Inhaltsverzeichnis

Gateway Configuration

Operating System

APT

/etc/apt/sources.list

deb http://repo.universe-factory.net/debian/ sid main
deb http://debian.draic.info/ wheezy main
deb-src http://debian.draic.info/ wheezy main

Installed packages

OpenVPN

IPredator

Checked on 09.06.2020

/etc/openvpn/ipredator.conf:

client
dev-type tun
dev ipredator
proto udp
remote pw.openvpn.ipredator.se 1194
remote pw.openvpn.ipredator.me 1194
remote pw.openvpn.ipredator.es 1194
resolv-retry infinite
nobind
persist-key 
persist-tun
comp-lzo
verb 3
remote-cert-tls server
auth-user-pass /etc/openvpn/ipredator.auth
auth-retry nointeract

ca [inline]

tls-client
tls-auth [inline]
ns-cert-type server
remote-cert-tls server
remote-cert-ku 0x00e0 

keepalive 10 30
cipher AES-256-CBC
tun-mtu 1500
passtos
replay-window 512 60
route-noexec

script-security 2
up /etc/openvpn/ipredator-up
up-restart /etc/openvpn/ipredator-up

<ca>
-----BEGIN CERTIFICATE-----
MIIFJzC...
-----END CERTIFICATE-----
</ca>

<tls-auth>
-----BEGIN OpenVPN Static key V1-----
03f7b2...
-----END OpenVPN Static key V1-----
</tls-auth>

/etc/openvpn/ipredator-up:

#!/bin/sh
IP=$4
BASE="$(echo $IP | cut -d. -f1-3)"
LSV="$(echo $IP | cut -d. -f4)"
if test $LSV -gt 128; then
    LSV=128
else
    LSV=0
fi
echo $LSV
GW=$BASE.$((LSV+1))
SERVER=$BASE.$((LSV+2))

ip route add $SERVER/32 via 217.79.189.1

ip route del 0.0.0.0/1 table 42
ip route del 128.0.0.0/1 table 42

ip route add 0.0.0.0/1 via $GW table 42
ip route add 128.0.0.0/1 via $GW table 42
exit 0

/etc/openvpn/ipredator.auth

<username>
<password>

Fastd

updated 09.06.2020

Backbone

/etc/fastd/backbone/fastd.conf:

log to syslog level info;
mtu 1426;
method "salsa2012+umac";
method "salsa2012+gmac";
include "secret.conf";
user "fastd";
bind any:9999;
include peers from "peers";
#on up "
#dnsmasq -i bat0
#";
interface "mesh-vpn-backbone";
on up "
ip link set address be:98:1f:07:ff:52 up dev $INTERFACE
batctl if add $INTERFACE
";

/etc/fastd/backbone/secret.conf

secret "dsfhjjds...";

FFMD

/etc/fastd/magdeburg/fastd.conf:

log to syslog level info;
mtu 1312;
method "salsa2012+umac";
method "salsa2012+gmac";
include "secret.conf";
user "fastd";
bind any:10001;
include peers from "peers";
#on up "
#dnsmasq -i bat0
#";
interface "mesh-vpn";
on up "
ip link set address be:98:1f:07:ff:b3 up dev $INTERFACE
batctl if add $INTERFACE
";
on verify async "true";

/etc/fastd/magdeburg/secret.conf

Changelog

Updated

- 2020-06-09 20:24 von kwasir