<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
Hallo Zusammen, <br>
Hallo Tim,<br>
<br>
dank eurer Hilfe denke ich, soweit zu sein das man den Versuch
unternehmen könnte, das Gateway in die Fürther Hood einzubinden.<br>
<br>
Ein paar Stammdaten habe ich unten geplottet. Evtl. findet sich was,
was nicht OK aussieht.<br>
<br>
Wie machen wir weiter? Tragen wir das Teil in den Keyserver für die
Fürther Hood ein und schauen was passiert?<br>
<br>
VG<br>
Torben<br>
<br>
<br>
(0) Basisdaten<br>
<ul>
<li>Globale IPv4: 176.123.28.115</li>
<li>Servername: klee<br>
</li>
<li>Debian Linux Jessie 64 bit</li>
<li>fastd v17 Tunnel an die Fürther Hood (aus rc.local gestartet)</li>
<ul>
<li>FFF Server IP: 10.50.38.1/21</li>
<li>FFF Netz: 10.50.32.0/21<br>
</li>
</ul>
<li>Mullvad OpenVPN Tunnel (aus rc.local gestartet, mit FFF
spezifischem startup script)</li>
<li>batman-adv: 2013.4.0</li>
<li>dhcpd: (range 10.50.38.2 ... 10.50.39.254)</li>
<li>ipv4 und ipv6 forwarding</li>
</ul>
<p>(1) Route & Ifconfig<br>
</p>
<p>route:<br>
<tt>Kernel IP routing table</tt><tt><br>
</tt><tt>Destination Gateway Genmask Flags
Metric Ref Use Iface</tt><tt><br>
</tt><tt>default 176-123-28-1.al 0.0.0.0 UG
0 0 0 eth0</tt><tt><br>
</tt><tt>10.50.32.0 * 255.255.248.0 U
0 0 0 bat0</tt><tt><br>
</tt><tt>10.114.0.0 * 255.255.0.0 U
0 0 0 tun0</tt><tt><br>
</tt><tt>localnet * 255.255.255.0 U
0 0 0 eth0</tt><br>
<br>
</p>
ifconfig:<br>
<tt>bat0 Link encap:Ethernet HWaddr e6:dd:d9:c4:26:d4 </tt><tt><br>
</tt><tt> inet addr:10.50.38.1 Bcast:0.0.0.0
Mask:255.255.248.0</tt><tt><br>
</tt><tt> inet6 addr: fe80::e4dd:d9ff:fec4:26d4/64
Scope:Link</tt><tt><br>
</tt><tt> UP BROADCAST RUNNING MULTICAST MTU:1500
Metric:1</tt><tt><br>
</tt><tt> RX packets:21065 errors:0 dropped:46 overruns:0
frame:0</tt><tt><br>
</tt><tt> TX packets:32 errors:0 dropped:0 overruns:0
carrier:0</tt><tt><br>
</tt><tt> collisions:0 txqueuelen:0 </tt><tt><br>
</tt><tt> RX bytes:1866651 (1.7 MiB) TX bytes:2888 (2.8
KiB)</tt><tt><br>
</tt><tt><br>
</tt><tt>eth0 Link encap:Ethernet HWaddr 22:cb:16:87:11:de </tt><tt><br>
</tt><tt> inet addr:176.123.28.115 Bcast:176.123.28.255
Mask:255.255.255.0</tt><tt><br>
</tt><tt> inet6 addr: fe80::20cb:16ff:fe87:11de/64
Scope:Link</tt><tt><br>
</tt><tt> UP BROADCAST RUNNING MULTICAST MTU:1500
Metric:1</tt><tt><br>
</tt><tt> RX packets:149649 errors:0 dropped:0 overruns:0
frame:0</tt><tt><br>
</tt><tt> TX packets:92256 errors:0 dropped:0 overruns:0
carrier:0</tt><tt><br>
</tt><tt> collisions:0 txqueuelen:1000 </tt><tt><br>
</tt><tt> RX bytes:37279355 (35.5 MiB) TX bytes:12898778
(12.3 MiB)</tt><tt><br>
