From: tuxcrafter Date: Mon, 24 May 2010 18:24:13 +0000 (+0200) Subject: (no commit message) X-Git-Url: https://git.tinc-vpn.org/git/browse?a=commitdiff_plain;h=1a9528ec4637523bc9f738fc1e03f3b9b4fe05e7;p=wiki --- diff --git a/examples/simple-bridging-with-dhcp-server-side.mdwn b/examples/simple-bridging-with-dhcp-server-side.mdwn new file mode 100644 index 0000000..410e223 --- /dev/null +++ b/examples/simple-bridging-with-dhcp-server-side.mdwn @@ -0,0 +1,312 @@ +# Company: PowerCraft Technology +# Author: Copyright Jelle de Jong +# Note: Please send me an email if you enhanced the document +# Date: 2010-05-24 +# License: CC-BY-SA + +# This document is free documentation; you can redistribute it and/or +# modify it under the terms of the Creative Commons Attribution Share +# Alike as published by the Creative Commons Foundation; either version +# 3.0 of the License, or (at your option) any later version. +# +# This document is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# Creative Commons BY-SA License for more details. +# +# http://creativecommons.org/licenses/by-sa/ + +#----------------------------------------------------------------------- + +# for commercial support contact me, part of the revenue go back to tinc + +#----------------------------------------------------------------------- + +# http://www.tinc-vpn.org/ +# http://www.tinc-vpn.org/examples/bridging +# http://www.tinc-vpn.org/documentation/tinc_toc + +#----------------------------------------------------------------------- + +# <@guus> Well all the tinc daemons together act like a single switcch +# <@guus> And each node in the VPN is connected to a port of that switch +# <@guus> And if you bridge the VPN interface with eth0, then it's like you plug a cable in a port of your eth0 LAN and the other end of that cable into the tinc switch + +#----------------------------------------------------------------------- + +unset LANG LANGUAGE LC_ALL +apt-get update; apt-get dist-upgrade + +apt-cache show tinc +apt-get install tinc +apt-get install bridge-utils + +#----------------------------------------------------------------------- + +/etc/init.d/tinc stop + +#----------------------------------------------------------------------- + +# ls -hal /dev/net/tun +crw-rw-rw- 1 root root 10, 200 May 20 20:07 /dev/net/tun + +# grep tinc /etc/services +tinc 655/tcp # tinc control port +tinc 655/udp + +cat /usr/share/doc/tinc/README.Debian +zcat /usr/share/doc/tinc/README.gz | less +zcat /usr/share/doc/tinc/NEWS.gz | less +cat /usr/share/doc/tinc/examples/tinc-up +w3m /usr/share/doc/tinc/tinc_0.html + +cat /etc/default/tinc +less /etc/init.d/tinc + +#----------------------------------------------------------------------- + +vim /etc/default/tinc +EXTRA="-d" +cat /etc/default/tinc + +#----------------------------------------------------------------------- + +cat /etc/tinc/nets.boot +echo 'powercraft01' | tee --append /etc/tinc/nets.boot +cat /etc/tinc/nets.boot + +#----------------------------------------------------------------------- + +ls -hal /etc/tinc/scallab01/ +mkdir --verbose /etc/tinc/powercraft01/ +mkdir --verbose /etc/tinc/powercraft01/hosts/ +touch /etc/tinc/powercraft01/tinc.conf + +#----------------------------------------------------------------------- + +vim /etc/network/interfaces + +# tinc-vpn: dhcp bridge +auto br0 + iface br0 inet static + address 192.168.3.1 + netmask 255.255.255.0 +# pre-up /sbin/ifconfig eth2 hw ether 00:1b:21:61:af:d7 +# pre-up /sbin/ifconfig eth2 0.0.0.0 +# bridge_ports