From equinox at diac24.net Wed Dec 2 13:49:08 2009 From: equinox at diac24.net (equinox) Date: Wed, 2 Dec 2009 13:49:08 +0100 Subject: [dn42] a few words about IPv6 addresses... Message-ID: <20091202124907.GB14617@jupiter.n2.diac24.net> Since there seems to be considerable confusion about IPv6 addresses... recommended reading: http://www.ietf.org/rfc/rfc3513.txt http://www.ietf.org/rfc/rfc2460.txt (less important than 3513) [RFC2460] 2. Terminology [shortened] node - a device that implements IPv6. link - a communication facility or medium over which nodes can communicate at the link layer, i.e., the layer immediately below IPv6. Examples are Ethernets (simple or bridged); PPP links; X.25, Frame Relay, or ATM networks; and internet (or higher) layer "tunnels", such as tunnels over IPv4 or IPv6 itself. interface - a node's attachment to a link. [RFC3513] 2.1 Addressing Model IPv6 addresses of all types are assigned to interfaces, not nodes. An IPv6 unicast address refers to a single interface. Since each interface belongs to a single node, any of that node's interfaces' unicast addresses may be used as an identifier for the node. All interfaces are required to have at least one link-local unicast address (see section 2.8 for additional required addresses). A single interface may also have multiple IPv6 addresses of any type (unicast, anycast, and multicast) or scope. Unicast addresses with scope greater than link-scope are not needed for interfaces that are not used as the origin or destination of any IPv6 packets to or from non-neighbors. This is sometimes convenient for point-to-point interfaces. There is one exception to this addressing model: [... bonding ...] Currently IPv6 continues the IPv4 model that a subnet prefix is associated with one link. Multiple subnet prefixes may be assigned to the same link. * tunnels with _only_ global ipv6 addresses ARE NOT FUCKING VALID AND NEED TO DIE! FIX YOUR SETUPS. * the fe80::/64 subnet already is a subnet prefix. The scopes are split in section 2.4. This means you MAY assign link-local plus global, the only thing you MUST do is assign link-local! * read very carefully: "Unicast addresses with scope greater than link-scope are not needed for interfaces that are not used as the origin or destination of any IPv6 packets to or from non-neighbors." * if you do not want your kernel to use a global address from your tunnel for communication, then DO NOT ASSIGN ONE. * your BGP session is to a neighbor, isn't it? using linklocals is just fine there. [RFC3513] 2.5.3 The Loopback Address [...] and may be thought of as the link-local unicast address of a virtual interface (typically called "the loopback interface") to an imaginary link that goes nowhere. * lo is an interface * you can assign global adresses to it. * the cleanest way to assign a global adress to your router - which btw needs, because it has to be able to send ICMPv6 error msgs - is to put one (1) single global IPv6 adress on loopback. [RFC3513] 2.5.6 Local-Use IPv6 Unicast Addresses There are two types of local-use unicast addresses defined. These are Link-Local and Site-Local. The Link-Local is for use on a single link and the Site-Local is for use in a single site. Link-Local addresses have the following format: | 10 | | bits | 54 bits | 64 bits | +----------+-------------------------+----------------------------+ |1111111010| 0 | interface ID | +----------+-------------------------+----------------------------+ Link-Local addresses are designed to be used for addressing on a single link for purposes such as automatic address configuration, neighbor discovery, or when no routers are present. * BSD fe80::/10 does not make sense. Use fe80::/64. * read RFC3879 if you want to know what happened to Site-Local. * routing IS neighbor discovery. when you do routing, you're saying "hey, router, this subnet 2001:a:b::/48 needs to go via router A [on link/subnet B]". now if a packet arrives, your router needs the link-layer (MAC) address - which it gets via ND! Using global adresses for routes is WRONG. PLEASE DO NOT INCORRECTLY CARRY WHAT YOU THINK IS "WISDOM" FROM IPv4 TO IPv6! be specs compliant! -equi P.S.: plz excuse the tone, but i get the feeling some ppl need it or they won't listen. most people got their setup right! yay! *thumbsup* P.P.S.: amadeus: feel free to forward this to your braindead ISP :) -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: not available URL: From schrodinger at konundrum.org Tue Dec 8 21:13:58 2009 From: schrodinger at konundrum.org (Schrodinger) Date: Tue, 8 Dec 2009 20:13:58 +0000 Subject: [dn42] Interested in Peering Message-ID: <20091208201358.GC24950@magellan.hyperion.xnet> Hello, I am very interested in peering and being involved with dn42. Here is my network at home http://konundrum.org/lanbuild.pdf I am on a 10Mbit/1Mbit cable broadband line in Ireland. I would like to know what are the first steps to peer or can someone contact me in regards the first steps in peering with them. From what I can tell the first step I would need to achieve before peering would be to re-number my LAN at home. Maybe this is not true.... I would be using OpenBSD as my primary firewall/router. The requirements for the VPN seem to be either OpenVPN or GRE. Is it possible to use IPSec? I look forward to discussing this. Regards, Schrodinger. -- +---------------------------------------------------------------+ It was a new day yesterday, but it's an old day now. ICQ: 112562229 GPG: http://www.konundrum.org/schro.asc -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 195 bytes