version 21, including all changes.
.
| Rev |
Author |
# |
Line |
| 19 |
MikeBeattie |
1 |
!!How do I get on the MetaNet? |
| |
|
2 |
|
| |
|
3 |
Please ensure you've read the MetaNet page and understand what exactly you're doing before you follow these instructions. |
| |
|
4 |
|
| |
|
5 |
Currently, we are up to WanDaemon version REL2 (release two) -- you might want to check with someone to see if we've released a more recent version. If you want cutting edge, the head of the CVS tree might suit your needs - see WanDaemonHeadHowto for information on how to set "HEAD" up. At the moment, HEAD is the same as REL2, but the WanDaemon contributors are soon likely to make major changes. |
| |
|
6 |
|
| |
|
7 |
|
| |
|
8 |
!!Before You Touch The Software |
| |
|
9 |
|
| |
|
10 |
!Subscribe to the mailing list |
| |
|
11 |
|
| |
|
12 |
To get on the MetaNet, you first should subscribe to meta-admin@lists.meta.net.nz. This is a MailMan MailingList. The best way to subscribe is to go here: https://lists.meta.net.nz/cgi-bin/mailman/listinfo/meta-admin. |
| |
|
13 |
|
| |
|
14 |
!Renumber your network |
| |
|
15 |
|
| |
|
16 |
Then you'll need renumber to an internal [IP] address range that is unique, so you contact someone on the list (MetaNetAssignments) to allocate you some space. They can allocate you address space by going to http://www.tla/maint/. (This is a !MetaNet address, and isn't actually a Catch-22 situation.) |
| |
|
17 |
|
| |
|
18 |
!Compile a kernel |
| |
|
19 |
|
| |
|
20 |
This guide assumes you're running Linux. If you aren't, all hope is not lost. See [1]. |
| |
|
21 |
|
| |
|
22 |
You need a 2.4 series (or later - 2.6 works fine) kernel |
| 21 |
AlastairPorter |
23 |
<pre> |
| 19 |
MikeBeattie |
24 |
$ uname -a |
| 21 |
AlastairPorter |
25 |
</pre> |
| 19 |
MikeBeattie |
26 |
|
| |
|
27 |
If you don't have one, go get one now. You'll thank yourself later. You might have to upgrade your firewalling from ipchains to iptables; check FirewallNotes for information. |
| |
|
28 |
|
| |
|
29 |
Your kernel has to support TUN/TAP. If you're configuring with ''make menuconfig'' select "Network device support" and then "Universal TUN/TAP device driver support". For information on Ethertap, see [2]. |
| |
|
30 |
|
| |
|
31 |
__Note__: The module for TUN/TAP is '__tun__', not 'tuntap.' Many an hour of head banging has occured due to trying to modprobe the wrong module! |
| |
|
32 |
|
| |
|
33 |
!Install iproute |
| |
|
34 |
|
| |
|
35 |
You will also need /sbin/ip (see iproute(8)). This usually comes in a package called iproute (eg [Debian]) or iproute2 depending on your distribution. |
| |
|
36 |
|
| |
|
37 |
!Create your device files |
| |
|
38 |
|
| |
|
39 |
TUN/TAP needs a device file created. [3] |
| 21 |
AlastairPorter |
40 |
<pre> |
| 19 |
MikeBeattie |
41 |
mkdir /dev/net |
| |
|
42 |
mknod /dev/net/tun c 10 200 |
| 21 |
AlastairPorter |
43 |
</pre> |
| 19 |
MikeBeattie |
44 |
|
| |
|
45 |
!!Install the wandclients software |
| |
|
46 |
|
| |
|
47 |
!DebianLinux Users: |
| |
|
48 |
Add to your /etc/apt/sources.list: |
| 21 |
AlastairPorter |
49 |
