Dieses Wiki ist ein Archiv bis 2023. Das aktuelle Wiki findet sich unter https://wiki.hamburg.ccc.de/
Freifunk:VPN2
Es wird noch ein Gerät gesucht, dass die Funktion eines 2. VPN Servers übernehmen kann.
Auf dem Gerät soll TINC und quagga benutzt werden.
Dieser VPN Knoten steht hinter einem NAT Router und hat keine öffentliche IP(v4) Adresse, bzw. weitergeleiteten Port. Daher verbindet sich dieser Node mit anderen Nodes, aber ist selbst nicht zu erreichen (ausgenommen IPv6).
Contents
- 1 Interfaces
- 2 TINC-VPN
- 2.1 ICVPN
- 2.1.1 icvpn/tincd.conf
- 2.1.2 icvpn/tinc-down
- 2.1.3 icvpn/tinc-up
- 2.1.4 icvpn/hosts/augsburg1
- 2.1.5 icvpn/hosts/aurich1
- 2.1.6 icvpn/hosts/berlin1
- 2.1.7 icvpn/hosts/camp1
- 2.1.8 icvpn/hosts/erfurt1
- 2.1.9 icvpn/hosts/erfurt2
- 2.1.10 icvpn/hosts/ffhallevpn1
- 2.1.11 icvpn/hosts/hamburg1
- 2.1.12 icvpn/hosts/hamburg2
- 2.1.13 icvpn/hosts/leipzig1
- 2.1.14 icvpn/hosts/leipzig2
- 2.1.15 icvpn/hosts/treuenbrietzen1
- 2.1.16 icvpn/hosts/weimarvpn1
- 2.1.17 icvpn/hosts/wien1
- 2.1.18 icvpn/hosts/zagreb1
- 2.2 FFHH
- 2.1 ICVPN
Interfaces
eth0
1: eth0: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:50:8b:e8:70:5c brd ff:ff:ff:ff:ff:ff
inet 10.112.213.16/12 brd 10.127.255.255 scope global eth0
inet6 fe80::250:8bff:fee8:705c/64 scope link
valid_lft forever preferred_lft forever
eth1
2: eth1: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:50:8b:e8:70:5d brd ff:ff:ff:ff:ff:ff
inet6 2001:6f8:126f:1::1:1/128 scope global
valid_lft forever preferred_lft forever
inet6 fe80::250:8bff:fee8:705d/64 scope link
valid_lft forever preferred_lft forever
icvpn
47: icvpn: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen 500
link/ether 8e:f5:cc:de:f0:1f brd ff:ff:ff:ff:ff:ff
inet 10.207.0.10/16 brd 10.207.255.255 scope global icvpn
inet6 fec0::a:cf:0:a/96 scope site
valid_lft forever preferred_lft forever
inet6 fe80::8cf5:ccff:fede:f01f/64 scope link
valid_lft forever preferred_lft forever
ffhh
48: ffhh: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen 500
link/ether 72:73:df:56:a0:f1 brd ff:ff:ff:ff:ff:ff
inet 10.112.1.2/12 brd 10.127.255.255 scope global ffhh
inet6 fe80::7073:dfff:fe56:a0f1/64 scope link
valid_lft forever preferred_lft forever
TINC-VPN
ICVPN
Das ICVPN (InterCity VPN) ist ein VPN das zwischen verschiedenen Freifunk und Freenetwork Initiativen aufgebaut wurde. Zweck dieses VPN ist es, die regionalen IP Bereiche den anderen Teilnehmern des VPNs bekannt zu machen.
