Hier werden die Unterschiede zwischen zwei Versionen angezeigt.
Beide Seiten der vorigen RevisionVorhergehende ÜberarbeitungNächste Überarbeitung | Vorhergehende Überarbeitung | ||
ic-vpn [2013/10/29 20:35] – bodems | ic-vpn [2023/06/04 11:32] (aktuell) – Externe Bearbeitung 127.0.0.1 | ||
---|---|---|---|
Zeile 15: | Zeile 15: | ||
* [[http:// | * [[http:// | ||
- | ===== Stand 29.10.13 ===== | + | ===== Stand 07.02.14 ===== |
- | * Peering mit Lübeck1, Augsburg1, Gronau1 über tinc und mit AS64753 zum dn42 über OpenVPN | + | * Auf vpn1 läuft ein LookingGlass für IPv4 und IPv6, leider hakt das noch etwas, weil der User vom Apache Zugriff |
- | * auf neuem Gateway | + | * [[http:// |
- | * todo | + | * [[http:// |
- | * vpn2 in ICVPN integrieren | + | * Peering mit |
+ | * | ||
+ | * Augsburg1 | ||
+ | * Gronau1 | ||
+ | * noch ein paar andere Städte | ||
+ | * DN42, siehe unten | ||
===== Einrichten ===== | ===== Einrichten ===== | ||
Zeile 48: | Zeile 53: | ||
ip addr add dev icvpn 10.207.0.59/ | ip addr add dev icvpn 10.207.0.59/ | ||
ip -6 addr add dev icvpn fec0:: | ip -6 addr add dev icvpn fec0:: | ||
- | ip rule add from all table icvpn prio 32764 | + | ip rule add dev br-mesh |
- | ip -6 rule add from all table icvpn prio 32764 | + | ip -6 rule add dev br-mesh |
Zeile 72: | Zeile 77: | ||
* bird.conf | * bird.conf | ||
+ | ### config for vpn1 ### | ||
+ | | ||
log "/ | log "/ | ||
log syslog all; | log syslog all; | ||
| | ||
- | router id 10.29.132.192; | + | router id 10.29.131.187; |
define myas = 65529; | define myas = 65529; | ||
- | table icvpn; | + | table ebgp; |
+ | table ibgp; | ||
+ | #table internal_ospf; | ||
+ | table internal; | ||
| | ||
| | ||
- | ### filters and functions ### | + | ### functions ### |
| | ||
function net_martian() | function net_martian() | ||
Zeile 88: | Zeile 98: | ||
| | ||
function net_local() { | function net_local() { | ||
- | return net ~ [ 10.29.0.0/ | + | return net ~ [ 10.29.0.0/ |
} | } | ||
| | ||
- | | + | function |
- | | + | |
{ | { | ||
- | if net_martian() then return | + | return |
- | | + | |
+ | 91.204.4.0/ | ||
+ | 193.43.220.0/ | ||
+ | 83.133.178.0/ | ||
+ | 87.106.29.254/ | ||
+ | 85.25.246.16/ | ||
+ | 46.4.248.192/ | ||
+ | 94.45.224.0/ | ||
+ | 195.191.196.0/ | ||
+ | 80.244.241.224/ | ||
+ | 46.19.90.48/ | ||
+ | 46.19.90.96/ | ||
+ | 178.63.170.40/ | ||
+ | 188.40.34.241/ | ||
+ | 195.16.84.40/ | ||
+ | 37.1.89.160/ | ||
+ | 178.33.32.123/ | ||
+ | 37.1.89.160/ | ||
+ | 185.28.77.16/ | ||
+ | 185.28.77.192/ | ||
+ | 192.175.48.0/ | ||
} | } | ||
| | ||
- | function | + | function |
- | | + | return |
- | if net_martian() || net_local() then return | + | |
- | | + | 10.100.0.0/ |
+ | 10.104.0.0/ | ||
+ | 172.31.0.0/ | ||
} | } | ||
| | ||
- | | + | |
+ | return net ~ [ 10.0.0.0/ | ||
+ | 104.0.0.0/ | ||
+ | } | ||
+ | |||
