diff options
Diffstat (limited to 'retiolum/doc')
| -rw-r--r-- | retiolum/doc/cronjob | 7 | ||||
| -rw-r--r-- | retiolum/doc/device.c | 37 | ||||
| -rw-r--r-- | retiolum/doc/git_checkout_only_hosts | 11 | ||||
| -rw-r--r-- | retiolum/doc/highping | 2 | ||||
| -rw-r--r-- | retiolum/doc/install_dotcloud | 85 | ||||
| -rw-r--r-- | retiolum/doc/install_no.de | 16 | ||||
| -rw-r--r-- | retiolum/doc/routing/ip-ranges | 5 | ||||
| -rw-r--r-- | retiolum/doc/routing/tun | 30 |
8 files changed, 193 insertions, 0 deletions
diff --git a/retiolum/doc/cronjob b/retiolum/doc/cronjob new file mode 100644 index 00000000..3f640311 --- /dev/null +++ b/retiolum/doc/cronjob @@ -0,0 +1,7 @@ +cron-eintrag fuer automatisches hosts-update + +ueberschreibt keine bearbeitete host-dateien +if ping -c 1 euer.krebsco.de -W 5 &>/dev/null; then (curl http://euer.krebsco.de/retiolum/hosts.tar.gz | tar xzk -C /etc/tinc/retiolum/hosts/);fi + +ueberschreibt bearbeitete hostdateien +if ping -c 1 euer.krebsco.de -W 5 &>/dev/null; then (curl http://euer.krebsco.de/retiolum/hosts.tar.gz | tar xz -C /etc/tinc/retiolum/hosts/);fi diff --git a/retiolum/doc/device.c b/retiolum/doc/device.c new file mode 100644 index 00000000..7ffe51dd --- /dev/null +++ b/retiolum/doc/device.c @@ -0,0 +1,37 @@ +#include "system.h" +#include "conf.h" +#include "logger.h" +#include "net.h" +#include "route.h" +#include "utils.h" +#include "xalloc.h" + +int device_fd = -1; +char *device = NULL; +char *iface = NULL; + + +bool setup_device(void) { + device = xstrdup("null"); + iface = xstrdup("null"); + device_fd = -1; + + return true; +} + +void close_device(void) { + free(device); + free(iface); +} + +bool read_packet(vpn_packet_t *packet) { + + return true; +} + +bool write_packet(vpn_packet_t *packet) { + return true; +} + +void dump_device_stats(void) { +} diff --git a/retiolum/doc/git_checkout_only_hosts b/retiolum/doc/git_checkout_only_hosts new file mode 100644 index 00000000..2286169d --- /dev/null +++ b/retiolum/doc/git_checkout_only_hosts @@ -0,0 +1,11 @@ +# Reference +http://jasonkarns.com/blog/subdirectory-checkouts-with-git-sparse-checkout/ + +# Code + + git init painload + cd painload + git remote add -f origin https://github.com/krebscode/painload.git + git config core.sparsecheckout true + echo retiolum/hosts/ >> .git/info/sparse-checkout + git pull origin master diff --git a/retiolum/doc/highping b/retiolum/doc/highping new file mode 100644 index 00000000..e3d9a47c --- /dev/null +++ b/retiolum/doc/highping @@ -0,0 +1,2 @@ +in der tinc.conf darf nicht zu einem Host connectet werden der einen DNS namen benutzt. +wenn ein nicht erreichbarer DNS name versucht wird zu erreichen pausiert tinc jedesmal alle transfers bis der DNS-Request einen Timeout hat. diff --git a/retiolum/doc/install_dotcloud b/retiolum/doc/install_dotcloud new file mode 100644 index 00000000..ea976c55 --- /dev/null +++ b/retiolum/doc/install_dotcloud @@ -0,0 +1,85 @@ +The Dotcloud provided by duostack.com is a application development platform +for simple deployment of your stuff. + +It also provides an ssh-interface via: +<code> + dotcloud ssh project.module +</code> + +to be able to use it without the hassle of going through the api, you will +need to create an own dsa-key for ssh to use and deploy this public key on +the machine +<code> + ssh-keygen -t dsa -f dotcloud_project.dss + cat dotcloud_project.dss.pub (copy the contents to the dotclouds + ~/.ssh/authorized_keys2) +</code> +find your dotcloud host ip via +<code> + dotcloud info project.module +</code> + +You will gain a user shell with +<code> + ssh dotcloud@module.project -p 5960 +</code> +we will need to build some stuff in order to get a working copy of tinc. +Everything needs to be done in userspace. +<code> + mkdir build + cd build + curl http://www.openssl.org/source/openssl-1.0.0d.tar.gz | tar xz + cd openssl-1.0.0d + ./config --prefix=$HOME/usr -fPIC + make install + cp lib* $HOME/usr/lib + cd .. + + curl http://www.oberhumer.com/opensource/lzo/download/lzo-2.04.tar.gz | tar xz + cd lzo-2.04 + ./configure --prefix=$HOME/usr + + curl http://zlib.net/zlib-1.2.5.tar.gz | tar xz + cd zlib-1.2.5/ + ./configure --prefix=$HOME/usr + make install +</code> +before building we need to patch the tinc daemon to run without the need +for a tun device. + +tutorial is here: +https://hackerspace.be/TincVPN +<code> + + curl http://www.tinc-vpn.org/packages/tinc-1.0.14.tar.gz | tar xz + cd tinc-1.0.14 + #replace the device.c with the patched (empty) one from the webpage + ./configure --prefix=$HOME/usr --sysconfdir=$HOME/etc \ + --localstatedir=$HOME/var --with-openssl=`pwd`/../openssl-1.0.0d/ \ + --with-openssl-lib=`pwd`/../openssl-1.0.0d/ \ + --with-zlib-include=$HOME/usr/include --with-zlib-lib=$HOME/usr/lib + make + make install + mkdir ~/etc + mkdir -p ~/var/run + cd ~/painload/retiolum/scripts/tinc_setup + ./install cloudkrebs 10.7.7.221 +</code> + +be sure to fix the portnumber in the generated host file and add your own +address in hosts/cloudkrebs: +<code> + Address = my.public.address + Port = 1655 + + PUBKEY +</code> + +also write the right in tinc.conf: +<code> + Name = cloudkrebs + + Mode = switch + #device = ... + # no device :) +</code> diff --git a/retiolum/doc/install_no.de b/retiolum/doc/install_no.de new file mode 100644 index 00000000..69fecc61 --- /dev/null +++ b/retiolum/doc/install_no.de @@ -0,0 +1,16 @@ +ok, i tried to just do the same step i did in the other cloud service, but +it failed when trying to include tunnel headers.this is what to do: + +./configure +./configure --prefix=$HOME/usr --sysconfdir=$HOME/etc --disable-lzo --disable-zlib --localstatedir=$HOME/var +# add PATH_MAX to conf.c + +Add to your own path: +$PATH:/home/node/usr/sbin/:/home/node/painload/modules/retiolum/bin/ + +patch the install paths in modules/retiolum/scripts/tinc_setup/krebs + +update the write_channel script with the correct path + +mkdir -p ~/var/run + diff --git a/retiolum/doc/routing/ip-ranges b/retiolum/doc/routing/ip-ranges new file mode 100644 index 00000000..06f23e4e --- /dev/null +++ b/retiolum/doc/routing/ip-ranges @@ -0,0 +1,5 @@ +youtube + 209.85.0.0/16 + 208.65.0.0/16 + + diff --git a/retiolum/doc/routing/tun b/retiolum/doc/routing/tun new file mode 100644 index 00000000..a83ffc27 --- /dev/null +++ b/retiolum/doc/routing/tun @@ -0,0 +1,30 @@ +tunneling: +ovpn relevant fixes: + + -up /etc/openvpn/update-resolv-conf + -down /etc/openvpn/update-resolv-conf + +#up /etc/openvpn/update-resolv-conf + +#down /etc/openvpn/update-resolv-conf + + +route-nopull + -redirect-gateway $def1 + -dev tun + +dev $(your interfacename here) + +dev-type tun + + -auth-user-pass + +auth-user-pass $(your openvpn user_pass_file here) + +normal firewall stuff: + shorewall: + in /etc/shorewall/interfaces + +loc $(interfacename) detect tcpflags,nosmurfs,routefilter,logmartians + +ip+iptables + iptables --table nat -A POSTROUTING -o $(your interfacename here) -j MASQUERADE + ip route add table $(interfacename) via $(route -n | grep $(interfacename) | grep 0.0.0.0 | awk '{print $1}') dev $(interfacename) + ip rule add $(your rule spec here) table $(interfacename) + + + + |