SlyBlog – Page 2 – Free and Open Source Software and Hardware.

Netplan and systemd-networkd on Debian Bookworm

October 19, 2023July 10, 2023 by slyon

Debian’s cloud-images are using systemd-networkd as their default network stack in Bookworm. A slim and feature rich networking daemon that comes included with Systemd itself. Debian’s cloud-images are deploying Netplan on top of this as an easy-to-use, declarative control layer.

If you want to experiment with systemd-networkd and Netplan on Debian, this can be done easily in QEMU using the official images. To start, you need to download the relevant .qcow2 Debian cloud-image from: https://cloud.debian.org/images/cloud/bookworm/latest/

$ wget https://cloud.debian.org/images/cloud/bookworm/latest/debian-12-generic-amd64.qcow2

Prepare a cloud image

Next, you need to prepare some configuration files for cloud-init and Netplan, to prepare a data-source (seed.img) for your local cloud-image.

$ cat > meta.yaml <<EOF
instance-id: debian01
local-hostname: cloudimg
EOF

$ cat > user.yaml <<EOF
#cloud-config
ssh_pwauth: true
password: test
chpasswd:
  expire: false
EOF

$ cat > netplan.yaml <<EOF
network:
  version: 2
  ethernets:
    id0:
      match:
        macaddress: "ca:fe:ca:fe:00:aa"
      dhcp4: true
      dhcp6: true
      set-name: lan0
EOF

Once all configuration is prepared, you can create the local data-source image, using the cloud-localds tool from the cloud-image-utils package:

$ cloud-localds --network-config=netplan.yaml seed.img user.yaml meta.yaml

Launch the local VM

Now, everything is prepared to launch a QEMU VM with two NICs and do some experimentation! The following command will launch an ephemeral environment for you, keeping the original Debian cloud-image untouched. If you want to preserve any changes on disk, you can remove the trailing -snapshot parameter.

$ qemu-system-x86_64 \
  -machine accel=kvm,type=q35 \
  -cpu host \
  -m 2G \
  -device virtio-net-pci,netdev=net0,mac=ca:fe:ca:fe:00:aa \
  -netdev user,id=net0,hostfwd=tcp::2222-:22 \
  -nic user,model=virtio-net-pci,mac=f0:0d:ca:fe:00:bb \
  -drive if=virtio,format=qcow2,file=debian-12-generic-amd64.qcow2 \
  -drive if=virtio,format=raw,file=seed.img -snapshot

We set up the default debian user account through cloud-init’s user-data configuration above, so you can now login to the system, using that user with the (very unsafe!) password “test”.

$ ssh -o "StrictHostKeyChecking=no" -o "UserKnownHostsFile=/dev/null" -p 2222 debian@localhost # password: test

Experience Netplan and systemd-networkd

Once logged in successfully, you can execute the netplan status command to check the system’s network configuration, as configured through cloud-init’s netplan.yaml passthrough. So you’ve already used Netplan at this point implicitly and it did all the configuration of systemd-networkd for you in the background!

debian@cloudimg:~$ sudo netplan status -a
     Online state: online
    DNS Addresses: 10.0.2.3 (compat)
       DNS Search: .

●  1: lo ethernet UNKNOWN/UP (unmanaged)
      MAC Address: 00:00:00:00:00:00
        Addresses: 127.0.0.1/8
                   ::1/128
           Routes: ::1 metric 256

●  2: enp0s2 ethernet DOWN (unmanaged)
      MAC Address: f0:0d:ca:fe:00:bb (Red Hat, Inc.)

●  3: lan0 ethernet UP (networkd: id0)
      MAC Address: ca:fe:ca:fe:00:aa (Red Hat, Inc.)
        Addresses: 10.0.2.15/24 (dhcp)
                   fec0::c8fe:caff:fefe:aa/64
                   fe80::c8fe:caff:fefe:aa/64 (link)
    DNS Addresses: 10.0.2.3
           Routes: default via 10.0.2.2 from 10.0.2.15 metric 100 (dhcp)
                   10.0.2.0/24 from 10.0.2.15 metric 100 (link)
                   10.0.2.2 from 10.0.2.15 metric 100 (dhcp, link)
                   10.0.2.3 from 10.0.2.15 metric 100 (dhcp, link)
                   fe80::/64 metric 256
                   fec0::/64 metric 100 (ra)
                   default via fe80::2 metric 100 (ra)

