Benutzer-Werkzeuge


    Warning: Undefined array key "REMOTE_USER" in /usr/local/www/wiki.freifunk-bielefeld.de/lib/tpl/starter/main.php on line 62
  • Admin

  • Warning: Undefined array key "REMOTE_USER" in /usr/local/www/wiki.freifunk-bielefeld.de/lib/tpl/starter/tpl_functions.php on line 50

    Warning: Undefined array key "REMOTE_USER" in /usr/local/www/wiki.freifunk-bielefeld.de/lib/tpl/starter/tpl_functions.php on line 77
  • Registrieren

Webseiten-Werkzeuge


Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen angezeigt.

Link zu dieser Vergleichsansicht

Nächste Überarbeitung
Vorhergehende Überarbeitung
ic-vpn [2013/04/07 21:53] – angelegt bodemsic-vpn [2023/06/04 11:32] (aktuell) – Externe Bearbeitung 127.0.0.1
Zeile 6: Zeile 6:
   * [[http://wiki.freifunk.net/IP-Netze|IP-Netze]]   * [[http://wiki.freifunk.net/IP-Netze|IP-Netze]]
       * Bielefeld IPv4: 10.29.0.0/16       * Bielefeld IPv4: 10.29.0.0/16
 +        * Transfernetz-IP vpn1: 10.207.0.59
 +        * Transfernetz-IP vpn2: 10.207.0.67
       * Bielefeld IPv6: fdef:17a0:ffb1::/48       * Bielefeld IPv6: fdef:17a0:ffb1::/48
 +        * Transfernetz-IP vpn1: fec0::a:cf:0:59/96
 +        * Transfernetz-IP vpn2: fec0::a:cf:0:60/96
   * [[http://wiki.freifunk.net/AS-Nummern|AS-Nummern]]   * [[http://wiki.freifunk.net/AS-Nummern|AS-Nummern]]
       * Bielefeld AS: 65529       * Bielefeld AS: 65529
   * [[http://wiki.freifunk.net/IC-VPN|Anleitung]]   * [[http://wiki.freifunk.net/IC-VPN|Anleitung]]
  
-Tinc und quagga sind schon auf vpn1 installiert, Schlüsselpaar für tinc erzeugt (Backup gibts auch) und eine Testkonfiguration angelegtDie Skripte tinc-up und tinc-down müssten noch um Routingangaben ergänzt und quagga eingerichtet werdeneine Beispielkonfig ist im Freifunk-Wiki.+===== Stand 07.02.14 ===== 
 +  * Auf vpn1 läuft ein LookingGlass für IPv4 und IPv6, leider hakt das noch etwas, weil der User vom Apache Zugriff auf den bird-Prozess braucht 
 +    * [[http://vpn1.freifunk-bielefeld.de/ulg/ulg.py | IPv4]] 
 +    * [[http://vpn1.freifunk-bielefeld.de/ulgv6/ulg.py | IPv6]] 
 +  * Peering mit 
 +      *  Lübeck1 
 +      * Augsburg1 
 +      * Gronau1 
 +      * noch ein paar andere Städte 
 +      * DN42siehe unten
  
-Die Lübecker fragten beim 29c3, ob wir mit ihnen peeren wollenwen könnte man noch fragendamit das ausfallsicherer wird?+===== Einrichten ===== 
 +=== Pakete === 
 +  * bird 
 +  * bird6 
 +  * tinc 
 + 
 + 
 +==== tinc ==== 
 +  * tinc.conf 
 + 
 +  Name = bielefeld1 
 +  PrivateKeyFile = /etc/tinc/icvpn/rsa_key.priv 
 +  Mode = Switch 
 +  PingTimeout = 30 
 +  Port = 655 
 +  Hostname = yes 
 +  ConnectTo = augsburg1 
 +  ConnectTo = luebeck1 
 +  ConnectTo = gronau1 
 + 
 + 
 +  * tinc-up 
 + 
 +  !/bin/sh 
 +  ip link set dev icvpn up 
 +  ip addr add dev icvpn 10.207.0.59/16 broadcast 10.207.255.255 
 +  ip -6 addr add dev icvpn fec0::a:cf:0:59/96 
 +  ip rule add dev br-mesh table icvpn prio 32764 
 +  ip -6 rule add dev br-mesh table icvpn prio 32764 
 + 
 + 
 +  * tinc-down 