+ | function net_hackint() | ||
{ | { | ||
- | if ! export_all() then reject; | + | return net ~ [ 172.22.24.0/ |
- | accept; | + | |
} | } | ||
| | ||
- | | + | |
{ | { | ||
- | if ! import_all() then reject; | + | if net_martian() || net_local() then return false; |
- | accept; | + | return true; |
} | } | ||
+ | | ||
+ | | ||
+ | ### kernel ### | ||
| | ||
protocol kernel { | protocol kernel { | ||
scan time 10; | scan time 10; | ||
- | table | + | table |
kernel table 200; | kernel table 200; | ||
import none; | import none; | ||
export filter { | export filter { | ||
- | krt_prefsrc = 10.29.132.192; # edit: own ip | + | krt_prefsrc = 10.29.131.187; |
accept; | accept; | ||
}; | }; | ||
Zeile 130: | Zeile 168: | ||
scan time 10; | scan time 10; | ||
} | } | ||
+ | | ||
+ | | ||
+ | ### static routes for bgp ### | ||
| | ||
+ | protocol static { | ||
+ | route 10.29.0.0/ | ||
+ | table ebgp; | ||
+ | } | ||
+ | | ||
+ | ### static routes for ospf ### | ||
protocol static { | protocol static { | ||
route 10.29.0.0/ | route 10.29.0.0/ | ||
- | table | + | table |
+ | }; | ||
+ | |||
+ | |||
+ | ### sync ebgp with ibgp ### | ||
+ | |||
+ | protocol pipe { | ||
+ | table ebgp; | ||
+ | peer table ibgp; | ||
+ | import all; | ||
+ | export where !net_local(); | ||
} | } | ||
+ | | ||
+ | ### sync ibgp with internal ### | ||
+ | protocol pipe { | ||
+ | table ibgp; | ||
+ | peer table internal; | ||
+ | import none; | ||
+ | export where (freifunk() || dn42()); | ||
+ | } | ||
+ | | ||
+ | ### templates ### | ||
| | ||
template bgp PEERS { | template bgp PEERS { | ||
+ | table ebgp; | ||
local as myas; | local as myas; | ||
- | import filter bgp_in; | + | #import filter bgp_in; |
- | export | + | export |
route limit 10000; | route limit 10000; | ||
- | rs client; | + | |
- | table icvpn; | + | |
- | | + | |
| | ||
template bgp bgp_ibgp { | template bgp bgp_ibgp { | ||
- | table | + | table |
local as myas; | local as myas; | ||
- | source address 10.29.132.192; #edit: own ip | + | import filter { |
- | import filter bgp_in; | + | preference = 99; |
- | export | + | accept; |
+ | }; | ||
+ | export | ||
gateway direct; | gateway direct; | ||
next hop self; | next hop self; | ||
- | }; | + | } |
- | | + | |
| | ||
### iBGP ### | ### iBGP ### | ||
| | ||
- | | + | protocol bgp vpn2 from bgp_ibgp { |
- | | + | neighbor 10.29.132.192 as 65529; |
- | neighbor 10.29.131.187 as 65529; | + | } |
- | }; | + | |
- | | + | |
| | ||
### eBGP ### | ### eBGP ### | ||
| | ||
### Leipzig1 ### | ### Leipzig1 ### | ||
- | protocol bgp Leipzig1 from PEERS { | + | |
- | description " | + | # description " |
- | neighbor 10.207.0.1 as 65041; | + | # neighbor 10.207.0.1 as 65041; |
+ | #} | ||
+ | |||
+ | ### Leipzig2 ### | ||
+ | protocol bgp Leipzig2 from PEERS { | ||
+ | description " | ||
+ | import where (freifunk() && !net_local()); | ||
