Benutzer:Peerco: Unterschied zwischen den Versionen

Aus FunkFeuer Wiki
Wechseln zu: Navigation, Suche
(OpenVPN Tunnel mit BackFire Vienna)
(OpenVPN Tunnel mit BackFire Vienna)
Zeile 281: Zeile 281:
 
Auskunft hierüber liefert der Befehl "logread" auf einer SSH-Konsole.
 
Auskunft hierüber liefert der Befehl "logread" auf einer SSH-Konsole.
 
"option 'management' '127.0.0.1 31194'" kann auf neueren Backfire-Builds dieses Problem verursachen.
 
"option 'management' '127.0.0.1 31194'" kann auf neueren Backfire-Builds dieses Problem verursachen.
 +
 +
<br>
 
<b>update (mi001)</b>
 
<b>update (mi001)</b>
  

Version vom 24. Mai 2012, 16:51 Uhr

Brenner Besichtigung 07/07/2011

wag23 aktuell (Alte Donau)

Nodes

  • Wagramer Strasse 23 (Alte Donau)
  • Hornstein und Neufeld/a.d.L
  • wurde von 14.Gruschaplatz (gru3 & gru3ost) in die 22.Wagrammerstr. umgezogen
  • Hochmuthgasse 5 (Rennbahnweg)
  • ho5 (in Vorbereitung)

Servers

  • p4 web foto video
  • p4 12kbps 32kHz stereo aacp stream (winamp5)
  • wrap (zur Zeit offline)

(wenn nur via orange.at erreichbar)

  • p4 gru3
  • p4 12kbps 32kHz stereo aacp stream (winamp5)

wag23

ho5

Hardware

  • WRAP Wireless Router Application Platform

Software

Docs

OpenVPN tunnel

leider ließ sich http://ipkg.funkfeuer.at/ipkg/1.7/0xff-openvpn-webif_1.7.1_mipsel.ipk nicht installieren ipkg remove tcpdump
ipkg remove freifunk-tcpdump
ipkg install freifunk-tcpdump

Mit http://texas.funkfeuer.at/~markus/olsrd/0xff-olsrd/test/freifunk-openwrt-autoupdate-1.7.4.9-0xff-markit-recommended-vpn.trx nicht erforderlich, nur comp-lzo in der S42openvpn korrigieren, (compl-zo ist da falsch drin). 

root@gru3ost:~# cat /etc/init.d/S42openvpn

[..]

#create OpenVPN config

cat>$CONFIG_DIR/$VPN_IF.conf<<EOM
dev             $VPN_IF
proto           $ff_openvpn_proto
remote          $ff_openvpn_host
port            $ff_openvpn_port
ifconfig        $ff_openvpn_ip $ff_openvpn_netmask
route-up        /etc/openvpn/openvpn-webif-route-up.sh
up              /etc/openvpn/openvpn-webif-if-up.sh
down            /etc/openvpn/openvpn-webif-if-down.sh
up-restart

comp-lzo
script-security 2

verb 3
EOM

[..]


root@gru3ost:~# cat /etc/init.d/S45firewall

[..]

ins_nat() {
        LANNAT=
        case $WIFIDEV in "");;*)case $LANDEV in "");;*)if ! in_range $LANADR/$LA
NPRE;then
                use_nat

                # Setup alias and dest nat for an ethernet DMZ PC, e.g.
                # 172.31.255.254 on WLAN -> DMZ PC which has 192.168.1.2
                # Also add to olsrd.conf: "HNA4 172.31.255.254 255.255.255.255"
                IFS=\;
                devnum=0
                for dmz in $(nvram get ff_dmz); do
                        src=${dmz%[:,]*}
                        dst=${dmz#*[:,]}
                        ip addr add dev $WIFIDEV $src/32 label $WIFIDEV:$devnum
                        iptables -t nat -I PREROUTING -d $src -j DNAT --to $dst
                        iptables -I FORWARD -s ! $LANNET/$LANPRE -d $dst -j ACCE
PT
                        iptables -I FORWARD -s $dst -d ! $LANNET/$LANPRE -j ACCE
PT
                        iptables -I OUTPUT -o lo -s $src -d $src -j ACCEPT
                        iptables -I INPUT -i lo -s $src -j ACCEPT
                        devnum=$(( $devnum + 1 ))
                done
                unset IFS

                case $LANADR in "")
                        LANNAT=192.168.0.0/16
                ;;*)
                        LANNAT=$LANNET/$LANPRE
                ;;esac
                iptables -t nat -I POSTROUTING -o $WIFIDEV -s $LANNAT -d ! $LANN
AT -j MASQUERADE

