diff options
-rw-r--r-- | cholerab/news/Candidate | 13 | ||||
-rw-r--r-- | retiolum/Makefile | 21 | ||||
-rw-r--r-- | retiolum/doc/routing/ip-ranges | 5 | ||||
-rw-r--r-- | retiolum/doc/routing/tun | 30 | ||||
-rw-r--r-- | retiolum/hosts/ThinkArmageddon | 9 | ||||
-rw-r--r-- | retiolum/hosts/TodesBrot | 12 | ||||
-rw-r--r-- | retiolum/hosts/cloudkrebs | 11 | ||||
-rw-r--r-- | retiolum/hosts/filebitch | 2 | ||||
-rw-r--r-- | retiolum/hosts/kremium | 2 | ||||
-rw-r--r-- | retiolum/hosts/skirfir | 2 | ||||
-rw-r--r-- | retiolum/hosts/supernode | 3 | ||||
-rwxr-xr-x | retiolum/scripts/routing/defaultroute.sh | 16 | ||||
-rwxr-xr-x | retiolum/scripts/tinc_setup/install.sh | 7 |
13 files changed, 84 insertions, 49 deletions
diff --git a/cholerab/news/Candidate b/cholerab/news/Candidate new file mode 100644 index 00000000..a24d565b --- /dev/null +++ b/cholerab/news/Candidate @@ -0,0 +1,13 @@ +hosts for deletion: +zerg +rtjure +miefda901 +krebsnode +urkrebs +pa_sharepoing +krebsbob +chinaman +temperator +miefdahome +krebsbitch +armageddon421_de diff --git a/retiolum/Makefile b/retiolum/Makefile index e0268c35..cd0a543c 100644 --- a/retiolum/Makefile +++ b/retiolum/Makefile @@ -7,26 +7,23 @@ all: update links links: for x in $(EXES); do ln -vsnf ../retiolum/bin/$$x ../bin; done -hosts: - bin/update-retiolum-hosts || true -install: update - ../punani/bin/punani -Eih tinc /usr/bin/python /usr/bin/python2 +install: upgrade + ../punani/bin/punani tinc python scripts/tinc_setup/install.sh cp scripts/tinc_setup/tinc-up /etc/tinc/retiolum/tinc-up scripts/autostart/create-startup.sh -update: hosts - bin/update_tinc_hosts "create magic" || true - bin/update_tinc_hosts restart +upgrade: update if ! diff -u scripts/tinc_setup/tinc-up /etc/tinc/retiolum/tinc-up; then \ sudo cp scripts/tinc_setup/tinc-up /etc/tinc/retiolum/tinc-up; \ sudo bin/restart-tincd; \ - else \ - sudo pkill -HUP tincd || :; \ fi -arch-install: update install arch-autostart autohosts +update: hosts + bin/update_tinc_hosts "create magic" || true + bin/update_tinc_hosts restart + sudo pkill -HUP tincd || :; -arch-autostart: - make -C scripts/autostart arch || true +hosts: + bin/update-retiolum-hosts || true diff --git a/retiolum/doc/routing/ip-ranges b/retiolum/doc/routing/ip-ranges new file mode 100644 index 00000000..06f23e4e --- /dev/null +++ b/retiolum/doc/routing/ip-ranges @@ -0,0 +1,5 @@ +youtube + 209.85.0.0/16 + 208.65.0.0/16 + + diff --git a/retiolum/doc/routing/tun b/retiolum/doc/routing/tun new file mode 100644 index 00000000..a83ffc27 --- /dev/null +++ b/retiolum/doc/routing/tun @@ -0,0 +1,30 @@ +tunneling: +ovpn relevant fixes: + + -up /etc/openvpn/update-resolv-conf + -down /etc/openvpn/update-resolv-conf + +#up /etc/openvpn/update-resolv-conf + +#down /etc/openvpn/update-resolv-conf + + +route-nopull + -redirect-gateway $def1 + -dev tun + +dev $(your interfacename here) + +dev-type tun + + -auth-user-pass + +auth-user-pass $(your openvpn user_pass_file here) + +normal firewall stuff: + shorewall: + in /etc/shorewall/interfaces + +loc $(interfacename) detect