Penguin
Note: You are viewing an old revision of this page. View the current version.

The Meta-Net

What is the MetaNet?

A group of people that run VPN software(WanDaemon) on their gateway linking all their machines together, quite common around Hamilton. Since you get assigned a set of (non realworld) IP's, you can talk to other peoples machines directly not worrying about NAT's and only vaguely about firewalls.

  • see MetaNetResources for various servers etc setup on the MetaNet for members (not an exhaustive list by any means)

How do I get on the MetaNet?

Currently, we are up to "REL2" (release two) -- you might want to check with someone if we've released a more recent version. See WanDaemonHeadHowto for information on how to set "HEAD" up. At the moment, its the same as REL2 but we'll be making some major changes to it.

To get on the MetaNet, you first should subscribe to meta-admin@lists.meta.net.nz. This is a mailman list. The best way to subscribe is to go here: https://lists.meta.net.nz/cgi-bin/mailman/listinfo/meta-admin. Then you'll need renumber to an internal IP range that is unique, so you contact someone on the list (MetaNetAssignments) to allocate you some space. Once they have allocated you some space (and you have renumbered), you need to install wand. Space can be allocated on http://www.tla/maint/

Requirements

You need a 2.4 series kernel.

$ uname -a

If you don't have one, go get one now. You'll thank yourself later. You might have to upgrade your firewalling from ipchains to iptables; check FirewallNotes for information.

There are two options here: Ethertap, or TUN/TAP. TUN/TAP is the recommended driver. Make sure you have "Universal TUN/TAP device driver support" selected in "Network Device Support".

We have deprecated Ethertap support as it is deprecated in the kernel. Note that if your kernel is already configured for ethertap, you can keep using it - just change etud.conf to point at ethertap.so for its driver, not tuntap.so

Note - if your tuntap is a module, you should modprobe tun, not modprobe tuntap... thanks to cuchulain for pointing this out after hours of me beating my head against a wall -- KyleCarter

Device Files

"mknod /dev/tap0 c 36 16" (if you are using the ETHERTAP driver) or "mkdir /dev/net ; mknod /dev/net/tun c 10 200" (if you are using the TUN driver).

via apt-get

add to your /etc/apt/sources.list
deb http://sheridan.meta.net.nz/debian metanet contrib deb-src http://sheridan.meta.net.nz/debian metanet contrib

then do

apt-get update apt-get install wandclients

answer the questions and your done for the install

From Source

CVS

checkout wand the WanDaemon software
cvs -d:pserver:anonymous@cvs.wand.sourceforge.net:/cvsroot/wand login

when prompted for a password press enter

cvs -z3 -d:pserver:anonymous@cvs.wand.sourceforge.net:/cvsroot/wand co -r REL2 wand

Tarballs

you can download tarballs from

http://sheridan.meta.net.nz/wand-REL2.tar.bz2 http://sheridan.meta.net.nz/wand-REL2.tar.gz

!Then you need to compile and install it
cd wand make make install

after that, you will need to configure it:

There are two config files: etud.conf and wand.conf

cp /usr/local/etc/etud.cond{.sample,} $EDITOR /usr/local/etc/etud.conf

Probably stick with using tuntap.so as the driver, unless you really have to use ethertap. In which case, change 'tuntap.so' to read 'ethertap.so'. Set the mtu to 1280. Set macaddr to the MAC address of one of the NIC's in your machine. Eth0 is the normal one to use.

cp /usr/local/etc/wand.conf{.sample,} $EDITOR /usr/local/etc/wand.conf (N.B. make install may create /usr/local/etc/wand.$HOSTNAME.conf.original

  • in this case use: cp /usr/local/etc/wand.$HOSTNAME.conf{.original,} )

You need to talk to someone to get a server ip to go in the server part of this config

Starting the MetaNet daemons

You will also need /sbin/ip (see iproute(8)?), this usually comes in a package called iproute (eg Debian) or iproute2 depending on your distribution.

There are init scripts that work fine under debian. They are /etc/init.d/Etud and /etc/init.d/wand. Etud needs to be started before wand does.

Make sure that your firewall allows udp traffic on ports 22222 and 44444 udp. Also make sure that traffic to/from tap0/wan0 is not blocked (depending on if you are using ethertap/tuntap)

Now you should be able to ping 192.168.66.10 after a few seconds. This is deuterium's metaix address. Reasons this might not work:

  • If you have a Nokia M1122/M1122 or similar router doing your NAT then you will need to setup a pinhole for port 22222.
  • You are missing the device files as mentioned above.

Next you have to configure and start zebra(8)?.

zebra and bgpd

WanDaemon, at low level, provides you with 192.168 addresses. What you want is 10.x.x.x connectivity - so you need to run zebra.

Configuration information is in ZebraConfig: Note: may have a slight debian tint

Read MetaNetBGPNotes for information describing BGP on the MetaNet

Routing

add to your boot scripts somewhere

route add -net 10.0.0.0 netmask 255.0.0.0 reject route add -net 192.168.0.0 netmask 255.255.0.0 metric 1000 reject

This will give you "Destination host unreachable errors" without sending random packets out your default gateway

DNS

After you have zebra working correctly and you can ping 10.66.10.1, then you may want to setup DNS (debian: apt-get install bind). In your name server you need to make sure you don't have any forwarders (sigh), and that you do have the blocks

zone "10.in-addr.arpa" {

type stub; masters { 10.66.10.1; }; file "/var/cache/named/stubs/10.x";

}; zone "tla" {

type stub; masters { 10.66.10.1; }; file "/var/cache/named/stubs/tla";

};

For future use (?) and resolving metanet routers, also add

zone "168.192.in-addr.arpa" {

type stub; masters { 10.66.10.1; }; file "/var/cache/bind/stubs/192.168.x";

}; zone "metaix.tla" {

type stub; masters { 10.66.10.1; }; file "/var/cache/bind/stubs/metaix.tla";

};

as well.

The reason is if you use a forwarder, then all queries get forwarded to the other server and it won't be able to resolve metanet names and addresses.

Note: you may wish to change the paths based on your distribution. Under debian woody you probably want to use the directory "/var/cache/bind/stubs". You will need to make sure the stubs directory exists!

You should then be able to restart named(8) (debian: /etc/init.d/bind restart or reload if it's already running) and then ping "www.tla". You are now properly on the metanet, and should be able to visit http://www.tla/ and http://www.plaz.tla/.

Root CA

You might also want to install our "root CA" that we use for signing SSL websites etc, load your webbrowser and click here: http://www.meta.net.nz/install-cert.html

Not Running Linux?

windows
You might still be able to get onto the meta net if you can find some kind soul who will allow you to make a pptp/ipsec connection onto their gateway. See the PPTPServerHowto for more information on this.
FreeBSD
Theres a port to FreeBSD thats being trialed, talk to PerryLorier about it if you're interested.
other *nix
Maybe you could try porting it ;)

GRE Tunnels are supported now, although you have to talk nicely to be allowed on via one. In the general case, point-to-point tunnels like ipsec/gre/pptp aren't preferred, as they require all your metanet traffic to go through one host. Talk to DanielLawson if you want a GRE or PPTP tunnel onto the MetaNet. Look at GRETunnel for more information on GRE Tunnels

SeeAlso?: MetaNetToDo