As you can see from this output, the lan0 interface is configured via the “id0” Netplan ID to be managed by systemd-networkd. Compare this data to the netplan.yaml file above, the networkctl output, the local Netplan configuration in /etc/netplan/ and the auto-generated systemd-networkd configuration.

debian@cloudimg:~$ networkctl 
IDX LINK   TYPE     OPERATIONAL SETUP     
  1 lo     loopback carrier     unmanaged
  2 enp0s2 ether    off         unmanaged
  3 lan0   ether    routable    configured

3 links listed.

debian@cloudimg:~$ cat /etc/netplan/50-cloud-init.yaml 
# [...]
network:
    ethernets:
        id0:
            dhcp4: true
            dhcp6: true
            match:
                macaddress: ca:fe:ca:fe:00:aa
            set-name: lan0
    version: 2

debian@cloudimg:~$ ls -l /run/systemd/network/
total 8
-rw-r--r-- 1 root root  78 Jul  5 15:23 10-netplan-id0.link
-rw-r--r-- 1 root root 137 Jul  5 15:23 10-netplan-id0.network

Now you can go ahead and try something more advanced, like link aggregation, using the second NIC that you configured for this QEMU VM and explore all the possibilities of Netplan on Debian, by checking the Netplan YAML documentation.

Netplan 0.106.1 stable release

June 26, 2023 by slyon

We are happy to announce that Netplan 0.106.1 is available for download on Ubuntu Mantic Minotaur and Debian testing.

This release includes some improvements in our documentation and CI infrastructure and a number of bug fixes.

What’s new in Netplan 0.106.1?

Documentation

New Netplan tutorial. A tutorial for beginners on how to get started with Netplan was included in our main documentation. It’s intended to help newcomers to get familiar with Netplan and guide the reader through the basics to start using it. The new tutorial can be found in this link https://netplan.readthedocs.io/en/0.106.1/tutorial/
Netplan How-tos. The how-tos section was restructured and expanded with more use cases. The how-tos can be found in this link https://netplan.readthedocs.io/en/0.106.1/howto/
Manual pages. All Netplan subcommands now have their own man page. The online version of the man pages can be found in this link https://netplan.readthedocs.io/en/0.106.1/cli/
Desktop integration how-to. In Ubuntu Mantic (23.10), Netplan and Network Manager work in tandem to generate network configuration. This integration is described in more details here https://netplan.readthedocs.io/en/0.106.1/netplan-everywhere/

Infrastructure

canonical/setup-lxd GitHub action. The autopkgtest environment creation was standardized to use Canonical’s setup-lxd action.
Snapd integrations tests with spread. A new test set for the Snapd integration with Netplan was introduced using the spread tool.
DBus. A number of DBus integration tests were added to the Debian package.

New features

Keyfile parser improvements. Our Network Manager keyfile parser (the capability of loading Network Manager configuration to Netplan YAML) was expanded to support all the types of tunnels supported by Netplan.

Misc

Ubuntu’s Code of Conduct 2.0 was added to the code repository.
We added a new bash autocompletion script with all the Netplan’s subcommands.
The new release package was synchronized with Debian.

Bug fixes

Keyfile parser. This release contains a couple of important fixes for the NetworkManager integration stability: 1) adding WPA enterprise connections is now working fine and new test cases were added to the package; 2) a WireGuard peer with allowed IPs that don’t include the network prefix are now accepted.
Netplan parser. A number of memory leaks and stability issues were fixed.
DBus. An issue related to how directory paths are built in the Netplan DBus service was causing issues in the Snapd integration and was fixed.

For the complete list of changes please consult the debian/changelog file in https://launchpad.net/ubuntu/+source/netplan.io/+changelog

Netplan v0.106 is now available

February 15, 2023 by slyon

I’m happy to announce that Netplan version 0.106 is now available on GitHub and is soon to be deployed into an Ubuntu/Debian/Fedora installation near you! Six months and 65 commits after the previous version, this release is brought to you by 4 free software contributors from around the globe.

Highlights

Highlights of this release include the new netplan status command, which queries your system for IP addresses, routes, DNS information, etc… in addition to the Netplan backend renderer (NetworkManager/networkd) in use and the relevant Netplan YAML configuration ID. It displays all this in a nicely formatted way (or alternatively in machine readable YAML/JSON format).

