Difference between revisions of "Network"

From Whitespace (Hackerspace Gent)
Jump to: navigation, search
(Totoro: the router)
 
(19 intermediate revisions by one user not shown)
Line 2: Line 2:
 
'''''This page was created for the sole purpose of creating clarity in the networking thingies at 0x20.'''''
 
'''''This page was created for the sole purpose of creating clarity in the networking thingies at 0x20.'''''
  
== The schema ==
+
= Connection to internet =
'''''note: ''' This schema accepts patches. You can find the .dia-file (sudo apt-get install dia) at http://members.0x20.be/cedric/Network_0x20.dia
+
[[File:VPN_0x20.png]]
+
  
= Sites =
+
==ISP: Dommel==
== Whitespace ==
+
Whitespace, our hackerspace, has a LAN which connects local machines in the '''network 172.22.32.0/24'''. We provide ethernet and Wifi access to connect to the network.
+
== IBBT ==
+
Our friends from IBBT (http://www.ibbt.be) have provided us with a virtual server in their data center, which is '''awesome!''' It has a massive internet connection and that is why this server is often referred to as "Big Pipe"<ref>[[Big_pipe_server|Big pipe server]]</ref>.
+
= VPN =
+
To link 2 locations you have 2 options:
+
# Provide your own infrastructure: connect the two sites with a physical cable
+
# Use existing infrastructure to connect the two sites: connect through the interwebs
+
For a whole bunch of reasons, option #1 is a bit impractical, so the way to go is through the interwebs.
+
That is exactly what is done between 0x20 and IBBT, we've created a so called Virtual Private Network or VPN, which in this case is nothing more than a point-to-point tunnel over the internet connecting 0x20 and IBBT in the same private network. This setup is documented in project OpenVPN<ref>[[OpenVPN|Project OpenVPN]]</ref>.
+
 
+
= ISP: Dommel =
+
  
 
After discussing multiple options, we decided to go with [http://dommel.com Dommel]: fast access, cheap, no caps, no ports blocked. We went with the lower cost - lower speed option, with the idea that, if we want more, we can always upgrade.
 
After discussing multiple options, we decided to go with [http://dommel.com Dommel]: fast access, cheap, no caps, no ports blocked. We went with the lower cost - lower speed option, with the idea that, if we want more, we can always upgrade.
Line 24: Line 10:
 
Note: We are currently not using anything of the ''web- and mailservice'' below.
 
Note: We are currently not using anything of the ''web- and mailservice'' below.
  
== Connection details: ==
+
=== Connection details: ===
  
 
{|
 
{|
Line 52: Line 38:
 
|}
 
|}
  
== Advanced modem/router settings: ==
+
=== Advanced modem/router settings: ===
  
 
{|
 
{|
Line 77: Line 63:
 
|}
 
|}
  
== web- and mailservice: ==
+
 
 +
===More router settings===
 +
<pre>
 +
Default Gateway: 83.101.72.1
 +
Preferred DNS Server: 193.109.184.72
 +
Alternate DNS Server: 193.109.184.75
 +
Downstream Line Rate (Kbps): 12742
 +
Upstream Line Rate (Kbps): 945
 +
 
 +
VPI/VCI Service Name Protocol IGMP QoS Status IP Address Subnet Mask
 +
8/35 mer_8_35 MER         Disable Disable Enable 83.101.72.80 255.255.255.0
 +
</pre>
 +
 
 +
=== web- and mailservice: ===
  
 
Your personal homepage at http://yourchoice.dommel.be has not yet been activated. To activate, login at https://crm.schedom-europe.net with username "info@0x20.be" and password "xxx". Click on "My Packages" -> Click on the "E" at the right of your adsl-account. You can configure your @dommel.be emailaccounts by clicking on the "O".
 
Your personal homepage at http://yourchoice.dommel.be has not yet been activated. To activate, login at https://crm.schedom-europe.net with username "info@0x20.be" and password "xxx". Click on "My Packages" -> Click on the "E" at the right of your adsl-account. You can configure your @dommel.be emailaccounts by clicking on the "O".
Line 84: Line 83:
 
If you have any questions, please first check our support pages at https://crm.schedom-europe.net (click on "online faq").  If you cannot find an answer to your questions here, you can open a ticket at https://crm.schedom-europe.net (click on "support-desk"), or contact us by telephone every workingday between 09.00 and 18.00 (+32 70 224 305) or by fax (+32 70 224 305).
 
If you have any questions, please first check our support pages at https://crm.schedom-europe.net (click on "online faq").  If you cannot find an answer to your questions here, you can open a ticket at https://crm.schedom-europe.net (click on "support-desk"), or contact us by telephone every workingday between 09.00 and 18.00 (+32 70 224 305) or by fax (+32 70 224 305).
  
