Changes in 803c1cf: Renamed dn42 on OpenWRT to /howto/dn42 on OpenWRT

dn42-on-OpenWRT.md

@@ -1,83 +0,0 @@

-# dn42 on OpenWRT

-

-This page gives hints on how to participate to dn42 with an OpenWRT router. It assumes Attitude Adjustment (12.09), but you can adapt it for other versions.

-

-The intended target is a home router, acting as the default gateway for its LAN clients. The goal is to have one or more dn42 peers, announce the LAN subnet with BGP, and thus transparently provide dn42 access to the LAN clients.

-

-This documentation assumes that the LAN is addressed in the dn42 space (`172.22.0.0/15`), but it's not a big deal to add NAT if it's not.

-

-## Initial configuration

-

-

-

-## Peerings

-

-Nothing fancy: use GRE tunnels, openvpn, anything. Don't forget to install the relevant packages with `opkg` (`kmod-gre` for instance).

-

-You can't manage GRE tunnels with OpenWRT, so just create them in `/etc/rc.local` (and assign addresses if needed).

-

-## BGP

-

-`quagga` and `bird` are both packaged in OpenWRT. Note that quagga is split in many packages, you probably need `quagga-bgpd`, `quagga-vtysh` and `quagga-zebra`.

-

-Of course, you should announce the prefix of your home network.

-

-## Interface definition

-

-This is needed so that OpenWRT is aware of the new interfaces (for firewall and stuff).

-

-In `/etc/config/network`, add entries for each dn42 interface:

-

- config interface dn42peer1

- option ifname tun-peer1

- option proto none

-

-## Firewall

-

-There are two goals:

-

- - Allowing traffic from LAN to dn42 (and maybe from dn42 to LAN too)

- - If you have more than one peer, allowing traffic from dn42 to dn42 (forwarding)

-

-Everything is done in `/etc/config/firewall`.

-

-### Zone declaration

-

- config zone

- option name dn42

- option network 'dn42peer1 dn42peer2 dn42peer3'

- option input REJECT

- option output ACCEPT

- option forward REJECT

-

-If you need to NAT your home network into dn42, you probably just need to add: 

-

- option masq 1

-

-### dn42 ↔ LAN forwarding

-

- config forwarding 

- option src lan

- option dest dn42

-

-If you're confident enough, you can also forward dn42 into your LAN:

-

- config forwarding 

- option src dn42

- option dest lan

-

-Or you can forward only certain ports, to certain hosts, etc (standard `config rule` stuff)

-

-### dn42 ↔ dn42 forwarding

-

-This is more tricky. In theory, all you have to do is to set

-

- option forward ACCEPT

-

-in the definition of the zone. However, due to a bug in Attitude Adjustment (see https://dev.openwrt.org/ticket/12945), this will allow forwarding **everything everywhere**.

-

-You have to use this patch: https://dev.openwrt.org/changeset/35484 (monkeypatching the relevant files in `/lib` should work).

-

-## DNS

-

-See [[Services-DNS-Configuration#dnsmasq]]. This will use the anycast dn42 DNS server to resolve `dn42` and relevant reverse domains.

\ No newline at end of file

howto/dn42-on-OpenWRT.md

@@ -0,0 +1,83 @@

+# dn42 on OpenWRT

+

+This page gives hints on how to participate to dn42 with an OpenWRT router. It assumes Attitude Adjustment (12.09), but you can adapt it for other versions.

+

+The intended target is a home router, acting as the default gateway for its LAN clients. The goal is to have one or more dn42 peers, announce the LAN subnet with BGP, and thus transparently provide dn42 access to the LAN clients.

+

+This documentation assumes that the LAN is addressed in the dn42 space (`172.22.0.0/15`), but it's not a big deal to add NAT if it's not.

+

+## Initial configuration

+

+

+

+## Peerings

+

+Nothing fancy: use GRE tunnels, openvpn, anything. Don't forget to install the relevant packages with `opkg` (`kmod-gre` for instance).

+

+You can't manage GRE tunnels with OpenWRT, so just create them in `/etc/rc.local` (and assign addresses if needed).

+

+## BGP

+

+`quagga` and `bird` are both packaged in OpenWRT. Note that quagga is split in many packages, you probably need `quagga-bgpd`, `quagga-vtysh` and `quagga-zebra`.

+

+Of course, you should announce the prefix of your home network.

+

+## Interface definition

+

+This is needed so that OpenWRT is aware of the new interfaces (for firewall and stuff).