Furthermore, we implemented a clean libnetplan API which can be used by external tools to parse Netplan configuration, migrated away from non-inclusive language (PR#303) and improved the overall Netplan documentation. Another change that should be noted, is that the match.macaddress stanza now only matches on PermanentMACAddress= on the systemd-networkd backend, as has been the case on the NetworkManager backend ever since (see PR#278 for background information on this slight change in behavior).

Changelog

New ‘netplan status’ CLI by @slyon in #290
API: implement APIs from the new specification by @daniloegea in #298
Check and fix non-inclusive language by @daniloegea in #303
Documentation improvements (using Diátaxis & RTD) by @slyon
Match by PermanentMACAddress by @rlaager in #278
Netplan api iterator by @daniloegea in #306
API: update netplan_delete_connection() to avoid spawning another process by @slyon in #322
NetworkManager 1.40 compat & file permission fixes (LP#1862600, LP#1997348) by @slyon in #300
Migrate from (deprecated) nose to pytest by @daniloegea in #302
parse: Add the filepath to OVS ports netdefs by @daniloegea in #295
Check if the interface name is too long (LP#1988749) by @daniloegea in #313
doc/examples: remove unnecessary route for IPv6 on-link gateways by @sbraz in #312
Memory leak CI action by @daniloegea in #321
tests:base:ethernets: Improve stability of autopkgtests by @slyon in #223

Bug fixes:

Fix some memory leaks by @daniloegea in #297
parser: plug a memory leak by @daniloegea in #309
src:parse: plug memory leaks in nullable handling by @slyon in #319
Fix ‘netplan ip leases’ crash (LP#1996941) by @daniloegea in #301
tests: mock calls to systemctl by @daniloegea in #314
ctests: fix an integer conversion issue by @daniloegea in #315
docs: small fix on netplan-set doc by @daniloegea in #316
parser: return the correct error on failure (LP#2000324) by @daniloegea in #308
apply: Fix crash when OVS is stopped (LP#1995598) by @daniloegea in #307
networkd: make sure VXLAN is in the right section (LP#2000713) by @daniloegea in #310
cli:set: update only specific origin-hint if given (LP#1997467) by @slyon in #299
vxlan: convert some settings to tristate (LP#2000712) by @daniloegea in #311
parser: check for route duplicates (LP#2003061) by @daniloegea in #320

Netplan v0.105 is now available

August 19, 2022August 18, 2022 by slyon

I’m happy to announce that Netplan version 0.105 is now available on GitHub and is soon to be deployed into an Ubuntu/Debian installation near you! Six month and exactly 100 commits after the previous version, this release is brought to you by 7 free software contributors from around the globe.

Changelog

Add support for VXLAN tunnels (#288), LP#1764716
Add support for VRF devices (#285), LP#1773522
Add support for InfiniBand (IPoIB) (#283), LP#1848471
Allow key configuration for GRE tunnels (#274), LP#1966476
Allow setting the regulatory domain (#281), LP#1951586
Documentation improvements & restructuring (#287)
Add meson build system (#268)
Add abigail ABI compatibility checker (#269)
Update of Fedora RPM spec (#264)
CI improvements (#265, #282)
Netplan set uses the consolidated libnetplan YAML parser (#254)
Refactor ConfigManager to use the libnetplan YAML parser (#255)
New netplan_netdef_get_filepath API (#275)
Improve NetworkManager device management logic (#276), LP#1951653

Bug fixes

Fix apply netdev rename/create race condition (#260), LP#1962095
Fix try timeout (#271), LP#1967084
Fix infinite timeouts in ovs-vsctl (#266), Debian#1000137
Fix offload options using tristate setting (#270), LP#1956264
Fix rendering of NetworkManager passthrough WPA types (#279), LP#1972800
Fix CLI crash on LibNetplanException (#286)
Fix NetworkManager internal DHCP client lease lookup (#284), LP#1979674

Netplan v0.104 is now available

February 18, 2022 by slyon

I’m happy to announce that netplan.io version 0.104 is now available on Github and has been uploaded into the next Ubuntu LTS release, code name “Jammy”: netplan.io 0.104-0ubuntu1! This is a big release that has been brought to you by 10 contributors around the globe.

