+ bird BGP config
+ new FFRL exit super nodes + new keepalive for ffrl exit
This commit is contained in:
parent
699116600e
commit
fce5d81274
84
files/bird-troisdorf5.conf
Normal file
84
files/bird-troisdorf5.conf
Normal file
@ -0,0 +1,84 @@
|
|||||||
|
/*
|
||||||
|
* This is an example configuration file.
|
||||||
|
*/
|
||||||
|
|
||||||
|
# Yes, even shell-like comments work...
|
||||||
|
|
||||||
|
# Configure logging
|
||||||
|
#log syslog { debug, trace, info, remote, warning, error, auth, fatal, bug };
|
||||||
|
#log stderr all;
|
||||||
|
#log "tmp" all;
|
||||||
|
#log syslog all;
|
||||||
|
|
||||||
|
#debug protocols all;
|
||||||
|
|
||||||
|
# Override router ID
|
||||||
|
router id 10.188.255.5;
|
||||||
|
|
||||||
|
|
||||||
|
protocol direct {
|
||||||
|
interface "*";
|
||||||
|
};
|
||||||
|
|
||||||
|
protocol kernel {
|
||||||
|
device routes;
|
||||||
|
import all;
|
||||||
|
export all;
|
||||||
|
kernel table 42;
|
||||||
|
};
|
||||||
|
|
||||||
|
protocol device {
|
||||||
|
scan time 8;
|
||||||
|
};
|
||||||
|
|
||||||
|
function is_default() {
|
||||||
|
return (net ~ [0.0.0.0/0]);
|
||||||
|
};
|
||||||
|
|
||||||
|
# own network
|
||||||
|
function is_self_net() {
|
||||||
|
return (net ~ [ 10.188.0.0/16+ ]);
|
||||||
|
}
|
||||||
|
|
||||||
|
# freifunk ip ranges in general
|
||||||
|
function is_freifunk() {
|
||||||
|
return net ~ [ 10.0.0.0/8+,
|
||||||
|
104.0.0.0/8+
|
||||||
|
];
|
||||||
|
}
|
||||||
|
|
||||||
|
filter hostroute {
|
||||||
|
if net ~ 185.66.193.105/32 then accept;
|
||||||
|
reject;
|
||||||
|
};
|
||||||
|
|
||||||
|
# Uplink über ff Rheinland
|
||||||
|
template bgp uplink {
|
||||||
|
local as 65066;
|
||||||
|
import where is_default();
|
||||||
|
export filter hostroute;
|
||||||
|
next hop self;
|
||||||
|
multihop 64;
|
||||||
|
default bgp_local_pref 200;
|
||||||
|
};
|
||||||
|
|
||||||
|
protocol bgp ffrl_bb_a_ak_ber from uplink {
|
||||||
|
source address 100.64.2.151;
|
||||||
|
neighbor 100.64.2.150 as 201701;
|
||||||
|
};
|
||||||
|
|
||||||
|
protocol bgp ffrl_bb_b_ak_ber from uplink {
|
||||||
|
source address 100.64.2.153;
|
||||||
|
neighbor 100.64.2.152 as 201701;
|
||||||
|
};
|
||||||
|
|
||||||
|
protocol bgp ffrl_bb_a_ix_dus from uplink {
|
||||||
|
source address 100.64.2.155;
|
||||||
|
neighbor 100.64.2.154 as 201701;
|
||||||
|
};
|
||||||
|
|
||||||
|
protocol bgp ffrl_bb_b_ix_dus from uplink {
|
||||||
|
source address 100.64.2.157;
|
||||||
|
neighbor 100.64.2.156 as 201701;
|
||||||
|
};
|
||||||
|
|
84
files/bird-troisdorf6.conf
Normal file
84
files/bird-troisdorf6.conf
Normal file
@ -0,0 +1,84 @@
|
|||||||
|
/*
|
||||||
|
* This is an example configuration file.
|
||||||
|
*/
|
||||||
|
|
||||||
|
# Yes, even shell-like comments work...
|
||||||
|
|
||||||
|
# Configure logging
|
||||||
|
#log syslog { debug, trace, info, remote, warning, error, auth, fatal, bug };
|
||||||
|
#log stderr all;
|
||||||
|
#log "tmp" all;
|
||||||
|
#log syslog all;
|
||||||
|
|
||||||
|
#debug protocols all;
|
||||||
|
|
||||||
|
# Override router ID
|
||||||
|
router id 10.188.255.6;
|
||||||
|
|
||||||
|
|
||||||
|
protocol direct {
|
||||||
|
interface "*";
|
||||||
|
};
|
||||||
|
|
||||||
|
protocol kernel {
|
||||||
|
device routes;
|
||||||
|
import all;
|
||||||
|
export all;
|
||||||
|
kernel table 42;
|
||||||
|
};
|
||||||
|
|
||||||
|
protocol device {
|
||||||
|
scan time 8;
|
||||||
|
};
|
||||||
|
|
||||||
|
function is_default() {
|
||||||
|
return (net ~ [0.0.0.0/0]);
|
||||||
|
};
|
||||||
|
|
||||||
|
# own network
|
||||||
|
function is_self_net() {
|
||||||
|
return (net ~ [ 10.188.0.0/16+ ]);
|
||||||
|
}
|
||||||
|
|
||||||
|
# freifunk ip ranges in general
|
||||||
|
function is_freifunk() {
|
||||||
|
return net ~ [ 10.0.0.0/8+,
|
||||||
|
104.0.0.0/8+
|
||||||
|
];
|
||||||
|
}
|
||||||
|
|
||||||
|
filter hostroute {
|
||||||
|
if net ~ 185.66.193.106/32 then accept;
|
||||||
|
reject;
|
||||||
|
};
|
||||||
|
|
||||||
|
# Uplink über ff Rheinland
|
||||||
|
template bgp uplink {
|
||||||
|
local as 65066;
|
||||||
|
import where is_default();
|
||||||
|
export filter hostroute;
|
||||||
|
next hop self;
|
||||||
|
multihop 64;
|
||||||
|
default bgp_local_pref 200;
|
||||||
|
};
|
||||||
|
|
||||||
|
protocol bgp ffrl_bb_a_ak_ber from uplink {
|
||||||
|
source address 100.64.2.159;
|
||||||
|
neighbor 100.64.2.158 as 201701;
|
||||||
|
};
|
||||||
|
|
||||||
|
protocol bgp ffrl_bb_b_ak_ber from uplink {
|
||||||
|
source address 100.64.2.161;
|
||||||
|
neighbor 100.64.2.160 as 201701;
|
||||||
|
};
|
||||||
|
|
||||||
|
protocol bgp ffrl_bb_a_ix_dus from uplink {
|
||||||
|
source address 100.64.2.163;
|
||||||
|
neighbor 100.64.2.162 as 201701;
|
||||||
|
};
|
||||||
|
|
||||||
|
protocol bgp ffrl_bb_b_ix_dus from uplink {
|
||||||
|
source address 100.64.2.165;
|
||||||
|
neighbor 100.64.2.164 as 201701;
|
||||||
|
};
|
||||||
|
|
82
files/bird6-troisdorf5.conf
Normal file
82
files/bird6-troisdorf5.conf
Normal file
@ -0,0 +1,82 @@
|
|||||||
|
# Configure logging
|
||||||
|
#log syslog { debug, trace, info, remote, warning, error, auth, fatal, bug };
|
||||||
|
#log stderr all;
|
||||||
|
#log "tmp" all;
|
||||||
|
#log syslog all;
|
||||||
|
|
||||||
|
#debug protocols all;
|
||||||
|
|
||||||
|
# Override router ID
|
||||||
|
router id 10.188.255.5;
|
||||||
|
|
||||||
|
protocol direct {
|
||||||
|
# interface "*"; # Restrict network interfaces it works with
|
||||||
|
# interface "bat0", "gre-*", "eth*", "lo"; # Restrict network interfaces it works with
|
||||||
|
interface "bat0", "gre-*", "lo"; # Restrict network interfaces it works with
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
protocol kernel {
|
||||||
|
device routes;
|
||||||
|
import all;
|
||||||
|
export all; # Default is export none
|
||||||
|
kernel table 42; # Kernel table to synchronize with (default: main)
|
||||||
|
}
|
||||||
|
|
||||||
|
protocol device {
|
||||||
|
scan time 10; # Scan interfaces every 10 seconds
|
||||||
|
}
|
||||||
|
|
||||||
|
function is_default() {
|
||||||
|
return (net ~ [::/0]);
|
||||||
|
}
|
||||||
|
|
||||||
|
# own networks
|
||||||
|
function is_self_net() {
|
||||||
|
return net ~ [ fda0:747e:ab29:7405::/64+ ];
|
||||||
|
}
|
||||||
|
|
||||||
|
# freifunk ip ranges in general
|
||||||
|
