Benutzer:Peerco: Unterschied zwischen den Versionen

Aus FunkFeuer Wiki
Wechseln zu: Navigation, Suche
(OpenVPN Tunnel mit BackFire Vienna)
(OpenVPN Tunnel mit BackFire Vienna)
Zeile 272: Zeile 272:
  
 
Quelle https://lists.funkfeuer.at/pipermail/wien/2011-July/007687.html by Joe
 
Quelle https://lists.funkfeuer.at/pipermail/wien/2011-July/007687.html by Joe
 
  
 
danach nunmehr das tap device im Netzwerk hinzufügen
 
danach nunmehr das tap device im Netzwerk hinzufügen
 
  
 
genauso läuft hornstein, vorübergehend auf dem Tunnelport für den schareck
 
genauso läuft hornstein, vorübergehend auf dem Tunnelport für den schareck

Version vom 20. Juli 2011, 19:00 Uhr

Brenner Besichtigung 07/07/2011

wag23 aktuell (Alte Donau)

Nodes

  • Wagramer Strasse 23 (Alte Donau)
  • Hornstein und Neufeld/a.d.L
  • wurde von 14.Gruschaplatz (gru3 & gru3ost) in die 22.Wagrammerstr. umgezogen
  • Hochmuthgasse 5 (Rennbahnweg)
  • ho5 (in Vorbereitung)

Servers

  • p4 web foto video
  • p4 12kbps 32kHz stereo aacp stream (winamp5)
  • wrap (zur Zeit offline)

(wenn nur via orange.at erreichbar)

  • p4 gru3
  • p4 12kbps 32kHz stereo aacp stream (winamp5)

wag23

ho5

Hardware

  • WRAP Wireless Router Application Platform

Software

Docs

OpenVPN tunnel

leider ließ sich http://ipkg.funkfeuer.at/ipkg/1.7/0xff-openvpn-webif_1.7.1_mipsel.ipk nicht installieren ipkg remove tcpdump
ipkg remove freifunk-tcpdump
ipkg install freifunk-tcpdump

Mit http://texas.funkfeuer.at/~markus/olsrd/0xff-olsrd/test/freifunk-openwrt-autoupdate-1.7.4.9-0xff-markit-recommended-vpn.trx nicht erforderlich, nur comp-lzo in der S42openvpn korrigieren, (compl-zo ist da falsch drin).

root@gru3ost:~# cat /etc/init.d/S42openvpn

[..]

#create OpenVPN config

cat>$CONFIG_DIR/$VPN_IF.conf<<EOM
dev             $VPN_IF
proto           $ff_openvpn_proto
remote          $ff_openvpn_host
port            $ff_openvpn_port
ifconfig        $ff_openvpn_ip $ff_openvpn_netmask
route-up        /etc/openvpn/openvpn-webif-route-up.sh
up              /etc/openvpn/openvpn-webif-if-up.sh
down            /etc/openvpn/openvpn-webif-if-down.sh
up-restart
comp-lzo
script-security 2
verb 3
EOM

[..]

root@gru3ost:~# cat /etc/init.d/S45firewall

[..]

ins_nat() {
        LANNAT=
        case $WIFIDEV in "");;*)case $LANDEV in "");;*)if ! in_range $LANADR/$LA
NPRE;then
                use_nat

                # Setup alias and dest nat for an ethernet DMZ PC, e.g.
                # 172.31.255.254 on WLAN -> DMZ PC which has 192.168.1.2
                # Also add to olsrd.conf: "HNA4 172.31.255.254 255.255.255.255"
                IFS=\;
                devnum=0
                for dmz in $(nvram get ff_dmz); do
                        src=${dmz%[:,]*}
                        dst=${dmz#*[:,]}
                        ip addr add dev $WIFIDEV $src/32 label $WIFIDEV:$devnum
                        iptables -t nat -I PREROUTING -d $src -j DNAT --to $dst
                        iptables -I FORWARD -s ! $LANNET/$LANPRE -d $dst -j ACCE
PT
                        iptables -I FORWARD -s $dst -d ! $LANNET/$LANPRE -j ACCE
PT
                        iptables -I OUTPUT -o lo -s $src -d $src -j ACCEPT
                        iptables -I INPUT -i lo -s $src -j ACCEPT
                        devnum=$(( $devnum + 1 ))
                done
                unset IFS

                case $LANADR in "")
                        LANNAT=192.168.0.0/16
                ;;*)
                        LANNAT=$LANNET/$LANPRE
                ;;esac
                iptables -t nat -I POSTROUTING -o $WIFIDEV -s $LANNAT -d ! $LANN
AT -j MASQUERADE
                iptables -t nat -I POSTROUTING -o tap0 -s $LANNAT -d ! $LANNAT -
j MASQUERADE
        fi;;esac;;esac