Changelog:

Enable embedded-switch-mode setting on SmartNICs (#253)
Permit multiple patterns for the driver globs in match (#202), LP#1918421
Improve routing capabilities (#248), LP#1892272, LP#1805038
Support additional link offload options for networkd (#225) (#242), LP#1771740
- receive-checksum-offload, transmit-checksum-offload, tcp-segmentation-offload,
  tcp6-segmentation-offload, generic-segmentation-offload, generic-receive-offload,
  large-receive-offload
Consolidate enum-to-string arrays (#230)
Handle differing ip6-privacy default value for NetworkManager (#263)
YAML state tracking (--state rootdir) for DBus API and netplan try (#231), LP#1943120
Support ConfigureWithoutCarrier (ignore-carrier) for networkd (#215)
Move primary git branch master to main
Documentation improvements (#226)
Compatibility for glib-2.70 (#235)
Cleanup Makefile, install only public headers
Improve test reliability & enable integration testing CI for autopkgtests
Netplan get to use the libnetplan parser (#252)
libnetplan:
- introduce the notion of NetplanState (#232)
- use an explicit parser context (#233)
- expose coherent generator APIs (#239)
- improve overall error handling (#234)
- consolidation of YAML parsing into the library (#241, #249, #250, #251)
Restrict the symbol export to a determined public API (#227)
- WARNING: We dropped some internal symbols from the API that we know
  have no external consumers (that we are aware of)
- 0.103: _serialize_yaml, contains_netdef_type, tmp, validate_default_route_consistency
- 0.102: cur_filename, netplan_netdef_new
- 0.100: address_option_handlers, is_hostname, validate_ovs_target, wireguard_peer_handlers
- 0.99: current_file, is_ip4_address, is_ip6_address, missing_id,
  missing_ids_found, parser_error, validate_backend_rules, validate_netdef_grammar,
  yaml_error

Bug fixes:

Fix removal of defunct OVS vlan interfaces (#256), LP#1959147
Make ConfigManager cleanup on destruction (#259), LP#1959729
Do not write unvalidated YAML from keyfile (#247), LP#1952967
Disable temporary address generation for real with NetworkManager (#244), LP#1948027
- this is a slight change in behavior for NM, but is in line with the docs
  and implementation of the networkd backend renderer
Ignore empty YAML hints and delete files on set network=null (#246), LP#1946957
Wait for ‘netplan try’ to be ready in DBus API (#245), LP#1949893
Initialize self.state in apply (#243), LP#1949104
Driver fallback to nl80211 and/or wext for wpa_supplicant (#240), LP#1814012
Handle missing gateway in keyfile routes, keep dns-search fallback (#238)
Make it possible to unset a whole devtype subtree (#236), LP#1942930
Fix normalization of multiple keys on a single dict in tests (#229)
Add default-routes feature flag
Fix memory leaks, dangling pointers & overall cleanup of API data (#228)
Small whitespace and formatting fixes & shipping EditorConfig (#224)

EOS Gift Card as Birthday Present

March 20, 2019 by slyon

Introduction

Do you have a fellow co-worker, friend or family member, who is interested in blockchain, but did not yet find the right motivation to learn all the technical details of this new ecosystem? Here comes the right tool for your!

EOS Gift Card

The DApp at eosgiftcard.com allows you to create a new EOS account for a friend with just a few clicks. This account can be customized via three different CPU/NET/RAM configurations, choosing between a “Basic”, “Standard” or “Pro” tier. First you choose a custom 12 letter EOS account name for your friend (e.g. jimmyparker1) and select an account tier. Afterwards, you need to sign off the creation of this new account, using Scatter and your existing EOS account.

A new EOS account of your chosen name will be created automatically and instantly through a smart contract, CPU and NET resources will be staked and RAM will be bought according to your chosen configuration. Finally, the remaining EOS balance (difference between the price of your chosen account tier and cost of creating an account) will be transferred to your friends new EOS account as a beginning balance and the app will generate a nicely formatted PDF document. This PDF contains the account credentials, useful links to wallet applications and a list of popular DApps, so that your friend is able to get started using EOS without any further explanation. This document can be printed and handed out to your friend as a personal gift.