function is_freifunk() {
|
||||||
|
return net ~ [ fc00::/7{48,64},
|
||||||
|
2001:bf7::/32+];
|
||||||
|
}
|
||||||
|
|
||||||
|
filter hostroute {
|
||||||
|
if net ~ 2a03:2260:121::/48 then accept;
|
||||||
|
reject;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
# Uplink zum FF Rheinland
|
||||||
|
template bgp uplink {
|
||||||
|
local as 65066;
|
||||||
|
import where is_default();
|
||||||
|
export filter hostroute;
|
||||||
|
gateway recursive;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
protocol bgp ffrl_bb_a_ak_ber from uplink {
|
||||||
|
source address 2a03:2260:0:155::2;
|
||||||
|
neighbor 2a03:2260:0:155::1 as 201701;
|
||||||
|
}
|
||||||
|
|
||||||
|
protocol bgp ffrl_bb_b_ak_ber from uplink {
|
||||||
|
source address 2a03:2260:0:156::2;
|
||||||
|
neighbor 2a03:2260:0:156::1 as 201701;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
protocol bgp ffrl_bb_a_ix_dus from uplink {
|
||||||
|
source address 2a03:2260:0:157::2;
|
||||||
|
neighbor 2a03:2260:0:157::1 as 201701;
|
||||||
|
}
|
||||||
|
|
||||||
|
protocol bgp ffrl_bb_b_ix_dus from uplink {
|
||||||
|
source address 2a03:2260:0:158::2;
|
||||||
|
neighbor 2a03:2260:0:158::1 as 201701;
|
||||||
|
}
|
||||||
|
|
82
files/bird6-troisdorf6.conf
Normal file
82
files/bird6-troisdorf6.conf
Normal file
@ -0,0 +1,82 @@
|
|||||||
|
# Configure logging
|
||||||
|
#log syslog { debug, trace, info, remote, warning, error, auth, fatal, bug };
|
||||||
|
#log stderr all;
|
||||||
|
#log "tmp" all;
|
||||||
|
#log syslog all;
|
||||||
|
|
||||||
|
#debug protocols all;
|
||||||
|
|
||||||
|
# Override router ID
|
||||||
|
router id 10.188.255.6;
|
||||||
|
|
||||||
|
protocol direct {
|
||||||
|
# interface "*"; # Restrict network interfaces it works with
|
||||||
|
# interface "bat0", "gre-*", "eth*", "lo"; # Restrict network interfaces it works with
|
||||||
|
interface "bat0", "gre-*", "lo"; # Restrict network interfaces it works with
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
protocol kernel {
|
||||||
|
device routes;
|
||||||
|
import all;
|
||||||
|
export all; # Default is export none
|
||||||
|
kernel table 42; # Kernel table to synchronize with (default: main)
|
||||||
|
}
|
||||||
|
|
||||||
|
protocol device {
|
||||||
|
scan time 10; # Scan interfaces every 10 seconds
|
||||||
|
}
|
||||||
|
|
||||||
|
function is_default() {
|
||||||
|
return (net ~ [::/0]);
|
||||||
|
}
|
||||||
|
|
||||||
|
# own networks
|
||||||
|
function is_self_net() {
|
||||||
|
return net ~ [ fda0:747e:ab29:7405::/64+ ];
|
||||||
|
}
|
||||||
|
|
||||||
|
# freifunk ip ranges in general
|
||||||
|
function is_freifunk() {
|
||||||
|
return net ~ [ fc00::/7{48,64},
|
||||||
|
2001:bf7::/32+];
|
||||||
|
}
|
||||||
|
|
||||||
|
filter hostroute {
|
||||||
|
if net ~ 2a03:2260:121::/48 then accept;
|
||||||
|
reject;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
# Uplink zum FF Rheinland
|
||||||
|
template bgp uplink {
|
||||||
|
local as 65066;
|
||||||
|
import where is_default();
|
||||||
|
export filter hostroute;
|
||||||
|
gateway recursive;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
protocol bgp ffrl_bb_a_ak_ber from uplink {
|
||||||
|
source address 2a03:2260:0:159::2;
|
||||||
|
neighbor 2a03:2260:0:159::1 as 201701;
|
||||||
|
}
|
||||||
|
|
||||||
|
protocol bgp ffrl_bb_b_ak_ber from uplink {
|
||||||
|
source address 2a03:2260:0:15a::2;
|
||||||
|
neighbor 2a03:2260:0:15a::1 as 201701;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
protocol bgp ffrl_bb_a_ix_dus from uplink {
|
||||||
|
source address a03:2260:0:15b::2;
|
||||||
|
neighbor 2a03:2260:0:15b::1 as 201701;
|
||||||
|
}
|
||||||
|
|
||||||
|
protocol bgp ffrl_bb_b_ix_dus from uplink {
|
||||||
|
source address 2a03:2260:0:15c::2;
|
||||||
|
neighbor 2a03:2260:0:15c::1 as 201701;
|
||||||
|
}
|
||||||
|
|
@ -26,7 +26,7 @@ LoadPlugin processes
|
|||||||
LoadPlugin users
|
LoadPlugin users
|
||||||
LoadPlugin uptime
|
LoadPlugin uptime
|
||||||
LoadPlugin interface
|
LoadPlugin interface
|
||||||
LoadPugin filecount
|
LoadPlugin filecount
|
||||||
<Plugin "filecount">
|
<Plugin "filecount">
|
||||||
<Directory "/opt/freifunk/tunneldigger_interfaces">
|
<Directory "/opt/freifunk/tunneldigger_interfaces">
|
||||||
Instance "tunneldigger-connections"
|
Instance "tunneldigger-connections"
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
# Version 1.2
|
# Version 1.3
|
||||||
ddns-update-style none;
|
ddns-update-style none;
|
||||||
option domain-name "fftdf";
|
option domain-name "fftdf";
|
||||||
default-lease-time 300;
|
default-lease-time 300;
|
||||||
@ -7,8 +7,9 @@ log-facility local7;
|
|||||||
subnet 10.188.0.0 netmask 255.255.0.0 {
|
subnet 10.188.0.0 netmask 255.255.0.0 {
|
||||||
authoritative;
|
authoritative;
|
||||||
range {{ sn_dhcp_range }};
|
range {{ sn_dhcp_range }};
|
||||||
option domain-name-servers {{ sn_mesh_IPv4 }}, {{ sn_dhcp_dns }};
|
option domain-name-servers {{ sn_mesh_IPv4 }}, {{ sn_dhcp_dns_v4 }};
|
||||||
option routers {{ sn_dhcp_router }};
|
option routers {{ sn_mesh_IPv4 }};
|
||||||
|
option interface-mtu {{ sn_mtu }};
|
||||||
interface bat0;
|
interface bat0;
|
||||||
}
|
}
|
||||||
include "/opt/freifunk/static-dhcp/static.conf";
|
include "/opt/freifunk/static-dhcp/static.conf";
|
||||||
|
22
files/dhcpd6.conf.j2
Normal file
22
files/dhcpd6.conf.j2
Normal file
@ -0,0 +1,22 @@
|
|||||||
|
# Enable RFC 5007 support (same than for DHCPv4)
|
||||||
|
allow leasequery;
|
||||||
|
|
||||||
|
authoritative;
|
||||||
|
|
||||||
|
default-lease-time 300;
|
||||||
|
max-lease-time 600;
|
||||||
|
|
||||||
|
#option dhcp6.name-servers {{ sn_mesh_IPv6 }};
|
||||||
|
option dhcp6.name-servers {{ sn_mesh_IPv6 }}, {{ sn_dhcp_dns_v6 }};
|
||||||
|
|
||||||
|
option dhcp6.domain-search "fftdf";
|
||||||
|
|
||||||
|
subnet6 2a03:2260:121::/64 {
|
||||||
|
#
|
||||||
|
# # Range for clients
|
||||||
|
# range6 2a03:2260:121::201 2a03:2260:121::ffff;
|
||||||
|
#
|
||||||
|
# # Range for clients requesting a temporary address
|
||||||
|
# range6 2a03:2260:121::/64 temporary;
|
||||||
|
}
|
||||||
|
|
@ -1,57 +0,0 @@
|
|||||||
#!/bin/sh
|
|
||||||
# Server name ending must be a single digit number
|
|
||||||
communityname="troisdorf"
|
|
||||||
server="troisdorf0 {{ sn_hostname }}"
|
|
||||||
domain="freifunk-troisdorf.de"