icvpn/tincd.conf
Addressfamily = any Name = hamburg2 PrivateKeyFile = /etc/tinc/icvpn/rsa_key.priv Mode = Switch PingTimeout = 30 Port = 656 Hostnames=yes MACExpire = 30 MaxTimeout = 300 GraphDumpFile = /tmp/tinc-icvpn ConnectTo = hamburg1 ConnectTo = berlin1 ConnectTo = wien1 ConnectTo = leipzig1 ConnectTo = leipzig2 ConnectTo = ffhallevpn1 ConnectTo = erfurt1 ConnectTo = erfurt2 ConnectTo = aurich1 ConnectTo = zagreb1 ConnectTo = augsburg1 ConnectTo = treuenbrietzen1
icvpn/tinc-down
#!/bin/sh /sbin/ip link set dev $INTERFACE down /sbin/ip addr del 10.207.0109 dev $INTERFACE /sbin/ip -6 addr del fec0::a:cf:0:a/96 dev $INTERFACE
icvpn/tinc-up
#!/bin/sh /sbin/ip addr add dev $INTERFACE 10.207.0.10/16 broadcast 10.207.255.255 /sbin/ip link set dev $INTERFACE up /sbin/ip -6 addr add fec0::a:cf:0:a/96 dev $INTERFACE
icvpn/hosts/augsburg1
Address = augsburg1.ath.cx -----BEGIN RSA PUBLIC KEY----- MIGJAoGBALVQaY0axASCewZdfMPbxUBwphhoDHKzm0SvpietNy0gy+43Jb+N/Cs+ d9l9HlAS2ngrCAahVm/GRA3iYHH2i5JdZnzxPFKdkefcZFz7x0ZDaqeqpb2YLWFs z2LPm37OCcsi9NPZtvDG+0Nas370xDn/6uZhCd0gAplDuI+3m0vRAgMBAAE= -----END RSA PUBLIC KEY-----
icvpn/hosts/aurich1
Address = 217.7.143.189 -----BEGIN RSA PUBLIC KEY----- MIGJAoGBAMTmDsazE1oEcjoMdiVtRtRyY1YX13DtK7O3sYdNMUjQA1Zn+OgDPRxm okwOAvT6ZqWr9xLmYWose3Vh7x4wuuNRuGaKgbB0bqWGWBlYeaqTTKGT9V/eJalj n3of5UZQkTDpYHd4RWNRbYKT69sLfR4/8gmp4EUbAPD4JRBrUGPvAgMBAAE= -----END RSA PUBLIC KEY-----
icvpn/hosts/berlin1
address = vpn-ic1.berlin.freifunk.net -----BEGIN RSA PUBLIC KEY----- MIGJAoGBALfEgQh1Po7B5/IP57pZT0iRjY+8GVfGgkYB7dFIANk/iSWjThe9pERm x4GGx2NNoiNoDVdUtSz41oIc65bd651G01e2A1bnFQ9qRc9rZ/S91SqpO0+KheYw judU2Mc81XkKQ38e9rgtU/OvWOF1Hq2EOOork2cePsC8QRa9oAa5AgMBAAE= -----END RSA PUBLIC KEY-----
icvpn/hosts/camp1
-----BEGIN RSA PUBLIC KEY----- MIGJAoGBALUjTBei1ZVRQ0jiNTiKbeT88QN4+ufwp2ZjBWvlirnSaAbcZHbqb65/ hDQTRPkfcNr3XWdEjOivXp3KqB8TlXWQSwCmKcdBarle/DGSOMcpXZdKXO0olMXs uZMwf87ZY+VCgzXxV2amFXGIClWOTwM+Rr9n88Li75k4WiKpYVYpAgMBAAE= -----END RSA PUBLIC KEY-----
icvpn/hosts/erfurt1
address = t35thr.dyndns.org -----BEGIN RSA PUBLIC KEY----- MIGJAoGBAMB63H0OfUEUPoWPbM3tCCHQm+N9f8z0GDc7+fk+/8x09CuW6xmpfdm6 vYrR6ceUsjRUhT/cIO6PhF3bUnaI7otAXHDSK4idvq99Z0miEvHWpJ9W0ZnbuUa4 UeBJP0yCZLL4su7IPpdBWToPrgBHy43CAEnwdEHkp5iKE7zFscaPAgMBAAE= -----END RSA PUBLIC KEY-----
