{ -- A new node's name will be autogenerated from -- it's primary MAC address and this prefix. -- e.g. freifunk-0123456789ab hostname_prefix = 'freifunk', -- name of this site -- site_name = 'Freifunk Hochstift - ${site}', site_name = '%SN', -- short name of this site -- site_code = 'ffho_${un-code}' site_code = '%SC', -- v4 and v6 prefixes in which nodes+clients might get an IP prefix4 = '%V4', prefix6 = '2a03:2260:2342:%V6::/64', -- timezone timezone = 'CET-1CEST,M3.5.0,M10.5.0/3', -- Europe/Berlin -- network-internal ntp service ntp_servers = {'ntp.srv.in.ffho.net'}, -- OpenWRT Package Repository (IPv6 capable) opkg = { lede = 'http://firmware.srv.in.ffho.net/lede/packages-%v/%A', extra = { gluon = 'http://firmware.srv.in.ffho.net/%GR/modules/%S', }, }, -- regulatory domain of your wifi regdom = 'DE', -- wifi settings (2.4 GHz and 5 GHz) -- ap.ssid = 'hochstift.freifunk.net/${kürzel}', -- mesh.id = 'ffho-mesh-${group-name}', wifi24 = { channel = 1, supported_rates = {6000, 9000, 12000, 18000, 24000, 36000, 48000, 54000}, basic_rate = {6000, 9000, 18000, 36000, 54000}, ap = { ssid = '%SS', }, mesh = { id = 'ffho-mesh-%GN', mcast_rate = 12000, }, }, wifi5 = { channel = 44, ap = { ssid = '%SS', }, mesh = { id = 'ffho-mesh-%GN', mcast_rate = 12000, }, }, -- IP address of each router -- At this IP a client can always connect to its -- currently connected node. Both v4 and v6 addr. -- must lie in the above prefix4 and prefix6. next_node = { ip4 = '%N4', ip6 = '2a03:2260:2342:%V6::1', name = 'node.ffho.net', -- mac address, must be unique in the client network -- (usually, you don't need to change this) mac = 'f2:ff:ff:%ID:ff:ff', }, mesh_vpn = { -- the maximum transfer unit mtu = 1406, -- fastd (vpn) settings fastd = { -- cipher(s) to use methods = {'salsa2012+umac'}, groups = { backbone = { -- specifies how many servers are contacted -- by a client simultanously limit = 1, -- list all available vpn servers peers = { gw01 = { -- public fastd key of the vpn server key = '97bc56ae561f67cfe15364134868c3553b5f1eab06f7bd9c5b93fbf280a52b51', -- remotes is an array of ways on how to reach the VPN server -- Use public addresses here, these addresses are used when the mesh might not be connected yet. -- format: '[|ipv4|ipv6] "hostname-or-ip-address" port 10000' remotes = { '"gw01.ffho.net" port 100%ID', 'ipv6 "2001:830:c:9::12" port 100%ID', 'ipv4 "80.242.130.70" port 100%ID', }, }, gw02 = { key = 'e8fa9bf402fd33dd1ba804a97f2e46c704423ff49e9c55312845a7bfb93121ad', remotes = { '"gw02.ffho.net" port 100%ID', 'ipv6 "2a01:4f8:190:6500::18:1" port 100%ID', 'ipv4 "78.46.242.24" port 100%ID', }, }, gw03 = { key = '629b2742922f068ef49558283aea4b75c1427d8cdd3fcd2dbd7c00880547d3b3', remotes = { '"gw03.ffho.net" port 100%ID', 'ipv6 "2a00:13c8:1000:2::165" port 100%ID', 'ipv4 "185.46.137.165" port 100%ID', }, }, gw04 = { key = 'cf3855e5fa04e4c04a294cb6e8902f91c7ff7ef82bf031cc842a2b79b936677c', remotes = { '"gw04.ffho.net" port 100%ID', 'ipv6 "2a02:450:1::22" port 100%ID', 'ipv4 "80.70.181.63" port 100%ID', }, }, gw05 = { key = 'd0d32a2f536a0fc1f0c848e6da15bd96851d5ff4fdf9239c830bab033ddcec1a', remotes = { '"gw05.ffho.net" port 100%ID', 'ipv6 "2001:638:502:1884::ff15" port 100%ID', 'ipv4 "192.26.175.183" port 100%ID', }, }, gw06 = { key = '88b570c4cc811259b7c4106943098c9bee1126d692ddacedd23cd48efc28b0bf', remotes = { '"gw06.ffho.net" port 100%ID', }, }, }, }, }, }, -- default traffic shaping (bandwidth limit) settings bandwidth_limit = { enabled = false, egress = 500, ingress = 4000, }, }, -- configure the autoupdater autoupdater = { -- default branch for a firmware without enabled autoupdater branch = 'stable', -- available branches for the autoupdater branches = { stable = { -- visible name of this branch (why not use the internal identifier here, too) name = 'stable', -- where to get the manifest file (without the trailing /manifest) -- It's wise to use an internal address here, -- but specifying a publicly available update site does not hurt. mirrors = {'http://firmware.srv.in.ffho.net/%SC/stable/sysupgrade', 'http://[2a03:2260:2342:f251::6]/%SC/stable/sysupgrade'}, -- Number of valid manifest signatures necessary to accept the manifest as "good". good_signatures = 3, -- list of public keys which are considered "good" for manifest signatures pubkeys = { 'ba2e6ff4de41ade9959702195d4c26c764e7aab85c627363681c29dbc4a8a2c5', -- oscar- 'fb9d6beba63dcb6175d0248c1e743b5fe4359474eb264d27f389d7a962e24477', -- northalpha 'f70f9ddeb307fff8fca31a76f4fbd0ac676dab8ad143625f0a4160d434d72876', -- Barbarossa '9841dde0b9f6485d5fcdc858fb15c1db1c3bc77fb81aef3f0d4b835f76a3d73b', -- kb-light '39ef16b1853e54249dae2d06948329a93e3e13f354aaab792552aacd1d0b45ba', -- phimeas }, }, testing = { name = 'testing', mirrors = {'http://firmware.srv.in.ffho.net/%SC/testing/sysupgrade', 'http://[2a03:2260:2342:f251::6]/%SC/testing/sysupgrade'}, good_signatures = 2, pubkeys = { 'ba2e6ff4de41ade9959702195d4c26c764e7aab85c627363681c29dbc4a8a2c5', -- oscar- 'fb9d6beba63dcb6175d0248c1e743b5fe4359474eb264d27f389d7a962e24477', -- northalpha 'f70f9ddeb307fff8fca31a76f4fbd0ac676dab8ad143625f0a4160d434d72876', -- Barbarossa '9841dde0b9f6485d5fcdc858fb15c1db1c3bc77fb81aef3f0d4b835f76a3d73b', -- kb-light '39ef16b1853e54249dae2d06948329a93e3e13f354aaab792552aacd1d0b45ba', -- phimeas }, }, experimental = { name = 'experimental', mirrors = {'http://firmware.srv.in.ffho.net/%SC/experimental/sysupgrade', 'http://[2a03:2260:2342:f251::6]/%SC/experimental/sysupgrade'}, good_signatures = 1, pubkeys = { 'ba2e6ff4de41ade9959702195d4c26c764e7aab85c627363681c29dbc4a8a2c5', -- oscar- 'fb9d6beba63dcb6175d0248c1e743b5fe4359474eb264d27f389d7a962e24477', -- northalpha 'f70f9ddeb307fff8fca31a76f4fbd0ac676dab8ad143625f0a4160d434d72876', -- Barbarossa '9841dde0b9f6485d5fcdc858fb15c1db1c3bc77fb81aef3f0d4b835f76a3d73b', -- kb-light '39ef16b1853e54249dae2d06948329a93e3e13f354aaab792552aacd1d0b45ba', -- phimeas }, }, }, }, config_mode = { -- Show/hide the altitude field geo_location = { show_altitude = false, }, -- define if the contact field is obligatory (optional) owner = { obligatory = false, }, }, -- configure DNS caching dns = { cacheentries = 1000, servers = { '2a03:2260:2342:f251::53' }, }, }