Benutzer:Peerco: Unterschied zwischen den Versionen

Aus FunkFeuer Wiki
Wechseln zu: Navigation, Suche
(Misc)
(OpenVPN tunnel)
Zeile 20: Zeile 20:
  
 
== OpenVPN tunnel ==
 
== OpenVPN tunnel ==
 +
 +
* http://ipkg.funkfeuer.at/autoupdate/freifunk-openwrt-autoupdate-1.7.4.8-0xff-markit-full.trx
 +
* http://ipkg.funkfeuer.at/ipkg/1.6/0xff-openvpn-webif_1.5.3_mipsel.ipk
 +
 +
leider ließ sich http://ipkg.funkfeuer.at/ipkg/1.7/0xff-openvpn-webif_1.7.1_mipsel.ipk nicht installieren
 +
 +
ipkg remove tcpdump<br>
 +
ipkg remove freifunk-tcpdump<br>
 +
ipkg install freifunk-tcpdump
 +
 +
<p>
 +
root@gru3ost:~# cat /etc/init.d/S42openvpn
 +
#!/bin/sh -e
 +
 +
DAEMON=/usr/sbin/openvpn
 +
CONFIG_DIR=/var/etc/openvpn
 +
VPN_IF=tap0
 +
test -x $DAEMON || exit 0
 +
test -d $CONFIG_DIR || mkdir $CONFIG_DIR
 +
 +
start_vpn () {
 +
 +
ff_openvpn_active="$(nvram get ff_openvpn_active)"
 +
ff_openvpn_host="$(nvram get ff_openvpn_host)"
 +
ff_openvpn_proto="$(nvram get ff_openvpn_proto)"
 +
ff_openvpn_port="$(nvram get ff_openvpn_port)"
 +
ff_openvpn_secret="$(nvram get ff_openvpn_secret)"
 +
ff_openvpn_ip="$(nvram get ff_openvpn_ip)"
 +
ff_openvpn_netmask="$(nvram get ff_openvpn_netmask)"
 +
ff_openvpn_noolsr="$(nvram get ff_openvpn_noolsr)"
 +
 +
if [ ! "$ff_openvpn_active" = "1" ]; then
 +
echo -n " OpenVPN not activated"
 +
echo
 +
exit 0
 +
fi
 +
 +
test -z "$ff_openvpn_host" && exit 0
 +
test -z "$ff_openvpn_port" && exit 0
 +
test -z "$ff_openvpn_ip" && exit 0
 +
test -z "$ff_openvpn_netmask" && exit 0
 +
 +
#create OpenVPN config
 +
 +
cat>$CONFIG_DIR/$VPN_IF.conf<<EOM
 +
dev            $VPN_IF
 +
proto          $ff_openvpn_proto
 +
remote          $ff_openvpn_host
 +
port            $ff_openvpn_port
 +
ifconfig        $ff_openvpn_ip $ff_openvpn_netmask
 +
route-up        /etc/openvpn/openvpn-webif-route-up.sh
 +
up              /etc/openvpn/openvpn-webif-if-up.sh
 +
down            /etc/openvpn/openvpn-webif-if-down.sh
 +
up-restart
 +
comp-lzo
 +
script-security 2
 +
verb 3
 +
EOM
 +
 +
if [ "$ff_openvpn_secret" = "1" ] && [ -f /etc/openvpn/$VPN_IF.secret ]; then
 +
cat>>$CONFIG_DIR/$VPN_IF.conf<<EOM
 +