icvpn/hosts/erfurt2
Address = 195.190.142.204 Port = 655 -----BEGIN RSA PUBLIC KEY----- MIGJAoGBALAoLEYO/u/V0qfnTiGgTD40RtWpQdh5YPy6kmBvkHJ0/WMAr2o1nGFg FMJAQEMsiPp8LRLp3nsX9r0loW+sD5OMSe2zhR6rEo/e94x4tJxbSZr/5X52Kl+p iKGoiDVeiv5zwbwS0CjKD2mVmHC7z95xzLe+DARTbpwMHbLiqAHlAgMBAAE= -----END RSA PUBLIC KEY-----
icvpn/hosts/ffhallevpn1
Address = vpn1.freifunk-halle.de Address = 88.198.51.136 Port = 655 -----BEGIN RSA PUBLIC KEY----- MIGJAoGBALF/Wu4pe+f3dHeLYApHxUnOGUBzpNREUet6nDp80uWT/dph7h6Yqtz2 XMkifjDjSDnHPa1l1LwWFXkTKVQLH4lUrDuadXMU+BSEJWO36vg/A9E3AjbzoTA7 RY6Gzx+FOXqTGOtqzEPMLkBGTrslerpw9JzfCgLlxLLCXg8Tri8ZAgMBAAE= -----END RSA PUBLIC KEY-----
icvpn/hosts/hamburg1
Address = 2001:6f8:982:e1::1:1 Port = 655 -----BEGIN RSA PUBLIC KEY----- MIGJAoGBAL5ld4OnWv52XD8q0MbfW+DLUe2lCaHLyf4XacwqOhjvS5RH+iAyPgIc BZJEtmKjW+FrPRLTtJVeptlLWGJr+EE2/G3fq0/AbQDhzIT7OnqCNGrMC1YzNOZm C8CVyiPwELdvBL+Z7j6Jq545/1zZ/H+z1EK6xuucjhwITFqMQrdxAgMBAAE= -----END RSA PUBLIC KEY-----
icvpn/hosts/hamburg2
Address = vpn2.hamburg.freifunk.net Port = 656 -----BEGIN RSA PUBLIC KEY----- MIGJAoGBAKE101EjT+PGZOp8mqkscn7ZSB/82cdidJVtxm5g9fyH8S6cK4c/flC8 7Ye24uBv/qlajN9DBha6/Xdfzekg5GrqaAgyR2mkTKQNOWL72W3igDgas1YYgKZR /bJoAJj1RHbSUaVCVVZKbmLMgwYtfB26zZ9ErnELKNnejPnk6lChAgMBAAE= -----END RSA PUBLIC KEY-----
icvpn/hosts/leipzig1
Address = vpn1.leipzig.freifunk.net -----BEGIN RSA PUBLIC KEY----- MIGJAoGBAKL7eWHmD2Rn6IP7JlSWtkphokN785g8nccBmfcjbwEwiZv+EFaVoid/ 0dPfvHaX0GaQGOhpef3PVHEbIMuU8dD9+7WbXO3+hUSIAfHoIdGK7n8qFtzTpzqn HAWcgneIE+sZVZRKC0B3VyQ8XujHuLCrQYkjRmVzvbb4cSzE+YhxAgMBAAE= -----END RSA PUBLIC KEY-----
icvpn/hosts/leipzig2
Address = vpn2.leipzig.freifunk.net -----BEGIN RSA PUBLIC KEY----- MIGJAoGBALf6n7zN7GDf50k4F1+JbOde/7WGKc8HtaCNyIV93PeSFz1IiGpf8Vnn 9xGl64X+5i07gH9l81Cx2/cgSqY3XYSTCVrCCaAJN5jnoQbubfQTojx/e0ZKDXeO WVtjm6Y+TcqBLJ2TRAxmtyc3VX5VBfU3N3yaYZv3G+RzKNFI1VX7AgMBAAE= -----END RSA PUBLIC KEY-----
icvpn/hosts/treuenbrietzen1
Address = shonyt.mine.nu -----BEGIN RSA PUBLIC KEY----- MIGJAoGBANbR3LhhWFNt9ak//ZTReEuNQHjibgTAM+cNTDwLevudrP3y9htxTzgF UZDHnkbDqwrYNjnuaMLIik7ljj5aKQd+fXmv3S+sFvvaPnm+e7Fpt+r/ReTnS6su iOdmQ7XgC/b6r5ISjGhSheHcVSNMmbDWwYISSpDTu9S5qcUAkp1jAgMBAAE= -----END RSA PUBLIC KEY-----
