Merge pull request #15 from Freifunk-Troisdorf/new-new-net

New Net Merge to Master
This commit is contained in:
stebifan 2016-07-29 19:03:26 +02:00 committed by GitHub
commit 8dfc15a496
29 changed files with 966 additions and 211 deletions

View File

@ -42,7 +42,7 @@ return net ~ [ fc00::/7{48,64},
} }
filter hostroute { filter hostroute {
if net ~ 2a03:2260:121::/48 then accept; if net ~ 2a03:2260:121:4000::/52 then accept;
reject; reject;
} }

View File

@ -44,7 +44,7 @@ return net ~ [ fc00::/7{48,64},
} }
filter hostroute { filter hostroute {
if net ~ 2a03:2260:121::/48 then accept; if net ~ 2a03:2260:121:5000::/52 then accept;
reject; reject;
} }

View File

@ -44,7 +44,7 @@ return net ~ [ fc00::/7{48,64},
} }
filter hostroute { filter hostroute {
if net ~ 2a03:2260:121::/48 then accept; if net ~ 2a03:2260:121:6000::/52 then accept;
reject; reject;
} }

View File

@ -42,7 +42,7 @@ return net ~ [ fc00::/7{48,64},
} }
filter hostroute { filter hostroute {
if net ~ 2a03:2260:121::/48 then accept; if net ~ 2a03:2260:121:7000::/52 then accept;
reject; reject;
} }

View File

@ -7,7 +7,7 @@ log-facility local7;
subnet 10.188.0.0 netmask 255.255.0.0 { subnet 10.188.0.0 netmask 255.255.0.0 {
authoritative; authoritative;
range {{ sn_dhcp_range }}; range {{ sn_dhcp_range }};
option domain-name-servers {{ sn_mesh_IPv4 }}, {{ sn_dhcp_dns_v4 }}; option domain-name-servers {{ sn_mesh_IPv4 }};
option routers {{ sn_mesh_IPv4 }}; option routers {{ sn_mesh_IPv4 }};
option interface-mtu {{ sn_mtu }}; option interface-mtu {{ sn_mtu }};
interface bat0; interface bat0;

View File

@ -6,17 +6,10 @@ authoritative;
default-lease-time 300; default-lease-time 300;
max-lease-time 600; max-lease-time 600;
#option dhcp6.name-servers {{ sn_mesh_IPv6 }}; option dhcp6.name-servers {{ sn_mesh_IPv6 }};
option dhcp6.name-servers {{ sn_mesh_IPv6 }}, {{ sn_dhcp_dns_v6 }};
option dhcp6.domain-search "fftdf"; option dhcp6.domain-search "fftdf";
subnet6 2a03:2260:121::/64 { subnet6 {{ sn_mesh_IPv6_net }} {
#
# # Range for clients
# range6 2a03:2260:121::201 2a03:2260:121::ffff;
#
# # Range for clients requesting a temporary address
# range6 2a03:2260:121::/64 temporary;
} }

25
files/fftdf/db.fftdf.j2 Normal file
View File

@ -0,0 +1,25 @@
;; db.fftdf
;; Forwardlookupzone für .fftdf
;;
$TTL 600
@ IN SOA fftdf. root.fftdf. (
2015584543 ; Serial
8H ; Refresh
2H ; Retry
4W ; Expire
3H ) ; NX (TTL Negativ Cache)
@ IN NS {{ sn_hostname }}.infra.fftdf.
IN A {{ sn_mesh_IPv4 }}
IN AAAA {{ sn_mesh_IPv6 }}
localhost IN A 127.0.0.1
IN AAAA ::1
nextnode IN A 10.188.0.1
IN AAAA 2a03:2260:121::1
;;This Supernode
{{ sn_hostname }}.infra IN A {{ sn_mesh_IPv4 }}
IN AAAA {{ sn_mesh_IPv6 }}
;; Update Servers
update1.infra IN AAAA 2a03:2260:121::22
update2.infra IN AAAA 2a03:2260:121::23
update3.infra IN AAAA 2a03:2260:121::24

6
files/fftdf/fftdf.conf Normal file
View File

@ -0,0 +1,6 @@
// Zone declarations for Freifunk Troisdorf
zone "fftdf" {
type master;
file "/etc/bind/fftdf/db.fftdf";
};

View File

@ -9,12 +9,16 @@ iface lo inet loopback
up ip address add 185.66.193.104/32 dev lo up ip address add 185.66.193.104/32 dev lo
iface lo inet6 loopback iface lo inet6 loopback
up ip address add 2a03:2260:121::104/48 dev lo up ip address add 2a03:2260:121:4000::105/52 dev lo
# The primary network interface # The primary network interface
allow-hotplug eth0 allow-hotplug eth0
iface eth0 inet dhcp iface eth0 inet static
address 212.129.50.141
netmask 255.255.255.255
gateway 163.172.210.1
pointopoint 163.172.210.1
post-up iptables -P OUTPUT ACCEPT post-up iptables -P OUTPUT ACCEPT
post-up iptables -A OUTPUT -o eth0 -d 10.0.0.0/8 -j DROP post-up iptables -A OUTPUT -o eth0 -d 10.0.0.0/8 -j DROP
post-up iptables -A OUTPUT -o eth0 -d 172.16.0.0/12 -j DROP post-up iptables -A OUTPUT -o eth0 -d 172.16.0.0/12 -j DROP
@ -22,8 +26,8 @@ iface eth0 inet dhcp
post-up iptables -A OUTPUT -o eth0 -d 192.168.0.0/16 -j DROP post-up iptables -A OUTPUT -o eth0 -d 192.168.0.0/16 -j DROP
post-up iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE post-up iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
auto 6to4 auto 6to4
iface 6to4 inet6 6to4 iface 6to4 inet6 6to4
local 163.172.27.8 local 212.129.50.141
# GRE Tunnel zum Rheinland Backbone # GRE Tunnel zum Rheinland Backbone
# - Die Konfigurationsdaten werden vom Rheinland Backbone vergeben und zugewiesen # - Die Konfigurationsdaten werden vom Rheinland Backbone vergeben und zugewiesen
@ -33,7 +37,7 @@ auto gre-bb-a.ak.ber
iface gre-bb-a.ak.ber inet static iface gre-bb-a.ak.ber inet static
address 100.64.6.13 address 100.64.6.13
netmask 255.255.255.254 netmask 255.255.255.254
pre-up ip tunnel add $IFACE mode gre local 163.172.27.8 remote 185.66.195.0 ttl 255 pre-up ip tunnel add $IFACE mode gre local 212.129.50.141 remote 185.66.195.0 ttl 255
post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.104 post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.104
post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
post-up ip link set $IFACE mtu 1400 post-up ip link set $IFACE mtu 1400
@ -50,7 +54,7 @@ auto gre-bb-b.ak.ber
iface gre-bb-b.ak.ber inet static iface gre-bb-b.ak.ber inet static
address 100.64.6.19 address 100.64.6.19
netmask 255.255.255.254 netmask 255.255.255.254
pre-up ip tunnel add $IFACE mode gre local 163.172.27.8 remote 185.66.195.1 ttl 255 pre-up ip tunnel add $IFACE mode gre local 212.129.50.141 remote 185.66.195.1 ttl 255
post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.104 post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.104
post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
post-up ip link set $IFACE mtu 1400 post-up ip link set $IFACE mtu 1400
@ -68,7 +72,7 @@ auto gre-bb-a.ix.dus
iface gre-bb-a.ix.dus inet static iface gre-bb-a.ix.dus inet static
address 100.64.6.17 address 100.64.6.17
netmask 255.255.255.254 netmask 255.255.255.254
pre-up ip tunnel add $IFACE mode gre local 163.172.27.8 remote 185.66.193.0 ttl 255 pre-up ip tunnel add $IFACE mode gre local 212.129.50.141 remote 185.66.193.0 ttl 255
post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.104 post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.104
post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
post-up ip link set $IFACE mtu 1400 post-up ip link set $IFACE mtu 1400
@ -86,7 +90,7 @@ auto gre-bb-b.ix.dus
iface gre-bb-b.ix.dus inet static iface gre-bb-b.ix.dus inet static
address 100.64.6.23 address 100.64.6.23
netmask 255.255.255.254 netmask 255.255.255.254
pre-up ip tunnel add $IFACE mode gre local 163.172.27.8 remote 185.66.193.1 ttl 255 pre-up ip tunnel add $IFACE mode gre local 212.129.50.141 remote 185.66.193.1 ttl 255
post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.104 post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.104
post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
post-up ip link set $IFACE mtu 1400 post-up ip link set $IFACE mtu 1400
@ -103,7 +107,7 @@ auto gre-bb-a.fra3.f
iface gre-bb-a.fra3.f inet static iface gre-bb-a.fra3.f inet static
address 100.64.6.15 address 100.64.6.15
netmask 255.255.255.254 netmask 255.255.255.254
pre-up ip tunnel add $IFACE mode gre local 163.172.27.8 remote 185.66.194.0 ttl 255 pre-up ip tunnel add $IFACE mode gre local 212.129.50.141 remote 185.66.194.0 ttl 255
post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.104 post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.104
post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
post-up ip link set $IFACE mtu 1400 post-up ip link set $IFACE mtu 1400
@ -121,7 +125,7 @@ auto gre-bb-b.fra3.f
iface gre-bb-b.fra3.f inet static iface gre-bb-b.fra3.f inet static
address 100.64.6.21 address 100.64.6.21
netmask 255.255.255.254 netmask 255.255.255.254
pre-up ip tunnel add $IFACE mode gre local 163.172.27.8 remote 185.66.194.1 ttl 255 pre-up ip tunnel add $IFACE mode gre local 212.129.50.141 remote 185.66.194.1 ttl 255
post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.104 post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.104
post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
post-up ip link set $IFACE mtu 1400 post-up ip link set $IFACE mtu 1400

