|Installed on||sown-gw, sown-auth2, sown-monitor, sown-radius2, sown-vpn2|
|Was installed on||sown-vpn, sown-auth|
Quagga is routing software for IPv4 and IPv6 for use under GPL license. For more details see http://www.quagga.net/.
Quagga has a configuration system very similar to Cisco routers, that you can telnet into and enter interactive commands.
However we will just use a very simple static set-up using configuration files.
Configuring RIP on Quagga
This HOWTO assumes that you are using Debian Linux (or Voyage or Pebble). First you will need to download and install the Quagga package. This can be done using apt-get ( apt-get install quagga ) or download it and install it manually ( dpkg -i ) from:
Once it is installed you will need to enable to RIP daemon by editing /etc/quagga/daemons:
zebra=yes bgpd=no ospfd=no ospf6d=no ripd=yes ripngd=no isisd=no
A very basic /etc/quagga/ripd.conf looks like this:
hostname mynode.sown.org.uk password zebra enable password zebra log stdout ! router rip redistribute static network ath0 ! access-list vtylist permit 127.0.0.1/32 access-list vtylist deny any ! line vty access-class vtylist !
And a very basic /etc/quagga/zebra.conf looks like this:
hostname mynode.sown.org.uk password zebra enable password zebra log file /var/log/quagga/zebra.log ! interface eth0 ! interface ath0 ! interface lo ! access-list vtylist permit 127.0.0.1/32 access-list vtylist deny any ! ip forwarding ! line vty access-class vtylist !
Note: anyone on the local machine will be able to telnet in and reconfigure routing so please set a secure password and enable password if you don't trust the local users. Also make sure that local users can't read the configuration files.
chown quagga:quagga /etc/quagga/*.conf chmod 640 /etc/quagga/*.conf
Telnet to port 2601 for zebra using the password in the configuration file (see above), and for ripd use port 2602 (Start with the command 'en' to enable).
The "ip forwarding" statement, should enable IP forwarding. However I have had problems with Qugga being unable to enable it. An alternative method is to enable it using /etc/sysctl.conf which will configure the kernel at startup. Uncomment the line:
And then run /etc/init.d/procps.sh restart .
Or echo "1" > proc/sys/net/ipv4/conf/default/forwarding
You are now ready to start your new Quagga daemons, but first lets look at the routing table:
voyage:~# netstat -rn Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 10.13.8.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 10.13.4.0 0.0.0.0 255.255.255.0 U 0 0 0 ath0 0.0.0.0 10.13.8.1 0.0.0.0 UG 0 0 0 eth0
To start the new daemons, restart Quagga: /etc/init.d/quagga restart and then after a few seconds have another look at your routing table:
voyage:~# netstat -rn Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 220.127.116.11 10.13.4.65 255.255.255.255 UGH 0 0 0 ath0 18.104.22.168 10.13.4.65 255.255.255.255 UGH 0 0 0 ath0 22.214.171.124 10.13.4.65 255.255.255.255 UGH 0 0 0 ath0 10.13.4.0 10.13.4.65 255.255.255.248 UG 0 0 0 ath0 10.13.4.128 10.13.4.65 255.255.255.224 UG 0 0 0 ath0 10.13.8.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 10.13.4.0 0.0.0.0 255.255.255.0 U 0 0 0 ath0 0.0.0.0 10.13.8.1 0.0.0.0 UG 0 0 0 eth0
Hopefully there will be a few more routes in your routing table, including some routes to the VPN servers.
Alternatively to check the routes in ripd itself, try telnetting in:
voyage:~# telnet localhost 2602 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. Hello, this is Quagga (version 0.99.5). Copyright 1996-2005 Kunihiro Ishiguro, et al. User Access Verification Password: voyage.aelus.co.uk> show ip rip Codes: R - RIP, C - connected, S - Static, O - OSPF, B - BGP Sub-codes: (n) - normal, (s) - static, (d) - default, (r) - redistribute, (i) - interface Network Next Hop Metric From Tag Time C(i) 10.13.4.0/24 0.0.0.0 1 self 0 R(n) 10.13.4.0/29 10.13.4.65 2 10.13.4.65 0 16:46 R(n) 10.13.4.128/27 10.13.4.65 2 10.13.4.65 0 16:46 C(i) 10.13.8.0/24 0.0.0.0 1 self 0 R(n) 10.13.11.0/24 10.13.4.74 2 10.13.4.74 0 16:50 R(n) 126.96.36.199/32 10.13.4.65 3 10.13.4.65 0 16:46 R(n) 188.8.131.52/32 10.13.4.65 3 10.13.4.65 0 16:46 R(n) 184.108.40.206/32 10.13.4.65 3 10.13.4.65 0 16:46 voyage.aelus.co.uk>
Just a note: If you have IPv6 running on your router Quagga appears to bind to the IPv6 interface so you need to telnet to it like so:
telnet ::1 2601
To learn more about configuring and querying Quagga, take a look at the Quagga documentation, which is available on-line as HTML:
|Has reason||The configuration for Quagga described he is seriously out of date and needs updating. However, the list of servers it is installed on is correct. +|
|Has url||http://www.quagga.net/ +|
|Installed on||Sown-gw +, Sown-auth2 +, Sown-monitor +, Sown-radius2 + and Sown-vpn2 +|
|Was installed on||Sown-vpn + and Sown-auth +|