Freifunk/Gateways
Aktueller Stand
Momentan haben wir:
* VPN 1 (Netcup KVM) * VPN 2 (Hetzner Hardware) * VPN 6 (Hetzner Hardware)
Zukunftspläne
Es Gibt die idee auf den Hetzner Servern KVM Maschinen laufen zu lassen um die Hardware besser Auszunutzen. Dafür gab es folgenden Plan: 1. Aufsetzen einer KVM installation auf einer Hetzner Maschine (z.B. die von Yela) 2. Installieren eines VPN Gateways (VPN 7) in der VM
* Eventuell kann der Traffic über VPN 6 umgeleitet werden weil bei Hetzner interner Traffic kostenlos ist.
3. Testen ob das Gateway gut funktioniert. 4. Wenn alles läuft VPN 2 abschalten und den Traffic über VPN 7 abwickeln 5. Wenn das stabil läuft VPN 2 Platt machen und eine KVM installation einrichten. 6. Auf dem alten VPN 2 Neue Gateways als VMs installieren
Archiv
root@vpn3:~# cat /etc/fastd/mesh/fastd.conf bind 5.45.97.249:12345 interface "eth0"; # Set the user, fastd will work as user "nobody"; # Set the interface name interface "mesh-vpn"; # Set the mode, the interface will work as mode tap; # Set the mtu of the interface (salsa2012 with ipv6 will need 1406) # Stimmt mit der ausgerollten ueberein mtu 1406; # Set the methods (aes128-gcm preferred, salsa2012+umac preferred for nodes) method "aes128-gcm"; method "salsa2012+umac"; method "salsa2012+gmac"; # Secret key generated by `fastd --generate-key` secret "xxx"; # Log everything to syslog log to syslog level debug; # Include peers from our git-repos include peers from "/etc/fastd/mesh/nodes"; # Configure a shell command that is run on connection attempts by unknown peers (true means, all attempts are accepted) on verify "true"; # Configure a shell command that is run when fastd comes up on up " # # /etc/fastd/fastd.up modprobe batman-adv ip link set dev $INTERFACE address ca:fe:13:37:00:03 ip link set dev $INTERFACE up batctl if add $INTERFACE batctl if add gre1 batctl gw server 1024Mbit/1024Mbit batctl vm server ifup bat0 ";
root@vpn3:~# cat /etc/network/interfaces # This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). # The loopback network interface auto lo iface lo inet loopback up ip a a 185.66.194.66/32 dev lo || true # The primary network interface auto eth0 iface eth0 inet static address 5.45.97.249/22 netmask 255.255.252.0 broadcast 5.45.99.255 gateway 5.45.96.1 up /usr/local/bin/filter || true up ip link add gre1 type gretap local 5.45.97.249 remote 37.120.170.107 dev eth0 || true up ip link set up gre1 || true # dus auto ffrl0 iface ffrl0 inet static address 100.64.0.203 network 100.64.0.203 netmask 255.255.255.254 pre-up ip tunnel add ffrl0 mode gre remote 185.66.193.1 local 5.45.97.249 ttl 64 up ip link set mtu 1400 dev ffrl0 up ip -6 a a 2a03:2260:0:6b::2/64 dev ffrl0 post-down ip tunnel del ffrl0 # fra auto ffrl1 iface ffrl1 inet static address 100.64.0.205 network 100.64.0.205 netmask 255.255.255.254 pre-up ip tunnel add ffrl1 mode gre remote 185.66.194.0 local 5.45.97.249 ttl 64 up ip link set mtu 1400 dev ffrl1 up ip -6 a a 2a03:2260:0:6c::2/64 dev ffrl1 post-down ip tunnel del ffrl1 manual bat0 iface bat0 inet static pre-up modprobe batman-adv address 10.109.0.44 network 10.109.0.0 netmask 255.255.0.0 up ip -6 a a fde6:36fc:c985::44/64 dev bat0 up ip ru a iif bat0 lookup 201 down ip ru del iif bat0 lookup 201 up start-stop-daemon -b --start --exec /usr/sbin/alfred -- -i bat0 -b bat0 up start-stop-daemon -b --start --exec /usr/sbin/batadv-vis -- -i bat0 -s root@vpn3:~#