Benutzer-Werkzeuge

Webseiten-Werkzeuge


Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen angezeigt.

Link zu dieser Vergleichsansicht

server_installation_mit_github_setup_script [2015/08/27 05:46] (aktuell)
gucky angelegt
Zeile 1: Zeile 1:
  
 +
 +Als erstes wird ein Standard Jessie installiert. Oder ein Upgrade auf Jessie gemacht. Wheezy geht aufgrund von Anhängigkeiten bei Python3 leider nicht mehr.
 +
 +Als nächstes wird git installiert.
 +
 +Apt-get install git
 +
 +Da dieses Howto prrimär für ff Bielefeld und Lemgo ist verwenden wir das DServer Setup von Bielefeld.
 +
 +git clone https://​github.com/​freifunk-bielefeld/​server-config.git
 +
 +In das Verzeichnis server-config wechseln
 +
 +cd server-config
 +
 +in der setup_server.sh die Variable
 +
 +run=1
 +
 +setzen.
 +
 +Da wir für worldstream.nl kein VPN brauchen wird
 +
 +setup_gateway=„false“
 +
 +gesetzt.
 +
 +Nun das Script ausführen.
 +
 +Nach der Installation muss die Datei /​etc/​fastd/​fastd.conf editiert werden:
 +
 +Der Secret Key muß eingefügt werden.
 +
 +Die /​opt/​freifunk/​update.sh muß editiert werden:
 +
 +Der Bereich mit dem OpenVPN muß auskommentiert werden:
 +
 +if [ „$gateway“ = „true“ ]; then
 +
 +  if ! is_running "​openvpn";​ then
 +  echo "(I) Start openvpn."​
 +  /​etc/​init.d/​openvpn start
 +  fi
 +
 +  if ! is_running "​tayga";​ then
 +  echo "(I) Start tayga."​
 +  tayga
 +  fi
 +
 +Begründung:​ Der VPN ZUgang wird gebraucht damit der Ausgang des Servers in einem ANderen Land liegt. Da der Server in diesme Fall selbst in einem anderen Lang lieg, braucht man auch kein VPN.
 +
 +Der IP Adress Bereich des Servers muß angepasst werden:
 +
 +if ip -6 addr add „$ip_addr/​64“ dev bat0 2> /dev/null; then
 +
 +     echo "(I) Set IP-Address of bat0 to $ip_addr"​
 +     ip addr add <IP v4 Adress Bereich des Servers in CIDR Notation https://​wiki.freifunk.net/​IP-Netze>​ broadcast <IP Adress Bereich des Servers> dev bat0
 +     ip -6 addr add <IP V6 Adress Bereich des Servers> ​ dev bat0
 +
 +Der NAT PT Knverter tayga muß auskommentiert werden:
 +
 +if [ „$gateway“ = „true“ ]; then
 +
 +  if ! is_running "​openvpn";​ then
 +  echo "(I) Start openvpn."​
 +  /​etc/​init.d/​openvpn start
 +  fi
 +
 +  if ! is_running "​tayga";​ then
 +  echo "(I) Start tayga."​
 +  tayga
 +  fi
 +
 +Mit
 +
 +batctl gw server 20000/20000 wird der Server zum Server gemacht. Die Alternative wäre ein Client.
 +
 +Mit
 +
 +apt-get install isc-dhcp-server
 +
 +muß der ISC DHCP Server installiert werden.
 +
 +Die /​etc/​dhcp/​dhcpd.conf muß angepasst werden:
 +
 +subnet 10.26.64.0 netmask 255.255.192.0 {
 +
 +     ​authoritative;​
 +     range 10.26.68.2 10.26.71.255;​
 +     ​option domain-name-servers 10.26.68.1, 62.141.38.230;​
 +     ​option domain-name "​dhcp.ffbi";​
 +     ​option routers 10.26.68.1;
 +     ​option broadcast-address 10.26.127.255;​
 +     ​option subnet-mask 255.255.192.0;​
 +     ​interface bat0;
 +     ​default-lease-time 600;
 +     ​max-lease-time 7200;
 +
 +}
 +
 +Hier müssen die IP adress bereiche ebenfalls angepasst werden. Wichtig hierbei: Das Interface auf dem der Server lauscht muß bat0 sein.
 +
 +Mit
 +
 +apt-get install bird
 +
 +Muß Bird installiert werden.
 +
 +Die Datei /​etc/​init/​bird.conf muß editiert werden:
 +
 +  bird - BIRD Internet Routing Daemon (IPv4)
 +
 +description „BIRD Internet Routing Daemon (IPv4)“ author „Ondřej Surý ondrej@debian.org“
 +
 +start on runlevel [2345] stop on runlevel [016]
 +