Desc: not available URL: From tobias.fiebig at wouldyoubuythis.net Tue Dec 8 23:04:26 2009 From: tobias.fiebig at wouldyoubuythis.net (Tobias Fiebig) Date: Tue, 8 Dec 2009 23:04:26 +0100 Subject: [dn42] Interested in Peering In-Reply-To: <20091208201358.GC24950@magellan.hyperion.xnet> References: <20091208201358.GC24950@magellan.hyperion.xnet> Message-ID: <20091208220426.GA5523@mail.wouldyoubuythis.net> Hello, > I am very interested in peering and being involved with dn42. I can offer you a peering to as64632/as64677, and i personally prefer openvpn as peeringsolution, and can assist you in setting up your first peering etc. With best regards, Tobias PS: you can contact me via jabber: ichdasich at jabber.ccc.de From tobias at linuxdingsda.de Tue Dec 8 23:13:56 2009 From: tobias at linuxdingsda.de (Tobias Winter) Date: Tue, 08 Dec 2009 23:13:56 +0100 Subject: [dn42] Interested in Peering In-Reply-To: <20091208220426.GA5523@mail.wouldyoubuythis.net> References: <20091208201358.GC24950@magellan.hyperion.xnet> <20091208220426.GA5523@mail.wouldyoubuythis.net> Message-ID: <4B1ECFA4.6030400@linuxdingsda.de> Tobias Fiebig wrote: > I can offer you a peering to as64632/as64677, and i personally if i only had bet on who would be the first one to answer :) but i of course second that with as64822, if need be. feel free to contact me via jabber. wintix at jabber.ccc.de -- wintix -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 261 bytes Desc: OpenPGP digital signature URL: From crest at cyb0rg.org Wed Dec 9 13:37:08 2009 From: crest at cyb0rg.org (Crest) Date: Wed, 09 Dec 2009 13:37:08 +0100 Subject: [dn42] Interested in Peering In-Reply-To: <20091208201358.GC24950@magellan.hyperion.xnet> References: <20091208201358.GC24950@magellan.hyperion.xnet> Message-ID: <4B1F99F4.9020102@cyb0rg.org> Schrodinger wrote: > Hello, > > I am very interested in peering and being involved with dn42. > > Here is my network at home http://konundrum.org/lanbuild.pdf > > I am on a 10Mbit/1Mbit cable broadband line in Ireland. Schrodinger wrote: > I would like to know what are the first steps to peer or can someone > contact me in regards the first steps in peering with them. From what I > can tell the first step I would need to achieve before peering would be > to re-number my LAN at home. Maybe this is not true.... > Renumbering is the cleanest solution but some binat rules in your pf.conf are a possible workaround if you prefer a permanent pain in the ass to some initial overhead. Schrodinger wrote: > I would be using OpenBSD as my primary firewall/router. The requirements > for the VPN seem to be either OpenVPN or GRE. Is it possible to use > IPSec? Their is no policy enforcing the use of specific tunneling protocols. OpenVPN ist the defacto standard because is available for nearly all *nix platforms and easier to use than ipsec tunnels on most operating systems. As far as I know OpenBSD the only OS offering a sane way to configure IPsec tunnels although dead peer detection isn't working. Schrodinger wrote: > I look forward to discussing this. I'm using a FreeBSD 8.0 box with XORP and OpenVPN as homerouter and would like to try setting up an IPsec tunnel with NAT-T support. From schrodinger at konundrum.org Wed Dec 9 14:51:31 2009 From: schrodinger at konundrum.org (Schrodinger) Date: Wed, 9 Dec 2009 13:51:31 +0000 Subject: [dn42] Interested in Peering In-Reply-To: <4B1F99F4.9020102@cyb0rg.org> References: <20091208201358.GC24950@magellan.hyperion.xnet> <4B1F99F4.9020102@cyb0rg.org> Message-ID: <20091209135130.GA11050@purplehaze.kerna.ie> On 2009/12/09 13:37, Crest wrote: [...] > > Schrodinger wrote: > > I would like to know what are the first steps to peer or can someone > > contact me in regards the first steps in peering with them. From what I > > can tell the first step I would need to achieve before peering would be > > to re-number my LAN at home. Maybe this is not true.... > > > > Renumbering is the cleanest solution but some binat rules in your > pf.conf are a possible workaround if you prefer a permanent pain in the > ass to some initial overhead. Yes I had thought this, however I am unfamiliar with OpenBGPD. Wouldn't it expect a route for 172.22.x.x/xx in my routing table? An equivalent solution on a Cisco would be a route to this network via Null0 but I do not know how to accomplish this in OpenBSD. > > Schrodinger wrote: > > I would be using OpenBSD as my primary firewall/router. The requirements > > for the VPN seem to be either OpenVPN or GRE. Is it possible to use > > IPSec? > > Their is no policy enforcing the use of specific tunneling protocols. > OpenVPN ist the defacto standard because is available for nearly all > *nix platforms and easier to use than ipsec tunnels on most operating > systems. As far as I know OpenBSD the only OS offering a sane way to > configure IPsec tunnels although dead peer detection isn't working. > > Schrodinger wrote: > > I look forward to discussing this. > > I'm using a FreeBSD 8.0 box with XORP and OpenVPN as homerouter and > would like to try setting up an IPsec tunnel with NAT-T support. I am planning to peer with ichdasich this weekend, all things going to my plan, however when I have accomplished this I would be very interested to peer with you and anyelse who has already offered to allow me to peer with them. I would definitely be interested in setting up an IPsec VPN as I am more used to configuring general IPsec than I am OpenVPN. I also have a preference for using x509 for ISAKMP auth if you would be interested in that aswell. Schrodinger. > > _______________________________________________ > dn42 mailing list > dn42 at lists.spaceboyz.net > http://lists.spaceboyz.net/mailman/listinfo/dn42 -- +---------------------------------------------------------------+ It was a new day yesterday, but it's an old day now. MSN: schro5 at hotmail.com ICQ: 112562229 GPG: http://www.konundrum.org/schro.asc -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 196 bytes Desc: not available URL: From crest at cyb0rg.org Wed Dec 9 17:32:59 2009 From: crest at cyb0rg.org (Crest) Date: Wed, 09 Dec 2009 17:32:59 +0100 Subject: [dn42] Interested in Peering In-Reply-To: <20091209135130.GA11050@purplehaze.kerna.ie> References: <20091208201358.GC24950@magellan.hyperion.xnet> <4B1F99F4.9020102@cyb0rg.org> <20091209135130.GA11050@purplehaze.kerna.ie> Message-ID: <4B1FD13B.6050302@cyb0rg.org> Schrodinger schrieb: > On 2009/12/09 13:37, Crest wrote: > [...] >> Schrodinger wrote: >>> I would like to know what are the first steps to peer or can someone >>> contact me in regards the first steps in peering with them. From what I >>> can tell the first step I would need to achieve before peering would be >>> to re-number my LAN at home. Maybe this is not true.... >>> >> Renumbering is the cleanest solution but some binat rules in your >> pf.conf are a possible workaround if you prefer a permanent pain in the >> ass to some initial overhead. > > Yes I had thought this, however I am unfamiliar with OpenBGPD. Wouldn't > it expect a route for 172.22.x.x/xx in my routing table? An equivalent > solution on a Cisco would be a route to this network via Null0 but I do > not know how to accomplish this in OpenBSD. If I remember correctly OpenBGPd (hopefully) announces only reachable prefixes. But you could define an alias on a loopback interface like this: ifconfing lo0 alias 172.22.xx.yy/zz From schrodinger at konundrum.org Wed Dec 9 17:39:25 2009 From: schrodinger at konundrum.org (Schrodinger) Date: Wed, 9 Dec 2009 16:39:25 +0000 Subject: [dn42] Interested in Peering In-Reply-To: <4B1FD13B.6050302@cyb0rg.org> References: <20091208201358.GC24950@magellan.hyperion.xnet> <4B1F99F4.9020102@cyb0rg.org> <20091209135130.GA11050@purplehaze.kerna.ie> <4B1FD13B.6050302@cyb0rg.org> Message-ID: <20091209163925.GC11050@purplehaze.kerna.ie> On 2009/12/09 17:32, Crest wrote: > Schrodinger schrieb: > > On 2009/12/09 13:37, Crest wrote: > > [...] > >> Schrodinger wrote: > >>> I would like to know what are the first steps to peer or can someone > >>> contact me in regards the first steps in peering with them. From what I > >>> can tell the first step I would need to achieve before peering would be > >>> to re-number my LAN at home. Maybe this is not true.... > >>> > >> Renumbering is the cleanest solution but some binat rules in your > >> pf.conf are a possible workaround if you prefer a permanent pain in the > >> ass to some initial overhead. > > > > Yes I had thought this, however I am unfamiliar with OpenBGPD. Wouldn't > > it expect a route for 172.22.x.x/xx in my routing table? An equivalent > > solution on a Cisco would be a route to this network via Null0 but I do > > not know how to accomplish this in OpenBSD. > > If I remember correctly OpenBGPd (hopefully) announces only reachable > prefixes. But you could define an alias on a loopback interface like this: > ifconfing lo0 alias 172.22.xx.yy/zz Ah OK, I wasn't sure if the loopback was the correct way to go about this. Even still renumbering my DMZ isn't a large job. It should only be a few minutes work. It is still nice to have the option though as I might want to just statically NAT hosts from individual VLANs to addresses in the 172.22.xx.xx/xx range. Schrodinger. -- +---------------------------------------------------------------+ It was a new day yesterday, but it's an old day now. ICQ: 112562229 GPG: http://www.konundrum.org/schro.asc -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 196 bytes Desc: not available URL: From fabian at datensalat.eu Tue Dec 15 18:01:24 2009 From: fabian at datensalat.eu (Fabian Fingerle) Date: Tue, 15 Dec 2009 18:01:24 +0100 Subject: [dn42] Interested in Peering In-Reply-To: <20091208201358.GC24950@magellan.hyperion.xnet> References: <20091208201358.GC24950@magellan.hyperion.xnet> Message-ID: <200912151801.29982.fabian@datensalat.eu> Hi, Am Dienstag 08 Dezember 2009 21:13:58 schrieb Schrodinger: > I am very interested in peering and being involved with dn42. I can offer you a peering to as64608 with openvpn! Yours Fabian 'otih' Fingerle -------------- n?chster Teil -------------- Ein Dateianhang mit Bin?rdaten wurde abgetrennt... Dateiname : nicht verf?gbar Dateityp : application/pgp-signature Dateigr??e : 198 bytes Beschreibung: This is a digitally signed message part. URL : From schrodinger at konundrum.org Tue Dec 15 18:22:31 2009 From: schrodinger at konundrum.org (Schrodinger) Date: Tue, 15 Dec 2009 17:22:31 +0000 Subject: [dn42] Interested in Peering In-Reply-To: <200912151801.29982.fabian@datensalat.eu> References: <20091208201358.GC24950@magellan.hyperion.xnet> <200912151801.29982.fabian@datensalat.eu> Message-ID: <20091215172231.GA24978@magellan.hyperion.xnet> On Tue, Dec 15, 2009 at 06:01:24PM +0100, Fabian Fingerle wrote: > Hi, > > Am Dienstag 08 Dezember 2009 21:13:58 schrieb Schrodinger: > > > I am very interested in peering and being involved with dn42. > > I can offer you a peering to as64608 with openvpn! > > Yours > Fabian 'otih' Fingerle Hello Fabian, I have sucessfully peered with Tobias (ichdasich) and also annoyed him with various questions ;) I am hoping to catch up with everyone else who