Hier werden die Unterschiede zwischen zwei Versionen angezeigt.
Beide Seiten der vorigen RevisionVorhergehende ÜberarbeitungNächste Überarbeitung | Vorhergehende Überarbeitung | ||
ic-vpn [2014/01/23 23:04] – [Stand 19.12.13] bodems | ic-vpn [2023/06/04 11:32] (aktuell) – Externe Bearbeitung 127.0.0.1 | ||
---|---|---|---|
Zeile 15: | Zeile 15: | ||
* [[http:// | * [[http:// | ||
- | ===== Stand 23.01.14 ===== | + | ===== Stand 07.02.14 ===== |
* Auf vpn1 läuft ein LookingGlass für IPv4 und IPv6, leider hakt das noch etwas, weil der User vom Apache Zugriff auf den bird-Prozess braucht | * Auf vpn1 läuft ein LookingGlass für IPv4 und IPv6, leider hakt das noch etwas, weil der User vom Apache Zugriff auf den bird-Prozess braucht | ||
* [[http:// | * [[http:// | ||
Zeile 24: | Zeile 24: | ||
* Gronau1 | * Gronau1 | ||
* noch ein paar andere Städte | * noch ein paar andere Städte | ||
- | * AS64753 (barnslig, dn42) | + | * DN42, siehe unten |
- | * AS76119 (kiwi-IX, dn42) | + | |
- | * AS64828 (crest, dn42) | + | |
- | * AS76196 (thomasdotde, | + | |
- | * Uplink für AS76124 (bodems, dn42) | + | |
===== Einrichten ===== | ===== Einrichten ===== | ||
=== Pakete === | === Pakete === | ||
Zeile 80: | Zeile 77: | ||
* bird.conf | * bird.conf | ||
+ | ### config for vpn1 ### | ||
+ | | ||
log "/ | log "/ | ||
log syslog all; | log syslog all; | ||
| | ||
- | router id 10.29.132.192; | + | router id 10.29.131.187; |
define myas = 65529; | define myas = 65529; | ||
- | table icvpn; | + | table ebgp; |
+ | table ibgp; | ||
+ | #table internal_ospf; | ||
+ | table internal; | ||
| | ||
| | ||
- | ### filters and functions ### | + | ### functions ### |
| | ||
function net_martian() | function net_martian() | ||
Zeile 96: | Zeile 98: | ||
| | ||
function net_local() { | function net_local() { | ||
- | return net ~ [ 10.29.0.0/ | + | return net ~ [ 10.29.0.0/ |
} | } | ||
| | ||
- | | + | function |
- | | + | |
{ | { | ||
- | if net_martian() then return | + | return |
- | | + | |
+ | 91.204.4.0/ | ||
+ | 193.43.220.0/ | ||
+ | 83.133.178.0/ | ||
+ | 87.106.29.254/ | ||
+ | 85.25.246.16/ | ||
+ | 46.4.248.192/ | ||
+ | 94.45.224.0/ | ||
+ | 195.191.196.0/ | ||
+ | 80.244.241.224/ | ||
+ | 46.19.90.48/ | ||
+ | 46.19.90.96/ | ||
+ | 178.63.170.40/ | ||
+ | 188.40.34.241/ | ||
+ | 195.16.84.40/ | ||
+ | 37.1.89.160/ | ||
+ | 178.33.32.123/ | ||
+ | 37.1.89.160/ | ||
+ | 185.28.77.16/ | ||
+ | 185.28.77.192/ | ||
+ | 192.175.48.0/ | ||
} | } | ||
| | ||
- | function | + | function |
- | | + | return |
- | if net_martian() || net_local() then return | + | |
- | | + | 10.100.0.0/ |
+ | 10.104.0.0/ | ||
+ | 172.31.0.0/ | ||
} | } | ||
| | ||
- | | + | |
+ | return net ~ [ 10.0.0.0/ | ||
+ | 104.0.0.0/ | ||
+ | } | ||
+ | |||
+ | function net_hackint() | ||
{ | { | ||
- | if ! export_all() then reject; | + | return net ~ [ 172.22.24.0/ |