<pre> |
| 19 |
MikeBeattie |
50 |
deb http://sheridan.meta.net.nz/debian metanet contrib |
| |
|
51 |
deb-src http://sheridan.meta.net.nz/debian metanet contrib |
| 21 |
AlastairPorter |
52 |
</pre> |
| 19 |
MikeBeattie |
53 |
|
| |
|
54 |
then issue |
| 21 |
AlastairPorter |
55 |
<pre> |
| 19 |
MikeBeattie |
56 |
apt-get update |
| |
|
57 |
apt-get install wandclients |
| 21 |
AlastairPorter |
58 |
</pre> |
| 19 |
MikeBeattie |
59 |
|
| |
|
60 |
Answer the questions, and you're done for the install. |
| |
|
61 |
|
| |
|
62 |
!RedHat users: |
| |
|
63 |
There is no [RPM] for wand yet, however you should really go and make one. |
| |
|
64 |
|
| |
|
65 |
!From Source - CVS |
| |
|
66 |
Check out wand, the WanDaemon software: |
| |
|
67 |
|
| 21 |
AlastairPorter |
68 |
<pre> |
| 19 |
MikeBeattie |
69 |
cvs -d:pserver:anonymous@cvs.sourceforge.net:/cvsroot/wand login |
| 21 |
AlastairPorter |
70 |
</pre> |
| 19 |
MikeBeattie |
71 |
|
| |
|
72 |
When prompted for a password press enter |
| |
|
73 |
|
| 21 |
AlastairPorter |
74 |
<pre> |
| 19 |
MikeBeattie |
75 |
cvs -z3 -d:pserver:anonymous@cvs.sourceforge.net:/cvsroot/wand co -r REL2 wand |
| 21 |
AlastairPorter |
76 |
</pre> |
| 19 |
MikeBeattie |
77 |
|
| |
|
78 |
!Tarballs |
| |
|
79 |
You can download tarballs from |
| |
|
80 |
|
| 21 |
AlastairPorter |
81 |
<pre> |
| 19 |
MikeBeattie |
82 |
http://sheridan.meta.net.nz/wand-REL2.tar.bz2 |
| |
|
83 |
http://sheridan.meta.net.nz/wand-REL2.tar.gz |
| 21 |
AlastairPorter |
84 |
</pre> |
| 19 |
MikeBeattie |
85 |
|
| |
|
86 |
Then you need to compile and install it |
| 21 |
AlastairPorter |
87 |
<pre> |
| 19 |
MikeBeattie |
88 |
cd wand |
| |
|
89 |
make |
| |
|
90 |
make install |
| 21 |
AlastairPorter |
91 |
</pre> |
| 19 |
MikeBeattie |
92 |
|
| |
|
93 |
If you get an ld error on make (e.g. /usr/bin/ld cannot find -lconfig) check you are running make from the top level directory and you have bison & flex installed. |
| |
|
94 |
|
| |
|
95 |
If you are running GCC 3.3, you'll get a screenful of errors. To work around these, you can comment out the usage lines and add in a #include "assert.h" to the .cc files that complain about an assert error. |
| |
|
96 |
|
| |
|
97 |
After that, you will need to configure it: |
| |
|
98 |
|
| |
|
99 |
!!Quick Overview |
| |
|
100 |
|
| |
|
101 |
Ok, the basics work like this (for the technical bods that like to understand what's happening). |
| |
|
102 |
|
| |
|
103 |
* Your lan needs to be within a 10.0.0.0/16 range - That which is allocated to you by someone already on the MetaNet. |
| |
|
104 |
* Each MetaNet router has an IP address on it's wan0/tap0 interface in the 192.168.0.0/16 range. This is also allocated to you. |
| |
|
105 |
* The MetaNet routers communicate over wan0/tap0, via Etud/wand. |
| |
|
106 |
* The 192.168.0.0/16 range is used for the routers to talk to each other, mainly BGP. |
| |
|
107 |
* The routers will also talk with their wan0/tap0 IP to any remote parts of the MetaNet. |
| |
|
108 |
* Accessible remote networks in the 10.0.0.0/8 range are routed over/through the 192.168.0.0/16 network. |