        # Mask packets from these WLAN DHCP clients, so they can do
        # inet w/o OLSR unless HNA4 is to be used to accomplish this
        case $(nvram get ff_wldhcp_hna4) in 1);;*)
                ff_wldhcp=$(nvram get ff_wldhcp)
                case $ff_wldhcp in "");;*)
                        use_nat
                        IFS=\;
                        for wldhcp in $ff_wldhcp; do
                                iptables -t nat -I POSTROUTING -s ${wldhcp%[:,]*
} -j MASQUERADE
                        done
                        unset IFS
                ;;esac
        ;;esac
        case $WANDEV in "");;*)if in_range $WANADR/$WANPRE;then
                case $LANNAT in "");;*)
                        iptables -t nat -I POSTROUTING -o $WANDEV -s $LANNAT -d
! $LANNAT -j MASQUERADE
                ;;esac
        else
                use_nat
                iptables -t nat -I POSTROUTING -o $WANDEV -j MASQUERADE
        fi;;esac
}

[..]

System-Log:  Ein- / Ausblenden 
Jan  1 00:00:06 (none) syslog.info syslogd started: BusyBox v1.01 (2010.08.29-10:07+0000)
Jan  1 00:00:06 (none) kern.info kernel: CRONDOG: Timer margin: 600 sec
Jan  1 00:00:06 (none) kern.info kernel: Universal TUN/TAP device driver 1.5 (C)1999-2002 Maxim Krasnyansky
Jan  1 00:00:12 (none) kern.notice openvpn[443]: OpenVPN 2.1.1 mipsel-linux [LZO2] [EPOLL] built on Aug 29 2010
Jan  1 00:00:12 (none) kern.warn openvpn[443]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jan  1 00:00:12 (none) kern.warn openvpn[443]: ******* WARNING *******: OpenVPN built without OpenSSL -- encryption and authentication features disabled -- all data will be tunnelled as cleartext
Jan  1 00:00:12 (none) kern.notice openvpn[443]: LZO compression initialized
Jan  1 00:00:12 (none) kern.notice openvpn[443]: TUN/TAP device tap0 opened
Jan  1 00:00:12 (none) kern.notice openvpn[443]: TUN/TAP TX queue length set to 100
Jan  1 00:00:12 (none) kern.notice openvpn[443]: /usr/sbin/ip link set dev tap0 up mtu 1500
Jan  1 00:00:12 (none) kern.notice openvpn[443]: /usr/sbin/ip addr add dev tap0 78.41.112.211/24 broadcast 78.41.112.255
Jan  1 00:00:12 (none) kern.notice openvpn[443]: /etc/openvpn/openvpn-webif-if-up.sh tap0 1500 1533 78.41.112.211 255.255.255.0 init
Jan  1 00:00:13 (none) kern.notice openvpn[443]: Data Channel MTU parms [ L:1533 D:1450 EF:1 EB:135 ET:32 EL:0 AF:14/1 ]
Jan  1 00:00:13 (none) kern.notice openvpn[505]: Socket Buffers: R=[32767->65534] S=[32767->65534]
Jan  1 00:00:13 (none) kern.notice openvpn[505]: UDPv4 link local (bound): [undef]:5012
Jan  1 00:00:13 (none) kern.notice openvpn[505]: UDPv4 link remote: 78.41.115.228:5012
Jan  1 00:00:15 (none) kern.warn kernel: ip_conntrack version 2.1 (5953 buckets, 5953 max) - 332 bytes per conntrack
Jan  1 00:00:16 (none) kern.warn kernel: Flushing ip conntrack...
Jan  1 00:00:18 (none) daemon.info dnsmasq[747]: started, version 2.45 cachesize 150
Jan  1 00:00:18 (none) daemon.info dnsmasq[747]: compile time options: IPv6 GNU-getopt ISC-leasefile no-DBus no-I18N TFTP
Jan  1 00:00:18 (none) daemon.info dnsmasq[747]: DHCP, IP range 192.168.137.100 -- 192.168.137.103, lease time 12h
Jan  1 00:00:18 (none) daemon.info dnsmasq[747]: reading /var/run/resolv.dnsmasq
