Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen angezeigt.

--- ic-vpn [2013/11/10 14:31] – [tinc] bodems
+++ ic-vpn [2023/06/04 11:32] (aktuell) – Externe Bearbeitung 127.0.0.1
@@ Zeile 15: / Zeile 15: @@
   * [[http://wiki.freifunk.net/IC-VPN|Anleitung]]
-===== Stand 29.10.13 =====
+===== Stand 07.02.14 =====
-  * Peering mit Lübeck1, Augsburg1, Gronau1 über tinc und mit AS64753 zum dn42 über OpenVPN
+  * Auf vpn1 läuft ein LookingGlass für IPv4 und IPv6, leider hakt das noch etwas, weil der User vom Apache Zugriff auf den bird-Prozess braucht
-  * auf neuem Gateway bird statt quagga, Routen werden jetzt in icvpn-Tabelle exportiert
+    * [[http://vpn1.freifunk-bielefeld.de/ulg/ulg.py | IPv4]]
-  * todo
+    * [[http://vpn1.freifunk-bielefeld.de/ulgv6/ulg.py | IPv6]]
-      * vpn2 in ICVPN integrieren
+  * Peering mit
+      *  Lübeck1
+      * Augsburg1
+      * Gronau1
+      * noch ein paar andere Städte
+      * DN42, siehe unten
 ===== Einrichten =====
@@ Zeile 72: / Zeile 77: @@
   * bird.conf
+  ### config for vpn1 ###
   log "/var/log/bird.log" all;
   log syslog all;
-  router id 10.29.132.192;
+  router id 10.29.131.187;
   define myas = 65529;
-  table icvpn;
+  table ebgp;
+  table ibgp;
+  #table internal_ospf;
+  table internal;
-  ### filters and functions ###
+  ### functions ###
   function net_martian()
@@ Zeile 88: / Zeile 98: @@
   function net_local() {
-  	return net ~ [ 10.29.0.0/16+];
+	return net ~ [ 10.29.0.0/16+ ];
   }
+  function dn42()
-  function export_all()
   {
-  	if net_martian() then return false;
+  	return net ~ [ 172.22.0.0/15+,
-  	return true;
+.160.168.0/23+,
+.204.4.0/22+,
+.43.220.0/23+,
+.133.178.0/23+,
+.106.29.254/32,
+.25.246.16/28+,
+.4.248.192/27+,
+.45.224.0/19+,
+.191.196.0/23+,
+.244.241.224/27+,
+.19.90.48/28+,
+.19.90.96/28+,
+.63.170.40/32,
+.40.34.241/32,
+.16.84.40/29+,
+.1.89.160/29+,
+.33.32.123/32+,
+.1.89.160/29+,
+.28.77.16/29+,
+.28.77.192/27+,
+.175.48.0/24+ ];
   }
-  function import_all()
+  function chaosvpn() {
-  {
+  	return net ~ [ 	10.4.0.0/16+,
-  	if net_martian() || net_local() then return false;
+.32.0.0/16+,
-  	return true;
+.100.0.0/14+,
+.104.0.0/14+,
+.31.0.0/16+ ];
   }
-  filter bgp_out
+  function freifunk() {
+  	return net ~ [ 10.0.0.0/8+,
+.0.0.0/8+ ];
+  }
+  function net_hackint()
   {
-  	if ! export_all() then reject;
+  	return net ~ [ 172.22.24.0/28+ ];
-  	accept;
   }
-  filter bgp_in
+  function accept_all()
   {
-  	if ! import_all() then reject;
+  	if net_martian() || net_local() then return false;
-  	accept;
+  	return true;
   }
+  ### kernel ###
   protocol kernel {
   	scan time 10;
-  	table icvpn;
+  	table internal;
   	kernel table 200;
   	import none;
   	export filter {
-  		krt_prefsrc = 10.29.132.192; # edit: own ip
+  		krt_prefsrc = 10.29.131.187;   # edit: own ip
   		accept;
   	};
@@ Zeile 130: / Zeile 168: @@
   	scan time 10;
   }
+  ### static routes for bgp ###
+  protocol static {
+  	route 10.29.0.0/16 reject;
+  	table ebgp;
+  }