| |
|
109 |
* Routes to access these networks are found via BGP |
| |
|
110 |
* Running the BGP daemon zebra(8), fills the routing table to give access to networks in the 10.0.0.0/8 range |
| |
|
111 |
|
| |
|
112 |
An example of the path a routed packet will take, is: |
| |
|
113 |
|
| 21 |
AlastairPorter |
114 |
<pre> |
| 19 |
MikeBeattie |
115 |
+-------------+ +---------------+ +--------------+ +-------------+ |
| |
|
116 |
| eth1 | LAN | eth0 | | eth0 | LAN | eth0 | |
| |
|
117 |
| 10.113.1.15 |---->-----| 10.113.1.254 | | 10.21.1.2 |--->---| 10.21.1.101 | |
| |
|
118 |
+-------------+ | | | WAN | ^ | +-------------+ |
| |
|
119 |
| wan0 v | over | wan0 | | |
| |
|
120 |
| 192.168.113.1 |--->---->---| 192.168.21.1 | |
| |
|
121 |
+---------------+ Internet +--------------+ |
| |
|
122 |
|
| |
|
123 |
(MikeBeattie's laptop) (MikeBeattie's router) (JohnMcPherson's router) (JohnMcPherson's desktop) |
| 21 |
AlastairPorter |
124 |
</pre> |
| 19 |
MikeBeattie |
125 |
|
| |
|
126 |
The route that BGP found for me for this is: |
| |
|
127 |
|
| 21 |
AlastairPorter |
128 |
<pre> |
| 19 |
MikeBeattie |
129 |
Destination Gateway Genmask Flags Metric Ref Use Iface |
| |
|
130 |
... |
| |
|
131 |
10.21.1.0 192.168.21.1 255.255.255.0 UG 0 0 0 wan0 |
| 21 |
AlastairPorter |
132 |
</pre> |
| 19 |
MikeBeattie |
133 |
|
| |
|
134 |
(or, 'ip route' incantation: |
| 21 |
AlastairPorter |
135 |
<pre> |
| 19 |
MikeBeattie |
136 |
10.21.1.0/24 via 192.168.21.1 dev wan0 proto zebra |
| 21 |
AlastairPorter |
137 |
</pre> |
| 19 |
MikeBeattie |
138 |
) |
| |
|
139 |
|
| |
|
140 |
!!Configure the software |
| |
|
141 |
|
| |
|
142 |
If you installed from the Sheridan Debian archive, you should check the files in /etc/wandclients/, but this step will be mostly done for you. |
| |
|
143 |
|
| |
|
144 |
There are two config files: etud.conf and wand.conf. |
| |
|
145 |
|
| |
|
146 |
!etud.conf |
| |
|
147 |
|
| 21 |
AlastairPorter |
148 |
<pre> |
| 19 |
MikeBeattie |
149 |
cp /usr/local/etc/etud.conf{.sample,} |
| |
|
150 |
$EDITOR /usr/local/etc/etud.conf |
| 21 |
AlastairPorter |
151 |
</pre> |
| 19 |
MikeBeattie |
152 |
|
| |
|
153 |
If you're an Ethertap user (see footnotes [2] and [3]), change 'tuntap.so' to read 'ethertap.so'. |
| |
|
154 |
Set the [MTU] to 1280. |
| |
|
155 |
Set macaddr to the MAC address of one of the NIC's in your machine. eth0 is the normal one to use (It doesn't really matter what you use, but it __must__ be unique). If you don't know your [MAC] address, ifconfig(8) will tell you: try |
| 21 |
AlastairPorter |
156 |
<pre> |
| 19 |
MikeBeattie |
157 |
/sbin/ifconfig eth0 | grep HWaddr | cut -c 39- |
| 21 |
AlastairPorter |
158 |
</pre> |
| 19 |
MikeBeattie |
159 |
|
| |
|
160 |
!wand.conf |
| |
|
161 |
|
| 21 |
AlastairPorter |
162 |
<pre> |
| 19 |
MikeBeattie |
163 |
cp /usr/local/etc/wand.conf{.sample,} |
| |
|
164 |
$EDITOR /usr/local/etc/wand.conf |
| 21 |
AlastairPorter |
165 |
</pre> |
| 19 |
MikeBeattie |
166 |
|
| |
|
167 |
(N.B. make install may create /usr/local/etc/wand.$HOSTNAME.conf.original: in this case use: cp /usr/local/etc/wand.$HOSTNAME.conf{.original,} ) |