+ | export where (freifunk() || dn42()); | ||
+ | neighbor 10.207.0.2 as 65041; | ||
+ | } | ||
+ | |||
+ | ### Leipzig-DB ### | ||
+ | #protocol bgp Leipzig_DB from PEERS { | ||
+ | # | ||
+ | # neighbor 10.207.255.1 as 65041; | ||
+ | #} | ||
+ | |||
+ | ### Weimar1 ### | ||
+ | protocol bgp Weimar1 from PEERS { | ||
+ | description " | ||
+ | import where (freifunk() && !net_local()); | ||
+ | export where (freifunk() || dn42()); | ||
+ | neighbor 10.207.0.3 as 65042; | ||
+ | } | ||
+ | |||
+ | ### Weimar2 ### | ||
+ | protocol bgp Weimar2 from PEERS { | ||
+ | description " | ||
+ | import where (freifunk() && !net_local()); | ||
+ | export where (freifunk() || dn42()); | ||
+ | neighbor 10.207.0.4 as 65042; | ||
+ | } | ||
+ | |||
+ | ### Berlin1 ### | ||
+ | protocol bgp Berlin1 from PEERS { | ||
+ | description " | ||
+ | import where (freifunk() && !net_local()); | ||
+ | export where (freifunk() || dn42()); | ||
+ | neighbor 10.207.0.5 as 44194; | ||
+ | } | ||
+ | |||
+ | ### Berlin2 ### | ||
+ | #protocol bgp Berlin2 from PEERS { | ||
+ | # | ||
+ | # neighbor 10.207.0.6 as 44194; | ||
+ | #} | ||
+ | |||
+ | ### Wermelskirchen 1 ### | ||
+ | protocol bgp Wermelskirchen1 from PEERS { | ||
+ | description " | ||
+ | import where (freifunk() && !net_local()); | ||
+ | export where (freifunk() || dn42()); | ||
+ | neighbor 10.207.0.7 as 65530; | ||
+ | } | ||
+ | |||
+ | ### Wermelskirchen2 ### | ||
+ | protocol bgp Wermelskirchen2 from PEERS { | ||
+ | description " | ||
+ | import where (freifunk() && !net_local()); | ||
+ | export where (freifunk() || dn42()); | ||
+ | neighbor 10.207.0.8 as 65530; | ||
+ | } | ||
+ | |||
+ | ### Stuttgart1 ### | ||
+ | #protocol bgp Stuttgart1 from PEERS { | ||
+ | # | ||
+ | # neighbor 10.207.0.11 as 65045; | ||
+ | #} | ||
+ | |||
+ | ### Stuttgart2 ### | ||
+ | #protocol bgp Stuttgart2 from PEERS { | ||
+ | # | ||
+ | # neighbor 10.207.0.12 as 65045; | ||
+ | #} | ||
+ | |||
+ | ### Halle1 ### | ||
+ | protocol bgp Halle1 from PEERS { | ||
+ | description " | ||
+ | import where (freifunk() && !net_local()); | ||
+ | export where (freifunk() || dn42()); | ||
+ | neighbor 10.207.0.13 as 65046; | ||
+ | } | ||
+ | |||
+ | ### Halle2 ### | ||
+ | protocol bgp Halle2 from PEERS { | ||
+ | description " | ||
+ | import where (freifunk() && !net_local()); | ||
+ | export where (freifunk() || dn42()); | ||
+ | neighbor 10.207.0.14 as 65046; | ||
+ | } | ||
+ | |||
+ | ### Aurich1 ### | ||
+ | #protocol bgp Aurich1 from PEERS { | ||
+ | # | ||
+ | # neighbor 10.207.0.15 as 65047; | ||
+ | #} | ||
+ | |||
+ | ### Augsburg1 ### | ||
+ | protocol bgp Augsburg1 from PEERS { | ||
+ | description " | ||
+ | import where ((freifunk() || dn42()) && !net_local()); | ||
+ | export where (freifunk() || dn42()); | ||
+ | neighbor 10.207.0.17 as 65050; | ||
