Dies ist eine alte Version des Dokuments!
Dieses Howto ist für Leute gedacht die selber einen Server bereitstellen wollen der als N2N Knotenpunkt und Gateway dient. Das heißt das viele Knoten (z.B. Router) sich über diesen Server verbinden können und zudem eine Internetanbindung zur Verfügung gestellt wird. Die Anleitung ist definitiv für fortgeschrittene Nutzer gedacht und wurde für Debiansysteme geschrieben.
Konfiguration von N2N/BATMAN-adv
Da diese Node als Server und Gateway laufen soll muss eine supernode-Instanz und eine edge-Instanz gestartet werden.
Es wird noch tunctl und brctl benötigt:
apt-get install uml-utilities apt-get install bridge-utils
Dieses Script konfiguriert und startet die Dienste.
#!/bin/bash exec >/var/log/freifunk_watchdog.log 2>&1 date n2n_port=60211 mesh_mac=`cat /sys/class/net/eth0/address` #translate to local administered mac a=${mesh_mac%%:*} #cut out first hex a=$((0x$a | 2)) #set second bit to 1 a=`printf '%02x\n' $a` #convert to hex mesh_mac="$a:${mesh_mac#*:}" #reassemble mac mac2ip() { #Get the IP of a node by MAC. mac=$1 ff_subnet=29 [ -z "$mac" -o -z "$ff_subnet" -o ${#mac} -ne 17 ] && { echo "0.0.0.0" exit 1 } seed=0 for x in $(echo $mac | tr ":" "\n"); do seed=$((seed + 0x$x + (0x$x << 8) + (0x$x << 16))) done addr_t=$((1900545 + (seed % 65278))) addr_c=$(((addr_t & 0xff00) >> 8)) addr_d=$(((addr_t & 0x00ff) >> 0)) echo "10.$ff_subnet.$addr_c.$addr_d" } mesh_ip=`mac2ip "$mesh_mac"` is_running() { ps aux | grep -v grep | grep "$1" > /dev/null } error() { echo "(E) $1" exit 1 } if is_running "supernode"; then echo "(I) N2N supernode is running." else echo "(I) Start N2N supernode." supernode -l "$n2n_port" -v || error "Cannot start N2N supernode." fi if is_running "edge"; then echo "(I) N2N edge is running." else echo "(I) Start N2N edge." edge -d n2n_bat -a 0.0.0.0 -c ffb1 -l localhost:"$n2n_port" || error "Cannot start N2N edge." fi if batctl o &> /dev/null; then echo "(I) batman-adv is running." else echo "(I) Setup batman-adv." modprobe batman-adv echo "(I) Detach all interfaces from batman-adv." batctl if del n2n_bat &> /dev/null batctl if del dummy_bat &> /dev/null echo "(I) Create and attach dummy_bat to control the batman-adv primary interface mac." tunctl -t dummy_bat > /dev/null ifconfig dummy_bat down #needed? ifconfig dummy_bat hw ether "$mesh_mac" mtu 1400 0.0.0.0 up batctl if add dummy_bat || error "Failed to attach interface dummy_bat to batman-adv." batctl if add n2n_bat || error "Failed to attach interface n2n_bat to batman-adv." ifconfig bat0 up echo "(I) Configure batmn-adv." #for now we don't have internet yet echo "client" > /sys/class/net/bat0/mesh/gw_mode echo "3000" > /sys/class/net/bat0/mesh/orig_interval echo "1" > /sys/class/net/bat0/mesh/bridge_loop_avoidance echo "(I) Setup br-mesh." #We could use just plainbat0 instead of br-mesh #But it might give us moreflexibility in the future. brctl addbr br-mesh brctl addif br-mesh bat0 echo "(I) Set IP '$mesh_ip' for br-mesh." ifconfig br-mesh "$mesh_ip" up fi is_running "openvpn " || /etc/init.d/openvpn start vpn_interface="tun0" ping_servers() { echo "(I) Try to ping root servers on '$vpn_interface':" #shuffle list and pick n entries pick() { local n=$1; shift; local s="`echo \"$@\" | tr ' ' '\n' | awk 'BEGIN { srand() } { print rand() "\t" $0 }' | sort -n | cut -f2- | tr '\n' ' '`" get() { shift $(($#-$1)); echo "$@"; } get $n $s } #check if any root server can be reached via default gateway and wan interface IPCHECK="192.33.4.12 128.8.10.90 193.0.14.129 198.41.0.4 192.228.79.201 192.5.5.241 192.36.148.17 192.58.128.30" for ip in `pick 3 $IPCHECK`; do echo -n "(I) Ping '$ip' " if ping $ip -c 1 -I $vpn_interface -q -W 1 > /dev/null 2>&1; then echo "- success." return 0 else echo "- failed." fi done echo "(W) Cannot reach any tested IP." return 1 } if ifconfig "$vpn_interface" &> /dev/null && ping_servers; then echo "(I) Internet access on '$vpn_interface' => Server mode." batctl gw_mode server else echo "(I) No Internet access on '$vpn_interface'. => Client mode." batctl gw_mode client fi echo "(I) Done."