</tt><tt><br>
</tt><tt>ffffuerthVPN Link encap:Ethernet HWaddr 86:47:08:88:30:0b
</tt><tt><br>
</tt><tt> inet6 addr: fe80::8447:8ff:fe88:300b/64
Scope:Link</tt><tt><br>
</tt><tt> UP BROADCAST RUNNING MULTICAST MTU:1426
Metric:1</tt><tt><br>
</tt><tt> RX packets:119660 errors:0 dropped:0 overruns:0
frame:0</tt><tt><br>
</tt><tt> TX packets:43460 errors:0 dropped:0 overruns:0
carrier:0</tt><tt><br>
</tt><tt> collisions:0 txqueuelen:500 </tt><tt><br>
</tt><tt> RX bytes:10536564 (10.0 MiB) TX bytes:4167501
(3.9 MiB)</tt><tt><br>
</tt><tt><br>
</tt><tt>lo Link encap:Local Loopback </tt><tt><br>
</tt><tt> inet addr:127.0.0.1 Mask:255.0.0.0</tt><tt><br>
</tt><tt> inet6 addr: ::1/128 Scope:Host</tt><tt><br>
</tt><tt> UP LOOPBACK RUNNING MTU:65536 Metric:1</tt><tt><br>
</tt><tt> RX packets:0 errors:0 dropped:0 overruns:0
frame:0</tt><tt><br>
</tt><tt> TX packets:0 errors:0 dropped:0 overruns:0
carrier:0</tt><tt><br>
</tt><tt> collisions:0 txqueuelen:0 </tt><tt><br>
</tt><tt> RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)</tt><tt><br>
</tt><tt><br>
</tt><tt>tun0 Link encap:UNSPEC HWaddr
00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 </tt><tt><br>
</tt><tt> inet addr:10.114.0.12 P-t-P:10.114.0.12
Mask:255.255.0.0</tt><tt><br>
</tt><tt> inet6 addr: fdc7:593c:1019:72::100a/112
Scope:Global</tt><tt><br>
</tt><tt> UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500
Metric:1</tt><tt><br>
</tt><tt> RX packets:11 errors:0 dropped:0 overruns:0
frame:0</tt><tt><br>
</tt><tt> TX packets:2 errors:0 dropped:0 overruns:0
carrier:0</tt><tt><br>
</tt><tt> collisions:0 txqueuelen:100 </tt><tt><br>
</tt><tt> RX bytes:986 (986.0 B) TX bytes:152 (152.0 B)</tt><tt><br>
</tt><br>
(2) Batman<br>
<tt>root@176-123-28-115:~# batctl o</tt><tt><br>
</tt><tt>[B.A.T.M.A.N. adv 2013.4.0, MainIF/MAC:
ffffuerthVPN/ba:56:b2:5d:34:96 (bat0)]</tt><tt><br>
</tt><tt> Originator last-seen (#/255) Nexthop
[outgoingIF]: Potential nexthops ...</tt><tt><br>
</tt><tt>76:03:95:73:35:05 0.224s (225) d2:77:01:11:82:03
[ffffuerthVPN]: 3a:05:2f:cd:9f:56 (218) d2:77:01:11:82:03 (225)</tt><tt><br>
</tt><tt>c4:6e:1f:b2:84:66 0.056s (225) d2:77:01:11:82:03
[ffffuerthVPN]: d2:77:01:11:82:03 (225) 3a:05:2f:cd:9f:56 (225)</tt><br>
.<br>
.<br>
.<br>
<tt>root@176-123-28-115:~# batctl ping c4:6e:1f:b2:84:66</tt><tt><br>
</tt><tt>PING c4:6e:1f:b2:84:66 (c4:6e:1f:b2:84:66) 20(48) bytes of
data</tt><tt><br>
</tt><tt>20 bytes from c4:6e:1f:b2:84:66 icmp_seq=1 ttl=49
time=61.36 ms</tt><tt><br>
</tt><tt>20 bytes from c4:6e:1f:b2:84:66 icmp_seq=2 ttl=49
time=61.65 ms</tt><tt><br>
</tt><tt>20 bytes from c4:6e:1f:b2:84:66 icmp_seq=3 ttl=49
