892
edits
Line 3: | Line 3: | ||
L2TP tunnels are unencrypted. They are used primarily because they are layer 2 (so they can be used for batman-adv) and are part of the Linux kernel. They code does not take up much space on the space-limited mesh nodes and does not use much cpu. | L2TP tunnels are unencrypted. They are used primarily because they are layer 2 (so they can be used for batman-adv) and are part of the Linux kernel. They code does not take up much space on the space-limited mesh nodes and does not use much cpu. | ||
Configuring a relay node involves the following steps: | |||
# B.A.T.M.A.N. Advanced | # Ensure that you have a compatible operating system | ||
# Tunneldigger Broker | # Get a static IP assigned from sudo mesh (or use the test IP) | ||
# Configure B.A.T.M.A.N. Advanced | |||
# Configure Tunneldigger Broker | |||
= Operating system = | = Operating system = | ||
Line 74: | Line 76: | ||
== Other distros == | == Other distros == | ||
You are on your own, but if you figure out how to get batman-adv and tunneldigger working on a different distro, then please edit this wiki | You are on your own, but if you figure out how to get batman-adv and tunneldigger working on a different distro, then please edit this wiki. | ||
= Getting an assigned static IP = | |||
For testing purposes you can use the IP 10.42.254.254 | |||
If you want others to use your relay node, you should contact the sudo mesh group for a static IP assignment, either at info@sudomesh.org or by showing up to a weekly meeting or hacknight. Please include the following information: | |||
*Relay node IP and port(s) | |||
*Contact info for node administrator (at least an email address) | |||
*How much bandwidth does the relay node provide? Is there a monthly limit? | |||
In the future you will also have to agree to the terms of the Network Commons License, which has not yet been defined. | |||
= batman-adv = | = batman-adv = | ||
Line 91: | Line 105: | ||
sudo aptitude install batctl | sudo aptitude install batctl | ||
Set a static IP for the bat0 interface by adding the following to /etc/network/interfaces: | |||
iface bat0 inet static | |||
address 10.42.254.254 | |||
netmask 255.0.0.0 | |||
If you have already received a static IP assignment from sudo mesh, then use that in place of 10.42.254.254. | |||
= Tunneldigger broker = | = Tunneldigger broker = | ||
Line 165: | Line 187: | ||
Open l2tp_broker.cfg. | Open l2tp_broker.cfg. | ||
You will want to change the "address=" line to your public IP address, and "interface=" to your public ethernet interface. | You will want to change the "address=" line to your public IP address, and "interface=" to your public ethernet interface. E.g: | ||
address=93.184.216.119 | |||
interface=eth0 | |||
You may also want to change the ports line. If you're running a DNS server on the same host then you'll want to remove port 53 from the list of ports. | |||
Change the "session.up=" line to: | |||
session.up=/opt/tunneldigger/broker/scripts/up_hook.sh | |||
Now create the up_hook.sh file: | |||
cd /opt/tunneldigger/broker/scripts | |||
sudo touch up_hook.sh | |||
sudo chmod 755 up_hook.sh | |||
Edit up_hook.sh to contain the following: | |||
#!/bin/sh | |||
INTERFACE="$3" | |||
ifconfig $INTERFACE up | |||
batctl if add $INTERFACE | |||
ifup bat0 | |||
Now you're ready to run the broker. | |||
== Run the broker == | == Run the broker == | ||
Line 177: | Line 226: | ||
== Test the broker == | == Test the broker == | ||
To test the broker you need to install tunneldigger client on a different system. Ensure you have the L2TP modules loaded on your client system. | To test the broker you need to install batman-adv and tunneldigger client on a different system. Ensure you have the L2TP modules installed and loaded on your client system. And ensure you have the batctl package installed and the batman_adv module loaded. | ||
Install tunneldigger client requirements on you client system: | Install tunneldigger client requirements on you client system: | ||
Line 212: | Line 261: | ||
This doesn't harm anything, but if you want to fix the behavior, look in traffic_control.py in the reset function. | This doesn't harm anything, but if you want to fix the behavior, look in traffic_control.py in the reset function. | ||
After the tunnel is created, the interface l2tp0 should appear. Check with: | |||
ifconfig l2tp0 | |||
Give it an IP in the 10.0.0.0/8 range, e.g: | |||
sudo ifconfig l2tp0 10.254.254.254 netmask 255.0.0.0 up | |||
Then add the tunnel interface to batman: | |||
sudo batctl if add l2tp0 | |||
Now verify that batman is able to communicate over the tunnel: | |||
batctl o | |||
You should see output like: | |||
[B.A.T.M.A.N. adv 2011.4.0, MainIF/MAC: l2tp1001/96:ea:1d:9a:e9:6c (bat0)] | |||
Originator last-seen (#/255) Nexthop [outgoingIF]: Potential nexthops ... | |||
06:15:6d:72:05:21 0.064s (255) de:c9:2f:79:66:04 [ l2tp1001]: de:c9:2f:79:66:04 (255) | |||
de:c9:2f:79:66:04 0.476s (251) de:c9:2f:79:66:04 [ l2tp1001]: de:c9:2f:79:66:04 (251) | |||
You may see only one entry in the list, but you should see at least one. You can run "batctl o" on the relay server as well and it should show one entry. | |||
If you see at least one entry, that means you have layer 2 communication working between the client and server over the l2tp tunnel and that batman-adv is configured correctly. | |||
Now check if layer 3 communication is also working. From the client: | |||
ping 10.42.254.254 | |||
(or if you have are using an assigned static IP, ping that IP instead) | |||
If you can ping, then everything is working correctly! | |||
== Configure the broker to auto-start == | == Configure the broker to auto-start == | ||
Line 229: | Line 313: | ||
Reboot your system and verify that tunneldigger starts correctly. | Reboot your system and verify that tunneldigger starts correctly. | ||
= Securing your system = | = Securing your system = | ||
Now that you're running a piece of the mesh infrastructure, you may want to ensure that your server stays reasonably secure. We recommend that you set up automatic security updates as described in [[Mesh/Server_security]] this guide. | Now that you're running a piece of the mesh infrastructure, you may want to ensure that your server stays reasonably secure. We recommend that you set up automatic security updates as described in [[Mesh/Server_security]] this guide. |