- | accept; | + | |
} | } | ||
| | ||
- | | + | |
{ | { | ||
- | if ! import_all() then reject; | + | if net_martian() || net_local() then return false; |
- | accept; | + | return true; |
} | } | ||
+ | | ||
+ | | ||
+ | ### kernel ### | ||
| | ||
protocol kernel { | protocol kernel { | ||
scan time 10; | scan time 10; | ||
- | table | + | table |
kernel table 200; | kernel table 200; | ||
import none; | import none; | ||
export filter { | export filter { | ||
- | krt_prefsrc = 10.29.132.192; # edit: own ip | + | krt_prefsrc = 10.29.131.187; |
accept; | accept; | ||
}; | }; | ||
Zeile 138: | Zeile 168: | ||
scan time 10; | scan time 10; | ||
} | } | ||
+ | | ||
+ | | ||
+ | ### static routes for bgp ### | ||
| | ||
+ | protocol static { | ||
+ | route 10.29.0.0/ | ||
+ | table ebgp; | ||
+ | } | ||
+ | | ||
+ | ### static routes for ospf ### | ||
protocol static { | protocol static { | ||
route 10.29.0.0/ | route 10.29.0.0/ | ||
- | table | + | table |
+ | }; | ||
+ | |||
+ | |||
+ | ### sync ebgp with ibgp ### | ||
+ | |||
+ | protocol pipe { | ||
+ | table ebgp; | ||
+ | peer table ibgp; | ||
+ | import all; | ||
+ | export where !net_local(); | ||
} | } | ||
+ | | ||
+ | ### sync ibgp with internal ### | ||
+ | protocol pipe { | ||
+ | table ibgp; | ||
+ | peer table internal; | ||
+ | import none; | ||
+ | export where (freifunk() || dn42()); | ||
+ | } | ||
+ | | ||
+ | ### templates ### | ||
| | ||
template bgp PEERS { | template bgp PEERS { | ||
+ | table ebgp; | ||
local as myas; | local as myas; | ||
- | import filter bgp_in; | + | #import filter bgp_in; |
- | export | + | export |
route limit 10000; | route limit 10000; | ||
- | rs client; | + | |
- | table icvpn; | + | |
- | | + | |
| | ||
template bgp bgp_ibgp { | template bgp bgp_ibgp { | ||
- | table | + | table |
local as myas; | local as myas; | ||
- | source address 10.29.132.192; #edit: own ip | + | import filter { |
- | import filter bgp_in; | + | preference = 99; |
- | export | + | accept; |
+ | }; | ||
+ | export | ||
gateway direct; | gateway direct; | ||
next hop self; | next hop self; | ||
- | }; | + | } |
- | | + | |
| | ||
### iBGP ### | ### iBGP ### | ||
| | ||
- | | + | protocol bgp vpn2 from bgp_ibgp { |
- | | + | neighbor 10.29.132.192 as 65529; |
- | neighbor 10.29.131.187 as 65529; | + | } |
- | }; | + | |
- | | + | |
| | ||
### eBGP ### | ### eBGP ### | ||
| | ||
### Leipzig1 ### | ### Leipzig1 ### | ||
- | protocol bgp Leipzig1 from PEERS { | + | |
- | description " | + | # description " |
- | neighbor 10.207.0.1 as 65041; | + | # neighbor 10.207.0.1 as 65041; |
+ | #} | ||
+ | |||
+ | ### Leipzig2 ### | ||
+ | protocol bgp Leipzig2 from PEERS { | ||
+ | description " | ||
+ | import where (freifunk() && !net_local()); | ||
+ | export where (freifunk() || dn42()); | ||
+ | neighbor 10.207.0.2 as 65041; | ||
+ | } | ||
+ | |||
+ | ### Leipzig-DB ### | ||
