
||||
# hosts: FreifunkSupernodesL2TP
|
||||
hosts: '{{ target }}'
|
||||
sudo: False
|
||||
user: root
|
||||
@ -51,9 +50,14 @@
|
||||
- l2tp_eth
|
||||
tunneldigger_scripts:
|
||||
- start-broker.sh
|
||||
- start-broker-backup.sh
|
||||
- batdelif.sh
|
||||
tunneldigger_service:
|
||||
- tunneldigger.service
|
||||
- tunneldigger-backup.service
|
||||
broker_cfg:
|
||||
- l2tp_broker.cfg-backup.j2
|
||||
- l2tp_broker.cfg.j2
|
||||
bind_zone_fftdf:
|
||||
- named.conf.fftdf
|
||||
check_gw_script:
|
||||
@ -71,8 +75,6 @@
|
||||
raw: "sed -i '/deb cdrom/c\\#' /etc/apt/sources.list"
|
||||
- name: Make this server ansible compatible
|
||||
raw: "apt-get update && apt-get install python -y"
|
||||
# - name: Add backport repo to source list #target: /etc/apt/sources.list.d
|
||||
# apt_repository: repo='deb http://http.debian.net/debian jessie-backports main' state=present
|
||||
- name: Update apt cache
|
||||
apt: update_cache=yes
|
||||
- name: Gathering facts
|
||||
@ -125,17 +127,14 @@
|
||||
shell: >
|
||||
apt-get install linux-headers-$(uname -r) -y
|
||||
when: aptupdates.changed
|
||||
# Install Batman-adv and batctl #
|
||||
- name: Get batman-adv
|
||||
git: repo=https://git.open-mesh.org/batman-adv.git
|
||||
dest=/tmp/batman-adv
|
||||
when: aptupdates.changed
|
||||
register: getbatman
|
||||
# - name: Get batman-adv no rebrotcast patch
|
||||
# get_url: url=http://map.freifunk-moehne.de/stuff/1001-batman-adv-introduce-no_rebroadcast-option.patch dest=/tmp/batman-adv/1001-batman-adv-introduce-no_rebroadcast-option.patch
|
||||
# when: getbatman.changed
|
||||
- name: Install batman-adv
|
||||
shell: cd /tmp/batman-adv && git checkout {{ batmanversion }} && make && make install
|
||||
# shell: cd /tmp/batman-adv && git checkout {{ batmanversion }} && git apply 1001-batman-adv-introduce-no_rebroadcast-option.patch && make && make install
|
||||
when: getbatman.changed
|
||||
- name: Get batctl
|
||||
git: repo=http://git.open-mesh.org/batctl.git
|
||||
@ -145,8 +144,8 @@
|
||||
- name: Install batctl
|
||||
shell: cd /tmp/batctl && git checkout {{ batmanversion }} && make && make install
|
||||
when: getbatctl.changed
|
||||
# Install Tunneldigger #
|
||||
- name: Get Tunneldigger
|
||||
# git: repo=https://github.com/wlanslovenija/tunneldigger.git
|
||||
git: repo=https://github.com/ffrl/tunneldigger.git
|
||||
dest=/srv/tunneldigger
|
||||
register: tunneldigger
|
||||
@ -160,7 +159,8 @@
|
||||
pip: requirements=/srv/tunneldigger/broker/requirements.txt virtualenv=/srv/tunneldigger/
|
||||
when: tunneldigger.changed
|
||||
- name: Copy l2tp broker config template
|
||||
template: src=./files/l2tp_broker.cfg.j2 dest=/srv/tunneldigger/l2tp_broker.cfg owner=root group=root mode=0444
|
||||
template: src=./files/{{ item }} dest=/srv/ owner=root group=root mode=0444
|
||||
with_items: broker_cfg
|
||||
when: tunneldigger.changed
|
||||
- name: Copy tunneldigger script template
|
||||
template: src=./files/bataddif.sh.j2 dest=/srv/tunneldigger/bataddif.sh owner=root group=root mode=0500
|
||||
@ -170,7 +170,7 @@
|
||||
with_items: tunneldigger_scripts
|
||||
when: tunneldigger.changed
|
||||
- name: Copy tunneldigger service file
|
||||
copy: src=./files/{{ item }} dest=/etc/systemd/system/tunneldigger.service owner=root group=root mode=0444
|
||||
copy: src=./files/{{ item }} dest=/etc/systemd/system/ owner=root group=root mode=0444
|
||||
with_items: tunneldigger_service
|
||||
when: tunneldigger.changed
|
||||
- name: Tunneldigger reload
|
||||
@ -246,13 +246,17 @@
|
||||
- name: SSH authorized_keys
|
||||
copy: src=./files/{{ item }} dest=/root/.ssh owner=root group=root mode=0400
|
||||
with_items: authorized_keys
|
||||
- name: Copy secondary zone file
|
||||
copy: src=./files/{{ item }} dest=/etc/bind owner=root group=bind mode=644
|
||||
with_items: bind_zone_fftdf
|
||||
- name: Bind9, activate fftdf zone
|
||||
lineinfile: dest=/etc/bind/named.conf line='include "/etc/bind/named.conf.fftdf";' state=present
|
||||
lineinfile: dest=/etc/bind/named.conf line='include "/etc/bind/fftdf/fftdf.conf";' state=present
|
||||
- name: Copy option template
|
||||
template: src=./files/named.conf.options.j2 dest=/etc/bind/named.conf.options owner=root group=bind mode=644
|
||||
- name: Create fftdf directory
|
||||
file: path=/etc/bind/fftdf state=directory
|
||||
- name: Copy FFTDF Zones
|
||||
copy: src=./files/fftdf/{{ item }} dest=/etc/bind/fftdf/{{ item }} owner=root group=bind mode=644
|
||||
with_items:
|
||||
- fftdf.conf
|
||||
- db.fftdf
|
||||
- name: Copy radvd config template
|
||||
template: src=./files/radvd.conf.j2 dest=/etc/radvd.conf owner=radvd group=root mode=0444
|
||||
- name: Interface configuration with ffrl gre tunnel
|
||||
|
||||
Loading…
Reference in New Issue
Block a user