offered later on this week. Also I have a hosted server I want to peer, as it sits on a 100Mb link and a cap of 3Tb a month - I may as well put it to some better use than torrenting like a mad man! Thanks, Conor. -- +---------------------------------------------------------------+ It was a new day yesterday, but it's an old day now. ICQ: 112562229 GPG: http://www.konundrum.org/schro.asc -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 195 bytes Desc: not available URL: From equinox at diac24.net Fri Dec 18 21:42:28 2009 From: equinox at diac24.net (David L.) Date: Fri, 18 Dec 2009 21:42:28 +0100 Subject: [dn42] [chaosvpn] ChaosVPN, Status update, Talk on congress and such... In-Reply-To: <4a6fa22c0912181220g694a6dcblf06fe9fee65075c5@mail.gmail.com> References: <4B2A3B66.1090706@ramdrive.org> <1261160358.11059.42.camel@arkology.n2.diac24.net> <1261167183.11059.59.camel@arkology.n2.diac24.net> <4a6fa22c0912181220g694a6dcblf06fe9fee65075c5@mail.gmail.com> Message-ID: <1261168948.11059.76.camel@arkology.n2.diac24.net> (x'posting ChaosVPN & dn42) > Okay. then let's explore how to write up dn42 and chaos and agora > ideas. We're working up something right now that will cover the basic > goal of agora. Have it to you asap. Very good opportunity to see whether we actually agree on a set of ideas for dn42 :) (dn42: everyone: complete "I think dn42's idea is ..." :) "I think dn42's idea is..." (in no order) having an open network that you and your friends can join. a way to ssh into our hackerspace server that doesn't have a public IP outside dn42. a way to learn how BGP works. actually, a way to learn how IP and routing works. a way to have my friends access my https that only has a rfc1918 ip. a fundament that we can try out PIM-SM multicast routing on. a way to be in my home network when i'm sitting 100km from here in c3d2's space. we don't really have big services in dn42. i'm actually hoping ChaosPhone will make dn42 more interesting. also, dn42 is by no means supposed to be a trusted, friendly network - you better have a firewall up and your route filters configured correctly. "for the lulz" is enough of a reason to announce google.com or microsoft.com IP ranges once in a while :) i think people's primary reason for being in dn42 ranges from "i just want to be in this network for the network's sake" to "i want to access service FOO at box BAR in my space". one of the nicest effects of dn42 imho is that people gain knowledge through participating and understanding the network. even if people leave after 2 months, they do so with nicely increased knowledge (well, you can obviosly not grasp anything and leave in frustration, but meh.) dn42ers, do you agree? eager to hear what agora and chaosvpn round up! -equinox From equinox at diac24.net Fri Dec 18 21:51:30 2009 From: equinox at diac24.net (David L.) Date: Fri, 18 Dec 2009 21:51:30 +0100 Subject: [dn42] [chaosvpn] ChaosVPN, Status update, Talk on congress and such... In-Reply-To: <1261168948.11059.76.camel@arkology.n2.diac24.net> References: <4B2A3B66.1090706@ramdrive.org> <1261160358.11059.42.camel@arkology.n2.diac24.net> <1261167183.11059.59.camel@arkology.n2.diac24.net> <4a6fa22c0912181220g694a6dcblf06fe9fee65075c5@mail.gmail.com> <1261168948.11059.76.camel@arkology.n2.diac24.net> Message-ID: <1261169490.11059.83.camel@arkology.n2.diac24.net> Am Freitag, den 18.12.2009, 21:42 +0100 schrieb David L.: > having an open network that you and your friends can join. a way to ssh > into our hackerspace server that doesn't have a public IP outside dn42. > a way to learn how BGP works. actually, a way to learn how IP and > routing works. a way to have my friends access my https that only has a > rfc1918 ip. a fundament that we can try out PIM-SM multicast routing on. > a way to be in my home network when i'm sitting 100km from here in > c3d2's space. PS: when i say i want to talk about the "social" or "socio-technical" aspects of dn42 that doesn't mean i want to rant 30 minutes about the paragraph above. it means that i want to explain that the network builds along your friends, since you peer with your friends. i want to explain that dn42 basically works through a consensus of usually 2 people (for a peering; a little more consensus worked out the wiki for IP allocation). and it does work so quite nicely, without casting ballots, without needing to be nice to one person that controls some resource... and people are nice around the net since they know it is a network of their friends. oh, and the network can't die because of very exactly this. the only way dn42 can die is if everyone cuts every peering. you can't destroy it from the outside, you can't destroy it from the inside (neither by malice nor by neglegience) -equinox From crest at cyb0rg.org Fri Dec 18 22:10:41 2009 From: crest at cyb0rg.org (Crest) Date: Fri, 18 Dec 2009 22:10:41 +0100 Subject: [dn42] [chaosvpn] ChaosVPN, Status update, Talk on congress and such... In-Reply-To: <1261168948.11059.76.camel@arkology.n2.diac24.net> References: <4B2A3B66.1090706@ramdrive.org> <1261160358.11059.42.camel@arkology.n2.diac24.net> <1261167183.11059.59.camel@arkology.n2.diac24.net> <4a6fa22c0912181220g694a6dcblf06fe9fee65075c5@mail.gmail.com> <1261168948.11059.76.camel@arkology.n2.diac24.net> Message-ID: <4B2BEFD1.2050307@cyb0rg.org> David L. schrieb: > (x'posting ChaosVPN & dn42) > >> Okay. then let's explore how to write up dn42 and chaos and agora >> ideas. We're working up something right now that will cover the basic >> goal of agora. Have it to you asap. > > Very good opportunity to see whether we