 + 
 +  #!/bin/sh 
 +  ip del dev icvpn 10.207.0.59/16 broadcast 10.207.255.255 
 +  ip -6 addr del dev icvpn fec0::a:cf:0:59/96 
 +  ip link set dev icvpn down 
 +  ip rule del prio 32764 
 +  ip -6 rule del prio 32764 
 + 
 + 
 +  * /etc/iproute2/rt_tables 
 + 
 +zusätzliche Zeile mit 
 +  200 icvpn 
 + 
 + 
 +==== bird ==== 
 + 
 +  * bird.conf 
 + 
 +  ### config for vpn1 ### 
 +   
 +  log "/var/log/bird.log" all; 
 +  log syslog all; 
 +   
 +  router id 10.29.131.187; 
 +  define myas = 65529; 
 +  table ebgp; 
 +  table ibgp; 
 +  #table internal_ospf; 
 +  table internal; 
 +   
 +   
 +  ### functions ### 
 +   
 +  function net_martian() 
 +  { 
 +  return net ~ [ 169.254.0.0/16+127.0.0.0/8+224.0.0.0/4+, 240.0.0.0/4+, 0.0.0.0/0{0,7}, 192.168.0.0/16+ ]; 
 +  } 
 +   
 +  function net_local() { 
 + return net ~ [ 10.29.0.0/16+ ]; 
 +  } 
 +   
 +  function dn42() 
 +  { 
 +  return net ~ [ 172.22.0.0/15+, 
 +  195.160.168.0/23+, 
 +  91.204.4.0/22+, 
 +  193.43.220.0/23+, 
 +  83.133.178.0/23+, 
 +  87.106.29.254/32, 
 +  85.25.246.16/28+, 
 +  46.4.248.192/27+, 
 +  94.45.224.0/19+, 
 +  195.191.196.0/23+, 
 +  80.244.241.224/27+, 
 +  46.19.90.48/28+, 
 +  46.19.90.96/28+, 
 +  178.63.170.40/32, 
 +  188.40.34.241/32, 
 +  195.16.84.40/29+, 
 +  37.1.89.160/29+, 
 +  178.33.32.123/32+, 
 +  37.1.89.160/29+, 
 +  185.28.77.16/29+, 
 +  185.28.77.192/27+, 
 +  192.175.48.0/24+ ]; 
 +  } 
 +   
 +  function chaosvpn() { 
 +  return net ~ [ 10.4.0.0/16+, 
 +  10.32.0.0/16+, 
 +  10.100.0.0/14+, 
 +  10.104.0.0/14+, 
 +  172.31.0.0/16+ ]; 
 +  } 
 +   
 +  function freifunk() { 
 +  return net ~ [ 10.0.0.0/8+, 
 +  104.0.0.0/8+ ]; 
 +  } 
 +   
 +  function net_hackint() 
 +  { 
 +  return net ~ [ 172.22.24.0/28+ ]; 
 +  } 
 +   
 +  function accept_all() 
 +  { 
 +  if net_martian() || net_local() then return false; 
 +  return true; 
 +  } 
 +   
 +   
 +  ### kernel ### 
 +   
 +  protocol kernel { 
 +  scan time 10; 
 +  table internal; 
 +  kernel table 200; 
 +  import none; 
 +  export filter { 
 +  krt_prefsrc = 10.29.131.187;   # edit: own ip 
 +  accept; 
 +  }; 
 +  }; 
 +   
 +  protocol device { 
 +  scan time 10; 
 +  } 
 +   
 +   
 +  ### static routes for bgp ### 
 +   
 +  protocol static { 
 +  route 10.29.0.0/16 reject; 
 +  table ebgp; 
 +  } 
 +   
 +  ### static routes for ospf ### 
 +  protocol static { 
 +  route 10.29.0.0/16 via "br-mesh"; 
 +  table internal; 
 +  }; 
 +   
 +   
 +  ### sync ebgp with ibgp ### 
 +   
 +  protocol pipe { 
 +  table ebgp; 
 +  peer table ibgp; 
 +  import all; 
 +  export where !net_local(); 
 +  } 
 +   
 +  ### sync ibgp with internal ### 
 +  protocol pipe { 
 +  table ibgp; 
 +  peer table internal; 
 +  import none; 
 +  export where (freifunk() || dn42()); 
 +  } 
 +   
 +  ### templates ### 
 +   
 +  template bgp PEERS { 
 +  table ebgp; 
 +  local as myas; 
 +  #import filter bgp_in; 
 +  export all; 
 +  route limit 10000; 
 +  } 
 +   
 +  template bgp bgp_ibgp { 
 +  table ibgp; 
