From: tuxcrafter Date: Mon, 24 May 2010 18:27:49 +0000 (+0200) Subject: (no commit message) X-Git-Url: https://tinc-vpn.org/git/browse?a=commitdiff_plain;h=207b37b1d5a26d9b30d5e776dd27d096a285a87b;p=wiki --- diff --git a/examples/simple-bridging-with-dhcp-server-side.mdwn b/examples/simple-bridging-with-dhcp-server-side.mdwn index 410e223..f63be0f 100644 --- a/examples/simple-bridging-with-dhcp-server-side.mdwn +++ b/examples/simple-bridging-with-dhcp-server-side.mdwn @@ -1,312 +1,312 @@ -# Company: PowerCraft Technology -# Author: Copyright Jelle de Jong -# Note: Please send me an email if you enhanced the document -# Date: 2010-05-24 -# License: CC-BY-SA - -# This document is free documentation; you can redistribute it and/or -# modify it under the terms of the Creative Commons Attribution Share -# Alike as published by the Creative Commons Foundation; either version -# 3.0 of the License, or (at your option) any later version. -# -# This document is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# Creative Commons BY-SA License for more details. -# -# http://creativecommons.org/licenses/by-sa/ - -#----------------------------------------------------------------------- - -# for commercial support contact me, part of the revenue go back to tinc - -#----------------------------------------------------------------------- - -# http://www.tinc-vpn.org/ -# http://www.tinc-vpn.org/examples/bridging -# http://www.tinc-vpn.org/documentation/tinc_toc - -#----------------------------------------------------------------------- - -# <@guus> Well all the tinc daemons together act like a single switcch -# <@guus> And each node in the VPN is connected to a port of that switch -# <@guus> And if you bridge the VPN interface with eth0, then it's like you plug a cable in a port of your eth0 LAN and the other end of that cable into the tinc switch - -#----------------------------------------------------------------------- - -unset LANG LANGUAGE LC_ALL -apt-get update; apt-get dist-upgrade - -apt-cache show tinc -apt-get install tinc -apt-get install bridge-utils - -#----------------------------------------------------------------------- - -/etc/init.d/tinc stop - -#----------------------------------------------------------------------- - -# ls -hal /dev/net/tun -crw-rw-rw- 1 root root 10, 200 May 20 20:07 /dev/net/tun - -# grep tinc /etc/services -tinc 655/tcp # tinc control port -tinc 655/udp - -cat /usr/share/doc/tinc/README.Debian -zcat /usr/share/doc/tinc/README.gz | less -zcat /usr/share/doc/tinc/NEWS.gz | less -cat /usr/share/doc/tinc/examples/tinc-up -w3m /usr/share/doc/tinc/tinc_0.html - -cat /etc/default/tinc -less /etc/init.d/tinc - -#----------------------------------------------------------------------- - -vim /etc/default/tinc -EXTRA="-d" -cat /etc/default/tinc - -#----------------------------------------------------------------------- - -cat /etc/tinc/nets.boot -echo 'powercraft01' | tee --append /etc/tinc/nets.boot -cat /etc/tinc/nets.boot - -#----------------------------------------------------------------------- - -ls -hal /etc/tinc/scallab01/ -mkdir --verbose /etc/tinc/powercraft01/ -mkdir --verbose /etc/tinc/powercraft01/hosts/ -touch /etc/tinc/powercraft01/tinc.conf - -#----------------------------------------------------------------------- - -vim /etc/network/interfaces - -# tinc-vpn: dhcp bridge -auto br0 - iface br0 inet static - address 192.168.3.1 - netmask 255.255.255.0 -# pre-up /sbin/ifconfig eth2 hw ether 00:1b:21:61:af:d7 -# pre-up /sbin/ifconfig eth2 0.0.0.0 -# bridge_ports