+

+In `/etc/config/network`, add entries for each dn42 interface:

+

+ config interface dn42peer1

+ option ifname tun-peer1

+ option proto none

+

+## Firewall

+

+There are two goals:

+

+ - Allowing traffic from LAN to dn42 (and maybe from dn42 to LAN too)

+ - If you have more than one peer, allowing traffic from dn42 to dn42 (forwarding)

+

+Everything is done in `/etc/config/firewall`.

+

+### Zone declaration

+

+ config zone

+ option name dn42

+ option network 'dn42peer1 dn42peer2 dn42peer3'

+ option input REJECT

+ option output ACCEPT

+ option forward REJECT

+

+If you need to NAT your home network into dn42, you probably just need to add: 

+

+ option masq 1

+

+### dn42 ↔ LAN forwarding

+

+ config forwarding 

+ option src lan

+ option dest dn42

+

+If you're confident enough, you can also forward dn42 into your LAN:

+

+ config forwarding 

+ option src dn42

+ option dest lan

+

+Or you can forward only certain ports, to certain hosts, etc (standard `config rule` stuff)

+

+### dn42 ↔ dn42 forwarding

+

+This is more tricky. In theory, all you have to do is to set

+

+ option forward ACCEPT

+

+in the definition of the zone. However, due to a bug in Attitude Adjustment (see https://dev.openwrt.org/ticket/12945), this will allow forwarding **everything everywhere**.

+

+You have to use this patch: https://dev.openwrt.org/changeset/35484 (monkeypatching the relevant files in `/lib` should work).

+

+## DNS

+

+See [[Services-DNS-Configuration#dnsmasq]]. This will use the anycast dn42 DNS server to resolve `dn42` and relevant reverse domains.

\ No newline at end of file

...	...	@@ -1,83 +0,0 @@
1		-# dn42 on OpenWRT
2		-
3		-This page gives hints on how to participate to dn42 with an OpenWRT router. It assumes Attitude Adjustment (12.09), but you can adapt it for other versions.
4		-
5		-The intended target is a home router, acting as the default gateway for its LAN clients. The goal is to have one or more dn42 peers, announce the LAN subnet with BGP, and thus transparently provide dn42 access to the LAN clients.
6		-
7		-This documentation assumes that the LAN is addressed in the dn42 space (`172.22.0.0/15`), but it's not a big deal to add NAT if it's not.
8		-
9		-## Initial configuration
10		-
11		-
12		-
13		-## Peerings
14		-
15		-Nothing fancy: use GRE tunnels, openvpn, anything. Don't forget to install the relevant packages with `opkg` (`kmod-gre` for instance).
16		-
17		-You can't manage GRE tunnels with OpenWRT, so just create them in `/etc/rc.local` (and assign addresses if needed).
18		-
19		-## BGP
20		-
21		-`quagga` and `bird` are both packaged in OpenWRT. Note that quagga is split in many packages, you probably need `quagga-bgpd`, `quagga-vtysh` and `quagga-zebra`.
22		-
23		-Of course, you should announce the prefix of your home network.
24		-
25		-## Interface definition
26		-
27		-This is needed so that OpenWRT is aware of the new interfaces (for firewall and stuff).
28		-
29		-In `/etc/config/network`, add entries for each dn42 interface:
30		-
31		- config interface dn42peer1
32		- option ifname tun-peer1
33		- option proto none
34		-
35		-## Firewall
36		-
37		-There are two goals:
38		-
39		- - Allowing traffic from LAN to dn42 (and maybe from dn42 to LAN too)
40		- - If you have more than one peer, allowing traffic from dn42 to dn42 (forwarding)
41		-
42		-Everything is done in `/etc/config/firewall`.
43		-
44		-### Zone declaration
45		-
46		- config zone
47		- option name dn42
48		- option network 'dn42peer1 dn42peer2 dn42peer3'
49		- option input REJECT
50		- option output ACCEPT
51		- option forward REJECT
52		-
53		-If you need to NAT your home network into dn42, you probably just need to add:
54		-
55		- option masq 1
56		-
57		-### dn42 ↔ LAN forwarding
58		-
59		- config forwarding
60		- option src lan
61		- option dest dn42
62		-
63		-If you're confident enough, you can also forward dn42 into your LAN:
64		-
65		- config forwarding
66		- option src dn42
67		- option dest lan
68		-
69		-Or you can forward only certain ports, to certain hosts, etc (standard `config rule` stuff)
70		-
71		-### dn42 ↔ dn42 forwarding
72		-
73		-This is more tricky. In theory, all you have to do is to set
74		-
75		- option forward ACCEPT
76		-
77		-in the definition of the zone. However, due to a bug in Attitude Adjustment (see https://dev.openwrt.org/ticket/12945), this will allow forwarding everything everywhere.
78		-
79		-You have to use this patch: https://dev.openwrt.org/changeset/35484 (monkeypatching the relevant files in `/lib` should work).
80		-
81		-## DNS
82		-
83		-See [[Services-DNS-Configuration#dnsmasq]]. This will use the anycast dn42 DNS server to resolve `dn42` and relevant reverse domains.
...	...	\ No newline at end of file

