manbytesgnu_site

Source files for manbytesgnu.org
git clone git://holbrook.no/manbytesgnu_site.git
Log | Files | Refs

20221020-gnunet-debian-qemu.rst (4670B)

      1 gnunet on qemu from scratch
      2 ###########################
      3 
      4 :date: 2022-10-20 14:40
      5 :modified: 2022-10-20 14:40
      6 :category: Hygiene
      7 :author: Louis Holbrook
      8 :tags: gnunet,p2p,debian,qemu
      9 :slug: gnunet-debian-qemu
     10 :summary: Set up a clean gnunet instance using debian on a qemu guest.
     11 :lang: en
     12 :status: draft
     13 
     14 
     15 ..
     16 
     17         $ fallocate -l4g deb.bin
     18         $ fallocate -l2g data.bin
     19         $ wget https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-11.5.0-amd64-netinst.iso
     20         $ qemu-system-x86_64 -cdrom debian-11.5.0-amd64-netinst.iso -drive format=raw,file=deb.bin --enable-kvm
     21         # in another terminal window
     22         $ vncviewer localhost:5900
     23 
     24 Depends
     25 
     26 ..
     27 
     28         git
     29 
     30 .. 
     31 
     32         gcc
     33         automake
     34         autoreconf
     35         make
     36         autopoint
     37         recutils
     38         libgnutls30
     39         iptables
     40         gettext
     41         libtool
     42         libidn2-dev
     43         libltdl-dev
     44         libtool
     45         libgcrypt-dev
     46         libmicrohttpd-dev
     47         libunistring-dev
     48         libjansson-dev
     49         libjose-dev
     50         libgmp-dev
     51         libcurl4-gnutls-dev
     52         texinfo
     53         pkg-config
     54         libz-dev
     55         libsodium-dev
     56         libsqlite3-dev
     57         net-tools
     58         miniupnpc
     59         python3-sphinx
     60         pythno3-sphinx_rtd_theme
     61 
     62 Optionals:
     63 
     64 * miniupnpc for upnpc support
     65 * net-tools provides ifconfig
     66 * sphinx isn't strictly necessary unless building documentation (bootstrap script will complain a bit)
     67 
     68 .. 
     69 
     70         $ git clone -b 1436e4266673df53f1a692e4c9c9a74d621b0a8e https://git.gnunet.org/git/gnunet.git 
     71         $ cd gnunet
     72         $ ./bootstrap
     73         $ ./configure --disable-documentation --enable-logging=veryverbose
     74         $ make
     75         $ mkdir build
     76         $ make install DESTDIR=$(realpath build)
     77 
     78 
     79 ..
     80 
     81         $ cat <<eof > src.sh
     82         set -a
     83         export LD_LIBRARY_PATH=$(realpath build/usr/local/lib)
     84         export PATH=$(realpath build/usr/local/bin):$PATH
     85         set +a
     86         eof
     87         $ mkdir ~/.config
     88         $ touch ~/.config/gnunet.conf
     89 
     90 
     91 ..
     92 
     93         $ . src.sh
     94         $ gnunet-arm -s
     95 
     96 
     97 ## Set up virtual TAP network
     98 
     99 Set up netdev group and udev rule
    100 
    101 ..
    102 
    103         $ groupadd -U <user> netdev
    104         $ cat <<eof > /etc/udev/rules.d/netdev-tun.rules
    105         KERNEL=="tun", GROUP="netdev", MODE="0660", OPTIONS+="static_node=net/tun"
    106         eof
    107 
    108 Given device on host connected to internet is :code:`eth0`
    109 
    110 Source `sttyio`_ for setup and parms.
    111 
    112 Source `stackoverflow`_ for iptables rule
    113 
    114 ..
    115 
    116         $ sudo -s
    117         $ ip tuntap add mode tap name vmm0 group netdev
    118         $ ip link set vmm0 up
    119 
    120 ..
    121 
    122         # seems bridge is not needed, so skip this
    123         # if bridge not exists
    124         $ ip link add brr type bridge
    125         # else
    126         $ ip addr flush dev brr
    127         $ ip addr add 192.168.99.0/24 dev brr
    128         $ ip link set vmm0 master brr
    129         $ ip link set brr up
    130 
    131 ..
    132 
    133         # if dhcp
    134         $ dnsmasq --interface brr --dhcp-range=192.168.9.100,192.168.9.250
    135 
    136         # make sure dhcp traffic is broadcast
    137         $ iptables -C QEMU
    138         $ iptables -I INPUT 1 -i brr -j QEMU
    139         $ iptables -A QEMU -i brr -p udp -s 0.0.0.0 --sport 68 -d 255.255.255.255 --dport 67 -j ACCEPT
    140 
    141 
    142 ..
    143 
    144         $ iptables -t nat -A POSTROUTING -s 192.168.99.0/24 ! -d 192.168.99.0/24 -j MASQUERADE
    145         # if forwarding is restricted
    146         $ iptables -A FORWARD -i brr -j ACCEPT
    147         $ iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
    148 
    149         # start it
    150         # if more than one node, new tap interface and different mac - otherwise the mac may be set to same on both guests!
    151         $ qemu-system-x86_64 -drive file=deb.bin,format=raw -drive file=data.bin,format=raw,mac=50:12:34:56:78:90 -m 2g --device virtio-net-pci,netdev=vmm0 -netdev tap,id=vmm0,ifname=vmm0,script=no,downscript=no --enable-kvm
    152 
    153 
    154 ### Connect guest to host network
    155 
    156 There will be one interface set up inside the guest, with an ip from dnsmasq. Mine received the name :code:`ens3`.
    157 
    158 My device connected to internet was on :code:`192.168.8.147/24`.
    159 
    160 
    161 ..
    162 
    163         # if not dhcp
    164         $ ip addr add 192.168.99.13/24 dev ens3
    165 
    166         # TODO check if we can use --dhcp-option for dnsmasq instead to set these automatically
    167         $ ip route add 192.168.8.0/24 dev ens3
    168         $ ip route add default via 192.168.8.147
    169 
    170 ..
    171 
    172         # to ssh to the guest if using bridge, make sure specify explicit interface
    173         $ ssh -b 192.168.8.147 root@192.168.99.13
    174 
    175 
    176 ..      _sttyio: https://stty.io/2019/05/13/qemu-vm-wireguard-vpn-tun-tap-networking/
    177 
    178 ..      _stackoverflow: https://unix.stackexchange.com/questions/525822/nat-configuration-for-qemu-kvm-guest-and-host-networks