+  ### static routes for ospf ###
   protocol static {
   	route 10.29.0.0/16 via "br-mesh";
-  	table icvpn;
+  	table internal;
+  };
+  ### sync ebgp with ibgp ###
+  protocol pipe {
+  	table ebgp;
+  	peer table ibgp;
+  	import all;
+  	export where !net_local();
   }
+  ### sync ibgp with internal ###
+  protocol pipe {
+  	table ibgp;
+  	peer table internal;
+  	import none;
+  	export where (freifunk() || dn42());
+  }
+  ### templates ###
   template bgp PEERS {
+  	table ebgp;
   	local as myas;
-  	import filter bgp_in;
+  	#import filter bgp_in;
-  	export filter bgp_out;
+  	export all;
   	route limit 10000;
-  	rs client;
+  }
-  	table icvpn;
-  };
   template bgp bgp_ibgp {
-  	table icvpn;
+  	table ibgp;
   	local as myas;
-  	source address 10.29.132.192; #edit: own ip
+  	import filter {
-  	import filter bgp_in;
+  		preference = 99;
-  	export filter bgp_out;
+  		accept;
+  	};
+  	export where source = RTS_BGP;
   	gateway direct;
   	next hop self;
-  };
+  }
   ### iBGP ###
-  ### vpn1 ####
+  protocol bgp vpn2 from bgp_ibgp {
-  protocol bgp vpn1 from bgp_ibgp {
+  	neighbor 10.29.132.192 as 65529;
-  	neighbor 10.29.131.187 as 65529;
+  }
-  };
   ### eBGP ###
   ### Leipzig1 ###
-  protocol bgp Leipzig1 from PEERS {
+  #protocol bgp Leipzig1 from PEERS {
-  	description "Leipzig1";
+  #	description "Leipzig1";
-  	neighbor 10.207.0.1 as 65041;
+  #	neighbor 10.207.0.1 as 65041;
+  #}
+  ### Leipzig2 ###
+  protocol bgp Leipzig2 from PEERS {
+  	description "import: freifunk; export: freifunk, dn42";
+  	import where (freifunk() && !net_local());
+  	export where (freifunk() || dn42());
+  	neighbor 10.207.0.2 as 65041;
+  }
+  ### Leipzig-DB ###
+  #protocol bgp Leipzig_DB from PEERS {
+  #	description "Leipzig-DB";
+  #	neighbor 10.207.255.1 as 65041;
+  #}
+  ### Weimar1 ###
+  protocol bgp Weimar1 from PEERS {
+  	description "import: freifunk; export: freifunk, dn42";
+  	import where (freifunk() && !net_local());
+  	export where (freifunk() || dn42());
+  	neighbor 10.207.0.3 as 65042;
+  }
+  ### Weimar2 ###
+  protocol bgp Weimar2 from PEERS {
+        description "import: freifunk; export: freifunk, dn42";
+        import where (freifunk() && !net_local());
+        export where (freifunk() || dn42());
+        neighbor 10.207.0.4 as 65042;
+  }
+  ### Berlin1 ###
+  protocol bgp Berlin1 from PEERS {
+  	description "import: freifunk; export: freifunk, dn42";
+  	import where (freifunk() && !net_local());
+  	export where (freifunk() || dn42());
+  	neighbor 10.207.0.5 as 44194;
+  }
+  ### Berlin2 ###
+  #protocol bgp Berlin2 from PEERS {
+  #	description "Berlin2";
+  #	neighbor 10.207.0.6 as 44194;
+  #}
+  ### Wermelskirchen 1 ###
+  protocol bgp Wermelskirchen1 from PEERS {
+  	description "import: freifunk; export: freifunk, dn42";
+  	import where (freifunk() && !net_local());
+  	export where (freifunk() || dn42());
+  	neighbor 10.207.0.7 as 65530;
+  }
+  ### Wermelskirchen2 ###
+  protocol bgp Wermelskirchen2 from PEERS {