actually agree on a set of ideas > for dn42 :) > > (dn42: everyone: complete "I think dn42's idea is ..." :) > > "I think dn42's idea is..." (in no order) ... to be a great place to play (with). ... connecting nerds with each other ... get your own /24 at home ... learn about: bgp && (ospf || isis), maybe pim-sm? ... to be resiliant to malice and incompetance their by a great place to experiment ... serve as an example of how overlay networks might work to cirumvent censorship ... ssh to your homeserver from your friend as it's meant to be without nat fuckups. ... put your file server to use *scnr* ... demonstrate that nerds don't need a ripe ncc to allocate networks > having an open network that you and your friends can join. a way to ssh > into our hackerspace server that doesn't have a public IP outside dn42. > a way to learn how BGP works. actually, a way to learn how IP and > routing works. a way to have my friends access my https that only has a > rfc1918 ip. a fundament that we can try out PIM-SM multicast routing on. > a way to be in my home network when i'm sitting 100km from here in > c3d2's space. > > we don't really have big services in dn42. i'm actually hoping > ChaosPhone will make dn42 more interesting. also, dn42 is by no means > supposed to be a trusted, friendly network - you better have a firewall > up and your route filters configured correctly. "for the lulz" is enough > of a reason to announce google.com or microsoft.com IP ranges once in a > while :) > > i think people's primary reason for being in dn42 ranges from "i just > want to be in this network for the network's sake" to "i want to access > service FOO at box BAR in my space". > > one of the nicest effects of dn42 imho is that people gain knowledge > through participating and understanding the network. even if people > leave after 2 months, they do so with nicely increased knowledge (well, > you can obviosly not grasp anything and leave in frustration, but meh.) > > dn42ers, do you agree? full ack From david at fakenet.eu Sun Dec 20 04:09:52 2009 From: david at fakenet.eu (David Zurborg) Date: Sun, 20 Dec 2009 04:09:52 +0100 Subject: [dn42] Peering-Anfrage Message-ID: <4B2D9580.5080000@fakenet.eu> Moin, ich lese jetzt hier einige Zeit schon mit und m?chte mich nun auch dazu entschlie?en, an eurem VPN teilzuhaben. Ich habe derzeit ein Netzwerk am Standort Vechta. Derzeit verwende ich zwar das 10/8-Netzwerk gesamt, aber da ohnehin eine Umstrukturierung des Netzwerkes ansteht, reicht auch eine Reduktion auf ein /24er-Netzwerk (welches ich dann noch weiter unterteilen werde) Aus dem Pool benutze ich derzeit 20 Adressen, mit dem DHCP-Pool werden es in Zukunft nicht mehr als 50 Adressen sein, die tats?chlich benutzt werden. Ein /24er finde ich reicht daher vollkommen aus und sehe im Moment auch kein Punkt mehr f?r mich der gegen eine Teilnahme am dn42-Netzwerk besteht. ?bereine positive R?ckmeldung w?rde ich mich ?brigens sehr freuen :-) Gruss aus Vechta, /David From crest at cyb0rg.org Sun Dec 20 11:35:12 2009 From: crest at cyb0rg.org (Crest) Date: Sun, 20 Dec 2009 11:35:12 +0100 Subject: [dn42] Peering-Anfrage In-Reply-To: <4B2D9580.5080000@fakenet.eu> References: <4B2D9580.5080000@fakenet.eu> Message-ID: <4B2DFDE0.5070203@cyb0rg.org> David Zurborg schrieb: > Moin, > > ich lese jetzt hier einige Zeit schon mit und m?chte mich nun auch dazu > entschlie?en, an eurem VPN teilzuhaben. Ich habe derzeit ein Netzwerk am > Standort Vechta. Gut zu wissen, aber was verwendest du als Router? > Derzeit verwende ich zwar das 10/8-Netzwerk gesamt, > aber da ohnehin eine Umstrukturierung des Netzwerkes ansteht, reicht > auch eine Reduktion auf ein /24er-Netzwerk (welches ich dann noch weiter > unterteilen werde) Aus dem Pool benutze ich derzeit 20 Adressen, mit dem > DHCP-Pool werden es in Zukunft nicht mehr als 50 Adressen sein, die > tats?chlich benutzt werden. Ein /24er finde ich reicht daher vollkommen > aus und sehe im Moment auch kein Punkt mehr f?r mich der gegen eine > Teilnahme am dn42-Netzwerk besteht. 50 von 253 Addressen lassen noch etwas Luft nach oben. Im Bedarfsfall kannst du dir ja weitere Netze nehmen und wozu gibt es IPv6? Wenn die Addressen in 172.22/16 knapp kommt es hoffentlich zur kompletten Migration. > ?bereine positive R?ckmeldung w?rde ich mich ?brigens sehr freuen :-) Deine neugierde ist geweckt also sehe ich nichts was deinem Peering im Wege stehen sollte. Zum technischen Teil. Dein Router wird BGP4+ sprechen m?ssen mit deinen Peers. F?r den Fall von einem Router pro Peer, OpenVPN Tunneln und Quagga BGP Speaker gibt es eine Anleitung im dn42 Wiki (https://dn42.net/trac/wiki/HowToPeer). Details lassen sich schneller im Chat kl?ren. Der Jabber MUC ist dn42 at conference.cyb0rg.org. Es gibt noch einen IRC Channel (#dn42 im hackint) der aber weniger benutzt wird. MfG Crest From tobias.fiebig at wouldyoubuythis.net Sun Dec 20 15:09:54 2009 From: tobias.fiebig at wouldyoubuythis.net (Tobias Fiebig) Date: Sun, 20 Dec 2009 15:09:54 +0100 Subject: [dn42] Peering-Anfrage In-Reply-To: <4B2D9580.5080000@fakenet.eu> References: <4B2D9580.5080000@fakenet.eu> Message-ID: <20091220140954.GA10984@mail.wouldyoubuythis.net> Hallo David, jabber mich an, wenn du einen peer brauchst, ichasich at jabber.ccc.de, alternativ per icq (271 532 771) oder mail. Mit freundlichen Grueszen, Tobias From david at fakenet.eu Sun Dec 20 15:29:07 2009 From: david at fakenet.eu (David Zurborg) Date: Sun, 20 Dec 2009 15:29:07 +0100 Subject: [dn42] Peering-Anfrage In-Reply-To: <4B2DFDE0.5070203@cyb0rg.org> References: <4B2D9580.5080000@fakenet.eu> <4B2DFDE0.5070203@cyb0rg.org> Message-ID: <4B2E34B3.307@fakenet.eu> Moin, erstmal danke f?r die schnelle Antwort. Crest schrieb: > Gut zu wissen, aber was verwendest du als Router? OpenBSD 4.5 > 50 von 253 Addressen lassen noch etwas Luft nach oben. Im Bedarfsfall > kannst du dir ja weitere Netze nehmen und wozu gibt es IPv6? Wenn die > Addressen in 172.22/16 knapp kommt es hoffentlich zur kompletten Migration. Ich habe IPv6 aus Sicherheitsgr?nden geblockt ;-) > Details lassen sich schneller im Chat kl?ren. Der Jabber MUC ist > dn42 at conference.cyb0rg.org. Es gibt noch einen IRC Channel (#dn42 im > hackint) der aber weniger benutzt wird. Danke, da schaue ich mal rein! Gruss aus Vechta, /David From fabian at datensalat.eu Sun Dec 20 20:51:05 2009 From: fabian at datensalat.eu (Fabian Fingerle) Date: Sun, 20 Dec 2009 20:51:05 +0100 Subject: [dn42] Peering-Anfrage In-Reply-To: <4B2D9580.5080000@fakenet.eu> References: <4B2D9580.5080000@fakenet.eu> Message-ID: <200912202051.08758.fabian@datensalat.eu> hi, jabber mich an, wenn du einen peer brauchst, fabian at datensalat.eu ansonsten im chat! Gru? Fabian 'otih' Fingerle -------------- n?chster Teil -------------- Ein Dateianhang mit Bin?rdaten wurde abgetrennt... Dateiname : nicht verf?gbar Dateityp : application/pgp-signature Dateigr??e : 198 bytes Beschreibung: This is a digitally signed message part. URL : From jchome at jc-ix.net Tue Dec 22 09:43:54 2009 From: jchome at jc-ix.net (Frederic Jaeckel) Date: Tue, 22 Dec 2009 09:43:54 +0100 Subject: [dn42] Peering relocation Message-ID: <20091222094354.61b44b4cjchome@jc-ix.net@jc-ix.net> Dear users of dn42, All those people peering with me at jeveran.jc-ix.net (80.244.247.158), this peering point will be relocated to akihabara.jc-ix.net (80.244.248.166). Since my NetBSD server doesn't work with IPv6 via tun(4), but with tap(4), I offer you to move your tunnel to a server based and client cert based topology. You'll get an automatic IP via the openvpn client from the net 172.22.255.64/27 as a transfer IP. For participating in the openvpn server concept please send me a pgp encrypted mail, with the key 0xF5A02314. If you want to have your tunnel without IPv6 and everythin, please contact me for migrating our tunnel. The active tunnels will remain for about 1-2 weeks, after that they will be shut and no longer available. best regards, Frederic 'jchome' Jaeckel Affected participants: downhill frapzzt astro ichdasich helios moemoe bef zenhase lehox argv wintix otih entropia cato chaosdorf nobody secure kriss muccc -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: not available URL: From tobias.fiebig at wouldyoubuythis.net Wed Dec 23 01:15:53 2009 From: tobias.fiebig at wouldyoubuythis.net (Tobias Fiebig) Date: Wed, 23 Dec 2009 01:15:53 +0100 Subject: [dn42] REQ filter update for 81.163.0.0/16 Message-ID: <20091223001553.GA7765@mail.wouldyoubuythis.net> Dear List, as i just cleared with nibbler, as64632 and as64677 will peer with the 26c3 directly, to provide nat-free access to the congress-network for all dn42-users. With best Regards, Tobias From equinox at diac24.net Wed Dec 23 03:36:50 2009 From: equinox at diac24.net (David L.) Date: Wed, 23 Dec 2009 03:36:50 +0100 Subject: [dn42] REQ filter update for 81.163.0.0/16 In-Reply-To: <20091223001553.GA7765@mail.wouldyoubuythis.net> References: <20091223001553.GA7765@mail.wouldyoubuythis.net> Message-ID: <1261535810.17725.3.camel@arkology.n2.diac24.net> Am Mittwoch, den 23.12.2009, 01:15 +0100 schrieb Tobias Fiebig: > as i just cleared with nibbler, as64632 and as64677 will peer with > the 26c3 directly, to provide nat-free access to the > congress-network for all dn42-users. lol, i just talked to leon about the very same thing :D i will have my server at 26c3; i'll be taking all my tunnels (AS64602) with me. [no setup changes anticipated] -equinox -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: This is a digitally signed message part URL: From dn42 at frapzzt.de Wed Dec 23 03:43:47 2009 From: dn42 at frapzzt.de (dn42 at frapzzt.de) Date: Wed, 23 Dec 2009 03:43:47 +0100 Subject: [dn42] REQ filter update for 81.163.0.0/16 In-Reply-To: <1261535810.17725.3.camel@arkology.n2.diac24.net> References: <20091223001553.GA7765@mail.wouldyoubuythis.net> <1261535810.17725.3.camel@arkology.n2.diac24.net> Message-ID: <4B3183E3.2070605@frapzzt.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Do you want to have a full feed from the core router or a bgp session to it? Maybe we can arrange an additional vlan. David L. wrote: > Am Mittwoch, den 23.12.2009, 01:15 +0100 schrieb Tobias Fiebig: >> as i just cleared with nibbler, as64632 and as64677 will peer with >> the 26c3 directly, to provide nat-free access to the >> congress-network for all dn42-users. > > lol, i just talked to leon about the very same thing :D > > i will have my server at 26c3; i'll be taking all my tunnels (AS64602) > with me. [no setup changes anticipated] > > > -equinox > > > > ------------------------------------------------------------------------ > > _______________________________________________ > dn42 mailing list > dn42 at lists.spaceboyz.net > http://lists.spaceboyz.net/mailman/listinfo/dn42 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAksxg+MACgkQ1jbXRWVc4TPtFgCfeta4I+c6IkQRMd7hAcyECeLc q58AmwSC9hk2hbNDHlDS4u4Ml6uU7rmF =G3Pj -----END PGP SIGNATURE----- From equinox at diac24.net Wed Dec 23 03:54:57 2009 From: equinox at diac24.net (David L.) Date: Wed, 23 Dec 2009 03:54:57 +0100 Subject: [dn42] REQ filter update for 81.163.0.0/16 In-Reply-To: <4B3183E3.2070605@frapzzt.de> References: <20091223001553.GA7765@mail.wouldyoubuythis.net> <1261535810.17725.3.camel@arkology.n2.diac24.net> <4B3183E3.2070605@frapzzt.de> Message-ID: <1261536897.17725.11.camel@arkology.n2.diac24.net> > Do you want to have a full feed from the core router or a bgp session to it? > Maybe we can arrange an additional vlan. not that i wouldn't like to see how the box handles a full feed (amd 2x2.3ghz, 8G RAM), but it is plain unneccessary; all i need is a default route and a way to inject the routes from dn42. vlan + bgp non-full would be best i think. -equi -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: This is a digitally signed message part URL: From jchome at jc-ix.net Wed Dec 23 07:56:28 2009 From: jchome at jc-ix.net (Frederic Jaeckel) Date: Wed, 23 Dec 2009 07:56:28 +0100 Subject: [dn42] REQ filter update for 81.163.0.0/16 In-Reply-To: <20091223001553.GA7765@mail.wouldyoubuythis.net> References: <20091223001553.GA7765@mail.wouldyoubuythis.net> Message-ID: <20091223075628.00a3b200@jc-ix.net> On Wed, 23 Dec 2009 01:15:53 +0100 Tobias Fiebig wrote: > 81.163.0.0/16 filters adjusted. See you at the c3. Cheers, jchome -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 195 bytes Desc: not available URL: From jchome at jc-ix.net Wed Dec 23 10:43:39 2009 From: jchome at jc-ix.net (Frederic Jaeckel) Date: Wed, 23 Dec 2009 10:43:39 +0100 Subject: [dn42] Peering relocation In-Reply-To: <20091222094354.61b44b4cjchome@jc-ix.net@jc-ix.net> References: <20091222094354.61b44b4cjchome@jc-ix.net@jc-ix.net> Message-ID: <20091223104339.714093d4jchome@jc-ix.net@jc-ix.net> UPDATE: For all those that not came to me: PLEASE UPDATE YOUR remote PARAMETER! I just stopped the openvpn tunnels on jeveran.jc-ix.net. If you entered a hostname in your openvpn tunnel, please update it to akihabara.jc-ix.net, if it's a IP address: please update it to 80.244.248.166. If not, your tunnel and your BGP session remains down! regards, Frederic Jaeckel On Tue, 22 Dec 2009 09:43:54 +0100 Frederic Jaeckel wrote: > Dear users of dn42, > > All those people peering with me at jeveran.jc-ix.net > (80.244.247.158), this peering point will be relocated to > akihabara.jc-ix.net (80.244.248.166). > Since my NetBSD server doesn't work with IPv6 via tun(4), but with > tap(4), I offer you to move your tunnel to a server based and client > cert based topology. You'll get an automatic IP via the openvpn client > from the net 172.22.255.64/27 as a transfer IP. > > For participating in the openvpn server concept please send me a pgp > encrypted mail, with the key 0xF5A02314. > If you want to have your tunnel without IPv6 and everythin, please > contact me for migrating our tunnel. > > The active tunnels will remain for about 1-2 weeks, after that they > will be shut and no longer available. > > best regards, > Frederic 'jchome' Jaeckel > > Affected participants: > > downhill > frapzzt > astro > ichdasich > helios > moemoe > bef > zenhase > lehox > argv > wintix > otih > entropia > cato > chaosdorf > nobody > secure > kriss > muccc > -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: not available URL: From schrodinger at konundrum.org Sun Dec 27 18:16:58 2009 From: schrodinger at konundrum.org (Schrodinger) Date: Sun, 27 Dec 2009 17:16:58 +0000 Subject: [dn42] REQ filter update for 81.163.0.0/16 In-Reply-To: <20091223001553.GA7765@mail.wouldyoubuythis.net> References: <20091223001553.GA7765@mail.wouldyoubuythis.net> Message-ID: <20091227171657.GA28102@defiant.hyperion.xnet> On Wed, Dec 23, 2009 at 01:15:53AM +0100, Tobias Fiebig wrote: > Dear List, > as i just cleared with nibbler, as64632 and as64677 will peer with > the 26c3 directly, to provide nat-free access to the > congress-network for all dn42-users. Has this happened yet? > > With best Regards, > Tobias > > _______________________________________________ > dn42 mailing list > dn42 at lists.spaceboyz.net > http://lists.spaceboyz.net/mailman/listinfo/dn42 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 195 bytes Desc: not available URL: From dn42 at frapzzt.de Sun Dec 27 19:07:30 2009 From: dn42 at frapzzt.de (dn42 at frapzzt.de) Date: Sun, 27 Dec 2009 19:07:30 +0100 Subject: [dn42] REQ filter update for 81.163.0.0/16 In-Reply-To: <20091227171657.GA28102@defiant.hyperion.xnet> References: <20091223001553.GA7765@mail.wouldyoubuythis.net> <20091227171657.GA28102@defiant.hyperion.xnet> Message-ID: <4B37A262.2070702@frapzzt.de> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 i established a peering with equinox ... up and running .. we advertise our prefixes out of the as-26c3 set and we receive an aggregated prefix from equinox *snip* frapzzt at lily> show bgp neighbor 81.163.255.14 Peer: 81.163.255.14+52006 AS 64602 Local: 81.163.255.13+179 AS 249 Description: DN42 Type: External State: Established Flags: Last State: OpenConfirm Last Event: RecvKeepAlive Last Error: Cease Export: [ redistribute-own ] Import: [ dn42-in ] Options: Address families configured: inet-unicast Holdtime: 90 Preference: 170 Number of flaps: 2 Last flap event: Stop Error: 'Hold Timer Expired Error' Sent: 1 Recv: 0 Error: 'Cease' Sent: 1 Recv: 0 Peer ID: 172.22.2.2 Local ID: 81.163.1.2 Active Holdtime: 90 Keepalive Interval: 30 Peer index: 0 BFD: disabled, down Local Interface: irb.103 NLRI for restart configured on peer: inet-unicast NLRI advertised by peer: inet-unicast NLRI for this session: inet-unicast Peer supports Refresh capability (2) Restart time configured on the peer: 120 Stale routes from peer are kept for: 300 Peer does not support Restart capability Peer supports 