View File

@ -9,12 +9,16 @@ iface lo inet loopback
up ip address add 185.66.193.105/32 dev lo up ip address add 185.66.193.105/32 dev lo
iface lo inet6 loopback iface lo inet6 loopback
up ip address add 2a03:2260:121::105/48 dev lo up ip address add 203:2260:121:5000::105/52 dev lo
# The primary network interface # The primary network interface
allow-hotplug eth0 allow-hotplug eth0
iface eth0 inet dhcp iface eth0 inet static
address 62.210.5.90
netmask 255.255.255.255
gateway 163.172.210.1
pointopoint 163.172.210.1
post-up iptables -P OUTPUT ACCEPT post-up iptables -P OUTPUT ACCEPT
post-up iptables -A OUTPUT -o eth0 -d 10.0.0.0/8 -j DROP post-up iptables -A OUTPUT -o eth0 -d 10.0.0.0/8 -j DROP
post-up iptables -A OUTPUT -o eth0 -d 172.16.0.0/12 -j DROP post-up iptables -A OUTPUT -o eth0 -d 172.16.0.0/12 -j DROP
@ -23,7 +27,7 @@ iface eth0 inet dhcp
post-up iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE post-up iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
auto 6to4 auto 6to4
iface 6to4 inet6 6to4 iface 6to4 inet6 6to4
local 138.201.54.123 local 62.210.5.90
# GRE Tunnel zum Rheinland Backbone # GRE Tunnel zum Rheinland Backbone
# - Die Konfigurationsdaten werden vom Rheinland Backbone vergeben und zugewiesen # - Die Konfigurationsdaten werden vom Rheinland Backbone vergeben und zugewiesen
@ -33,7 +37,7 @@ auto gre-bb-a.ak.ber
iface gre-bb-a.ak.ber inet static iface gre-bb-a.ak.ber inet static
address 100.64.2.151 address 100.64.2.151
netmask 255.255.255.254 netmask 255.255.255.254
pre-up ip tunnel add $IFACE mode gre local 138.201.54.123 remote 185.66.195.0 ttl 255 pre-up ip tunnel add $IFACE mode gre local 62.210.5.90 remote 185.66.195.0 ttl 255
post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.105 post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.105
post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
post-up ip link set $IFACE mtu 1400 post-up ip link set $IFACE mtu 1400
@ -50,7 +54,7 @@ auto gre-bb-b.ak.ber
iface gre-bb-b.ak.ber inet static iface gre-bb-b.ak.ber inet static
address 100.64.2.153 address 100.64.2.153
netmask 255.255.255.254 netmask 255.255.255.254
pre-up ip tunnel add $IFACE mode gre local 138.201.54.123 remote 185.66.195.1 ttl 255 pre-up ip tunnel add $IFACE mode gre local 62.210.5.90 remote 185.66.195.1 ttl 255
post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.105 post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.105
post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
post-up ip link set $IFACE mtu 1400 post-up ip link set $IFACE mtu 1400
@ -68,7 +72,7 @@ auto gre-bb-a.ix.dus
iface gre-bb-a.ix.dus inet static iface gre-bb-a.ix.dus inet static
address 100.64.2.155 address 100.64.2.155
netmask 255.255.255.254 netmask 255.255.255.254
pre-up ip tunnel add $IFACE mode gre local 138.201.54.123 remote 185.66.193.0 ttl 255 pre-up ip tunnel add $IFACE mode gre local 62.210.5.90 remote 185.66.193.0 ttl 255
post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.105 post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.105
post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
post-up ip link set $IFACE mtu 1400 post-up ip link set $IFACE mtu 1400
@ -86,7 +90,7 @@ auto gre-bb-b.ix.dus
iface gre-bb-b.ix.dus inet static iface gre-bb-b.ix.dus inet static
address 100.64.2.157 address 100.64.2.157
netmask 255.255.255.254 netmask 255.255.255.254
pre-up ip tunnel add $IFACE mode gre local 138.201.54.123 remote 185.66.193.1 ttl 255 pre-up ip tunnel add $IFACE mode gre local 62.210.5.90 remote 185.66.193.1 ttl 255
post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.105 post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.105
post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
post-up ip link set $IFACE mtu 1400 post-up ip link set $IFACE mtu 1400

View File

@ -9,17 +9,17 @@ iface lo inet loopback
up ip address add 185.66.193.106/32 dev lo up ip address add 185.66.193.106/32 dev lo
iface lo inet6 loopback iface lo inet6 loopback
up ip address add 2a03:2260:121::106/48 dev lo up ip address add 2a03:2260:121:6000::105/52 dev lo
# The primary network interface # The primary network interface
allow-hotplug eth0 allow-hotplug eth0
#iface eth0 inet dhcp #iface eth0 inet dhcp
iface eth0 inet static iface eth0 inet static
address 46.4.138.189 address 62.210.12.122
netmask 255.255.255.192 netmask 255.255.255.255
gateway 46.4.138.129 gateway 163.172.210.1
dns-nameserver 213.133.100.100 213.133.99.99 213.133.98.98 pointopoint 163.172.210.1
post-up iptables -P OUTPUT ACCEPT post-up iptables -P OUTPUT ACCEPT
post-up iptables -A OUTPUT -o eth0 -d 10.0.0.0/8 -j DROP post-up iptables -A OUTPUT -o eth0 -d 10.0.0.0/8 -j DROP
post-up iptables -A OUTPUT -o eth0 -d 172.16.0.0/12 -j DROP post-up iptables -A OUTPUT -o eth0 -d 172.16.0.0/12 -j DROP
@ -27,10 +27,9 @@ iface eth0 inet static
post-up iptables -A OUTPUT -o eth0 -d 192.168.0.0/16 -j DROP post-up iptables -A OUTPUT -o eth0 -d 192.168.0.0/16 -j DROP
post-up iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE post-up iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iface eth0 inet6 static auto 6to4
address 2a01:4f8:11d:600::189 iface 6to4 inet6 6to4
netmask 59 local 62.210.12.122
gateway 2a01:4f8:11d:600::1
post-up ip6tables -P OUTPUT ACCEPT post-up ip6tables -P OUTPUT ACCEPT
post-up ip6tables -A OUTPUT -o eth0 -d fc00::/7 -j DROP post-up ip6tables -A OUTPUT -o eth0 -d fc00::/7 -j DROP
@ -42,7 +41,7 @@ auto gre-bb-a.ak.ber
iface gre-bb-a.ak.ber inet static iface gre-bb-a.ak.ber inet static
address 100.64.2.159 address 100.64.2.159
netmask 255.255.255.254 netmask 255.255.255.254
pre-up ip tunnel add $IFACE mode gre local 46.4.138.189 remote 185.66.195.0 ttl 255 pre-up ip tunnel add $IFACE mode gre local 62.210.12.122 remote 185.66.195.0 ttl 255
post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.106 post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.106
post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
post-up ip link set $IFACE mtu 1400 post-up ip link set $IFACE mtu 1400
@ -59,7 +58,7 @@ auto gre-bb-b.ak.ber
iface gre-bb-b.ak.ber inet static iface gre-bb-b.ak.ber inet static
address 100.64.2.161 address 100.64.2.161
netmask 255.255.255.254 netmask 255.255.255.254
pre-up ip tunnel add $IFACE mode gre local 46.4.138.189 remote 185.66.195.1 ttl 255 pre-up ip tunnel add $IFACE mode gre local 62.210.12.122 remote 185.66.195.1 ttl 255
post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.106 post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.106
post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
post-up ip link set $IFACE mtu 1400 post-up ip link set $IFACE mtu 1400
@ -77,7 +76,7 @@ auto gre-bb-a.ix.dus
iface gre-bb-a.ix.dus inet static iface gre-bb-a.ix.dus inet static
address 100.64.2.163 address 100.64.2.163
netmask 255.255.255.254 netmask 255.255.255.254
pre-up ip tunnel add $IFACE mode gre local 46.4.138.189 remote 185.66.193.0 ttl 255 pre-up ip tunnel add $IFACE mode gre local 62.210.12.122 remote 185.66.193.0 ttl 255
post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.106 post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.106
post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
post-up ip link set $IFACE mtu 1400 post-up ip link set $IFACE mtu 1400
@ -95,7 +94,7 @@ auto gre-bb-b.ix.dus
iface gre-bb-b.ix.dus inet static iface gre-bb-b.ix.dus inet static
address 100.64.2.165 address 100.64.2.165
netmask 255.255.255.254 netmask 255.255.255.254
pre-up ip tunnel add $IFACE mode gre local 46.4.138.189 remote 185.66.193.1 ttl 255 pre-up ip tunnel add $IFACE mode gre local 62.210.12.122 remote 185.66.193.1 ttl 255
post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.106 post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.106
post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
post-up ip link set $IFACE mtu 1400 post-up ip link set $IFACE mtu 1400