|
|
||||||
mtu={{ sn_mtu }}
|
|
||||||
# community MAC address, without the last Byte (:)!
|
|
||||||
communitymacaddress="a2:8c:ae:6f:f6"
|
|
||||||
# Network part of the network, without the trailing dot
|
|
||||||
communitynetwork="10.188"
|
|
||||||
# IPv6 network
|
|
||||||
communitynetworkv6="fda0:747e:ab29:7405:255::"
|
|
||||||
# Third octet from the server range
|
|
||||||
octet3rd="255"
|
|
||||||
# CIDR muss /16 sein
|
|
||||||
localserver=$(/bin/hostname)
|
|
||||||
# files
|
|
||||||
batadv=/usr/local/sbin/batadv-vis
|
|
||||||
alfred=/usr/local/sbin/alfred
|
|
||||||
batctl=/usr/local/sbin/batctl
|
|
||||||
|
|
||||||
for i in $server; do
|
|
||||||
|
|
||||||
(
|
|
||||||
for j in $server; do
|
|
||||||
|
|
||||||
if [ $i != $j ]; then
|
|
||||||
if [ $i = $(/bin/hostname) ]; then
|
|
||||||
/sbin/ip link add $j type gretap local $(/bin/hostname -I | /usr/bin/cut -f1 -d' ') remote $(/usr/bin/dig +short $j.$domain) dev eth0 nopmtudisc
|
|
||||||
# /sbin/ip link add $j type gretap local $(/bin/hostname -I | /usr/bin/cut -f1 -d' ') remote $(/usr/bin/dig +short $j.$domain) dev eth0
|
|
||||||
/sbin/ip link set dev $j mtu $mtu
|
|
||||||
# /sbin/ip link set address $communitymacaddress:${i#$communityname}${j#$communityname} dev $j
|
|
||||||
# /sbin/ip link set address $communitymacaddress$:0${localserver#$communityname} dev $j
|
|
||||||
/sbin/ip link set address $communitymacaddress$:${localserver#$communityname}0 dev $j
|
|
||||||
/sbin/ip link set $j up
|
|
||||||
$batctl if add $j
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
done
|
|
||||||
)
|
|
||||||
|
|
||||||
done
|
|
||||||
|
|
||||||
# configure bat0
|
|
||||||
/sbin/ip link set address $communitymacaddress$:0${localserver#$communityname} dev bat0
|
|
||||||
/sbin/ip link set up dev bat0
|
|
||||||
/sbin/ip addr add $communitynetwork.$octet3rd.${localserver#$communityname}/16 broadcast $communitynetwork.255.255 dev bat0
|
|
||||||
/sbin/ip -6 addr add fda0:747e:ab29:7405:255::${localserver#$communityname}/64 dev bat0
|
|
||||||
|
|
||||||
/usr/bin/killall alfred
|
|
||||||
/usr/bin/killall batadv-vis
|
|
||||||
/bin/sleep 5
|
|
||||||
$alfred -i bat0 > /dev/null 2>&1 &
|
|
||||||
/bin/sleep 15
|
|
||||||
$batadv -i bat0 -s > /dev/null 2>&1 &
|
|
||||||
/usr/sbin/service bind9 restart
|
|
80
files/interfaces-troisdorf5
Normal file
80
files/interfaces-troisdorf5
Normal file
@ -0,0 +1,80 @@
|
|||||||
|
# This file describes the network interfaces available on your system
|
||||||
|
# and how to activate them. For more information, see interfaces(5).
|
||||||
|
|
||||||
|
source /etc/network/interfaces.d/*
|
||||||
|
|
||||||
|
# The loopback network interface
|
||||||
|
auto lo
|
||||||
|
iface lo inet loopback
|
||||||
|
up ip address add 185.66.193.105/32 dev lo
|
||||||
|
|
||||||
|
iface lo inet6 loopback
|
||||||
|
up ip address add 2a03:2260:121::105/48 dev lo
|
||||||
|
|
||||||
|
|
||||||
|
# The primary network interface
|
||||||
|
allow-hotplug eth0
|
||||||
|
iface eth0 inet dhcp
|
||||||
|
|
||||||
|
iface eth0 inet6 static
|
||||||
|
address 2a01:4f8:c17:173b::2
|
||||||
|
netmask 64
|
||||||
|
gateway fe80::1
|
||||||
|
|
||||||
|
# GRE Tunnel zum Rheinland Backbone
|
||||||
|
# - Die Konfigurationsdaten werden vom Rheinland Backbone vergeben und zugewiesen
|
||||||
|
|
||||||
|
# Berlin Router A
|
||||||
|
auto gre-bb-a.ak.ber
|
||||||
|
iface gre-bb-a.ak.ber inet static
|
||||||
|
address 100.64.2.151
|
||||||
|
netmask 255.255.255.254
|
||||||
|
pre-up ip tunnel add $IFACE mode gre local 172.31.1.100 remote 185.66.195.0 ttl 255
|
||||||
|
post-up ip link set $IFACE mtu 1400
|
||||||
|
post-down ip tunnel del $IFACE
|
||||||
|
|
||||||
|
iface gre-bb-a.ak.ber inet6 static
|
||||||
|
address 2a03:2260:0:155::2/64
|
||||||
|
netmask 64
|
||||||
|
|
||||||
|
# Berlin Router B
|
||||||
|
auto gre-bb-b.ak.ber
|
||||||
|
iface gre-bb-b.ak.ber inet static
|
||||||
|
address 100.64.2.153
|
||||||
|
netmask 255.255.255.254
|
||||||
|
pre-up ip tunnel add $IFACE mode gre local 172.31.1.100 remote 185.66.195.1 ttl 255
|
||||||
|
post-up ip link set $IFACE mtu 1400
|
||||||
|
post-down ip tunnel del $IFACE
|
||||||
|
|
||||||
|
iface gre-bb-b.ak.ber inet6 static
|
||||||
|
address 2a03:2260:0:156::2/64
|
||||||
|
netmask 64
|
||||||
|
|
||||||
|
|
||||||
|
# Duesseldorf Router A
|
||||||
|
auto gre-bb-a.ix.dus
|
||||||
|
iface gre-bb-a.ix.dus inet static
|
||||||
|
address 100.64.2.155
|
||||||
|
netmask 255.255.255.254
|
||||||
|
pre-up ip tunnel add $IFACE mode gre local 172.31.1.100 remote 185.66.193.0 ttl 255
|
||||||
|
post-up ip link set $IFACE mtu 1400
|
||||||
|
post-down ip tunnel del $IFACE
|
||||||
|
|
||||||
|
iface gre-bb-a.ix.dus inet6 static
|
||||||
|
address 2a03:2260:0:157::2/64
|
||||||
|
netmask 64
|
||||||
|
|
||||||
|
|
||||||
|
# Duesseldorf Router B
|
||||||
|
auto gre-bb-b.ix.dus
|
||||||
|
iface gre-bb-b.ix.dus inet static
|
||||||
|
address 100.64.2.157
|
||||||
|
netmask 255.255.255.254
|
||||||
|
pre-up ip tunnel add $IFACE mode gre local 172.31.1.100 remote 185.66.193.1 ttl 255
