Temp BBHN Tunnel

AREDN Tunnel - http://www.aredn.org/content/tunnel-install-instructions-0

From: http://www.broadband-hamnet.org/documentation/120-creating-a-tunnel-network.html

Creating a Tunnel Network PDF Print E-mail
Written by Jim Kinter, K5KTF
Here is how to build a tunnel between 2 (or more) mesh RF networks via the Internet (or other wired network).

You will need to understand networking and what the process below does BEFORE YOU START.
This is not here to teach you networking, only to provide the tools to do it with.
If you do not understand the entire process below, it may be helpful to find someone else who does and can help you.
The author of this has limited free time as it is, so please do not email him when you cannot get it to work, unless you find a bug in the instructions below.

This is the exact same information with which we built the Developer's tunnel with, so it DOES work, when all the pieces are correct.
If you find a better way to improve the process for everyone, then by all means email the author.

Johann SM7I's GRE tunnel is completely different, and we know about it. No need to email us about it.

One (or more) stations must be a tunnel "Host". This is the node that all the tunnel "clients" will call in to.
A Host is the same as a client, but with additional software. A host can ALSO be a client into another host if needed.

This must be done on a WRT54GSv2 or similar device that has ample memory and flash.

First, log into the node via SSH or telnet to a command prompt.

edit /etc/ipkg.conf:
change the line

dest root /

to read

dest root /jffs/

Save and exit.

Edit (vi) a new file, /tmp/tunnelscript.sh
Add the code below to this file, then save and chmod +x the file

You WILL need to change and/or verify anything within @ @ specific to your network.

Certain things need to match exactly what is on the HOST node (password, IP address, etc).

Make sure to REMOVE all of the @ @ characters AROUND the necessary items before running!
(feel free to search and replace)


ipkg update
sleep 10
ipkg install kmod-tun zlib libopenssl liblzo vtun

cat >/etc/vtund.conf « "EOF"
#

  1. VTun - Virtual Tunnel over TCP/IP network.
  2. Copyright (C) 1998-2001 Maxim Krasnyansky < moc.oohay|km_xam#moc.oohay|km_xam >

#

  1. Cleanup of English and spelling by
  2. Ted Rolle < moc.mmocatad.aicaca|det#moc.mmocatad.aicaca|det >

#

  1. Configuration file example
  2. vtund.conf,v 1.1.1.2.2.3 2001/08/24 22:48:26 maxk Exp

#

  1. Lines which begin with '#' are comments

#

  1. Option names can be abbreviated to a minimum of 4 characters.

#

  1. SERVER CONNECT ADDRESS is @HOST.SOMEWHERE.COM@ = @IPADDRESS OF HOST@

#

  1. - CUT HERE - Client config - CUT HERE -

#
options {
port @5525@; # Connect to this port. Change as required by the Host admin.
timeout 60; # General timeout

  1. Path to various programs

ppp /usr/sbin/pppd;
ifconfig /sbin/ifconfig;
route /sbin/route;
firewall /sbin/ipchains;
ip /sbin/ip;
}

  1. TUN client. Session @bbhn1@ ; site @CALLSIGN@

@bbhn1@ {
passwd @PASSWORD@; # Password as assigned by host admin
device @tun0@; # Device @tun0@
persist yes; # Persist mode

up {

  1. Connection is Up

ifconfig "%% 172.31.@1@.253 netmask 255.255.255.252 pointopoint 172.31.@1@.254 mtu 1450";
route "add -net 172.31.@1@.252/30 gw 172.31.@1@.254";
};
}
EOF

chmod 600 /etc/vtund.conf

cat >/etc/init.d/vtund « "EOF"
#!/bin/sh /etc/rc.common
START=80

start() {
{
/usr/sbin/vtund @bbhn1@ @HOST IP ADDRESS@
} &
}

stop() {
killall vtund
}

EOF

chmod 755 /etc/init.d/vtund

cd /etc/rc.d
ln -s /etc/init.d/vtund S80vtund

###NOTE: the following fragment is an APPEND to existing file:

cat »/etc/config/olsrd.conf « "EOF"

Interface "@tun0@"
{
Ip4Broadcast 172.31.@1@.254
}

EOF

cat »/etc/config.mesh/olsrd.conf « "EOF"

Interface "@tun0@"
{
Ip4Broadcast 172.31.@1@.254
}

EOF

#this stuff goes inside /etc/init/firewall in FORWARDING rules:

  1. #
  2. # special case for tunnel meshnodes, added WB5AOH 3-06-11
  3. #
  4. iptables -A FORWARD -i $LAN -o tun+ -j ACCEPT
  5. iptables -A FORWARD -i tun+ -o $LAN -j ACCEPT
  6. iptables -A FORWARD -i $WIFI -o tun+ -j ACCEPT
  7. iptables -A FORWARD -i tun+ -o $WIFI -j ACCEPT

#just substitute the whole file instead of editing it inside a script w/out patch:
cp /tmp/firewall.tunnel /etc/init.d/firewall
chmod 755 /etc/init.d/firewall

#in /www/cgi-bin/setup line 623 change 0 to 1:

#sed -i 's/if($config eq "mesh" and 0) # disable for now/if($config eq "mesh" and 1) # disable for now/' /www/cgi-bin/setup

sleep 30

reboot


So now save and chmod +x this file. DO NOT RUN YET !