+ | #protocol bgp Leipzig_DB from PEERS { | ||
+ | # | ||
+ | # neighbor 10.207.255.1 as 65041; | ||
+ | #} | ||
+ | |||
+ | ### Weimar1 ### | ||
+ | protocol bgp Weimar1 from PEERS { | ||
+ | description " | ||
+ | import where (freifunk() && !net_local()); | ||
+ | export where (freifunk() || dn42()); | ||
+ | neighbor 10.207.0.3 as 65042; | ||
+ | } | ||
+ | |||
+ | ### Weimar2 ### | ||
+ | protocol bgp Weimar2 from PEERS { | ||
+ | description " | ||
+ | import where (freifunk() && !net_local()); | ||
+ | export where (freifunk() || dn42()); | ||
+ | neighbor 10.207.0.4 as 65042; | ||
+ | } | ||
+ | |||
+ | ### Berlin1 ### | ||
+ | protocol bgp Berlin1 from PEERS { | ||
+ | description " | ||
+ | import where (freifunk() && !net_local()); | ||
+ | export where (freifunk() || dn42()); | ||
+ | neighbor 10.207.0.5 as 44194; | ||
+ | } | ||
+ | |||
+ | ### Berlin2 ### | ||
+ | #protocol bgp Berlin2 from PEERS { | ||
+ | # | ||
+ | # neighbor 10.207.0.6 as 44194; | ||
+ | #} | ||
+ | |||
+ | ### Wermelskirchen 1 ### | ||
+ | protocol bgp Wermelskirchen1 from PEERS { | ||
+ | description " | ||
+ | import where (freifunk() && !net_local()); | ||
+ | export where (freifunk() || dn42()); | ||
+ | neighbor 10.207.0.7 as 65530; | ||
+ | } | ||
+ | |||
+ | ### Wermelskirchen2 ### | ||
+ | protocol bgp Wermelskirchen2 from PEERS { | ||
+ | description " | ||
+ | import where (freifunk() && !net_local()); | ||
+ | export where (freifunk() || dn42()); | ||
+ | neighbor 10.207.0.8 as 65530; | ||
+ | } | ||
+ | |||
+ | ### Stuttgart1 ### | ||
+ | #protocol bgp Stuttgart1 from PEERS { | ||
+ | # | ||
+ | # neighbor 10.207.0.11 as 65045; | ||
+ | #} | ||
+ | |||
+ | ### Stuttgart2 ### | ||
+ | #protocol bgp Stuttgart2 from PEERS { | ||
+ | # | ||
+ | # neighbor 10.207.0.12 as 65045; | ||
+ | #} | ||
+ | |||
+ | ### Halle1 ### | ||
+ | protocol bgp Halle1 from PEERS { | ||
+ | description " | ||
+ | import where (freifunk() && !net_local()); | ||
+ | export where (freifunk() || dn42()); | ||
+ | neighbor 10.207.0.13 as 65046; | ||
+ | } | ||
+ | |||
+ | ### Halle2 ### | ||
+ | protocol bgp Halle2 from PEERS { | ||
+ | description " | ||
+ | import where (freifunk() && !net_local()); | ||
+ | export where (freifunk() || dn42()); | ||
+ | neighbor 10.207.0.14 as 65046; | ||
+ | } | ||
+ | |||
+ | ### Aurich1 ### | ||
+ | #protocol bgp Aurich1 from PEERS { | ||
+ | # | ||
+ | # neighbor 10.207.0.15 as 65047; | ||
+ | #} | ||
+ | |||
+ | ### Augsburg1 ### | ||
+ | protocol bgp Augsburg1 from PEERS { | ||
+ | description " | ||
+ | import where ((freifunk() || dn42()) && !net_local()); | ||
+ | export where (freifunk() || dn42()); | ||
+ | neighbor 10.207.0.17 as 65050; | ||
+ | } | ||
+ | |||
+ | ### Augsburg2 ### | ||
+ | protocol bgp Augsburg2 from PEERS { | ||
+ | description " | ||
+ | import where ((freifunk() || dn42()) && !net_local()); | ||