eth2 + bridge_ports tun1 + bridge_maxwait 1 + bridge_fd 2.5 + +cat /etc/network/interfaces + +#----------------------------------------------------------------------- + +echo 'interface "br0" { + request subnet-mask, broadcast-address, time-offset, + host-name, netbios-scope, interface-mtu, ntp-servers; +}' | tee --append /etc/dhcp3/dhclient.conf + +cat /etc/dhcp3/dhclient.conf + +#----------------------------------------------------------------------- + +vim /etc/dhcp3/dhcpd.conf + +subnet 192.168.3.0 netmask 255.255.255.0 { + range 192.168.3.200 192.168.3.240; + option routers 192.168.3.1; + option domain-name-servers 192.168.3.1; +} + +#----------------------------------------------------------------------- + +ifdown br0 +ifup br0 + +#----------------------------------------------------------------------- + +vim /etc/default/dhcp3-server + INTERFACES="vlan2 eth0 br0" # add the br0 to the correct location + +/etc/init.d/dhcp3-server restart +ps aux | grep dhcp +tail -n 400 -f /var/log/syslog + +#----------------------------------------------------------------------- + +ifconfig br0 +route -n +brctl show + +#----------------------------------------------------------------------- + +# ifconfig br0 +br0 Link encap:Ethernet HWaddr 00:00:00:00:00:00 + inet addr:192.168.3.1 Bcast:192.168.3.255 Mask:255.255.255.0 + inet6 addr: fe80::dc56:d3ff:fe1a:31df/64 Scope:Link + UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 + RX packets:12 errors:0 dropped:0 overruns:0 frame:0 + TX packets:14 errors:0 dropped:0 overruns:0 carrier:0 + collisions:0 txqueuelen:0 + RX bytes:2568 (2.5 KB) TX bytes:1536 (1.5 KB) + +# route -n +Kernel IP routing table +Destination Gateway Genmask Flags Metric Ref Use Iface +192.168.3.0 0.0.0.0 255.255.255.0 U 0 0 0 br0 +192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 vlan2 +192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 +84.245.3.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 +0.0.0.0 84.245.3.1 0.0.0.0 UG 100 0 0 eth1 + +# brctl show +bridge name bridge id STP enabled interfaces +br0 8000.000000000000 no + +#----------------------------------------------------------------------- + +echo 'AddressFamily = ipv4 +Device = /dev/net/tun +Interface = tun1 +Mode = switch +Name = server01' | tee /etc/tinc/powercraft01/tinc.conf + +cat /etc/tinc/powercraft01/tinc.conf +chmod 640 /etc/tinc/powercraft01/tinc.conf +ls -hal /etc/tinc/powercraft01/tinc.conf + +echo '#!/bin/sh +ifconfig $INTERFACE 0.0.0.0 +brctl addif br0 $INTERFACE' | tee /etc/tinc/powercraft01/tinc-up + +cat /etc/tinc/powercraft01/tinc-up +chmod 750 /etc/tinc/powercraft01/tinc-up +ls -hal /etc/tinc/powercraft01/tinc-up + +echo '#!/bin/sh +brctl delif br0 $INTERFACE +ifconfig $INTERFACE down' | tee /etc/tinc/powercraft01/tinc-down + +cat /etc/tinc/powercraft01/tinc-down +chmod 750 /etc/tinc/powercraft01/tinc-down +ls -hal /etc/tinc/powercraft01/tinc-down + +#----------------------------------------------------------------------- + +rm /etc/tinc/powercraft01/rsa_key.priv +rm /etc/tinc/powercraft01/hosts/server01 +tincd -n powercraft01 -K + +#----------------------------------------------------------------------- + +getent services | grep 656 + +#----------------------------------------------------------------------- + +vim /etc/tinc/powercraft01/hosts/server01 + +# add on head of file +Compression = 9 +PMTU = 1492 +PMTUDiscovery = yes +Port = 656 + +cat /etc/tinc/powercraft01/hosts/server01 + +#----------------------------------------------------------------------- + +/etc/init.d/tinc