Jan  1 00:00:18 (none) daemon.info dnsmasq[747]: using nameserver 8.8.8.8#53
Jan  1 00:00:18 (none) daemon.info dnsmasq[747]: using nameserver 208.67.220.220#53
Jan  1 00:00:18 (none) daemon.info dnsmasq[747]: using nameserver 193.238.157.5#53
Jan  1 00:00:18 (none) daemon.info dnsmasq[747]: using nameserver 193.238.157.16#53
Jan  1 00:00:18 (none) daemon.info dnsmasq[747]: read /etc/hosts - 2 addresses
Jan  1 00:00:18 (none) daemon.info dnsmasq[747]: read /etc/local.hosts - 6 addresses
Jan  1 00:00:18 (none) daemon.info dnsmasq[747]: read /etc/ethers - 0 addresses
Jan  1 00:00:19 (none) kern.warn dropbear[807]: Failed reading '/etc/dropbear/dropbear_rsa_host_key', disabling RSA
Jan  1 00:00:20 (none) kern.info dropbear[812]: Running in background
Jan  1 00:00:22 (none) user.notice olsr/init: olsr/system: Starting olsrd...
Dec 31 12:00:01 (none) kern.info olsrd[972]: Writing '1' (was 1) to /proc/sys/net/ipv4/ip_forward
Dec 31 12:00:01 (none) kern.info olsrd[972]: Writing '0' (was 0) to /proc/sys/net/ipv4/conf/all/send_redirects
Dec 31 12:00:01 (none) kern.info olsrd[972]: Writing '0' (was 0) to /proc/sys/net/ipv4/conf/tap0/send_redirects
Dec 31 12:00:01 (none) kern.info olsrd[972]: Writing '0' (was 1) to /proc/sys/net/ipv4/conf/tap0/rp_filter
Dec 31 12:00:01 (none) kern.info olsrd[972]: Adding interface tap0 
Dec 31 12:00:01 (none) kern.info olsrd[972]: New main address: 78.41.112.211 
Dec 31 12:00:01 (none) kern.info olsrd[972]: Writing '0' (was 0) to /proc/sys/net/ipv4/conf/eth1/send_redirects
Dec 31 12:00:01 (none) kern.info olsrd[972]: Writing '0' (was 1) to /proc/sys/net/ipv4/conf/eth1/rp_filter
Dec 31 12:00:01 (none) kern.info olsrd[972]: Adding interface eth1 
Dec 31 12:00:01 (none) kern.info olsrd[972]: Writing '0' (was 0) to /proc/sys/net/ipv4/conf/vlan1/send_redirects
Dec 31 12:00:01 (none) kern.info olsrd[972]: Writing '0' (was 1) to /proc/sys/net/ipv4/conf/vlan1/rp_filter
Dec 31 12:00:01 (none) kern.info olsrd[972]: Adding interface vlan1 
Dec 31 12:00:01 (none) kern.info olsrd[972]: olsr.org -  pre-0.6.2-git_dd97fa3-hash_737916162b783a0a0151c72c37342856  - successfully started
Dec 31 12:00:01 (none) user.notice secureadmin:: started.
Dec 31 12:00:01 (none) kern.notice xrelayd[1016]: xrelayd.c:820 Listening for ssl connections on server port 443
Dec 31 12:00:05 (none) daemon.info srelay[1181]: Starting: MAX_CH(10)
Dec 31 12:00:07 (none) kern.notice openvpn[505]: Peer Connection Initiated with 78.41.115.228:5012
Dec 31 12:00:08 (none) kern.notice openvpn[505]: Initialization Sequence Completed
Mar 24 14:34:56 (none) kern.info rrdcollect[2440]: We just started
Mar 24 14:34:56 (none) kern.info rrdcollect[2440]: Update method: rrdlib
Mar 24 14:53:41 (none) syslog.info -- MARK --

OpenVPN Tunnel mit BackFire Vienna

config 'openvpn' 'to_krypta'
    option 'dev' 'tun'
    option 'management' '127.0.0.1 31194'
    option 'nobind' '1'
    option 'verb' '3'
    option 'remote' '78.41.115.228'
    option 'proto' 'udp'
    option 'dev_type' 'tap'
    option 'comp_lzo' '0'
    option 'enable' '1'
    option 'ifconfig' '193.238.xxx.xxx 255.255.25x.000' #dirch deine IP ersetzen
    option 'port' '50xx' # dein port

comp_lzo 0 oder 1 je nach dem man es braucht, muss aber gleich mit der Server Seite sein