time=62.52 ms</tt><tt><br>
</tt><tt>^C--- c4:6e:1f:b2:84:66 ping statistics ---</tt><tt><br>
</tt><tt>3 packets transmitted, 3 received, 0% packet loss</tt><tt><br>
</tt><tt>rtt min/avg/max/mdev = 61.358/61.843/62.525/0.496 ms</tt><br>
<br>
(3) OpenVPN<br>
<tt>Sun Sep 6 14:35:04 2015 event_wait : Interrupted system call
(code=4)</tt><tt><br>
</tt><tt>Sun Sep 6 14:35:04 2015 Closing TUN/TAP interface</tt><tt><br>
</tt><tt>Sun Sep 6 14:35:04 2015 /sbin/ip addr del dev tun0
10.114.0.12/16</tt><tt><br>
</tt><tt>Sun Sep 6 14:35:04 2015 SIGTERM[hard,] received, process
exiting</tt><tt><br>
</tt><tt>Sun Sep 6 14:35:35 2015 OpenVPN 2.3.4 x86_64-pc-linux-gnu
[SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Dec 1
2014</tt><tt><br>
</tt><tt>Sun Sep 6 14:35:35 2015 library versions: OpenSSL 1.0.1k 8
Jan 2015, LZO 2.08</tt><tt><br>
</tt><tt>Sun Sep 6 14:35:35 2015 NOTE: the current
--script-security setting may allow this configuration to call
user-defined scripts</tt><tt><br>
</tt><tt>Sun Sep 6 14:35:35 2015 WARNING: file 'mullvad.key' is
group or others accessible</tt><tt><br>
</tt><tt>Sun Sep 6 14:35:35 2015 Socket Buffers:
R=[212992->131072] S=[212992->131072]</tt><tt><br>
</tt><tt>Sun Sep 6 14:35:35 2015 UDPv4 link local: [undef]</tt><tt><br>
</tt><tt>Sun Sep 6 14:35:35 2015 UDPv4 link remote:
[AF_INET]46.165.228.118:1300</tt><tt><br>
</tt><tt>Sun Sep 6 14:35:37 2015 TLS: Initial packet from
[AF_INET]46.165.228.118:1300, sid=aae498b4 c58f9e3f</tt><tt><br>
</tt><tt>Sun Sep 6 14:35:41 2015 CRL: CRL crl.pem is from a
different issuer than the issuer of certificate C=NA, ST=None,
L=None, O=Mullvad, CN=Mullvad CA, <a class="moz-txt-link-abbreviated" href="mailto:emailAddress=info@mullvad.net">emailAddress=info@mullvad.net</a></tt><tt><br>
</tt><tt>Sun Sep 6 14:35:41 2015 VERIFY OK: depth=2, C=NA, ST=None,
L=None, O=Mullvad, CN=Mullvad CA, <a class="moz-txt-link-abbreviated" href="mailto:emailAddress=info@mullvad.net">emailAddress=info@mullvad.net</a></tt><tt><br>
</tt><tt>Sun Sep 6 14:35:41 2015 CRL: CRL crl.pem is from a
different issuer than the issuer of certificate C=NA, ST=None,
L=None, O=Mullvad, CN=master.mullvad.net,
<a class="moz-txt-link-abbreviated" href="mailto:emailAddress=info@mullvad.net">emailAddress=info@mullvad.net</a></tt><tt><br>
</tt><tt>Sun Sep 6 14:35:41 2015 VERIFY OK: depth=1, C=NA, ST=None,
L=None, O=Mullvad, CN=master.mullvad.net,
<a class="moz-txt-link-abbreviated" href="mailto:emailAddress=info@mullvad.net">emailAddress=info@mullvad.net</a></tt><tt><br>
</tt><tt>Sun Sep 6 14:35:41 2015 Validating certificate key usage</tt><tt><br>