+ | } | ||
+ | |||
+ | ### Augsburg2 ### | ||
+ | protocol bgp Augsburg2 from PEERS { | ||
+ | description " | ||
+ | import where ((freifunk() || dn42()) && !net_local()); | ||
+ | export where (freifunk() || dn42()); | ||
+ | neighbor 10.207.0.68 as 65050; | ||
+ | } | ||
+ | |||
+ | ### Dresden1 ### | ||
+ | protocol bgp Dresden1 from PEERS { | ||
+ | description " | ||
+ | import where (freifunk() && !net_local()); | ||
+ | export where (freifunk() || dn42()); | ||
+ | neighbor 10.207.0.19 as 65051; | ||
+ | } | ||
+ | |||
+ | ### Hannover 1 ### | ||
+ | #protocol bgp Hannover1 from PEERS { | ||
+ | # | ||
+ | # neighbor 10.207.0.22 as 65511; | ||
+ | #} | ||
+ | |||
+ | ### Franken 1 ### | ||
+ | protocol bgp Franken1 from PEERS { | ||
+ | description " | ||
+ | import where (freifunk() && !net_local()); | ||
+ | export where (freifunk() || dn42()); | ||
+ | neighbor 10.207.0.23 as 65024; | ||
+ | } | ||
+ | |||
+ | ### Franken 2 ### | ||
+ | #protocol bgp Franken2 from PEERS { | ||
+ | # | ||
+ | # neighbor 10.207.0.24 as 65024; | ||
+ | #} | ||
+ | |||
+ | ### Grossdraxdorf ### | ||
+ | #protocol bgp Grossdraxdorf from PEERS { | ||
+ | # | ||
+ | # neighbor 10.207.0.25 as 65025; | ||
+ | #} | ||
+ | |||
+ | ### Bad Zwischenahn 1 ### | ||
+ | #protocol bgp Bad_Zwischenahn1 from PEERS { | ||
+ | # | ||
+ | # neighbor 10.207.0.26 as 65512; | ||
+ | #} | ||
+ | |||
+ | ### Oldenburg 1 ### | ||
+ | protocol bgp Oldenburg1 from PEERS { | ||
+ | description " | ||
+ | import where (freifunk() && !net_local()); | ||
+ | export where (freifunk() || dn42()); | ||
+ | neighbor 10.207.0.27 as 65513; | ||
+ | } | ||
+ | |||
+ | ### Bayreuth 1 ### | ||
+ | protocol bgp Bayreuth1 from PEERS { | ||
+ | description " | ||
+ | import where (freifunk() && !net_local()); | ||
+ | export where (freifunk() || dn42()); | ||
+ | neighbor 10.207.0.28 as 65025; | ||
+ | } | ||
+ | |||
+ | ### diac24.net ### | ||
+ | #protocol bgp diac24_net from PEERS { | ||
+ | # | ||
+ | # neighbor 10.207.2.0 as 64600; | ||
+ | #} | ||
+ | |||
+ | ### kiberpipa.net ### | ||
+ | #protocol bgp kiberpipa_net from PEERS { | ||
+ | # | ||
+ | # neighbor 10.207.3.23 as 65023; | ||
+ | #} | ||
+ | |||
+ | ### Franken 3 ### | ||
+ | #protocol bgp Franken3 from PEERS { | ||
+ | # | ||
+ | # neighbor 10.207.0.31 as 65024; | ||
+ | #} | ||
+ | |||
+ | ### Koblenz ### | ||
+ | #protocol bgp Koblenz from PEERS { | ||
+ | # | ||
+ | # neighbor 10.207.0.32 as 65032; | ||
+ | #} | ||
+ | |||
+ | ### Mainz 1 ### | ||
+ | protocol bgp Mainz1 from PEERS { | ||
+ | description " | ||
+ | import where (freifunk() && !net_local()); | ||
+ | export where (freifunk() || dn42()); | ||
+ | neighbor 10.207.0.37 as 65037; | ||
+ | } | ||
+ | |||
+ | ### Luebeck 1 ### | ||
+ | protocol bgp Luebeck1 from PEERS { | ||
+ | import where ((freifunk() && !net_local())); | ||