secret          /etc/openvpn/$VPN_IF.secret"
 +
auth            sha1
 +
cipher          none
 +
EOM
 +
fi
 +
 +
#create OLSRd config
 +
 +
if [ "$ff_openvpn_noolsr" = "1" ]; then
 +
  echo > /tmp/etc/local.olsrd.conf-openvpn
 +
else
 +
 +
ff_ip4broad=$(nvram get ff_ip4broad)
 +
test -n "$ff_ip4broad" && ff_ip4broad="Ip4Broadcast $(nvram get ff_ip4broad)"
 +
 +
ff_openvpn_lq="$(nvram get ff_openvpn_lq)"
 +
test -n "$ff_openvpn_lq" && ff_lqmult="LinkQualityMult default $ff_openvpn_lq"
 +
 +
SPEED=$(nvram get ff_olsrspeed)
 +
test -z "$SPEED" && SPEED=5
 +
 +
if [ "0" != "$(nvram get ff_fisheye)" ];then
 +
  TCINT=$(( 2 * SPEED / 3 ))
 +
else
 +
  TCINT=$(( 2 * SPEED ))
 +
fi
 +
 +
cat>/tmp/etc/local.olsrd.conf-openvpn<<EOM
 +
# this file is automatically generated by openvpn-webif,
 +
# to define your own settings use /etc/local.olsrd.conf
 +
Interface "$VPN_IF"
 +
{
 +
        HelloInterval          $(( 1 * SPEED )).0
 +
        HelloValidityTime      $(( 25 * SPEED )).0
 +
        TcInterval              $TCINT.0
 +
        TcValidityTime          $(( 75 * SPEED )).0
 +
        MidInterval            $(( 5 * SPEED )).0
 +
        MidValidityTime        $(( 75 * SPEED )).0
 +
        HnaInterval            $(( 5 * SPEED )).0
 +
        HnaValidityTime        $(( 75 * SPEED )).0
 +
        $ff_ip4broad
 +
        $ff_lqmult
 +
}
 +
EOM
 +
fi
 +
 +
 +
    $DAEMON --daemon --writepid /var/run/openvpn.$VPN_IF.pid --config $CONFIG_DI
 +
R/$VPN_IF.conf --cd $CONFIG_DIR || echo -n " FAILED->"
 +
 +
    echo -n " $VPN_IF"
 +
}
 +
 +
 +
stop_vpn () {
 +
  kill `cat /var/run/openvpn.$VPN_IF.pid` || true
 +
  rm /var/run/openvpn.$VPN_IF.pid
 +
}
 +
 +
case "$1" in
 +
start)
 +
  echo -n "Starting openvpn:"
 +
 +
      start_vpn
 +
 +
  echo "."
 +
  ;;
 +
 +
stop)
 +
  echo -n "Stopping openvpn:"
 +
 +
    if test -e /var/run/openvpn.$VPN_IF.pid ; then
 +
      stop_vpn
 +
      echo -n " $VPN_IF"
 +
    else
 +
      echo -n " not running: $VPN_IF"
 +
    fi
 +
  echo "."
 +
  ;;
 +
 +
restart)
 +
  $0 stop
 +
  sleep 1
 +
  $0 start
 +
  ;;
 +
*)
 +
  echo "Usage: $0 {start|stop|restart}" >&2
 +
  exit 1
 +
  ;;
 +
esac
 +
 +
exit 0
 +
</p>
  