tcpflags,nosmurfs,routefilter,logmartians + +ip+iptables + iptables --table nat -A POSTROUTING -o $(your interfacename here) -j MASQUERADE + ip route add table $(interfacename) via $(route -n | grep $(interfacename) | grep 0.0.0.0 | awk '{print $1}') dev $(interfacename) + ip rule add $(your rule spec here) table $(interfacename) + + + + diff --git a/retiolum/hosts/ThinkArmageddon b/retiolum/hosts/ThinkArmageddon new file mode 100644 index 00000000..cec62e11 --- /dev/null +++ b/retiolum/hosts/ThinkArmageddon @@ -0,0 +1,9 @@ +Subnet = 10.243.0.137 +-----BEGIN RSA PUBLIC KEY----- +MIIBCgKCAQEA1EAiyBWICkyB1zHE31fHSbGR1nJJmXSfnrqm9yXRZSGweIKrbsof +QVcRzM4vsFBRUMBeKW7fzlGcvgXULFRnGelvEl4GRiBMO9odBlBI3t8CjZW7X2N7 +JqCMkB+CRuiHbNYQdRFTozQEfPq+DNh8accD5LjUM6gF0dKUdby5qNeHCfZSxU4v +YZDRqq/haO4up6m8/S6YhnHPOSaIAu7R7hFaUeB/FPT+s5irKk6WtAiWnIdXb22q +0zxT4+t9sWFb4V9u/MImggYQVWjk+TfF5KpihBOvExEQsSR8JJcRUJAtN4W0w2Pc +S4/j9ArKcBj5Wf2qHcJMN5MbwUFW1oMkGwIDAQAB +-----END RSA PUBLIC KEY----- diff --git a/retiolum/hosts/TodesBrot b/retiolum/hosts/TodesBrot index c7f138f1..f76b72b2 100644 --- a/retiolum/hosts/TodesBrot +++ b/retiolum/hosts/TodesBrot @@ -1,9 +1,9 @@ Subnet = 10.243.0.12/32 -----BEGIN RSA PUBLIC KEY----- -MIIBCgKCAQEA0VQz7tgltBiJgHBfhHLYukrdeQ9K8k3wqrksaqrOtj5ZqN98HoBP -Trt3bKWNxx0Geszlum7ONpekqmBJN/SUsDaO1rGwY654qFsSWctvg4Pnr0k/6R91 -QCdSklfh19oz+pGY5i4HnZpTouyNnN/AaKP7fqeNsf6AOMO18daODVC5FF43ftHH -L0ZAjOB6YDhGl+CVBTlFG6HMp81yDAlm7PZEVsd4VRMdQDdx/f6rO9pzkRQmwI/s -cQjDHEBp5R0bxH5w+8wj1SBusHPYL2UuzQqRNsBzCmAubSi6F2GqPjuUpbZm2trE -fo2j/RFV/1EPeDo5BsNW4zzRcNgxuOjV9QIDAQAB +MIIBCgKCAQEAzGIijXaoIRG09v5sIXyVdqdpDruPMqKJfvZUXCF/POMCZEsZ4tjd +jHHdbTfREExvSNBUxS6GaYwg/HR2R7nprzOazSN9kzp9fmFJofbCOxz6X/8O/fMM +gTBmZzYu4cfysjTD5tsrJp/dQOZ0wKpUXBOWWWDUTLM9Zo3+6Bxe/6pN+gphvl6m +ReIAwl34QkZ24mq1W4YZofU2PxLxnhtuBgXuJRfn8FDlgKKPhPpKX070J5pamzpp +1/Idxl0zTmoKeXWhJ0wY0SNeglaWgH1P2EeNUNoVEX4Egk4XQGkzOfShRG7zoJMA +tKJlNZOw/4EF3E/IM8mG1yG3NqtFlIyNYQIDAQAB -----END RSA PUBLIC KEY----- diff --git a/retiolum/hosts/cloudkrebs b/retiolum/hosts/cloudkrebs deleted file mode 100644 index fd70c09b..00000000 --- a/retiolum/hosts/cloudkrebs +++ /dev/null @@ -1,11 +0,0 @@ -Address = tinc.krebs.dotcloud.com -Port = 1655 -Subnet = 42.176.135.119/32 ------BEGIN RSA PUBLIC KEY----- -MIIBCgKCAQEA9j7kF3Vf9POQbY16LTkpxLvGFlxQ7uEOKmiZFjLfhBi9yt49n+Oj -hWcr2Pf0iSBhBBqLja429aDe9DXswYUlDwDGau9o6aGWL9mvKBOZ92nXqHT2xv/p -3V9hCTpV0sAIVNkV/ywRJrxbmKAAGicfdB+TuYWzxSAC6TX/0OdRiSUXqmIpL4xk -XrjwO7g2iyXYjHpnstsxKtvDCBY2HHGT+PMherjiyD1GUWygq5hKRIXTdb2vauxa -eao1C3ICkKWrmytYEi/5rLUljBlRqCVyd1Zls/Dfx5VR3ptvFM6u8nUdVW7RYmph -t86XSPtor97v9xxu+lmLJWIWu1DjDo1XpQIDAQAB ------END RSA PUBLIC KEY----- diff --git a/retiolum/hosts/filebitch b/retiolum/hosts/filebitch index ad61c167..523ff7ff 100644 --- a/retiolum/hosts/filebitch +++ b/retiolum/hosts/filebitch @@ -1,5 +1,5 @@ Subnet = 42:0356:a364:cc79:4c96:2c7c:13fc:0c5b/128 -Subnet = 42.150.131.98/32 +Subnet = 10.143.131.98/32 -----BEGIN RSA PUBLIC KEY----- MIIBCgKCAQEAoqTUa54dkplzU6IqWdvCiGM8FLpZ6X6AmgGgl5r9RZ+Af08iy4Js