+ | export where (freifunk() || dn42()); | ||
+ | description " | ||
+ | neighbor 10.207.0.130 as 65052; | ||
+ | } | ||
+ | |||
+ | ### Luebeck 2 ### | ||
+ | protocol bgp Luebeck2 from PEERS { | ||
+ | import where ((freifunk() && !net_local())); | ||
+ | export where (freifunk() || dn42()); | ||
+ | description " | ||
+ | neighbor 10.207.0.131 as 65052; | ||
+ | } | ||
+ | |||
+ | ### Frankfurt 1 ### | ||
+ | protocol bgp Frankfurt1 from PEERS { | ||
+ | import where (freifunk() && !net_local()); | ||
+ | export where (freifunk() || dn42()); | ||
+ | description " | ||
+ | neighbor 10.207.0.35 as 65026; | ||
+ | } | ||
+ | |||
+ | ### Chemnitz 1 ### | ||
+ | protocol bgp Chemnitz1 from PEERS { | ||
+ | import where (freifunk() && !net_local()); | ||
+ | export where (freifunk() || dn42()); | ||
+ | description " | ||
+ | neighbor 10.207.0.36 as 65053; | ||
+ | } | ||
+ | |||
+ | ### Schilcher 1 ### | ||
+ | #protocol bgp Schilcher1 from PEERS { | ||
+ | # | ||
+ | # neighbor 10.207.0.51 as 65054; | ||
+ | #} | ||
+ | |||
+ | ### Gronau 1 ### | ||
+ | protocol bgp Gronau1 from PEERS { | ||
+ | import where (freifunk() && !net_local()); | ||
+ | export where (freifunk() || dn42()); | ||
+ | description " | ||
+ | neighbor 10.207.0.55 as 65526; | ||
+ | } | ||
+ | |||
+ | ### Gronau 2 ### | ||
+ | protocol bgp Gronau2 from PEERS { | ||
+ | import where (freifunk() && !net_local()); | ||
+ | export where (freifunk() || dn42()); | ||
+ | description " | ||
+ | neighbor 10.207.0.60 as 65526; | ||
+ | } | ||
+ | |||
+ | ### Schwarzach 1 ### | ||
+ | protocol bgp Schwarzach1 from PEERS { | ||
+ | import where (freifunk() && !net_local()); | ||
+ | export where (freifunk() || dn42()); | ||
+ | description " | ||
+ | neighbor 10.207.0.56 as 65527; | ||
+ | } | ||
+ | |||
+ | ### Hamburg 01 ### | ||
+ | protocol bgp Hamburg01 from PEERS { | ||
+ | import where (freifunk() && !net_local()); | ||
+ | export where (freifunk() || dn42()); | ||
+ | description " | ||
+ | neighbor 10.207.0.62 as 65112; | ||
+ | } | ||
+ | |||
+ | ### Kiel4 ### | ||
+ | protocol bgp Kiel4 from PEERS { | ||
+ | import where (freifunk() && !net_local()); | ||
+ | export where (freifunk() || dn42()); | ||
+ | description " | ||
+ | neighbor 10.207.0.58 as 65525; | ||
+ | } | ||
+ | |||
+ | ### Hamburg 05 ### | ||
+ | protocol bgp Hamburg05 from PEERS { | ||
+ | import where (freifunk() && !net_local()); | ||
+ | export where (freifunk() || dn42()); | ||
+ | description " | ||
+ | neighbor 10.207.0.65 as 65112; | ||
+ | } | ||
+ | |||
+ | ### Jena 1 ### | ||
+ | protocol bgp Jena1 from PEERS { | ||
+ | import where (freifunk() && !net_local()); | ||
+ | export where (freifunk() || dn42()); | ||
+ | description " | ||
+ | neighbor 10.207.0.33 as 65055; | ||
+ | } | ||
+ | |||
+ | ### Jena 2 ### | ||
+ | protocol bgp Jena2 from PEERS { | ||