ONE "GOTCHA" That always bites me:
Make sure there is only ONE whitespace in passwd @PASSWORD@;
It if VERY peculiar of that, and if wrong will not connect, and you will have a heck of a time debuging, if you dont notice it.
Best bet is to delete ALL spaces in that line and add only as necessary
(can you easily see the difference between password PASSWORD; and password PASSWORD; ? There IS an extra space in the second one.)

FOR HOST ADMINISTRATORS:
You may copy the above script and edit accordingly, to give to anyone who wants to connect a client to your host.
HINT: When adding multiple clients, increment the IP address' 3rd octect by 2 (1, 3, 5, 7, 9, etc) to leave room for any additional addressing in the future.
Also, the IP addresses and passwords must match exactly to the respective section in the vtundsrv.conf file below.
Each tunnel client MUST have a separate entry, best to have different passwords for each, and the variables incremented so as not to cause conflicts.

If the node is to be a Host, then you must create this file:

/etc/vtundsrv.conf


#

  1. VTun - Virtual Tunnel over TCP/IP network.
  2. Copyright (C) 1998-2001 Maxim Krasnyansky < moc.oohay|km_xam#moc.oohay|km_xam >

#

  1. Cleanup of English and spelling by
  2. Ted Rolle < moc.mmocatad.aicaca|det#moc.mmocatad.aicaca|det >

#

  1. Configuration file example
  2. vtund.conf,v 1.1.1.2.2.3 2001/08/24 22:48:26 maxk Exp

#
## Lines which begin with '#' are comments
#

  1. File format:

#

  1. XXXXX {
  2. option param; option param;
  3. option param;
  4. ……
  5. }
  6. Where XXXXX:
  7. options - General options.
  8. default - default session options.
  9. session - Session options.

#

  1. Options _must_ be grouped by curly braces '{' '}'.
  2. Each option _must_ end with ';'

#

  1. ---
  2. General options:

#

  1. type - Server type.
  2. 'stand' - Stand alone server (default).
  3. 'inetd' - Started by inetd.
  4. Used only by the server.

#

  1. ---
  2. port - Server TCP port number.

## ---

  1. syslog - Syslog facility.

## ---

  1. timeout - General VTun timeout.

## ---

  1. ppp - Program for the ppp initialization.

## ---

  1. ifconfig - Program for the net interface initialization.

## ---

  1. route - Program for the routing table manipulation.

## ---

  1. firewall - Program for the firewall setup.

## ---
## Session options:
#

  1. passwd - Password for authentication.

## ---

  1. type - Tunnel type.
  2. 'tun' - IP tunnel (No PPP,Ether,.. headers).
  3. 'ether' - Ethernet tunnel.
  4. 'tty' - Serial tunnel, PPP, SLIP, etc.
  5. 'pipe' - Pipe tunnel.
  6. Default type is 'tty'.
  7. Ignored by the client.

## ---

  1. device - Network device.
  2. 'tapXX' - for 'ether'
  3. 'tunXX' - for 'tun'
  4. By default VTun will automatically select available
  5. device.

## ---

  1. proto - Protocol.
  2. 'tcp' - TCP protocol.
  3. 'udp' - UDP protocol.

#

  1. 'tcp' is default for all tunnel types.
  2. 'udp' is recommended for 'ether' and 'tun' only.

#

  1. This option is ignored by the client.

## ---

  1. persist - Persist mode.
  2. 'yes' - Reconnect to the server after connection
  3. termination.
  4. 'no' - Exit after connection termination (default).
  5. Used only by the client.

## ---

  1. keepalive - Enable 'yes' or disable 'no' connection
  2. keep-alive. Ignored by the client.

## ---

  1. timeout - Connect timeout.

## ---

  1. compress - Enable 'yes' or disable 'no' compression.
  2. It is also possible to specify method:
  3. 'zlib' - ZLIB compression
  4. 'lzo' - LZO compression
  5. and level:
  6. from 1(best speed) to 9(best compression)
  7. separated by ':'. Default method is 'zlib:1'.
  8. Ignored by the client.

## ---

  1. encrypt - Enable 'yes' or disable 'no' encryption.
  2. Ignored by the client.

## ---

  1. stat - Enable 'yes' or disable 'no' statistics.
  2. If enabled vtund will log statistic counters every
  3. 5 minutes.

## ---

  1. speed - Speed of the connection in kilobits/second.
  2. 8,16,32,64,128,256,etc.
  3. 0 means maximum possible speed without shaping.
  4. You can specify speed in form IN:OUT.
  5. IN - to the client, OUT - from the client.
  6. Single number means same speed for IN and OUT.
  7. Ignored by the client.