|
||||||
|
post-up ip link set $IFACE mtu 1400
|
||||||
|
post-down ip tunnel del $IFACE
|
||||||
|
|
||||||
|
iface gre-bb-b.ix.dus inet6 static
|
||||||
|
address 2a03:2260:0:158::2/64
|
||||||
|
netmask 64
|
||||||
|
|
85
files/interfaces-troisdorf6
Normal file
85
files/interfaces-troisdorf6
Normal file
@ -0,0 +1,85 @@
|
|||||||
|
# This file describes the network interfaces available on your system
|
||||||
|
# and how to activate them. For more information, see interfaces(5).
|
||||||
|
|
||||||
|
source /etc/network/interfaces.d/*
|
||||||
|
|
||||||
|
# The loopback network interface
|
||||||
|
auto lo
|
||||||
|
iface lo inet loopback
|
||||||
|
up ip address add 185.66.193.106/32 dev lo
|
||||||
|
|
||||||
|
iface lo inet6 loopback
|
||||||
|
up ip address add 2a03:2260:121::106/48 dev lo
|
||||||
|
|
||||||
|
|
||||||
|
# The primary network interface
|
||||||
|
allow-hotplug eth0
|
||||||
|
#iface eth0 inet dhcp
|
||||||
|
iface eth0 inet static
|
||||||
|
address 46.4.138.189
|
||||||
|
netmask 255.255.255.192
|
||||||
|
gateway 46.4.138.129
|
||||||
|
dns-nameserver 213.133.100.100 213.133.99.99 213.133.98.98
|
||||||
|
|
||||||
|
iface eth0 inet6 static
|
||||||
|
address 2a01:4f8:11d:600::189
|
||||||
|
netmask 59
|
||||||
|
gateway 2a01:4f8:11d:600::1
|
||||||
|
|
||||||
|
# GRE Tunnel zum Rheinland Backbone
|
||||||
|
# - Die Konfigurationsdaten werden vom Rheinland Backbone vergeben und zugewiesen
|
||||||
|
|
||||||
|
# Berlin Router A
|
||||||
|
auto gre-bb-a.ak.ber
|
||||||
|
iface gre-bb-a.ak.ber inet static
|
||||||
|
address 100.64.2.159
|
||||||
|
netmask 255.255.255.254
|
||||||
|
pre-up ip tunnel add $IFACE mode gre local 46.4.138.189 remote 185.66.195.0 ttl 255
|
||||||
|
post-up ip link set $IFACE mtu 1400
|
||||||
|
post-down ip tunnel del $IFACE
|
||||||
|
|
||||||
|
iface gre-bb-a.ak.ber inet6 static
|
||||||
|
address 2a03:2260:0:159::2/64
|
||||||
|
netmask 64
|
||||||
|
|
||||||
|
# Berlin Router B
|
||||||
|
auto gre-bb-b.ak.ber
|
||||||
|
iface gre-bb-b.ak.ber inet static
|
||||||
|
address 100.64.2.161
|
||||||
|
netmask 255.255.255.254
|
||||||
|
pre-up ip tunnel add $IFACE mode gre local 46.4.138.189 remote 185.66.195.1 ttl 255
|
||||||
|
post-up ip link set $IFACE mtu 1400
|
||||||
|
post-down ip tunnel del $IFACE
|
||||||
|
|
||||||
|
iface gre-bb-b.ak.ber inet6 static
|
||||||
|
address 2a03:2260:0:15a::2/64
|
||||||
|
netmask 64
|
||||||
|
|
||||||
|
|
||||||
|
# Duesseldorf Router A
|
||||||
|
auto gre-bb-a.ix.dus
|
||||||
|
iface gre-bb-a.ix.dus inet static
|
||||||
|
address 100.64.2.163
|
||||||
|
netmask 255.255.255.254
|
||||||
|
pre-up ip tunnel add $IFACE mode gre local 46.4.138.189 remote 185.66.193.0 ttl 255
|
||||||
|
post-up ip link set $IFACE mtu 1400
|
||||||
|
post-down ip tunnel del $IFACE
|
||||||
|
|
||||||
|
iface gre-bb-a.ix.dus inet6 static
|
||||||
|
address 2a03:2260:0:15b::2/64
|
||||||
|
netmask 64
|
||||||
|
|
||||||
|
|
||||||
|
# Duesseldorf Router B
|
||||||
|
auto gre-bb-b.ix.dus
|
||||||
|
iface gre-bb-b.ix.dus inet static
|
||||||
|
address 100.64.2.165
|
||||||
|
netmask 255.255.255.254
|
||||||
|
pre-up ip tunnel add $IFACE mode gre local 46.4.138.189 remote 185.66.193.1 ttl 255
|
||||||
|
post-up ip link set $IFACE mtu 1400
|
||||||
|
post-down ip tunnel del $IFACE
|
||||||
|
|
||||||
|
iface gre-bb-b.ix.dus inet6 static
|
||||||
|
address 2a03:2260:0:15c::2/64
|
||||||
|
netmask 64
|
||||||
|
|
@ -1,50 +1,44 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
INTERFACE=eth0 # Set to name of VPN interface
|
# Version 1.4
|
||||||
shopt -s nullglob
|
# Parameter setzen
|
||||||
|
GATEWAY1=185.66.193.105
|
||||||
|
GATEWAY2=185.66.193.106
|
||||||
|
GATEWAY1v6=2a03:2260:121::255:5
|
||||||
|
GATEWAY2v6=2a03:2260:121::255:6
|
||||||
|
IP=/sbin/ip
|
||||||
|
PING=/bin/ping
|
||||||
|
BATCTL=/usr/local/sbin/batctl
|
||||||
|
|
||||||
# Test whether gateway is connected to the outer world via VPN
|
if [ "hostname = troisdorf1 | troisdorf2" ]
|
||||||
ping -q -I $INTERFACE 8.8.8.8 -c 4 -i 1 -W 5 >/dev/null 2>&1
|
then
|
||||||
|
DEFAULT_GATEWAY=$GATEWAY1
|
||||||
|
FALLBACK_GATEWAY=$GATEWAY2
|
||||||
|
DEFAULT_GATEWAYv6=$GATEWAY1v6
|
||||||
|
FALLBACK_GATEWAYv6=$GATEWAY2v6
|
||||||
|
else
|
||||||
|
DEFAULT_GATEWAY=$GATEWAY2
|
||||||
|
FALLBACK_GATEWAY=$GATEWAY1
|
||||||
|
DEFAULT_GATEWAYv6=$GATEWAY2v6
|
||||||
|
FALLBACK_GATEWAYv6=$GATEWAY1v6
|
||||||
|
|
||||||
if test $? -eq 0; then
|
|
||||||
NEW_STATE=server
|
|
||||||
else
|
|
||||||
NEW_STATE=off
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Iterate through network interfaces in sys file system
|
if $PING -c 1 $DEFAULT_GATEWAY
|
||||||
for MESH in /sys/class/net/*/mesh; do
|
then
|
||||||
# Check whether gateway modus needs to be changed
|
$IP route replace default via $DEFAULT_GATEWAY table 42
|
||||||
OLD_STATE="$(cat $MESH/gw_mode)"
|
$IP -6 route replace default via $DEFAULT_GATEWAYv6 table 42
|
||||||
[ "$OLD_STATE" == "$NEW_STATE" ] && continue
|
$BATCTL gw server 100Mbit/100Mbit
|
||||||
echo $NEW_STATE > $MESH/gw_mode
|
echo "Gateway erreichbar"
|
||||||