+ | import where (freifunk() && !net_local()); | ||
+ | export where (freifunk() || dn42()); | ||
+ | description " | ||
+ | neighbor 10.207.0.66 as 65055; | ||
+ | } | ||
+ | |||
+ | ### Wuppertal 1 ### | ||
+ | protocol bgp Wuppertal1 from PEERS { | ||
+ | import where (freifunk() && !net_local()); | ||
+ | export where (freifunk() || dn42()); | ||
+ | description " | ||
+ | neighbor 10.207.0.73 as 65523; | ||
+ | } | ||
+ | |||
+ | |||
+ | ### barnslig #### | ||
+ | protocol bgp dn42_barnslig from PEERS { | ||
+ | import where ((dn42() || chaosvpn()) && !net_local() && !net_hackint()); | ||
+ | export where (freifunk() || dn42() || chaosvpn()); | ||
+ | description " | ||
+ | neighbor 172.22.119.227 as 64753; | ||
+ | } | ||
+ | |||
+ | |||
+ | ### bodems #### | ||
+ | protocol bgp dn42_bodems from PEERS { | ||
+ | import where (dn42() && !net_local()); | ||
+ | export where (freifunk() || dn42() || chaosvpn()); | ||
+ | description " | ||
+ | neighbor 172.23.146.126 as 76124; | ||
+ | |||
+ | } | ||
+ | |||
+ | ### kiwi-ix ### | ||
+ | protocol bgp dn42_kiwi_ix from PEERS { | ||
+ | import where ((dn42() || chaosvpn()) && !net_local()); | ||
+ | export where (freifunk() ); | ||
+ | description " | ||
+ | neighbor 172.23.197.1 as 76119; | ||
+ | } | ||
+ | |||
+ | ### crest ### | ||
+ | protocol bgp dn42_crest from PEERS { | ||
+ | import where ((dn42() || chaosvpn()) && !net_local()); | ||
+ | export where (freifunk() || dn42() || chaosvpn()); | ||
+ | neighbor 172.22.254.124 as 64828; | ||
+ | } | ||
+ | |||
+ | ### thomasdotde ### | ||
+ | protocol bgp dn42_thomasdotde from PEERS { | ||
+ | import where ((dn42() || chaosvpn()) && !net_local()); | ||
+ | export where (freifunk() || dn42() || chaosvpn()); | ||
+ | neighbor 172.22.121.18 as 76196; | ||
+ | } | ||
+ | |||
+ | ### implementation #### | ||
+ | protocol bgp dn42_impl from PEERS { | ||
+ | import where ((dn42() || chaosvpn()) && !net_local()); | ||
+ | export where (freifunk() || dn42() || chaosvpn()); | ||
+ | neighbor 172.23.220.17 as 76376; | ||
+ | } | ||
+ | |||
+ | #### dn42 mare #### | ||
+ | protocol bgp dn42_mare from PEERS { | ||
+ | import where ((dn42() || chaosvpn()) && !net_local()); | ||
+ | export where (freifunk() || dn42() || chaosvpn()); | ||
+ | neighbor 172.22.235.254 as 64835; | ||
} | } | ||
- | ... | ||
- | |||
* bird6.conf | * bird6.conf | ||
- | Siehe bird.conf, Router-ID spielt keine Rolle | ||
+ | ### config for vpn1 ### | ||
+ | | ||
+ | log "/ | ||
+ | log syslog all; | ||
+ | | ||
+ | router id 10.29.131.187; | ||
+ | define myas = 65529; | ||
+ | table ebgp; | ||
+ | table ibgp; | ||
+ | #table internal_ospf; | ||
+ | table internal; | ||
+ | | ||
+ | | ||
+ | ### functions ### | ||
+ | | ||
+ | function net_local() { | ||
+ | return net ~ [ fdef: | ||
+ | } | ||
+ | | ||
+ | | ||