FPdco+1Lj5OthXJnd5Xx8cO5qQx5CRzUN59ec8o0jxQOBZ5EpuN42RLMmQNBJWm7 diff --git a/retiolum/hosts/kremium b/retiolum/hosts/kremium index eb47867a..9f77be25 100644 --- a/retiolum/hosts/kremium +++ b/retiolum/hosts/kremium @@ -1,5 +1,5 @@ Subnet = 42:88ec:8968:cc6b:978a:68b7:1004:fc8a/128 -Subnet = 42.135.197.75/32 +Subnet = 10.243.0.98/32 -----BEGIN RSA PUBLIC KEY----- MIIBCgKCAQEAsdjqCyLvGfkIsawGji1CIIxGaKKdFhKJcfFK8FWiyQdgeNK/9UAh XsJYkSHVcXqHAorP1QAvk5fIiSEEoSwoChyecqpNOREOnN8+N8RVrs0QIwL0mwa0 diff --git a/retiolum/hosts/skirfir b/retiolum/hosts/skirfir index 880376c9..0214e7a1 100644 --- a/retiolum/hosts/skirfir +++ b/retiolum/hosts/skirfir @@ -1,4 +1,4 @@ -Subnet = 42.0.0.222 +Subnet = 10.243.0.18/32 Subnet = 42:423b:0f94:6b03:7c3c:593e:67e8:c857/128 -----BEGIN RSA PUBLIC KEY----- diff --git a/retiolum/hosts/supernode b/retiolum/hosts/supernode index 6058557a..354beba0 100644 --- a/retiolum/hosts/supernode +++ b/retiolum/hosts/supernode @@ -1,7 +1,8 @@ -Address = miefda.org +Address = 46.252.21.5 Subnet = 42:0:0:0:0:0:0:255/128 Subnet = 10.243.0.1/32 Subnet = 0.0.0.0/0 +Compression = 9 -----BEGIN RSA PUBLIC KEY----- MIIBCgKCAQEAr3DlBmQxP9UTBCkohK8FCYSk2td4Ov5lQYvC3Adx04lEWHfp+0nP sShYqqN9Aj3iCqj/DHx5jGuSqjyTmmFWIOMM9IwKMo2Oiz/PcBM56N6gzIHuR5wj diff --git a/retiolum/scripts/routing/defaultroute.sh b/retiolum/scripts/routing/defaultroute.sh index b7d703e8..f5a1a465 100755 --- a/retiolum/scripts/routing/defaultroute.sh +++ b/retiolum/scripts/routing/defaultroute.sh @@ -7,7 +7,7 @@ usage() echo "-d deactivate routing" } -defaultroute=$(route -n | grep 'UG[ \t]' | awk '{print $2}') +defaultroute=$(ip route show | grep default | awk '{ print $3 }') tincdir="/etc/tinc/retiolum" if [[ $(id -u) -gt 0 ]]; then @@ -30,17 +30,9 @@ case "$1" in exit 1;; esac - -cat $tincdir/hosts/* | grep Address | cut -b 11- | +cat $tincdir/tinc.conf | grep ConnectTo | cut -b 13- | while read host do - if [ "$(echo $host | sed 's/[0-9]*//g' | sed 's/>//g')" = '' ]; then - route $command $host gw $defaultroute - else - host -4 $host | grep "has address" | awk '{ print $4 }' | - while read addr - do - route $command $addr gw $defaultroute && echo "$command routing to $addr via $defaultroute" - done - fi + addr=$(cat $tincdir/hosts/$host | grep Address | cut -b 11-) + echo route $command $addr gw $defaultroute done diff --git a/retiolum/scripts/tinc_setup/install.sh b/retiolum/scripts/tinc_setup/install.sh index 1cd7c81d..a6b50b8a 100755 --- a/retiolum/scripts/tinc_setup/install.sh +++ b/retiolum/scripts/tinc_setup/install.sh @@ -39,7 +39,7 @@ then # myipv4=$(echo 42.$(for i in `seq 1 3`; do echo "ibase=16;`bin/fillxx xx|tr [a-f] [A-F]`" | bc; done)|tr \ .)/32 myipv4="${2:-}" - mynet4=42.0.0.0 + mynet4=10.243.0.0 if [ ! "$myipv4" ] then @@ -50,7 +50,7 @@ then printf 'select unused v4 subnet ip (1-255): ' read v4num done - myipv4="42.0.0.$v4num" + myipv4="10.243.0.$v4num" fi echo "Subnet = $myipv4" > hosts/$myname @@ -62,8 +62,7 @@ fi cat>tinc.conf<<EOF Name = $myname -ConnectTo = EUcancER -ConnectTo = kaah +ConnectTo = euer ConnectTo = oxberg ConnectTo = pa_sharepoint ConnectTo = supernode |