+  	description "Wermelskirchen2";
+  	import where (freifunk() && !net_local());
+        export where (freifunk() || dn42());
+  	neighbor 10.207.0.8 as 65530;
+  }
+  ### Stuttgart1 ###
+  #protocol bgp Stuttgart1 from PEERS {
+  #	description "Stuttgart1";
+  #	neighbor 10.207.0.11 as 65045;
+  #}
+  ### Stuttgart2 ###
+  #protocol bgp Stuttgart2 from PEERS {
+  #	description "Stuttgart2";
+  #	neighbor 10.207.0.12 as 65045;
+  #}
+  ### Halle1 ###
+  protocol bgp Halle1 from PEERS {
+  	description "import: freifunk; export: freifunk, dn42";
+  	import where (freifunk() && !net_local());
+  	export where (freifunk() || dn42());
+  	neighbor 10.207.0.13 as 65046;
+  }
+  ### Halle2 ###
+  protocol bgp Halle2 from PEERS {
+  	description "import: freifunk; export: freifunk, dn42";
+  	import where (freifunk() && !net_local());
+  	export where (freifunk() || dn42());
+  	neighbor 10.207.0.14 as 65046;
+  }
+  ### Aurich1 ###
+  #protocol bgp Aurich1 from PEERS {
+  #	description "Aurich1";
+  #	neighbor 10.207.0.15 as 65047;
+  #}
+  ### Augsburg1 ###
+  protocol bgp Augsburg1 from PEERS {
+  	description "import: freifunk, dn42; export: freifunk, dn42";
+  	import where ((freifunk() || dn42()) && !net_local());
+  	export where (freifunk() || dn42());
+  	neighbor 10.207.0.17 as 65050;
+  }
+  ### Augsburg2 ###
+  protocol bgp Augsburg2 from PEERS {
+  	description "import: freifunk, dn42; export: freifunk, dn42";
+  	import where ((freifunk() || dn42()) && !net_local());
+  	export where (freifunk() || dn42());
+  	neighbor 10.207.0.68 as 65050;
+  }
+  ### Dresden1 ###
+  protocol bgp Dresden1 from PEERS {
+  	description "import: freifunk; export: freifunk, dn42";
+  	import where (freifunk() && !net_local());
+  	export where (freifunk() || dn42());
+  	neighbor 10.207.0.19 as 65051;
+  }
+  ### Hannover 1 ###
+  #protocol bgp Hannover1 from PEERS {
+  #	description "Hannover1";
+  #	neighbor 10.207.0.22 as 65511;
+  #}
+  ### Franken 1 ###
+  protocol bgp Franken1 from PEERS {
+  	description "import: freifunk; export: freifunk, dn42";
+  	import where (freifunk() && !net_local());
+  	export where (freifunk() || dn42());
+  	neighbor 10.207.0.23 as 65024;
+  }
+  ### Franken 2 ###
+  #protocol bgp Franken2 from PEERS {
+  #	description "Franken2";
+  #	neighbor 10.207.0.24 as 65024;
+  #}
+  ### Grossdraxdorf ###
+  #protocol bgp Grossdraxdorf from PEERS {
+  #	description "Großraxdorf";
+  #	neighbor 10.207.0.25 as 65025;
+  #}
+  ### Bad Zwischenahn 1 ###
+  #protocol bgp Bad_Zwischenahn1 from PEERS {
+  #	description "BadZwischenahn1";
+  #	neighbor 10.207.0.26 as 65512;
+  #}
+  ### Oldenburg 1 ###
+  protocol bgp Oldenburg1 from PEERS {
+  	description "import: freifunk; export: freifunk, dn42";
+  	import where (freifunk() && !net_local());
+  	export where (freifunk() || dn42());
+  	neighbor 10.207.0.27 as 65513;
+  }
+  ### Bayreuth 1 ###
+  protocol bgp Bayreuth1 from PEERS {
+  	description "Bayreuth1";
+  	import where (freifunk() && !net_local());
