Projet

Général

Profil

Historique

Wiki » Notes Ateliers »

AtelierTunnelDepartFibre

12/6/2017

pad: https://pad.tetaneutral.net/p/departFibre

Principe / archi

  • Figure archi
  • Routage

Configuration

Allocations

http://wiki.tetaneutral.net/index.php/Architecture#tunnel

  • nom tunnel (3 lettres) ttt
  • port pour openvpn <p>
  • adresses IP
    • 10.0.X.0/24 -> VPN
    • 172.31.X.0/24 -> L2 antennes + routeur VPN
    • 91.224.148.0/23, 89.234.156.0/23 -> IP publiques TTNN
    • 91.224.148.0/32, 89.234.156.0/32 -> IP route par défaut TTNN
    • a.b.c.d -> IP publique BOX
    <p> tunttt atelier 10.0.X.1/24 172.31.X.0/24 20170612-

h7

# tunmin tunnel mherrb 3 bd minimes
openvpn --mktun --dev-type tun --dev tunmin 
ip link set tunmin up 
openvpn --dev tunmin --dev-type tun --cipher none --persist-tun --auth none --port <p> --verb 3 --proto udp --local 91.224.148.1 --daemon --log-append /root/vpn/<p>.log --keepalive 10 60 --fragment 1400 --mssfix 
ip addr add 10.0.3.1/24 dev tunmin 
ip route add 172.31.3.0/24 dev tunmin

sur le routeur

  • Version shuttle:
    /etc/rc.local :
echo 1 > /proc/sys/net/ipv4/ip_forward
for i in /proc/sys/net/ipv6/conf/*; do for j in autoconf accept_ra; do echo 0 > $i/$j; done;done
echo 1 > /proc/sys/net/ipv6/conf/all/forwarding

ip link set eth1 up
ip addr add 172.31.3.1/24 dev eth1
ip route add 172.31.3.0/24 dev eth1 table 25

openvpn --mktun --dev-type tun --dev tunmin
ip link set tunmin up
nice -n -20 openvpn --dev tunmin --dev-type tun --cipher none --auth none --remote 91.224.148.1 65131 --verb 3 --proto udp --daemon --log-append /root/vpn-65131.log --keepalive 10 60 --fragment 1400 -mssfix
ip addr add 10.0.3.2/24 dev tunmin

ip    route add default dev tunmin table 25
ip -6 route add default dev tunmin table 25

ip    rule add from all iif tunmin table 25
ip -6 rule add from all iif tunmin table 25

ip    rule add from all iif eth1 table 25
ip -6 rule add from all iif eth1 table 25

ip rule add from 10.0.3.2 table 25
ip rule add from 172.31.3.1 table 25

ip -6 addr add fe80::31/64 dev eth1
ip addr add 89.234.156.0/32 dev lo
ip addr add 91.224.148.0/32 dev lo

# par adhérent
ip route add 91.224.149.97 dev eth1 table 25
ip -6 route add 2a03:7220:8081:6100::/56 via fe80::81:61 dev eth1 table 25
...