stop +fg +/usr/sbin/tincd --net powercraft01 --no-detach --debug=5 + +#----------------------------------------------------------------------- + +/etc/init.d/tinc restart +tail --line=500 --follow /var/log/syslog + +#----------------------------------------------------------------------- + +ifconfig br0 +ifconfig tun1 +route -n +brctl show br0 +brctl showmacs br0 + +#----------------------------------------------------------------------- + +# ifconfig br0 +br0 Link encap:Ethernet HWaddr 1e:eb:95:c3:04:d8 + inet addr:192.168.3.1 Bcast:192.168.3.255 Mask:255.255.255.0 + inet6 addr: fe80::dc56:d3ff:fe1a:31df/64 Scope:Link + UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 + RX packets:17 errors:0 dropped:0 overruns:0 frame:0 + TX packets:20 errors:0 dropped:0 overruns:0 carrier:0 + collisions:0 txqueuelen:0 + RX bytes:3328 (3.3 KB) TX bytes:2408 (2.4 KB) + +# ifconfig tun1 +tun1 Link encap:Ethernet HWaddr 1e:eb:95:c3:04:d8 + inet6 addr: fe80::1ceb:95ff:fec3:4d8/64 Scope:Link + UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 + RX packets:8 errors:0 dropped:0 overruns:0 frame:0 + TX packets:12 errors:0 dropped:0 overruns:0 carrier:0 + collisions:0 txqueuelen:500 + RX bytes:2627 (2.6 KB) TX bytes:1340 (1.3 KB) + +# route -n +Kernel IP routing table +Destination Gateway Genmask Flags Metric Ref Use Iface +192.168.3.0 0.0.0.0 255.255.255.0 U 0 0 0 br0 +192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 vlan2 +192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 +84.245.3.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 +0.0.0.0 84.245.3.1 0.0.0.0 UG 100 0 0 eth1 + +# brctl show br0 +bridge name bridge id STP enabled interfaces +br0 8000.1eeb95c304d8 no tun1 + +# brctl showmacs br0 +port no mac addr is local? ageing timer + 1 1e:eb:95:c3:04:d8 yes 0.00 + 1 86:03:27:21:2e:60 no 44.19 + +#----------------------------------------------------------------------- + +ps aux | grep tincd +tincd -n powercraft01 -kUSR2 +tail -n 100 /var/log/syslog + +#----------------------------------------------------------------------- + +May 24 17:29:31 ashley tinc.powercraft01[11557]: Statistics for Linux tun/tap device (tap mode) /dev/net/tun: +May 24 17:29:31 ashley tinc.powercraft01[11557]: total bytes in: 468 +May 24 17:29:31 ashley tinc.powercraft01[11557]: total bytes out: 0 +May 24 17:29:31 ashley tinc.powercraft01[11557]: Nodes: +May 24 17:29:31 ashley tinc.powercraft01[11557]: server01 at MYSELF cipher 0 digest 0 maclength 0 compression 0 options 4 status 0018 nexthop server01 via server01 pmtu 1518 (min 0 max 1518) +May 24 17:29:31 ashley tinc.powercraft01[11557]: End of nodes. +May 24 17:29:31 ashley tinc.powercraft01[11557]: Edges: +May 24 17:29:31 ashley tinc.powercraft01[11557]: End of edges. +May 24 17:29:31 ashley tinc.powercraft01[11557]: Subnet list: +May 24 17:29:31 ashley tinc.powercraft01[11557]: a2:63:0:96:a:c8#10 owner server01 +May 24 17:29:31 ashley tinc.powercraft01[11557]: End of subnet list. + +#----------------------------------------------------------------------- + +tcpdump -n -i br0 broadcast +tcpdump -n -i tun0 broadcast + +#----------------------------------------------------------------------- + +tcpdump -n -e -i br0 icmp +tcpdump -A -p -n -i br0 port 80 +tcpdump -A -p -n -i br0 + +tcpdump -i br0 host 84.245.3.195 -l + +#----------------------------------------------------------------------- + +cat /var/lib/dhcp3/dhcpd.leases + +#-----------------------------------------------------------------------