Aufsetzen eines Gateway
Tom Green
koe_fue at gmx.de
So Sep 6 13:47:19 CEST 2015
Hallo Zusammen,
Hallo Tim,
dank eurer Hilfe denke ich, soweit zu sein das man den Versuch
unternehmen könnte, das Gateway in die Fürther Hood einzubinden.
Ein paar Stammdaten habe ich unten geplottet. Evtl. findet sich was, was
nicht OK aussieht.
Wie machen wir weiter? Tragen wir das Teil in den Keyserver für die
Fürther Hood ein und schauen was passiert?
VG
Torben
(0) Basisdaten
* Globale IPv4: 176.123.28.115
* Servername: klee
* Debian Linux Jessie 64 bit
* fastd v17 Tunnel an die Fürther Hood (aus rc.local gestartet)
o FFF Server IP: 10.50.38.1/21
o FFF Netz: 10.50.32.0/21
* Mullvad OpenVPN Tunnel (aus rc.local gestartet, mit FFF spezifischem
startup script)
* batman-adv: 2013.4.0
* dhcpd: (range 10.50.38.2 ... 10.50.39.254)
* ipv4 und ipv6 forwarding
(1) Route & Ifconfig
route:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
default 176-123-28-1.al 0.0.0.0 UG 0 0 0 eth0
10.50.32.0 * 255.255.248.0 U 0 0 0 bat0
10.114.0.0 * 255.255.0.0 U 0 0 0 tun0
localnet * 255.255.255.0 U 0 0 0 eth0
ifconfig:
bat0 Link encap:Ethernet HWaddr e6:dd:d9:c4:26:d4
inet addr:10.50.38.1 Bcast:0.0.0.0 Mask:255.255.248.0
inet6 addr: fe80::e4dd:d9ff:fec4:26d4/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:21065 errors:0 dropped:46 overruns:0 frame:0
TX packets:32 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1866651 (1.7 MiB) TX bytes:2888 (2.8 KiB)
eth0 Link encap:Ethernet HWaddr 22:cb:16:87:11:de
inet addr:176.123.28.115 Bcast:176.123.28.255 Mask:255.255.255.0
inet6 addr: fe80::20cb:16ff:fe87:11de/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:149649 errors:0 dropped:0 overruns:0 frame:0
TX packets:92256 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:37279355 (35.5 MiB) TX bytes:12898778 (12.3 MiB)
ffffuerthVPN Link encap:Ethernet HWaddr 86:47:08:88:30:0b
inet6 addr: fe80::8447:8ff:fe88:300b/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1426 Metric:1
RX packets:119660 errors:0 dropped:0 overruns:0 frame:0
TX packets:43460 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:10536564 (10.0 MiB) TX bytes:4167501 (3.9 MiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
tun0 Link encap:UNSPEC HWaddr
00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.114.0.12 P-t-P:10.114.0.12 Mask:255.255.0.0
inet6 addr: fdc7:593c:1019:72::100a/112 Scope:Global
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:11 errors:0 dropped:0 overruns:0 frame:0
TX packets:2 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:986 (986.0 B) TX bytes:152 (152.0 B)
(2) Batman
root at 176-123-28-115:~# batctl o
[B.A.T.M.A.N. adv 2013.4.0, MainIF/MAC: ffffuerthVPN/ba:56:b2:5d:34:96
(bat0)]
Originator last-seen (#/255) Nexthop [outgoingIF]:
Potential nexthops ...
76:03:95:73:35:05 0.224s (225) d2:77:01:11:82:03 [ffffuerthVPN]:
3a:05:2f:cd:9f:56 (218) d2:77:01:11:82:03 (225)
c4:6e:1f:b2:84:66 0.056s (225) d2:77:01:11:82:03 [ffffuerthVPN]:
d2:77:01:11:82:03 (225) 3a:05:2f:cd:9f:56 (225)
.
.
