https://wiki.netz39.de/ Wed, 13 May 2026 02:25:12 +0000 FeedCreator 1.8 https://wiki.netz39.de/_media/logo.png https://wiki.netz39.de/ https://wiki.netz39.de/freifunk:gateway:example?rev=1613158855&do=diff <pre> @@ -1 +1,170 @@ + ====== Gateway Configuration ====== + + ===== Operating System ===== + + * Debian Wheezy + + ===== APT ===== + + ==== /etc/apt/sources.list ==== + + &lt;code&gt; + deb http://repo.universe-factory.net/debian/ sid main + deb http://debian.draic.info/ wheezy main + deb-src http://debian.draic.info/ wheezy main + &lt;/code&gt; + + ==== Installed packages ==== + + * OpenVPN + + ===== OpenVPN ===== + + ==== IPredator ==== + Checked on 09.06.2020 + + /etc/openvpn/ipredator.conf: + + &lt;code&gt; + client + dev-type tun + dev ipredator + proto udp + remote pw.openvpn.ipredator.se 1194 + remote pw.openvpn.ipredator.me 1194 + remote pw.openvpn.ipredator.es 1194 + resolv-retry infinite + nobind + persist-key + persist-tun + comp-lzo + verb 3 + remote-cert-tls server + auth-user-pass /etc/openvpn/ipredator.auth + auth-retry nointeract + + ca [inline] + + tls-client + tls-auth [inline] + ns-cert-type server + remote-cert-tls server + remote-cert-ku 0x00e0 + + keepalive 10 30 + cipher AES-256-CBC + tun-mtu 1500 + passtos + replay-window 512 60 + route-noexec + + script-security 2 + up /etc/openvpn/ipredator-up + up-restart /etc/openvpn/ipredator-up + + &lt;ca&gt; + -----BEGIN CERTIFICATE----- + MIIFJzC... + -----END CERTIFICATE----- + &lt;/ca&gt; + + &lt;tls-auth&gt; + -----BEGIN OpenVPN Static key V1----- + 03f7b2... + -----END OpenVPN Static key V1----- + &lt;/tls-auth&gt; + &lt;/code&gt; + /etc/openvpn/ipredator-up: + + &lt;code&gt; + #!/bin/sh + IP=$4 + BASE=&quot;$(echo $IP | cut -d. -f1-3)&quot; + LSV=&quot;$(echo $IP | cut -d. -f4)&quot; + if test $LSV -gt 128; then + LSV=128 + else + LSV=0 + fi + echo $LSV + GW=$BASE.$((LSV+1)) + SERVER=$BASE.$((LSV+2)) + + ip route add $SERVER/32 via 217.79.189.1 + + ip route del 0.0.0.0/1 table 42 + ip route del 128.0.0.0/1 table 42 + + ip route add 0.0.0.0/1 via $GW table 42 + ip route add 128.0.0.0/1 via $GW table 42 + exit 0 + &lt;/code&gt; + /etc/openvpn/ipredator.auth + + &lt;code&gt; + &lt;username&gt; + &lt;password&gt; + &lt;/code&gt; + ===== Fastd ===== + updated 09.06.2020 + ==== Backbone ==== + + /etc/fastd/backbone/fastd.conf: + + &lt;code&gt; + log to syslog level info; + mtu 1426; + method &quot;salsa2012+umac&quot;; + method &quot;salsa2012+gmac&quot;; + include &quot;secret.conf&quot;; + user &quot;fastd&quot;; + bind any:9999; + include peers from &quot;peers&quot;; + #on up &quot; + #dnsmasq -i bat0 + #&quot;; + interface &quot;mesh-vpn-backbone&quot;; + on up &quot; + ip link set address be:98:1f:07:ff:52 up dev $INTERFACE + batctl if add $INTERFACE + &quot;; + + &lt;/code&gt; + /etc/fastd/backbone/secret.conf + + &lt;code&gt; + secret &quot;dsfhjjds...&quot;; + &lt;/code&gt; + + ==== FFMD ==== + /etc/fastd/magdeburg/fastd.conf: + + &lt;code&gt; + log to syslog level info; + mtu 1312; + method &quot;salsa2012+umac&quot;; + method &quot;salsa2012+gmac&quot;; + include &quot;secret.conf&quot;; + user &quot;fastd&quot;; + bind any:10001; + include peers from &quot;peers&quot;; + #on up &quot; + #dnsmasq -i bat0 + #&quot;; + interface &quot;mesh-vpn&quot;; + on up &quot; + ip link set address be:98:1f:07:ff:b3 up dev $INTERFACE + batctl if add $INTERFACE + &quot;; + on verify async &quot;true&quot;; + + &lt;/code&gt; + + /etc/fastd/magdeburg/secret.conf + + ===== Changelog ===== + Updated + + - 2020-06-09 20:24 von kwasir + </pre> anonymous@undisclosed.example.com (Anonymous) Fri, 12 Feb 2021 19:40:55 +0000 https://wiki.netz39.de/freifunk:gateway:konfiguration?rev=1591727750&do=diff <pre> @@ -1 +1,103 @@ + ====== Konfiguration ====== + ===== Dienste ===== + + ^Name ^Zweck ^ffmd-repo ^Ort ^inst. Version ^autostart ^sonstiges ^ + |[[https://github.com/tcatm/alfred|alfred]] |mesh-metadaten |[[http://github.com/freifunkmd/alfred|alfred]] | | | |[[https://github.com/tcatm/alfred|alfred]] |mesh-metadaten |[[http://github.com/freifunkmd/alfred|alfred]] | + |[[https://github.com/tcatm/alfred-json|alfred-json]] |json aus alfred erstellen |[[https://github.com/FreifunkMD/alfred-json|alfred-json]] | |0.2-5-gad51202 | + |[[http://www.open-mesh.org/projects/batman-adv/wiki/Doc-overview|batman-adv]] |mesh-protokoll |- | | + |[[https://projects.universe-factory.net/projects/fastd/wiki|fastd]] |mesh-protokoll |- | |v17 | + |[[https://github.com/freifunkhamburg/ffmap-backend|ffmap-backend]] |backend zu Map |[[https://github.com/FreifunkMD/ffmap-backend|ffmap-backend]] |/opt/ffmap-backend/ | + |[[https://github.com/freifunkhamburg/ffmap-d3|ffmap-d3]] |map |[[https://github.com/FreifunkMD/ffmap-d3|ffmap-d3]] |/var/www/map/ | | |anpassen der neuen Version (grüner/blauer Punkt) \\ /var/www/map/config.json Variable: current-firmware | + |[[https://github.com/FreifunkMD/statistik-panel|ffmap-stat-panel]] |Statistik für Panel im Space |- |/opt/ffmap-stat-panel \\ /var/www/map | + |[[http://github.com/baldo/ffffng/|ffffng]] |Registerformular |[[https://github.com/FreifunkMD/ffffng|ffffng]] |/home/fastdform/opt/ | + |[[https://openvpn.net/|openvpn]] + + + ===== Reihenfolge der Dienste ===== + + * siehe https://pad.n39.eu/p/freifunk-gateway-startup bzw. https://pad.n39.eu/p/freifunk21 + + * openvpn (erzeugt device mullvad) + + * fastd (erzeugt device ffmd-mesh-vpn, erzeugt nach startup bat0 + * &lt;del&gt;tinc (erzeugt device icvpn)&lt;/del&gt; + * bird + * bird6 + * isc-dhcp-server ( (DHCP nur auf GW1 ) + * unbounds + * &lt;del&gt;radvd&lt;/del&gt; + * alfred (alfred nur auf GW1 ) + * &lt;del&gt;batadv-vis&lt;/del&gt; + geprüft am 09.06.2020 + ===== Start der notwendigen Dienste nach reboot ===== + + * die Datei start-gateway.sh ausführen (als root) + &lt;code&gt; + #!/bin/sh + service openvpn start + sleep 5 + service fastd start + sleep 5 + #service tinc start + #sleep 5 + #service bird start + #service bird6 start + service isc-dhcp-server start + service pdns start + service unbound start + service radvd start + service alfred start + service batadv-vis start + &lt;/code&gt; + + * [[freifunk:gateway:example|example Konfiguration]] + + ===== WEB1: prometheus (Statistik-Datenbank) ===== + + * http:%%//%%37.120.170.49:9090/graph -&gt; Oberfläche + * config: /etc/prometheus/prometheus.yml + &lt;code&gt; + global: + scrape_interval: 1m + scrape_timeout: 10s + evaluation_interval: 1m + scrape_configs: + - job_name: prometheus + honor_timestamps: true + scrape_interval: 1m + scrape_timeout: 10s + metrics_path: /metrics + scheme: http + static_configs: + - targets: + - localhost:9090 + - job_name: hopglass + honor_timestamps: true + scrape_interval: 1m + scrape_timeout: 10s + metrics_path: /metrics + scheme: http + static_configs: + - targets: + - web1.md.freifunk.net:4000 + + &lt;/code&gt; + + * systemctl start/stop prometheus-systemd + * liegt unter: /etc/systemd/system/prometheus-systemd.service + &lt;code&gt; + [Unit] + Description=Prometheus service + After=network.target + + [Service] + User=prometheus + Group=nogroup + ExecStart=/usr/sbin/prometheus -config.file /etc/prometheus/prometheus.yml -storage.local.path /var/lib/prometheus/data -web.console.templates /etc/prometheus/consoles -web.console.libraries /etc/prometheus/console_libraries -storage.local.retention 760h0m0s + ExecReload=/bin/kill -HUP $MAINPID + Restart=always + + [Install] + WantedBy=multi-user.target + &lt;/code&gt; </pre> anonymous@undisclosed.example.com (Anonymous) Tue, 09 Jun 2020 18:35:50 +0000