+ | function global_unicast(){ | ||
+ | return net ~ [ 2000::/ | ||
+ | } | ||
+ | | ||
+ | function ula(){ | ||
+ | return net ~ [ fc00::/ | ||
+ | } | ||
+ | | ||
+ | ### kernel ### | ||
+ | | ||
+ | protocol kernel { | ||
+ | scan time 10; | ||
+ | table internal; | ||
+ | kernel table 200; | ||
+ | import none; | ||
+ | export filter { | ||
+ | krt_prefsrc = fdef: | ||
+ | accept; | ||
+ | }; | ||
+ | }; | ||
+ | | ||
+ | protocol device { | ||
+ | scan time 10; | ||
+ | } | ||
+ | | ||
+ | | ||
+ | ### static routes for bgp ### | ||
+ | | ||
+ | protocol static { | ||
+ | route fdef: | ||
+ | table ebgp; | ||
+ | } | ||
+ | | ||
+ | | ||
+ | ### sync ebgp with ibgp ### | ||
+ | protocol pipe { | ||
+ | table ebgp; | ||
+ | peer table ibgp; | ||
+ | import where !net_local(); | ||
+ | export where !net_local(); | ||
+ | } | ||
+ | | ||
+ | ### sync ibgp with internal ### | ||
+ | protocol pipe { | ||
+ | table ibgp; | ||
+ | peer table internal; | ||
+ | import none; | ||
+ | export where (global_unicast() || ula()); | ||
+ | } | ||
+ | | ||
+ | | ||
+ | ### templates ### | ||
+ | | ||
+ | template bgp PEERS { | ||
+ | table ebgp; | ||
+ | local as myas; | ||
+ | import where ((ula() || global_unicast()) && !net_local()); | ||
+ | export where ula() || global_unicast(); | ||
+ | route limit 10000; | ||
+ | } | ||
+ | | ||
+ | template bgp bgp_ibgp { | ||
+ | table ibgp; | ||
+ | local as myas; | ||
+ | import filter { | ||
+ | preference = 99; | ||
+ | accept; | ||
+ | }; | ||
+ | export where source = RTS_BGP; | ||
+ | gateway direct; | ||
+ | next hop self; | ||
+ | } | ||
+ | | ||
+ | ### iBGP ### | ||
+ | protocol bgp vpn2 from bgp_ibgp { | ||
+ | description " | ||
+ | neighbor fdef: | ||
+ | } | ||
+ | | ||
+ | | ||
+ | ### eBGP ### | ||
+ | | ||
+ | ### Wermelskirchen 1 ### | ||
+ | protocol bgp Wermelskirchen1 from PEERS { | ||
+ | description " | ||
+ | neighbor fec0:: | ||
+ | } | ||
+ | | ||
+ | ### Wermelskirchen 2 ### | ||
+ | protocol bgp Wermelskirchen2 from PEERS { | ||
+ | description " | ||
+ | neighbor fec0:: | ||
+ | } | ||
+ | | ||
+ | #### diac24.net - offline ### | ||
+ | #protocol bgp diac24_net from PEERS { | ||
+ | # | ||
+ | # neighbor fec0:: | ||
+ | #} | ||
+ | | ||
+ | #### kiberpipa.net - offline ### | ||
+ | #protocol bgp kiberpipa_net from PEERS { | ||
+ | # | ||
+ | # neighbor fec0:: | ||
+ | #} | ||
+ | | ||
+ | ### Bayreuth 1 ### | ||
+ | protocol bgp Bayreuth1 from PEERS { | ||
+ | description " | ||
+ | neighbor fec0:: | ||
+ | } | ||
+ | | ||
+ | ### Luebeck 1 ### | ||
+ | protocol bgp Luebeck1 from PEERS { | ||
+ | description " | ||
+ | neighbor fec0:: | ||
+ | } | ||
+ | | ||
+ | ### Luebeck 2 ### | ||
+ | protocol bgp Luebeck2 from PEERS { | ||
+ | description " | ||
+ | neighbor fec0:: | ||
+ | } | ||
+ | | ||
+ | ### Gronau 1 ### | ||
+ | protocol bgp Gronau1 from PEERS { | ||