View File

@ -9,12 +9,16 @@ iface lo inet loopback
up ip address add 185.66.193.107/32 dev lo up ip address add 185.66.193.107/32 dev lo
iface lo inet6 loopback iface lo inet6 loopback
up ip address add 2a03:2260:121::107/48 dev lo up ip address add 2a03:2260:121:7000::105/52 dev lo
# The primary network interface # The primary network interface
allow-hotplug eth0 allow-hotplug eth0
iface eth0 inet dhcp iface eth0 inet static
address 212.83.154.70
netmask 255.255.255.255
gateway 163.172.210.1
pointopoint 163.172.210.1
post-up iptables -P OUTPUT ACCEPT post-up iptables -P OUTPUT ACCEPT
post-up iptables -A OUTPUT -o eth0 -d 10.0.0.0/8 -j DROP post-up iptables -A OUTPUT -o eth0 -d 10.0.0.0/8 -j DROP
post-up iptables -A OUTPUT -o eth0 -d 172.16.0.0/12 -j DROP post-up iptables -A OUTPUT -o eth0 -d 172.16.0.0/12 -j DROP
@ -22,8 +26,8 @@ iface eth0 inet dhcp
post-up iptables -A OUTPUT -o eth0 -d 192.168.0.0/16 -j DROP post-up iptables -A OUTPUT -o eth0 -d 192.168.0.0/16 -j DROP
post-up iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE post-up iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
auto 6to4 auto 6to4
iface 6to4 inet6 6to4 iface 6to4 inet6 6to4
local 163.172.28.228 local 163.172.194.197
# GRE Tunnel zum Rheinland Backbone # GRE Tunnel zum Rheinland Backbone
# - Die Konfigurationsdaten werden vom Rheinland Backbone vergeben und zugewiesen # - Die Konfigurationsdaten werden vom Rheinland Backbone vergeben und zugewiesen
@ -33,7 +37,7 @@ auto gre-bb-a.ak.ber
iface gre-bb-a.ak.ber inet static iface gre-bb-a.ak.ber inet static
address 100.64.6.25 address 100.64.6.25
netmask 255.255.255.254 netmask 255.255.255.254
pre-up ip tunnel add $IFACE mode gre local 163.172.28.228 remote 185.66.195.0 ttl 255 pre-up ip tunnel add $IFACE mode gre local 163.172.194.197 remote 185.66.195.0 ttl 255
post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.107 post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.107
post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
post-up ip link set $IFACE mtu 1400 post-up ip link set $IFACE mtu 1400
@ -50,7 +54,7 @@ auto gre-bb-b.ak.ber
iface gre-bb-b.ak.ber inet static iface gre-bb-b.ak.ber inet static
address 100.64.6.31 address 100.64.6.31
netmask 255.255.255.254 netmask 255.255.255.254
pre-up ip tunnel add $IFACE mode gre local 163.172.28.228 remote 185.66.195.1 ttl 255 pre-up ip tunnel add $IFACE mode gre local 163.172.194.197 remote 185.66.195.1 ttl 255
post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.107 post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.107
post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
post-up ip link set $IFACE mtu 1400 post-up ip link set $IFACE mtu 1400
@ -68,7 +72,7 @@ auto gre-bb-a.ix.dus
iface gre-bb-a.ix.dus inet static iface gre-bb-a.ix.dus inet static
address 100.64.6.29 address 100.64.6.29
netmask 255.255.255.254 netmask 255.255.255.254
pre-up ip tunnel add $IFACE mode gre local 163.172.28.228 remote 185.66.193.0 ttl 255 pre-up ip tunnel add $IFACE mode gre local 163.172.194.197 remote 185.66.193.0 ttl 255
post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.107 post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.107
post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
post-up ip link set $IFACE mtu 1400 post-up ip link set $IFACE mtu 1400
@ -86,7 +90,7 @@ auto gre-bb-b.ix.dus
iface gre-bb-b.ix.dus inet static iface gre-bb-b.ix.dus inet static
address 100.64.6.35 address 100.64.6.35
netmask 255.255.255.254 netmask 255.255.255.254
pre-up ip tunnel add $IFACE mode gre local 163.172.28.228 remote 185.66.193.1 ttl 255 pre-up ip tunnel add $IFACE mode gre local 163.172.194.197 remote 185.66.193.1 ttl 255
post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.107 post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.107
post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
post-up ip link set $IFACE mtu 1400 post-up ip link set $IFACE mtu 1400
@ -103,7 +107,7 @@ auto gre-bb-a.fra3.f
iface gre-bb-a.fra3.f inet static iface gre-bb-a.fra3.f inet static
address 100.64.6.27 address 100.64.6.27
netmask 255.255.255.254 netmask 255.255.255.254
pre-up ip tunnel add $IFACE mode gre local 163.172.28.228 remote 185.66.194.0 ttl 255 pre-up ip tunnel add $IFACE mode gre local 163.172.194.197 remote 185.66.194.0 ttl 255
post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.107 post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.107
post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
post-up ip link set $IFACE mtu 1400 post-up ip link set $IFACE mtu 1400
@ -121,7 +125,7 @@ auto gre-bb-b.fra3.f
iface gre-bb-b.fra3.f inet static iface gre-bb-b.fra3.f inet static
address 100.64.6.33 address 100.64.6.33
netmask 255.255.255.254 netmask 255.255.255.254
pre-up ip tunnel add $IFACE mode gre local 163.172.28.228 remote 185.66.194.1 ttl 255 pre-up ip tunnel add $IFACE mode gre local 163.172.194.197 remote 185.66.194.1 ttl 255
post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.107 post-up iptables -t nat -A POSTROUTING -o $IFACE -j SNAT --to-source 185.66.193.107
post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312 post-up iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o $IFACE -j TCPMSS --set-mss 1312
post-up ip link set $IFACE mtu 1400 post-up ip link set $IFACE mtu 1400