</tt><tt>Sun Sep 6 14:35:41 2015 ++ Certificate has key usage
00a0, expects 00a0</tt><tt><br>
</tt><tt>Sun Sep 6 14:35:41 2015 VERIFY KU OK</tt><tt><br>
</tt><tt>Sun Sep 6 14:35:41 2015 Validating certificate extended
key usage</tt><tt><br>
</tt><tt>Sun Sep 6 14:35:41 2015 ++ Certificate has EKU (str) TLS
Web Server Authentication, expects TLS Web Server Authentication</tt><tt><br>
</tt><tt>Sun Sep 6 14:35:41 2015 VERIFY EKU OK</tt><tt><br>
</tt><tt>Sun Sep 6 14:35:41 2015 CRL CHECK OK: C=NA, ST=None,
L=None, O=Mullvad, CN=de3.mullvad.net,
<a class="moz-txt-link-abbreviated" href="mailto:emailAddress=info@mullvad.net">emailAddress=info@mullvad.net</a></tt><tt><br>
</tt><tt>Sun Sep 6 14:35:41 2015 VERIFY OK: depth=0, C=NA, ST=None,
L=None, O=Mullvad, CN=de3.mullvad.net,
<a class="moz-txt-link-abbreviated" href="mailto:emailAddress=info@mullvad.net">emailAddress=info@mullvad.net</a></tt><tt><br>
</tt><tt>Sun Sep 6 14:35:49 2015 Data Channel Encrypt: Cipher
'AES-256-CBC' initialized with 256 bit key</tt><tt><br>
</tt><tt>Sun Sep 6 14:35:49 2015 Data Channel Encrypt: Using 160
bit message hash 'SHA1' for HMAC authentication</tt><tt><br>
</tt><tt>Sun Sep 6 14:35:49 2015 Data Channel Decrypt: Cipher
'AES-256-CBC' initialized with 256 bit key</tt><tt><br>
</tt><tt>Sun Sep 6 14:35:49 2015 Data Channel Decrypt: Using 160
bit message hash 'SHA1' for HMAC authentication</tt><tt><br>
</tt><tt>Sun Sep 6 14:35:49 2015 Control Channel: TLSv1, cipher
TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA</tt><tt><br>
</tt><tt>Sun Sep 6 14:35:49 2015 [de3.mullvad.net] Peer Connection
Initiated with [AF_INET]46.165.228.118:1300</tt><tt><br>
</tt><tt>Sun Sep 6 14:35:51 2015 SENT CONTROL [de3.mullvad.net]:
'PUSH_REQUEST' (status=1)</tt><tt><br>
</tt><tt>Sun Sep 6 14:35:51 2015 PUSH: Received control message:
'PUSH_REPLY,ifconfig-ipv6 fd96:85b7:3189:72::1058/112
fd96:85b7:3189:72::,redirect-gateway def1 bypass-dhcp,dhcp-option
DNS 10.114.0.1,route-ipv6 0000::/2,route-ipv6 4000::/2,route-ipv6
8000::/2,route-ipv6 C000::/2,route-gateway 10.114.0.1,topology
subnet,ifconfig 10.114.0.90 255.255.0.0'</tt><tt><br>
</tt><tt>Sun Sep 6 14:35:51 2015 OPTIONS IMPORT: --ifconfig/up
options modified</tt><tt><br>
</tt><tt>Sun Sep 6 14:35:51 2015 OPTIONS IMPORT: route options
modified</tt><tt><br>
</tt><tt>Sun Sep 6 14:35:51 2015 OPTIONS IMPORT: route-related
options modified</tt><tt><br>
</tt><tt>Sun Sep 6 14:35:51 2015 OPTIONS IMPORT: --ip-win32 and/or
--dhcp-option options modified</tt><tt><br>
</tt><tt>Sun Sep 6 14:35:51 2015 ROUTE_GATEWAY