 +respawn pre-start script /​usr/​lib/​bird/​prepare-environment /​usr/​sbin/​bird -p end script
 +
 +script . /​etc/​bird/​envvars exec /​usr/​sbin/​bird -f -u $BIRD_RUN_USER -g $BIRD_RUN_GROUP $BIRD_ARGS end script
 +
 +Die /​etc/​bird/​bird.conf muß editiert werden: /*
 +
 +* This is an example configuration file. */
 +
 +  Yes, even shell-like comments work...
 +
 +  Configure logging
 +  log syslog { debug, trace, info, remote, warning, error, auth, fatal, bug };
 +  log stderr all;
 +  log "​tmp"​ all;
 +
 +  Override router ID
 +
 +router id 198.51.100.1;​
 +
 +  You can define your own symbols...
 +  define xyzzy = (120+10);
 +  define '​1a-a1'​ = (30+40);
 +
 +  Define a route filter...
 +  filter test_filter {
 +  if net ~ 10.0.0.0/16 then accept;
 +  else reject;
 +  }
 +
 +  filter sink { reject; }
 +  filter okay { accept; }
 +
 +  include "​filters.conf";​
 +
 +  Define another routing table
 +  table testable;
 +
 +  Turn on global debugging of all protocols
 +  debug protocols all;
 +
 +  The direct protocol automatically generates device routes to
 +  all network interfaces. Can exist in as many instances as you wish
 +  if you want to populate multiple routing tables with device routes.
 +  protocol direct {
 +  interface "​-eth*",​ "​*";​ # Restrict network interfaces it works with
 +  }
 +
 +  This pseudo-protocol performs synchronization between BIRD's routing
 +  tables and the kernel. If your kernel supports multiple routing tables
 +  (as Linux 2.2.x does), you can run multiple instances of the kernel
 +  protocol and synchronize different kernel tables with different BIRD tables.
 +
 +protocol kernel {
 +
 +  learn; # Learn all alien routes from the kernel
 +
 +     ​persist; ​               # Don't remove routes on bird shutdown
 +     scan time 20;           # Scan kernel routing table every 20 seconds
 +
 +  import none; # Default is import all
 +
 +     ​export all;             # Default is export none
 +
 +  kernel table 5; # Kernel table to synchronize with (default: main)
 +
 +}
 +
 +  This pseudo-protocol watches all interface up/down events.
 +
 +protocol device {
 +
 +     scan time 10;           # Scan interfaces every 10 seconds
 +
 +}
 +
 +  Static routes (again, there can be multiple instances, so that you
 +  can disable/​enable various groups of static routes on the fly).
 +
 +protocol static {
 +
 +  disabled; # Disable by default
 +  table testable; # Connect to a non-default table
 +  preference 1000; # Default preference of routes
 +  debug { states, routes, filters, interfaces, events, packets };
 +  debug all;
 +  route 0.0.0.0/0 via 198.51.100.13;​
 +  route 198.51.100.0/​25 unreachable;​
 +  route 10.0.0.0/8 unreachable;​
 +  route 10.1.1.0:​255.255.255.0 via 198.51.100.3;​
 +  route 10.1.2.0:​255.255.255.0 via 198.51.100.3;​
 +  route 10.1.3.0:​255.255.255.0 via 198.51.100.4;​
 +  route 10.2.0.0/24 via "​arc0";​
 +
 +}
 +
 +  Pipe protocol connects two routing tables... Beware of loops.
 +  protocol pipe {
 +  peer table testable;
 +  Define what routes do we export to this protocol / import from it.
 +  import all; # default is all
 +  export all; # default is none
 +  import none; # If you wish to disable imports
 +  import filter test_filter;​ # Use named filter
 +  import where source = RTS_DEVICE; # Use explicit filter
 +  }
 +
 +  RIP aka Rest In Pieces...
 +  protocol rip MyRIP { # You can also use an explicit name
 +  preference xyzzy;
 +  debug all;
 +  port 1520;
 +  period 7;
 +  infinity 16;
