Freifunk Harz Wiki

• Debian minimal Installation auf den Server machen
• authorized_keys aus git unter /root/.ssh ablegen ← auf dem Root Volumen
• reboot
• /etc/apt/preferences.d

  • batctl.pref

     
    Package: batctl
    Pin: origin repo.universe-factory.net
    Pin-Priority: 1000

• /etc/apt/source.list.d

  • draic.list

    deb [arch=amd64] http://debian.draic.info/ wheezy main
    deb-src http://debian.draic.info/ wheezy main

  • fastd.list

    deb http://repo.universe-factory.net/debian/ sid main

• apt-get install -y alfred alfred-json batadv-vis batctl batman-adv-dkms fastd

•  dkms remove batman-adv/2013.4.0 --all
  dkms --force install batman-adv/2013.4.0

• echo batman_adv >> /etc/modules

• reboot

• /etc/network/interfaces

  # Freifunk mesh interfaces
  auto br-ffharz
  iface br-ffharz inet6 static
   bridge-ports none
   address fd0e:8db3:d50a::2 #IPv6 IP des Gateways für das Bridge Device
   netmask 64
  
  iface br-ffharz inet static
   address 10.7.0.2 #IPv4 IP des Gateways für das Bridge Device
   netmask 255.255.0.0
  
  allow-hotplug bat0
  iface bat0 inet6 manual
   pre-up modprobe batman-adv
   pre-up batctl if add mesh-vpn
   pre-up batctl gw server
   up ip link set $IFACE up
   post-up brctl addif br-ffharz $IFACE
   post-up batctl it 10000
   post-up ip rule add from all fwmark 0x1 table freifunk
   pre-down brctl delif br-ffharz $IFACE || true
   down ip link set $IFACE down

• fastd konfigurieren → /etc/fastd/freifunk kopieren
  • Git-Repo der fastd-peers kopieren: https://gitlab.com/ff-harz/fastd-peers.git
  • git clone https://gitlab.com/ff-harz/fastd-peers.git
• Fastd Dienste werden mit systemctl enable fastd@freifunkipv6 aktiviert!
• Job in crontab anlegen
  • 0 */2 * * * /root/scripte/fastd-update.sh
• Script für das Update der Cronjobs anlegen

  • fastd-update.sh

    #!/bin/bash
    # Script für das Update der peers Konfigurationsdatein für fastd
    # Freifunk Harz e.V. - Steffen Taubenheim-Probst
    # Lizenz: GPL
    # Datum: 12.08.2015
    # Script als cronjob ausführen (zum Beispiel alle 2h)
    
    
    set -e
    
    FASTDDIR="/etc/fastd/freifunk"
    FASTDPEERS="$FASTDDIR/peers"
    GITREPO="https://gitlab.com/ff-harz/fastd-peers.git"
    
    if [ ! -d $FASTDDIR ]; then
    	echo "fastd bitte einrichten."
    	exit 0
    fi
    
    if [ ! -d $FASTDPEERS ]; then
            cd $FASTDDIR
            git clone $GITREPO
            ln -s $FASTDDIR/fastd-peers $FASTDPEERS
            pkill -HUP fastd
            exit 0
    fi
    
    if  [ -d $FASTDPEERS ]; then
            cd $FASTDPEERS
            git pull
            pkill -HUP fastd
    fi
    
    exit 0

• VPN Dienst konfigurieren wie mullvad oder ipredator zum Beispiel
  • Links: http://wiki.freifunk.net/Freifunk_Hamburg/Gateway#Mullvad / http://wiki.freifunk.net/Freifunk_Hamburg/Gateway#IPredator
• Routing Table einrichten

  • /etc/iproute2/rt_tables

    #
    # reserved values
    #
    255	local
    254	main
    253	default
    0	unspec
    #
    # local
    #
    #1	inr.ruhep
    42	freifunk

• Prerouting konfigurieren

  • iptables -t mangle -A PREROUTING -i br-ffharz -j MARK --set-xmark 0x1/0xffffffff
    iptables -t nat -A POSTROUTING -s 10.7.0.0/16 -o tun0 -j MASQUERADE

•  cat >> /etc/dhcp/dhcpd.conf

 ddns-update-style none;
 option domain-name ".ffharz";
 default-lease-time 600;
 max-lease-time 1600;
 log-facility local7;
 
 subnet 10.7.0.0 netmask 255.255.0.0 {
 	authoritative;
 	range 10.7.1.1 10.7.10.255;
	range 10.7.51.1 10.7.60.255;
 	option domain-name-servers 10.7.0.2, 10.7.0.10;
 	option routers 10.7.0.2;
 }

#subnet 10.7.0.0 netmask 255.255.0.0 {
#	authoritative;
#	range 10.7.3.1 10.7.4.254;
#	option domain-name-servers 10.7.0.2, 10.7.0.3, 10.7.0.10;
#	option routers 10.7.0.3;
#}

 include "/etc/dhcp/static.conf";

• touch > /etc/dhcp/static.conf

• cd /etc
• vi sysctl.conf
• net.ipv4.ip_forward=1 und net.ipv6.conf.all.forwarding=1
• vi sysctl.d\99-freifunk.conf

• net.ipv4.conf.default.rp_filter = 0
  net.ipv4.conf.all.rp_filter = 0
  
  net.bridge.bridge-nf-call-arptables = 0
  net.bridge.bridge-nf-call-ip6tables = 0
  net.bridge.bridge-nf-call-iptables = 0
  
  net.ipv6.conf.all.autoconf = 0
  net.ipv6.conf.default.autoconf = 0
  net.ipv6.conf.eth0.autoconf = 0
  net.ipv6.conf.all.accept_ra = 0
  net.ipv6.conf.default.accept_ra = 0
  net.ipv6.conf.eth0.accept_ra = 0
  
  #/etc/sysctl.conf
  #https://kbu.freifunk.net/wiki/index.php?title=Supernode#UDP-Queue_Gr.C3.B6.C3.9Fe
  net.core.rmem_max=83886080
  net.core.wmem_max=83886080
  net.core.rmem_default=83886080
  net.core.wmem_default=83886080

• cd /var/lib/dhcp
• cat dhcpd.leases | grep ether | cut -d ' ' -f 5 | sort -u | wc -l

Das komplette Verzeichnis aus /root/scripte/ kopieren und anpassen:

iptables-restore < /root/scripte/ipv4.fw

• http://wiki.freifunk.net/Freifunk_Hamburg/Gateway
• https://gluon-gateway-doku.readthedocs.org/de/latest/configuration/basics.html?highlight=batman
• https://freifunk-muensterland.de/wiki/doku.php?id=technik:virtualclient
• http://freifunk.net/weil-am-rhein/2014/07/13/internet-gateway-einrichten/
• https://wiki.freifunk-franken.de/w/Freifunk-Gateway_aufsetzen
• https://cccfr.de/wiki/freifunk:debian ← Anleitung ist auch sehr gut