+ | description " | ||
+ | neighbor fec0:: | ||
+ | } | ||
+ | | ||
+ | ### Gronau 2 ### | ||
+ | protocol bgp Gronau2 from PEERS { | ||
+ | description " | ||
+ | neighbor fec0:: | ||
+ | } | ||
+ | | ||
+ | ### Hamburg 03 ### | ||
+ | protocol bgp Hamburg03 from PEERS { | ||
+ | description " | ||
+ | neighbor fec0:: | ||
+ | } | ||
+ | | ||
+ | ### Hamburg 01 ### | ||
+ | protocol bgp Hamburg01 from PEERS { | ||
+ | description " | ||
+ | neighbor fec0:: | ||
+ | } | ||
+ | | ||
+ | ### Hamburg 02 ### | ||
+ | protocol bgp Hamburg02 from PEERS { | ||
+ | description " | ||
+ | neighbor fec0:: | ||
+ | } | ||
+ | | ||
+ | ### Hamburg 04 ### | ||
+ | protocol bgp Hamburg04 from PEERS { | ||
+ | description " | ||
+ | neighbor fec0:: | ||
+ | } | ||
+ | | ||
+ | ### Hamburg 05 ### | ||
+ | protocol bgp Hamburg05 from PEERS { | ||
+ | description " | ||
+ | neighbor fec0:: | ||
+ | } | ||
+ | | ||
+ | #### bodems ### | ||
+ | protocol bgp dn42_bodems from PEERS { | ||
+ | description " | ||
+ | neighbor fdef: | ||
+ | } | ||
+ | | ||
+ | #### RheinlandDev #### | ||
+ | protocol bgp RheinlandDev from PEERS { | ||
+ | description " | ||
+ | neighbor fec0:: | ||
+ | } | ||
+ | | ||
+ | #### Weimar1 #### | ||
+ | protocol bgp Weimar1 from PEERS { | ||
+ | description " | ||
+ | neighbor fec0:: | ||
+ | } | ||
+ | | ||
+ | #### Weimar2 #### | ||
+ | protocol bgp Weimar2 from PEERS { | ||
+ | description " | ||
+ | neighbor fec0:: | ||
+ | } | ||
+ | | ||
+ | #### Wuppertal1 #### | ||
+ | protocol bgp Wuppertal1 from PEERS { | ||
+ | description " | ||
+ | neighbor fec0:: | ||
+ | } | ||
+ | | ||
+ | #### Kiel4 #### | ||
+ | protocol bgp Kiel4 from PEERS { | ||
+ | description " | ||
+ | neighbor fec0:: | ||
+ | } | ||
+ | | ||
+ | #### Kiel3 #### | ||
+ | protocol bgp Kiel3 from PEERS { | ||
+ | description " | ||
+ | neighbor fec0:: | ||
+ | } | ||
+ | | ||
+ | #### Leipzig2 #### | ||
+ | protocol bgp Leipzig2 from PEERS { | ||
+ | description " | ||
+ | neighbor fec0:: | ||
+ | } | ||
- | ===== Peering mit AS64753 ===== | ||
- | openvpn.conf | + | ===== Peerings zum DN42 ===== |
+ | Neben Peerings im ICVPN, haben wir auch noch Peerings über OpenVPN und GRE+IPsec zum DN42. Derzeit sind das folgende: | ||
- | | + | |
- | | + | |
- | | + | |
- | | + | |
- | | + | |
- | | + | |
- | | + | |
- | | + | |
- | | + | |
- | user nobody | + | |
- | group nogroup | + | |
- | persist-key | + | |
- | persist-tun | + | |
- | ifconfig 10.207.0.59 172.22.119.194 | + | |
- | Zum Starten zusammen mit tinc, folgende Zeile in tinc-up | + | Für jeden Peer existiert ein Ordner |
- | openvpn --daemon --config openvpn.conf | + | |
- | + | ||
- | + | ||
- | /etc/bird.conf | + | |
- | protocol bgp R64753x1 from PEERS { | + | |
- | description "dn42 AS64753"; | + | |
- | neighbor 172.22.119.194 as 64753; | + | |
- | } | + |