+ | export where (freifunk() || dn42()); | ||
+ | neighbor 10.207.0.68 as 65050; | ||
+ | } | ||
+ | |||
+ | ### Dresden1 ### | ||
+ | protocol bgp Dresden1 from PEERS { | ||
+ | description " | ||
+ | import where (freifunk() && !net_local()); | ||
+ | export where (freifunk() || dn42()); | ||
+ | neighbor 10.207.0.19 as 65051; | ||
+ | } | ||
+ | |||
+ | ### Hannover 1 ### | ||
+ | #protocol bgp Hannover1 from PEERS { | ||
+ | # | ||
+ | # neighbor 10.207.0.22 as 65511; | ||
+ | #} | ||
+ | |||
+ | ### Franken 1 ### | ||
+ | protocol bgp Franken1 from PEERS { | ||
+ | description " | ||
+ | import where (freifunk() && !net_local()); | ||
+ | export where (freifunk() || dn42()); | ||
+ | neighbor 10.207.0.23 as 65024; | ||
+ | } | ||
+ | |||
+ | ### Franken 2 ### | ||
+ | #protocol bgp Franken2 from PEERS { | ||
+ | # | ||
+ | # neighbor 10.207.0.24 as 65024; | ||
+ | #} | ||
+ | |||
+ | ### Grossdraxdorf ### | ||
+ | #protocol bgp Grossdraxdorf from PEERS { | ||
+ | # | ||
+ | # neighbor 10.207.0.25 as 65025; | ||
+ | #} | ||
+ | |||
+ | ### Bad Zwischenahn 1 ### | ||
+ | #protocol bgp Bad_Zwischenahn1 from PEERS { | ||
+ | # | ||
+ | # neighbor 10.207.0.26 as 65512; | ||
+ | #} | ||
+ | |||
+ | ### Oldenburg 1 ### | ||
+ | protocol bgp Oldenburg1 from PEERS { | ||
+ | description " | ||
+ | import where (freifunk() && !net_local()); | ||
+ | export where (freifunk() || dn42()); | ||
+ | neighbor 10.207.0.27 as 65513; | ||
+ | } | ||
+ | |||
+ | ### Bayreuth 1 ### | ||
+ | protocol bgp Bayreuth1 from PEERS { | ||
+ | description " | ||
+ | import where (freifunk() && !net_local()); | ||
+ | export where (freifunk() || dn42()); | ||
+ | neighbor 10.207.0.28 as 65025; | ||
+ | } | ||
+ | |||
+ | ### diac24.net ### | ||
+ | #protocol bgp diac24_net from PEERS { | ||
+ | # | ||
+ | # neighbor 10.207.2.0 as 64600; | ||
+ | #} | ||
+ | |||
+ | ### kiberpipa.net ### | ||
+ | #protocol bgp kiberpipa_net from PEERS { | ||
+ | # | ||
+ | # neighbor 10.207.3.23 as 65023; | ||
+ | #} | ||
+ | |||
+ | ### Franken 3 ### | ||
+ | #protocol bgp Franken3 from PEERS { | ||
+ | # | ||
+ | # neighbor 10.207.0.31 as 65024; | ||
+ | #} | ||
+ | |||
+ | ### Koblenz ### | ||
+ | #protocol bgp Koblenz from PEERS { | ||
+ | # | ||
+ | # neighbor 10.207.0.32 as 65032; | ||
+ | #} | ||
+ | |||
+ | ### Mainz 1 ### | ||
+ | protocol bgp Mainz1 from PEERS { | ||
+ | description " | ||
+ | import where (freifunk() && !net_local()); | ||
+ | export where (freifunk() || dn42()); | ||
+ | neighbor 10.207.0.37 as 65037; | ||
+ | } | ||
+ | |||
+ | ### Luebeck 1 ### | ||
+ | protocol bgp Luebeck1 from PEERS { | ||
+ | import where ((freifunk() && !net_local())); | ||
+ | export where (freifunk() || dn42()); | ||
+ | description " | ||
+ | neighbor 10.207.0.130 as 65052; | ||
+ | } | ||
+ | |||
+ | ### Luebeck 2 ### | ||