eth2 - bridge_ports tun1 - bridge_maxwait 1 - bridge_fd 2.5 - -cat /etc/network/interfaces - -#----------------------------------------------------------------------- - -echo 'interface "br0" { - request subnet-mask, broadcast-address, time-offset, - host-name, netbios-scope, interface-mtu, ntp-servers; -}' | tee --append /etc/dhcp3/dhclient.conf - -cat /etc/dhcp3/dhclient.conf - -#----------------------------------------------------------------------- - -vim /etc/dhcp3/dhcpd.conf - -subnet 192.168.3.0 netmask 255.255.255.0 { - range 192.168.3.200 192.168.3.240; - option routers 192.168.3.1; - option domain-name-servers 192.168.3.1; -} - -#----------------------------------------------------------------------- - -ifdown br0 -ifup br0 - -#----------------------------------------------------------------------- - -vim /etc/default/dhcp3-server - INTERFACES="vlan2 eth0 br0" # add the br0 to the correct location - -/etc/init.d/dhcp3-server restart -ps aux | grep dhcp -tail -n 400 -f /var/log/syslog - -#----------------------------------------------------------------------- - -ifconfig br0 -route -n -brctl show - -#----------------------------------------------------------------------- - -# ifconfig br0 -br0 Link encap:Ethernet HWaddr 00:00:00:00:00:00 - inet addr:192.168.3.1 Bcast:192.168.3.255 Mask:255.255.255.0 - inet6 addr: fe80::dc56:d3ff:fe1a:31df/64 Scope:Link - UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 - RX packets:12 errors:0 dropped:0 overruns:0 frame:0 - TX packets:14 errors:0 dropped:0 overruns:0 carrier:0 - collisions:0 txqueuelen:0 - RX bytes:2568 (2.5 KB) TX bytes:1536 (1.5 KB) - -# route -n -Kernel IP routing table -Destination Gateway Genmask Flags Metric Ref Use Iface -192.168.3.0 0.0.0.0 255.255.255.0 U 0 0 0 br0 -192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 vlan2 -192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 -84.245.3.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 -0.0.0.0 84.245.3.1 0.0.0.0 UG 100 0 0 eth1 - -# brctl show -bridge name bridge id STP enabled interfaces -br0 8000.000000000000 no - -#----------------------------------------------------------------------- - -echo 'AddressFamily = ipv4 -Device = /dev/net/tun -Interface = tun1 -Mode = switch -Name = server01' | tee /etc/tinc/powercraft01/tinc.conf - -cat /etc/tinc/powercraft01/tinc.conf -chmod 640 /etc/tinc/powercraft01/tinc.conf -ls -hal /etc/tinc/powercraft01/tinc.conf - -echo '#!/bin/sh -ifconfig $INTERFACE 0.0.0.0 -brctl addif br0 $INTERFACE' | tee /etc/tinc/powercraft01/tinc-up - -cat /etc/tinc/powercraft01/tinc-up -chmod 750 /etc/tinc/powercraft01/tinc-up -ls -hal /etc/tinc/powercraft01/tinc-up - -echo '#!/bin/sh -brctl delif br0 $INTERFACE -ifconfig $INTERFACE down' | tee /etc/tinc/powercraft01/tinc-down - -cat /etc/tinc/powercraft01/tinc-down -chmod 750 /etc/tinc/powercraft01/tinc-down -ls -hal /etc/tinc/powercraft01/tinc-down - -#----------------------------------------------------------------------- - -rm /etc/tinc/powercraft01/rsa_key.priv -rm /etc/tinc/powercraft01/hosts/server01 -tincd -n powercraft01 -K - -#----------------------------------------------------------------------- - -getent services | grep 656 - -#----------------------------------------------------------------------- - -vim /etc/tinc/powercraft01/hosts/server01 - -# add on head of file -Compression = 9 -PMTU = 1492 -PMTUDiscovery = yes -Port = 656 - -cat /etc/tinc/powercraft01/hosts/server01 - -#----------------------------------------------------------------------- - -/etc/init.d/tinc stop -fg -/usr/sbin/tincd --net powercraft01 --no-detach --debug=5 - -#----------------------------------------------------------------------- - -/etc/init.d/tinc restart -tail --line=500 --follow /var/log/syslog - -#----------------------------------------------------------------------- - -ifconfig br0 -ifconfig tun1 -route -n -brctl show br0 -brctl showmacs br0 - -#----------------------------------------------------------------------- - -# ifconfig br0 -br0 Link encap:Ethernet HWaddr 1e:eb:95:c3:04:d8 - inet addr:192.168.3.1 Bcast:192.168.3.255 Mask:255.255.255.0 - inet6 addr: fe80::dc56:d3ff:fe1a:31df/64 Scope:Link - UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 - RX packets:17 errors:0 dropped:0 overruns:0 frame:0 - TX packets:20 errors:0 dropped:0 overruns:0 carrier:0 - collisions:0 txqueuelen:0 - RX bytes:3328 (3.3 KB) TX bytes:2408 (2.4 KB) - -# ifconfig tun1 -tun1 Link encap:Ethernet HWaddr 1e:eb:95:c3:04:d8 - inet6 addr: fe80::1ceb:95ff:fec3:4d8/64 Scope:Link - UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 - RX packets:8 errors:0 dropped:0 overruns:0 frame:0 - TX packets:12 errors:0 dropped:0 overruns:0 carrier:0 - collisions:0 txqueuelen:500 - RX bytes:2627 (2.6 KB) TX bytes:1340 (1.3 KB) - -# route -n -Kernel IP routing table -Destination Gateway Genmask Flags Metric Ref Use Iface -192.168.3.0 0.0.0.0 255.255.255.0 U 0 0 0 br0 -192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 vlan2 -192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 -84.245.3.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 -0.0.0.0 84.245.3.1 0.0.0.0 UG 100 0 0 eth1 - -# brctl show br0 -bridge name bridge id STP enabled interfaces -br0 8000.1eeb95c304d8 no tun1 - -# brctl showmacs br0 -port no mac addr is local? ageing timer - 1 1e:eb:95:c3:04:d8 yes 0.00 - 1 86:03:27:21:2e:60 no 44.19 - -#----------------------------------------------------------------------- - -ps aux | grep tincd -tincd -n powercraft01 -kUSR2 -tail -n 100 /var/log/syslog - -#----------------------------------------------------------------------- - -May 24 17:29:31 ashley tinc.powercraft01[11557]: Statistics for Linux tun/tap device (tap mode) /dev/net/tun: -May 24 17:29:31 ashley tinc.powercraft01[11557]: total bytes in: 468 -May 24 17:29:31 ashley tinc.powercraft01[11557]: total bytes out: 0 -May 24 17:29:31 ashley tinc.powercraft01[11557]: Nodes: -May 24 17:29:31 ashley tinc.powercraft01[11557]: server01 at MYSELF cipher 0 digest 0 maclength 0 compression 0 options 4 status 0018 nexthop server01 via server01 pmtu 1518 (min 0 max 1518) -May 24 17:29:31 ashley tinc.powercraft01[11557]: End of nodes. -May 24 17:29:31 ashley tinc.powercraft01[11557]: Edges: -May 24 17:29:31 ashley tinc.powercraft01[11557]: End of edges. -May 24 17:29:31 ashley tinc.powercraft01[11557]: Subnet list: -May 24 17:29:31 ashley tinc.powercraft01[11557]: a2:63:0:96:a:c8#10 owner server01 -May 24 17:29:31 ashley tinc.powercraft01[11557]: End of subnet list. - -#----------------------------------------------------------------------- - -tcpdump -n -i br0 broadcast -tcpdump -n -i tun0 broadcast - -#----------------------------------------------------------------------- - -tcpdump -n -e -i br0 icmp -tcpdump -A -p -n -i br0 port 80 -tcpdump -A -p -n -i br0 - -tcpdump -i br0 host 84.245.3.195 -l - -#----------------------------------------------------------------------- - -cat /var/lib/dhcp3/dhcpd.leases - -#----------------------------------------------------------------------- +> # Company: PowerCraft Technology +> # Author: Copyright