 +  garbage time 60;
 +  interface "​*"​ { mode broadcast; };
 +  honor neighbor; # To whom do we agree to send the routing table
 +  honor always;
 +  honor never;
 +  passwords {
 +  password "​nazdar";​
 +  };
 +  authentication none;
 +  import filter { print "​importing";​ accept; };
 +  export filter { print "​exporting";​ accept; };
 +  }
 +
 +  protocol ospf MyOSPF {
 +  tick 2;
 +  rfc1583compat yes;
 +  area 0.0.0.0 {
 +  stub no;
 +  interface "​eth*"​ {
 +  hello 9;
 +  retransmit 6;
 +  cost 10;
 +  transmit delay 5;
 +  dead count 5;
 +  wait 50;
 +  type broadcast;
 +  authentication simple;
 +  password "​pass";​
 +  };
 +  interface "​arc0"​ {
 +  rx buffer large;
 +  type nonbroadcast;​
 +  poll 14;
 +  dead 75;
 +  neighbors {
 +  10.1.1.2 eligible;
 +  10.1.1.4;
 +  };
 +  strict nonbroadcast yes;
 +  };
 +  interface "​xxx0"​ {
 +  passwords {
 +  password "​abc"​ {
 +  id 1;
 +  generate to "​22-04-2003 11:​00:​06";​
 +  accept to "​17-01-2004 12:​01:​05";​
 +  };
 +  password "​def"​ {
 +  id 2;
 +  generate from "​22-04-2003 11:​00:​07";​
 +  accept from "​17-01-2003 12:​01:​05";​
 +  };
 +  };
 +  authentication cryptographic;​
 +  };
 +  };
 +  area 20 {
 +  stub 1;
 +  interface "​ppp1"​ {
 +  hello 8;
 +  authentication none;
 +  };
 +  interface "​fr*";​
 +  virtual link 192.168.0.1 {
 +  password "​sdsdffsdfg";​
 +  authentication cryptographic;​
 +  };
 +  };
 +  }
 +
 +  protocol bgp {
 +  disabled;
 +  description "My BGP uplink";​
 +  local as 65000;
 +  neighbor 198.51.100.130 as 64496;
 +  multihop;
 +  hold time 240;
 +  startup hold time 240;
 +  connect retry time 120;
 +  keepalive time 80; # defaults to hold time / 3
 +  start delay time 5; # How long do we wait before initial connect
 +  error wait time 60, 300;# Minimum and maximum time we wait after an error (when consecutive
 +  # errors occur, we increase the delay exponentially ...
 +  error forget time 300; # ... until this timeout expires)
 +  disable after error; # Disable the protocol automatically when an error occurs
 +  next hop self; # Disable next hop processing and always advertise our local address as nexthop
 +  path metric 1; # Prefer routes with shorter paths (like Cisco does)
 +  default bgp_med 0; # MED value we use for comparison when none is defined
 +  default bgp_local_pref 0; # The same for local preference
 +  source address 198.51.100.14;​ # What local address we use for the TCP connection
 +  password "​secret";​ # Password used for MD5 authentication
 +  rr client; # I am a route reflector and the neighor is my client
 +  rr cluster id 1.0.0.1; # Use this value for cluster id instead of my router id
 +  export where source=RTS_STATIC;​
 +  export filter {
 +  if source = RTS_STATIC then {
 +  bgp_community = -empty-; bgp_community = add(bgp_community,​(65000,​5678));​
 +  bgp_origin = 0;
 +  bgp_community = -empty-; bgp_community.add((65000,​5678));​
 +  if (65000,​64501) ~ bgp_community then
 +  bgp_community.add((0,​ 1));
 +  if bgp_path ~ [= 65000 =] then
 +  bgp_path.prepend(65000);​
 +  accept;
 +  }
 +  reject;
 +  };
 +  }
 +  Template usage example
 +  template bgp rr_client {
 +  disabled;
 +  local as 65000;
 +  multihop;
 +  rr client;
 +  rr cluster id 1.0.0.1;
 +  }
 +  protocol bgp rr_abcd from rr_client {
 +  neighbor 10.1.4.7 as 65000;
 +  }
 +
 +Danach muß Bird aufgerufen werden:
 +
 +bird
 +
 +Da ist man inder Bird Shell. Nun sollte mit
 +
 +configure
 +
 +der Bird einfach eingestellt werden können. ​