...	...	@@ -0,0 +1,83 @@
	1	+# dn42 on OpenWRT
	2	+
	3	+This page gives hints on how to participate to dn42 with an OpenWRT router. It assumes Attitude Adjustment (12.09), but you can adapt it for other versions.
	4	+
	5	+The intended target is a home router, acting as the default gateway for its LAN clients. The goal is to have one or more dn42 peers, announce the LAN subnet with BGP, and thus transparently provide dn42 access to the LAN clients.
	6	+
	7	+This documentation assumes that the LAN is addressed in the dn42 space (`172.22.0.0/15`), but it's not a big deal to add NAT if it's not.
	8	+
	9	+## Initial configuration
	10	+
	11	+
	12	+
	13	+## Peerings
	14	+
	15	+Nothing fancy: use GRE tunnels, openvpn, anything. Don't forget to install the relevant packages with `opkg` (`kmod-gre` for instance).
	16	+
	17	+You can't manage GRE tunnels with OpenWRT, so just create them in `/etc/rc.local` (and assign addresses if needed).
	18	+
	19	+## BGP
	20	+
	21	+`quagga` and `bird` are both packaged in OpenWRT. Note that quagga is split in many packages, you probably need `quagga-bgpd`, `quagga-vtysh` and `quagga-zebra`.
	22	+
	23	+Of course, you should announce the prefix of your home network.
	24	+
	25	+## Interface definition
	26	+
	27	+This is needed so that OpenWRT is aware of the new interfaces (for firewall and stuff).
	28	+
	29	+In `/etc/config/network`, add entries for each dn42 interface:
	30	+
	31	+ config interface dn42peer1
	32	+ option ifname tun-peer1
	33	+ option proto none
	34	+
	35	+## Firewall
	36	+
	37	+There are two goals:
	38	+
	39	+ - Allowing traffic from LAN to dn42 (and maybe from dn42 to LAN too)
	40	+ - If you have more than one peer, allowing traffic from dn42 to dn42 (forwarding)
	41	+
	42	+Everything is done in `/etc/config/firewall`.
	43	+
	44	+### Zone declaration
	45	+
	46	+ config zone
	47	+ option name dn42
	48	+ option network 'dn42peer1 dn42peer2 dn42peer3'
	49	+ option input REJECT
	50	+ option output ACCEPT
	51	+ option forward REJECT
	52	+
	53	+If you need to NAT your home network into dn42, you probably just need to add:
	54	+
	55	+ option masq 1
	56	+
	57	+### dn42 ↔ LAN forwarding
	58	+
	59	+ config forwarding
	60	+ option src lan
	61	+ option dest dn42
	62	+
	63	+If you're confident enough, you can also forward dn42 into your LAN:
	64	+
	65	+ config forwarding
	66	+ option src dn42
	67	+ option dest lan
	68	+
	69	+Or you can forward only certain ports, to certain hosts, etc (standard `config rule` stuff)
	70	+
	71	+### dn42 ↔ dn42 forwarding
	72	+
	73	+This is more tricky. In theory, all you have to do is to set
	74	+
	75	+ option forward ACCEPT
	76	+
	77	+in the definition of the zone. However, due to a bug in Attitude Adjustment (see https://dev.openwrt.org/ticket/12945), this will allow forwarding everything everywhere.
	78	+
	79	+You have to use this patch: https://dev.openwrt.org/changeset/35484 (monkeypatching the relevant files in `/lib` should work).
	80	+
	81	+## DNS
	82	+
	83	+See [[Services-DNS-Configuration#dnsmasq]]. This will use the anycast dn42 DNS server to resolve `dn42` and relevant reverse domains.
...	...	\ No newline at end of file