Le seguenti 492 parole non sono state trovate nel dizionario di 1275 termini (includendo 1275 LocalSpellingWords) e sono evidenziate qui sotto:
51b   5z4   6a   6b   9e   A0612x   A30b   A35   A3d   able   Abuzc   accedere   address   Address   adesso   alla   allow   already   announce   Ap2   Apple   apt   Aq8q   Aqbr   arprefresh   asked   at   Au   authorize   authorized   Av5s   available   avessimo   B3balc   backup   bash   be   Because   because   below   between   bind   Bj7   Bk   bonjour   broadcast   but   Bx   by   C02i2   can   cat   certain   Cf   Cg   check   chmod   choosen   Cis2   città   Ck   clamp   client   close   collegare   collegati   command   comment   communicate   computers   conf   config   configuration   configure   configured   configuring   connect   Connect   Connessione   created   D2h   d9kjnk   D9sm8b   daemon   debian   debug   decided   default   dependancies   dest   dev   Device   distanti   distro   diverse   Dm   Do4zj   does   don   done   down   Dr   Dx1   Dy   dyn   E2q   E5   Ea046l   Eb8   Edfw   else   etc   ev1   everything   ex   executable   executed   executing   F6cpm3f   fa   file   files   firewall   Fk8f   flags   folder   folders   following   for   forward   forwarding   Fp0htxr   from   Fx   Fxew5   Fyn   Fz   G628mw   Ga   generated   geograficamente   Gestione   get   giocare   Gj   gmail   Gql   guide   guinness   gw   ha8p   Hb   Hcv   hispanico   Hk4   Hna4   home   hosts   Hp   Hsl   httpinfo   hub   I03   I6line   Iej9kj837   if   If   ifconfig   ifname   Ikz   Important   important   Indirizzi   infatti   init   input   Insert   insert   installation   installed   Interface   interface   interni   Intn   into   Ioy   ip   iptables   Isole   isole   Italian   its   J0u   J5   Jd2   Ji   Jly41tu   Jpf   just   K55   kernel   key   Keypair   keys   kill   killall   Kl0p   Kya   L8   lan   Lca9m   Ldu   lento   Library   library   like   lines   list   listed   Ll   Lo   lo   Load   local   located   locations   look   looks   loro   lower   Lv   M1hm4   Mac   Macports   macports   main   Make   manually   Mckowzaf   mdns   metric   Mh   mine   minimal   missing   Mjc   mkdir   mod   Mode   Modify   monitoring   mss   mtu   Mult   Multiplier   name   Name   nameservice   Navigate   necessary   need   needed   nessun   netaddr   netmask   Network   network   Nickname   Njmf   none   Norimberga   Note   notes   notification   now   Now   Ntdq9ixz   nxv   O7hg69yb   o8   obtained   Odyu   Oh   Olsr   olsr   olsrd   On   on   On6csc   Once   one   only   openwrt   operate   opkg   opt   or   original   others   our   out   output   override   P0j   P2   P9   Pa   package   page   pair   paragraph   part   passato   pc   Pcn   persone   Pgvk   pick   pid   pidfile   ping   place   Please   plme   Plugin   plugins   Pmmai   pmtu   point   port   ports   Ports   prefered   previous   private   programs   properly   proto   public   put   Pwj   Q8ka   Q9rb   Qcgsuxt   Qq   Qqba   Quality   quelli   reach   reale   received   reopen   Replace   required   Rf   routes   Rpq   run   Rv   S1x4   S3   S4   sarebbe   secondary   See   see   Sei   self   selfupdate   send   Send   serve   servers   set   sfv   shoul   should   singole   Sj   skip   Sl   so   src   step   stop   stuff   subnet   sudo   sure   surely   svn   switch   sync   system   table   tap   tap0   Tc   tcp   tech   terminal   Tgjvo466   that   there   these   this   This   tinc   Tinc   tincd   Tk   Tnob   to   To   traffic   traffico   trobleshooting   try   Tub   tuning   Tv2   Tw   txtinfo   type   U6   Ugl67   Ui7jgj   Uj6   unique   up   Update   update   Us   usa   use   Use   used   using   usr   var   very   Vglj   via   viceversa   vogliono   volevano   vpn   Vqr   Vu   vuc   W4nua8   W5fneic   W681zyf   W8e   want   way   we   when   Where   which   Wi   will   wireless   With   with   within   won   worked   Ws   Wt   Wt4   Wy   wy   X1   X5yof   X9   Xfy4   Xpf   Xya   Yfzp   Ym   Yo   yournickname   Yrwt4   Ys0   Z0   Z7   zeroconf   Zi7l   zioproto   Zo   Zv  