+ | protocol bgp Luebeck2 from PEERS { | ||
+ | import where ((freifunk() && !net_local())); | ||
+ | export where (freifunk() || dn42()); | ||
+ | description " | ||
+ | neighbor 10.207.0.131 as 65052; | ||
+ | } | ||
+ | |||
+ | ### Frankfurt 1 ### | ||
+ | protocol bgp Frankfurt1 from PEERS { | ||
+ | import where (freifunk() && !net_local()); | ||
+ | export where (freifunk() || dn42()); | ||
+ | description " | ||
+ | neighbor 10.207.0.35 as 65026; | ||
+ | } | ||
+ | |||
+ | ### Chemnitz 1 ### | ||
+ | protocol bgp Chemnitz1 from PEERS { | ||
+ | import where (freifunk() && !net_local()); | ||
+ | export where (freifunk() || dn42()); | ||
+ | description " | ||
+ | neighbor 10.207.0.36 as 65053; | ||
+ | } | ||
+ | |||
+ | ### Schilcher 1 ### | ||
+ | #protocol bgp Schilcher1 from PEERS { | ||
+ | # | ||
+ | # neighbor 10.207.0.51 as 65054; | ||
+ | #} | ||
+ | |||
+ | ### Gronau 1 ### | ||
+ | protocol bgp Gronau1 from PEERS { | ||
+ | import where (freifunk() && !net_local()); | ||
+ | export where (freifunk() || dn42()); | ||
+ | description " | ||
+ | neighbor 10.207.0.55 as 65526; | ||
+ | } | ||
+ | |||
+ | ### Gronau 2 ### | ||
+ | protocol bgp Gronau2 from PEERS { | ||
+ | import where (freifunk() && !net_local()); | ||
+ | export where (freifunk() || dn42()); | ||
+ | description " | ||
+ | neighbor 10.207.0.60 as 65526; | ||
+ | } | ||
+ | |||
+ | ### Schwarzach 1 ### | ||
+ | protocol bgp Schwarzach1 from PEERS { | ||
+ | import where (freifunk() && !net_local()); | ||
+ | export where (freifunk() || dn42()); | ||
+ | description " | ||
+ | neighbor 10.207.0.56 as 65527; | ||
+ | } | ||
+ | |||
+ | ### Hamburg 01 ### | ||
+ | protocol bgp Hamburg01 from PEERS { | ||
+ | import where (freifunk() && !net_local()); | ||
+ | export where (freifunk() || dn42()); | ||
+ | description " | ||
+ | neighbor 10.207.0.62 as 65112; | ||
+ | } | ||
+ | |||
+ | ### Kiel4 ### | ||
+ | protocol bgp Kiel4 from PEERS { | ||
+ | import where (freifunk() && !net_local()); | ||
+ | export where (freifunk() || dn42()); | ||
+ | description " | ||
+ | neighbor 10.207.0.58 as 65525; | ||
+ | } | ||
+ | |||
+ | ### Hamburg 05 ### | ||
+ | protocol bgp Hamburg05 from PEERS { | ||
+ | import where (freifunk() && !net_local()); | ||
+ | export where (freifunk() || dn42()); | ||
+ | description " | ||
+ | neighbor 10.207.0.65 as 65112; | ||
+ | } | ||
+ | |||
+ | ### Jena 1 ### | ||
+ | protocol bgp Jena1 from PEERS { | ||
+ | import where (freifunk() && !net_local()); | ||
+ | export where (freifunk() || dn42()); | ||
+ | description " | ||
+ | neighbor 10.207.0.33 as 65055; | ||
+ | } | ||
+ | |||
+ | ### Jena 2 ### | ||
+ | protocol bgp Jena2 from PEERS { | ||
+ | import where (freifunk() && !net_local()); | ||
+ | export where (freifunk() || dn42()); | ||
+ | description " | ||
+ | neighbor 10.207.0.66 as 65055; | ||
+ | } | ||
+ | |||