 +  local as myas; 
 +  import filter { 
 +  preference = 99; 
 +  accept;  
 +  }; 
 +  export where source = RTS_BGP; 
 +  gateway direct; 
 +  next hop self; 
 +  } 
 +   
 +  ### iBGP ### 
 +   
 +  protocol bgp vpn2 from bgp_ibgp { 
 +  neighbor 10.29.132.192 as 65529; 
 +  } 
 +   
 +  ### eBGP ### 
 +   
 +  ### Leipzig1 ### 
 +  #protocol bgp Leipzig1 from PEERS { 
 +  # description "Leipzig1"; 
 +  # neighbor 10.207.0.1 as 65041; 
 +  #} 
 +   
 +  ### Leipzig2 ### 
 +  protocol bgp Leipzig2 from PEERS { 
 +  description "import: freifunk; export: freifunk, dn42"; 
 +  import where (freifunk() && !net_local()); 
 +  export where (freifunk() || dn42()); 
 +  neighbor 10.207.0.2 as 65041; 
 +  } 
 +   
 +  ### Leipzig-DB ### 
 +  #protocol bgp Leipzig_DB from PEERS { 
 +  # description "Leipzig-DB"; 
 +  # neighbor 10.207.255.1 as 65041; 
 +  #} 
 +   
 +  ### Weimar1 ### 
 +  protocol bgp Weimar1 from PEERS { 
 +  description "import: freifunk; export: freifunk, dn42"; 
 +  import where (freifunk() && !net_local()); 
 +  export where (freifunk() || dn42()); 
 +  neighbor 10.207.0.3 as 65042; 
 +  } 
 +   
 +  ### Weimar2 ### 
 +  protocol bgp Weimar2 from PEERS { 
 +        description "import: freifunk; export: freifunk, dn42"; 
 +        import where (freifunk() && !net_local()); 
 +        export where (freifunk() || dn42()); 
 +        neighbor 10.207.0.4 as 65042; 
 +  } 
 +   
 +  ### Berlin1 ### 
 +  protocol bgp Berlin1 from PEERS { 
 +  description "import: freifunk; export: freifunk, dn42"; 
 +  import where (freifunk() && !net_local()); 
 +  export where (freifunk() || dn42()); 
 +  neighbor 10.207.0.5 as 44194; 
 +  } 
 +   
 +  ### Berlin2 ### 
 +  #protocol bgp Berlin2 from PEERS { 
 +  # description "Berlin2"; 
 +  # neighbor 10.207.0.6 as 44194; 
 +  #} 
 +   
 +  ### Wermelskirchen 1 ### 
 +  protocol bgp Wermelskirchen1 from PEERS { 
 +  description "import: freifunk; export: freifunk, dn42"; 
 +  import where (freifunk() && !net_local()); 
 +  export where (freifunk() || dn42()); 
 +  neighbor 10.207.0.7 as 65530; 
 +  } 
 +   
 +  ### Wermelskirchen2 ### 
 +  protocol bgp Wermelskirchen2 from PEERS { 
 +  description "Wermelskirchen2"; 
 +  import where (freifunk() && !net_local());  
 +        export where (freifunk() || dn42()); 
 +  neighbor 10.207.0.8 as 65530; 
 +  } 
 +   
 +  ### Stuttgart1 ### 
 +  #protocol bgp Stuttgart1 from PEERS { 
 +  # description "Stuttgart1"; 
 +  # neighbor 10.207.0.11 as 65045; 
 +  #} 
 +   
 +  ### Stuttgart2 ### 
 +  #protocol bgp Stuttgart2 from PEERS { 
 +  # description "Stuttgart2"; 
 +  # neighbor 10.207.0.12 as 65045; 
 +  #} 
 +   
 +  ### Halle1 ### 
 +  protocol bgp Halle1 from PEERS { 
 +  description "import: freifunk; export: freifunk, dn42"; 
 +  import where (freifunk() && !net_local()); 
 +  export where (freifunk() || dn42()); 
 +  neighbor 10.207.0.13 as 65046; 
 +  } 
 +   
 +  ### Halle2 ### 
 +  protocol bgp Halle2 from PEERS { 
 +  description "import: freifunk; export: freifunk, dn42"; 
 +  import where (freifunk() && !net_local()); 
 +  export where (freifunk() || dn42()); 
 +  neighbor 10.207.0.14 as 65046; 
 +  } 
 +   
 +  ### Aurich1 ### 
 +  #protocol bgp Aurich1 from PEERS { 
 +  # description "Aurich1"; 
 +  # neighbor 10.207.0.15 as 65047; 
 +  #} 
 +   
 +  ### Augsburg1 ### 
 +  protocol bgp Augsburg1 from PEERS { 
 +  description "import: freifunk, dn42; export: freifunk, dn42"; 
 +  import where ((freifunk() || dn42()) && !net_local()); 
 +  export where (freifunk() || dn42()); 
 +  neighbor 10.207.0.17 as 65050; 
 +  } 
 +   
 +  ### Augsburg2 ### 
 +  protocol bgp Augsburg2 from PEERS { 
 +  description "import: freifunk, dn42; export: freifunk, dn42"; 
 +  import where ((freifunk() || dn42()) && !net_local()); 
 +  export where (freifunk() || dn42()); 
 +  neighbor 10.207.0.68 as 65050; 
 +  } 
 +   
 +  ### Dresden1 ### 
 +  protocol bgp Dresden1 from PEERS { 
 +  description "import: freifunk; export: freifunk, dn42"; 
 +  import where (freifunk() && !net_local()); 
 +  export where (freifunk() || dn42()); 
 +  neighbor 10.207.0.19 as 65051; 
 +  } 
 +   
 +  ### Hannover 1 ### 
 +  #protocol bgp Hannover1 from PEERS { 
 +  # description "Hannover1"; 
 +  # neighbor 10.207.0.22 as 65511; 
 +  #} 
 +   
 +  ### Franken 1 ### 
 +  protocol bgp Franken1 from PEERS { 
 +  description "import: freifunk; export: freifunk, dn42"; 
 +  import where (freifunk() && !net_local()); 
 +  export where (freifunk() || dn42()); 
 +  neighbor 10.207.0.23 as 65024; 
 +  } 
 +   
 +  ### Franken 2 ### 
 +  #protocol bgp Franken2 from PEERS { 
 +  # description "Franken2"; 
 +  # neighbor 10.207.0.24 as 65024; 
 +  #} 
 +   
 +  ### Grossdraxdorf ### 
 +  #protocol bgp Grossdraxdorf from PEERS { 
 +  # description "Großraxdorf"; 
 +  # neighbor 10.207.0.25 as 65025; 
 +  #} 
 +   
 +  ### Bad Zwischenahn 1 ### 
 +  #protocol bgp Bad_Zwischenahn1 from PEERS { 
 +  # description "BadZwischenahn1"; 
 +  # neighbor 10.207.0.26 as 65512; 
 +  #} 
 +   
 +  ### Oldenburg 1 ### 
 +  protocol bgp Oldenburg1 from PEERS { 
 +  description "import: freifunk; export: freifunk, dn42"; 
 +  import where (freifunk() && !net_local()); 
 +  export where (freifunk() || dn42()); 
 +  neighbor 10.207.0.27 as 65513; 
 +  } 
 +   
 +  ### Bayreuth 1 ### 
 +  protocol bgp Bayreuth1 from PEERS { 
 +  description "Bayreuth1"; 
 +  import where (freifunk() && !net_local()); 
 +  export where (freifunk() || dn42()); 
 +  neighbor 10.207.0.28 as 65025; 
 +  } 
 +   
 +  ### diac24.net ### 
 +  #protocol bgp diac24_net from PEERS { 
 +  # description "diac24.net"; 
 +  # neighbor 10.207.2.0 as 64600; 
 +  #} 
 +   
 +  ### kiberpipa.net ### 
 +  #protocol bgp kiberpipa_net from PEERS { 
 +  # description "kiberpipa.net"; 
 +  # neighbor 10.207.3.23 as 65023; 
 +  #} 
 +   
 +  ### Franken 3 ### 
 +  #protocol bgp Franken3 from PEERS { 
 +  # description "Franken3"; 
 +  # neighbor 10.207.0.31 as 65024; 
 +  #} 
 +   
 +  ### Koblenz ### 
 +  #protocol bgp Koblenz from PEERS { 
 +  # description "Koblenz"; 
 +  # neighbor 10.207.0.32 as 65032; 
 +  #} 
 +   
 +  ### Mainz 1 ### 
 +  protocol bgp Mainz1 from PEERS { 
 +  description "import: freifunk; export: freifunk, dn42"; 
 +  import where (freifunk() && !net_local()); 
 +  export where (freifunk() || dn42()); 
 +  neighbor 10.207.0.37 as 65037; 
 +  } 
 +   
 +  ### Luebeck 1 ### 
 +  protocol bgp Luebeck1 from PEERS { 
 +  import where ((freifunk() && !net_local())); 
 +  export where (freifunk() || dn42()); 
 +  description "import: freifunk, dn42; export: freifunk, dn42"; 
 +  neighbor 10.207.0.130 as 65052; 
 +  } 
 +   
 +  ### Luebeck 2 ### 
 +  protocol bgp Luebeck2 from PEERS { 
 +  import where ((freifunk() && !net_local())); 
 +  export where (freifunk() || dn42()); 
 +  description "import: freifunk, dn42; export: freifunk, dn42"; 
 +  neighbor 10.207.0.131 as 65052; 
 +  } 
 +   
 +  ### Frankfurt 1 ### 
 +  protocol bgp Frankfurt1 from PEERS { 
 +  import where (freifunk() && !net_local()); 
 +  export where (freifunk() || dn42()); 
 +  description "import: freifunk; export: freifunk, dn42"; 
 +  neighbor 10.207.0.35 as 65026; 
 +  } 
 +   
 +  ### Chemnitz 1 ### 
 +  protocol bgp Chemnitz1 from PEERS { 
 +  import where (freifunk() && !net_local()); 
 +  export where (freifunk() || dn42()); 
 +  description "Chemnitz1"; 
 +  neighbor 10.207.0.36 as 65053; 
 +  } 
 +   
 +  ### Schilcher 1 ### 
 +  #protocol bgp Schilcher1 from PEERS { 
 +  # description "Schilcher1"; 
 +  # neighbor 10.207.0.51 as 65054; 
 +  #} 
 +   
 +  ### Gronau 1 ### 
 +  protocol bgp Gronau1 from PEERS { 
 +  import where (freifunk() && !net_local()); 
 +  export where (freifunk() || dn42()); 
 +  description "import: freifunk; export: freifunk, dn42"; 
 +  neighbor 10.207.0.55 as 65526; 
 +  } 
 +   
 +  ### Gronau 2 ### 
 +  protocol bgp Gronau2 from PEERS { 
 +  import where (freifunk() && !net_local()); 
 +  export where (freifunk() || dn42()); 
 +  description "import: freifunk; export: freifunk, dn42"; 
 +  neighbor 10.207.0.60 as 65526; 
 +  } 
 +   
 +  ### Schwarzach 1 ### 
 +  protocol bgp Schwarzach1 from PEERS { 
 +  import where (freifunk() && !net_local()); 
 +  export where (freifunk() || dn42()); 
 +  description "import: freifunk; export: freifunk, dn42"; 
 +  neighbor 10.207.0.56 as 65527; 
 +  } 
 +   
 +  ### Hamburg 01 ### 
 +  protocol bgp Hamburg01 from PEERS { 
 +  import where (freifunk() && !net_local()); 
 +  export where (freifunk() || dn42()); 
 +  description "import: freifunk; export: freifunk, dn42"; 
 +  neighbor 10.207.0.62 as 65112; 
 +  } 
 +   
 +  ### Kiel4 ### 
 +  protocol bgp Kiel4 from PEERS { 
 +          import where (freifunk() && !net_local()); 
 +          export where (freifunk() || dn42()); 
 +          description "import: freifunk; export: freifunk, dn42"; 
 +          neighbor 10.207.0.58 as 65525; 
 +  } 
 +   
 +  ### Hamburg 05 ### 
 +  protocol bgp Hamburg05 from PEERS { 
 +  import where (freifunk() && !net_local()); 
 +  export where (freifunk() || dn42()); 
 +  description "import: freifunk; export: freifunk, dn42"; 
 +  neighbor 10.207.0.65 as 65112; 
 +  } 
 +   
 +  ### Jena 1 ### 
 +  protocol bgp Jena1 from PEERS { 
 +          import where (freifunk() && !net_local()); 
 +          export where (freifunk() || dn42()); 
 +          description "import: freifunk; export: freifunk, dn42"; 
 +          neighbor 10.207.0.33 as 65055; 
 +  } 
 +   
 +  ### Jena 2 ### 
 +  protocol bgp Jena2 from PEERS { 
 +          import where (freifunk() && !net_local()); 
 +          export where (freifunk() || dn42()); 
 +          description "import: freifunk; export: freifunk, dn42"; 
 +          neighbor 10.207.0.66 as 65055; 
 +  } 
 +   
 +  ### Wuppertal 1 ### 
 +  protocol bgp Wuppertal1 from PEERS { 
 +          import where (freifunk() && !net_local()); 
 +          export where (freifunk() || dn42()); 
 +          description "import: freifunk; export: freifunk, dn42"; 
 +          neighbor 10.207.0.73 as 65523; 
 +  } 
 +   
 +   
 +  ### barnslig #### 
 +  protocol bgp dn42_barnslig from PEERS { 
 +  import where ((dn42() || chaosvpn()) && !net_local() && !net_hackint()); 
 +  export where (freifunk() || dn42() || chaosvpn()); 
 +  description "import: dn42, chaosvpn; reject hackint; export: freifunk, dn42"; 
 +  neighbor 172.22.119.227 as 64753; 
 +  } 
 +   
 +   
 +  ### bodems #### 
 +  protocol bgp dn42_bodems from PEERS { 
 +  import where (dn42() && !net_local()); 
 +  export where (freifunk() || dn42() || chaosvpn()); 
 +  description "import: dn42; export: freifunk, dn42, chaosvpn"; 
 +  neighbor 172.23.146.126 as 76124; 
 +   
 +  } 
 +   
 +  ### kiwi-ix ### 
 +  protocol bgp dn42_kiwi_ix from PEERS { 
 +  import where ((dn42() || chaosvpn()) && !net_local()); 
 +  export where (freifunk() ); 
 +  description "import: dn42, chaosvpn; export: freifunk"; 
 +  neighbor 172.23.197.1 as 76119; 
 +  } 
 +   
 +  ### crest ### 
 +  protocol bgp dn42_crest from PEERS { 
 +  import where ((dn42() || chaosvpn()) && !net_local()); 
 +  export where (freifunk() || dn42() || chaosvpn()); 
 +          neighbor 172.22.254.124 as 64828; 
 +  } 
 +   
 +  ### thomasdotde ### 
 +  protocol bgp dn42_thomasdotde from PEERS { 
 +  import where ((dn42() || chaosvpn()) && !net_local()); 
 +  export where (freifunk() || dn42() || chaosvpn()); 
 +        neighbor 172.22.121.18 as 76196; 
 +  } 
 +   
 +  ### implementation #### 
 +  protocol bgp dn42_impl from PEERS { 
 +  import where ((dn42() || chaosvpn()) && !net_local()); 
 +  export where (freifunk() || dn42() || chaosvpn()); 
 +        neighbor 172.23.220.17 as 76376; 
 +  } 
 +   
 +  #### dn42 mare #### 
 +  protocol bgp dn42_mare from PEERS { 
 +  import where ((dn42() || chaosvpn()) && !net_local()); 
 +  export where (freifunk() || dn42() || chaosvpn()); 
 +  neighbor 172.22.235.254 as 64835; 
 +  } 
 + 
 +  * bird6.conf 
 + 
 +  ### config for vpn1 ### 
 +   
 +  log "/var/log/bird6.log" all; 
 +  log syslog all; 
 +   
 +  router id 10.29.131.187; 
 +  define myas = 65529; 
 +  table ebgp; 
 +  table ibgp; 
 +  #table internal_ospf; 
 +  table internal; 
 +   
 +   
 +  ### functions ### 
 +   
 +  function net_local() { 
 +  return net ~ [ fdef:17a0:ffb1::/48+]; 
 +  } 
 +   
 +   
 +  function global_unicast(){ 
 +  return net ~ [ 2000::/3{48,64} ]; 
 +  } 
 +   
 +  function ula(){ 
 +  return net ~ [ fc00::/7{48,64} ]; 
 +  } 
 +   
 +  ### kernel ### 
 +   
 +  protocol kernel { 
 +  scan time 10; 
 +  table internal; 
 +  kernel table 200; 
 +  import none; 
 +  export filter { 
 +  krt_prefsrc = fdef:17a0:ffb1:0:44a:8aff:fea5:adc;   # edit: own ip 
 +  accept; 
 +  }; 
 +  }; 
 +   
 +  protocol device { 
 +  scan time 10; 
 +  } 
 +   
 +   
 +  ### static routes for bgp ### 
 +   
 +  protocol static { 
 +  route fdef:17a0:ffb1::/48 reject; 
 +  table ebgp; 
 +  } 
 +   
 +   
 +  ### sync ebgp with ibgp ### 
 +  protocol pipe { 
 +  table ebgp; 
 +  peer table ibgp; 
 +  import where !net_local(); 
 +  export where !net_local(); 
 +  } 
 +   
 +  ### sync ibgp with internal ### 
 +  protocol pipe { 
 +  table ibgp; 
 +  peer table internal; 
 +  import none; 
 +  export where (global_unicast() || ula()); 
 +  } 
 +   
 +   
 +  ### templates ### 
 +   
 +  template bgp PEERS { 
 +  table ebgp; 
 +  local as myas; 
 +  import where ((ula() || global_unicast()) && !net_local()); 
 +  export where ula() || global_unicast(); 
 +  route limit 10000; 
 +  } 
 +   
 +  template bgp bgp_ibgp { 
 +  table ibgp; 
 +  local as myas; 
 +  import filter { 
 +  preference = 99; 
 +  accept;  
 +  }; 
 +  export where source = RTS_BGP; 
 +  gateway direct; 
 +  next hop self; 
 +  } 
 +   
 +  ### iBGP ### 
 +  protocol bgp vpn2 from bgp_ibgp { 
 +  description "import: any; export: any"; 
 +  neighbor fdef:17a0:ffb1:0:1cd0:63ff:fe81:1af2 as 65529; 
 +  } 
 +   
 +   
 +  ### eBGP ### 
 +   
 +  ### Wermelskirchen 1 ### 
 +  protocol bgp Wermelskirchen1 from PEERS { 
 +  description "import: any; export: any"; 
 +  neighbor fec0::a:cf:0:7 as 65530; 
 +  }      
 +   
 +  ### Wermelskirchen 2 ### 
 +  protocol bgp Wermelskirchen2 from PEERS { 
 +  description "import: any; export: any"; 
 +  neighbor fec0::a:cf:0:8 as 65530; 
 +  } 
 +   
 +  #### diac24.net - offline ### 
 +  #protocol bgp diac24_net from PEERS { 
 +  # description "diac24.net"; 
 +  # neighbor fec0::a:cf:ac:16 as 64600; 
 +  #} 
 +   
 +  #### kiberpipa.net - offline ### 
 +  #protocol bgp kiberpipa_net from PEERS { 
 +  # description "kiberpipa.net"; 
 +  # neighbor fec0::a:cf:3:23 as 65023; 
 +  #} 
 +   
 +  ### Bayreuth 1 ### 
 +  protocol bgp Bayreuth1 from PEERS { 
 +  description "import: any; export: any"; 
 +  neighbor fec0::a:cf:0:19 as 65025; 
 +  } 
 +   
 +  ### Luebeck 1 ### 
 +  protocol bgp Luebeck1 from PEERS { 
 +  description "import: any; export: any"; 
 +  neighbor fec0::a:cf:0:82 as 65052; 
 +  } 
 +   
 +  ### Luebeck 2 ### 
 +  protocol bgp Luebeck2 from PEERS { 
 +  description "import: any; export: any"; 
 +  neighbor fec0::a:cf:0:83 as 65052; 