 +
==Wireless Antwerp==
 +
We also have a connection to the wireless antwerp network
 +
[[Wireless_Antwerp]]
  
= LAN @ 0x20 =
+
= LAN @ Whitespace =
I'm currently in the process of creating a new intranet at 0x20 with server [[Kimball]] as the central server for DHCP, DNS and Routing.
+
You can find the backup config files here: [[File:Network_configurations_v1.7z]]
== Network interfaces on Kimball ==
+
Kimball has two network interfaces:
+
<pre>
+
# The primary network interface
+
# eth0 is the WAN-side of our router and takes an IP from the old 0x20 network over DHCP
+
auto eth0
+
iface eth0 inet dhcp
+
  
# eth1 is the LAN-side of our router. It has a static ip and currently it uses Soekris as DNS server
+
==The Modem: DLink DSL-2740B==
auto eth1
+
We use this modem for the adsl connection to Dommel. Beware when you configure the modem: once every x restarts, the adsl stops working. Waiting a few minutes and restarting it again seems to fix it...
iface eth1 inet static
+
address 172.22.42.1
+
gateway 172.22.42.1
+
netmask 255.255.255.0
+
network 172.22.42.0
+
broadcast 172.22.42.255
+
nameserver 172.22.32.14
+
</pre>
+
  
== Routing Configuration on Kimball ==
 
 
<pre>
 
<pre>
Kernel IP routing table
+
username/password
Destination    Gateway        Genmask        Flags Metric Ref    Use Iface
+
admin/admin
default        soekris.0x20.be 0.0.0.0        UG    0      0        0 eth0
+
172.22.32.0    *              255.255.255.0  U    0      0        0 eth0
+
172.22.42.0    *              255.255.255.0  U    0      0        0 eth1
+
 
</pre>
 
</pre>
  
== DHCP Service on Kimball ==
+
Dommel uses dhcp to give us an ip (although the ip itself is static). Because the modem randomly fails to do the dhcp, we configured the modem as bridge (translate adsl to ethernet). The router (totoro) now does the dhcp.
Kimball is configured to provide Dynamic Host Configuration to hosts on the eth1 (LAN) side of the network. The configuration can be found in '''''/etc/dhcp/dhcpd.conf''''':
+
<pre>
+
# The ddns-updates-style parameter controls whether or not the server will
+
# attempt to do a DNS update when a lease is confirmed. We default to the
+
# behavior of the version 2 packages ('none', since DHCP v2 didn't
+
# have support for DDNS.)
+
ddns-update-style none;
+
  
# option definitions common to all supported networks...
+
==Totoro: the router==
option domain-name "0x20.be";
+
The cisco RV082 router serves as the main router. It has the following functions:
option domain-name-servers 172.22.32.14;
+
  
default-lease-time 6000;
+
* dhcp server which gives out ip's in the range 172.22.32.50-200 (also gives the googleDNS as DNS servers)
max-lease-time 7200;
+
* 2 WAN connections: One to Dommel, one to Wireless Antwerp.
 +
* static ip configured for gatekeeper 172.22.32.14 => 00 00 24 c8 99 cc
 +
* static hostname configured: gatekeeper => 172.22.32.14
  
# If this DHCP server is the official DHCP server for the local
+
'''The load-balancing and failover is configured so that:'''
# network, the authoritative directive should be uncommented.
+
#authoritative;
+
  
# Use this to send dhcp log messages to a different log file (you also
+
* all traffic from LAN ip's in range 172.22.32.0-200 (includes the full dhcp range) goes default through dommel's ADSL(wan2)
# have to hack syslog.conf to complete the redirection).
+
* all traffic from LAN ip's in range 172.22.32.201-254 goes default through the Wireless Antwerp uplink (wan1)
log-facility local7;
+
* If one of the interfaces goes down (interfaces are being checked by pinging 8.8.8.8), all traffic goes through the other interface
  
subnet 172.22.42.0 netmask 255.255.255.0 {
+
<pre>
        option routers 172.22.42.1;
+
username/password
        option subnet-mask 255.255.255.0;
+
admin/unicorns
        option ip-forwarding off;
+
LAN side IP: 172.22.32.1/24
        range dynamic-bootp 172.22.42.100 172.22.42.200;
+
WA side (WAN1) IP: automatic(dhcp from WA antenna)
        default-lease-time 21600;
+
Modem side (WAN2/DMZ) IP: automatic(dhcp from dommel)
        max-lease-time 43200;
+
}
+
 
</pre>
 
</pre>
  
As you can see, Kimball hosts the '''172.22.42.0/24''' network and also acts as it's default gateway on 172.22.42.1 which is it's own static address on eth1. At the moment we provide the '''range 172.22.42.100-172.22.42.200''' for DHCP.
+
==Cisco AirPlus 2.4 ghz Wireless Access point==
 