The smallest gift card starts at a price of 2 EOS, so you can gift this to anybody. Your friend now has a real motivation to get into EOS and the blockchain space, as he is in possession of real EOS tokens! But you don’t need to fear of loosing to much, in case of him still not finding the right motivation, as the gift cards start at only $7 (at the time of this writing). The smallest gift card contains ~1.4 liquid EOS (depending on current RAM price), 3 KiB of RAM and 0.3 EOS of staked CPU/NET resources, which allows for basic usage of the blockchain and getting into the EOS ecosystem, while keeping full control of the account. Also, the account is future proof, as it can be upgraded at any time by purchasing and staking additional EOS tokens.

Security

We deployed a strong Content-Security-Policy (CSP), which protects you from XSS attacks and makes sure that nobody can access the keys generated by this app, not even us! This is implemented by the connect-src directive, which enforces your local browser to only allow outgoing data to the EOS node at public.eosinfra.io (for sending the signed transaction) and your local Scatter wallet, as can be verified here: cspvalidator.org

In addition to this, the generated PDF will be downloaded via a secure https connection (TLS encryption). Make sure to verify that you can see the small lock in the address bar of your browser!

Your perfect EOS present

Introduce somebody you love into the blockchain ecosystem, by making him a personal gift. Only personal contacts and recommendations will allow for mainstream adoption of the EOS blockchain!

https://eosgiftcard.com

Simple EOS Dev Environment

January 11, 2019November 18, 2018 by slyon

This is a beginner’s guide, to setup a simple development environment for the EOSIO blockchain, which will get you up and running in five simple steps from zero to your first smart contract in less than 10 minutes. Afterwards, you will know how to code and test your own smart contracts on an EOS testnet quickly and for free. In this guide we make use of simple tools, which offer a great developer experience, such as the eosio.cdt (Contract Development Toolkit), the Kylin testnet and the eosc command line wallet. We’re using a development machine, running the Ubuntu 18.04 operating system.

So let’s get started!

1. Account, Keys and Tokens

The Kylin Testnet, which is run by several high class block producers, allows easy and fast access to a (non-productive) EOSIO blockchain, using it’s free Account and Faucet services. We’re going to create a new EOS account (12 character name) on the testnet, including @owner and @active keypairs and charge it up with 100 dummy EOS tokens.

Let’s call our new EOS account: dummyaccount

curl http://faucet.cryptokylin.io/create_account?dummyaccount

{
  "msg": "succeeded",
  "keys": {
    "active_key": {
      "public": "EOS7kNBssiunoW7VGcx79BXGUvjbgcaPva4azRwhuTXRfJJ192DJ2",
      "private": "5J1SYvRP1JpWBtk85a4zAbXUmAyBqtr3r58hLuDF5YX6HdcfTYo"
    },
    "owner_key": {
      "public": "EOS6nUXrdodNwRspd7Z42Yp8nRH44wuJNYYoVHSMddr28KKS6Ke4J",
      "private": "5KQzVMR9sZ8sRmRb3NQEzyW43peUow6pYLo831AAXGyEZP7h77z"
    }
  },
  "account": "dummyaccount"
}

curl http://faucet.cryptokylin.io/get_token?dummyaccount

{ "msg": "succeeded" }

Save your @owner and @active keypairs somewhere safe, you’ll need them for the next steps.

2. Wallet and CLI

Next we will download and install the eosc command line wallet, by EOS Canada, in order to interact with the EOS blockchain (currently v1.1.0). This will help us to safely store our private keys and send transactions to the blockchain.

mkdir eosc && cd eosc
curl -LO https://github.com/eoscanada/eosc/releases/download/v1.1.0/eosc_1.1.0_linux_x86_64.tar.gz
tar xzvf ./eosc_1.1.0_linux_x86_64.tar.gz

Now we can use it to import our EOS account via the @active key. This will create a file, named eosc-vault.json, which will contain your encrypted private key.

./eosc vault create --import

- Paste your @active private key from above.
  5J1SYvRP1JpWBtk85a4zAbXUmAyBqtr3r58hLuDF5YX6HdcfTYo
- Hit ENTER.
- Choose a passphrase

3. Account Setup

Here we will issue three ./eosc commands, to setup our account for the deployment of a smart contract. We delegate 20 EOS tokens as blockchain resources (5 EOS staked for NET, 15 EOS staked for CPU) and use some more EOS tokens to buy 500 KiB of RAM as storage for our smart contract. Finally, we check our account with the eosc get account command.

Hint: We need approximately 10x the bytes of RAM as is the filesize of our WASM binary contract, due to the overhead of the virtual machine. So if our compiled contract file (e.g. hello.wasm) has a filesize of 10 KiB, we need approximately 100 KiB in RAM resources on the EOSIO blockchain, to deploy the contract.