Nascondi questo messaggio

Italiano English
Modifica History Actions

TincVPN

Le sedi di Ninux sono:

a Roma presso il FusoLab

  • Fusolab

a Pisa all'EigenLab

  • Eingelab

a Cosenza presso la sede dell'Hacklab Cosenza

  • HLCS

a Catanzaro presso la sede dell'Hacklab Catanzaro

  • HLCZ

a Firenze presso l'exfila

  • exfila

a Bologna presso il makerspace di RaspiBO

  • NinuxBO

Ninux.org partecipa al World IPv6 day

  • WorldIpv6Day

OBSOLETE DOCUMENT:

SEE:

Connessione VPN tra isole ninux in città diverse

DISCLAIMER (in Italian, not tech stuff)

Ninux usa la VPN per collegare isole di rete distanti geograficamente tra loro. In nessun caso vengono collegati nodi di singole persone che vogliono accedere ai servizi interni Ninux via VPN.

La VPN infatti serve solo per il monitoring e per il trobleshooting. Non si fa traffico reale in VPN in quanto sarebbe molto lento.

Se avessimo dato anche in passato l'accesso alla "VPN Tinc" a tutti quelli che lo volevano per giocare adesso Ninux sarebbe una rete in VPN invece di una rete wireless.

Connect to Ninux Network with Tinc VPN

1) Install tinc on your Linux (e.g. apt-get install tinc) MAKE SURE YOU HAVE AT LEAST TINC 1.0.13

2) mkdir /etc/tinc/ninux

3) Create /etc/tinc/ninux/tinc.conf 

Name = yournickname
ConnectTo = Norimberga
Mode = switch

Please pick a unique yournickname. Norimberga is our hub server. Mode switch is required because tinc will operate with a tap interface, needed to run olsr on it.

4) Create the hosts folder mkdir /etc/tinc/ninux/hosts/

5) Generate a Keypair tincd -n ninux -K

6) Create the file /etc/tinc/ninux/hosts/Norimberga

This file has the address and the public key of the server 

Address = svn.ninux.org

-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEA30bZWtIej9kj837Eb8C+nxvEXfy4Jly41tuJYfzpJiP/pTQGaPyF
XDEdfwAq8qJpfLaRfKl0pQ9rbDo4zjSlNW8e/5BxTnobXHcvSD9sm8bNAME2qBkI
plmeWt4RvDmEKDrJWyUIoyKyaTcCkXpfHslTJSBBj7TSjYX9SCfTkSS3GjNDWMjc
C02i2+ZB3balcR+Ea046l/GVFp0htxrUFxew5RDXPmmaiQRF6cpm3fMNtdq9ixz+
uJNjmfHW/lHk4KMUj6KMLca9mS4TWsFxLYmP0jZi7lD2hA3dNCW4nua8HHYPwj+X
Mh/vucAMckowzaf+51bGD+o8HVuM1hm4TwIDAQAB
-----END RSA PUBLIC KEY-----

If you want also a backup link use also our secondary server

6a) Create the file is /etc/tinc/ninux/hosts/guinness 

Address = hispanico.ninux.org

-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAp2VqrJOPTubK+I6lineZZ0QcgsuxtPaGqlEHbCis2I03Tv2KQ8ka
JQOdyuPcn/1KJE5Ys0JUgl67W5fneicQOSei/+9e/AbuzcPA35/Ldu/sfv+SP2/T
XSU+W681zyfUFk8fQqbaU6XXSYMJX1ZEWAv5sWWRSA0612xIkzKZoG628mwBYoGG
d9kjnkZRpqFJd2ZFyn+/wyX5yof/3TZ7UIntnUVgljOn6cscDFzOh+zAqbrPXyaD
ha8pP9ZvOILlK55ZDx1NLoMWiS1x4L8J0u+vUsTgjvo466J5AuYrwt4HpLvULUQq
Pgvk/5z4OPLWUi7jgjQAQ/GO7hg69ybDyQIDAQAB
-----END RSA PUBLIC KEY-----