+  	export where (freifunk() || dn42());
+  	neighbor 10.207.0.28 as 65025;
+  }
+  ### diac24.net ###
+  #protocol bgp diac24_net from PEERS {
+  #	description "diac24.net";
+  #	neighbor 10.207.2.0 as 64600;
+  #}
+  ### kiberpipa.net ###
+  #protocol bgp kiberpipa_net from PEERS {
+  #	description "kiberpipa.net";
+  #	neighbor 10.207.3.23 as 65023;
+  #}
+  ### Franken 3 ###
+  #protocol bgp Franken3 from PEERS {
+  #	description "Franken3";
+  #	neighbor 10.207.0.31 as 65024;
+  #}
+  ### Koblenz ###
+  #protocol bgp Koblenz from PEERS {
+  #	description "Koblenz";
+  #	neighbor 10.207.0.32 as 65032;
+  #}
+  ### Mainz 1 ###
+  protocol bgp Mainz1 from PEERS {
+  	description "import: freifunk; export: freifunk, dn42";
+  	import where (freifunk() && !net_local());
+  	export where (freifunk() || dn42());
+  	neighbor 10.207.0.37 as 65037;
+  }
+  ### Luebeck 1 ###
+  protocol bgp Luebeck1 from PEERS {
+  	import where ((freifunk() && !net_local()));
+  	export where (freifunk() || dn42());
+  	description "import: freifunk, dn42; export: freifunk, dn42";
+  	neighbor 10.207.0.130 as 65052;
+  }
+  ### Luebeck 2 ###
+  protocol bgp Luebeck2 from PEERS {
+  	import where ((freifunk() && !net_local()));
+  	export where (freifunk() || dn42());
+  	description "import: freifunk, dn42; export: freifunk, dn42";
+  	neighbor 10.207.0.131 as 65052;
+  }
+  ### Frankfurt 1 ###
+  protocol bgp Frankfurt1 from PEERS {
+  	import where (freifunk() && !net_local());
+  	export where (freifunk() || dn42());
+  	description "import: freifunk; export: freifunk, dn42";
+  	neighbor 10.207.0.35 as 65026;
+  }
+  ### Chemnitz 1 ###
+  protocol bgp Chemnitz1 from PEERS {
+  	import where (freifunk() && !net_local());
+  	export where (freifunk() || dn42());
+  	description "Chemnitz1";
+  	neighbor 10.207.0.36 as 65053;
+  }
+  ### Schilcher 1 ###
+  #protocol bgp Schilcher1 from PEERS {
+  #	description "Schilcher1";
+  #	neighbor 10.207.0.51 as 65054;
+  #}
+  ### Gronau 1 ###
+  protocol bgp Gronau1 from PEERS {
+  	import where (freifunk() && !net_local());
+  	export where (freifunk() || dn42());
+  	description "import: freifunk; export: freifunk, dn42";
+  	neighbor 10.207.0.55 as 65526;
+  }
+  ### Gronau 2 ###
+  protocol bgp Gronau2 from PEERS {
+  	import where (freifunk() && !net_local());
+  	export where (freifunk() || dn42());
+  	description "import: freifunk; export: freifunk, dn42";
+  	neighbor 10.207.0.60 as 65526;
+  }
+  ### Schwarzach 1 ###
+  protocol bgp Schwarzach1 from PEERS {
+  	import where (freifunk() && !net_local());
+  	export where (freifunk() || dn42());
+  	description "import: freifunk; export: freifunk, dn42";
+  	neighbor 10.207.0.56 as 65527;
+  }
+  ### Hamburg 01 ###
+  protocol bgp Hamburg01 from PEERS {
+  	import where (freifunk() && !net_local());
+  	export where (freifunk() || dn42());
+  	description "import: freifunk; export: freifunk, dn42";
+  	neighbor 10.207.0.62 as 65112;
+  }
+  ### Kiel4 ###
+  protocol bgp Kiel4 from PEERS {