echo 92MBit/92MBit > $MESH/gw_bandwidth
|
else
|
||||||
logger "batman gateway mode changed to $NEW_STATE"
|
if $PING -c 1 $FALLBACK_GATEWAY
|
||||||
|
then
|
||||||
# Check whether gateway modus has been deactivated
|
$IP route replace default via $FALLBACK_GATEWAY table 42
|
||||||
if [ "$NEW_STATE" == "off" ]; then
|
$IP -6 route replace default via $FALLBACK_GATEWAYv6 table 42
|
||||||
# Shutdown DHCP server to prevent renewal of leases
|
$BATCTL gw server 80Mbit/80Mbit
|
||||||
/usr/sbin/service isc-dhcp-server stop
|
echo "Nun FALLBACK_GATEWAY"
|
||||||
fi
|
else
|
||||||
|
$BATCTL gw off
|
||||||
# Check whether gateway modus has been activated
|
#Kein Gateway erreichbar, batctl gw off
|
||||||
if [ "$NEW_STATE" == "server" ]; then
|
fi
|
||||||
# Restart DHCP server
|
|
||||||
/usr/sbin/service isc-dhcp-server start
|
|
||||||
fi
|
|
||||||
exit 0
|
|
||||||
done
|
|
||||||
|
|
||||||
if [ "$NEW_STATE" == "server" ]; then
|
|
||||||
/usr/sbin/service isc-dhcp-server status 2>&1> /dev/null
|
|
||||||
if $? -ne 0
|
|
||||||
then
|
|
||||||
/usr/sbin/service isc-dhcp-server restart
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
if [ "$NEW_STATE" == "off" ]; then
|
|
||||||
/usr/sbin/service isc-dhcp-server status 2>&1> /dev/null
|
|
||||||
if $? -eq 0
|
|
||||||
then
|
|
||||||
/usr/sbin/service isc-dhcp-server stop
|
|
||||||
fi
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
58
files/l2tp_backbone.sh.exit.j2
Normal file
58
files/l2tp_backbone.sh.exit.j2
Normal file
@ -0,0 +1,58 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
# Version 6
|
||||||
|
# Der servername muss mit einer einstelligen Zahl aufhoeren!!!!!
|
||||||
|
communityname="troisdorf"
|
||||||
|
#server="troisdorf1 troisdorf2 troisdorf3 troisdorf4 troisdorf5 troisdorf6 troisdorf7 troisdorf8 troisdorf9"
|
||||||
|
server="troisdorf7 {{ sn_hostname }}"
|
||||||
|
domain="freifunk-troisdorf.de"
|
||||||
|
mtu={{ sn_mtu }}
|
||||||
|
# community MAC address, without the last Byte (:)!
|
||||||
|
communitymacaddress="a2:8c:ae:6f:f6"
|
||||||
|
tunnelPrefix=10
|
||||||
|
sessionPrefix=1
|
||||||
|
# Netzwerkteil des Netzes, ohne abschliessenden Punkt
|
||||||
|
communitynetwork="10.188"
|
||||||
|
# IPv6 network
|
||||||
|
#communitynetworkv6="fda0:747e:ab29:7405:255::"
|
||||||
|
communitynetworkv6="2a03:2260:121::"
|
||||||
|
# Drittes Octet des serverbereichs
|
||||||
|
octet3rd="255"
|
||||||
|
# CIDR muss /16 sein
|
||||||
|
localserver=$(/bin/hostname)
|
||||||
|
batadv=/usr/local/sbin/batadv-vis
|
||||||
|
alfred=/usr/local/sbin/alfred
|
||||||
|
batctl=/usr/local/sbin/batctl
|
||||||
|
ip=/sbin/ip
|
||||||
|
dig=/usr/bin/dig
|
||||||
|
|
||||||
|
for i in $server; do
|
||||||
|
(
|
||||||
|
for j in $server; do
|
||||||
|
if [ $i != $j ]; then
|
||||||
|
if [ $i = $localserver ]; then
|
||||||
|
ip l2tp add tunnel remote $($dig +short $j.$domain) local $(/bin/hostname -I | /usr/bin/cut -f1 -d' ') tunnel_id $tunnelPrefix${i#$communityname}${j#$communityname} peer_tunnel_id $tunnelPrefix${j#$communityname}${i#$communityname} encap udp udp_sport 300${i#$communityname}${j#$communityname} udp_dport 300${j#$communityname}${i#$communityname}
|
||||||
|
ip l2tp add session name l2tp-$j tunnel_id $tunnelPrefix${i#$communityname}${j#$communityname} session_id $sessionPrefix${i#$communityname}${j#$communityname} peer_session_id $sessionPrefix${j#$communityname}${i#$communityname}
|
||||||
|
#ip link set address $communitymacaddress:${i#$communityname}${j#$communityname} dev l2tp-$j
|
||||||
|
ip link set dev l2tp-$j mtu $mtu
|
||||||
|
ip link set up l2tp-$j
|
||||||
|
$batctl if add l2tp-$j
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
)
|
||||||
|
done
|
||||||
|
|
||||||
|
# Rest starten
|
||||||
|
$ip link set address $communitymacaddress:0${localserver#$communityname} dev bat0
|
||||||
|
$ip link set up dev bat0
|
||||||
|
$ip addr add $communitynetwork.$octet3rd.${localserver#$communityname}/16 broadcast $communitynetwork.255.255 dev bat0
|
||||||
|
$ip -6 addr add $communitynetworkv6$octet3rd:${localserver#$communityname}/64 dev bat0
|
||||||
|
|
||||||
|
/usr/bin/killall alfred
|
||||||
|
/usr/bin/killall batadv-vis
|
||||||
|
/bin/sleep 5
|
||||||
|
$alfred -i bat0 > /dev/null 2>&1 &
|
||||||
|
/bin/sleep 15
|
||||||
|
$batadv -i bat0 -s > /dev/null 2>&1 &
|
||||||
|
/usr/sbin/service bind9 restart
|
||||||
|
/usr/local/sbin/batctl gw client 3
|
@ -1,9 +1,9 @@
|
|||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
# Version 5
|
# Version 6
|
||||||
# Der servername muss mit einer einstelligen Zahl aufhoeren!!!!!
|
# Der servername muss mit einer einstelligen Zahl aufhoeren!!!!!
|
||||||
communityname="troisdorf"
|
communityname="troisdorf"
|
||||||
server="troisdorf1 troisdorf2 troisdorf3 troisdorf4 troisdorf5 troisdorf6 troisdorf7 troisdorf8 troisdorf9"
|
server="troisdorf1 troisdorf2 troisdorf3 troisdorf4 troisdorf5 troisdorf6 troisdorf7 troisdorf8 troisdorf9"
|
||||||
#server="troisdorf0 {{ sn_hostname }}"
|
#server="troisdorf7 {{ sn_hostname }}"
|
||||||
domain="freifunk-troisdorf.de"
|
domain="freifunk-troisdorf.de"