./eosc -u https://kylin.eoscanada.com system delegatebw dummyaccount dummyaccount 5 15

./eosc -u https://kylin.eoscanada.com system buyrambytes dummyaccount dummyaccount 512000

./eosc -u https://kylin.eoscanada.com get account dummyaccount
privileged:   false
created at:   2018-11-15 14:45:25 +0000 UTC

permissions:
     "owner" w/1         :  +1 EOS6nUXrdodNwRspd7Z42Yp8nRH44wuJNYYoVHSMddr28KKS6Ke4J
           "active" w/1  :  +1 EOS7kNBssiunoW7VGcx79BXGUvjbgcaPva4azRwhuTXRfJJ192DJ2

memory:
      quota:           506.8  KB   used:           3.490  KB

net bandwidth:
      staked:              5.0000  EOS    (total stake delegated from account to self)
      delegated:           1.0000  EOS    (total stake delegated to account from others)
      used:                   257  bytes
      available:            11.18  MB
      limit:                11.18  MB

cpu bandwidth:
      staked:             15.0000  EOS  (total stake delegated from account to self)
      delegated:           1.0000  EOS  (total stake delegated to account from others)
      used:                 1.129  ms
      available:            807.2  ms
      limit:                808.3  ms

EOS balances:
      liquid:             67.8553  EOS
      staked:             20.0000  EOS
      unstaking:           0.0000  EOS
      total:              87.8553  EOS

voted for:
      

voter info:
      proxy:                
      is proxy:             false
      staked:               200000
      vote weight:          0.000000
      proxied vote weight:  0.000000

4. Contract Development Toolkit

Download and install the latest version of eosio.cdt (currently v1.4.1). This will give you access to the smart contract WASM and ABI compilers/generators, as well as to the eosio C/C++ libraries and header files. Get it at: https://github.com/EOSIO/eosio.cdt/releases

curl -LO https://github.com/EOSIO/eosio.cdt/releases/download/v1.4.1/eosio.cdt-1.4.1.x86_64.deb
sudo dpkg -i ./eosio.cdt-1.4.1.x86_64.deb

5. Compile and Deploy a Smart Contract

Let’s create a simple “Hello World” smart contract, by creating a file with the following contents, named hello.cpp:

#include <eosiolib/eosio.hpp>
#include <eosiolib/print.hpp>

using namespace eosio;

CONTRACT hello : public contract {
  public:
      using contract::contract;

      ACTION hi( name user ) {
         print( "Hello, ", name{user});
      }

      ACTION yo( name user ) {
         print( "Yo, ", name{user});
      }
};
EOSIO_DISPATCH( hello, (hi)(yo) )

This C++ file can now be compiled and deployed to the EOS blockchain, using the eosio.cdt Contract Development Toolkit. After compilation we will get a binary WASM file hello.wasm of about 2.3 KiB (needs ~23 KiB of eosio RAM) and a file named hello.abi, which describes the interface of our code’s actions.

eosio-cpp -o hello.wasm hello.cpp --abigen

./eosc -u https://kylin.eoscanada.com system setcontract dummyaccount ./hello.wasm ./hello.abi

./eosc -u https://kylin.eoscanada.com tx create dummyaccount yo '{"user":"bob"}' -p dummyaccount

Congratulations!

After finishing the five simple steps above, you can now officially call yourself a “Blockchain Expert”. 😉

Feel free to experiment with the above mentioned tools, keep on improving your EOSIO knowledge with help of the hyperlinks I put into the article and continue to develop you very own EOS smart contracts!

If you liked this tutorial, please consider a donation to my EOS account: teammaerdian

Freifunk mit Ubiquiti UniFi AP

August 1, 2018April 12, 2015 by slyon

Was ist Freifunk.net?

Die Initiative Freifunk.net ist ein nicht-komerzielles, gemeinschaftliches Projekt vieler Freiwilliger, die sich zum Ziel gesetzt haben ein unabhängiges und dezentrales WLAN-Netzwerk aufzubauen, welches von Jederman frei zugänglich, unzensiert und anonym verwendet werden kann und außerdem die Netzneutralität wahrt. Die Initiative ist dabei in lokalen Freifunk-Communities organisiert, welche in jeder größeren und kleineren Stadt anzutreffen sind.

