Benutzer-Werkzeuge


    Warning: Undefined array key "REMOTE_USER" in /usr/local/www/wiki.freifunk-bielefeld.de/lib/tpl/starter/main.php on line 62
  • Admin

  • Warning: Undefined array key "REMOTE_USER" in /usr/local/www/wiki.freifunk-bielefeld.de/lib/tpl/starter/tpl_functions.php on line 50

    Warning: Undefined array key "REMOTE_USER" in /usr/local/www/wiki.freifunk-bielefeld.de/lib/tpl/starter/tpl_functions.php on line 77
  • Registrieren

Webseiten-Werkzeuge


Als erstes wird ein Standard Jessie installiert. Oder ein Upgrade auf Jessie gemacht. Wheezy geht aufgrund von Anhängigkeiten bei Python3 leider nicht mehr.

Als nächstes wird git installiert.

Apt-get install git

Da dieses Howto prrimär für ff Bielefeld und Lemgo ist verwenden wir das DServer Setup von Bielefeld.

git clone https://github.com/freifunk-bielefeld/server-config.git

In das Verzeichnis server-config wechseln

cd server-config

in der setup_server.sh die Variable

run=1

setzen.

Da wir für worldstream.nl kein VPN brauchen wird

setup_gateway=„false“

gesetzt.

Nun das Script ausführen.

Nach der Installation muss die Datei /etc/fastd/fastd.conf editiert werden:

Der Secret Key muß eingefügt werden.

Die /opt/freifunk/update.sh muß editiert werden:

Der Bereich mit dem OpenVPN muß auskommentiert werden:

if [ „$gateway“ = „true“ ]; then

if ! is_running "openvpn"; then
echo "(I) Start openvpn."
/etc/init.d/openvpn start
fi
if ! is_running "tayga"; then
echo "(I) Start tayga."
tayga
fi

Begründung: Der VPN ZUgang wird gebraucht damit der Ausgang des Servers in einem ANderen Land liegt. Da der Server in diesme Fall selbst in einem anderen Lang lieg, braucht man auch kein VPN.

Der IP Adress Bereich des Servers muß angepasst werden:

if ip -6 addr add „$ip_addr/64“ dev bat0 2> /dev/null; then

   echo "(I) Set IP-Address of bat0 to $ip_addr"
   ip addr add <IP v4 Adress Bereich des Servers in CIDR Notation https://wiki.freifunk.net/IP-Netze> broadcast <IP Adress Bereich des Servers> dev bat0
   ip -6 addr add <IP V6 Adress Bereich des Servers>  dev bat0

Der NAT PT Knverter tayga muß auskommentiert werden:

if [ „$gateway“ = „true“ ]; then

if ! is_running "openvpn"; then
echo "(I) Start openvpn."
/etc/init.d/openvpn start
fi
if ! is_running "tayga"; then
echo "(I) Start tayga."
tayga
fi

Mit

batctl gw server 20000/20000 wird der Server zum Server gemacht. Die Alternative wäre ein Client.

Mit

apt-get install isc-dhcp-server

muß der ISC DHCP Server installiert werden.

Die /etc/dhcp/dhcpd.conf muß angepasst werden:

subnet 10.26.64.0 netmask 255.255.192.0 {

   authoritative;
   range 10.26.68.2 10.26.71.255;
   option domain-name-servers 10.26.68.1, 62.141.38.230;
   option domain-name "dhcp.ffbi";
   option routers 10.26.68.1;
   option broadcast-address 10.26.127.255;
   option subnet-mask 255.255.192.0;
   interface bat0;
   default-lease-time 600;
   max-lease-time 7200;

}

Hier müssen die IP adress bereiche ebenfalls angepasst werden. Wichtig hierbei: Das Interface auf dem der Server lauscht muß bat0 sein.

Mit

apt-get install bird

Muß Bird installiert werden.

Die Datei /etc/init/bird.conf muß editiert werden:

bird - BIRD Internet Routing Daemon (IPv4)

description „BIRD Internet Routing Daemon (IPv4)“ author „Ondřej Surý ondrej@debian.org“

start on runlevel [2345] stop on runlevel [016]

respawn pre-start script /usr/lib/bird/prepare-environment /usr/sbin/bird -p end script

script . /etc/bird/envvars exec /usr/sbin/bird -f -u $BIRD_RUN_USER -g $BIRD_RUN_GROUP $BIRD_ARGS end script

Die /etc/bird/bird.conf muß editiert werden: /*

* This is an example configuration file. */

Yes, even shell-like comments work...
Configure logging
log syslog { debug, trace, info, remote, warning, error, auth, fatal, bug };
log stderr all;
log "tmp" all;
Override router ID

router id 198.51.100.1;

You can define your own symbols...
define xyzzy = (120+10);
define '1a-a1' = (30+40);
Define a route filter...
filter test_filter {
if net ~ 10.0.0.0/16 then accept;
else reject;
}
filter sink { reject; }
filter okay { accept; }
include "filters.conf";
Define another routing table
table testable;
Turn on global debugging of all protocols
debug protocols all;
The direct protocol automatically generates device routes to
all network interfaces. Can exist in as many instances as you wish
if you want to populate multiple routing tables with device routes.
protocol direct {
interface "-eth*", "*"; # Restrict network interfaces it works with
}
This pseudo-protocol performs synchronization between BIRD's routing
tables and the kernel. If your kernel supports multiple routing tables
(as Linux 2.2.x does), you can run multiple instances of the kernel
protocol and synchronize different kernel tables with different BIRD tables.

protocol kernel {

learn; # Learn all alien routes from the kernel
   persist;                # Don't remove routes on bird shutdown
   scan time 20;           # Scan kernel routing table every 20 seconds
import none; # Default is import all
   export all;             # Default is export none
kernel table 5; # Kernel table to synchronize with (default: main)

}

This pseudo-protocol watches all interface up/down events.

protocol device {

   scan time 10;           # Scan interfaces every 10 seconds

}

Static routes (again, there can be multiple instances, so that you
can disable/enable various groups of static routes on the fly).

protocol static {

disabled; # Disable by default
table testable; # Connect to a non-default table
preference 1000; # Default preference of routes
debug { states, routes, filters, interfaces, events, packets };
debug all;
route 0.0.0.0/0 via 198.51.100.13;
route 198.51.100.0/25 unreachable;
route 10.0.0.0/8 unreachable;
route 10.1.1.0:255.255.255.0 via 198.51.100.3;
route 10.1.2.0:255.255.255.0 via 198.51.100.3;
route 10.1.3.0:255.255.255.0 via 198.51.100.4;
route 10.2.0.0/24 via "arc0";

}

Pipe protocol connects two routing tables... Beware of loops.
protocol pipe {
peer table testable;
Define what routes do we export to this protocol / import from it.
import all; # default is all
export all; # default is none
import none; # If you wish to disable imports
import filter test_filter; # Use named filter
import where source = RTS_DEVICE; # Use explicit filter
}
RIP aka Rest In Pieces...
protocol rip MyRIP { # You can also use an explicit name
preference xyzzy;
debug all;
port 1520;
period 7;
infinity 16;
garbage time 60;
interface "*" { mode broadcast; };
honor neighbor; # To whom do we agree to send the routing table
honor always;
honor never;
passwords {
password "nazdar";
};
authentication none;
import filter { print "importing"; accept; };
export filter { print "exporting"; accept; };
}
protocol ospf MyOSPF {
tick 2;
rfc1583compat yes;
area 0.0.0.0 {
stub no;
interface "eth*" {
hello 9;
retransmit 6;
cost 10;
transmit delay 5;
dead count 5;
wait 50;
type broadcast;
authentication simple;
password "pass";
};
interface "arc0" {
rx buffer large;
type nonbroadcast;
poll 14;
dead 75;
neighbors {
10.1.1.2 eligible;
10.1.1.4;
};
strict nonbroadcast yes;
};
interface "xxx0" {
passwords {
password "abc" {
id 1;
generate to "22-04-2003 11:00:06";
accept to "17-01-2004 12:01:05";
};
password "def" {
id 2;
generate from "22-04-2003 11:00:07";
accept from "17-01-2003 12:01:05";
};
};
authentication cryptographic;
};
};
area 20 {
stub 1;
interface "ppp1" {
hello 8;
authentication none;
};
interface "fr*";
virtual link 192.168.0.1 {
password "sdsdffsdfg";
authentication cryptographic;
};
};
}
protocol bgp {
disabled;
description "My BGP uplink";
local as 65000;
neighbor 198.51.100.130 as 64496;
multihop;
hold time 240;
startup hold time 240;
connect retry time 120;
keepalive time 80; # defaults to hold time / 3
start delay time 5; # How long do we wait before initial connect
error wait time 60, 300;# Minimum and maximum time we wait after an error (when consecutive
# errors occur, we increase the delay exponentially ...
error forget time 300; # ... until this timeout expires)
disable after error; # Disable the protocol automatically when an error occurs
next hop self; # Disable next hop processing and always advertise our local address as nexthop
path metric 1; # Prefer routes with shorter paths (like Cisco does)
default bgp_med 0; # MED value we use for comparison when none is defined
default bgp_local_pref 0; # The same for local preference
source address 198.51.100.14; # What local address we use for the TCP connection
password "secret"; # Password used for MD5 authentication
rr client; # I am a route reflector and the neighor is my client
rr cluster id 1.0.0.1; # Use this value for cluster id instead of my router id
export where source=RTS_STATIC;
export filter {
if source = RTS_STATIC then {
bgp_community = -empty-; bgp_community = add(bgp_community,(65000,5678));
bgp_origin = 0;
bgp_community = -empty-; bgp_community.add((65000,5678));
if (65000,64501) ~ bgp_community then
bgp_community.add((0, 1));
if bgp_path ~ [= 65000 =] then
bgp_path.prepend(65000);
accept;
}
reject;
};
}
Template usage example
template bgp rr_client {
disabled;
local as 65000;
multihop;
rr client;
rr cluster id 1.0.0.1;
}
protocol bgp rr_abcd from rr_client {
neighbor 10.1.4.7 as 65000;
}

Danach muß Bird aufgerufen werden:

bird

Da ist man inder Bird Shell. Nun sollte mit

configure

der Bird einfach eingestellt werden können.