Benutzer:Peerco

Aus FunkFeuer Wiki
Zur Navigation springen Zur Suche springen

Funkfeuer wichtig

Leider stoße ich immer wieder an Knoten mit SSID ?.node.wien.funkfeuer.at
mit <node> der jewalige Knotenname.
Bei manchen Geräten mag das funktionieren, aber nicht bei allen.
Viele Geräte alt oder neu verlangen stehts nach der selben SSID,
womit viele dazu gezwingen werden die selbe SSID gleichfalls einzustellen.
Das führt dazu dass ein Knoten mit dem Namen bez10 sich zum Knoten
bez13 dann via SSID bez13.wien.funkfeuer.at verbinden muss.
Dann sendet aber der Knoten im 10. Bezirk die Kennung von 13. Bezirk
im SSID, was nicht der wahrheit entspricht. Zusätzlich kann sich dieser
Knoten im Bezirk 10 dann nicht mehr mit anderen regulären Knoten
mittels der richtigen SSID zu der selben Zeit verbinden!!!

Brenner Besichtigung 07/07/2011

ley21


Nodes

  • Hornstein und Neufeld/a.d.L

Servers

Hardware

  • WRAP Wireless Router Application Platform

Software

Docs

OpenVPN tunnel

leider ließ sich http://ipkg.funkfeuer.at/ipkg/1.7/0xff-openvpn-webif_1.7.1_mipsel.ipk nicht installieren ipkg remove tcpdump
ipkg remove freifunk-tcpdump
ipkg install freifunk-tcpdump

Mit http://texas.funkfeuer.at/~markus/olsrd/0xff-olsrd/test/freifunk-openwrt-autoupdate-1.7.4.9-0xff-markit-recommended-vpn.trx nicht erforderlich, nur comp-lzo in der S42openvpn korrigieren, (compl-zo ist da falsch drin).

http://www.nux.at/pub/funkfeuer/wrt54gl_v1.1/freifunk-openwrt-autoupdate-1.7.4.9-0xff-markit-recommended-vpn.trx"

root@gru3ost:~# cat /etc/init.d/S42openvpn

[..]

#create OpenVPN config

cat>$CONFIG_DIR/$VPN_IF.conf<<EOM
dev             $VPN_IF
proto           $ff_openvpn_proto
remote          $ff_openvpn_host
port            $ff_openvpn_port
ifconfig        $ff_openvpn_ip $ff_openvpn_netmask
route-up        /etc/openvpn/openvpn-webif-route-up.sh
up              /etc/openvpn/openvpn-webif-if-up.sh
down            /etc/openvpn/openvpn-webif-if-down.sh
up-restart
comp-lzo
script-security 2
verb 3
EOM

[..]

root@gru3ost:~# cat /etc/init.d/S45firewall

[..]

ins_nat() {
        LANNAT=
        case $WIFIDEV in "");;*)case $LANDEV in "");;*)if ! in_range $LANADR/$LA
NPRE;then
                use_nat

                # Setup alias and dest nat for an ethernet DMZ PC, e.g.
                # 172.31.255.254 on WLAN -> DMZ PC which has 192.168.1.2
                # Also add to olsrd.conf: "HNA4 172.31.255.254 255.255.255.255"
                IFS=\;
                devnum=0
                for dmz in $(nvram get ff_dmz); do
                        src=${dmz%[:,]*}
                        dst=${dmz#*[:,]}
                        ip addr add dev $WIFIDEV $src/32 label $WIFIDEV:$devnum
                        iptables -t nat -I PREROUTING -d $src -j DNAT --to $dst
                        iptables -I FORWARD -s ! $LANNET/$LANPRE -d $dst -j ACCE
PT
                        iptables -I FORWARD -s $dst -d ! $LANNET/$LANPRE -j ACCE
PT
                        iptables -I OUTPUT -o lo -s $src -d $src -j ACCEPT
                        iptables -I INPUT -i lo -s $src -j ACCEPT
                        devnum=$(( $devnum + 1 ))
                done
                unset IFS

                case $LANADR in "")
                        LANNAT=192.168.0.0/16
                ;;*)
                        LANNAT=$LANNET/$LANPRE
                ;;esac
                iptables -t nat -I POSTROUTING -o $WIFIDEV -s $LANNAT -d ! $LANN
AT -j MASQUERADE
                iptables -t nat -I POSTROUTING -o tap0 -s $LANNAT -d ! $LANNAT -
j MASQUERADE
        fi;;esac;;esac