.
root at 176-123-28-115:~# batctl ping c4:6e:1f:b2:84:66
PING c4:6e:1f:b2:84:66 (c4:6e:1f:b2:84:66) 20(48) bytes of data
20 bytes from c4:6e:1f:b2:84:66 icmp_seq=1 ttl=49 time=61.36 ms
20 bytes from c4:6e:1f:b2:84:66 icmp_seq=2 ttl=49 time=61.65 ms
20 bytes from c4:6e:1f:b2:84:66 icmp_seq=3 ttl=49 time=62.52 ms
^C--- c4:6e:1f:b2:84:66 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss
rtt min/avg/max/mdev = 61.358/61.843/62.525/0.496 ms
(3) OpenVPN
Sun Sep 6 14:35:04 2015 event_wait : Interrupted system call (code=4)
Sun Sep 6 14:35:04 2015 Closing TUN/TAP interface
Sun Sep 6 14:35:04 2015 /sbin/ip addr del dev tun0 10.114.0.12/16
Sun Sep 6 14:35:04 2015 SIGTERM[hard,] received, process exiting
Sun Sep 6 14:35:35 2015 OpenVPN 2.3.4 x86_64-pc-linux-gnu [SSL
(OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Dec 1 2014
Sun Sep 6 14:35:35 2015 library versions: OpenSSL 1.0.1k 8 Jan 2015,
LZO 2.08
Sun Sep 6 14:35:35 2015 NOTE: the current --script-security setting may
allow this configuration to call user-defined scripts
Sun Sep 6 14:35:35 2015 WARNING: file 'mullvad.key' is group or others
accessible
Sun Sep 6 14:35:35 2015 Socket Buffers: R=[212992->131072]
S=[212992->131072]
Sun Sep 6 14:35:35 2015 UDPv4 link local: [undef]
Sun Sep 6 14:35:35 2015 UDPv4 link remote: [AF_INET]46.165.228.118:1300
Sun Sep 6 14:35:37 2015 TLS: Initial packet from
[AF_INET]46.165.228.118:1300, sid=aae498b4 c58f9e3f
Sun Sep 6 14:35:41 2015 CRL: CRL crl.pem is from a different issuer
than the issuer of certificate C=NA, ST=None, L=None, O=Mullvad,
CN=Mullvad CA, emailAddress=info at mullvad.net
Sun Sep 6 14:35:41 2015 VERIFY OK: depth=2, C=NA, ST=None, L=None,
O=Mullvad, CN=Mullvad CA, emailAddress=info at mullvad.net
Sun Sep 6 14:35:41 2015 CRL: CRL crl.pem is from a different issuer
than the issuer of certificate C=NA, ST=None, L=None, O=Mullvad,
CN=master.mullvad.net, emailAddress=info at mullvad.net
Sun Sep 6 14:35:41 2015 VERIFY OK: depth=1, C=NA, ST=None, L=None,
O=Mullvad, CN=master.mullvad.net, emailAddress=info at mullvad.net
Sun Sep 6 14:35:41 2015 Validating certificate key usage
Sun Sep 6 14:35:41 2015 ++ Certificate has key usage 00a0, expects 00a0
Sun Sep 6 14:35:41 2015 VERIFY KU OK
Sun Sep 6 14:35:41 2015 Validating certificate extended key usage
Sun Sep 6 14:35:41 2015 ++ Certificate has EKU (str) TLS Web Server
Authentication, expects TLS Web Server Authentication
Sun Sep 6 14:35:41 2015 VERIFY EKU OK
Sun Sep 6 14:35:41 2015 CRL CHECK OK: C=NA, ST=None, L=None, O=Mullvad,
CN=de3.mullvad.net, emailAddress=info at mullvad.net
Sun Sep 6 14:35:41 2015 VERIFY OK: depth=0, C=NA, ST=None, L=None,
O=Mullvad, CN=de3.mullvad.net, emailAddress=info at mullvad.net
Sun Sep 6 14:35:49 2015 Data Channel Encrypt: Cipher 'AES-256-CBC'
initialized with 256 bit key
Sun Sep 6 14:35:49 2015 Data Channel Encrypt: Using 160 bit message
hash 'SHA1' for HMAC authentication
Sun Sep 6 14:35:49 2015 Data Channel Decrypt: Cipher 'AES-256-CBC'
initialized with 256 bit key
Sun Sep 6 14:35:49 2015 Data Channel Decrypt: Using 160 bit message
hash 'SHA1' for HMAC authentication
Sun Sep 6 14:35:49 2015 Control Channel: TLSv1, cipher TLSv1/SSLv3
DHE-RSA-AES256-SHA, 2048 bit RSA