+ | ### Wuppertal 1 ### | ||
+ | protocol bgp Wuppertal1 from PEERS { | ||
+ | import where (freifunk() && !net_local()); | ||
+ | export where (freifunk() || dn42()); | ||
+ | description " | ||
+ | neighbor 10.207.0.73 as 65523; | ||
+ | } | ||
+ | |||
+ | |||
+ | ### barnslig #### | ||
+ | protocol bgp dn42_barnslig from PEERS { | ||
+ | import where ((dn42() || chaosvpn()) && !net_local() && !net_hackint()); | ||
+ | export where (freifunk() || dn42() || chaosvpn()); | ||
+ | description " | ||
+ | neighbor 172.22.119.227 as 64753; | ||
+ | } | ||
+ | |||
+ | |||
+ | ### bodems #### | ||
+ | protocol bgp dn42_bodems from PEERS { | ||
+ | import where (dn42() && !net_local()); | ||
+ | export where (freifunk() || dn42() || chaosvpn()); | ||
+ | description " | ||
+ | neighbor 172.23.146.126 as 76124; | ||
+ | |||
+ | } | ||
+ | |||
+ | ### kiwi-ix ### | ||
+ | protocol bgp dn42_kiwi_ix from PEERS { | ||
+ | import where ((dn42() || chaosvpn()) && !net_local()); | ||
+ | export where (freifunk() ); | ||
+ | description " | ||
+ | neighbor 172.23.197.1 as 76119; | ||
+ | } | ||
+ | |||
+ | ### crest ### | ||
+ | protocol bgp dn42_crest from PEERS { | ||
+ | import where ((dn42() || chaosvpn()) && !net_local()); | ||
+ | export where (freifunk() || dn42() || chaosvpn()); | ||
+ | neighbor 172.22.254.124 as 64828; | ||
+ | } | ||
+ | |||
+ | ### thomasdotde ### | ||
+ | protocol bgp dn42_thomasdotde from PEERS { | ||
+ | import where ((dn42() || chaosvpn()) && !net_local()); | ||
+ | export where (freifunk() || dn42() || chaosvpn()); | ||
+ | neighbor 172.22.121.18 as 76196; | ||
+ | } | ||
+ | |||
+ | ### implementation #### | ||
+ | protocol bgp dn42_impl from PEERS { | ||
+ | import where ((dn42() || chaosvpn()) && !net_local()); | ||
+ | export where (freifunk() || dn42() || chaosvpn()); | ||
+ | neighbor 172.23.220.17 as 76376; | ||
+ | } | ||
+ | |||
+ | #### dn42 mare #### | ||
+ | protocol bgp dn42_mare from PEERS { | ||
+ | import where ((dn42() || chaosvpn()) && !net_local()); | ||
+ | export where (freifunk() || dn42() || chaosvpn()); | ||
+ | neighbor 172.22.235.254 as 64835; | ||
} | } | ||
- | ... | ||
- | |||
* bird6.conf | * bird6.conf | ||
- | Siehe bird.conf, Router-ID spielt keine Rolle | ||
- | + | ### config for vpn1 ### | |
- | ===== Peering mit AS64753 ===== | + | |
- | + | log "/ | |
- | openvpn.conf | + | log syslog all; |
- | + | | |
- | | + | router id 10.29.131.187; |
- | | + | define myas = 65529; |
- | | + | table ebgp; |
- | | + | table ibgp; |
- | | + | #table internal_ospf; |
- | | + | table internal; |
- | | + | |
- | | + | |
- | | + | ### functions ### |
- | | + | |
- | | + | function net_local() { |
- | | + | return |
- | | + | |
- | | + | |
- | + | ||
- | Zum Starten zusammen mit tinc, folgende Zeile in tinc-up | + | |
- | | + | return net ~ [ 2000::/ |
- | + | | |
- | + | ||
- | / | + | |