        # Mask packets from these WLAN DHCP clients, so they can do
        # inet w/o OLSR unless HNA4 is to be used to accomplish this
        case $(nvram get ff_wldhcp_hna4) in 1);;*)
                ff_wldhcp=$(nvram get ff_wldhcp)
                case $ff_wldhcp in "");;*)
                        use_nat
                        IFS=\;
                        for wldhcp in $ff_wldhcp; do
                                iptables -t nat -I POSTROUTING -s ${wldhcp%[:,]*
} -j MASQUERADE
                        done
                        unset IFS
                ;;esac
        ;;esac
        case $WANDEV in "");;*)if in_range $WANADR/$WANPRE;then
                case $LANNAT in "");;*)
                        iptables -t nat -I POSTROUTING -o $WANDEV -s $LANNAT -d
! $LANNAT -j MASQUERADE
                ;;esac
        else
                use_nat
                iptables -t nat -I POSTROUTING -o $WANDEV -j MASQUERADE
        fi;;esac
}

[..]

System-Log:  Ein- / Ausblenden 
Jan  1 00:00:06 (none) syslog.info syslogd started: BusyBox v1.01 (2010.08.29-10:07+0000)
Jan  1 00:00:06 (none) kern.info kernel: CRONDOG: Timer margin: 600 sec
Jan  1 00:00:06 (none) kern.info kernel: Universal TUN/TAP device driver 1.5 (C)1999-2002 Maxim Krasnyansky
Jan  1 00:00:12 (none) kern.notice openvpn[443]: OpenVPN 2.1.1 mipsel-linux [LZO2] [EPOLL] built on Aug 29 2010
Jan  1 00:00:12 (none) kern.warn openvpn[443]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jan  1 00:00:12 (none) kern.warn openvpn[443]: ******* WARNING *******: OpenVPN built without OpenSSL -- encryption and authentication features disabled -- all data will be tunnelled as cleartext
Jan  1 00:00:12 (none) kern.notice openvpn[443]: LZO compression initialized
Jan  1 00:00:12 (none) kern.notice openvpn[443]: TUN/TAP device tap0 opened
Jan  1 00:00:12 (none) kern.notice openvpn[443]: TUN/TAP TX queue length set to 100
Jan  1 00:00:12 (none) kern.notice openvpn[443]: /usr/sbin/ip link set dev tap0 up mtu 1500
Jan  1 00:00:12 (none) kern.notice openvpn[443]: /usr/sbin/ip addr add dev tap0 78.41.112.211/24 broadcast 78.41.112.255
Jan  1 00:00:12 (none) kern.notice openvpn[443]: /etc/openvpn/openvpn-webif-if-up.sh tap0 1500 1533 78.41.112.211 255.255.255.0 init
Jan  1 00:00:13 (none) kern.notice openvpn[443]: Data Channel MTU parms [ L:1533 D:1450 EF:1 EB:135 ET:32 EL:0 AF:14/1 ]
Jan  1 00:00:13 (none) kern.notice openvpn[505]: Socket Buffers: R=[32767->65534] S=[32767->65534]
Jan  1 00:00:13 (none) kern.notice openvpn[505]: UDPv4 link local (bound): [undef]:5012
Jan  1 00:00:13 (none) kern.notice openvpn[505]: UDPv4 link remote: 78.41.115.228:5012
Jan  1 00:00:15 (none) kern.warn kernel: ip_conntrack version 2.1 (5953 buckets, 5953 max) - 332 bytes per conntrack
Jan  1 00:00:16 (none) kern.warn kernel: Flushing ip conntrack...
Jan  1 00:00:18 (none) daemon.info dnsmasq[747]: started, version 2.45 cachesize 150
Jan  1 00:00:18 (none) daemon.info dnsmasq[747]: compile time options: IPv6 GNU-getopt ISC-leasefile no-DBus no-I18N TFTP