6b) Modify the file /etc/tinc/ninux/tinc.conf 

Name = yournickname
ConnectTo = Norimberga
ConnectTo = guinness
Mode = switch

7) Get an IP address in the subnet 10.0.1.0/24 and add your self in the table on this wiki page: GestioneIndirizzi

8) Create the file /etc/tinc/ninux/tinc-up 

ip link set dev ninux up
ip a a dev ninux HEREYOURIPADDRESS/24 broadcast 10.0.1.255
#Adjust MTU
ip link set mtu 1350 dev ninux
iptables -A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu

Where in place of HEREYOURIPADDRESS you must put the IP address choosen at point 7 of this guide

Make the file executable chmod +x /etc/tinc/ninux/tinc-up

9) Send an email to contatti@ninux.org with your Nickname choosen at point 3 and your generated public key so we can authorize you in the VPN main and backup server.

10) Once you received notification that your public key is authorized you can try to connect 

tincd -n ninux

If everything worked out you can ping 10.0.1.1. Now configure olsr to use the interface "ninux"

Important notes on the OLSR configuration

It is FUNDAMENTAL to:

  • Use olsr version 0.6.1
  • Insert a Link Quality Multiplier in the interface part of the olsrd.conf file. On servers, it should looks like 

Interface "ninux"
{
    LinkQualityMult default 0.2
}

on OpenWRT just look below.

**BEWARE:** if you use this configuration on a pc and you don't want to override the default gw you shoul use a LOWER metric for your prefered gw. This can be do using metric of your distro, on debian the default gw metric is 100 so lower it to 0 is a MUST.

OpenWRT and TincVPN

Install tinc and configure it (See the previous paragraph to set up tinc files): 

opkg update
opkg install tinc

Tinc package for OpenWRT is very minimal. init.d script is missing, you can use this one: 

#!/bin/sh /etc/rc.common
START=50

start() {
tincd -n ninux
}

stop() {

iptables -D FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
killall tincd

}

If you want to use 'ip' command for tinc-up you need to install ip package with 

opkg install ip

Because you configure tincd manually, use this code in /etc/config/network to bind the vpn interface to the ninux tap interface created by tinc. This way you can use the vpn interface when configuring with UCI other programs like olsrd 

config interface vpn
        option proto none
        option ifname ninux

In file /etc/config/firewall (if your openwrt firewall is on, else skip this step) you need to allow traffic forwarding between lan and vpn and viceversa or others won’t be able to reach computers in your subnet,so add the following: 

##VPN ninux Zone
config 'zone'
        option 'name' 'vpn'
        option 'input' 'ACCEPT'
        option 'output' 'ACCEPT'
        option 'forward' 'ACCEPT'
##Traffic from/to lan/vpn
config forwarding
        option 'src' 'vpn'
        option 'dest' 'lan'

config forwarding
        option 'src' 'lan'
        option 'dest' 'vpn'     

##end VPN ninux Zone

Install olsrd and its plugins: 

opkg install olsrd olsrd-mod-mdns olsrd-mod-dyn-gw olsrd-mod-arprefresh olsrd-mod-httpinfo olsrd-mod-txtinfo olsrd-mod-nameservice

Note: i'm not sure we need all these plugins, surely we need olsrd-mod-mdns for bonjour/zeroconf but these plugins are listed in default /etc/config/olsrd do i decided to install them all.

In the file /etc/config/olsrd now you can add the following: 

config 'Interface'
        option 'interface' 'vpn'
        option 'LinkQualityMult' 'default 0.2'

it is very important to set the LinkQualityMult because we want to use the VPN only if there is not a wireless link available.