|
||||||
mtu={{ sn_mtu }}
|
mtu={{ sn_mtu }}
|
||||||
# community MAC address, without the last Byte (:)!
|
# community MAC address, without the last Byte (:)!
|
||||||
@ -13,7 +13,8 @@ sessionPrefix=1
|
|||||||
# Netzwerkteil des Netzes, ohne abschliessenden Punkt
|
# Netzwerkteil des Netzes, ohne abschliessenden Punkt
|
||||||
communitynetwork="10.188"
|
communitynetwork="10.188"
|
||||||
# IPv6 network
|
# IPv6 network
|
||||||
communitynetworkv6="fda0:747e:ab29:7405:255::"
|
#communitynetworkv6="fda0:747e:ab29:7405:255::"
|
||||||
|
communitynetworkv6="2a03:2260:121::"
|
||||||
# Drittes Octet des serverbereichs
|
# Drittes Octet des serverbereichs
|
||||||
octet3rd="255"
|
octet3rd="255"
|
||||||
# CIDR muss /16 sein
|
# CIDR muss /16 sein
|
||||||
@ -46,7 +47,7 @@ $ip link set address $communitymacaddress:0${localserver#$communityname} dev bat
|
|||||||
#$ip link set address $communitymacaddress:ff dev bat0
|
#$ip link set address $communitymacaddress:ff dev bat0
|
||||||
$ip link set up dev bat0
|
$ip link set up dev bat0
|
||||||
$ip addr add $communitynetwork.$octet3rd.${localserver#$communityname}/16 broadcast $communitynetwork.255.255 dev bat0
|
$ip addr add $communitynetwork.$octet3rd.${localserver#$communityname}/16 broadcast $communitynetwork.255.255 dev bat0
|
||||||
$ip -6 addr add $communitynetworkv6${localserver#$communityname}/64 dev bat0
|
$ip -6 addr add $communitynetworkv6$octet3rd:${localserver#$communityname}/64 dev bat0
|
||||||
|
|
||||||
/usr/bin/killall alfred
|
/usr/bin/killall alfred
|
||||||
/usr/bin/killall batadv-vis
|
/usr/bin/killall batadv-vis
|
||||||
@ -55,3 +56,4 @@ $alfred -i bat0 > /dev/null 2>&1 &
|
|||||||
/bin/sleep 15
|
/bin/sleep 15
|
||||||
$batadv -i bat0 -s > /dev/null 2>&1 &
|
$batadv -i bat0 -s > /dev/null 2>&1 &
|
||||||
/usr/sbin/service bind9 restart
|
/usr/sbin/service bind9 restart
|
||||||
|
/usr/local/sbin/batctl gw server 100Mbit/100Mbit
|
||||||
|
@ -3,7 +3,8 @@ interface bat0 {
|
|||||||
IgnoreIfMissing on;
|
IgnoreIfMissing on;
|
||||||
MaxRtrAdvInterval 200;
|
MaxRtrAdvInterval 200;
|
||||||
RDNSS {{ sn_mesh_IPv6 }} {};
|
RDNSS {{ sn_mesh_IPv6 }} {};
|
||||||
prefix fda0:747e:ab29:7405::/64 {
|
# prefix fda0:747e:ab29:7405::/64 {
|
||||||
|
prefix 2a03:2260:121::/64 {
|
||||||
AdvOnLink on;
|
AdvOnLink on;
|
||||||
AdvAutonomous on;
|
AdvAutonomous on;
|
||||||
AdvRouterAddr on;
|
AdvRouterAddr on;
|
||||||
|
68
files/sn_startup.exit.sh.j2
Normal file
68
files/sn_startup.exit.sh.j2
Normal file
@ -0,0 +1,68 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
curl -X POST --data-urlencode 'payload={"text": "{{ sn_hostname }} is rebooted", "channel": "#technik", "username": "{{ sn_hostname }}", "icon_emoji": ":floppy_disk:"}' https://hooks.slack.com/services/{{ slack_token }}
|
||||||
|
|
||||||
|
# Block RFC1918 and APIPA destination via WAN
|
||||||
|
/sbin/iptables -P OUTPUT ACCEPT
|
||||||
|
for i in 10.0.0.0/8 172.16.0.0/12 169.254.0.0/16 192.168.0.0/16; do
|
||||||
|
/sbin/iptables -A OUTPUT -o eth0 -d $i -j DROP
|
||||||
|
done
|
||||||
|
|
||||||
|
# Activate IP forwarding
|
||||||
|
/sbin/sysctl -w net.ipv6.conf.all.forwarding=1
|
||||||
|
/sbin/sysctl -w net.ipv4.ip_forward=1
|
||||||
|
|
||||||
|
# restart when kernel panic
|
||||||
|
/sbin/sysctl kernel.panic=1
|
||||||
|
|
||||||
|
# Routing table 42
|
||||||
|
/bin/grep 42 /etc/iproute2/rt_tables || /bin/echo 42 ffrl >> /etc/iproute2/rt_tables
|
||||||
|
|
||||||
|
# Set table for traffice with mark 4
|
||||||
|
/bin/ip rule add fwmark 0x4 table 42
|
||||||
|
/bin/ip -6 rule add fwmark 0x4 table 42
|
||||||
|
|
||||||
|
# Set mark 4 to Freifunk traffic
|
||||||
|
/sbin/iptables -t mangle -A PREROUTING -s 10.0.0.0/8 ! -d 10.0.0.0/8 -j MARK --set-mark 4
|
||||||
|
#/sbin/ip6tables -t mangle -A PREROUTING -s 2a03:2260:121::/48 ! -d 2a03:2260:121::/48 -j MARK --set-mark 4
|
||||||
|
/sbin/ip6tables -t mangle -A PREROUTING -s 2a03:2260:121::/64 ! -d 2a03:2260:121::/64 -j MARK --set-mark 4
|
||||||
|
|
||||||
|
# NAT on eth0
|
||||||
|
/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
|
||||||
|
|
||||||
|
# NAT on GRE Freifunk interface
|
||||||
|
#/sbin/iptables -t nat -A POSTROUTING -o gre-+ -j SNAT --to-source 185.66.193.105
|
||||||
|
/sbin/iptables -t nat -A POSTROUTING -o gre-+ -j SNAT --to-source {{ sn_ffrl_IPv4 }}
|
||||||
|
|
||||||
|
# MTU
|
||||||
|
/sbin/iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o gre-+ -j TCPMSS --set-mss 1312
|
||||||
|
/sbin/ip6tables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o gre-+ -j TCPMSS --set-mss 1312
|
||||||
|
|
||||||
|
# All from FF IPv4 via routing table 42
|
||||||
|
/bin/ip rule add from {{ sn_ffrl_IPv4 }}/32 lookup 42
|
||||||
|
/bin/ip -6 rule add from 2a03:2260:121::/64 lookup 42
|
||||||
|
|
||||||
|
# Allow MAC address spoofing
|
||||||
|
/sbin/sysctl net.ipv4.conf.bat0.rp_filter=0
|
||||||
|
|
||||||
|
sleep 5
|
||||||
|
|
||||||
|
# stop tunneldigger
|
||||||
|
/bin/systemctl disable tunneldigger
|
||||||
|
/bin/systemctl stop tunneldigger
|
||||||
|
|
||||||
|
# restart bird
|
||||||
|
/bin/systemctl start bird
|
||||||
|
/bin/systemctl start bird6
|
||||||
|
/bin/systemctl enable bird
|
||||||
|
/bin/systemctl enable bird6
|
||||||
|
|
||||||
|
# stop radvd
|
||||||
|
/bin/systemctl disable radvd
|
||||||
|
/bin/systemctl stop radvd
|
||||||
|
|
||||||
|
# restart DHCP
|
||||||
|
/bin/systemctl disable isc-dhcp-server
|
||||||
|
/bin/systemctl stop isc-dhcp-server
|
||||||
|
|
||||||
|
exit 0
|
@ -2,17 +2,6 @@
|
|||||||
|
|
||||||
curl -X POST --data-urlencode 'payload={"text": "{{ sn_hostname }} is rebooted", "channel": "#technik", "username": "{{ sn_hostname }}", "icon_emoji": ":floppy_disk:"}' https://hooks.slack.com/services/{{ slack_token }}
|
curl -X POST --data-urlencode 'payload={"text": "{{ sn_hostname }} is rebooted", "channel": "#technik", "username": "{{ sn_hostname }}", "icon_emoji": ":floppy_disk:"}' https://hooks.slack.com/services/{{ slack_token }}