Jan  1 00:00:18 (none) daemon.info dnsmasq[747]: DHCP, IP range 192.168.137.100 -- 192.168.137.103, lease time 12h
Jan  1 00:00:18 (none) daemon.info dnsmasq[747]: reading /var/run/resolv.dnsmasq
Jan  1 00:00:18 (none) daemon.info dnsmasq[747]: using nameserver 8.8.8.8#53
Jan  1 00:00:18 (none) daemon.info dnsmasq[747]: using nameserver 208.67.220.220#53
Jan  1 00:00:18 (none) daemon.info dnsmasq[747]: using nameserver 193.238.157.5#53
Jan  1 00:00:18 (none) daemon.info dnsmasq[747]: using nameserver 193.238.157.16#53
Jan  1 00:00:18 (none) daemon.info dnsmasq[747]: read /etc/hosts - 2 addresses
Jan  1 00:00:18 (none) daemon.info dnsmasq[747]: read /etc/local.hosts - 6 addresses
Jan  1 00:00:18 (none) daemon.info dnsmasq[747]: read /etc/ethers - 0 addresses
Jan  1 00:00:19 (none) kern.warn dropbear[807]: Failed reading '/etc/dropbear/dropbear_rsa_host_key', disabling RSA
Jan  1 00:00:20 (none) kern.info dropbear[812]: Running in background
Jan  1 00:00:22 (none) user.notice olsr/init: olsr/system: Starting olsrd...
Dec 31 12:00:01 (none) kern.info olsrd[972]: Writing '1' (was 1) to /proc/sys/net/ipv4/ip_forward
Dec 31 12:00:01 (none) kern.info olsrd[972]: Writing '0' (was 0) to /proc/sys/net/ipv4/conf/all/send_redirects
Dec 31 12:00:01 (none) kern.info olsrd[972]: Writing '0' (was 0) to /proc/sys/net/ipv4/conf/tap0/send_redirects
Dec 31 12:00:01 (none) kern.info olsrd[972]: Writing '0' (was 1) to /proc/sys/net/ipv4/conf/tap0/rp_filter
Dec 31 12:00:01 (none) kern.info olsrd[972]: Adding interface tap0 
Dec 31 12:00:01 (none) kern.info olsrd[972]: New main address: 78.41.112.211 
Dec 31 12:00:01 (none) kern.info olsrd[972]: Writing '0' (was 0) to /proc/sys/net/ipv4/conf/eth1/send_redirects
Dec 31 12:00:01 (none) kern.info olsrd[972]: Writing '0' (was 1) to /proc/sys/net/ipv4/conf/eth1/rp_filter
Dec 31 12:00:01 (none) kern.info olsrd[972]: Adding interface eth1 
Dec 31 12:00:01 (none) kern.info olsrd[972]: Writing '0' (was 0) to /proc/sys/net/ipv4/conf/vlan1/send_redirects
Dec 31 12:00:01 (none) kern.info olsrd[972]: Writing '0' (was 1) to /proc/sys/net/ipv4/conf/vlan1/rp_filter
Dec 31 12:00:01 (none) kern.info olsrd[972]: Adding interface vlan1 
Dec 31 12:00:01 (none) kern.info olsrd[972]: olsr.org -  pre-0.6.2-git_dd97fa3-hash_737916162b783a0a0151c72c37342856  - successfully started
Dec 31 12:00:01 (none) user.notice secureadmin:: started.
Dec 31 12:00:01 (none) kern.notice xrelayd[1016]: xrelayd.c:820 Listening for ssl connections on server port 443
Dec 31 12:00:05 (none) daemon.info srelay[1181]: Starting: MAX_CH(10)
Dec 31 12:00:07 (none) kern.notice openvpn[505]: Peer Connection Initiated with 78.41.115.228:5012
Dec 31 12:00:08 (none) kern.notice openvpn[505]: Initialization Sequence Completed
Mar 24 14:34:56 (none) kern.info rrdcollect[2440]: We just started
Mar 24 14:34:56 (none) kern.info rrdcollect[2440]: Update method: rrdlib
Mar 24 14:53:41 (none) syslog.info -- MARK --