                iptables -t nat -I POSTROUTING -o tap0 -s $LANNAT -d ! $LANNAT -
j MASQUERADE

        fi;;esac;;esac

        # Mask packets from these WLAN DHCP clients, so they can do
        # inet w/o OLSR unless HNA4 is to be used to accomplish this
        case $(nvram get ff_wldhcp_hna4) in 1);;*)
                ff_wldhcp=$(nvram get ff_wldhcp)
                case $ff_wldhcp in "");;*)
                        use_nat
                        IFS=\;
                        for wldhcp in $ff_wldhcp; do
                                iptables -t nat -I POSTROUTING -s ${wldhcp%[:,]*
} -j MASQUERADE
                        done
                        unset IFS
                ;;esac
        ;;esac
        case $WANDEV in "");;*)if in_range $WANADR/$WANPRE;then
                case $LANNAT in "");;*)
                        iptables -t nat -I POSTROUTING -o $WANDEV -s $LANNAT -d
! $LANNAT -j MASQUERADE
                ;;esac
        else
                use_nat
                iptables -t nat -I POSTROUTING -o $WANDEV -j MASQUERADE
        fi;;esac
}

[..]


System-Log:  Ein- / Ausblenden 
Jan  1 00:00:06 (none) syslog.info syslogd started: BusyBox v1.01 (2010.08.29-10:07+0000)
Jan  1 00:00:06 (none) kern.info kernel: CRONDOG: Timer margin: 600 sec
Jan  1 00:00:06 (none) kern.info kernel: Universal TUN/TAP device driver 1.5 (C)1999-2002 Maxim Krasnyansky
Jan  1 00:00:12 (none) kern.notice openvpn[443]: OpenVPN 2.1.1 mipsel-linux [LZO2] [EPOLL] built on Aug 29 2010
Jan  1 00:00:12 (none) kern.warn openvpn[443]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jan  1 00:00:12 (none) kern.warn openvpn[443]: ******* WARNING *******: OpenVPN built without OpenSSL -- encryption and authentication features disabled -- all data will be tunnelled as cleartext
Jan  1 00:00:12 (none) kern.notice openvpn[443]: LZO compression initialized
Jan  1 00:00:12 (none) kern.notice openvpn[443]: TUN/TAP device tap0 opened
Jan  1 00:00:12 (none) kern.notice openvpn[443]: TUN/TAP TX queue length set to 100
Jan  1 00:00:12 (none) kern.notice openvpn[443]: /usr/sbin/ip link set dev tap0 up mtu 1500
Jan  1 00:00:12 (none) kern.notice openvpn[443]: /usr/sbin/ip addr add dev tap0 78.41.112.211/24 broadcast 78.41.112.255
Jan  1 00:00:12 (none) kern.notice openvpn[443]: /etc/openvpn/openvpn-webif-if-up.sh tap0 1500 1533 78.41.112.211 255.255.255.0 init
Jan  1 00:00:13 (none) kern.notice openvpn[443]: Data Channel MTU parms [ L:1533 D:1450 EF:1 EB:135 ET:32 EL:0 AF:14/1 ]
Jan  1 00:00:13 (none) kern.notice openvpn[505]: Socket Buffers: R=[32767->65534] S=[32767->65534]
Jan  1 00:00:13 (none) kern.notice openvpn[505]: UDPv4 link local (bound): [undef]:5012
Jan  1 00:00:13 (none) kern.notice openvpn[505]: UDPv4 link remote: 78.41.115.228:5012
Jan  1 00:00:15 (none) kern.warn kernel: ip_conntrack version 2.1 (5953 buckets, 5953 max) - 332 bytes per conntrack
Jan  1 00:00:16 (none) kern.warn kernel: Flushing ip conntrack...
Jan  1 00:00:18 (none) daemon.info dnsmasq[747]: started, version 2.45 cachesize 150
Jan  1 00:00:18 (none) daemon.info dnsmasq[747]: compile time options: IPv6 GNU-getopt ISC-leasefile no-DBus no-I18N TFTP
Jan  1 00:00:18 (none) daemon.info dnsmasq[747]: DHCP, IP range 192.168.137.100 -- 192.168.137.103, lease time 12h
Jan  1 00:00:18 (none) daemon.info dnsmasq[747]: reading /var/run/resolv.dnsmasq
Jan  1 00:00:18 (none) daemon.info dnsmasq[747]: using nameserver 8.8.8.8#53
Jan  1 00:00:18 (none) daemon.info dnsmasq[747]: using nameserver 208.67.220.220#53
Jan  1 00:00:18 (none) daemon.info dnsmasq[747]: using nameserver 193.238.157.5#53
Jan  1 00:00:18 (none) daemon.info dnsmasq[747]: using nameserver 193.238.157.16#53
Jan  1 00:00:18 (none) daemon.info dnsmasq[747]: read /etc/hosts - 2 addresses
Jan  1 00:00:18 (none) daemon.info dnsmasq[747]: read /etc/local.hosts - 6 addresses
Jan  1 00:00:18 (none) daemon.info dnsmasq[747]: read /etc/ethers - 0 addresses
Jan  1 00:00:19 (none) kern.warn dropbear[807]: Failed reading '/etc/dropbear/dropbear_rsa_host_key', disabling RSA
Jan  1 00:00:20 (none) kern.info dropbear[812]: Running in background
Jan  1 00:00:22 (none) user.notice olsr/init: olsr/system: Starting olsrd...
Dec 31 12:00:01 (none) kern.info olsrd[972]: Writing '1' (was 1) to /proc/sys/net/ipv4/ip_forward
Dec 31 12:00:01 (none) kern.info olsrd[972]: Writing '0' (was 0) to /proc/sys/net/ipv4/conf/all/send_redirects
Dec 31 12:00:01 (none) kern.info olsrd[972]: Writing '0' (was 0) to /proc/sys/net/ipv4/conf/tap0/send_redirects
Dec 31 12:00:01 (none) kern.info olsrd[972]: Writing '0' (was 1) to /proc/sys/net/ipv4/conf/tap0/rp_filter
Dec 31 12:00:01 (none) kern.info olsrd[972]: Adding interface tap0 
Dec 31 12:00:01 (none) kern.info olsrd[972]: New main address: 78.41.112.211 
Dec 31 12:00:01 (none) kern.info olsrd[972]: Writing '0' (was 0) to /proc/sys/net/ipv4/conf/eth1/send_redirects
Dec 31 12:00:01 (none) kern.info olsrd[972]: Writing '0' (was 1) to /proc/sys/net/ipv4/conf/eth1/rp_filter
Dec 31 12:00:01 (none) kern.info olsrd[972]: Adding interface eth1 
Dec 31 12:00:01 (none) kern.info olsrd[972]: Writing '0' (was 0) to /proc/sys/net/ipv4/conf/vlan1/send_redirects
Dec 31 12:00:01 (none) kern.info olsrd[972]: Writing '0' (was 1) to /proc/sys/net/ipv4/conf/vlan1/rp_filter
Dec 31 12:00:01 (none) kern.info olsrd[972]: Adding interface vlan1 
Dec 31 12:00:01 (none) kern.info olsrd[972]: olsr.org -  pre-0.6.2-git_dd97fa3-hash_737916162b783a0a0151c72c37342856  - successfully started
Dec 31 12:00:01 (none) user.notice secureadmin:: started.
Dec 31 12:00:01 (none) kern.notice xrelayd[1016]: xrelayd.c:820 Listening for ssl connections on server port 443
Dec 31 12:00:05 (none) daemon.info srelay[1181]: Starting: MAX_CH(10)
Dec 31 12:00:07 (none) kern.notice openvpn[505]: Peer Connection Initiated with 78.41.115.228:5012
Dec 31 12:00:08 (none) kern.notice openvpn[505]: Initialization Sequence Completed
Mar 24 14:34:56 (none) kern.info rrdcollect[2440]: We just started
Mar 24 14:34:56 (none) kern.info rrdcollect[2440]: Update method: rrdlib
Mar 24 14:53:41 (none) syslog.info -- MARK --