+          import where (freifunk() && !net_local());
+          export where (freifunk() || dn42());
+          description "import: freifunk; export: freifunk, dn42";
+          neighbor 10.207.0.58 as 65525;
+  }
+  ### Hamburg 05 ###
+  protocol bgp Hamburg05 from PEERS {
+  	import where (freifunk() && !net_local());
+  	export where (freifunk() || dn42());
+  	description "import: freifunk; export: freifunk, dn42";
+  	neighbor 10.207.0.65 as 65112;
+  }
+  ### Jena 1 ###
+  protocol bgp Jena1 from PEERS {
+          import where (freifunk() && !net_local());
+          export where (freifunk() || dn42());
+          description "import: freifunk; export: freifunk, dn42";
+          neighbor 10.207.0.33 as 65055;
+  }
+  ### Jena 2 ###
+  protocol bgp Jena2 from PEERS {
+          import where (freifunk() && !net_local());
+          export where (freifunk() || dn42());
+          description "import: freifunk; export: freifunk, dn42";
+          neighbor 10.207.0.66 as 65055;
+  }
+  ### Wuppertal 1 ###
+  protocol bgp Wuppertal1 from PEERS {
+          import where (freifunk() && !net_local());
+          export where (freifunk() || dn42());
+          description "import: freifunk; export: freifunk, dn42";
+          neighbor 10.207.0.73 as 65523;
+  }
+  ### barnslig ####
+  protocol bgp dn42_barnslig from PEERS {
+  	import where ((dn42() || chaosvpn()) && !net_local() && !net_hackint());
+  	export where (freifunk() || dn42() || chaosvpn());
+  	description "import: dn42, chaosvpn; reject hackint; export: freifunk, dn42";
+  	neighbor 172.22.119.227 as 64753;
+  }
+  ### bodems ####
+  protocol bgp dn42_bodems from PEERS {
+  	import where (dn42() && !net_local());
+  	export where (freifunk() || dn42() || chaosvpn());
+  	description "import: dn42; export: freifunk, dn42, chaosvpn";
+  	neighbor 172.23.146.126 as 76124;
+  }
+  ### kiwi-ix ###
+  protocol bgp dn42_kiwi_ix from PEERS {
+  	import where ((dn42() || chaosvpn()) && !net_local());
+  	export where (freifunk() );
+  	description "import: dn42, chaosvpn; export: freifunk";
+  	neighbor 172.23.197.1 as 76119;
+  }
+  ### crest ###
+  protocol bgp dn42_crest from PEERS {
+  	import where ((dn42() || chaosvpn()) && !net_local());
+  	export where (freifunk() || dn42() || chaosvpn());
+          neighbor 172.22.254.124 as 64828;
+  }
+  ### thomasdotde ###
+  protocol bgp dn42_thomasdotde from PEERS {
+  	import where ((dn42() || chaosvpn()) && !net_local());
+  	export where (freifunk() || dn42() || chaosvpn());
+        neighbor 172.22.121.18 as 76196;
+  }
+  ### implementation ####
+  protocol bgp dn42_impl from PEERS {
+  	import where ((dn42() || chaosvpn()) && !net_local());
+  	export where (freifunk() || dn42() || chaosvpn());
+        neighbor 172.23.220.17 as 76376;
+  }
+  #### dn42 mare ####
+  protocol bgp dn42_mare from PEERS {
+  	import where ((dn42() || chaosvpn()) && !net_local());
+  	export where (freifunk() || dn42() || chaosvpn());
+  	neighbor 172.22.235.254 as 64835;
   }
-  ...