OpenVPN Tunnel mit BackFire Vienna

config 'openvpn' 'to_krypta'
    option 'dev' 'tun'
    option 'management' '127.0.0.1 31194'
    option 'nobind' '1'
    option 'verb' '3'
    option 'remote' '78.41.115.228'
    option 'proto' 'udp'
    option 'dev_type' 'tap'
    option 'comp_lzo' '0'
    option 'enable' '1'
    option 'ifconfig' '193.238.xxx.xxx 255.255.25x.000' #dirch deine IP ersetzen
    option 'port' '50xx' # dein port

comp_lzo 0 oder 1 je nach dem man es braucht, muss aber gleich mit der Server Seite sein

Quelle https://lists.funkfeuer.at/pipermail/wien/2011-July/007687.html by Joe

danach nunmehr das tap device im Netzwerk hinzufügen

genauso läuft hornstein, vorübergehend auf dem Tunnelport für den schareck

Update: (Erich) Wenn der Tunnel einfach nicht starten will, ist womöglich eine nicht unterstützte Option eingetragen. Auskunft hierüber liefert der Befehl "logread" auf einer SSH-Konsole. "option 'management' '127.0.0.1 31194'" kann auf neueren Backfire-Builds dieses Problem verursachen.


update (mi001)

config openvpn 'to_krypta'
        option dev 'tun'
        option nobind '1'
        option verb '3'
        option remote '78.41.115.228'
        option port '50xx'
        option dev_type 'tap'
        option proto 'udp'
        option ifconfig '78.41.11x.xxx 255.255.255.0'
        option comp_lzo '1'
        option enable '1'
        option keepalive '2 10'

Tunnel mit Gentoo Linux

  • Bespiel auf Pentoo (Acer Aspire One 110l, Atom 1.6 GHz, 8 GB SSD, 8 GB USB Stick (distfiles)
pentoo ~ # cat /etc/conf.d/net
# This network configuration was written by net-setup
config_eth0="78.41.113.18 netmask 255.255.255.0"
config_wlan0="78.41.113.170 netmask 255.255.255.0"
#ifup_wlan0="iwconfig \$int mode ad-hoc essid v13.freiesnetz.www.funkfeuer.at channel 13"
mode_wlan0="ad-hoc"
channel_wlan0="13"
essid_wlan0="v13.freiesnetz.www.funkfeuer.at"
pentoo ~ # ifconfig eth0
eth0      Protokoll:Ethernet  Hardware Adresse 00:1e:68:8a:7a:56
          inet Adresse:78.41.113.18  Bcast:78.41.113.255  Maske:255.255.255.0
          inet6 Adresse: fe80::21e:68ff:fe8a:7a56/64 Gültigkeitsbereich:Verbindung
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:17250332 errors:0 dropped:0 overruns:0 frame:0
          TX packets:36175354 errors:0 dropped:0 overruns:0 carrier:0
          Kollisionen:0 Sendewarteschlangenlänge:1000
          RX bytes:4020452971 (3.7 GiB)  TX bytes:1961321939 (1.8 GiB)
          Interrupt:44

pentoo ~ # ifconfig wlan0
wlan0     Protokoll:Ethernet  Hardware Adresse 00:22:68:92:86:08
          inet Adresse:78.41.113.170  Bcast:78.41.113.255  Maske:255.255.255.0
          inet6 Adresse: fe80::222:68ff:fe92:8608/64 Gültigkeitsbereich:Verbindung
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:87982705 errors:0 dropped:0 overruns:0 frame:0
          TX packets:30829560 errors:0 dropped:0 overruns:0 carrier:0
          Kollisionen:0 Sendewarteschlangenlänge:1000
          RX bytes:2026779703 (1.8 GiB)  TX bytes:2581858981 (2.4 GiB)