- | protocol bgp dn42_barnslig | + | return net ~ [ fc00::/ |
- | import | + | |
- | description "dn42 AS64753, barnslig"; | + | |
- | neighbor | + | |
+ | |||
+ | | ||
+ | scan time 10; | ||
+ | table internal; | ||
+ | kernel table 200; | ||
+ | import none; | ||
+ | export filter { | ||
+ | krt_prefsrc = fdef: | ||
+ | accept; | ||
+ | }; | ||
+ | | ||
+ | |||
+ | protocol device { | ||
+ | scan time 10; | ||
+ | } | ||
+ | |||
+ | |||
+ | ### static routes for bgp ### | ||
+ | |||
+ | protocol static { | ||
+ | route fdef: | ||
+ | table ebgp; | ||
+ | } | ||
+ | |||
+ | |||
+ | ### sync ebgp with ibgp ### | ||
+ | protocol pipe { | ||
+ | table ebgp; | ||
+ | peer table ibgp; | ||
+ | import where !net_local(); | ||
+ | export where !net_local(); | ||
+ | } | ||
+ | |||
+ | ### sync ibgp with internal ### | ||
+ | protocol pipe { | ||
+ | table ibgp; | ||
+ | peer table internal; | ||
+ | import none; | ||
+ | export where (global_unicast() || ula()); | ||
+ | } | ||
+ | |||
+ | |||
+ | ### templates ### | ||
+ | |||
+ | template bgp PEERS { | ||
+ | table ebgp; | ||
+ | local as myas; | ||
+ | import where ((ula() || global_unicast()) && !net_local()); | ||
+ | export where ula() || global_unicast(); | ||
+ | route limit 10000; | ||
+ | } | ||
+ | |||
+ | template bgp bgp_ibgp { | ||
+ | table ibgp; | ||
+ | local as myas; | ||
+ | import filter { | ||
+ | preference = 99; | ||
+ | accept; | ||
+ | }; | ||
+ | export where source = RTS_BGP; | ||
+ | gateway direct; | ||
+ | next hop self; | ||
+ | } | ||
+ | |||
+ | ### iBGP ### | ||
+ | protocol bgp vpn2 from bgp_ibgp { | ||
+ | description " | ||
+ | neighbor fdef: | ||
+ | } | ||
+ | |||
+ | |||
+ | ### eBGP ### | ||
+ | |||
+ | ### Wermelskirchen 1 ### | ||
+ | protocol bgp Wermelskirchen1 from PEERS { | ||
+ | description " | ||
+ | neighbor fec0:: | ||
+ | } | ||
+ | |||
+ | ### Wermelskirchen 2 ### | ||
+ | protocol bgp Wermelskirchen2 from PEERS { | ||
+ | description " | ||
+ | neighbor fec0:: | ||
+ | } | ||
+ | |||
+ | #### diac24.net - offline ### | ||
+ | #protocol bgp diac24_net from PEERS { | ||
+ | # | ||
+ | # | ||
+ | #} | ||
+ | | ||
+ | #### kiberpipa.net | ||
+ | #protocol bgp kiberpipa_net from PEERS { | ||
+ | # | ||
+ | # | ||
+ | #} | ||
+ | |||
+ | ### Bayreuth 1 ### | ||
+ | protocol bgp Bayreuth1 | ||
+ | | ||
+ | neighbor fec0:: | ||
+ | } | ||
+ | |||
+ | ### Luebeck 1 ### | ||
+ | protocol bgp Luebeck1 from PEERS { | ||
+ | description "import: any; export: any"; | ||
+ | neighbor | ||
+ | } | ||
+ | |||
+ | ### Luebeck 2 ### | ||
+ | protocol bgp Luebeck2 from PEERS { | ||
+ | description " | ||
+ | neighbor fec0:: | ||
+ | } | ||
+ | |||
+ | ### Gronau 1 ### | ||
+ | protocol bgp Gronau1 from PEERS { | ||
+ | description " | ||
+ | neighbor fec0:: | ||
+ | } | ||
+ | |||
+ | ### Gronau 2 ### | ||
+ | protocol bgp Gronau2 from PEERS { | ||