OpenVPN Tunnel mit BackFire Vienna

config 'openvpn' 'to_krypta'
    option 'dev' 'tun'
    option 'management' '127.0.0.1 31194'
    option 'nobind' '1'
    option 'verb' '3'
    option 'remote' '78.41.115.228'
    option 'proto' 'udp'
    option 'dev_type' 'tap'
    option 'comp_lzo' '0'
    option 'enable' '1'
    option 'ifconfig' '193.238.xxx.xxx 255.255.25x.000' #dirch deine IP ersetzen
    option 'port' '50xx' # dein port

comp_lzo 0 oder 1 je nach dem man es braucht, muss aber gleich mit der Server Seite sein

Quelle https://lists.funkfeuer.at/pipermail/wien/2011-July/007687.html by Joe

danach nunmehr das tap device im Netzwerk hinzufügen

genauso läuft hornstein, vorübergehend auf dem Tunnelport für den schareck

Update: (Erich) Wenn der Tunnel einfach nicht starten will, ist womöglich eine nicht unterstützte Option eingetragen. Auskunft hierüber liefert der Befehl "logread" auf einer SSH-Konsole. "option 'management' '127.0.0.1 31194'" kann auf neueren Backfire-Builds dieses Problem verursachen.


update (mi001) 

config openvpn 'to_krypta'
        option dev 'tun'
        option nobind '1'
        option verb '3'
        option remote '78.41.115.228'
        option port '50xx'
        option dev_type 'tap'
        option proto 'udp'
        option ifconfig '78.41.11x.xxx 255.255.255.0'
        option comp_lzo '1'
        option enable '1'
        option keepalive '2 10'