| |
|
168 |
|
| |
|
169 |
You will need to talk to the person who allocated your address space, or [#wlug] on UnderNet, to get the IP address of a server to go in this config. |
| |
|
170 |
|
| |
|
171 |
! wan0 interface |
| |
|
172 |
You also need to provide the tun driver with network settings for the interface, otherwise you get an error message like: |
| 21 |
AlastairPorter |
173 |
<pre> |
| 19 |
MikeBeattie |
174 |
/usr/local/etc# Etud |
| |
|
175 |
tuntap_setup () entered... |
| |
|
176 |
Failed to initialise interface. |
| |
|
177 |
Aborting... |
| |
|
178 |
/usr/local/etc# |
| 21 |
AlastairPorter |
179 |
</pre> |
| 19 |
MikeBeattie |
180 |
|
| |
|
181 |
In debian, you can simply add a stanza like the following to /etc/network/interfaces (replacing x and y for your network id): |
| |
|
182 |
|
| 21 |
AlastairPorter |
183 |
<pre> |
| 19 |
MikeBeattie |
184 |
noauto wan0 |
| |
|
185 |
iface wan0 inet static |
| |
|
186 |
address 192.168.x.y |
| |
|
187 |
netmask 255.255.0.0 |
| |
|
188 |
network 192.168.0.0 |
| |
|
189 |
broadcast 192.168.255.255 |
| |
|
190 |
mtu 1280 |
| 21 |
AlastairPorter |
191 |
</pre> |
| 19 |
MikeBeattie |
192 |
|
| |
|
193 |
RedHat users can create the file /etc/sysconfig/network-scripts/ifcfg-wan0 and add: |
| |
|
194 |
|
| 21 |
AlastairPorter |
195 |
<pre> |
| 19 |
MikeBeattie |
196 |
DEVICE=wan0 |
| |
|
197 |
BROADCAST=192.168.255.255 |
| |
|
198 |
IPADDR=192.168.x.y |
| |
|
199 |
NETMASK=255.255.0.0 |
| |
|
200 |
NETWORK=192.168.0.0 |
| |
|
201 |
MTU=1280 |
| |
|
202 |
USERCRL=yes |
| |
|
203 |
ONBOOT=no |
| |
|
204 |
GATEWAY=10.x.y.z |
| 21 |
AlastairPorter |
205 |
</pre> |
| 19 |
MikeBeattie |
206 |
|
| 20 |
GerwinVanDeSteeg |
207 |
The GATEWAY value is your normal gateway (Same as in ifcfg-eth0). This is needed because RedHat likes overwriting your default route each time you bring up an interface. If you leave out the GATEWAY line however, RedHat will NOT overwrite your default route. |
| |
|
208 |
|
| 19 |
MikeBeattie |
209 |
|
| 21 |
AlastairPorter |
210 |
!!Starting the MetaNet daemons |
| 19 |
MikeBeattie |
211 |
|
| |
|
212 |
There are init scripts that work fine under Debian. They are /etc/init.d/Etud and /etc/init.d/wand. Etud needs to be started before wand does (or wand will crash). If you installed from the Debian packages, they are at startup levels 19 and 20 in your /etc/rc?.d/ directories. |
| |
|
213 |
|
| |
|
214 |
RedHat users don't have init scripts (yet?). For now, they can add to /etc/rc.local something like: |
| |
|
215 |
|
| 21 |
AlastairPorter |
216 |
<pre> |
| 19 |
MikeBeattie |
217 |
killall Etud wand |
| |
|
218 |
/usr/local/sbin/Etud -l 22222 -p /var/run/Etud.pid |
| |
|
219 |
ifup wan0 |
| |
|
220 |
/usr/local/sbin/wand -i ''servername'' -l 44444 |
| |
|
221 |
/usr/local/sbin/zebra -d |
| |
|
222 |
/usr/local/sbin/bgpd -d |
| 21 |
AlastairPorter |
223 |
</pre> |
| 19 |
MikeBeattie |
224 |
|
| |
|
225 |
Take a look at RedHatMetaNetScripts for some Redhat scripts |
| |
|
226 |
|
| |
|
227 |