Das Freifunk-Netz erstreckt sich bereits über ganz Deutschland und wächst mit jedem Unterstützer ein Stückchen weiter. Ob auch in deiner Nähe schon ein Freifunk-Zugangspunkt ist, über den du ohne Anmeldung einen freien Internet-Zugang bekommen kannst, erfährst du auf der Freifunk-Karte!

Mitmachen darf jeder! Zum Unterstützen der Idee tritt man am besten mit seiner lokalen Freifunk-Community in Kontakt. Dort kann man sich informieren und austauschen und im Regelfall auch einen eigenen, vorkonfigurierten Freifunk-Router ab 20€ beziehen. Schau also einfach vorbei, z.B. bei Freifunk-München!

Freifunk Technik

Freifunk ist als Mesh-Netzwerk konzipiert. Das bedeutet, dass sich benachbarte Freifunk-Router (Knoten) automatisch miteinander verbinden. Netzwerk-Pakete werden dann auf ihrem Weg vom Benutzer (z.B. Smartphone) von Knoten zu Knoten weitergeleitet bis sie ihr Ziel (z.B. Wikipedia) erreichen. Um auch in Situationen in denen keine benachbarten Freifunk-Knoten in Reichweite sind einen Zugang zum Freifunk-Netz zu bekommen, betreiben die Freifunk Communities VPN-Gateways. Isolierte Knoten können so über den privaten Internetzugang des Knoten-Betreibers eine verschlüsselte VPN-Verbindung zum restlichen Freifunk-Netz herstellen. Vom VPN-Gateway aus kann – über eine Verbindung ins Ausland – auch das Internet erreicht werden. Auf diese Weise wird geschickt das rechtliche Problem der deutschen Störerhaftung umgangen.

Auf Freifunk-Routern läuft eine speziell angepasste Version der freien OpenWrt Firmware, namens Gluon. Gluon stellt dabei eine stark vereinfachte Web-Oberfläche bereit, welche zum Einrichten und Konfigurieren eines Freifunk-Knotens verwendet werden kann. Außerdem enthält Gluon einen Autoupdater, welcher den eigenen Freifunk-Knoten immer automatisch auf den aktuellen Softwarestand updatet. Für erfahrene Benutzer gibt es zusätzlich die Möglichkeit sich per SSH auf dem Router einzuloggen, um den vollen Funktionsumfang von OpenWrt auszunutzen.

Unterstützte Hardware

Durch die OpenWrt Basis der Freifunk Firmware “Gluon” gibt es eine breite Auswahl an unterstützen Routern. Zu den geläufigsten Modellen zählen Router der Firmen TP-Link und Ubiquiti Networks. Welche Router im einzelnen unterstützt werden erfährt man auf der Website der lokalen Freifunk-Community. Wegen eines sehr guten Preis-Leistungs-Verhältnisses (Preis < 20€) erfreut sich der Router “TP-Link TL-WR841N” zur Zeit sehr großer Beliebtheit.

Ich habe mich für meinen ersten Freifunk-Knoten für das Modell “Ubiquiti UniFi AP Long Range” (Ubnt UAP-LR) entschieden. Dieser bietet eine sehr gute Reichweite von bis zu 180m, eine leichte Verkabelung dank Stromversorgung über das Netzwerkkabel und wird offiziell von meiner Freifunk-Community (Freifunk-München) unterstützt. Die Freifunk Installation und Konfiguration dieses Routers möchte ich im folgenden exemplarisch für “Freifunk-München” erläutern.

UniFi Router flashen

Nach dem Auspacken und Anschließen des UniFi AP ans lokale Heim-Netzwerk bekommt dieser per DHCP automatisch eine IP-Adresse zugewiesen (<UAP-IP>), welche in der Web-Oberfläche des privaten Internet-Routers (z.B. FritzBox) nachgeschaut werden kann. Mit einem Linux-Computer erfolgt die Installation der Freifunk Firmware (Gluon) auf dem UniFi AP danach in 3 einfachen Schritten:

Via SSH in die original Software des UAP einloggen:
```
ssh ubnt@<UAP-IP> #(Passwort: ubnt)
```
UniFi Factory-Firmware der lokalen Freifunk-Community ins /tmp Verzeichnis des Routers downloaden, z.B.:
```
cd /tmp
wget http://firmware.ffmuc.net/stable/factory/gluon-ffmuc-v2015.2-ubiquiti-unifi.bin
```