|
||||||
|
|
||||||
# Stop tunneldigger until bat0 is up
|
|
||||||
/usr/sbin/service tunneldigger stop
|
|
||||||
|
|
||||||
# Set unreachable for table 200
|
|
||||||
#/bin/ip route add unreachable 0.0.0.0/0 table iffy
|
|
||||||
|
|
||||||
#while ! ping -c 1 -W 1 {{ sn_iffy_traffic }}; do
|
|
||||||
# echo "Waiting for {{ sn_iffy_traffic }} - network interface might be down..."
|
|
||||||
# sleep 5
|
|
||||||
#done
|
|
||||||
|
|
||||||
# Block RFC1918 and APIPA destination via WAN
|
# Block RFC1918 and APIPA destination via WAN
|
||||||
/sbin/iptables -P OUTPUT ACCEPT
|
/sbin/iptables -P OUTPUT ACCEPT
|
||||||
for i in 10.0.0.0/8 172.16.0.0/12 169.254.0.0/16 192.168.0.0/16; do
|
for i in 10.0.0.0/8 172.16.0.0/12 169.254.0.0/16 192.168.0.0/16; do
|
||||||
@ -22,36 +11,47 @@ done
|
|||||||
# Activate IP forwarding
|
# Activate IP forwarding
|
||||||
/sbin/sysctl -w net.ipv6.conf.all.forwarding=1
|
/sbin/sysctl -w net.ipv6.conf.all.forwarding=1
|
||||||
/sbin/sysctl -w net.ipv4.ip_forward=1
|
/sbin/sysctl -w net.ipv4.ip_forward=1
|
||||||
|
|
||||||
|
# restart when kernel panic
|
||||||
/sbin/sysctl kernel.panic=1
|
/sbin/sysctl kernel.panic=1
|
||||||
|
|
||||||
# Routing table 200 for traffic above port 1023
|
# Stop tunneldigger until bat0 is up
|
||||||
#/bin/grep 200 /etc/iproute2/rt_tables || /bin/echo 200 iffy >> /etc/iproute2/rt_tables
|
/usr/sbin/service tunneldigger stop
|
||||||
|
|
||||||
|
# Routing table 42
|
||||||
|
/bin/grep 42 /etc/iproute2/rt_tables || /bin/echo 42 ffrl >> /etc/iproute2/rt_tables
|
||||||
|
|
||||||
# Set table for traffice with mark 4
|
# Set table for traffice with mark 4
|
||||||
#/bin/ip rule add fwmark 0x4 table iffy
|
/bin/ip rule add fwmark 0x4 table 42
|
||||||
|
/bin/ip -6 rule add fwmark 0x4 table 42
|
||||||
|
|
||||||
# Set mark 4 to traffic above port 1023
|
# Set mark 4 to Freifunk traffic
|
||||||
#/sbin/iptables -t mangle -A PREROUTING -p tcp --dport 1024:65535 -s 10.0.0.0/8 ! -d 10.0.0.0/8 -j MARK --set-mark 4
|
/sbin/iptables -t mangle -A PREROUTING -s 10.0.0.0/8 ! -d 10.0.0.0/8 -j MARK --set-mark 4
|
||||||
#/sbin/iptables -t mangle -A PREROUTING -p udp --dport 1024:65535 -s 10.0.0.0/8 ! -d 10.0.0.0/8 -j MARK --set-mark 4
|
/sbin/ip6tables -t mangle -A PREROUTING -s 2a03:2260:121::/48 ! -d 2a03:2260:121::/48 -j MARK --set-mark 4
|
||||||
|
/sbin/ip6tables -t mangle -A PREROUTING -s 2a03:2260:121::/64 ! -d 2a03:2260:121::/64 -j MARK --set-mark 4
|
||||||
|
|
||||||
# NAT on eth0
|
# NAT on eth0
|
||||||
/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
|
/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
|
||||||
|
|
||||||
|
# All from FF IPv4 via routing table 42
|
||||||
|
/bin/ip rule add from 185.66.193.104/30 lookup 42
|
||||||
|
/bin/ip -6 rule add from 2a03:2260:121::/64 lookup 42
|
||||||
|
|
||||||
# Allow MAC address spoofing
|
# Allow MAC address spoofing
|
||||||
/sbin/sysctl net.ipv4.conf.bat0.rp_filter=0
|
/sbin/sysctl net.ipv4.conf.bat0.rp_filter=0
|
||||||
|
|
||||||
# Set gateway for table 200
|
|
||||||
#/bin/ip route replace default via {{ sn_iffy_traffic }} table iffy
|
|
||||||
|
|
||||||
sleep 5
|
sleep 5
|
||||||
|
|
||||||
# Start tunneldigger
|
# Start tunneldigger
|
||||||
/usr/sbin/service tunneldigger restart
|
/bin/systemctl restart tunneldigger
|
||||||
|
/bin/systemctl enable tunneldigger
|
||||||
|
|
||||||
# radvd restart
|
# radvd restart
|
||||||
/usr/sbin/service radvd restart
|
/bin/systemctl restart radvd
|
||||||
|
/bin/systemctl enable radvd
|
||||||
|
|
||||||
# restart DHCP
|
# restart DHCP
|
||||||
/usr/sbin/service isc-dhcp-server restart
|
/bin/systemctl restart isc-dhcp-server
|
||||||
|
/bin/systemctl enable isc-dhcp-server
|
||||||
|
|
||||||
exit 0
|
exit 0
|
||||||
|
@ -9,7 +9,7 @@
|
|||||||
user: root
|
user: root
|
||||||
gather_facts: False
|
gather_facts: False
|
||||||
vars:
|
vars:
|
||||||
snversion: master_v1.9.3
|
snversion: master_v2.0
|
||||||
batmanversion: v2015.2
|
batmanversion: v2015.2
|
||||||
common_required_packages:
|
common_required_packages:
|
||||||
- git
|
- git
|
||||||
@ -62,6 +62,8 @@
|
|||||||
- authorized_keys
|
- authorized_keys
|
||||||
logrotate_config:
|
logrotate_config:
|
||||||
- logrotate.conf
|
- logrotate.conf
|
||||||
|
tunneld_stats_file:
|
||||||
|
- collectd_td_stat.sh
|
||||||
|
|
||||||
|
|
||||||
tasks:
|
tasks:
|
||||||
@ -95,12 +97,12 @@
|
|||||||
poll: 0
|
poll: 0
|
||||||
ignore_errors: true
|
ignore_errors: true
|
||||||
when: sethostname.changed
|
when: sethostname.changed
|
||||||
- name: waiting for server to come back
|
- name: waiting for server to come back (1st)
|
||||||
local_action:
|
local_action:
|
||||||
wait_for
|
wait_for
|
||||||
host={{ inventory_hostname }}
|
host={{ inventory_hostname }}
|
||||||
port=22
|
port=22
|
||||||
delay=15
|
delay=20
|
||||||
timeout=300
|
timeout=300
|
||||||
when: hosts.changed
|
when: hosts.changed
|
||||||
when: sethostname.changed
|
when: sethostname.changed
|
||||||
@ -194,13 +196,24 @@
|
|||||||
copy: src=./files/{{ item }} dest=/opt/freifunk owner=root group=root mode=0500
|
copy: src=./files/{{ item }} dest=/opt/freifunk owner=root group=root mode=0500
|
||||||
with_items: check_gw_script
|
with_items: check_gw_script
|
||||||
register: check_gw
|
register: check_gw
|
||||||
|
when: sn_exit is undefined
|
||||||
- name: Add cron job with check gateway script
|
- name: Add cron job with check gateway script
|
||||||
cron: name=check_gw job="/opt/freifunk/keepalive.sh > /dev/null 2>&1" user="root"
|
cron: name=check_gw job="/opt/freifunk/keepalive.sh > /dev/null 2>&1" user="root"
|
||||||
when: check_gw.changed
|
when: check_gw.changed
|
||||||
|
|
||||||
|
- name: Tunneldigger stats
|
||||||
|