View File

@ -6,79 +6,82 @@ while [ true ] ; do
iam=$(/bin/hostname) iam=$(/bin/hostname)
day=$(date +%d) day=$(date +%d)
BATCTL=/usr/local/sbin/batctl BATCTL=/usr/local/sbin/batctl
active_SN=$iam
#### Settings #### #### Settings ####
# Names of the 2 Supernodes # # Names of the 2 Supernodes #
loadbalance=$(cat /etc/supernode-status/loadbalancing.mode) if [ $iam = "troisdorf4" ]; then
if [ $iam = "troisdorf5" ]; then my_SN_IP=185.66.193.104
other_SN_IP=185.66.193.105
other_SN_DNS=5.fftdf.de
meship=10.188.0.4
SN1=troisdorf4
SN2=troisdorf5
slack="/usr/local/bin/slacktee.sh -u troisdorf4"
elif [ $iam = "troisdorf5" ]; then
my_SN_IP=185.66.193.105 my_SN_IP=185.66.193.105
other_SN_IP=185.66.193.106 other_SN_IP=185.66.193.106
meship=10.188.255.5 other_SN_DNS=6.fftdf.de
meship=10.188.32.5
SN1=troisdorf5 SN1=troisdorf5
SN2=troisdorf6 SN2=troisdorf6
slack="/usr/local/bin/slacktee.sh -u troisdorf5"
elif [ $iam = "troisdorf6" ]; then elif [ $iam = "troisdorf6" ]; then
my_SN_IP=185.66.193.106 my_SN_IP=185.66.193.106
other_SN_IP=185.66.193.105 other_SN_IP=185.66.193.104
meship=10.188.255.6 other_SN_DNS=4.fftdf.de
SN1=troisdorf5 meship=10.188.64.6
SN2=troisdorf6 SN1=troisdorf6
elif [ $iam = "troisdorf1" ]; then SN2=troisdorf4
my_SN_IP=185.66.193.101 slack="/usr/local/bin/slacktee.sh -u troisdorf6"
other_SN_IP=185.66.193.102 elif [ $iam = "troisdorf7" ]; then
meship=10.188.255.1 my_SN_IP=185.66.193.107
SN1=troisdorf1 other_SN_IP=185.66.193.104
SN2=troisdorf2 other_SN_DNS=4.fftdf.de
elif [ $iam = "troisdorf2" ]; then meship=10.188.92.7
my_SN_IP=185.66.193.102 SN1=troisdorf7
other_SN_IP=185.66.193.101 SN2=troisdorf4
meship=10.188.255.2 slack="/usr/local/bin/slacktee.sh -u troisdorf7"
SN1=troisdorf1
SN2=troisdorf2
fi fi
if [ $loadbalance = "1" ] && [ $mode != "0" ]; then
if [ $day -gt 15 ]; then
active_SN=$SN1
else
active_SN=$SN2
fi
fi
################## ##################
# functions # # functions #
# Supernode off # # Supernode off #
supernode_off () { supernode_off () {
$BATCTL gw off /usr/local/sbin/batctl gw off
/usr/sbin/service bird6 stop /usr/sbin/service bird6 stop
/usr/sbin/service bird stop /usr/sbin/service bird stop
/usr/sbin/service tunneldigger stop /usr/sbin/service tunneldigger stop
/usr/sbin/service tunneldigger-backup stop
/usr/sbin/service radvd stop /usr/sbin/service radvd stop
/usr/sbin/service isc-dhcp-server stop /usr/sbin/service isc-dhcp-server stop
if [ $loadbalance == 1 ] && [ $mode != 0 ]; then echo 0 > /etc/supernode-status/supernode.status
echo 3 > /etc/supernode-status/supernode.status
else
echo 0 > /etc/supernode-status/supernode.status
fi
echo "collectd.gateways.$iam.sn-status $online `date +%s`" | nc -q 0 10.188.1.27 2003 echo "collectd.gateways.$iam.sn-status $online `date +%s`" | nc -q 0 10.188.1.27 2003
} }
# Supernode on # # Supernode on #
supernode_on () { supernode_on () {
$BATCTL gw server 100Mbit/100Mbit /usr/local/sbin/batctl gw server 100Mbit/100Mbit
/usr/sbin/service bird6 start /usr/sbin/service bird6 start
/usr/sbin/service bird start /usr/sbin/service bird start
/usr/sbin/service tunneldigger start /usr/sbin/service tunneldigger start
/usr/sbin/service tunneldigger-backup stop
/usr/sbin/service radvd start /usr/sbin/service radvd start
/usr/sbin/service isc-dhcp-server start /usr/sbin/service isc-dhcp-server start
if [ $loadbalance == 1 ]; then echo 1 > /etc/supernode-status/supernode.status
echo 1 > /etc/supernode-status/supernode.status echo "collectd.gateways.$iam.sn-status $online `date +%s`" | nc -q 0 10.188.1.27 2003
else }
echo 2 > /etc/supernode-status/supernode.status # Supernode Backup Mode
fi supernode_backup () {
/usr/local/sbin/batctl gw server 100Mbit/100Mbit
/usr/sbin/service bird6 start
/usr/sbin/service bird start
/usr/sbin/service tunneldigger start
/usr/sbin/service tunneldigger-backup start
/usr/sbin/service radvd start
/usr/sbin/service isc-dhcp-server start
echo 2 > /etc/supernode-status/supernode.status
echo "collectd.gateways.$iam.sn-status $online `date +%s`" | nc -q 0 10.188.1.27 2003 echo "collectd.gateways.$iam.sn-status $online `date +%s`" | nc -q 0 10.188.1.27 2003
} }
# Restart Services # # Restart Services #
supernode_fail () { supernode_fail () {
$BATCTL gw off /usr/local/sbin/batctl gw off
/usr/sbin/service bird6 restart /usr/sbin/service bird6 restart
/usr/sbin/service bird restart /usr/sbin/service bird restart
/usr/sbin/service tunneldigger restart /usr/sbin/service tunneldigger restart
@ -88,35 +91,33 @@ while [ true ] ; do
echo "collectd.gateways.$iam.sn-status $online `date +%s`" | nc -q 0 10.188.1.27 2003 echo "collectd.gateways.$iam.sn-status $online `date +%s`" | nc -q 0 10.188.1.27 2003
} }
#Check other Supernode #Check other Supernode
if [ $iam != $active_SN ]; if [ $mode != "0" ]; then
then if [ $mode = "1" ]; then
ping -q -c5 $other_SN_IP -I eth0 > /dev/null /bin/nc -zvu $other_SN_DNS 53842
if [ $? -eq 0 ] if [ $? -eq 0 ]; then
then if [ $online = 2 ]; then
if [ $online ==1 ] || [ $online = 2 ]; then echo "Supernode wieder online. Backup Modus abgeschaltet" | $slack
curl -X POST --data-urlencode 'payload={"text": "Aktiver Supernode wieder online. Ich habe mich wieder ausgeschaltet", "channel": "#technik", "username": "{{ sn_hostname }}", "icon_emoji": ":white_check_mark:"}' https://hooks.slack.com/services/{{ slack_token }} supernode_on
fi fi
supernode_off
else
supernode_on
curl -X POST --data-urlencode 'payload={"text": "Aktiver Supernode offline. Ich habe mich eingeschaltet", "channel": "#technik", "username": "{{ sn_hostname }}", "icon_emoji": ":warning:"}' https://hooks.slack.com/services/{{ slack_token }}
sleep 300
fi
else
# Check this Supernode
if [ $mode != "0" ]; then
ping -q -c5 $my_SN_IP -I eth0 > /dev/null
if [ $? -eq 0 ]
then
if [ $online = 0 ] || [ $online = 3 ]; then
curl -X POST --data-urlencode 'payload={"text": "Ich bin jetzt Supernode!", "channel": "#technik", "username": "{{ sn_hostname }}", "icon_emoji": ":white_check_mark:"}' https://hooks.slack.com/services/{{ slack_token }}
fi
supernode_on
else else
supernode_fail supernode_backup
curl -X POST --data-urlencode 'payload={"text": "Ich konnte mich selbst nicht anpingen. Ich versuche mal die Services neu zu starten", "channel": "#technik", "username": "{{ sn_hostname }}", "icon_emoji": ":warning:"}' https://hooks.slack.com/services/{{ slack_token }} echo "Supernode offline. Backup modus eingeschaltet" | $slack
fi fi
fi fi
# Check this Supernode
/bin/ping -q -c5 $my_SN_IP -I eth0 > /dev/null
if [ $? -eq 0 ]; then
if [ $online = 0 ]; then
echo "Ich bin jetzt Supernode!" | $slack
elif [ $mode = 1 ]; then
supernode_on
elif [ $mode = 2 ]; then
supernode_backup
fi
else
supernode_fail
echo "Ich konnte mich selbst nicht anpingen. Ich versuche mal die Services neu zu starten" | $slack
fi
fi fi
# Supernode off # Supernode off
if [ $mode = "0" ]; then if [ $mode = "0" ]; then
@ -127,17 +128,20 @@ while [ true ] ; do
do do
x=`pidof $service`; x=`pidof $service`;
if [ "$x" = "" ]; then if [ "$x" = "" ]; then
echo "collectd.gateways.$iam.$service 0 `date +%s`" | nc -q 0 10.188.1.27 2003 echo "collectd.gateways.$iam.$service 0 `date +%s`" | nc -q 0 10.188.1.27 2003
echo 0 > /etc/supernode-status/"$service".status echo 0 > /etc/supernode-status/"$service".status
else else
echo "collectd.gateways.$iam.$service 1 `date +%s`" | nc -q 0 10.188.1.27 2003 echo "collectd.gateways.$iam.$service 1 `date +%s`" | nc -q 0 10.188.1.27 2003
echo 1 > /etc/supernode-status/"$service".status echo 1 > /etc/supernode-status/"$service".status
fi fi
done done
# Check DNS Server # Check DNS Server
host google.de $meship /usr/bin/host google.de $meship
if [ "$?" != "0" ]; then if [ "$?" != "0" ]; then
service bind9 restart service bind9 restart
if [ $mode != "0" ]; then
echo "DNS Server läuft nicht! Versuche neu zu starten!" | $slack
fi
fi fi
#Check Tunneldigger Connections #Check Tunneldigger Connections
if ! [ -d /opt/freifunk/tunneldigger_interfaces ]; then if ! [ -d /opt/freifunk/tunneldigger_interfaces ]; then