+ | description " | ||
+ | neighbor fec0:: | ||
+ | } | ||
+ | |||
+ | ### Hamburg 03 ### | ||
+ | protocol bgp Hamburg03 from PEERS { | ||
+ | description " | ||
+ | neighbor fec0:: | ||
+ | } | ||
+ | |||
+ | ### Hamburg 01 ### | ||
+ | protocol bgp Hamburg01 from PEERS { | ||
+ | description " | ||
+ | neighbor fec0:: | ||
+ | } | ||
+ | |||
+ | ### Hamburg 02 ### | ||
+ | protocol bgp Hamburg02 from PEERS { | ||
+ | description " | ||
+ | neighbor fec0:: | ||
+ | } | ||
+ | |||
+ | ### Hamburg 04 ### | ||
+ | protocol bgp Hamburg04 from PEERS { | ||
+ | description " | ||
+ | neighbor fec0:: | ||
+ | } | ||
+ | |||
+ | ### Hamburg 05 ### | ||
+ | protocol bgp Hamburg05 from PEERS { | ||
+ | description " | ||
+ | neighbor fec0:: | ||
+ | } | ||
+ | |||
+ | #### bodems ### | ||
+ | protocol bgp dn42_bodems from PEERS { | ||
+ | description " | ||
+ | neighbor fdef: | ||
+ | } | ||
+ | |||
+ | #### RheinlandDev #### | ||
+ | protocol bgp RheinlandDev from PEERS { | ||
+ | description " | ||
+ | neighbor fec0:: | ||
+ | } | ||
+ | |||
+ | #### Weimar1 #### | ||
+ | protocol bgp Weimar1 from PEERS { | ||
+ | description " | ||
+ | neighbor fec0:: | ||
+ | } | ||
+ | |||
+ | #### Weimar2 #### | ||
+ | protocol bgp Weimar2 from PEERS { | ||
+ | description " | ||
+ | neighbor fec0:: | ||
+ | } | ||
+ | |||
+ | #### Wuppertal1 #### | ||
+ | protocol bgp Wuppertal1 from PEERS { | ||
+ | description " | ||
+ | neighbor fec0:: | ||
+ | } | ||
+ | |||
+ | #### Kiel4 #### | ||
+ | protocol bgp Kiel4 from PEERS { | ||
+ | description " | ||
+ | neighbor fec0:: | ||
+ | } | ||
+ | |||
+ | #### Kiel3 #### | ||
+ | protocol bgp Kiel3 from PEERS { | ||
+ | description " | ||
+ | neighbor fec0:: | ||
+ | } | ||
+ | |||
+ | #### Leipzig2 #### | ||
+ | protocol bgp Leipzig2 from PEERS { | ||
+ | description " | ||
+ | neighbor fec0:: | ||
} | } | ||
- | ===== Peering mit AS76119 ===== | ||
- | openvpn.conf | + | ===== Peerings zum DN42 ===== |
- | mode p2p | + | Neben Peerings im ICVPN, haben wir auch noch Peerings über OpenVPN und GRE+IPsec zum DN42. Derzeit sind das folgende: |
- | remote 185.28.77.10 | + | |
- | lport 20001 | + | |
- | rport 20000 | + | |
- | proto udp | + | |
- | dev-type tap | + | |
- | dev peer-kiwi | + | |
- | tun-mtu 1380 | + | |
- | secret secret.psk | + | |
- | user nobody | + | |
- | group nogroup | + | |
- | persist-key | + | |
- | persist-tun | + | |
- | status / | + | |
- | log-append / | + | |
- | verb 1 | + | |
- | ifconfig 172.23.197.5 255.255.255.0 | + | |
- | comp-lzo | + | |
- | / | + | * barnslig (AS64753) |
- | | + | |
- | | + | |
- | | + | * crest (AS64828) |
- | | + | |
+ | * implementation (AS76376) | ||
+ | * mare (AS64835) | ||
+ | * siska (AS76103) | ||
+ | * firehat (AS64844) | ||
+ | |||
+ | Für jeden Peer existiert ein Ordner in /root/dn42 mit der config, Backups hat Bodems |