Freifunk-Firmware auf den Router flashen:

fwupdate.real -m gluon-ffmuc-v2015.2-ubiquiti-unifi.bin -d

Nachdem das Kommando ‘fwupdate.real’ erfolgreich ausgeführt wurde, gibt es das Wort “Done” aus und der Router kann vom Strom-/Netzwerkkabel und vom Heim-Netzwerk (am PoE-Adapter) getrennt werden. (Quelle)

UniFi Router konfigurieren

Anstelle vom Heim-Netzwerk (z.B. FritzBox) sollte der Router jetzt direkt mit dem eigenen Computer verbunden werden. Nachdem das Strom-/Netzwerkkabel wieder angesteckt wurde startet der UniFi AP die neu installierte Freifunk-Firmware im Setup/Config-Mode. Alternativ erreicht man den Config-Mode durch drücken der Reset-Taste für ca. 3 Sekunden. Den Config-Mode kann man daran erkennen, dass die grüne LED des Routers blinkt (ca. 1x pro Sekunde).

Im Config-Mode hat der UAP die IP-Adresse 192.168.1.1 und betreibt einen DHCP-Server, so dass der eigene Computer automatisch eine IP-Adresse aus dem Bereich 192.168.1.x/24 zugewiesen bekommen sollte. Alternativ kann dem eigenen Computer auch manuell eine IP-Adresse aus diesem Bereich gegeben werden (z.B. 192.168.1.100). Steht die Verbindung zwischen Computer und Router, kann die Gluon Web-Oberfläche auf http://192.168.1.1 erreicht werden.

Die Gluon Web-Oberfläche stellt verschiedene Felder zum Konfigurieren des Knoten bereit (Name, Kontakt, Geo-Koordinaten, Bandbreitenlimitierung, …) und ist weitgehend selbsterklärend. Nach abschließen der Konfiguration muss der Router nochmals neu gestartet werden. Auch kann er nun wieder mit dem lokalen Heim-Netzwerk verbunden werden, so dass er ggf. übers Internet eine Verbindung zum Freifunk-VPN-Gateway herstellen kann. Der Router startet nun in den Normal-Mode: Die grüne LED leuchtet dauerhaft.

Für erfahrene Benutzer gibt es zusätzlich zum Normal-Mode und Config-Mode auch noch den Failsafe-Mode. Dieser kann erreicht werden wenn im Bootvorgang des Routers mehrfach die Reset-Taste gedrückt wird. Im Failsafe-Mode blinkt die grüne LED sehr schnell (schneller als 1x pro Sekunde). In diesem Modus sind alle Services deaktiviert und der Router ist nur per Telnet/SSH auf 192.168.1.1 zu erreichen.
(Quelle 1, Quelle 2, Quelle 3)

Viel Spaß mit eurem eigenen Freifunk-Knoten!

OpenPhoenux Hard- & Software Workshop 2014

August 1, 2018November 6, 2014 by slyon

Soon this year’s OpenPhoenux Hard- & Software Workshop (OHSW) will take place in Garching (near Munich) at the TUM Campus in Garching. There will be a lot of intetresting topics to discuss and people to meet. Make sure to drop by if you find some time!

The agenda and further details are now available online:

OHSW Homepage

What’s New in the Linux Network Stack?

August 1, 2018October 15, 2014 by slyon

Recently, I attented a seminar at university and created a paper named “What’s New in the Linux Network Stack?”. As the content of my paper might be of interest to some people in the community, I decided to publish it here.

Abstract
In this paper, interesting features of the Linux kernel’s network stack are analyzed, which were introduced during the development cycles from Linux v3.7 to Linux v3.16. Special attention is given to the low-latency device polling, introduced in Linux v3.11, the netfilter’s SYNPROXY target, introduced in Linux v3.12 and the new Nftables framework, introduced in Linux v3.13. At the end a trend is presented, which shows the direction in which the Linux network stack is evolving.

Download

Feel free to study, improve and build upon my work as desired! Feedback is welcome.

Update: This paper is now formally released in the “Proceedings of the Seminars Future Internet (FI) and Innovative Internet Technologies and Mobile Communications (IITM)”, which can be found here: DOI: 10.2313/NET-2015-03-1