 
== Misc ==
 
== Misc ==

Version vom 28. Dezember 2010, 19:24 Uhr

Nodes

  • gru3 roof on the 5th floor
  • gru3ost base fallback tunnel kryptavpn

Servers

Hardware

  • WRAP Wireless Router Application Platform

Software

Docs

OpenVPN tunnel

leider ließ sich http://ipkg.funkfeuer.at/ipkg/1.7/0xff-openvpn-webif_1.7.1_mipsel.ipk nicht installieren

ipkg remove tcpdump
ipkg remove freifunk-tcpdump
ipkg install freifunk-tcpdump

root@gru3ost:~# cat /etc/init.d/S42openvpn

  1. !/bin/sh -e
DAEMON=/usr/sbin/openvpn CONFIG_DIR=/var/etc/openvpn VPN_IF=tap0 test -x $DAEMON || exit 0 test -d $CONFIG_DIR || mkdir $CONFIG_DIR start_vpn () { ff_openvpn_active="$(nvram get ff_openvpn_active)" ff_openvpn_host="$(nvram get ff_openvpn_host)" ff_openvpn_proto="$(nvram get ff_openvpn_proto)" ff_openvpn_port="$(nvram get ff_openvpn_port)" ff_openvpn_secret="$(nvram get ff_openvpn_secret)" ff_openvpn_ip="$(nvram get ff_openvpn_ip)" ff_openvpn_netmask="$(nvram get ff_openvpn_netmask)" ff_openvpn_noolsr="$(nvram get ff_openvpn_noolsr)" if [ ! "$ff_openvpn_active" = "1" ]; then echo -n " OpenVPN not activated" echo exit 0 fi test -z "$ff_openvpn_host" && exit 0 test -z "$ff_openvpn_port" && exit 0 test -z "$ff_openvpn_ip" && exit 0 test -z "$ff_openvpn_netmask" && exit 0
  1. create OpenVPN config
cat>$CONFIG_DIR/$VPN_IF.conf<<EOM dev $VPN_IF proto $ff_openvpn_proto remote $ff_openvpn_host port $ff_openvpn_port ifconfig $ff_openvpn_ip $ff_openvpn_netmask route-up /etc/openvpn/openvpn-webif-route-up.sh up /etc/openvpn/openvpn-webif-if-up.sh down /etc/openvpn/openvpn-webif-if-down.sh up-restart comp-lzo script-security 2 verb 3 EOM if [ "$ff_openvpn_secret" = "1" ] && [ -f /etc/openvpn/$VPN_IF.secret ]; then cat>>$CONFIG_DIR/$VPN_IF.conf<<EOM secret /etc/openvpn/$VPN_IF.secret" auth sha1 cipher none EOM fi
  1. create OLSRd config
if [ "$ff_openvpn_noolsr" = "1" ]; then echo > /tmp/etc/local.olsrd.conf-openvpn else ff_ip4broad=$(nvram get ff_ip4broad) test -n "$ff_ip4broad" && ff_ip4broad="Ip4Broadcast $(nvram get ff_ip4broad)" ff_openvpn_lq="$(nvram get ff_openvpn_lq)" test -n "$ff_openvpn_lq" && ff_lqmult="LinkQualityMult default $ff_openvpn_lq" SPEED=$(nvram get ff_olsrspeed) test -z "$SPEED" && SPEED=5 if [ "0" != "$(nvram get ff_fisheye)" ];then TCINT=$(( 2 * SPEED / 3 )) else TCINT=$(( 2 * SPEED )) fi cat>/tmp/etc/local.olsrd.conf-openvpn<<EOM
  1. this file is automatically generated by openvpn-webif,
  2. to define your own settings use /etc/local.olsrd.conf
Interface "$VPN_IF" { HelloInterval $(( 1 * SPEED )).0 HelloValidityTime $(( 25 * SPEED )).0 TcInterval $TCINT.0 TcValidityTime $(( 75 * SPEED )).0 MidInterval $(( 5 * SPEED )).0 MidValidityTime $(( 75 * SPEED )).0 HnaInterval $(( 5 * SPEED )).0 HnaValidityTime $(( 75 * SPEED )).0 $ff_ip4broad $ff_lqmult } EOM fi $DAEMON --daemon --writepid /var/run/openvpn.$VPN_IF.pid --config $CONFIG_DI R/$VPN_IF.conf --cd $CONFIG_DIR || echo -n " FAILED->" echo -n " $VPN_IF" } stop_vpn () { kill `cat /var/run/openvpn.$VPN_IF.pid` || true rm /var/run/openvpn.$VPN_IF.pid } case "$1" in start) echo -n "Starting openvpn:" start_vpn echo "."  ;; stop) echo -n "Stopping openvpn:" if test -e /var/run/openvpn.$VPN_IF.pid ; then stop_vpn echo -n " $VPN_IF" else echo -n " not running: $VPN_IF" fi echo "."  ;; restart) $0 stop sleep 1 $0 start  ;;
  • )
echo "Usage: $0 {start|stop|restart}" >&2 exit 1  ;; esac exit 0

Misc