diff --git a/README.md b/README.md index cb1e5b7..2c0a739 100644 --- a/README.md +++ b/README.md @@ -42,6 +42,7 @@ You **MUST** specify these options, or Lixonet will not work. * `tinc_peer_address` - The *router* address to use. This is your Lixonet routing layer address: 172.xxx.0.xxx * `network_address` - The *network* address to use. This is your Lixonet routing layer address: 172.xxx.0.0 (especially take note of the last two 0's: `0.0` -- it _MUST_ end with zeros corresponding to the network size) * `bgp_asn` - The BGP ASN to use. We usually follow the format `4206969XXX` where _XXX_ is the last octet of your `address`, zero-padded (i.e. 008 or 212) + * `internal_gateway` - The internal gateway to use. This is the IP address, directly upstream from the Lixonet EE router, that can be used as a next hop to reach your own subnets. #### Configuration example @@ -56,6 +57,7 @@ bgp_asn=4206969008 bgp_routes=172.31.8.0/21,172.31.254.0/24 network_address=172.31.0.0 netmask=255.255.255.0 +internal_gateway=172.31.8.1 ``` (A key exists at `/etc/lixonet/teamlixo/tinc.key`) @@ -119,7 +121,7 @@ For options we expose here, for information see: https://bird.network.cz/?get_do #### Prerequisites: 1. `docker` and `docker-compose` (Alpine: community repository; https://docs.genesys.com/Documentation/System/8.5.x/DDG/InstallationofDockeronAlpineLinux), `git`, and `curl` are installed (Alpine: `apk add`). You may also want to make docker run at boot: `rc-update add docker boot`. -2. `eth0` is the **LAN** or **WAN** interface supporting external routing, DNS, etc., and is the **bridged** interface to a router that will statically route the entire desired network subnet (i.e. x.x.0.0/21) through it. You may also have an `eth1` (and so on, so forth) that you statically configure for your entire, wide subnet (i.e. x.x.0.0/21) if you want to use two physical adapters. If you do have more than one interface, make sure that `internal_interface` is set to the interface that can route your personal Lixonet subnets, and not your WAN interface with a default gateway. +2. `eth0` is the **LAN** or **WAN** interface supporting external routing, DNS, etc., and is the **bridged** interface to a router that will statically route the entire desired network subnet (i.e. x.x.0.0/21) through it. You may also have an `eth1` (and so on, so forth) that you statically configure for your entire, wide subnet (i.e. x.x.0.0/21) if you want to use two physical adapters. If you do have more than one interface, make sure that `internal_gateway` is set to the router IP address that can route your personal Lixonet subnets, and not your WAN gateway (unless they're the same). 4. `tun` and `tap` are in `/etc/modules` to load at boot (https://www.cyberciti.biz/faq/linux-how-to-load-a-kernel-module-automatically-at-boot-time/) and the system has been rebooted afterwards. 5. `sigil` is installed (`curl -L "https://github.com/gliderlabs/sigil/releases/download/v0.5.0/sigil_0.5.0_$(uname -sm|tr ' ' '_').tgz" | tar -zxC /usr/local/bin`) 6. IPv4 forwarding is on: `sysctl -w net.ipv4.ip_forward=1` and `iptables -P FORWARD ACCEPT` are run (and persisted) to allow IP forwarding. To persist these changes, see: https://wiki.alpinelinux.org/wiki/Configure_Networking, refer to "Save Firewall Rules". diff --git a/bird/bird.conf.tmpl b/bird/bird.conf.tmpl index 8940195..2eecbf4 100644 --- a/bird/bird.conf.tmpl +++ b/bird/bird.conf.tmpl @@ -136,10 +136,10 @@ protocol static { # Announce the whole network as unreachable; this returns packets that reach # this router as unreachable (ICMP type=3, code=0) if no more specific route # is defined for the network subnet - range ${network_address}/${global_prefix:-16}+ unreachable; + route ${network_address}/${global_prefix:-16} unreachable; # Announced networks - {{ if len "${bgp_routes:-}" }}{{ range "$bgp_routes" | split "," }}route {{.}} via ${internal_interface:-eth0}; + {{ if len "${bgp_routes:-}" }}{{ range "$bgp_routes" | split "," }}route {{.}} via ${internal_gateway}; {{ end }}{{ end }} };