## ---

  1. up - List of programs to run after connection has been
  2. established. Used to initialize protocols, devices,
  3. routing and firewall.
  4. Format:
  5. up {
  6. option …..;
  7. option …..;
  8. };

#

  1. down - List of programs to run after connection has been
  2. terminated. Used to reset protocols, devices, routing
  3. and firewall.
  4. Format:
  5. down {
  6. option …..;
  7. option …..;
  8. };

#

  1. 'up' and 'down' options:

#

  1. program - Run specified program.
  2. Format:
  3. program path arguments wait;

#

  1. path - Full path to the program.
  2. '/bin/sh' will be used if path was omitted.

#

  1. arguments - Arguments to pass to the program.
  2. Must be enclosed in double quotes.
  3. Special characters and expansions:
  4. ' (single quotes) - group arguments
  5. \ (back slash) - escape character
  6. %%(double percent) - same as %d
  7. %d - TUN or TAP device or TTY port name
  8. %A - Local IP address
  9. %P - Local TCP or UDP port
  10. %a - Remote IP address
  11. %p - Remote TCP or UDP port

#

  1. wait - Wait for the program termination.

#

  1. ppp - Run program specified by 'ppp' statement in
  2. 'options' section.
  3. Format:
  4. ppp arguments;

#

  1. ifconfig - Run program specified by 'ifconfig' statement in
  2. 'options' section.
  3. Format:
  4. ifconfig arguments;

#

  1. route - Run program specified by 'route' statement in
  2. 'options' section.
  3. Format:
  4. route arguments;

#

  1. firewall - Run program specified by 'firewall' statement in
  2. 'options' section.
  3. Format:
  4. firewall arguments;

#

  1. ---
  2. srcaddr - Local (source) address. Used to force vtund to bind
  3. to the specific address and port.
  4. Format:
  5. srcaddr {
  6. option …..;
  7. option …..;
  8. };

#

  1. 'srcaddr' options:

#

  1. iface - Use interface address as the Source address.
  2. Format:
  3. iface if_name;

#

  1. addr - Source address.
  2. Format:
  3. addr ip_address;
  4. addr host_name;

#

  1. port - Source port.
  2. Format:
  3. port port_no;

#

  1. ---
  2. multi - Multiple connections.
  3. 'yes' or 'allow' - allow multiple connections.
  4. 'no' or 'deny' - deny multiple connections.
  5. 'killold' - allow new connection and kill old one.
  6. Ignored by the client.

## ---

  1. Notes:
  2. Options 'Ignored by the client' are provided by server
  3. at the connection initialization.

#

  1. Option names can be abbreviated to a minimum of 4 characters.

#

  1. - CUT HERE - Server config - CUT HERE -

#
options {
port @5525@; # Listen on this port. Change as necessary for your specific network.

  1. Syslog facility

syslog daemon;

  1. Path to various programs

ppp /usr/sbin/pppd;
ifconfig /sbin/ifconfig;
route /sbin/route;
firewall /sbin/ipchains;
ip /sbin/ip;
}

  1. Default session options

default {
compress no; # Compression is off by default
speed 0; # By default maximum speed, NO shaping
}

##### BEGIN —- EACH CLIENT NEEDS ITS OWN SECTION ENTRY HERE#####

  1. TUN server. Session '@bbhn01@', client/site @CALLSIGN/USER@.

@bbhn1@ {
passwd @PASSWORD@; # Password
type tun; # IP tunnel
proto tcp; # tcp protocol
compress lzo:9; # LZO compression level 9
encrypt yes; # Encryption
keepalive yes; # Keep connection alive
device @tun0@;

up {

  1. Connection is Up

ifconfig "%% 172.31.@1@.254 netmask 255.255.255.252 pointopoint 172.31.@1@.253 mtu 1450";
route "add -net 172.31.@1@.252/30 gw 172.31.@1@.253";
};
}
##### END —- EACH CLIENT NEEDS ITS OWN SECTION ENTRY HERE #####


Then create this file:

/etc/init.d/vtundsrv


#!/bin/sh /etc/rc.common
START=81

start() {
{
/usr/sbin/vtund -s -f /etc/vtundsrv.conf
} &
}

stop() {
killall vtund
}


and run:

/etc/init.d/vtundsrv enable

to setup the init file to run at boot time.

With those files created, copy to /tmp/ the firewall.tunnel file provided HERE (« right-click this link and SAVE AS or wget http://www.broadband-hamnet.org/images/firewall.tunnel to /tmp).

Once you have the tunnelscript.sh and firewall.tunnel in place, CD to /tmp/ and run tunnelscript.sh

This should update the packages file, install the 4 necessary packages, and create the vtund.conf file, then reboot.

IF YOU RUN TUNNELSCRIPT.SH MORE THAN ONCE, you WILL need to edit
/etc/config/olsrd.conf
and
/etc/config.mesh/olsrd.conf
and remove the second copy of the Interface section and reboot, else the client will not mesh properly with the host.
It will only show up as an IP on the host end.
If I missed something, please email me moc.ftk5k|miJ#moc.ftk5k|miJ .
ENJOY!
Jim
K5KTF
Last Updated on Sunday, 23 March 2014 13:57

SPONSORED AD:

Content ©2010 - 2015 Broadband-Hamnet Inc. - All Rights Reserved Powered by Joomla!. valid XHTML and CSS.

Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License