176.123.28.1/255.255.255.0 IFACE=eth0 HWADDR=22:cb:16:87:11:de</tt><tt><br>
</tt><tt>Sun Sep 6 14:35:51 2015 ROUTE6: default_gateway=UNDEF</tt><tt><br>
</tt><tt>Sun Sep 6 14:35:51 2015 TUN/TAP device tun0 opened</tt><tt><br>
</tt><tt>Sun Sep 6 14:35:51 2015 TUN/TAP TX queue length set to 100</tt><tt><br>
</tt><tt>Sun Sep 6 14:35:51 2015 do_ifconfig, tt->ipv6=1,
tt->did_ifconfig_ipv6_setup=1</tt><tt><br>
</tt><tt>Sun Sep 6 14:35:51 2015 /sbin/ip link set dev tun0 up mtu
1500</tt><tt><br>
</tt><tt>Sun Sep 6 14:35:51 2015 /sbin/ip addr add dev tun0
10.114.0.90/16 broadcast 10.114.255.255</tt><tt><br>
</tt><tt>Sun Sep 6 14:35:51 2015 /sbin/ip -6 addr add
fd96:85b7:3189:72::1058/112 dev tun0</tt><tt><br>
</tt><tt>Sun Sep 6 14:35:51 2015 /etc/openvpn/mullvad_up tun0 1500
1558 10.114.0.90 255.255.0.0 init</tt><tt><br>
</tt><tt>Sun Sep 6 14:35:51 2015 Initialization Sequence Completed</tt><br>
<br>
(4) Fastd<br>
<tt>Sep 6 14:35:20 176-123-28-115 fastd[451]: Starting Fast and
Secure Tunneling Daemon....</tt><tt><br>
</tt><tt>Sep 6 14:35:50 176-123-28-115 rc.local[447]: /bin/rm:
cannot remove ‘/var/run/fastd.fff.fuerth.pid’: No such file or
directory</tt><tt><br>
</tt><tt>Sep 6 14:35:50 176-123-28-115 ffffuerth[1084]: fastd v17
starting</tt><tt><br>
</tt><tt>Sep 6 14:35:50 176-123-28-115 rc.local[447]: Saving to:
‘/tmp/fastd_fff.fuerth_output’</tt><tt><br>
</tt><tt>Sep 6 14:35:50 176-123-28-115 rc.local[447]: 2015-09-06
14:35:50 (56.4 MB/s) - ‘/tmp/fastd_fff.fuerth_output’ saved [344]</tt><br>
<br>
(5) DHCP<br>
<tt>Sep 6 14:35:52 176-123-28-115 isc-dhcp-server[1150]: Starting
ISC DHCP server: dhcpd.</tt><tt><br>
</tt><tt>Sep 6 14:35:59 176-123-28-115 dhcpd: DHCPDISCOVER from
94:d7:71:60:f9:1f via bat0</tt><tt><br>
</tt><tt>Sep 6 14:35:59 176-123-28-115 dhcpd: DHCPREQUEST for
10.50.21.31 (10.50.16.2) from 94:d7:71:60:f9:1f via bat0: wrong
network.</tt><tt><br>
</tt><tt>Sep 6 14:35:59 176-123-28-115 dhcpd: DHCPNAK on
10.50.21.31 to 94:d7:71:60:f9:1f via bat0</tt><tt><br>
</tt><tt>Sep 6 14:36:00 176-123-28-115 dhcpd: DHCPOFFER on
10.50.38.2 to 94:d7:71:60:f9:1f (android-c827e76c2e7c1eef) via
bat0</tt><tt><br>
</tt><tt>Sep 6 14:36:24 176-123-28-115 dhcpd: DHCPREQUEST for
10.136.204.50 from 38:0a:94:e4:3f:a6 via bat0: wrong network.</tt><tt><br>
</tt><tt>Sep 6 14:36:24 176-123-28-115 dhcpd: DHCPNAK on
10.136.204.50 to 38:0a:94:e4:3f:a6 via bat0</tt><tt><br>
</tt><tt>Sep 6 14:36:30 176-123-28-115 dhcpd: DHCPDISCOVER from
38:0a:94:e4:3f:a6 via bat0</tt><tt><br>
</tt><tt>Sep 6 14:36:31 176-123-28-115 dhcpd: DHCPOFFER on
10.50.38.3 to 38:0a:94:e4:3f:a6 (android-fe6ce1c52aa3e154) via
bat0</tt><br>
<br>
</body>
</html>