Jelle de Jong +> # Note: Please send me an email if you enhanced the document +> # Date: 2010-05-24 +> # License: CC-BY-SA +> +> # This document is free documentation; you can redistribute it and/or +> # modify it under the terms of the Creative Commons Attribution Share +> # Alike as published by the Creative Commons Foundation; either version +> # 3.0 of the License, or (at your option) any later version. +> # +> # This document is distributed in the hope that it will be useful, +> # but WITHOUT ANY WARRANTY; without even the implied warranty of +> # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +> # Creative Commons BY-SA License for more details. +> # +> # http://creativecommons.org/licenses/by-sa/ +> +> #----------------------------------------------------------------------- +> +> # for commercial support contact me, part of the revenue go back to tinc +> +> #----------------------------------------------------------------------- +> +> # http://www.tinc-vpn.org/ +> # http://www.tinc-vpn.org/examples/bridging +> # http://www.tinc-vpn.org/documentation/tinc_toc +> +> #----------------------------------------------------------------------- +> +> # <@guus> Well all the tinc daemons together act like a single switcch +> # <@guus> And each node in the VPN is connected to a port of that switch +> # <@guus> And if you bridge the VPN interface with eth0, then it's like you plug a cable in a port of your eth0 LAN and the other end of that cable into the tinc switch +> +> #----------------------------------------------------------------------- +> +> unset LANG LANGUAGE LC_ALL +> apt-get update; apt-get dist-upgrade +> +> apt-cache show tinc +> apt-get install tinc +> apt-get install bridge-utils +> +> #----------------------------------------------------------------------- +> +> /etc/init.d/tinc stop +> +> #----------------------------------------------------------------------- +> +> # ls -hal /dev/net/tun +> crw-rw-rw- 1 root root 10, 200 May 20 20:07 /dev/net/tun +> +> # grep tinc /etc/services +> tinc 655/tcp # tinc control port +> tinc 655/udp +> +> cat /usr/share/doc/tinc/README.Debian +> zcat /usr/share/doc/tinc/README.gz | less +> zcat /usr/share/doc/tinc/NEWS.gz | less +> cat /usr/share/doc/tinc/examples/tinc-up +> w3m /usr/share/doc/tinc/tinc_0.html +> +> cat /etc/default/tinc +> less /etc/init.d/tinc +> +> #----------------------------------------------------------------------- +> +> vim /etc/default/tinc +> EXTRA="-d" +> cat /etc/default/tinc +> +> #----------------------------------------------------------------------- +> +> cat /etc/tinc/nets.boot +> echo 'powercraft01' | tee --append /etc/tinc/nets.boot +> cat /etc/tinc/nets.boot +> +> #----------------------------------------------------------------------- +> +> ls -hal /etc/tinc/scallab01/ +> mkdir --verbose /etc/tinc/powercraft01/ +> mkdir --verbose /etc/tinc/powercraft01/hosts/ +> touch /etc/tinc/powercraft01/tinc.conf +> +> #----------------------------------------------------------------------- +> +> vim /etc/network/interfaces +> +> # tinc-vpn: dhcp bridge +> auto br0 +> iface br0 inet static +> address 192.168.3.1 +> netmask 255.255.255.0 +> # pre-up /sbin/ifconfig eth2 hw ether 00:1b:21:61:af:d7 +> # pre-up /sbin/ifconfig eth2 0.0.0.0 +> # bridge_ports eth2 +> bridge_ports tun1 +> bridge_maxwait 1 +> bridge_fd 2.5 +> +> cat /etc/network/interfaces +> +> #----------------------------------------------------------------------- +> +> echo 'interface "br0" { +> request