View File

@ -1,55 +1,41 @@
#!/bin/sh #!/bin/sh
# Version 6 # Version 9
# Der servername muss mit einer einstelligen Zahl aufhoeren!!!!! sleep 60
communityname="troisdorf"
server="troisdorf1 troisdorf2 troisdorf3 troisdorf4 troisdorf5 troisdorf6 troisdorf7 troisdorf8 troisdorf9"
#server="troisdorf7 {{ sn_hostname }}"
domain="freifunk-troisdorf.de"
mtu={{ sn_mtu }}
# community MAC address, without the last Byte (:)!
communitymacaddress="a2:8c:ae:6f:f6"
tunnelPrefix=10
sessionPrefix=1
# Netzwerkteil des Netzes, ohne abschliessenden Punkt
communitynetwork="10.188"
# IPv6 network
#communitynetworkv6="fda0:747e:ab29:7405:255::"
communitynetworkv6="2a03:2260:121::"
# Drittes Octet des serverbereichs
octet3rd="255"
# CIDR muss /16 sein
localserver=$(/bin/hostname)
batadv=/usr/local/sbin/batadv-vis
batctl=/usr/local/sbin/batctl batctl=/usr/local/sbin/batctl
ip=/sbin/ip ip=/sbin/ip
dig=/usr/bin/dig communitymacaddress="a2:8c:ae:6f:f6"
localserver=$(/bin/hostname)
communityname=troisdorf
for i in $server; do # L2tp to Map
( $ip l2tp add tunnel remote 138.201.70.103 local $(/bin/hostname -I | /usr/bin/cut -f1 -d' ') tunnel_id {{ sn_number }}0 peer_tunnel_id 0{{ sn_number }} encap udp udp_sport 300{{ sn_number }}0 udp_dport 3000{{ sn_number }}
for j in $server; do $ip l2tp add session name l2tp-map tunnel_id {{ sn_number }}0 session_id 1{{ sn_number }}0 peer_session_id 2{{ sn_number }}0
if [ $i != $j ]; then $ip link set dev l2tp-map mtu 1312
if [ $i = $localserver ]; then $ip link set up l2tp-map
ip l2tp add tunnel remote $($dig +short $j.$domain) local $(/bin/hostname -I | /usr/bin/cut -f1 -d' ') tunnel_id $tunnelPrefix${i#$communityname}${j#$communityname} peer_tunnel_id $tunnelPrefix${j#$communityname}${i#$communityname} encap udp udp_sport 300${i#$communityname}${j#$communityname} udp_dport 300${j#$communityname}${i#$communityname} $batctl if add l2tp-map
ip l2tp add session name l2tp-$j tunnel_id $tunnelPrefix${i#$communityname}${j#$communityname} session_id $sessionPrefix${i#$communityname}${j#$communityname} peer_session_id $sessionPrefix${j#$communityname}${i#$communityname}
#ip link set address $communitymacaddress:${i#$communityname}${j#$communityname} dev l2tp-$j
ip link set dev l2tp-$j mtu $mtu
ip link set up l2tp-$j
$batctl if add l2tp-$j
fi
fi
done
)
done
# Rest starten # Rest Starten
$ip link set address $communitymacaddress:0${localserver#$communityname} dev bat0 $ip link set address $communitymacaddress:0${localserver#$communityname} dev bat0
$ip link set up dev bat0 $ip link set up dev bat0
$ip addr add $communitynetwork.$octet3rd.${localserver#$communityname}/16 broadcast $communitynetwork.255.255 dev bat0 $ip addr add {{ sn_mesh_IPv4 }}/19 broadcast {{ sn_mesh_IPv4_brcast }} dev bat0
$ip -6 addr add $communitynetworkv6$octet3rd:${localserver#$communityname}/64 dev bat0 $ip -6 addr add {{ sn_mesh_IPv6 }}/64 dev bat0
$ip route add {{ snx_ffrl_IPv4 }}/32 via {{ snx_mesh_IPv4 }} table 42 $ip route add 10.188.0.0/16 via {{ sn_mesh_IPv4_xfer }} table 42
$ip route add {{ snx_ffrl_IPv4 }}/32 via {{ snx_mesh_IPv4 }} $ip route add 10.188.0.0/16 via {{ sn_mesh_IPv4_xfer }}
$ip -6 route add 2a03:2260:121:4000::/52 via {{ sn_mesh_IPv6_xfer }} table 42
$ip -6 route add 2a03:2260:121:5000::/52 via {{ sn_mesh_IPv6_xfer }} table 42
$ip -6 route add 2a03:2260:121:6000::/52 via {{ sn_mesh_IPv6_xfer }} table 42
$ip -6 route add 2a03:2260:121:7000::/52 via {{ sn_mesh_IPv6_xfer }} table 42
/usr/bin/killall batadv-vis /usr/bin/killall batadv-vis
/bin/sleep 15 /bin/sleep 15
$batadv -i bat0 -s > /dev/null 2>&1 & $batadv -i bat0 -s > /dev/null 2>&1 &
/bin/sleep 15
/usr/sbin/service tunneldigger restart
/usr/sbin/service bind9 restart
/usr/sbin/service bird restart
/usr/sbin/service bird6 restart
/usr/sbin/service isc-dhcp-server restart
/usr/sbin/service radvd restart
$batctl gw server 100Mbit/100Mbit

View File

@ -0,0 +1,51 @@
[broker]
; IP address the broker will listen and accept tunnels on
address={{ ansible_default_ipv4.address }}
; Ports where the broker will listen on
port={{ sn_l2tp_tb_backup_port }}
; Interface with that IP address
interface=eth0
; Maximum number of cached cookies, required for establishing a
; session with the broker
max_cookies=1024
; Maximum number of tunnels that will be allowed by the broker
max_tunnels=150
; Tunnel port base
port_base=25000
; Tunnel id base
tunnel_id_base=500
; Tunnel timeout interval in seconds
tunnel_timeout=60
; Should PMTU discovery be enabled
pmtu_discovery=false
; Namespace (for running multiple brokers); note that you must also
; configure disjunct ports, and tunnel identifiers in order for
; namespacing to work
namespace=backup
[log]
; Log filename
filename=/var/log/tunneldigger-broker-backup.log
; Verbosity
verbosity=DEBUG
; Should IP addresses be logged or not
log_ip_addresses=false
[hooks]
; Arguments to the session.{up,pre-down,down} hooks are as follows:
;
; <tunnel_id> <session_id> <interface> <mtu> <endpoint_ip> <endpoint_port> <local_port>
;
; Arguments to the session.mtu-changed hook are as follows:
;
; <tunnel_id> <session_id> <interface> <old_mtu> <new_mtu>
;
; Called after the tunnel interface goes up
session.up=/srv/tunneldigger/bataddif.sh
; Called just before the tunnel interface goes down
session.pre-down=/srv/tunneldigger/batdelif.sh
; Called after the tunnel interface goes down
session.down=
; Called after the tunnel MTU gets changed because of PMTU discovery
session.mtu-changed=

View File

@ -1,6 +0,0 @@
zone "fftdf" {
type slave;
masters { 10.188.1.100; };
file "/var/lib/bind/db.fftdf";
};

10
files/named.conf.local Normal file
View File

@ -0,0 +1,10 @@
//
// Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
// Include Freifunk Troisdorf (fftdf) zones
include "/etc/bind/fftdf/fftdf.conf";

View File

@ -3,8 +3,7 @@ interface bat0 {
IgnoreIfMissing on; IgnoreIfMissing on;
MaxRtrAdvInterval 200; MaxRtrAdvInterval 200;
RDNSS {{ sn_mesh_IPv6 }} {}; RDNSS {{ sn_mesh_IPv6 }} {};
# prefix fda0:747e:ab29:7405::/64 { prefix {{ sn_mesh_IPv6_net }} {
prefix 2a03:2260:121::/64 {
AdvOnLink on; AdvOnLink on;
AdvAutonomous on; AdvAutonomous on;
AdvRouterAddr on; AdvRouterAddr on;

13
files/slacktee.conf Normal file
View File

@ -0,0 +1,13 @@
# ----------
# Configuration
# Describes the Incoming Webhook allowing you to post messages into Slack.
# After the configuration, copy this file to /etc or your home directory.
# NOTE : Please rename this file to '.slacktee', if you'd like to place this in your home directory.
# ----------
webhook_url="https://hooks.slack.com/services/{{ slack_token }}" # Incoming Webhooks integration URL. See https://my.slack.com/services/new/incoming-webhook
upload_token="" # The user's API authentication token, only used for file uploads. See https://api.slack.com/#auth
channel="technik" # Default channel to post messages. '#' is prepended, if it doesn't start with '#' or '@'.
tmp_dir="/tmp" # Temporary file is created in this directory.
username="slacktee" # Default username to post messages.
icon="ghost" # Default emoji or a direct url to an image to post messages. You don't have to wrap emoji with ':'. See http://www.emoji-cheat-sheet.com.
attachment="" # Default color of the attachments. If an empty string is specified, the attachments are not used.

13
files/slacktee.conf.j2 Normal file
View File

@ -0,0 +1,13 @@
# ----------
# Configuration
# Describes the Incoming Webhook allowing you to post messages into Slack.
# After the configuration, copy this file to /etc or your home directory.
# NOTE : Please rename this file to '.slacktee', if you'd like to place this in your home directory.
# ----------
webhook_url="https://hooks.slack.com/services/{{ slack_token }}" # Incoming Webhooks integration URL. See https://my.slack.com/services/new/incoming-webhook
upload_token="" # The user's API authentication token, only used for file uploads. See https://api.slack.com/#auth
channel="technik" # Default channel to post messages. '#' is prepended, if it doesn't start with '#' or '@'.
tmp_dir="/tmp" # Temporary file is created in this directory.
username="slacktee" # Default username to post messages.
icon="ghost" # Default emoji or a direct url to an image to post messages. You don't have to wrap emoji with ':'. See http://www.emoji-cheat-sheet.com.
attachment="" # Default color of the attachments. If an empty string is specified, the attachments are not used.