+
There are a few of them around the space. You can reset the AP's to factory settings by holding the reset button for 20 seconds. They provide 2 wireless network:
I also had to tell dhcpd to listen for DHCP-requests on eth1 instead of on eth0. For this I updated the file '''/etc/default/isc-dhcp-server''':
+
<pre>
+
# Defaults for dhcp initscript
+
# sourced by /etc/init.d/dhcp
+
# installed at /etc/default/isc-dhcp-server by the maintainer scripts
+
 
+
#
+
# This is a POSIX shell fragment
+
#
+
 
+
# On what interfaces should the DHCP server (dhcpd) serve DHCP requests?
+
#      Separate multiple interfaces with spaces, e.g. "eth0 eth1".
+
INTERFACES="eth1"
+
</pre>
+
  
 +
'''0x20'''
  
= References =
+
* WPA key: unicorns
<references/>
+
* Is connected to Totoro

Latest revision as of 21:19, 31 July 2014

intro[edit]

This page was created for the sole purpose of creating clarity in the networking thingies at 0x20.

Connection to internet[edit]

ISP: Dommel[edit]

After discussing multiple options, we decided to go with Dommel: fast access, cheap, no caps, no ports blocked. We went with the lower cost - lower speed option, with the idea that, if we want more, we can always upgrade.

Note: We are currently not using anything of the web- and mailservice below.

Connection details:[edit]

adsl-number 100987582393
news-server: news.dommel.be
news-login: xxx@schedom.be
news-pass: xxx
pop3-server: pop.dommel.be
smtp-server: relay.dommel.be
webmail: webmail.dommel.be
wan-ip: 83.101.72.80

Advanced modem/router settings:[edit]

protocol: rfc 2684 (aka 1483) multi-protocol over atm (bridged or routed)
vpi/vci: 8/35
ipaddress: automatic/dhcp
encapsulation: llc
password: not needed
nameserver1: 193.109.184.72
nameserver2: 193.109.184.75


More router settings[edit]

Default Gateway:	83.101.72.1
Preferred DNS Server:	193.109.184.72
Alternate DNS Server:	193.109.184.75
Downstream Line Rate (Kbps):	12742
Upstream Line Rate (Kbps):	945

VPI/VCI	Service Name	Protocol	IGMP	QoS	Status	IP Address	Subnet Mask
8/35	mer_8_35	MER	        Disable	Disable	Enable	83.101.72.80	255.255.255.0

web- and mailservice:[edit]

Your personal homepage at http://yourchoice.dommel.be has not yet been activated. To activate, login at https://crm.schedom-europe.net with username "info@0x20.be" and password "xxx". Click on "My Packages" -> Click on the "E" at the right of your adsl-account. You can configure your @dommel.be emailaccounts by clicking on the "O".


If you have any questions, please first check our support pages at https://crm.schedom-europe.net (click on "online faq"). If you cannot find an answer to your questions here, you can open a ticket at https://crm.schedom-europe.net (click on "support-desk"), or contact us by telephone every workingday between 09.00 and 18.00 (+32 70 224 305) or by fax (+32 70 224 305).

Wireless Antwerp[edit]

We also have a connection to the wireless antwerp network Wireless_Antwerp

LAN @ Whitespace[edit]

You can find the backup config files here: File:Network configurations v1.7z

The Modem: DLink DSL-2740B[edit]

We use this modem for the adsl connection to Dommel. Beware when you configure the modem: once every x restarts, the adsl stops working. Waiting a few minutes and restarting it again seems to fix it...

username/password
admin/admin

Dommel uses dhcp to give us an ip (although the ip itself is static). Because the modem randomly fails to do the dhcp, we configured the modem as bridge (translate adsl to ethernet). The router (totoro) now does the dhcp.

Totoro: the router[edit]

The cisco RV082 router serves as the main router. It has the following functions:

  • dhcp server which gives out ip's in the range 172.22.32.50-200 (also gives the googleDNS as DNS servers)
  • 2 WAN connections: One to Dommel, one to Wireless Antwerp.
  • static ip configured for gatekeeper 172.22.32.14 => 00 00 24 c8 99 cc
  • static hostname configured: gatekeeper => 172.22.32.14

The load-balancing and failover is configured so that:

  • all traffic from LAN ip's in range 172.22.32.0-200 (includes the full dhcp range) goes default through dommel's ADSL(wan2)
  • all traffic from LAN ip's in range 172.22.32.201-254 goes default through the Wireless Antwerp uplink (wan1)
  • If one of the interfaces goes down (interfaces are being checked by pinging 8.8.8.8), all traffic goes through the other interface
username/password
admin/unicorns
LAN side IP: 172.22.32.1/24
WA side (WAN1) IP: automatic(dhcp from WA antenna)
Modem side (WAN2/DMZ) IP: automatic(dhcp from dommel)

Cisco AirPlus 2.4 ghz Wireless Access point[edit]

There are a few of them around the space. You can reset the AP's to factory settings by holding the reset button for 20 seconds. They provide 2 wireless network:

0x20

  • WPA key: unicorns
  • Is connected to Totoro