pentoo ~ # ifconfig tap0
tap0      Protokoll:Ethernet  Hardware Adresse 72:ef:f9:9f:81:35
          inet Adresse:78.41.113.186  Bcast:0.0.0.0  Maske:255.255.255.255
          inet6 Adresse: fe80::70ef:f9ff:fe9f:8135/64 Gültigkeitsbereich:Verbindung
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:73658051 errors:0 dropped:0 overruns:0 frame:0
          TX packets:55535814 errors:0 dropped:24829479 overruns:0 carrier:0
          Kollisionen:0 Sendewarteschlangenlänge:100
          RX bytes:3458609786 (3.2 GiB)  TX bytes:7392900 (7.0 MiB)

pentoo ~ # iwconfig wlan0
wlan0     IEEE 802.11bg  ESSID:"v13.freiesnetz.www.funkfeuer.at"
          Mode:Ad-Hoc  Frequency:2.472 GHz  Cell: 26:A7:D4:E4:4F:4D
          Tx-Power=20 dBm
          Retry  long limit:7   RTS thr:off   Fragment thr:off
          Encryption key:off
          Power Management:off

pentoo ~ # eix -e openvpn
[I] net-misc/openvpn
     Available versions:  2.1.4 2.2.2 **9999 {eurephia examples iproute2 ipv6 +lzo minimal pam passwordsave pkcs11 selinux (+)ssl static userland_BSD}
     Installed versions:  2.2.2(20:03:59 2012-02-23)(pam ssl -examples -iproute2 -minimal -passwordsave -pkcs11 -selinux -static -userland_BSD)
     Homepage:            http://openvpn.net/
     Description:         OpenVPN is a robust and highly flexible tunneling application compatible with many OSes.
pentoo ~ # cat funkfeuer
#route add 78.41.115.228 gw 10.64.64.64
openvpn --mktun --dev tap0
openvpn --dev tap0 --remote 78.41.115.228 --port 5063 --daemon --writepid /var/run/openvpn-tap0.pid --up-delay --ping-restart 20 --script-security 3 system --comp-lzo
ip add add 78.41.113.186/32 broadcast + dev tap0
ip link set tap0 up
#iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o tap0 -j MASQUERADE
pentoo ~ # cat /etc/olsrd.conf
[..]
LoadPlugin "olsrd_httpinfo.so.0.1"
{
    # port number the httpinfo plugin will be listening, default 1978
    PlParam     "port"   "8080"

    # ip address that can access the plugin, use "0.0.0.0"
    # to allow everyone
#   PlParam     "Host"   "127.0.0.1"
#   PlParam     "Host"   "80.23.53.22"

    # networks that can access the plugin (ip/netmask)
    # careful with 0.0.0.0/0, makes (ddos) attacks poss.
    PlParam     "Net"    "0.0.0.0 0.0.0.0"
#   PlParam     "Net"    "104.0.0.0 255.255.0.0"
#   PlParam     "Net"    "192.168.0.0 255.255.0.0"
}
[..]
InterfaceDefaults {
    HelloInterval     5.0
    HelloValidityTime 100.0
    TcInterval        3.0
    TcValidityTime    500.0
    HnaInterval       30.0
    HnaValidityTime   500.0
    Ip4Broadcast      255.255.255.255
}
[..]
Interface "eth0"
{
    # Interface Mode is used to prevent unnecessary
    # packet forwarding on switched ethernet interfaces
    # valid Modes are "mesh" and "ether"
    # (default is "mesh")

    Mode "ether"
}
Interface "wlan0"
{
    # Interface Mode is used to prevent unnecessary
    # packet forwarding on switched ethernet interfaces
    # valid Modes are "mesh" and "ether"
    # (default is "mesh")

    # Mode "mesh"
}
Interface "tap0"
{
    # Interface Mode is used to prevent unnecessary
    # packet forwarding on switched ethernet interfaces
    # valid Modes are "mesh" and "ether"
    # (default is "mesh")

    LinkQualityMult 78.41.112.238 0.4
    Mode "ether"
}

WRAP & ALIX

Fonera

  • Freischalten Channel 13
  • Version von FreiFunk (Sven Ola) wien unter Fonera mit OLSR beschrieben ist
  • Kamikaze, da funkzioniert das nicht so wie bei der Freifunk Firmware von Sven Ola. Hier ist für die Freischaltung nur ein Eintrag im /etc/config/wireless unter config 'wifi-device' und zwar option 'country' '276' notwendig.
bei mir sieht es so aus

cat /etc/config/wireless

config 'wifi-device' 'wifi0'
        option 'type' 'atheros'
        option 'distance' '15000'
        option 'diversity' '0'
        option 'country' '276'
        option 'channel' '13'

config 'wifi-iface'
        option 'device' 'wifi0'
        option 'network' 'wlan'
        option 'mode' 'adhoc'
        option 'mcast_rate' '5500'
        option 'encryption' 'none'
        option 'rate' '5500'
        option 'ssid' 'v13.freiesnetz.www.funkfeuer.at'
        option 'bssid' '26:A7:D4:E4:4F:4D'

buildroot

Misc

linksys

Legaler Grenzwert:     20   dBm  = 100 mW
Kabel/Stecker-Verlust:  3   dB
Antennengewinn:         8.5 dBi
Ergebnis:              58   qdBm =  28 mW

eth1      unknown transmit-power information.

          Current Tx-Power:14 dBm       (25 mW)
Legaler Grenzwert:     20   dBm  = 100 mW
Kabel/Stecker-Verlust:  3   dB
Antennengewinn:         6   dBi
Ergebnis:              68   qdBm =  50 mW

eth1      unknown transmit-power information.

          Current Tx-Power:17 dBm       (50 mW)

fonera

ath0      8 available transmit-powers :
          0 dBm         (1 mW)
          4 dBm         (2 mW)
          6 dBm         (3 mW)
          8 dBm         (6 mW)
          10 dBm        (10 mW)
          12 dBm        (15 mW)
          14 dBm        (25 mW)
          16 dBm        (39 mW)
          Current Tx-Power:16 dBm       (39 mW)

leistung allgemein

 0 dBm =   1 mW =  1 qdBm (24 dBi Antenne -5 dB Kabel/Stecker)
 1 dBm =   1 mW =  4 qdBm (24 dBi Antenne -5 dB Kabel/Stecker)
 2 dBm =   2 mW =  8 qdBm
 3 dBm =   2 mW = 12 qdBm (20 dBi Antenne -3 dB Kabel/Stecker) 
 4 dBm =   3 mW = 16 qdBm
 5 dBm =   3 mW = 20 qdBm
 6 dBm =   4 mW = 24 qdBm
 7 dBm =   5 mW = 28 qdBm
 8 dBm =   6 mW = 32 qdBm
 9 dBm =   8 mW = 36 qdBm
10 dBm =  10 mW = 40 qdBm
11 dBm =  13 mW = 44 qdBm
12 dBm =  16 mW = 48 qdBm
13 dBm =  20 mW = 52 qdBm
14 dBm =  25 mW = 56 qdBm
15 dBm =  32 mW = 60 qdBm (8 dBi Antenne -3 dB Kabel/Stecker)
16 dBm =  40 mW = 64 qdBm
17 dBm =  50 mW = 68 qdBm (4 dBi Antenne -1 dB Kabel/Stecker)
18 dBm =  63 mW = 72 qdBm
19 dBm =  79 mW = 76 qdBm
20 dBm = 100 mW = 80 qdBm (0 dBi Antenne -0 dB Kabel/Stecker)
21 dBm = 126 mW = 84 qdBm
22 dBm = 158 mW = 88 qdBm
23 dBm = 200 mW = 92 qdBm
24 dBm = 251 mW = 96 qdBm

Notizen

gru3 - Gruschaplatz 3 - alte GPS 48.19457925291452;16.283304691314697 frontend 48 11 41 16 17 0
gru3ost - Gruschaplatz 3 - alte GPS 48.194548857439884;16.28334492444992 frontend 48 11 40 16 17 1
wag23 - Wagramerstrasse 23/1 - alte GPS 48.23561590674427;16.42226256430149 frontend 48 14 8.25 16 25 19.96
wag23ost - Wagramerstrasse 23/1 - alte GPS 48.23552077360733;16.42235577106476 frontend 48 14 7.7 16 25 20.6

nux

pk@nux
pk@nux

NAT traversal

http://samy.pl/pwnat/
http://m19s28.dyndns.org/iblech/nat-traverse/#vpn-ppp