605
files/slacktee.sh Normal file
View File

@ -0,0 +1,605 @@
#!/usr/bin/env bash
# ----------
# Default Configuration
# ----------
webhook_url="" # Incoming Webhooks integration URL
upload_token="" # The user's API authentication token, only used for file uploads
channel="general" # Default channel to post messages. '#' is prepended, if it doesn't start with '#' or '@'.
tmp_dir="/tmp" # Temporary file is created in this directory.
username="slacktee" # Default username to post messages.
icon="ghost" # Default emoji to post messages. Don't wrap it with ':'. See http://www.emoji-cheat-sheet.com; can be a url too.
attachment="" # Default color of the attachments. If an empty string is specified, the attachments are not used.
# ----------
# Initialization
# ----------
me=$(basename "$0")
title=""
mode="buffering"
link=""
textWrapper="\`\`\`"
parseMode=""
fields=()
# Since bash 3 doesn't support the associative array, we store colors and patterns separately
cond_color_colors=()
cond_color_patterns=()
found_pattern_color=""
# This color is used when 'attachment' is used without color specification
internal_default_color="#C0C0C0"
# Since bash 3 doesn't support the associative array, we store prefixes and patterns separately
cond_prefix_prefixes=()
cond_prefix_patterns=()
found_title_prefix=""
function show_help()
{
echo "usage: $me [options]"
echo " options:"
echo " -h, --help Show this help."
echo " -n, --no-buffering Post input values without buffering."
echo " -f, --file Post input values as a file."
echo " -l, --link Add a URL link to the message."
echo " -c, --channel channel_name Post input values to specified channel or user."
echo " -u, --username user_name This username is used for posting."
echo " -i, --icon emoji_name|url This icon is used for posting. You can use a word"
echo " from http://www.emoji-cheat-sheet.com or a direct url to an image."
echo " -t, --title title_string This title is added to posts."
echo " -m, --message-formatting format Switch message formatting (none|link_names|full)."
echo " See https://api.slack.com/docs/formatting for more details."
echo " -p, --plain-text Don't surround the post with triple backticks."
echo " -a, --attachment [color] Use attachment (richly-formatted message)"
echo " Color can be 'good','warning','danger' or any hex color code (eg. #439FE0)"
echo " See https://api.slack.com/docs/attachments for more details."
echo " -e, --field title value Add a field to the attachment. You can specify this multiple times."
echo " -s, --short-field title value Add a short field to the attachment. You can specify this multiple times."
echo " -o, --cond-color color pattern Change the attachment color if the specified Regex pattern matches the input."
echo " You can specify this multile times."
echo " If more than one pattern matches, the latest matched pattern is used."
echo " -d, --cond-prefix prefix pattern This prefix is added to the message, if the specified Regex pattern matches the input."
echo " You can specify this multile times."
echo " If more than one pattern matches, the latest matched pattern is used."
echo " --config config_file Specify the location of the config file."
echo " --setup Setup slacktee interactively."
}
function send_message()
{
message="$1"
# Prepend the prefix to the message, if it's set
if [[ -z $attachment && -n $found_pattern_prefix ]]; then
message="$found_pattern_prefix$message"
# Clear conditional prefix for the nest send
found_pattern_prefix=""
fi
escaped_message=$(echo "$textWrapper\n$message\n$textWrapper" | sed 's/"/\\"/g' | sed "s/'/\\'/g" )
message_attr=""
if [[ $message != "" ]]; then
if [[ -n $attachment ]]; then
# Set message color
message_color="$attachment"
if [[ -n $found_pattern_color ]]; then
message_color="$found_pattern_color"
# Reset with the default color for the next send
found_pattern_color="$attachment"
fi
message_attr="\"attachments\": [{ \"color\": \"$message_color\", \"mrkdwn_in\": [\"text\", \"fields\"], \"text\": \"$escaped_message\" "
if [[ -n $found_pattern_prefix ]]; then
title="$found_pattern_prefix $title"
# Clear conditional prefix for the nest send
found_pattern_prefix=""
fi
if [[ -n $title ]]; then
message_attr="$message_attr, \"title\": \"$title\" "
fi
if [[ -n $link ]]; then
message_attr="$message_attr, \"title_link\": \"$link\" "
fi
if [[ $mode == "file" ]]; then
fields+=("{\"title\": \"Access URL\", \"value\": \"$access_url\" }")
fields+=("{\"title\": \"Download URL\", \"value\": \"$download_url\"}")
fi
if [[ ${#fields[@]} != 0 ]]; then
message_attr="$message_attr, \"fields\": ["
for field in "${fields[@]}"; do
message_attr="$message_attr $field,"
done
message_attr=${message_attr%?} # Remove last comma
message_attr="$message_attr ]"
fi
# Close attachment
message_attr="$message_attr }], "
else
message_attr="\"text\": \"$escaped_message\","
fi
icon_url=""
icon_emoji=""
if echo "$icon" | grep -q "^https\?://.*"; then
icon_url="$icon"
else
icon_emoji=":$icon:"
fi
json="{\"channel\": \"$channel\", \"username\": \"$username\", $message_attr \"icon_emoji\": \"$icon_emoji\", \"icon_url\": \"$icon_url\" $parseMode}"
post_result=$(curl -X POST --data-urlencode "payload=$json" "$webhook_url" 2> /dev/null)
exit_code=1
if [[ $post_result == "ok" ]]; then
exit_code=0
fi
fi
}
function process_line()
{
echo "$1"
line="$(echo "$1" | sed $'s/\t/ /g')"
# Check the patterns of the conditional colors
# If more than one pattern matches, the latest pattern is used
if [[ ${#cond_color_patterns[@]} != 0 ]]; then
for i in "${!cond_color_patterns[@]}"; do
if [[ $line =~ ${cond_color_patterns[$i]} ]]; then
found_pattern_color=${cond_color_colors[$i]}
fi
done
fi
# Check the patterns of the conditional titles
# If more than one pattern matches, the latest pattern is used
if [[ ${#cond_prefix_patterns[@]} != 0 ]]; then
for i in "${!cond_prefix_patterns[@]}"; do
if [[ $line =~ ${cond_prefix_patterns[$i]} ]]; then
found_pattern_prefix=${cond_prefix_prefixes[$i]}
if [[ -n $attachment || $mode != "no-buffering" ]]; then
# Append a line break to the prefix for better formatting
found_pattern_prefix="$found_pattern_prefix\n"
else
# Append a space to the prefix for better formatting
found_pattern_prefix="$found_pattern_prefix "
fi
fi
done
fi
if [[ $mode == "no-buffering" ]]; then
prefix=''
if [[ -z $attachment ]]; then
prefix=$title
fi
send_message "$prefix$line"
elif [[ $mode == "file" ]]; then
echo "$line" >> "$filename"
else
if [[ -z "$text" ]]; then
text="$line"
else
text="$text\n$line"
fi
fi
}
function setup()
{
if [[ -z "$HOME" ]]; then
echo "\$HOME is not defined. Please set it first."
exit 1
fi
local_conf="$HOME/.slacktee"
if [[ -e "$local_conf" ]]; then
echo ".slacktee is found in your home directory."
read -p "Are you sure to overwrite it? [y/n] :" choice
case "$choice" in
y|Y )
# Continue
;;
* )
exit 0 # Abort
;;
esac
fi
# Load current local config
. $local_conf
# Start setup
read -p "Incoming Webhook URL [$webhook_url]: " input_webhook_url
if [[ -z "$input_webhook_url" ]]; then
input_webhook_url=$webhook_url
fi
read -p "Upload Token [$upload_token]: " input_upload_token
if [[ -z "$input_upload_token" ]]; then
input_upload_token=$upload_token
fi
read -p "Temporary Directory [$tmp_dir]: " input_tmp_dir
if [[ -z "$input_tmp_dir" ]]; then
input_tmp_dir=$tmp_dir
fi
read -p "Default Channel [$channel]: " input_channel
if [[ -z "$input_channel" ]]; then
input_channel=$channel
fi
read -p "Default Username [$username]: " input_username
if [[ -z "$input_username" ]]; then
input_username=$username
fi
read -p "Default Icon: [$icon]: " input_icon
if [[ -z "$input_icon" ]]; then
input_icon=$icon
fi
read -p "Default color of the attachment. (empty string disables attachment) [$attachment]: " input_attachment
if [[ -z "$input_attachment" ]]; then
input_attachment=$attachment
elif [[ $input_attachment == '""' || $input_attachment == "''" ]]; then
input_attachment=""
fi
cat <<- EOF | sed 's/^[[:space:]]*//' > "$local_conf"
webhook_url="$input_webhook_url"
upload_token="$input_upload_token"
tmp_dir="$input_tmp_dir"
channel="$input_channel"
username="$input_username"
icon="$input_icon"
attachment="$input_attachment"
EOF
}
# ----------
# Parse command line options
# ----------
OPTIND=1
while [[ $# -gt 0 ]]; do
opt="$1"
shift
case "$opt" in
-h|\?|--help)
show_help
exit 0
;;
-n|--no-buffering)
mode="no-buffering"
;;
-f|--file)
mode="file"
;;
-l|--link)
link="$1"
shift
;;
-c|--channel)
opt_channel="$1"
shift
;;
-u|--username)
opt_username="$1"
shift
;;
-i|--icon)
opt_icon="$1"
shift
;;
-t|--title)
title="$1"
shift
;;
-d|--cond-prefix)
case "$1" in
-*|'')
# Found next command line option or empty. Error.
echo "a prefix of the conditional title was not specified"
show_help
exit 1
;;
*)
# Prefix should be found
case "$2" in
-*|'')
# Found next command line option or empty. Error.
echo "a pattern of the conditional title was not specified"
show_help
exit 1
;;
*)
# Set the prefix and the pattern to arrays
cond_prefix_prefixes+=("$1")
cond_prefix_patterns+=("$2")
shift
shift
;;
esac
;;
esac
;;
-m|--message-formatting)
case "$1" in
none)
parseMode=', "parse": "none"'
;;
link_names)
parseMode=', "link_names": "1"'
;;
full)
parseMode=', "parse": "full"'
;;
*)
echo "unknown message formatting option"
show_help
exit 1
;;
esac
shift
;;
-p|--plain-text)
textWrapper=""
;;
-a|--attachment)
case "$1" in
-*|'')
# Found next command line option
opt_attachment="$internal_default_color" # Use default color
;;
\#*|good|warning|danger)
# Found hex color code or predefined colors
opt_attachment="$1"
shift
;;
*)
echo "unknown attachment color"
show_help
exit 1
;;
esac
;;
-o|--cond-color)
case "$1" in
-*|'')
# Found next command line option or empty. Error.
echo "a color of the conditional color was not specified"
show_help
exit 1
;;
\#*|good|warning|danger)
# Found hex color code or predefined colors
case "$2" in
-*|'')
# Found next command line option or empty. Error.
echo "a pattern of the conditional color was not specified"
show_help
exit 1
;;
*)
# Set the color and the pattern to arrays
cond_color_colors+=("$1")
cond_color_patterns+=("$2")
shift
shift
;;
esac
;;
*)
echo "unknown attachment color $1"
show_help
exit 1
;;
esac
;;
-e|-s|--field|--short-field)
case "$1" in
-*|'')
# Found next command line option or empty. Error.
echo "field title was not specified"
show_help
exit 1
;;
*)
case "$2" in
-*|'')
# Found next command line option or empty. Error.
echo "field value was not specified"
show_help
exit 1
;;
*)
if [[ $opt == "-s" || $opt == "--short-field" ]]; then
fields+=("{\"title\": \"$1\", \"value\": \"$2\", \"short\": true}")
else
fields+=("{\"title\": \"$1\", \"value\": \"$2\"}")
fi
shift
shift
;;
esac
esac
;;
--config)
CUSTOM_CONFIG=$1
shift
;;
--setup)
setup
exit 1
;;
*)
echo "illegal option $opt"
show_help
exit 1
;;
esac
done
# ---------
# Read in our configurations
# ---------
if [[ -e "/etc/slacktee.conf" ]]; then
. /etc/slacktee.conf
fi
if [[ -n "$HOME" && -e "$HOME/.slacktee" ]]; then
. "$HOME/.slacktee"
fi
if [[ -e "$CUSTOM_CONFIG" ]]; then
. $CUSTOM_CONFIG
fi
# Overwrite webhook_url if the environment variable SLACKTEE_WEBHOOK is set
if [[ "$SLACKTEE_WEBHOOK" != "" ]]; then
webhook_url="$SLACKTEE_WEBHOOK"
fi
# Overwrite upload_token if the environment variable SLACKTEE_TOKEN is set
if [[ "$SLACKTEE_TOKEN" != "" ]]; then
upload_token="$SLACKTEE_TOKEN"
fi
# Overwrite channel if it's specified in the command line option
if [[ "$opt_channel" != "" ]]; then
channel="$opt_channel"
fi
# Overwrite username if it's specified in the command line option
if [[ "$opt_username" != "" ]]; then
username="$opt_username"
fi
# Overwrite icon if it's specified in the command line option
if [[ "$opt_icon" != "" ]]; then
icon="$opt_icon"
fi
# Overwrite attachment if it's specified in the command line option
if [[ "$opt_attachment" != "" ]]; then
attachment="$opt_attachment"
fi
# Set the default color to attachment if it's still empty and the length of the cond_color_patterns is not 0
if [[ -z $attachment ]] && [[ ${#cond_color_patterns[@]} != 0 ]]; then
attachment="$internal_default_color"
fi
# ----------
# Validate configurations
# ----------
if [[ $webhook_url == "" ]]; then
echo "Please setup the webhook url of this incoming webhook integration."
exit 1
fi
if [[ $upload_token == "" && $mode == "file" ]]; then
echo "Please provide the authentication token for file uploads."
exit 1
fi
if [[ $channel == "" ]]; then
echo "Please specify a channel."
exit 1
elif [[ ( "$channel" != "#"* ) && ( "$channel" != "@"* ) ]]; then
channel="#$channel"
fi
if [[ -n "$icon" ]]; then
icon=${icon#:} # remove leading ':'
icon=${icon%:} # remove trailing ':'
fi
# ----------
# Start script
# ----------
text=""
if [[ -n "$title" || -n "$link" ]]; then
# Use link as title, if title is not specified
if [[ -z "$title" ]]; then
title="$link"
fi
# Add title to filename in the file mode
if [[ "$mode" == "file" ]]; then
filetitle=$(echo "$title"|sed 's/[ /:.]//g')
filetitle="$filetitle-"
fi
if [[ -z "$attachment" ]]; then
if [[ "$mode" == "no-buffering" ]]; then
if [[ -n "$link" ]]; then
title="<$link|$title>: "
else
title="$title: "
fi
elif [[ "$mode" == "file" ]]; then
if [[ -n "$link" ]]; then
title="<$link|$title>"
fi
else
if [[ -n "$link" ]]; then
text="-- <$link|$title> --\n"
else
text="-- $title --\n"
fi
fi
fi
fi
timestamp="$(date +'%m%d%Y-%H%M%S')"
filename="$tmp_dir/$filetitle$$-$timestamp.log"
if [[ "$mode" == "file" ]]; then
touch $filename
fi
exit_code=0
while IFS='' read line; do
process_line "$line"
done
if [[ -n $line ]]; then
process_line "$line"
fi
if [[ "$mode" == "buffering" ]]; then
send_message "$text"
elif [[ "$mode" == "file" ]]; then
if [[ -s "$filename" ]]; then
channels_param=""
if [[ ( "$channel" == "#"* ) ]]; then
# Set channels for making the file public
channels_param="-F channels=$channel"
fi
result="$(curl -F file=@"$filename" -F token="$upload_token" $channels_param https://slack.com/api/files.upload 2> /dev/null)"
access_url="$(echo "$result" | awk 'match($0, /url_private":"([^"]*)"/) {print substr($0, RSTART+14, RLENGTH-15)}'|sed 's/\\//g')"
download_url="$(echo "$result" | awk 'match($0, /url_private_download":"([^"]*)"/) {print substr($0, RSTART+23, RLENGTH-24)}'|sed 's/\\//g')"
if [[ -n "$attachment" ]]; then
text="Input file has been uploaded"
else
if [[ "$title" != "" ]]; then
title=" of $title"
fi
text="Input file$title has been uploaded.\n$access_url\n\nYou can download it from the link below.\n$download_url"
fi
send_message "$text"
fi
# Clean up the temp file
rm "$filename"
fi
exit $exit_code

View File

@ -19,11 +19,11 @@ curl -X POST --data-urlencode 'payload={"text": "{{ sn_hostname }} is rebooted",
# Set mark 4 to Freifunk traffic # Set mark 4 to Freifunk traffic
/sbin/iptables -t mangle -A PREROUTING -s 10.0.0.0/8 ! -d 10.0.0.0/8 -j MARK --set-mark 4 /sbin/iptables -t mangle -A PREROUTING -s 10.0.0.0/8 ! -d 10.0.0.0/8 -j MARK --set-mark 4
/sbin/ip6tables -t mangle -A PREROUTING -s 2a03:2260:121::/64 ! -d 2a03:2260:121::/64 -j MARK --set-mark 4 /sbin/ip6tables -t mangle -A PREROUTING -s 2a03:2260:121::/48 ! -d 2a03:2260:121::/48 -j MARK --set-mark 4
# All from FF IPv4 via routing table 42 # All from FF IPv4 via routing table 42
/bin/ip rule add from {{ sn_ffrl_IPv4 }}/32 lookup 42 /bin/ip rule add from {{ sn_ffrl_IPv4 }}/32 lookup 42
/bin/ip -6 rule add from 2a03:2260:121::/64 lookup 42 /bin/ip -6 rule add from {{ sn_mesh_IPv6_net }} lookup 42
# Allow MAC address spoofing # Allow MAC address spoofing
/sbin/sysctl net.ipv4.conf.bat0.rp_filter=0 /sbin/sysctl net.ipv4.conf.bat0.rp_filter=0

View File

@ -0,0 +1,9 @@
#!/bin/bash
WDIR=/srv/tunneldigger
VIRTUALENV_DIR=/srv/tunneldigger
cd $WDIR
source $VIRTUALENV_DIR/bin/activate
bin/python broker/l2tp_broker.py l2tp_broker-backup.cfg

View File

@ -1,50 +1,61 @@
#!/bin/bash #!/bin/bash
help () { help () {
echo "Supernode Settings:" echo "Supernode Settings:"
echo "status | off | on | auto" echo "status | off | on | backup | backup_off"
} }
status () { status () {
supernode_status=$(/bin/cat /etc/supernode-status/supernode.status) supernode_status=$(/bin/cat /etc/supernode-status/supernode.status)
supernode_mode=$(/bin/cat /etc/supernode-status/supernode.mode) supernode_mode=$(/bin/cat /etc/supernode-status/supernode.mode)
loadbalancing=$(cat /etc/supernode-status/loadbalancing.mode)
echo "Supernode Status: (Ist-Zustand)" echo -e "\nSupernode Status: (Ist-Zustand)"
if [ $supernode_status == 0 ]; then if [ $supernode_status == 0 ]; then
echo "Supernode ist Offline" echo "Supernode ist Abgeschaltet"
elif [ $supernode_status == 1 ]; then elif [ $supernode_status == 1 ]; then
echo "Supernode läuft (Loadbalancing)" echo "Supernode läuft (Automatik inkl. Backup)"
elif [ $supernode_status == 2 ]; then elif [ $supernode_status == 2 ]; then
echo "Supernode läuft (Dauer-Ein)" echo "Supernode läuft (Backup Netz Aktiv)"
elif [ $supernode_status == 3 ]; then elif [ $supernode_status == 3 ]; then
echo "Supernode Offline (Loadbalancing)" echo "Supernode läuft (Backup deaktiviert)"
fi fi
echo -e "\nSupernode Status: (Soll-Zustand)"
if [ $supernode_mode == 0 ]; then
echo "Supernode ist Abgeschaltet"
elif [ $supernode_mode == 1 ]; then
echo "Supernode läuft (Automatik inkl. Backup)"
elif [ $supernode_mode == 2 ]; then
echo "Supernode läuft (Backup Netz Aktiv)"
elif [ $supernode_mode == 3 ]; then
echo "Supernode läuft (Backup deaktiviert)"
fi
echo -e "\nService Status"
for service in bird bird6 dhcpd radvd python named for service in bird bird6 dhcpd radvd python named
do do
if [ "$(/bin/cat /etc/supernode-status/$service.status)" = "1" ]; then if [ "$(/bin/cat /etc/supernode-status/$service.status)" = "1" ]; then
echo -e "$service \e[1;4;93mläuft\e[0m" echo -e "$service läuft"
else else
echo -e "$service \e[1;4;91mläuft nicht\e[0m" echo -e "$service aus"
fi fi
done done
} }
off () { off () {
echo 0 > /etc/supernode-status/supernode.mode echo 0 > /etc/supernode-status/supernode.mode
echo 0 > /etc/supernode-status/loadbalancing.mode
echo "Supernode Aus" echo "Supernode Aus"
} }
on () { on () {
echo 1 > /etc/supernode-status/supernode.mode echo 1 > /etc/supernode-status/supernode.mode
echo 0 > /etc/supernode-status/loadbalancing.mode echo "Supernode An"
echo "Supernode Dauer-An"
} }
auto () { backup () {
echo 1 > /etc/supernode-status/loadbalancing.mode echo 2 > /etc/supernode-status/supernode.mode
echo 1 > /etc/supernode-status/supernode.mode echo "Supernode Aktiviert inkl. Backup"
echo "Supernode Aktiviert inkl. Loadbalance" }
backup_off () {
echo 3 > /etc/supernode-status/supernode.mode
echo "Supernode Aktiviert (Backup deaktiviert)"
} }
$1 $1

View File

@ -0,0 +1,9 @@
[Unit]
Description = Start tunneldigger L2TPv3 broker
After = network.target
[Service]
ExecStart = /srv/tunneldigger/start-broker-backup.sh
[Install]
WantedBy = multi-user.target

View File

@ -9,7 +9,7 @@
user: root user: root
gather_facts: False gather_facts: False
vars: vars:
snversion: master_v3.0.14 snversion: master_v3.0.15
batmanversion: v2015.2 batmanversion: v2015.2
common_required_packages: common_required_packages:
- git - git
@ -51,11 +51,16 @@
- l2tp_eth - l2tp_eth
tunneldigger_scripts: tunneldigger_scripts:
- start-broker.sh - start-broker.sh
- start-broker-backup.sh
- batdelif.sh - batdelif.sh
tunneldigger_service: tunneldigger_service:
- tunneldigger.service - tunneldigger.service
bind_zone_fftdf: - tunneldigger-backup.service
- named.conf.fftdf broker_cfg:
- l2tp_broker-backup.cfg
- l2tp_broker.cfg
# bind_zone_fftdf:
# - named.conf.fftdf
check_gw_script: check_gw_script:
- keepalive.sh - keepalive.sh
authorized_keys: authorized_keys:
@ -160,7 +165,8 @@
pip: requirements=/srv/tunneldigger/broker/requirements.txt virtualenv=/srv/tunneldigger/ pip: requirements=/srv/tunneldigger/broker/requirements.txt virtualenv=/srv/tunneldigger/
when: tunneldigger.changed when: tunneldigger.changed
- name: Copy l2tp broker config template - name: Copy l2tp broker config template
template: src=./files/l2tp_broker.cfg.j2 dest=/srv/tunneldigger/l2tp_broker.cfg owner=root group=root mode=0444 template: src=./files/{{ item }} dest=/srv/tunneldigger owner=root group=root mode=0444
with_items: broker_cfg
when: tunneldigger.changed when: tunneldigger.changed
- name: Copy tunneldigger script template - name: Copy tunneldigger script template
template: src=./files/bataddif.sh.j2 dest=/srv/tunneldigger/bataddif.sh owner=root group=root mode=0500 template: src=./files/bataddif.sh.j2 dest=/srv/tunneldigger/bataddif.sh owner=root group=root mode=0500
@ -169,8 +175,8 @@
copy: src=./files/{{ item }} dest=/srv/tunneldigger owner=root group=root mode=0500 copy: src=./files/{{ item }} dest=/srv/tunneldigger owner=root group=root mode=0500
with_items: tunneldigger_scripts with_items: tunneldigger_scripts
when: tunneldigger.changed when: tunneldigger.changed
- name: Copy tunneldigger service file - name: Copy tunneldigger service template
copy: src=./files/{{ item }} dest=/etc/systemd/system/tunneldigger.service owner=root group=root mode=0444 copy: src=./files/{{ item }} dest=/etc/systemd/system owner=root group=root mode=0444
with_items: tunneldigger_service with_items: tunneldigger_service
when: tunneldigger.changed when: tunneldigger.changed
- name: Tunneldigger reload - name: Tunneldigger reload
@ -178,6 +184,7 @@
with_items: with_items:
- systemctl daemon-reload - systemctl daemon-reload
- systemctl enable tunneldigger.service - systemctl enable tunneldigger.service
- systemctl enable tunneldigger-backup.service
when: tunneldigger.changed when: tunneldigger.changed
- name: Copy logrotate config - name: Copy logrotate config
copy: src=./files/{{ item }} dest=/etc/ owner=root group=root mode=0500 copy: src=./files/{{ item }} dest=/etc/ owner=root group=root mode=0500
@ -201,9 +208,9 @@
template: src=./files/keepalive.exit.sh.j2 dest=/opt/freifunk/keepalive.sh owner=root group=root mode=0500 template: src=./files/keepalive.exit.sh.j2 dest=/opt/freifunk/keepalive.sh owner=root group=root mode=0500
register: check_gw register: check_gw
when: sn_exit is defined when: sn_exit is defined
- name: Add cron job with check gateway script # - name: Add cron job with check gateway script
cron: name=check_gw special_time=reboot job="/opt/freifunk/keepalive.sh > /dev/null 2>&1 &" user="root" # cron: name=check_gw special_time=reboot job="/opt/freifunk/keepalive.sh > /dev/null 2>&1 &" user="root"
when: check_gw.changed # when: check_gw.changed
- name: Supernode Config script super- and exitnode - name: Supernode Config script super- and exitnode
copy: src=./files/supernode dest=/usr/bin/supernode owner=root group=root mode=0500 copy: src=./files/supernode dest=/usr/bin/supernode owner=root group=root mode=0500
when: sn_exit is defined when: sn_exit is defined
@ -246,13 +253,18 @@
- name: SSH authorized_keys - name: SSH authorized_keys
copy: src=./files/{{ item }} dest=/root/.ssh owner=root group=root mode=0400 copy: src=./files/{{ item }} dest=/root/.ssh owner=root group=root mode=0400
with_items: authorized_keys with_items: authorized_keys
- name: Copy secondary zone file
copy: src=./files/{{ item }} dest=/etc/bind owner=root group=bind mode=644
with_items: bind_zone_fftdf
- name: Bind9, activate fftdf zone - name: Bind9, activate fftdf zone
lineinfile: dest=/etc/bind/named.conf line='include "/etc/bind/named.conf.fftdf";' state=present lineinfile: dest=/etc/bind/named.conf line='include "/etc/bind/fftdf/fftdf.conf";' state=present
- name: Copy option template - name: Copy option template
template: src=./files/named.conf.options.j2 dest=/etc/bind/named.conf.options owner=root group=bind mode=644 template: src=./files/named.conf.options.j2 dest=/etc/bind/named.conf.options owner=root group=bind mode=644
- name: Create fftdf directory
file: path=/etc/bind/fftdf state=directory
- name: Copy FFTDF Zones
copy: src=./files/fftdf/{{ item }} dest=/etc/bind/fftdf/{{ item }} owner=root group=bind mode=644
with_items:
- fftdf.conf
- name: Copy fftdf Zone config template
template: src=./files/fftdf/db.fftdf.j2 dest=/etc/bind/fftdf/db.fftdf owner=radvd group=root mode=0444
- name: Copy radvd config template - name: Copy radvd config template
template: src=./files/radvd.conf.j2 dest=/etc/radvd.conf owner=radvd group=root mode=0444 template: src=./files/radvd.conf.j2 dest=/etc/radvd.conf owner=radvd group=root mode=0444
- name: Interface configuration with ffrl gre tunnel - name: Interface configuration with ffrl gre tunnel
@ -272,6 +284,10 @@
get_url: url=https://raw.githubusercontent.com/MightySCollins/speedtest-cli/master/speedtest_cli.py dest=/usr/bin/speedtest-cli get_url: url=https://raw.githubusercontent.com/MightySCollins/speedtest-cli/master/speedtest_cli.py dest=/usr/bin/speedtest-cli
- name: Change rights speedtest-cli - name: Change rights speedtest-cli
file: path=/usr/bin/speedtest-cli owner=root group=root mode=0755 file: path=/usr/bin/speedtest-cli owner=root group=root mode=0755
- name: Copy Slacktee Config
template: src=./files/slacktee.conf.j2 dest=/etc/slacktee.conf owner=root group=root mode=0544
- name: Copy Slacktee
copy: src=./files/slacktee.sh dest=/usr/local/bin/slacktee.sh owner=root group=root mode=0744
- name: set netfilter rules - name: set netfilter rules
lineinfile: dest=/etc/sysctl.conf line="{{ item }}" lineinfile: dest=/etc/sysctl.conf line="{{ item }}"
with_items: with_items: