Benutzer-Werkzeuge


    Warning: Undefined array key "REMOTE_USER" in /usr/local/www/wiki.freifunk-bielefeld.de/lib/tpl/starter/main.php on line 62
  • Admin

  • Warning: Undefined array key "REMOTE_USER" in /usr/local/www/wiki.freifunk-bielefeld.de/lib/tpl/starter/tpl_functions.php on line 50

    Warning: Undefined array key "REMOTE_USER" in /usr/local/www/wiki.freifunk-bielefeld.de/lib/tpl/starter/tpl_functions.php on line 77
  • Registrieren

Webseiten-Werkzeuge


Intercity-VPN

Mit dem IC-VPN vernetzen sich die verschiedenen Freifunker aus Deutschland und auch anderen Ländern untereinander. Technisch geschieht dies mit Tinc, per BGP werden dann die eigenen Subnetze bekannt gegeben.

Damit es zu keinen Überschneidungen bei den Subnetzen kommt, existieren im Freifunkwiki mehrere Seiten:

    • Bielefeld IPv4: 10.29.0.0/16
      • Transfernetz-IP vpn1: 10.207.0.59
      • Transfernetz-IP vpn2: 10.207.0.67
    • Bielefeld IPv6: fdef:17a0:ffb1::/48
      • Transfernetz-IP vpn1: fec0::a:cf:0:59/96
      • Transfernetz-IP vpn2: fec0::a:cf:0:60/96
    • Bielefeld AS: 65529

Stand 07.02.14

  • Auf vpn1 läuft ein LookingGlass für IPv4 und IPv6, leider hakt das noch etwas, weil der User vom Apache Zugriff auf den bird-Prozess braucht
  • Peering mit
    • Lübeck1
    • Augsburg1
    • Gronau1
    • noch ein paar andere Städte
    • DN42, siehe unten

Einrichten

Pakete

  • bird
  • bird6
  • tinc

tinc

  • tinc.conf
Name = bielefeld1
PrivateKeyFile = /etc/tinc/icvpn/rsa_key.priv
Mode = Switch
PingTimeout = 30
Port = 655
Hostname = yes
ConnectTo = augsburg1
ConnectTo = luebeck1
ConnectTo = gronau1
  • tinc-up
!/bin/sh
ip link set dev icvpn up
ip addr add dev icvpn 10.207.0.59/16 broadcast 10.207.255.255
ip -6 addr add dev icvpn fec0::a:cf:0:59/96
ip rule add dev br-mesh table icvpn prio 32764
ip -6 rule add dev br-mesh table icvpn prio 32764
  • tinc-down
#!/bin/sh
ip del dev icvpn 10.207.0.59/16 broadcast 10.207.255.255
ip -6 addr del dev icvpn fec0::a:cf:0:59/96
ip link set dev icvpn down
ip rule del prio 32764
ip -6 rule del prio 32764
  • /etc/iproute2/rt_tables

zusätzliche Zeile mit

200 icvpn

bird

  • bird.conf
### config for vpn1 ###

log "/var/log/bird.log" all;
log syslog all;

router id 10.29.131.187;
define myas = 65529;
table ebgp;
table ibgp;
#table internal_ospf;
table internal;


### functions ###

function net_martian()
{
return net ~ [ 169.254.0.0/16+, 127.0.0.0/8+, 224.0.0.0/4+, 240.0.0.0/4+, 0.0.0.0/0{0,7}, 192.168.0.0/16+ ];
}

function net_local() {
return net ~ [ 10.29.0.0/16+ ];
}

function dn42()
{
	return net ~ [ 172.22.0.0/15+,
			195.160.168.0/23+,
			91.204.4.0/22+,
			193.43.220.0/23+,
			83.133.178.0/23+,
			87.106.29.254/32,
			85.25.246.16/28+,
			46.4.248.192/27+,
			94.45.224.0/19+,
			195.191.196.0/23+,
			80.244.241.224/27+,
			46.19.90.48/28+,
			46.19.90.96/28+,
			178.63.170.40/32,
			188.40.34.241/32,
			195.16.84.40/29+,
			37.1.89.160/29+,
			178.33.32.123/32+,
			37.1.89.160/29+,
			185.28.77.16/29+,
			185.28.77.192/27+,
			192.175.48.0/24+ ];
}

function chaosvpn() {
	return net ~ [ 	10.4.0.0/16+,
			10.32.0.0/16+,
			10.100.0.0/14+,
			10.104.0.0/14+,
			172.31.0.0/16+ ];
}

function freifunk() {
	return net ~ [ 10.0.0.0/8+,
			104.0.0.0/8+ ];
}

function net_hackint()
{
	return net ~ [ 172.22.24.0/28+ ];
}

function accept_all()
{
	if net_martian() || net_local() then return false;
	return true;
}


### kernel ###

protocol kernel {
	scan time 10;
	table internal;
	kernel table 200;
	import none;
	export filter {
		krt_prefsrc = 10.29.131.187;   # edit: own ip
		accept;
	};
};

protocol device {
	scan time 10;
}


### static routes for bgp ###

protocol static {
	route 10.29.0.0/16 reject;
	table ebgp;
}

### static routes for ospf ###
protocol static {
	route 10.29.0.0/16 via "br-mesh";
	table internal;
};


### sync ebgp with ibgp ###

protocol pipe {
	table ebgp;
	peer table ibgp;
	import all;
	export where !net_local();
}

### sync ibgp with internal ###
protocol pipe {
	table ibgp;
	peer table internal;
	import none;
	export where (freifunk() || dn42());
}

### templates ###

template bgp PEERS {
	table ebgp;
	local as myas;
	#import filter bgp_in;
	export all;
	route limit 10000;
}

template bgp bgp_ibgp {
	table ibgp;
	local as myas;
	import filter {
		preference = 99;
		accept;	
	};
	export where source = RTS_BGP;
	gateway direct;
	next hop self;
}

### iBGP ###

protocol bgp vpn2 from bgp_ibgp {
	neighbor 10.29.132.192 as 65529;
}

### eBGP ###

### Leipzig1 ###
#protocol bgp Leipzig1 from PEERS {
#	description "Leipzig1";
#	neighbor 10.207.0.1 as 65041;
#}

### Leipzig2 ###
protocol bgp Leipzig2 from PEERS {
	description "import: freifunk; export: freifunk, dn42";
	import where (freifunk() && !net_local());
	export where (freifunk() || dn42());
	neighbor 10.207.0.2 as 65041;
}

### Leipzig-DB ###
#protocol bgp Leipzig_DB from PEERS {
#	description "Leipzig-DB";
#	neighbor 10.207.255.1 as 65041;
#}

### Weimar1 ###
protocol bgp Weimar1 from PEERS {
	description "import: freifunk; export: freifunk, dn42";
	import where (freifunk() && !net_local());
	export where (freifunk() || dn42());
	neighbor 10.207.0.3 as 65042;
}

### Weimar2 ###
protocol bgp Weimar2 from PEERS {
      description "import: freifunk; export: freifunk, dn42";
      import where (freifunk() && !net_local());
      export where (freifunk() || dn42());
      neighbor 10.207.0.4 as 65042;
}

### Berlin1 ###
protocol bgp Berlin1 from PEERS {
	description "import: freifunk; export: freifunk, dn42";
	import where (freifunk() && !net_local());
	export where (freifunk() || dn42());
	neighbor 10.207.0.5 as 44194;
}

### Berlin2 ###
#protocol bgp Berlin2 from PEERS {
#	description "Berlin2";
#	neighbor 10.207.0.6 as 44194;
#}

### Wermelskirchen 1 ###
protocol bgp Wermelskirchen1 from PEERS {
	description "import: freifunk; export: freifunk, dn42";
	import where (freifunk() && !net_local());
	export where (freifunk() || dn42());
	neighbor 10.207.0.7 as 65530;
}

### Wermelskirchen2 ###
protocol bgp Wermelskirchen2 from PEERS {
	description "Wermelskirchen2";
	import where (freifunk() && !net_local()); 
      export where (freifunk() || dn42());
	neighbor 10.207.0.8 as 65530;
}

### Stuttgart1 ###
#protocol bgp Stuttgart1 from PEERS {
#	description "Stuttgart1";
#	neighbor 10.207.0.11 as 65045;
#}

### Stuttgart2 ###
#protocol bgp Stuttgart2 from PEERS {
#	description "Stuttgart2";
#	neighbor 10.207.0.12 as 65045;
#}

### Halle1 ###
protocol bgp Halle1 from PEERS {
	description "import: freifunk; export: freifunk, dn42";
	import where (freifunk() && !net_local());
	export where (freifunk() || dn42());
	neighbor 10.207.0.13 as 65046;
}

### Halle2 ###
protocol bgp Halle2 from PEERS {
	description "import: freifunk; export: freifunk, dn42";
	import where (freifunk() && !net_local());
	export where (freifunk() || dn42());
	neighbor 10.207.0.14 as 65046;
}

### Aurich1 ###
#protocol bgp Aurich1 from PEERS {
#	description "Aurich1";
#	neighbor 10.207.0.15 as 65047;
#}

### Augsburg1 ###
protocol bgp Augsburg1 from PEERS {
	description "import: freifunk, dn42; export: freifunk, dn42";
	import where ((freifunk() || dn42()) && !net_local());
	export where (freifunk() || dn42());
	neighbor 10.207.0.17 as 65050;
}

### Augsburg2 ###
protocol bgp Augsburg2 from PEERS {
	description "import: freifunk, dn42; export: freifunk, dn42";
	import where ((freifunk() || dn42()) && !net_local());
	export where (freifunk() || dn42());
	neighbor 10.207.0.68 as 65050;
}

### Dresden1 ###
protocol bgp Dresden1 from PEERS {
	description "import: freifunk; export: freifunk, dn42";
	import where (freifunk() && !net_local());
	export where (freifunk() || dn42());
	neighbor 10.207.0.19 as 65051;
}

### Hannover 1 ###
#protocol bgp Hannover1 from PEERS {
#	description "Hannover1";
#	neighbor 10.207.0.22 as 65511;
#}

### Franken 1 ###
protocol bgp Franken1 from PEERS {
	description "import: freifunk; export: freifunk, dn42";
	import where (freifunk() && !net_local());
	export where (freifunk() || dn42());
	neighbor 10.207.0.23 as 65024;
}

### Franken 2 ###
#protocol bgp Franken2 from PEERS {
#	description "Franken2";
#	neighbor 10.207.0.24 as 65024;
#}

### Grossdraxdorf ###
#protocol bgp Grossdraxdorf from PEERS {
#	description "Großraxdorf";
#	neighbor 10.207.0.25 as 65025;
#}

### Bad Zwischenahn 1 ###
#protocol bgp Bad_Zwischenahn1 from PEERS {
#	description "BadZwischenahn1";
#	neighbor 10.207.0.26 as 65512;
#}

### Oldenburg 1 ###
protocol bgp Oldenburg1 from PEERS {
	description "import: freifunk; export: freifunk, dn42";
	import where (freifunk() && !net_local());
	export where (freifunk() || dn42());
	neighbor 10.207.0.27 as 65513;
}

### Bayreuth 1 ###
protocol bgp Bayreuth1 from PEERS {
	description "Bayreuth1";
	import where (freifunk() && !net_local());
	export where (freifunk() || dn42());
	neighbor 10.207.0.28 as 65025;
}

### diac24.net ###
#protocol bgp diac24_net from PEERS {
#	description "diac24.net";
#	neighbor 10.207.2.0 as 64600;
#}

### kiberpipa.net ###
#protocol bgp kiberpipa_net from PEERS {
#	description "kiberpipa.net";
#	neighbor 10.207.3.23 as 65023;
#}

### Franken 3 ###
#protocol bgp Franken3 from PEERS {
#	description "Franken3";
#	neighbor 10.207.0.31 as 65024;
#}

### Koblenz ###
#protocol bgp Koblenz from PEERS {
#	description "Koblenz";
#	neighbor 10.207.0.32 as 65032;
#}

### Mainz 1 ###
protocol bgp Mainz1 from PEERS {
	description "import: freifunk; export: freifunk, dn42";
	import where (freifunk() && !net_local());
	export where (freifunk() || dn42());
	neighbor 10.207.0.37 as 65037;
}

### Luebeck 1 ###
protocol bgp Luebeck1 from PEERS {
	import where ((freifunk() && !net_local()));
	export where (freifunk() || dn42());
	description "import: freifunk, dn42; export: freifunk, dn42";
	neighbor 10.207.0.130 as 65052;
}

### Luebeck 2 ###
protocol bgp Luebeck2 from PEERS {
	import where ((freifunk() && !net_local()));
	export where (freifunk() || dn42());
	description "import: freifunk, dn42; export: freifunk, dn42";
	neighbor 10.207.0.131 as 65052;
}

### Frankfurt 1 ###
protocol bgp Frankfurt1 from PEERS {
	import where (freifunk() && !net_local());
	export where (freifunk() || dn42());
	description "import: freifunk; export: freifunk, dn42";
	neighbor 10.207.0.35 as 65026;
}

### Chemnitz 1 ###
protocol bgp Chemnitz1 from PEERS {
	import where (freifunk() && !net_local());
	export where (freifunk() || dn42());
	description "Chemnitz1";
	neighbor 10.207.0.36 as 65053;
}

### Schilcher 1 ###
#protocol bgp Schilcher1 from PEERS {
#	description "Schilcher1";
#	neighbor 10.207.0.51 as 65054;
#}

### Gronau 1 ###
protocol bgp Gronau1 from PEERS {
	import where (freifunk() && !net_local());
	export where (freifunk() || dn42());
	description "import: freifunk; export: freifunk, dn42";
	neighbor 10.207.0.55 as 65526;
}

### Gronau 2 ###
protocol bgp Gronau2 from PEERS {
	import where (freifunk() && !net_local());
	export where (freifunk() || dn42());
	description "import: freifunk; export: freifunk, dn42";
	neighbor 10.207.0.60 as 65526;
}

### Schwarzach 1 ###
protocol bgp Schwarzach1 from PEERS {
	import where (freifunk() && !net_local());
	export where (freifunk() || dn42());
	description "import: freifunk; export: freifunk, dn42";
	neighbor 10.207.0.56 as 65527;
}

### Hamburg 01 ###
protocol bgp Hamburg01 from PEERS {
	import where (freifunk() && !net_local());
	export where (freifunk() || dn42());
	description "import: freifunk; export: freifunk, dn42";
	neighbor 10.207.0.62 as 65112;
}

### Kiel4 ###
protocol bgp Kiel4 from PEERS {
        import where (freifunk() && !net_local());
        export where (freifunk() || dn42());
        description "import: freifunk; export: freifunk, dn42";
        neighbor 10.207.0.58 as 65525;
}

### Hamburg 05 ###
protocol bgp Hamburg05 from PEERS {
	import where (freifunk() && !net_local());
	export where (freifunk() || dn42());
	description "import: freifunk; export: freifunk, dn42";
	neighbor 10.207.0.65 as 65112;
}

### Jena 1 ###
protocol bgp Jena1 from PEERS {
        import where (freifunk() && !net_local());
        export where (freifunk() || dn42());
        description "import: freifunk; export: freifunk, dn42";
        neighbor 10.207.0.33 as 65055;
}

### Jena 2 ###
protocol bgp Jena2 from PEERS {
        import where (freifunk() && !net_local());
        export where (freifunk() || dn42());
        description "import: freifunk; export: freifunk, dn42";
        neighbor 10.207.0.66 as 65055;
}

### Wuppertal 1 ###
protocol bgp Wuppertal1 from PEERS {
        import where (freifunk() && !net_local());
        export where (freifunk() || dn42());
        description "import: freifunk; export: freifunk, dn42";
        neighbor 10.207.0.73 as 65523;
}