Quelle https://lists.funkfeuer.at/pipermail/wien/2011-July/007687.html by Joe

danach nunmehr das tap device im Netzwerk hinzufügen

genauso läuft hornstein, vorübergehend auf dem Tunnelport für den schareck

WRAP & ALIX

Fonera

  • Freischalten Channel 13
  • Version von FreiFunk (Sven Ola) wien unter Fonera mit OLSR beschrieben ist
  • Kamikaze, da funkzioniert das nicht so wie bei der Freifunk Firmware von Sven Ola. Hier ist für die Freischaltung nur ein Eintrag im /etc/config/wireless unter config 'wifi-device' und zwar option 'country' '276' notwendig.
bei mir sieht es so aus

cat /etc/config/wireless

config 'wifi-device' 'wifi0'
        option 'type' 'atheros'
        option 'distance' '15000'
        option 'diversity' '0'
        option 'country' '276'
        option 'channel' '13'

config 'wifi-iface'
        option 'device' 'wifi0'
        option 'network' 'wlan'
        option 'mode' 'adhoc'
        option 'mcast_rate' '5500'
        option 'encryption' 'none'
        option 'rate' '5500'
        option 'ssid' 'v13.freiesnetz.www.funkfeuer.at'
        option 'bssid' '26:A7:D4:E4:4F:4D'

Misc

linksys

Legaler Grenzwert:     20   dBm  = 100 mW
Kabel/Stecker-Verlust:  3   dB
Antennengewinn:         8.5 dBi
Ergebnis:              58   qdBm =  28 mW

eth1      unknown transmit-power information.

          Current Tx-Power:14 dBm       (25 mW)
Legaler Grenzwert:     20   dBm  = 100 mW
Kabel/Stecker-Verlust:  3   dB
Antennengewinn:         6   dBi
Ergebnis:              68   qdBm =  50 mW

eth1      unknown transmit-power information.

          Current Tx-Power:17 dBm       (50 mW)

fonera

ath0      8 available transmit-powers :
          0 dBm         (1 mW)
          4 dBm         (2 mW)
          6 dBm         (3 mW)
          8 dBm         (6 mW)
          10 dBm        (10 mW)
          12 dBm        (15 mW)
          14 dBm        (25 mW)
          16 dBm        (39 mW)
          Current Tx-Power:16 dBm       (39 mW)

leistung allgemein

 0 dBm =   1 mW =  1 qdBm (24 dBi Antenne -5 dB Kabel/Stecker)
 1 dBm =   1 mW =  4 qdBm (24 dBi Antenne -5 dB Kabel/Stecker)
 2 dBm =   2 mW =  8 qdBm
 3 dBm =   2 mW = 12 qdBm (20 dBi Antenne -3 dB Kabel/Stecker) 
 4 dBm =   3 mW = 16 qdBm
 5 dBm =   3 mW = 20 qdBm
 6 dBm =   4 mW = 24 qdBm
 7 dBm =   5 mW = 28 qdBm
 8 dBm =   6 mW = 32 qdBm
 9 dBm =   8 mW = 36 qdBm
10 dBm =  10 mW = 40 qdBm
11 dBm =  13 mW = 44 qdBm
12 dBm =  16 mW = 48 qdBm
13 dBm =  20 mW = 52 qdBm
14 dBm =  25 mW = 56 qdBm
15 dBm =  32 mW = 60 qdBm (8 dBi Antenne -3 dB Kabel/Stecker)
16 dBm =  40 mW = 64 qdBm
17 dBm =  50 mW = 68 qdBm (4 dBi Antenne -1 dB Kabel/Stecker)
18 dBm =  63 mW = 72 qdBm
19 dBm =  79 mW = 76 qdBm
20 dBm = 100 mW = 80 qdBm (0 dBi Antenne -0 dB Kabel/Stecker)
21 dBm = 126 mW = 84 qdBm
22 dBm = 158 mW = 88 qdBm
23 dBm = 200 mW = 92 qdBm
24 dBm = 251 mW = 96 qdBm

Notizen

gru3 - Gruschaplatz 3 - alte GPS 48.19457925291452;16.283304691314697 frontend 48 11 41 16 17 0
gru3ost - Gruschaplatz 3 - alte GPS 48.194548857439884;16.28334492444992 frontend 48 11 40 16 17 1
wag23 - Wagramerstrasse 23/1 - GPS 48.23561590674427;16.42226256430149 frontend 48 14 8.25 16 25 19.96
wag23ost - Wagramerstrasse 23/1 - GPS 48.23552077360733;16.42235577106476 frontend 48 14 7.7 16 25 20.6