====== Gateway Configuration ======

===== Operating System =====

  * Debian Wheezy

===== APT =====

==== /etc/apt/sources.list ====

<code>
deb http://repo.universe-factory.net/debian/ sid main
deb http://debian.draic.info/ wheezy main
deb-src http://debian.draic.info/ wheezy main
</code>

==== Installed packages ====

  * OpenVPN

===== OpenVPN =====

==== IPredator ====
Checked on 09.06.2020 

/etc/openvpn/ipredator.conf:

<code>
client
dev-type tun
dev ipredator
proto udp
remote pw.openvpn.ipredator.se 1194
remote pw.openvpn.ipredator.me 1194
remote pw.openvpn.ipredator.es 1194
resolv-retry infinite
nobind
persist-key 
persist-tun
comp-lzo
verb 3
remote-cert-tls server
auth-user-pass /etc/openvpn/ipredator.auth
auth-retry nointeract

ca [inline]

tls-client
tls-auth [inline]
ns-cert-type server
remote-cert-tls server
remote-cert-ku 0x00e0 

keepalive 10 30
cipher AES-256-CBC
tun-mtu 1500
passtos
replay-window 512 60
route-noexec

script-security 2
up /etc/openvpn/ipredator-up
up-restart /etc/openvpn/ipredator-up

<ca>
-----BEGIN CERTIFICATE-----
MIIFJzC...
-----END CERTIFICATE-----
</ca>

<tls-auth>
-----BEGIN OpenVPN Static key V1-----
03f7b2...
-----END OpenVPN Static key V1-----
</tls-auth>
</code>
/etc/openvpn/ipredator-up:

<code>
#!/bin/sh
IP=$4
BASE="$(echo $IP | cut -d. -f1-3)"
LSV="$(echo $IP | cut -d. -f4)"
if test $LSV -gt 128; then
    LSV=128
else
    LSV=0
fi
echo $LSV
GW=$BASE.$((LSV+1))
SERVER=$BASE.$((LSV+2))

ip route add $SERVER/32 via 217.79.189.1

ip route del 0.0.0.0/1 table 42
ip route del 128.0.0.0/1 table 42

ip route add 0.0.0.0/1 via $GW table 42
ip route add 128.0.0.0/1 via $GW table 42
exit 0
</code>
/etc/openvpn/ipredator.auth

<code>
<username>
<password>
</code>
===== Fastd =====
updated 09.06.2020
==== Backbone ====

/etc/fastd/backbone/fastd.conf:

<code>
log to syslog level info;
mtu 1426;
method "salsa2012+umac";
method "salsa2012+gmac";
include "secret.conf";
user "fastd";
bind any:9999;
include peers from "peers";
#on up "
#dnsmasq -i bat0
#";
interface "mesh-vpn-backbone";
on up "
ip link set address be:98:1f:07:ff:52 up dev $INTERFACE
batctl if add $INTERFACE
";

</code>
/etc/fastd/backbone/secret.conf

<code>
secret "dsfhjjds...";
</code>

==== FFMD ====
/etc/fastd/magdeburg/fastd.conf:

<code>
log to syslog level info;
mtu 1312;
method "salsa2012+umac";
method "salsa2012+gmac";
include "secret.conf";
user "fastd";
bind any:10001;
include peers from "peers";
#on up "
#dnsmasq -i bat0
#";
interface "mesh-vpn";
on up "
ip link set address be:98:1f:07:ff:b3 up dev $INTERFACE
batctl if add $INTERFACE
";
on verify async "true";

</code>

/etc/fastd/magdeburg/secret.conf

===== Changelog =====
Updated 

- 2020-06-09 20:24 von kwasir