### barnslig ####
protocol bgp dn42_barnslig from PEERS {
	import where ((dn42() || chaosvpn()) && !net_local() && !net_hackint());
	export where (freifunk() || dn42() || chaosvpn());
	description "import: dn42, chaosvpn; reject hackint; export: freifunk, dn42";
	neighbor 172.22.119.227 as 64753;
}


### bodems ####
protocol bgp dn42_bodems from PEERS {
	import where (dn42() && !net_local());
	export where (freifunk() || dn42() || chaosvpn());
	description "import: dn42; export: freifunk, dn42, chaosvpn";
	neighbor 172.23.146.126 as 76124;

}

### kiwi-ix ###
protocol bgp dn42_kiwi_ix from PEERS {
	import where ((dn42() || chaosvpn()) && !net_local());
	export where (freifunk() );
	description "import: dn42, chaosvpn; export: freifunk";
	neighbor 172.23.197.1 as 76119;
}

### crest ###
protocol bgp dn42_crest from PEERS {
	import where ((dn42() || chaosvpn()) && !net_local());
	export where (freifunk() || dn42() || chaosvpn());
        neighbor 172.22.254.124 as 64828;
}

### thomasdotde ###
protocol bgp dn42_thomasdotde from PEERS {
	import where ((dn42() || chaosvpn()) && !net_local());
	export where (freifunk() || dn42() || chaosvpn());
      neighbor 172.22.121.18 as 76196;
}

### implementation ####
protocol bgp dn42_impl from PEERS {
	import where ((dn42() || chaosvpn()) && !net_local());
	export where (freifunk() || dn42() || chaosvpn());
      neighbor 172.23.220.17 as 76376;
}

#### dn42 mare ####
protocol bgp dn42_mare from PEERS {
	import where ((dn42() || chaosvpn()) && !net_local());
	export where (freifunk() || dn42() || chaosvpn());
	neighbor 172.22.235.254 as 64835;
}
  • bird6.conf
### config for vpn1 ###

log "/var/log/bird6.log" all;
log syslog all;

router id 10.29.131.187;
define myas = 65529;
table ebgp;
table ibgp;
#table internal_ospf;
table internal;


### functions ###

function net_local() {
	return net ~ [ fdef:17a0:ffb1::/48+];
}


function global_unicast(){
	return net ~ [ 2000::/3{48,64} ];
}

function ula(){
	return net ~ [ fc00::/7{48,64} ];
}

### kernel ###

protocol kernel {
	scan time 10;
	table internal;
	kernel table 200;
	import none;
	export filter {
		krt_prefsrc = fdef:17a0:ffb1:0:44a:8aff:fea5:adc;   # edit: own ip
		accept;
	};
};

protocol device {
	scan time 10;
}


### static routes for bgp ###

protocol static {
	route fdef:17a0:ffb1::/48 reject;
	table ebgp;
}


### sync ebgp with ibgp ###
protocol pipe {
	table ebgp;
	peer table ibgp;
	import where !net_local();
	export where !net_local();
}

### sync ibgp with internal ###
protocol pipe {
	table ibgp;
	peer table internal;
	import none;
	export where (global_unicast() || ula());
}


### templates ###

template bgp PEERS {
	table ebgp;
	local as myas;
	import where ((ula() || global_unicast()) && !net_local());
	export where ula() || global_unicast();
	route limit 10000;
}

template bgp bgp_ibgp {
	table ibgp;
	local as myas;
	import filter {
		preference = 99;
		accept;	
	};
	export where source = RTS_BGP;
	gateway direct;
	next hop self;
}

### iBGP ###
protocol bgp vpn2 from bgp_ibgp {
	description "import: any; export: any";
	neighbor fdef:17a0:ffb1:0:1cd0:63ff:fe81:1af2 as 65529;
}


### eBGP ###

### Wermelskirchen 1 ###
protocol bgp Wermelskirchen1 from PEERS {
	description "import: any; export: any";
	neighbor fec0::a:cf:0:7 as 65530;
}	    

### Wermelskirchen 2 ###
protocol bgp Wermelskirchen2 from PEERS {
	description "import: any; export: any";
	neighbor fec0::a:cf:0:8 as 65530;
}

#### diac24.net - offline ###
#protocol bgp diac24_net from PEERS {
#	description "diac24.net";
#	neighbor fec0::a:cf:ac:16 as 64600;
#}

#### kiberpipa.net - offline ###
#protocol bgp kiberpipa_net from PEERS {
#	description "kiberpipa.net";
#	neighbor fec0::a:cf:3:23 as 65023;
#}

### Bayreuth 1 ###
protocol bgp Bayreuth1 from PEERS {
	description "import: any; export: any";
	neighbor fec0::a:cf:0:19 as 65025;
}

### Luebeck 1 ###
protocol bgp Luebeck1 from PEERS {
	description "import: any; export: any";
	neighbor fec0::a:cf:0:82 as 65052;
}

### Luebeck 2 ###
protocol bgp Luebeck2 from PEERS {
	description "import: any; export: any";
	neighbor fec0::a:cf:0:83 as 65052;
}

### Gronau 1 ###
protocol bgp Gronau1 from PEERS {
	description "import: any; export: any";
	neighbor fec0::a:cf:0:50 as 65526;
}

### Gronau 2 ###
protocol bgp Gronau2 from PEERS {
	description "import: any; export: any";
	neighbor fec0::a:cf:0:51 as 65526;
}

### Hamburg 03 ###
protocol bgp Hamburg03 from PEERS {
	description "import: any; export: any";
	neighbor fec0::a:cf:0:3d as 65112;
}

### Hamburg 01 ###
protocol bgp Hamburg01 from PEERS {
	description "import: any; export: any";
	neighbor fec0::a:cf:0:3e as 65112;
}

### Hamburg 02 ###
protocol bgp Hamburg02 from PEERS {
	description "import: any; export: any";
	neighbor fec0::a:cf:0:3f as 65112;
}

### Hamburg 04 ###
protocol bgp Hamburg04 from PEERS {
	description "import: any; export: any";
	neighbor fec0::a:cf:0:40 as 65112;
}

### Hamburg 05 ###
protocol bgp Hamburg05 from PEERS {
	description "import: any; export: any";
	neighbor fec0::a:cf:0:41 as 65112;
}

#### bodems ###
protocol bgp dn42_bodems from PEERS {
        description "import: any; export: any";
        neighbor fdef:17a0:ffb1:0:fad1:11ff:fe4b:3966 as 76124;
}

#### RheinlandDev ####
protocol bgp RheinlandDev from PEERS {
        description "import: any; export: any";
        neighbor fec0::a:cf:0:4e as 65078;
}

#### Weimar1 ####
protocol bgp Weimar1 from PEERS {
      description "import: any; export: any";
      neighbor fec0::a:cf:0:3 as 65042;
}

#### Weimar2 ####
protocol bgp Weimar2 from PEERS {
      description "import: any; export: any";
      neighbor fec0::a:cf:0:4 as 65042;
}

#### Wuppertal1 ####
protocol bgp Wuppertal1 from PEERS {
      description "import: any; export: any";
      neighbor fec0::a:cf:0:71 as 65523;
}

#### Kiel4 ####
protocol bgp Kiel4 from PEERS {
description "import: any; export: any";
neighbor fec0::a:cf:0:3a as 65525;
}

#### Kiel3 ####
protocol bgp Kiel3 from PEERS {
description "import: any; export: any";
neighbor fec0::a:cf:0:36 as 65525;
}

#### Leipzig2 ####
protocol bgp Leipzig2 from PEERS {
	description "import: any; export: any";
	neighbor fec0::a:cf:0:2 as 65041;
}

Peerings zum DN42

Neben Peerings im ICVPN, haben wir auch noch Peerings über OpenVPN und GRE+IPsec zum DN42. Derzeit sind das folgende:

  • barnslig (AS64753)
  • bodems (AS76124)
  • kiwi (zu seinem IX, AS76119)
  • crest (AS64828)
  • thomasdotde (AS76196)
  • implementation (AS76376)
  • mare (AS64835)
  • siska (AS76103)
  • firehat (AS64844)

Für jeden Peer existiert ein Ordner in /root/dn42 mit der config, Backups hat Bodems