copy: src=./files/{{ item }} dest=/opt/freifunk owner=root group=root mode=0500
|
||||||
|
with_items: tunneld_stats_file
|
||||||
|
register: tunneld_stats
|
||||||
|
when: sn_exit is undefined
|
||||||
|
- name: Add cron job tunneldigger stats
|
||||||
|
cron: name=tunneld_stats job="/opt/freifunk/collectd_td_stat.sh > /dev/null 2>&1" user="root"
|
||||||
|
when: tunneld_stats.changed
|
||||||
|
|
||||||
|
|
||||||
- name: Copy dhcpd template file
|
- name: Copy dhcpd template file
|
||||||
template: src=./files/dhcpd.conf.j2 dest=/etc/dhcp/dhcpd.conf owner=root group=root mode=0444
|
template: src=./files/dhcpd.conf.j2 dest=/etc/dhcp/dhcpd.conf owner=root group=root mode=0444
|
||||||
register: dhcpd
|
register: dhcpd
|
||||||
|
|
||||||
- name: Clone static DHCP config
|
- name: Clone static DHCP config
|
||||||
git: repo=https://github.com/Freifunk-Troisdorf/static-dhcp
|
git: repo=https://github.com/Freifunk-Troisdorf/static-dhcp
|
||||||
dest=/opt/freifunk/static-dhcp
|
dest=/opt/freifunk/static-dhcp
|
||||||
@ -208,7 +221,6 @@
|
|||||||
- name: Add cron static DHCP
|
- name: Add cron static DHCP
|
||||||
cron: name=StaticDHCP minute="*" job="/opt/freifunk/static-dhcp/dhcp-update.sh"
|
cron: name=StaticDHCP minute="*" job="/opt/freifunk/static-dhcp/dhcp-update.sh"
|
||||||
when: dhcpd.changed
|
when: dhcpd.changed
|
||||||
|
|
||||||
- name: Restart dhcpd
|
- name: Restart dhcpd
|
||||||
service: name=isc-dhcp-server state=restarted
|
service: name=isc-dhcp-server state=restarted
|
||||||
when: dhcpd.changed
|
when: dhcpd.changed
|
||||||
@ -217,8 +229,14 @@
|
|||||||
cron: name=backbone special_time=reboot job="/opt/freifunk/l2tp_backbone.sh"
|
cron: name=backbone special_time=reboot job="/opt/freifunk/l2tp_backbone.sh"
|
||||||
- name: Add cron startup script
|
- name: Add cron startup script
|
||||||
cron: name=startup special_time=reboot job="/opt/freifunk/sn_startup.sh"
|
cron: name=startup special_time=reboot job="/opt/freifunk/sn_startup.sh"
|
||||||
|
|
||||||
- name: Copy backbone script
|
- name: Copy backbone script
|
||||||
template: src=./files/l2tp_backbone.sh.j2 dest=/opt/freifunk/l2tp_backbone.sh owner=root group=root mode=0544
|
template: src=./files/l2tp_backbone.sh.j2 dest=/opt/freifunk/l2tp_backbone.sh owner=root group=root mode=0544
|
||||||
|
when: sn_exit is undefined
|
||||||
|
- name: Copy backbone script
|
||||||
|
template: src=./files/l2tp_backbone.sh.exit.j2 dest=/opt/freifunk/l2tp_backbone.sh owner=root group=root mode=0544
|
||||||
|
when: sn_exit is defined
|
||||||
|
|
||||||
- name: Collectd template file
|
- name: Collectd template file
|
||||||
template: src=./files/collectd.conf.j2 dest=/etc/collectd/collectd.conf owner=root group=root mode=0444
|
template: src=./files/collectd.conf.j2 dest=/etc/collectd/collectd.conf owner=root group=root mode=0444
|
||||||
register: collectd
|
register: collectd
|
||||||
@ -227,6 +245,7 @@
|
|||||||
when: collectd.changed
|
when: collectd.changed
|
||||||
- name: configure startup script
|
- name: configure startup script
|
||||||
template: src=./files/sn_startup.sh.j2 dest=/opt/freifunk/sn_startup.sh owner=root group=root mode=0500
|
template: src=./files/sn_startup.sh.j2 dest=/opt/freifunk/sn_startup.sh owner=root group=root mode=0500
|
||||||
|
when: sn_exit is undefined
|
||||||
- name: SSH authorized_keys
|
- name: SSH authorized_keys
|
||||||
copy: src=./files/{{ item }} dest=/root/.ssh owner=root group=root mode=0400
|
copy: src=./files/{{ item }} dest=/root/.ssh owner=root group=root mode=0400
|
||||||
with_items: authorized_keys
|
with_items: authorized_keys
|
||||||
@ -243,6 +262,22 @@
|
|||||||
template: src=./files/alfred.sh.j2 dest=/opt/freifunk/alfred.sh owner=root group=root mode=0544
|
template: src=./files/alfred.sh.j2 dest=/opt/freifunk/alfred.sh owner=root group=root mode=0544
|
||||||
- name: Add cron job with alfred info script
|
- name: Add cron job with alfred info script
|
||||||
cron: name=alfred_info job="/opt/freifunk/alfred.sh > /dev/null 2>&1" user="root"
|
cron: name=alfred_info job="/opt/freifunk/alfred.sh > /dev/null 2>&1" user="root"
|
||||||
|
- name: Interface configuration with ffrl gre tunnel
|
||||||
|
copy: src=./files/interfaces-{{ sn_hostname }} dest=/etc/network/interfaces owner=root group=root mode=0544
|
||||||
|
when: sn_exit is defined
|
||||||
|
- name: Exit node startup script
|
||||||
|
template: src=./files/sn_startup.exit.sh.j2 dest=/opt/freifunk/sn_startup.sh owner=root group=root mode=0500
|
||||||
|
when: sn_exit is defined
|
||||||
|
- apt: update_cache=yes
|
||||||
|
- name: Install bird
|
||||||
|
apt: state=installed pkg=bird
|
||||||
|
when: sn_exit is defined
|
||||||
|
- name: Bird configuration
|
||||||
|
copy: src=./files/bird-{{ sn_hostname }}.conf dest=/etc/bird/bird.conf owner=bird group=bird mode=0444
|
||||||
|
when: sn_exit is defined
|
||||||
|
- name: Bird configuration
|
||||||
|
copy: src=./files/bird6-{{ sn_hostname }}.conf dest=/etc/bird/bird6.conf owner=bird group=bird mode=0444
|
||||||
|
when: sn_exit is defined
|
||||||
- name: Reboot the server finally
|
- name: Reboot the server finally
|
||||||
shell: sleep 2 && shutdown -r now "Ansible updates triggered"
|
shell: sleep 2 && shutdown -r now "Ansible updates triggered"
|
||||||
async: 1
|
async: 1
|
||||||
@ -256,7 +291,7 @@
|
|||||||
wait_for
|
wait_for
|
||||||
host={{ inventory_hostname }}
|
host={{ inventory_hostname }}
|
||||||
port=22
|
port=22
|
||||||
delay=15
|
delay=20
|
||||||
timeout=300
|
timeout=300
|
||||||
when: tunneldigger.changed
|
when: tunneldigger.changed
|
||||||
- name: Send notification message via Slack
|
- name: Send notification message via Slack
|
||||||
|
Loading…
Reference in New Issue
Block a user