Make sure that your FireWall allows [UDP] traffic on ports 22222 and 44444 UDP. Also make sure that traffic to/from wan0/tap is not blocked (wan0 for TUN/TAP, tap0 for ethertap [2]). |
| |
|
228 |
|
| |
|
229 |
Now, you should be able to ping 192.168.66.10 after a few seconds. This is the [MetaIX] address of Hydrogen, the current !MetaNet server. |
| |
|
230 |
|
| |
|
231 |
You should be able to see several remote hosts that exist in the 192.168.0.0/16 range, on their real world IP's, in the output of 'Etudctl -l' |
| |
|
232 |
|
| |
|
233 |
!!Cleanups |
| |
|
234 |
You may wish to add a |
| 21 |
AlastairPorter |
235 |
<pre> |
| 19 |
MikeBeattie |
236 |
killall -USR1 wand |
| 21 |
AlastairPorter |
237 |
</pre> |
| 19 |
MikeBeattie |
238 |
to your ip-up scripts if your internet connection terminates on your linux machine and you have a dynamic IP. |
| |
|
239 |
|
| |
|
240 |
!!Reasons this might not work: |
| |
|
241 |
* If you have a Nokia M11/M1122 or similar router doing your NAT, then you will need to setup a pinhole for ports 22222 and 44444. |
| |
|
242 |
* You might be missing the device files as mentioned above. |
| |
|
243 |
|
| |
|
244 |
!!Onwards and upwards. |
| |
|
245 |
Congratulations, at this point you should have WanDaemon running on your machine. |
| |
|
246 |
|
| |
|
247 |
Next you have to configure and start zebra(8) (See ZebraConfig). |
| |
|
248 |
|
| |
|
249 |
The next step is to enable all the useful stuff: proceed on to MetaNetConfiguration. |
| |
|
250 |
|
| |
|
251 |
----- |
| |
|
252 |
|
| 21 |
AlastairPorter |
253 |
#[|ftnt_1]~[[1|#ftnt_ref_1]~] Not Running Linux? |
| 19 |
MikeBeattie |
254 |
|
| 21 |
AlastairPorter |
255 |
; MicrosoftWindows :You might still be able to get onto the !MetaNet if you can find some kind soul who will allow you to make a [PPTP]/[IPSec] connection onto their gateway. See the [PPTPServerHowto] for more information on this. |
| |
|
256 |
; FreeBSD :Theres a port to FreeBSD thats being trialed, talk to PerryLorier about it if you're interested. |
| |
|
257 |
; Other *nix :Maybe you could try porting it ;) |
| 19 |
MikeBeattie |
258 |
|
| |
|
259 |
[GRE] Tunnels are supported now, although you have to talk nicely to be allowed on via one. In the general case, point-to-point tunnels like ipsec/gre/pptp aren't preferred, as they require all your !MetaNet traffic to go through one host. Talk to DanielLawson if you want a GRE or PPTP tunnel onto the MetaNet. Look at [GRETunnel] for more information on GRE Tunnels. |
| |
|
260 |
|
| 21 |
AlastairPorter |
261 |
#[|ftnt_2]~[[2|#ftnt_ref_2]~] Ethertap support has been deprecated as it has been deprecated in the kernel. Note that if your kernel is already configured for ethertap, you can keep using it - just change etud.conf to point at ethertap.so for its driver, not tuntap.so. However, look at compiling TUN/TAP in next time you change your kernel. |
| 19 |
MikeBeattie |
262 |
|
| 21 |
AlastairPorter |
263 |
#[|ftnt_3]~[[3|#ftnt_ref_3]~] If you're using Ethertap, you will have to create tap0 as follows: |
| |
|
264 |
<pre> |
| 19 |
MikeBeattie |
265 |
mknod /dev/tap0 c 36 16 |
| 21 |
AlastairPorter |
266 |
</pre> |
