GSOC:VPN
general stuff
- IP-Range: 77.87.48.32/27
- server 77.87.48.33
openvpn server. more in a few minutes.
how to setup
openvpn
- install openvpn
- get clientn.crt and clientn.csr from alexander.morlang@fokus.fraunhofer.de
- get https://wiki.freifunk.net/images/c/cf/Ca.crt.zip
- get https://wiki.freifunk.net/images/0/01/Client.conf.zip
- unzip client config and ca.crt
- put everything to /etc/openvpn
- in /etc/openvpn/client.conf change:
- cert client.crt
- key client1.key
- start openvpn with /etc/init.d/openvpn start
- check /var/log/syslog for error messages
- try traceroute to 77.87.48.33, it should go throug the tunnel
- check with tcpdump, whether you see olsr packages (hint: they are udp broadcast on port 698)
olsrd
prerequisite
To build olsrd you need to have all the regular development tools installed. This includes gcc, make, glibc, makedep etc. To install to a directory different from /(/etc, /usr/bin) use DESTDIR=targetdir. To use other compilers set CC=yourcompiler.
download
Download OLSRDaemon from https://hg.ninux.org/hg/olsrd-0.5.6-mdns/archive/tip.tar.bz2
* why such an old olsrd and not http://www.olsr.org/releases/0.6/olsrd-0.6.1.tar.bz2 ?
build and install
To build:
make
To install(as root):
make install
To make plugins (needed)
make libs
To install plugins
make install_libs
To delete object files run:
make clean
Optionally, to clean all generated files:
make uberclean
basic config
Before running olsrd you must edit the default configuration file /etc/olsrd.conf adding at least what interfaces olsrd is to run on (in this case is Vpn Tunnel interface Tap0)
Options in the config file can also be overridden by command line options. See the manual pages olsrd(8) and olsrd.conf(5) for details.
The binary is named 'olsrd' and is installed in (PREFIX)/usr/sbin. You must have root privileges to run olsrd!
running
To run olsrd just type:
olsrd -f /etc/olsrd.conf
If debug level is set to 0 olsrd will detach and run in the background, if not it will keep running in your shell:
olsrd -f /etc/olsrd.conf -d #
where # = 0..7
Now you can open a tunnel to Freifunk with this command:
openvpn /etc/openvpn/client.conf
After some time, 1-3 minutes, you should be able to see lots of routes with
netstat -rn
plugins
http info
The http info plugin gives information via a small embedded http server.
It should be enabled by default and listen on http://127.0.0.1:8000
Configuration is done below the line
LoadPlugin "olsrd_httpinfo.so.0.1"
in /etc/olsrd.conf
dot plugin
The dot plugin gives a topology graph in the dot format, which is used by graphviz.
it's output is also needed for freimap.
For minimal configuration, insert following into olsrd.conf:
LoadPlugin "olsrd_dot_draw.so.0.3"
{
}
To test, do a
telnet 127.0.0.1 2004
and you should get dot output.
there is a small perl script in lib/dot_draw/misc to draw the topology.
nameservice plugin
The name is a bit misleading, as it has grown from a bit nameservice to be a instrument for flooding many information in the mesh:
- my hostname
- hostnames in my attached network
- address of my dns server
- geopositions
- mac addresses
- services
minimal config:
LoadPlugin "olsrd_nameservice.so.0.3"
{
PlParam "name" "demovpn.olsr"
PlParam "lat" "52.524"
PlParam "lon" "13.31"
PlParam "latlon-file" "/var/run/latlon.js"
}
Please change lat and lon according to your place, it does not need to be super precise in you case but it would be very nice if its at least pointing to your city.
mdns plugin
The mdns plugin relays mDNS (aka bonjour, avahi, howl, ...) through the mesh via the flooding mechanisms provided by olsr.
It has been developed by http://ninux.org
How it works
To discover services in the network applications exchange multicast DNS packets. This means that we are able to discover services offered in the network within our multicast domain. In a wireless mesh network, the usage of wireless interfaces in ad-hoc mode and the OLSR routing protocol prevent multicast messages to be distributed all over the network. The key idea is to extend the multicast domain of the networks that do not directly partecipate in the OLSR mesh cloud but that are fully routable and announced via HNA.
This task is achieved in the following way: 1. the local router picks up from the local non-OLSR (HNA) network mDNS messages and encapsulates them in a new type of OLSR messages 2. the OLSR infrastructure is exploited for the transport of these messages 3. remote routers decapsulate mDNS messages from received OLSR messages and send them over their attached non-OLSR networks.
The plugin captures the traffic (only IPv4 if OLSR is running IPv4 and only IPv6 if OLSR is running IPv6) and encapsulates this traffic in OLSR messages that are forwarded to all the other nodes in the mesh.
Other nodes running the plugin will decapsulate the packets and will send them to the interfaces specified in the configuration file.
Configuration
For minimal configuration add these lines to olsrd config file:
LoadPlugin "olsrd_mdns.so.1.0.0"
{
PlParam "NonOlsrIf" "eth0"
PlParam "NonOlsrIf" "eth1"
}
Where eth0 and eth1 are the names of the interfaces where you want to capture traffic (and decapsulate incoming traffic).
Note that this interfaces MUST NOT talk OLSR and also the subnets on this interfaces must be announced with an appropriate HNA entry.
To receive mDNS messages on an host running olsrd, then put "lo" as NonOlsrIf.
freimap
freimap is our central tool for data acquisition and visualisation.
prerequisite
install:
- git (git-core)
- java (sun-java6-jdk)
docs
http://relet.net/trac/freimap/wiki/Documentation
download
git clone git://relet.net/freimap
compile
cd into src dir
./compile
configuration
create config.yaml:
---
version: svn
subversion: 60
backgrounds:
openstreetmap:
type: openstreetmap
# use blank, images or openstreetmap
delay: 0
filter: dark
cachedir: ./gfx/cache
datasources:
nodes-in-berlin:
class: net.relet.freimap.LatLonJsDataSource
url: "file:/var/run/latlon.js"
olsrd-localhost:
class: net.relet.freimap.OlsrdDataSource
host: localhost
port: 2004
nodesource: nodes-in-berlin
running
./run