   * bird6.conf
-Siehe bird.conf, Router-ID spielt keine Rolle
+  ### config for vpn1 ###
+  log "/var/log/bird6.log" all;
+  log syslog all;
+  router id 10.29.131.187;
+  define myas = 65529;
+  table ebgp;
+  table ibgp;
+  #table internal_ospf;
+  table internal;
+  ### functions ###
+  function net_local() {
+  	return net ~ [ fdef:17a0:ffb1::/48+];
+  }
+  function global_unicast(){
+  	return net ~ [ 2000::/3{48,64} ];
+  }
+  function ula(){
+  	return net ~ [ fc00::/7{48,64} ];
+  }
+  ### kernel ###
+  protocol kernel {
+  	scan time 10;
+  	table internal;
+  	kernel table 200;
+  	import none;
+  	export filter {
+  		krt_prefsrc = fdef:17a0:ffb1:0:44a:8aff:fea5:adc;   # edit: own ip
+  		accept;
+  	};
+  };
+  protocol device {
+  	scan time 10;
+  }
+  ### static routes for bgp ###
+  protocol static {
+  	route fdef:17a0:ffb1::/48 reject;
+  	table ebgp;
+  }
+  ### sync ebgp with ibgp ###
+  protocol pipe {
+  	table ebgp;
+  	peer table ibgp;
+  	import where !net_local();
+  	export where !net_local();
+  }
+  ### sync ibgp with internal ###
+  protocol pipe {
+  	table ibgp;
+  	peer table internal;
+  	import none;
+  	export where (global_unicast() || ula());
+  }
+  ### templates ###
+  template bgp PEERS {
+  	table ebgp;
+  	local as myas;
+  	import where ((ula() || global_unicast()) && !net_local());
+  	export where ula() || global_unicast();
+  	route limit 10000;
+  }
+  template bgp bgp_ibgp {
+  	table ibgp;
+  	local as myas;
+  	import filter {
+  		preference = 99;
+  		accept;
+  	};
+  	export where source = RTS_BGP;
+  	gateway direct;
+  	next hop self;
+  }
+  ### iBGP ###
+  protocol bgp vpn2 from bgp_ibgp {
+  	description "import: any; export: any";
+  	neighbor fdef:17a0:ffb1:0:1cd0:63ff:fe81:1af2 as 65529;
+  }
+  ### eBGP ###
+  ### Wermelskirchen 1 ###
+  protocol bgp Wermelskirchen1 from PEERS {
+  	description "import: any; export: any";
+  	neighbor fec0::a:cf:0:7 as 65530;
+  }
+  ### Wermelskirchen 2 ###
+  protocol bgp Wermelskirchen2 from PEERS {
+  	description "import: any; export: any";
+  	neighbor fec0::a:cf:0:8 as 65530;
+  }
+  #### diac24.net - offline ###
+  #protocol bgp diac24_net from PEERS {
+  #	description "diac24.net";
+  #	neighbor fec0::a:cf:ac:16 as 64600;
+  #}
+  #### kiberpipa.net - offline ###
+  #protocol bgp kiberpipa_net from PEERS {
+  #	description "kiberpipa.net";
+  #	neighbor fec0::a:cf:3:23 as 65023;
+  #}
+  ### Bayreuth 1 ###
+  protocol bgp Bayreuth1 from PEERS {
+  	description "import: any; export: any";
+  	neighbor fec0::a:cf:0:19 as 65025;
+  }
+  ### Luebeck 1 ###
+  protocol bgp Luebeck1 from PEERS {
+  	description "import: any; export: any";
+  	neighbor fec0::a:cf:0:82 as 65052;
+  }
+  ### Luebeck 2 ###
+  protocol bgp Luebeck2 from PEERS {
+  	description "import: any; export: any";
+  	neighbor fec0::a:cf:0:83 as 65052;
+  }
+  ### Gronau 1 ###
+  protocol bgp Gronau1 from PEERS {
+  	description "import: any; export: any";
+  	neighbor fec0::a:cf:0:50 as 65526;
+  }
+  ### Gronau 2 ###
+  protocol bgp Gronau2 from PEERS {
+  	description "import: any; export: any";
+  	neighbor fec0::a:cf:0:51 as 65526;
+  }
+  ### Hamburg 03 ###
+  protocol bgp Hamburg03 from PEERS {
+  	description "import: any; export: any";
+  	neighbor fec0::a:cf:0:3d as 65112;
+  }
+  ### Hamburg 01 ###
+  protocol bgp Hamburg01 from PEERS {
+  	description "import: any; export: any";
+  	neighbor fec0::a:cf:0:3e as 65112;
+  }
+  ### Hamburg 02 ###
+  protocol bgp Hamburg02 from PEERS {
+  	description "import: any; export: any";
+  	neighbor fec0::a:cf:0:3f as 65112;
+  }
+  ### Hamburg 04 ###
+  protocol bgp Hamburg04 from PEERS {
+  	description "import: any; export: any";
+  	neighbor fec0::a:cf:0:40 as 65112;
+  }
+  ### Hamburg 05 ###
+  protocol bgp Hamburg05 from PEERS {
+  	description "import: any; export: any";
+  	neighbor fec0::a:cf:0:41 as 65112;
+  }
+  #### bodems ###
+  protocol bgp dn42_bodems from PEERS {
+          description "import: any; export: any";
+          neighbor fdef:17a0:ffb1:0:fad1:11ff:fe4b:3966 as 76124;
+  }
+  #### RheinlandDev ####
+  protocol bgp RheinlandDev from PEERS {
+          description "import: any; export: any";
+          neighbor fec0::a:cf:0:4e as 65078;
+  }
+  #### Weimar1 ####
+  protocol bgp Weimar1 from PEERS {
+        description "import: any; export: any";
+        neighbor fec0::a:cf:0:3 as 65042;
+  }
+  #### Weimar2 ####
+  protocol bgp Weimar2 from PEERS {
+        description "import: any; export: any";
+        neighbor fec0::a:cf:0:4 as 65042;
+  }
+  #### Wuppertal1 ####
+  protocol bgp Wuppertal1 from PEERS {
+        description "import: any; export: any";
+        neighbor fec0::a:cf:0:71 as 65523;
+  }
+  #### Kiel4 ####
+  protocol bgp Kiel4 from PEERS {
+	description "import: any; export: any";
+	neighbor fec0::a:cf:0:3a as 65525;
+  }
+  #### Kiel3 ####
+  protocol bgp Kiel3 from PEERS {
+	description "import: any; export: any";
+	neighbor fec0::a:cf:0:36 as 65525;
+  }
+  #### Leipzig2 ####
+  protocol bgp Leipzig2 from PEERS {
+  	description "import: any; export: any";
+  	neighbor fec0::a:cf:0:2 as 65041;
+  }
-===== Peering mit AS64753 =====
-openvpn.conf
+===== Peerings zum DN42 =====
+Neben Peerings im ICVPN, haben wir auch noch Peerings über OpenVPN und GRE+IPsec zum DN42. Derzeit sind das folgende:
-  remote fidelity.techel.net
+  * barnslig (AS64753)
-  mode p2p
+  * bodems (AS76124)
-  lport 50001
+  * kiwi (zu seinem IX, AS76119)
-  rport 50009
+  * crest (AS64828)
-  proto udp
+  * thomasdotde (AS76196)
-  dev-type tun
+  * implementation (AS76376)
-  dev dn42
+  * mare (AS64835)
-  comp-lzo
+  * siska (AS76103)
-  secret secret.psk
+  * firehat (AS64844)
-  user nobody
-  group nogroup
-  persist-key
-  persist-tun
-  ifconfig 10.207.0.59 172.22.119.194
-Zum Starten zusammen mit tinc, folgende Zeile in tinc-up
+Für jeden Peer existiert ein Ordner in /root/dn42 mit der config, Backups hat Bodems
-  openvpn --daemon --config openvpn.conf
-/etc/bird.conf
-  protocol bgp R64753x1 from PEERS {
-        description "dn42 AS64753";
-        neighbor 172.22.119.194 as 64753;
-  }

Benutzer-Werkzeuge

Webseiten-Werkzeuge

Unterschiede

Seiten-Werkzeuge