 +  } 
 +   
 +  ### Gronau 1 ### 
 +  protocol bgp Gronau1 from PEERS { 
 +  description "import: any; export: any"; 
 +  neighbor fec0::a:cf:0:50 as 65526; 
 +  } 
 +   
 +  ### Gronau 2 ### 
 +  protocol bgp Gronau2 from PEERS { 
 +  description "import: any; export: any"; 
 +  neighbor fec0::a:cf:0:51 as 65526; 
 +  } 
 +   
 +  ### Hamburg 03 ### 
 +  protocol bgp Hamburg03 from PEERS { 
 +  description "import: any; export: any"; 
 +  neighbor fec0::a:cf:0:3d as 65112; 
 +  } 
 +   
 +  ### Hamburg 01 ### 
 +  protocol bgp Hamburg01 from PEERS { 
 +  description "import: any; export: any"; 
 +  neighbor fec0::a:cf:0:3e as 65112; 
 +  } 
 +   
 +  ### Hamburg 02 ### 
 +  protocol bgp Hamburg02 from PEERS { 
 +  description "import: any; export: any"; 
 +  neighbor fec0::a:cf:0:3f as 65112; 
 +  } 
 +   
 +  ### Hamburg 04 ### 
 +  protocol bgp Hamburg04 from PEERS { 
 +  description "import: any; export: any"; 
 +  neighbor fec0::a:cf:0:40 as 65112; 
 +  } 
 +   
 +  ### Hamburg 05 ### 
 +  protocol bgp Hamburg05 from PEERS { 
 +  description "import: any; export: any"; 
 +  neighbor fec0::a:cf:0:41 as 65112; 
 +  } 
 +   
 +  #### bodems ### 
 +  protocol bgp dn42_bodems from PEERS { 
 +          description "import: any; export: any"; 
 +          neighbor fdef:17a0:ffb1:0:fad1:11ff:fe4b:3966 as 76124; 
 +  } 
 +   
 +  #### RheinlandDev #### 
 +  protocol bgp RheinlandDev from PEERS { 
 +          description "import: any; export: any"; 
 +          neighbor fec0::a:cf:0:4e as 65078; 
 +  } 
 +   
 +  #### Weimar1 #### 
 +  protocol bgp Weimar1 from PEERS { 
 +        description "import: any; export: any"; 
 +        neighbor fec0::a:cf:0:3 as 65042; 
 +  } 
 +   
 +  #### Weimar2 #### 
 +  protocol bgp Weimar2 from PEERS { 
 +        description "import: any; export: any"; 
 +        neighbor fec0::a:cf:0:4 as 65042; 
 +  } 
 +   
 +  #### Wuppertal1 #### 
 +  protocol bgp Wuppertal1 from PEERS { 
 +        description "import: any; export: any"; 
 +        neighbor fec0::a:cf:0:71 as 65523; 
 +  } 
 +   
 +  #### Kiel4 #### 
 +  protocol bgp Kiel4 from PEERS { 
 + description "import: any; export: any"; 
 + neighbor fec0::a:cf:0:3a as 65525; 
 +  } 
 +   
 +  #### Kiel3 #### 
 +  protocol bgp Kiel3 from PEERS { 
 + description "import: any; export: any"; 
 + neighbor fec0::a:cf:0:36 as 65525; 
 +  } 
 +   
 +  #### Leipzig2 #### 
 +  protocol bgp Leipzig2 from PEERS { 
 +  description "import: any; export: any"; 
 +  neighbor fec0::a:cf:0:2 as 65041; 
 +  } 
 + 
 + 
 +===== Peerings zum DN42 ===== 
 +Neben Peerings im ICVPN, haben wir auch noch Peerings über OpenVPN und GRE+IPsec zum DN42. Derzeit sind das folgende: 
 + 
 +  * barnslig (AS64753) 
 +  * bodems (AS76124) 
 +  * kiwi (zu seinem IX, AS76119) 
 +  * crest (AS64828) 
 +  * thomasdotde (AS76196) 
 +  * implementation (AS76376) 
 +  * mare (AS64835) 
 +  * siska (AS76103) 
 +  * firehat (AS64844) 
 + 
 +Für jeden Peer existiert ein Ordner in /root/dn42 mit der config, Backups hat Bodems