WRAP & ALIX

Fonera

  • Freischalten Channel 13
  • Version von FreiFunk (Sven Ola) wien unter Fonera mit OLSR beschrieben ist
  • Kamikaze, da funkzioniert das nicht so wie bei der Freifunk Firmware von Sven Ola. Hier ist für die Freischaltung nur ein Eintrag im /etc/config/wireless unter config 'wifi-device' und zwar option 'country' '276' notwendig. 
bei mir sieht es so aus

cat /etc/config/wireless

config 'wifi-device' 'wifi0'
        option 'type' 'atheros'
        option 'distance' '15000'
        option 'diversity' '0'
        option 'country' '276'
        option 'channel' '13'

config 'wifi-iface'
        option 'device' 'wifi0'
        option 'network' 'wlan'
        option 'mode' 'adhoc'
        option 'mcast_rate' '5500'
        option 'encryption' 'none'
        option 'rate' '5500'
        option 'ssid' 'v13.freiesnetz.www.funkfeuer.at'
        option 'bssid' '26:A7:D4:E4:4F:4D'

Misc

linksys 

Legaler Grenzwert:     20   dBm  = 100 mW
Kabel/Stecker-Verlust:  3   dB
Antennengewinn:         8.5 dBi
Ergebnis:              58   qdBm =  28 mW

eth1      unknown transmit-power information.

          Current Tx-Power:14 dBm       (25 mW)

Legaler Grenzwert:     20   dBm  = 100 mW
Kabel/Stecker-Verlust:  3   dB
Antennengewinn:         6   dBi
Ergebnis:              68   qdBm =  50 mW

eth1      unknown transmit-power information.

          Current Tx-Power:17 dBm       (50 mW)

fonera 

ath0      8 available transmit-powers :
          0 dBm         (1 mW)
          4 dBm         (2 mW)
          6 dBm         (3 mW)
          8 dBm         (6 mW)
          10 dBm        (10 mW)
          12 dBm        (15 mW)
          14 dBm        (25 mW)
          16 dBm        (39 mW)
          Current Tx-Power:16 dBm       (39 mW)

leistung allgemein 

 0 dBm =   1 mW =  1 qdBm (24 dBi Antenne -5 dB Kabel/Stecker)
 1 dBm =   1 mW =  4 qdBm (24 dBi Antenne -5 dB Kabel/Stecker)
 2 dBm =   2 mW =  8 qdBm
 3 dBm =   2 mW = 12 qdBm (20 dBi Antenne -3 dB Kabel/Stecker) 
 4 dBm =   3 mW = 16 qdBm
 5 dBm =   3 mW = 20 qdBm
 6 dBm =   4 mW = 24 qdBm
 7 dBm =   5 mW = 28 qdBm
 8 dBm =   6 mW = 32 qdBm
 9 dBm =   8 mW = 36 qdBm
10 dBm =  10 mW = 40 qdBm
11 dBm =  13 mW = 44 qdBm
12 dBm =  16 mW = 48 qdBm
13 dBm =  20 mW = 52 qdBm
14 dBm =  25 mW = 56 qdBm
15 dBm =  32 mW = 60 qdBm (8 dBi Antenne -3 dB Kabel/Stecker)
16 dBm =  40 mW = 64 qdBm
17 dBm =  50 mW = 68 qdBm (4 dBi Antenne -1 dB Kabel/Stecker)
18 dBm =  63 mW = 72 qdBm
19 dBm =  79 mW = 76 qdBm
20 dBm = 100 mW = 80 qdBm (0 dBi Antenne -0 dB Kabel/Stecker)
21 dBm = 126 mW = 84 qdBm
22 dBm = 158 mW = 88 qdBm
23 dBm = 200 mW = 92 qdBm
24 dBm = 251 mW = 96 qdBm

Notizen

gru3 - Gruschaplatz 3 - alte GPS 48.19457925291452;16.283304691314697 frontend 48 11 41 16 17 0
gru3ost - Gruschaplatz 3 - alte GPS 48.194548857439884;16.28334492444992 frontend 48 11 40 16 17 1

wag23 - Wagramerstrasse 23/1 - GPS 48.23561590674427;16.42226256430149 frontend 48 14 8.25 16 25 19.96
wag23ost - Wagramerstrasse 23/1 - GPS 48.23552077360733;16.42235577106476 frontend 48 14 7.7 16 25 20.6

nux

pk@nux
pk@nux

NAT traversal

http://samy.pl/pwnat/
http://m19s28.dyndns.org/iblech/nat-traverse/#vpn-ppp
Von „https://oldwiki.funkfeuer.at/index.php?title=Benutzer:Peerco&oldid=12690