subnet-mask, broadcast-address, time-offset, +> host-name, netbios-scope, interface-mtu, ntp-servers; +> }' | tee --append /etc/dhcp3/dhclient.conf +> +> cat /etc/dhcp3/dhclient.conf +> +> #----------------------------------------------------------------------- +> +> vim /etc/dhcp3/dhcpd.conf +> +> subnet 192.168.3.0 netmask 255.255.255.0 { +> range 192.168.3.200 192.168.3.240; +> option routers 192.168.3.1; +> option domain-name-servers 192.168.3.1; +> } +> +> #----------------------------------------------------------------------- +> +> ifdown br0 +> ifup br0 +> +> #----------------------------------------------------------------------- +> +> vim /etc/default/dhcp3-server +> INTERFACES="vlan2 eth0 br0" # add the br0 to the correct location +> +> /etc/init.d/dhcp3-server restart +> ps aux | grep dhcp +> tail -n 400 -f /var/log/syslog +> +> #----------------------------------------------------------------------- +> +> ifconfig br0 +> route -n +> brctl show +> +> #----------------------------------------------------------------------- +> +> # ifconfig br0 +> br0 Link encap:Ethernet HWaddr 00:00:00:00:00:00 +> inet addr:192.168.3.1 Bcast:192.168.3.255 Mask:255.255.255.0 +> inet6 addr: fe80::dc56:d3ff:fe1a:31df/64 Scope:Link +> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 +> RX packets:12 errors:0 dropped:0 overruns:0 frame:0 +> TX packets:14 errors:0 dropped:0 overruns:0 carrier:0 +> collisions:0 txqueuelen:0 +> RX bytes:2568 (2.5 KB) TX bytes:1536 (1.5 KB) +> +> # route -n +> Kernel IP routing table +> Destination Gateway Genmask Flags Metric Ref Use Iface +> 192.168.3.0 0.0.0.0 255.255.255.0 U 0 0 0 br0 +> 192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 vlan2 +> 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 +> 84.245.3.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 +> 0.0.0.0 84.245.3.1 0.0.0.0 UG 100 0 0 eth1 +> +> # brctl show +> bridge name bridge id STP enabled interfaces +> br0 8000.000000000000 no +> +> #----------------------------------------------------------------------- +> +> echo 'AddressFamily = ipv4 +> Device = /dev/net/tun +> Interface = tun1 +> Mode = switch +> Name = server01' | tee /etc/tinc/powercraft01/tinc.conf +> +> cat /etc/tinc/powercraft01/tinc.conf +> chmod 640 /etc/tinc/powercraft01/tinc.conf +> ls -hal /etc/tinc/powercraft01/tinc.conf +> +> echo '#!/bin/sh +> ifconfig $INTERFACE 0.0.0.0 +> brctl addif br0 $INTERFACE' | tee /etc/tinc/powercraft01/tinc-up +> +> cat /etc/tinc/powercraft01/tinc-up +> chmod 750 /etc/tinc/powercraft01/tinc-up +> ls -hal /etc/tinc/powercraft01/tinc-up +> +> echo '#!/bin/sh +> brctl delif br0 $INTERFACE +> ifconfig $INTERFACE down' | tee /etc/tinc/powercraft01/tinc-down +> +> cat /etc/tinc/powercraft01/tinc-down +> chmod 750 /etc/tinc/powercraft01/tinc-down +> ls -hal /etc/tinc/powercraft01/tinc-down +> +> #----------------------------------------------------------------------- +> +> rm /etc/tinc/powercraft01/rsa_key.priv +> rm /etc/tinc/powercraft01/hosts/server01 +> tincd -n powercraft01 -K +> +> #----------------------------------------------------------------------- +> +> getent services | grep 656 +> +> #----------------------------------------------------------------------- +> +> vim /etc/tinc/powercraft01/hosts/server01 +> +> # add on head of file +> Compression = 9 +> PMTU = 1492 +> PMTUDiscovery = yes +> Port = 656 +> +> cat /etc/tinc/powercraft01/hosts/server01 +> +> #----------------------------------------------------------------------- +> +> /etc/init.d/tinc stop +> fg +> /usr/sbin/tincd --net powercraft01 --no-detach --debug=5 +> +> #----------------------------------------------------------------------- +> +> /etc/init.d/tinc restart +> tail --line=500 --follow /var/log/syslog +> +> #----------------------------------------------------------------------- +> +> ifconfig br0 +> ifconfig tun1 +> route -n +> brctl show br0 +> brctl showmacs br0 +> +> #----------------------------------------------------------------------- +> +> # ifconfig br0 +> br0 Link encap:Ethernet HWaddr 1e:eb:95:c3:04:d8 +> inet addr:192.168.3.1 Bcast:192.168.3.255 Mask:255.255.255.0 +> inet6 addr: fe80::dc56:d3ff:fe1a:31df/64 Scope:Link +> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 +> RX packets:17 errors:0 dropped:0 overruns:0 frame:0 +> TX packets:20 errors:0 dropped:0 overruns:0 carrier:0 +> collisions:0 txqueuelen:0 +> RX bytes:3328 (3.3 KB) TX bytes:2408 (2.4 KB) +> +> # ifconfig tun1 +> tun1 Link encap:Ethernet HWaddr 1e:eb:95:c3:04:d8 +> inet6 addr: fe80::1ceb:95ff:fec3:4d8/64 Scope:Link +> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 +> RX packets:8 errors:0 dropped:0 overruns:0 frame:0 +> TX packets:12 errors:0 dropped:0 overruns:0 carrier:0 +> collisions:0 txqueuelen:500 +> RX bytes:2627 (2.6 KB) TX bytes:1340 (1.3 KB) +> +> # route -n +> Kernel IP routing table +> Destination Gateway Genmask Flags Metric Ref Use Iface +> 192.168.3.0 0.0.0.0 255.255.255.0 U 0 0 0 br0 +> 192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 vlan2 +> 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 +> 84.245.3.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 +> 0.0.0.0 84.245.3.1 0.0.0.0 UG 100 0 0 eth1 +> +> # brctl show br0 +> bridge name bridge id STP enabled interfaces +> br0 8000.1eeb95c304d8 no tun1 +> +> # brctl showmacs br0 +> port no mac addr is local? ageing timer +> 1 1e:eb:95:c3:04:d8 yes 0.00 +> 1 86:03:27:21:2e:60 no 44.19 +> +> #----------------------------------------------------------------------- +> +> ps aux | grep tincd +> tincd -n powercraft01 -kUSR2 +> tail -n 100 /var/log/syslog +> +> #----------------------------------------------------------------------- +> +> May 24 17:29:31 ashley tinc.powercraft01[11557]: Statistics for Linux tun/tap device (tap mode) /dev/net/tun: +> May 24 17:29:31 ashley tinc.powercraft01[11557]: total bytes in: 468 +> May 24 17:29:31 ashley tinc.powercraft01[11557]: total bytes out: 0 +> May 24 17:29:31 ashley tinc.powercraft01[11557]: Nodes: +> May 24 17:29:31 ashley tinc.powercraft01[11557]: server01 at MYSELF cipher 0 digest 0 maclength 0 compression 0 options 4 status 0018 nexthop server01 via server01 pmtu 1518 (min 0 max 1518) +> May 24 17:29:31 ashley tinc.powercraft01[11557]: End of nodes. +> May 24 17:29:31 ashley tinc.powercraft01[11557]: Edges: +> May 24 17:29:31 ashley tinc.powercraft01[11557]: End of edges. +> May 24 17:29:31 ashley tinc.powercraft01[11557]: Subnet list: +> May 24 17:29:31 ashley tinc.powercraft01[11557]: a2:63:0:96:a:c8#10 owner server01 +> May 24 17:29:31 ashley tinc.powercraft01[11557]: End of subnet list. +> +> #----------------------------------------------------------------------- +> +> tcpdump -n -i br0 broadcast +> tcpdump -n -i tun0 broadcast +> +> #----------------------------------------------------------------------- +> +> tcpdump -n -e -i br0 icmp +> tcpdump -A -p -n -i br0 port 80 +> tcpdump -A -p -n -i br0 +> +> tcpdump -i br0 host 84.245.3.195 -l +> +> #----------------------------------------------------------------------- +> +> cat /var/lib/dhcp3/dhcpd.leases +> +> #-----------------------------------------------------------------------