Dieses Script kann einmal nach dem Systemstart oder regelmäßig durch cron aufgerufen werden. Dafür muss folgende Zeile an die /etc/crontab angehängt werden:
*/5 * * * * root /root/freifunk_watchdog > /dev/null
Wichig ist dabei, dass das Script ausführbar ist:
chmod a+x freifunk_watchdog
VPN-Test / Durchsatz vom VServer über den VPN-Endpunkt
abends
root@ffbi-gw1:~# iperf -c <****> ------------------------------------------------------------ Client connecting to <****>, TCP port 5001 TCP window size: 16.0 KByte (default) ------------------------------------------------------------ [ 3] local 10.8.0.190 port 42312 connected with <****> port 5001 [ ID] Interval Transfer Bandwidth [ 3] 0.0-10.1 sec 12.6 MBytes 10.5 Mbits/sec root@ffbi-gw1:~# iperf -c <****> ------------------------------------------------------------ Client connecting to <****>, TCP port 5001 TCP window size: 16.0 KByte (default) ------------------------------------------------------------ [ 3] local 10.8.0.190 port 42313 connected with <****> port 5001 [ ID] Interval Transfer Bandwidth [ 3] 0.0-10.0 sec 19.2 MBytes 16.0 Mbits/sec
morgens, 10:15
root@ffbi-gw1:~# iperf -c <****> ------------------------------------------------------------ Client connecting to <****>, TCP port 5001 TCP window size: 16.0 KByte (default) ------------------------------------------------------------ [ 3] local 10.8.0.190 port 42314 connected with <****> port 5001 [ ID] Interval Transfer Bandwidth [ 3] 0.0-10.0 sec 18.5 MBytes 15.5 Mbits/sec root@ffbi-gw1:~# iperf -c <****> ------------------------------------------------------------ Client connecting to <****>, TCP port 5001 TCP window size: 16.0 KByte (default) ------------------------------------------------------------ [ 3] local 10.8.0.190 port 42315 connected with <****> port 5001 [ ID] Interval Transfer Bandwidth [ 3] 0.0-10.1 sec 20.8 MBytes 17.3 Mbits/sec root@ffbi-gw1:~# iperf -c <****> ------------------------------------------------------------ Client connecting to <****>, TCP port 5001 TCP window size: 16.0 KByte (default) ------------------------------------------------------------ [ 3] local 10.8.0.190 port 42316 connected with <****> port 5001 [ ID] Interval Transfer Bandwidth [ 3] 0.0-10.1 sec 23.8 MBytes 19.9 Mbits/sec root@ffbi-gw1:~# iperf -c <****> ------------------------------------------------------------ Client connecting to <****>, TCP port 5001 TCP window size: 16.0 KByte (default) ------------------------------------------------------------ [ 3] local 10.8.0.190 port 42317 connected with <****> port 5001 [ ID] Interval Transfer Bandwidth [ 3] 0.0-10.0 sec 16.4 MBytes 13.7 Mbits/sec