Channel Bonding sur UMTS
January 8th, 2012Lien original http://wiki.leipzig.freifunk.net/ChannelBonding
Server
Configuration du serveur openvpn situé chez un hébergeur (ovh, dedibox, etc…) :
/etc/openvpn0.conf
local SERVER0_IP port SERVER0_PORT
/etc/openvpn1.conf
local SERVER1_IP port SERVER1_PORT
proto udp dev tap0 ca /etc/openvpn/keys/ca.crt cert /etc/openvpn/keys/server.crt key /etc/openvpn/keys/server.key dh /etc/openvpn/keys/dh2048.pem tls-auth /etc/openvpn/keys/ta.key 0 keepalive 2 10 mode server tls-server client-to-client max-clients 10 tun-mtu 1500 daemon verb 3 cipher DES-EDE3-CBC # Triple-DES comp-lzo status /var/log/openvpn-status.log persist-key persist-tun
bonding VPN’s
bonding.sh
#!/bin/bash modprobe bonding mode=3 miimon=100 modprobe tun ifconfig tap0 down ifconfig tap1 down tunctl -u root -g root -t tap0 tunctl -u root -g root -t tap1 ifconfig tap0 up ifconfig tap1 up openvpn /etc/openvpn/openvpn.conf & openvpn /etc/openvpn/openvpn2.conf & sleep 10 ifconfig bond0 hw ether 00:11:22:33:44:55 ifconfig bond0 10.10.0.1 netmask 255.255.255.252 broadcast 10.10.0.3 up ifenslave bond0 tap0 tap1 ip addr add 10.10.10.1/24 dev tap0 scope link ip addr add 10.10.11.1/24 dev tap1 scope link
cleanup.sh
#!/bin/bash ip addr del 10.10.0.1/32 dev lo ip addr del 10.10.10.1/24 dev tap1 ip addr del 10.10.11.1/24 dev tap0 killall -9 openvpn rmmod bonding rmmod tap
Client
UMTS connect
USB-Stick
idProduct 0x4400 iManufacturer 1 Novatel Wireless iProduct 2 Novatel Wireless HSUPA Modem modules: option, serailusb
pppd updetach defaultroute usepeerdns noipdefault debug noauth asyncmap 0 ipcp-accept-local ipcp-accept-remote modem crtscts user vodafone password 42 connect ‘/usr/sbin/chat -t5 -v -e -E -f umts_vodafone.chat’ 100 115200 /dev/ttyUSB1
PCMCIA-Karte
modules: nozomi
pppd updetach defaultroute usepeerdns noipdefault debug noauth asyncmap 0 ipcp-accept-local ipcp-accept-remote modem crtscts user eplus password 42 connect ‘/usr/sbin/chat -t5 -v -e -E -f umts_eplus.chat’ 100 115200 /dev/noz0
umts_eplus.chat
ABORT BUSY ABORT 'NO CARRIER' ABORT ERROR REPORT CONNECT TIMEOUT 10 "" "AT&F" OK "ATE1" OK 'AT+CGDCONT=1,"IP","internet.eplus.de"' SAY "Calling UMTS/GPRS" TIMEOUT 30 OK "ATD*99***1#" CONNECT ' '
umts_vodafone.chat
ABORT BUSY ABORT 'NO CARRIER' ABORT ERROR REPORT CONNECT TIMEOUT 10 "" "AT&F" OK "ATE1" OK 'AT+CGDCONT=1,"IP","web.vodafone.de"' SAY "Calling UMTS/GPRS" TIMEOUT 30 OK "ATD*99***1#" CONNECT ' '
openvpn config
/etc/openvpn0.conf
remote SERVER0_IP SERVER0_PORT
/etc/openvpn1.conf
remote SERVER1_IP SERVER1_PORT
client dev tap0 proto udp ping 2 ping-restart 10 resolv-retry infinite cipher DES-EDE3-CBC # Triple-DES tls-client persist-key #persist-tun tun-mtu 1500 ca /etc/openvpn/keys/ca.crt cert /etc/openvpn/keys/client1.crt key /etc/openvpn/keys/client1.key tls-auth /etc/openvpn/keys/ta.key 1 ns-cert-type server comp-lzo verb 3
bonding VPN’s
#!/bin/bash
ip route del default
ip route del default
ppp_ip0=`ip addr show ppp0 | grep inet | awk '{ print $2 }'`
ppp_ip1=`ip addr show ppp1 | grep inet | awk '{ print $2 }'`
ppp_pip0=`ip addr show ppp0 | grep inet | awk '{ print $4 }'`
ppp_pip1=`ip addr show ppp1 | grep inet | awk '{ print $4 }'`
ppp_gwip0=`ipcalc "$ppp_pip0" | grep Address | awk '{ print $2 }'`
ppp_gwip1=`ipcalc "$ppp_pip1" | grep Address | awk '{ print $2 }'`
echo "$ppp_ip0" "$ppp_ip1" "$ppp_pip0" "$ppp_pip1" "$ppp_gwip0" "$ppp_gwip1"
ip route add "$ppp_gwip0" dev ppp0 src "$ppp_ip0" scope link table 100
ip route add "$ppp_gwip1" dev ppp1 src "$ppp_ip1" scope link table 101
ip route add default via "$ppp_gwip0" dev ppp0 table 100
ip route add default via "$ppp_gwip1" dev ppp1 table 101
ip rule add from "$ppp_ip0" table 100 prio 20000
ip rule add from "$ppp_ip1" table 101 prio 20001
modprobe bonding mode=3 miimon=100
modprobe tun
tunctl -d tap0
tunctl -d tap1
echo "$ppp_ip0" "$ppp_ip1"
openvpn --config /etc/openvpn/openvpn.conf --local "$ppp_ip0" --script-security 2 --up /vpn/entap0.sh &
openvpn --config /etc/openvpn/openvpn2.conf --local "$ppp_ip1" --script-security 2 --up /vpn/entap1.sh &
ifconfig bond0 hw ether 55:44:33:22:11:00
ifconfig bond0 10.10.0.2 netmask 255.255.255.252 broadcast 10.10.0.3 up
ip route add default via 10.10.0.1 dev bond0
echo "nameserver 208.67.222.222" > /etc/resolv.conf
#mtr -t google.de 2>&1 |tee /vpn/logs/mtr
#!/bin/bash ip addr add 10.10.10.2/24 dev tap0 ifenslave bond0 tap0
#!/bin/bash ip addr add 10.10.11.2/24 dev tap1 ifenslave bond0 tap1
cleanup network-foo
cleanup.sh
#!/bin/bash
ip addr del 10.10.0.2/32 dev lo
ip addr del 10.10.10.2/24 dev tap1
ip addr del 10.10.11.2/24 dev tap0
killall -9 openvpn
killall -9 openvpn
ppp_ip0=ip addr show ppp0 | grep inet | awk '{ print $2 }'
ppp_ip1=ip addr show ppp1 | grep inet | awk '{ print $2 }'
ip addr del "$ppp_ip0" dev ppp0
ip addr del "$ppp_ip1" dev ppp1
killall -9 pppd
killall -9 pppd
pccardctl eject
pccardctl insert
ip route flush table 100
ip route flush table 101
rmmod bonding
rmmod tap