Sun Sep 6 14:35:49 2015 [de3.mullvad.net] Peer Connection Initiated
with [AF_INET]46.165.228.118:1300
Sun Sep 6 14:35:51 2015 SENT CONTROL [de3.mullvad.net]: 'PUSH_REQUEST'
(status=1)
Sun Sep 6 14:35:51 2015 PUSH: Received control message:
'PUSH_REPLY,ifconfig-ipv6 fd96:85b7:3189:72::1058/112
fd96:85b7:3189:72::,redirect-gateway def1 bypass-dhcp,dhcp-option DNS
10.114.0.1,route-ipv6 0000::/2,route-ipv6 4000::/2,route-ipv6
8000::/2,route-ipv6 C000::/2,route-gateway 10.114.0.1,topology
subnet,ifconfig 10.114.0.90 255.255.0.0'
Sun Sep 6 14:35:51 2015 OPTIONS IMPORT: --ifconfig/up options modified
Sun Sep 6 14:35:51 2015 OPTIONS IMPORT: route options modified
Sun Sep 6 14:35:51 2015 OPTIONS IMPORT: route-related options modified
Sun Sep 6 14:35:51 2015 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option
options modified
Sun Sep 6 14:35:51 2015 ROUTE_GATEWAY 176.123.28.1/255.255.255.0
IFACE=eth0 HWADDR=22:cb:16:87:11:de
Sun Sep 6 14:35:51 2015 ROUTE6: default_gateway=UNDEF
Sun Sep 6 14:35:51 2015 TUN/TAP device tun0 opened
Sun Sep 6 14:35:51 2015 TUN/TAP TX queue length set to 100
Sun Sep 6 14:35:51 2015 do_ifconfig, tt->ipv6=1,
tt->did_ifconfig_ipv6_setup=1
Sun Sep 6 14:35:51 2015 /sbin/ip link set dev tun0 up mtu 1500
Sun Sep 6 14:35:51 2015 /sbin/ip addr add dev tun0 10.114.0.90/16
broadcast 10.114.255.255
Sun Sep 6 14:35:51 2015 /sbin/ip -6 addr add
fd96:85b7:3189:72::1058/112 dev tun0
Sun Sep 6 14:35:51 2015 /etc/openvpn/mullvad_up tun0 1500 1558
10.114.0.90 255.255.0.0 init
Sun Sep 6 14:35:51 2015 Initialization Sequence Completed
(4) Fastd
Sep 6 14:35:20 176-123-28-115 fastd[451]: Starting Fast and Secure
Tunneling Daemon....
Sep 6 14:35:50 176-123-28-115 rc.local[447]: /bin/rm: cannot remove
‘/var/run/fastd.fff.fuerth.pid’: No such file or directory
Sep 6 14:35:50 176-123-28-115 ffffuerth[1084]: fastd v17 starting
Sep 6 14:35:50 176-123-28-115 rc.local[447]: Saving to:
‘/tmp/fastd_fff.fuerth_output’
Sep 6 14:35:50 176-123-28-115 rc.local[447]: 2015-09-06 14:35:50 (56.4
MB/s) - ‘/tmp/fastd_fff.fuerth_output’ saved [344]
(5) DHCP
Sep 6 14:35:52 176-123-28-115 isc-dhcp-server[1150]: Starting ISC DHCP
server: dhcpd.
Sep 6 14:35:59 176-123-28-115 dhcpd: DHCPDISCOVER from
94:d7:71:60:f9:1f via bat0
Sep 6 14:35:59 176-123-28-115 dhcpd: DHCPREQUEST for 10.50.21.31
(10.50.16.2) from 94:d7:71:60:f9:1f via bat0: wrong network.
Sep 6 14:35:59 176-123-28-115 dhcpd: DHCPNAK on 10.50.21.31 to
94:d7:71:60:f9:1f via bat0
Sep 6 14:36:00 176-123-28-115 dhcpd: DHCPOFFER on 10.50.38.2 to
94:d7:71:60:f9:1f (android-c827e76c2e7c1eef) via bat0
Sep 6 14:36:24 176-123-28-115 dhcpd: DHCPREQUEST for 10.136.204.50 from
38:0a:94:e4:3f:a6 via bat0: wrong network.
Sep 6 14:36:24 176-123-28-115 dhcpd: DHCPNAK on 10.136.204.50 to
38:0a:94:e4:3f:a6 via bat0
Sep 6 14:36:30 176-123-28-115 dhcpd: DHCPDISCOVER from
38:0a:94:e4:3f:a6 via bat0
Sep 6 14:36:31 176-123-28-115 dhcpd: DHCPOFFER on 10.50.38.3 to
38:0a:94:e4:3f:a6 (android-fe6ce1c52aa3e154) via bat0
-------------- nächster Teil --------------
Ein Dateianhang mit HTML-Daten wurde abgetrennt...
URL: <http://lists.freifunk.net/pipermail/franken-dev-freifunk.net/attachments/20150906/56d09493/attachment-0002.html>
Mehr Informationen über die Mailingliste franken-dev