L2gvpn

Aus wiki.freifunk.net
Wechseln zu: Navigation, Suche
Important.png Wichtig: Wir haben einen Ausflug nach L2gvpn gemacht. Das Projekt / Produkt ist allerdings eingeschlafen. Wir benutzen wieder N2n

We tested L2gvpn a bit, but the project fades away. We start using N2n again.

L2gvpn
L2gvpn
Developer Alexey Mikhailov
First released
Latest preview version
Release date and age
Frequently updated yes
Programming language
Platform Gnu/Linux
Language Multilingual
Status active
Genre
License GNU General Public License, LGPL
Website
Download http://openwrt.org

l2gvpn steht für layer 2 guerilla VPN. l2gvpn ist ein layer2 VPN welches ein peer-to-peer-Netzwerk zum Finden von Knoten in einem VPN benutzt. Es wird von John Crispin aka Blogic zusammen mit OpenWrt- und Freifunk-Developern entwickelt.

draft

l2gvpn is a layer2 vpn, that uses p2p for finding the routing info for the vpn traffic. in short, there is a supernode and N nodes. nodes "broadcast" via the supernode and once arp etc is resolved, the nodes do direct data exchange. unless either or both directions are NATed, in which case the NATed direction is traversed via the supernode.

we divide the network into 3 device types: Supernode, Node, Leaf.

                     Supernode
                       /     \
                      /       \
                     /         \
                  Node1       Node2 (bridge node0 and eth0)
                               | \
                               |  \
                               |   \
                            Leaf1   Leaf2      (Leafs are not aware of the l2gvpn
                                                layer2 bridge to Node1)

to make sure, that Node1 can talk to Leaf1, without the network caching all macs to know where the packets have to go, we do MAT (MAC Addr Translation) we divide the range of "Translated macs" into "network ranges"

a translated mac looks like this 00:AA:BB:BB:CC:CC AA = Supernode id (yes, we are working on multi supernode already) BB:BB = node ID (we currently have to set a unique id for each node, later the supernode will allocate them= CC:CC = Leaf id

doing this you have a lot of advantages

   * only the node needs to know its local MAT table
   * we can use FF:FF:FF:FF:00:00 as a mask to identify where we need to send data
   * and 00:FF:00:00:00:00 to find the supernode

how does it work ? well, l2 1/2 is quite a nice place :) yes, we do actually rewite ethernet headers and arp frames

this however leads to

ndp being broken. we recognize ndp and handle it like broadcast and multicasts i have no idea how ndp works in detail, but i assume the packets hold MACs which needs translation.

Install

SVN

Development-SVN is located at l2gvpn

For development information have a look at http://trac.l2gvpn.org/

Debian

Test precompiled Debian Packages

I've packaged libuci (0.7.4) and l2gvpn as Debian packages which are available at http://deb.soziologiker.org/ They are tested with Ubuntu 8.04, 8.10 and Debian Etch to install smoothly and should work. (i386, amd64) (thanks for testing to wuttke)

You are welcome to test them yourself and file Bugs for the packaging in the Trac at https://trac.soziologiker.org/debian-repository/ ! Just like i said, they packages are of testing-only quality, so do not yet expect most flawless usage experience ever seen ;-)

Enjoy, --Joti 00:13, 27. Apr 2009 (CEST)

Compile it yourself

  1. get libuci from http://downloads.openwrt.org/sources/uci-0.7.3.tar.gz
  2. unpack
  3. if you have lenny/sid then #sed -i -e 's/-Werror //' Makefile.inc
  4. compile with make
  5. install with make install

make install will do:

install -m0755 libuci.so.0.7 /usr/lib/
ln -sf libuci.so.0.7 /usr/lib/libuci.so
mkdir -p /usr/bin
install -m0755 uci /usr/bin/
mkdir -p /usr/lib
mkdir -p /usr/include
install -m0644 libuci.a libucimap.a /usr/lib/
install -m0644 uci_config.h uci.h uci_list.h ucimap.h /usr/include/

TODO: make debian rules for deb package REMARK: joti works on it. First Release done, ready for tests

  1. get l2gvpn svn via svn co http://svn.l2gvpn.org/trunk/
  2. compile with make
  3. put example config from extras to /etc/config/l2gvpn and adjust to your needs (see below for testbed)
  4. ready to use node and supernode

TODO: make debian rules for deb package, maybe include libuci in it REMARK: joti works on it.

openWRT

Testbed

Important.png Wichtig:
  • Wenn ihr einen Node ins VPN hängt, bitte kein HNA auf 0.0.0.0/0 announcen
  • Wenn Ihr HNA machen solltet, dann macht bitte NAT für alle Adressen (-o <dev> -j MASQUERADE)
  • Bitte die OLSR LinkQualityMult auf default 0.1 setzen

Important.png Wichtig:
  • Please do not announce HNA for 0.0.0.0/0
  • If you have to annouce internet HNA, please make sure you do NAT for everything outgoing (-o <dev> -j MASQUERADE)
  • Please check OLSR parameter LinkQualityMult to be default 0.1

A Supernode is reachable at vpn.berlin.freifunk.net:8719 .


L2gpvn config

the L2gvpn configuration is located at /etc/config/l2gvpn. The config-snipplet below can be used for openWRT and debian as libuci will handle file parsing.

For minimal Berlin testbed config use:

Please replace XX with your last IP digits and HH is the Hex value of XX.

config 'node' 'bbb'
        option 'mac'              '00:00:48:HH:00:00'
        option 'supernode'        'vpn.berlin.freifunk.net:8719'
        option 'tundev'           'gvpn'
        option 'community'        'bbb'

Add a Network section to /etc/config/network for the Interface.

config 'interface' 'gvpn'
        option 'proto'          'static'
        option 'ifname'         'gvpn'
        option 'ipaddr'         '77.87.48.XX'
        option 'netmask'        '255.255.255.192'

Siehe auch / See also