icvpn/hosts/weimarvpn1
Address = 87.118.106.19 Subnet = 10.207.0.3/32 Subnet = 10.207.0.4/32 Subnet = 104.63.0.0/16 Port = 655
icvpn/hosts/wien1
Address = 213.129.230.186 Address = wien1.icvpn.funkfeuer.at Address = 193.239.188.20 -----BEGIN RSA PUBLIC KEY----- MIGJAoGBAJ6ORemNoaEZLgCCvbHU3j3DA4+kKyVvZFPIs63MMQvCneazLs9Jc/bM zmUo/TaApxHKIiLJU0TjbXGU/gT/ocSpmxgUGm66zwidYx+6HEOjAg0qnx5kuS/l dmjVMsPBtStau9OBo79jaBalM2+P+bR7wqugFOWn5E9cV7iUouGrAgMBAAE= -----END RSA PUBLIC KEY-----
icvpn/hosts/zagreb1
Address = dugave-wireless.dnsalias.net Subnet = 10.207.2.1 Subnet = fec0::a:cf:2:1 -----BEGIN RSA PUBLIC KEY----- MIGJAoGBAMXSLakW9TVO6q+Mqyj1exWPOtz/UAYYnsFh9/ViGV/XxousEz7vyzkP qzTjsjGlrvFXUa4gEy903Zff3p4vpxHUvBPNyWaydOXqHL8JMIfXl1pF/kNzcOdG Oy2ZLTS66DMtaoEXI+go/jMj0Spp+AFISbdcTp8FEjiOhDjBDrTxAgMBAAE= -----END RSA PUBLIC KEY-----
FFHH
Das Freifunk Hamburg (FFHH) Interface fuer die regionale Vernetzung.
ffhh/tinc.conf
AddressFamily=ipv4 Name = vpn2 PrivateKeyFile = /etc/tinc/ffhh/rsa_key.priv Mode = Switch PingTimeout = 30 Port = 657 GraphDumpFile = /tmp/tinc-ffhh Hostnames=yes # We only connect to infrastructure nodes. ConnectTo = vpn1 # Clients can connect to infrastructure, but we don't connect to clients (which may be offline). ## CCCHH #ConnectTo = lok72 # ## Dennis #ConnectTo = elan # # ## Cnud ##ConnectTo = cgre # ## JensM ##ConnectTo = Stockholm # #ConnectTo = harburg1
ffhh/tinc-down
#!/bin/sh /sbin/ip addr del 10.112.1.2 dev $INTERFACE
ffhh/tinc-up
#!/bin/sh /sbin/ip addr add dev $INTERFACE 10.112.1.2/12 broadcast 10.127.255.255 /sbin/ip link set dev $INTERFACE up
ffhh/hosts/vpn1
Address = 62.206.27.20 Port = 656 -----BEGIN RSA PUBLIC KEY----- MIGJAoGBAKVI9lNEiJ3JVDuXhsLKdqhE+k14bCM8cYaAReNrzBSDODxuLm+pPKwo +7SgYW2/vAdnbFX689yKIs9inbQGNrakQQS/84pQ4TyN+H1dkhmxn5hweF/Ci3Qp UxzfjeVmeH2L+ecVOgWK10aoUhfVGvCVB3UpoCT6GrQwOa8gB5vfAgMBAAE= -----END RSA PUBLIC KEY-----
ffhh/hosts/vpn2
Port = 657 -----BEGIN RSA PUBLIC KEY----- MIGJAoGBAMASTdoGrEN+xmYr7mPkaxzHrJ9BtWhFKZ0AaHkg2/i0txbzvLYl9yKc Jtd58I41s1Ih4qBOw71fPrw23oDfUtdrNwLwgixOs+FjZZs2xJXR4m2ckHNYgLOo q+v94uAU+Vz/sbI0CLrP46wx/3LoOe4LuVWZVGldHdez631Mjc6rAgMBAAE= -----END RSA PUBLIC KEY-----