If after tuning LinkQualityMult your olsrd daemon does not insert routes into the kernel, comment out from your configuration file the following: 

#LinkQualityAlgorithm    "etx_fpm"

config LoadPlugin
        option library 'olsrd_mdns.so.1.0.0'
        option NonOlsrIf 'lan'

This is needed to allow our non Olsr lan to communicate with others on vpn. 

config 'Hna4'
       option 'netaddr' 'LAN_ADDR'
       option 'netmask' 'NETMASK_LAN_ADDR'

With this we announce to other hosts on olsr network our lan. Replace LAN_ADDR with your lan subnet (ex: mine is 192.168.23.0) and NETMASK_LAN_ADDR with your lan netmask (check GestioneIndirizzi for available subnet, if your lan subnet is already used change it!)

Connect to Ninux Network with Tinc VPN for Mac

You need to have XCode and MacPorts.

1) Install XCode from Apple site or it can also be obtained from original OSX installation DVD.

2) Install MacPorts (http://www.macports.org/)

3) After Macports is installed, close and reopen your terminal. Update the ports system and ports list. 

sudo port selfupdate
sudo port sync

This command will install tinc and all the necessary dependancies. 

sudo port install tinc

Configuration files are located in /opt/local/etc/tinc

Tinc can now be configured and executed.

3) Tinc on OS X looks for configuration files in /usr/etc/tinc but we will place the configuration for Ninux VPN into /Library/tinc directory. Navigate to your home directory and create configuration folders for Ninux so type: 

mkdir -p Library/tinc/ninux

4) You will need to create the following files and folders within:

Tinc.conf in which you have to put this lines: 

Name = yournickname
ConnectTo = Norimberga
Mode = switch
Device = /dev/tap0

tinc-up in which you have to put this lines: 

ifconfig $INTERFACE HEREYOURIPADDRESS/24 netmask 255.255.255.0 broadcast 10.0.1.255
ifconfig $INTERFACE mtu 1350

Where in place of HEREYOURIPADDRESS you must put the IP address choosen on http://wiki.ninux.org/GestioneIndirizzi

tinc-down in which you have to put this lines: 

ifconfig $INTERFACE down

hosts/Norimberga in which you have to put this lines: 

Address = svn.ninux.org

-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEA30bZWtIej9kj837Eb8C+nxvEXfy4Jly41tuJYfzpJiP/pTQGaPyF
XDEdfwAq8qJpfLaRfKl0pQ9rbDo4zjSlNW8e/5BxTnobXHcvSD9sm8bNAME2qBkI
plmeWt4RvDmEKDrJWyUIoyKyaTcCkXpfHslTJSBBj7TSjYX9SCfTkSS3GjNDWMjc
C02i2+ZB3balcR+Ea046l/GVFp0htxrUFxew5RDXPmmaiQRF6cpm3fMNtdq9ixz+
uJNjmfHW/lHk4KMUj6KMLca9mS4TWsFxLYmP0jZi7lD2hA3dNCW4nua8HHYPwj+X
Mh/vucAMckowzaf+51bGD+o8HVuM1hm4TwIDAQAB
-----END RSA PUBLIC KEY-----

hosts/yournickname in which you have to put your public key (see below)

5) Make sure tinc-up and tinc-down are executable: 

chmod +x tinc-up tinc-down

6) You will also need to generate pair of keys (private/public) for your client. Do it only after the above files are configured properly! You will be asked for locations of certain files. The default locations are fine. 

sudo tincd -c ~/Library/tinc/ninux -K

put your public key into your /hosts/yournickname file.

7) Once you are done send an email to zioproto@gmail.com with your Nickname choosen at point 4 and your generated public key so we can authorize you in the VPN server.

10) Once you received notification that your public key is authorized you can try to connect 

sudo tincd -c ~/Library/tinc/ninux --pidfile=/var/run/tincd.pid -D --debug=1

If everything worked out you can ping 10.0.1.1. Now configure olsr to use the interface "tap0"

To stop the client you can kill it be executing:

kill -9 'cat /var/run/tincd.pid'

l'ultima modifica è del 2015-09-18 08:42:24, fatta da Nemesis