4 byte AS extension (peer-as 64602) Table inet.0 Bit: 10004 RIB State: BGP restart is complete Send state: in sync Active prefixes: 1 Received prefixes: 1 Accepted prefixes: 1 Suppressed due to damping: 0 Advertised prefixes: 2 Last traffic (seconds): Received 6 Sent 4 Checked 6 Input messages: Total 52 Updates 7 Refreshes 0 Octets 1990 Output messages: Total 52 Updates 2 Refreshes 0 Octets 1110 Output Queue[0]: 0 frapzzt at lily> show route advertising-protocol bgp 81.163.255.14 inet.0: 304204 destinations, 620276 routes (304203 active, 0 holddown, 1 hidden) Restart Complete Prefix Nexthop MED Lclpref AS path * 77.87.48.0/21 Self 29670 44194 I * 81.163.0.0/16 Self I frapzzt at lily> show route receive-protocol bgp 81.163.255.14 inet.0: 304200 destinations, 620269 routes (304199 active, 0 holddown, 1 hidden) Restart Complete Prefix Nexthop MED Lclpref AS path * 172.22.0.0/15 81.163.255.14 64602 {31371 64604 64608 64614 64620 64624 64626 64632 64640 64641 64642 64643 64645 64646 64651 64655 64657 64658 64659 64660 64662 64663 64666 64668 64669 64672 64673 64677 64680 64692 64694 64699 64728 64730 64734 64794 64808 64809 64810 64811 64821 64822 64823 64825 64826 64828} I inet6.0: 2597 destinations, 7494 routes (2597 active, 0 holddown, 0 hidden) Restart Complete *snap* Schrodinger wrote: > On Wed, Dec 23, 2009 at 01:15:53AM +0100, Tobias Fiebig wrote: >> Dear List, >> as i just cleared with nibbler, as64632 and as64677 will peer with >> the 26c3 directly, to provide nat-free access to the >> congress-network for all dn42-users. > > Has this happened yet? > >> With best Regards, >> Tobias >> >> _______________________________________________ >> dn42 mailing list >> dn42 at lists.spaceboyz.net >> http://lists.spaceboyz.net/mailman/listinfo/dn42 >> >> ------------------------------------------------------------------------ >> >> _______________________________________________ >> dn42 mailing list >> dn42 at lists.spaceboyz.net >> http://lists.spaceboyz.net/mailman/listinfo/dn42 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAks3omIACgkQ1jbXRWVc4TNXaACfWn0acLI51gCI3EpKgmjU7kgZ VioAnA9OfzHLrrVHnv0gfF3USKWpZ0YW =Ino5 -----END PGP SIGNATURE----- From weibler at fbihome.de Sun Dec 27 20:12:47 2009 From: weibler at fbihome.de (weibler at fbihome.de) Date: Sun, 27 Dec 2009 20:12:47 +0100 Subject: [dn42] Peering-Request Message-ID: <20091227201247.70264cgtw2idmt2n@webmail.fbihome.de> Hi, ich habe gerade auf dem 26c3 die VM fertig eingerichtet die seid den letzten mrmcd rumidled.. Jetzt brauche ich ein Peering-Partner - besser nat?rlich zwei ;). Als kleine Herausforderung habe ich nur IPv6 auf der VM zur Verf?gung... Erreichbar bin ich ?ber jtb at jabber.ccc.de oder weibler at jabber.fbihome.de -- mfg Jens From tobias at linuxdingsda.de Sun Dec 27 20:13:10 2009 From: tobias at linuxdingsda.de (Tobias Winter) Date: Sun, 27 Dec 2009 20:13:10 +0100 Subject: [dn42] Peering-Anfrage In-Reply-To: <4B2D9580.5080000@fakenet.eu> References: <4B2D9580.5080000@fakenet.eu> Message-ID: <4B37B1C6.40304@linuxdingsda.de> contact me via wintix at jabber.ccc.de if you need a peer. David Zurborg wrote: > Moin, > > ich lese jetzt hier einige Zeit schon mit und m?chte mich nun auch dazu > entschlie?en, an eurem VPN teilzuhaben. Ich habe derzeit ein Netzwerk am > Standort Vechta. Derzeit verwende ich zwar das 10/8-Netzwerk gesamt, > aber da ohnehin eine Umstrukturierung des Netzwerkes ansteht, reicht > auch eine Reduktion auf ein /24er-Netzwerk (welches ich dann noch weiter > unterteilen werde) Aus dem Pool benutze ich derzeit 20 Adressen, mit dem > DHCP-Pool werden es in Zukunft nicht mehr als 50 Adressen sein, die > tats?chlich benutzt werden. Ein /24er finde ich reicht daher vollkommen > aus und sehe im Moment auch kein Punkt mehr f?r mich der gegen eine > Teilnahme am dn42-Netzwerk besteht. > ?bereine positive R?ckmeldung w?rde ich mich ?brigens sehr freuen :-) > > Gruss aus Vechta, > > /David > > > _______________________________________________ > dn42 mailing list > dn42 at lists.spaceboyz.net > http://lists.spaceboyz.net/mailman/listinfo/dn42 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 261 bytes Desc: OpenPGP digital signature URL: From jchome at jc-ix.net Wed Dec 30 16:44:05 2009 From: jchome at jc-ix.net (Frederic Jaeckel) Date: Wed, 30 Dec 2009 16:44:05 +0100 Subject: [dn42] 1st dn42 meeting at the 26c3 Message-ID: <20091230164405.098df39c@jc-ix.net> My protocol of the 1. dn42 meeting. Comments and questions allowed for further explanations. Cheers, jchome --------------------------------------- People there: equinox, ichdasich, frapzzt, hotshot, tim, crest, mittagessen, nihilus, jchome irrd - jchome - mittagessen peer - routen, dns, filter adressvergabe - freifunk - 172.23.0.0/16 einfuehren - 172.23.0.0/17 hackerspaces - 172.23.0.0/18 vergabe und 2. /18 nach bedarf - 172.23.128.0/17 user - hackerspaces - /23 standard.. mehr nach vereinbarung - endnutzer - /24 topnet und /26 erstvergabe - /26 vergroessern - filter inbound okay, outbound nach absprache oeffentliche netze und praefixe - peerings mit grossen AS und damit erreichbarkeit IPv6 - ichdasich kuemmert sich um netz - wenn moeglich ueber CCC e.V. DSL Leitungen - Tier 1 ist Rootserver mit >=100Mbit - local pref nach: - peer, upstream und misc DNS - ichdasich - .dn42 -> helios in den arsch treten - ichdasich forward und reverse - zonendelegation an andre mit einem NS mindestens - keine dns polution Services - ffsearch - crest - PSTN - mittagessen - irrd - jchome -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 195 bytes Desc: not available URL: