|Wichtig: Wir haben einen Ausflug nach L2gvpn gemacht. Das Projekt / Produkt ist allerdings eingeschlafen. Wir benutzen wieder N2n
We tested L2gvpn a bit, but the project fades away. We start using N2n again.
|Latest preview version|
|Release date and age|
|License||GNU General Public License, LGPL|
l2gvpn steht für layer 2 guerilla VPN. l2gvpn ist ein layer2 VPN welches ein peer-to-peer-Netzwerk zum Finden von Knoten in einem VPN benutzt. Es wird von John Crispin aka Blogic zusammen mit OpenWrt- und Freifunk-Developern entwickelt.
l2gvpn is a layer2 vpn, that uses p2p for finding the routing info for the vpn traffic. in short, there is a supernode and N nodes. nodes "broadcast" via the supernode and once arp etc is resolved, the nodes do direct data exchange. unless either or both directions are NATed, in which case the NATed direction is traversed via the supernode.
we divide the network into 3 device types: Supernode, Node, Leaf.
Supernode / \ / \ / \ Node1 Node2 (bridge node0 and eth0) | \ | \ | \ Leaf1 Leaf2 (Leafs are not aware of the l2gvpn layer2 bridge to Node1)
to make sure, that Node1 can talk to Leaf1, without the network caching all macs to know where the packets have to go, we do MAT (MAC Addr Translation) we divide the range of "Translated macs" into "network ranges"
a translated mac looks like this 00:AA:BB:BB:CC:CC AA = Supernode id (yes, we are working on multi supernode already) BB:BB = node ID (we currently have to set a unique id for each node, later the supernode will allocate them= CC:CC = Leaf id
doing this you have a lot of advantages
* only the node needs to know its local MAT table * we can use FF:FF:FF:FF:00:00 as a mask to identify where we need to send data * and 00:FF:00:00:00:00 to find the supernode
how does it work ? well, l2 1/2 is quite a nice place :) yes, we do actually rewite ethernet headers and arp frames
this however leads to
ndp being broken. we recognize ndp and handle it like broadcast and multicasts i have no idea how ndp works in detail, but i assume the packets hold MACs which needs translation.
Development-SVN is located at l2gvpn
For development information have a look at http://trac.l2gvpn.org/
Test precompiled Debian Packages
I've packaged libuci (0.7.4) and l2gvpn as Debian packages which are available at http://deb.soziologiker.org/ They are tested with Ubuntu 8.04, 8.10 and Debian Etch to install smoothly and should work. (i386, amd64) (thanks for testing to wuttke)
You are welcome to test them yourself and file Bugs for the packaging in the Trac at https://trac.soziologiker.org/debian-repository/ ! Just like i said, they packages are of testing-only quality, so do not yet expect most flawless usage experience ever seen ;-)
Enjoy, --Joti 00:13, 27. Apr 2009 (CEST)
Compile it yourself
- get libuci from http://downloads.openwrt.org/sources/uci-0.7.3.tar.gz
- if you have lenny/sid then #sed -i -e 's/-Werror //' Makefile.inc
- compile with make
- install with make install
make install will do:
install -m0755 libuci.so.0.7 /usr/lib/ ln -sf libuci.so.0.7 /usr/lib/libuci.so mkdir -p /usr/bin install -m0755 uci /usr/bin/ mkdir -p /usr/lib mkdir -p /usr/include install -m0644 libuci.a libucimap.a /usr/lib/ install -m0644 uci_config.h uci.h uci_list.h ucimap.h /usr/include/
TODO: make debian rules for deb package REMARK: joti works on it. First Release done, ready for tests
- get l2gvpn svn via svn co http://svn.l2gvpn.org/trunk/
- compile with make
- put example config from extras to /etc/config/l2gvpn and adjust to your needs (see below for testbed)
- ready to use node and supernode
TODO: make debian rules for deb package, maybe include libuci in it REMARK: joti works on it.
A Supernode is reachable at vpn.berlin.freifunk.net:8719 .
the L2gvpn configuration is located at /etc/config/l2gvpn. The config-snipplet below can be used for openWRT and debian as libuci will handle file parsing.
For minimal Berlin testbed config use:
Please replace XX with your last IP digits and HH is the Hex value of XX.
config 'node' 'bbb' option 'mac' '00:00:48:HH:00:00' option 'supernode' 'vpn.berlin.freifunk.net:8719' option 'tundev' 'gvpn' option 'community' 'bbb'
Add a Network section to /etc/config/network for the Interface.
config 'interface' 'gvpn' option 'proto' 'static' option 'ifname' 'gvpn' option 'ipaddr' '77.87.48.XX' option 'netmask' '255.255.255.192'